diff options
| author | Johannes Berg <johannes@sipsolutions.net> | 2008-10-30 17:09:54 -0400 |
|---|---|---|
| committer | John W. Linville <linville@tuxdriver.com> | 2008-11-10 15:11:56 -0500 |
| commit | 2c706002fc147decdba2658ea48e4436faca3af2 (patch) | |
| tree | 3e515fa59e6f7de045579f103cba09cd05293de7 /drivers/net/wireless/libertas | |
| parent | 9b1fbae4b242cf86a878771eb59dc600dde72ec8 (diff) | |
don't use net/ieee80211.h
Convert all the drivers using net/ieee80211.h to use linux/ieee80211.h.
Contains a bugfix in libertas where the SSID parsing could overrun the
buffer when the AP sends invalid information.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Dan Williams <dcbw@redhat.com> [airo, libertas]
Acked-by: Pavel Roskin <proski@gnu.org> [orinoco]
Acked-by: David Kilroy <kilroyd@googlemail.com> [orinoco]
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'drivers/net/wireless/libertas')
| -rw-r--r-- | drivers/net/wireless/libertas/assoc.c | 18 | ||||
| -rw-r--r-- | drivers/net/wireless/libertas/cmd.c | 5 | ||||
| -rw-r--r-- | drivers/net/wireless/libertas/dev.h | 7 | ||||
| -rw-r--r-- | drivers/net/wireless/libertas/main.c | 3 | ||||
| -rw-r--r-- | drivers/net/wireless/libertas/persistcfg.c | 2 | ||||
| -rw-r--r-- | drivers/net/wireless/libertas/scan.c | 77 | ||||
| -rw-r--r-- | drivers/net/wireless/libertas/scan.h | 4 | ||||
| -rw-r--r-- | drivers/net/wireless/libertas/types.h | 5 | ||||
| -rw-r--r-- | drivers/net/wireless/libertas/wext.c | 1 |
9 files changed, 65 insertions, 57 deletions
diff --git a/drivers/net/wireless/libertas/assoc.c b/drivers/net/wireless/libertas/assoc.c index 92863780286f..a0e440cd8967 100644 --- a/drivers/net/wireless/libertas/assoc.c +++ b/drivers/net/wireless/libertas/assoc.c | |||
| @@ -2,6 +2,8 @@ | |||
| 2 | 2 | ||
| 3 | #include <linux/types.h> | 3 | #include <linux/types.h> |
| 4 | #include <linux/etherdevice.h> | 4 | #include <linux/etherdevice.h> |
| 5 | #include <linux/ieee80211.h> | ||
| 6 | #include <linux/if_arp.h> | ||
| 5 | #include <net/lib80211.h> | 7 | #include <net/lib80211.h> |
| 6 | 8 | ||
| 7 | #include "assoc.h" | 9 | #include "assoc.h" |
| @@ -341,12 +343,12 @@ static int lbs_adhoc_start(struct lbs_private *priv, | |||
| 341 | WARN_ON(!assoc_req->channel); | 343 | WARN_ON(!assoc_req->channel); |
| 342 | 344 | ||
| 343 | /* set Physical parameter set */ | 345 | /* set Physical parameter set */ |
| 344 | cmd.phyparamset.dsparamset.elementid = MFIE_TYPE_DS_SET; | 346 | cmd.phyparamset.dsparamset.elementid = WLAN_EID_DS_PARAMS; |
| 345 | cmd.phyparamset.dsparamset.len = 1; | 347 | cmd.phyparamset.dsparamset.len = 1; |
| 346 | cmd.phyparamset.dsparamset.currentchan = assoc_req->channel; | 348 | cmd.phyparamset.dsparamset.currentchan = assoc_req->channel; |
| 347 | 349 | ||
| 348 | /* set IBSS parameter set */ | 350 | /* set IBSS parameter set */ |
| 349 | cmd.ssparamset.ibssparamset.elementid = MFIE_TYPE_IBSS_SET; | 351 | cmd.ssparamset.ibssparamset.elementid = WLAN_EID_IBSS_PARAMS; |
| 350 | cmd.ssparamset.ibssparamset.len = 2; | 352 | cmd.ssparamset.ibssparamset.len = 2; |
| 351 | cmd.ssparamset.ibssparamset.atimwindow = 0; | 353 | cmd.ssparamset.ibssparamset.atimwindow = 0; |
| 352 | 354 | ||
| @@ -430,8 +432,8 @@ static inline int match_bss_no_security(struct lbs_802_11_security *secinfo, | |||
| 430 | { | 432 | { |
| 431 | if (!secinfo->wep_enabled && !secinfo->WPAenabled | 433 | if (!secinfo->wep_enabled && !secinfo->WPAenabled |
| 432 | && !secinfo->WPA2enabled | 434 | && !secinfo->WPA2enabled |
| 433 | && match_bss->wpa_ie[0] != MFIE_TYPE_GENERIC | 435 | && match_bss->wpa_ie[0] != WLAN_EID_GENERIC |
| 434 | && match_bss->rsn_ie[0] != MFIE_TYPE_RSN | 436 | && match_bss->rsn_ie[0] != WLAN_EID_RSN |
| 435 | && !(match_bss->capability & WLAN_CAPABILITY_PRIVACY)) | 437 | && !(match_bss->capability & WLAN_CAPABILITY_PRIVACY)) |
| 436 | return 1; | 438 | return 1; |
| 437 | else | 439 | else |
| @@ -453,7 +455,7 @@ static inline int match_bss_wpa(struct lbs_802_11_security *secinfo, | |||
| 453 | struct bss_descriptor *match_bss) | 455 | struct bss_descriptor *match_bss) |
| 454 | { | 456 | { |
| 455 | if (!secinfo->wep_enabled && secinfo->WPAenabled | 457 | if (!secinfo->wep_enabled && secinfo->WPAenabled |
| 456 | && (match_bss->wpa_ie[0] == MFIE_TYPE_GENERIC) | 458 | && (match_bss->wpa_ie[0] == WLAN_EID_GENERIC) |
| 457 | /* privacy bit may NOT be set in some APs like LinkSys WRT54G | 459 | /* privacy bit may NOT be set in some APs like LinkSys WRT54G |
| 458 | && (match_bss->capability & WLAN_CAPABILITY_PRIVACY) */ | 460 | && (match_bss->capability & WLAN_CAPABILITY_PRIVACY) */ |
| 459 | ) | 461 | ) |
| @@ -466,7 +468,7 @@ static inline int match_bss_wpa2(struct lbs_802_11_security *secinfo, | |||
| 466 | struct bss_descriptor *match_bss) | 468 | struct bss_descriptor *match_bss) |
| 467 | { | 469 | { |
| 468 | if (!secinfo->wep_enabled && secinfo->WPA2enabled && | 470 | if (!secinfo->wep_enabled && secinfo->WPA2enabled && |
| 469 | (match_bss->rsn_ie[0] == MFIE_TYPE_RSN) | 471 | (match_bss->rsn_ie[0] == WLAN_EID_RSN) |
| 470 | /* privacy bit may NOT be set in some APs like LinkSys WRT54G | 472 | /* privacy bit may NOT be set in some APs like LinkSys WRT54G |
| 471 | (match_bss->capability & WLAN_CAPABILITY_PRIVACY) */ | 473 | (match_bss->capability & WLAN_CAPABILITY_PRIVACY) */ |
| 472 | ) | 474 | ) |
| @@ -480,8 +482,8 @@ static inline int match_bss_dynamic_wep(struct lbs_802_11_security *secinfo, | |||
| 480 | { | 482 | { |
| 481 | if (!secinfo->wep_enabled && !secinfo->WPAenabled | 483 | if (!secinfo->wep_enabled && !secinfo->WPAenabled |
| 482 | && !secinfo->WPA2enabled | 484 | && !secinfo->WPA2enabled |
| 483 | && (match_bss->wpa_ie[0] != MFIE_TYPE_GENERIC) | 485 | && (match_bss->wpa_ie[0] != WLAN_EID_GENERIC) |
| 484 | && (match_bss->rsn_ie[0] != MFIE_TYPE_RSN) | 486 | && (match_bss->rsn_ie[0] != WLAN_EID_RSN) |
| 485 | && (match_bss->capability & WLAN_CAPABILITY_PRIVACY)) | 487 | && (match_bss->capability & WLAN_CAPABILITY_PRIVACY)) |
| 486 | return 1; | 488 | return 1; |
| 487 | else | 489 | else |
diff --git a/drivers/net/wireless/libertas/cmd.c b/drivers/net/wireless/libertas/cmd.c index 38843c8b919c..957fd5a10a8d 100644 --- a/drivers/net/wireless/libertas/cmd.c +++ b/drivers/net/wireless/libertas/cmd.c | |||
| @@ -5,7 +5,6 @@ | |||
| 5 | 5 | ||
| 6 | #include <net/iw_handler.h> | 6 | #include <net/iw_handler.h> |
| 7 | #include <net/lib80211.h> | 7 | #include <net/lib80211.h> |
| 8 | #include <net/ieee80211.h> | ||
| 9 | #include <linux/kfifo.h> | 8 | #include <linux/kfifo.h> |
| 10 | #include "host.h" | 9 | #include "host.h" |
| 11 | #include "hostcmd.h" | 10 | #include "hostcmd.h" |
| @@ -1071,7 +1070,7 @@ int lbs_mesh_config(struct lbs_private *priv, uint16_t action, uint16_t chan) | |||
| 1071 | 1070 | ||
| 1072 | switch (action) { | 1071 | switch (action) { |
| 1073 | case CMD_ACT_MESH_CONFIG_START: | 1072 | case CMD_ACT_MESH_CONFIG_START: |
| 1074 | ie->hdr.id = MFIE_TYPE_GENERIC; | 1073 | ie->id = WLAN_EID_GENERIC; |
| 1075 | ie->val.oui[0] = 0x00; | 1074 | ie->val.oui[0] = 0x00; |
| 1076 | ie->val.oui[1] = 0x50; | 1075 | ie->val.oui[1] = 0x50; |
| 1077 | ie->val.oui[2] = 0x43; | 1076 | ie->val.oui[2] = 0x43; |
| @@ -1083,7 +1082,7 @@ int lbs_mesh_config(struct lbs_private *priv, uint16_t action, uint16_t chan) | |||
| 1083 | ie->val.mesh_capability = MARVELL_MESH_CAPABILITY; | 1082 | ie->val.mesh_capability = MARVELL_MESH_CAPABILITY; |
| 1084 | ie->val.mesh_id_len = priv->mesh_ssid_len; | 1083 | ie->val.mesh_id_len = priv->mesh_ssid_len; |
| 1085 | memcpy(ie->val.mesh_id, priv->mesh_ssid, priv->mesh_ssid_len); | 1084 | memcpy(ie->val.mesh_id, priv->mesh_ssid, priv->mesh_ssid_len); |
| 1086 | ie->hdr.len = sizeof(struct mrvl_meshie_val) - | 1085 | ie->len = sizeof(struct mrvl_meshie_val) - |
| 1087 | IW_ESSID_MAX_SIZE + priv->mesh_ssid_len; | 1086 | IW_ESSID_MAX_SIZE + priv->mesh_ssid_len; |
| 1088 | cmd.length = cpu_to_le16(sizeof(struct mrvl_meshie_val)); | 1087 | cmd.length = cpu_to_le16(sizeof(struct mrvl_meshie_val)); |
| 1089 | break; | 1088 | break; |
diff --git a/drivers/net/wireless/libertas/dev.h b/drivers/net/wireless/libertas/dev.h index f6f3753da303..dd682c4cfde8 100644 --- a/drivers/net/wireless/libertas/dev.h +++ b/drivers/net/wireless/libertas/dev.h | |||
| @@ -10,7 +10,6 @@ | |||
| 10 | #include <linux/wireless.h> | 10 | #include <linux/wireless.h> |
| 11 | #include <linux/ethtool.h> | 11 | #include <linux/ethtool.h> |
| 12 | #include <linux/debugfs.h> | 12 | #include <linux/debugfs.h> |
| 13 | #include <net/ieee80211.h> | ||
| 14 | 13 | ||
| 15 | #include "defs.h" | 14 | #include "defs.h" |
| 16 | #include "hostcmd.h" | 15 | #include "hostcmd.h" |
| @@ -278,6 +277,12 @@ struct lbs_private { | |||
| 278 | struct enc_key wpa_mcast_key; | 277 | struct enc_key wpa_mcast_key; |
| 279 | struct enc_key wpa_unicast_key; | 278 | struct enc_key wpa_unicast_key; |
| 280 | 279 | ||
| 280 | /* | ||
| 281 | * In theory, the IE is limited to the IE length, 255, | ||
| 282 | * but in practice 64 bytes are enough. | ||
| 283 | */ | ||
| 284 | #define MAX_WPA_IE_LEN 64 | ||
| 285 | |||
| 281 | /** WPA Information Elements*/ | 286 | /** WPA Information Elements*/ |
| 282 | u8 wpa_ie[MAX_WPA_IE_LEN]; | 287 | u8 wpa_ie[MAX_WPA_IE_LEN]; |
| 283 | u8 wpa_ie_len; | 288 | u8 wpa_ie_len; |
diff --git a/drivers/net/wireless/libertas/main.c b/drivers/net/wireless/libertas/main.c index 7a1e8b62abf4..241af7fe44bb 100644 --- a/drivers/net/wireless/libertas/main.c +++ b/drivers/net/wireless/libertas/main.c | |||
| @@ -12,9 +12,8 @@ | |||
| 12 | #include <linux/kthread.h> | 12 | #include <linux/kthread.h> |
| 13 | #include <linux/kfifo.h> | 13 | #include <linux/kfifo.h> |
| 14 | #include <linux/stddef.h> | 14 | #include <linux/stddef.h> |
| 15 | 15 | #include <linux/ieee80211.h> | |
| 16 | #include <net/iw_handler.h> | 16 | #include <net/iw_handler.h> |
| 17 | #include <net/ieee80211.h> | ||
| 18 | 17 | ||
| 19 | #include "host.h" | 18 | #include "host.h" |
| 20 | #include "decl.h" | 19 | #include "decl.h" |
diff --git a/drivers/net/wireless/libertas/persistcfg.c b/drivers/net/wireless/libertas/persistcfg.c index 3309a9c3cfef..56e2401cc768 100644 --- a/drivers/net/wireless/libertas/persistcfg.c +++ b/drivers/net/wireless/libertas/persistcfg.c | |||
| @@ -233,7 +233,7 @@ static ssize_t mesh_id_set(struct device *dev, struct device_attribute *attr, | |||
| 233 | /* SSID len */ | 233 | /* SSID len */ |
| 234 | ie->val.mesh_id_len = len; | 234 | ie->val.mesh_id_len = len; |
| 235 | /* IE len */ | 235 | /* IE len */ |
| 236 | ie->hdr.len = sizeof(struct mrvl_meshie_val) - IW_ESSID_MAX_SIZE + len; | 236 | ie->len = sizeof(struct mrvl_meshie_val) - IW_ESSID_MAX_SIZE + len; |
| 237 | 237 | ||
| 238 | ret = lbs_mesh_config_send(priv, &cmd, CMD_ACT_MESH_CONFIG_SET, | 238 | ret = lbs_mesh_config_send(priv, &cmd, CMD_ACT_MESH_CONFIG_SET, |
| 239 | CMD_TYPE_MESH_SET_MESH_IE); | 239 | CMD_TYPE_MESH_SET_MESH_IE); |
diff --git a/drivers/net/wireless/libertas/scan.c b/drivers/net/wireless/libertas/scan.c index 5c34ac588189..93f74763a010 100644 --- a/drivers/net/wireless/libertas/scan.c +++ b/drivers/net/wireless/libertas/scan.c | |||
| @@ -6,8 +6,8 @@ | |||
| 6 | */ | 6 | */ |
| 7 | #include <linux/types.h> | 7 | #include <linux/types.h> |
| 8 | #include <linux/etherdevice.h> | 8 | #include <linux/etherdevice.h> |
| 9 | #include <linux/if_arp.h> | ||
| 9 | #include <asm/unaligned.h> | 10 | #include <asm/unaligned.h> |
| 10 | |||
| 11 | #include <net/lib80211.h> | 11 | #include <net/lib80211.h> |
| 12 | 12 | ||
| 13 | #include "host.h" | 13 | #include "host.h" |
| @@ -55,6 +55,8 @@ | |||
| 55 | //! Scan time specified in the channel TLV for each channel for active scans | 55 | //! Scan time specified in the channel TLV for each channel for active scans |
| 56 | #define MRVDRV_ACTIVE_SCAN_CHAN_TIME 100 | 56 | #define MRVDRV_ACTIVE_SCAN_CHAN_TIME 100 |
| 57 | 57 | ||
| 58 | #define DEFAULT_MAX_SCAN_AGE (15 * HZ) | ||
| 59 | |||
| 58 | static int lbs_ret_80211_scan(struct lbs_private *priv, unsigned long dummy, | 60 | static int lbs_ret_80211_scan(struct lbs_private *priv, unsigned long dummy, |
| 59 | struct cmd_header *resp); | 61 | struct cmd_header *resp); |
| 60 | 62 | ||
| @@ -591,38 +593,36 @@ static int lbs_process_bss(struct bss_descriptor *bss, | |||
| 591 | 593 | ||
| 592 | /* process variable IE */ | 594 | /* process variable IE */ |
| 593 | while (pos <= end - 2) { | 595 | while (pos <= end - 2) { |
| 594 | struct ieee80211_info_element * elem = (void *)pos; | 596 | if (pos + pos[1] > end) { |
| 595 | |||
| 596 | if (pos + elem->len > end) { | ||
| 597 | lbs_deb_scan("process_bss: error in processing IE, " | 597 | lbs_deb_scan("process_bss: error in processing IE, " |
| 598 | "bytes left < IE length\n"); | 598 | "bytes left < IE length\n"); |
| 599 | break; | 599 | break; |
| 600 | } | 600 | } |
| 601 | 601 | ||
| 602 | switch (elem->id) { | 602 | switch (pos[0]) { |
| 603 | case MFIE_TYPE_SSID: | 603 | case WLAN_EID_SSID: |
| 604 | bss->ssid_len = min_t(int, 32, elem->len); | 604 | bss->ssid_len = min_t(int, IEEE80211_MAX_SSID_LEN, pos[1]); |
| 605 | memcpy(bss->ssid, elem->data, bss->ssid_len); | 605 | memcpy(bss->ssid, pos + 2, bss->ssid_len); |
| 606 | lbs_deb_scan("got SSID IE: '%s', len %u\n", | 606 | lbs_deb_scan("got SSID IE: '%s', len %u\n", |
| 607 | print_ssid(ssid, bss->ssid, bss->ssid_len), | 607 | print_ssid(ssid, bss->ssid, bss->ssid_len), |
| 608 | bss->ssid_len); | 608 | bss->ssid_len); |
| 609 | break; | 609 | break; |
| 610 | 610 | ||
| 611 | case MFIE_TYPE_RATES: | 611 | case WLAN_EID_SUPP_RATES: |
| 612 | n_basic_rates = min_t(uint8_t, MAX_RATES, elem->len); | 612 | n_basic_rates = min_t(uint8_t, MAX_RATES, pos[1]); |
| 613 | memcpy(bss->rates, elem->data, n_basic_rates); | 613 | memcpy(bss->rates, pos + 2, n_basic_rates); |
| 614 | got_basic_rates = 1; | 614 | got_basic_rates = 1; |
| 615 | lbs_deb_scan("got RATES IE\n"); | 615 | lbs_deb_scan("got RATES IE\n"); |
| 616 | break; | 616 | break; |
| 617 | 617 | ||
| 618 | case MFIE_TYPE_FH_SET: | 618 | case WLAN_EID_FH_PARAMS: |
| 619 | pFH = (struct ieeetypes_fhparamset *) pos; | 619 | pFH = (struct ieeetypes_fhparamset *) pos; |
| 620 | memmove(&bss->phyparamset.fhparamset, pFH, | 620 | memmove(&bss->phyparamset.fhparamset, pFH, |
| 621 | sizeof(struct ieeetypes_fhparamset)); | 621 | sizeof(struct ieeetypes_fhparamset)); |
| 622 | lbs_deb_scan("got FH IE\n"); | 622 | lbs_deb_scan("got FH IE\n"); |
| 623 | break; | 623 | break; |
| 624 | 624 | ||
| 625 | case MFIE_TYPE_DS_SET: | 625 | case WLAN_EID_DS_PARAMS: |
| 626 | pDS = (struct ieeetypes_dsparamset *) pos; | 626 | pDS = (struct ieeetypes_dsparamset *) pos; |
| 627 | bss->channel = pDS->currentchan; | 627 | bss->channel = pDS->currentchan; |
| 628 | memcpy(&bss->phyparamset.dsparamset, pDS, | 628 | memcpy(&bss->phyparamset.dsparamset, pDS, |
| @@ -630,14 +630,14 @@ static int lbs_process_bss(struct bss_descriptor *bss, | |||
| 630 | lbs_deb_scan("got DS IE, channel %d\n", bss->channel); | 630 | lbs_deb_scan("got DS IE, channel %d\n", bss->channel); |
| 631 | break; | 631 | break; |
| 632 | 632 | ||
| 633 | case MFIE_TYPE_CF_SET: | 633 | case WLAN_EID_CF_PARAMS: |
| 634 | pCF = (struct ieeetypes_cfparamset *) pos; | 634 | pCF = (struct ieeetypes_cfparamset *) pos; |
| 635 | memcpy(&bss->ssparamset.cfparamset, pCF, | 635 | memcpy(&bss->ssparamset.cfparamset, pCF, |
| 636 | sizeof(struct ieeetypes_cfparamset)); | 636 | sizeof(struct ieeetypes_cfparamset)); |
| 637 | lbs_deb_scan("got CF IE\n"); | 637 | lbs_deb_scan("got CF IE\n"); |
| 638 | break; | 638 | break; |
| 639 | 639 | ||
| 640 | case MFIE_TYPE_IBSS_SET: | 640 | case WLAN_EID_IBSS_PARAMS: |
| 641 | pibss = (struct ieeetypes_ibssparamset *) pos; | 641 | pibss = (struct ieeetypes_ibssparamset *) pos; |
| 642 | bss->atimwindow = le16_to_cpu(pibss->atimwindow); | 642 | bss->atimwindow = le16_to_cpu(pibss->atimwindow); |
| 643 | memmove(&bss->ssparamset.ibssparamset, pibss, | 643 | memmove(&bss->ssparamset.ibssparamset, pibss, |
| @@ -645,7 +645,7 @@ static int lbs_process_bss(struct bss_descriptor *bss, | |||
| 645 | lbs_deb_scan("got IBSS IE\n"); | 645 | lbs_deb_scan("got IBSS IE\n"); |
| 646 | break; | 646 | break; |
| 647 | 647 | ||
| 648 | case MFIE_TYPE_COUNTRY: | 648 | case WLAN_EID_COUNTRY: |
| 649 | pcountryinfo = (struct ieeetypes_countryinfoset *) pos; | 649 | pcountryinfo = (struct ieeetypes_countryinfoset *) pos; |
| 650 | lbs_deb_scan("got COUNTRY IE\n"); | 650 | lbs_deb_scan("got COUNTRY IE\n"); |
| 651 | if (pcountryinfo->len < sizeof(pcountryinfo->countrycode) | 651 | if (pcountryinfo->len < sizeof(pcountryinfo->countrycode) |
| @@ -662,7 +662,7 @@ static int lbs_process_bss(struct bss_descriptor *bss, | |||
| 662 | (int) (pcountryinfo->len + 2)); | 662 | (int) (pcountryinfo->len + 2)); |
| 663 | break; | 663 | break; |
| 664 | 664 | ||
| 665 | case MFIE_TYPE_RATES_EX: | 665 | case WLAN_EID_EXT_SUPP_RATES: |
| 666 | /* only process extended supported rate if data rate is | 666 | /* only process extended supported rate if data rate is |
| 667 | * already found. Data rate IE should come before | 667 | * already found. Data rate IE should come before |
| 668 | * extended supported rate IE | 668 | * extended supported rate IE |
| @@ -673,50 +673,51 @@ static int lbs_process_bss(struct bss_descriptor *bss, | |||
| 673 | break; | 673 | break; |
| 674 | } | 674 | } |
| 675 | 675 | ||
| 676 | n_ex_rates = elem->len; | 676 | n_ex_rates = pos[1]; |
| 677 | if (n_basic_rates + n_ex_rates > MAX_RATES) | 677 | if (n_basic_rates + n_ex_rates > MAX_RATES) |
| 678 | n_ex_rates = MAX_RATES - n_basic_rates; | 678 | n_ex_rates = MAX_RATES - n_basic_rates; |
| 679 | 679 | ||
| 680 | p = bss->rates + n_basic_rates; | 680 | p = bss->rates + n_basic_rates; |
| 681 | memcpy(p, elem->data, n_ex_rates); | 681 | memcpy(p, pos + 2, n_ex_rates); |
| 682 | break; | 682 | break; |
| 683 | 683 | ||
| 684 | case MFIE_TYPE_GENERIC: | 684 | case WLAN_EID_GENERIC: |
| 685 | if (elem->len >= 4 && | 685 | if (pos[1] >= 4 && |
| 686 | elem->data[0] == 0x00 && elem->data[1] == 0x50 && | 686 | pos[2] == 0x00 && pos[3] == 0x50 && |
| 687 | elem->data[2] == 0xf2 && elem->data[3] == 0x01) { | 687 | pos[4] == 0xf2 && pos[5] == 0x01) { |
| 688 | bss->wpa_ie_len = min(elem->len + 2, MAX_WPA_IE_LEN); | 688 | bss->wpa_ie_len = min(pos[1] + 2, MAX_WPA_IE_LEN); |
| 689 | memcpy(bss->wpa_ie, elem, bss->wpa_ie_len); | 689 | memcpy(bss->wpa_ie, pos, bss->wpa_ie_len); |
| 690 | lbs_deb_scan("got WPA IE\n"); | 690 | lbs_deb_scan("got WPA IE\n"); |
| 691 | lbs_deb_hex(LBS_DEB_SCAN, "WPA IE", bss->wpa_ie, elem->len); | 691 | lbs_deb_hex(LBS_DEB_SCAN, "WPA IE", bss->wpa_ie, |
| 692 | } else if (elem->len >= MARVELL_MESH_IE_LENGTH && | 692 | bss->wpa_ie_len); |
| 693 | elem->data[0] == 0x00 && elem->data[1] == 0x50 && | 693 | } else if (pos[1] >= MARVELL_MESH_IE_LENGTH && |
| 694 | elem->data[2] == 0x43 && elem->data[3] == 0x04) { | 694 | pos[2] == 0x00 && pos[3] == 0x50 && |
| 695 | pos[4] == 0x43 && pos[4] == 0x04) { | ||
| 695 | lbs_deb_scan("got mesh IE\n"); | 696 | lbs_deb_scan("got mesh IE\n"); |
| 696 | bss->mesh = 1; | 697 | bss->mesh = 1; |
| 697 | } else { | 698 | } else { |
| 698 | lbs_deb_scan("got generic IE: %02x:%02x:%02x:%02x, len %d\n", | 699 | lbs_deb_scan("got generic IE: %02x:%02x:%02x:%02x, len %d\n", |
| 699 | elem->data[0], elem->data[1], | 700 | pos[2], pos[3], |
| 700 | elem->data[2], elem->data[3], | 701 | pos[4], pos[5], |
| 701 | elem->len); | 702 | pos[1]); |
| 702 | } | 703 | } |
| 703 | break; | 704 | break; |
| 704 | 705 | ||
| 705 | case MFIE_TYPE_RSN: | 706 | case WLAN_EID_RSN: |
| 706 | lbs_deb_scan("got RSN IE\n"); | 707 | lbs_deb_scan("got RSN IE\n"); |
| 707 | bss->rsn_ie_len = min(elem->len + 2, MAX_WPA_IE_LEN); | 708 | bss->rsn_ie_len = min(pos[1] + 2, MAX_WPA_IE_LEN); |
| 708 | memcpy(bss->rsn_ie, elem, bss->rsn_ie_len); | 709 | memcpy(bss->rsn_ie, pos, bss->rsn_ie_len); |
| 709 | lbs_deb_hex(LBS_DEB_SCAN, "process_bss: RSN_IE", | 710 | lbs_deb_hex(LBS_DEB_SCAN, "process_bss: RSN_IE", |
| 710 | bss->rsn_ie, elem->len); | 711 | bss->rsn_ie, bss->rsn_ie_len); |
| 711 | break; | 712 | break; |
| 712 | 713 | ||
| 713 | default: | 714 | default: |
| 714 | lbs_deb_scan("got IE 0x%04x, len %d\n", | 715 | lbs_deb_scan("got IE 0x%04x, len %d\n", |
| 715 | elem->id, elem->len); | 716 | pos[0], pos[1]); |
| 716 | break; | 717 | break; |
| 717 | } | 718 | } |
| 718 | 719 | ||
| 719 | pos += elem->len + 2; | 720 | pos += pos[1] + 2; |
| 720 | } | 721 | } |
| 721 | 722 | ||
| 722 | /* Timestamp */ | 723 | /* Timestamp */ |
diff --git a/drivers/net/wireless/libertas/scan.h b/drivers/net/wireless/libertas/scan.h index 9e07b0464a8e..fab7d5d097fc 100644 --- a/drivers/net/wireless/libertas/scan.h +++ b/drivers/net/wireless/libertas/scan.h | |||
| @@ -7,6 +7,10 @@ | |||
| 7 | #ifndef _LBS_SCAN_H | 7 | #ifndef _LBS_SCAN_H |
| 8 | #define _LBS_SCAN_H | 8 | #define _LBS_SCAN_H |
| 9 | 9 | ||
| 10 | #include <net/iw_handler.h> | ||
| 11 | |||
| 12 | #define MAX_NETWORK_COUNT 128 | ||
| 13 | |||
| 10 | /** | 14 | /** |
| 11 | * @brief Maximum number of channels that can be sent in a setuserscan ioctl | 15 | * @brief Maximum number of channels that can be sent in a setuserscan ioctl |
| 12 | */ | 16 | */ |
diff --git a/drivers/net/wireless/libertas/types.h b/drivers/net/wireless/libertas/types.h index e0c2599da92f..fb7a2d1a2525 100644 --- a/drivers/net/wireless/libertas/types.h +++ b/drivers/net/wireless/libertas/types.h | |||
| @@ -7,7 +7,6 @@ | |||
| 7 | #include <linux/if_ether.h> | 7 | #include <linux/if_ether.h> |
| 8 | #include <asm/byteorder.h> | 8 | #include <asm/byteorder.h> |
| 9 | #include <linux/wireless.h> | 9 | #include <linux/wireless.h> |
| 10 | #include <net/ieee80211.h> | ||
| 11 | 10 | ||
| 12 | struct ieeetypes_cfparamset { | 11 | struct ieeetypes_cfparamset { |
| 13 | u8 elementid; | 12 | u8 elementid; |
| @@ -258,7 +257,7 @@ struct mrvlietypes_ledbhv { | |||
| 258 | * Note that the len member of the ieee80211_info_element varies depending on | 257 | * Note that the len member of the ieee80211_info_element varies depending on |
| 259 | * the mesh_id_len */ | 258 | * the mesh_id_len */ |
| 260 | struct mrvl_meshie_val { | 259 | struct mrvl_meshie_val { |
| 261 | uint8_t oui[P80211_OUI_LEN]; | 260 | uint8_t oui[3]; |
| 262 | uint8_t type; | 261 | uint8_t type; |
| 263 | uint8_t subtype; | 262 | uint8_t subtype; |
| 264 | uint8_t version; | 263 | uint8_t version; |
| @@ -270,7 +269,7 @@ struct mrvl_meshie_val { | |||
| 270 | } __attribute__ ((packed)); | 269 | } __attribute__ ((packed)); |
| 271 | 270 | ||
| 272 | struct mrvl_meshie { | 271 | struct mrvl_meshie { |
| 273 | struct ieee80211_info_element hdr; | 272 | u8 id, len; |
| 274 | struct mrvl_meshie_val val; | 273 | struct mrvl_meshie_val val; |
| 275 | } __attribute__ ((packed)); | 274 | } __attribute__ ((packed)); |
| 276 | 275 | ||
diff --git a/drivers/net/wireless/libertas/wext.c b/drivers/net/wireless/libertas/wext.c index d4c6a659b562..fe7498f12147 100644 --- a/drivers/net/wireless/libertas/wext.c +++ b/drivers/net/wireless/libertas/wext.c | |||
| @@ -9,7 +9,6 @@ | |||
| 9 | #include <linux/bitops.h> | 9 | #include <linux/bitops.h> |
| 10 | 10 | ||
| 11 | #include <net/lib80211.h> | 11 | #include <net/lib80211.h> |
| 12 | #include <net/ieee80211.h> | ||
| 13 | #include <net/iw_handler.h> | 12 | #include <net/iw_handler.h> |
| 14 | 13 | ||
| 15 | #include "host.h" | 14 | #include "host.h" |