mlme.c 123.0 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
/*
 * BSS client mode implementation
 * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi>
 * Copyright 2004, Instant802 Networks, Inc.
 * Copyright 2005, Devicescape Software, Inc.
 * Copyright 2006-2007	Jiri Benc <jbenc@suse.cz>
 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 */

/* TODO:
 * order BSS list by RSSI(?) ("quality of AP")
 * scan result table filtering (by capability (privacy, IBSS/BSS, WPA/RSN IE,
 *    SSID)
 */
19
#include <linux/delay.h>
20 21 22 23 24 25 26
#include <linux/if_ether.h>
#include <linux/skbuff.h>
#include <linux/netdevice.h>
#include <linux/if_arp.h>
#include <linux/wireless.h>
#include <linux/random.h>
#include <linux/etherdevice.h>
27
#include <linux/rtnetlink.h>
28 29 30 31 32
#include <net/iw_handler.h>
#include <asm/types.h>

#include <net/mac80211.h>
#include "ieee80211_i.h"
J
Johannes Berg 已提交
33 34
#include "rate.h"
#include "led.h"
35
#include "mesh.h"
36 37 38 39 40 41

#define IEEE80211_AUTH_TIMEOUT (HZ / 5)
#define IEEE80211_AUTH_MAX_TRIES 3
#define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
#define IEEE80211_ASSOC_MAX_TRIES 3
#define IEEE80211_MONITORING_INTERVAL (2 * HZ)
42
#define IEEE80211_MESH_HOUSEKEEPING_INTERVAL (60 * HZ)
43 44 45 46
#define IEEE80211_PROBE_INTERVAL (60 * HZ)
#define IEEE80211_RETRY_AUTH_INTERVAL (1 * HZ)
#define IEEE80211_SCAN_INTERVAL (2 * HZ)
#define IEEE80211_SCAN_INTERVAL_SLOW (15 * HZ)
47
#define IEEE80211_IBSS_JOIN_TIMEOUT (7 * HZ)
48 49 50 51 52 53 54

#define IEEE80211_PROBE_DELAY (HZ / 33)
#define IEEE80211_CHANNEL_TIME (HZ / 33)
#define IEEE80211_PASSIVE_CHANNEL_TIME (HZ / 5)
#define IEEE80211_SCAN_RESULT_EXPIRE (10 * HZ)
#define IEEE80211_IBSS_MERGE_INTERVAL (30 * HZ)
#define IEEE80211_IBSS_INACTIVITY_LIMIT (60 * HZ)
55
#define IEEE80211_MESH_PEER_INACTIVITY_LIMIT (1800 * HZ)
56 57 58 59 60 61

#define IEEE80211_IBSS_MAX_STA_ENTRIES 128


#define ERP_INFO_USE_PROTECTION BIT(1)

62 63 64 65 66 67
/* mgmt header + 1 byte action code */
#define IEEE80211_MIN_ACTION_SIZE (24 + 1)

#define IEEE80211_ADDBA_PARAM_POLICY_MASK 0x0002
#define IEEE80211_ADDBA_PARAM_TID_MASK 0x003C
#define IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK 0xFFA0
68 69
#define IEEE80211_DELBA_PARAM_TID_MASK 0xF000
#define IEEE80211_DELBA_PARAM_INITIATOR_MASK 0x0800
70

71 72 73 74 75
/* next values represent the buffer size for A-MPDU frame.
 * According to IEEE802.11n spec size varies from 8K to 64K (in powers of 2) */
#define IEEE80211_MIN_AMPDU_BUF 0x8
#define IEEE80211_MAX_AMPDU_BUF 0x40

76
static void ieee80211_send_probe_req(struct ieee80211_sub_if_data *sdata, u8 *dst,
77 78
				     u8 *ssid, size_t ssid_len);
static struct ieee80211_sta_bss *
79
ieee80211_rx_bss_get(struct ieee80211_local *local, u8 *bssid, int freq,
80
		     u8 *ssid, u8 ssid_len);
81
static void ieee80211_rx_bss_put(struct ieee80211_local *local,
82
				 struct ieee80211_sta_bss *bss);
83
static int ieee80211_sta_find_ibss(struct ieee80211_sub_if_data *sdata,
84
				   struct ieee80211_if_sta *ifsta);
85 86
static int ieee80211_sta_wep_configured(struct ieee80211_sub_if_data *sdata);
static int ieee80211_sta_start_scan(struct ieee80211_sub_if_data *sdata,
87
				    u8 *ssid, size_t ssid_len);
88
static int ieee80211_sta_config_auth(struct ieee80211_sub_if_data *sdata,
89
				     struct ieee80211_if_sta *ifsta);
90
static void sta_rx_agg_session_timer_expired(unsigned long data);
91 92


93 94
void ieee802_11_parse_elems(u8 *start, size_t len,
			    struct ieee802_11_elems *elems)
95 96 97 98 99 100 101 102 103 104 105 106 107
{
	size_t left = len;
	u8 *pos = start;

	memset(elems, 0, sizeof(*elems));

	while (left >= 2) {
		u8 id, elen;

		id = *pos++;
		elen = *pos++;
		left -= 2;

108 109
		if (elen > left)
			return;
110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174

		switch (id) {
		case WLAN_EID_SSID:
			elems->ssid = pos;
			elems->ssid_len = elen;
			break;
		case WLAN_EID_SUPP_RATES:
			elems->supp_rates = pos;
			elems->supp_rates_len = elen;
			break;
		case WLAN_EID_FH_PARAMS:
			elems->fh_params = pos;
			elems->fh_params_len = elen;
			break;
		case WLAN_EID_DS_PARAMS:
			elems->ds_params = pos;
			elems->ds_params_len = elen;
			break;
		case WLAN_EID_CF_PARAMS:
			elems->cf_params = pos;
			elems->cf_params_len = elen;
			break;
		case WLAN_EID_TIM:
			elems->tim = pos;
			elems->tim_len = elen;
			break;
		case WLAN_EID_IBSS_PARAMS:
			elems->ibss_params = pos;
			elems->ibss_params_len = elen;
			break;
		case WLAN_EID_CHALLENGE:
			elems->challenge = pos;
			elems->challenge_len = elen;
			break;
		case WLAN_EID_WPA:
			if (elen >= 4 && pos[0] == 0x00 && pos[1] == 0x50 &&
			    pos[2] == 0xf2) {
				/* Microsoft OUI (00:50:F2) */
				if (pos[3] == 1) {
					/* OUI Type 1 - WPA IE */
					elems->wpa = pos;
					elems->wpa_len = elen;
				} else if (elen >= 5 && pos[3] == 2) {
					if (pos[4] == 0) {
						elems->wmm_info = pos;
						elems->wmm_info_len = elen;
					} else if (pos[4] == 1) {
						elems->wmm_param = pos;
						elems->wmm_param_len = elen;
					}
				}
			}
			break;
		case WLAN_EID_RSN:
			elems->rsn = pos;
			elems->rsn_len = elen;
			break;
		case WLAN_EID_ERP_INFO:
			elems->erp_info = pos;
			elems->erp_info_len = elen;
			break;
		case WLAN_EID_EXT_SUPP_RATES:
			elems->ext_supp_rates = pos;
			elems->ext_supp_rates_len = elen;
			break;
175 176 177 178 179 180 181 182
		case WLAN_EID_HT_CAPABILITY:
			elems->ht_cap_elem = pos;
			elems->ht_cap_elem_len = elen;
			break;
		case WLAN_EID_HT_EXTRA_INFO:
			elems->ht_info_elem = pos;
			elems->ht_info_elem_len = elen;
			break;
183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206
		case WLAN_EID_MESH_ID:
			elems->mesh_id = pos;
			elems->mesh_id_len = elen;
			break;
		case WLAN_EID_MESH_CONFIG:
			elems->mesh_config = pos;
			elems->mesh_config_len = elen;
			break;
		case WLAN_EID_PEER_LINK:
			elems->peer_link = pos;
			elems->peer_link_len = elen;
			break;
		case WLAN_EID_PREQ:
			elems->preq = pos;
			elems->preq_len = elen;
			break;
		case WLAN_EID_PREP:
			elems->prep = pos;
			elems->prep_len = elen;
			break;
		case WLAN_EID_PERR:
			elems->perr = pos;
			elems->perr_len = elen;
			break;
207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225
		case WLAN_EID_CHANNEL_SWITCH:
			elems->ch_switch_elem = pos;
			elems->ch_switch_elem_len = elen;
			break;
		case WLAN_EID_QUIET:
			if (!elems->quiet_elem) {
				elems->quiet_elem = pos;
				elems->quiet_elem_len = elen;
			}
			elems->num_of_quiet_elem++;
			break;
		case WLAN_EID_COUNTRY:
			elems->country_elem = pos;
			elems->country_elem_len = elen;
			break;
		case WLAN_EID_PWR_CONSTRAINT:
			elems->pwr_constr_elem = pos;
			elems->pwr_constr_elem_len = elen;
			break;
226 227 228 229 230 231 232 233 234 235 236 237
		default:
			break;
		}

		left -= elen;
		pos += elen;
	}
}


static int ecw2cw(int ecw)
{
238
	return (1 << ecw) - 1;
239 240
}

241

242
static void ieee80211_sta_def_wmm_params(struct ieee80211_sub_if_data *sdata,
243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277
					 struct ieee80211_sta_bss *bss,
					 int ibss)
{
	struct ieee80211_local *local = sdata->local;
	int i, have_higher_than_11mbit = 0;


	/* cf. IEEE 802.11 9.2.12 */
	for (i = 0; i < bss->supp_rates_len; i++)
		if ((bss->supp_rates[i] & 0x7f) * 5 > 110)
			have_higher_than_11mbit = 1;

	if (local->hw.conf.channel->band == IEEE80211_BAND_2GHZ &&
	    have_higher_than_11mbit)
		sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE;
	else
		sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE;


	if (local->ops->conf_tx) {
		struct ieee80211_tx_queue_params qparam;

		memset(&qparam, 0, sizeof(qparam));

		qparam.aifs = 2;

		if (local->hw.conf.channel->band == IEEE80211_BAND_2GHZ &&
		    !(sdata->flags & IEEE80211_SDATA_OPERATING_GMODE))
			qparam.cw_min = 31;
		else
			qparam.cw_min = 15;

		qparam.cw_max = 1023;
		qparam.txop = 0;

J
Johannes Berg 已提交
278 279
		for (i = 0; i < local_to_hw(local)->queues; i++)
			local->ops->conf_tx(local_to_hw(local), i, &qparam);
280 281 282
	}
}

283
static void ieee80211_sta_wmm_params(struct ieee80211_local *local,
284 285 286 287 288 289 290 291
				     struct ieee80211_if_sta *ifsta,
				     u8 *wmm_param, size_t wmm_param_len)
{
	struct ieee80211_tx_queue_params params;
	size_t left;
	int count;
	u8 *pos;

292 293 294 295 296 297
	if (!(ifsta->flags & IEEE80211_STA_WMM_ENABLED))
		return;

	if (!wmm_param)
		return;

298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320
	if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1)
		return;
	count = wmm_param[6] & 0x0f;
	if (count == ifsta->wmm_last_param_set)
		return;
	ifsta->wmm_last_param_set = count;

	pos = wmm_param + 8;
	left = wmm_param_len - 8;

	memset(&params, 0, sizeof(params));

	if (!local->ops->conf_tx)
		return;

	local->wmm_acm = 0;
	for (; left >= 4; left -= 4, pos += 4) {
		int aci = (pos[0] >> 5) & 0x03;
		int acm = (pos[0] >> 4) & 0x01;
		int queue;

		switch (aci) {
		case 1:
J
Johannes Berg 已提交
321
			queue = 3;
J
Johannes Berg 已提交
322
			if (acm)
323 324 325
				local->wmm_acm |= BIT(0) | BIT(3);
			break;
		case 2:
J
Johannes Berg 已提交
326
			queue = 1;
J
Johannes Berg 已提交
327
			if (acm)
328 329 330
				local->wmm_acm |= BIT(4) | BIT(5);
			break;
		case 3:
J
Johannes Berg 已提交
331
			queue = 0;
J
Johannes Berg 已提交
332
			if (acm)
333 334 335 336
				local->wmm_acm |= BIT(6) | BIT(7);
			break;
		case 0:
		default:
J
Johannes Berg 已提交
337
			queue = 2;
J
Johannes Berg 已提交
338
			if (acm)
339 340 341 342 343 344 345
				local->wmm_acm |= BIT(1) | BIT(2);
			break;
		}

		params.aifs = pos[0] & 0x0f;
		params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4);
		params.cw_min = ecw2cw(pos[1] & 0x0f);
346
		params.txop = get_unaligned_le16(pos + 2);
347
#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
348
		printk(KERN_DEBUG "%s: WMM queue=%d aci=%d acm=%d aifs=%d "
349
		       "cWmin=%d cWmax=%d txop=%d\n",
350
		       local->mdev->name, queue, aci, acm, params.aifs, params.cw_min,
351 352
		       params.cw_max, params.txop);
#endif
353 354 355 356
		/* TODO: handle ACM (block TX, fallback to next lowest allowed
		 * AC for now) */
		if (local->ops->conf_tx(local_to_hw(local), queue, &params)) {
			printk(KERN_DEBUG "%s: failed to set TX queue "
357
			       "parameters for queue %d\n", local->mdev->name, queue);
358 359 360 361
		}
	}
}

362 363 364
static u32 ieee80211_handle_protect_preamb(struct ieee80211_sub_if_data *sdata,
					   bool use_protection,
					   bool use_short_preamble)
365
{
366
	struct ieee80211_bss_conf *bss_conf = &sdata->bss_conf;
367
#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
368
	struct ieee80211_if_sta *ifsta = &sdata->u.sta;
369
	DECLARE_MAC_BUF(mac);
370
#endif
371
	u32 changed = 0;
372

373
	if (use_protection != bss_conf->use_cts_prot) {
374
#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
375 376
		if (net_ratelimit()) {
			printk(KERN_DEBUG "%s: CTS protection %s (BSSID="
377
			       "%s)\n",
378
			       sdata->dev->name,
379
			       use_protection ? "enabled" : "disabled",
380
			       print_mac(mac, ifsta->bssid));
381
		}
382
#endif
383 384
		bss_conf->use_cts_prot = use_protection;
		changed |= BSS_CHANGED_ERP_CTS_PROT;
385
	}
386

387
	if (use_short_preamble != bss_conf->use_short_preamble) {
388
#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
389 390
		if (net_ratelimit()) {
			printk(KERN_DEBUG "%s: switched to %s barker preamble"
391
			       " (BSSID=%s)\n",
392
			       sdata->dev->name,
393
			       use_short_preamble ? "short" : "long",
394
			       print_mac(mac, ifsta->bssid));
395
		}
396
#endif
397
		bss_conf->use_short_preamble = use_short_preamble;
398
		changed |= BSS_CHANGED_ERP_PREAMBLE;
399
	}
400

401
	return changed;
402 403
}

404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429
static u32 ieee80211_handle_erp_ie(struct ieee80211_sub_if_data *sdata,
				   u8 erp_value)
{
	bool use_protection = (erp_value & WLAN_ERP_USE_PROTECTION) != 0;
	bool use_short_preamble = (erp_value & WLAN_ERP_BARKER_PREAMBLE) == 0;

	return ieee80211_handle_protect_preamb(sdata,
			use_protection, use_short_preamble);
}

static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata,
					   struct ieee80211_sta_bss *bss)
{
	u32 changed = 0;

	if (bss->has_erp_value)
		changed |= ieee80211_handle_erp_ie(sdata, bss->erp_value);
	else {
		u16 capab = bss->capability;
		changed |= ieee80211_handle_protect_preamb(sdata, false,
				(capab & WLAN_CAPABILITY_SHORT_PREAMBLE) != 0);
	}

	return changed;
}

430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474
int ieee80211_ht_cap_ie_to_ht_info(struct ieee80211_ht_cap *ht_cap_ie,
				   struct ieee80211_ht_info *ht_info)
{

	if (ht_info == NULL)
		return -EINVAL;

	memset(ht_info, 0, sizeof(*ht_info));

	if (ht_cap_ie) {
		u8 ampdu_info = ht_cap_ie->ampdu_params_info;

		ht_info->ht_supported = 1;
		ht_info->cap = le16_to_cpu(ht_cap_ie->cap_info);
		ht_info->ampdu_factor =
			ampdu_info & IEEE80211_HT_CAP_AMPDU_FACTOR;
		ht_info->ampdu_density =
			(ampdu_info & IEEE80211_HT_CAP_AMPDU_DENSITY) >> 2;
		memcpy(ht_info->supp_mcs_set, ht_cap_ie->supp_mcs_set, 16);
	} else
		ht_info->ht_supported = 0;

	return 0;
}

int ieee80211_ht_addt_info_ie_to_ht_bss_info(
			struct ieee80211_ht_addt_info *ht_add_info_ie,
			struct ieee80211_ht_bss_info *bss_info)
{
	if (bss_info == NULL)
		return -EINVAL;

	memset(bss_info, 0, sizeof(*bss_info));

	if (ht_add_info_ie) {
		u16 op_mode;
		op_mode = le16_to_cpu(ht_add_info_ie->operation_mode);

		bss_info->primary_channel = ht_add_info_ie->control_chan;
		bss_info->bss_cap = ht_add_info_ie->ht_param;
		bss_info->bss_op_mode = (u8)(op_mode & 0xff);
	}

	return 0;
}
475

476
static void ieee80211_sta_send_associnfo(struct ieee80211_sub_if_data *sdata,
477 478 479 480 481 482 483 484 485 486 487
					 struct ieee80211_if_sta *ifsta)
{
	char *buf;
	size_t len;
	int i;
	union iwreq_data wrqu;

	if (!ifsta->assocreq_ies && !ifsta->assocresp_ies)
		return;

	buf = kmalloc(50 + 2 * (ifsta->assocreq_ies_len +
488
				ifsta->assocresp_ies_len), GFP_KERNEL);
489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520
	if (!buf)
		return;

	len = sprintf(buf, "ASSOCINFO(");
	if (ifsta->assocreq_ies) {
		len += sprintf(buf + len, "ReqIEs=");
		for (i = 0; i < ifsta->assocreq_ies_len; i++) {
			len += sprintf(buf + len, "%02x",
				       ifsta->assocreq_ies[i]);
		}
	}
	if (ifsta->assocresp_ies) {
		if (ifsta->assocreq_ies)
			len += sprintf(buf + len, " ");
		len += sprintf(buf + len, "RespIEs=");
		for (i = 0; i < ifsta->assocresp_ies_len; i++) {
			len += sprintf(buf + len, "%02x",
				       ifsta->assocresp_ies[i]);
		}
	}
	len += sprintf(buf + len, ")");

	if (len > IW_CUSTOM_MAX) {
		len = sprintf(buf, "ASSOCRESPIE=");
		for (i = 0; i < ifsta->assocresp_ies_len; i++) {
			len += sprintf(buf + len, "%02x",
				       ifsta->assocresp_ies[i]);
		}
	}

	memset(&wrqu, 0, sizeof(wrqu));
	wrqu.data.length = len;
521
	wireless_send_event(sdata->dev, IWEVCUSTOM, &wrqu, buf);
522 523 524 525 526

	kfree(buf);
}


527
static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
528
				     struct ieee80211_if_sta *ifsta,
529
				     bool assoc)
530
{
531
	struct ieee80211_local *local = sdata->local;
T
Tomas Winkler 已提交
532
	struct ieee80211_conf *conf = &local_to_hw(local)->conf;
533
	union iwreq_data wrqu;
534
	u32 changed = BSS_CHANGED_ASSOC;
535 536

	if (assoc) {
537
		struct ieee80211_sta_bss *bss;
538 539 540

		ifsta->flags |= IEEE80211_STA_ASSOCIATED;

541
		if (sdata->vif.type != IEEE80211_IF_TYPE_STA)
542
			return;
543

544
		bss = ieee80211_rx_bss_get(local, ifsta->bssid,
T
Tomas Winkler 已提交
545
					   conf->channel->center_freq,
546
					   ifsta->ssid, ifsta->ssid_len);
547
		if (bss) {
548 549 550
			/* set timing information */
			sdata->bss_conf.beacon_int = bss->beacon_int;
			sdata->bss_conf.timestamp = bss->timestamp;
551
			sdata->bss_conf.dtim_period = bss->dtim_period;
552

553
			changed |= ieee80211_handle_bss_capability(sdata, bss);
554

555
			ieee80211_rx_bss_put(local, bss);
556 557
		}

T
Tomas Winkler 已提交
558 559 560 561 562 563 564
		if (conf->flags & IEEE80211_CONF_SUPPORT_HT_MODE) {
			changed |= BSS_CHANGED_HT;
			sdata->bss_conf.assoc_ht = 1;
			sdata->bss_conf.ht_conf = &conf->ht_conf;
			sdata->bss_conf.ht_bss_conf = &conf->ht_bss_conf;
		}

565
		ifsta->flags |= IEEE80211_STA_PREV_BSSID_SET;
566 567
		memcpy(ifsta->prev_bssid, sdata->u.sta.bssid, ETH_ALEN);
		memcpy(wrqu.ap_addr.sa_data, sdata->u.sta.bssid, ETH_ALEN);
568
		ieee80211_sta_send_associnfo(sdata, ifsta);
569
	} else {
570 571
		netif_carrier_off(sdata->dev);
		ieee80211_sta_tear_down_BA_sessions(sdata, ifsta->bssid);
572
		ifsta->flags &= ~IEEE80211_STA_ASSOCIATED;
573
		changed |= ieee80211_reset_erp_info(sdata);
T
Tomas Winkler 已提交
574 575 576 577 578

		sdata->bss_conf.assoc_ht = 0;
		sdata->bss_conf.ht_conf = NULL;
		sdata->bss_conf.ht_bss_conf = NULL;

579 580 581
		memset(wrqu.ap_addr.sa_data, 0, ETH_ALEN);
	}
	ifsta->last_probe = jiffies;
582
	ieee80211_led_assoc(local, assoc);
583

584
	sdata->bss_conf.assoc = assoc;
585
	ieee80211_bss_info_change_notify(sdata, changed);
586 587

	if (assoc)
588
		netif_carrier_on(sdata->dev);
589

590
	wrqu.ap_addr.sa_family = ARPHRD_ETHER;
591
	wireless_send_event(sdata->dev, SIOCGIWAP, &wrqu, NULL);
592 593
}

594
static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
595 596 597 598 599
				   struct ieee80211_if_sta *ifsta, int deauth)
{
	if (deauth)
		ifsta->auth_tries = 0;
	ifsta->assoc_tries = 0;
600
	ieee80211_set_associated(sdata, ifsta, 0);
601 602
}

603
void ieee80211_sta_tx(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb,
604
		      int encrypt)
605 606 607 608 609 610
{
	skb->dev = sdata->local->mdev;
	skb_set_mac_header(skb, 0);
	skb_set_network_header(skb, 0);
	skb_set_transport_header(skb, 0);

611 612
	skb->iif = sdata->dev->ifindex;
	skb->do_not_encrypt = !encrypt;
613 614 615 616 617

	dev_queue_xmit(skb);
}


618
static void ieee80211_send_auth(struct ieee80211_sub_if_data *sdata,
619 620 621 622
				struct ieee80211_if_sta *ifsta,
				int transaction, u8 *extra, size_t extra_len,
				int encrypt)
{
623
	struct ieee80211_local *local = sdata->local;
624 625 626 627 628 629 630
	struct sk_buff *skb;
	struct ieee80211_mgmt *mgmt;

	skb = dev_alloc_skb(local->hw.extra_tx_headroom +
			    sizeof(*mgmt) + 6 + extra_len);
	if (!skb) {
		printk(KERN_DEBUG "%s: failed to allocate buffer for auth "
631
		       "frame\n", sdata->dev->name);
632 633 634 635 636 637
		return;
	}
	skb_reserve(skb, local->hw.extra_tx_headroom);

	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24 + 6);
	memset(mgmt, 0, 24 + 6);
638 639
	mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
					  IEEE80211_STYPE_AUTH);
640 641 642
	if (encrypt)
		mgmt->frame_control |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
	memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
643
	memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
644 645 646 647 648 649 650 651
	memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
	mgmt->u.auth.auth_alg = cpu_to_le16(ifsta->auth_alg);
	mgmt->u.auth.auth_transaction = cpu_to_le16(transaction);
	ifsta->auth_transaction = transaction + 1;
	mgmt->u.auth.status_code = cpu_to_le16(0);
	if (extra)
		memcpy(skb_put(skb, extra_len), extra, extra_len);

652
	ieee80211_sta_tx(sdata, skb, encrypt);
653 654 655
}


656
static void ieee80211_authenticate(struct ieee80211_sub_if_data *sdata,
657 658
				   struct ieee80211_if_sta *ifsta)
{
659 660
	DECLARE_MAC_BUF(mac);

661 662
	ifsta->auth_tries++;
	if (ifsta->auth_tries > IEEE80211_AUTH_MAX_TRIES) {
663
		printk(KERN_DEBUG "%s: authentication with AP %s"
664
		       " timed out\n",
665
		       sdata->dev->name, print_mac(mac, ifsta->bssid));
666
		ifsta->state = IEEE80211_STA_MLME_DISABLED;
667 668 669
		return;
	}

670
	ifsta->state = IEEE80211_STA_MLME_AUTHENTICATE;
671
	printk(KERN_DEBUG "%s: authenticate with AP %s\n",
672
	       sdata->dev->name, print_mac(mac, ifsta->bssid));
673

674
	ieee80211_send_auth(sdata, ifsta, 1, NULL, 0, 0);
675 676 677 678

	mod_timer(&ifsta->timer, jiffies + IEEE80211_AUTH_TIMEOUT);
}

679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698
static int ieee80211_compatible_rates(struct ieee80211_sta_bss *bss,
				      struct ieee80211_supported_band *sband,
				      u64 *rates)
{
	int i, j, count;
	*rates = 0;
	count = 0;
	for (i = 0; i < bss->supp_rates_len; i++) {
		int rate = (bss->supp_rates[i] & 0x7F) * 5;

		for (j = 0; j < sband->n_bitrates; j++)
			if (sband->bitrates[j].bitrate == rate) {
				*rates |= BIT(j);
				count++;
				break;
			}
	}

	return count;
}
699

700
static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata,
701 702
				 struct ieee80211_if_sta *ifsta)
{
703
	struct ieee80211_local *local = sdata->local;
704 705 706
	struct sk_buff *skb;
	struct ieee80211_mgmt *mgmt;
	u8 *pos, *ies;
707
	int i, len, count, rates_len, supp_rates_len;
708 709 710
	u16 capab;
	struct ieee80211_sta_bss *bss;
	int wmm = 0;
711
	struct ieee80211_supported_band *sband;
712
	u64 rates = 0;
713 714 715 716 717 718

	skb = dev_alloc_skb(local->hw.extra_tx_headroom +
			    sizeof(*mgmt) + 200 + ifsta->extra_ie_len +
			    ifsta->ssid_len);
	if (!skb) {
		printk(KERN_DEBUG "%s: failed to allocate buffer for assoc "
719
		       "frame\n", sdata->dev->name);
720 721 722 723
		return;
	}
	skb_reserve(skb, local->hw.extra_tx_headroom);

724 725
	sband = local->hw.wiphy->bands[local->hw.conf.channel->band];

726
	capab = ifsta->capab;
727 728 729 730 731 732

	if (local->hw.conf.channel->band == IEEE80211_BAND_2GHZ) {
		if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE))
			capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
		if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE))
			capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
733
	}
734

735
	bss = ieee80211_rx_bss_get(local, ifsta->bssid,
736
				   local->hw.conf.channel->center_freq,
737
				   ifsta->ssid, ifsta->ssid_len);
738 739 740
	if (bss) {
		if (bss->capability & WLAN_CAPABILITY_PRIVACY)
			capab |= WLAN_CAPABILITY_PRIVACY;
J
Johannes Berg 已提交
741
		if (bss->wmm_ie)
742
			wmm = 1;
743 744 745 746 747 748 749

		/* get all rates supported by the device and the AP as
		 * some APs don't like getting a superset of their rates
		 * in the association request (e.g. D-Link DAP 1353 in
		 * b-only mode) */
		rates_len = ieee80211_compatible_rates(bss, sband, &rates);

750 751 752 753
		if ((bss->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) &&
		    (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT))
			capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;

754
		ieee80211_rx_bss_put(local, bss);
755 756 757
	} else {
		rates = ~0;
		rates_len = sband->n_bitrates;
758 759 760 761 762
	}

	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
	memset(mgmt, 0, 24);
	memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
763
	memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
764 765
	memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);

766
	if (ifsta->flags & IEEE80211_STA_PREV_BSSID_SET) {
767
		skb_put(skb, 10);
768 769
		mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
						  IEEE80211_STYPE_REASSOC_REQ);
770
		mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab);
771 772
		mgmt->u.reassoc_req.listen_interval =
				cpu_to_le16(local->hw.conf.listen_interval);
773 774 775 776
		memcpy(mgmt->u.reassoc_req.current_ap, ifsta->prev_bssid,
		       ETH_ALEN);
	} else {
		skb_put(skb, 4);
777 778
		mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
						  IEEE80211_STYPE_ASSOC_REQ);
779
		mgmt->u.assoc_req.capab_info = cpu_to_le16(capab);
780 781
		mgmt->u.reassoc_req.listen_interval =
				cpu_to_le16(local->hw.conf.listen_interval);
782 783 784 785 786 787 788 789
	}

	/* SSID */
	ies = pos = skb_put(skb, 2 + ifsta->ssid_len);
	*pos++ = WLAN_EID_SSID;
	*pos++ = ifsta->ssid_len;
	memcpy(pos, ifsta->ssid, ifsta->ssid_len);

790
	/* add all rates which were marked to be used above */
791 792 793 794
	supp_rates_len = rates_len;
	if (supp_rates_len > 8)
		supp_rates_len = 8;

795
	len = sband->n_bitrates;
796
	pos = skb_put(skb, supp_rates_len + 2);
797
	*pos++ = WLAN_EID_SUPP_RATES;
798
	*pos++ = supp_rates_len;
799

800 801 802
	count = 0;
	for (i = 0; i < sband->n_bitrates; i++) {
		if (BIT(i) & rates) {
803
			int rate = sband->bitrates[i].bitrate;
804
			*pos++ = (u8) (rate / 5);
805 806 807 808 809 810 811 812 813 814 815 816 817 818 819
			if (++count == 8)
				break;
		}
	}

	if (count == 8) {
		pos = skb_put(skb, rates_len - count + 2);
		*pos++ = WLAN_EID_EXT_SUPP_RATES;
		*pos++ = rates_len - count;

		for (i++; i < sband->n_bitrates; i++) {
			if (BIT(i) & rates) {
				int rate = sband->bitrates[i].bitrate;
				*pos++ = (u8) (rate / 5);
			}
820 821 822
		}
	}

823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842
	if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) {
		/* 1. power capabilities */
		pos = skb_put(skb, 4);
		*pos++ = WLAN_EID_PWR_CAPABILITY;
		*pos++ = 2;
		*pos++ = 0; /* min tx power */
		*pos++ = local->hw.conf.channel->max_power; /* max tx power */

		/* 2. supported channels */
		/* TODO: get this in reg domain format */
		pos = skb_put(skb, 2 * sband->n_channels + 2);
		*pos++ = WLAN_EID_SUPPORTED_CHANNELS;
		*pos++ = 2 * sband->n_channels;
		for (i = 0; i < sband->n_channels; i++) {
			*pos++ = ieee80211_frequency_to_channel(
					sband->channels[i].center_freq);
			*pos++ = 1; /* one channel in the subband*/
		}
	}

843 844 845 846 847
	if (ifsta->extra_ie) {
		pos = skb_put(skb, ifsta->extra_ie_len);
		memcpy(pos, ifsta->extra_ie, ifsta->extra_ie_len);
	}

848
	if (wmm && (ifsta->flags & IEEE80211_STA_WMM_ENABLED)) {
849 850 851 852 853 854 855 856 857 858 859
		pos = skb_put(skb, 9);
		*pos++ = WLAN_EID_VENDOR_SPECIFIC;
		*pos++ = 7; /* len */
		*pos++ = 0x00; /* Microsoft OUI 00:50:F2 */
		*pos++ = 0x50;
		*pos++ = 0xf2;
		*pos++ = 2; /* WME */
		*pos++ = 0; /* WME info */
		*pos++ = 1; /* WME ver */
		*pos++ = 0;
	}
860

861
	/* wmm support is a must to HT */
862
	if (wmm && (ifsta->flags & IEEE80211_STA_WMM_ENABLED) &&
863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885
	    sband->ht_info.ht_supported && bss->ht_add_ie) {
		struct ieee80211_ht_addt_info *ht_add_info =
			(struct ieee80211_ht_addt_info *)bss->ht_add_ie;
		u16 cap = sband->ht_info.cap;
		__le16 tmp;
		u32 flags = local->hw.conf.channel->flags;

		switch (ht_add_info->ht_param & IEEE80211_HT_IE_CHA_SEC_OFFSET) {
		case IEEE80211_HT_IE_CHA_SEC_ABOVE:
			if (flags & IEEE80211_CHAN_NO_FAT_ABOVE) {
				cap &= ~IEEE80211_HT_CAP_SUP_WIDTH;
				cap &= ~IEEE80211_HT_CAP_SGI_40;
			}
			break;
		case IEEE80211_HT_IE_CHA_SEC_BELOW:
			if (flags & IEEE80211_CHAN_NO_FAT_BELOW) {
				cap &= ~IEEE80211_HT_CAP_SUP_WIDTH;
				cap &= ~IEEE80211_HT_CAP_SGI_40;
			}
			break;
		}

		tmp = cpu_to_le16(cap);
886 887 888 889 890 891
		pos = skb_put(skb, sizeof(struct ieee80211_ht_cap)+2);
		*pos++ = WLAN_EID_HT_CAPABILITY;
		*pos++ = sizeof(struct ieee80211_ht_cap);
		memset(pos, 0, sizeof(struct ieee80211_ht_cap));
		memcpy(pos, &tmp, sizeof(u16));
		pos += sizeof(u16);
892 893 894 895
		/* TODO: needs a define here for << 2 */
		*pos++ = sband->ht_info.ampdu_factor |
			 (sband->ht_info.ampdu_density << 2);
		memcpy(pos, sband->ht_info.supp_mcs_set, 16);
896
	}
897 898 899

	kfree(ifsta->assocreq_ies);
	ifsta->assocreq_ies_len = (skb->data + skb->len) - ies;
900
	ifsta->assocreq_ies = kmalloc(ifsta->assocreq_ies_len, GFP_KERNEL);
901 902 903
	if (ifsta->assocreq_ies)
		memcpy(ifsta->assocreq_ies, ies, ifsta->assocreq_ies_len);

904
	ieee80211_sta_tx(sdata, skb, 0);
905 906 907
}


908
static void ieee80211_send_deauth(struct ieee80211_sub_if_data *sdata,
909 910
				  struct ieee80211_if_sta *ifsta, u16 reason)
{
911
	struct ieee80211_local *local = sdata->local;
912 913 914 915 916 917
	struct sk_buff *skb;
	struct ieee80211_mgmt *mgmt;

	skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt));
	if (!skb) {
		printk(KERN_DEBUG "%s: failed to allocate buffer for deauth "
918
		       "frame\n", sdata->dev->name);
919 920 921 922 923 924 925
		return;
	}
	skb_reserve(skb, local->hw.extra_tx_headroom);

	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
	memset(mgmt, 0, 24);
	memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
926
	memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
927
	memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
928 929
	mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
					  IEEE80211_STYPE_DEAUTH);
930 931 932
	skb_put(skb, 2);
	mgmt->u.deauth.reason_code = cpu_to_le16(reason);

933
	ieee80211_sta_tx(sdata, skb, 0);
934 935 936
}


937
static void ieee80211_send_disassoc(struct ieee80211_sub_if_data *sdata,
938 939
				    struct ieee80211_if_sta *ifsta, u16 reason)
{
940
	struct ieee80211_local *local = sdata->local;
941 942 943 944 945 946
	struct sk_buff *skb;
	struct ieee80211_mgmt *mgmt;

	skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt));
	if (!skb) {
		printk(KERN_DEBUG "%s: failed to allocate buffer for disassoc "
947
		       "frame\n", sdata->dev->name);
948 949 950 951 952 953 954
		return;
	}
	skb_reserve(skb, local->hw.extra_tx_headroom);

	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
	memset(mgmt, 0, 24);
	memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
955
	memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
956
	memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
957 958
	mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
					  IEEE80211_STYPE_DISASSOC);
959 960 961
	skb_put(skb, 2);
	mgmt->u.disassoc.reason_code = cpu_to_le16(reason);

962
	ieee80211_sta_tx(sdata, skb, 0);
963 964 965
}


966
static int ieee80211_privacy_mismatch(struct ieee80211_sub_if_data *sdata,
967 968
				      struct ieee80211_if_sta *ifsta)
{
969
	struct ieee80211_local *local = sdata->local;
970
	struct ieee80211_sta_bss *bss;
971 972 973
	int bss_privacy;
	int wep_privacy;
	int privacy_invoked;
974

975
	if (!ifsta || (ifsta->flags & IEEE80211_STA_MIXED_CELL))
976 977
		return 0;

978
	bss = ieee80211_rx_bss_get(local, ifsta->bssid,
979
				   local->hw.conf.channel->center_freq,
980
				   ifsta->ssid, ifsta->ssid_len);
981 982 983
	if (!bss)
		return 0;

984
	bss_privacy = !!(bss->capability & WLAN_CAPABILITY_PRIVACY);
985
	wep_privacy = !!ieee80211_sta_wep_configured(sdata);
986
	privacy_invoked = !!(ifsta->flags & IEEE80211_STA_PRIVACY_INVOKED);
987

988
	ieee80211_rx_bss_put(local, bss);
989

990 991 992 993
	if ((bss_privacy == wep_privacy) || (bss_privacy == privacy_invoked))
		return 0;

	return 1;
994 995 996
}


997
static void ieee80211_associate(struct ieee80211_sub_if_data *sdata,
998 999
				struct ieee80211_if_sta *ifsta)
{
1000 1001
	DECLARE_MAC_BUF(mac);

1002 1003
	ifsta->assoc_tries++;
	if (ifsta->assoc_tries > IEEE80211_ASSOC_MAX_TRIES) {
1004
		printk(KERN_DEBUG "%s: association with AP %s"
1005
		       " timed out\n",
1006
		       sdata->dev->name, print_mac(mac, ifsta->bssid));
1007
		ifsta->state = IEEE80211_STA_MLME_DISABLED;
1008 1009 1010
		return;
	}

1011
	ifsta->state = IEEE80211_STA_MLME_ASSOCIATE;
1012
	printk(KERN_DEBUG "%s: associate with AP %s\n",
1013 1014
	       sdata->dev->name, print_mac(mac, ifsta->bssid));
	if (ieee80211_privacy_mismatch(sdata, ifsta)) {
1015
		printk(KERN_DEBUG "%s: mismatch in privacy configuration and "
1016
		       "mixed-cell disabled - abort association\n", sdata->dev->name);
1017
		ifsta->state = IEEE80211_STA_MLME_DISABLED;
1018 1019 1020
		return;
	}

1021
	ieee80211_send_assoc(sdata, ifsta);
1022 1023 1024 1025 1026

	mod_timer(&ifsta->timer, jiffies + IEEE80211_ASSOC_TIMEOUT);
}


1027
static void ieee80211_associated(struct ieee80211_sub_if_data *sdata,
1028 1029
				 struct ieee80211_if_sta *ifsta)
{
1030
	struct ieee80211_local *local = sdata->local;
1031 1032
	struct sta_info *sta;
	int disassoc;
1033
	DECLARE_MAC_BUF(mac);
1034 1035 1036 1037 1038 1039

	/* TODO: start monitoring current AP signal quality and number of
	 * missed beacons. Scan other channels every now and then and search
	 * for better APs. */
	/* TODO: remove expired BSSes */

1040
	ifsta->state = IEEE80211_STA_MLME_ASSOCIATED;
1041

1042 1043
	rcu_read_lock();

1044 1045
	sta = sta_info_get(local, ifsta->bssid);
	if (!sta) {
1046
		printk(KERN_DEBUG "%s: No STA entry for own AP %s\n",
1047
		       sdata->dev->name, print_mac(mac, ifsta->bssid));
1048 1049 1050 1051 1052
		disassoc = 1;
	} else {
		disassoc = 0;
		if (time_after(jiffies,
			       sta->last_rx + IEEE80211_MONITORING_INTERVAL)) {
1053
			if (ifsta->flags & IEEE80211_STA_PROBEREQ_POLL) {
1054
				printk(KERN_DEBUG "%s: No ProbeResp from "
1055
				       "current AP %s - assume out of "
1056
				       "range\n",
1057
				       sdata->dev->name, print_mac(mac, ifsta->bssid));
1058
				disassoc = 1;
1059
				sta_info_unlink(&sta);
1060
			} else
1061
				ieee80211_send_probe_req(sdata, ifsta->bssid,
1062 1063
							 local->scan_ssid,
							 local->scan_ssid_len);
1064
			ifsta->flags ^= IEEE80211_STA_PROBEREQ_POLL;
1065
		} else {
1066
			ifsta->flags &= ~IEEE80211_STA_PROBEREQ_POLL;
1067 1068 1069
			if (time_after(jiffies, ifsta->last_probe +
				       IEEE80211_PROBE_INTERVAL)) {
				ifsta->last_probe = jiffies;
1070
				ieee80211_send_probe_req(sdata, ifsta->bssid,
1071 1072 1073 1074 1075
							 ifsta->ssid,
							 ifsta->ssid_len);
			}
		}
	}
1076 1077 1078

	rcu_read_unlock();

1079
	if (disassoc && sta)
1080 1081
		sta_info_destroy(sta);

1082
	if (disassoc) {
1083
		ifsta->state = IEEE80211_STA_MLME_DISABLED;
1084
		ieee80211_set_associated(sdata, ifsta, 0);
1085 1086 1087 1088 1089 1090 1091
	} else {
		mod_timer(&ifsta->timer, jiffies +
				      IEEE80211_MONITORING_INTERVAL);
	}
}


1092
static void ieee80211_send_probe_req(struct ieee80211_sub_if_data *sdata, u8 *dst,
1093 1094
				     u8 *ssid, size_t ssid_len)
{
1095
	struct ieee80211_local *local = sdata->local;
1096
	struct ieee80211_supported_band *sband;
1097 1098 1099 1100 1101 1102 1103 1104
	struct sk_buff *skb;
	struct ieee80211_mgmt *mgmt;
	u8 *pos, *supp_rates, *esupp_rates = NULL;
	int i;

	skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt) + 200);
	if (!skb) {
		printk(KERN_DEBUG "%s: failed to allocate buffer for probe "
1105
		       "request\n", sdata->dev->name);
1106 1107 1108 1109 1110 1111
		return;
	}
	skb_reserve(skb, local->hw.extra_tx_headroom);

	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
	memset(mgmt, 0, 24);
1112 1113
	mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
					  IEEE80211_STYPE_PROBE_REQ);
1114
	memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129
	if (dst) {
		memcpy(mgmt->da, dst, ETH_ALEN);
		memcpy(mgmt->bssid, dst, ETH_ALEN);
	} else {
		memset(mgmt->da, 0xff, ETH_ALEN);
		memset(mgmt->bssid, 0xff, ETH_ALEN);
	}
	pos = skb_put(skb, 2 + ssid_len);
	*pos++ = WLAN_EID_SSID;
	*pos++ = ssid_len;
	memcpy(pos, ssid, ssid_len);

	supp_rates = skb_put(skb, 2);
	supp_rates[0] = WLAN_EID_SUPP_RATES;
	supp_rates[1] = 0;
1130 1131 1132 1133
	sband = local->hw.wiphy->bands[local->hw.conf.channel->band];

	for (i = 0; i < sband->n_bitrates; i++) {
		struct ieee80211_rate *rate = &sband->bitrates[i];
1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145
		if (esupp_rates) {
			pos = skb_put(skb, 1);
			esupp_rates[1]++;
		} else if (supp_rates[1] == 8) {
			esupp_rates = skb_put(skb, 3);
			esupp_rates[0] = WLAN_EID_EXT_SUPP_RATES;
			esupp_rates[1] = 1;
			pos = &esupp_rates[2];
		} else {
			pos = skb_put(skb, 1);
			supp_rates[1]++;
		}
1146
		*pos = rate->bitrate / 5;
1147 1148
	}

1149
	ieee80211_sta_tx(sdata, skb, 0);
1150 1151 1152
}


1153
static int ieee80211_sta_wep_configured(struct ieee80211_sub_if_data *sdata)
1154 1155
{
	if (!sdata || !sdata->default_key ||
1156
	    sdata->default_key->conf.alg != ALG_WEP)
1157 1158 1159 1160 1161
		return 0;
	return 1;
}


1162
static void ieee80211_auth_completed(struct ieee80211_sub_if_data *sdata,
1163 1164
				     struct ieee80211_if_sta *ifsta)
{
1165
	printk(KERN_DEBUG "%s: authenticated\n", sdata->dev->name);
1166
	ifsta->flags |= IEEE80211_STA_AUTHENTICATED;
1167
	ieee80211_associate(sdata, ifsta);
1168 1169 1170
}


1171
static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata,
1172 1173 1174 1175 1176 1177 1178 1179
				     struct ieee80211_if_sta *ifsta,
				     struct ieee80211_mgmt *mgmt,
				     size_t len)
{
	u8 *pos;
	struct ieee802_11_elems elems;

	pos = mgmt->u.auth.variable;
1180
	ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
1181
	if (!elems.challenge)
1182
		return;
1183
	ieee80211_send_auth(sdata, ifsta, 3, elems.challenge - 2,
1184 1185 1186
			    elems.challenge_len + 2, 1);
}

1187
static void ieee80211_send_addba_resp(struct ieee80211_sub_if_data *sdata, u8 *da, u16 tid,
1188 1189 1190 1191
					u8 dialog_token, u16 status, u16 policy,
					u16 buf_size, u16 timeout)
{
	struct ieee80211_if_sta *ifsta = &sdata->u.sta;
1192
	struct ieee80211_local *local = sdata->local;
1193 1194 1195 1196
	struct sk_buff *skb;
	struct ieee80211_mgmt *mgmt;
	u16 capab;

E
Ester Kummer 已提交
1197 1198
	skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom);

1199 1200
	if (!skb) {
		printk(KERN_DEBUG "%s: failed to allocate buffer "
1201
		       "for addba resp frame\n", sdata->dev->name);
1202 1203 1204 1205 1206 1207 1208
		return;
	}

	skb_reserve(skb, local->hw.extra_tx_headroom);
	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
	memset(mgmt, 0, 24);
	memcpy(mgmt->da, da, ETH_ALEN);
1209
	memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
1210
	if (sdata->vif.type == IEEE80211_IF_TYPE_AP)
1211
		memcpy(mgmt->bssid, sdata->dev->dev_addr, ETH_ALEN);
1212 1213
	else
		memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
1214 1215
	mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
					  IEEE80211_STYPE_ACTION);
1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229

	skb_put(skb, 1 + sizeof(mgmt->u.action.u.addba_resp));
	mgmt->u.action.category = WLAN_CATEGORY_BACK;
	mgmt->u.action.u.addba_resp.action_code = WLAN_ACTION_ADDBA_RESP;
	mgmt->u.action.u.addba_resp.dialog_token = dialog_token;

	capab = (u16)(policy << 1);	/* bit 1 aggregation policy */
	capab |= (u16)(tid << 2); 	/* bit 5:2 TID number */
	capab |= (u16)(buf_size << 6);	/* bit 15:6 max size of aggregation */

	mgmt->u.action.u.addba_resp.capab = cpu_to_le16(capab);
	mgmt->u.action.u.addba_resp.timeout = cpu_to_le16(timeout);
	mgmt->u.action.u.addba_resp.status = cpu_to_le16(status);

1230
	ieee80211_sta_tx(sdata, skb, 0);
1231 1232 1233 1234

	return;
}

1235
void ieee80211_send_addba_request(struct ieee80211_sub_if_data *sdata, const u8 *da,
1236 1237 1238
				u16 tid, u8 dialog_token, u16 start_seq_num,
				u16 agg_size, u16 timeout)
{
1239
	struct ieee80211_local *local = sdata->local;
1240 1241 1242 1243 1244
	struct ieee80211_if_sta *ifsta = &sdata->u.sta;
	struct sk_buff *skb;
	struct ieee80211_mgmt *mgmt;
	u16 capab;

E
Ester Kummer 已提交
1245
	skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom);
1246 1247 1248

	if (!skb) {
		printk(KERN_ERR "%s: failed to allocate buffer "
1249
				"for addba request frame\n", sdata->dev->name);
1250 1251 1252 1253 1254 1255
		return;
	}
	skb_reserve(skb, local->hw.extra_tx_headroom);
	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
	memset(mgmt, 0, 24);
	memcpy(mgmt->da, da, ETH_ALEN);
1256
	memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
1257
	if (sdata->vif.type == IEEE80211_IF_TYPE_AP)
1258
		memcpy(mgmt->bssid, sdata->dev->dev_addr, ETH_ALEN);
1259 1260 1261
	else
		memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);

1262 1263
	mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
					  IEEE80211_STYPE_ACTION);
1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276 1277 1278 1279 1280

	skb_put(skb, 1 + sizeof(mgmt->u.action.u.addba_req));

	mgmt->u.action.category = WLAN_CATEGORY_BACK;
	mgmt->u.action.u.addba_req.action_code = WLAN_ACTION_ADDBA_REQ;

	mgmt->u.action.u.addba_req.dialog_token = dialog_token;
	capab = (u16)(1 << 1);		/* bit 1 aggregation policy */
	capab |= (u16)(tid << 2); 	/* bit 5:2 TID number */
	capab |= (u16)(agg_size << 6);	/* bit 15:6 max size of aggergation */

	mgmt->u.action.u.addba_req.capab = cpu_to_le16(capab);

	mgmt->u.action.u.addba_req.timeout = cpu_to_le16(timeout);
	mgmt->u.action.u.addba_req.start_seq_num =
					cpu_to_le16(start_seq_num << 4);

1281
	ieee80211_sta_tx(sdata, skb, 0);
1282 1283
}

1284
static void ieee80211_sta_process_addba_request(struct ieee80211_local *local,
1285 1286 1287
						struct ieee80211_mgmt *mgmt,
						size_t len)
{
1288 1289
	struct ieee80211_hw *hw = &local->hw;
	struct ieee80211_conf *conf = &hw->conf;
1290
	struct sta_info *sta;
1291 1292
	struct tid_ampdu_rx *tid_agg_rx;
	u16 capab, tid, timeout, ba_policy, buf_size, start_seq_num, status;
1293
	u8 dialog_token;
1294 1295
	int ret = -EOPNOTSUPP;
	DECLARE_MAC_BUF(mac);
1296

1297 1298
	rcu_read_lock();

1299
	sta = sta_info_get(local, mgmt->sa);
1300 1301
	if (!sta) {
		rcu_read_unlock();
1302
		return;
1303
	}
1304 1305 1306 1307

	/* extract session parameters from addba request frame */
	dialog_token = mgmt->u.action.u.addba_req.dialog_token;
	timeout = le16_to_cpu(mgmt->u.action.u.addba_req.timeout);
1308 1309
	start_seq_num =
		le16_to_cpu(mgmt->u.action.u.addba_req.start_seq_num) >> 4;
1310 1311 1312 1313 1314 1315 1316 1317

	capab = le16_to_cpu(mgmt->u.action.u.addba_req.capab);
	ba_policy = (capab & IEEE80211_ADDBA_PARAM_POLICY_MASK) >> 1;
	tid = (capab & IEEE80211_ADDBA_PARAM_TID_MASK) >> 2;
	buf_size = (capab & IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK) >> 6;

	status = WLAN_STATUS_REQUEST_DECLINED;

1318 1319 1320 1321 1322 1323 1324 1325 1326
	/* sanity check for incoming parameters:
	 * check if configuration can support the BA policy
	 * and if buffer size does not exceeds max value */
	if (((ba_policy != 1)
		&& (!(conf->ht_conf.cap & IEEE80211_HT_CAP_DELAY_BA)))
		|| (buf_size > IEEE80211_MAX_AMPDU_BUF)) {
		status = WLAN_STATUS_INVALID_QOS_PARAM;
#ifdef CONFIG_MAC80211_HT_DEBUG
		if (net_ratelimit())
1327
			printk(KERN_DEBUG "AddBA Req with bad params from "
1328 1329 1330 1331 1332 1333 1334 1335
				"%s on tid %u. policy %d, buffer size %d\n",
				print_mac(mac, mgmt->sa), tid, ba_policy,
				buf_size);
#endif /* CONFIG_MAC80211_HT_DEBUG */
		goto end_no_lock;
	}
	/* determine default buffer size */
	if (buf_size == 0) {
1336 1337 1338
		struct ieee80211_supported_band *sband;

		sband = local->hw.wiphy->bands[conf->channel->band];
1339
		buf_size = IEEE80211_MIN_AMPDU_BUF;
1340
		buf_size = buf_size << sband->ht_info.ampdu_factor;
1341 1342 1343 1344
	}


	/* examine state machine */
1345
	spin_lock_bh(&sta->lock);
1346

1347
	if (sta->ampdu_mlme.tid_state_rx[tid] != HT_AGG_STATE_IDLE) {
1348 1349
#ifdef CONFIG_MAC80211_HT_DEBUG
		if (net_ratelimit())
1350
			printk(KERN_DEBUG "unexpected AddBA Req from "
1351 1352 1353 1354 1355 1356
				"%s on tid %u\n",
				print_mac(mac, mgmt->sa), tid);
#endif /* CONFIG_MAC80211_HT_DEBUG */
		goto end;
	}

1357 1358 1359 1360
	/* prepare A-MPDU MLME for Rx aggregation */
	sta->ampdu_mlme.tid_rx[tid] =
			kmalloc(sizeof(struct tid_ampdu_rx), GFP_ATOMIC);
	if (!sta->ampdu_mlme.tid_rx[tid]) {
1361
#ifdef CONFIG_MAC80211_HT_DEBUG
1362 1363 1364
		if (net_ratelimit())
			printk(KERN_ERR "allocate rx mlme to tid %d failed\n",
					tid);
1365
#endif
1366 1367 1368 1369 1370 1371 1372 1373 1374 1375 1376
		goto end;
	}
	/* rx timer */
	sta->ampdu_mlme.tid_rx[tid]->session_timer.function =
				sta_rx_agg_session_timer_expired;
	sta->ampdu_mlme.tid_rx[tid]->session_timer.data =
				(unsigned long)&sta->timer_to_tid[tid];
	init_timer(&sta->ampdu_mlme.tid_rx[tid]->session_timer);

	tid_agg_rx = sta->ampdu_mlme.tid_rx[tid];

1377 1378
	/* prepare reordering buffer */
	tid_agg_rx->reorder_buf =
1379
		kmalloc(buf_size * sizeof(struct sk_buff *), GFP_ATOMIC);
1380
	if (!tid_agg_rx->reorder_buf) {
1381
#ifdef CONFIG_MAC80211_HT_DEBUG
1382 1383 1384
		if (net_ratelimit())
			printk(KERN_ERR "can not allocate reordering buffer "
			       "to tid %d\n", tid);
1385
#endif
1386
		kfree(sta->ampdu_mlme.tid_rx[tid]);
1387 1388 1389
		goto end;
	}
	memset(tid_agg_rx->reorder_buf, 0,
1390
		buf_size * sizeof(struct sk_buff *));
1391 1392 1393

	if (local->ops->ampdu_action)
		ret = local->ops->ampdu_action(hw, IEEE80211_AMPDU_RX_START,
1394
					       sta->addr, tid, &start_seq_num);
1395
#ifdef CONFIG_MAC80211_HT_DEBUG
1396
	printk(KERN_DEBUG "Rx A-MPDU request on tid %d result %d\n", tid, ret);
1397 1398 1399 1400
#endif /* CONFIG_MAC80211_HT_DEBUG */

	if (ret) {
		kfree(tid_agg_rx->reorder_buf);
1401 1402
		kfree(tid_agg_rx);
		sta->ampdu_mlme.tid_rx[tid] = NULL;
1403 1404 1405 1406
		goto end;
	}

	/* change state and send addba resp */
1407
	sta->ampdu_mlme.tid_state_rx[tid] = HT_AGG_STATE_OPERATIONAL;
1408 1409 1410 1411 1412 1413 1414 1415
	tid_agg_rx->dialog_token = dialog_token;
	tid_agg_rx->ssn = start_seq_num;
	tid_agg_rx->head_seq_num = start_seq_num;
	tid_agg_rx->buf_size = buf_size;
	tid_agg_rx->timeout = timeout;
	tid_agg_rx->stored_mpdu_num = 0;
	status = WLAN_STATUS_SUCCESS;
end:
1416
	spin_unlock_bh(&sta->lock);
1417 1418

end_no_lock:
1419
	ieee80211_send_addba_resp(sta->sdata, sta->addr, tid,
1420 1421
				  dialog_token, status, 1, buf_size, timeout);
	rcu_read_unlock();
1422
}
1423

1424
static void ieee80211_sta_process_addba_resp(struct ieee80211_local *local,
1425 1426 1427 1428 1429 1430 1431 1432 1433
					     struct ieee80211_mgmt *mgmt,
					     size_t len)
{
	struct ieee80211_hw *hw = &local->hw;
	struct sta_info *sta;
	u16 capab;
	u16 tid;
	u8 *state;

1434 1435
	rcu_read_lock();

1436
	sta = sta_info_get(local, mgmt->sa);
1437 1438
	if (!sta) {
		rcu_read_unlock();
1439
		return;
1440
	}
1441 1442 1443 1444

	capab = le16_to_cpu(mgmt->u.action.u.addba_resp.capab);
	tid = (capab & IEEE80211_ADDBA_PARAM_TID_MASK) >> 2;

1445
	state = &sta->ampdu_mlme.tid_state_tx[tid];
1446

1447
	spin_lock_bh(&sta->lock);
1448

1449
	if (!(*state & HT_ADDBA_REQUESTED_MSK)) {
1450
		spin_unlock_bh(&sta->lock);
1451 1452 1453
		goto addba_resp_exit;
	}

1454
	if (mgmt->u.action.u.addba_resp.dialog_token !=
1455
		sta->ampdu_mlme.tid_tx[tid]->dialog_token) {
1456
		spin_unlock_bh(&sta->lock);
1457 1458 1459
#ifdef CONFIG_MAC80211_HT_DEBUG
		printk(KERN_DEBUG "wrong addBA response token, tid %d\n", tid);
#endif /* CONFIG_MAC80211_HT_DEBUG */
1460
		goto addba_resp_exit;
1461 1462
	}

1463
	del_timer_sync(&sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer);
1464 1465 1466 1467 1468 1469
#ifdef CONFIG_MAC80211_HT_DEBUG
	printk(KERN_DEBUG "switched off addBA timer for tid %d \n", tid);
#endif /* CONFIG_MAC80211_HT_DEBUG */
	if (le16_to_cpu(mgmt->u.action.u.addba_resp.status)
			== WLAN_STATUS_SUCCESS) {
		*state |= HT_ADDBA_RECEIVED_MSK;
1470
		sta->ampdu_mlme.addba_req_num[tid] = 0;
1471

1472
		if (*state == HT_AGG_STATE_OPERATIONAL)
1473 1474
			ieee80211_wake_queue(hw, sta->tid_to_tx_q[tid]);

1475
		spin_unlock_bh(&sta->lock);
1476
	} else {
1477
		sta->ampdu_mlme.addba_req_num[tid]++;
1478 1479
		/* this will allow the state check in stop_BA_session */
		*state = HT_AGG_STATE_OPERATIONAL;
1480
		spin_unlock_bh(&sta->lock);
1481 1482 1483
		ieee80211_stop_tx_ba_session(hw, sta->addr, tid,
					     WLAN_BACK_INITIATOR);
	}
1484 1485

addba_resp_exit:
1486
	rcu_read_unlock();
1487 1488
}

1489
void ieee80211_send_delba(struct ieee80211_sub_if_data *sdata, const u8 *da, u16 tid,
1490
			  u16 initiator, u16 reason_code)
1491
{
1492
	struct ieee80211_local *local = sdata->local;
1493 1494 1495 1496 1497
	struct ieee80211_if_sta *ifsta = &sdata->u.sta;
	struct sk_buff *skb;
	struct ieee80211_mgmt *mgmt;
	u16 params;

E
Ester Kummer 已提交
1498
	skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom);
1499 1500 1501

	if (!skb) {
		printk(KERN_ERR "%s: failed to allocate buffer "
1502
					"for delba frame\n", sdata->dev->name);
1503 1504 1505 1506 1507 1508 1509
		return;
	}

	skb_reserve(skb, local->hw.extra_tx_headroom);
	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
	memset(mgmt, 0, 24);
	memcpy(mgmt->da, da, ETH_ALEN);
1510
	memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
1511
	if (sdata->vif.type == IEEE80211_IF_TYPE_AP)
1512
		memcpy(mgmt->bssid, sdata->dev->dev_addr, ETH_ALEN);
1513 1514
	else
		memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
1515 1516
	mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
					  IEEE80211_STYPE_ACTION);
1517 1518 1519 1520 1521 1522 1523 1524 1525 1526 1527

	skb_put(skb, 1 + sizeof(mgmt->u.action.u.delba));

	mgmt->u.action.category = WLAN_CATEGORY_BACK;
	mgmt->u.action.u.delba.action_code = WLAN_ACTION_DELBA;
	params = (u16)(initiator << 11); 	/* bit 11 initiator */
	params |= (u16)(tid << 12); 		/* bit 15:12 TID number */

	mgmt->u.action.u.delba.params = cpu_to_le16(params);
	mgmt->u.action.u.delba.reason_code = cpu_to_le16(reason_code);

1528
	ieee80211_sta_tx(sdata, skb, 0);
1529 1530
}

1531
void ieee80211_send_bar(struct ieee80211_sub_if_data *sdata, u8 *ra, u16 tid, u16 ssn)
1532
{
1533
	struct ieee80211_local *local = sdata->local;
1534 1535 1536 1537 1538 1539 1540
	struct sk_buff *skb;
	struct ieee80211_bar *bar;
	u16 bar_control = 0;

	skb = dev_alloc_skb(sizeof(*bar) + local->hw.extra_tx_headroom);
	if (!skb) {
		printk(KERN_ERR "%s: failed to allocate buffer for "
1541
			"bar frame\n", sdata->dev->name);
1542 1543 1544 1545 1546
		return;
	}
	skb_reserve(skb, local->hw.extra_tx_headroom);
	bar = (struct ieee80211_bar *)skb_put(skb, sizeof(*bar));
	memset(bar, 0, sizeof(*bar));
1547 1548
	bar->frame_control = cpu_to_le16(IEEE80211_FTYPE_CTL |
					 IEEE80211_STYPE_BACK_REQ);
1549
	memcpy(bar->ra, ra, ETH_ALEN);
1550
	memcpy(bar->ta, sdata->dev->dev_addr, ETH_ALEN);
1551 1552 1553 1554 1555 1556
	bar_control |= (u16)IEEE80211_BAR_CTRL_ACK_POLICY_NORMAL;
	bar_control |= (u16)IEEE80211_BAR_CTRL_CBMTID_COMPRESSED_BA;
	bar_control |= (u16)(tid << 12);
	bar->control = cpu_to_le16(bar_control);
	bar->start_seq_num = cpu_to_le16(ssn);

1557
	ieee80211_sta_tx(sdata, skb, 0);
1558 1559
}

1560
void ieee80211_sta_stop_rx_ba_session(struct ieee80211_sub_if_data *sdata, u8 *ra, u16 tid,
1561 1562
					u16 initiator, u16 reason)
{
1563
	struct ieee80211_local *local = sdata->local;
1564 1565
	struct ieee80211_hw *hw = &local->hw;
	struct sta_info *sta;
1566
	int ret, i;
1567
	DECLARE_MAC_BUF(mac);
1568

1569 1570
	rcu_read_lock();

1571
	sta = sta_info_get(local, ra);
1572 1573
	if (!sta) {
		rcu_read_unlock();
1574
		return;
1575
	}
1576 1577

	/* check if TID is in operational state */
1578
	spin_lock_bh(&sta->lock);
1579
	if (sta->ampdu_mlme.tid_state_rx[tid]
1580
				!= HT_AGG_STATE_OPERATIONAL) {
1581
		spin_unlock_bh(&sta->lock);
1582
		rcu_read_unlock();
1583 1584
		return;
	}
1585
	sta->ampdu_mlme.tid_state_rx[tid] =
1586 1587
		HT_AGG_STATE_REQ_STOP_BA_MSK |
		(initiator << HT_AGG_STATE_INITIATOR_SHIFT);
1588
	spin_unlock_bh(&sta->lock);
1589 1590 1591 1592 1593

	/* stop HW Rx aggregation. ampdu_action existence
	 * already verified in session init so we add the BUG_ON */
	BUG_ON(!local->ops->ampdu_action);

1594 1595 1596 1597 1598
#ifdef CONFIG_MAC80211_HT_DEBUG
	printk(KERN_DEBUG "Rx BA session stop requested for %s tid %u\n",
				print_mac(mac, ra), tid);
#endif /* CONFIG_MAC80211_HT_DEBUG */

1599
	ret = local->ops->ampdu_action(hw, IEEE80211_AMPDU_RX_STOP,
1600
					ra, tid, NULL);
1601 1602
	if (ret)
		printk(KERN_DEBUG "HW problem - can not stop rx "
1603
				"aggregation for tid %d\n", tid);
1604 1605 1606

	/* shutdown timer has not expired */
	if (initiator != WLAN_BACK_TIMER)
1607
		del_timer_sync(&sta->ampdu_mlme.tid_rx[tid]->session_timer);
1608 1609 1610

	/* check if this is a self generated aggregation halt */
	if (initiator == WLAN_BACK_RECIPIENT || initiator == WLAN_BACK_TIMER)
1611
		ieee80211_send_delba(sdata, ra, tid, 0, reason);
1612 1613

	/* free the reordering buffer */
1614 1615
	for (i = 0; i < sta->ampdu_mlme.tid_rx[tid]->buf_size; i++) {
		if (sta->ampdu_mlme.tid_rx[tid]->reorder_buf[i]) {
1616
			/* release the reordered frames */
1617 1618 1619
			dev_kfree_skb(sta->ampdu_mlme.tid_rx[tid]->reorder_buf[i]);
			sta->ampdu_mlme.tid_rx[tid]->stored_mpdu_num--;
			sta->ampdu_mlme.tid_rx[tid]->reorder_buf[i] = NULL;
1620 1621
		}
	}
1622 1623 1624 1625 1626
	/* free resources */
	kfree(sta->ampdu_mlme.tid_rx[tid]->reorder_buf);
	kfree(sta->ampdu_mlme.tid_rx[tid]);
	sta->ampdu_mlme.tid_rx[tid] = NULL;
	sta->ampdu_mlme.tid_state_rx[tid] = HT_AGG_STATE_IDLE;
1627

1628
	rcu_read_unlock();
1629 1630
}

1631

1632
static void ieee80211_sta_process_delba(struct ieee80211_sub_if_data *sdata,
1633 1634
			struct ieee80211_mgmt *mgmt, size_t len)
{
1635
	struct ieee80211_local *local = sdata->local;
1636 1637 1638 1639 1640
	struct sta_info *sta;
	u16 tid, params;
	u16 initiator;
	DECLARE_MAC_BUF(mac);

1641 1642
	rcu_read_lock();

1643
	sta = sta_info_get(local, mgmt->sa);
1644 1645
	if (!sta) {
		rcu_read_unlock();
1646
		return;
1647
	}
1648 1649 1650 1651 1652 1653 1654

	params = le16_to_cpu(mgmt->u.action.u.delba.params);
	tid = (params & IEEE80211_DELBA_PARAM_TID_MASK) >> 12;
	initiator = (params & IEEE80211_DELBA_PARAM_INITIATOR_MASK) >> 11;

#ifdef CONFIG_MAC80211_HT_DEBUG
	if (net_ratelimit())
1655 1656
		printk(KERN_DEBUG "delba from %s (%s) tid %d reason code %d\n",
			print_mac(mac, mgmt->sa),
1657
			initiator ? "initiator" : "recipient", tid,
1658 1659 1660 1661
			mgmt->u.action.u.delba.reason_code);
#endif /* CONFIG_MAC80211_HT_DEBUG */

	if (initiator == WLAN_BACK_INITIATOR)
1662
		ieee80211_sta_stop_rx_ba_session(sdata, sta->addr, tid,
1663
						 WLAN_BACK_INITIATOR, 0);
1664
	else { /* WLAN_BACK_RECIPIENT */
1665
		spin_lock_bh(&sta->lock);
1666
		sta->ampdu_mlme.tid_state_tx[tid] =
1667
				HT_AGG_STATE_OPERATIONAL;
1668
		spin_unlock_bh(&sta->lock);
1669 1670 1671
		ieee80211_stop_tx_ba_session(&local->hw, sta->addr, tid,
					     WLAN_BACK_RECIPIENT);
	}
1672
	rcu_read_unlock();
1673 1674
}

1675 1676 1677 1678 1679 1680 1681 1682 1683
/*
 * After sending add Block Ack request we activated a timer until
 * add Block Ack response will arrive from the recipient.
 * If this timer expires sta_addba_resp_timer_expired will be executed.
 */
void sta_addba_resp_timer_expired(unsigned long data)
{
	/* not an elegant detour, but there is no choice as the timer passes
	 * only one argument, and both sta_info and TID are needed, so init
J
Johannes Berg 已提交
1684
	 * flow in sta_info_create gives the TID as data, while the timer_to_id
1685
	 * array gives the sta through container_of */
1686
	u16 tid = *(u8 *)data;
1687 1688 1689 1690 1691 1692 1693 1694
	struct sta_info *temp_sta = container_of((void *)data,
		struct sta_info, timer_to_tid[tid]);

	struct ieee80211_local *local = temp_sta->local;
	struct ieee80211_hw *hw = &local->hw;
	struct sta_info *sta;
	u8 *state;

1695 1696
	rcu_read_lock();

1697
	sta = sta_info_get(local, temp_sta->addr);
1698 1699
	if (!sta) {
		rcu_read_unlock();
1700
		return;
1701
	}
1702

1703
	state = &sta->ampdu_mlme.tid_state_tx[tid];
1704
	/* check if the TID waits for addBA response */
1705
	spin_lock_bh(&sta->lock);
1706
	if (!(*state & HT_ADDBA_REQUESTED_MSK)) {
1707
		spin_unlock_bh(&sta->lock);
1708
		*state = HT_AGG_STATE_IDLE;
1709
#ifdef CONFIG_MAC80211_HT_DEBUG
1710 1711
		printk(KERN_DEBUG "timer expired on tid %d but we are not "
				"expecting addBA response there", tid);
1712
#endif
1713 1714 1715
		goto timer_expired_exit;
	}

1716
#ifdef CONFIG_MAC80211_HT_DEBUG
1717
	printk(KERN_DEBUG "addBA response timer expired on tid %d\n", tid);
1718
#endif
1719 1720 1721

	/* go through the state check in stop_BA_session */
	*state = HT_AGG_STATE_OPERATIONAL;
1722
	spin_unlock_bh(&sta->lock);
1723 1724 1725 1726
	ieee80211_stop_tx_ba_session(hw, temp_sta->addr, tid,
				     WLAN_BACK_INITIATOR);

timer_expired_exit:
1727
	rcu_read_unlock();
1728 1729
}

1730
/*
1731 1732
 * After accepting the AddBA Request we activated a timer,
 * resetting it after each frame that arrives from the originator.
1733 1734
 * if this timer expires ieee80211_sta_stop_rx_ba_session will be executed.
 */
1735
static void sta_rx_agg_session_timer_expired(unsigned long data)
1736 1737
{
	/* not an elegant detour, but there is no choice as the timer passes
1738
	 * only one argument, and various sta_info are needed here, so init
J
Johannes Berg 已提交
1739
	 * flow in sta_info_create gives the TID as data, while the timer_to_id
1740 1741 1742 1743 1744 1745
	 * array gives the sta through container_of */
	u8 *ptid = (u8 *)data;
	u8 *timer_to_id = ptid - *ptid;
	struct sta_info *sta = container_of(timer_to_id, struct sta_info,
					 timer_to_tid[0]);

1746
#ifdef CONFIG_MAC80211_HT_DEBUG
1747
	printk(KERN_DEBUG "rx session timer expired on tid %d\n", (u16)*ptid);
1748
#endif
1749
	ieee80211_sta_stop_rx_ba_session(sta->sdata, sta->addr,
1750
					 (u16)*ptid, WLAN_BACK_TIMER,
1751 1752 1753
					 WLAN_REASON_QSTA_TIMEOUT);
}

1754
void ieee80211_sta_tear_down_BA_sessions(struct ieee80211_sub_if_data *sdata, u8 *addr)
1755
{
1756
	struct ieee80211_local *local = sdata->local;
1757 1758 1759 1760 1761
	int i;

	for (i = 0; i <  STA_TID_NUM; i++) {
		ieee80211_stop_tx_ba_session(&local->hw, addr, i,
					     WLAN_BACK_INITIATOR);
1762
		ieee80211_sta_stop_rx_ba_session(sdata, addr, i,
1763 1764 1765 1766
						 WLAN_BACK_RECIPIENT,
						 WLAN_REASON_QSTA_LEAVE_QBSS);
	}
}
1767

1768
static void ieee80211_send_refuse_measurement_request(struct ieee80211_sub_if_data *sdata,
1769 1770 1771 1772
					struct ieee80211_msrment_ie *request_ie,
					const u8 *da, const u8 *bssid,
					u8 dialog_token)
{
1773
	struct ieee80211_local *local = sdata->local;
1774 1775 1776 1777 1778 1779 1780 1781
	struct sk_buff *skb;
	struct ieee80211_mgmt *msr_report;

	skb = dev_alloc_skb(sizeof(*msr_report) + local->hw.extra_tx_headroom +
				sizeof(struct ieee80211_msrment_ie));

	if (!skb) {
		printk(KERN_ERR "%s: failed to allocate buffer for "
1782
				"measurement report frame\n", sdata->dev->name);
1783 1784 1785 1786 1787 1788 1789
		return;
	}

	skb_reserve(skb, local->hw.extra_tx_headroom);
	msr_report = (struct ieee80211_mgmt *)skb_put(skb, 24);
	memset(msr_report, 0, 24);
	memcpy(msr_report->da, da, ETH_ALEN);
1790
	memcpy(msr_report->sa, sdata->dev->dev_addr, ETH_ALEN);
1791
	memcpy(msr_report->bssid, bssid, ETH_ALEN);
1792
	msr_report->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
1793 1794 1795 1796 1797 1798 1799 1800 1801 1802 1803 1804 1805 1806 1807 1808 1809 1810 1811
						IEEE80211_STYPE_ACTION);

	skb_put(skb, 1 + sizeof(msr_report->u.action.u.measurement));
	msr_report->u.action.category = WLAN_CATEGORY_SPECTRUM_MGMT;
	msr_report->u.action.u.measurement.action_code =
				WLAN_ACTION_SPCT_MSR_RPRT;
	msr_report->u.action.u.measurement.dialog_token = dialog_token;

	msr_report->u.action.u.measurement.element_id = WLAN_EID_MEASURE_REPORT;
	msr_report->u.action.u.measurement.length =
			sizeof(struct ieee80211_msrment_ie);

	memset(&msr_report->u.action.u.measurement.msr_elem, 0,
		sizeof(struct ieee80211_msrment_ie));
	msr_report->u.action.u.measurement.msr_elem.token = request_ie->token;
	msr_report->u.action.u.measurement.msr_elem.mode |=
			IEEE80211_SPCT_MSR_RPRT_MODE_REFUSED;
	msr_report->u.action.u.measurement.msr_elem.type = request_ie->type;

1812
	ieee80211_sta_tx(sdata, skb, 0);
1813 1814
}

1815
static void ieee80211_sta_process_measurement_req(struct ieee80211_sub_if_data *sdata,
1816 1817 1818 1819 1820 1821 1822 1823 1824 1825
						struct ieee80211_mgmt *mgmt,
						size_t len)
{
	/*
	 * Ignoring measurement request is spec violation.
	 * Mandatory measurements must be reported optional
	 * measurements might be refused or reported incapable
	 * For now just refuse
	 * TODO: Answer basic measurement as unmeasured
	 */
1826
	ieee80211_send_refuse_measurement_request(sdata,
1827 1828 1829 1830 1831 1832
			&mgmt->u.action.u.measurement.msr_elem,
			mgmt->sa, mgmt->bssid,
			mgmt->u.action.u.measurement.dialog_token);
}


1833
static void ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata,
1834 1835 1836 1837 1838
				   struct ieee80211_if_sta *ifsta,
				   struct ieee80211_mgmt *mgmt,
				   size_t len)
{
	u16 auth_alg, auth_transaction, status_code;
1839
	DECLARE_MAC_BUF(mac);
1840

1841
	if (ifsta->state != IEEE80211_STA_MLME_AUTHENTICATE &&
1842
	    sdata->vif.type != IEEE80211_IF_TYPE_IBSS)
1843 1844
		return;

1845
	if (len < 24 + 6)
1846 1847
		return;

1848
	if (sdata->vif.type != IEEE80211_IF_TYPE_IBSS &&
1849
	    memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0)
1850 1851
		return;

1852
	if (sdata->vif.type != IEEE80211_IF_TYPE_IBSS &&
1853
	    memcmp(ifsta->bssid, mgmt->bssid, ETH_ALEN) != 0)
1854 1855 1856 1857 1858 1859
		return;

	auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
	auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
	status_code = le16_to_cpu(mgmt->u.auth.status_code);

1860
	if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS) {
J
Johannes Berg 已提交
1861 1862
		/*
		 * IEEE 802.11 standard does not require authentication in IBSS
1863 1864 1865
		 * networks and most implementations do not seem to use it.
		 * However, try to reply to authentication attempts if someone
		 * has actually implemented this.
J
Johannes Berg 已提交
1866
		 */
1867
		if (auth_alg != WLAN_AUTH_OPEN || auth_transaction != 1)
1868
			return;
1869
		ieee80211_send_auth(sdata, ifsta, 2, NULL, 0, 0);
1870 1871 1872
	}

	if (auth_alg != ifsta->auth_alg ||
1873
	    auth_transaction != ifsta->auth_transaction)
1874 1875 1876 1877 1878 1879 1880 1881 1882 1883 1884 1885 1886 1887 1888 1889 1890 1891 1892 1893 1894 1895 1896 1897 1898 1899 1900 1901
		return;

	if (status_code != WLAN_STATUS_SUCCESS) {
		if (status_code == WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG) {
			u8 algs[3];
			const int num_algs = ARRAY_SIZE(algs);
			int i, pos;
			algs[0] = algs[1] = algs[2] = 0xff;
			if (ifsta->auth_algs & IEEE80211_AUTH_ALG_OPEN)
				algs[0] = WLAN_AUTH_OPEN;
			if (ifsta->auth_algs & IEEE80211_AUTH_ALG_SHARED_KEY)
				algs[1] = WLAN_AUTH_SHARED_KEY;
			if (ifsta->auth_algs & IEEE80211_AUTH_ALG_LEAP)
				algs[2] = WLAN_AUTH_LEAP;
			if (ifsta->auth_alg == WLAN_AUTH_OPEN)
				pos = 0;
			else if (ifsta->auth_alg == WLAN_AUTH_SHARED_KEY)
				pos = 1;
			else
				pos = 2;
			for (i = 0; i < num_algs; i++) {
				pos++;
				if (pos >= num_algs)
					pos = 0;
				if (algs[pos] == ifsta->auth_alg ||
				    algs[pos] == 0xff)
					continue;
				if (algs[pos] == WLAN_AUTH_SHARED_KEY &&
1902
				    !ieee80211_sta_wep_configured(sdata))
1903 1904 1905 1906 1907 1908 1909 1910 1911 1912 1913
					continue;
				ifsta->auth_alg = algs[pos];
				break;
			}
		}
		return;
	}

	switch (ifsta->auth_alg) {
	case WLAN_AUTH_OPEN:
	case WLAN_AUTH_LEAP:
1914
		ieee80211_auth_completed(sdata, ifsta);
1915 1916 1917
		break;
	case WLAN_AUTH_SHARED_KEY:
		if (ifsta->auth_transaction == 4)
1918
			ieee80211_auth_completed(sdata, ifsta);
1919
		else
1920
			ieee80211_auth_challenge(sdata, ifsta, mgmt, len);
1921 1922 1923 1924 1925
		break;
	}
}


1926
static void ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata,
1927 1928 1929 1930 1931
				     struct ieee80211_if_sta *ifsta,
				     struct ieee80211_mgmt *mgmt,
				     size_t len)
{
	u16 reason_code;
1932
	DECLARE_MAC_BUF(mac);
1933

1934
	if (len < 24 + 2)
1935 1936
		return;

1937
	if (memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN))
1938 1939 1940 1941
		return;

	reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);

J
Johannes Berg 已提交
1942
	if (ifsta->flags & IEEE80211_STA_AUTHENTICATED)
1943
		printk(KERN_DEBUG "%s: deauthenticated\n", sdata->dev->name);
1944

1945 1946 1947 1948
	if (ifsta->state == IEEE80211_STA_MLME_AUTHENTICATE ||
	    ifsta->state == IEEE80211_STA_MLME_ASSOCIATE ||
	    ifsta->state == IEEE80211_STA_MLME_ASSOCIATED) {
		ifsta->state = IEEE80211_STA_MLME_AUTHENTICATE;
1949 1950 1951 1952
		mod_timer(&ifsta->timer, jiffies +
				      IEEE80211_RETRY_AUTH_INTERVAL);
	}

1953
	ieee80211_set_disassoc(sdata, ifsta, 1);
1954
	ifsta->flags &= ~IEEE80211_STA_AUTHENTICATED;
1955 1956 1957
}


1958
static void ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata,
1959 1960 1961 1962 1963
				       struct ieee80211_if_sta *ifsta,
				       struct ieee80211_mgmt *mgmt,
				       size_t len)
{
	u16 reason_code;
1964
	DECLARE_MAC_BUF(mac);
1965

1966
	if (len < 24 + 2)
1967 1968
		return;

1969
	if (memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN))
1970 1971 1972 1973
		return;

	reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);

1974
	if (ifsta->flags & IEEE80211_STA_ASSOCIATED)
1975
		printk(KERN_DEBUG "%s: disassociated\n", sdata->dev->name);
1976

1977 1978
	if (ifsta->state == IEEE80211_STA_MLME_ASSOCIATED) {
		ifsta->state = IEEE80211_STA_MLME_ASSOCIATE;
1979 1980 1981 1982
		mod_timer(&ifsta->timer, jiffies +
				      IEEE80211_RETRY_AUTH_INTERVAL);
	}

1983
	ieee80211_set_disassoc(sdata, ifsta, 0);
1984 1985 1986
}


1987
static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
1988 1989 1990 1991 1992
					 struct ieee80211_if_sta *ifsta,
					 struct ieee80211_mgmt *mgmt,
					 size_t len,
					 int reassoc)
{
1993
	struct ieee80211_local *local = sdata->local;
1994
	struct ieee80211_supported_band *sband;
1995
	struct sta_info *sta;
1996
	u64 rates, basic_rates;
1997 1998
	u16 capab_info, status_code, aid;
	struct ieee802_11_elems elems;
1999
	struct ieee80211_bss_conf *bss_conf = &sdata->bss_conf;
2000 2001
	u8 *pos;
	int i, j;
2002
	DECLARE_MAC_BUF(mac);
2003
	bool have_higher_than_11mbit = false;
2004 2005 2006 2007

	/* AssocResp and ReassocResp have identical structure, so process both
	 * of them in this function. */

2008
	if (ifsta->state != IEEE80211_STA_MLME_ASSOCIATE)
2009 2010
		return;

2011
	if (len < 24 + 6)
2012 2013
		return;

2014
	if (memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0)
2015 2016 2017 2018 2019 2020
		return;

	capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
	status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
	aid = le16_to_cpu(mgmt->u.assoc_resp.aid);

2021
	printk(KERN_DEBUG "%s: RX %sssocResp from %s (capab=0x%x "
2022
	       "status=%d aid=%d)\n",
2023
	       sdata->dev->name, reassoc ? "Rea" : "A", print_mac(mac, mgmt->sa),
2024
	       capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14))));
2025 2026 2027

	if (status_code != WLAN_STATUS_SUCCESS) {
		printk(KERN_DEBUG "%s: AP denied association (code=%d)\n",
2028
		       sdata->dev->name, status_code);
2029 2030 2031
		/* if this was a reassociation, ensure we try a "full"
		 * association next time. This works around some broken APs
		 * which do not correctly reject reassociation requests. */
2032
		ifsta->flags &= ~IEEE80211_STA_PREV_BSSID_SET;
2033 2034 2035
		return;
	}

2036 2037
	if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14)))
		printk(KERN_DEBUG "%s: invalid aid value %d; bits 15:14 not "
2038
		       "set\n", sdata->dev->name, aid);
2039 2040
	aid &= ~(BIT(15) | BIT(14));

2041
	pos = mgmt->u.assoc_resp.variable;
2042
	ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
2043 2044 2045

	if (!elems.supp_rates) {
		printk(KERN_DEBUG "%s: no SuppRates element in AssocResp\n",
2046
		       sdata->dev->name);
2047 2048 2049
		return;
	}

2050
	printk(KERN_DEBUG "%s: associated\n", sdata->dev->name);
2051 2052 2053 2054 2055
	ifsta->aid = aid;
	ifsta->ap_capab = capab_info;

	kfree(ifsta->assocresp_ies);
	ifsta->assocresp_ies_len = len - (pos - (u8 *) mgmt);
2056
	ifsta->assocresp_ies = kmalloc(ifsta->assocresp_ies_len, GFP_KERNEL);
2057 2058 2059
	if (ifsta->assocresp_ies)
		memcpy(ifsta->assocresp_ies, pos, ifsta->assocresp_ies_len);

2060 2061
	rcu_read_lock();

2062 2063 2064 2065
	/* Add STA entry for the AP */
	sta = sta_info_get(local, ifsta->bssid);
	if (!sta) {
		struct ieee80211_sta_bss *bss;
J
Johannes Berg 已提交
2066
		int err;
2067

J
Johannes Berg 已提交
2068 2069 2070
		sta = sta_info_alloc(sdata, ifsta->bssid, GFP_ATOMIC);
		if (!sta) {
			printk(KERN_DEBUG "%s: failed to alloc STA entry for"
2071
			       " the AP\n", sdata->dev->name);
2072
			rcu_read_unlock();
2073 2074
			return;
		}
2075
		bss = ieee80211_rx_bss_get(local, ifsta->bssid,
2076
					   local->hw.conf.channel->center_freq,
2077
					   ifsta->ssid, ifsta->ssid_len);
2078 2079
		if (bss) {
			sta->last_signal = bss->signal;
2080
			sta->last_qual = bss->qual;
2081
			sta->last_noise = bss->noise;
2082
			ieee80211_rx_bss_put(local, bss);
2083
		}
J
Johannes Berg 已提交
2084 2085 2086 2087

		err = sta_info_insert(sta);
		if (err) {
			printk(KERN_DEBUG "%s: failed to insert STA entry for"
2088
			       " the AP (error %d)\n", sdata->dev->name, err);
J
Johannes Berg 已提交
2089 2090 2091
			rcu_read_unlock();
			return;
		}
2092 2093
		/* update new sta with its last rx activity */
		sta->last_rx = jiffies;
2094 2095
	}

J
Johannes Berg 已提交
2096 2097 2098 2099 2100 2101 2102 2103 2104 2105
	/*
	 * FIXME: Do we really need to update the sta_info's information here?
	 *	  We already know about the AP (we found it in our list) so it
	 *	  should already be filled with the right info, no?
	 *	  As is stands, all this is racy because typically we assume
	 *	  the information that is filled in here (except flags) doesn't
	 *	  change while a STA structure is alive. As such, it should move
	 *	  to between the sta_info_alloc() and sta_info_insert() above.
	 */

2106 2107
	set_sta_flags(sta, WLAN_STA_AUTH | WLAN_STA_ASSOC | WLAN_STA_ASSOC_AP |
			   WLAN_STA_AUTHORIZED);
2108 2109

	rates = 0;
2110 2111 2112
	basic_rates = 0;
	sband = local->hw.wiphy->bands[local->hw.conf.channel->band];

2113 2114
	for (i = 0; i < elems.supp_rates_len; i++) {
		int rate = (elems.supp_rates[i] & 0x7f) * 5;
2115 2116 2117 2118 2119 2120

		if (rate > 110)
			have_higher_than_11mbit = true;

		for (j = 0; j < sband->n_bitrates; j++) {
			if (sband->bitrates[j].bitrate == rate)
2121
				rates |= BIT(j);
2122 2123 2124
			if (elems.supp_rates[i] & 0x80)
				basic_rates |= BIT(j);
		}
2125
	}
2126

2127 2128
	for (i = 0; i < elems.ext_supp_rates_len; i++) {
		int rate = (elems.ext_supp_rates[i] & 0x7f) * 5;
2129 2130 2131 2132 2133 2134

		if (rate > 110)
			have_higher_than_11mbit = true;

		for (j = 0; j < sband->n_bitrates; j++) {
			if (sband->bitrates[j].bitrate == rate)
2135
				rates |= BIT(j);
2136 2137 2138
			if (elems.ext_supp_rates[i] & 0x80)
				basic_rates |= BIT(j);
		}
2139
	}
2140 2141 2142 2143 2144 2145 2146 2147 2148 2149

	sta->supp_rates[local->hw.conf.channel->band] = rates;
	sdata->basic_rates = basic_rates;

	/* cf. IEEE 802.11 9.2.12 */
	if (local->hw.conf.channel->band == IEEE80211_BAND_2GHZ &&
	    have_higher_than_11mbit)
		sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE;
	else
		sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE;
2150

2151 2152
	if (elems.ht_cap_elem && elems.ht_info_elem && elems.wmm_param &&
	    (ifsta->flags & IEEE80211_STA_WMM_ENABLED)) {
2153 2154 2155 2156 2157 2158 2159
		struct ieee80211_ht_bss_info bss_info;
		ieee80211_ht_cap_ie_to_ht_info(
				(struct ieee80211_ht_cap *)
				elems.ht_cap_elem, &sta->ht_info);
		ieee80211_ht_addt_info_ie_to_ht_bss_info(
				(struct ieee80211_ht_addt_info *)
				elems.ht_info_elem, &bss_info);
T
Tomas Winkler 已提交
2160
		ieee80211_handle_ht(local, 1, &sta->ht_info, &bss_info);
2161 2162
	}

2163 2164
	rate_control_rate_init(sta, local);

2165
	if (elems.wmm_param) {
2166
		set_sta_flags(sta, WLAN_STA_WME);
2167
		rcu_read_unlock();
2168
		ieee80211_sta_wmm_params(local, ifsta, elems.wmm_param,
2169
					 elems.wmm_param_len);
2170 2171
	} else
		rcu_read_unlock();
2172

2173 2174
	/* set AID and assoc capability,
	 * ieee80211_set_associated() will tell the driver */
2175
	bss_conf->aid = aid;
2176
	bss_conf->assoc_capability = capab_info;
2177
	ieee80211_set_associated(sdata, ifsta, 1);
2178

2179
	ieee80211_associated(sdata, ifsta);
2180 2181 2182 2183
}


/* Caller must hold local->sta_bss_lock */
2184
static void __ieee80211_rx_bss_hash_add(struct ieee80211_local *local,
2185 2186
					struct ieee80211_sta_bss *bss)
{
2187
	u8 hash_idx;
J
Johannes Berg 已提交
2188 2189 2190 2191

	if (bss_mesh_cfg(bss))
		hash_idx = mesh_id_hash(bss_mesh_id(bss),
					bss_mesh_id_len(bss));
2192 2193
	else
		hash_idx = STA_HASH(bss->bssid);
J
Johannes Berg 已提交
2194

2195 2196
	bss->hnext = local->sta_bss_hash[hash_idx];
	local->sta_bss_hash[hash_idx] = bss;
2197 2198 2199 2200
}


/* Caller must hold local->sta_bss_lock */
2201
static void __ieee80211_rx_bss_hash_del(struct ieee80211_local *local,
2202 2203 2204 2205 2206 2207 2208 2209 2210 2211 2212 2213 2214 2215 2216 2217 2218 2219 2220 2221
					struct ieee80211_sta_bss *bss)
{
	struct ieee80211_sta_bss *b, *prev = NULL;
	b = local->sta_bss_hash[STA_HASH(bss->bssid)];
	while (b) {
		if (b == bss) {
			if (!prev)
				local->sta_bss_hash[STA_HASH(bss->bssid)] =
					bss->hnext;
			else
				prev->hnext = bss->hnext;
			break;
		}
		prev = b;
		b = b->hnext;
	}
}


static struct ieee80211_sta_bss *
2222
ieee80211_rx_bss_add(struct ieee80211_sub_if_data *sdata, u8 *bssid, int freq,
2223
		     u8 *ssid, u8 ssid_len)
2224
{
2225
	struct ieee80211_local *local = sdata->local;
2226 2227
	struct ieee80211_sta_bss *bss;

2228
	bss = kzalloc(sizeof(*bss), GFP_ATOMIC);
2229 2230 2231 2232 2233
	if (!bss)
		return NULL;
	atomic_inc(&bss->users);
	atomic_inc(&bss->users);
	memcpy(bss->bssid, bssid, ETH_ALEN);
2234
	bss->freq = freq;
2235 2236 2237 2238
	if (ssid && ssid_len <= IEEE80211_MAX_SSID_LEN) {
		memcpy(bss->ssid, ssid, ssid_len);
		bss->ssid_len = ssid_len;
	}
2239 2240 2241 2242

	spin_lock_bh(&local->sta_bss_lock);
	/* TODO: order by RSSI? */
	list_add_tail(&bss->list, &local->sta_bss_list);
2243
	__ieee80211_rx_bss_hash_add(local, bss);
2244 2245 2246 2247 2248
	spin_unlock_bh(&local->sta_bss_lock);
	return bss;
}

static struct ieee80211_sta_bss *
2249
ieee80211_rx_bss_get(struct ieee80211_local *local, u8 *bssid, int freq,
2250
		     u8 *ssid, u8 ssid_len)
2251 2252 2253 2254 2255 2256
{
	struct ieee80211_sta_bss *bss;

	spin_lock_bh(&local->sta_bss_lock);
	bss = local->sta_bss_hash[STA_HASH(bssid)];
	while (bss) {
J
Johannes Berg 已提交
2257 2258
		if (!bss_mesh_cfg(bss) &&
		    !memcmp(bss->bssid, bssid, ETH_ALEN) &&
2259
		    bss->freq == freq &&
2260 2261
		    bss->ssid_len == ssid_len &&
		    (ssid_len == 0 || !memcmp(bss->ssid, ssid, ssid_len))) {
2262 2263 2264 2265 2266 2267 2268 2269 2270
			atomic_inc(&bss->users);
			break;
		}
		bss = bss->hnext;
	}
	spin_unlock_bh(&local->sta_bss_lock);
	return bss;
}

2271 2272
#ifdef CONFIG_MAC80211_MESH
static struct ieee80211_sta_bss *
2273
ieee80211_rx_mesh_bss_get(struct ieee80211_local *local, u8 *mesh_id, int mesh_id_len,
2274 2275 2276 2277 2278 2279 2280
			  u8 *mesh_cfg, int freq)
{
	struct ieee80211_sta_bss *bss;

	spin_lock_bh(&local->sta_bss_lock);
	bss = local->sta_bss_hash[mesh_id_hash(mesh_id, mesh_id_len)];
	while (bss) {
J
Johannes Berg 已提交
2281 2282
		if (bss_mesh_cfg(bss) &&
		    !memcmp(bss_mesh_cfg(bss), mesh_cfg, MESH_CFG_CMP_LEN) &&
2283 2284 2285 2286 2287 2288 2289 2290 2291 2292 2293 2294 2295 2296
		    bss->freq == freq &&
		    mesh_id_len == bss->mesh_id_len &&
		    (mesh_id_len == 0 || !memcmp(bss->mesh_id, mesh_id,
						 mesh_id_len))) {
			atomic_inc(&bss->users);
			break;
		}
		bss = bss->hnext;
	}
	spin_unlock_bh(&local->sta_bss_lock);
	return bss;
}

static struct ieee80211_sta_bss *
2297
ieee80211_rx_mesh_bss_add(struct ieee80211_local *local, u8 *mesh_id, int mesh_id_len,
2298
			  u8 *mesh_cfg, int mesh_config_len, int freq)
2299 2300 2301
{
	struct ieee80211_sta_bss *bss;

2302 2303 2304
	if (mesh_config_len != MESH_CFG_LEN)
		return NULL;

2305 2306 2307 2308
	bss = kzalloc(sizeof(*bss), GFP_ATOMIC);
	if (!bss)
		return NULL;

2309
	bss->mesh_cfg = kmalloc(MESH_CFG_CMP_LEN, GFP_ATOMIC);
2310 2311 2312 2313 2314 2315 2316 2317 2318 2319 2320 2321 2322 2323 2324 2325 2326
	if (!bss->mesh_cfg) {
		kfree(bss);
		return NULL;
	}

	if (mesh_id_len && mesh_id_len <= IEEE80211_MAX_MESH_ID_LEN) {
		bss->mesh_id = kmalloc(mesh_id_len, GFP_ATOMIC);
		if (!bss->mesh_id) {
			kfree(bss->mesh_cfg);
			kfree(bss);
			return NULL;
		}
		memcpy(bss->mesh_id, mesh_id, mesh_id_len);
	}

	atomic_inc(&bss->users);
	atomic_inc(&bss->users);
2327
	memcpy(bss->mesh_cfg, mesh_cfg, MESH_CFG_CMP_LEN);
2328 2329 2330 2331 2332
	bss->mesh_id_len = mesh_id_len;
	bss->freq = freq;
	spin_lock_bh(&local->sta_bss_lock);
	/* TODO: order by RSSI? */
	list_add_tail(&bss->list, &local->sta_bss_list);
2333
	__ieee80211_rx_bss_hash_add(local, bss);
2334 2335 2336 2337
	spin_unlock_bh(&local->sta_bss_lock);
	return bss;
}
#endif
2338 2339 2340 2341 2342 2343

static void ieee80211_rx_bss_free(struct ieee80211_sta_bss *bss)
{
	kfree(bss->wpa_ie);
	kfree(bss->rsn_ie);
	kfree(bss->wmm_ie);
2344
	kfree(bss->ht_ie);
2345
	kfree(bss->ht_add_ie);
J
Johannes Berg 已提交
2346 2347
	kfree(bss_mesh_id(bss));
	kfree(bss_mesh_cfg(bss));
2348 2349 2350 2351
	kfree(bss);
}


2352
static void ieee80211_rx_bss_put(struct ieee80211_local *local,
2353 2354
				 struct ieee80211_sta_bss *bss)
{
2355 2356 2357
	local_bh_disable();
	if (!atomic_dec_and_lock(&bss->users, &local->sta_bss_lock)) {
		local_bh_enable();
2358
		return;
2359
	}
2360

2361
	__ieee80211_rx_bss_hash_del(local, bss);
2362 2363 2364 2365 2366 2367
	list_del(&bss->list);
	spin_unlock_bh(&local->sta_bss_lock);
	ieee80211_rx_bss_free(bss);
}


2368
void ieee80211_rx_bss_list_init(struct ieee80211_local *local)
2369 2370 2371 2372 2373 2374
{
	spin_lock_init(&local->sta_bss_lock);
	INIT_LIST_HEAD(&local->sta_bss_list);
}


2375
void ieee80211_rx_bss_list_deinit(struct ieee80211_local *local)
2376 2377 2378 2379
{
	struct ieee80211_sta_bss *bss, *tmp;

	list_for_each_entry_safe(bss, tmp, &local->sta_bss_list, list)
2380
		ieee80211_rx_bss_put(local, bss);
2381 2382 2383
}


2384
static int ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
2385 2386 2387
				   struct ieee80211_if_sta *ifsta,
				   struct ieee80211_sta_bss *bss)
{
2388
	struct ieee80211_local *local = sdata->local;
2389 2390 2391 2392 2393
	int res, rates, i, j;
	struct sk_buff *skb;
	struct ieee80211_mgmt *mgmt;
	u8 *pos;
	struct ieee80211_supported_band *sband;
2394
	union iwreq_data wrqu;
2395 2396 2397 2398

	sband = local->hw.wiphy->bands[local->hw.conf.channel->band];

	/* Remove possible STA entries from other IBSS networks. */
J
Johannes Berg 已提交
2399
	sta_info_flush_delayed(sdata);
2400 2401 2402 2403 2404 2405

	if (local->ops->reset_tsf) {
		/* Reset own TSF to allow time synchronization work. */
		local->ops->reset_tsf(local_to_hw(local));
	}
	memcpy(ifsta->bssid, bss->bssid, ETH_ALEN);
2406
	res = ieee80211_if_config(sdata, IEEE80211_IFCC_BSSID);
2407 2408 2409 2410 2411 2412 2413 2414
	if (res)
		return res;

	local->hw.conf.beacon_int = bss->beacon_int >= 10 ? bss->beacon_int : 10;

	sdata->drop_unencrypted = bss->capability &
		WLAN_CAPABILITY_PRIVACY ? 1 : 0;

2415
	res = ieee80211_set_freq(sdata, bss->freq);
2416

2417 2418
	if (res)
		return res;
2419

2420
	/* Build IBSS probe response */
2421
	skb = dev_alloc_skb(local->hw.extra_tx_headroom + 400);
2422
	if (skb) {
2423 2424 2425 2426 2427
		skb_reserve(skb, local->hw.extra_tx_headroom);

		mgmt = (struct ieee80211_mgmt *)
			skb_put(skb, 24 + sizeof(mgmt->u.beacon));
		memset(mgmt, 0, 24 + sizeof(mgmt->u.beacon));
2428 2429
		mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
						  IEEE80211_STYPE_PROBE_RESP);
2430
		memset(mgmt->da, 0xff, ETH_ALEN);
2431
		memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
2432 2433 2434
		memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
		mgmt->u.beacon.beacon_int =
			cpu_to_le16(local->hw.conf.beacon_int);
2435
		mgmt->u.beacon.timestamp = cpu_to_le64(bss->timestamp);
2436 2437 2438 2439 2440 2441 2442 2443 2444 2445 2446 2447 2448 2449 2450 2451 2452 2453 2454 2455 2456 2457 2458 2459 2460 2461 2462 2463 2464 2465 2466 2467 2468 2469 2470 2471 2472
		mgmt->u.beacon.capab_info = cpu_to_le16(bss->capability);

		pos = skb_put(skb, 2 + ifsta->ssid_len);
		*pos++ = WLAN_EID_SSID;
		*pos++ = ifsta->ssid_len;
		memcpy(pos, ifsta->ssid, ifsta->ssid_len);

		rates = bss->supp_rates_len;
		if (rates > 8)
			rates = 8;
		pos = skb_put(skb, 2 + rates);
		*pos++ = WLAN_EID_SUPP_RATES;
		*pos++ = rates;
		memcpy(pos, bss->supp_rates, rates);

		if (bss->band == IEEE80211_BAND_2GHZ) {
			pos = skb_put(skb, 2 + 1);
			*pos++ = WLAN_EID_DS_PARAMS;
			*pos++ = 1;
			*pos++ = ieee80211_frequency_to_channel(bss->freq);
		}

		pos = skb_put(skb, 2 + 2);
		*pos++ = WLAN_EID_IBSS_PARAMS;
		*pos++ = 2;
		/* FIX: set ATIM window based on scan results */
		*pos++ = 0;
		*pos++ = 0;

		if (bss->supp_rates_len > 8) {
			rates = bss->supp_rates_len - 8;
			pos = skb_put(skb, 2 + rates);
			*pos++ = WLAN_EID_EXT_SUPP_RATES;
			*pos++ = rates;
			memcpy(pos, &bss->supp_rates[8], rates);
		}

2473
		ifsta->probe_resp = skb;
2474

2475 2476
		ieee80211_if_config(sdata, IEEE80211_IFCC_BEACON);
	}
2477

2478 2479 2480 2481 2482 2483 2484
	rates = 0;
	sband = local->hw.wiphy->bands[local->hw.conf.channel->band];
	for (i = 0; i < bss->supp_rates_len; i++) {
		int bitrate = (bss->supp_rates[i] & 0x7f) * 5;
		for (j = 0; j < sband->n_bitrates; j++)
			if (sband->bitrates[j].bitrate == bitrate)
				rates |= BIT(j);
2485
	}
2486 2487
	ifsta->supp_rates_bits[local->hw.conf.channel->band] = rates;

2488
	ieee80211_sta_def_wmm_params(sdata, bss, 1);
2489

2490
	ifsta->state = IEEE80211_STA_MLME_IBSS_JOINED;
2491 2492
	mod_timer(&ifsta->timer, jiffies + IEEE80211_IBSS_MERGE_INTERVAL);

2493 2494
	memset(&wrqu, 0, sizeof(wrqu));
	memcpy(wrqu.ap_addr.sa_data, bss->bssid, ETH_ALEN);
2495
	wireless_send_event(sdata->dev, SIOCGIWAP, &wrqu, NULL);
2496 2497 2498 2499

	return res;
}

2500 2501 2502 2503 2504 2505 2506 2507 2508 2509 2510 2511 2512 2513 2514 2515 2516 2517 2518 2519 2520 2521 2522 2523 2524 2525 2526 2527 2528 2529 2530 2531 2532 2533 2534 2535
u64 ieee80211_sta_get_rates(struct ieee80211_local *local,
			    struct ieee802_11_elems *elems,
			    enum ieee80211_band band)
{
	struct ieee80211_supported_band *sband;
	struct ieee80211_rate *bitrates;
	size_t num_rates;
	u64 supp_rates;
	int i, j;
	sband = local->hw.wiphy->bands[band];

	if (!sband) {
		WARN_ON(1);
		sband = local->hw.wiphy->bands[local->hw.conf.channel->band];
	}

	bitrates = sband->bitrates;
	num_rates = sband->n_bitrates;
	supp_rates = 0;
	for (i = 0; i < elems->supp_rates_len +
		     elems->ext_supp_rates_len; i++) {
		u8 rate = 0;
		int own_rate;
		if (i < elems->supp_rates_len)
			rate = elems->supp_rates[i];
		else if (elems->ext_supp_rates)
			rate = elems->ext_supp_rates
				[i - elems->supp_rates_len];
		own_rate = 5 * (rate & 0x7f);
		for (j = 0; j < num_rates; j++)
			if (bitrates[j].bitrate == own_rate)
				supp_rates |= BIT(j);
	}
	return supp_rates;
}

2536

2537
static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
2538 2539 2540
				  struct ieee80211_mgmt *mgmt,
				  size_t len,
				  struct ieee80211_rx_status *rx_status,
2541
				  struct ieee802_11_elems *elems,
2542 2543
				  int beacon)
{
2544
	struct ieee80211_local *local = sdata->local;
2545
	int freq, clen;
2546 2547
	struct ieee80211_sta_bss *bss;
	struct sta_info *sta;
B
Bruno Randolf 已提交
2548
	u64 beacon_timestamp, rx_timestamp;
2549
	struct ieee80211_channel *channel;
2550 2551
	DECLARE_MAC_BUF(mac);
	DECLARE_MAC_BUF(mac2);
2552

B
Bruno Randolf 已提交
2553
	beacon_timestamp = le64_to_cpu(mgmt->u.beacon.timestamp);
2554

2555
	if (ieee80211_vif_is_mesh(&sdata->vif) && elems->mesh_id &&
2556
	    elems->mesh_config && mesh_matches_local(elems, sdata)) {
2557
		u64 rates = ieee80211_sta_get_rates(local, elems,
J
Johannes Berg 已提交
2558 2559
						rx_status->band);

2560 2561
		mesh_neighbour_update(mgmt->sa, rates, sdata,
				      mesh_peer_accepts_plinks(elems));
J
Johannes Berg 已提交
2562
	}
2563

2564 2565
	rcu_read_lock();

2566
	if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS && elems->supp_rates &&
2567 2568
	    memcmp(mgmt->bssid, sdata->u.sta.bssid, ETH_ALEN) == 0 &&
	    (sta = sta_info_get(local, mgmt->sa))) {
2569
		u64 prev_rates;
2570
		u64 supp_rates = ieee80211_sta_get_rates(local, elems,
2571
							rx_status->band);
2572

2573 2574 2575
		prev_rates = sta->supp_rates[rx_status->band];
		sta->supp_rates[rx_status->band] &= supp_rates;
		if (sta->supp_rates[rx_status->band] == 0) {
2576 2577 2578
			/* No matching rates - this should not really happen.
			 * Make sure that at least one rate is marked
			 * supported to avoid issues with TX rate ctrl. */
2579 2580
			sta->supp_rates[rx_status->band] =
				sdata->u.sta.supp_rates_bits[rx_status->band];
2581 2582 2583
		}
	}

2584 2585
	rcu_read_unlock();

2586 2587
	if (elems->ds_params && elems->ds_params_len == 1)
		freq = ieee80211_channel_to_frequency(elems->ds_params[0]);
2588
	else
2589
		freq = rx_status->freq;
2590

2591 2592 2593 2594 2595
	channel = ieee80211_get_channel(local->hw.wiphy, freq);

	if (!channel || channel->flags & IEEE80211_CHAN_DISABLED)
		return;

2596
#ifdef CONFIG_MAC80211_MESH
2597
	if (elems->mesh_config)
2598
		bss = ieee80211_rx_mesh_bss_get(local, elems->mesh_id,
2599
				elems->mesh_id_len, elems->mesh_config, freq);
2600 2601
	else
#endif
2602
		bss = ieee80211_rx_bss_get(local, mgmt->bssid, freq,
2603
					   elems->ssid, elems->ssid_len);
2604 2605
	if (!bss) {
#ifdef CONFIG_MAC80211_MESH
2606
		if (elems->mesh_config)
2607
			bss = ieee80211_rx_mesh_bss_add(local, elems->mesh_id,
2608 2609
				elems->mesh_id_len, elems->mesh_config,
				elems->mesh_config_len, freq);
2610 2611
		else
#endif
2612
			bss = ieee80211_rx_bss_add(sdata, mgmt->bssid, freq,
2613
						  elems->ssid, elems->ssid_len);
2614 2615 2616 2617 2618 2619 2620 2621 2622 2623 2624
		if (!bss)
			return;
	} else {
#if 0
		/* TODO: order by RSSI? */
		spin_lock_bh(&local->sta_bss_lock);
		list_move_tail(&bss->list, &local->sta_bss_list);
		spin_unlock_bh(&local->sta_bss_lock);
#endif
	}

2625
	/* save the ERP value so that it is available at association time */
2626 2627
	if (elems->erp_info && elems->erp_info_len >= 1) {
		bss->erp_value = elems->erp_info[0];
2628 2629 2630
		bss->has_erp_value = 1;
	}

2631 2632 2633
	if (elems->ht_cap_elem &&
	     (!bss->ht_ie || bss->ht_ie_len != elems->ht_cap_elem_len ||
	     memcmp(bss->ht_ie, elems->ht_cap_elem, elems->ht_cap_elem_len))) {
2634
		kfree(bss->ht_ie);
2635
		bss->ht_ie = kmalloc(elems->ht_cap_elem_len + 2, GFP_ATOMIC);
2636
		if (bss->ht_ie) {
2637 2638 2639
			memcpy(bss->ht_ie, elems->ht_cap_elem - 2,
				elems->ht_cap_elem_len + 2);
			bss->ht_ie_len = elems->ht_cap_elem_len + 2;
2640 2641
		} else
			bss->ht_ie_len = 0;
2642
	} else if (!elems->ht_cap_elem && bss->ht_ie) {
2643 2644 2645 2646 2647
		kfree(bss->ht_ie);
		bss->ht_ie = NULL;
		bss->ht_ie_len = 0;
	}

2648
	if (elems->ht_info_elem &&
2649
	     (!bss->ht_add_ie ||
2650 2651 2652
	     bss->ht_add_ie_len != elems->ht_info_elem_len ||
	     memcmp(bss->ht_add_ie, elems->ht_info_elem,
			elems->ht_info_elem_len))) {
2653 2654
		kfree(bss->ht_add_ie);
		bss->ht_add_ie =
2655
			kmalloc(elems->ht_info_elem_len + 2, GFP_ATOMIC);
2656
		if (bss->ht_add_ie) {
2657 2658 2659
			memcpy(bss->ht_add_ie, elems->ht_info_elem - 2,
				elems->ht_info_elem_len + 2);
			bss->ht_add_ie_len = elems->ht_info_elem_len + 2;
2660 2661
		} else
			bss->ht_add_ie_len = 0;
2662
	} else if (!elems->ht_info_elem && bss->ht_add_ie) {
2663 2664 2665 2666 2667
		kfree(bss->ht_add_ie);
		bss->ht_add_ie = NULL;
		bss->ht_add_ie_len = 0;
	}

2668 2669 2670
	bss->beacon_int = le16_to_cpu(mgmt->u.beacon.beacon_int);
	bss->capability = le16_to_cpu(mgmt->u.beacon.capab_info);

2671 2672 2673 2674 2675 2676 2677 2678 2679 2680
	if (elems->tim) {
		struct ieee80211_tim_ie *tim_ie =
			(struct ieee80211_tim_ie *)elems->tim;
		bss->dtim_period = tim_ie->dtim_period;
	}

	/* set default value for buggy APs */
	if (!elems->tim || bss->dtim_period == 0)
		bss->dtim_period = 1;

2681
	bss->supp_rates_len = 0;
2682
	if (elems->supp_rates) {
2683
		clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len;
2684 2685 2686
		if (clen > elems->supp_rates_len)
			clen = elems->supp_rates_len;
		memcpy(&bss->supp_rates[bss->supp_rates_len], elems->supp_rates,
2687 2688 2689
		       clen);
		bss->supp_rates_len += clen;
	}
2690
	if (elems->ext_supp_rates) {
2691
		clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len;
2692 2693
		if (clen > elems->ext_supp_rates_len)
			clen = elems->ext_supp_rates_len;
2694
		memcpy(&bss->supp_rates[bss->supp_rates_len],
2695
		       elems->ext_supp_rates, clen);
2696 2697 2698
		bss->supp_rates_len += clen;
	}

2699 2700 2701 2702 2703 2704
	bss->band = rx_status->band;

	bss->timestamp = beacon_timestamp;
	bss->last_update = jiffies;
	bss->signal = rx_status->signal;
	bss->noise = rx_status->noise;
2705
	bss->qual = rx_status->qual;
2706 2707 2708 2709 2710 2711 2712 2713 2714
	if (!beacon && !bss->probe_resp)
		bss->probe_resp = true;

	/*
	 * In STA mode, the remaining parameters should not be overridden
	 * by beacons because they're not necessarily accurate there.
	 */
	if (sdata->vif.type != IEEE80211_IF_TYPE_IBSS &&
	    bss->probe_resp && beacon) {
2715
		ieee80211_rx_bss_put(local, bss);
2716 2717 2718
		return;
	}

2719 2720 2721
	if (elems->wpa &&
	    (!bss->wpa_ie || bss->wpa_ie_len != elems->wpa_len ||
	     memcmp(bss->wpa_ie, elems->wpa, elems->wpa_len))) {
2722
		kfree(bss->wpa_ie);
2723
		bss->wpa_ie = kmalloc(elems->wpa_len + 2, GFP_ATOMIC);
2724
		if (bss->wpa_ie) {
2725 2726
			memcpy(bss->wpa_ie, elems->wpa - 2, elems->wpa_len + 2);
			bss->wpa_ie_len = elems->wpa_len + 2;
2727 2728
		} else
			bss->wpa_ie_len = 0;
2729
	} else if (!elems->wpa && bss->wpa_ie) {
2730 2731 2732 2733 2734
		kfree(bss->wpa_ie);
		bss->wpa_ie = NULL;
		bss->wpa_ie_len = 0;
	}

2735 2736 2737
	if (elems->rsn &&
	    (!bss->rsn_ie || bss->rsn_ie_len != elems->rsn_len ||
	     memcmp(bss->rsn_ie, elems->rsn, elems->rsn_len))) {
2738
		kfree(bss->rsn_ie);
2739
		bss->rsn_ie = kmalloc(elems->rsn_len + 2, GFP_ATOMIC);
2740
		if (bss->rsn_ie) {
2741 2742
			memcpy(bss->rsn_ie, elems->rsn - 2, elems->rsn_len + 2);
			bss->rsn_ie_len = elems->rsn_len + 2;
2743 2744
		} else
			bss->rsn_ie_len = 0;
2745
	} else if (!elems->rsn && bss->rsn_ie) {
2746 2747 2748 2749 2750
		kfree(bss->rsn_ie);
		bss->rsn_ie = NULL;
		bss->rsn_ie_len = 0;
	}

2751 2752 2753 2754 2755 2756 2757 2758 2759 2760 2761 2762 2763 2764
	/*
	 * Cf.
	 * http://www.wipo.int/pctdb/en/wo.jsp?wo=2007047181&IA=WO2007047181&DISPLAY=DESC
	 *
	 * quoting:
	 *
	 * In particular, "Wi-Fi CERTIFIED for WMM - Support for Multimedia
	 * Applications with Quality of Service in Wi-Fi Networks," Wi- Fi
	 * Alliance (September 1, 2004) is incorporated by reference herein.
	 * The inclusion of the WMM Parameters in probe responses and
	 * association responses is mandatory for WMM enabled networks. The
	 * inclusion of the WMM Parameters in beacons, however, is optional.
	 */

2765 2766 2767
	if (elems->wmm_param &&
	    (!bss->wmm_ie || bss->wmm_ie_len != elems->wmm_param_len ||
	     memcmp(bss->wmm_ie, elems->wmm_param, elems->wmm_param_len))) {
2768
		kfree(bss->wmm_ie);
2769
		bss->wmm_ie = kmalloc(elems->wmm_param_len + 2, GFP_ATOMIC);
2770
		if (bss->wmm_ie) {
2771 2772 2773
			memcpy(bss->wmm_ie, elems->wmm_param - 2,
			       elems->wmm_param_len + 2);
			bss->wmm_ie_len = elems->wmm_param_len + 2;
2774 2775
		} else
			bss->wmm_ie_len = 0;
2776 2777 2778 2779
	} else if (elems->wmm_info &&
		    (!bss->wmm_ie || bss->wmm_ie_len != elems->wmm_info_len ||
		     memcmp(bss->wmm_ie, elems->wmm_info,
						elems->wmm_info_len))) {
2780 2781 2782 2783 2784 2785 2786 2787 2788
		 /* As for certain AP's Fifth bit is not set in WMM IE in
		  * beacon frames.So while parsing the beacon frame the
		  * wmm_info structure is used instead of wmm_param.
		  * wmm_info structure was never used to set bss->wmm_ie.
		  * This code fixes this problem by copying the WME
		  * information from wmm_info to bss->wmm_ie and enabling
		  * n-band association.
		  */
		kfree(bss->wmm_ie);
2789
		bss->wmm_ie = kmalloc(elems->wmm_info_len + 2, GFP_ATOMIC);
2790
		if (bss->wmm_ie) {
2791 2792 2793
			memcpy(bss->wmm_ie, elems->wmm_info - 2,
			       elems->wmm_info_len + 2);
			bss->wmm_ie_len = elems->wmm_info_len + 2;
2794 2795
		} else
			bss->wmm_ie_len = 0;
2796
	} else if (!elems->wmm_param && !elems->wmm_info && bss->wmm_ie) {
2797 2798 2799 2800
		kfree(bss->wmm_ie);
		bss->wmm_ie = NULL;
		bss->wmm_ie_len = 0;
	}
B
Bruno Randolf 已提交
2801 2802 2803 2804

	/* check if we need to merge IBSS */
	if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS && beacon &&
	    !local->sta_sw_scanning && !local->sta_hw_scanning &&
J
Johannes Berg 已提交
2805
	    bss->capability & WLAN_CAPABILITY_IBSS &&
B
Bruno Randolf 已提交
2806
	    bss->freq == local->oper_channel->center_freq &&
2807 2808 2809
	    elems->ssid_len == sdata->u.sta.ssid_len &&
	    memcmp(elems->ssid, sdata->u.sta.ssid,
				sdata->u.sta.ssid_len) == 0) {
B
Bruno Randolf 已提交
2810 2811 2812 2813 2814 2815 2816 2817 2818 2819 2820 2821 2822 2823 2824 2825 2826 2827 2828 2829 2830 2831 2832 2833 2834 2835 2836 2837 2838 2839 2840 2841 2842 2843 2844 2845
		if (rx_status->flag & RX_FLAG_TSFT) {
			/* in order for correct IBSS merging we need mactime
			 *
			 * since mactime is defined as the time the first data
			 * symbol of the frame hits the PHY, and the timestamp
			 * of the beacon is defined as "the time that the data
			 * symbol containing the first bit of the timestamp is
			 * transmitted to the PHY plus the transmitting STA’s
			 * delays through its local PHY from the MAC-PHY
			 * interface to its interface with the WM"
			 * (802.11 11.1.2) - equals the time this bit arrives at
			 * the receiver - we have to take into account the
			 * offset between the two.
			 * e.g: at 1 MBit that means mactime is 192 usec earlier
			 * (=24 bytes * 8 usecs/byte) than the beacon timestamp.
			 */
			int rate = local->hw.wiphy->bands[rx_status->band]->
					bitrates[rx_status->rate_idx].bitrate;
			rx_timestamp = rx_status->mactime + (24 * 8 * 10 / rate);
		} else if (local && local->ops && local->ops->get_tsf)
			/* second best option: get current TSF */
			rx_timestamp = local->ops->get_tsf(local_to_hw(local));
		else
			/* can't merge without knowing the TSF */
			rx_timestamp = -1LLU;
#ifdef CONFIG_MAC80211_IBSS_DEBUG
		printk(KERN_DEBUG "RX beacon SA=%s BSSID="
		       "%s TSF=0x%llx BCN=0x%llx diff=%lld @%lu\n",
		       print_mac(mac, mgmt->sa),
		       print_mac(mac2, mgmt->bssid),
		       (unsigned long long)rx_timestamp,
		       (unsigned long long)beacon_timestamp,
		       (unsigned long long)(rx_timestamp - beacon_timestamp),
		       jiffies);
#endif /* CONFIG_MAC80211_IBSS_DEBUG */
		if (beacon_timestamp > rx_timestamp) {
J
Johannes Berg 已提交
2846
#ifndef CONFIG_MAC80211_IBSS_DEBUG
2847 2848
			printk(KERN_DEBUG "%s: beacon TSF higher than "
			       "local TSF - IBSS merge with BSSID %s\n",
2849
			       sdata->dev->name, print_mac(mac, mgmt->bssid));
J
Johannes Berg 已提交
2850
#endif
2851 2852
			ieee80211_sta_join_ibss(sdata, &sdata->u.sta, bss);
			ieee80211_ibss_add_sta(sdata, NULL,
2853 2854
					       mgmt->bssid, mgmt->sa,
					       BIT(rx_status->rate_idx));
B
Bruno Randolf 已提交
2855 2856 2857
		}
	}

2858
	ieee80211_rx_bss_put(local, bss);
2859 2860 2861
}


2862
static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata,
2863 2864 2865 2866
					 struct ieee80211_mgmt *mgmt,
					 size_t len,
					 struct ieee80211_rx_status *rx_status)
{
2867 2868 2869
	size_t baselen;
	struct ieee802_11_elems elems;

2870 2871 2872
	if (memcmp(mgmt->da, sdata->dev->dev_addr, ETH_ALEN))
		return; /* ignore ProbeResp to foreign address */

2873 2874 2875 2876 2877 2878 2879
	baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt;
	if (baselen > len)
		return;

	ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen,
				&elems);

2880
	ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems, 0);
2881 2882 2883
}


2884
static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
2885 2886 2887 2888 2889 2890 2891
				     struct ieee80211_mgmt *mgmt,
				     size_t len,
				     struct ieee80211_rx_status *rx_status)
{
	struct ieee80211_if_sta *ifsta;
	size_t baselen;
	struct ieee802_11_elems elems;
2892
	struct ieee80211_local *local = sdata->local;
2893
	struct ieee80211_conf *conf = &local->hw.conf;
2894
	u32 changed = 0;
2895

2896 2897 2898 2899 2900 2901 2902
	/* Process beacon from the current BSS */
	baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
	if (baselen > len)
		return;

	ieee802_11_parse_elems(mgmt->u.beacon.variable, len - baselen, &elems);

2903
	ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems, 1);
2904

2905
	if (sdata->vif.type != IEEE80211_IF_TYPE_STA)
2906 2907 2908
		return;
	ifsta = &sdata->u.sta;

2909
	if (!(ifsta->flags & IEEE80211_STA_ASSOCIATED) ||
2910 2911 2912
	    memcmp(ifsta->bssid, mgmt->bssid, ETH_ALEN) != 0)
		return;

2913
	ieee80211_sta_wmm_params(local, ifsta, elems.wmm_param,
2914
				 elems.wmm_param_len);
2915 2916 2917 2918 2919 2920 2921

	/* Do not send changes to driver if we are scanning. This removes
	 * requirement that driver's bss_info_changed function needs to be
	 * atomic. */
	if (local->sta_sw_scanning || local->sta_hw_scanning)
		return;

2922
	if (elems.erp_info && elems.erp_info_len >= 1)
2923
		changed |= ieee80211_handle_erp_ie(sdata, elems.erp_info[0]);
2924 2925 2926 2927 2928
	else {
		u16 capab = le16_to_cpu(mgmt->u.beacon.capab_info);
		changed |= ieee80211_handle_protect_preamb(sdata, false,
				(capab & WLAN_CAPABILITY_SHORT_PREAMBLE) != 0);
	}
2929

2930
	if (elems.ht_cap_elem && elems.ht_info_elem &&
T
Tomas Winkler 已提交
2931
	    elems.wmm_param && conf->flags & IEEE80211_CONF_SUPPORT_HT_MODE) {
2932 2933 2934 2935 2936
		struct ieee80211_ht_bss_info bss_info;

		ieee80211_ht_addt_info_ie_to_ht_bss_info(
				(struct ieee80211_ht_addt_info *)
				elems.ht_info_elem, &bss_info);
T
Tomas Winkler 已提交
2937 2938
		changed |= ieee80211_handle_ht(local, 1, &conf->ht_conf,
					       &bss_info);
2939 2940
	}

2941
	ieee80211_bss_info_change_notify(sdata, changed);
2942 2943 2944
}


2945
static void ieee80211_rx_mgmt_probe_req(struct ieee80211_sub_if_data *sdata,
2946 2947 2948 2949 2950
					struct ieee80211_if_sta *ifsta,
					struct ieee80211_mgmt *mgmt,
					size_t len,
					struct ieee80211_rx_status *rx_status)
{
2951
	struct ieee80211_local *local = sdata->local;
2952 2953 2954 2955
	int tx_last_beacon;
	struct sk_buff *skb;
	struct ieee80211_mgmt *resp;
	u8 *pos, *end;
2956 2957 2958 2959 2960
	DECLARE_MAC_BUF(mac);
#ifdef CONFIG_MAC80211_IBSS_DEBUG
	DECLARE_MAC_BUF(mac2);
	DECLARE_MAC_BUF(mac3);
#endif
2961

2962
	if (sdata->vif.type != IEEE80211_IF_TYPE_IBSS ||
2963
	    ifsta->state != IEEE80211_STA_MLME_IBSS_JOINED ||
2964 2965 2966 2967 2968 2969 2970 2971 2972
	    len < 24 + 2 || !ifsta->probe_resp)
		return;

	if (local->ops->tx_last_beacon)
		tx_last_beacon = local->ops->tx_last_beacon(local_to_hw(local));
	else
		tx_last_beacon = 1;

#ifdef CONFIG_MAC80211_IBSS_DEBUG
2973 2974
	printk(KERN_DEBUG "%s: RX ProbeReq SA=%s DA=%s BSSID="
	       "%s (tx_last_beacon=%d)\n",
2975
	       sdata->dev->name, print_mac(mac, mgmt->sa), print_mac(mac2, mgmt->da),
2976
	       print_mac(mac3, mgmt->bssid), tx_last_beacon);
2977 2978 2979 2980 2981 2982 2983 2984 2985 2986 2987 2988 2989
#endif /* CONFIG_MAC80211_IBSS_DEBUG */

	if (!tx_last_beacon)
		return;

	if (memcmp(mgmt->bssid, ifsta->bssid, ETH_ALEN) != 0 &&
	    memcmp(mgmt->bssid, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) != 0)
		return;

	end = ((u8 *) mgmt) + len;
	pos = mgmt->u.probe_req.variable;
	if (pos[0] != WLAN_EID_SSID ||
	    pos + 2 + pos[1] > end) {
2990 2991 2992
#ifdef CONFIG_MAC80211_IBSS_DEBUG
		printk(KERN_DEBUG "%s: Invalid SSID IE in ProbeReq "
		       "from %s\n",
2993
		       sdata->dev->name, print_mac(mac, mgmt->sa));
2994
#endif
2995 2996 2997 2998 2999 3000 3001 3002 3003 3004
		return;
	}
	if (pos[1] != 0 &&
	    (pos[1] != ifsta->ssid_len ||
	     memcmp(pos + 2, ifsta->ssid, ifsta->ssid_len) != 0)) {
		/* Ignore ProbeReq for foreign SSID */
		return;
	}

	/* Reply with ProbeResp */
3005
	skb = skb_copy(ifsta->probe_resp, GFP_KERNEL);
3006 3007 3008 3009 3010 3011
	if (!skb)
		return;

	resp = (struct ieee80211_mgmt *) skb->data;
	memcpy(resp->da, mgmt->sa, ETH_ALEN);
#ifdef CONFIG_MAC80211_IBSS_DEBUG
3012
	printk(KERN_DEBUG "%s: Sending ProbeResp to %s\n",
3013
	       sdata->dev->name, print_mac(mac, resp->da));
3014
#endif /* CONFIG_MAC80211_IBSS_DEBUG */
3015
	ieee80211_sta_tx(sdata, skb, 0);
3016 3017
}

3018
static void ieee80211_rx_mgmt_action(struct ieee80211_sub_if_data *sdata,
3019 3020
				     struct ieee80211_if_sta *ifsta,
				     struct ieee80211_mgmt *mgmt,
3021 3022
				     size_t len,
				     struct ieee80211_rx_status *rx_status)
3023
{
3024
	struct ieee80211_local *local = sdata->local;
3025

3026 3027 3028 3029
	if (len < IEEE80211_MIN_ACTION_SIZE)
		return;

	switch (mgmt->u.action.category) {
3030 3031 3032 3033 3034 3035 3036 3037
	case WLAN_CATEGORY_SPECTRUM_MGMT:
		if (local->hw.conf.channel->band != IEEE80211_BAND_5GHZ)
			break;
		switch (mgmt->u.action.u.chan_switch.action_code) {
		case WLAN_ACTION_SPCT_MSR_REQ:
			if (len < (IEEE80211_MIN_ACTION_SIZE +
				   sizeof(mgmt->u.action.u.measurement)))
				break;
3038
			ieee80211_sta_process_measurement_req(sdata, mgmt, len);
3039 3040 3041
			break;
		}
		break;
3042 3043 3044 3045 3046 3047
	case WLAN_CATEGORY_BACK:
		switch (mgmt->u.action.u.addba_req.action_code) {
		case WLAN_ACTION_ADDBA_REQ:
			if (len < (IEEE80211_MIN_ACTION_SIZE +
				   sizeof(mgmt->u.action.u.addba_req)))
				break;
3048
			ieee80211_sta_process_addba_request(local, mgmt, len);
3049
			break;
3050 3051 3052 3053
		case WLAN_ACTION_ADDBA_RESP:
			if (len < (IEEE80211_MIN_ACTION_SIZE +
				   sizeof(mgmt->u.action.u.addba_resp)))
				break;
3054
			ieee80211_sta_process_addba_resp(local, mgmt, len);
3055
			break;
3056 3057 3058 3059
		case WLAN_ACTION_DELBA:
			if (len < (IEEE80211_MIN_ACTION_SIZE +
				   sizeof(mgmt->u.action.u.delba)))
				break;
3060
			ieee80211_sta_process_delba(sdata, mgmt, len);
3061
			break;
3062 3063
		}
		break;
3064
	case PLINK_CATEGORY:
J
Johannes Berg 已提交
3065
		if (ieee80211_vif_is_mesh(&sdata->vif))
3066
			mesh_rx_plink_frame(sdata, mgmt, len, rx_status);
3067 3068
		break;
	case MESH_PATH_SEL_CATEGORY:
J
Johannes Berg 已提交
3069
		if (ieee80211_vif_is_mesh(&sdata->vif))
3070
			mesh_rx_path_sel_frame(sdata, mgmt, len);
3071
		break;
3072 3073
	}
}
3074

3075
void ieee80211_sta_rx_mgmt(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb,
3076 3077
			   struct ieee80211_rx_status *rx_status)
{
3078
	struct ieee80211_local *local = sdata->local;
3079 3080 3081 3082 3083 3084 3085 3086 3087 3088 3089 3090 3091 3092 3093 3094
	struct ieee80211_if_sta *ifsta;
	struct ieee80211_mgmt *mgmt;
	u16 fc;

	if (skb->len < 24)
		goto fail;

	ifsta = &sdata->u.sta;

	mgmt = (struct ieee80211_mgmt *) skb->data;
	fc = le16_to_cpu(mgmt->frame_control);

	switch (fc & IEEE80211_FCTL_STYPE) {
	case IEEE80211_STYPE_PROBE_REQ:
	case IEEE80211_STYPE_PROBE_RESP:
	case IEEE80211_STYPE_BEACON:
3095
	case IEEE80211_STYPE_ACTION:
3096 3097 3098 3099 3100 3101 3102 3103 3104 3105 3106 3107 3108 3109 3110 3111
		memcpy(skb->cb, rx_status, sizeof(*rx_status));
	case IEEE80211_STYPE_AUTH:
	case IEEE80211_STYPE_ASSOC_RESP:
	case IEEE80211_STYPE_REASSOC_RESP:
	case IEEE80211_STYPE_DEAUTH:
	case IEEE80211_STYPE_DISASSOC:
		skb_queue_tail(&ifsta->skb_queue, skb);
		queue_work(local->hw.workqueue, &ifsta->work);
		return;
	}

 fail:
	kfree_skb(skb);
}


3112
static void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
3113 3114 3115 3116 3117 3118 3119 3120 3121 3122 3123 3124 3125 3126 3127
					 struct sk_buff *skb)
{
	struct ieee80211_rx_status *rx_status;
	struct ieee80211_if_sta *ifsta;
	struct ieee80211_mgmt *mgmt;
	u16 fc;

	ifsta = &sdata->u.sta;

	rx_status = (struct ieee80211_rx_status *) skb->cb;
	mgmt = (struct ieee80211_mgmt *) skb->data;
	fc = le16_to_cpu(mgmt->frame_control);

	switch (fc & IEEE80211_FCTL_STYPE) {
	case IEEE80211_STYPE_PROBE_REQ:
3128
		ieee80211_rx_mgmt_probe_req(sdata, ifsta, mgmt, skb->len,
3129 3130 3131
					    rx_status);
		break;
	case IEEE80211_STYPE_PROBE_RESP:
3132
		ieee80211_rx_mgmt_probe_resp(sdata, mgmt, skb->len, rx_status);
3133 3134
		break;
	case IEEE80211_STYPE_BEACON:
3135
		ieee80211_rx_mgmt_beacon(sdata, mgmt, skb->len, rx_status);
3136 3137
		break;
	case IEEE80211_STYPE_AUTH:
3138
		ieee80211_rx_mgmt_auth(sdata, ifsta, mgmt, skb->len);
3139 3140
		break;
	case IEEE80211_STYPE_ASSOC_RESP:
3141
		ieee80211_rx_mgmt_assoc_resp(sdata, ifsta, mgmt, skb->len, 0);
3142 3143
		break;
	case IEEE80211_STYPE_REASSOC_RESP:
3144
		ieee80211_rx_mgmt_assoc_resp(sdata, ifsta, mgmt, skb->len, 1);
3145 3146
		break;
	case IEEE80211_STYPE_DEAUTH:
3147
		ieee80211_rx_mgmt_deauth(sdata, ifsta, mgmt, skb->len);
3148 3149
		break;
	case IEEE80211_STYPE_DISASSOC:
3150
		ieee80211_rx_mgmt_disassoc(sdata, ifsta, mgmt, skb->len);
3151
		break;
3152
	case IEEE80211_STYPE_ACTION:
3153
		ieee80211_rx_mgmt_action(sdata, ifsta, mgmt, skb->len, rx_status);
3154
		break;
3155 3156 3157 3158 3159 3160
	}

	kfree_skb(skb);
}


3161
ieee80211_rx_result
3162
ieee80211_sta_rx_scan(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb,
Z
Zhu Yi 已提交
3163
		      struct ieee80211_rx_status *rx_status)
3164 3165
{
	struct ieee80211_mgmt *mgmt;
3166
	__le16 fc;
3167

Z
Zhu Yi 已提交
3168
	if (skb->len < 2)
J
Johannes Berg 已提交
3169
		return RX_DROP_UNUSABLE;
3170 3171

	mgmt = (struct ieee80211_mgmt *) skb->data;
3172
	fc = mgmt->frame_control;
3173

3174
	if (ieee80211_is_ctl(fc))
3175
		return RX_CONTINUE;
Z
Zhu Yi 已提交
3176 3177

	if (skb->len < 24)
J
Johannes Berg 已提交
3178
		return RX_DROP_MONITOR;
Z
Zhu Yi 已提交
3179

3180
	if (ieee80211_is_probe_resp(fc)) {
3181
		ieee80211_rx_mgmt_probe_resp(sdata, mgmt, skb->len, rx_status);
3182 3183
		dev_kfree_skb(skb);
		return RX_QUEUED;
3184
	}
3185 3186

	if (ieee80211_is_beacon(fc)) {
3187
		ieee80211_rx_mgmt_beacon(sdata, mgmt, skb->len, rx_status);
3188 3189 3190 3191
		dev_kfree_skb(skb);
		return RX_QUEUED;
	}

3192
	return RX_CONTINUE;
3193 3194 3195
}


3196
static int ieee80211_sta_active_ibss(struct ieee80211_sub_if_data *sdata)
3197
{
3198
	struct ieee80211_local *local = sdata->local;
3199 3200 3201
	int active = 0;
	struct sta_info *sta;

3202 3203 3204 3205
	rcu_read_lock();

	list_for_each_entry_rcu(sta, &local->sta_list, list) {
		if (sta->sdata == sdata &&
3206 3207 3208 3209 3210 3211
		    time_after(sta->last_rx + IEEE80211_IBSS_MERGE_INTERVAL,
			       jiffies)) {
			active++;
			break;
		}
	}
3212 3213

	rcu_read_unlock();
3214 3215 3216 3217 3218

	return active;
}


3219
static void ieee80211_sta_expire(struct ieee80211_sub_if_data *sdata, unsigned long exp_time)
3220
{
3221
	struct ieee80211_local *local = sdata->local;
3222
	struct sta_info *sta, *tmp;
3223
	LIST_HEAD(tmp_list);
3224
	DECLARE_MAC_BUF(mac);
3225
	unsigned long flags;
3226

3227
	spin_lock_irqsave(&local->sta_lock, flags);
3228
	list_for_each_entry_safe(sta, tmp, &local->sta_list, list)
3229
		if (time_after(jiffies, sta->last_rx + exp_time)) {
3230
#ifdef CONFIG_MAC80211_IBSS_DEBUG
3231
			printk(KERN_DEBUG "%s: expiring inactive STA %s\n",
3232
			       sdata->dev->name, print_mac(mac, sta->addr));
3233
#endif
3234
			__sta_info_unlink(&sta);
3235 3236
			if (sta)
				list_add(&sta->list, &tmp_list);
3237
		}
3238
	spin_unlock_irqrestore(&local->sta_lock, flags);
3239

3240 3241
	list_for_each_entry_safe(sta, tmp, &tmp_list, list)
		sta_info_destroy(sta);
3242 3243 3244
}


3245
static void ieee80211_sta_merge_ibss(struct ieee80211_sub_if_data *sdata,
3246 3247 3248 3249
				     struct ieee80211_if_sta *ifsta)
{
	mod_timer(&ifsta->timer, jiffies + IEEE80211_IBSS_MERGE_INTERVAL);

3250 3251
	ieee80211_sta_expire(sdata, IEEE80211_IBSS_INACTIVITY_LIMIT);
	if (ieee80211_sta_active_ibss(sdata))
3252 3253 3254
		return;

	printk(KERN_DEBUG "%s: No active IBSS STAs - trying to scan for other "
3255 3256
	       "IBSS networks with same SSID (merge)\n", sdata->dev->name);
	ieee80211_sta_req_scan(sdata, ifsta->ssid, ifsta->ssid_len);
3257 3258 3259
}


3260
#ifdef CONFIG_MAC80211_MESH
3261
static void ieee80211_mesh_housekeeping(struct ieee80211_sub_if_data *sdata,
3262 3263 3264 3265
			   struct ieee80211_if_sta *ifsta)
{
	bool free_plinks;

3266 3267
	ieee80211_sta_expire(sdata, IEEE80211_MESH_PEER_INACTIVITY_LIMIT);
	mesh_path_expire(sdata);
3268 3269 3270

	free_plinks = mesh_plink_availables(sdata);
	if (free_plinks != sdata->u.sta.accepting_plinks)
3271
		ieee80211_if_config(sdata, IEEE80211_IFCC_BEACON);
3272 3273 3274 3275 3276 3277

	mod_timer(&ifsta->timer, jiffies +
			IEEE80211_MESH_HOUSEKEEPING_INTERVAL);
}


3278
void ieee80211_start_mesh(struct ieee80211_sub_if_data *sdata)
3279 3280 3281
{
	struct ieee80211_if_sta *ifsta;
	ifsta = &sdata->u.sta;
3282
	ifsta->state = IEEE80211_STA_MLME_MESH_UP;
3283
	ieee80211_sta_timer((unsigned long)sdata);
L
Luis Carlos Cobo 已提交
3284
	ieee80211_if_config(sdata, IEEE80211_IFCC_BEACON);
3285 3286 3287 3288
}
#endif


3289 3290 3291 3292 3293
void ieee80211_sta_timer(unsigned long data)
{
	struct ieee80211_sub_if_data *sdata =
		(struct ieee80211_sub_if_data *) data;
	struct ieee80211_if_sta *ifsta = &sdata->u.sta;
3294
	struct ieee80211_local *local = sdata->local;
3295 3296 3297 3298 3299 3300 3301 3302 3303

	set_bit(IEEE80211_STA_REQ_RUN, &ifsta->request);
	queue_work(local->hw.workqueue, &ifsta->work);
}

void ieee80211_sta_work(struct work_struct *work)
{
	struct ieee80211_sub_if_data *sdata =
		container_of(work, struct ieee80211_sub_if_data, u.sta.work);
3304
	struct ieee80211_local *local = sdata->local;
3305 3306 3307
	struct ieee80211_if_sta *ifsta;
	struct sk_buff *skb;

3308
	if (!netif_running(sdata->dev))
3309 3310
		return;

Z
Zhu Yi 已提交
3311
	if (local->sta_sw_scanning || local->sta_hw_scanning)
3312 3313
		return;

3314 3315 3316
	if (WARN_ON(sdata->vif.type != IEEE80211_IF_TYPE_STA &&
		    sdata->vif.type != IEEE80211_IF_TYPE_IBSS &&
		    sdata->vif.type != IEEE80211_IF_TYPE_MESH_POINT))
3317 3318 3319 3320
		return;
	ifsta = &sdata->u.sta;

	while ((skb = skb_dequeue(&ifsta->skb_queue)))
3321
		ieee80211_sta_rx_queued_mgmt(sdata, skb);
3322

3323
#ifdef CONFIG_MAC80211_MESH
J
Johannes Berg 已提交
3324 3325 3326
	if (ifsta->preq_queue_len &&
	    time_after(jiffies,
		       ifsta->last_preq + msecs_to_jiffies(ifsta->mshcfg.dot11MeshHWMPpreqMinInterval)))
3327
		mesh_path_start_discovery(sdata);
3328 3329
#endif

3330 3331
	if (ifsta->state != IEEE80211_STA_MLME_AUTHENTICATE &&
	    ifsta->state != IEEE80211_STA_MLME_ASSOCIATE &&
3332
	    test_and_clear_bit(IEEE80211_STA_REQ_SCAN, &ifsta->request)) {
3333
		if (ifsta->scan_ssid_len)
3334
			ieee80211_sta_start_scan(sdata, ifsta->scan_ssid, ifsta->scan_ssid_len);
3335
		else
3336
			ieee80211_sta_start_scan(sdata, NULL, 0);
3337 3338 3339 3340
		return;
	}

	if (test_and_clear_bit(IEEE80211_STA_REQ_AUTH, &ifsta->request)) {
3341
		if (ieee80211_sta_config_auth(sdata, ifsta))
3342 3343 3344 3345 3346 3347
			return;
		clear_bit(IEEE80211_STA_REQ_RUN, &ifsta->request);
	} else if (!test_and_clear_bit(IEEE80211_STA_REQ_RUN, &ifsta->request))
		return;

	switch (ifsta->state) {
3348
	case IEEE80211_STA_MLME_DISABLED:
3349
		break;
3350
	case IEEE80211_STA_MLME_AUTHENTICATE:
3351
		ieee80211_authenticate(sdata, ifsta);
3352
		break;
3353
	case IEEE80211_STA_MLME_ASSOCIATE:
3354
		ieee80211_associate(sdata, ifsta);
3355
		break;
3356
	case IEEE80211_STA_MLME_ASSOCIATED:
3357
		ieee80211_associated(sdata, ifsta);
3358
		break;
3359
	case IEEE80211_STA_MLME_IBSS_SEARCH:
3360
		ieee80211_sta_find_ibss(sdata, ifsta);
3361
		break;
3362
	case IEEE80211_STA_MLME_IBSS_JOINED:
3363
		ieee80211_sta_merge_ibss(sdata, ifsta);
3364
		break;
3365
#ifdef CONFIG_MAC80211_MESH
3366
	case IEEE80211_STA_MLME_MESH_UP:
3367
		ieee80211_mesh_housekeeping(sdata, ifsta);
3368 3369
		break;
#endif
3370
	default:
3371
		WARN_ON(1);
3372 3373 3374
		break;
	}

3375
	if (ieee80211_privacy_mismatch(sdata, ifsta)) {
3376
		printk(KERN_DEBUG "%s: privacy configuration mismatch and "
3377
		       "mixed-cell disabled - disassociate\n", sdata->dev->name);
3378

3379 3380
		ieee80211_send_disassoc(sdata, ifsta, WLAN_REASON_UNSPECIFIED);
		ieee80211_set_disassoc(sdata, ifsta, 0);
3381 3382 3383 3384
	}
}


3385
static void ieee80211_sta_reset_auth(struct ieee80211_sub_if_data *sdata,
3386 3387
				     struct ieee80211_if_sta *ifsta)
{
3388
	struct ieee80211_local *local = sdata->local;
3389 3390 3391 3392 3393 3394 3395 3396 3397 3398 3399 3400 3401 3402 3403 3404 3405 3406

	if (local->ops->reset_tsf) {
		/* Reset own TSF to allow time synchronization work. */
		local->ops->reset_tsf(local_to_hw(local));
	}

	ifsta->wmm_last_param_set = -1; /* allow any WMM update */


	if (ifsta->auth_algs & IEEE80211_AUTH_ALG_OPEN)
		ifsta->auth_alg = WLAN_AUTH_OPEN;
	else if (ifsta->auth_algs & IEEE80211_AUTH_ALG_SHARED_KEY)
		ifsta->auth_alg = WLAN_AUTH_SHARED_KEY;
	else if (ifsta->auth_algs & IEEE80211_AUTH_ALG_LEAP)
		ifsta->auth_alg = WLAN_AUTH_LEAP;
	else
		ifsta->auth_alg = WLAN_AUTH_OPEN;
	ifsta->auth_transaction = -1;
3407 3408
	ifsta->flags &= ~IEEE80211_STA_ASSOCIATED;
	ifsta->auth_tries = ifsta->assoc_tries = 0;
3409
	netif_carrier_off(sdata->dev);
3410 3411 3412
}


3413
void ieee80211_sta_req_auth(struct ieee80211_sub_if_data *sdata,
3414 3415
			    struct ieee80211_if_sta *ifsta)
{
3416
	struct ieee80211_local *local = sdata->local;
3417

3418
	if (sdata->vif.type != IEEE80211_IF_TYPE_STA)
3419 3420
		return;

3421 3422 3423 3424
	if ((ifsta->flags & (IEEE80211_STA_BSSID_SET |
				IEEE80211_STA_AUTO_BSSID_SEL)) &&
	    (ifsta->flags & (IEEE80211_STA_SSID_SET |
				IEEE80211_STA_AUTO_SSID_SEL))) {
3425 3426 3427 3428 3429 3430 3431 3432 3433 3434
		set_bit(IEEE80211_STA_REQ_AUTH, &ifsta->request);
		queue_work(local->hw.workqueue, &ifsta->work);
	}
}

static int ieee80211_sta_match_ssid(struct ieee80211_if_sta *ifsta,
				    const char *ssid, int ssid_len)
{
	int tmp, hidden_ssid;

3435 3436
	if (ssid_len == ifsta->ssid_len &&
	    !memcmp(ifsta->ssid, ssid, ssid_len))
3437 3438
		return 1;

3439
	if (ifsta->flags & IEEE80211_STA_AUTO_BSSID_SEL)
3440 3441 3442 3443 3444 3445 3446 3447 3448 3449 3450 3451 3452 3453 3454 3455 3456 3457 3458 3459
		return 0;

	hidden_ssid = 1;
	tmp = ssid_len;
	while (tmp--) {
		if (ssid[tmp] != '\0') {
			hidden_ssid = 0;
			break;
		}
	}

	if (hidden_ssid && ifsta->ssid_len == ssid_len)
		return 1;

	if (ssid_len == 1 && ssid[0] == ' ')
		return 1;

	return 0;
}

3460
static int ieee80211_sta_config_auth(struct ieee80211_sub_if_data *sdata,
3461 3462
				     struct ieee80211_if_sta *ifsta)
{
3463
	struct ieee80211_local *local = sdata->local;
3464 3465 3466 3467
	struct ieee80211_sta_bss *bss, *selected = NULL;
	int top_rssi = 0, freq;

	spin_lock_bh(&local->sta_bss_lock);
3468
	freq = local->oper_channel->center_freq;
3469 3470 3471 3472
	list_for_each_entry(bss, &local->sta_bss_list, list) {
		if (!(bss->capability & WLAN_CAPABILITY_ESS))
			continue;

3473 3474 3475 3476 3477
		if ((ifsta->flags & (IEEE80211_STA_AUTO_SSID_SEL |
			IEEE80211_STA_AUTO_BSSID_SEL |
			IEEE80211_STA_AUTO_CHANNEL_SEL)) &&
		    (!!(bss->capability & WLAN_CAPABILITY_PRIVACY) ^
		     !!sdata->default_key))
3478 3479
			continue;

3480 3481
		if (!(ifsta->flags & IEEE80211_STA_AUTO_CHANNEL_SEL) &&
		    bss->freq != freq)
3482 3483
			continue;

3484
		if (!(ifsta->flags & IEEE80211_STA_AUTO_BSSID_SEL) &&
3485 3486 3487
		    memcmp(bss->bssid, ifsta->bssid, ETH_ALEN))
			continue;

3488
		if (!(ifsta->flags & IEEE80211_STA_AUTO_SSID_SEL) &&
3489 3490 3491
		    !ieee80211_sta_match_ssid(ifsta, bss->ssid, bss->ssid_len))
			continue;

3492
		if (!selected || top_rssi < bss->signal) {
3493
			selected = bss;
3494
			top_rssi = bss->signal;
3495 3496 3497 3498 3499 3500 3501
		}
	}
	if (selected)
		atomic_inc(&selected->users);
	spin_unlock_bh(&local->sta_bss_lock);

	if (selected) {
3502
		ieee80211_set_freq(sdata, selected->freq);
3503
		if (!(ifsta->flags & IEEE80211_STA_SSID_SET))
3504
			ieee80211_sta_set_ssid(sdata, selected->ssid,
3505
					       selected->ssid_len);
3506 3507
		ieee80211_sta_set_bssid(sdata, selected->bssid);
		ieee80211_sta_def_wmm_params(sdata, selected, 0);
3508
		ieee80211_rx_bss_put(local, selected);
3509
		ifsta->state = IEEE80211_STA_MLME_AUTHENTICATE;
3510
		ieee80211_sta_reset_auth(sdata, ifsta);
3511 3512
		return 0;
	} else {
3513
		if (ifsta->state != IEEE80211_STA_MLME_AUTHENTICATE) {
3514
			if (ifsta->flags & IEEE80211_STA_AUTO_SSID_SEL)
3515
				ieee80211_sta_start_scan(sdata, NULL, 0);
3516
			else
3517
				ieee80211_sta_start_scan(sdata, ifsta->ssid,
3518
							 ifsta->ssid_len);
3519
			ifsta->state = IEEE80211_STA_MLME_AUTHENTICATE;
3520 3521
			set_bit(IEEE80211_STA_REQ_AUTH, &ifsta->request);
		} else
3522
			ifsta->state = IEEE80211_STA_MLME_DISABLED;
3523 3524 3525 3526 3527
	}
	return -1;
}


3528
static int ieee80211_sta_create_ibss(struct ieee80211_sub_if_data *sdata,
3529 3530
				     struct ieee80211_if_sta *ifsta)
{
3531
	struct ieee80211_local *local = sdata->local;
3532
	struct ieee80211_sta_bss *bss;
3533
	struct ieee80211_supported_band *sband;
3534 3535
	u8 bssid[ETH_ALEN], *pos;
	int i;
3536
	int ret;
3537
	DECLARE_MAC_BUF(mac);
3538 3539 3540 3541 3542 3543 3544 3545 3546 3547

#if 0
	/* Easier testing, use fixed BSSID. */
	memset(bssid, 0xfe, ETH_ALEN);
#else
	/* Generate random, not broadcast, locally administered BSSID. Mix in
	 * own MAC address to make sure that devices that do not have proper
	 * random number generator get different BSSID. */
	get_random_bytes(bssid, ETH_ALEN);
	for (i = 0; i < ETH_ALEN; i++)
3548
		bssid[i] ^= sdata->dev->dev_addr[i];
3549 3550 3551 3552
	bssid[0] &= ~0x01;
	bssid[0] |= 0x02;
#endif

3553
	printk(KERN_DEBUG "%s: Creating new IBSS network, BSSID %s\n",
3554
	       sdata->dev->name, print_mac(mac, bssid));
3555

3556
	bss = ieee80211_rx_bss_add(sdata, bssid,
3557
				   local->hw.conf.channel->center_freq,
3558
				   sdata->u.sta.ssid, sdata->u.sta.ssid_len);
3559 3560 3561
	if (!bss)
		return -ENOMEM;

3562 3563
	bss->band = local->hw.conf.channel->band;
	sband = local->hw.wiphy->bands[bss->band];
3564 3565

	if (local->hw.conf.beacon_int == 0)
3566
		local->hw.conf.beacon_int = 100;
3567 3568 3569
	bss->beacon_int = local->hw.conf.beacon_int;
	bss->last_update = jiffies;
	bss->capability = WLAN_CAPABILITY_IBSS;
J
Johannes Berg 已提交
3570 3571

	if (sdata->default_key)
3572
		bss->capability |= WLAN_CAPABILITY_PRIVACY;
J
Johannes Berg 已提交
3573
	else
3574
		sdata->drop_unencrypted = 0;
J
Johannes Berg 已提交
3575

3576
	bss->supp_rates_len = sband->n_bitrates;
3577
	pos = bss->supp_rates;
3578 3579
	for (i = 0; i < sband->n_bitrates; i++) {
		int rate = sband->bitrates[i].bitrate;
3580 3581 3582
		*pos++ = (u8) (rate / 5);
	}

3583
	ret = ieee80211_sta_join_ibss(sdata, ifsta, bss);
3584
	ieee80211_rx_bss_put(local, bss);
3585
	return ret;
3586 3587 3588
}


3589
static int ieee80211_sta_find_ibss(struct ieee80211_sub_if_data *sdata,
3590 3591
				   struct ieee80211_if_sta *ifsta)
{
3592
	struct ieee80211_local *local = sdata->local;
3593 3594 3595 3596
	struct ieee80211_sta_bss *bss;
	int found = 0;
	u8 bssid[ETH_ALEN];
	int active_ibss;
3597 3598
	DECLARE_MAC_BUF(mac);
	DECLARE_MAC_BUF(mac2);
3599 3600 3601 3602

	if (ifsta->ssid_len == 0)
		return -EINVAL;

3603
	active_ibss = ieee80211_sta_active_ibss(sdata);
3604 3605
#ifdef CONFIG_MAC80211_IBSS_DEBUG
	printk(KERN_DEBUG "%s: sta_find_ibss (active_ibss=%d)\n",
3606
	       sdata->dev->name, active_ibss);
3607 3608 3609 3610 3611 3612 3613 3614
#endif /* CONFIG_MAC80211_IBSS_DEBUG */
	spin_lock_bh(&local->sta_bss_lock);
	list_for_each_entry(bss, &local->sta_bss_list, list) {
		if (ifsta->ssid_len != bss->ssid_len ||
		    memcmp(ifsta->ssid, bss->ssid, bss->ssid_len) != 0
		    || !(bss->capability & WLAN_CAPABILITY_IBSS))
			continue;
#ifdef CONFIG_MAC80211_IBSS_DEBUG
3615 3616
		printk(KERN_DEBUG "   bssid=%s found\n",
		       print_mac(mac, bss->bssid));
3617 3618 3619 3620 3621 3622 3623 3624 3625
#endif /* CONFIG_MAC80211_IBSS_DEBUG */
		memcpy(bssid, bss->bssid, ETH_ALEN);
		found = 1;
		if (active_ibss || memcmp(bssid, ifsta->bssid, ETH_ALEN) != 0)
			break;
	}
	spin_unlock_bh(&local->sta_bss_lock);

#ifdef CONFIG_MAC80211_IBSS_DEBUG
3626 3627 3628 3629
	if (found)
		printk(KERN_DEBUG "   sta_find_ibss: selected %s current "
		       "%s\n", print_mac(mac, bssid),
		       print_mac(mac2, ifsta->bssid));
3630
#endif /* CONFIG_MAC80211_IBSS_DEBUG */
3631 3632

	if (found && memcmp(ifsta->bssid, bssid, ETH_ALEN) != 0) {
3633
		int ret;
3634 3635 3636 3637 3638 3639 3640
		int search_freq;

		if (ifsta->flags & IEEE80211_STA_AUTO_CHANNEL_SEL)
			search_freq = bss->freq;
		else
			search_freq = local->hw.conf.channel->center_freq;

3641
		bss = ieee80211_rx_bss_get(local, bssid, search_freq,
3642 3643 3644 3645
					   ifsta->ssid, ifsta->ssid_len);
		if (!bss)
			goto dont_join;

3646
		printk(KERN_DEBUG "%s: Selected IBSS BSSID %s"
3647
		       " based on configured SSID\n",
3648 3649
		       sdata->dev->name, print_mac(mac, bssid));
		ret = ieee80211_sta_join_ibss(sdata, ifsta, bss);
3650
		ieee80211_rx_bss_put(local, bss);
3651
		return ret;
3652
	}
3653 3654

dont_join:
3655 3656 3657 3658 3659
#ifdef CONFIG_MAC80211_IBSS_DEBUG
	printk(KERN_DEBUG "   did not try to join ibss\n");
#endif /* CONFIG_MAC80211_IBSS_DEBUG */

	/* Selected IBSS not found in current scan results - try to scan */
3660
	if (ifsta->state == IEEE80211_STA_MLME_IBSS_JOINED &&
3661
	    !ieee80211_sta_active_ibss(sdata)) {
3662 3663 3664 3665 3666
		mod_timer(&ifsta->timer, jiffies +
				      IEEE80211_IBSS_MERGE_INTERVAL);
	} else if (time_after(jiffies, local->last_scan_completed +
			      IEEE80211_SCAN_INTERVAL)) {
		printk(KERN_DEBUG "%s: Trigger new scan to find an IBSS to "
3667 3668
		       "join\n", sdata->dev->name);
		return ieee80211_sta_req_scan(sdata, ifsta->ssid,
3669
					      ifsta->ssid_len);
3670
	} else if (ifsta->state != IEEE80211_STA_MLME_IBSS_JOINED) {
3671 3672 3673 3674
		int interval = IEEE80211_SCAN_INTERVAL;

		if (time_after(jiffies, ifsta->ibss_join_req +
			       IEEE80211_IBSS_JOIN_TIMEOUT)) {
3675
			if ((ifsta->flags & IEEE80211_STA_CREATE_IBSS) &&
3676 3677
			    (!(local->oper_channel->flags &
					IEEE80211_CHAN_NO_IBSS)))
3678
				return ieee80211_sta_create_ibss(sdata, ifsta);
3679
			if (ifsta->flags & IEEE80211_STA_CREATE_IBSS) {
3680
				printk(KERN_DEBUG "%s: IBSS not allowed on"
3681
				       " %d MHz\n", sdata->dev->name,
3682
				       local->hw.conf.channel->center_freq);
3683 3684 3685 3686 3687 3688 3689
			}

			/* No IBSS found - decrease scan interval and continue
			 * scanning. */
			interval = IEEE80211_SCAN_INTERVAL_SLOW;
		}

3690
		ifsta->state = IEEE80211_STA_MLME_IBSS_SEARCH;
3691 3692 3693 3694 3695 3696 3697 3698
		mod_timer(&ifsta->timer, jiffies + interval);
		return 0;
	}

	return 0;
}


3699
int ieee80211_sta_set_ssid(struct ieee80211_sub_if_data *sdata, char *ssid, size_t len)
3700 3701
{
	struct ieee80211_if_sta *ifsta;
3702
	int res;
3703 3704 3705 3706 3707 3708

	if (len > IEEE80211_MAX_SSID_LEN)
		return -EINVAL;

	ifsta = &sdata->u.sta;

3709 3710 3711 3712
	if (ifsta->ssid_len != len || memcmp(ifsta->ssid, ssid, len) != 0) {
		memset(ifsta->ssid, 0, sizeof(ifsta->ssid));
		memcpy(ifsta->ssid, ssid, len);
		ifsta->ssid_len = len;
3713
		ifsta->flags &= ~IEEE80211_STA_PREV_BSSID_SET;
3714 3715 3716 3717 3718 3719 3720 3721 3722 3723

		res = 0;
		/*
		 * Hack! MLME code needs to be cleaned up to have different
		 * entry points for configuration and internal selection change
		 */
		if (netif_running(sdata->dev))
			res = ieee80211_if_config(sdata, IEEE80211_IFCC_SSID);
		if (res) {
			printk(KERN_DEBUG "%s: Failed to config new SSID to "
3724
			       "the low-level driver\n", sdata->dev->name);
3725 3726 3727
			return res;
		}
	}
3728

3729 3730 3731 3732
	if (len)
		ifsta->flags |= IEEE80211_STA_SSID_SET;
	else
		ifsta->flags &= ~IEEE80211_STA_SSID_SET;
3733

3734
	if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS &&
3735
	    !(ifsta->flags & IEEE80211_STA_BSSID_SET)) {
3736
		ifsta->ibss_join_req = jiffies;
3737
		ifsta->state = IEEE80211_STA_MLME_IBSS_SEARCH;
3738
		return ieee80211_sta_find_ibss(sdata, ifsta);
3739
	}
3740

3741 3742 3743 3744
	return 0;
}


3745
int ieee80211_sta_get_ssid(struct ieee80211_sub_if_data *sdata, char *ssid, size_t *len)
3746 3747 3748 3749 3750 3751 3752 3753
{
	struct ieee80211_if_sta *ifsta = &sdata->u.sta;
	memcpy(ssid, ifsta->ssid, ifsta->ssid_len);
	*len = ifsta->ssid_len;
	return 0;
}


3754
int ieee80211_sta_set_bssid(struct ieee80211_sub_if_data *sdata, u8 *bssid)
3755 3756 3757 3758 3759 3760 3761 3762
{
	struct ieee80211_if_sta *ifsta;
	int res;

	ifsta = &sdata->u.sta;

	if (memcmp(ifsta->bssid, bssid, ETH_ALEN) != 0) {
		memcpy(ifsta->bssid, bssid, ETH_ALEN);
3763 3764 3765 3766 3767 3768
		res = 0;
		/*
		 * Hack! See also ieee80211_sta_set_ssid.
		 */
		if (netif_running(sdata->dev))
			res = ieee80211_if_config(sdata, IEEE80211_IFCC_BSSID);
3769 3770
		if (res) {
			printk(KERN_DEBUG "%s: Failed to config new BSSID to "
3771
			       "the low-level driver\n", sdata->dev->name);
3772 3773 3774 3775
			return res;
		}
	}

3776 3777
	if (is_valid_ether_addr(bssid))
		ifsta->flags |= IEEE80211_STA_BSSID_SET;
3778
	else
3779 3780
		ifsta->flags &= ~IEEE80211_STA_BSSID_SET;

3781 3782 3783 3784 3785 3786 3787 3788 3789 3790
	return 0;
}


static void ieee80211_send_nullfunc(struct ieee80211_local *local,
				    struct ieee80211_sub_if_data *sdata,
				    int powersave)
{
	struct sk_buff *skb;
	struct ieee80211_hdr *nullfunc;
3791
	__le16 fc;
3792 3793 3794 3795 3796 3797 3798 3799 3800 3801 3802

	skb = dev_alloc_skb(local->hw.extra_tx_headroom + 24);
	if (!skb) {
		printk(KERN_DEBUG "%s: failed to allocate buffer for nullfunc "
		       "frame\n", sdata->dev->name);
		return;
	}
	skb_reserve(skb, local->hw.extra_tx_headroom);

	nullfunc = (struct ieee80211_hdr *) skb_put(skb, 24);
	memset(nullfunc, 0, 24);
3803 3804
	fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC |
			 IEEE80211_FCTL_TODS);
3805
	if (powersave)
3806 3807
		fc |= cpu_to_le16(IEEE80211_FCTL_PM);
	nullfunc->frame_control = fc;
3808 3809 3810 3811
	memcpy(nullfunc->addr1, sdata->u.sta.bssid, ETH_ALEN);
	memcpy(nullfunc->addr2, sdata->dev->dev_addr, ETH_ALEN);
	memcpy(nullfunc->addr3, sdata->u.sta.bssid, ETH_ALEN);

3812
	ieee80211_sta_tx(sdata, skb, 0);
3813 3814 3815
}


3816 3817 3818 3819 3820 3821 3822
static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata)
{
	if (sdata->vif.type == IEEE80211_IF_TYPE_STA ||
	    ieee80211_vif_is_mesh(&sdata->vif))
		ieee80211_sta_timer((unsigned long)sdata);
}

3823 3824 3825 3826 3827 3828 3829 3830
void ieee80211_scan_completed(struct ieee80211_hw *hw)
{
	struct ieee80211_local *local = hw_to_local(hw);
	struct net_device *dev = local->scan_dev;
	struct ieee80211_sub_if_data *sdata;
	union iwreq_data wrqu;

	local->last_scan_completed = jiffies;
Z
Zhu Yi 已提交
3831 3832
	memset(&wrqu, 0, sizeof(wrqu));
	wireless_send_event(dev, SIOCGIWSCAN, &wrqu, NULL);
3833

Z
Zhu Yi 已提交
3834 3835
	if (local->sta_hw_scanning) {
		local->sta_hw_scanning = 0;
3836 3837 3838
		if (ieee80211_hw_config(local))
			printk(KERN_DEBUG "%s: failed to restore operational "
			       "channel after scan\n", dev->name);
3839 3840 3841 3842 3843 3844
		/* Restart STA timer for HW scan case */
		rcu_read_lock();
		list_for_each_entry_rcu(sdata, &local->interfaces, list)
			ieee80211_restart_sta_timer(sdata);
		rcu_read_unlock();

Z
Zhu Yi 已提交
3845 3846 3847 3848
		goto done;
	}

	local->sta_sw_scanning = 0;
3849
	if (ieee80211_hw_config(local))
3850
		printk(KERN_DEBUG "%s: failed to restore operational "
3851 3852
		       "channel after scan\n", dev->name);

3853 3854

	netif_tx_lock_bh(local->mdev);
3855
	netif_addr_lock(local->mdev);
3856 3857 3858 3859 3860 3861 3862
	local->filter_flags &= ~FIF_BCN_PRBRESP_PROMISC;
	local->ops->configure_filter(local_to_hw(local),
				     FIF_BCN_PRBRESP_PROMISC,
				     &local->filter_flags,
				     local->mdev->mc_count,
				     local->mdev->mc_list);

3863
	netif_addr_unlock(local->mdev);
3864
	netif_tx_unlock_bh(local->mdev);
3865

3866 3867
	rcu_read_lock();
	list_for_each_entry_rcu(sdata, &local->interfaces, list) {
3868 3869 3870 3871
		/* Tell AP we're back */
		if (sdata->vif.type == IEEE80211_IF_TYPE_STA &&
		    sdata->u.sta.flags & IEEE80211_STA_ASSOCIATED)
			ieee80211_send_nullfunc(local, sdata, 0);
3872

3873
		ieee80211_restart_sta_timer(sdata);
3874

3875 3876
		netif_wake_queue(sdata->dev);
	}
3877
	rcu_read_unlock();
3878

Z
Zhu Yi 已提交
3879
done:
3880
	sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3881
	if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS) {
3882
		struct ieee80211_if_sta *ifsta = &sdata->u.sta;
3883
		if (!(ifsta->flags & IEEE80211_STA_BSSID_SET) ||
3884
		    (!(ifsta->state == IEEE80211_STA_MLME_IBSS_JOINED) &&
3885 3886
		    !ieee80211_sta_active_ibss(sdata)))
			ieee80211_sta_find_ibss(sdata, ifsta);
3887 3888 3889 3890 3891 3892 3893 3894 3895 3896
	}
}
EXPORT_SYMBOL(ieee80211_scan_completed);

void ieee80211_sta_scan_work(struct work_struct *work)
{
	struct ieee80211_local *local =
		container_of(work, struct ieee80211_local, scan_work.work);
	struct net_device *dev = local->scan_dev;
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3897
	struct ieee80211_supported_band *sband;
3898 3899 3900 3901
	struct ieee80211_channel *chan;
	int skip;
	unsigned long next_delay = 0;

Z
Zhu Yi 已提交
3902
	if (!local->sta_sw_scanning)
3903 3904 3905 3906
		return;

	switch (local->scan_state) {
	case SCAN_SET_CHANNEL:
3907 3908 3909 3910 3911
		/*
		 * Get current scan band. scan_band may be IEEE80211_NUM_BANDS
		 * after we successfully scanned the last channel of the last
		 * band (and the last band is supported by the hw)
		 */
3912 3913 3914 3915 3916
		if (local->scan_band < IEEE80211_NUM_BANDS)
			sband = local->hw.wiphy->bands[local->scan_band];
		else
			sband = NULL;

3917 3918 3919 3920 3921
		/*
		 * If we are at an unsupported band and have more bands
		 * left to scan, advance to the next supported one.
		 */
		while (!sband && local->scan_band < IEEE80211_NUM_BANDS - 1) {
3922 3923 3924 3925 3926
			local->scan_band++;
			sband = local->hw.wiphy->bands[local->scan_band];
			local->scan_channel_idx = 0;
		}

3927 3928
		/* if no more bands/channels left, complete scan */
		if (!sband || local->scan_channel_idx >= sband->n_channels) {
3929 3930 3931
			ieee80211_scan_completed(local_to_hw(local));
			return;
		}
3932 3933 3934 3935
		skip = 0;
		chan = &sband->channels[local->scan_channel_idx];

		if (chan->flags & IEEE80211_CHAN_DISABLED ||
3936
		    (sdata->vif.type == IEEE80211_IF_TYPE_IBSS &&
3937
		     chan->flags & IEEE80211_CHAN_NO_IBSS))
3938 3939 3940 3941 3942
			skip = 1;

		if (!skip) {
			local->scan_channel = chan;
			if (ieee80211_hw_config(local)) {
3943 3944 3945
				printk(KERN_DEBUG "%s: failed to set freq to "
				       "%d MHz for scan\n", dev->name,
				       chan->center_freq);
3946 3947 3948 3949
				skip = 1;
			}
		}

3950
		/* advance state machine to next channel/band */
3951
		local->scan_channel_idx++;
3952
		if (local->scan_channel_idx >= sband->n_channels) {
3953 3954 3955 3956 3957
			/*
			 * scan_band may end up == IEEE80211_NUM_BANDS, but
			 * we'll catch that case above and complete the scan
			 * if that is the case.
			 */
3958 3959
			local->scan_band++;
			local->scan_channel_idx = 0;
3960 3961 3962 3963 3964 3965 3966 3967 3968 3969
		}

		if (skip)
			break;

		next_delay = IEEE80211_PROBE_DELAY +
			     usecs_to_jiffies(local->hw.channel_change_time);
		local->scan_state = SCAN_SEND_PROBE;
		break;
	case SCAN_SEND_PROBE:
3970
		next_delay = IEEE80211_PASSIVE_CHANNEL_TIME;
3971
		local->scan_state = SCAN_SET_CHANNEL;
3972 3973 3974

		if (local->scan_channel->flags & IEEE80211_CHAN_PASSIVE_SCAN)
			break;
3975
		ieee80211_send_probe_req(sdata, NULL, local->scan_ssid,
3976 3977
					 local->scan_ssid_len);
		next_delay = IEEE80211_CHANNEL_TIME;
3978 3979 3980
		break;
	}

Z
Zhu Yi 已提交
3981
	if (local->sta_sw_scanning)
3982 3983 3984 3985 3986
		queue_delayed_work(local->hw.workqueue, &local->scan_work,
				   next_delay);
}


3987
static int ieee80211_sta_start_scan(struct ieee80211_sub_if_data *scan_sdata,
3988 3989
				    u8 *ssid, size_t ssid_len)
{
3990
	struct ieee80211_local *local = scan_sdata->local;
3991 3992 3993 3994 3995 3996 3997 3998 3999 4000 4001 4002 4003 4004 4005 4006 4007 4008 4009 4010 4011 4012
	struct ieee80211_sub_if_data *sdata;

	if (ssid_len > IEEE80211_MAX_SSID_LEN)
		return -EINVAL;

	/* MLME-SCAN.request (page 118)  page 144 (11.1.3.1)
	 * BSSType: INFRASTRUCTURE, INDEPENDENT, ANY_BSS
	 * BSSID: MACAddress
	 * SSID
	 * ScanType: ACTIVE, PASSIVE
	 * ProbeDelay: delay (in microseconds) to be used prior to transmitting
	 *    a Probe frame during active scanning
	 * ChannelList
	 * MinChannelTime (>= ProbeDelay), in TU
	 * MaxChannelTime: (>= MinChannelTime), in TU
	 */

	 /* MLME-SCAN.confirm
	  * BSSDescriptionSet
	  * ResultCode: SUCCESS, INVALID_PARAMETERS
	 */

Z
Zhu Yi 已提交
4013
	if (local->sta_sw_scanning || local->sta_hw_scanning) {
4014
		if (local->scan_dev == scan_sdata->dev)
4015 4016 4017 4018 4019 4020
			return 0;
		return -EBUSY;
	}

	if (local->ops->hw_scan) {
		int rc = local->ops->hw_scan(local_to_hw(local),
Z
Zhu Yi 已提交
4021
					     ssid, ssid_len);
4022
		if (!rc) {
Z
Zhu Yi 已提交
4023
			local->sta_hw_scanning = 1;
4024
			local->scan_dev = scan_sdata->dev;
4025 4026 4027 4028
		}
		return rc;
	}

Z
Zhu Yi 已提交
4029
	local->sta_sw_scanning = 1;
4030

4031 4032
	rcu_read_lock();
	list_for_each_entry_rcu(sdata, &local->interfaces, list) {
4033
		netif_stop_queue(sdata->dev);
4034
		if (sdata->vif.type == IEEE80211_IF_TYPE_STA &&
4035
		    (sdata->u.sta.flags & IEEE80211_STA_ASSOCIATED))
4036 4037
			ieee80211_send_nullfunc(local, sdata, 1);
	}
4038
	rcu_read_unlock();
4039 4040 4041 4042 4043 4044 4045 4046

	if (ssid) {
		local->scan_ssid_len = ssid_len;
		memcpy(local->scan_ssid, ssid, ssid_len);
	} else
		local->scan_ssid_len = 0;
	local->scan_state = SCAN_SET_CHANNEL;
	local->scan_channel_idx = 0;
4047
	local->scan_band = IEEE80211_BAND_2GHZ;
4048
	local->scan_dev = scan_sdata->dev;
4049

4050
	netif_addr_lock_bh(local->mdev);
4051 4052 4053 4054 4055 4056
	local->filter_flags |= FIF_BCN_PRBRESP_PROMISC;
	local->ops->configure_filter(local_to_hw(local),
				     FIF_BCN_PRBRESP_PROMISC,
				     &local->filter_flags,
				     local->mdev->mc_count,
				     local->mdev->mc_list);
4057
	netif_addr_unlock_bh(local->mdev);
4058 4059 4060 4061 4062 4063 4064 4065 4066

	/* TODO: start scan as soon as all nullfunc frames are ACKed */
	queue_delayed_work(local->hw.workqueue, &local->scan_work,
			   IEEE80211_CHANNEL_TIME);

	return 0;
}


4067
int ieee80211_sta_req_scan(struct ieee80211_sub_if_data *sdata, u8 *ssid, size_t ssid_len)
4068 4069
{
	struct ieee80211_if_sta *ifsta = &sdata->u.sta;
4070
	struct ieee80211_local *local = sdata->local;
4071

4072
	if (sdata->vif.type != IEEE80211_IF_TYPE_STA)
4073
		return ieee80211_sta_start_scan(sdata, ssid, ssid_len);
4074

Z
Zhu Yi 已提交
4075
	if (local->sta_sw_scanning || local->sta_hw_scanning) {
4076
		if (local->scan_dev == sdata->dev)
4077 4078 4079 4080
			return 0;
		return -EBUSY;
	}

4081 4082 4083
	ifsta->scan_ssid_len = ssid_len;
	if (ssid_len)
		memcpy(ifsta->scan_ssid, ssid, ssid_len);
4084 4085 4086 4087 4088 4089
	set_bit(IEEE80211_STA_REQ_SCAN, &ifsta->request);
	queue_work(local->hw.workqueue, &ifsta->work);
	return 0;
}

static char *
4090
ieee80211_sta_scan_result(struct ieee80211_local *local,
4091
			  struct iw_request_info *info,
4092 4093 4094 4095 4096 4097 4098 4099 4100 4101 4102 4103 4104
			  struct ieee80211_sta_bss *bss,
			  char *current_ev, char *end_buf)
{
	struct iw_event iwe;

	if (time_after(jiffies,
		       bss->last_update + IEEE80211_SCAN_RESULT_EXPIRE))
		return current_ev;

	memset(&iwe, 0, sizeof(iwe));
	iwe.cmd = SIOCGIWAP;
	iwe.u.ap_addr.sa_family = ARPHRD_ETHER;
	memcpy(iwe.u.ap_addr.sa_data, bss->bssid, ETH_ALEN);
4105
	current_ev = iwe_stream_add_event(info, current_ev, end_buf, &iwe,
4106 4107 4108 4109
					  IW_EV_ADDR_LEN);

	memset(&iwe, 0, sizeof(iwe));
	iwe.cmd = SIOCGIWESSID;
J
Johannes Berg 已提交
4110 4111
	if (bss_mesh_cfg(bss)) {
		iwe.u.data.length = bss_mesh_id_len(bss);
4112
		iwe.u.data.flags = 1;
4113 4114
		current_ev = iwe_stream_add_point(info, current_ev, end_buf,
						  &iwe, bss_mesh_id(bss));
4115 4116 4117
	} else {
		iwe.u.data.length = bss->ssid_len;
		iwe.u.data.flags = 1;
4118 4119
		current_ev = iwe_stream_add_point(info, current_ev, end_buf,
						  &iwe, bss->ssid);
4120
	}
4121

4122 4123
	if (bss->capability & (WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_IBSS)
	    || bss_mesh_cfg(bss)) {
4124 4125
		memset(&iwe, 0, sizeof(iwe));
		iwe.cmd = SIOCGIWMODE;
J
Johannes Berg 已提交
4126
		if (bss_mesh_cfg(bss))
4127 4128
			iwe.u.mode = IW_MODE_MESH;
		else if (bss->capability & WLAN_CAPABILITY_ESS)
4129 4130 4131
			iwe.u.mode = IW_MODE_MASTER;
		else
			iwe.u.mode = IW_MODE_ADHOC;
4132 4133
		current_ev = iwe_stream_add_event(info, current_ev, end_buf,
						  &iwe, IW_EV_UINT_LEN);
4134 4135 4136 4137
	}

	memset(&iwe, 0, sizeof(iwe));
	iwe.cmd = SIOCGIWFREQ;
4138 4139
	iwe.u.freq.m = ieee80211_frequency_to_channel(bss->freq);
	iwe.u.freq.e = 0;
4140
	current_ev = iwe_stream_add_event(info, current_ev, end_buf, &iwe,
4141
					  IW_EV_FREQ_LEN);
4142 4143 4144

	memset(&iwe, 0, sizeof(iwe));
	iwe.cmd = SIOCGIWFREQ;
4145 4146
	iwe.u.freq.m = bss->freq;
	iwe.u.freq.e = 6;
4147
	current_ev = iwe_stream_add_event(info, current_ev, end_buf, &iwe,
4148 4149 4150
					  IW_EV_FREQ_LEN);
	memset(&iwe, 0, sizeof(iwe));
	iwe.cmd = IWEVQUAL;
4151 4152
	iwe.u.qual.qual = bss->qual;
	iwe.u.qual.level = bss->signal;
4153 4154
	iwe.u.qual.noise = bss->noise;
	iwe.u.qual.updated = local->wstats_flags;
4155
	current_ev = iwe_stream_add_event(info, current_ev, end_buf, &iwe,
4156 4157 4158 4159 4160 4161 4162 4163 4164
					  IW_EV_QUAL_LEN);

	memset(&iwe, 0, sizeof(iwe));
	iwe.cmd = SIOCGIWENCODE;
	if (bss->capability & WLAN_CAPABILITY_PRIVACY)
		iwe.u.data.flags = IW_ENCODE_ENABLED | IW_ENCODE_NOKEY;
	else
		iwe.u.data.flags = IW_ENCODE_DISABLED;
	iwe.u.data.length = 0;
4165 4166
	current_ev = iwe_stream_add_point(info, current_ev, end_buf,
					  &iwe, "");
4167 4168 4169 4170 4171

	if (bss && bss->wpa_ie) {
		memset(&iwe, 0, sizeof(iwe));
		iwe.cmd = IWEVGENIE;
		iwe.u.data.length = bss->wpa_ie_len;
4172 4173
		current_ev = iwe_stream_add_point(info, current_ev, end_buf,
						  &iwe, bss->wpa_ie);
4174 4175 4176 4177 4178 4179
	}

	if (bss && bss->rsn_ie) {
		memset(&iwe, 0, sizeof(iwe));
		iwe.cmd = IWEVGENIE;
		iwe.u.data.length = bss->rsn_ie_len;
4180 4181
		current_ev = iwe_stream_add_point(info, current_ev, end_buf,
						  &iwe, bss->rsn_ie);
4182 4183
	}

4184 4185 4186 4187
	if (bss && bss->ht_ie) {
		memset(&iwe, 0, sizeof(iwe));
		iwe.cmd = IWEVGENIE;
		iwe.u.data.length = bss->ht_ie_len;
4188 4189
		current_ev = iwe_stream_add_point(info, current_ev, end_buf,
						  &iwe, bss->ht_ie);
4190 4191
	}

4192 4193
	if (bss && bss->supp_rates_len > 0) {
		/* display all supported rates in readable format */
4194
		char *p = current_ev + iwe_stream_lcp_len(info);
4195 4196 4197 4198 4199 4200 4201 4202 4203 4204
		int i;

		memset(&iwe, 0, sizeof(iwe));
		iwe.cmd = SIOCGIWRATE;
		/* Those two flags are ignored... */
		iwe.u.bitrate.fixed = iwe.u.bitrate.disabled = 0;

		for (i = 0; i < bss->supp_rates_len; i++) {
			iwe.u.bitrate.value = ((bss->supp_rates[i] &
							0x7f) * 500000);
4205
			p = iwe_stream_add_value(info, current_ev, p,
4206 4207 4208 4209 4210 4211 4212 4213 4214 4215 4216 4217 4218
					end_buf, &iwe, IW_EV_PARAM_LEN);
		}
		current_ev = p;
	}

	if (bss) {
		char *buf;
		buf = kmalloc(30, GFP_ATOMIC);
		if (buf) {
			memset(&iwe, 0, sizeof(iwe));
			iwe.cmd = IWEVCUSTOM;
			sprintf(buf, "tsf=%016llx", (unsigned long long)(bss->timestamp));
			iwe.u.data.length = strlen(buf);
4219 4220
			current_ev = iwe_stream_add_point(info, current_ev,
							  end_buf,
4221
							  &iwe, buf);
4222 4223 4224 4225 4226 4227 4228
			memset(&iwe, 0, sizeof(iwe));
			iwe.cmd = IWEVCUSTOM;
			sprintf(buf, " Last beacon: %dms ago",
				jiffies_to_msecs(jiffies - bss->last_update));
			iwe.u.data.length = strlen(buf);
			current_ev = iwe_stream_add_point(info, current_ev,
							  end_buf, &iwe, buf);
4229 4230 4231 4232
			kfree(buf);
		}
	}

J
Johannes Berg 已提交
4233
	if (bss_mesh_cfg(bss)) {
4234
		char *buf;
4235
		u8 *cfg = bss_mesh_cfg(bss);
4236
		buf = kmalloc(50, GFP_ATOMIC);
4237 4238 4239
		if (buf) {
			memset(&iwe, 0, sizeof(iwe));
			iwe.cmd = IWEVCUSTOM;
4240
			sprintf(buf, "Mesh network (version %d)", cfg[0]);
4241
			iwe.u.data.length = strlen(buf);
4242 4243
			current_ev = iwe_stream_add_point(info, current_ev,
							  end_buf,
4244 4245
							  &iwe, buf);
			sprintf(buf, "Path Selection Protocol ID: "
4246 4247
				"0x%02X%02X%02X%02X", cfg[1], cfg[2], cfg[3],
							cfg[4]);
4248
			iwe.u.data.length = strlen(buf);
4249 4250
			current_ev = iwe_stream_add_point(info, current_ev,
							  end_buf,
4251 4252
							  &iwe, buf);
			sprintf(buf, "Path Selection Metric ID: "
4253 4254
				"0x%02X%02X%02X%02X", cfg[5], cfg[6], cfg[7],
							cfg[8]);
4255
			iwe.u.data.length = strlen(buf);
4256 4257
			current_ev = iwe_stream_add_point(info, current_ev,
							  end_buf,
4258 4259
							  &iwe, buf);
			sprintf(buf, "Congestion Control Mode ID: "
4260 4261
				"0x%02X%02X%02X%02X", cfg[9], cfg[10],
							cfg[11], cfg[12]);
4262
			iwe.u.data.length = strlen(buf);
4263 4264
			current_ev = iwe_stream_add_point(info, current_ev,
							  end_buf,
4265 4266
							  &iwe, buf);
			sprintf(buf, "Channel Precedence: "
4267 4268
				"0x%02X%02X%02X%02X", cfg[13], cfg[14],
							cfg[15], cfg[16]);
4269
			iwe.u.data.length = strlen(buf);
4270 4271
			current_ev = iwe_stream_add_point(info, current_ev,
							  end_buf,
4272 4273 4274 4275 4276
							  &iwe, buf);
			kfree(buf);
		}
	}

4277 4278 4279 4280
	return current_ev;
}


4281
int ieee80211_sta_scan_results(struct ieee80211_local *local,
4282 4283
			       struct iw_request_info *info,
			       char *buf, size_t len)
4284 4285 4286 4287 4288 4289 4290 4291 4292 4293 4294
{
	char *current_ev = buf;
	char *end_buf = buf + len;
	struct ieee80211_sta_bss *bss;

	spin_lock_bh(&local->sta_bss_lock);
	list_for_each_entry(bss, &local->sta_bss_list, list) {
		if (buf + len - current_ev <= IW_EV_ADDR_LEN) {
			spin_unlock_bh(&local->sta_bss_lock);
			return -E2BIG;
		}
4295
		current_ev = ieee80211_sta_scan_result(local, info, bss,
4296
						       current_ev, end_buf);
4297 4298 4299 4300 4301 4302
	}
	spin_unlock_bh(&local->sta_bss_lock);
	return current_ev - buf;
}


4303
int ieee80211_sta_set_extra_ie(struct ieee80211_sub_if_data *sdata, char *ie, size_t len)
4304 4305
{
	struct ieee80211_if_sta *ifsta = &sdata->u.sta;
J
Johannes Berg 已提交
4306

4307 4308 4309 4310 4311 4312 4313 4314 4315 4316 4317 4318 4319 4320 4321 4322 4323
	kfree(ifsta->extra_ie);
	if (len == 0) {
		ifsta->extra_ie = NULL;
		ifsta->extra_ie_len = 0;
		return 0;
	}
	ifsta->extra_ie = kmalloc(len, GFP_KERNEL);
	if (!ifsta->extra_ie) {
		ifsta->extra_ie_len = 0;
		return -ENOMEM;
	}
	memcpy(ifsta->extra_ie, ie, len);
	ifsta->extra_ie_len = len;
	return 0;
}


4324
struct sta_info *ieee80211_ibss_add_sta(struct ieee80211_sub_if_data *sdata,
J
Johannes Berg 已提交
4325
					struct sk_buff *skb, u8 *bssid,
4326
					u8 *addr, u64 supp_rates)
4327
{
4328
	struct ieee80211_local *local = sdata->local;
4329
	struct sta_info *sta;
4330
	DECLARE_MAC_BUF(mac);
4331
	int band = local->hw.conf.channel->band;
4332 4333 4334 4335 4336 4337

	/* TODO: Could consider removing the least recently used entry and
	 * allow new one to be added. */
	if (local->num_sta >= IEEE80211_IBSS_MAX_STA_ENTRIES) {
		if (net_ratelimit()) {
			printk(KERN_DEBUG "%s: No room for a new IBSS STA "
4338
			       "entry %s\n", sdata->dev->name, print_mac(mac, addr));
4339 4340 4341 4342
		}
		return NULL;
	}

4343
	if (compare_ether_addr(bssid, sdata->u.sta.bssid))
4344 4345
		return NULL;

4346
#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
4347
	printk(KERN_DEBUG "%s: Adding new IBSS station %s (dev=%s)\n",
4348
	       wiphy_name(local->hw.wiphy), print_mac(mac, addr), sdata->dev->name);
4349
#endif
4350

J
Johannes Berg 已提交
4351 4352
	sta = sta_info_alloc(sdata, addr, GFP_ATOMIC);
	if (!sta)
4353 4354
		return NULL;

4355
	set_sta_flags(sta, WLAN_STA_AUTHORIZED);
4356

4357 4358 4359 4360
	if (supp_rates)
		sta->supp_rates[band] = supp_rates;
	else
		sta->supp_rates[band] = sdata->u.sta.supp_rates_bits[band];
4361 4362 4363

	rate_control_rate_init(sta, local);

4364
	if (sta_info_insert(sta))
J
Johannes Berg 已提交
4365 4366
		return NULL;

4367
	return sta;
4368 4369 4370
}


4371
int ieee80211_sta_deauthenticate(struct ieee80211_sub_if_data *sdata, u16 reason)
4372 4373 4374
{
	struct ieee80211_if_sta *ifsta = &sdata->u.sta;

4375
	printk(KERN_DEBUG "%s: deauthenticating by local choice (reason=%d)\n",
4376
	       sdata->dev->name, reason);
4377

4378 4379
	if (sdata->vif.type != IEEE80211_IF_TYPE_STA &&
	    sdata->vif.type != IEEE80211_IF_TYPE_IBSS)
4380 4381
		return -EINVAL;

4382 4383
	ieee80211_send_deauth(sdata, ifsta, reason);
	ieee80211_set_disassoc(sdata, ifsta, 1);
4384 4385 4386 4387
	return 0;
}


4388
int ieee80211_sta_disassociate(struct ieee80211_sub_if_data *sdata, u16 reason)
4389 4390 4391
{
	struct ieee80211_if_sta *ifsta = &sdata->u.sta;

4392
	printk(KERN_DEBUG "%s: disassociating by local choice (reason=%d)\n",
4393
	       sdata->dev->name, reason);
4394

4395
	if (sdata->vif.type != IEEE80211_IF_TYPE_STA)
4396 4397
		return -EINVAL;

4398
	if (!(ifsta->flags & IEEE80211_STA_ASSOCIATED))
4399 4400
		return -1;

4401 4402
	ieee80211_send_disassoc(sdata, ifsta, reason);
	ieee80211_set_disassoc(sdata, ifsta, 0);
4403 4404
	return 0;
}
4405 4406 4407 4408 4409 4410 4411 4412 4413 4414 4415

void ieee80211_notify_mac(struct ieee80211_hw *hw,
			  enum ieee80211_notification_types  notif_type)
{
	struct ieee80211_local *local = hw_to_local(hw);
	struct ieee80211_sub_if_data *sdata;

	switch (notif_type) {
	case IEEE80211_NOTIFY_RE_ASSOC:
		rcu_read_lock();
		list_for_each_entry_rcu(sdata, &local->interfaces, list) {
4416 4417
			if (sdata->vif.type != IEEE80211_IF_TYPE_STA)
				continue;
4418

4419
			ieee80211_sta_req_auth(sdata, &sdata->u.sta);
4420 4421 4422 4423 4424 4425
		}
		rcu_read_unlock();
		break;
	}
}
EXPORT_SYMBOL(ieee80211_notify_mac);