aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/net/wireless
diff options
context:
space:
mode:
authorJohannes Berg <johannes@sipsolutions.net>2008-10-30 17:09:54 -0400
committerJohn W. Linville <linville@tuxdriver.com>2008-11-10 15:11:56 -0500
commit2c706002fc147decdba2658ea48e4436faca3af2 (patch)
tree3e515fa59e6f7de045579f103cba09cd05293de7 /drivers/net/wireless
parent9b1fbae4b242cf86a878771eb59dc600dde72ec8 (diff)
don't use net/ieee80211.h
Convert all the drivers using net/ieee80211.h to use linux/ieee80211.h. Contains a bugfix in libertas where the SSID parsing could overrun the buffer when the AP sends invalid information. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Acked-by: Dan Williams <dcbw@redhat.com> [airo, libertas] Acked-by: Pavel Roskin <proski@gnu.org> [orinoco] Acked-by: David Kilroy <kilroyd@googlemail.com> [orinoco] Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'drivers/net/wireless')
-rw-r--r--drivers/net/wireless/airo.c50
-rw-r--r--drivers/net/wireless/atmel.c70
-rw-r--r--drivers/net/wireless/libertas/assoc.c18
-rw-r--r--drivers/net/wireless/libertas/cmd.c5
-rw-r--r--drivers/net/wireless/libertas/dev.h7
-rw-r--r--drivers/net/wireless/libertas/main.c3
-rw-r--r--drivers/net/wireless/libertas/persistcfg.c2
-rw-r--r--drivers/net/wireless/libertas/scan.c77
-rw-r--r--drivers/net/wireless/libertas/scan.h4
-rw-r--r--drivers/net/wireless/libertas/types.h5
-rw-r--r--drivers/net/wireless/libertas/wext.c1
-rw-r--r--drivers/net/wireless/orinoco.c30
-rw-r--r--drivers/net/wireless/rndis_wlan.c24
-rw-r--r--drivers/net/wireless/wl3501.h4
-rw-r--r--drivers/net/wireless/zd1201.c4
15 files changed, 156 insertions, 148 deletions
diff --git a/drivers/net/wireless/airo.c b/drivers/net/wireless/airo.c
index c8dc6568cec9..67d504e32290 100644
--- a/drivers/net/wireless/airo.c
+++ b/drivers/net/wireless/airo.c
@@ -47,10 +47,11 @@
47#include <linux/ioport.h> 47#include <linux/ioport.h>
48#include <linux/pci.h> 48#include <linux/pci.h>
49#include <asm/uaccess.h> 49#include <asm/uaccess.h>
50#include <net/ieee80211.h>
51#include <linux/kthread.h> 50#include <linux/kthread.h>
52#include <linux/freezer.h> 51#include <linux/freezer.h>
53 52
53#include <linux/ieee80211.h>
54
54#include "airo.h" 55#include "airo.h"
55 56
56#define DRV_NAME "airo" 57#define DRV_NAME "airo"
@@ -7265,56 +7266,53 @@ static inline char *airo_translate_scan(struct net_device *dev,
7265 if (test_bit(FLAG_WPA_CAPABLE, &ai->flags)) { 7266 if (test_bit(FLAG_WPA_CAPABLE, &ai->flags)) {
7266 unsigned int num_null_ies = 0; 7267 unsigned int num_null_ies = 0;
7267 u16 length = sizeof (bss->extra.iep); 7268 u16 length = sizeof (bss->extra.iep);
7268 struct ieee80211_info_element *info_element = 7269 u8 *ie = (void *)&bss->extra.iep;
7269 (struct ieee80211_info_element *) &bss->extra.iep;
7270 7270
7271 while ((length >= sizeof(*info_element)) && (num_null_ies < 2)) { 7271 while ((length >= 2) && (num_null_ies < 2)) {
7272 if (sizeof(*info_element) + info_element->len > length) { 7272 if (2 + ie[1] > length) {
7273 /* Invalid element, don't continue parsing IE */ 7273 /* Invalid element, don't continue parsing IE */
7274 break; 7274 break;
7275 } 7275 }
7276 7276
7277 switch (info_element->id) { 7277 switch (ie[0]) {
7278 case MFIE_TYPE_SSID: 7278 case WLAN_EID_SSID:
7279 /* Two zero-length SSID elements 7279 /* Two zero-length SSID elements
7280 * mean we're done parsing elements */ 7280 * mean we're done parsing elements */
7281 if (!info_element->len) 7281 if (!ie[1])
7282 num_null_ies++; 7282 num_null_ies++;
7283 break; 7283 break;
7284 7284
7285 case MFIE_TYPE_GENERIC: 7285 case WLAN_EID_GENERIC:
7286 if (info_element->len >= 4 && 7286 if (ie[1] >= 4 &&
7287 info_element->data[0] == 0x00 && 7287 ie[2] == 0x00 &&
7288 info_element->data[1] == 0x50 && 7288 ie[3] == 0x50 &&
7289 info_element->data[2] == 0xf2 && 7289 ie[4] == 0xf2 &&
7290 info_element->data[3] == 0x01) { 7290 ie[5] == 0x01) {
7291 iwe.cmd = IWEVGENIE; 7291 iwe.cmd = IWEVGENIE;
7292 iwe.u.data.length = min(info_element->len + 2, 7292 /* 64 is an arbitrary cut-off */
7293 MAX_WPA_IE_LEN); 7293 iwe.u.data.length = min(ie[1] + 2,
7294 64);
7294 current_ev = iwe_stream_add_point( 7295 current_ev = iwe_stream_add_point(
7295 info, current_ev, 7296 info, current_ev,
7296 end_buf, &iwe, 7297 end_buf, &iwe, ie);
7297 (char *) info_element);
7298 } 7298 }
7299 break; 7299 break;
7300 7300
7301 case MFIE_TYPE_RSN: 7301 case WLAN_EID_RSN:
7302 iwe.cmd = IWEVGENIE; 7302 iwe.cmd = IWEVGENIE;
7303 iwe.u.data.length = min(info_element->len + 2, 7303 /* 64 is an arbitrary cut-off */
7304 MAX_WPA_IE_LEN); 7304 iwe.u.data.length = min(ie[1] + 2, 64);
7305 current_ev = iwe_stream_add_point( 7305 current_ev = iwe_stream_add_point(
7306 info, current_ev, end_buf, 7306 info, current_ev, end_buf,
7307 &iwe, (char *) info_element); 7307 &iwe, ie);
7308 break; 7308 break;
7309 7309
7310 default: 7310 default:
7311 break; 7311 break;
7312 } 7312 }
7313 7313
7314 length -= sizeof(*info_element) + info_element->len; 7314 length -= 2 + ie[1];
7315 info_element = 7315 ie += 2 + ie[1];
7316 (struct ieee80211_info_element *)&info_element->
7317 data[info_element->len];
7318 } 7316 }
7319 } 7317 }
7320 return current_ev; 7318 return current_ev;
diff --git a/drivers/net/wireless/atmel.c b/drivers/net/wireless/atmel.c
index d16931589f81..3962b553fbf1 100644
--- a/drivers/net/wireless/atmel.c
+++ b/drivers/net/wireless/atmel.c
@@ -67,7 +67,7 @@
67#include <linux/moduleparam.h> 67#include <linux/moduleparam.h>
68#include <linux/firmware.h> 68#include <linux/firmware.h>
69#include <linux/jiffies.h> 69#include <linux/jiffies.h>
70#include <net/ieee80211.h> 70#include <linux/ieee80211.h>
71#include "atmel.h" 71#include "atmel.h"
72 72
73#define DRIVER_MAJOR 0 73#define DRIVER_MAJOR 0
@@ -569,7 +569,7 @@ static void atmel_wmem32(struct atmel_private *priv, u16 pos, u32 data);
569static void atmel_command_irq(struct atmel_private *priv); 569static void atmel_command_irq(struct atmel_private *priv);
570static int atmel_validate_channel(struct atmel_private *priv, int channel); 570static int atmel_validate_channel(struct atmel_private *priv, int channel);
571static void atmel_management_frame(struct atmel_private *priv, 571static void atmel_management_frame(struct atmel_private *priv,
572 struct ieee80211_hdr_4addr *header, 572 struct ieee80211_hdr *header,
573 u16 frame_len, u8 rssi); 573 u16 frame_len, u8 rssi);
574static void atmel_management_timer(u_long a); 574static void atmel_management_timer(u_long a);
575static void atmel_send_command(struct atmel_private *priv, int command, 575static void atmel_send_command(struct atmel_private *priv, int command,
@@ -577,7 +577,7 @@ static void atmel_send_command(struct atmel_private *priv, int command,
577static int atmel_send_command_wait(struct atmel_private *priv, int command, 577static int atmel_send_command_wait(struct atmel_private *priv, int command,
578 void *cmd, int cmd_size); 578 void *cmd, int cmd_size);
579static void atmel_transmit_management_frame(struct atmel_private *priv, 579static void atmel_transmit_management_frame(struct atmel_private *priv,
580 struct ieee80211_hdr_4addr *header, 580 struct ieee80211_hdr *header,
581 u8 *body, int body_len); 581 u8 *body, int body_len);
582 582
583static u8 atmel_get_mib8(struct atmel_private *priv, u8 type, u8 index); 583static u8 atmel_get_mib8(struct atmel_private *priv, u8 type, u8 index);
@@ -785,7 +785,7 @@ static int start_tx(struct sk_buff *skb, struct net_device *dev)
785{ 785{
786 static const u8 SNAP_RFC1024[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 }; 786 static const u8 SNAP_RFC1024[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
787 struct atmel_private *priv = netdev_priv(dev); 787 struct atmel_private *priv = netdev_priv(dev);
788 struct ieee80211_hdr_4addr header; 788 struct ieee80211_hdr header;
789 unsigned long flags; 789 unsigned long flags;
790 u16 buff, frame_ctl, len = (ETH_ZLEN < skb->len) ? skb->len : ETH_ZLEN; 790 u16 buff, frame_ctl, len = (ETH_ZLEN < skb->len) ? skb->len : ETH_ZLEN;
791 791
@@ -823,7 +823,7 @@ static int start_tx(struct sk_buff *skb, struct net_device *dev)
823 823
824 frame_ctl = IEEE80211_FTYPE_DATA; 824 frame_ctl = IEEE80211_FTYPE_DATA;
825 header.duration_id = 0; 825 header.duration_id = 0;
826 header.seq_ctl = 0; 826 header.seq_ctrl = 0;
827 if (priv->wep_is_on) 827 if (priv->wep_is_on)
828 frame_ctl |= IEEE80211_FCTL_PROTECTED; 828 frame_ctl |= IEEE80211_FCTL_PROTECTED;
829 if (priv->operating_mode == IW_MODE_ADHOC) { 829 if (priv->operating_mode == IW_MODE_ADHOC) {
@@ -840,7 +840,7 @@ static int start_tx(struct sk_buff *skb, struct net_device *dev)
840 if (priv->use_wpa) 840 if (priv->use_wpa)
841 memcpy(&header.addr4, SNAP_RFC1024, 6); 841 memcpy(&header.addr4, SNAP_RFC1024, 6);
842 842
843 header.frame_ctl = cpu_to_le16(frame_ctl); 843 header.frame_control = cpu_to_le16(frame_ctl);
844 /* Copy the wireless header into the card */ 844 /* Copy the wireless header into the card */
845 atmel_copy_to_card(dev, buff, (unsigned char *)&header, DATA_FRAME_WS_HEADER_SIZE); 845 atmel_copy_to_card(dev, buff, (unsigned char *)&header, DATA_FRAME_WS_HEADER_SIZE);
846 /* Copy the packet sans its 802.3 header addresses which have been replaced */ 846 /* Copy the packet sans its 802.3 header addresses which have been replaced */
@@ -860,7 +860,7 @@ static int start_tx(struct sk_buff *skb, struct net_device *dev)
860} 860}
861 861
862static void atmel_transmit_management_frame(struct atmel_private *priv, 862static void atmel_transmit_management_frame(struct atmel_private *priv,
863 struct ieee80211_hdr_4addr *header, 863 struct ieee80211_hdr *header,
864 u8 *body, int body_len) 864 u8 *body, int body_len)
865{ 865{
866 u16 buff; 866 u16 buff;
@@ -876,7 +876,7 @@ static void atmel_transmit_management_frame(struct atmel_private *priv,
876} 876}
877 877
878static void fast_rx_path(struct atmel_private *priv, 878static void fast_rx_path(struct atmel_private *priv,
879 struct ieee80211_hdr_4addr *header, 879 struct ieee80211_hdr *header,
880 u16 msdu_size, u16 rx_packet_loc, u32 crc) 880 u16 msdu_size, u16 rx_packet_loc, u32 crc)
881{ 881{
882 /* fast path: unfragmented packet copy directly into skbuf */ 882 /* fast path: unfragmented packet copy directly into skbuf */
@@ -914,7 +914,7 @@ static void fast_rx_path(struct atmel_private *priv,
914 } 914 }
915 915
916 memcpy(skbp, header->addr1, 6); /* destination address */ 916 memcpy(skbp, header->addr1, 6); /* destination address */
917 if (le16_to_cpu(header->frame_ctl) & IEEE80211_FCTL_FROMDS) 917 if (le16_to_cpu(header->frame_control) & IEEE80211_FCTL_FROMDS)
918 memcpy(&skbp[6], header->addr3, 6); 918 memcpy(&skbp[6], header->addr3, 6);
919 else 919 else
920 memcpy(&skbp[6], header->addr2, 6); /* source address */ 920 memcpy(&skbp[6], header->addr2, 6); /* source address */
@@ -949,7 +949,7 @@ static int probe_crc(struct atmel_private *priv, u16 packet_loc, u16 msdu_size)
949} 949}
950 950
951static void frag_rx_path(struct atmel_private *priv, 951static void frag_rx_path(struct atmel_private *priv,
952 struct ieee80211_hdr_4addr *header, 952 struct ieee80211_hdr *header,
953 u16 msdu_size, u16 rx_packet_loc, u32 crc, u16 seq_no, 953 u16 msdu_size, u16 rx_packet_loc, u32 crc, u16 seq_no,
954 u8 frag_no, int more_frags) 954 u8 frag_no, int more_frags)
955{ 955{
@@ -957,7 +957,7 @@ static void frag_rx_path(struct atmel_private *priv,
957 u8 source[6]; 957 u8 source[6];
958 struct sk_buff *skb; 958 struct sk_buff *skb;
959 959
960 if (le16_to_cpu(header->frame_ctl) & IEEE80211_FCTL_FROMDS) 960 if (le16_to_cpu(header->frame_control) & IEEE80211_FCTL_FROMDS)
961 memcpy(source, header->addr3, 6); 961 memcpy(source, header->addr3, 6);
962 else 962 else
963 memcpy(source, header->addr2, 6); 963 memcpy(source, header->addr2, 6);
@@ -1039,7 +1039,7 @@ static void frag_rx_path(struct atmel_private *priv,
1039static void rx_done_irq(struct atmel_private *priv) 1039static void rx_done_irq(struct atmel_private *priv)
1040{ 1040{
1041 int i; 1041 int i;
1042 struct ieee80211_hdr_4addr header; 1042 struct ieee80211_hdr header;
1043 1043
1044 for (i = 0; 1044 for (i = 0;
1045 atmel_rmem8(priv, atmel_rx(priv, RX_DESC_FLAGS_OFFSET, priv->rx_desc_head)) == RX_DESC_FLAG_VALID && 1045 atmel_rmem8(priv, atmel_rx(priv, RX_DESC_FLAGS_OFFSET, priv->rx_desc_head)) == RX_DESC_FLAG_VALID &&
@@ -1066,10 +1066,10 @@ static void rx_done_irq(struct atmel_private *priv)
1066 goto next; 1066 goto next;
1067 } 1067 }
1068 1068
1069 /* Get header as far as end of seq_ctl */ 1069 /* Get header as far as end of seq_ctrl */
1070 atmel_copy_to_host(priv->dev, (char *)&header, rx_packet_loc, 24); 1070 atmel_copy_to_host(priv->dev, (char *)&header, rx_packet_loc, 24);
1071 frame_ctl = le16_to_cpu(header.frame_ctl); 1071 frame_ctl = le16_to_cpu(header.frame_control);
1072 seq_control = le16_to_cpu(header.seq_ctl); 1072 seq_control = le16_to_cpu(header.seq_ctrl);
1073 1073
1074 /* probe for CRC use here if needed once five packets have 1074 /* probe for CRC use here if needed once five packets have
1075 arrived with the same crc status, we assume we know what's 1075 arrived with the same crc status, we assume we know what's
@@ -1819,7 +1819,7 @@ static int atmel_set_encodeext(struct net_device *dev,
1819 /* Determine and validate the key index */ 1819 /* Determine and validate the key index */
1820 idx = encoding->flags & IW_ENCODE_INDEX; 1820 idx = encoding->flags & IW_ENCODE_INDEX;
1821 if (idx) { 1821 if (idx) {
1822 if (idx < 1 || idx > WEP_KEYS) 1822 if (idx < 1 || idx > 4)
1823 return -EINVAL; 1823 return -EINVAL;
1824 idx--; 1824 idx--;
1825 } else 1825 } else
@@ -1882,7 +1882,7 @@ static int atmel_get_encodeext(struct net_device *dev,
1882 1882
1883 idx = encoding->flags & IW_ENCODE_INDEX; 1883 idx = encoding->flags & IW_ENCODE_INDEX;
1884 if (idx) { 1884 if (idx) {
1885 if (idx < 1 || idx > WEP_KEYS) 1885 if (idx < 1 || idx > 4)
1886 return -EINVAL; 1886 return -EINVAL;
1887 idx--; 1887 idx--;
1888 } else 1888 } else
@@ -2797,7 +2797,7 @@ static void handle_beacon_probe(struct atmel_private *priv, u16 capability,
2797 u8 channel) 2797 u8 channel)
2798{ 2798{
2799 int rejoin = 0; 2799 int rejoin = 0;
2800 int new = capability & MFIE_TYPE_POWER_CONSTRAINT ? 2800 int new = capability & WLAN_CAPABILITY_SHORT_PREAMBLE ?
2801 SHORT_PREAMBLE : LONG_PREAMBLE; 2801 SHORT_PREAMBLE : LONG_PREAMBLE;
2802 2802
2803 if (priv->preamble != new) { 2803 if (priv->preamble != new) {
@@ -2826,19 +2826,19 @@ static void handle_beacon_probe(struct atmel_private *priv, u16 capability,
2826static void send_authentication_request(struct atmel_private *priv, u16 system, 2826static void send_authentication_request(struct atmel_private *priv, u16 system,
2827 u8 *challenge, int challenge_len) 2827 u8 *challenge, int challenge_len)
2828{ 2828{
2829 struct ieee80211_hdr_4addr header; 2829 struct ieee80211_hdr header;
2830 struct auth_body auth; 2830 struct auth_body auth;
2831 2831
2832 header.frame_ctl = cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_AUTH); 2832 header.frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_AUTH);
2833 header.duration_id = cpu_to_le16(0x8000); 2833 header.duration_id = cpu_to_le16(0x8000);
2834 header.seq_ctl = 0; 2834 header.seq_ctrl = 0;
2835 memcpy(header.addr1, priv->CurrentBSSID, 6); 2835 memcpy(header.addr1, priv->CurrentBSSID, 6);
2836 memcpy(header.addr2, priv->dev->dev_addr, 6); 2836 memcpy(header.addr2, priv->dev->dev_addr, 6);
2837 memcpy(header.addr3, priv->CurrentBSSID, 6); 2837 memcpy(header.addr3, priv->CurrentBSSID, 6);
2838 2838
2839 if (priv->wep_is_on && priv->CurrentAuthentTransactionSeqNum != 1) 2839 if (priv->wep_is_on && priv->CurrentAuthentTransactionSeqNum != 1)
2840 /* no WEP for authentication frames with TrSeqNo 1 */ 2840 /* no WEP for authentication frames with TrSeqNo 1 */
2841 header.frame_ctl |= cpu_to_le16(IEEE80211_FCTL_PROTECTED); 2841 header.frame_control |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
2842 2842
2843 auth.alg = cpu_to_le16(system); 2843 auth.alg = cpu_to_le16(system);
2844 2844
@@ -2861,7 +2861,7 @@ static void send_association_request(struct atmel_private *priv, int is_reassoc)
2861{ 2861{
2862 u8 *ssid_el_p; 2862 u8 *ssid_el_p;
2863 int bodysize; 2863 int bodysize;
2864 struct ieee80211_hdr_4addr header; 2864 struct ieee80211_hdr header;
2865 struct ass_req_format { 2865 struct ass_req_format {
2866 __le16 capability; 2866 __le16 capability;
2867 __le16 listen_interval; 2867 __le16 listen_interval;
@@ -2874,10 +2874,10 @@ static void send_association_request(struct atmel_private *priv, int is_reassoc)
2874 u8 rates[4]; 2874 u8 rates[4];
2875 } body; 2875 } body;
2876 2876
2877 header.frame_ctl = cpu_to_le16(IEEE80211_FTYPE_MGMT | 2877 header.frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
2878 (is_reassoc ? IEEE80211_STYPE_REASSOC_REQ : IEEE80211_STYPE_ASSOC_REQ)); 2878 (is_reassoc ? IEEE80211_STYPE_REASSOC_REQ : IEEE80211_STYPE_ASSOC_REQ));
2879 header.duration_id = cpu_to_le16(0x8000); 2879 header.duration_id = cpu_to_le16(0x8000);
2880 header.seq_ctl = 0; 2880 header.seq_ctrl = 0;
2881 2881
2882 memcpy(header.addr1, priv->CurrentBSSID, 6); 2882 memcpy(header.addr1, priv->CurrentBSSID, 6);
2883 memcpy(header.addr2, priv->dev->dev_addr, 6); 2883 memcpy(header.addr2, priv->dev->dev_addr, 6);
@@ -2887,7 +2887,7 @@ static void send_association_request(struct atmel_private *priv, int is_reassoc)
2887 if (priv->wep_is_on) 2887 if (priv->wep_is_on)
2888 body.capability |= cpu_to_le16(WLAN_CAPABILITY_PRIVACY); 2888 body.capability |= cpu_to_le16(WLAN_CAPABILITY_PRIVACY);
2889 if (priv->preamble == SHORT_PREAMBLE) 2889 if (priv->preamble == SHORT_PREAMBLE)
2890 body.capability |= cpu_to_le16(MFIE_TYPE_POWER_CONSTRAINT); 2890 body.capability |= cpu_to_le16(WLAN_CAPABILITY_SHORT_PREAMBLE);
2891 2891
2892 body.listen_interval = cpu_to_le16(priv->listen_interval * priv->beacon_period); 2892 body.listen_interval = cpu_to_le16(priv->listen_interval * priv->beacon_period);
2893 2893
@@ -2901,10 +2901,10 @@ static void send_association_request(struct atmel_private *priv, int is_reassoc)
2901 bodysize = 12 + priv->SSID_size; 2901 bodysize = 12 + priv->SSID_size;
2902 } 2902 }
2903 2903
2904 ssid_el_p[0] = MFIE_TYPE_SSID; 2904 ssid_el_p[0] = WLAN_EID_SSID;
2905 ssid_el_p[1] = priv->SSID_size; 2905 ssid_el_p[1] = priv->SSID_size;
2906 memcpy(ssid_el_p + 2, priv->SSID, priv->SSID_size); 2906 memcpy(ssid_el_p + 2, priv->SSID, priv->SSID_size);
2907 ssid_el_p[2 + priv->SSID_size] = MFIE_TYPE_RATES; 2907 ssid_el_p[2 + priv->SSID_size] = WLAN_EID_SUPP_RATES;
2908 ssid_el_p[3 + priv->SSID_size] = 4; /* len of suported rates */ 2908 ssid_el_p[3 + priv->SSID_size] = 4; /* len of suported rates */
2909 memcpy(ssid_el_p + 4 + priv->SSID_size, atmel_basic_rates, 4); 2909 memcpy(ssid_el_p + 4 + priv->SSID_size, atmel_basic_rates, 4);
2910 2910
@@ -2912,9 +2912,9 @@ static void send_association_request(struct atmel_private *priv, int is_reassoc)
2912} 2912}
2913 2913
2914static int is_frame_from_current_bss(struct atmel_private *priv, 2914static int is_frame_from_current_bss(struct atmel_private *priv,
2915 struct ieee80211_hdr_4addr *header) 2915 struct ieee80211_hdr *header)
2916{ 2916{
2917 if (le16_to_cpu(header->frame_ctl) & IEEE80211_FCTL_FROMDS) 2917 if (le16_to_cpu(header->frame_control) & IEEE80211_FCTL_FROMDS)
2918 return memcmp(header->addr3, priv->CurrentBSSID, 6) == 0; 2918 return memcmp(header->addr3, priv->CurrentBSSID, 6) == 0;
2919 else 2919 else
2920 return memcmp(header->addr2, priv->CurrentBSSID, 6) == 0; 2920 return memcmp(header->addr2, priv->CurrentBSSID, 6) == 0;
@@ -2962,7 +2962,7 @@ static int retrieve_bss(struct atmel_private *priv)
2962} 2962}
2963 2963
2964static void store_bss_info(struct atmel_private *priv, 2964static void store_bss_info(struct atmel_private *priv,
2965 struct ieee80211_hdr_4addr *header, u16 capability, 2965 struct ieee80211_hdr *header, u16 capability,
2966 u16 beacon_period, u8 channel, u8 rssi, u8 ssid_len, 2966 u16 beacon_period, u8 channel, u8 rssi, u8 ssid_len,
2967 u8 *ssid, int is_beacon) 2967 u8 *ssid, int is_beacon)
2968{ 2968{
@@ -3001,7 +3001,7 @@ static void store_bss_info(struct atmel_private *priv,
3001 else if (capability & WLAN_CAPABILITY_ESS) 3001 else if (capability & WLAN_CAPABILITY_ESS)
3002 priv->BSSinfo[index].BSStype =IW_MODE_INFRA; 3002 priv->BSSinfo[index].BSStype =IW_MODE_INFRA;
3003 3003
3004 priv->BSSinfo[index].preamble = capability & MFIE_TYPE_POWER_CONSTRAINT ? 3004 priv->BSSinfo[index].preamble = capability & WLAN_CAPABILITY_SHORT_PREAMBLE ?
3005 SHORT_PREAMBLE : LONG_PREAMBLE; 3005 SHORT_PREAMBLE : LONG_PREAMBLE;
3006} 3006}
3007 3007
@@ -3037,7 +3037,7 @@ static void authenticate(struct atmel_private *priv, u16 frame_len)
3037 } 3037 }
3038 } else if (system == WLAN_AUTH_SHARED_KEY) { 3038 } else if (system == WLAN_AUTH_SHARED_KEY) {
3039 if (trans_seq_no == 0x0002 && 3039 if (trans_seq_no == 0x0002 &&
3040 auth->el_id == MFIE_TYPE_CHALLENGE) { 3040 auth->el_id == WLAN_EID_CHALLENGE) {
3041 send_authentication_request(priv, system, auth->chall_text, auth->chall_text_len); 3041 send_authentication_request(priv, system, auth->chall_text, auth->chall_text_len);
3042 return; 3042 return;
3043 } else if (trans_seq_no == 0x0004) { 3043 } else if (trans_seq_no == 0x0004) {
@@ -3288,12 +3288,12 @@ static void atmel_smooth_qual(struct atmel_private *priv)
3288 3288
3289/* deals with incoming managment frames. */ 3289/* deals with incoming managment frames. */
3290static void atmel_management_frame(struct atmel_private *priv, 3290static void atmel_management_frame(struct atmel_private *priv,
3291 struct ieee80211_hdr_4addr *header, 3291 struct ieee80211_hdr *header,
3292 u16 frame_len, u8 rssi) 3292 u16 frame_len, u8 rssi)
3293{ 3293{
3294 u16 subtype; 3294 u16 subtype;
3295 3295
3296 subtype = le16_to_cpu(header->frame_ctl) & IEEE80211_FCTL_STYPE; 3296 subtype = le16_to_cpu(header->frame_control) & IEEE80211_FCTL_STYPE;
3297 switch (subtype) { 3297 switch (subtype) {
3298 case IEEE80211_STYPE_BEACON: 3298 case IEEE80211_STYPE_BEACON:
3299 case IEEE80211_STYPE_PROBE_RESP: 3299 case IEEE80211_STYPE_PROBE_RESP:
diff --git a/drivers/net/wireless/libertas/assoc.c b/drivers/net/wireless/libertas/assoc.c
index 92863780286f..a0e440cd8967 100644
--- a/drivers/net/wireless/libertas/assoc.c
+++ b/drivers/net/wireless/libertas/assoc.c
@@ -2,6 +2,8 @@
2 2
3#include <linux/types.h> 3#include <linux/types.h>
4#include <linux/etherdevice.h> 4#include <linux/etherdevice.h>
5#include <linux/ieee80211.h>
6#include <linux/if_arp.h>
5#include <net/lib80211.h> 7#include <net/lib80211.h>
6 8
7#include "assoc.h" 9#include "assoc.h"
@@ -341,12 +343,12 @@ static int lbs_adhoc_start(struct lbs_private *priv,
341 WARN_ON(!assoc_req->channel); 343 WARN_ON(!assoc_req->channel);
342 344
343 /* set Physical parameter set */ 345 /* set Physical parameter set */
344 cmd.phyparamset.dsparamset.elementid = MFIE_TYPE_DS_SET; 346 cmd.phyparamset.dsparamset.elementid = WLAN_EID_DS_PARAMS;
345 cmd.phyparamset.dsparamset.len = 1; 347 cmd.phyparamset.dsparamset.len = 1;
346 cmd.phyparamset.dsparamset.currentchan = assoc_req->channel; 348 cmd.phyparamset.dsparamset.currentchan = assoc_req->channel;
347 349
348 /* set IBSS parameter set */ 350 /* set IBSS parameter set */
349 cmd.ssparamset.ibssparamset.elementid = MFIE_TYPE_IBSS_SET; 351 cmd.ssparamset.ibssparamset.elementid = WLAN_EID_IBSS_PARAMS;
350 cmd.ssparamset.ibssparamset.len = 2; 352 cmd.ssparamset.ibssparamset.len = 2;
351 cmd.ssparamset.ibssparamset.atimwindow = 0; 353 cmd.ssparamset.ibssparamset.atimwindow = 0;
352 354
@@ -430,8 +432,8 @@ static inline int match_bss_no_security(struct lbs_802_11_security *secinfo,
430{ 432{
431 if (!secinfo->wep_enabled && !secinfo->WPAenabled 433 if (!secinfo->wep_enabled && !secinfo->WPAenabled
432 && !secinfo->WPA2enabled 434 && !secinfo->WPA2enabled
433 && match_bss->wpa_ie[0] != MFIE_TYPE_GENERIC 435 && match_bss->wpa_ie[0] != WLAN_EID_GENERIC
434 && match_bss->rsn_ie[0] != MFIE_TYPE_RSN 436 && match_bss->rsn_ie[0] != WLAN_EID_RSN
435 && !(match_bss->capability & WLAN_CAPABILITY_PRIVACY)) 437 && !(match_bss->capability & WLAN_CAPABILITY_PRIVACY))
436 return 1; 438 return 1;
437 else 439 else
@@ -453,7 +455,7 @@ static inline int match_bss_wpa(struct lbs_802_11_security *secinfo,
453 struct bss_descriptor *match_bss) 455 struct bss_descriptor *match_bss)
454{ 456{
455 if (!secinfo->wep_enabled && secinfo->WPAenabled 457 if (!secinfo->wep_enabled && secinfo->WPAenabled
456 && (match_bss->wpa_ie[0] == MFIE_TYPE_GENERIC) 458 && (match_bss->wpa_ie[0] == WLAN_EID_GENERIC)
457 /* privacy bit may NOT be set in some APs like LinkSys WRT54G 459 /* privacy bit may NOT be set in some APs like LinkSys WRT54G
458 && (match_bss->capability & WLAN_CAPABILITY_PRIVACY) */ 460 && (match_bss->capability & WLAN_CAPABILITY_PRIVACY) */
459 ) 461 )
@@ -466,7 +468,7 @@ static inline int match_bss_wpa2(struct lbs_802_11_security *secinfo,
466 struct bss_descriptor *match_bss) 468 struct bss_descriptor *match_bss)
467{ 469{
468 if (!secinfo->wep_enabled && secinfo->WPA2enabled && 470 if (!secinfo->wep_enabled && secinfo->WPA2enabled &&
469 (match_bss->rsn_ie[0] == MFIE_TYPE_RSN) 471 (match_bss->rsn_ie[0] == WLAN_EID_RSN)
470 /* privacy bit may NOT be set in some APs like LinkSys WRT54G 472 /* privacy bit may NOT be set in some APs like LinkSys WRT54G
471 (match_bss->capability & WLAN_CAPABILITY_PRIVACY) */ 473 (match_bss->capability & WLAN_CAPABILITY_PRIVACY) */
472 ) 474 )
@@ -480,8 +482,8 @@ static inline int match_bss_dynamic_wep(struct lbs_802_11_security *secinfo,
480{ 482{
481 if (!secinfo->wep_enabled && !secinfo->WPAenabled 483 if (!secinfo->wep_enabled && !secinfo->WPAenabled
482 && !secinfo->WPA2enabled 484 && !secinfo->WPA2enabled
483 && (match_bss->wpa_ie[0] != MFIE_TYPE_GENERIC) 485 && (match_bss->wpa_ie[0] != WLAN_EID_GENERIC)
484 && (match_bss->rsn_ie[0] != MFIE_TYPE_RSN) 486 && (match_bss->rsn_ie[0] != WLAN_EID_RSN)
485 && (match_bss->capability & WLAN_CAPABILITY_PRIVACY)) 487 && (match_bss->capability & WLAN_CAPABILITY_PRIVACY))
486 return 1; 488 return 1;
487 else 489 else
diff --git a/drivers/net/wireless/libertas/cmd.c b/drivers/net/wireless/libertas/cmd.c
index 38843c8b919c..957fd5a10a8d 100644
--- a/drivers/net/wireless/libertas/cmd.c
+++ b/drivers/net/wireless/libertas/cmd.c
@@ -5,7 +5,6 @@
5 5
6#include <net/iw_handler.h> 6#include <net/iw_handler.h>
7#include <net/lib80211.h> 7#include <net/lib80211.h>
8#include <net/ieee80211.h>
9#include <linux/kfifo.h> 8#include <linux/kfifo.h>
10#include "host.h" 9#include "host.h"
11#include "hostcmd.h" 10#include "hostcmd.h"
@@ -1071,7 +1070,7 @@ int lbs_mesh_config(struct lbs_private *priv, uint16_t action, uint16_t chan)
1071 1070
1072 switch (action) { 1071 switch (action) {
1073 case CMD_ACT_MESH_CONFIG_START: 1072 case CMD_ACT_MESH_CONFIG_START:
1074 ie->hdr.id = MFIE_TYPE_GENERIC; 1073 ie->id = WLAN_EID_GENERIC;
1075 ie->val.oui[0] = 0x00; 1074 ie->val.oui[0] = 0x00;
1076 ie->val.oui[1] = 0x50; 1075 ie->val.oui[1] = 0x50;
1077 ie->val.oui[2] = 0x43; 1076 ie->val.oui[2] = 0x43;
@@ -1083,7 +1082,7 @@ int lbs_mesh_config(struct lbs_private *priv, uint16_t action, uint16_t chan)
1083 ie->val.mesh_capability = MARVELL_MESH_CAPABILITY; 1082 ie->val.mesh_capability = MARVELL_MESH_CAPABILITY;
1084 ie->val.mesh_id_len = priv->mesh_ssid_len; 1083 ie->val.mesh_id_len = priv->mesh_ssid_len;
1085 memcpy(ie->val.mesh_id, priv->mesh_ssid, priv->mesh_ssid_len); 1084 memcpy(ie->val.mesh_id, priv->mesh_ssid, priv->mesh_ssid_len);
1086 ie->hdr.len = sizeof(struct mrvl_meshie_val) - 1085 ie->len = sizeof(struct mrvl_meshie_val) -
1087 IW_ESSID_MAX_SIZE + priv->mesh_ssid_len; 1086 IW_ESSID_MAX_SIZE + priv->mesh_ssid_len;
1088 cmd.length = cpu_to_le16(sizeof(struct mrvl_meshie_val)); 1087 cmd.length = cpu_to_le16(sizeof(struct mrvl_meshie_val));
1089 break; 1088 break;
diff --git a/drivers/net/wireless/libertas/dev.h b/drivers/net/wireless/libertas/dev.h
index f6f3753da303..dd682c4cfde8 100644
--- a/drivers/net/wireless/libertas/dev.h
+++ b/drivers/net/wireless/libertas/dev.h
@@ -10,7 +10,6 @@
10#include <linux/wireless.h> 10#include <linux/wireless.h>
11#include <linux/ethtool.h> 11#include <linux/ethtool.h>
12#include <linux/debugfs.h> 12#include <linux/debugfs.h>
13#include <net/ieee80211.h>
14 13
15#include "defs.h" 14#include "defs.h"
16#include "hostcmd.h" 15#include "hostcmd.h"
@@ -278,6 +277,12 @@ struct lbs_private {
278 struct enc_key wpa_mcast_key; 277 struct enc_key wpa_mcast_key;
279 struct enc_key wpa_unicast_key; 278 struct enc_key wpa_unicast_key;
280 279
280/*
281 * In theory, the IE is limited to the IE length, 255,
282 * but in practice 64 bytes are enough.
283 */
284#define MAX_WPA_IE_LEN 64
285
281 /** WPA Information Elements*/ 286 /** WPA Information Elements*/
282 u8 wpa_ie[MAX_WPA_IE_LEN]; 287 u8 wpa_ie[MAX_WPA_IE_LEN];
283 u8 wpa_ie_len; 288 u8 wpa_ie_len;
diff --git a/drivers/net/wireless/libertas/main.c b/drivers/net/wireless/libertas/main.c
index 7a1e8b62abf4..241af7fe44bb 100644
--- a/drivers/net/wireless/libertas/main.c
+++ b/drivers/net/wireless/libertas/main.c
@@ -12,9 +12,8 @@
12#include <linux/kthread.h> 12#include <linux/kthread.h>
13#include <linux/kfifo.h> 13#include <linux/kfifo.h>
14#include <linux/stddef.h> 14#include <linux/stddef.h>
15 15#include <linux/ieee80211.h>
16#include <net/iw_handler.h> 16#include <net/iw_handler.h>
17#include <net/ieee80211.h>
18 17
19#include "host.h" 18#include "host.h"
20#include "decl.h" 19#include "decl.h"
diff --git a/drivers/net/wireless/libertas/persistcfg.c b/drivers/net/wireless/libertas/persistcfg.c
index 3309a9c3cfef..56e2401cc768 100644
--- a/drivers/net/wireless/libertas/persistcfg.c
+++ b/drivers/net/wireless/libertas/persistcfg.c
@@ -233,7 +233,7 @@ static ssize_t mesh_id_set(struct device *dev, struct device_attribute *attr,
233 /* SSID len */ 233 /* SSID len */
234 ie->val.mesh_id_len = len; 234 ie->val.mesh_id_len = len;
235 /* IE len */ 235 /* IE len */
236 ie->hdr.len = sizeof(struct mrvl_meshie_val) - IW_ESSID_MAX_SIZE + len; 236 ie->len = sizeof(struct mrvl_meshie_val) - IW_ESSID_MAX_SIZE + len;
237 237
238 ret = lbs_mesh_config_send(priv, &cmd, CMD_ACT_MESH_CONFIG_SET, 238 ret = lbs_mesh_config_send(priv, &cmd, CMD_ACT_MESH_CONFIG_SET,
239 CMD_TYPE_MESH_SET_MESH_IE); 239 CMD_TYPE_MESH_SET_MESH_IE);
diff --git a/drivers/net/wireless/libertas/scan.c b/drivers/net/wireless/libertas/scan.c
index 5c34ac588189..93f74763a010 100644
--- a/drivers/net/wireless/libertas/scan.c
+++ b/drivers/net/wireless/libertas/scan.c
@@ -6,8 +6,8 @@
6 */ 6 */
7#include <linux/types.h> 7#include <linux/types.h>
8#include <linux/etherdevice.h> 8#include <linux/etherdevice.h>
9#include <linux/if_arp.h>
9#include <asm/unaligned.h> 10#include <asm/unaligned.h>
10
11#include <net/lib80211.h> 11#include <net/lib80211.h>
12 12
13#include "host.h" 13#include "host.h"
@@ -55,6 +55,8 @@
55//! Scan time specified in the channel TLV for each channel for active scans 55//! Scan time specified in the channel TLV for each channel for active scans
56#define MRVDRV_ACTIVE_SCAN_CHAN_TIME 100 56#define MRVDRV_ACTIVE_SCAN_CHAN_TIME 100
57 57
58#define DEFAULT_MAX_SCAN_AGE (15 * HZ)
59
58static int lbs_ret_80211_scan(struct lbs_private *priv, unsigned long dummy, 60static int lbs_ret_80211_scan(struct lbs_private *priv, unsigned long dummy,
59 struct cmd_header *resp); 61 struct cmd_header *resp);
60 62
@@ -591,38 +593,36 @@ static int lbs_process_bss(struct bss_descriptor *bss,
591 593
592 /* process variable IE */ 594 /* process variable IE */
593 while (pos <= end - 2) { 595 while (pos <= end - 2) {
594 struct ieee80211_info_element * elem = (void *)pos; 596 if (pos + pos[1] > end) {
595
596 if (pos + elem->len > end) {
597 lbs_deb_scan("process_bss: error in processing IE, " 597 lbs_deb_scan("process_bss: error in processing IE, "
598 "bytes left < IE length\n"); 598 "bytes left < IE length\n");
599 break; 599 break;
600 } 600 }
601 601
602 switch (elem->id) { 602 switch (pos[0]) {
603 case MFIE_TYPE_SSID: 603 case WLAN_EID_SSID:
604 bss->ssid_len = min_t(int, 32, elem->len); 604 bss->ssid_len = min_t(int, IEEE80211_MAX_SSID_LEN, pos[1]);
605 memcpy(bss->ssid, elem->data, bss->ssid_len); 605 memcpy(bss->ssid, pos + 2, bss->ssid_len);
606 lbs_deb_scan("got SSID IE: '%s', len %u\n", 606 lbs_deb_scan("got SSID IE: '%s', len %u\n",
607 print_ssid(ssid, bss->ssid, bss->ssid_len), 607 print_ssid(ssid, bss->ssid, bss->ssid_len),
608 bss->ssid_len); 608 bss->ssid_len);
609 break; 609 break;
610 610
611 case MFIE_TYPE_RATES: 611 case WLAN_EID_SUPP_RATES:
612 n_basic_rates = min_t(uint8_t, MAX_RATES, elem->len); 612 n_basic_rates = min_t(uint8_t, MAX_RATES, pos[1]);
613 memcpy(bss->rates, elem->data, n_basic_rates); 613 memcpy(bss->rates, pos + 2, n_basic_rates);
614 got_basic_rates = 1; 614 got_basic_rates = 1;
615 lbs_deb_scan("got RATES IE\n"); 615 lbs_deb_scan("got RATES IE\n");
616 break; 616 break;
617 617
618 case MFIE_TYPE_FH_SET: 618 case WLAN_EID_FH_PARAMS:
619 pFH = (struct ieeetypes_fhparamset *) pos; 619 pFH = (struct ieeetypes_fhparamset *) pos;
620 memmove(&bss->phyparamset.fhparamset, pFH, 620 memmove(&bss->phyparamset.fhparamset, pFH,
621 sizeof(struct ieeetypes_fhparamset)); 621 sizeof(struct ieeetypes_fhparamset));
622 lbs_deb_scan("got FH IE\n"); 622 lbs_deb_scan("got FH IE\n");
623 break; 623 break;
624 624
625 case MFIE_TYPE_DS_SET: 625 case WLAN_EID_DS_PARAMS:
626 pDS = (struct ieeetypes_dsparamset *) pos; 626 pDS = (struct ieeetypes_dsparamset *) pos;
627 bss->channel = pDS->currentchan; 627 bss->channel = pDS->currentchan;
628 memcpy(&bss->phyparamset.dsparamset, pDS, 628 memcpy(&bss->phyparamset.dsparamset, pDS,
@@ -630,14 +630,14 @@ static int lbs_process_bss(struct bss_descriptor *bss,
630 lbs_deb_scan("got DS IE, channel %d\n", bss->channel); 630 lbs_deb_scan("got DS IE, channel %d\n", bss->channel);
631 break; 631 break;
632 632
633 case MFIE_TYPE_CF_SET: 633 case WLAN_EID_CF_PARAMS:
634 pCF = (struct ieeetypes_cfparamset *) pos; 634 pCF = (struct ieeetypes_cfparamset *) pos;
635 memcpy(&bss->ssparamset.cfparamset, pCF, 635 memcpy(&bss->ssparamset.cfparamset, pCF,
636 sizeof(struct ieeetypes_cfparamset)); 636 sizeof(struct ieeetypes_cfparamset));
637 lbs_deb_scan("got CF IE\n"); 637 lbs_deb_scan("got CF IE\n");
638 break; 638 break;
639 639
640 case MFIE_TYPE_IBSS_SET: 640 case WLAN_EID_IBSS_PARAMS:
641 pibss = (struct ieeetypes_ibssparamset *) pos; 641 pibss = (struct ieeetypes_ibssparamset *) pos;
642 bss->atimwindow = le16_to_cpu(pibss->atimwindow); 642 bss->atimwindow = le16_to_cpu(pibss->atimwindow);
643 memmove(&bss->ssparamset.ibssparamset, pibss, 643 memmove(&bss->ssparamset.ibssparamset, pibss,
@@ -645,7 +645,7 @@ static int lbs_process_bss(struct bss_descriptor *bss,
645 lbs_deb_scan("got IBSS IE\n"); 645 lbs_deb_scan("got IBSS IE\n");
646 break; 646 break;
647 647
648 case MFIE_TYPE_COUNTRY: 648 case WLAN_EID_COUNTRY:
649 pcountryinfo = (struct ieeetypes_countryinfoset *) pos; 649 pcountryinfo = (struct ieeetypes_countryinfoset *) pos;
650 lbs_deb_scan("got COUNTRY IE\n"); 650 lbs_deb_scan("got COUNTRY IE\n");
651 if (pcountryinfo->len < sizeof(pcountryinfo->countrycode) 651 if (pcountryinfo->len < sizeof(pcountryinfo->countrycode)
@@ -662,7 +662,7 @@ static int lbs_process_bss(struct bss_descriptor *bss,
662 (int) (pcountryinfo->len + 2)); 662 (int) (pcountryinfo->len + 2));
663 break; 663 break;
664 664
665 case MFIE_TYPE_RATES_EX: 665 case WLAN_EID_EXT_SUPP_RATES:
666 /* only process extended supported rate if data rate is 666 /* only process extended supported rate if data rate is
667 * already found. Data rate IE should come before 667 * already found. Data rate IE should come before
668 * extended supported rate IE 668 * extended supported rate IE
@@ -673,50 +673,51 @@ static int lbs_process_bss(struct bss_descriptor *bss,
673 break; 673 break;
674 } 674 }
675 675
676 n_ex_rates = elem->len; 676 n_ex_rates = pos[1];
677 if (n_basic_rates + n_ex_rates > MAX_RATES) 677 if (n_basic_rates + n_ex_rates > MAX_RATES)
678 n_ex_rates = MAX_RATES - n_basic_rates; 678 n_ex_rates = MAX_RATES - n_basic_rates;
679 679
680 p = bss->rates + n_basic_rates; 680 p = bss->rates + n_basic_rates;
681 memcpy(p, elem->data, n_ex_rates); 681 memcpy(p, pos + 2, n_ex_rates);
682 break; 682 break;
683 683
684 case MFIE_TYPE_GENERIC: 684 case WLAN_EID_GENERIC:
685 if (elem->len >= 4 && 685 if (pos[1] >= 4 &&
686 elem->data[0] == 0x00 && elem->data[1] == 0x50 && 686 pos[2] == 0x00 && pos[3] == 0x50 &&
687 elem->data[2] == 0xf2 && elem->data[3] == 0x01) { 687 pos[4] == 0xf2 && pos[5] == 0x01) {
688 bss->wpa_ie_len = min(elem->len + 2, MAX_WPA_IE_LEN); 688 bss->wpa_ie_len = min(pos[1] + 2, MAX_WPA_IE_LEN);
689 memcpy(bss->wpa_ie, elem, bss->wpa_ie_len); 689 memcpy(bss->wpa_ie, pos, bss->wpa_ie_len);
690 lbs_deb_scan("got WPA IE\n"); 690 lbs_deb_scan("got WPA IE\n");
691 lbs_deb_hex(LBS_DEB_SCAN, "WPA IE", bss->wpa_ie, elem->len); 691 lbs_deb_hex(LBS_DEB_SCAN, "WPA IE", bss->wpa_ie,
692 } else if (elem->len >= MARVELL_MESH_IE_LENGTH && 692 bss->wpa_ie_len);
693 elem->data[0] == 0x00 && elem->data[1] == 0x50 && 693 } else if (pos[1] >= MARVELL_MESH_IE_LENGTH &&
694 elem->data[2] == 0x43 && elem->data[3] == 0x04) { 694 pos[2] == 0x00 && pos[3] == 0x50 &&
695 pos[4] == 0x43 && pos[4] == 0x04) {
695 lbs_deb_scan("got mesh IE\n"); 696 lbs_deb_scan("got mesh IE\n");
696 bss->mesh = 1; 697 bss->mesh = 1;
697 } else { 698 } else {
698 lbs_deb_scan("got generic IE: %02x:%02x:%02x:%02x, len %d\n", 699 lbs_deb_scan("got generic IE: %02x:%02x:%02x:%02x, len %d\n",
699 elem->data[0], elem->data[1], 700 pos[2], pos[3],
700 elem->data[2], elem->data[3], 701 pos[4], pos[5],
701 elem->len); 702 pos[1]);
702 } 703 }
703 break; 704 break;
704 705
705 case MFIE_TYPE_RSN: 706 case WLAN_EID_RSN:
706 lbs_deb_scan("got RSN IE\n"); 707 lbs_deb_scan("got RSN IE\n");
707 bss->rsn_ie_len = min(elem->len + 2, MAX_WPA_IE_LEN); 708 bss->rsn_ie_len = min(pos[1] + 2, MAX_WPA_IE_LEN);
708 memcpy(bss->rsn_ie, elem, bss->rsn_ie_len); 709 memcpy(bss->rsn_ie, pos, bss->rsn_ie_len);
709 lbs_deb_hex(LBS_DEB_SCAN, "process_bss: RSN_IE", 710 lbs_deb_hex(LBS_DEB_SCAN, "process_bss: RSN_IE",
710 bss->rsn_ie, elem->len); 711 bss->rsn_ie, bss->rsn_ie_len);
711 break; 712 break;
712 713
713 default: 714 default:
714 lbs_deb_scan("got IE 0x%04x, len %d\n", 715 lbs_deb_scan("got IE 0x%04x, len %d\n",
715 elem->id, elem->len); 716 pos[0], pos[1]);
716 break; 717 break;
717 } 718 }
718 719
719 pos += elem->len + 2; 720 pos += pos[1] + 2;
720 } 721 }
721 722
722 /* Timestamp */ 723 /* Timestamp */
diff --git a/drivers/net/wireless/libertas/scan.h b/drivers/net/wireless/libertas/scan.h
index 9e07b0464a8e..fab7d5d097fc 100644
--- a/drivers/net/wireless/libertas/scan.h
+++ b/drivers/net/wireless/libertas/scan.h
@@ -7,6 +7,10 @@
7#ifndef _LBS_SCAN_H 7#ifndef _LBS_SCAN_H
8#define _LBS_SCAN_H 8#define _LBS_SCAN_H
9 9
10#include <net/iw_handler.h>
11
12#define MAX_NETWORK_COUNT 128
13
10/** 14/**
11 * @brief Maximum number of channels that can be sent in a setuserscan ioctl 15 * @brief Maximum number of channels that can be sent in a setuserscan ioctl
12 */ 16 */
diff --git a/drivers/net/wireless/libertas/types.h b/drivers/net/wireless/libertas/types.h
index e0c2599da92f..fb7a2d1a2525 100644
--- a/drivers/net/wireless/libertas/types.h
+++ b/drivers/net/wireless/libertas/types.h
@@ -7,7 +7,6 @@
7#include <linux/if_ether.h> 7#include <linux/if_ether.h>
8#include <asm/byteorder.h> 8#include <asm/byteorder.h>
9#include <linux/wireless.h> 9#include <linux/wireless.h>
10#include <net/ieee80211.h>
11 10
12struct ieeetypes_cfparamset { 11struct ieeetypes_cfparamset {
13 u8 elementid; 12 u8 elementid;
@@ -258,7 +257,7 @@ struct mrvlietypes_ledbhv {
258 * Note that the len member of the ieee80211_info_element varies depending on 257 * Note that the len member of the ieee80211_info_element varies depending on
259 * the mesh_id_len */ 258 * the mesh_id_len */
260struct mrvl_meshie_val { 259struct mrvl_meshie_val {
261 uint8_t oui[P80211_OUI_LEN]; 260 uint8_t oui[3];
262 uint8_t type; 261 uint8_t type;
263 uint8_t subtype; 262 uint8_t subtype;
264 uint8_t version; 263 uint8_t version;
@@ -270,7 +269,7 @@ struct mrvl_meshie_val {
270} __attribute__ ((packed)); 269} __attribute__ ((packed));
271 270
272struct mrvl_meshie { 271struct mrvl_meshie {
273 struct ieee80211_info_element hdr; 272 u8 id, len;
274 struct mrvl_meshie_val val; 273 struct mrvl_meshie_val val;
275} __attribute__ ((packed)); 274} __attribute__ ((packed));
276 275
diff --git a/drivers/net/wireless/libertas/wext.c b/drivers/net/wireless/libertas/wext.c
index d4c6a659b562..fe7498f12147 100644
--- a/drivers/net/wireless/libertas/wext.c
+++ b/drivers/net/wireless/libertas/wext.c
@@ -9,7 +9,6 @@
9#include <linux/bitops.h> 9#include <linux/bitops.h>
10 10
11#include <net/lib80211.h> 11#include <net/lib80211.h>
12#include <net/ieee80211.h>
13#include <net/iw_handler.h> 12#include <net/iw_handler.h>
14 13
15#include "host.h" 14#include "host.h"
diff --git a/drivers/net/wireless/orinoco.c b/drivers/net/wireless/orinoco.c
index b657a916b1d7..f4ea08f96970 100644
--- a/drivers/net/wireless/orinoco.c
+++ b/drivers/net/wireless/orinoco.c
@@ -86,8 +86,8 @@
86#include <linux/firmware.h> 86#include <linux/firmware.h>
87#include <linux/if_arp.h> 87#include <linux/if_arp.h>
88#include <linux/wireless.h> 88#include <linux/wireless.h>
89#include <linux/ieee80211.h>
89#include <net/iw_handler.h> 90#include <net/iw_handler.h>
90#include <net/ieee80211.h>
91 91
92#include <linux/scatterlist.h> 92#include <linux/scatterlist.h>
93#include <linux/crypto.h> 93#include <linux/crypto.h>
@@ -143,7 +143,7 @@ static const u8 encaps_hdr[] = {0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00};
143#define ENCAPS_OVERHEAD (sizeof(encaps_hdr) + 2) 143#define ENCAPS_OVERHEAD (sizeof(encaps_hdr) + 2)
144 144
145#define ORINOCO_MIN_MTU 256 145#define ORINOCO_MIN_MTU 256
146#define ORINOCO_MAX_MTU (IEEE80211_DATA_LEN - ENCAPS_OVERHEAD) 146#define ORINOCO_MAX_MTU (IEEE80211_MAX_DATA_LEN - ENCAPS_OVERHEAD)
147 147
148#define SYMBOL_MAX_VER_LEN (14) 148#define SYMBOL_MAX_VER_LEN (14)
149#define USER_BAP 0 149#define USER_BAP 0
@@ -392,7 +392,7 @@ static void orinoco_bss_data_init(struct orinoco_private *priv)
392} 392}
393 393
394static inline u8 *orinoco_get_ie(u8 *data, size_t len, 394static inline u8 *orinoco_get_ie(u8 *data, size_t len,
395 enum ieee80211_mfie eid) 395 enum ieee80211_eid eid)
396{ 396{
397 u8 *p = data; 397 u8 *p = data;
398 while ((p + 2) < (data + len)) { 398 while ((p + 2) < (data + len)) {
@@ -409,7 +409,7 @@ static inline u8 *orinoco_get_wpa_ie(u8 *data, size_t len)
409{ 409{
410 u8 *p = data; 410 u8 *p = data;
411 while ((p + 2 + WPA_SELECTOR_LEN) < (data + len)) { 411 while ((p + 2 + WPA_SELECTOR_LEN) < (data + len)) {
412 if ((p[0] == MFIE_TYPE_GENERIC) && 412 if ((p[0] == WLAN_EID_GENERIC) &&
413 (memcmp(&p[2], WPA_OUI_TYPE, WPA_SELECTOR_LEN) == 0)) 413 (memcmp(&p[2], WPA_OUI_TYPE, WPA_SELECTOR_LEN) == 0))
414 return p; 414 return p;
415 p += p[1] + 2; 415 p += p[1] + 2;
@@ -839,7 +839,8 @@ static int orinoco_change_mtu(struct net_device *dev, int new_mtu)
839 if ( (new_mtu < ORINOCO_MIN_MTU) || (new_mtu > ORINOCO_MAX_MTU) ) 839 if ( (new_mtu < ORINOCO_MIN_MTU) || (new_mtu > ORINOCO_MAX_MTU) )
840 return -EINVAL; 840 return -EINVAL;
841 841
842 if ( (new_mtu + ENCAPS_OVERHEAD + IEEE80211_HLEN) > 842 /* MTU + encapsulation + header length */
843 if ( (new_mtu + ENCAPS_OVERHEAD + sizeof(struct ieee80211_hdr)) >
843 (priv->nicbuf_size - ETH_HLEN) ) 844 (priv->nicbuf_size - ETH_HLEN) )
844 return -EINVAL; 845 return -EINVAL;
845 846
@@ -1254,7 +1255,7 @@ static void orinoco_rx_monitor(struct net_device *dev, u16 rxfid,
1254 } 1255 }
1255 1256
1256 /* sanity check the length */ 1257 /* sanity check the length */
1257 if (datalen > IEEE80211_DATA_LEN + 12) { 1258 if (datalen > IEEE80211_MAX_DATA_LEN + 12) {
1258 printk(KERN_DEBUG "%s: oversized monitor frame, " 1259 printk(KERN_DEBUG "%s: oversized monitor frame, "
1259 "data length = %d\n", dev->name, datalen); 1260 "data length = %d\n", dev->name, datalen);
1260 stats->rx_length_errors++; 1261 stats->rx_length_errors++;
@@ -1382,7 +1383,7 @@ static void __orinoco_ev_rx(struct net_device *dev, hermes_t *hw)
1382 data. */ 1383 data. */
1383 goto out; 1384 goto out;
1384 } 1385 }
1385 if (length > IEEE80211_DATA_LEN) { 1386 if (length > IEEE80211_MAX_DATA_LEN) {
1386 printk(KERN_WARNING "%s: Oversized frame received (%d bytes)\n", 1387 printk(KERN_WARNING "%s: Oversized frame received (%d bytes)\n",
1387 dev->name, length); 1388 dev->name, length);
1388 stats->rx_length_errors++; 1389 stats->rx_length_errors++;
@@ -3285,7 +3286,7 @@ static int orinoco_init(struct net_device *dev)
3285 3286
3286 /* No need to lock, the hw_unavailable flag is already set in 3287 /* No need to lock, the hw_unavailable flag is already set in
3287 * alloc_orinocodev() */ 3288 * alloc_orinocodev() */
3288 priv->nicbuf_size = IEEE80211_FRAME_LEN + ETH_HLEN; 3289 priv->nicbuf_size = IEEE80211_MAX_FRAME_LEN + ETH_HLEN;
3289 3290
3290 /* Initialize the firmware */ 3291 /* Initialize the firmware */
3291 err = hermes_init(hw); 3292 err = hermes_init(hw);
@@ -4681,7 +4682,7 @@ static int orinoco_ioctl_set_encodeext(struct net_device *dev,
4681 /* Determine and validate the key index */ 4682 /* Determine and validate the key index */
4682 idx = encoding->flags & IW_ENCODE_INDEX; 4683 idx = encoding->flags & IW_ENCODE_INDEX;
4683 if (idx) { 4684 if (idx) {
4684 if ((idx < 1) || (idx > WEP_KEYS)) 4685 if ((idx < 1) || (idx > 4))
4685 goto out; 4686 goto out;
4686 idx--; 4687 idx--;
4687 } else 4688 } else
@@ -4786,7 +4787,7 @@ static int orinoco_ioctl_get_encodeext(struct net_device *dev,
4786 4787
4787 idx = encoding->flags & IW_ENCODE_INDEX; 4788 idx = encoding->flags & IW_ENCODE_INDEX;
4788 if (idx) { 4789 if (idx) {
4789 if ((idx < 1) || (idx > WEP_KEYS)) 4790 if ((idx < 1) || (idx > 4))
4790 goto out; 4791 goto out;
4791 idx--; 4792 idx--;
4792 } else 4793 } else
@@ -4949,7 +4950,8 @@ static int orinoco_ioctl_set_genie(struct net_device *dev,
4949 unsigned long flags; 4950 unsigned long flags;
4950 int err = 0; 4951 int err = 0;
4951 4952
4952 if ((wrqu->data.length > MAX_WPA_IE_LEN) || 4953 /* cut off at IEEE80211_MAX_DATA_LEN */
4954 if ((wrqu->data.length > IEEE80211_MAX_DATA_LEN) ||
4953 (wrqu->data.length && (extra == NULL))) 4955 (wrqu->data.length && (extra == NULL)))
4954 return -EINVAL; 4956 return -EINVAL;
4955 4957
@@ -5632,7 +5634,7 @@ static inline char *orinoco_translate_ext_scan(struct net_device *dev,
5632 &iwe, IW_EV_UINT_LEN); 5634 &iwe, IW_EV_UINT_LEN);
5633 } 5635 }
5634 5636
5635 ie = orinoco_get_ie(bss->data, sizeof(bss->data), MFIE_TYPE_DS_SET); 5637 ie = orinoco_get_ie(bss->data, sizeof(bss->data), WLAN_EID_DS_PARAMS);
5636 channel = ie ? ie[2] : 0; 5638 channel = ie ? ie[2] : 0;
5637 if ((channel >= 1) && (channel <= NUM_CHANNELS)) { 5639 if ((channel >= 1) && (channel <= NUM_CHANNELS)) {
5638 /* Add channel and frequency */ 5640 /* Add channel and frequency */
@@ -5682,7 +5684,7 @@ static inline char *orinoco_translate_ext_scan(struct net_device *dev,
5682 } 5684 }
5683 5685
5684 /* RSN IE */ 5686 /* RSN IE */
5685 ie = orinoco_get_ie(bss->data, sizeof(bss->data), MFIE_TYPE_RSN); 5687 ie = orinoco_get_ie(bss->data, sizeof(bss->data), WLAN_EID_RSN);
5686 if (ie) { 5688 if (ie) {
5687 iwe.cmd = IWEVGENIE; 5689 iwe.cmd = IWEVGENIE;
5688 iwe.u.data.length = ie[1] + 2; 5690 iwe.u.data.length = ie[1] + 2;
@@ -5690,7 +5692,7 @@ static inline char *orinoco_translate_ext_scan(struct net_device *dev,
5690 &iwe, ie); 5692 &iwe, ie);
5691 } 5693 }
5692 5694
5693 ie = orinoco_get_ie(bss->data, sizeof(bss->data), MFIE_TYPE_RATES); 5695 ie = orinoco_get_ie(bss->data, sizeof(bss->data), WLAN_EID_SUPP_RATES);
5694 if (ie) { 5696 if (ie) {
5695 char *p = current_ev + iwe_stream_lcp_len(info); 5697 char *p = current_ev + iwe_stream_lcp_len(info);
5696 int i; 5698 int i;
diff --git a/drivers/net/wireless/rndis_wlan.c b/drivers/net/wireless/rndis_wlan.c
index bd059e3c7e2b..a1eeb48f9466 100644
--- a/drivers/net/wireless/rndis_wlan.c
+++ b/drivers/net/wireless/rndis_wlan.c
@@ -37,11 +37,11 @@
37#include <linux/usb.h> 37#include <linux/usb.h>
38#include <linux/usb/cdc.h> 38#include <linux/usb/cdc.h>
39#include <linux/wireless.h> 39#include <linux/wireless.h>
40#include <linux/ieee80211.h>
40#include <linux/if_arp.h> 41#include <linux/if_arp.h>
41#include <linux/ctype.h> 42#include <linux/ctype.h>
42#include <linux/spinlock.h> 43#include <linux/spinlock.h>
43#include <net/iw_handler.h> 44#include <net/iw_handler.h>
44#include <net/ieee80211.h>
45#include <linux/usb/usbnet.h> 45#include <linux/usb/usbnet.h>
46#include <linux/usb/rndis_host.h> 46#include <linux/usb/rndis_host.h>
47 47
@@ -1652,7 +1652,7 @@ static char *rndis_translate_scan(struct net_device *dev,
1652#ifdef DEBUG 1652#ifdef DEBUG
1653 struct usbnet *usbdev = dev->priv; 1653 struct usbnet *usbdev = dev->priv;
1654#endif 1654#endif
1655 struct ieee80211_info_element *ie; 1655 u8 *ie;
1656 char *current_val; 1656 char *current_val;
1657 int bssid_len, ie_len, i; 1657 int bssid_len, ie_len, i;
1658 u32 beacon, atim; 1658 u32 beacon, atim;
@@ -1750,20 +1750,20 @@ static char *rndis_translate_scan(struct net_device *dev,
1750 ie_len = min(bssid_len - (int)sizeof(*bssid), 1750 ie_len = min(bssid_len - (int)sizeof(*bssid),
1751 (int)le32_to_cpu(bssid->ie_length)); 1751 (int)le32_to_cpu(bssid->ie_length));
1752 ie_len -= sizeof(struct ndis_80211_fixed_ies); 1752 ie_len -= sizeof(struct ndis_80211_fixed_ies);
1753 while (ie_len >= sizeof(*ie) && sizeof(*ie) + ie->len <= ie_len) { 1753 while (ie_len >= 2 && 2 + ie[1] <= ie_len) {
1754 if ((ie->id == MFIE_TYPE_GENERIC && ie->len >= 4 && 1754 if ((ie[0] == WLAN_EID_GENERIC && ie[1] >= 4 &&
1755 memcmp(ie->data, "\x00\x50\xf2\x01", 4) == 0) || 1755 memcmp(ie + 2, "\x00\x50\xf2\x01", 4) == 0) ||
1756 ie->id == MFIE_TYPE_RSN) { 1756 ie[0] == WLAN_EID_RSN) {
1757 devdbg(usbdev, "IE: WPA%d", 1757 devdbg(usbdev, "IE: WPA%d",
1758 (ie->id == MFIE_TYPE_RSN) ? 2 : 1); 1758 (ie[0] == WLAN_EID_RSN) ? 2 : 1);
1759 iwe.cmd = IWEVGENIE; 1759 iwe.cmd = IWEVGENIE;
1760 iwe.u.data.length = min(ie->len + 2, MAX_WPA_IE_LEN); 1760 /* arbitrary cut-off at 64 */
1761 cev = iwe_stream_add_point(info, cev, end_buf, &iwe, 1761 iwe.u.data.length = min(ie[1] + 2, 64);
1762 (u8 *)ie); 1762 cev = iwe_stream_add_point(info, cev, end_buf, &iwe, ie);
1763 } 1763 }
1764 1764
1765 ie_len -= sizeof(*ie) + ie->len; 1765 ie_len -= 2 + ie[1];
1766 ie = (struct ieee80211_info_element *)&ie->data[ie->len]; 1766 ie += 2 + ie[1];
1767 } 1767 }
1768 1768
1769 return cev; 1769 return cev;
diff --git a/drivers/net/wireless/wl3501.h b/drivers/net/wireless/wl3501.h
index 65ceb088f700..59bb3a55ab48 100644
--- a/drivers/net/wireless/wl3501.h
+++ b/drivers/net/wireless/wl3501.h
@@ -2,7 +2,7 @@
2#define __WL3501_H__ 2#define __WL3501_H__
3 3
4#include <linux/spinlock.h> 4#include <linux/spinlock.h>
5#include <net/ieee80211.h> 5#include <linux/ieee80211.h>
6 6
7/* define for WLA 2.0 */ 7/* define for WLA 2.0 */
8#define WL3501_BLKSZ 256 8#define WL3501_BLKSZ 256
@@ -548,7 +548,7 @@ struct wl3501_80211_tx_plcp_hdr {
548 548
549struct wl3501_80211_tx_hdr { 549struct wl3501_80211_tx_hdr {
550 struct wl3501_80211_tx_plcp_hdr pclp_hdr; 550 struct wl3501_80211_tx_plcp_hdr pclp_hdr;
551 struct ieee80211_hdr_4addr mac_hdr; 551 struct ieee80211_hdr mac_hdr;
552} __attribute__ ((packed)); 552} __attribute__ ((packed));
553 553
554/* 554/*
diff --git a/drivers/net/wireless/zd1201.c b/drivers/net/wireless/zd1201.c
index bf744c1f5b23..1134e2fb1890 100644
--- a/drivers/net/wireless/zd1201.c
+++ b/drivers/net/wireless/zd1201.c
@@ -17,11 +17,11 @@
17#include <linux/netdevice.h> 17#include <linux/netdevice.h>
18#include <linux/etherdevice.h> 18#include <linux/etherdevice.h>
19#include <linux/wireless.h> 19#include <linux/wireless.h>
20#include <linux/ieee80211.h>
20#include <net/iw_handler.h> 21#include <net/iw_handler.h>
21#include <linux/string.h> 22#include <linux/string.h>
22#include <linux/if_arp.h> 23#include <linux/if_arp.h>
23#include <linux/firmware.h> 24#include <linux/firmware.h>
24#include <net/ieee80211.h>
25#include "zd1201.h" 25#include "zd1201.h"
26 26
27static struct usb_device_id zd1201_table[] = { 27static struct usb_device_id zd1201_table[] = {
@@ -345,7 +345,7 @@ static void zd1201_usbrx(struct urb *urb)
345 frag = kmalloc(sizeof(*frag), GFP_ATOMIC); 345 frag = kmalloc(sizeof(*frag), GFP_ATOMIC);
346 if (!frag) 346 if (!frag)
347 goto resubmit; 347 goto resubmit;
348 skb = dev_alloc_skb(IEEE80211_DATA_LEN +14+2); 348 skb = dev_alloc_skb(IEEE80211_MAX_DATA_LEN +14+2);
349 if (!skb) { 349 if (!skb) {
350 kfree(frag); 350 kfree(frag);
351 goto resubmit; 351 goto resubmit;