mlme.c 122.5 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
/*
 * BSS client mode implementation
 * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi>
 * Copyright 2004, Instant802 Networks, Inc.
 * Copyright 2005, Devicescape Software, Inc.
 * Copyright 2006-2007	Jiri Benc <jbenc@suse.cz>
 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 */

/* TODO:
 * order BSS list by RSSI(?) ("quality of AP")
 * scan result table filtering (by capability (privacy, IBSS/BSS, WPA/RSN IE,
 *    SSID)
 */
19
#include <linux/delay.h>
20 21 22 23 24 25 26
#include <linux/if_ether.h>
#include <linux/skbuff.h>
#include <linux/netdevice.h>
#include <linux/if_arp.h>
#include <linux/wireless.h>
#include <linux/random.h>
#include <linux/etherdevice.h>
27
#include <linux/rtnetlink.h>
28 29 30 31 32
#include <net/iw_handler.h>
#include <asm/types.h>

#include <net/mac80211.h>
#include "ieee80211_i.h"
J
Johannes Berg 已提交
33 34
#include "rate.h"
#include "led.h"
35
#include "mesh.h"
36

37
#define IEEE80211_ASSOC_SCANS_MAX_TRIES 2
38 39 40 41 42
#define IEEE80211_AUTH_TIMEOUT (HZ / 5)
#define IEEE80211_AUTH_MAX_TRIES 3
#define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
#define IEEE80211_ASSOC_MAX_TRIES 3
#define IEEE80211_MONITORING_INTERVAL (2 * HZ)
43
#define IEEE80211_MESH_HOUSEKEEPING_INTERVAL (60 * HZ)
44 45 46 47
#define IEEE80211_PROBE_INTERVAL (60 * HZ)
#define IEEE80211_RETRY_AUTH_INTERVAL (1 * HZ)
#define IEEE80211_SCAN_INTERVAL (2 * HZ)
#define IEEE80211_SCAN_INTERVAL_SLOW (15 * HZ)
48
#define IEEE80211_IBSS_JOIN_TIMEOUT (7 * HZ)
49 50 51 52 53 54 55

#define IEEE80211_PROBE_DELAY (HZ / 33)
#define IEEE80211_CHANNEL_TIME (HZ / 33)
#define IEEE80211_PASSIVE_CHANNEL_TIME (HZ / 5)
#define IEEE80211_SCAN_RESULT_EXPIRE (10 * HZ)
#define IEEE80211_IBSS_MERGE_INTERVAL (30 * HZ)
#define IEEE80211_IBSS_INACTIVITY_LIMIT (60 * HZ)
56
#define IEEE80211_MESH_PEER_INACTIVITY_LIMIT (1800 * HZ)
57 58 59 60 61 62

#define IEEE80211_IBSS_MAX_STA_ENTRIES 128


#define ERP_INFO_USE_PROTECTION BIT(1)

63
/* mgmt header + 1 byte category code */
64 65 66 67 68
#define IEEE80211_MIN_ACTION_SIZE (24 + 1)

#define IEEE80211_ADDBA_PARAM_POLICY_MASK 0x0002
#define IEEE80211_ADDBA_PARAM_TID_MASK 0x003C
#define IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK 0xFFA0
69 70
#define IEEE80211_DELBA_PARAM_TID_MASK 0xF000
#define IEEE80211_DELBA_PARAM_INITIATOR_MASK 0x0800
71

72 73 74 75 76
/* next values represent the buffer size for A-MPDU frame.
 * According to IEEE802.11n spec size varies from 8K to 64K (in powers of 2) */
#define IEEE80211_MIN_AMPDU_BUF 0x8
#define IEEE80211_MAX_AMPDU_BUF 0x40

77
static void ieee80211_send_probe_req(struct ieee80211_sub_if_data *sdata, u8 *dst,
78 79
				     u8 *ssid, size_t ssid_len);
static struct ieee80211_sta_bss *
80
ieee80211_rx_bss_get(struct ieee80211_local *local, u8 *bssid, int freq,
81
		     u8 *ssid, u8 ssid_len);
82
static void ieee80211_rx_bss_put(struct ieee80211_local *local,
83
				 struct ieee80211_sta_bss *bss);
84
static int ieee80211_sta_find_ibss(struct ieee80211_sub_if_data *sdata,
85
				   struct ieee80211_if_sta *ifsta);
86 87
static int ieee80211_sta_wep_configured(struct ieee80211_sub_if_data *sdata);
static int ieee80211_sta_start_scan(struct ieee80211_sub_if_data *sdata,
88
				    u8 *ssid, size_t ssid_len);
89
static int ieee80211_sta_config_auth(struct ieee80211_sub_if_data *sdata,
90
				     struct ieee80211_if_sta *ifsta);
91
static void sta_rx_agg_session_timer_expired(unsigned long data);
92 93


94 95
void ieee802_11_parse_elems(u8 *start, size_t len,
			    struct ieee802_11_elems *elems)
96 97 98 99 100
{
	size_t left = len;
	u8 *pos = start;

	memset(elems, 0, sizeof(*elems));
101 102
	elems->ie_start = start;
	elems->total_len = len;
103 104 105 106 107 108 109 110

	while (left >= 2) {
		u8 id, elen;

		id = *pos++;
		elen = *pos++;
		left -= 2;

111 112
		if (elen > left)
			return;
113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177

		switch (id) {
		case WLAN_EID_SSID:
			elems->ssid = pos;
			elems->ssid_len = elen;
			break;
		case WLAN_EID_SUPP_RATES:
			elems->supp_rates = pos;
			elems->supp_rates_len = elen;
			break;
		case WLAN_EID_FH_PARAMS:
			elems->fh_params = pos;
			elems->fh_params_len = elen;
			break;
		case WLAN_EID_DS_PARAMS:
			elems->ds_params = pos;
			elems->ds_params_len = elen;
			break;
		case WLAN_EID_CF_PARAMS:
			elems->cf_params = pos;
			elems->cf_params_len = elen;
			break;
		case WLAN_EID_TIM:
			elems->tim = pos;
			elems->tim_len = elen;
			break;
		case WLAN_EID_IBSS_PARAMS:
			elems->ibss_params = pos;
			elems->ibss_params_len = elen;
			break;
		case WLAN_EID_CHALLENGE:
			elems->challenge = pos;
			elems->challenge_len = elen;
			break;
		case WLAN_EID_WPA:
			if (elen >= 4 && pos[0] == 0x00 && pos[1] == 0x50 &&
			    pos[2] == 0xf2) {
				/* Microsoft OUI (00:50:F2) */
				if (pos[3] == 1) {
					/* OUI Type 1 - WPA IE */
					elems->wpa = pos;
					elems->wpa_len = elen;
				} else if (elen >= 5 && pos[3] == 2) {
					if (pos[4] == 0) {
						elems->wmm_info = pos;
						elems->wmm_info_len = elen;
					} else if (pos[4] == 1) {
						elems->wmm_param = pos;
						elems->wmm_param_len = elen;
					}
				}
			}
			break;
		case WLAN_EID_RSN:
			elems->rsn = pos;
			elems->rsn_len = elen;
			break;
		case WLAN_EID_ERP_INFO:
			elems->erp_info = pos;
			elems->erp_info_len = elen;
			break;
		case WLAN_EID_EXT_SUPP_RATES:
			elems->ext_supp_rates = pos;
			elems->ext_supp_rates_len = elen;
			break;
178 179 180 181 182 183 184 185
		case WLAN_EID_HT_CAPABILITY:
			elems->ht_cap_elem = pos;
			elems->ht_cap_elem_len = elen;
			break;
		case WLAN_EID_HT_EXTRA_INFO:
			elems->ht_info_elem = pos;
			elems->ht_info_elem_len = elen;
			break;
186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209
		case WLAN_EID_MESH_ID:
			elems->mesh_id = pos;
			elems->mesh_id_len = elen;
			break;
		case WLAN_EID_MESH_CONFIG:
			elems->mesh_config = pos;
			elems->mesh_config_len = elen;
			break;
		case WLAN_EID_PEER_LINK:
			elems->peer_link = pos;
			elems->peer_link_len = elen;
			break;
		case WLAN_EID_PREQ:
			elems->preq = pos;
			elems->preq_len = elen;
			break;
		case WLAN_EID_PREP:
			elems->prep = pos;
			elems->prep_len = elen;
			break;
		case WLAN_EID_PERR:
			elems->perr = pos;
			elems->perr_len = elen;
			break;
210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228
		case WLAN_EID_CHANNEL_SWITCH:
			elems->ch_switch_elem = pos;
			elems->ch_switch_elem_len = elen;
			break;
		case WLAN_EID_QUIET:
			if (!elems->quiet_elem) {
				elems->quiet_elem = pos;
				elems->quiet_elem_len = elen;
			}
			elems->num_of_quiet_elem++;
			break;
		case WLAN_EID_COUNTRY:
			elems->country_elem = pos;
			elems->country_elem_len = elen;
			break;
		case WLAN_EID_PWR_CONSTRAINT:
			elems->pwr_constr_elem = pos;
			elems->pwr_constr_elem_len = elen;
			break;
229 230 231 232 233 234 235 236 237 238
		default:
			break;
		}

		left -= elen;
		pos += elen;
	}
}


239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259
static u8 * ieee80211_bss_get_ie(struct ieee80211_sta_bss *bss, u8 ie)
{
	u8 *end, *pos;

	pos = bss->ies;
	if (pos == NULL)
		return NULL;
	end = pos + bss->ies_len;

	while (pos + 1 < end) {
		if (pos + 2 + pos[1] > end)
			break;
		if (pos[0] == ie)
			return pos;
		pos += 2 + pos[1];
	}

	return NULL;
}


260 261
static int ecw2cw(int ecw)
{
262
	return (1 << ecw) - 1;
263 264
}

265

266
static void ieee80211_sta_def_wmm_params(struct ieee80211_sub_if_data *sdata,
267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301
					 struct ieee80211_sta_bss *bss,
					 int ibss)
{
	struct ieee80211_local *local = sdata->local;
	int i, have_higher_than_11mbit = 0;


	/* cf. IEEE 802.11 9.2.12 */
	for (i = 0; i < bss->supp_rates_len; i++)
		if ((bss->supp_rates[i] & 0x7f) * 5 > 110)
			have_higher_than_11mbit = 1;

	if (local->hw.conf.channel->band == IEEE80211_BAND_2GHZ &&
	    have_higher_than_11mbit)
		sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE;
	else
		sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE;


	if (local->ops->conf_tx) {
		struct ieee80211_tx_queue_params qparam;

		memset(&qparam, 0, sizeof(qparam));

		qparam.aifs = 2;

		if (local->hw.conf.channel->band == IEEE80211_BAND_2GHZ &&
		    !(sdata->flags & IEEE80211_SDATA_OPERATING_GMODE))
			qparam.cw_min = 31;
		else
			qparam.cw_min = 15;

		qparam.cw_max = 1023;
		qparam.txop = 0;

J
Johannes Berg 已提交
302 303
		for (i = 0; i < local_to_hw(local)->queues; i++)
			local->ops->conf_tx(local_to_hw(local), i, &qparam);
304 305 306
	}
}

307
static void ieee80211_sta_wmm_params(struct ieee80211_local *local,
308 309 310 311 312 313 314 315
				     struct ieee80211_if_sta *ifsta,
				     u8 *wmm_param, size_t wmm_param_len)
{
	struct ieee80211_tx_queue_params params;
	size_t left;
	int count;
	u8 *pos;

316 317 318 319 320 321
	if (!(ifsta->flags & IEEE80211_STA_WMM_ENABLED))
		return;

	if (!wmm_param)
		return;

322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344
	if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1)
		return;
	count = wmm_param[6] & 0x0f;
	if (count == ifsta->wmm_last_param_set)
		return;
	ifsta->wmm_last_param_set = count;

	pos = wmm_param + 8;
	left = wmm_param_len - 8;

	memset(&params, 0, sizeof(params));

	if (!local->ops->conf_tx)
		return;

	local->wmm_acm = 0;
	for (; left >= 4; left -= 4, pos += 4) {
		int aci = (pos[0] >> 5) & 0x03;
		int acm = (pos[0] >> 4) & 0x01;
		int queue;

		switch (aci) {
		case 1:
J
Johannes Berg 已提交
345
			queue = 3;
J
Johannes Berg 已提交
346
			if (acm)
347 348 349
				local->wmm_acm |= BIT(0) | BIT(3);
			break;
		case 2:
J
Johannes Berg 已提交
350
			queue = 1;
J
Johannes Berg 已提交
351
			if (acm)
352 353 354
				local->wmm_acm |= BIT(4) | BIT(5);
			break;
		case 3:
J
Johannes Berg 已提交
355
			queue = 0;
J
Johannes Berg 已提交
356
			if (acm)
357 358 359 360
				local->wmm_acm |= BIT(6) | BIT(7);
			break;
		case 0:
		default:
J
Johannes Berg 已提交
361
			queue = 2;
J
Johannes Berg 已提交
362
			if (acm)
363 364 365 366 367 368 369
				local->wmm_acm |= BIT(1) | BIT(2);
			break;
		}

		params.aifs = pos[0] & 0x0f;
		params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4);
		params.cw_min = ecw2cw(pos[1] & 0x0f);
370
		params.txop = get_unaligned_le16(pos + 2);
371
#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
372
		printk(KERN_DEBUG "%s: WMM queue=%d aci=%d acm=%d aifs=%d "
373
		       "cWmin=%d cWmax=%d txop=%d\n",
374
		       local->mdev->name, queue, aci, acm, params.aifs, params.cw_min,
375 376
		       params.cw_max, params.txop);
#endif
377 378 379 380
		/* TODO: handle ACM (block TX, fallback to next lowest allowed
		 * AC for now) */
		if (local->ops->conf_tx(local_to_hw(local), queue, &params)) {
			printk(KERN_DEBUG "%s: failed to set TX queue "
381
			       "parameters for queue %d\n", local->mdev->name, queue);
382 383 384 385
		}
	}
}

386 387 388
static u32 ieee80211_handle_protect_preamb(struct ieee80211_sub_if_data *sdata,
					   bool use_protection,
					   bool use_short_preamble)
389
{
390
	struct ieee80211_bss_conf *bss_conf = &sdata->bss_conf;
391
#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
392
	struct ieee80211_if_sta *ifsta = &sdata->u.sta;
393
	DECLARE_MAC_BUF(mac);
394
#endif
395
	u32 changed = 0;
396

397
	if (use_protection != bss_conf->use_cts_prot) {
398
#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
399 400
		if (net_ratelimit()) {
			printk(KERN_DEBUG "%s: CTS protection %s (BSSID="
401
			       "%s)\n",
402
			       sdata->dev->name,
403
			       use_protection ? "enabled" : "disabled",
404
			       print_mac(mac, ifsta->bssid));
405
		}
406
#endif
407 408
		bss_conf->use_cts_prot = use_protection;
		changed |= BSS_CHANGED_ERP_CTS_PROT;
409
	}
410

411
	if (use_short_preamble != bss_conf->use_short_preamble) {
412
#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
413 414
		if (net_ratelimit()) {
			printk(KERN_DEBUG "%s: switched to %s barker preamble"
415
			       " (BSSID=%s)\n",
416
			       sdata->dev->name,
417
			       use_short_preamble ? "short" : "long",
418
			       print_mac(mac, ifsta->bssid));
419
		}
420
#endif
421
		bss_conf->use_short_preamble = use_short_preamble;
422
		changed |= BSS_CHANGED_ERP_PREAMBLE;
423
	}
424

425
	return changed;
426 427
}

428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453
static u32 ieee80211_handle_erp_ie(struct ieee80211_sub_if_data *sdata,
				   u8 erp_value)
{
	bool use_protection = (erp_value & WLAN_ERP_USE_PROTECTION) != 0;
	bool use_short_preamble = (erp_value & WLAN_ERP_BARKER_PREAMBLE) == 0;

	return ieee80211_handle_protect_preamb(sdata,
			use_protection, use_short_preamble);
}

static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata,
					   struct ieee80211_sta_bss *bss)
{
	u32 changed = 0;

	if (bss->has_erp_value)
		changed |= ieee80211_handle_erp_ie(sdata, bss->erp_value);
	else {
		u16 capab = bss->capability;
		changed |= ieee80211_handle_protect_preamb(sdata, false,
				(capab & WLAN_CAPABILITY_SHORT_PREAMBLE) != 0);
	}

	return changed;
}

454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498
int ieee80211_ht_cap_ie_to_ht_info(struct ieee80211_ht_cap *ht_cap_ie,
				   struct ieee80211_ht_info *ht_info)
{

	if (ht_info == NULL)
		return -EINVAL;

	memset(ht_info, 0, sizeof(*ht_info));

	if (ht_cap_ie) {
		u8 ampdu_info = ht_cap_ie->ampdu_params_info;

		ht_info->ht_supported = 1;
		ht_info->cap = le16_to_cpu(ht_cap_ie->cap_info);
		ht_info->ampdu_factor =
			ampdu_info & IEEE80211_HT_CAP_AMPDU_FACTOR;
		ht_info->ampdu_density =
			(ampdu_info & IEEE80211_HT_CAP_AMPDU_DENSITY) >> 2;
		memcpy(ht_info->supp_mcs_set, ht_cap_ie->supp_mcs_set, 16);
	} else
		ht_info->ht_supported = 0;

	return 0;
}

int ieee80211_ht_addt_info_ie_to_ht_bss_info(
			struct ieee80211_ht_addt_info *ht_add_info_ie,
			struct ieee80211_ht_bss_info *bss_info)
{
	if (bss_info == NULL)
		return -EINVAL;

	memset(bss_info, 0, sizeof(*bss_info));

	if (ht_add_info_ie) {
		u16 op_mode;
		op_mode = le16_to_cpu(ht_add_info_ie->operation_mode);

		bss_info->primary_channel = ht_add_info_ie->control_chan;
		bss_info->bss_cap = ht_add_info_ie->ht_param;
		bss_info->bss_op_mode = (u8)(op_mode & 0xff);
	}

	return 0;
}
499

500
static void ieee80211_sta_send_associnfo(struct ieee80211_sub_if_data *sdata,
501 502 503 504 505
					 struct ieee80211_if_sta *ifsta)
{
	union iwreq_data wrqu;

	if (ifsta->assocreq_ies) {
506 507
		memset(&wrqu, 0, sizeof(wrqu));
		wrqu.data.length = ifsta->assocreq_ies_len;
508
		wireless_send_event(sdata->dev, IWEVASSOCREQIE, &wrqu,
509
				    ifsta->assocreq_ies);
510
	}
511 512 513
	if (ifsta->assocresp_ies) {
		memset(&wrqu, 0, sizeof(wrqu));
		wrqu.data.length = ifsta->assocresp_ies_len;
514
		wireless_send_event(sdata->dev, IWEVASSOCRESPIE, &wrqu,
515
				    ifsta->assocresp_ies);
516 517 518 519
	}
}


520
static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
521
				     struct ieee80211_if_sta *ifsta,
522
				     bool assoc)
523
{
524
	struct ieee80211_local *local = sdata->local;
T
Tomas Winkler 已提交
525
	struct ieee80211_conf *conf = &local_to_hw(local)->conf;
526
	union iwreq_data wrqu;
527
	u32 changed = BSS_CHANGED_ASSOC;
528 529

	if (assoc) {
530
		struct ieee80211_sta_bss *bss;
531 532 533

		ifsta->flags |= IEEE80211_STA_ASSOCIATED;

534
		if (sdata->vif.type != IEEE80211_IF_TYPE_STA)
535
			return;
536

537
		bss = ieee80211_rx_bss_get(local, ifsta->bssid,
T
Tomas Winkler 已提交
538
					   conf->channel->center_freq,
539
					   ifsta->ssid, ifsta->ssid_len);
540
		if (bss) {
541 542 543
			/* set timing information */
			sdata->bss_conf.beacon_int = bss->beacon_int;
			sdata->bss_conf.timestamp = bss->timestamp;
544
			sdata->bss_conf.dtim_period = bss->dtim_period;
545

546
			changed |= ieee80211_handle_bss_capability(sdata, bss);
547

548
			ieee80211_rx_bss_put(local, bss);
549 550
		}

T
Tomas Winkler 已提交
551 552 553 554 555 556 557
		if (conf->flags & IEEE80211_CONF_SUPPORT_HT_MODE) {
			changed |= BSS_CHANGED_HT;
			sdata->bss_conf.assoc_ht = 1;
			sdata->bss_conf.ht_conf = &conf->ht_conf;
			sdata->bss_conf.ht_bss_conf = &conf->ht_bss_conf;
		}

558
		ifsta->flags |= IEEE80211_STA_PREV_BSSID_SET;
559 560
		memcpy(ifsta->prev_bssid, sdata->u.sta.bssid, ETH_ALEN);
		memcpy(wrqu.ap_addr.sa_data, sdata->u.sta.bssid, ETH_ALEN);
561
		ieee80211_sta_send_associnfo(sdata, ifsta);
562
	} else {
563 564
		netif_carrier_off(sdata->dev);
		ieee80211_sta_tear_down_BA_sessions(sdata, ifsta->bssid);
565
		ifsta->flags &= ~IEEE80211_STA_ASSOCIATED;
566
		changed |= ieee80211_reset_erp_info(sdata);
T
Tomas Winkler 已提交
567 568 569 570 571

		sdata->bss_conf.assoc_ht = 0;
		sdata->bss_conf.ht_conf = NULL;
		sdata->bss_conf.ht_bss_conf = NULL;

572 573 574
		memset(wrqu.ap_addr.sa_data, 0, ETH_ALEN);
	}
	ifsta->last_probe = jiffies;
575
	ieee80211_led_assoc(local, assoc);
576

577
	sdata->bss_conf.assoc = assoc;
578
	ieee80211_bss_info_change_notify(sdata, changed);
579 580

	if (assoc)
581
		netif_carrier_on(sdata->dev);
582

583
	wrqu.ap_addr.sa_family = ARPHRD_ETHER;
584
	wireless_send_event(sdata->dev, SIOCGIWAP, &wrqu, NULL);
585 586
}

587
static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
588 589
				   struct ieee80211_if_sta *ifsta, int deauth)
{
590 591
	if (deauth) {
		ifsta->direct_probe_tries = 0;
592
		ifsta->auth_tries = 0;
593
	}
594
	ifsta->assoc_scan_tries = 0;
595
	ifsta->assoc_tries = 0;
596
	ieee80211_set_associated(sdata, ifsta, 0);
597 598
}

599
void ieee80211_sta_tx(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb,
600
		      int encrypt)
601 602 603 604 605 606
{
	skb->dev = sdata->local->mdev;
	skb_set_mac_header(skb, 0);
	skb_set_network_header(skb, 0);
	skb_set_transport_header(skb, 0);

607 608
	skb->iif = sdata->dev->ifindex;
	skb->do_not_encrypt = !encrypt;
609 610 611 612 613

	dev_queue_xmit(skb);
}


614
static void ieee80211_send_auth(struct ieee80211_sub_if_data *sdata,
615 616 617 618
				struct ieee80211_if_sta *ifsta,
				int transaction, u8 *extra, size_t extra_len,
				int encrypt)
{
619
	struct ieee80211_local *local = sdata->local;
620 621 622 623 624 625 626
	struct sk_buff *skb;
	struct ieee80211_mgmt *mgmt;

	skb = dev_alloc_skb(local->hw.extra_tx_headroom +
			    sizeof(*mgmt) + 6 + extra_len);
	if (!skb) {
		printk(KERN_DEBUG "%s: failed to allocate buffer for auth "
627
		       "frame\n", sdata->dev->name);
628 629 630 631 632 633
		return;
	}
	skb_reserve(skb, local->hw.extra_tx_headroom);

	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24 + 6);
	memset(mgmt, 0, 24 + 6);
634 635
	mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
					  IEEE80211_STYPE_AUTH);
636 637 638
	if (encrypt)
		mgmt->frame_control |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
	memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
639
	memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
640 641 642 643 644 645 646 647
	memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
	mgmt->u.auth.auth_alg = cpu_to_le16(ifsta->auth_alg);
	mgmt->u.auth.auth_transaction = cpu_to_le16(transaction);
	ifsta->auth_transaction = transaction + 1;
	mgmt->u.auth.status_code = cpu_to_le16(0);
	if (extra)
		memcpy(skb_put(skb, extra_len), extra, extra_len);

648
	ieee80211_sta_tx(sdata, skb, encrypt);
649 650
}

651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680
static void ieee80211_direct_probe(struct ieee80211_sub_if_data *sdata,
				   struct ieee80211_if_sta *ifsta)
{
	DECLARE_MAC_BUF(mac);

	ifsta->direct_probe_tries++;
	if (ifsta->direct_probe_tries > IEEE80211_AUTH_MAX_TRIES) {
		printk(KERN_DEBUG "%s: direct probe to AP %s timed out\n",
		       sdata->dev->name, print_mac(mac, ifsta->bssid));
		ifsta->state = IEEE80211_STA_MLME_DISABLED;
		return;
	}

	printk(KERN_DEBUG "%s: direct probe to AP %s try %d\n",
			sdata->dev->name, print_mac(mac, ifsta->bssid),
			ifsta->direct_probe_tries);

	ifsta->state = IEEE80211_STA_MLME_DIRECT_PROBE;

	set_bit(IEEE80211_STA_REQ_DIRECT_PROBE, &ifsta->request);

	/* Direct probe is sent to broadcast address as some APs
	 * will not answer to direct packet in unassociated state.
	 */
	ieee80211_send_probe_req(sdata, NULL,
				 ifsta->ssid, ifsta->ssid_len);

	mod_timer(&ifsta->timer, jiffies + IEEE80211_AUTH_TIMEOUT);
}

681

682
static void ieee80211_authenticate(struct ieee80211_sub_if_data *sdata,
683 684
				   struct ieee80211_if_sta *ifsta)
{
685 686
	DECLARE_MAC_BUF(mac);

687 688
	ifsta->auth_tries++;
	if (ifsta->auth_tries > IEEE80211_AUTH_MAX_TRIES) {
689
		printk(KERN_DEBUG "%s: authentication with AP %s"
690
		       " timed out\n",
691
		       sdata->dev->name, print_mac(mac, ifsta->bssid));
692
		ifsta->state = IEEE80211_STA_MLME_DISABLED;
693 694 695
		return;
	}

696
	ifsta->state = IEEE80211_STA_MLME_AUTHENTICATE;
697
	printk(KERN_DEBUG "%s: authenticate with AP %s\n",
698
	       sdata->dev->name, print_mac(mac, ifsta->bssid));
699

700
	ieee80211_send_auth(sdata, ifsta, 1, NULL, 0, 0);
701 702 703 704

	mod_timer(&ifsta->timer, jiffies + IEEE80211_AUTH_TIMEOUT);
}

705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724
static int ieee80211_compatible_rates(struct ieee80211_sta_bss *bss,
				      struct ieee80211_supported_band *sband,
				      u64 *rates)
{
	int i, j, count;
	*rates = 0;
	count = 0;
	for (i = 0; i < bss->supp_rates_len; i++) {
		int rate = (bss->supp_rates[i] & 0x7F) * 5;

		for (j = 0; j < sband->n_bitrates; j++)
			if (sband->bitrates[j].bitrate == rate) {
				*rates |= BIT(j);
				count++;
				break;
			}
	}

	return count;
}
725

726
static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata,
727 728
				 struct ieee80211_if_sta *ifsta)
{
729
	struct ieee80211_local *local = sdata->local;
730 731
	struct sk_buff *skb;
	struct ieee80211_mgmt *mgmt;
732
	u8 *pos, *ies, *ht_add_ie;
733
	int i, len, count, rates_len, supp_rates_len;
734 735 736
	u16 capab;
	struct ieee80211_sta_bss *bss;
	int wmm = 0;
737
	struct ieee80211_supported_band *sband;
738
	u64 rates = 0;
739 740 741 742 743 744

	skb = dev_alloc_skb(local->hw.extra_tx_headroom +
			    sizeof(*mgmt) + 200 + ifsta->extra_ie_len +
			    ifsta->ssid_len);
	if (!skb) {
		printk(KERN_DEBUG "%s: failed to allocate buffer for assoc "
745
		       "frame\n", sdata->dev->name);
746 747 748 749
		return;
	}
	skb_reserve(skb, local->hw.extra_tx_headroom);

750 751
	sband = local->hw.wiphy->bands[local->hw.conf.channel->band];

752
	capab = ifsta->capab;
753 754 755 756 757 758

	if (local->hw.conf.channel->band == IEEE80211_BAND_2GHZ) {
		if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE))
			capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
		if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE))
			capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
759
	}
760

761
	bss = ieee80211_rx_bss_get(local, ifsta->bssid,
762
				   local->hw.conf.channel->center_freq,
763
				   ifsta->ssid, ifsta->ssid_len);
764 765 766
	if (bss) {
		if (bss->capability & WLAN_CAPABILITY_PRIVACY)
			capab |= WLAN_CAPABILITY_PRIVACY;
767
		if (bss->wmm_used)
768
			wmm = 1;
769 770 771 772 773 774 775

		/* get all rates supported by the device and the AP as
		 * some APs don't like getting a superset of their rates
		 * in the association request (e.g. D-Link DAP 1353 in
		 * b-only mode) */
		rates_len = ieee80211_compatible_rates(bss, sband, &rates);

776 777 778 779
		if ((bss->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) &&
		    (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT))
			capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;

780
		ieee80211_rx_bss_put(local, bss);
781 782 783
	} else {
		rates = ~0;
		rates_len = sband->n_bitrates;
784 785 786 787 788
	}

	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
	memset(mgmt, 0, 24);
	memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
789
	memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
790 791
	memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);

792
	if (ifsta->flags & IEEE80211_STA_PREV_BSSID_SET) {
793
		skb_put(skb, 10);
794 795
		mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
						  IEEE80211_STYPE_REASSOC_REQ);
796
		mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab);
797 798
		mgmt->u.reassoc_req.listen_interval =
				cpu_to_le16(local->hw.conf.listen_interval);
799 800 801 802
		memcpy(mgmt->u.reassoc_req.current_ap, ifsta->prev_bssid,
		       ETH_ALEN);
	} else {
		skb_put(skb, 4);
803 804
		mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
						  IEEE80211_STYPE_ASSOC_REQ);
805
		mgmt->u.assoc_req.capab_info = cpu_to_le16(capab);
806 807
		mgmt->u.reassoc_req.listen_interval =
				cpu_to_le16(local->hw.conf.listen_interval);
808 809 810 811 812 813 814 815
	}

	/* SSID */
	ies = pos = skb_put(skb, 2 + ifsta->ssid_len);
	*pos++ = WLAN_EID_SSID;
	*pos++ = ifsta->ssid_len;
	memcpy(pos, ifsta->ssid, ifsta->ssid_len);

816
	/* add all rates which were marked to be used above */
817 818 819 820
	supp_rates_len = rates_len;
	if (supp_rates_len > 8)
		supp_rates_len = 8;

821
	len = sband->n_bitrates;
822
	pos = skb_put(skb, supp_rates_len + 2);
823
	*pos++ = WLAN_EID_SUPP_RATES;
824
	*pos++ = supp_rates_len;
825

826 827 828
	count = 0;
	for (i = 0; i < sband->n_bitrates; i++) {
		if (BIT(i) & rates) {
829
			int rate = sband->bitrates[i].bitrate;
830
			*pos++ = (u8) (rate / 5);
831 832 833 834 835
			if (++count == 8)
				break;
		}
	}

836
	if (rates_len > count) {
837 838 839 840 841 842 843 844 845
		pos = skb_put(skb, rates_len - count + 2);
		*pos++ = WLAN_EID_EXT_SUPP_RATES;
		*pos++ = rates_len - count;

		for (i++; i < sband->n_bitrates; i++) {
			if (BIT(i) & rates) {
				int rate = sband->bitrates[i].bitrate;
				*pos++ = (u8) (rate / 5);
			}
846 847 848
		}
	}

849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868
	if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) {
		/* 1. power capabilities */
		pos = skb_put(skb, 4);
		*pos++ = WLAN_EID_PWR_CAPABILITY;
		*pos++ = 2;
		*pos++ = 0; /* min tx power */
		*pos++ = local->hw.conf.channel->max_power; /* max tx power */

		/* 2. supported channels */
		/* TODO: get this in reg domain format */
		pos = skb_put(skb, 2 * sband->n_channels + 2);
		*pos++ = WLAN_EID_SUPPORTED_CHANNELS;
		*pos++ = 2 * sband->n_channels;
		for (i = 0; i < sband->n_channels; i++) {
			*pos++ = ieee80211_frequency_to_channel(
					sband->channels[i].center_freq);
			*pos++ = 1; /* one channel in the subband*/
		}
	}

869 870 871 872 873
	if (ifsta->extra_ie) {
		pos = skb_put(skb, ifsta->extra_ie_len);
		memcpy(pos, ifsta->extra_ie, ifsta->extra_ie_len);
	}

874
	if (wmm && (ifsta->flags & IEEE80211_STA_WMM_ENABLED)) {
875 876 877 878 879 880 881 882 883 884 885
		pos = skb_put(skb, 9);
		*pos++ = WLAN_EID_VENDOR_SPECIFIC;
		*pos++ = 7; /* len */
		*pos++ = 0x00; /* Microsoft OUI 00:50:F2 */
		*pos++ = 0x50;
		*pos++ = 0xf2;
		*pos++ = 2; /* WME */
		*pos++ = 0; /* WME info */
		*pos++ = 1; /* WME ver */
		*pos++ = 0;
	}
886

887
	/* wmm support is a must to HT */
888
	if (wmm && (ifsta->flags & IEEE80211_STA_WMM_ENABLED) &&
889 890
	    sband->ht_info.ht_supported &&
	    (ht_add_ie = ieee80211_bss_get_ie(bss, WLAN_EID_HT_EXTRA_INFO))) {
891
		struct ieee80211_ht_addt_info *ht_add_info =
892
			(struct ieee80211_ht_addt_info *)ht_add_ie;
893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912
		u16 cap = sband->ht_info.cap;
		__le16 tmp;
		u32 flags = local->hw.conf.channel->flags;

		switch (ht_add_info->ht_param & IEEE80211_HT_IE_CHA_SEC_OFFSET) {
		case IEEE80211_HT_IE_CHA_SEC_ABOVE:
			if (flags & IEEE80211_CHAN_NO_FAT_ABOVE) {
				cap &= ~IEEE80211_HT_CAP_SUP_WIDTH;
				cap &= ~IEEE80211_HT_CAP_SGI_40;
			}
			break;
		case IEEE80211_HT_IE_CHA_SEC_BELOW:
			if (flags & IEEE80211_CHAN_NO_FAT_BELOW) {
				cap &= ~IEEE80211_HT_CAP_SUP_WIDTH;
				cap &= ~IEEE80211_HT_CAP_SGI_40;
			}
			break;
		}

		tmp = cpu_to_le16(cap);
913 914 915 916 917 918
		pos = skb_put(skb, sizeof(struct ieee80211_ht_cap)+2);
		*pos++ = WLAN_EID_HT_CAPABILITY;
		*pos++ = sizeof(struct ieee80211_ht_cap);
		memset(pos, 0, sizeof(struct ieee80211_ht_cap));
		memcpy(pos, &tmp, sizeof(u16));
		pos += sizeof(u16);
919 920 921 922
		/* TODO: needs a define here for << 2 */
		*pos++ = sband->ht_info.ampdu_factor |
			 (sband->ht_info.ampdu_density << 2);
		memcpy(pos, sband->ht_info.supp_mcs_set, 16);
923
	}
924 925 926

	kfree(ifsta->assocreq_ies);
	ifsta->assocreq_ies_len = (skb->data + skb->len) - ies;
927
	ifsta->assocreq_ies = kmalloc(ifsta->assocreq_ies_len, GFP_KERNEL);
928 929 930
	if (ifsta->assocreq_ies)
		memcpy(ifsta->assocreq_ies, ies, ifsta->assocreq_ies_len);

931
	ieee80211_sta_tx(sdata, skb, 0);
932 933 934
}


935
static void ieee80211_send_deauth(struct ieee80211_sub_if_data *sdata,
936 937
				  struct ieee80211_if_sta *ifsta, u16 reason)
{
938
	struct ieee80211_local *local = sdata->local;
939 940 941 942 943 944
	struct sk_buff *skb;
	struct ieee80211_mgmt *mgmt;

	skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt));
	if (!skb) {
		printk(KERN_DEBUG "%s: failed to allocate buffer for deauth "
945
		       "frame\n", sdata->dev->name);
946 947 948 949 950 951 952
		return;
	}
	skb_reserve(skb, local->hw.extra_tx_headroom);

	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
	memset(mgmt, 0, 24);
	memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
953
	memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
954
	memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
955 956
	mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
					  IEEE80211_STYPE_DEAUTH);
957 958 959
	skb_put(skb, 2);
	mgmt->u.deauth.reason_code = cpu_to_le16(reason);

960
	ieee80211_sta_tx(sdata, skb, 0);
961 962 963
}


964
static void ieee80211_send_disassoc(struct ieee80211_sub_if_data *sdata,
965 966
				    struct ieee80211_if_sta *ifsta, u16 reason)
{
967
	struct ieee80211_local *local = sdata->local;
968 969 970 971 972 973
	struct sk_buff *skb;
	struct ieee80211_mgmt *mgmt;

	skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt));
	if (!skb) {
		printk(KERN_DEBUG "%s: failed to allocate buffer for disassoc "
974
		       "frame\n", sdata->dev->name);
975 976 977 978 979 980 981
		return;
	}
	skb_reserve(skb, local->hw.extra_tx_headroom);

	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
	memset(mgmt, 0, 24);
	memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
982
	memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
983
	memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
984 985
	mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
					  IEEE80211_STYPE_DISASSOC);
986 987 988
	skb_put(skb, 2);
	mgmt->u.disassoc.reason_code = cpu_to_le16(reason);

989
	ieee80211_sta_tx(sdata, skb, 0);
990 991 992
}


993
static int ieee80211_privacy_mismatch(struct ieee80211_sub_if_data *sdata,
994 995
				      struct ieee80211_if_sta *ifsta)
{
996
	struct ieee80211_local *local = sdata->local;
997
	struct ieee80211_sta_bss *bss;
998 999 1000
	int bss_privacy;
	int wep_privacy;
	int privacy_invoked;
1001

1002
	if (!ifsta || (ifsta->flags & IEEE80211_STA_MIXED_CELL))
1003 1004
		return 0;

1005
	bss = ieee80211_rx_bss_get(local, ifsta->bssid,
1006
				   local->hw.conf.channel->center_freq,
1007
				   ifsta->ssid, ifsta->ssid_len);
1008 1009 1010
	if (!bss)
		return 0;

1011
	bss_privacy = !!(bss->capability & WLAN_CAPABILITY_PRIVACY);
1012
	wep_privacy = !!ieee80211_sta_wep_configured(sdata);
1013
	privacy_invoked = !!(ifsta->flags & IEEE80211_STA_PRIVACY_INVOKED);
1014

1015
	ieee80211_rx_bss_put(local, bss);
1016

1017 1018 1019 1020
	if ((bss_privacy == wep_privacy) || (bss_privacy == privacy_invoked))
		return 0;

	return 1;
1021 1022 1023
}


1024
static void ieee80211_associate(struct ieee80211_sub_if_data *sdata,
1025 1026
				struct ieee80211_if_sta *ifsta)
{
1027 1028
	DECLARE_MAC_BUF(mac);

1029 1030
	ifsta->assoc_tries++;
	if (ifsta->assoc_tries > IEEE80211_ASSOC_MAX_TRIES) {
1031
		printk(KERN_DEBUG "%s: association with AP %s"
1032
		       " timed out\n",
1033
		       sdata->dev->name, print_mac(mac, ifsta->bssid));
1034
		ifsta->state = IEEE80211_STA_MLME_DISABLED;
1035 1036 1037
		return;
	}

1038
	ifsta->state = IEEE80211_STA_MLME_ASSOCIATE;
1039
	printk(KERN_DEBUG "%s: associate with AP %s\n",
1040 1041
	       sdata->dev->name, print_mac(mac, ifsta->bssid));
	if (ieee80211_privacy_mismatch(sdata, ifsta)) {
1042
		printk(KERN_DEBUG "%s: mismatch in privacy configuration and "
1043
		       "mixed-cell disabled - abort association\n", sdata->dev->name);
1044
		ifsta->state = IEEE80211_STA_MLME_DISABLED;
1045 1046 1047
		return;
	}

1048
	ieee80211_send_assoc(sdata, ifsta);
1049 1050 1051 1052 1053

	mod_timer(&ifsta->timer, jiffies + IEEE80211_ASSOC_TIMEOUT);
}


1054
static void ieee80211_associated(struct ieee80211_sub_if_data *sdata,
1055 1056
				 struct ieee80211_if_sta *ifsta)
{
1057
	struct ieee80211_local *local = sdata->local;
1058 1059
	struct sta_info *sta;
	int disassoc;
1060
	DECLARE_MAC_BUF(mac);
1061 1062 1063 1064 1065 1066

	/* TODO: start monitoring current AP signal quality and number of
	 * missed beacons. Scan other channels every now and then and search
	 * for better APs. */
	/* TODO: remove expired BSSes */

1067
	ifsta->state = IEEE80211_STA_MLME_ASSOCIATED;
1068

1069 1070
	rcu_read_lock();

1071 1072
	sta = sta_info_get(local, ifsta->bssid);
	if (!sta) {
1073
		printk(KERN_DEBUG "%s: No STA entry for own AP %s\n",
1074
		       sdata->dev->name, print_mac(mac, ifsta->bssid));
1075 1076 1077 1078 1079
		disassoc = 1;
	} else {
		disassoc = 0;
		if (time_after(jiffies,
			       sta->last_rx + IEEE80211_MONITORING_INTERVAL)) {
1080
			if (ifsta->flags & IEEE80211_STA_PROBEREQ_POLL) {
1081
				printk(KERN_DEBUG "%s: No ProbeResp from "
1082
				       "current AP %s - assume out of "
1083
				       "range\n",
1084
				       sdata->dev->name, print_mac(mac, ifsta->bssid));
1085
				disassoc = 1;
1086
				sta_info_unlink(&sta);
1087
			} else
1088
				ieee80211_send_probe_req(sdata, ifsta->bssid,
1089 1090
							 local->scan_ssid,
							 local->scan_ssid_len);
1091
			ifsta->flags ^= IEEE80211_STA_PROBEREQ_POLL;
1092
		} else {
1093
			ifsta->flags &= ~IEEE80211_STA_PROBEREQ_POLL;
1094 1095 1096
			if (time_after(jiffies, ifsta->last_probe +
				       IEEE80211_PROBE_INTERVAL)) {
				ifsta->last_probe = jiffies;
1097
				ieee80211_send_probe_req(sdata, ifsta->bssid,
1098 1099 1100 1101 1102
							 ifsta->ssid,
							 ifsta->ssid_len);
			}
		}
	}
1103 1104 1105

	rcu_read_unlock();

1106
	if (disassoc && sta)
1107 1108
		sta_info_destroy(sta);

1109
	if (disassoc) {
1110
		ifsta->state = IEEE80211_STA_MLME_DISABLED;
1111
		ieee80211_set_associated(sdata, ifsta, 0);
1112 1113 1114 1115 1116 1117 1118
	} else {
		mod_timer(&ifsta->timer, jiffies +
				      IEEE80211_MONITORING_INTERVAL);
	}
}


1119
static void ieee80211_send_probe_req(struct ieee80211_sub_if_data *sdata, u8 *dst,
1120 1121
				     u8 *ssid, size_t ssid_len)
{
1122
	struct ieee80211_local *local = sdata->local;
1123
	struct ieee80211_supported_band *sband;
1124 1125 1126 1127 1128 1129 1130 1131
	struct sk_buff *skb;
	struct ieee80211_mgmt *mgmt;
	u8 *pos, *supp_rates, *esupp_rates = NULL;
	int i;

	skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt) + 200);
	if (!skb) {
		printk(KERN_DEBUG "%s: failed to allocate buffer for probe "
1132
		       "request\n", sdata->dev->name);
1133 1134 1135 1136 1137 1138
		return;
	}
	skb_reserve(skb, local->hw.extra_tx_headroom);

	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
	memset(mgmt, 0, 24);
1139 1140
	mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
					  IEEE80211_STYPE_PROBE_REQ);
1141
	memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156
	if (dst) {
		memcpy(mgmt->da, dst, ETH_ALEN);
		memcpy(mgmt->bssid, dst, ETH_ALEN);
	} else {
		memset(mgmt->da, 0xff, ETH_ALEN);
		memset(mgmt->bssid, 0xff, ETH_ALEN);
	}
	pos = skb_put(skb, 2 + ssid_len);
	*pos++ = WLAN_EID_SSID;
	*pos++ = ssid_len;
	memcpy(pos, ssid, ssid_len);

	supp_rates = skb_put(skb, 2);
	supp_rates[0] = WLAN_EID_SUPP_RATES;
	supp_rates[1] = 0;
1157 1158 1159 1160
	sband = local->hw.wiphy->bands[local->hw.conf.channel->band];

	for (i = 0; i < sband->n_bitrates; i++) {
		struct ieee80211_rate *rate = &sband->bitrates[i];
1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172
		if (esupp_rates) {
			pos = skb_put(skb, 1);
			esupp_rates[1]++;
		} else if (supp_rates[1] == 8) {
			esupp_rates = skb_put(skb, 3);
			esupp_rates[0] = WLAN_EID_EXT_SUPP_RATES;
			esupp_rates[1] = 1;
			pos = &esupp_rates[2];
		} else {
			pos = skb_put(skb, 1);
			supp_rates[1]++;
		}
1173
		*pos = rate->bitrate / 5;
1174 1175
	}

1176
	ieee80211_sta_tx(sdata, skb, 0);
1177 1178 1179
}


1180
static int ieee80211_sta_wep_configured(struct ieee80211_sub_if_data *sdata)
1181 1182
{
	if (!sdata || !sdata->default_key ||
1183
	    sdata->default_key->conf.alg != ALG_WEP)
1184 1185 1186 1187 1188
		return 0;
	return 1;
}


1189
static void ieee80211_auth_completed(struct ieee80211_sub_if_data *sdata,
1190 1191
				     struct ieee80211_if_sta *ifsta)
{
1192
	printk(KERN_DEBUG "%s: authenticated\n", sdata->dev->name);
1193
	ifsta->flags |= IEEE80211_STA_AUTHENTICATED;
1194
	ieee80211_associate(sdata, ifsta);
1195 1196 1197
}


1198
static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata,
1199 1200 1201 1202 1203 1204 1205 1206
				     struct ieee80211_if_sta *ifsta,
				     struct ieee80211_mgmt *mgmt,
				     size_t len)
{
	u8 *pos;
	struct ieee802_11_elems elems;

	pos = mgmt->u.auth.variable;
1207
	ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
1208
	if (!elems.challenge)
1209
		return;
1210
	ieee80211_send_auth(sdata, ifsta, 3, elems.challenge - 2,
1211 1212 1213
			    elems.challenge_len + 2, 1);
}

1214
static void ieee80211_send_addba_resp(struct ieee80211_sub_if_data *sdata, u8 *da, u16 tid,
1215 1216 1217 1218
					u8 dialog_token, u16 status, u16 policy,
					u16 buf_size, u16 timeout)
{
	struct ieee80211_if_sta *ifsta = &sdata->u.sta;
1219
	struct ieee80211_local *local = sdata->local;
1220 1221 1222 1223
	struct sk_buff *skb;
	struct ieee80211_mgmt *mgmt;
	u16 capab;

E
Ester Kummer 已提交
1224 1225
	skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom);

1226 1227
	if (!skb) {
		printk(KERN_DEBUG "%s: failed to allocate buffer "
1228
		       "for addba resp frame\n", sdata->dev->name);
1229 1230 1231 1232 1233 1234 1235
		return;
	}

	skb_reserve(skb, local->hw.extra_tx_headroom);
	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
	memset(mgmt, 0, 24);
	memcpy(mgmt->da, da, ETH_ALEN);
1236
	memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
1237
	if (sdata->vif.type == IEEE80211_IF_TYPE_AP)
1238
		memcpy(mgmt->bssid, sdata->dev->dev_addr, ETH_ALEN);
1239 1240
	else
		memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
1241 1242
	mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
					  IEEE80211_STYPE_ACTION);
1243 1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 1254 1255 1256

	skb_put(skb, 1 + sizeof(mgmt->u.action.u.addba_resp));
	mgmt->u.action.category = WLAN_CATEGORY_BACK;
	mgmt->u.action.u.addba_resp.action_code = WLAN_ACTION_ADDBA_RESP;
	mgmt->u.action.u.addba_resp.dialog_token = dialog_token;

	capab = (u16)(policy << 1);	/* bit 1 aggregation policy */
	capab |= (u16)(tid << 2); 	/* bit 5:2 TID number */
	capab |= (u16)(buf_size << 6);	/* bit 15:6 max size of aggregation */

	mgmt->u.action.u.addba_resp.capab = cpu_to_le16(capab);
	mgmt->u.action.u.addba_resp.timeout = cpu_to_le16(timeout);
	mgmt->u.action.u.addba_resp.status = cpu_to_le16(status);

1257
	ieee80211_sta_tx(sdata, skb, 0);
1258 1259 1260 1261

	return;
}

1262
void ieee80211_send_addba_request(struct ieee80211_sub_if_data *sdata, const u8 *da,
1263 1264 1265
				u16 tid, u8 dialog_token, u16 start_seq_num,
				u16 agg_size, u16 timeout)
{
1266
	struct ieee80211_local *local = sdata->local;
1267 1268 1269 1270 1271
	struct ieee80211_if_sta *ifsta = &sdata->u.sta;
	struct sk_buff *skb;
	struct ieee80211_mgmt *mgmt;
	u16 capab;

E
Ester Kummer 已提交
1272
	skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom);
1273 1274 1275

	if (!skb) {
		printk(KERN_ERR "%s: failed to allocate buffer "
1276
				"for addba request frame\n", sdata->dev->name);
1277 1278 1279 1280 1281 1282
		return;
	}
	skb_reserve(skb, local->hw.extra_tx_headroom);
	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
	memset(mgmt, 0, 24);
	memcpy(mgmt->da, da, ETH_ALEN);
1283
	memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
1284
	if (sdata->vif.type == IEEE80211_IF_TYPE_AP)
1285
		memcpy(mgmt->bssid, sdata->dev->dev_addr, ETH_ALEN);
1286 1287 1288
	else
		memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);

1289 1290
	mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
					  IEEE80211_STYPE_ACTION);
1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 1301 1302 1303 1304 1305 1306 1307

	skb_put(skb, 1 + sizeof(mgmt->u.action.u.addba_req));

	mgmt->u.action.category = WLAN_CATEGORY_BACK;
	mgmt->u.action.u.addba_req.action_code = WLAN_ACTION_ADDBA_REQ;

	mgmt->u.action.u.addba_req.dialog_token = dialog_token;
	capab = (u16)(1 << 1);		/* bit 1 aggregation policy */
	capab |= (u16)(tid << 2); 	/* bit 5:2 TID number */
	capab |= (u16)(agg_size << 6);	/* bit 15:6 max size of aggergation */

	mgmt->u.action.u.addba_req.capab = cpu_to_le16(capab);

	mgmt->u.action.u.addba_req.timeout = cpu_to_le16(timeout);
	mgmt->u.action.u.addba_req.start_seq_num =
					cpu_to_le16(start_seq_num << 4);

1308
	ieee80211_sta_tx(sdata, skb, 0);
1309 1310
}

1311
static void ieee80211_sta_process_addba_request(struct ieee80211_local *local,
1312 1313 1314
						struct ieee80211_mgmt *mgmt,
						size_t len)
{
1315 1316
	struct ieee80211_hw *hw = &local->hw;
	struct ieee80211_conf *conf = &hw->conf;
1317
	struct sta_info *sta;
1318 1319
	struct tid_ampdu_rx *tid_agg_rx;
	u16 capab, tid, timeout, ba_policy, buf_size, start_seq_num, status;
1320
	u8 dialog_token;
1321 1322
	int ret = -EOPNOTSUPP;
	DECLARE_MAC_BUF(mac);
1323

1324 1325
	rcu_read_lock();

1326
	sta = sta_info_get(local, mgmt->sa);
1327 1328
	if (!sta) {
		rcu_read_unlock();
1329
		return;
1330
	}
1331 1332 1333 1334

	/* extract session parameters from addba request frame */
	dialog_token = mgmt->u.action.u.addba_req.dialog_token;
	timeout = le16_to_cpu(mgmt->u.action.u.addba_req.timeout);
1335 1336
	start_seq_num =
		le16_to_cpu(mgmt->u.action.u.addba_req.start_seq_num) >> 4;
1337 1338 1339 1340 1341 1342 1343 1344

	capab = le16_to_cpu(mgmt->u.action.u.addba_req.capab);
	ba_policy = (capab & IEEE80211_ADDBA_PARAM_POLICY_MASK) >> 1;
	tid = (capab & IEEE80211_ADDBA_PARAM_TID_MASK) >> 2;
	buf_size = (capab & IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK) >> 6;

	status = WLAN_STATUS_REQUEST_DECLINED;

1345 1346 1347 1348 1349 1350 1351 1352 1353
	/* sanity check for incoming parameters:
	 * check if configuration can support the BA policy
	 * and if buffer size does not exceeds max value */
	if (((ba_policy != 1)
		&& (!(conf->ht_conf.cap & IEEE80211_HT_CAP_DELAY_BA)))
		|| (buf_size > IEEE80211_MAX_AMPDU_BUF)) {
		status = WLAN_STATUS_INVALID_QOS_PARAM;
#ifdef CONFIG_MAC80211_HT_DEBUG
		if (net_ratelimit())
1354
			printk(KERN_DEBUG "AddBA Req with bad params from "
1355 1356 1357 1358 1359 1360 1361 1362
				"%s on tid %u. policy %d, buffer size %d\n",
				print_mac(mac, mgmt->sa), tid, ba_policy,
				buf_size);
#endif /* CONFIG_MAC80211_HT_DEBUG */
		goto end_no_lock;
	}
	/* determine default buffer size */
	if (buf_size == 0) {
1363 1364 1365
		struct ieee80211_supported_band *sband;

		sband = local->hw.wiphy->bands[conf->channel->band];
1366
		buf_size = IEEE80211_MIN_AMPDU_BUF;
1367
		buf_size = buf_size << sband->ht_info.ampdu_factor;
1368 1369 1370 1371
	}


	/* examine state machine */
1372
	spin_lock_bh(&sta->lock);
1373

1374
	if (sta->ampdu_mlme.tid_state_rx[tid] != HT_AGG_STATE_IDLE) {
1375 1376
#ifdef CONFIG_MAC80211_HT_DEBUG
		if (net_ratelimit())
1377
			printk(KERN_DEBUG "unexpected AddBA Req from "
1378 1379 1380 1381 1382 1383
				"%s on tid %u\n",
				print_mac(mac, mgmt->sa), tid);
#endif /* CONFIG_MAC80211_HT_DEBUG */
		goto end;
	}

1384 1385 1386 1387
	/* prepare A-MPDU MLME for Rx aggregation */
	sta->ampdu_mlme.tid_rx[tid] =
			kmalloc(sizeof(struct tid_ampdu_rx), GFP_ATOMIC);
	if (!sta->ampdu_mlme.tid_rx[tid]) {
1388
#ifdef CONFIG_MAC80211_HT_DEBUG
1389 1390 1391
		if (net_ratelimit())
			printk(KERN_ERR "allocate rx mlme to tid %d failed\n",
					tid);
1392
#endif
1393 1394 1395 1396 1397 1398 1399 1400 1401 1402 1403
		goto end;
	}
	/* rx timer */
	sta->ampdu_mlme.tid_rx[tid]->session_timer.function =
				sta_rx_agg_session_timer_expired;
	sta->ampdu_mlme.tid_rx[tid]->session_timer.data =
				(unsigned long)&sta->timer_to_tid[tid];
	init_timer(&sta->ampdu_mlme.tid_rx[tid]->session_timer);

	tid_agg_rx = sta->ampdu_mlme.tid_rx[tid];

1404 1405
	/* prepare reordering buffer */
	tid_agg_rx->reorder_buf =
1406
		kmalloc(buf_size * sizeof(struct sk_buff *), GFP_ATOMIC);
1407
	if (!tid_agg_rx->reorder_buf) {
1408
#ifdef CONFIG_MAC80211_HT_DEBUG
1409 1410 1411
		if (net_ratelimit())
			printk(KERN_ERR "can not allocate reordering buffer "
			       "to tid %d\n", tid);
1412
#endif
1413
		kfree(sta->ampdu_mlme.tid_rx[tid]);
1414 1415 1416
		goto end;
	}
	memset(tid_agg_rx->reorder_buf, 0,
1417
		buf_size * sizeof(struct sk_buff *));
1418 1419 1420

	if (local->ops->ampdu_action)
		ret = local->ops->ampdu_action(hw, IEEE80211_AMPDU_RX_START,
1421
					       sta->addr, tid, &start_seq_num);
1422
#ifdef CONFIG_MAC80211_HT_DEBUG
1423
	printk(KERN_DEBUG "Rx A-MPDU request on tid %d result %d\n", tid, ret);
1424 1425 1426 1427
#endif /* CONFIG_MAC80211_HT_DEBUG */

	if (ret) {
		kfree(tid_agg_rx->reorder_buf);
1428 1429
		kfree(tid_agg_rx);
		sta->ampdu_mlme.tid_rx[tid] = NULL;
1430 1431 1432 1433
		goto end;
	}

	/* change state and send addba resp */
1434
	sta->ampdu_mlme.tid_state_rx[tid] = HT_AGG_STATE_OPERATIONAL;
1435 1436 1437 1438 1439 1440 1441 1442
	tid_agg_rx->dialog_token = dialog_token;
	tid_agg_rx->ssn = start_seq_num;
	tid_agg_rx->head_seq_num = start_seq_num;
	tid_agg_rx->buf_size = buf_size;
	tid_agg_rx->timeout = timeout;
	tid_agg_rx->stored_mpdu_num = 0;
	status = WLAN_STATUS_SUCCESS;
end:
1443
	spin_unlock_bh(&sta->lock);
1444 1445

end_no_lock:
1446
	ieee80211_send_addba_resp(sta->sdata, sta->addr, tid,
1447 1448
				  dialog_token, status, 1, buf_size, timeout);
	rcu_read_unlock();
1449
}
1450

1451
static void ieee80211_sta_process_addba_resp(struct ieee80211_local *local,
1452 1453 1454 1455 1456 1457 1458 1459 1460
					     struct ieee80211_mgmt *mgmt,
					     size_t len)
{
	struct ieee80211_hw *hw = &local->hw;
	struct sta_info *sta;
	u16 capab;
	u16 tid;
	u8 *state;

1461 1462
	rcu_read_lock();

1463
	sta = sta_info_get(local, mgmt->sa);
1464 1465
	if (!sta) {
		rcu_read_unlock();
1466
		return;
1467
	}
1468 1469 1470 1471

	capab = le16_to_cpu(mgmt->u.action.u.addba_resp.capab);
	tid = (capab & IEEE80211_ADDBA_PARAM_TID_MASK) >> 2;

1472
	state = &sta->ampdu_mlme.tid_state_tx[tid];
1473

1474
	spin_lock_bh(&sta->lock);
1475

1476
	if (!(*state & HT_ADDBA_REQUESTED_MSK)) {
1477
		spin_unlock_bh(&sta->lock);
1478 1479 1480
		goto addba_resp_exit;
	}

1481
	if (mgmt->u.action.u.addba_resp.dialog_token !=
1482
		sta->ampdu_mlme.tid_tx[tid]->dialog_token) {
1483
		spin_unlock_bh(&sta->lock);
1484 1485 1486
#ifdef CONFIG_MAC80211_HT_DEBUG
		printk(KERN_DEBUG "wrong addBA response token, tid %d\n", tid);
#endif /* CONFIG_MAC80211_HT_DEBUG */
1487
		goto addba_resp_exit;
1488 1489
	}

1490
	del_timer_sync(&sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer);
1491 1492 1493 1494 1495 1496
#ifdef CONFIG_MAC80211_HT_DEBUG
	printk(KERN_DEBUG "switched off addBA timer for tid %d \n", tid);
#endif /* CONFIG_MAC80211_HT_DEBUG */
	if (le16_to_cpu(mgmt->u.action.u.addba_resp.status)
			== WLAN_STATUS_SUCCESS) {
		*state |= HT_ADDBA_RECEIVED_MSK;
1497
		sta->ampdu_mlme.addba_req_num[tid] = 0;
1498

1499
		if (*state == HT_AGG_STATE_OPERATIONAL)
1500 1501
			ieee80211_wake_queue(hw, sta->tid_to_tx_q[tid]);

1502
		spin_unlock_bh(&sta->lock);
1503
	} else {
1504
		sta->ampdu_mlme.addba_req_num[tid]++;
1505 1506
		/* this will allow the state check in stop_BA_session */
		*state = HT_AGG_STATE_OPERATIONAL;
1507
		spin_unlock_bh(&sta->lock);
1508 1509 1510
		ieee80211_stop_tx_ba_session(hw, sta->addr, tid,
					     WLAN_BACK_INITIATOR);
	}
1511 1512

addba_resp_exit:
1513
	rcu_read_unlock();
1514 1515
}

1516
void ieee80211_send_delba(struct ieee80211_sub_if_data *sdata, const u8 *da, u16 tid,
1517
			  u16 initiator, u16 reason_code)
1518
{
1519
	struct ieee80211_local *local = sdata->local;
1520 1521 1522 1523 1524
	struct ieee80211_if_sta *ifsta = &sdata->u.sta;
	struct sk_buff *skb;
	struct ieee80211_mgmt *mgmt;
	u16 params;

E
Ester Kummer 已提交
1525
	skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom);
1526 1527 1528

	if (!skb) {
		printk(KERN_ERR "%s: failed to allocate buffer "
1529
					"for delba frame\n", sdata->dev->name);
1530 1531 1532 1533 1534 1535 1536
		return;
	}

	skb_reserve(skb, local->hw.extra_tx_headroom);
	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
	memset(mgmt, 0, 24);
	memcpy(mgmt->da, da, ETH_ALEN);
1537
	memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
1538
	if (sdata->vif.type == IEEE80211_IF_TYPE_AP)
1539
		memcpy(mgmt->bssid, sdata->dev->dev_addr, ETH_ALEN);
1540 1541
	else
		memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
1542 1543
	mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
					  IEEE80211_STYPE_ACTION);
1544 1545 1546 1547 1548 1549 1550 1551 1552 1553 1554

	skb_put(skb, 1 + sizeof(mgmt->u.action.u.delba));

	mgmt->u.action.category = WLAN_CATEGORY_BACK;
	mgmt->u.action.u.delba.action_code = WLAN_ACTION_DELBA;
	params = (u16)(initiator << 11); 	/* bit 11 initiator */
	params |= (u16)(tid << 12); 		/* bit 15:12 TID number */

	mgmt->u.action.u.delba.params = cpu_to_le16(params);
	mgmt->u.action.u.delba.reason_code = cpu_to_le16(reason_code);

1555
	ieee80211_sta_tx(sdata, skb, 0);
1556 1557
}

1558
void ieee80211_send_bar(struct ieee80211_sub_if_data *sdata, u8 *ra, u16 tid, u16 ssn)
1559
{
1560
	struct ieee80211_local *local = sdata->local;
1561 1562 1563 1564 1565 1566 1567
	struct sk_buff *skb;
	struct ieee80211_bar *bar;
	u16 bar_control = 0;

	skb = dev_alloc_skb(sizeof(*bar) + local->hw.extra_tx_headroom);
	if (!skb) {
		printk(KERN_ERR "%s: failed to allocate buffer for "
1568
			"bar frame\n", sdata->dev->name);
1569 1570 1571 1572 1573
		return;
	}
	skb_reserve(skb, local->hw.extra_tx_headroom);
	bar = (struct ieee80211_bar *)skb_put(skb, sizeof(*bar));
	memset(bar, 0, sizeof(*bar));
1574 1575
	bar->frame_control = cpu_to_le16(IEEE80211_FTYPE_CTL |
					 IEEE80211_STYPE_BACK_REQ);
1576
	memcpy(bar->ra, ra, ETH_ALEN);
1577
	memcpy(bar->ta, sdata->dev->dev_addr, ETH_ALEN);
1578 1579 1580 1581 1582 1583
	bar_control |= (u16)IEEE80211_BAR_CTRL_ACK_POLICY_NORMAL;
	bar_control |= (u16)IEEE80211_BAR_CTRL_CBMTID_COMPRESSED_BA;
	bar_control |= (u16)(tid << 12);
	bar->control = cpu_to_le16(bar_control);
	bar->start_seq_num = cpu_to_le16(ssn);

1584
	ieee80211_sta_tx(sdata, skb, 0);
1585 1586
}

1587
void ieee80211_sta_stop_rx_ba_session(struct ieee80211_sub_if_data *sdata, u8 *ra, u16 tid,
1588 1589
					u16 initiator, u16 reason)
{
1590
	struct ieee80211_local *local = sdata->local;
1591 1592
	struct ieee80211_hw *hw = &local->hw;
	struct sta_info *sta;
1593
	int ret, i;
1594
	DECLARE_MAC_BUF(mac);
1595

1596 1597
	rcu_read_lock();

1598
	sta = sta_info_get(local, ra);
1599 1600
	if (!sta) {
		rcu_read_unlock();
1601
		return;
1602
	}
1603 1604

	/* check if TID is in operational state */
1605
	spin_lock_bh(&sta->lock);
1606
	if (sta->ampdu_mlme.tid_state_rx[tid]
1607
				!= HT_AGG_STATE_OPERATIONAL) {
1608
		spin_unlock_bh(&sta->lock);
1609
		rcu_read_unlock();
1610 1611
		return;
	}
1612
	sta->ampdu_mlme.tid_state_rx[tid] =
1613 1614
		HT_AGG_STATE_REQ_STOP_BA_MSK |
		(initiator << HT_AGG_STATE_INITIATOR_SHIFT);
1615
	spin_unlock_bh(&sta->lock);
1616 1617 1618 1619 1620

	/* stop HW Rx aggregation. ampdu_action existence
	 * already verified in session init so we add the BUG_ON */
	BUG_ON(!local->ops->ampdu_action);

1621 1622 1623 1624 1625
#ifdef CONFIG_MAC80211_HT_DEBUG
	printk(KERN_DEBUG "Rx BA session stop requested for %s tid %u\n",
				print_mac(mac, ra), tid);
#endif /* CONFIG_MAC80211_HT_DEBUG */

1626
	ret = local->ops->ampdu_action(hw, IEEE80211_AMPDU_RX_STOP,
1627
					ra, tid, NULL);
1628 1629
	if (ret)
		printk(KERN_DEBUG "HW problem - can not stop rx "
1630
				"aggregation for tid %d\n", tid);
1631 1632 1633

	/* shutdown timer has not expired */
	if (initiator != WLAN_BACK_TIMER)
1634
		del_timer_sync(&sta->ampdu_mlme.tid_rx[tid]->session_timer);
1635 1636 1637

	/* check if this is a self generated aggregation halt */
	if (initiator == WLAN_BACK_RECIPIENT || initiator == WLAN_BACK_TIMER)
1638
		ieee80211_send_delba(sdata, ra, tid, 0, reason);
1639 1640

	/* free the reordering buffer */
1641 1642
	for (i = 0; i < sta->ampdu_mlme.tid_rx[tid]->buf_size; i++) {
		if (sta->ampdu_mlme.tid_rx[tid]->reorder_buf[i]) {
1643
			/* release the reordered frames */
1644 1645 1646
			dev_kfree_skb(sta->ampdu_mlme.tid_rx[tid]->reorder_buf[i]);
			sta->ampdu_mlme.tid_rx[tid]->stored_mpdu_num--;
			sta->ampdu_mlme.tid_rx[tid]->reorder_buf[i] = NULL;
1647 1648
		}
	}
1649 1650 1651 1652 1653
	/* free resources */
	kfree(sta->ampdu_mlme.tid_rx[tid]->reorder_buf);
	kfree(sta->ampdu_mlme.tid_rx[tid]);
	sta->ampdu_mlme.tid_rx[tid] = NULL;
	sta->ampdu_mlme.tid_state_rx[tid] = HT_AGG_STATE_IDLE;
1654

1655
	rcu_read_unlock();
1656 1657
}

1658

1659
static void ieee80211_sta_process_delba(struct ieee80211_sub_if_data *sdata,
1660 1661
			struct ieee80211_mgmt *mgmt, size_t len)
{
1662
	struct ieee80211_local *local = sdata->local;
1663 1664 1665 1666 1667
	struct sta_info *sta;
	u16 tid, params;
	u16 initiator;
	DECLARE_MAC_BUF(mac);

1668 1669
	rcu_read_lock();

1670
	sta = sta_info_get(local, mgmt->sa);
1671 1672
	if (!sta) {
		rcu_read_unlock();
1673
		return;
1674
	}
1675 1676 1677 1678 1679 1680 1681

	params = le16_to_cpu(mgmt->u.action.u.delba.params);
	tid = (params & IEEE80211_DELBA_PARAM_TID_MASK) >> 12;
	initiator = (params & IEEE80211_DELBA_PARAM_INITIATOR_MASK) >> 11;

#ifdef CONFIG_MAC80211_HT_DEBUG
	if (net_ratelimit())
1682 1683
		printk(KERN_DEBUG "delba from %s (%s) tid %d reason code %d\n",
			print_mac(mac, mgmt->sa),
1684
			initiator ? "initiator" : "recipient", tid,
1685 1686 1687 1688
			mgmt->u.action.u.delba.reason_code);
#endif /* CONFIG_MAC80211_HT_DEBUG */

	if (initiator == WLAN_BACK_INITIATOR)
1689
		ieee80211_sta_stop_rx_ba_session(sdata, sta->addr, tid,
1690
						 WLAN_BACK_INITIATOR, 0);
1691
	else { /* WLAN_BACK_RECIPIENT */
1692
		spin_lock_bh(&sta->lock);
1693
		sta->ampdu_mlme.tid_state_tx[tid] =
1694
				HT_AGG_STATE_OPERATIONAL;
1695
		spin_unlock_bh(&sta->lock);
1696 1697 1698
		ieee80211_stop_tx_ba_session(&local->hw, sta->addr, tid,
					     WLAN_BACK_RECIPIENT);
	}
1699
	rcu_read_unlock();
1700 1701
}

1702 1703 1704 1705 1706 1707 1708 1709 1710
/*
 * After sending add Block Ack request we activated a timer until
 * add Block Ack response will arrive from the recipient.
 * If this timer expires sta_addba_resp_timer_expired will be executed.
 */
void sta_addba_resp_timer_expired(unsigned long data)
{
	/* not an elegant detour, but there is no choice as the timer passes
	 * only one argument, and both sta_info and TID are needed, so init
J
Johannes Berg 已提交
1711
	 * flow in sta_info_create gives the TID as data, while the timer_to_id
1712
	 * array gives the sta through container_of */
1713
	u16 tid = *(u8 *)data;
1714 1715 1716 1717 1718 1719 1720 1721
	struct sta_info *temp_sta = container_of((void *)data,
		struct sta_info, timer_to_tid[tid]);

	struct ieee80211_local *local = temp_sta->local;
	struct ieee80211_hw *hw = &local->hw;
	struct sta_info *sta;
	u8 *state;

1722 1723
	rcu_read_lock();

1724
	sta = sta_info_get(local, temp_sta->addr);
1725 1726
	if (!sta) {
		rcu_read_unlock();
1727
		return;
1728
	}
1729

1730
	state = &sta->ampdu_mlme.tid_state_tx[tid];
1731
	/* check if the TID waits for addBA response */
1732
	spin_lock_bh(&sta->lock);
1733
	if (!(*state & HT_ADDBA_REQUESTED_MSK)) {
1734
		spin_unlock_bh(&sta->lock);
1735
		*state = HT_AGG_STATE_IDLE;
1736
#ifdef CONFIG_MAC80211_HT_DEBUG
1737 1738
		printk(KERN_DEBUG "timer expired on tid %d but we are not "
				"expecting addBA response there", tid);
1739
#endif
1740 1741 1742
		goto timer_expired_exit;
	}

1743
#ifdef CONFIG_MAC80211_HT_DEBUG
1744
	printk(KERN_DEBUG "addBA response timer expired on tid %d\n", tid);
1745
#endif
1746 1747 1748

	/* go through the state check in stop_BA_session */
	*state = HT_AGG_STATE_OPERATIONAL;
1749
	spin_unlock_bh(&sta->lock);
1750 1751 1752 1753
	ieee80211_stop_tx_ba_session(hw, temp_sta->addr, tid,
				     WLAN_BACK_INITIATOR);

timer_expired_exit:
1754
	rcu_read_unlock();
1755 1756
}

1757
/*
1758 1759
 * After accepting the AddBA Request we activated a timer,
 * resetting it after each frame that arrives from the originator.
1760 1761
 * if this timer expires ieee80211_sta_stop_rx_ba_session will be executed.
 */
1762
static void sta_rx_agg_session_timer_expired(unsigned long data)
1763 1764
{
	/* not an elegant detour, but there is no choice as the timer passes
1765
	 * only one argument, and various sta_info are needed here, so init
J
Johannes Berg 已提交
1766
	 * flow in sta_info_create gives the TID as data, while the timer_to_id
1767 1768 1769 1770 1771 1772
	 * array gives the sta through container_of */
	u8 *ptid = (u8 *)data;
	u8 *timer_to_id = ptid - *ptid;
	struct sta_info *sta = container_of(timer_to_id, struct sta_info,
					 timer_to_tid[0]);

1773
#ifdef CONFIG_MAC80211_HT_DEBUG
1774
	printk(KERN_DEBUG "rx session timer expired on tid %d\n", (u16)*ptid);
1775
#endif
1776
	ieee80211_sta_stop_rx_ba_session(sta->sdata, sta->addr,
1777
					 (u16)*ptid, WLAN_BACK_TIMER,
1778 1779 1780
					 WLAN_REASON_QSTA_TIMEOUT);
}

1781
void ieee80211_sta_tear_down_BA_sessions(struct ieee80211_sub_if_data *sdata, u8 *addr)
1782
{
1783
	struct ieee80211_local *local = sdata->local;
1784 1785 1786 1787 1788
	int i;

	for (i = 0; i <  STA_TID_NUM; i++) {
		ieee80211_stop_tx_ba_session(&local->hw, addr, i,
					     WLAN_BACK_INITIATOR);
1789
		ieee80211_sta_stop_rx_ba_session(sdata, addr, i,
1790 1791 1792 1793
						 WLAN_BACK_RECIPIENT,
						 WLAN_REASON_QSTA_LEAVE_QBSS);
	}
}
1794

1795
static void ieee80211_send_refuse_measurement_request(struct ieee80211_sub_if_data *sdata,
1796 1797 1798 1799
					struct ieee80211_msrment_ie *request_ie,
					const u8 *da, const u8 *bssid,
					u8 dialog_token)
{
1800
	struct ieee80211_local *local = sdata->local;
1801 1802 1803 1804 1805 1806 1807 1808
	struct sk_buff *skb;
	struct ieee80211_mgmt *msr_report;

	skb = dev_alloc_skb(sizeof(*msr_report) + local->hw.extra_tx_headroom +
				sizeof(struct ieee80211_msrment_ie));

	if (!skb) {
		printk(KERN_ERR "%s: failed to allocate buffer for "
1809
				"measurement report frame\n", sdata->dev->name);
1810 1811 1812 1813 1814 1815 1816
		return;
	}

	skb_reserve(skb, local->hw.extra_tx_headroom);
	msr_report = (struct ieee80211_mgmt *)skb_put(skb, 24);
	memset(msr_report, 0, 24);
	memcpy(msr_report->da, da, ETH_ALEN);
1817
	memcpy(msr_report->sa, sdata->dev->dev_addr, ETH_ALEN);
1818
	memcpy(msr_report->bssid, bssid, ETH_ALEN);
1819
	msr_report->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
1820 1821 1822 1823 1824 1825 1826 1827 1828 1829 1830 1831 1832 1833 1834 1835 1836 1837 1838
						IEEE80211_STYPE_ACTION);

	skb_put(skb, 1 + sizeof(msr_report->u.action.u.measurement));
	msr_report->u.action.category = WLAN_CATEGORY_SPECTRUM_MGMT;
	msr_report->u.action.u.measurement.action_code =
				WLAN_ACTION_SPCT_MSR_RPRT;
	msr_report->u.action.u.measurement.dialog_token = dialog_token;

	msr_report->u.action.u.measurement.element_id = WLAN_EID_MEASURE_REPORT;
	msr_report->u.action.u.measurement.length =
			sizeof(struct ieee80211_msrment_ie);

	memset(&msr_report->u.action.u.measurement.msr_elem, 0,
		sizeof(struct ieee80211_msrment_ie));
	msr_report->u.action.u.measurement.msr_elem.token = request_ie->token;
	msr_report->u.action.u.measurement.msr_elem.mode |=
			IEEE80211_SPCT_MSR_RPRT_MODE_REFUSED;
	msr_report->u.action.u.measurement.msr_elem.type = request_ie->type;

1839
	ieee80211_sta_tx(sdata, skb, 0);
1840 1841
}

1842
static void ieee80211_sta_process_measurement_req(struct ieee80211_sub_if_data *sdata,
1843 1844 1845 1846 1847 1848 1849 1850 1851 1852
						struct ieee80211_mgmt *mgmt,
						size_t len)
{
	/*
	 * Ignoring measurement request is spec violation.
	 * Mandatory measurements must be reported optional
	 * measurements might be refused or reported incapable
	 * For now just refuse
	 * TODO: Answer basic measurement as unmeasured
	 */
1853
	ieee80211_send_refuse_measurement_request(sdata,
1854 1855 1856 1857 1858 1859
			&mgmt->u.action.u.measurement.msr_elem,
			mgmt->sa, mgmt->bssid,
			mgmt->u.action.u.measurement.dialog_token);
}


1860
static void ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata,
1861 1862 1863 1864 1865
				   struct ieee80211_if_sta *ifsta,
				   struct ieee80211_mgmt *mgmt,
				   size_t len)
{
	u16 auth_alg, auth_transaction, status_code;
1866
	DECLARE_MAC_BUF(mac);
1867

1868
	if (ifsta->state != IEEE80211_STA_MLME_AUTHENTICATE &&
1869
	    sdata->vif.type != IEEE80211_IF_TYPE_IBSS)
1870 1871
		return;

1872
	if (len < 24 + 6)
1873 1874
		return;

1875
	if (sdata->vif.type != IEEE80211_IF_TYPE_IBSS &&
1876
	    memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0)
1877 1878
		return;

1879
	if (sdata->vif.type != IEEE80211_IF_TYPE_IBSS &&
1880
	    memcmp(ifsta->bssid, mgmt->bssid, ETH_ALEN) != 0)
1881 1882 1883 1884 1885 1886
		return;

	auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
	auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
	status_code = le16_to_cpu(mgmt->u.auth.status_code);

1887
	if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS) {
J
Johannes Berg 已提交
1888 1889
		/*
		 * IEEE 802.11 standard does not require authentication in IBSS
1890 1891 1892
		 * networks and most implementations do not seem to use it.
		 * However, try to reply to authentication attempts if someone
		 * has actually implemented this.
J
Johannes Berg 已提交
1893
		 */
1894
		if (auth_alg != WLAN_AUTH_OPEN || auth_transaction != 1)
1895
			return;
1896
		ieee80211_send_auth(sdata, ifsta, 2, NULL, 0, 0);
1897 1898 1899
	}

	if (auth_alg != ifsta->auth_alg ||
1900
	    auth_transaction != ifsta->auth_transaction)
1901 1902 1903 1904 1905 1906 1907 1908 1909 1910 1911 1912 1913 1914 1915 1916 1917 1918 1919 1920 1921 1922 1923 1924 1925 1926 1927 1928
		return;

	if (status_code != WLAN_STATUS_SUCCESS) {
		if (status_code == WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG) {
			u8 algs[3];
			const int num_algs = ARRAY_SIZE(algs);
			int i, pos;
			algs[0] = algs[1] = algs[2] = 0xff;
			if (ifsta->auth_algs & IEEE80211_AUTH_ALG_OPEN)
				algs[0] = WLAN_AUTH_OPEN;
			if (ifsta->auth_algs & IEEE80211_AUTH_ALG_SHARED_KEY)
				algs[1] = WLAN_AUTH_SHARED_KEY;
			if (ifsta->auth_algs & IEEE80211_AUTH_ALG_LEAP)
				algs[2] = WLAN_AUTH_LEAP;
			if (ifsta->auth_alg == WLAN_AUTH_OPEN)
				pos = 0;
			else if (ifsta->auth_alg == WLAN_AUTH_SHARED_KEY)
				pos = 1;
			else
				pos = 2;
			for (i = 0; i < num_algs; i++) {
				pos++;
				if (pos >= num_algs)
					pos = 0;
				if (algs[pos] == ifsta->auth_alg ||
				    algs[pos] == 0xff)
					continue;
				if (algs[pos] == WLAN_AUTH_SHARED_KEY &&
1929
				    !ieee80211_sta_wep_configured(sdata))
1930 1931 1932 1933 1934 1935 1936 1937 1938 1939 1940
					continue;
				ifsta->auth_alg = algs[pos];
				break;
			}
		}
		return;
	}

	switch (ifsta->auth_alg) {
	case WLAN_AUTH_OPEN:
	case WLAN_AUTH_LEAP:
1941
		ieee80211_auth_completed(sdata, ifsta);
1942 1943 1944
		break;
	case WLAN_AUTH_SHARED_KEY:
		if (ifsta->auth_transaction == 4)
1945
			ieee80211_auth_completed(sdata, ifsta);
1946
		else
1947
			ieee80211_auth_challenge(sdata, ifsta, mgmt, len);
1948 1949 1950 1951 1952
		break;
	}
}


1953
static void ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata,
1954 1955 1956 1957 1958
				     struct ieee80211_if_sta *ifsta,
				     struct ieee80211_mgmt *mgmt,
				     size_t len)
{
	u16 reason_code;
1959
	DECLARE_MAC_BUF(mac);
1960

1961
	if (len < 24 + 2)
1962 1963
		return;

1964
	if (memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN))
1965 1966 1967 1968
		return;

	reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);

J
Johannes Berg 已提交
1969
	if (ifsta->flags & IEEE80211_STA_AUTHENTICATED)
1970
		printk(KERN_DEBUG "%s: deauthenticated\n", sdata->dev->name);
1971

1972 1973 1974
	if (ifsta->state == IEEE80211_STA_MLME_AUTHENTICATE ||
	    ifsta->state == IEEE80211_STA_MLME_ASSOCIATE ||
	    ifsta->state == IEEE80211_STA_MLME_ASSOCIATED) {
1975
		ifsta->state = IEEE80211_STA_MLME_DIRECT_PROBE;
1976 1977 1978 1979
		mod_timer(&ifsta->timer, jiffies +
				      IEEE80211_RETRY_AUTH_INTERVAL);
	}

1980
	ieee80211_set_disassoc(sdata, ifsta, 1);
1981
	ifsta->flags &= ~IEEE80211_STA_AUTHENTICATED;
1982 1983 1984
}


1985
static void ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata,
1986 1987 1988 1989 1990
				       struct ieee80211_if_sta *ifsta,
				       struct ieee80211_mgmt *mgmt,
				       size_t len)
{
	u16 reason_code;
1991
	DECLARE_MAC_BUF(mac);
1992

1993
	if (len < 24 + 2)
1994 1995
		return;

1996
	if (memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN))
1997 1998 1999 2000
		return;

	reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);

2001
	if (ifsta->flags & IEEE80211_STA_ASSOCIATED)
2002
		printk(KERN_DEBUG "%s: disassociated\n", sdata->dev->name);
2003

2004 2005
	if (ifsta->state == IEEE80211_STA_MLME_ASSOCIATED) {
		ifsta->state = IEEE80211_STA_MLME_ASSOCIATE;
2006 2007 2008 2009
		mod_timer(&ifsta->timer, jiffies +
				      IEEE80211_RETRY_AUTH_INTERVAL);
	}

2010
	ieee80211_set_disassoc(sdata, ifsta, 0);
2011 2012 2013
}


2014
static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
2015 2016 2017 2018 2019
					 struct ieee80211_if_sta *ifsta,
					 struct ieee80211_mgmt *mgmt,
					 size_t len,
					 int reassoc)
{
2020
	struct ieee80211_local *local = sdata->local;
2021
	struct ieee80211_supported_band *sband;
2022
	struct sta_info *sta;
2023
	u64 rates, basic_rates;
2024 2025
	u16 capab_info, status_code, aid;
	struct ieee802_11_elems elems;
2026
	struct ieee80211_bss_conf *bss_conf = &sdata->bss_conf;
2027 2028
	u8 *pos;
	int i, j;
2029
	DECLARE_MAC_BUF(mac);
2030
	bool have_higher_than_11mbit = false;
2031 2032 2033 2034

	/* AssocResp and ReassocResp have identical structure, so process both
	 * of them in this function. */

2035
	if (ifsta->state != IEEE80211_STA_MLME_ASSOCIATE)
2036 2037
		return;

2038
	if (len < 24 + 6)
2039 2040
		return;

2041
	if (memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0)
2042 2043 2044 2045 2046 2047
		return;

	capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
	status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
	aid = le16_to_cpu(mgmt->u.assoc_resp.aid);

2048
	printk(KERN_DEBUG "%s: RX %sssocResp from %s (capab=0x%x "
2049
	       "status=%d aid=%d)\n",
2050
	       sdata->dev->name, reassoc ? "Rea" : "A", print_mac(mac, mgmt->sa),
2051
	       capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14))));
2052 2053 2054

	if (status_code != WLAN_STATUS_SUCCESS) {
		printk(KERN_DEBUG "%s: AP denied association (code=%d)\n",
2055
		       sdata->dev->name, status_code);
2056 2057 2058
		/* if this was a reassociation, ensure we try a "full"
		 * association next time. This works around some broken APs
		 * which do not correctly reject reassociation requests. */
2059
		ifsta->flags &= ~IEEE80211_STA_PREV_BSSID_SET;
2060 2061 2062
		return;
	}

2063 2064
	if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14)))
		printk(KERN_DEBUG "%s: invalid aid value %d; bits 15:14 not "
2065
		       "set\n", sdata->dev->name, aid);
2066 2067
	aid &= ~(BIT(15) | BIT(14));

2068
	pos = mgmt->u.assoc_resp.variable;
2069
	ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
2070 2071 2072

	if (!elems.supp_rates) {
		printk(KERN_DEBUG "%s: no SuppRates element in AssocResp\n",
2073
		       sdata->dev->name);
2074 2075 2076
		return;
	}

2077
	printk(KERN_DEBUG "%s: associated\n", sdata->dev->name);
2078 2079 2080 2081 2082
	ifsta->aid = aid;
	ifsta->ap_capab = capab_info;

	kfree(ifsta->assocresp_ies);
	ifsta->assocresp_ies_len = len - (pos - (u8 *) mgmt);
2083
	ifsta->assocresp_ies = kmalloc(ifsta->assocresp_ies_len, GFP_KERNEL);
2084 2085 2086
	if (ifsta->assocresp_ies)
		memcpy(ifsta->assocresp_ies, pos, ifsta->assocresp_ies_len);

2087 2088
	rcu_read_lock();

2089 2090 2091 2092
	/* Add STA entry for the AP */
	sta = sta_info_get(local, ifsta->bssid);
	if (!sta) {
		struct ieee80211_sta_bss *bss;
J
Johannes Berg 已提交
2093
		int err;
2094

J
Johannes Berg 已提交
2095 2096 2097
		sta = sta_info_alloc(sdata, ifsta->bssid, GFP_ATOMIC);
		if (!sta) {
			printk(KERN_DEBUG "%s: failed to alloc STA entry for"
2098
			       " the AP\n", sdata->dev->name);
2099
			rcu_read_unlock();
2100 2101
			return;
		}
2102
		bss = ieee80211_rx_bss_get(local, ifsta->bssid,
2103
					   local->hw.conf.channel->center_freq,
2104
					   ifsta->ssid, ifsta->ssid_len);
2105 2106
		if (bss) {
			sta->last_signal = bss->signal;
2107
			sta->last_qual = bss->qual;
2108
			sta->last_noise = bss->noise;
2109
			ieee80211_rx_bss_put(local, bss);
2110
		}
J
Johannes Berg 已提交
2111 2112 2113 2114

		err = sta_info_insert(sta);
		if (err) {
			printk(KERN_DEBUG "%s: failed to insert STA entry for"
2115
			       " the AP (error %d)\n", sdata->dev->name, err);
J
Johannes Berg 已提交
2116 2117 2118
			rcu_read_unlock();
			return;
		}
2119 2120
		/* update new sta with its last rx activity */
		sta->last_rx = jiffies;
2121 2122
	}

J
Johannes Berg 已提交
2123 2124 2125 2126 2127 2128 2129 2130 2131 2132
	/*
	 * FIXME: Do we really need to update the sta_info's information here?
	 *	  We already know about the AP (we found it in our list) so it
	 *	  should already be filled with the right info, no?
	 *	  As is stands, all this is racy because typically we assume
	 *	  the information that is filled in here (except flags) doesn't
	 *	  change while a STA structure is alive. As such, it should move
	 *	  to between the sta_info_alloc() and sta_info_insert() above.
	 */

2133 2134
	set_sta_flags(sta, WLAN_STA_AUTH | WLAN_STA_ASSOC | WLAN_STA_ASSOC_AP |
			   WLAN_STA_AUTHORIZED);
2135 2136

	rates = 0;
2137 2138 2139
	basic_rates = 0;
	sband = local->hw.wiphy->bands[local->hw.conf.channel->band];

2140 2141
	for (i = 0; i < elems.supp_rates_len; i++) {
		int rate = (elems.supp_rates[i] & 0x7f) * 5;
2142 2143 2144 2145 2146 2147

		if (rate > 110)
			have_higher_than_11mbit = true;

		for (j = 0; j < sband->n_bitrates; j++) {
			if (sband->bitrates[j].bitrate == rate)
2148
				rates |= BIT(j);
2149 2150 2151
			if (elems.supp_rates[i] & 0x80)
				basic_rates |= BIT(j);
		}
2152
	}
2153

2154 2155
	for (i = 0; i < elems.ext_supp_rates_len; i++) {
		int rate = (elems.ext_supp_rates[i] & 0x7f) * 5;
2156 2157 2158 2159 2160 2161

		if (rate > 110)
			have_higher_than_11mbit = true;

		for (j = 0; j < sband->n_bitrates; j++) {
			if (sband->bitrates[j].bitrate == rate)
2162
				rates |= BIT(j);
2163 2164 2165
			if (elems.ext_supp_rates[i] & 0x80)
				basic_rates |= BIT(j);
		}
2166
	}
2167 2168 2169 2170 2171 2172 2173 2174 2175 2176

	sta->supp_rates[local->hw.conf.channel->band] = rates;
	sdata->basic_rates = basic_rates;

	/* cf. IEEE 802.11 9.2.12 */
	if (local->hw.conf.channel->band == IEEE80211_BAND_2GHZ &&
	    have_higher_than_11mbit)
		sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE;
	else
		sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE;
2177

2178 2179
	if (elems.ht_cap_elem && elems.ht_info_elem && elems.wmm_param &&
	    (ifsta->flags & IEEE80211_STA_WMM_ENABLED)) {
2180 2181 2182 2183 2184 2185 2186
		struct ieee80211_ht_bss_info bss_info;
		ieee80211_ht_cap_ie_to_ht_info(
				(struct ieee80211_ht_cap *)
				elems.ht_cap_elem, &sta->ht_info);
		ieee80211_ht_addt_info_ie_to_ht_bss_info(
				(struct ieee80211_ht_addt_info *)
				elems.ht_info_elem, &bss_info);
T
Tomas Winkler 已提交
2187
		ieee80211_handle_ht(local, 1, &sta->ht_info, &bss_info);
2188 2189
	}

2190 2191
	rate_control_rate_init(sta, local);

2192
	if (elems.wmm_param) {
2193
		set_sta_flags(sta, WLAN_STA_WME);
2194
		rcu_read_unlock();
2195
		ieee80211_sta_wmm_params(local, ifsta, elems.wmm_param,
2196
					 elems.wmm_param_len);
2197 2198
	} else
		rcu_read_unlock();
2199

2200 2201
	/* set AID and assoc capability,
	 * ieee80211_set_associated() will tell the driver */
2202
	bss_conf->aid = aid;
2203
	bss_conf->assoc_capability = capab_info;
2204
	ieee80211_set_associated(sdata, ifsta, 1);
2205

2206
	ieee80211_associated(sdata, ifsta);
2207 2208 2209 2210
}


/* Caller must hold local->sta_bss_lock */
2211
static void __ieee80211_rx_bss_hash_add(struct ieee80211_local *local,
2212 2213
					struct ieee80211_sta_bss *bss)
{
2214
	u8 hash_idx;
J
Johannes Berg 已提交
2215 2216 2217 2218

	if (bss_mesh_cfg(bss))
		hash_idx = mesh_id_hash(bss_mesh_id(bss),
					bss_mesh_id_len(bss));
2219 2220
	else
		hash_idx = STA_HASH(bss->bssid);
J
Johannes Berg 已提交
2221

2222 2223
	bss->hnext = local->sta_bss_hash[hash_idx];
	local->sta_bss_hash[hash_idx] = bss;
2224 2225 2226 2227
}


/* Caller must hold local->sta_bss_lock */
2228
static void __ieee80211_rx_bss_hash_del(struct ieee80211_local *local,
2229 2230 2231 2232 2233 2234 2235 2236 2237 2238 2239 2240 2241 2242 2243 2244 2245 2246 2247 2248
					struct ieee80211_sta_bss *bss)
{
	struct ieee80211_sta_bss *b, *prev = NULL;
	b = local->sta_bss_hash[STA_HASH(bss->bssid)];
	while (b) {
		if (b == bss) {
			if (!prev)
				local->sta_bss_hash[STA_HASH(bss->bssid)] =
					bss->hnext;
			else
				prev->hnext = bss->hnext;
			break;
		}
		prev = b;
		b = b->hnext;
	}
}


static struct ieee80211_sta_bss *
2249
ieee80211_rx_bss_add(struct ieee80211_sub_if_data *sdata, u8 *bssid, int freq,
2250
		     u8 *ssid, u8 ssid_len)
2251
{
2252
	struct ieee80211_local *local = sdata->local;
2253 2254
	struct ieee80211_sta_bss *bss;

2255
	bss = kzalloc(sizeof(*bss), GFP_ATOMIC);
2256 2257 2258 2259 2260
	if (!bss)
		return NULL;
	atomic_inc(&bss->users);
	atomic_inc(&bss->users);
	memcpy(bss->bssid, bssid, ETH_ALEN);
2261
	bss->freq = freq;
2262 2263 2264 2265
	if (ssid && ssid_len <= IEEE80211_MAX_SSID_LEN) {
		memcpy(bss->ssid, ssid, ssid_len);
		bss->ssid_len = ssid_len;
	}
2266 2267 2268 2269

	spin_lock_bh(&local->sta_bss_lock);
	/* TODO: order by RSSI? */
	list_add_tail(&bss->list, &local->sta_bss_list);
2270
	__ieee80211_rx_bss_hash_add(local, bss);
2271 2272 2273 2274 2275
	spin_unlock_bh(&local->sta_bss_lock);
	return bss;
}

static struct ieee80211_sta_bss *
2276
ieee80211_rx_bss_get(struct ieee80211_local *local, u8 *bssid, int freq,
2277
		     u8 *ssid, u8 ssid_len)
2278 2279 2280 2281 2282 2283
{
	struct ieee80211_sta_bss *bss;

	spin_lock_bh(&local->sta_bss_lock);
	bss = local->sta_bss_hash[STA_HASH(bssid)];
	while (bss) {
J
Johannes Berg 已提交
2284 2285
		if (!bss_mesh_cfg(bss) &&
		    !memcmp(bss->bssid, bssid, ETH_ALEN) &&
2286
		    bss->freq == freq &&
2287 2288
		    bss->ssid_len == ssid_len &&
		    (ssid_len == 0 || !memcmp(bss->ssid, ssid, ssid_len))) {
2289 2290 2291 2292 2293 2294 2295 2296 2297
			atomic_inc(&bss->users);
			break;
		}
		bss = bss->hnext;
	}
	spin_unlock_bh(&local->sta_bss_lock);
	return bss;
}

2298 2299
#ifdef CONFIG_MAC80211_MESH
static struct ieee80211_sta_bss *
2300
ieee80211_rx_mesh_bss_get(struct ieee80211_local *local, u8 *mesh_id, int mesh_id_len,
2301 2302 2303 2304 2305 2306 2307
			  u8 *mesh_cfg, int freq)
{
	struct ieee80211_sta_bss *bss;

	spin_lock_bh(&local->sta_bss_lock);
	bss = local->sta_bss_hash[mesh_id_hash(mesh_id, mesh_id_len)];
	while (bss) {
J
Johannes Berg 已提交
2308 2309
		if (bss_mesh_cfg(bss) &&
		    !memcmp(bss_mesh_cfg(bss), mesh_cfg, MESH_CFG_CMP_LEN) &&
2310 2311 2312 2313 2314 2315 2316 2317 2318 2319 2320 2321 2322 2323
		    bss->freq == freq &&
		    mesh_id_len == bss->mesh_id_len &&
		    (mesh_id_len == 0 || !memcmp(bss->mesh_id, mesh_id,
						 mesh_id_len))) {
			atomic_inc(&bss->users);
			break;
		}
		bss = bss->hnext;
	}
	spin_unlock_bh(&local->sta_bss_lock);
	return bss;
}

static struct ieee80211_sta_bss *
2324
ieee80211_rx_mesh_bss_add(struct ieee80211_local *local, u8 *mesh_id, int mesh_id_len,
2325
			  u8 *mesh_cfg, int mesh_config_len, int freq)
2326 2327 2328
{
	struct ieee80211_sta_bss *bss;

2329 2330 2331
	if (mesh_config_len != MESH_CFG_LEN)
		return NULL;

2332 2333 2334 2335
	bss = kzalloc(sizeof(*bss), GFP_ATOMIC);
	if (!bss)
		return NULL;

2336
	bss->mesh_cfg = kmalloc(MESH_CFG_CMP_LEN, GFP_ATOMIC);
2337 2338 2339 2340 2341 2342 2343 2344 2345 2346 2347 2348 2349 2350 2351 2352 2353
	if (!bss->mesh_cfg) {
		kfree(bss);
		return NULL;
	}

	if (mesh_id_len && mesh_id_len <= IEEE80211_MAX_MESH_ID_LEN) {
		bss->mesh_id = kmalloc(mesh_id_len, GFP_ATOMIC);
		if (!bss->mesh_id) {
			kfree(bss->mesh_cfg);
			kfree(bss);
			return NULL;
		}
		memcpy(bss->mesh_id, mesh_id, mesh_id_len);
	}

	atomic_inc(&bss->users);
	atomic_inc(&bss->users);
2354
	memcpy(bss->mesh_cfg, mesh_cfg, MESH_CFG_CMP_LEN);
2355 2356 2357 2358 2359
	bss->mesh_id_len = mesh_id_len;
	bss->freq = freq;
	spin_lock_bh(&local->sta_bss_lock);
	/* TODO: order by RSSI? */
	list_add_tail(&bss->list, &local->sta_bss_list);
2360
	__ieee80211_rx_bss_hash_add(local, bss);
2361 2362 2363 2364
	spin_unlock_bh(&local->sta_bss_lock);
	return bss;
}
#endif
2365 2366 2367

static void ieee80211_rx_bss_free(struct ieee80211_sta_bss *bss)
{
2368
	kfree(bss->ies);
J
Johannes Berg 已提交
2369 2370
	kfree(bss_mesh_id(bss));
	kfree(bss_mesh_cfg(bss));
2371 2372 2373 2374
	kfree(bss);
}


2375
static void ieee80211_rx_bss_put(struct ieee80211_local *local,
2376 2377
				 struct ieee80211_sta_bss *bss)
{
2378 2379 2380
	local_bh_disable();
	if (!atomic_dec_and_lock(&bss->users, &local->sta_bss_lock)) {
		local_bh_enable();
2381
		return;
2382
	}
2383

2384
	__ieee80211_rx_bss_hash_del(local, bss);
2385 2386 2387 2388 2389 2390
	list_del(&bss->list);
	spin_unlock_bh(&local->sta_bss_lock);
	ieee80211_rx_bss_free(bss);
}


2391
void ieee80211_rx_bss_list_init(struct ieee80211_local *local)
2392 2393 2394 2395 2396 2397
{
	spin_lock_init(&local->sta_bss_lock);
	INIT_LIST_HEAD(&local->sta_bss_list);
}


2398
void ieee80211_rx_bss_list_deinit(struct ieee80211_local *local)
2399 2400 2401 2402
{
	struct ieee80211_sta_bss *bss, *tmp;

	list_for_each_entry_safe(bss, tmp, &local->sta_bss_list, list)
2403
		ieee80211_rx_bss_put(local, bss);
2404 2405 2406
}


2407
static int ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
2408 2409 2410
				   struct ieee80211_if_sta *ifsta,
				   struct ieee80211_sta_bss *bss)
{
2411
	struct ieee80211_local *local = sdata->local;
2412 2413 2414 2415 2416
	int res, rates, i, j;
	struct sk_buff *skb;
	struct ieee80211_mgmt *mgmt;
	u8 *pos;
	struct ieee80211_supported_band *sband;
2417
	union iwreq_data wrqu;
2418 2419 2420 2421

	sband = local->hw.wiphy->bands[local->hw.conf.channel->band];

	/* Remove possible STA entries from other IBSS networks. */
J
Johannes Berg 已提交
2422
	sta_info_flush_delayed(sdata);
2423 2424 2425 2426 2427 2428

	if (local->ops->reset_tsf) {
		/* Reset own TSF to allow time synchronization work. */
		local->ops->reset_tsf(local_to_hw(local));
	}
	memcpy(ifsta->bssid, bss->bssid, ETH_ALEN);
2429
	res = ieee80211_if_config(sdata, IEEE80211_IFCC_BSSID);
2430 2431 2432 2433 2434 2435 2436 2437
	if (res)
		return res;

	local->hw.conf.beacon_int = bss->beacon_int >= 10 ? bss->beacon_int : 10;

	sdata->drop_unencrypted = bss->capability &
		WLAN_CAPABILITY_PRIVACY ? 1 : 0;

2438
	res = ieee80211_set_freq(sdata, bss->freq);
2439

2440 2441
	if (res)
		return res;
2442

2443
	/* Build IBSS probe response */
2444
	skb = dev_alloc_skb(local->hw.extra_tx_headroom + 400);
2445
	if (skb) {
2446 2447 2448 2449 2450
		skb_reserve(skb, local->hw.extra_tx_headroom);

		mgmt = (struct ieee80211_mgmt *)
			skb_put(skb, 24 + sizeof(mgmt->u.beacon));
		memset(mgmt, 0, 24 + sizeof(mgmt->u.beacon));
2451 2452
		mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
						  IEEE80211_STYPE_PROBE_RESP);
2453
		memset(mgmt->da, 0xff, ETH_ALEN);
2454
		memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
2455 2456 2457
		memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
		mgmt->u.beacon.beacon_int =
			cpu_to_le16(local->hw.conf.beacon_int);
2458
		mgmt->u.beacon.timestamp = cpu_to_le64(bss->timestamp);
2459 2460 2461 2462 2463 2464 2465 2466 2467 2468 2469 2470 2471 2472 2473 2474 2475 2476 2477 2478 2479 2480 2481 2482 2483 2484 2485 2486 2487 2488 2489 2490 2491 2492 2493 2494 2495
		mgmt->u.beacon.capab_info = cpu_to_le16(bss->capability);

		pos = skb_put(skb, 2 + ifsta->ssid_len);
		*pos++ = WLAN_EID_SSID;
		*pos++ = ifsta->ssid_len;
		memcpy(pos, ifsta->ssid, ifsta->ssid_len);

		rates = bss->supp_rates_len;
		if (rates > 8)
			rates = 8;
		pos = skb_put(skb, 2 + rates);
		*pos++ = WLAN_EID_SUPP_RATES;
		*pos++ = rates;
		memcpy(pos, bss->supp_rates, rates);

		if (bss->band == IEEE80211_BAND_2GHZ) {
			pos = skb_put(skb, 2 + 1);
			*pos++ = WLAN_EID_DS_PARAMS;
			*pos++ = 1;
			*pos++ = ieee80211_frequency_to_channel(bss->freq);
		}

		pos = skb_put(skb, 2 + 2);
		*pos++ = WLAN_EID_IBSS_PARAMS;
		*pos++ = 2;
		/* FIX: set ATIM window based on scan results */
		*pos++ = 0;
		*pos++ = 0;

		if (bss->supp_rates_len > 8) {
			rates = bss->supp_rates_len - 8;
			pos = skb_put(skb, 2 + rates);
			*pos++ = WLAN_EID_EXT_SUPP_RATES;
			*pos++ = rates;
			memcpy(pos, &bss->supp_rates[8], rates);
		}

2496
		ifsta->probe_resp = skb;
2497

2498 2499
		ieee80211_if_config(sdata, IEEE80211_IFCC_BEACON);
	}
2500

2501 2502 2503 2504 2505 2506 2507
	rates = 0;
	sband = local->hw.wiphy->bands[local->hw.conf.channel->band];
	for (i = 0; i < bss->supp_rates_len; i++) {
		int bitrate = (bss->supp_rates[i] & 0x7f) * 5;
		for (j = 0; j < sband->n_bitrates; j++)
			if (sband->bitrates[j].bitrate == bitrate)
				rates |= BIT(j);
2508
	}
2509 2510
	ifsta->supp_rates_bits[local->hw.conf.channel->band] = rates;

2511
	ieee80211_sta_def_wmm_params(sdata, bss, 1);
2512

2513
	ifsta->state = IEEE80211_STA_MLME_IBSS_JOINED;
2514 2515
	mod_timer(&ifsta->timer, jiffies + IEEE80211_IBSS_MERGE_INTERVAL);

2516 2517
	memset(&wrqu, 0, sizeof(wrqu));
	memcpy(wrqu.ap_addr.sa_data, bss->bssid, ETH_ALEN);
2518
	wireless_send_event(sdata->dev, SIOCGIWAP, &wrqu, NULL);
2519 2520 2521 2522

	return res;
}

2523 2524 2525 2526 2527 2528 2529 2530 2531 2532 2533 2534 2535 2536 2537 2538 2539 2540 2541 2542 2543 2544 2545 2546 2547 2548 2549 2550 2551 2552 2553 2554 2555 2556 2557 2558
u64 ieee80211_sta_get_rates(struct ieee80211_local *local,
			    struct ieee802_11_elems *elems,
			    enum ieee80211_band band)
{
	struct ieee80211_supported_band *sband;
	struct ieee80211_rate *bitrates;
	size_t num_rates;
	u64 supp_rates;
	int i, j;
	sband = local->hw.wiphy->bands[band];

	if (!sband) {
		WARN_ON(1);
		sband = local->hw.wiphy->bands[local->hw.conf.channel->band];
	}

	bitrates = sband->bitrates;
	num_rates = sband->n_bitrates;
	supp_rates = 0;
	for (i = 0; i < elems->supp_rates_len +
		     elems->ext_supp_rates_len; i++) {
		u8 rate = 0;
		int own_rate;
		if (i < elems->supp_rates_len)
			rate = elems->supp_rates[i];
		else if (elems->ext_supp_rates)
			rate = elems->ext_supp_rates
				[i - elems->supp_rates_len];
		own_rate = 5 * (rate & 0x7f);
		for (j = 0; j < num_rates; j++)
			if (bitrates[j].bitrate == own_rate)
				supp_rates |= BIT(j);
	}
	return supp_rates;
}

2559 2560 2561 2562 2563 2564 2565 2566 2567 2568 2569 2570 2571 2572 2573 2574 2575 2576 2577 2578 2579 2580 2581 2582 2583 2584 2585
static u64 ieee80211_sta_get_mandatory_rates(struct ieee80211_local *local,
					enum ieee80211_band band)
{
	struct ieee80211_supported_band *sband;
	struct ieee80211_rate *bitrates;
	u64 mandatory_rates;
	enum ieee80211_rate_flags mandatory_flag;
	int i;

	sband = local->hw.wiphy->bands[band];
	if (!sband) {
		WARN_ON(1);
		sband = local->hw.wiphy->bands[local->hw.conf.channel->band];
	}

	if (band == IEEE80211_BAND_2GHZ)
		mandatory_flag = IEEE80211_RATE_MANDATORY_B;
	else
		mandatory_flag = IEEE80211_RATE_MANDATORY_A;

	bitrates = sband->bitrates;
	mandatory_rates = 0;
	for (i = 0; i < sband->n_bitrates; i++)
		if (bitrates[i].flags & mandatory_flag)
			mandatory_rates |= BIT(i);
	return mandatory_rates;
}
2586

2587
static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
2588 2589 2590
				  struct ieee80211_mgmt *mgmt,
				  size_t len,
				  struct ieee80211_rx_status *rx_status,
2591
				  struct ieee802_11_elems *elems)
2592
{
2593
	struct ieee80211_local *local = sdata->local;
2594
	int freq, clen;
2595 2596
	struct ieee80211_sta_bss *bss;
	struct sta_info *sta;
2597
	struct ieee80211_channel *channel;
2598 2599
	u64 beacon_timestamp, rx_timestamp;
	u64 supp_rates = 0;
2600
	bool beacon = ieee80211_is_beacon(mgmt->frame_control);
2601
	enum ieee80211_band band = rx_status->band;
2602 2603
	DECLARE_MAC_BUF(mac);
	DECLARE_MAC_BUF(mac2);
2604

2605 2606 2607 2608 2609 2610 2611 2612 2613
	if (elems->ds_params && elems->ds_params_len == 1)
		freq = ieee80211_channel_to_frequency(elems->ds_params[0]);
	else
		freq = rx_status->freq;

	channel = ieee80211_get_channel(local->hw.wiphy, freq);

	if (!channel || channel->flags & IEEE80211_CHAN_DISABLED)
		return;
2614

2615
	if (ieee80211_vif_is_mesh(&sdata->vif) && elems->mesh_id &&
2616
	    elems->mesh_config && mesh_matches_local(elems, sdata)) {
2617
		supp_rates = ieee80211_sta_get_rates(local, elems, band);
J
Johannes Berg 已提交
2618

2619
		mesh_neighbour_update(mgmt->sa, supp_rates, sdata,
2620
				      mesh_peer_accepts_plinks(elems));
J
Johannes Berg 已提交
2621
	}
2622

2623
	if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS && elems->supp_rates &&
2624 2625 2626
	    memcmp(mgmt->bssid, sdata->u.sta.bssid, ETH_ALEN) == 0) {
		supp_rates = ieee80211_sta_get_rates(local, elems, band);

2627 2628
		rcu_read_lock();

2629 2630 2631 2632 2633 2634 2635 2636 2637 2638 2639 2640 2641 2642 2643 2644 2645 2646 2647 2648 2649 2650
		sta = sta_info_get(local, mgmt->sa);
		if (sta) {
			u64 prev_rates;

			prev_rates = sta->supp_rates[band];
			/* make sure mandatory rates are always added */
			sta->supp_rates[band] = supp_rates |
				ieee80211_sta_get_mandatory_rates(local, band);

#ifdef CONFIG_MAC80211_IBSS_DEBUG
			if (sta->supp_rates[band] != prev_rates)
				printk(KERN_DEBUG "%s: updated supp_rates set "
				    "for %s based on beacon info (0x%llx | "
				    "0x%llx -> 0x%llx)\n",
				    sdata->dev->name, print_mac(mac, sta->addr),
				    (unsigned long long) prev_rates,
				    (unsigned long long) supp_rates,
				    (unsigned long long) sta->supp_rates[band]);
#endif
		} else {
			ieee80211_ibss_add_sta(sdata, NULL, mgmt->bssid,
					       mgmt->sa, supp_rates);
2651 2652
		}

2653 2654
		rcu_read_unlock();
	}
2655

2656
#ifdef CONFIG_MAC80211_MESH
2657
	if (elems->mesh_config)
2658
		bss = ieee80211_rx_mesh_bss_get(local, elems->mesh_id,
2659
				elems->mesh_id_len, elems->mesh_config, freq);
2660 2661
	else
#endif
2662
		bss = ieee80211_rx_bss_get(local, mgmt->bssid, freq,
2663
					   elems->ssid, elems->ssid_len);
2664 2665
	if (!bss) {
#ifdef CONFIG_MAC80211_MESH
2666
		if (elems->mesh_config)
2667
			bss = ieee80211_rx_mesh_bss_add(local, elems->mesh_id,
2668 2669
				elems->mesh_id_len, elems->mesh_config,
				elems->mesh_config_len, freq);
2670 2671
		else
#endif
2672
			bss = ieee80211_rx_bss_add(sdata, mgmt->bssid, freq,
2673
						  elems->ssid, elems->ssid_len);
2674 2675 2676 2677 2678 2679 2680 2681 2682 2683 2684
		if (!bss)
			return;
	} else {
#if 0
		/* TODO: order by RSSI? */
		spin_lock_bh(&local->sta_bss_lock);
		list_move_tail(&bss->list, &local->sta_bss_list);
		spin_unlock_bh(&local->sta_bss_lock);
#endif
	}

2685
	/* save the ERP value so that it is available at association time */
2686 2687
	if (elems->erp_info && elems->erp_info_len >= 1) {
		bss->erp_value = elems->erp_info[0];
2688 2689 2690
		bss->has_erp_value = 1;
	}

2691 2692 2693
	bss->beacon_int = le16_to_cpu(mgmt->u.beacon.beacon_int);
	bss->capability = le16_to_cpu(mgmt->u.beacon.capab_info);

2694 2695 2696 2697 2698 2699 2700 2701 2702 2703
	if (elems->tim) {
		struct ieee80211_tim_ie *tim_ie =
			(struct ieee80211_tim_ie *)elems->tim;
		bss->dtim_period = tim_ie->dtim_period;
	}

	/* set default value for buggy APs */
	if (!elems->tim || bss->dtim_period == 0)
		bss->dtim_period = 1;

2704
	bss->supp_rates_len = 0;
2705
	if (elems->supp_rates) {
2706
		clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len;
2707 2708 2709
		if (clen > elems->supp_rates_len)
			clen = elems->supp_rates_len;
		memcpy(&bss->supp_rates[bss->supp_rates_len], elems->supp_rates,
2710 2711 2712
		       clen);
		bss->supp_rates_len += clen;
	}
2713
	if (elems->ext_supp_rates) {
2714
		clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len;
2715 2716
		if (clen > elems->ext_supp_rates_len)
			clen = elems->ext_supp_rates_len;
2717
		memcpy(&bss->supp_rates[bss->supp_rates_len],
2718
		       elems->ext_supp_rates, clen);
2719 2720 2721
		bss->supp_rates_len += clen;
	}

2722
	bss->band = band;
2723

2724 2725
	beacon_timestamp = le64_to_cpu(mgmt->u.beacon.timestamp);

2726 2727 2728 2729
	bss->timestamp = beacon_timestamp;
	bss->last_update = jiffies;
	bss->signal = rx_status->signal;
	bss->noise = rx_status->noise;
2730
	bss->qual = rx_status->qual;
2731 2732
	if (!beacon)
		bss->last_probe_resp = jiffies;
2733 2734 2735 2736 2737
	/*
	 * In STA mode, the remaining parameters should not be overridden
	 * by beacons because they're not necessarily accurate there.
	 */
	if (sdata->vif.type != IEEE80211_IF_TYPE_IBSS &&
2738
	    bss->last_probe_resp && beacon) {
2739
		ieee80211_rx_bss_put(local, bss);
2740 2741 2742
		return;
	}

2743 2744 2745
	if (bss->ies == NULL || bss->ies_len < elems->total_len) {
		kfree(bss->ies);
		bss->ies = kmalloc(elems->total_len, GFP_ATOMIC);
2746
	}
2747 2748 2749 2750 2751
	if (bss->ies) {
		memcpy(bss->ies, elems->ie_start, elems->total_len);
		bss->ies_len = elems->total_len;
	} else
		bss->ies_len = 0;
2752

2753
	bss->wmm_used = elems->wmm_param || elems->wmm_info;
B
Bruno Randolf 已提交
2754 2755 2756 2757

	/* check if we need to merge IBSS */
	if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS && beacon &&
	    !local->sta_sw_scanning && !local->sta_hw_scanning &&
J
Johannes Berg 已提交
2758
	    bss->capability & WLAN_CAPABILITY_IBSS &&
B
Bruno Randolf 已提交
2759
	    bss->freq == local->oper_channel->center_freq &&
2760 2761 2762
	    elems->ssid_len == sdata->u.sta.ssid_len &&
	    memcmp(elems->ssid, sdata->u.sta.ssid,
				sdata->u.sta.ssid_len) == 0) {
B
Bruno Randolf 已提交
2763 2764 2765 2766 2767 2768 2769 2770 2771 2772 2773 2774 2775 2776 2777 2778
		if (rx_status->flag & RX_FLAG_TSFT) {
			/* in order for correct IBSS merging we need mactime
			 *
			 * since mactime is defined as the time the first data
			 * symbol of the frame hits the PHY, and the timestamp
			 * of the beacon is defined as "the time that the data
			 * symbol containing the first bit of the timestamp is
			 * transmitted to the PHY plus the transmitting STA’s
			 * delays through its local PHY from the MAC-PHY
			 * interface to its interface with the WM"
			 * (802.11 11.1.2) - equals the time this bit arrives at
			 * the receiver - we have to take into account the
			 * offset between the two.
			 * e.g: at 1 MBit that means mactime is 192 usec earlier
			 * (=24 bytes * 8 usecs/byte) than the beacon timestamp.
			 */
2779
			int rate = local->hw.wiphy->bands[band]->
B
Bruno Randolf 已提交
2780 2781 2782 2783 2784 2785 2786 2787 2788 2789 2790 2791 2792 2793 2794 2795 2796 2797 2798
					bitrates[rx_status->rate_idx].bitrate;
			rx_timestamp = rx_status->mactime + (24 * 8 * 10 / rate);
		} else if (local && local->ops && local->ops->get_tsf)
			/* second best option: get current TSF */
			rx_timestamp = local->ops->get_tsf(local_to_hw(local));
		else
			/* can't merge without knowing the TSF */
			rx_timestamp = -1LLU;
#ifdef CONFIG_MAC80211_IBSS_DEBUG
		printk(KERN_DEBUG "RX beacon SA=%s BSSID="
		       "%s TSF=0x%llx BCN=0x%llx diff=%lld @%lu\n",
		       print_mac(mac, mgmt->sa),
		       print_mac(mac2, mgmt->bssid),
		       (unsigned long long)rx_timestamp,
		       (unsigned long long)beacon_timestamp,
		       (unsigned long long)(rx_timestamp - beacon_timestamp),
		       jiffies);
#endif /* CONFIG_MAC80211_IBSS_DEBUG */
		if (beacon_timestamp > rx_timestamp) {
2799
#ifdef CONFIG_MAC80211_IBSS_DEBUG
2800 2801
			printk(KERN_DEBUG "%s: beacon TSF higher than "
			       "local TSF - IBSS merge with BSSID %s\n",
2802
			       sdata->dev->name, print_mac(mac, mgmt->bssid));
J
Johannes Berg 已提交
2803
#endif
2804 2805
			ieee80211_sta_join_ibss(sdata, &sdata->u.sta, bss);
			ieee80211_ibss_add_sta(sdata, NULL,
2806
					       mgmt->bssid, mgmt->sa,
2807
					       supp_rates);
B
Bruno Randolf 已提交
2808 2809 2810
		}
	}

2811
	ieee80211_rx_bss_put(local, bss);
2812 2813 2814
}


2815
static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata,
2816 2817 2818 2819
					 struct ieee80211_mgmt *mgmt,
					 size_t len,
					 struct ieee80211_rx_status *rx_status)
{
2820 2821
	size_t baselen;
	struct ieee802_11_elems elems;
2822
	struct ieee80211_if_sta *ifsta = &sdata->u.sta;
2823

2824 2825 2826
	if (memcmp(mgmt->da, sdata->dev->dev_addr, ETH_ALEN))
		return; /* ignore ProbeResp to foreign address */

2827 2828 2829 2830 2831 2832 2833
	baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt;
	if (baselen > len)
		return;

	ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen,
				&elems);

2834 2835 2836 2837 2838 2839 2840 2841 2842
	ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems);

	/* direct probe may be part of the association flow */
	if (test_and_clear_bit(IEEE80211_STA_REQ_DIRECT_PROBE,
							&ifsta->request)) {
		printk(KERN_DEBUG "%s direct probe responded\n",
		       sdata->dev->name);
		ieee80211_authenticate(sdata, ifsta);
	}
2843 2844 2845
}


2846
static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
2847 2848 2849 2850 2851 2852 2853
				     struct ieee80211_mgmt *mgmt,
				     size_t len,
				     struct ieee80211_rx_status *rx_status)
{
	struct ieee80211_if_sta *ifsta;
	size_t baselen;
	struct ieee802_11_elems elems;
2854
	struct ieee80211_local *local = sdata->local;
2855
	struct ieee80211_conf *conf = &local->hw.conf;
2856
	u32 changed = 0;
2857

2858 2859 2860 2861 2862 2863 2864
	/* Process beacon from the current BSS */
	baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
	if (baselen > len)
		return;

	ieee802_11_parse_elems(mgmt->u.beacon.variable, len - baselen, &elems);

2865
	ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems);
2866

2867
	if (sdata->vif.type != IEEE80211_IF_TYPE_STA)
2868 2869 2870
		return;
	ifsta = &sdata->u.sta;

2871
	if (!(ifsta->flags & IEEE80211_STA_ASSOCIATED) ||
2872 2873 2874
	    memcmp(ifsta->bssid, mgmt->bssid, ETH_ALEN) != 0)
		return;

2875
	/* Do not send changes to driver if we are scanning. This removes
2876 2877 2878 2879 2880
	 * requirement that a driver's bss_info_changed/conf_tx functions
	 * need to be atomic.
	 * This is really ugly code, we should rewrite scanning and make
	 * all this more understandable for humans.
	 */
2881 2882 2883
	if (local->sta_sw_scanning || local->sta_hw_scanning)
		return;

2884 2885 2886
	ieee80211_sta_wmm_params(local, ifsta, elems.wmm_param,
				 elems.wmm_param_len);

2887
	if (elems.erp_info && elems.erp_info_len >= 1)
2888
		changed |= ieee80211_handle_erp_ie(sdata, elems.erp_info[0]);
2889 2890 2891 2892 2893
	else {
		u16 capab = le16_to_cpu(mgmt->u.beacon.capab_info);
		changed |= ieee80211_handle_protect_preamb(sdata, false,
				(capab & WLAN_CAPABILITY_SHORT_PREAMBLE) != 0);
	}
2894

2895
	if (elems.ht_cap_elem && elems.ht_info_elem &&
T
Tomas Winkler 已提交
2896
	    elems.wmm_param && conf->flags & IEEE80211_CONF_SUPPORT_HT_MODE) {
2897 2898 2899 2900 2901
		struct ieee80211_ht_bss_info bss_info;

		ieee80211_ht_addt_info_ie_to_ht_bss_info(
				(struct ieee80211_ht_addt_info *)
				elems.ht_info_elem, &bss_info);
T
Tomas Winkler 已提交
2902 2903
		changed |= ieee80211_handle_ht(local, 1, &conf->ht_conf,
					       &bss_info);
2904 2905
	}

2906
	ieee80211_bss_info_change_notify(sdata, changed);
2907 2908 2909
}


2910
static void ieee80211_rx_mgmt_probe_req(struct ieee80211_sub_if_data *sdata,
2911 2912 2913 2914 2915
					struct ieee80211_if_sta *ifsta,
					struct ieee80211_mgmt *mgmt,
					size_t len,
					struct ieee80211_rx_status *rx_status)
{
2916
	struct ieee80211_local *local = sdata->local;
2917 2918 2919 2920
	int tx_last_beacon;
	struct sk_buff *skb;
	struct ieee80211_mgmt *resp;
	u8 *pos, *end;
2921 2922 2923 2924 2925
	DECLARE_MAC_BUF(mac);
#ifdef CONFIG_MAC80211_IBSS_DEBUG
	DECLARE_MAC_BUF(mac2);
	DECLARE_MAC_BUF(mac3);
#endif
2926

2927
	if (sdata->vif.type != IEEE80211_IF_TYPE_IBSS ||
2928
	    ifsta->state != IEEE80211_STA_MLME_IBSS_JOINED ||
2929 2930 2931 2932 2933 2934 2935 2936 2937
	    len < 24 + 2 || !ifsta->probe_resp)
		return;

	if (local->ops->tx_last_beacon)
		tx_last_beacon = local->ops->tx_last_beacon(local_to_hw(local));
	else
		tx_last_beacon = 1;

#ifdef CONFIG_MAC80211_IBSS_DEBUG
2938 2939
	printk(KERN_DEBUG "%s: RX ProbeReq SA=%s DA=%s BSSID="
	       "%s (tx_last_beacon=%d)\n",
2940
	       sdata->dev->name, print_mac(mac, mgmt->sa), print_mac(mac2, mgmt->da),
2941
	       print_mac(mac3, mgmt->bssid), tx_last_beacon);
2942 2943 2944 2945 2946 2947 2948 2949 2950 2951 2952 2953 2954
#endif /* CONFIG_MAC80211_IBSS_DEBUG */

	if (!tx_last_beacon)
		return;

	if (memcmp(mgmt->bssid, ifsta->bssid, ETH_ALEN) != 0 &&
	    memcmp(mgmt->bssid, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) != 0)
		return;

	end = ((u8 *) mgmt) + len;
	pos = mgmt->u.probe_req.variable;
	if (pos[0] != WLAN_EID_SSID ||
	    pos + 2 + pos[1] > end) {
2955 2956 2957
#ifdef CONFIG_MAC80211_IBSS_DEBUG
		printk(KERN_DEBUG "%s: Invalid SSID IE in ProbeReq "
		       "from %s\n",
2958
		       sdata->dev->name, print_mac(mac, mgmt->sa));
2959
#endif
2960 2961 2962 2963 2964 2965 2966 2967 2968 2969
		return;
	}
	if (pos[1] != 0 &&
	    (pos[1] != ifsta->ssid_len ||
	     memcmp(pos + 2, ifsta->ssid, ifsta->ssid_len) != 0)) {
		/* Ignore ProbeReq for foreign SSID */
		return;
	}

	/* Reply with ProbeResp */
2970
	skb = skb_copy(ifsta->probe_resp, GFP_KERNEL);
2971 2972 2973 2974 2975 2976
	if (!skb)
		return;

	resp = (struct ieee80211_mgmt *) skb->data;
	memcpy(resp->da, mgmt->sa, ETH_ALEN);
#ifdef CONFIG_MAC80211_IBSS_DEBUG
2977
	printk(KERN_DEBUG "%s: Sending ProbeResp to %s\n",
2978
	       sdata->dev->name, print_mac(mac, resp->da));
2979
#endif /* CONFIG_MAC80211_IBSS_DEBUG */
2980
	ieee80211_sta_tx(sdata, skb, 0);
2981 2982
}

2983
static void ieee80211_rx_mgmt_action(struct ieee80211_sub_if_data *sdata,
2984 2985
				     struct ieee80211_if_sta *ifsta,
				     struct ieee80211_mgmt *mgmt,
2986 2987
				     size_t len,
				     struct ieee80211_rx_status *rx_status)
2988
{
2989
	struct ieee80211_local *local = sdata->local;
2990

2991 2992
	/* all categories we currently handle have action_code */
	if (len < IEEE80211_MIN_ACTION_SIZE + 1)
2993 2994 2995
		return;

	switch (mgmt->u.action.category) {
2996 2997 2998
	case WLAN_CATEGORY_SPECTRUM_MGMT:
		if (local->hw.conf.channel->band != IEEE80211_BAND_5GHZ)
			break;
2999
		switch (mgmt->u.action.u.measurement.action_code) {
3000 3001 3002 3003
		case WLAN_ACTION_SPCT_MSR_REQ:
			if (len < (IEEE80211_MIN_ACTION_SIZE +
				   sizeof(mgmt->u.action.u.measurement)))
				break;
3004
			ieee80211_sta_process_measurement_req(sdata, mgmt, len);
3005 3006 3007
			break;
		}
		break;
3008 3009 3010 3011 3012 3013
	case WLAN_CATEGORY_BACK:
		switch (mgmt->u.action.u.addba_req.action_code) {
		case WLAN_ACTION_ADDBA_REQ:
			if (len < (IEEE80211_MIN_ACTION_SIZE +
				   sizeof(mgmt->u.action.u.addba_req)))
				break;
3014
			ieee80211_sta_process_addba_request(local, mgmt, len);
3015
			break;
3016 3017 3018 3019
		case WLAN_ACTION_ADDBA_RESP:
			if (len < (IEEE80211_MIN_ACTION_SIZE +
				   sizeof(mgmt->u.action.u.addba_resp)))
				break;
3020
			ieee80211_sta_process_addba_resp(local, mgmt, len);
3021
			break;
3022 3023 3024 3025
		case WLAN_ACTION_DELBA:
			if (len < (IEEE80211_MIN_ACTION_SIZE +
				   sizeof(mgmt->u.action.u.delba)))
				break;
3026
			ieee80211_sta_process_delba(sdata, mgmt, len);
3027
			break;
3028 3029
		}
		break;
3030
	case PLINK_CATEGORY:
J
Johannes Berg 已提交
3031
		if (ieee80211_vif_is_mesh(&sdata->vif))
3032
			mesh_rx_plink_frame(sdata, mgmt, len, rx_status);
3033 3034
		break;
	case MESH_PATH_SEL_CATEGORY:
J
Johannes Berg 已提交
3035
		if (ieee80211_vif_is_mesh(&sdata->vif))
3036
			mesh_rx_path_sel_frame(sdata, mgmt, len);
3037
		break;
3038 3039
	}
}
3040

3041
void ieee80211_sta_rx_mgmt(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb,
3042 3043
			   struct ieee80211_rx_status *rx_status)
{
3044
	struct ieee80211_local *local = sdata->local;
3045 3046 3047 3048 3049 3050 3051 3052 3053 3054 3055 3056 3057 3058 3059 3060
	struct ieee80211_if_sta *ifsta;
	struct ieee80211_mgmt *mgmt;
	u16 fc;

	if (skb->len < 24)
		goto fail;

	ifsta = &sdata->u.sta;

	mgmt = (struct ieee80211_mgmt *) skb->data;
	fc = le16_to_cpu(mgmt->frame_control);

	switch (fc & IEEE80211_FCTL_STYPE) {
	case IEEE80211_STYPE_PROBE_REQ:
	case IEEE80211_STYPE_PROBE_RESP:
	case IEEE80211_STYPE_BEACON:
3061
	case IEEE80211_STYPE_ACTION:
3062 3063 3064 3065 3066 3067 3068 3069 3070 3071 3072 3073 3074 3075 3076
		memcpy(skb->cb, rx_status, sizeof(*rx_status));
	case IEEE80211_STYPE_AUTH:
	case IEEE80211_STYPE_ASSOC_RESP:
	case IEEE80211_STYPE_REASSOC_RESP:
	case IEEE80211_STYPE_DEAUTH:
	case IEEE80211_STYPE_DISASSOC:
		skb_queue_tail(&ifsta->skb_queue, skb);
		queue_work(local->hw.workqueue, &ifsta->work);
		return;
	}

 fail:
	kfree_skb(skb);
}

3077
static void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
3078 3079 3080 3081 3082 3083 3084 3085 3086 3087 3088 3089 3090 3091 3092
					 struct sk_buff *skb)
{
	struct ieee80211_rx_status *rx_status;
	struct ieee80211_if_sta *ifsta;
	struct ieee80211_mgmt *mgmt;
	u16 fc;

	ifsta = &sdata->u.sta;

	rx_status = (struct ieee80211_rx_status *) skb->cb;
	mgmt = (struct ieee80211_mgmt *) skb->data;
	fc = le16_to_cpu(mgmt->frame_control);

	switch (fc & IEEE80211_FCTL_STYPE) {
	case IEEE80211_STYPE_PROBE_REQ:
3093
		ieee80211_rx_mgmt_probe_req(sdata, ifsta, mgmt, skb->len,
3094 3095 3096
					    rx_status);
		break;
	case IEEE80211_STYPE_PROBE_RESP:
3097
		ieee80211_rx_mgmt_probe_resp(sdata, mgmt, skb->len, rx_status);
3098 3099
		break;
	case IEEE80211_STYPE_BEACON:
3100
		ieee80211_rx_mgmt_beacon(sdata, mgmt, skb->len, rx_status);
3101 3102
		break;
	case IEEE80211_STYPE_AUTH:
3103
		ieee80211_rx_mgmt_auth(sdata, ifsta, mgmt, skb->len);
3104 3105
		break;
	case IEEE80211_STYPE_ASSOC_RESP:
3106
		ieee80211_rx_mgmt_assoc_resp(sdata, ifsta, mgmt, skb->len, 0);
3107 3108
		break;
	case IEEE80211_STYPE_REASSOC_RESP:
3109
		ieee80211_rx_mgmt_assoc_resp(sdata, ifsta, mgmt, skb->len, 1);
3110 3111
		break;
	case IEEE80211_STYPE_DEAUTH:
3112
		ieee80211_rx_mgmt_deauth(sdata, ifsta, mgmt, skb->len);
3113 3114
		break;
	case IEEE80211_STYPE_DISASSOC:
3115
		ieee80211_rx_mgmt_disassoc(sdata, ifsta, mgmt, skb->len);
3116
		break;
3117
	case IEEE80211_STYPE_ACTION:
3118
		ieee80211_rx_mgmt_action(sdata, ifsta, mgmt, skb->len, rx_status);
3119
		break;
3120 3121 3122 3123 3124 3125
	}

	kfree_skb(skb);
}


3126
ieee80211_rx_result
3127
ieee80211_sta_rx_scan(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb,
Z
Zhu Yi 已提交
3128
		      struct ieee80211_rx_status *rx_status)
3129 3130
{
	struct ieee80211_mgmt *mgmt;
3131
	__le16 fc;
3132

Z
Zhu Yi 已提交
3133
	if (skb->len < 2)
J
Johannes Berg 已提交
3134
		return RX_DROP_UNUSABLE;
3135 3136

	mgmt = (struct ieee80211_mgmt *) skb->data;
3137
	fc = mgmt->frame_control;
3138

3139
	if (ieee80211_is_ctl(fc))
3140
		return RX_CONTINUE;
Z
Zhu Yi 已提交
3141 3142

	if (skb->len < 24)
J
Johannes Berg 已提交
3143
		return RX_DROP_MONITOR;
Z
Zhu Yi 已提交
3144

3145
	if (ieee80211_is_probe_resp(fc)) {
3146
		ieee80211_rx_mgmt_probe_resp(sdata, mgmt, skb->len, rx_status);
3147 3148
		dev_kfree_skb(skb);
		return RX_QUEUED;
3149
	}
3150 3151

	if (ieee80211_is_beacon(fc)) {
3152
		ieee80211_rx_mgmt_beacon(sdata, mgmt, skb->len, rx_status);
3153 3154 3155 3156
		dev_kfree_skb(skb);
		return RX_QUEUED;
	}

3157
	return RX_CONTINUE;
3158 3159 3160
}


3161
static int ieee80211_sta_active_ibss(struct ieee80211_sub_if_data *sdata)
3162
{
3163
	struct ieee80211_local *local = sdata->local;
3164 3165 3166
	int active = 0;
	struct sta_info *sta;

3167 3168 3169 3170
	rcu_read_lock();

	list_for_each_entry_rcu(sta, &local->sta_list, list) {
		if (sta->sdata == sdata &&
3171 3172 3173 3174 3175 3176
		    time_after(sta->last_rx + IEEE80211_IBSS_MERGE_INTERVAL,
			       jiffies)) {
			active++;
			break;
		}
	}
3177 3178

	rcu_read_unlock();
3179 3180 3181 3182 3183

	return active;
}


3184
static void ieee80211_sta_expire(struct ieee80211_sub_if_data *sdata, unsigned long exp_time)
3185
{
3186
	struct ieee80211_local *local = sdata->local;
3187
	struct sta_info *sta, *tmp;
3188
	LIST_HEAD(tmp_list);
3189
	DECLARE_MAC_BUF(mac);
3190
	unsigned long flags;
3191

3192
	spin_lock_irqsave(&local->sta_lock, flags);
3193
	list_for_each_entry_safe(sta, tmp, &local->sta_list, list)
3194
		if (time_after(jiffies, sta->last_rx + exp_time)) {
3195
#ifdef CONFIG_MAC80211_IBSS_DEBUG
3196
			printk(KERN_DEBUG "%s: expiring inactive STA %s\n",
3197
			       sdata->dev->name, print_mac(mac, sta->addr));
3198
#endif
3199
			__sta_info_unlink(&sta);
3200 3201
			if (sta)
				list_add(&sta->list, &tmp_list);
3202
		}
3203
	spin_unlock_irqrestore(&local->sta_lock, flags);
3204

3205 3206
	list_for_each_entry_safe(sta, tmp, &tmp_list, list)
		sta_info_destroy(sta);
3207 3208 3209
}


3210
static void ieee80211_sta_merge_ibss(struct ieee80211_sub_if_data *sdata,
3211 3212 3213 3214
				     struct ieee80211_if_sta *ifsta)
{
	mod_timer(&ifsta->timer, jiffies + IEEE80211_IBSS_MERGE_INTERVAL);

3215 3216
	ieee80211_sta_expire(sdata, IEEE80211_IBSS_INACTIVITY_LIMIT);
	if (ieee80211_sta_active_ibss(sdata))
3217 3218 3219
		return;

	printk(KERN_DEBUG "%s: No active IBSS STAs - trying to scan for other "
3220 3221
	       "IBSS networks with same SSID (merge)\n", sdata->dev->name);
	ieee80211_sta_req_scan(sdata, ifsta->ssid, ifsta->ssid_len);
3222 3223 3224
}


3225
#ifdef CONFIG_MAC80211_MESH
3226
static void ieee80211_mesh_housekeeping(struct ieee80211_sub_if_data *sdata,
3227 3228 3229 3230
			   struct ieee80211_if_sta *ifsta)
{
	bool free_plinks;

3231 3232
	ieee80211_sta_expire(sdata, IEEE80211_MESH_PEER_INACTIVITY_LIMIT);
	mesh_path_expire(sdata);
3233 3234 3235

	free_plinks = mesh_plink_availables(sdata);
	if (free_plinks != sdata->u.sta.accepting_plinks)
3236
		ieee80211_if_config(sdata, IEEE80211_IFCC_BEACON);
3237 3238 3239 3240 3241 3242

	mod_timer(&ifsta->timer, jiffies +
			IEEE80211_MESH_HOUSEKEEPING_INTERVAL);
}


3243
void ieee80211_start_mesh(struct ieee80211_sub_if_data *sdata)
3244 3245 3246
{
	struct ieee80211_if_sta *ifsta;
	ifsta = &sdata->u.sta;
3247
	ifsta->state = IEEE80211_STA_MLME_MESH_UP;
3248
	ieee80211_sta_timer((unsigned long)sdata);
L
Luis Carlos Cobo 已提交
3249
	ieee80211_if_config(sdata, IEEE80211_IFCC_BEACON);
3250 3251 3252 3253
}
#endif


3254 3255 3256 3257 3258
void ieee80211_sta_timer(unsigned long data)
{
	struct ieee80211_sub_if_data *sdata =
		(struct ieee80211_sub_if_data *) data;
	struct ieee80211_if_sta *ifsta = &sdata->u.sta;
3259
	struct ieee80211_local *local = sdata->local;
3260 3261 3262 3263 3264 3265 3266 3267 3268

	set_bit(IEEE80211_STA_REQ_RUN, &ifsta->request);
	queue_work(local->hw.workqueue, &ifsta->work);
}

void ieee80211_sta_work(struct work_struct *work)
{
	struct ieee80211_sub_if_data *sdata =
		container_of(work, struct ieee80211_sub_if_data, u.sta.work);
3269
	struct ieee80211_local *local = sdata->local;
3270 3271 3272
	struct ieee80211_if_sta *ifsta;
	struct sk_buff *skb;

3273
	if (!netif_running(sdata->dev))
3274 3275
		return;

Z
Zhu Yi 已提交
3276
	if (local->sta_sw_scanning || local->sta_hw_scanning)
3277 3278
		return;

3279 3280 3281
	if (WARN_ON(sdata->vif.type != IEEE80211_IF_TYPE_STA &&
		    sdata->vif.type != IEEE80211_IF_TYPE_IBSS &&
		    sdata->vif.type != IEEE80211_IF_TYPE_MESH_POINT))
3282 3283 3284 3285
		return;
	ifsta = &sdata->u.sta;

	while ((skb = skb_dequeue(&ifsta->skb_queue)))
3286
		ieee80211_sta_rx_queued_mgmt(sdata, skb);
3287

3288
#ifdef CONFIG_MAC80211_MESH
J
Johannes Berg 已提交
3289 3290 3291
	if (ifsta->preq_queue_len &&
	    time_after(jiffies,
		       ifsta->last_preq + msecs_to_jiffies(ifsta->mshcfg.dot11MeshHWMPpreqMinInterval)))
3292
		mesh_path_start_discovery(sdata);
3293 3294
#endif

3295 3296
	if (ifsta->state != IEEE80211_STA_MLME_DIRECT_PROBE &&
	    ifsta->state != IEEE80211_STA_MLME_AUTHENTICATE &&
3297
	    ifsta->state != IEEE80211_STA_MLME_ASSOCIATE &&
3298
	    test_and_clear_bit(IEEE80211_STA_REQ_SCAN, &ifsta->request)) {
3299
		if (ifsta->scan_ssid_len)
3300
			ieee80211_sta_start_scan(sdata, ifsta->scan_ssid, ifsta->scan_ssid_len);
3301
		else
3302
			ieee80211_sta_start_scan(sdata, NULL, 0);
3303 3304 3305 3306
		return;
	}

	if (test_and_clear_bit(IEEE80211_STA_REQ_AUTH, &ifsta->request)) {
3307
		if (ieee80211_sta_config_auth(sdata, ifsta))
3308 3309 3310 3311 3312 3313
			return;
		clear_bit(IEEE80211_STA_REQ_RUN, &ifsta->request);
	} else if (!test_and_clear_bit(IEEE80211_STA_REQ_RUN, &ifsta->request))
		return;

	switch (ifsta->state) {
3314
	case IEEE80211_STA_MLME_DISABLED:
3315
		break;
3316 3317 3318
	case IEEE80211_STA_MLME_DIRECT_PROBE:
		ieee80211_direct_probe(sdata, ifsta);
		break;
3319
	case IEEE80211_STA_MLME_AUTHENTICATE:
3320
		ieee80211_authenticate(sdata, ifsta);
3321
		break;
3322
	case IEEE80211_STA_MLME_ASSOCIATE:
3323
		ieee80211_associate(sdata, ifsta);
3324
		break;
3325
	case IEEE80211_STA_MLME_ASSOCIATED:
3326
		ieee80211_associated(sdata, ifsta);
3327
		break;
3328
	case IEEE80211_STA_MLME_IBSS_SEARCH:
3329
		ieee80211_sta_find_ibss(sdata, ifsta);
3330
		break;
3331
	case IEEE80211_STA_MLME_IBSS_JOINED:
3332
		ieee80211_sta_merge_ibss(sdata, ifsta);
3333
		break;
3334
#ifdef CONFIG_MAC80211_MESH
3335
	case IEEE80211_STA_MLME_MESH_UP:
3336
		ieee80211_mesh_housekeeping(sdata, ifsta);
3337 3338
		break;
#endif
3339
	default:
3340
		WARN_ON(1);
3341 3342 3343
		break;
	}

3344
	if (ieee80211_privacy_mismatch(sdata, ifsta)) {
3345
		printk(KERN_DEBUG "%s: privacy configuration mismatch and "
3346
		       "mixed-cell disabled - disassociate\n", sdata->dev->name);
3347

3348 3349
		ieee80211_send_disassoc(sdata, ifsta, WLAN_REASON_UNSPECIFIED);
		ieee80211_set_disassoc(sdata, ifsta, 0);
3350 3351 3352 3353
	}
}


3354
static void ieee80211_sta_reset_auth(struct ieee80211_sub_if_data *sdata,
3355 3356
				     struct ieee80211_if_sta *ifsta)
{
3357
	struct ieee80211_local *local = sdata->local;
3358 3359 3360 3361 3362 3363 3364 3365 3366 3367 3368 3369 3370 3371 3372 3373 3374 3375

	if (local->ops->reset_tsf) {
		/* Reset own TSF to allow time synchronization work. */
		local->ops->reset_tsf(local_to_hw(local));
	}

	ifsta->wmm_last_param_set = -1; /* allow any WMM update */


	if (ifsta->auth_algs & IEEE80211_AUTH_ALG_OPEN)
		ifsta->auth_alg = WLAN_AUTH_OPEN;
	else if (ifsta->auth_algs & IEEE80211_AUTH_ALG_SHARED_KEY)
		ifsta->auth_alg = WLAN_AUTH_SHARED_KEY;
	else if (ifsta->auth_algs & IEEE80211_AUTH_ALG_LEAP)
		ifsta->auth_alg = WLAN_AUTH_LEAP;
	else
		ifsta->auth_alg = WLAN_AUTH_OPEN;
	ifsta->auth_transaction = -1;
3376
	ifsta->flags &= ~IEEE80211_STA_ASSOCIATED;
3377
	ifsta->assoc_scan_tries = 0;
3378
	ifsta->direct_probe_tries = 0;
3379 3380
	ifsta->auth_tries = 0;
	ifsta->assoc_tries = 0;
3381
	netif_carrier_off(sdata->dev);
3382 3383 3384
}


3385
void ieee80211_sta_req_auth(struct ieee80211_sub_if_data *sdata,
3386 3387
			    struct ieee80211_if_sta *ifsta)
{
3388
	struct ieee80211_local *local = sdata->local;
3389

3390
	if (sdata->vif.type != IEEE80211_IF_TYPE_STA)
3391 3392
		return;

3393 3394 3395 3396
	if ((ifsta->flags & (IEEE80211_STA_BSSID_SET |
				IEEE80211_STA_AUTO_BSSID_SEL)) &&
	    (ifsta->flags & (IEEE80211_STA_SSID_SET |
				IEEE80211_STA_AUTO_SSID_SEL))) {
3397 3398 3399 3400 3401 3402 3403 3404 3405 3406
		set_bit(IEEE80211_STA_REQ_AUTH, &ifsta->request);
		queue_work(local->hw.workqueue, &ifsta->work);
	}
}

static int ieee80211_sta_match_ssid(struct ieee80211_if_sta *ifsta,
				    const char *ssid, int ssid_len)
{
	int tmp, hidden_ssid;

3407 3408
	if (ssid_len == ifsta->ssid_len &&
	    !memcmp(ifsta->ssid, ssid, ssid_len))
3409 3410
		return 1;

3411
	if (ifsta->flags & IEEE80211_STA_AUTO_BSSID_SEL)
3412 3413 3414 3415 3416 3417 3418 3419 3420 3421 3422 3423 3424 3425 3426 3427 3428 3429 3430 3431
		return 0;

	hidden_ssid = 1;
	tmp = ssid_len;
	while (tmp--) {
		if (ssid[tmp] != '\0') {
			hidden_ssid = 0;
			break;
		}
	}

	if (hidden_ssid && ifsta->ssid_len == ssid_len)
		return 1;

	if (ssid_len == 1 && ssid[0] == ' ')
		return 1;

	return 0;
}

3432
static int ieee80211_sta_config_auth(struct ieee80211_sub_if_data *sdata,
3433 3434
				     struct ieee80211_if_sta *ifsta)
{
3435
	struct ieee80211_local *local = sdata->local;
3436 3437 3438 3439
	struct ieee80211_sta_bss *bss, *selected = NULL;
	int top_rssi = 0, freq;

	spin_lock_bh(&local->sta_bss_lock);
3440
	freq = local->oper_channel->center_freq;
3441 3442 3443 3444
	list_for_each_entry(bss, &local->sta_bss_list, list) {
		if (!(bss->capability & WLAN_CAPABILITY_ESS))
			continue;

3445 3446 3447 3448 3449
		if ((ifsta->flags & (IEEE80211_STA_AUTO_SSID_SEL |
			IEEE80211_STA_AUTO_BSSID_SEL |
			IEEE80211_STA_AUTO_CHANNEL_SEL)) &&
		    (!!(bss->capability & WLAN_CAPABILITY_PRIVACY) ^
		     !!sdata->default_key))
3450 3451
			continue;

3452 3453
		if (!(ifsta->flags & IEEE80211_STA_AUTO_CHANNEL_SEL) &&
		    bss->freq != freq)
3454 3455
			continue;

3456
		if (!(ifsta->flags & IEEE80211_STA_AUTO_BSSID_SEL) &&
3457 3458 3459
		    memcmp(bss->bssid, ifsta->bssid, ETH_ALEN))
			continue;

3460
		if (!(ifsta->flags & IEEE80211_STA_AUTO_SSID_SEL) &&
3461 3462 3463
		    !ieee80211_sta_match_ssid(ifsta, bss->ssid, bss->ssid_len))
			continue;

3464
		if (!selected || top_rssi < bss->signal) {
3465
			selected = bss;
3466
			top_rssi = bss->signal;
3467 3468 3469 3470 3471 3472 3473
		}
	}
	if (selected)
		atomic_inc(&selected->users);
	spin_unlock_bh(&local->sta_bss_lock);

	if (selected) {
3474
		ieee80211_set_freq(sdata, selected->freq);
3475
		if (!(ifsta->flags & IEEE80211_STA_SSID_SET))
3476
			ieee80211_sta_set_ssid(sdata, selected->ssid,
3477
					       selected->ssid_len);
3478 3479
		ieee80211_sta_set_bssid(sdata, selected->bssid);
		ieee80211_sta_def_wmm_params(sdata, selected, 0);
3480 3481 3482 3483 3484 3485 3486 3487 3488 3489 3490

		/* Send out direct probe if no probe resp was received or
		 * the one we have is outdated
		 */
		if (!selected->last_probe_resp ||
		    time_after(jiffies, selected->last_probe_resp
					+ IEEE80211_SCAN_RESULT_EXPIRE))
			ifsta->state = IEEE80211_STA_MLME_DIRECT_PROBE;
		else
			ifsta->state = IEEE80211_STA_MLME_AUTHENTICATE;

3491
		ieee80211_rx_bss_put(local, selected);
3492
		ieee80211_sta_reset_auth(sdata, ifsta);
3493 3494
		return 0;
	} else {
3495 3496
		if (ifsta->assoc_scan_tries < IEEE80211_ASSOC_SCANS_MAX_TRIES) {
			ifsta->assoc_scan_tries++;
3497
			if (ifsta->flags & IEEE80211_STA_AUTO_SSID_SEL)
3498
				ieee80211_sta_start_scan(sdata, NULL, 0);
3499
			else
3500
				ieee80211_sta_start_scan(sdata, ifsta->ssid,
3501
							 ifsta->ssid_len);
3502
			ifsta->state = IEEE80211_STA_MLME_AUTHENTICATE;
3503 3504
			set_bit(IEEE80211_STA_REQ_AUTH, &ifsta->request);
		} else
3505
			ifsta->state = IEEE80211_STA_MLME_DISABLED;
3506 3507 3508 3509 3510
	}
	return -1;
}


3511
static int ieee80211_sta_create_ibss(struct ieee80211_sub_if_data *sdata,
3512 3513
				     struct ieee80211_if_sta *ifsta)
{
3514
	struct ieee80211_local *local = sdata->local;
3515
	struct ieee80211_sta_bss *bss;
3516
	struct ieee80211_supported_band *sband;
3517 3518
	u8 bssid[ETH_ALEN], *pos;
	int i;
3519
	int ret;
3520
	DECLARE_MAC_BUF(mac);
3521 3522 3523 3524 3525 3526 3527 3528 3529 3530

#if 0
	/* Easier testing, use fixed BSSID. */
	memset(bssid, 0xfe, ETH_ALEN);
#else
	/* Generate random, not broadcast, locally administered BSSID. Mix in
	 * own MAC address to make sure that devices that do not have proper
	 * random number generator get different BSSID. */
	get_random_bytes(bssid, ETH_ALEN);
	for (i = 0; i < ETH_ALEN; i++)
3531
		bssid[i] ^= sdata->dev->dev_addr[i];
3532 3533 3534 3535
	bssid[0] &= ~0x01;
	bssid[0] |= 0x02;
#endif

3536
	printk(KERN_DEBUG "%s: Creating new IBSS network, BSSID %s\n",
3537
	       sdata->dev->name, print_mac(mac, bssid));
3538

3539
	bss = ieee80211_rx_bss_add(sdata, bssid,
3540
				   local->hw.conf.channel->center_freq,
3541
				   sdata->u.sta.ssid, sdata->u.sta.ssid_len);
3542 3543 3544
	if (!bss)
		return -ENOMEM;

3545 3546
	bss->band = local->hw.conf.channel->band;
	sband = local->hw.wiphy->bands[bss->band];
3547 3548

	if (local->hw.conf.beacon_int == 0)
3549
		local->hw.conf.beacon_int = 100;
3550 3551 3552
	bss->beacon_int = local->hw.conf.beacon_int;
	bss->last_update = jiffies;
	bss->capability = WLAN_CAPABILITY_IBSS;
J
Johannes Berg 已提交
3553 3554

	if (sdata->default_key)
3555
		bss->capability |= WLAN_CAPABILITY_PRIVACY;
J
Johannes Berg 已提交
3556
	else
3557
		sdata->drop_unencrypted = 0;
J
Johannes Berg 已提交
3558

3559
	bss->supp_rates_len = sband->n_bitrates;
3560
	pos = bss->supp_rates;
3561 3562
	for (i = 0; i < sband->n_bitrates; i++) {
		int rate = sband->bitrates[i].bitrate;
3563 3564 3565
		*pos++ = (u8) (rate / 5);
	}

3566
	ret = ieee80211_sta_join_ibss(sdata, ifsta, bss);
3567
	ieee80211_rx_bss_put(local, bss);
3568
	return ret;
3569 3570 3571
}


3572
static int ieee80211_sta_find_ibss(struct ieee80211_sub_if_data *sdata,
3573 3574
				   struct ieee80211_if_sta *ifsta)
{
3575
	struct ieee80211_local *local = sdata->local;
3576 3577 3578 3579
	struct ieee80211_sta_bss *bss;
	int found = 0;
	u8 bssid[ETH_ALEN];
	int active_ibss;
3580 3581
	DECLARE_MAC_BUF(mac);
	DECLARE_MAC_BUF(mac2);
3582 3583 3584 3585

	if (ifsta->ssid_len == 0)
		return -EINVAL;

3586
	active_ibss = ieee80211_sta_active_ibss(sdata);
3587 3588
#ifdef CONFIG_MAC80211_IBSS_DEBUG
	printk(KERN_DEBUG "%s: sta_find_ibss (active_ibss=%d)\n",
3589
	       sdata->dev->name, active_ibss);
3590 3591 3592 3593 3594 3595 3596 3597
#endif /* CONFIG_MAC80211_IBSS_DEBUG */
	spin_lock_bh(&local->sta_bss_lock);
	list_for_each_entry(bss, &local->sta_bss_list, list) {
		if (ifsta->ssid_len != bss->ssid_len ||
		    memcmp(ifsta->ssid, bss->ssid, bss->ssid_len) != 0
		    || !(bss->capability & WLAN_CAPABILITY_IBSS))
			continue;
#ifdef CONFIG_MAC80211_IBSS_DEBUG
3598 3599
		printk(KERN_DEBUG "   bssid=%s found\n",
		       print_mac(mac, bss->bssid));
3600 3601 3602 3603 3604 3605 3606 3607 3608
#endif /* CONFIG_MAC80211_IBSS_DEBUG */
		memcpy(bssid, bss->bssid, ETH_ALEN);
		found = 1;
		if (active_ibss || memcmp(bssid, ifsta->bssid, ETH_ALEN) != 0)
			break;
	}
	spin_unlock_bh(&local->sta_bss_lock);

#ifdef CONFIG_MAC80211_IBSS_DEBUG
3609 3610 3611 3612
	if (found)
		printk(KERN_DEBUG "   sta_find_ibss: selected %s current "
		       "%s\n", print_mac(mac, bssid),
		       print_mac(mac2, ifsta->bssid));
3613
#endif /* CONFIG_MAC80211_IBSS_DEBUG */
3614 3615

	if (found && memcmp(ifsta->bssid, bssid, ETH_ALEN) != 0) {
3616
		int ret;
3617 3618 3619 3620 3621 3622 3623
		int search_freq;

		if (ifsta->flags & IEEE80211_STA_AUTO_CHANNEL_SEL)
			search_freq = bss->freq;
		else
			search_freq = local->hw.conf.channel->center_freq;

3624
		bss = ieee80211_rx_bss_get(local, bssid, search_freq,
3625 3626 3627 3628
					   ifsta->ssid, ifsta->ssid_len);
		if (!bss)
			goto dont_join;

3629
		printk(KERN_DEBUG "%s: Selected IBSS BSSID %s"
3630
		       " based on configured SSID\n",
3631 3632
		       sdata->dev->name, print_mac(mac, bssid));
		ret = ieee80211_sta_join_ibss(sdata, ifsta, bss);
3633
		ieee80211_rx_bss_put(local, bss);
3634
		return ret;
3635
	}
3636 3637

dont_join:
3638 3639 3640 3641 3642
#ifdef CONFIG_MAC80211_IBSS_DEBUG
	printk(KERN_DEBUG "   did not try to join ibss\n");
#endif /* CONFIG_MAC80211_IBSS_DEBUG */

	/* Selected IBSS not found in current scan results - try to scan */
3643
	if (ifsta->state == IEEE80211_STA_MLME_IBSS_JOINED &&
3644
	    !ieee80211_sta_active_ibss(sdata)) {
3645 3646 3647 3648 3649
		mod_timer(&ifsta->timer, jiffies +
				      IEEE80211_IBSS_MERGE_INTERVAL);
	} else if (time_after(jiffies, local->last_scan_completed +
			      IEEE80211_SCAN_INTERVAL)) {
		printk(KERN_DEBUG "%s: Trigger new scan to find an IBSS to "
3650 3651
		       "join\n", sdata->dev->name);
		return ieee80211_sta_req_scan(sdata, ifsta->ssid,
3652
					      ifsta->ssid_len);
3653
	} else if (ifsta->state != IEEE80211_STA_MLME_IBSS_JOINED) {
3654 3655 3656 3657
		int interval = IEEE80211_SCAN_INTERVAL;

		if (time_after(jiffies, ifsta->ibss_join_req +
			       IEEE80211_IBSS_JOIN_TIMEOUT)) {
3658
			if ((ifsta->flags & IEEE80211_STA_CREATE_IBSS) &&
3659 3660
			    (!(local->oper_channel->flags &
					IEEE80211_CHAN_NO_IBSS)))
3661
				return ieee80211_sta_create_ibss(sdata, ifsta);
3662
			if (ifsta->flags & IEEE80211_STA_CREATE_IBSS) {
3663
				printk(KERN_DEBUG "%s: IBSS not allowed on"
3664
				       " %d MHz\n", sdata->dev->name,
3665
				       local->hw.conf.channel->center_freq);
3666 3667 3668 3669 3670 3671 3672
			}

			/* No IBSS found - decrease scan interval and continue
			 * scanning. */
			interval = IEEE80211_SCAN_INTERVAL_SLOW;
		}

3673
		ifsta->state = IEEE80211_STA_MLME_IBSS_SEARCH;
3674 3675 3676 3677 3678 3679 3680 3681
		mod_timer(&ifsta->timer, jiffies + interval);
		return 0;
	}

	return 0;
}


3682
int ieee80211_sta_set_ssid(struct ieee80211_sub_if_data *sdata, char *ssid, size_t len)
3683 3684
{
	struct ieee80211_if_sta *ifsta;
3685
	int res;
3686 3687 3688 3689 3690 3691

	if (len > IEEE80211_MAX_SSID_LEN)
		return -EINVAL;

	ifsta = &sdata->u.sta;

3692 3693 3694 3695
	if (ifsta->ssid_len != len || memcmp(ifsta->ssid, ssid, len) != 0) {
		memset(ifsta->ssid, 0, sizeof(ifsta->ssid));
		memcpy(ifsta->ssid, ssid, len);
		ifsta->ssid_len = len;
3696
		ifsta->flags &= ~IEEE80211_STA_PREV_BSSID_SET;
3697 3698 3699 3700 3701 3702 3703 3704 3705 3706

		res = 0;
		/*
		 * Hack! MLME code needs to be cleaned up to have different
		 * entry points for configuration and internal selection change
		 */
		if (netif_running(sdata->dev))
			res = ieee80211_if_config(sdata, IEEE80211_IFCC_SSID);
		if (res) {
			printk(KERN_DEBUG "%s: Failed to config new SSID to "
3707
			       "the low-level driver\n", sdata->dev->name);
3708 3709 3710
			return res;
		}
	}
3711

3712 3713 3714 3715
	if (len)
		ifsta->flags |= IEEE80211_STA_SSID_SET;
	else
		ifsta->flags &= ~IEEE80211_STA_SSID_SET;
3716

3717
	if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS &&
3718
	    !(ifsta->flags & IEEE80211_STA_BSSID_SET)) {
3719
		ifsta->ibss_join_req = jiffies;
3720
		ifsta->state = IEEE80211_STA_MLME_IBSS_SEARCH;
3721
		return ieee80211_sta_find_ibss(sdata, ifsta);
3722
	}
3723

3724 3725 3726 3727
	return 0;
}


3728
int ieee80211_sta_get_ssid(struct ieee80211_sub_if_data *sdata, char *ssid, size_t *len)
3729 3730 3731 3732 3733 3734 3735 3736
{
	struct ieee80211_if_sta *ifsta = &sdata->u.sta;
	memcpy(ssid, ifsta->ssid, ifsta->ssid_len);
	*len = ifsta->ssid_len;
	return 0;
}


3737
int ieee80211_sta_set_bssid(struct ieee80211_sub_if_data *sdata, u8 *bssid)
3738 3739 3740 3741 3742 3743 3744 3745
{
	struct ieee80211_if_sta *ifsta;
	int res;

	ifsta = &sdata->u.sta;

	if (memcmp(ifsta->bssid, bssid, ETH_ALEN) != 0) {
		memcpy(ifsta->bssid, bssid, ETH_ALEN);
3746 3747 3748 3749 3750 3751
		res = 0;
		/*
		 * Hack! See also ieee80211_sta_set_ssid.
		 */
		if (netif_running(sdata->dev))
			res = ieee80211_if_config(sdata, IEEE80211_IFCC_BSSID);
3752 3753
		if (res) {
			printk(KERN_DEBUG "%s: Failed to config new BSSID to "
3754
			       "the low-level driver\n", sdata->dev->name);
3755 3756 3757 3758
			return res;
		}
	}

3759 3760
	if (is_valid_ether_addr(bssid))
		ifsta->flags |= IEEE80211_STA_BSSID_SET;
3761
	else
3762 3763
		ifsta->flags &= ~IEEE80211_STA_BSSID_SET;

3764 3765 3766 3767 3768 3769 3770 3771 3772 3773
	return 0;
}


static void ieee80211_send_nullfunc(struct ieee80211_local *local,
				    struct ieee80211_sub_if_data *sdata,
				    int powersave)
{
	struct sk_buff *skb;
	struct ieee80211_hdr *nullfunc;
3774
	__le16 fc;
3775 3776 3777 3778 3779 3780 3781 3782 3783 3784 3785

	skb = dev_alloc_skb(local->hw.extra_tx_headroom + 24);
	if (!skb) {
		printk(KERN_DEBUG "%s: failed to allocate buffer for nullfunc "
		       "frame\n", sdata->dev->name);
		return;
	}
	skb_reserve(skb, local->hw.extra_tx_headroom);

	nullfunc = (struct ieee80211_hdr *) skb_put(skb, 24);
	memset(nullfunc, 0, 24);
3786 3787
	fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC |
			 IEEE80211_FCTL_TODS);
3788
	if (powersave)
3789 3790
		fc |= cpu_to_le16(IEEE80211_FCTL_PM);
	nullfunc->frame_control = fc;
3791 3792 3793 3794
	memcpy(nullfunc->addr1, sdata->u.sta.bssid, ETH_ALEN);
	memcpy(nullfunc->addr2, sdata->dev->dev_addr, ETH_ALEN);
	memcpy(nullfunc->addr3, sdata->u.sta.bssid, ETH_ALEN);

3795
	ieee80211_sta_tx(sdata, skb, 0);
3796 3797 3798
}


3799 3800 3801 3802 3803 3804 3805
static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata)
{
	if (sdata->vif.type == IEEE80211_IF_TYPE_STA ||
	    ieee80211_vif_is_mesh(&sdata->vif))
		ieee80211_sta_timer((unsigned long)sdata);
}

3806 3807 3808 3809 3810 3811 3812 3813
void ieee80211_scan_completed(struct ieee80211_hw *hw)
{
	struct ieee80211_local *local = hw_to_local(hw);
	struct net_device *dev = local->scan_dev;
	struct ieee80211_sub_if_data *sdata;
	union iwreq_data wrqu;

	local->last_scan_completed = jiffies;
Z
Zhu Yi 已提交
3814 3815
	memset(&wrqu, 0, sizeof(wrqu));
	wireless_send_event(dev, SIOCGIWSCAN, &wrqu, NULL);
3816

Z
Zhu Yi 已提交
3817 3818
	if (local->sta_hw_scanning) {
		local->sta_hw_scanning = 0;
3819 3820 3821
		if (ieee80211_hw_config(local))
			printk(KERN_DEBUG "%s: failed to restore operational "
			       "channel after scan\n", dev->name);
3822 3823 3824 3825 3826 3827
		/* Restart STA timer for HW scan case */
		rcu_read_lock();
		list_for_each_entry_rcu(sdata, &local->interfaces, list)
			ieee80211_restart_sta_timer(sdata);
		rcu_read_unlock();

Z
Zhu Yi 已提交
3828 3829 3830 3831
		goto done;
	}

	local->sta_sw_scanning = 0;
3832
	if (ieee80211_hw_config(local))
3833
		printk(KERN_DEBUG "%s: failed to restore operational "
3834 3835
		       "channel after scan\n", dev->name);

3836 3837

	netif_tx_lock_bh(local->mdev);
3838
	netif_addr_lock(local->mdev);
3839 3840 3841 3842 3843 3844 3845
	local->filter_flags &= ~FIF_BCN_PRBRESP_PROMISC;
	local->ops->configure_filter(local_to_hw(local),
				     FIF_BCN_PRBRESP_PROMISC,
				     &local->filter_flags,
				     local->mdev->mc_count,
				     local->mdev->mc_list);

3846
	netif_addr_unlock(local->mdev);
3847
	netif_tx_unlock_bh(local->mdev);
3848

3849 3850
	rcu_read_lock();
	list_for_each_entry_rcu(sdata, &local->interfaces, list) {
3851 3852 3853 3854
		/* Tell AP we're back */
		if (sdata->vif.type == IEEE80211_IF_TYPE_STA &&
		    sdata->u.sta.flags & IEEE80211_STA_ASSOCIATED)
			ieee80211_send_nullfunc(local, sdata, 0);
3855

3856
		ieee80211_restart_sta_timer(sdata);
3857

3858 3859
		netif_wake_queue(sdata->dev);
	}
3860
	rcu_read_unlock();
3861

Z
Zhu Yi 已提交
3862
done:
3863
	sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3864
	if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS) {
3865
		struct ieee80211_if_sta *ifsta = &sdata->u.sta;
3866
		if (!(ifsta->flags & IEEE80211_STA_BSSID_SET) ||
3867
		    (!(ifsta->state == IEEE80211_STA_MLME_IBSS_JOINED) &&
3868 3869
		    !ieee80211_sta_active_ibss(sdata)))
			ieee80211_sta_find_ibss(sdata, ifsta);
3870 3871 3872 3873 3874 3875 3876 3877 3878 3879
	}
}
EXPORT_SYMBOL(ieee80211_scan_completed);

void ieee80211_sta_scan_work(struct work_struct *work)
{
	struct ieee80211_local *local =
		container_of(work, struct ieee80211_local, scan_work.work);
	struct net_device *dev = local->scan_dev;
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3880
	struct ieee80211_supported_band *sband;
3881 3882 3883 3884
	struct ieee80211_channel *chan;
	int skip;
	unsigned long next_delay = 0;

Z
Zhu Yi 已提交
3885
	if (!local->sta_sw_scanning)
3886 3887 3888 3889
		return;

	switch (local->scan_state) {
	case SCAN_SET_CHANNEL:
3890 3891 3892 3893 3894
		/*
		 * Get current scan band. scan_band may be IEEE80211_NUM_BANDS
		 * after we successfully scanned the last channel of the last
		 * band (and the last band is supported by the hw)
		 */
3895 3896 3897 3898 3899
		if (local->scan_band < IEEE80211_NUM_BANDS)
			sband = local->hw.wiphy->bands[local->scan_band];
		else
			sband = NULL;

3900 3901 3902 3903 3904
		/*
		 * If we are at an unsupported band and have more bands
		 * left to scan, advance to the next supported one.
		 */
		while (!sband && local->scan_band < IEEE80211_NUM_BANDS - 1) {
3905 3906 3907 3908 3909
			local->scan_band++;
			sband = local->hw.wiphy->bands[local->scan_band];
			local->scan_channel_idx = 0;
		}

3910 3911
		/* if no more bands/channels left, complete scan */
		if (!sband || local->scan_channel_idx >= sband->n_channels) {
3912 3913 3914
			ieee80211_scan_completed(local_to_hw(local));
			return;
		}
3915 3916 3917 3918
		skip = 0;
		chan = &sband->channels[local->scan_channel_idx];

		if (chan->flags & IEEE80211_CHAN_DISABLED ||
3919
		    (sdata->vif.type == IEEE80211_IF_TYPE_IBSS &&
3920
		     chan->flags & IEEE80211_CHAN_NO_IBSS))
3921 3922 3923 3924 3925
			skip = 1;

		if (!skip) {
			local->scan_channel = chan;
			if (ieee80211_hw_config(local)) {
3926 3927 3928
				printk(KERN_DEBUG "%s: failed to set freq to "
				       "%d MHz for scan\n", dev->name,
				       chan->center_freq);
3929 3930 3931 3932
				skip = 1;
			}
		}

3933
		/* advance state machine to next channel/band */
3934
		local->scan_channel_idx++;
3935
		if (local->scan_channel_idx >= sband->n_channels) {
3936 3937 3938 3939 3940
			/*
			 * scan_band may end up == IEEE80211_NUM_BANDS, but
			 * we'll catch that case above and complete the scan
			 * if that is the case.
			 */
3941 3942
			local->scan_band++;
			local->scan_channel_idx = 0;
3943 3944 3945 3946 3947 3948 3949 3950 3951 3952
		}

		if (skip)
			break;

		next_delay = IEEE80211_PROBE_DELAY +
			     usecs_to_jiffies(local->hw.channel_change_time);
		local->scan_state = SCAN_SEND_PROBE;
		break;
	case SCAN_SEND_PROBE:
3953
		next_delay = IEEE80211_PASSIVE_CHANNEL_TIME;
3954
		local->scan_state = SCAN_SET_CHANNEL;
3955 3956 3957

		if (local->scan_channel->flags & IEEE80211_CHAN_PASSIVE_SCAN)
			break;
3958
		ieee80211_send_probe_req(sdata, NULL, local->scan_ssid,
3959 3960
					 local->scan_ssid_len);
		next_delay = IEEE80211_CHANNEL_TIME;
3961 3962 3963
		break;
	}

Z
Zhu Yi 已提交
3964
	if (local->sta_sw_scanning)
3965 3966 3967 3968 3969
		queue_delayed_work(local->hw.workqueue, &local->scan_work,
				   next_delay);
}


3970
static int ieee80211_sta_start_scan(struct ieee80211_sub_if_data *scan_sdata,
3971 3972
				    u8 *ssid, size_t ssid_len)
{
3973
	struct ieee80211_local *local = scan_sdata->local;
3974 3975 3976 3977 3978 3979 3980 3981 3982 3983 3984 3985 3986 3987 3988 3989 3990 3991 3992 3993 3994 3995
	struct ieee80211_sub_if_data *sdata;

	if (ssid_len > IEEE80211_MAX_SSID_LEN)
		return -EINVAL;

	/* MLME-SCAN.request (page 118)  page 144 (11.1.3.1)
	 * BSSType: INFRASTRUCTURE, INDEPENDENT, ANY_BSS
	 * BSSID: MACAddress
	 * SSID
	 * ScanType: ACTIVE, PASSIVE
	 * ProbeDelay: delay (in microseconds) to be used prior to transmitting
	 *    a Probe frame during active scanning
	 * ChannelList
	 * MinChannelTime (>= ProbeDelay), in TU
	 * MaxChannelTime: (>= MinChannelTime), in TU
	 */

	 /* MLME-SCAN.confirm
	  * BSSDescriptionSet
	  * ResultCode: SUCCESS, INVALID_PARAMETERS
	 */

Z
Zhu Yi 已提交
3996
	if (local->sta_sw_scanning || local->sta_hw_scanning) {
3997
		if (local->scan_dev == scan_sdata->dev)
3998 3999 4000 4001 4002 4003
			return 0;
		return -EBUSY;
	}

	if (local->ops->hw_scan) {
		int rc = local->ops->hw_scan(local_to_hw(local),
Z
Zhu Yi 已提交
4004
					     ssid, ssid_len);
4005
		if (!rc) {
Z
Zhu Yi 已提交
4006
			local->sta_hw_scanning = 1;
4007
			local->scan_dev = scan_sdata->dev;
4008 4009 4010 4011
		}
		return rc;
	}

Z
Zhu Yi 已提交
4012
	local->sta_sw_scanning = 1;
4013

4014 4015
	rcu_read_lock();
	list_for_each_entry_rcu(sdata, &local->interfaces, list) {
4016
		netif_stop_queue(sdata->dev);
4017
		if (sdata->vif.type == IEEE80211_IF_TYPE_STA &&
4018
		    (sdata->u.sta.flags & IEEE80211_STA_ASSOCIATED))
4019 4020
			ieee80211_send_nullfunc(local, sdata, 1);
	}
4021
	rcu_read_unlock();
4022 4023 4024 4025 4026 4027 4028 4029

	if (ssid) {
		local->scan_ssid_len = ssid_len;
		memcpy(local->scan_ssid, ssid, ssid_len);
	} else
		local->scan_ssid_len = 0;
	local->scan_state = SCAN_SET_CHANNEL;
	local->scan_channel_idx = 0;
4030
	local->scan_band = IEEE80211_BAND_2GHZ;
4031
	local->scan_dev = scan_sdata->dev;
4032

4033
	netif_addr_lock_bh(local->mdev);
4034 4035 4036 4037 4038 4039
	local->filter_flags |= FIF_BCN_PRBRESP_PROMISC;
	local->ops->configure_filter(local_to_hw(local),
				     FIF_BCN_PRBRESP_PROMISC,
				     &local->filter_flags,
				     local->mdev->mc_count,
				     local->mdev->mc_list);
4040
	netif_addr_unlock_bh(local->mdev);
4041 4042 4043 4044 4045 4046 4047 4048 4049

	/* TODO: start scan as soon as all nullfunc frames are ACKed */
	queue_delayed_work(local->hw.workqueue, &local->scan_work,
			   IEEE80211_CHANNEL_TIME);

	return 0;
}


4050
int ieee80211_sta_req_scan(struct ieee80211_sub_if_data *sdata, u8 *ssid, size_t ssid_len)
4051 4052
{
	struct ieee80211_if_sta *ifsta = &sdata->u.sta;
4053
	struct ieee80211_local *local = sdata->local;
4054

4055
	if (sdata->vif.type != IEEE80211_IF_TYPE_STA)
4056
		return ieee80211_sta_start_scan(sdata, ssid, ssid_len);
4057

Z
Zhu Yi 已提交
4058
	if (local->sta_sw_scanning || local->sta_hw_scanning) {
4059
		if (local->scan_dev == sdata->dev)
4060 4061 4062 4063
			return 0;
		return -EBUSY;
	}

4064 4065 4066
	ifsta->scan_ssid_len = ssid_len;
	if (ssid_len)
		memcpy(ifsta->scan_ssid, ssid, ssid_len);
4067 4068 4069 4070 4071
	set_bit(IEEE80211_STA_REQ_SCAN, &ifsta->request);
	queue_work(local->hw.workqueue, &ifsta->work);
	return 0;
}

4072 4073 4074 4075 4076 4077 4078 4079 4080 4081 4082 4083 4084 4085 4086 4087 4088 4089 4090 4091 4092 4093 4094 4095 4096 4097 4098 4099 4100 4101 4102 4103 4104 4105 4106 4107 4108 4109 4110 4111 4112 4113

static void ieee80211_sta_add_scan_ies(struct iw_request_info *info,
				       struct ieee80211_sta_bss *bss,
				       char **current_ev, char *end_buf)
{
	u8 *pos, *end, *next;
	struct iw_event iwe;

	if (bss == NULL || bss->ies == NULL)
		return;

	/*
	 * If needed, fragment the IEs buffer (at IE boundaries) into short
	 * enough fragments to fit into IW_GENERIC_IE_MAX octet messages.
	 */
	pos = bss->ies;
	end = pos + bss->ies_len;

	while (end - pos > IW_GENERIC_IE_MAX) {
		next = pos + 2 + pos[1];
		while (next + 2 + next[1] - pos < IW_GENERIC_IE_MAX)
			next = next + 2 + next[1];

		memset(&iwe, 0, sizeof(iwe));
		iwe.cmd = IWEVGENIE;
		iwe.u.data.length = next - pos;
		*current_ev = iwe_stream_add_point(info, *current_ev,
						   end_buf, &iwe, pos);

		pos = next;
	}

	if (end > pos) {
		memset(&iwe, 0, sizeof(iwe));
		iwe.cmd = IWEVGENIE;
		iwe.u.data.length = end - pos;
		*current_ev = iwe_stream_add_point(info, *current_ev,
						   end_buf, &iwe, pos);
	}
}


4114
static char *
4115
ieee80211_sta_scan_result(struct ieee80211_local *local,
4116
			  struct iw_request_info *info,
4117 4118 4119 4120 4121 4122 4123 4124 4125 4126 4127 4128 4129
			  struct ieee80211_sta_bss *bss,
			  char *current_ev, char *end_buf)
{
	struct iw_event iwe;

	if (time_after(jiffies,
		       bss->last_update + IEEE80211_SCAN_RESULT_EXPIRE))
		return current_ev;

	memset(&iwe, 0, sizeof(iwe));
	iwe.cmd = SIOCGIWAP;
	iwe.u.ap_addr.sa_family = ARPHRD_ETHER;
	memcpy(iwe.u.ap_addr.sa_data, bss->bssid, ETH_ALEN);
4130
	current_ev = iwe_stream_add_event(info, current_ev, end_buf, &iwe,
4131 4132 4133 4134
					  IW_EV_ADDR_LEN);

	memset(&iwe, 0, sizeof(iwe));
	iwe.cmd = SIOCGIWESSID;
J
Johannes Berg 已提交
4135 4136
	if (bss_mesh_cfg(bss)) {
		iwe.u.data.length = bss_mesh_id_len(bss);
4137
		iwe.u.data.flags = 1;
4138 4139
		current_ev = iwe_stream_add_point(info, current_ev, end_buf,
						  &iwe, bss_mesh_id(bss));
4140 4141 4142
	} else {
		iwe.u.data.length = bss->ssid_len;
		iwe.u.data.flags = 1;
4143 4144
		current_ev = iwe_stream_add_point(info, current_ev, end_buf,
						  &iwe, bss->ssid);
4145
	}
4146

4147 4148
	if (bss->capability & (WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_IBSS)
	    || bss_mesh_cfg(bss)) {
4149 4150
		memset(&iwe, 0, sizeof(iwe));
		iwe.cmd = SIOCGIWMODE;
J
Johannes Berg 已提交
4151
		if (bss_mesh_cfg(bss))
4152 4153
			iwe.u.mode = IW_MODE_MESH;
		else if (bss->capability & WLAN_CAPABILITY_ESS)
4154 4155 4156
			iwe.u.mode = IW_MODE_MASTER;
		else
			iwe.u.mode = IW_MODE_ADHOC;
4157 4158
		current_ev = iwe_stream_add_event(info, current_ev, end_buf,
						  &iwe, IW_EV_UINT_LEN);
4159 4160 4161 4162
	}

	memset(&iwe, 0, sizeof(iwe));
	iwe.cmd = SIOCGIWFREQ;
4163 4164
	iwe.u.freq.m = ieee80211_frequency_to_channel(bss->freq);
	iwe.u.freq.e = 0;
4165
	current_ev = iwe_stream_add_event(info, current_ev, end_buf, &iwe,
4166
					  IW_EV_FREQ_LEN);
4167 4168 4169

	memset(&iwe, 0, sizeof(iwe));
	iwe.cmd = SIOCGIWFREQ;
4170 4171
	iwe.u.freq.m = bss->freq;
	iwe.u.freq.e = 6;
4172
	current_ev = iwe_stream_add_event(info, current_ev, end_buf, &iwe,
4173 4174 4175
					  IW_EV_FREQ_LEN);
	memset(&iwe, 0, sizeof(iwe));
	iwe.cmd = IWEVQUAL;
4176 4177
	iwe.u.qual.qual = bss->qual;
	iwe.u.qual.level = bss->signal;
4178 4179
	iwe.u.qual.noise = bss->noise;
	iwe.u.qual.updated = local->wstats_flags;
4180
	current_ev = iwe_stream_add_event(info, current_ev, end_buf, &iwe,
4181 4182 4183 4184 4185 4186 4187 4188 4189
					  IW_EV_QUAL_LEN);

	memset(&iwe, 0, sizeof(iwe));
	iwe.cmd = SIOCGIWENCODE;
	if (bss->capability & WLAN_CAPABILITY_PRIVACY)
		iwe.u.data.flags = IW_ENCODE_ENABLED | IW_ENCODE_NOKEY;
	else
		iwe.u.data.flags = IW_ENCODE_DISABLED;
	iwe.u.data.length = 0;
4190 4191
	current_ev = iwe_stream_add_point(info, current_ev, end_buf,
					  &iwe, "");
4192

4193
	ieee80211_sta_add_scan_ies(info, bss, &current_ev, end_buf);
4194

4195 4196
	if (bss && bss->supp_rates_len > 0) {
		/* display all supported rates in readable format */
4197
		char *p = current_ev + iwe_stream_lcp_len(info);
4198 4199 4200 4201 4202 4203 4204 4205 4206 4207
		int i;

		memset(&iwe, 0, sizeof(iwe));
		iwe.cmd = SIOCGIWRATE;
		/* Those two flags are ignored... */
		iwe.u.bitrate.fixed = iwe.u.bitrate.disabled = 0;

		for (i = 0; i < bss->supp_rates_len; i++) {
			iwe.u.bitrate.value = ((bss->supp_rates[i] &
							0x7f) * 500000);
4208
			p = iwe_stream_add_value(info, current_ev, p,
4209 4210 4211 4212 4213 4214 4215 4216 4217 4218 4219 4220 4221
					end_buf, &iwe, IW_EV_PARAM_LEN);
		}
		current_ev = p;
	}

	if (bss) {
		char *buf;
		buf = kmalloc(30, GFP_ATOMIC);
		if (buf) {
			memset(&iwe, 0, sizeof(iwe));
			iwe.cmd = IWEVCUSTOM;
			sprintf(buf, "tsf=%016llx", (unsigned long long)(bss->timestamp));
			iwe.u.data.length = strlen(buf);
4222 4223
			current_ev = iwe_stream_add_point(info, current_ev,
							  end_buf,
4224
							  &iwe, buf);
4225 4226 4227 4228 4229 4230 4231
			memset(&iwe, 0, sizeof(iwe));
			iwe.cmd = IWEVCUSTOM;
			sprintf(buf, " Last beacon: %dms ago",
				jiffies_to_msecs(jiffies - bss->last_update));
			iwe.u.data.length = strlen(buf);
			current_ev = iwe_stream_add_point(info, current_ev,
							  end_buf, &iwe, buf);
4232 4233 4234 4235
			kfree(buf);
		}
	}

J
Johannes Berg 已提交
4236
	if (bss_mesh_cfg(bss)) {
4237
		char *buf;
4238
		u8 *cfg = bss_mesh_cfg(bss);
4239
		buf = kmalloc(50, GFP_ATOMIC);
4240 4241 4242
		if (buf) {
			memset(&iwe, 0, sizeof(iwe));
			iwe.cmd = IWEVCUSTOM;
4243
			sprintf(buf, "Mesh network (version %d)", cfg[0]);
4244
			iwe.u.data.length = strlen(buf);
4245 4246
			current_ev = iwe_stream_add_point(info, current_ev,
							  end_buf,
4247 4248
							  &iwe, buf);
			sprintf(buf, "Path Selection Protocol ID: "
4249 4250
				"0x%02X%02X%02X%02X", cfg[1], cfg[2], cfg[3],
							cfg[4]);
4251
			iwe.u.data.length = strlen(buf);
4252 4253
			current_ev = iwe_stream_add_point(info, current_ev,
							  end_buf,
4254 4255
							  &iwe, buf);
			sprintf(buf, "Path Selection Metric ID: "
4256 4257
				"0x%02X%02X%02X%02X", cfg[5], cfg[6], cfg[7],
							cfg[8]);
4258
			iwe.u.data.length = strlen(buf);
4259 4260
			current_ev = iwe_stream_add_point(info, current_ev,
							  end_buf,
4261 4262
							  &iwe, buf);
			sprintf(buf, "Congestion Control Mode ID: "
4263 4264
				"0x%02X%02X%02X%02X", cfg[9], cfg[10],
							cfg[11], cfg[12]);
4265
			iwe.u.data.length = strlen(buf);
4266 4267
			current_ev = iwe_stream_add_point(info, current_ev,
							  end_buf,
4268 4269
							  &iwe, buf);
			sprintf(buf, "Channel Precedence: "
4270 4271
				"0x%02X%02X%02X%02X", cfg[13], cfg[14],
							cfg[15], cfg[16]);
4272
			iwe.u.data.length = strlen(buf);
4273 4274
			current_ev = iwe_stream_add_point(info, current_ev,
							  end_buf,
4275 4276 4277 4278 4279
							  &iwe, buf);
			kfree(buf);
		}
	}

4280 4281 4282 4283
	return current_ev;
}


4284
int ieee80211_sta_scan_results(struct ieee80211_local *local,
4285 4286
			       struct iw_request_info *info,
			       char *buf, size_t len)
4287 4288 4289 4290 4291 4292 4293 4294 4295 4296 4297
{
	char *current_ev = buf;
	char *end_buf = buf + len;
	struct ieee80211_sta_bss *bss;

	spin_lock_bh(&local->sta_bss_lock);
	list_for_each_entry(bss, &local->sta_bss_list, list) {
		if (buf + len - current_ev <= IW_EV_ADDR_LEN) {
			spin_unlock_bh(&local->sta_bss_lock);
			return -E2BIG;
		}
4298
		current_ev = ieee80211_sta_scan_result(local, info, bss,
4299
						       current_ev, end_buf);
4300 4301 4302 4303 4304 4305
	}
	spin_unlock_bh(&local->sta_bss_lock);
	return current_ev - buf;
}


4306
int ieee80211_sta_set_extra_ie(struct ieee80211_sub_if_data *sdata, char *ie, size_t len)
4307 4308
{
	struct ieee80211_if_sta *ifsta = &sdata->u.sta;
J
Johannes Berg 已提交
4309

4310 4311 4312 4313 4314 4315 4316 4317 4318 4319 4320 4321 4322 4323 4324 4325 4326
	kfree(ifsta->extra_ie);
	if (len == 0) {
		ifsta->extra_ie = NULL;
		ifsta->extra_ie_len = 0;
		return 0;
	}
	ifsta->extra_ie = kmalloc(len, GFP_KERNEL);
	if (!ifsta->extra_ie) {
		ifsta->extra_ie_len = 0;
		return -ENOMEM;
	}
	memcpy(ifsta->extra_ie, ie, len);
	ifsta->extra_ie_len = len;
	return 0;
}


4327
struct sta_info *ieee80211_ibss_add_sta(struct ieee80211_sub_if_data *sdata,
J
Johannes Berg 已提交
4328
					struct sk_buff *skb, u8 *bssid,
4329
					u8 *addr, u64 supp_rates)
4330
{
4331
	struct ieee80211_local *local = sdata->local;
4332
	struct sta_info *sta;
4333
	DECLARE_MAC_BUF(mac);
4334
	int band = local->hw.conf.channel->band;
4335 4336 4337 4338 4339 4340

	/* TODO: Could consider removing the least recently used entry and
	 * allow new one to be added. */
	if (local->num_sta >= IEEE80211_IBSS_MAX_STA_ENTRIES) {
		if (net_ratelimit()) {
			printk(KERN_DEBUG "%s: No room for a new IBSS STA "
4341
			       "entry %s\n", sdata->dev->name, print_mac(mac, addr));
4342 4343 4344 4345
		}
		return NULL;
	}

4346
	if (compare_ether_addr(bssid, sdata->u.sta.bssid))
4347 4348
		return NULL;

4349
#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
4350
	printk(KERN_DEBUG "%s: Adding new IBSS station %s (dev=%s)\n",
4351
	       wiphy_name(local->hw.wiphy), print_mac(mac, addr), sdata->dev->name);
4352
#endif
4353

J
Johannes Berg 已提交
4354 4355
	sta = sta_info_alloc(sdata, addr, GFP_ATOMIC);
	if (!sta)
4356 4357
		return NULL;

4358
	set_sta_flags(sta, WLAN_STA_AUTHORIZED);
4359

4360 4361 4362
	/* make sure mandatory rates are always added */
	sta->supp_rates[band] = supp_rates |
			ieee80211_sta_get_mandatory_rates(local, band);
4363 4364 4365

	rate_control_rate_init(sta, local);

4366
	if (sta_info_insert(sta))
J
Johannes Berg 已提交
4367 4368
		return NULL;

4369
	return sta;
4370 4371 4372
}


4373
int ieee80211_sta_deauthenticate(struct ieee80211_sub_if_data *sdata, u16 reason)
4374 4375 4376
{
	struct ieee80211_if_sta *ifsta = &sdata->u.sta;

4377
	printk(KERN_DEBUG "%s: deauthenticating by local choice (reason=%d)\n",
4378
	       sdata->dev->name, reason);
4379

4380 4381
	if (sdata->vif.type != IEEE80211_IF_TYPE_STA &&
	    sdata->vif.type != IEEE80211_IF_TYPE_IBSS)
4382 4383
		return -EINVAL;

4384 4385
	ieee80211_send_deauth(sdata, ifsta, reason);
	ieee80211_set_disassoc(sdata, ifsta, 1);
4386 4387 4388 4389
	return 0;
}


4390
int ieee80211_sta_disassociate(struct ieee80211_sub_if_data *sdata, u16 reason)
4391 4392 4393
{
	struct ieee80211_if_sta *ifsta = &sdata->u.sta;

4394
	printk(KERN_DEBUG "%s: disassociating by local choice (reason=%d)\n",
4395
	       sdata->dev->name, reason);
4396

4397
	if (sdata->vif.type != IEEE80211_IF_TYPE_STA)
4398 4399
		return -EINVAL;

4400
	if (!(ifsta->flags & IEEE80211_STA_ASSOCIATED))
4401 4402
		return -1;

4403 4404
	ieee80211_send_disassoc(sdata, ifsta, reason);
	ieee80211_set_disassoc(sdata, ifsta, 0);
4405 4406
	return 0;
}
4407 4408 4409 4410 4411 4412 4413 4414 4415 4416 4417

void ieee80211_notify_mac(struct ieee80211_hw *hw,
			  enum ieee80211_notification_types  notif_type)
{
	struct ieee80211_local *local = hw_to_local(hw);
	struct ieee80211_sub_if_data *sdata;

	switch (notif_type) {
	case IEEE80211_NOTIFY_RE_ASSOC:
		rcu_read_lock();
		list_for_each_entry_rcu(sdata, &local->interfaces, list) {
4418 4419
			if (sdata->vif.type != IEEE80211_IF_TYPE_STA)
				continue;
4420

4421
			ieee80211_sta_req_auth(sdata, &sdata->u.sta);
4422 4423 4424 4425 4426 4427
		}
		rcu_read_unlock();
		break;
	}
}
EXPORT_SYMBOL(ieee80211_notify_mac);