aboutsummaryrefslogtreecommitdiffstats
path: root/net/mac80211
diff options
context:
space:
mode:
authorJiri Benc <jbenc@suse.cz>2007-05-05 14:45:53 -0400
committerDavid S. Miller <davem@davemloft.net>2007-05-05 14:45:53 -0400
commitf0706e828e96d0fa4e80c0d25aa98523f6d589a0 (patch)
treea03c7f94939d74c1e1b82fcd9a215871590d8b35 /net/mac80211
parenta9de8ce0943e03b425be18561f51159fcceb873d (diff)
[MAC80211]: Add mac80211 wireless stack.
Add mac80211, the IEEE 802.11 software MAC layer. Signed-off-by: Jiri Benc <jbenc@suse.cz> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net/mac80211')
-rw-r--r--net/mac80211/Kconfig69
-rw-r--r--net/mac80211/Makefile19
-rw-r--r--net/mac80211/aes_ccm.c155
-rw-r--r--net/mac80211/aes_ccm.h26
-rw-r--r--net/mac80211/hostapd_ioctl.h108
-rw-r--r--net/mac80211/ieee80211.c4970
-rw-r--r--net/mac80211/ieee80211_cfg.c66
-rw-r--r--net/mac80211/ieee80211_cfg.h9
-rw-r--r--net/mac80211/ieee80211_common.h98
-rw-r--r--net/mac80211/ieee80211_i.h671
-rw-r--r--net/mac80211/ieee80211_iface.c344
-rw-r--r--net/mac80211/ieee80211_ioctl.c1806
-rw-r--r--net/mac80211/ieee80211_key.h89
-rw-r--r--net/mac80211/ieee80211_led.c91
-rw-r--r--net/mac80211/ieee80211_led.h32
-rw-r--r--net/mac80211/ieee80211_rate.c140
-rw-r--r--net/mac80211/ieee80211_rate.h122
-rw-r--r--net/mac80211/ieee80211_sta.c3060
-rw-r--r--net/mac80211/michael.c104
-rw-r--r--net/mac80211/michael.h20
-rw-r--r--net/mac80211/rc80211_simple.c361
-rw-r--r--net/mac80211/sta_info.c386
-rw-r--r--net/mac80211/sta_info.h145
-rw-r--r--net/mac80211/tkip.c341
-rw-r--r--net/mac80211/tkip.h36
-rw-r--r--net/mac80211/wep.c328
-rw-r--r--net/mac80211/wep.h40
-rw-r--r--net/mac80211/wme.c678
-rw-r--r--net/mac80211/wme.h57
-rw-r--r--net/mac80211/wpa.c660
-rw-r--r--net/mac80211/wpa.h31
31 files changed, 15062 insertions, 0 deletions
diff --git a/net/mac80211/Kconfig b/net/mac80211/Kconfig
new file mode 100644
index 000000000000..d761b53fb84c
--- /dev/null
+++ b/net/mac80211/Kconfig
@@ -0,0 +1,69 @@
1config MAC80211
2 tristate "Generic IEEE 802.11 Networking Stack (mac80211)"
3 depends on EXPERIMENTAL
4 select CRYPTO
5 select CRYPTO_ECB
6 select CRYPTO_ARC4
7 select CRYPTO_AES
8 select CRC32
9 select WIRELESS_EXT
10 select CFG80211
11 select NET_SCH_FIFO
12 ---help---
13 This option enables the hardware independent IEEE 802.11
14 networking stack.
15
16config MAC80211_LEDS
17 bool "Enable LED triggers"
18 depends on MAC80211 && LEDS_TRIGGERS
19 ---help---
20 This option enables a few LED triggers for different
21 packet receive/transmit events.
22
23config MAC80211_DEBUG
24 bool "Enable debugging output"
25 depends on MAC80211
26 ---help---
27 This option will enable debug tracing output for the
28 ieee80211 network stack.
29
30 If you are not trying to debug or develop the ieee80211
31 subsystem, you most likely want to say N here.
32
33config MAC80211_VERBOSE_DEBUG
34 bool "Verbose debugging output"
35 depends on MAC80211_DEBUG
36
37config MAC80211_LOWTX_FRAME_DUMP
38 bool "Debug frame dumping"
39 depends on MAC80211_DEBUG
40 ---help---
41 Selecting this option will cause the stack to
42 print a message for each frame that is handed
43 to the lowlevel driver for transmission. This
44 message includes all MAC addresses and the
45 frame control field.
46
47 If unsure, say N and insert the debugging code
48 you require into the driver you are debugging.
49
50config TKIP_DEBUG
51 bool "TKIP debugging"
52 depends on MAC80211_DEBUG
53
54config MAC80211_DEBUG_COUNTERS
55 bool "Extra statistics for TX/RX debugging"
56 depends on MAC80211_DEBUG
57
58config MAC80211_IBSS_DEBUG
59 bool "Support for IBSS testing"
60 depends on MAC80211_DEBUG
61 ---help---
62 Say Y here if you intend to debug the IBSS code.
63
64config MAC80211_VERBOSE_PS_DEBUG
65 bool "Verbose powersave mode debugging"
66 depends on MAC80211_DEBUG
67 ---help---
68 Say Y here to print out verbose powersave
69 mode debug messages.
diff --git a/net/mac80211/Makefile b/net/mac80211/Makefile
new file mode 100644
index 000000000000..79dea99bb482
--- /dev/null
+++ b/net/mac80211/Makefile
@@ -0,0 +1,19 @@
1obj-$(CONFIG_MAC80211) += mac80211.o rc80211_simple.o
2
3mac80211-objs-$(CONFIG_MAC80211_LEDS) += ieee80211_led.o
4
5mac80211-objs := \
6 ieee80211.o \
7 ieee80211_ioctl.o \
8 sta_info.o \
9 wep.o \
10 wpa.o \
11 ieee80211_sta.o \
12 ieee80211_iface.o \
13 ieee80211_rate.o \
14 michael.o \
15 tkip.o \
16 aes_ccm.o \
17 wme.o \
18 ieee80211_cfg.o \
19 $(mac80211-objs-y)
diff --git a/net/mac80211/aes_ccm.c b/net/mac80211/aes_ccm.c
new file mode 100644
index 000000000000..e55569bee7d0
--- /dev/null
+++ b/net/mac80211/aes_ccm.c
@@ -0,0 +1,155 @@
1/*
2 * Copyright 2003-2004, Instant802 Networks, Inc.
3 * Copyright 2005-2006, Devicescape Software, Inc.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 */
9
10#include <linux/types.h>
11#include <linux/crypto.h>
12#include <linux/err.h>
13#include <asm/scatterlist.h>
14
15#include <net/mac80211.h>
16#include "ieee80211_key.h"
17#include "aes_ccm.h"
18
19
20static void ieee80211_aes_encrypt(struct crypto_cipher *tfm,
21 const u8 pt[16], u8 ct[16])
22{
23 crypto_cipher_encrypt_one(tfm, ct, pt);
24}
25
26
27static inline void aes_ccm_prepare(struct crypto_cipher *tfm, u8 *b_0, u8 *aad,
28 u8 *b, u8 *s_0, u8 *a)
29{
30 int i;
31
32 ieee80211_aes_encrypt(tfm, b_0, b);
33
34 /* Extra Authenticate-only data (always two AES blocks) */
35 for (i = 0; i < AES_BLOCK_LEN; i++)
36 aad[i] ^= b[i];
37 ieee80211_aes_encrypt(tfm, aad, b);
38
39 aad += AES_BLOCK_LEN;
40
41 for (i = 0; i < AES_BLOCK_LEN; i++)
42 aad[i] ^= b[i];
43 ieee80211_aes_encrypt(tfm, aad, a);
44
45 /* Mask out bits from auth-only-b_0 */
46 b_0[0] &= 0x07;
47
48 /* S_0 is used to encrypt T (= MIC) */
49 b_0[14] = 0;
50 b_0[15] = 0;
51 ieee80211_aes_encrypt(tfm, b_0, s_0);
52}
53
54
55void ieee80211_aes_ccm_encrypt(struct crypto_cipher *tfm, u8 *scratch,
56 u8 *b_0, u8 *aad, u8 *data, size_t data_len,
57 u8 *cdata, u8 *mic)
58{
59 int i, j, last_len, num_blocks;
60 u8 *pos, *cpos, *b, *s_0, *e;
61
62 b = scratch;
63 s_0 = scratch + AES_BLOCK_LEN;
64 e = scratch + 2 * AES_BLOCK_LEN;
65
66 num_blocks = (data_len + AES_BLOCK_LEN - 1) / AES_BLOCK_LEN;
67 last_len = data_len % AES_BLOCK_LEN;
68 aes_ccm_prepare(tfm, b_0, aad, b, s_0, b);
69
70 /* Process payload blocks */
71 pos = data;
72 cpos = cdata;
73 for (j = 1; j <= num_blocks; j++) {
74 int blen = (j == num_blocks && last_len) ?
75 last_len : AES_BLOCK_LEN;
76
77 /* Authentication followed by encryption */
78 for (i = 0; i < blen; i++)
79 b[i] ^= pos[i];
80 ieee80211_aes_encrypt(tfm, b, b);
81
82 b_0[14] = (j >> 8) & 0xff;
83 b_0[15] = j & 0xff;
84 ieee80211_aes_encrypt(tfm, b_0, e);
85 for (i = 0; i < blen; i++)
86 *cpos++ = *pos++ ^ e[i];
87 }
88
89 for (i = 0; i < CCMP_MIC_LEN; i++)
90 mic[i] = b[i] ^ s_0[i];
91}
92
93
94int ieee80211_aes_ccm_decrypt(struct crypto_cipher *tfm, u8 *scratch,
95 u8 *b_0, u8 *aad, u8 *cdata, size_t data_len,
96 u8 *mic, u8 *data)
97{
98 int i, j, last_len, num_blocks;
99 u8 *pos, *cpos, *b, *s_0, *a;
100
101 b = scratch;
102 s_0 = scratch + AES_BLOCK_LEN;
103 a = scratch + 2 * AES_BLOCK_LEN;
104
105 num_blocks = (data_len + AES_BLOCK_LEN - 1) / AES_BLOCK_LEN;
106 last_len = data_len % AES_BLOCK_LEN;
107 aes_ccm_prepare(tfm, b_0, aad, b, s_0, a);
108
109 /* Process payload blocks */
110 cpos = cdata;
111 pos = data;
112 for (j = 1; j <= num_blocks; j++) {
113 int blen = (j == num_blocks && last_len) ?
114 last_len : AES_BLOCK_LEN;
115
116 /* Decryption followed by authentication */
117 b_0[14] = (j >> 8) & 0xff;
118 b_0[15] = j & 0xff;
119 ieee80211_aes_encrypt(tfm, b_0, b);
120 for (i = 0; i < blen; i++) {
121 *pos = *cpos++ ^ b[i];
122 a[i] ^= *pos++;
123 }
124
125 ieee80211_aes_encrypt(tfm, a, a);
126 }
127
128 for (i = 0; i < CCMP_MIC_LEN; i++) {
129 if ((mic[i] ^ s_0[i]) != a[i])
130 return -1;
131 }
132
133 return 0;
134}
135
136
137struct crypto_cipher * ieee80211_aes_key_setup_encrypt(const u8 key[])
138{
139 struct crypto_cipher *tfm;
140
141 tfm = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC);
142 if (IS_ERR(tfm))
143 return NULL;
144
145 crypto_cipher_setkey(tfm, key, ALG_CCMP_KEY_LEN);
146
147 return tfm;
148}
149
150
151void ieee80211_aes_key_free(struct crypto_cipher *tfm)
152{
153 if (tfm)
154 crypto_free_cipher(tfm);
155}
diff --git a/net/mac80211/aes_ccm.h b/net/mac80211/aes_ccm.h
new file mode 100644
index 000000000000..885f19030b29
--- /dev/null
+++ b/net/mac80211/aes_ccm.h
@@ -0,0 +1,26 @@
1/*
2 * Copyright 2003-2004, Instant802 Networks, Inc.
3 * Copyright 2006, Devicescape Software, Inc.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 */
9
10#ifndef AES_CCM_H
11#define AES_CCM_H
12
13#include <linux/crypto.h>
14
15#define AES_BLOCK_LEN 16
16
17struct crypto_cipher * ieee80211_aes_key_setup_encrypt(const u8 key[]);
18void ieee80211_aes_ccm_encrypt(struct crypto_cipher *tfm, u8 *scratch,
19 u8 *b_0, u8 *aad, u8 *data, size_t data_len,
20 u8 *cdata, u8 *mic);
21int ieee80211_aes_ccm_decrypt(struct crypto_cipher *tfm, u8 *scratch,
22 u8 *b_0, u8 *aad, u8 *cdata, size_t data_len,
23 u8 *mic, u8 *data);
24void ieee80211_aes_key_free(struct crypto_cipher *tfm);
25
26#endif /* AES_CCM_H */
diff --git a/net/mac80211/hostapd_ioctl.h b/net/mac80211/hostapd_ioctl.h
new file mode 100644
index 000000000000..34fa128e9872
--- /dev/null
+++ b/net/mac80211/hostapd_ioctl.h
@@ -0,0 +1,108 @@
1/*
2 * Host AP (software wireless LAN access point) user space daemon for
3 * Host AP kernel driver
4 * Copyright 2002-2003, Jouni Malinen <jkmaline@cc.hut.fi>
5 * Copyright 2002-2004, Instant802 Networks, Inc.
6 * Copyright 2005, Devicescape Software, Inc.
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License version 2 as
10 * published by the Free Software Foundation.
11 */
12
13#ifndef HOSTAPD_IOCTL_H
14#define HOSTAPD_IOCTL_H
15
16#ifdef __KERNEL__
17#include <linux/types.h>
18#endif /* __KERNEL__ */
19
20#define PRISM2_IOCTL_PRISM2_PARAM (SIOCIWFIRSTPRIV + 0)
21#define PRISM2_IOCTL_GET_PRISM2_PARAM (SIOCIWFIRSTPRIV + 1)
22#define PRISM2_IOCTL_HOSTAPD (SIOCIWFIRSTPRIV + 3)
23
24/* PRISM2_IOCTL_PRISM2_PARAM ioctl() subtypes:
25 * This table is no longer added to, the whole sub-ioctl
26 * mess shall be deleted completely. */
27enum {
28 PRISM2_PARAM_IEEE_802_1X = 23,
29 PRISM2_PARAM_ANTSEL_TX = 24,
30 PRISM2_PARAM_ANTSEL_RX = 25,
31
32 /* Instant802 additions */
33 PRISM2_PARAM_CTS_PROTECT_ERP_FRAMES = 1001,
34 PRISM2_PARAM_DROP_UNENCRYPTED = 1002,
35 PRISM2_PARAM_PREAMBLE = 1003,
36 PRISM2_PARAM_SHORT_SLOT_TIME = 1006,
37 PRISM2_PARAM_NEXT_MODE = 1008,
38 PRISM2_PARAM_CLEAR_KEYS = 1009,
39 PRISM2_PARAM_RADIO_ENABLED = 1010,
40 PRISM2_PARAM_ANTENNA_MODE = 1013,
41 PRISM2_PARAM_STAT_TIME = 1016,
42 PRISM2_PARAM_STA_ANTENNA_SEL = 1017,
43 PRISM2_PARAM_FORCE_UNICAST_RATE = 1018,
44 PRISM2_PARAM_RATE_CTRL_NUM_UP = 1019,
45 PRISM2_PARAM_RATE_CTRL_NUM_DOWN = 1020,
46 PRISM2_PARAM_MAX_RATECTRL_RATE = 1021,
47 PRISM2_PARAM_TX_POWER_REDUCTION = 1022,
48 PRISM2_PARAM_KEY_TX_RX_THRESHOLD = 1024,
49 PRISM2_PARAM_DEFAULT_WEP_ONLY = 1026,
50 PRISM2_PARAM_WIFI_WME_NOACK_TEST = 1033,
51 PRISM2_PARAM_SCAN_FLAGS = 1035,
52 PRISM2_PARAM_HW_MODES = 1036,
53 PRISM2_PARAM_CREATE_IBSS = 1037,
54 PRISM2_PARAM_WMM_ENABLED = 1038,
55 PRISM2_PARAM_MIXED_CELL = 1039,
56 PRISM2_PARAM_RADAR_DETECT = 1043,
57 PRISM2_PARAM_SPECTRUM_MGMT = 1044,
58};
59
60enum {
61 IEEE80211_KEY_MGMT_NONE = 0,
62 IEEE80211_KEY_MGMT_IEEE8021X = 1,
63 IEEE80211_KEY_MGMT_WPA_PSK = 2,
64 IEEE80211_KEY_MGMT_WPA_EAP = 3,
65};
66
67
68/* Data structures used for get_hw_features ioctl */
69struct hostapd_ioctl_hw_modes_hdr {
70 int mode;
71 int num_channels;
72 int num_rates;
73};
74
75struct ieee80211_channel_data {
76 short chan; /* channel number (IEEE 802.11) */
77 short freq; /* frequency in MHz */
78 int flag; /* flag for hostapd use (IEEE80211_CHAN_*) */
79};
80
81struct ieee80211_rate_data {
82 int rate; /* rate in 100 kbps */
83 int flags; /* IEEE80211_RATE_ flags */
84};
85
86
87/* ADD_IF, REMOVE_IF, and UPDATE_IF 'type' argument */
88enum {
89 HOSTAP_IF_WDS = 1, HOSTAP_IF_VLAN = 2, HOSTAP_IF_BSS = 3,
90 HOSTAP_IF_STA = 4
91};
92
93struct hostapd_if_wds {
94 u8 remote_addr[ETH_ALEN];
95};
96
97struct hostapd_if_vlan {
98 u8 id;
99};
100
101struct hostapd_if_bss {
102 u8 bssid[ETH_ALEN];
103};
104
105struct hostapd_if_sta {
106};
107
108#endif /* HOSTAPD_IOCTL_H */
diff --git a/net/mac80211/ieee80211.c b/net/mac80211/ieee80211.c
new file mode 100644
index 000000000000..48a832d4e175
--- /dev/null
+++ b/net/mac80211/ieee80211.c
@@ -0,0 +1,4970 @@
1/*
2 * Copyright 2002-2005, Instant802 Networks, Inc.
3 * Copyright 2005-2006, Devicescape Software, Inc.
4 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation.
9 */
10
11#include <net/mac80211.h>
12#include <net/ieee80211_radiotap.h>
13#include <linux/module.h>
14#include <linux/init.h>
15#include <linux/netdevice.h>
16#include <linux/types.h>
17#include <linux/slab.h>
18#include <linux/skbuff.h>
19#include <linux/etherdevice.h>
20#include <linux/if_arp.h>
21#include <linux/wireless.h>
22#include <linux/rtnetlink.h>
23#include <net/iw_handler.h>
24#include <linux/compiler.h>
25#include <linux/bitmap.h>
26#include <net/cfg80211.h>
27
28#include "ieee80211_common.h"
29#include "ieee80211_i.h"
30#include "ieee80211_rate.h"
31#include "wep.h"
32#include "wpa.h"
33#include "tkip.h"
34#include "wme.h"
35#include "aes_ccm.h"
36#include "ieee80211_led.h"
37#include "ieee80211_cfg.h"
38
39/* privid for wiphys to determine whether they belong to us or not */
40void *mac80211_wiphy_privid = &mac80211_wiphy_privid;
41
42/* See IEEE 802.1H for LLC/SNAP encapsulation/decapsulation */
43/* Ethernet-II snap header (RFC1042 for most EtherTypes) */
44static const unsigned char rfc1042_header[] =
45 { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
46
47/* Bridge-Tunnel header (for EtherTypes ETH_P_AARP and ETH_P_IPX) */
48static const unsigned char bridge_tunnel_header[] =
49 { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0xf8 };
50
51/* No encapsulation header if EtherType < 0x600 (=length) */
52static const unsigned char eapol_header[] =
53 { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00, 0x88, 0x8e };
54
55
56static inline void ieee80211_include_sequence(struct ieee80211_sub_if_data *sdata,
57 struct ieee80211_hdr *hdr)
58{
59 /* Set the sequence number for this frame. */
60 hdr->seq_ctrl = cpu_to_le16(sdata->sequence);
61
62 /* Increase the sequence number. */
63 sdata->sequence = (sdata->sequence + 0x10) & IEEE80211_SCTL_SEQ;
64}
65
66struct ieee80211_key_conf *
67ieee80211_key_data2conf(struct ieee80211_local *local,
68 const struct ieee80211_key *data)
69{
70 struct ieee80211_key_conf *conf;
71
72 conf = kmalloc(sizeof(*conf) + data->keylen, GFP_ATOMIC);
73 if (!conf)
74 return NULL;
75
76 conf->hw_key_idx = data->hw_key_idx;
77 conf->alg = data->alg;
78 conf->keylen = data->keylen;
79 conf->flags = 0;
80 if (data->force_sw_encrypt)
81 conf->flags |= IEEE80211_KEY_FORCE_SW_ENCRYPT;
82 conf->keyidx = data->keyidx;
83 if (data->default_tx_key)
84 conf->flags |= IEEE80211_KEY_DEFAULT_TX_KEY;
85 if (local->default_wep_only)
86 conf->flags |= IEEE80211_KEY_DEFAULT_WEP_ONLY;
87 memcpy(conf->key, data->key, data->keylen);
88
89 return conf;
90}
91
92struct ieee80211_key *ieee80211_key_alloc(struct ieee80211_sub_if_data *sdata,
93 int idx, size_t key_len, gfp_t flags)
94{
95 struct ieee80211_key *key;
96
97 key = kzalloc(sizeof(struct ieee80211_key) + key_len, flags);
98 if (!key)
99 return NULL;
100 kref_init(&key->kref);
101 return key;
102}
103
104static void ieee80211_key_release(struct kref *kref)
105{
106 struct ieee80211_key *key;
107
108 key = container_of(kref, struct ieee80211_key, kref);
109 if (key->alg == ALG_CCMP)
110 ieee80211_aes_key_free(key->u.ccmp.tfm);
111 kfree(key);
112}
113
114void ieee80211_key_free(struct ieee80211_key *key)
115{
116 if (key)
117 kref_put(&key->kref, ieee80211_key_release);
118}
119
120static int rate_list_match(const int *rate_list, int rate)
121{
122 int i;
123
124 if (!rate_list)
125 return 0;
126
127 for (i = 0; rate_list[i] >= 0; i++)
128 if (rate_list[i] == rate)
129 return 1;
130
131 return 0;
132}
133
134
135void ieee80211_prepare_rates(struct ieee80211_local *local,
136 struct ieee80211_hw_mode *mode)
137{
138 int i;
139
140 for (i = 0; i < mode->num_rates; i++) {
141 struct ieee80211_rate *rate = &mode->rates[i];
142
143 rate->flags &= ~(IEEE80211_RATE_SUPPORTED |
144 IEEE80211_RATE_BASIC);
145
146 if (local->supp_rates[mode->mode]) {
147 if (!rate_list_match(local->supp_rates[mode->mode],
148 rate->rate))
149 continue;
150 }
151
152 rate->flags |= IEEE80211_RATE_SUPPORTED;
153
154 /* Use configured basic rate set if it is available. If not,
155 * use defaults that are sane for most cases. */
156 if (local->basic_rates[mode->mode]) {
157 if (rate_list_match(local->basic_rates[mode->mode],
158 rate->rate))
159 rate->flags |= IEEE80211_RATE_BASIC;
160 } else switch (mode->mode) {
161 case MODE_IEEE80211A:
162 if (rate->rate == 60 || rate->rate == 120 ||
163 rate->rate == 240)
164 rate->flags |= IEEE80211_RATE_BASIC;
165 break;
166 case MODE_IEEE80211B:
167 if (rate->rate == 10 || rate->rate == 20)
168 rate->flags |= IEEE80211_RATE_BASIC;
169 break;
170 case MODE_ATHEROS_TURBO:
171 if (rate->rate == 120 || rate->rate == 240 ||
172 rate->rate == 480)
173 rate->flags |= IEEE80211_RATE_BASIC;
174 break;
175 case MODE_IEEE80211G:
176 if (rate->rate == 10 || rate->rate == 20 ||
177 rate->rate == 55 || rate->rate == 110)
178 rate->flags |= IEEE80211_RATE_BASIC;
179 break;
180 }
181
182 /* Set ERP and MANDATORY flags based on phymode */
183 switch (mode->mode) {
184 case MODE_IEEE80211A:
185 if (rate->rate == 60 || rate->rate == 120 ||
186 rate->rate == 240)
187 rate->flags |= IEEE80211_RATE_MANDATORY;
188 break;
189 case MODE_IEEE80211B:
190 if (rate->rate == 10)
191 rate->flags |= IEEE80211_RATE_MANDATORY;
192 break;
193 case MODE_ATHEROS_TURBO:
194 break;
195 case MODE_IEEE80211G:
196 if (rate->rate == 10 || rate->rate == 20 ||
197 rate->rate == 55 || rate->rate == 110 ||
198 rate->rate == 60 || rate->rate == 120 ||
199 rate->rate == 240)
200 rate->flags |= IEEE80211_RATE_MANDATORY;
201 break;
202 }
203 if (ieee80211_is_erp_rate(mode->mode, rate->rate))
204 rate->flags |= IEEE80211_RATE_ERP;
205 }
206}
207
208
209static void ieee80211_key_threshold_notify(struct net_device *dev,
210 struct ieee80211_key *key,
211 struct sta_info *sta)
212{
213 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
214 struct sk_buff *skb;
215 struct ieee80211_msg_key_notification *msg;
216
217 /* if no one will get it anyway, don't even allocate it.
218 * unlikely because this is only relevant for APs
219 * where the device must be open... */
220 if (unlikely(!local->apdev))
221 return;
222
223 skb = dev_alloc_skb(sizeof(struct ieee80211_frame_info) +
224 sizeof(struct ieee80211_msg_key_notification));
225 if (!skb)
226 return;
227
228 skb_reserve(skb, sizeof(struct ieee80211_frame_info));
229 msg = (struct ieee80211_msg_key_notification *)
230 skb_put(skb, sizeof(struct ieee80211_msg_key_notification));
231 msg->tx_rx_count = key->tx_rx_count;
232 memcpy(msg->ifname, dev->name, IFNAMSIZ);
233 if (sta)
234 memcpy(msg->addr, sta->addr, ETH_ALEN);
235 else
236 memset(msg->addr, 0xff, ETH_ALEN);
237
238 key->tx_rx_count = 0;
239
240 ieee80211_rx_mgmt(local, skb, NULL,
241 ieee80211_msg_key_threshold_notification);
242}
243
244
245static u8 * ieee80211_get_bssid(struct ieee80211_hdr *hdr, size_t len)
246{
247 u16 fc;
248
249 if (len < 24)
250 return NULL;
251
252 fc = le16_to_cpu(hdr->frame_control);
253
254 switch (fc & IEEE80211_FCTL_FTYPE) {
255 case IEEE80211_FTYPE_DATA:
256 switch (fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) {
257 case IEEE80211_FCTL_TODS:
258 return hdr->addr1;
259 case (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS):
260 return NULL;
261 case IEEE80211_FCTL_FROMDS:
262 return hdr->addr2;
263 case 0:
264 return hdr->addr3;
265 }
266 break;
267 case IEEE80211_FTYPE_MGMT:
268 return hdr->addr3;
269 case IEEE80211_FTYPE_CTL:
270 if ((fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_PSPOLL)
271 return hdr->addr1;
272 else
273 return NULL;
274 }
275
276 return NULL;
277}
278
279int ieee80211_get_hdrlen(u16 fc)
280{
281 int hdrlen = 24;
282
283 switch (fc & IEEE80211_FCTL_FTYPE) {
284 case IEEE80211_FTYPE_DATA:
285 if ((fc & IEEE80211_FCTL_FROMDS) && (fc & IEEE80211_FCTL_TODS))
286 hdrlen = 30; /* Addr4 */
287 /*
288 * The QoS Control field is two bytes and its presence is
289 * indicated by the IEEE80211_STYPE_QOS_DATA bit. Add 2 to
290 * hdrlen if that bit is set.
291 * This works by masking out the bit and shifting it to
292 * bit position 1 so the result has the value 0 or 2.
293 */
294 hdrlen += (fc & IEEE80211_STYPE_QOS_DATA)
295 >> (ilog2(IEEE80211_STYPE_QOS_DATA)-1);
296 break;
297 case IEEE80211_FTYPE_CTL:
298 /*
299 * ACK and CTS are 10 bytes, all others 16. To see how
300 * to get this condition consider
301 * subtype mask: 0b0000000011110000 (0x00F0)
302 * ACK subtype: 0b0000000011010000 (0x00D0)
303 * CTS subtype: 0b0000000011000000 (0x00C0)
304 * bits that matter: ^^^ (0x00E0)
305 * value of those: 0b0000000011000000 (0x00C0)
306 */
307 if ((fc & 0xE0) == 0xC0)
308 hdrlen = 10;
309 else
310 hdrlen = 16;
311 break;
312 }
313
314 return hdrlen;
315}
316EXPORT_SYMBOL(ieee80211_get_hdrlen);
317
318int ieee80211_get_hdrlen_from_skb(const struct sk_buff *skb)
319{
320 const struct ieee80211_hdr *hdr = (const struct ieee80211_hdr *) skb->data;
321 int hdrlen;
322
323 if (unlikely(skb->len < 10))
324 return 0;
325 hdrlen = ieee80211_get_hdrlen(le16_to_cpu(hdr->frame_control));
326 if (unlikely(hdrlen > skb->len))
327 return 0;
328 return hdrlen;
329}
330EXPORT_SYMBOL(ieee80211_get_hdrlen_from_skb);
331
332static int ieee80211_get_radiotap_len(struct sk_buff *skb)
333{
334 struct ieee80211_radiotap_header *hdr =
335 (struct ieee80211_radiotap_header *) skb->data;
336
337 return le16_to_cpu(hdr->it_len);
338}
339
340#ifdef CONFIG_MAC80211_LOWTX_FRAME_DUMP
341static void ieee80211_dump_frame(const char *ifname, const char *title,
342 const struct sk_buff *skb)
343{
344 const struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
345 u16 fc;
346 int hdrlen;
347
348 printk(KERN_DEBUG "%s: %s (len=%d)", ifname, title, skb->len);
349 if (skb->len < 4) {
350 printk("\n");
351 return;
352 }
353
354 fc = le16_to_cpu(hdr->frame_control);
355 hdrlen = ieee80211_get_hdrlen(fc);
356 if (hdrlen > skb->len)
357 hdrlen = skb->len;
358 if (hdrlen >= 4)
359 printk(" FC=0x%04x DUR=0x%04x",
360 fc, le16_to_cpu(hdr->duration_id));
361 if (hdrlen >= 10)
362 printk(" A1=" MAC_FMT, MAC_ARG(hdr->addr1));
363 if (hdrlen >= 16)
364 printk(" A2=" MAC_FMT, MAC_ARG(hdr->addr2));
365 if (hdrlen >= 24)
366 printk(" A3=" MAC_FMT, MAC_ARG(hdr->addr3));
367 if (hdrlen >= 30)
368 printk(" A4=" MAC_FMT, MAC_ARG(hdr->addr4));
369 printk("\n");
370}
371#else /* CONFIG_MAC80211_LOWTX_FRAME_DUMP */
372static inline void ieee80211_dump_frame(const char *ifname, const char *title,
373 struct sk_buff *skb)
374{
375}
376#endif /* CONFIG_MAC80211_LOWTX_FRAME_DUMP */
377
378
379static int ieee80211_is_eapol(const struct sk_buff *skb)
380{
381 const struct ieee80211_hdr *hdr;
382 u16 fc;
383 int hdrlen;
384
385 if (unlikely(skb->len < 10))
386 return 0;
387
388 hdr = (const struct ieee80211_hdr *) skb->data;
389 fc = le16_to_cpu(hdr->frame_control);
390
391 if (unlikely(!WLAN_FC_DATA_PRESENT(fc)))
392 return 0;
393
394 hdrlen = ieee80211_get_hdrlen(fc);
395
396 if (unlikely(skb->len >= hdrlen + sizeof(eapol_header) &&
397 memcmp(skb->data + hdrlen, eapol_header,
398 sizeof(eapol_header)) == 0))
399 return 1;
400
401 return 0;
402}
403
404
405static ieee80211_txrx_result
406ieee80211_tx_h_rate_ctrl(struct ieee80211_txrx_data *tx)
407{
408 struct rate_control_extra extra;
409
410 memset(&extra, 0, sizeof(extra));
411 extra.mode = tx->u.tx.mode;
412 extra.mgmt_data = tx->sdata &&
413 tx->sdata->type == IEEE80211_IF_TYPE_MGMT;
414 extra.ethertype = tx->ethertype;
415
416 tx->u.tx.rate = rate_control_get_rate(tx->local, tx->dev, tx->skb,
417 &extra);
418 if (unlikely(extra.probe != NULL)) {
419 tx->u.tx.control->flags |= IEEE80211_TXCTL_RATE_CTRL_PROBE;
420 tx->u.tx.probe_last_frag = 1;
421 tx->u.tx.control->alt_retry_rate = tx->u.tx.rate->val;
422 tx->u.tx.rate = extra.probe;
423 } else {
424 tx->u.tx.control->alt_retry_rate = -1;
425 }
426 if (!tx->u.tx.rate)
427 return TXRX_DROP;
428 if (tx->u.tx.mode->mode == MODE_IEEE80211G &&
429 tx->local->cts_protect_erp_frames && tx->fragmented &&
430 extra.nonerp) {
431 tx->u.tx.last_frag_rate = tx->u.tx.rate;
432 tx->u.tx.probe_last_frag = extra.probe ? 1 : 0;
433
434 tx->u.tx.rate = extra.nonerp;
435 tx->u.tx.control->rate = extra.nonerp;
436 tx->u.tx.control->flags &= ~IEEE80211_TXCTL_RATE_CTRL_PROBE;
437 } else {
438 tx->u.tx.last_frag_rate = tx->u.tx.rate;
439 tx->u.tx.control->rate = tx->u.tx.rate;
440 }
441 tx->u.tx.control->tx_rate = tx->u.tx.rate->val;
442 if ((tx->u.tx.rate->flags & IEEE80211_RATE_PREAMBLE2) &&
443 tx->local->short_preamble &&
444 (!tx->sta || (tx->sta->flags & WLAN_STA_SHORT_PREAMBLE))) {
445 tx->u.tx.short_preamble = 1;
446 tx->u.tx.control->tx_rate = tx->u.tx.rate->val2;
447 }
448
449 return TXRX_CONTINUE;
450}
451
452
453static ieee80211_txrx_result
454ieee80211_tx_h_select_key(struct ieee80211_txrx_data *tx)
455{
456 if (tx->sta)
457 tx->u.tx.control->key_idx = tx->sta->key_idx_compression;
458 else
459 tx->u.tx.control->key_idx = HW_KEY_IDX_INVALID;
460
461 if (unlikely(tx->u.tx.control->flags & IEEE80211_TXCTL_DO_NOT_ENCRYPT))
462 tx->key = NULL;
463 else if (tx->sta && tx->sta->key)
464 tx->key = tx->sta->key;
465 else if (tx->sdata->default_key)
466 tx->key = tx->sdata->default_key;
467 else if (tx->sdata->drop_unencrypted &&
468 !(tx->sdata->eapol && ieee80211_is_eapol(tx->skb))) {
469 I802_DEBUG_INC(tx->local->tx_handlers_drop_unencrypted);
470 return TXRX_DROP;
471 } else
472 tx->key = NULL;
473
474 if (tx->key) {
475 tx->key->tx_rx_count++;
476 if (unlikely(tx->local->key_tx_rx_threshold &&
477 tx->key->tx_rx_count >
478 tx->local->key_tx_rx_threshold)) {
479 ieee80211_key_threshold_notify(tx->dev, tx->key,
480 tx->sta);
481 }
482 }
483
484 return TXRX_CONTINUE;
485}
486
487
488static ieee80211_txrx_result
489ieee80211_tx_h_fragment(struct ieee80211_txrx_data *tx)
490{
491 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) tx->skb->data;
492 size_t hdrlen, per_fragm, num_fragm, payload_len, left;
493 struct sk_buff **frags, *first, *frag;
494 int i;
495 u16 seq;
496 u8 *pos;
497 int frag_threshold = tx->local->fragmentation_threshold;
498
499 if (!tx->fragmented)
500 return TXRX_CONTINUE;
501
502 first = tx->skb;
503
504 hdrlen = ieee80211_get_hdrlen(tx->fc);
505 payload_len = first->len - hdrlen;
506 per_fragm = frag_threshold - hdrlen - FCS_LEN;
507 num_fragm = (payload_len + per_fragm - 1) / per_fragm;
508
509 frags = kzalloc(num_fragm * sizeof(struct sk_buff *), GFP_ATOMIC);
510 if (!frags)
511 goto fail;
512
513 hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_MOREFRAGS);
514 seq = le16_to_cpu(hdr->seq_ctrl) & IEEE80211_SCTL_SEQ;
515 pos = first->data + hdrlen + per_fragm;
516 left = payload_len - per_fragm;
517 for (i = 0; i < num_fragm - 1; i++) {
518 struct ieee80211_hdr *fhdr;
519 size_t copylen;
520
521 if (left <= 0)
522 goto fail;
523
524 /* reserve enough extra head and tail room for possible
525 * encryption */
526 frag = frags[i] =
527 dev_alloc_skb(tx->local->hw.extra_tx_headroom +
528 frag_threshold +
529 IEEE80211_ENCRYPT_HEADROOM +
530 IEEE80211_ENCRYPT_TAILROOM);
531 if (!frag)
532 goto fail;
533 /* Make sure that all fragments use the same priority so
534 * that they end up using the same TX queue */
535 frag->priority = first->priority;
536 skb_reserve(frag, tx->local->hw.extra_tx_headroom +
537 IEEE80211_ENCRYPT_HEADROOM);
538 fhdr = (struct ieee80211_hdr *) skb_put(frag, hdrlen);
539 memcpy(fhdr, first->data, hdrlen);
540 if (i == num_fragm - 2)
541 fhdr->frame_control &= cpu_to_le16(~IEEE80211_FCTL_MOREFRAGS);
542 fhdr->seq_ctrl = cpu_to_le16(seq | ((i + 1) & IEEE80211_SCTL_FRAG));
543 copylen = left > per_fragm ? per_fragm : left;
544 memcpy(skb_put(frag, copylen), pos, copylen);
545
546 pos += copylen;
547 left -= copylen;
548 }
549 skb_trim(first, hdrlen + per_fragm);
550
551 tx->u.tx.num_extra_frag = num_fragm - 1;
552 tx->u.tx.extra_frag = frags;
553
554 return TXRX_CONTINUE;
555
556 fail:
557 printk(KERN_DEBUG "%s: failed to fragment frame\n", tx->dev->name);
558 if (frags) {
559 for (i = 0; i < num_fragm - 1; i++)
560 if (frags[i])
561 dev_kfree_skb(frags[i]);
562 kfree(frags);
563 }
564 I802_DEBUG_INC(tx->local->tx_handlers_drop_fragment);
565 return TXRX_DROP;
566}
567
568
569static int wep_encrypt_skb(struct ieee80211_txrx_data *tx, struct sk_buff *skb)
570{
571 if (tx->key->force_sw_encrypt) {
572 if (ieee80211_wep_encrypt(tx->local, skb, tx->key))
573 return -1;
574 } else {
575 tx->u.tx.control->key_idx = tx->key->hw_key_idx;
576 if (tx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) {
577 if (ieee80211_wep_add_iv(tx->local, skb, tx->key) ==
578 NULL)
579 return -1;
580 }
581 }
582 return 0;
583}
584
585
586void ieee80211_tx_set_iswep(struct ieee80211_txrx_data *tx)
587{
588 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) tx->skb->data;
589
590 hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
591 if (tx->u.tx.extra_frag) {
592 struct ieee80211_hdr *fhdr;
593 int i;
594 for (i = 0; i < tx->u.tx.num_extra_frag; i++) {
595 fhdr = (struct ieee80211_hdr *)
596 tx->u.tx.extra_frag[i]->data;
597 fhdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
598 }
599 }
600}
601
602
603static ieee80211_txrx_result
604ieee80211_tx_h_wep_encrypt(struct ieee80211_txrx_data *tx)
605{
606 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) tx->skb->data;
607 u16 fc;
608
609 fc = le16_to_cpu(hdr->frame_control);
610
611 if (!tx->key || tx->key->alg != ALG_WEP ||
612 ((fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA &&
613 ((fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT ||
614 (fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_AUTH)))
615 return TXRX_CONTINUE;
616
617 tx->u.tx.control->iv_len = WEP_IV_LEN;
618 tx->u.tx.control->icv_len = WEP_ICV_LEN;
619 ieee80211_tx_set_iswep(tx);
620
621 if (wep_encrypt_skb(tx, tx->skb) < 0) {
622 I802_DEBUG_INC(tx->local->tx_handlers_drop_wep);
623 return TXRX_DROP;
624 }
625
626 if (tx->u.tx.extra_frag) {
627 int i;
628 for (i = 0; i < tx->u.tx.num_extra_frag; i++) {
629 if (wep_encrypt_skb(tx, tx->u.tx.extra_frag[i]) < 0) {
630 I802_DEBUG_INC(tx->local->
631 tx_handlers_drop_wep);
632 return TXRX_DROP;
633 }
634 }
635 }
636
637 return TXRX_CONTINUE;
638}
639
640
641static int ieee80211_frame_duration(struct ieee80211_local *local, size_t len,
642 int rate, int erp, int short_preamble)
643{
644 int dur;
645
646 /* calculate duration (in microseconds, rounded up to next higher
647 * integer if it includes a fractional microsecond) to send frame of
648 * len bytes (does not include FCS) at the given rate. Duration will
649 * also include SIFS.
650 *
651 * rate is in 100 kbps, so divident is multiplied by 10 in the
652 * DIV_ROUND_UP() operations.
653 */
654
655 if (local->hw.conf.phymode == MODE_IEEE80211A || erp ||
656 local->hw.conf.phymode == MODE_ATHEROS_TURBO) {
657 /*
658 * OFDM:
659 *
660 * N_DBPS = DATARATE x 4
661 * N_SYM = Ceiling((16+8xLENGTH+6) / N_DBPS)
662 * (16 = SIGNAL time, 6 = tail bits)
663 * TXTIME = T_PREAMBLE + T_SIGNAL + T_SYM x N_SYM + Signal Ext
664 *
665 * T_SYM = 4 usec
666 * 802.11a - 17.5.2: aSIFSTime = 16 usec
667 * 802.11g - 19.8.4: aSIFSTime = 10 usec +
668 * signal ext = 6 usec
669 */
670 /* FIX: Atheros Turbo may have different (shorter) duration? */
671 dur = 16; /* SIFS + signal ext */
672 dur += 16; /* 17.3.2.3: T_PREAMBLE = 16 usec */
673 dur += 4; /* 17.3.2.3: T_SIGNAL = 4 usec */
674 dur += 4 * DIV_ROUND_UP((16 + 8 * (len + 4) + 6) * 10,
675 4 * rate); /* T_SYM x N_SYM */
676 } else {
677 /*
678 * 802.11b or 802.11g with 802.11b compatibility:
679 * 18.3.4: TXTIME = PreambleLength + PLCPHeaderTime +
680 * Ceiling(((LENGTH+PBCC)x8)/DATARATE). PBCC=0.
681 *
682 * 802.11 (DS): 15.3.3, 802.11b: 18.3.4
683 * aSIFSTime = 10 usec
684 * aPreambleLength = 144 usec or 72 usec with short preamble
685 * aPLCPHeaderLength = 48 usec or 24 usec with short preamble
686 */
687 dur = 10; /* aSIFSTime = 10 usec */
688 dur += short_preamble ? (72 + 24) : (144 + 48);
689
690 dur += DIV_ROUND_UP(8 * (len + 4) * 10, rate);
691 }
692
693 return dur;
694}
695
696
697/* Exported duration function for driver use */
698__le16 ieee80211_generic_frame_duration(struct ieee80211_hw *hw,
699 size_t frame_len, int rate)
700{
701 struct ieee80211_local *local = hw_to_local(hw);
702 u16 dur;
703 int erp;
704
705 erp = ieee80211_is_erp_rate(hw->conf.phymode, rate);
706 dur = ieee80211_frame_duration(local, frame_len, rate,
707 erp, local->short_preamble);
708
709 return cpu_to_le16(dur);
710}
711EXPORT_SYMBOL(ieee80211_generic_frame_duration);
712
713
714static u16 ieee80211_duration(struct ieee80211_txrx_data *tx, int group_addr,
715 int next_frag_len)
716{
717 int rate, mrate, erp, dur, i;
718 struct ieee80211_rate *txrate = tx->u.tx.rate;
719 struct ieee80211_local *local = tx->local;
720 struct ieee80211_hw_mode *mode = tx->u.tx.mode;
721
722 erp = txrate->flags & IEEE80211_RATE_ERP;
723
724 /*
725 * data and mgmt (except PS Poll):
726 * - during CFP: 32768
727 * - during contention period:
728 * if addr1 is group address: 0
729 * if more fragments = 0 and addr1 is individual address: time to
730 * transmit one ACK plus SIFS
731 * if more fragments = 1 and addr1 is individual address: time to
732 * transmit next fragment plus 2 x ACK plus 3 x SIFS
733 *
734 * IEEE 802.11, 9.6:
735 * - control response frame (CTS or ACK) shall be transmitted using the
736 * same rate as the immediately previous frame in the frame exchange
737 * sequence, if this rate belongs to the PHY mandatory rates, or else
738 * at the highest possible rate belonging to the PHY rates in the
739 * BSSBasicRateSet
740 */
741
742 if ((tx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_CTL) {
743 /* TODO: These control frames are not currently sent by
744 * 80211.o, but should they be implemented, this function
745 * needs to be updated to support duration field calculation.
746 *
747 * RTS: time needed to transmit pending data/mgmt frame plus
748 * one CTS frame plus one ACK frame plus 3 x SIFS
749 * CTS: duration of immediately previous RTS minus time
750 * required to transmit CTS and its SIFS
751 * ACK: 0 if immediately previous directed data/mgmt had
752 * more=0, with more=1 duration in ACK frame is duration
753 * from previous frame minus time needed to transmit ACK
754 * and its SIFS
755 * PS Poll: BIT(15) | BIT(14) | aid
756 */
757 return 0;
758 }
759
760 /* data/mgmt */
761 if (0 /* FIX: data/mgmt during CFP */)
762 return 32768;
763
764 if (group_addr) /* Group address as the destination - no ACK */
765 return 0;
766
767 /* Individual destination address:
768 * IEEE 802.11, Ch. 9.6 (after IEEE 802.11g changes)
769 * CTS and ACK frames shall be transmitted using the highest rate in
770 * basic rate set that is less than or equal to the rate of the
771 * immediately previous frame and that is using the same modulation
772 * (CCK or OFDM). If no basic rate set matches with these requirements,
773 * the highest mandatory rate of the PHY that is less than or equal to
774 * the rate of the previous frame is used.
775 * Mandatory rates for IEEE 802.11g PHY: 1, 2, 5.5, 11, 6, 12, 24 Mbps
776 */
777 rate = -1;
778 mrate = 10; /* use 1 Mbps if everything fails */
779 for (i = 0; i < mode->num_rates; i++) {
780 struct ieee80211_rate *r = &mode->rates[i];
781 if (r->rate > txrate->rate)
782 break;
783
784 if (IEEE80211_RATE_MODULATION(txrate->flags) !=
785 IEEE80211_RATE_MODULATION(r->flags))
786 continue;
787
788 if (r->flags & IEEE80211_RATE_BASIC)
789 rate = r->rate;
790 else if (r->flags & IEEE80211_RATE_MANDATORY)
791 mrate = r->rate;
792 }
793 if (rate == -1) {
794 /* No matching basic rate found; use highest suitable mandatory
795 * PHY rate */
796 rate = mrate;
797 }
798
799 /* Time needed to transmit ACK
800 * (10 bytes + 4-byte FCS = 112 bits) plus SIFS; rounded up
801 * to closest integer */
802
803 dur = ieee80211_frame_duration(local, 10, rate, erp,
804 local->short_preamble);
805
806 if (next_frag_len) {
807 /* Frame is fragmented: duration increases with time needed to
808 * transmit next fragment plus ACK and 2 x SIFS. */
809 dur *= 2; /* ACK + SIFS */
810 /* next fragment */
811 dur += ieee80211_frame_duration(local, next_frag_len,
812 txrate->rate, erp,
813 local->short_preamble);
814 }
815
816 return dur;
817}
818
819
820static ieee80211_txrx_result
821ieee80211_tx_h_misc(struct ieee80211_txrx_data *tx)
822{
823 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) tx->skb->data;
824 u16 dur;
825 struct ieee80211_tx_control *control = tx->u.tx.control;
826 struct ieee80211_hw_mode *mode = tx->u.tx.mode;
827
828 if (!is_multicast_ether_addr(hdr->addr1)) {
829 if (tx->skb->len + FCS_LEN > tx->local->rts_threshold &&
830 tx->local->rts_threshold < IEEE80211_MAX_RTS_THRESHOLD) {
831 control->flags |= IEEE80211_TXCTL_USE_RTS_CTS;
832 control->retry_limit =
833 tx->local->long_retry_limit;
834 } else {
835 control->retry_limit =
836 tx->local->short_retry_limit;
837 }
838 } else {
839 control->retry_limit = 1;
840 }
841
842 if (tx->fragmented) {
843 /* Do not use multiple retry rates when sending fragmented
844 * frames.
845 * TODO: The last fragment could still use multiple retry
846 * rates. */
847 control->alt_retry_rate = -1;
848 }
849
850 /* Use CTS protection for unicast frames sent using extended rates if
851 * there are associated non-ERP stations and RTS/CTS is not configured
852 * for the frame. */
853 if (mode->mode == MODE_IEEE80211G &&
854 (tx->u.tx.rate->flags & IEEE80211_RATE_ERP) &&
855 tx->u.tx.unicast &&
856 tx->local->cts_protect_erp_frames &&
857 !(control->flags & IEEE80211_TXCTL_USE_RTS_CTS))
858 control->flags |= IEEE80211_TXCTL_USE_CTS_PROTECT;
859
860 /* Setup duration field for the first fragment of the frame. Duration
861 * for remaining fragments will be updated when they are being sent
862 * to low-level driver in ieee80211_tx(). */
863 dur = ieee80211_duration(tx, is_multicast_ether_addr(hdr->addr1),
864 tx->fragmented ? tx->u.tx.extra_frag[0]->len :
865 0);
866 hdr->duration_id = cpu_to_le16(dur);
867
868 if ((control->flags & IEEE80211_TXCTL_USE_RTS_CTS) ||
869 (control->flags & IEEE80211_TXCTL_USE_CTS_PROTECT)) {
870 struct ieee80211_rate *rate;
871
872 /* Do not use multiple retry rates when using RTS/CTS */
873 control->alt_retry_rate = -1;
874
875 /* Use min(data rate, max base rate) as CTS/RTS rate */
876 rate = tx->u.tx.rate;
877 while (rate > mode->rates &&
878 !(rate->flags & IEEE80211_RATE_BASIC))
879 rate--;
880
881 control->rts_cts_rate = rate->val;
882 control->rts_rate = rate;
883 }
884
885 if (tx->sta) {
886 tx->sta->tx_packets++;
887 tx->sta->tx_fragments++;
888 tx->sta->tx_bytes += tx->skb->len;
889 if (tx->u.tx.extra_frag) {
890 int i;
891 tx->sta->tx_fragments += tx->u.tx.num_extra_frag;
892 for (i = 0; i < tx->u.tx.num_extra_frag; i++) {
893 tx->sta->tx_bytes +=
894 tx->u.tx.extra_frag[i]->len;
895 }
896 }
897 }
898
899 return TXRX_CONTINUE;
900}
901
902
903static ieee80211_txrx_result
904ieee80211_tx_h_check_assoc(struct ieee80211_txrx_data *tx)
905{
906#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
907 struct sk_buff *skb = tx->skb;
908 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
909#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
910 u32 sta_flags;
911
912 if (unlikely(tx->local->sta_scanning != 0) &&
913 ((tx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT ||
914 (tx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_PROBE_REQ))
915 return TXRX_DROP;
916
917 if (tx->u.tx.ps_buffered)
918 return TXRX_CONTINUE;
919
920 sta_flags = tx->sta ? tx->sta->flags : 0;
921
922 if (likely(tx->u.tx.unicast)) {
923 if (unlikely(!(sta_flags & WLAN_STA_ASSOC) &&
924 tx->sdata->type != IEEE80211_IF_TYPE_IBSS &&
925 (tx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA)) {
926#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
927 printk(KERN_DEBUG "%s: dropped data frame to not "
928 "associated station " MAC_FMT "\n",
929 tx->dev->name, MAC_ARG(hdr->addr1));
930#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
931 I802_DEBUG_INC(tx->local->tx_handlers_drop_not_assoc);
932 return TXRX_DROP;
933 }
934 } else {
935 if (unlikely((tx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
936 tx->local->num_sta == 0 &&
937 !tx->local->allow_broadcast_always &&
938 tx->sdata->type != IEEE80211_IF_TYPE_IBSS)) {
939 /*
940 * No associated STAs - no need to send multicast
941 * frames.
942 */
943 return TXRX_DROP;
944 }
945 return TXRX_CONTINUE;
946 }
947
948 if (unlikely(!tx->u.tx.mgmt_interface && tx->sdata->ieee802_1x &&
949 !(sta_flags & WLAN_STA_AUTHORIZED))) {
950#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
951 printk(KERN_DEBUG "%s: dropped frame to " MAC_FMT
952 " (unauthorized port)\n", tx->dev->name,
953 MAC_ARG(hdr->addr1));
954#endif
955 I802_DEBUG_INC(tx->local->tx_handlers_drop_unauth_port);
956 return TXRX_DROP;
957 }
958
959 return TXRX_CONTINUE;
960}
961
962static ieee80211_txrx_result
963ieee80211_tx_h_sequence(struct ieee80211_txrx_data *tx)
964{
965 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
966
967 if (ieee80211_get_hdrlen(le16_to_cpu(hdr->frame_control)) >= 24)
968 ieee80211_include_sequence(tx->sdata, hdr);
969
970 return TXRX_CONTINUE;
971}
972
973/* This function is called whenever the AP is about to exceed the maximum limit
974 * of buffered frames for power saving STAs. This situation should not really
975 * happen often during normal operation, so dropping the oldest buffered packet
976 * from each queue should be OK to make some room for new frames. */
977static void purge_old_ps_buffers(struct ieee80211_local *local)
978{
979 int total = 0, purged = 0;
980 struct sk_buff *skb;
981 struct ieee80211_sub_if_data *sdata;
982 struct sta_info *sta;
983
984 read_lock(&local->sub_if_lock);
985 list_for_each_entry(sdata, &local->sub_if_list, list) {
986 struct ieee80211_if_ap *ap;
987 if (sdata->dev == local->mdev ||
988 sdata->type != IEEE80211_IF_TYPE_AP)
989 continue;
990 ap = &sdata->u.ap;
991 skb = skb_dequeue(&ap->ps_bc_buf);
992 if (skb) {
993 purged++;
994 dev_kfree_skb(skb);
995 }
996 total += skb_queue_len(&ap->ps_bc_buf);
997 }
998 read_unlock(&local->sub_if_lock);
999
1000 spin_lock_bh(&local->sta_lock);
1001 list_for_each_entry(sta, &local->sta_list, list) {
1002 skb = skb_dequeue(&sta->ps_tx_buf);
1003 if (skb) {
1004 purged++;
1005 dev_kfree_skb(skb);
1006 }
1007 total += skb_queue_len(&sta->ps_tx_buf);
1008 }
1009 spin_unlock_bh(&local->sta_lock);
1010
1011 local->total_ps_buffered = total;
1012 printk(KERN_DEBUG "%s: PS buffers full - purged %d frames\n",
1013 local->mdev->name, purged);
1014}
1015
1016
1017static inline ieee80211_txrx_result
1018ieee80211_tx_h_multicast_ps_buf(struct ieee80211_txrx_data *tx)
1019{
1020 /* broadcast/multicast frame */
1021 /* If any of the associated stations is in power save mode,
1022 * the frame is buffered to be sent after DTIM beacon frame */
1023 if ((tx->local->hw.flags & IEEE80211_HW_HOST_BROADCAST_PS_BUFFERING) &&
1024 tx->sdata->type != IEEE80211_IF_TYPE_WDS &&
1025 tx->sdata->bss && atomic_read(&tx->sdata->bss->num_sta_ps) &&
1026 !(tx->fc & IEEE80211_FCTL_ORDER)) {
1027 if (tx->local->total_ps_buffered >= TOTAL_MAX_TX_BUFFER)
1028 purge_old_ps_buffers(tx->local);
1029 if (skb_queue_len(&tx->sdata->bss->ps_bc_buf) >=
1030 AP_MAX_BC_BUFFER) {
1031 if (net_ratelimit()) {
1032 printk(KERN_DEBUG "%s: BC TX buffer full - "
1033 "dropping the oldest frame\n",
1034 tx->dev->name);
1035 }
1036 dev_kfree_skb(skb_dequeue(&tx->sdata->bss->ps_bc_buf));
1037 } else
1038 tx->local->total_ps_buffered++;
1039 skb_queue_tail(&tx->sdata->bss->ps_bc_buf, tx->skb);
1040 return TXRX_QUEUED;
1041 }
1042
1043 return TXRX_CONTINUE;
1044}
1045
1046
1047static inline ieee80211_txrx_result
1048ieee80211_tx_h_unicast_ps_buf(struct ieee80211_txrx_data *tx)
1049{
1050 struct sta_info *sta = tx->sta;
1051
1052 if (unlikely(!sta ||
1053 ((tx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_MGMT &&
1054 (tx->fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_PROBE_RESP)))
1055 return TXRX_CONTINUE;
1056
1057 if (unlikely((sta->flags & WLAN_STA_PS) && !sta->pspoll)) {
1058 struct ieee80211_tx_packet_data *pkt_data;
1059#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
1060 printk(KERN_DEBUG "STA " MAC_FMT " aid %d: PS buffer (entries "
1061 "before %d)\n",
1062 MAC_ARG(sta->addr), sta->aid,
1063 skb_queue_len(&sta->ps_tx_buf));
1064#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
1065 sta->flags |= WLAN_STA_TIM;
1066 if (tx->local->total_ps_buffered >= TOTAL_MAX_TX_BUFFER)
1067 purge_old_ps_buffers(tx->local);
1068 if (skb_queue_len(&sta->ps_tx_buf) >= STA_MAX_TX_BUFFER) {
1069 struct sk_buff *old = skb_dequeue(&sta->ps_tx_buf);
1070 if (net_ratelimit()) {
1071 printk(KERN_DEBUG "%s: STA " MAC_FMT " TX "
1072 "buffer full - dropping oldest frame\n",
1073 tx->dev->name, MAC_ARG(sta->addr));
1074 }
1075 dev_kfree_skb(old);
1076 } else
1077 tx->local->total_ps_buffered++;
1078 /* Queue frame to be sent after STA sends an PS Poll frame */
1079 if (skb_queue_empty(&sta->ps_tx_buf)) {
1080 if (tx->local->ops->set_tim)
1081 tx->local->ops->set_tim(local_to_hw(tx->local),
1082 sta->aid, 1);
1083 if (tx->sdata->bss)
1084 bss_tim_set(tx->local, tx->sdata->bss, sta->aid);
1085 }
1086 pkt_data = (struct ieee80211_tx_packet_data *)tx->skb->cb;
1087 pkt_data->jiffies = jiffies;
1088 skb_queue_tail(&sta->ps_tx_buf, tx->skb);
1089 return TXRX_QUEUED;
1090 }
1091#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
1092 else if (unlikely(sta->flags & WLAN_STA_PS)) {
1093 printk(KERN_DEBUG "%s: STA " MAC_FMT " in PS mode, but pspoll "
1094 "set -> send frame\n", tx->dev->name,
1095 MAC_ARG(sta->addr));
1096 }
1097#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
1098 sta->pspoll = 0;
1099
1100 return TXRX_CONTINUE;
1101}
1102
1103
1104static ieee80211_txrx_result
1105ieee80211_tx_h_ps_buf(struct ieee80211_txrx_data *tx)
1106{
1107 if (unlikely(tx->u.tx.ps_buffered))
1108 return TXRX_CONTINUE;
1109
1110 if (tx->u.tx.unicast)
1111 return ieee80211_tx_h_unicast_ps_buf(tx);
1112 else
1113 return ieee80211_tx_h_multicast_ps_buf(tx);
1114}
1115
1116
1117static void inline
1118__ieee80211_tx_prepare(struct ieee80211_txrx_data *tx,
1119 struct sk_buff *skb,
1120 struct net_device *dev,
1121 struct ieee80211_tx_control *control)
1122{
1123 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1124 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
1125 int hdrlen;
1126
1127 memset(tx, 0, sizeof(*tx));
1128 tx->skb = skb;
1129 tx->dev = dev; /* use original interface */
1130 tx->local = local;
1131 tx->sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1132 tx->sta = sta_info_get(local, hdr->addr1);
1133 tx->fc = le16_to_cpu(hdr->frame_control);
1134 control->power_level = local->hw.conf.power_level;
1135 tx->u.tx.control = control;
1136 tx->u.tx.unicast = !is_multicast_ether_addr(hdr->addr1);
1137 if (is_multicast_ether_addr(hdr->addr1))
1138 control->flags |= IEEE80211_TXCTL_NO_ACK;
1139 else
1140 control->flags &= ~IEEE80211_TXCTL_NO_ACK;
1141 tx->fragmented = local->fragmentation_threshold <
1142 IEEE80211_MAX_FRAG_THRESHOLD && tx->u.tx.unicast &&
1143 skb->len + FCS_LEN > local->fragmentation_threshold &&
1144 (!local->ops->set_frag_threshold);
1145 if (!tx->sta)
1146 control->flags |= IEEE80211_TXCTL_CLEAR_DST_MASK;
1147 else if (tx->sta->clear_dst_mask) {
1148 control->flags |= IEEE80211_TXCTL_CLEAR_DST_MASK;
1149 tx->sta->clear_dst_mask = 0;
1150 }
1151 control->antenna_sel_tx = local->hw.conf.antenna_sel_tx;
1152 if (local->sta_antenna_sel != STA_ANTENNA_SEL_AUTO && tx->sta)
1153 control->antenna_sel_tx = tx->sta->antenna_sel_tx;
1154 hdrlen = ieee80211_get_hdrlen(tx->fc);
1155 if (skb->len > hdrlen + sizeof(rfc1042_header) + 2) {
1156 u8 *pos = &skb->data[hdrlen + sizeof(rfc1042_header)];
1157 tx->ethertype = (pos[0] << 8) | pos[1];
1158 }
1159 control->flags |= IEEE80211_TXCTL_FIRST_FRAGMENT;
1160
1161}
1162
1163static int inline is_ieee80211_device(struct net_device *dev,
1164 struct net_device *master)
1165{
1166 return (wdev_priv(dev->ieee80211_ptr) ==
1167 wdev_priv(master->ieee80211_ptr));
1168}
1169
1170/* Device in tx->dev has a reference added; use dev_put(tx->dev) when
1171 * finished with it. */
1172static int inline ieee80211_tx_prepare(struct ieee80211_txrx_data *tx,
1173 struct sk_buff *skb,
1174 struct net_device *mdev,
1175 struct ieee80211_tx_control *control)
1176{
1177 struct ieee80211_tx_packet_data *pkt_data;
1178 struct net_device *dev;
1179
1180 pkt_data = (struct ieee80211_tx_packet_data *)skb->cb;
1181 dev = dev_get_by_index(pkt_data->ifindex);
1182 if (unlikely(dev && !is_ieee80211_device(dev, mdev))) {
1183 dev_put(dev);
1184 dev = NULL;
1185 }
1186 if (unlikely(!dev))
1187 return -ENODEV;
1188 __ieee80211_tx_prepare(tx, skb, dev, control);
1189 return 0;
1190}
1191
1192static inline int __ieee80211_queue_stopped(const struct ieee80211_local *local,
1193 int queue)
1194{
1195 return test_bit(IEEE80211_LINK_STATE_XOFF, &local->state[queue]);
1196}
1197
1198static inline int __ieee80211_queue_pending(const struct ieee80211_local *local,
1199 int queue)
1200{
1201 return test_bit(IEEE80211_LINK_STATE_PENDING, &local->state[queue]);
1202}
1203
1204#define IEEE80211_TX_OK 0
1205#define IEEE80211_TX_AGAIN 1
1206#define IEEE80211_TX_FRAG_AGAIN 2
1207
1208static int __ieee80211_tx(struct ieee80211_local *local, struct sk_buff *skb,
1209 struct ieee80211_txrx_data *tx)
1210{
1211 struct ieee80211_tx_control *control = tx->u.tx.control;
1212 int ret, i;
1213
1214 if (!ieee80211_qdisc_installed(local->mdev) &&
1215 __ieee80211_queue_stopped(local, 0)) {
1216 netif_stop_queue(local->mdev);
1217 return IEEE80211_TX_AGAIN;
1218 }
1219 if (skb) {
1220 ieee80211_dump_frame(local->mdev->name, "TX to low-level driver", skb);
1221 ret = local->ops->tx(local_to_hw(local), skb, control);
1222 if (ret)
1223 return IEEE80211_TX_AGAIN;
1224 local->mdev->trans_start = jiffies;
1225 ieee80211_led_tx(local, 1);
1226 }
1227 if (tx->u.tx.extra_frag) {
1228 control->flags &= ~(IEEE80211_TXCTL_USE_RTS_CTS |
1229 IEEE80211_TXCTL_USE_CTS_PROTECT |
1230 IEEE80211_TXCTL_CLEAR_DST_MASK |
1231 IEEE80211_TXCTL_FIRST_FRAGMENT);
1232 for (i = 0; i < tx->u.tx.num_extra_frag; i++) {
1233 if (!tx->u.tx.extra_frag[i])
1234 continue;
1235 if (__ieee80211_queue_stopped(local, control->queue))
1236 return IEEE80211_TX_FRAG_AGAIN;
1237 if (i == tx->u.tx.num_extra_frag) {
1238 control->tx_rate = tx->u.tx.last_frag_hwrate;
1239 control->rate = tx->u.tx.last_frag_rate;
1240 if (tx->u.tx.probe_last_frag)
1241 control->flags |=
1242 IEEE80211_TXCTL_RATE_CTRL_PROBE;
1243 else
1244 control->flags &=
1245 ~IEEE80211_TXCTL_RATE_CTRL_PROBE;
1246 }
1247
1248 ieee80211_dump_frame(local->mdev->name,
1249 "TX to low-level driver",
1250 tx->u.tx.extra_frag[i]);
1251 ret = local->ops->tx(local_to_hw(local),
1252 tx->u.tx.extra_frag[i],
1253 control);
1254 if (ret)
1255 return IEEE80211_TX_FRAG_AGAIN;
1256 local->mdev->trans_start = jiffies;
1257 ieee80211_led_tx(local, 1);
1258 tx->u.tx.extra_frag[i] = NULL;
1259 }
1260 kfree(tx->u.tx.extra_frag);
1261 tx->u.tx.extra_frag = NULL;
1262 }
1263 return IEEE80211_TX_OK;
1264}
1265
1266static int ieee80211_tx(struct net_device *dev, struct sk_buff *skb,
1267 struct ieee80211_tx_control *control, int mgmt)
1268{
1269 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1270 struct sta_info *sta;
1271 ieee80211_tx_handler *handler;
1272 struct ieee80211_txrx_data tx;
1273 ieee80211_txrx_result res = TXRX_DROP;
1274 int ret, i;
1275
1276 WARN_ON(__ieee80211_queue_pending(local, control->queue));
1277
1278 if (unlikely(skb->len < 10)) {
1279 dev_kfree_skb(skb);
1280 return 0;
1281 }
1282
1283 __ieee80211_tx_prepare(&tx, skb, dev, control);
1284 sta = tx.sta;
1285 tx.u.tx.mgmt_interface = mgmt;
1286 tx.u.tx.mode = local->hw.conf.mode;
1287
1288 for (handler = local->tx_handlers; *handler != NULL; handler++) {
1289 res = (*handler)(&tx);
1290 if (res != TXRX_CONTINUE)
1291 break;
1292 }
1293
1294 skb = tx.skb; /* handlers are allowed to change skb */
1295
1296 if (sta)
1297 sta_info_put(sta);
1298
1299 if (unlikely(res == TXRX_DROP)) {
1300 I802_DEBUG_INC(local->tx_handlers_drop);
1301 goto drop;
1302 }
1303
1304 if (unlikely(res == TXRX_QUEUED)) {
1305 I802_DEBUG_INC(local->tx_handlers_queued);
1306 return 0;
1307 }
1308
1309 if (tx.u.tx.extra_frag) {
1310 for (i = 0; i < tx.u.tx.num_extra_frag; i++) {
1311 int next_len, dur;
1312 struct ieee80211_hdr *hdr =
1313 (struct ieee80211_hdr *)
1314 tx.u.tx.extra_frag[i]->data;
1315
1316 if (i + 1 < tx.u.tx.num_extra_frag) {
1317 next_len = tx.u.tx.extra_frag[i + 1]->len;
1318 } else {
1319 next_len = 0;
1320 tx.u.tx.rate = tx.u.tx.last_frag_rate;
1321 tx.u.tx.last_frag_hwrate = tx.u.tx.rate->val;
1322 }
1323 dur = ieee80211_duration(&tx, 0, next_len);
1324 hdr->duration_id = cpu_to_le16(dur);
1325 }
1326 }
1327
1328retry:
1329 ret = __ieee80211_tx(local, skb, &tx);
1330 if (ret) {
1331 struct ieee80211_tx_stored_packet *store =
1332 &local->pending_packet[control->queue];
1333
1334 if (ret == IEEE80211_TX_FRAG_AGAIN)
1335 skb = NULL;
1336 set_bit(IEEE80211_LINK_STATE_PENDING,
1337 &local->state[control->queue]);
1338 smp_mb();
1339 /* When the driver gets out of buffers during sending of
1340 * fragments and calls ieee80211_stop_queue, there is
1341 * a small window between IEEE80211_LINK_STATE_XOFF and
1342 * IEEE80211_LINK_STATE_PENDING flags are set. If a buffer
1343 * gets available in that window (i.e. driver calls
1344 * ieee80211_wake_queue), we would end up with ieee80211_tx
1345 * called with IEEE80211_LINK_STATE_PENDING. Prevent this by
1346 * continuing transmitting here when that situation is
1347 * possible to have happened. */
1348 if (!__ieee80211_queue_stopped(local, control->queue)) {
1349 clear_bit(IEEE80211_LINK_STATE_PENDING,
1350 &local->state[control->queue]);
1351 goto retry;
1352 }
1353 memcpy(&store->control, control,
1354 sizeof(struct ieee80211_tx_control));
1355 store->skb = skb;
1356 store->extra_frag = tx.u.tx.extra_frag;
1357 store->num_extra_frag = tx.u.tx.num_extra_frag;
1358 store->last_frag_hwrate = tx.u.tx.last_frag_hwrate;
1359 store->last_frag_rate = tx.u.tx.last_frag_rate;
1360 store->last_frag_rate_ctrl_probe = tx.u.tx.probe_last_frag;
1361 }
1362 return 0;
1363
1364 drop:
1365 if (skb)
1366 dev_kfree_skb(skb);
1367 for (i = 0; i < tx.u.tx.num_extra_frag; i++)
1368 if (tx.u.tx.extra_frag[i])
1369 dev_kfree_skb(tx.u.tx.extra_frag[i]);
1370 kfree(tx.u.tx.extra_frag);
1371 return 0;
1372}
1373
1374static void ieee80211_tx_pending(unsigned long data)
1375{
1376 struct ieee80211_local *local = (struct ieee80211_local *)data;
1377 struct net_device *dev = local->mdev;
1378 struct ieee80211_tx_stored_packet *store;
1379 struct ieee80211_txrx_data tx;
1380 int i, ret, reschedule = 0;
1381
1382 netif_tx_lock_bh(dev);
1383 for (i = 0; i < local->hw.queues; i++) {
1384 if (__ieee80211_queue_stopped(local, i))
1385 continue;
1386 if (!__ieee80211_queue_pending(local, i)) {
1387 reschedule = 1;
1388 continue;
1389 }
1390 store = &local->pending_packet[i];
1391 tx.u.tx.control = &store->control;
1392 tx.u.tx.extra_frag = store->extra_frag;
1393 tx.u.tx.num_extra_frag = store->num_extra_frag;
1394 tx.u.tx.last_frag_hwrate = store->last_frag_hwrate;
1395 tx.u.tx.last_frag_rate = store->last_frag_rate;
1396 tx.u.tx.probe_last_frag = store->last_frag_rate_ctrl_probe;
1397 ret = __ieee80211_tx(local, store->skb, &tx);
1398 if (ret) {
1399 if (ret == IEEE80211_TX_FRAG_AGAIN)
1400 store->skb = NULL;
1401 } else {
1402 clear_bit(IEEE80211_LINK_STATE_PENDING,
1403 &local->state[i]);
1404 reschedule = 1;
1405 }
1406 }
1407 netif_tx_unlock_bh(dev);
1408 if (reschedule) {
1409 if (!ieee80211_qdisc_installed(dev)) {
1410 if (!__ieee80211_queue_stopped(local, 0))
1411 netif_wake_queue(dev);
1412 } else
1413 netif_schedule(dev);
1414 }
1415}
1416
1417static void ieee80211_clear_tx_pending(struct ieee80211_local *local)
1418{
1419 int i, j;
1420 struct ieee80211_tx_stored_packet *store;
1421
1422 for (i = 0; i < local->hw.queues; i++) {
1423 if (!__ieee80211_queue_pending(local, i))
1424 continue;
1425 store = &local->pending_packet[i];
1426 kfree_skb(store->skb);
1427 for (j = 0; j < store->num_extra_frag; j++)
1428 kfree_skb(store->extra_frag[j]);
1429 kfree(store->extra_frag);
1430 clear_bit(IEEE80211_LINK_STATE_PENDING, &local->state[i]);
1431 }
1432}
1433
1434static int ieee80211_master_start_xmit(struct sk_buff *skb,
1435 struct net_device *dev)
1436{
1437 struct ieee80211_tx_control control;
1438 struct ieee80211_tx_packet_data *pkt_data;
1439 struct net_device *odev = NULL;
1440 struct ieee80211_sub_if_data *osdata;
1441 int headroom;
1442 int ret;
1443
1444 /*
1445 * copy control out of the skb so other people can use skb->cb
1446 */
1447 pkt_data = (struct ieee80211_tx_packet_data *)skb->cb;
1448 memset(&control, 0, sizeof(struct ieee80211_tx_control));
1449
1450 if (pkt_data->ifindex)
1451 odev = dev_get_by_index(pkt_data->ifindex);
1452 if (unlikely(odev && !is_ieee80211_device(odev, dev))) {
1453 dev_put(odev);
1454 odev = NULL;
1455 }
1456 if (unlikely(!odev)) {
1457#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
1458 printk(KERN_DEBUG "%s: Discarded packet with nonexistent "
1459 "originating device\n", dev->name);
1460#endif
1461 dev_kfree_skb(skb);
1462 return 0;
1463 }
1464 osdata = IEEE80211_DEV_TO_SUB_IF(odev);
1465
1466 headroom = osdata->local->hw.extra_tx_headroom +
1467 IEEE80211_ENCRYPT_HEADROOM;
1468 if (skb_headroom(skb) < headroom) {
1469 if (pskb_expand_head(skb, headroom, 0, GFP_ATOMIC)) {
1470 dev_kfree_skb(skb);
1471 return 0;
1472 }
1473 }
1474
1475 control.ifindex = odev->ifindex;
1476 control.type = osdata->type;
1477 if (pkt_data->req_tx_status)
1478 control.flags |= IEEE80211_TXCTL_REQ_TX_STATUS;
1479 if (pkt_data->do_not_encrypt)
1480 control.flags |= IEEE80211_TXCTL_DO_NOT_ENCRYPT;
1481 if (pkt_data->requeue)
1482 control.flags |= IEEE80211_TXCTL_REQUEUE;
1483 control.queue = pkt_data->queue;
1484
1485 ret = ieee80211_tx(odev, skb, &control,
1486 control.type == IEEE80211_IF_TYPE_MGMT);
1487 dev_put(odev);
1488
1489 return ret;
1490}
1491
1492
1493/**
1494 * ieee80211_subif_start_xmit - netif start_xmit function for Ethernet-type
1495 * subinterfaces (wlan#, WDS, and VLAN interfaces)
1496 * @skb: packet to be sent
1497 * @dev: incoming interface
1498 *
1499 * Returns: 0 on success (and frees skb in this case) or 1 on failure (skb will
1500 * not be freed, and caller is responsible for either retrying later or freeing
1501 * skb).
1502 *
1503 * This function takes in an Ethernet header and encapsulates it with suitable
1504 * IEEE 802.11 header based on which interface the packet is coming in. The
1505 * encapsulated packet will then be passed to master interface, wlan#.11, for
1506 * transmission (through low-level driver).
1507 */
1508static int ieee80211_subif_start_xmit(struct sk_buff *skb,
1509 struct net_device *dev)
1510{
1511 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1512 struct ieee80211_tx_packet_data *pkt_data;
1513 struct ieee80211_sub_if_data *sdata;
1514 int ret = 1, head_need;
1515 u16 ethertype, hdrlen, fc;
1516 struct ieee80211_hdr hdr;
1517 const u8 *encaps_data;
1518 int encaps_len, skip_header_bytes;
1519 int nh_pos, h_pos, no_encrypt = 0;
1520 struct sta_info *sta;
1521
1522 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1523 if (unlikely(skb->len < ETH_HLEN)) {
1524 printk(KERN_DEBUG "%s: short skb (len=%d)\n",
1525 dev->name, skb->len);
1526 ret = 0;
1527 goto fail;
1528 }
1529
1530 nh_pos = skb_network_header(skb) - skb->data;
1531 h_pos = skb_transport_header(skb) - skb->data;
1532
1533 /* convert Ethernet header to proper 802.11 header (based on
1534 * operation mode) */
1535 ethertype = (skb->data[12] << 8) | skb->data[13];
1536 /* TODO: handling for 802.1x authorized/unauthorized port */
1537 fc = IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA;
1538
1539 if (likely(sdata->type == IEEE80211_IF_TYPE_AP ||
1540 sdata->type == IEEE80211_IF_TYPE_VLAN)) {
1541 fc |= IEEE80211_FCTL_FROMDS;
1542 /* DA BSSID SA */
1543 memcpy(hdr.addr1, skb->data, ETH_ALEN);
1544 memcpy(hdr.addr2, dev->dev_addr, ETH_ALEN);
1545 memcpy(hdr.addr3, skb->data + ETH_ALEN, ETH_ALEN);
1546 hdrlen = 24;
1547 } else if (sdata->type == IEEE80211_IF_TYPE_WDS) {
1548 fc |= IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS;
1549 /* RA TA DA SA */
1550 memcpy(hdr.addr1, sdata->u.wds.remote_addr, ETH_ALEN);
1551 memcpy(hdr.addr2, dev->dev_addr, ETH_ALEN);
1552 memcpy(hdr.addr3, skb->data, ETH_ALEN);
1553 memcpy(hdr.addr4, skb->data + ETH_ALEN, ETH_ALEN);
1554 hdrlen = 30;
1555 } else if (sdata->type == IEEE80211_IF_TYPE_STA) {
1556 fc |= IEEE80211_FCTL_TODS;
1557 /* BSSID SA DA */
1558 memcpy(hdr.addr1, sdata->u.sta.bssid, ETH_ALEN);
1559 memcpy(hdr.addr2, skb->data + ETH_ALEN, ETH_ALEN);
1560 memcpy(hdr.addr3, skb->data, ETH_ALEN);
1561 hdrlen = 24;
1562 } else if (sdata->type == IEEE80211_IF_TYPE_IBSS) {
1563 /* DA SA BSSID */
1564 memcpy(hdr.addr1, skb->data, ETH_ALEN);
1565 memcpy(hdr.addr2, skb->data + ETH_ALEN, ETH_ALEN);
1566 memcpy(hdr.addr3, sdata->u.sta.bssid, ETH_ALEN);
1567 hdrlen = 24;
1568 } else {
1569 ret = 0;
1570 goto fail;
1571 }
1572
1573 /* receiver is QoS enabled, use a QoS type frame */
1574 sta = sta_info_get(local, hdr.addr1);
1575 if (sta) {
1576 if (sta->flags & WLAN_STA_WME) {
1577 fc |= IEEE80211_STYPE_QOS_DATA;
1578 hdrlen += 2;
1579 }
1580 sta_info_put(sta);
1581 }
1582
1583 hdr.frame_control = cpu_to_le16(fc);
1584 hdr.duration_id = 0;
1585 hdr.seq_ctrl = 0;
1586
1587 skip_header_bytes = ETH_HLEN;
1588 if (ethertype == ETH_P_AARP || ethertype == ETH_P_IPX) {
1589 encaps_data = bridge_tunnel_header;
1590 encaps_len = sizeof(bridge_tunnel_header);
1591 skip_header_bytes -= 2;
1592 } else if (ethertype >= 0x600) {
1593 encaps_data = rfc1042_header;
1594 encaps_len = sizeof(rfc1042_header);
1595 skip_header_bytes -= 2;
1596 } else {
1597 encaps_data = NULL;
1598 encaps_len = 0;
1599 }
1600
1601 skb_pull(skb, skip_header_bytes);
1602 nh_pos -= skip_header_bytes;
1603 h_pos -= skip_header_bytes;
1604
1605 /* TODO: implement support for fragments so that there is no need to
1606 * reallocate and copy payload; it might be enough to support one
1607 * extra fragment that would be copied in the beginning of the frame
1608 * data.. anyway, it would be nice to include this into skb structure
1609 * somehow
1610 *
1611 * There are few options for this:
1612 * use skb->cb as an extra space for 802.11 header
1613 * allocate new buffer if not enough headroom
1614 * make sure that there is enough headroom in every skb by increasing
1615 * build in headroom in __dev_alloc_skb() (linux/skbuff.h) and
1616 * alloc_skb() (net/core/skbuff.c)
1617 */
1618 head_need = hdrlen + encaps_len + local->hw.extra_tx_headroom;
1619 head_need -= skb_headroom(skb);
1620
1621 /* We are going to modify skb data, so make a copy of it if happens to
1622 * be cloned. This could happen, e.g., with Linux bridge code passing
1623 * us broadcast frames. */
1624
1625 if (head_need > 0 || skb_cloned(skb)) {
1626#if 0
1627 printk(KERN_DEBUG "%s: need to reallocate buffer for %d bytes "
1628 "of headroom\n", dev->name, head_need);
1629#endif
1630
1631 if (skb_cloned(skb))
1632 I802_DEBUG_INC(local->tx_expand_skb_head_cloned);
1633 else
1634 I802_DEBUG_INC(local->tx_expand_skb_head);
1635 /* Since we have to reallocate the buffer, make sure that there
1636 * is enough room for possible WEP IV/ICV and TKIP (8 bytes
1637 * before payload and 12 after). */
1638 if (pskb_expand_head(skb, (head_need > 0 ? head_need + 8 : 8),
1639 12, GFP_ATOMIC)) {
1640 printk(KERN_DEBUG "%s: failed to reallocate TX buffer"
1641 "\n", dev->name);
1642 goto fail;
1643 }
1644 }
1645
1646 if (encaps_data) {
1647 memcpy(skb_push(skb, encaps_len), encaps_data, encaps_len);
1648 nh_pos += encaps_len;
1649 h_pos += encaps_len;
1650 }
1651 memcpy(skb_push(skb, hdrlen), &hdr, hdrlen);
1652 nh_pos += hdrlen;
1653 h_pos += hdrlen;
1654
1655 pkt_data = (struct ieee80211_tx_packet_data *)skb->cb;
1656 memset(pkt_data, 0, sizeof(struct ieee80211_tx_packet_data));
1657 pkt_data->ifindex = sdata->dev->ifindex;
1658 pkt_data->mgmt_iface = (sdata->type == IEEE80211_IF_TYPE_MGMT);
1659 pkt_data->do_not_encrypt = no_encrypt;
1660
1661 skb->dev = local->mdev;
1662 sdata->stats.tx_packets++;
1663 sdata->stats.tx_bytes += skb->len;
1664
1665 /* Update skb pointers to various headers since this modified frame
1666 * is going to go through Linux networking code that may potentially
1667 * need things like pointer to IP header. */
1668 skb_set_mac_header(skb, 0);
1669 skb_set_network_header(skb, nh_pos);
1670 skb_set_transport_header(skb, h_pos);
1671
1672 dev->trans_start = jiffies;
1673 dev_queue_xmit(skb);
1674
1675 return 0;
1676
1677 fail:
1678 if (!ret)
1679 dev_kfree_skb(skb);
1680
1681 return ret;
1682}
1683
1684
1685/*
1686 * This is the transmit routine for the 802.11 type interfaces
1687 * called by upper layers of the linux networking
1688 * stack when it has a frame to transmit
1689 */
1690static int
1691ieee80211_mgmt_start_xmit(struct sk_buff *skb, struct net_device *dev)
1692{
1693 struct ieee80211_sub_if_data *sdata;
1694 struct ieee80211_tx_packet_data *pkt_data;
1695 struct ieee80211_hdr *hdr;
1696 u16 fc;
1697
1698 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1699
1700 if (skb->len < 10) {
1701 dev_kfree_skb(skb);
1702 return 0;
1703 }
1704
1705 if (skb_headroom(skb) < sdata->local->hw.extra_tx_headroom) {
1706 if (pskb_expand_head(skb,
1707 sdata->local->hw.extra_tx_headroom, 0, GFP_ATOMIC)) {
1708 dev_kfree_skb(skb);
1709 return 0;
1710 }
1711 }
1712
1713 hdr = (struct ieee80211_hdr *) skb->data;
1714 fc = le16_to_cpu(hdr->frame_control);
1715
1716 pkt_data = (struct ieee80211_tx_packet_data *) skb->cb;
1717 memset(pkt_data, 0, sizeof(struct ieee80211_tx_packet_data));
1718 pkt_data->ifindex = sdata->dev->ifindex;
1719 pkt_data->mgmt_iface = (sdata->type == IEEE80211_IF_TYPE_MGMT);
1720
1721 skb->priority = 20; /* use hardcoded priority for mgmt TX queue */
1722 skb->dev = sdata->local->mdev;
1723
1724 /*
1725 * We're using the protocol field of the the frame control header
1726 * to request TX callback for hostapd. BIT(1) is checked.
1727 */
1728 if ((fc & BIT(1)) == BIT(1)) {
1729 pkt_data->req_tx_status = 1;
1730 fc &= ~BIT(1);
1731 hdr->frame_control = cpu_to_le16(fc);
1732 }
1733
1734 pkt_data->do_not_encrypt = !(fc & IEEE80211_FCTL_PROTECTED);
1735
1736 sdata->stats.tx_packets++;
1737 sdata->stats.tx_bytes += skb->len;
1738
1739 dev_queue_xmit(skb);
1740
1741 return 0;
1742}
1743
1744
1745static void ieee80211_beacon_add_tim(struct ieee80211_local *local,
1746 struct ieee80211_if_ap *bss,
1747 struct sk_buff *skb)
1748{
1749 u8 *pos, *tim;
1750 int aid0 = 0;
1751 int i, have_bits = 0, n1, n2;
1752
1753 /* Generate bitmap for TIM only if there are any STAs in power save
1754 * mode. */
1755 spin_lock_bh(&local->sta_lock);
1756 if (atomic_read(&bss->num_sta_ps) > 0)
1757 /* in the hope that this is faster than
1758 * checking byte-for-byte */
1759 have_bits = !bitmap_empty((unsigned long*)bss->tim,
1760 IEEE80211_MAX_AID+1);
1761
1762 if (bss->dtim_count == 0)
1763 bss->dtim_count = bss->dtim_period - 1;
1764 else
1765 bss->dtim_count--;
1766
1767 tim = pos = (u8 *) skb_put(skb, 6);
1768 *pos++ = WLAN_EID_TIM;
1769 *pos++ = 4;
1770 *pos++ = bss->dtim_count;
1771 *pos++ = bss->dtim_period;
1772
1773 if (bss->dtim_count == 0 && !skb_queue_empty(&bss->ps_bc_buf))
1774 aid0 = 1;
1775
1776 if (have_bits) {
1777 /* Find largest even number N1 so that bits numbered 1 through
1778 * (N1 x 8) - 1 in the bitmap are 0 and number N2 so that bits
1779 * (N2 + 1) x 8 through 2007 are 0. */
1780 n1 = 0;
1781 for (i = 0; i < IEEE80211_MAX_TIM_LEN; i++) {
1782 if (bss->tim[i]) {
1783 n1 = i & 0xfe;
1784 break;
1785 }
1786 }
1787 n2 = n1;
1788 for (i = IEEE80211_MAX_TIM_LEN - 1; i >= n1; i--) {
1789 if (bss->tim[i]) {
1790 n2 = i;
1791 break;
1792 }
1793 }
1794
1795 /* Bitmap control */
1796 *pos++ = n1 | aid0;
1797 /* Part Virt Bitmap */
1798 memcpy(pos, bss->tim + n1, n2 - n1 + 1);
1799
1800 tim[1] = n2 - n1 + 4;
1801 skb_put(skb, n2 - n1);
1802 } else {
1803 *pos++ = aid0; /* Bitmap control */
1804 *pos++ = 0; /* Part Virt Bitmap */
1805 }
1806 spin_unlock_bh(&local->sta_lock);
1807}
1808
1809
1810struct sk_buff * ieee80211_beacon_get(struct ieee80211_hw *hw, int if_id,
1811 struct ieee80211_tx_control *control)
1812{
1813 struct ieee80211_local *local = hw_to_local(hw);
1814 struct sk_buff *skb;
1815 struct net_device *bdev;
1816 struct ieee80211_sub_if_data *sdata = NULL;
1817 struct ieee80211_if_ap *ap = NULL;
1818 struct ieee80211_rate *rate;
1819 struct rate_control_extra extra;
1820 u8 *b_head, *b_tail;
1821 int bh_len, bt_len;
1822
1823 bdev = dev_get_by_index(if_id);
1824 if (bdev) {
1825 sdata = IEEE80211_DEV_TO_SUB_IF(bdev);
1826 ap = &sdata->u.ap;
1827 dev_put(bdev);
1828 }
1829
1830 if (!ap || sdata->type != IEEE80211_IF_TYPE_AP ||
1831 !ap->beacon_head) {
1832#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
1833 if (net_ratelimit())
1834 printk(KERN_DEBUG "no beacon data avail for idx=%d "
1835 "(%s)\n", if_id, bdev ? bdev->name : "N/A");
1836#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
1837 return NULL;
1838 }
1839
1840 /* Assume we are generating the normal beacon locally */
1841 b_head = ap->beacon_head;
1842 b_tail = ap->beacon_tail;
1843 bh_len = ap->beacon_head_len;
1844 bt_len = ap->beacon_tail_len;
1845
1846 skb = dev_alloc_skb(local->hw.extra_tx_headroom +
1847 bh_len + bt_len + 256 /* maximum TIM len */);
1848 if (!skb)
1849 return NULL;
1850
1851 skb_reserve(skb, local->hw.extra_tx_headroom);
1852 memcpy(skb_put(skb, bh_len), b_head, bh_len);
1853
1854 ieee80211_include_sequence(sdata, (struct ieee80211_hdr *)skb->data);
1855
1856 ieee80211_beacon_add_tim(local, ap, skb);
1857
1858 if (b_tail) {
1859 memcpy(skb_put(skb, bt_len), b_tail, bt_len);
1860 }
1861
1862 if (control) {
1863 memset(&extra, 0, sizeof(extra));
1864 extra.mode = local->oper_hw_mode;
1865
1866 rate = rate_control_get_rate(local, local->mdev, skb, &extra);
1867 if (!rate) {
1868 if (net_ratelimit()) {
1869 printk(KERN_DEBUG "%s: ieee80211_beacon_get: no rate "
1870 "found\n", local->mdev->name);
1871 }
1872 dev_kfree_skb(skb);
1873 return NULL;
1874 }
1875
1876 control->tx_rate = (local->short_preamble &&
1877 (rate->flags & IEEE80211_RATE_PREAMBLE2)) ?
1878 rate->val2 : rate->val;
1879 control->antenna_sel_tx = local->hw.conf.antenna_sel_tx;
1880 control->power_level = local->hw.conf.power_level;
1881 control->flags |= IEEE80211_TXCTL_NO_ACK;
1882 control->retry_limit = 1;
1883 control->flags |= IEEE80211_TXCTL_CLEAR_DST_MASK;
1884 }
1885
1886 ap->num_beacons++;
1887 return skb;
1888}
1889EXPORT_SYMBOL(ieee80211_beacon_get);
1890
1891__le16 ieee80211_rts_duration(struct ieee80211_hw *hw,
1892 size_t frame_len,
1893 const struct ieee80211_tx_control *frame_txctl)
1894{
1895 struct ieee80211_local *local = hw_to_local(hw);
1896 struct ieee80211_rate *rate;
1897 int short_preamble = local->short_preamble;
1898 int erp;
1899 u16 dur;
1900
1901 rate = frame_txctl->rts_rate;
1902 erp = !!(rate->flags & IEEE80211_RATE_ERP);
1903
1904 /* CTS duration */
1905 dur = ieee80211_frame_duration(local, 10, rate->rate,
1906 erp, short_preamble);
1907 /* Data frame duration */
1908 dur += ieee80211_frame_duration(local, frame_len, rate->rate,
1909 erp, short_preamble);
1910 /* ACK duration */
1911 dur += ieee80211_frame_duration(local, 10, rate->rate,
1912 erp, short_preamble);
1913
1914 return cpu_to_le16(dur);
1915}
1916EXPORT_SYMBOL(ieee80211_rts_duration);
1917
1918
1919__le16 ieee80211_ctstoself_duration(struct ieee80211_hw *hw,
1920 size_t frame_len,
1921 const struct ieee80211_tx_control *frame_txctl)
1922{
1923 struct ieee80211_local *local = hw_to_local(hw);
1924 struct ieee80211_rate *rate;
1925 int short_preamble = local->short_preamble;
1926 int erp;
1927 u16 dur;
1928
1929 rate = frame_txctl->rts_rate;
1930 erp = !!(rate->flags & IEEE80211_RATE_ERP);
1931
1932 /* Data frame duration */
1933 dur = ieee80211_frame_duration(local, frame_len, rate->rate,
1934 erp, short_preamble);
1935 if (!(frame_txctl->flags & IEEE80211_TXCTL_NO_ACK)) {
1936 /* ACK duration */
1937 dur += ieee80211_frame_duration(local, 10, rate->rate,
1938 erp, short_preamble);
1939 }
1940
1941 return cpu_to_le16(dur);
1942}
1943EXPORT_SYMBOL(ieee80211_ctstoself_duration);
1944
1945void ieee80211_rts_get(struct ieee80211_hw *hw,
1946 const void *frame, size_t frame_len,
1947 const struct ieee80211_tx_control *frame_txctl,
1948 struct ieee80211_rts *rts)
1949{
1950 const struct ieee80211_hdr *hdr = frame;
1951 u16 fctl;
1952
1953 fctl = IEEE80211_FTYPE_CTL | IEEE80211_STYPE_RTS;
1954 rts->frame_control = cpu_to_le16(fctl);
1955 rts->duration = ieee80211_rts_duration(hw, frame_len, frame_txctl);
1956 memcpy(rts->ra, hdr->addr1, sizeof(rts->ra));
1957 memcpy(rts->ta, hdr->addr2, sizeof(rts->ta));
1958}
1959EXPORT_SYMBOL(ieee80211_rts_get);
1960
1961void ieee80211_ctstoself_get(struct ieee80211_hw *hw,
1962 const void *frame, size_t frame_len,
1963 const struct ieee80211_tx_control *frame_txctl,
1964 struct ieee80211_cts *cts)
1965{
1966 const struct ieee80211_hdr *hdr = frame;
1967 u16 fctl;
1968
1969 fctl = IEEE80211_FTYPE_CTL | IEEE80211_STYPE_CTS;
1970 cts->frame_control = cpu_to_le16(fctl);
1971 cts->duration = ieee80211_ctstoself_duration(hw, frame_len, frame_txctl);
1972 memcpy(cts->ra, hdr->addr1, sizeof(cts->ra));
1973}
1974EXPORT_SYMBOL(ieee80211_ctstoself_get);
1975
1976struct sk_buff *
1977ieee80211_get_buffered_bc(struct ieee80211_hw *hw, int if_id,
1978 struct ieee80211_tx_control *control)
1979{
1980 struct ieee80211_local *local = hw_to_local(hw);
1981 struct sk_buff *skb;
1982 struct sta_info *sta;
1983 ieee80211_tx_handler *handler;
1984 struct ieee80211_txrx_data tx;
1985 ieee80211_txrx_result res = TXRX_DROP;
1986 struct net_device *bdev;
1987 struct ieee80211_sub_if_data *sdata;
1988 struct ieee80211_if_ap *bss = NULL;
1989
1990 bdev = dev_get_by_index(if_id);
1991 if (bdev) {
1992 sdata = IEEE80211_DEV_TO_SUB_IF(bdev);
1993 bss = &sdata->u.ap;
1994 dev_put(bdev);
1995 }
1996 if (!bss || sdata->type != IEEE80211_IF_TYPE_AP || !bss->beacon_head)
1997 return NULL;
1998
1999 if (bss->dtim_count != 0)
2000 return NULL; /* send buffered bc/mc only after DTIM beacon */
2001 memset(control, 0, sizeof(*control));
2002 while (1) {
2003 skb = skb_dequeue(&bss->ps_bc_buf);
2004 if (!skb)
2005 return NULL;
2006 local->total_ps_buffered--;
2007
2008 if (!skb_queue_empty(&bss->ps_bc_buf) && skb->len >= 2) {
2009 struct ieee80211_hdr *hdr =
2010 (struct ieee80211_hdr *) skb->data;
2011 /* more buffered multicast/broadcast frames ==> set
2012 * MoreData flag in IEEE 802.11 header to inform PS
2013 * STAs */
2014 hdr->frame_control |=
2015 cpu_to_le16(IEEE80211_FCTL_MOREDATA);
2016 }
2017
2018 if (ieee80211_tx_prepare(&tx, skb, local->mdev, control) == 0)
2019 break;
2020 dev_kfree_skb_any(skb);
2021 }
2022 sta = tx.sta;
2023 tx.u.tx.ps_buffered = 1;
2024
2025 for (handler = local->tx_handlers; *handler != NULL; handler++) {
2026 res = (*handler)(&tx);
2027 if (res == TXRX_DROP || res == TXRX_QUEUED)
2028 break;
2029 }
2030 dev_put(tx.dev);
2031 skb = tx.skb; /* handlers are allowed to change skb */
2032
2033 if (res == TXRX_DROP) {
2034 I802_DEBUG_INC(local->tx_handlers_drop);
2035 dev_kfree_skb(skb);
2036 skb = NULL;
2037 } else if (res == TXRX_QUEUED) {
2038 I802_DEBUG_INC(local->tx_handlers_queued);
2039 skb = NULL;
2040 }
2041
2042 if (sta)
2043 sta_info_put(sta);
2044
2045 return skb;
2046}
2047EXPORT_SYMBOL(ieee80211_get_buffered_bc);
2048
2049static int __ieee80211_if_config(struct net_device *dev,
2050 struct sk_buff *beacon,
2051 struct ieee80211_tx_control *control)
2052{
2053 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2054 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2055 struct ieee80211_if_conf conf;
2056 static u8 scan_bssid[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
2057
2058 if (!local->ops->config_interface || !netif_running(dev))
2059 return 0;
2060
2061 memset(&conf, 0, sizeof(conf));
2062 conf.type = sdata->type;
2063 if (sdata->type == IEEE80211_IF_TYPE_STA ||
2064 sdata->type == IEEE80211_IF_TYPE_IBSS) {
2065 if (local->sta_scanning &&
2066 local->scan_dev == dev)
2067 conf.bssid = scan_bssid;
2068 else
2069 conf.bssid = sdata->u.sta.bssid;
2070 conf.ssid = sdata->u.sta.ssid;
2071 conf.ssid_len = sdata->u.sta.ssid_len;
2072 conf.generic_elem = sdata->u.sta.extra_ie;
2073 conf.generic_elem_len = sdata->u.sta.extra_ie_len;
2074 } else if (sdata->type == IEEE80211_IF_TYPE_AP) {
2075 conf.ssid = sdata->u.ap.ssid;
2076 conf.ssid_len = sdata->u.ap.ssid_len;
2077 conf.generic_elem = sdata->u.ap.generic_elem;
2078 conf.generic_elem_len = sdata->u.ap.generic_elem_len;
2079 conf.beacon = beacon;
2080 conf.beacon_control = control;
2081 }
2082 return local->ops->config_interface(local_to_hw(local),
2083 dev->ifindex, &conf);
2084}
2085
2086int ieee80211_if_config(struct net_device *dev)
2087{
2088 return __ieee80211_if_config(dev, NULL, NULL);
2089}
2090
2091int ieee80211_if_config_beacon(struct net_device *dev)
2092{
2093 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2094 struct ieee80211_tx_control control;
2095 struct sk_buff *skb;
2096
2097 if (!(local->hw.flags & IEEE80211_HW_HOST_GEN_BEACON_TEMPLATE))
2098 return 0;
2099 skb = ieee80211_beacon_get(local_to_hw(local), dev->ifindex, &control);
2100 if (!skb)
2101 return -ENOMEM;
2102 return __ieee80211_if_config(dev, skb, &control);
2103}
2104
2105int ieee80211_hw_config(struct ieee80211_local *local)
2106{
2107 struct ieee80211_hw_mode *mode;
2108 struct ieee80211_channel *chan;
2109 int ret = 0;
2110
2111 if (local->sta_scanning) {
2112 chan = local->scan_channel;
2113 mode = local->scan_hw_mode;
2114 } else {
2115 chan = local->oper_channel;
2116 mode = local->oper_hw_mode;
2117 }
2118
2119 local->hw.conf.channel = chan->chan;
2120 local->hw.conf.channel_val = chan->val;
2121 local->hw.conf.power_level = chan->power_level;
2122 local->hw.conf.freq = chan->freq;
2123 local->hw.conf.phymode = mode->mode;
2124 local->hw.conf.antenna_max = chan->antenna_max;
2125 local->hw.conf.chan = chan;
2126 local->hw.conf.mode = mode;
2127
2128#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
2129 printk(KERN_DEBUG "HW CONFIG: channel=%d freq=%d "
2130 "phymode=%d\n", local->hw.conf.channel, local->hw.conf.freq,
2131 local->hw.conf.phymode);
2132#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
2133
2134 if (local->ops->config)
2135 ret = local->ops->config(local_to_hw(local), &local->hw.conf);
2136
2137 return ret;
2138}
2139
2140
2141static int ieee80211_change_mtu(struct net_device *dev, int new_mtu)
2142{
2143 /* FIX: what would be proper limits for MTU?
2144 * This interface uses 802.3 frames. */
2145 if (new_mtu < 256 || new_mtu > IEEE80211_MAX_DATA_LEN - 24 - 6) {
2146 printk(KERN_WARNING "%s: invalid MTU %d\n",
2147 dev->name, new_mtu);
2148 return -EINVAL;
2149 }
2150
2151#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
2152 printk(KERN_DEBUG "%s: setting MTU %d\n", dev->name, new_mtu);
2153#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
2154 dev->mtu = new_mtu;
2155 return 0;
2156}
2157
2158
2159static int ieee80211_change_mtu_apdev(struct net_device *dev, int new_mtu)
2160{
2161 /* FIX: what would be proper limits for MTU?
2162 * This interface uses 802.11 frames. */
2163 if (new_mtu < 256 || new_mtu > IEEE80211_MAX_DATA_LEN) {
2164 printk(KERN_WARNING "%s: invalid MTU %d\n",
2165 dev->name, new_mtu);
2166 return -EINVAL;
2167 }
2168
2169#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
2170 printk(KERN_DEBUG "%s: setting MTU %d\n", dev->name, new_mtu);
2171#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
2172 dev->mtu = new_mtu;
2173 return 0;
2174}
2175
2176enum netif_tx_lock_class {
2177 TX_LOCK_NORMAL,
2178 TX_LOCK_MASTER,
2179};
2180
2181static inline void netif_tx_lock_nested(struct net_device *dev, int subclass)
2182{
2183 spin_lock_nested(&dev->_xmit_lock, subclass);
2184 dev->xmit_lock_owner = smp_processor_id();
2185}
2186
2187static void ieee80211_set_multicast_list(struct net_device *dev)
2188{
2189 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2190 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2191 unsigned short flags;
2192
2193 netif_tx_lock_nested(local->mdev, TX_LOCK_MASTER);
2194 if (((dev->flags & IFF_ALLMULTI) != 0) ^ (sdata->allmulti != 0)) {
2195 if (sdata->allmulti) {
2196 sdata->allmulti = 0;
2197 local->iff_allmultis--;
2198 } else {
2199 sdata->allmulti = 1;
2200 local->iff_allmultis++;
2201 }
2202 }
2203 if (((dev->flags & IFF_PROMISC) != 0) ^ (sdata->promisc != 0)) {
2204 if (sdata->promisc) {
2205 sdata->promisc = 0;
2206 local->iff_promiscs--;
2207 } else {
2208 sdata->promisc = 1;
2209 local->iff_promiscs++;
2210 }
2211 }
2212 if (dev->mc_count != sdata->mc_count) {
2213 local->mc_count = local->mc_count - sdata->mc_count +
2214 dev->mc_count;
2215 sdata->mc_count = dev->mc_count;
2216 }
2217 if (local->ops->set_multicast_list) {
2218 flags = local->mdev->flags;
2219 if (local->iff_allmultis)
2220 flags |= IFF_ALLMULTI;
2221 if (local->iff_promiscs)
2222 flags |= IFF_PROMISC;
2223 read_lock(&local->sub_if_lock);
2224 local->ops->set_multicast_list(local_to_hw(local), flags,
2225 local->mc_count);
2226 read_unlock(&local->sub_if_lock);
2227 }
2228 netif_tx_unlock(local->mdev);
2229}
2230
2231struct dev_mc_list *ieee80211_get_mc_list_item(struct ieee80211_hw *hw,
2232 struct dev_mc_list *prev,
2233 void **ptr)
2234{
2235 struct ieee80211_local *local = hw_to_local(hw);
2236 struct ieee80211_sub_if_data *sdata = *ptr;
2237 struct dev_mc_list *mc;
2238
2239 if (!prev) {
2240 WARN_ON(sdata);
2241 sdata = NULL;
2242 }
2243 if (!prev || !prev->next) {
2244 if (sdata)
2245 sdata = list_entry(sdata->list.next,
2246 struct ieee80211_sub_if_data, list);
2247 else
2248 sdata = list_entry(local->sub_if_list.next,
2249 struct ieee80211_sub_if_data, list);
2250 if (&sdata->list != &local->sub_if_list)
2251 mc = sdata->dev->mc_list;
2252 else
2253 mc = NULL;
2254 } else
2255 mc = prev->next;
2256
2257 *ptr = sdata;
2258 return mc;
2259}
2260EXPORT_SYMBOL(ieee80211_get_mc_list_item);
2261
2262static struct net_device_stats *ieee80211_get_stats(struct net_device *dev)
2263{
2264 struct ieee80211_sub_if_data *sdata;
2265 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2266 return &(sdata->stats);
2267}
2268
2269static void ieee80211_if_shutdown(struct net_device *dev)
2270{
2271 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2272 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2273
2274 ASSERT_RTNL();
2275 switch (sdata->type) {
2276 case IEEE80211_IF_TYPE_STA:
2277 case IEEE80211_IF_TYPE_IBSS:
2278 sdata->u.sta.state = IEEE80211_DISABLED;
2279 del_timer_sync(&sdata->u.sta.timer);
2280 skb_queue_purge(&sdata->u.sta.skb_queue);
2281 if (!local->ops->hw_scan &&
2282 local->scan_dev == sdata->dev) {
2283 local->sta_scanning = 0;
2284 cancel_delayed_work(&local->scan_work);
2285 }
2286 flush_workqueue(local->hw.workqueue);
2287 break;
2288 }
2289}
2290
2291static inline int identical_mac_addr_allowed(int type1, int type2)
2292{
2293 return (type1 == IEEE80211_IF_TYPE_MNTR ||
2294 type2 == IEEE80211_IF_TYPE_MNTR ||
2295 (type1 == IEEE80211_IF_TYPE_AP &&
2296 type2 == IEEE80211_IF_TYPE_WDS) ||
2297 (type1 == IEEE80211_IF_TYPE_WDS &&
2298 (type2 == IEEE80211_IF_TYPE_WDS ||
2299 type2 == IEEE80211_IF_TYPE_AP)) ||
2300 (type1 == IEEE80211_IF_TYPE_AP &&
2301 type2 == IEEE80211_IF_TYPE_VLAN) ||
2302 (type1 == IEEE80211_IF_TYPE_VLAN &&
2303 (type2 == IEEE80211_IF_TYPE_AP ||
2304 type2 == IEEE80211_IF_TYPE_VLAN)));
2305}
2306
2307static int ieee80211_master_open(struct net_device *dev)
2308{
2309 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2310 struct ieee80211_sub_if_data *sdata;
2311 int res = -EOPNOTSUPP;
2312
2313 read_lock(&local->sub_if_lock);
2314 list_for_each_entry(sdata, &local->sub_if_list, list) {
2315 if (sdata->dev != dev && netif_running(sdata->dev)) {
2316 res = 0;
2317 break;
2318 }
2319 }
2320 read_unlock(&local->sub_if_lock);
2321 return res;
2322}
2323
2324static int ieee80211_master_stop(struct net_device *dev)
2325{
2326 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2327 struct ieee80211_sub_if_data *sdata;
2328
2329 read_lock(&local->sub_if_lock);
2330 list_for_each_entry(sdata, &local->sub_if_list, list)
2331 if (sdata->dev != dev && netif_running(sdata->dev))
2332 dev_close(sdata->dev);
2333 read_unlock(&local->sub_if_lock);
2334
2335 return 0;
2336}
2337
2338static int ieee80211_mgmt_open(struct net_device *dev)
2339{
2340 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2341
2342 if (!netif_running(local->mdev))
2343 return -EOPNOTSUPP;
2344 return 0;
2345}
2346
2347static int ieee80211_mgmt_stop(struct net_device *dev)
2348{
2349 return 0;
2350}
2351
2352/* Check if running monitor interfaces should go to a "soft monitor" mode
2353 * and switch them if necessary. */
2354static inline void ieee80211_start_soft_monitor(struct ieee80211_local *local)
2355{
2356 struct ieee80211_if_init_conf conf;
2357
2358 if (local->open_count && local->open_count == local->monitors &&
2359 !(local->hw.flags & IEEE80211_HW_MONITOR_DURING_OPER) &&
2360 local->ops->remove_interface) {
2361 conf.if_id = -1;
2362 conf.type = IEEE80211_IF_TYPE_MNTR;
2363 conf.mac_addr = NULL;
2364 local->ops->remove_interface(local_to_hw(local), &conf);
2365 }
2366}
2367
2368/* Check if running monitor interfaces should go to a "hard monitor" mode
2369 * and switch them if necessary. */
2370static void ieee80211_start_hard_monitor(struct ieee80211_local *local)
2371{
2372 struct ieee80211_if_init_conf conf;
2373
2374 if (local->open_count && local->open_count == local->monitors &&
2375 !(local->hw.flags & IEEE80211_HW_MONITOR_DURING_OPER) &&
2376 local->ops->add_interface) {
2377 conf.if_id = -1;
2378 conf.type = IEEE80211_IF_TYPE_MNTR;
2379 conf.mac_addr = NULL;
2380 local->ops->add_interface(local_to_hw(local), &conf);
2381 }
2382}
2383
2384static int ieee80211_open(struct net_device *dev)
2385{
2386 struct ieee80211_sub_if_data *sdata, *nsdata;
2387 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2388 struct ieee80211_if_init_conf conf;
2389 int res;
2390
2391 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2392 read_lock(&local->sub_if_lock);
2393 list_for_each_entry(nsdata, &local->sub_if_list, list) {
2394 struct net_device *ndev = nsdata->dev;
2395
2396 if (ndev != dev && ndev != local->mdev && netif_running(ndev) &&
2397 compare_ether_addr(dev->dev_addr, ndev->dev_addr) == 0 &&
2398 !identical_mac_addr_allowed(sdata->type, nsdata->type)) {
2399 read_unlock(&local->sub_if_lock);
2400 return -ENOTUNIQ;
2401 }
2402 }
2403 read_unlock(&local->sub_if_lock);
2404
2405 if (sdata->type == IEEE80211_IF_TYPE_WDS &&
2406 is_zero_ether_addr(sdata->u.wds.remote_addr))
2407 return -ENOLINK;
2408
2409 if (sdata->type == IEEE80211_IF_TYPE_MNTR && local->open_count &&
2410 !(local->hw.flags & IEEE80211_HW_MONITOR_DURING_OPER)) {
2411 /* run the interface in a "soft monitor" mode */
2412 local->monitors++;
2413 local->open_count++;
2414 local->hw.conf.flags |= IEEE80211_CONF_RADIOTAP;
2415 return 0;
2416 }
2417 ieee80211_start_soft_monitor(local);
2418
2419 if (local->ops->add_interface) {
2420 conf.if_id = dev->ifindex;
2421 conf.type = sdata->type;
2422 conf.mac_addr = dev->dev_addr;
2423 res = local->ops->add_interface(local_to_hw(local), &conf);
2424 if (res) {
2425 if (sdata->type == IEEE80211_IF_TYPE_MNTR)
2426 ieee80211_start_hard_monitor(local);
2427 return res;
2428 }
2429 } else {
2430 if (sdata->type != IEEE80211_IF_TYPE_STA)
2431 return -EOPNOTSUPP;
2432 if (local->open_count > 0)
2433 return -ENOBUFS;
2434 }
2435
2436 if (local->open_count == 0) {
2437 res = 0;
2438 tasklet_enable(&local->tx_pending_tasklet);
2439 tasklet_enable(&local->tasklet);
2440 if (local->ops->open)
2441 res = local->ops->open(local_to_hw(local));
2442 if (res == 0) {
2443 res = dev_open(local->mdev);
2444 if (res) {
2445 if (local->ops->stop)
2446 local->ops->stop(local_to_hw(local));
2447 } else {
2448 res = ieee80211_hw_config(local);
2449 if (res && local->ops->stop)
2450 local->ops->stop(local_to_hw(local));
2451 else if (!res && local->apdev)
2452 dev_open(local->apdev);
2453 }
2454 }
2455 if (res) {
2456 if (local->ops->remove_interface)
2457 local->ops->remove_interface(local_to_hw(local),
2458 &conf);
2459 return res;
2460 }
2461 }
2462 local->open_count++;
2463
2464 if (sdata->type == IEEE80211_IF_TYPE_MNTR) {
2465 local->monitors++;
2466 local->hw.conf.flags |= IEEE80211_CONF_RADIOTAP;
2467 } else
2468 ieee80211_if_config(dev);
2469
2470 if (sdata->type == IEEE80211_IF_TYPE_STA &&
2471 !local->user_space_mlme)
2472 netif_carrier_off(dev);
2473
2474 netif_start_queue(dev);
2475 return 0;
2476}
2477
2478
2479static int ieee80211_stop(struct net_device *dev)
2480{
2481 struct ieee80211_sub_if_data *sdata;
2482 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2483
2484 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2485
2486 if (sdata->type == IEEE80211_IF_TYPE_MNTR &&
2487 local->open_count > 1 &&
2488 !(local->hw.flags & IEEE80211_HW_MONITOR_DURING_OPER)) {
2489 /* remove "soft monitor" interface */
2490 local->open_count--;
2491 local->monitors--;
2492 if (!local->monitors)
2493 local->hw.conf.flags &= ~IEEE80211_CONF_RADIOTAP;
2494 return 0;
2495 }
2496
2497 netif_stop_queue(dev);
2498 ieee80211_if_shutdown(dev);
2499
2500 if (sdata->type == IEEE80211_IF_TYPE_MNTR) {
2501 local->monitors--;
2502 if (!local->monitors)
2503 local->hw.conf.flags &= ~IEEE80211_CONF_RADIOTAP;
2504 }
2505
2506 local->open_count--;
2507 if (local->open_count == 0) {
2508 if (netif_running(local->mdev))
2509 dev_close(local->mdev);
2510 if (local->apdev)
2511 dev_close(local->apdev);
2512 if (local->ops->stop)
2513 local->ops->stop(local_to_hw(local));
2514 tasklet_disable(&local->tx_pending_tasklet);
2515 tasklet_disable(&local->tasklet);
2516 }
2517 if (local->ops->remove_interface) {
2518 struct ieee80211_if_init_conf conf;
2519
2520 conf.if_id = dev->ifindex;
2521 conf.type = sdata->type;
2522 conf.mac_addr = dev->dev_addr;
2523 local->ops->remove_interface(local_to_hw(local), &conf);
2524 }
2525
2526 ieee80211_start_hard_monitor(local);
2527
2528 return 0;
2529}
2530
2531
2532static int header_parse_80211(struct sk_buff *skb, unsigned char *haddr)
2533{
2534 memcpy(haddr, skb_mac_header(skb) + 10, ETH_ALEN); /* addr2 */
2535 return ETH_ALEN;
2536}
2537
2538static inline int ieee80211_bssid_match(const u8 *raddr, const u8 *addr)
2539{
2540 return compare_ether_addr(raddr, addr) == 0 ||
2541 is_broadcast_ether_addr(raddr);
2542}
2543
2544
2545static ieee80211_txrx_result
2546ieee80211_rx_h_data(struct ieee80211_txrx_data *rx)
2547{
2548 struct net_device *dev = rx->dev;
2549 struct ieee80211_local *local = rx->local;
2550 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
2551 u16 fc, hdrlen, ethertype;
2552 u8 *payload;
2553 u8 dst[ETH_ALEN];
2554 u8 src[ETH_ALEN];
2555 struct sk_buff *skb = rx->skb, *skb2;
2556 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2557
2558 fc = rx->fc;
2559 if (unlikely((fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA))
2560 return TXRX_CONTINUE;
2561
2562 if (unlikely(!WLAN_FC_DATA_PRESENT(fc)))
2563 return TXRX_DROP;
2564
2565 hdrlen = ieee80211_get_hdrlen(fc);
2566
2567 /* convert IEEE 802.11 header + possible LLC headers into Ethernet
2568 * header
2569 * IEEE 802.11 address fields:
2570 * ToDS FromDS Addr1 Addr2 Addr3 Addr4
2571 * 0 0 DA SA BSSID n/a
2572 * 0 1 DA BSSID SA n/a
2573 * 1 0 BSSID SA DA n/a
2574 * 1 1 RA TA DA SA
2575 */
2576
2577 switch (fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) {
2578 case IEEE80211_FCTL_TODS:
2579 /* BSSID SA DA */
2580 memcpy(dst, hdr->addr3, ETH_ALEN);
2581 memcpy(src, hdr->addr2, ETH_ALEN);
2582
2583 if (unlikely(sdata->type != IEEE80211_IF_TYPE_AP &&
2584 sdata->type != IEEE80211_IF_TYPE_VLAN)) {
2585 printk(KERN_DEBUG "%s: dropped ToDS frame (BSSID="
2586 MAC_FMT " SA=" MAC_FMT " DA=" MAC_FMT ")\n",
2587 dev->name, MAC_ARG(hdr->addr1),
2588 MAC_ARG(hdr->addr2), MAC_ARG(hdr->addr3));
2589 return TXRX_DROP;
2590 }
2591 break;
2592 case (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS):
2593 /* RA TA DA SA */
2594 memcpy(dst, hdr->addr3, ETH_ALEN);
2595 memcpy(src, hdr->addr4, ETH_ALEN);
2596
2597 if (unlikely(sdata->type != IEEE80211_IF_TYPE_WDS)) {
2598 printk(KERN_DEBUG "%s: dropped FromDS&ToDS frame (RA="
2599 MAC_FMT " TA=" MAC_FMT " DA=" MAC_FMT " SA="
2600 MAC_FMT ")\n",
2601 rx->dev->name, MAC_ARG(hdr->addr1),
2602 MAC_ARG(hdr->addr2), MAC_ARG(hdr->addr3),
2603 MAC_ARG(hdr->addr4));
2604 return TXRX_DROP;
2605 }
2606 break;
2607 case IEEE80211_FCTL_FROMDS:
2608 /* DA BSSID SA */
2609 memcpy(dst, hdr->addr1, ETH_ALEN);
2610 memcpy(src, hdr->addr3, ETH_ALEN);
2611
2612 if (sdata->type != IEEE80211_IF_TYPE_STA) {
2613 return TXRX_DROP;
2614 }
2615 break;
2616 case 0:
2617 /* DA SA BSSID */
2618 memcpy(dst, hdr->addr1, ETH_ALEN);
2619 memcpy(src, hdr->addr2, ETH_ALEN);
2620
2621 if (sdata->type != IEEE80211_IF_TYPE_IBSS) {
2622 if (net_ratelimit()) {
2623 printk(KERN_DEBUG "%s: dropped IBSS frame (DA="
2624 MAC_FMT " SA=" MAC_FMT " BSSID=" MAC_FMT
2625 ")\n",
2626 dev->name, MAC_ARG(hdr->addr1),
2627 MAC_ARG(hdr->addr2),
2628 MAC_ARG(hdr->addr3));
2629 }
2630 return TXRX_DROP;
2631 }
2632 break;
2633 }
2634
2635 payload = skb->data + hdrlen;
2636
2637 if (unlikely(skb->len - hdrlen < 8)) {
2638 if (net_ratelimit()) {
2639 printk(KERN_DEBUG "%s: RX too short data frame "
2640 "payload\n", dev->name);
2641 }
2642 return TXRX_DROP;
2643 }
2644
2645 ethertype = (payload[6] << 8) | payload[7];
2646
2647 if (likely((compare_ether_addr(payload, rfc1042_header) == 0 &&
2648 ethertype != ETH_P_AARP && ethertype != ETH_P_IPX) ||
2649 compare_ether_addr(payload, bridge_tunnel_header) == 0)) {
2650 /* remove RFC1042 or Bridge-Tunnel encapsulation and
2651 * replace EtherType */
2652 skb_pull(skb, hdrlen + 6);
2653 memcpy(skb_push(skb, ETH_ALEN), src, ETH_ALEN);
2654 memcpy(skb_push(skb, ETH_ALEN), dst, ETH_ALEN);
2655 } else {
2656 struct ethhdr *ehdr;
2657 __be16 len;
2658 skb_pull(skb, hdrlen);
2659 len = htons(skb->len);
2660 ehdr = (struct ethhdr *) skb_push(skb, sizeof(struct ethhdr));
2661 memcpy(ehdr->h_dest, dst, ETH_ALEN);
2662 memcpy(ehdr->h_source, src, ETH_ALEN);
2663 ehdr->h_proto = len;
2664 }
2665 skb->dev = dev;
2666
2667 skb2 = NULL;
2668
2669 sdata->stats.rx_packets++;
2670 sdata->stats.rx_bytes += skb->len;
2671
2672 if (local->bridge_packets && (sdata->type == IEEE80211_IF_TYPE_AP
2673 || sdata->type == IEEE80211_IF_TYPE_VLAN) && rx->u.rx.ra_match) {
2674 if (is_multicast_ether_addr(skb->data)) {
2675 /* send multicast frames both to higher layers in
2676 * local net stack and back to the wireless media */
2677 skb2 = skb_copy(skb, GFP_ATOMIC);
2678 if (!skb2)
2679 printk(KERN_DEBUG "%s: failed to clone "
2680 "multicast frame\n", dev->name);
2681 } else {
2682 struct sta_info *dsta;
2683 dsta = sta_info_get(local, skb->data);
2684 if (dsta && !dsta->dev) {
2685 printk(KERN_DEBUG "Station with null dev "
2686 "structure!\n");
2687 } else if (dsta && dsta->dev == dev) {
2688 /* Destination station is associated to this
2689 * AP, so send the frame directly to it and
2690 * do not pass the frame to local net stack.
2691 */
2692 skb2 = skb;
2693 skb = NULL;
2694 }
2695 if (dsta)
2696 sta_info_put(dsta);
2697 }
2698 }
2699
2700 if (skb) {
2701 /* deliver to local stack */
2702 skb->protocol = eth_type_trans(skb, dev);
2703 memset(skb->cb, 0, sizeof(skb->cb));
2704 netif_rx(skb);
2705 }
2706
2707 if (skb2) {
2708 /* send to wireless media */
2709 skb2->protocol = __constant_htons(ETH_P_802_3);
2710 skb_set_network_header(skb2, 0);
2711 skb_set_mac_header(skb2, 0);
2712 dev_queue_xmit(skb2);
2713 }
2714
2715 return TXRX_QUEUED;
2716}
2717
2718
2719static struct ieee80211_rate *
2720ieee80211_get_rate(struct ieee80211_local *local, int phymode, int hw_rate)
2721{
2722 struct ieee80211_hw_mode *mode;
2723 int r;
2724
2725 list_for_each_entry(mode, &local->modes_list, list) {
2726 if (mode->mode != phymode)
2727 continue;
2728 for (r = 0; r < mode->num_rates; r++) {
2729 struct ieee80211_rate *rate = &mode->rates[r];
2730 if (rate->val == hw_rate ||
2731 (rate->flags & IEEE80211_RATE_PREAMBLE2 &&
2732 rate->val2 == hw_rate))
2733 return rate;
2734 }
2735 }
2736
2737 return NULL;
2738}
2739
2740static void
2741ieee80211_fill_frame_info(struct ieee80211_local *local,
2742 struct ieee80211_frame_info *fi,
2743 struct ieee80211_rx_status *status)
2744{
2745 if (status) {
2746 struct timespec ts;
2747 struct ieee80211_rate *rate;
2748
2749 jiffies_to_timespec(jiffies, &ts);
2750 fi->hosttime = cpu_to_be64((u64) ts.tv_sec * 1000000 +
2751 ts.tv_nsec / 1000);
2752 fi->mactime = cpu_to_be64(status->mactime);
2753 switch (status->phymode) {
2754 case MODE_IEEE80211A:
2755 fi->phytype = htonl(ieee80211_phytype_ofdm_dot11_a);
2756 break;
2757 case MODE_IEEE80211B:
2758 fi->phytype = htonl(ieee80211_phytype_dsss_dot11_b);
2759 break;
2760 case MODE_IEEE80211G:
2761 fi->phytype = htonl(ieee80211_phytype_pbcc_dot11_g);
2762 break;
2763 case MODE_ATHEROS_TURBO:
2764 fi->phytype =
2765 htonl(ieee80211_phytype_dsss_dot11_turbo);
2766 break;
2767 default:
2768 fi->phytype = htonl(0xAAAAAAAA);
2769 break;
2770 }
2771 fi->channel = htonl(status->channel);
2772 rate = ieee80211_get_rate(local, status->phymode,
2773 status->rate);
2774 if (rate) {
2775 fi->datarate = htonl(rate->rate);
2776 if (rate->flags & IEEE80211_RATE_PREAMBLE2) {
2777 if (status->rate == rate->val)
2778 fi->preamble = htonl(2); /* long */
2779 else if (status->rate == rate->val2)
2780 fi->preamble = htonl(1); /* short */
2781 } else
2782 fi->preamble = htonl(0);
2783 } else {
2784 fi->datarate = htonl(0);
2785 fi->preamble = htonl(0);
2786 }
2787
2788 fi->antenna = htonl(status->antenna);
2789 fi->priority = htonl(0xffffffff); /* no clue */
2790 fi->ssi_type = htonl(ieee80211_ssi_raw);
2791 fi->ssi_signal = htonl(status->ssi);
2792 fi->ssi_noise = 0x00000000;
2793 fi->encoding = 0;
2794 } else {
2795 /* clear everything because we really don't know.
2796 * the msg_type field isn't present on monitor frames
2797 * so we don't know whether it will be present or not,
2798 * but it's ok to not clear it since it'll be assigned
2799 * anyway */
2800 memset(fi, 0, sizeof(*fi) - sizeof(fi->msg_type));
2801
2802 fi->ssi_type = htonl(ieee80211_ssi_none);
2803 }
2804 fi->version = htonl(IEEE80211_FI_VERSION);
2805 fi->length = cpu_to_be32(sizeof(*fi) - sizeof(fi->msg_type));
2806}
2807
2808/* this routine is actually not just for this, but also
2809 * for pushing fake 'management' frames into userspace.
2810 * it shall be replaced by a netlink-based system. */
2811void
2812ieee80211_rx_mgmt(struct ieee80211_local *local, struct sk_buff *skb,
2813 struct ieee80211_rx_status *status, u32 msg_type)
2814{
2815 struct ieee80211_frame_info *fi;
2816 const size_t hlen = sizeof(struct ieee80211_frame_info);
2817 struct ieee80211_sub_if_data *sdata;
2818
2819 skb->dev = local->apdev;
2820
2821 sdata = IEEE80211_DEV_TO_SUB_IF(local->apdev);
2822
2823 if (skb_headroom(skb) < hlen) {
2824 I802_DEBUG_INC(local->rx_expand_skb_head);
2825 if (pskb_expand_head(skb, hlen, 0, GFP_ATOMIC)) {
2826 dev_kfree_skb(skb);
2827 return;
2828 }
2829 }
2830
2831 fi = (struct ieee80211_frame_info *) skb_push(skb, hlen);
2832
2833 ieee80211_fill_frame_info(local, fi, status);
2834 fi->msg_type = htonl(msg_type);
2835
2836 sdata->stats.rx_packets++;
2837 sdata->stats.rx_bytes += skb->len;
2838
2839 skb_set_mac_header(skb, 0);
2840 skb->ip_summed = CHECKSUM_UNNECESSARY;
2841 skb->pkt_type = PACKET_OTHERHOST;
2842 skb->protocol = htons(ETH_P_802_2);
2843 memset(skb->cb, 0, sizeof(skb->cb));
2844 netif_rx(skb);
2845}
2846
2847static void
2848ieee80211_rx_monitor(struct net_device *dev, struct sk_buff *skb,
2849 struct ieee80211_rx_status *status)
2850{
2851 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2852 struct ieee80211_sub_if_data *sdata;
2853 struct ieee80211_rate *rate;
2854 struct ieee80211_rtap_hdr {
2855 struct ieee80211_radiotap_header hdr;
2856 u8 flags;
2857 u8 rate;
2858 __le16 chan_freq;
2859 __le16 chan_flags;
2860 u8 antsignal;
2861 } __attribute__ ((packed)) *rthdr;
2862
2863 skb->dev = dev;
2864
2865 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2866
2867 if (status->flag & RX_FLAG_RADIOTAP)
2868 goto out;
2869
2870 if (skb_headroom(skb) < sizeof(*rthdr)) {
2871 I802_DEBUG_INC(local->rx_expand_skb_head);
2872 if (pskb_expand_head(skb, sizeof(*rthdr), 0, GFP_ATOMIC)) {
2873 dev_kfree_skb(skb);
2874 return;
2875 }
2876 }
2877
2878 rthdr = (struct ieee80211_rtap_hdr *) skb_push(skb, sizeof(*rthdr));
2879 memset(rthdr, 0, sizeof(*rthdr));
2880 rthdr->hdr.it_len = cpu_to_le16(sizeof(*rthdr));
2881 rthdr->hdr.it_present =
2882 cpu_to_le32((1 << IEEE80211_RADIOTAP_FLAGS) |
2883 (1 << IEEE80211_RADIOTAP_RATE) |
2884 (1 << IEEE80211_RADIOTAP_CHANNEL) |
2885 (1 << IEEE80211_RADIOTAP_DB_ANTSIGNAL));
2886 rthdr->flags = local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS ?
2887 IEEE80211_RADIOTAP_F_FCS : 0;
2888 rate = ieee80211_get_rate(local, status->phymode, status->rate);
2889 if (rate)
2890 rthdr->rate = rate->rate / 5;
2891 rthdr->chan_freq = cpu_to_le16(status->freq);
2892 rthdr->chan_flags =
2893 status->phymode == MODE_IEEE80211A ?
2894 cpu_to_le16(IEEE80211_CHAN_OFDM | IEEE80211_CHAN_5GHZ) :
2895 cpu_to_le16(IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ);
2896 rthdr->antsignal = status->ssi;
2897
2898 out:
2899 sdata->stats.rx_packets++;
2900 sdata->stats.rx_bytes += skb->len;
2901
2902 skb_set_mac_header(skb, 0);
2903 skb->ip_summed = CHECKSUM_UNNECESSARY;
2904 skb->pkt_type = PACKET_OTHERHOST;
2905 skb->protocol = htons(ETH_P_802_2);
2906 memset(skb->cb, 0, sizeof(skb->cb));
2907 netif_rx(skb);
2908}
2909
2910int ieee80211_radar_status(struct ieee80211_hw *hw, int channel,
2911 int radar, int radar_type)
2912{
2913 struct sk_buff *skb;
2914 struct ieee80211_radar_info *msg;
2915 struct ieee80211_local *local = hw_to_local(hw);
2916
2917 if (!local->apdev)
2918 return 0;
2919
2920 skb = dev_alloc_skb(sizeof(struct ieee80211_frame_info) +
2921 sizeof(struct ieee80211_radar_info));
2922
2923 if (!skb)
2924 return -ENOMEM;
2925 skb_reserve(skb, sizeof(struct ieee80211_frame_info));
2926
2927 msg = (struct ieee80211_radar_info *)
2928 skb_put(skb, sizeof(struct ieee80211_radar_info));
2929 msg->channel = channel;
2930 msg->radar = radar;
2931 msg->radar_type = radar_type;
2932
2933 ieee80211_rx_mgmt(local, skb, NULL, ieee80211_msg_radar);
2934 return 0;
2935}
2936EXPORT_SYMBOL(ieee80211_radar_status);
2937
2938int ieee80211_set_aid_for_sta(struct ieee80211_hw *hw, u8 *peer_address,
2939 u16 aid)
2940{
2941 struct sk_buff *skb;
2942 struct ieee80211_msg_set_aid_for_sta *msg;
2943 struct ieee80211_local *local = hw_to_local(hw);
2944
2945 /* unlikely because if this event only happens for APs,
2946 * which require an open ap device. */
2947 if (unlikely(!local->apdev))
2948 return 0;
2949
2950 skb = dev_alloc_skb(sizeof(struct ieee80211_frame_info) +
2951 sizeof(struct ieee80211_msg_set_aid_for_sta));
2952
2953 if (!skb)
2954 return -ENOMEM;
2955 skb_reserve(skb, sizeof(struct ieee80211_frame_info));
2956
2957 msg = (struct ieee80211_msg_set_aid_for_sta *)
2958 skb_put(skb, sizeof(struct ieee80211_msg_set_aid_for_sta));
2959 memcpy(msg->sta_address, peer_address, ETH_ALEN);
2960 msg->aid = aid;
2961
2962 ieee80211_rx_mgmt(local, skb, NULL, ieee80211_msg_set_aid_for_sta);
2963 return 0;
2964}
2965EXPORT_SYMBOL(ieee80211_set_aid_for_sta);
2966
2967static void ap_sta_ps_start(struct net_device *dev, struct sta_info *sta)
2968{
2969 struct ieee80211_sub_if_data *sdata;
2970 sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev);
2971
2972 if (sdata->bss)
2973 atomic_inc(&sdata->bss->num_sta_ps);
2974 sta->flags |= WLAN_STA_PS;
2975 sta->pspoll = 0;
2976#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
2977 printk(KERN_DEBUG "%s: STA " MAC_FMT " aid %d enters power "
2978 "save mode\n", dev->name, MAC_ARG(sta->addr), sta->aid);
2979#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
2980}
2981
2982
2983static int ap_sta_ps_end(struct net_device *dev, struct sta_info *sta)
2984{
2985 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2986 struct sk_buff *skb;
2987 int sent = 0;
2988 struct ieee80211_sub_if_data *sdata;
2989 struct ieee80211_tx_packet_data *pkt_data;
2990
2991 sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev);
2992 if (sdata->bss)
2993 atomic_dec(&sdata->bss->num_sta_ps);
2994 sta->flags &= ~(WLAN_STA_PS | WLAN_STA_TIM);
2995 sta->pspoll = 0;
2996 if (!skb_queue_empty(&sta->ps_tx_buf)) {
2997 if (local->ops->set_tim)
2998 local->ops->set_tim(local_to_hw(local), sta->aid, 0);
2999 if (sdata->bss)
3000 bss_tim_clear(local, sdata->bss, sta->aid);
3001 }
3002#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
3003 printk(KERN_DEBUG "%s: STA " MAC_FMT " aid %d exits power "
3004 "save mode\n", dev->name, MAC_ARG(sta->addr), sta->aid);
3005#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
3006 /* Send all buffered frames to the station */
3007 while ((skb = skb_dequeue(&sta->tx_filtered)) != NULL) {
3008 pkt_data = (struct ieee80211_tx_packet_data *) skb->cb;
3009 sent++;
3010 pkt_data->requeue = 1;
3011 dev_queue_xmit(skb);
3012 }
3013 while ((skb = skb_dequeue(&sta->ps_tx_buf)) != NULL) {
3014 pkt_data = (struct ieee80211_tx_packet_data *) skb->cb;
3015 local->total_ps_buffered--;
3016 sent++;
3017#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
3018 printk(KERN_DEBUG "%s: STA " MAC_FMT " aid %d send PS frame "
3019 "since STA not sleeping anymore\n", dev->name,
3020 MAC_ARG(sta->addr), sta->aid);
3021#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
3022 pkt_data->requeue = 1;
3023 dev_queue_xmit(skb);
3024 }
3025
3026 return sent;
3027}
3028
3029
3030static ieee80211_txrx_result
3031ieee80211_rx_h_ps_poll(struct ieee80211_txrx_data *rx)
3032{
3033 struct sk_buff *skb;
3034 int no_pending_pkts;
3035
3036 if (likely(!rx->sta ||
3037 (rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_CTL ||
3038 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_PSPOLL ||
3039 !rx->u.rx.ra_match))
3040 return TXRX_CONTINUE;
3041
3042 skb = skb_dequeue(&rx->sta->tx_filtered);
3043 if (!skb) {
3044 skb = skb_dequeue(&rx->sta->ps_tx_buf);
3045 if (skb)
3046 rx->local->total_ps_buffered--;
3047 }
3048 no_pending_pkts = skb_queue_empty(&rx->sta->tx_filtered) &&
3049 skb_queue_empty(&rx->sta->ps_tx_buf);
3050
3051 if (skb) {
3052 struct ieee80211_hdr *hdr =
3053 (struct ieee80211_hdr *) skb->data;
3054
3055 /* tell TX path to send one frame even though the STA may
3056 * still remain is PS mode after this frame exchange */
3057 rx->sta->pspoll = 1;
3058
3059#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
3060 printk(KERN_DEBUG "STA " MAC_FMT " aid %d: PS Poll (entries "
3061 "after %d)\n",
3062 MAC_ARG(rx->sta->addr), rx->sta->aid,
3063 skb_queue_len(&rx->sta->ps_tx_buf));
3064#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
3065
3066 /* Use MoreData flag to indicate whether there are more
3067 * buffered frames for this STA */
3068 if (no_pending_pkts) {
3069 hdr->frame_control &= cpu_to_le16(~IEEE80211_FCTL_MOREDATA);
3070 rx->sta->flags &= ~WLAN_STA_TIM;
3071 } else
3072 hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_MOREDATA);
3073
3074 dev_queue_xmit(skb);
3075
3076 if (no_pending_pkts) {
3077 if (rx->local->ops->set_tim)
3078 rx->local->ops->set_tim(local_to_hw(rx->local),
3079 rx->sta->aid, 0);
3080 if (rx->sdata->bss)
3081 bss_tim_clear(rx->local, rx->sdata->bss, rx->sta->aid);
3082 }
3083#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
3084 } else if (!rx->u.rx.sent_ps_buffered) {
3085 printk(KERN_DEBUG "%s: STA " MAC_FMT " sent PS Poll even "
3086 "though there is no buffered frames for it\n",
3087 rx->dev->name, MAC_ARG(rx->sta->addr));
3088#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
3089
3090 }
3091
3092 /* Free PS Poll skb here instead of returning TXRX_DROP that would
3093 * count as an dropped frame. */
3094 dev_kfree_skb(rx->skb);
3095
3096 return TXRX_QUEUED;
3097}
3098
3099
3100static inline struct ieee80211_fragment_entry *
3101ieee80211_reassemble_add(struct ieee80211_sub_if_data *sdata,
3102 unsigned int frag, unsigned int seq, int rx_queue,
3103 struct sk_buff **skb)
3104{
3105 struct ieee80211_fragment_entry *entry;
3106 int idx;
3107
3108 idx = sdata->fragment_next;
3109 entry = &sdata->fragments[sdata->fragment_next++];
3110 if (sdata->fragment_next >= IEEE80211_FRAGMENT_MAX)
3111 sdata->fragment_next = 0;
3112
3113 if (!skb_queue_empty(&entry->skb_list)) {
3114#ifdef CONFIG_MAC80211_DEBUG
3115 struct ieee80211_hdr *hdr =
3116 (struct ieee80211_hdr *) entry->skb_list.next->data;
3117 printk(KERN_DEBUG "%s: RX reassembly removed oldest "
3118 "fragment entry (idx=%d age=%lu seq=%d last_frag=%d "
3119 "addr1=" MAC_FMT " addr2=" MAC_FMT "\n",
3120 sdata->dev->name, idx,
3121 jiffies - entry->first_frag_time, entry->seq,
3122 entry->last_frag, MAC_ARG(hdr->addr1),
3123 MAC_ARG(hdr->addr2));
3124#endif /* CONFIG_MAC80211_DEBUG */
3125 __skb_queue_purge(&entry->skb_list);
3126 }
3127
3128 __skb_queue_tail(&entry->skb_list, *skb); /* no need for locking */
3129 *skb = NULL;
3130 entry->first_frag_time = jiffies;
3131 entry->seq = seq;
3132 entry->rx_queue = rx_queue;
3133 entry->last_frag = frag;
3134 entry->ccmp = 0;
3135 entry->extra_len = 0;
3136
3137 return entry;
3138}
3139
3140
3141static inline struct ieee80211_fragment_entry *
3142ieee80211_reassemble_find(struct ieee80211_sub_if_data *sdata,
3143 u16 fc, unsigned int frag, unsigned int seq,
3144 int rx_queue, struct ieee80211_hdr *hdr)
3145{
3146 struct ieee80211_fragment_entry *entry;
3147 int i, idx;
3148
3149 idx = sdata->fragment_next;
3150 for (i = 0; i < IEEE80211_FRAGMENT_MAX; i++) {
3151 struct ieee80211_hdr *f_hdr;
3152 u16 f_fc;
3153
3154 idx--;
3155 if (idx < 0)
3156 idx = IEEE80211_FRAGMENT_MAX - 1;
3157
3158 entry = &sdata->fragments[idx];
3159 if (skb_queue_empty(&entry->skb_list) || entry->seq != seq ||
3160 entry->rx_queue != rx_queue ||
3161 entry->last_frag + 1 != frag)
3162 continue;
3163
3164 f_hdr = (struct ieee80211_hdr *) entry->skb_list.next->data;
3165 f_fc = le16_to_cpu(f_hdr->frame_control);
3166
3167 if ((fc & IEEE80211_FCTL_FTYPE) != (f_fc & IEEE80211_FCTL_FTYPE) ||
3168 compare_ether_addr(hdr->addr1, f_hdr->addr1) != 0 ||
3169 compare_ether_addr(hdr->addr2, f_hdr->addr2) != 0)
3170 continue;
3171
3172 if (entry->first_frag_time + 2 * HZ < jiffies) {
3173 __skb_queue_purge(&entry->skb_list);
3174 continue;
3175 }
3176 return entry;
3177 }
3178
3179 return NULL;
3180}
3181
3182
3183static ieee80211_txrx_result
3184ieee80211_rx_h_defragment(struct ieee80211_txrx_data *rx)
3185{
3186 struct ieee80211_hdr *hdr;
3187 u16 sc;
3188 unsigned int frag, seq;
3189 struct ieee80211_fragment_entry *entry;
3190 struct sk_buff *skb;
3191
3192 hdr = (struct ieee80211_hdr *) rx->skb->data;
3193 sc = le16_to_cpu(hdr->seq_ctrl);
3194 frag = sc & IEEE80211_SCTL_FRAG;
3195
3196 if (likely((!(rx->fc & IEEE80211_FCTL_MOREFRAGS) && frag == 0) ||
3197 (rx->skb)->len < 24 ||
3198 is_multicast_ether_addr(hdr->addr1))) {
3199 /* not fragmented */
3200 goto out;
3201 }
3202 I802_DEBUG_INC(rx->local->rx_handlers_fragments);
3203
3204 seq = (sc & IEEE80211_SCTL_SEQ) >> 4;
3205
3206 if (frag == 0) {
3207 /* This is the first fragment of a new frame. */
3208 entry = ieee80211_reassemble_add(rx->sdata, frag, seq,
3209 rx->u.rx.queue, &(rx->skb));
3210 if (rx->key && rx->key->alg == ALG_CCMP &&
3211 (rx->fc & IEEE80211_FCTL_PROTECTED)) {
3212 /* Store CCMP PN so that we can verify that the next
3213 * fragment has a sequential PN value. */
3214 entry->ccmp = 1;
3215 memcpy(entry->last_pn,
3216 rx->key->u.ccmp.rx_pn[rx->u.rx.queue],
3217 CCMP_PN_LEN);
3218 }
3219 return TXRX_QUEUED;
3220 }
3221
3222 /* This is a fragment for a frame that should already be pending in
3223 * fragment cache. Add this fragment to the end of the pending entry.
3224 */
3225 entry = ieee80211_reassemble_find(rx->sdata, rx->fc, frag, seq,
3226 rx->u.rx.queue, hdr);
3227 if (!entry) {
3228 I802_DEBUG_INC(rx->local->rx_handlers_drop_defrag);
3229 return TXRX_DROP;
3230 }
3231
3232 /* Verify that MPDUs within one MSDU have sequential PN values.
3233 * (IEEE 802.11i, 8.3.3.4.5) */
3234 if (entry->ccmp) {
3235 int i;
3236 u8 pn[CCMP_PN_LEN], *rpn;
3237 if (!rx->key || rx->key->alg != ALG_CCMP)
3238 return TXRX_DROP;
3239 memcpy(pn, entry->last_pn, CCMP_PN_LEN);
3240 for (i = CCMP_PN_LEN - 1; i >= 0; i--) {
3241 pn[i]++;
3242 if (pn[i])
3243 break;
3244 }
3245 rpn = rx->key->u.ccmp.rx_pn[rx->u.rx.queue];
3246 if (memcmp(pn, rpn, CCMP_PN_LEN) != 0) {
3247 printk(KERN_DEBUG "%s: defrag: CCMP PN not sequential"
3248 " A2=" MAC_FMT " PN=%02x%02x%02x%02x%02x%02x "
3249 "(expected %02x%02x%02x%02x%02x%02x)\n",
3250 rx->dev->name, MAC_ARG(hdr->addr2),
3251 rpn[0], rpn[1], rpn[2], rpn[3], rpn[4], rpn[5],
3252 pn[0], pn[1], pn[2], pn[3], pn[4], pn[5]);
3253 return TXRX_DROP;
3254 }
3255 memcpy(entry->last_pn, pn, CCMP_PN_LEN);
3256 }
3257
3258 skb_pull(rx->skb, ieee80211_get_hdrlen(rx->fc));
3259 __skb_queue_tail(&entry->skb_list, rx->skb);
3260 entry->last_frag = frag;
3261 entry->extra_len += rx->skb->len;
3262 if (rx->fc & IEEE80211_FCTL_MOREFRAGS) {
3263 rx->skb = NULL;
3264 return TXRX_QUEUED;
3265 }
3266
3267 rx->skb = __skb_dequeue(&entry->skb_list);
3268 if (skb_tailroom(rx->skb) < entry->extra_len) {
3269 I802_DEBUG_INC(rx->local->rx_expand_skb_head2);
3270 if (unlikely(pskb_expand_head(rx->skb, 0, entry->extra_len,
3271 GFP_ATOMIC))) {
3272 I802_DEBUG_INC(rx->local->rx_handlers_drop_defrag);
3273 __skb_queue_purge(&entry->skb_list);
3274 return TXRX_DROP;
3275 }
3276 }
3277 while ((skb = __skb_dequeue(&entry->skb_list)))
3278 memcpy(skb_put(rx->skb, skb->len), skb->data, skb->len);
3279
3280 /* Complete frame has been reassembled - process it now */
3281 rx->fragmented = 1;
3282
3283 out:
3284 if (rx->sta)
3285 rx->sta->rx_packets++;
3286 if (is_multicast_ether_addr(hdr->addr1))
3287 rx->local->dot11MulticastReceivedFrameCount++;
3288 else
3289 ieee80211_led_rx(rx->local);
3290 return TXRX_CONTINUE;
3291}
3292
3293
3294static ieee80211_txrx_result
3295ieee80211_rx_h_monitor(struct ieee80211_txrx_data *rx)
3296{
3297 if (rx->sdata->type == IEEE80211_IF_TYPE_MNTR) {
3298 ieee80211_rx_monitor(rx->dev, rx->skb, rx->u.rx.status);
3299 return TXRX_QUEUED;
3300 }
3301
3302 if (rx->u.rx.status->flag & RX_FLAG_RADIOTAP)
3303 skb_pull(rx->skb, ieee80211_get_radiotap_len(rx->skb));
3304
3305 return TXRX_CONTINUE;
3306}
3307
3308
3309static ieee80211_txrx_result
3310ieee80211_rx_h_check(struct ieee80211_txrx_data *rx)
3311{
3312 struct ieee80211_hdr *hdr;
3313 int always_sta_key;
3314 hdr = (struct ieee80211_hdr *) rx->skb->data;
3315
3316 /* Drop duplicate 802.11 retransmissions (IEEE 802.11 Chap. 9.2.9) */
3317 if (rx->sta && !is_multicast_ether_addr(hdr->addr1)) {
3318 if (unlikely(rx->fc & IEEE80211_FCTL_RETRY &&
3319 rx->sta->last_seq_ctrl[rx->u.rx.queue] ==
3320 hdr->seq_ctrl)) {
3321 if (rx->u.rx.ra_match) {
3322 rx->local->dot11FrameDuplicateCount++;
3323 rx->sta->num_duplicates++;
3324 }
3325 return TXRX_DROP;
3326 } else
3327 rx->sta->last_seq_ctrl[rx->u.rx.queue] = hdr->seq_ctrl;
3328 }
3329
3330 if ((rx->local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS) &&
3331 rx->skb->len > FCS_LEN)
3332 skb_trim(rx->skb, rx->skb->len - FCS_LEN);
3333
3334 if (unlikely(rx->skb->len < 16)) {
3335 I802_DEBUG_INC(rx->local->rx_handlers_drop_short);
3336 return TXRX_DROP;
3337 }
3338
3339 if (!rx->u.rx.ra_match)
3340 rx->skb->pkt_type = PACKET_OTHERHOST;
3341 else if (compare_ether_addr(rx->dev->dev_addr, hdr->addr1) == 0)
3342 rx->skb->pkt_type = PACKET_HOST;
3343 else if (is_multicast_ether_addr(hdr->addr1)) {
3344 if (is_broadcast_ether_addr(hdr->addr1))
3345 rx->skb->pkt_type = PACKET_BROADCAST;
3346 else
3347 rx->skb->pkt_type = PACKET_MULTICAST;
3348 } else
3349 rx->skb->pkt_type = PACKET_OTHERHOST;
3350
3351 /* Drop disallowed frame classes based on STA auth/assoc state;
3352 * IEEE 802.11, Chap 5.5.
3353 *
3354 * 80211.o does filtering only based on association state, i.e., it
3355 * drops Class 3 frames from not associated stations. hostapd sends
3356 * deauth/disassoc frames when needed. In addition, hostapd is
3357 * responsible for filtering on both auth and assoc states.
3358 */
3359 if (unlikely(((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA ||
3360 ((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_CTL &&
3361 (rx->fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_PSPOLL)) &&
3362 rx->sdata->type != IEEE80211_IF_TYPE_IBSS &&
3363 (!rx->sta || !(rx->sta->flags & WLAN_STA_ASSOC)))) {
3364 if ((!(rx->fc & IEEE80211_FCTL_FROMDS) &&
3365 !(rx->fc & IEEE80211_FCTL_TODS) &&
3366 (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA)
3367 || !rx->u.rx.ra_match) {
3368 /* Drop IBSS frames and frames for other hosts
3369 * silently. */
3370 return TXRX_DROP;
3371 }
3372
3373 if (!rx->local->apdev)
3374 return TXRX_DROP;
3375
3376 ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status,
3377 ieee80211_msg_sta_not_assoc);
3378 return TXRX_QUEUED;
3379 }
3380
3381 if (rx->sdata->type == IEEE80211_IF_TYPE_STA)
3382 always_sta_key = 0;
3383 else
3384 always_sta_key = 1;
3385
3386 if (rx->sta && rx->sta->key && always_sta_key) {
3387 rx->key = rx->sta->key;
3388 } else {
3389 if (rx->sta && rx->sta->key)
3390 rx->key = rx->sta->key;
3391 else
3392 rx->key = rx->sdata->default_key;
3393
3394 if ((rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) &&
3395 rx->fc & IEEE80211_FCTL_PROTECTED) {
3396 int keyidx = ieee80211_wep_get_keyidx(rx->skb);
3397
3398 if (keyidx >= 0 && keyidx < NUM_DEFAULT_KEYS &&
3399 (!rx->sta || !rx->sta->key || keyidx > 0))
3400 rx->key = rx->sdata->keys[keyidx];
3401
3402 if (!rx->key) {
3403 if (!rx->u.rx.ra_match)
3404 return TXRX_DROP;
3405 printk(KERN_DEBUG "%s: RX WEP frame with "
3406 "unknown keyidx %d (A1=" MAC_FMT " A2="
3407 MAC_FMT " A3=" MAC_FMT ")\n",
3408 rx->dev->name, keyidx,
3409 MAC_ARG(hdr->addr1),
3410 MAC_ARG(hdr->addr2),
3411 MAC_ARG(hdr->addr3));
3412 if (!rx->local->apdev)
3413 return TXRX_DROP;
3414 ieee80211_rx_mgmt(
3415 rx->local, rx->skb, rx->u.rx.status,
3416 ieee80211_msg_wep_frame_unknown_key);
3417 return TXRX_QUEUED;
3418 }
3419 }
3420 }
3421
3422 if (rx->fc & IEEE80211_FCTL_PROTECTED && rx->key && rx->u.rx.ra_match) {
3423 rx->key->tx_rx_count++;
3424 if (unlikely(rx->local->key_tx_rx_threshold &&
3425 rx->key->tx_rx_count >
3426 rx->local->key_tx_rx_threshold)) {
3427 ieee80211_key_threshold_notify(rx->dev, rx->key,
3428 rx->sta);
3429 }
3430 }
3431
3432 return TXRX_CONTINUE;
3433}
3434
3435
3436static ieee80211_txrx_result
3437ieee80211_rx_h_sta_process(struct ieee80211_txrx_data *rx)
3438{
3439 struct sta_info *sta = rx->sta;
3440 struct net_device *dev = rx->dev;
3441 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
3442
3443 if (!sta)
3444 return TXRX_CONTINUE;
3445
3446 /* Update last_rx only for IBSS packets which are for the current
3447 * BSSID to avoid keeping the current IBSS network alive in cases where
3448 * other STAs are using different BSSID. */
3449 if (rx->sdata->type == IEEE80211_IF_TYPE_IBSS) {
3450 u8 *bssid = ieee80211_get_bssid(hdr, rx->skb->len);
3451 if (compare_ether_addr(bssid, rx->sdata->u.sta.bssid) == 0)
3452 sta->last_rx = jiffies;
3453 } else
3454 if (!is_multicast_ether_addr(hdr->addr1) ||
3455 rx->sdata->type == IEEE80211_IF_TYPE_STA) {
3456 /* Update last_rx only for unicast frames in order to prevent
3457 * the Probe Request frames (the only broadcast frames from a
3458 * STA in infrastructure mode) from keeping a connection alive.
3459 */
3460 sta->last_rx = jiffies;
3461 }
3462
3463 if (!rx->u.rx.ra_match)
3464 return TXRX_CONTINUE;
3465
3466 sta->rx_fragments++;
3467 sta->rx_bytes += rx->skb->len;
3468 sta->last_rssi = (sta->last_rssi * 15 +
3469 rx->u.rx.status->ssi) / 16;
3470 sta->last_signal = (sta->last_signal * 15 +
3471 rx->u.rx.status->signal) / 16;
3472 sta->last_noise = (sta->last_noise * 15 +
3473 rx->u.rx.status->noise) / 16;
3474
3475 if (!(rx->fc & IEEE80211_FCTL_MOREFRAGS)) {
3476 /* Change STA power saving mode only in the end of a frame
3477 * exchange sequence */
3478 if ((sta->flags & WLAN_STA_PS) && !(rx->fc & IEEE80211_FCTL_PM))
3479 rx->u.rx.sent_ps_buffered += ap_sta_ps_end(dev, sta);
3480 else if (!(sta->flags & WLAN_STA_PS) &&
3481 (rx->fc & IEEE80211_FCTL_PM))
3482 ap_sta_ps_start(dev, sta);
3483 }
3484
3485 /* Drop data::nullfunc frames silently, since they are used only to
3486 * control station power saving mode. */
3487 if ((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
3488 (rx->fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_NULLFUNC) {
3489 I802_DEBUG_INC(rx->local->rx_handlers_drop_nullfunc);
3490 /* Update counter and free packet here to avoid counting this
3491 * as a dropped packed. */
3492 sta->rx_packets++;
3493 dev_kfree_skb(rx->skb);
3494 return TXRX_QUEUED;
3495 }
3496
3497 return TXRX_CONTINUE;
3498} /* ieee80211_rx_h_sta_process */
3499
3500
3501static ieee80211_txrx_result
3502ieee80211_rx_h_wep_weak_iv_detection(struct ieee80211_txrx_data *rx)
3503{
3504 if (!rx->sta || !(rx->fc & IEEE80211_FCTL_PROTECTED) ||
3505 (rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA ||
3506 !rx->key || rx->key->alg != ALG_WEP || !rx->u.rx.ra_match)
3507 return TXRX_CONTINUE;
3508
3509 /* Check for weak IVs, if hwaccel did not remove IV from the frame */
3510 if ((rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) ||
3511 rx->key->force_sw_encrypt) {
3512 u8 *iv = ieee80211_wep_is_weak_iv(rx->skb, rx->key);
3513 if (iv) {
3514 rx->sta->wep_weak_iv_count++;
3515 }
3516 }
3517
3518 return TXRX_CONTINUE;
3519}
3520
3521
3522static ieee80211_txrx_result
3523ieee80211_rx_h_wep_decrypt(struct ieee80211_txrx_data *rx)
3524{
3525 /* If the device handles decryption totally, skip this test */
3526 if (rx->local->hw.flags & IEEE80211_HW_DEVICE_HIDES_WEP)
3527 return TXRX_CONTINUE;
3528
3529 if ((rx->key && rx->key->alg != ALG_WEP) ||
3530 !(rx->fc & IEEE80211_FCTL_PROTECTED) ||
3531 ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA &&
3532 ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT ||
3533 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_AUTH)))
3534 return TXRX_CONTINUE;
3535
3536 if (!rx->key) {
3537 printk(KERN_DEBUG "%s: RX WEP frame, but no key set\n",
3538 rx->dev->name);
3539 return TXRX_DROP;
3540 }
3541
3542 if (!(rx->u.rx.status->flag & RX_FLAG_DECRYPTED) ||
3543 rx->key->force_sw_encrypt) {
3544 if (ieee80211_wep_decrypt(rx->local, rx->skb, rx->key)) {
3545 printk(KERN_DEBUG "%s: RX WEP frame, decrypt "
3546 "failed\n", rx->dev->name);
3547 return TXRX_DROP;
3548 }
3549 } else if (rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) {
3550 ieee80211_wep_remove_iv(rx->local, rx->skb, rx->key);
3551 /* remove ICV */
3552 skb_trim(rx->skb, rx->skb->len - 4);
3553 }
3554
3555 return TXRX_CONTINUE;
3556}
3557
3558
3559static ieee80211_txrx_result
3560ieee80211_rx_h_802_1x_pae(struct ieee80211_txrx_data *rx)
3561{
3562 if (rx->sdata->eapol && ieee80211_is_eapol(rx->skb) &&
3563 rx->sdata->type != IEEE80211_IF_TYPE_STA && rx->u.rx.ra_match) {
3564 /* Pass both encrypted and unencrypted EAPOL frames to user
3565 * space for processing. */
3566 if (!rx->local->apdev)
3567 return TXRX_DROP;
3568 ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status,
3569 ieee80211_msg_normal);
3570 return TXRX_QUEUED;
3571 }
3572
3573 if (unlikely(rx->sdata->ieee802_1x &&
3574 (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
3575 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_NULLFUNC &&
3576 (!rx->sta || !(rx->sta->flags & WLAN_STA_AUTHORIZED)) &&
3577 !ieee80211_is_eapol(rx->skb))) {
3578#ifdef CONFIG_MAC80211_DEBUG
3579 struct ieee80211_hdr *hdr =
3580 (struct ieee80211_hdr *) rx->skb->data;
3581 printk(KERN_DEBUG "%s: dropped frame from " MAC_FMT
3582 " (unauthorized port)\n", rx->dev->name,
3583 MAC_ARG(hdr->addr2));
3584#endif /* CONFIG_MAC80211_DEBUG */
3585 return TXRX_DROP;
3586 }
3587
3588 return TXRX_CONTINUE;
3589}
3590
3591
3592static ieee80211_txrx_result
3593ieee80211_rx_h_drop_unencrypted(struct ieee80211_txrx_data *rx)
3594{
3595 /* If the device handles decryption totally, skip this test */
3596 if (rx->local->hw.flags & IEEE80211_HW_DEVICE_HIDES_WEP)
3597 return TXRX_CONTINUE;
3598
3599 /* Drop unencrypted frames if key is set. */
3600 if (unlikely(!(rx->fc & IEEE80211_FCTL_PROTECTED) &&
3601 (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
3602 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_NULLFUNC &&
3603 (rx->key || rx->sdata->drop_unencrypted) &&
3604 (rx->sdata->eapol == 0 ||
3605 !ieee80211_is_eapol(rx->skb)))) {
3606 printk(KERN_DEBUG "%s: RX non-WEP frame, but expected "
3607 "encryption\n", rx->dev->name);
3608 return TXRX_DROP;
3609 }
3610 return TXRX_CONTINUE;
3611}
3612
3613
3614static ieee80211_txrx_result
3615ieee80211_rx_h_mgmt(struct ieee80211_txrx_data *rx)
3616{
3617 struct ieee80211_sub_if_data *sdata;
3618
3619 if (!rx->u.rx.ra_match)
3620 return TXRX_DROP;
3621
3622 sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev);
3623 if ((sdata->type == IEEE80211_IF_TYPE_STA ||
3624 sdata->type == IEEE80211_IF_TYPE_IBSS) &&
3625 !rx->local->user_space_mlme) {
3626 ieee80211_sta_rx_mgmt(rx->dev, rx->skb, rx->u.rx.status);
3627 } else {
3628 /* Management frames are sent to hostapd for processing */
3629 if (!rx->local->apdev)
3630 return TXRX_DROP;
3631 ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status,
3632 ieee80211_msg_normal);
3633 }
3634 return TXRX_QUEUED;
3635}
3636
3637
3638static ieee80211_txrx_result
3639ieee80211_rx_h_passive_scan(struct ieee80211_txrx_data *rx)
3640{
3641 struct ieee80211_local *local = rx->local;
3642 struct sk_buff *skb = rx->skb;
3643
3644 if (unlikely(local->sta_scanning != 0)) {
3645 ieee80211_sta_rx_scan(rx->dev, skb, rx->u.rx.status);
3646 return TXRX_QUEUED;
3647 }
3648
3649 if (unlikely(rx->u.rx.in_scan)) {
3650 /* scanning finished during invoking of handlers */
3651 I802_DEBUG_INC(local->rx_handlers_drop_passive_scan);
3652 return TXRX_DROP;
3653 }
3654
3655 return TXRX_CONTINUE;
3656}
3657
3658
3659static void ieee80211_rx_michael_mic_report(struct net_device *dev,
3660 struct ieee80211_hdr *hdr,
3661 struct sta_info *sta,
3662 struct ieee80211_txrx_data *rx)
3663{
3664 int keyidx, hdrlen;
3665
3666 hdrlen = ieee80211_get_hdrlen_from_skb(rx->skb);
3667 if (rx->skb->len >= hdrlen + 4)
3668 keyidx = rx->skb->data[hdrlen + 3] >> 6;
3669 else
3670 keyidx = -1;
3671
3672 /* TODO: verify that this is not triggered by fragmented
3673 * frames (hw does not verify MIC for them). */
3674 printk(KERN_DEBUG "%s: TKIP hwaccel reported Michael MIC "
3675 "failure from " MAC_FMT " to " MAC_FMT " keyidx=%d\n",
3676 dev->name, MAC_ARG(hdr->addr2), MAC_ARG(hdr->addr1), keyidx);
3677
3678 if (!sta) {
3679 /* Some hardware versions seem to generate incorrect
3680 * Michael MIC reports; ignore them to avoid triggering
3681 * countermeasures. */
3682 printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
3683 "error for unknown address " MAC_FMT "\n",
3684 dev->name, MAC_ARG(hdr->addr2));
3685 goto ignore;
3686 }
3687
3688 if (!(rx->fc & IEEE80211_FCTL_PROTECTED)) {
3689 printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
3690 "error for a frame with no ISWEP flag (src "
3691 MAC_FMT ")\n", dev->name, MAC_ARG(hdr->addr2));
3692 goto ignore;
3693 }
3694
3695 if ((rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) &&
3696 rx->sdata->type == IEEE80211_IF_TYPE_AP) {
3697 keyidx = ieee80211_wep_get_keyidx(rx->skb);
3698 /* AP with Pairwise keys support should never receive Michael
3699 * MIC errors for non-zero keyidx because these are reserved
3700 * for group keys and only the AP is sending real multicast
3701 * frames in BSS. */
3702 if (keyidx) {
3703 printk(KERN_DEBUG "%s: ignored Michael MIC error for "
3704 "a frame with non-zero keyidx (%d) (src " MAC_FMT
3705 ")\n", dev->name, keyidx, MAC_ARG(hdr->addr2));
3706 goto ignore;
3707 }
3708 }
3709
3710 if ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA &&
3711 ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT ||
3712 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_AUTH)) {
3713 printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
3714 "error for a frame that cannot be encrypted "
3715 "(fc=0x%04x) (src " MAC_FMT ")\n",
3716 dev->name, rx->fc, MAC_ARG(hdr->addr2));
3717 goto ignore;
3718 }
3719
3720 do {
3721 union iwreq_data wrqu;
3722 char *buf = kmalloc(128, GFP_ATOMIC);
3723 if (!buf)
3724 break;
3725
3726 /* TODO: needed parameters: count, key type, TSC */
3727 sprintf(buf, "MLME-MICHAELMICFAILURE.indication("
3728 "keyid=%d %scast addr=" MAC_FMT ")",
3729 keyidx, hdr->addr1[0] & 0x01 ? "broad" : "uni",
3730 MAC_ARG(hdr->addr2));
3731 memset(&wrqu, 0, sizeof(wrqu));
3732 wrqu.data.length = strlen(buf);
3733 wireless_send_event(rx->dev, IWEVCUSTOM, &wrqu, buf);
3734 kfree(buf);
3735 } while (0);
3736
3737 /* TODO: consider verifying the MIC error report with software
3738 * implementation if we get too many spurious reports from the
3739 * hardware. */
3740 if (!rx->local->apdev)
3741 goto ignore;
3742 ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status,
3743 ieee80211_msg_michael_mic_failure);
3744 return;
3745
3746 ignore:
3747 dev_kfree_skb(rx->skb);
3748 rx->skb = NULL;
3749}
3750
3751static inline ieee80211_txrx_result __ieee80211_invoke_rx_handlers(
3752 struct ieee80211_local *local,
3753 ieee80211_rx_handler *handlers,
3754 struct ieee80211_txrx_data *rx,
3755 struct sta_info *sta)
3756{
3757 ieee80211_rx_handler *handler;
3758 ieee80211_txrx_result res = TXRX_DROP;
3759
3760 for (handler = handlers; *handler != NULL; handler++) {
3761 res = (*handler)(rx);
3762 if (res != TXRX_CONTINUE) {
3763 if (res == TXRX_DROP) {
3764 I802_DEBUG_INC(local->rx_handlers_drop);
3765 if (sta)
3766 sta->rx_dropped++;
3767 }
3768 if (res == TXRX_QUEUED)
3769 I802_DEBUG_INC(local->rx_handlers_queued);
3770 break;
3771 }
3772 }
3773
3774 if (res == TXRX_DROP) {
3775 dev_kfree_skb(rx->skb);
3776 }
3777 return res;
3778}
3779
3780static inline void ieee80211_invoke_rx_handlers(struct ieee80211_local *local,
3781 ieee80211_rx_handler *handlers,
3782 struct ieee80211_txrx_data *rx,
3783 struct sta_info *sta)
3784{
3785 if (__ieee80211_invoke_rx_handlers(local, handlers, rx, sta) ==
3786 TXRX_CONTINUE)
3787 dev_kfree_skb(rx->skb);
3788}
3789
3790/*
3791 * This is the receive path handler. It is called by a low level driver when an
3792 * 802.11 MPDU is received from the hardware.
3793 */
3794void __ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb,
3795 struct ieee80211_rx_status *status)
3796{
3797 struct ieee80211_local *local = hw_to_local(hw);
3798 struct ieee80211_sub_if_data *sdata;
3799 struct sta_info *sta;
3800 struct ieee80211_hdr *hdr;
3801 struct ieee80211_txrx_data rx;
3802 u16 type;
3803 int multicast;
3804 int radiotap_len = 0;
3805
3806 if (status->flag & RX_FLAG_RADIOTAP) {
3807 radiotap_len = ieee80211_get_radiotap_len(skb);
3808 skb_pull(skb, radiotap_len);
3809 }
3810
3811 hdr = (struct ieee80211_hdr *) skb->data;
3812 memset(&rx, 0, sizeof(rx));
3813 rx.skb = skb;
3814 rx.local = local;
3815
3816 rx.u.rx.status = status;
3817 rx.fc = skb->len >= 2 ? le16_to_cpu(hdr->frame_control) : 0;
3818 type = rx.fc & IEEE80211_FCTL_FTYPE;
3819 if (type == IEEE80211_FTYPE_DATA || type == IEEE80211_FTYPE_MGMT)
3820 local->dot11ReceivedFragmentCount++;
3821 multicast = is_multicast_ether_addr(hdr->addr1);
3822
3823 if (skb->len >= 16)
3824 sta = rx.sta = sta_info_get(local, hdr->addr2);
3825 else
3826 sta = rx.sta = NULL;
3827
3828 if (sta) {
3829 rx.dev = sta->dev;
3830 rx.sdata = IEEE80211_DEV_TO_SUB_IF(rx.dev);
3831 }
3832
3833 if ((status->flag & RX_FLAG_MMIC_ERROR)) {
3834 ieee80211_rx_michael_mic_report(local->mdev, hdr, sta, &rx);
3835 goto end;
3836 }
3837
3838 if (unlikely(local->sta_scanning))
3839 rx.u.rx.in_scan = 1;
3840
3841 if (__ieee80211_invoke_rx_handlers(local, local->rx_pre_handlers, &rx,
3842 sta) != TXRX_CONTINUE)
3843 goto end;
3844 skb = rx.skb;
3845
3846 skb_push(skb, radiotap_len);
3847 if (sta && !sta->assoc_ap && !(sta->flags & WLAN_STA_WDS) &&
3848 !local->iff_promiscs && !multicast) {
3849 rx.u.rx.ra_match = 1;
3850 ieee80211_invoke_rx_handlers(local, local->rx_handlers, &rx,
3851 sta);
3852 } else {
3853 struct ieee80211_sub_if_data *prev = NULL;
3854 struct sk_buff *skb_new;
3855 u8 *bssid = ieee80211_get_bssid(hdr, skb->len - radiotap_len);
3856
3857 read_lock(&local->sub_if_lock);
3858 list_for_each_entry(sdata, &local->sub_if_list, list) {
3859 rx.u.rx.ra_match = 1;
3860 switch (sdata->type) {
3861 case IEEE80211_IF_TYPE_STA:
3862 if (!bssid)
3863 continue;
3864 if (!ieee80211_bssid_match(bssid,
3865 sdata->u.sta.bssid)) {
3866 if (!rx.u.rx.in_scan)
3867 continue;
3868 rx.u.rx.ra_match = 0;
3869 } else if (!multicast &&
3870 compare_ether_addr(sdata->dev->dev_addr,
3871 hdr->addr1) != 0) {
3872 if (!sdata->promisc)
3873 continue;
3874 rx.u.rx.ra_match = 0;
3875 }
3876 break;
3877 case IEEE80211_IF_TYPE_IBSS:
3878 if (!bssid)
3879 continue;
3880 if (!ieee80211_bssid_match(bssid,
3881 sdata->u.sta.bssid)) {
3882 if (!rx.u.rx.in_scan)
3883 continue;
3884 rx.u.rx.ra_match = 0;
3885 } else if (!multicast &&
3886 compare_ether_addr(sdata->dev->dev_addr,
3887 hdr->addr1) != 0) {
3888 if (!sdata->promisc)
3889 continue;
3890 rx.u.rx.ra_match = 0;
3891 } else if (!sta)
3892 sta = rx.sta =
3893 ieee80211_ibss_add_sta(sdata->dev,
3894 skb, bssid,
3895 hdr->addr2);
3896 break;
3897 case IEEE80211_IF_TYPE_AP:
3898 if (!bssid) {
3899 if (compare_ether_addr(sdata->dev->dev_addr,
3900 hdr->addr1) != 0)
3901 continue;
3902 } else if (!ieee80211_bssid_match(bssid,
3903 sdata->dev->dev_addr)) {
3904 if (!rx.u.rx.in_scan)
3905 continue;
3906 rx.u.rx.ra_match = 0;
3907 }
3908 if (sdata->dev == local->mdev &&
3909 !rx.u.rx.in_scan)
3910 /* do not receive anything via
3911 * master device when not scanning */
3912 continue;
3913 break;
3914 case IEEE80211_IF_TYPE_WDS:
3915 if (bssid ||
3916 (rx.fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA)
3917 continue;
3918 if (compare_ether_addr(sdata->u.wds.remote_addr,
3919 hdr->addr2) != 0)
3920 continue;
3921 break;
3922 }
3923
3924 if (prev) {
3925 skb_new = skb_copy(skb, GFP_ATOMIC);
3926 if (!skb_new) {
3927 if (net_ratelimit())
3928 printk(KERN_DEBUG "%s: failed to copy "
3929 "multicast frame for %s",
3930 local->mdev->name, prev->dev->name);
3931 continue;
3932 }
3933 rx.skb = skb_new;
3934 rx.dev = prev->dev;
3935 rx.sdata = prev;
3936 ieee80211_invoke_rx_handlers(local,
3937 local->rx_handlers,
3938 &rx, sta);
3939 }
3940 prev = sdata;
3941 }
3942 if (prev) {
3943 rx.skb = skb;
3944 rx.dev = prev->dev;
3945 rx.sdata = prev;
3946 ieee80211_invoke_rx_handlers(local, local->rx_handlers,
3947 &rx, sta);
3948 } else
3949 dev_kfree_skb(skb);
3950 read_unlock(&local->sub_if_lock);
3951 }
3952
3953 end:
3954 if (sta)
3955 sta_info_put(sta);
3956}
3957EXPORT_SYMBOL(__ieee80211_rx);
3958
3959static ieee80211_txrx_result
3960ieee80211_tx_h_load_stats(struct ieee80211_txrx_data *tx)
3961{
3962 struct ieee80211_local *local = tx->local;
3963 struct ieee80211_hw_mode *mode = tx->u.tx.mode;
3964 struct sk_buff *skb = tx->skb;
3965 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
3966 u32 load = 0, hdrtime;
3967
3968 /* TODO: this could be part of tx_status handling, so that the number
3969 * of retries would be known; TX rate should in that case be stored
3970 * somewhere with the packet */
3971
3972 /* Estimate total channel use caused by this frame */
3973
3974 /* 1 bit at 1 Mbit/s takes 1 usec; in channel_use values,
3975 * 1 usec = 1/8 * (1080 / 10) = 13.5 */
3976
3977 if (mode->mode == MODE_IEEE80211A ||
3978 mode->mode == MODE_ATHEROS_TURBO ||
3979 mode->mode == MODE_ATHEROS_TURBOG ||
3980 (mode->mode == MODE_IEEE80211G &&
3981 tx->u.tx.rate->flags & IEEE80211_RATE_ERP))
3982 hdrtime = CHAN_UTIL_HDR_SHORT;
3983 else
3984 hdrtime = CHAN_UTIL_HDR_LONG;
3985
3986 load = hdrtime;
3987 if (!is_multicast_ether_addr(hdr->addr1))
3988 load += hdrtime;
3989
3990 if (tx->u.tx.control->flags & IEEE80211_TXCTL_USE_RTS_CTS)
3991 load += 2 * hdrtime;
3992 else if (tx->u.tx.control->flags & IEEE80211_TXCTL_USE_CTS_PROTECT)
3993 load += hdrtime;
3994
3995 load += skb->len * tx->u.tx.rate->rate_inv;
3996
3997 if (tx->u.tx.extra_frag) {
3998 int i;
3999 for (i = 0; i < tx->u.tx.num_extra_frag; i++) {
4000 load += 2 * hdrtime;
4001 load += tx->u.tx.extra_frag[i]->len *
4002 tx->u.tx.rate->rate;
4003 }
4004 }
4005
4006 /* Divide channel_use by 8 to avoid wrapping around the counter */
4007 load >>= CHAN_UTIL_SHIFT;
4008 local->channel_use_raw += load;
4009 if (tx->sta)
4010 tx->sta->channel_use_raw += load;
4011 tx->sdata->channel_use_raw += load;
4012
4013 return TXRX_CONTINUE;
4014}
4015
4016
4017static ieee80211_txrx_result
4018ieee80211_rx_h_load_stats(struct ieee80211_txrx_data *rx)
4019{
4020 struct ieee80211_local *local = rx->local;
4021 struct sk_buff *skb = rx->skb;
4022 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
4023 u32 load = 0, hdrtime;
4024 struct ieee80211_rate *rate;
4025 struct ieee80211_hw_mode *mode = local->hw.conf.mode;
4026 int i;
4027
4028 /* Estimate total channel use caused by this frame */
4029
4030 if (unlikely(mode->num_rates < 0))
4031 return TXRX_CONTINUE;
4032
4033 rate = &mode->rates[0];
4034 for (i = 0; i < mode->num_rates; i++) {
4035 if (mode->rates[i].val == rx->u.rx.status->rate) {
4036 rate = &mode->rates[i];
4037 break;
4038 }
4039 }
4040
4041 /* 1 bit at 1 Mbit/s takes 1 usec; in channel_use values,
4042 * 1 usec = 1/8 * (1080 / 10) = 13.5 */
4043
4044 if (mode->mode == MODE_IEEE80211A ||
4045 mode->mode == MODE_ATHEROS_TURBO ||
4046 mode->mode == MODE_ATHEROS_TURBOG ||
4047 (mode->mode == MODE_IEEE80211G &&
4048 rate->flags & IEEE80211_RATE_ERP))
4049 hdrtime = CHAN_UTIL_HDR_SHORT;
4050 else
4051 hdrtime = CHAN_UTIL_HDR_LONG;
4052
4053 load = hdrtime;
4054 if (!is_multicast_ether_addr(hdr->addr1))
4055 load += hdrtime;
4056
4057 load += skb->len * rate->rate_inv;
4058
4059 /* Divide channel_use by 8 to avoid wrapping around the counter */
4060 load >>= CHAN_UTIL_SHIFT;
4061 local->channel_use_raw += load;
4062 if (rx->sta)
4063 rx->sta->channel_use_raw += load;
4064 rx->u.rx.load = load;
4065
4066 return TXRX_CONTINUE;
4067}
4068
4069static ieee80211_txrx_result
4070ieee80211_rx_h_if_stats(struct ieee80211_txrx_data *rx)
4071{
4072 rx->sdata->channel_use_raw += rx->u.rx.load;
4073 return TXRX_CONTINUE;
4074}
4075
4076static void ieee80211_stat_refresh(unsigned long data)
4077{
4078 struct ieee80211_local *local = (struct ieee80211_local *) data;
4079 struct sta_info *sta;
4080 struct ieee80211_sub_if_data *sdata;
4081
4082 if (!local->stat_time)
4083 return;
4084
4085 /* go through all stations */
4086 spin_lock_bh(&local->sta_lock);
4087 list_for_each_entry(sta, &local->sta_list, list) {
4088 sta->channel_use = (sta->channel_use_raw / local->stat_time) /
4089 CHAN_UTIL_PER_10MS;
4090 sta->channel_use_raw = 0;
4091 }
4092 spin_unlock_bh(&local->sta_lock);
4093
4094 /* go through all subinterfaces */
4095 read_lock(&local->sub_if_lock);
4096 list_for_each_entry(sdata, &local->sub_if_list, list) {
4097 sdata->channel_use = (sdata->channel_use_raw /
4098 local->stat_time) / CHAN_UTIL_PER_10MS;
4099 sdata->channel_use_raw = 0;
4100 }
4101 read_unlock(&local->sub_if_lock);
4102
4103 /* hardware interface */
4104 local->channel_use = (local->channel_use_raw /
4105 local->stat_time) / CHAN_UTIL_PER_10MS;
4106 local->channel_use_raw = 0;
4107
4108 local->stat_timer.expires = jiffies + HZ * local->stat_time / 100;
4109 add_timer(&local->stat_timer);
4110}
4111
4112
4113/* This is a version of the rx handler that can be called from hard irq
4114 * context. Post the skb on the queue and schedule the tasklet */
4115void ieee80211_rx_irqsafe(struct ieee80211_hw *hw, struct sk_buff *skb,
4116 struct ieee80211_rx_status *status)
4117{
4118 struct ieee80211_local *local = hw_to_local(hw);
4119
4120 BUILD_BUG_ON(sizeof(struct ieee80211_rx_status) > sizeof(skb->cb));
4121
4122 skb->dev = local->mdev;
4123 /* copy status into skb->cb for use by tasklet */
4124 memcpy(skb->cb, status, sizeof(*status));
4125 skb->pkt_type = IEEE80211_RX_MSG;
4126 skb_queue_tail(&local->skb_queue, skb);
4127 tasklet_schedule(&local->tasklet);
4128}
4129EXPORT_SYMBOL(ieee80211_rx_irqsafe);
4130
4131void ieee80211_tx_status_irqsafe(struct ieee80211_hw *hw,
4132 struct sk_buff *skb,
4133 struct ieee80211_tx_status *status)
4134{
4135 struct ieee80211_local *local = hw_to_local(hw);
4136 struct ieee80211_tx_status *saved;
4137 int tmp;
4138
4139 skb->dev = local->mdev;
4140 saved = kmalloc(sizeof(struct ieee80211_tx_status), GFP_ATOMIC);
4141 if (unlikely(!saved)) {
4142 if (net_ratelimit())
4143 printk(KERN_WARNING "%s: Not enough memory, "
4144 "dropping tx status", skb->dev->name);
4145 /* should be dev_kfree_skb_irq, but due to this function being
4146 * named _irqsafe instead of just _irq we can't be sure that
4147 * people won't call it from non-irq contexts */
4148 dev_kfree_skb_any(skb);
4149 return;
4150 }
4151 memcpy(saved, status, sizeof(struct ieee80211_tx_status));
4152 /* copy pointer to saved status into skb->cb for use by tasklet */
4153 memcpy(skb->cb, &saved, sizeof(saved));
4154
4155 skb->pkt_type = IEEE80211_TX_STATUS_MSG;
4156 skb_queue_tail(status->control.flags & IEEE80211_TXCTL_REQ_TX_STATUS ?
4157 &local->skb_queue : &local->skb_queue_unreliable, skb);
4158 tmp = skb_queue_len(&local->skb_queue) +
4159 skb_queue_len(&local->skb_queue_unreliable);
4160 while (tmp > IEEE80211_IRQSAFE_QUEUE_LIMIT &&
4161 (skb = skb_dequeue(&local->skb_queue_unreliable))) {
4162 memcpy(&saved, skb->cb, sizeof(saved));
4163 kfree(saved);
4164 dev_kfree_skb_irq(skb);
4165 tmp--;
4166 I802_DEBUG_INC(local->tx_status_drop);
4167 }
4168 tasklet_schedule(&local->tasklet);
4169}
4170EXPORT_SYMBOL(ieee80211_tx_status_irqsafe);
4171
4172static void ieee80211_tasklet_handler(unsigned long data)
4173{
4174 struct ieee80211_local *local = (struct ieee80211_local *) data;
4175 struct sk_buff *skb;
4176 struct ieee80211_rx_status rx_status;
4177 struct ieee80211_tx_status *tx_status;
4178
4179 while ((skb = skb_dequeue(&local->skb_queue)) ||
4180 (skb = skb_dequeue(&local->skb_queue_unreliable))) {
4181 switch (skb->pkt_type) {
4182 case IEEE80211_RX_MSG:
4183 /* status is in skb->cb */
4184 memcpy(&rx_status, skb->cb, sizeof(rx_status));
4185 /* Clear skb->type in order to not confuse kernel
4186 * netstack. */
4187 skb->pkt_type = 0;
4188 __ieee80211_rx(local_to_hw(local), skb, &rx_status);
4189 break;
4190 case IEEE80211_TX_STATUS_MSG:
4191 /* get pointer to saved status out of skb->cb */
4192 memcpy(&tx_status, skb->cb, sizeof(tx_status));
4193 skb->pkt_type = 0;
4194 ieee80211_tx_status(local_to_hw(local),
4195 skb, tx_status);
4196 kfree(tx_status);
4197 break;
4198 default: /* should never get here! */
4199 printk(KERN_ERR "%s: Unknown message type (%d)\n",
4200 local->mdev->name, skb->pkt_type);
4201 dev_kfree_skb(skb);
4202 break;
4203 }
4204 }
4205}
4206
4207
4208/* Remove added headers (e.g., QoS control), encryption header/MIC, etc. to
4209 * make a prepared TX frame (one that has been given to hw) to look like brand
4210 * new IEEE 802.11 frame that is ready to go through TX processing again.
4211 * Also, tx_packet_data in cb is restored from tx_control. */
4212static void ieee80211_remove_tx_extra(struct ieee80211_local *local,
4213 struct ieee80211_key *key,
4214 struct sk_buff *skb,
4215 struct ieee80211_tx_control *control)
4216{
4217 int hdrlen, iv_len, mic_len;
4218 struct ieee80211_tx_packet_data *pkt_data;
4219
4220 pkt_data = (struct ieee80211_tx_packet_data *)skb->cb;
4221 pkt_data->ifindex = control->ifindex;
4222 pkt_data->mgmt_iface = (control->type == IEEE80211_IF_TYPE_MGMT);
4223 pkt_data->req_tx_status = !!(control->flags & IEEE80211_TXCTL_REQ_TX_STATUS);
4224 pkt_data->do_not_encrypt = !!(control->flags & IEEE80211_TXCTL_DO_NOT_ENCRYPT);
4225 pkt_data->requeue = !!(control->flags & IEEE80211_TXCTL_REQUEUE);
4226 pkt_data->queue = control->queue;
4227
4228 hdrlen = ieee80211_get_hdrlen_from_skb(skb);
4229
4230 if (!key)
4231 goto no_key;
4232
4233 switch (key->alg) {
4234 case ALG_WEP:
4235 iv_len = WEP_IV_LEN;
4236 mic_len = WEP_ICV_LEN;
4237 break;
4238 case ALG_TKIP:
4239 iv_len = TKIP_IV_LEN;
4240 mic_len = TKIP_ICV_LEN;
4241 break;
4242 case ALG_CCMP:
4243 iv_len = CCMP_HDR_LEN;
4244 mic_len = CCMP_MIC_LEN;
4245 break;
4246 default:
4247 goto no_key;
4248 }
4249
4250 if (skb->len >= mic_len && key->force_sw_encrypt)
4251 skb_trim(skb, skb->len - mic_len);
4252 if (skb->len >= iv_len && skb->len > hdrlen) {
4253 memmove(skb->data + iv_len, skb->data, hdrlen);
4254 skb_pull(skb, iv_len);
4255 }
4256
4257no_key:
4258 {
4259 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
4260 u16 fc = le16_to_cpu(hdr->frame_control);
4261 if ((fc & 0x8C) == 0x88) /* QoS Control Field */ {
4262 fc &= ~IEEE80211_STYPE_QOS_DATA;
4263 hdr->frame_control = cpu_to_le16(fc);
4264 memmove(skb->data + 2, skb->data, hdrlen - 2);
4265 skb_pull(skb, 2);
4266 }
4267 }
4268}
4269
4270
4271void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb,
4272 struct ieee80211_tx_status *status)
4273{
4274 struct sk_buff *skb2;
4275 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
4276 struct ieee80211_local *local = hw_to_local(hw);
4277 u16 frag, type;
4278 u32 msg_type;
4279
4280 if (!status) {
4281 printk(KERN_ERR
4282 "%s: ieee80211_tx_status called with NULL status\n",
4283 local->mdev->name);
4284 dev_kfree_skb(skb);
4285 return;
4286 }
4287
4288 if (status->excessive_retries) {
4289 struct sta_info *sta;
4290 sta = sta_info_get(local, hdr->addr1);
4291 if (sta) {
4292 if (sta->flags & WLAN_STA_PS) {
4293 /* The STA is in power save mode, so assume
4294 * that this TX packet failed because of that.
4295 */
4296 status->excessive_retries = 0;
4297 status->flags |= IEEE80211_TX_STATUS_TX_FILTERED;
4298 }
4299 sta_info_put(sta);
4300 }
4301 }
4302
4303 if (status->flags & IEEE80211_TX_STATUS_TX_FILTERED) {
4304 struct sta_info *sta;
4305 sta = sta_info_get(local, hdr->addr1);
4306 if (sta) {
4307 sta->tx_filtered_count++;
4308
4309 /* Clear the TX filter mask for this STA when sending
4310 * the next packet. If the STA went to power save mode,
4311 * this will happen when it is waking up for the next
4312 * time. */
4313 sta->clear_dst_mask = 1;
4314
4315 /* TODO: Is the WLAN_STA_PS flag always set here or is
4316 * the race between RX and TX status causing some
4317 * packets to be filtered out before 80211.o gets an
4318 * update for PS status? This seems to be the case, so
4319 * no changes are likely to be needed. */
4320 if (sta->flags & WLAN_STA_PS &&
4321 skb_queue_len(&sta->tx_filtered) <
4322 STA_MAX_TX_BUFFER) {
4323 ieee80211_remove_tx_extra(local, sta->key,
4324 skb,
4325 &status->control);
4326 skb_queue_tail(&sta->tx_filtered, skb);
4327 } else if (!(sta->flags & WLAN_STA_PS) &&
4328 !(status->control.flags & IEEE80211_TXCTL_REQUEUE)) {
4329 /* Software retry the packet once */
4330 status->control.flags |= IEEE80211_TXCTL_REQUEUE;
4331 ieee80211_remove_tx_extra(local, sta->key,
4332 skb,
4333 &status->control);
4334 dev_queue_xmit(skb);
4335 } else {
4336 if (net_ratelimit()) {
4337 printk(KERN_DEBUG "%s: dropped TX "
4338 "filtered frame queue_len=%d "
4339 "PS=%d @%lu\n",
4340 local->mdev->name,
4341 skb_queue_len(
4342 &sta->tx_filtered),
4343 !!(sta->flags & WLAN_STA_PS),
4344 jiffies);
4345 }
4346 dev_kfree_skb(skb);
4347 }
4348 sta_info_put(sta);
4349 return;
4350 }
4351 } else {
4352 /* FIXME: STUPID to call this with both local and local->mdev */
4353 rate_control_tx_status(local, local->mdev, skb, status);
4354 }
4355
4356 ieee80211_led_tx(local, 0);
4357
4358 /* SNMP counters
4359 * Fragments are passed to low-level drivers as separate skbs, so these
4360 * are actually fragments, not frames. Update frame counters only for
4361 * the first fragment of the frame. */
4362
4363 frag = le16_to_cpu(hdr->seq_ctrl) & IEEE80211_SCTL_FRAG;
4364 type = le16_to_cpu(hdr->frame_control) & IEEE80211_FCTL_FTYPE;
4365
4366 if (status->flags & IEEE80211_TX_STATUS_ACK) {
4367 if (frag == 0) {
4368 local->dot11TransmittedFrameCount++;
4369 if (is_multicast_ether_addr(hdr->addr1))
4370 local->dot11MulticastTransmittedFrameCount++;
4371 if (status->retry_count > 0)
4372 local->dot11RetryCount++;
4373 if (status->retry_count > 1)
4374 local->dot11MultipleRetryCount++;
4375 }
4376
4377 /* This counter shall be incremented for an acknowledged MPDU
4378 * with an individual address in the address 1 field or an MPDU
4379 * with a multicast address in the address 1 field of type Data
4380 * or Management. */
4381 if (!is_multicast_ether_addr(hdr->addr1) ||
4382 type == IEEE80211_FTYPE_DATA ||
4383 type == IEEE80211_FTYPE_MGMT)
4384 local->dot11TransmittedFragmentCount++;
4385 } else {
4386 if (frag == 0)
4387 local->dot11FailedCount++;
4388 }
4389
4390 if (!(status->control.flags & IEEE80211_TXCTL_REQ_TX_STATUS)
4391 || unlikely(!local->apdev)) {
4392 dev_kfree_skb(skb);
4393 return;
4394 }
4395
4396 msg_type = (status->flags & IEEE80211_TX_STATUS_ACK) ?
4397 ieee80211_msg_tx_callback_ack : ieee80211_msg_tx_callback_fail;
4398
4399 /* skb was the original skb used for TX. Clone it and give the clone
4400 * to netif_rx(). Free original skb. */
4401 skb2 = skb_copy(skb, GFP_ATOMIC);
4402 if (!skb2) {
4403 dev_kfree_skb(skb);
4404 return;
4405 }
4406 dev_kfree_skb(skb);
4407 skb = skb2;
4408
4409 /* Send frame to hostapd */
4410 ieee80211_rx_mgmt(local, skb, NULL, msg_type);
4411}
4412EXPORT_SYMBOL(ieee80211_tx_status);
4413
4414/* TODO: implement register/unregister functions for adding TX/RX handlers
4415 * into ordered list */
4416
4417/* rx_pre handlers don't have dev and sdata fields available in
4418 * ieee80211_txrx_data */
4419static ieee80211_rx_handler ieee80211_rx_pre_handlers[] =
4420{
4421 ieee80211_rx_h_parse_qos,
4422 ieee80211_rx_h_load_stats,
4423 NULL
4424};
4425
4426static ieee80211_rx_handler ieee80211_rx_handlers[] =
4427{
4428 ieee80211_rx_h_if_stats,
4429 ieee80211_rx_h_monitor,
4430 ieee80211_rx_h_passive_scan,
4431 ieee80211_rx_h_check,
4432 ieee80211_rx_h_sta_process,
4433 ieee80211_rx_h_ccmp_decrypt,
4434 ieee80211_rx_h_tkip_decrypt,
4435 ieee80211_rx_h_wep_weak_iv_detection,
4436 ieee80211_rx_h_wep_decrypt,
4437 ieee80211_rx_h_defragment,
4438 ieee80211_rx_h_ps_poll,
4439 ieee80211_rx_h_michael_mic_verify,
4440 /* this must be after decryption - so header is counted in MPDU mic
4441 * must be before pae and data, so QOS_DATA format frames
4442 * are not passed to user space by these functions
4443 */
4444 ieee80211_rx_h_remove_qos_control,
4445 ieee80211_rx_h_802_1x_pae,
4446 ieee80211_rx_h_drop_unencrypted,
4447 ieee80211_rx_h_data,
4448 ieee80211_rx_h_mgmt,
4449 NULL
4450};
4451
4452static ieee80211_tx_handler ieee80211_tx_handlers[] =
4453{
4454 ieee80211_tx_h_check_assoc,
4455 ieee80211_tx_h_sequence,
4456 ieee80211_tx_h_ps_buf,
4457 ieee80211_tx_h_select_key,
4458 ieee80211_tx_h_michael_mic_add,
4459 ieee80211_tx_h_fragment,
4460 ieee80211_tx_h_tkip_encrypt,
4461 ieee80211_tx_h_ccmp_encrypt,
4462 ieee80211_tx_h_wep_encrypt,
4463 ieee80211_tx_h_rate_ctrl,
4464 ieee80211_tx_h_misc,
4465 ieee80211_tx_h_load_stats,
4466 NULL
4467};
4468
4469
4470int ieee80211_if_update_wds(struct net_device *dev, u8 *remote_addr)
4471{
4472 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
4473 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4474 struct sta_info *sta;
4475
4476 if (compare_ether_addr(remote_addr, sdata->u.wds.remote_addr) == 0)
4477 return 0;
4478
4479 /* Create STA entry for the new peer */
4480 sta = sta_info_add(local, dev, remote_addr, GFP_KERNEL);
4481 if (!sta)
4482 return -ENOMEM;
4483 sta_info_put(sta);
4484
4485 /* Remove STA entry for the old peer */
4486 sta = sta_info_get(local, sdata->u.wds.remote_addr);
4487 if (sta) {
4488 sta_info_put(sta);
4489 sta_info_free(sta, 0);
4490 } else {
4491 printk(KERN_DEBUG "%s: could not find STA entry for WDS link "
4492 "peer " MAC_FMT "\n",
4493 dev->name, MAC_ARG(sdata->u.wds.remote_addr));
4494 }
4495
4496 /* Update WDS link data */
4497 memcpy(&sdata->u.wds.remote_addr, remote_addr, ETH_ALEN);
4498
4499 return 0;
4500}
4501
4502/* Must not be called for mdev and apdev */
4503void ieee80211_if_setup(struct net_device *dev)
4504{
4505 ether_setup(dev);
4506 dev->hard_start_xmit = ieee80211_subif_start_xmit;
4507 dev->wireless_handlers = &ieee80211_iw_handler_def;
4508 dev->set_multicast_list = ieee80211_set_multicast_list;
4509 dev->change_mtu = ieee80211_change_mtu;
4510 dev->get_stats = ieee80211_get_stats;
4511 dev->open = ieee80211_open;
4512 dev->stop = ieee80211_stop;
4513 dev->uninit = ieee80211_if_reinit;
4514 dev->destructor = ieee80211_if_free;
4515}
4516
4517void ieee80211_if_mgmt_setup(struct net_device *dev)
4518{
4519 ether_setup(dev);
4520 dev->hard_start_xmit = ieee80211_mgmt_start_xmit;
4521 dev->change_mtu = ieee80211_change_mtu_apdev;
4522 dev->get_stats = ieee80211_get_stats;
4523 dev->open = ieee80211_mgmt_open;
4524 dev->stop = ieee80211_mgmt_stop;
4525 dev->type = ARPHRD_IEEE80211_PRISM;
4526 dev->hard_header_parse = header_parse_80211;
4527 dev->uninit = ieee80211_if_reinit;
4528 dev->destructor = ieee80211_if_free;
4529}
4530
4531int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local,
4532 const char *name)
4533{
4534 struct rate_control_ref *ref, *old;
4535
4536 ASSERT_RTNL();
4537 if (local->open_count || netif_running(local->mdev) ||
4538 (local->apdev && netif_running(local->apdev)))
4539 return -EBUSY;
4540
4541 ref = rate_control_alloc(name, local);
4542 if (!ref) {
4543 printk(KERN_WARNING "%s: Failed to select rate control "
4544 "algorithm\n", local->mdev->name);
4545 return -ENOENT;
4546 }
4547
4548 old = local->rate_ctrl;
4549 local->rate_ctrl = ref;
4550 if (old) {
4551 rate_control_put(old);
4552 sta_info_flush(local, NULL);
4553 }
4554
4555 printk(KERN_DEBUG "%s: Selected rate control "
4556 "algorithm '%s'\n", local->mdev->name,
4557 ref->ops->name);
4558
4559
4560 return 0;
4561}
4562
4563static void rate_control_deinitialize(struct ieee80211_local *local)
4564{
4565 struct rate_control_ref *ref;
4566
4567 ref = local->rate_ctrl;
4568 local->rate_ctrl = NULL;
4569 rate_control_put(ref);
4570}
4571
4572struct ieee80211_hw *ieee80211_alloc_hw(size_t priv_data_len,
4573 const struct ieee80211_ops *ops)
4574{
4575 struct net_device *mdev;
4576 struct ieee80211_local *local;
4577 struct ieee80211_sub_if_data *sdata;
4578 int priv_size;
4579 struct wiphy *wiphy;
4580
4581 /* Ensure 32-byte alignment of our private data and hw private data.
4582 * We use the wiphy priv data for both our ieee80211_local and for
4583 * the driver's private data
4584 *
4585 * In memory it'll be like this:
4586 *
4587 * +-------------------------+
4588 * | struct wiphy |
4589 * +-------------------------+
4590 * | struct ieee80211_local |
4591 * +-------------------------+
4592 * | driver's private data |
4593 * +-------------------------+
4594 *
4595 */
4596 priv_size = ((sizeof(struct ieee80211_local) +
4597 NETDEV_ALIGN_CONST) & ~NETDEV_ALIGN_CONST) +
4598 priv_data_len;
4599
4600 wiphy = wiphy_new(&mac80211_config_ops, priv_size);
4601
4602 if (!wiphy)
4603 return NULL;
4604
4605 wiphy->privid = mac80211_wiphy_privid;
4606
4607 local = wiphy_priv(wiphy);
4608 local->hw.wiphy = wiphy;
4609
4610 local->hw.priv = (char *)local +
4611 ((sizeof(struct ieee80211_local) +
4612 NETDEV_ALIGN_CONST) & ~NETDEV_ALIGN_CONST);
4613
4614 local->ops = ops;
4615
4616 /* for now, mdev needs sub_if_data :/ */
4617 mdev = alloc_netdev(sizeof(struct ieee80211_sub_if_data),
4618 "wmaster%d", ether_setup);
4619 if (!mdev) {
4620 wiphy_free(wiphy);
4621 return NULL;
4622 }
4623
4624 sdata = IEEE80211_DEV_TO_SUB_IF(mdev);
4625 mdev->ieee80211_ptr = &sdata->wdev;
4626 sdata->wdev.wiphy = wiphy;
4627
4628 local->hw.queues = 1; /* default */
4629
4630 local->mdev = mdev;
4631 local->rx_pre_handlers = ieee80211_rx_pre_handlers;
4632 local->rx_handlers = ieee80211_rx_handlers;
4633 local->tx_handlers = ieee80211_tx_handlers;
4634
4635 local->bridge_packets = 1;
4636
4637 local->rts_threshold = IEEE80211_MAX_RTS_THRESHOLD;
4638 local->fragmentation_threshold = IEEE80211_MAX_FRAG_THRESHOLD;
4639 local->short_retry_limit = 7;
4640 local->long_retry_limit = 4;
4641 local->hw.conf.radio_enabled = 1;
4642 local->rate_ctrl_num_up = RATE_CONTROL_NUM_UP;
4643 local->rate_ctrl_num_down = RATE_CONTROL_NUM_DOWN;
4644
4645 local->enabled_modes = (unsigned int) -1;
4646
4647 INIT_LIST_HEAD(&local->modes_list);
4648
4649 rwlock_init(&local->sub_if_lock);
4650 INIT_LIST_HEAD(&local->sub_if_list);
4651
4652 INIT_DELAYED_WORK(&local->scan_work, ieee80211_sta_scan_work);
4653 init_timer(&local->stat_timer);
4654 local->stat_timer.function = ieee80211_stat_refresh;
4655 local->stat_timer.data = (unsigned long) local;
4656 ieee80211_rx_bss_list_init(mdev);
4657
4658 sta_info_init(local);
4659
4660 mdev->hard_start_xmit = ieee80211_master_start_xmit;
4661 mdev->open = ieee80211_master_open;
4662 mdev->stop = ieee80211_master_stop;
4663 mdev->type = ARPHRD_IEEE80211;
4664 mdev->hard_header_parse = header_parse_80211;
4665
4666 sdata->type = IEEE80211_IF_TYPE_AP;
4667 sdata->dev = mdev;
4668 sdata->local = local;
4669 sdata->u.ap.force_unicast_rateidx = -1;
4670 sdata->u.ap.max_ratectrl_rateidx = -1;
4671 ieee80211_if_sdata_init(sdata);
4672 list_add_tail(&sdata->list, &local->sub_if_list);
4673
4674 tasklet_init(&local->tx_pending_tasklet, ieee80211_tx_pending,
4675 (unsigned long)local);
4676 tasklet_disable(&local->tx_pending_tasklet);
4677
4678 tasklet_init(&local->tasklet,
4679 ieee80211_tasklet_handler,
4680 (unsigned long) local);
4681 tasklet_disable(&local->tasklet);
4682
4683 skb_queue_head_init(&local->skb_queue);
4684 skb_queue_head_init(&local->skb_queue_unreliable);
4685
4686 return local_to_hw(local);
4687}
4688EXPORT_SYMBOL(ieee80211_alloc_hw);
4689
4690int ieee80211_register_hw(struct ieee80211_hw *hw)
4691{
4692 struct ieee80211_local *local = hw_to_local(hw);
4693 const char *name;
4694 int result;
4695
4696 result = wiphy_register(local->hw.wiphy);
4697 if (result < 0)
4698 return result;
4699
4700 name = wiphy_dev(local->hw.wiphy)->driver->name;
4701 local->hw.workqueue = create_singlethread_workqueue(name);
4702 if (!local->hw.workqueue) {
4703 result = -ENOMEM;
4704 goto fail_workqueue;
4705 }
4706
4707 local->hw.conf.beacon_int = 1000;
4708
4709 local->wstats_flags |= local->hw.max_rssi ?
4710 IW_QUAL_LEVEL_UPDATED : IW_QUAL_LEVEL_INVALID;
4711 local->wstats_flags |= local->hw.max_signal ?
4712 IW_QUAL_QUAL_UPDATED : IW_QUAL_QUAL_INVALID;
4713 local->wstats_flags |= local->hw.max_noise ?
4714 IW_QUAL_NOISE_UPDATED : IW_QUAL_NOISE_INVALID;
4715 if (local->hw.max_rssi < 0 || local->hw.max_noise < 0)
4716 local->wstats_flags |= IW_QUAL_DBM;
4717
4718 result = sta_info_start(local);
4719 if (result < 0)
4720 goto fail_sta_info;
4721
4722 rtnl_lock();
4723 result = dev_alloc_name(local->mdev, local->mdev->name);
4724 if (result < 0)
4725 goto fail_dev;
4726
4727 memcpy(local->mdev->dev_addr, local->hw.wiphy->perm_addr, ETH_ALEN);
4728 SET_NETDEV_DEV(local->mdev, wiphy_dev(local->hw.wiphy));
4729
4730 result = register_netdevice(local->mdev);
4731 if (result < 0)
4732 goto fail_dev;
4733
4734 result = ieee80211_init_rate_ctrl_alg(local, NULL);
4735 if (result < 0) {
4736 printk(KERN_DEBUG "%s: Failed to initialize rate control "
4737 "algorithm\n", local->mdev->name);
4738 goto fail_rate;
4739 }
4740
4741 result = ieee80211_wep_init(local);
4742
4743 if (result < 0) {
4744 printk(KERN_DEBUG "%s: Failed to initialize wep\n",
4745 local->mdev->name);
4746 goto fail_wep;
4747 }
4748
4749 ieee80211_install_qdisc(local->mdev);
4750
4751 /* add one default STA interface */
4752 result = ieee80211_if_add(local->mdev, "wlan%d", NULL,
4753 IEEE80211_IF_TYPE_STA);
4754 if (result)
4755 printk(KERN_WARNING "%s: Failed to add default virtual iface\n",
4756 local->mdev->name);
4757
4758 local->reg_state = IEEE80211_DEV_REGISTERED;
4759 rtnl_unlock();
4760
4761 ieee80211_led_init(local);
4762
4763 return 0;
4764
4765fail_wep:
4766 rate_control_deinitialize(local);
4767fail_rate:
4768 unregister_netdevice(local->mdev);
4769fail_dev:
4770 rtnl_unlock();
4771 sta_info_stop(local);
4772fail_sta_info:
4773 destroy_workqueue(local->hw.workqueue);
4774fail_workqueue:
4775 wiphy_unregister(local->hw.wiphy);
4776 return result;
4777}
4778EXPORT_SYMBOL(ieee80211_register_hw);
4779
4780int ieee80211_register_hwmode(struct ieee80211_hw *hw,
4781 struct ieee80211_hw_mode *mode)
4782{
4783 struct ieee80211_local *local = hw_to_local(hw);
4784 struct ieee80211_rate *rate;
4785 int i;
4786
4787 INIT_LIST_HEAD(&mode->list);
4788 list_add_tail(&mode->list, &local->modes_list);
4789
4790 local->hw_modes |= (1 << mode->mode);
4791 for (i = 0; i < mode->num_rates; i++) {
4792 rate = &(mode->rates[i]);
4793 rate->rate_inv = CHAN_UTIL_RATE_LCM / rate->rate;
4794 }
4795 ieee80211_prepare_rates(local, mode);
4796
4797 if (!local->oper_hw_mode) {
4798 /* Default to this mode */
4799 local->hw.conf.phymode = mode->mode;
4800 local->oper_hw_mode = local->scan_hw_mode = mode;
4801 local->oper_channel = local->scan_channel = &mode->channels[0];
4802 local->hw.conf.mode = local->oper_hw_mode;
4803 local->hw.conf.chan = local->oper_channel;
4804 }
4805
4806 if (!(hw->flags & IEEE80211_HW_DEFAULT_REG_DOMAIN_CONFIGURED))
4807 ieee80211_init_client(local->mdev);
4808
4809 return 0;
4810}
4811EXPORT_SYMBOL(ieee80211_register_hwmode);
4812
4813void ieee80211_unregister_hw(struct ieee80211_hw *hw)
4814{
4815 struct ieee80211_local *local = hw_to_local(hw);
4816 struct ieee80211_sub_if_data *sdata, *tmp;
4817 struct list_head tmp_list;
4818 int i;
4819
4820 tasklet_kill(&local->tx_pending_tasklet);
4821 tasklet_kill(&local->tasklet);
4822
4823 rtnl_lock();
4824
4825 BUG_ON(local->reg_state != IEEE80211_DEV_REGISTERED);
4826
4827 local->reg_state = IEEE80211_DEV_UNREGISTERED;
4828 if (local->apdev)
4829 ieee80211_if_del_mgmt(local);
4830
4831 write_lock_bh(&local->sub_if_lock);
4832 list_replace_init(&local->sub_if_list, &tmp_list);
4833 write_unlock_bh(&local->sub_if_lock);
4834
4835 list_for_each_entry_safe(sdata, tmp, &tmp_list, list)
4836 __ieee80211_if_del(local, sdata);
4837
4838 rtnl_unlock();
4839
4840 if (local->stat_time)
4841 del_timer_sync(&local->stat_timer);
4842
4843 ieee80211_rx_bss_list_deinit(local->mdev);
4844 ieee80211_clear_tx_pending(local);
4845 sta_info_stop(local);
4846 rate_control_deinitialize(local);
4847
4848 for (i = 0; i < NUM_IEEE80211_MODES; i++) {
4849 kfree(local->supp_rates[i]);
4850 kfree(local->basic_rates[i]);
4851 }
4852
4853 if (skb_queue_len(&local->skb_queue)
4854 || skb_queue_len(&local->skb_queue_unreliable))
4855 printk(KERN_WARNING "%s: skb_queue not empty\n",
4856 local->mdev->name);
4857 skb_queue_purge(&local->skb_queue);
4858 skb_queue_purge(&local->skb_queue_unreliable);
4859
4860 destroy_workqueue(local->hw.workqueue);
4861 wiphy_unregister(local->hw.wiphy);
4862 ieee80211_wep_free(local);
4863 ieee80211_led_exit(local);
4864}
4865EXPORT_SYMBOL(ieee80211_unregister_hw);
4866
4867void ieee80211_free_hw(struct ieee80211_hw *hw)
4868{
4869 struct ieee80211_local *local = hw_to_local(hw);
4870
4871 ieee80211_if_free(local->mdev);
4872 wiphy_free(local->hw.wiphy);
4873}
4874EXPORT_SYMBOL(ieee80211_free_hw);
4875
4876void ieee80211_wake_queue(struct ieee80211_hw *hw, int queue)
4877{
4878 struct ieee80211_local *local = hw_to_local(hw);
4879
4880 if (test_and_clear_bit(IEEE80211_LINK_STATE_XOFF,
4881 &local->state[queue])) {
4882 if (test_bit(IEEE80211_LINK_STATE_PENDING,
4883 &local->state[queue]))
4884 tasklet_schedule(&local->tx_pending_tasklet);
4885 else
4886 if (!ieee80211_qdisc_installed(local->mdev)) {
4887 if (queue == 0)
4888 netif_wake_queue(local->mdev);
4889 } else
4890 __netif_schedule(local->mdev);
4891 }
4892}
4893EXPORT_SYMBOL(ieee80211_wake_queue);
4894
4895void ieee80211_stop_queue(struct ieee80211_hw *hw, int queue)
4896{
4897 struct ieee80211_local *local = hw_to_local(hw);
4898
4899 if (!ieee80211_qdisc_installed(local->mdev) && queue == 0)
4900 netif_stop_queue(local->mdev);
4901 set_bit(IEEE80211_LINK_STATE_XOFF, &local->state[queue]);
4902}
4903EXPORT_SYMBOL(ieee80211_stop_queue);
4904
4905void ieee80211_start_queues(struct ieee80211_hw *hw)
4906{
4907 struct ieee80211_local *local = hw_to_local(hw);
4908 int i;
4909
4910 for (i = 0; i < local->hw.queues; i++)
4911 clear_bit(IEEE80211_LINK_STATE_XOFF, &local->state[i]);
4912 if (!ieee80211_qdisc_installed(local->mdev))
4913 netif_start_queue(local->mdev);
4914}
4915EXPORT_SYMBOL(ieee80211_start_queues);
4916
4917void ieee80211_stop_queues(struct ieee80211_hw *hw)
4918{
4919 int i;
4920
4921 for (i = 0; i < hw->queues; i++)
4922 ieee80211_stop_queue(hw, i);
4923}
4924EXPORT_SYMBOL(ieee80211_stop_queues);
4925
4926void ieee80211_wake_queues(struct ieee80211_hw *hw)
4927{
4928 int i;
4929
4930 for (i = 0; i < hw->queues; i++)
4931 ieee80211_wake_queue(hw, i);
4932}
4933EXPORT_SYMBOL(ieee80211_wake_queues);
4934
4935struct net_device_stats *ieee80211_dev_stats(struct net_device *dev)
4936{
4937 struct ieee80211_sub_if_data *sdata;
4938 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4939 return &sdata->stats;
4940}
4941
4942static int __init ieee80211_init(void)
4943{
4944 struct sk_buff *skb;
4945 int ret;
4946
4947 BUILD_BUG_ON(sizeof(struct ieee80211_tx_packet_data) > sizeof(skb->cb));
4948
4949 ret = ieee80211_wme_register();
4950 if (ret) {
4951 printk(KERN_DEBUG "ieee80211_init: failed to "
4952 "initialize WME (err=%d)\n", ret);
4953 return ret;
4954 }
4955
4956 return 0;
4957}
4958
4959
4960static void __exit ieee80211_exit(void)
4961{
4962 ieee80211_wme_unregister();
4963}
4964
4965
4966module_init(ieee80211_init);
4967module_exit(ieee80211_exit);
4968
4969MODULE_DESCRIPTION("IEEE 802.11 subsystem");
4970MODULE_LICENSE("GPL");
diff --git a/net/mac80211/ieee80211_cfg.c b/net/mac80211/ieee80211_cfg.c
new file mode 100644
index 000000000000..509096edb324
--- /dev/null
+++ b/net/mac80211/ieee80211_cfg.c
@@ -0,0 +1,66 @@
1/*
2 * mac80211 configuration hooks for cfg80211
3 *
4 * Copyright 2006 Johannes Berg <johannes@sipsolutions.net>
5 *
6 * This file is GPLv2 as found in COPYING.
7 */
8
9#include <linux/nl80211.h>
10#include <linux/rtnetlink.h>
11#include <net/cfg80211.h>
12#include "ieee80211_i.h"
13#include "ieee80211_cfg.h"
14
15static int ieee80211_add_iface(struct wiphy *wiphy, char *name,
16 unsigned int type)
17{
18 struct ieee80211_local *local = wiphy_priv(wiphy);
19 int itype;
20
21 if (unlikely(local->reg_state != IEEE80211_DEV_REGISTERED))
22 return -ENODEV;
23
24 switch (type) {
25 case NL80211_IFTYPE_UNSPECIFIED:
26 itype = IEEE80211_IF_TYPE_STA;
27 break;
28 case NL80211_IFTYPE_ADHOC:
29 itype = IEEE80211_IF_TYPE_IBSS;
30 break;
31 case NL80211_IFTYPE_STATION:
32 itype = IEEE80211_IF_TYPE_STA;
33 break;
34 case NL80211_IFTYPE_MONITOR:
35 itype = IEEE80211_IF_TYPE_MNTR;
36 break;
37 default:
38 return -EINVAL;
39 }
40
41 return ieee80211_if_add(local->mdev, name, NULL, itype);
42}
43
44static int ieee80211_del_iface(struct wiphy *wiphy, int ifindex)
45{
46 struct ieee80211_local *local = wiphy_priv(wiphy);
47 struct net_device *dev;
48 char *name;
49
50 if (unlikely(local->reg_state != IEEE80211_DEV_REGISTERED))
51 return -ENODEV;
52
53 dev = dev_get_by_index(ifindex);
54 if (!dev)
55 return 0;
56
57 name = dev->name;
58 dev_put(dev);
59
60 return ieee80211_if_remove(local->mdev, name, -1);
61}
62
63struct cfg80211_ops mac80211_config_ops = {
64 .add_virtual_intf = ieee80211_add_iface,
65 .del_virtual_intf = ieee80211_del_iface,
66};
diff --git a/net/mac80211/ieee80211_cfg.h b/net/mac80211/ieee80211_cfg.h
new file mode 100644
index 000000000000..85ed2c924878
--- /dev/null
+++ b/net/mac80211/ieee80211_cfg.h
@@ -0,0 +1,9 @@
1/*
2 * mac80211 configuration hooks for cfg80211
3 */
4#ifndef __IEEE80211_CFG_H
5#define __IEEE80211_CFG_H
6
7extern struct cfg80211_ops mac80211_config_ops;
8
9#endif /* __IEEE80211_CFG_H */
diff --git a/net/mac80211/ieee80211_common.h b/net/mac80211/ieee80211_common.h
new file mode 100644
index 000000000000..b9a73e7f5f75
--- /dev/null
+++ b/net/mac80211/ieee80211_common.h
@@ -0,0 +1,98 @@
1/*
2 * IEEE 802.11 driver (80211.o) -- hostapd interface
3 * Copyright 2002-2004, Instant802 Networks, Inc.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 */
9
10#ifndef IEEE80211_COMMON_H
11#define IEEE80211_COMMON_H
12
13#include <linux/types.h>
14
15/*
16 * This is common header information with user space. It is used on all
17 * frames sent to wlan#ap interface.
18 */
19
20#define IEEE80211_FI_VERSION 0x80211001
21
22struct ieee80211_frame_info {
23 __be32 version;
24 __be32 length;
25 __be64 mactime;
26 __be64 hosttime;
27 __be32 phytype;
28 __be32 channel;
29 __be32 datarate;
30 __be32 antenna;
31 __be32 priority;
32 __be32 ssi_type;
33 __be32 ssi_signal;
34 __be32 ssi_noise;
35 __be32 preamble;
36 __be32 encoding;
37
38 /* Note: this structure is otherwise identical to capture format used
39 * in linux-wlan-ng, but this additional field is used to provide meta
40 * data about the frame to hostapd. This was the easiest method for
41 * providing this information, but this might change in the future. */
42 __be32 msg_type;
43} __attribute__ ((packed));
44
45
46enum ieee80211_msg_type {
47 ieee80211_msg_normal = 0,
48 ieee80211_msg_tx_callback_ack = 1,
49 ieee80211_msg_tx_callback_fail = 2,
50 ieee80211_msg_passive_scan = 3,
51 ieee80211_msg_wep_frame_unknown_key = 4,
52 ieee80211_msg_michael_mic_failure = 5,
53 /* hole at 6, was monitor but never sent to userspace */
54 ieee80211_msg_sta_not_assoc = 7,
55 ieee80211_msg_set_aid_for_sta = 8 /* used by Intersil MVC driver */,
56 ieee80211_msg_key_threshold_notification = 9,
57 ieee80211_msg_radar = 11,
58};
59
60struct ieee80211_msg_set_aid_for_sta {
61 char sta_address[ETH_ALEN];
62 u16 aid;
63};
64
65struct ieee80211_msg_key_notification {
66 int tx_rx_count;
67 char ifname[IFNAMSIZ];
68 u8 addr[ETH_ALEN]; /* ff:ff:ff:ff:ff:ff for broadcast keys */
69};
70
71
72enum ieee80211_phytype {
73 ieee80211_phytype_fhss_dot11_97 = 1,
74 ieee80211_phytype_dsss_dot11_97 = 2,
75 ieee80211_phytype_irbaseband = 3,
76 ieee80211_phytype_dsss_dot11_b = 4,
77 ieee80211_phytype_pbcc_dot11_b = 5,
78 ieee80211_phytype_ofdm_dot11_g = 6,
79 ieee80211_phytype_pbcc_dot11_g = 7,
80 ieee80211_phytype_ofdm_dot11_a = 8,
81 ieee80211_phytype_dsss_dot11_turbog = 255,
82 ieee80211_phytype_dsss_dot11_turbo = 256,
83};
84
85enum ieee80211_ssi_type {
86 ieee80211_ssi_none = 0,
87 ieee80211_ssi_norm = 1, /* normalized, 0-1000 */
88 ieee80211_ssi_dbm = 2,
89 ieee80211_ssi_raw = 3, /* raw SSI */
90};
91
92struct ieee80211_radar_info {
93 int channel;
94 int radar;
95 int radar_type;
96};
97
98#endif /* IEEE80211_COMMON_H */
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
new file mode 100644
index 000000000000..ae94d6461798
--- /dev/null
+++ b/net/mac80211/ieee80211_i.h
@@ -0,0 +1,671 @@
1/*
2 * Copyright 2002-2005, Instant802 Networks, Inc.
3 * Copyright 2005, Devicescape Software, Inc.
4 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation.
9 */
10
11#ifndef IEEE80211_I_H
12#define IEEE80211_I_H
13
14#include <linux/kernel.h>
15#include <linux/device.h>
16#include <linux/if_ether.h>
17#include <linux/interrupt.h>
18#include <linux/list.h>
19#include <linux/netdevice.h>
20#include <linux/skbuff.h>
21#include <linux/workqueue.h>
22#include <linux/types.h>
23#include <linux/spinlock.h>
24#include <net/wireless.h>
25#include "ieee80211_key.h"
26#include "sta_info.h"
27
28/* ieee80211.o internal definitions, etc. These are not included into
29 * low-level drivers. */
30
31#ifndef ETH_P_PAE
32#define ETH_P_PAE 0x888E /* Port Access Entity (IEEE 802.1X) */
33#endif /* ETH_P_PAE */
34
35#define WLAN_FC_DATA_PRESENT(fc) (((fc) & 0x4c) == 0x08)
36
37struct ieee80211_local;
38
39#define BIT(x) (1 << (x))
40
41#define IEEE80211_ALIGN32_PAD(a) ((4 - ((a) & 3)) & 3)
42
43/* Maximum number of broadcast/multicast frames to buffer when some of the
44 * associated stations are using power saving. */
45#define AP_MAX_BC_BUFFER 128
46
47/* Maximum number of frames buffered to all STAs, including multicast frames.
48 * Note: increasing this limit increases the potential memory requirement. Each
49 * frame can be up to about 2 kB long. */
50#define TOTAL_MAX_TX_BUFFER 512
51
52/* Required encryption head and tailroom */
53#define IEEE80211_ENCRYPT_HEADROOM 8
54#define IEEE80211_ENCRYPT_TAILROOM 12
55
56/* IEEE 802.11 (Ch. 9.5 Defragmentation) requires support for concurrent
57 * reception of at least three fragmented frames. This limit can be increased
58 * by changing this define, at the cost of slower frame reassembly and
59 * increased memory use (about 2 kB of RAM per entry). */
60#define IEEE80211_FRAGMENT_MAX 4
61
62struct ieee80211_fragment_entry {
63 unsigned long first_frag_time;
64 unsigned int seq;
65 unsigned int rx_queue;
66 unsigned int last_frag;
67 unsigned int extra_len;
68 struct sk_buff_head skb_list;
69 int ccmp; /* Whether fragments were encrypted with CCMP */
70 u8 last_pn[6]; /* PN of the last fragment if CCMP was used */
71};
72
73
74struct ieee80211_sta_bss {
75 struct list_head list;
76 struct ieee80211_sta_bss *hnext;
77 atomic_t users;
78
79 u8 bssid[ETH_ALEN];
80 u8 ssid[IEEE80211_MAX_SSID_LEN];
81 size_t ssid_len;
82 u16 capability; /* host byte order */
83 int hw_mode;
84 int channel;
85 int freq;
86 int rssi, signal, noise;
87 u8 *wpa_ie;
88 size_t wpa_ie_len;
89 u8 *rsn_ie;
90 size_t rsn_ie_len;
91 u8 *wmm_ie;
92 size_t wmm_ie_len;
93#define IEEE80211_MAX_SUPP_RATES 32
94 u8 supp_rates[IEEE80211_MAX_SUPP_RATES];
95 size_t supp_rates_len;
96 int beacon_int;
97 u64 timestamp;
98
99 int probe_resp;
100 unsigned long last_update;
101
102};
103
104
105typedef enum {
106 TXRX_CONTINUE, TXRX_DROP, TXRX_QUEUED
107} ieee80211_txrx_result;
108
109struct ieee80211_txrx_data {
110 struct sk_buff *skb;
111 struct net_device *dev;
112 struct ieee80211_local *local;
113 struct ieee80211_sub_if_data *sdata;
114 struct sta_info *sta;
115 u16 fc, ethertype;
116 struct ieee80211_key *key;
117 unsigned int fragmented:1; /* whether the MSDU was fragmented */
118 union {
119 struct {
120 struct ieee80211_tx_control *control;
121 unsigned int unicast:1;
122 unsigned int ps_buffered:1;
123 unsigned int short_preamble:1;
124 unsigned int probe_last_frag:1;
125 struct ieee80211_hw_mode *mode;
126 struct ieee80211_rate *rate;
127 /* use this rate (if set) for last fragment; rate can
128 * be set to lower rate for the first fragments, e.g.,
129 * when using CTS protection with IEEE 802.11g. */
130 struct ieee80211_rate *last_frag_rate;
131 int last_frag_hwrate;
132 int mgmt_interface;
133
134 /* Extra fragments (in addition to the first fragment
135 * in skb) */
136 int num_extra_frag;
137 struct sk_buff **extra_frag;
138 } tx;
139 struct {
140 struct ieee80211_rx_status *status;
141 int sent_ps_buffered;
142 int queue;
143 int load;
144 unsigned int in_scan:1;
145 /* frame is destined to interface currently processed
146 * (including multicast frames) */
147 unsigned int ra_match:1;
148 } rx;
149 } u;
150};
151
152/* Stored in sk_buff->cb */
153struct ieee80211_tx_packet_data {
154 int ifindex;
155 unsigned long jiffies;
156 unsigned int req_tx_status:1;
157 unsigned int do_not_encrypt:1;
158 unsigned int requeue:1;
159 unsigned int mgmt_iface:1;
160 unsigned int queue:4;
161};
162
163struct ieee80211_tx_stored_packet {
164 struct ieee80211_tx_control control;
165 struct sk_buff *skb;
166 int num_extra_frag;
167 struct sk_buff **extra_frag;
168 int last_frag_rateidx;
169 int last_frag_hwrate;
170 struct ieee80211_rate *last_frag_rate;
171 unsigned int last_frag_rate_ctrl_probe:1;
172};
173
174typedef ieee80211_txrx_result (*ieee80211_tx_handler)
175(struct ieee80211_txrx_data *tx);
176
177typedef ieee80211_txrx_result (*ieee80211_rx_handler)
178(struct ieee80211_txrx_data *rx);
179
180struct ieee80211_if_ap {
181 u8 *beacon_head, *beacon_tail;
182 int beacon_head_len, beacon_tail_len;
183
184 u8 ssid[IEEE80211_MAX_SSID_LEN];
185 size_t ssid_len;
186 u8 *generic_elem;
187 size_t generic_elem_len;
188
189 /* yes, this looks ugly, but guarantees that we can later use
190 * bitmap_empty :)
191 * NB: don't ever use set_bit, use bss_tim_set/bss_tim_clear! */
192 u8 tim[sizeof(unsigned long) * BITS_TO_LONGS(IEEE80211_MAX_AID + 1)];
193 atomic_t num_sta_ps; /* number of stations in PS mode */
194 struct sk_buff_head ps_bc_buf;
195 int dtim_period, dtim_count;
196 int force_unicast_rateidx; /* forced TX rateidx for unicast frames */
197 int max_ratectrl_rateidx; /* max TX rateidx for rate control */
198 int num_beacons; /* number of TXed beacon frames for this BSS */
199};
200
201struct ieee80211_if_wds {
202 u8 remote_addr[ETH_ALEN];
203 struct sta_info *sta;
204};
205
206struct ieee80211_if_vlan {
207 u8 id;
208};
209
210struct ieee80211_if_sta {
211 enum {
212 IEEE80211_DISABLED, IEEE80211_AUTHENTICATE,
213 IEEE80211_ASSOCIATE, IEEE80211_ASSOCIATED,
214 IEEE80211_IBSS_SEARCH, IEEE80211_IBSS_JOINED
215 } state;
216 struct timer_list timer;
217 struct work_struct work;
218 u8 bssid[ETH_ALEN], prev_bssid[ETH_ALEN];
219 u8 ssid[IEEE80211_MAX_SSID_LEN];
220 size_t ssid_len;
221 u16 aid;
222 u16 ap_capab, capab;
223 u8 *extra_ie; /* to be added to the end of AssocReq */
224 size_t extra_ie_len;
225
226 /* The last AssocReq/Resp IEs */
227 u8 *assocreq_ies, *assocresp_ies;
228 size_t assocreq_ies_len, assocresp_ies_len;
229
230 int auth_tries, assoc_tries;
231
232 unsigned int ssid_set:1;
233 unsigned int bssid_set:1;
234 unsigned int prev_bssid_set:1;
235 unsigned int authenticated:1;
236 unsigned int associated:1;
237 unsigned int probereq_poll:1;
238 unsigned int use_protection:1;
239 unsigned int create_ibss:1;
240 unsigned int mixed_cell:1;
241 unsigned int wmm_enabled:1;
242 unsigned int auto_ssid_sel:1;
243 unsigned int auto_bssid_sel:1;
244 unsigned int auto_channel_sel:1;
245#define IEEE80211_STA_REQ_SCAN 0
246#define IEEE80211_STA_REQ_AUTH 1
247#define IEEE80211_STA_REQ_RUN 2
248 unsigned long request;
249 struct sk_buff_head skb_queue;
250
251 int key_mgmt;
252 unsigned long last_probe;
253
254#define IEEE80211_AUTH_ALG_OPEN BIT(0)
255#define IEEE80211_AUTH_ALG_SHARED_KEY BIT(1)
256#define IEEE80211_AUTH_ALG_LEAP BIT(2)
257 unsigned int auth_algs; /* bitfield of allowed auth algs */
258 int auth_alg; /* currently used IEEE 802.11 authentication algorithm */
259 int auth_transaction;
260
261 unsigned long ibss_join_req;
262 struct sk_buff *probe_resp; /* ProbeResp template for IBSS */
263 u32 supp_rates_bits;
264
265 int wmm_last_param_set;
266};
267
268
269struct ieee80211_sub_if_data {
270 struct list_head list;
271 unsigned int type;
272
273 struct wireless_dev wdev;
274
275 struct net_device *dev;
276 struct ieee80211_local *local;
277
278 int mc_count;
279 unsigned int allmulti:1;
280 unsigned int promisc:1;
281
282 struct net_device_stats stats;
283 int drop_unencrypted;
284 int eapol; /* 0 = process EAPOL frames as normal data frames,
285 * 1 = send EAPOL frames through wlan#ap to hostapd
286 * (default) */
287 int ieee802_1x; /* IEEE 802.1X PAE - drop packet to/from unauthorized
288 * port */
289
290 u16 sequence;
291
292 /* Fragment table for host-based reassembly */
293 struct ieee80211_fragment_entry fragments[IEEE80211_FRAGMENT_MAX];
294 unsigned int fragment_next;
295
296#define NUM_DEFAULT_KEYS 4
297 struct ieee80211_key *keys[NUM_DEFAULT_KEYS];
298 struct ieee80211_key *default_key;
299
300 struct ieee80211_if_ap *bss; /* BSS that this device belongs to */
301
302 union {
303 struct ieee80211_if_ap ap;
304 struct ieee80211_if_wds wds;
305 struct ieee80211_if_vlan vlan;
306 struct ieee80211_if_sta sta;
307 } u;
308 int channel_use;
309 int channel_use_raw;
310};
311
312#define IEEE80211_DEV_TO_SUB_IF(dev) netdev_priv(dev)
313
314enum {
315 IEEE80211_RX_MSG = 1,
316 IEEE80211_TX_STATUS_MSG = 2,
317};
318
319struct ieee80211_local {
320 /* embed the driver visible part.
321 * don't cast (use the static inlines below), but we keep
322 * it first anyway so they become a no-op */
323 struct ieee80211_hw hw;
324
325 const struct ieee80211_ops *ops;
326
327 /* List of registered struct ieee80211_hw_mode */
328 struct list_head modes_list;
329
330 struct net_device *mdev; /* wmaster# - "master" 802.11 device */
331 struct net_device *apdev; /* wlan#ap - management frames (hostapd) */
332 int open_count;
333 int monitors;
334 struct iw_statistics wstats;
335 u8 wstats_flags;
336
337 enum {
338 IEEE80211_DEV_UNINITIALIZED = 0,
339 IEEE80211_DEV_REGISTERED,
340 IEEE80211_DEV_UNREGISTERED,
341 } reg_state;
342
343 /* Tasklet and skb queue to process calls from IRQ mode. All frames
344 * added to skb_queue will be processed, but frames in
345 * skb_queue_unreliable may be dropped if the total length of these
346 * queues increases over the limit. */
347#define IEEE80211_IRQSAFE_QUEUE_LIMIT 128
348 struct tasklet_struct tasklet;
349 struct sk_buff_head skb_queue;
350 struct sk_buff_head skb_queue_unreliable;
351
352 /* Station data structures */
353 spinlock_t sta_lock; /* mutex for STA data structures */
354 int num_sta; /* number of stations in sta_list */
355 struct list_head sta_list;
356 struct list_head deleted_sta_list;
357 struct sta_info *sta_hash[STA_HASH_SIZE];
358 struct timer_list sta_cleanup;
359
360 unsigned long state[NUM_TX_DATA_QUEUES];
361 struct ieee80211_tx_stored_packet pending_packet[NUM_TX_DATA_QUEUES];
362 struct tasklet_struct tx_pending_tasklet;
363
364 int mc_count; /* total count of multicast entries in all interfaces */
365 int iff_allmultis, iff_promiscs;
366 /* number of interfaces with corresponding IFF_ flags */
367
368 struct rate_control_ref *rate_ctrl;
369
370 int next_mode; /* MODE_IEEE80211*
371 * The mode preference for next channel change. This is
372 * used to select .11g vs. .11b channels (or 4.9 GHz vs.
373 * .11a) when the channel number is not unique. */
374
375 /* Supported and basic rate filters for different modes. These are
376 * pointers to -1 terminated lists and rates in 100 kbps units. */
377 int *supp_rates[NUM_IEEE80211_MODES];
378 int *basic_rates[NUM_IEEE80211_MODES];
379
380 int rts_threshold;
381 int cts_protect_erp_frames;
382 int fragmentation_threshold;
383 int short_retry_limit; /* dot11ShortRetryLimit */
384 int long_retry_limit; /* dot11LongRetryLimit */
385 int short_preamble; /* use short preamble with IEEE 802.11b */
386
387 struct crypto_blkcipher *wep_tx_tfm;
388 struct crypto_blkcipher *wep_rx_tfm;
389 u32 wep_iv;
390 int key_tx_rx_threshold; /* number of times any key can be used in TX
391 * or RX before generating a rekey
392 * notification; 0 = notification disabled. */
393
394 int bridge_packets; /* bridge packets between associated stations and
395 * deliver multicast frames both back to wireless
396 * media and to the local net stack */
397
398 ieee80211_rx_handler *rx_pre_handlers;
399 ieee80211_rx_handler *rx_handlers;
400 ieee80211_tx_handler *tx_handlers;
401
402 rwlock_t sub_if_lock; /* Protects sub_if_list. Cannot be taken under
403 * sta_bss_lock or sta_lock. */
404 struct list_head sub_if_list;
405 int sta_scanning;
406 int scan_channel_idx;
407 enum { SCAN_SET_CHANNEL, SCAN_SEND_PROBE } scan_state;
408 unsigned long last_scan_completed;
409 struct delayed_work scan_work;
410 struct net_device *scan_dev;
411 struct ieee80211_channel *oper_channel, *scan_channel;
412 struct ieee80211_hw_mode *oper_hw_mode, *scan_hw_mode;
413 u8 scan_ssid[IEEE80211_MAX_SSID_LEN];
414 size_t scan_ssid_len;
415 struct list_head sta_bss_list;
416 struct ieee80211_sta_bss *sta_bss_hash[STA_HASH_SIZE];
417 spinlock_t sta_bss_lock;
418#define IEEE80211_SCAN_MATCH_SSID BIT(0)
419#define IEEE80211_SCAN_WPA_ONLY BIT(1)
420#define IEEE80211_SCAN_EXTRA_INFO BIT(2)
421 int scan_flags;
422
423 /* SNMP counters */
424 /* dot11CountersTable */
425 u32 dot11TransmittedFragmentCount;
426 u32 dot11MulticastTransmittedFrameCount;
427 u32 dot11FailedCount;
428 u32 dot11RetryCount;
429 u32 dot11MultipleRetryCount;
430 u32 dot11FrameDuplicateCount;
431 u32 dot11ReceivedFragmentCount;
432 u32 dot11MulticastReceivedFrameCount;
433 u32 dot11TransmittedFrameCount;
434 u32 dot11WEPUndecryptableCount;
435
436#ifdef CONFIG_MAC80211_LEDS
437 int tx_led_counter, rx_led_counter;
438 struct led_trigger *tx_led, *rx_led;
439 char tx_led_name[32], rx_led_name[32];
440#endif
441
442 u32 channel_use;
443 u32 channel_use_raw;
444 u32 stat_time;
445 struct timer_list stat_timer;
446
447 enum {
448 STA_ANTENNA_SEL_AUTO = 0,
449 STA_ANTENNA_SEL_SW_CTRL = 1,
450 STA_ANTENNA_SEL_SW_CTRL_DEBUG = 2
451 } sta_antenna_sel;
452
453 int rate_ctrl_num_up, rate_ctrl_num_down;
454
455#ifdef CONFIG_MAC80211_DEBUG_COUNTERS
456 /* TX/RX handler statistics */
457 unsigned int tx_handlers_drop;
458 unsigned int tx_handlers_queued;
459 unsigned int tx_handlers_drop_unencrypted;
460 unsigned int tx_handlers_drop_fragment;
461 unsigned int tx_handlers_drop_wep;
462 unsigned int tx_handlers_drop_not_assoc;
463 unsigned int tx_handlers_drop_unauth_port;
464 unsigned int rx_handlers_drop;
465 unsigned int rx_handlers_queued;
466 unsigned int rx_handlers_drop_nullfunc;
467 unsigned int rx_handlers_drop_defrag;
468 unsigned int rx_handlers_drop_short;
469 unsigned int rx_handlers_drop_passive_scan;
470 unsigned int tx_expand_skb_head;
471 unsigned int tx_expand_skb_head_cloned;
472 unsigned int rx_expand_skb_head;
473 unsigned int rx_expand_skb_head2;
474 unsigned int rx_handlers_fragments;
475 unsigned int tx_status_drop;
476 unsigned int wme_rx_queue[NUM_RX_DATA_QUEUES];
477 unsigned int wme_tx_queue[NUM_RX_DATA_QUEUES];
478#define I802_DEBUG_INC(c) (c)++
479#else /* CONFIG_MAC80211_DEBUG_COUNTERS */
480#define I802_DEBUG_INC(c) do { } while (0)
481#endif /* CONFIG_MAC80211_DEBUG_COUNTERS */
482
483
484 int default_wep_only; /* only default WEP keys are used with this
485 * interface; this is used to decide when hwaccel
486 * can be used with default keys */
487 int total_ps_buffered; /* total number of all buffered unicast and
488 * multicast packets for power saving stations
489 */
490 int allow_broadcast_always; /* whether to allow TX of broadcast frames
491 * even when there are no associated STAs
492 */
493
494 int wifi_wme_noack_test;
495 unsigned int wmm_acm; /* bit field of ACM bits (BIT(802.1D tag)) */
496
497 unsigned int enabled_modes; /* bitfield of allowed modes;
498 * (1 << MODE_*) */
499 unsigned int hw_modes; /* bitfield of supported hardware modes;
500 * (1 << MODE_*) */
501
502 int user_space_mlme;
503};
504
505static inline struct ieee80211_local *hw_to_local(
506 struct ieee80211_hw *hw)
507{
508 return container_of(hw, struct ieee80211_local, hw);
509}
510
511static inline struct ieee80211_hw *local_to_hw(
512 struct ieee80211_local *local)
513{
514 return &local->hw;
515}
516
517enum ieee80211_link_state_t {
518 IEEE80211_LINK_STATE_XOFF = 0,
519 IEEE80211_LINK_STATE_PENDING,
520};
521
522struct sta_attribute {
523 struct attribute attr;
524 ssize_t (*show)(const struct sta_info *, char *buf);
525 ssize_t (*store)(struct sta_info *, const char *buf, size_t count);
526};
527
528static inline void __bss_tim_set(struct ieee80211_if_ap *bss, int aid)
529{
530 /*
531 * This format has ben mandated by the IEEE specifications,
532 * so this line may not be changed to use the __set_bit() format.
533 */
534 bss->tim[(aid)/8] |= 1<<((aid) % 8);
535}
536
537static inline void bss_tim_set(struct ieee80211_local *local,
538 struct ieee80211_if_ap *bss, int aid)
539{
540 spin_lock_bh(&local->sta_lock);
541 __bss_tim_set(bss, aid);
542 spin_unlock_bh(&local->sta_lock);
543}
544
545static inline void __bss_tim_clear(struct ieee80211_if_ap *bss, int aid)
546{
547 /*
548 * This format has ben mandated by the IEEE specifications,
549 * so this line may not be changed to use the __clear_bit() format.
550 */
551 bss->tim[(aid)/8] &= !(1<<((aid) % 8));
552}
553
554static inline void bss_tim_clear(struct ieee80211_local *local,
555 struct ieee80211_if_ap *bss, int aid)
556{
557 spin_lock_bh(&local->sta_lock);
558 __bss_tim_clear(bss, aid);
559 spin_unlock_bh(&local->sta_lock);
560}
561
562/**
563 * ieee80211_is_erp_rate - Check if a rate is an ERP rate
564 * @phymode: The PHY-mode for this rate (MODE_IEEE80211...)
565 * @rate: Transmission rate to check, in 100 kbps
566 *
567 * Check if a given rate is an Extended Rate PHY (ERP) rate.
568 */
569static inline int ieee80211_is_erp_rate(int phymode, int rate)
570{
571 if (phymode == MODE_IEEE80211G) {
572 if (rate != 10 && rate != 20 &&
573 rate != 55 && rate != 110)
574 return 1;
575 }
576 return 0;
577}
578
579/* ieee80211.c */
580int ieee80211_hw_config(struct ieee80211_local *local);
581int ieee80211_if_config(struct net_device *dev);
582int ieee80211_if_config_beacon(struct net_device *dev);
583struct ieee80211_key_conf *
584ieee80211_key_data2conf(struct ieee80211_local *local,
585 const struct ieee80211_key *data);
586struct ieee80211_key *ieee80211_key_alloc(struct ieee80211_sub_if_data *sdata,
587 int idx, size_t key_len, gfp_t flags);
588void ieee80211_key_free(struct ieee80211_key *key);
589void ieee80211_rx_mgmt(struct ieee80211_local *local, struct sk_buff *skb,
590 struct ieee80211_rx_status *status, u32 msg_type);
591void ieee80211_prepare_rates(struct ieee80211_local *local,
592 struct ieee80211_hw_mode *mode);
593void ieee80211_tx_set_iswep(struct ieee80211_txrx_data *tx);
594int ieee80211_if_update_wds(struct net_device *dev, u8 *remote_addr);
595void ieee80211_if_setup(struct net_device *dev);
596void ieee80211_if_mgmt_setup(struct net_device *dev);
597int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local,
598 const char *name);
599struct net_device_stats *ieee80211_dev_stats(struct net_device *dev);
600
601/* ieee80211_ioctl.c */
602extern const struct iw_handler_def ieee80211_iw_handler_def;
603
604void ieee80211_update_default_wep_only(struct ieee80211_local *local);
605
606
607/* Least common multiple of the used rates (in 100 kbps). This is used to
608 * calculate rate_inv values for each rate so that only integers are needed. */
609#define CHAN_UTIL_RATE_LCM 95040
610/* 1 usec is 1/8 * (95040/10) = 1188 */
611#define CHAN_UTIL_PER_USEC 1188
612/* Amount of bits to shift the result right to scale the total utilization
613 * to values that will not wrap around 32-bit integers. */
614#define CHAN_UTIL_SHIFT 9
615/* Theoretical maximum of channel utilization counter in 10 ms (stat_time=1):
616 * (CHAN_UTIL_PER_USEC * 10000) >> CHAN_UTIL_SHIFT = 23203. So dividing the
617 * raw value with about 23 should give utilization in 10th of a percentage
618 * (1/1000). However, utilization is only estimated and not all intervals
619 * between frames etc. are calculated. 18 seems to give numbers that are closer
620 * to the real maximum. */
621#define CHAN_UTIL_PER_10MS 18
622#define CHAN_UTIL_HDR_LONG (202 * CHAN_UTIL_PER_USEC)
623#define CHAN_UTIL_HDR_SHORT (40 * CHAN_UTIL_PER_USEC)
624
625
626/* ieee80211_ioctl.c */
627int ieee80211_set_compression(struct ieee80211_local *local,
628 struct net_device *dev, struct sta_info *sta);
629int ieee80211_init_client(struct net_device *dev);
630int ieee80211_set_channel(struct ieee80211_local *local, int channel, int freq);
631/* ieee80211_sta.c */
632void ieee80211_sta_timer(unsigned long data);
633void ieee80211_sta_work(struct work_struct *work);
634void ieee80211_sta_scan_work(struct work_struct *work);
635void ieee80211_sta_rx_mgmt(struct net_device *dev, struct sk_buff *skb,
636 struct ieee80211_rx_status *rx_status);
637int ieee80211_sta_set_ssid(struct net_device *dev, char *ssid, size_t len);
638int ieee80211_sta_get_ssid(struct net_device *dev, char *ssid, size_t *len);
639int ieee80211_sta_set_bssid(struct net_device *dev, u8 *bssid);
640int ieee80211_sta_req_scan(struct net_device *dev, u8 *ssid, size_t ssid_len);
641void ieee80211_sta_req_auth(struct net_device *dev,
642 struct ieee80211_if_sta *ifsta);
643int ieee80211_sta_scan_results(struct net_device *dev, char *buf, size_t len);
644void ieee80211_sta_rx_scan(struct net_device *dev, struct sk_buff *skb,
645 struct ieee80211_rx_status *rx_status);
646void ieee80211_rx_bss_list_init(struct net_device *dev);
647void ieee80211_rx_bss_list_deinit(struct net_device *dev);
648int ieee80211_sta_set_extra_ie(struct net_device *dev, char *ie, size_t len);
649struct sta_info * ieee80211_ibss_add_sta(struct net_device *dev,
650 struct sk_buff *skb, u8 *bssid,
651 u8 *addr);
652int ieee80211_sta_deauthenticate(struct net_device *dev, u16 reason);
653int ieee80211_sta_disassociate(struct net_device *dev, u16 reason);
654
655/* ieee80211_iface.c */
656int ieee80211_if_add(struct net_device *dev, const char *name,
657 struct net_device **new_dev, int type);
658void ieee80211_if_set_type(struct net_device *dev, int type);
659void ieee80211_if_reinit(struct net_device *dev);
660void __ieee80211_if_del(struct ieee80211_local *local,
661 struct ieee80211_sub_if_data *sdata);
662int ieee80211_if_remove(struct net_device *dev, const char *name, int id);
663void ieee80211_if_free(struct net_device *dev);
664void ieee80211_if_sdata_init(struct ieee80211_sub_if_data *sdata);
665int ieee80211_if_add_mgmt(struct ieee80211_local *local);
666void ieee80211_if_del_mgmt(struct ieee80211_local *local);
667
668/* for wiphy privid */
669extern void *mac80211_wiphy_privid;
670
671#endif /* IEEE80211_I_H */
diff --git a/net/mac80211/ieee80211_iface.c b/net/mac80211/ieee80211_iface.c
new file mode 100644
index 000000000000..64267d4b31a4
--- /dev/null
+++ b/net/mac80211/ieee80211_iface.c
@@ -0,0 +1,344 @@
1/*
2 * Copyright 2002-2005, Instant802 Networks, Inc.
3 * Copyright 2005-2006, Devicescape Software, Inc.
4 * Copyright (c) 2006 Jiri Benc <jbenc@suse.cz>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation.
9 */
10#include <linux/kernel.h>
11#include <linux/if_arp.h>
12#include <linux/netdevice.h>
13#include <linux/rtnetlink.h>
14#include <net/mac80211.h>
15#include "ieee80211_i.h"
16#include "sta_info.h"
17
18void ieee80211_if_sdata_init(struct ieee80211_sub_if_data *sdata)
19{
20 int i;
21
22 /* Default values for sub-interface parameters */
23 sdata->drop_unencrypted = 0;
24 sdata->eapol = 1;
25 for (i = 0; i < IEEE80211_FRAGMENT_MAX; i++)
26 skb_queue_head_init(&sdata->fragments[i].skb_list);
27}
28
29static void ieee80211_if_sdata_deinit(struct ieee80211_sub_if_data *sdata)
30{
31 int i;
32
33 for (i = 0; i < IEEE80211_FRAGMENT_MAX; i++) {
34 __skb_queue_purge(&sdata->fragments[i].skb_list);
35 }
36}
37
38/* Must be called with rtnl lock held. */
39int ieee80211_if_add(struct net_device *dev, const char *name,
40 struct net_device **new_dev, int type)
41{
42 struct net_device *ndev;
43 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
44 struct ieee80211_sub_if_data *sdata = NULL;
45 int ret;
46
47 ASSERT_RTNL();
48 ndev = alloc_netdev(sizeof(struct ieee80211_sub_if_data),
49 name, ieee80211_if_setup);
50 if (!ndev)
51 return -ENOMEM;
52
53 ret = dev_alloc_name(ndev, ndev->name);
54 if (ret < 0)
55 goto fail;
56
57 memcpy(ndev->dev_addr, local->hw.wiphy->perm_addr, ETH_ALEN);
58 ndev->base_addr = dev->base_addr;
59 ndev->irq = dev->irq;
60 ndev->mem_start = dev->mem_start;
61 ndev->mem_end = dev->mem_end;
62 SET_NETDEV_DEV(ndev, wiphy_dev(local->hw.wiphy));
63
64 sdata = IEEE80211_DEV_TO_SUB_IF(ndev);
65 ndev->ieee80211_ptr = &sdata->wdev;
66 sdata->wdev.wiphy = local->hw.wiphy;
67 sdata->type = IEEE80211_IF_TYPE_AP;
68 sdata->dev = ndev;
69 sdata->local = local;
70 ieee80211_if_sdata_init(sdata);
71
72 ret = register_netdevice(ndev);
73 if (ret)
74 goto fail;
75
76 ieee80211_if_set_type(ndev, type);
77
78 write_lock_bh(&local->sub_if_lock);
79 if (unlikely(local->reg_state == IEEE80211_DEV_UNREGISTERED)) {
80 write_unlock_bh(&local->sub_if_lock);
81 __ieee80211_if_del(local, sdata);
82 return -ENODEV;
83 }
84 list_add(&sdata->list, &local->sub_if_list);
85 if (new_dev)
86 *new_dev = ndev;
87 write_unlock_bh(&local->sub_if_lock);
88
89 ieee80211_update_default_wep_only(local);
90
91 return 0;
92
93fail:
94 free_netdev(ndev);
95 return ret;
96}
97
98int ieee80211_if_add_mgmt(struct ieee80211_local *local)
99{
100 struct net_device *ndev;
101 struct ieee80211_sub_if_data *nsdata;
102 int ret;
103
104 ASSERT_RTNL();
105
106 ndev = alloc_netdev(sizeof(struct ieee80211_sub_if_data), "wmgmt%d",
107 ieee80211_if_mgmt_setup);
108 if (!ndev)
109 return -ENOMEM;
110 ret = dev_alloc_name(ndev, ndev->name);
111 if (ret < 0)
112 goto fail;
113
114 memcpy(ndev->dev_addr, local->hw.wiphy->perm_addr, ETH_ALEN);
115 SET_NETDEV_DEV(ndev, wiphy_dev(local->hw.wiphy));
116
117 nsdata = IEEE80211_DEV_TO_SUB_IF(ndev);
118 ndev->ieee80211_ptr = &nsdata->wdev;
119 nsdata->wdev.wiphy = local->hw.wiphy;
120 nsdata->type = IEEE80211_IF_TYPE_MGMT;
121 nsdata->dev = ndev;
122 nsdata->local = local;
123 ieee80211_if_sdata_init(nsdata);
124
125 ret = register_netdevice(ndev);
126 if (ret)
127 goto fail;
128
129 if (local->open_count > 0)
130 dev_open(ndev);
131 local->apdev = ndev;
132 return 0;
133
134fail:
135 free_netdev(ndev);
136 return ret;
137}
138
139void ieee80211_if_del_mgmt(struct ieee80211_local *local)
140{
141 struct net_device *apdev;
142
143 ASSERT_RTNL();
144 apdev = local->apdev;
145 local->apdev = NULL;
146 unregister_netdevice(apdev);
147}
148
149void ieee80211_if_set_type(struct net_device *dev, int type)
150{
151 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
152 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
153
154 sdata->type = type;
155 switch (type) {
156 case IEEE80211_IF_TYPE_WDS:
157 sdata->bss = NULL;
158 break;
159 case IEEE80211_IF_TYPE_VLAN:
160 break;
161 case IEEE80211_IF_TYPE_AP:
162 sdata->u.ap.dtim_period = 2;
163 sdata->u.ap.force_unicast_rateidx = -1;
164 sdata->u.ap.max_ratectrl_rateidx = -1;
165 skb_queue_head_init(&sdata->u.ap.ps_bc_buf);
166 sdata->bss = &sdata->u.ap;
167 break;
168 case IEEE80211_IF_TYPE_STA:
169 case IEEE80211_IF_TYPE_IBSS: {
170 struct ieee80211_sub_if_data *msdata;
171 struct ieee80211_if_sta *ifsta;
172
173 ifsta = &sdata->u.sta;
174 INIT_WORK(&ifsta->work, ieee80211_sta_work);
175 setup_timer(&ifsta->timer, ieee80211_sta_timer,
176 (unsigned long) sdata);
177 skb_queue_head_init(&ifsta->skb_queue);
178
179 ifsta->capab = WLAN_CAPABILITY_ESS;
180 ifsta->auth_algs = IEEE80211_AUTH_ALG_OPEN |
181 IEEE80211_AUTH_ALG_SHARED_KEY;
182 ifsta->create_ibss = 1;
183 ifsta->wmm_enabled = 1;
184 ifsta->auto_channel_sel = 1;
185 ifsta->auto_bssid_sel = 1;
186
187 msdata = IEEE80211_DEV_TO_SUB_IF(sdata->local->mdev);
188 sdata->bss = &msdata->u.ap;
189 break;
190 }
191 case IEEE80211_IF_TYPE_MNTR:
192 dev->type = ARPHRD_IEEE80211_RADIOTAP;
193 break;
194 default:
195 printk(KERN_WARNING "%s: %s: Unknown interface type 0x%x",
196 dev->name, __FUNCTION__, type);
197 }
198 ieee80211_update_default_wep_only(local);
199}
200
201/* Must be called with rtnl lock held. */
202void ieee80211_if_reinit(struct net_device *dev)
203{
204 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
205 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
206 struct sta_info *sta;
207 int i;
208
209 ASSERT_RTNL();
210 ieee80211_if_sdata_deinit(sdata);
211 for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
212 if (!sdata->keys[i])
213 continue;
214#if 0
215 /* The interface is down at the moment, so there is not
216 * really much point in disabling the keys at this point. */
217 memset(addr, 0xff, ETH_ALEN);
218 if (local->ops->set_key)
219 local->ops->set_key(local_to_hw(local), DISABLE_KEY, addr,
220 local->keys[i], 0);
221#endif
222 ieee80211_key_free(sdata->keys[i]);
223 sdata->keys[i] = NULL;
224 }
225
226 switch (sdata->type) {
227 case IEEE80211_IF_TYPE_AP: {
228 /* Remove all virtual interfaces that use this BSS
229 * as their sdata->bss */
230 struct ieee80211_sub_if_data *tsdata, *n;
231 LIST_HEAD(tmp_list);
232
233 write_lock_bh(&local->sub_if_lock);
234 list_for_each_entry_safe(tsdata, n, &local->sub_if_list, list) {
235 if (tsdata != sdata && tsdata->bss == &sdata->u.ap) {
236 printk(KERN_DEBUG "%s: removing virtual "
237 "interface %s because its BSS interface"
238 " is being removed\n",
239 sdata->dev->name, tsdata->dev->name);
240 list_move_tail(&tsdata->list, &tmp_list);
241 }
242 }
243 write_unlock_bh(&local->sub_if_lock);
244
245 list_for_each_entry_safe(tsdata, n, &tmp_list, list)
246 __ieee80211_if_del(local, tsdata);
247
248 kfree(sdata->u.ap.beacon_head);
249 kfree(sdata->u.ap.beacon_tail);
250 kfree(sdata->u.ap.generic_elem);
251
252 if (dev != local->mdev) {
253 struct sk_buff *skb;
254 while ((skb = skb_dequeue(&sdata->u.ap.ps_bc_buf))) {
255 local->total_ps_buffered--;
256 dev_kfree_skb(skb);
257 }
258 }
259
260 break;
261 }
262 case IEEE80211_IF_TYPE_WDS:
263 sta = sta_info_get(local, sdata->u.wds.remote_addr);
264 if (sta) {
265 sta_info_put(sta);
266 sta_info_free(sta, 0);
267 } else {
268#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
269 printk(KERN_DEBUG "%s: Someone had deleted my STA "
270 "entry for the WDS link\n", dev->name);
271#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
272 }
273 break;
274 case IEEE80211_IF_TYPE_STA:
275 case IEEE80211_IF_TYPE_IBSS:
276 kfree(sdata->u.sta.extra_ie);
277 sdata->u.sta.extra_ie = NULL;
278 kfree(sdata->u.sta.assocreq_ies);
279 sdata->u.sta.assocreq_ies = NULL;
280 kfree(sdata->u.sta.assocresp_ies);
281 sdata->u.sta.assocresp_ies = NULL;
282 if (sdata->u.sta.probe_resp) {
283 dev_kfree_skb(sdata->u.sta.probe_resp);
284 sdata->u.sta.probe_resp = NULL;
285 }
286
287 break;
288 case IEEE80211_IF_TYPE_MNTR:
289 dev->type = ARPHRD_ETHER;
290 break;
291 }
292
293 /* remove all STAs that are bound to this virtual interface */
294 sta_info_flush(local, dev);
295
296 memset(&sdata->u, 0, sizeof(sdata->u));
297 ieee80211_if_sdata_init(sdata);
298}
299
300/* Must be called with rtnl lock held. */
301void __ieee80211_if_del(struct ieee80211_local *local,
302 struct ieee80211_sub_if_data *sdata)
303{
304 struct net_device *dev = sdata->dev;
305
306 unregister_netdevice(dev);
307 /* Except master interface, the net_device will be freed by
308 * net_device->destructor (i. e. ieee80211_if_free). */
309}
310
311/* Must be called with rtnl lock held. */
312int ieee80211_if_remove(struct net_device *dev, const char *name, int id)
313{
314 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
315 struct ieee80211_sub_if_data *sdata, *n;
316
317 ASSERT_RTNL();
318
319 write_lock_bh(&local->sub_if_lock);
320 list_for_each_entry_safe(sdata, n, &local->sub_if_list, list) {
321 if ((sdata->type == id || id == -1) &&
322 strcmp(name, sdata->dev->name) == 0 &&
323 sdata->dev != local->mdev) {
324 list_del(&sdata->list);
325 write_unlock_bh(&local->sub_if_lock);
326 __ieee80211_if_del(local, sdata);
327 ieee80211_update_default_wep_only(local);
328 return 0;
329 }
330 }
331 write_unlock_bh(&local->sub_if_lock);
332 return -ENODEV;
333}
334
335void ieee80211_if_free(struct net_device *dev)
336{
337 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
338 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
339
340 /* local->apdev must be NULL when freeing management interface */
341 BUG_ON(dev == local->apdev);
342 ieee80211_if_sdata_deinit(sdata);
343 free_netdev(dev);
344}
diff --git a/net/mac80211/ieee80211_ioctl.c b/net/mac80211/ieee80211_ioctl.c
new file mode 100644
index 000000000000..73909ec85f2a
--- /dev/null
+++ b/net/mac80211/ieee80211_ioctl.c
@@ -0,0 +1,1806 @@
1/*
2 * Copyright 2002-2005, Instant802 Networks, Inc.
3 * Copyright 2005-2006, Devicescape Software, Inc.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 */
9
10#include <linux/module.h>
11#include <linux/init.h>
12#include <linux/netdevice.h>
13#include <linux/types.h>
14#include <linux/slab.h>
15#include <linux/skbuff.h>
16#include <linux/etherdevice.h>
17#include <linux/if_arp.h>
18#include <linux/wireless.h>
19#include <net/iw_handler.h>
20#include <asm/uaccess.h>
21
22#include <net/mac80211.h>
23#include "ieee80211_i.h"
24#include "hostapd_ioctl.h"
25#include "ieee80211_rate.h"
26#include "wpa.h"
27#include "aes_ccm.h"
28
29static int ieee80211_regdom = 0x10; /* FCC */
30module_param(ieee80211_regdom, int, 0444);
31MODULE_PARM_DESC(ieee80211_regdom, "IEEE 802.11 regulatory domain; 64=MKK");
32
33/*
34 * If firmware is upgraded by the vendor, additional channels can be used based
35 * on the new Japanese regulatory rules. This is indicated by setting
36 * ieee80211_japan_5ghz module parameter to one when loading the 80211 kernel
37 * module.
38 */
39static int ieee80211_japan_5ghz /* = 0 */;
40module_param(ieee80211_japan_5ghz, int, 0444);
41MODULE_PARM_DESC(ieee80211_japan_5ghz, "Vendor-updated firmware for 5 GHz");
42
43static void ieee80211_set_hw_encryption(struct net_device *dev,
44 struct sta_info *sta, u8 addr[ETH_ALEN],
45 struct ieee80211_key *key)
46{
47 struct ieee80211_key_conf *keyconf = NULL;
48 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
49
50 /* default to sw encryption; this will be cleared by low-level
51 * driver if the hw supports requested encryption */
52 if (key)
53 key->force_sw_encrypt = 1;
54
55 if (key && local->ops->set_key &&
56 (keyconf = ieee80211_key_data2conf(local, key))) {
57 if (local->ops->set_key(local_to_hw(local), SET_KEY, addr,
58 keyconf, sta ? sta->aid : 0)) {
59 key->force_sw_encrypt = 1;
60 key->hw_key_idx = HW_KEY_IDX_INVALID;
61 } else {
62 key->force_sw_encrypt =
63 !!(keyconf->flags & IEEE80211_KEY_FORCE_SW_ENCRYPT);
64 key->hw_key_idx =
65 keyconf->hw_key_idx;
66
67 }
68 }
69 kfree(keyconf);
70}
71
72
73static int ieee80211_set_encryption(struct net_device *dev, u8 *sta_addr,
74 int idx, int alg, int set_tx_key,
75 const u8 *_key, size_t key_len)
76{
77 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
78 int ret = 0;
79 struct sta_info *sta;
80 struct ieee80211_key *key, *old_key;
81 int try_hwaccel = 1;
82 struct ieee80211_key_conf *keyconf;
83 struct ieee80211_sub_if_data *sdata;
84
85 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
86
87 if (is_broadcast_ether_addr(sta_addr)) {
88 sta = NULL;
89 if (idx >= NUM_DEFAULT_KEYS) {
90 printk(KERN_DEBUG "%s: set_encrypt - invalid idx=%d\n",
91 dev->name, idx);
92 return -EINVAL;
93 }
94 key = sdata->keys[idx];
95
96 /* TODO: consider adding hwaccel support for these; at least
97 * Atheros key cache should be able to handle this since AP is
98 * only transmitting frames with default keys. */
99 /* FIX: hw key cache can be used when only one virtual
100 * STA is associated with each AP. If more than one STA
101 * is associated to the same AP, software encryption
102 * must be used. This should be done automatically
103 * based on configured station devices. For the time
104 * being, this can be only set at compile time. */
105 } else {
106 set_tx_key = 0;
107 if (idx != 0) {
108 printk(KERN_DEBUG "%s: set_encrypt - non-zero idx for "
109 "individual key\n", dev->name);
110 return -EINVAL;
111 }
112
113 sta = sta_info_get(local, sta_addr);
114 if (!sta) {
115#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
116 printk(KERN_DEBUG "%s: set_encrypt - unknown addr "
117 MAC_FMT "\n",
118 dev->name, MAC_ARG(sta_addr));
119#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
120
121 return -ENOENT;
122 }
123
124 key = sta->key;
125 }
126
127 /* FIX:
128 * Cannot configure default hwaccel keys with WEP algorithm, if
129 * any of the virtual interfaces is using static WEP
130 * configuration because hwaccel would otherwise try to decrypt
131 * these frames.
132 *
133 * For now, just disable WEP hwaccel for broadcast when there is
134 * possibility of conflict with default keys. This can maybe later be
135 * optimized by using non-default keys (at least with Atheros ar521x).
136 */
137 if (!sta && alg == ALG_WEP && !local->default_wep_only &&
138 sdata->type != IEEE80211_IF_TYPE_IBSS &&
139 sdata->type != IEEE80211_IF_TYPE_AP) {
140 try_hwaccel = 0;
141 }
142
143 if (local->hw.flags & IEEE80211_HW_DEVICE_HIDES_WEP) {
144 /* Software encryption cannot be used with devices that hide
145 * encryption from the host system, so always try to use
146 * hardware acceleration with such devices. */
147 try_hwaccel = 1;
148 }
149
150 if ((local->hw.flags & IEEE80211_HW_NO_TKIP_WMM_HWACCEL) &&
151 alg == ALG_TKIP) {
152 if (sta && (sta->flags & WLAN_STA_WME)) {
153 /* Hardware does not support hwaccel with TKIP when using WMM.
154 */
155 try_hwaccel = 0;
156 }
157 else if (sdata->type == IEEE80211_IF_TYPE_STA) {
158 sta = sta_info_get(local, sdata->u.sta.bssid);
159 if (sta) {
160 if (sta->flags & WLAN_STA_WME) {
161 try_hwaccel = 0;
162 }
163 sta_info_put(sta);
164 sta = NULL;
165 }
166 }
167 }
168
169 if (alg == ALG_NONE) {
170 keyconf = NULL;
171 if (try_hwaccel && key &&
172 key->hw_key_idx != HW_KEY_IDX_INVALID &&
173 local->ops->set_key &&
174 (keyconf = ieee80211_key_data2conf(local, key)) != NULL &&
175 local->ops->set_key(local_to_hw(local), DISABLE_KEY,
176 sta_addr, keyconf, sta ? sta->aid : 0)) {
177 printk(KERN_DEBUG "%s: set_encrypt - low-level disable"
178 " failed\n", dev->name);
179 ret = -EINVAL;
180 }
181 kfree(keyconf);
182
183 if (set_tx_key || sdata->default_key == key)
184 sdata->default_key = NULL;
185 if (sta)
186 sta->key = NULL;
187 else
188 sdata->keys[idx] = NULL;
189 ieee80211_key_free(key);
190 key = NULL;
191 } else {
192 old_key = key;
193 key = ieee80211_key_alloc(sta ? NULL : sdata, idx, key_len,
194 GFP_KERNEL);
195 if (!key) {
196 ret = -ENOMEM;
197 goto err_out;
198 }
199
200 /* default to sw encryption; low-level driver sets these if the
201 * requested encryption is supported */
202 key->hw_key_idx = HW_KEY_IDX_INVALID;
203 key->force_sw_encrypt = 1;
204
205 key->alg = alg;
206 key->keyidx = idx;
207 key->keylen = key_len;
208 memcpy(key->key, _key, key_len);
209 if (set_tx_key)
210 key->default_tx_key = 1;
211
212 if (alg == ALG_CCMP) {
213 /* Initialize AES key state here as an optimization
214 * so that it does not need to be initialized for every
215 * packet. */
216 key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(
217 key->key);
218 if (!key->u.ccmp.tfm) {
219 ret = -ENOMEM;
220 goto err_free;
221 }
222 }
223
224 if (set_tx_key || sdata->default_key == old_key)
225 sdata->default_key = NULL;
226 if (sta)
227 sta->key = key;
228 else
229 sdata->keys[idx] = key;
230 ieee80211_key_free(old_key);
231
232 if (try_hwaccel &&
233 (alg == ALG_WEP || alg == ALG_TKIP || alg == ALG_CCMP))
234 ieee80211_set_hw_encryption(dev, sta, sta_addr, key);
235 }
236
237 if (set_tx_key || (!sta && !sdata->default_key && key)) {
238 sdata->default_key = key;
239
240 if (local->ops->set_key_idx &&
241 local->ops->set_key_idx(local_to_hw(local), idx))
242 printk(KERN_DEBUG "%s: failed to set TX key idx for "
243 "low-level driver\n", dev->name);
244 }
245
246 if (sta)
247 sta_info_put(sta);
248
249 return 0;
250
251err_free:
252 ieee80211_key_free(key);
253err_out:
254 if (sta)
255 sta_info_put(sta);
256 return ret;
257}
258
259static int ieee80211_ioctl_siwgenie(struct net_device *dev,
260 struct iw_request_info *info,
261 struct iw_point *data, char *extra)
262{
263 struct ieee80211_sub_if_data *sdata;
264 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
265
266 if (local->user_space_mlme)
267 return -EOPNOTSUPP;
268
269 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
270 if (sdata->type == IEEE80211_IF_TYPE_STA ||
271 sdata->type == IEEE80211_IF_TYPE_IBSS) {
272 int ret = ieee80211_sta_set_extra_ie(dev, extra, data->length);
273 if (ret)
274 return ret;
275 sdata->u.sta.auto_bssid_sel = 0;
276 ieee80211_sta_req_auth(dev, &sdata->u.sta);
277 return 0;
278 }
279
280 if (sdata->type == IEEE80211_IF_TYPE_AP) {
281 kfree(sdata->u.ap.generic_elem);
282 sdata->u.ap.generic_elem = kmalloc(data->length, GFP_KERNEL);
283 if (!sdata->u.ap.generic_elem)
284 return -ENOMEM;
285 memcpy(sdata->u.ap.generic_elem, extra, data->length);
286 sdata->u.ap.generic_elem_len = data->length;
287 return ieee80211_if_config(dev);
288 }
289 return -EOPNOTSUPP;
290}
291
292static int ieee80211_ioctl_set_radio_enabled(struct net_device *dev,
293 int val)
294{
295 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
296 struct ieee80211_conf *conf = &local->hw.conf;
297
298 conf->radio_enabled = val;
299 return ieee80211_hw_config(wdev_priv(dev->ieee80211_ptr));
300}
301
302static int ieee80211_ioctl_giwname(struct net_device *dev,
303 struct iw_request_info *info,
304 char *name, char *extra)
305{
306 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
307
308 switch (local->hw.conf.phymode) {
309 case MODE_IEEE80211A:
310 strcpy(name, "IEEE 802.11a");
311 break;
312 case MODE_IEEE80211B:
313 strcpy(name, "IEEE 802.11b");
314 break;
315 case MODE_IEEE80211G:
316 strcpy(name, "IEEE 802.11g");
317 break;
318 case MODE_ATHEROS_TURBO:
319 strcpy(name, "5GHz Turbo");
320 break;
321 default:
322 strcpy(name, "IEEE 802.11");
323 break;
324 }
325
326 return 0;
327}
328
329
330static int ieee80211_ioctl_giwrange(struct net_device *dev,
331 struct iw_request_info *info,
332 struct iw_point *data, char *extra)
333{
334 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
335 struct iw_range *range = (struct iw_range *) extra;
336
337 data->length = sizeof(struct iw_range);
338 memset(range, 0, sizeof(struct iw_range));
339
340 range->we_version_compiled = WIRELESS_EXT;
341 range->we_version_source = 21;
342 range->retry_capa = IW_RETRY_LIMIT;
343 range->retry_flags = IW_RETRY_LIMIT;
344 range->min_retry = 0;
345 range->max_retry = 255;
346 range->min_rts = 0;
347 range->max_rts = 2347;
348 range->min_frag = 256;
349 range->max_frag = 2346;
350
351 range->encoding_size[0] = 5;
352 range->encoding_size[1] = 13;
353 range->num_encoding_sizes = 2;
354 range->max_encoding_tokens = NUM_DEFAULT_KEYS;
355
356 range->max_qual.qual = local->hw.max_signal;
357 range->max_qual.level = local->hw.max_rssi;
358 range->max_qual.noise = local->hw.max_noise;
359 range->max_qual.updated = local->wstats_flags;
360
361 range->avg_qual.qual = local->hw.max_signal/2;
362 range->avg_qual.level = 0;
363 range->avg_qual.noise = 0;
364 range->avg_qual.updated = local->wstats_flags;
365
366 range->enc_capa = IW_ENC_CAPA_WPA | IW_ENC_CAPA_WPA2 |
367 IW_ENC_CAPA_CIPHER_TKIP | IW_ENC_CAPA_CIPHER_CCMP;
368
369 IW_EVENT_CAPA_SET_KERNEL(range->event_capa);
370 IW_EVENT_CAPA_SET(range->event_capa, SIOCGIWTHRSPY);
371 IW_EVENT_CAPA_SET(range->event_capa, SIOCGIWAP);
372 IW_EVENT_CAPA_SET(range->event_capa, SIOCGIWSCAN);
373
374 return 0;
375}
376
377
378struct ieee80211_channel_range {
379 short start_freq;
380 short end_freq;
381 unsigned char power_level;
382 unsigned char antenna_max;
383};
384
385static const struct ieee80211_channel_range ieee80211_fcc_channels[] = {
386 { 2412, 2462, 27, 6 } /* IEEE 802.11b/g, channels 1..11 */,
387 { 5180, 5240, 17, 6 } /* IEEE 802.11a, channels 36..48 */,
388 { 5260, 5320, 23, 6 } /* IEEE 802.11a, channels 52..64 */,
389 { 5745, 5825, 30, 6 } /* IEEE 802.11a, channels 149..165, outdoor */,
390 { 0 }
391};
392
393static const struct ieee80211_channel_range ieee80211_mkk_channels[] = {
394 { 2412, 2472, 20, 6 } /* IEEE 802.11b/g, channels 1..13 */,
395 { 5170, 5240, 20, 6 } /* IEEE 802.11a, channels 34..48 */,
396 { 5260, 5320, 20, 6 } /* IEEE 802.11a, channels 52..64 */,
397 { 0 }
398};
399
400
401static const struct ieee80211_channel_range *channel_range =
402 ieee80211_fcc_channels;
403
404
405static void ieee80211_unmask_channel(struct net_device *dev, int mode,
406 struct ieee80211_channel *chan)
407{
408 int i;
409
410 chan->flag = 0;
411
412 if (ieee80211_regdom == 64 &&
413 (mode == MODE_ATHEROS_TURBO || mode == MODE_ATHEROS_TURBOG)) {
414 /* Do not allow Turbo modes in Japan. */
415 return;
416 }
417
418 for (i = 0; channel_range[i].start_freq; i++) {
419 const struct ieee80211_channel_range *r = &channel_range[i];
420 if (r->start_freq <= chan->freq && r->end_freq >= chan->freq) {
421 if (ieee80211_regdom == 64 && !ieee80211_japan_5ghz &&
422 chan->freq >= 5260 && chan->freq <= 5320) {
423 /*
424 * Skip new channels in Japan since the
425 * firmware was not marked having been upgraded
426 * by the vendor.
427 */
428 continue;
429 }
430
431 if (ieee80211_regdom == 0x10 &&
432 (chan->freq == 5190 || chan->freq == 5210 ||
433 chan->freq == 5230)) {
434 /* Skip MKK channels when in FCC domain. */
435 continue;
436 }
437
438 chan->flag |= IEEE80211_CHAN_W_SCAN |
439 IEEE80211_CHAN_W_ACTIVE_SCAN |
440 IEEE80211_CHAN_W_IBSS;
441 chan->power_level = r->power_level;
442 chan->antenna_max = r->antenna_max;
443
444 if (ieee80211_regdom == 64 &&
445 (chan->freq == 5170 || chan->freq == 5190 ||
446 chan->freq == 5210 || chan->freq == 5230)) {
447 /*
448 * New regulatory rules in Japan have backwards
449 * compatibility with old channels in 5.15-5.25
450 * GHz band, but the station is not allowed to
451 * use active scan on these old channels.
452 */
453 chan->flag &= ~IEEE80211_CHAN_W_ACTIVE_SCAN;
454 }
455
456 if (ieee80211_regdom == 64 &&
457 (chan->freq == 5260 || chan->freq == 5280 ||
458 chan->freq == 5300 || chan->freq == 5320)) {
459 /*
460 * IBSS is not allowed on 5.25-5.35 GHz band
461 * due to radar detection requirements.
462 */
463 chan->flag &= ~IEEE80211_CHAN_W_IBSS;
464 }
465
466 break;
467 }
468 }
469}
470
471
472static int ieee80211_unmask_channels(struct net_device *dev)
473{
474 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
475 struct ieee80211_hw_mode *mode;
476 int c;
477
478 list_for_each_entry(mode, &local->modes_list, list) {
479 for (c = 0; c < mode->num_channels; c++) {
480 ieee80211_unmask_channel(dev, mode->mode,
481 &mode->channels[c]);
482 }
483 }
484 return 0;
485}
486
487
488int ieee80211_init_client(struct net_device *dev)
489{
490 if (ieee80211_regdom == 0x40)
491 channel_range = ieee80211_mkk_channels;
492 ieee80211_unmask_channels(dev);
493 return 0;
494}
495
496
497static int ieee80211_ioctl_siwmode(struct net_device *dev,
498 struct iw_request_info *info,
499 __u32 *mode, char *extra)
500{
501 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
502 int type;
503
504 if (sdata->type == IEEE80211_IF_TYPE_VLAN)
505 return -EOPNOTSUPP;
506
507 switch (*mode) {
508 case IW_MODE_INFRA:
509 type = IEEE80211_IF_TYPE_STA;
510 break;
511 case IW_MODE_ADHOC:
512 type = IEEE80211_IF_TYPE_IBSS;
513 break;
514 case IW_MODE_MONITOR:
515 type = IEEE80211_IF_TYPE_MNTR;
516 break;
517 default:
518 return -EINVAL;
519 }
520
521 if (type == sdata->type)
522 return 0;
523 if (netif_running(dev))
524 return -EBUSY;
525
526 ieee80211_if_reinit(dev);
527 ieee80211_if_set_type(dev, type);
528
529 return 0;
530}
531
532
533static int ieee80211_ioctl_giwmode(struct net_device *dev,
534 struct iw_request_info *info,
535 __u32 *mode, char *extra)
536{
537 struct ieee80211_sub_if_data *sdata;
538
539 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
540 switch (sdata->type) {
541 case IEEE80211_IF_TYPE_AP:
542 *mode = IW_MODE_MASTER;
543 break;
544 case IEEE80211_IF_TYPE_STA:
545 *mode = IW_MODE_INFRA;
546 break;
547 case IEEE80211_IF_TYPE_IBSS:
548 *mode = IW_MODE_ADHOC;
549 break;
550 case IEEE80211_IF_TYPE_MNTR:
551 *mode = IW_MODE_MONITOR;
552 break;
553 case IEEE80211_IF_TYPE_WDS:
554 *mode = IW_MODE_REPEAT;
555 break;
556 case IEEE80211_IF_TYPE_VLAN:
557 *mode = IW_MODE_SECOND; /* FIXME */
558 break;
559 default:
560 *mode = IW_MODE_AUTO;
561 break;
562 }
563 return 0;
564}
565
566int ieee80211_set_channel(struct ieee80211_local *local, int channel, int freq)
567{
568 struct ieee80211_hw_mode *mode;
569 int c, set = 0;
570 int ret = -EINVAL;
571
572 list_for_each_entry(mode, &local->modes_list, list) {
573 if (!(local->enabled_modes & (1 << mode->mode)))
574 continue;
575 for (c = 0; c < mode->num_channels; c++) {
576 struct ieee80211_channel *chan = &mode->channels[c];
577 if (chan->flag & IEEE80211_CHAN_W_SCAN &&
578 ((chan->chan == channel) || (chan->freq == freq))) {
579 /* Use next_mode as the mode preference to
580 * resolve non-unique channel numbers. */
581 if (set && mode->mode != local->next_mode)
582 continue;
583
584 local->oper_channel = chan;
585 local->oper_hw_mode = mode;
586 set++;
587 }
588 }
589 }
590
591 if (set) {
592 if (local->sta_scanning)
593 ret = 0;
594 else
595 ret = ieee80211_hw_config(local);
596
597 rate_control_clear(local);
598 }
599
600 return ret;
601}
602
603static int ieee80211_ioctl_siwfreq(struct net_device *dev,
604 struct iw_request_info *info,
605 struct iw_freq *freq, char *extra)
606{
607 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
608 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
609
610 if (sdata->type == IEEE80211_IF_TYPE_STA)
611 sdata->u.sta.auto_channel_sel = 0;
612
613 /* freq->e == 0: freq->m = channel; otherwise freq = m * 10^e */
614 if (freq->e == 0) {
615 if (freq->m < 0) {
616 if (sdata->type == IEEE80211_IF_TYPE_STA)
617 sdata->u.sta.auto_channel_sel = 1;
618 return 0;
619 } else
620 return ieee80211_set_channel(local, freq->m, -1);
621 } else {
622 int i, div = 1000000;
623 for (i = 0; i < freq->e; i++)
624 div /= 10;
625 if (div > 0)
626 return ieee80211_set_channel(local, -1, freq->m / div);
627 else
628 return -EINVAL;
629 }
630}
631
632
633static int ieee80211_ioctl_giwfreq(struct net_device *dev,
634 struct iw_request_info *info,
635 struct iw_freq *freq, char *extra)
636{
637 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
638
639 /* TODO: in station mode (Managed/Ad-hoc) might need to poll low-level
640 * driver for the current channel with firmware-based management */
641
642 freq->m = local->hw.conf.freq;
643 freq->e = 6;
644
645 return 0;
646}
647
648
649static int ieee80211_ioctl_siwessid(struct net_device *dev,
650 struct iw_request_info *info,
651 struct iw_point *data, char *ssid)
652{
653 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
654 struct ieee80211_sub_if_data *sdata;
655 size_t len = data->length;
656
657 /* iwconfig uses nul termination in SSID.. */
658 if (len > 0 && ssid[len - 1] == '\0')
659 len--;
660
661 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
662 if (sdata->type == IEEE80211_IF_TYPE_STA ||
663 sdata->type == IEEE80211_IF_TYPE_IBSS) {
664 int ret;
665 if (local->user_space_mlme) {
666 if (len > IEEE80211_MAX_SSID_LEN)
667 return -EINVAL;
668 memcpy(sdata->u.sta.ssid, ssid, len);
669 sdata->u.sta.ssid_len = len;
670 return 0;
671 }
672 sdata->u.sta.auto_ssid_sel = !data->flags;
673 ret = ieee80211_sta_set_ssid(dev, ssid, len);
674 if (ret)
675 return ret;
676 ieee80211_sta_req_auth(dev, &sdata->u.sta);
677 return 0;
678 }
679
680 if (sdata->type == IEEE80211_IF_TYPE_AP) {
681 memcpy(sdata->u.ap.ssid, ssid, len);
682 memset(sdata->u.ap.ssid + len, 0,
683 IEEE80211_MAX_SSID_LEN - len);
684 sdata->u.ap.ssid_len = len;
685 return ieee80211_if_config(dev);
686 }
687 return -EOPNOTSUPP;
688}
689
690
691static int ieee80211_ioctl_giwessid(struct net_device *dev,
692 struct iw_request_info *info,
693 struct iw_point *data, char *ssid)
694{
695 size_t len;
696
697 struct ieee80211_sub_if_data *sdata;
698 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
699 if (sdata->type == IEEE80211_IF_TYPE_STA ||
700 sdata->type == IEEE80211_IF_TYPE_IBSS) {
701 int res = ieee80211_sta_get_ssid(dev, ssid, &len);
702 if (res == 0) {
703 data->length = len;
704 data->flags = 1;
705 } else
706 data->flags = 0;
707 return res;
708 }
709
710 if (sdata->type == IEEE80211_IF_TYPE_AP) {
711 len = sdata->u.ap.ssid_len;
712 if (len > IW_ESSID_MAX_SIZE)
713 len = IW_ESSID_MAX_SIZE;
714 memcpy(ssid, sdata->u.ap.ssid, len);
715 data->length = len;
716 data->flags = 1;
717 return 0;
718 }
719 return -EOPNOTSUPP;
720}
721
722
723static int ieee80211_ioctl_siwap(struct net_device *dev,
724 struct iw_request_info *info,
725 struct sockaddr *ap_addr, char *extra)
726{
727 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
728 struct ieee80211_sub_if_data *sdata;
729
730 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
731 if (sdata->type == IEEE80211_IF_TYPE_STA ||
732 sdata->type == IEEE80211_IF_TYPE_IBSS) {
733 int ret;
734 if (local->user_space_mlme) {
735 memcpy(sdata->u.sta.bssid, (u8 *) &ap_addr->sa_data,
736 ETH_ALEN);
737 return 0;
738 }
739 if (is_zero_ether_addr((u8 *) &ap_addr->sa_data)) {
740 sdata->u.sta.auto_bssid_sel = 1;
741 sdata->u.sta.auto_channel_sel = 1;
742 } else if (is_broadcast_ether_addr((u8 *) &ap_addr->sa_data))
743 sdata->u.sta.auto_bssid_sel = 1;
744 else
745 sdata->u.sta.auto_bssid_sel = 0;
746 ret = ieee80211_sta_set_bssid(dev, (u8 *) &ap_addr->sa_data);
747 if (ret)
748 return ret;
749 ieee80211_sta_req_auth(dev, &sdata->u.sta);
750 return 0;
751 } else if (sdata->type == IEEE80211_IF_TYPE_WDS) {
752 if (memcmp(sdata->u.wds.remote_addr, (u8 *) &ap_addr->sa_data,
753 ETH_ALEN) == 0)
754 return 0;
755 return ieee80211_if_update_wds(dev, (u8 *) &ap_addr->sa_data);
756 }
757
758 return -EOPNOTSUPP;
759}
760
761
762static int ieee80211_ioctl_giwap(struct net_device *dev,
763 struct iw_request_info *info,
764 struct sockaddr *ap_addr, char *extra)
765{
766 struct ieee80211_sub_if_data *sdata;
767
768 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
769 if (sdata->type == IEEE80211_IF_TYPE_STA ||
770 sdata->type == IEEE80211_IF_TYPE_IBSS) {
771 ap_addr->sa_family = ARPHRD_ETHER;
772 memcpy(&ap_addr->sa_data, sdata->u.sta.bssid, ETH_ALEN);
773 return 0;
774 } else if (sdata->type == IEEE80211_IF_TYPE_WDS) {
775 ap_addr->sa_family = ARPHRD_ETHER;
776 memcpy(&ap_addr->sa_data, sdata->u.wds.remote_addr, ETH_ALEN);
777 return 0;
778 }
779
780 return -EOPNOTSUPP;
781}
782
783
784static int ieee80211_ioctl_siwscan(struct net_device *dev,
785 struct iw_request_info *info,
786 struct iw_point *data, char *extra)
787{
788 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
789 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
790 u8 *ssid = NULL;
791 size_t ssid_len = 0;
792
793 if (!netif_running(dev))
794 return -ENETDOWN;
795
796 if (local->scan_flags & IEEE80211_SCAN_MATCH_SSID) {
797 if (sdata->type == IEEE80211_IF_TYPE_STA ||
798 sdata->type == IEEE80211_IF_TYPE_IBSS) {
799 ssid = sdata->u.sta.ssid;
800 ssid_len = sdata->u.sta.ssid_len;
801 } else if (sdata->type == IEEE80211_IF_TYPE_AP) {
802 ssid = sdata->u.ap.ssid;
803 ssid_len = sdata->u.ap.ssid_len;
804 } else
805 return -EINVAL;
806 }
807 return ieee80211_sta_req_scan(dev, ssid, ssid_len);
808}
809
810
811static int ieee80211_ioctl_giwscan(struct net_device *dev,
812 struct iw_request_info *info,
813 struct iw_point *data, char *extra)
814{
815 int res;
816 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
817 if (local->sta_scanning)
818 return -EAGAIN;
819 res = ieee80211_sta_scan_results(dev, extra, data->length);
820 if (res >= 0) {
821 data->length = res;
822 return 0;
823 }
824 data->length = 0;
825 return res;
826}
827
828
829static int ieee80211_ioctl_siwrts(struct net_device *dev,
830 struct iw_request_info *info,
831 struct iw_param *rts, char *extra)
832{
833 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
834
835 if (rts->disabled)
836 local->rts_threshold = IEEE80211_MAX_RTS_THRESHOLD;
837 else if (rts->value < 0 || rts->value > IEEE80211_MAX_RTS_THRESHOLD)
838 return -EINVAL;
839 else
840 local->rts_threshold = rts->value;
841
842 /* If the wlan card performs RTS/CTS in hardware/firmware,
843 * configure it here */
844
845 if (local->ops->set_rts_threshold)
846 local->ops->set_rts_threshold(local_to_hw(local),
847 local->rts_threshold);
848
849 return 0;
850}
851
852static int ieee80211_ioctl_giwrts(struct net_device *dev,
853 struct iw_request_info *info,
854 struct iw_param *rts, char *extra)
855{
856 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
857
858 rts->value = local->rts_threshold;
859 rts->disabled = (rts->value >= IEEE80211_MAX_RTS_THRESHOLD);
860 rts->fixed = 1;
861
862 return 0;
863}
864
865
866static int ieee80211_ioctl_siwfrag(struct net_device *dev,
867 struct iw_request_info *info,
868 struct iw_param *frag, char *extra)
869{
870 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
871
872 if (frag->disabled)
873 local->fragmentation_threshold = IEEE80211_MAX_FRAG_THRESHOLD;
874 else if (frag->value < 256 ||
875 frag->value > IEEE80211_MAX_FRAG_THRESHOLD)
876 return -EINVAL;
877 else {
878 /* Fragment length must be even, so strip LSB. */
879 local->fragmentation_threshold = frag->value & ~0x1;
880 }
881
882 /* If the wlan card performs fragmentation in hardware/firmware,
883 * configure it here */
884
885 if (local->ops->set_frag_threshold)
886 local->ops->set_frag_threshold(
887 local_to_hw(local),
888 local->fragmentation_threshold);
889
890 return 0;
891}
892
893static int ieee80211_ioctl_giwfrag(struct net_device *dev,
894 struct iw_request_info *info,
895 struct iw_param *frag, char *extra)
896{
897 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
898
899 frag->value = local->fragmentation_threshold;
900 frag->disabled = (frag->value >= IEEE80211_MAX_RTS_THRESHOLD);
901 frag->fixed = 1;
902
903 return 0;
904}
905
906
907static int ieee80211_ioctl_siwretry(struct net_device *dev,
908 struct iw_request_info *info,
909 struct iw_param *retry, char *extra)
910{
911 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
912
913 if (retry->disabled ||
914 (retry->flags & IW_RETRY_TYPE) != IW_RETRY_LIMIT)
915 return -EINVAL;
916
917 if (retry->flags & IW_RETRY_MAX)
918 local->long_retry_limit = retry->value;
919 else if (retry->flags & IW_RETRY_MIN)
920 local->short_retry_limit = retry->value;
921 else {
922 local->long_retry_limit = retry->value;
923 local->short_retry_limit = retry->value;
924 }
925
926 if (local->ops->set_retry_limit) {
927 return local->ops->set_retry_limit(
928 local_to_hw(local),
929 local->short_retry_limit,
930 local->long_retry_limit);
931 }
932
933 return 0;
934}
935
936
937static int ieee80211_ioctl_giwretry(struct net_device *dev,
938 struct iw_request_info *info,
939 struct iw_param *retry, char *extra)
940{
941 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
942
943 retry->disabled = 0;
944 if (retry->flags == 0 || retry->flags & IW_RETRY_MIN) {
945 /* first return min value, iwconfig will ask max value
946 * later if needed */
947 retry->flags |= IW_RETRY_LIMIT;
948 retry->value = local->short_retry_limit;
949 if (local->long_retry_limit != local->short_retry_limit)
950 retry->flags |= IW_RETRY_MIN;
951 return 0;
952 }
953 if (retry->flags & IW_RETRY_MAX) {
954 retry->flags = IW_RETRY_LIMIT | IW_RETRY_MAX;
955 retry->value = local->long_retry_limit;
956 }
957
958 return 0;
959}
960
961static int ieee80211_ioctl_clear_keys(struct net_device *dev)
962{
963 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
964 struct ieee80211_key_conf key;
965 int i;
966 u8 addr[ETH_ALEN];
967 struct ieee80211_key_conf *keyconf;
968 struct ieee80211_sub_if_data *sdata;
969 struct sta_info *sta;
970
971 memset(addr, 0xff, ETH_ALEN);
972 read_lock(&local->sub_if_lock);
973 list_for_each_entry(sdata, &local->sub_if_list, list) {
974 for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
975 keyconf = NULL;
976 if (sdata->keys[i] &&
977 !sdata->keys[i]->force_sw_encrypt &&
978 local->ops->set_key &&
979 (keyconf = ieee80211_key_data2conf(local,
980 sdata->keys[i])))
981 local->ops->set_key(local_to_hw(local),
982 DISABLE_KEY, addr,
983 keyconf, 0);
984 kfree(keyconf);
985 ieee80211_key_free(sdata->keys[i]);
986 sdata->keys[i] = NULL;
987 }
988 sdata->default_key = NULL;
989 }
990 read_unlock(&local->sub_if_lock);
991
992 spin_lock_bh(&local->sta_lock);
993 list_for_each_entry(sta, &local->sta_list, list) {
994 keyconf = NULL;
995 if (sta->key && !sta->key->force_sw_encrypt &&
996 local->ops->set_key &&
997 (keyconf = ieee80211_key_data2conf(local, sta->key)))
998 local->ops->set_key(local_to_hw(local), DISABLE_KEY,
999 sta->addr, keyconf, sta->aid);
1000 kfree(keyconf);
1001 ieee80211_key_free(sta->key);
1002 sta->key = NULL;
1003 }
1004 spin_unlock_bh(&local->sta_lock);
1005
1006 memset(&key, 0, sizeof(key));
1007 if (local->ops->set_key &&
1008 local->ops->set_key(local_to_hw(local), REMOVE_ALL_KEYS,
1009 NULL, &key, 0))
1010 printk(KERN_DEBUG "%s: failed to remove hwaccel keys\n",
1011 dev->name);
1012
1013 return 0;
1014}
1015
1016
1017static int
1018ieee80211_ioctl_force_unicast_rate(struct net_device *dev,
1019 struct ieee80211_sub_if_data *sdata,
1020 int rate)
1021{
1022 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1023 struct ieee80211_hw_mode *mode;
1024 int i;
1025
1026 if (sdata->type != IEEE80211_IF_TYPE_AP)
1027 return -ENOENT;
1028
1029 if (rate == 0) {
1030 sdata->u.ap.force_unicast_rateidx = -1;
1031 return 0;
1032 }
1033
1034 mode = local->oper_hw_mode;
1035 for (i = 0; i < mode->num_rates; i++) {
1036 if (mode->rates[i].rate == rate) {
1037 sdata->u.ap.force_unicast_rateidx = i;
1038 return 0;
1039 }
1040 }
1041 return -EINVAL;
1042}
1043
1044
1045static int
1046ieee80211_ioctl_max_ratectrl_rate(struct net_device *dev,
1047 struct ieee80211_sub_if_data *sdata,
1048 int rate)
1049{
1050 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1051 struct ieee80211_hw_mode *mode;
1052 int i;
1053
1054 if (sdata->type != IEEE80211_IF_TYPE_AP)
1055 return -ENOENT;
1056
1057 if (rate == 0) {
1058 sdata->u.ap.max_ratectrl_rateidx = -1;
1059 return 0;
1060 }
1061
1062 mode = local->oper_hw_mode;
1063 for (i = 0; i < mode->num_rates; i++) {
1064 if (mode->rates[i].rate == rate) {
1065 sdata->u.ap.max_ratectrl_rateidx = i;
1066 return 0;
1067 }
1068 }
1069 return -EINVAL;
1070}
1071
1072
1073static void ieee80211_key_enable_hwaccel(struct ieee80211_local *local,
1074 struct ieee80211_key *key)
1075{
1076 struct ieee80211_key_conf *keyconf;
1077 u8 addr[ETH_ALEN];
1078
1079 if (!key || key->alg != ALG_WEP || !key->force_sw_encrypt ||
1080 (local->hw.flags & IEEE80211_HW_DEVICE_HIDES_WEP))
1081 return;
1082
1083 memset(addr, 0xff, ETH_ALEN);
1084 keyconf = ieee80211_key_data2conf(local, key);
1085 if (keyconf && local->ops->set_key &&
1086 local->ops->set_key(local_to_hw(local),
1087 SET_KEY, addr, keyconf, 0) == 0) {
1088 key->force_sw_encrypt =
1089 !!(keyconf->flags & IEEE80211_KEY_FORCE_SW_ENCRYPT);
1090 key->hw_key_idx = keyconf->hw_key_idx;
1091 }
1092 kfree(keyconf);
1093}
1094
1095
1096static void ieee80211_key_disable_hwaccel(struct ieee80211_local *local,
1097 struct ieee80211_key *key)
1098{
1099 struct ieee80211_key_conf *keyconf;
1100 u8 addr[ETH_ALEN];
1101
1102 if (!key || key->alg != ALG_WEP || key->force_sw_encrypt ||
1103 (local->hw.flags & IEEE80211_HW_DEVICE_HIDES_WEP))
1104 return;
1105
1106 memset(addr, 0xff, ETH_ALEN);
1107 keyconf = ieee80211_key_data2conf(local, key);
1108 if (keyconf && local->ops->set_key)
1109 local->ops->set_key(local_to_hw(local), DISABLE_KEY,
1110 addr, keyconf, 0);
1111 kfree(keyconf);
1112 key->force_sw_encrypt = 1;
1113}
1114
1115
1116static int ieee80211_ioctl_default_wep_only(struct ieee80211_local *local,
1117 int value)
1118{
1119 int i;
1120 struct ieee80211_sub_if_data *sdata;
1121
1122 local->default_wep_only = value;
1123 read_lock(&local->sub_if_lock);
1124 list_for_each_entry(sdata, &local->sub_if_list, list)
1125 for (i = 0; i < NUM_DEFAULT_KEYS; i++)
1126 if (value)
1127 ieee80211_key_enable_hwaccel(local,
1128 sdata->keys[i]);
1129 else
1130 ieee80211_key_disable_hwaccel(local,
1131 sdata->keys[i]);
1132 read_unlock(&local->sub_if_lock);
1133
1134 return 0;
1135}
1136
1137
1138void ieee80211_update_default_wep_only(struct ieee80211_local *local)
1139{
1140 int i = 0;
1141 struct ieee80211_sub_if_data *sdata;
1142
1143 read_lock(&local->sub_if_lock);
1144 list_for_each_entry(sdata, &local->sub_if_list, list) {
1145
1146 if (sdata->dev == local->mdev)
1147 continue;
1148
1149 /* If there is an AP interface then depend on userspace to
1150 set default_wep_only correctly. */
1151 if (sdata->type == IEEE80211_IF_TYPE_AP) {
1152 read_unlock(&local->sub_if_lock);
1153 return;
1154 }
1155
1156 i++;
1157 }
1158
1159 read_unlock(&local->sub_if_lock);
1160
1161 if (i <= 1)
1162 ieee80211_ioctl_default_wep_only(local, 1);
1163 else
1164 ieee80211_ioctl_default_wep_only(local, 0);
1165}
1166
1167
1168static int ieee80211_ioctl_prism2_param(struct net_device *dev,
1169 struct iw_request_info *info,
1170 void *wrqu, char *extra)
1171{
1172 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1173 struct ieee80211_sub_if_data *sdata;
1174 int *i = (int *) extra;
1175 int param = *i;
1176 int value = *(i + 1);
1177 int ret = 0;
1178
1179 if (!capable(CAP_NET_ADMIN))
1180 return -EPERM;
1181
1182 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1183
1184 switch (param) {
1185 case PRISM2_PARAM_IEEE_802_1X:
1186 if (local->ops->set_ieee8021x)
1187 ret = local->ops->set_ieee8021x(local_to_hw(local),
1188 value);
1189 if (ret)
1190 printk(KERN_DEBUG "%s: failed to set IEEE 802.1X (%d) "
1191 "for low-level driver\n", dev->name, value);
1192 else
1193 sdata->ieee802_1x = value;
1194 break;
1195
1196 case PRISM2_PARAM_ANTSEL_TX:
1197 local->hw.conf.antenna_sel_tx = value;
1198 if (ieee80211_hw_config(local))
1199 ret = -EINVAL;
1200 break;
1201
1202 case PRISM2_PARAM_ANTSEL_RX:
1203 local->hw.conf.antenna_sel_rx = value;
1204 if (ieee80211_hw_config(local))
1205 ret = -EINVAL;
1206 break;
1207
1208 case PRISM2_PARAM_CTS_PROTECT_ERP_FRAMES:
1209 local->cts_protect_erp_frames = value;
1210 break;
1211
1212 case PRISM2_PARAM_DROP_UNENCRYPTED:
1213 sdata->drop_unencrypted = value;
1214 break;
1215
1216 case PRISM2_PARAM_PREAMBLE:
1217 local->short_preamble = value;
1218 break;
1219
1220 case PRISM2_PARAM_STAT_TIME:
1221 if (!local->stat_time && value) {
1222 local->stat_timer.expires = jiffies + HZ * value / 100;
1223 add_timer(&local->stat_timer);
1224 } else if (local->stat_time && !value) {
1225 del_timer_sync(&local->stat_timer);
1226 }
1227 local->stat_time = value;
1228 break;
1229 case PRISM2_PARAM_SHORT_SLOT_TIME:
1230 if (value)
1231 local->hw.conf.flags |= IEEE80211_CONF_SHORT_SLOT_TIME;
1232 else
1233 local->hw.conf.flags &= ~IEEE80211_CONF_SHORT_SLOT_TIME;
1234 if (ieee80211_hw_config(local))
1235 ret = -EINVAL;
1236 break;
1237
1238 case PRISM2_PARAM_NEXT_MODE:
1239 local->next_mode = value;
1240 break;
1241
1242 case PRISM2_PARAM_CLEAR_KEYS:
1243 ret = ieee80211_ioctl_clear_keys(dev);
1244 break;
1245
1246 case PRISM2_PARAM_RADIO_ENABLED:
1247 ret = ieee80211_ioctl_set_radio_enabled(dev, value);
1248 break;
1249
1250 case PRISM2_PARAM_ANTENNA_MODE:
1251 local->hw.conf.antenna_mode = value;
1252 if (ieee80211_hw_config(local))
1253 ret = -EINVAL;
1254 break;
1255
1256 case PRISM2_PARAM_STA_ANTENNA_SEL:
1257 local->sta_antenna_sel = value;
1258 break;
1259
1260 case PRISM2_PARAM_FORCE_UNICAST_RATE:
1261 ret = ieee80211_ioctl_force_unicast_rate(dev, sdata, value);
1262 break;
1263
1264 case PRISM2_PARAM_MAX_RATECTRL_RATE:
1265 ret = ieee80211_ioctl_max_ratectrl_rate(dev, sdata, value);
1266 break;
1267
1268 case PRISM2_PARAM_RATE_CTRL_NUM_UP:
1269 local->rate_ctrl_num_up = value;
1270 break;
1271
1272 case PRISM2_PARAM_RATE_CTRL_NUM_DOWN:
1273 local->rate_ctrl_num_down = value;
1274 break;
1275
1276 case PRISM2_PARAM_TX_POWER_REDUCTION:
1277 if (value < 0)
1278 ret = -EINVAL;
1279 else
1280 local->hw.conf.tx_power_reduction = value;
1281 break;
1282
1283 case PRISM2_PARAM_KEY_TX_RX_THRESHOLD:
1284 local->key_tx_rx_threshold = value;
1285 break;
1286
1287 case PRISM2_PARAM_DEFAULT_WEP_ONLY:
1288 ret = ieee80211_ioctl_default_wep_only(local, value);
1289 break;
1290
1291 case PRISM2_PARAM_WIFI_WME_NOACK_TEST:
1292 local->wifi_wme_noack_test = value;
1293 break;
1294
1295 case PRISM2_PARAM_SCAN_FLAGS:
1296 local->scan_flags = value;
1297 break;
1298
1299 case PRISM2_PARAM_MIXED_CELL:
1300 if (sdata->type != IEEE80211_IF_TYPE_STA &&
1301 sdata->type != IEEE80211_IF_TYPE_IBSS)
1302 ret = -EINVAL;
1303 else
1304 sdata->u.sta.mixed_cell = !!value;
1305 break;
1306
1307 case PRISM2_PARAM_HW_MODES:
1308 local->enabled_modes = value;
1309 break;
1310
1311 case PRISM2_PARAM_CREATE_IBSS:
1312 if (sdata->type != IEEE80211_IF_TYPE_IBSS)
1313 ret = -EINVAL;
1314 else
1315 sdata->u.sta.create_ibss = !!value;
1316 break;
1317 case PRISM2_PARAM_WMM_ENABLED:
1318 if (sdata->type != IEEE80211_IF_TYPE_STA &&
1319 sdata->type != IEEE80211_IF_TYPE_IBSS)
1320 ret = -EINVAL;
1321 else
1322 sdata->u.sta.wmm_enabled = !!value;
1323 break;
1324 case PRISM2_PARAM_RADAR_DETECT:
1325 local->hw.conf.radar_detect = value;
1326 break;
1327 case PRISM2_PARAM_SPECTRUM_MGMT:
1328 local->hw.conf.spect_mgmt = value;
1329 break;
1330 default:
1331 ret = -EOPNOTSUPP;
1332 break;
1333 }
1334
1335 return ret;
1336}
1337
1338
1339static int ieee80211_ioctl_get_prism2_param(struct net_device *dev,
1340 struct iw_request_info *info,
1341 void *wrqu, char *extra)
1342{
1343 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1344 struct ieee80211_sub_if_data *sdata;
1345 int *param = (int *) extra;
1346 int ret = 0;
1347
1348 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1349
1350 switch (*param) {
1351 case PRISM2_PARAM_IEEE_802_1X:
1352 *param = sdata->ieee802_1x;
1353 break;
1354
1355 case PRISM2_PARAM_ANTSEL_TX:
1356 *param = local->hw.conf.antenna_sel_tx;
1357 break;
1358
1359 case PRISM2_PARAM_ANTSEL_RX:
1360 *param = local->hw.conf.antenna_sel_rx;
1361 break;
1362
1363 case PRISM2_PARAM_CTS_PROTECT_ERP_FRAMES:
1364 *param = local->cts_protect_erp_frames;
1365 break;
1366
1367 case PRISM2_PARAM_DROP_UNENCRYPTED:
1368 *param = sdata->drop_unencrypted;
1369 break;
1370
1371 case PRISM2_PARAM_PREAMBLE:
1372 *param = local->short_preamble;
1373 break;
1374
1375 case PRISM2_PARAM_STAT_TIME:
1376 *param = local->stat_time;
1377 break;
1378 case PRISM2_PARAM_SHORT_SLOT_TIME:
1379 *param = !!(local->hw.conf.flags & IEEE80211_CONF_SHORT_SLOT_TIME);
1380 break;
1381
1382 case PRISM2_PARAM_NEXT_MODE:
1383 *param = local->next_mode;
1384 break;
1385
1386 case PRISM2_PARAM_ANTENNA_MODE:
1387 *param = local->hw.conf.antenna_mode;
1388 break;
1389
1390 case PRISM2_PARAM_STA_ANTENNA_SEL:
1391 *param = local->sta_antenna_sel;
1392 break;
1393
1394 case PRISM2_PARAM_RATE_CTRL_NUM_UP:
1395 *param = local->rate_ctrl_num_up;
1396 break;
1397
1398 case PRISM2_PARAM_RATE_CTRL_NUM_DOWN:
1399 *param = local->rate_ctrl_num_down;
1400 break;
1401
1402 case PRISM2_PARAM_TX_POWER_REDUCTION:
1403 *param = local->hw.conf.tx_power_reduction;
1404 break;
1405
1406 case PRISM2_PARAM_KEY_TX_RX_THRESHOLD:
1407 *param = local->key_tx_rx_threshold;
1408 break;
1409
1410 case PRISM2_PARAM_DEFAULT_WEP_ONLY:
1411 *param = local->default_wep_only;
1412 break;
1413
1414 case PRISM2_PARAM_WIFI_WME_NOACK_TEST:
1415 *param = local->wifi_wme_noack_test;
1416 break;
1417
1418 case PRISM2_PARAM_SCAN_FLAGS:
1419 *param = local->scan_flags;
1420 break;
1421
1422 case PRISM2_PARAM_HW_MODES:
1423 *param = local->enabled_modes;
1424 break;
1425
1426 case PRISM2_PARAM_CREATE_IBSS:
1427 if (sdata->type != IEEE80211_IF_TYPE_IBSS)
1428 ret = -EINVAL;
1429 else
1430 *param = !!sdata->u.sta.create_ibss;
1431 break;
1432
1433 case PRISM2_PARAM_MIXED_CELL:
1434 if (sdata->type != IEEE80211_IF_TYPE_STA &&
1435 sdata->type != IEEE80211_IF_TYPE_IBSS)
1436 ret = -EINVAL;
1437 else
1438 *param = !!sdata->u.sta.mixed_cell;
1439 break;
1440 case PRISM2_PARAM_WMM_ENABLED:
1441 if (sdata->type != IEEE80211_IF_TYPE_STA &&
1442 sdata->type != IEEE80211_IF_TYPE_IBSS)
1443 ret = -EINVAL;
1444 else
1445 *param = !!sdata->u.sta.wmm_enabled;
1446 break;
1447 default:
1448 ret = -EOPNOTSUPP;
1449 break;
1450 }
1451
1452 return ret;
1453}
1454
1455static int ieee80211_ioctl_siwmlme(struct net_device *dev,
1456 struct iw_request_info *info,
1457 struct iw_point *data, char *extra)
1458{
1459 struct ieee80211_sub_if_data *sdata;
1460 struct iw_mlme *mlme = (struct iw_mlme *) extra;
1461
1462 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1463 if (sdata->type != IEEE80211_IF_TYPE_STA &&
1464 sdata->type != IEEE80211_IF_TYPE_IBSS)
1465 return -EINVAL;
1466
1467 switch (mlme->cmd) {
1468 case IW_MLME_DEAUTH:
1469 /* TODO: mlme->addr.sa_data */
1470 return ieee80211_sta_deauthenticate(dev, mlme->reason_code);
1471 case IW_MLME_DISASSOC:
1472 /* TODO: mlme->addr.sa_data */
1473 return ieee80211_sta_disassociate(dev, mlme->reason_code);
1474 default:
1475 return -EOPNOTSUPP;
1476 }
1477}
1478
1479
1480static int ieee80211_ioctl_siwencode(struct net_device *dev,
1481 struct iw_request_info *info,
1482 struct iw_point *erq, char *keybuf)
1483{
1484 struct ieee80211_sub_if_data *sdata;
1485 int idx, i, alg = ALG_WEP;
1486 u8 bcaddr[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
1487
1488 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1489
1490 idx = erq->flags & IW_ENCODE_INDEX;
1491 if (idx == 0) {
1492 if (sdata->default_key)
1493 for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
1494 if (sdata->default_key == sdata->keys[i]) {
1495 idx = i;
1496 break;
1497 }
1498 }
1499 } else if (idx < 1 || idx > 4)
1500 return -EINVAL;
1501 else
1502 idx--;
1503
1504 if (erq->flags & IW_ENCODE_DISABLED)
1505 alg = ALG_NONE;
1506 else if (erq->length == 0) {
1507 /* No key data - just set the default TX key index */
1508 if (sdata->default_key != sdata->keys[idx])
1509 sdata->default_key = sdata->keys[idx];
1510 return 0;
1511 }
1512
1513 return ieee80211_set_encryption(
1514 dev, bcaddr,
1515 idx, alg,
1516 !sdata->default_key,
1517 keybuf, erq->length);
1518}
1519
1520
1521static int ieee80211_ioctl_giwencode(struct net_device *dev,
1522 struct iw_request_info *info,
1523 struct iw_point *erq, char *key)
1524{
1525 struct ieee80211_sub_if_data *sdata;
1526 int idx, i;
1527
1528 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1529
1530 idx = erq->flags & IW_ENCODE_INDEX;
1531 if (idx < 1 || idx > 4) {
1532 idx = -1;
1533 if (!sdata->default_key)
1534 idx = 0;
1535 else for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
1536 if (sdata->default_key == sdata->keys[i]) {
1537 idx = i;
1538 break;
1539 }
1540 }
1541 if (idx < 0)
1542 return -EINVAL;
1543 } else
1544 idx--;
1545
1546 erq->flags = idx + 1;
1547
1548 if (!sdata->keys[idx]) {
1549 erq->length = 0;
1550 erq->flags |= IW_ENCODE_DISABLED;
1551 return 0;
1552 }
1553
1554 memcpy(key, sdata->keys[idx]->key,
1555 min((int)erq->length, sdata->keys[idx]->keylen));
1556 erq->length = sdata->keys[idx]->keylen;
1557 erq->flags |= IW_ENCODE_ENABLED;
1558
1559 return 0;
1560}
1561
1562static int ieee80211_ioctl_siwauth(struct net_device *dev,
1563 struct iw_request_info *info,
1564 struct iw_param *data, char *extra)
1565{
1566 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1567 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1568 int ret = 0;
1569
1570 switch (data->flags & IW_AUTH_INDEX) {
1571 case IW_AUTH_WPA_VERSION:
1572 case IW_AUTH_CIPHER_PAIRWISE:
1573 case IW_AUTH_CIPHER_GROUP:
1574 case IW_AUTH_WPA_ENABLED:
1575 case IW_AUTH_RX_UNENCRYPTED_EAPOL:
1576 break;
1577 case IW_AUTH_KEY_MGMT:
1578 if (sdata->type != IEEE80211_IF_TYPE_STA)
1579 ret = -EINVAL;
1580 else {
1581 /*
1582 * TODO: sdata->u.sta.key_mgmt does not match with WE18
1583 * value completely; could consider modifying this to
1584 * be closer to WE18. For now, this value is not really
1585 * used for anything else than Privacy matching, so the
1586 * current code here should be more or less OK.
1587 */
1588 if (data->value & IW_AUTH_KEY_MGMT_802_1X) {
1589 sdata->u.sta.key_mgmt =
1590 IEEE80211_KEY_MGMT_WPA_EAP;
1591 } else if (data->value & IW_AUTH_KEY_MGMT_PSK) {
1592 sdata->u.sta.key_mgmt =
1593 IEEE80211_KEY_MGMT_WPA_PSK;
1594 } else {
1595 sdata->u.sta.key_mgmt =
1596 IEEE80211_KEY_MGMT_NONE;
1597 }
1598 }
1599 break;
1600 case IW_AUTH_80211_AUTH_ALG:
1601 if (sdata->type == IEEE80211_IF_TYPE_STA ||
1602 sdata->type == IEEE80211_IF_TYPE_IBSS)
1603 sdata->u.sta.auth_algs = data->value;
1604 else
1605 ret = -EOPNOTSUPP;
1606 break;
1607 case IW_AUTH_PRIVACY_INVOKED:
1608 if (local->ops->set_privacy_invoked)
1609 ret = local->ops->set_privacy_invoked(
1610 local_to_hw(local), data->value);
1611 break;
1612 default:
1613 ret = -EOPNOTSUPP;
1614 break;
1615 }
1616 return ret;
1617}
1618
1619/* Get wireless statistics. Called by /proc/net/wireless and by SIOCGIWSTATS */
1620static struct iw_statistics *ieee80211_get_wireless_stats(struct net_device *dev)
1621{
1622 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1623 struct iw_statistics *wstats = &local->wstats;
1624 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1625 struct sta_info *sta = NULL;
1626
1627 if (sdata->type == IEEE80211_IF_TYPE_STA ||
1628 sdata->type == IEEE80211_IF_TYPE_IBSS)
1629 sta = sta_info_get(local, sdata->u.sta.bssid);
1630 if (!sta) {
1631 wstats->discard.fragment = 0;
1632 wstats->discard.misc = 0;
1633 wstats->qual.qual = 0;
1634 wstats->qual.level = 0;
1635 wstats->qual.noise = 0;
1636 wstats->qual.updated = IW_QUAL_ALL_INVALID;
1637 } else {
1638 wstats->qual.level = sta->last_rssi;
1639 wstats->qual.qual = sta->last_signal;
1640 wstats->qual.noise = sta->last_noise;
1641 wstats->qual.updated = local->wstats_flags;
1642 sta_info_put(sta);
1643 }
1644 return wstats;
1645}
1646
1647static int ieee80211_ioctl_giwauth(struct net_device *dev,
1648 struct iw_request_info *info,
1649 struct iw_param *data, char *extra)
1650{
1651 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1652 int ret = 0;
1653
1654 switch (data->flags & IW_AUTH_INDEX) {
1655 case IW_AUTH_80211_AUTH_ALG:
1656 if (sdata->type == IEEE80211_IF_TYPE_STA ||
1657 sdata->type == IEEE80211_IF_TYPE_IBSS)
1658 data->value = sdata->u.sta.auth_algs;
1659 else
1660 ret = -EOPNOTSUPP;
1661 break;
1662 default:
1663 ret = -EOPNOTSUPP;
1664 break;
1665 }
1666 return ret;
1667}
1668
1669
1670static int ieee80211_ioctl_siwencodeext(struct net_device *dev,
1671 struct iw_request_info *info,
1672 struct iw_point *erq, char *extra)
1673{
1674 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1675 struct iw_encode_ext *ext = (struct iw_encode_ext *) extra;
1676 int alg, idx, i;
1677
1678 switch (ext->alg) {
1679 case IW_ENCODE_ALG_NONE:
1680 alg = ALG_NONE;
1681 break;
1682 case IW_ENCODE_ALG_WEP:
1683 alg = ALG_WEP;
1684 break;
1685 case IW_ENCODE_ALG_TKIP:
1686 alg = ALG_TKIP;
1687 break;
1688 case IW_ENCODE_ALG_CCMP:
1689 alg = ALG_CCMP;
1690 break;
1691 default:
1692 return -EOPNOTSUPP;
1693 }
1694
1695 if (erq->flags & IW_ENCODE_DISABLED)
1696 alg = ALG_NONE;
1697
1698 idx = erq->flags & IW_ENCODE_INDEX;
1699 if (idx < 1 || idx > 4) {
1700 idx = -1;
1701 if (!sdata->default_key)
1702 idx = 0;
1703 else for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
1704 if (sdata->default_key == sdata->keys[i]) {
1705 idx = i;
1706 break;
1707 }
1708 }
1709 if (idx < 0)
1710 return -EINVAL;
1711 } else
1712 idx--;
1713
1714 return ieee80211_set_encryption(dev, ext->addr.sa_data, idx, alg,
1715 ext->ext_flags &
1716 IW_ENCODE_EXT_SET_TX_KEY,
1717 ext->key, ext->key_len);
1718}
1719
1720
1721static const struct iw_priv_args ieee80211_ioctl_priv[] = {
1722 { PRISM2_IOCTL_PRISM2_PARAM,
1723 IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 2, 0, "param" },
1724 { PRISM2_IOCTL_GET_PRISM2_PARAM,
1725 IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1,
1726 IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, "get_param" },
1727};
1728
1729/* Structures to export the Wireless Handlers */
1730
1731static const iw_handler ieee80211_handler[] =
1732{
1733 (iw_handler) NULL, /* SIOCSIWCOMMIT */
1734 (iw_handler) ieee80211_ioctl_giwname, /* SIOCGIWNAME */
1735 (iw_handler) NULL, /* SIOCSIWNWID */
1736 (iw_handler) NULL, /* SIOCGIWNWID */
1737 (iw_handler) ieee80211_ioctl_siwfreq, /* SIOCSIWFREQ */
1738 (iw_handler) ieee80211_ioctl_giwfreq, /* SIOCGIWFREQ */
1739 (iw_handler) ieee80211_ioctl_siwmode, /* SIOCSIWMODE */
1740 (iw_handler) ieee80211_ioctl_giwmode, /* SIOCGIWMODE */
1741 (iw_handler) NULL, /* SIOCSIWSENS */
1742 (iw_handler) NULL, /* SIOCGIWSENS */
1743 (iw_handler) NULL /* not used */, /* SIOCSIWRANGE */
1744 (iw_handler) ieee80211_ioctl_giwrange, /* SIOCGIWRANGE */
1745 (iw_handler) NULL /* not used */, /* SIOCSIWPRIV */
1746 (iw_handler) NULL /* kernel code */, /* SIOCGIWPRIV */
1747 (iw_handler) NULL /* not used */, /* SIOCSIWSTATS */
1748 (iw_handler) NULL /* kernel code */, /* SIOCGIWSTATS */
1749 iw_handler_set_spy, /* SIOCSIWSPY */
1750 iw_handler_get_spy, /* SIOCGIWSPY */
1751 iw_handler_set_thrspy, /* SIOCSIWTHRSPY */
1752 iw_handler_get_thrspy, /* SIOCGIWTHRSPY */
1753 (iw_handler) ieee80211_ioctl_siwap, /* SIOCSIWAP */
1754 (iw_handler) ieee80211_ioctl_giwap, /* SIOCGIWAP */
1755 (iw_handler) ieee80211_ioctl_siwmlme, /* SIOCSIWMLME */
1756 (iw_handler) NULL, /* SIOCGIWAPLIST */
1757 (iw_handler) ieee80211_ioctl_siwscan, /* SIOCSIWSCAN */
1758 (iw_handler) ieee80211_ioctl_giwscan, /* SIOCGIWSCAN */
1759 (iw_handler) ieee80211_ioctl_siwessid, /* SIOCSIWESSID */
1760 (iw_handler) ieee80211_ioctl_giwessid, /* SIOCGIWESSID */
1761 (iw_handler) NULL, /* SIOCSIWNICKN */
1762 (iw_handler) NULL, /* SIOCGIWNICKN */
1763 (iw_handler) NULL, /* -- hole -- */
1764 (iw_handler) NULL, /* -- hole -- */
1765 (iw_handler) NULL, /* SIOCSIWRATE */
1766 (iw_handler) NULL, /* SIOCGIWRATE */
1767 (iw_handler) ieee80211_ioctl_siwrts, /* SIOCSIWRTS */
1768 (iw_handler) ieee80211_ioctl_giwrts, /* SIOCGIWRTS */
1769 (iw_handler) ieee80211_ioctl_siwfrag, /* SIOCSIWFRAG */
1770 (iw_handler) ieee80211_ioctl_giwfrag, /* SIOCGIWFRAG */
1771 (iw_handler) NULL, /* SIOCSIWTXPOW */
1772 (iw_handler) NULL, /* SIOCGIWTXPOW */
1773 (iw_handler) ieee80211_ioctl_siwretry, /* SIOCSIWRETRY */
1774 (iw_handler) ieee80211_ioctl_giwretry, /* SIOCGIWRETRY */
1775 (iw_handler) ieee80211_ioctl_siwencode, /* SIOCSIWENCODE */
1776 (iw_handler) ieee80211_ioctl_giwencode, /* SIOCGIWENCODE */
1777 (iw_handler) NULL, /* SIOCSIWPOWER */
1778 (iw_handler) NULL, /* SIOCGIWPOWER */
1779 (iw_handler) NULL, /* -- hole -- */
1780 (iw_handler) NULL, /* -- hole -- */
1781 (iw_handler) ieee80211_ioctl_siwgenie, /* SIOCSIWGENIE */
1782 (iw_handler) NULL, /* SIOCGIWGENIE */
1783 (iw_handler) ieee80211_ioctl_siwauth, /* SIOCSIWAUTH */
1784 (iw_handler) ieee80211_ioctl_giwauth, /* SIOCGIWAUTH */
1785 (iw_handler) ieee80211_ioctl_siwencodeext, /* SIOCSIWENCODEEXT */
1786 (iw_handler) NULL, /* SIOCGIWENCODEEXT */
1787 (iw_handler) NULL, /* SIOCSIWPMKSA */
1788 (iw_handler) NULL, /* -- hole -- */
1789};
1790
1791static const iw_handler ieee80211_private_handler[] =
1792{ /* SIOCIWFIRSTPRIV + */
1793 (iw_handler) ieee80211_ioctl_prism2_param, /* 0 */
1794 (iw_handler) ieee80211_ioctl_get_prism2_param, /* 1 */
1795};
1796
1797const struct iw_handler_def ieee80211_iw_handler_def =
1798{
1799 .num_standard = ARRAY_SIZE(ieee80211_handler),
1800 .num_private = ARRAY_SIZE(ieee80211_private_handler),
1801 .num_private_args = ARRAY_SIZE(ieee80211_ioctl_priv),
1802 .standard = (iw_handler *) ieee80211_handler,
1803 .private = (iw_handler *) ieee80211_private_handler,
1804 .private_args = (struct iw_priv_args *) ieee80211_ioctl_priv,
1805 .get_wireless_stats = ieee80211_get_wireless_stats,
1806};
diff --git a/net/mac80211/ieee80211_key.h b/net/mac80211/ieee80211_key.h
new file mode 100644
index 000000000000..da67d87705d7
--- /dev/null
+++ b/net/mac80211/ieee80211_key.h
@@ -0,0 +1,89 @@
1/*
2 * Copyright 2002-2004, Instant802 Networks, Inc.
3 * Copyright 2005, Devicescape Software, Inc.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 */
9
10#ifndef IEEE80211_KEY_H
11#define IEEE80211_KEY_H
12
13#include <linux/types.h>
14#include <linux/kref.h>
15#include <linux/crypto.h>
16#include <net/mac80211.h>
17
18/* ALG_TKIP
19 * struct ieee80211_key::key is encoded as a 256-bit (32 byte) data block:
20 * Temporal Encryption Key (128 bits)
21 * Temporal Authenticator Tx MIC Key (64 bits)
22 * Temporal Authenticator Rx MIC Key (64 bits)
23 */
24
25#define WEP_IV_LEN 4
26#define WEP_ICV_LEN 4
27
28#define ALG_TKIP_KEY_LEN 32
29/* Starting offsets for each key */
30#define ALG_TKIP_TEMP_ENCR_KEY 0
31#define ALG_TKIP_TEMP_AUTH_TX_MIC_KEY 16
32#define ALG_TKIP_TEMP_AUTH_RX_MIC_KEY 24
33#define TKIP_IV_LEN 8
34#define TKIP_ICV_LEN 4
35
36#define ALG_CCMP_KEY_LEN 16
37#define CCMP_HDR_LEN 8
38#define CCMP_MIC_LEN 8
39#define CCMP_TK_LEN 16
40#define CCMP_PN_LEN 6
41
42#define NUM_RX_DATA_QUEUES 17
43
44struct ieee80211_key {
45 struct kref kref;
46
47 int hw_key_idx; /* filled and used by low-level driver */
48 ieee80211_key_alg alg;
49 union {
50 struct {
51 /* last used TSC */
52 u32 iv32;
53 u16 iv16;
54 u16 p1k[5];
55 int tx_initialized;
56
57 /* last received RSC */
58 u32 iv32_rx[NUM_RX_DATA_QUEUES];
59 u16 iv16_rx[NUM_RX_DATA_QUEUES];
60 u16 p1k_rx[NUM_RX_DATA_QUEUES][5];
61 int rx_initialized[NUM_RX_DATA_QUEUES];
62 } tkip;
63 struct {
64 u8 tx_pn[6];
65 u8 rx_pn[NUM_RX_DATA_QUEUES][6];
66 struct crypto_cipher *tfm;
67 u32 replays; /* dot11RSNAStatsCCMPReplays */
68 /* scratch buffers for virt_to_page() (crypto API) */
69#ifndef AES_BLOCK_LEN
70#define AES_BLOCK_LEN 16
71#endif
72 u8 tx_crypto_buf[6 * AES_BLOCK_LEN];
73 u8 rx_crypto_buf[6 * AES_BLOCK_LEN];
74 } ccmp;
75 } u;
76 int tx_rx_count; /* number of times this key has been used */
77 int keylen;
78
79 /* if the low level driver can provide hardware acceleration it should
80 * clear this flag */
81 unsigned int force_sw_encrypt:1;
82 unsigned int default_tx_key:1; /* This key is the new default TX key
83 * (used only for broadcast keys). */
84 s8 keyidx; /* WEP key index */
85
86 u8 key[0];
87};
88
89#endif /* IEEE80211_KEY_H */
diff --git a/net/mac80211/ieee80211_led.c b/net/mac80211/ieee80211_led.c
new file mode 100644
index 000000000000..719d75b20707
--- /dev/null
+++ b/net/mac80211/ieee80211_led.c
@@ -0,0 +1,91 @@
1/*
2 * Copyright 2006, Johannes Berg <johannes@sipsolutions.net>
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License version 2 as
6 * published by the Free Software Foundation.
7 */
8
9/* just for IFNAMSIZ */
10#include <linux/if.h>
11#include "ieee80211_led.h"
12
13void ieee80211_led_rx(struct ieee80211_local *local)
14{
15 if (unlikely(!local->rx_led))
16 return;
17 if (local->rx_led_counter++ % 2 == 0)
18 led_trigger_event(local->rx_led, LED_OFF);
19 else
20 led_trigger_event(local->rx_led, LED_FULL);
21}
22
23/* q is 1 if a packet was enqueued, 0 if it has been transmitted */
24void ieee80211_led_tx(struct ieee80211_local *local, int q)
25{
26 if (unlikely(!local->tx_led))
27 return;
28 /* not sure how this is supposed to work ... */
29 local->tx_led_counter += 2*q-1;
30 if (local->tx_led_counter % 2 == 0)
31 led_trigger_event(local->tx_led, LED_OFF);
32 else
33 led_trigger_event(local->tx_led, LED_FULL);
34}
35
36void ieee80211_led_init(struct ieee80211_local *local)
37{
38 local->rx_led = kzalloc(sizeof(struct led_trigger), GFP_KERNEL);
39 if (!local->rx_led)
40 return;
41 snprintf(local->rx_led_name, sizeof(local->rx_led_name),
42 "%srx", wiphy_name(local->hw.wiphy));
43 local->rx_led->name = local->rx_led_name;
44 if (led_trigger_register(local->rx_led)) {
45 kfree(local->rx_led);
46 local->rx_led = NULL;
47 }
48
49 local->tx_led = kzalloc(sizeof(struct led_trigger), GFP_KERNEL);
50 if (!local->tx_led)
51 return;
52 snprintf(local->tx_led_name, sizeof(local->tx_led_name),
53 "%stx", wiphy_name(local->hw.wiphy));
54 local->tx_led->name = local->tx_led_name;
55 if (led_trigger_register(local->tx_led)) {
56 kfree(local->tx_led);
57 local->tx_led = NULL;
58 }
59}
60
61void ieee80211_led_exit(struct ieee80211_local *local)
62{
63 if (local->tx_led) {
64 led_trigger_unregister(local->tx_led);
65 kfree(local->tx_led);
66 }
67 if (local->rx_led) {
68 led_trigger_unregister(local->rx_led);
69 kfree(local->rx_led);
70 }
71}
72
73char *__ieee80211_get_tx_led_name(struct ieee80211_hw *hw)
74{
75 struct ieee80211_local *local = hw_to_local(hw);
76
77 if (local->tx_led)
78 return local->tx_led_name;
79 return NULL;
80}
81EXPORT_SYMBOL(__ieee80211_get_tx_led_name);
82
83char *__ieee80211_get_rx_led_name(struct ieee80211_hw *hw)
84{
85 struct ieee80211_local *local = hw_to_local(hw);
86
87 if (local->rx_led)
88 return local->rx_led_name;
89 return NULL;
90}
91EXPORT_SYMBOL(__ieee80211_get_rx_led_name);
diff --git a/net/mac80211/ieee80211_led.h b/net/mac80211/ieee80211_led.h
new file mode 100644
index 000000000000..5c8ab8263878
--- /dev/null
+++ b/net/mac80211/ieee80211_led.h
@@ -0,0 +1,32 @@
1/*
2 * Copyright 2006, Johannes Berg <johannes@sipsolutions.net>
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License version 2 as
6 * published by the Free Software Foundation.
7 */
8
9#include <linux/list.h>
10#include <linux/spinlock.h>
11#include <linux/leds.h>
12#include "ieee80211_i.h"
13
14#ifdef CONFIG_MAC80211_LEDS
15extern void ieee80211_led_rx(struct ieee80211_local *local);
16extern void ieee80211_led_tx(struct ieee80211_local *local, int q);
17extern void ieee80211_led_init(struct ieee80211_local *local);
18extern void ieee80211_led_exit(struct ieee80211_local *local);
19#else
20static inline void ieee80211_led_rx(struct ieee80211_local *local)
21{
22}
23static inline void ieee80211_led_tx(struct ieee80211_local *local, int q)
24{
25}
26static inline void ieee80211_led_init(struct ieee80211_local *local)
27{
28}
29static inline void ieee80211_led_exit(struct ieee80211_local *local)
30{
31}
32#endif
diff --git a/net/mac80211/ieee80211_rate.c b/net/mac80211/ieee80211_rate.c
new file mode 100644
index 000000000000..16e850864b8a
--- /dev/null
+++ b/net/mac80211/ieee80211_rate.c
@@ -0,0 +1,140 @@
1/*
2 * Copyright 2002-2005, Instant802 Networks, Inc.
3 * Copyright 2005-2006, Devicescape Software, Inc.
4 * Copyright (c) 2006 Jiri Benc <jbenc@suse.cz>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation.
9 */
10
11#include <linux/kernel.h>
12#include "ieee80211_rate.h"
13#include "ieee80211_i.h"
14
15struct rate_control_alg {
16 struct list_head list;
17 struct rate_control_ops *ops;
18};
19
20static LIST_HEAD(rate_ctrl_algs);
21static DEFINE_MUTEX(rate_ctrl_mutex);
22
23int ieee80211_rate_control_register(struct rate_control_ops *ops)
24{
25 struct rate_control_alg *alg;
26
27 alg = kmalloc(sizeof(*alg), GFP_KERNEL);
28 if (alg == NULL) {
29 return -ENOMEM;
30 }
31 memset(alg, 0, sizeof(*alg));
32 alg->ops = ops;
33
34 mutex_lock(&rate_ctrl_mutex);
35 list_add_tail(&alg->list, &rate_ctrl_algs);
36 mutex_unlock(&rate_ctrl_mutex);
37
38 return 0;
39}
40EXPORT_SYMBOL(ieee80211_rate_control_register);
41
42void ieee80211_rate_control_unregister(struct rate_control_ops *ops)
43{
44 struct rate_control_alg *alg;
45
46 mutex_lock(&rate_ctrl_mutex);
47 list_for_each_entry(alg, &rate_ctrl_algs, list) {
48 if (alg->ops == ops) {
49 list_del(&alg->list);
50 break;
51 }
52 }
53 mutex_unlock(&rate_ctrl_mutex);
54 kfree(alg);
55}
56EXPORT_SYMBOL(ieee80211_rate_control_unregister);
57
58static struct rate_control_ops *
59ieee80211_try_rate_control_ops_get(const char *name)
60{
61 struct rate_control_alg *alg;
62 struct rate_control_ops *ops = NULL;
63
64 mutex_lock(&rate_ctrl_mutex);
65 list_for_each_entry(alg, &rate_ctrl_algs, list) {
66 if (!name || !strcmp(alg->ops->name, name))
67 if (try_module_get(alg->ops->module)) {
68 ops = alg->ops;
69 break;
70 }
71 }
72 mutex_unlock(&rate_ctrl_mutex);
73 return ops;
74}
75
76/* Get the rate control algorithm. If `name' is NULL, get the first
77 * available algorithm. */
78static struct rate_control_ops *
79ieee80211_rate_control_ops_get(const char *name)
80{
81 struct rate_control_ops *ops;
82
83 ops = ieee80211_try_rate_control_ops_get(name);
84 if (!ops) {
85 request_module("rc80211_%s", name ? name : "default");
86 ops = ieee80211_try_rate_control_ops_get(name);
87 }
88 return ops;
89}
90
91static void ieee80211_rate_control_ops_put(struct rate_control_ops *ops)
92{
93 module_put(ops->module);
94}
95
96struct rate_control_ref *rate_control_alloc(const char *name,
97 struct ieee80211_local *local)
98{
99 struct rate_control_ref *ref;
100
101 ref = kmalloc(sizeof(struct rate_control_ref), GFP_KERNEL);
102 if (!ref)
103 goto fail_ref;
104 kref_init(&ref->kref);
105 ref->ops = ieee80211_rate_control_ops_get(name);
106 if (!ref->ops)
107 goto fail_ops;
108 ref->priv = ref->ops->alloc(local);
109 if (!ref->priv)
110 goto fail_priv;
111 return ref;
112
113fail_priv:
114 ieee80211_rate_control_ops_put(ref->ops);
115fail_ops:
116 kfree(ref);
117fail_ref:
118 return NULL;
119}
120
121static void rate_control_release(struct kref *kref)
122{
123 struct rate_control_ref *ctrl_ref;
124
125 ctrl_ref = container_of(kref, struct rate_control_ref, kref);
126 ctrl_ref->ops->free(ctrl_ref->priv);
127 ieee80211_rate_control_ops_put(ctrl_ref->ops);
128 kfree(ctrl_ref);
129}
130
131struct rate_control_ref *rate_control_get(struct rate_control_ref *ref)
132{
133 kref_get(&ref->kref);
134 return ref;
135}
136
137void rate_control_put(struct rate_control_ref *ref)
138{
139 kref_put(&ref->kref, rate_control_release);
140}
diff --git a/net/mac80211/ieee80211_rate.h b/net/mac80211/ieee80211_rate.h
new file mode 100644
index 000000000000..710f5685cedd
--- /dev/null
+++ b/net/mac80211/ieee80211_rate.h
@@ -0,0 +1,122 @@
1/*
2 * Copyright 2002-2005, Instant802 Networks, Inc.
3 * Copyright 2005, Devicescape Software, Inc.
4 * Copyright (c) 2006 Jiri Benc <jbenc@suse.cz>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation.
9 */
10
11#ifndef IEEE80211_RATE_H
12#define IEEE80211_RATE_H
13
14#include <linux/netdevice.h>
15#include <linux/skbuff.h>
16#include <linux/types.h>
17#include <net/mac80211.h>
18#include "ieee80211_i.h"
19#include "sta_info.h"
20
21#define RATE_CONTROL_NUM_DOWN 20
22#define RATE_CONTROL_NUM_UP 15
23
24
25struct rate_control_extra {
26 /* values from rate_control_get_rate() to the caller: */
27 struct ieee80211_rate *probe; /* probe with this rate, or NULL for no
28 * probing */
29 struct ieee80211_rate *nonerp;
30
31 /* parameters from the caller to rate_control_get_rate(): */
32 struct ieee80211_hw_mode *mode;
33 int mgmt_data; /* this is data frame that is used for management
34 * (e.g., IEEE 802.1X EAPOL) */
35 u16 ethertype;
36};
37
38
39struct rate_control_ops {
40 struct module *module;
41 const char *name;
42 void (*tx_status)(void *priv, struct net_device *dev,
43 struct sk_buff *skb,
44 struct ieee80211_tx_status *status);
45 struct ieee80211_rate *(*get_rate)(void *priv, struct net_device *dev,
46 struct sk_buff *skb,
47 struct rate_control_extra *extra);
48 void (*rate_init)(void *priv, void *priv_sta,
49 struct ieee80211_local *local, struct sta_info *sta);
50 void (*clear)(void *priv);
51
52 void *(*alloc)(struct ieee80211_local *local);
53 void (*free)(void *priv);
54 void *(*alloc_sta)(void *priv, gfp_t gfp);
55 void (*free_sta)(void *priv, void *priv_sta);
56
57 int (*add_attrs)(void *priv, struct kobject *kobj);
58 void (*remove_attrs)(void *priv, struct kobject *kobj);
59};
60
61struct rate_control_ref {
62 struct rate_control_ops *ops;
63 void *priv;
64 struct kref kref;
65};
66
67int ieee80211_rate_control_register(struct rate_control_ops *ops);
68void ieee80211_rate_control_unregister(struct rate_control_ops *ops);
69
70/* Get a reference to the rate control algorithm. If `name' is NULL, get the
71 * first available algorithm. */
72struct rate_control_ref *rate_control_alloc(const char *name,
73 struct ieee80211_local *local);
74struct rate_control_ref *rate_control_get(struct rate_control_ref *ref);
75void rate_control_put(struct rate_control_ref *ref);
76
77static inline void rate_control_tx_status(struct ieee80211_local *local,
78 struct net_device *dev,
79 struct sk_buff *skb,
80 struct ieee80211_tx_status *status)
81{
82 struct rate_control_ref *ref = local->rate_ctrl;
83 ref->ops->tx_status(ref->priv, dev, skb, status);
84}
85
86
87static inline struct ieee80211_rate *
88rate_control_get_rate(struct ieee80211_local *local, struct net_device *dev,
89 struct sk_buff *skb, struct rate_control_extra *extra)
90{
91 struct rate_control_ref *ref = local->rate_ctrl;
92 return ref->ops->get_rate(ref->priv, dev, skb, extra);
93}
94
95
96static inline void rate_control_rate_init(struct sta_info *sta,
97 struct ieee80211_local *local)
98{
99 struct rate_control_ref *ref = sta->rate_ctrl;
100 ref->ops->rate_init(ref->priv, sta->rate_ctrl_priv, local, sta);
101}
102
103
104static inline void rate_control_clear(struct ieee80211_local *local)
105{
106 struct rate_control_ref *ref = local->rate_ctrl;
107 ref->ops->clear(ref->priv);
108}
109
110static inline void *rate_control_alloc_sta(struct rate_control_ref *ref,
111 gfp_t gfp)
112{
113 return ref->ops->alloc_sta(ref->priv, gfp);
114}
115
116static inline void rate_control_free_sta(struct rate_control_ref *ref,
117 void *priv)
118{
119 ref->ops->free_sta(ref->priv, priv);
120}
121
122#endif /* IEEE80211_RATE_H */
diff --git a/net/mac80211/ieee80211_sta.c b/net/mac80211/ieee80211_sta.c
new file mode 100644
index 000000000000..822917debeff
--- /dev/null
+++ b/net/mac80211/ieee80211_sta.c
@@ -0,0 +1,3060 @@
1/*
2 * BSS client mode implementation
3 * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi>
4 * Copyright 2004, Instant802 Networks, Inc.
5 * Copyright 2005, Devicescape Software, Inc.
6 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
7 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License version 2 as
11 * published by the Free Software Foundation.
12 */
13
14/* TODO:
15 * BSS table: use <BSSID,SSID> as the key to support multi-SSID APs
16 * order BSS list by RSSI(?) ("quality of AP")
17 * scan result table filtering (by capability (privacy, IBSS/BSS, WPA/RSN IE,
18 * SSID)
19 */
20#include <linux/if_ether.h>
21#include <linux/skbuff.h>
22#include <linux/netdevice.h>
23#include <linux/if_arp.h>
24#include <linux/wireless.h>
25#include <linux/random.h>
26#include <linux/etherdevice.h>
27#include <linux/rtnetlink.h>
28#include <net/iw_handler.h>
29#include <asm/types.h>
30#include <asm/delay.h>
31
32#include <net/mac80211.h>
33#include "ieee80211_i.h"
34#include "ieee80211_rate.h"
35#include "hostapd_ioctl.h"
36
37#define IEEE80211_AUTH_TIMEOUT (HZ / 5)
38#define IEEE80211_AUTH_MAX_TRIES 3
39#define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
40#define IEEE80211_ASSOC_MAX_TRIES 3
41#define IEEE80211_MONITORING_INTERVAL (2 * HZ)
42#define IEEE80211_PROBE_INTERVAL (60 * HZ)
43#define IEEE80211_RETRY_AUTH_INTERVAL (1 * HZ)
44#define IEEE80211_SCAN_INTERVAL (2 * HZ)
45#define IEEE80211_SCAN_INTERVAL_SLOW (15 * HZ)
46#define IEEE80211_IBSS_JOIN_TIMEOUT (20 * HZ)
47
48#define IEEE80211_PROBE_DELAY (HZ / 33)
49#define IEEE80211_CHANNEL_TIME (HZ / 33)
50#define IEEE80211_PASSIVE_CHANNEL_TIME (HZ / 5)
51#define IEEE80211_SCAN_RESULT_EXPIRE (10 * HZ)
52#define IEEE80211_IBSS_MERGE_INTERVAL (30 * HZ)
53#define IEEE80211_IBSS_INACTIVITY_LIMIT (60 * HZ)
54
55#define IEEE80211_IBSS_MAX_STA_ENTRIES 128
56
57
58#define IEEE80211_FC(type, stype) cpu_to_le16(type | stype)
59
60#define ERP_INFO_USE_PROTECTION BIT(1)
61
62static void ieee80211_send_probe_req(struct net_device *dev, u8 *dst,
63 u8 *ssid, size_t ssid_len);
64static struct ieee80211_sta_bss *
65ieee80211_rx_bss_get(struct net_device *dev, u8 *bssid);
66static void ieee80211_rx_bss_put(struct net_device *dev,
67 struct ieee80211_sta_bss *bss);
68static int ieee80211_sta_find_ibss(struct net_device *dev,
69 struct ieee80211_if_sta *ifsta);
70static int ieee80211_sta_wep_configured(struct net_device *dev);
71static int ieee80211_sta_start_scan(struct net_device *dev,
72 u8 *ssid, size_t ssid_len);
73static int ieee80211_sta_config_auth(struct net_device *dev,
74 struct ieee80211_if_sta *ifsta);
75
76
77/* Parsed Information Elements */
78struct ieee802_11_elems {
79 u8 *ssid;
80 u8 ssid_len;
81 u8 *supp_rates;
82 u8 supp_rates_len;
83 u8 *fh_params;
84 u8 fh_params_len;
85 u8 *ds_params;
86 u8 ds_params_len;
87 u8 *cf_params;
88 u8 cf_params_len;
89 u8 *tim;
90 u8 tim_len;
91 u8 *ibss_params;
92 u8 ibss_params_len;
93 u8 *challenge;
94 u8 challenge_len;
95 u8 *wpa;
96 u8 wpa_len;
97 u8 *rsn;
98 u8 rsn_len;
99 u8 *erp_info;
100 u8 erp_info_len;
101 u8 *ext_supp_rates;
102 u8 ext_supp_rates_len;
103 u8 *wmm_info;
104 u8 wmm_info_len;
105 u8 *wmm_param;
106 u8 wmm_param_len;
107};
108
109typedef enum { ParseOK = 0, ParseUnknown = 1, ParseFailed = -1 } ParseRes;
110
111
112static ParseRes ieee802_11_parse_elems(u8 *start, size_t len,
113 struct ieee802_11_elems *elems)
114{
115 size_t left = len;
116 u8 *pos = start;
117 int unknown = 0;
118
119 memset(elems, 0, sizeof(*elems));
120
121 while (left >= 2) {
122 u8 id, elen;
123
124 id = *pos++;
125 elen = *pos++;
126 left -= 2;
127
128 if (elen > left) {
129#if 0
130 if (net_ratelimit())
131 printk(KERN_DEBUG "IEEE 802.11 element parse "
132 "failed (id=%d elen=%d left=%d)\n",
133 id, elen, left);
134#endif
135 return ParseFailed;
136 }
137
138 switch (id) {
139 case WLAN_EID_SSID:
140 elems->ssid = pos;
141 elems->ssid_len = elen;
142 break;
143 case WLAN_EID_SUPP_RATES:
144 elems->supp_rates = pos;
145 elems->supp_rates_len = elen;
146 break;
147 case WLAN_EID_FH_PARAMS:
148 elems->fh_params = pos;
149 elems->fh_params_len = elen;
150 break;
151 case WLAN_EID_DS_PARAMS:
152 elems->ds_params = pos;
153 elems->ds_params_len = elen;
154 break;
155 case WLAN_EID_CF_PARAMS:
156 elems->cf_params = pos;
157 elems->cf_params_len = elen;
158 break;
159 case WLAN_EID_TIM:
160 elems->tim = pos;
161 elems->tim_len = elen;
162 break;
163 case WLAN_EID_IBSS_PARAMS:
164 elems->ibss_params = pos;
165 elems->ibss_params_len = elen;
166 break;
167 case WLAN_EID_CHALLENGE:
168 elems->challenge = pos;
169 elems->challenge_len = elen;
170 break;
171 case WLAN_EID_WPA:
172 if (elen >= 4 && pos[0] == 0x00 && pos[1] == 0x50 &&
173 pos[2] == 0xf2) {
174 /* Microsoft OUI (00:50:F2) */
175 if (pos[3] == 1) {
176 /* OUI Type 1 - WPA IE */
177 elems->wpa = pos;
178 elems->wpa_len = elen;
179 } else if (elen >= 5 && pos[3] == 2) {
180 if (pos[4] == 0) {
181 elems->wmm_info = pos;
182 elems->wmm_info_len = elen;
183 } else if (pos[4] == 1) {
184 elems->wmm_param = pos;
185 elems->wmm_param_len = elen;
186 }
187 }
188 }
189 break;
190 case WLAN_EID_RSN:
191 elems->rsn = pos;
192 elems->rsn_len = elen;
193 break;
194 case WLAN_EID_ERP_INFO:
195 elems->erp_info = pos;
196 elems->erp_info_len = elen;
197 break;
198 case WLAN_EID_EXT_SUPP_RATES:
199 elems->ext_supp_rates = pos;
200 elems->ext_supp_rates_len = elen;
201 break;
202 default:
203#if 0
204 printk(KERN_DEBUG "IEEE 802.11 element parse ignored "
205 "unknown element (id=%d elen=%d)\n",
206 id, elen);
207#endif
208 unknown++;
209 break;
210 }
211
212 left -= elen;
213 pos += elen;
214 }
215
216 /* Do not trigger error if left == 1 as Apple Airport base stations
217 * send AssocResps that are one spurious byte too long. */
218
219 return unknown ? ParseUnknown : ParseOK;
220}
221
222
223
224
225static int ecw2cw(int ecw)
226{
227 int cw = 1;
228 while (ecw > 0) {
229 cw <<= 1;
230 ecw--;
231 }
232 return cw - 1;
233}
234
235
236static void ieee80211_sta_wmm_params(struct net_device *dev,
237 struct ieee80211_if_sta *ifsta,
238 u8 *wmm_param, size_t wmm_param_len)
239{
240 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
241 struct ieee80211_tx_queue_params params;
242 size_t left;
243 int count;
244 u8 *pos;
245
246 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1)
247 return;
248 count = wmm_param[6] & 0x0f;
249 if (count == ifsta->wmm_last_param_set)
250 return;
251 ifsta->wmm_last_param_set = count;
252
253 pos = wmm_param + 8;
254 left = wmm_param_len - 8;
255
256 memset(&params, 0, sizeof(params));
257
258 if (!local->ops->conf_tx)
259 return;
260
261 local->wmm_acm = 0;
262 for (; left >= 4; left -= 4, pos += 4) {
263 int aci = (pos[0] >> 5) & 0x03;
264 int acm = (pos[0] >> 4) & 0x01;
265 int queue;
266
267 switch (aci) {
268 case 1:
269 queue = IEEE80211_TX_QUEUE_DATA3;
270 if (acm) {
271 local->wmm_acm |= BIT(0) | BIT(3);
272 }
273 break;
274 case 2:
275 queue = IEEE80211_TX_QUEUE_DATA1;
276 if (acm) {
277 local->wmm_acm |= BIT(4) | BIT(5);
278 }
279 break;
280 case 3:
281 queue = IEEE80211_TX_QUEUE_DATA0;
282 if (acm) {
283 local->wmm_acm |= BIT(6) | BIT(7);
284 }
285 break;
286 case 0:
287 default:
288 queue = IEEE80211_TX_QUEUE_DATA2;
289 if (acm) {
290 local->wmm_acm |= BIT(1) | BIT(2);
291 }
292 break;
293 }
294
295 params.aifs = pos[0] & 0x0f;
296 params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4);
297 params.cw_min = ecw2cw(pos[1] & 0x0f);
298 /* TXOP is in units of 32 usec; burst_time in 0.1 ms */
299 params.burst_time = (pos[2] | (pos[3] << 8)) * 32 / 100;
300 printk(KERN_DEBUG "%s: WMM queue=%d aci=%d acm=%d aifs=%d "
301 "cWmin=%d cWmax=%d burst=%d\n",
302 dev->name, queue, aci, acm, params.aifs, params.cw_min,
303 params.cw_max, params.burst_time);
304 /* TODO: handle ACM (block TX, fallback to next lowest allowed
305 * AC for now) */
306 if (local->ops->conf_tx(local_to_hw(local), queue, &params)) {
307 printk(KERN_DEBUG "%s: failed to set TX queue "
308 "parameters for queue %d\n", dev->name, queue);
309 }
310 }
311}
312
313
314static void ieee80211_sta_send_associnfo(struct net_device *dev,
315 struct ieee80211_if_sta *ifsta)
316{
317 char *buf;
318 size_t len;
319 int i;
320 union iwreq_data wrqu;
321
322 if (!ifsta->assocreq_ies && !ifsta->assocresp_ies)
323 return;
324
325 buf = kmalloc(50 + 2 * (ifsta->assocreq_ies_len +
326 ifsta->assocresp_ies_len), GFP_ATOMIC);
327 if (!buf)
328 return;
329
330 len = sprintf(buf, "ASSOCINFO(");
331 if (ifsta->assocreq_ies) {
332 len += sprintf(buf + len, "ReqIEs=");
333 for (i = 0; i < ifsta->assocreq_ies_len; i++) {
334 len += sprintf(buf + len, "%02x",
335 ifsta->assocreq_ies[i]);
336 }
337 }
338 if (ifsta->assocresp_ies) {
339 if (ifsta->assocreq_ies)
340 len += sprintf(buf + len, " ");
341 len += sprintf(buf + len, "RespIEs=");
342 for (i = 0; i < ifsta->assocresp_ies_len; i++) {
343 len += sprintf(buf + len, "%02x",
344 ifsta->assocresp_ies[i]);
345 }
346 }
347 len += sprintf(buf + len, ")");
348
349 if (len > IW_CUSTOM_MAX) {
350 len = sprintf(buf, "ASSOCRESPIE=");
351 for (i = 0; i < ifsta->assocresp_ies_len; i++) {
352 len += sprintf(buf + len, "%02x",
353 ifsta->assocresp_ies[i]);
354 }
355 }
356
357 memset(&wrqu, 0, sizeof(wrqu));
358 wrqu.data.length = len;
359 wireless_send_event(dev, IWEVCUSTOM, &wrqu, buf);
360
361 kfree(buf);
362}
363
364
365static void ieee80211_set_associated(struct net_device *dev,
366 struct ieee80211_if_sta *ifsta, int assoc)
367{
368 union iwreq_data wrqu;
369
370 if (ifsta->associated == assoc)
371 return;
372
373 ifsta->associated = assoc;
374
375 if (assoc) {
376 struct ieee80211_sub_if_data *sdata;
377 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
378 if (sdata->type != IEEE80211_IF_TYPE_STA)
379 return;
380 netif_carrier_on(dev);
381 ifsta->prev_bssid_set = 1;
382 memcpy(ifsta->prev_bssid, sdata->u.sta.bssid, ETH_ALEN);
383 memcpy(wrqu.ap_addr.sa_data, sdata->u.sta.bssid, ETH_ALEN);
384 ieee80211_sta_send_associnfo(dev, ifsta);
385 } else {
386 netif_carrier_off(dev);
387 memset(wrqu.ap_addr.sa_data, 0, ETH_ALEN);
388 }
389 wrqu.ap_addr.sa_family = ARPHRD_ETHER;
390 wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL);
391 ifsta->last_probe = jiffies;
392}
393
394static void ieee80211_set_disassoc(struct net_device *dev,
395 struct ieee80211_if_sta *ifsta, int deauth)
396{
397 if (deauth)
398 ifsta->auth_tries = 0;
399 ifsta->assoc_tries = 0;
400 ieee80211_set_associated(dev, ifsta, 0);
401}
402
403static void ieee80211_sta_tx(struct net_device *dev, struct sk_buff *skb,
404 int encrypt)
405{
406 struct ieee80211_sub_if_data *sdata;
407 struct ieee80211_tx_packet_data *pkt_data;
408
409 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
410 skb->dev = sdata->local->mdev;
411 skb_set_mac_header(skb, 0);
412 skb_set_network_header(skb, 0);
413 skb_set_transport_header(skb, 0);
414
415 pkt_data = (struct ieee80211_tx_packet_data *) skb->cb;
416 memset(pkt_data, 0, sizeof(struct ieee80211_tx_packet_data));
417 pkt_data->ifindex = sdata->dev->ifindex;
418 pkt_data->mgmt_iface = (sdata->type == IEEE80211_IF_TYPE_MGMT);
419 pkt_data->do_not_encrypt = !encrypt;
420
421 dev_queue_xmit(skb);
422}
423
424
425static void ieee80211_send_auth(struct net_device *dev,
426 struct ieee80211_if_sta *ifsta,
427 int transaction, u8 *extra, size_t extra_len,
428 int encrypt)
429{
430 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
431 struct sk_buff *skb;
432 struct ieee80211_mgmt *mgmt;
433
434 skb = dev_alloc_skb(local->hw.extra_tx_headroom +
435 sizeof(*mgmt) + 6 + extra_len);
436 if (!skb) {
437 printk(KERN_DEBUG "%s: failed to allocate buffer for auth "
438 "frame\n", dev->name);
439 return;
440 }
441 skb_reserve(skb, local->hw.extra_tx_headroom);
442
443 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24 + 6);
444 memset(mgmt, 0, 24 + 6);
445 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
446 IEEE80211_STYPE_AUTH);
447 if (encrypt)
448 mgmt->frame_control |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
449 memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
450 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
451 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
452 mgmt->u.auth.auth_alg = cpu_to_le16(ifsta->auth_alg);
453 mgmt->u.auth.auth_transaction = cpu_to_le16(transaction);
454 ifsta->auth_transaction = transaction + 1;
455 mgmt->u.auth.status_code = cpu_to_le16(0);
456 if (extra)
457 memcpy(skb_put(skb, extra_len), extra, extra_len);
458
459 ieee80211_sta_tx(dev, skb, encrypt);
460}
461
462
463static void ieee80211_authenticate(struct net_device *dev,
464 struct ieee80211_if_sta *ifsta)
465{
466 ifsta->auth_tries++;
467 if (ifsta->auth_tries > IEEE80211_AUTH_MAX_TRIES) {
468 printk(KERN_DEBUG "%s: authentication with AP " MAC_FMT
469 " timed out\n",
470 dev->name, MAC_ARG(ifsta->bssid));
471 ifsta->state = IEEE80211_DISABLED;
472 return;
473 }
474
475 ifsta->state = IEEE80211_AUTHENTICATE;
476 printk(KERN_DEBUG "%s: authenticate with AP " MAC_FMT "\n",
477 dev->name, MAC_ARG(ifsta->bssid));
478
479 ieee80211_send_auth(dev, ifsta, 1, NULL, 0, 0);
480
481 mod_timer(&ifsta->timer, jiffies + IEEE80211_AUTH_TIMEOUT);
482}
483
484
485static void ieee80211_send_assoc(struct net_device *dev,
486 struct ieee80211_if_sta *ifsta)
487{
488 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
489 struct ieee80211_hw_mode *mode;
490 struct sk_buff *skb;
491 struct ieee80211_mgmt *mgmt;
492 u8 *pos, *ies;
493 int i, len;
494 u16 capab;
495 struct ieee80211_sta_bss *bss;
496 int wmm = 0;
497
498 skb = dev_alloc_skb(local->hw.extra_tx_headroom +
499 sizeof(*mgmt) + 200 + ifsta->extra_ie_len +
500 ifsta->ssid_len);
501 if (!skb) {
502 printk(KERN_DEBUG "%s: failed to allocate buffer for assoc "
503 "frame\n", dev->name);
504 return;
505 }
506 skb_reserve(skb, local->hw.extra_tx_headroom);
507
508 mode = local->oper_hw_mode;
509 capab = ifsta->capab;
510 if (mode->mode == MODE_IEEE80211G) {
511 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME |
512 WLAN_CAPABILITY_SHORT_PREAMBLE;
513 }
514 bss = ieee80211_rx_bss_get(dev, ifsta->bssid);
515 if (bss) {
516 if (bss->capability & WLAN_CAPABILITY_PRIVACY)
517 capab |= WLAN_CAPABILITY_PRIVACY;
518 if (bss->wmm_ie) {
519 wmm = 1;
520 }
521 ieee80211_rx_bss_put(dev, bss);
522 }
523
524 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
525 memset(mgmt, 0, 24);
526 memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
527 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
528 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
529
530 if (ifsta->prev_bssid_set) {
531 skb_put(skb, 10);
532 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
533 IEEE80211_STYPE_REASSOC_REQ);
534 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab);
535 mgmt->u.reassoc_req.listen_interval = cpu_to_le16(1);
536 memcpy(mgmt->u.reassoc_req.current_ap, ifsta->prev_bssid,
537 ETH_ALEN);
538 } else {
539 skb_put(skb, 4);
540 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
541 IEEE80211_STYPE_ASSOC_REQ);
542 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab);
543 mgmt->u.assoc_req.listen_interval = cpu_to_le16(1);
544 }
545
546 /* SSID */
547 ies = pos = skb_put(skb, 2 + ifsta->ssid_len);
548 *pos++ = WLAN_EID_SSID;
549 *pos++ = ifsta->ssid_len;
550 memcpy(pos, ifsta->ssid, ifsta->ssid_len);
551
552 len = mode->num_rates;
553 if (len > 8)
554 len = 8;
555 pos = skb_put(skb, len + 2);
556 *pos++ = WLAN_EID_SUPP_RATES;
557 *pos++ = len;
558 for (i = 0; i < len; i++) {
559 int rate = mode->rates[i].rate;
560 if (mode->mode == MODE_ATHEROS_TURBO)
561 rate /= 2;
562 *pos++ = (u8) (rate / 5);
563 }
564
565 if (mode->num_rates > len) {
566 pos = skb_put(skb, mode->num_rates - len + 2);
567 *pos++ = WLAN_EID_EXT_SUPP_RATES;
568 *pos++ = mode->num_rates - len;
569 for (i = len; i < mode->num_rates; i++) {
570 int rate = mode->rates[i].rate;
571 if (mode->mode == MODE_ATHEROS_TURBO)
572 rate /= 2;
573 *pos++ = (u8) (rate / 5);
574 }
575 }
576
577 if (ifsta->extra_ie) {
578 pos = skb_put(skb, ifsta->extra_ie_len);
579 memcpy(pos, ifsta->extra_ie, ifsta->extra_ie_len);
580 }
581
582 if (wmm && ifsta->wmm_enabled) {
583 pos = skb_put(skb, 9);
584 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
585 *pos++ = 7; /* len */
586 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */
587 *pos++ = 0x50;
588 *pos++ = 0xf2;
589 *pos++ = 2; /* WME */
590 *pos++ = 0; /* WME info */
591 *pos++ = 1; /* WME ver */
592 *pos++ = 0;
593 }
594
595 kfree(ifsta->assocreq_ies);
596 ifsta->assocreq_ies_len = (skb->data + skb->len) - ies;
597 ifsta->assocreq_ies = kmalloc(ifsta->assocreq_ies_len, GFP_ATOMIC);
598 if (ifsta->assocreq_ies)
599 memcpy(ifsta->assocreq_ies, ies, ifsta->assocreq_ies_len);
600
601 ieee80211_sta_tx(dev, skb, 0);
602}
603
604
605static void ieee80211_send_deauth(struct net_device *dev,
606 struct ieee80211_if_sta *ifsta, u16 reason)
607{
608 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
609 struct sk_buff *skb;
610 struct ieee80211_mgmt *mgmt;
611
612 skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt));
613 if (!skb) {
614 printk(KERN_DEBUG "%s: failed to allocate buffer for deauth "
615 "frame\n", dev->name);
616 return;
617 }
618 skb_reserve(skb, local->hw.extra_tx_headroom);
619
620 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
621 memset(mgmt, 0, 24);
622 memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
623 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
624 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
625 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
626 IEEE80211_STYPE_DEAUTH);
627 skb_put(skb, 2);
628 mgmt->u.deauth.reason_code = cpu_to_le16(reason);
629
630 ieee80211_sta_tx(dev, skb, 0);
631}
632
633
634static void ieee80211_send_disassoc(struct net_device *dev,
635 struct ieee80211_if_sta *ifsta, u16 reason)
636{
637 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
638 struct sk_buff *skb;
639 struct ieee80211_mgmt *mgmt;
640
641 skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt));
642 if (!skb) {
643 printk(KERN_DEBUG "%s: failed to allocate buffer for disassoc "
644 "frame\n", dev->name);
645 return;
646 }
647 skb_reserve(skb, local->hw.extra_tx_headroom);
648
649 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
650 memset(mgmt, 0, 24);
651 memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
652 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
653 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
654 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
655 IEEE80211_STYPE_DISASSOC);
656 skb_put(skb, 2);
657 mgmt->u.disassoc.reason_code = cpu_to_le16(reason);
658
659 ieee80211_sta_tx(dev, skb, 0);
660}
661
662
663static int ieee80211_privacy_mismatch(struct net_device *dev,
664 struct ieee80211_if_sta *ifsta)
665{
666 struct ieee80211_sta_bss *bss;
667 int res = 0;
668
669 if (!ifsta || ifsta->mixed_cell ||
670 ifsta->key_mgmt != IEEE80211_KEY_MGMT_NONE)
671 return 0;
672
673 bss = ieee80211_rx_bss_get(dev, ifsta->bssid);
674 if (!bss)
675 return 0;
676
677 if (ieee80211_sta_wep_configured(dev) !=
678 !!(bss->capability & WLAN_CAPABILITY_PRIVACY))
679 res = 1;
680
681 ieee80211_rx_bss_put(dev, bss);
682
683 return res;
684}
685
686
687static void ieee80211_associate(struct net_device *dev,
688 struct ieee80211_if_sta *ifsta)
689{
690 ifsta->assoc_tries++;
691 if (ifsta->assoc_tries > IEEE80211_ASSOC_MAX_TRIES) {
692 printk(KERN_DEBUG "%s: association with AP " MAC_FMT
693 " timed out\n",
694 dev->name, MAC_ARG(ifsta->bssid));
695 ifsta->state = IEEE80211_DISABLED;
696 return;
697 }
698
699 ifsta->state = IEEE80211_ASSOCIATE;
700 printk(KERN_DEBUG "%s: associate with AP " MAC_FMT "\n",
701 dev->name, MAC_ARG(ifsta->bssid));
702 if (ieee80211_privacy_mismatch(dev, ifsta)) {
703 printk(KERN_DEBUG "%s: mismatch in privacy configuration and "
704 "mixed-cell disabled - abort association\n", dev->name);
705 ifsta->state = IEEE80211_DISABLED;
706 return;
707 }
708
709 ieee80211_send_assoc(dev, ifsta);
710
711 mod_timer(&ifsta->timer, jiffies + IEEE80211_ASSOC_TIMEOUT);
712}
713
714
715static void ieee80211_associated(struct net_device *dev,
716 struct ieee80211_if_sta *ifsta)
717{
718 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
719 struct sta_info *sta;
720 int disassoc;
721
722 /* TODO: start monitoring current AP signal quality and number of
723 * missed beacons. Scan other channels every now and then and search
724 * for better APs. */
725 /* TODO: remove expired BSSes */
726
727 ifsta->state = IEEE80211_ASSOCIATED;
728
729 sta = sta_info_get(local, ifsta->bssid);
730 if (!sta) {
731 printk(KERN_DEBUG "%s: No STA entry for own AP " MAC_FMT "\n",
732 dev->name, MAC_ARG(ifsta->bssid));
733 disassoc = 1;
734 } else {
735 disassoc = 0;
736 if (time_after(jiffies,
737 sta->last_rx + IEEE80211_MONITORING_INTERVAL)) {
738 if (ifsta->probereq_poll) {
739 printk(KERN_DEBUG "%s: No ProbeResp from "
740 "current AP " MAC_FMT " - assume out of "
741 "range\n",
742 dev->name, MAC_ARG(ifsta->bssid));
743 disassoc = 1;
744 sta_info_free(sta, 0);
745 ifsta->probereq_poll = 0;
746 } else {
747 ieee80211_send_probe_req(dev, ifsta->bssid,
748 local->scan_ssid,
749 local->scan_ssid_len);
750 ifsta->probereq_poll = 1;
751 }
752 } else {
753 ifsta->probereq_poll = 0;
754 if (time_after(jiffies, ifsta->last_probe +
755 IEEE80211_PROBE_INTERVAL)) {
756 ifsta->last_probe = jiffies;
757 ieee80211_send_probe_req(dev, ifsta->bssid,
758 ifsta->ssid,
759 ifsta->ssid_len);
760 }
761 }
762 sta_info_put(sta);
763 }
764 if (disassoc) {
765 union iwreq_data wrqu;
766 memset(wrqu.ap_addr.sa_data, 0, ETH_ALEN);
767 wrqu.ap_addr.sa_family = ARPHRD_ETHER;
768 wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL);
769 mod_timer(&ifsta->timer, jiffies +
770 IEEE80211_MONITORING_INTERVAL + 30 * HZ);
771 } else {
772 mod_timer(&ifsta->timer, jiffies +
773 IEEE80211_MONITORING_INTERVAL);
774 }
775}
776
777
778static void ieee80211_send_probe_req(struct net_device *dev, u8 *dst,
779 u8 *ssid, size_t ssid_len)
780{
781 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
782 struct ieee80211_hw_mode *mode;
783 struct sk_buff *skb;
784 struct ieee80211_mgmt *mgmt;
785 u8 *pos, *supp_rates, *esupp_rates = NULL;
786 int i;
787
788 skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt) + 200);
789 if (!skb) {
790 printk(KERN_DEBUG "%s: failed to allocate buffer for probe "
791 "request\n", dev->name);
792 return;
793 }
794 skb_reserve(skb, local->hw.extra_tx_headroom);
795
796 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
797 memset(mgmt, 0, 24);
798 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
799 IEEE80211_STYPE_PROBE_REQ);
800 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
801 if (dst) {
802 memcpy(mgmt->da, dst, ETH_ALEN);
803 memcpy(mgmt->bssid, dst, ETH_ALEN);
804 } else {
805 memset(mgmt->da, 0xff, ETH_ALEN);
806 memset(mgmt->bssid, 0xff, ETH_ALEN);
807 }
808 pos = skb_put(skb, 2 + ssid_len);
809 *pos++ = WLAN_EID_SSID;
810 *pos++ = ssid_len;
811 memcpy(pos, ssid, ssid_len);
812
813 supp_rates = skb_put(skb, 2);
814 supp_rates[0] = WLAN_EID_SUPP_RATES;
815 supp_rates[1] = 0;
816 mode = local->oper_hw_mode;
817 for (i = 0; i < mode->num_rates; i++) {
818 struct ieee80211_rate *rate = &mode->rates[i];
819 if (!(rate->flags & IEEE80211_RATE_SUPPORTED))
820 continue;
821 if (esupp_rates) {
822 pos = skb_put(skb, 1);
823 esupp_rates[1]++;
824 } else if (supp_rates[1] == 8) {
825 esupp_rates = skb_put(skb, 3);
826 esupp_rates[0] = WLAN_EID_EXT_SUPP_RATES;
827 esupp_rates[1] = 1;
828 pos = &esupp_rates[2];
829 } else {
830 pos = skb_put(skb, 1);
831 supp_rates[1]++;
832 }
833 if (mode->mode == MODE_ATHEROS_TURBO)
834 *pos = rate->rate / 10;
835 else
836 *pos = rate->rate / 5;
837 }
838
839 ieee80211_sta_tx(dev, skb, 0);
840}
841
842
843static int ieee80211_sta_wep_configured(struct net_device *dev)
844{
845 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
846 if (!sdata || !sdata->default_key ||
847 sdata->default_key->alg != ALG_WEP)
848 return 0;
849 return 1;
850}
851
852
853static void ieee80211_auth_completed(struct net_device *dev,
854 struct ieee80211_if_sta *ifsta)
855{
856 printk(KERN_DEBUG "%s: authenticated\n", dev->name);
857 ifsta->authenticated = 1;
858 ieee80211_associate(dev, ifsta);
859}
860
861
862static void ieee80211_auth_challenge(struct net_device *dev,
863 struct ieee80211_if_sta *ifsta,
864 struct ieee80211_mgmt *mgmt,
865 size_t len)
866{
867 u8 *pos;
868 struct ieee802_11_elems elems;
869
870 printk(KERN_DEBUG "%s: replying to auth challenge\n", dev->name);
871 pos = mgmt->u.auth.variable;
872 if (ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems)
873 == ParseFailed) {
874 printk(KERN_DEBUG "%s: failed to parse Auth(challenge)\n",
875 dev->name);
876 return;
877 }
878 if (!elems.challenge) {
879 printk(KERN_DEBUG "%s: no challenge IE in shared key auth "
880 "frame\n", dev->name);
881 return;
882 }
883 ieee80211_send_auth(dev, ifsta, 3, elems.challenge - 2,
884 elems.challenge_len + 2, 1);
885}
886
887
888static void ieee80211_rx_mgmt_auth(struct net_device *dev,
889 struct ieee80211_if_sta *ifsta,
890 struct ieee80211_mgmt *mgmt,
891 size_t len)
892{
893 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
894 u16 auth_alg, auth_transaction, status_code;
895
896 if (ifsta->state != IEEE80211_AUTHENTICATE &&
897 sdata->type != IEEE80211_IF_TYPE_IBSS) {
898 printk(KERN_DEBUG "%s: authentication frame received from "
899 MAC_FMT ", but not in authenticate state - ignored\n",
900 dev->name, MAC_ARG(mgmt->sa));
901 return;
902 }
903
904 if (len < 24 + 6) {
905 printk(KERN_DEBUG "%s: too short (%zd) authentication frame "
906 "received from " MAC_FMT " - ignored\n",
907 dev->name, len, MAC_ARG(mgmt->sa));
908 return;
909 }
910
911 if (sdata->type != IEEE80211_IF_TYPE_IBSS &&
912 memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) {
913 printk(KERN_DEBUG "%s: authentication frame received from "
914 "unknown AP (SA=" MAC_FMT " BSSID=" MAC_FMT ") - "
915 "ignored\n", dev->name, MAC_ARG(mgmt->sa),
916 MAC_ARG(mgmt->bssid));
917 return;
918 }
919
920 if (sdata->type != IEEE80211_IF_TYPE_IBSS &&
921 memcmp(ifsta->bssid, mgmt->bssid, ETH_ALEN) != 0) {
922 printk(KERN_DEBUG "%s: authentication frame received from "
923 "unknown BSSID (SA=" MAC_FMT " BSSID=" MAC_FMT ") - "
924 "ignored\n", dev->name, MAC_ARG(mgmt->sa),
925 MAC_ARG(mgmt->bssid));
926 return;
927 }
928
929 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
930 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
931 status_code = le16_to_cpu(mgmt->u.auth.status_code);
932
933 printk(KERN_DEBUG "%s: RX authentication from " MAC_FMT " (alg=%d "
934 "transaction=%d status=%d)\n",
935 dev->name, MAC_ARG(mgmt->sa), auth_alg,
936 auth_transaction, status_code);
937
938 if (sdata->type == IEEE80211_IF_TYPE_IBSS) {
939 /* IEEE 802.11 standard does not require authentication in IBSS
940 * networks and most implementations do not seem to use it.
941 * However, try to reply to authentication attempts if someone
942 * has actually implemented this.
943 * TODO: Could implement shared key authentication. */
944 if (auth_alg != WLAN_AUTH_OPEN || auth_transaction != 1) {
945 printk(KERN_DEBUG "%s: unexpected IBSS authentication "
946 "frame (alg=%d transaction=%d)\n",
947 dev->name, auth_alg, auth_transaction);
948 return;
949 }
950 ieee80211_send_auth(dev, ifsta, 2, NULL, 0, 0);
951 }
952
953 if (auth_alg != ifsta->auth_alg ||
954 auth_transaction != ifsta->auth_transaction) {
955 printk(KERN_DEBUG "%s: unexpected authentication frame "
956 "(alg=%d transaction=%d)\n",
957 dev->name, auth_alg, auth_transaction);
958 return;
959 }
960
961 if (status_code != WLAN_STATUS_SUCCESS) {
962 printk(KERN_DEBUG "%s: AP denied authentication (auth_alg=%d "
963 "code=%d)\n", dev->name, ifsta->auth_alg, status_code);
964 if (status_code == WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG) {
965 u8 algs[3];
966 const int num_algs = ARRAY_SIZE(algs);
967 int i, pos;
968 algs[0] = algs[1] = algs[2] = 0xff;
969 if (ifsta->auth_algs & IEEE80211_AUTH_ALG_OPEN)
970 algs[0] = WLAN_AUTH_OPEN;
971 if (ifsta->auth_algs & IEEE80211_AUTH_ALG_SHARED_KEY)
972 algs[1] = WLAN_AUTH_SHARED_KEY;
973 if (ifsta->auth_algs & IEEE80211_AUTH_ALG_LEAP)
974 algs[2] = WLAN_AUTH_LEAP;
975 if (ifsta->auth_alg == WLAN_AUTH_OPEN)
976 pos = 0;
977 else if (ifsta->auth_alg == WLAN_AUTH_SHARED_KEY)
978 pos = 1;
979 else
980 pos = 2;
981 for (i = 0; i < num_algs; i++) {
982 pos++;
983 if (pos >= num_algs)
984 pos = 0;
985 if (algs[pos] == ifsta->auth_alg ||
986 algs[pos] == 0xff)
987 continue;
988 if (algs[pos] == WLAN_AUTH_SHARED_KEY &&
989 !ieee80211_sta_wep_configured(dev))
990 continue;
991 ifsta->auth_alg = algs[pos];
992 printk(KERN_DEBUG "%s: set auth_alg=%d for "
993 "next try\n",
994 dev->name, ifsta->auth_alg);
995 break;
996 }
997 }
998 return;
999 }
1000
1001 switch (ifsta->auth_alg) {
1002 case WLAN_AUTH_OPEN:
1003 case WLAN_AUTH_LEAP:
1004 ieee80211_auth_completed(dev, ifsta);
1005 break;
1006 case WLAN_AUTH_SHARED_KEY:
1007 if (ifsta->auth_transaction == 4)
1008 ieee80211_auth_completed(dev, ifsta);
1009 else
1010 ieee80211_auth_challenge(dev, ifsta, mgmt, len);
1011 break;
1012 }
1013}
1014
1015
1016static void ieee80211_rx_mgmt_deauth(struct net_device *dev,
1017 struct ieee80211_if_sta *ifsta,
1018 struct ieee80211_mgmt *mgmt,
1019 size_t len)
1020{
1021 u16 reason_code;
1022
1023 if (len < 24 + 2) {
1024 printk(KERN_DEBUG "%s: too short (%zd) deauthentication frame "
1025 "received from " MAC_FMT " - ignored\n",
1026 dev->name, len, MAC_ARG(mgmt->sa));
1027 return;
1028 }
1029
1030 if (memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) {
1031 printk(KERN_DEBUG "%s: deauthentication frame received from "
1032 "unknown AP (SA=" MAC_FMT " BSSID=" MAC_FMT ") - "
1033 "ignored\n", dev->name, MAC_ARG(mgmt->sa),
1034 MAC_ARG(mgmt->bssid));
1035 return;
1036 }
1037
1038 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
1039
1040 printk(KERN_DEBUG "%s: RX deauthentication from " MAC_FMT
1041 " (reason=%d)\n",
1042 dev->name, MAC_ARG(mgmt->sa), reason_code);
1043
1044 if (ifsta->authenticated) {
1045 printk(KERN_DEBUG "%s: deauthenticated\n", dev->name);
1046 }
1047
1048 if (ifsta->state == IEEE80211_AUTHENTICATE ||
1049 ifsta->state == IEEE80211_ASSOCIATE ||
1050 ifsta->state == IEEE80211_ASSOCIATED) {
1051 ifsta->state = IEEE80211_AUTHENTICATE;
1052 mod_timer(&ifsta->timer, jiffies +
1053 IEEE80211_RETRY_AUTH_INTERVAL);
1054 }
1055
1056 ieee80211_set_disassoc(dev, ifsta, 1);
1057 ifsta->authenticated = 0;
1058}
1059
1060
1061static void ieee80211_rx_mgmt_disassoc(struct net_device *dev,
1062 struct ieee80211_if_sta *ifsta,
1063 struct ieee80211_mgmt *mgmt,
1064 size_t len)
1065{
1066 u16 reason_code;
1067
1068 if (len < 24 + 2) {
1069 printk(KERN_DEBUG "%s: too short (%zd) disassociation frame "
1070 "received from " MAC_FMT " - ignored\n",
1071 dev->name, len, MAC_ARG(mgmt->sa));
1072 return;
1073 }
1074
1075 if (memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) {
1076 printk(KERN_DEBUG "%s: disassociation frame received from "
1077 "unknown AP (SA=" MAC_FMT " BSSID=" MAC_FMT ") - "
1078 "ignored\n", dev->name, MAC_ARG(mgmt->sa),
1079 MAC_ARG(mgmt->bssid));
1080 return;
1081 }
1082
1083 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
1084
1085 printk(KERN_DEBUG "%s: RX disassociation from " MAC_FMT
1086 " (reason=%d)\n",
1087 dev->name, MAC_ARG(mgmt->sa), reason_code);
1088
1089 if (ifsta->associated)
1090 printk(KERN_DEBUG "%s: disassociated\n", dev->name);
1091
1092 if (ifsta->state == IEEE80211_ASSOCIATED) {
1093 ifsta->state = IEEE80211_ASSOCIATE;
1094 mod_timer(&ifsta->timer, jiffies +
1095 IEEE80211_RETRY_AUTH_INTERVAL);
1096 }
1097
1098 ieee80211_set_disassoc(dev, ifsta, 0);
1099}
1100
1101
1102static void ieee80211_rx_mgmt_assoc_resp(struct net_device *dev,
1103 struct ieee80211_if_sta *ifsta,
1104 struct ieee80211_mgmt *mgmt,
1105 size_t len,
1106 int reassoc)
1107{
1108 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1109 struct ieee80211_hw_mode *mode;
1110 struct sta_info *sta;
1111 u32 rates;
1112 u16 capab_info, status_code, aid;
1113 struct ieee802_11_elems elems;
1114 u8 *pos;
1115 int i, j;
1116
1117 /* AssocResp and ReassocResp have identical structure, so process both
1118 * of them in this function. */
1119
1120 if (ifsta->state != IEEE80211_ASSOCIATE) {
1121 printk(KERN_DEBUG "%s: association frame received from "
1122 MAC_FMT ", but not in associate state - ignored\n",
1123 dev->name, MAC_ARG(mgmt->sa));
1124 return;
1125 }
1126
1127 if (len < 24 + 6) {
1128 printk(KERN_DEBUG "%s: too short (%zd) association frame "
1129 "received from " MAC_FMT " - ignored\n",
1130 dev->name, len, MAC_ARG(mgmt->sa));
1131 return;
1132 }
1133
1134 if (memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) {
1135 printk(KERN_DEBUG "%s: association frame received from "
1136 "unknown AP (SA=" MAC_FMT " BSSID=" MAC_FMT ") - "
1137 "ignored\n", dev->name, MAC_ARG(mgmt->sa),
1138 MAC_ARG(mgmt->bssid));
1139 return;
1140 }
1141
1142 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
1143 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
1144 aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
1145 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14)))
1146 printk(KERN_DEBUG "%s: invalid aid value %d; bits 15:14 not "
1147 "set\n", dev->name, aid);
1148 aid &= ~(BIT(15) | BIT(14));
1149
1150 printk(KERN_DEBUG "%s: RX %sssocResp from " MAC_FMT " (capab=0x%x "
1151 "status=%d aid=%d)\n",
1152 dev->name, reassoc ? "Rea" : "A", MAC_ARG(mgmt->sa),
1153 capab_info, status_code, aid);
1154
1155 if (status_code != WLAN_STATUS_SUCCESS) {
1156 printk(KERN_DEBUG "%s: AP denied association (code=%d)\n",
1157 dev->name, status_code);
1158 return;
1159 }
1160
1161 pos = mgmt->u.assoc_resp.variable;
1162 if (ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems)
1163 == ParseFailed) {
1164 printk(KERN_DEBUG "%s: failed to parse AssocResp\n",
1165 dev->name);
1166 return;
1167 }
1168
1169 if (!elems.supp_rates) {
1170 printk(KERN_DEBUG "%s: no SuppRates element in AssocResp\n",
1171 dev->name);
1172 return;
1173 }
1174
1175 printk(KERN_DEBUG "%s: associated\n", dev->name);
1176 ifsta->aid = aid;
1177 ifsta->ap_capab = capab_info;
1178
1179 kfree(ifsta->assocresp_ies);
1180 ifsta->assocresp_ies_len = len - (pos - (u8 *) mgmt);
1181 ifsta->assocresp_ies = kmalloc(ifsta->assocresp_ies_len, GFP_ATOMIC);
1182 if (ifsta->assocresp_ies)
1183 memcpy(ifsta->assocresp_ies, pos, ifsta->assocresp_ies_len);
1184
1185 ieee80211_set_associated(dev, ifsta, 1);
1186
1187 /* Add STA entry for the AP */
1188 sta = sta_info_get(local, ifsta->bssid);
1189 if (!sta) {
1190 struct ieee80211_sta_bss *bss;
1191 sta = sta_info_add(local, dev, ifsta->bssid, GFP_ATOMIC);
1192 if (!sta) {
1193 printk(KERN_DEBUG "%s: failed to add STA entry for the"
1194 " AP\n", dev->name);
1195 return;
1196 }
1197 bss = ieee80211_rx_bss_get(dev, ifsta->bssid);
1198 if (bss) {
1199 sta->last_rssi = bss->rssi;
1200 sta->last_signal = bss->signal;
1201 sta->last_noise = bss->noise;
1202 ieee80211_rx_bss_put(dev, bss);
1203 }
1204 }
1205
1206 sta->dev = dev;
1207 sta->flags |= WLAN_STA_AUTH | WLAN_STA_ASSOC;
1208 sta->assoc_ap = 1;
1209
1210 rates = 0;
1211 mode = local->oper_hw_mode;
1212 for (i = 0; i < elems.supp_rates_len; i++) {
1213 int rate = (elems.supp_rates[i] & 0x7f) * 5;
1214 if (mode->mode == MODE_ATHEROS_TURBO)
1215 rate *= 2;
1216 for (j = 0; j < mode->num_rates; j++)
1217 if (mode->rates[j].rate == rate)
1218 rates |= BIT(j);
1219 }
1220 for (i = 0; i < elems.ext_supp_rates_len; i++) {
1221 int rate = (elems.ext_supp_rates[i] & 0x7f) * 5;
1222 if (mode->mode == MODE_ATHEROS_TURBO)
1223 rate *= 2;
1224 for (j = 0; j < mode->num_rates; j++)
1225 if (mode->rates[j].rate == rate)
1226 rates |= BIT(j);
1227 }
1228 sta->supp_rates = rates;
1229
1230 rate_control_rate_init(sta, local);
1231
1232 if (elems.wmm_param && ifsta->wmm_enabled) {
1233 sta->flags |= WLAN_STA_WME;
1234 ieee80211_sta_wmm_params(dev, ifsta, elems.wmm_param,
1235 elems.wmm_param_len);
1236 }
1237
1238
1239 sta_info_put(sta);
1240
1241 ieee80211_associated(dev, ifsta);
1242}
1243
1244
1245/* Caller must hold local->sta_bss_lock */
1246static void __ieee80211_rx_bss_hash_add(struct net_device *dev,
1247 struct ieee80211_sta_bss *bss)
1248{
1249 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1250 bss->hnext = local->sta_bss_hash[STA_HASH(bss->bssid)];
1251 local->sta_bss_hash[STA_HASH(bss->bssid)] = bss;
1252}
1253
1254
1255/* Caller must hold local->sta_bss_lock */
1256static void __ieee80211_rx_bss_hash_del(struct net_device *dev,
1257 struct ieee80211_sta_bss *bss)
1258{
1259 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1260 struct ieee80211_sta_bss *b, *prev = NULL;
1261 b = local->sta_bss_hash[STA_HASH(bss->bssid)];
1262 while (b) {
1263 if (b == bss) {
1264 if (!prev)
1265 local->sta_bss_hash[STA_HASH(bss->bssid)] =
1266 bss->hnext;
1267 else
1268 prev->hnext = bss->hnext;
1269 break;
1270 }
1271 prev = b;
1272 b = b->hnext;
1273 }
1274}
1275
1276
1277static struct ieee80211_sta_bss *
1278ieee80211_rx_bss_add(struct net_device *dev, u8 *bssid)
1279{
1280 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1281 struct ieee80211_sta_bss *bss;
1282
1283 bss = kmalloc(sizeof(*bss), GFP_ATOMIC);
1284 if (!bss)
1285 return NULL;
1286 memset(bss, 0, sizeof(*bss));
1287 atomic_inc(&bss->users);
1288 atomic_inc(&bss->users);
1289 memcpy(bss->bssid, bssid, ETH_ALEN);
1290
1291 spin_lock_bh(&local->sta_bss_lock);
1292 /* TODO: order by RSSI? */
1293 list_add_tail(&bss->list, &local->sta_bss_list);
1294 __ieee80211_rx_bss_hash_add(dev, bss);
1295 spin_unlock_bh(&local->sta_bss_lock);
1296 return bss;
1297}
1298
1299
1300static struct ieee80211_sta_bss *
1301ieee80211_rx_bss_get(struct net_device *dev, u8 *bssid)
1302{
1303 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1304 struct ieee80211_sta_bss *bss;
1305
1306 spin_lock_bh(&local->sta_bss_lock);
1307 bss = local->sta_bss_hash[STA_HASH(bssid)];
1308 while (bss) {
1309 if (memcmp(bss->bssid, bssid, ETH_ALEN) == 0) {
1310 atomic_inc(&bss->users);
1311 break;
1312 }
1313 bss = bss->hnext;
1314 }
1315 spin_unlock_bh(&local->sta_bss_lock);
1316 return bss;
1317}
1318
1319
1320static void ieee80211_rx_bss_free(struct ieee80211_sta_bss *bss)
1321{
1322 kfree(bss->wpa_ie);
1323 kfree(bss->rsn_ie);
1324 kfree(bss->wmm_ie);
1325 kfree(bss);
1326}
1327
1328
1329static void ieee80211_rx_bss_put(struct net_device *dev,
1330 struct ieee80211_sta_bss *bss)
1331{
1332 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1333 if (!atomic_dec_and_test(&bss->users))
1334 return;
1335
1336 spin_lock_bh(&local->sta_bss_lock);
1337 __ieee80211_rx_bss_hash_del(dev, bss);
1338 list_del(&bss->list);
1339 spin_unlock_bh(&local->sta_bss_lock);
1340 ieee80211_rx_bss_free(bss);
1341}
1342
1343
1344void ieee80211_rx_bss_list_init(struct net_device *dev)
1345{
1346 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1347 spin_lock_init(&local->sta_bss_lock);
1348 INIT_LIST_HEAD(&local->sta_bss_list);
1349}
1350
1351
1352void ieee80211_rx_bss_list_deinit(struct net_device *dev)
1353{
1354 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1355 struct ieee80211_sta_bss *bss, *tmp;
1356
1357 list_for_each_entry_safe(bss, tmp, &local->sta_bss_list, list)
1358 ieee80211_rx_bss_put(dev, bss);
1359}
1360
1361
1362static void ieee80211_rx_bss_info(struct net_device *dev,
1363 struct ieee80211_mgmt *mgmt,
1364 size_t len,
1365 struct ieee80211_rx_status *rx_status,
1366 int beacon)
1367{
1368 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1369 struct ieee802_11_elems elems;
1370 size_t baselen;
1371 int channel, invalid = 0, clen;
1372 struct ieee80211_sta_bss *bss;
1373 struct sta_info *sta;
1374 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1375 u64 timestamp;
1376
1377 if (!beacon && memcmp(mgmt->da, dev->dev_addr, ETH_ALEN))
1378 return; /* ignore ProbeResp to foreign address */
1379
1380#if 0
1381 printk(KERN_DEBUG "%s: RX %s from " MAC_FMT " to " MAC_FMT "\n",
1382 dev->name, beacon ? "Beacon" : "Probe Response",
1383 MAC_ARG(mgmt->sa), MAC_ARG(mgmt->da));
1384#endif
1385
1386 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
1387 if (baselen > len)
1388 return;
1389
1390 timestamp = le64_to_cpu(mgmt->u.beacon.timestamp);
1391
1392 if (sdata->type == IEEE80211_IF_TYPE_IBSS && beacon &&
1393 memcmp(mgmt->bssid, sdata->u.sta.bssid, ETH_ALEN) == 0) {
1394#ifdef CONFIG_MAC80211_IBSS_DEBUG
1395 static unsigned long last_tsf_debug = 0;
1396 u64 tsf;
1397 if (local->ops->get_tsf)
1398 tsf = local->ops->get_tsf(local_to_hw(local));
1399 else
1400 tsf = -1LLU;
1401 if (time_after(jiffies, last_tsf_debug + 5 * HZ)) {
1402 printk(KERN_DEBUG "RX beacon SA=" MAC_FMT " BSSID="
1403 MAC_FMT " TSF=0x%llx BCN=0x%llx diff=%lld "
1404 "@%lu\n",
1405 MAC_ARG(mgmt->sa), MAC_ARG(mgmt->bssid),
1406 (unsigned long long)tsf,
1407 (unsigned long long)timestamp,
1408 (unsigned long long)(tsf - timestamp),
1409 jiffies);
1410 last_tsf_debug = jiffies;
1411 }
1412#endif /* CONFIG_MAC80211_IBSS_DEBUG */
1413 }
1414
1415 if (ieee802_11_parse_elems(mgmt->u.beacon.variable, len - baselen,
1416 &elems) == ParseFailed)
1417 invalid = 1;
1418
1419 if (sdata->type == IEEE80211_IF_TYPE_IBSS && elems.supp_rates &&
1420 memcmp(mgmt->bssid, sdata->u.sta.bssid, ETH_ALEN) == 0 &&
1421 (sta = sta_info_get(local, mgmt->sa))) {
1422 struct ieee80211_hw_mode *mode;
1423 struct ieee80211_rate *rates;
1424 size_t num_rates;
1425 u32 supp_rates, prev_rates;
1426 int i, j;
1427
1428 mode = local->sta_scanning ?
1429 local->scan_hw_mode : local->oper_hw_mode;
1430 rates = mode->rates;
1431 num_rates = mode->num_rates;
1432
1433 supp_rates = 0;
1434 for (i = 0; i < elems.supp_rates_len +
1435 elems.ext_supp_rates_len; i++) {
1436 u8 rate = 0;
1437 int own_rate;
1438 if (i < elems.supp_rates_len)
1439 rate = elems.supp_rates[i];
1440 else if (elems.ext_supp_rates)
1441 rate = elems.ext_supp_rates
1442 [i - elems.supp_rates_len];
1443 own_rate = 5 * (rate & 0x7f);
1444 if (mode->mode == MODE_ATHEROS_TURBO)
1445 own_rate *= 2;
1446 for (j = 0; j < num_rates; j++)
1447 if (rates[j].rate == own_rate)
1448 supp_rates |= BIT(j);
1449 }
1450
1451 prev_rates = sta->supp_rates;
1452 sta->supp_rates &= supp_rates;
1453 if (sta->supp_rates == 0) {
1454 /* No matching rates - this should not really happen.
1455 * Make sure that at least one rate is marked
1456 * supported to avoid issues with TX rate ctrl. */
1457 sta->supp_rates = sdata->u.sta.supp_rates_bits;
1458 }
1459 if (sta->supp_rates != prev_rates) {
1460 printk(KERN_DEBUG "%s: updated supp_rates set for "
1461 MAC_FMT " based on beacon info (0x%x & 0x%x -> "
1462 "0x%x)\n",
1463 dev->name, MAC_ARG(sta->addr), prev_rates,
1464 supp_rates, sta->supp_rates);
1465 }
1466 sta_info_put(sta);
1467 }
1468
1469 if (!elems.ssid)
1470 return;
1471
1472 if (elems.ds_params && elems.ds_params_len == 1)
1473 channel = elems.ds_params[0];
1474 else
1475 channel = rx_status->channel;
1476
1477 bss = ieee80211_rx_bss_get(dev, mgmt->bssid);
1478 if (!bss) {
1479 bss = ieee80211_rx_bss_add(dev, mgmt->bssid);
1480 if (!bss)
1481 return;
1482 } else {
1483#if 0
1484 /* TODO: order by RSSI? */
1485 spin_lock_bh(&local->sta_bss_lock);
1486 list_move_tail(&bss->list, &local->sta_bss_list);
1487 spin_unlock_bh(&local->sta_bss_lock);
1488#endif
1489 }
1490
1491 if (bss->probe_resp && beacon) {
1492 /* Do not allow beacon to override data from Probe Response. */
1493 ieee80211_rx_bss_put(dev, bss);
1494 return;
1495 }
1496
1497 bss->beacon_int = le16_to_cpu(mgmt->u.beacon.beacon_int);
1498 bss->capability = le16_to_cpu(mgmt->u.beacon.capab_info);
1499 if (elems.ssid && elems.ssid_len <= IEEE80211_MAX_SSID_LEN) {
1500 memcpy(bss->ssid, elems.ssid, elems.ssid_len);
1501 bss->ssid_len = elems.ssid_len;
1502 }
1503
1504 bss->supp_rates_len = 0;
1505 if (elems.supp_rates) {
1506 clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len;
1507 if (clen > elems.supp_rates_len)
1508 clen = elems.supp_rates_len;
1509 memcpy(&bss->supp_rates[bss->supp_rates_len], elems.supp_rates,
1510 clen);
1511 bss->supp_rates_len += clen;
1512 }
1513 if (elems.ext_supp_rates) {
1514 clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len;
1515 if (clen > elems.ext_supp_rates_len)
1516 clen = elems.ext_supp_rates_len;
1517 memcpy(&bss->supp_rates[bss->supp_rates_len],
1518 elems.ext_supp_rates, clen);
1519 bss->supp_rates_len += clen;
1520 }
1521
1522 if (elems.wpa &&
1523 (!bss->wpa_ie || bss->wpa_ie_len != elems.wpa_len ||
1524 memcmp(bss->wpa_ie, elems.wpa, elems.wpa_len))) {
1525 kfree(bss->wpa_ie);
1526 bss->wpa_ie = kmalloc(elems.wpa_len + 2, GFP_ATOMIC);
1527 if (bss->wpa_ie) {
1528 memcpy(bss->wpa_ie, elems.wpa - 2, elems.wpa_len + 2);
1529 bss->wpa_ie_len = elems.wpa_len + 2;
1530 } else
1531 bss->wpa_ie_len = 0;
1532 } else if (!elems.wpa && bss->wpa_ie) {
1533 kfree(bss->wpa_ie);
1534 bss->wpa_ie = NULL;
1535 bss->wpa_ie_len = 0;
1536 }
1537
1538 if (elems.rsn &&
1539 (!bss->rsn_ie || bss->rsn_ie_len != elems.rsn_len ||
1540 memcmp(bss->rsn_ie, elems.rsn, elems.rsn_len))) {
1541 kfree(bss->rsn_ie);
1542 bss->rsn_ie = kmalloc(elems.rsn_len + 2, GFP_ATOMIC);
1543 if (bss->rsn_ie) {
1544 memcpy(bss->rsn_ie, elems.rsn - 2, elems.rsn_len + 2);
1545 bss->rsn_ie_len = elems.rsn_len + 2;
1546 } else
1547 bss->rsn_ie_len = 0;
1548 } else if (!elems.rsn && bss->rsn_ie) {
1549 kfree(bss->rsn_ie);
1550 bss->rsn_ie = NULL;
1551 bss->rsn_ie_len = 0;
1552 }
1553
1554 if (elems.wmm_param &&
1555 (!bss->wmm_ie || bss->wmm_ie_len != elems.wmm_param_len ||
1556 memcmp(bss->wmm_ie, elems.wmm_param, elems.wmm_param_len))) {
1557 kfree(bss->wmm_ie);
1558 bss->wmm_ie = kmalloc(elems.wmm_param_len + 2, GFP_ATOMIC);
1559 if (bss->wmm_ie) {
1560 memcpy(bss->wmm_ie, elems.wmm_param - 2,
1561 elems.wmm_param_len + 2);
1562 bss->wmm_ie_len = elems.wmm_param_len + 2;
1563 } else
1564 bss->wmm_ie_len = 0;
1565 } else if (!elems.wmm_param && bss->wmm_ie) {
1566 kfree(bss->wmm_ie);
1567 bss->wmm_ie = NULL;
1568 bss->wmm_ie_len = 0;
1569 }
1570
1571
1572 bss->hw_mode = rx_status->phymode;
1573 bss->channel = channel;
1574 bss->freq = rx_status->freq;
1575 if (channel != rx_status->channel &&
1576 (bss->hw_mode == MODE_IEEE80211G ||
1577 bss->hw_mode == MODE_IEEE80211B) &&
1578 channel >= 1 && channel <= 14) {
1579 static const int freq_list[] = {
1580 2412, 2417, 2422, 2427, 2432, 2437, 2442,
1581 2447, 2452, 2457, 2462, 2467, 2472, 2484
1582 };
1583 /* IEEE 802.11g/b mode can receive packets from neighboring
1584 * channels, so map the channel into frequency. */
1585 bss->freq = freq_list[channel - 1];
1586 }
1587 bss->timestamp = timestamp;
1588 bss->last_update = jiffies;
1589 bss->rssi = rx_status->ssi;
1590 bss->signal = rx_status->signal;
1591 bss->noise = rx_status->noise;
1592 if (!beacon)
1593 bss->probe_resp++;
1594 ieee80211_rx_bss_put(dev, bss);
1595}
1596
1597
1598static void ieee80211_rx_mgmt_probe_resp(struct net_device *dev,
1599 struct ieee80211_mgmt *mgmt,
1600 size_t len,
1601 struct ieee80211_rx_status *rx_status)
1602{
1603 ieee80211_rx_bss_info(dev, mgmt, len, rx_status, 0);
1604}
1605
1606
1607static void ieee80211_rx_mgmt_beacon(struct net_device *dev,
1608 struct ieee80211_mgmt *mgmt,
1609 size_t len,
1610 struct ieee80211_rx_status *rx_status)
1611{
1612 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1613 struct ieee80211_sub_if_data *sdata;
1614 struct ieee80211_if_sta *ifsta;
1615 int use_protection;
1616 size_t baselen;
1617 struct ieee802_11_elems elems;
1618
1619 ieee80211_rx_bss_info(dev, mgmt, len, rx_status, 1);
1620
1621 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1622 if (sdata->type != IEEE80211_IF_TYPE_STA)
1623 return;
1624 ifsta = &sdata->u.sta;
1625
1626 if (!ifsta->associated ||
1627 memcmp(ifsta->bssid, mgmt->bssid, ETH_ALEN) != 0)
1628 return;
1629
1630 /* Process beacon from the current BSS */
1631 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
1632 if (baselen > len)
1633 return;
1634
1635 if (ieee802_11_parse_elems(mgmt->u.beacon.variable, len - baselen,
1636 &elems) == ParseFailed)
1637 return;
1638
1639 use_protection = 0;
1640 if (elems.erp_info && elems.erp_info_len >= 1) {
1641 use_protection =
1642 (elems.erp_info[0] & ERP_INFO_USE_PROTECTION) != 0;
1643 }
1644
1645 if (use_protection != !!ifsta->use_protection) {
1646 if (net_ratelimit()) {
1647 printk(KERN_DEBUG "%s: CTS protection %s (BSSID="
1648 MAC_FMT ")\n",
1649 dev->name,
1650 use_protection ? "enabled" : "disabled",
1651 MAC_ARG(ifsta->bssid));
1652 }
1653 ifsta->use_protection = use_protection ? 1 : 0;
1654 local->cts_protect_erp_frames = use_protection;
1655 }
1656
1657 if (elems.wmm_param && ifsta->wmm_enabled) {
1658 ieee80211_sta_wmm_params(dev, ifsta, elems.wmm_param,
1659 elems.wmm_param_len);
1660 }
1661}
1662
1663
1664static void ieee80211_rx_mgmt_probe_req(struct net_device *dev,
1665 struct ieee80211_if_sta *ifsta,
1666 struct ieee80211_mgmt *mgmt,
1667 size_t len,
1668 struct ieee80211_rx_status *rx_status)
1669{
1670 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1671 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1672 int tx_last_beacon;
1673 struct sk_buff *skb;
1674 struct ieee80211_mgmt *resp;
1675 u8 *pos, *end;
1676
1677 if (sdata->type != IEEE80211_IF_TYPE_IBSS ||
1678 ifsta->state != IEEE80211_IBSS_JOINED ||
1679 len < 24 + 2 || !ifsta->probe_resp)
1680 return;
1681
1682 if (local->ops->tx_last_beacon)
1683 tx_last_beacon = local->ops->tx_last_beacon(local_to_hw(local));
1684 else
1685 tx_last_beacon = 1;
1686
1687#ifdef CONFIG_MAC80211_IBSS_DEBUG
1688 printk(KERN_DEBUG "%s: RX ProbeReq SA=" MAC_FMT " DA=" MAC_FMT " BSSID="
1689 MAC_FMT " (tx_last_beacon=%d)\n",
1690 dev->name, MAC_ARG(mgmt->sa), MAC_ARG(mgmt->da),
1691 MAC_ARG(mgmt->bssid), tx_last_beacon);
1692#endif /* CONFIG_MAC80211_IBSS_DEBUG */
1693
1694 if (!tx_last_beacon)
1695 return;
1696
1697 if (memcmp(mgmt->bssid, ifsta->bssid, ETH_ALEN) != 0 &&
1698 memcmp(mgmt->bssid, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) != 0)
1699 return;
1700
1701 end = ((u8 *) mgmt) + len;
1702 pos = mgmt->u.probe_req.variable;
1703 if (pos[0] != WLAN_EID_SSID ||
1704 pos + 2 + pos[1] > end) {
1705 if (net_ratelimit()) {
1706 printk(KERN_DEBUG "%s: Invalid SSID IE in ProbeReq "
1707 "from " MAC_FMT "\n",
1708 dev->name, MAC_ARG(mgmt->sa));
1709 }
1710 return;
1711 }
1712 if (pos[1] != 0 &&
1713 (pos[1] != ifsta->ssid_len ||
1714 memcmp(pos + 2, ifsta->ssid, ifsta->ssid_len) != 0)) {
1715 /* Ignore ProbeReq for foreign SSID */
1716 return;
1717 }
1718
1719 /* Reply with ProbeResp */
1720 skb = skb_copy(ifsta->probe_resp, GFP_ATOMIC);
1721 if (!skb)
1722 return;
1723
1724 resp = (struct ieee80211_mgmt *) skb->data;
1725 memcpy(resp->da, mgmt->sa, ETH_ALEN);
1726#ifdef CONFIG_MAC80211_IBSS_DEBUG
1727 printk(KERN_DEBUG "%s: Sending ProbeResp to " MAC_FMT "\n",
1728 dev->name, MAC_ARG(resp->da));
1729#endif /* CONFIG_MAC80211_IBSS_DEBUG */
1730 ieee80211_sta_tx(dev, skb, 0);
1731}
1732
1733
1734void ieee80211_sta_rx_mgmt(struct net_device *dev, struct sk_buff *skb,
1735 struct ieee80211_rx_status *rx_status)
1736{
1737 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1738 struct ieee80211_sub_if_data *sdata;
1739 struct ieee80211_if_sta *ifsta;
1740 struct ieee80211_mgmt *mgmt;
1741 u16 fc;
1742
1743 if (skb->len < 24)
1744 goto fail;
1745
1746 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1747 ifsta = &sdata->u.sta;
1748
1749 mgmt = (struct ieee80211_mgmt *) skb->data;
1750 fc = le16_to_cpu(mgmt->frame_control);
1751
1752 switch (fc & IEEE80211_FCTL_STYPE) {
1753 case IEEE80211_STYPE_PROBE_REQ:
1754 case IEEE80211_STYPE_PROBE_RESP:
1755 case IEEE80211_STYPE_BEACON:
1756 memcpy(skb->cb, rx_status, sizeof(*rx_status));
1757 case IEEE80211_STYPE_AUTH:
1758 case IEEE80211_STYPE_ASSOC_RESP:
1759 case IEEE80211_STYPE_REASSOC_RESP:
1760 case IEEE80211_STYPE_DEAUTH:
1761 case IEEE80211_STYPE_DISASSOC:
1762 skb_queue_tail(&ifsta->skb_queue, skb);
1763 queue_work(local->hw.workqueue, &ifsta->work);
1764 return;
1765 default:
1766 printk(KERN_DEBUG "%s: received unknown management frame - "
1767 "stype=%d\n", dev->name,
1768 (fc & IEEE80211_FCTL_STYPE) >> 4);
1769 break;
1770 }
1771
1772 fail:
1773 kfree_skb(skb);
1774}
1775
1776
1777static void ieee80211_sta_rx_queued_mgmt(struct net_device *dev,
1778 struct sk_buff *skb)
1779{
1780 struct ieee80211_rx_status *rx_status;
1781 struct ieee80211_sub_if_data *sdata;
1782 struct ieee80211_if_sta *ifsta;
1783 struct ieee80211_mgmt *mgmt;
1784 u16 fc;
1785
1786 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1787 ifsta = &sdata->u.sta;
1788
1789 rx_status = (struct ieee80211_rx_status *) skb->cb;
1790 mgmt = (struct ieee80211_mgmt *) skb->data;
1791 fc = le16_to_cpu(mgmt->frame_control);
1792
1793 switch (fc & IEEE80211_FCTL_STYPE) {
1794 case IEEE80211_STYPE_PROBE_REQ:
1795 ieee80211_rx_mgmt_probe_req(dev, ifsta, mgmt, skb->len,
1796 rx_status);
1797 break;
1798 case IEEE80211_STYPE_PROBE_RESP:
1799 ieee80211_rx_mgmt_probe_resp(dev, mgmt, skb->len, rx_status);
1800 break;
1801 case IEEE80211_STYPE_BEACON:
1802 ieee80211_rx_mgmt_beacon(dev, mgmt, skb->len, rx_status);
1803 break;
1804 case IEEE80211_STYPE_AUTH:
1805 ieee80211_rx_mgmt_auth(dev, ifsta, mgmt, skb->len);
1806 break;
1807 case IEEE80211_STYPE_ASSOC_RESP:
1808 ieee80211_rx_mgmt_assoc_resp(dev, ifsta, mgmt, skb->len, 0);
1809 break;
1810 case IEEE80211_STYPE_REASSOC_RESP:
1811 ieee80211_rx_mgmt_assoc_resp(dev, ifsta, mgmt, skb->len, 1);
1812 break;
1813 case IEEE80211_STYPE_DEAUTH:
1814 ieee80211_rx_mgmt_deauth(dev, ifsta, mgmt, skb->len);
1815 break;
1816 case IEEE80211_STYPE_DISASSOC:
1817 ieee80211_rx_mgmt_disassoc(dev, ifsta, mgmt, skb->len);
1818 break;
1819 }
1820
1821 kfree_skb(skb);
1822}
1823
1824
1825void ieee80211_sta_rx_scan(struct net_device *dev, struct sk_buff *skb,
1826 struct ieee80211_rx_status *rx_status)
1827{
1828 struct ieee80211_mgmt *mgmt;
1829 u16 fc;
1830
1831 if (skb->len < 24) {
1832 dev_kfree_skb(skb);
1833 return;
1834 }
1835
1836 mgmt = (struct ieee80211_mgmt *) skb->data;
1837 fc = le16_to_cpu(mgmt->frame_control);
1838
1839 if ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_MGMT) {
1840 if ((fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_PROBE_RESP) {
1841 ieee80211_rx_mgmt_probe_resp(dev, mgmt,
1842 skb->len, rx_status);
1843 } else if ((fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_BEACON) {
1844 ieee80211_rx_mgmt_beacon(dev, mgmt, skb->len,
1845 rx_status);
1846 }
1847 }
1848
1849 dev_kfree_skb(skb);
1850}
1851
1852
1853static int ieee80211_sta_active_ibss(struct net_device *dev)
1854{
1855 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1856 int active = 0;
1857 struct sta_info *sta;
1858
1859 spin_lock_bh(&local->sta_lock);
1860 list_for_each_entry(sta, &local->sta_list, list) {
1861 if (sta->dev == dev &&
1862 time_after(sta->last_rx + IEEE80211_IBSS_MERGE_INTERVAL,
1863 jiffies)) {
1864 active++;
1865 break;
1866 }
1867 }
1868 spin_unlock_bh(&local->sta_lock);
1869
1870 return active;
1871}
1872
1873
1874static void ieee80211_sta_expire(struct net_device *dev)
1875{
1876 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1877 struct sta_info *sta, *tmp;
1878
1879 spin_lock_bh(&local->sta_lock);
1880 list_for_each_entry_safe(sta, tmp, &local->sta_list, list)
1881 if (time_after(jiffies, sta->last_rx +
1882 IEEE80211_IBSS_INACTIVITY_LIMIT)) {
1883 printk(KERN_DEBUG "%s: expiring inactive STA " MAC_FMT
1884 "\n", dev->name, MAC_ARG(sta->addr));
1885 sta_info_free(sta, 1);
1886 }
1887 spin_unlock_bh(&local->sta_lock);
1888}
1889
1890
1891static void ieee80211_sta_merge_ibss(struct net_device *dev,
1892 struct ieee80211_if_sta *ifsta)
1893{
1894 mod_timer(&ifsta->timer, jiffies + IEEE80211_IBSS_MERGE_INTERVAL);
1895
1896 ieee80211_sta_expire(dev);
1897 if (ieee80211_sta_active_ibss(dev))
1898 return;
1899
1900 printk(KERN_DEBUG "%s: No active IBSS STAs - trying to scan for other "
1901 "IBSS networks with same SSID (merge)\n", dev->name);
1902 ieee80211_sta_req_scan(dev, ifsta->ssid, ifsta->ssid_len);
1903}
1904
1905
1906void ieee80211_sta_timer(unsigned long data)
1907{
1908 struct ieee80211_sub_if_data *sdata =
1909 (struct ieee80211_sub_if_data *) data;
1910 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
1911 struct ieee80211_local *local = wdev_priv(&sdata->wdev);
1912
1913 set_bit(IEEE80211_STA_REQ_RUN, &ifsta->request);
1914 queue_work(local->hw.workqueue, &ifsta->work);
1915}
1916
1917
1918void ieee80211_sta_work(struct work_struct *work)
1919{
1920 struct ieee80211_sub_if_data *sdata =
1921 container_of(work, struct ieee80211_sub_if_data, u.sta.work);
1922 struct net_device *dev = sdata->dev;
1923 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1924 struct ieee80211_if_sta *ifsta;
1925 struct sk_buff *skb;
1926
1927 if (!netif_running(dev))
1928 return;
1929
1930 if (local->sta_scanning)
1931 return;
1932
1933 if (sdata->type != IEEE80211_IF_TYPE_STA &&
1934 sdata->type != IEEE80211_IF_TYPE_IBSS) {
1935 printk(KERN_DEBUG "%s: ieee80211_sta_work: non-STA interface "
1936 "(type=%d)\n", dev->name, sdata->type);
1937 return;
1938 }
1939 ifsta = &sdata->u.sta;
1940
1941 while ((skb = skb_dequeue(&ifsta->skb_queue)))
1942 ieee80211_sta_rx_queued_mgmt(dev, skb);
1943
1944 if (ifsta->state != IEEE80211_AUTHENTICATE &&
1945 ifsta->state != IEEE80211_ASSOCIATE &&
1946 test_and_clear_bit(IEEE80211_STA_REQ_SCAN, &ifsta->request)) {
1947 ieee80211_sta_start_scan(dev, NULL, 0);
1948 return;
1949 }
1950
1951 if (test_and_clear_bit(IEEE80211_STA_REQ_AUTH, &ifsta->request)) {
1952 if (ieee80211_sta_config_auth(dev, ifsta))
1953 return;
1954 clear_bit(IEEE80211_STA_REQ_RUN, &ifsta->request);
1955 } else if (!test_and_clear_bit(IEEE80211_STA_REQ_RUN, &ifsta->request))
1956 return;
1957
1958 switch (ifsta->state) {
1959 case IEEE80211_DISABLED:
1960 break;
1961 case IEEE80211_AUTHENTICATE:
1962 ieee80211_authenticate(dev, ifsta);
1963 break;
1964 case IEEE80211_ASSOCIATE:
1965 ieee80211_associate(dev, ifsta);
1966 break;
1967 case IEEE80211_ASSOCIATED:
1968 ieee80211_associated(dev, ifsta);
1969 break;
1970 case IEEE80211_IBSS_SEARCH:
1971 ieee80211_sta_find_ibss(dev, ifsta);
1972 break;
1973 case IEEE80211_IBSS_JOINED:
1974 ieee80211_sta_merge_ibss(dev, ifsta);
1975 break;
1976 default:
1977 printk(KERN_DEBUG "ieee80211_sta_work: Unknown state %d\n",
1978 ifsta->state);
1979 break;
1980 }
1981
1982 if (ieee80211_privacy_mismatch(dev, ifsta)) {
1983 printk(KERN_DEBUG "%s: privacy configuration mismatch and "
1984 "mixed-cell disabled - disassociate\n", dev->name);
1985
1986 ieee80211_send_disassoc(dev, ifsta, WLAN_REASON_UNSPECIFIED);
1987 ieee80211_set_disassoc(dev, ifsta, 0);
1988 }
1989}
1990
1991
1992static void ieee80211_sta_reset_auth(struct net_device *dev,
1993 struct ieee80211_if_sta *ifsta)
1994{
1995 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1996
1997 if (local->ops->reset_tsf) {
1998 /* Reset own TSF to allow time synchronization work. */
1999 local->ops->reset_tsf(local_to_hw(local));
2000 }
2001
2002 ifsta->wmm_last_param_set = -1; /* allow any WMM update */
2003
2004
2005 if (ifsta->auth_algs & IEEE80211_AUTH_ALG_OPEN)
2006 ifsta->auth_alg = WLAN_AUTH_OPEN;
2007 else if (ifsta->auth_algs & IEEE80211_AUTH_ALG_SHARED_KEY)
2008 ifsta->auth_alg = WLAN_AUTH_SHARED_KEY;
2009 else if (ifsta->auth_algs & IEEE80211_AUTH_ALG_LEAP)
2010 ifsta->auth_alg = WLAN_AUTH_LEAP;
2011 else
2012 ifsta->auth_alg = WLAN_AUTH_OPEN;
2013 printk(KERN_DEBUG "%s: Initial auth_alg=%d\n", dev->name,
2014 ifsta->auth_alg);
2015 ifsta->auth_transaction = -1;
2016 ifsta->associated = ifsta->auth_tries = ifsta->assoc_tries = 0;
2017 netif_carrier_off(dev);
2018}
2019
2020
2021void ieee80211_sta_req_auth(struct net_device *dev,
2022 struct ieee80211_if_sta *ifsta)
2023{
2024 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2025 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2026
2027 if (sdata->type != IEEE80211_IF_TYPE_STA)
2028 return;
2029
2030 if ((ifsta->bssid_set || ifsta->auto_bssid_sel) &&
2031 (ifsta->ssid_set || ifsta->auto_ssid_sel)) {
2032 set_bit(IEEE80211_STA_REQ_AUTH, &ifsta->request);
2033 queue_work(local->hw.workqueue, &ifsta->work);
2034 }
2035}
2036
2037static int ieee80211_sta_match_ssid(struct ieee80211_if_sta *ifsta,
2038 const char *ssid, int ssid_len)
2039{
2040 int tmp, hidden_ssid;
2041
2042 if (!memcmp(ifsta->ssid, ssid, ssid_len))
2043 return 1;
2044
2045 if (ifsta->auto_bssid_sel)
2046 return 0;
2047
2048 hidden_ssid = 1;
2049 tmp = ssid_len;
2050 while (tmp--) {
2051 if (ssid[tmp] != '\0') {
2052 hidden_ssid = 0;
2053 break;
2054 }
2055 }
2056
2057 if (hidden_ssid && ifsta->ssid_len == ssid_len)
2058 return 1;
2059
2060 if (ssid_len == 1 && ssid[0] == ' ')
2061 return 1;
2062
2063 return 0;
2064}
2065
2066static int ieee80211_sta_config_auth(struct net_device *dev,
2067 struct ieee80211_if_sta *ifsta)
2068{
2069 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2070 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2071 struct ieee80211_sta_bss *bss, *selected = NULL;
2072 int top_rssi = 0, freq;
2073
2074 rtnl_lock();
2075
2076 if (!ifsta->auto_channel_sel && !ifsta->auto_bssid_sel &&
2077 !ifsta->auto_ssid_sel) {
2078 ifsta->state = IEEE80211_AUTHENTICATE;
2079 rtnl_unlock();
2080 ieee80211_sta_reset_auth(dev, ifsta);
2081 return 0;
2082 }
2083
2084 spin_lock_bh(&local->sta_bss_lock);
2085 freq = local->oper_channel->freq;
2086 list_for_each_entry(bss, &local->sta_bss_list, list) {
2087 if (!(bss->capability & WLAN_CAPABILITY_ESS))
2088 continue;
2089
2090 if (!!(bss->capability & WLAN_CAPABILITY_PRIVACY) ^
2091 !!sdata->default_key)
2092 continue;
2093
2094 if (!ifsta->auto_channel_sel && bss->freq != freq)
2095 continue;
2096
2097 if (!ifsta->auto_bssid_sel &&
2098 memcmp(bss->bssid, ifsta->bssid, ETH_ALEN))
2099 continue;
2100
2101 if (!ifsta->auto_ssid_sel &&
2102 !ieee80211_sta_match_ssid(ifsta, bss->ssid, bss->ssid_len))
2103 continue;
2104
2105 if (!selected || top_rssi < bss->rssi) {
2106 selected = bss;
2107 top_rssi = bss->rssi;
2108 }
2109 }
2110 if (selected)
2111 atomic_inc(&selected->users);
2112 spin_unlock_bh(&local->sta_bss_lock);
2113
2114 if (selected) {
2115 ieee80211_set_channel(local, -1, selected->freq);
2116 if (!ifsta->ssid_set)
2117 ieee80211_sta_set_ssid(dev, selected->ssid,
2118 selected->ssid_len);
2119 ieee80211_sta_set_bssid(dev, selected->bssid);
2120 ieee80211_rx_bss_put(dev, selected);
2121 ifsta->state = IEEE80211_AUTHENTICATE;
2122 rtnl_unlock();
2123 ieee80211_sta_reset_auth(dev, ifsta);
2124 return 0;
2125 } else {
2126 if (ifsta->state != IEEE80211_AUTHENTICATE) {
2127 ieee80211_sta_start_scan(dev, NULL, 0);
2128 ifsta->state = IEEE80211_AUTHENTICATE;
2129 set_bit(IEEE80211_STA_REQ_AUTH, &ifsta->request);
2130 } else
2131 ifsta->state = IEEE80211_DISABLED;
2132 }
2133 rtnl_unlock();
2134 return -1;
2135}
2136
2137static int ieee80211_sta_join_ibss(struct net_device *dev,
2138 struct ieee80211_if_sta *ifsta,
2139 struct ieee80211_sta_bss *bss)
2140{
2141 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2142 int res, rates, i, j;
2143 struct sk_buff *skb;
2144 struct ieee80211_mgmt *mgmt;
2145 struct ieee80211_tx_control control;
2146 struct ieee80211_rate *rate;
2147 struct ieee80211_hw_mode *mode;
2148 struct rate_control_extra extra;
2149 u8 *pos;
2150 struct ieee80211_sub_if_data *sdata;
2151
2152 /* Remove possible STA entries from other IBSS networks. */
2153 sta_info_flush(local, NULL);
2154
2155 if (local->ops->reset_tsf) {
2156 /* Reset own TSF to allow time synchronization work. */
2157 local->ops->reset_tsf(local_to_hw(local));
2158 }
2159 memcpy(ifsta->bssid, bss->bssid, ETH_ALEN);
2160 res = ieee80211_if_config(dev);
2161 if (res)
2162 return res;
2163
2164 local->hw.conf.beacon_int = bss->beacon_int >= 10 ? bss->beacon_int : 10;
2165
2166 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2167 sdata->drop_unencrypted = bss->capability &
2168 WLAN_CAPABILITY_PRIVACY ? 1 : 0;
2169
2170 res = ieee80211_set_channel(local, -1, bss->freq);
2171
2172 if (!(local->oper_channel->flag & IEEE80211_CHAN_W_IBSS)) {
2173 printk(KERN_DEBUG "%s: IBSS not allowed on channel %d "
2174 "(%d MHz)\n", dev->name, local->hw.conf.channel,
2175 local->hw.conf.freq);
2176 return -1;
2177 }
2178
2179 /* Set beacon template based on scan results */
2180 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 400);
2181 do {
2182 if (!skb)
2183 break;
2184
2185 skb_reserve(skb, local->hw.extra_tx_headroom);
2186
2187 mgmt = (struct ieee80211_mgmt *)
2188 skb_put(skb, 24 + sizeof(mgmt->u.beacon));
2189 memset(mgmt, 0, 24 + sizeof(mgmt->u.beacon));
2190 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
2191 IEEE80211_STYPE_BEACON);
2192 memset(mgmt->da, 0xff, ETH_ALEN);
2193 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
2194 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
2195 mgmt->u.beacon.beacon_int =
2196 cpu_to_le16(local->hw.conf.beacon_int);
2197 mgmt->u.beacon.capab_info = cpu_to_le16(bss->capability);
2198
2199 pos = skb_put(skb, 2 + ifsta->ssid_len);
2200 *pos++ = WLAN_EID_SSID;
2201 *pos++ = ifsta->ssid_len;
2202 memcpy(pos, ifsta->ssid, ifsta->ssid_len);
2203
2204 rates = bss->supp_rates_len;
2205 if (rates > 8)
2206 rates = 8;
2207 pos = skb_put(skb, 2 + rates);
2208 *pos++ = WLAN_EID_SUPP_RATES;
2209 *pos++ = rates;
2210 memcpy(pos, bss->supp_rates, rates);
2211
2212 pos = skb_put(skb, 2 + 1);
2213 *pos++ = WLAN_EID_DS_PARAMS;
2214 *pos++ = 1;
2215 *pos++ = bss->channel;
2216
2217 pos = skb_put(skb, 2 + 2);
2218 *pos++ = WLAN_EID_IBSS_PARAMS;
2219 *pos++ = 2;
2220 /* FIX: set ATIM window based on scan results */
2221 *pos++ = 0;
2222 *pos++ = 0;
2223
2224 if (bss->supp_rates_len > 8) {
2225 rates = bss->supp_rates_len - 8;
2226 pos = skb_put(skb, 2 + rates);
2227 *pos++ = WLAN_EID_EXT_SUPP_RATES;
2228 *pos++ = rates;
2229 memcpy(pos, &bss->supp_rates[8], rates);
2230 }
2231
2232 memset(&control, 0, sizeof(control));
2233 memset(&extra, 0, sizeof(extra));
2234 extra.mode = local->oper_hw_mode;
2235 rate = rate_control_get_rate(local, dev, skb, &extra);
2236 if (!rate) {
2237 printk(KERN_DEBUG "%s: Failed to determine TX rate "
2238 "for IBSS beacon\n", dev->name);
2239 break;
2240 }
2241 control.tx_rate = (local->short_preamble &&
2242 (rate->flags & IEEE80211_RATE_PREAMBLE2)) ?
2243 rate->val2 : rate->val;
2244 control.antenna_sel_tx = local->hw.conf.antenna_sel_tx;
2245 control.power_level = local->hw.conf.power_level;
2246 control.flags |= IEEE80211_TXCTL_NO_ACK;
2247 control.retry_limit = 1;
2248
2249 ifsta->probe_resp = skb_copy(skb, GFP_ATOMIC);
2250 if (ifsta->probe_resp) {
2251 mgmt = (struct ieee80211_mgmt *)
2252 ifsta->probe_resp->data;
2253 mgmt->frame_control =
2254 IEEE80211_FC(IEEE80211_FTYPE_MGMT,
2255 IEEE80211_STYPE_PROBE_RESP);
2256 } else {
2257 printk(KERN_DEBUG "%s: Could not allocate ProbeResp "
2258 "template for IBSS\n", dev->name);
2259 }
2260
2261 if (local->ops->beacon_update &&
2262 local->ops->beacon_update(local_to_hw(local),
2263 skb, &control) == 0) {
2264 printk(KERN_DEBUG "%s: Configured IBSS beacon "
2265 "template based on scan results\n", dev->name);
2266 skb = NULL;
2267 }
2268
2269 rates = 0;
2270 mode = local->oper_hw_mode;
2271 for (i = 0; i < bss->supp_rates_len; i++) {
2272 int bitrate = (bss->supp_rates[i] & 0x7f) * 5;
2273 if (mode->mode == MODE_ATHEROS_TURBO)
2274 bitrate *= 2;
2275 for (j = 0; j < mode->num_rates; j++)
2276 if (mode->rates[j].rate == bitrate)
2277 rates |= BIT(j);
2278 }
2279 ifsta->supp_rates_bits = rates;
2280 } while (0);
2281
2282 if (skb) {
2283 printk(KERN_DEBUG "%s: Failed to configure IBSS beacon "
2284 "template\n", dev->name);
2285 dev_kfree_skb(skb);
2286 }
2287
2288 ifsta->state = IEEE80211_IBSS_JOINED;
2289 mod_timer(&ifsta->timer, jiffies + IEEE80211_IBSS_MERGE_INTERVAL);
2290
2291 ieee80211_rx_bss_put(dev, bss);
2292
2293 return res;
2294}
2295
2296
2297static int ieee80211_sta_create_ibss(struct net_device *dev,
2298 struct ieee80211_if_sta *ifsta)
2299{
2300 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2301 struct ieee80211_sta_bss *bss;
2302 struct ieee80211_sub_if_data *sdata;
2303 struct ieee80211_hw_mode *mode;
2304 u8 bssid[ETH_ALEN], *pos;
2305 int i;
2306
2307#if 0
2308 /* Easier testing, use fixed BSSID. */
2309 memset(bssid, 0xfe, ETH_ALEN);
2310#else
2311 /* Generate random, not broadcast, locally administered BSSID. Mix in
2312 * own MAC address to make sure that devices that do not have proper
2313 * random number generator get different BSSID. */
2314 get_random_bytes(bssid, ETH_ALEN);
2315 for (i = 0; i < ETH_ALEN; i++)
2316 bssid[i] ^= dev->dev_addr[i];
2317 bssid[0] &= ~0x01;
2318 bssid[0] |= 0x02;
2319#endif
2320
2321 printk(KERN_DEBUG "%s: Creating new IBSS network, BSSID " MAC_FMT "\n",
2322 dev->name, MAC_ARG(bssid));
2323
2324 bss = ieee80211_rx_bss_add(dev, bssid);
2325 if (!bss)
2326 return -ENOMEM;
2327
2328 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2329 mode = local->oper_hw_mode;
2330
2331 if (local->hw.conf.beacon_int == 0)
2332 local->hw.conf.beacon_int = 100;
2333 bss->beacon_int = local->hw.conf.beacon_int;
2334 bss->hw_mode = local->hw.conf.phymode;
2335 bss->channel = local->hw.conf.channel;
2336 bss->freq = local->hw.conf.freq;
2337 bss->last_update = jiffies;
2338 bss->capability = WLAN_CAPABILITY_IBSS;
2339 if (sdata->default_key) {
2340 bss->capability |= WLAN_CAPABILITY_PRIVACY;
2341 } else
2342 sdata->drop_unencrypted = 0;
2343 bss->supp_rates_len = mode->num_rates;
2344 pos = bss->supp_rates;
2345 for (i = 0; i < mode->num_rates; i++) {
2346 int rate = mode->rates[i].rate;
2347 if (mode->mode == MODE_ATHEROS_TURBO)
2348 rate /= 2;
2349 *pos++ = (u8) (rate / 5);
2350 }
2351
2352 return ieee80211_sta_join_ibss(dev, ifsta, bss);
2353}
2354
2355
2356static int ieee80211_sta_find_ibss(struct net_device *dev,
2357 struct ieee80211_if_sta *ifsta)
2358{
2359 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2360 struct ieee80211_sta_bss *bss;
2361 int found = 0;
2362 u8 bssid[ETH_ALEN];
2363 int active_ibss;
2364
2365 if (ifsta->ssid_len == 0)
2366 return -EINVAL;
2367
2368 active_ibss = ieee80211_sta_active_ibss(dev);
2369#ifdef CONFIG_MAC80211_IBSS_DEBUG
2370 printk(KERN_DEBUG "%s: sta_find_ibss (active_ibss=%d)\n",
2371 dev->name, active_ibss);
2372#endif /* CONFIG_MAC80211_IBSS_DEBUG */
2373 spin_lock_bh(&local->sta_bss_lock);
2374 list_for_each_entry(bss, &local->sta_bss_list, list) {
2375 if (ifsta->ssid_len != bss->ssid_len ||
2376 memcmp(ifsta->ssid, bss->ssid, bss->ssid_len) != 0
2377 || !(bss->capability & WLAN_CAPABILITY_IBSS))
2378 continue;
2379#ifdef CONFIG_MAC80211_IBSS_DEBUG
2380 printk(KERN_DEBUG " bssid=" MAC_FMT " found\n",
2381 MAC_ARG(bss->bssid));
2382#endif /* CONFIG_MAC80211_IBSS_DEBUG */
2383 memcpy(bssid, bss->bssid, ETH_ALEN);
2384 found = 1;
2385 if (active_ibss || memcmp(bssid, ifsta->bssid, ETH_ALEN) != 0)
2386 break;
2387 }
2388 spin_unlock_bh(&local->sta_bss_lock);
2389
2390#ifdef CONFIG_MAC80211_IBSS_DEBUG
2391 printk(KERN_DEBUG " sta_find_ibss: selected " MAC_FMT " current "
2392 MAC_FMT "\n", MAC_ARG(bssid), MAC_ARG(ifsta->bssid));
2393#endif /* CONFIG_MAC80211_IBSS_DEBUG */
2394 if (found && memcmp(ifsta->bssid, bssid, ETH_ALEN) != 0 &&
2395 (bss = ieee80211_rx_bss_get(dev, bssid))) {
2396 printk(KERN_DEBUG "%s: Selected IBSS BSSID " MAC_FMT
2397 " based on configured SSID\n",
2398 dev->name, MAC_ARG(bssid));
2399 return ieee80211_sta_join_ibss(dev, ifsta, bss);
2400 }
2401#ifdef CONFIG_MAC80211_IBSS_DEBUG
2402 printk(KERN_DEBUG " did not try to join ibss\n");
2403#endif /* CONFIG_MAC80211_IBSS_DEBUG */
2404
2405 /* Selected IBSS not found in current scan results - try to scan */
2406 if (ifsta->state == IEEE80211_IBSS_JOINED &&
2407 !ieee80211_sta_active_ibss(dev)) {
2408 mod_timer(&ifsta->timer, jiffies +
2409 IEEE80211_IBSS_MERGE_INTERVAL);
2410 } else if (time_after(jiffies, local->last_scan_completed +
2411 IEEE80211_SCAN_INTERVAL)) {
2412 printk(KERN_DEBUG "%s: Trigger new scan to find an IBSS to "
2413 "join\n", dev->name);
2414 return ieee80211_sta_req_scan(dev, ifsta->ssid,
2415 ifsta->ssid_len);
2416 } else if (ifsta->state != IEEE80211_IBSS_JOINED) {
2417 int interval = IEEE80211_SCAN_INTERVAL;
2418
2419 if (time_after(jiffies, ifsta->ibss_join_req +
2420 IEEE80211_IBSS_JOIN_TIMEOUT)) {
2421 if (ifsta->create_ibss &&
2422 local->oper_channel->flag & IEEE80211_CHAN_W_IBSS)
2423 return ieee80211_sta_create_ibss(dev, ifsta);
2424 if (ifsta->create_ibss) {
2425 printk(KERN_DEBUG "%s: IBSS not allowed on the"
2426 " configured channel %d (%d MHz)\n",
2427 dev->name, local->hw.conf.channel,
2428 local->hw.conf.freq);
2429 }
2430
2431 /* No IBSS found - decrease scan interval and continue
2432 * scanning. */
2433 interval = IEEE80211_SCAN_INTERVAL_SLOW;
2434 }
2435
2436 ifsta->state = IEEE80211_IBSS_SEARCH;
2437 mod_timer(&ifsta->timer, jiffies + interval);
2438 return 0;
2439 }
2440
2441 return 0;
2442}
2443
2444
2445int ieee80211_sta_set_ssid(struct net_device *dev, char *ssid, size_t len)
2446{
2447 struct ieee80211_sub_if_data *sdata;
2448 struct ieee80211_if_sta *ifsta;
2449 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2450
2451 if (len > IEEE80211_MAX_SSID_LEN)
2452 return -EINVAL;
2453
2454 /* TODO: This should always be done for IBSS, even if IEEE80211_QOS is
2455 * not defined. */
2456 if (local->ops->conf_tx) {
2457 struct ieee80211_tx_queue_params qparam;
2458 int i;
2459
2460 memset(&qparam, 0, sizeof(qparam));
2461 /* TODO: are these ok defaults for all hw_modes? */
2462 qparam.aifs = 2;
2463 qparam.cw_min =
2464 local->hw.conf.phymode == MODE_IEEE80211B ? 31 : 15;
2465 qparam.cw_max = 1023;
2466 qparam.burst_time = 0;
2467 for (i = IEEE80211_TX_QUEUE_DATA0; i < NUM_TX_DATA_QUEUES; i++)
2468 {
2469 local->ops->conf_tx(local_to_hw(local),
2470 i + IEEE80211_TX_QUEUE_DATA0,
2471 &qparam);
2472 }
2473 /* IBSS uses different parameters for Beacon sending */
2474 qparam.cw_min++;
2475 qparam.cw_min *= 2;
2476 qparam.cw_min--;
2477 local->ops->conf_tx(local_to_hw(local),
2478 IEEE80211_TX_QUEUE_BEACON, &qparam);
2479 }
2480
2481 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2482 ifsta = &sdata->u.sta;
2483
2484 if (ifsta->ssid_len != len || memcmp(ifsta->ssid, ssid, len) != 0)
2485 ifsta->prev_bssid_set = 0;
2486 memcpy(ifsta->ssid, ssid, len);
2487 memset(ifsta->ssid + len, 0, IEEE80211_MAX_SSID_LEN - len);
2488 ifsta->ssid_len = len;
2489
2490 ifsta->ssid_set = len ? 1 : 0;
2491 if (sdata->type == IEEE80211_IF_TYPE_IBSS && !ifsta->bssid_set) {
2492 ifsta->ibss_join_req = jiffies;
2493 ifsta->state = IEEE80211_IBSS_SEARCH;
2494 return ieee80211_sta_find_ibss(dev, ifsta);
2495 }
2496 return 0;
2497}
2498
2499
2500int ieee80211_sta_get_ssid(struct net_device *dev, char *ssid, size_t *len)
2501{
2502 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2503 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
2504 memcpy(ssid, ifsta->ssid, ifsta->ssid_len);
2505 *len = ifsta->ssid_len;
2506 return 0;
2507}
2508
2509
2510int ieee80211_sta_set_bssid(struct net_device *dev, u8 *bssid)
2511{
2512 struct ieee80211_sub_if_data *sdata;
2513 struct ieee80211_if_sta *ifsta;
2514 int res;
2515
2516 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2517 ifsta = &sdata->u.sta;
2518
2519 if (memcmp(ifsta->bssid, bssid, ETH_ALEN) != 0) {
2520 memcpy(ifsta->bssid, bssid, ETH_ALEN);
2521 res = ieee80211_if_config(dev);
2522 if (res) {
2523 printk(KERN_DEBUG "%s: Failed to config new BSSID to "
2524 "the low-level driver\n", dev->name);
2525 return res;
2526 }
2527 }
2528
2529 if (!is_valid_ether_addr(bssid))
2530 ifsta->bssid_set = 0;
2531 else
2532 ifsta->bssid_set = 1;
2533 return 0;
2534}
2535
2536
2537static void ieee80211_send_nullfunc(struct ieee80211_local *local,
2538 struct ieee80211_sub_if_data *sdata,
2539 int powersave)
2540{
2541 struct sk_buff *skb;
2542 struct ieee80211_hdr *nullfunc;
2543 u16 fc;
2544
2545 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 24);
2546 if (!skb) {
2547 printk(KERN_DEBUG "%s: failed to allocate buffer for nullfunc "
2548 "frame\n", sdata->dev->name);
2549 return;
2550 }
2551 skb_reserve(skb, local->hw.extra_tx_headroom);
2552
2553 nullfunc = (struct ieee80211_hdr *) skb_put(skb, 24);
2554 memset(nullfunc, 0, 24);
2555 fc = IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC |
2556 IEEE80211_FCTL_TODS;
2557 if (powersave)
2558 fc |= IEEE80211_FCTL_PM;
2559 nullfunc->frame_control = cpu_to_le16(fc);
2560 memcpy(nullfunc->addr1, sdata->u.sta.bssid, ETH_ALEN);
2561 memcpy(nullfunc->addr2, sdata->dev->dev_addr, ETH_ALEN);
2562 memcpy(nullfunc->addr3, sdata->u.sta.bssid, ETH_ALEN);
2563
2564 ieee80211_sta_tx(sdata->dev, skb, 0);
2565}
2566
2567
2568void ieee80211_scan_completed(struct ieee80211_hw *hw)
2569{
2570 struct ieee80211_local *local = hw_to_local(hw);
2571 struct net_device *dev = local->scan_dev;
2572 struct ieee80211_sub_if_data *sdata;
2573 union iwreq_data wrqu;
2574
2575 local->last_scan_completed = jiffies;
2576 wmb();
2577 local->sta_scanning = 0;
2578
2579 if (ieee80211_hw_config(local))
2580 printk(KERN_DEBUG "%s: failed to restore operational"
2581 "channel after scan\n", dev->name);
2582
2583 if (!(local->hw.flags & IEEE80211_HW_NO_PROBE_FILTERING) &&
2584 ieee80211_if_config(dev))
2585 printk(KERN_DEBUG "%s: failed to restore operational"
2586 "BSSID after scan\n", dev->name);
2587
2588 memset(&wrqu, 0, sizeof(wrqu));
2589 wireless_send_event(dev, SIOCGIWSCAN, &wrqu, NULL);
2590
2591 read_lock(&local->sub_if_lock);
2592 list_for_each_entry(sdata, &local->sub_if_list, list) {
2593 if (sdata->type == IEEE80211_IF_TYPE_STA) {
2594 if (sdata->u.sta.associated)
2595 ieee80211_send_nullfunc(local, sdata, 0);
2596 ieee80211_sta_timer((unsigned long)sdata);
2597 }
2598 netif_wake_queue(sdata->dev);
2599 }
2600 read_unlock(&local->sub_if_lock);
2601
2602 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2603 if (sdata->type == IEEE80211_IF_TYPE_IBSS) {
2604 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
2605 if (!ifsta->bssid_set ||
2606 (!ifsta->state == IEEE80211_IBSS_JOINED &&
2607 !ieee80211_sta_active_ibss(dev)))
2608 ieee80211_sta_find_ibss(dev, ifsta);
2609 }
2610}
2611EXPORT_SYMBOL(ieee80211_scan_completed);
2612
2613void ieee80211_sta_scan_work(struct work_struct *work)
2614{
2615 struct ieee80211_local *local =
2616 container_of(work, struct ieee80211_local, scan_work.work);
2617 struct net_device *dev = local->scan_dev;
2618 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2619 struct ieee80211_hw_mode *mode;
2620 struct ieee80211_channel *chan;
2621 int skip;
2622 unsigned long next_delay = 0;
2623
2624 if (!local->sta_scanning)
2625 return;
2626
2627 switch (local->scan_state) {
2628 case SCAN_SET_CHANNEL:
2629 mode = local->scan_hw_mode;
2630 if (local->scan_hw_mode->list.next == &local->modes_list &&
2631 local->scan_channel_idx >= mode->num_channels) {
2632 ieee80211_scan_completed(local_to_hw(local));
2633 return;
2634 }
2635 skip = !(local->enabled_modes & (1 << mode->mode));
2636 chan = &mode->channels[local->scan_channel_idx];
2637 if (!(chan->flag & IEEE80211_CHAN_W_SCAN) ||
2638 (sdata->type == IEEE80211_IF_TYPE_IBSS &&
2639 !(chan->flag & IEEE80211_CHAN_W_IBSS)) ||
2640 (local->hw_modes & local->enabled_modes &
2641 (1 << MODE_IEEE80211G) && mode->mode == MODE_IEEE80211B))
2642 skip = 1;
2643
2644 if (!skip) {
2645#if 0
2646 printk(KERN_DEBUG "%s: scan channel %d (%d MHz)\n",
2647 dev->name, chan->chan, chan->freq);
2648#endif
2649
2650 local->scan_channel = chan;
2651 if (ieee80211_hw_config(local)) {
2652 printk(KERN_DEBUG "%s: failed to set channel "
2653 "%d (%d MHz) for scan\n", dev->name,
2654 chan->chan, chan->freq);
2655 skip = 1;
2656 }
2657 }
2658
2659 local->scan_channel_idx++;
2660 if (local->scan_channel_idx >= local->scan_hw_mode->num_channels) {
2661 if (local->scan_hw_mode->list.next != &local->modes_list) {
2662 local->scan_hw_mode = list_entry(local->scan_hw_mode->list.next,
2663 struct ieee80211_hw_mode,
2664 list);
2665 local->scan_channel_idx = 0;
2666 }
2667 }
2668
2669 if (skip)
2670 break;
2671
2672 next_delay = IEEE80211_PROBE_DELAY +
2673 usecs_to_jiffies(local->hw.channel_change_time);
2674 local->scan_state = SCAN_SEND_PROBE;
2675 break;
2676 case SCAN_SEND_PROBE:
2677 if (local->scan_channel->flag & IEEE80211_CHAN_W_ACTIVE_SCAN) {
2678 ieee80211_send_probe_req(dev, NULL, local->scan_ssid,
2679 local->scan_ssid_len);
2680 next_delay = IEEE80211_CHANNEL_TIME;
2681 } else
2682 next_delay = IEEE80211_PASSIVE_CHANNEL_TIME;
2683 local->scan_state = SCAN_SET_CHANNEL;
2684 break;
2685 }
2686
2687 if (local->sta_scanning)
2688 queue_delayed_work(local->hw.workqueue, &local->scan_work,
2689 next_delay);
2690}
2691
2692
2693static int ieee80211_sta_start_scan(struct net_device *dev,
2694 u8 *ssid, size_t ssid_len)
2695{
2696 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2697 struct ieee80211_sub_if_data *sdata;
2698
2699 if (ssid_len > IEEE80211_MAX_SSID_LEN)
2700 return -EINVAL;
2701
2702 /* MLME-SCAN.request (page 118) page 144 (11.1.3.1)
2703 * BSSType: INFRASTRUCTURE, INDEPENDENT, ANY_BSS
2704 * BSSID: MACAddress
2705 * SSID
2706 * ScanType: ACTIVE, PASSIVE
2707 * ProbeDelay: delay (in microseconds) to be used prior to transmitting
2708 * a Probe frame during active scanning
2709 * ChannelList
2710 * MinChannelTime (>= ProbeDelay), in TU
2711 * MaxChannelTime: (>= MinChannelTime), in TU
2712 */
2713
2714 /* MLME-SCAN.confirm
2715 * BSSDescriptionSet
2716 * ResultCode: SUCCESS, INVALID_PARAMETERS
2717 */
2718
2719 if (local->sta_scanning) {
2720 if (local->scan_dev == dev)
2721 return 0;
2722 return -EBUSY;
2723 }
2724
2725 if (local->ops->hw_scan) {
2726 int rc = local->ops->hw_scan(local_to_hw(local),
2727 ssid, ssid_len);
2728 if (!rc) {
2729 local->sta_scanning = 1;
2730 local->scan_dev = dev;
2731 }
2732 return rc;
2733 }
2734
2735 local->sta_scanning = 1;
2736
2737 read_lock(&local->sub_if_lock);
2738 list_for_each_entry(sdata, &local->sub_if_list, list) {
2739 netif_stop_queue(sdata->dev);
2740 if (sdata->type == IEEE80211_IF_TYPE_STA &&
2741 sdata->u.sta.associated)
2742 ieee80211_send_nullfunc(local, sdata, 1);
2743 }
2744 read_unlock(&local->sub_if_lock);
2745
2746 if (ssid) {
2747 local->scan_ssid_len = ssid_len;
2748 memcpy(local->scan_ssid, ssid, ssid_len);
2749 } else
2750 local->scan_ssid_len = 0;
2751 local->scan_state = SCAN_SET_CHANNEL;
2752 local->scan_hw_mode = list_entry(local->modes_list.next,
2753 struct ieee80211_hw_mode,
2754 list);
2755 local->scan_channel_idx = 0;
2756 local->scan_dev = dev;
2757
2758 if (!(local->hw.flags & IEEE80211_HW_NO_PROBE_FILTERING) &&
2759 ieee80211_if_config(dev))
2760 printk(KERN_DEBUG "%s: failed to set BSSID for scan\n",
2761 dev->name);
2762
2763 /* TODO: start scan as soon as all nullfunc frames are ACKed */
2764 queue_delayed_work(local->hw.workqueue, &local->scan_work,
2765 IEEE80211_CHANNEL_TIME);
2766
2767 return 0;
2768}
2769
2770
2771int ieee80211_sta_req_scan(struct net_device *dev, u8 *ssid, size_t ssid_len)
2772{
2773 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2774 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
2775 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2776
2777 if (sdata->type != IEEE80211_IF_TYPE_STA)
2778 return ieee80211_sta_start_scan(dev, ssid, ssid_len);
2779
2780 if (local->sta_scanning) {
2781 if (local->scan_dev == dev)
2782 return 0;
2783 return -EBUSY;
2784 }
2785
2786 set_bit(IEEE80211_STA_REQ_SCAN, &ifsta->request);
2787 queue_work(local->hw.workqueue, &ifsta->work);
2788 return 0;
2789}
2790
2791static char *
2792ieee80211_sta_scan_result(struct net_device *dev,
2793 struct ieee80211_sta_bss *bss,
2794 char *current_ev, char *end_buf)
2795{
2796 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2797 struct iw_event iwe;
2798
2799 if (time_after(jiffies,
2800 bss->last_update + IEEE80211_SCAN_RESULT_EXPIRE))
2801 return current_ev;
2802
2803 if (!(local->enabled_modes & (1 << bss->hw_mode)))
2804 return current_ev;
2805
2806 if (local->scan_flags & IEEE80211_SCAN_WPA_ONLY &&
2807 !bss->wpa_ie && !bss->rsn_ie)
2808 return current_ev;
2809
2810 if (local->scan_flags & IEEE80211_SCAN_MATCH_SSID &&
2811 (local->scan_ssid_len != bss->ssid_len ||
2812 memcmp(local->scan_ssid, bss->ssid, bss->ssid_len) != 0))
2813 return current_ev;
2814
2815 memset(&iwe, 0, sizeof(iwe));
2816 iwe.cmd = SIOCGIWAP;
2817 iwe.u.ap_addr.sa_family = ARPHRD_ETHER;
2818 memcpy(iwe.u.ap_addr.sa_data, bss->bssid, ETH_ALEN);
2819 current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe,
2820 IW_EV_ADDR_LEN);
2821
2822 memset(&iwe, 0, sizeof(iwe));
2823 iwe.cmd = SIOCGIWESSID;
2824 iwe.u.data.length = bss->ssid_len;
2825 iwe.u.data.flags = 1;
2826 current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe,
2827 bss->ssid);
2828
2829 if (bss->capability & (WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_IBSS)) {
2830 memset(&iwe, 0, sizeof(iwe));
2831 iwe.cmd = SIOCGIWMODE;
2832 if (bss->capability & WLAN_CAPABILITY_ESS)
2833 iwe.u.mode = IW_MODE_MASTER;
2834 else
2835 iwe.u.mode = IW_MODE_ADHOC;
2836 current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe,
2837 IW_EV_UINT_LEN);
2838 }
2839
2840 memset(&iwe, 0, sizeof(iwe));
2841 iwe.cmd = SIOCGIWFREQ;
2842 iwe.u.freq.m = bss->channel;
2843 iwe.u.freq.e = 0;
2844 current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe,
2845 IW_EV_FREQ_LEN);
2846 iwe.u.freq.m = bss->freq * 100000;
2847 iwe.u.freq.e = 1;
2848 current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe,
2849 IW_EV_FREQ_LEN);
2850
2851 memset(&iwe, 0, sizeof(iwe));
2852 iwe.cmd = IWEVQUAL;
2853 iwe.u.qual.qual = bss->signal;
2854 iwe.u.qual.level = bss->rssi;
2855 iwe.u.qual.noise = bss->noise;
2856 iwe.u.qual.updated = local->wstats_flags;
2857 current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe,
2858 IW_EV_QUAL_LEN);
2859
2860 memset(&iwe, 0, sizeof(iwe));
2861 iwe.cmd = SIOCGIWENCODE;
2862 if (bss->capability & WLAN_CAPABILITY_PRIVACY)
2863 iwe.u.data.flags = IW_ENCODE_ENABLED | IW_ENCODE_NOKEY;
2864 else
2865 iwe.u.data.flags = IW_ENCODE_DISABLED;
2866 iwe.u.data.length = 0;
2867 current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe, "");
2868
2869 if (bss && bss->wpa_ie) {
2870 memset(&iwe, 0, sizeof(iwe));
2871 iwe.cmd = IWEVGENIE;
2872 iwe.u.data.length = bss->wpa_ie_len;
2873 current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe,
2874 bss->wpa_ie);
2875 }
2876
2877 if (bss && bss->rsn_ie) {
2878 memset(&iwe, 0, sizeof(iwe));
2879 iwe.cmd = IWEVGENIE;
2880 iwe.u.data.length = bss->rsn_ie_len;
2881 current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe,
2882 bss->rsn_ie);
2883 }
2884
2885 if (bss && bss->supp_rates_len > 0) {
2886 /* display all supported rates in readable format */
2887 char *p = current_ev + IW_EV_LCP_LEN;
2888 int i;
2889
2890 memset(&iwe, 0, sizeof(iwe));
2891 iwe.cmd = SIOCGIWRATE;
2892 /* Those two flags are ignored... */
2893 iwe.u.bitrate.fixed = iwe.u.bitrate.disabled = 0;
2894
2895 for (i = 0; i < bss->supp_rates_len; i++) {
2896 iwe.u.bitrate.value = ((bss->supp_rates[i] &
2897 0x7f) * 500000);
2898 p = iwe_stream_add_value(current_ev, p,
2899 end_buf, &iwe, IW_EV_PARAM_LEN);
2900 }
2901 current_ev = p;
2902 }
2903
2904 if (bss) {
2905 char *buf;
2906 buf = kmalloc(30, GFP_ATOMIC);
2907 if (buf) {
2908 memset(&iwe, 0, sizeof(iwe));
2909 iwe.cmd = IWEVCUSTOM;
2910 sprintf(buf, "tsf=%016llx", (unsigned long long)(bss->timestamp));
2911 iwe.u.data.length = strlen(buf);
2912 current_ev = iwe_stream_add_point(current_ev, end_buf,
2913 &iwe, buf);
2914 kfree(buf);
2915 }
2916 }
2917
2918 do {
2919 char *buf;
2920
2921 if (!(local->scan_flags & IEEE80211_SCAN_EXTRA_INFO))
2922 break;
2923
2924 buf = kmalloc(100, GFP_ATOMIC);
2925 if (!buf)
2926 break;
2927
2928 memset(&iwe, 0, sizeof(iwe));
2929 iwe.cmd = IWEVCUSTOM;
2930 sprintf(buf, "bcn_int=%d", bss->beacon_int);
2931 iwe.u.data.length = strlen(buf);
2932 current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe,
2933 buf);
2934
2935 memset(&iwe, 0, sizeof(iwe));
2936 iwe.cmd = IWEVCUSTOM;
2937 sprintf(buf, "capab=0x%04x", bss->capability);
2938 iwe.u.data.length = strlen(buf);
2939 current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe,
2940 buf);
2941
2942 kfree(buf);
2943 break;
2944 } while (0);
2945
2946 return current_ev;
2947}
2948
2949
2950int ieee80211_sta_scan_results(struct net_device *dev, char *buf, size_t len)
2951{
2952 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2953 char *current_ev = buf;
2954 char *end_buf = buf + len;
2955 struct ieee80211_sta_bss *bss;
2956
2957 spin_lock_bh(&local->sta_bss_lock);
2958 list_for_each_entry(bss, &local->sta_bss_list, list) {
2959 if (buf + len - current_ev <= IW_EV_ADDR_LEN) {
2960 spin_unlock_bh(&local->sta_bss_lock);
2961 return -E2BIG;
2962 }
2963 current_ev = ieee80211_sta_scan_result(dev, bss, current_ev,
2964 end_buf);
2965 }
2966 spin_unlock_bh(&local->sta_bss_lock);
2967 return current_ev - buf;
2968}
2969
2970
2971int ieee80211_sta_set_extra_ie(struct net_device *dev, char *ie, size_t len)
2972{
2973 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2974 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
2975 kfree(ifsta->extra_ie);
2976 if (len == 0) {
2977 ifsta->extra_ie = NULL;
2978 ifsta->extra_ie_len = 0;
2979 return 0;
2980 }
2981 ifsta->extra_ie = kmalloc(len, GFP_KERNEL);
2982 if (!ifsta->extra_ie) {
2983 ifsta->extra_ie_len = 0;
2984 return -ENOMEM;
2985 }
2986 memcpy(ifsta->extra_ie, ie, len);
2987 ifsta->extra_ie_len = len;
2988 return 0;
2989}
2990
2991
2992struct sta_info * ieee80211_ibss_add_sta(struct net_device *dev,
2993 struct sk_buff *skb, u8 *bssid,
2994 u8 *addr)
2995{
2996 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2997 struct sta_info *sta;
2998 struct ieee80211_sub_if_data *sdata = NULL;
2999
3000 /* TODO: Could consider removing the least recently used entry and
3001 * allow new one to be added. */
3002 if (local->num_sta >= IEEE80211_IBSS_MAX_STA_ENTRIES) {
3003 if (net_ratelimit()) {
3004 printk(KERN_DEBUG "%s: No room for a new IBSS STA "
3005 "entry " MAC_FMT "\n", dev->name, MAC_ARG(addr));
3006 }
3007 return NULL;
3008 }
3009
3010 printk(KERN_DEBUG "%s: Adding new IBSS station " MAC_FMT " (dev=%s)\n",
3011 local->mdev->name, MAC_ARG(addr), dev->name);
3012
3013 sta = sta_info_add(local, dev, addr, GFP_ATOMIC);
3014 if (!sta)
3015 return NULL;
3016
3017 sta->supp_rates = sdata->u.sta.supp_rates_bits;
3018
3019 rate_control_rate_init(sta, local);
3020
3021 return sta; /* caller will call sta_info_put() */
3022}
3023
3024
3025int ieee80211_sta_deauthenticate(struct net_device *dev, u16 reason)
3026{
3027 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3028 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
3029
3030 printk(KERN_DEBUG "%s: deauthenticate(reason=%d)\n",
3031 dev->name, reason);
3032
3033 if (sdata->type != IEEE80211_IF_TYPE_STA &&
3034 sdata->type != IEEE80211_IF_TYPE_IBSS)
3035 return -EINVAL;
3036
3037 ieee80211_send_deauth(dev, ifsta, reason);
3038 ieee80211_set_disassoc(dev, ifsta, 1);
3039 return 0;
3040}
3041
3042
3043int ieee80211_sta_disassociate(struct net_device *dev, u16 reason)
3044{
3045 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3046 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
3047
3048 printk(KERN_DEBUG "%s: disassociate(reason=%d)\n",
3049 dev->name, reason);
3050
3051 if (sdata->type != IEEE80211_IF_TYPE_STA)
3052 return -EINVAL;
3053
3054 if (!ifsta->associated)
3055 return -1;
3056
3057 ieee80211_send_disassoc(dev, ifsta, reason);
3058 ieee80211_set_disassoc(dev, ifsta, 0);
3059 return 0;
3060}
diff --git a/net/mac80211/michael.c b/net/mac80211/michael.c
new file mode 100644
index 000000000000..0f844f7895f1
--- /dev/null
+++ b/net/mac80211/michael.c
@@ -0,0 +1,104 @@
1/*
2 * Michael MIC implementation - optimized for TKIP MIC operations
3 * Copyright 2002-2003, Instant802 Networks, Inc.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 */
9
10#include <linux/types.h>
11
12#include "michael.h"
13
14static inline u32 rotr(u32 val, int bits)
15{
16 return (val >> bits) | (val << (32 - bits));
17}
18
19
20static inline u32 rotl(u32 val, int bits)
21{
22 return (val << bits) | (val >> (32 - bits));
23}
24
25
26static inline u32 xswap(u32 val)
27{
28 return ((val & 0xff00ff00) >> 8) | ((val & 0x00ff00ff) << 8);
29}
30
31
32#define michael_block(l, r) \
33do { \
34 r ^= rotl(l, 17); \
35 l += r; \
36 r ^= xswap(l); \
37 l += r; \
38 r ^= rotl(l, 3); \
39 l += r; \
40 r ^= rotr(l, 2); \
41 l += r; \
42} while (0)
43
44
45static inline u32 michael_get32(u8 *data)
46{
47 return data[0] | (data[1] << 8) | (data[2] << 16) | (data[3] << 24);
48}
49
50
51static inline void michael_put32(u32 val, u8 *data)
52{
53 data[0] = val & 0xff;
54 data[1] = (val >> 8) & 0xff;
55 data[2] = (val >> 16) & 0xff;
56 data[3] = (val >> 24) & 0xff;
57}
58
59
60void michael_mic(u8 *key, u8 *da, u8 *sa, u8 priority,
61 u8 *data, size_t data_len, u8 *mic)
62{
63 u32 l, r, val;
64 size_t block, blocks, left;
65
66 l = michael_get32(key);
67 r = michael_get32(key + 4);
68
69 /* A pseudo header (DA, SA, Priority, 0, 0, 0) is used in Michael MIC
70 * calculation, but it is _not_ transmitted */
71 l ^= michael_get32(da);
72 michael_block(l, r);
73 l ^= da[4] | (da[5] << 8) | (sa[0] << 16) | (sa[1] << 24);
74 michael_block(l, r);
75 l ^= michael_get32(&sa[2]);
76 michael_block(l, r);
77 l ^= priority;
78 michael_block(l, r);
79
80 /* Real data */
81 blocks = data_len / 4;
82 left = data_len % 4;
83
84 for (block = 0; block < blocks; block++) {
85 l ^= michael_get32(&data[block * 4]);
86 michael_block(l, r);
87 }
88
89 /* Partial block of 0..3 bytes and padding: 0x5a + 4..7 zeros to make
90 * total length a multiple of 4. */
91 val = 0x5a;
92 while (left > 0) {
93 val <<= 8;
94 left--;
95 val |= data[blocks * 4 + left];
96 }
97 l ^= val;
98 michael_block(l, r);
99 /* last block is zero, so l ^ 0 = l */
100 michael_block(l, r);
101
102 michael_put32(l, mic);
103 michael_put32(r, mic + 4);
104}
diff --git a/net/mac80211/michael.h b/net/mac80211/michael.h
new file mode 100644
index 000000000000..2e6aebabeea1
--- /dev/null
+++ b/net/mac80211/michael.h
@@ -0,0 +1,20 @@
1/*
2 * Michael MIC implementation - optimized for TKIP MIC operations
3 * Copyright 2002-2003, Instant802 Networks, Inc.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 */
9
10#ifndef MICHAEL_H
11#define MICHAEL_H
12
13#include <linux/types.h>
14
15#define MICHAEL_MIC_LEN 8
16
17void michael_mic(u8 *key, u8 *da, u8 *sa, u8 priority,
18 u8 *data, size_t data_len, u8 *mic);
19
20#endif /* MICHAEL_H */
diff --git a/net/mac80211/rc80211_simple.c b/net/mac80211/rc80211_simple.c
new file mode 100644
index 000000000000..68bddaeee005
--- /dev/null
+++ b/net/mac80211/rc80211_simple.c
@@ -0,0 +1,361 @@
1/*
2 * Copyright 2002-2005, Instant802 Networks, Inc.
3 * Copyright 2005, Devicescape Software, Inc.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 */
9
10#include <linux/module.h>
11#include <linux/init.h>
12#include <linux/netdevice.h>
13#include <linux/types.h>
14#include <linux/slab.h>
15#include <linux/skbuff.h>
16#include <linux/compiler.h>
17
18#include <net/mac80211.h>
19#include "ieee80211_i.h"
20#include "ieee80211_rate.h"
21
22
23/* This is a minimal implementation of TX rate controlling that can be used
24 * as the default when no improved mechanisms are available. */
25
26
27#define RATE_CONTROL_EMERG_DEC 2
28#define RATE_CONTROL_INTERVAL (HZ / 20)
29#define RATE_CONTROL_MIN_TX 10
30
31MODULE_ALIAS("rc80211_default");
32
33static void rate_control_rate_inc(struct ieee80211_local *local,
34 struct sta_info *sta)
35{
36 struct ieee80211_sub_if_data *sdata;
37 struct ieee80211_hw_mode *mode;
38 int i = sta->txrate;
39 int maxrate;
40
41 sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev);
42 if (sdata->bss && sdata->bss->force_unicast_rateidx > -1) {
43 /* forced unicast rate - do not change STA rate */
44 return;
45 }
46
47 mode = local->oper_hw_mode;
48 maxrate = sdata->bss ? sdata->bss->max_ratectrl_rateidx : -1;
49
50 if (i > mode->num_rates)
51 i = mode->num_rates - 2;
52
53 while (i + 1 < mode->num_rates) {
54 i++;
55 if (sta->supp_rates & BIT(i) &&
56 mode->rates[i].flags & IEEE80211_RATE_SUPPORTED &&
57 (maxrate < 0 || i <= maxrate)) {
58 sta->txrate = i;
59 break;
60 }
61 }
62}
63
64
65static void rate_control_rate_dec(struct ieee80211_local *local,
66 struct sta_info *sta)
67{
68 struct ieee80211_sub_if_data *sdata;
69 struct ieee80211_hw_mode *mode;
70 int i = sta->txrate;
71
72 sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev);
73 if (sdata->bss && sdata->bss->force_unicast_rateidx > -1) {
74 /* forced unicast rate - do not change STA rate */
75 return;
76 }
77
78 mode = local->oper_hw_mode;
79 if (i > mode->num_rates)
80 i = mode->num_rates;
81
82 while (i > 0) {
83 i--;
84 if (sta->supp_rates & BIT(i) &&
85 mode->rates[i].flags & IEEE80211_RATE_SUPPORTED) {
86 sta->txrate = i;
87 break;
88 }
89 }
90}
91
92
93static struct ieee80211_rate *
94rate_control_lowest_rate(struct ieee80211_local *local,
95 struct ieee80211_hw_mode *mode)
96{
97 int i;
98
99 for (i = 0; i < mode->num_rates; i++) {
100 struct ieee80211_rate *rate = &mode->rates[i];
101
102 if (rate->flags & IEEE80211_RATE_SUPPORTED)
103 return rate;
104 }
105
106 printk(KERN_DEBUG "rate_control_lowest_rate - no supported rates "
107 "found\n");
108 return &mode->rates[0];
109}
110
111
112struct global_rate_control {
113 int dummy;
114};
115
116struct sta_rate_control {
117 unsigned long last_rate_change;
118 u32 tx_num_failures;
119 u32 tx_num_xmit;
120
121 unsigned long avg_rate_update;
122 u32 tx_avg_rate_sum;
123 u32 tx_avg_rate_num;
124};
125
126
127static void rate_control_simple_tx_status(void *priv, struct net_device *dev,
128 struct sk_buff *skb,
129 struct ieee80211_tx_status *status)
130{
131 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
132 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
133 struct sta_info *sta;
134 struct sta_rate_control *srctrl;
135
136 sta = sta_info_get(local, hdr->addr1);
137
138 if (!sta)
139 return;
140
141 srctrl = sta->rate_ctrl_priv;
142 srctrl->tx_num_xmit++;
143 if (status->excessive_retries) {
144 sta->antenna_sel_tx = sta->antenna_sel_tx == 1 ? 2 : 1;
145 sta->antenna_sel_rx = sta->antenna_sel_rx == 1 ? 2 : 1;
146 if (local->sta_antenna_sel == STA_ANTENNA_SEL_SW_CTRL_DEBUG) {
147 printk(KERN_DEBUG "%s: " MAC_FMT " TX antenna --> %d "
148 "RX antenna --> %d (@%lu)\n",
149 dev->name, MAC_ARG(hdr->addr1),
150 sta->antenna_sel_tx, sta->antenna_sel_rx, jiffies);
151 }
152 srctrl->tx_num_failures++;
153 sta->tx_retry_failed++;
154 sta->tx_num_consecutive_failures++;
155 sta->tx_num_mpdu_fail++;
156 } else {
157 sta->last_ack_rssi[0] = sta->last_ack_rssi[1];
158 sta->last_ack_rssi[1] = sta->last_ack_rssi[2];
159 sta->last_ack_rssi[2] = status->ack_signal;
160 sta->tx_num_consecutive_failures = 0;
161 sta->tx_num_mpdu_ok++;
162 }
163 sta->tx_retry_count += status->retry_count;
164 sta->tx_num_mpdu_fail += status->retry_count;
165
166 if (time_after(jiffies,
167 srctrl->last_rate_change + RATE_CONTROL_INTERVAL) &&
168 srctrl->tx_num_xmit > RATE_CONTROL_MIN_TX) {
169 u32 per_failed;
170 srctrl->last_rate_change = jiffies;
171
172 per_failed = (100 * sta->tx_num_mpdu_fail) /
173 (sta->tx_num_mpdu_fail + sta->tx_num_mpdu_ok);
174 /* TODO: calculate average per_failed to make adjusting
175 * parameters easier */
176#if 0
177 if (net_ratelimit()) {
178 printk(KERN_DEBUG "MPDU fail=%d ok=%d per_failed=%d\n",
179 sta->tx_num_mpdu_fail, sta->tx_num_mpdu_ok,
180 per_failed);
181 }
182#endif
183
184 if (per_failed > local->rate_ctrl_num_down) {
185 rate_control_rate_dec(local, sta);
186 } else if (per_failed < local->rate_ctrl_num_up) {
187 rate_control_rate_inc(local, sta);
188 }
189 srctrl->tx_avg_rate_sum += status->control.rate->rate;
190 srctrl->tx_avg_rate_num++;
191 srctrl->tx_num_failures = 0;
192 srctrl->tx_num_xmit = 0;
193 } else if (sta->tx_num_consecutive_failures >=
194 RATE_CONTROL_EMERG_DEC) {
195 rate_control_rate_dec(local, sta);
196 }
197
198 if (srctrl->avg_rate_update + 60 * HZ < jiffies) {
199 srctrl->avg_rate_update = jiffies;
200 if (srctrl->tx_avg_rate_num > 0) {
201#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
202 printk(KERN_DEBUG "%s: STA " MAC_FMT " Average rate: "
203 "%d (%d/%d)\n",
204 dev->name, MAC_ARG(sta->addr),
205 srctrl->tx_avg_rate_sum /
206 srctrl->tx_avg_rate_num,
207 srctrl->tx_avg_rate_sum,
208 srctrl->tx_avg_rate_num);
209#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
210 srctrl->tx_avg_rate_sum = 0;
211 srctrl->tx_avg_rate_num = 0;
212 }
213 }
214
215 sta_info_put(sta);
216}
217
218
219static struct ieee80211_rate *
220rate_control_simple_get_rate(void *priv, struct net_device *dev,
221 struct sk_buff *skb,
222 struct rate_control_extra *extra)
223{
224 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
225 struct ieee80211_sub_if_data *sdata;
226 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
227 struct ieee80211_hw_mode *mode = extra->mode;
228 struct sta_info *sta;
229 int rateidx, nonerp_idx;
230 u16 fc;
231
232 memset(extra, 0, sizeof(*extra));
233
234 fc = le16_to_cpu(hdr->frame_control);
235 if ((fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA ||
236 (hdr->addr1[0] & 0x01)) {
237 /* Send management frames and broadcast/multicast data using
238 * lowest rate. */
239 /* TODO: this could probably be improved.. */
240 return rate_control_lowest_rate(local, mode);
241 }
242
243 sta = sta_info_get(local, hdr->addr1);
244
245 if (!sta)
246 return rate_control_lowest_rate(local, mode);
247
248 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
249 if (sdata->bss && sdata->bss->force_unicast_rateidx > -1)
250 sta->txrate = sdata->bss->force_unicast_rateidx;
251
252 rateidx = sta->txrate;
253
254 if (rateidx >= mode->num_rates)
255 rateidx = mode->num_rates - 1;
256
257 sta->last_txrate = rateidx;
258 nonerp_idx = rateidx;
259 while (nonerp_idx > 0 &&
260 ((mode->rates[nonerp_idx].flags & IEEE80211_RATE_ERP) ||
261 !(mode->rates[nonerp_idx].flags & IEEE80211_RATE_SUPPORTED) ||
262 !(sta->supp_rates & BIT(nonerp_idx))))
263 nonerp_idx--;
264 extra->nonerp = &mode->rates[nonerp_idx];
265
266 sta_info_put(sta);
267
268 return &mode->rates[rateidx];
269}
270
271
272static void rate_control_simple_rate_init(void *priv, void *priv_sta,
273 struct ieee80211_local *local,
274 struct sta_info *sta)
275{
276 struct ieee80211_hw_mode *mode;
277 int i;
278 sta->txrate = 0;
279 mode = local->oper_hw_mode;
280 /* TODO: what is a good starting rate for STA? About middle? Maybe not
281 * the lowest or the highest rate.. Could consider using RSSI from
282 * previous packets? Need to have IEEE 802.1X auth succeed immediately
283 * after assoc.. */
284 for (i = 0; i < mode->num_rates; i++) {
285 if ((sta->supp_rates & BIT(i)) &&
286 (mode->rates[i].flags & IEEE80211_RATE_SUPPORTED))
287 sta->txrate = i;
288 }
289}
290
291
292static void * rate_control_simple_alloc(struct ieee80211_local *local)
293{
294 struct global_rate_control *rctrl;
295
296 rctrl = kzalloc(sizeof(*rctrl), GFP_ATOMIC);
297
298 return rctrl;
299}
300
301
302static void rate_control_simple_free(void *priv)
303{
304 struct global_rate_control *rctrl = priv;
305 kfree(rctrl);
306}
307
308
309static void rate_control_simple_clear(void *priv)
310{
311}
312
313
314static void * rate_control_simple_alloc_sta(void *priv, gfp_t gfp)
315{
316 struct sta_rate_control *rctrl;
317
318 rctrl = kzalloc(sizeof(*rctrl), gfp);
319
320 return rctrl;
321}
322
323
324static void rate_control_simple_free_sta(void *priv, void *priv_sta)
325{
326 struct sta_rate_control *rctrl = priv_sta;
327 kfree(rctrl);
328}
329
330
331static struct rate_control_ops rate_control_simple = {
332 .module = THIS_MODULE,
333 .name = "simple",
334 .tx_status = rate_control_simple_tx_status,
335 .get_rate = rate_control_simple_get_rate,
336 .rate_init = rate_control_simple_rate_init,
337 .clear = rate_control_simple_clear,
338 .alloc = rate_control_simple_alloc,
339 .free = rate_control_simple_free,
340 .alloc_sta = rate_control_simple_alloc_sta,
341 .free_sta = rate_control_simple_free_sta,
342};
343
344
345static int __init rate_control_simple_init(void)
346{
347 return ieee80211_rate_control_register(&rate_control_simple);
348}
349
350
351static void __exit rate_control_simple_exit(void)
352{
353 ieee80211_rate_control_unregister(&rate_control_simple);
354}
355
356
357module_init(rate_control_simple_init);
358module_exit(rate_control_simple_exit);
359
360MODULE_DESCRIPTION("Simple rate control algorithm for ieee80211");
361MODULE_LICENSE("GPL");
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
new file mode 100644
index 000000000000..cddaf578dc8f
--- /dev/null
+++ b/net/mac80211/sta_info.c
@@ -0,0 +1,386 @@
1/*
2 * Copyright 2002-2005, Instant802 Networks, Inc.
3 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 */
9
10#include <linux/module.h>
11#include <linux/init.h>
12#include <linux/netdevice.h>
13#include <linux/types.h>
14#include <linux/slab.h>
15#include <linux/skbuff.h>
16#include <linux/if_arp.h>
17
18#include <net/mac80211.h>
19#include "ieee80211_i.h"
20#include "ieee80211_rate.h"
21#include "sta_info.h"
22
23/* Caller must hold local->sta_lock */
24static void sta_info_hash_add(struct ieee80211_local *local,
25 struct sta_info *sta)
26{
27 sta->hnext = local->sta_hash[STA_HASH(sta->addr)];
28 local->sta_hash[STA_HASH(sta->addr)] = sta;
29}
30
31
32/* Caller must hold local->sta_lock */
33static void sta_info_hash_del(struct ieee80211_local *local,
34 struct sta_info *sta)
35{
36 struct sta_info *s;
37
38 s = local->sta_hash[STA_HASH(sta->addr)];
39 if (!s)
40 return;
41 if (memcmp(s->addr, sta->addr, ETH_ALEN) == 0) {
42 local->sta_hash[STA_HASH(sta->addr)] = s->hnext;
43 return;
44 }
45
46 while (s->hnext && memcmp(s->hnext->addr, sta->addr, ETH_ALEN) != 0)
47 s = s->hnext;
48 if (s->hnext)
49 s->hnext = s->hnext->hnext;
50 else
51 printk(KERN_ERR "%s: could not remove STA " MAC_FMT " from "
52 "hash table\n", local->mdev->name, MAC_ARG(sta->addr));
53}
54
55static inline void __sta_info_get(struct sta_info *sta)
56{
57 kref_get(&sta->kref);
58}
59
60struct sta_info *sta_info_get(struct ieee80211_local *local, u8 *addr)
61{
62 struct sta_info *sta;
63
64 spin_lock_bh(&local->sta_lock);
65 sta = local->sta_hash[STA_HASH(addr)];
66 while (sta) {
67 if (memcmp(sta->addr, addr, ETH_ALEN) == 0) {
68 __sta_info_get(sta);
69 break;
70 }
71 sta = sta->hnext;
72 }
73 spin_unlock_bh(&local->sta_lock);
74
75 return sta;
76}
77EXPORT_SYMBOL(sta_info_get);
78
79int sta_info_min_txrate_get(struct ieee80211_local *local)
80{
81 struct sta_info *sta;
82 struct ieee80211_hw_mode *mode;
83 int min_txrate = 9999999;
84 int i;
85
86 spin_lock_bh(&local->sta_lock);
87 mode = local->oper_hw_mode;
88 for (i = 0; i < STA_HASH_SIZE; i++) {
89 sta = local->sta_hash[i];
90 while (sta) {
91 if (sta->txrate < min_txrate)
92 min_txrate = sta->txrate;
93 sta = sta->hnext;
94 }
95 }
96 spin_unlock_bh(&local->sta_lock);
97 if (min_txrate == 9999999)
98 min_txrate = 0;
99
100 return mode->rates[min_txrate].rate;
101}
102
103
104static void sta_info_release(struct kref *kref)
105{
106 struct sta_info *sta = container_of(kref, struct sta_info, kref);
107 struct ieee80211_local *local = sta->local;
108 struct sk_buff *skb;
109
110 /* free sta structure; it has already been removed from
111 * hash table etc. external structures. Make sure that all
112 * buffered frames are release (one might have been added
113 * after sta_info_free() was called). */
114 while ((skb = skb_dequeue(&sta->ps_tx_buf)) != NULL) {
115 local->total_ps_buffered--;
116 dev_kfree_skb_any(skb);
117 }
118 while ((skb = skb_dequeue(&sta->tx_filtered)) != NULL) {
119 dev_kfree_skb_any(skb);
120 }
121 rate_control_free_sta(sta->rate_ctrl, sta->rate_ctrl_priv);
122 rate_control_put(sta->rate_ctrl);
123 kfree(sta);
124}
125
126
127void sta_info_put(struct sta_info *sta)
128{
129 kref_put(&sta->kref, sta_info_release);
130}
131EXPORT_SYMBOL(sta_info_put);
132
133
134struct sta_info * sta_info_add(struct ieee80211_local *local,
135 struct net_device *dev, u8 *addr, gfp_t gfp)
136{
137 struct sta_info *sta;
138
139 sta = kzalloc(sizeof(*sta), gfp);
140 if (!sta)
141 return NULL;
142
143 kref_init(&sta->kref);
144
145 sta->rate_ctrl = rate_control_get(local->rate_ctrl);
146 sta->rate_ctrl_priv = rate_control_alloc_sta(sta->rate_ctrl, gfp);
147 if (!sta->rate_ctrl_priv) {
148 rate_control_put(sta->rate_ctrl);
149 kref_put(&sta->kref, sta_info_release);
150 kfree(sta);
151 return NULL;
152 }
153
154 memcpy(sta->addr, addr, ETH_ALEN);
155 sta->local = local;
156 sta->dev = dev;
157 skb_queue_head_init(&sta->ps_tx_buf);
158 skb_queue_head_init(&sta->tx_filtered);
159 __sta_info_get(sta); /* sta used by caller, decremented by
160 * sta_info_put() */
161 spin_lock_bh(&local->sta_lock);
162 list_add(&sta->list, &local->sta_list);
163 local->num_sta++;
164 sta_info_hash_add(local, sta);
165 spin_unlock_bh(&local->sta_lock);
166 if (local->ops->sta_table_notification)
167 local->ops->sta_table_notification(local_to_hw(local),
168 local->num_sta);
169 sta->key_idx_compression = HW_KEY_IDX_INVALID;
170
171#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
172 printk(KERN_DEBUG "%s: Added STA " MAC_FMT "\n",
173 local->mdev->name, MAC_ARG(addr));
174#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
175
176 return sta;
177}
178
179static void sta_info_remove(struct sta_info *sta)
180{
181 struct ieee80211_local *local = sta->local;
182 struct ieee80211_sub_if_data *sdata;
183
184 sta_info_hash_del(local, sta);
185 list_del(&sta->list);
186 sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev);
187 if (sta->flags & WLAN_STA_PS) {
188 sta->flags &= ~WLAN_STA_PS;
189 if (sdata->bss)
190 atomic_dec(&sdata->bss->num_sta_ps);
191 }
192 local->num_sta--;
193 sta_info_remove_aid_ptr(sta);
194}
195
196void sta_info_free(struct sta_info *sta, int locked)
197{
198 struct sk_buff *skb;
199 struct ieee80211_local *local = sta->local;
200
201 if (!locked) {
202 spin_lock_bh(&local->sta_lock);
203 sta_info_remove(sta);
204 spin_unlock_bh(&local->sta_lock);
205 } else {
206 sta_info_remove(sta);
207 }
208 if (local->ops->sta_table_notification)
209 local->ops->sta_table_notification(local_to_hw(local),
210 local->num_sta);
211
212 while ((skb = skb_dequeue(&sta->ps_tx_buf)) != NULL) {
213 local->total_ps_buffered--;
214 dev_kfree_skb_any(skb);
215 }
216 while ((skb = skb_dequeue(&sta->tx_filtered)) != NULL) {
217 dev_kfree_skb_any(skb);
218 }
219
220 if (sta->key) {
221 if (local->ops->set_key) {
222 struct ieee80211_key_conf *key;
223 key = ieee80211_key_data2conf(local, sta->key);
224 if (key) {
225 local->ops->set_key(local_to_hw(local),
226 DISABLE_KEY,
227 sta->addr, key, sta->aid);
228 kfree(key);
229 }
230 }
231 } else if (sta->key_idx_compression != HW_KEY_IDX_INVALID) {
232 struct ieee80211_key_conf conf;
233 memset(&conf, 0, sizeof(conf));
234 conf.hw_key_idx = sta->key_idx_compression;
235 conf.alg = ALG_NULL;
236 conf.flags |= IEEE80211_KEY_FORCE_SW_ENCRYPT;
237 local->ops->set_key(local_to_hw(local), DISABLE_KEY,
238 sta->addr, &conf, sta->aid);
239 sta->key_idx_compression = HW_KEY_IDX_INVALID;
240 }
241
242#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
243 printk(KERN_DEBUG "%s: Removed STA " MAC_FMT "\n",
244 local->mdev->name, MAC_ARG(sta->addr));
245#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
246
247 if (sta->key) {
248 ieee80211_key_free(sta->key);
249 sta->key = NULL;
250 }
251
252 sta_info_put(sta);
253}
254
255
256static inline int sta_info_buffer_expired(struct ieee80211_local *local,
257 struct sta_info *sta,
258 struct sk_buff *skb)
259{
260 struct ieee80211_tx_packet_data *pkt_data;
261 int timeout;
262
263 if (!skb)
264 return 0;
265
266 pkt_data = (struct ieee80211_tx_packet_data *) skb->cb;
267
268 /* Timeout: (2 * listen_interval * beacon_int * 1024 / 1000000) sec */
269 timeout = (sta->listen_interval * local->hw.conf.beacon_int * 32 /
270 15625) * HZ;
271 if (timeout < STA_TX_BUFFER_EXPIRE)
272 timeout = STA_TX_BUFFER_EXPIRE;
273 return time_after(jiffies, pkt_data->jiffies + timeout);
274}
275
276
277static void sta_info_cleanup_expire_buffered(struct ieee80211_local *local,
278 struct sta_info *sta)
279{
280 unsigned long flags;
281 struct sk_buff *skb;
282
283 if (skb_queue_empty(&sta->ps_tx_buf))
284 return;
285
286 for (;;) {
287 spin_lock_irqsave(&sta->ps_tx_buf.lock, flags);
288 skb = skb_peek(&sta->ps_tx_buf);
289 if (sta_info_buffer_expired(local, sta, skb)) {
290 skb = __skb_dequeue(&sta->ps_tx_buf);
291 if (skb_queue_empty(&sta->ps_tx_buf))
292 sta->flags &= ~WLAN_STA_TIM;
293 } else
294 skb = NULL;
295 spin_unlock_irqrestore(&sta->ps_tx_buf.lock, flags);
296
297 if (skb) {
298 local->total_ps_buffered--;
299 printk(KERN_DEBUG "Buffered frame expired (STA "
300 MAC_FMT ")\n", MAC_ARG(sta->addr));
301 dev_kfree_skb(skb);
302 } else
303 break;
304 }
305}
306
307
308static void sta_info_cleanup(unsigned long data)
309{
310 struct ieee80211_local *local = (struct ieee80211_local *) data;
311 struct sta_info *sta;
312
313 spin_lock_bh(&local->sta_lock);
314 list_for_each_entry(sta, &local->sta_list, list) {
315 __sta_info_get(sta);
316 sta_info_cleanup_expire_buffered(local, sta);
317 sta_info_put(sta);
318 }
319 spin_unlock_bh(&local->sta_lock);
320
321 local->sta_cleanup.expires = jiffies + STA_INFO_CLEANUP_INTERVAL;
322 add_timer(&local->sta_cleanup);
323}
324
325void sta_info_init(struct ieee80211_local *local)
326{
327 spin_lock_init(&local->sta_lock);
328 INIT_LIST_HEAD(&local->sta_list);
329 INIT_LIST_HEAD(&local->deleted_sta_list);
330
331 init_timer(&local->sta_cleanup);
332 local->sta_cleanup.expires = jiffies + STA_INFO_CLEANUP_INTERVAL;
333 local->sta_cleanup.data = (unsigned long) local;
334 local->sta_cleanup.function = sta_info_cleanup;
335}
336
337int sta_info_start(struct ieee80211_local *local)
338{
339 add_timer(&local->sta_cleanup);
340 return 0;
341}
342
343void sta_info_stop(struct ieee80211_local *local)
344{
345 struct sta_info *sta, *tmp;
346
347 del_timer(&local->sta_cleanup);
348
349 list_for_each_entry_safe(sta, tmp, &local->sta_list, list) {
350 /* We don't need locking at this point. */
351 sta_info_free(sta, 0);
352 }
353}
354
355void sta_info_remove_aid_ptr(struct sta_info *sta)
356{
357 struct ieee80211_sub_if_data *sdata;
358
359 if (sta->aid <= 0)
360 return;
361
362 sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev);
363
364 if (sdata->local->ops->set_tim)
365 sdata->local->ops->set_tim(local_to_hw(sdata->local),
366 sta->aid, 0);
367 if (sdata->bss)
368 __bss_tim_clear(sdata->bss, sta->aid);
369}
370
371
372/**
373 * sta_info_flush - flush matching STA entries from the STA table
374 * @local: local interface data
375 * @dev: matching rule for the net device (sta->dev) or %NULL to match all STAs
376 */
377void sta_info_flush(struct ieee80211_local *local, struct net_device *dev)
378{
379 struct sta_info *sta, *tmp;
380
381 spin_lock_bh(&local->sta_lock);
382 list_for_each_entry_safe(sta, tmp, &local->sta_list, list)
383 if (!dev || dev == sta->dev)
384 sta_info_free(sta, 1);
385 spin_unlock_bh(&local->sta_lock);
386}
diff --git a/net/mac80211/sta_info.h b/net/mac80211/sta_info.h
new file mode 100644
index 000000000000..f26e1c294395
--- /dev/null
+++ b/net/mac80211/sta_info.h
@@ -0,0 +1,145 @@
1/*
2 * Copyright 2002-2005, Devicescape Software, Inc.
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License version 2 as
6 * published by the Free Software Foundation.
7 */
8
9#ifndef STA_INFO_H
10#define STA_INFO_H
11
12#include <linux/list.h>
13#include <linux/types.h>
14#include <linux/if_ether.h>
15#include <linux/kref.h>
16#include "ieee80211_key.h"
17
18/* Stations flags (struct sta_info::flags) */
19#define WLAN_STA_AUTH BIT(0)
20#define WLAN_STA_ASSOC BIT(1)
21#define WLAN_STA_PS BIT(2)
22#define WLAN_STA_TIM BIT(3) /* TIM bit is on for PS stations */
23#define WLAN_STA_PERM BIT(4) /* permanent; do not remove entry on expiration */
24#define WLAN_STA_AUTHORIZED BIT(5) /* If 802.1X is used, this flag is
25 * controlling whether STA is authorized to
26 * send and receive non-IEEE 802.1X frames
27 */
28#define WLAN_STA_SHORT_PREAMBLE BIT(7)
29#define WLAN_STA_WME BIT(9)
30#define WLAN_STA_WDS BIT(27)
31
32
33struct sta_info {
34 struct kref kref;
35 struct list_head list;
36 struct sta_info *hnext; /* next entry in hash table list */
37
38 struct ieee80211_local *local;
39
40 u8 addr[ETH_ALEN];
41 u16 aid; /* STA's unique AID (1..2007), 0 = not yet assigned */
42 u32 flags; /* WLAN_STA_ */
43
44 struct sk_buff_head ps_tx_buf; /* buffer of TX frames for station in
45 * power saving state */
46 int pspoll; /* whether STA has send a PS Poll frame */
47 struct sk_buff_head tx_filtered; /* buffer of TX frames that were
48 * already given to low-level driver,
49 * but were filtered */
50 int clear_dst_mask;
51
52 unsigned long rx_packets, tx_packets; /* number of RX/TX MSDUs */
53 unsigned long rx_bytes, tx_bytes;
54 unsigned long tx_retry_failed, tx_retry_count;
55 unsigned long tx_filtered_count;
56
57 unsigned int wep_weak_iv_count; /* number of RX frames with weak IV */
58
59 unsigned long last_rx;
60 u32 supp_rates; /* bitmap of supported rates in local->curr_rates */
61 int txrate; /* index in local->curr_rates */
62 int last_txrate; /* last rate used to send a frame to this STA */
63 int last_nonerp_idx;
64
65 struct net_device *dev; /* which net device is this station associated
66 * to */
67
68 struct ieee80211_key *key;
69
70 u32 tx_num_consecutive_failures;
71 u32 tx_num_mpdu_ok;
72 u32 tx_num_mpdu_fail;
73
74 struct rate_control_ref *rate_ctrl;
75 void *rate_ctrl_priv;
76
77 /* last received seq/frag number from this STA (per RX queue) */
78 __le16 last_seq_ctrl[NUM_RX_DATA_QUEUES];
79 unsigned long num_duplicates; /* number of duplicate frames received
80 * from this STA */
81 unsigned long tx_fragments; /* number of transmitted MPDUs */
82 unsigned long rx_fragments; /* number of received MPDUs */
83 unsigned long rx_dropped; /* number of dropped MPDUs from this STA */
84
85 int last_rssi; /* RSSI of last received frame from this STA */
86 int last_signal; /* signal of last received frame from this STA */
87 int last_noise; /* noise of last received frame from this STA */
88 int last_ack_rssi[3]; /* RSSI of last received ACKs from this STA */
89 unsigned long last_ack;
90 int channel_use;
91 int channel_use_raw;
92
93 u8 antenna_sel_tx;
94 u8 antenna_sel_rx;
95
96
97 int key_idx_compression; /* key table index for compression and TX
98 * filtering; used only if sta->key is not
99 * set */
100
101 int assoc_ap; /* whether this is an AP that we are
102 * associated with as a client */
103
104#ifdef CONFIG_MAC80211_DEBUG_COUNTERS
105 unsigned int wme_rx_queue[NUM_RX_DATA_QUEUES];
106 unsigned int wme_tx_queue[NUM_RX_DATA_QUEUES];
107#endif /* CONFIG_MAC80211_DEBUG_COUNTERS */
108
109 int vlan_id;
110
111 u16 listen_interval;
112};
113
114
115/* Maximum number of concurrently registered stations */
116#define MAX_STA_COUNT 2007
117
118#define STA_HASH_SIZE 256
119#define STA_HASH(sta) (sta[5])
120
121
122/* Maximum number of frames to buffer per power saving station */
123#define STA_MAX_TX_BUFFER 128
124
125/* Minimum buffered frame expiry time. If STA uses listen interval that is
126 * smaller than this value, the minimum value here is used instead. */
127#define STA_TX_BUFFER_EXPIRE (10 * HZ)
128
129/* How often station data is cleaned up (e.g., expiration of buffered frames)
130 */
131#define STA_INFO_CLEANUP_INTERVAL (10 * HZ)
132
133struct sta_info * sta_info_get(struct ieee80211_local *local, u8 *addr);
134int sta_info_min_txrate_get(struct ieee80211_local *local);
135void sta_info_put(struct sta_info *sta);
136struct sta_info * sta_info_add(struct ieee80211_local *local,
137 struct net_device *dev, u8 *addr, gfp_t gfp);
138void sta_info_free(struct sta_info *sta, int locked);
139void sta_info_init(struct ieee80211_local *local);
140int sta_info_start(struct ieee80211_local *local);
141void sta_info_stop(struct ieee80211_local *local);
142void sta_info_remove_aid_ptr(struct sta_info *sta);
143void sta_info_flush(struct ieee80211_local *local, struct net_device *dev);
144
145#endif /* STA_INFO_H */
diff --git a/net/mac80211/tkip.c b/net/mac80211/tkip.c
new file mode 100644
index 000000000000..41621720e560
--- /dev/null
+++ b/net/mac80211/tkip.c
@@ -0,0 +1,341 @@
1/*
2 * Copyright 2002-2004, Instant802 Networks, Inc.
3 * Copyright 2005, Devicescape Software, Inc.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 */
9
10#include <linux/kernel.h>
11#include <linux/types.h>
12#include <linux/netdevice.h>
13
14#include <net/mac80211.h>
15#include "ieee80211_key.h"
16#include "tkip.h"
17#include "wep.h"
18
19
20/* TKIP key mixing functions */
21
22
23#define PHASE1_LOOP_COUNT 8
24
25
26/* 2-byte by 2-byte subset of the full AES S-box table; second part of this
27 * table is identical to first part but byte-swapped */
28static const u16 tkip_sbox[256] =
29{
30 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
31 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
32 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
33 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
34 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
35 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
36 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
37 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
38 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
39 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
40 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
41 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
42 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
43 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
44 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
45 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
46 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
47 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
48 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
49 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
50 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
51 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
52 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
53 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
54 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
55 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
56 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
57 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
58 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
59 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
60 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
61 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
62};
63
64
65static inline u16 Mk16(u8 x, u8 y)
66{
67 return ((u16) x << 8) | (u16) y;
68}
69
70
71static inline u8 Hi8(u16 v)
72{
73 return v >> 8;
74}
75
76
77static inline u8 Lo8(u16 v)
78{
79 return v & 0xff;
80}
81
82
83static inline u16 Hi16(u32 v)
84{
85 return v >> 16;
86}
87
88
89static inline u16 Lo16(u32 v)
90{
91 return v & 0xffff;
92}
93
94
95static inline u16 RotR1(u16 v)
96{
97 return (v >> 1) | ((v & 0x0001) << 15);
98}
99
100
101static inline u16 tkip_S(u16 val)
102{
103 u16 a = tkip_sbox[Hi8(val)];
104
105 return tkip_sbox[Lo8(val)] ^ Hi8(a) ^ (Lo8(a) << 8);
106}
107
108
109
110/* P1K := Phase1(TA, TK, TSC)
111 * TA = transmitter address (48 bits)
112 * TK = dot11DefaultKeyValue or dot11KeyMappingValue (128 bits)
113 * TSC = TKIP sequence counter (48 bits, only 32 msb bits used)
114 * P1K: 80 bits
115 */
116static void tkip_mixing_phase1(const u8 *ta, const u8 *tk, u32 tsc_IV32,
117 u16 *p1k)
118{
119 int i, j;
120
121 p1k[0] = Lo16(tsc_IV32);
122 p1k[1] = Hi16(tsc_IV32);
123 p1k[2] = Mk16(ta[1], ta[0]);
124 p1k[3] = Mk16(ta[3], ta[2]);
125 p1k[4] = Mk16(ta[5], ta[4]);
126
127 for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
128 j = 2 * (i & 1);
129 p1k[0] += tkip_S(p1k[4] ^ Mk16(tk[ 1 + j], tk[ 0 + j]));
130 p1k[1] += tkip_S(p1k[0] ^ Mk16(tk[ 5 + j], tk[ 4 + j]));
131 p1k[2] += tkip_S(p1k[1] ^ Mk16(tk[ 9 + j], tk[ 8 + j]));
132 p1k[3] += tkip_S(p1k[2] ^ Mk16(tk[13 + j], tk[12 + j]));
133 p1k[4] += tkip_S(p1k[3] ^ Mk16(tk[ 1 + j], tk[ 0 + j])) + i;
134 }
135}
136
137
138static void tkip_mixing_phase2(const u16 *p1k, const u8 *tk, u16 tsc_IV16,
139 u8 *rc4key)
140{
141 u16 ppk[6];
142 int i;
143
144 ppk[0] = p1k[0];
145 ppk[1] = p1k[1];
146 ppk[2] = p1k[2];
147 ppk[3] = p1k[3];
148 ppk[4] = p1k[4];
149 ppk[5] = p1k[4] + tsc_IV16;
150
151 ppk[0] += tkip_S(ppk[5] ^ Mk16(tk[ 1], tk[ 0]));
152 ppk[1] += tkip_S(ppk[0] ^ Mk16(tk[ 3], tk[ 2]));
153 ppk[2] += tkip_S(ppk[1] ^ Mk16(tk[ 5], tk[ 4]));
154 ppk[3] += tkip_S(ppk[2] ^ Mk16(tk[ 7], tk[ 6]));
155 ppk[4] += tkip_S(ppk[3] ^ Mk16(tk[ 9], tk[ 8]));
156 ppk[5] += tkip_S(ppk[4] ^ Mk16(tk[11], tk[10]));
157 ppk[0] += RotR1(ppk[5] ^ Mk16(tk[13], tk[12]));
158 ppk[1] += RotR1(ppk[0] ^ Mk16(tk[15], tk[14]));
159 ppk[2] += RotR1(ppk[1]);
160 ppk[3] += RotR1(ppk[2]);
161 ppk[4] += RotR1(ppk[3]);
162 ppk[5] += RotR1(ppk[4]);
163
164 rc4key[0] = Hi8(tsc_IV16);
165 rc4key[1] = (Hi8(tsc_IV16) | 0x20) & 0x7f;
166 rc4key[2] = Lo8(tsc_IV16);
167 rc4key[3] = Lo8((ppk[5] ^ Mk16(tk[1], tk[0])) >> 1);
168
169 for (i = 0; i < 6; i++) {
170 rc4key[4 + 2 * i] = Lo8(ppk[i]);
171 rc4key[5 + 2 * i] = Hi8(ppk[i]);
172 }
173}
174
175
176/* Add TKIP IV and Ext. IV at @pos. @iv0, @iv1, and @iv2 are the first octets
177 * of the IV. Returns pointer to the octet following IVs (i.e., beginning of
178 * the packet payload). */
179u8 * ieee80211_tkip_add_iv(u8 *pos, struct ieee80211_key *key,
180 u8 iv0, u8 iv1, u8 iv2)
181{
182 *pos++ = iv0;
183 *pos++ = iv1;
184 *pos++ = iv2;
185 *pos++ = (key->keyidx << 6) | (1 << 5) /* Ext IV */;
186 *pos++ = key->u.tkip.iv32 & 0xff;
187 *pos++ = (key->u.tkip.iv32 >> 8) & 0xff;
188 *pos++ = (key->u.tkip.iv32 >> 16) & 0xff;
189 *pos++ = (key->u.tkip.iv32 >> 24) & 0xff;
190 return pos;
191}
192
193
194void ieee80211_tkip_gen_phase1key(struct ieee80211_key *key, u8 *ta,
195 u16 *phase1key)
196{
197 tkip_mixing_phase1(ta, &key->key[ALG_TKIP_TEMP_ENCR_KEY],
198 key->u.tkip.iv32, phase1key);
199}
200
201void ieee80211_tkip_gen_rc4key(struct ieee80211_key *key, u8 *ta,
202 u8 *rc4key)
203{
204 /* Calculate per-packet key */
205 if (key->u.tkip.iv16 == 0 || !key->u.tkip.tx_initialized) {
206 /* IV16 wrapped around - perform TKIP phase 1 */
207 tkip_mixing_phase1(ta, &key->key[ALG_TKIP_TEMP_ENCR_KEY],
208 key->u.tkip.iv32, key->u.tkip.p1k);
209 key->u.tkip.tx_initialized = 1;
210 }
211
212 tkip_mixing_phase2(key->u.tkip.p1k, &key->key[ALG_TKIP_TEMP_ENCR_KEY],
213 key->u.tkip.iv16, rc4key);
214}
215
216/* Encrypt packet payload with TKIP using @key. @pos is a pointer to the
217 * beginning of the buffer containing payload. This payload must include
218 * headroom of eight octets for IV and Ext. IV and taildroom of four octets
219 * for ICV. @payload_len is the length of payload (_not_ including extra
220 * headroom and tailroom). @ta is the transmitter addresses. */
221void ieee80211_tkip_encrypt_data(struct crypto_blkcipher *tfm,
222 struct ieee80211_key *key,
223 u8 *pos, size_t payload_len, u8 *ta)
224{
225 u8 rc4key[16];
226
227 ieee80211_tkip_gen_rc4key(key, ta, rc4key);
228 pos = ieee80211_tkip_add_iv(pos, key, rc4key[0], rc4key[1], rc4key[2]);
229 ieee80211_wep_encrypt_data(tfm, rc4key, 16, pos, payload_len);
230}
231
232
233/* Decrypt packet payload with TKIP using @key. @pos is a pointer to the
234 * beginning of the buffer containing IEEE 802.11 header payload, i.e.,
235 * including IV, Ext. IV, real data, Michael MIC, ICV. @payload_len is the
236 * length of payload, including IV, Ext. IV, MIC, ICV. */
237int ieee80211_tkip_decrypt_data(struct crypto_blkcipher *tfm,
238 struct ieee80211_key *key,
239 u8 *payload, size_t payload_len, u8 *ta,
240 int only_iv, int queue)
241{
242 u32 iv32;
243 u32 iv16;
244 u8 rc4key[16], keyid, *pos = payload;
245 int res;
246
247 if (payload_len < 12)
248 return -1;
249
250 iv16 = (pos[0] << 8) | pos[2];
251 keyid = pos[3];
252 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
253 pos += 8;
254#ifdef CONFIG_TKIP_DEBUG
255 {
256 int i;
257 printk(KERN_DEBUG "TKIP decrypt: data(len=%zd)", payload_len);
258 for (i = 0; i < payload_len; i++)
259 printk(" %02x", payload[i]);
260 printk("\n");
261 printk(KERN_DEBUG "TKIP decrypt: iv16=%04x iv32=%08x\n",
262 iv16, iv32);
263 }
264#endif /* CONFIG_TKIP_DEBUG */
265
266 if (!(keyid & (1 << 5)))
267 return TKIP_DECRYPT_NO_EXT_IV;
268
269 if ((keyid >> 6) != key->keyidx)
270 return TKIP_DECRYPT_INVALID_KEYIDX;
271
272 if (key->u.tkip.rx_initialized[queue] &&
273 (iv32 < key->u.tkip.iv32_rx[queue] ||
274 (iv32 == key->u.tkip.iv32_rx[queue] &&
275 iv16 <= key->u.tkip.iv16_rx[queue]))) {
276#ifdef CONFIG_TKIP_DEBUG
277 printk(KERN_DEBUG "TKIP replay detected for RX frame from "
278 MAC_FMT " (RX IV (%04x,%02x) <= prev. IV (%04x,%02x)\n",
279 MAC_ARG(ta),
280 iv32, iv16, key->u.tkip.iv32_rx[queue],
281 key->u.tkip.iv16_rx[queue]);
282#endif /* CONFIG_TKIP_DEBUG */
283 return TKIP_DECRYPT_REPLAY;
284 }
285
286 if (only_iv) {
287 res = TKIP_DECRYPT_OK;
288 key->u.tkip.rx_initialized[queue] = 1;
289 goto done;
290 }
291
292 if (!key->u.tkip.rx_initialized[queue] ||
293 key->u.tkip.iv32_rx[queue] != iv32) {
294 key->u.tkip.rx_initialized[queue] = 1;
295 /* IV16 wrapped around - perform TKIP phase 1 */
296 tkip_mixing_phase1(ta, &key->key[ALG_TKIP_TEMP_ENCR_KEY],
297 iv32, key->u.tkip.p1k_rx[queue]);
298#ifdef CONFIG_TKIP_DEBUG
299 {
300 int i;
301 printk(KERN_DEBUG "TKIP decrypt: Phase1 TA=" MAC_FMT
302 " TK=", MAC_ARG(ta));
303 for (i = 0; i < 16; i++)
304 printk("%02x ",
305 key->key[ALG_TKIP_TEMP_ENCR_KEY + i]);
306 printk("\n");
307 printk(KERN_DEBUG "TKIP decrypt: P1K=");
308 for (i = 0; i < 5; i++)
309 printk("%04x ", key->u.tkip.p1k_rx[queue][i]);
310 printk("\n");
311 }
312#endif /* CONFIG_TKIP_DEBUG */
313 }
314
315 tkip_mixing_phase2(key->u.tkip.p1k_rx[queue],
316 &key->key[ALG_TKIP_TEMP_ENCR_KEY],
317 iv16, rc4key);
318#ifdef CONFIG_TKIP_DEBUG
319 {
320 int i;
321 printk(KERN_DEBUG "TKIP decrypt: Phase2 rc4key=");
322 for (i = 0; i < 16; i++)
323 printk("%02x ", rc4key[i]);
324 printk("\n");
325 }
326#endif /* CONFIG_TKIP_DEBUG */
327
328 res = ieee80211_wep_decrypt_data(tfm, rc4key, 16, pos, payload_len - 12);
329 done:
330 if (res == TKIP_DECRYPT_OK) {
331 /* FIX: these should be updated only after Michael MIC has been
332 * verified */
333 /* Record previously received IV */
334 key->u.tkip.iv32_rx[queue] = iv32;
335 key->u.tkip.iv16_rx[queue] = iv16;
336 }
337
338 return res;
339}
340
341
diff --git a/net/mac80211/tkip.h b/net/mac80211/tkip.h
new file mode 100644
index 000000000000..a0d181a18049
--- /dev/null
+++ b/net/mac80211/tkip.h
@@ -0,0 +1,36 @@
1/*
2 * Copyright 2002-2004, Instant802 Networks, Inc.
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License version 2 as
6 * published by the Free Software Foundation.
7 */
8
9#ifndef TKIP_H
10#define TKIP_H
11
12#include <linux/types.h>
13#include <linux/crypto.h>
14#include "ieee80211_key.h"
15
16u8 * ieee80211_tkip_add_iv(u8 *pos, struct ieee80211_key *key,
17 u8 iv0, u8 iv1, u8 iv2);
18void ieee80211_tkip_gen_phase1key(struct ieee80211_key *key, u8 *ta,
19 u16 *phase1key);
20void ieee80211_tkip_gen_rc4key(struct ieee80211_key *key, u8 *ta,
21 u8 *rc4key);
22void ieee80211_tkip_encrypt_data(struct crypto_blkcipher *tfm,
23 struct ieee80211_key *key,
24 u8 *pos, size_t payload_len, u8 *ta);
25enum {
26 TKIP_DECRYPT_OK = 0,
27 TKIP_DECRYPT_NO_EXT_IV = -1,
28 TKIP_DECRYPT_INVALID_KEYIDX = -2,
29 TKIP_DECRYPT_REPLAY = -3,
30};
31int ieee80211_tkip_decrypt_data(struct crypto_blkcipher *tfm,
32 struct ieee80211_key *key,
33 u8 *payload, size_t payload_len, u8 *ta,
34 int only_iv, int queue);
35
36#endif /* TKIP_H */
diff --git a/net/mac80211/wep.c b/net/mac80211/wep.c
new file mode 100644
index 000000000000..1ad3d75281cc
--- /dev/null
+++ b/net/mac80211/wep.c
@@ -0,0 +1,328 @@
1/*
2 * Software WEP encryption implementation
3 * Copyright 2002, Jouni Malinen <jkmaline@cc.hut.fi>
4 * Copyright 2003, Instant802 Networks, Inc.
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation.
9 */
10
11#include <linux/netdevice.h>
12#include <linux/types.h>
13#include <linux/random.h>
14#include <linux/compiler.h>
15#include <linux/crc32.h>
16#include <linux/crypto.h>
17#include <linux/err.h>
18#include <linux/mm.h>
19#include <asm/scatterlist.h>
20
21#include <net/mac80211.h>
22#include "ieee80211_i.h"
23#include "wep.h"
24
25
26int ieee80211_wep_init(struct ieee80211_local *local)
27{
28 /* start WEP IV from a random value */
29 get_random_bytes(&local->wep_iv, WEP_IV_LEN);
30
31 local->wep_tx_tfm = crypto_alloc_blkcipher("ecb(arc4)", 0,
32 CRYPTO_ALG_ASYNC);
33 if (IS_ERR(local->wep_tx_tfm))
34 return -ENOMEM;
35
36 local->wep_rx_tfm = crypto_alloc_blkcipher("ecb(arc4)", 0,
37 CRYPTO_ALG_ASYNC);
38 if (IS_ERR(local->wep_rx_tfm)) {
39 crypto_free_blkcipher(local->wep_tx_tfm);
40 return -ENOMEM;
41 }
42
43 return 0;
44}
45
46void ieee80211_wep_free(struct ieee80211_local *local)
47{
48 crypto_free_blkcipher(local->wep_tx_tfm);
49 crypto_free_blkcipher(local->wep_rx_tfm);
50}
51
52static inline int ieee80211_wep_weak_iv(u32 iv, int keylen)
53{
54 /* Fluhrer, Mantin, and Shamir have reported weaknesses in the
55 * key scheduling algorithm of RC4. At least IVs (KeyByte + 3,
56 * 0xff, N) can be used to speedup attacks, so avoid using them. */
57 if ((iv & 0xff00) == 0xff00) {
58 u8 B = (iv >> 16) & 0xff;
59 if (B >= 3 && B < 3 + keylen)
60 return 1;
61 }
62 return 0;
63}
64
65
66void ieee80211_wep_get_iv(struct ieee80211_local *local,
67 struct ieee80211_key *key, u8 *iv)
68{
69 local->wep_iv++;
70 if (ieee80211_wep_weak_iv(local->wep_iv, key->keylen))
71 local->wep_iv += 0x0100;
72
73 if (!iv)
74 return;
75
76 *iv++ = (local->wep_iv >> 16) & 0xff;
77 *iv++ = (local->wep_iv >> 8) & 0xff;
78 *iv++ = local->wep_iv & 0xff;
79 *iv++ = key->keyidx << 6;
80}
81
82
83u8 * ieee80211_wep_add_iv(struct ieee80211_local *local,
84 struct sk_buff *skb,
85 struct ieee80211_key *key)
86{
87 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
88 u16 fc;
89 int hdrlen;
90 u8 *newhdr;
91
92 fc = le16_to_cpu(hdr->frame_control);
93 fc |= IEEE80211_FCTL_PROTECTED;
94 hdr->frame_control = cpu_to_le16(fc);
95
96 if ((skb_headroom(skb) < WEP_IV_LEN ||
97 skb_tailroom(skb) < WEP_ICV_LEN)) {
98 I802_DEBUG_INC(local->tx_expand_skb_head);
99 if (unlikely(pskb_expand_head(skb, WEP_IV_LEN, WEP_ICV_LEN,
100 GFP_ATOMIC)))
101 return NULL;
102 }
103
104 hdrlen = ieee80211_get_hdrlen(fc);
105 newhdr = skb_push(skb, WEP_IV_LEN);
106 memmove(newhdr, newhdr + WEP_IV_LEN, hdrlen);
107 ieee80211_wep_get_iv(local, key, newhdr + hdrlen);
108 return newhdr + hdrlen;
109}
110
111
112void ieee80211_wep_remove_iv(struct ieee80211_local *local,
113 struct sk_buff *skb,
114 struct ieee80211_key *key)
115{
116 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
117 u16 fc;
118 int hdrlen;
119
120 fc = le16_to_cpu(hdr->frame_control);
121 hdrlen = ieee80211_get_hdrlen(fc);
122 memmove(skb->data + WEP_IV_LEN, skb->data, hdrlen);
123 skb_pull(skb, WEP_IV_LEN);
124}
125
126
127/* Perform WEP encryption using given key. data buffer must have tailroom
128 * for 4-byte ICV. data_len must not include this ICV. Note: this function
129 * does _not_ add IV. data = RC4(data | CRC32(data)) */
130void ieee80211_wep_encrypt_data(struct crypto_blkcipher *tfm, u8 *rc4key,
131 size_t klen, u8 *data, size_t data_len)
132{
133 struct blkcipher_desc desc = { .tfm = tfm };
134 struct scatterlist sg;
135 __le32 *icv;
136
137 icv = (__le32 *)(data + data_len);
138 *icv = cpu_to_le32(~crc32_le(~0, data, data_len));
139
140 crypto_blkcipher_setkey(tfm, rc4key, klen);
141 sg.page = virt_to_page(data);
142 sg.offset = offset_in_page(data);
143 sg.length = data_len + WEP_ICV_LEN;
144 crypto_blkcipher_encrypt(&desc, &sg, &sg, sg.length);
145}
146
147
148/* Perform WEP encryption on given skb. 4 bytes of extra space (IV) in the
149 * beginning of the buffer 4 bytes of extra space (ICV) in the end of the
150 * buffer will be added. Both IV and ICV will be transmitted, so the
151 * payload length increases with 8 bytes.
152 *
153 * WEP frame payload: IV + TX key idx, RC4(data), ICV = RC4(CRC32(data))
154 */
155int ieee80211_wep_encrypt(struct ieee80211_local *local, struct sk_buff *skb,
156 struct ieee80211_key *key)
157{
158 u32 klen;
159 u8 *rc4key, *iv;
160 size_t len;
161
162 if (!key || key->alg != ALG_WEP)
163 return -1;
164
165 klen = 3 + key->keylen;
166 rc4key = kmalloc(klen, GFP_ATOMIC);
167 if (!rc4key)
168 return -1;
169
170 iv = ieee80211_wep_add_iv(local, skb, key);
171 if (!iv) {
172 kfree(rc4key);
173 return -1;
174 }
175
176 len = skb->len - (iv + WEP_IV_LEN - skb->data);
177
178 /* Prepend 24-bit IV to RC4 key */
179 memcpy(rc4key, iv, 3);
180
181 /* Copy rest of the WEP key (the secret part) */
182 memcpy(rc4key + 3, key->key, key->keylen);
183
184 /* Add room for ICV */
185 skb_put(skb, WEP_ICV_LEN);
186
187 ieee80211_wep_encrypt_data(local->wep_tx_tfm, rc4key, klen,
188 iv + WEP_IV_LEN, len);
189
190 kfree(rc4key);
191
192 return 0;
193}
194
195
196/* Perform WEP decryption using given key. data buffer includes encrypted
197 * payload, including 4-byte ICV, but _not_ IV. data_len must not include ICV.
198 * Return 0 on success and -1 on ICV mismatch. */
199int ieee80211_wep_decrypt_data(struct crypto_blkcipher *tfm, u8 *rc4key,
200 size_t klen, u8 *data, size_t data_len)
201{
202 struct blkcipher_desc desc = { .tfm = tfm };
203 struct scatterlist sg;
204 __le32 crc;
205
206 crypto_blkcipher_setkey(tfm, rc4key, klen);
207 sg.page = virt_to_page(data);
208 sg.offset = offset_in_page(data);
209 sg.length = data_len + WEP_ICV_LEN;
210 crypto_blkcipher_decrypt(&desc, &sg, &sg, sg.length);
211
212 crc = cpu_to_le32(~crc32_le(~0, data, data_len));
213 if (memcmp(&crc, data + data_len, WEP_ICV_LEN) != 0)
214 /* ICV mismatch */
215 return -1;
216
217 return 0;
218}
219
220
221/* Perform WEP decryption on given skb. Buffer includes whole WEP part of
222 * the frame: IV (4 bytes), encrypted payload (including SNAP header),
223 * ICV (4 bytes). skb->len includes both IV and ICV.
224 *
225 * Returns 0 if frame was decrypted successfully and ICV was correct and -1 on
226 * failure. If frame is OK, IV and ICV will be removed, i.e., decrypted payload
227 * is moved to the beginning of the skb and skb length will be reduced.
228 */
229int ieee80211_wep_decrypt(struct ieee80211_local *local, struct sk_buff *skb,
230 struct ieee80211_key *key)
231{
232 u32 klen;
233 u8 *rc4key;
234 u8 keyidx;
235 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
236 u16 fc;
237 int hdrlen;
238 size_t len;
239 int ret = 0;
240
241 fc = le16_to_cpu(hdr->frame_control);
242 if (!(fc & IEEE80211_FCTL_PROTECTED))
243 return -1;
244
245 hdrlen = ieee80211_get_hdrlen(fc);
246
247 if (skb->len < 8 + hdrlen)
248 return -1;
249
250 len = skb->len - hdrlen - 8;
251
252 keyidx = skb->data[hdrlen + 3] >> 6;
253
254 if (!key || keyidx != key->keyidx || key->alg != ALG_WEP)
255 return -1;
256
257 klen = 3 + key->keylen;
258
259 rc4key = kmalloc(klen, GFP_ATOMIC);
260 if (!rc4key)
261 return -1;
262
263 /* Prepend 24-bit IV to RC4 key */
264 memcpy(rc4key, skb->data + hdrlen, 3);
265
266 /* Copy rest of the WEP key (the secret part) */
267 memcpy(rc4key + 3, key->key, key->keylen);
268
269 if (ieee80211_wep_decrypt_data(local->wep_rx_tfm, rc4key, klen,
270 skb->data + hdrlen + WEP_IV_LEN,
271 len)) {
272 printk(KERN_DEBUG "WEP decrypt failed (ICV)\n");
273 ret = -1;
274 }
275
276 kfree(rc4key);
277
278 /* Trim ICV */
279 skb_trim(skb, skb->len - WEP_ICV_LEN);
280
281 /* Remove IV */
282 memmove(skb->data + WEP_IV_LEN, skb->data, hdrlen);
283 skb_pull(skb, WEP_IV_LEN);
284
285 return ret;
286}
287
288
289int ieee80211_wep_get_keyidx(struct sk_buff *skb)
290{
291 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
292 u16 fc;
293 int hdrlen;
294
295 fc = le16_to_cpu(hdr->frame_control);
296 if (!(fc & IEEE80211_FCTL_PROTECTED))
297 return -1;
298
299 hdrlen = ieee80211_get_hdrlen(fc);
300
301 if (skb->len < 8 + hdrlen)
302 return -1;
303
304 return skb->data[hdrlen + 3] >> 6;
305}
306
307
308u8 * ieee80211_wep_is_weak_iv(struct sk_buff *skb, struct ieee80211_key *key)
309{
310 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
311 u16 fc;
312 int hdrlen;
313 u8 *ivpos;
314 u32 iv;
315
316 fc = le16_to_cpu(hdr->frame_control);
317 if (!(fc & IEEE80211_FCTL_PROTECTED))
318 return NULL;
319
320 hdrlen = ieee80211_get_hdrlen(fc);
321 ivpos = skb->data + hdrlen;
322 iv = (ivpos[0] << 16) | (ivpos[1] << 8) | ivpos[2];
323
324 if (ieee80211_wep_weak_iv(iv, key->keylen))
325 return ivpos;
326
327 return NULL;
328}
diff --git a/net/mac80211/wep.h b/net/mac80211/wep.h
new file mode 100644
index 000000000000..bfe29e8e10aa
--- /dev/null
+++ b/net/mac80211/wep.h
@@ -0,0 +1,40 @@
1/*
2 * Software WEP encryption implementation
3 * Copyright 2002, Jouni Malinen <jkmaline@cc.hut.fi>
4 * Copyright 2003, Instant802 Networks, Inc.
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation.
9 */
10
11#ifndef WEP_H
12#define WEP_H
13
14#include <linux/skbuff.h>
15#include <linux/types.h>
16#include "ieee80211_i.h"
17#include "ieee80211_key.h"
18
19int ieee80211_wep_init(struct ieee80211_local *local);
20void ieee80211_wep_free(struct ieee80211_local *local);
21void ieee80211_wep_get_iv(struct ieee80211_local *local,
22 struct ieee80211_key *key, u8 *iv);
23u8 * ieee80211_wep_add_iv(struct ieee80211_local *local,
24 struct sk_buff *skb,
25 struct ieee80211_key *key);
26void ieee80211_wep_remove_iv(struct ieee80211_local *local,
27 struct sk_buff *skb,
28 struct ieee80211_key *key);
29void ieee80211_wep_encrypt_data(struct crypto_blkcipher *tfm, u8 *rc4key,
30 size_t klen, u8 *data, size_t data_len);
31int ieee80211_wep_decrypt_data(struct crypto_blkcipher *tfm, u8 *rc4key,
32 size_t klen, u8 *data, size_t data_len);
33int ieee80211_wep_encrypt(struct ieee80211_local *local, struct sk_buff *skb,
34 struct ieee80211_key *key);
35int ieee80211_wep_decrypt(struct ieee80211_local *local, struct sk_buff *skb,
36 struct ieee80211_key *key);
37int ieee80211_wep_get_keyidx(struct sk_buff *skb);
38u8 * ieee80211_wep_is_weak_iv(struct sk_buff *skb, struct ieee80211_key *key);
39
40#endif /* WEP_H */
diff --git a/net/mac80211/wme.c b/net/mac80211/wme.c
new file mode 100644
index 000000000000..89ce81529694
--- /dev/null
+++ b/net/mac80211/wme.c
@@ -0,0 +1,678 @@
1/*
2 * Copyright 2004, Instant802 Networks, Inc.
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License version 2 as
6 * published by the Free Software Foundation.
7 */
8
9#include <linux/netdevice.h>
10#include <linux/skbuff.h>
11#include <linux/module.h>
12#include <linux/if_arp.h>
13#include <linux/types.h>
14#include <net/ip.h>
15#include <net/pkt_sched.h>
16
17#include <net/mac80211.h>
18#include "ieee80211_i.h"
19#include "wme.h"
20
21static inline int WLAN_FC_IS_QOS_DATA(u16 fc)
22{
23 return (fc & 0x8C) == 0x88;
24}
25
26
27ieee80211_txrx_result
28ieee80211_rx_h_parse_qos(struct ieee80211_txrx_data *rx)
29{
30 u8 *data = rx->skb->data;
31 int tid;
32
33 /* does the frame have a qos control field? */
34 if (WLAN_FC_IS_QOS_DATA(rx->fc)) {
35 u8 *qc = data + ieee80211_get_hdrlen(rx->fc) - QOS_CONTROL_LEN;
36 /* frame has qos control */
37 tid = qc[0] & QOS_CONTROL_TID_MASK;
38 } else {
39 if (unlikely((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_MGMT)) {
40 /* Separate TID for management frames */
41 tid = NUM_RX_DATA_QUEUES - 1;
42 } else {
43 /* no qos control present */
44 tid = 0; /* 802.1d - Best Effort */
45 }
46 }
47#ifdef CONFIG_MAC80211_DEBUG_COUNTERS
48 I802_DEBUG_INC(rx->local->wme_rx_queue[tid]);
49 if (rx->sta) {
50 I802_DEBUG_INC(rx->sta->wme_rx_queue[tid]);
51 }
52#endif /* CONFIG_MAC80211_DEBUG_COUNTERS */
53
54 rx->u.rx.queue = tid;
55 /* Set skb->priority to 1d tag if highest order bit of TID is not set.
56 * For now, set skb->priority to 0 for other cases. */
57 rx->skb->priority = (tid > 7) ? 0 : tid;
58
59 return TXRX_CONTINUE;
60}
61
62
63ieee80211_txrx_result
64ieee80211_rx_h_remove_qos_control(struct ieee80211_txrx_data *rx)
65{
66 u16 fc = rx->fc;
67 u8 *data = rx->skb->data;
68 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) data;
69
70 if (!WLAN_FC_IS_QOS_DATA(fc))
71 return TXRX_CONTINUE;
72
73 /* remove the qos control field, update frame type and meta-data */
74 memmove(data + 2, data, ieee80211_get_hdrlen(fc) - 2);
75 hdr = (struct ieee80211_hdr *) skb_pull(rx->skb, 2);
76 /* change frame type to non QOS */
77 rx->fc = fc &= ~IEEE80211_STYPE_QOS_DATA;
78 hdr->frame_control = cpu_to_le16(fc);
79
80 return TXRX_CONTINUE;
81}
82
83
84#ifdef CONFIG_NET_SCHED
85/* maximum number of hardware queues we support. */
86#define TC_80211_MAX_QUEUES 8
87
88struct ieee80211_sched_data
89{
90 struct tcf_proto *filter_list;
91 struct Qdisc *queues[TC_80211_MAX_QUEUES];
92 struct sk_buff_head requeued[TC_80211_MAX_QUEUES];
93};
94
95
96/* given a data frame determine the 802.1p/1d tag to use */
97static inline unsigned classify_1d(struct sk_buff *skb, struct Qdisc *qd)
98{
99 struct iphdr *ip;
100 int dscp;
101 int offset;
102
103 struct ieee80211_sched_data *q = qdisc_priv(qd);
104 struct tcf_result res = { -1, 0 };
105
106 /* if there is a user set filter list, call out to that */
107 if (q->filter_list) {
108 tc_classify(skb, q->filter_list, &res);
109 if (res.class != -1)
110 return res.class;
111 }
112
113 /* skb->priority values from 256->263 are magic values to
114 * directly indicate a specific 802.1d priority.
115 * This is used to allow 802.1d priority to be passed directly in
116 * from VLAN tags, etc. */
117 if (skb->priority >= 256 && skb->priority <= 263)
118 return skb->priority - 256;
119
120 /* check there is a valid IP header present */
121 offset = ieee80211_get_hdrlen_from_skb(skb) + 8 /* LLC + proto */;
122 if (skb->protocol != __constant_htons(ETH_P_IP) ||
123 skb->len < offset + sizeof(*ip))
124 return 0;
125
126 ip = (struct iphdr *) (skb->data + offset);
127
128 dscp = ip->tos & 0xfc;
129 if (dscp & 0x1c)
130 return 0;
131 return dscp >> 5;
132}
133
134
135static inline int wme_downgrade_ac(struct sk_buff *skb)
136{
137 switch (skb->priority) {
138 case 6:
139 case 7:
140 skb->priority = 5; /* VO -> VI */
141 return 0;
142 case 4:
143 case 5:
144 skb->priority = 3; /* VI -> BE */
145 return 0;
146 case 0:
147 case 3:
148 skb->priority = 2; /* BE -> BK */
149 return 0;
150 default:
151 return -1;
152 }
153}
154
155
156/* positive return value indicates which queue to use
157 * negative return value indicates to drop the frame */
158static inline int classify80211(struct sk_buff *skb, struct Qdisc *qd)
159{
160 struct ieee80211_local *local = wdev_priv(qd->dev->ieee80211_ptr);
161 struct ieee80211_tx_packet_data *pkt_data =
162 (struct ieee80211_tx_packet_data *) skb->cb;
163 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
164 unsigned short fc = le16_to_cpu(hdr->frame_control);
165 int qos;
166 const int ieee802_1d_to_ac[8] = { 2, 3, 3, 2, 1, 1, 0, 0 };
167
168 /* see if frame is data or non data frame */
169 if (unlikely((fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA)) {
170 /* management frames go on AC_VO queue, but are sent
171 * without QoS control fields */
172 return IEEE80211_TX_QUEUE_DATA0;
173 }
174
175 if (unlikely(pkt_data->mgmt_iface)) {
176 /* Data frames from hostapd (mainly, EAPOL) use AC_VO
177 * and they will include QoS control fields if
178 * the target STA is using WME. */
179 skb->priority = 7;
180 return ieee802_1d_to_ac[skb->priority];
181 }
182
183 /* is this a QoS frame? */
184 qos = fc & IEEE80211_STYPE_QOS_DATA;
185
186 if (!qos) {
187 skb->priority = 0; /* required for correct WPA/11i MIC */
188 return ieee802_1d_to_ac[skb->priority];
189 }
190
191 /* use the data classifier to determine what 802.1d tag the
192 * data frame has */
193 skb->priority = classify_1d(skb, qd);
194
195 /* incase we are a client verify acm is not set for this ac */
196 while (unlikely(local->wmm_acm & BIT(skb->priority))) {
197 if (wme_downgrade_ac(skb)) {
198 /* No AC with lower priority has acm=0,
199 * drop packet. */
200 return -1;
201 }
202 }
203
204 /* look up which queue to use for frames with this 1d tag */
205 return ieee802_1d_to_ac[skb->priority];
206}
207
208
209static int wme_qdiscop_enqueue(struct sk_buff *skb, struct Qdisc* qd)
210{
211 struct ieee80211_local *local = wdev_priv(qd->dev->ieee80211_ptr);
212 struct ieee80211_sched_data *q = qdisc_priv(qd);
213 struct ieee80211_tx_packet_data *pkt_data =
214 (struct ieee80211_tx_packet_data *) skb->cb;
215 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
216 unsigned short fc = le16_to_cpu(hdr->frame_control);
217 struct Qdisc *qdisc;
218 int err, queue;
219
220 if (pkt_data->requeue) {
221 skb_queue_tail(&q->requeued[pkt_data->queue], skb);
222 qd->q.qlen++;
223 return 0;
224 }
225
226 queue = classify80211(skb, qd);
227
228 /* now we know the 1d priority, fill in the QoS header if there is one
229 */
230 if (WLAN_FC_IS_QOS_DATA(fc)) {
231 u8 *p = skb->data + ieee80211_get_hdrlen(fc) - 2;
232 u8 qos_hdr = skb->priority & QOS_CONTROL_TAG1D_MASK;
233 if (local->wifi_wme_noack_test)
234 qos_hdr |= QOS_CONTROL_ACK_POLICY_NOACK <<
235 QOS_CONTROL_ACK_POLICY_SHIFT;
236 /* qos header is 2 bytes, second reserved */
237 *p = qos_hdr;
238 p++;
239 *p = 0;
240 }
241
242 if (unlikely(queue >= local->hw.queues)) {
243#if 0
244 if (net_ratelimit()) {
245 printk(KERN_DEBUG "%s - queue=%d (hw does not "
246 "support) -> %d\n",
247 __func__, queue, local->hw.queues - 1);
248 }
249#endif
250 queue = local->hw.queues - 1;
251 }
252
253 if (unlikely(queue < 0)) {
254 kfree_skb(skb);
255 err = NET_XMIT_DROP;
256 } else {
257 pkt_data->queue = (unsigned int) queue;
258 qdisc = q->queues[queue];
259 err = qdisc->enqueue(skb, qdisc);
260 if (err == NET_XMIT_SUCCESS) {
261 qd->q.qlen++;
262 qd->bstats.bytes += skb->len;
263 qd->bstats.packets++;
264 return NET_XMIT_SUCCESS;
265 }
266 }
267 qd->qstats.drops++;
268 return err;
269}
270
271
272/* TODO: clean up the cases where master_hard_start_xmit
273 * returns non 0 - it shouldn't ever do that. Once done we
274 * can remove this function */
275static int wme_qdiscop_requeue(struct sk_buff *skb, struct Qdisc* qd)
276{
277 struct ieee80211_sched_data *q = qdisc_priv(qd);
278 struct ieee80211_tx_packet_data *pkt_data =
279 (struct ieee80211_tx_packet_data *) skb->cb;
280 struct Qdisc *qdisc;
281 int err;
282
283 /* we recorded which queue to use earlier! */
284 qdisc = q->queues[pkt_data->queue];
285
286 if ((err = qdisc->ops->requeue(skb, qdisc)) == 0) {
287 qd->q.qlen++;
288 return 0;
289 }
290 qd->qstats.drops++;
291 return err;
292}
293
294
295static struct sk_buff *wme_qdiscop_dequeue(struct Qdisc* qd)
296{
297 struct ieee80211_sched_data *q = qdisc_priv(qd);
298 struct net_device *dev = qd->dev;
299 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
300 struct ieee80211_hw *hw = &local->hw;
301 struct sk_buff *skb;
302 struct Qdisc *qdisc;
303 int queue;
304
305 /* check all the h/w queues in numeric/priority order */
306 for (queue = 0; queue < hw->queues; queue++) {
307 /* see if there is room in this hardware queue */
308 if (test_bit(IEEE80211_LINK_STATE_XOFF,
309 &local->state[queue]) ||
310 test_bit(IEEE80211_LINK_STATE_PENDING,
311 &local->state[queue]))
312 continue;
313
314 /* there is space - try and get a frame */
315 skb = skb_dequeue(&q->requeued[queue]);
316 if (skb) {
317 qd->q.qlen--;
318 return skb;
319 }
320
321 qdisc = q->queues[queue];
322 skb = qdisc->dequeue(qdisc);
323 if (skb) {
324 qd->q.qlen--;
325 return skb;
326 }
327 }
328 /* returning a NULL here when all the h/w queues are full means we
329 * never need to call netif_stop_queue in the driver */
330 return NULL;
331}
332
333
334static void wme_qdiscop_reset(struct Qdisc* qd)
335{
336 struct ieee80211_sched_data *q = qdisc_priv(qd);
337 struct ieee80211_local *local = wdev_priv(qd->dev->ieee80211_ptr);
338 struct ieee80211_hw *hw = &local->hw;
339 int queue;
340
341 /* QUESTION: should we have some hardware flush functionality here? */
342
343 for (queue = 0; queue < hw->queues; queue++) {
344 skb_queue_purge(&q->requeued[queue]);
345 qdisc_reset(q->queues[queue]);
346 }
347 qd->q.qlen = 0;
348}
349
350
351static void wme_qdiscop_destroy(struct Qdisc* qd)
352{
353 struct ieee80211_sched_data *q = qdisc_priv(qd);
354 struct ieee80211_local *local = wdev_priv(qd->dev->ieee80211_ptr);
355 struct ieee80211_hw *hw = &local->hw;
356 int queue;
357
358 tcf_destroy_chain(q->filter_list);
359 q->filter_list = NULL;
360
361 for (queue=0; queue < hw->queues; queue++) {
362 skb_queue_purge(&q->requeued[queue]);
363 qdisc_destroy(q->queues[queue]);
364 q->queues[queue] = &noop_qdisc;
365 }
366}
367
368
369/* called whenever parameters are updated on existing qdisc */
370static int wme_qdiscop_tune(struct Qdisc *qd, struct rtattr *opt)
371{
372/* struct ieee80211_sched_data *q = qdisc_priv(qd);
373*/
374 /* check our options block is the right size */
375 /* copy any options to our local structure */
376/* Ignore options block for now - always use static mapping
377 struct tc_ieee80211_qopt *qopt = RTA_DATA(opt);
378
379 if (opt->rta_len < RTA_LENGTH(sizeof(*qopt)))
380 return -EINVAL;
381 memcpy(q->tag2queue, qopt->tag2queue, sizeof(qopt->tag2queue));
382*/
383 return 0;
384}
385
386
387/* called during initial creation of qdisc on device */
388static int wme_qdiscop_init(struct Qdisc *qd, struct rtattr *opt)
389{
390 struct ieee80211_sched_data *q = qdisc_priv(qd);
391 struct net_device *dev = qd->dev;
392 struct ieee80211_local *local;
393 int queues;
394 int err = 0, i;
395
396 /* check that device is a mac80211 device */
397 if (!dev->ieee80211_ptr ||
398 dev->ieee80211_ptr->wiphy->privid != mac80211_wiphy_privid)
399 return -EINVAL;
400
401 /* check this device is an ieee80211 master type device */
402 if (dev->type != ARPHRD_IEEE80211)
403 return -EINVAL;
404
405 /* check that there is no qdisc currently attached to device
406 * this ensures that we will be the root qdisc. (I can't find a better
407 * way to test this explicitly) */
408 if (dev->qdisc_sleeping != &noop_qdisc)
409 return -EINVAL;
410
411 if (qd->flags & TCQ_F_INGRESS)
412 return -EINVAL;
413
414 local = wdev_priv(dev->ieee80211_ptr);
415 queues = local->hw.queues;
416
417 /* if options were passed in, set them */
418 if (opt) {
419 err = wme_qdiscop_tune(qd, opt);
420 }
421
422 /* create child queues */
423 for (i = 0; i < queues; i++) {
424 skb_queue_head_init(&q->requeued[i]);
425 q->queues[i] = qdisc_create_dflt(qd->dev, &pfifo_qdisc_ops,
426 qd->handle);
427 if (q->queues[i] == 0) {
428 q->queues[i] = &noop_qdisc;
429 printk(KERN_ERR "%s child qdisc %i creation failed", dev->name, i);
430 }
431 }
432
433 return err;
434}
435
436static int wme_qdiscop_dump(struct Qdisc *qd, struct sk_buff *skb)
437{
438/* struct ieee80211_sched_data *q = qdisc_priv(qd);
439 unsigned char *p = skb->tail;
440 struct tc_ieee80211_qopt opt;
441
442 memcpy(&opt.tag2queue, q->tag2queue, TC_80211_MAX_TAG + 1);
443 RTA_PUT(skb, TCA_OPTIONS, sizeof(opt), &opt);
444*/ return skb->len;
445/*
446rtattr_failure:
447 skb_trim(skb, p - skb->data);*/
448 return -1;
449}
450
451
452static int wme_classop_graft(struct Qdisc *qd, unsigned long arg,
453 struct Qdisc *new, struct Qdisc **old)
454{
455 struct ieee80211_sched_data *q = qdisc_priv(qd);
456 struct ieee80211_local *local = wdev_priv(qd->dev->ieee80211_ptr);
457 struct ieee80211_hw *hw = &local->hw;
458 unsigned long queue = arg - 1;
459
460 if (queue >= hw->queues)
461 return -EINVAL;
462
463 if (!new)
464 new = &noop_qdisc;
465
466 sch_tree_lock(qd);
467 *old = q->queues[queue];
468 q->queues[queue] = new;
469 qdisc_reset(*old);
470 sch_tree_unlock(qd);
471
472 return 0;
473}
474
475
476static struct Qdisc *
477wme_classop_leaf(struct Qdisc *qd, unsigned long arg)
478{
479 struct ieee80211_sched_data *q = qdisc_priv(qd);
480 struct ieee80211_local *local = wdev_priv(qd->dev->ieee80211_ptr);
481 struct ieee80211_hw *hw = &local->hw;
482 unsigned long queue = arg - 1;
483
484 if (queue >= hw->queues)
485 return NULL;
486
487 return q->queues[queue];
488}
489
490
491static unsigned long wme_classop_get(struct Qdisc *qd, u32 classid)
492{
493 struct ieee80211_local *local = wdev_priv(qd->dev->ieee80211_ptr);
494 struct ieee80211_hw *hw = &local->hw;
495 unsigned long queue = TC_H_MIN(classid);
496
497 if (queue - 1 >= hw->queues)
498 return 0;
499
500 return queue;
501}
502
503
504static unsigned long wme_classop_bind(struct Qdisc *qd, unsigned long parent,
505 u32 classid)
506{
507 return wme_classop_get(qd, classid);
508}
509
510
511static void wme_classop_put(struct Qdisc *q, unsigned long cl)
512{
513}
514
515
516static int wme_classop_change(struct Qdisc *qd, u32 handle, u32 parent,
517 struct rtattr **tca, unsigned long *arg)
518{
519 unsigned long cl = *arg;
520 struct ieee80211_local *local = wdev_priv(qd->dev->ieee80211_ptr);
521 struct ieee80211_hw *hw = &local->hw;
522
523 if (cl - 1 > hw->queues)
524 return -ENOENT;
525
526 /* TODO: put code to program hardware queue parameters here,
527 * to allow programming from tc command line */
528
529 return 0;
530}
531
532
533/* we don't support deleting hardware queues
534 * when we add WMM-SA support - TSPECs may be deleted here */
535static int wme_classop_delete(struct Qdisc *qd, unsigned long cl)
536{
537 struct ieee80211_local *local = wdev_priv(qd->dev->ieee80211_ptr);
538 struct ieee80211_hw *hw = &local->hw;
539
540 if (cl - 1 > hw->queues)
541 return -ENOENT;
542 return 0;
543}
544
545
546static int wme_classop_dump_class(struct Qdisc *qd, unsigned long cl,
547 struct sk_buff *skb, struct tcmsg *tcm)
548{
549 struct ieee80211_sched_data *q = qdisc_priv(qd);
550 struct ieee80211_local *local = wdev_priv(qd->dev->ieee80211_ptr);
551 struct ieee80211_hw *hw = &local->hw;
552
553 if (cl - 1 > hw->queues)
554 return -ENOENT;
555 tcm->tcm_handle = TC_H_MIN(cl);
556 tcm->tcm_parent = qd->handle;
557 tcm->tcm_info = q->queues[cl-1]->handle; /* do we need this? */
558 return 0;
559}
560
561
562static void wme_classop_walk(struct Qdisc *qd, struct qdisc_walker *arg)
563{
564 struct ieee80211_local *local = wdev_priv(qd->dev->ieee80211_ptr);
565 struct ieee80211_hw *hw = &local->hw;
566 int queue;
567
568 if (arg->stop)
569 return;
570
571 for (queue = 0; queue < hw->queues; queue++) {
572 if (arg->count < arg->skip) {
573 arg->count++;
574 continue;
575 }
576 /* we should return classids for our internal queues here
577 * as well as the external ones */
578 if (arg->fn(qd, queue+1, arg) < 0) {
579 arg->stop = 1;
580 break;
581 }
582 arg->count++;
583 }
584}
585
586
587static struct tcf_proto ** wme_classop_find_tcf(struct Qdisc *qd,
588 unsigned long cl)
589{
590 struct ieee80211_sched_data *q = qdisc_priv(qd);
591
592 if (cl)
593 return NULL;
594
595 return &q->filter_list;
596}
597
598
599/* this qdisc is classful (i.e. has classes, some of which may have leaf qdiscs attached)
600 * - these are the operations on the classes */
601static struct Qdisc_class_ops class_ops =
602{
603 .graft = wme_classop_graft,
604 .leaf = wme_classop_leaf,
605
606 .get = wme_classop_get,
607 .put = wme_classop_put,
608 .change = wme_classop_change,
609 .delete = wme_classop_delete,
610 .walk = wme_classop_walk,
611
612 .tcf_chain = wme_classop_find_tcf,
613 .bind_tcf = wme_classop_bind,
614 .unbind_tcf = wme_classop_put,
615
616 .dump = wme_classop_dump_class,
617};
618
619
620/* queueing discipline operations */
621static struct Qdisc_ops wme_qdisc_ops =
622{
623 .next = NULL,
624 .cl_ops = &class_ops,
625 .id = "ieee80211",
626 .priv_size = sizeof(struct ieee80211_sched_data),
627
628 .enqueue = wme_qdiscop_enqueue,
629 .dequeue = wme_qdiscop_dequeue,
630 .requeue = wme_qdiscop_requeue,
631 .drop = NULL, /* drop not needed since we are always the root qdisc */
632
633 .init = wme_qdiscop_init,
634 .reset = wme_qdiscop_reset,
635 .destroy = wme_qdiscop_destroy,
636 .change = wme_qdiscop_tune,
637
638 .dump = wme_qdiscop_dump,
639};
640
641
642void ieee80211_install_qdisc(struct net_device *dev)
643{
644 struct Qdisc *qdisc;
645
646 qdisc = qdisc_create_dflt(dev, &wme_qdisc_ops, TC_H_ROOT);
647 if (!qdisc) {
648 printk(KERN_ERR "%s: qdisc installation failed\n", dev->name);
649 return;
650 }
651
652 /* same handle as would be allocated by qdisc_alloc_handle() */
653 qdisc->handle = 0x80010000;
654
655 qdisc_lock_tree(dev);
656 list_add_tail(&qdisc->list, &dev->qdisc_list);
657 dev->qdisc_sleeping = qdisc;
658 qdisc_unlock_tree(dev);
659}
660
661
662int ieee80211_qdisc_installed(struct net_device *dev)
663{
664 return dev->qdisc_sleeping->ops == &wme_qdisc_ops;
665}
666
667
668int ieee80211_wme_register(void)
669{
670 return register_qdisc(&wme_qdisc_ops);
671}
672
673
674void ieee80211_wme_unregister(void)
675{
676 unregister_qdisc(&wme_qdisc_ops);
677}
678#endif /* CONFIG_NET_SCHED */
diff --git a/net/mac80211/wme.h b/net/mac80211/wme.h
new file mode 100644
index 000000000000..f0bff10f0e08
--- /dev/null
+++ b/net/mac80211/wme.h
@@ -0,0 +1,57 @@
1/*
2 * IEEE 802.11 driver (80211.o) - QoS datatypes
3 * Copyright 2004, Instant802 Networks, Inc.
4 * Copyright 2005, Devicescape Software, Inc.
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation.
9 */
10
11#ifndef _WME_H
12#define _WME_H
13
14#include <linux/netdevice.h>
15#include "ieee80211_i.h"
16
17#define QOS_CONTROL_LEN 2
18
19#define QOS_CONTROL_ACK_POLICY_NORMAL 0
20#define QOS_CONTROL_ACK_POLICY_NOACK 1
21
22#define QOS_CONTROL_TID_MASK 0x0f
23#define QOS_CONTROL_ACK_POLICY_SHIFT 5
24
25#define QOS_CONTROL_TAG1D_MASK 0x07
26
27ieee80211_txrx_result
28ieee80211_rx_h_parse_qos(struct ieee80211_txrx_data *rx);
29
30ieee80211_txrx_result
31ieee80211_rx_h_remove_qos_control(struct ieee80211_txrx_data *rx);
32
33#ifdef CONFIG_NET_SCHED
34void ieee80211_install_qdisc(struct net_device *dev);
35int ieee80211_qdisc_installed(struct net_device *dev);
36
37int ieee80211_wme_register(void);
38void ieee80211_wme_unregister(void);
39#else
40static inline void ieee80211_install_qdisc(struct net_device *dev)
41{
42}
43static inline int ieee80211_qdisc_installed(struct net_device *dev)
44{
45 return 0;
46}
47
48static inline int ieee80211_wme_register(void)
49{
50 return 0;
51}
52static inline void ieee80211_wme_unregister(void)
53{
54}
55#endif /* CONFIG_NET_SCHED */
56
57#endif /* _WME_H */
diff --git a/net/mac80211/wpa.c b/net/mac80211/wpa.c
new file mode 100644
index 000000000000..783af32c6911
--- /dev/null
+++ b/net/mac80211/wpa.c
@@ -0,0 +1,660 @@
1/*
2 * Copyright 2002-2004, Instant802 Networks, Inc.
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License version 2 as
6 * published by the Free Software Foundation.
7 */
8
9#include <linux/netdevice.h>
10#include <linux/types.h>
11#include <linux/slab.h>
12#include <linux/skbuff.h>
13#include <linux/compiler.h>
14#include <net/iw_handler.h>
15
16#include <net/mac80211.h>
17#include "ieee80211_common.h"
18#include "ieee80211_i.h"
19#include "michael.h"
20#include "tkip.h"
21#include "aes_ccm.h"
22#include "wpa.h"
23
24static int ieee80211_get_hdr_info(const struct sk_buff *skb, u8 **sa, u8 **da,
25 u8 *qos_tid, u8 **data, size_t *data_len)
26{
27 struct ieee80211_hdr *hdr;
28 size_t hdrlen;
29 u16 fc;
30 int a4_included;
31 u8 *pos;
32
33 hdr = (struct ieee80211_hdr *) skb->data;
34 fc = le16_to_cpu(hdr->frame_control);
35
36 hdrlen = 24;
37 if ((fc & (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) ==
38 (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
39 hdrlen += ETH_ALEN;
40 *sa = hdr->addr4;
41 *da = hdr->addr3;
42 } else if (fc & IEEE80211_FCTL_FROMDS) {
43 *sa = hdr->addr3;
44 *da = hdr->addr1;
45 } else if (fc & IEEE80211_FCTL_TODS) {
46 *sa = hdr->addr2;
47 *da = hdr->addr3;
48 } else {
49 *sa = hdr->addr2;
50 *da = hdr->addr1;
51 }
52
53 if (fc & 0x80)
54 hdrlen += 2;
55
56 *data = skb->data + hdrlen;
57 *data_len = skb->len - hdrlen;
58
59 a4_included = (fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) ==
60 (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS);
61 if ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
62 fc & IEEE80211_STYPE_QOS_DATA) {
63 pos = (u8 *) &hdr->addr4;
64 if (a4_included)
65 pos += 6;
66 *qos_tid = pos[0] & 0x0f;
67 *qos_tid |= 0x80; /* qos_included flag */
68 } else
69 *qos_tid = 0;
70
71 return skb->len < hdrlen ? -1 : 0;
72}
73
74
75ieee80211_txrx_result
76ieee80211_tx_h_michael_mic_add(struct ieee80211_txrx_data *tx)
77{
78 u8 *data, *sa, *da, *key, *mic, qos_tid;
79 size_t data_len;
80 u16 fc;
81 struct sk_buff *skb = tx->skb;
82 int authenticator;
83 int wpa_test = 0;
84
85 fc = tx->fc;
86
87 if (!tx->key || tx->key->alg != ALG_TKIP || skb->len < 24 ||
88 !WLAN_FC_DATA_PRESENT(fc))
89 return TXRX_CONTINUE;
90
91 if (ieee80211_get_hdr_info(skb, &sa, &da, &qos_tid, &data, &data_len))
92 return TXRX_DROP;
93
94 if (!tx->key->force_sw_encrypt &&
95 !tx->fragmented &&
96 !(tx->local->hw.flags & IEEE80211_HW_TKIP_INCLUDE_MMIC) &&
97 !wpa_test) {
98 /* hwaccel - with no need for preallocated room for Michael MIC
99 */
100 return TXRX_CONTINUE;
101 }
102
103 if (skb_tailroom(skb) < MICHAEL_MIC_LEN) {
104 I802_DEBUG_INC(tx->local->tx_expand_skb_head);
105 if (unlikely(pskb_expand_head(skb, TKIP_IV_LEN,
106 MICHAEL_MIC_LEN + TKIP_ICV_LEN,
107 GFP_ATOMIC))) {
108 printk(KERN_DEBUG "%s: failed to allocate more memory "
109 "for Michael MIC\n", tx->dev->name);
110 return TXRX_DROP;
111 }
112 }
113
114#if 0
115 authenticator = fc & IEEE80211_FCTL_FROMDS; /* FIX */
116#else
117 authenticator = 1;
118#endif
119 key = &tx->key->key[authenticator ? ALG_TKIP_TEMP_AUTH_TX_MIC_KEY :
120 ALG_TKIP_TEMP_AUTH_RX_MIC_KEY];
121 mic = skb_put(skb, MICHAEL_MIC_LEN);
122 michael_mic(key, da, sa, qos_tid & 0x0f, data, data_len, mic);
123
124 return TXRX_CONTINUE;
125}
126
127
128ieee80211_txrx_result
129ieee80211_rx_h_michael_mic_verify(struct ieee80211_txrx_data *rx)
130{
131 u8 *data, *sa, *da, *key = NULL, qos_tid;
132 size_t data_len;
133 u16 fc;
134 u8 mic[MICHAEL_MIC_LEN];
135 struct sk_buff *skb = rx->skb;
136 int authenticator = 1, wpa_test = 0;
137
138 fc = rx->fc;
139
140 /* If device handles decryption totally, skip this check */
141 if ((rx->local->hw.flags & IEEE80211_HW_DEVICE_HIDES_WEP) ||
142 (rx->local->hw.flags & IEEE80211_HW_DEVICE_STRIPS_MIC))
143 return TXRX_CONTINUE;
144
145 if (!rx->key || rx->key->alg != ALG_TKIP ||
146 !(rx->fc & IEEE80211_FCTL_PROTECTED) || !WLAN_FC_DATA_PRESENT(fc))
147 return TXRX_CONTINUE;
148
149 if ((rx->u.rx.status->flag & RX_FLAG_DECRYPTED) &&
150 !rx->key->force_sw_encrypt) {
151 if (rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) {
152 if (skb->len < MICHAEL_MIC_LEN)
153 return TXRX_DROP;
154 }
155 /* Need to verify Michael MIC sometimes in software even when
156 * hwaccel is used. Atheros ar5212: fragmented frames and QoS
157 * frames. */
158 if (!rx->fragmented && !wpa_test)
159 goto remove_mic;
160 }
161
162 if (ieee80211_get_hdr_info(skb, &sa, &da, &qos_tid, &data, &data_len)
163 || data_len < MICHAEL_MIC_LEN)
164 return TXRX_DROP;
165
166 data_len -= MICHAEL_MIC_LEN;
167
168#if 0
169 authenticator = fc & IEEE80211_FCTL_TODS; /* FIX */
170#else
171 authenticator = 1;
172#endif
173 key = &rx->key->key[authenticator ? ALG_TKIP_TEMP_AUTH_RX_MIC_KEY :
174 ALG_TKIP_TEMP_AUTH_TX_MIC_KEY];
175 michael_mic(key, da, sa, qos_tid & 0x0f, data, data_len, mic);
176 if (memcmp(mic, data + data_len, MICHAEL_MIC_LEN) != 0 || wpa_test) {
177 if (!rx->u.rx.ra_match)
178 return TXRX_DROP;
179
180 printk(KERN_DEBUG "%s: invalid Michael MIC in data frame from "
181 MAC_FMT "\n", rx->dev->name, MAC_ARG(sa));
182
183 do {
184 struct ieee80211_hdr *hdr;
185 union iwreq_data wrqu;
186 char *buf = kmalloc(128, GFP_ATOMIC);
187 if (!buf)
188 break;
189
190 /* TODO: needed parameters: count, key type, TSC */
191 hdr = (struct ieee80211_hdr *) skb->data;
192 sprintf(buf, "MLME-MICHAELMICFAILURE.indication("
193 "keyid=%d %scast addr=" MAC_FMT ")",
194 rx->key->keyidx,
195 hdr->addr1[0] & 0x01 ? "broad" : "uni",
196 MAC_ARG(hdr->addr2));
197 memset(&wrqu, 0, sizeof(wrqu));
198 wrqu.data.length = strlen(buf);
199 wireless_send_event(rx->dev, IWEVCUSTOM, &wrqu, buf);
200 kfree(buf);
201 } while (0);
202
203 if (!rx->local->apdev)
204 return TXRX_DROP;
205
206 ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status,
207 ieee80211_msg_michael_mic_failure);
208
209 return TXRX_QUEUED;
210 }
211
212 remove_mic:
213 /* remove Michael MIC from payload */
214 skb_trim(skb, skb->len - MICHAEL_MIC_LEN);
215
216 return TXRX_CONTINUE;
217}
218
219
220static int tkip_encrypt_skb(struct ieee80211_txrx_data *tx,
221 struct sk_buff *skb, int test)
222{
223 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
224 struct ieee80211_key *key = tx->key;
225 int hdrlen, len, tailneed;
226 u16 fc;
227 u8 *pos;
228
229 fc = le16_to_cpu(hdr->frame_control);
230 hdrlen = ieee80211_get_hdrlen(fc);
231 len = skb->len - hdrlen;
232
233 tailneed = !tx->key->force_sw_encrypt ? 0 : TKIP_ICV_LEN;
234 if ((skb_headroom(skb) < TKIP_IV_LEN ||
235 skb_tailroom(skb) < tailneed)) {
236 I802_DEBUG_INC(tx->local->tx_expand_skb_head);
237 if (unlikely(pskb_expand_head(skb, TKIP_IV_LEN, tailneed,
238 GFP_ATOMIC)))
239 return -1;
240 }
241
242 pos = skb_push(skb, TKIP_IV_LEN);
243 memmove(pos, pos + TKIP_IV_LEN, hdrlen);
244 pos += hdrlen;
245
246 /* Increase IV for the frame */
247 key->u.tkip.iv16++;
248 if (key->u.tkip.iv16 == 0)
249 key->u.tkip.iv32++;
250
251 if (!tx->key->force_sw_encrypt) {
252 u32 flags = tx->local->hw.flags;
253 hdr = (struct ieee80211_hdr *)skb->data;
254
255 /* hwaccel - with preallocated room for IV */
256 ieee80211_tkip_add_iv(pos, key,
257 (u8) (key->u.tkip.iv16 >> 8),
258 (u8) (((key->u.tkip.iv16 >> 8) | 0x20) &
259 0x7f),
260 (u8) key->u.tkip.iv16);
261
262 if (flags & IEEE80211_HW_TKIP_REQ_PHASE2_KEY)
263 ieee80211_tkip_gen_rc4key(key, hdr->addr2,
264 tx->u.tx.control->tkip_key);
265 else if (flags & IEEE80211_HW_TKIP_REQ_PHASE1_KEY) {
266 if (key->u.tkip.iv16 == 0 ||
267 !key->u.tkip.tx_initialized) {
268 ieee80211_tkip_gen_phase1key(key, hdr->addr2,
269 (u16 *)tx->u.tx.control->tkip_key);
270 key->u.tkip.tx_initialized = 1;
271 tx->u.tx.control->flags |=
272 IEEE80211_TXCTL_TKIP_NEW_PHASE1_KEY;
273 } else
274 tx->u.tx.control->flags &=
275 ~IEEE80211_TXCTL_TKIP_NEW_PHASE1_KEY;
276 }
277
278 tx->u.tx.control->key_idx = tx->key->hw_key_idx;
279 return 0;
280 }
281
282 /* Add room for ICV */
283 skb_put(skb, TKIP_ICV_LEN);
284
285 hdr = (struct ieee80211_hdr *) skb->data;
286 ieee80211_tkip_encrypt_data(tx->local->wep_tx_tfm,
287 key, pos, len, hdr->addr2);
288 return 0;
289}
290
291
292ieee80211_txrx_result
293ieee80211_tx_h_tkip_encrypt(struct ieee80211_txrx_data *tx)
294{
295 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) tx->skb->data;
296 u16 fc;
297 struct ieee80211_key *key = tx->key;
298 struct sk_buff *skb = tx->skb;
299 int wpa_test = 0, test = 0;
300
301 fc = le16_to_cpu(hdr->frame_control);
302
303 if (!key || key->alg != ALG_TKIP || !WLAN_FC_DATA_PRESENT(fc))
304 return TXRX_CONTINUE;
305
306 tx->u.tx.control->icv_len = TKIP_ICV_LEN;
307 tx->u.tx.control->iv_len = TKIP_IV_LEN;
308 ieee80211_tx_set_iswep(tx);
309
310 if (!tx->key->force_sw_encrypt &&
311 !(tx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) &&
312 !wpa_test) {
313 /* hwaccel - with no need for preallocated room for IV/ICV */
314 tx->u.tx.control->key_idx = tx->key->hw_key_idx;
315 return TXRX_CONTINUE;
316 }
317
318 if (tkip_encrypt_skb(tx, skb, test) < 0)
319 return TXRX_DROP;
320
321 if (tx->u.tx.extra_frag) {
322 int i;
323 for (i = 0; i < tx->u.tx.num_extra_frag; i++) {
324 if (tkip_encrypt_skb(tx, tx->u.tx.extra_frag[i], test)
325 < 0)
326 return TXRX_DROP;
327 }
328 }
329
330 return TXRX_CONTINUE;
331}
332
333
334ieee80211_txrx_result
335ieee80211_rx_h_tkip_decrypt(struct ieee80211_txrx_data *rx)
336{
337 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
338 u16 fc;
339 int hdrlen, res, hwaccel = 0, wpa_test = 0;
340 struct ieee80211_key *key = rx->key;
341 struct sk_buff *skb = rx->skb;
342
343 fc = le16_to_cpu(hdr->frame_control);
344 hdrlen = ieee80211_get_hdrlen(fc);
345
346 if (!rx->key || rx->key->alg != ALG_TKIP ||
347 !(rx->fc & IEEE80211_FCTL_PROTECTED) ||
348 (rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA)
349 return TXRX_CONTINUE;
350
351 if (!rx->sta || skb->len - hdrlen < 12)
352 return TXRX_DROP;
353
354 if ((rx->u.rx.status->flag & RX_FLAG_DECRYPTED) &&
355 !rx->key->force_sw_encrypt) {
356 if (!(rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV)) {
357 /* Hardware takes care of all processing, including
358 * replay protection, so no need to continue here. */
359 return TXRX_CONTINUE;
360 }
361
362 /* let TKIP code verify IV, but skip decryption */
363 hwaccel = 1;
364 }
365
366 res = ieee80211_tkip_decrypt_data(rx->local->wep_rx_tfm,
367 key, skb->data + hdrlen,
368 skb->len - hdrlen, rx->sta->addr,
369 hwaccel, rx->u.rx.queue);
370 if (res != TKIP_DECRYPT_OK || wpa_test) {
371 printk(KERN_DEBUG "%s: TKIP decrypt failed for RX frame from "
372 MAC_FMT " (res=%d)\n",
373 rx->dev->name, MAC_ARG(rx->sta->addr), res);
374 return TXRX_DROP;
375 }
376
377 /* Trim ICV */
378 skb_trim(skb, skb->len - TKIP_ICV_LEN);
379
380 /* Remove IV */
381 memmove(skb->data + TKIP_IV_LEN, skb->data, hdrlen);
382 skb_pull(skb, TKIP_IV_LEN);
383
384 return TXRX_CONTINUE;
385}
386
387
388static void ccmp_special_blocks(struct sk_buff *skb, u8 *pn, u8 *b_0, u8 *aad,
389 int encrypted)
390{
391 u16 fc;
392 int a4_included, qos_included;
393 u8 qos_tid, *fc_pos, *data, *sa, *da;
394 int len_a;
395 size_t data_len;
396 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
397
398 fc_pos = (u8 *) &hdr->frame_control;
399 fc = fc_pos[0] ^ (fc_pos[1] << 8);
400 a4_included = (fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) ==
401 (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS);
402
403 ieee80211_get_hdr_info(skb, &sa, &da, &qos_tid, &data, &data_len);
404 data_len -= CCMP_HDR_LEN + (encrypted ? CCMP_MIC_LEN : 0);
405 if (qos_tid & 0x80) {
406 qos_included = 1;
407 qos_tid &= 0x0f;
408 } else
409 qos_included = 0;
410 /* First block, b_0 */
411
412 b_0[0] = 0x59; /* flags: Adata: 1, M: 011, L: 001 */
413 /* Nonce: QoS Priority | A2 | PN */
414 b_0[1] = qos_tid;
415 memcpy(&b_0[2], hdr->addr2, 6);
416 memcpy(&b_0[8], pn, CCMP_PN_LEN);
417 /* l(m) */
418 b_0[14] = (data_len >> 8) & 0xff;
419 b_0[15] = data_len & 0xff;
420
421
422 /* AAD (extra authenticate-only data) / masked 802.11 header
423 * FC | A1 | A2 | A3 | SC | [A4] | [QC] */
424
425 len_a = a4_included ? 28 : 22;
426 if (qos_included)
427 len_a += 2;
428
429 aad[0] = 0; /* (len_a >> 8) & 0xff; */
430 aad[1] = len_a & 0xff;
431 /* Mask FC: zero subtype b4 b5 b6 */
432 aad[2] = fc_pos[0] & ~(BIT(4) | BIT(5) | BIT(6));
433 /* Retry, PwrMgt, MoreData; set Protected */
434 aad[3] = (fc_pos[1] & ~(BIT(3) | BIT(4) | BIT(5))) | BIT(6);
435 memcpy(&aad[4], &hdr->addr1, 18);
436
437 /* Mask Seq#, leave Frag# */
438 aad[22] = *((u8 *) &hdr->seq_ctrl) & 0x0f;
439 aad[23] = 0;
440 if (a4_included) {
441 memcpy(&aad[24], hdr->addr4, 6);
442 aad[30] = 0;
443 aad[31] = 0;
444 } else
445 memset(&aad[24], 0, 8);
446 if (qos_included) {
447 u8 *dpos = &aad[a4_included ? 30 : 24];
448
449 /* Mask QoS Control field */
450 dpos[0] = qos_tid;
451 dpos[1] = 0;
452 }
453}
454
455
456static inline void ccmp_pn2hdr(u8 *hdr, u8 *pn, int key_id)
457{
458 hdr[0] = pn[5];
459 hdr[1] = pn[4];
460 hdr[2] = 0;
461 hdr[3] = 0x20 | (key_id << 6);
462 hdr[4] = pn[3];
463 hdr[5] = pn[2];
464 hdr[6] = pn[1];
465 hdr[7] = pn[0];
466}
467
468
469static inline int ccmp_hdr2pn(u8 *pn, u8 *hdr)
470{
471 pn[0] = hdr[7];
472 pn[1] = hdr[6];
473 pn[2] = hdr[5];
474 pn[3] = hdr[4];
475 pn[4] = hdr[1];
476 pn[5] = hdr[0];
477 return (hdr[3] >> 6) & 0x03;
478}
479
480
481static int ccmp_encrypt_skb(struct ieee80211_txrx_data *tx,
482 struct sk_buff *skb, int test)
483{
484 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
485 struct ieee80211_key *key = tx->key;
486 int hdrlen, len, tailneed;
487 u16 fc;
488 u8 *pos, *pn, *b_0, *aad, *scratch;
489 int i;
490
491 scratch = key->u.ccmp.tx_crypto_buf;
492 b_0 = scratch + 3 * AES_BLOCK_LEN;
493 aad = scratch + 4 * AES_BLOCK_LEN;
494
495 fc = le16_to_cpu(hdr->frame_control);
496 hdrlen = ieee80211_get_hdrlen(fc);
497 len = skb->len - hdrlen;
498
499 tailneed = !key->force_sw_encrypt ? 0 : CCMP_MIC_LEN;
500
501 if ((skb_headroom(skb) < CCMP_HDR_LEN ||
502 skb_tailroom(skb) < tailneed)) {
503 I802_DEBUG_INC(tx->local->tx_expand_skb_head);
504 if (unlikely(pskb_expand_head(skb, CCMP_HDR_LEN, tailneed,
505 GFP_ATOMIC)))
506 return -1;
507 }
508
509 pos = skb_push(skb, CCMP_HDR_LEN);
510 memmove(pos, pos + CCMP_HDR_LEN, hdrlen);
511 hdr = (struct ieee80211_hdr *) pos;
512 pos += hdrlen;
513
514 /* PN = PN + 1 */
515 pn = key->u.ccmp.tx_pn;
516
517 for (i = CCMP_PN_LEN - 1; i >= 0; i--) {
518 pn[i]++;
519 if (pn[i])
520 break;
521 }
522
523 ccmp_pn2hdr(pos, pn, key->keyidx);
524
525 if (!key->force_sw_encrypt) {
526 /* hwaccel - with preallocated room for CCMP header */
527 tx->u.tx.control->key_idx = key->hw_key_idx;
528 return 0;
529 }
530
531 pos += CCMP_HDR_LEN;
532 ccmp_special_blocks(skb, pn, b_0, aad, 0);
533 ieee80211_aes_ccm_encrypt(key->u.ccmp.tfm, scratch, b_0, aad, pos, len,
534 pos, skb_put(skb, CCMP_MIC_LEN));
535
536 return 0;
537}
538
539
540ieee80211_txrx_result
541ieee80211_tx_h_ccmp_encrypt(struct ieee80211_txrx_data *tx)
542{
543 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) tx->skb->data;
544 struct ieee80211_key *key = tx->key;
545 u16 fc;
546 struct sk_buff *skb = tx->skb;
547 int test = 0;
548
549 fc = le16_to_cpu(hdr->frame_control);
550
551 if (!key || key->alg != ALG_CCMP || !WLAN_FC_DATA_PRESENT(fc))
552 return TXRX_CONTINUE;
553
554 tx->u.tx.control->icv_len = CCMP_MIC_LEN;
555 tx->u.tx.control->iv_len = CCMP_HDR_LEN;
556 ieee80211_tx_set_iswep(tx);
557
558 if (!tx->key->force_sw_encrypt &&
559 !(tx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV)) {
560 /* hwaccel - with no need for preallocated room for CCMP "
561 * header or MIC fields */
562 tx->u.tx.control->key_idx = tx->key->hw_key_idx;
563 return TXRX_CONTINUE;
564 }
565
566 if (ccmp_encrypt_skb(tx, skb, test) < 0)
567 return TXRX_DROP;
568
569 if (tx->u.tx.extra_frag) {
570 int i;
571
572 for (i = 0; i < tx->u.tx.num_extra_frag; i++) {
573 if (ccmp_encrypt_skb(tx, tx->u.tx.extra_frag[i], test)
574 < 0)
575 return TXRX_DROP;
576 }
577 }
578
579 return TXRX_CONTINUE;
580}
581
582
583ieee80211_txrx_result
584ieee80211_rx_h_ccmp_decrypt(struct ieee80211_txrx_data *rx)
585{
586 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
587 u16 fc;
588 int hdrlen;
589 struct ieee80211_key *key = rx->key;
590 struct sk_buff *skb = rx->skb;
591 u8 pn[CCMP_PN_LEN];
592 int data_len;
593
594 fc = le16_to_cpu(hdr->frame_control);
595 hdrlen = ieee80211_get_hdrlen(fc);
596
597 if (!key || key->alg != ALG_CCMP ||
598 !(rx->fc & IEEE80211_FCTL_PROTECTED) ||
599 (rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA)
600 return TXRX_CONTINUE;
601
602 data_len = skb->len - hdrlen - CCMP_HDR_LEN - CCMP_MIC_LEN;
603 if (!rx->sta || data_len < 0)
604 return TXRX_DROP;
605
606 if ((rx->u.rx.status->flag & RX_FLAG_DECRYPTED) &&
607 !key->force_sw_encrypt &&
608 !(rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV))
609 return TXRX_CONTINUE;
610
611 (void) ccmp_hdr2pn(pn, skb->data + hdrlen);
612
613 if (memcmp(pn, key->u.ccmp.rx_pn[rx->u.rx.queue], CCMP_PN_LEN) <= 0) {
614#ifdef CONFIG_MAC80211_DEBUG
615 u8 *ppn = key->u.ccmp.rx_pn[rx->u.rx.queue];
616 printk(KERN_DEBUG "%s: CCMP replay detected for RX frame from "
617 MAC_FMT " (RX PN %02x%02x%02x%02x%02x%02x <= prev. PN "
618 "%02x%02x%02x%02x%02x%02x)\n", rx->dev->name,
619 MAC_ARG(rx->sta->addr),
620 pn[0], pn[1], pn[2], pn[3], pn[4], pn[5],
621 ppn[0], ppn[1], ppn[2], ppn[3], ppn[4], ppn[5]);
622#endif /* CONFIG_MAC80211_DEBUG */
623 key->u.ccmp.replays++;
624 return TXRX_DROP;
625 }
626
627 if ((rx->u.rx.status->flag & RX_FLAG_DECRYPTED) &&
628 !key->force_sw_encrypt) {
629 /* hwaccel has already decrypted frame and verified MIC */
630 } else {
631 u8 *scratch, *b_0, *aad;
632
633 scratch = key->u.ccmp.rx_crypto_buf;
634 b_0 = scratch + 3 * AES_BLOCK_LEN;
635 aad = scratch + 4 * AES_BLOCK_LEN;
636
637 ccmp_special_blocks(skb, pn, b_0, aad, 1);
638
639 if (ieee80211_aes_ccm_decrypt(
640 key->u.ccmp.tfm, scratch, b_0, aad,
641 skb->data + hdrlen + CCMP_HDR_LEN, data_len,
642 skb->data + skb->len - CCMP_MIC_LEN,
643 skb->data + hdrlen + CCMP_HDR_LEN)) {
644 printk(KERN_DEBUG "%s: CCMP decrypt failed for RX "
645 "frame from " MAC_FMT "\n", rx->dev->name,
646 MAC_ARG(rx->sta->addr));
647 return TXRX_DROP;
648 }
649 }
650
651 memcpy(key->u.ccmp.rx_pn[rx->u.rx.queue], pn, CCMP_PN_LEN);
652
653 /* Remove CCMP header and MIC */
654 skb_trim(skb, skb->len - CCMP_MIC_LEN);
655 memmove(skb->data + CCMP_HDR_LEN, skb->data, hdrlen);
656 skb_pull(skb, CCMP_HDR_LEN);
657
658 return TXRX_CONTINUE;
659}
660
diff --git a/net/mac80211/wpa.h b/net/mac80211/wpa.h
new file mode 100644
index 000000000000..da3b9594f9c3
--- /dev/null
+++ b/net/mac80211/wpa.h
@@ -0,0 +1,31 @@
1/*
2 * Copyright 2002-2004, Instant802 Networks, Inc.
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License version 2 as
6 * published by the Free Software Foundation.
7 */
8
9#ifndef WPA_H
10#define WPA_H
11
12#include <linux/skbuff.h>
13#include <linux/types.h>
14#include "ieee80211_i.h"
15
16ieee80211_txrx_result
17ieee80211_tx_h_michael_mic_add(struct ieee80211_txrx_data *tx);
18ieee80211_txrx_result
19ieee80211_rx_h_michael_mic_verify(struct ieee80211_txrx_data *rx);
20
21ieee80211_txrx_result
22ieee80211_tx_h_tkip_encrypt(struct ieee80211_txrx_data *tx);
23ieee80211_txrx_result
24ieee80211_rx_h_tkip_decrypt(struct ieee80211_txrx_data *rx);
25
26ieee80211_txrx_result
27ieee80211_tx_h_ccmp_encrypt(struct ieee80211_txrx_data *tx);
28ieee80211_txrx_result
29ieee80211_rx_h_ccmp_decrypt(struct ieee80211_txrx_data *rx);
30
31#endif /* WPA_H */