blob: c445a83802003d40e02f9357c3beb87e8b241cad [file] [log] [blame]
/*
* BSS client mode implementation
* Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi>
* Copyright 2004, Instant802 Networks, Inc.
* Copyright 2005, Devicescape Software, Inc.
* Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
* Copyright 2007, Michael Wu <flamingice@sourmilk.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*/
/* TODO:
* order BSS list by RSSI(?) ("quality of AP")
* scan result table filtering (by capability (privacy, IBSS/BSS, WPA/RSN IE,
* SSID)
*/
#include <linux/delay.h>
#include <linux/if_ether.h>
#include <linux/skbuff.h>
#include <linux/netdevice.h>
#include <linux/if_arp.h>
#include <linux/wireless.h>
#include <linux/random.h>
#include <linux/etherdevice.h>
#include <net/iw_handler.h>
#include <asm/types.h>
#include <net/mac80211.h>
#include "ieee80211_i.h"
#include "ieee80211_rate.h"
#include "ieee80211_led.h"
#include "hostapd_ioctl.h"
#define IEEE80211_AUTH_TIMEOUT (HZ / 5)
#define IEEE80211_AUTH_MAX_TRIES 3
#define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
#define IEEE80211_ASSOC_MAX_TRIES 3
#define IEEE80211_MONITORING_INTERVAL (2 * HZ)
#define IEEE80211_PROBE_INTERVAL (60 * HZ)
#define IEEE80211_RETRY_AUTH_INTERVAL (1 * HZ)
#define IEEE80211_SCAN_INTERVAL (2 * HZ)
#define IEEE80211_SCAN_INTERVAL_SLOW (15 * HZ)
#define IEEE80211_IBSS_JOIN_TIMEOUT (20 * HZ)
#define IEEE80211_PROBE_DELAY (HZ / 33)
#define IEEE80211_CHANNEL_TIME (HZ / 33)
#define IEEE80211_PASSIVE_CHANNEL_TIME (HZ / 5)
#define IEEE80211_SCAN_RESULT_EXPIRE (10 * HZ)
#define IEEE80211_IBSS_MERGE_INTERVAL (30 * HZ)
#define IEEE80211_IBSS_INACTIVITY_LIMIT (60 * HZ)
#define IEEE80211_IBSS_MAX_STA_ENTRIES 128
#define IEEE80211_FC(type, stype) cpu_to_le16(type | stype)
#define ERP_INFO_USE_PROTECTION BIT(1)
/* mgmt header + 1 byte action code */
#define IEEE80211_MIN_ACTION_SIZE (24 + 1)
static void ieee80211_send_probe_req(struct net_device *dev, u8 *dst,
u8 *ssid, size_t ssid_len);
static struct ieee80211_sta_bss *
ieee80211_rx_bss_get(struct net_device *dev, u8 *bssid, int channel,
u8 *ssid, u8 ssid_len);
static void ieee80211_rx_bss_put(struct net_device *dev,
struct ieee80211_sta_bss *bss);
static int ieee80211_sta_find_ibss(struct net_device *dev,
struct ieee80211_if_sta *ifsta);
static int ieee80211_sta_wep_configured(struct net_device *dev);
static int ieee80211_sta_start_scan(struct net_device *dev,
u8 *ssid, size_t ssid_len);
static int ieee80211_sta_config_auth(struct net_device *dev,
struct ieee80211_if_sta *ifsta);
/* Parsed Information Elements */
struct ieee802_11_elems {
/* pointers to IEs */
u8 *ssid;
u8 *supp_rates;
u8 *fh_params;
u8 *ds_params;
u8 *cf_params;
u8 *tim;
u8 *ibss_params;
u8 *challenge;
u8 *wpa;
u8 *rsn;
u8 *erp_info;
u8 *ht_cap_param;
u8 *ht_extra_param;
u8 *ext_supp_rates;
u8 *wmm_info;
u8 *wmm_param;
u8 *tspec;
/* length of them, respectively */
u8 ssid_len;
u8 supp_rates_len;
u8 fh_params_len;
u8 ds_params_len;
u8 cf_params_len;
u8 tim_len;
u8 ibss_params_len;
u8 challenge_len;
u8 wpa_len;
u8 rsn_len;
u8 erp_info_len;
u8 ht_cap_param_len;
u8 ht_extra_param_len;
u8 ext_supp_rates_len;
u8 wmm_info_len;
u8 wmm_param_len;
u8 tspec_len;
};
static void ieee802_11_parse_elems(u8 *start, size_t len,
struct ieee802_11_elems *elems)
{
size_t left = len;
u8 *pos = start;
memset(elems, 0, sizeof(*elems));
while (left >= 2) {
u8 id, elen;
id = *pos++;
elen = *pos++;
left -= 2;
if (elen > left)
return;
switch (id) {
case WLAN_EID_SSID:
elems->ssid = pos;
elems->ssid_len = elen;
break;
case WLAN_EID_SUPP_RATES:
elems->supp_rates = pos;
elems->supp_rates_len = elen;
break;
case WLAN_EID_FH_PARAMS:
elems->fh_params = pos;
elems->fh_params_len = elen;
break;
case WLAN_EID_DS_PARAMS:
elems->ds_params = pos;
elems->ds_params_len = elen;
break;
case WLAN_EID_CF_PARAMS:
elems->cf_params = pos;
elems->cf_params_len = elen;
break;
case WLAN_EID_TIM:
elems->tim = pos;
elems->tim_len = elen;
break;
case WLAN_EID_IBSS_PARAMS:
elems->ibss_params = pos;
elems->ibss_params_len = elen;
break;
case WLAN_EID_CHALLENGE:
elems->challenge = pos;
elems->challenge_len = elen;
break;
case WLAN_EID_WPA:
if (elen >= 4 && pos[0] == 0x00 && pos[1] == 0x50 &&
pos[2] == 0xf2) {
/* Microsoft OUI (00:50:F2) */
if (pos[3] == WIFI_OUI_TYPE_WPA) {
/* OUI Type 1 - WPA IE */
elems->wpa = pos;
elems->wpa_len = elen;
} else if (elen >= 5 &&
pos[3] == WIFI_OUI_TYPE_WMM) {
switch (pos[4]) {
case WIFI_OUI_STYPE_WMM_INFO:
elems->wmm_info = pos;
elems->wmm_info_len = elen;
break;
case WIFI_OUI_STYPE_WMM_PARAM:
elems->wmm_param = pos;
elems->wmm_param_len = elen;
break;
case WIFI_OUI_STYPE_WMM_TSPEC:
if (elen != 61) {
printk(KERN_ERR "Wrong "
"TSPEC size.\n");
break;
}
elems->tspec = pos + 6;
elems->tspec_len = elen - 6;
break;
default:
//printk(KERN_ERR "Unsupported "
// "WiFi OUI %d\n", pos[4]);
break;
}
}
}
break;
case WLAN_EID_RSN:
elems->rsn = pos;
elems->rsn_len = elen;
break;
case WLAN_EID_ERP_INFO:
elems->erp_info = pos;
elems->erp_info_len = elen;
break;
case WLAN_EID_EXT_SUPP_RATES:
elems->ext_supp_rates = pos;
elems->ext_supp_rates_len = elen;
break;
case WLAN_EID_HT_CAPABILITY:
elems->ht_cap_param = pos;
elems->ht_cap_param_len = elen;
break;
case WLAN_EID_HT_EXTRA_INFO:
elems->ht_extra_param = pos;
elems->ht_extra_param_len = elen;
break;
case WLAN_EID_TSPEC:
if (elen != 55) {
printk(KERN_ERR "Wrong TSPEC size.\n");
break;
}
elems->tspec = pos;
elems->tspec_len = elen;
break;
default:
break;
}
left -= elen;
pos += elen;
}
}
static int ecw2cw(int ecw)
{
int cw = 1;
while (ecw > 0) {
cw <<= 1;
ecw--;
}
return cw - 1;
}
static void ieee80211_sta_wmm_params(struct net_device *dev,
struct ieee80211_if_sta *ifsta,
u8 *wmm_param, size_t wmm_param_len)
{
struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
struct ieee80211_tx_queue_params params;
size_t left;
int count;
u8 *pos;
if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1)
return;
count = wmm_param[6] & 0x0f;
if (count == ifsta->wmm_last_param_set)
return;
ifsta->wmm_last_param_set = count;
pos = wmm_param + 8;
left = wmm_param_len - 8;
memset(&params, 0, sizeof(params));
if (!local->ops->conf_tx)
return;
local->wmm_acm = 0;
for (; left >= 4; left -= 4, pos += 4) {
int aci = (pos[0] >> 5) & 0x03;
int acm = (pos[0] >> 4) & 0x01;
int queue;
switch (aci) {
case 1:
queue = IEEE80211_TX_QUEUE_DATA3;
if (acm) {
local->wmm_acm |= BIT(0) | BIT(3);
}
break;
case 2:
queue = IEEE80211_TX_QUEUE_DATA1;
if (acm) {
local->wmm_acm |= BIT(4) | BIT(5);
}
break;
case 3:
queue = IEEE80211_TX_QUEUE_DATA0;
if (acm) {
local->wmm_acm |= BIT(6) | BIT(7);
}
break;
case 0:
default:
queue = IEEE80211_TX_QUEUE_DATA2;
if (acm) {
local->wmm_acm |= BIT(1) | BIT(2);
}
break;
}
params.aifs = pos[0] & 0x0f;
params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4);
params.cw_min = ecw2cw(pos[1] & 0x0f);
/* TXOP is in units of 32 usec; burst_time in 0.1 ms */
params.burst_time = (pos[2] | (pos[3] << 8)) * 32 / 100;
printk(KERN_DEBUG "%s: WMM queue=%d aci=%d acm=%d aifs=%d "
"cWmin=%d cWmax=%d burst=%d\n",
dev->name, queue, aci, acm, params.aifs, params.cw_min,
params.cw_max, params.burst_time);
/* TODO: handle ACM (block TX, fallback to next lowest allowed
* AC for now) */
if (local->ops->conf_tx(local_to_hw(local), queue, &params)) {
printk(KERN_DEBUG "%s: failed to set TX queue "
"parameters for queue %d\n", dev->name, queue);
}
}
}
static void ieee80211_handle_erp_ie(struct net_device *dev, u8 erp_value)
{
struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
struct ieee80211_if_sta *ifsta = &sdata->u.sta;
int use_protection = (erp_value & WLAN_ERP_USE_PROTECTION) != 0;
int preamble_mode = (erp_value & WLAN_ERP_BARKER_PREAMBLE) != 0;
u8 changes = 0;
DECLARE_MAC_BUF(mac);
if (use_protection != !!(sdata->flags & IEEE80211_SDATA_USE_PROTECTION)) {
if (net_ratelimit()) {
printk(KERN_DEBUG "%s: CTS protection %s (BSSID="
"%s)\n",
dev->name,
use_protection ? "enabled" : "disabled",
print_mac(mac, ifsta->bssid));
}
if (use_protection)
sdata->flags |= IEEE80211_SDATA_USE_PROTECTION;
else
sdata->flags &= ~IEEE80211_SDATA_USE_PROTECTION;
changes |= IEEE80211_ERP_CHANGE_PROTECTION;
}
if (preamble_mode != !(sdata->flags & IEEE80211_SDATA_SHORT_PREAMBLE)) {
if (net_ratelimit()) {
printk(KERN_DEBUG "%s: switched to %s barker preamble"
" (BSSID=%s)\n",
dev->name,
(preamble_mode == WLAN_ERP_PREAMBLE_SHORT) ?
"short" : "long",
print_mac(mac, ifsta->bssid));
}
if (preamble_mode)
sdata->flags &= ~IEEE80211_SDATA_SHORT_PREAMBLE;
else
sdata->flags |= IEEE80211_SDATA_SHORT_PREAMBLE;
changes |= IEEE80211_ERP_CHANGE_PREAMBLE;
}
if (changes)
ieee80211_erp_info_change_notify(dev, changes);
}
static void ieee80211_sta_send_associnfo(struct net_device *dev,
struct ieee80211_if_sta *ifsta)
{
char *buf;
size_t len;
int i;
union iwreq_data wrqu;
if (!ifsta->assocreq_ies && !ifsta->assocresp_ies)
return;
buf = kmalloc(50 + 2 * (ifsta->assocreq_ies_len +
ifsta->assocresp_ies_len), GFP_KERNEL);
if (!buf)
return;
len = sprintf(buf, "ASSOCINFO(");
if (ifsta->assocreq_ies) {
len += sprintf(buf + len, "ReqIEs=");
for (i = 0; i < ifsta->assocreq_ies_len; i++) {
len += sprintf(buf + len, "%02x",
ifsta->assocreq_ies[i]);
}
}
if (ifsta->assocresp_ies) {
if (ifsta->assocreq_ies)
len += sprintf(buf + len, " ");
len += sprintf(buf + len, "RespIEs=");
for (i = 0; i < ifsta->assocresp_ies_len; i++) {
len += sprintf(buf + len, "%02x",
ifsta->assocresp_ies[i]);
}
}
len += sprintf(buf + len, ")");
if (len > IW_CUSTOM_MAX) {
len = sprintf(buf, "ASSOCRESPIE=");
for (i = 0; i < ifsta->assocresp_ies_len; i++) {
len += sprintf(buf + len, "%02x",
ifsta->assocresp_ies[i]);
}
}
memset(&wrqu, 0, sizeof(wrqu));
wrqu.data.length = len;
wireless_send_event(dev, IWEVCUSTOM, &wrqu, buf);
kfree(buf);
}
static void ieee80211_set_associated(struct net_device *dev,
struct ieee80211_if_sta *ifsta,
bool assoc)
{
struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
union iwreq_data wrqu;
if (!!(ifsta->flags & IEEE80211_STA_ASSOCIATED) == assoc)
return;
if (assoc) {
struct ieee80211_sub_if_data *sdata;
struct ieee80211_sta_bss *bss;
ifsta->flags |= IEEE80211_STA_ASSOCIATED;
sdata = IEEE80211_DEV_TO_SUB_IF(dev);
if (sdata->type != IEEE80211_IF_TYPE_STA)
return;
bss = ieee80211_rx_bss_get(dev, ifsta->bssid,
local->hw.conf.channel,
ifsta->ssid, ifsta->ssid_len);
if (bss) {
if (bss->has_erp_value)
ieee80211_handle_erp_ie(dev, bss->erp_value);
ieee80211_rx_bss_put(dev, bss);
}
netif_carrier_on(dev);
ifsta->flags |= IEEE80211_STA_PREV_BSSID_SET;
memcpy(ifsta->prev_bssid, sdata->u.sta.bssid, ETH_ALEN);
memcpy(wrqu.ap_addr.sa_data, sdata->u.sta.bssid, ETH_ALEN);
ieee80211_sta_send_associnfo(dev, ifsta);
} else {
ifsta->flags &= ~IEEE80211_STA_ASSOCIATED;
netif_carrier_off(dev);
ieee80211_reset_erp_info(dev);
memset(wrqu.ap_addr.sa_data, 0, ETH_ALEN);
}
wrqu.ap_addr.sa_family = ARPHRD_ETHER;
wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL);
ifsta->last_probe = jiffies;
ieee80211_led_assoc(local, assoc);
}
static void ieee80211_set_disassoc(struct net_device *dev,
struct ieee80211_if_sta *ifsta, int deauth)
{
if (deauth)
ifsta->auth_tries = 0;
ifsta->assoc_tries = 0;
ieee80211_set_associated(dev, ifsta, 0);
}
static void ieee80211_sta_tx(struct net_device *dev, struct sk_buff *skb,
int encrypt)
{
struct ieee80211_sub_if_data *sdata;
struct ieee80211_tx_packet_data *pkt_data;
sdata = IEEE80211_DEV_TO_SUB_IF(dev);
skb->dev = sdata->local->mdev;
skb_set_mac_header(skb, 0);
skb_set_network_header(skb, 0);
skb_set_transport_header(skb, 0);
pkt_data = (struct ieee80211_tx_packet_data *) skb->cb;
memset(pkt_data, 0, sizeof(struct ieee80211_tx_packet_data));
pkt_data->ifindex = sdata->dev->ifindex;
if (sdata->type == IEEE80211_IF_TYPE_MGMT)
pkt_data->flags |= IEEE80211_TXPD_MGMT_IFACE;
if (!encrypt)
pkt_data->flags |= IEEE80211_TXPD_DO_NOT_ENCRYPT;
dev_queue_xmit(skb);
}
static void ieee80211_send_auth(struct net_device *dev,
struct ieee80211_if_sta *ifsta,
int transaction, u8 *extra, size_t extra_len,
int encrypt)
{
struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
struct sk_buff *skb;
struct ieee80211_mgmt *mgmt;
skb = dev_alloc_skb(local->hw.extra_tx_headroom +
sizeof(*mgmt) + 6 + extra_len);
if (!skb) {
printk(KERN_DEBUG "%s: failed to allocate buffer for auth "
"frame\n", dev->name);
return;
}
skb_reserve(skb, local->hw.extra_tx_headroom);
mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24 + 6);
memset(mgmt, 0, 24 + 6);
mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
IEEE80211_STYPE_AUTH);
if (encrypt)
mgmt->frame_control |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
mgmt->u.auth.auth_alg = cpu_to_le16(ifsta->auth_alg);
mgmt->u.auth.auth_transaction = cpu_to_le16(transaction);
ifsta->auth_transaction = transaction + 1;
mgmt->u.auth.status_code = cpu_to_le16(0);
if (extra)
memcpy(skb_put(skb, extra_len), extra, extra_len);
ieee80211_sta_tx(dev, skb, encrypt);
}
static void ieee80211_authenticate(struct net_device *dev,
struct ieee80211_if_sta *ifsta)
{
DECLARE_MAC_BUF(mac);
ifsta->auth_tries++;
if (ifsta->auth_tries > IEEE80211_AUTH_MAX_TRIES) {
printk(KERN_DEBUG "%s: authentication with AP %s"
" timed out\n",
dev->name, print_mac(mac, ifsta->bssid));
ifsta->state = IEEE80211_DISABLED;
return;
}
ifsta->state = IEEE80211_AUTHENTICATE;
printk(KERN_DEBUG "%s: authenticate with AP %s\n",
dev->name, print_mac(mac, ifsta->bssid));
ieee80211_send_auth(dev, ifsta, 1, NULL, 0, 0);
mod_timer(&ifsta->timer, jiffies + IEEE80211_AUTH_TIMEOUT);
}
static void ieee80211_send_assoc(struct net_device *dev,
struct ieee80211_if_sta *ifsta)
{
struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
struct ieee80211_hw_mode *mode;
struct sk_buff *skb;
struct ieee80211_mgmt *mgmt;
u8 *pos, *ies;
int i, len;
u16 capab;
struct ieee80211_sta_bss *bss;
int wmm = 0;
int ht_enabled = 0;
skb = dev_alloc_skb(local->hw.extra_tx_headroom +
sizeof(*mgmt) + 200 + ifsta->extra_ie_len +
ifsta->ssid_len);
if (!skb) {
printk(KERN_DEBUG "%s: failed to allocate buffer for assoc "
"frame\n", dev->name);
return;
}
skb_reserve(skb, local->hw.extra_tx_headroom);
mode = local->oper_hw_mode;
capab = ifsta->capab;
if (mode->mode == MODE_IEEE80211G) {
capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME |
WLAN_CAPABILITY_SHORT_PREAMBLE;
}
bss = ieee80211_rx_bss_get(dev, ifsta->bssid, local->hw.conf.channel,
ifsta->ssid, ifsta->ssid_len);
if (bss) {
if (bss->capability & WLAN_CAPABILITY_PRIVACY)
capab |= WLAN_CAPABILITY_PRIVACY;
if (bss->wmm_ie) {
wmm = 1;
ht_enabled = 1;
}
ieee80211_rx_bss_put(dev, bss);
}
mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
memset(mgmt, 0, 24);
memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
if (ifsta->flags & IEEE80211_STA_PREV_BSSID_SET) {
skb_put(skb, 10);
mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
IEEE80211_STYPE_REASSOC_REQ);
mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab);
mgmt->u.reassoc_req.listen_interval = cpu_to_le16(1);
memcpy(mgmt->u.reassoc_req.current_ap, ifsta->prev_bssid,
ETH_ALEN);
} else {
skb_put(skb, 4);
mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
IEEE80211_STYPE_ASSOC_REQ);
mgmt->u.assoc_req.capab_info = cpu_to_le16(capab);
mgmt->u.assoc_req.listen_interval = cpu_to_le16(1);
}
/* SSID */
ies = pos = skb_put(skb, 2 + ifsta->ssid_len);
*pos++ = WLAN_EID_SSID;
*pos++ = ifsta->ssid_len;
memcpy(pos, ifsta->ssid, ifsta->ssid_len);
len = mode->num_rates;
if (len > 8)
len = 8;
pos = skb_put(skb, len + 2);
*pos++ = WLAN_EID_SUPP_RATES;
*pos++ = len;
for (i = 0; i < len; i++) {
int rate = mode->rates[i].rate;
*pos++ = (u8) (rate / 5);
}
if (mode->num_rates > len) {
pos = skb_put(skb, mode->num_rates - len + 2);
*pos++ = WLAN_EID_EXT_SUPP_RATES;
*pos++ = mode->num_rates - len;
for (i = len; i < mode->num_rates; i++) {
int rate = mode->rates[i].rate;
*pos++ = (u8) (rate / 5);
}
}
if (ifsta->extra_ie) {
pos = skb_put(skb, ifsta->extra_ie_len);
memcpy(pos, ifsta->extra_ie, ifsta->extra_ie_len);
}
if (wmm && (ifsta->flags & IEEE80211_STA_WMM_ENABLED)) {
pos = skb_put(skb, 9);
*pos++ = WLAN_EID_VENDOR_SPECIFIC;
*pos++ = 7; /* len */
*pos++ = 0x00; /* Microsoft OUI 00:50:F2 */
*pos++ = 0x50;
*pos++ = 0xf2;
*pos++ = 2; /* WME */
*pos++ = 0; /* WME info */
*pos++ = 1; /* WME ver */
*pos++ = 0;
}
#ifdef CONFIG_MAC80211_HT
/* if low level driver supports 11n, fill in 11n IE */
if (ht_enabled && (ifsta->flags & IEEE80211_STA_HT_ENABLED) &&
local->ops->get_ht_capab) {
pos = skb_put(skb, sizeof(struct ieee80211_ht_capability)+2);
*pos++ = WLAN_EID_HT_CAPABILITY;
*pos++ = sizeof(struct ieee80211_ht_capability);
memset(pos, 0, sizeof(struct ieee80211_ht_capability));
local->ops->get_ht_capab(local_to_hw(local),
(struct ieee80211_ht_capability *)pos);
}
#endif /* CONFIG_MAC80211_HT */
kfree(ifsta->assocreq_ies);
ifsta->assocreq_ies_len = (skb->data + skb->len) - ies;
ifsta->assocreq_ies = kmalloc(ifsta->assocreq_ies_len, GFP_KERNEL);
if (ifsta->assocreq_ies)
memcpy(ifsta->assocreq_ies, ies, ifsta->assocreq_ies_len);
ieee80211_sta_tx(dev, skb, 0);
}
static void ieee80211_send_deauth(struct net_device *dev,
struct ieee80211_if_sta *ifsta, u16 reason)
{
struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
struct sk_buff *skb;
struct ieee80211_mgmt *mgmt;
skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt));
if (!skb) {
printk(KERN_DEBUG "%s: failed to allocate buffer for deauth "
"frame\n", dev->name);
return;
}
skb_reserve(skb, local->hw.extra_tx_headroom);
mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
memset(mgmt, 0, 24);
memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
IEEE80211_STYPE_DEAUTH);
skb_put(skb, 2);
mgmt->u.deauth.reason_code = cpu_to_le16(reason);
ieee80211_sta_tx(dev, skb, 0);
}
static void ieee80211_send_disassoc(struct net_device *dev,
struct ieee80211_if_sta *ifsta, u16 reason)
{
struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
struct sk_buff *skb;
struct ieee80211_mgmt *mgmt;
skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt));
if (!skb) {
printk(KERN_DEBUG "%s: failed to allocate buffer for disassoc "
"frame\n", dev->name);
return;
}
skb_reserve(skb, local->hw.extra_tx_headroom);
mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
memset(mgmt, 0, 24);
memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
IEEE80211_STYPE_DISASSOC);
skb_put(skb, 2);
mgmt->u.disassoc.reason_code = cpu_to_le16(reason);
ieee80211_sta_tx(dev, skb, 0);
}
static int ieee80211_ts_index(u8 direction)
{
if (direction == WLAN_TSINFO_DOWNLINK ||
direction == WLAN_TSINFO_DIRECTLINK)
return STA_TS_DOWNLINK;
return STA_TS_UPLINK; /* UP and Bidirectional LINK */
}
void ieee80211_send_addts(struct net_device *dev,
struct ieee80211_if_sta *ifsta,
struct ieee80211_elem_tspec *tspec)
{
struct ieee80211_mgmt *mgmt;
struct sk_buff *skb;
static u8 token;
struct ieee80211_elem_tspec *ptspec;
u8 *pos;
skb = dev_alloc_skb(sizeof(*mgmt) + sizeof(*tspec));
if (!skb) {
printk(KERN_DEBUG "%s: failed to allocate buffer for addts "
"frame\n", dev->name);
return;
}
mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
memset(mgmt, 0, 24);
memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
IEEE80211_STYPE_ACTION);
skb_put(skb, 1 + sizeof(mgmt->u.action.u.addts_req));
mgmt->u.action.category = WLAN_CATEGORY_QOS;
mgmt->u.action.u.addts_req.action_code = WLAN_ACTION_QOS_ADDTS_REQ;
mgmt->u.action.u.addts_req.dialog_token = ++token % 127;
skb_put(skb, 2 + sizeof(*tspec));
pos = mgmt->u.action.u.addts_req.variable;
pos[0] = WLAN_EID_TSPEC;
pos[1] = sizeof(*tspec);
pos += 2;
ptspec = (struct ieee80211_elem_tspec *)pos;
memcpy(ptspec, tspec, sizeof(*tspec));
ieee80211_sta_tx(dev, skb, 0);
}
void wmm_send_addts(struct net_device *dev,
struct ieee80211_if_sta *ifsta,
struct ieee80211_elem_tspec *tspec)
{
struct ieee80211_mgmt *mgmt;
struct sk_buff *skb;
static u8 token;
struct ieee80211_elem_tspec *ptspec;
u8 *pos;
skb = dev_alloc_skb(sizeof(*mgmt) + 2 + 6 + sizeof(*tspec));
if (!skb) {
printk(KERN_DEBUG "%s: failed to allocate buffer for addts "
"frame\n", dev->name);
return;
}
mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
memset(mgmt, 0, 24);
memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
IEEE80211_STYPE_ACTION);
skb_put(skb, 1 + sizeof(mgmt->u.action.u.wme_action));
mgmt->u.action.category = WLAN_CATEGORY_WMM;
mgmt->u.action.u.wme_action.action_code = WLAN_ACTION_QOS_ADDTS_REQ;
mgmt->u.action.u.wme_action.dialog_token = ++token % 127;
mgmt->u.action.u.wme_action.status_code = 0;
skb_put(skb, 2 + 6 + sizeof(*tspec));
pos = mgmt->u.action.u.wme_action.variable;
pos[0] = WLAN_EID_GENERIC;
pos[1] = 61;
pos += 2;
pos[0] = 0x00; pos[1] = 0x50; pos[2] = 0xf2; /* Wi-Fi OUI (00:50:F2)*/
pos += 3;
pos[0] = WIFI_OUI_TYPE_WMM;
pos[1] = WIFI_OUI_STYPE_WMM_TSPEC;
pos[2] = 1; /* Version */
pos += 3;
ptspec = (struct ieee80211_elem_tspec *)pos;
memcpy(ptspec, tspec, sizeof(*tspec));
ieee80211_sta_tx(dev, skb, 0);
}
void ieee80211_send_delts(struct net_device *dev,
struct ieee80211_if_sta *ifsta,
struct ieee80211_elem_tspec *tp)
{
struct ieee80211_mgmt *mgmt;
struct sk_buff *skb;
u8 tsid = IEEE80211_TSINFO_TSID(tp->ts_info);
u8 direction = IEEE80211_TSINFO_DIR(tp->ts_info);
u16 medium_time = le16_to_cpu(tp->medium_time);
u8 index = ieee80211_ts_index(direction);
if (ifsta->ts_data[tsid][index].status == TS_STATUS_UNUSED) {
printk(KERN_DEBUG "%s: Trying to delete an ACM disabled TS "
"(%u:%u)\n", dev->name, tsid, direction);
return;
}
skb = dev_alloc_skb(sizeof(*mgmt));
if (!skb) {
printk(KERN_DEBUG "%s: failed to allocate buffer for delts "
"frame\n", dev->name);
return;
}
/* recompute admitted time */
ifsta->ts_data[tsid][index].admitted_time_usec -=
ifsta->dot11EDCAAveragingPeriod * medium_time * 32;
if ((s32)(ifsta->ts_data[tsid][index].admitted_time_usec) < 0)
ifsta->ts_data[tsid][index].admitted_time_usec = 0;
ifsta->ts_data[tsid][index].status = TS_STATUS_INACTIVE;
mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
memset(mgmt, 0, 24);
memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
IEEE80211_STYPE_ACTION);
skb_put(skb, 1 + sizeof(mgmt->u.action.u.delts));
mgmt->u.action.category = WLAN_CATEGORY_QOS;
mgmt->u.action.u.delts.action_code = WLAN_ACTION_QOS_DELTS;
mgmt->u.action.u.delts.reason_code = 0;
memset(&mgmt->u.action.u.delts.ts_info, 0,
sizeof(struct ieee80211_ts_info));
IEEE80211_SET_TSINFO_TSID(tp->ts_info, tsid);
IEEE80211_SET_TSINFO_DIR(tp->ts_info, direction);
IEEE80211_SET_TSINFO_POLICY(tp->ts_info, WLAN_TSINFO_EDCA);
IEEE80211_SET_TSINFO_APSD(tp->ts_info, WLAN_TSINFO_PSB_LEGACY);
IEEE80211_SET_TSINFO_UP(tp->ts_info, ifsta->ts_data[tsid][index].up);
ieee80211_sta_tx(dev, skb, 0);
}
void wmm_send_delts(struct net_device *dev,
struct ieee80211_if_sta *ifsta,
struct ieee80211_elem_tspec *tp)
{
struct ieee80211_mgmt *mgmt;
struct ieee80211_elem_tspec *tspec;
struct sk_buff *skb;
u8 tsid = IEEE80211_TSINFO_TSID(tp->ts_info);
u8 direction = IEEE80211_TSINFO_DIR(tp->ts_info);
u16 medium_time = le16_to_cpu(tp->medium_time);
u8 index = ieee80211_ts_index(direction);
u8 *pos;
if (ifsta->ts_data[tsid][index].status == TS_STATUS_UNUSED) {
printk(KERN_DEBUG "%s: Tring to delete a non-Actived TS "
"(%u %u)\n", dev->name, tsid, direction);
return;
}
skb = dev_alloc_skb(sizeof(*mgmt) + 2 + 6 + sizeof(*tspec));
if (!skb) {
printk(KERN_DEBUG "%s: failed to allocate buffer for delts "
"frame\n", dev->name);
return;
}
/* recompute admitted time */
ifsta->ts_data[tsid][index].admitted_time_usec -=
ifsta->dot11EDCAAveragingPeriod * medium_time * 32;
if ((s32)(ifsta->ts_data[tsid][index].admitted_time_usec < 0))
ifsta->ts_data[tsid][index].admitted_time_usec = 0;
ifsta->ts_data[tsid][index].status = TS_STATUS_INACTIVE;
mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
memset(mgmt, 0, 24);
memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
IEEE80211_STYPE_ACTION);
skb_put(skb, 1 + sizeof(mgmt->u.action.u.wme_action));
mgmt->u.action.category = WLAN_CATEGORY_WMM;
mgmt->u.action.u.wme_action.action_code = WLAN_ACTION_QOS_DELTS;
mgmt->u.action.u.wme_action.dialog_token = 0;
mgmt->u.action.u.wme_action.status_code = 0;
skb_put(skb, 2 + 6 + sizeof(*tspec));
pos = mgmt->u.action.u.wme_action.variable;
pos[0] = WLAN_EID_GENERIC;
pos[1] = 61;
pos += 2;
pos[0] = 0x00; pos[1] = 0x50; pos[2] = 0xf2; /* Wi-Fi OUI (00:50:F2)*/
pos += 3;
pos[0] = WIFI_OUI_TYPE_WMM;
pos[1] = WIFI_OUI_STYPE_WMM_TSPEC;
pos[2] = 1; /* Version */
pos += 3;
tspec = (struct ieee80211_elem_tspec *)pos;
memset(tspec, 0, sizeof(*tspec));
IEEE80211_SET_TSINFO_TSID(tspec->ts_info, tsid);
IEEE80211_SET_TSINFO_DIR(tspec->ts_info, direction);
IEEE80211_SET_TSINFO_POLICY(tspec->ts_info, WLAN_TSINFO_EDCA);
IEEE80211_SET_TSINFO_APSD(tspec->ts_info, WLAN_TSINFO_PSB_LEGACY);
IEEE80211_SET_TSINFO_UP(tspec->ts_info, ifsta->ts_data[tsid][index].up);
ieee80211_sta_tx(dev, skb, 0);
}
void ieee80211_send_dls_req(struct net_device *dev,
struct ieee80211_if_sta *ifsta,
u8 *addr, u16 timeout)
{
struct ieee80211_hw_mode *mode;
struct sk_buff *skb;
struct ieee80211_mgmt *mgmt;
struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
u8 *pos, *supp_rates, *esupp_rates = NULL;
int i;
skb = dev_alloc_skb(sizeof(*mgmt) + 200 /* rates + ext_rates Size */);
if (!skb) {
printk(KERN_DEBUG "%s: failed to allocate buffer for DLS REQ "
"frame\n", dev->name);
return;
}
mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
memset(mgmt, 0, 24);
memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
IEEE80211_STYPE_ACTION);
skb_put(skb, 1 + sizeof(mgmt->u.action.u.dls_req));
mgmt->u.action.category = WLAN_CATEGORY_DLS;
mgmt->u.action.u.dls_req.action_code = WLAN_ACTION_DLS_REQ;
memcpy(mgmt->u.action.u.dls_req.dest, addr, ETH_ALEN);
memcpy(mgmt->u.action.u.dls_req.src, dev->dev_addr, ETH_ALEN);
mgmt->u.action.u.dls_req.capab_info = cpu_to_le16(ifsta->ap_capab);
mgmt->u.action.u.dls_req.timeout = cpu_to_le16(timeout);
/* Add supported rates and extended supported rates */
supp_rates = skb_put(skb, 2);
supp_rates[0] = WLAN_EID_SUPP_RATES;
supp_rates[1] = 0;
mode = local->oper_hw_mode;
for (i = 0; i < mode->num_rates; i++) {
struct ieee80211_rate *rate = &mode->rates[i];
if (!(rate->flags & IEEE80211_RATE_SUPPORTED))
continue;
if (esupp_rates) {
pos = skb_put(skb, 1);
esupp_rates[1]++;
} else if (supp_rates[1] == 8) {
esupp_rates = skb_put(skb, 3);
esupp_rates[0] = WLAN_EID_EXT_SUPP_RATES;
esupp_rates[1] = 1;
pos = &esupp_rates[2];
} else {
pos = skb_put(skb, 1);
supp_rates[1]++;
}
*pos = rate->rate / 5;
}
ieee80211_sta_tx(dev, skb, 0);
}
static void ieee80211_send_dls_resp(struct net_device *dev,
struct ieee80211_if_sta *ifsta,
u8 *mac_addr, u16 status)
{
struct ieee80211_hw_mode *mode;
struct sk_buff *skb;
struct ieee80211_mgmt *mgmt;
struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
u8 *pos, *supp_rates, *esupp_rates = NULL;
int i;
skb = dev_alloc_skb(sizeof(*mgmt) + 200 /* rates + ext_rates Size */);
if (!skb) {
printk(KERN_DEBUG "%s: failed to allocate buffer for dls resp "
"frame\n", dev->name);
return;
}
mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
memset(mgmt, 0, 24);
memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
IEEE80211_STYPE_ACTION);
skb_put(skb, 1 + sizeof(mgmt->u.action.u.dls_resp));
mgmt->u.action.category = WLAN_CATEGORY_DLS;
mgmt->u.action.u.dls_resp.action_code = WLAN_ACTION_DLS_RESP;
memcpy(mgmt->u.action.u.dls_resp.dest, dev->dev_addr, ETH_ALEN);
memcpy(mgmt->u.action.u.dls_resp.src, mac_addr, ETH_ALEN);
mgmt->u.action.u.dls_resp.status_code = cpu_to_le16(status);
if (!mgmt->u.action.u.dls_resp.status_code) {
ieee80211_sta_tx(dev, skb, 0);
return;
}
/* Add capability information */
pos = skb_put(skb, 2);
*(__le16 *)pos = cpu_to_le16(ifsta->ap_capab);
/* Add supported rates and extended supported rates */
supp_rates = skb_put(skb, 2);
supp_rates[0] = WLAN_EID_SUPP_RATES;
supp_rates[1] = 0;
mode = local->oper_hw_mode;
for (i = 0; i < mode->num_rates; i++) {
struct ieee80211_rate *rate = &mode->rates[i];
if (!(rate->flags & IEEE80211_RATE_SUPPORTED))
continue;
if (esupp_rates) {
pos = skb_put(skb, 1);
esupp_rates[1]++;
} else if (supp_rates[1] == 8) {
esupp_rates = skb_put(skb, 3);
esupp_rates[0] = WLAN_EID_EXT_SUPP_RATES;
esupp_rates[1] = 1;
pos = &esupp_rates[2];
} else {
pos = skb_put(skb, 1);
supp_rates[1]++;
}
*pos = rate->rate / 5;
}
ieee80211_sta_tx(dev, skb, 0);
}
void ieee80211_send_dls_teardown(struct net_device *dev,
struct ieee80211_if_sta *ifsta,
u8 *mac_addr, u16 reason)
{
struct ieee80211_mgmt *mgmt;
struct sk_buff *skb;
skb = dev_alloc_skb(sizeof(*mgmt));
if (!skb) {
printk(KERN_DEBUG "%s: failed to allocate buffer for DLS "
"Teardown frame\n", dev->name);
return;
}
mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
memset(mgmt, 0, 24);
memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
IEEE80211_STYPE_ACTION);
skb_put(skb, 1 + sizeof(mgmt->u.action.u.dls_teardown));
mgmt->u.action.category = WLAN_CATEGORY_DLS;
mgmt->u.action.u.dls_teardown.action_code = WLAN_ACTION_DLS_TEARDOWN;
memcpy(mgmt->u.action.u.dls_teardown.dest, mac_addr, ETH_ALEN);
memcpy(mgmt->u.action.u.dls_teardown.src, dev->dev_addr, ETH_ALEN);
mgmt->u.action.u.dls_teardown.reason_code = cpu_to_le16(reason);
ieee80211_sta_tx(dev, skb, 0);
}
static int ieee80211_privacy_mismatch(struct net_device *dev,
struct ieee80211_if_sta *ifsta)
{
struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
struct ieee80211_sta_bss *bss;
int res = 0;
if (!ifsta || (ifsta->flags & IEEE80211_STA_MIXED_CELL) ||
ifsta->key_management_enabled)
return 0;
bss = ieee80211_rx_bss_get(dev, ifsta->bssid, local->hw.conf.channel,
ifsta->ssid, ifsta->ssid_len);
if (!bss)
return 0;
if (ieee80211_sta_wep_configured(dev) !=
!!(bss->capability & WLAN_CAPABILITY_PRIVACY))
res = 1;
ieee80211_rx_bss_put(dev, bss);
return res;
}
static void ieee80211_associate(struct net_device *dev,
struct ieee80211_if_sta *ifsta)
{
DECLARE_MAC_BUF(mac);
ifsta->assoc_tries++;
if (ifsta->assoc_tries > IEEE80211_ASSOC_MAX_TRIES) {
printk(KERN_DEBUG "%s: association with AP %s"
" timed out\n",
dev->name, print_mac(mac, ifsta->bssid));
ifsta->state = IEEE80211_DISABLED;
return;
}
ifsta->state = IEEE80211_ASSOCIATE;
printk(KERN_DEBUG "%s: associate with AP %s\n",
dev->name, print_mac(mac, ifsta->bssid));
if (ieee80211_privacy_mismatch(dev, ifsta)) {
printk(KERN_DEBUG "%s: mismatch in privacy configuration and "
"mixed-cell disabled - abort association\n", dev->name);
ifsta->state = IEEE80211_DISABLED;
return;
}
ieee80211_send_assoc(dev, ifsta);
mod_timer(&ifsta->timer, jiffies + IEEE80211_ASSOC_TIMEOUT);
}
static void ieee80211_associated(struct net_device *dev,
struct ieee80211_if_sta *ifsta)
{
struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
struct sta_info *sta;
int disassoc;
DECLARE_MAC_BUF(mac);
/* TODO: start monitoring current AP signal quality and number of
* missed beacons. Scan other channels every now and then and search
* for better APs. */
/* TODO: remove expired BSSes */
ifsta->state = IEEE80211_ASSOCIATED;
sta = sta_info_get(local, ifsta->bssid);
if (!sta) {
printk(KERN_DEBUG "%s: No STA entry for own AP %s\n",
dev->name, print_mac(mac, ifsta->bssid));
disassoc = 1;
} else {
disassoc = 0;
if (time_after(jiffies,
sta->last_rx + IEEE80211_MONITORING_INTERVAL)) {
if (ifsta->flags & IEEE80211_STA_PROBEREQ_POLL) {
printk(KERN_DEBUG "%s: No ProbeResp from "
"current AP %s - assume out of "
"range\n",
dev->name, print_mac(mac, ifsta->bssid));
disassoc = 1;
sta_info_free(sta);
} else
ieee80211_send_probe_req(dev, ifsta->bssid,
local->scan_ssid,
local->scan_ssid_len);
ifsta->flags ^= IEEE80211_STA_PROBEREQ_POLL;
} else {
ifsta->flags &= ~IEEE80211_STA_PROBEREQ_POLL;
if (time_after(jiffies, ifsta->last_probe +
IEEE80211_PROBE_INTERVAL)) {
ifsta->last_probe = jiffies;
ieee80211_send_probe_req(dev, ifsta->bssid,
ifsta->ssid,
ifsta->ssid_len);
}
}
sta_info_put(sta);
}
if (disassoc) {
union iwreq_data wrqu;
memset(wrqu.ap_addr.sa_data, 0, ETH_ALEN);
wrqu.ap_addr.sa_family = ARPHRD_ETHER;
wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL);
mod_timer(&ifsta->timer, jiffies +
IEEE80211_MONITORING_INTERVAL + 30 * HZ);
} else {
mod_timer(&ifsta->timer, jiffies +
IEEE80211_MONITORING_INTERVAL);
}
}
static void ieee80211_send_probe_req(struct net_device *dev, u8 *dst,
u8 *ssid, size_t ssid_len)
{
struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
struct ieee80211_hw_mode *mode;
struct sk_buff *skb;
struct ieee80211_mgmt *mgmt;
u8 *pos, *supp_rates, *esupp_rates = NULL;
int i;
skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt) + 200);
if (!skb) {
printk(KERN_DEBUG "%s: failed to allocate buffer for probe "
"request\n", dev->name);
return;
}
skb_reserve(skb, local->hw.extra_tx_headroom);
mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
memset(mgmt, 0, 24);
mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
IEEE80211_STYPE_PROBE_REQ);
memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
if (dst) {
memcpy(mgmt->da, dst, ETH_ALEN);
memcpy(mgmt->bssid, dst, ETH_ALEN);
} else {
memset(mgmt->da, 0xff, ETH_ALEN);
memset(mgmt->bssid, 0xff, ETH_ALEN);
}
pos = skb_put(skb, 2 + ssid_len);
*pos++ = WLAN_EID_SSID;
*pos++ = ssid_len;
memcpy(pos, ssid, ssid_len);
supp_rates = skb_put(skb, 2);
supp_rates[0] = WLAN_EID_SUPP_RATES;
supp_rates[1] = 0;
mode = local->oper_hw_mode;
for (i = 0; i < mode->num_rates; i++) {
struct ieee80211_rate *rate = &mode->rates[i];
if (!(rate->flags & IEEE80211_RATE_SUPPORTED))
continue;
if (esupp_rates) {
pos = skb_put(skb, 1);
esupp_rates[1]++;
} else if (supp_rates[1] == 8) {
esupp_rates = skb_put(skb, 3);
esupp_rates[0] = WLAN_EID_EXT_SUPP_RATES;
esupp_rates[1] = 1;
pos = &esupp_rates[2];
} else {
pos = skb_put(skb, 1);
supp_rates[1]++;
}
*pos = rate->rate / 5;
}
ieee80211_sta_tx(dev, skb, 0);
}
static int ieee80211_sta_wep_configured(struct net_device *dev)
{
struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
if (!sdata || !sdata->default_key ||
sdata->default_key->conf.alg != ALG_WEP)
return 0;
return 1;
}
static void ieee80211_auth_completed(struct net_device *dev,
struct ieee80211_if_sta *ifsta)
{
printk(KERN_DEBUG "%s: authenticated\n", dev->name);
ifsta->flags |= IEEE80211_STA_AUTHENTICATED;
ieee80211_associate(dev, ifsta);
}
static void ieee80211_auth_challenge(struct net_device *dev,
struct ieee80211_if_sta *ifsta,
struct ieee80211_mgmt *mgmt,
size_t len)
{
u8 *pos;
struct ieee802_11_elems elems;
printk(KERN_DEBUG "%s: replying to auth challenge\n", dev->name);
pos = mgmt->u.auth.variable;
ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
if (!elems.challenge) {
printk(KERN_DEBUG "%s: no challenge IE in shared key auth "
"frame\n", dev->name);
return;
}
ieee80211_send_auth(dev, ifsta, 3, elems.challenge - 2,
elems.challenge_len + 2, 1);
}
static void ieee80211_rx_mgmt_auth(struct net_device *dev,
struct ieee80211_if_sta *ifsta,
struct ieee80211_mgmt *mgmt,
size_t len)
{
struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
u16 auth_alg, auth_transaction, status_code;
DECLARE_MAC_BUF(mac);
if (ifsta->state != IEEE80211_AUTHENTICATE &&
sdata->type != IEEE80211_IF_TYPE_IBSS) {
printk(KERN_DEBUG "%s: authentication frame received from "
"%s, but not in authenticate state - ignored\n",
dev->name, print_mac(mac, mgmt->sa));
return;
}
if (len < 24 + 6) {
printk(KERN_DEBUG "%s: too short (%zd) authentication frame "
"received from %s - ignored\n",
dev->name, len, print_mac(mac, mgmt->sa));
return;
}
if (sdata->type != IEEE80211_IF_TYPE_IBSS &&
memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) {
printk(KERN_DEBUG "%s: authentication frame received from "
"unknown AP (SA=%s BSSID=%s) - "
"ignored\n", dev->name, print_mac(mac, mgmt->sa),
print_mac(mac, mgmt->bssid));
return;
}
if (sdata->type != IEEE80211_IF_TYPE_IBSS &&
memcmp(ifsta->bssid, mgmt->bssid, ETH_ALEN) != 0) {
printk(KERN_DEBUG "%s: authentication frame received from "
"unknown BSSID (SA=%s BSSID=%s) - "
"ignored\n", dev->name, print_mac(mac, mgmt->sa),
print_mac(mac, mgmt->bssid));
return;
}
auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
status_code = le16_to_cpu(mgmt->u.auth.status_code);
printk(KERN_DEBUG "%s: RX authentication from %s (alg=%d "
"transaction=%d status=%d)\n",
dev->name, print_mac(mac, mgmt->sa), auth_alg,
auth_transaction, status_code);
if (sdata->type == IEEE80211_IF_TYPE_IBSS) {
/* IEEE 802.11 standard does not require authentication in IBSS
* networks and most implementations do not seem to use it.
* However, try to reply to authentication attempts if someone
* has actually implemented this.
* TODO: Could implement shared key authentication. */
if (auth_alg != WLAN_AUTH_OPEN || auth_transaction != 1) {
printk(KERN_DEBUG "%s: unexpected IBSS authentication "
"frame (alg=%d transaction=%d)\n",
dev->name, auth_alg, auth_transaction);
return;
}
ieee80211_send_auth(dev, ifsta, 2, NULL, 0, 0);
}
if (auth_alg != ifsta->auth_alg ||
auth_transaction != ifsta->auth_transaction) {
printk(KERN_DEBUG "%s: unexpected authentication frame "
"(alg=%d transaction=%d)\n",
dev->name, auth_alg, auth_transaction);
return;
}
if (status_code != WLAN_STATUS_SUCCESS) {
printk(KERN_DEBUG "%s: AP denied authentication (auth_alg=%d "
"code=%d)\n", dev->name, ifsta->auth_alg, status_code);
if (status_code == WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG) {
u8 algs[3];
const int num_algs = ARRAY_SIZE(algs);
int i, pos;
algs[0] = algs[1] = algs[2] = 0xff;
if (ifsta->auth_algs & IEEE80211_AUTH_ALG_OPEN)
algs[0] = WLAN_AUTH_OPEN;
if (ifsta->auth_algs & IEEE80211_AUTH_ALG_SHARED_KEY)
algs[1] = WLAN_AUTH_SHARED_KEY;
if (ifsta->auth_algs & IEEE80211_AUTH_ALG_LEAP)
algs[2] = WLAN_AUTH_LEAP;
if (ifsta->auth_alg == WLAN_AUTH_OPEN)
pos = 0;
else if (ifsta->auth_alg == WLAN_AUTH_SHARED_KEY)
pos = 1;
else
pos = 2;
for (i = 0; i < num_algs; i++) {
pos++;
if (pos >= num_algs)
pos = 0;
if (algs[pos] == ifsta->auth_alg ||
algs[pos] == 0xff)
continue;
if (algs[pos] == WLAN_AUTH_SHARED_KEY &&
!ieee80211_sta_wep_configured(dev))
continue;
ifsta->auth_alg = algs[pos];
printk(KERN_DEBUG "%s: set auth_alg=%d for "
"next try\n",
dev->name, ifsta->auth_alg);
break;
}
}
return;
}
switch (ifsta->auth_alg) {
case WLAN_AUTH_OPEN:
case WLAN_AUTH_LEAP:
ieee80211_auth_completed(dev, ifsta);
break;
case WLAN_AUTH_SHARED_KEY:
if (ifsta->auth_transaction == 4)
ieee80211_auth_completed(dev, ifsta);
else
ieee80211_auth_challenge(dev, ifsta, mgmt, len);
break;
}
}
static void ieee80211_rx_mgmt_deauth(struct net_device *dev,
struct ieee80211_if_sta *ifsta,
struct ieee80211_mgmt *mgmt,
size_t len)
{
u16 reason_code;
DECLARE_MAC_BUF(mac);
if (len < 24 + 2) {
printk(KERN_DEBUG "%s: too short (%zd) deauthentication frame "
"received from %s - ignored\n",
dev->name, len, print_mac(mac, mgmt->sa));
return;
}
if (memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) {
printk(KERN_DEBUG "%s: deauthentication frame received from "
"unknown AP (SA=%s BSSID=%s) - "
"ignored\n", dev->name, print_mac(mac, mgmt->sa),
print_mac(mac, mgmt->bssid));
return;
}
reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
printk(KERN_DEBUG "%s: RX deauthentication from %s"
" (reason=%d)\n",
dev->name, print_mac(mac, mgmt->sa), reason_code);
if (ifsta->flags & IEEE80211_STA_AUTHENTICATED) {
printk(KERN_DEBUG "%s: deauthenticated\n", dev->name);
}
if (ifsta->state == IEEE80211_AUTHENTICATE ||
ifsta->state == IEEE80211_ASSOCIATE ||
ifsta->state == IEEE80211_ASSOCIATED) {
ifsta->state = IEEE80211_AUTHENTICATE;
mod_timer(&ifsta->timer, jiffies +
IEEE80211_RETRY_AUTH_INTERVAL);
}
ieee80211_set_disassoc(dev, ifsta, 1);
ifsta->flags &= ~IEEE80211_STA_AUTHENTICATED;
}
static void ieee80211_rx_mgmt_disassoc(struct net_device *dev,
struct ieee80211_if_sta *ifsta,
struct ieee80211_mgmt *mgmt,
size_t len)
{
u16 reason_code;
DECLARE_MAC_BUF(mac);
if (len < 24 + 2) {
printk(KERN_DEBUG "%s: too short (%zd) disassociation frame "
"received from %s - ignored\n",
dev->name, len, print_mac(mac, mgmt->sa));
return;
}
if (memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) {
printk(KERN_DEBUG "%s: disassociation frame received from "
"unknown AP (SA=%s BSSID=%s) - "
"ignored\n", dev->name, print_mac(mac, mgmt->sa),
print_mac(mac, mgmt->bssid));
return;
}
reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
printk(KERN_DEBUG "%s: RX disassociation from %s"
" (reason=%d)\n",
dev->name, print_mac(mac, mgmt->sa), reason_code);
if (ifsta->flags & IEEE80211_STA_ASSOCIATED)
printk(KERN_DEBUG "%s: disassociated\n", dev->name);
if (ifsta->state == IEEE80211_ASSOCIATED) {
ifsta->state = IEEE80211_ASSOCIATE;
mod_timer(&ifsta->timer, jiffies +
IEEE80211_RETRY_AUTH_INTERVAL);
}
ieee80211_set_disassoc(dev, ifsta, 0);
}
static void ieee80211_rx_mgmt_assoc_resp(struct net_device *dev,
struct ieee80211_if_sta *ifsta,
struct ieee80211_mgmt *mgmt,
size_t len,
int reassoc)
{
struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
struct ieee80211_hw_mode *mode;
struct sta_info *sta;
u32 rates;
u16 capab_info, status_code, aid;
struct ieee802_11_elems elems;
u8 *pos;
int i, j;
DECLARE_MAC_BUF(mac);
/* AssocResp and ReassocResp have identical structure, so process both
* of them in this function. */
if (ifsta->state != IEEE80211_ASSOCIATE) {
printk(KERN_DEBUG "%s: association frame received from "
"%s, but not in associate state - ignored\n",
dev->name, print_mac(mac, mgmt->sa));
return;
}
if (len < 24 + 6) {
printk(KERN_DEBUG "%s: too short (%zd) association frame "
"received from %s - ignored\n",
dev->name, len, print_mac(mac, mgmt->sa));
return;
}
if (memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) {
printk(KERN_DEBUG "%s: association frame received from "
"unknown AP (SA=%s BSSID=%s) - "
"ignored\n", dev->name, print_mac(mac, mgmt->sa),
print_mac(mac, mgmt->bssid));
return;
}
capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
printk(KERN_DEBUG "%s: RX %sssocResp from %s (capab=0x%x "
"status=%d aid=%d)\n",
dev->name, reassoc ? "Rea" : "A", print_mac(mac, mgmt->sa),
capab_info, status_code, aid & ~(BIT(15) | BIT(14)));
if (status_code != WLAN_STATUS_SUCCESS) {
printk(KERN_DEBUG "%s: AP denied association (code=%d)\n",
dev->name, status_code);
/* if this was a reassociation, ensure we try a "full"
* association next time. This works around some broken APs
* which do not correctly reject reassociation requests. */
ifsta->flags &= ~IEEE80211_STA_PREV_BSSID_SET;
return;
}
if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14)))
printk(KERN_DEBUG "%s: invalid aid value %d; bits 15:14 not "
"set\n", dev->name, aid);
aid &= ~(BIT(15) | BIT(14));
pos = mgmt->u.assoc_resp.variable;
ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
if (!elems.supp_rates) {
printk(KERN_DEBUG "%s: no SuppRates element in AssocResp\n",
dev->name);
return;
}
/* it probably doesn't, but if the frame includes an ERP value then
* update our stored copy */
if (elems.erp_info && elems.erp_info_len >= 1) {
struct ieee80211_sta_bss *bss
= ieee80211_rx_bss_get(dev, ifsta->bssid,
local->hw.conf.channel,
ifsta->ssid, ifsta->ssid_len);
if (bss) {
bss->erp_value = elems.erp_info[0];
bss->has_erp_value = 1;
ieee80211_rx_bss_put(dev, bss);
}
}
printk(KERN_DEBUG "%s: associated\n", dev->name);
ifsta->aid = aid;
ifsta->ap_capab = capab_info;
kfree(ifsta->assocresp_ies);
ifsta->assocresp_ies_len = len - (pos - (u8 *) mgmt);
ifsta->assocresp_ies = kmalloc(ifsta->assocresp_ies_len, GFP_KERNEL);
if (ifsta->assocresp_ies)
memcpy(ifsta->assocresp_ies, pos, ifsta->assocresp_ies_len);
ieee80211_set_associated(dev, ifsta, 1);
/* Add STA entry for the AP */
sta = sta_info_get(local, ifsta->bssid);
if (!sta) {
struct ieee80211_sta_bss *bss;
sta = sta_info_add(local, dev, ifsta->bssid, GFP_KERNEL);
if (!sta) {
printk(KERN_DEBUG "%s: failed to add STA entry for the"
" AP\n", dev->name);
return;
}
bss = ieee80211_rx_bss_get(dev, ifsta->bssid,
local->hw.conf.channel,
ifsta->ssid, ifsta->ssid_len);
if (bss) {
sta->last_rssi = bss->rssi;
sta->last_signal = bss->signal;
sta->last_noise = bss->noise;
ieee80211_rx_bss_put(dev, bss);
}
}
sta->dev = dev;
sta->flags |= WLAN_STA_AUTH | WLAN_STA_ASSOC | WLAN_STA_ASSOC_AP;
rates = 0;
mode = local->oper_hw_mode;
for (i = 0; i < elems.supp_rates_len; i++) {
int rate = (elems.supp_rates[i] & 0x7f) * 5;
for (j = 0; j < mode->num_rates; j++)
if (mode->rates[j].rate == rate)
rates |= BIT(j);
}
for (i = 0; i < elems.ext_supp_rates_len; i++) {
int rate = (elems.ext_supp_rates[i] & 0x7f) * 5;
for (j = 0; j < mode->num_rates; j++)
if (mode->rates[j].rate == rate)
rates |= BIT(j);
}
sta->supp_rates = rates;
#ifdef CONFIG_MAC80211_HT
if (elems.ht_extra_param && elems.ht_cap_param && elems.wmm_param &&
(ifsta->flags & IEEE80211_STA_HT_ENABLED) && local->ops->conf_ht) {
int rc;
rc = local->ops->conf_ht(local_to_hw(local),
(struct ieee80211_ht_capability *)
elems.ht_cap_param,
(struct ieee80211_ht_additional_info *)
elems.ht_extra_param);
if (!rc)
sta->flags |= WLAN_STA_HT;
}
#endif /* CONFIG_MAC80211_HT */
rate_control_rate_init(sta, local);
if (elems.wmm_param && (ifsta->flags & IEEE80211_STA_WMM_ENABLED)) {
sta->flags |= WLAN_STA_WME;
ieee80211_sta_wmm_params(dev, ifsta, elems.wmm_param,
elems.wmm_param_len);
}
sta_info_put(sta);
ieee80211_associated(dev, ifsta);
}
static u32 calculate_mpdu_exchange_time(struct ieee80211_local *local,
struct ieee80211_elem_tspec *tspec)
{
/*
* FIXME: MPDUExchangeTime = duration(Nominal MSDU Size, Min PHY Rate) +
* SIFS + ACK duration
*/
int extra = 0; /* SIFS + ACK */
switch (local->hw.conf.phymode) {
case MODE_IEEE80211A:
extra = 16 + 24;
break;
case MODE_IEEE80211B:
extra = 10 + 203;
break;
case MODE_IEEE80211G:
default:
extra = 10 + 30;
break;
}
return (tspec->nominal_msdu_size * 8) /
(tspec->min_phy_rate / 1000000) + extra;
}
static void sta_update_tspec(struct ieee80211_local *local,
struct ieee80211_if_sta *ifsta,
int action, struct ieee80211_elem_tspec *tspec)
{
u8 tsid = IEEE80211_TSINFO_TSID(tspec->ts_info);
u8 index = ieee80211_ts_index(IEEE80211_TSINFO_DIR(tspec->ts_info));
switch (action) {
case WLAN_ACTION_QOS_ADDTS_RESP:
ifsta->ts_data[tsid][index].status = TS_STATUS_ACTIVE;
ifsta->ts_data[tsid][index].up =
IEEE80211_TSINFO_UP(tspec->ts_info);
ifsta->ts_data[tsid][index].used_time_usec = 0;
ifsta->ts_data[tsid][index].admitted_time_usec +=
ifsta->dot11EDCAAveragingPeriod * tspec->medium_time * 32;
ifsta->MPDUExchangeTime =
calculate_mpdu_exchange_time(local, tspec);
break;
case WLAN_ACTION_QOS_DELTS:
ifsta->ts_data[tsid][index].status = TS_STATUS_INACTIVE;
ifsta->ts_data[tsid][index].used_time_usec = 0;
ifsta->ts_data[tsid][index].admitted_time_usec -=
ifsta->dot11EDCAAveragingPeriod * tspec->medium_time * 32;
if (ifsta->ts_data[tsid][index].admitted_time_usec < 0)
ifsta->ts_data[tsid][index].admitted_time_usec = 0;
ifsta->MPDUExchangeTime = 0;
break;
default:
printk(KERN_ERR "%s: invalid action type %d\n", __FUNCTION__,
action);
break;
}
}
static void sta_parse_tspec(struct net_device *dev,
struct ieee80211_if_sta *ifsta,
struct ieee80211_mgmt *mgmt, size_t len, u8 prefix,
struct ieee80211_elem_tspec *tspec)
{
struct ieee802_11_elems elems;
u8 *pos;
/*
printk(KERN_DEBUG "Dialog_token: %d, TID: %u, Direction: %u, PSB: %d, "
"UP: %d\n", mgmt->u.action.u.wme_action.dialog_token,
IEEE80211_TSINFO_TSID(tspec->ts_info),
IEEE80211_TSINFO_DIR(tspec->ts_info),
IEEE80211_TSINFO_APSD(tspec->ts_info),
IEEE80211_TSINFO_UP(tspec->ts_info));
*/
if (mgmt->u.action.category == WLAN_CATEGORY_QOS)
pos = mgmt->u.action.u.addts_resp.variable + prefix;
else
pos = mgmt->u.action.u.wme_action.variable + prefix;
if (ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems)
== ParseFailed) {
printk(KERN_DEBUG "%s: failed to parse TSPEC\n", dev->name);
return;
}
memcpy(tspec, elems.tspec, sizeof(*tspec));
}
int dls_link_status(struct ieee80211_local *local, u8 *addr)
{
struct sta_info *dls;
int ret = DLS_STATUS_NOLINK;
if ((dls = dls_info_get(local, addr)) != NULL) {
ret = dls->dls_status;
sta_info_put(dls);
}
return ret;
}
static void sta_process_dls_req(struct net_device *dev,
struct ieee80211_if_sta *ifsta,
struct ieee80211_mgmt *mgmt, size_t len)
{
struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
struct sta_info *dls;
u8 *src = mgmt->u.action.u.dls_req.src;
struct ieee802_11_elems elems;
struct ieee80211_rate *rates;
size_t baselen, num_rates;
int i, j;
struct ieee80211_hw_mode *mode;
u32 supp_rates = 0;
printk(KERN_DEBUG "Receive DLS request from "
"%02X:%02X:%02X:%02X:%02X:%02X\n",
src[0], src[1], src[2], src[3], src[4], src[5]);
baselen = (u8 *)mgmt->u.action.u.dls_req.variable - (u8 *)mgmt;
if (baselen > len)
return;
if (ieee802_11_parse_elems(mgmt->u.action.u.dls_req.variable,
len - baselen, &elems) == ParseFailed) {
printk(KERN_ERR "DLS Parse support rates failed.\n");
return;
}
mode = local->sta_scanning ?
local->scan_hw_mode : local->oper_hw_mode;
rates = mode->rates;
num_rates = mode->num_rates;
for (i = 0; i < elems.supp_rates_len + elems.ext_supp_rates_len; i++) {
u8 rate = 0;
if (i < elems.supp_rates_len)
rate = elems.supp_rates[i];
else if (elems.ext_supp_rates)
rate = elems.ext_supp_rates[i - elems.supp_rates_len];
rate = 5 * (rate & 0x7f);
for (j = 0; j < num_rates; j++)
if (rates[j].rate == rate)
supp_rates |= BIT(j);
}
if (supp_rates == 0) {
/* Send DLS failed Response to the peer because
* the supported rates are mismatch */
ieee80211_send_dls_resp(dev, ifsta, src,
WLAN_REASON_QSTA_NOT_USE);
return;
}
dls = dls_info_get(local, src);
if (!dls)
dls = sta_info_add(local, dev, src, GFP_ATOMIC);
if (!dls)
return;
dls->dls_status = DLS_STATUS_OK;
dls->dls_timeout = le16_to_cpu(mgmt->u.action.u.dls_req.timeout);
dls->supp_rates = supp_rates;
/* Send DLS successful Response to the peer */
ieee80211_send_dls_resp(dev, ifsta, src, 0);
}
static void sta_process_dls_resp(struct net_device *dev,
struct ieee80211_if_sta *ifsta,
struct ieee80211_mgmt *mgmt, size_t len)
{
struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
struct sta_info *dls;
u8 *src = mgmt->u.action.u.dls_resp.src;
struct ieee802_11_elems elems;
struct ieee80211_rate *rates;
size_t baselen, num_rates;
int i, j;
struct ieee80211_hw_mode *mode;
u32 supp_rates = 0;
printk(KERN_DEBUG "Receive DLS response from "
"%02X:%02X:%02X:%02X:%02X:%02X\n",
src[0], src[1], src[2], src[3], src[4], src[5]);
if (mgmt->u.action.u.dls_resp.status_code) {
printk(KERN_ERR "DLS setup refused by peer. Reason %d\n",
mgmt->u.action.u.dls_resp.status_code);
return;
}
baselen = (u8 *)mgmt->u.action.u.dls_resp.variable - (u8 *)mgmt;
if (baselen > len)
return;
if (ieee802_11_parse_elems(mgmt->u.action.u.dls_resp.variable,
len - baselen, &elems) == ParseFailed) {
printk(KERN_ERR "DLS Parse support rates failed.\n");
return;
}
mode = local->sta_scanning ?
local->scan_hw_mode : local->oper_hw_mode;
rates = mode->rates;
num_rates = mode->num_rates;
for (i = 0; i < elems.supp_rates_len + elems.ext_supp_rates_len; i++) {
u8 rate = 0;
if (i < elems.supp_rates_len)
rate = elems.supp_rates[i];
else if (elems.ext_supp_rates)
rate = elems.ext_supp_rates[i - elems.supp_rates_len];
rate = 5 * (rate & 0x7f);
for (j = 0; j < num_rates; j++)
if (rates[j].rate == rate)
supp_rates |= BIT(j);
}
dls = dls_info_get(local, src);
if (!dls)
dls = sta_info_add(local, dev, src, GFP_ATOMIC);
if (!dls)
return;
dls->supp_rates = supp_rates;
dls->dls_status = DLS_STATUS_OK;
sta_info_put(dls);
}
static void sta_process_dls_teardown(struct net_device *dev,
struct ieee80211_if_sta *ifsta,
struct ieee80211_mgmt *mgmt, size_t len)
{
struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
u8 *src = mgmt->u.action.u.dls_teardown.src;
struct sta_info *dls;
printk(KERN_DEBUG "DLS Teardown received from "
"%02X:%02X:%02X:%02X:%02X:%02X. Reason %d\n",
src[0], src[1], src[2], src[3], src[4], src[5],
mgmt->u.action.u.dls_teardown.reason_code);
dls = dls_info_get(local, src);
if (dls)
sta_info_free(dls);
return;
}
/* Caller must hold local->sta_bss_lock */
static void __ieee80211_rx_bss_hash_add(struct net_device *dev,
struct ieee80211_sta_bss *bss)
{
struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
bss->hnext = local->sta_bss_hash[STA_HASH(bss->bssid)];
local->sta_bss_hash[STA_HASH(bss->bssid)] = bss;
}
/* Caller must hold local->sta_bss_lock */
static void __ieee80211_rx_bss_hash_del(struct net_device *dev,
struct ieee80211_sta_bss *bss)
{
struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
struct ieee80211_sta_bss *b, *prev = NULL;
b = local->sta_bss_hash[STA_HASH(bss->bssid)];
while (b) {
if (b == bss) {
if (!prev)
local->sta_bss_hash[STA_HASH(bss->bssid)] =
bss->hnext;
else
prev->hnext = bss->hnext;
break;
}
prev = b;
b = b->hnext;
}
}
static struct ieee80211_sta_bss *
ieee80211_rx_bss_add(struct net_device *dev, u8 *bssid, int channel,
u8 *ssid, u8 ssid_len)
{
struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
struct ieee80211_sta_bss *bss;
bss = kzalloc(sizeof(*bss), GFP_ATOMIC);
if (!bss)
return NULL;
atomic_inc(&bss->users);
atomic_inc(&bss->users);
memcpy(bss->bssid, bssid, ETH_ALEN);
bss->channel = channel;
if (ssid && ssid_len <= IEEE80211_MAX_SSID_LEN) {
memcpy(bss->ssid, ssid, ssid_len);
bss->ssid_len = ssid_len;
}
spin_lock_bh(&local->sta_bss_lock);
/* TODO: order by RSSI? */
list_add_tail(&bss->list, &local->sta_bss_list);
__ieee80211_rx_bss_hash_add(dev, bss);
spin_unlock_bh(&local->sta_bss_lock);
return bss;
}
static struct ieee80211_sta_bss *
ieee80211_rx_bss_get(struct net_device *dev, u8 *bssid, int channel,
u8 *ssid, u8 ssid_len)
{
struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
struct ieee80211_sta_bss *bss;
spin_lock_bh(&local->sta_bss_lock);
bss = local->sta_bss_hash[STA_HASH(bssid)];
while (bss) {
if (!memcmp(bss->bssid, bssid, ETH_ALEN) &&
bss->channel == channel &&
bss->ssid_len == ssid_len &&
(ssid_len == 0 || !memcmp(bss->ssid, ssid, ssid_len))) {
atomic_inc(&bss->users);
break;
}
bss = bss->hnext;
}
spin_unlock_bh(&local->sta_bss_lock);
return bss;
}
static void ieee80211_rx_bss_free(struct ieee80211_sta_bss *bss)
{
kfree(bss->wpa_ie);
kfree(bss->rsn_ie);
kfree(bss->wmm_ie);
kfree(bss->ht_ie);
kfree(bss);
}
static void ieee80211_rx_bss_put(struct net_device *dev,
struct ieee80211_sta_bss *bss)
{
struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
if (!atomic_dec_and_test(&bss->users))
return;
spin_lock_bh(&local->sta_bss_lock);
__ieee80211_rx_bss_hash_del(dev, bss);
list_del(&bss->list);
spin_unlock_bh(&local->sta_bss_lock);
ieee80211_rx_bss_free(bss);
}
void ieee80211_rx_bss_list_init(struct net_device *dev)
{
struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
spin_lock_init(&local->sta_bss_lock);
INIT_LIST_HEAD(&local->sta_bss_list);
}
void ieee80211_rx_bss_list_deinit(struct net_device *dev)
{
struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
struct ieee80211_sta_bss *bss, *tmp;
list_for_each_entry_safe(bss, tmp, &local->sta_bss_list, list)
ieee80211_rx_bss_put(dev, bss);
}
static void ieee80211_rx_bss_info(struct net_device *dev,
struct ieee80211_mgmt *mgmt,
size_t len,
struct ieee80211_rx_status *rx_status,
int beacon)
{
struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
struct ieee802_11_elems elems;
size_t baselen;
int channel, clen;
struct ieee80211_sta_bss *bss;
struct sta_info *sta;
struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
u64 timestamp;
DECLARE_MAC_BUF(mac);
DECLARE_MAC_BUF(mac2);
if (!beacon && memcmp(mgmt->da, dev->dev_addr, ETH_ALEN))
return; /* ignore ProbeResp to foreign address */
#if 0
printk(KERN_DEBUG "%s: RX %s from %s to %s\n",
dev->name, beacon ? "Beacon" : "Probe Response",
print_mac(mac, mgmt->sa), print_mac(mac2, mgmt->da));
#endif
baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
if (baselen > len)
return;
timestamp = le64_to_cpu(mgmt->u.beacon.timestamp);
if (sdata->type == IEEE80211_IF_TYPE_IBSS && beacon &&
memcmp(mgmt->bssid, sdata->u.sta.bssid, ETH_ALEN) == 0) {
#ifdef CONFIG_MAC80211_IBSS_DEBUG
static unsigned long last_tsf_debug = 0;
u64 tsf;
if (local->ops->get_tsf)
tsf = local->ops->get_tsf(local_to_hw(local));
else
tsf = -1LLU;
if (time_after(jiffies, last_tsf_debug + 5 * HZ)) {
printk(KERN_DEBUG "RX beacon SA=%s BSSID="
"%s TSF=0x%llx BCN=0x%llx diff=%lld "
"@%lu\n",
print_mac(mac, mgmt->sa), print_mac(mac2, mgmt->bssid),
(unsigned long long)tsf,
(unsigned long long)timestamp,
(unsigned long long)(tsf - timestamp),
jiffies);
last_tsf_debug = jiffies;
}
#endif /* CONFIG_MAC80211_IBSS_DEBUG */
}
ieee802_11_parse_elems(mgmt->u.beacon.variable, len - baselen, &elems);
if (sdata->type == IEEE80211_IF_TYPE_IBSS && elems.supp_rates &&
memcmp(mgmt->bssid, sdata->u.sta.bssid, ETH_ALEN) == 0 &&
(sta = sta_info_get(local, mgmt->sa))) {
struct ieee80211_hw_mode *mode;
struct ieee80211_rate *rates;
size_t num_rates;
u32 supp_rates, prev_rates;
int i, j;
mode = local->sta_scanning ?
local->scan_hw_mode : local->oper_hw_mode;
rates = mode->rates;
num_rates = mode->num_rates;
supp_rates = 0;
for (i = 0; i < elems.supp_rates_len +
elems.ext_supp_rates_len; i++) {
u8 rate = 0;
int own_rate;
if (i < elems.supp_rates_len)
rate = elems.supp_rates[i];
else if (elems.ext_supp_rates)
rate = elems.ext_supp_rates
[i - elems.supp_rates_len];
own_rate = 5 * (rate & 0x7f);
for (j = 0; j < num_rates; j++)
if (rates[j].rate == own_rate)
supp_rates |= BIT(j);
}
prev_rates = sta->supp_rates;
sta->supp_rates &= supp_rates;
if (sta->supp_rates == 0) {
/* No matching rates - this should not really happen.
* Make sure that at least one rate is marked
* supported to avoid issues with TX rate ctrl. */
sta->supp_rates = sdata->u.sta.supp_rates_bits;
}
if (sta->supp_rates != prev_rates) {
printk(KERN_DEBUG "%s: updated supp_rates set for "
"%s based on beacon info (0x%x & 0x%x -> "
"0x%x)\n",
dev->name, print_mac(mac, sta->addr), prev_rates,
supp_rates, sta->supp_rates);
}
sta_info_put(sta);
}
if (!elems.ssid)
return;
if (elems.ds_params && elems.ds_params_len == 1)
channel = elems.ds_params[0];
else
channel = rx_status->channel;
bss = ieee80211_rx_bss_get(dev, mgmt->bssid, channel,
elems.ssid, elems.ssid_len);
if (!bss) {
bss = ieee80211_rx_bss_add(dev, mgmt->bssid, channel,
elems.ssid, elems.ssid_len);
if (!bss)
return;
} else {
#if 0
/* TODO: order by RSSI? */
spin_lock_bh(&local->sta_bss_lock);
list_move_tail(&bss->list, &local->sta_bss_list);
spin_unlock_bh(&local->sta_bss_lock);
#endif
}
if (bss->probe_resp && beacon) {
/* Do not allow beacon to override data from Probe Response. */
ieee80211_rx_bss_put(dev, bss);
return;
}
/* save the ERP value so that it is available at association time */
if (elems.erp_info && elems.erp_info_len >= 1) {
bss->erp_value = elems.erp_info[0];
bss->has_erp_value = 1;
}
bss->beacon_int = le16_to_cpu(mgmt->u.beacon.beacon_int);
bss->capability = le16_to_cpu(mgmt->u.beacon.capab_info);
bss->supp_rates_len = 0;
if (elems.supp_rates) {
clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len;
if (clen > elems.supp_rates_len)
clen = elems.supp_rates_len;
memcpy(&bss->supp_rates[bss->supp_rates_len], elems.supp_rates,
clen);
bss->supp_rates_len += clen;
}
if (elems.ext_supp_rates) {
clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len;
if (clen > elems.ext_supp_rates_len)
clen = elems.ext_supp_rates_len;
memcpy(&bss->supp_rates[bss->supp_rates_len],
elems.ext_supp_rates, clen);
bss->supp_rates_len += clen;
}
if (elems.wpa &&
(!bss->wpa_ie || bss->wpa_ie_len != elems.wpa_len ||
memcmp(bss->wpa_ie, elems.wpa, elems.wpa_len))) {
kfree(bss->wpa_ie);
bss->wpa_ie = kmalloc(elems.wpa_len + 2, GFP_ATOMIC);
if (bss->wpa_ie) {
memcpy(bss->wpa_ie, elems.wpa - 2, elems.wpa_len + 2);
bss->wpa_ie_len = elems.wpa_len + 2;
} else
bss->wpa_ie_len = 0;
} else if (!elems.wpa && bss->wpa_ie) {
kfree(bss->wpa_ie);
bss->wpa_ie = NULL;
bss->wpa_ie_len = 0;
}
if (elems.rsn &&
(!bss->rsn_ie || bss->rsn_ie_len != elems.rsn_len ||
memcmp(bss->rsn_ie, elems.rsn, elems.rsn_len))) {
kfree(bss->rsn_ie);
bss->rsn_ie = kmalloc(elems.rsn_len + 2, GFP_ATOMIC);
if (bss->rsn_ie) {
memcpy(bss->rsn_ie, elems.rsn - 2, elems.rsn_len + 2);
bss->rsn_ie_len = elems.rsn_len + 2;
} else
bss->rsn_ie_len = 0;
} else if (!elems.rsn && bss->rsn_ie) {
kfree(bss->rsn_ie);
bss->rsn_ie = NULL;
bss->rsn_ie_len = 0;
}
if (elems.wmm_param &&
(!bss->wmm_ie || bss->wmm_ie_len != elems.wmm_param_len ||
memcmp(bss->wmm_ie, elems.wmm_param, elems.wmm_param_len))) {
kfree(bss->wmm_ie);
bss->wmm_ie = kmalloc(elems.wmm_param_len + 2, GFP_ATOMIC);
if (bss->wmm_ie) {
memcpy(bss->wmm_ie, elems.wmm_param - 2,
elems.wmm_param_len + 2);
bss->wmm_ie_len = elems.wmm_param_len + 2;
} else
bss->wmm_ie_len = 0;
} else if (!elems.wmm_param && bss->wmm_ie) {
kfree(bss->wmm_ie);
bss->wmm_ie = NULL;
bss->wmm_ie_len = 0;
}
if (elems.ht_cap_param &&
(!bss->ht_ie || bss->ht_ie_len != elems.ht_cap_param_len ||
memcmp(bss->ht_ie, elems.ht_cap_param, elems.ht_cap_param_len))) {
if (bss->ht_ie)
kfree(bss->ht_ie);
bss->ht_ie = kmalloc(elems.ht_cap_param_len + 2, GFP_ATOMIC);
if (bss->ht_ie) {
memcpy(bss->ht_ie, elems.ht_cap_param - 2,
elems.ht_cap_param_len + 2);
bss->ht_ie_len = elems.ht_cap_param_len + 2;
} else
bss->ht_ie_len = 0;
} else if (!elems.ht_cap_param && bss->ht_ie) {
kfree(bss->ht_ie);
bss->ht_ie = NULL;
bss->ht_ie_len = 0;
}
bss->hw_mode = rx_status->phymode;
bss->freq = rx_status->freq;
if (channel != rx_status->channel &&
(bss->hw_mode == MODE_IEEE80211G ||
bss->hw_mode == MODE_IEEE80211B) &&
channel >= 1 && channel <= 14) {
static const int freq_list[] = {
2412, 2417, 2422, 2427, 2432, 2437, 2442,
2447, 2452, 2457, 2462, 2467, 2472, 2484
};
/* IEEE 802.11g/b mode can receive packets from neighboring
* channels, so map the channel into frequency. */
bss->freq = freq_list[channel - 1];
}
bss->timestamp = timestamp;
bss->last_update = jiffies;
bss->rssi = rx_status->ssi;
bss->signal = rx_status->signal;
bss->noise = rx_status->noise;
if (!beacon)
bss->probe_resp++;
ieee80211_rx_bss_put(dev, bss);
}
static void ieee80211_rx_mgmt_probe_resp(struct net_device *dev,
struct ieee80211_mgmt *mgmt,
size_t len,
struct ieee80211_rx_status *rx_status)
{
ieee80211_rx_bss_info(dev, mgmt, len, rx_status, 0);
}
static void ieee80211_rx_mgmt_beacon(struct net_device *dev,
struct ieee80211_mgmt *mgmt,
size_t len,
struct ieee80211_rx_status *rx_status)
{
struct ieee80211_sub_if_data *sdata;
struct ieee80211_if_sta *ifsta;
size_t baselen;
struct ieee802_11_elems elems;
ieee80211_rx_bss_info(dev, mgmt, len, rx_status, 1);
sdata = IEEE80211_DEV_TO_SUB_IF(dev);
if (sdata->type != IEEE80211_IF_TYPE_STA)
return;
ifsta = &sdata->u.sta;
if (!(ifsta->flags & IEEE80211_STA_ASSOCIATED) ||
memcmp(ifsta->bssid, mgmt->bssid, ETH_ALEN) != 0)
return;
/* Process beacon from the current BSS */
baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
if (baselen > len)
return;
ieee802_11_parse_elems(mgmt->u.beacon.variable, len - baselen, &elems);
if (elems.erp_info && elems.erp_info_len >= 1)
ieee80211_handle_erp_ie(dev, elems.erp_info[0]);
if (elems.wmm_param && (ifsta->flags & IEEE80211_STA_WMM_ENABLED)) {
ieee80211_sta_wmm_params(dev, ifsta, elems.wmm_param,
elems.wmm_param_len);
}
}
static void ieee80211_rx_mgmt_probe_req(struct net_device *dev,
struct ieee80211_if_sta *ifsta,
struct ieee80211_mgmt *mgmt,
size_t len,
struct ieee80211_rx_status *rx_status)
{
struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
int tx_last_beacon;
struct sk_buff *skb;
struct ieee80211_mgmt *resp;
u8 *pos, *end;
DECLARE_MAC_BUF(mac);
#ifdef CONFIG_MAC80211_IBSS_DEBUG
DECLARE_MAC_BUF(mac2);
DECLARE_MAC_BUF(mac3);
#endif
if (sdata->type != IEEE80211_IF_TYPE_IBSS ||
ifsta->state != IEEE80211_IBSS_JOINED ||
len < 24 + 2 || !ifsta->probe_resp)
return;
if (local->ops->tx_last_beacon)
tx_last_beacon = local->ops->tx_last_beacon(local_to_hw(local));
else
tx_last_beacon = 1;
#ifdef CONFIG_MAC80211_IBSS_DEBUG
printk(KERN_DEBUG "%s: RX ProbeReq SA=%s DA=%s BSSID="
"%s (tx_last_beacon=%d)\n",
dev->name, print_mac(mac, mgmt->sa), print_mac(mac2, mgmt->da),
print_mac(mac3, mgmt->bssid), tx_last_beacon);
#endif /* CONFIG_MAC80211_IBSS_DEBUG */
if (!tx_last_beacon)
return;
if (memcmp(mgmt->bssid, ifsta->bssid, ETH_ALEN) != 0 &&
memcmp(mgmt->bssid, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) != 0)
return;
end = ((u8 *) mgmt) + len;
pos = mgmt->u.probe_req.variable;
if (pos[0] != WLAN_EID_SSID ||
pos + 2 + pos[1] > end) {
if (net_ratelimit()) {
printk(KERN_DEBUG "%s: Invalid SSID IE in ProbeReq "
"from %s\n",
dev->name, print_mac(mac, mgmt->sa));
}
return;
}
if (pos[1] != 0 &&
(pos[1] != ifsta->ssid_len ||
memcmp(pos + 2, ifsta->ssid, ifsta->ssid_len) != 0)) {
/* Ignore ProbeReq for foreign SSID */
return;
}
/* Reply with ProbeResp */
skb = skb_copy(ifsta->probe_resp, GFP_KERNEL);
if (!skb)
return;
resp = (struct ieee80211_mgmt *) skb->data;
memcpy(resp->da, mgmt->sa, ETH_ALEN);
#ifdef CONFIG_MAC80211_IBSS_DEBUG
printk(KERN_DEBUG "%s: Sending ProbeResp to %s\n",
dev->name, print_mac(mac, resp->da));
#endif /* CONFIG_MAC80211_IBSS_DEBUG */
ieee80211_sta_tx(dev, skb, 0);
}
#ifdef CONFIG_MAC80211_HT
static void ieee80211_send_addba_resp(struct net_device *dev,
struct ieee80211_mgmt *mgmt_src,
size_t len,
u16 status)
{
struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
struct ieee80211_if_sta *ifsta = &sdata->u.sta;
struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);