aboutsummaryrefslogtreecommitdiffstats
path: root/net/mac80211
diff options
context:
space:
mode:
Diffstat (limited to 'net/mac80211')
-rw-r--r--net/mac80211/Kconfig25
-rw-r--r--net/mac80211/Makefile6
-rw-r--r--net/mac80211/agg-rx.c22
-rw-r--r--net/mac80211/agg-tx.c133
-rw-r--r--net/mac80211/cfg.c260
-rw-r--r--net/mac80211/debugfs.c202
-rw-r--r--net/mac80211/debugfs.h2
-rw-r--r--net/mac80211/debugfs_key.c47
-rw-r--r--net/mac80211/debugfs_netdev.c391
-rw-r--r--net/mac80211/debugfs_netdev.h9
-rw-r--r--net/mac80211/debugfs_sta.c147
-rw-r--r--net/mac80211/driver-ops.h168
-rw-r--r--net/mac80211/driver-trace.h207
-rw-r--r--net/mac80211/ht.c80
-rw-r--r--net/mac80211/ibss.c139
-rw-r--r--net/mac80211/ieee80211_i.h394
-rw-r--r--net/mac80211/iface.c190
-rw-r--r--net/mac80211/key.c11
-rw-r--r--net/mac80211/key.h20
-rw-r--r--net/mac80211/led.c1
-rw-r--r--net/mac80211/main.c426
-rw-r--r--net/mac80211/mesh.c165
-rw-r--r--net/mac80211/mesh.h35
-rw-r--r--net/mac80211/mesh_hwmp.c426
-rw-r--r--net/mac80211/mesh_pathtbl.c32
-rw-r--r--net/mac80211/mesh_plink.c84
-rw-r--r--net/mac80211/mlme.c1366
-rw-r--r--net/mac80211/offchannel.c170
-rw-r--r--net/mac80211/pm.c18
-rw-r--r--net/mac80211/rate.c113
-rw-r--r--net/mac80211/rate.h28
-rw-r--r--net/mac80211/rc80211_minstrel.c1
-rw-r--r--net/mac80211/rc80211_minstrel_debugfs.c1
-rw-r--r--net/mac80211/rc80211_pid_algo.c11
-rw-r--r--net/mac80211/rc80211_pid_debugfs.c1
-rw-r--r--net/mac80211/rx.c1419
-rw-r--r--net/mac80211/scan.c349
-rw-r--r--net/mac80211/spectmgmt.c6
-rw-r--r--net/mac80211/sta_info.c935
-rw-r--r--net/mac80211/sta_info.h119
-rw-r--r--net/mac80211/status.c388
-rw-r--r--net/mac80211/tkip.c47
-rw-r--r--net/mac80211/tx.c503
-rw-r--r--net/mac80211/util.c363
-rw-r--r--net/mac80211/wep.c26
-rw-r--r--net/mac80211/wme.c96
-rw-r--r--net/mac80211/wme.h8
-rw-r--r--net/mac80211/work.c1101
-rw-r--r--net/mac80211/wpa.c84
49 files changed, 6624 insertions, 4151 deletions
diff --git a/net/mac80211/Kconfig b/net/mac80211/Kconfig
index 4d5543af3123..a952b7f8c648 100644
--- a/net/mac80211/Kconfig
+++ b/net/mac80211/Kconfig
@@ -96,18 +96,6 @@ menuconfig MAC80211_DEBUG_MENU
96 ---help--- 96 ---help---
97 This option collects various mac80211 debug settings. 97 This option collects various mac80211 debug settings.
98 98
99config MAC80211_DEBUG_PACKET_ALIGNMENT
100 bool "Enable packet alignment debugging"
101 depends on MAC80211_DEBUG_MENU
102 ---help---
103 This option is recommended for driver authors and strongly
104 discouraged for everybody else, it will trigger a warning
105 when a driver hands mac80211 a buffer that is aligned in
106 a way that will cause problems with the IP stack on some
107 architectures.
108
109 Say N unless you're writing a mac80211 based driver.
110
111config MAC80211_NOINLINE 99config MAC80211_NOINLINE
112 bool "Do not inline TX/RX handlers" 100 bool "Do not inline TX/RX handlers"
113 depends on MAC80211_DEBUG_MENU 101 depends on MAC80211_DEBUG_MENU
@@ -194,6 +182,19 @@ config MAC80211_VERBOSE_MPL_DEBUG
194 182
195 Do not select this option. 183 Do not select this option.
196 184
185config MAC80211_VERBOSE_MHWMP_DEBUG
186 bool "Verbose mesh HWMP routing debugging"
187 depends on MAC80211_DEBUG_MENU
188 depends on MAC80211_MESH
189 ---help---
190 Selecting this option causes mac80211 to print out very
191 verbose mesh routing (HWMP) debugging messages (when mac80211
192 is taking part in a mesh network).
193 It should not be selected on production systems as those
194 messages are remotely triggerable.
195
196 Do not select this option.
197
197config MAC80211_DEBUG_COUNTERS 198config MAC80211_DEBUG_COUNTERS
198 bool "Extra statistics for TX/RX debugging" 199 bool "Extra statistics for TX/RX debugging"
199 depends on MAC80211_DEBUG_MENU 200 depends on MAC80211_DEBUG_MENU
diff --git a/net/mac80211/Makefile b/net/mac80211/Makefile
index 9f3cf7129324..04420291e7ad 100644
--- a/net/mac80211/Makefile
+++ b/net/mac80211/Makefile
@@ -2,14 +2,14 @@ obj-$(CONFIG_MAC80211) += mac80211.o
2 2
3# mac80211 objects 3# mac80211 objects
4mac80211-y := \ 4mac80211-y := \
5 main.o \ 5 main.o status.o \
6 sta_info.o \ 6 sta_info.o \
7 wep.o \ 7 wep.o \
8 wpa.o \ 8 wpa.o \
9 scan.o \ 9 scan.o offchannel.o \
10 ht.o agg-tx.o agg-rx.o \ 10 ht.o agg-tx.o agg-rx.o \
11 ibss.o \ 11 ibss.o \
12 mlme.o \ 12 mlme.o work.o \
13 iface.o \ 13 iface.o \
14 rate.o \ 14 rate.o \
15 michael.o \ 15 michael.o \
diff --git a/net/mac80211/agg-rx.c b/net/mac80211/agg-rx.c
index ce8e0e772bab..f9516a27e233 100644
--- a/net/mac80211/agg-rx.c
+++ b/net/mac80211/agg-rx.c
@@ -14,6 +14,7 @@
14 */ 14 */
15 15
16#include <linux/ieee80211.h> 16#include <linux/ieee80211.h>
17#include <linux/slab.h>
17#include <net/mac80211.h> 18#include <net/mac80211.h>
18#include "ieee80211_i.h" 19#include "ieee80211_i.h"
19#include "driver-ops.h" 20#include "driver-ops.h"
@@ -41,7 +42,7 @@ void __ieee80211_stop_rx_ba_session(struct sta_info *sta, u16 tid,
41 sta->sta.addr, tid); 42 sta->sta.addr, tid);
42#endif /* CONFIG_MAC80211_HT_DEBUG */ 43#endif /* CONFIG_MAC80211_HT_DEBUG */
43 44
44 if (drv_ampdu_action(local, IEEE80211_AMPDU_RX_STOP, 45 if (drv_ampdu_action(local, sta->sdata, IEEE80211_AMPDU_RX_STOP,
45 &sta->sta, tid, NULL)) 46 &sta->sta, tid, NULL))
46 printk(KERN_DEBUG "HW problem - can not stop rx " 47 printk(KERN_DEBUG "HW problem - can not stop rx "
47 "aggregation for tid %d\n", tid); 48 "aggregation for tid %d\n", tid);
@@ -82,12 +83,11 @@ void __ieee80211_stop_rx_ba_session(struct sta_info *sta, u16 tid,
82void ieee80211_sta_stop_rx_ba_session(struct ieee80211_sub_if_data *sdata, u8 *ra, u16 tid, 83void ieee80211_sta_stop_rx_ba_session(struct ieee80211_sub_if_data *sdata, u8 *ra, u16 tid,
83 u16 initiator, u16 reason) 84 u16 initiator, u16 reason)
84{ 85{
85 struct ieee80211_local *local = sdata->local;
86 struct sta_info *sta; 86 struct sta_info *sta;
87 87
88 rcu_read_lock(); 88 rcu_read_lock();
89 89
90 sta = sta_info_get(local, ra); 90 sta = sta_info_get(sdata, ra);
91 if (!sta) { 91 if (!sta) {
92 rcu_read_unlock(); 92 rcu_read_unlock();
93 return; 93 return;
@@ -135,7 +135,7 @@ static void ieee80211_send_addba_resp(struct ieee80211_sub_if_data *sdata, u8 *d
135 135
136 if (!skb) { 136 if (!skb) {
137 printk(KERN_DEBUG "%s: failed to allocate buffer " 137 printk(KERN_DEBUG "%s: failed to allocate buffer "
138 "for addba resp frame\n", sdata->dev->name); 138 "for addba resp frame\n", sdata->name);
139 return; 139 return;
140 } 140 }
141 141
@@ -143,10 +143,10 @@ static void ieee80211_send_addba_resp(struct ieee80211_sub_if_data *sdata, u8 *d
143 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24); 143 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
144 memset(mgmt, 0, 24); 144 memset(mgmt, 0, 24);
145 memcpy(mgmt->da, da, ETH_ALEN); 145 memcpy(mgmt->da, da, ETH_ALEN);
146 memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN); 146 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
147 if (sdata->vif.type == NL80211_IFTYPE_AP || 147 if (sdata->vif.type == NL80211_IFTYPE_AP ||
148 sdata->vif.type == NL80211_IFTYPE_AP_VLAN) 148 sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
149 memcpy(mgmt->bssid, sdata->dev->dev_addr, ETH_ALEN); 149 memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN);
150 else if (sdata->vif.type == NL80211_IFTYPE_STATION) 150 else if (sdata->vif.type == NL80211_IFTYPE_STATION)
151 memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN); 151 memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN);
152 152
@@ -166,7 +166,7 @@ static void ieee80211_send_addba_resp(struct ieee80211_sub_if_data *sdata, u8 *d
166 mgmt->u.action.u.addba_resp.timeout = cpu_to_le16(timeout); 166 mgmt->u.action.u.addba_resp.timeout = cpu_to_le16(timeout);
167 mgmt->u.action.u.addba_resp.status = cpu_to_le16(status); 167 mgmt->u.action.u.addba_resp.status = cpu_to_le16(status);
168 168
169 ieee80211_tx_skb(sdata, skb, 1); 169 ieee80211_tx_skb(sdata, skb);
170} 170}
171 171
172void ieee80211_process_addba_request(struct ieee80211_local *local, 172void ieee80211_process_addba_request(struct ieee80211_local *local,
@@ -206,9 +206,9 @@ void ieee80211_process_addba_request(struct ieee80211_local *local,
206 * check if configuration can support the BA policy 206 * check if configuration can support the BA policy
207 * and if buffer size does not exceeds max value */ 207 * and if buffer size does not exceeds max value */
208 /* XXX: check own ht delayed BA capability?? */ 208 /* XXX: check own ht delayed BA capability?? */
209 if (((ba_policy != 1) 209 if (((ba_policy != 1) &&
210 && (!(sta->sta.ht_cap.cap & IEEE80211_HT_CAP_DELAY_BA))) 210 (!(sta->sta.ht_cap.cap & IEEE80211_HT_CAP_DELAY_BA))) ||
211 || (buf_size > IEEE80211_MAX_AMPDU_BUF)) { 211 (buf_size > IEEE80211_MAX_AMPDU_BUF)) {
212 status = WLAN_STATUS_INVALID_QOS_PARAM; 212 status = WLAN_STATUS_INVALID_QOS_PARAM;
213#ifdef CONFIG_MAC80211_HT_DEBUG 213#ifdef CONFIG_MAC80211_HT_DEBUG
214 if (net_ratelimit()) 214 if (net_ratelimit())
@@ -280,7 +280,7 @@ void ieee80211_process_addba_request(struct ieee80211_local *local,
280 goto end; 280 goto end;
281 } 281 }
282 282
283 ret = drv_ampdu_action(local, IEEE80211_AMPDU_RX_START, 283 ret = drv_ampdu_action(local, sta->sdata, IEEE80211_AMPDU_RX_START,
284 &sta->sta, tid, &start_seq_num); 284 &sta->sta, tid, &start_seq_num);
285#ifdef CONFIG_MAC80211_HT_DEBUG 285#ifdef CONFIG_MAC80211_HT_DEBUG
286 printk(KERN_DEBUG "Rx A-MPDU request on tid %d result %d\n", tid, ret); 286 printk(KERN_DEBUG "Rx A-MPDU request on tid %d result %d\n", tid, ret);
diff --git a/net/mac80211/agg-tx.c b/net/mac80211/agg-tx.c
index 89e238b001de..87782a4bb541 100644
--- a/net/mac80211/agg-tx.c
+++ b/net/mac80211/agg-tx.c
@@ -14,6 +14,7 @@
14 */ 14 */
15 15
16#include <linux/ieee80211.h> 16#include <linux/ieee80211.h>
17#include <linux/slab.h>
17#include <net/mac80211.h> 18#include <net/mac80211.h>
18#include "ieee80211_i.h" 19#include "ieee80211_i.h"
19#include "driver-ops.h" 20#include "driver-ops.h"
@@ -58,17 +59,17 @@ static void ieee80211_send_addba_request(struct ieee80211_sub_if_data *sdata,
58 59
59 if (!skb) { 60 if (!skb) {
60 printk(KERN_ERR "%s: failed to allocate buffer " 61 printk(KERN_ERR "%s: failed to allocate buffer "
61 "for addba request frame\n", sdata->dev->name); 62 "for addba request frame\n", sdata->name);
62 return; 63 return;
63 } 64 }
64 skb_reserve(skb, local->hw.extra_tx_headroom); 65 skb_reserve(skb, local->hw.extra_tx_headroom);
65 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24); 66 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
66 memset(mgmt, 0, 24); 67 memset(mgmt, 0, 24);
67 memcpy(mgmt->da, da, ETH_ALEN); 68 memcpy(mgmt->da, da, ETH_ALEN);
68 memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN); 69 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
69 if (sdata->vif.type == NL80211_IFTYPE_AP || 70 if (sdata->vif.type == NL80211_IFTYPE_AP ||
70 sdata->vif.type == NL80211_IFTYPE_AP_VLAN) 71 sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
71 memcpy(mgmt->bssid, sdata->dev->dev_addr, ETH_ALEN); 72 memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN);
72 else if (sdata->vif.type == NL80211_IFTYPE_STATION) 73 else if (sdata->vif.type == NL80211_IFTYPE_STATION)
73 memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN); 74 memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN);
74 75
@@ -91,7 +92,7 @@ static void ieee80211_send_addba_request(struct ieee80211_sub_if_data *sdata,
91 mgmt->u.action.u.addba_req.start_seq_num = 92 mgmt->u.action.u.addba_req.start_seq_num =
92 cpu_to_le16(start_seq_num << 4); 93 cpu_to_le16(start_seq_num << 4);
93 94
94 ieee80211_tx_skb(sdata, skb, 1); 95 ieee80211_tx_skb(sdata, skb);
95} 96}
96 97
97void ieee80211_send_bar(struct ieee80211_sub_if_data *sdata, u8 *ra, u16 tid, u16 ssn) 98void ieee80211_send_bar(struct ieee80211_sub_if_data *sdata, u8 *ra, u16 tid, u16 ssn)
@@ -104,7 +105,7 @@ void ieee80211_send_bar(struct ieee80211_sub_if_data *sdata, u8 *ra, u16 tid, u1
104 skb = dev_alloc_skb(sizeof(*bar) + local->hw.extra_tx_headroom); 105 skb = dev_alloc_skb(sizeof(*bar) + local->hw.extra_tx_headroom);
105 if (!skb) { 106 if (!skb) {
106 printk(KERN_ERR "%s: failed to allocate buffer for " 107 printk(KERN_ERR "%s: failed to allocate buffer for "
107 "bar frame\n", sdata->dev->name); 108 "bar frame\n", sdata->name);
108 return; 109 return;
109 } 110 }
110 skb_reserve(skb, local->hw.extra_tx_headroom); 111 skb_reserve(skb, local->hw.extra_tx_headroom);
@@ -113,14 +114,15 @@ void ieee80211_send_bar(struct ieee80211_sub_if_data *sdata, u8 *ra, u16 tid, u1
113 bar->frame_control = cpu_to_le16(IEEE80211_FTYPE_CTL | 114 bar->frame_control = cpu_to_le16(IEEE80211_FTYPE_CTL |
114 IEEE80211_STYPE_BACK_REQ); 115 IEEE80211_STYPE_BACK_REQ);
115 memcpy(bar->ra, ra, ETH_ALEN); 116 memcpy(bar->ra, ra, ETH_ALEN);
116 memcpy(bar->ta, sdata->dev->dev_addr, ETH_ALEN); 117 memcpy(bar->ta, sdata->vif.addr, ETH_ALEN);
117 bar_control |= (u16)IEEE80211_BAR_CTRL_ACK_POLICY_NORMAL; 118 bar_control |= (u16)IEEE80211_BAR_CTRL_ACK_POLICY_NORMAL;
118 bar_control |= (u16)IEEE80211_BAR_CTRL_CBMTID_COMPRESSED_BA; 119 bar_control |= (u16)IEEE80211_BAR_CTRL_CBMTID_COMPRESSED_BA;
119 bar_control |= (u16)(tid << 12); 120 bar_control |= (u16)(tid << 12);
120 bar->control = cpu_to_le16(bar_control); 121 bar->control = cpu_to_le16(bar_control);
121 bar->start_seq_num = cpu_to_le16(ssn); 122 bar->start_seq_num = cpu_to_le16(ssn);
122 123
123 ieee80211_tx_skb(sdata, skb, 0); 124 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
125 ieee80211_tx_skb(sdata, skb);
124} 126}
125 127
126int ___ieee80211_stop_tx_ba_session(struct sta_info *sta, u16 tid, 128int ___ieee80211_stop_tx_ba_session(struct sta_info *sta, u16 tid,
@@ -143,7 +145,8 @@ int ___ieee80211_stop_tx_ba_session(struct sta_info *sta, u16 tid,
143 *state = HT_AGG_STATE_REQ_STOP_BA_MSK | 145 *state = HT_AGG_STATE_REQ_STOP_BA_MSK |
144 (initiator << HT_AGG_STATE_INITIATOR_SHIFT); 146 (initiator << HT_AGG_STATE_INITIATOR_SHIFT);
145 147
146 ret = drv_ampdu_action(local, IEEE80211_AMPDU_TX_STOP, 148 ret = drv_ampdu_action(local, sta->sdata,
149 IEEE80211_AMPDU_TX_STOP,
147 &sta->sta, tid, NULL); 150 &sta->sta, tid, NULL);
148 151
149 /* HW shall not deny going back to legacy */ 152 /* HW shall not deny going back to legacy */
@@ -177,10 +180,10 @@ static void sta_addba_resp_timer_expired(unsigned long data)
177 180
178 /* check if the TID waits for addBA response */ 181 /* check if the TID waits for addBA response */
179 spin_lock_bh(&sta->lock); 182 spin_lock_bh(&sta->lock);
180 if ((*state & (HT_ADDBA_REQUESTED_MSK | HT_ADDBA_RECEIVED_MSK)) != 183 if ((*state & (HT_ADDBA_REQUESTED_MSK | HT_ADDBA_RECEIVED_MSK |
184 HT_AGG_STATE_REQ_STOP_BA_MSK)) !=
181 HT_ADDBA_REQUESTED_MSK) { 185 HT_ADDBA_REQUESTED_MSK) {
182 spin_unlock_bh(&sta->lock); 186 spin_unlock_bh(&sta->lock);
183 *state = HT_AGG_STATE_IDLE;
184#ifdef CONFIG_MAC80211_HT_DEBUG 187#ifdef CONFIG_MAC80211_HT_DEBUG
185 printk(KERN_DEBUG "timer expired on tid %d but we are not " 188 printk(KERN_DEBUG "timer expired on tid %d but we are not "
186 "(or no longer) expecting addBA response there", 189 "(or no longer) expecting addBA response there",
@@ -202,11 +205,11 @@ static inline int ieee80211_ac_from_tid(int tid)
202 return ieee802_1d_to_ac[tid & 7]; 205 return ieee802_1d_to_ac[tid & 7];
203} 206}
204 207
205int ieee80211_start_tx_ba_session(struct ieee80211_hw *hw, u8 *ra, u16 tid) 208int ieee80211_start_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid)
206{ 209{
207 struct ieee80211_local *local = hw_to_local(hw); 210 struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
208 struct sta_info *sta; 211 struct ieee80211_sub_if_data *sdata = sta->sdata;
209 struct ieee80211_sub_if_data *sdata; 212 struct ieee80211_local *local = sdata->local;
210 u8 *state; 213 u8 *state;
211 int ret = 0; 214 int ret = 0;
212 u16 start_seq_num; 215 u16 start_seq_num;
@@ -214,36 +217,32 @@ int ieee80211_start_tx_ba_session(struct ieee80211_hw *hw, u8 *ra, u16 tid)
214 if (WARN_ON(!local->ops->ampdu_action)) 217 if (WARN_ON(!local->ops->ampdu_action))
215 return -EINVAL; 218 return -EINVAL;
216 219
217 if ((tid >= STA_TID_NUM) || !(hw->flags & IEEE80211_HW_AMPDU_AGGREGATION)) 220 if ((tid >= STA_TID_NUM) ||
221 !(local->hw.flags & IEEE80211_HW_AMPDU_AGGREGATION))
218 return -EINVAL; 222 return -EINVAL;
219 223
220#ifdef CONFIG_MAC80211_HT_DEBUG 224#ifdef CONFIG_MAC80211_HT_DEBUG
221 printk(KERN_DEBUG "Open BA session requested for %pM tid %u\n", 225 printk(KERN_DEBUG "Open BA session requested for %pM tid %u\n",
222 ra, tid); 226 pubsta->addr, tid);
223#endif /* CONFIG_MAC80211_HT_DEBUG */ 227#endif /* CONFIG_MAC80211_HT_DEBUG */
224 228
225 rcu_read_lock();
226
227 sta = sta_info_get(local, ra);
228 if (!sta) {
229#ifdef CONFIG_MAC80211_HT_DEBUG
230 printk(KERN_DEBUG "Could not find the station\n");
231#endif
232 ret = -ENOENT;
233 goto unlock;
234 }
235
236 /* 229 /*
237 * The aggregation code is not prepared to handle 230 * The aggregation code is not prepared to handle
238 * anything but STA/AP due to the BSSID handling. 231 * anything but STA/AP due to the BSSID handling.
239 * IBSS could work in the code but isn't supported 232 * IBSS could work in the code but isn't supported
240 * by drivers or the standard. 233 * by drivers or the standard.
241 */ 234 */
242 if (sta->sdata->vif.type != NL80211_IFTYPE_STATION && 235 if (sdata->vif.type != NL80211_IFTYPE_STATION &&
243 sta->sdata->vif.type != NL80211_IFTYPE_AP_VLAN && 236 sdata->vif.type != NL80211_IFTYPE_AP_VLAN &&
244 sta->sdata->vif.type != NL80211_IFTYPE_AP) { 237 sdata->vif.type != NL80211_IFTYPE_AP)
245 ret = -EINVAL; 238 return -EINVAL;
246 goto unlock; 239
240 if (test_sta_flags(sta, WLAN_STA_DISASSOC)) {
241#ifdef CONFIG_MAC80211_HT_DEBUG
242 printk(KERN_DEBUG "Disassociation is in progress. "
243 "Denying BA session request\n");
244#endif
245 return -EINVAL;
247 } 246 }
248 247
249 if (test_sta_flags(sta, WLAN_STA_SUSPEND)) { 248 if (test_sta_flags(sta, WLAN_STA_SUSPEND)) {
@@ -251,15 +250,12 @@ int ieee80211_start_tx_ba_session(struct ieee80211_hw *hw, u8 *ra, u16 tid)
251 printk(KERN_DEBUG "Suspend in progress. " 250 printk(KERN_DEBUG "Suspend in progress. "
252 "Denying BA session request\n"); 251 "Denying BA session request\n");
253#endif 252#endif
254 ret = -EINVAL; 253 return -EINVAL;
255 goto unlock;
256 } 254 }
257 255
258 spin_lock_bh(&sta->lock); 256 spin_lock_bh(&sta->lock);
259 spin_lock(&local->ampdu_lock); 257 spin_lock(&local->ampdu_lock);
260 258
261 sdata = sta->sdata;
262
263 /* we have tried too many times, receiver does not want A-MPDU */ 259 /* we have tried too many times, receiver does not want A-MPDU */
264 if (sta->ampdu_mlme.addba_req_num[tid] > HT_AGG_MAX_RETRIES) { 260 if (sta->ampdu_mlme.addba_req_num[tid] > HT_AGG_MAX_RETRIES) {
265 ret = -EBUSY; 261 ret = -EBUSY;
@@ -314,10 +310,10 @@ int ieee80211_start_tx_ba_session(struct ieee80211_hw *hw, u8 *ra, u16 tid)
314 * call back right away, it must see that the flow has begun */ 310 * call back right away, it must see that the flow has begun */
315 *state |= HT_ADDBA_REQUESTED_MSK; 311 *state |= HT_ADDBA_REQUESTED_MSK;
316 312
317 start_seq_num = sta->tid_seq[tid]; 313 start_seq_num = sta->tid_seq[tid] >> 4;
318 314
319 ret = drv_ampdu_action(local, IEEE80211_AMPDU_TX_START, 315 ret = drv_ampdu_action(local, sdata, IEEE80211_AMPDU_TX_START,
320 &sta->sta, tid, &start_seq_num); 316 pubsta, tid, &start_seq_num);
321 317
322 if (ret) { 318 if (ret) {
323#ifdef CONFIG_MAC80211_HT_DEBUG 319#ifdef CONFIG_MAC80211_HT_DEBUG
@@ -342,7 +338,7 @@ int ieee80211_start_tx_ba_session(struct ieee80211_hw *hw, u8 *ra, u16 tid)
342 sta->ampdu_mlme.dialog_token_allocator; 338 sta->ampdu_mlme.dialog_token_allocator;
343 sta->ampdu_mlme.tid_tx[tid]->ssn = start_seq_num; 339 sta->ampdu_mlme.tid_tx[tid]->ssn = start_seq_num;
344 340
345 ieee80211_send_addba_request(sta->sdata, ra, tid, 341 ieee80211_send_addba_request(sdata, pubsta->addr, tid,
346 sta->ampdu_mlme.tid_tx[tid]->dialog_token, 342 sta->ampdu_mlme.tid_tx[tid]->dialog_token,
347 sta->ampdu_mlme.tid_tx[tid]->ssn, 343 sta->ampdu_mlme.tid_tx[tid]->ssn,
348 0x40, 5000); 344 0x40, 5000);
@@ -354,7 +350,7 @@ int ieee80211_start_tx_ba_session(struct ieee80211_hw *hw, u8 *ra, u16 tid)
354#ifdef CONFIG_MAC80211_HT_DEBUG 350#ifdef CONFIG_MAC80211_HT_DEBUG
355 printk(KERN_DEBUG "activated addBA response timer on tid %d\n", tid); 351 printk(KERN_DEBUG "activated addBA response timer on tid %d\n", tid);
356#endif 352#endif
357 goto unlock; 353 return 0;
358 354
359 err_free: 355 err_free:
360 kfree(sta->ampdu_mlme.tid_tx[tid]); 356 kfree(sta->ampdu_mlme.tid_tx[tid]);
@@ -366,8 +362,6 @@ int ieee80211_start_tx_ba_session(struct ieee80211_hw *hw, u8 *ra, u16 tid)
366 err_unlock_sta: 362 err_unlock_sta:
367 spin_unlock(&local->ampdu_lock); 363 spin_unlock(&local->ampdu_lock);
368 spin_unlock_bh(&sta->lock); 364 spin_unlock_bh(&sta->lock);
369 unlock:
370 rcu_read_unlock();
371 return ret; 365 return ret;
372} 366}
373EXPORT_SYMBOL(ieee80211_start_tx_ba_session); 367EXPORT_SYMBOL(ieee80211_start_tx_ba_session);
@@ -434,13 +428,15 @@ static void ieee80211_agg_tx_operational(struct ieee80211_local *local,
434 ieee80211_agg_splice_finish(local, sta, tid); 428 ieee80211_agg_splice_finish(local, sta, tid);
435 spin_unlock(&local->ampdu_lock); 429 spin_unlock(&local->ampdu_lock);
436 430
437 drv_ampdu_action(local, IEEE80211_AMPDU_TX_OPERATIONAL, 431 drv_ampdu_action(local, sta->sdata,
432 IEEE80211_AMPDU_TX_OPERATIONAL,
438 &sta->sta, tid, NULL); 433 &sta->sta, tid, NULL);
439} 434}
440 435
441void ieee80211_start_tx_ba_cb(struct ieee80211_hw *hw, u8 *ra, u16 tid) 436void ieee80211_start_tx_ba_cb(struct ieee80211_vif *vif, u8 *ra, u16 tid)
442{ 437{
443 struct ieee80211_local *local = hw_to_local(hw); 438 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
439 struct ieee80211_local *local = sdata->local;
444 struct sta_info *sta; 440 struct sta_info *sta;
445 u8 *state; 441 u8 *state;
446 442
@@ -453,7 +449,7 @@ void ieee80211_start_tx_ba_cb(struct ieee80211_hw *hw, u8 *ra, u16 tid)
453 } 449 }
454 450
455 rcu_read_lock(); 451 rcu_read_lock();
456 sta = sta_info_get(local, ra); 452 sta = sta_info_get(sdata, ra);
457 if (!sta) { 453 if (!sta) {
458 rcu_read_unlock(); 454 rcu_read_unlock();
459#ifdef CONFIG_MAC80211_HT_DEBUG 455#ifdef CONFIG_MAC80211_HT_DEBUG
@@ -489,10 +485,11 @@ void ieee80211_start_tx_ba_cb(struct ieee80211_hw *hw, u8 *ra, u16 tid)
489} 485}
490EXPORT_SYMBOL(ieee80211_start_tx_ba_cb); 486EXPORT_SYMBOL(ieee80211_start_tx_ba_cb);
491 487
492void ieee80211_start_tx_ba_cb_irqsafe(struct ieee80211_hw *hw, 488void ieee80211_start_tx_ba_cb_irqsafe(struct ieee80211_vif *vif,
493 const u8 *ra, u16 tid) 489 const u8 *ra, u16 tid)
494{ 490{
495 struct ieee80211_local *local = hw_to_local(hw); 491 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
492 struct ieee80211_local *local = sdata->local;
496 struct ieee80211_ra_tid *ra_tid; 493 struct ieee80211_ra_tid *ra_tid;
497 struct sk_buff *skb = dev_alloc_skb(0); 494 struct sk_buff *skb = dev_alloc_skb(0);
498 495
@@ -500,13 +497,14 @@ void ieee80211_start_tx_ba_cb_irqsafe(struct ieee80211_hw *hw,
500#ifdef CONFIG_MAC80211_HT_DEBUG 497#ifdef CONFIG_MAC80211_HT_DEBUG
501 if (net_ratelimit()) 498 if (net_ratelimit())
502 printk(KERN_WARNING "%s: Not enough memory, " 499 printk(KERN_WARNING "%s: Not enough memory, "
503 "dropping start BA session", skb->dev->name); 500 "dropping start BA session", sdata->name);
504#endif 501#endif
505 return; 502 return;
506 } 503 }
507 ra_tid = (struct ieee80211_ra_tid *) &skb->cb; 504 ra_tid = (struct ieee80211_ra_tid *) &skb->cb;
508 memcpy(&ra_tid->ra, ra, ETH_ALEN); 505 memcpy(&ra_tid->ra, ra, ETH_ALEN);
509 ra_tid->tid = tid; 506 ra_tid->tid = tid;
507 ra_tid->vif = vif;
510 508
511 skb->pkt_type = IEEE80211_ADDBA_MSG; 509 skb->pkt_type = IEEE80211_ADDBA_MSG;
512 skb_queue_tail(&local->skb_queue, skb); 510 skb_queue_tail(&local->skb_queue, skb);
@@ -536,13 +534,12 @@ int __ieee80211_stop_tx_ba_session(struct sta_info *sta, u16 tid,
536 return ret; 534 return ret;
537} 535}
538 536
539int ieee80211_stop_tx_ba_session(struct ieee80211_hw *hw, 537int ieee80211_stop_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid,
540 u8 *ra, u16 tid,
541 enum ieee80211_back_parties initiator) 538 enum ieee80211_back_parties initiator)
542{ 539{
543 struct ieee80211_local *local = hw_to_local(hw); 540 struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
544 struct sta_info *sta; 541 struct ieee80211_sub_if_data *sdata = sta->sdata;
545 int ret = 0; 542 struct ieee80211_local *local = sdata->local;
546 543
547 if (!local->ops->ampdu_action) 544 if (!local->ops->ampdu_action)
548 return -EINVAL; 545 return -EINVAL;
@@ -550,22 +547,14 @@ int ieee80211_stop_tx_ba_session(struct ieee80211_hw *hw,
550 if (tid >= STA_TID_NUM) 547 if (tid >= STA_TID_NUM)
551 return -EINVAL; 548 return -EINVAL;
552 549
553 rcu_read_lock(); 550 return __ieee80211_stop_tx_ba_session(sta, tid, initiator);
554 sta = sta_info_get(local, ra);
555 if (!sta) {
556 rcu_read_unlock();
557 return -ENOENT;
558 }
559
560 ret = __ieee80211_stop_tx_ba_session(sta, tid, initiator);
561 rcu_read_unlock();
562 return ret;
563} 551}
564EXPORT_SYMBOL(ieee80211_stop_tx_ba_session); 552EXPORT_SYMBOL(ieee80211_stop_tx_ba_session);
565 553
566void ieee80211_stop_tx_ba_cb(struct ieee80211_hw *hw, u8 *ra, u8 tid) 554void ieee80211_stop_tx_ba_cb(struct ieee80211_vif *vif, u8 *ra, u8 tid)
567{ 555{
568 struct ieee80211_local *local = hw_to_local(hw); 556 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
557 struct ieee80211_local *local = sdata->local;
569 struct sta_info *sta; 558 struct sta_info *sta;
570 u8 *state; 559 u8 *state;
571 560
@@ -583,7 +572,7 @@ void ieee80211_stop_tx_ba_cb(struct ieee80211_hw *hw, u8 *ra, u8 tid)
583#endif /* CONFIG_MAC80211_HT_DEBUG */ 572#endif /* CONFIG_MAC80211_HT_DEBUG */
584 573
585 rcu_read_lock(); 574 rcu_read_lock();
586 sta = sta_info_get(local, ra); 575 sta = sta_info_get(sdata, ra);
587 if (!sta) { 576 if (!sta) {
588#ifdef CONFIG_MAC80211_HT_DEBUG 577#ifdef CONFIG_MAC80211_HT_DEBUG
589 printk(KERN_DEBUG "Could not find station: %pM\n", ra); 578 printk(KERN_DEBUG "Could not find station: %pM\n", ra);
@@ -628,10 +617,11 @@ void ieee80211_stop_tx_ba_cb(struct ieee80211_hw *hw, u8 *ra, u8 tid)
628} 617}
629EXPORT_SYMBOL(ieee80211_stop_tx_ba_cb); 618EXPORT_SYMBOL(ieee80211_stop_tx_ba_cb);
630 619
631void ieee80211_stop_tx_ba_cb_irqsafe(struct ieee80211_hw *hw, 620void ieee80211_stop_tx_ba_cb_irqsafe(struct ieee80211_vif *vif,
632 const u8 *ra, u16 tid) 621 const u8 *ra, u16 tid)
633{ 622{
634 struct ieee80211_local *local = hw_to_local(hw); 623 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
624 struct ieee80211_local *local = sdata->local;
635 struct ieee80211_ra_tid *ra_tid; 625 struct ieee80211_ra_tid *ra_tid;
636 struct sk_buff *skb = dev_alloc_skb(0); 626 struct sk_buff *skb = dev_alloc_skb(0);
637 627
@@ -639,13 +629,14 @@ void ieee80211_stop_tx_ba_cb_irqsafe(struct ieee80211_hw *hw,
639#ifdef CONFIG_MAC80211_HT_DEBUG 629#ifdef CONFIG_MAC80211_HT_DEBUG
640 if (net_ratelimit()) 630 if (net_ratelimit())
641 printk(KERN_WARNING "%s: Not enough memory, " 631 printk(KERN_WARNING "%s: Not enough memory, "
642 "dropping stop BA session", skb->dev->name); 632 "dropping stop BA session", sdata->name);
643#endif 633#endif
644 return; 634 return;
645 } 635 }
646 ra_tid = (struct ieee80211_ra_tid *) &skb->cb; 636 ra_tid = (struct ieee80211_ra_tid *) &skb->cb;
647 memcpy(&ra_tid->ra, ra, ETH_ALEN); 637 memcpy(&ra_tid->ra, ra, ETH_ALEN);
648 ra_tid->tid = tid; 638 ra_tid->tid = tid;
639 ra_tid->vif = vif;
649 640
650 skb->pkt_type = IEEE80211_DELBA_MSG; 641 skb->pkt_type = IEEE80211_DELBA_MSG;
651 skb_queue_tail(&local->skb_queue, skb); 642 skb_queue_tail(&local->skb_queue, skb);
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index 7b5131bd6fa1..edc872e22c9b 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -1,7 +1,7 @@
1/* 1/*
2 * mac80211 configuration hooks for cfg80211 2 * mac80211 configuration hooks for cfg80211
3 * 3 *
4 * Copyright 2006, 2007 Johannes Berg <johannes@sipsolutions.net> 4 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net>
5 * 5 *
6 * This file is GPLv2 as found in COPYING. 6 * This file is GPLv2 as found in COPYING.
7 */ 7 */
@@ -9,6 +9,7 @@
9#include <linux/ieee80211.h> 9#include <linux/ieee80211.h>
10#include <linux/nl80211.h> 10#include <linux/nl80211.h>
11#include <linux/rtnetlink.h> 11#include <linux/rtnetlink.h>
12#include <linux/slab.h>
12#include <net/net_namespace.h> 13#include <net/net_namespace.h>
13#include <linux/rcupdate.h> 14#include <linux/rcupdate.h>
14#include <net/cfg80211.h> 15#include <net/cfg80211.h>
@@ -36,6 +37,15 @@ static bool nl80211_type_check(enum nl80211_iftype type)
36 } 37 }
37} 38}
38 39
40static bool nl80211_params_check(enum nl80211_iftype type,
41 struct vif_params *params)
42{
43 if (!nl80211_type_check(type))
44 return false;
45
46 return true;
47}
48
39static int ieee80211_add_iface(struct wiphy *wiphy, char *name, 49static int ieee80211_add_iface(struct wiphy *wiphy, char *name,
40 enum nl80211_iftype type, u32 *flags, 50 enum nl80211_iftype type, u32 *flags,
41 struct vif_params *params) 51 struct vif_params *params)
@@ -45,7 +55,7 @@ static int ieee80211_add_iface(struct wiphy *wiphy, char *name,
45 struct ieee80211_sub_if_data *sdata; 55 struct ieee80211_sub_if_data *sdata;
46 int err; 56 int err;
47 57
48 if (!nl80211_type_check(type)) 58 if (!nl80211_params_check(type, params))
49 return -EINVAL; 59 return -EINVAL;
50 60
51 err = ieee80211_if_add(local, name, &dev, type, params); 61 err = ieee80211_if_add(local, name, &dev, type, params);
@@ -69,17 +79,15 @@ static int ieee80211_change_iface(struct wiphy *wiphy,
69 enum nl80211_iftype type, u32 *flags, 79 enum nl80211_iftype type, u32 *flags,
70 struct vif_params *params) 80 struct vif_params *params)
71{ 81{
72 struct ieee80211_sub_if_data *sdata; 82 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
73 int ret; 83 int ret;
74 84
75 if (netif_running(dev)) 85 if (ieee80211_sdata_running(sdata))
76 return -EBUSY; 86 return -EBUSY;
77 87
78 if (!nl80211_type_check(type)) 88 if (!nl80211_params_check(type, params))
79 return -EINVAL; 89 return -EINVAL;
80 90
81 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
82
83 ret = ieee80211_if_change_type(sdata, type); 91 ret = ieee80211_if_change_type(sdata, type);
84 if (ret) 92 if (ret)
85 return ret; 93 return ret;
@@ -92,6 +100,13 @@ static int ieee80211_change_iface(struct wiphy *wiphy,
92 if (sdata->vif.type != NL80211_IFTYPE_MONITOR || !flags) 100 if (sdata->vif.type != NL80211_IFTYPE_MONITOR || !flags)
93 return 0; 101 return 0;
94 102
103 if (type == NL80211_IFTYPE_AP_VLAN &&
104 params && params->use_4addr == 0)
105 rcu_assign_pointer(sdata->u.vlan.sta, NULL);
106 else if (type == NL80211_IFTYPE_STATION &&
107 params && params->use_4addr >= 0)
108 sdata->u.mgd.use_4addr = params->use_4addr;
109
95 sdata->u.mntr_flags = *flags; 110 sdata->u.mntr_flags = *flags;
96 return 0; 111 return 0;
97} 112}
@@ -134,7 +149,7 @@ static int ieee80211_add_key(struct wiphy *wiphy, struct net_device *dev,
134 rcu_read_lock(); 149 rcu_read_lock();
135 150
136 if (mac_addr) { 151 if (mac_addr) {
137 sta = sta_info_get(sdata->local, mac_addr); 152 sta = sta_info_get_bss(sdata, mac_addr);
138 if (!sta) { 153 if (!sta) {
139 ieee80211_key_free(key); 154 ieee80211_key_free(key);
140 err = -ENOENT; 155 err = -ENOENT;
@@ -165,7 +180,7 @@ static int ieee80211_del_key(struct wiphy *wiphy, struct net_device *dev,
165 if (mac_addr) { 180 if (mac_addr) {
166 ret = -ENOENT; 181 ret = -ENOENT;
167 182
168 sta = sta_info_get(sdata->local, mac_addr); 183 sta = sta_info_get_bss(sdata, mac_addr);
169 if (!sta) 184 if (!sta)
170 goto out_unlock; 185 goto out_unlock;
171 186
@@ -212,7 +227,7 @@ static int ieee80211_get_key(struct wiphy *wiphy, struct net_device *dev,
212 rcu_read_lock(); 227 rcu_read_lock();
213 228
214 if (mac_addr) { 229 if (mac_addr) {
215 sta = sta_info_get(sdata->local, mac_addr); 230 sta = sta_info_get_bss(sdata, mac_addr);
216 if (!sta) 231 if (!sta)
217 goto out; 232 goto out;
218 233
@@ -338,7 +353,8 @@ static void sta_set_sinfo(struct sta_info *sta, struct station_info *sinfo)
338 sinfo->rx_packets = sta->rx_packets; 353 sinfo->rx_packets = sta->rx_packets;
339 sinfo->tx_packets = sta->tx_packets; 354 sinfo->tx_packets = sta->tx_packets;
340 355
341 if (sta->local->hw.flags & IEEE80211_HW_SIGNAL_DBM) { 356 if ((sta->local->hw.flags & IEEE80211_HW_SIGNAL_DBM) ||
357 (sta->local->hw.flags & IEEE80211_HW_SIGNAL_UNSPEC)) {
342 sinfo->filled |= STATION_INFO_SIGNAL; 358 sinfo->filled |= STATION_INFO_SIGNAL;
343 sinfo->signal = (s8)sta->last_signal; 359 sinfo->signal = (s8)sta->last_signal;
344 } 360 }
@@ -377,13 +393,13 @@ static void sta_set_sinfo(struct sta_info *sta, struct station_info *sinfo)
377static int ieee80211_dump_station(struct wiphy *wiphy, struct net_device *dev, 393static int ieee80211_dump_station(struct wiphy *wiphy, struct net_device *dev,
378 int idx, u8 *mac, struct station_info *sinfo) 394 int idx, u8 *mac, struct station_info *sinfo)
379{ 395{
380 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 396 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
381 struct sta_info *sta; 397 struct sta_info *sta;
382 int ret = -ENOENT; 398 int ret = -ENOENT;
383 399
384 rcu_read_lock(); 400 rcu_read_lock();
385 401
386 sta = sta_info_get_by_idx(local, idx, dev); 402 sta = sta_info_get_by_idx(sdata, idx);
387 if (sta) { 403 if (sta) {
388 ret = 0; 404 ret = 0;
389 memcpy(mac, sta->sta.addr, ETH_ALEN); 405 memcpy(mac, sta->sta.addr, ETH_ALEN);
@@ -398,15 +414,13 @@ static int ieee80211_dump_station(struct wiphy *wiphy, struct net_device *dev,
398static int ieee80211_get_station(struct wiphy *wiphy, struct net_device *dev, 414static int ieee80211_get_station(struct wiphy *wiphy, struct net_device *dev,
399 u8 *mac, struct station_info *sinfo) 415 u8 *mac, struct station_info *sinfo)
400{ 416{
401 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 417 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
402 struct sta_info *sta; 418 struct sta_info *sta;
403 int ret = -ENOENT; 419 int ret = -ENOENT;
404 420
405 rcu_read_lock(); 421 rcu_read_lock();
406 422
407 /* XXX: verify sta->dev == dev */ 423 sta = sta_info_get_bss(sdata, mac);
408
409 sta = sta_info_get(local, mac);
410 if (sta) { 424 if (sta) {
411 ret = 0; 425 ret = 0;
412 sta_set_sinfo(sta, sinfo); 426 sta_set_sinfo(sta, sinfo);
@@ -502,6 +516,8 @@ static int ieee80211_config_beacon(struct ieee80211_sub_if_data *sdata,
502 if (old) 516 if (old)
503 memcpy(new->tail, old->tail, new_tail_len); 517 memcpy(new->tail, old->tail, new_tail_len);
504 518
519 sdata->vif.bss_conf.dtim_period = new->dtim_period;
520
505 rcu_assign_pointer(sdata->u.ap.beacon, new); 521 rcu_assign_pointer(sdata->u.ap.beacon, new);
506 522
507 synchronize_rcu(); 523 synchronize_rcu();
@@ -715,7 +731,7 @@ static int ieee80211_add_station(struct wiphy *wiphy, struct net_device *dev,
715 } else 731 } else
716 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 732 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
717 733
718 if (compare_ether_addr(mac, dev->dev_addr) == 0) 734 if (compare_ether_addr(mac, sdata->vif.addr) == 0)
719 return -EINVAL; 735 return -EINVAL;
720 736
721 if (is_multicast_ether_addr(mac)) 737 if (is_multicast_ether_addr(mac))
@@ -734,17 +750,8 @@ static int ieee80211_add_station(struct wiphy *wiphy, struct net_device *dev,
734 layer2_update = sdata->vif.type == NL80211_IFTYPE_AP_VLAN || 750 layer2_update = sdata->vif.type == NL80211_IFTYPE_AP_VLAN ||
735 sdata->vif.type == NL80211_IFTYPE_AP; 751 sdata->vif.type == NL80211_IFTYPE_AP;
736 752
737 rcu_read_lock(); 753 err = sta_info_insert_rcu(sta);
738
739 err = sta_info_insert(sta);
740 if (err) { 754 if (err) {
741 /* STA has been freed */
742 if (err == -EEXIST && layer2_update) {
743 /* Need to update layer 2 devices on reassociation */
744 sta = sta_info_get(local, mac);
745 if (sta)
746 ieee80211_send_layer2_update(sta);
747 }
748 rcu_read_unlock(); 755 rcu_read_unlock();
749 return err; 756 return err;
750 } 757 }
@@ -762,27 +769,13 @@ static int ieee80211_del_station(struct wiphy *wiphy, struct net_device *dev,
762{ 769{
763 struct ieee80211_local *local = wiphy_priv(wiphy); 770 struct ieee80211_local *local = wiphy_priv(wiphy);
764 struct ieee80211_sub_if_data *sdata; 771 struct ieee80211_sub_if_data *sdata;
765 struct sta_info *sta;
766 772
767 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 773 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
768 774
769 if (mac) { 775 if (mac)
770 rcu_read_lock(); 776 return sta_info_destroy_addr_bss(sdata, mac);
771
772 /* XXX: get sta belonging to dev */
773 sta = sta_info_get(local, mac);
774 if (!sta) {
775 rcu_read_unlock();
776 return -ENOENT;
777 }
778
779 sta_info_unlink(&sta);
780 rcu_read_unlock();
781
782 sta_info_destroy(sta);
783 } else
784 sta_info_flush(local, sdata);
785 777
778 sta_info_flush(local, sdata);
786 return 0; 779 return 0;
787} 780}
788 781
@@ -791,14 +784,14 @@ static int ieee80211_change_station(struct wiphy *wiphy,
791 u8 *mac, 784 u8 *mac,
792 struct station_parameters *params) 785 struct station_parameters *params)
793{ 786{
787 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
794 struct ieee80211_local *local = wiphy_priv(wiphy); 788 struct ieee80211_local *local = wiphy_priv(wiphy);
795 struct sta_info *sta; 789 struct sta_info *sta;
796 struct ieee80211_sub_if_data *vlansdata; 790 struct ieee80211_sub_if_data *vlansdata;
797 791
798 rcu_read_lock(); 792 rcu_read_lock();
799 793
800 /* XXX: get sta belonging to dev */ 794 sta = sta_info_get_bss(sdata, mac);
801 sta = sta_info_get(local, mac);
802 if (!sta) { 795 if (!sta) {
803 rcu_read_unlock(); 796 rcu_read_unlock();
804 return -ENOENT; 797 return -ENOENT;
@@ -813,6 +806,15 @@ static int ieee80211_change_station(struct wiphy *wiphy,
813 return -EINVAL; 806 return -EINVAL;
814 } 807 }
815 808
809 if (params->vlan->ieee80211_ptr->use_4addr) {
810 if (vlansdata->u.vlan.sta) {
811 rcu_read_unlock();
812 return -EBUSY;
813 }
814
815 rcu_assign_pointer(vlansdata->u.vlan.sta, sta);
816 }
817
816 sta->sdata = vlansdata; 818 sta->sdata = vlansdata;
817 ieee80211_send_layer2_update(sta); 819 ieee80211_send_layer2_update(sta);
818 } 820 }
@@ -828,7 +830,6 @@ static int ieee80211_change_station(struct wiphy *wiphy,
828static int ieee80211_add_mpath(struct wiphy *wiphy, struct net_device *dev, 830static int ieee80211_add_mpath(struct wiphy *wiphy, struct net_device *dev,
829 u8 *dst, u8 *next_hop) 831 u8 *dst, u8 *next_hop)
830{ 832{
831 struct ieee80211_local *local = wiphy_priv(wiphy);
832 struct ieee80211_sub_if_data *sdata; 833 struct ieee80211_sub_if_data *sdata;
833 struct mesh_path *mpath; 834 struct mesh_path *mpath;
834 struct sta_info *sta; 835 struct sta_info *sta;
@@ -837,7 +838,7 @@ static int ieee80211_add_mpath(struct wiphy *wiphy, struct net_device *dev,
837 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 838 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
838 839
839 rcu_read_lock(); 840 rcu_read_lock();
840 sta = sta_info_get(local, next_hop); 841 sta = sta_info_get(sdata, next_hop);
841 if (!sta) { 842 if (!sta) {
842 rcu_read_unlock(); 843 rcu_read_unlock();
843 return -ENOENT; 844 return -ENOENT;
@@ -876,7 +877,6 @@ static int ieee80211_change_mpath(struct wiphy *wiphy,
876 struct net_device *dev, 877 struct net_device *dev,
877 u8 *dst, u8 *next_hop) 878 u8 *dst, u8 *next_hop)
878{ 879{
879 struct ieee80211_local *local = wiphy_priv(wiphy);
880 struct ieee80211_sub_if_data *sdata; 880 struct ieee80211_sub_if_data *sdata;
881 struct mesh_path *mpath; 881 struct mesh_path *mpath;
882 struct sta_info *sta; 882 struct sta_info *sta;
@@ -885,7 +885,7 @@ static int ieee80211_change_mpath(struct wiphy *wiphy,
885 885
886 rcu_read_lock(); 886 rcu_read_lock();
887 887
888 sta = sta_info_get(local, next_hop); 888 sta = sta_info_get(sdata, next_hop);
889 if (!sta) { 889 if (!sta) {
890 rcu_read_unlock(); 890 rcu_read_unlock();
891 return -ENOENT; 891 return -ENOENT;
@@ -914,7 +914,7 @@ static void mpath_set_pinfo(struct mesh_path *mpath, u8 *next_hop,
914 pinfo->generation = mesh_paths_generation; 914 pinfo->generation = mesh_paths_generation;
915 915
916 pinfo->filled = MPATH_INFO_FRAME_QLEN | 916 pinfo->filled = MPATH_INFO_FRAME_QLEN |
917 MPATH_INFO_DSN | 917 MPATH_INFO_SN |
918 MPATH_INFO_METRIC | 918 MPATH_INFO_METRIC |
919 MPATH_INFO_EXPTIME | 919 MPATH_INFO_EXPTIME |
920 MPATH_INFO_DISCOVERY_TIMEOUT | 920 MPATH_INFO_DISCOVERY_TIMEOUT |
@@ -922,7 +922,7 @@ static void mpath_set_pinfo(struct mesh_path *mpath, u8 *next_hop,
922 MPATH_INFO_FLAGS; 922 MPATH_INFO_FLAGS;
923 923
924 pinfo->frame_qlen = mpath->frame_queue.qlen; 924 pinfo->frame_qlen = mpath->frame_queue.qlen;
925 pinfo->dsn = mpath->dsn; 925 pinfo->sn = mpath->sn;
926 pinfo->metric = mpath->metric; 926 pinfo->metric = mpath->metric;
927 if (time_before(jiffies, mpath->exp_time)) 927 if (time_before(jiffies, mpath->exp_time))
928 pinfo->exptime = jiffies_to_msecs(mpath->exp_time - jiffies); 928 pinfo->exptime = jiffies_to_msecs(mpath->exp_time - jiffies);
@@ -934,8 +934,8 @@ static void mpath_set_pinfo(struct mesh_path *mpath, u8 *next_hop,
934 pinfo->flags |= NL80211_MPATH_FLAG_ACTIVE; 934 pinfo->flags |= NL80211_MPATH_FLAG_ACTIVE;
935 if (mpath->flags & MESH_PATH_RESOLVING) 935 if (mpath->flags & MESH_PATH_RESOLVING)
936 pinfo->flags |= NL80211_MPATH_FLAG_RESOLVING; 936 pinfo->flags |= NL80211_MPATH_FLAG_RESOLVING;
937 if (mpath->flags & MESH_PATH_DSN_VALID) 937 if (mpath->flags & MESH_PATH_SN_VALID)
938 pinfo->flags |= NL80211_MPATH_FLAG_DSN_VALID; 938 pinfo->flags |= NL80211_MPATH_FLAG_SN_VALID;
939 if (mpath->flags & MESH_PATH_FIXED) 939 if (mpath->flags & MESH_PATH_FIXED)
940 pinfo->flags |= NL80211_MPATH_FLAG_FIXED; 940 pinfo->flags |= NL80211_MPATH_FLAG_FIXED;
941 if (mpath->flags & MESH_PATH_RESOLVING) 941 if (mpath->flags & MESH_PATH_RESOLVING)
@@ -1008,7 +1008,10 @@ static int ieee80211_set_mesh_params(struct wiphy *wiphy,
1008{ 1008{
1009 struct mesh_config *conf; 1009 struct mesh_config *conf;
1010 struct ieee80211_sub_if_data *sdata; 1010 struct ieee80211_sub_if_data *sdata;
1011 struct ieee80211_if_mesh *ifmsh;
1012
1011 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1013 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1014 ifmsh = &sdata->u.mesh;
1012 1015
1013 /* Set the config options which we are interested in setting */ 1016 /* Set the config options which we are interested in setting */
1014 conf = &(sdata->u.mesh.mshcfg); 1017 conf = &(sdata->u.mesh.mshcfg);
@@ -1043,6 +1046,10 @@ static int ieee80211_set_mesh_params(struct wiphy *wiphy,
1043 mask)) 1046 mask))
1044 conf->dot11MeshHWMPnetDiameterTraversalTime = 1047 conf->dot11MeshHWMPnetDiameterTraversalTime =
1045 nconf->dot11MeshHWMPnetDiameterTraversalTime; 1048 nconf->dot11MeshHWMPnetDiameterTraversalTime;
1049 if (_chg_mesh_attr(NL80211_MESHCONF_HWMP_ROOTMODE, mask)) {
1050 conf->dot11MeshHWMPRootMode = nconf->dot11MeshHWMPRootMode;
1051 ieee80211_mesh_root_setup(ifmsh);
1052 }
1046 return 0; 1053 return 0;
1047} 1054}
1048 1055
@@ -1066,6 +1073,13 @@ static int ieee80211_change_bss(struct wiphy *wiphy,
1066 params->use_short_preamble; 1073 params->use_short_preamble;
1067 changed |= BSS_CHANGED_ERP_PREAMBLE; 1074 changed |= BSS_CHANGED_ERP_PREAMBLE;
1068 } 1075 }
1076
1077 if (!sdata->vif.bss_conf.use_short_slot &&
1078 sdata->local->hw.conf.channel->band == IEEE80211_BAND_5GHZ) {
1079 sdata->vif.bss_conf.use_short_slot = true;
1080 changed |= BSS_CHANGED_ERP_SLOT;
1081 }
1082
1069 if (params->use_short_slot_time >= 0) { 1083 if (params->use_short_slot_time >= 0) {
1070 sdata->vif.bss_conf.use_short_slot = 1084 sdata->vif.bss_conf.use_short_slot =
1071 params->use_short_slot_time; 1085 params->use_short_slot_time;
@@ -1109,6 +1123,13 @@ static int ieee80211_set_txq_params(struct wiphy *wiphy,
1109 p.cw_max = params->cwmax; 1123 p.cw_max = params->cwmax;
1110 p.cw_min = params->cwmin; 1124 p.cw_min = params->cwmin;
1111 p.txop = params->txop; 1125 p.txop = params->txop;
1126
1127 /*
1128 * Setting tx queue params disables u-apsd because it's only
1129 * called in master mode.
1130 */
1131 p.uapsd = false;
1132
1112 if (drv_conf_tx(local, params->queue, &p)) { 1133 if (drv_conf_tx(local, params->queue, &p)) {
1113 printk(KERN_DEBUG "%s: failed to set TX queue " 1134 printk(KERN_DEBUG "%s: failed to set TX queue "
1114 "parameters for queue %d\n", 1135 "parameters for queue %d\n",
@@ -1211,6 +1232,13 @@ static int ieee80211_set_wiphy_params(struct wiphy *wiphy, u32 changed)
1211 struct ieee80211_local *local = wiphy_priv(wiphy); 1232 struct ieee80211_local *local = wiphy_priv(wiphy);
1212 int err; 1233 int err;
1213 1234
1235 if (changed & WIPHY_PARAM_COVERAGE_CLASS) {
1236 err = drv_set_coverage_class(local, wiphy->coverage_class);
1237
1238 if (err)
1239 return err;
1240 }
1241
1214 if (changed & WIPHY_PARAM_RTS_THRESHOLD) { 1242 if (changed & WIPHY_PARAM_RTS_THRESHOLD) {
1215 err = drv_set_rts_threshold(local, wiphy->rts_threshold); 1243 err = drv_set_rts_threshold(local, wiphy->rts_threshold);
1216 1244
@@ -1298,6 +1326,50 @@ static int ieee80211_testmode_cmd(struct wiphy *wiphy, void *data, int len)
1298} 1326}
1299#endif 1327#endif
1300 1328
1329int __ieee80211_request_smps(struct ieee80211_sub_if_data *sdata,
1330 enum ieee80211_smps_mode smps_mode)
1331{
1332 const u8 *ap;
1333 enum ieee80211_smps_mode old_req;
1334 int err;
1335
1336 old_req = sdata->u.mgd.req_smps;
1337 sdata->u.mgd.req_smps = smps_mode;
1338
1339 if (old_req == smps_mode &&
1340 smps_mode != IEEE80211_SMPS_AUTOMATIC)
1341 return 0;
1342
1343 /*
1344 * If not associated, or current association is not an HT
1345 * association, there's no need to send an action frame.
1346 */
1347 if (!sdata->u.mgd.associated ||
1348 sdata->local->oper_channel_type == NL80211_CHAN_NO_HT) {
1349 mutex_lock(&sdata->local->iflist_mtx);
1350 ieee80211_recalc_smps(sdata->local, sdata);
1351 mutex_unlock(&sdata->local->iflist_mtx);
1352 return 0;
1353 }
1354
1355 ap = sdata->u.mgd.associated->bssid;
1356
1357 if (smps_mode == IEEE80211_SMPS_AUTOMATIC) {
1358 if (sdata->u.mgd.powersave)
1359 smps_mode = IEEE80211_SMPS_DYNAMIC;
1360 else
1361 smps_mode = IEEE80211_SMPS_OFF;
1362 }
1363
1364 /* send SM PS frame to AP */
1365 err = ieee80211_send_smps_action(sdata, smps_mode,
1366 ap, ap);
1367 if (err)
1368 sdata->u.mgd.req_smps = old_req;
1369
1370 return err;
1371}
1372
1301static int ieee80211_set_power_mgmt(struct wiphy *wiphy, struct net_device *dev, 1373static int ieee80211_set_power_mgmt(struct wiphy *wiphy, struct net_device *dev,
1302 bool enabled, int timeout) 1374 bool enabled, int timeout)
1303{ 1375{
@@ -1305,6 +1377,9 @@ static int ieee80211_set_power_mgmt(struct wiphy *wiphy, struct net_device *dev,
1305 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 1377 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1306 struct ieee80211_conf *conf = &local->hw.conf; 1378 struct ieee80211_conf *conf = &local->hw.conf;
1307 1379
1380 if (sdata->vif.type != NL80211_IFTYPE_STATION)
1381 return -EOPNOTSUPP;
1382
1308 if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_PS)) 1383 if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_PS))
1309 return -EOPNOTSUPP; 1384 return -EOPNOTSUPP;
1310 1385
@@ -1315,6 +1390,11 @@ static int ieee80211_set_power_mgmt(struct wiphy *wiphy, struct net_device *dev,
1315 sdata->u.mgd.powersave = enabled; 1390 sdata->u.mgd.powersave = enabled;
1316 conf->dynamic_ps_timeout = timeout; 1391 conf->dynamic_ps_timeout = timeout;
1317 1392
1393 /* no change, but if automatic follow powersave */
1394 mutex_lock(&sdata->u.mgd.mtx);
1395 __ieee80211_request_smps(sdata, sdata->u.mgd.req_smps);
1396 mutex_unlock(&sdata->u.mgd.mtx);
1397
1318 if (local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS) 1398 if (local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)
1319 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1399 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1320 1400
@@ -1330,39 +1410,52 @@ static int ieee80211_set_bitrate_mask(struct wiphy *wiphy,
1330{ 1410{
1331 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1411 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1332 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 1412 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1333 int i, err = -EINVAL; 1413 int i;
1334 u32 target_rate;
1335 struct ieee80211_supported_band *sband;
1336 1414
1337 sband = local->hw.wiphy->bands[local->hw.conf.channel->band]; 1415 /*
1416 * This _could_ be supported by providing a hook for
1417 * drivers for this function, but at this point it
1418 * doesn't seem worth bothering.
1419 */
1420 if (local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL)
1421 return -EOPNOTSUPP;
1338 1422
1339 /* target_rate = -1, rate->fixed = 0 means auto only, so use all rates
1340 * target_rate = X, rate->fixed = 1 means only rate X
1341 * target_rate = X, rate->fixed = 0 means all rates <= X */
1342 sdata->max_ratectrl_rateidx = -1;
1343 sdata->force_unicast_rateidx = -1;
1344 1423
1345 if (mask->fixed) 1424 for (i = 0; i < IEEE80211_NUM_BANDS; i++)
1346 target_rate = mask->fixed / 100; 1425 sdata->rc_rateidx_mask[i] = mask->control[i].legacy;
1347 else if (mask->maxrate)
1348 target_rate = mask->maxrate / 100;
1349 else
1350 return 0;
1351 1426
1352 for (i=0; i< sband->n_bitrates; i++) { 1427 return 0;
1353 struct ieee80211_rate *brate = &sband->bitrates[i]; 1428}
1354 int this_rate = brate->bitrate;
1355 1429
1356 if (target_rate == this_rate) { 1430static int ieee80211_remain_on_channel(struct wiphy *wiphy,
1357 sdata->max_ratectrl_rateidx = i; 1431 struct net_device *dev,
1358 if (mask->fixed) 1432 struct ieee80211_channel *chan,
1359 sdata->force_unicast_rateidx = i; 1433 enum nl80211_channel_type channel_type,
1360 err = 0; 1434 unsigned int duration,
1361 break; 1435 u64 *cookie)
1362 } 1436{
1363 } 1437 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1364 1438
1365 return err; 1439 return ieee80211_wk_remain_on_channel(sdata, chan, channel_type,
1440 duration, cookie);
1441}
1442
1443static int ieee80211_cancel_remain_on_channel(struct wiphy *wiphy,
1444 struct net_device *dev,
1445 u64 cookie)
1446{
1447 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1448
1449 return ieee80211_wk_cancel_remain_on_channel(sdata, cookie);
1450}
1451
1452static int ieee80211_action(struct wiphy *wiphy, struct net_device *dev,
1453 struct ieee80211_channel *chan,
1454 enum nl80211_channel_type channel_type,
1455 const u8 *buf, size_t len, u64 *cookie)
1456{
1457 return ieee80211_mgd_action(IEEE80211_DEV_TO_SUB_IF(dev), chan,
1458 channel_type, buf, len, cookie);
1366} 1459}
1367 1460
1368struct cfg80211_ops mac80211_config_ops = { 1461struct cfg80211_ops mac80211_config_ops = {
@@ -1411,4 +1504,7 @@ struct cfg80211_ops mac80211_config_ops = {
1411 CFG80211_TESTMODE_CMD(ieee80211_testmode_cmd) 1504 CFG80211_TESTMODE_CMD(ieee80211_testmode_cmd)
1412 .set_power_mgmt = ieee80211_set_power_mgmt, 1505 .set_power_mgmt = ieee80211_set_power_mgmt,
1413 .set_bitrate_mask = ieee80211_set_bitrate_mask, 1506 .set_bitrate_mask = ieee80211_set_bitrate_mask,
1507 .remain_on_channel = ieee80211_remain_on_channel,
1508 .cancel_remain_on_channel = ieee80211_cancel_remain_on_channel,
1509 .action = ieee80211_action,
1414}; 1510};
diff --git a/net/mac80211/debugfs.c b/net/mac80211/debugfs.c
index 96991b68f048..637929b65ccc 100644
--- a/net/mac80211/debugfs.c
+++ b/net/mac80211/debugfs.c
@@ -1,3 +1,4 @@
1
1/* 2/*
2 * mac80211 debugfs for wireless PHYs 3 * mac80211 debugfs for wireless PHYs
3 * 4 *
@@ -38,16 +39,10 @@ static const struct file_operations name## _ops = { \
38}; 39};
39 40
40#define DEBUGFS_ADD(name) \ 41#define DEBUGFS_ADD(name) \
41 local->debugfs.name = debugfs_create_file(#name, 0400, phyd, \ 42 debugfs_create_file(#name, 0400, phyd, local, &name## _ops);
42 local, &name## _ops);
43 43
44#define DEBUGFS_ADD_MODE(name, mode) \ 44#define DEBUGFS_ADD_MODE(name, mode) \
45 local->debugfs.name = debugfs_create_file(#name, mode, phyd, \ 45 debugfs_create_file(#name, mode, phyd, local, &name## _ops);
46 local, &name## _ops);
47
48#define DEBUGFS_DEL(name) \
49 debugfs_remove(local->debugfs.name); \
50 local->debugfs.name = NULL;
51 46
52 47
53DEBUGFS_READONLY_FILE(frequency, 20, "%d", 48DEBUGFS_READONLY_FILE(frequency, 20, "%d",
@@ -57,7 +52,7 @@ DEBUGFS_READONLY_FILE(total_ps_buffered, 20, "%d",
57DEBUGFS_READONLY_FILE(wep_iv, 20, "%#08x", 52DEBUGFS_READONLY_FILE(wep_iv, 20, "%#08x",
58 local->wep_iv & 0xffffff); 53 local->wep_iv & 0xffffff);
59DEBUGFS_READONLY_FILE(rate_ctrl_alg, 100, "%s", 54DEBUGFS_READONLY_FILE(rate_ctrl_alg, 100, "%s",
60 local->rate_ctrl ? local->rate_ctrl->ops->name : "<unset>"); 55 local->rate_ctrl ? local->rate_ctrl->ops->name : "hw/driver");
61 56
62static ssize_t tsf_read(struct file *file, char __user *user_buf, 57static ssize_t tsf_read(struct file *file, char __user *user_buf,
63 size_t count, loff_t *ppos) 58 size_t count, loff_t *ppos)
@@ -163,6 +158,130 @@ static const struct file_operations noack_ops = {
163 .open = mac80211_open_file_generic 158 .open = mac80211_open_file_generic
164}; 159};
165 160
161static ssize_t uapsd_queues_read(struct file *file, char __user *user_buf,
162 size_t count, loff_t *ppos)
163{
164 struct ieee80211_local *local = file->private_data;
165 int res;
166 char buf[10];
167
168 res = scnprintf(buf, sizeof(buf), "0x%x\n", local->uapsd_queues);
169
170 return simple_read_from_buffer(user_buf, count, ppos, buf, res);
171}
172
173static ssize_t uapsd_queues_write(struct file *file,
174 const char __user *user_buf,
175 size_t count, loff_t *ppos)
176{
177 struct ieee80211_local *local = file->private_data;
178 unsigned long val;
179 char buf[10];
180 size_t len;
181 int ret;
182
183 len = min(count, sizeof(buf) - 1);
184 if (copy_from_user(buf, user_buf, len))
185 return -EFAULT;
186 buf[len] = '\0';
187
188 ret = strict_strtoul(buf, 0, &val);
189
190 if (ret)
191 return -EINVAL;
192
193 if (val & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
194 return -ERANGE;
195
196 local->uapsd_queues = val;
197
198 return count;
199}
200
201static const struct file_operations uapsd_queues_ops = {
202 .read = uapsd_queues_read,
203 .write = uapsd_queues_write,
204 .open = mac80211_open_file_generic
205};
206
207static ssize_t uapsd_max_sp_len_read(struct file *file, char __user *user_buf,
208 size_t count, loff_t *ppos)
209{
210 struct ieee80211_local *local = file->private_data;
211 int res;
212 char buf[10];
213
214 res = scnprintf(buf, sizeof(buf), "0x%x\n", local->uapsd_max_sp_len);
215
216 return simple_read_from_buffer(user_buf, count, ppos, buf, res);
217}
218
219static ssize_t uapsd_max_sp_len_write(struct file *file,
220 const char __user *user_buf,
221 size_t count, loff_t *ppos)
222{
223 struct ieee80211_local *local = file->private_data;
224 unsigned long val;
225 char buf[10];
226 size_t len;
227 int ret;
228
229 len = min(count, sizeof(buf) - 1);
230 if (copy_from_user(buf, user_buf, len))
231 return -EFAULT;
232 buf[len] = '\0';
233
234 ret = strict_strtoul(buf, 0, &val);
235
236 if (ret)
237 return -EINVAL;
238
239 if (val & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
240 return -ERANGE;
241
242 local->uapsd_max_sp_len = val;
243
244 return count;
245}
246
247static const struct file_operations uapsd_max_sp_len_ops = {
248 .read = uapsd_max_sp_len_read,
249 .write = uapsd_max_sp_len_write,
250 .open = mac80211_open_file_generic
251};
252
253static ssize_t channel_type_read(struct file *file, char __user *user_buf,
254 size_t count, loff_t *ppos)
255{
256 struct ieee80211_local *local = file->private_data;
257 const char *buf;
258
259 switch (local->hw.conf.channel_type) {
260 case NL80211_CHAN_NO_HT:
261 buf = "no ht\n";
262 break;
263 case NL80211_CHAN_HT20:
264 buf = "ht20\n";
265 break;
266 case NL80211_CHAN_HT40MINUS:
267 buf = "ht40-\n";
268 break;
269 case NL80211_CHAN_HT40PLUS:
270 buf = "ht40+\n";
271 break;
272 default:
273 buf = "???";
274 break;
275 }
276
277 return simple_read_from_buffer(user_buf, count, ppos, buf, strlen(buf));
278}
279
280static const struct file_operations channel_type_ops = {
281 .read = channel_type_read,
282 .open = mac80211_open_file_generic
283};
284
166static ssize_t queues_read(struct file *file, char __user *user_buf, 285static ssize_t queues_read(struct file *file, char __user *user_buf,
167 size_t count, loff_t *ppos) 286 size_t count, loff_t *ppos)
168{ 287{
@@ -233,12 +352,7 @@ static const struct file_operations stats_ ##name## _ops = { \
233}; 352};
234 353
235#define DEBUGFS_STATS_ADD(name) \ 354#define DEBUGFS_STATS_ADD(name) \
236 local->debugfs.stats.name = debugfs_create_file(#name, 0400, statsd,\ 355 debugfs_create_file(#name, 0400, statsd, local, &stats_ ##name## _ops);
237 local, &stats_ ##name## _ops);
238
239#define DEBUGFS_STATS_DEL(name) \
240 debugfs_remove(local->debugfs.stats.name); \
241 local->debugfs.stats.name = NULL;
242 356
243DEBUGFS_STATS_FILE(transmitted_fragment_count, 20, "%u", 357DEBUGFS_STATS_FILE(transmitted_fragment_count, 20, "%u",
244 local->dot11TransmittedFragmentCount); 358 local->dot11TransmittedFragmentCount);
@@ -324,9 +438,11 @@ void debugfs_hw_add(struct ieee80211_local *local)
324 DEBUGFS_ADD(queues); 438 DEBUGFS_ADD(queues);
325 DEBUGFS_ADD_MODE(reset, 0200); 439 DEBUGFS_ADD_MODE(reset, 0200);
326 DEBUGFS_ADD(noack); 440 DEBUGFS_ADD(noack);
441 DEBUGFS_ADD(uapsd_queues);
442 DEBUGFS_ADD(uapsd_max_sp_len);
443 DEBUGFS_ADD(channel_type);
327 444
328 statsd = debugfs_create_dir("statistics", phyd); 445 statsd = debugfs_create_dir("statistics", phyd);
329 local->debugfs.statistics = statsd;
330 446
331 /* if the dir failed, don't put all the other things into the root! */ 447 /* if the dir failed, don't put all the other things into the root! */
332 if (!statsd) 448 if (!statsd)
@@ -367,57 +483,3 @@ void debugfs_hw_add(struct ieee80211_local *local)
367 DEBUGFS_STATS_ADD(dot11FCSErrorCount); 483 DEBUGFS_STATS_ADD(dot11FCSErrorCount);
368 DEBUGFS_STATS_ADD(dot11RTSSuccessCount); 484 DEBUGFS_STATS_ADD(dot11RTSSuccessCount);
369} 485}
370
371void debugfs_hw_del(struct ieee80211_local *local)
372{
373 DEBUGFS_DEL(frequency);
374 DEBUGFS_DEL(total_ps_buffered);
375 DEBUGFS_DEL(wep_iv);
376 DEBUGFS_DEL(tsf);
377 DEBUGFS_DEL(queues);
378 DEBUGFS_DEL(reset);
379 DEBUGFS_DEL(noack);
380
381 DEBUGFS_STATS_DEL(transmitted_fragment_count);
382 DEBUGFS_STATS_DEL(multicast_transmitted_frame_count);
383 DEBUGFS_STATS_DEL(failed_count);
384 DEBUGFS_STATS_DEL(retry_count);
385 DEBUGFS_STATS_DEL(multiple_retry_count);
386 DEBUGFS_STATS_DEL(frame_duplicate_count);
387 DEBUGFS_STATS_DEL(received_fragment_count);
388 DEBUGFS_STATS_DEL(multicast_received_frame_count);
389 DEBUGFS_STATS_DEL(transmitted_frame_count);
390 DEBUGFS_STATS_DEL(num_scans);
391#ifdef CONFIG_MAC80211_DEBUG_COUNTERS
392 DEBUGFS_STATS_DEL(tx_handlers_drop);
393 DEBUGFS_STATS_DEL(tx_handlers_queued);
394 DEBUGFS_STATS_DEL(tx_handlers_drop_unencrypted);
395 DEBUGFS_STATS_DEL(tx_handlers_drop_fragment);
396 DEBUGFS_STATS_DEL(tx_handlers_drop_wep);
397 DEBUGFS_STATS_DEL(tx_handlers_drop_not_assoc);
398 DEBUGFS_STATS_DEL(tx_handlers_drop_unauth_port);
399 DEBUGFS_STATS_DEL(rx_handlers_drop);
400 DEBUGFS_STATS_DEL(rx_handlers_queued);
401 DEBUGFS_STATS_DEL(rx_handlers_drop_nullfunc);
402 DEBUGFS_STATS_DEL(rx_handlers_drop_defrag);
403 DEBUGFS_STATS_DEL(rx_handlers_drop_short);
404 DEBUGFS_STATS_DEL(rx_handlers_drop_passive_scan);
405 DEBUGFS_STATS_DEL(tx_expand_skb_head);
406 DEBUGFS_STATS_DEL(tx_expand_skb_head_cloned);
407 DEBUGFS_STATS_DEL(rx_expand_skb_head);
408 DEBUGFS_STATS_DEL(rx_expand_skb_head2);
409 DEBUGFS_STATS_DEL(rx_handlers_fragments);
410 DEBUGFS_STATS_DEL(tx_status_drop);
411#endif
412 DEBUGFS_STATS_DEL(dot11ACKFailureCount);
413 DEBUGFS_STATS_DEL(dot11RTSFailureCount);
414 DEBUGFS_STATS_DEL(dot11FCSErrorCount);
415 DEBUGFS_STATS_DEL(dot11RTSSuccessCount);
416
417 debugfs_remove(local->debugfs.statistics);
418 local->debugfs.statistics = NULL;
419 debugfs_remove(local->debugfs.stations);
420 local->debugfs.stations = NULL;
421 debugfs_remove(local->debugfs.keys);
422 local->debugfs.keys = NULL;
423}
diff --git a/net/mac80211/debugfs.h b/net/mac80211/debugfs.h
index dd2541935c27..68e6a2050f9a 100644
--- a/net/mac80211/debugfs.h
+++ b/net/mac80211/debugfs.h
@@ -3,14 +3,12 @@
3 3
4#ifdef CONFIG_MAC80211_DEBUGFS 4#ifdef CONFIG_MAC80211_DEBUGFS
5extern void debugfs_hw_add(struct ieee80211_local *local); 5extern void debugfs_hw_add(struct ieee80211_local *local);
6extern void debugfs_hw_del(struct ieee80211_local *local);
7extern int mac80211_open_file_generic(struct inode *inode, struct file *file); 6extern int mac80211_open_file_generic(struct inode *inode, struct file *file);
8#else 7#else
9static inline void debugfs_hw_add(struct ieee80211_local *local) 8static inline void debugfs_hw_add(struct ieee80211_local *local)
10{ 9{
11 return; 10 return;
12} 11}
13static inline void debugfs_hw_del(struct ieee80211_local *local) {}
14#endif 12#endif
15 13
16#endif /* __MAC80211_DEBUGFS_H */ 14#endif /* __MAC80211_DEBUGFS_H */
diff --git a/net/mac80211/debugfs_key.c b/net/mac80211/debugfs_key.c
index 99c752588b30..97c9e46e859e 100644
--- a/net/mac80211/debugfs_key.c
+++ b/net/mac80211/debugfs_key.c
@@ -9,6 +9,7 @@
9 */ 9 */
10 10
11#include <linux/kobject.h> 11#include <linux/kobject.h>
12#include <linux/slab.h>
12#include "ieee80211_i.h" 13#include "ieee80211_i.h"
13#include "key.h" 14#include "key.h"
14#include "debugfs.h" 15#include "debugfs.h"
@@ -56,7 +57,7 @@ KEY_CONF_FILE(keyidx, D);
56KEY_CONF_FILE(hw_key_idx, D); 57KEY_CONF_FILE(hw_key_idx, D);
57KEY_FILE(flags, X); 58KEY_FILE(flags, X);
58KEY_FILE(tx_rx_count, D); 59KEY_FILE(tx_rx_count, D);
59KEY_READ(ifindex, sdata->dev->ifindex, 20, "%d\n"); 60KEY_READ(ifindex, sdata->name, IFNAMSIZ + 2, "%s\n");
60KEY_OPS(ifindex); 61KEY_OPS(ifindex);
61 62
62static ssize_t key_algorithm_read(struct file *file, 63static ssize_t key_algorithm_read(struct file *file,
@@ -225,8 +226,8 @@ static ssize_t key_key_read(struct file *file, char __user *userbuf,
225KEY_OPS(key); 226KEY_OPS(key);
226 227
227#define DEBUGFS_ADD(name) \ 228#define DEBUGFS_ADD(name) \
228 key->debugfs.name = debugfs_create_file(#name, 0400,\ 229 debugfs_create_file(#name, 0400, key->debugfs.dir, \
229 key->debugfs.dir, key, &key_##name##_ops); 230 key, &key_##name##_ops);
230 231
231void ieee80211_debugfs_key_add(struct ieee80211_key *key) 232void ieee80211_debugfs_key_add(struct ieee80211_key *key)
232 { 233 {
@@ -271,30 +272,12 @@ void ieee80211_debugfs_key_add(struct ieee80211_key *key)
271 DEBUGFS_ADD(ifindex); 272 DEBUGFS_ADD(ifindex);
272}; 273};
273 274
274#define DEBUGFS_DEL(name) \
275 debugfs_remove(key->debugfs.name); key->debugfs.name = NULL;
276
277void ieee80211_debugfs_key_remove(struct ieee80211_key *key) 275void ieee80211_debugfs_key_remove(struct ieee80211_key *key)
278{ 276{
279 if (!key) 277 if (!key)
280 return; 278 return;
281 279
282 DEBUGFS_DEL(keylen); 280 debugfs_remove_recursive(key->debugfs.dir);
283 DEBUGFS_DEL(flags);
284 DEBUGFS_DEL(keyidx);
285 DEBUGFS_DEL(hw_key_idx);
286 DEBUGFS_DEL(tx_rx_count);
287 DEBUGFS_DEL(algorithm);
288 DEBUGFS_DEL(tx_spec);
289 DEBUGFS_DEL(rx_spec);
290 DEBUGFS_DEL(replays);
291 DEBUGFS_DEL(icverrors);
292 DEBUGFS_DEL(key);
293 DEBUGFS_DEL(ifindex);
294
295 debugfs_remove(key->debugfs.stalink);
296 key->debugfs.stalink = NULL;
297 debugfs_remove(key->debugfs.dir);
298 key->debugfs.dir = NULL; 281 key->debugfs.dir = NULL;
299} 282}
300void ieee80211_debugfs_key_add_default(struct ieee80211_sub_if_data *sdata) 283void ieee80211_debugfs_key_add_default(struct ieee80211_sub_if_data *sdata)
@@ -302,7 +285,7 @@ void ieee80211_debugfs_key_add_default(struct ieee80211_sub_if_data *sdata)
302 char buf[50]; 285 char buf[50];
303 struct ieee80211_key *key; 286 struct ieee80211_key *key;
304 287
305 if (!sdata->debugfsdir) 288 if (!sdata->debugfs.dir)
306 return; 289 return;
307 290
308 /* this is running under the key lock */ 291 /* this is running under the key lock */
@@ -310,9 +293,9 @@ void ieee80211_debugfs_key_add_default(struct ieee80211_sub_if_data *sdata)
310 key = sdata->default_key; 293 key = sdata->default_key;
311 if (key) { 294 if (key) {
312 sprintf(buf, "../keys/%d", key->debugfs.cnt); 295 sprintf(buf, "../keys/%d", key->debugfs.cnt);
313 sdata->common_debugfs.default_key = 296 sdata->debugfs.default_key =
314 debugfs_create_symlink("default_key", 297 debugfs_create_symlink("default_key",
315 sdata->debugfsdir, buf); 298 sdata->debugfs.dir, buf);
316 } else 299 } else
317 ieee80211_debugfs_key_remove_default(sdata); 300 ieee80211_debugfs_key_remove_default(sdata);
318} 301}
@@ -322,8 +305,8 @@ void ieee80211_debugfs_key_remove_default(struct ieee80211_sub_if_data *sdata)
322 if (!sdata) 305 if (!sdata)
323 return; 306 return;
324 307
325 debugfs_remove(sdata->common_debugfs.default_key); 308 debugfs_remove(sdata->debugfs.default_key);
326 sdata->common_debugfs.default_key = NULL; 309 sdata->debugfs.default_key = NULL;
327} 310}
328 311
329void ieee80211_debugfs_key_add_mgmt_default(struct ieee80211_sub_if_data *sdata) 312void ieee80211_debugfs_key_add_mgmt_default(struct ieee80211_sub_if_data *sdata)
@@ -331,7 +314,7 @@ void ieee80211_debugfs_key_add_mgmt_default(struct ieee80211_sub_if_data *sdata)
331 char buf[50]; 314 char buf[50];
332 struct ieee80211_key *key; 315 struct ieee80211_key *key;
333 316
334 if (!sdata->debugfsdir) 317 if (!sdata->debugfs.dir)
335 return; 318 return;
336 319
337 /* this is running under the key lock */ 320 /* this is running under the key lock */
@@ -339,9 +322,9 @@ void ieee80211_debugfs_key_add_mgmt_default(struct ieee80211_sub_if_data *sdata)
339 key = sdata->default_mgmt_key; 322 key = sdata->default_mgmt_key;
340 if (key) { 323 if (key) {
341 sprintf(buf, "../keys/%d", key->debugfs.cnt); 324 sprintf(buf, "../keys/%d", key->debugfs.cnt);
342 sdata->common_debugfs.default_mgmt_key = 325 sdata->debugfs.default_mgmt_key =
343 debugfs_create_symlink("default_mgmt_key", 326 debugfs_create_symlink("default_mgmt_key",
344 sdata->debugfsdir, buf); 327 sdata->debugfs.dir, buf);
345 } else 328 } else
346 ieee80211_debugfs_key_remove_mgmt_default(sdata); 329 ieee80211_debugfs_key_remove_mgmt_default(sdata);
347} 330}
@@ -351,8 +334,8 @@ void ieee80211_debugfs_key_remove_mgmt_default(struct ieee80211_sub_if_data *sda
351 if (!sdata) 334 if (!sdata)
352 return; 335 return;
353 336
354 debugfs_remove(sdata->common_debugfs.default_mgmt_key); 337 debugfs_remove(sdata->debugfs.default_mgmt_key);
355 sdata->common_debugfs.default_mgmt_key = NULL; 338 sdata->debugfs.default_mgmt_key = NULL;
356} 339}
357 340
358void ieee80211_debugfs_key_sta_del(struct ieee80211_key *key, 341void ieee80211_debugfs_key_sta_del(struct ieee80211_key *key,
diff --git a/net/mac80211/debugfs_netdev.c b/net/mac80211/debugfs_netdev.c
index 61234e79022b..83d4289d954b 100644
--- a/net/mac80211/debugfs_netdev.c
+++ b/net/mac80211/debugfs_netdev.c
@@ -13,6 +13,7 @@
13#include <linux/interrupt.h> 13#include <linux/interrupt.h>
14#include <linux/netdevice.h> 14#include <linux/netdevice.h>
15#include <linux/rtnetlink.h> 15#include <linux/rtnetlink.h>
16#include <linux/slab.h>
16#include <linux/notifier.h> 17#include <linux/notifier.h>
17#include <net/mac80211.h> 18#include <net/mac80211.h>
18#include <net/cfg80211.h> 19#include <net/cfg80211.h>
@@ -41,6 +42,34 @@ static ssize_t ieee80211_if_read(
41 return ret; 42 return ret;
42} 43}
43 44
45static ssize_t ieee80211_if_write(
46 struct ieee80211_sub_if_data *sdata,
47 const char __user *userbuf,
48 size_t count, loff_t *ppos,
49 ssize_t (*write)(struct ieee80211_sub_if_data *, const char *, int))
50{
51 u8 *buf;
52 ssize_t ret;
53
54 buf = kmalloc(count, GFP_KERNEL);
55 if (!buf)
56 return -ENOMEM;
57
58 ret = -EFAULT;
59 if (copy_from_user(buf, userbuf, count))
60 goto freebuf;
61
62 ret = -ENODEV;
63 rtnl_lock();
64 if (sdata->dev->reg_state == NETREG_REGISTERED)
65 ret = (*write)(sdata, buf, count);
66 rtnl_unlock();
67
68freebuf:
69 kfree(buf);
70 return ret;
71}
72
44#define IEEE80211_IF_FMT(name, field, format_string) \ 73#define IEEE80211_IF_FMT(name, field, format_string) \
45static ssize_t ieee80211_if_fmt_##name( \ 74static ssize_t ieee80211_if_fmt_##name( \
46 const struct ieee80211_sub_if_data *sdata, char *buf, \ 75 const struct ieee80211_sub_if_data *sdata, char *buf, \
@@ -71,7 +100,7 @@ static ssize_t ieee80211_if_fmt_##name( \
71 return scnprintf(buf, buflen, "%pM\n", sdata->field); \ 100 return scnprintf(buf, buflen, "%pM\n", sdata->field); \
72} 101}
73 102
74#define __IEEE80211_IF_FILE(name) \ 103#define __IEEE80211_IF_FILE(name, _write) \
75static ssize_t ieee80211_if_read_##name(struct file *file, \ 104static ssize_t ieee80211_if_read_##name(struct file *file, \
76 char __user *userbuf, \ 105 char __user *userbuf, \
77 size_t count, loff_t *ppos) \ 106 size_t count, loff_t *ppos) \
@@ -82,22 +111,99 @@ static ssize_t ieee80211_if_read_##name(struct file *file, \
82} \ 111} \
83static const struct file_operations name##_ops = { \ 112static const struct file_operations name##_ops = { \
84 .read = ieee80211_if_read_##name, \ 113 .read = ieee80211_if_read_##name, \
114 .write = (_write), \
85 .open = mac80211_open_file_generic, \ 115 .open = mac80211_open_file_generic, \
86} 116}
87 117
118#define __IEEE80211_IF_FILE_W(name) \
119static ssize_t ieee80211_if_write_##name(struct file *file, \
120 const char __user *userbuf, \
121 size_t count, loff_t *ppos) \
122{ \
123 return ieee80211_if_write(file->private_data, userbuf, count, \
124 ppos, ieee80211_if_parse_##name); \
125} \
126__IEEE80211_IF_FILE(name, ieee80211_if_write_##name)
127
128
88#define IEEE80211_IF_FILE(name, field, format) \ 129#define IEEE80211_IF_FILE(name, field, format) \
89 IEEE80211_IF_FMT_##format(name, field) \ 130 IEEE80211_IF_FMT_##format(name, field) \
90 __IEEE80211_IF_FILE(name) 131 __IEEE80211_IF_FILE(name, NULL)
91 132
92/* common attributes */ 133/* common attributes */
93IEEE80211_IF_FILE(drop_unencrypted, drop_unencrypted, DEC); 134IEEE80211_IF_FILE(drop_unencrypted, drop_unencrypted, DEC);
94IEEE80211_IF_FILE(force_unicast_rateidx, force_unicast_rateidx, DEC); 135IEEE80211_IF_FILE(rc_rateidx_mask_2ghz, rc_rateidx_mask[IEEE80211_BAND_2GHZ],
95IEEE80211_IF_FILE(max_ratectrl_rateidx, max_ratectrl_rateidx, DEC); 136 HEX);
137IEEE80211_IF_FILE(rc_rateidx_mask_5ghz, rc_rateidx_mask[IEEE80211_BAND_5GHZ],
138 HEX);
96 139
97/* STA attributes */ 140/* STA attributes */
98IEEE80211_IF_FILE(bssid, u.mgd.bssid, MAC); 141IEEE80211_IF_FILE(bssid, u.mgd.bssid, MAC);
99IEEE80211_IF_FILE(aid, u.mgd.aid, DEC); 142IEEE80211_IF_FILE(aid, u.mgd.aid, DEC);
100IEEE80211_IF_FILE(capab, u.mgd.capab, HEX); 143
144static int ieee80211_set_smps(struct ieee80211_sub_if_data *sdata,
145 enum ieee80211_smps_mode smps_mode)
146{
147 struct ieee80211_local *local = sdata->local;
148 int err;
149
150 if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_STATIC_SMPS) &&
151 smps_mode == IEEE80211_SMPS_STATIC)
152 return -EINVAL;
153
154 /* auto should be dynamic if in PS mode */
155 if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_SMPS) &&
156 (smps_mode == IEEE80211_SMPS_DYNAMIC ||
157 smps_mode == IEEE80211_SMPS_AUTOMATIC))
158 return -EINVAL;
159
160 /* supported only on managed interfaces for now */
161 if (sdata->vif.type != NL80211_IFTYPE_STATION)
162 return -EOPNOTSUPP;
163
164 mutex_lock(&local->iflist_mtx);
165 err = __ieee80211_request_smps(sdata, smps_mode);
166 mutex_unlock(&local->iflist_mtx);
167
168 return err;
169}
170
171static const char *smps_modes[IEEE80211_SMPS_NUM_MODES] = {
172 [IEEE80211_SMPS_AUTOMATIC] = "auto",
173 [IEEE80211_SMPS_OFF] = "off",
174 [IEEE80211_SMPS_STATIC] = "static",
175 [IEEE80211_SMPS_DYNAMIC] = "dynamic",
176};
177
178static ssize_t ieee80211_if_fmt_smps(const struct ieee80211_sub_if_data *sdata,
179 char *buf, int buflen)
180{
181 if (sdata->vif.type != NL80211_IFTYPE_STATION)
182 return -EOPNOTSUPP;
183
184 return snprintf(buf, buflen, "request: %s\nused: %s\n",
185 smps_modes[sdata->u.mgd.req_smps],
186 smps_modes[sdata->u.mgd.ap_smps]);
187}
188
189static ssize_t ieee80211_if_parse_smps(struct ieee80211_sub_if_data *sdata,
190 const char *buf, int buflen)
191{
192 enum ieee80211_smps_mode mode;
193
194 for (mode = 0; mode < IEEE80211_SMPS_NUM_MODES; mode++) {
195 if (strncmp(buf, smps_modes[mode], buflen) == 0) {
196 int err = ieee80211_set_smps(sdata, mode);
197 if (!err)
198 return buflen;
199 return err;
200 }
201 }
202
203 return -EINVAL;
204}
205
206__IEEE80211_IF_FILE_W(smps);
101 207
102/* AP attributes */ 208/* AP attributes */
103IEEE80211_IF_FILE(num_sta_ps, u.ap.num_sta_ps, ATOMIC); 209IEEE80211_IF_FILE(num_sta_ps, u.ap.num_sta_ps, ATOMIC);
@@ -109,7 +215,7 @@ static ssize_t ieee80211_if_fmt_num_buffered_multicast(
109 return scnprintf(buf, buflen, "%u\n", 215 return scnprintf(buf, buflen, "%u\n",
110 skb_queue_len(&sdata->u.ap.ps_bc_buf)); 216 skb_queue_len(&sdata->u.ap.ps_bc_buf));
111} 217}
112__IEEE80211_IF_FILE(num_buffered_multicast); 218__IEEE80211_IF_FILE(num_buffered_multicast, NULL);
113 219
114/* WDS attributes */ 220/* WDS attributes */
115IEEE80211_IF_FILE(peer, u.wds.remote_addr, MAC); 221IEEE80211_IF_FILE(peer, u.wds.remote_addr, MAC);
@@ -149,49 +255,55 @@ IEEE80211_IF_FILE(path_refresh_time,
149 u.mesh.mshcfg.path_refresh_time, DEC); 255 u.mesh.mshcfg.path_refresh_time, DEC);
150IEEE80211_IF_FILE(min_discovery_timeout, 256IEEE80211_IF_FILE(min_discovery_timeout,
151 u.mesh.mshcfg.min_discovery_timeout, DEC); 257 u.mesh.mshcfg.min_discovery_timeout, DEC);
258IEEE80211_IF_FILE(dot11MeshHWMPRootMode,
259 u.mesh.mshcfg.dot11MeshHWMPRootMode, DEC);
152#endif 260#endif
153 261
154 262
155#define DEBUGFS_ADD(name, type)\ 263#define DEBUGFS_ADD(name) \
156 sdata->debugfs.type.name = debugfs_create_file(#name, 0400,\ 264 debugfs_create_file(#name, 0400, sdata->debugfs.dir, \
157 sdata->debugfsdir, sdata, &name##_ops); 265 sdata, &name##_ops);
266
267#define DEBUGFS_ADD_MODE(name, mode) \
268 debugfs_create_file(#name, mode, sdata->debugfs.dir, \
269 sdata, &name##_ops);
158 270
159static void add_sta_files(struct ieee80211_sub_if_data *sdata) 271static void add_sta_files(struct ieee80211_sub_if_data *sdata)
160{ 272{
161 DEBUGFS_ADD(drop_unencrypted, sta); 273 DEBUGFS_ADD(drop_unencrypted);
162 DEBUGFS_ADD(force_unicast_rateidx, sta); 274 DEBUGFS_ADD(rc_rateidx_mask_2ghz);
163 DEBUGFS_ADD(max_ratectrl_rateidx, sta); 275 DEBUGFS_ADD(rc_rateidx_mask_5ghz);
164 276
165 DEBUGFS_ADD(bssid, sta); 277 DEBUGFS_ADD(bssid);
166 DEBUGFS_ADD(aid, sta); 278 DEBUGFS_ADD(aid);
167 DEBUGFS_ADD(capab, sta); 279 DEBUGFS_ADD_MODE(smps, 0600);
168} 280}
169 281
170static void add_ap_files(struct ieee80211_sub_if_data *sdata) 282static void add_ap_files(struct ieee80211_sub_if_data *sdata)
171{ 283{
172 DEBUGFS_ADD(drop_unencrypted, ap); 284 DEBUGFS_ADD(drop_unencrypted);
173 DEBUGFS_ADD(force_unicast_rateidx, ap); 285 DEBUGFS_ADD(rc_rateidx_mask_2ghz);
174 DEBUGFS_ADD(max_ratectrl_rateidx, ap); 286 DEBUGFS_ADD(rc_rateidx_mask_5ghz);
175 287
176 DEBUGFS_ADD(num_sta_ps, ap); 288 DEBUGFS_ADD(num_sta_ps);
177 DEBUGFS_ADD(dtim_count, ap); 289 DEBUGFS_ADD(dtim_count);
178 DEBUGFS_ADD(num_buffered_multicast, ap); 290 DEBUGFS_ADD(num_buffered_multicast);
179} 291}
180 292
181static void add_wds_files(struct ieee80211_sub_if_data *sdata) 293static void add_wds_files(struct ieee80211_sub_if_data *sdata)
182{ 294{
183 DEBUGFS_ADD(drop_unencrypted, wds); 295 DEBUGFS_ADD(drop_unencrypted);
184 DEBUGFS_ADD(force_unicast_rateidx, wds); 296 DEBUGFS_ADD(rc_rateidx_mask_2ghz);
185 DEBUGFS_ADD(max_ratectrl_rateidx, wds); 297 DEBUGFS_ADD(rc_rateidx_mask_5ghz);
186 298
187 DEBUGFS_ADD(peer, wds); 299 DEBUGFS_ADD(peer);
188} 300}
189 301
190static void add_vlan_files(struct ieee80211_sub_if_data *sdata) 302static void add_vlan_files(struct ieee80211_sub_if_data *sdata)
191{ 303{
192 DEBUGFS_ADD(drop_unencrypted, vlan); 304 DEBUGFS_ADD(drop_unencrypted);
193 DEBUGFS_ADD(force_unicast_rateidx, vlan); 305 DEBUGFS_ADD(rc_rateidx_mask_2ghz);
194 DEBUGFS_ADD(max_ratectrl_rateidx, vlan); 306 DEBUGFS_ADD(rc_rateidx_mask_5ghz);
195} 307}
196 308
197static void add_monitor_files(struct ieee80211_sub_if_data *sdata) 309static void add_monitor_files(struct ieee80211_sub_if_data *sdata)
@@ -199,30 +311,32 @@ static void add_monitor_files(struct ieee80211_sub_if_data *sdata)
199} 311}
200 312
201#ifdef CONFIG_MAC80211_MESH 313#ifdef CONFIG_MAC80211_MESH
202#define MESHSTATS_ADD(name)\
203 sdata->mesh_stats.name = debugfs_create_file(#name, 0400,\
204 sdata->mesh_stats_dir, sdata, &name##_ops);
205 314
206static void add_mesh_stats(struct ieee80211_sub_if_data *sdata) 315static void add_mesh_stats(struct ieee80211_sub_if_data *sdata)
207{ 316{
208 sdata->mesh_stats_dir = debugfs_create_dir("mesh_stats", 317 struct dentry *dir = debugfs_create_dir("mesh_stats",
209 sdata->debugfsdir); 318 sdata->debugfs.dir);
319
320#define MESHSTATS_ADD(name)\
321 debugfs_create_file(#name, 0400, dir, sdata, &name##_ops);
322
210 MESHSTATS_ADD(fwded_mcast); 323 MESHSTATS_ADD(fwded_mcast);
211 MESHSTATS_ADD(fwded_unicast); 324 MESHSTATS_ADD(fwded_unicast);
212 MESHSTATS_ADD(fwded_frames); 325 MESHSTATS_ADD(fwded_frames);
213 MESHSTATS_ADD(dropped_frames_ttl); 326 MESHSTATS_ADD(dropped_frames_ttl);
214 MESHSTATS_ADD(dropped_frames_no_route); 327 MESHSTATS_ADD(dropped_frames_no_route);
215 MESHSTATS_ADD(estab_plinks); 328 MESHSTATS_ADD(estab_plinks);
329#undef MESHSTATS_ADD
216} 330}
217 331
218#define MESHPARAMS_ADD(name)\
219 sdata->mesh_config.name = debugfs_create_file(#name, 0600,\
220 sdata->mesh_config_dir, sdata, &name##_ops);
221
222static void add_mesh_config(struct ieee80211_sub_if_data *sdata) 332static void add_mesh_config(struct ieee80211_sub_if_data *sdata)
223{ 333{
224 sdata->mesh_config_dir = debugfs_create_dir("mesh_config", 334 struct dentry *dir = debugfs_create_dir("mesh_config",
225 sdata->debugfsdir); 335 sdata->debugfs.dir);
336
337#define MESHPARAMS_ADD(name) \
338 debugfs_create_file(#name, 0600, dir, sdata, &name##_ops);
339
226 MESHPARAMS_ADD(dot11MeshMaxRetries); 340 MESHPARAMS_ADD(dot11MeshMaxRetries);
227 MESHPARAMS_ADD(dot11MeshRetryTimeout); 341 MESHPARAMS_ADD(dot11MeshRetryTimeout);
228 MESHPARAMS_ADD(dot11MeshConfirmTimeout); 342 MESHPARAMS_ADD(dot11MeshConfirmTimeout);
@@ -236,12 +350,14 @@ static void add_mesh_config(struct ieee80211_sub_if_data *sdata)
236 MESHPARAMS_ADD(dot11MeshHWMPmaxPREQretries); 350 MESHPARAMS_ADD(dot11MeshHWMPmaxPREQretries);
237 MESHPARAMS_ADD(path_refresh_time); 351 MESHPARAMS_ADD(path_refresh_time);
238 MESHPARAMS_ADD(min_discovery_timeout); 352 MESHPARAMS_ADD(min_discovery_timeout);
353
354#undef MESHPARAMS_ADD
239} 355}
240#endif 356#endif
241 357
242static void add_files(struct ieee80211_sub_if_data *sdata) 358static void add_files(struct ieee80211_sub_if_data *sdata)
243{ 359{
244 if (!sdata->debugfsdir) 360 if (!sdata->debugfs.dir)
245 return; 361 return;
246 362
247 switch (sdata->vif.type) { 363 switch (sdata->vif.type) {
@@ -274,208 +390,37 @@ static void add_files(struct ieee80211_sub_if_data *sdata)
274 } 390 }
275} 391}
276 392
277#define DEBUGFS_DEL(name, type) \
278 do { \
279 debugfs_remove(sdata->debugfs.type.name); \
280 sdata->debugfs.type.name = NULL; \
281 } while (0)
282
283static void del_sta_files(struct ieee80211_sub_if_data *sdata)
284{
285 DEBUGFS_DEL(drop_unencrypted, sta);
286 DEBUGFS_DEL(force_unicast_rateidx, sta);
287 DEBUGFS_DEL(max_ratectrl_rateidx, sta);
288
289 DEBUGFS_DEL(bssid, sta);
290 DEBUGFS_DEL(aid, sta);
291 DEBUGFS_DEL(capab, sta);
292}
293
294static void del_ap_files(struct ieee80211_sub_if_data *sdata)
295{
296 DEBUGFS_DEL(drop_unencrypted, ap);
297 DEBUGFS_DEL(force_unicast_rateidx, ap);
298 DEBUGFS_DEL(max_ratectrl_rateidx, ap);
299
300 DEBUGFS_DEL(num_sta_ps, ap);
301 DEBUGFS_DEL(dtim_count, ap);
302 DEBUGFS_DEL(num_buffered_multicast, ap);
303}
304
305static void del_wds_files(struct ieee80211_sub_if_data *sdata)
306{
307 DEBUGFS_DEL(drop_unencrypted, wds);
308 DEBUGFS_DEL(force_unicast_rateidx, wds);
309 DEBUGFS_DEL(max_ratectrl_rateidx, wds);
310
311 DEBUGFS_DEL(peer, wds);
312}
313
314static void del_vlan_files(struct ieee80211_sub_if_data *sdata)
315{
316 DEBUGFS_DEL(drop_unencrypted, vlan);
317 DEBUGFS_DEL(force_unicast_rateidx, vlan);
318 DEBUGFS_DEL(max_ratectrl_rateidx, vlan);
319}
320
321static void del_monitor_files(struct ieee80211_sub_if_data *sdata)
322{
323}
324
325#ifdef CONFIG_MAC80211_MESH
326#define MESHSTATS_DEL(name) \
327 do { \
328 debugfs_remove(sdata->mesh_stats.name); \
329 sdata->mesh_stats.name = NULL; \
330 } while (0)
331
332static void del_mesh_stats(struct ieee80211_sub_if_data *sdata)
333{
334 MESHSTATS_DEL(fwded_mcast);
335 MESHSTATS_DEL(fwded_unicast);
336 MESHSTATS_DEL(fwded_frames);
337 MESHSTATS_DEL(dropped_frames_ttl);
338 MESHSTATS_DEL(dropped_frames_no_route);
339 MESHSTATS_DEL(estab_plinks);
340 debugfs_remove(sdata->mesh_stats_dir);
341 sdata->mesh_stats_dir = NULL;
342}
343
344#define MESHPARAMS_DEL(name) \
345 do { \
346 debugfs_remove(sdata->mesh_config.name); \
347 sdata->mesh_config.name = NULL; \
348 } while (0)
349
350static void del_mesh_config(struct ieee80211_sub_if_data *sdata)
351{
352 MESHPARAMS_DEL(dot11MeshMaxRetries);
353 MESHPARAMS_DEL(dot11MeshRetryTimeout);
354 MESHPARAMS_DEL(dot11MeshConfirmTimeout);
355 MESHPARAMS_DEL(dot11MeshHoldingTimeout);
356 MESHPARAMS_DEL(dot11MeshTTL);
357 MESHPARAMS_DEL(auto_open_plinks);
358 MESHPARAMS_DEL(dot11MeshMaxPeerLinks);
359 MESHPARAMS_DEL(dot11MeshHWMPactivePathTimeout);
360 MESHPARAMS_DEL(dot11MeshHWMPpreqMinInterval);
361 MESHPARAMS_DEL(dot11MeshHWMPnetDiameterTraversalTime);
362 MESHPARAMS_DEL(dot11MeshHWMPmaxPREQretries);
363 MESHPARAMS_DEL(path_refresh_time);
364 MESHPARAMS_DEL(min_discovery_timeout);
365 debugfs_remove(sdata->mesh_config_dir);
366 sdata->mesh_config_dir = NULL;
367}
368#endif
369
370static void del_files(struct ieee80211_sub_if_data *sdata)
371{
372 if (!sdata->debugfsdir)
373 return;
374
375 switch (sdata->vif.type) {
376 case NL80211_IFTYPE_MESH_POINT:
377#ifdef CONFIG_MAC80211_MESH
378 del_mesh_stats(sdata);
379 del_mesh_config(sdata);
380#endif
381 break;
382 case NL80211_IFTYPE_STATION:
383 del_sta_files(sdata);
384 break;
385 case NL80211_IFTYPE_ADHOC:
386 /* XXX */
387 break;
388 case NL80211_IFTYPE_AP:
389 del_ap_files(sdata);
390 break;
391 case NL80211_IFTYPE_WDS:
392 del_wds_files(sdata);
393 break;
394 case NL80211_IFTYPE_MONITOR:
395 del_monitor_files(sdata);
396 break;
397 case NL80211_IFTYPE_AP_VLAN:
398 del_vlan_files(sdata);
399 break;
400 default:
401 break;
402 }
403}
404
405static int notif_registered;
406
407void ieee80211_debugfs_add_netdev(struct ieee80211_sub_if_data *sdata) 393void ieee80211_debugfs_add_netdev(struct ieee80211_sub_if_data *sdata)
408{ 394{
409 char buf[10+IFNAMSIZ]; 395 char buf[10+IFNAMSIZ];
410 396
411 if (!notif_registered) 397 sprintf(buf, "netdev:%s", sdata->name);
412 return; 398 sdata->debugfs.dir = debugfs_create_dir(buf,
413
414 sprintf(buf, "netdev:%s", sdata->dev->name);
415 sdata->debugfsdir = debugfs_create_dir(buf,
416 sdata->local->hw.wiphy->debugfsdir); 399 sdata->local->hw.wiphy->debugfsdir);
417 add_files(sdata); 400 add_files(sdata);
418} 401}
419 402
420void ieee80211_debugfs_remove_netdev(struct ieee80211_sub_if_data *sdata) 403void ieee80211_debugfs_remove_netdev(struct ieee80211_sub_if_data *sdata)
421{ 404{
422 del_files(sdata); 405 if (!sdata->debugfs.dir)
423 debugfs_remove(sdata->debugfsdir); 406 return;
424 sdata->debugfsdir = NULL; 407
408 debugfs_remove_recursive(sdata->debugfs.dir);
409 sdata->debugfs.dir = NULL;
425} 410}
426 411
427static int netdev_notify(struct notifier_block *nb, 412void ieee80211_debugfs_rename_netdev(struct ieee80211_sub_if_data *sdata)
428 unsigned long state,
429 void *ndev)
430{ 413{
431 struct net_device *dev = ndev;
432 struct dentry *dir; 414 struct dentry *dir;
433 struct ieee80211_sub_if_data *sdata; 415 char buf[10 + IFNAMSIZ];
434 char buf[10+IFNAMSIZ];
435
436 if (state != NETDEV_CHANGENAME)
437 return 0;
438 416
439 if (!dev->ieee80211_ptr || !dev->ieee80211_ptr->wiphy) 417 dir = sdata->debugfs.dir;
440 return 0;
441
442 if (dev->ieee80211_ptr->wiphy->privid != mac80211_wiphy_privid)
443 return 0;
444
445 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
446
447 dir = sdata->debugfsdir;
448 418
449 if (!dir) 419 if (!dir)
450 return 0; 420 return;
451 421
452 sprintf(buf, "netdev:%s", dev->name); 422 sprintf(buf, "netdev:%s", sdata->name);
453 if (!debugfs_rename(dir->d_parent, dir, dir->d_parent, buf)) 423 if (!debugfs_rename(dir->d_parent, dir, dir->d_parent, buf))
454 printk(KERN_ERR "mac80211: debugfs: failed to rename debugfs " 424 printk(KERN_ERR "mac80211: debugfs: failed to rename debugfs "
455 "dir to %s\n", buf); 425 "dir to %s\n", buf);
456
457 return 0;
458}
459
460static struct notifier_block mac80211_debugfs_netdev_notifier = {
461 .notifier_call = netdev_notify,
462};
463
464void ieee80211_debugfs_netdev_init(void)
465{
466 int err;
467
468 err = register_netdevice_notifier(&mac80211_debugfs_netdev_notifier);
469 if (err) {
470 printk(KERN_ERR
471 "mac80211: failed to install netdev notifier,"
472 " disabling per-netdev debugfs!\n");
473 } else
474 notif_registered = 1;
475}
476
477void ieee80211_debugfs_netdev_exit(void)
478{
479 unregister_netdevice_notifier(&mac80211_debugfs_netdev_notifier);
480 notif_registered = 0;
481} 426}
diff --git a/net/mac80211/debugfs_netdev.h b/net/mac80211/debugfs_netdev.h
index 7af731f0b731..79025e79f4d6 100644
--- a/net/mac80211/debugfs_netdev.h
+++ b/net/mac80211/debugfs_netdev.h
@@ -6,8 +6,7 @@
6#ifdef CONFIG_MAC80211_DEBUGFS 6#ifdef CONFIG_MAC80211_DEBUGFS
7void ieee80211_debugfs_add_netdev(struct ieee80211_sub_if_data *sdata); 7void ieee80211_debugfs_add_netdev(struct ieee80211_sub_if_data *sdata);
8void ieee80211_debugfs_remove_netdev(struct ieee80211_sub_if_data *sdata); 8void ieee80211_debugfs_remove_netdev(struct ieee80211_sub_if_data *sdata);
9void ieee80211_debugfs_netdev_init(void); 9void ieee80211_debugfs_rename_netdev(struct ieee80211_sub_if_data *sdata);
10void ieee80211_debugfs_netdev_exit(void);
11#else 10#else
12static inline void ieee80211_debugfs_add_netdev( 11static inline void ieee80211_debugfs_add_netdev(
13 struct ieee80211_sub_if_data *sdata) 12 struct ieee80211_sub_if_data *sdata)
@@ -15,10 +14,8 @@ static inline void ieee80211_debugfs_add_netdev(
15static inline void ieee80211_debugfs_remove_netdev( 14static inline void ieee80211_debugfs_remove_netdev(
16 struct ieee80211_sub_if_data *sdata) 15 struct ieee80211_sub_if_data *sdata)
17{} 16{}
18static inline void ieee80211_debugfs_netdev_init(void) 17static inline void ieee80211_debugfs_rename_netdev(
19{} 18 struct ieee80211_sub_if_data *sdata)
20
21static inline void ieee80211_debugfs_netdev_exit(void)
22{} 19{}
23#endif 20#endif
24 21
diff --git a/net/mac80211/debugfs_sta.c b/net/mac80211/debugfs_sta.c
index 33a2e892115b..d92800bb2d2f 100644
--- a/net/mac80211/debugfs_sta.c
+++ b/net/mac80211/debugfs_sta.c
@@ -44,7 +44,7 @@ static const struct file_operations sta_ ##name## _ops = { \
44 STA_OPS(name) 44 STA_OPS(name)
45 45
46STA_FILE(aid, sta.aid, D); 46STA_FILE(aid, sta.aid, D);
47STA_FILE(dev, sdata->dev->name, S); 47STA_FILE(dev, sdata->name, S);
48STA_FILE(rx_packets, rx_packets, LU); 48STA_FILE(rx_packets, rx_packets, LU);
49STA_FILE(tx_packets, tx_packets, LU); 49STA_FILE(tx_packets, tx_packets, LU);
50STA_FILE(rx_bytes, rx_bytes, LU); 50STA_FILE(rx_bytes, rx_bytes, LU);
@@ -57,7 +57,6 @@ STA_FILE(tx_filtered, tx_filtered_count, LU);
57STA_FILE(tx_retry_failed, tx_retry_failed, LU); 57STA_FILE(tx_retry_failed, tx_retry_failed, LU);
58STA_FILE(tx_retry_count, tx_retry_count, LU); 58STA_FILE(tx_retry_count, tx_retry_count, LU);
59STA_FILE(last_signal, last_signal, D); 59STA_FILE(last_signal, last_signal, D);
60STA_FILE(last_qual, last_qual, D);
61STA_FILE(last_noise, last_noise, D); 60STA_FILE(last_noise, last_noise, D);
62STA_FILE(wep_weak_iv_count, wep_weak_iv_count, LU); 61STA_FILE(wep_weak_iv_count, wep_weak_iv_count, LU);
63 62
@@ -67,10 +66,11 @@ static ssize_t sta_flags_read(struct file *file, char __user *userbuf,
67 char buf[100]; 66 char buf[100];
68 struct sta_info *sta = file->private_data; 67 struct sta_info *sta = file->private_data;
69 u32 staflags = get_sta_flags(sta); 68 u32 staflags = get_sta_flags(sta);
70 int res = scnprintf(buf, sizeof(buf), "%s%s%s%s%s%s%s%s", 69 int res = scnprintf(buf, sizeof(buf), "%s%s%s%s%s%s%s%s%s",
71 staflags & WLAN_STA_AUTH ? "AUTH\n" : "", 70 staflags & WLAN_STA_AUTH ? "AUTH\n" : "",
72 staflags & WLAN_STA_ASSOC ? "ASSOC\n" : "", 71 staflags & WLAN_STA_ASSOC ? "ASSOC\n" : "",
73 staflags & WLAN_STA_PS ? "PS\n" : "", 72 staflags & WLAN_STA_PS_STA ? "PS (sta)\n" : "",
73 staflags & WLAN_STA_PS_DRIVER ? "PS (driver)\n" : "",
74 staflags & WLAN_STA_AUTHORIZED ? "AUTHORIZED\n" : "", 74 staflags & WLAN_STA_AUTHORIZED ? "AUTHORIZED\n" : "",
75 staflags & WLAN_STA_SHORT_PREAMBLE ? "SHORT PREAMBLE\n" : "", 75 staflags & WLAN_STA_SHORT_PREAMBLE ? "SHORT PREAMBLE\n" : "",
76 staflags & WLAN_STA_WME ? "WME\n" : "", 76 staflags & WLAN_STA_WME ? "WME\n" : "",
@@ -120,36 +120,38 @@ STA_OPS(last_seq_ctrl);
120static ssize_t sta_agg_status_read(struct file *file, char __user *userbuf, 120static ssize_t sta_agg_status_read(struct file *file, char __user *userbuf,
121 size_t count, loff_t *ppos) 121 size_t count, loff_t *ppos)
122{ 122{
123 char buf[30 + STA_TID_NUM * 70], *p = buf; 123 char buf[64 + STA_TID_NUM * 40], *p = buf;
124 int i; 124 int i;
125 struct sta_info *sta = file->private_data; 125 struct sta_info *sta = file->private_data;
126 126
127 spin_lock_bh(&sta->lock); 127 spin_lock_bh(&sta->lock);
128 p += scnprintf(p, sizeof(buf)+buf-p, "next dialog_token is %#02x\n", 128 p += scnprintf(p, sizeof(buf) + buf - p, "next dialog_token: %#02x\n",
129 sta->ampdu_mlme.dialog_token_allocator + 1); 129 sta->ampdu_mlme.dialog_token_allocator + 1);
130 p += scnprintf(p, sizeof(buf) + buf - p,
131 "TID\t\tRX\tDTKN\tSSN\t\tTX\tDTKN\tSSN\tpending\n");
130 for (i = 0; i < STA_TID_NUM; i++) { 132 for (i = 0; i < STA_TID_NUM; i++) {
131 p += scnprintf(p, sizeof(buf)+buf-p, "TID %02d:", i); 133 p += scnprintf(p, sizeof(buf) + buf - p, "%02d", i);
132 p += scnprintf(p, sizeof(buf)+buf-p, " RX=%x", 134 p += scnprintf(p, sizeof(buf) + buf - p, "\t\t%x",
133 sta->ampdu_mlme.tid_state_rx[i]); 135 sta->ampdu_mlme.tid_state_rx[i]);
134 p += scnprintf(p, sizeof(buf)+buf-p, "/DTKN=%#.2x", 136 p += scnprintf(p, sizeof(buf) + buf - p, "\t%#.2x",
135 sta->ampdu_mlme.tid_state_rx[i] ? 137 sta->ampdu_mlme.tid_state_rx[i] ?
136 sta->ampdu_mlme.tid_rx[i]->dialog_token : 0); 138 sta->ampdu_mlme.tid_rx[i]->dialog_token : 0);
137 p += scnprintf(p, sizeof(buf)+buf-p, "/SSN=%#.3x", 139 p += scnprintf(p, sizeof(buf) + buf - p, "\t%#.3x",
138 sta->ampdu_mlme.tid_state_rx[i] ? 140 sta->ampdu_mlme.tid_state_rx[i] ?
139 sta->ampdu_mlme.tid_rx[i]->ssn : 0); 141 sta->ampdu_mlme.tid_rx[i]->ssn : 0);
140 142
141 p += scnprintf(p, sizeof(buf)+buf-p, " TX=%x", 143 p += scnprintf(p, sizeof(buf) + buf - p, "\t\t%x",
142 sta->ampdu_mlme.tid_state_tx[i]); 144 sta->ampdu_mlme.tid_state_tx[i]);
143 p += scnprintf(p, sizeof(buf)+buf-p, "/DTKN=%#.2x", 145 p += scnprintf(p, sizeof(buf) + buf - p, "\t%#.2x",
144 sta->ampdu_mlme.tid_state_tx[i] ? 146 sta->ampdu_mlme.tid_state_tx[i] ?
145 sta->ampdu_mlme.tid_tx[i]->dialog_token : 0); 147 sta->ampdu_mlme.tid_tx[i]->dialog_token : 0);
146 p += scnprintf(p, sizeof(buf)+buf-p, "/SSN=%#.3x", 148 p += scnprintf(p, sizeof(buf) + buf - p, "\t%#.3x",
147 sta->ampdu_mlme.tid_state_tx[i] ? 149 sta->ampdu_mlme.tid_state_tx[i] ?
148 sta->ampdu_mlme.tid_tx[i]->ssn : 0); 150 sta->ampdu_mlme.tid_tx[i]->ssn : 0);
149 p += scnprintf(p, sizeof(buf)+buf-p, "/pending=%03d", 151 p += scnprintf(p, sizeof(buf) + buf - p, "\t%03d",
150 sta->ampdu_mlme.tid_state_tx[i] ? 152 sta->ampdu_mlme.tid_state_tx[i] ?
151 skb_queue_len(&sta->ampdu_mlme.tid_tx[i]->pending) : 0); 153 skb_queue_len(&sta->ampdu_mlme.tid_tx[i]->pending) : 0);
152 p += scnprintf(p, sizeof(buf)+buf-p, "\n"); 154 p += scnprintf(p, sizeof(buf) + buf - p, "\n");
153 } 155 }
154 spin_unlock_bh(&sta->lock); 156 spin_unlock_bh(&sta->lock);
155 157
@@ -157,14 +159,92 @@ static ssize_t sta_agg_status_read(struct file *file, char __user *userbuf,
157} 159}
158STA_OPS(agg_status); 160STA_OPS(agg_status);
159 161
162static ssize_t sta_ht_capa_read(struct file *file, char __user *userbuf,
163 size_t count, loff_t *ppos)
164{
165#define PRINT_HT_CAP(_cond, _str) \
166 do { \
167 if (_cond) \
168 p += scnprintf(p, sizeof(buf)+buf-p, "\t" _str "\n"); \
169 } while (0)
170 char buf[512], *p = buf;
171 int i;
172 struct sta_info *sta = file->private_data;
173 struct ieee80211_sta_ht_cap *htc = &sta->sta.ht_cap;
174
175 p += scnprintf(p, sizeof(buf) + buf - p, "ht %ssupported\n",
176 htc->ht_supported ? "" : "not ");
177 if (htc->ht_supported) {
178 p += scnprintf(p, sizeof(buf)+buf-p, "cap: %#.4x\n", htc->cap);
179
180 PRINT_HT_CAP((htc->cap & BIT(0)), "RX LDCP");
181 PRINT_HT_CAP((htc->cap & BIT(1)), "HT20/HT40");
182 PRINT_HT_CAP(!(htc->cap & BIT(1)), "HT20");
183
184 PRINT_HT_CAP(((htc->cap >> 2) & 0x3) == 0, "Static SM Power Save");
185 PRINT_HT_CAP(((htc->cap >> 2) & 0x3) == 1, "Dynamic SM Power Save");
186 PRINT_HT_CAP(((htc->cap >> 2) & 0x3) == 3, "SM Power Save disabled");
187
188 PRINT_HT_CAP((htc->cap & BIT(4)), "RX Greenfield");
189 PRINT_HT_CAP((htc->cap & BIT(5)), "RX HT20 SGI");
190 PRINT_HT_CAP((htc->cap & BIT(6)), "RX HT40 SGI");
191 PRINT_HT_CAP((htc->cap & BIT(7)), "TX STBC");
192
193 PRINT_HT_CAP(((htc->cap >> 8) & 0x3) == 0, "No RX STBC");
194 PRINT_HT_CAP(((htc->cap >> 8) & 0x3) == 1, "RX STBC 1-stream");
195 PRINT_HT_CAP(((htc->cap >> 8) & 0x3) == 2, "RX STBC 2-streams");
196 PRINT_HT_CAP(((htc->cap >> 8) & 0x3) == 3, "RX STBC 3-streams");
197
198 PRINT_HT_CAP((htc->cap & BIT(10)), "HT Delayed Block Ack");
199
200 PRINT_HT_CAP((htc->cap & BIT(11)), "Max AMSDU length: "
201 "3839 bytes");
202 PRINT_HT_CAP(!(htc->cap & BIT(11)), "Max AMSDU length: "
203 "7935 bytes");
204
205 /*
206 * For beacons and probe response this would mean the BSS
207 * does or does not allow the usage of DSSS/CCK HT40.
208 * Otherwise it means the STA does or does not use
209 * DSSS/CCK HT40.
210 */
211 PRINT_HT_CAP((htc->cap & BIT(12)), "DSSS/CCK HT40");
212 PRINT_HT_CAP(!(htc->cap & BIT(12)), "No DSSS/CCK HT40");
213
214 /* BIT(13) is reserved */
215
216 PRINT_HT_CAP((htc->cap & BIT(14)), "40 MHz Intolerant");
217
218 PRINT_HT_CAP((htc->cap & BIT(15)), "L-SIG TXOP protection");
219
220 p += scnprintf(p, sizeof(buf)+buf-p, "ampdu factor/density: %d/%d\n",
221 htc->ampdu_factor, htc->ampdu_density);
222 p += scnprintf(p, sizeof(buf)+buf-p, "MCS mask:");
223
224 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
225 p += scnprintf(p, sizeof(buf)+buf-p, " %.2x",
226 htc->mcs.rx_mask[i]);
227 p += scnprintf(p, sizeof(buf)+buf-p, "\n");
228
229 /* If not set this is meaningless */
230 if (le16_to_cpu(htc->mcs.rx_highest)) {
231 p += scnprintf(p, sizeof(buf)+buf-p,
232 "MCS rx highest: %d Mbps\n",
233 le16_to_cpu(htc->mcs.rx_highest));
234 }
235
236 p += scnprintf(p, sizeof(buf)+buf-p, "MCS tx params: %x\n",
237 htc->mcs.tx_params);
238 }
239
240 return simple_read_from_buffer(userbuf, count, ppos, buf, p - buf);
241}
242STA_OPS(ht_capa);
243
160#define DEBUGFS_ADD(name) \ 244#define DEBUGFS_ADD(name) \
161 sta->debugfs.name = debugfs_create_file(#name, 0400, \ 245 debugfs_create_file(#name, 0400, \
162 sta->debugfs.dir, sta, &sta_ ##name## _ops); 246 sta->debugfs.dir, sta, &sta_ ##name## _ops);
163 247
164#define DEBUGFS_DEL(name) \
165 debugfs_remove(sta->debugfs.name);\
166 sta->debugfs.name = NULL;
167
168 248
169void ieee80211_sta_debugfs_add(struct sta_info *sta) 249void ieee80211_sta_debugfs_add(struct sta_info *sta)
170{ 250{
@@ -209,36 +289,13 @@ void ieee80211_sta_debugfs_add(struct sta_info *sta)
209 DEBUGFS_ADD(tx_retry_failed); 289 DEBUGFS_ADD(tx_retry_failed);
210 DEBUGFS_ADD(tx_retry_count); 290 DEBUGFS_ADD(tx_retry_count);
211 DEBUGFS_ADD(last_signal); 291 DEBUGFS_ADD(last_signal);
212 DEBUGFS_ADD(last_qual);
213 DEBUGFS_ADD(last_noise); 292 DEBUGFS_ADD(last_noise);
214 DEBUGFS_ADD(wep_weak_iv_count); 293 DEBUGFS_ADD(wep_weak_iv_count);
294 DEBUGFS_ADD(ht_capa);
215} 295}
216 296
217void ieee80211_sta_debugfs_remove(struct sta_info *sta) 297void ieee80211_sta_debugfs_remove(struct sta_info *sta)
218{ 298{
219 DEBUGFS_DEL(flags); 299 debugfs_remove_recursive(sta->debugfs.dir);
220 DEBUGFS_DEL(num_ps_buf_frames);
221 DEBUGFS_DEL(inactive_ms);
222 DEBUGFS_DEL(last_seq_ctrl);
223 DEBUGFS_DEL(agg_status);
224 DEBUGFS_DEL(aid);
225 DEBUGFS_DEL(dev);
226 DEBUGFS_DEL(rx_packets);
227 DEBUGFS_DEL(tx_packets);
228 DEBUGFS_DEL(rx_bytes);
229 DEBUGFS_DEL(tx_bytes);
230 DEBUGFS_DEL(rx_duplicates);
231 DEBUGFS_DEL(rx_fragments);
232 DEBUGFS_DEL(rx_dropped);
233 DEBUGFS_DEL(tx_fragments);
234 DEBUGFS_DEL(tx_filtered);
235 DEBUGFS_DEL(tx_retry_failed);
236 DEBUGFS_DEL(tx_retry_count);
237 DEBUGFS_DEL(last_signal);
238 DEBUGFS_DEL(last_qual);
239 DEBUGFS_DEL(last_noise);
240 DEBUGFS_DEL(wep_weak_iv_count);
241
242 debugfs_remove(sta->debugfs.dir);
243 sta->debugfs.dir = NULL; 300 sta->debugfs.dir = NULL;
244} 301}
diff --git a/net/mac80211/driver-ops.h b/net/mac80211/driver-ops.h
index 020a94a31106..c3d844093a2f 100644
--- a/net/mac80211/driver-ops.h
+++ b/net/mac80211/driver-ops.h
@@ -14,6 +14,8 @@ static inline int drv_start(struct ieee80211_local *local)
14{ 14{
15 int ret; 15 int ret;
16 16
17 might_sleep();
18
17 local->started = true; 19 local->started = true;
18 smp_mb(); 20 smp_mb();
19 ret = local->ops->start(&local->hw); 21 ret = local->ops->start(&local->hw);
@@ -23,6 +25,8 @@ static inline int drv_start(struct ieee80211_local *local)
23 25
24static inline void drv_stop(struct ieee80211_local *local) 26static inline void drv_stop(struct ieee80211_local *local)
25{ 27{
28 might_sleep();
29
26 local->ops->stop(&local->hw); 30 local->ops->stop(&local->hw);
27 trace_drv_stop(local); 31 trace_drv_stop(local);
28 32
@@ -36,35 +40,47 @@ static inline void drv_stop(struct ieee80211_local *local)
36} 40}
37 41
38static inline int drv_add_interface(struct ieee80211_local *local, 42static inline int drv_add_interface(struct ieee80211_local *local,
39 struct ieee80211_if_init_conf *conf) 43 struct ieee80211_vif *vif)
40{ 44{
41 int ret = local->ops->add_interface(&local->hw, conf); 45 int ret;
42 trace_drv_add_interface(local, conf->mac_addr, conf->vif, ret); 46
47 might_sleep();
48
49 ret = local->ops->add_interface(&local->hw, vif);
50 trace_drv_add_interface(local, vif_to_sdata(vif), ret);
43 return ret; 51 return ret;
44} 52}
45 53
46static inline void drv_remove_interface(struct ieee80211_local *local, 54static inline void drv_remove_interface(struct ieee80211_local *local,
47 struct ieee80211_if_init_conf *conf) 55 struct ieee80211_vif *vif)
48{ 56{
49 local->ops->remove_interface(&local->hw, conf); 57 might_sleep();
50 trace_drv_remove_interface(local, conf->mac_addr, conf->vif); 58
59 local->ops->remove_interface(&local->hw, vif);
60 trace_drv_remove_interface(local, vif_to_sdata(vif));
51} 61}
52 62
53static inline int drv_config(struct ieee80211_local *local, u32 changed) 63static inline int drv_config(struct ieee80211_local *local, u32 changed)
54{ 64{
55 int ret = local->ops->config(&local->hw, changed); 65 int ret;
66
67 might_sleep();
68
69 ret = local->ops->config(&local->hw, changed);
56 trace_drv_config(local, changed, ret); 70 trace_drv_config(local, changed, ret);
57 return ret; 71 return ret;
58} 72}
59 73
60static inline void drv_bss_info_changed(struct ieee80211_local *local, 74static inline void drv_bss_info_changed(struct ieee80211_local *local,
61 struct ieee80211_vif *vif, 75 struct ieee80211_sub_if_data *sdata,
62 struct ieee80211_bss_conf *info, 76 struct ieee80211_bss_conf *info,
63 u32 changed) 77 u32 changed)
64{ 78{
79 might_sleep();
80
65 if (local->ops->bss_info_changed) 81 if (local->ops->bss_info_changed)
66 local->ops->bss_info_changed(&local->hw, vif, info, changed); 82 local->ops->bss_info_changed(&local->hw, &sdata->vif, info, changed);
67 trace_drv_bss_info_changed(local, vif, info, changed); 83 trace_drv_bss_info_changed(local, sdata, info, changed);
68} 84}
69 85
70static inline u64 drv_prepare_multicast(struct ieee80211_local *local, 86static inline u64 drv_prepare_multicast(struct ieee80211_local *local,
@@ -106,36 +122,53 @@ static inline int drv_set_tim(struct ieee80211_local *local,
106} 122}
107 123
108static inline int drv_set_key(struct ieee80211_local *local, 124static inline int drv_set_key(struct ieee80211_local *local,
109 enum set_key_cmd cmd, struct ieee80211_vif *vif, 125 enum set_key_cmd cmd,
126 struct ieee80211_sub_if_data *sdata,
110 struct ieee80211_sta *sta, 127 struct ieee80211_sta *sta,
111 struct ieee80211_key_conf *key) 128 struct ieee80211_key_conf *key)
112{ 129{
113 int ret = local->ops->set_key(&local->hw, cmd, vif, sta, key); 130 int ret;
114 trace_drv_set_key(local, cmd, vif, sta, key, ret); 131
132 might_sleep();
133
134 ret = local->ops->set_key(&local->hw, cmd, &sdata->vif, sta, key);
135 trace_drv_set_key(local, cmd, sdata, sta, key, ret);
115 return ret; 136 return ret;
116} 137}
117 138
118static inline void drv_update_tkip_key(struct ieee80211_local *local, 139static inline void drv_update_tkip_key(struct ieee80211_local *local,
140 struct ieee80211_sub_if_data *sdata,
119 struct ieee80211_key_conf *conf, 141 struct ieee80211_key_conf *conf,
120 const u8 *address, u32 iv32, 142 struct sta_info *sta, u32 iv32,
121 u16 *phase1key) 143 u16 *phase1key)
122{ 144{
145 struct ieee80211_sta *ista = NULL;
146
147 if (sta)
148 ista = &sta->sta;
149
123 if (local->ops->update_tkip_key) 150 if (local->ops->update_tkip_key)
124 local->ops->update_tkip_key(&local->hw, conf, address, 151 local->ops->update_tkip_key(&local->hw, &sdata->vif, conf,
125 iv32, phase1key); 152 ista, iv32, phase1key);
126 trace_drv_update_tkip_key(local, conf, address, iv32); 153 trace_drv_update_tkip_key(local, sdata, conf, ista, iv32);
127} 154}
128 155
129static inline int drv_hw_scan(struct ieee80211_local *local, 156static inline int drv_hw_scan(struct ieee80211_local *local,
130 struct cfg80211_scan_request *req) 157 struct cfg80211_scan_request *req)
131{ 158{
132 int ret = local->ops->hw_scan(&local->hw, req); 159 int ret;
160
161 might_sleep();
162
163 ret = local->ops->hw_scan(&local->hw, req);
133 trace_drv_hw_scan(local, req, ret); 164 trace_drv_hw_scan(local, req, ret);
134 return ret; 165 return ret;
135} 166}
136 167
137static inline void drv_sw_scan_start(struct ieee80211_local *local) 168static inline void drv_sw_scan_start(struct ieee80211_local *local)
138{ 169{
170 might_sleep();
171
139 if (local->ops->sw_scan_start) 172 if (local->ops->sw_scan_start)
140 local->ops->sw_scan_start(&local->hw); 173 local->ops->sw_scan_start(&local->hw);
141 trace_drv_sw_scan_start(local); 174 trace_drv_sw_scan_start(local);
@@ -143,6 +176,8 @@ static inline void drv_sw_scan_start(struct ieee80211_local *local)
143 176
144static inline void drv_sw_scan_complete(struct ieee80211_local *local) 177static inline void drv_sw_scan_complete(struct ieee80211_local *local)
145{ 178{
179 might_sleep();
180
146 if (local->ops->sw_scan_complete) 181 if (local->ops->sw_scan_complete)
147 local->ops->sw_scan_complete(&local->hw); 182 local->ops->sw_scan_complete(&local->hw);
148 trace_drv_sw_scan_complete(local); 183 trace_drv_sw_scan_complete(local);
@@ -153,6 +188,8 @@ static inline int drv_get_stats(struct ieee80211_local *local,
153{ 188{
154 int ret = -EOPNOTSUPP; 189 int ret = -EOPNOTSUPP;
155 190
191 might_sleep();
192
156 if (local->ops->get_stats) 193 if (local->ops->get_stats)
157 ret = local->ops->get_stats(&local->hw, stats); 194 ret = local->ops->get_stats(&local->hw, stats);
158 trace_drv_get_stats(local, stats, ret); 195 trace_drv_get_stats(local, stats, ret);
@@ -172,43 +209,93 @@ static inline int drv_set_rts_threshold(struct ieee80211_local *local,
172 u32 value) 209 u32 value)
173{ 210{
174 int ret = 0; 211 int ret = 0;
212
213 might_sleep();
214
175 if (local->ops->set_rts_threshold) 215 if (local->ops->set_rts_threshold)
176 ret = local->ops->set_rts_threshold(&local->hw, value); 216 ret = local->ops->set_rts_threshold(&local->hw, value);
177 trace_drv_set_rts_threshold(local, value, ret); 217 trace_drv_set_rts_threshold(local, value, ret);
178 return ret; 218 return ret;
179} 219}
180 220
221static inline int drv_set_coverage_class(struct ieee80211_local *local,
222 u8 value)
223{
224 int ret = 0;
225 might_sleep();
226
227 if (local->ops->set_coverage_class)
228 local->ops->set_coverage_class(&local->hw, value);
229 else
230 ret = -EOPNOTSUPP;
231
232 trace_drv_set_coverage_class(local, value, ret);
233 return ret;
234}
235
181static inline void drv_sta_notify(struct ieee80211_local *local, 236static inline void drv_sta_notify(struct ieee80211_local *local,
182 struct ieee80211_vif *vif, 237 struct ieee80211_sub_if_data *sdata,
183 enum sta_notify_cmd cmd, 238 enum sta_notify_cmd cmd,
184 struct ieee80211_sta *sta) 239 struct ieee80211_sta *sta)
185{ 240{
186 if (local->ops->sta_notify) 241 if (local->ops->sta_notify)
187 local->ops->sta_notify(&local->hw, vif, cmd, sta); 242 local->ops->sta_notify(&local->hw, &sdata->vif, cmd, sta);
188 trace_drv_sta_notify(local, vif, cmd, sta); 243 trace_drv_sta_notify(local, sdata, cmd, sta);
244}
245
246static inline int drv_sta_add(struct ieee80211_local *local,
247 struct ieee80211_sub_if_data *sdata,
248 struct ieee80211_sta *sta)
249{
250 int ret = 0;
251
252 might_sleep();
253
254 if (local->ops->sta_add)
255 ret = local->ops->sta_add(&local->hw, &sdata->vif, sta);
256 else if (local->ops->sta_notify)
257 local->ops->sta_notify(&local->hw, &sdata->vif,
258 STA_NOTIFY_ADD, sta);
259
260 trace_drv_sta_add(local, sdata, sta, ret);
261
262 return ret;
263}
264
265static inline void drv_sta_remove(struct ieee80211_local *local,
266 struct ieee80211_sub_if_data *sdata,
267 struct ieee80211_sta *sta)
268{
269 might_sleep();
270
271 if (local->ops->sta_remove)
272 local->ops->sta_remove(&local->hw, &sdata->vif, sta);
273 else if (local->ops->sta_notify)
274 local->ops->sta_notify(&local->hw, &sdata->vif,
275 STA_NOTIFY_REMOVE, sta);
276
277 trace_drv_sta_remove(local, sdata, sta);
189} 278}
190 279
191static inline int drv_conf_tx(struct ieee80211_local *local, u16 queue, 280static inline int drv_conf_tx(struct ieee80211_local *local, u16 queue,
192 const struct ieee80211_tx_queue_params *params) 281 const struct ieee80211_tx_queue_params *params)
193{ 282{
194 int ret = -EOPNOTSUPP; 283 int ret = -EOPNOTSUPP;
284
285 might_sleep();
286
195 if (local->ops->conf_tx) 287 if (local->ops->conf_tx)
196 ret = local->ops->conf_tx(&local->hw, queue, params); 288 ret = local->ops->conf_tx(&local->hw, queue, params);
197 trace_drv_conf_tx(local, queue, params, ret); 289 trace_drv_conf_tx(local, queue, params, ret);
198 return ret; 290 return ret;
199} 291}
200 292
201static inline int drv_get_tx_stats(struct ieee80211_local *local,
202 struct ieee80211_tx_queue_stats *stats)
203{
204 int ret = local->ops->get_tx_stats(&local->hw, stats);
205 trace_drv_get_tx_stats(local, stats, ret);
206 return ret;
207}
208
209static inline u64 drv_get_tsf(struct ieee80211_local *local) 293static inline u64 drv_get_tsf(struct ieee80211_local *local)
210{ 294{
211 u64 ret = -1ULL; 295 u64 ret = -1ULL;
296
297 might_sleep();
298
212 if (local->ops->get_tsf) 299 if (local->ops->get_tsf)
213 ret = local->ops->get_tsf(&local->hw); 300 ret = local->ops->get_tsf(&local->hw);
214 trace_drv_get_tsf(local, ret); 301 trace_drv_get_tsf(local, ret);
@@ -217,6 +304,8 @@ static inline u64 drv_get_tsf(struct ieee80211_local *local)
217 304
218static inline void drv_set_tsf(struct ieee80211_local *local, u64 tsf) 305static inline void drv_set_tsf(struct ieee80211_local *local, u64 tsf)
219{ 306{
307 might_sleep();
308
220 if (local->ops->set_tsf) 309 if (local->ops->set_tsf)
221 local->ops->set_tsf(&local->hw, tsf); 310 local->ops->set_tsf(&local->hw, tsf);
222 trace_drv_set_tsf(local, tsf); 311 trace_drv_set_tsf(local, tsf);
@@ -224,6 +313,8 @@ static inline void drv_set_tsf(struct ieee80211_local *local, u64 tsf)
224 313
225static inline void drv_reset_tsf(struct ieee80211_local *local) 314static inline void drv_reset_tsf(struct ieee80211_local *local)
226{ 315{
316 might_sleep();
317
227 if (local->ops->reset_tsf) 318 if (local->ops->reset_tsf)
228 local->ops->reset_tsf(&local->hw); 319 local->ops->reset_tsf(&local->hw);
229 trace_drv_reset_tsf(local); 320 trace_drv_reset_tsf(local);
@@ -232,6 +323,9 @@ static inline void drv_reset_tsf(struct ieee80211_local *local)
232static inline int drv_tx_last_beacon(struct ieee80211_local *local) 323static inline int drv_tx_last_beacon(struct ieee80211_local *local)
233{ 324{
234 int ret = 1; 325 int ret = 1;
326
327 might_sleep();
328
235 if (local->ops->tx_last_beacon) 329 if (local->ops->tx_last_beacon)
236 ret = local->ops->tx_last_beacon(&local->hw); 330 ret = local->ops->tx_last_beacon(&local->hw);
237 trace_drv_tx_last_beacon(local, ret); 331 trace_drv_tx_last_beacon(local, ret);
@@ -239,22 +333,34 @@ static inline int drv_tx_last_beacon(struct ieee80211_local *local)
239} 333}
240 334
241static inline int drv_ampdu_action(struct ieee80211_local *local, 335static inline int drv_ampdu_action(struct ieee80211_local *local,
336 struct ieee80211_sub_if_data *sdata,
242 enum ieee80211_ampdu_mlme_action action, 337 enum ieee80211_ampdu_mlme_action action,
243 struct ieee80211_sta *sta, u16 tid, 338 struct ieee80211_sta *sta, u16 tid,
244 u16 *ssn) 339 u16 *ssn)
245{ 340{
246 int ret = -EOPNOTSUPP; 341 int ret = -EOPNOTSUPP;
247 if (local->ops->ampdu_action) 342 if (local->ops->ampdu_action)
248 ret = local->ops->ampdu_action(&local->hw, action, 343 ret = local->ops->ampdu_action(&local->hw, &sdata->vif, action,
249 sta, tid, ssn); 344 sta, tid, ssn);
250 trace_drv_ampdu_action(local, action, sta, tid, ssn, ret); 345 trace_drv_ampdu_action(local, sdata, action, sta, tid, ssn, ret);
251 return ret; 346 return ret;
252} 347}
253 348
254 349
255static inline void drv_rfkill_poll(struct ieee80211_local *local) 350static inline void drv_rfkill_poll(struct ieee80211_local *local)
256{ 351{
352 might_sleep();
353
257 if (local->ops->rfkill_poll) 354 if (local->ops->rfkill_poll)
258 local->ops->rfkill_poll(&local->hw); 355 local->ops->rfkill_poll(&local->hw);
259} 356}
357
358static inline void drv_flush(struct ieee80211_local *local, bool drop)
359{
360 might_sleep();
361
362 trace_drv_flush(local, drop);
363 if (local->ops->flush)
364 local->ops->flush(&local->hw, drop);
365}
260#endif /* __MAC80211_DRIVER_OPS */ 366#endif /* __MAC80211_DRIVER_OPS */
diff --git a/net/mac80211/driver-trace.h b/net/mac80211/driver-trace.h
index 37b9051afcf3..41baf730a5c7 100644
--- a/net/mac80211/driver-trace.h
+++ b/net/mac80211/driver-trace.h
@@ -25,10 +25,12 @@ static inline void trace_ ## name(proto) {}
25#define STA_PR_FMT " sta:%pM" 25#define STA_PR_FMT " sta:%pM"
26#define STA_PR_ARG __entry->sta_addr 26#define STA_PR_ARG __entry->sta_addr
27 27
28#define VIF_ENTRY __field(enum nl80211_iftype, vif_type) __field(void *, vif) 28#define VIF_ENTRY __field(enum nl80211_iftype, vif_type) __field(void *, sdata) \
29#define VIF_ASSIGN __entry->vif_type = vif ? vif->type : 0; __entry->vif = vif 29 __string(vif_name, sdata->dev ? sdata->dev->name : "<nodev>")
30#define VIF_PR_FMT " vif:%p(%d)" 30#define VIF_ASSIGN __entry->vif_type = sdata->vif.type; __entry->sdata = sdata; \
31#define VIF_PR_ARG __entry->vif, __entry->vif_type 31 __assign_str(vif_name, sdata->dev ? sdata->dev->name : "<nodev>")
32#define VIF_PR_FMT " vif:%s(%d)"
33#define VIF_PR_ARG __get_str(vif_name), __entry->vif_type
32 34
33TRACE_EVENT(drv_start, 35TRACE_EVENT(drv_start,
34 TP_PROTO(struct ieee80211_local *local, int ret), 36 TP_PROTO(struct ieee80211_local *local, int ret),
@@ -70,11 +72,10 @@ TRACE_EVENT(drv_stop,
70 72
71TRACE_EVENT(drv_add_interface, 73TRACE_EVENT(drv_add_interface,
72 TP_PROTO(struct ieee80211_local *local, 74 TP_PROTO(struct ieee80211_local *local,
73 const u8 *addr, 75 struct ieee80211_sub_if_data *sdata,
74 struct ieee80211_vif *vif,
75 int ret), 76 int ret),
76 77
77 TP_ARGS(local, addr, vif, ret), 78 TP_ARGS(local, sdata, ret),
78 79
79 TP_STRUCT__entry( 80 TP_STRUCT__entry(
80 LOCAL_ENTRY 81 LOCAL_ENTRY
@@ -86,7 +87,7 @@ TRACE_EVENT(drv_add_interface,
86 TP_fast_assign( 87 TP_fast_assign(
87 LOCAL_ASSIGN; 88 LOCAL_ASSIGN;
88 VIF_ASSIGN; 89 VIF_ASSIGN;
89 memcpy(__entry->addr, addr, 6); 90 memcpy(__entry->addr, sdata->vif.addr, 6);
90 __entry->ret = ret; 91 __entry->ret = ret;
91 ), 92 ),
92 93
@@ -97,10 +98,9 @@ TRACE_EVENT(drv_add_interface,
97); 98);
98 99
99TRACE_EVENT(drv_remove_interface, 100TRACE_EVENT(drv_remove_interface,
100 TP_PROTO(struct ieee80211_local *local, 101 TP_PROTO(struct ieee80211_local *local, struct ieee80211_sub_if_data *sdata),
101 const u8 *addr, struct ieee80211_vif *vif),
102 102
103 TP_ARGS(local, addr, vif), 103 TP_ARGS(local, sdata),
104 104
105 TP_STRUCT__entry( 105 TP_STRUCT__entry(
106 LOCAL_ENTRY 106 LOCAL_ENTRY
@@ -111,7 +111,7 @@ TRACE_EVENT(drv_remove_interface,
111 TP_fast_assign( 111 TP_fast_assign(
112 LOCAL_ASSIGN; 112 LOCAL_ASSIGN;
113 VIF_ASSIGN; 113 VIF_ASSIGN;
114 memcpy(__entry->addr, addr, 6); 114 memcpy(__entry->addr, sdata->vif.addr, 6);
115 ), 115 ),
116 116
117 TP_printk( 117 TP_printk(
@@ -131,27 +131,47 @@ TRACE_EVENT(drv_config,
131 LOCAL_ENTRY 131 LOCAL_ENTRY
132 __field(u32, changed) 132 __field(u32, changed)
133 __field(int, ret) 133 __field(int, ret)
134 __field(u32, flags)
135 __field(int, power_level)
136 __field(int, dynamic_ps_timeout)
137 __field(int, max_sleep_period)
138 __field(u16, listen_interval)
139 __field(u8, long_frame_max_tx_count)
140 __field(u8, short_frame_max_tx_count)
141 __field(int, center_freq)
142 __field(int, channel_type)
143 __field(int, smps)
134 ), 144 ),
135 145
136 TP_fast_assign( 146 TP_fast_assign(
137 LOCAL_ASSIGN; 147 LOCAL_ASSIGN;
138 __entry->changed = changed; 148 __entry->changed = changed;
139 __entry->ret = ret; 149 __entry->ret = ret;
150 __entry->flags = local->hw.conf.flags;
151 __entry->power_level = local->hw.conf.power_level;
152 __entry->dynamic_ps_timeout = local->hw.conf.dynamic_ps_timeout;
153 __entry->max_sleep_period = local->hw.conf.max_sleep_period;
154 __entry->listen_interval = local->hw.conf.listen_interval;
155 __entry->long_frame_max_tx_count = local->hw.conf.long_frame_max_tx_count;
156 __entry->short_frame_max_tx_count = local->hw.conf.short_frame_max_tx_count;
157 __entry->center_freq = local->hw.conf.channel->center_freq;
158 __entry->channel_type = local->hw.conf.channel_type;
159 __entry->smps = local->hw.conf.smps_mode;
140 ), 160 ),
141 161
142 TP_printk( 162 TP_printk(
143 LOCAL_PR_FMT " ch:%#x ret:%d", 163 LOCAL_PR_FMT " ch:%#x freq:%d ret:%d",
144 LOCAL_PR_ARG, __entry->changed, __entry->ret 164 LOCAL_PR_ARG, __entry->changed, __entry->center_freq, __entry->ret
145 ) 165 )
146); 166);
147 167
148TRACE_EVENT(drv_bss_info_changed, 168TRACE_EVENT(drv_bss_info_changed,
149 TP_PROTO(struct ieee80211_local *local, 169 TP_PROTO(struct ieee80211_local *local,
150 struct ieee80211_vif *vif, 170 struct ieee80211_sub_if_data *sdata,
151 struct ieee80211_bss_conf *info, 171 struct ieee80211_bss_conf *info,
152 u32 changed), 172 u32 changed),
153 173
154 TP_ARGS(local, vif, info, changed), 174 TP_ARGS(local, sdata, info, changed),
155 175
156 TP_STRUCT__entry( 176 TP_STRUCT__entry(
157 LOCAL_ENTRY 177 LOCAL_ENTRY
@@ -167,6 +187,8 @@ TRACE_EVENT(drv_bss_info_changed,
167 __field(u64, timestamp) 187 __field(u64, timestamp)
168 __field(u32, basic_rates) 188 __field(u32, basic_rates)
169 __field(u32, changed) 189 __field(u32, changed)
190 __field(bool, enable_beacon)
191 __field(u16, ht_operation_mode)
170 ), 192 ),
171 193
172 TP_fast_assign( 194 TP_fast_assign(
@@ -183,6 +205,8 @@ TRACE_EVENT(drv_bss_info_changed,
183 __entry->assoc_cap = info->assoc_capability; 205 __entry->assoc_cap = info->assoc_capability;
184 __entry->timestamp = info->timestamp; 206 __entry->timestamp = info->timestamp;
185 __entry->basic_rates = info->basic_rates; 207 __entry->basic_rates = info->basic_rates;
208 __entry->enable_beacon = info->enable_beacon;
209 __entry->ht_operation_mode = info->ht_operation_mode;
186 ), 210 ),
187 211
188 TP_printk( 212 TP_printk(
@@ -271,11 +295,11 @@ TRACE_EVENT(drv_set_tim,
271 295
272TRACE_EVENT(drv_set_key, 296TRACE_EVENT(drv_set_key,
273 TP_PROTO(struct ieee80211_local *local, 297 TP_PROTO(struct ieee80211_local *local,
274 enum set_key_cmd cmd, struct ieee80211_vif *vif, 298 enum set_key_cmd cmd, struct ieee80211_sub_if_data *sdata,
275 struct ieee80211_sta *sta, 299 struct ieee80211_sta *sta,
276 struct ieee80211_key_conf *key, int ret), 300 struct ieee80211_key_conf *key, int ret),
277 301
278 TP_ARGS(local, cmd, vif, sta, key, ret), 302 TP_ARGS(local, cmd, sdata, sta, key, ret),
279 303
280 TP_STRUCT__entry( 304 TP_STRUCT__entry(
281 LOCAL_ENTRY 305 LOCAL_ENTRY
@@ -307,26 +331,29 @@ TRACE_EVENT(drv_set_key,
307 331
308TRACE_EVENT(drv_update_tkip_key, 332TRACE_EVENT(drv_update_tkip_key,
309 TP_PROTO(struct ieee80211_local *local, 333 TP_PROTO(struct ieee80211_local *local,
334 struct ieee80211_sub_if_data *sdata,
310 struct ieee80211_key_conf *conf, 335 struct ieee80211_key_conf *conf,
311 const u8 *address, u32 iv32), 336 struct ieee80211_sta *sta, u32 iv32),
312 337
313 TP_ARGS(local, conf, address, iv32), 338 TP_ARGS(local, sdata, conf, sta, iv32),
314 339
315 TP_STRUCT__entry( 340 TP_STRUCT__entry(
316 LOCAL_ENTRY 341 LOCAL_ENTRY
317 __array(u8, addr, 6) 342 VIF_ENTRY
343 STA_ENTRY
318 __field(u32, iv32) 344 __field(u32, iv32)
319 ), 345 ),
320 346
321 TP_fast_assign( 347 TP_fast_assign(
322 LOCAL_ASSIGN; 348 LOCAL_ASSIGN;
323 memcpy(__entry->addr, address, 6); 349 VIF_ASSIGN;
350 STA_ASSIGN;
324 __entry->iv32 = iv32; 351 __entry->iv32 = iv32;
325 ), 352 ),
326 353
327 TP_printk( 354 TP_printk(
328 LOCAL_PR_FMT " addr:%pM iv32:%#x", 355 LOCAL_PR_FMT VIF_PR_FMT STA_PR_FMT " iv32:%#x",
329 LOCAL_PR_ARG, __entry->addr, __entry->iv32 356 LOCAL_PR_ARG,VIF_PR_ARG,STA_PR_ARG, __entry->iv32
330 ) 357 )
331); 358);
332 359
@@ -467,13 +494,36 @@ TRACE_EVENT(drv_set_rts_threshold,
467 ) 494 )
468); 495);
469 496
497TRACE_EVENT(drv_set_coverage_class,
498 TP_PROTO(struct ieee80211_local *local, u8 value, int ret),
499
500 TP_ARGS(local, value, ret),
501
502 TP_STRUCT__entry(
503 LOCAL_ENTRY
504 __field(u8, value)
505 __field(int, ret)
506 ),
507
508 TP_fast_assign(
509 LOCAL_ASSIGN;
510 __entry->ret = ret;
511 __entry->value = value;
512 ),
513
514 TP_printk(
515 LOCAL_PR_FMT " value:%d ret:%d",
516 LOCAL_PR_ARG, __entry->value, __entry->ret
517 )
518);
519
470TRACE_EVENT(drv_sta_notify, 520TRACE_EVENT(drv_sta_notify,
471 TP_PROTO(struct ieee80211_local *local, 521 TP_PROTO(struct ieee80211_local *local,
472 struct ieee80211_vif *vif, 522 struct ieee80211_sub_if_data *sdata,
473 enum sta_notify_cmd cmd, 523 enum sta_notify_cmd cmd,
474 struct ieee80211_sta *sta), 524 struct ieee80211_sta *sta),
475 525
476 TP_ARGS(local, vif, cmd, sta), 526 TP_ARGS(local, sdata, cmd, sta),
477 527
478 TP_STRUCT__entry( 528 TP_STRUCT__entry(
479 LOCAL_ENTRY 529 LOCAL_ENTRY
@@ -495,59 +545,88 @@ TRACE_EVENT(drv_sta_notify,
495 ) 545 )
496); 546);
497 547
498TRACE_EVENT(drv_conf_tx, 548TRACE_EVENT(drv_sta_add,
499 TP_PROTO(struct ieee80211_local *local, u16 queue, 549 TP_PROTO(struct ieee80211_local *local,
500 const struct ieee80211_tx_queue_params *params, 550 struct ieee80211_sub_if_data *sdata,
501 int ret), 551 struct ieee80211_sta *sta, int ret),
502 552
503 TP_ARGS(local, queue, params, ret), 553 TP_ARGS(local, sdata, sta, ret),
504 554
505 TP_STRUCT__entry( 555 TP_STRUCT__entry(
506 LOCAL_ENTRY 556 LOCAL_ENTRY
507 __field(u16, queue) 557 VIF_ENTRY
508 __field(u16, txop) 558 STA_ENTRY
509 __field(u16, cw_min)
510 __field(u16, cw_max)
511 __field(u8, aifs)
512 __field(int, ret) 559 __field(int, ret)
513 ), 560 ),
514 561
515 TP_fast_assign( 562 TP_fast_assign(
516 LOCAL_ASSIGN; 563 LOCAL_ASSIGN;
517 __entry->queue = queue; 564 VIF_ASSIGN;
565 STA_ASSIGN;
518 __entry->ret = ret; 566 __entry->ret = ret;
519 __entry->txop = params->txop;
520 __entry->cw_max = params->cw_max;
521 __entry->cw_min = params->cw_min;
522 __entry->aifs = params->aifs;
523 ), 567 ),
524 568
525 TP_printk( 569 TP_printk(
526 LOCAL_PR_FMT " queue:%d ret:%d", 570 LOCAL_PR_FMT VIF_PR_FMT STA_PR_FMT " ret:%d",
527 LOCAL_PR_ARG, __entry->queue, __entry->ret 571 LOCAL_PR_ARG, VIF_PR_ARG, STA_PR_ARG, __entry->ret
528 ) 572 )
529); 573);
530 574
531TRACE_EVENT(drv_get_tx_stats, 575TRACE_EVENT(drv_sta_remove,
532 TP_PROTO(struct ieee80211_local *local, 576 TP_PROTO(struct ieee80211_local *local,
533 struct ieee80211_tx_queue_stats *stats, 577 struct ieee80211_sub_if_data *sdata,
578 struct ieee80211_sta *sta),
579
580 TP_ARGS(local, sdata, sta),
581
582 TP_STRUCT__entry(
583 LOCAL_ENTRY
584 VIF_ENTRY
585 STA_ENTRY
586 ),
587
588 TP_fast_assign(
589 LOCAL_ASSIGN;
590 VIF_ASSIGN;
591 STA_ASSIGN;
592 ),
593
594 TP_printk(
595 LOCAL_PR_FMT VIF_PR_FMT STA_PR_FMT,
596 LOCAL_PR_ARG, VIF_PR_ARG, STA_PR_ARG
597 )
598);
599
600TRACE_EVENT(drv_conf_tx,
601 TP_PROTO(struct ieee80211_local *local, u16 queue,
602 const struct ieee80211_tx_queue_params *params,
534 int ret), 603 int ret),
535 604
536 TP_ARGS(local, stats, ret), 605 TP_ARGS(local, queue, params, ret),
537 606
538 TP_STRUCT__entry( 607 TP_STRUCT__entry(
539 LOCAL_ENTRY 608 LOCAL_ENTRY
609 __field(u16, queue)
610 __field(u16, txop)
611 __field(u16, cw_min)
612 __field(u16, cw_max)
613 __field(u8, aifs)
540 __field(int, ret) 614 __field(int, ret)
541 ), 615 ),
542 616
543 TP_fast_assign( 617 TP_fast_assign(
544 LOCAL_ASSIGN; 618 LOCAL_ASSIGN;
619 __entry->queue = queue;
545 __entry->ret = ret; 620 __entry->ret = ret;
621 __entry->txop = params->txop;
622 __entry->cw_max = params->cw_max;
623 __entry->cw_min = params->cw_min;
624 __entry->aifs = params->aifs;
546 ), 625 ),
547 626
548 TP_printk( 627 TP_printk(
549 LOCAL_PR_FMT " ret:%d", 628 LOCAL_PR_FMT " queue:%d ret:%d",
550 LOCAL_PR_ARG, __entry->ret 629 LOCAL_PR_ARG, __entry->queue, __entry->ret
551 ) 630 )
552); 631);
553 632
@@ -634,11 +713,12 @@ TRACE_EVENT(drv_tx_last_beacon,
634 713
635TRACE_EVENT(drv_ampdu_action, 714TRACE_EVENT(drv_ampdu_action,
636 TP_PROTO(struct ieee80211_local *local, 715 TP_PROTO(struct ieee80211_local *local,
716 struct ieee80211_sub_if_data *sdata,
637 enum ieee80211_ampdu_mlme_action action, 717 enum ieee80211_ampdu_mlme_action action,
638 struct ieee80211_sta *sta, u16 tid, 718 struct ieee80211_sta *sta, u16 tid,
639 u16 *ssn, int ret), 719 u16 *ssn, int ret),
640 720
641 TP_ARGS(local, action, sta, tid, ssn, ret), 721 TP_ARGS(local, sdata, action, sta, tid, ssn, ret),
642 722
643 TP_STRUCT__entry( 723 TP_STRUCT__entry(
644 LOCAL_ENTRY 724 LOCAL_ENTRY
@@ -647,20 +727,43 @@ TRACE_EVENT(drv_ampdu_action,
647 __field(u16, tid) 727 __field(u16, tid)
648 __field(u16, ssn) 728 __field(u16, ssn)
649 __field(int, ret) 729 __field(int, ret)
730 VIF_ENTRY
650 ), 731 ),
651 732
652 TP_fast_assign( 733 TP_fast_assign(
653 LOCAL_ASSIGN; 734 LOCAL_ASSIGN;
735 VIF_ASSIGN;
654 STA_ASSIGN; 736 STA_ASSIGN;
655 __entry->ret = ret; 737 __entry->ret = ret;
656 __entry->action = action; 738 __entry->action = action;
657 __entry->tid = tid; 739 __entry->tid = tid;
658 __entry->ssn = *ssn; 740 __entry->ssn = ssn ? *ssn : 0;
741 ),
742
743 TP_printk(
744 LOCAL_PR_FMT VIF_PR_FMT STA_PR_FMT " action:%d tid:%d ret:%d",
745 LOCAL_PR_ARG, VIF_PR_ARG, STA_PR_ARG, __entry->action, __entry->tid, __entry->ret
746 )
747);
748
749TRACE_EVENT(drv_flush,
750 TP_PROTO(struct ieee80211_local *local, bool drop),
751
752 TP_ARGS(local, drop),
753
754 TP_STRUCT__entry(
755 LOCAL_ENTRY
756 __field(bool, drop)
757 ),
758
759 TP_fast_assign(
760 LOCAL_ASSIGN;
761 __entry->drop = drop;
659 ), 762 ),
660 763
661 TP_printk( 764 TP_printk(
662 LOCAL_PR_FMT STA_PR_FMT " action:%d tid:%d ret:%d", 765 LOCAL_PR_FMT " drop:%d",
663 LOCAL_PR_ARG, STA_PR_ARG, __entry->action, __entry->tid, __entry->ret 766 LOCAL_PR_ARG, __entry->drop
664 ) 767 )
665); 768);
666#endif /* !__MAC80211_DRIVER_TRACE || TRACE_HEADER_MULTI_READ */ 769#endif /* !__MAC80211_DRIVER_TRACE || TRACE_HEADER_MULTI_READ */
diff --git a/net/mac80211/ht.c b/net/mac80211/ht.c
index cdc58e61d921..bb677a73b7c9 100644
--- a/net/mac80211/ht.c
+++ b/net/mac80211/ht.c
@@ -34,9 +34,28 @@ void ieee80211_ht_cap_ie_to_sta_ht_cap(struct ieee80211_supported_band *sband,
34 34
35 ht_cap->ht_supported = true; 35 ht_cap->ht_supported = true;
36 36
37 ht_cap->cap = le16_to_cpu(ht_cap_ie->cap_info) & sband->ht_cap.cap; 37 /*
38 ht_cap->cap &= ~IEEE80211_HT_CAP_SM_PS; 38 * The bits listed in this expression should be
39 ht_cap->cap |= sband->ht_cap.cap & IEEE80211_HT_CAP_SM_PS; 39 * the same for the peer and us, if the station
40 * advertises more then we can't use those thus
41 * we mask them out.
42 */
43 ht_cap->cap = le16_to_cpu(ht_cap_ie->cap_info) &
44 (sband->ht_cap.cap |
45 ~(IEEE80211_HT_CAP_LDPC_CODING |
46 IEEE80211_HT_CAP_SUP_WIDTH_20_40 |
47 IEEE80211_HT_CAP_GRN_FLD |
48 IEEE80211_HT_CAP_SGI_20 |
49 IEEE80211_HT_CAP_SGI_40 |
50 IEEE80211_HT_CAP_DSSSCCK40));
51 /*
52 * The STBC bits are asymmetric -- if we don't have
53 * TX then mask out the peer's RX and vice versa.
54 */
55 if (!(sband->ht_cap.cap & IEEE80211_HT_CAP_TX_STBC))
56 ht_cap->cap &= ~IEEE80211_HT_CAP_RX_STBC;
57 if (!(sband->ht_cap.cap & IEEE80211_HT_CAP_RX_STBC))
58 ht_cap->cap &= ~IEEE80211_HT_CAP_TX_STBC;
40 59
41 ampdu_info = ht_cap_ie->ampdu_params_info; 60 ampdu_info = ht_cap_ie->ampdu_params_info;
42 ht_cap->ampdu_factor = 61 ht_cap->ampdu_factor =
@@ -106,7 +125,7 @@ void ieee80211_send_delba(struct ieee80211_sub_if_data *sdata,
106 125
107 if (!skb) { 126 if (!skb) {
108 printk(KERN_ERR "%s: failed to allocate buffer " 127 printk(KERN_ERR "%s: failed to allocate buffer "
109 "for delba frame\n", sdata->dev->name); 128 "for delba frame\n", sdata->name);
110 return; 129 return;
111 } 130 }
112 131
@@ -114,10 +133,10 @@ void ieee80211_send_delba(struct ieee80211_sub_if_data *sdata,
114 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24); 133 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
115 memset(mgmt, 0, 24); 134 memset(mgmt, 0, 24);
116 memcpy(mgmt->da, da, ETH_ALEN); 135 memcpy(mgmt->da, da, ETH_ALEN);
117 memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN); 136 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
118 if (sdata->vif.type == NL80211_IFTYPE_AP || 137 if (sdata->vif.type == NL80211_IFTYPE_AP ||
119 sdata->vif.type == NL80211_IFTYPE_AP_VLAN) 138 sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
120 memcpy(mgmt->bssid, sdata->dev->dev_addr, ETH_ALEN); 139 memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN);
121 else if (sdata->vif.type == NL80211_IFTYPE_STATION) 140 else if (sdata->vif.type == NL80211_IFTYPE_STATION)
122 memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN); 141 memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN);
123 142
@@ -134,7 +153,7 @@ void ieee80211_send_delba(struct ieee80211_sub_if_data *sdata,
134 mgmt->u.action.u.delba.params = cpu_to_le16(params); 153 mgmt->u.action.u.delba.params = cpu_to_le16(params);
135 mgmt->u.action.u.delba.reason_code = cpu_to_le16(reason_code); 154 mgmt->u.action.u.delba.reason_code = cpu_to_le16(reason_code);
136 155
137 ieee80211_tx_skb(sdata, skb, 1); 156 ieee80211_tx_skb(sdata, skb);
138} 157}
139 158
140void ieee80211_process_delba(struct ieee80211_sub_if_data *sdata, 159void ieee80211_process_delba(struct ieee80211_sub_if_data *sdata,
@@ -166,3 +185,50 @@ void ieee80211_process_delba(struct ieee80211_sub_if_data *sdata,
166 spin_unlock_bh(&sta->lock); 185 spin_unlock_bh(&sta->lock);
167 } 186 }
168} 187}
188
189int ieee80211_send_smps_action(struct ieee80211_sub_if_data *sdata,
190 enum ieee80211_smps_mode smps, const u8 *da,
191 const u8 *bssid)
192{
193 struct ieee80211_local *local = sdata->local;
194 struct sk_buff *skb;
195 struct ieee80211_mgmt *action_frame;
196
197 /* 27 = header + category + action + smps mode */
198 skb = dev_alloc_skb(27 + local->hw.extra_tx_headroom);
199 if (!skb)
200 return -ENOMEM;
201
202 skb_reserve(skb, local->hw.extra_tx_headroom);
203 action_frame = (void *)skb_put(skb, 27);
204 memcpy(action_frame->da, da, ETH_ALEN);
205 memcpy(action_frame->sa, sdata->dev->dev_addr, ETH_ALEN);
206 memcpy(action_frame->bssid, bssid, ETH_ALEN);
207 action_frame->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
208 IEEE80211_STYPE_ACTION);
209 action_frame->u.action.category = WLAN_CATEGORY_HT;
210 action_frame->u.action.u.ht_smps.action = WLAN_HT_ACTION_SMPS;
211 switch (smps) {
212 case IEEE80211_SMPS_AUTOMATIC:
213 case IEEE80211_SMPS_NUM_MODES:
214 WARN_ON(1);
215 case IEEE80211_SMPS_OFF:
216 action_frame->u.action.u.ht_smps.smps_control =
217 WLAN_HT_SMPS_CONTROL_DISABLED;
218 break;
219 case IEEE80211_SMPS_STATIC:
220 action_frame->u.action.u.ht_smps.smps_control =
221 WLAN_HT_SMPS_CONTROL_STATIC;
222 break;
223 case IEEE80211_SMPS_DYNAMIC:
224 action_frame->u.action.u.ht_smps.smps_control =
225 WLAN_HT_SMPS_CONTROL_DYNAMIC;
226 break;
227 }
228
229 /* we'll do more on status of this frame */
230 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
231 ieee80211_tx_skb(sdata, skb);
232
233 return 0;
234}
diff --git a/net/mac80211/ibss.c b/net/mac80211/ibss.c
index f1362f32c17d..e2976da4e0d9 100644
--- a/net/mac80211/ibss.c
+++ b/net/mac80211/ibss.c
@@ -13,6 +13,7 @@
13 */ 13 */
14 14
15#include <linux/delay.h> 15#include <linux/delay.h>
16#include <linux/slab.h>
16#include <linux/if_ether.h> 17#include <linux/if_ether.h>
17#include <linux/skbuff.h> 18#include <linux/skbuff.h>
18#include <linux/if_arp.h> 19#include <linux/if_arp.h>
@@ -117,7 +118,7 @@ static void __ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
117 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 118 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
118 IEEE80211_STYPE_PROBE_RESP); 119 IEEE80211_STYPE_PROBE_RESP);
119 memset(mgmt->da, 0xff, ETH_ALEN); 120 memset(mgmt->da, 0xff, ETH_ALEN);
120 memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN); 121 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
121 memcpy(mgmt->bssid, ifibss->bssid, ETH_ALEN); 122 memcpy(mgmt->bssid, ifibss->bssid, ETH_ALEN);
122 mgmt->u.beacon.beacon_int = cpu_to_le16(beacon_int); 123 mgmt->u.beacon.beacon_int = cpu_to_le16(beacon_int);
123 mgmt->u.beacon.timestamp = cpu_to_le64(tsf); 124 mgmt->u.beacon.timestamp = cpu_to_le64(tsf);
@@ -187,15 +188,17 @@ static void __ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
187static void ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata, 188static void ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
188 struct ieee80211_bss *bss) 189 struct ieee80211_bss *bss)
189{ 190{
191 struct cfg80211_bss *cbss =
192 container_of((void *)bss, struct cfg80211_bss, priv);
190 struct ieee80211_supported_band *sband; 193 struct ieee80211_supported_band *sband;
191 u32 basic_rates; 194 u32 basic_rates;
192 int i, j; 195 int i, j;
193 u16 beacon_int = bss->cbss.beacon_interval; 196 u16 beacon_int = cbss->beacon_interval;
194 197
195 if (beacon_int < 10) 198 if (beacon_int < 10)
196 beacon_int = 10; 199 beacon_int = 10;
197 200
198 sband = sdata->local->hw.wiphy->bands[bss->cbss.channel->band]; 201 sband = sdata->local->hw.wiphy->bands[cbss->channel->band];
199 202
200 basic_rates = 0; 203 basic_rates = 0;
201 204
@@ -212,12 +215,12 @@ static void ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
212 } 215 }
213 } 216 }
214 217
215 __ieee80211_sta_join_ibss(sdata, bss->cbss.bssid, 218 __ieee80211_sta_join_ibss(sdata, cbss->bssid,
216 beacon_int, 219 beacon_int,
217 bss->cbss.channel, 220 cbss->channel,
218 basic_rates, 221 basic_rates,
219 bss->cbss.capability, 222 cbss->capability,
220 bss->cbss.tsf); 223 cbss->tsf);
221} 224}
222 225
223static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata, 226static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
@@ -229,6 +232,7 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
229{ 232{
230 struct ieee80211_local *local = sdata->local; 233 struct ieee80211_local *local = sdata->local;
231 int freq; 234 int freq;
235 struct cfg80211_bss *cbss;
232 struct ieee80211_bss *bss; 236 struct ieee80211_bss *bss;
233 struct sta_info *sta; 237 struct sta_info *sta;
234 struct ieee80211_channel *channel; 238 struct ieee80211_channel *channel;
@@ -252,7 +256,7 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
252 256
253 rcu_read_lock(); 257 rcu_read_lock();
254 258
255 sta = sta_info_get(local, mgmt->sa); 259 sta = sta_info_get(sdata, mgmt->sa);
256 if (sta) { 260 if (sta) {
257 u32 prev_rates; 261 u32 prev_rates;
258 262
@@ -266,16 +270,18 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
266 printk(KERN_DEBUG "%s: updated supp_rates set " 270 printk(KERN_DEBUG "%s: updated supp_rates set "
267 "for %pM based on beacon info (0x%llx | " 271 "for %pM based on beacon info (0x%llx | "
268 "0x%llx -> 0x%llx)\n", 272 "0x%llx -> 0x%llx)\n",
269 sdata->dev->name, 273 sdata->name,
270 sta->sta.addr, 274 sta->sta.addr,
271 (unsigned long long) prev_rates, 275 (unsigned long long) prev_rates,
272 (unsigned long long) supp_rates, 276 (unsigned long long) supp_rates,
273 (unsigned long long) sta->sta.supp_rates[band]); 277 (unsigned long long) sta->sta.supp_rates[band]);
274#endif 278#endif
275 } else 279 rcu_read_unlock();
276 ieee80211_ibss_add_sta(sdata, mgmt->bssid, mgmt->sa, supp_rates); 280 } else {
277 281 rcu_read_unlock();
278 rcu_read_unlock(); 282 ieee80211_ibss_add_sta(sdata, mgmt->bssid, mgmt->sa,
283 supp_rates, GFP_KERNEL);
284 }
279 } 285 }
280 286
281 bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, elems, 287 bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, elems,
@@ -283,25 +289,23 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
283 if (!bss) 289 if (!bss)
284 return; 290 return;
285 291
292 cbss = container_of((void *)bss, struct cfg80211_bss, priv);
293
286 /* was just updated in ieee80211_bss_info_update */ 294 /* was just updated in ieee80211_bss_info_update */
287 beacon_timestamp = bss->cbss.tsf; 295 beacon_timestamp = cbss->tsf;
288 296
289 /* check if we need to merge IBSS */ 297 /* check if we need to merge IBSS */
290 298
291 /* merge only on beacons (???) */
292 if (!beacon)
293 goto put_bss;
294
295 /* we use a fixed BSSID */ 299 /* we use a fixed BSSID */
296 if (sdata->u.ibss.bssid) 300 if (sdata->u.ibss.fixed_bssid)
297 goto put_bss; 301 goto put_bss;
298 302
299 /* not an IBSS */ 303 /* not an IBSS */
300 if (!(bss->cbss.capability & WLAN_CAPABILITY_IBSS)) 304 if (!(cbss->capability & WLAN_CAPABILITY_IBSS))
301 goto put_bss; 305 goto put_bss;
302 306
303 /* different channel */ 307 /* different channel */
304 if (bss->cbss.channel != local->oper_channel) 308 if (cbss->channel != local->oper_channel)
305 goto put_bss; 309 goto put_bss;
306 310
307 /* different SSID */ 311 /* different SSID */
@@ -311,7 +315,7 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
311 goto put_bss; 315 goto put_bss;
312 316
313 /* same BSSID */ 317 /* same BSSID */
314 if (memcmp(bss->cbss.bssid, sdata->u.ibss.bssid, ETH_ALEN) == 0) 318 if (memcmp(cbss->bssid, sdata->u.ibss.bssid, ETH_ALEN) == 0)
315 goto put_bss; 319 goto put_bss;
316 320
317 if (rx_status->flag & RX_FLAG_TSFT) { 321 if (rx_status->flag & RX_FLAG_TSFT) {
@@ -364,10 +368,11 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
364#ifdef CONFIG_MAC80211_IBSS_DEBUG 368#ifdef CONFIG_MAC80211_IBSS_DEBUG
365 printk(KERN_DEBUG "%s: beacon TSF higher than " 369 printk(KERN_DEBUG "%s: beacon TSF higher than "
366 "local TSF - IBSS merge with BSSID %pM\n", 370 "local TSF - IBSS merge with BSSID %pM\n",
367 sdata->dev->name, mgmt->bssid); 371 sdata->name, mgmt->bssid);
368#endif 372#endif
369 ieee80211_sta_join_ibss(sdata, bss); 373 ieee80211_sta_join_ibss(sdata, bss);
370 ieee80211_ibss_add_sta(sdata, mgmt->bssid, mgmt->sa, supp_rates); 374 ieee80211_ibss_add_sta(sdata, mgmt->bssid, mgmt->sa,
375 supp_rates, GFP_KERNEL);
371 } 376 }
372 377
373 put_bss: 378 put_bss:
@@ -380,8 +385,10 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
380 * must be callable in atomic context. 385 * must be callable in atomic context.
381 */ 386 */
382struct sta_info *ieee80211_ibss_add_sta(struct ieee80211_sub_if_data *sdata, 387struct sta_info *ieee80211_ibss_add_sta(struct ieee80211_sub_if_data *sdata,
383 u8 *bssid,u8 *addr, u32 supp_rates) 388 u8 *bssid,u8 *addr, u32 supp_rates,
389 gfp_t gfp)
384{ 390{
391 struct ieee80211_if_ibss *ifibss = &sdata->u.ibss;
385 struct ieee80211_local *local = sdata->local; 392 struct ieee80211_local *local = sdata->local;
386 struct sta_info *sta; 393 struct sta_info *sta;
387 int band = local->hw.conf.channel->band; 394 int band = local->hw.conf.channel->band;
@@ -393,19 +400,22 @@ struct sta_info *ieee80211_ibss_add_sta(struct ieee80211_sub_if_data *sdata,
393 if (local->num_sta >= IEEE80211_IBSS_MAX_STA_ENTRIES) { 400 if (local->num_sta >= IEEE80211_IBSS_MAX_STA_ENTRIES) {
394 if (net_ratelimit()) 401 if (net_ratelimit())
395 printk(KERN_DEBUG "%s: No room for a new IBSS STA entry %pM\n", 402 printk(KERN_DEBUG "%s: No room for a new IBSS STA entry %pM\n",
396 sdata->dev->name, addr); 403 sdata->name, addr);
397 return NULL; 404 return NULL;
398 } 405 }
399 406
407 if (ifibss->state == IEEE80211_IBSS_MLME_SEARCH)
408 return NULL;
409
400 if (compare_ether_addr(bssid, sdata->u.ibss.bssid)) 410 if (compare_ether_addr(bssid, sdata->u.ibss.bssid))
401 return NULL; 411 return NULL;
402 412
403#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 413#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
404 printk(KERN_DEBUG "%s: Adding new IBSS station %pM (dev=%s)\n", 414 printk(KERN_DEBUG "%s: Adding new IBSS station %pM (dev=%s)\n",
405 wiphy_name(local->hw.wiphy), addr, sdata->dev->name); 415 wiphy_name(local->hw.wiphy), addr, sdata->name);
406#endif 416#endif
407 417
408 sta = sta_info_alloc(sdata, addr, GFP_ATOMIC); 418 sta = sta_info_alloc(sdata, addr, gfp);
409 if (!sta) 419 if (!sta)
410 return NULL; 420 return NULL;
411 421
@@ -417,9 +427,9 @@ struct sta_info *ieee80211_ibss_add_sta(struct ieee80211_sub_if_data *sdata,
417 427
418 rate_control_rate_init(sta); 428 rate_control_rate_init(sta);
419 429
430 /* If it fails, maybe we raced another insertion? */
420 if (sta_info_insert(sta)) 431 if (sta_info_insert(sta))
421 return NULL; 432 return sta_info_get(sdata, addr);
422
423 return sta; 433 return sta;
424} 434}
425 435
@@ -445,6 +455,9 @@ static int ieee80211_sta_active_ibss(struct ieee80211_sub_if_data *sdata)
445 return active; 455 return active;
446} 456}
447 457
458/*
459 * This function is called with state == IEEE80211_IBSS_MLME_JOINED
460 */
448 461
449static void ieee80211_sta_merge_ibss(struct ieee80211_sub_if_data *sdata) 462static void ieee80211_sta_merge_ibss(struct ieee80211_sub_if_data *sdata)
450{ 463{
@@ -455,6 +468,10 @@ static void ieee80211_sta_merge_ibss(struct ieee80211_sub_if_data *sdata)
455 468
456 ieee80211_sta_expire(sdata, IEEE80211_IBSS_INACTIVITY_LIMIT); 469 ieee80211_sta_expire(sdata, IEEE80211_IBSS_INACTIVITY_LIMIT);
457 470
471 if (time_before(jiffies, ifibss->last_scan_completed +
472 IEEE80211_IBSS_MERGE_INTERVAL))
473 return;
474
458 if (ieee80211_sta_active_ibss(sdata)) 475 if (ieee80211_sta_active_ibss(sdata))
459 return; 476 return;
460 477
@@ -462,7 +479,7 @@ static void ieee80211_sta_merge_ibss(struct ieee80211_sub_if_data *sdata)
462 return; 479 return;
463 480
464 printk(KERN_DEBUG "%s: No active IBSS STAs - trying to scan for other " 481 printk(KERN_DEBUG "%s: No active IBSS STAs - trying to scan for other "
465 "IBSS networks with same SSID (merge)\n", sdata->dev->name); 482 "IBSS networks with same SSID (merge)\n", sdata->name);
466 483
467 ieee80211_request_internal_scan(sdata, ifibss->ssid, ifibss->ssid_len); 484 ieee80211_request_internal_scan(sdata, ifibss->ssid, ifibss->ssid_len);
468} 485}
@@ -484,13 +501,13 @@ static void ieee80211_sta_create_ibss(struct ieee80211_sub_if_data *sdata)
484 * random number generator get different BSSID. */ 501 * random number generator get different BSSID. */
485 get_random_bytes(bssid, ETH_ALEN); 502 get_random_bytes(bssid, ETH_ALEN);
486 for (i = 0; i < ETH_ALEN; i++) 503 for (i = 0; i < ETH_ALEN; i++)
487 bssid[i] ^= sdata->dev->dev_addr[i]; 504 bssid[i] ^= sdata->vif.addr[i];
488 bssid[0] &= ~0x01; 505 bssid[0] &= ~0x01;
489 bssid[0] |= 0x02; 506 bssid[0] |= 0x02;
490 } 507 }
491 508
492 printk(KERN_DEBUG "%s: Creating new IBSS network, BSSID %pM\n", 509 printk(KERN_DEBUG "%s: Creating new IBSS network, BSSID %pM\n",
493 sdata->dev->name, bssid); 510 sdata->name, bssid);
494 511
495 sband = local->hw.wiphy->bands[ifibss->channel->band]; 512 sband = local->hw.wiphy->bands[ifibss->channel->band];
496 513
@@ -506,11 +523,15 @@ static void ieee80211_sta_create_ibss(struct ieee80211_sub_if_data *sdata)
506 capability, 0); 523 capability, 0);
507} 524}
508 525
526/*
527 * This function is called with state == IEEE80211_IBSS_MLME_SEARCH
528 */
529
509static void ieee80211_sta_find_ibss(struct ieee80211_sub_if_data *sdata) 530static void ieee80211_sta_find_ibss(struct ieee80211_sub_if_data *sdata)
510{ 531{
511 struct ieee80211_if_ibss *ifibss = &sdata->u.ibss; 532 struct ieee80211_if_ibss *ifibss = &sdata->u.ibss;
512 struct ieee80211_local *local = sdata->local; 533 struct ieee80211_local *local = sdata->local;
513 struct ieee80211_bss *bss; 534 struct cfg80211_bss *cbss;
514 struct ieee80211_channel *chan = NULL; 535 struct ieee80211_channel *chan = NULL;
515 const u8 *bssid = NULL; 536 const u8 *bssid = NULL;
516 int active_ibss; 537 int active_ibss;
@@ -519,7 +540,7 @@ static void ieee80211_sta_find_ibss(struct ieee80211_sub_if_data *sdata)
519 active_ibss = ieee80211_sta_active_ibss(sdata); 540 active_ibss = ieee80211_sta_active_ibss(sdata);
520#ifdef CONFIG_MAC80211_IBSS_DEBUG 541#ifdef CONFIG_MAC80211_IBSS_DEBUG
521 printk(KERN_DEBUG "%s: sta_find_ibss (active_ibss=%d)\n", 542 printk(KERN_DEBUG "%s: sta_find_ibss (active_ibss=%d)\n",
522 sdata->dev->name, active_ibss); 543 sdata->name, active_ibss);
523#endif /* CONFIG_MAC80211_IBSS_DEBUG */ 544#endif /* CONFIG_MAC80211_IBSS_DEBUG */
524 545
525 if (active_ibss) 546 if (active_ibss)
@@ -534,21 +555,23 @@ static void ieee80211_sta_find_ibss(struct ieee80211_sub_if_data *sdata)
534 chan = ifibss->channel; 555 chan = ifibss->channel;
535 if (!is_zero_ether_addr(ifibss->bssid)) 556 if (!is_zero_ether_addr(ifibss->bssid))
536 bssid = ifibss->bssid; 557 bssid = ifibss->bssid;
537 bss = (void *)cfg80211_get_bss(local->hw.wiphy, chan, bssid, 558 cbss = cfg80211_get_bss(local->hw.wiphy, chan, bssid,
538 ifibss->ssid, ifibss->ssid_len, 559 ifibss->ssid, ifibss->ssid_len,
539 WLAN_CAPABILITY_IBSS | 560 WLAN_CAPABILITY_IBSS | WLAN_CAPABILITY_PRIVACY,
540 WLAN_CAPABILITY_PRIVACY, 561 capability);
541 capability); 562
563 if (cbss) {
564 struct ieee80211_bss *bss;
542 565
543 if (bss) { 566 bss = (void *)cbss->priv;
544#ifdef CONFIG_MAC80211_IBSS_DEBUG 567#ifdef CONFIG_MAC80211_IBSS_DEBUG
545 printk(KERN_DEBUG " sta_find_ibss: selected %pM current " 568 printk(KERN_DEBUG " sta_find_ibss: selected %pM current "
546 "%pM\n", bss->cbss.bssid, ifibss->bssid); 569 "%pM\n", cbss->bssid, ifibss->bssid);
547#endif /* CONFIG_MAC80211_IBSS_DEBUG */ 570#endif /* CONFIG_MAC80211_IBSS_DEBUG */
548 571
549 printk(KERN_DEBUG "%s: Selected IBSS BSSID %pM" 572 printk(KERN_DEBUG "%s: Selected IBSS BSSID %pM"
550 " based on configured SSID\n", 573 " based on configured SSID\n",
551 sdata->dev->name, bss->cbss.bssid); 574 sdata->name, cbss->bssid);
552 575
553 ieee80211_sta_join_ibss(sdata, bss); 576 ieee80211_sta_join_ibss(sdata, bss);
554 ieee80211_rx_bss_put(local, bss); 577 ieee80211_rx_bss_put(local, bss);
@@ -560,18 +583,14 @@ static void ieee80211_sta_find_ibss(struct ieee80211_sub_if_data *sdata)
560#endif /* CONFIG_MAC80211_IBSS_DEBUG */ 583#endif /* CONFIG_MAC80211_IBSS_DEBUG */
561 584
562 /* Selected IBSS not found in current scan results - try to scan */ 585 /* Selected IBSS not found in current scan results - try to scan */
563 if (ifibss->state == IEEE80211_IBSS_MLME_JOINED && 586 if (time_after(jiffies, ifibss->last_scan_completed +
564 !ieee80211_sta_active_ibss(sdata)) {
565 mod_timer(&ifibss->timer,
566 round_jiffies(jiffies + IEEE80211_IBSS_MERGE_INTERVAL));
567 } else if (time_after(jiffies, ifibss->last_scan_completed +
568 IEEE80211_SCAN_INTERVAL)) { 587 IEEE80211_SCAN_INTERVAL)) {
569 printk(KERN_DEBUG "%s: Trigger new scan to find an IBSS to " 588 printk(KERN_DEBUG "%s: Trigger new scan to find an IBSS to "
570 "join\n", sdata->dev->name); 589 "join\n", sdata->name);
571 590
572 ieee80211_request_internal_scan(sdata, ifibss->ssid, 591 ieee80211_request_internal_scan(sdata, ifibss->ssid,
573 ifibss->ssid_len); 592 ifibss->ssid_len);
574 } else if (ifibss->state != IEEE80211_IBSS_MLME_JOINED) { 593 } else {
575 int interval = IEEE80211_SCAN_INTERVAL; 594 int interval = IEEE80211_SCAN_INTERVAL;
576 595
577 if (time_after(jiffies, ifibss->ibss_join_req + 596 if (time_after(jiffies, ifibss->ibss_join_req +
@@ -581,7 +600,7 @@ static void ieee80211_sta_find_ibss(struct ieee80211_sub_if_data *sdata)
581 return; 600 return;
582 } 601 }
583 printk(KERN_DEBUG "%s: IBSS not allowed on" 602 printk(KERN_DEBUG "%s: IBSS not allowed on"
584 " %d MHz\n", sdata->dev->name, 603 " %d MHz\n", sdata->name,
585 local->hw.conf.channel->center_freq); 604 local->hw.conf.channel->center_freq);
586 605
587 /* No IBSS found - decrease scan interval and continue 606 /* No IBSS found - decrease scan interval and continue
@@ -589,7 +608,6 @@ static void ieee80211_sta_find_ibss(struct ieee80211_sub_if_data *sdata)
589 interval = IEEE80211_SCAN_INTERVAL_SLOW; 608 interval = IEEE80211_SCAN_INTERVAL_SLOW;
590 } 609 }
591 610
592 ifibss->state = IEEE80211_IBSS_MLME_SEARCH;
593 mod_timer(&ifibss->timer, 611 mod_timer(&ifibss->timer,
594 round_jiffies(jiffies + interval)); 612 round_jiffies(jiffies + interval));
595 } 613 }
@@ -615,7 +633,7 @@ static void ieee80211_rx_mgmt_probe_req(struct ieee80211_sub_if_data *sdata,
615#ifdef CONFIG_MAC80211_IBSS_DEBUG 633#ifdef CONFIG_MAC80211_IBSS_DEBUG
616 printk(KERN_DEBUG "%s: RX ProbeReq SA=%pM DA=%pM BSSID=%pM" 634 printk(KERN_DEBUG "%s: RX ProbeReq SA=%pM DA=%pM BSSID=%pM"
617 " (tx_last_beacon=%d)\n", 635 " (tx_last_beacon=%d)\n",
618 sdata->dev->name, mgmt->sa, mgmt->da, 636 sdata->name, mgmt->sa, mgmt->da,
619 mgmt->bssid, tx_last_beacon); 637 mgmt->bssid, tx_last_beacon);
620#endif /* CONFIG_MAC80211_IBSS_DEBUG */ 638#endif /* CONFIG_MAC80211_IBSS_DEBUG */
621 639
@@ -633,13 +651,13 @@ static void ieee80211_rx_mgmt_probe_req(struct ieee80211_sub_if_data *sdata,
633#ifdef CONFIG_MAC80211_IBSS_DEBUG 651#ifdef CONFIG_MAC80211_IBSS_DEBUG
634 printk(KERN_DEBUG "%s: Invalid SSID IE in ProbeReq " 652 printk(KERN_DEBUG "%s: Invalid SSID IE in ProbeReq "
635 "from %pM\n", 653 "from %pM\n",
636 sdata->dev->name, mgmt->sa); 654 sdata->name, mgmt->sa);
637#endif 655#endif
638 return; 656 return;
639 } 657 }
640 if (pos[1] != 0 && 658 if (pos[1] != 0 &&
641 (pos[1] != ifibss->ssid_len || 659 (pos[1] != ifibss->ssid_len ||
642 !memcmp(pos + 2, ifibss->ssid, ifibss->ssid_len))) { 660 memcmp(pos + 2, ifibss->ssid, ifibss->ssid_len))) {
643 /* Ignore ProbeReq for foreign SSID */ 661 /* Ignore ProbeReq for foreign SSID */
644 return; 662 return;
645 } 663 }
@@ -653,9 +671,10 @@ static void ieee80211_rx_mgmt_probe_req(struct ieee80211_sub_if_data *sdata,
653 memcpy(resp->da, mgmt->sa, ETH_ALEN); 671 memcpy(resp->da, mgmt->sa, ETH_ALEN);
654#ifdef CONFIG_MAC80211_IBSS_DEBUG 672#ifdef CONFIG_MAC80211_IBSS_DEBUG
655 printk(KERN_DEBUG "%s: Sending ProbeResp to %pM\n", 673 printk(KERN_DEBUG "%s: Sending ProbeResp to %pM\n",
656 sdata->dev->name, resp->da); 674 sdata->name, resp->da);
657#endif /* CONFIG_MAC80211_IBSS_DEBUG */ 675#endif /* CONFIG_MAC80211_IBSS_DEBUG */
658 ieee80211_tx_skb(sdata, skb, 0); 676 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
677 ieee80211_tx_skb(sdata, skb);
659} 678}
660 679
661static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata, 680static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata,
@@ -666,7 +685,7 @@ static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata,
666 size_t baselen; 685 size_t baselen;
667 struct ieee802_11_elems elems; 686 struct ieee802_11_elems elems;
668 687
669 if (memcmp(mgmt->da, sdata->dev->dev_addr, ETH_ALEN)) 688 if (memcmp(mgmt->da, sdata->vif.addr, ETH_ALEN))
670 return; /* ignore ProbeResp to foreign address */ 689 return; /* ignore ProbeResp to foreign address */
671 690
672 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt; 691 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt;
@@ -739,7 +758,7 @@ static void ieee80211_ibss_work(struct work_struct *work)
739 if (WARN_ON(local->suspended)) 758 if (WARN_ON(local->suspended))
740 return; 759 return;
741 760
742 if (!netif_running(sdata->dev)) 761 if (!ieee80211_sdata_running(sdata))
743 return; 762 return;
744 763
745 if (local->scanning) 764 if (local->scanning)
@@ -822,7 +841,7 @@ void ieee80211_ibss_notify_scan_completed(struct ieee80211_local *local)
822 841
823 mutex_lock(&local->iflist_mtx); 842 mutex_lock(&local->iflist_mtx);
824 list_for_each_entry(sdata, &local->interfaces, list) { 843 list_for_each_entry(sdata, &local->interfaces, list) {
825 if (!netif_running(sdata->dev)) 844 if (!ieee80211_sdata_running(sdata))
826 continue; 845 continue;
827 if (sdata->vif.type != NL80211_IFTYPE_ADHOC) 846 if (sdata->vif.type != NL80211_IFTYPE_ADHOC)
828 continue; 847 continue;
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index 10d316e455de..241533e1bc03 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -2,7 +2,7 @@
2 * Copyright 2002-2005, Instant802 Networks, Inc. 2 * Copyright 2002-2005, Instant802 Networks, Inc.
3 * Copyright 2005, Devicescape Software, Inc. 3 * Copyright 2005, Devicescape Software, Inc.
4 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 4 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
5 * Copyright 2007-2008 Johannes Berg <johannes@sipsolutions.net> 5 * Copyright 2007-2010 Johannes Berg <johannes@sipsolutions.net>
6 * 6 *
7 * This program is free software; you can redistribute it and/or modify 7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as 8 * it under the terms of the GNU General Public License version 2 as
@@ -23,6 +23,7 @@
23#include <linux/types.h> 23#include <linux/types.h>
24#include <linux/spinlock.h> 24#include <linux/spinlock.h>
25#include <linux/etherdevice.h> 25#include <linux/etherdevice.h>
26#include <net/ieee80211_radiotap.h>
26#include <net/cfg80211.h> 27#include <net/cfg80211.h>
27#include <net/mac80211.h> 28#include <net/mac80211.h>
28#include "key.h" 29#include "key.h"
@@ -57,6 +58,15 @@ struct ieee80211_local;
57 58
58#define TU_TO_EXP_TIME(x) (jiffies + usecs_to_jiffies((x) * 1024)) 59#define TU_TO_EXP_TIME(x) (jiffies + usecs_to_jiffies((x) * 1024))
59 60
61#define IEEE80211_DEFAULT_UAPSD_QUEUES \
62 (IEEE80211_WMM_IE_STA_QOSINFO_AC_BK | \
63 IEEE80211_WMM_IE_STA_QOSINFO_AC_BE | \
64 IEEE80211_WMM_IE_STA_QOSINFO_AC_VI | \
65 IEEE80211_WMM_IE_STA_QOSINFO_AC_VO)
66
67#define IEEE80211_DEFAULT_MAX_SP_LEN \
68 IEEE80211_WMM_IE_STA_QOSINFO_SP_ALL
69
60struct ieee80211_fragment_entry { 70struct ieee80211_fragment_entry {
61 unsigned long first_frag_time; 71 unsigned long first_frag_time;
62 unsigned int seq; 72 unsigned int seq;
@@ -70,9 +80,6 @@ struct ieee80211_fragment_entry {
70 80
71 81
72struct ieee80211_bss { 82struct ieee80211_bss {
73 /* Yes, this is a hack */
74 struct cfg80211_bss cbss;
75
76 /* don't want to look up all the time */ 83 /* don't want to look up all the time */
77 size_t ssid_len; 84 size_t ssid_len;
78 u8 ssid[IEEE80211_MAX_SSID_LEN]; 85 u8 ssid[IEEE80211_MAX_SSID_LEN];
@@ -80,6 +87,7 @@ struct ieee80211_bss {
80 u8 dtim_period; 87 u8 dtim_period;
81 88
82 bool wmm_used; 89 bool wmm_used;
90 bool uapsd_supported;
83 91
84 unsigned long last_probe_resp; 92 unsigned long last_probe_resp;
85 93
@@ -139,7 +147,6 @@ typedef unsigned __bitwise__ ieee80211_tx_result;
139 147
140struct ieee80211_tx_data { 148struct ieee80211_tx_data {
141 struct sk_buff *skb; 149 struct sk_buff *skb;
142 struct net_device *dev;
143 struct ieee80211_local *local; 150 struct ieee80211_local *local;
144 struct ieee80211_sub_if_data *sdata; 151 struct ieee80211_sub_if_data *sdata;
145 struct sta_info *sta; 152 struct sta_info *sta;
@@ -162,21 +169,17 @@ typedef unsigned __bitwise__ ieee80211_rx_result;
162/* frame is destined to interface currently processed (incl. multicast frames) */ 169/* frame is destined to interface currently processed (incl. multicast frames) */
163#define IEEE80211_RX_RA_MATCH BIT(1) 170#define IEEE80211_RX_RA_MATCH BIT(1)
164#define IEEE80211_RX_AMSDU BIT(2) 171#define IEEE80211_RX_AMSDU BIT(2)
165#define IEEE80211_RX_CMNTR_REPORTED BIT(3) 172#define IEEE80211_RX_FRAGMENTED BIT(3)
166#define IEEE80211_RX_FRAGMENTED BIT(4) 173/* only add flags here that do not change with subframes of an aMPDU */
167 174
168struct ieee80211_rx_data { 175struct ieee80211_rx_data {
169 struct sk_buff *skb; 176 struct sk_buff *skb;
170 struct net_device *dev;
171 struct ieee80211_local *local; 177 struct ieee80211_local *local;
172 struct ieee80211_sub_if_data *sdata; 178 struct ieee80211_sub_if_data *sdata;
173 struct sta_info *sta; 179 struct sta_info *sta;
174 struct ieee80211_key *key; 180 struct ieee80211_key *key;
175 struct ieee80211_rx_status *status;
176 struct ieee80211_rate *rate;
177 181
178 unsigned int flags; 182 unsigned int flags;
179 int sent_ps_buffered;
180 int queue; 183 int queue;
181 u32 tkip_iv32; 184 u32 tkip_iv32;
182 u16 tkip_iv16; 185 u16 tkip_iv16;
@@ -209,6 +212,9 @@ struct ieee80211_if_wds {
209 212
210struct ieee80211_if_vlan { 213struct ieee80211_if_vlan {
211 struct list_head list; 214 struct list_head list;
215
216 /* used for all tx if the VLAN is configured to 4-addr mode */
217 struct sta_info *sta;
212}; 218};
213 219
214struct mesh_stats { 220struct mesh_stats {
@@ -228,31 +234,77 @@ struct mesh_preq_queue {
228 u8 flags; 234 u8 flags;
229}; 235};
230 236
231enum ieee80211_mgd_state { 237enum ieee80211_work_type {
232 IEEE80211_MGD_STATE_IDLE, 238 IEEE80211_WORK_ABORT,
233 IEEE80211_MGD_STATE_PROBE, 239 IEEE80211_WORK_DIRECT_PROBE,
234 IEEE80211_MGD_STATE_AUTH, 240 IEEE80211_WORK_AUTH,
235 IEEE80211_MGD_STATE_ASSOC, 241 IEEE80211_WORK_ASSOC,
242 IEEE80211_WORK_REMAIN_ON_CHANNEL,
236}; 243};
237 244
238struct ieee80211_mgd_work { 245/**
246 * enum work_done_result - indicates what to do after work was done
247 *
248 * @WORK_DONE_DESTROY: This work item is no longer needed, destroy.
249 * @WORK_DONE_REQUEUE: This work item was reset to be reused, and
250 * should be requeued.
251 */
252enum work_done_result {
253 WORK_DONE_DESTROY,
254 WORK_DONE_REQUEUE,
255};
256
257struct ieee80211_work {
239 struct list_head list; 258 struct list_head list;
240 struct ieee80211_bss *bss; 259
241 int ie_len; 260 struct rcu_head rcu_head;
242 u8 prev_bssid[ETH_ALEN]; 261
243 u8 ssid[IEEE80211_MAX_SSID_LEN]; 262 struct ieee80211_sub_if_data *sdata;
244 u8 ssid_len; 263
264 enum work_done_result (*done)(struct ieee80211_work *wk,
265 struct sk_buff *skb);
266
267 struct ieee80211_channel *chan;
268 enum nl80211_channel_type chan_type;
269
245 unsigned long timeout; 270 unsigned long timeout;
246 enum ieee80211_mgd_state state; 271 enum ieee80211_work_type type;
247 u16 auth_alg, auth_transaction;
248 272
249 int tries; 273 u8 filter_ta[ETH_ALEN];
250 274
251 u8 key[WLAN_KEY_LEN_WEP104]; 275 bool started;
252 u8 key_len, key_idx; 276
277 union {
278 struct {
279 int tries;
280 u16 algorithm, transaction;
281 u8 ssid[IEEE80211_MAX_SSID_LEN];
282 u8 ssid_len;
283 u8 key[WLAN_KEY_LEN_WEP104];
284 u8 key_len, key_idx;
285 bool privacy;
286 } probe_auth;
287 struct {
288 struct cfg80211_bss *bss;
289 const u8 *supp_rates;
290 const u8 *ht_information_ie;
291 enum ieee80211_smps_mode smps;
292 int tries;
293 u16 capability;
294 u8 prev_bssid[ETH_ALEN];
295 u8 ssid[IEEE80211_MAX_SSID_LEN];
296 u8 ssid_len;
297 u8 supp_rates_len;
298 bool wmm_used, use_11n, uapsd_used;
299 } assoc;
300 struct {
301 u32 duration;
302 } remain;
303 };
253 304
305 int ie_len;
254 /* must be last */ 306 /* must be last */
255 u8 ie[0]; /* for auth or assoc frame, not probe */ 307 u8 ie[0];
256}; 308};
257 309
258/* flags used in struct ieee80211_if_managed.flags */ 310/* flags used in struct ieee80211_if_managed.flags */
@@ -260,15 +312,11 @@ enum ieee80211_sta_flags {
260 IEEE80211_STA_BEACON_POLL = BIT(0), 312 IEEE80211_STA_BEACON_POLL = BIT(0),
261 IEEE80211_STA_CONNECTION_POLL = BIT(1), 313 IEEE80211_STA_CONNECTION_POLL = BIT(1),
262 IEEE80211_STA_CONTROL_PORT = BIT(2), 314 IEEE80211_STA_CONTROL_PORT = BIT(2),
263 IEEE80211_STA_WMM_ENABLED = BIT(3),
264 IEEE80211_STA_DISABLE_11N = BIT(4), 315 IEEE80211_STA_DISABLE_11N = BIT(4),
265 IEEE80211_STA_CSA_RECEIVED = BIT(5), 316 IEEE80211_STA_CSA_RECEIVED = BIT(5),
266 IEEE80211_STA_MFP_ENABLED = BIT(6), 317 IEEE80211_STA_MFP_ENABLED = BIT(6),
267}; 318 IEEE80211_STA_UAPSD_ENABLED = BIT(7),
268 319 IEEE80211_STA_NULLFUNC_ACKED = BIT(8),
269/* flags for MLME request */
270enum ieee80211_sta_request {
271 IEEE80211_STA_REQ_SCAN,
272}; 320};
273 321
274struct ieee80211_if_managed { 322struct ieee80211_if_managed {
@@ -285,21 +333,18 @@ struct ieee80211_if_managed {
285 int probe_send_count; 333 int probe_send_count;
286 334
287 struct mutex mtx; 335 struct mutex mtx;
288 struct ieee80211_bss *associated; 336 struct cfg80211_bss *associated;
289 struct ieee80211_mgd_work *old_associate_work;
290 struct list_head work_list;
291 337
292 u8 bssid[ETH_ALEN]; 338 u8 bssid[ETH_ALEN];
293 339
294 u16 aid; 340 u16 aid;
295 u16 capab;
296 341
297 struct sk_buff_head skb_queue; 342 struct sk_buff_head skb_queue;
298 343
299 unsigned long timers_running; /* used for quiesce/restart */ 344 unsigned long timers_running; /* used for quiesce/restart */
300 bool powersave; /* powersave requested for this iface */ 345 bool powersave; /* powersave requested for this iface */
301 346 enum ieee80211_smps_mode req_smps, /* requested smps mode */
302 unsigned long request; 347 ap_smps; /* smps mode AP thinks we're in */
303 348
304 unsigned int flags; 349 unsigned int flags;
305 350
@@ -312,6 +357,8 @@ struct ieee80211_if_managed {
312 } mfp; /* management frame protection */ 357 } mfp; /* management frame protection */
313 358
314 int wmm_last_param_set; 359 int wmm_last_param_set;
360
361 u8 use_4addr;
315}; 362};
316 363
317enum ieee80211_ibss_request { 364enum ieee80211_ibss_request {
@@ -353,6 +400,7 @@ struct ieee80211_if_mesh {
353 struct work_struct work; 400 struct work_struct work;
354 struct timer_list housekeeping_timer; 401 struct timer_list housekeeping_timer;
355 struct timer_list mesh_path_timer; 402 struct timer_list mesh_path_timer;
403 struct timer_list mesh_path_root_timer;
356 struct sk_buff_head skb_queue; 404 struct sk_buff_head skb_queue;
357 405
358 unsigned long timers_running; 406 unsigned long timers_running;
@@ -362,23 +410,23 @@ struct ieee80211_if_mesh {
362 u8 mesh_id[IEEE80211_MAX_MESH_ID_LEN]; 410 u8 mesh_id[IEEE80211_MAX_MESH_ID_LEN];
363 size_t mesh_id_len; 411 size_t mesh_id_len;
364 /* Active Path Selection Protocol Identifier */ 412 /* Active Path Selection Protocol Identifier */
365 u8 mesh_pp_id[4]; 413 u8 mesh_pp_id;
366 /* Active Path Selection Metric Identifier */ 414 /* Active Path Selection Metric Identifier */
367 u8 mesh_pm_id[4]; 415 u8 mesh_pm_id;
368 /* Congestion Control Mode Identifier */ 416 /* Congestion Control Mode Identifier */
369 u8 mesh_cc_id[4]; 417 u8 mesh_cc_id;
370 /* Synchronization Protocol Identifier */ 418 /* Synchronization Protocol Identifier */
371 u8 mesh_sp_id[4]; 419 u8 mesh_sp_id;
372 /* Authentication Protocol Identifier */ 420 /* Authentication Protocol Identifier */
373 u8 mesh_auth_id[4]; 421 u8 mesh_auth_id;
374 /* Local mesh Destination Sequence Number */ 422 /* Local mesh Sequence Number */
375 u32 dsn; 423 u32 sn;
376 /* Last used PREQ ID */ 424 /* Last used PREQ ID */
377 u32 preq_id; 425 u32 preq_id;
378 atomic_t mpaths; 426 atomic_t mpaths;
379 /* Timestamp of last DSN update */ 427 /* Timestamp of last SN update */
380 unsigned long last_dsn_update; 428 unsigned long last_sn_update;
381 /* Timestamp of last DSN sent */ 429 /* Timestamp of last SN sent */
382 unsigned long last_preq; 430 unsigned long last_preq;
383 struct mesh_rmc *rmc; 431 struct mesh_rmc *rmc;
384 spinlock_t mesh_preq_queue_lock; 432 spinlock_t mesh_preq_queue_lock;
@@ -430,6 +478,8 @@ struct ieee80211_sub_if_data {
430 478
431 int drop_unencrypted; 479 int drop_unencrypted;
432 480
481 char name[IFNAMSIZ];
482
433 /* 483 /*
434 * keep track of whether the HT opmode (stored in 484 * keep track of whether the HT opmode (stored in
435 * vif.bss_info.ht_operation_mode) is valid. 485 * vif.bss_info.ht_operation_mode) is valid.
@@ -455,8 +505,8 @@ struct ieee80211_sub_if_data {
455 */ 505 */
456 struct ieee80211_if_ap *bss; 506 struct ieee80211_if_ap *bss;
457 507
458 int force_unicast_rateidx; /* forced TX rateidx for unicast frames */ 508 /* bitmap of allowed (non-MCS) rate indexes for rate control */
459 int max_ratectrl_rateidx; /* max TX rateidx for rate control */ 509 u32 rc_rateidx_mask[IEEE80211_NUM_BANDS];
460 510
461 union { 511 union {
462 struct ieee80211_if_ap ap; 512 struct ieee80211_if_ap ap;
@@ -471,74 +521,11 @@ struct ieee80211_sub_if_data {
471 } u; 521 } u;
472 522
473#ifdef CONFIG_MAC80211_DEBUGFS 523#ifdef CONFIG_MAC80211_DEBUGFS
474 struct dentry *debugfsdir;
475 union {
476 struct {
477 struct dentry *drop_unencrypted;
478 struct dentry *bssid;
479 struct dentry *aid;
480 struct dentry *capab;
481 struct dentry *force_unicast_rateidx;
482 struct dentry *max_ratectrl_rateidx;
483 } sta;
484 struct {
485 struct dentry *drop_unencrypted;
486 struct dentry *num_sta_ps;
487 struct dentry *dtim_count;
488 struct dentry *force_unicast_rateidx;
489 struct dentry *max_ratectrl_rateidx;
490 struct dentry *num_buffered_multicast;
491 } ap;
492 struct {
493 struct dentry *drop_unencrypted;
494 struct dentry *peer;
495 struct dentry *force_unicast_rateidx;
496 struct dentry *max_ratectrl_rateidx;
497 } wds;
498 struct {
499 struct dentry *drop_unencrypted;
500 struct dentry *force_unicast_rateidx;
501 struct dentry *max_ratectrl_rateidx;
502 } vlan;
503 struct {
504 struct dentry *mode;
505 } monitor;
506 } debugfs;
507 struct { 524 struct {
525 struct dentry *dir;
508 struct dentry *default_key; 526 struct dentry *default_key;
509 struct dentry *default_mgmt_key; 527 struct dentry *default_mgmt_key;
510 } common_debugfs; 528 } debugfs;
511
512#ifdef CONFIG_MAC80211_MESH
513 struct dentry *mesh_stats_dir;
514 struct {
515 struct dentry *fwded_mcast;
516 struct dentry *fwded_unicast;
517 struct dentry *fwded_frames;
518 struct dentry *dropped_frames_ttl;
519 struct dentry *dropped_frames_no_route;
520 struct dentry *estab_plinks;
521 struct timer_list mesh_path_timer;
522 } mesh_stats;
523
524 struct dentry *mesh_config_dir;
525 struct {
526 struct dentry *dot11MeshRetryTimeout;
527 struct dentry *dot11MeshConfirmTimeout;
528 struct dentry *dot11MeshHoldingTimeout;
529 struct dentry *dot11MeshMaxRetries;
530 struct dentry *dot11MeshTTL;
531 struct dentry *auto_open_plinks;
532 struct dentry *dot11MeshMaxPeerLinks;
533 struct dentry *dot11MeshHWMPactivePathTimeout;
534 struct dentry *dot11MeshHWMPpreqMinInterval;
535 struct dentry *dot11MeshHWMPnetDiameterTraversalTime;
536 struct dentry *dot11MeshHWMPmaxPREQretries;
537 struct dentry *path_refresh_time;
538 struct dentry *min_discovery_timeout;
539 } mesh_config;
540#endif
541
542#endif 529#endif
543 /* must be last, dynamically sized area in this! */ 530 /* must be last, dynamically sized area in this! */
544 struct ieee80211_vif vif; 531 struct ieee80211_vif vif;
@@ -625,6 +612,15 @@ struct ieee80211_local {
625 const struct ieee80211_ops *ops; 612 const struct ieee80211_ops *ops;
626 613
627 /* 614 /*
615 * work stuff, potentially off-channel (in the future)
616 */
617 struct mutex work_mtx;
618 struct list_head work_list;
619 struct timer_list work_timer;
620 struct work_struct work_work;
621 struct sk_buff_head work_skb_queue;
622
623 /*
628 * private workqueue to mac80211. mac80211 makes this accessible 624 * private workqueue to mac80211. mac80211 makes this accessible
629 * via ieee80211_queue_work() 625 * via ieee80211_queue_work()
630 */ 626 */
@@ -639,7 +635,6 @@ struct ieee80211_local {
639 /* number of interfaces with corresponding FIF_ flags */ 635 /* number of interfaces with corresponding FIF_ flags */
640 int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll; 636 int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll;
641 unsigned int filter_flags; /* FIF_* */ 637 unsigned int filter_flags; /* FIF_* */
642 struct iw_statistics wstats;
643 638
644 /* protects the aggregated multicast list and filter calls */ 639 /* protects the aggregated multicast list and filter calls */
645 spinlock_t filter_lock; 640 spinlock_t filter_lock;
@@ -647,6 +642,9 @@ struct ieee80211_local {
647 /* used for uploading changed mc list */ 642 /* used for uploading changed mc list */
648 struct work_struct reconfig_filter; 643 struct work_struct reconfig_filter;
649 644
645 /* used to reconfigure hardware SM PS */
646 struct work_struct recalc_smps;
647
650 /* aggregated multicast list */ 648 /* aggregated multicast list */
651 struct dev_addr_list *mc_list; 649 struct dev_addr_list *mc_list;
652 int mc_count; 650 int mc_count;
@@ -691,15 +689,18 @@ struct ieee80211_local {
691 689
692 /* Station data */ 690 /* Station data */
693 /* 691 /*
694 * The lock only protects the list, hash, timer and counter 692 * The mutex only protects the list and counter,
695 * against manipulation, reads are done in RCU. Additionally, 693 * reads are done in RCU.
696 * the lock protects each BSS's TIM bitmap. 694 * Additionally, the lock protects the hash table,
695 * the pending list and each BSS's TIM bitmap.
697 */ 696 */
697 struct mutex sta_mtx;
698 spinlock_t sta_lock; 698 spinlock_t sta_lock;
699 unsigned long num_sta; 699 unsigned long num_sta;
700 struct list_head sta_list; 700 struct list_head sta_list, sta_pending_list;
701 struct sta_info *sta_hash[STA_HASH_SIZE]; 701 struct sta_info *sta_hash[STA_HASH_SIZE];
702 struct timer_list sta_cleanup; 702 struct timer_list sta_cleanup;
703 struct work_struct sta_finish_work;
703 int sta_generation; 704 int sta_generation;
704 705
705 struct sk_buff_head pending[IEEE80211_MAX_QUEUES]; 706 struct sk_buff_head pending[IEEE80211_MAX_QUEUES];
@@ -738,10 +739,9 @@ struct ieee80211_local {
738 unsigned long scanning; 739 unsigned long scanning;
739 struct cfg80211_ssid scan_ssid; 740 struct cfg80211_ssid scan_ssid;
740 struct cfg80211_scan_request *int_scan_req; 741 struct cfg80211_scan_request *int_scan_req;
741 struct cfg80211_scan_request *scan_req; 742 struct cfg80211_scan_request *scan_req, *hw_scan_req;
742 struct ieee80211_channel *scan_channel; 743 struct ieee80211_channel *scan_channel;
743 const u8 *orig_ies; 744 enum ieee80211_band hw_scan_band;
744 int orig_ies_len;
745 int scan_channel_idx; 745 int scan_channel_idx;
746 int scan_ies_len; 746 int scan_ies_len;
747 747
@@ -751,6 +751,10 @@ struct ieee80211_local {
751 enum nl80211_channel_type oper_channel_type; 751 enum nl80211_channel_type oper_channel_type;
752 struct ieee80211_channel *oper_channel, *csa_channel; 752 struct ieee80211_channel *oper_channel, *csa_channel;
753 753
754 /* Temporary remain-on-channel for off-channel operations */
755 struct ieee80211_channel *tmp_channel;
756 enum nl80211_channel_type tmp_channel_type;
757
754 /* SNMP counters */ 758 /* SNMP counters */
755 /* dot11CountersTable */ 759 /* dot11CountersTable */
756 u32 dot11TransmittedFragmentCount; 760 u32 dot11TransmittedFragmentCount;
@@ -770,10 +774,6 @@ struct ieee80211_local {
770 assoc_led_name[32], radio_led_name[32]; 774 assoc_led_name[32], radio_led_name[32];
771#endif 775#endif
772 776
773#ifdef CONFIG_MAC80211_DEBUGFS
774 struct work_struct sta_debugfs_add;
775#endif
776
777#ifdef CONFIG_MAC80211_DEBUG_COUNTERS 777#ifdef CONFIG_MAC80211_DEBUG_COUNTERS
778 /* TX/RX handler statistics */ 778 /* TX/RX handler statistics */
779 unsigned int tx_handlers_drop; 779 unsigned int tx_handlers_drop;
@@ -807,7 +807,22 @@ struct ieee80211_local {
807 int wifi_wme_noack_test; 807 int wifi_wme_noack_test;
808 unsigned int wmm_acm; /* bit field of ACM bits (BIT(802.1D tag)) */ 808 unsigned int wmm_acm; /* bit field of ACM bits (BIT(802.1D tag)) */
809 809
810 /*
811 * Bitmask of enabled u-apsd queues,
812 * IEEE80211_WMM_IE_STA_QOSINFO_AC_BE & co. Needs a new association
813 * to take effect.
814 */
815 unsigned int uapsd_queues;
816
817 /*
818 * Maximum number of buffered frames AP can deliver during a
819 * service period, IEEE80211_WMM_IE_STA_QOSINFO_SP_ALL or similar.
820 * Needs a new association to take effect.
821 */
822 unsigned int uapsd_max_sp_len;
823
810 bool pspolling; 824 bool pspolling;
825 bool offchannel_ps_enabled;
811 /* 826 /*
812 * PS can only be enabled when we have exactly one managed 827 * PS can only be enabled when we have exactly one managed
813 * interface (and monitors) in PS, this then points there. 828 * interface (and monitors) in PS, this then points there.
@@ -821,58 +836,13 @@ struct ieee80211_local {
821 int user_power_level; /* in dBm */ 836 int user_power_level; /* in dBm */
822 int power_constr_level; /* in dBm */ 837 int power_constr_level; /* in dBm */
823 838
839 enum ieee80211_smps_mode smps_mode;
840
824 struct work_struct restart_work; 841 struct work_struct restart_work;
825 842
826#ifdef CONFIG_MAC80211_DEBUGFS 843#ifdef CONFIG_MAC80211_DEBUGFS
827 struct local_debugfsdentries { 844 struct local_debugfsdentries {
828 struct dentry *rcdir; 845 struct dentry *rcdir;
829 struct dentry *rcname;
830 struct dentry *frequency;
831 struct dentry *total_ps_buffered;
832 struct dentry *wep_iv;
833 struct dentry *tsf;
834 struct dentry *queues;
835 struct dentry *reset;
836 struct dentry *noack;
837 struct dentry *statistics;
838 struct local_debugfsdentries_statsdentries {
839 struct dentry *transmitted_fragment_count;
840 struct dentry *multicast_transmitted_frame_count;
841 struct dentry *failed_count;
842 struct dentry *retry_count;
843 struct dentry *multiple_retry_count;
844 struct dentry *frame_duplicate_count;
845 struct dentry *received_fragment_count;
846 struct dentry *multicast_received_frame_count;
847 struct dentry *transmitted_frame_count;
848 struct dentry *wep_undecryptable_count;
849 struct dentry *num_scans;
850#ifdef CONFIG_MAC80211_DEBUG_COUNTERS
851 struct dentry *tx_handlers_drop;
852 struct dentry *tx_handlers_queued;
853 struct dentry *tx_handlers_drop_unencrypted;
854 struct dentry *tx_handlers_drop_fragment;
855 struct dentry *tx_handlers_drop_wep;
856 struct dentry *tx_handlers_drop_not_assoc;
857 struct dentry *tx_handlers_drop_unauth_port;
858 struct dentry *rx_handlers_drop;
859 struct dentry *rx_handlers_queued;
860 struct dentry *rx_handlers_drop_nullfunc;
861 struct dentry *rx_handlers_drop_defrag;
862 struct dentry *rx_handlers_drop_short;
863 struct dentry *rx_handlers_drop_passive_scan;
864 struct dentry *tx_expand_skb_head;
865 struct dentry *tx_expand_skb_head_cloned;
866 struct dentry *rx_expand_skb_head;
867 struct dentry *rx_expand_skb_head2;
868 struct dentry *rx_handlers_fragments;
869 struct dentry *tx_status_drop;
870#endif
871 struct dentry *dot11ACKFailureCount;
872 struct dentry *dot11RTSFailureCount;
873 struct dentry *dot11FCSErrorCount;
874 struct dentry *dot11RTSSuccessCount;
875 } stats;
876 struct dentry *stations; 846 struct dentry *stations;
877 struct dentry *keys; 847 struct dentry *keys;
878 } debugfs; 848 } debugfs;
@@ -885,8 +855,9 @@ IEEE80211_DEV_TO_SUB_IF(struct net_device *dev)
885 return netdev_priv(dev); 855 return netdev_priv(dev);
886} 856}
887 857
888/* this struct represents 802.11n's RA/TID combination */ 858/* this struct represents 802.11n's RA/TID combination along with our vif */
889struct ieee80211_ra_tid { 859struct ieee80211_ra_tid {
860 struct ieee80211_vif *vif;
890 u8 ra[ETH_ALEN]; 861 u8 ra[ETH_ALEN];
891 u16 tid; 862 u16 tid;
892}; 863};
@@ -913,12 +884,13 @@ struct ieee802_11_elems {
913 u8 *wmm_param; 884 u8 *wmm_param;
914 struct ieee80211_ht_cap *ht_cap_elem; 885 struct ieee80211_ht_cap *ht_cap_elem;
915 struct ieee80211_ht_info *ht_info_elem; 886 struct ieee80211_ht_info *ht_info_elem;
916 u8 *mesh_config; 887 struct ieee80211_meshconf_ie *mesh_config;
917 u8 *mesh_id; 888 u8 *mesh_id;
918 u8 *peer_link; 889 u8 *peer_link;
919 u8 *preq; 890 u8 *preq;
920 u8 *prep; 891 u8 *prep;
921 u8 *perr; 892 u8 *perr;
893 struct ieee80211_rann_ie *rann;
922 u8 *ch_switch_elem; 894 u8 *ch_switch_elem;
923 u8 *country_elem; 895 u8 *country_elem;
924 u8 *pwr_constr_elem; 896 u8 *pwr_constr_elem;
@@ -940,7 +912,6 @@ struct ieee802_11_elems {
940 u8 ext_supp_rates_len; 912 u8 ext_supp_rates_len;
941 u8 wmm_info_len; 913 u8 wmm_info_len;
942 u8 wmm_param_len; 914 u8 wmm_param_len;
943 u8 mesh_config_len;
944 u8 mesh_id_len; 915 u8 mesh_id_len;
945 u8 peer_link_len; 916 u8 peer_link_len;
946 u8 preq_len; 917 u8 preq_len;
@@ -981,6 +952,8 @@ void ieee80211_bss_info_change_notify(struct ieee80211_sub_if_data *sdata,
981void ieee80211_configure_filter(struct ieee80211_local *local); 952void ieee80211_configure_filter(struct ieee80211_local *local);
982u32 ieee80211_reset_erp_info(struct ieee80211_sub_if_data *sdata); 953u32 ieee80211_reset_erp_info(struct ieee80211_sub_if_data *sdata);
983 954
955extern bool ieee80211_disable_40mhz_24ghz;
956
984/* STA code */ 957/* STA code */
985void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata); 958void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata);
986int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata, 959int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata,
@@ -993,6 +966,10 @@ int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
993int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata, 966int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata,
994 struct cfg80211_disassoc_request *req, 967 struct cfg80211_disassoc_request *req,
995 void *cookie); 968 void *cookie);
969int ieee80211_mgd_action(struct ieee80211_sub_if_data *sdata,
970 struct ieee80211_channel *chan,
971 enum nl80211_channel_type channel_type,
972 const u8 *buf, size_t len, u64 *cookie);
996ieee80211_rx_result ieee80211_sta_rx_mgmt(struct ieee80211_sub_if_data *sdata, 973ieee80211_rx_result ieee80211_sta_rx_mgmt(struct ieee80211_sub_if_data *sdata,
997 struct sk_buff *skb); 974 struct sk_buff *skb);
998void ieee80211_send_pspoll(struct ieee80211_local *local, 975void ieee80211_send_pspoll(struct ieee80211_local *local,
@@ -1012,7 +989,8 @@ void ieee80211_ibss_setup_sdata(struct ieee80211_sub_if_data *sdata);
1012ieee80211_rx_result 989ieee80211_rx_result
1013ieee80211_ibss_rx_mgmt(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb); 990ieee80211_ibss_rx_mgmt(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb);
1014struct sta_info *ieee80211_ibss_add_sta(struct ieee80211_sub_if_data *sdata, 991struct sta_info *ieee80211_ibss_add_sta(struct ieee80211_sub_if_data *sdata,
1015 u8 *bssid, u8 *addr, u32 supp_rates); 992 u8 *bssid, u8 *addr, u32 supp_rates,
993 gfp_t gfp);
1016int ieee80211_ibss_join(struct ieee80211_sub_if_data *sdata, 994int ieee80211_ibss_join(struct ieee80211_sub_if_data *sdata,
1017 struct cfg80211_ibss_params *params); 995 struct cfg80211_ibss_params *params);
1018int ieee80211_ibss_leave(struct ieee80211_sub_if_data *sdata); 996int ieee80211_ibss_leave(struct ieee80211_sub_if_data *sdata);
@@ -1044,7 +1022,15 @@ ieee80211_rx_bss_get(struct ieee80211_local *local, u8 *bssid, int freq,
1044void ieee80211_rx_bss_put(struct ieee80211_local *local, 1022void ieee80211_rx_bss_put(struct ieee80211_local *local,
1045 struct ieee80211_bss *bss); 1023 struct ieee80211_bss *bss);
1046 1024
1025/* off-channel helpers */
1026void ieee80211_offchannel_stop_beaconing(struct ieee80211_local *local);
1027void ieee80211_offchannel_stop_station(struct ieee80211_local *local);
1028void ieee80211_offchannel_return(struct ieee80211_local *local,
1029 bool enable_beaconing);
1030
1047/* interface handling */ 1031/* interface handling */
1032int ieee80211_iface_init(void);
1033void ieee80211_iface_exit(void);
1048int ieee80211_if_add(struct ieee80211_local *local, const char *name, 1034int ieee80211_if_add(struct ieee80211_local *local, const char *name,
1049 struct net_device **new_dev, enum nl80211_iftype type, 1035 struct net_device **new_dev, enum nl80211_iftype type,
1050 struct vif_params *params); 1036 struct vif_params *params);
@@ -1055,6 +1041,11 @@ void ieee80211_remove_interfaces(struct ieee80211_local *local);
1055u32 __ieee80211_recalc_idle(struct ieee80211_local *local); 1041u32 __ieee80211_recalc_idle(struct ieee80211_local *local);
1056void ieee80211_recalc_idle(struct ieee80211_local *local); 1042void ieee80211_recalc_idle(struct ieee80211_local *local);
1057 1043
1044static inline bool ieee80211_sdata_running(struct ieee80211_sub_if_data *sdata)
1045{
1046 return netif_running(sdata->dev);
1047}
1048
1058/* tx handling */ 1049/* tx handling */
1059void ieee80211_clear_tx_pending(struct ieee80211_local *local); 1050void ieee80211_clear_tx_pending(struct ieee80211_local *local);
1060void ieee80211_tx_pending(unsigned long data); 1051void ieee80211_tx_pending(unsigned long data);
@@ -1063,6 +1054,18 @@ netdev_tx_t ieee80211_monitor_start_xmit(struct sk_buff *skb,
1063netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb, 1054netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
1064 struct net_device *dev); 1055 struct net_device *dev);
1065 1056
1057/*
1058 * radiotap header for status frames
1059 */
1060struct ieee80211_tx_status_rtap_hdr {
1061 struct ieee80211_radiotap_header hdr;
1062 u8 rate;
1063 u8 padding_for_rate;
1064 __le16 tx_flags;
1065 u8 data_retries;
1066} __attribute__ ((packed));
1067
1068
1066/* HT */ 1069/* HT */
1067void ieee80211_ht_cap_ie_to_sta_ht_cap(struct ieee80211_supported_band *sband, 1070void ieee80211_ht_cap_ie_to_sta_ht_cap(struct ieee80211_supported_band *sband,
1068 struct ieee80211_ht_cap *ht_cap_ie, 1071 struct ieee80211_ht_cap *ht_cap_ie,
@@ -1071,6 +1074,9 @@ void ieee80211_send_bar(struct ieee80211_sub_if_data *sdata, u8 *ra, u16 tid, u1
1071void ieee80211_send_delba(struct ieee80211_sub_if_data *sdata, 1074void ieee80211_send_delba(struct ieee80211_sub_if_data *sdata,
1072 const u8 *da, u16 tid, 1075 const u8 *da, u16 tid,
1073 u16 initiator, u16 reason_code); 1076 u16 initiator, u16 reason_code);
1077int ieee80211_send_smps_action(struct ieee80211_sub_if_data *sdata,
1078 enum ieee80211_smps_mode smps, const u8 *da,
1079 const u8 *bssid);
1074 1080
1075void ieee80211_sta_stop_rx_ba_session(struct ieee80211_sub_if_data *sdata, u8 *da, 1081void ieee80211_sta_stop_rx_ba_session(struct ieee80211_sub_if_data *sdata, u8 *da,
1076 u16 tid, u16 initiator, u16 reason); 1082 u16 tid, u16 initiator, u16 reason);
@@ -1132,8 +1138,7 @@ void mac80211_ev_michael_mic_failure(struct ieee80211_sub_if_data *sdata, int ke
1132 struct ieee80211_hdr *hdr, const u8 *tsc, 1138 struct ieee80211_hdr *hdr, const u8 *tsc,
1133 gfp_t gfp); 1139 gfp_t gfp);
1134void ieee80211_set_wmm_default(struct ieee80211_sub_if_data *sdata); 1140void ieee80211_set_wmm_default(struct ieee80211_sub_if_data *sdata);
1135void ieee80211_tx_skb(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb, 1141void ieee80211_tx_skb(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb);
1136 int encrypt);
1137void ieee802_11_parse_elems(u8 *start, size_t len, 1142void ieee802_11_parse_elems(u8 *start, size_t len,
1138 struct ieee802_11_elems *elems); 1143 struct ieee802_11_elems *elems);
1139u32 ieee802_11_parse_elems_crc(u8 *start, size_t len, 1144u32 ieee802_11_parse_elems_crc(u8 *start, size_t len,
@@ -1170,7 +1175,8 @@ void ieee80211_send_auth(struct ieee80211_sub_if_data *sdata,
1170 u8 *extra, size_t extra_len, const u8 *bssid, 1175 u8 *extra, size_t extra_len, const u8 *bssid,
1171 const u8 *key, u8 key_len, u8 key_idx); 1176 const u8 *key, u8 key_len, u8 key_idx);
1172int ieee80211_build_preq_ies(struct ieee80211_local *local, u8 *buffer, 1177int ieee80211_build_preq_ies(struct ieee80211_local *local, u8 *buffer,
1173 const u8 *ie, size_t ie_len); 1178 const u8 *ie, size_t ie_len,
1179 enum ieee80211_band band);
1174void ieee80211_send_probe_req(struct ieee80211_sub_if_data *sdata, u8 *dst, 1180void ieee80211_send_probe_req(struct ieee80211_sub_if_data *sdata, u8 *dst,
1175 const u8 *ssid, size_t ssid_len, 1181 const u8 *ssid, size_t ssid_len,
1176 const u8 *ie, size_t ie_len); 1182 const u8 *ie, size_t ie_len);
@@ -1181,6 +1187,28 @@ void ieee80211_sta_def_wmm_params(struct ieee80211_sub_if_data *sdata,
1181u32 ieee80211_sta_get_rates(struct ieee80211_local *local, 1187u32 ieee80211_sta_get_rates(struct ieee80211_local *local,
1182 struct ieee802_11_elems *elems, 1188 struct ieee802_11_elems *elems,
1183 enum ieee80211_band band); 1189 enum ieee80211_band band);
1190int __ieee80211_request_smps(struct ieee80211_sub_if_data *sdata,
1191 enum ieee80211_smps_mode smps_mode);
1192void ieee80211_recalc_smps(struct ieee80211_local *local,
1193 struct ieee80211_sub_if_data *forsdata);
1194
1195size_t ieee80211_ie_split(const u8 *ies, size_t ielen,
1196 const u8 *ids, int n_ids, size_t offset);
1197size_t ieee80211_ie_split_vendor(const u8 *ies, size_t ielen, size_t offset);
1198
1199/* internal work items */
1200void ieee80211_work_init(struct ieee80211_local *local);
1201void ieee80211_add_work(struct ieee80211_work *wk);
1202void free_work(struct ieee80211_work *wk);
1203void ieee80211_work_purge(struct ieee80211_sub_if_data *sdata);
1204ieee80211_rx_result ieee80211_work_rx_mgmt(struct ieee80211_sub_if_data *sdata,
1205 struct sk_buff *skb);
1206int ieee80211_wk_remain_on_channel(struct ieee80211_sub_if_data *sdata,
1207 struct ieee80211_channel *chan,
1208 enum nl80211_channel_type channel_type,
1209 unsigned int duration, u64 *cookie);
1210int ieee80211_wk_cancel_remain_on_channel(
1211 struct ieee80211_sub_if_data *sdata, u64 cookie);
1184 1212
1185#ifdef CONFIG_MAC80211_NOINLINE 1213#ifdef CONFIG_MAC80211_NOINLINE
1186#define debug_noinline noinline 1214#define debug_noinline noinline
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
index b8295cbd7e8f..e08fa8eda1b3 100644
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
@@ -10,17 +10,20 @@
10 * it under the terms of the GNU General Public License version 2 as 10 * it under the terms of the GNU General Public License version 2 as
11 * published by the Free Software Foundation. 11 * published by the Free Software Foundation.
12 */ 12 */
13#include <linux/slab.h>
13#include <linux/kernel.h> 14#include <linux/kernel.h>
14#include <linux/if_arp.h> 15#include <linux/if_arp.h>
15#include <linux/netdevice.h> 16#include <linux/netdevice.h>
16#include <linux/rtnetlink.h> 17#include <linux/rtnetlink.h>
17#include <net/mac80211.h> 18#include <net/mac80211.h>
19#include <net/ieee80211_radiotap.h>
18#include "ieee80211_i.h" 20#include "ieee80211_i.h"
19#include "sta_info.h" 21#include "sta_info.h"
20#include "debugfs_netdev.h" 22#include "debugfs_netdev.h"
21#include "mesh.h" 23#include "mesh.h"
22#include "led.h" 24#include "led.h"
23#include "driver-ops.h" 25#include "driver-ops.h"
26#include "wme.h"
24 27
25/** 28/**
26 * DOC: Interface list locking 29 * DOC: Interface list locking
@@ -60,6 +63,23 @@ static int ieee80211_change_mtu(struct net_device *dev, int new_mtu)
60 return 0; 63 return 0;
61} 64}
62 65
66static int ieee80211_change_mac(struct net_device *dev, void *addr)
67{
68 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
69 struct sockaddr *sa = addr;
70 int ret;
71
72 if (ieee80211_sdata_running(sdata))
73 return -EBUSY;
74
75 ret = eth_mac_addr(dev, sa);
76
77 if (ret == 0)
78 memcpy(sdata->vif.addr, sa->sa_data, ETH_ALEN);
79
80 return ret;
81}
82
63static inline int identical_mac_addr_allowed(int type1, int type2) 83static inline int identical_mac_addr_allowed(int type1, int type2)
64{ 84{
65 return type1 == NL80211_IFTYPE_MONITOR || 85 return type1 == NL80211_IFTYPE_MONITOR ||
@@ -80,7 +100,6 @@ static int ieee80211_open(struct net_device *dev)
80 struct ieee80211_sub_if_data *nsdata; 100 struct ieee80211_sub_if_data *nsdata;
81 struct ieee80211_local *local = sdata->local; 101 struct ieee80211_local *local = sdata->local;
82 struct sta_info *sta; 102 struct sta_info *sta;
83 struct ieee80211_if_init_conf conf;
84 u32 changed = 0; 103 u32 changed = 0;
85 int res; 104 int res;
86 u32 hw_reconf_flags = 0; 105 u32 hw_reconf_flags = 0;
@@ -95,7 +114,7 @@ static int ieee80211_open(struct net_device *dev)
95 list_for_each_entry(nsdata, &local->interfaces, list) { 114 list_for_each_entry(nsdata, &local->interfaces, list) {
96 struct net_device *ndev = nsdata->dev; 115 struct net_device *ndev = nsdata->dev;
97 116
98 if (ndev != dev && netif_running(ndev)) { 117 if (ndev != dev && ieee80211_sdata_running(nsdata)) {
99 /* 118 /*
100 * Allow only a single IBSS interface to be up at any 119 * Allow only a single IBSS interface to be up at any
101 * time. This is restricted because beacon distribution 120 * time. This is restricted because beacon distribution
@@ -181,13 +200,15 @@ static int ieee80211_open(struct net_device *dev)
181 struct net_device *ndev = nsdata->dev; 200 struct net_device *ndev = nsdata->dev;
182 201
183 /* 202 /*
184 * No need to check netif_running since we do not allow 203 * No need to check running since we do not allow
185 * it to start up with this invalid address. 204 * it to start up with this invalid address.
186 */ 205 */
187 if (compare_ether_addr(null_addr, ndev->dev_addr) == 0) 206 if (compare_ether_addr(null_addr, ndev->dev_addr) == 0) {
188 memcpy(ndev->dev_addr, 207 memcpy(ndev->dev_addr,
189 local->hw.wiphy->perm_addr, 208 local->hw.wiphy->perm_addr,
190 ETH_ALEN); 209 ETH_ALEN);
210 memcpy(ndev->perm_addr, ndev->dev_addr, ETH_ALEN);
211 }
191 } 212 }
192 213
193 /* 214 /*
@@ -212,8 +233,8 @@ static int ieee80211_open(struct net_device *dev)
212 /* must be before the call to ieee80211_configure_filter */ 233 /* must be before the call to ieee80211_configure_filter */
213 local->monitors++; 234 local->monitors++;
214 if (local->monitors == 1) { 235 if (local->monitors == 1) {
215 local->hw.conf.flags |= IEEE80211_CONF_RADIOTAP; 236 local->hw.conf.flags |= IEEE80211_CONF_MONITOR;
216 hw_reconf_flags |= IEEE80211_CONF_CHANGE_RADIOTAP; 237 hw_reconf_flags |= IEEE80211_CONF_CHANGE_MONITOR;
217 } 238 }
218 239
219 if (sdata->u.mntr_flags & MONITOR_FLAG_FCSFAIL) 240 if (sdata->u.mntr_flags & MONITOR_FLAG_FCSFAIL)
@@ -230,10 +251,7 @@ static int ieee80211_open(struct net_device *dev)
230 ieee80211_configure_filter(local); 251 ieee80211_configure_filter(local);
231 break; 252 break;
232 default: 253 default:
233 conf.vif = &sdata->vif; 254 res = drv_add_interface(local, &sdata->vif);
234 conf.type = sdata->vif.type;
235 conf.mac_addr = dev->dev_addr;
236 res = drv_add_interface(local, &conf);
237 if (res) 255 if (res)
238 goto err_stop; 256 goto err_stop;
239 257
@@ -316,7 +334,7 @@ static int ieee80211_open(struct net_device *dev)
316 334
317 return 0; 335 return 0;
318 err_del_interface: 336 err_del_interface:
319 drv_remove_interface(local, &conf); 337 drv_remove_interface(local, &sdata->vif);
320 err_stop: 338 err_stop:
321 if (!local->open_count) 339 if (!local->open_count)
322 drv_stop(local); 340 drv_stop(local);
@@ -331,7 +349,6 @@ static int ieee80211_stop(struct net_device *dev)
331{ 349{
332 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 350 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
333 struct ieee80211_local *local = sdata->local; 351 struct ieee80211_local *local = sdata->local;
334 struct ieee80211_if_init_conf conf;
335 struct sta_info *sta; 352 struct sta_info *sta;
336 unsigned long flags; 353 unsigned long flags;
337 struct sk_buff *skb, *tmp; 354 struct sk_buff *skb, *tmp;
@@ -344,6 +361,11 @@ static int ieee80211_stop(struct net_device *dev)
344 netif_tx_stop_all_queues(dev); 361 netif_tx_stop_all_queues(dev);
345 362
346 /* 363 /*
364 * Purge work for this interface.
365 */
366 ieee80211_work_purge(sdata);
367
368 /*
347 * Now delete all active aggregation sessions. 369 * Now delete all active aggregation sessions.
348 */ 370 */
349 rcu_read_lock(); 371 rcu_read_lock();
@@ -433,8 +455,8 @@ static int ieee80211_stop(struct net_device *dev)
433 455
434 local->monitors--; 456 local->monitors--;
435 if (local->monitors == 0) { 457 if (local->monitors == 0) {
436 local->hw.conf.flags &= ~IEEE80211_CONF_RADIOTAP; 458 local->hw.conf.flags &= ~IEEE80211_CONF_MONITOR;
437 hw_reconf_flags |= IEEE80211_CONF_CHANGE_RADIOTAP; 459 hw_reconf_flags |= IEEE80211_CONF_CHANGE_MONITOR;
438 } 460 }
439 461
440 if (sdata->u.mntr_flags & MONITOR_FLAG_FCSFAIL) 462 if (sdata->u.mntr_flags & MONITOR_FLAG_FCSFAIL)
@@ -510,12 +532,9 @@ static int ieee80211_stop(struct net_device *dev)
510 BSS_CHANGED_BEACON_ENABLED); 532 BSS_CHANGED_BEACON_ENABLED);
511 } 533 }
512 534
513 conf.vif = &sdata->vif;
514 conf.type = sdata->vif.type;
515 conf.mac_addr = dev->dev_addr;
516 /* disable all keys for as long as this netdev is down */ 535 /* disable all keys for as long as this netdev is down */
517 ieee80211_disable_keys(sdata); 536 ieee80211_disable_keys(sdata);
518 drv_remove_interface(local, &conf); 537 drv_remove_interface(local, &sdata->vif);
519 } 538 }
520 539
521 sdata->bss = NULL; 540 sdata->bss = NULL;
@@ -642,6 +661,12 @@ static void ieee80211_teardown_sdata(struct net_device *dev)
642 WARN_ON(flushed); 661 WARN_ON(flushed);
643} 662}
644 663
664static u16 ieee80211_netdev_select_queue(struct net_device *dev,
665 struct sk_buff *skb)
666{
667 return ieee80211_select_queue(IEEE80211_DEV_TO_SUB_IF(dev), skb);
668}
669
645static const struct net_device_ops ieee80211_dataif_ops = { 670static const struct net_device_ops ieee80211_dataif_ops = {
646 .ndo_open = ieee80211_open, 671 .ndo_open = ieee80211_open,
647 .ndo_stop = ieee80211_stop, 672 .ndo_stop = ieee80211_stop,
@@ -649,9 +674,43 @@ static const struct net_device_ops ieee80211_dataif_ops = {
649 .ndo_start_xmit = ieee80211_subif_start_xmit, 674 .ndo_start_xmit = ieee80211_subif_start_xmit,
650 .ndo_set_multicast_list = ieee80211_set_multicast_list, 675 .ndo_set_multicast_list = ieee80211_set_multicast_list,
651 .ndo_change_mtu = ieee80211_change_mtu, 676 .ndo_change_mtu = ieee80211_change_mtu,
652 .ndo_set_mac_address = eth_mac_addr, 677 .ndo_set_mac_address = ieee80211_change_mac,
678 .ndo_select_queue = ieee80211_netdev_select_queue,
653}; 679};
654 680
681static u16 ieee80211_monitor_select_queue(struct net_device *dev,
682 struct sk_buff *skb)
683{
684 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
685 struct ieee80211_local *local = sdata->local;
686 struct ieee80211_hdr *hdr;
687 struct ieee80211_radiotap_header *rtap = (void *)skb->data;
688 u8 *p;
689
690 if (local->hw.queues < 4)
691 return 0;
692
693 if (skb->len < 4 ||
694 skb->len < le16_to_cpu(rtap->it_len) + 2 /* frame control */)
695 return 0; /* doesn't matter, frame will be dropped */
696
697 hdr = (void *)((u8 *)skb->data + le16_to_cpu(rtap->it_len));
698
699 if (!ieee80211_is_data(hdr->frame_control)) {
700 skb->priority = 7;
701 return ieee802_1d_to_ac[skb->priority];
702 }
703 if (!ieee80211_is_data_qos(hdr->frame_control)) {
704 skb->priority = 0;
705 return ieee802_1d_to_ac[skb->priority];
706 }
707
708 p = ieee80211_get_qos_ctl(hdr);
709 skb->priority = *p & IEEE80211_QOS_CTL_TAG1D_MASK;
710
711 return ieee80211_downgrade_queue(local, skb);
712}
713
655static const struct net_device_ops ieee80211_monitorif_ops = { 714static const struct net_device_ops ieee80211_monitorif_ops = {
656 .ndo_open = ieee80211_open, 715 .ndo_open = ieee80211_open,
657 .ndo_stop = ieee80211_stop, 716 .ndo_stop = ieee80211_stop,
@@ -660,6 +719,7 @@ static const struct net_device_ops ieee80211_monitorif_ops = {
660 .ndo_set_multicast_list = ieee80211_set_multicast_list, 719 .ndo_set_multicast_list = ieee80211_set_multicast_list,
661 .ndo_change_mtu = ieee80211_change_mtu, 720 .ndo_change_mtu = ieee80211_change_mtu,
662 .ndo_set_mac_address = eth_mac_addr, 721 .ndo_set_mac_address = eth_mac_addr,
722 .ndo_select_queue = ieee80211_monitor_select_queue,
663}; 723};
664 724
665static void ieee80211_if_setup(struct net_device *dev) 725static void ieee80211_if_setup(struct net_device *dev)
@@ -738,7 +798,7 @@ int ieee80211_if_change_type(struct ieee80211_sub_if_data *sdata,
738 * and goes into the requested mode. 798 * and goes into the requested mode.
739 */ 799 */
740 800
741 if (netif_running(sdata->dev)) 801 if (ieee80211_sdata_running(sdata))
742 return -EBUSY; 802 return -EBUSY;
743 803
744 /* Purge and reset type-dependent state. */ 804 /* Purge and reset type-dependent state. */
@@ -750,14 +810,12 @@ int ieee80211_if_change_type(struct ieee80211_sub_if_data *sdata,
750 ieee80211_mandatory_rates(sdata->local, 810 ieee80211_mandatory_rates(sdata->local,
751 sdata->local->hw.conf.channel->band); 811 sdata->local->hw.conf.channel->band);
752 sdata->drop_unencrypted = 0; 812 sdata->drop_unencrypted = 0;
813 if (type == NL80211_IFTYPE_STATION)
814 sdata->u.mgd.use_4addr = false;
753 815
754 return 0; 816 return 0;
755} 817}
756 818
757static struct device_type wiphy_type = {
758 .name = "wlan",
759};
760
761int ieee80211_if_add(struct ieee80211_local *local, const char *name, 819int ieee80211_if_add(struct ieee80211_local *local, const char *name,
762 struct net_device **new_dev, enum nl80211_iftype type, 820 struct net_device **new_dev, enum nl80211_iftype type,
763 struct vif_params *params) 821 struct vif_params *params)
@@ -768,8 +826,8 @@ int ieee80211_if_add(struct ieee80211_local *local, const char *name,
768 826
769 ASSERT_RTNL(); 827 ASSERT_RTNL();
770 828
771 ndev = alloc_netdev(sizeof(*sdata) + local->hw.vif_data_size, 829 ndev = alloc_netdev_mq(sizeof(*sdata) + local->hw.vif_data_size,
772 name, ieee80211_if_setup); 830 name, ieee80211_if_setup, local->hw.queues);
773 if (!ndev) 831 if (!ndev)
774 return -ENOMEM; 832 return -ENOMEM;
775 dev_net_set(ndev, wiphy_net(local->hw.wiphy)); 833 dev_net_set(ndev, wiphy_net(local->hw.wiphy));
@@ -788,12 +846,14 @@ int ieee80211_if_add(struct ieee80211_local *local, const char *name,
788 goto fail; 846 goto fail;
789 847
790 memcpy(ndev->dev_addr, local->hw.wiphy->perm_addr, ETH_ALEN); 848 memcpy(ndev->dev_addr, local->hw.wiphy->perm_addr, ETH_ALEN);
849 memcpy(ndev->perm_addr, ndev->dev_addr, ETH_ALEN);
791 SET_NETDEV_DEV(ndev, wiphy_dev(local->hw.wiphy)); 850 SET_NETDEV_DEV(ndev, wiphy_dev(local->hw.wiphy));
792 SET_NETDEV_DEVTYPE(ndev, &wiphy_type);
793 851
794 /* don't use IEEE80211_DEV_TO_SUB_IF because it checks too much */ 852 /* don't use IEEE80211_DEV_TO_SUB_IF because it checks too much */
795 sdata = netdev_priv(ndev); 853 sdata = netdev_priv(ndev);
796 ndev->ieee80211_ptr = &sdata->wdev; 854 ndev->ieee80211_ptr = &sdata->wdev;
855 memcpy(sdata->vif.addr, ndev->dev_addr, ETH_ALEN);
856 memcpy(sdata->name, ndev->name, IFNAMSIZ);
797 857
798 /* initialise type-independent data */ 858 /* initialise type-independent data */
799 sdata->wdev.wiphy = local->hw.wiphy; 859 sdata->wdev.wiphy = local->hw.wiphy;
@@ -805,12 +865,22 @@ int ieee80211_if_add(struct ieee80211_local *local, const char *name,
805 865
806 INIT_LIST_HEAD(&sdata->key_list); 866 INIT_LIST_HEAD(&sdata->key_list);
807 867
808 sdata->force_unicast_rateidx = -1; 868 for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
809 sdata->max_ratectrl_rateidx = -1; 869 struct ieee80211_supported_band *sband;
870 sband = local->hw.wiphy->bands[i];
871 sdata->rc_rateidx_mask[i] =
872 sband ? (1 << sband->n_bitrates) - 1 : 0;
873 }
810 874
811 /* setup type-dependent data */ 875 /* setup type-dependent data */
812 ieee80211_setup_sdata(sdata, type); 876 ieee80211_setup_sdata(sdata, type);
813 877
878 if (params) {
879 ndev->ieee80211_ptr->use_4addr = params->use_4addr;
880 if (type == NL80211_IFTYPE_STATION)
881 sdata->u.mgd.use_4addr = params->use_4addr;
882 }
883
814 ret = register_netdevice(ndev); 884 ret = register_netdevice(ndev);
815 if (ret) 885 if (ret)
816 goto fail; 886 goto fail;
@@ -854,22 +924,18 @@ void ieee80211_if_remove(struct ieee80211_sub_if_data *sdata)
854void ieee80211_remove_interfaces(struct ieee80211_local *local) 924void ieee80211_remove_interfaces(struct ieee80211_local *local)
855{ 925{
856 struct ieee80211_sub_if_data *sdata, *tmp; 926 struct ieee80211_sub_if_data *sdata, *tmp;
927 LIST_HEAD(unreg_list);
857 928
858 ASSERT_RTNL(); 929 ASSERT_RTNL();
859 930
931 mutex_lock(&local->iflist_mtx);
860 list_for_each_entry_safe(sdata, tmp, &local->interfaces, list) { 932 list_for_each_entry_safe(sdata, tmp, &local->interfaces, list) {
861 /*
862 * we cannot hold the iflist_mtx across unregister_netdevice,
863 * but we only need to hold it for list modifications to lock
864 * out readers since we're under the RTNL here as all other
865 * writers.
866 */
867 mutex_lock(&local->iflist_mtx);
868 list_del(&sdata->list); 933 list_del(&sdata->list);
869 mutex_unlock(&local->iflist_mtx);
870 934
871 unregister_netdevice(sdata->dev); 935 unregister_netdevice_queue(sdata->dev, &unreg_list);
872 } 936 }
937 mutex_unlock(&local->iflist_mtx);
938 unregister_netdevice_many(&unreg_list);
873} 939}
874 940
875static u32 ieee80211_idle_off(struct ieee80211_local *local, 941static u32 ieee80211_idle_off(struct ieee80211_local *local,
@@ -897,6 +963,8 @@ static u32 ieee80211_idle_on(struct ieee80211_local *local)
897 wiphy_name(local->hw.wiphy)); 963 wiphy_name(local->hw.wiphy));
898#endif 964#endif
899 965
966 drv_flush(local, false);
967
900 local->hw.conf.flags |= IEEE80211_CONF_IDLE; 968 local->hw.conf.flags |= IEEE80211_CONF_IDLE;
901 return IEEE80211_CONF_CHANGE_IDLE; 969 return IEEE80211_CONF_CHANGE_IDLE;
902} 970}
@@ -906,16 +974,18 @@ u32 __ieee80211_recalc_idle(struct ieee80211_local *local)
906 struct ieee80211_sub_if_data *sdata; 974 struct ieee80211_sub_if_data *sdata;
907 int count = 0; 975 int count = 0;
908 976
977 if (!list_empty(&local->work_list))
978 return ieee80211_idle_off(local, "working");
979
909 if (local->scanning) 980 if (local->scanning)
910 return ieee80211_idle_off(local, "scanning"); 981 return ieee80211_idle_off(local, "scanning");
911 982
912 list_for_each_entry(sdata, &local->interfaces, list) { 983 list_for_each_entry(sdata, &local->interfaces, list) {
913 if (!netif_running(sdata->dev)) 984 if (!ieee80211_sdata_running(sdata))
914 continue; 985 continue;
915 /* do not count disabled managed interfaces */ 986 /* do not count disabled managed interfaces */
916 if (sdata->vif.type == NL80211_IFTYPE_STATION && 987 if (sdata->vif.type == NL80211_IFTYPE_STATION &&
917 !sdata->u.mgd.associated && 988 !sdata->u.mgd.associated)
918 list_empty(&sdata->u.mgd.work_list))
919 continue; 989 continue;
920 /* do not count unused IBSS interfaces */ 990 /* do not count unused IBSS interfaces */
921 if (sdata->vif.type == NL80211_IFTYPE_ADHOC && 991 if (sdata->vif.type == NL80211_IFTYPE_ADHOC &&
@@ -943,3 +1013,41 @@ void ieee80211_recalc_idle(struct ieee80211_local *local)
943 if (chg) 1013 if (chg)
944 ieee80211_hw_config(local, chg); 1014 ieee80211_hw_config(local, chg);
945} 1015}
1016
1017static int netdev_notify(struct notifier_block *nb,
1018 unsigned long state,
1019 void *ndev)
1020{
1021 struct net_device *dev = ndev;
1022 struct ieee80211_sub_if_data *sdata;
1023
1024 if (state != NETDEV_CHANGENAME)
1025 return 0;
1026
1027 if (!dev->ieee80211_ptr || !dev->ieee80211_ptr->wiphy)
1028 return 0;
1029
1030 if (dev->ieee80211_ptr->wiphy->privid != mac80211_wiphy_privid)
1031 return 0;
1032
1033 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1034
1035 memcpy(sdata->name, dev->name, IFNAMSIZ);
1036
1037 ieee80211_debugfs_rename_netdev(sdata);
1038 return 0;
1039}
1040
1041static struct notifier_block mac80211_netdev_notifier = {
1042 .notifier_call = netdev_notify,
1043};
1044
1045int ieee80211_iface_init(void)
1046{
1047 return register_netdevice_notifier(&mac80211_netdev_notifier);
1048}
1049
1050void ieee80211_iface_exit(void)
1051{
1052 unregister_netdevice_notifier(&mac80211_netdev_notifier);
1053}
diff --git a/net/mac80211/key.c b/net/mac80211/key.c
index 659a42d529e3..e8f6e3b252d8 100644
--- a/net/mac80211/key.c
+++ b/net/mac80211/key.c
@@ -14,6 +14,7 @@
14#include <linux/list.h> 14#include <linux/list.h>
15#include <linux/rcupdate.h> 15#include <linux/rcupdate.h>
16#include <linux/rtnetlink.h> 16#include <linux/rtnetlink.h>
17#include <linux/slab.h>
17#include <net/mac80211.h> 18#include <net/mac80211.h>
18#include "ieee80211_i.h" 19#include "ieee80211_i.h"
19#include "driver-ops.h" 20#include "driver-ops.h"
@@ -139,7 +140,7 @@ static void ieee80211_key_enable_hw_accel(struct ieee80211_key *key)
139 struct ieee80211_sub_if_data, 140 struct ieee80211_sub_if_data,
140 u.ap); 141 u.ap);
141 142
142 ret = drv_set_key(key->local, SET_KEY, &sdata->vif, sta, &key->conf); 143 ret = drv_set_key(key->local, SET_KEY, sdata, sta, &key->conf);
143 144
144 if (!ret) { 145 if (!ret) {
145 spin_lock_bh(&todo_lock); 146 spin_lock_bh(&todo_lock);
@@ -181,7 +182,7 @@ static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key)
181 struct ieee80211_sub_if_data, 182 struct ieee80211_sub_if_data,
182 u.ap); 183 u.ap);
183 184
184 ret = drv_set_key(key->local, DISABLE_KEY, &sdata->vif, 185 ret = drv_set_key(key->local, DISABLE_KEY, sdata,
185 sta, &key->conf); 186 sta, &key->conf);
186 187
187 if (ret) 188 if (ret)
@@ -421,7 +422,7 @@ void ieee80211_key_link(struct ieee80211_key *key,
421 */ 422 */
422 423
423 /* same here, the AP could be using QoS */ 424 /* same here, the AP could be using QoS */
424 ap = sta_info_get(key->local, key->sdata->u.mgd.bssid); 425 ap = sta_info_get(key->sdata, key->sdata->u.mgd.bssid);
425 if (ap) { 426 if (ap) {
426 if (test_sta_flags(ap, WLAN_STA_WME)) 427 if (test_sta_flags(ap, WLAN_STA_WME))
427 key->conf.flags |= 428 key->conf.flags |=
@@ -443,7 +444,7 @@ void ieee80211_key_link(struct ieee80211_key *key,
443 add_todo(old_key, KEY_FLAG_TODO_DELETE); 444 add_todo(old_key, KEY_FLAG_TODO_DELETE);
444 445
445 add_todo(key, KEY_FLAG_TODO_ADD_DEBUGFS); 446 add_todo(key, KEY_FLAG_TODO_ADD_DEBUGFS);
446 if (netif_running(sdata->dev)) 447 if (ieee80211_sdata_running(sdata))
447 add_todo(key, KEY_FLAG_TODO_HWACCEL_ADD); 448 add_todo(key, KEY_FLAG_TODO_HWACCEL_ADD);
448 449
449 spin_unlock_irqrestore(&sdata->local->key_lock, flags); 450 spin_unlock_irqrestore(&sdata->local->key_lock, flags);
@@ -509,7 +510,7 @@ void ieee80211_enable_keys(struct ieee80211_sub_if_data *sdata)
509{ 510{
510 ASSERT_RTNL(); 511 ASSERT_RTNL();
511 512
512 if (WARN_ON(!netif_running(sdata->dev))) 513 if (WARN_ON(!ieee80211_sdata_running(sdata)))
513 return; 514 return;
514 515
515 ieee80211_todo_for_each_key(sdata, KEY_FLAG_TODO_HWACCEL_ADD); 516 ieee80211_todo_for_each_key(sdata, KEY_FLAG_TODO_HWACCEL_ADD);
diff --git a/net/mac80211/key.h b/net/mac80211/key.h
index 9572e00f532c..bdc2968c2bbe 100644
--- a/net/mac80211/key.h
+++ b/net/mac80211/key.h
@@ -59,11 +59,17 @@ enum ieee80211_internal_key_flags {
59 KEY_FLAG_TODO_DEFMGMTKEY = BIT(6), 59 KEY_FLAG_TODO_DEFMGMTKEY = BIT(6),
60}; 60};
61 61
62enum ieee80211_internal_tkip_state {
63 TKIP_STATE_NOT_INIT,
64 TKIP_STATE_PHASE1_DONE,
65 TKIP_STATE_PHASE1_HW_UPLOADED,
66};
67
62struct tkip_ctx { 68struct tkip_ctx {
63 u32 iv32; 69 u32 iv32;
64 u16 iv16; 70 u16 iv16;
65 u16 p1k[5]; 71 u16 p1k[5];
66 int initialized; 72 enum ieee80211_internal_tkip_state state;
67}; 73};
68 74
69struct ieee80211_key { 75struct ieee80211_key {
@@ -118,18 +124,6 @@ struct ieee80211_key {
118 struct { 124 struct {
119 struct dentry *stalink; 125 struct dentry *stalink;
120 struct dentry *dir; 126 struct dentry *dir;
121 struct dentry *keylen;
122 struct dentry *flags;
123 struct dentry *keyidx;
124 struct dentry *hw_key_idx;
125 struct dentry *tx_rx_count;
126 struct dentry *algorithm;
127 struct dentry *tx_spec;
128 struct dentry *rx_spec;
129 struct dentry *replays;
130 struct dentry *icverrors;
131 struct dentry *key;
132 struct dentry *ifindex;
133 int cnt; 127 int cnt;
134 } debugfs; 128 } debugfs;
135#endif 129#endif
diff --git a/net/mac80211/led.c b/net/mac80211/led.c
index 162a643f16b6..063aad944246 100644
--- a/net/mac80211/led.c
+++ b/net/mac80211/led.c
@@ -8,6 +8,7 @@
8 8
9/* just for IFNAMSIZ */ 9/* just for IFNAMSIZ */
10#include <linux/if.h> 10#include <linux/if.h>
11#include <linux/slab.h>
11#include "led.h" 12#include "led.h"
12 13
13void ieee80211_led_rx(struct ieee80211_local *local) 14void ieee80211_led_rx(struct ieee80211_local *local)
diff --git a/net/mac80211/main.c b/net/mac80211/main.c
index 797f53942e5f..b887e484ae04 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -9,7 +9,6 @@
9 */ 9 */
10 10
11#include <net/mac80211.h> 11#include <net/mac80211.h>
12#include <net/ieee80211_radiotap.h>
13#include <linux/module.h> 12#include <linux/module.h>
14#include <linux/init.h> 13#include <linux/init.h>
15#include <linux/netdevice.h> 14#include <linux/netdevice.h>
@@ -18,7 +17,6 @@
18#include <linux/skbuff.h> 17#include <linux/skbuff.h>
19#include <linux/etherdevice.h> 18#include <linux/etherdevice.h>
20#include <linux/if_arp.h> 19#include <linux/if_arp.h>
21#include <linux/wireless.h>
22#include <linux/rtnetlink.h> 20#include <linux/rtnetlink.h>
23#include <linux/bitmap.h> 21#include <linux/bitmap.h>
24#include <linux/pm_qos_params.h> 22#include <linux/pm_qos_params.h>
@@ -30,25 +28,15 @@
30#include "rate.h" 28#include "rate.h"
31#include "mesh.h" 29#include "mesh.h"
32#include "wep.h" 30#include "wep.h"
33#include "wme.h"
34#include "aes_ccm.h"
35#include "led.h" 31#include "led.h"
36#include "cfg.h" 32#include "cfg.h"
37#include "debugfs.h" 33#include "debugfs.h"
38#include "debugfs_netdev.h"
39 34
40/*
41 * For seeing transmitted packets on monitor interfaces
42 * we have a radiotap header too.
43 */
44struct ieee80211_tx_status_rtap_hdr {
45 struct ieee80211_radiotap_header hdr;
46 u8 rate;
47 u8 padding_for_rate;
48 __le16 tx_flags;
49 u8 data_retries;
50} __attribute__ ((packed));
51 35
36bool ieee80211_disable_40mhz_24ghz;
37module_param(ieee80211_disable_40mhz_24ghz, bool, 0644);
38MODULE_PARM_DESC(ieee80211_disable_40mhz_24ghz,
39 "Disable 40MHz support in the 2.4GHz band");
52 40
53void ieee80211_configure_filter(struct ieee80211_local *local) 41void ieee80211_configure_filter(struct ieee80211_local *local)
54{ 42{
@@ -118,6 +106,9 @@ int ieee80211_hw_config(struct ieee80211_local *local, u32 changed)
118 if (scan_chan) { 106 if (scan_chan) {
119 chan = scan_chan; 107 chan = scan_chan;
120 channel_type = NL80211_CHAN_NO_HT; 108 channel_type = NL80211_CHAN_NO_HT;
109 } else if (local->tmp_channel) {
110 chan = scan_chan = local->tmp_channel;
111 channel_type = local->tmp_channel_type;
121 } else { 112 } else {
122 chan = local->oper_channel; 113 chan = local->oper_channel;
123 channel_type = local->oper_channel_type; 114 channel_type = local->oper_channel_type;
@@ -130,6 +121,18 @@ int ieee80211_hw_config(struct ieee80211_local *local, u32 changed)
130 changed |= IEEE80211_CONF_CHANGE_CHANNEL; 121 changed |= IEEE80211_CONF_CHANGE_CHANNEL;
131 } 122 }
132 123
124 if (!conf_is_ht(&local->hw.conf)) {
125 /*
126 * mac80211.h documents that this is only valid
127 * when the channel is set to an HT type, and
128 * that otherwise STATIC is used.
129 */
130 local->hw.conf.smps_mode = IEEE80211_SMPS_STATIC;
131 } else if (local->hw.conf.smps_mode != local->smps_mode) {
132 local->hw.conf.smps_mode = local->smps_mode;
133 changed |= IEEE80211_CONF_CHANGE_SMPS;
134 }
135
133 if (scan_chan) 136 if (scan_chan)
134 power = chan->max_power; 137 power = chan->max_power;
135 else 138 else
@@ -189,7 +192,7 @@ void ieee80211_bss_info_change_notify(struct ieee80211_sub_if_data *sdata,
189 } else if (sdata->vif.type == NL80211_IFTYPE_ADHOC) 192 } else if (sdata->vif.type == NL80211_IFTYPE_ADHOC)
190 sdata->vif.bss_conf.bssid = sdata->u.ibss.bssid; 193 sdata->vif.bss_conf.bssid = sdata->u.ibss.bssid;
191 else if (sdata->vif.type == NL80211_IFTYPE_AP) 194 else if (sdata->vif.type == NL80211_IFTYPE_AP)
192 sdata->vif.bss_conf.bssid = sdata->dev->dev_addr; 195 sdata->vif.bss_conf.bssid = sdata->vif.addr;
193 else if (ieee80211_vif_is_mesh(&sdata->vif)) { 196 else if (ieee80211_vif_is_mesh(&sdata->vif)) {
194 sdata->vif.bss_conf.bssid = zero; 197 sdata->vif.bss_conf.bssid = zero;
195 } else { 198 } else {
@@ -211,7 +214,7 @@ void ieee80211_bss_info_change_notify(struct ieee80211_sub_if_data *sdata,
211 } 214 }
212 215
213 if (changed & BSS_CHANGED_BEACON_ENABLED) { 216 if (changed & BSS_CHANGED_BEACON_ENABLED) {
214 if (local->quiescing || !netif_running(sdata->dev) || 217 if (local->quiescing || !ieee80211_sdata_running(sdata) ||
215 test_bit(SCAN_SW_SCANNING, &local->scanning)) { 218 test_bit(SCAN_SW_SCANNING, &local->scanning)) {
216 sdata->vif.bss_conf.enable_beacon = false; 219 sdata->vif.bss_conf.enable_beacon = false;
217 } else { 220 } else {
@@ -222,11 +225,11 @@ void ieee80211_bss_info_change_notify(struct ieee80211_sub_if_data *sdata,
222 switch (sdata->vif.type) { 225 switch (sdata->vif.type) {
223 case NL80211_IFTYPE_AP: 226 case NL80211_IFTYPE_AP:
224 sdata->vif.bss_conf.enable_beacon = 227 sdata->vif.bss_conf.enable_beacon =
225 !!rcu_dereference(sdata->u.ap.beacon); 228 !!sdata->u.ap.beacon;
226 break; 229 break;
227 case NL80211_IFTYPE_ADHOC: 230 case NL80211_IFTYPE_ADHOC:
228 sdata->vif.bss_conf.enable_beacon = 231 sdata->vif.bss_conf.enable_beacon =
229 !!rcu_dereference(sdata->u.ibss.presp); 232 !!sdata->u.ibss.presp;
230 break; 233 break;
231 case NL80211_IFTYPE_MESH_POINT: 234 case NL80211_IFTYPE_MESH_POINT:
232 sdata->vif.bss_conf.enable_beacon = true; 235 sdata->vif.bss_conf.enable_beacon = true;
@@ -239,8 +242,7 @@ void ieee80211_bss_info_change_notify(struct ieee80211_sub_if_data *sdata,
239 } 242 }
240 } 243 }
241 244
242 drv_bss_info_changed(local, &sdata->vif, 245 drv_bss_info_changed(local, sdata, &sdata->vif.bss_conf, changed);
243 &sdata->vif.bss_conf, changed);
244} 246}
245 247
246u32 ieee80211_reset_erp_info(struct ieee80211_sub_if_data *sdata) 248u32 ieee80211_reset_erp_info(struct ieee80211_sub_if_data *sdata)
@@ -253,28 +255,6 @@ u32 ieee80211_reset_erp_info(struct ieee80211_sub_if_data *sdata)
253 BSS_CHANGED_ERP_SLOT; 255 BSS_CHANGED_ERP_SLOT;
254} 256}
255 257
256void ieee80211_tx_status_irqsafe(struct ieee80211_hw *hw,
257 struct sk_buff *skb)
258{
259 struct ieee80211_local *local = hw_to_local(hw);
260 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
261 int tmp;
262
263 skb->pkt_type = IEEE80211_TX_STATUS_MSG;
264 skb_queue_tail(info->flags & IEEE80211_TX_CTL_REQ_TX_STATUS ?
265 &local->skb_queue : &local->skb_queue_unreliable, skb);
266 tmp = skb_queue_len(&local->skb_queue) +
267 skb_queue_len(&local->skb_queue_unreliable);
268 while (tmp > IEEE80211_IRQSAFE_QUEUE_LIMIT &&
269 (skb = skb_dequeue(&local->skb_queue_unreliable))) {
270 dev_kfree_skb_irq(skb);
271 tmp--;
272 I802_DEBUG_INC(local->tx_status_drop);
273 }
274 tasklet_schedule(&local->tasklet);
275}
276EXPORT_SYMBOL(ieee80211_tx_status_irqsafe);
277
278static void ieee80211_tasklet_handler(unsigned long data) 258static void ieee80211_tasklet_handler(unsigned long data)
279{ 259{
280 struct ieee80211_local *local = (struct ieee80211_local *) data; 260 struct ieee80211_local *local = (struct ieee80211_local *) data;
@@ -296,14 +276,14 @@ static void ieee80211_tasklet_handler(unsigned long data)
296 break; 276 break;
297 case IEEE80211_DELBA_MSG: 277 case IEEE80211_DELBA_MSG:
298 ra_tid = (struct ieee80211_ra_tid *) &skb->cb; 278 ra_tid = (struct ieee80211_ra_tid *) &skb->cb;
299 ieee80211_stop_tx_ba_cb(local_to_hw(local), 279 ieee80211_stop_tx_ba_cb(ra_tid->vif, ra_tid->ra,
300 ra_tid->ra, ra_tid->tid); 280 ra_tid->tid);
301 dev_kfree_skb(skb); 281 dev_kfree_skb(skb);
302 break; 282 break;
303 case IEEE80211_ADDBA_MSG: 283 case IEEE80211_ADDBA_MSG:
304 ra_tid = (struct ieee80211_ra_tid *) &skb->cb; 284 ra_tid = (struct ieee80211_ra_tid *) &skb->cb;
305 ieee80211_start_tx_ba_cb(local_to_hw(local), 285 ieee80211_start_tx_ba_cb(ra_tid->vif, ra_tid->ra,
306 ra_tid->ra, ra_tid->tid); 286 ra_tid->tid);
307 dev_kfree_skb(skb); 287 dev_kfree_skb(skb);
308 break ; 288 break ;
309 default: 289 default:
@@ -315,299 +295,6 @@ static void ieee80211_tasklet_handler(unsigned long data)
315 } 295 }
316} 296}
317 297
318static void ieee80211_handle_filtered_frame(struct ieee80211_local *local,
319 struct sta_info *sta,
320 struct sk_buff *skb)
321{
322 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
323
324 /*
325 * XXX: This is temporary!
326 *
327 * The problem here is that when we get here, the driver will
328 * quite likely have pretty much overwritten info->control by
329 * using info->driver_data or info->rate_driver_data. Thus,
330 * when passing out the frame to the driver again, we would be
331 * passing completely bogus data since the driver would then
332 * expect a properly filled info->control. In mac80211 itself
333 * the same problem occurs, since we need info->control.vif
334 * internally.
335 *
336 * To fix this, we should send the frame through TX processing
337 * again. However, it's not that simple, since the frame will
338 * have been software-encrypted (if applicable) already, and
339 * encrypting it again doesn't do much good. So to properly do
340 * that, we not only have to skip the actual 'raw' encryption
341 * (key selection etc. still has to be done!) but also the
342 * sequence number assignment since that impacts the crypto
343 * encapsulation, of course.
344 *
345 * Hence, for now, fix the bug by just dropping the frame.
346 */
347 goto drop;
348
349 sta->tx_filtered_count++;
350
351 /*
352 * Clear the TX filter mask for this STA when sending the next
353 * packet. If the STA went to power save mode, this will happen
354 * when it wakes up for the next time.
355 */
356 set_sta_flags(sta, WLAN_STA_CLEAR_PS_FILT);
357
358 /*
359 * This code races in the following way:
360 *
361 * (1) STA sends frame indicating it will go to sleep and does so
362 * (2) hardware/firmware adds STA to filter list, passes frame up
363 * (3) hardware/firmware processes TX fifo and suppresses a frame
364 * (4) we get TX status before having processed the frame and
365 * knowing that the STA has gone to sleep.
366 *
367 * This is actually quite unlikely even when both those events are
368 * processed from interrupts coming in quickly after one another or
369 * even at the same time because we queue both TX status events and
370 * RX frames to be processed by a tasklet and process them in the
371 * same order that they were received or TX status last. Hence, there
372 * is no race as long as the frame RX is processed before the next TX
373 * status, which drivers can ensure, see below.
374 *
375 * Note that this can only happen if the hardware or firmware can
376 * actually add STAs to the filter list, if this is done by the
377 * driver in response to set_tim() (which will only reduce the race
378 * this whole filtering tries to solve, not completely solve it)
379 * this situation cannot happen.
380 *
381 * To completely solve this race drivers need to make sure that they
382 * (a) don't mix the irq-safe/not irq-safe TX status/RX processing
383 * functions and
384 * (b) always process RX events before TX status events if ordering
385 * can be unknown, for example with different interrupt status
386 * bits.
387 */
388 if (test_sta_flags(sta, WLAN_STA_PS) &&
389 skb_queue_len(&sta->tx_filtered) < STA_MAX_TX_BUFFER) {
390 skb_queue_tail(&sta->tx_filtered, skb);
391 return;
392 }
393
394 if (!test_sta_flags(sta, WLAN_STA_PS) &&
395 !(info->flags & IEEE80211_TX_INTFL_RETRIED)) {
396 /* Software retry the packet once */
397 info->flags |= IEEE80211_TX_INTFL_RETRIED;
398 ieee80211_add_pending_skb(local, skb);
399 return;
400 }
401
402 drop:
403#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
404 if (net_ratelimit())
405 printk(KERN_DEBUG "%s: dropped TX filtered frame, "
406 "queue_len=%d PS=%d @%lu\n",
407 wiphy_name(local->hw.wiphy),
408 skb_queue_len(&sta->tx_filtered),
409 !!test_sta_flags(sta, WLAN_STA_PS), jiffies);
410#endif
411 dev_kfree_skb(skb);
412}
413
414void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
415{
416 struct sk_buff *skb2;
417 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
418 struct ieee80211_local *local = hw_to_local(hw);
419 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
420 u16 frag, type;
421 __le16 fc;
422 struct ieee80211_supported_band *sband;
423 struct ieee80211_tx_status_rtap_hdr *rthdr;
424 struct ieee80211_sub_if_data *sdata;
425 struct net_device *prev_dev = NULL;
426 struct sta_info *sta;
427 int retry_count = -1, i;
428
429 for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) {
430 /* the HW cannot have attempted that rate */
431 if (i >= hw->max_rates) {
432 info->status.rates[i].idx = -1;
433 info->status.rates[i].count = 0;
434 }
435
436 retry_count += info->status.rates[i].count;
437 }
438 if (retry_count < 0)
439 retry_count = 0;
440
441 rcu_read_lock();
442
443 sband = local->hw.wiphy->bands[info->band];
444
445 sta = sta_info_get(local, hdr->addr1);
446
447 if (sta) {
448 if (!(info->flags & IEEE80211_TX_STAT_ACK) &&
449 test_sta_flags(sta, WLAN_STA_PS)) {
450 /*
451 * The STA is in power save mode, so assume
452 * that this TX packet failed because of that.
453 */
454 ieee80211_handle_filtered_frame(local, sta, skb);
455 rcu_read_unlock();
456 return;
457 }
458
459 fc = hdr->frame_control;
460
461 if ((info->flags & IEEE80211_TX_STAT_AMPDU_NO_BACK) &&
462 (ieee80211_is_data_qos(fc))) {
463 u16 tid, ssn;
464 u8 *qc;
465
466 qc = ieee80211_get_qos_ctl(hdr);
467 tid = qc[0] & 0xf;
468 ssn = ((le16_to_cpu(hdr->seq_ctrl) + 0x10)
469 & IEEE80211_SCTL_SEQ);
470 ieee80211_send_bar(sta->sdata, hdr->addr1,
471 tid, ssn);
472 }
473
474 if (info->flags & IEEE80211_TX_STAT_TX_FILTERED) {
475 ieee80211_handle_filtered_frame(local, sta, skb);
476 rcu_read_unlock();
477 return;
478 } else {
479 if (!(info->flags & IEEE80211_TX_STAT_ACK))
480 sta->tx_retry_failed++;
481 sta->tx_retry_count += retry_count;
482 }
483
484 rate_control_tx_status(local, sband, sta, skb);
485 if (ieee80211_vif_is_mesh(&sta->sdata->vif))
486 ieee80211s_update_metric(local, sta, skb);
487 }
488
489 rcu_read_unlock();
490
491 ieee80211_led_tx(local, 0);
492
493 /* SNMP counters
494 * Fragments are passed to low-level drivers as separate skbs, so these
495 * are actually fragments, not frames. Update frame counters only for
496 * the first fragment of the frame. */
497
498 frag = le16_to_cpu(hdr->seq_ctrl) & IEEE80211_SCTL_FRAG;
499 type = le16_to_cpu(hdr->frame_control) & IEEE80211_FCTL_FTYPE;
500
501 if (info->flags & IEEE80211_TX_STAT_ACK) {
502 if (frag == 0) {
503 local->dot11TransmittedFrameCount++;
504 if (is_multicast_ether_addr(hdr->addr1))
505 local->dot11MulticastTransmittedFrameCount++;
506 if (retry_count > 0)
507 local->dot11RetryCount++;
508 if (retry_count > 1)
509 local->dot11MultipleRetryCount++;
510 }
511
512 /* This counter shall be incremented for an acknowledged MPDU
513 * with an individual address in the address 1 field or an MPDU
514 * with a multicast address in the address 1 field of type Data
515 * or Management. */
516 if (!is_multicast_ether_addr(hdr->addr1) ||
517 type == IEEE80211_FTYPE_DATA ||
518 type == IEEE80211_FTYPE_MGMT)
519 local->dot11TransmittedFragmentCount++;
520 } else {
521 if (frag == 0)
522 local->dot11FailedCount++;
523 }
524
525 /* this was a transmitted frame, but now we want to reuse it */
526 skb_orphan(skb);
527
528 /*
529 * This is a bit racy but we can avoid a lot of work
530 * with this test...
531 */
532 if (!local->monitors && !local->cooked_mntrs) {
533 dev_kfree_skb(skb);
534 return;
535 }
536
537 /* send frame to monitor interfaces now */
538
539 if (skb_headroom(skb) < sizeof(*rthdr)) {
540 printk(KERN_ERR "ieee80211_tx_status: headroom too small\n");
541 dev_kfree_skb(skb);
542 return;
543 }
544
545 rthdr = (struct ieee80211_tx_status_rtap_hdr *)
546 skb_push(skb, sizeof(*rthdr));
547
548 memset(rthdr, 0, sizeof(*rthdr));
549 rthdr->hdr.it_len = cpu_to_le16(sizeof(*rthdr));
550 rthdr->hdr.it_present =
551 cpu_to_le32((1 << IEEE80211_RADIOTAP_TX_FLAGS) |
552 (1 << IEEE80211_RADIOTAP_DATA_RETRIES) |
553 (1 << IEEE80211_RADIOTAP_RATE));
554
555 if (!(info->flags & IEEE80211_TX_STAT_ACK) &&
556 !is_multicast_ether_addr(hdr->addr1))
557 rthdr->tx_flags |= cpu_to_le16(IEEE80211_RADIOTAP_F_TX_FAIL);
558
559 /*
560 * XXX: Once radiotap gets the bitmap reset thing the vendor
561 * extensions proposal contains, we can actually report
562 * the whole set of tries we did.
563 */
564 if ((info->status.rates[0].flags & IEEE80211_TX_RC_USE_RTS_CTS) ||
565 (info->status.rates[0].flags & IEEE80211_TX_RC_USE_CTS_PROTECT))
566 rthdr->tx_flags |= cpu_to_le16(IEEE80211_RADIOTAP_F_TX_CTS);
567 else if (info->status.rates[0].flags & IEEE80211_TX_RC_USE_RTS_CTS)
568 rthdr->tx_flags |= cpu_to_le16(IEEE80211_RADIOTAP_F_TX_RTS);
569 if (info->status.rates[0].idx >= 0 &&
570 !(info->status.rates[0].flags & IEEE80211_TX_RC_MCS))
571 rthdr->rate = sband->bitrates[
572 info->status.rates[0].idx].bitrate / 5;
573
574 /* for now report the total retry_count */
575 rthdr->data_retries = retry_count;
576
577 /* XXX: is this sufficient for BPF? */
578 skb_set_mac_header(skb, 0);
579 skb->ip_summed = CHECKSUM_UNNECESSARY;
580 skb->pkt_type = PACKET_OTHERHOST;
581 skb->protocol = htons(ETH_P_802_2);
582 memset(skb->cb, 0, sizeof(skb->cb));
583
584 rcu_read_lock();
585 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
586 if (sdata->vif.type == NL80211_IFTYPE_MONITOR) {
587 if (!netif_running(sdata->dev))
588 continue;
589
590 if (prev_dev) {
591 skb2 = skb_clone(skb, GFP_ATOMIC);
592 if (skb2) {
593 skb2->dev = prev_dev;
594 netif_rx(skb2);
595 }
596 }
597
598 prev_dev = sdata->dev;
599 }
600 }
601 if (prev_dev) {
602 skb->dev = prev_dev;
603 netif_rx(skb);
604 skb = NULL;
605 }
606 rcu_read_unlock();
607 dev_kfree_skb(skb);
608}
609EXPORT_SYMBOL(ieee80211_tx_status);
610
611static void ieee80211_restart_work(struct work_struct *work) 298static void ieee80211_restart_work(struct work_struct *work)
612{ 299{
613 struct ieee80211_local *local = 300 struct ieee80211_local *local =
@@ -630,6 +317,16 @@ void ieee80211_restart_hw(struct ieee80211_hw *hw)
630} 317}
631EXPORT_SYMBOL(ieee80211_restart_hw); 318EXPORT_SYMBOL(ieee80211_restart_hw);
632 319
320static void ieee80211_recalc_smps_work(struct work_struct *work)
321{
322 struct ieee80211_local *local =
323 container_of(work, struct ieee80211_local, recalc_smps);
324
325 mutex_lock(&local->iflist_mtx);
326 ieee80211_recalc_smps(local, NULL);
327 mutex_unlock(&local->iflist_mtx);
328}
329
633struct ieee80211_hw *ieee80211_alloc_hw(size_t priv_data_len, 330struct ieee80211_hw *ieee80211_alloc_hw(size_t priv_data_len,
634 const struct ieee80211_ops *ops) 331 const struct ieee80211_ops *ops)
635{ 332{
@@ -659,12 +356,12 @@ struct ieee80211_hw *ieee80211_alloc_hw(size_t priv_data_len,
659 if (!wiphy) 356 if (!wiphy)
660 return NULL; 357 return NULL;
661 358
662 wiphy->netnsok = true; 359 wiphy->flags |= WIPHY_FLAG_NETNS_OK |
360 WIPHY_FLAG_4ADDR_AP |
361 WIPHY_FLAG_4ADDR_STATION;
663 wiphy->privid = mac80211_wiphy_privid; 362 wiphy->privid = mac80211_wiphy_privid;
664 363
665 /* Yes, putting cfg80211_bss into ieee80211_bss is a hack */ 364 wiphy->bss_priv_size = sizeof(struct ieee80211_bss);
666 wiphy->bss_priv_size = sizeof(struct ieee80211_bss) -
667 sizeof(struct cfg80211_bss);
668 365
669 local = wiphy_priv(wiphy); 366 local = wiphy_priv(wiphy);
670 367
@@ -687,6 +384,8 @@ struct ieee80211_hw *ieee80211_alloc_hw(size_t priv_data_len,
687 local->hw.conf.long_frame_max_tx_count = wiphy->retry_long; 384 local->hw.conf.long_frame_max_tx_count = wiphy->retry_long;
688 local->hw.conf.short_frame_max_tx_count = wiphy->retry_short; 385 local->hw.conf.short_frame_max_tx_count = wiphy->retry_short;
689 local->user_power_level = -1; 386 local->user_power_level = -1;
387 local->uapsd_queues = IEEE80211_DEFAULT_UAPSD_QUEUES;
388 local->uapsd_max_sp_len = IEEE80211_DEFAULT_MAX_SP_LEN;
690 389
691 INIT_LIST_HEAD(&local->interfaces); 390 INIT_LIST_HEAD(&local->interfaces);
692 mutex_init(&local->iflist_mtx); 391 mutex_init(&local->iflist_mtx);
@@ -698,9 +397,13 @@ struct ieee80211_hw *ieee80211_alloc_hw(size_t priv_data_len,
698 397
699 INIT_DELAYED_WORK(&local->scan_work, ieee80211_scan_work); 398 INIT_DELAYED_WORK(&local->scan_work, ieee80211_scan_work);
700 399
400 ieee80211_work_init(local);
401
701 INIT_WORK(&local->restart_work, ieee80211_restart_work); 402 INIT_WORK(&local->restart_work, ieee80211_restart_work);
702 403
703 INIT_WORK(&local->reconfig_filter, ieee80211_reconfig_filter); 404 INIT_WORK(&local->reconfig_filter, ieee80211_reconfig_filter);
405 INIT_WORK(&local->recalc_smps, ieee80211_recalc_smps_work);
406 local->smps_mode = IEEE80211_SMPS_OFF;
704 407
705 INIT_WORK(&local->dynamic_ps_enable_work, 408 INIT_WORK(&local->dynamic_ps_enable_work,
706 ieee80211_dynamic_ps_enable_work); 409 ieee80211_dynamic_ps_enable_work);
@@ -790,6 +493,10 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
790 else if (local->hw.flags & IEEE80211_HW_SIGNAL_UNSPEC) 493 else if (local->hw.flags & IEEE80211_HW_SIGNAL_UNSPEC)
791 local->hw.wiphy->signal_type = CFG80211_SIGNAL_TYPE_UNSPEC; 494 local->hw.wiphy->signal_type = CFG80211_SIGNAL_TYPE_UNSPEC;
792 495
496 WARN((local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD)
497 && (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK),
498 "U-APSD not supported with HW_PS_NULLFUNC_STACK\n");
499
793 /* 500 /*
794 * Calculate scan IE length -- we need this to alloc 501 * Calculate scan IE length -- we need this to alloc
795 * memory and to subtract from the driver limit. It 502 * memory and to subtract from the driver limit. It
@@ -844,13 +551,19 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
844 * and we need some headroom for passing the frame to monitor 551 * and we need some headroom for passing the frame to monitor
845 * interfaces, but never both at the same time. 552 * interfaces, but never both at the same time.
846 */ 553 */
554 BUILD_BUG_ON(IEEE80211_TX_STATUS_HEADROOM !=
555 sizeof(struct ieee80211_tx_status_rtap_hdr));
847 local->tx_headroom = max_t(unsigned int , local->hw.extra_tx_headroom, 556 local->tx_headroom = max_t(unsigned int , local->hw.extra_tx_headroom,
848 sizeof(struct ieee80211_tx_status_rtap_hdr)); 557 sizeof(struct ieee80211_tx_status_rtap_hdr));
849 558
850 debugfs_hw_add(local); 559 debugfs_hw_add(local);
851 560
561 /*
562 * if the driver doesn't specify a max listen interval we
563 * use 5 which should be a safe default
564 */
852 if (local->hw.max_listen_interval == 0) 565 if (local->hw.max_listen_interval == 0)
853 local->hw.max_listen_interval = 1; 566 local->hw.max_listen_interval = 5;
854 567
855 local->hw.conf.listen_interval = local->hw.max_listen_interval; 568 local->hw.conf.listen_interval = local->hw.max_listen_interval;
856 569
@@ -901,6 +614,7 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
901 i++; 614 i++;
902 } 615 }
903 } 616 }
617 local->int_scan_req->n_channels = i;
904 618
905 local->network_latency_notifier.notifier_call = 619 local->network_latency_notifier.notifier_call =
906 ieee80211_max_network_latency; 620 ieee80211_max_network_latency;
@@ -923,7 +637,6 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
923 fail_wep: 637 fail_wep:
924 sta_info_stop(local); 638 sta_info_stop(local);
925 fail_sta_info: 639 fail_sta_info:
926 debugfs_hw_del(local);
927 destroy_workqueue(local->workqueue); 640 destroy_workqueue(local->workqueue);
928 fail_workqueue: 641 fail_workqueue:
929 wiphy_unregister(local->hw.wiphy); 642 wiphy_unregister(local->hw.wiphy);
@@ -959,10 +672,9 @@ void ieee80211_unregister_hw(struct ieee80211_hw *hw)
959 ieee80211_clear_tx_pending(local); 672 ieee80211_clear_tx_pending(local);
960 sta_info_stop(local); 673 sta_info_stop(local);
961 rate_control_deinitialize(local); 674 rate_control_deinitialize(local);
962 debugfs_hw_del(local);
963 675
964 if (skb_queue_len(&local->skb_queue) 676 if (skb_queue_len(&local->skb_queue) ||
965 || skb_queue_len(&local->skb_queue_unreliable)) 677 skb_queue_len(&local->skb_queue_unreliable))
966 printk(KERN_WARNING "%s: skb_queue not empty\n", 678 printk(KERN_WARNING "%s: skb_queue not empty\n",
967 wiphy_name(local->hw.wiphy)); 679 wiphy_name(local->hw.wiphy));
968 skb_queue_purge(&local->skb_queue); 680 skb_queue_purge(&local->skb_queue);
@@ -1002,11 +714,19 @@ static int __init ieee80211_init(void)
1002 714
1003 ret = rc80211_pid_init(); 715 ret = rc80211_pid_init();
1004 if (ret) 716 if (ret)
1005 return ret; 717 goto err_pid;
1006 718
1007 ieee80211_debugfs_netdev_init(); 719 ret = ieee80211_iface_init();
720 if (ret)
721 goto err_netdev;
1008 722
1009 return 0; 723 return 0;
724 err_netdev:
725 rc80211_pid_exit();
726 err_pid:
727 rc80211_minstrel_exit();
728
729 return ret;
1010} 730}
1011 731
1012static void __exit ieee80211_exit(void) 732static void __exit ieee80211_exit(void)
@@ -1023,7 +743,7 @@ static void __exit ieee80211_exit(void)
1023 if (mesh_allocated) 743 if (mesh_allocated)
1024 ieee80211s_stop(); 744 ieee80211s_stop();
1025 745
1026 ieee80211_debugfs_netdev_exit(); 746 ieee80211_iface_exit();
1027} 747}
1028 748
1029 749
diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c
index f7364e56f1ee..859ee5f3d941 100644
--- a/net/mac80211/mesh.c
+++ b/net/mac80211/mesh.c
@@ -1,5 +1,5 @@
1/* 1/*
2 * Copyright (c) 2008 open80211s Ltd. 2 * Copyright (c) 2008, 2009 open80211s Ltd.
3 * Authors: Luis Carlos Cobo <luisca@cozybit.com> 3 * Authors: Luis Carlos Cobo <luisca@cozybit.com>
4 * Javier Cardona <javier@cozybit.com> 4 * Javier Cardona <javier@cozybit.com>
5 * 5 *
@@ -8,24 +8,21 @@
8 * published by the Free Software Foundation. 8 * published by the Free Software Foundation.
9 */ 9 */
10 10
11#include <linux/slab.h>
11#include <asm/unaligned.h> 12#include <asm/unaligned.h>
12#include "ieee80211_i.h" 13#include "ieee80211_i.h"
13#include "mesh.h" 14#include "mesh.h"
14 15
15#define IEEE80211_MESH_PEER_INACTIVITY_LIMIT (1800 * HZ) 16#define IEEE80211_MESH_PEER_INACTIVITY_LIMIT (1800 * HZ)
16#define IEEE80211_MESH_HOUSEKEEPING_INTERVAL (60 * HZ) 17#define IEEE80211_MESH_HOUSEKEEPING_INTERVAL (60 * HZ)
18#define IEEE80211_MESH_RANN_INTERVAL (1 * HZ)
17 19
18#define PP_OFFSET 1 /* Path Selection Protocol */ 20#define MESHCONF_CAPAB_ACCEPT_PLINKS 0x01
19#define PM_OFFSET 5 /* Path Selection Metric */ 21#define MESHCONF_CAPAB_FORWARDING 0x08
20#define CC_OFFSET 9 /* Congestion Control Mode */
21#define SP_OFFSET 13 /* Synchronization Protocol */
22#define AUTH_OFFSET 17 /* Authentication Protocol */
23#define CAPAB_OFFSET 22
24#define CAPAB_ACCEPT_PLINKS 0x80
25#define CAPAB_FORWARDING 0x10
26 22
27#define TMR_RUNNING_HK 0 23#define TMR_RUNNING_HK 0
28#define TMR_RUNNING_MP 1 24#define TMR_RUNNING_MP 1
25#define TMR_RUNNING_MPR 2
29 26
30int mesh_allocated; 27int mesh_allocated;
31static struct kmem_cache *rm_cache; 28static struct kmem_cache *rm_cache;
@@ -50,7 +47,7 @@ static void ieee80211_mesh_housekeeping_timer(unsigned long data)
50 struct ieee80211_local *local = sdata->local; 47 struct ieee80211_local *local = sdata->local;
51 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; 48 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
52 49
53 ifmsh->wrkq_flags |= MESH_WORK_HOUSEKEEPING; 50 set_bit(MESH_WORK_HOUSEKEEPING, &ifmsh->wrkq_flags);
54 51
55 if (local->quiescing) { 52 if (local->quiescing) {
56 set_bit(TMR_RUNNING_HK, &ifmsh->timers_running); 53 set_bit(TMR_RUNNING_HK, &ifmsh->timers_running);
@@ -85,11 +82,11 @@ bool mesh_matches_local(struct ieee802_11_elems *ie, struct ieee80211_sub_if_dat
85 */ 82 */
86 if (ifmsh->mesh_id_len == ie->mesh_id_len && 83 if (ifmsh->mesh_id_len == ie->mesh_id_len &&
87 memcmp(ifmsh->mesh_id, ie->mesh_id, ie->mesh_id_len) == 0 && 84 memcmp(ifmsh->mesh_id, ie->mesh_id, ie->mesh_id_len) == 0 &&
88 memcmp(ifmsh->mesh_pp_id, ie->mesh_config + PP_OFFSET, 4) == 0 && 85 (ifmsh->mesh_pp_id == ie->mesh_config->meshconf_psel) &&
89 memcmp(ifmsh->mesh_pm_id, ie->mesh_config + PM_OFFSET, 4) == 0 && 86 (ifmsh->mesh_pm_id == ie->mesh_config->meshconf_pmetric) &&
90 memcmp(ifmsh->mesh_cc_id, ie->mesh_config + CC_OFFSET, 4) == 0 && 87 (ifmsh->mesh_cc_id == ie->mesh_config->meshconf_congest) &&
91 memcmp(ifmsh->mesh_sp_id, ie->mesh_config + SP_OFFSET, 4) == 0 && 88 (ifmsh->mesh_sp_id == ie->mesh_config->meshconf_synch) &&
92 memcmp(ifmsh->mesh_auth_id, ie->mesh_config + AUTH_OFFSET, 4) == 0) 89 (ifmsh->mesh_auth_id == ie->mesh_config->meshconf_auth))
93 return true; 90 return true;
94 91
95 return false; 92 return false;
@@ -102,7 +99,8 @@ bool mesh_matches_local(struct ieee802_11_elems *ie, struct ieee80211_sub_if_dat
102 */ 99 */
103bool mesh_peer_accepts_plinks(struct ieee802_11_elems *ie) 100bool mesh_peer_accepts_plinks(struct ieee802_11_elems *ie)
104{ 101{
105 return (*(ie->mesh_config + CAPAB_OFFSET) & CAPAB_ACCEPT_PLINKS) != 0; 102 return (ie->mesh_config->meshconf_cap &
103 MESHCONF_CAPAB_ACCEPT_PLINKS) != 0;
106} 104}
107 105
108/** 106/**
@@ -128,18 +126,11 @@ void mesh_accept_plinks_update(struct ieee80211_sub_if_data *sdata)
128 126
129void mesh_ids_set_default(struct ieee80211_if_mesh *sta) 127void mesh_ids_set_default(struct ieee80211_if_mesh *sta)
130{ 128{
131 u8 oui[3] = {0x00, 0x0F, 0xAC}; 129 sta->mesh_pp_id = 0; /* HWMP */
132 130 sta->mesh_pm_id = 0; /* Airtime */
133 memcpy(sta->mesh_pp_id, oui, sizeof(oui)); 131 sta->mesh_cc_id = 0; /* Disabled */
134 memcpy(sta->mesh_pm_id, oui, sizeof(oui)); 132 sta->mesh_sp_id = 0; /* Neighbor Offset */
135 memcpy(sta->mesh_cc_id, oui, sizeof(oui)); 133 sta->mesh_auth_id = 0; /* Disabled */
136 memcpy(sta->mesh_sp_id, oui, sizeof(oui));
137 memcpy(sta->mesh_auth_id, oui, sizeof(oui));
138 sta->mesh_pp_id[sizeof(oui)] = 0;
139 sta->mesh_pm_id[sizeof(oui)] = 0;
140 sta->mesh_cc_id[sizeof(oui)] = 0xff;
141 sta->mesh_sp_id[sizeof(oui)] = 0xff;
142 sta->mesh_auth_id[sizeof(oui)] = 0x0;
143} 134}
144 135
145int mesh_rmc_init(struct ieee80211_sub_if_data *sdata) 136int mesh_rmc_init(struct ieee80211_sub_if_data *sdata)
@@ -205,8 +196,8 @@ int mesh_rmc_check(u8 *sa, struct ieee80211s_hdr *mesh_hdr,
205 list_del(&p->list); 196 list_del(&p->list);
206 kmem_cache_free(rm_cache, p); 197 kmem_cache_free(rm_cache, p);
207 --entries; 198 --entries;
208 } else if ((seqnum == p->seqnum) 199 } else if ((seqnum == p->seqnum) &&
209 && (memcmp(sa, p->sa, ETH_ALEN) == 0)) 200 (memcmp(sa, p->sa, ETH_ALEN) == 0))
210 return -1; 201 return -1;
211 } 202 }
212 203
@@ -228,6 +219,7 @@ void mesh_mgmt_ies_add(struct sk_buff *skb, struct ieee80211_sub_if_data *sdata)
228 struct ieee80211_supported_band *sband; 219 struct ieee80211_supported_band *sband;
229 u8 *pos; 220 u8 *pos;
230 int len, i, rate; 221 int len, i, rate;
222 u8 neighbors;
231 223
232 sband = local->hw.wiphy->bands[local->hw.conf.channel->band]; 224 sband = local->hw.wiphy->bands[local->hw.conf.channel->band];
233 len = sband->n_bitrates; 225 len = sband->n_bitrates;
@@ -251,46 +243,49 @@ void mesh_mgmt_ies_add(struct sk_buff *skb, struct ieee80211_sub_if_data *sdata)
251 } 243 }
252 } 244 }
253 245
246 if (sband->band == IEEE80211_BAND_2GHZ) {
247 pos = skb_put(skb, 2 + 1);
248 *pos++ = WLAN_EID_DS_PARAMS;
249 *pos++ = 1;
250 *pos++ = ieee80211_frequency_to_channel(local->hw.conf.channel->center_freq);
251 }
252
254 pos = skb_put(skb, 2 + sdata->u.mesh.mesh_id_len); 253 pos = skb_put(skb, 2 + sdata->u.mesh.mesh_id_len);
255 *pos++ = WLAN_EID_MESH_ID; 254 *pos++ = WLAN_EID_MESH_ID;
256 *pos++ = sdata->u.mesh.mesh_id_len; 255 *pos++ = sdata->u.mesh.mesh_id_len;
257 if (sdata->u.mesh.mesh_id_len) 256 if (sdata->u.mesh.mesh_id_len)
258 memcpy(pos, sdata->u.mesh.mesh_id, sdata->u.mesh.mesh_id_len); 257 memcpy(pos, sdata->u.mesh.mesh_id, sdata->u.mesh.mesh_id_len);
259 258
260 pos = skb_put(skb, 2 + IEEE80211_MESH_CONFIG_LEN); 259 pos = skb_put(skb, 2 + sizeof(struct ieee80211_meshconf_ie));
261 *pos++ = WLAN_EID_MESH_CONFIG; 260 *pos++ = WLAN_EID_MESH_CONFIG;
262 *pos++ = IEEE80211_MESH_CONFIG_LEN; 261 *pos++ = sizeof(struct ieee80211_meshconf_ie);
263 /* Version */
264 *pos++ = 1;
265 262
266 /* Active path selection protocol ID */ 263 /* Active path selection protocol ID */
267 memcpy(pos, sdata->u.mesh.mesh_pp_id, 4); 264 *pos++ = sdata->u.mesh.mesh_pp_id;
268 pos += 4;
269 265
270 /* Active path selection metric ID */ 266 /* Active path selection metric ID */
271 memcpy(pos, sdata->u.mesh.mesh_pm_id, 4); 267 *pos++ = sdata->u.mesh.mesh_pm_id;
272 pos += 4;
273 268
274 /* Congestion control mode identifier */ 269 /* Congestion control mode identifier */
275 memcpy(pos, sdata->u.mesh.mesh_cc_id, 4); 270 *pos++ = sdata->u.mesh.mesh_cc_id;
276 pos += 4;
277 271
278 /* Synchronization protocol identifier */ 272 /* Synchronization protocol identifier */
279 memcpy(pos, sdata->u.mesh.mesh_sp_id, 4); 273 *pos++ = sdata->u.mesh.mesh_sp_id;
280 pos += 4;
281 274
282 /* Authentication Protocol identifier */ 275 /* Authentication Protocol identifier */
283 memcpy(pos, sdata->u.mesh.mesh_auth_id, 4); 276 *pos++ = sdata->u.mesh.mesh_auth_id;
284 pos += 4;
285 277
286 /* Mesh Formation Info */ 278 /* Mesh Formation Info - number of neighbors */
287 memset(pos, 0x00, 1); 279 neighbors = atomic_read(&sdata->u.mesh.mshstats.estab_plinks);
288 pos += 1; 280 /* Number of neighbor mesh STAs or 15 whichever is smaller */
281 neighbors = (neighbors > 15) ? 15 : neighbors;
282 *pos++ = neighbors << 1;
289 283
290 /* Mesh capability */ 284 /* Mesh capability */
291 sdata->u.mesh.accepting_plinks = mesh_plink_availables(sdata); 285 sdata->u.mesh.accepting_plinks = mesh_plink_availables(sdata);
292 *pos = CAPAB_FORWARDING; 286 *pos = MESHCONF_CAPAB_FORWARDING;
293 *pos++ |= sdata->u.mesh.accepting_plinks ? CAPAB_ACCEPT_PLINKS : 0x00; 287 *pos++ |= sdata->u.mesh.accepting_plinks ?
288 MESHCONF_CAPAB_ACCEPT_PLINKS : 0x00;
294 *pos++ = 0x00; 289 *pos++ = 0x00;
295 290
296 return; 291 return;
@@ -355,6 +350,34 @@ static void ieee80211_mesh_path_timer(unsigned long data)
355 ieee80211_queue_work(&local->hw, &ifmsh->work); 350 ieee80211_queue_work(&local->hw, &ifmsh->work);
356} 351}
357 352
353static void ieee80211_mesh_path_root_timer(unsigned long data)
354{
355 struct ieee80211_sub_if_data *sdata =
356 (struct ieee80211_sub_if_data *) data;
357 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
358 struct ieee80211_local *local = sdata->local;
359
360 set_bit(MESH_WORK_ROOT, &ifmsh->wrkq_flags);
361
362 if (local->quiescing) {
363 set_bit(TMR_RUNNING_MPR, &ifmsh->timers_running);
364 return;
365 }
366
367 ieee80211_queue_work(&local->hw, &ifmsh->work);
368}
369
370void ieee80211_mesh_root_setup(struct ieee80211_if_mesh *ifmsh)
371{
372 if (ifmsh->mshcfg.dot11MeshHWMPRootMode)
373 set_bit(MESH_WORK_ROOT, &ifmsh->wrkq_flags);
374 else {
375 clear_bit(MESH_WORK_ROOT, &ifmsh->wrkq_flags);
376 /* stop running timer */
377 del_timer_sync(&ifmsh->mesh_path_root_timer);
378 }
379}
380
358/** 381/**
359 * ieee80211_fill_mesh_addresses - fill addresses of a locally originated mesh frame 382 * ieee80211_fill_mesh_addresses - fill addresses of a locally originated mesh frame
360 * @hdr: 802.11 frame header 383 * @hdr: 802.11 frame header
@@ -365,8 +388,9 @@ static void ieee80211_mesh_path_timer(unsigned long data)
365 * 388 *
366 * Return the length of the 802.11 (does not include a mesh control header) 389 * Return the length of the 802.11 (does not include a mesh control header)
367 */ 390 */
368int ieee80211_fill_mesh_addresses(struct ieee80211_hdr *hdr, __le16 *fc, char 391int ieee80211_fill_mesh_addresses(struct ieee80211_hdr *hdr, __le16 *fc,
369 *meshda, char *meshsa) { 392 const u8 *meshda, const u8 *meshsa)
393{
370 if (is_multicast_ether_addr(meshda)) { 394 if (is_multicast_ether_addr(meshda)) {
371 *fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS); 395 *fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS);
372 /* DA TA SA */ 396 /* DA TA SA */
@@ -404,7 +428,7 @@ int ieee80211_new_mesh_header(struct ieee80211s_hdr *meshhdr,
404 char *addr5, char *addr6) 428 char *addr5, char *addr6)
405{ 429{
406 int aelen = 0; 430 int aelen = 0;
407 memset(meshhdr, 0, sizeof(meshhdr)); 431 memset(meshhdr, 0, sizeof(*meshhdr));
408 meshhdr->ttl = sdata->u.mesh.mshcfg.dot11MeshTTL; 432 meshhdr->ttl = sdata->u.mesh.mshcfg.dot11MeshTTL;
409 put_unaligned(cpu_to_le32(sdata->u.mesh.mesh_seqnum), &meshhdr->seqnum); 433 put_unaligned(cpu_to_le32(sdata->u.mesh.mesh_seqnum), &meshhdr->seqnum);
410 sdata->u.mesh.mesh_seqnum++; 434 sdata->u.mesh.mesh_seqnum++;
@@ -434,7 +458,7 @@ static void ieee80211_mesh_housekeeping(struct ieee80211_sub_if_data *sdata,
434 458
435#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 459#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
436 printk(KERN_DEBUG "%s: running mesh housekeeping\n", 460 printk(KERN_DEBUG "%s: running mesh housekeeping\n",
437 sdata->dev->name); 461 sdata->name);
438#endif 462#endif
439 463
440 ieee80211_sta_expire(sdata, IEEE80211_MESH_PEER_INACTIVITY_LIMIT); 464 ieee80211_sta_expire(sdata, IEEE80211_MESH_PEER_INACTIVITY_LIMIT);
@@ -448,6 +472,15 @@ static void ieee80211_mesh_housekeeping(struct ieee80211_sub_if_data *sdata,
448 round_jiffies(jiffies + IEEE80211_MESH_HOUSEKEEPING_INTERVAL)); 472 round_jiffies(jiffies + IEEE80211_MESH_HOUSEKEEPING_INTERVAL));
449} 473}
450 474
475static void ieee80211_mesh_rootpath(struct ieee80211_sub_if_data *sdata)
476{
477 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
478
479 mesh_path_tx_root_frame(sdata);
480 mod_timer(&ifmsh->mesh_path_root_timer,
481 round_jiffies(jiffies + IEEE80211_MESH_RANN_INTERVAL));
482}
483
451#ifdef CONFIG_PM 484#ifdef CONFIG_PM
452void ieee80211_mesh_quiesce(struct ieee80211_sub_if_data *sdata) 485void ieee80211_mesh_quiesce(struct ieee80211_sub_if_data *sdata)
453{ 486{
@@ -462,6 +495,8 @@ void ieee80211_mesh_quiesce(struct ieee80211_sub_if_data *sdata)
462 set_bit(TMR_RUNNING_HK, &ifmsh->timers_running); 495 set_bit(TMR_RUNNING_HK, &ifmsh->timers_running);
463 if (del_timer_sync(&ifmsh->mesh_path_timer)) 496 if (del_timer_sync(&ifmsh->mesh_path_timer))
464 set_bit(TMR_RUNNING_MP, &ifmsh->timers_running); 497 set_bit(TMR_RUNNING_MP, &ifmsh->timers_running);
498 if (del_timer_sync(&ifmsh->mesh_path_root_timer))
499 set_bit(TMR_RUNNING_MPR, &ifmsh->timers_running);
465} 500}
466 501
467void ieee80211_mesh_restart(struct ieee80211_sub_if_data *sdata) 502void ieee80211_mesh_restart(struct ieee80211_sub_if_data *sdata)
@@ -472,6 +507,9 @@ void ieee80211_mesh_restart(struct ieee80211_sub_if_data *sdata)
472 add_timer(&ifmsh->housekeeping_timer); 507 add_timer(&ifmsh->housekeeping_timer);
473 if (test_and_clear_bit(TMR_RUNNING_MP, &ifmsh->timers_running)) 508 if (test_and_clear_bit(TMR_RUNNING_MP, &ifmsh->timers_running))
474 add_timer(&ifmsh->mesh_path_timer); 509 add_timer(&ifmsh->mesh_path_timer);
510 if (test_and_clear_bit(TMR_RUNNING_MPR, &ifmsh->timers_running))
511 add_timer(&ifmsh->mesh_path_root_timer);
512 ieee80211_mesh_root_setup(ifmsh);
475} 513}
476#endif 514#endif
477 515
@@ -480,7 +518,8 @@ void ieee80211_start_mesh(struct ieee80211_sub_if_data *sdata)
480 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; 518 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
481 struct ieee80211_local *local = sdata->local; 519 struct ieee80211_local *local = sdata->local;
482 520
483 ifmsh->wrkq_flags |= MESH_WORK_HOUSEKEEPING; 521 set_bit(MESH_WORK_HOUSEKEEPING, &ifmsh->wrkq_flags);
522 ieee80211_mesh_root_setup(ifmsh);
484 ieee80211_queue_work(&local->hw, &ifmsh->work); 523 ieee80211_queue_work(&local->hw, &ifmsh->work);
485 sdata->vif.bss_conf.beacon_int = MESH_DEFAULT_BEACON_INTERVAL; 524 sdata->vif.bss_conf.beacon_int = MESH_DEFAULT_BEACON_INTERVAL;
486 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON | 525 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON |
@@ -491,6 +530,7 @@ void ieee80211_start_mesh(struct ieee80211_sub_if_data *sdata)
491void ieee80211_stop_mesh(struct ieee80211_sub_if_data *sdata) 530void ieee80211_stop_mesh(struct ieee80211_sub_if_data *sdata)
492{ 531{
493 del_timer_sync(&sdata->u.mesh.housekeeping_timer); 532 del_timer_sync(&sdata->u.mesh.housekeeping_timer);
533 del_timer_sync(&sdata->u.mesh.mesh_path_root_timer);
494 /* 534 /*
495 * If the timer fired while we waited for it, it will have 535 * If the timer fired while we waited for it, it will have
496 * requeued the work. Now the work will be running again 536 * requeued the work. Now the work will be running again
@@ -526,7 +566,7 @@ static void ieee80211_mesh_rx_bcn_presp(struct ieee80211_sub_if_data *sdata,
526 566
527 /* ignore ProbeResp to foreign address */ 567 /* ignore ProbeResp to foreign address */
528 if (stype == IEEE80211_STYPE_PROBE_RESP && 568 if (stype == IEEE80211_STYPE_PROBE_RESP &&
529 compare_ether_addr(mgmt->da, sdata->dev->dev_addr)) 569 compare_ether_addr(mgmt->da, sdata->vif.addr))
530 return; 570 return;
531 571
532 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt; 572 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt;
@@ -561,7 +601,7 @@ static void ieee80211_mesh_rx_mgmt_action(struct ieee80211_sub_if_data *sdata,
561 struct ieee80211_rx_status *rx_status) 601 struct ieee80211_rx_status *rx_status)
562{ 602{
563 switch (mgmt->u.action.category) { 603 switch (mgmt->u.action.category) {
564 case PLINK_CATEGORY: 604 case MESH_PLINK_CATEGORY:
565 mesh_rx_plink_frame(sdata, mgmt, len, rx_status); 605 mesh_rx_plink_frame(sdata, mgmt, len, rx_status);
566 break; 606 break;
567 case MESH_PATH_SEL_CATEGORY: 607 case MESH_PATH_SEL_CATEGORY:
@@ -606,7 +646,7 @@ static void ieee80211_mesh_work(struct work_struct *work)
606 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; 646 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
607 struct sk_buff *skb; 647 struct sk_buff *skb;
608 648
609 if (!netif_running(sdata->dev)) 649 if (!ieee80211_sdata_running(sdata))
610 return; 650 return;
611 651
612 if (local->scanning) 652 if (local->scanning)
@@ -628,6 +668,9 @@ static void ieee80211_mesh_work(struct work_struct *work)
628 668
629 if (test_and_clear_bit(MESH_WORK_HOUSEKEEPING, &ifmsh->wrkq_flags)) 669 if (test_and_clear_bit(MESH_WORK_HOUSEKEEPING, &ifmsh->wrkq_flags))
630 ieee80211_mesh_housekeeping(sdata, ifmsh); 670 ieee80211_mesh_housekeeping(sdata, ifmsh);
671
672 if (test_and_clear_bit(MESH_WORK_ROOT, &ifmsh->wrkq_flags))
673 ieee80211_mesh_rootpath(sdata);
631} 674}
632 675
633void ieee80211_mesh_notify_scan_completed(struct ieee80211_local *local) 676void ieee80211_mesh_notify_scan_completed(struct ieee80211_local *local)
@@ -673,7 +716,7 @@ void ieee80211_mesh_init_sdata(struct ieee80211_sub_if_data *sdata)
673 MESH_MIN_DISCOVERY_TIMEOUT; 716 MESH_MIN_DISCOVERY_TIMEOUT;
674 ifmsh->accepting_plinks = true; 717 ifmsh->accepting_plinks = true;
675 ifmsh->preq_id = 0; 718 ifmsh->preq_id = 0;
676 ifmsh->dsn = 0; 719 ifmsh->sn = 0;
677 atomic_set(&ifmsh->mpaths, 0); 720 atomic_set(&ifmsh->mpaths, 0);
678 mesh_rmc_init(sdata); 721 mesh_rmc_init(sdata);
679 ifmsh->last_preq = jiffies; 722 ifmsh->last_preq = jiffies;
@@ -684,6 +727,9 @@ void ieee80211_mesh_init_sdata(struct ieee80211_sub_if_data *sdata)
684 setup_timer(&ifmsh->mesh_path_timer, 727 setup_timer(&ifmsh->mesh_path_timer,
685 ieee80211_mesh_path_timer, 728 ieee80211_mesh_path_timer,
686 (unsigned long) sdata); 729 (unsigned long) sdata);
730 setup_timer(&ifmsh->mesh_path_root_timer,
731 ieee80211_mesh_path_root_timer,
732 (unsigned long) sdata);
687 INIT_LIST_HEAD(&ifmsh->preq_queue.list); 733 INIT_LIST_HEAD(&ifmsh->preq_queue.list);
688 spin_lock_init(&ifmsh->mesh_preq_queue_lock); 734 spin_lock_init(&ifmsh->mesh_preq_queue_lock);
689} 735}
@@ -704,9 +750,6 @@ ieee80211_mesh_rx_mgmt(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb)
704 750
705 switch (fc & IEEE80211_FCTL_STYPE) { 751 switch (fc & IEEE80211_FCTL_STYPE) {
706 case IEEE80211_STYPE_ACTION: 752 case IEEE80211_STYPE_ACTION:
707 if (skb->len < IEEE80211_MIN_ACTION_SIZE)
708 return RX_DROP_MONITOR;
709 /* fall through */
710 case IEEE80211_STYPE_PROBE_RESP: 753 case IEEE80211_STYPE_PROBE_RESP:
711 case IEEE80211_STYPE_BEACON: 754 case IEEE80211_STYPE_BEACON:
712 skb_queue_tail(&ifmsh->skb_queue, skb); 755 skb_queue_tail(&ifmsh->skb_queue, skb);
diff --git a/net/mac80211/mesh.h b/net/mac80211/mesh.h
index dd1c19319f0a..85562c59d7d6 100644
--- a/net/mac80211/mesh.h
+++ b/net/mac80211/mesh.h
@@ -1,5 +1,5 @@
1/* 1/*
2 * Copyright (c) 2008 open80211s Ltd. 2 * Copyright (c) 2008, 2009 open80211s Ltd.
3 * Authors: Luis Carlos Cobo <luisca@cozybit.com> 3 * Authors: Luis Carlos Cobo <luisca@cozybit.com>
4 * Javier Cardona <javier@cozybit.com> 4 * Javier Cardona <javier@cozybit.com>
5 * 5 *
@@ -26,7 +26,7 @@
26 * 26 *
27 * @MESH_PATH_ACTIVE: the mesh path can be used for forwarding 27 * @MESH_PATH_ACTIVE: the mesh path can be used for forwarding
28 * @MESH_PATH_RESOLVING: the discovery process is running for this mesh path 28 * @MESH_PATH_RESOLVING: the discovery process is running for this mesh path
29 * @MESH_PATH_DSN_VALID: the mesh path contains a valid destination sequence 29 * @MESH_PATH_SN_VALID: the mesh path contains a valid destination sequence
30 * number 30 * number
31 * @MESH_PATH_FIXED: the mesh path has been manually set and should not be 31 * @MESH_PATH_FIXED: the mesh path has been manually set and should not be
32 * modified 32 * modified
@@ -38,7 +38,7 @@
38enum mesh_path_flags { 38enum mesh_path_flags {
39 MESH_PATH_ACTIVE = BIT(0), 39 MESH_PATH_ACTIVE = BIT(0),
40 MESH_PATH_RESOLVING = BIT(1), 40 MESH_PATH_RESOLVING = BIT(1),
41 MESH_PATH_DSN_VALID = BIT(2), 41 MESH_PATH_SN_VALID = BIT(2),
42 MESH_PATH_FIXED = BIT(3), 42 MESH_PATH_FIXED = BIT(3),
43 MESH_PATH_RESOLVED = BIT(4), 43 MESH_PATH_RESOLVED = BIT(4),
44}; 44};
@@ -53,11 +53,13 @@ enum mesh_path_flags {
53 * to grow. 53 * to grow.
54 * @MESH_WORK_GROW_MPP_TABLE: the mesh portals table is full and needs to 54 * @MESH_WORK_GROW_MPP_TABLE: the mesh portals table is full and needs to
55 * grow 55 * grow
56 * @MESH_WORK_ROOT: the mesh root station needs to send a frame
56 */ 57 */
57enum mesh_deferred_task_flags { 58enum mesh_deferred_task_flags {
58 MESH_WORK_HOUSEKEEPING, 59 MESH_WORK_HOUSEKEEPING,
59 MESH_WORK_GROW_MPATH_TABLE, 60 MESH_WORK_GROW_MPATH_TABLE,
60 MESH_WORK_GROW_MPP_TABLE, 61 MESH_WORK_GROW_MPP_TABLE,
62 MESH_WORK_ROOT,
61}; 63};
62 64
63/** 65/**
@@ -70,7 +72,7 @@ enum mesh_deferred_task_flags {
70 * @timer: mesh path discovery timer 72 * @timer: mesh path discovery timer
71 * @frame_queue: pending queue for frames sent to this destination while the 73 * @frame_queue: pending queue for frames sent to this destination while the
72 * path is unresolved 74 * path is unresolved
73 * @dsn: destination sequence number of the destination 75 * @sn: target sequence number
74 * @metric: current metric to this destination 76 * @metric: current metric to this destination
75 * @hop_count: hops to destination 77 * @hop_count: hops to destination
76 * @exp_time: in jiffies, when the path will expire or when it expired 78 * @exp_time: in jiffies, when the path will expire or when it expired
@@ -94,7 +96,7 @@ struct mesh_path {
94 struct timer_list timer; 96 struct timer_list timer;
95 struct sk_buff_head frame_queue; 97 struct sk_buff_head frame_queue;
96 struct rcu_head rcu; 98 struct rcu_head rcu;
97 u32 dsn; 99 u32 sn;
98 u32 metric; 100 u32 metric;
99 u8 hop_count; 101 u8 hop_count;
100 unsigned long exp_time; 102 unsigned long exp_time;
@@ -174,7 +176,7 @@ struct mesh_rmc {
174#define MESH_CFG_CMP_LEN (IEEE80211_MESH_CONFIG_LEN - 2) 176#define MESH_CFG_CMP_LEN (IEEE80211_MESH_CONFIG_LEN - 2)
175 177
176/* Default values, timeouts in ms */ 178/* Default values, timeouts in ms */
177#define MESH_TTL 5 179#define MESH_TTL 31
178#define MESH_MAX_RETR 3 180#define MESH_MAX_RETR 3
179#define MESH_RET_T 100 181#define MESH_RET_T 100
180#define MESH_CONF_T 100 182#define MESH_CONF_T 100
@@ -186,8 +188,9 @@ struct mesh_rmc {
186 */ 188 */
187#define MESH_PREQ_MIN_INT 10 189#define MESH_PREQ_MIN_INT 10
188#define MESH_DIAM_TRAVERSAL_TIME 50 190#define MESH_DIAM_TRAVERSAL_TIME 50
189/* Paths will be refreshed if they are closer than PATH_REFRESH_TIME to their 191/* A path will be refreshed if it is used PATH_REFRESH_TIME milliseconds before
190 * expiration 192 * timing out. This way it will remain ACTIVE and no data frames will be
193 * unnecesarily held in the pending queue.
191 */ 194 */
192#define MESH_PATH_REFRESH_TIME 1000 195#define MESH_PATH_REFRESH_TIME 1000
193#define MESH_MIN_DISCOVERY_TIMEOUT (2 * MESH_DIAM_TRAVERSAL_TIME) 196#define MESH_MIN_DISCOVERY_TIMEOUT (2 * MESH_DIAM_TRAVERSAL_TIME)
@@ -206,13 +209,19 @@ struct mesh_rmc {
206#define MESH_MAX_MPATHS 1024 209#define MESH_MAX_MPATHS 1024
207 210
208/* Pending ANA approval */ 211/* Pending ANA approval */
209#define PLINK_CATEGORY 30 212#define MESH_PLINK_CATEGORY 30
210#define MESH_PATH_SEL_CATEGORY 32 213#define MESH_PATH_SEL_CATEGORY 32
214#define MESH_PATH_SEL_ACTION 0
215
216/* PERR reason codes */
217#define PEER_RCODE_UNSPECIFIED 11
218#define PERR_RCODE_NO_ROUTE 12
219#define PERR_RCODE_DEST_UNREACH 13
211 220
212/* Public interfaces */ 221/* Public interfaces */
213/* Various */ 222/* Various */
214int ieee80211_fill_mesh_addresses(struct ieee80211_hdr *hdr, __le16 *fc, 223int ieee80211_fill_mesh_addresses(struct ieee80211_hdr *hdr, __le16 *fc,
215 char *da, char *sa); 224 const u8 *da, const u8 *sa);
216int ieee80211_new_mesh_header(struct ieee80211s_hdr *meshhdr, 225int ieee80211_new_mesh_header(struct ieee80211s_hdr *meshhdr,
217 struct ieee80211_sub_if_data *sdata, char *addr4, 226 struct ieee80211_sub_if_data *sdata, char *addr4,
218 char *addr5, char *addr6); 227 char *addr5, char *addr6);
@@ -234,6 +243,7 @@ ieee80211_rx_result
234ieee80211_mesh_rx_mgmt(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb); 243ieee80211_mesh_rx_mgmt(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb);
235void ieee80211_start_mesh(struct ieee80211_sub_if_data *sdata); 244void ieee80211_start_mesh(struct ieee80211_sub_if_data *sdata);
236void ieee80211_stop_mesh(struct ieee80211_sub_if_data *sdata); 245void ieee80211_stop_mesh(struct ieee80211_sub_if_data *sdata);
246void ieee80211_mesh_root_setup(struct ieee80211_if_mesh *ifmsh);
237 247
238/* Mesh paths */ 248/* Mesh paths */
239int mesh_nexthop_lookup(struct sk_buff *skb, 249int mesh_nexthop_lookup(struct sk_buff *skb,
@@ -274,8 +284,8 @@ void mesh_mpp_table_grow(void);
274u32 mesh_table_hash(u8 *addr, struct ieee80211_sub_if_data *sdata, 284u32 mesh_table_hash(u8 *addr, struct ieee80211_sub_if_data *sdata,
275 struct mesh_table *tbl); 285 struct mesh_table *tbl);
276/* Mesh paths */ 286/* Mesh paths */
277int mesh_path_error_tx(u8 *dest, __le32 dest_dsn, u8 *ra, 287int mesh_path_error_tx(u8 ttl, u8 *target, __le32 target_sn, __le16 target_rcode,
278 struct ieee80211_sub_if_data *sdata); 288 const u8 *ra, struct ieee80211_sub_if_data *sdata);
279void mesh_path_assign_nexthop(struct mesh_path *mpath, struct sta_info *sta); 289void mesh_path_assign_nexthop(struct mesh_path *mpath, struct sta_info *sta);
280void mesh_path_flush_pending(struct mesh_path *mpath); 290void mesh_path_flush_pending(struct mesh_path *mpath);
281void mesh_path_tx_pending(struct mesh_path *mpath); 291void mesh_path_tx_pending(struct mesh_path *mpath);
@@ -288,6 +298,7 @@ void mesh_path_discard_frame(struct sk_buff *skb,
288 struct ieee80211_sub_if_data *sdata); 298 struct ieee80211_sub_if_data *sdata);
289void mesh_path_quiesce(struct ieee80211_sub_if_data *sdata); 299void mesh_path_quiesce(struct ieee80211_sub_if_data *sdata);
290void mesh_path_restart(struct ieee80211_sub_if_data *sdata); 300void mesh_path_restart(struct ieee80211_sub_if_data *sdata);
301void mesh_path_tx_root_frame(struct ieee80211_sub_if_data *sdata);
291 302
292extern int mesh_paths_generation; 303extern int mesh_paths_generation;
293 304
diff --git a/net/mac80211/mesh_hwmp.c b/net/mac80211/mesh_hwmp.c
index 29b82e98effa..fefc45c4b4e8 100644
--- a/net/mac80211/mesh_hwmp.c
+++ b/net/mac80211/mesh_hwmp.c
@@ -1,5 +1,5 @@
1/* 1/*
2 * Copyright (c) 2008 open80211s Ltd. 2 * Copyright (c) 2008, 2009 open80211s Ltd.
3 * Author: Luis Carlos Cobo <luisca@cozybit.com> 3 * Author: Luis Carlos Cobo <luisca@cozybit.com>
4 * 4 *
5 * This program is free software; you can redistribute it and/or modify 5 * This program is free software; you can redistribute it and/or modify
@@ -7,8 +7,15 @@
7 * published by the Free Software Foundation. 7 * published by the Free Software Foundation.
8 */ 8 */
9 9
10#include <linux/slab.h>
10#include "mesh.h" 11#include "mesh.h"
11 12
13#ifdef CONFIG_MAC80211_VERBOSE_MHWMP_DEBUG
14#define mhwmp_dbg(fmt, args...) printk(KERN_DEBUG "Mesh HWMP: " fmt, ##args)
15#else
16#define mhwmp_dbg(fmt, args...) do { (void)(0); } while (0)
17#endif
18
12#define TEST_FRAME_LEN 8192 19#define TEST_FRAME_LEN 8192
13#define MAX_METRIC 0xffffffff 20#define MAX_METRIC 0xffffffff
14#define ARITH_SHIFT 8 21#define ARITH_SHIFT 8
@@ -21,6 +28,12 @@
21#define MP_F_DO 0x1 28#define MP_F_DO 0x1
22/* Reply and forward */ 29/* Reply and forward */
23#define MP_F_RF 0x2 30#define MP_F_RF 0x2
31/* Unknown Sequence Number */
32#define MP_F_USN 0x01
33/* Reason code Present */
34#define MP_F_RCODE 0x02
35
36static void mesh_queue_preq(struct mesh_path *, u8);
24 37
25static inline u32 u32_field_get(u8 *preq_elem, int offset, bool ae) 38static inline u32 u32_field_get(u8 *preq_elem, int offset, bool ae)
26{ 39{
@@ -29,6 +42,13 @@ static inline u32 u32_field_get(u8 *preq_elem, int offset, bool ae)
29 return get_unaligned_le32(preq_elem + offset); 42 return get_unaligned_le32(preq_elem + offset);
30} 43}
31 44
45static inline u32 u16_field_get(u8 *preq_elem, int offset, bool ae)
46{
47 if (ae)
48 offset += 6;
49 return get_unaligned_le16(preq_elem + offset);
50}
51
32/* HWMP IE processing macros */ 52/* HWMP IE processing macros */
33#define AE_F (1<<6) 53#define AE_F (1<<6)
34#define AE_F_SET(x) (*x & AE_F) 54#define AE_F_SET(x) (*x & AE_F)
@@ -37,30 +57,33 @@ static inline u32 u32_field_get(u8 *preq_elem, int offset, bool ae)
37#define PREQ_IE_TTL(x) (*(x + 2)) 57#define PREQ_IE_TTL(x) (*(x + 2))
38#define PREQ_IE_PREQ_ID(x) u32_field_get(x, 3, 0) 58#define PREQ_IE_PREQ_ID(x) u32_field_get(x, 3, 0)
39#define PREQ_IE_ORIG_ADDR(x) (x + 7) 59#define PREQ_IE_ORIG_ADDR(x) (x + 7)
40#define PREQ_IE_ORIG_DSN(x) u32_field_get(x, 13, 0); 60#define PREQ_IE_ORIG_SN(x) u32_field_get(x, 13, 0);
41#define PREQ_IE_LIFETIME(x) u32_field_get(x, 17, AE_F_SET(x)); 61#define PREQ_IE_LIFETIME(x) u32_field_get(x, 17, AE_F_SET(x));
42#define PREQ_IE_METRIC(x) u32_field_get(x, 21, AE_F_SET(x)); 62#define PREQ_IE_METRIC(x) u32_field_get(x, 21, AE_F_SET(x));
43#define PREQ_IE_DST_F(x) (*(AE_F_SET(x) ? x + 32 : x + 26)) 63#define PREQ_IE_TARGET_F(x) (*(AE_F_SET(x) ? x + 32 : x + 26))
44#define PREQ_IE_DST_ADDR(x) (AE_F_SET(x) ? x + 33 : x + 27) 64#define PREQ_IE_TARGET_ADDR(x) (AE_F_SET(x) ? x + 33 : x + 27)
45#define PREQ_IE_DST_DSN(x) u32_field_get(x, 33, AE_F_SET(x)); 65#define PREQ_IE_TARGET_SN(x) u32_field_get(x, 33, AE_F_SET(x));
46 66
47 67
48#define PREP_IE_FLAGS(x) PREQ_IE_FLAGS(x) 68#define PREP_IE_FLAGS(x) PREQ_IE_FLAGS(x)
49#define PREP_IE_HOPCOUNT(x) PREQ_IE_HOPCOUNT(x) 69#define PREP_IE_HOPCOUNT(x) PREQ_IE_HOPCOUNT(x)
50#define PREP_IE_TTL(x) PREQ_IE_TTL(x) 70#define PREP_IE_TTL(x) PREQ_IE_TTL(x)
51#define PREP_IE_ORIG_ADDR(x) (x + 3) 71#define PREP_IE_ORIG_ADDR(x) (x + 3)
52#define PREP_IE_ORIG_DSN(x) u32_field_get(x, 9, 0); 72#define PREP_IE_ORIG_SN(x) u32_field_get(x, 9, 0);
53#define PREP_IE_LIFETIME(x) u32_field_get(x, 13, AE_F_SET(x)); 73#define PREP_IE_LIFETIME(x) u32_field_get(x, 13, AE_F_SET(x));
54#define PREP_IE_METRIC(x) u32_field_get(x, 17, AE_F_SET(x)); 74#define PREP_IE_METRIC(x) u32_field_get(x, 17, AE_F_SET(x));
55#define PREP_IE_DST_ADDR(x) (AE_F_SET(x) ? x + 27 : x + 21) 75#define PREP_IE_TARGET_ADDR(x) (AE_F_SET(x) ? x + 27 : x + 21)
56#define PREP_IE_DST_DSN(x) u32_field_get(x, 27, AE_F_SET(x)); 76#define PREP_IE_TARGET_SN(x) u32_field_get(x, 27, AE_F_SET(x));
57 77
58#define PERR_IE_DST_ADDR(x) (x + 2) 78#define PERR_IE_TTL(x) (*(x))
59#define PERR_IE_DST_DSN(x) u32_field_get(x, 8, 0); 79#define PERR_IE_TARGET_FLAGS(x) (*(x + 2))
80#define PERR_IE_TARGET_ADDR(x) (x + 3)
81#define PERR_IE_TARGET_SN(x) u32_field_get(x, 9, 0);
82#define PERR_IE_TARGET_RCODE(x) u16_field_get(x, 13, 0);
60 83
61#define MSEC_TO_TU(x) (x*1000/1024) 84#define MSEC_TO_TU(x) (x*1000/1024)
62#define DSN_GT(x, y) ((long) (y) - (long) (x) < 0) 85#define SN_GT(x, y) ((long) (y) - (long) (x) < 0)
63#define DSN_LT(x, y) ((long) (x) - (long) (y) < 0) 86#define SN_LT(x, y) ((long) (x) - (long) (y) < 0)
64 87
65#define net_traversal_jiffies(s) \ 88#define net_traversal_jiffies(s) \
66 msecs_to_jiffies(s->u.mesh.mshcfg.dot11MeshHWMPnetDiameterTraversalTime) 89 msecs_to_jiffies(s->u.mesh.mshcfg.dot11MeshHWMPnetDiameterTraversalTime)
@@ -75,13 +98,17 @@ static inline u32 u32_field_get(u8 *preq_elem, int offset, bool ae)
75enum mpath_frame_type { 98enum mpath_frame_type {
76 MPATH_PREQ = 0, 99 MPATH_PREQ = 0,
77 MPATH_PREP, 100 MPATH_PREP,
78 MPATH_PERR 101 MPATH_PERR,
102 MPATH_RANN
79}; 103};
80 104
105static const u8 broadcast_addr[ETH_ALEN] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
106
81static int mesh_path_sel_frame_tx(enum mpath_frame_type action, u8 flags, 107static int mesh_path_sel_frame_tx(enum mpath_frame_type action, u8 flags,
82 u8 *orig_addr, __le32 orig_dsn, u8 dst_flags, u8 *dst, 108 u8 *orig_addr, __le32 orig_sn, u8 target_flags, u8 *target,
83 __le32 dst_dsn, u8 *da, u8 hop_count, u8 ttl, __le32 lifetime, 109 __le32 target_sn, const u8 *da, u8 hop_count, u8 ttl,
84 __le32 metric, __le32 preq_id, struct ieee80211_sub_if_data *sdata) 110 __le32 lifetime, __le32 metric, __le32 preq_id,
111 struct ieee80211_sub_if_data *sdata)
85{ 112{
86 struct ieee80211_local *local = sdata->local; 113 struct ieee80211_local *local = sdata->local;
87 struct sk_buff *skb = dev_alloc_skb(local->hw.extra_tx_headroom + 400); 114 struct sk_buff *skb = dev_alloc_skb(local->hw.extra_tx_headroom + 400);
@@ -102,22 +129,31 @@ static int mesh_path_sel_frame_tx(enum mpath_frame_type action, u8 flags,
102 IEEE80211_STYPE_ACTION); 129 IEEE80211_STYPE_ACTION);
103 130
104 memcpy(mgmt->da, da, ETH_ALEN); 131 memcpy(mgmt->da, da, ETH_ALEN);
105 memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN); 132 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
106 /* BSSID is left zeroed, wildcard value */ 133 /* BSSID == SA */
134 memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN);
107 mgmt->u.action.category = MESH_PATH_SEL_CATEGORY; 135 mgmt->u.action.category = MESH_PATH_SEL_CATEGORY;
108 mgmt->u.action.u.mesh_action.action_code = action; 136 mgmt->u.action.u.mesh_action.action_code = MESH_PATH_SEL_ACTION;
109 137
110 switch (action) { 138 switch (action) {
111 case MPATH_PREQ: 139 case MPATH_PREQ:
140 mhwmp_dbg("sending PREQ to %pM\n", target);
112 ie_len = 37; 141 ie_len = 37;
113 pos = skb_put(skb, 2 + ie_len); 142 pos = skb_put(skb, 2 + ie_len);
114 *pos++ = WLAN_EID_PREQ; 143 *pos++ = WLAN_EID_PREQ;
115 break; 144 break;
116 case MPATH_PREP: 145 case MPATH_PREP:
146 mhwmp_dbg("sending PREP to %pM\n", target);
117 ie_len = 31; 147 ie_len = 31;
118 pos = skb_put(skb, 2 + ie_len); 148 pos = skb_put(skb, 2 + ie_len);
119 *pos++ = WLAN_EID_PREP; 149 *pos++ = WLAN_EID_PREP;
120 break; 150 break;
151 case MPATH_RANN:
152 mhwmp_dbg("sending RANN from %pM\n", orig_addr);
153 ie_len = sizeof(struct ieee80211_rann_ie);
154 pos = skb_put(skb, 2 + ie_len);
155 *pos++ = WLAN_EID_RANN;
156 break;
121 default: 157 default:
122 kfree_skb(skb); 158 kfree_skb(skb);
123 return -ENOTSUPP; 159 return -ENOTSUPP;
@@ -133,34 +169,40 @@ static int mesh_path_sel_frame_tx(enum mpath_frame_type action, u8 flags,
133 } 169 }
134 memcpy(pos, orig_addr, ETH_ALEN); 170 memcpy(pos, orig_addr, ETH_ALEN);
135 pos += ETH_ALEN; 171 pos += ETH_ALEN;
136 memcpy(pos, &orig_dsn, 4); 172 memcpy(pos, &orig_sn, 4);
137 pos += 4;
138 memcpy(pos, &lifetime, 4);
139 pos += 4; 173 pos += 4;
174 if (action != MPATH_RANN) {
175 memcpy(pos, &lifetime, 4);
176 pos += 4;
177 }
140 memcpy(pos, &metric, 4); 178 memcpy(pos, &metric, 4);
141 pos += 4; 179 pos += 4;
142 if (action == MPATH_PREQ) { 180 if (action == MPATH_PREQ) {
143 /* destination count */ 181 /* destination count */
144 *pos++ = 1; 182 *pos++ = 1;
145 *pos++ = dst_flags; 183 *pos++ = target_flags;
184 }
185 if (action != MPATH_RANN) {
186 memcpy(pos, target, ETH_ALEN);
187 pos += ETH_ALEN;
188 memcpy(pos, &target_sn, 4);
146 } 189 }
147 memcpy(pos, dst, ETH_ALEN);
148 pos += ETH_ALEN;
149 memcpy(pos, &dst_dsn, 4);
150 190
151 ieee80211_tx_skb(sdata, skb, 1); 191 ieee80211_tx_skb(sdata, skb);
152 return 0; 192 return 0;
153} 193}
154 194
155/** 195/**
156 * mesh_send_path error - Sends a PERR mesh management frame 196 * mesh_send_path error - Sends a PERR mesh management frame
157 * 197 *
158 * @dst: broken destination 198 * @target: broken destination
159 * @dst_dsn: dsn of the broken destination 199 * @target_sn: SN of the broken destination
200 * @target_rcode: reason code for this PERR
160 * @ra: node this frame is addressed to 201 * @ra: node this frame is addressed to
161 */ 202 */
162int mesh_path_error_tx(u8 *dst, __le32 dst_dsn, u8 *ra, 203int mesh_path_error_tx(u8 ttl, u8 *target, __le32 target_sn,
163 struct ieee80211_sub_if_data *sdata) 204 __le16 target_rcode, const u8 *ra,
205 struct ieee80211_sub_if_data *sdata)
164{ 206{
165 struct ieee80211_local *local = sdata->local; 207 struct ieee80211_local *local = sdata->local;
166 struct sk_buff *skb = dev_alloc_skb(local->hw.extra_tx_headroom + 400); 208 struct sk_buff *skb = dev_alloc_skb(local->hw.extra_tx_headroom + 400);
@@ -181,23 +223,35 @@ int mesh_path_error_tx(u8 *dst, __le32 dst_dsn, u8 *ra,
181 IEEE80211_STYPE_ACTION); 223 IEEE80211_STYPE_ACTION);
182 224
183 memcpy(mgmt->da, ra, ETH_ALEN); 225 memcpy(mgmt->da, ra, ETH_ALEN);
184 memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN); 226 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
185 /* BSSID is left zeroed, wildcard value */ 227 /* BSSID is left zeroed, wildcard value */
186 mgmt->u.action.category = MESH_PATH_SEL_CATEGORY; 228 mgmt->u.action.category = MESH_PATH_SEL_CATEGORY;
187 mgmt->u.action.u.mesh_action.action_code = MPATH_PERR; 229 mgmt->u.action.u.mesh_action.action_code = MESH_PATH_SEL_ACTION;
188 ie_len = 12; 230 ie_len = 15;
189 pos = skb_put(skb, 2 + ie_len); 231 pos = skb_put(skb, 2 + ie_len);
190 *pos++ = WLAN_EID_PERR; 232 *pos++ = WLAN_EID_PERR;
191 *pos++ = ie_len; 233 *pos++ = ie_len;
192 /* mode flags, reserved */ 234 /* ttl */
193 *pos++ = 0; 235 *pos++ = MESH_TTL;
194 /* number of destinations */ 236 /* number of destinations */
195 *pos++ = 1; 237 *pos++ = 1;
196 memcpy(pos, dst, ETH_ALEN); 238 /*
239 * flags bit, bit 1 is unset if we know the sequence number and
240 * bit 2 is set if we have a reason code
241 */
242 *pos = 0;
243 if (!target_sn)
244 *pos |= MP_F_USN;
245 if (target_rcode)
246 *pos |= MP_F_RCODE;
247 pos++;
248 memcpy(pos, target, ETH_ALEN);
197 pos += ETH_ALEN; 249 pos += ETH_ALEN;
198 memcpy(pos, &dst_dsn, 4); 250 memcpy(pos, &target_sn, 4);
251 pos += 4;
252 memcpy(pos, &target_rcode, 2);
199 253
200 ieee80211_tx_skb(sdata, skb, 1); 254 ieee80211_tx_skb(sdata, skb);
201 return 0; 255 return 0;
202} 256}
203 257
@@ -269,21 +323,20 @@ static u32 airtime_link_metric_get(struct ieee80211_local *local,
269 */ 323 */
270static u32 hwmp_route_info_get(struct ieee80211_sub_if_data *sdata, 324static u32 hwmp_route_info_get(struct ieee80211_sub_if_data *sdata,
271 struct ieee80211_mgmt *mgmt, 325 struct ieee80211_mgmt *mgmt,
272 u8 *hwmp_ie) 326 u8 *hwmp_ie, enum mpath_frame_type action)
273{ 327{
274 struct ieee80211_local *local = sdata->local; 328 struct ieee80211_local *local = sdata->local;
275 struct mesh_path *mpath; 329 struct mesh_path *mpath;
276 struct sta_info *sta; 330 struct sta_info *sta;
277 bool fresh_info; 331 bool fresh_info;
278 u8 *orig_addr, *ta; 332 u8 *orig_addr, *ta;
279 u32 orig_dsn, orig_metric; 333 u32 orig_sn, orig_metric;
280 unsigned long orig_lifetime, exp_time; 334 unsigned long orig_lifetime, exp_time;
281 u32 last_hop_metric, new_metric; 335 u32 last_hop_metric, new_metric;
282 bool process = true; 336 bool process = true;
283 u8 action = mgmt->u.action.u.mesh_action.action_code;
284 337
285 rcu_read_lock(); 338 rcu_read_lock();
286 sta = sta_info_get(local, mgmt->sa); 339 sta = sta_info_get(sdata, mgmt->sa);
287 if (!sta) { 340 if (!sta) {
288 rcu_read_unlock(); 341 rcu_read_unlock();
289 return 0; 342 return 0;
@@ -296,7 +349,7 @@ static u32 hwmp_route_info_get(struct ieee80211_sub_if_data *sdata,
296 switch (action) { 349 switch (action) {
297 case MPATH_PREQ: 350 case MPATH_PREQ:
298 orig_addr = PREQ_IE_ORIG_ADDR(hwmp_ie); 351 orig_addr = PREQ_IE_ORIG_ADDR(hwmp_ie);
299 orig_dsn = PREQ_IE_ORIG_DSN(hwmp_ie); 352 orig_sn = PREQ_IE_ORIG_SN(hwmp_ie);
300 orig_lifetime = PREQ_IE_LIFETIME(hwmp_ie); 353 orig_lifetime = PREQ_IE_LIFETIME(hwmp_ie);
301 orig_metric = PREQ_IE_METRIC(hwmp_ie); 354 orig_metric = PREQ_IE_METRIC(hwmp_ie);
302 break; 355 break;
@@ -309,7 +362,7 @@ static u32 hwmp_route_info_get(struct ieee80211_sub_if_data *sdata,
309 * information from both PREQ and PREP frames. 362 * information from both PREQ and PREP frames.
310 */ 363 */
311 orig_addr = PREP_IE_ORIG_ADDR(hwmp_ie); 364 orig_addr = PREP_IE_ORIG_ADDR(hwmp_ie);
312 orig_dsn = PREP_IE_ORIG_DSN(hwmp_ie); 365 orig_sn = PREP_IE_ORIG_SN(hwmp_ie);
313 orig_lifetime = PREP_IE_LIFETIME(hwmp_ie); 366 orig_lifetime = PREP_IE_LIFETIME(hwmp_ie);
314 orig_metric = PREP_IE_METRIC(hwmp_ie); 367 orig_metric = PREP_IE_METRIC(hwmp_ie);
315 break; 368 break;
@@ -322,7 +375,7 @@ static u32 hwmp_route_info_get(struct ieee80211_sub_if_data *sdata,
322 new_metric = MAX_METRIC; 375 new_metric = MAX_METRIC;
323 exp_time = TU_TO_EXP_TIME(orig_lifetime); 376 exp_time = TU_TO_EXP_TIME(orig_lifetime);
324 377
325 if (memcmp(orig_addr, sdata->dev->dev_addr, ETH_ALEN) == 0) { 378 if (memcmp(orig_addr, sdata->vif.addr, ETH_ALEN) == 0) {
326 /* This MP is the originator, we are not interested in this 379 /* This MP is the originator, we are not interested in this
327 * frame, except for updating transmitter's path info. 380 * frame, except for updating transmitter's path info.
328 */ 381 */
@@ -335,11 +388,11 @@ static u32 hwmp_route_info_get(struct ieee80211_sub_if_data *sdata,
335 if (mpath->flags & MESH_PATH_FIXED) 388 if (mpath->flags & MESH_PATH_FIXED)
336 fresh_info = false; 389 fresh_info = false;
337 else if ((mpath->flags & MESH_PATH_ACTIVE) && 390 else if ((mpath->flags & MESH_PATH_ACTIVE) &&
338 (mpath->flags & MESH_PATH_DSN_VALID)) { 391 (mpath->flags & MESH_PATH_SN_VALID)) {
339 if (DSN_GT(mpath->dsn, orig_dsn) || 392 if (SN_GT(mpath->sn, orig_sn) ||
340 (mpath->dsn == orig_dsn && 393 (mpath->sn == orig_sn &&
341 action == MPATH_PREQ && 394 action == MPATH_PREQ &&
342 new_metric > mpath->metric)) { 395 new_metric >= mpath->metric)) {
343 process = false; 396 process = false;
344 fresh_info = false; 397 fresh_info = false;
345 } 398 }
@@ -356,9 +409,9 @@ static u32 hwmp_route_info_get(struct ieee80211_sub_if_data *sdata,
356 409
357 if (fresh_info) { 410 if (fresh_info) {
358 mesh_path_assign_nexthop(mpath, sta); 411 mesh_path_assign_nexthop(mpath, sta);
359 mpath->flags |= MESH_PATH_DSN_VALID; 412 mpath->flags |= MESH_PATH_SN_VALID;
360 mpath->metric = new_metric; 413 mpath->metric = new_metric;
361 mpath->dsn = orig_dsn; 414 mpath->sn = orig_sn;
362 mpath->exp_time = time_after(mpath->exp_time, exp_time) 415 mpath->exp_time = time_after(mpath->exp_time, exp_time)
363 ? mpath->exp_time : exp_time; 416 ? mpath->exp_time : exp_time;
364 mesh_path_activate(mpath); 417 mesh_path_activate(mpath);
@@ -397,7 +450,7 @@ static u32 hwmp_route_info_get(struct ieee80211_sub_if_data *sdata,
397 450
398 if (fresh_info) { 451 if (fresh_info) {
399 mesh_path_assign_nexthop(mpath, sta); 452 mesh_path_assign_nexthop(mpath, sta);
400 mpath->flags &= ~MESH_PATH_DSN_VALID; 453 mpath->flags &= ~MESH_PATH_SN_VALID;
401 mpath->metric = last_hop_metric; 454 mpath->metric = last_hop_metric;
402 mpath->exp_time = time_after(mpath->exp_time, exp_time) 455 mpath->exp_time = time_after(mpath->exp_time, exp_time)
403 ? mpath->exp_time : exp_time; 456 ? mpath->exp_time : exp_time;
@@ -419,44 +472,47 @@ static void hwmp_preq_frame_process(struct ieee80211_sub_if_data *sdata,
419{ 472{
420 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; 473 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
421 struct mesh_path *mpath; 474 struct mesh_path *mpath;
422 u8 *dst_addr, *orig_addr; 475 u8 *target_addr, *orig_addr;
423 u8 dst_flags, ttl; 476 u8 target_flags, ttl;
424 u32 orig_dsn, dst_dsn, lifetime; 477 u32 orig_sn, target_sn, lifetime;
425 bool reply = false; 478 bool reply = false;
426 bool forward = true; 479 bool forward = true;
427 480
428 /* Update destination DSN, if present */ 481 /* Update target SN, if present */
429 dst_addr = PREQ_IE_DST_ADDR(preq_elem); 482 target_addr = PREQ_IE_TARGET_ADDR(preq_elem);
430 orig_addr = PREQ_IE_ORIG_ADDR(preq_elem); 483 orig_addr = PREQ_IE_ORIG_ADDR(preq_elem);
431 dst_dsn = PREQ_IE_DST_DSN(preq_elem); 484 target_sn = PREQ_IE_TARGET_SN(preq_elem);
432 orig_dsn = PREQ_IE_ORIG_DSN(preq_elem); 485 orig_sn = PREQ_IE_ORIG_SN(preq_elem);
433 dst_flags = PREQ_IE_DST_F(preq_elem); 486 target_flags = PREQ_IE_TARGET_F(preq_elem);
434 487
435 if (memcmp(dst_addr, sdata->dev->dev_addr, ETH_ALEN) == 0) { 488 mhwmp_dbg("received PREQ from %pM\n", orig_addr);
489
490 if (memcmp(target_addr, sdata->vif.addr, ETH_ALEN) == 0) {
491 mhwmp_dbg("PREQ is for us\n");
436 forward = false; 492 forward = false;
437 reply = true; 493 reply = true;
438 metric = 0; 494 metric = 0;
439 if (time_after(jiffies, ifmsh->last_dsn_update + 495 if (time_after(jiffies, ifmsh->last_sn_update +
440 net_traversal_jiffies(sdata)) || 496 net_traversal_jiffies(sdata)) ||
441 time_before(jiffies, ifmsh->last_dsn_update)) { 497 time_before(jiffies, ifmsh->last_sn_update)) {
442 dst_dsn = ++ifmsh->dsn; 498 target_sn = ++ifmsh->sn;
443 ifmsh->last_dsn_update = jiffies; 499 ifmsh->last_sn_update = jiffies;
444 } 500 }
445 } else { 501 } else {
446 rcu_read_lock(); 502 rcu_read_lock();
447 mpath = mesh_path_lookup(dst_addr, sdata); 503 mpath = mesh_path_lookup(target_addr, sdata);
448 if (mpath) { 504 if (mpath) {
449 if ((!(mpath->flags & MESH_PATH_DSN_VALID)) || 505 if ((!(mpath->flags & MESH_PATH_SN_VALID)) ||
450 DSN_LT(mpath->dsn, dst_dsn)) { 506 SN_LT(mpath->sn, target_sn)) {
451 mpath->dsn = dst_dsn; 507 mpath->sn = target_sn;
452 mpath->flags |= MESH_PATH_DSN_VALID; 508 mpath->flags |= MESH_PATH_SN_VALID;
453 } else if ((!(dst_flags & MP_F_DO)) && 509 } else if ((!(target_flags & MP_F_DO)) &&
454 (mpath->flags & MESH_PATH_ACTIVE)) { 510 (mpath->flags & MESH_PATH_ACTIVE)) {
455 reply = true; 511 reply = true;
456 metric = mpath->metric; 512 metric = mpath->metric;
457 dst_dsn = mpath->dsn; 513 target_sn = mpath->sn;
458 if (dst_flags & MP_F_RF) 514 if (target_flags & MP_F_RF)
459 dst_flags |= MP_F_DO; 515 target_flags |= MP_F_DO;
460 else 516 else
461 forward = false; 517 forward = false;
462 } 518 }
@@ -467,13 +523,14 @@ static void hwmp_preq_frame_process(struct ieee80211_sub_if_data *sdata,
467 if (reply) { 523 if (reply) {
468 lifetime = PREQ_IE_LIFETIME(preq_elem); 524 lifetime = PREQ_IE_LIFETIME(preq_elem);
469 ttl = ifmsh->mshcfg.dot11MeshTTL; 525 ttl = ifmsh->mshcfg.dot11MeshTTL;
470 if (ttl != 0) 526 if (ttl != 0) {
471 mesh_path_sel_frame_tx(MPATH_PREP, 0, dst_addr, 527 mhwmp_dbg("replying to the PREQ\n");
472 cpu_to_le32(dst_dsn), 0, orig_addr, 528 mesh_path_sel_frame_tx(MPATH_PREP, 0, target_addr,
473 cpu_to_le32(orig_dsn), mgmt->sa, 0, ttl, 529 cpu_to_le32(target_sn), 0, orig_addr,
530 cpu_to_le32(orig_sn), mgmt->sa, 0, ttl,
474 cpu_to_le32(lifetime), cpu_to_le32(metric), 531 cpu_to_le32(lifetime), cpu_to_le32(metric),
475 0, sdata); 532 0, sdata);
476 else 533 } else
477 ifmsh->mshstats.dropped_frames_ttl++; 534 ifmsh->mshstats.dropped_frames_ttl++;
478 } 535 }
479 536
@@ -487,13 +544,14 @@ static void hwmp_preq_frame_process(struct ieee80211_sub_if_data *sdata,
487 ifmsh->mshstats.dropped_frames_ttl++; 544 ifmsh->mshstats.dropped_frames_ttl++;
488 return; 545 return;
489 } 546 }
547 mhwmp_dbg("forwarding the PREQ from %pM\n", orig_addr);
490 --ttl; 548 --ttl;
491 flags = PREQ_IE_FLAGS(preq_elem); 549 flags = PREQ_IE_FLAGS(preq_elem);
492 preq_id = PREQ_IE_PREQ_ID(preq_elem); 550 preq_id = PREQ_IE_PREQ_ID(preq_elem);
493 hopcount = PREQ_IE_HOPCOUNT(preq_elem) + 1; 551 hopcount = PREQ_IE_HOPCOUNT(preq_elem) + 1;
494 mesh_path_sel_frame_tx(MPATH_PREQ, flags, orig_addr, 552 mesh_path_sel_frame_tx(MPATH_PREQ, flags, orig_addr,
495 cpu_to_le32(orig_dsn), dst_flags, dst_addr, 553 cpu_to_le32(orig_sn), target_flags, target_addr,
496 cpu_to_le32(dst_dsn), sdata->dev->broadcast, 554 cpu_to_le32(target_sn), broadcast_addr,
497 hopcount, ttl, cpu_to_le32(lifetime), 555 hopcount, ttl, cpu_to_le32(lifetime),
498 cpu_to_le32(metric), cpu_to_le32(preq_id), 556 cpu_to_le32(metric), cpu_to_le32(preq_id),
499 sdata); 557 sdata);
@@ -508,10 +566,12 @@ static void hwmp_prep_frame_process(struct ieee80211_sub_if_data *sdata,
508 u8 *prep_elem, u32 metric) 566 u8 *prep_elem, u32 metric)
509{ 567{
510 struct mesh_path *mpath; 568 struct mesh_path *mpath;
511 u8 *dst_addr, *orig_addr; 569 u8 *target_addr, *orig_addr;
512 u8 ttl, hopcount, flags; 570 u8 ttl, hopcount, flags;
513 u8 next_hop[ETH_ALEN]; 571 u8 next_hop[ETH_ALEN];
514 u32 dst_dsn, orig_dsn, lifetime; 572 u32 target_sn, orig_sn, lifetime;
573
574 mhwmp_dbg("received PREP from %pM\n", PREP_IE_ORIG_ADDR(prep_elem));
515 575
516 /* Note that we divert from the draft nomenclature and denominate 576 /* Note that we divert from the draft nomenclature and denominate
517 * destination to what the draft refers to as origininator. So in this 577 * destination to what the draft refers to as origininator. So in this
@@ -519,8 +579,8 @@ static void hwmp_prep_frame_process(struct ieee80211_sub_if_data *sdata,
519 * which corresponds with the originator of the PREQ which this PREP 579 * which corresponds with the originator of the PREQ which this PREP
520 * replies 580 * replies
521 */ 581 */
522 dst_addr = PREP_IE_DST_ADDR(prep_elem); 582 target_addr = PREP_IE_TARGET_ADDR(prep_elem);
523 if (memcmp(dst_addr, sdata->dev->dev_addr, ETH_ALEN) == 0) 583 if (memcmp(target_addr, sdata->vif.addr, ETH_ALEN) == 0)
524 /* destination, no forwarding required */ 584 /* destination, no forwarding required */
525 return; 585 return;
526 586
@@ -531,7 +591,7 @@ static void hwmp_prep_frame_process(struct ieee80211_sub_if_data *sdata,
531 } 591 }
532 592
533 rcu_read_lock(); 593 rcu_read_lock();
534 mpath = mesh_path_lookup(dst_addr, sdata); 594 mpath = mesh_path_lookup(target_addr, sdata);
535 if (mpath) 595 if (mpath)
536 spin_lock_bh(&mpath->state_lock); 596 spin_lock_bh(&mpath->state_lock);
537 else 597 else
@@ -547,13 +607,13 @@ static void hwmp_prep_frame_process(struct ieee80211_sub_if_data *sdata,
547 lifetime = PREP_IE_LIFETIME(prep_elem); 607 lifetime = PREP_IE_LIFETIME(prep_elem);
548 hopcount = PREP_IE_HOPCOUNT(prep_elem) + 1; 608 hopcount = PREP_IE_HOPCOUNT(prep_elem) + 1;
549 orig_addr = PREP_IE_ORIG_ADDR(prep_elem); 609 orig_addr = PREP_IE_ORIG_ADDR(prep_elem);
550 dst_dsn = PREP_IE_DST_DSN(prep_elem); 610 target_sn = PREP_IE_TARGET_SN(prep_elem);
551 orig_dsn = PREP_IE_ORIG_DSN(prep_elem); 611 orig_sn = PREP_IE_ORIG_SN(prep_elem);
552 612
553 mesh_path_sel_frame_tx(MPATH_PREP, flags, orig_addr, 613 mesh_path_sel_frame_tx(MPATH_PREP, flags, orig_addr,
554 cpu_to_le32(orig_dsn), 0, dst_addr, 614 cpu_to_le32(orig_sn), 0, target_addr,
555 cpu_to_le32(dst_dsn), mpath->next_hop->sta.addr, hopcount, ttl, 615 cpu_to_le32(target_sn), next_hop, hopcount,
556 cpu_to_le32(lifetime), cpu_to_le32(metric), 616 ttl, cpu_to_le32(lifetime), cpu_to_le32(metric),
557 0, sdata); 617 0, sdata);
558 rcu_read_unlock(); 618 rcu_read_unlock();
559 619
@@ -570,32 +630,96 @@ fail:
570static void hwmp_perr_frame_process(struct ieee80211_sub_if_data *sdata, 630static void hwmp_perr_frame_process(struct ieee80211_sub_if_data *sdata,
571 struct ieee80211_mgmt *mgmt, u8 *perr_elem) 631 struct ieee80211_mgmt *mgmt, u8 *perr_elem)
572{ 632{
633 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
573 struct mesh_path *mpath; 634 struct mesh_path *mpath;
574 u8 *ta, *dst_addr; 635 u8 ttl;
575 u32 dst_dsn; 636 u8 *ta, *target_addr;
637 u8 target_flags;
638 u32 target_sn;
639 u16 target_rcode;
576 640
577 ta = mgmt->sa; 641 ta = mgmt->sa;
578 dst_addr = PERR_IE_DST_ADDR(perr_elem); 642 ttl = PERR_IE_TTL(perr_elem);
579 dst_dsn = PERR_IE_DST_DSN(perr_elem); 643 if (ttl <= 1) {
644 ifmsh->mshstats.dropped_frames_ttl++;
645 return;
646 }
647 ttl--;
648 target_flags = PERR_IE_TARGET_FLAGS(perr_elem);
649 target_addr = PERR_IE_TARGET_ADDR(perr_elem);
650 target_sn = PERR_IE_TARGET_SN(perr_elem);
651 target_rcode = PERR_IE_TARGET_RCODE(perr_elem);
652
580 rcu_read_lock(); 653 rcu_read_lock();
581 mpath = mesh_path_lookup(dst_addr, sdata); 654 mpath = mesh_path_lookup(target_addr, sdata);
582 if (mpath) { 655 if (mpath) {
583 spin_lock_bh(&mpath->state_lock); 656 spin_lock_bh(&mpath->state_lock);
584 if (mpath->flags & MESH_PATH_ACTIVE && 657 if (mpath->flags & MESH_PATH_ACTIVE &&
585 memcmp(ta, mpath->next_hop->sta.addr, ETH_ALEN) == 0 && 658 memcmp(ta, mpath->next_hop->sta.addr, ETH_ALEN) == 0 &&
586 (!(mpath->flags & MESH_PATH_DSN_VALID) || 659 (!(mpath->flags & MESH_PATH_SN_VALID) ||
587 DSN_GT(dst_dsn, mpath->dsn))) { 660 SN_GT(target_sn, mpath->sn))) {
588 mpath->flags &= ~MESH_PATH_ACTIVE; 661 mpath->flags &= ~MESH_PATH_ACTIVE;
589 mpath->dsn = dst_dsn; 662 mpath->sn = target_sn;
590 spin_unlock_bh(&mpath->state_lock); 663 spin_unlock_bh(&mpath->state_lock);
591 mesh_path_error_tx(dst_addr, cpu_to_le32(dst_dsn), 664 mesh_path_error_tx(ttl, target_addr, cpu_to_le32(target_sn),
592 sdata->dev->broadcast, sdata); 665 cpu_to_le16(target_rcode),
666 broadcast_addr, sdata);
593 } else 667 } else
594 spin_unlock_bh(&mpath->state_lock); 668 spin_unlock_bh(&mpath->state_lock);
595 } 669 }
596 rcu_read_unlock(); 670 rcu_read_unlock();
597} 671}
598 672
673static void hwmp_rann_frame_process(struct ieee80211_sub_if_data *sdata,
674 struct ieee80211_mgmt *mgmt,
675 struct ieee80211_rann_ie *rann)
676{
677 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
678 struct mesh_path *mpath;
679 u8 *ta;
680 u8 ttl, flags, hopcount;
681 u8 *orig_addr;
682 u32 orig_sn, metric;
683
684 ta = mgmt->sa;
685 ttl = rann->rann_ttl;
686 if (ttl <= 1) {
687 ifmsh->mshstats.dropped_frames_ttl++;
688 return;
689 }
690 ttl--;
691 flags = rann->rann_flags;
692 orig_addr = rann->rann_addr;
693 orig_sn = rann->rann_seq;
694 hopcount = rann->rann_hopcount;
695 hopcount++;
696 metric = rann->rann_metric;
697 mhwmp_dbg("received RANN from %pM\n", orig_addr);
698
699 rcu_read_lock();
700 mpath = mesh_path_lookup(orig_addr, sdata);
701 if (!mpath) {
702 mesh_path_add(orig_addr, sdata);
703 mpath = mesh_path_lookup(orig_addr, sdata);
704 if (!mpath) {
705 rcu_read_unlock();
706 sdata->u.mesh.mshstats.dropped_frames_no_route++;
707 return;
708 }
709 mesh_queue_preq(mpath,
710 PREQ_Q_F_START | PREQ_Q_F_REFRESH);
711 }
712 if (mpath->sn < orig_sn) {
713 mesh_path_sel_frame_tx(MPATH_RANN, flags, orig_addr,
714 cpu_to_le32(orig_sn),
715 0, NULL, 0, broadcast_addr,
716 hopcount, ttl, 0,
717 cpu_to_le32(metric + mpath->metric),
718 0, sdata);
719 mpath->sn = orig_sn;
720 }
721 rcu_read_unlock();
722}
599 723
600 724
601void mesh_rx_path_sel_frame(struct ieee80211_sub_if_data *sdata, 725void mesh_rx_path_sel_frame(struct ieee80211_sub_if_data *sdata,
@@ -614,34 +738,34 @@ void mesh_rx_path_sel_frame(struct ieee80211_sub_if_data *sdata,
614 ieee802_11_parse_elems(mgmt->u.action.u.mesh_action.variable, 738 ieee802_11_parse_elems(mgmt->u.action.u.mesh_action.variable,
615 len - baselen, &elems); 739 len - baselen, &elems);
616 740
617 switch (mgmt->u.action.u.mesh_action.action_code) { 741 if (elems.preq) {
618 case MPATH_PREQ: 742 if (elems.preq_len != 37)
619 if (!elems.preq || elems.preq_len != 37)
620 /* Right now we support just 1 destination and no AE */ 743 /* Right now we support just 1 destination and no AE */
621 return; 744 return;
622 last_hop_metric = hwmp_route_info_get(sdata, mgmt, elems.preq); 745 last_hop_metric = hwmp_route_info_get(sdata, mgmt, elems.preq,
623 if (!last_hop_metric) 746 MPATH_PREQ);
624 return; 747 if (last_hop_metric)
625 hwmp_preq_frame_process(sdata, mgmt, elems.preq, last_hop_metric); 748 hwmp_preq_frame_process(sdata, mgmt, elems.preq,
626 break; 749 last_hop_metric);
627 case MPATH_PREP: 750 }
628 if (!elems.prep || elems.prep_len != 31) 751 if (elems.prep) {
752 if (elems.prep_len != 31)
629 /* Right now we support no AE */ 753 /* Right now we support no AE */
630 return; 754 return;
631 last_hop_metric = hwmp_route_info_get(sdata, mgmt, elems.prep); 755 last_hop_metric = hwmp_route_info_get(sdata, mgmt, elems.prep,
632 if (!last_hop_metric) 756 MPATH_PREP);
633 return; 757 if (last_hop_metric)
634 hwmp_prep_frame_process(sdata, mgmt, elems.prep, last_hop_metric); 758 hwmp_prep_frame_process(sdata, mgmt, elems.prep,
635 break; 759 last_hop_metric);
636 case MPATH_PERR: 760 }
637 if (!elems.perr || elems.perr_len != 12) 761 if (elems.perr) {
762 if (elems.perr_len != 15)
638 /* Right now we support only one destination per PERR */ 763 /* Right now we support only one destination per PERR */
639 return; 764 return;
640 hwmp_perr_frame_process(sdata, mgmt, elems.perr); 765 hwmp_perr_frame_process(sdata, mgmt, elems.perr);
641 default:
642 return;
643 } 766 }
644 767 if (elems.rann)
768 hwmp_rann_frame_process(sdata, mgmt, elems.rann);
645} 769}
646 770
647/** 771/**
@@ -661,7 +785,7 @@ static void mesh_queue_preq(struct mesh_path *mpath, u8 flags)
661 785
662 preq_node = kmalloc(sizeof(struct mesh_preq_queue), GFP_ATOMIC); 786 preq_node = kmalloc(sizeof(struct mesh_preq_queue), GFP_ATOMIC);
663 if (!preq_node) { 787 if (!preq_node) {
664 printk(KERN_DEBUG "Mesh HWMP: could not allocate PREQ node\n"); 788 mhwmp_dbg("could not allocate PREQ node\n");
665 return; 789 return;
666 } 790 }
667 791
@@ -670,7 +794,7 @@ static void mesh_queue_preq(struct mesh_path *mpath, u8 flags)
670 spin_unlock(&ifmsh->mesh_preq_queue_lock); 794 spin_unlock(&ifmsh->mesh_preq_queue_lock);
671 kfree(preq_node); 795 kfree(preq_node);
672 if (printk_ratelimit()) 796 if (printk_ratelimit())
673 printk(KERN_DEBUG "Mesh HWMP: PREQ node queue full\n"); 797 mhwmp_dbg("PREQ node queue full\n");
674 return; 798 return;
675 } 799 }
676 800
@@ -705,7 +829,7 @@ void mesh_path_start_discovery(struct ieee80211_sub_if_data *sdata)
705 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; 829 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
706 struct mesh_preq_queue *preq_node; 830 struct mesh_preq_queue *preq_node;
707 struct mesh_path *mpath; 831 struct mesh_path *mpath;
708 u8 ttl, dst_flags; 832 u8 ttl, target_flags;
709 u32 lifetime; 833 u32 lifetime;
710 834
711 spin_lock_bh(&ifmsh->mesh_preq_queue_lock); 835 spin_lock_bh(&ifmsh->mesh_preq_queue_lock);
@@ -747,11 +871,11 @@ void mesh_path_start_discovery(struct ieee80211_sub_if_data *sdata)
747 871
748 ifmsh->last_preq = jiffies; 872 ifmsh->last_preq = jiffies;
749 873
750 if (time_after(jiffies, ifmsh->last_dsn_update + 874 if (time_after(jiffies, ifmsh->last_sn_update +
751 net_traversal_jiffies(sdata)) || 875 net_traversal_jiffies(sdata)) ||
752 time_before(jiffies, ifmsh->last_dsn_update)) { 876 time_before(jiffies, ifmsh->last_sn_update)) {
753 ++ifmsh->dsn; 877 ++ifmsh->sn;
754 sdata->u.mesh.last_dsn_update = jiffies; 878 sdata->u.mesh.last_sn_update = jiffies;
755 } 879 }
756 lifetime = default_lifetime(sdata); 880 lifetime = default_lifetime(sdata);
757 ttl = sdata->u.mesh.mshcfg.dot11MeshTTL; 881 ttl = sdata->u.mesh.mshcfg.dot11MeshTTL;
@@ -762,14 +886,14 @@ void mesh_path_start_discovery(struct ieee80211_sub_if_data *sdata)
762 } 886 }
763 887
764 if (preq_node->flags & PREQ_Q_F_REFRESH) 888 if (preq_node->flags & PREQ_Q_F_REFRESH)
765 dst_flags = MP_F_DO; 889 target_flags = MP_F_DO;
766 else 890 else
767 dst_flags = MP_F_RF; 891 target_flags = MP_F_RF;
768 892
769 spin_unlock_bh(&mpath->state_lock); 893 spin_unlock_bh(&mpath->state_lock);
770 mesh_path_sel_frame_tx(MPATH_PREQ, 0, sdata->dev->dev_addr, 894 mesh_path_sel_frame_tx(MPATH_PREQ, 0, sdata->vif.addr,
771 cpu_to_le32(ifmsh->dsn), dst_flags, mpath->dst, 895 cpu_to_le32(ifmsh->sn), target_flags, mpath->dst,
772 cpu_to_le32(mpath->dsn), sdata->dev->broadcast, 0, 896 cpu_to_le32(mpath->sn), broadcast_addr, 0,
773 ttl, cpu_to_le32(lifetime), 0, 897 ttl, cpu_to_le32(lifetime), 0,
774 cpu_to_le32(ifmsh->preq_id++), sdata); 898 cpu_to_le32(ifmsh->preq_id++), sdata);
775 mod_timer(&mpath->timer, jiffies + mpath->discovery_timeout); 899 mod_timer(&mpath->timer, jiffies + mpath->discovery_timeout);
@@ -796,15 +920,15 @@ int mesh_nexthop_lookup(struct sk_buff *skb,
796 struct sk_buff *skb_to_free = NULL; 920 struct sk_buff *skb_to_free = NULL;
797 struct mesh_path *mpath; 921 struct mesh_path *mpath;
798 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 922 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
799 u8 *dst_addr = hdr->addr3; 923 u8 *target_addr = hdr->addr3;
800 int err = 0; 924 int err = 0;
801 925
802 rcu_read_lock(); 926 rcu_read_lock();
803 mpath = mesh_path_lookup(dst_addr, sdata); 927 mpath = mesh_path_lookup(target_addr, sdata);
804 928
805 if (!mpath) { 929 if (!mpath) {
806 mesh_path_add(dst_addr, sdata); 930 mesh_path_add(target_addr, sdata);
807 mpath = mesh_path_lookup(dst_addr, sdata); 931 mpath = mesh_path_lookup(target_addr, sdata);
808 if (!mpath) { 932 if (!mpath) {
809 sdata->u.mesh.mshstats.dropped_frames_no_route++; 933 sdata->u.mesh.mshstats.dropped_frames_no_route++;
810 err = -ENOSPC; 934 err = -ENOSPC;
@@ -813,17 +937,16 @@ int mesh_nexthop_lookup(struct sk_buff *skb,
813 } 937 }
814 938
815 if (mpath->flags & MESH_PATH_ACTIVE) { 939 if (mpath->flags & MESH_PATH_ACTIVE) {
816 if (time_after(jiffies, mpath->exp_time + 940 if (time_after(jiffies,
817 msecs_to_jiffies(sdata->u.mesh.mshcfg.path_refresh_time)) 941 mpath->exp_time -
818 && !memcmp(sdata->dev->dev_addr, hdr->addr4, 942 msecs_to_jiffies(sdata->u.mesh.mshcfg.path_refresh_time)) &&
819 ETH_ALEN) 943 !memcmp(sdata->vif.addr, hdr->addr4, ETH_ALEN) &&
820 && !(mpath->flags & MESH_PATH_RESOLVING) 944 !(mpath->flags & MESH_PATH_RESOLVING) &&
821 && !(mpath->flags & MESH_PATH_FIXED)) { 945 !(mpath->flags & MESH_PATH_FIXED)) {
822 mesh_queue_preq(mpath, 946 mesh_queue_preq(mpath,
823 PREQ_Q_F_START | PREQ_Q_F_REFRESH); 947 PREQ_Q_F_START | PREQ_Q_F_REFRESH);
824 } 948 }
825 memcpy(hdr->addr1, mpath->next_hop->sta.addr, 949 memcpy(hdr->addr1, mpath->next_hop->sta.addr, ETH_ALEN);
826 ETH_ALEN);
827 } else { 950 } else {
828 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 951 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
829 if (!(mpath->flags & MESH_PATH_RESOLVING)) { 952 if (!(mpath->flags & MESH_PATH_RESOLVING)) {
@@ -882,3 +1005,14 @@ void mesh_path_timer(unsigned long data)
882endmpathtimer: 1005endmpathtimer:
883 rcu_read_unlock(); 1006 rcu_read_unlock();
884} 1007}
1008
1009void
1010mesh_path_tx_root_frame(struct ieee80211_sub_if_data *sdata)
1011{
1012 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
1013
1014 mesh_path_sel_frame_tx(MPATH_RANN, 0, sdata->vif.addr,
1015 cpu_to_le32(++ifmsh->sn),
1016 0, NULL, 0, broadcast_addr,
1017 0, MESH_TTL, 0, 0, 0, sdata);
1018}
diff --git a/net/mac80211/mesh_pathtbl.c b/net/mac80211/mesh_pathtbl.c
index 751c4d0e2b36..181ffd6efd81 100644
--- a/net/mac80211/mesh_pathtbl.c
+++ b/net/mac80211/mesh_pathtbl.c
@@ -1,5 +1,5 @@
1/* 1/*
2 * Copyright (c) 2008 open80211s Ltd. 2 * Copyright (c) 2008, 2009 open80211s Ltd.
3 * Author: Luis Carlos Cobo <luisca@cozybit.com> 3 * Author: Luis Carlos Cobo <luisca@cozybit.com>
4 * 4 *
5 * This program is free software; you can redistribute it and/or modify 5 * This program is free software; you can redistribute it and/or modify
@@ -10,6 +10,7 @@
10#include <linux/etherdevice.h> 10#include <linux/etherdevice.h>
11#include <linux/list.h> 11#include <linux/list.h>
12#include <linux/random.h> 12#include <linux/random.h>
13#include <linux/slab.h>
13#include <linux/spinlock.h> 14#include <linux/spinlock.h>
14#include <linux/string.h> 15#include <linux/string.h>
15#include <net/mac80211.h> 16#include <net/mac80211.h>
@@ -244,7 +245,7 @@ struct mesh_path *mesh_path_lookup_by_idx(int idx, struct ieee80211_sub_if_data
244 * @addr: destination address of the path (ETH_ALEN length) 245 * @addr: destination address of the path (ETH_ALEN length)
245 * @sdata: local subif 246 * @sdata: local subif
246 * 247 *
247 * Returns: 0 on sucess 248 * Returns: 0 on success
248 * 249 *
249 * State: the initial state of the new path is set to 0 250 * State: the initial state of the new path is set to 0
250 */ 251 */
@@ -260,7 +261,7 @@ int mesh_path_add(u8 *dst, struct ieee80211_sub_if_data *sdata)
260 int err = 0; 261 int err = 0;
261 u32 hash_idx; 262 u32 hash_idx;
262 263
263 if (memcmp(dst, sdata->dev->dev_addr, ETH_ALEN) == 0) 264 if (memcmp(dst, sdata->vif.addr, ETH_ALEN) == 0)
264 /* never add ourselves as neighbours */ 265 /* never add ourselves as neighbours */
265 return -ENOTSUPP; 266 return -ENOTSUPP;
266 267
@@ -377,7 +378,7 @@ int mpp_path_add(u8 *dst, u8 *mpp, struct ieee80211_sub_if_data *sdata)
377 int err = 0; 378 int err = 0;
378 u32 hash_idx; 379 u32 hash_idx;
379 380
380 if (memcmp(dst, sdata->dev->dev_addr, ETH_ALEN) == 0) 381 if (memcmp(dst, sdata->vif.addr, ETH_ALEN) == 0)
381 /* never add ourselves as neighbours */ 382 /* never add ourselves as neighbours */
382 return -ENOTSUPP; 383 return -ENOTSUPP;
383 384
@@ -449,6 +450,7 @@ err_path_alloc:
449 */ 450 */
450void mesh_plink_broken(struct sta_info *sta) 451void mesh_plink_broken(struct sta_info *sta)
451{ 452{
453 static const u8 bcast[ETH_ALEN] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
452 struct mesh_path *mpath; 454 struct mesh_path *mpath;
453 struct mpath_node *node; 455 struct mpath_node *node;
454 struct hlist_node *p; 456 struct hlist_node *p;
@@ -463,11 +465,12 @@ void mesh_plink_broken(struct sta_info *sta)
463 mpath->flags & MESH_PATH_ACTIVE && 465 mpath->flags & MESH_PATH_ACTIVE &&
464 !(mpath->flags & MESH_PATH_FIXED)) { 466 !(mpath->flags & MESH_PATH_FIXED)) {
465 mpath->flags &= ~MESH_PATH_ACTIVE; 467 mpath->flags &= ~MESH_PATH_ACTIVE;
466 ++mpath->dsn; 468 ++mpath->sn;
467 spin_unlock_bh(&mpath->state_lock); 469 spin_unlock_bh(&mpath->state_lock);
468 mesh_path_error_tx(mpath->dst, 470 mesh_path_error_tx(MESH_TTL, mpath->dst,
469 cpu_to_le32(mpath->dsn), 471 cpu_to_le32(mpath->sn),
470 sdata->dev->broadcast, sdata); 472 cpu_to_le16(PERR_RCODE_DEST_UNREACH),
473 bcast, sdata);
471 } else 474 } else
472 spin_unlock_bh(&mpath->state_lock); 475 spin_unlock_bh(&mpath->state_lock);
473 } 476 }
@@ -530,7 +533,7 @@ static void mesh_path_node_reclaim(struct rcu_head *rp)
530 * @addr: dst address (ETH_ALEN length) 533 * @addr: dst address (ETH_ALEN length)
531 * @sdata: local subif 534 * @sdata: local subif
532 * 535 *
533 * Returns: 0 if succesful 536 * Returns: 0 if successful
534 */ 537 */
535int mesh_path_del(u8 *addr, struct ieee80211_sub_if_data *sdata) 538int mesh_path_del(u8 *addr, struct ieee80211_sub_if_data *sdata)
536{ 539{
@@ -601,17 +604,18 @@ void mesh_path_discard_frame(struct sk_buff *skb,
601{ 604{
602 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 605 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
603 struct mesh_path *mpath; 606 struct mesh_path *mpath;
604 u32 dsn = 0; 607 u32 sn = 0;
605 608
606 if (memcmp(hdr->addr4, sdata->dev->dev_addr, ETH_ALEN) != 0) { 609 if (memcmp(hdr->addr4, sdata->vif.addr, ETH_ALEN) != 0) {
607 u8 *ra, *da; 610 u8 *ra, *da;
608 611
609 da = hdr->addr3; 612 da = hdr->addr3;
610 ra = hdr->addr1; 613 ra = hdr->addr1;
611 mpath = mesh_path_lookup(da, sdata); 614 mpath = mesh_path_lookup(da, sdata);
612 if (mpath) 615 if (mpath)
613 dsn = ++mpath->dsn; 616 sn = ++mpath->sn;
614 mesh_path_error_tx(skb->data, cpu_to_le32(dsn), ra, sdata); 617 mesh_path_error_tx(MESH_TTL, skb->data, cpu_to_le32(sn),
618 cpu_to_le16(PERR_RCODE_NO_ROUTE), ra, sdata);
615 } 619 }
616 620
617 kfree_skb(skb); 621 kfree_skb(skb);
@@ -646,7 +650,7 @@ void mesh_path_fix_nexthop(struct mesh_path *mpath, struct sta_info *next_hop)
646{ 650{
647 spin_lock_bh(&mpath->state_lock); 651 spin_lock_bh(&mpath->state_lock);
648 mesh_path_assign_nexthop(mpath, next_hop); 652 mesh_path_assign_nexthop(mpath, next_hop);
649 mpath->dsn = 0xffff; 653 mpath->sn = 0xffff;
650 mpath->metric = 0; 654 mpath->metric = 0;
651 mpath->hop_count = 0; 655 mpath->hop_count = 0;
652 mpath->exp_time = 0; 656 mpath->exp_time = 0;
diff --git a/net/mac80211/mesh_plink.c b/net/mac80211/mesh_plink.c
index ffcbad75e09b..7b7080e2b49f 100644
--- a/net/mac80211/mesh_plink.c
+++ b/net/mac80211/mesh_plink.c
@@ -1,11 +1,12 @@
1/* 1/*
2 * Copyright (c) 2008 open80211s Ltd. 2 * Copyright (c) 2008, 2009 open80211s Ltd.
3 * Author: Luis Carlos Cobo <luisca@cozybit.com> 3 * Author: Luis Carlos Cobo <luisca@cozybit.com>
4 * 4 *
5 * This program is free software; you can redistribute it and/or modify 5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as 6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation. 7 * published by the Free Software Foundation.
8 */ 8 */
9#include <linux/gfp.h>
9#include <linux/kernel.h> 10#include <linux/kernel.h>
10#include <linux/random.h> 11#include <linux/random.h>
11#include "ieee80211_i.h" 12#include "ieee80211_i.h"
@@ -18,9 +19,8 @@
18#define mpl_dbg(fmt, args...) do { (void)(0); } while (0) 19#define mpl_dbg(fmt, args...) do { (void)(0); } while (0)
19#endif 20#endif
20 21
21#define PLINK_GET_FRAME_SUBTYPE(p) (p) 22#define PLINK_GET_LLID(p) (p + 4)
22#define PLINK_GET_LLID(p) (p + 1) 23#define PLINK_GET_PLID(p) (p + 6)
23#define PLINK_GET_PLID(p) (p + 3)
24 24
25#define mod_plink_timer(s, t) (mod_timer(&s->plink_timer, \ 25#define mod_plink_timer(s, t) (mod_timer(&s->plink_timer, \
26 jiffies + HZ * t / 1000)) 26 jiffies + HZ * t / 1000))
@@ -65,6 +65,7 @@ void mesh_plink_inc_estab_count(struct ieee80211_sub_if_data *sdata)
65{ 65{
66 atomic_inc(&sdata->u.mesh.mshstats.estab_plinks); 66 atomic_inc(&sdata->u.mesh.mshstats.estab_plinks);
67 mesh_accept_plinks_update(sdata); 67 mesh_accept_plinks_update(sdata);
68 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON);
68} 69}
69 70
70static inline 71static inline
@@ -72,12 +73,13 @@ void mesh_plink_dec_estab_count(struct ieee80211_sub_if_data *sdata)
72{ 73{
73 atomic_dec(&sdata->u.mesh.mshstats.estab_plinks); 74 atomic_dec(&sdata->u.mesh.mshstats.estab_plinks);
74 mesh_accept_plinks_update(sdata); 75 mesh_accept_plinks_update(sdata);
76 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON);
75} 77}
76 78
77/** 79/**
78 * mesh_plink_fsm_restart - restart a mesh peer link finite state machine 80 * mesh_plink_fsm_restart - restart a mesh peer link finite state machine
79 * 81 *
80 * @sta: mes peer link to restart 82 * @sta: mesh peer link to restart
81 * 83 *
82 * Locking: this function must be called holding sta->lock 84 * Locking: this function must be called holding sta->lock
83 */ 85 */
@@ -101,7 +103,7 @@ static struct sta_info *mesh_plink_alloc(struct ieee80211_sub_if_data *sdata,
101 if (local->num_sta >= MESH_MAX_PLINKS) 103 if (local->num_sta >= MESH_MAX_PLINKS)
102 return NULL; 104 return NULL;
103 105
104 sta = sta_info_alloc(sdata, hw_addr, GFP_ATOMIC); 106 sta = sta_info_alloc(sdata, hw_addr, GFP_KERNEL);
105 if (!sta) 107 if (!sta)
106 return NULL; 108 return NULL;
107 109
@@ -152,6 +154,7 @@ static int mesh_plink_frame_tx(struct ieee80211_sub_if_data *sdata,
152 struct sk_buff *skb = dev_alloc_skb(local->hw.extra_tx_headroom + 400); 154 struct sk_buff *skb = dev_alloc_skb(local->hw.extra_tx_headroom + 400);
153 struct ieee80211_mgmt *mgmt; 155 struct ieee80211_mgmt *mgmt;
154 bool include_plid = false; 156 bool include_plid = false;
157 static const u8 meshpeeringproto[] = { 0x00, 0x0F, 0xAC, 0x2A };
155 u8 *pos; 158 u8 *pos;
156 int ie_len; 159 int ie_len;
157 160
@@ -167,9 +170,9 @@ static int mesh_plink_frame_tx(struct ieee80211_sub_if_data *sdata,
167 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 170 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
168 IEEE80211_STYPE_ACTION); 171 IEEE80211_STYPE_ACTION);
169 memcpy(mgmt->da, da, ETH_ALEN); 172 memcpy(mgmt->da, da, ETH_ALEN);
170 memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN); 173 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
171 /* BSSID is left zeroed, wildcard value */ 174 /* BSSID is left zeroed, wildcard value */
172 mgmt->u.action.category = PLINK_CATEGORY; 175 mgmt->u.action.category = MESH_PLINK_CATEGORY;
173 mgmt->u.action.u.plink_action.action_code = action; 176 mgmt->u.action.u.plink_action.action_code = action;
174 177
175 if (action == PLINK_CLOSE) 178 if (action == PLINK_CLOSE)
@@ -179,7 +182,8 @@ static int mesh_plink_frame_tx(struct ieee80211_sub_if_data *sdata,
179 if (action == PLINK_CONFIRM) { 182 if (action == PLINK_CONFIRM) {
180 pos = skb_put(skb, 4); 183 pos = skb_put(skb, 4);
181 /* two-byte status code followed by two-byte AID */ 184 /* two-byte status code followed by two-byte AID */
182 memset(pos, 0, 4); 185 memset(pos, 0, 2);
186 memcpy(pos + 2, &plid, 2);
183 } 187 }
184 mesh_mgmt_ies_add(skb, sdata); 188 mesh_mgmt_ies_add(skb, sdata);
185 } 189 }
@@ -187,18 +191,18 @@ static int mesh_plink_frame_tx(struct ieee80211_sub_if_data *sdata,
187 /* Add Peer Link Management element */ 191 /* Add Peer Link Management element */
188 switch (action) { 192 switch (action) {
189 case PLINK_OPEN: 193 case PLINK_OPEN:
190 ie_len = 3; 194 ie_len = 6;
191 break; 195 break;
192 case PLINK_CONFIRM: 196 case PLINK_CONFIRM:
193 ie_len = 5; 197 ie_len = 8;
194 include_plid = true; 198 include_plid = true;
195 break; 199 break;
196 case PLINK_CLOSE: 200 case PLINK_CLOSE:
197 default: 201 default:
198 if (!plid) 202 if (!plid)
199 ie_len = 5; 203 ie_len = 8;
200 else { 204 else {
201 ie_len = 7; 205 ie_len = 10;
202 include_plid = true; 206 include_plid = true;
203 } 207 }
204 break; 208 break;
@@ -207,7 +211,8 @@ static int mesh_plink_frame_tx(struct ieee80211_sub_if_data *sdata,
207 pos = skb_put(skb, 2 + ie_len); 211 pos = skb_put(skb, 2 + ie_len);
208 *pos++ = WLAN_EID_PEER_LINK; 212 *pos++ = WLAN_EID_PEER_LINK;
209 *pos++ = ie_len; 213 *pos++ = ie_len;
210 *pos++ = action; 214 memcpy(pos, meshpeeringproto, sizeof(meshpeeringproto));
215 pos += 4;
211 memcpy(pos, &llid, 2); 216 memcpy(pos, &llid, 2);
212 if (include_plid) { 217 if (include_plid) {
213 pos += 2; 218 pos += 2;
@@ -218,7 +223,7 @@ static int mesh_plink_frame_tx(struct ieee80211_sub_if_data *sdata,
218 memcpy(pos, &reason, 2); 223 memcpy(pos, &reason, 2);
219 } 224 }
220 225
221 ieee80211_tx_skb(sdata, skb, 1); 226 ieee80211_tx_skb(sdata, skb);
222 return 0; 227 return 0;
223} 228}
224 229
@@ -230,14 +235,14 @@ void mesh_neighbour_update(u8 *hw_addr, u32 rates, struct ieee80211_sub_if_data
230 235
231 rcu_read_lock(); 236 rcu_read_lock();
232 237
233 sta = sta_info_get(local, hw_addr); 238 sta = sta_info_get(sdata, hw_addr);
234 if (!sta) { 239 if (!sta) {
240 rcu_read_unlock();
241
235 sta = mesh_plink_alloc(sdata, hw_addr, rates); 242 sta = mesh_plink_alloc(sdata, hw_addr, rates);
236 if (!sta) { 243 if (!sta)
237 rcu_read_unlock();
238 return; 244 return;
239 } 245 if (sta_info_insert_rcu(sta)) {
240 if (sta_info_insert(sta)) {
241 rcu_read_unlock(); 246 rcu_read_unlock();
242 return; 247 return;
243 } 248 }
@@ -395,6 +400,17 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_m
395 u8 ie_len; 400 u8 ie_len;
396 u8 *baseaddr; 401 u8 *baseaddr;
397 __le16 plid, llid, reason; 402 __le16 plid, llid, reason;
403#ifdef CONFIG_MAC80211_VERBOSE_MPL_DEBUG
404 static const char *mplstates[] = {
405 [PLINK_LISTEN] = "LISTEN",
406 [PLINK_OPN_SNT] = "OPN-SNT",
407 [PLINK_OPN_RCVD] = "OPN-RCVD",
408 [PLINK_CNF_RCVD] = "CNF_RCVD",
409 [PLINK_ESTAB] = "ESTAB",
410 [PLINK_HOLDING] = "HOLDING",
411 [PLINK_BLOCKED] = "BLOCKED"
412 };
413#endif
398 414
399 /* need action_code, aux */ 415 /* need action_code, aux */
400 if (len < IEEE80211_MIN_ACTION_SIZE + 3) 416 if (len < IEEE80211_MIN_ACTION_SIZE + 3)
@@ -417,12 +433,13 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_m
417 return; 433 return;
418 } 434 }
419 435
420 ftype = *((u8 *)PLINK_GET_FRAME_SUBTYPE(elems.peer_link)); 436 ftype = mgmt->u.action.u.plink_action.action_code;
421 ie_len = elems.peer_link_len; 437 ie_len = elems.peer_link_len;
422 if ((ftype == PLINK_OPEN && ie_len != 3) || 438 if ((ftype == PLINK_OPEN && ie_len != 6) ||
423 (ftype == PLINK_CONFIRM && ie_len != 5) || 439 (ftype == PLINK_CONFIRM && ie_len != 8) ||
424 (ftype == PLINK_CLOSE && ie_len != 5 && ie_len != 7)) { 440 (ftype == PLINK_CLOSE && ie_len != 8 && ie_len != 10)) {
425 mpl_dbg("Mesh plink: incorrect plink ie length\n"); 441 mpl_dbg("Mesh plink: incorrect plink ie length %d %d\n",
442 ftype, ie_len);
426 return; 443 return;
427 } 444 }
428 445
@@ -434,12 +451,12 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_m
434 * from the point of view of this host. 451 * from the point of view of this host.
435 */ 452 */
436 memcpy(&plid, PLINK_GET_LLID(elems.peer_link), 2); 453 memcpy(&plid, PLINK_GET_LLID(elems.peer_link), 2);
437 if (ftype == PLINK_CONFIRM || (ftype == PLINK_CLOSE && ie_len == 7)) 454 if (ftype == PLINK_CONFIRM || (ftype == PLINK_CLOSE && ie_len == 10))
438 memcpy(&llid, PLINK_GET_PLID(elems.peer_link), 2); 455 memcpy(&llid, PLINK_GET_PLID(elems.peer_link), 2);
439 456
440 rcu_read_lock(); 457 rcu_read_lock();
441 458
442 sta = sta_info_get(local, mgmt->sa); 459 sta = sta_info_get(sdata, mgmt->sa);
443 if (!sta && ftype != PLINK_OPEN) { 460 if (!sta && ftype != PLINK_OPEN) {
444 mpl_dbg("Mesh plink: cls or cnf from unknown peer\n"); 461 mpl_dbg("Mesh plink: cls or cnf from unknown peer\n");
445 rcu_read_unlock(); 462 rcu_read_unlock();
@@ -469,9 +486,11 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_m
469 } else if (!sta) { 486 } else if (!sta) {
470 /* ftype == PLINK_OPEN */ 487 /* ftype == PLINK_OPEN */
471 u32 rates; 488 u32 rates;
489
490 rcu_read_unlock();
491
472 if (!mesh_plink_free_count(sdata)) { 492 if (!mesh_plink_free_count(sdata)) {
473 mpl_dbg("Mesh plink error: no more free plinks\n"); 493 mpl_dbg("Mesh plink error: no more free plinks\n");
474 rcu_read_unlock();
475 return; 494 return;
476 } 495 }
477 496
@@ -479,10 +498,9 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_m
479 sta = mesh_plink_alloc(sdata, mgmt->sa, rates); 498 sta = mesh_plink_alloc(sdata, mgmt->sa, rates);
480 if (!sta) { 499 if (!sta) {
481 mpl_dbg("Mesh plink error: plink table full\n"); 500 mpl_dbg("Mesh plink error: plink table full\n");
482 rcu_read_unlock();
483 return; 501 return;
484 } 502 }
485 if (sta_info_insert(sta)) { 503 if (sta_info_insert_rcu(sta)) {
486 rcu_read_unlock(); 504 rcu_read_unlock();
487 return; 505 return;
488 } 506 }
@@ -532,8 +550,8 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_m
532 } 550 }
533 } 551 }
534 552
535 mpl_dbg("Mesh plink (peer, state, llid, plid, event): %pM %d %d %d %d\n", 553 mpl_dbg("Mesh plink (peer, state, llid, plid, event): %pM %s %d %d %d\n",
536 mgmt->sa, sta->plink_state, 554 mgmt->sa, mplstates[sta->plink_state],
537 le16_to_cpu(sta->llid), le16_to_cpu(sta->plid), 555 le16_to_cpu(sta->llid), le16_to_cpu(sta->plid),
538 event); 556 event);
539 reason = 0; 557 reason = 0;
@@ -727,7 +745,7 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_m
727 break; 745 break;
728 default: 746 default:
729 /* should not get here, PLINK_BLOCKED is dealt with at the 747 /* should not get here, PLINK_BLOCKED is dealt with at the
730 * beggining of the function 748 * beginning of the function
731 */ 749 */
732 spin_unlock_bh(&sta->lock); 750 spin_unlock_bh(&sta->lock);
733 break; 751 break;
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index dc5049d58c51..875c8dec940a 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -19,6 +19,7 @@
19#include <linux/rtnetlink.h> 19#include <linux/rtnetlink.h>
20#include <linux/pm_qos_params.h> 20#include <linux/pm_qos_params.h>
21#include <linux/crc32.h> 21#include <linux/crc32.h>
22#include <linux/slab.h>
22#include <net/mac80211.h> 23#include <net/mac80211.h>
23#include <asm/unaligned.h> 24#include <asm/unaligned.h>
24 25
@@ -27,10 +28,6 @@
27#include "rate.h" 28#include "rate.h"
28#include "led.h" 29#include "led.h"
29 30
30#define IEEE80211_AUTH_TIMEOUT (HZ / 5)
31#define IEEE80211_AUTH_MAX_TRIES 3
32#define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
33#define IEEE80211_ASSOC_MAX_TRIES 3
34#define IEEE80211_MAX_PROBE_TRIES 5 31#define IEEE80211_MAX_PROBE_TRIES 5
35 32
36/* 33/*
@@ -75,11 +72,8 @@ enum rx_mgmt_action {
75 /* caller must call cfg80211_send_disassoc() */ 72 /* caller must call cfg80211_send_disassoc() */
76 RX_MGMT_CFG80211_DISASSOC, 73 RX_MGMT_CFG80211_DISASSOC,
77 74
78 /* caller must call cfg80211_auth_timeout() & free work */ 75 /* caller must tell cfg80211 about internal error */
79 RX_MGMT_CFG80211_AUTH_TO, 76 RX_MGMT_CFG80211_ASSOC_ERROR,
80
81 /* caller must call cfg80211_assoc_timeout() & free work */
82 RX_MGMT_CFG80211_ASSOC_TO,
83}; 77};
84 78
85/* utils */ 79/* utils */
@@ -122,27 +116,6 @@ static int ecw2cw(int ecw)
122 return (1 << ecw) - 1; 116 return (1 << ecw) - 1;
123} 117}
124 118
125static int ieee80211_compatible_rates(struct ieee80211_bss *bss,
126 struct ieee80211_supported_band *sband,
127 u32 *rates)
128{
129 int i, j, count;
130 *rates = 0;
131 count = 0;
132 for (i = 0; i < bss->supp_rates_len; i++) {
133 int rate = (bss->supp_rates[i] & 0x7F) * 5;
134
135 for (j = 0; j < sband->n_bitrates; j++)
136 if (sband->bitrates[j].bitrate == rate) {
137 *rates |= BIT(j);
138 count++;
139 break;
140 }
141 }
142
143 return count;
144}
145
146/* 119/*
147 * ieee80211_enable_ht should be called only after the operating band 120 * ieee80211_enable_ht should be called only after the operating band
148 * has been determined as ht configuration depends on the hw's 121 * has been determined as ht configuration depends on the hw's
@@ -195,6 +168,8 @@ static u32 ieee80211_enable_ht(struct ieee80211_sub_if_data *sdata,
195 ht_changed = conf_is_ht(&local->hw.conf) != enable_ht || 168 ht_changed = conf_is_ht(&local->hw.conf) != enable_ht ||
196 channel_type != local->hw.conf.channel_type; 169 channel_type != local->hw.conf.channel_type;
197 170
171 if (local->tmp_channel)
172 local->tmp_channel_type = channel_type;
198 local->oper_channel_type = channel_type; 173 local->oper_channel_type = channel_type;
199 174
200 if (ht_changed) { 175 if (ht_changed) {
@@ -202,10 +177,11 @@ static u32 ieee80211_enable_ht(struct ieee80211_sub_if_data *sdata,
202 ieee80211_hw_config(local, 0); 177 ieee80211_hw_config(local, 0);
203 178
204 rcu_read_lock(); 179 rcu_read_lock();
205 sta = sta_info_get(local, bssid); 180 sta = sta_info_get(sdata, bssid);
206 if (sta) 181 if (sta)
207 rate_control_rate_update(local, sband, sta, 182 rate_control_rate_update(local, sband, sta,
208 IEEE80211_RC_HT_CHANGED); 183 IEEE80211_RC_HT_CHANGED,
184 local->oper_channel_type);
209 rcu_read_unlock(); 185 rcu_read_unlock();
210 } 186 }
211 187
@@ -228,208 +204,6 @@ static u32 ieee80211_enable_ht(struct ieee80211_sub_if_data *sdata,
228 204
229/* frame sending functions */ 205/* frame sending functions */
230 206
231static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata,
232 struct ieee80211_mgd_work *wk)
233{
234 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
235 struct ieee80211_local *local = sdata->local;
236 struct sk_buff *skb;
237 struct ieee80211_mgmt *mgmt;
238 u8 *pos;
239 const u8 *ies, *ht_ie;
240 int i, len, count, rates_len, supp_rates_len;
241 u16 capab;
242 int wmm = 0;
243 struct ieee80211_supported_band *sband;
244 u32 rates = 0;
245
246 skb = dev_alloc_skb(local->hw.extra_tx_headroom +
247 sizeof(*mgmt) + 200 + wk->ie_len +
248 wk->ssid_len);
249 if (!skb) {
250 printk(KERN_DEBUG "%s: failed to allocate buffer for assoc "
251 "frame\n", sdata->dev->name);
252 return;
253 }
254 skb_reserve(skb, local->hw.extra_tx_headroom);
255
256 sband = local->hw.wiphy->bands[local->hw.conf.channel->band];
257
258 capab = ifmgd->capab;
259
260 if (local->hw.conf.channel->band == IEEE80211_BAND_2GHZ) {
261 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE))
262 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
263 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE))
264 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
265 }
266
267 if (wk->bss->cbss.capability & WLAN_CAPABILITY_PRIVACY)
268 capab |= WLAN_CAPABILITY_PRIVACY;
269 if (wk->bss->wmm_used)
270 wmm = 1;
271
272 /* get all rates supported by the device and the AP as
273 * some APs don't like getting a superset of their rates
274 * in the association request (e.g. D-Link DAP 1353 in
275 * b-only mode) */
276 rates_len = ieee80211_compatible_rates(wk->bss, sband, &rates);
277
278 if ((wk->bss->cbss.capability & WLAN_CAPABILITY_SPECTRUM_MGMT) &&
279 (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT))
280 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;
281
282 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
283 memset(mgmt, 0, 24);
284 memcpy(mgmt->da, wk->bss->cbss.bssid, ETH_ALEN);
285 memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
286 memcpy(mgmt->bssid, wk->bss->cbss.bssid, ETH_ALEN);
287
288 if (!is_zero_ether_addr(wk->prev_bssid)) {
289 skb_put(skb, 10);
290 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
291 IEEE80211_STYPE_REASSOC_REQ);
292 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab);
293 mgmt->u.reassoc_req.listen_interval =
294 cpu_to_le16(local->hw.conf.listen_interval);
295 memcpy(mgmt->u.reassoc_req.current_ap, wk->prev_bssid,
296 ETH_ALEN);
297 } else {
298 skb_put(skb, 4);
299 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
300 IEEE80211_STYPE_ASSOC_REQ);
301 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab);
302 mgmt->u.assoc_req.listen_interval =
303 cpu_to_le16(local->hw.conf.listen_interval);
304 }
305
306 /* SSID */
307 ies = pos = skb_put(skb, 2 + wk->ssid_len);
308 *pos++ = WLAN_EID_SSID;
309 *pos++ = wk->ssid_len;
310 memcpy(pos, wk->ssid, wk->ssid_len);
311
312 /* add all rates which were marked to be used above */
313 supp_rates_len = rates_len;
314 if (supp_rates_len > 8)
315 supp_rates_len = 8;
316
317 len = sband->n_bitrates;
318 pos = skb_put(skb, supp_rates_len + 2);
319 *pos++ = WLAN_EID_SUPP_RATES;
320 *pos++ = supp_rates_len;
321
322 count = 0;
323 for (i = 0; i < sband->n_bitrates; i++) {
324 if (BIT(i) & rates) {
325 int rate = sband->bitrates[i].bitrate;
326 *pos++ = (u8) (rate / 5);
327 if (++count == 8)
328 break;
329 }
330 }
331
332 if (rates_len > count) {
333 pos = skb_put(skb, rates_len - count + 2);
334 *pos++ = WLAN_EID_EXT_SUPP_RATES;
335 *pos++ = rates_len - count;
336
337 for (i++; i < sband->n_bitrates; i++) {
338 if (BIT(i) & rates) {
339 int rate = sband->bitrates[i].bitrate;
340 *pos++ = (u8) (rate / 5);
341 }
342 }
343 }
344
345 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) {
346 /* 1. power capabilities */
347 pos = skb_put(skb, 4);
348 *pos++ = WLAN_EID_PWR_CAPABILITY;
349 *pos++ = 2;
350 *pos++ = 0; /* min tx power */
351 *pos++ = local->hw.conf.channel->max_power; /* max tx power */
352
353 /* 2. supported channels */
354 /* TODO: get this in reg domain format */
355 pos = skb_put(skb, 2 * sband->n_channels + 2);
356 *pos++ = WLAN_EID_SUPPORTED_CHANNELS;
357 *pos++ = 2 * sband->n_channels;
358 for (i = 0; i < sband->n_channels; i++) {
359 *pos++ = ieee80211_frequency_to_channel(
360 sband->channels[i].center_freq);
361 *pos++ = 1; /* one channel in the subband*/
362 }
363 }
364
365 if (wk->ie_len && wk->ie) {
366 pos = skb_put(skb, wk->ie_len);
367 memcpy(pos, wk->ie, wk->ie_len);
368 }
369
370 if (wmm && (ifmgd->flags & IEEE80211_STA_WMM_ENABLED)) {
371 pos = skb_put(skb, 9);
372 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
373 *pos++ = 7; /* len */
374 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */
375 *pos++ = 0x50;
376 *pos++ = 0xf2;
377 *pos++ = 2; /* WME */
378 *pos++ = 0; /* WME info */
379 *pos++ = 1; /* WME ver */
380 *pos++ = 0;
381 }
382
383 /* wmm support is a must to HT */
384 /*
385 * IEEE802.11n does not allow TKIP/WEP as pairwise
386 * ciphers in HT mode. We still associate in non-ht
387 * mode (11a/b/g) if any one of these ciphers is
388 * configured as pairwise.
389 */
390 if (wmm && (ifmgd->flags & IEEE80211_STA_WMM_ENABLED) &&
391 sband->ht_cap.ht_supported &&
392 (ht_ie = ieee80211_bss_get_ie(&wk->bss->cbss, WLAN_EID_HT_INFORMATION)) &&
393 ht_ie[1] >= sizeof(struct ieee80211_ht_info) &&
394 (!(ifmgd->flags & IEEE80211_STA_DISABLE_11N))) {
395 struct ieee80211_ht_info *ht_info =
396 (struct ieee80211_ht_info *)(ht_ie + 2);
397 u16 cap = sband->ht_cap.cap;
398 __le16 tmp;
399 u32 flags = local->hw.conf.channel->flags;
400
401 switch (ht_info->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
402 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
403 if (flags & IEEE80211_CHAN_NO_HT40PLUS) {
404 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
405 cap &= ~IEEE80211_HT_CAP_SGI_40;
406 }
407 break;
408 case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
409 if (flags & IEEE80211_CHAN_NO_HT40MINUS) {
410 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
411 cap &= ~IEEE80211_HT_CAP_SGI_40;
412 }
413 break;
414 }
415
416 tmp = cpu_to_le16(cap);
417 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap)+2);
418 *pos++ = WLAN_EID_HT_CAPABILITY;
419 *pos++ = sizeof(struct ieee80211_ht_cap);
420 memset(pos, 0, sizeof(struct ieee80211_ht_cap));
421 memcpy(pos, &tmp, sizeof(u16));
422 pos += sizeof(u16);
423 /* TODO: needs a define here for << 2 */
424 *pos++ = sband->ht_cap.ampdu_factor |
425 (sband->ht_cap.ampdu_density << 2);
426 memcpy(pos, &sband->ht_cap.mcs, sizeof(sband->ht_cap.mcs));
427 }
428
429 ieee80211_tx_skb(sdata, skb, 0);
430}
431
432
433static void ieee80211_send_deauth_disassoc(struct ieee80211_sub_if_data *sdata, 207static void ieee80211_send_deauth_disassoc(struct ieee80211_sub_if_data *sdata,
434 const u8 *bssid, u16 stype, u16 reason, 208 const u8 *bssid, u16 stype, u16 reason,
435 void *cookie) 209 void *cookie)
@@ -442,7 +216,7 @@ static void ieee80211_send_deauth_disassoc(struct ieee80211_sub_if_data *sdata,
442 skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt)); 216 skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt));
443 if (!skb) { 217 if (!skb) {
444 printk(KERN_DEBUG "%s: failed to allocate buffer for " 218 printk(KERN_DEBUG "%s: failed to allocate buffer for "
445 "deauth/disassoc frame\n", sdata->dev->name); 219 "deauth/disassoc frame\n", sdata->name);
446 return; 220 return;
447 } 221 }
448 skb_reserve(skb, local->hw.extra_tx_headroom); 222 skb_reserve(skb, local->hw.extra_tx_headroom);
@@ -450,7 +224,7 @@ static void ieee80211_send_deauth_disassoc(struct ieee80211_sub_if_data *sdata,
450 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24); 224 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
451 memset(mgmt, 0, 24); 225 memset(mgmt, 0, 24);
452 memcpy(mgmt->da, bssid, ETH_ALEN); 226 memcpy(mgmt->da, bssid, ETH_ALEN);
453 memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN); 227 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
454 memcpy(mgmt->bssid, bssid, ETH_ALEN); 228 memcpy(mgmt->bssid, bssid, ETH_ALEN);
455 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | stype); 229 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | stype);
456 skb_put(skb, 2); 230 skb_put(skb, 2);
@@ -458,41 +232,35 @@ static void ieee80211_send_deauth_disassoc(struct ieee80211_sub_if_data *sdata,
458 mgmt->u.deauth.reason_code = cpu_to_le16(reason); 232 mgmt->u.deauth.reason_code = cpu_to_le16(reason);
459 233
460 if (stype == IEEE80211_STYPE_DEAUTH) 234 if (stype == IEEE80211_STYPE_DEAUTH)
461 cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len, cookie); 235 if (cookie)
236 __cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len);
237 else
238 cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len);
462 else 239 else
463 cfg80211_send_disassoc(sdata->dev, (u8 *)mgmt, skb->len, cookie); 240 if (cookie)
464 ieee80211_tx_skb(sdata, skb, ifmgd->flags & IEEE80211_STA_MFP_ENABLED); 241 __cfg80211_send_disassoc(sdata->dev, (u8 *)mgmt, skb->len);
242 else
243 cfg80211_send_disassoc(sdata->dev, (u8 *)mgmt, skb->len);
244 if (!(ifmgd->flags & IEEE80211_STA_MFP_ENABLED))
245 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
246 ieee80211_tx_skb(sdata, skb);
465} 247}
466 248
467void ieee80211_send_pspoll(struct ieee80211_local *local, 249void ieee80211_send_pspoll(struct ieee80211_local *local,
468 struct ieee80211_sub_if_data *sdata) 250 struct ieee80211_sub_if_data *sdata)
469{ 251{
470 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
471 struct ieee80211_pspoll *pspoll; 252 struct ieee80211_pspoll *pspoll;
472 struct sk_buff *skb; 253 struct sk_buff *skb;
473 u16 fc;
474 254
475 skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*pspoll)); 255 skb = ieee80211_pspoll_get(&local->hw, &sdata->vif);
476 if (!skb) { 256 if (!skb)
477 printk(KERN_DEBUG "%s: failed to allocate buffer for "
478 "pspoll frame\n", sdata->dev->name);
479 return; 257 return;
480 }
481 skb_reserve(skb, local->hw.extra_tx_headroom);
482
483 pspoll = (struct ieee80211_pspoll *) skb_put(skb, sizeof(*pspoll));
484 memset(pspoll, 0, sizeof(*pspoll));
485 fc = IEEE80211_FTYPE_CTL | IEEE80211_STYPE_PSPOLL | IEEE80211_FCTL_PM;
486 pspoll->frame_control = cpu_to_le16(fc);
487 pspoll->aid = cpu_to_le16(ifmgd->aid);
488 258
489 /* aid in PS-Poll has its two MSBs each set to 1 */ 259 pspoll = (struct ieee80211_pspoll *) skb->data;
490 pspoll->aid |= cpu_to_le16(1 << 15 | 1 << 14); 260 pspoll->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
491 261
492 memcpy(pspoll->bssid, ifmgd->bssid, ETH_ALEN); 262 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
493 memcpy(pspoll->ta, sdata->dev->dev_addr, ETH_ALEN); 263 ieee80211_tx_skb(sdata, skb);
494
495 ieee80211_tx_skb(sdata, skb, 0);
496} 264}
497 265
498void ieee80211_send_nullfunc(struct ieee80211_local *local, 266void ieee80211_send_nullfunc(struct ieee80211_local *local,
@@ -500,32 +268,50 @@ void ieee80211_send_nullfunc(struct ieee80211_local *local,
500 int powersave) 268 int powersave)
501{ 269{
502 struct sk_buff *skb; 270 struct sk_buff *skb;
271 struct ieee80211_hdr_3addr *nullfunc;
272
273 skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif);
274 if (!skb)
275 return;
276
277 nullfunc = (struct ieee80211_hdr_3addr *) skb->data;
278 if (powersave)
279 nullfunc->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
280
281 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
282 ieee80211_tx_skb(sdata, skb);
283}
284
285static void ieee80211_send_4addr_nullfunc(struct ieee80211_local *local,
286 struct ieee80211_sub_if_data *sdata)
287{
288 struct sk_buff *skb;
503 struct ieee80211_hdr *nullfunc; 289 struct ieee80211_hdr *nullfunc;
504 __le16 fc; 290 __le16 fc;
505 291
506 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 292 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
507 return; 293 return;
508 294
509 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 24); 295 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30);
510 if (!skb) { 296 if (!skb) {
511 printk(KERN_DEBUG "%s: failed to allocate buffer for nullfunc " 297 printk(KERN_DEBUG "%s: failed to allocate buffer for 4addr "
512 "frame\n", sdata->dev->name); 298 "nullfunc frame\n", sdata->name);
513 return; 299 return;
514 } 300 }
515 skb_reserve(skb, local->hw.extra_tx_headroom); 301 skb_reserve(skb, local->hw.extra_tx_headroom);
516 302
517 nullfunc = (struct ieee80211_hdr *) skb_put(skb, 24); 303 nullfunc = (struct ieee80211_hdr *) skb_put(skb, 30);
518 memset(nullfunc, 0, 24); 304 memset(nullfunc, 0, 30);
519 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC | 305 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC |
520 IEEE80211_FCTL_TODS); 306 IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
521 if (powersave)
522 fc |= cpu_to_le16(IEEE80211_FCTL_PM);
523 nullfunc->frame_control = fc; 307 nullfunc->frame_control = fc;
524 memcpy(nullfunc->addr1, sdata->u.mgd.bssid, ETH_ALEN); 308 memcpy(nullfunc->addr1, sdata->u.mgd.bssid, ETH_ALEN);
525 memcpy(nullfunc->addr2, sdata->dev->dev_addr, ETH_ALEN); 309 memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN);
526 memcpy(nullfunc->addr3, sdata->u.mgd.bssid, ETH_ALEN); 310 memcpy(nullfunc->addr3, sdata->u.mgd.bssid, ETH_ALEN);
311 memcpy(nullfunc->addr4, sdata->vif.addr, ETH_ALEN);
527 312
528 ieee80211_tx_skb(sdata, skb, 0); 313 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
314 ieee80211_tx_skb(sdata, skb);
529} 315}
530 316
531/* spectrum management related things */ 317/* spectrum management related things */
@@ -535,7 +321,7 @@ static void ieee80211_chswitch_work(struct work_struct *work)
535 container_of(work, struct ieee80211_sub_if_data, u.mgd.chswitch_work); 321 container_of(work, struct ieee80211_sub_if_data, u.mgd.chswitch_work);
536 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 322 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
537 323
538 if (!netif_running(sdata->dev)) 324 if (!ieee80211_sdata_running(sdata))
539 return; 325 return;
540 326
541 mutex_lock(&ifmgd->mtx); 327 mutex_lock(&ifmgd->mtx);
@@ -546,7 +332,7 @@ static void ieee80211_chswitch_work(struct work_struct *work)
546 ieee80211_hw_config(sdata->local, IEEE80211_CONF_CHANGE_CHANNEL); 332 ieee80211_hw_config(sdata->local, IEEE80211_CONF_CHANGE_CHANNEL);
547 333
548 /* XXX: shouldn't really modify cfg80211-owned data! */ 334 /* XXX: shouldn't really modify cfg80211-owned data! */
549 ifmgd->associated->cbss.channel = sdata->local->oper_channel; 335 ifmgd->associated->channel = sdata->local->oper_channel;
550 336
551 ieee80211_wake_queues_by_reason(&sdata->local->hw, 337 ieee80211_wake_queues_by_reason(&sdata->local->hw,
552 IEEE80211_QUEUE_STOP_REASON_CSA); 338 IEEE80211_QUEUE_STOP_REASON_CSA);
@@ -573,6 +359,8 @@ void ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata,
573 struct ieee80211_channel_sw_ie *sw_elem, 359 struct ieee80211_channel_sw_ie *sw_elem,
574 struct ieee80211_bss *bss) 360 struct ieee80211_bss *bss)
575{ 361{
362 struct cfg80211_bss *cbss =
363 container_of((void *)bss, struct cfg80211_bss, priv);
576 struct ieee80211_channel *new_ch; 364 struct ieee80211_channel *new_ch;
577 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 365 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
578 int new_freq = ieee80211_channel_to_frequency(sw_elem->new_ch_num); 366 int new_freq = ieee80211_channel_to_frequency(sw_elem->new_ch_num);
@@ -606,7 +394,7 @@ void ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata,
606 mod_timer(&ifmgd->chswitch_timer, 394 mod_timer(&ifmgd->chswitch_timer,
607 jiffies + 395 jiffies +
608 msecs_to_jiffies(sw_elem->count * 396 msecs_to_jiffies(sw_elem->count *
609 bss->cbss.beacon_interval)); 397 cbss->beacon_interval));
610 } 398 }
611} 399}
612 400
@@ -650,6 +438,11 @@ static void ieee80211_enable_ps(struct ieee80211_local *local,
650 } else { 438 } else {
651 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) 439 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)
652 ieee80211_send_nullfunc(local, sdata, 1); 440 ieee80211_send_nullfunc(local, sdata, 1);
441
442 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) &&
443 (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS))
444 return;
445
653 conf->flags |= IEEE80211_CONF_PS; 446 conf->flags |= IEEE80211_CONF_PS;
654 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 447 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
655 } 448 }
@@ -680,8 +473,13 @@ void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency)
680 return; 473 return;
681 } 474 }
682 475
476 if (!list_empty(&local->work_list)) {
477 local->ps_sdata = NULL;
478 goto change;
479 }
480
683 list_for_each_entry(sdata, &local->interfaces, list) { 481 list_for_each_entry(sdata, &local->interfaces, list) {
684 if (!netif_running(sdata->dev)) 482 if (!ieee80211_sdata_running(sdata))
685 continue; 483 continue;
686 if (sdata->vif.type != NL80211_IFTYPE_STATION) 484 if (sdata->vif.type != NL80211_IFTYPE_STATION)
687 continue; 485 continue;
@@ -690,7 +488,8 @@ void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency)
690 } 488 }
691 489
692 if (count == 1 && found->u.mgd.powersave && 490 if (count == 1 && found->u.mgd.powersave &&
693 found->u.mgd.associated && list_empty(&found->u.mgd.work_list) && 491 found->u.mgd.associated &&
492 found->u.mgd.associated->beacon_ies &&
694 !(found->u.mgd.flags & (IEEE80211_STA_BEACON_POLL | 493 !(found->u.mgd.flags & (IEEE80211_STA_BEACON_POLL |
695 IEEE80211_STA_CONNECTION_POLL))) { 494 IEEE80211_STA_CONNECTION_POLL))) {
696 s32 beaconint_us; 495 s32 beaconint_us;
@@ -704,20 +503,29 @@ void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency)
704 if (beaconint_us > latency) { 503 if (beaconint_us > latency) {
705 local->ps_sdata = NULL; 504 local->ps_sdata = NULL;
706 } else { 505 } else {
707 u8 dtimper = found->vif.bss_conf.dtim_period; 506 struct ieee80211_bss *bss;
708 int maxslp = 1; 507 int maxslp = 1;
508 u8 dtimper;
509
510 bss = (void *)found->u.mgd.associated->priv;
511 dtimper = bss->dtim_period;
709 512
710 if (dtimper > 1) 513 /* If the TIM IE is invalid, pretend the value is 1 */
514 if (!dtimper)
515 dtimper = 1;
516 else if (dtimper > 1)
711 maxslp = min_t(int, dtimper, 517 maxslp = min_t(int, dtimper,
712 latency / beaconint_us); 518 latency / beaconint_us);
713 519
714 local->hw.conf.max_sleep_period = maxslp; 520 local->hw.conf.max_sleep_period = maxslp;
521 local->hw.conf.ps_dtim_period = dtimper;
715 local->ps_sdata = found; 522 local->ps_sdata = found;
716 } 523 }
717 } else { 524 } else {
718 local->ps_sdata = NULL; 525 local->ps_sdata = NULL;
719 } 526 }
720 527
528 change:
721 ieee80211_change_ps(local); 529 ieee80211_change_ps(local);
722} 530}
723 531
@@ -742,6 +550,7 @@ void ieee80211_dynamic_ps_enable_work(struct work_struct *work)
742 container_of(work, struct ieee80211_local, 550 container_of(work, struct ieee80211_local,
743 dynamic_ps_enable_work); 551 dynamic_ps_enable_work);
744 struct ieee80211_sub_if_data *sdata = local->ps_sdata; 552 struct ieee80211_sub_if_data *sdata = local->ps_sdata;
553 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
745 554
746 /* can only happen when PS was just disabled anyway */ 555 /* can only happen when PS was just disabled anyway */
747 if (!sdata) 556 if (!sdata)
@@ -750,11 +559,17 @@ void ieee80211_dynamic_ps_enable_work(struct work_struct *work)
750 if (local->hw.conf.flags & IEEE80211_CONF_PS) 559 if (local->hw.conf.flags & IEEE80211_CONF_PS)
751 return; 560 return;
752 561
753 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) 562 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) &&
563 (!(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)))
754 ieee80211_send_nullfunc(local, sdata, 1); 564 ieee80211_send_nullfunc(local, sdata, 1);
755 565
756 local->hw.conf.flags |= IEEE80211_CONF_PS; 566 if (!((local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) &&
757 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 567 (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)) ||
568 (ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) {
569 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED;
570 local->hw.conf.flags |= IEEE80211_CONF_PS;
571 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
572 }
758} 573}
759 574
760void ieee80211_dynamic_ps_timer(unsigned long data) 575void ieee80211_dynamic_ps_timer(unsigned long data)
@@ -775,9 +590,9 @@ static void ieee80211_sta_wmm_params(struct ieee80211_local *local,
775 struct ieee80211_tx_queue_params params; 590 struct ieee80211_tx_queue_params params;
776 size_t left; 591 size_t left;
777 int count; 592 int count;
778 u8 *pos; 593 u8 *pos, uapsd_queues = 0;
779 594
780 if (!(ifmgd->flags & IEEE80211_STA_WMM_ENABLED)) 595 if (local->hw.queues < 4)
781 return; 596 return;
782 597
783 if (!wmm_param) 598 if (!wmm_param)
@@ -785,6 +600,10 @@ static void ieee80211_sta_wmm_params(struct ieee80211_local *local,
785 600
786 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1) 601 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1)
787 return; 602 return;
603
604 if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED)
605 uapsd_queues = local->uapsd_queues;
606
788 count = wmm_param[6] & 0x0f; 607 count = wmm_param[6] & 0x0f;
789 if (count == ifmgd->wmm_last_param_set) 608 if (count == ifmgd->wmm_last_param_set)
790 return; 609 return;
@@ -799,6 +618,7 @@ static void ieee80211_sta_wmm_params(struct ieee80211_local *local,
799 for (; left >= 4; left -= 4, pos += 4) { 618 for (; left >= 4; left -= 4, pos += 4) {
800 int aci = (pos[0] >> 5) & 0x03; 619 int aci = (pos[0] >> 5) & 0x03;
801 int acm = (pos[0] >> 4) & 0x01; 620 int acm = (pos[0] >> 4) & 0x01;
621 bool uapsd = false;
802 int queue; 622 int queue;
803 623
804 switch (aci) { 624 switch (aci) {
@@ -806,22 +626,30 @@ static void ieee80211_sta_wmm_params(struct ieee80211_local *local,
806 queue = 3; 626 queue = 3;
807 if (acm) 627 if (acm)
808 local->wmm_acm |= BIT(1) | BIT(2); /* BK/- */ 628 local->wmm_acm |= BIT(1) | BIT(2); /* BK/- */
629 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK)
630 uapsd = true;
809 break; 631 break;
810 case 2: /* AC_VI */ 632 case 2: /* AC_VI */
811 queue = 1; 633 queue = 1;
812 if (acm) 634 if (acm)
813 local->wmm_acm |= BIT(4) | BIT(5); /* CL/VI */ 635 local->wmm_acm |= BIT(4) | BIT(5); /* CL/VI */
636 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI)
637 uapsd = true;
814 break; 638 break;
815 case 3: /* AC_VO */ 639 case 3: /* AC_VO */
816 queue = 0; 640 queue = 0;
817 if (acm) 641 if (acm)
818 local->wmm_acm |= BIT(6) | BIT(7); /* VO/NC */ 642 local->wmm_acm |= BIT(6) | BIT(7); /* VO/NC */
643 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO)
644 uapsd = true;
819 break; 645 break;
820 case 0: /* AC_BE */ 646 case 0: /* AC_BE */
821 default: 647 default:
822 queue = 2; 648 queue = 2;
823 if (acm) 649 if (acm)
824 local->wmm_acm |= BIT(0) | BIT(3); /* BE/EE */ 650 local->wmm_acm |= BIT(0) | BIT(3); /* BE/EE */
651 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE)
652 uapsd = true;
825 break; 653 break;
826 } 654 }
827 655
@@ -829,11 +657,14 @@ static void ieee80211_sta_wmm_params(struct ieee80211_local *local,
829 params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4); 657 params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4);
830 params.cw_min = ecw2cw(pos[1] & 0x0f); 658 params.cw_min = ecw2cw(pos[1] & 0x0f);
831 params.txop = get_unaligned_le16(pos + 2); 659 params.txop = get_unaligned_le16(pos + 2);
660 params.uapsd = uapsd;
661
832#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 662#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
833 printk(KERN_DEBUG "%s: WMM queue=%d aci=%d acm=%d aifs=%d " 663 printk(KERN_DEBUG "%s: WMM queue=%d aci=%d acm=%d aifs=%d "
834 "cWmin=%d cWmax=%d txop=%d\n", 664 "cWmin=%d cWmax=%d txop=%d uapsd=%d\n",
835 wiphy_name(local->hw.wiphy), queue, aci, acm, 665 wiphy_name(local->hw.wiphy), queue, aci, acm,
836 params.aifs, params.cw_min, params.cw_max, params.txop); 666 params.aifs, params.cw_min, params.cw_max, params.txop,
667 params.uapsd);
837#endif 668#endif
838 if (drv_conf_tx(local, queue, &params) && local->ops->conf_tx) 669 if (drv_conf_tx(local, queue, &params) && local->ops->conf_tx)
839 printk(KERN_DEBUG "%s: failed to set TX queue " 670 printk(KERN_DEBUG "%s: failed to set TX queue "
@@ -860,6 +691,8 @@ static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata,
860 } 691 }
861 692
862 use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME); 693 use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME);
694 if (sdata->local->hw.conf.channel->band == IEEE80211_BAND_5GHZ)
695 use_short_slot = true;
863 696
864 if (use_protection != bss_conf->use_cts_prot) { 697 if (use_protection != bss_conf->use_cts_prot) {
865 bss_conf->use_cts_prot = use_protection; 698 bss_conf->use_cts_prot = use_protection;
@@ -880,30 +713,36 @@ static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata,
880} 713}
881 714
882static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata, 715static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
883 struct ieee80211_mgd_work *wk, 716 struct cfg80211_bss *cbss,
884 u32 bss_info_changed) 717 u32 bss_info_changed)
885{ 718{
719 struct ieee80211_bss *bss = (void *)cbss->priv;
886 struct ieee80211_local *local = sdata->local; 720 struct ieee80211_local *local = sdata->local;
887 struct ieee80211_bss *bss = wk->bss;
888 721
889 bss_info_changed |= BSS_CHANGED_ASSOC; 722 bss_info_changed |= BSS_CHANGED_ASSOC;
890 /* set timing information */ 723 /* set timing information */
891 sdata->vif.bss_conf.beacon_int = bss->cbss.beacon_interval; 724 sdata->vif.bss_conf.beacon_int = cbss->beacon_interval;
892 sdata->vif.bss_conf.timestamp = bss->cbss.tsf; 725 sdata->vif.bss_conf.timestamp = cbss->tsf;
893 sdata->vif.bss_conf.dtim_period = bss->dtim_period;
894 726
895 bss_info_changed |= BSS_CHANGED_BEACON_INT; 727 bss_info_changed |= BSS_CHANGED_BEACON_INT;
896 bss_info_changed |= ieee80211_handle_bss_capability(sdata, 728 bss_info_changed |= ieee80211_handle_bss_capability(sdata,
897 bss->cbss.capability, bss->has_erp_value, bss->erp_value); 729 cbss->capability, bss->has_erp_value, bss->erp_value);
898 730
899 sdata->u.mgd.associated = bss; 731 sdata->u.mgd.associated = cbss;
900 sdata->u.mgd.old_associate_work = wk; 732 memcpy(sdata->u.mgd.bssid, cbss->bssid, ETH_ALEN);
901 memcpy(sdata->u.mgd.bssid, bss->cbss.bssid, ETH_ALEN);
902 733
903 /* just to be sure */ 734 /* just to be sure */
904 sdata->u.mgd.flags &= ~(IEEE80211_STA_CONNECTION_POLL | 735 sdata->u.mgd.flags &= ~(IEEE80211_STA_CONNECTION_POLL |
905 IEEE80211_STA_BEACON_POLL); 736 IEEE80211_STA_BEACON_POLL);
906 737
738 /*
739 * Always handle WMM once after association regardless
740 * of the first value the AP uses. Setting -1 here has
741 * that effect because the AP values is an unsigned
742 * 4-bit value.
743 */
744 sdata->u.mgd.wmm_last_param_set = -1;
745
907 ieee80211_led_assoc(local, 1); 746 ieee80211_led_assoc(local, 1);
908 747
909 sdata->vif.bss_conf.assoc = 1; 748 sdata->vif.bss_conf.assoc = 1;
@@ -921,99 +760,14 @@ static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
921 760
922 mutex_lock(&local->iflist_mtx); 761 mutex_lock(&local->iflist_mtx);
923 ieee80211_recalc_ps(local, -1); 762 ieee80211_recalc_ps(local, -1);
763 ieee80211_recalc_smps(local, sdata);
924 mutex_unlock(&local->iflist_mtx); 764 mutex_unlock(&local->iflist_mtx);
925 765
926 netif_tx_start_all_queues(sdata->dev); 766 netif_tx_start_all_queues(sdata->dev);
927 netif_carrier_on(sdata->dev); 767 netif_carrier_on(sdata->dev);
928} 768}
929 769
930static enum rx_mgmt_action __must_check 770static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata)
931ieee80211_direct_probe(struct ieee80211_sub_if_data *sdata,
932 struct ieee80211_mgd_work *wk)
933{
934 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
935 struct ieee80211_local *local = sdata->local;
936
937 wk->tries++;
938 if (wk->tries > IEEE80211_AUTH_MAX_TRIES) {
939 printk(KERN_DEBUG "%s: direct probe to AP %pM timed out\n",
940 sdata->dev->name, wk->bss->cbss.bssid);
941
942 /*
943 * Most likely AP is not in the range so remove the
944 * bss struct for that AP.
945 */
946 cfg80211_unlink_bss(local->hw.wiphy, &wk->bss->cbss);
947
948 /*
949 * We might have a pending scan which had no chance to run yet
950 * due to work needing to be done. Hence, queue the STAs work
951 * again for that.
952 */
953 ieee80211_queue_work(&local->hw, &ifmgd->work);
954 return RX_MGMT_CFG80211_AUTH_TO;
955 }
956
957 printk(KERN_DEBUG "%s: direct probe to AP %pM (try %d)\n",
958 sdata->dev->name, wk->bss->cbss.bssid,
959 wk->tries);
960
961 /*
962 * Direct probe is sent to broadcast address as some APs
963 * will not answer to direct packet in unassociated state.
964 */
965 ieee80211_send_probe_req(sdata, NULL, wk->ssid, wk->ssid_len, NULL, 0);
966
967 wk->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
968 run_again(ifmgd, wk->timeout);
969
970 return RX_MGMT_NONE;
971}
972
973
974static enum rx_mgmt_action __must_check
975ieee80211_authenticate(struct ieee80211_sub_if_data *sdata,
976 struct ieee80211_mgd_work *wk)
977{
978 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
979 struct ieee80211_local *local = sdata->local;
980
981 wk->tries++;
982 if (wk->tries > IEEE80211_AUTH_MAX_TRIES) {
983 printk(KERN_DEBUG "%s: authentication with AP %pM"
984 " timed out\n",
985 sdata->dev->name, wk->bss->cbss.bssid);
986
987 /*
988 * Most likely AP is not in the range so remove the
989 * bss struct for that AP.
990 */
991 cfg80211_unlink_bss(local->hw.wiphy, &wk->bss->cbss);
992
993 /*
994 * We might have a pending scan which had no chance to run yet
995 * due to work needing to be done. Hence, queue the STAs work
996 * again for that.
997 */
998 ieee80211_queue_work(&local->hw, &ifmgd->work);
999 return RX_MGMT_CFG80211_AUTH_TO;
1000 }
1001
1002 printk(KERN_DEBUG "%s: authenticate with AP %pM (try %d)\n",
1003 sdata->dev->name, wk->bss->cbss.bssid, wk->tries);
1004
1005 ieee80211_send_auth(sdata, 1, wk->auth_alg, wk->ie, wk->ie_len,
1006 wk->bss->cbss.bssid, NULL, 0, 0);
1007 wk->auth_transaction = 2;
1008
1009 wk->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
1010 run_again(ifmgd, wk->timeout);
1011
1012 return RX_MGMT_NONE;
1013}
1014
1015static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
1016 bool deauth)
1017{ 771{
1018 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 772 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1019 struct ieee80211_local *local = sdata->local; 773 struct ieee80211_local *local = sdata->local;
@@ -1026,21 +780,11 @@ static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
1026 if (WARN_ON(!ifmgd->associated)) 780 if (WARN_ON(!ifmgd->associated))
1027 return; 781 return;
1028 782
1029 memcpy(bssid, ifmgd->associated->cbss.bssid, ETH_ALEN); 783 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN);
1030 784
1031 ifmgd->associated = NULL; 785 ifmgd->associated = NULL;
1032 memset(ifmgd->bssid, 0, ETH_ALEN); 786 memset(ifmgd->bssid, 0, ETH_ALEN);
1033 787
1034 if (deauth) {
1035 kfree(ifmgd->old_associate_work);
1036 ifmgd->old_associate_work = NULL;
1037 } else {
1038 struct ieee80211_mgd_work *wk = ifmgd->old_associate_work;
1039
1040 wk->state = IEEE80211_MGD_STATE_IDLE;
1041 list_add(&wk->list, &ifmgd->work_list);
1042 }
1043
1044 /* 788 /*
1045 * we need to commit the associated = NULL change because the 789 * we need to commit the associated = NULL change because the
1046 * scan code uses that to determine whether this iface should 790 * scan code uses that to determine whether this iface should
@@ -1059,9 +803,11 @@ static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
1059 netif_carrier_off(sdata->dev); 803 netif_carrier_off(sdata->dev);
1060 804
1061 rcu_read_lock(); 805 rcu_read_lock();
1062 sta = sta_info_get(local, bssid); 806 sta = sta_info_get(sdata, bssid);
1063 if (sta) 807 if (sta) {
808 set_sta_flags(sta, WLAN_STA_DISASSOC);
1064 ieee80211_sta_tear_down_BA_sessions(sta); 809 ieee80211_sta_tear_down_BA_sessions(sta);
810 }
1065 rcu_read_unlock(); 811 rcu_read_unlock();
1066 812
1067 changed |= ieee80211_reset_erp_info(sdata); 813 changed |= ieee80211_reset_erp_info(sdata);
@@ -1072,8 +818,6 @@ static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
1072 818
1073 ieee80211_set_wmm_default(sdata); 819 ieee80211_set_wmm_default(sdata);
1074 820
1075 ieee80211_recalc_idle(local);
1076
1077 /* channel(_type) changes are handled by ieee80211_hw_config */ 821 /* channel(_type) changes are handled by ieee80211_hw_config */
1078 local->oper_channel_type = NL80211_CHAN_NO_HT; 822 local->oper_channel_type = NL80211_CHAN_NO_HT;
1079 823
@@ -1096,57 +840,7 @@ static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
1096 changed |= BSS_CHANGED_BSSID; 840 changed |= BSS_CHANGED_BSSID;
1097 ieee80211_bss_info_change_notify(sdata, changed); 841 ieee80211_bss_info_change_notify(sdata, changed);
1098 842
1099 rcu_read_lock(); 843 sta_info_destroy_addr(sdata, bssid);
1100
1101 sta = sta_info_get(local, bssid);
1102 if (!sta) {
1103 rcu_read_unlock();
1104 return;
1105 }
1106
1107 sta_info_unlink(&sta);
1108
1109 rcu_read_unlock();
1110
1111 sta_info_destroy(sta);
1112}
1113
1114static enum rx_mgmt_action __must_check
1115ieee80211_associate(struct ieee80211_sub_if_data *sdata,
1116 struct ieee80211_mgd_work *wk)
1117{
1118 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1119 struct ieee80211_local *local = sdata->local;
1120
1121 wk->tries++;
1122 if (wk->tries > IEEE80211_ASSOC_MAX_TRIES) {
1123 printk(KERN_DEBUG "%s: association with AP %pM"
1124 " timed out\n",
1125 sdata->dev->name, wk->bss->cbss.bssid);
1126
1127 /*
1128 * Most likely AP is not in the range so remove the
1129 * bss struct for that AP.
1130 */
1131 cfg80211_unlink_bss(local->hw.wiphy, &wk->bss->cbss);
1132
1133 /*
1134 * We might have a pending scan which had no chance to run yet
1135 * due to work needing to be done. Hence, queue the STAs work
1136 * again for that.
1137 */
1138 ieee80211_queue_work(&local->hw, &ifmgd->work);
1139 return RX_MGMT_CFG80211_ASSOC_TO;
1140 }
1141
1142 printk(KERN_DEBUG "%s: associate with AP %pM (try %d)\n",
1143 sdata->dev->name, wk->bss->cbss.bssid, wk->tries);
1144 ieee80211_send_assoc(sdata, wk);
1145
1146 wk->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT;
1147 run_again(ifmgd, wk->timeout);
1148
1149 return RX_MGMT_NONE;
1150} 844}
1151 845
1152void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata, 846void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata,
@@ -1172,8 +866,8 @@ static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata)
1172 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 866 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1173 const u8 *ssid; 867 const u8 *ssid;
1174 868
1175 ssid = ieee80211_bss_get_ie(&ifmgd->associated->cbss, WLAN_EID_SSID); 869 ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID);
1176 ieee80211_send_probe_req(sdata, ifmgd->associated->cbss.bssid, 870 ieee80211_send_probe_req(sdata, ifmgd->associated->bssid,
1177 ssid + 2, ssid[1], NULL, 0); 871 ssid + 2, ssid[1], NULL, 0);
1178 872
1179 ifmgd->probe_send_count++; 873 ifmgd->probe_send_count++;
@@ -1187,12 +881,15 @@ static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata,
1187 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 881 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1188 bool already = false; 882 bool already = false;
1189 883
1190 if (!netif_running(sdata->dev)) 884 if (!ieee80211_sdata_running(sdata))
1191 return; 885 return;
1192 886
1193 if (sdata->local->scanning) 887 if (sdata->local->scanning)
1194 return; 888 return;
1195 889
890 if (sdata->local->tmp_channel)
891 return;
892
1196 mutex_lock(&ifmgd->mtx); 893 mutex_lock(&ifmgd->mtx);
1197 894
1198 if (!ifmgd->associated) 895 if (!ifmgd->associated)
@@ -1201,7 +898,7 @@ static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata,
1201#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 898#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
1202 if (beacon && net_ratelimit()) 899 if (beacon && net_ratelimit())
1203 printk(KERN_DEBUG "%s: detected beacon loss from AP " 900 printk(KERN_DEBUG "%s: detected beacon loss from AP "
1204 "- sending probe request\n", sdata->dev->name); 901 "- sending probe request\n", sdata->name);
1205#endif 902#endif
1206 903
1207 /* 904 /*
@@ -1254,88 +951,8 @@ void ieee80211_beacon_loss(struct ieee80211_vif *vif)
1254} 951}
1255EXPORT_SYMBOL(ieee80211_beacon_loss); 952EXPORT_SYMBOL(ieee80211_beacon_loss);
1256 953
1257static void ieee80211_auth_completed(struct ieee80211_sub_if_data *sdata,
1258 struct ieee80211_mgd_work *wk)
1259{
1260 wk->state = IEEE80211_MGD_STATE_IDLE;
1261 printk(KERN_DEBUG "%s: authenticated\n", sdata->dev->name);
1262}
1263
1264
1265static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata,
1266 struct ieee80211_mgd_work *wk,
1267 struct ieee80211_mgmt *mgmt,
1268 size_t len)
1269{
1270 u8 *pos;
1271 struct ieee802_11_elems elems;
1272
1273 pos = mgmt->u.auth.variable;
1274 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
1275 if (!elems.challenge)
1276 return;
1277 ieee80211_send_auth(sdata, 3, wk->auth_alg,
1278 elems.challenge - 2, elems.challenge_len + 2,
1279 wk->bss->cbss.bssid,
1280 wk->key, wk->key_len, wk->key_idx);
1281 wk->auth_transaction = 4;
1282}
1283
1284static enum rx_mgmt_action __must_check
1285ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata,
1286 struct ieee80211_mgd_work *wk,
1287 struct ieee80211_mgmt *mgmt, size_t len)
1288{
1289 u16 auth_alg, auth_transaction, status_code;
1290
1291 if (wk->state != IEEE80211_MGD_STATE_AUTH)
1292 return RX_MGMT_NONE;
1293
1294 if (len < 24 + 6)
1295 return RX_MGMT_NONE;
1296
1297 if (memcmp(wk->bss->cbss.bssid, mgmt->sa, ETH_ALEN) != 0)
1298 return RX_MGMT_NONE;
1299
1300 if (memcmp(wk->bss->cbss.bssid, mgmt->bssid, ETH_ALEN) != 0)
1301 return RX_MGMT_NONE;
1302
1303 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
1304 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
1305 status_code = le16_to_cpu(mgmt->u.auth.status_code);
1306
1307 if (auth_alg != wk->auth_alg ||
1308 auth_transaction != wk->auth_transaction)
1309 return RX_MGMT_NONE;
1310
1311 if (status_code != WLAN_STATUS_SUCCESS) {
1312 list_del(&wk->list);
1313 kfree(wk);
1314 return RX_MGMT_CFG80211_AUTH;
1315 }
1316
1317 switch (wk->auth_alg) {
1318 case WLAN_AUTH_OPEN:
1319 case WLAN_AUTH_LEAP:
1320 case WLAN_AUTH_FT:
1321 ieee80211_auth_completed(sdata, wk);
1322 return RX_MGMT_CFG80211_AUTH;
1323 case WLAN_AUTH_SHARED_KEY:
1324 if (wk->auth_transaction == 4) {
1325 ieee80211_auth_completed(sdata, wk);
1326 return RX_MGMT_CFG80211_AUTH;
1327 } else
1328 ieee80211_auth_challenge(sdata, wk, mgmt, len);
1329 break;
1330 }
1331
1332 return RX_MGMT_NONE;
1333}
1334
1335
1336static enum rx_mgmt_action __must_check 954static enum rx_mgmt_action __must_check
1337ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata, 955ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata,
1338 struct ieee80211_mgd_work *wk,
1339 struct ieee80211_mgmt *mgmt, size_t len) 956 struct ieee80211_mgmt *mgmt, size_t len)
1340{ 957{
1341 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 958 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
@@ -1347,22 +964,15 @@ ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata,
1347 964
1348 ASSERT_MGD_MTX(ifmgd); 965 ASSERT_MGD_MTX(ifmgd);
1349 966
1350 if (wk) 967 bssid = ifmgd->associated->bssid;
1351 bssid = wk->bss->cbss.bssid;
1352 else
1353 bssid = ifmgd->associated->cbss.bssid;
1354 968
1355 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code); 969 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
1356 970
1357 printk(KERN_DEBUG "%s: deauthenticated from %pM (Reason: %u)\n", 971 printk(KERN_DEBUG "%s: deauthenticated from %pM (Reason: %u)\n",
1358 sdata->dev->name, bssid, reason_code); 972 sdata->name, bssid, reason_code);
1359 973
1360 if (!wk) { 974 ieee80211_set_disassoc(sdata);
1361 ieee80211_set_disassoc(sdata, true); 975 ieee80211_recalc_idle(sdata->local);
1362 } else {
1363 list_del(&wk->list);
1364 kfree(wk);
1365 }
1366 976
1367 return RX_MGMT_CFG80211_DEAUTH; 977 return RX_MGMT_CFG80211_DEAUTH;
1368} 978}
@@ -1383,122 +993,72 @@ ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata,
1383 if (WARN_ON(!ifmgd->associated)) 993 if (WARN_ON(!ifmgd->associated))
1384 return RX_MGMT_NONE; 994 return RX_MGMT_NONE;
1385 995
1386 if (WARN_ON(memcmp(ifmgd->associated->cbss.bssid, mgmt->sa, ETH_ALEN))) 996 if (WARN_ON(memcmp(ifmgd->associated->bssid, mgmt->sa, ETH_ALEN)))
1387 return RX_MGMT_NONE; 997 return RX_MGMT_NONE;
1388 998
1389 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code); 999 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
1390 1000
1391 printk(KERN_DEBUG "%s: disassociated from %pM (Reason: %u)\n", 1001 printk(KERN_DEBUG "%s: disassociated from %pM (Reason: %u)\n",
1392 sdata->dev->name, mgmt->sa, reason_code); 1002 sdata->name, mgmt->sa, reason_code);
1393 1003
1394 ieee80211_set_disassoc(sdata, false); 1004 ieee80211_set_disassoc(sdata);
1005 ieee80211_recalc_idle(sdata->local);
1395 return RX_MGMT_CFG80211_DISASSOC; 1006 return RX_MGMT_CFG80211_DISASSOC;
1396} 1007}
1397 1008
1398 1009
1399static enum rx_mgmt_action __must_check 1010static bool ieee80211_assoc_success(struct ieee80211_work *wk,
1400ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata, 1011 struct ieee80211_mgmt *mgmt, size_t len)
1401 struct ieee80211_mgd_work *wk,
1402 struct ieee80211_mgmt *mgmt, size_t len,
1403 bool reassoc)
1404{ 1012{
1013 struct ieee80211_sub_if_data *sdata = wk->sdata;
1405 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1014 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1406 struct ieee80211_local *local = sdata->local; 1015 struct ieee80211_local *local = sdata->local;
1407 struct ieee80211_supported_band *sband; 1016 struct ieee80211_supported_band *sband;
1408 struct sta_info *sta; 1017 struct sta_info *sta;
1018 struct cfg80211_bss *cbss = wk->assoc.bss;
1019 u8 *pos;
1409 u32 rates, basic_rates; 1020 u32 rates, basic_rates;
1410 u16 capab_info, status_code, aid; 1021 u16 capab_info, aid;
1411 struct ieee802_11_elems elems; 1022 struct ieee802_11_elems elems;
1412 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 1023 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
1413 u8 *pos;
1414 u32 changed = 0; 1024 u32 changed = 0;
1415 int i, j; 1025 int i, j, err;
1416 bool have_higher_than_11mbit = false, newsta = false; 1026 bool have_higher_than_11mbit = false;
1417 u16 ap_ht_cap_flags; 1027 u16 ap_ht_cap_flags;
1418 1028
1419 /* 1029 /* AssocResp and ReassocResp have identical structure */
1420 * AssocResp and ReassocResp have identical structure, so process both
1421 * of them in this function.
1422 */
1423
1424 if (len < 24 + 6)
1425 return RX_MGMT_NONE;
1426
1427 if (memcmp(wk->bss->cbss.bssid, mgmt->sa, ETH_ALEN) != 0)
1428 return RX_MGMT_NONE;
1429 1030
1430 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
1431 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
1432 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 1031 aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
1433 1032 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
1434 printk(KERN_DEBUG "%s: RX %sssocResp from %pM (capab=0x%x "
1435 "status=%d aid=%d)\n",
1436 sdata->dev->name, reassoc ? "Rea" : "A", mgmt->sa,
1437 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14))));
1438
1439 pos = mgmt->u.assoc_resp.variable;
1440 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
1441
1442 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY &&
1443 elems.timeout_int && elems.timeout_int_len == 5 &&
1444 elems.timeout_int[0] == WLAN_TIMEOUT_ASSOC_COMEBACK) {
1445 u32 tu, ms;
1446 tu = get_unaligned_le32(elems.timeout_int + 1);
1447 ms = tu * 1024 / 1000;
1448 printk(KERN_DEBUG "%s: AP rejected association temporarily; "
1449 "comeback duration %u TU (%u ms)\n",
1450 sdata->dev->name, tu, ms);
1451 wk->timeout = jiffies + msecs_to_jiffies(ms);
1452 if (ms > IEEE80211_ASSOC_TIMEOUT)
1453 run_again(ifmgd, jiffies + msecs_to_jiffies(ms));
1454 return RX_MGMT_NONE;
1455 }
1456
1457 if (status_code != WLAN_STATUS_SUCCESS) {
1458 printk(KERN_DEBUG "%s: AP denied association (code=%d)\n",
1459 sdata->dev->name, status_code);
1460 wk->state = IEEE80211_MGD_STATE_IDLE;
1461 return RX_MGMT_CFG80211_ASSOC;
1462 }
1463 1033
1464 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14))) 1034 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14)))
1465 printk(KERN_DEBUG "%s: invalid aid value %d; bits 15:14 not " 1035 printk(KERN_DEBUG "%s: invalid aid value %d; bits 15:14 not "
1466 "set\n", sdata->dev->name, aid); 1036 "set\n", sdata->name, aid);
1467 aid &= ~(BIT(15) | BIT(14)); 1037 aid &= ~(BIT(15) | BIT(14));
1468 1038
1039 pos = mgmt->u.assoc_resp.variable;
1040 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
1041
1469 if (!elems.supp_rates) { 1042 if (!elems.supp_rates) {
1470 printk(KERN_DEBUG "%s: no SuppRates element in AssocResp\n", 1043 printk(KERN_DEBUG "%s: no SuppRates element in AssocResp\n",
1471 sdata->dev->name); 1044 sdata->name);
1472 return RX_MGMT_NONE; 1045 return false;
1473 } 1046 }
1474 1047
1475 printk(KERN_DEBUG "%s: associated\n", sdata->dev->name);
1476 ifmgd->aid = aid; 1048 ifmgd->aid = aid;
1477 1049
1478 rcu_read_lock(); 1050 sta = sta_info_alloc(sdata, cbss->bssid, GFP_KERNEL);
1479
1480 /* Add STA entry for the AP */
1481 sta = sta_info_get(local, wk->bss->cbss.bssid);
1482 if (!sta) { 1051 if (!sta) {
1483 newsta = true; 1052 printk(KERN_DEBUG "%s: failed to alloc STA entry for"
1484 1053 " the AP\n", sdata->name);
1485 rcu_read_unlock(); 1054 return false;
1486
1487 sta = sta_info_alloc(sdata, wk->bss->cbss.bssid, GFP_KERNEL);
1488 if (!sta) {
1489 printk(KERN_DEBUG "%s: failed to alloc STA entry for"
1490 " the AP\n", sdata->dev->name);
1491 return RX_MGMT_NONE;
1492 }
1493
1494 set_sta_flags(sta, WLAN_STA_AUTH | WLAN_STA_ASSOC |
1495 WLAN_STA_ASSOC_AP);
1496 if (!(ifmgd->flags & IEEE80211_STA_CONTROL_PORT))
1497 set_sta_flags(sta, WLAN_STA_AUTHORIZED);
1498
1499 rcu_read_lock();
1500 } 1055 }
1501 1056
1057 set_sta_flags(sta, WLAN_STA_AUTH | WLAN_STA_ASSOC |
1058 WLAN_STA_ASSOC_AP);
1059 if (!(ifmgd->flags & IEEE80211_STA_CONTROL_PORT))
1060 set_sta_flags(sta, WLAN_STA_AUTHORIZED);
1061
1502 rates = 0; 1062 rates = 0;
1503 basic_rates = 0; 1063 basic_rates = 0;
1504 sband = local->hw.wiphy->bands[local->hw.conf.channel->band]; 1064 sband = local->hw.wiphy->bands[local->hw.conf.channel->band];
@@ -1561,40 +1121,40 @@ ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
1561 if (elems.wmm_param) 1121 if (elems.wmm_param)
1562 set_sta_flags(sta, WLAN_STA_WME); 1122 set_sta_flags(sta, WLAN_STA_WME);
1563 1123
1564 if (newsta) { 1124 err = sta_info_insert(sta);
1565 int err = sta_info_insert(sta); 1125 sta = NULL;
1566 if (err) { 1126 if (err) {
1567 printk(KERN_DEBUG "%s: failed to insert STA entry for" 1127 printk(KERN_DEBUG "%s: failed to insert STA entry for"
1568 " the AP (error %d)\n", sdata->dev->name, err); 1128 " the AP (error %d)\n", sdata->name, err);
1569 rcu_read_unlock(); 1129 return false;
1570 return RX_MGMT_NONE;
1571 }
1572 } 1130 }
1573 1131
1574 rcu_read_unlock();
1575
1576 if (elems.wmm_param) 1132 if (elems.wmm_param)
1577 ieee80211_sta_wmm_params(local, ifmgd, elems.wmm_param, 1133 ieee80211_sta_wmm_params(local, ifmgd, elems.wmm_param,
1578 elems.wmm_param_len); 1134 elems.wmm_param_len);
1579 else 1135 else
1580 ieee80211_set_wmm_default(sdata); 1136 ieee80211_set_wmm_default(sdata);
1581 1137
1138 local->oper_channel = wk->chan;
1139
1582 if (elems.ht_info_elem && elems.wmm_param && 1140 if (elems.ht_info_elem && elems.wmm_param &&
1583 (ifmgd->flags & IEEE80211_STA_WMM_ENABLED) && 1141 (sdata->local->hw.queues >= 4) &&
1584 !(ifmgd->flags & IEEE80211_STA_DISABLE_11N)) 1142 !(ifmgd->flags & IEEE80211_STA_DISABLE_11N))
1585 changed |= ieee80211_enable_ht(sdata, elems.ht_info_elem, 1143 changed |= ieee80211_enable_ht(sdata, elems.ht_info_elem,
1586 wk->bss->cbss.bssid, 1144 cbss->bssid, ap_ht_cap_flags);
1587 ap_ht_cap_flags);
1588
1589 /* delete work item -- must be before set_associated for PS */
1590 list_del(&wk->list);
1591 1145
1592 /* set AID and assoc capability, 1146 /* set AID and assoc capability,
1593 * ieee80211_set_associated() will tell the driver */ 1147 * ieee80211_set_associated() will tell the driver */
1594 bss_conf->aid = aid; 1148 bss_conf->aid = aid;
1595 bss_conf->assoc_capability = capab_info; 1149 bss_conf->assoc_capability = capab_info;
1596 /* this will take ownership of wk */ 1150 ieee80211_set_associated(sdata, cbss, changed);
1597 ieee80211_set_associated(sdata, wk, changed); 1151
1152 /*
1153 * If we're using 4-addr mode, let the AP know that we're
1154 * doing so, so that it can create the STA VLAN on its side
1155 */
1156 if (ifmgd->use_4addr)
1157 ieee80211_send_4addr_nullfunc(local, sdata);
1598 1158
1599 /* 1159 /*
1600 * Start timer to probe the connection to the AP now. 1160 * Start timer to probe the connection to the AP now.
@@ -1603,7 +1163,7 @@ ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
1603 ieee80211_sta_rx_notify(sdata, (struct ieee80211_hdr *)mgmt); 1163 ieee80211_sta_rx_notify(sdata, (struct ieee80211_hdr *)mgmt);
1604 mod_beacon_timer(sdata); 1164 mod_beacon_timer(sdata);
1605 1165
1606 return RX_MGMT_CFG80211_ASSOC; 1166 return true;
1607} 1167}
1608 1168
1609 1169
@@ -1618,6 +1178,13 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
1618 int freq; 1178 int freq;
1619 struct ieee80211_bss *bss; 1179 struct ieee80211_bss *bss;
1620 struct ieee80211_channel *channel; 1180 struct ieee80211_channel *channel;
1181 bool need_ps = false;
1182
1183 if (sdata->u.mgd.associated) {
1184 bss = (void *)sdata->u.mgd.associated->priv;
1185 /* not previously set so we may need to recalc */
1186 need_ps = !bss->dtim_period;
1187 }
1621 1188
1622 if (elems->ds_params && elems->ds_params_len == 1) 1189 if (elems->ds_params && elems->ds_params_len == 1)
1623 freq = ieee80211_channel_to_frequency(elems->ds_params[0]); 1190 freq = ieee80211_channel_to_frequency(elems->ds_params[0]);
@@ -1637,8 +1204,14 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
1637 if (!sdata->u.mgd.associated) 1204 if (!sdata->u.mgd.associated)
1638 return; 1205 return;
1639 1206
1207 if (need_ps) {
1208 mutex_lock(&local->iflist_mtx);
1209 ieee80211_recalc_ps(local, -1);
1210 mutex_unlock(&local->iflist_mtx);
1211 }
1212
1640 if (elems->ch_switch_elem && (elems->ch_switch_elem_len == 3) && 1213 if (elems->ch_switch_elem && (elems->ch_switch_elem_len == 3) &&
1641 (memcmp(mgmt->bssid, sdata->u.mgd.associated->cbss.bssid, 1214 (memcmp(mgmt->bssid, sdata->u.mgd.associated->bssid,
1642 ETH_ALEN) == 0)) { 1215 ETH_ALEN) == 0)) {
1643 struct ieee80211_channel_sw_ie *sw_elem = 1216 struct ieee80211_channel_sw_ie *sw_elem =
1644 (struct ieee80211_channel_sw_ie *)elems->ch_switch_elem; 1217 (struct ieee80211_channel_sw_ie *)elems->ch_switch_elem;
@@ -1648,19 +1221,19 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
1648 1221
1649 1222
1650static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata, 1223static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata,
1651 struct ieee80211_mgd_work *wk, 1224 struct sk_buff *skb)
1652 struct ieee80211_mgmt *mgmt, size_t len,
1653 struct ieee80211_rx_status *rx_status)
1654{ 1225{
1226 struct ieee80211_mgmt *mgmt = (void *)skb->data;
1655 struct ieee80211_if_managed *ifmgd; 1227 struct ieee80211_if_managed *ifmgd;
1656 size_t baselen; 1228 struct ieee80211_rx_status *rx_status = (void *) skb->cb;
1229 size_t baselen, len = skb->len;
1657 struct ieee802_11_elems elems; 1230 struct ieee802_11_elems elems;
1658 1231
1659 ifmgd = &sdata->u.mgd; 1232 ifmgd = &sdata->u.mgd;
1660 1233
1661 ASSERT_MGD_MTX(ifmgd); 1234 ASSERT_MGD_MTX(ifmgd);
1662 1235
1663 if (memcmp(mgmt->da, sdata->dev->dev_addr, ETH_ALEN)) 1236 if (memcmp(mgmt->da, sdata->vif.addr, ETH_ALEN))
1664 return; /* ignore ProbeResp to foreign address */ 1237 return; /* ignore ProbeResp to foreign address */
1665 1238
1666 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt; 1239 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt;
@@ -1672,17 +1245,8 @@ static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata,
1672 1245
1673 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems, false); 1246 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems, false);
1674 1247
1675 /* direct probe may be part of the association flow */
1676 if (wk && wk->state == IEEE80211_MGD_STATE_PROBE) {
1677 printk(KERN_DEBUG "%s: direct probe responded\n",
1678 sdata->dev->name);
1679 wk->tries = 0;
1680 wk->state = IEEE80211_MGD_STATE_AUTH;
1681 WARN_ON(ieee80211_authenticate(sdata, wk) != RX_MGMT_NONE);
1682 }
1683
1684 if (ifmgd->associated && 1248 if (ifmgd->associated &&
1685 memcmp(mgmt->bssid, ifmgd->associated->cbss.bssid, ETH_ALEN) == 0 && 1249 memcmp(mgmt->bssid, ifmgd->associated->bssid, ETH_ALEN) == 0 &&
1686 ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 1250 ifmgd->flags & (IEEE80211_STA_BEACON_POLL |
1687 IEEE80211_STA_CONNECTION_POLL)) { 1251 IEEE80211_STA_CONNECTION_POLL)) {
1688 ifmgd->flags &= ~(IEEE80211_STA_CONNECTION_POLL | 1252 ifmgd->flags &= ~(IEEE80211_STA_CONNECTION_POLL |
@@ -1755,7 +1319,7 @@ static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
1755 if (!ifmgd->associated) 1319 if (!ifmgd->associated)
1756 return; 1320 return;
1757 1321
1758 bssid = ifmgd->associated->cbss.bssid; 1322 bssid = ifmgd->associated->bssid;
1759 1323
1760 /* 1324 /*
1761 * And in theory even frames from a different AP we were just 1325 * And in theory even frames from a different AP we were just
@@ -1768,7 +1332,7 @@ static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
1768#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 1332#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
1769 if (net_ratelimit()) { 1333 if (net_ratelimit()) {
1770 printk(KERN_DEBUG "%s: cancelling probereq poll due " 1334 printk(KERN_DEBUG "%s: cancelling probereq poll due "
1771 "to a received beacon\n", sdata->dev->name); 1335 "to a received beacon\n", sdata->name);
1772 } 1336 }
1773#endif 1337#endif
1774 ifmgd->flags &= ~IEEE80211_STA_BEACON_POLL; 1338 ifmgd->flags &= ~IEEE80211_STA_BEACON_POLL;
@@ -1846,7 +1410,7 @@ static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
1846 1410
1847 rcu_read_lock(); 1411 rcu_read_lock();
1848 1412
1849 sta = sta_info_get(local, bssid); 1413 sta = sta_info_get(sdata, bssid);
1850 if (WARN_ON(!sta)) { 1414 if (WARN_ON(!sta)) {
1851 rcu_read_unlock(); 1415 rcu_read_unlock();
1852 return; 1416 return;
@@ -1892,12 +1456,8 @@ ieee80211_rx_result ieee80211_sta_rx_mgmt(struct ieee80211_sub_if_data *sdata,
1892 fc = le16_to_cpu(mgmt->frame_control); 1456 fc = le16_to_cpu(mgmt->frame_control);
1893 1457
1894 switch (fc & IEEE80211_FCTL_STYPE) { 1458 switch (fc & IEEE80211_FCTL_STYPE) {
1895 case IEEE80211_STYPE_PROBE_REQ:
1896 case IEEE80211_STYPE_PROBE_RESP: 1459 case IEEE80211_STYPE_PROBE_RESP:
1897 case IEEE80211_STYPE_BEACON: 1460 case IEEE80211_STYPE_BEACON:
1898 case IEEE80211_STYPE_AUTH:
1899 case IEEE80211_STYPE_ASSOC_RESP:
1900 case IEEE80211_STYPE_REASSOC_RESP:
1901 case IEEE80211_STYPE_DEAUTH: 1461 case IEEE80211_STYPE_DEAUTH:
1902 case IEEE80211_STYPE_DISASSOC: 1462 case IEEE80211_STYPE_DISASSOC:
1903 case IEEE80211_STYPE_ACTION: 1463 case IEEE80211_STYPE_ACTION:
@@ -1915,7 +1475,6 @@ static void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
1915 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1475 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1916 struct ieee80211_rx_status *rx_status; 1476 struct ieee80211_rx_status *rx_status;
1917 struct ieee80211_mgmt *mgmt; 1477 struct ieee80211_mgmt *mgmt;
1918 struct ieee80211_mgd_work *wk;
1919 enum rx_mgmt_action rma = RX_MGMT_NONE; 1478 enum rx_mgmt_action rma = RX_MGMT_NONE;
1920 u16 fc; 1479 u16 fc;
1921 1480
@@ -1926,29 +1485,28 @@ static void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
1926 mutex_lock(&ifmgd->mtx); 1485 mutex_lock(&ifmgd->mtx);
1927 1486
1928 if (ifmgd->associated && 1487 if (ifmgd->associated &&
1929 memcmp(ifmgd->associated->cbss.bssid, mgmt->bssid, 1488 memcmp(ifmgd->associated->bssid, mgmt->bssid, ETH_ALEN) == 0) {
1930 ETH_ALEN) == 0) {
1931 switch (fc & IEEE80211_FCTL_STYPE) { 1489 switch (fc & IEEE80211_FCTL_STYPE) {
1932 case IEEE80211_STYPE_BEACON: 1490 case IEEE80211_STYPE_BEACON:
1933 ieee80211_rx_mgmt_beacon(sdata, mgmt, skb->len, 1491 ieee80211_rx_mgmt_beacon(sdata, mgmt, skb->len,
1934 rx_status); 1492 rx_status);
1935 break; 1493 break;
1936 case IEEE80211_STYPE_PROBE_RESP: 1494 case IEEE80211_STYPE_PROBE_RESP:
1937 ieee80211_rx_mgmt_probe_resp(sdata, NULL, mgmt, 1495 ieee80211_rx_mgmt_probe_resp(sdata, skb);
1938 skb->len, rx_status);
1939 break; 1496 break;
1940 case IEEE80211_STYPE_DEAUTH: 1497 case IEEE80211_STYPE_DEAUTH:
1941 rma = ieee80211_rx_mgmt_deauth(sdata, NULL, 1498 rma = ieee80211_rx_mgmt_deauth(sdata, mgmt, skb->len);
1942 mgmt, skb->len);
1943 break; 1499 break;
1944 case IEEE80211_STYPE_DISASSOC: 1500 case IEEE80211_STYPE_DISASSOC:
1945 rma = ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len); 1501 rma = ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len);
1946 break; 1502 break;
1947 case IEEE80211_STYPE_ACTION: 1503 case IEEE80211_STYPE_ACTION:
1948 /* XXX: differentiate, can only happen for CSA now! */ 1504 if (mgmt->u.action.category != WLAN_CATEGORY_SPECTRUM_MGMT)
1505 break;
1506
1949 ieee80211_sta_process_chanswitch(sdata, 1507 ieee80211_sta_process_chanswitch(sdata,
1950 &mgmt->u.action.u.chan_switch.sw_elem, 1508 &mgmt->u.action.u.chan_switch.sw_elem,
1951 ifmgd->associated); 1509 (void *)ifmgd->associated->priv);
1952 break; 1510 break;
1953 } 1511 }
1954 mutex_unlock(&ifmgd->mtx); 1512 mutex_unlock(&ifmgd->mtx);
@@ -1958,12 +1516,10 @@ static void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
1958 /* no action */ 1516 /* no action */
1959 break; 1517 break;
1960 case RX_MGMT_CFG80211_DEAUTH: 1518 case RX_MGMT_CFG80211_DEAUTH:
1961 cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len, 1519 cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len);
1962 NULL);
1963 break; 1520 break;
1964 case RX_MGMT_CFG80211_DISASSOC: 1521 case RX_MGMT_CFG80211_DISASSOC:
1965 cfg80211_send_disassoc(sdata->dev, (u8 *)mgmt, skb->len, 1522 cfg80211_send_disassoc(sdata->dev, (u8 *)mgmt, skb->len);
1966 NULL);
1967 break; 1523 break;
1968 default: 1524 default:
1969 WARN(1, "unexpected: %d", rma); 1525 WARN(1, "unexpected: %d", rma);
@@ -1971,58 +1527,11 @@ static void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
1971 goto out; 1527 goto out;
1972 } 1528 }
1973 1529
1974 list_for_each_entry(wk, &ifmgd->work_list, list) {
1975 if (memcmp(wk->bss->cbss.bssid, mgmt->bssid, ETH_ALEN) != 0)
1976 continue;
1977
1978 switch (fc & IEEE80211_FCTL_STYPE) {
1979 case IEEE80211_STYPE_PROBE_RESP:
1980 ieee80211_rx_mgmt_probe_resp(sdata, wk, mgmt, skb->len,
1981 rx_status);
1982 break;
1983 case IEEE80211_STYPE_AUTH:
1984 rma = ieee80211_rx_mgmt_auth(sdata, wk, mgmt, skb->len);
1985 break;
1986 case IEEE80211_STYPE_ASSOC_RESP:
1987 rma = ieee80211_rx_mgmt_assoc_resp(sdata, wk, mgmt,
1988 skb->len, false);
1989 break;
1990 case IEEE80211_STYPE_REASSOC_RESP:
1991 rma = ieee80211_rx_mgmt_assoc_resp(sdata, wk, mgmt,
1992 skb->len, true);
1993 break;
1994 case IEEE80211_STYPE_DEAUTH:
1995 rma = ieee80211_rx_mgmt_deauth(sdata, wk, mgmt,
1996 skb->len);
1997 break;
1998 }
1999 /*
2000 * We've processed this frame for that work, so it can't
2001 * belong to another work struct.
2002 * NB: this is also required for correctness because the
2003 * called functions can free 'wk', and for 'rma'!
2004 */
2005 break;
2006 }
2007
2008 mutex_unlock(&ifmgd->mtx); 1530 mutex_unlock(&ifmgd->mtx);
2009 1531
2010 switch (rma) { 1532 if (skb->len >= 24 + 2 /* mgmt + deauth reason */ &&
2011 case RX_MGMT_NONE: 1533 (fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_DEAUTH)
2012 /* no action */ 1534 cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len);
2013 break;
2014 case RX_MGMT_CFG80211_AUTH:
2015 cfg80211_send_rx_auth(sdata->dev, (u8 *) mgmt, skb->len);
2016 break;
2017 case RX_MGMT_CFG80211_ASSOC:
2018 cfg80211_send_rx_assoc(sdata->dev, (u8 *) mgmt, skb->len);
2019 break;
2020 case RX_MGMT_CFG80211_DEAUTH:
2021 cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len, NULL);
2022 break;
2023 default:
2024 WARN(1, "unexpected: %d", rma);
2025 }
2026 1535
2027 out: 1536 out:
2028 kfree_skb(skb); 1537 kfree_skb(skb);
@@ -2050,12 +1559,8 @@ static void ieee80211_sta_work(struct work_struct *work)
2050 struct ieee80211_local *local = sdata->local; 1559 struct ieee80211_local *local = sdata->local;
2051 struct ieee80211_if_managed *ifmgd; 1560 struct ieee80211_if_managed *ifmgd;
2052 struct sk_buff *skb; 1561 struct sk_buff *skb;
2053 struct ieee80211_mgd_work *wk, *tmp;
2054 LIST_HEAD(free_work);
2055 enum rx_mgmt_action rma;
2056 bool anybusy = false;
2057 1562
2058 if (!netif_running(sdata->dev)) 1563 if (!ieee80211_sdata_running(sdata))
2059 return; 1564 return;
2060 1565
2061 if (local->scanning) 1566 if (local->scanning)
@@ -2086,7 +1591,7 @@ static void ieee80211_sta_work(struct work_struct *work)
2086 ifmgd->associated) { 1591 ifmgd->associated) {
2087 u8 bssid[ETH_ALEN]; 1592 u8 bssid[ETH_ALEN];
2088 1593
2089 memcpy(bssid, ifmgd->associated->cbss.bssid, ETH_ALEN); 1594 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN);
2090 if (time_is_after_jiffies(ifmgd->probe_timeout)) 1595 if (time_is_after_jiffies(ifmgd->probe_timeout))
2091 run_again(ifmgd, ifmgd->probe_timeout); 1596 run_again(ifmgd, ifmgd->probe_timeout);
2092 1597
@@ -2108,7 +1613,8 @@ static void ieee80211_sta_work(struct work_struct *work)
2108 printk(KERN_DEBUG "No probe response from AP %pM" 1613 printk(KERN_DEBUG "No probe response from AP %pM"
2109 " after %dms, disconnecting.\n", 1614 " after %dms, disconnecting.\n",
2110 bssid, (1000 * IEEE80211_PROBE_WAIT)/HZ); 1615 bssid, (1000 * IEEE80211_PROBE_WAIT)/HZ);
2111 ieee80211_set_disassoc(sdata, true); 1616 ieee80211_set_disassoc(sdata);
1617 ieee80211_recalc_idle(local);
2112 mutex_unlock(&ifmgd->mtx); 1618 mutex_unlock(&ifmgd->mtx);
2113 /* 1619 /*
2114 * must be outside lock due to cfg80211, 1620 * must be outside lock due to cfg80211,
@@ -2122,87 +1628,7 @@ static void ieee80211_sta_work(struct work_struct *work)
2122 } 1628 }
2123 } 1629 }
2124 1630
2125
2126 ieee80211_recalc_idle(local);
2127
2128 list_for_each_entry_safe(wk, tmp, &ifmgd->work_list, list) {
2129 if (time_is_after_jiffies(wk->timeout)) {
2130 /*
2131 * This work item isn't supposed to be worked on
2132 * right now, but take care to adjust the timer
2133 * properly.
2134 */
2135 run_again(ifmgd, wk->timeout);
2136 continue;
2137 }
2138
2139 switch (wk->state) {
2140 default:
2141 WARN_ON(1);
2142 /* fall through */
2143 case IEEE80211_MGD_STATE_IDLE:
2144 /* nothing */
2145 rma = RX_MGMT_NONE;
2146 break;
2147 case IEEE80211_MGD_STATE_PROBE:
2148 rma = ieee80211_direct_probe(sdata, wk);
2149 break;
2150 case IEEE80211_MGD_STATE_AUTH:
2151 rma = ieee80211_authenticate(sdata, wk);
2152 break;
2153 case IEEE80211_MGD_STATE_ASSOC:
2154 rma = ieee80211_associate(sdata, wk);
2155 break;
2156 }
2157
2158 switch (rma) {
2159 case RX_MGMT_NONE:
2160 /* no action required */
2161 break;
2162 case RX_MGMT_CFG80211_AUTH_TO:
2163 case RX_MGMT_CFG80211_ASSOC_TO:
2164 list_del(&wk->list);
2165 list_add(&wk->list, &free_work);
2166 wk->tries = rma; /* small abuse but only local */
2167 break;
2168 default:
2169 WARN(1, "unexpected: %d", rma);
2170 }
2171 }
2172
2173 list_for_each_entry(wk, &ifmgd->work_list, list) {
2174 if (wk->state != IEEE80211_MGD_STATE_IDLE) {
2175 anybusy = true;
2176 break;
2177 }
2178 }
2179 if (!anybusy &&
2180 test_and_clear_bit(IEEE80211_STA_REQ_SCAN, &ifmgd->request))
2181 ieee80211_queue_delayed_work(&local->hw,
2182 &local->scan_work,
2183 round_jiffies_relative(0));
2184
2185 mutex_unlock(&ifmgd->mtx); 1631 mutex_unlock(&ifmgd->mtx);
2186
2187 list_for_each_entry_safe(wk, tmp, &free_work, list) {
2188 switch (wk->tries) {
2189 case RX_MGMT_CFG80211_AUTH_TO:
2190 cfg80211_send_auth_timeout(sdata->dev,
2191 wk->bss->cbss.bssid);
2192 break;
2193 case RX_MGMT_CFG80211_ASSOC_TO:
2194 cfg80211_send_assoc_timeout(sdata->dev,
2195 wk->bss->cbss.bssid);
2196 break;
2197 default:
2198 WARN(1, "unexpected: %d", wk->tries);
2199 }
2200
2201 list_del(&wk->list);
2202 kfree(wk);
2203 }
2204
2205 ieee80211_recalc_idle(local);
2206} 1632}
2207 1633
2208static void ieee80211_sta_bcn_mon_timer(unsigned long data) 1634static void ieee80211_sta_bcn_mon_timer(unsigned long data)
@@ -2311,14 +1737,14 @@ void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata)
2311 (unsigned long) sdata); 1737 (unsigned long) sdata);
2312 skb_queue_head_init(&ifmgd->skb_queue); 1738 skb_queue_head_init(&ifmgd->skb_queue);
2313 1739
2314 INIT_LIST_HEAD(&ifmgd->work_list);
2315
2316 ifmgd->capab = WLAN_CAPABILITY_ESS;
2317 ifmgd->flags = 0; 1740 ifmgd->flags = 0;
2318 if (sdata->local->hw.queues >= 4)
2319 ifmgd->flags |= IEEE80211_STA_WMM_ENABLED;
2320 1741
2321 mutex_init(&ifmgd->mtx); 1742 mutex_init(&ifmgd->mtx);
1743
1744 if (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_SMPS)
1745 ifmgd->req_smps = IEEE80211_SMPS_AUTOMATIC;
1746 else
1747 ifmgd->req_smps = IEEE80211_SMPS_OFF;
2322} 1748}
2323 1749
2324/* scan finished notification */ 1750/* scan finished notification */
@@ -2349,12 +1775,34 @@ int ieee80211_max_network_latency(struct notifier_block *nb,
2349} 1775}
2350 1776
2351/* config hooks */ 1777/* config hooks */
1778static enum work_done_result
1779ieee80211_probe_auth_done(struct ieee80211_work *wk,
1780 struct sk_buff *skb)
1781{
1782 if (!skb) {
1783 cfg80211_send_auth_timeout(wk->sdata->dev, wk->filter_ta);
1784 return WORK_DONE_DESTROY;
1785 }
1786
1787 if (wk->type == IEEE80211_WORK_AUTH) {
1788 cfg80211_send_rx_auth(wk->sdata->dev, skb->data, skb->len);
1789 return WORK_DONE_DESTROY;
1790 }
1791
1792 mutex_lock(&wk->sdata->u.mgd.mtx);
1793 ieee80211_rx_mgmt_probe_resp(wk->sdata, skb);
1794 mutex_unlock(&wk->sdata->u.mgd.mtx);
1795
1796 wk->type = IEEE80211_WORK_AUTH;
1797 wk->probe_auth.tries = 0;
1798 return WORK_DONE_REQUEUE;
1799}
1800
2352int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata, 1801int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata,
2353 struct cfg80211_auth_request *req) 1802 struct cfg80211_auth_request *req)
2354{ 1803{
2355 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2356 const u8 *ssid; 1804 const u8 *ssid;
2357 struct ieee80211_mgd_work *wk; 1805 struct ieee80211_work *wk;
2358 u16 auth_alg; 1806 u16 auth_alg;
2359 1807
2360 switch (req->auth_type) { 1808 switch (req->auth_type) {
@@ -2378,7 +1826,7 @@ int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata,
2378 if (!wk) 1826 if (!wk)
2379 return -ENOMEM; 1827 return -ENOMEM;
2380 1828
2381 wk->bss = (void *)req->bss; 1829 memcpy(wk->filter_ta, req->bss->bssid, ETH_ALEN);
2382 1830
2383 if (req->ie && req->ie_len) { 1831 if (req->ie && req->ie_len) {
2384 memcpy(wk->ie, req->ie, req->ie_len); 1832 memcpy(wk->ie, req->ie, req->ie_len);
@@ -2386,68 +1834,95 @@ int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata,
2386 } 1834 }
2387 1835
2388 if (req->key && req->key_len) { 1836 if (req->key && req->key_len) {
2389 wk->key_len = req->key_len; 1837 wk->probe_auth.key_len = req->key_len;
2390 wk->key_idx = req->key_idx; 1838 wk->probe_auth.key_idx = req->key_idx;
2391 memcpy(wk->key, req->key, req->key_len); 1839 memcpy(wk->probe_auth.key, req->key, req->key_len);
2392 } 1840 }
2393 1841
2394 ssid = ieee80211_bss_get_ie(req->bss, WLAN_EID_SSID); 1842 ssid = ieee80211_bss_get_ie(req->bss, WLAN_EID_SSID);
2395 memcpy(wk->ssid, ssid + 2, ssid[1]); 1843 memcpy(wk->probe_auth.ssid, ssid + 2, ssid[1]);
2396 wk->ssid_len = ssid[1]; 1844 wk->probe_auth.ssid_len = ssid[1];
2397 1845
2398 wk->state = IEEE80211_MGD_STATE_PROBE; 1846 wk->probe_auth.algorithm = auth_alg;
2399 wk->auth_alg = auth_alg; 1847 wk->probe_auth.privacy = req->bss->capability & WLAN_CAPABILITY_PRIVACY;
2400 wk->timeout = jiffies; /* run right away */
2401 1848
2402 /* 1849 /* if we already have a probe, don't probe again */
2403 * XXX: if still associated need to tell AP that we're going 1850 if (req->bss->proberesp_ies)
2404 * to sleep and then change channel etc. 1851 wk->type = IEEE80211_WORK_AUTH;
2405 */ 1852 else
2406 sdata->local->oper_channel = req->bss->channel; 1853 wk->type = IEEE80211_WORK_DIRECT_PROBE;
2407 ieee80211_hw_config(sdata->local, 0); 1854 wk->chan = req->bss->channel;
2408 1855 wk->sdata = sdata;
2409 mutex_lock(&ifmgd->mtx); 1856 wk->done = ieee80211_probe_auth_done;
2410 list_add(&wk->list, &sdata->u.mgd.work_list);
2411 mutex_unlock(&ifmgd->mtx);
2412 1857
2413 ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.work); 1858 ieee80211_add_work(wk);
2414 return 0; 1859 return 0;
2415} 1860}
2416 1861
2417int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata, 1862static enum work_done_result ieee80211_assoc_done(struct ieee80211_work *wk,
2418 struct cfg80211_assoc_request *req) 1863 struct sk_buff *skb)
2419{ 1864{
2420 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1865 struct ieee80211_mgmt *mgmt;
2421 struct ieee80211_mgd_work *wk, *found = NULL; 1866 u16 status;
2422 int i, err;
2423 1867
2424 mutex_lock(&ifmgd->mtx); 1868 if (!skb) {
1869 cfg80211_send_assoc_timeout(wk->sdata->dev, wk->filter_ta);
1870 return WORK_DONE_DESTROY;
1871 }
2425 1872
2426 list_for_each_entry(wk, &ifmgd->work_list, list) { 1873 mgmt = (void *)skb->data;
2427 if (&wk->bss->cbss == req->bss && 1874 status = le16_to_cpu(mgmt->u.assoc_resp.status_code);
2428 wk->state == IEEE80211_MGD_STATE_IDLE) { 1875
2429 found = wk; 1876 if (status == WLAN_STATUS_SUCCESS) {
2430 break; 1877 mutex_lock(&wk->sdata->u.mgd.mtx);
1878 if (!ieee80211_assoc_success(wk, mgmt, skb->len)) {
1879 mutex_unlock(&wk->sdata->u.mgd.mtx);
1880 /* oops -- internal error -- send timeout for now */
1881 cfg80211_send_assoc_timeout(wk->sdata->dev,
1882 wk->filter_ta);
1883 return WORK_DONE_DESTROY;
2431 } 1884 }
1885 mutex_unlock(&wk->sdata->u.mgd.mtx);
2432 } 1886 }
2433 1887
2434 if (!found) { 1888 cfg80211_send_rx_assoc(wk->sdata->dev, skb->data, skb->len);
2435 err = -ENOLINK; 1889 return WORK_DONE_DESTROY;
2436 goto out; 1890}
2437 }
2438 1891
2439 list_del(&found->list); 1892int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
1893 struct cfg80211_assoc_request *req)
1894{
1895 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1896 struct ieee80211_bss *bss = (void *)req->bss->priv;
1897 struct ieee80211_work *wk;
1898 const u8 *ssid;
1899 int i;
2440 1900
2441 wk = krealloc(found, sizeof(*wk) + req->ie_len, GFP_KERNEL); 1901 mutex_lock(&ifmgd->mtx);
2442 if (!wk) { 1902 if (ifmgd->associated) {
2443 list_add(&found->list, &ifmgd->work_list); 1903 if (!req->prev_bssid ||
2444 err = -ENOMEM; 1904 memcmp(req->prev_bssid, ifmgd->associated->bssid,
2445 goto out; 1905 ETH_ALEN)) {
1906 /*
1907 * We are already associated and the request was not a
1908 * reassociation request from the current BSS, so
1909 * reject it.
1910 */
1911 mutex_unlock(&ifmgd->mtx);
1912 return -EALREADY;
1913 }
1914
1915 /* Trying to reassociate - clear previous association state */
1916 ieee80211_set_disassoc(sdata);
2446 } 1917 }
1918 mutex_unlock(&ifmgd->mtx);
2447 1919
2448 list_add(&wk->list, &ifmgd->work_list); 1920 wk = kzalloc(sizeof(*wk) + req->ie_len, GFP_KERNEL);
1921 if (!wk)
1922 return -ENOMEM;
2449 1923
2450 ifmgd->flags &= ~IEEE80211_STA_DISABLE_11N; 1924 ifmgd->flags &= ~IEEE80211_STA_DISABLE_11N;
1925 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED;
2451 1926
2452 for (i = 0; i < req->crypto.n_ciphers_pairwise; i++) 1927 for (i = 0; i < req->crypto.n_ciphers_pairwise; i++)
2453 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 || 1928 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 ||
@@ -2455,8 +1930,6 @@ int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
2455 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) 1930 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104)
2456 ifmgd->flags |= IEEE80211_STA_DISABLE_11N; 1931 ifmgd->flags |= IEEE80211_STA_DISABLE_11N;
2457 1932
2458 sdata->local->oper_channel = req->bss->channel;
2459 ieee80211_hw_config(sdata->local, 0);
2460 1933
2461 if (req->ie && req->ie_len) { 1934 if (req->ie && req->ie_len) {
2462 memcpy(wk->ie, req->ie, req->ie_len); 1935 memcpy(wk->ie, req->ie, req->ie_len);
@@ -2464,12 +1937,55 @@ int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
2464 } else 1937 } else
2465 wk->ie_len = 0; 1938 wk->ie_len = 0;
2466 1939
1940 wk->assoc.bss = req->bss;
1941
1942 memcpy(wk->filter_ta, req->bss->bssid, ETH_ALEN);
1943
1944 /* new association always uses requested smps mode */
1945 if (ifmgd->req_smps == IEEE80211_SMPS_AUTOMATIC) {
1946 if (ifmgd->powersave)
1947 ifmgd->ap_smps = IEEE80211_SMPS_DYNAMIC;
1948 else
1949 ifmgd->ap_smps = IEEE80211_SMPS_OFF;
1950 } else
1951 ifmgd->ap_smps = ifmgd->req_smps;
1952
1953 wk->assoc.smps = ifmgd->ap_smps;
1954 /*
1955 * IEEE802.11n does not allow TKIP/WEP as pairwise ciphers in HT mode.
1956 * We still associate in non-HT mode (11a/b/g) if any one of these
1957 * ciphers is configured as pairwise.
1958 * We can set this to true for non-11n hardware, that'll be checked
1959 * separately along with the peer capabilities.
1960 */
1961 wk->assoc.use_11n = !(ifmgd->flags & IEEE80211_STA_DISABLE_11N);
1962 wk->assoc.capability = req->bss->capability;
1963 wk->assoc.wmm_used = bss->wmm_used;
1964 wk->assoc.supp_rates = bss->supp_rates;
1965 wk->assoc.supp_rates_len = bss->supp_rates_len;
1966 wk->assoc.ht_information_ie =
1967 ieee80211_bss_get_ie(req->bss, WLAN_EID_HT_INFORMATION);
1968
1969 if (bss->wmm_used && bss->uapsd_supported &&
1970 (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD)) {
1971 wk->assoc.uapsd_used = true;
1972 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED;
1973 } else {
1974 wk->assoc.uapsd_used = false;
1975 ifmgd->flags &= ~IEEE80211_STA_UAPSD_ENABLED;
1976 }
1977
1978 ssid = ieee80211_bss_get_ie(req->bss, WLAN_EID_SSID);
1979 memcpy(wk->assoc.ssid, ssid + 2, ssid[1]);
1980 wk->assoc.ssid_len = ssid[1];
1981
2467 if (req->prev_bssid) 1982 if (req->prev_bssid)
2468 memcpy(wk->prev_bssid, req->prev_bssid, ETH_ALEN); 1983 memcpy(wk->assoc.prev_bssid, req->prev_bssid, ETH_ALEN);
2469 1984
2470 wk->state = IEEE80211_MGD_STATE_ASSOC; 1985 wk->type = IEEE80211_WORK_ASSOC;
2471 wk->tries = 0; 1986 wk->chan = req->bss->channel;
2472 wk->timeout = jiffies; /* run right away */ 1987 wk->sdata = sdata;
1988 wk->done = ieee80211_assoc_done;
2473 1989
2474 if (req->use_mfp) { 1990 if (req->use_mfp) {
2475 ifmgd->mfp = IEEE80211_MFP_REQUIRED; 1991 ifmgd->mfp = IEEE80211_MFP_REQUIRED;
@@ -2484,57 +2000,73 @@ int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
2484 else 2000 else
2485 ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT; 2001 ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT;
2486 2002
2487 ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.work); 2003 ieee80211_add_work(wk);
2488 2004 return 0;
2489 err = 0;
2490
2491 out:
2492 mutex_unlock(&ifmgd->mtx);
2493 return err;
2494} 2005}
2495 2006
2496int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata, 2007int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
2497 struct cfg80211_deauth_request *req, 2008 struct cfg80211_deauth_request *req,
2498 void *cookie) 2009 void *cookie)
2499{ 2010{
2011 struct ieee80211_local *local = sdata->local;
2500 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2012 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2501 struct ieee80211_mgd_work *wk; 2013 struct ieee80211_work *wk;
2502 const u8 *bssid = NULL; 2014 const u8 *bssid = req->bss->bssid;
2503 2015
2504 mutex_lock(&ifmgd->mtx); 2016 mutex_lock(&ifmgd->mtx);
2505 2017
2506 if (ifmgd->associated && &ifmgd->associated->cbss == req->bss) { 2018 if (ifmgd->associated == req->bss) {
2507 bssid = req->bss->bssid; 2019 bssid = req->bss->bssid;
2508 ieee80211_set_disassoc(sdata, true); 2020 ieee80211_set_disassoc(sdata);
2509 } else list_for_each_entry(wk, &ifmgd->work_list, list) { 2021 mutex_unlock(&ifmgd->mtx);
2510 if (&wk->bss->cbss == req->bss) { 2022 } else {
2511 bssid = req->bss->bssid; 2023 bool not_auth_yet = false;
2512 list_del(&wk->list); 2024
2513 kfree(wk); 2025 mutex_unlock(&ifmgd->mtx);
2026
2027 mutex_lock(&local->work_mtx);
2028 list_for_each_entry(wk, &local->work_list, list) {
2029 if (wk->sdata != sdata)
2030 continue;
2031
2032 if (wk->type != IEEE80211_WORK_DIRECT_PROBE &&
2033 wk->type != IEEE80211_WORK_AUTH &&
2034 wk->type != IEEE80211_WORK_ASSOC)
2035 continue;
2036
2037 if (memcmp(req->bss->bssid, wk->filter_ta, ETH_ALEN))
2038 continue;
2039
2040 not_auth_yet = wk->type == IEEE80211_WORK_DIRECT_PROBE;
2041 list_del_rcu(&wk->list);
2042 free_work(wk);
2514 break; 2043 break;
2515 } 2044 }
2516 } 2045 mutex_unlock(&local->work_mtx);
2517 2046
2518 /* 2047 /*
2519 * cfg80211 should catch this ... but it's racy since 2048 * If somebody requests authentication and we haven't
2520 * we can receive a deauth frame, process it, hand it 2049 * sent out an auth frame yet there's no need to send
2521 * to cfg80211 while that's in a locked section already 2050 * out a deauth frame either. If the state was PROBE,
2522 * trying to tell us that the user wants to disconnect. 2051 * then this is the case. If it's AUTH we have sent a
2523 */ 2052 * frame, and if it's IDLE we have completed the auth
2524 if (!bssid) { 2053 * process already.
2525 mutex_unlock(&ifmgd->mtx); 2054 */
2526 return -ENOLINK; 2055 if (not_auth_yet) {
2056 __cfg80211_auth_canceled(sdata->dev, bssid);
2057 return 0;
2058 }
2527 } 2059 }
2528 2060
2529 mutex_unlock(&ifmgd->mtx);
2530
2531 printk(KERN_DEBUG "%s: deauthenticating from %pM by local choice (reason=%d)\n", 2061 printk(KERN_DEBUG "%s: deauthenticating from %pM by local choice (reason=%d)\n",
2532 sdata->dev->name, bssid, req->reason_code); 2062 sdata->name, bssid, req->reason_code);
2533 2063
2534 ieee80211_send_deauth_disassoc(sdata, bssid, 2064 ieee80211_send_deauth_disassoc(sdata, bssid,
2535 IEEE80211_STYPE_DEAUTH, req->reason_code, 2065 IEEE80211_STYPE_DEAUTH, req->reason_code,
2536 cookie); 2066 cookie);
2537 2067
2068 ieee80211_recalc_idle(sdata->local);
2069
2538 return 0; 2070 return 0;
2539} 2071}
2540 2072
@@ -2552,20 +2084,58 @@ int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata,
2552 * to cfg80211 while that's in a locked section already 2084 * to cfg80211 while that's in a locked section already
2553 * trying to tell us that the user wants to disconnect. 2085 * trying to tell us that the user wants to disconnect.
2554 */ 2086 */
2555 if (&ifmgd->associated->cbss != req->bss) { 2087 if (ifmgd->associated != req->bss) {
2556 mutex_unlock(&ifmgd->mtx); 2088 mutex_unlock(&ifmgd->mtx);
2557 return -ENOLINK; 2089 return -ENOLINK;
2558 } 2090 }
2559 2091
2560 printk(KERN_DEBUG "%s: disassociating from %pM by local choice (reason=%d)\n", 2092 printk(KERN_DEBUG "%s: disassociating from %pM by local choice (reason=%d)\n",
2561 sdata->dev->name, req->bss->bssid, req->reason_code); 2093 sdata->name, req->bss->bssid, req->reason_code);
2562 2094
2563 ieee80211_set_disassoc(sdata, false); 2095 ieee80211_set_disassoc(sdata);
2564 2096
2565 mutex_unlock(&ifmgd->mtx); 2097 mutex_unlock(&ifmgd->mtx);
2566 2098
2567 ieee80211_send_deauth_disassoc(sdata, req->bss->bssid, 2099 ieee80211_send_deauth_disassoc(sdata, req->bss->bssid,
2568 IEEE80211_STYPE_DISASSOC, req->reason_code, 2100 IEEE80211_STYPE_DISASSOC, req->reason_code,
2569 cookie); 2101 cookie);
2102
2103 ieee80211_recalc_idle(sdata->local);
2104
2105 return 0;
2106}
2107
2108int ieee80211_mgd_action(struct ieee80211_sub_if_data *sdata,
2109 struct ieee80211_channel *chan,
2110 enum nl80211_channel_type channel_type,
2111 const u8 *buf, size_t len, u64 *cookie)
2112{
2113 struct ieee80211_local *local = sdata->local;
2114 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2115 struct sk_buff *skb;
2116
2117 /* Check that we are on the requested channel for transmission */
2118 if ((chan != local->tmp_channel ||
2119 channel_type != local->tmp_channel_type) &&
2120 (chan != local->oper_channel ||
2121 channel_type != local->oper_channel_type))
2122 return -EBUSY;
2123
2124 skb = dev_alloc_skb(local->hw.extra_tx_headroom + len);
2125 if (!skb)
2126 return -ENOMEM;
2127 skb_reserve(skb, local->hw.extra_tx_headroom);
2128
2129 memcpy(skb_put(skb, len), buf, len);
2130
2131 if (!(ifmgd->flags & IEEE80211_STA_MFP_ENABLED))
2132 IEEE80211_SKB_CB(skb)->flags |=
2133 IEEE80211_TX_INTFL_DONT_ENCRYPT;
2134 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_NL80211_FRAME_TX |
2135 IEEE80211_TX_CTL_REQ_TX_STATUS;
2136 skb->dev = sdata->dev;
2137 ieee80211_tx_skb(sdata, skb);
2138
2139 *cookie = (unsigned long) skb;
2570 return 0; 2140 return 0;
2571} 2141}
diff --git a/net/mac80211/offchannel.c b/net/mac80211/offchannel.c
new file mode 100644
index 000000000000..c36b1911987a
--- /dev/null
+++ b/net/mac80211/offchannel.c
@@ -0,0 +1,170 @@
1/*
2 * Off-channel operation helpers
3 *
4 * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi>
5 * Copyright 2004, Instant802 Networks, Inc.
6 * Copyright 2005, Devicescape Software, Inc.
7 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
8 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
9 * Copyright 2009 Johannes Berg <johannes@sipsolutions.net>
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License version 2 as
13 * published by the Free Software Foundation.
14 */
15#include <net/mac80211.h>
16#include "ieee80211_i.h"
17
18/*
19 * inform AP that we will go to sleep so that it will buffer the frames
20 * while we scan
21 */
22static void ieee80211_offchannel_ps_enable(struct ieee80211_sub_if_data *sdata)
23{
24 struct ieee80211_local *local = sdata->local;
25
26 local->offchannel_ps_enabled = false;
27
28 /* FIXME: what to do when local->pspolling is true? */
29
30 del_timer_sync(&local->dynamic_ps_timer);
31 cancel_work_sync(&local->dynamic_ps_enable_work);
32
33 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
34 local->offchannel_ps_enabled = true;
35 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
36 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
37 }
38
39 if (!(local->offchannel_ps_enabled) ||
40 !(local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK))
41 /*
42 * If power save was enabled, no need to send a nullfunc
43 * frame because AP knows that we are sleeping. But if the
44 * hardware is creating the nullfunc frame for power save
45 * status (ie. IEEE80211_HW_PS_NULLFUNC_STACK is not
46 * enabled) and power save was enabled, the firmware just
47 * sent a null frame with power save disabled. So we need
48 * to send a new nullfunc frame to inform the AP that we
49 * are again sleeping.
50 */
51 ieee80211_send_nullfunc(local, sdata, 1);
52}
53
54/* inform AP that we are awake again, unless power save is enabled */
55static void ieee80211_offchannel_ps_disable(struct ieee80211_sub_if_data *sdata)
56{
57 struct ieee80211_local *local = sdata->local;
58
59 if (!local->ps_sdata)
60 ieee80211_send_nullfunc(local, sdata, 0);
61 else if (local->offchannel_ps_enabled) {
62 /*
63 * In !IEEE80211_HW_PS_NULLFUNC_STACK case the hardware
64 * will send a nullfunc frame with the powersave bit set
65 * even though the AP already knows that we are sleeping.
66 * This could be avoided by sending a null frame with power
67 * save bit disabled before enabling the power save, but
68 * this doesn't gain anything.
69 *
70 * When IEEE80211_HW_PS_NULLFUNC_STACK is enabled, no need
71 * to send a nullfunc frame because AP already knows that
72 * we are sleeping, let's just enable power save mode in
73 * hardware.
74 */
75 local->hw.conf.flags |= IEEE80211_CONF_PS;
76 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
77 } else if (local->hw.conf.dynamic_ps_timeout > 0) {
78 /*
79 * If IEEE80211_CONF_PS was not set and the dynamic_ps_timer
80 * had been running before leaving the operating channel,
81 * restart the timer now and send a nullfunc frame to inform
82 * the AP that we are awake.
83 */
84 ieee80211_send_nullfunc(local, sdata, 0);
85 mod_timer(&local->dynamic_ps_timer, jiffies +
86 msecs_to_jiffies(local->hw.conf.dynamic_ps_timeout));
87 }
88}
89
90void ieee80211_offchannel_stop_beaconing(struct ieee80211_local *local)
91{
92 struct ieee80211_sub_if_data *sdata;
93
94 mutex_lock(&local->iflist_mtx);
95 list_for_each_entry(sdata, &local->interfaces, list) {
96 if (!ieee80211_sdata_running(sdata))
97 continue;
98
99 /* disable beaconing */
100 if (sdata->vif.type == NL80211_IFTYPE_AP ||
101 sdata->vif.type == NL80211_IFTYPE_ADHOC ||
102 sdata->vif.type == NL80211_IFTYPE_MESH_POINT)
103 ieee80211_bss_info_change_notify(
104 sdata, BSS_CHANGED_BEACON_ENABLED);
105
106 /*
107 * only handle non-STA interfaces here, STA interfaces
108 * are handled in ieee80211_offchannel_stop_station(),
109 * e.g., from the background scan state machine.
110 *
111 * In addition, do not stop monitor interface to allow it to be
112 * used from user space controlled off-channel operations.
113 */
114 if (sdata->vif.type != NL80211_IFTYPE_STATION &&
115 sdata->vif.type != NL80211_IFTYPE_MONITOR)
116 netif_tx_stop_all_queues(sdata->dev);
117 }
118 mutex_unlock(&local->iflist_mtx);
119}
120
121void ieee80211_offchannel_stop_station(struct ieee80211_local *local)
122{
123 struct ieee80211_sub_if_data *sdata;
124
125 /*
126 * notify the AP about us leaving the channel and stop all STA interfaces
127 */
128 mutex_lock(&local->iflist_mtx);
129 list_for_each_entry(sdata, &local->interfaces, list) {
130 if (!ieee80211_sdata_running(sdata))
131 continue;
132
133 if (sdata->vif.type == NL80211_IFTYPE_STATION) {
134 netif_tx_stop_all_queues(sdata->dev);
135 if (sdata->u.mgd.associated)
136 ieee80211_offchannel_ps_enable(sdata);
137 }
138 }
139 mutex_unlock(&local->iflist_mtx);
140}
141
142void ieee80211_offchannel_return(struct ieee80211_local *local,
143 bool enable_beaconing)
144{
145 struct ieee80211_sub_if_data *sdata;
146
147 mutex_lock(&local->iflist_mtx);
148 list_for_each_entry(sdata, &local->interfaces, list) {
149 if (!ieee80211_sdata_running(sdata))
150 continue;
151
152 /* Tell AP we're back */
153 if (sdata->vif.type == NL80211_IFTYPE_STATION) {
154 if (sdata->u.mgd.associated)
155 ieee80211_offchannel_ps_disable(sdata);
156 }
157
158 if (sdata->vif.type != NL80211_IFTYPE_MONITOR)
159 netif_tx_wake_all_queues(sdata->dev);
160
161 /* re-enable beaconing */
162 if (enable_beaconing &&
163 (sdata->vif.type == NL80211_IFTYPE_AP ||
164 sdata->vif.type == NL80211_IFTYPE_ADHOC ||
165 sdata->vif.type == NL80211_IFTYPE_MESH_POINT))
166 ieee80211_bss_info_change_notify(
167 sdata, BSS_CHANGED_BEACON_ENABLED);
168 }
169 mutex_unlock(&local->iflist_mtx);
170}
diff --git a/net/mac80211/pm.c b/net/mac80211/pm.c
index e535f1c988fe..0e64484e861c 100644
--- a/net/mac80211/pm.c
+++ b/net/mac80211/pm.c
@@ -10,9 +10,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw)
10{ 10{
11 struct ieee80211_local *local = hw_to_local(hw); 11 struct ieee80211_local *local = hw_to_local(hw);
12 struct ieee80211_sub_if_data *sdata; 12 struct ieee80211_sub_if_data *sdata;
13 struct ieee80211_if_init_conf conf;
14 struct sta_info *sta; 13 struct sta_info *sta;
15 unsigned long flags;
16 14
17 ieee80211_scan_cancel(local); 15 ieee80211_scan_cancel(local);
18 16
@@ -56,22 +54,21 @@ int __ieee80211_suspend(struct ieee80211_hw *hw)
56 rcu_read_unlock(); 54 rcu_read_unlock();
57 55
58 /* remove STAs */ 56 /* remove STAs */
59 spin_lock_irqsave(&local->sta_lock, flags); 57 mutex_lock(&local->sta_mtx);
60 list_for_each_entry(sta, &local->sta_list, list) { 58 list_for_each_entry(sta, &local->sta_list, list) {
61 if (local->ops->sta_notify) { 59 if (sta->uploaded) {
62 sdata = sta->sdata; 60 sdata = sta->sdata;
63 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) 61 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
64 sdata = container_of(sdata->bss, 62 sdata = container_of(sdata->bss,
65 struct ieee80211_sub_if_data, 63 struct ieee80211_sub_if_data,
66 u.ap); 64 u.ap);
67 65
68 drv_sta_notify(local, &sdata->vif, STA_NOTIFY_REMOVE, 66 drv_sta_remove(local, sdata, &sta->sta);
69 &sta->sta);
70 } 67 }
71 68
72 mesh_plink_quiesce(sta); 69 mesh_plink_quiesce(sta);
73 } 70 }
74 spin_unlock_irqrestore(&local->sta_lock, flags); 71 mutex_unlock(&local->sta_mtx);
75 72
76 /* remove all interfaces */ 73 /* remove all interfaces */
77 list_for_each_entry(sdata, &local->interfaces, list) { 74 list_for_each_entry(sdata, &local->interfaces, list) {
@@ -93,17 +90,14 @@ int __ieee80211_suspend(struct ieee80211_hw *hw)
93 break; 90 break;
94 } 91 }
95 92
96 if (!netif_running(sdata->dev)) 93 if (!ieee80211_sdata_running(sdata))
97 continue; 94 continue;
98 95
99 /* disable beaconing */ 96 /* disable beaconing */
100 ieee80211_bss_info_change_notify(sdata, 97 ieee80211_bss_info_change_notify(sdata,
101 BSS_CHANGED_BEACON_ENABLED); 98 BSS_CHANGED_BEACON_ENABLED);
102 99
103 conf.vif = &sdata->vif; 100 drv_remove_interface(local, &sdata->vif);
104 conf.type = sdata->vif.type;
105 conf.mac_addr = sdata->dev->dev_addr;
106 drv_remove_interface(local, &conf);
107 } 101 }
108 102
109 /* stop hardware - this must stop RX */ 103 /* stop hardware - this must stop RX */
diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c
index b33efc4fc267..6d0bd198af19 100644
--- a/net/mac80211/rate.c
+++ b/net/mac80211/rate.c
@@ -10,6 +10,7 @@
10 10
11#include <linux/kernel.h> 11#include <linux/kernel.h>
12#include <linux/rtnetlink.h> 12#include <linux/rtnetlink.h>
13#include <linux/slab.h>
13#include "rate.h" 14#include "rate.h"
14#include "ieee80211_i.h" 15#include "ieee80211_i.h"
15#include "debugfs.h" 16#include "debugfs.h"
@@ -145,7 +146,7 @@ static const struct file_operations rcname_ops = {
145}; 146};
146#endif 147#endif
147 148
148struct rate_control_ref *rate_control_alloc(const char *name, 149static struct rate_control_ref *rate_control_alloc(const char *name,
149 struct ieee80211_local *local) 150 struct ieee80211_local *local)
150{ 151{
151 struct dentry *debugfsdir = NULL; 152 struct dentry *debugfsdir = NULL;
@@ -163,8 +164,7 @@ struct rate_control_ref *rate_control_alloc(const char *name,
163#ifdef CONFIG_MAC80211_DEBUGFS 164#ifdef CONFIG_MAC80211_DEBUGFS
164 debugfsdir = debugfs_create_dir("rc", local->hw.wiphy->debugfsdir); 165 debugfsdir = debugfs_create_dir("rc", local->hw.wiphy->debugfsdir);
165 local->debugfs.rcdir = debugfsdir; 166 local->debugfs.rcdir = debugfsdir;
166 local->debugfs.rcname = debugfs_create_file("name", 0400, debugfsdir, 167 debugfs_create_file("name", 0400, debugfsdir, ref, &rcname_ops);
167 ref, &rcname_ops);
168#endif 168#endif
169 169
170 ref->priv = ref->ops->alloc(&local->hw, debugfsdir); 170 ref->priv = ref->ops->alloc(&local->hw, debugfsdir);
@@ -188,9 +188,7 @@ static void rate_control_release(struct kref *kref)
188 ctrl_ref->ops->free(ctrl_ref->priv); 188 ctrl_ref->ops->free(ctrl_ref->priv);
189 189
190#ifdef CONFIG_MAC80211_DEBUGFS 190#ifdef CONFIG_MAC80211_DEBUGFS
191 debugfs_remove(ctrl_ref->local->debugfs.rcname); 191 debugfs_remove_recursive(ctrl_ref->local->debugfs.rcdir);
192 ctrl_ref->local->debugfs.rcname = NULL;
193 debugfs_remove(ctrl_ref->local->debugfs.rcdir);
194 ctrl_ref->local->debugfs.rcdir = NULL; 192 ctrl_ref->local->debugfs.rcdir = NULL;
195#endif 193#endif
196 194
@@ -210,6 +208,27 @@ static bool rc_no_data_or_no_ack(struct ieee80211_tx_rate_control *txrc)
210 return ((info->flags & IEEE80211_TX_CTL_NO_ACK) || !ieee80211_is_data(fc)); 208 return ((info->flags & IEEE80211_TX_CTL_NO_ACK) || !ieee80211_is_data(fc));
211} 209}
212 210
211static void rc_send_low_broadcast(s8 *idx, u32 basic_rates, u8 max_rate_idx)
212{
213 u8 i;
214
215 if (basic_rates == 0)
216 return; /* assume basic rates unknown and accept rate */
217 if (*idx < 0)
218 return;
219 if (basic_rates & (1 << *idx))
220 return; /* selected rate is a basic rate */
221
222 for (i = *idx + 1; i <= max_rate_idx; i++) {
223 if (basic_rates & (1 << i)) {
224 *idx = i;
225 return;
226 }
227 }
228
229 /* could not find a basic rate; use original selection */
230}
231
213bool rate_control_send_low(struct ieee80211_sta *sta, 232bool rate_control_send_low(struct ieee80211_sta *sta,
214 void *priv_sta, 233 void *priv_sta,
215 struct ieee80211_tx_rate_control *txrc) 234 struct ieee80211_tx_rate_control *txrc)
@@ -221,12 +240,48 @@ bool rate_control_send_low(struct ieee80211_sta *sta,
221 info->control.rates[0].count = 240 info->control.rates[0].count =
222 (info->flags & IEEE80211_TX_CTL_NO_ACK) ? 241 (info->flags & IEEE80211_TX_CTL_NO_ACK) ?
223 1 : txrc->hw->max_rate_tries; 242 1 : txrc->hw->max_rate_tries;
243 if (!sta && txrc->ap)
244 rc_send_low_broadcast(&info->control.rates[0].idx,
245 txrc->bss_conf->basic_rates,
246 txrc->sband->n_bitrates);
224 return true; 247 return true;
225 } 248 }
226 return false; 249 return false;
227} 250}
228EXPORT_SYMBOL(rate_control_send_low); 251EXPORT_SYMBOL(rate_control_send_low);
229 252
253static void rate_idx_match_mask(struct ieee80211_tx_rate *rate,
254 int n_bitrates, u32 mask)
255{
256 int j;
257
258 /* See whether the selected rate or anything below it is allowed. */
259 for (j = rate->idx; j >= 0; j--) {
260 if (mask & (1 << j)) {
261 /* Okay, found a suitable rate. Use it. */
262 rate->idx = j;
263 return;
264 }
265 }
266
267 /* Try to find a higher rate that would be allowed */
268 for (j = rate->idx + 1; j < n_bitrates; j++) {
269 if (mask & (1 << j)) {
270 /* Okay, found a suitable rate. Use it. */
271 rate->idx = j;
272 return;
273 }
274 }
275
276 /*
277 * Uh.. No suitable rate exists. This should not really happen with
278 * sane TX rate mask configurations. However, should someone manage to
279 * configure supported rates and TX rate mask in incompatible way,
280 * allow the frame to be transmitted with whatever the rate control
281 * selected.
282 */
283}
284
230void rate_control_get_rate(struct ieee80211_sub_if_data *sdata, 285void rate_control_get_rate(struct ieee80211_sub_if_data *sdata,
231 struct sta_info *sta, 286 struct sta_info *sta,
232 struct ieee80211_tx_rate_control *txrc) 287 struct ieee80211_tx_rate_control *txrc)
@@ -236,6 +291,7 @@ void rate_control_get_rate(struct ieee80211_sub_if_data *sdata,
236 struct ieee80211_sta *ista = NULL; 291 struct ieee80211_sta *ista = NULL;
237 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(txrc->skb); 292 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(txrc->skb);
238 int i; 293 int i;
294 u32 mask;
239 295
240 if (sta) { 296 if (sta) {
241 ista = &sta->sta; 297 ista = &sta->sta;
@@ -248,23 +304,34 @@ void rate_control_get_rate(struct ieee80211_sub_if_data *sdata,
248 info->control.rates[i].count = 1; 304 info->control.rates[i].count = 1;
249 } 305 }
250 306
251 if (sta && sdata->force_unicast_rateidx > -1) { 307 if (sdata->local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL)
252 info->control.rates[0].idx = sdata->force_unicast_rateidx; 308 return;
253 } else { 309
254 ref->ops->get_rate(ref->priv, ista, priv_sta, txrc); 310 ref->ops->get_rate(ref->priv, ista, priv_sta, txrc);
255 info->flags |= IEEE80211_TX_INTFL_RCALGO;
256 }
257 311
258 /* 312 /*
259 * try to enforce the maximum rate the user wanted 313 * Try to enforce the rateidx mask the user wanted. skip this if the
314 * default mask (allow all rates) is used to save some processing for
315 * the common case.
260 */ 316 */
261 if (sdata->max_ratectrl_rateidx > -1) 317 mask = sdata->rc_rateidx_mask[info->band];
318 if (mask != (1 << txrc->sband->n_bitrates) - 1) {
319 if (sta) {
320 /* Filter out rates that the STA does not support */
321 mask &= sta->sta.supp_rates[info->band];
322 }
323 /*
324 * Make sure the rate index selected for each TX rate is
325 * included in the configured mask and change the rate indexes
326 * if needed.
327 */
262 for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) { 328 for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) {
329 /* Rate masking supports only legacy rates for now */
263 if (info->control.rates[i].flags & IEEE80211_TX_RC_MCS) 330 if (info->control.rates[i].flags & IEEE80211_TX_RC_MCS)
264 continue; 331 continue;
265 info->control.rates[i].idx = 332 rate_idx_match_mask(&info->control.rates[i],
266 min_t(s8, info->control.rates[i].idx, 333 txrc->sband->n_bitrates, mask);
267 sdata->max_ratectrl_rateidx); 334 }
268 } 335 }
269 336
270 BUG_ON(info->control.rates[0].idx < 0); 337 BUG_ON(info->control.rates[0].idx < 0);
@@ -287,9 +354,16 @@ int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local,
287 struct rate_control_ref *ref, *old; 354 struct rate_control_ref *ref, *old;
288 355
289 ASSERT_RTNL(); 356 ASSERT_RTNL();
357
290 if (local->open_count) 358 if (local->open_count)
291 return -EBUSY; 359 return -EBUSY;
292 360
361 if (local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL) {
362 if (WARN_ON(!local->ops->set_rts_threshold))
363 return -EINVAL;
364 return 0;
365 }
366
293 ref = rate_control_alloc(name, local); 367 ref = rate_control_alloc(name, local);
294 if (!ref) { 368 if (!ref) {
295 printk(KERN_WARNING "%s: Failed to select rate control " 369 printk(KERN_WARNING "%s: Failed to select rate control "
@@ -308,7 +382,6 @@ int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local,
308 "algorithm '%s'\n", wiphy_name(local->hw.wiphy), 382 "algorithm '%s'\n", wiphy_name(local->hw.wiphy),
309 ref->ops->name); 383 ref->ops->name);
310 384
311
312 return 0; 385 return 0;
313} 386}
314 387
@@ -317,6 +390,10 @@ void rate_control_deinitialize(struct ieee80211_local *local)
317 struct rate_control_ref *ref; 390 struct rate_control_ref *ref;
318 391
319 ref = local->rate_ctrl; 392 ref = local->rate_ctrl;
393
394 if (!ref)
395 return;
396
320 local->rate_ctrl = NULL; 397 local->rate_ctrl = NULL;
321 rate_control_put(ref); 398 rate_control_put(ref);
322} 399}
diff --git a/net/mac80211/rate.h b/net/mac80211/rate.h
index 2ab5ad9e71ce..065a96190e32 100644
--- a/net/mac80211/rate.h
+++ b/net/mac80211/rate.h
@@ -26,10 +26,6 @@ struct rate_control_ref {
26 struct kref kref; 26 struct kref kref;
27}; 27};
28 28
29/* Get a reference to the rate control algorithm. If `name' is NULL, get the
30 * first available algorithm. */
31struct rate_control_ref *rate_control_alloc(const char *name,
32 struct ieee80211_local *local);
33void rate_control_get_rate(struct ieee80211_sub_if_data *sdata, 29void rate_control_get_rate(struct ieee80211_sub_if_data *sdata,
34 struct sta_info *sta, 30 struct sta_info *sta,
35 struct ieee80211_tx_rate_control *txrc); 31 struct ieee80211_tx_rate_control *txrc);
@@ -44,10 +40,11 @@ static inline void rate_control_tx_status(struct ieee80211_local *local,
44 struct rate_control_ref *ref = local->rate_ctrl; 40 struct rate_control_ref *ref = local->rate_ctrl;
45 struct ieee80211_sta *ista = &sta->sta; 41 struct ieee80211_sta *ista = &sta->sta;
46 void *priv_sta = sta->rate_ctrl_priv; 42 void *priv_sta = sta->rate_ctrl_priv;
47 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
48 43
49 if (likely(info->flags & IEEE80211_TX_INTFL_RCALGO)) 44 if (!ref)
50 ref->ops->tx_status(ref->priv, sband, ista, priv_sta, skb); 45 return;
46
47 ref->ops->tx_status(ref->priv, sband, ista, priv_sta, skb);
51} 48}
52 49
53 50
@@ -59,6 +56,9 @@ static inline void rate_control_rate_init(struct sta_info *sta)
59 void *priv_sta = sta->rate_ctrl_priv; 56 void *priv_sta = sta->rate_ctrl_priv;
60 struct ieee80211_supported_band *sband; 57 struct ieee80211_supported_band *sband;
61 58
59 if (!ref)
60 return;
61
62 sband = local->hw.wiphy->bands[local->hw.conf.channel->band]; 62 sband = local->hw.wiphy->bands[local->hw.conf.channel->band];
63 63
64 ref->ops->rate_init(ref->priv, sband, ista, priv_sta); 64 ref->ops->rate_init(ref->priv, sband, ista, priv_sta);
@@ -66,15 +66,16 @@ static inline void rate_control_rate_init(struct sta_info *sta)
66 66
67static inline void rate_control_rate_update(struct ieee80211_local *local, 67static inline void rate_control_rate_update(struct ieee80211_local *local,
68 struct ieee80211_supported_band *sband, 68 struct ieee80211_supported_band *sband,
69 struct sta_info *sta, u32 changed) 69 struct sta_info *sta, u32 changed,
70 enum nl80211_channel_type oper_chan_type)
70{ 71{
71 struct rate_control_ref *ref = local->rate_ctrl; 72 struct rate_control_ref *ref = local->rate_ctrl;
72 struct ieee80211_sta *ista = &sta->sta; 73 struct ieee80211_sta *ista = &sta->sta;
73 void *priv_sta = sta->rate_ctrl_priv; 74 void *priv_sta = sta->rate_ctrl_priv;
74 75
75 if (ref->ops->rate_update) 76 if (ref && ref->ops->rate_update)
76 ref->ops->rate_update(ref->priv, sband, ista, 77 ref->ops->rate_update(ref->priv, sband, ista,
77 priv_sta, changed); 78 priv_sta, changed, oper_chan_type);
78} 79}
79 80
80static inline void *rate_control_alloc_sta(struct rate_control_ref *ref, 81static inline void *rate_control_alloc_sta(struct rate_control_ref *ref,
@@ -97,7 +98,7 @@ static inline void rate_control_add_sta_debugfs(struct sta_info *sta)
97{ 98{
98#ifdef CONFIG_MAC80211_DEBUGFS 99#ifdef CONFIG_MAC80211_DEBUGFS
99 struct rate_control_ref *ref = sta->rate_ctrl; 100 struct rate_control_ref *ref = sta->rate_ctrl;
100 if (sta->debugfs.dir && ref->ops->add_sta_debugfs) 101 if (ref && sta->debugfs.dir && ref->ops->add_sta_debugfs)
101 ref->ops->add_sta_debugfs(ref->priv, sta->rate_ctrl_priv, 102 ref->ops->add_sta_debugfs(ref->priv, sta->rate_ctrl_priv,
102 sta->debugfs.dir); 103 sta->debugfs.dir);
103#endif 104#endif
@@ -107,12 +108,13 @@ static inline void rate_control_remove_sta_debugfs(struct sta_info *sta)
107{ 108{
108#ifdef CONFIG_MAC80211_DEBUGFS 109#ifdef CONFIG_MAC80211_DEBUGFS
109 struct rate_control_ref *ref = sta->rate_ctrl; 110 struct rate_control_ref *ref = sta->rate_ctrl;
110 if (ref->ops->remove_sta_debugfs) 111 if (ref && ref->ops->remove_sta_debugfs)
111 ref->ops->remove_sta_debugfs(ref->priv, sta->rate_ctrl_priv); 112 ref->ops->remove_sta_debugfs(ref->priv, sta->rate_ctrl_priv);
112#endif 113#endif
113} 114}
114 115
115/* functions for rate control related to a device */ 116/* Get a reference to the rate control algorithm. If `name' is NULL, get the
117 * first available algorithm. */
116int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local, 118int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local,
117 const char *name); 119 const char *name);
118void rate_control_deinitialize(struct ieee80211_local *local); 120void rate_control_deinitialize(struct ieee80211_local *local);
diff --git a/net/mac80211/rc80211_minstrel.c b/net/mac80211/rc80211_minstrel.c
index 6e5d68b4e427..818abfae9007 100644
--- a/net/mac80211/rc80211_minstrel.c
+++ b/net/mac80211/rc80211_minstrel.c
@@ -50,6 +50,7 @@
50#include <linux/debugfs.h> 50#include <linux/debugfs.h>
51#include <linux/random.h> 51#include <linux/random.h>
52#include <linux/ieee80211.h> 52#include <linux/ieee80211.h>
53#include <linux/slab.h>
53#include <net/mac80211.h> 54#include <net/mac80211.h>
54#include "rate.h" 55#include "rate.h"
55#include "rc80211_minstrel.h" 56#include "rc80211_minstrel.h"
diff --git a/net/mac80211/rc80211_minstrel_debugfs.c b/net/mac80211/rc80211_minstrel_debugfs.c
index a715d9454f64..0e1f12b1b6dd 100644
--- a/net/mac80211/rc80211_minstrel_debugfs.c
+++ b/net/mac80211/rc80211_minstrel_debugfs.c
@@ -49,6 +49,7 @@
49#include <linux/skbuff.h> 49#include <linux/skbuff.h>
50#include <linux/debugfs.h> 50#include <linux/debugfs.h>
51#include <linux/ieee80211.h> 51#include <linux/ieee80211.h>
52#include <linux/slab.h>
52#include <net/mac80211.h> 53#include <net/mac80211.h>
53#include "rc80211_minstrel.h" 54#include "rc80211_minstrel.h"
54 55
diff --git a/net/mac80211/rc80211_pid_algo.c b/net/mac80211/rc80211_pid_algo.c
index 699d3ed869c4..aeda65466f3e 100644
--- a/net/mac80211/rc80211_pid_algo.c
+++ b/net/mac80211/rc80211_pid_algo.c
@@ -13,6 +13,7 @@
13#include <linux/types.h> 13#include <linux/types.h>
14#include <linux/skbuff.h> 14#include <linux/skbuff.h>
15#include <linux/debugfs.h> 15#include <linux/debugfs.h>
16#include <linux/slab.h>
16#include <net/mac80211.h> 17#include <net/mac80211.h>
17#include "rate.h" 18#include "rate.h"
18#include "mesh.h" 19#include "mesh.h"
@@ -157,9 +158,7 @@ static void rate_control_pid_sample(struct rc_pid_info *pinfo,
157 158
158 /* In case nothing happened during the previous control interval, turn 159 /* In case nothing happened during the previous control interval, turn
159 * the sharpening factor on. */ 160 * the sharpening factor on. */
160 period = (HZ * pinfo->sampling_period + 500) / 1000; 161 period = msecs_to_jiffies(pinfo->sampling_period);
161 if (!period)
162 period = 1;
163 if (jiffies - spinfo->last_sample > 2 * period) 162 if (jiffies - spinfo->last_sample > 2 * period)
164 spinfo->sharp_cnt = pinfo->sharpen_duration; 163 spinfo->sharp_cnt = pinfo->sharpen_duration;
165 164
@@ -190,7 +189,7 @@ static void rate_control_pid_sample(struct rc_pid_info *pinfo,
190 rate_control_pid_normalize(pinfo, sband->n_bitrates); 189 rate_control_pid_normalize(pinfo, sband->n_bitrates);
191 190
192 /* Compute the proportional, integral and derivative errors. */ 191 /* Compute the proportional, integral and derivative errors. */
193 err_prop = (pinfo->target << RC_PID_ARITH_SHIFT) - pf; 192 err_prop = (pinfo->target - pf) << RC_PID_ARITH_SHIFT;
194 193
195 err_avg = spinfo->err_avg_sc >> pinfo->smoothing_shift; 194 err_avg = spinfo->err_avg_sc >> pinfo->smoothing_shift;
196 spinfo->err_avg_sc = spinfo->err_avg_sc - err_avg + err_prop; 195 spinfo->err_avg_sc = spinfo->err_avg_sc - err_avg + err_prop;
@@ -252,9 +251,7 @@ static void rate_control_pid_tx_status(void *priv, struct ieee80211_supported_ba
252 } 251 }
253 252
254 /* Update PID controller state. */ 253 /* Update PID controller state. */
255 period = (HZ * pinfo->sampling_period + 500) / 1000; 254 period = msecs_to_jiffies(pinfo->sampling_period);
256 if (!period)
257 period = 1;
258 if (time_after(jiffies, spinfo->last_sample + period)) 255 if (time_after(jiffies, spinfo->last_sample + period))
259 rate_control_pid_sample(pinfo, sband, sta, spinfo); 256 rate_control_pid_sample(pinfo, sband, sta, spinfo);
260} 257}
diff --git a/net/mac80211/rc80211_pid_debugfs.c b/net/mac80211/rc80211_pid_debugfs.c
index 45667054a5f3..47438b4a9af5 100644
--- a/net/mac80211/rc80211_pid_debugfs.c
+++ b/net/mac80211/rc80211_pid_debugfs.c
@@ -12,6 +12,7 @@
12#include <linux/netdevice.h> 12#include <linux/netdevice.h>
13#include <linux/types.h> 13#include <linux/types.h>
14#include <linux/skbuff.h> 14#include <linux/skbuff.h>
15#include <linux/slab.h>
15 16
16#include <net/mac80211.h> 17#include <net/mac80211.h>
17#include "rate.h" 18#include "rate.h"
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 7170bf4565a8..04ea07f0e78a 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -2,7 +2,7 @@
2 * Copyright 2002-2005, Instant802 Networks, Inc. 2 * Copyright 2002-2005, Instant802 Networks, Inc.
3 * Copyright 2005-2006, Devicescape Software, Inc. 3 * Copyright 2005-2006, Devicescape Software, Inc.
4 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 4 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
5 * Copyright 2007 Johannes Berg <johannes@sipsolutions.net> 5 * Copyright 2007-2010 Johannes Berg <johannes@sipsolutions.net>
6 * 6 *
7 * This program is free software; you can redistribute it and/or modify 7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as 8 * it under the terms of the GNU General Public License version 2 as
@@ -10,6 +10,7 @@
10 */ 10 */
11 11
12#include <linux/jiffies.h> 12#include <linux/jiffies.h>
13#include <linux/slab.h>
13#include <linux/kernel.h> 14#include <linux/kernel.h>
14#include <linux/skbuff.h> 15#include <linux/skbuff.h>
15#include <linux/netdevice.h> 16#include <linux/netdevice.h>
@@ -27,11 +28,6 @@
27#include "tkip.h" 28#include "tkip.h"
28#include "wme.h" 29#include "wme.h"
29 30
30static u8 ieee80211_sta_manage_reorder_buf(struct ieee80211_hw *hw,
31 struct tid_ampdu_rx *tid_agg_rx,
32 struct sk_buff *skb,
33 u16 mpdu_seq_num,
34 int bar_req);
35/* 31/*
36 * monitor mode reception 32 * monitor mode reception
37 * 33 *
@@ -39,11 +35,8 @@ static u8 ieee80211_sta_manage_reorder_buf(struct ieee80211_hw *hw,
39 * only useful for monitoring. 35 * only useful for monitoring.
40 */ 36 */
41static struct sk_buff *remove_monitor_info(struct ieee80211_local *local, 37static struct sk_buff *remove_monitor_info(struct ieee80211_local *local,
42 struct sk_buff *skb, 38 struct sk_buff *skb)
43 int rtap_len)
44{ 39{
45 skb_pull(skb, rtap_len);
46
47 if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS) { 40 if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS) {
48 if (likely(skb->len > FCS_LEN)) 41 if (likely(skb->len > FCS_LEN))
49 skb_trim(skb, skb->len - FCS_LEN); 42 skb_trim(skb, skb->len - FCS_LEN);
@@ -59,15 +52,14 @@ static struct sk_buff *remove_monitor_info(struct ieee80211_local *local,
59} 52}
60 53
61static inline int should_drop_frame(struct sk_buff *skb, 54static inline int should_drop_frame(struct sk_buff *skb,
62 int present_fcs_len, 55 int present_fcs_len)
63 int radiotap_len)
64{ 56{
65 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); 57 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
66 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 58 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
67 59
68 if (status->flag & (RX_FLAG_FAILED_FCS_CRC | RX_FLAG_FAILED_PLCP_CRC)) 60 if (status->flag & (RX_FLAG_FAILED_FCS_CRC | RX_FLAG_FAILED_PLCP_CRC))
69 return 1; 61 return 1;
70 if (unlikely(skb->len < 16 + present_fcs_len + radiotap_len)) 62 if (unlikely(skb->len < 16 + present_fcs_len))
71 return 1; 63 return 1;
72 if (ieee80211_is_ctl(hdr->frame_control) && 64 if (ieee80211_is_ctl(hdr->frame_control) &&
73 !ieee80211_is_pspoll(hdr->frame_control) && 65 !ieee80211_is_pspoll(hdr->frame_control) &&
@@ -95,10 +87,6 @@ ieee80211_rx_radiotap_len(struct ieee80211_local *local,
95 if (len & 1) /* padding for RX_FLAGS if necessary */ 87 if (len & 1) /* padding for RX_FLAGS if necessary */
96 len++; 88 len++;
97 89
98 /* make sure radiotap starts at a naturally aligned address */
99 if (len % 8)
100 len = roundup(len, 8);
101
102 return len; 90 return len;
103} 91}
104 92
@@ -116,6 +104,7 @@ ieee80211_add_rx_radiotap_header(struct ieee80211_local *local,
116 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); 104 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
117 struct ieee80211_radiotap_header *rthdr; 105 struct ieee80211_radiotap_header *rthdr;
118 unsigned char *pos; 106 unsigned char *pos;
107 u16 rx_flags = 0;
119 108
120 rthdr = (struct ieee80211_radiotap_header *)skb_push(skb, rtap_len); 109 rthdr = (struct ieee80211_radiotap_header *)skb_push(skb, rtap_len);
121 memset(rthdr, 0, rtap_len); 110 memset(rthdr, 0, rtap_len);
@@ -134,7 +123,7 @@ ieee80211_add_rx_radiotap_header(struct ieee80211_local *local,
134 123
135 /* IEEE80211_RADIOTAP_TSFT */ 124 /* IEEE80211_RADIOTAP_TSFT */
136 if (status->flag & RX_FLAG_TSFT) { 125 if (status->flag & RX_FLAG_TSFT) {
137 *(__le64 *)pos = cpu_to_le64(status->mactime); 126 put_unaligned_le64(status->mactime, pos);
138 rthdr->it_present |= 127 rthdr->it_present |=
139 cpu_to_le32(1 << IEEE80211_RADIOTAP_TSFT); 128 cpu_to_le32(1 << IEEE80211_RADIOTAP_TSFT);
140 pos += 8; 129 pos += 8;
@@ -166,17 +155,20 @@ ieee80211_add_rx_radiotap_header(struct ieee80211_local *local,
166 pos++; 155 pos++;
167 156
168 /* IEEE80211_RADIOTAP_CHANNEL */ 157 /* IEEE80211_RADIOTAP_CHANNEL */
169 *(__le16 *)pos = cpu_to_le16(status->freq); 158 put_unaligned_le16(status->freq, pos);
170 pos += 2; 159 pos += 2;
171 if (status->band == IEEE80211_BAND_5GHZ) 160 if (status->band == IEEE80211_BAND_5GHZ)
172 *(__le16 *)pos = cpu_to_le16(IEEE80211_CHAN_OFDM | 161 put_unaligned_le16(IEEE80211_CHAN_OFDM | IEEE80211_CHAN_5GHZ,
173 IEEE80211_CHAN_5GHZ); 162 pos);
163 else if (status->flag & RX_FLAG_HT)
164 put_unaligned_le16(IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ,
165 pos);
174 else if (rate->flags & IEEE80211_RATE_ERP_G) 166 else if (rate->flags & IEEE80211_RATE_ERP_G)
175 *(__le16 *)pos = cpu_to_le16(IEEE80211_CHAN_OFDM | 167 put_unaligned_le16(IEEE80211_CHAN_OFDM | IEEE80211_CHAN_2GHZ,
176 IEEE80211_CHAN_2GHZ); 168 pos);
177 else 169 else
178 *(__le16 *)pos = cpu_to_le16(IEEE80211_CHAN_CCK | 170 put_unaligned_le16(IEEE80211_CHAN_CCK | IEEE80211_CHAN_2GHZ,
179 IEEE80211_CHAN_2GHZ); 171 pos);
180 pos += 2; 172 pos += 2;
181 173
182 /* IEEE80211_RADIOTAP_DBM_ANTSIGNAL */ 174 /* IEEE80211_RADIOTAP_DBM_ANTSIGNAL */
@@ -205,10 +197,11 @@ ieee80211_add_rx_radiotap_header(struct ieee80211_local *local,
205 197
206 /* IEEE80211_RADIOTAP_RX_FLAGS */ 198 /* IEEE80211_RADIOTAP_RX_FLAGS */
207 /* ensure 2 byte alignment for the 2 byte field as required */ 199 /* ensure 2 byte alignment for the 2 byte field as required */
208 if ((pos - (unsigned char *)rthdr) & 1) 200 if ((pos - (u8 *)rthdr) & 1)
209 pos++; 201 pos++;
210 if (status->flag & RX_FLAG_FAILED_PLCP_CRC) 202 if (status->flag & RX_FLAG_FAILED_PLCP_CRC)
211 *(__le16 *)pos |= cpu_to_le16(IEEE80211_RADIOTAP_F_RX_BADPLCP); 203 rx_flags |= IEEE80211_RADIOTAP_F_RX_BADPLCP;
204 put_unaligned_le16(rx_flags, pos);
212 pos += 2; 205 pos += 2;
213} 206}
214 207
@@ -227,7 +220,6 @@ ieee80211_rx_monitor(struct ieee80211_local *local, struct sk_buff *origskb,
227 struct sk_buff *skb, *skb2; 220 struct sk_buff *skb, *skb2;
228 struct net_device *prev_dev = NULL; 221 struct net_device *prev_dev = NULL;
229 int present_fcs_len = 0; 222 int present_fcs_len = 0;
230 int rtap_len = 0;
231 223
232 /* 224 /*
233 * First, we may need to make a copy of the skb because 225 * First, we may need to make a copy of the skb because
@@ -237,25 +229,23 @@ ieee80211_rx_monitor(struct ieee80211_local *local, struct sk_buff *origskb,
237 * We don't need to, of course, if we aren't going to return 229 * We don't need to, of course, if we aren't going to return
238 * the SKB because it has a bad FCS/PLCP checksum. 230 * the SKB because it has a bad FCS/PLCP checksum.
239 */ 231 */
240 if (status->flag & RX_FLAG_RADIOTAP) 232
241 rtap_len = ieee80211_get_radiotap_len(origskb->data); 233 /* room for the radiotap header based on driver features */
242 else 234 needed_headroom = ieee80211_rx_radiotap_len(local, status);
243 /* room for the radiotap header based on driver features */
244 needed_headroom = ieee80211_rx_radiotap_len(local, status);
245 235
246 if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS) 236 if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS)
247 present_fcs_len = FCS_LEN; 237 present_fcs_len = FCS_LEN;
248 238
249 if (!local->monitors) { 239 if (!local->monitors) {
250 if (should_drop_frame(origskb, present_fcs_len, rtap_len)) { 240 if (should_drop_frame(origskb, present_fcs_len)) {
251 dev_kfree_skb(origskb); 241 dev_kfree_skb(origskb);
252 return NULL; 242 return NULL;
253 } 243 }
254 244
255 return remove_monitor_info(local, origskb, rtap_len); 245 return remove_monitor_info(local, origskb);
256 } 246 }
257 247
258 if (should_drop_frame(origskb, present_fcs_len, rtap_len)) { 248 if (should_drop_frame(origskb, present_fcs_len)) {
259 /* only need to expand headroom if necessary */ 249 /* only need to expand headroom if necessary */
260 skb = origskb; 250 skb = origskb;
261 origskb = NULL; 251 origskb = NULL;
@@ -279,16 +269,14 @@ ieee80211_rx_monitor(struct ieee80211_local *local, struct sk_buff *origskb,
279 */ 269 */
280 skb = skb_copy_expand(origskb, needed_headroom, 0, GFP_ATOMIC); 270 skb = skb_copy_expand(origskb, needed_headroom, 0, GFP_ATOMIC);
281 271
282 origskb = remove_monitor_info(local, origskb, rtap_len); 272 origskb = remove_monitor_info(local, origskb);
283 273
284 if (!skb) 274 if (!skb)
285 return origskb; 275 return origskb;
286 } 276 }
287 277
288 /* if necessary, prepend radiotap information */ 278 /* prepend radiotap information */
289 if (!(status->flag & RX_FLAG_RADIOTAP)) 279 ieee80211_add_rx_radiotap_header(local, skb, rate, needed_headroom);
290 ieee80211_add_rx_radiotap_header(local, skb, rate,
291 needed_headroom);
292 280
293 skb_reset_mac_header(skb); 281 skb_reset_mac_header(skb);
294 skb->ip_summed = CHECKSUM_UNNECESSARY; 282 skb->ip_summed = CHECKSUM_UNNECESSARY;
@@ -296,15 +284,15 @@ ieee80211_rx_monitor(struct ieee80211_local *local, struct sk_buff *origskb,
296 skb->protocol = htons(ETH_P_802_2); 284 skb->protocol = htons(ETH_P_802_2);
297 285
298 list_for_each_entry_rcu(sdata, &local->interfaces, list) { 286 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
299 if (!netif_running(sdata->dev))
300 continue;
301
302 if (sdata->vif.type != NL80211_IFTYPE_MONITOR) 287 if (sdata->vif.type != NL80211_IFTYPE_MONITOR)
303 continue; 288 continue;
304 289
305 if (sdata->u.mntr_flags & MONITOR_FLAG_COOK_FRAMES) 290 if (sdata->u.mntr_flags & MONITOR_FLAG_COOK_FRAMES)
306 continue; 291 continue;
307 292
293 if (!ieee80211_sdata_running(sdata))
294 continue;
295
308 if (prev_dev) { 296 if (prev_dev) {
309 skb2 = skb_clone(skb, GFP_ATOMIC); 297 skb2 = skb_clone(skb, GFP_ATOMIC);
310 if (skb2) { 298 if (skb2) {
@@ -374,7 +362,9 @@ static void ieee80211_parse_qos(struct ieee80211_rx_data *rx)
374 * boundary. In the case of regular frames, this simply means aligning the 362 * boundary. In the case of regular frames, this simply means aligning the
375 * payload to a four-byte boundary (because either the IP header is directly 363 * payload to a four-byte boundary (because either the IP header is directly
376 * contained, or IV/RFC1042 headers that have a length divisible by four are 364 * contained, or IV/RFC1042 headers that have a length divisible by four are
377 * in front of it). 365 * in front of it). If the payload data is not properly aligned and the
366 * architecture doesn't support efficient unaligned operations, mac80211
367 * will align the data.
378 * 368 *
379 * With A-MSDU frames, however, the payload data address must yield two modulo 369 * With A-MSDU frames, however, the payload data address must yield two modulo
380 * four because there are 14-byte 802.3 headers within the A-MSDU frames that 370 * four because there are 14-byte 802.3 headers within the A-MSDU frames that
@@ -388,25 +378,10 @@ static void ieee80211_parse_qos(struct ieee80211_rx_data *rx)
388 */ 378 */
389static void ieee80211_verify_alignment(struct ieee80211_rx_data *rx) 379static void ieee80211_verify_alignment(struct ieee80211_rx_data *rx)
390{ 380{
391 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; 381#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
392 int hdrlen; 382 WARN_ONCE((unsigned long)rx->skb->data & 1,
393 383 "unaligned packet at 0x%p\n", rx->skb->data);
394#ifndef CONFIG_MAC80211_DEBUG_PACKET_ALIGNMENT
395 return;
396#endif 384#endif
397
398 if (WARN_ONCE((unsigned long)rx->skb->data & 1,
399 "unaligned packet at 0x%p\n", rx->skb->data))
400 return;
401
402 if (!ieee80211_is_data_present(hdr->frame_control))
403 return;
404
405 hdrlen = ieee80211_hdrlen(hdr->frame_control);
406 if (rx->flags & IEEE80211_RX_AMSDU)
407 hdrlen += ETH_HLEN;
408 WARN_ONCE(((unsigned long)(rx->skb->data + hdrlen)) & 3,
409 "unaligned IP payload at 0x%p\n", rx->skb->data + hdrlen);
410} 385}
411 386
412 387
@@ -489,7 +464,7 @@ ieee80211_rx_mesh_check(struct ieee80211_rx_data *rx)
489{ 464{
490 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; 465 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
491 unsigned int hdrlen = ieee80211_hdrlen(hdr->frame_control); 466 unsigned int hdrlen = ieee80211_hdrlen(hdr->frame_control);
492 char *dev_addr = rx->dev->dev_addr; 467 char *dev_addr = rx->sdata->vif.addr;
493 468
494 if (ieee80211_is_data(hdr->frame_control)) { 469 if (ieee80211_is_data(hdr->frame_control)) {
495 if (is_multicast_ether_addr(hdr->addr1)) { 470 if (is_multicast_ether_addr(hdr->addr1)) {
@@ -518,7 +493,7 @@ ieee80211_rx_mesh_check(struct ieee80211_rx_data *rx)
518 493
519 if (ieee80211_is_action(hdr->frame_control)) { 494 if (ieee80211_is_action(hdr->frame_control)) {
520 mgmt = (struct ieee80211_mgmt *)hdr; 495 mgmt = (struct ieee80211_mgmt *)hdr;
521 if (mgmt->u.action.category != PLINK_CATEGORY) 496 if (mgmt->u.action.category != MESH_PLINK_CATEGORY)
522 return RX_DROP_MONITOR; 497 return RX_DROP_MONITOR;
523 return RX_CONTINUE; 498 return RX_CONTINUE;
524 } 499 }
@@ -543,6 +518,242 @@ ieee80211_rx_mesh_check(struct ieee80211_rx_data *rx)
543 return RX_CONTINUE; 518 return RX_CONTINUE;
544} 519}
545 520
521#define SEQ_MODULO 0x1000
522#define SEQ_MASK 0xfff
523
524static inline int seq_less(u16 sq1, u16 sq2)
525{
526 return ((sq1 - sq2) & SEQ_MASK) > (SEQ_MODULO >> 1);
527}
528
529static inline u16 seq_inc(u16 sq)
530{
531 return (sq + 1) & SEQ_MASK;
532}
533
534static inline u16 seq_sub(u16 sq1, u16 sq2)
535{
536 return (sq1 - sq2) & SEQ_MASK;
537}
538
539
540static void ieee80211_release_reorder_frame(struct ieee80211_hw *hw,
541 struct tid_ampdu_rx *tid_agg_rx,
542 int index,
543 struct sk_buff_head *frames)
544{
545 struct ieee80211_supported_band *sband;
546 struct ieee80211_rate *rate = NULL;
547 struct sk_buff *skb = tid_agg_rx->reorder_buf[index];
548 struct ieee80211_rx_status *status;
549
550 if (!skb)
551 goto no_frame;
552
553 status = IEEE80211_SKB_RXCB(skb);
554
555 /* release the reordered frames to stack */
556 sband = hw->wiphy->bands[status->band];
557 if (!(status->flag & RX_FLAG_HT))
558 rate = &sband->bitrates[status->rate_idx];
559 tid_agg_rx->stored_mpdu_num--;
560 tid_agg_rx->reorder_buf[index] = NULL;
561 __skb_queue_tail(frames, skb);
562
563no_frame:
564 tid_agg_rx->head_seq_num = seq_inc(tid_agg_rx->head_seq_num);
565}
566
567static void ieee80211_release_reorder_frames(struct ieee80211_hw *hw,
568 struct tid_ampdu_rx *tid_agg_rx,
569 u16 head_seq_num,
570 struct sk_buff_head *frames)
571{
572 int index;
573
574 while (seq_less(tid_agg_rx->head_seq_num, head_seq_num)) {
575 index = seq_sub(tid_agg_rx->head_seq_num, tid_agg_rx->ssn) %
576 tid_agg_rx->buf_size;
577 ieee80211_release_reorder_frame(hw, tid_agg_rx, index, frames);
578 }
579}
580
581/*
582 * Timeout (in jiffies) for skb's that are waiting in the RX reorder buffer. If
583 * the skb was added to the buffer longer than this time ago, the earlier
584 * frames that have not yet been received are assumed to be lost and the skb
585 * can be released for processing. This may also release other skb's from the
586 * reorder buffer if there are no additional gaps between the frames.
587 */
588#define HT_RX_REORDER_BUF_TIMEOUT (HZ / 10)
589
590/*
591 * As this function belongs to the RX path it must be under
592 * rcu_read_lock protection. It returns false if the frame
593 * can be processed immediately, true if it was consumed.
594 */
595static bool ieee80211_sta_manage_reorder_buf(struct ieee80211_hw *hw,
596 struct tid_ampdu_rx *tid_agg_rx,
597 struct sk_buff *skb,
598 struct sk_buff_head *frames)
599{
600 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
601 u16 sc = le16_to_cpu(hdr->seq_ctrl);
602 u16 mpdu_seq_num = (sc & IEEE80211_SCTL_SEQ) >> 4;
603 u16 head_seq_num, buf_size;
604 int index;
605
606 buf_size = tid_agg_rx->buf_size;
607 head_seq_num = tid_agg_rx->head_seq_num;
608
609 /* frame with out of date sequence number */
610 if (seq_less(mpdu_seq_num, head_seq_num)) {
611 dev_kfree_skb(skb);
612 return true;
613 }
614
615 /*
616 * If frame the sequence number exceeds our buffering window
617 * size release some previous frames to make room for this one.
618 */
619 if (!seq_less(mpdu_seq_num, head_seq_num + buf_size)) {
620 head_seq_num = seq_inc(seq_sub(mpdu_seq_num, buf_size));
621 /* release stored frames up to new head to stack */
622 ieee80211_release_reorder_frames(hw, tid_agg_rx, head_seq_num,
623 frames);
624 }
625
626 /* Now the new frame is always in the range of the reordering buffer */
627
628 index = seq_sub(mpdu_seq_num, tid_agg_rx->ssn) % tid_agg_rx->buf_size;
629
630 /* check if we already stored this frame */
631 if (tid_agg_rx->reorder_buf[index]) {
632 dev_kfree_skb(skb);
633 return true;
634 }
635
636 /*
637 * If the current MPDU is in the right order and nothing else
638 * is stored we can process it directly, no need to buffer it.
639 */
640 if (mpdu_seq_num == tid_agg_rx->head_seq_num &&
641 tid_agg_rx->stored_mpdu_num == 0) {
642 tid_agg_rx->head_seq_num = seq_inc(tid_agg_rx->head_seq_num);
643 return false;
644 }
645
646 /* put the frame in the reordering buffer */
647 tid_agg_rx->reorder_buf[index] = skb;
648 tid_agg_rx->reorder_time[index] = jiffies;
649 tid_agg_rx->stored_mpdu_num++;
650 /* release the buffer until next missing frame */
651 index = seq_sub(tid_agg_rx->head_seq_num, tid_agg_rx->ssn) %
652 tid_agg_rx->buf_size;
653 if (!tid_agg_rx->reorder_buf[index] &&
654 tid_agg_rx->stored_mpdu_num > 1) {
655 /*
656 * No buffers ready to be released, but check whether any
657 * frames in the reorder buffer have timed out.
658 */
659 int j;
660 int skipped = 1;
661 for (j = (index + 1) % tid_agg_rx->buf_size; j != index;
662 j = (j + 1) % tid_agg_rx->buf_size) {
663 if (!tid_agg_rx->reorder_buf[j]) {
664 skipped++;
665 continue;
666 }
667 if (!time_after(jiffies, tid_agg_rx->reorder_time[j] +
668 HT_RX_REORDER_BUF_TIMEOUT))
669 break;
670
671#ifdef CONFIG_MAC80211_HT_DEBUG
672 if (net_ratelimit())
673 printk(KERN_DEBUG "%s: release an RX reorder "
674 "frame due to timeout on earlier "
675 "frames\n",
676 wiphy_name(hw->wiphy));
677#endif
678 ieee80211_release_reorder_frame(hw, tid_agg_rx,
679 j, frames);
680
681 /*
682 * Increment the head seq# also for the skipped slots.
683 */
684 tid_agg_rx->head_seq_num =
685 (tid_agg_rx->head_seq_num + skipped) & SEQ_MASK;
686 skipped = 0;
687 }
688 } else while (tid_agg_rx->reorder_buf[index]) {
689 ieee80211_release_reorder_frame(hw, tid_agg_rx, index, frames);
690 index = seq_sub(tid_agg_rx->head_seq_num, tid_agg_rx->ssn) %
691 tid_agg_rx->buf_size;
692 }
693
694 return true;
695}
696
697/*
698 * Reorder MPDUs from A-MPDUs, keeping them on a buffer. Returns
699 * true if the MPDU was buffered, false if it should be processed.
700 */
701static void ieee80211_rx_reorder_ampdu(struct ieee80211_rx_data *rx,
702 struct sk_buff_head *frames)
703{
704 struct sk_buff *skb = rx->skb;
705 struct ieee80211_local *local = rx->local;
706 struct ieee80211_hw *hw = &local->hw;
707 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
708 struct sta_info *sta = rx->sta;
709 struct tid_ampdu_rx *tid_agg_rx;
710 u16 sc;
711 int tid;
712
713 if (!ieee80211_is_data_qos(hdr->frame_control))
714 goto dont_reorder;
715
716 /*
717 * filter the QoS data rx stream according to
718 * STA/TID and check if this STA/TID is on aggregation
719 */
720
721 if (!sta)
722 goto dont_reorder;
723
724 tid = *ieee80211_get_qos_ctl(hdr) & IEEE80211_QOS_CTL_TID_MASK;
725
726 if (sta->ampdu_mlme.tid_state_rx[tid] != HT_AGG_STATE_OPERATIONAL)
727 goto dont_reorder;
728
729 tid_agg_rx = sta->ampdu_mlme.tid_rx[tid];
730
731 /* qos null data frames are excluded */
732 if (unlikely(hdr->frame_control & cpu_to_le16(IEEE80211_STYPE_NULLFUNC)))
733 goto dont_reorder;
734
735 /* new, potentially un-ordered, ampdu frame - process it */
736
737 /* reset session timer */
738 if (tid_agg_rx->timeout)
739 mod_timer(&tid_agg_rx->session_timer,
740 TU_TO_EXP_TIME(tid_agg_rx->timeout));
741
742 /* if this mpdu is fragmented - terminate rx aggregation session */
743 sc = le16_to_cpu(hdr->seq_ctrl);
744 if (sc & IEEE80211_SCTL_FRAG) {
745 ieee80211_sta_stop_rx_ba_session(sta->sdata, sta->sta.addr,
746 tid, 0, WLAN_REASON_QSTA_REQUIRE_SETUP);
747 dev_kfree_skb(skb);
748 return;
749 }
750
751 if (ieee80211_sta_manage_reorder_buf(hw, tid_agg_rx, skb, frames))
752 return;
753
754 dont_reorder:
755 __skb_queue_tail(frames, skb);
756}
546 757
547static ieee80211_rx_result debug_noinline 758static ieee80211_rx_result debug_noinline
548ieee80211_rx_h_check(struct ieee80211_rx_data *rx) 759ieee80211_rx_h_check(struct ieee80211_rx_data *rx)
@@ -603,7 +814,9 @@ ieee80211_rx_h_check(struct ieee80211_rx_data *rx)
603static ieee80211_rx_result debug_noinline 814static ieee80211_rx_result debug_noinline
604ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx) 815ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
605{ 816{
606 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; 817 struct sk_buff *skb = rx->skb;
818 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
819 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
607 int keyidx; 820 int keyidx;
608 int hdrlen; 821 int hdrlen;
609 ieee80211_rx_result result = RX_DROP_UNUSABLE; 822 ieee80211_rx_result result = RX_DROP_UNUSABLE;
@@ -644,6 +857,9 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
644 if (!(rx->flags & IEEE80211_RX_RA_MATCH)) 857 if (!(rx->flags & IEEE80211_RX_RA_MATCH))
645 return RX_CONTINUE; 858 return RX_CONTINUE;
646 859
860 /* start without a key */
861 rx->key = NULL;
862
647 if (rx->sta) 863 if (rx->sta)
648 stakey = rcu_dereference(rx->sta->key); 864 stakey = rcu_dereference(rx->sta->key);
649 865
@@ -657,8 +873,8 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
657 return RX_CONTINUE; 873 return RX_CONTINUE;
658 } else if (mmie_keyidx >= 0) { 874 } else if (mmie_keyidx >= 0) {
659 /* Broadcast/multicast robust management frame / BIP */ 875 /* Broadcast/multicast robust management frame / BIP */
660 if ((rx->status->flag & RX_FLAG_DECRYPTED) && 876 if ((status->flag & RX_FLAG_DECRYPTED) &&
661 (rx->status->flag & RX_FLAG_IV_STRIPPED)) 877 (status->flag & RX_FLAG_IV_STRIPPED))
662 return RX_CONTINUE; 878 return RX_CONTINUE;
663 879
664 if (mmie_keyidx < NUM_DEFAULT_KEYS || 880 if (mmie_keyidx < NUM_DEFAULT_KEYS ||
@@ -690,8 +906,8 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
690 * we somehow allow the driver to tell us which key 906 * we somehow allow the driver to tell us which key
691 * the hardware used if this flag is set? 907 * the hardware used if this flag is set?
692 */ 908 */
693 if ((rx->status->flag & RX_FLAG_DECRYPTED) && 909 if ((status->flag & RX_FLAG_DECRYPTED) &&
694 (rx->status->flag & RX_FLAG_IV_STRIPPED)) 910 (status->flag & RX_FLAG_IV_STRIPPED))
695 return RX_CONTINUE; 911 return RX_CONTINUE;
696 912
697 hdrlen = ieee80211_hdrlen(hdr->frame_control); 913 hdrlen = ieee80211_hdrlen(hdr->frame_control);
@@ -727,8 +943,8 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
727 /* Check for weak IVs if possible */ 943 /* Check for weak IVs if possible */
728 if (rx->sta && rx->key->conf.alg == ALG_WEP && 944 if (rx->sta && rx->key->conf.alg == ALG_WEP &&
729 ieee80211_is_data(hdr->frame_control) && 945 ieee80211_is_data(hdr->frame_control) &&
730 (!(rx->status->flag & RX_FLAG_IV_STRIPPED) || 946 (!(status->flag & RX_FLAG_IV_STRIPPED) ||
731 !(rx->status->flag & RX_FLAG_DECRYPTED)) && 947 !(status->flag & RX_FLAG_DECRYPTED)) &&
732 ieee80211_wep_is_weak_iv(rx->skb, rx->key)) 948 ieee80211_wep_is_weak_iv(rx->skb, rx->key))
733 rx->sta->wep_weak_iv_count++; 949 rx->sta->wep_weak_iv_count++;
734 950
@@ -748,7 +964,7 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
748 } 964 }
749 965
750 /* either the frame has been decrypted or will be dropped */ 966 /* either the frame has been decrypted or will be dropped */
751 rx->status->flag |= RX_FLAG_DECRYPTED; 967 status->flag |= RX_FLAG_DECRYPTED;
752 968
753 return result; 969 return result;
754} 970}
@@ -792,53 +1008,45 @@ static void ap_sta_ps_start(struct sta_info *sta)
792 struct ieee80211_local *local = sdata->local; 1008 struct ieee80211_local *local = sdata->local;
793 1009
794 atomic_inc(&sdata->bss->num_sta_ps); 1010 atomic_inc(&sdata->bss->num_sta_ps);
795 set_sta_flags(sta, WLAN_STA_PS); 1011 set_sta_flags(sta, WLAN_STA_PS_STA);
796 drv_sta_notify(local, &sdata->vif, STA_NOTIFY_SLEEP, &sta->sta); 1012 drv_sta_notify(local, sdata, STA_NOTIFY_SLEEP, &sta->sta);
797#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 1013#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
798 printk(KERN_DEBUG "%s: STA %pM aid %d enters power save mode\n", 1014 printk(KERN_DEBUG "%s: STA %pM aid %d enters power save mode\n",
799 sdata->dev->name, sta->sta.addr, sta->sta.aid); 1015 sdata->name, sta->sta.addr, sta->sta.aid);
800#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */ 1016#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
801} 1017}
802 1018
803static int ap_sta_ps_end(struct sta_info *sta) 1019static void ap_sta_ps_end(struct sta_info *sta)
804{ 1020{
805 struct ieee80211_sub_if_data *sdata = sta->sdata; 1021 struct ieee80211_sub_if_data *sdata = sta->sdata;
806 struct ieee80211_local *local = sdata->local;
807 int sent, buffered;
808 1022
809 atomic_dec(&sdata->bss->num_sta_ps); 1023 atomic_dec(&sdata->bss->num_sta_ps);
810 1024
811 clear_sta_flags(sta, WLAN_STA_PS); 1025 clear_sta_flags(sta, WLAN_STA_PS_STA);
812 drv_sta_notify(local, &sdata->vif, STA_NOTIFY_AWAKE, &sta->sta);
813
814 if (!skb_queue_empty(&sta->ps_tx_buf))
815 sta_info_clear_tim_bit(sta);
816 1026
817#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 1027#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
818 printk(KERN_DEBUG "%s: STA %pM aid %d exits power save mode\n", 1028 printk(KERN_DEBUG "%s: STA %pM aid %d exits power save mode\n",
819 sdata->dev->name, sta->sta.addr, sta->sta.aid); 1029 sdata->name, sta->sta.addr, sta->sta.aid);
820#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */ 1030#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
821 1031
822 /* Send all buffered frames to the station */ 1032 if (test_sta_flags(sta, WLAN_STA_PS_DRIVER)) {
823 sent = ieee80211_add_pending_skbs(local, &sta->tx_filtered);
824 buffered = ieee80211_add_pending_skbs(local, &sta->ps_tx_buf);
825 sent += buffered;
826 local->total_ps_buffered -= buffered;
827
828#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 1033#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
829 printk(KERN_DEBUG "%s: STA %pM aid %d sending %d filtered/%d PS frames " 1034 printk(KERN_DEBUG "%s: STA %pM aid %d driver-ps-blocked\n",
830 "since STA not sleeping anymore\n", sdata->dev->name, 1035 sdata->name, sta->sta.addr, sta->sta.aid);
831 sta->sta.addr, sta->sta.aid, sent - buffered, buffered);
832#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */ 1036#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
1037 return;
1038 }
833 1039
834 return sent; 1040 ieee80211_sta_ps_deliver_wakeup(sta);
835} 1041}
836 1042
837static ieee80211_rx_result debug_noinline 1043static ieee80211_rx_result debug_noinline
838ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx) 1044ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx)
839{ 1045{
840 struct sta_info *sta = rx->sta; 1046 struct sta_info *sta = rx->sta;
841 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; 1047 struct sk_buff *skb = rx->skb;
1048 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
1049 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
842 1050
843 if (!sta) 1051 if (!sta)
844 return RX_CONTINUE; 1052 return RX_CONTINUE;
@@ -869,9 +1077,8 @@ ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx)
869 1077
870 sta->rx_fragments++; 1078 sta->rx_fragments++;
871 sta->rx_bytes += rx->skb->len; 1079 sta->rx_bytes += rx->skb->len;
872 sta->last_signal = rx->status->signal; 1080 sta->last_signal = status->signal;
873 sta->last_qual = rx->status->qual; 1081 sta->last_noise = status->noise;
874 sta->last_noise = rx->status->noise;
875 1082
876 /* 1083 /*
877 * Change STA power saving mode only at the end of a frame 1084 * Change STA power saving mode only at the end of a frame
@@ -880,7 +1087,7 @@ ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx)
880 if (!ieee80211_has_morefrags(hdr->frame_control) && 1087 if (!ieee80211_has_morefrags(hdr->frame_control) &&
881 (rx->sdata->vif.type == NL80211_IFTYPE_AP || 1088 (rx->sdata->vif.type == NL80211_IFTYPE_AP ||
882 rx->sdata->vif.type == NL80211_IFTYPE_AP_VLAN)) { 1089 rx->sdata->vif.type == NL80211_IFTYPE_AP_VLAN)) {
883 if (test_sta_flags(sta, WLAN_STA_PS)) { 1090 if (test_sta_flags(sta, WLAN_STA_PS_STA)) {
884 /* 1091 /*
885 * Ignore doze->wake transitions that are 1092 * Ignore doze->wake transitions that are
886 * indicated by non-data frames, the standard 1093 * indicated by non-data frames, the standard
@@ -891,19 +1098,36 @@ ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx)
891 */ 1098 */
892 if (ieee80211_is_data(hdr->frame_control) && 1099 if (ieee80211_is_data(hdr->frame_control) &&
893 !ieee80211_has_pm(hdr->frame_control)) 1100 !ieee80211_has_pm(hdr->frame_control))
894 rx->sent_ps_buffered += ap_sta_ps_end(sta); 1101 ap_sta_ps_end(sta);
895 } else { 1102 } else {
896 if (ieee80211_has_pm(hdr->frame_control)) 1103 if (ieee80211_has_pm(hdr->frame_control))
897 ap_sta_ps_start(sta); 1104 ap_sta_ps_start(sta);
898 } 1105 }
899 } 1106 }
900 1107
901 /* Drop data::nullfunc frames silently, since they are used only to 1108 /*
902 * control station power saving mode. */ 1109 * Drop (qos-)data::nullfunc frames silently, since they
903 if (ieee80211_is_nullfunc(hdr->frame_control)) { 1110 * are used only to control station power saving mode.
1111 */
1112 if (ieee80211_is_nullfunc(hdr->frame_control) ||
1113 ieee80211_is_qos_nullfunc(hdr->frame_control)) {
904 I802_DEBUG_INC(rx->local->rx_handlers_drop_nullfunc); 1114 I802_DEBUG_INC(rx->local->rx_handlers_drop_nullfunc);
905 /* Update counter and free packet here to avoid counting this 1115
906 * as a dropped packed. */ 1116 /*
1117 * If we receive a 4-addr nullfunc frame from a STA
1118 * that was not moved to a 4-addr STA vlan yet, drop
1119 * the frame to the monitor interface, to make sure
1120 * that hostapd sees it
1121 */
1122 if (ieee80211_has_a4(hdr->frame_control) &&
1123 (rx->sdata->vif.type == NL80211_IFTYPE_AP ||
1124 (rx->sdata->vif.type == NL80211_IFTYPE_AP_VLAN &&
1125 !rx->sdata->u.vlan.sta)))
1126 return RX_DROP_MONITOR;
1127 /*
1128 * Update counter and free packet here to avoid
1129 * counting this as a dropped packed.
1130 */
907 sta->rx_packets++; 1131 sta->rx_packets++;
908 dev_kfree_skb(rx->skb); 1132 dev_kfree_skb(rx->skb);
909 return RX_QUEUED; 1133 return RX_QUEUED;
@@ -932,7 +1156,7 @@ ieee80211_reassemble_add(struct ieee80211_sub_if_data *sdata,
932 printk(KERN_DEBUG "%s: RX reassembly removed oldest " 1156 printk(KERN_DEBUG "%s: RX reassembly removed oldest "
933 "fragment entry (idx=%d age=%lu seq=%d last_frag=%d " 1157 "fragment entry (idx=%d age=%lu seq=%d last_frag=%d "
934 "addr1=%pM addr2=%pM\n", 1158 "addr1=%pM addr2=%pM\n",
935 sdata->dev->name, idx, 1159 sdata->name, idx,
936 jiffies - entry->first_frag_time, entry->seq, 1160 jiffies - entry->first_frag_time, entry->seq,
937 entry->last_frag, hdr->addr1, hdr->addr2); 1161 entry->last_frag, hdr->addr1, hdr->addr2);
938#endif 1162#endif
@@ -1103,9 +1327,7 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
1103static ieee80211_rx_result debug_noinline 1327static ieee80211_rx_result debug_noinline
1104ieee80211_rx_h_ps_poll(struct ieee80211_rx_data *rx) 1328ieee80211_rx_h_ps_poll(struct ieee80211_rx_data *rx)
1105{ 1329{
1106 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev); 1330 struct ieee80211_sub_if_data *sdata = rx->sdata;
1107 struct sk_buff *skb;
1108 int no_pending_pkts;
1109 __le16 fc = ((struct ieee80211_hdr *)rx->skb->data)->frame_control; 1331 __le16 fc = ((struct ieee80211_hdr *)rx->skb->data)->frame_control;
1110 1332
1111 if (likely(!rx->sta || !ieee80211_is_pspoll(fc) || 1333 if (likely(!rx->sta || !ieee80211_is_pspoll(fc) ||
@@ -1116,56 +1338,10 @@ ieee80211_rx_h_ps_poll(struct ieee80211_rx_data *rx)
1116 (sdata->vif.type != NL80211_IFTYPE_AP_VLAN)) 1338 (sdata->vif.type != NL80211_IFTYPE_AP_VLAN))
1117 return RX_DROP_UNUSABLE; 1339 return RX_DROP_UNUSABLE;
1118 1340
1119 skb = skb_dequeue(&rx->sta->tx_filtered); 1341 if (!test_sta_flags(rx->sta, WLAN_STA_PS_DRIVER))
1120 if (!skb) { 1342 ieee80211_sta_ps_deliver_poll_response(rx->sta);
1121 skb = skb_dequeue(&rx->sta->ps_tx_buf); 1343 else
1122 if (skb) 1344 set_sta_flags(rx->sta, WLAN_STA_PSPOLL);
1123 rx->local->total_ps_buffered--;
1124 }
1125 no_pending_pkts = skb_queue_empty(&rx->sta->tx_filtered) &&
1126 skb_queue_empty(&rx->sta->ps_tx_buf);
1127
1128 if (skb) {
1129 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1130 struct ieee80211_hdr *hdr =
1131 (struct ieee80211_hdr *) skb->data;
1132
1133 /*
1134 * Tell TX path to send this frame even though the STA may
1135 * still remain is PS mode after this frame exchange.
1136 */
1137 info->flags |= IEEE80211_TX_CTL_PSPOLL_RESPONSE;
1138
1139#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
1140 printk(KERN_DEBUG "STA %pM aid %d: PS Poll (entries after %d)\n",
1141 rx->sta->sta.addr, rx->sta->sta.aid,
1142 skb_queue_len(&rx->sta->ps_tx_buf));
1143#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
1144
1145 /* Use MoreData flag to indicate whether there are more
1146 * buffered frames for this STA */
1147 if (no_pending_pkts)
1148 hdr->frame_control &= cpu_to_le16(~IEEE80211_FCTL_MOREDATA);
1149 else
1150 hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_MOREDATA);
1151
1152 ieee80211_add_pending_skb(rx->local, skb);
1153
1154 if (no_pending_pkts)
1155 sta_info_clear_tim_bit(rx->sta);
1156#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
1157 } else if (!rx->sent_ps_buffered) {
1158 /*
1159 * FIXME: This can be the result of a race condition between
1160 * us expiring a frame and the station polling for it.
1161 * Should we send it a null-func frame indicating we
1162 * have nothing buffered for it?
1163 */
1164 printk(KERN_DEBUG "%s: STA %pM sent PS Poll even "
1165 "though there are no buffered frames for it\n",
1166 rx->dev->name, rx->sta->sta.addr);
1167#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
1168 }
1169 1345
1170 /* Free PS Poll skb here instead of returning RX_DROP that would 1346 /* Free PS Poll skb here instead of returning RX_DROP that would
1171 * count as an dropped frame. */ 1347 * count as an dropped frame. */
@@ -1206,11 +1382,14 @@ ieee80211_802_1x_port_control(struct ieee80211_rx_data *rx)
1206static int 1382static int
1207ieee80211_drop_unencrypted(struct ieee80211_rx_data *rx, __le16 fc) 1383ieee80211_drop_unencrypted(struct ieee80211_rx_data *rx, __le16 fc)
1208{ 1384{
1385 struct sk_buff *skb = rx->skb;
1386 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
1387
1209 /* 1388 /*
1210 * Pass through unencrypted frames if the hardware has 1389 * Pass through unencrypted frames if the hardware has
1211 * decrypted them already. 1390 * decrypted them already.
1212 */ 1391 */
1213 if (rx->status->flag & RX_FLAG_DECRYPTED) 1392 if (status->flag & RX_FLAG_DECRYPTED)
1214 return 0; 1393 return 0;
1215 1394
1216 /* Drop unencrypted frames if key is set. */ 1395 /* Drop unencrypted frames if key is set. */
@@ -1219,13 +1398,28 @@ ieee80211_drop_unencrypted(struct ieee80211_rx_data *rx, __le16 fc)
1219 ieee80211_is_data(fc) && 1398 ieee80211_is_data(fc) &&
1220 (rx->key || rx->sdata->drop_unencrypted))) 1399 (rx->key || rx->sdata->drop_unencrypted)))
1221 return -EACCES; 1400 return -EACCES;
1401
1402 return 0;
1403}
1404
1405static int
1406ieee80211_drop_unencrypted_mgmt(struct ieee80211_rx_data *rx)
1407{
1408 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
1409 __le16 fc = hdr->frame_control;
1410 int res;
1411
1412 res = ieee80211_drop_unencrypted(rx, fc);
1413 if (unlikely(res))
1414 return res;
1415
1222 if (rx->sta && test_sta_flags(rx->sta, WLAN_STA_MFP)) { 1416 if (rx->sta && test_sta_flags(rx->sta, WLAN_STA_MFP)) {
1223 if (unlikely(ieee80211_is_unicast_robust_mgmt_frame(rx->skb) && 1417 if (unlikely(ieee80211_is_unicast_robust_mgmt_frame(rx->skb) &&
1224 rx->key)) 1418 rx->key))
1225 return -EACCES; 1419 return -EACCES;
1226 /* BIP does not use Protected field, so need to check MMIE */ 1420 /* BIP does not use Protected field, so need to check MMIE */
1227 if (unlikely(ieee80211_is_multicast_robust_mgmt_frame(rx->skb) 1421 if (unlikely(ieee80211_is_multicast_robust_mgmt_frame(rx->skb) &&
1228 && ieee80211_get_mmie_keyidx(rx->skb) < 0 && 1422 ieee80211_get_mmie_keyidx(rx->skb) < 0 &&
1229 rx->key)) 1423 rx->key))
1230 return -EACCES; 1424 return -EACCES;
1231 /* 1425 /*
@@ -1244,10 +1438,19 @@ ieee80211_drop_unencrypted(struct ieee80211_rx_data *rx, __le16 fc)
1244static int 1438static int
1245__ieee80211_data_to_8023(struct ieee80211_rx_data *rx) 1439__ieee80211_data_to_8023(struct ieee80211_rx_data *rx)
1246{ 1440{
1247 struct net_device *dev = rx->dev; 1441 struct ieee80211_sub_if_data *sdata = rx->sdata;
1248 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1442 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
1443
1444 if (ieee80211_has_a4(hdr->frame_control) &&
1445 sdata->vif.type == NL80211_IFTYPE_AP_VLAN && !sdata->u.vlan.sta)
1446 return -1;
1249 1447
1250 return ieee80211_data_to_8023(rx->skb, dev->dev_addr, sdata->vif.type); 1448 if (is_multicast_ether_addr(hdr->addr1) &&
1449 ((sdata->vif.type == NL80211_IFTYPE_AP_VLAN && sdata->u.vlan.sta) ||
1450 (sdata->vif.type == NL80211_IFTYPE_STATION && sdata->u.mgd.use_4addr)))
1451 return -1;
1452
1453 return ieee80211_data_to_8023(rx->skb, sdata->vif.addr, sdata->vif.type);
1251} 1454}
1252 1455
1253/* 1456/*
@@ -1264,7 +1467,7 @@ static bool ieee80211_frame_allowed(struct ieee80211_rx_data *rx, __le16 fc)
1264 * of whether the frame was encrypted or not. 1467 * of whether the frame was encrypted or not.
1265 */ 1468 */
1266 if (ehdr->h_proto == htons(ETH_P_PAE) && 1469 if (ehdr->h_proto == htons(ETH_P_PAE) &&
1267 (compare_ether_addr(ehdr->h_dest, rx->dev->dev_addr) == 0 || 1470 (compare_ether_addr(ehdr->h_dest, rx->sdata->vif.addr) == 0 ||
1268 compare_ether_addr(ehdr->h_dest, pae_group_addr) == 0)) 1471 compare_ether_addr(ehdr->h_dest, pae_group_addr) == 0))
1269 return true; 1472 return true;
1270 1473
@@ -1281,10 +1484,9 @@ static bool ieee80211_frame_allowed(struct ieee80211_rx_data *rx, __le16 fc)
1281static void 1484static void
1282ieee80211_deliver_skb(struct ieee80211_rx_data *rx) 1485ieee80211_deliver_skb(struct ieee80211_rx_data *rx)
1283{ 1486{
1284 struct net_device *dev = rx->dev; 1487 struct ieee80211_sub_if_data *sdata = rx->sdata;
1285 struct ieee80211_local *local = rx->local; 1488 struct net_device *dev = sdata->dev;
1286 struct sk_buff *skb, *xmit_skb; 1489 struct sk_buff *skb, *xmit_skb;
1287 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1288 struct ethhdr *ehdr = (struct ethhdr *) rx->skb->data; 1490 struct ethhdr *ehdr = (struct ethhdr *) rx->skb->data;
1289 struct sta_info *dsta; 1491 struct sta_info *dsta;
1290 1492
@@ -1294,7 +1496,8 @@ ieee80211_deliver_skb(struct ieee80211_rx_data *rx)
1294 if ((sdata->vif.type == NL80211_IFTYPE_AP || 1496 if ((sdata->vif.type == NL80211_IFTYPE_AP ||
1295 sdata->vif.type == NL80211_IFTYPE_AP_VLAN) && 1497 sdata->vif.type == NL80211_IFTYPE_AP_VLAN) &&
1296 !(sdata->flags & IEEE80211_SDATA_DONT_BRIDGE_PACKETS) && 1498 !(sdata->flags & IEEE80211_SDATA_DONT_BRIDGE_PACKETS) &&
1297 (rx->flags & IEEE80211_RX_RA_MATCH)) { 1499 (rx->flags & IEEE80211_RX_RA_MATCH) &&
1500 (sdata->vif.type != NL80211_IFTYPE_AP_VLAN || !sdata->u.vlan.sta)) {
1298 if (is_multicast_ether_addr(ehdr->h_dest)) { 1501 if (is_multicast_ether_addr(ehdr->h_dest)) {
1299 /* 1502 /*
1300 * send multicast frames both to higher layers in 1503 * send multicast frames both to higher layers in
@@ -1305,8 +1508,8 @@ ieee80211_deliver_skb(struct ieee80211_rx_data *rx)
1305 printk(KERN_DEBUG "%s: failed to clone " 1508 printk(KERN_DEBUG "%s: failed to clone "
1306 "multicast frame\n", dev->name); 1509 "multicast frame\n", dev->name);
1307 } else { 1510 } else {
1308 dsta = sta_info_get(local, skb->data); 1511 dsta = sta_info_get(sdata, skb->data);
1309 if (dsta && dsta->sdata->dev == dev) { 1512 if (dsta) {
1310 /* 1513 /*
1311 * The destination station is associated to 1514 * The destination station is associated to
1312 * this AP (in this VLAN), so send the frame 1515 * this AP (in this VLAN), so send the frame
@@ -1322,7 +1525,7 @@ ieee80211_deliver_skb(struct ieee80211_rx_data *rx)
1322 if (skb) { 1525 if (skb) {
1323 int align __maybe_unused; 1526 int align __maybe_unused;
1324 1527
1325#if defined(CONFIG_MAC80211_DEBUG_PACKET_ALIGNMENT) || !defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) 1528#ifndef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS
1326 /* 1529 /*
1327 * 'align' will only take the values 0 or 2 here 1530 * 'align' will only take the values 0 or 2 here
1328 * since all frames are required to be aligned 1531 * since all frames are required to be aligned
@@ -1337,10 +1540,10 @@ ieee80211_deliver_skb(struct ieee80211_rx_data *rx)
1337 skb = NULL; 1540 skb = NULL;
1338 } else { 1541 } else {
1339 u8 *data = skb->data; 1542 u8 *data = skb->data;
1340 size_t len = skb->len; 1543 size_t len = skb_headlen(skb);
1341 u8 *new = __skb_push(skb, align); 1544 skb->data -= align;
1342 memmove(new, data, len); 1545 memmove(skb->data, data, len);
1343 __skb_trim(skb, len); 1546 skb_set_tail_pointer(skb, len);
1344 } 1547 }
1345 } 1548 }
1346#endif 1549#endif
@@ -1365,17 +1568,11 @@ ieee80211_deliver_skb(struct ieee80211_rx_data *rx)
1365static ieee80211_rx_result debug_noinline 1568static ieee80211_rx_result debug_noinline
1366ieee80211_rx_h_amsdu(struct ieee80211_rx_data *rx) 1569ieee80211_rx_h_amsdu(struct ieee80211_rx_data *rx)
1367{ 1570{
1368 struct net_device *dev = rx->dev; 1571 struct net_device *dev = rx->sdata->dev;
1369 struct ieee80211_local *local = rx->local; 1572 struct sk_buff *skb = rx->skb;
1370 u16 ethertype;
1371 u8 *payload;
1372 struct sk_buff *skb = rx->skb, *frame = NULL;
1373 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 1573 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
1374 __le16 fc = hdr->frame_control; 1574 __le16 fc = hdr->frame_control;
1375 const struct ethhdr *eth; 1575 struct sk_buff_head frame_list;
1376 int remaining, err;
1377 u8 dst[ETH_ALEN];
1378 u8 src[ETH_ALEN];
1379 1576
1380 if (unlikely(!ieee80211_is_data(fc))) 1577 if (unlikely(!ieee80211_is_data(fc)))
1381 return RX_CONTINUE; 1578 return RX_CONTINUE;
@@ -1386,94 +1583,34 @@ ieee80211_rx_h_amsdu(struct ieee80211_rx_data *rx)
1386 if (!(rx->flags & IEEE80211_RX_AMSDU)) 1583 if (!(rx->flags & IEEE80211_RX_AMSDU))
1387 return RX_CONTINUE; 1584 return RX_CONTINUE;
1388 1585
1389 err = __ieee80211_data_to_8023(rx); 1586 if (ieee80211_has_a4(hdr->frame_control) &&
1390 if (unlikely(err)) 1587 rx->sdata->vif.type == NL80211_IFTYPE_AP_VLAN &&
1588 !rx->sdata->u.vlan.sta)
1391 return RX_DROP_UNUSABLE; 1589 return RX_DROP_UNUSABLE;
1392 1590
1393 skb->dev = dev; 1591 if (is_multicast_ether_addr(hdr->addr1) &&
1394 1592 ((rx->sdata->vif.type == NL80211_IFTYPE_AP_VLAN &&
1395 dev->stats.rx_packets++; 1593 rx->sdata->u.vlan.sta) ||
1396 dev->stats.rx_bytes += skb->len; 1594 (rx->sdata->vif.type == NL80211_IFTYPE_STATION &&
1397 1595 rx->sdata->u.mgd.use_4addr)))
1398 /* skip the wrapping header */
1399 eth = (struct ethhdr *) skb_pull(skb, sizeof(struct ethhdr));
1400 if (!eth)
1401 return RX_DROP_UNUSABLE; 1596 return RX_DROP_UNUSABLE;
1402 1597
1403 while (skb != frame) { 1598 skb->dev = dev;
1404 u8 padding; 1599 __skb_queue_head_init(&frame_list);
1405 __be16 len = eth->h_proto;
1406 unsigned int subframe_len = sizeof(struct ethhdr) + ntohs(len);
1407
1408 remaining = skb->len;
1409 memcpy(dst, eth->h_dest, ETH_ALEN);
1410 memcpy(src, eth->h_source, ETH_ALEN);
1411
1412 padding = ((4 - subframe_len) & 0x3);
1413 /* the last MSDU has no padding */
1414 if (subframe_len > remaining)
1415 return RX_DROP_UNUSABLE;
1416 1600
1417 skb_pull(skb, sizeof(struct ethhdr)); 1601 ieee80211_amsdu_to_8023s(skb, &frame_list, dev->dev_addr,
1418 /* if last subframe reuse skb */ 1602 rx->sdata->vif.type,
1419 if (remaining <= subframe_len + padding) 1603 rx->local->hw.extra_tx_headroom);
1420 frame = skb;
1421 else {
1422 /*
1423 * Allocate and reserve two bytes more for payload
1424 * alignment since sizeof(struct ethhdr) is 14.
1425 */
1426 frame = dev_alloc_skb(
1427 ALIGN(local->hw.extra_tx_headroom, 4) +
1428 subframe_len + 2);
1429
1430 if (frame == NULL)
1431 return RX_DROP_UNUSABLE;
1432
1433 skb_reserve(frame,
1434 ALIGN(local->hw.extra_tx_headroom, 4) +
1435 sizeof(struct ethhdr) + 2);
1436 memcpy(skb_put(frame, ntohs(len)), skb->data,
1437 ntohs(len));
1438
1439 eth = (struct ethhdr *) skb_pull(skb, ntohs(len) +
1440 padding);
1441 if (!eth) {
1442 dev_kfree_skb(frame);
1443 return RX_DROP_UNUSABLE;
1444 }
1445 }
1446 1604
1447 skb_reset_network_header(frame); 1605 while (!skb_queue_empty(&frame_list)) {
1448 frame->dev = dev; 1606 rx->skb = __skb_dequeue(&frame_list);
1449 frame->priority = skb->priority;
1450 rx->skb = frame;
1451
1452 payload = frame->data;
1453 ethertype = (payload[6] << 8) | payload[7];
1454
1455 if (likely((compare_ether_addr(payload, rfc1042_header) == 0 &&
1456 ethertype != ETH_P_AARP && ethertype != ETH_P_IPX) ||
1457 compare_ether_addr(payload,
1458 bridge_tunnel_header) == 0)) {
1459 /* remove RFC1042 or Bridge-Tunnel
1460 * encapsulation and replace EtherType */
1461 skb_pull(frame, 6);
1462 memcpy(skb_push(frame, ETH_ALEN), src, ETH_ALEN);
1463 memcpy(skb_push(frame, ETH_ALEN), dst, ETH_ALEN);
1464 } else {
1465 memcpy(skb_push(frame, sizeof(__be16)),
1466 &len, sizeof(__be16));
1467 memcpy(skb_push(frame, ETH_ALEN), src, ETH_ALEN);
1468 memcpy(skb_push(frame, ETH_ALEN), dst, ETH_ALEN);
1469 }
1470 1607
1471 if (!ieee80211_frame_allowed(rx, fc)) { 1608 if (!ieee80211_frame_allowed(rx, fc)) {
1472 if (skb == frame) /* last frame */ 1609 dev_kfree_skb(rx->skb);
1473 return RX_DROP_UNUSABLE;
1474 dev_kfree_skb(frame);
1475 continue; 1610 continue;
1476 } 1611 }
1612 dev->stats.rx_packets++;
1613 dev->stats.rx_bytes += rx->skb->len;
1477 1614
1478 ieee80211_deliver_skb(rx); 1615 ieee80211_deliver_skb(rx);
1479 } 1616 }
@@ -1490,12 +1627,11 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
1490 unsigned int hdrlen; 1627 unsigned int hdrlen;
1491 struct sk_buff *skb = rx->skb, *fwd_skb; 1628 struct sk_buff *skb = rx->skb, *fwd_skb;
1492 struct ieee80211_local *local = rx->local; 1629 struct ieee80211_local *local = rx->local;
1493 struct ieee80211_sub_if_data *sdata; 1630 struct ieee80211_sub_if_data *sdata = rx->sdata;
1494 1631
1495 hdr = (struct ieee80211_hdr *) skb->data; 1632 hdr = (struct ieee80211_hdr *) skb->data;
1496 hdrlen = ieee80211_hdrlen(hdr->frame_control); 1633 hdrlen = ieee80211_hdrlen(hdr->frame_control);
1497 mesh_hdr = (struct ieee80211s_hdr *) (skb->data + hdrlen); 1634 mesh_hdr = (struct ieee80211s_hdr *) (skb->data + hdrlen);
1498 sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev);
1499 1635
1500 if (!ieee80211_is_data(hdr->frame_control)) 1636 if (!ieee80211_is_data(hdr->frame_control))
1501 return RX_CONTINUE; 1637 return RX_CONTINUE;
@@ -1504,19 +1640,27 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
1504 /* illegal frame */ 1640 /* illegal frame */
1505 return RX_DROP_MONITOR; 1641 return RX_DROP_MONITOR;
1506 1642
1507 if (!is_multicast_ether_addr(hdr->addr1) && 1643 if (mesh_hdr->flags & MESH_FLAGS_AE) {
1508 (mesh_hdr->flags & MESH_FLAGS_AE_A5_A6)) {
1509 struct mesh_path *mppath; 1644 struct mesh_path *mppath;
1645 char *proxied_addr;
1646 char *mpp_addr;
1647
1648 if (is_multicast_ether_addr(hdr->addr1)) {
1649 mpp_addr = hdr->addr3;
1650 proxied_addr = mesh_hdr->eaddr1;
1651 } else {
1652 mpp_addr = hdr->addr4;
1653 proxied_addr = mesh_hdr->eaddr2;
1654 }
1510 1655
1511 rcu_read_lock(); 1656 rcu_read_lock();
1512 mppath = mpp_path_lookup(mesh_hdr->eaddr2, sdata); 1657 mppath = mpp_path_lookup(proxied_addr, sdata);
1513 if (!mppath) { 1658 if (!mppath) {
1514 mpp_path_add(mesh_hdr->eaddr2, hdr->addr4, sdata); 1659 mpp_path_add(proxied_addr, mpp_addr, sdata);
1515 } else { 1660 } else {
1516 spin_lock_bh(&mppath->state_lock); 1661 spin_lock_bh(&mppath->state_lock);
1517 mppath->exp_time = jiffies; 1662 if (compare_ether_addr(mppath->mpp, mpp_addr) != 0)
1518 if (compare_ether_addr(mppath->mpp, hdr->addr4) != 0) 1663 memcpy(mppath->mpp, mpp_addr, ETH_ALEN);
1519 memcpy(mppath->mpp, hdr->addr4, ETH_ALEN);
1520 spin_unlock_bh(&mppath->state_lock); 1664 spin_unlock_bh(&mppath->state_lock);
1521 } 1665 }
1522 rcu_read_unlock(); 1666 rcu_read_unlock();
@@ -1524,7 +1668,7 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
1524 1668
1525 /* Frame has reached destination. Don't forward */ 1669 /* Frame has reached destination. Don't forward */
1526 if (!is_multicast_ether_addr(hdr->addr1) && 1670 if (!is_multicast_ether_addr(hdr->addr1) &&
1527 compare_ether_addr(rx->dev->dev_addr, hdr->addr3) == 0) 1671 compare_ether_addr(sdata->vif.addr, hdr->addr3) == 0)
1528 return RX_CONTINUE; 1672 return RX_CONTINUE;
1529 1673
1530 mesh_hdr->ttl--; 1674 mesh_hdr->ttl--;
@@ -1541,15 +1685,17 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
1541 1685
1542 if (!fwd_skb && net_ratelimit()) 1686 if (!fwd_skb && net_ratelimit())
1543 printk(KERN_DEBUG "%s: failed to clone mesh frame\n", 1687 printk(KERN_DEBUG "%s: failed to clone mesh frame\n",
1544 rx->dev->name); 1688 sdata->name);
1545 1689
1546 fwd_hdr = (struct ieee80211_hdr *) fwd_skb->data; 1690 fwd_hdr = (struct ieee80211_hdr *) fwd_skb->data;
1547 memcpy(fwd_hdr->addr2, rx->dev->dev_addr, ETH_ALEN); 1691 memcpy(fwd_hdr->addr2, sdata->vif.addr, ETH_ALEN);
1548 info = IEEE80211_SKB_CB(fwd_skb); 1692 info = IEEE80211_SKB_CB(fwd_skb);
1549 memset(info, 0, sizeof(*info)); 1693 memset(info, 0, sizeof(*info));
1550 info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING; 1694 info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING;
1551 info->control.vif = &rx->sdata->vif; 1695 info->control.vif = &rx->sdata->vif;
1552 ieee80211_select_queue(local, fwd_skb); 1696 skb_set_queue_mapping(skb,
1697 ieee80211_select_queue(rx->sdata, fwd_skb));
1698 ieee80211_set_qos_hdr(local, skb);
1553 if (is_multicast_ether_addr(fwd_hdr->addr1)) 1699 if (is_multicast_ether_addr(fwd_hdr->addr1))
1554 IEEE80211_IFSTA_MESH_CTR_INC(&sdata->u.mesh, 1700 IEEE80211_IFSTA_MESH_CTR_INC(&sdata->u.mesh,
1555 fwded_mcast); 1701 fwded_mcast);
@@ -1578,7 +1724,7 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
1578 } 1724 }
1579 1725
1580 if (is_multicast_ether_addr(hdr->addr1) || 1726 if (is_multicast_ether_addr(hdr->addr1) ||
1581 rx->dev->flags & IFF_PROMISC) 1727 sdata->dev->flags & IFF_PROMISC)
1582 return RX_CONTINUE; 1728 return RX_CONTINUE;
1583 else 1729 else
1584 return RX_DROP_MONITOR; 1730 return RX_DROP_MONITOR;
@@ -1588,7 +1734,9 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
1588static ieee80211_rx_result debug_noinline 1734static ieee80211_rx_result debug_noinline
1589ieee80211_rx_h_data(struct ieee80211_rx_data *rx) 1735ieee80211_rx_h_data(struct ieee80211_rx_data *rx)
1590{ 1736{
1591 struct net_device *dev = rx->dev; 1737 struct ieee80211_sub_if_data *sdata = rx->sdata;
1738 struct ieee80211_local *local = rx->local;
1739 struct net_device *dev = sdata->dev;
1592 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; 1740 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
1593 __le16 fc = hdr->frame_control; 1741 __le16 fc = hdr->frame_control;
1594 int err; 1742 int err;
@@ -1599,6 +1747,14 @@ ieee80211_rx_h_data(struct ieee80211_rx_data *rx)
1599 if (unlikely(!ieee80211_is_data_present(hdr->frame_control))) 1747 if (unlikely(!ieee80211_is_data_present(hdr->frame_control)))
1600 return RX_DROP_MONITOR; 1748 return RX_DROP_MONITOR;
1601 1749
1750 /*
1751 * Allow the cooked monitor interface of an AP to see 4-addr frames so
1752 * that a 4-addr station can be detected and moved into a separate VLAN
1753 */
1754 if (ieee80211_has_a4(hdr->frame_control) &&
1755 sdata->vif.type == NL80211_IFTYPE_AP)
1756 return RX_DROP_MONITOR;
1757
1602 err = __ieee80211_data_to_8023(rx); 1758 err = __ieee80211_data_to_8023(rx);
1603 if (unlikely(err)) 1759 if (unlikely(err))
1604 return RX_DROP_UNUSABLE; 1760 return RX_DROP_UNUSABLE;
@@ -1611,13 +1767,20 @@ ieee80211_rx_h_data(struct ieee80211_rx_data *rx)
1611 dev->stats.rx_packets++; 1767 dev->stats.rx_packets++;
1612 dev->stats.rx_bytes += rx->skb->len; 1768 dev->stats.rx_bytes += rx->skb->len;
1613 1769
1770 if (ieee80211_is_data(hdr->frame_control) &&
1771 !is_multicast_ether_addr(hdr->addr1) &&
1772 local->hw.conf.dynamic_ps_timeout > 0 && local->ps_sdata) {
1773 mod_timer(&local->dynamic_ps_timer, jiffies +
1774 msecs_to_jiffies(local->hw.conf.dynamic_ps_timeout));
1775 }
1776
1614 ieee80211_deliver_skb(rx); 1777 ieee80211_deliver_skb(rx);
1615 1778
1616 return RX_QUEUED; 1779 return RX_QUEUED;
1617} 1780}
1618 1781
1619static ieee80211_rx_result debug_noinline 1782static ieee80211_rx_result debug_noinline
1620ieee80211_rx_h_ctrl(struct ieee80211_rx_data *rx) 1783ieee80211_rx_h_ctrl(struct ieee80211_rx_data *rx, struct sk_buff_head *frames)
1621{ 1784{
1622 struct ieee80211_local *local = rx->local; 1785 struct ieee80211_local *local = rx->local;
1623 struct ieee80211_hw *hw = &local->hw; 1786 struct ieee80211_hw *hw = &local->hw;
@@ -1632,11 +1795,11 @@ ieee80211_rx_h_ctrl(struct ieee80211_rx_data *rx)
1632 1795
1633 if (ieee80211_is_back_req(bar->frame_control)) { 1796 if (ieee80211_is_back_req(bar->frame_control)) {
1634 if (!rx->sta) 1797 if (!rx->sta)
1635 return RX_CONTINUE; 1798 return RX_DROP_MONITOR;
1636 tid = le16_to_cpu(bar->control) >> 12; 1799 tid = le16_to_cpu(bar->control) >> 12;
1637 if (rx->sta->ampdu_mlme.tid_state_rx[tid] 1800 if (rx->sta->ampdu_mlme.tid_state_rx[tid]
1638 != HT_AGG_STATE_OPERATIONAL) 1801 != HT_AGG_STATE_OPERATIONAL)
1639 return RX_CONTINUE; 1802 return RX_DROP_MONITOR;
1640 tid_agg_rx = rx->sta->ampdu_mlme.tid_rx[tid]; 1803 tid_agg_rx = rx->sta->ampdu_mlme.tid_rx[tid];
1641 1804
1642 start_seq_num = le16_to_cpu(bar->start_seq_num) >> 4; 1805 start_seq_num = le16_to_cpu(bar->start_seq_num) >> 4;
@@ -1646,13 +1809,11 @@ ieee80211_rx_h_ctrl(struct ieee80211_rx_data *rx)
1646 mod_timer(&tid_agg_rx->session_timer, 1809 mod_timer(&tid_agg_rx->session_timer,
1647 TU_TO_EXP_TIME(tid_agg_rx->timeout)); 1810 TU_TO_EXP_TIME(tid_agg_rx->timeout));
1648 1811
1649 /* manage reordering buffer according to requested */ 1812 /* release stored frames up to start of BAR */
1650 /* sequence number */ 1813 ieee80211_release_reorder_frames(hw, tid_agg_rx, start_seq_num,
1651 rcu_read_lock(); 1814 frames);
1652 ieee80211_sta_manage_reorder_buf(hw, tid_agg_rx, NULL, 1815 kfree_skb(skb);
1653 start_seq_num, 1); 1816 return RX_QUEUED;
1654 rcu_read_unlock();
1655 return RX_DROP_UNUSABLE;
1656 } 1817 }
1657 1818
1658 return RX_CONTINUE; 1819 return RX_CONTINUE;
@@ -1666,7 +1827,7 @@ static void ieee80211_process_sa_query_req(struct ieee80211_sub_if_data *sdata,
1666 struct sk_buff *skb; 1827 struct sk_buff *skb;
1667 struct ieee80211_mgmt *resp; 1828 struct ieee80211_mgmt *resp;
1668 1829
1669 if (compare_ether_addr(mgmt->da, sdata->dev->dev_addr) != 0) { 1830 if (compare_ether_addr(mgmt->da, sdata->vif.addr) != 0) {
1670 /* Not to own unicast address */ 1831 /* Not to own unicast address */
1671 return; 1832 return;
1672 } 1833 }
@@ -1690,7 +1851,7 @@ static void ieee80211_process_sa_query_req(struct ieee80211_sub_if_data *sdata,
1690 resp = (struct ieee80211_mgmt *) skb_put(skb, 24); 1851 resp = (struct ieee80211_mgmt *) skb_put(skb, 24);
1691 memset(resp, 0, 24); 1852 memset(resp, 0, 24);
1692 memcpy(resp->da, mgmt->sa, ETH_ALEN); 1853 memcpy(resp->da, mgmt->sa, ETH_ALEN);
1693 memcpy(resp->sa, sdata->dev->dev_addr, ETH_ALEN); 1854 memcpy(resp->sa, sdata->vif.addr, ETH_ALEN);
1694 memcpy(resp->bssid, sdata->u.mgd.bssid, ETH_ALEN); 1855 memcpy(resp->bssid, sdata->u.mgd.bssid, ETH_ALEN);
1695 resp->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 1856 resp->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
1696 IEEE80211_STYPE_ACTION); 1857 IEEE80211_STYPE_ACTION);
@@ -1701,32 +1862,34 @@ static void ieee80211_process_sa_query_req(struct ieee80211_sub_if_data *sdata,
1701 mgmt->u.action.u.sa_query.trans_id, 1862 mgmt->u.action.u.sa_query.trans_id,
1702 WLAN_SA_QUERY_TR_ID_LEN); 1863 WLAN_SA_QUERY_TR_ID_LEN);
1703 1864
1704 ieee80211_tx_skb(sdata, skb, 1); 1865 ieee80211_tx_skb(sdata, skb);
1705} 1866}
1706 1867
1707static ieee80211_rx_result debug_noinline 1868static ieee80211_rx_result debug_noinline
1708ieee80211_rx_h_action(struct ieee80211_rx_data *rx) 1869ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
1709{ 1870{
1710 struct ieee80211_local *local = rx->local; 1871 struct ieee80211_local *local = rx->local;
1711 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev); 1872 struct ieee80211_sub_if_data *sdata = rx->sdata;
1712 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) rx->skb->data; 1873 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) rx->skb->data;
1874 struct sk_buff *nskb;
1875 struct ieee80211_rx_status *status;
1713 int len = rx->skb->len; 1876 int len = rx->skb->len;
1714 1877
1715 if (!ieee80211_is_action(mgmt->frame_control)) 1878 if (!ieee80211_is_action(mgmt->frame_control))
1716 return RX_CONTINUE; 1879 return RX_CONTINUE;
1717 1880
1718 if (!rx->sta) 1881 /* drop too small frames */
1719 return RX_DROP_MONITOR; 1882 if (len < IEEE80211_MIN_ACTION_SIZE)
1883 return RX_DROP_UNUSABLE;
1720 1884
1721 if (!(rx->flags & IEEE80211_RX_RA_MATCH)) 1885 if (!rx->sta && mgmt->u.action.category != WLAN_CATEGORY_PUBLIC)
1722 return RX_DROP_MONITOR; 1886 return RX_DROP_UNUSABLE;
1723 1887
1724 if (ieee80211_drop_unencrypted(rx, mgmt->frame_control)) 1888 if (!(rx->flags & IEEE80211_RX_RA_MATCH))
1725 return RX_DROP_MONITOR; 1889 return RX_DROP_UNUSABLE;
1726 1890
1727 /* all categories we currently handle have action_code */ 1891 if (ieee80211_drop_unencrypted_mgmt(rx))
1728 if (len < IEEE80211_MIN_ACTION_SIZE + 1) 1892 return RX_DROP_UNUSABLE;
1729 return RX_DROP_MONITOR;
1730 1893
1731 switch (mgmt->u.action.category) { 1894 switch (mgmt->u.action.category) {
1732 case WLAN_CATEGORY_BACK: 1895 case WLAN_CATEGORY_BACK:
@@ -1739,7 +1902,11 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
1739 if (sdata->vif.type != NL80211_IFTYPE_STATION && 1902 if (sdata->vif.type != NL80211_IFTYPE_STATION &&
1740 sdata->vif.type != NL80211_IFTYPE_AP_VLAN && 1903 sdata->vif.type != NL80211_IFTYPE_AP_VLAN &&
1741 sdata->vif.type != NL80211_IFTYPE_AP) 1904 sdata->vif.type != NL80211_IFTYPE_AP)
1742 return RX_DROP_MONITOR; 1905 break;
1906
1907 /* verify action_code is present */
1908 if (len < IEEE80211_MIN_ACTION_SIZE + 1)
1909 break;
1743 1910
1744 switch (mgmt->u.action.u.addba_req.action_code) { 1911 switch (mgmt->u.action.u.addba_req.action_code) {
1745 case WLAN_ACTION_ADDBA_REQ: 1912 case WLAN_ACTION_ADDBA_REQ:
@@ -1747,45 +1914,49 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
1747 sizeof(mgmt->u.action.u.addba_req))) 1914 sizeof(mgmt->u.action.u.addba_req)))
1748 return RX_DROP_MONITOR; 1915 return RX_DROP_MONITOR;
1749 ieee80211_process_addba_request(local, rx->sta, mgmt, len); 1916 ieee80211_process_addba_request(local, rx->sta, mgmt, len);
1750 break; 1917 goto handled;
1751 case WLAN_ACTION_ADDBA_RESP: 1918 case WLAN_ACTION_ADDBA_RESP:
1752 if (len < (IEEE80211_MIN_ACTION_SIZE + 1919 if (len < (IEEE80211_MIN_ACTION_SIZE +
1753 sizeof(mgmt->u.action.u.addba_resp))) 1920 sizeof(mgmt->u.action.u.addba_resp)))
1754 return RX_DROP_MONITOR; 1921 break;
1755 ieee80211_process_addba_resp(local, rx->sta, mgmt, len); 1922 ieee80211_process_addba_resp(local, rx->sta, mgmt, len);
1756 break; 1923 goto handled;
1757 case WLAN_ACTION_DELBA: 1924 case WLAN_ACTION_DELBA:
1758 if (len < (IEEE80211_MIN_ACTION_SIZE + 1925 if (len < (IEEE80211_MIN_ACTION_SIZE +
1759 sizeof(mgmt->u.action.u.delba))) 1926 sizeof(mgmt->u.action.u.delba)))
1760 return RX_DROP_MONITOR; 1927 break;
1761 ieee80211_process_delba(sdata, rx->sta, mgmt, len); 1928 ieee80211_process_delba(sdata, rx->sta, mgmt, len);
1762 break; 1929 goto handled;
1763 } 1930 }
1764 break; 1931 break;
1765 case WLAN_CATEGORY_SPECTRUM_MGMT: 1932 case WLAN_CATEGORY_SPECTRUM_MGMT:
1766 if (local->hw.conf.channel->band != IEEE80211_BAND_5GHZ) 1933 if (local->hw.conf.channel->band != IEEE80211_BAND_5GHZ)
1767 return RX_DROP_MONITOR; 1934 break;
1768 1935
1769 if (sdata->vif.type != NL80211_IFTYPE_STATION) 1936 if (sdata->vif.type != NL80211_IFTYPE_STATION)
1770 return RX_DROP_MONITOR; 1937 break;
1938
1939 /* verify action_code is present */
1940 if (len < IEEE80211_MIN_ACTION_SIZE + 1)
1941 break;
1771 1942
1772 switch (mgmt->u.action.u.measurement.action_code) { 1943 switch (mgmt->u.action.u.measurement.action_code) {
1773 case WLAN_ACTION_SPCT_MSR_REQ: 1944 case WLAN_ACTION_SPCT_MSR_REQ:
1774 if (len < (IEEE80211_MIN_ACTION_SIZE + 1945 if (len < (IEEE80211_MIN_ACTION_SIZE +
1775 sizeof(mgmt->u.action.u.measurement))) 1946 sizeof(mgmt->u.action.u.measurement)))
1776 return RX_DROP_MONITOR; 1947 break;
1777 ieee80211_process_measurement_req(sdata, mgmt, len); 1948 ieee80211_process_measurement_req(sdata, mgmt, len);
1778 break; 1949 goto handled;
1779 case WLAN_ACTION_SPCT_CHL_SWITCH: 1950 case WLAN_ACTION_SPCT_CHL_SWITCH:
1780 if (len < (IEEE80211_MIN_ACTION_SIZE + 1951 if (len < (IEEE80211_MIN_ACTION_SIZE +
1781 sizeof(mgmt->u.action.u.chan_switch))) 1952 sizeof(mgmt->u.action.u.chan_switch)))
1782 return RX_DROP_MONITOR; 1953 break;
1783 1954
1784 if (sdata->vif.type != NL80211_IFTYPE_STATION) 1955 if (sdata->vif.type != NL80211_IFTYPE_STATION)
1785 return RX_DROP_MONITOR; 1956 break;
1786 1957
1787 if (memcmp(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN)) 1958 if (memcmp(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN))
1788 return RX_DROP_MONITOR; 1959 break;
1789 1960
1790 return ieee80211_sta_rx_mgmt(sdata, rx->skb); 1961 return ieee80211_sta_rx_mgmt(sdata, rx->skb);
1791 } 1962 }
@@ -1793,26 +1964,69 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
1793 case WLAN_CATEGORY_SA_QUERY: 1964 case WLAN_CATEGORY_SA_QUERY:
1794 if (len < (IEEE80211_MIN_ACTION_SIZE + 1965 if (len < (IEEE80211_MIN_ACTION_SIZE +
1795 sizeof(mgmt->u.action.u.sa_query))) 1966 sizeof(mgmt->u.action.u.sa_query)))
1796 return RX_DROP_MONITOR; 1967 break;
1968
1797 switch (mgmt->u.action.u.sa_query.action) { 1969 switch (mgmt->u.action.u.sa_query.action) {
1798 case WLAN_ACTION_SA_QUERY_REQUEST: 1970 case WLAN_ACTION_SA_QUERY_REQUEST:
1799 if (sdata->vif.type != NL80211_IFTYPE_STATION) 1971 if (sdata->vif.type != NL80211_IFTYPE_STATION)
1800 return RX_DROP_MONITOR; 1972 break;
1801 ieee80211_process_sa_query_req(sdata, mgmt, len); 1973 ieee80211_process_sa_query_req(sdata, mgmt, len);
1802 break; 1974 goto handled;
1803 case WLAN_ACTION_SA_QUERY_RESPONSE:
1804 /*
1805 * SA Query response is currently only used in AP mode
1806 * and it is processed in user space.
1807 */
1808 return RX_CONTINUE;
1809 } 1975 }
1810 break; 1976 break;
1811 default: 1977 case MESH_PLINK_CATEGORY:
1812 return RX_CONTINUE; 1978 case MESH_PATH_SEL_CATEGORY:
1979 if (ieee80211_vif_is_mesh(&sdata->vif))
1980 return ieee80211_mesh_rx_mgmt(sdata, rx->skb);
1981 break;
1813 } 1982 }
1814 1983
1815 rx->sta->rx_packets++; 1984 /*
1985 * For AP mode, hostapd is responsible for handling any action
1986 * frames that we didn't handle, including returning unknown
1987 * ones. For all other modes we will return them to the sender,
1988 * setting the 0x80 bit in the action category, as required by
1989 * 802.11-2007 7.3.1.11.
1990 */
1991 if (sdata->vif.type == NL80211_IFTYPE_AP ||
1992 sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
1993 return RX_DROP_MONITOR;
1994
1995 /*
1996 * Getting here means the kernel doesn't know how to handle
1997 * it, but maybe userspace does ... include returned frames
1998 * so userspace can register for those to know whether ones
1999 * it transmitted were processed or returned.
2000 */
2001 status = IEEE80211_SKB_RXCB(rx->skb);
2002
2003 if (sdata->vif.type == NL80211_IFTYPE_STATION &&
2004 cfg80211_rx_action(rx->sdata->dev, status->freq,
2005 rx->skb->data, rx->skb->len,
2006 GFP_ATOMIC))
2007 goto handled;
2008
2009 /* do not return rejected action frames */
2010 if (mgmt->u.action.category & 0x80)
2011 return RX_DROP_UNUSABLE;
2012
2013 nskb = skb_copy_expand(rx->skb, local->hw.extra_tx_headroom, 0,
2014 GFP_ATOMIC);
2015 if (nskb) {
2016 struct ieee80211_mgmt *mgmt = (void *)nskb->data;
2017
2018 mgmt->u.action.category |= 0x80;
2019 memcpy(mgmt->da, mgmt->sa, ETH_ALEN);
2020 memcpy(mgmt->sa, rx->sdata->vif.addr, ETH_ALEN);
2021
2022 memset(nskb->cb, 0, sizeof(nskb->cb));
2023
2024 ieee80211_tx_skb(rx->sdata, nskb);
2025 }
2026
2027 handled:
2028 if (rx->sta)
2029 rx->sta->rx_packets++;
1816 dev_kfree_skb(rx->skb); 2030 dev_kfree_skb(rx->skb);
1817 return RX_QUEUED; 2031 return RX_QUEUED;
1818} 2032}
@@ -1820,14 +2034,18 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
1820static ieee80211_rx_result debug_noinline 2034static ieee80211_rx_result debug_noinline
1821ieee80211_rx_h_mgmt(struct ieee80211_rx_data *rx) 2035ieee80211_rx_h_mgmt(struct ieee80211_rx_data *rx)
1822{ 2036{
1823 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev); 2037 struct ieee80211_sub_if_data *sdata = rx->sdata;
1824 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) rx->skb->data; 2038 ieee80211_rx_result rxs;
1825 2039
1826 if (!(rx->flags & IEEE80211_RX_RA_MATCH)) 2040 if (!(rx->flags & IEEE80211_RX_RA_MATCH))
1827 return RX_DROP_MONITOR; 2041 return RX_DROP_MONITOR;
1828 2042
1829 if (ieee80211_drop_unencrypted(rx, mgmt->frame_control)) 2043 if (ieee80211_drop_unencrypted_mgmt(rx))
1830 return RX_DROP_MONITOR; 2044 return RX_DROP_UNUSABLE;
2045
2046 rxs = ieee80211_work_rx_mgmt(rx->sdata, rx->skb);
2047 if (rxs != RX_CONTINUE)
2048 return rxs;
1831 2049
1832 if (ieee80211_vif_is_mesh(&sdata->vif)) 2050 if (ieee80211_vif_is_mesh(&sdata->vif))
1833 return ieee80211_mesh_rx_mgmt(sdata, rx->skb); 2051 return ieee80211_mesh_rx_mgmt(sdata, rx->skb);
@@ -1858,11 +2076,11 @@ static void ieee80211_rx_michael_mic_report(struct ieee80211_hdr *hdr,
1858 * Some hardware seem to generate incorrect Michael MIC 2076 * Some hardware seem to generate incorrect Michael MIC
1859 * reports; ignore them to avoid triggering countermeasures. 2077 * reports; ignore them to avoid triggering countermeasures.
1860 */ 2078 */
1861 goto ignore; 2079 return;
1862 } 2080 }
1863 2081
1864 if (!ieee80211_has_protected(hdr->frame_control)) 2082 if (!ieee80211_has_protected(hdr->frame_control))
1865 goto ignore; 2083 return;
1866 2084
1867 if (rx->sdata->vif.type == NL80211_IFTYPE_AP && keyidx) { 2085 if (rx->sdata->vif.type == NL80211_IFTYPE_AP && keyidx) {
1868 /* 2086 /*
@@ -1871,37 +2089,35 @@ static void ieee80211_rx_michael_mic_report(struct ieee80211_hdr *hdr,
1871 * group keys and only the AP is sending real multicast 2089 * group keys and only the AP is sending real multicast
1872 * frames in the BSS. 2090 * frames in the BSS.
1873 */ 2091 */
1874 goto ignore; 2092 return;
1875 } 2093 }
1876 2094
1877 if (!ieee80211_is_data(hdr->frame_control) && 2095 if (!ieee80211_is_data(hdr->frame_control) &&
1878 !ieee80211_is_auth(hdr->frame_control)) 2096 !ieee80211_is_auth(hdr->frame_control))
1879 goto ignore; 2097 return;
1880 2098
1881 mac80211_ev_michael_mic_failure(rx->sdata, keyidx, hdr, NULL, 2099 mac80211_ev_michael_mic_failure(rx->sdata, keyidx, hdr, NULL,
1882 GFP_ATOMIC); 2100 GFP_ATOMIC);
1883 ignore:
1884 dev_kfree_skb(rx->skb);
1885 rx->skb = NULL;
1886} 2101}
1887 2102
1888/* TODO: use IEEE80211_RX_FRAGMENTED */ 2103/* TODO: use IEEE80211_RX_FRAGMENTED */
1889static void ieee80211_rx_cooked_monitor(struct ieee80211_rx_data *rx) 2104static void ieee80211_rx_cooked_monitor(struct ieee80211_rx_data *rx,
2105 struct ieee80211_rate *rate)
1890{ 2106{
1891 struct ieee80211_sub_if_data *sdata; 2107 struct ieee80211_sub_if_data *sdata;
1892 struct ieee80211_local *local = rx->local; 2108 struct ieee80211_local *local = rx->local;
1893 struct ieee80211_rtap_hdr { 2109 struct ieee80211_rtap_hdr {
1894 struct ieee80211_radiotap_header hdr; 2110 struct ieee80211_radiotap_header hdr;
1895 u8 flags; 2111 u8 flags;
1896 u8 rate; 2112 u8 rate_or_pad;
1897 __le16 chan_freq; 2113 __le16 chan_freq;
1898 __le16 chan_flags; 2114 __le16 chan_flags;
1899 } __attribute__ ((packed)) *rthdr; 2115 } __attribute__ ((packed)) *rthdr;
1900 struct sk_buff *skb = rx->skb, *skb2; 2116 struct sk_buff *skb = rx->skb, *skb2;
1901 struct net_device *prev_dev = NULL; 2117 struct net_device *prev_dev = NULL;
1902 struct ieee80211_rx_status *status = rx->status; 2118 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
1903 2119
1904 if (rx->flags & IEEE80211_RX_CMNTR_REPORTED) 2120 if (status->flag & RX_FLAG_INTERNAL_CMTR)
1905 goto out_free_skb; 2121 goto out_free_skb;
1906 2122
1907 if (skb_headroom(skb) < sizeof(*rthdr) && 2123 if (skb_headroom(skb) < sizeof(*rthdr) &&
@@ -1913,10 +2129,13 @@ static void ieee80211_rx_cooked_monitor(struct ieee80211_rx_data *rx)
1913 rthdr->hdr.it_len = cpu_to_le16(sizeof(*rthdr)); 2129 rthdr->hdr.it_len = cpu_to_le16(sizeof(*rthdr));
1914 rthdr->hdr.it_present = 2130 rthdr->hdr.it_present =
1915 cpu_to_le32((1 << IEEE80211_RADIOTAP_FLAGS) | 2131 cpu_to_le32((1 << IEEE80211_RADIOTAP_FLAGS) |
1916 (1 << IEEE80211_RADIOTAP_RATE) |
1917 (1 << IEEE80211_RADIOTAP_CHANNEL)); 2132 (1 << IEEE80211_RADIOTAP_CHANNEL));
1918 2133
1919 rthdr->rate = rx->rate->bitrate / 5; 2134 if (rate) {
2135 rthdr->rate_or_pad = rate->bitrate / 5;
2136 rthdr->hdr.it_present |=
2137 cpu_to_le32(1 << IEEE80211_RADIOTAP_RATE);
2138 }
1920 rthdr->chan_freq = cpu_to_le16(status->freq); 2139 rthdr->chan_freq = cpu_to_le16(status->freq);
1921 2140
1922 if (status->band == IEEE80211_BAND_5GHZ) 2141 if (status->band == IEEE80211_BAND_5GHZ)
@@ -1932,7 +2151,7 @@ static void ieee80211_rx_cooked_monitor(struct ieee80211_rx_data *rx)
1932 skb->protocol = htons(ETH_P_802_2); 2151 skb->protocol = htons(ETH_P_802_2);
1933 2152
1934 list_for_each_entry_rcu(sdata, &local->interfaces, list) { 2153 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
1935 if (!netif_running(sdata->dev)) 2154 if (!ieee80211_sdata_running(sdata))
1936 continue; 2155 continue;
1937 2156
1938 if (sdata->vif.type != NL80211_IFTYPE_MONITOR || 2157 if (sdata->vif.type != NL80211_IFTYPE_MONITOR ||
@@ -1959,7 +2178,7 @@ static void ieee80211_rx_cooked_monitor(struct ieee80211_rx_data *rx)
1959 } else 2178 } else
1960 goto out_free_skb; 2179 goto out_free_skb;
1961 2180
1962 rx->flags |= IEEE80211_RX_CMNTR_REPORTED; 2181 status->flag |= RX_FLAG_INTERNAL_CMTR;
1963 return; 2182 return;
1964 2183
1965 out_free_skb: 2184 out_free_skb:
@@ -1969,62 +2188,87 @@ static void ieee80211_rx_cooked_monitor(struct ieee80211_rx_data *rx)
1969 2188
1970static void ieee80211_invoke_rx_handlers(struct ieee80211_sub_if_data *sdata, 2189static void ieee80211_invoke_rx_handlers(struct ieee80211_sub_if_data *sdata,
1971 struct ieee80211_rx_data *rx, 2190 struct ieee80211_rx_data *rx,
1972 struct sk_buff *skb) 2191 struct sk_buff *skb,
2192 struct ieee80211_rate *rate)
1973{ 2193{
2194 struct sk_buff_head reorder_release;
1974 ieee80211_rx_result res = RX_DROP_MONITOR; 2195 ieee80211_rx_result res = RX_DROP_MONITOR;
1975 2196
2197 __skb_queue_head_init(&reorder_release);
2198
1976 rx->skb = skb; 2199 rx->skb = skb;
1977 rx->sdata = sdata; 2200 rx->sdata = sdata;
1978 rx->dev = sdata->dev;
1979 2201
1980#define CALL_RXH(rxh) \ 2202#define CALL_RXH(rxh) \
1981 do { \ 2203 do { \
1982 res = rxh(rx); \ 2204 res = rxh(rx); \
1983 if (res != RX_CONTINUE) \ 2205 if (res != RX_CONTINUE) \
1984 goto rxh_done; \ 2206 goto rxh_next; \
1985 } while (0); 2207 } while (0);
1986 2208
2209 /*
2210 * NB: the rxh_next label works even if we jump
2211 * to it from here because then the list will
2212 * be empty, which is a trivial check
2213 */
1987 CALL_RXH(ieee80211_rx_h_passive_scan) 2214 CALL_RXH(ieee80211_rx_h_passive_scan)
1988 CALL_RXH(ieee80211_rx_h_check) 2215 CALL_RXH(ieee80211_rx_h_check)
1989 CALL_RXH(ieee80211_rx_h_decrypt) 2216
1990 CALL_RXH(ieee80211_rx_h_check_more_data) 2217 ieee80211_rx_reorder_ampdu(rx, &reorder_release);
1991 CALL_RXH(ieee80211_rx_h_sta_process) 2218
1992 CALL_RXH(ieee80211_rx_h_defragment) 2219 while ((skb = __skb_dequeue(&reorder_release))) {
1993 CALL_RXH(ieee80211_rx_h_ps_poll) 2220 /*
1994 CALL_RXH(ieee80211_rx_h_michael_mic_verify) 2221 * all the other fields are valid across frames
1995 /* must be after MMIC verify so header is counted in MPDU mic */ 2222 * that belong to an aMPDU since they are on the
1996 CALL_RXH(ieee80211_rx_h_remove_qos_control) 2223 * same TID from the same station
1997 CALL_RXH(ieee80211_rx_h_amsdu) 2224 */
2225 rx->skb = skb;
2226
2227 CALL_RXH(ieee80211_rx_h_decrypt)
2228 CALL_RXH(ieee80211_rx_h_check_more_data)
2229 CALL_RXH(ieee80211_rx_h_sta_process)
2230 CALL_RXH(ieee80211_rx_h_defragment)
2231 CALL_RXH(ieee80211_rx_h_ps_poll)
2232 CALL_RXH(ieee80211_rx_h_michael_mic_verify)
2233 /* must be after MMIC verify so header is counted in MPDU mic */
2234 CALL_RXH(ieee80211_rx_h_remove_qos_control)
2235 CALL_RXH(ieee80211_rx_h_amsdu)
1998#ifdef CONFIG_MAC80211_MESH 2236#ifdef CONFIG_MAC80211_MESH
1999 if (ieee80211_vif_is_mesh(&sdata->vif)) 2237 if (ieee80211_vif_is_mesh(&sdata->vif))
2000 CALL_RXH(ieee80211_rx_h_mesh_fwding); 2238 CALL_RXH(ieee80211_rx_h_mesh_fwding);
2001#endif 2239#endif
2002 CALL_RXH(ieee80211_rx_h_data) 2240 CALL_RXH(ieee80211_rx_h_data)
2003 CALL_RXH(ieee80211_rx_h_ctrl) 2241
2004 CALL_RXH(ieee80211_rx_h_action) 2242 /* special treatment -- needs the queue */
2005 CALL_RXH(ieee80211_rx_h_mgmt) 2243 res = ieee80211_rx_h_ctrl(rx, &reorder_release);
2244 if (res != RX_CONTINUE)
2245 goto rxh_next;
2246
2247 CALL_RXH(ieee80211_rx_h_action)
2248 CALL_RXH(ieee80211_rx_h_mgmt)
2006 2249
2007#undef CALL_RXH 2250#undef CALL_RXH
2008 2251
2009 rxh_done: 2252 rxh_next:
2010 switch (res) { 2253 switch (res) {
2011 case RX_DROP_MONITOR: 2254 case RX_DROP_MONITOR:
2012 I802_DEBUG_INC(sdata->local->rx_handlers_drop); 2255 I802_DEBUG_INC(sdata->local->rx_handlers_drop);
2013 if (rx->sta) 2256 if (rx->sta)
2014 rx->sta->rx_dropped++; 2257 rx->sta->rx_dropped++;
2015 /* fall through */ 2258 /* fall through */
2016 case RX_CONTINUE: 2259 case RX_CONTINUE:
2017 ieee80211_rx_cooked_monitor(rx); 2260 ieee80211_rx_cooked_monitor(rx, rate);
2018 break; 2261 break;
2019 case RX_DROP_UNUSABLE: 2262 case RX_DROP_UNUSABLE:
2020 I802_DEBUG_INC(sdata->local->rx_handlers_drop); 2263 I802_DEBUG_INC(sdata->local->rx_handlers_drop);
2021 if (rx->sta) 2264 if (rx->sta)
2022 rx->sta->rx_dropped++; 2265 rx->sta->rx_dropped++;
2023 dev_kfree_skb(rx->skb); 2266 dev_kfree_skb(rx->skb);
2024 break; 2267 break;
2025 case RX_QUEUED: 2268 case RX_QUEUED:
2026 I802_DEBUG_INC(sdata->local->rx_handlers_queued); 2269 I802_DEBUG_INC(sdata->local->rx_handlers_queued);
2027 break; 2270 break;
2271 }
2028 } 2272 }
2029} 2273}
2030 2274
@@ -2034,15 +2278,17 @@ static int prepare_for_handlers(struct ieee80211_sub_if_data *sdata,
2034 struct ieee80211_rx_data *rx, 2278 struct ieee80211_rx_data *rx,
2035 struct ieee80211_hdr *hdr) 2279 struct ieee80211_hdr *hdr)
2036{ 2280{
2037 u8 *bssid = ieee80211_get_bssid(hdr, rx->skb->len, sdata->vif.type); 2281 struct sk_buff *skb = rx->skb;
2282 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
2283 u8 *bssid = ieee80211_get_bssid(hdr, skb->len, sdata->vif.type);
2038 int multicast = is_multicast_ether_addr(hdr->addr1); 2284 int multicast = is_multicast_ether_addr(hdr->addr1);
2039 2285
2040 switch (sdata->vif.type) { 2286 switch (sdata->vif.type) {
2041 case NL80211_IFTYPE_STATION: 2287 case NL80211_IFTYPE_STATION:
2042 if (!bssid) 2288 if (!bssid && !sdata->u.mgd.use_4addr)
2043 return 0; 2289 return 0;
2044 if (!multicast && 2290 if (!multicast &&
2045 compare_ether_addr(sdata->dev->dev_addr, hdr->addr1) != 0) { 2291 compare_ether_addr(sdata->vif.addr, hdr->addr1) != 0) {
2046 if (!(sdata->dev->flags & IFF_PROMISC)) 2292 if (!(sdata->dev->flags & IFF_PROMISC))
2047 return 0; 2293 return 0;
2048 rx->flags &= ~IEEE80211_RX_RA_MATCH; 2294 rx->flags &= ~IEEE80211_RX_RA_MATCH;
@@ -2059,24 +2305,24 @@ static int prepare_for_handlers(struct ieee80211_sub_if_data *sdata,
2059 return 0; 2305 return 0;
2060 rx->flags &= ~IEEE80211_RX_RA_MATCH; 2306 rx->flags &= ~IEEE80211_RX_RA_MATCH;
2061 } else if (!multicast && 2307 } else if (!multicast &&
2062 compare_ether_addr(sdata->dev->dev_addr, 2308 compare_ether_addr(sdata->vif.addr,
2063 hdr->addr1) != 0) { 2309 hdr->addr1) != 0) {
2064 if (!(sdata->dev->flags & IFF_PROMISC)) 2310 if (!(sdata->dev->flags & IFF_PROMISC))
2065 return 0; 2311 return 0;
2066 rx->flags &= ~IEEE80211_RX_RA_MATCH; 2312 rx->flags &= ~IEEE80211_RX_RA_MATCH;
2067 } else if (!rx->sta) { 2313 } else if (!rx->sta) {
2068 int rate_idx; 2314 int rate_idx;
2069 if (rx->status->flag & RX_FLAG_HT) 2315 if (status->flag & RX_FLAG_HT)
2070 rate_idx = 0; /* TODO: HT rates */ 2316 rate_idx = 0; /* TODO: HT rates */
2071 else 2317 else
2072 rate_idx = rx->status->rate_idx; 2318 rate_idx = status->rate_idx;
2073 rx->sta = ieee80211_ibss_add_sta(sdata, bssid, hdr->addr2, 2319 rx->sta = ieee80211_ibss_add_sta(sdata, bssid,
2074 BIT(rate_idx)); 2320 hdr->addr2, BIT(rate_idx), GFP_ATOMIC);
2075 } 2321 }
2076 break; 2322 break;
2077 case NL80211_IFTYPE_MESH_POINT: 2323 case NL80211_IFTYPE_MESH_POINT:
2078 if (!multicast && 2324 if (!multicast &&
2079 compare_ether_addr(sdata->dev->dev_addr, 2325 compare_ether_addr(sdata->vif.addr,
2080 hdr->addr1) != 0) { 2326 hdr->addr1) != 0) {
2081 if (!(sdata->dev->flags & IFF_PROMISC)) 2327 if (!(sdata->dev->flags & IFF_PROMISC))
2082 return 0; 2328 return 0;
@@ -2087,11 +2333,11 @@ static int prepare_for_handlers(struct ieee80211_sub_if_data *sdata,
2087 case NL80211_IFTYPE_AP_VLAN: 2333 case NL80211_IFTYPE_AP_VLAN:
2088 case NL80211_IFTYPE_AP: 2334 case NL80211_IFTYPE_AP:
2089 if (!bssid) { 2335 if (!bssid) {
2090 if (compare_ether_addr(sdata->dev->dev_addr, 2336 if (compare_ether_addr(sdata->vif.addr,
2091 hdr->addr1)) 2337 hdr->addr1))
2092 return 0; 2338 return 0;
2093 } else if (!ieee80211_bssid_match(bssid, 2339 } else if (!ieee80211_bssid_match(bssid,
2094 sdata->dev->dev_addr)) { 2340 sdata->vif.addr)) {
2095 if (!(rx->flags & IEEE80211_RX_IN_SCAN)) 2341 if (!(rx->flags & IEEE80211_RX_IN_SCAN))
2096 return 0; 2342 return 0;
2097 rx->flags &= ~IEEE80211_RX_RA_MATCH; 2343 rx->flags &= ~IEEE80211_RX_RA_MATCH;
@@ -2104,8 +2350,6 @@ static int prepare_for_handlers(struct ieee80211_sub_if_data *sdata,
2104 return 0; 2350 return 0;
2105 break; 2351 break;
2106 case NL80211_IFTYPE_MONITOR: 2352 case NL80211_IFTYPE_MONITOR:
2107 /* take everything */
2108 break;
2109 case NL80211_IFTYPE_UNSPECIFIED: 2353 case NL80211_IFTYPE_UNSPECIFIED:
2110 case __NL80211_IFTYPE_AFTER_LAST: 2354 case __NL80211_IFTYPE_AFTER_LAST:
2111 /* should never get here */ 2355 /* should never get here */
@@ -2132,29 +2376,17 @@ static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
2132 int prepares; 2376 int prepares;
2133 struct ieee80211_sub_if_data *prev = NULL; 2377 struct ieee80211_sub_if_data *prev = NULL;
2134 struct sk_buff *skb_new; 2378 struct sk_buff *skb_new;
2379 struct sta_info *sta, *tmp;
2380 bool found_sta = false;
2135 2381
2136 hdr = (struct ieee80211_hdr *)skb->data; 2382 hdr = (struct ieee80211_hdr *)skb->data;
2137 memset(&rx, 0, sizeof(rx)); 2383 memset(&rx, 0, sizeof(rx));
2138 rx.skb = skb; 2384 rx.skb = skb;
2139 rx.local = local; 2385 rx.local = local;
2140 2386
2141 rx.status = status;
2142 rx.rate = rate;
2143
2144 if (ieee80211_is_data(hdr->frame_control) || ieee80211_is_mgmt(hdr->frame_control)) 2387 if (ieee80211_is_data(hdr->frame_control) || ieee80211_is_mgmt(hdr->frame_control))
2145 local->dot11ReceivedFragmentCount++; 2388 local->dot11ReceivedFragmentCount++;
2146 2389
2147 rx.sta = sta_info_get(local, hdr->addr2);
2148 if (rx.sta) {
2149 rx.sdata = rx.sta->sdata;
2150 rx.dev = rx.sta->sdata->dev;
2151 }
2152
2153 if ((status->flag & RX_FLAG_MMIC_ERROR)) {
2154 ieee80211_rx_michael_mic_report(hdr, &rx);
2155 return;
2156 }
2157
2158 if (unlikely(test_bit(SCAN_HW_SCANNING, &local->scanning) || 2390 if (unlikely(test_bit(SCAN_HW_SCANNING, &local->scanning) ||
2159 test_bit(SCAN_OFF_CHANNEL, &local->scanning))) 2391 test_bit(SCAN_OFF_CHANNEL, &local->scanning)))
2160 rx.flags |= IEEE80211_RX_IN_SCAN; 2392 rx.flags |= IEEE80211_RX_IN_SCAN;
@@ -2162,284 +2394,92 @@ static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
2162 ieee80211_parse_qos(&rx); 2394 ieee80211_parse_qos(&rx);
2163 ieee80211_verify_alignment(&rx); 2395 ieee80211_verify_alignment(&rx);
2164 2396
2165 skb = rx.skb; 2397 if (ieee80211_is_data(hdr->frame_control)) {
2166 2398 for_each_sta_info(local, hdr->addr2, sta, tmp) {
2167 if (rx.sdata && ieee80211_is_data(hdr->frame_control)) { 2399 rx.sta = sta;
2168 rx.flags |= IEEE80211_RX_RA_MATCH; 2400 found_sta = true;
2169 prepares = prepare_for_handlers(rx.sdata, &rx, hdr); 2401 rx.sdata = sta->sdata;
2170 if (prepares) 2402
2171 prev = rx.sdata; 2403 rx.flags |= IEEE80211_RX_RA_MATCH;
2172 } else list_for_each_entry_rcu(sdata, &local->interfaces, list) { 2404 prepares = prepare_for_handlers(rx.sdata, &rx, hdr);
2173 if (!netif_running(sdata->dev)) 2405 if (prepares) {
2174 continue; 2406 if (status->flag & RX_FLAG_MMIC_ERROR) {
2175 2407 if (rx.flags & IEEE80211_RX_RA_MATCH)
2176 if (sdata->vif.type == NL80211_IFTYPE_MONITOR || 2408 ieee80211_rx_michael_mic_report(hdr, &rx);
2177 sdata->vif.type == NL80211_IFTYPE_AP_VLAN) 2409 } else
2178 continue; 2410 prev = rx.sdata;
2179 2411 }
2180 rx.flags |= IEEE80211_RX_RA_MATCH;
2181 prepares = prepare_for_handlers(sdata, &rx, hdr);
2182
2183 if (!prepares)
2184 continue;
2185
2186 /*
2187 * frame is destined for this interface, but if it's not
2188 * also for the previous one we handle that after the
2189 * loop to avoid copying the SKB once too much
2190 */
2191
2192 if (!prev) {
2193 prev = sdata;
2194 continue;
2195 }
2196
2197 /*
2198 * frame was destined for the previous interface
2199 * so invoke RX handlers for it
2200 */
2201
2202 skb_new = skb_copy(skb, GFP_ATOMIC);
2203 if (!skb_new) {
2204 if (net_ratelimit())
2205 printk(KERN_DEBUG "%s: failed to copy "
2206 "multicast frame for %s\n",
2207 wiphy_name(local->hw.wiphy),
2208 prev->dev->name);
2209 continue;
2210 }
2211 ieee80211_invoke_rx_handlers(prev, &rx, skb_new);
2212 prev = sdata;
2213 }
2214 if (prev)
2215 ieee80211_invoke_rx_handlers(prev, &rx, skb);
2216 else
2217 dev_kfree_skb(skb);
2218}
2219
2220#define SEQ_MODULO 0x1000
2221#define SEQ_MASK 0xfff
2222
2223static inline int seq_less(u16 sq1, u16 sq2)
2224{
2225 return ((sq1 - sq2) & SEQ_MASK) > (SEQ_MODULO >> 1);
2226}
2227
2228static inline u16 seq_inc(u16 sq)
2229{
2230 return (sq + 1) & SEQ_MASK;
2231}
2232
2233static inline u16 seq_sub(u16 sq1, u16 sq2)
2234{
2235 return (sq1 - sq2) & SEQ_MASK;
2236}
2237
2238
2239static void ieee80211_release_reorder_frame(struct ieee80211_hw *hw,
2240 struct tid_ampdu_rx *tid_agg_rx,
2241 int index)
2242{
2243 struct ieee80211_supported_band *sband;
2244 struct ieee80211_rate *rate;
2245 struct sk_buff *skb = tid_agg_rx->reorder_buf[index];
2246 struct ieee80211_rx_status *status;
2247
2248 if (!skb)
2249 goto no_frame;
2250
2251 status = IEEE80211_SKB_RXCB(skb);
2252
2253 /* release the reordered frames to stack */
2254 sband = hw->wiphy->bands[status->band];
2255 if (status->flag & RX_FLAG_HT)
2256 rate = sband->bitrates; /* TODO: HT rates */
2257 else
2258 rate = &sband->bitrates[status->rate_idx];
2259 __ieee80211_rx_handle_packet(hw, skb, rate);
2260 tid_agg_rx->stored_mpdu_num--;
2261 tid_agg_rx->reorder_buf[index] = NULL;
2262
2263no_frame:
2264 tid_agg_rx->head_seq_num = seq_inc(tid_agg_rx->head_seq_num);
2265}
2266
2267
2268/*
2269 * Timeout (in jiffies) for skb's that are waiting in the RX reorder buffer. If
2270 * the skb was added to the buffer longer than this time ago, the earlier
2271 * frames that have not yet been received are assumed to be lost and the skb
2272 * can be released for processing. This may also release other skb's from the
2273 * reorder buffer if there are no additional gaps between the frames.
2274 */
2275#define HT_RX_REORDER_BUF_TIMEOUT (HZ / 10)
2276
2277/*
2278 * As it function blongs to Rx path it must be called with
2279 * the proper rcu_read_lock protection for its flow.
2280 */
2281static u8 ieee80211_sta_manage_reorder_buf(struct ieee80211_hw *hw,
2282 struct tid_ampdu_rx *tid_agg_rx,
2283 struct sk_buff *skb,
2284 u16 mpdu_seq_num,
2285 int bar_req)
2286{
2287 u16 head_seq_num, buf_size;
2288 int index;
2289
2290 buf_size = tid_agg_rx->buf_size;
2291 head_seq_num = tid_agg_rx->head_seq_num;
2292
2293 /* frame with out of date sequence number */
2294 if (seq_less(mpdu_seq_num, head_seq_num)) {
2295 dev_kfree_skb(skb);
2296 return 1;
2297 }
2298
2299 /* if frame sequence number exceeds our buffering window size or
2300 * block Ack Request arrived - release stored frames */
2301 if ((!seq_less(mpdu_seq_num, head_seq_num + buf_size)) || (bar_req)) {
2302 /* new head to the ordering buffer */
2303 if (bar_req)
2304 head_seq_num = mpdu_seq_num;
2305 else
2306 head_seq_num =
2307 seq_inc(seq_sub(mpdu_seq_num, buf_size));
2308 /* release stored frames up to new head to stack */
2309 while (seq_less(tid_agg_rx->head_seq_num, head_seq_num)) {
2310 index = seq_sub(tid_agg_rx->head_seq_num,
2311 tid_agg_rx->ssn)
2312 % tid_agg_rx->buf_size;
2313 ieee80211_release_reorder_frame(hw, tid_agg_rx,
2314 index);
2315 } 2412 }
2316 if (bar_req)
2317 return 1;
2318 }
2319
2320 /* now the new frame is always in the range of the reordering */
2321 /* buffer window */
2322 index = seq_sub(mpdu_seq_num, tid_agg_rx->ssn)
2323 % tid_agg_rx->buf_size;
2324 /* check if we already stored this frame */
2325 if (tid_agg_rx->reorder_buf[index]) {
2326 dev_kfree_skb(skb);
2327 return 1;
2328 } 2413 }
2329 2414 if (!found_sta) {
2330 /* if arrived mpdu is in the right order and nothing else stored */ 2415 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
2331 /* release it immediately */ 2416 if (!ieee80211_sdata_running(sdata))
2332 if (mpdu_seq_num == tid_agg_rx->head_seq_num &&
2333 tid_agg_rx->stored_mpdu_num == 0) {
2334 tid_agg_rx->head_seq_num =
2335 seq_inc(tid_agg_rx->head_seq_num);
2336 return 0;
2337 }
2338
2339 /* put the frame in the reordering buffer */
2340 tid_agg_rx->reorder_buf[index] = skb;
2341 tid_agg_rx->reorder_time[index] = jiffies;
2342 tid_agg_rx->stored_mpdu_num++;
2343 /* release the buffer until next missing frame */
2344 index = seq_sub(tid_agg_rx->head_seq_num, tid_agg_rx->ssn)
2345 % tid_agg_rx->buf_size;
2346 if (!tid_agg_rx->reorder_buf[index] &&
2347 tid_agg_rx->stored_mpdu_num > 1) {
2348 /*
2349 * No buffers ready to be released, but check whether any
2350 * frames in the reorder buffer have timed out.
2351 */
2352 int j;
2353 int skipped = 1;
2354 for (j = (index + 1) % tid_agg_rx->buf_size; j != index;
2355 j = (j + 1) % tid_agg_rx->buf_size) {
2356 if (tid_agg_rx->reorder_buf[j] == NULL) {
2357 skipped++;
2358 continue; 2417 continue;
2359 }
2360 if (!time_after(jiffies, tid_agg_rx->reorder_time[j] +
2361 HZ / 10))
2362 break;
2363 2418
2364#ifdef CONFIG_MAC80211_HT_DEBUG 2419 if (sdata->vif.type == NL80211_IFTYPE_MONITOR ||
2365 if (net_ratelimit()) 2420 sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
2366 printk(KERN_DEBUG "%s: release an RX reorder " 2421 continue;
2367 "frame due to timeout on earlier "
2368 "frames\n",
2369 wiphy_name(hw->wiphy));
2370#endif
2371 ieee80211_release_reorder_frame(hw, tid_agg_rx, j);
2372 2422
2373 /* 2423 /*
2374 * Increment the head seq# also for the skipped slots. 2424 * frame is destined for this interface, but if it's
2425 * not also for the previous one we handle that after
2426 * the loop to avoid copying the SKB once too much
2375 */ 2427 */
2376 tid_agg_rx->head_seq_num =
2377 (tid_agg_rx->head_seq_num + skipped) &
2378 SEQ_MASK;
2379 skipped = 0;
2380 }
2381 } else while (tid_agg_rx->reorder_buf[index]) {
2382 ieee80211_release_reorder_frame(hw, tid_agg_rx, index);
2383 index = seq_sub(tid_agg_rx->head_seq_num,
2384 tid_agg_rx->ssn) % tid_agg_rx->buf_size;
2385 }
2386 return 1;
2387}
2388 2428
2389static u8 ieee80211_rx_reorder_ampdu(struct ieee80211_local *local, 2429 if (!prev) {
2390 struct sk_buff *skb) 2430 prev = sdata;
2391{ 2431 continue;
2392 struct ieee80211_hw *hw = &local->hw; 2432 }
2393 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
2394 struct sta_info *sta;
2395 struct tid_ampdu_rx *tid_agg_rx;
2396 u16 sc;
2397 u16 mpdu_seq_num;
2398 u8 ret = 0;
2399 int tid;
2400 2433
2401 sta = sta_info_get(local, hdr->addr2); 2434 rx.sta = sta_info_get_bss(prev, hdr->addr2);
2402 if (!sta)
2403 return ret;
2404 2435
2405 /* filter the QoS data rx stream according to 2436 rx.flags |= IEEE80211_RX_RA_MATCH;
2406 * STA/TID and check if this STA/TID is on aggregation */ 2437 prepares = prepare_for_handlers(prev, &rx, hdr);
2407 if (!ieee80211_is_data_qos(hdr->frame_control))
2408 goto end_reorder;
2409 2438
2410 tid = *ieee80211_get_qos_ctl(hdr) & IEEE80211_QOS_CTL_TID_MASK; 2439 if (!prepares)
2440 goto next;
2411 2441
2412 if (sta->ampdu_mlme.tid_state_rx[tid] != HT_AGG_STATE_OPERATIONAL) 2442 if (status->flag & RX_FLAG_MMIC_ERROR) {
2413 goto end_reorder; 2443 rx.sdata = prev;
2444 if (rx.flags & IEEE80211_RX_RA_MATCH)
2445 ieee80211_rx_michael_mic_report(hdr,
2446 &rx);
2447 goto next;
2448 }
2414 2449
2415 tid_agg_rx = sta->ampdu_mlme.tid_rx[tid]; 2450 /*
2451 * frame was destined for the previous interface
2452 * so invoke RX handlers for it
2453 */
2416 2454
2417 /* qos null data frames are excluded */ 2455 skb_new = skb_copy(skb, GFP_ATOMIC);
2418 if (unlikely(hdr->frame_control & cpu_to_le16(IEEE80211_STYPE_NULLFUNC))) 2456 if (!skb_new) {
2419 goto end_reorder; 2457 if (net_ratelimit())
2458 printk(KERN_DEBUG "%s: failed to copy "
2459 "multicast frame for %s\n",
2460 wiphy_name(local->hw.wiphy),
2461 prev->name);
2462 goto next;
2463 }
2464 ieee80211_invoke_rx_handlers(prev, &rx, skb_new, rate);
2465next:
2466 prev = sdata;
2467 }
2420 2468
2421 /* new un-ordered ampdu frame - process it */ 2469 if (prev) {
2470 rx.sta = sta_info_get_bss(prev, hdr->addr2);
2422 2471
2423 /* reset session timer */ 2472 rx.flags |= IEEE80211_RX_RA_MATCH;
2424 if (tid_agg_rx->timeout) 2473 prepares = prepare_for_handlers(prev, &rx, hdr);
2425 mod_timer(&tid_agg_rx->session_timer,
2426 TU_TO_EXP_TIME(tid_agg_rx->timeout));
2427 2474
2428 /* if this mpdu is fragmented - terminate rx aggregation session */ 2475 if (!prepares)
2429 sc = le16_to_cpu(hdr->seq_ctrl); 2476 prev = NULL;
2430 if (sc & IEEE80211_SCTL_FRAG) { 2477 }
2431 ieee80211_sta_stop_rx_ba_session(sta->sdata, sta->sta.addr,
2432 tid, 0, WLAN_REASON_QSTA_REQUIRE_SETUP);
2433 ret = 1;
2434 goto end_reorder;
2435 } 2478 }
2436 2479 if (prev)
2437 /* according to mpdu sequence number deal with reordering buffer */ 2480 ieee80211_invoke_rx_handlers(prev, &rx, skb, rate);
2438 mpdu_seq_num = (sc & IEEE80211_SCTL_SEQ) >> 4; 2481 else
2439 ret = ieee80211_sta_manage_reorder_buf(hw, tid_agg_rx, skb, 2482 dev_kfree_skb(skb);
2440 mpdu_seq_num, 0);
2441 end_reorder:
2442 return ret;
2443} 2483}
2444 2484
2445/* 2485/*
@@ -2481,14 +2521,22 @@ void ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb)
2481 goto drop; 2521 goto drop;
2482 2522
2483 if (status->flag & RX_FLAG_HT) { 2523 if (status->flag & RX_FLAG_HT) {
2484 /* rate_idx is MCS index */ 2524 /*
2485 if (WARN_ON(status->rate_idx < 0 || 2525 * rate_idx is MCS index, which can be [0-76] as documented on:
2486 status->rate_idx >= 76)) 2526 *
2527 * http://wireless.kernel.org/en/developers/Documentation/ieee80211/802.11n
2528 *
2529 * Anything else would be some sort of driver or hardware error.
2530 * The driver should catch hardware errors.
2531 */
2532 if (WARN((status->rate_idx < 0 ||
2533 status->rate_idx > 76),
2534 "Rate marked as an HT rate but passed "
2535 "status->rate_idx is not "
2536 "an MCS index [0-76]: %d (0x%02x)\n",
2537 status->rate_idx,
2538 status->rate_idx))
2487 goto drop; 2539 goto drop;
2488 /* HT rates are not in the table - use the highest legacy rate
2489 * for now since other parts of mac80211 may not yet be fully
2490 * MCS aware. */
2491 rate = &sband->bitrates[sband->n_bitrates - 1];
2492 } else { 2540 } else {
2493 if (WARN_ON(status->rate_idx < 0 || 2541 if (WARN_ON(status->rate_idx < 0 ||
2494 status->rate_idx >= sband->n_bitrates)) 2542 status->rate_idx >= sband->n_bitrates))
@@ -2515,20 +2563,7 @@ void ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb)
2515 return; 2563 return;
2516 } 2564 }
2517 2565
2518 /* 2566 __ieee80211_rx_handle_packet(hw, skb, rate);
2519 * In theory, the block ack reordering should happen after duplicate
2520 * removal (ieee80211_rx_h_check(), which is an RX handler). As such,
2521 * the call to ieee80211_rx_reorder_ampdu() should really be moved to
2522 * happen as a new RX handler between ieee80211_rx_h_check and
2523 * ieee80211_rx_h_decrypt. This cleanup may eventually happen, but for
2524 * the time being, the call can be here since RX reorder buf processing
2525 * will implicitly skip duplicates. We could, in theory at least,
2526 * process frames that ieee80211_rx_h_passive_scan would drop (e.g.,
2527 * frames from other than operational channel), but that should not
2528 * happen in normal networks.
2529 */
2530 if (!ieee80211_rx_reorder_ampdu(local, skb))
2531 __ieee80211_rx_handle_packet(hw, skb, rate);
2532 2567
2533 rcu_read_unlock(); 2568 rcu_read_unlock();
2534 2569
diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c
index 71e10cabf811..85507bd9e341 100644
--- a/net/mac80211/scan.c
+++ b/net/mac80211/scan.c
@@ -12,11 +12,9 @@
12 * published by the Free Software Foundation. 12 * published by the Free Software Foundation.
13 */ 13 */
14 14
15/* TODO: figure out how to avoid that the "current BSS" expires */
16
17#include <linux/wireless.h>
18#include <linux/if_arp.h> 15#include <linux/if_arp.h>
19#include <linux/rtnetlink.h> 16#include <linux/rtnetlink.h>
17#include <linux/slab.h>
20#include <net/mac80211.h> 18#include <net/mac80211.h>
21 19
22#include "ieee80211_i.h" 20#include "ieee80211_i.h"
@@ -31,16 +29,19 @@ struct ieee80211_bss *
31ieee80211_rx_bss_get(struct ieee80211_local *local, u8 *bssid, int freq, 29ieee80211_rx_bss_get(struct ieee80211_local *local, u8 *bssid, int freq,
32 u8 *ssid, u8 ssid_len) 30 u8 *ssid, u8 ssid_len)
33{ 31{
34 return (void *)cfg80211_get_bss(local->hw.wiphy, 32 struct cfg80211_bss *cbss;
35 ieee80211_get_channel(local->hw.wiphy, 33
36 freq), 34 cbss = cfg80211_get_bss(local->hw.wiphy,
37 bssid, ssid, ssid_len, 35 ieee80211_get_channel(local->hw.wiphy, freq),
38 0, 0); 36 bssid, ssid, ssid_len, 0, 0);
37 if (!cbss)
38 return NULL;
39 return (void *)cbss->priv;
39} 40}
40 41
41static void ieee80211_rx_bss_free(struct cfg80211_bss *cbss) 42static void ieee80211_rx_bss_free(struct cfg80211_bss *cbss)
42{ 43{
43 struct ieee80211_bss *bss = (void *)cbss; 44 struct ieee80211_bss *bss = (void *)cbss->priv;
44 45
45 kfree(bss_mesh_id(bss)); 46 kfree(bss_mesh_id(bss));
46 kfree(bss_mesh_cfg(bss)); 47 kfree(bss_mesh_cfg(bss));
@@ -49,7 +50,26 @@ static void ieee80211_rx_bss_free(struct cfg80211_bss *cbss)
49void ieee80211_rx_bss_put(struct ieee80211_local *local, 50void ieee80211_rx_bss_put(struct ieee80211_local *local,
50 struct ieee80211_bss *bss) 51 struct ieee80211_bss *bss)
51{ 52{
52 cfg80211_put_bss((struct cfg80211_bss *)bss); 53 if (!bss)
54 return;
55 cfg80211_put_bss(container_of((void *)bss, struct cfg80211_bss, priv));
56}
57
58static bool is_uapsd_supported(struct ieee802_11_elems *elems)
59{
60 u8 qos_info;
61
62 if (elems->wmm_info && elems->wmm_info_len == 7
63 && elems->wmm_info[5] == 1)
64 qos_info = elems->wmm_info[6];
65 else if (elems->wmm_param && elems->wmm_param_len == 24
66 && elems->wmm_param[5] == 1)
67 qos_info = elems->wmm_param[6];
68 else
69 /* no valid wmm information or parameter element found */
70 return false;
71
72 return qos_info & IEEE80211_WMM_IE_AP_QOSINFO_UAPSD;
53} 73}
54 74
55struct ieee80211_bss * 75struct ieee80211_bss *
@@ -61,6 +81,7 @@ ieee80211_bss_info_update(struct ieee80211_local *local,
61 struct ieee80211_channel *channel, 81 struct ieee80211_channel *channel,
62 bool beacon) 82 bool beacon)
63{ 83{
84 struct cfg80211_bss *cbss;
64 struct ieee80211_bss *bss; 85 struct ieee80211_bss *bss;
65 int clen; 86 int clen;
66 s32 signal = 0; 87 s32 signal = 0;
@@ -70,13 +91,14 @@ ieee80211_bss_info_update(struct ieee80211_local *local,
70 else if (local->hw.flags & IEEE80211_HW_SIGNAL_UNSPEC) 91 else if (local->hw.flags & IEEE80211_HW_SIGNAL_UNSPEC)
71 signal = (rx_status->signal * 100) / local->hw.max_signal; 92 signal = (rx_status->signal * 100) / local->hw.max_signal;
72 93
73 bss = (void *)cfg80211_inform_bss_frame(local->hw.wiphy, channel, 94 cbss = cfg80211_inform_bss_frame(local->hw.wiphy, channel,
74 mgmt, len, signal, GFP_ATOMIC); 95 mgmt, len, signal, GFP_ATOMIC);
75 96
76 if (!bss) 97 if (!cbss)
77 return NULL; 98 return NULL;
78 99
79 bss->cbss.free_priv = ieee80211_rx_bss_free; 100 cbss->free_priv = ieee80211_rx_bss_free;
101 bss = (void *)cbss->priv;
80 102
81 /* save the ERP value so that it is available at association time */ 103 /* save the ERP value so that it is available at association time */
82 if (elems->erp_info && elems->erp_info_len >= 1) { 104 if (elems->erp_info && elems->erp_info_len >= 1) {
@@ -90,10 +112,6 @@ ieee80211_bss_info_update(struct ieee80211_local *local,
90 bss->dtim_period = tim_ie->dtim_period; 112 bss->dtim_period = tim_ie->dtim_period;
91 } 113 }
92 114
93 /* set default value for buggy AP/no TIM element */
94 if (bss->dtim_period == 0)
95 bss->dtim_period = 1;
96
97 bss->supp_rates_len = 0; 115 bss->supp_rates_len = 0;
98 if (elems->supp_rates) { 116 if (elems->supp_rates) {
99 clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len; 117 clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len;
@@ -113,6 +131,7 @@ ieee80211_bss_info_update(struct ieee80211_local *local,
113 } 131 }
114 132
115 bss->wmm_used = elems->wmm_param || elems->wmm_info; 133 bss->wmm_used = elems->wmm_param || elems->wmm_info;
134 bss->uapsd_supported = is_uapsd_supported(elems);
116 135
117 if (!beacon) 136 if (!beacon)
118 bss->last_probe_resp = jiffies; 137 bss->last_probe_resp = jiffies;
@@ -149,7 +168,7 @@ ieee80211_scan_rx(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb)
149 presp = ieee80211_is_probe_resp(fc); 168 presp = ieee80211_is_probe_resp(fc);
150 if (presp) { 169 if (presp) {
151 /* ignore ProbeResp to foreign address */ 170 /* ignore ProbeResp to foreign address */
152 if (memcmp(mgmt->da, sdata->dev->dev_addr, ETH_ALEN)) 171 if (memcmp(mgmt->da, sdata->vif.addr, ETH_ALEN))
153 return RX_DROP_MONITOR; 172 return RX_DROP_MONITOR;
154 173
155 presp = true; 174 presp = true;
@@ -189,100 +208,76 @@ ieee80211_scan_rx(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb)
189 return RX_QUEUED; 208 return RX_QUEUED;
190} 209}
191 210
192/* 211/* return false if no more work */
193 * inform AP that we will go to sleep so that it will buffer the frames 212static bool ieee80211_prep_hw_scan(struct ieee80211_local *local)
194 * while we scan
195 */
196static void ieee80211_scan_ps_enable(struct ieee80211_sub_if_data *sdata)
197{ 213{
198 struct ieee80211_local *local = sdata->local; 214 struct cfg80211_scan_request *req = local->scan_req;
199 bool ps = false; 215 enum ieee80211_band band;
216 int i, ielen, n_chans;
200 217
201 /* FIXME: what to do when local->pspolling is true? */ 218 do {
219 if (local->hw_scan_band == IEEE80211_NUM_BANDS)
220 return false;
221
222 band = local->hw_scan_band;
223 n_chans = 0;
224 for (i = 0; i < req->n_channels; i++) {
225 if (req->channels[i]->band == band) {
226 local->hw_scan_req->channels[n_chans] =
227 req->channels[i];
228 n_chans++;
229 }
230 }
202 231
203 del_timer_sync(&local->dynamic_ps_timer); 232 local->hw_scan_band++;
204 cancel_work_sync(&local->dynamic_ps_enable_work); 233 } while (!n_chans);
205 234
206 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 235 local->hw_scan_req->n_channels = n_chans;
207 ps = true;
208 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
209 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
210 }
211 236
212 if (!ps || !(local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)) 237 ielen = ieee80211_build_preq_ies(local, (u8 *)local->hw_scan_req->ie,
213 /* 238 req->ie, req->ie_len, band);
214 * If power save was enabled, no need to send a nullfunc 239 local->hw_scan_req->ie_len = ielen;
215 * frame because AP knows that we are sleeping. But if the
216 * hardware is creating the nullfunc frame for power save
217 * status (ie. IEEE80211_HW_PS_NULLFUNC_STACK is not
218 * enabled) and power save was enabled, the firmware just
219 * sent a null frame with power save disabled. So we need
220 * to send a new nullfunc frame to inform the AP that we
221 * are again sleeping.
222 */
223 ieee80211_send_nullfunc(local, sdata, 1);
224}
225
226/* inform AP that we are awake again, unless power save is enabled */
227static void ieee80211_scan_ps_disable(struct ieee80211_sub_if_data *sdata)
228{
229 struct ieee80211_local *local = sdata->local;
230
231 if (!local->ps_sdata)
232 ieee80211_send_nullfunc(local, sdata, 0);
233 else {
234 /*
235 * In !IEEE80211_HW_PS_NULLFUNC_STACK case the hardware
236 * will send a nullfunc frame with the powersave bit set
237 * even though the AP already knows that we are sleeping.
238 * This could be avoided by sending a null frame with power
239 * save bit disabled before enabling the power save, but
240 * this doesn't gain anything.
241 *
242 * When IEEE80211_HW_PS_NULLFUNC_STACK is enabled, no need
243 * to send a nullfunc frame because AP already knows that
244 * we are sleeping, let's just enable power save mode in
245 * hardware.
246 */
247 local->hw.conf.flags |= IEEE80211_CONF_PS;
248 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
249 }
250}
251 240
252static void ieee80211_restore_scan_ies(struct ieee80211_local *local) 241 return true;
253{
254 kfree(local->scan_req->ie);
255 local->scan_req->ie = local->orig_ies;
256 local->scan_req->ie_len = local->orig_ies_len;
257} 242}
258 243
259void ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted) 244void ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted)
260{ 245{
261 struct ieee80211_local *local = hw_to_local(hw); 246 struct ieee80211_local *local = hw_to_local(hw);
262 struct ieee80211_sub_if_data *sdata;
263 bool was_hw_scan; 247 bool was_hw_scan;
264 248
265 mutex_lock(&local->scan_mtx); 249 mutex_lock(&local->scan_mtx);
266 250
267 if (WARN_ON(!local->scanning)) { 251 /*
252 * It's ok to abort a not-yet-running scan (that
253 * we have one at all will be verified by checking
254 * local->scan_req next), but not to complete it
255 * successfully.
256 */
257 if (WARN_ON(!local->scanning && !aborted))
258 aborted = true;
259
260 if (WARN_ON(!local->scan_req)) {
268 mutex_unlock(&local->scan_mtx); 261 mutex_unlock(&local->scan_mtx);
269 return; 262 return;
270 } 263 }
271 264
272 if (WARN_ON(!local->scan_req)) { 265 was_hw_scan = test_bit(SCAN_HW_SCANNING, &local->scanning);
266 if (was_hw_scan && !aborted && ieee80211_prep_hw_scan(local)) {
267 ieee80211_queue_delayed_work(&local->hw,
268 &local->scan_work, 0);
273 mutex_unlock(&local->scan_mtx); 269 mutex_unlock(&local->scan_mtx);
274 return; 270 return;
275 } 271 }
276 272
277 if (test_bit(SCAN_HW_SCANNING, &local->scanning)) 273 kfree(local->hw_scan_req);
278 ieee80211_restore_scan_ies(local); 274 local->hw_scan_req = NULL;
279 275
280 if (local->scan_req != local->int_scan_req) 276 if (local->scan_req != local->int_scan_req)
281 cfg80211_scan_done(local->scan_req, aborted); 277 cfg80211_scan_done(local->scan_req, aborted);
282 local->scan_req = NULL; 278 local->scan_req = NULL;
283 local->scan_sdata = NULL; 279 local->scan_sdata = NULL;
284 280
285 was_hw_scan = test_bit(SCAN_HW_SCANNING, &local->scanning);
286 local->scanning = 0; 281 local->scanning = 0;
287 local->scan_channel = NULL; 282 local->scan_channel = NULL;
288 283
@@ -297,41 +292,19 @@ void ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted)
297 292
298 drv_sw_scan_complete(local); 293 drv_sw_scan_complete(local);
299 294
300 mutex_lock(&local->iflist_mtx); 295 ieee80211_offchannel_return(local, true);
301 list_for_each_entry(sdata, &local->interfaces, list) {
302 if (!netif_running(sdata->dev))
303 continue;
304
305 /* Tell AP we're back */
306 if (sdata->vif.type == NL80211_IFTYPE_STATION) {
307 if (sdata->u.mgd.associated) {
308 ieee80211_scan_ps_disable(sdata);
309 netif_tx_wake_all_queues(sdata->dev);
310 }
311 } else
312 netif_tx_wake_all_queues(sdata->dev);
313
314 /* re-enable beaconing */
315 if (sdata->vif.type == NL80211_IFTYPE_AP ||
316 sdata->vif.type == NL80211_IFTYPE_ADHOC ||
317 sdata->vif.type == NL80211_IFTYPE_MESH_POINT)
318 ieee80211_bss_info_change_notify(
319 sdata, BSS_CHANGED_BEACON_ENABLED);
320 }
321 mutex_unlock(&local->iflist_mtx);
322 296
323 done: 297 done:
324 ieee80211_recalc_idle(local); 298 ieee80211_recalc_idle(local);
325 ieee80211_mlme_notify_scan_completed(local); 299 ieee80211_mlme_notify_scan_completed(local);
326 ieee80211_ibss_notify_scan_completed(local); 300 ieee80211_ibss_notify_scan_completed(local);
327 ieee80211_mesh_notify_scan_completed(local); 301 ieee80211_mesh_notify_scan_completed(local);
302 ieee80211_queue_work(&local->hw, &local->work_work);
328} 303}
329EXPORT_SYMBOL(ieee80211_scan_completed); 304EXPORT_SYMBOL(ieee80211_scan_completed);
330 305
331static int ieee80211_start_sw_scan(struct ieee80211_local *local) 306static int ieee80211_start_sw_scan(struct ieee80211_local *local)
332{ 307{
333 struct ieee80211_sub_if_data *sdata;
334
335 /* 308 /*
336 * Hardware/driver doesn't support hw_scan, so use software 309 * Hardware/driver doesn't support hw_scan, so use software
337 * scanning instead. First send a nullfunc frame with power save 310 * scanning instead. First send a nullfunc frame with power save
@@ -347,33 +320,15 @@ static int ieee80211_start_sw_scan(struct ieee80211_local *local)
347 */ 320 */
348 drv_sw_scan_start(local); 321 drv_sw_scan_start(local);
349 322
350 mutex_lock(&local->iflist_mtx); 323 ieee80211_offchannel_stop_beaconing(local);
351 list_for_each_entry(sdata, &local->interfaces, list) {
352 if (!netif_running(sdata->dev))
353 continue;
354
355 /* disable beaconing */
356 if (sdata->vif.type == NL80211_IFTYPE_AP ||
357 sdata->vif.type == NL80211_IFTYPE_ADHOC ||
358 sdata->vif.type == NL80211_IFTYPE_MESH_POINT)
359 ieee80211_bss_info_change_notify(
360 sdata, BSS_CHANGED_BEACON_ENABLED);
361
362 /*
363 * only handle non-STA interfaces here, STA interfaces
364 * are handled in the scan state machine
365 */
366 if (sdata->vif.type != NL80211_IFTYPE_STATION)
367 netif_tx_stop_all_queues(sdata->dev);
368 }
369 mutex_unlock(&local->iflist_mtx);
370 324
371 local->next_scan_state = SCAN_DECISION; 325 local->next_scan_state = SCAN_DECISION;
372 local->scan_channel_idx = 0; 326 local->scan_channel_idx = 0;
373 327
328 drv_flush(local, false);
329
374 ieee80211_configure_filter(local); 330 ieee80211_configure_filter(local);
375 331
376 /* TODO: start scan as soon as all nullfunc frames are ACKed */
377 ieee80211_queue_delayed_work(&local->hw, 332 ieee80211_queue_delayed_work(&local->hw,
378 &local->scan_work, 333 &local->scan_work,
379 IEEE80211_CHANNEL_TIME); 334 IEEE80211_CHANNEL_TIME);
@@ -386,68 +341,80 @@ static int __ieee80211_start_scan(struct ieee80211_sub_if_data *sdata,
386 struct cfg80211_scan_request *req) 341 struct cfg80211_scan_request *req)
387{ 342{
388 struct ieee80211_local *local = sdata->local; 343 struct ieee80211_local *local = sdata->local;
389 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
390 int rc; 344 int rc;
391 345
392 if (local->scan_req) 346 if (local->scan_req)
393 return -EBUSY; 347 return -EBUSY;
394 348
349 if (!list_empty(&local->work_list)) {
350 /* wait for the work to finish/time out */
351 local->scan_req = req;
352 local->scan_sdata = sdata;
353 return 0;
354 }
355
395 if (local->ops->hw_scan) { 356 if (local->ops->hw_scan) {
396 u8 *ies; 357 u8 *ies;
397 int ielen;
398 358
399 ies = kmalloc(2 + IEEE80211_MAX_SSID_LEN + 359 local->hw_scan_req = kmalloc(
400 local->scan_ies_len + req->ie_len, GFP_KERNEL); 360 sizeof(*local->hw_scan_req) +
401 if (!ies) 361 req->n_channels * sizeof(req->channels[0]) +
362 2 + IEEE80211_MAX_SSID_LEN + local->scan_ies_len +
363 req->ie_len, GFP_KERNEL);
364 if (!local->hw_scan_req)
402 return -ENOMEM; 365 return -ENOMEM;
403 366
404 ielen = ieee80211_build_preq_ies(local, ies, 367 local->hw_scan_req->ssids = req->ssids;
405 req->ie, req->ie_len); 368 local->hw_scan_req->n_ssids = req->n_ssids;
406 local->orig_ies = req->ie; 369 ies = (u8 *)local->hw_scan_req +
407 local->orig_ies_len = req->ie_len; 370 sizeof(*local->hw_scan_req) +
408 req->ie = ies; 371 req->n_channels * sizeof(req->channels[0]);
409 req->ie_len = ielen; 372 local->hw_scan_req->ie = ies;
373
374 local->hw_scan_band = 0;
375
376 /*
377 * After allocating local->hw_scan_req, we must
378 * go through until ieee80211_prep_hw_scan(), so
379 * anything that might be changed here and leave
380 * this function early must not go after this
381 * allocation.
382 */
410 } 383 }
411 384
412 local->scan_req = req; 385 local->scan_req = req;
413 local->scan_sdata = sdata; 386 local->scan_sdata = sdata;
414 387
415 if (req != local->int_scan_req &&
416 sdata->vif.type == NL80211_IFTYPE_STATION &&
417 !list_empty(&ifmgd->work_list)) {
418 /* actually wait for the work it's doing to finish/time out */
419 set_bit(IEEE80211_STA_REQ_SCAN, &ifmgd->request);
420 return 0;
421 }
422
423 if (local->ops->hw_scan) 388 if (local->ops->hw_scan)
424 __set_bit(SCAN_HW_SCANNING, &local->scanning); 389 __set_bit(SCAN_HW_SCANNING, &local->scanning);
425 else 390 else
426 __set_bit(SCAN_SW_SCANNING, &local->scanning); 391 __set_bit(SCAN_SW_SCANNING, &local->scanning);
392
427 /* 393 /*
428 * Kicking off the scan need not be protected, 394 * Kicking off the scan need not be protected,
429 * only the scan variable stuff, since now 395 * only the scan variable stuff, since now
430 * local->scan_req is assigned and other callers 396 * local->scan_req is assigned and other callers
431 * will abort their scan attempts. 397 * will abort their scan attempts.
432 * 398 *
433 * This avoids getting a scan_mtx -> iflist_mtx 399 * This avoids too many locking dependencies
434 * dependency, so that the scan completed calls 400 * so that the scan completed calls have more
435 * have more locking freedom. 401 * locking freedom.
436 */ 402 */
437 403
438 ieee80211_recalc_idle(local); 404 ieee80211_recalc_idle(local);
439 mutex_unlock(&local->scan_mtx); 405 mutex_unlock(&local->scan_mtx);
440 406
441 if (local->ops->hw_scan) 407 if (local->ops->hw_scan) {
442 rc = drv_hw_scan(local, local->scan_req); 408 WARN_ON(!ieee80211_prep_hw_scan(local));
443 else 409 rc = drv_hw_scan(local, local->hw_scan_req);
410 } else
444 rc = ieee80211_start_sw_scan(local); 411 rc = ieee80211_start_sw_scan(local);
445 412
446 mutex_lock(&local->scan_mtx); 413 mutex_lock(&local->scan_mtx);
447 414
448 if (rc) { 415 if (rc) {
449 if (local->ops->hw_scan) 416 kfree(local->hw_scan_req);
450 ieee80211_restore_scan_ies(local); 417 local->hw_scan_req = NULL;
451 local->scanning = 0; 418 local->scanning = 0;
452 419
453 ieee80211_recalc_idle(local); 420 ieee80211_recalc_idle(local);
@@ -474,7 +441,7 @@ static int ieee80211_scan_state_decision(struct ieee80211_local *local,
474 /* check if at least one STA interface is associated */ 441 /* check if at least one STA interface is associated */
475 mutex_lock(&local->iflist_mtx); 442 mutex_lock(&local->iflist_mtx);
476 list_for_each_entry(sdata, &local->interfaces, list) { 443 list_for_each_entry(sdata, &local->interfaces, list) {
477 if (!netif_running(sdata->dev)) 444 if (!ieee80211_sdata_running(sdata))
478 continue; 445 continue;
479 446
480 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 447 if (sdata->vif.type == NL80211_IFTYPE_STATION) {
@@ -512,56 +479,35 @@ static int ieee80211_scan_state_decision(struct ieee80211_local *local,
512static void ieee80211_scan_state_leave_oper_channel(struct ieee80211_local *local, 479static void ieee80211_scan_state_leave_oper_channel(struct ieee80211_local *local,
513 unsigned long *next_delay) 480 unsigned long *next_delay)
514{ 481{
515 struct ieee80211_sub_if_data *sdata; 482 ieee80211_offchannel_stop_station(local);
483
484 __set_bit(SCAN_OFF_CHANNEL, &local->scanning);
516 485
517 /* 486 /*
518 * notify the AP about us leaving the channel and stop all STA interfaces 487 * What if the nullfunc frames didn't arrive?
519 */ 488 */
520 mutex_lock(&local->iflist_mtx); 489 drv_flush(local, false);
521 list_for_each_entry(sdata, &local->interfaces, list) { 490 if (local->ops->flush)
522 if (!netif_running(sdata->dev)) 491 *next_delay = 0;
523 continue; 492 else
524 493 *next_delay = HZ / 10;
525 if (sdata->vif.type == NL80211_IFTYPE_STATION) {
526 netif_tx_stop_all_queues(sdata->dev);
527 if (sdata->u.mgd.associated)
528 ieee80211_scan_ps_enable(sdata);
529 }
530 }
531 mutex_unlock(&local->iflist_mtx);
532
533 __set_bit(SCAN_OFF_CHANNEL, &local->scanning);
534 494
535 /* advance to the next channel to be scanned */ 495 /* advance to the next channel to be scanned */
536 *next_delay = HZ / 10;
537 local->next_scan_state = SCAN_SET_CHANNEL; 496 local->next_scan_state = SCAN_SET_CHANNEL;
538} 497}
539 498
540static void ieee80211_scan_state_enter_oper_channel(struct ieee80211_local *local, 499static void ieee80211_scan_state_enter_oper_channel(struct ieee80211_local *local,
541 unsigned long *next_delay) 500 unsigned long *next_delay)
542{ 501{
543 struct ieee80211_sub_if_data *sdata = local->scan_sdata;
544
545 /* switch back to the operating channel */ 502 /* switch back to the operating channel */
546 local->scan_channel = NULL; 503 local->scan_channel = NULL;
547 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL); 504 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL);
548 505
549 /* 506 /*
550 * notify the AP about us being back and restart all STA interfaces 507 * Only re-enable station mode interface now; beaconing will be
508 * re-enabled once the full scan has been completed.
551 */ 509 */
552 mutex_lock(&local->iflist_mtx); 510 ieee80211_offchannel_return(local, false);
553 list_for_each_entry(sdata, &local->interfaces, list) {
554 if (!netif_running(sdata->dev))
555 continue;
556
557 /* Tell AP we're back */
558 if (sdata->vif.type == NL80211_IFTYPE_STATION) {
559 if (sdata->u.mgd.associated)
560 ieee80211_scan_ps_disable(sdata);
561 netif_tx_wake_all_queues(sdata->dev);
562 }
563 }
564 mutex_unlock(&local->iflist_mtx);
565 511
566 __clear_bit(SCAN_OFF_CHANNEL, &local->scanning); 512 __clear_bit(SCAN_OFF_CHANNEL, &local->scanning);
567 513
@@ -574,23 +520,14 @@ static void ieee80211_scan_state_set_channel(struct ieee80211_local *local,
574{ 520{
575 int skip; 521 int skip;
576 struct ieee80211_channel *chan; 522 struct ieee80211_channel *chan;
577 struct ieee80211_sub_if_data *sdata = local->scan_sdata;
578 523
579 skip = 0; 524 skip = 0;
580 chan = local->scan_req->channels[local->scan_channel_idx]; 525 chan = local->scan_req->channels[local->scan_channel_idx];
581 526
582 if (chan->flags & IEEE80211_CHAN_DISABLED || 527 local->scan_channel = chan;
583 (sdata->vif.type == NL80211_IFTYPE_ADHOC && 528 if (ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL))
584 chan->flags & IEEE80211_CHAN_NO_IBSS))
585 skip = 1; 529 skip = 1;
586 530
587 if (!skip) {
588 local->scan_channel = chan;
589 if (ieee80211_hw_config(local,
590 IEEE80211_CONF_CHANGE_CHANNEL))
591 skip = 1;
592 }
593
594 /* advance state machine to next channel/band */ 531 /* advance state machine to next channel/band */
595 local->scan_channel_idx++; 532 local->scan_channel_idx++;
596 533
@@ -656,6 +593,14 @@ void ieee80211_scan_work(struct work_struct *work)
656 return; 593 return;
657 } 594 }
658 595
596 if (local->hw_scan_req) {
597 int rc = drv_hw_scan(local, local->hw_scan_req);
598 mutex_unlock(&local->scan_mtx);
599 if (rc)
600 ieee80211_scan_completed(&local->hw, true);
601 return;
602 }
603
659 if (local->scan_req && !local->scanning) { 604 if (local->scan_req && !local->scanning) {
660 struct cfg80211_scan_request *req = local->scan_req; 605 struct cfg80211_scan_request *req = local->scan_req;
661 int rc; 606 int rc;
@@ -676,7 +621,7 @@ void ieee80211_scan_work(struct work_struct *work)
676 /* 621 /*
677 * Avoid re-scheduling when the sdata is going away. 622 * Avoid re-scheduling when the sdata is going away.
678 */ 623 */
679 if (!netif_running(sdata->dev)) { 624 if (!ieee80211_sdata_running(sdata)) {
680 ieee80211_scan_completed(&local->hw, true); 625 ieee80211_scan_completed(&local->hw, true);
681 return; 626 return;
682 } 627 }
diff --git a/net/mac80211/spectmgmt.c b/net/mac80211/spectmgmt.c
index 68953033403d..7733f66ee2c4 100644
--- a/net/mac80211/spectmgmt.c
+++ b/net/mac80211/spectmgmt.c
@@ -35,7 +35,7 @@ static void ieee80211_send_refuse_measurement_request(struct ieee80211_sub_if_da
35 35
36 if (!skb) { 36 if (!skb) {
37 printk(KERN_ERR "%s: failed to allocate buffer for " 37 printk(KERN_ERR "%s: failed to allocate buffer for "
38 "measurement report frame\n", sdata->dev->name); 38 "measurement report frame\n", sdata->name);
39 return; 39 return;
40 } 40 }
41 41
@@ -43,7 +43,7 @@ static void ieee80211_send_refuse_measurement_request(struct ieee80211_sub_if_da
43 msr_report = (struct ieee80211_mgmt *)skb_put(skb, 24); 43 msr_report = (struct ieee80211_mgmt *)skb_put(skb, 24);
44 memset(msr_report, 0, 24); 44 memset(msr_report, 0, 24);
45 memcpy(msr_report->da, da, ETH_ALEN); 45 memcpy(msr_report->da, da, ETH_ALEN);
46 memcpy(msr_report->sa, sdata->dev->dev_addr, ETH_ALEN); 46 memcpy(msr_report->sa, sdata->vif.addr, ETH_ALEN);
47 memcpy(msr_report->bssid, bssid, ETH_ALEN); 47 memcpy(msr_report->bssid, bssid, ETH_ALEN);
48 msr_report->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 48 msr_report->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
49 IEEE80211_STYPE_ACTION); 49 IEEE80211_STYPE_ACTION);
@@ -65,7 +65,7 @@ static void ieee80211_send_refuse_measurement_request(struct ieee80211_sub_if_da
65 IEEE80211_SPCT_MSR_RPRT_MODE_REFUSED; 65 IEEE80211_SPCT_MSR_RPRT_MODE_REFUSED;
66 msr_report->u.action.u.measurement.msr_elem.type = request_ie->type; 66 msr_report->u.action.u.measurement.msr_elem.type = request_ie->type;
67 67
68 ieee80211_tx_skb(sdata, skb, 1); 68 ieee80211_tx_skb(sdata, skb);
69} 69}
70 70
71void ieee80211_process_measurement_req(struct ieee80211_sub_if_data *sdata, 71void ieee80211_process_measurement_req(struct ieee80211_sub_if_data *sdata,
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index 594f2318c3d8..fb12cec4d333 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -32,49 +32,33 @@
32 * for faster lookup and a list for iteration. They are managed using 32 * for faster lookup and a list for iteration. They are managed using
33 * RCU, i.e. access to the list and hash table is protected by RCU. 33 * RCU, i.e. access to the list and hash table is protected by RCU.
34 * 34 *
35 * Upon allocating a STA info structure with sta_info_alloc(), the caller owns 35 * Upon allocating a STA info structure with sta_info_alloc(), the caller
36 * that structure. It must then either destroy it using sta_info_destroy() 36 * owns that structure. It must then insert it into the hash table using
37 * (which is pretty useless) or insert it into the hash table using 37 * either sta_info_insert() or sta_info_insert_rcu(); only in the latter
38 * sta_info_insert() which demotes the reference from ownership to a regular 38 * case (which acquires an rcu read section but must not be called from
39 * RCU-protected reference; if the function is called without protection by an 39 * within one) will the pointer still be valid after the call. Note that
40 * RCU critical section the reference is instantly invalidated. Note that the 40 * the caller may not do much with the STA info before inserting it, in
41 * caller may not do much with the STA info before inserting it, in particular, 41 * particular, it may not start any mesh peer link management or add
42 * it may not start any mesh peer link management or add encryption keys. 42 * encryption keys.
43 * 43 *
44 * When the insertion fails (sta_info_insert()) returns non-zero), the 44 * When the insertion fails (sta_info_insert()) returns non-zero), the
45 * structure will have been freed by sta_info_insert()! 45 * structure will have been freed by sta_info_insert()!
46 * 46 *
47 * sta entries are added by mac80211 when you establish a link with a 47 * Station entries are added by mac80211 when you establish a link with a
48 * peer. This means different things for the different type of interfaces 48 * peer. This means different things for the different type of interfaces
49 * we support. For a regular station this mean we add the AP sta when we 49 * we support. For a regular station this mean we add the AP sta when we
50 * receive an assocation response from the AP. For IBSS this occurs when 50 * receive an assocation response from the AP. For IBSS this occurs when
51 * we receive a probe response or a beacon from target IBSS network. For 51 * get to know about a peer on the same IBSS. For WDS we add the sta for
52 * WDS we add the sta for the peer imediately upon device open. When using 52 * the peer imediately upon device open. When using AP mode we add stations
53 * AP mode we add stations for each respective station upon request from 53 * for each respective station upon request from userspace through nl80211.
54 * userspace through nl80211.
55 * 54 *
56 * Because there are debugfs entries for each station, and adding those 55 * In order to remove a STA info structure, various sta_info_destroy_*()
57 * must be able to sleep, it is also possible to "pin" a station entry, 56 * calls are available.
58 * that means it can be removed from the hash table but not be freed.
59 * See the comment in __sta_info_unlink() for more information, this is
60 * an internal capability only.
61 * 57 *
62 * In order to remove a STA info structure, the caller needs to first 58 * There is no concept of ownership on a STA entry, each structure is
63 * unlink it (sta_info_unlink()) from the list and hash tables and 59 * owned by the global hash table/list until it is removed. All users of
64 * then destroy it; sta_info_destroy() will wait for an RCU grace period 60 * the structure need to be RCU protected so that the structure won't be
65 * to elapse before actually freeing it. Due to the pinning and the 61 * freed before they are done using it.
66 * possibility of multiple callers trying to remove the same STA info at
67 * the same time, sta_info_unlink() can clear the STA info pointer it is
68 * passed to indicate that the STA info is owned by somebody else now.
69 *
70 * If sta_info_unlink() did not clear the pointer then the caller owns
71 * the STA info structure now and is responsible of destroying it with
72 * a call to sta_info_destroy().
73 *
74 * In all other cases, there is no concept of ownership on a STA entry,
75 * each structure is owned by the global hash table/list until it is
76 * removed. All users of the structure need to be RCU protected so that
77 * the structure won't be freed before they are done using it.
78 */ 62 */
79 63
80/* Caller must hold local->sta_lock */ 64/* Caller must hold local->sta_lock */
@@ -103,27 +87,64 @@ static int sta_info_hash_del(struct ieee80211_local *local,
103} 87}
104 88
105/* protected by RCU */ 89/* protected by RCU */
106struct sta_info *sta_info_get(struct ieee80211_local *local, const u8 *addr) 90struct sta_info *sta_info_get(struct ieee80211_sub_if_data *sdata,
91 const u8 *addr)
107{ 92{
93 struct ieee80211_local *local = sdata->local;
94 struct sta_info *sta;
95
96 sta = rcu_dereference_check(local->sta_hash[STA_HASH(addr)],
97 rcu_read_lock_held() ||
98 lockdep_is_held(&local->sta_lock) ||
99 lockdep_is_held(&local->sta_mtx));
100 while (sta) {
101 if (sta->sdata == sdata &&
102 memcmp(sta->sta.addr, addr, ETH_ALEN) == 0)
103 break;
104 sta = rcu_dereference_check(sta->hnext,
105 rcu_read_lock_held() ||
106 lockdep_is_held(&local->sta_lock) ||
107 lockdep_is_held(&local->sta_mtx));
108 }
109 return sta;
110}
111
112/*
113 * Get sta info either from the specified interface
114 * or from one of its vlans
115 */
116struct sta_info *sta_info_get_bss(struct ieee80211_sub_if_data *sdata,
117 const u8 *addr)
118{
119 struct ieee80211_local *local = sdata->local;
108 struct sta_info *sta; 120 struct sta_info *sta;
109 121
110 sta = rcu_dereference(local->sta_hash[STA_HASH(addr)]); 122 sta = rcu_dereference_check(local->sta_hash[STA_HASH(addr)],
123 rcu_read_lock_held() ||
124 lockdep_is_held(&local->sta_lock) ||
125 lockdep_is_held(&local->sta_mtx));
111 while (sta) { 126 while (sta) {
112 if (memcmp(sta->sta.addr, addr, ETH_ALEN) == 0) 127 if ((sta->sdata == sdata ||
128 sta->sdata->bss == sdata->bss) &&
129 memcmp(sta->sta.addr, addr, ETH_ALEN) == 0)
113 break; 130 break;
114 sta = rcu_dereference(sta->hnext); 131 sta = rcu_dereference_check(sta->hnext,
132 rcu_read_lock_held() ||
133 lockdep_is_held(&local->sta_lock) ||
134 lockdep_is_held(&local->sta_mtx));
115 } 135 }
116 return sta; 136 return sta;
117} 137}
118 138
119struct sta_info *sta_info_get_by_idx(struct ieee80211_local *local, int idx, 139struct sta_info *sta_info_get_by_idx(struct ieee80211_sub_if_data *sdata,
120 struct net_device *dev) 140 int idx)
121{ 141{
142 struct ieee80211_local *local = sdata->local;
122 struct sta_info *sta; 143 struct sta_info *sta;
123 int i = 0; 144 int i = 0;
124 145
125 list_for_each_entry_rcu(sta, &local->sta_list, list) { 146 list_for_each_entry_rcu(sta, &local->sta_list, list) {
126 if (dev && dev != sta->sdata->dev) 147 if (sdata != sta->sdata)
127 continue; 148 continue;
128 if (i < idx) { 149 if (i < idx) {
129 ++i; 150 ++i;
@@ -147,8 +168,10 @@ struct sta_info *sta_info_get_by_idx(struct ieee80211_local *local, int idx,
147static void __sta_info_free(struct ieee80211_local *local, 168static void __sta_info_free(struct ieee80211_local *local,
148 struct sta_info *sta) 169 struct sta_info *sta)
149{ 170{
150 rate_control_free_sta(sta); 171 if (sta->rate_ctrl) {
151 rate_control_put(sta->rate_ctrl); 172 rate_control_free_sta(sta);
173 rate_control_put(sta->rate_ctrl);
174 }
152 175
153#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 176#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
154 printk(KERN_DEBUG "%s: Destroyed STA %pM\n", 177 printk(KERN_DEBUG "%s: Destroyed STA %pM\n",
@@ -158,105 +181,44 @@ static void __sta_info_free(struct ieee80211_local *local,
158 kfree(sta); 181 kfree(sta);
159} 182}
160 183
161void sta_info_destroy(struct sta_info *sta) 184/* Caller must hold local->sta_lock */
185static void sta_info_hash_add(struct ieee80211_local *local,
186 struct sta_info *sta)
162{ 187{
163 struct ieee80211_local *local; 188 sta->hnext = local->sta_hash[STA_HASH(sta->sta.addr)];
164 struct sk_buff *skb; 189 rcu_assign_pointer(local->sta_hash[STA_HASH(sta->sta.addr)], sta);
165 int i; 190}
166
167 might_sleep();
168
169 if (!sta)
170 return;
171
172 local = sta->local;
173
174 rate_control_remove_sta_debugfs(sta);
175 ieee80211_sta_debugfs_remove(sta);
176
177#ifdef CONFIG_MAC80211_MESH
178 if (ieee80211_vif_is_mesh(&sta->sdata->vif))
179 mesh_plink_deactivate(sta);
180#endif
181
182 /*
183 * We have only unlinked the key, and actually destroying it
184 * may mean it is removed from hardware which requires that
185 * the key->sta pointer is still valid, so flush the key todo
186 * list here.
187 *
188 * ieee80211_key_todo() will synchronize_rcu() so after this
189 * nothing can reference this sta struct any more.
190 */
191 ieee80211_key_todo();
192
193#ifdef CONFIG_MAC80211_MESH
194 if (ieee80211_vif_is_mesh(&sta->sdata->vif))
195 del_timer_sync(&sta->plink_timer);
196#endif
197
198 while ((skb = skb_dequeue(&sta->ps_tx_buf)) != NULL) {
199 local->total_ps_buffered--;
200 dev_kfree_skb_any(skb);
201 }
202 191
203 while ((skb = skb_dequeue(&sta->tx_filtered)) != NULL) 192static void sta_unblock(struct work_struct *wk)
204 dev_kfree_skb_any(skb); 193{
194 struct sta_info *sta;
205 195
206 for (i = 0; i < STA_TID_NUM; i++) { 196 sta = container_of(wk, struct sta_info, drv_unblock_wk);
207 struct tid_ampdu_rx *tid_rx;
208 struct tid_ampdu_tx *tid_tx;
209 197
210 spin_lock_bh(&sta->lock); 198 if (sta->dead)
211 tid_rx = sta->ampdu_mlme.tid_rx[i]; 199 return;
212 /* Make sure timer won't free the tid_rx struct, see below */
213 if (tid_rx)
214 tid_rx->shutdown = true;
215 200
216 spin_unlock_bh(&sta->lock); 201 if (!test_sta_flags(sta, WLAN_STA_PS_STA))
202 ieee80211_sta_ps_deliver_wakeup(sta);
203 else if (test_and_clear_sta_flags(sta, WLAN_STA_PSPOLL))
204 ieee80211_sta_ps_deliver_poll_response(sta);
205}
217 206
218 /* 207static int sta_prepare_rate_control(struct ieee80211_local *local,
219 * Outside spinlock - shutdown is true now so that the timer 208 struct sta_info *sta, gfp_t gfp)
220 * won't free tid_rx, we have to do that now. Can't let the 209{
221 * timer do it because we have to sync the timer outside the 210 if (local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL)
222 * lock that it takes itself. 211 return 0;
223 */
224 if (tid_rx) {
225 del_timer_sync(&tid_rx->session_timer);
226 kfree(tid_rx);
227 }
228 212
229 /* 213 sta->rate_ctrl = rate_control_get(local->rate_ctrl);
230 * No need to do such complications for TX agg sessions, the 214 sta->rate_ctrl_priv = rate_control_alloc_sta(sta->rate_ctrl,
231 * path leading to freeing the tid_tx struct goes via a call 215 &sta->sta, gfp);
232 * from the driver, and thus needs to look up the sta struct 216 if (!sta->rate_ctrl_priv) {
233 * again, which cannot be found when we get here. Hence, we 217 rate_control_put(sta->rate_ctrl);
234 * just need to delete the timer and free the aggregation 218 return -ENOMEM;
235 * info; we won't be telling the peer about it then but that
236 * doesn't matter if we're not talking to it again anyway.
237 */
238 tid_tx = sta->ampdu_mlme.tid_tx[i];
239 if (tid_tx) {
240 del_timer_sync(&tid_tx->addba_resp_timer);
241 /*
242 * STA removed while aggregation session being
243 * started? Bit odd, but purge frames anyway.
244 */
245 skb_queue_purge(&tid_tx->pending);
246 kfree(tid_tx);
247 }
248 } 219 }
249 220
250 __sta_info_free(local, sta); 221 return 0;
251}
252
253
254/* Caller must hold local->sta_lock */
255static void sta_info_hash_add(struct ieee80211_local *local,
256 struct sta_info *sta)
257{
258 sta->hnext = local->sta_hash[STA_HASH(sta->sta.addr)];
259 rcu_assign_pointer(local->sta_hash[STA_HASH(sta->sta.addr)], sta);
260} 222}
261 223
262struct sta_info *sta_info_alloc(struct ieee80211_sub_if_data *sdata, 224struct sta_info *sta_info_alloc(struct ieee80211_sub_if_data *sdata,
@@ -272,16 +234,13 @@ struct sta_info *sta_info_alloc(struct ieee80211_sub_if_data *sdata,
272 234
273 spin_lock_init(&sta->lock); 235 spin_lock_init(&sta->lock);
274 spin_lock_init(&sta->flaglock); 236 spin_lock_init(&sta->flaglock);
237 INIT_WORK(&sta->drv_unblock_wk, sta_unblock);
275 238
276 memcpy(sta->sta.addr, addr, ETH_ALEN); 239 memcpy(sta->sta.addr, addr, ETH_ALEN);
277 sta->local = local; 240 sta->local = local;
278 sta->sdata = sdata; 241 sta->sdata = sdata;
279 242
280 sta->rate_ctrl = rate_control_get(local->rate_ctrl); 243 if (sta_prepare_rate_control(local, sta, gfp)) {
281 sta->rate_ctrl_priv = rate_control_alloc_sta(sta->rate_ctrl,
282 &sta->sta, gfp);
283 if (!sta->rate_ctrl_priv) {
284 rate_control_put(sta->rate_ctrl);
285 kfree(sta); 244 kfree(sta);
286 return NULL; 245 return NULL;
287 } 246 }
@@ -318,7 +277,93 @@ struct sta_info *sta_info_alloc(struct ieee80211_sub_if_data *sdata,
318 return sta; 277 return sta;
319} 278}
320 279
321int sta_info_insert(struct sta_info *sta) 280static int sta_info_finish_insert(struct sta_info *sta, bool async)
281{
282 struct ieee80211_local *local = sta->local;
283 struct ieee80211_sub_if_data *sdata = sta->sdata;
284 struct station_info sinfo;
285 unsigned long flags;
286 int err = 0;
287
288 WARN_ON(!mutex_is_locked(&local->sta_mtx));
289
290 /* notify driver */
291 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
292 sdata = container_of(sdata->bss,
293 struct ieee80211_sub_if_data,
294 u.ap);
295 err = drv_sta_add(local, sdata, &sta->sta);
296 if (err) {
297 if (!async)
298 return err;
299 printk(KERN_DEBUG "%s: failed to add IBSS STA %pM to driver (%d)"
300 " - keeping it anyway.\n",
301 sdata->name, sta->sta.addr, err);
302 } else {
303 sta->uploaded = true;
304#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
305 if (async)
306 printk(KERN_DEBUG "%s: Finished adding IBSS STA %pM\n",
307 wiphy_name(local->hw.wiphy), sta->sta.addr);
308#endif
309 }
310
311 sdata = sta->sdata;
312
313 if (!async) {
314 local->num_sta++;
315 local->sta_generation++;
316 smp_mb();
317
318 /* make the station visible */
319 spin_lock_irqsave(&local->sta_lock, flags);
320 sta_info_hash_add(local, sta);
321 spin_unlock_irqrestore(&local->sta_lock, flags);
322 }
323
324 list_add(&sta->list, &local->sta_list);
325
326 ieee80211_sta_debugfs_add(sta);
327 rate_control_add_sta_debugfs(sta);
328
329 sinfo.filled = 0;
330 sinfo.generation = local->sta_generation;
331 cfg80211_new_sta(sdata->dev, sta->sta.addr, &sinfo, GFP_KERNEL);
332
333
334 return 0;
335}
336
337static void sta_info_finish_pending(struct ieee80211_local *local)
338{
339 struct sta_info *sta;
340 unsigned long flags;
341
342 spin_lock_irqsave(&local->sta_lock, flags);
343 while (!list_empty(&local->sta_pending_list)) {
344 sta = list_first_entry(&local->sta_pending_list,
345 struct sta_info, list);
346 list_del(&sta->list);
347 spin_unlock_irqrestore(&local->sta_lock, flags);
348
349 sta_info_finish_insert(sta, true);
350
351 spin_lock_irqsave(&local->sta_lock, flags);
352 }
353 spin_unlock_irqrestore(&local->sta_lock, flags);
354}
355
356static void sta_info_finish_work(struct work_struct *work)
357{
358 struct ieee80211_local *local =
359 container_of(work, struct ieee80211_local, sta_finish_work);
360
361 mutex_lock(&local->sta_mtx);
362 sta_info_finish_pending(local);
363 mutex_unlock(&local->sta_mtx);
364}
365
366int sta_info_insert_rcu(struct sta_info *sta) __acquires(RCU)
322{ 367{
323 struct ieee80211_local *local = sta->local; 368 struct ieee80211_local *local = sta->local;
324 struct ieee80211_sub_if_data *sdata = sta->sdata; 369 struct ieee80211_sub_if_data *sdata = sta->sdata;
@@ -330,38 +375,90 @@ int sta_info_insert(struct sta_info *sta)
330 * something inserts a STA (on one CPU) without holding the RTNL 375 * something inserts a STA (on one CPU) without holding the RTNL
331 * and another CPU turns off the net device. 376 * and another CPU turns off the net device.
332 */ 377 */
333 if (unlikely(!netif_running(sdata->dev))) { 378 if (unlikely(!ieee80211_sdata_running(sdata))) {
334 err = -ENETDOWN; 379 err = -ENETDOWN;
380 rcu_read_lock();
335 goto out_free; 381 goto out_free;
336 } 382 }
337 383
338 if (WARN_ON(compare_ether_addr(sta->sta.addr, sdata->dev->dev_addr) == 0 || 384 if (WARN_ON(compare_ether_addr(sta->sta.addr, sdata->vif.addr) == 0 ||
339 is_multicast_ether_addr(sta->sta.addr))) { 385 is_multicast_ether_addr(sta->sta.addr))) {
340 err = -EINVAL; 386 err = -EINVAL;
387 rcu_read_lock();
341 goto out_free; 388 goto out_free;
342 } 389 }
343 390
391 /*
392 * In ad-hoc mode, we sometimes need to insert stations
393 * from tasklet context from the RX path. To avoid races,
394 * always do so in that case -- see the comment below.
395 */
396 if (sdata->vif.type == NL80211_IFTYPE_ADHOC) {
397 spin_lock_irqsave(&local->sta_lock, flags);
398 /* check if STA exists already */
399 if (sta_info_get_bss(sdata, sta->sta.addr)) {
400 spin_unlock_irqrestore(&local->sta_lock, flags);
401 rcu_read_lock();
402 err = -EEXIST;
403 goto out_free;
404 }
405
406 local->num_sta++;
407 local->sta_generation++;
408 smp_mb();
409 sta_info_hash_add(local, sta);
410
411 list_add_tail(&sta->list, &local->sta_pending_list);
412
413 rcu_read_lock();
414 spin_unlock_irqrestore(&local->sta_lock, flags);
415
416#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
417 printk(KERN_DEBUG "%s: Added IBSS STA %pM\n",
418 wiphy_name(local->hw.wiphy), sta->sta.addr);
419#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
420
421 ieee80211_queue_work(&local->hw, &local->sta_finish_work);
422
423 return 0;
424 }
425
426 /*
427 * On first glance, this will look racy, because the code
428 * below this point, which inserts a station with sleeping,
429 * unlocks the sta_lock between checking existence in the
430 * hash table and inserting into it.
431 *
432 * However, it is not racy against itself because it keeps
433 * the mutex locked. It still seems to race against the
434 * above code that atomically inserts the station... That,
435 * however, is not true because the above code can only
436 * be invoked for IBSS interfaces, and the below code will
437 * not be -- and the two do not race against each other as
438 * the hash table also keys off the interface.
439 */
440
441 might_sleep();
442
443 mutex_lock(&local->sta_mtx);
444
344 spin_lock_irqsave(&local->sta_lock, flags); 445 spin_lock_irqsave(&local->sta_lock, flags);
345 /* check if STA exists already */ 446 /* check if STA exists already */
346 if (sta_info_get(local, sta->sta.addr)) { 447 if (sta_info_get_bss(sdata, sta->sta.addr)) {
347 spin_unlock_irqrestore(&local->sta_lock, flags); 448 spin_unlock_irqrestore(&local->sta_lock, flags);
449 mutex_unlock(&local->sta_mtx);
450 rcu_read_lock();
348 err = -EEXIST; 451 err = -EEXIST;
349 goto out_free; 452 goto out_free;
350 } 453 }
351 list_add(&sta->list, &local->sta_list);
352 local->sta_generation++;
353 local->num_sta++;
354 sta_info_hash_add(local, sta);
355 454
356 /* notify driver */ 455 spin_unlock_irqrestore(&local->sta_lock, flags);
357 if (local->ops->sta_notify) {
358 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
359 sdata = container_of(sdata->bss,
360 struct ieee80211_sub_if_data,
361 u.ap);
362 456
363 drv_sta_notify(local, &sdata->vif, STA_NOTIFY_ADD, &sta->sta); 457 err = sta_info_finish_insert(sta, false);
364 sdata = sta->sdata; 458 if (err) {
459 mutex_unlock(&local->sta_mtx);
460 rcu_read_lock();
461 goto out_free;
365 } 462 }
366 463
367#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 464#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
@@ -369,18 +466,9 @@ int sta_info_insert(struct sta_info *sta)
369 wiphy_name(local->hw.wiphy), sta->sta.addr); 466 wiphy_name(local->hw.wiphy), sta->sta.addr);
370#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */ 467#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
371 468
372 spin_unlock_irqrestore(&local->sta_lock, flags); 469 /* move reference to rcu-protected */
373 470 rcu_read_lock();
374#ifdef CONFIG_MAC80211_DEBUGFS 471 mutex_unlock(&local->sta_mtx);
375 /*
376 * Debugfs entry adding might sleep, so schedule process
377 * context task for adding entry for STAs that do not yet
378 * have one.
379 * NOTE: due to auto-freeing semantics this may only be done
380 * if the insertion is successful!
381 */
382 schedule_work(&local->sta_debugfs_add);
383#endif
384 472
385 if (ieee80211_vif_is_mesh(&sdata->vif)) 473 if (ieee80211_vif_is_mesh(&sdata->vif))
386 mesh_accept_plinks_update(sdata); 474 mesh_accept_plinks_update(sdata);
@@ -392,6 +480,15 @@ int sta_info_insert(struct sta_info *sta)
392 return err; 480 return err;
393} 481}
394 482
483int sta_info_insert(struct sta_info *sta)
484{
485 int err = sta_info_insert_rcu(sta);
486
487 rcu_read_unlock();
488
489 return err;
490}
491
395static inline void __bss_tim_set(struct ieee80211_if_ap *bss, u16 aid) 492static inline void __bss_tim_set(struct ieee80211_if_ap *bss, u16 aid)
396{ 493{
397 /* 494 /*
@@ -460,103 +557,6 @@ void sta_info_clear_tim_bit(struct sta_info *sta)
460 spin_unlock_irqrestore(&sta->local->sta_lock, flags); 557 spin_unlock_irqrestore(&sta->local->sta_lock, flags);
461} 558}
462 559
463static void __sta_info_unlink(struct sta_info **sta)
464{
465 struct ieee80211_local *local = (*sta)->local;
466 struct ieee80211_sub_if_data *sdata = (*sta)->sdata;
467 /*
468 * pull caller's reference if we're already gone.
469 */
470 if (sta_info_hash_del(local, *sta)) {
471 *sta = NULL;
472 return;
473 }
474
475 if ((*sta)->key) {
476 ieee80211_key_free((*sta)->key);
477 WARN_ON((*sta)->key);
478 }
479
480 list_del(&(*sta)->list);
481
482 if (test_and_clear_sta_flags(*sta, WLAN_STA_PS)) {
483 BUG_ON(!sdata->bss);
484
485 atomic_dec(&sdata->bss->num_sta_ps);
486 __sta_info_clear_tim_bit(sdata->bss, *sta);
487 }
488
489 local->num_sta--;
490 local->sta_generation++;
491
492 if (local->ops->sta_notify) {
493 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
494 sdata = container_of(sdata->bss,
495 struct ieee80211_sub_if_data,
496 u.ap);
497
498 drv_sta_notify(local, &sdata->vif, STA_NOTIFY_REMOVE,
499 &(*sta)->sta);
500 sdata = (*sta)->sdata;
501 }
502
503 if (ieee80211_vif_is_mesh(&sdata->vif)) {
504 mesh_accept_plinks_update(sdata);
505#ifdef CONFIG_MAC80211_MESH
506 del_timer(&(*sta)->plink_timer);
507#endif
508 }
509
510#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
511 printk(KERN_DEBUG "%s: Removed STA %pM\n",
512 wiphy_name(local->hw.wiphy), (*sta)->sta.addr);
513#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
514
515 /*
516 * Finally, pull caller's reference if the STA is pinned by the
517 * task that is adding the debugfs entries. In that case, we
518 * leave the STA "to be freed".
519 *
520 * The rules are not trivial, but not too complex either:
521 * (1) pin_status is only modified under the sta_lock
522 * (2) STAs may only be pinned under the RTNL so that
523 * sta_info_flush() is guaranteed to actually destroy
524 * all STAs that are active for a given interface, this
525 * is required for correctness because otherwise we
526 * could notify a driver that an interface is going
527 * away and only after that (!) notify it about a STA
528 * on that interface going away.
529 * (3) sta_info_debugfs_add_work() will set the status
530 * to PINNED when it found an item that needs a new
531 * debugfs directory created. In that case, that item
532 * must not be freed although all *RCU* users are done
533 * with it. Hence, we tell the caller of _unlink()
534 * that the item is already gone (as can happen when
535 * two tasks try to unlink/destroy at the same time)
536 * (4) We set the pin_status to DESTROY here when we
537 * find such an item.
538 * (5) sta_info_debugfs_add_work() will reset the pin_status
539 * from PINNED to NORMAL when it is done with the item,
540 * but will check for DESTROY before resetting it in
541 * which case it will free the item.
542 */
543 if ((*sta)->pin_status == STA_INFO_PIN_STAT_PINNED) {
544 (*sta)->pin_status = STA_INFO_PIN_STAT_DESTROY;
545 *sta = NULL;
546 return;
547 }
548}
549
550void sta_info_unlink(struct sta_info **sta)
551{
552 struct ieee80211_local *local = (*sta)->local;
553 unsigned long flags;
554
555 spin_lock_irqsave(&local->sta_lock, flags);
556 __sta_info_unlink(sta);
557 spin_unlock_irqrestore(&local->sta_lock, flags);
558}
559
560static int sta_info_buffer_expired(struct sta_info *sta, 560static int sta_info_buffer_expired(struct sta_info *sta,
561 struct sk_buff *skb) 561 struct sk_buff *skb)
562{ 562{
@@ -613,109 +613,209 @@ static void sta_info_cleanup_expire_buffered(struct ieee80211_local *local,
613 } 613 }
614} 614}
615 615
616 616static int __must_check __sta_info_destroy(struct sta_info *sta)
617static void sta_info_cleanup(unsigned long data)
618{ 617{
619 struct ieee80211_local *local = (struct ieee80211_local *) data; 618 struct ieee80211_local *local;
620 struct sta_info *sta; 619 struct ieee80211_sub_if_data *sdata;
620 struct sk_buff *skb;
621 unsigned long flags;
622 int ret, i;
621 623
622 rcu_read_lock(); 624 might_sleep();
623 list_for_each_entry_rcu(sta, &local->sta_list, list)
624 sta_info_cleanup_expire_buffered(local, sta);
625 rcu_read_unlock();
626 625
627 if (local->quiescing) 626 if (!sta)
628 return; 627 return -ENOENT;
629 628
630 local->sta_cleanup.expires = 629 local = sta->local;
631 round_jiffies(jiffies + STA_INFO_CLEANUP_INTERVAL); 630 sdata = sta->sdata;
632 add_timer(&local->sta_cleanup);
633}
634 631
635#ifdef CONFIG_MAC80211_DEBUGFS 632 spin_lock_irqsave(&local->sta_lock, flags);
636/* 633 ret = sta_info_hash_del(local, sta);
637 * See comment in __sta_info_unlink, 634 /* this might still be the pending list ... which is fine */
638 * caller must hold local->sta_lock. 635 if (!ret)
639 */ 636 list_del(&sta->list);
640static void __sta_info_pin(struct sta_info *sta) 637 spin_unlock_irqrestore(&local->sta_lock, flags);
641{ 638 if (ret)
642 WARN_ON(sta->pin_status != STA_INFO_PIN_STAT_NORMAL); 639 return ret;
643 sta->pin_status = STA_INFO_PIN_STAT_PINNED; 640
641 if (sta->key) {
642 ieee80211_key_free(sta->key);
643 /*
644 * We have only unlinked the key, and actually destroying it
645 * may mean it is removed from hardware which requires that
646 * the key->sta pointer is still valid, so flush the key todo
647 * list here.
648 *
649 * ieee80211_key_todo() will synchronize_rcu() so after this
650 * nothing can reference this sta struct any more.
651 */
652 ieee80211_key_todo();
653
654 WARN_ON(sta->key);
655 }
656
657 sta->dead = true;
658
659 if (test_and_clear_sta_flags(sta,
660 WLAN_STA_PS_STA | WLAN_STA_PS_DRIVER)) {
661 BUG_ON(!sdata->bss);
662
663 atomic_dec(&sdata->bss->num_sta_ps);
664 __sta_info_clear_tim_bit(sdata->bss, sta);
665 }
666
667 local->num_sta--;
668 local->sta_generation++;
669
670 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
671 rcu_assign_pointer(sdata->u.vlan.sta, NULL);
672
673 if (sta->uploaded) {
674 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
675 sdata = container_of(sdata->bss,
676 struct ieee80211_sub_if_data,
677 u.ap);
678 drv_sta_remove(local, sdata, &sta->sta);
679 sdata = sta->sdata;
680 }
681
682#ifdef CONFIG_MAC80211_MESH
683 if (ieee80211_vif_is_mesh(&sdata->vif)) {
684 mesh_accept_plinks_update(sdata);
685 del_timer(&sta->plink_timer);
686 }
687#endif
688
689#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
690 printk(KERN_DEBUG "%s: Removed STA %pM\n",
691 wiphy_name(local->hw.wiphy), sta->sta.addr);
692#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
693 cancel_work_sync(&sta->drv_unblock_wk);
694
695 rate_control_remove_sta_debugfs(sta);
696 ieee80211_sta_debugfs_remove(sta);
697
698#ifdef CONFIG_MAC80211_MESH
699 if (ieee80211_vif_is_mesh(&sta->sdata->vif)) {
700 mesh_plink_deactivate(sta);
701 del_timer_sync(&sta->plink_timer);
702 }
703#endif
704
705 while ((skb = skb_dequeue(&sta->ps_tx_buf)) != NULL) {
706 local->total_ps_buffered--;
707 dev_kfree_skb_any(skb);
708 }
709
710 while ((skb = skb_dequeue(&sta->tx_filtered)) != NULL)
711 dev_kfree_skb_any(skb);
712
713 for (i = 0; i < STA_TID_NUM; i++) {
714 struct tid_ampdu_rx *tid_rx;
715 struct tid_ampdu_tx *tid_tx;
716
717 spin_lock_bh(&sta->lock);
718 tid_rx = sta->ampdu_mlme.tid_rx[i];
719 /* Make sure timer won't free the tid_rx struct, see below */
720 if (tid_rx)
721 tid_rx->shutdown = true;
722
723 spin_unlock_bh(&sta->lock);
724
725 /*
726 * Outside spinlock - shutdown is true now so that the timer
727 * won't free tid_rx, we have to do that now. Can't let the
728 * timer do it because we have to sync the timer outside the
729 * lock that it takes itself.
730 */
731 if (tid_rx) {
732 del_timer_sync(&tid_rx->session_timer);
733 kfree(tid_rx);
734 }
735
736 /*
737 * No need to do such complications for TX agg sessions, the
738 * path leading to freeing the tid_tx struct goes via a call
739 * from the driver, and thus needs to look up the sta struct
740 * again, which cannot be found when we get here. Hence, we
741 * just need to delete the timer and free the aggregation
742 * info; we won't be telling the peer about it then but that
743 * doesn't matter if we're not talking to it again anyway.
744 */
745 tid_tx = sta->ampdu_mlme.tid_tx[i];
746 if (tid_tx) {
747 del_timer_sync(&tid_tx->addba_resp_timer);
748 /*
749 * STA removed while aggregation session being
750 * started? Bit odd, but purge frames anyway.
751 */
752 skb_queue_purge(&tid_tx->pending);
753 kfree(tid_tx);
754 }
755 }
756
757 __sta_info_free(local, sta);
758
759 return 0;
644} 760}
645 761
646/* 762int sta_info_destroy_addr(struct ieee80211_sub_if_data *sdata, const u8 *addr)
647 * See comment in __sta_info_unlink, returns sta if it
648 * needs to be destroyed.
649 */
650static struct sta_info *__sta_info_unpin(struct sta_info *sta)
651{ 763{
652 struct sta_info *ret = NULL; 764 struct sta_info *sta;
653 unsigned long flags; 765 int ret;
654 766
655 spin_lock_irqsave(&sta->local->sta_lock, flags); 767 mutex_lock(&sdata->local->sta_mtx);
656 WARN_ON(sta->pin_status != STA_INFO_PIN_STAT_DESTROY && 768 sta = sta_info_get(sdata, addr);
657 sta->pin_status != STA_INFO_PIN_STAT_PINNED); 769 ret = __sta_info_destroy(sta);
658 if (sta->pin_status == STA_INFO_PIN_STAT_DESTROY) 770 mutex_unlock(&sdata->local->sta_mtx);
659 ret = sta;
660 sta->pin_status = STA_INFO_PIN_STAT_NORMAL;
661 spin_unlock_irqrestore(&sta->local->sta_lock, flags);
662 771
663 return ret; 772 return ret;
664} 773}
665 774
666static void sta_info_debugfs_add_work(struct work_struct *work) 775int sta_info_destroy_addr_bss(struct ieee80211_sub_if_data *sdata,
776 const u8 *addr)
667{ 777{
668 struct ieee80211_local *local = 778 struct sta_info *sta;
669 container_of(work, struct ieee80211_local, sta_debugfs_add); 779 int ret;
670 struct sta_info *sta, *tmp;
671 unsigned long flags;
672 780
673 /* We need to keep the RTNL across the whole pinned status. */ 781 mutex_lock(&sdata->local->sta_mtx);
674 rtnl_lock(); 782 sta = sta_info_get_bss(sdata, addr);
675 while (1) { 783 ret = __sta_info_destroy(sta);
676 sta = NULL; 784 mutex_unlock(&sdata->local->sta_mtx);
677 785
678 spin_lock_irqsave(&local->sta_lock, flags); 786 return ret;
679 list_for_each_entry(tmp, &local->sta_list, list) { 787}
680 /*
681 * debugfs.add_has_run will be set by
682 * ieee80211_sta_debugfs_add regardless
683 * of what else it does.
684 */
685 if (!tmp->debugfs.add_has_run) {
686 sta = tmp;
687 __sta_info_pin(sta);
688 break;
689 }
690 }
691 spin_unlock_irqrestore(&local->sta_lock, flags);
692 788
693 if (!sta) 789static void sta_info_cleanup(unsigned long data)
694 break; 790{
791 struct ieee80211_local *local = (struct ieee80211_local *) data;
792 struct sta_info *sta;
695 793
696 ieee80211_sta_debugfs_add(sta); 794 rcu_read_lock();
697 rate_control_add_sta_debugfs(sta); 795 list_for_each_entry_rcu(sta, &local->sta_list, list)
796 sta_info_cleanup_expire_buffered(local, sta);
797 rcu_read_unlock();
698 798
699 sta = __sta_info_unpin(sta); 799 if (local->quiescing)
700 sta_info_destroy(sta); 800 return;
701 } 801
702 rtnl_unlock(); 802 local->sta_cleanup.expires =
803 round_jiffies(jiffies + STA_INFO_CLEANUP_INTERVAL);
804 add_timer(&local->sta_cleanup);
703} 805}
704#endif
705 806
706void sta_info_init(struct ieee80211_local *local) 807void sta_info_init(struct ieee80211_local *local)
707{ 808{
708 spin_lock_init(&local->sta_lock); 809 spin_lock_init(&local->sta_lock);
810 mutex_init(&local->sta_mtx);
709 INIT_LIST_HEAD(&local->sta_list); 811 INIT_LIST_HEAD(&local->sta_list);
812 INIT_LIST_HEAD(&local->sta_pending_list);
813 INIT_WORK(&local->sta_finish_work, sta_info_finish_work);
710 814
711 setup_timer(&local->sta_cleanup, sta_info_cleanup, 815 setup_timer(&local->sta_cleanup, sta_info_cleanup,
712 (unsigned long)local); 816 (unsigned long)local);
713 local->sta_cleanup.expires = 817 local->sta_cleanup.expires =
714 round_jiffies(jiffies + STA_INFO_CLEANUP_INTERVAL); 818 round_jiffies(jiffies + STA_INFO_CLEANUP_INTERVAL);
715
716#ifdef CONFIG_MAC80211_DEBUGFS
717 INIT_WORK(&local->sta_debugfs_add, sta_info_debugfs_add_work);
718#endif
719} 819}
720 820
721int sta_info_start(struct ieee80211_local *local) 821int sta_info_start(struct ieee80211_local *local)
@@ -727,16 +827,6 @@ int sta_info_start(struct ieee80211_local *local)
727void sta_info_stop(struct ieee80211_local *local) 827void sta_info_stop(struct ieee80211_local *local)
728{ 828{
729 del_timer(&local->sta_cleanup); 829 del_timer(&local->sta_cleanup);
730#ifdef CONFIG_MAC80211_DEBUGFS
731 /*
732 * Make sure the debugfs adding work isn't pending after this
733 * because we're about to be destroyed. It doesn't matter
734 * whether it ran or not since we're going to flush all STAs
735 * anyway.
736 */
737 cancel_work_sync(&local->sta_debugfs_add);
738#endif
739
740 sta_info_flush(local, NULL); 830 sta_info_flush(local, NULL);
741} 831}
742 832
@@ -752,26 +842,19 @@ int sta_info_flush(struct ieee80211_local *local,
752 struct ieee80211_sub_if_data *sdata) 842 struct ieee80211_sub_if_data *sdata)
753{ 843{
754 struct sta_info *sta, *tmp; 844 struct sta_info *sta, *tmp;
755 LIST_HEAD(tmp_list);
756 int ret = 0; 845 int ret = 0;
757 unsigned long flags;
758 846
759 might_sleep(); 847 might_sleep();
760 848
761 spin_lock_irqsave(&local->sta_lock, flags); 849 mutex_lock(&local->sta_mtx);
850
851 sta_info_finish_pending(local);
852
762 list_for_each_entry_safe(sta, tmp, &local->sta_list, list) { 853 list_for_each_entry_safe(sta, tmp, &local->sta_list, list) {
763 if (!sdata || sdata == sta->sdata) { 854 if (!sdata || sdata == sta->sdata)
764 __sta_info_unlink(&sta); 855 WARN_ON(__sta_info_destroy(sta));
765 if (sta) {
766 list_add_tail(&sta->list, &tmp_list);
767 ret++;
768 }
769 }
770 } 856 }
771 spin_unlock_irqrestore(&local->sta_lock, flags); 857 mutex_unlock(&local->sta_mtx);
772
773 list_for_each_entry_safe(sta, tmp, &tmp_list, list)
774 sta_info_destroy(sta);
775 858
776 return ret; 859 return ret;
777} 860}
@@ -781,33 +864,137 @@ void ieee80211_sta_expire(struct ieee80211_sub_if_data *sdata,
781{ 864{
782 struct ieee80211_local *local = sdata->local; 865 struct ieee80211_local *local = sdata->local;
783 struct sta_info *sta, *tmp; 866 struct sta_info *sta, *tmp;
784 LIST_HEAD(tmp_list);
785 unsigned long flags;
786 867
787 spin_lock_irqsave(&local->sta_lock, flags); 868 mutex_lock(&local->sta_mtx);
788 list_for_each_entry_safe(sta, tmp, &local->sta_list, list) 869 list_for_each_entry_safe(sta, tmp, &local->sta_list, list)
789 if (time_after(jiffies, sta->last_rx + exp_time)) { 870 if (time_after(jiffies, sta->last_rx + exp_time)) {
790#ifdef CONFIG_MAC80211_IBSS_DEBUG 871#ifdef CONFIG_MAC80211_IBSS_DEBUG
791 printk(KERN_DEBUG "%s: expiring inactive STA %pM\n", 872 printk(KERN_DEBUG "%s: expiring inactive STA %pM\n",
792 sdata->dev->name, sta->sta.addr); 873 sdata->name, sta->sta.addr);
793#endif 874#endif
794 __sta_info_unlink(&sta); 875 WARN_ON(__sta_info_destroy(sta));
795 if (sta)
796 list_add(&sta->list, &tmp_list);
797 } 876 }
798 spin_unlock_irqrestore(&local->sta_lock, flags); 877 mutex_unlock(&local->sta_mtx);
878}
879
880struct ieee80211_sta *ieee80211_find_sta_by_hw(struct ieee80211_hw *hw,
881 const u8 *addr)
882{
883 struct sta_info *sta, *nxt;
799 884
800 list_for_each_entry_safe(sta, tmp, &tmp_list, list) 885 /* Just return a random station ... first in list ... */
801 sta_info_destroy(sta); 886 for_each_sta_info(hw_to_local(hw), addr, sta, nxt)
887 return &sta->sta;
888 return NULL;
802} 889}
890EXPORT_SYMBOL_GPL(ieee80211_find_sta_by_hw);
803 891
804struct ieee80211_sta *ieee80211_find_sta(struct ieee80211_hw *hw, 892struct ieee80211_sta *ieee80211_find_sta(struct ieee80211_vif *vif,
805 const u8 *addr) 893 const u8 *addr)
806{ 894{
807 struct sta_info *sta = sta_info_get(hw_to_local(hw), addr); 895 struct ieee80211_sub_if_data *sdata;
808 896
809 if (!sta) 897 if (!vif)
810 return NULL; 898 return NULL;
811 return &sta->sta; 899
900 sdata = vif_to_sdata(vif);
901
902 return ieee80211_find_sta_by_hw(&sdata->local->hw, addr);
812} 903}
813EXPORT_SYMBOL(ieee80211_find_sta); 904EXPORT_SYMBOL(ieee80211_find_sta);
905
906/* powersave support code */
907void ieee80211_sta_ps_deliver_wakeup(struct sta_info *sta)
908{
909 struct ieee80211_sub_if_data *sdata = sta->sdata;
910 struct ieee80211_local *local = sdata->local;
911 int sent, buffered;
912
913 drv_sta_notify(local, sdata, STA_NOTIFY_AWAKE, &sta->sta);
914
915 if (!skb_queue_empty(&sta->ps_tx_buf))
916 sta_info_clear_tim_bit(sta);
917
918 /* Send all buffered frames to the station */
919 sent = ieee80211_add_pending_skbs(local, &sta->tx_filtered);
920 buffered = ieee80211_add_pending_skbs(local, &sta->ps_tx_buf);
921 sent += buffered;
922 local->total_ps_buffered -= buffered;
923
924#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
925 printk(KERN_DEBUG "%s: STA %pM aid %d sending %d filtered/%d PS frames "
926 "since STA not sleeping anymore\n", sdata->name,
927 sta->sta.addr, sta->sta.aid, sent - buffered, buffered);
928#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
929}
930
931void ieee80211_sta_ps_deliver_poll_response(struct sta_info *sta)
932{
933 struct ieee80211_sub_if_data *sdata = sta->sdata;
934 struct ieee80211_local *local = sdata->local;
935 struct sk_buff *skb;
936 int no_pending_pkts;
937
938 skb = skb_dequeue(&sta->tx_filtered);
939 if (!skb) {
940 skb = skb_dequeue(&sta->ps_tx_buf);
941 if (skb)
942 local->total_ps_buffered--;
943 }
944 no_pending_pkts = skb_queue_empty(&sta->tx_filtered) &&
945 skb_queue_empty(&sta->ps_tx_buf);
946
947 if (skb) {
948 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
949 struct ieee80211_hdr *hdr =
950 (struct ieee80211_hdr *) skb->data;
951
952 /*
953 * Tell TX path to send this frame even though the STA may
954 * still remain is PS mode after this frame exchange.
955 */
956 info->flags |= IEEE80211_TX_CTL_PSPOLL_RESPONSE;
957
958#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
959 printk(KERN_DEBUG "STA %pM aid %d: PS Poll (entries after %d)\n",
960 sta->sta.addr, sta->sta.aid,
961 skb_queue_len(&sta->ps_tx_buf));
962#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
963
964 /* Use MoreData flag to indicate whether there are more
965 * buffered frames for this STA */
966 if (no_pending_pkts)
967 hdr->frame_control &= cpu_to_le16(~IEEE80211_FCTL_MOREDATA);
968 else
969 hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_MOREDATA);
970
971 ieee80211_add_pending_skb(local, skb);
972
973 if (no_pending_pkts)
974 sta_info_clear_tim_bit(sta);
975#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
976 } else {
977 /*
978 * FIXME: This can be the result of a race condition between
979 * us expiring a frame and the station polling for it.
980 * Should we send it a null-func frame indicating we
981 * have nothing buffered for it?
982 */
983 printk(KERN_DEBUG "%s: STA %pM sent PS Poll even "
984 "though there are no buffered frames for it\n",
985 sdata->name, sta->sta.addr);
986#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
987 }
988}
989
990void ieee80211_sta_block_awake(struct ieee80211_hw *hw,
991 struct ieee80211_sta *pubsta, bool block)
992{
993 struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
994
995 if (block)
996 set_sta_flags(sta, WLAN_STA_PS_DRIVER);
997 else
998 ieee80211_queue_work(hw, &sta->drv_unblock_wk);
999}
1000EXPORT_SYMBOL(ieee80211_sta_block_awake);
diff --git a/net/mac80211/sta_info.h b/net/mac80211/sta_info.h
index ccc3adf962c7..822d84522937 100644
--- a/net/mac80211/sta_info.h
+++ b/net/mac80211/sta_info.h
@@ -12,6 +12,7 @@
12#include <linux/list.h> 12#include <linux/list.h>
13#include <linux/types.h> 13#include <linux/types.h>
14#include <linux/if_ether.h> 14#include <linux/if_ether.h>
15#include <linux/workqueue.h>
15#include "key.h" 16#include "key.h"
16 17
17/** 18/**
@@ -21,7 +22,7 @@
21 * 22 *
22 * @WLAN_STA_AUTH: Station is authenticated. 23 * @WLAN_STA_AUTH: Station is authenticated.
23 * @WLAN_STA_ASSOC: Station is associated. 24 * @WLAN_STA_ASSOC: Station is associated.
24 * @WLAN_STA_PS: Station is in power-save mode 25 * @WLAN_STA_PS_STA: Station is in power-save mode
25 * @WLAN_STA_AUTHORIZED: Station is authorized to send/receive traffic. 26 * @WLAN_STA_AUTHORIZED: Station is authorized to send/receive traffic.
26 * This bit is always checked so needs to be enabled for all stations 27 * This bit is always checked so needs to be enabled for all stations
27 * when virtual port control is not in use. 28 * when virtual port control is not in use.
@@ -36,11 +37,19 @@
36 * @WLAN_STA_MFP: Management frame protection is used with this STA. 37 * @WLAN_STA_MFP: Management frame protection is used with this STA.
37 * @WLAN_STA_SUSPEND: Set/cleared during a suspend/resume cycle. 38 * @WLAN_STA_SUSPEND: Set/cleared during a suspend/resume cycle.
38 * Used to deny ADDBA requests (both TX and RX). 39 * Used to deny ADDBA requests (both TX and RX).
40 * @WLAN_STA_PS_DRIVER: driver requires keeping this station in
41 * power-save mode logically to flush frames that might still
42 * be in the queues
43 * @WLAN_STA_PSPOLL: Station sent PS-poll while driver was keeping
44 * station in power-save mode, reply when the driver unblocks.
45 * @WLAN_STA_DISASSOC: Disassociation in progress.
46 * This is used to reject TX BA session requests when disassociation
47 * is in progress.
39 */ 48 */
40enum ieee80211_sta_info_flags { 49enum ieee80211_sta_info_flags {
41 WLAN_STA_AUTH = 1<<0, 50 WLAN_STA_AUTH = 1<<0,
42 WLAN_STA_ASSOC = 1<<1, 51 WLAN_STA_ASSOC = 1<<1,
43 WLAN_STA_PS = 1<<2, 52 WLAN_STA_PS_STA = 1<<2,
44 WLAN_STA_AUTHORIZED = 1<<3, 53 WLAN_STA_AUTHORIZED = 1<<3,
45 WLAN_STA_SHORT_PREAMBLE = 1<<4, 54 WLAN_STA_SHORT_PREAMBLE = 1<<4,
46 WLAN_STA_ASSOC_AP = 1<<5, 55 WLAN_STA_ASSOC_AP = 1<<5,
@@ -48,7 +57,10 @@ enum ieee80211_sta_info_flags {
48 WLAN_STA_WDS = 1<<7, 57 WLAN_STA_WDS = 1<<7,
49 WLAN_STA_CLEAR_PS_FILT = 1<<9, 58 WLAN_STA_CLEAR_PS_FILT = 1<<9,
50 WLAN_STA_MFP = 1<<10, 59 WLAN_STA_MFP = 1<<10,
51 WLAN_STA_SUSPEND = 1<<11 60 WLAN_STA_SUSPEND = 1<<11,
61 WLAN_STA_PS_DRIVER = 1<<12,
62 WLAN_STA_PSPOLL = 1<<13,
63 WLAN_STA_DISASSOC = 1<<14,
52}; 64};
53 65
54#define STA_TID_NUM 16 66#define STA_TID_NUM 16
@@ -154,11 +166,6 @@ struct sta_ampdu_mlme {
154}; 166};
155 167
156 168
157/* see __sta_info_unlink */
158#define STA_INFO_PIN_STAT_NORMAL 0
159#define STA_INFO_PIN_STAT_PINNED 1
160#define STA_INFO_PIN_STAT_DESTROY 2
161
162/** 169/**
163 * struct sta_info - STA information 170 * struct sta_info - STA information
164 * 171 *
@@ -177,8 +184,8 @@ struct sta_ampdu_mlme {
177 * @lock: used for locking all fields that require locking, see comments 184 * @lock: used for locking all fields that require locking, see comments
178 * in the header file. 185 * in the header file.
179 * @flaglock: spinlock for flags accesses 186 * @flaglock: spinlock for flags accesses
187 * @drv_unblock_wk: used for driver PS unblocking
180 * @listen_interval: listen interval of this station, when we're acting as AP 188 * @listen_interval: listen interval of this station, when we're acting as AP
181 * @pin_status: used internally for pinning a STA struct into memory
182 * @flags: STA flags, see &enum ieee80211_sta_info_flags 189 * @flags: STA flags, see &enum ieee80211_sta_info_flags
183 * @ps_tx_buf: buffer of frames to transmit to this station 190 * @ps_tx_buf: buffer of frames to transmit to this station
184 * when it leaves power saving state 191 * when it leaves power saving state
@@ -193,7 +200,6 @@ struct sta_ampdu_mlme {
193 * @rx_fragments: number of received MPDUs 200 * @rx_fragments: number of received MPDUs
194 * @rx_dropped: number of dropped MPDUs from this STA 201 * @rx_dropped: number of dropped MPDUs from this STA
195 * @last_signal: signal of last received frame from this STA 202 * @last_signal: signal of last received frame from this STA
196 * @last_qual: qual of last received frame from this STA
197 * @last_noise: noise of last received frame from this STA 203 * @last_noise: noise of last received frame from this STA
198 * @last_seq_ctrl: last received seq/frag number from this STA (per RX queue) 204 * @last_seq_ctrl: last received seq/frag number from this STA (per RX queue)
199 * @tx_filtered_count: number of frames the hardware filtered for this STA 205 * @tx_filtered_count: number of frames the hardware filtered for this STA
@@ -217,6 +223,8 @@ struct sta_ampdu_mlme {
217 * @plink_timer_was_running: used by suspend/resume to restore timers 223 * @plink_timer_was_running: used by suspend/resume to restore timers
218 * @debugfs: debug filesystem info 224 * @debugfs: debug filesystem info
219 * @sta: station information we share with the driver 225 * @sta: station information we share with the driver
226 * @dead: set to true when sta is unlinked
227 * @uploaded: set to true when sta is uploaded to the driver
220 */ 228 */
221struct sta_info { 229struct sta_info {
222 /* General information, mostly static */ 230 /* General information, mostly static */
@@ -230,13 +238,13 @@ struct sta_info {
230 spinlock_t lock; 238 spinlock_t lock;
231 spinlock_t flaglock; 239 spinlock_t flaglock;
232 240
241 struct work_struct drv_unblock_wk;
242
233 u16 listen_interval; 243 u16 listen_interval;
234 244
235 /* 245 bool dead;
236 * for use by the internal lifetime management, 246
237 * see __sta_info_unlink 247 bool uploaded;
238 */
239 u8 pin_status;
240 248
241 /* 249 /*
242 * frequently updated, locked with own spinlock (flaglock), 250 * frequently updated, locked with own spinlock (flaglock),
@@ -259,7 +267,6 @@ struct sta_info {
259 unsigned long rx_fragments; 267 unsigned long rx_fragments;
260 unsigned long rx_dropped; 268 unsigned long rx_dropped;
261 int last_signal; 269 int last_signal;
262 int last_qual;
263 int last_noise; 270 int last_noise;
264 __le16 last_seq_ctrl[NUM_RX_DATA_QUEUES]; 271 __le16 last_seq_ctrl[NUM_RX_DATA_QUEUES];
265 272
@@ -301,28 +308,6 @@ struct sta_info {
301#ifdef CONFIG_MAC80211_DEBUGFS 308#ifdef CONFIG_MAC80211_DEBUGFS
302 struct sta_info_debugfsdentries { 309 struct sta_info_debugfsdentries {
303 struct dentry *dir; 310 struct dentry *dir;
304 struct dentry *flags;
305 struct dentry *num_ps_buf_frames;
306 struct dentry *inactive_ms;
307 struct dentry *last_seq_ctrl;
308 struct dentry *agg_status;
309 struct dentry *aid;
310 struct dentry *dev;
311 struct dentry *rx_packets;
312 struct dentry *tx_packets;
313 struct dentry *rx_bytes;
314 struct dentry *tx_bytes;
315 struct dentry *rx_duplicates;
316 struct dentry *rx_fragments;
317 struct dentry *rx_dropped;
318 struct dentry *tx_fragments;
319 struct dentry *tx_filtered;
320 struct dentry *tx_retry_failed;
321 struct dentry *tx_retry_count;
322 struct dentry *last_signal;
323 struct dentry *last_qual;
324 struct dentry *last_noise;
325 struct dentry *wep_weak_iv_count;
326 bool add_has_run; 311 bool add_has_run;
327 } debugfs; 312 } debugfs;
328#endif 313#endif
@@ -413,14 +398,42 @@ static inline u32 get_sta_flags(struct sta_info *sta)
413#define STA_INFO_CLEANUP_INTERVAL (10 * HZ) 398#define STA_INFO_CLEANUP_INTERVAL (10 * HZ)
414 399
415/* 400/*
416 * Get a STA info, must have be under RCU read lock. 401 * Get a STA info, must be under RCU read lock.
417 */ 402 */
418struct sta_info *sta_info_get(struct ieee80211_local *local, const u8 *addr); 403struct sta_info *sta_info_get(struct ieee80211_sub_if_data *sdata,
404 const u8 *addr);
405
406struct sta_info *sta_info_get_bss(struct ieee80211_sub_if_data *sdata,
407 const u8 *addr);
408
409static inline
410void for_each_sta_info_type_check(struct ieee80211_local *local,
411 const u8 *addr,
412 struct sta_info *sta,
413 struct sta_info *nxt)
414{
415}
416
417#define for_each_sta_info(local, _addr, sta, nxt) \
418 for ( /* initialise loop */ \
419 sta = rcu_dereference(local->sta_hash[STA_HASH(_addr)]),\
420 nxt = sta ? rcu_dereference(sta->hnext) : NULL; \
421 /* typecheck */ \
422 for_each_sta_info_type_check(local, (_addr), sta, nxt), \
423 /* continue condition */ \
424 sta; \
425 /* advance loop */ \
426 sta = nxt, \
427 nxt = sta ? rcu_dereference(sta->hnext) : NULL \
428 ) \
429 /* compare address and run code only if it matches */ \
430 if (memcmp(sta->sta.addr, (_addr), ETH_ALEN) == 0)
431
419/* 432/*
420 * Get STA info by index, BROKEN! 433 * Get STA info by index, BROKEN!
421 */ 434 */
422struct sta_info *sta_info_get_by_idx(struct ieee80211_local *local, int idx, 435struct sta_info *sta_info_get_by_idx(struct ieee80211_sub_if_data *sdata,
423 struct net_device *dev); 436 int idx);
424/* 437/*
425 * Create a new STA info, caller owns returned structure 438 * Create a new STA info, caller owns returned structure
426 * until sta_info_insert(). 439 * until sta_info_insert().
@@ -431,18 +444,19 @@ struct sta_info *sta_info_alloc(struct ieee80211_sub_if_data *sdata,
431 * Insert STA info into hash table/list, returns zero or a 444 * Insert STA info into hash table/list, returns zero or a
432 * -EEXIST if (if the same MAC address is already present). 445 * -EEXIST if (if the same MAC address is already present).
433 * 446 *
434 * Calling this without RCU protection makes the caller 447 * Calling the non-rcu version makes the caller relinquish,
435 * relinquish its reference to @sta. 448 * the _rcu version calls read_lock_rcu() and must be called
449 * without it held.
436 */ 450 */
437int sta_info_insert(struct sta_info *sta); 451int sta_info_insert(struct sta_info *sta);
438/* 452int sta_info_insert_rcu(struct sta_info *sta) __acquires(RCU);
439 * Unlink a STA info from the hash table/list. 453int sta_info_insert_atomic(struct sta_info *sta);
440 * This can NULL the STA pointer if somebody else 454
441 * has already unlinked it. 455int sta_info_destroy_addr(struct ieee80211_sub_if_data *sdata,
442 */ 456 const u8 *addr);
443void sta_info_unlink(struct sta_info **sta); 457int sta_info_destroy_addr_bss(struct ieee80211_sub_if_data *sdata,
458 const u8 *addr);
444 459
445void sta_info_destroy(struct sta_info *sta);
446void sta_info_set_tim_bit(struct sta_info *sta); 460void sta_info_set_tim_bit(struct sta_info *sta);
447void sta_info_clear_tim_bit(struct sta_info *sta); 461void sta_info_clear_tim_bit(struct sta_info *sta);
448 462
@@ -454,4 +468,7 @@ int sta_info_flush(struct ieee80211_local *local,
454void ieee80211_sta_expire(struct ieee80211_sub_if_data *sdata, 468void ieee80211_sta_expire(struct ieee80211_sub_if_data *sdata,
455 unsigned long exp_time); 469 unsigned long exp_time);
456 470
471void ieee80211_sta_ps_deliver_wakeup(struct sta_info *sta);
472void ieee80211_sta_ps_deliver_poll_response(struct sta_info *sta);
473
457#endif /* STA_INFO_H */ 474#endif /* STA_INFO_H */
diff --git a/net/mac80211/status.c b/net/mac80211/status.c
new file mode 100644
index 000000000000..56d5b9a6ec5b
--- /dev/null
+++ b/net/mac80211/status.c
@@ -0,0 +1,388 @@
1/*
2 * Copyright 2002-2005, Instant802 Networks, Inc.
3 * Copyright 2005-2006, Devicescape Software, Inc.
4 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
5 * Copyright 2008-2010 Johannes Berg <johannes@sipsolutions.net>
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
10 */
11
12#include <net/mac80211.h>
13#include "ieee80211_i.h"
14#include "rate.h"
15#include "mesh.h"
16#include "led.h"
17
18
19void ieee80211_tx_status_irqsafe(struct ieee80211_hw *hw,
20 struct sk_buff *skb)
21{
22 struct ieee80211_local *local = hw_to_local(hw);
23 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
24 int tmp;
25
26 skb->pkt_type = IEEE80211_TX_STATUS_MSG;
27 skb_queue_tail(info->flags & IEEE80211_TX_CTL_REQ_TX_STATUS ?
28 &local->skb_queue : &local->skb_queue_unreliable, skb);
29 tmp = skb_queue_len(&local->skb_queue) +
30 skb_queue_len(&local->skb_queue_unreliable);
31 while (tmp > IEEE80211_IRQSAFE_QUEUE_LIMIT &&
32 (skb = skb_dequeue(&local->skb_queue_unreliable))) {
33 dev_kfree_skb_irq(skb);
34 tmp--;
35 I802_DEBUG_INC(local->tx_status_drop);
36 }
37 tasklet_schedule(&local->tasklet);
38}
39EXPORT_SYMBOL(ieee80211_tx_status_irqsafe);
40
41static void ieee80211_handle_filtered_frame(struct ieee80211_local *local,
42 struct sta_info *sta,
43 struct sk_buff *skb)
44{
45 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
46
47 /*
48 * This skb 'survived' a round-trip through the driver, and
49 * hopefully the driver didn't mangle it too badly. However,
50 * we can definitely not rely on the the control information
51 * being correct. Clear it so we don't get junk there, and
52 * indicate that it needs new processing, but must not be
53 * modified/encrypted again.
54 */
55 memset(&info->control, 0, sizeof(info->control));
56
57 info->control.jiffies = jiffies;
58 info->control.vif = &sta->sdata->vif;
59 info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING |
60 IEEE80211_TX_INTFL_RETRANSMISSION;
61
62 sta->tx_filtered_count++;
63
64 /*
65 * Clear the TX filter mask for this STA when sending the next
66 * packet. If the STA went to power save mode, this will happen
67 * when it wakes up for the next time.
68 */
69 set_sta_flags(sta, WLAN_STA_CLEAR_PS_FILT);
70
71 /*
72 * This code races in the following way:
73 *
74 * (1) STA sends frame indicating it will go to sleep and does so
75 * (2) hardware/firmware adds STA to filter list, passes frame up
76 * (3) hardware/firmware processes TX fifo and suppresses a frame
77 * (4) we get TX status before having processed the frame and
78 * knowing that the STA has gone to sleep.
79 *
80 * This is actually quite unlikely even when both those events are
81 * processed from interrupts coming in quickly after one another or
82 * even at the same time because we queue both TX status events and
83 * RX frames to be processed by a tasklet and process them in the
84 * same order that they were received or TX status last. Hence, there
85 * is no race as long as the frame RX is processed before the next TX
86 * status, which drivers can ensure, see below.
87 *
88 * Note that this can only happen if the hardware or firmware can
89 * actually add STAs to the filter list, if this is done by the
90 * driver in response to set_tim() (which will only reduce the race
91 * this whole filtering tries to solve, not completely solve it)
92 * this situation cannot happen.
93 *
94 * To completely solve this race drivers need to make sure that they
95 * (a) don't mix the irq-safe/not irq-safe TX status/RX processing
96 * functions and
97 * (b) always process RX events before TX status events if ordering
98 * can be unknown, for example with different interrupt status
99 * bits.
100 */
101 if (test_sta_flags(sta, WLAN_STA_PS_STA) &&
102 skb_queue_len(&sta->tx_filtered) < STA_MAX_TX_BUFFER) {
103 skb_queue_tail(&sta->tx_filtered, skb);
104 return;
105 }
106
107 if (!test_sta_flags(sta, WLAN_STA_PS_STA) &&
108 !(info->flags & IEEE80211_TX_INTFL_RETRIED)) {
109 /* Software retry the packet once */
110 info->flags |= IEEE80211_TX_INTFL_RETRIED;
111 ieee80211_add_pending_skb(local, skb);
112 return;
113 }
114
115#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
116 if (net_ratelimit())
117 printk(KERN_DEBUG "%s: dropped TX filtered frame, "
118 "queue_len=%d PS=%d @%lu\n",
119 wiphy_name(local->hw.wiphy),
120 skb_queue_len(&sta->tx_filtered),
121 !!test_sta_flags(sta, WLAN_STA_PS_STA), jiffies);
122#endif
123 dev_kfree_skb(skb);
124}
125
126static void ieee80211_frame_acked(struct sta_info *sta, struct sk_buff *skb)
127{
128 struct ieee80211_mgmt *mgmt = (void *) skb->data;
129 struct ieee80211_local *local = sta->local;
130 struct ieee80211_sub_if_data *sdata = sta->sdata;
131
132 if (ieee80211_is_action(mgmt->frame_control) &&
133 sdata->vif.type == NL80211_IFTYPE_STATION &&
134 mgmt->u.action.category == WLAN_CATEGORY_HT &&
135 mgmt->u.action.u.ht_smps.action == WLAN_HT_ACTION_SMPS) {
136 /*
137 * This update looks racy, but isn't -- if we come
138 * here we've definitely got a station that we're
139 * talking to, and on a managed interface that can
140 * only be the AP. And the only other place updating
141 * this variable is before we're associated.
142 */
143 switch (mgmt->u.action.u.ht_smps.smps_control) {
144 case WLAN_HT_SMPS_CONTROL_DYNAMIC:
145 sta->sdata->u.mgd.ap_smps = IEEE80211_SMPS_DYNAMIC;
146 break;
147 case WLAN_HT_SMPS_CONTROL_STATIC:
148 sta->sdata->u.mgd.ap_smps = IEEE80211_SMPS_STATIC;
149 break;
150 case WLAN_HT_SMPS_CONTROL_DISABLED:
151 default: /* shouldn't happen since we don't send that */
152 sta->sdata->u.mgd.ap_smps = IEEE80211_SMPS_OFF;
153 break;
154 }
155
156 ieee80211_queue_work(&local->hw, &local->recalc_smps);
157 }
158}
159
160void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
161{
162 struct sk_buff *skb2;
163 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
164 struct ieee80211_local *local = hw_to_local(hw);
165 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
166 u16 frag, type;
167 __le16 fc;
168 struct ieee80211_supported_band *sband;
169 struct ieee80211_tx_status_rtap_hdr *rthdr;
170 struct ieee80211_sub_if_data *sdata;
171 struct net_device *prev_dev = NULL;
172 struct sta_info *sta, *tmp;
173 int retry_count = -1, i;
174 bool injected;
175
176 for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) {
177 /* the HW cannot have attempted that rate */
178 if (i >= hw->max_rates) {
179 info->status.rates[i].idx = -1;
180 info->status.rates[i].count = 0;
181 }
182
183 retry_count += info->status.rates[i].count;
184 }
185 if (retry_count < 0)
186 retry_count = 0;
187
188 rcu_read_lock();
189
190 sband = local->hw.wiphy->bands[info->band];
191 fc = hdr->frame_control;
192
193 for_each_sta_info(local, hdr->addr1, sta, tmp) {
194 /* skip wrong virtual interface */
195 if (memcmp(hdr->addr2, sta->sdata->vif.addr, ETH_ALEN))
196 continue;
197
198 if (!(info->flags & IEEE80211_TX_STAT_ACK) &&
199 test_sta_flags(sta, WLAN_STA_PS_STA)) {
200 /*
201 * The STA is in power save mode, so assume
202 * that this TX packet failed because of that.
203 */
204 ieee80211_handle_filtered_frame(local, sta, skb);
205 rcu_read_unlock();
206 return;
207 }
208
209 if ((info->flags & IEEE80211_TX_STAT_AMPDU_NO_BACK) &&
210 (ieee80211_is_data_qos(fc))) {
211 u16 tid, ssn;
212 u8 *qc;
213
214 qc = ieee80211_get_qos_ctl(hdr);
215 tid = qc[0] & 0xf;
216 ssn = ((le16_to_cpu(hdr->seq_ctrl) + 0x10)
217 & IEEE80211_SCTL_SEQ);
218 ieee80211_send_bar(sta->sdata, hdr->addr1,
219 tid, ssn);
220 }
221
222 if (info->flags & IEEE80211_TX_STAT_TX_FILTERED) {
223 ieee80211_handle_filtered_frame(local, sta, skb);
224 rcu_read_unlock();
225 return;
226 } else {
227 if (!(info->flags & IEEE80211_TX_STAT_ACK))
228 sta->tx_retry_failed++;
229 sta->tx_retry_count += retry_count;
230 }
231
232 rate_control_tx_status(local, sband, sta, skb);
233 if (ieee80211_vif_is_mesh(&sta->sdata->vif))
234 ieee80211s_update_metric(local, sta, skb);
235
236 if (!(info->flags & IEEE80211_TX_CTL_INJECTED) &&
237 (info->flags & IEEE80211_TX_STAT_ACK))
238 ieee80211_frame_acked(sta, skb);
239 }
240
241 rcu_read_unlock();
242
243 ieee80211_led_tx(local, 0);
244
245 /* SNMP counters
246 * Fragments are passed to low-level drivers as separate skbs, so these
247 * are actually fragments, not frames. Update frame counters only for
248 * the first fragment of the frame. */
249
250 frag = le16_to_cpu(hdr->seq_ctrl) & IEEE80211_SCTL_FRAG;
251 type = le16_to_cpu(hdr->frame_control) & IEEE80211_FCTL_FTYPE;
252
253 if (info->flags & IEEE80211_TX_STAT_ACK) {
254 if (frag == 0) {
255 local->dot11TransmittedFrameCount++;
256 if (is_multicast_ether_addr(hdr->addr1))
257 local->dot11MulticastTransmittedFrameCount++;
258 if (retry_count > 0)
259 local->dot11RetryCount++;
260 if (retry_count > 1)
261 local->dot11MultipleRetryCount++;
262 }
263
264 /* This counter shall be incremented for an acknowledged MPDU
265 * with an individual address in the address 1 field or an MPDU
266 * with a multicast address in the address 1 field of type Data
267 * or Management. */
268 if (!is_multicast_ether_addr(hdr->addr1) ||
269 type == IEEE80211_FTYPE_DATA ||
270 type == IEEE80211_FTYPE_MGMT)
271 local->dot11TransmittedFragmentCount++;
272 } else {
273 if (frag == 0)
274 local->dot11FailedCount++;
275 }
276
277 if (ieee80211_is_nullfunc(fc) && ieee80211_has_pm(fc) &&
278 (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) &&
279 !(info->flags & IEEE80211_TX_CTL_INJECTED) &&
280 local->ps_sdata && !(local->scanning)) {
281 if (info->flags & IEEE80211_TX_STAT_ACK) {
282 local->ps_sdata->u.mgd.flags |=
283 IEEE80211_STA_NULLFUNC_ACKED;
284 ieee80211_queue_work(&local->hw,
285 &local->dynamic_ps_enable_work);
286 } else
287 mod_timer(&local->dynamic_ps_timer, jiffies +
288 msecs_to_jiffies(10));
289 }
290
291 if (info->flags & IEEE80211_TX_INTFL_NL80211_FRAME_TX)
292 cfg80211_action_tx_status(
293 skb->dev, (unsigned long) skb, skb->data, skb->len,
294 !!(info->flags & IEEE80211_TX_STAT_ACK), GFP_ATOMIC);
295
296 /* this was a transmitted frame, but now we want to reuse it */
297 skb_orphan(skb);
298
299 /*
300 * This is a bit racy but we can avoid a lot of work
301 * with this test...
302 */
303 if (!local->monitors && !local->cooked_mntrs) {
304 dev_kfree_skb(skb);
305 return;
306 }
307
308 /* send frame to monitor interfaces now */
309
310 if (skb_headroom(skb) < sizeof(*rthdr)) {
311 printk(KERN_ERR "ieee80211_tx_status: headroom too small\n");
312 dev_kfree_skb(skb);
313 return;
314 }
315
316 rthdr = (struct ieee80211_tx_status_rtap_hdr *)
317 skb_push(skb, sizeof(*rthdr));
318
319 memset(rthdr, 0, sizeof(*rthdr));
320 rthdr->hdr.it_len = cpu_to_le16(sizeof(*rthdr));
321 rthdr->hdr.it_present =
322 cpu_to_le32((1 << IEEE80211_RADIOTAP_TX_FLAGS) |
323 (1 << IEEE80211_RADIOTAP_DATA_RETRIES) |
324 (1 << IEEE80211_RADIOTAP_RATE));
325
326 if (!(info->flags & IEEE80211_TX_STAT_ACK) &&
327 !is_multicast_ether_addr(hdr->addr1))
328 rthdr->tx_flags |= cpu_to_le16(IEEE80211_RADIOTAP_F_TX_FAIL);
329
330 /*
331 * XXX: Once radiotap gets the bitmap reset thing the vendor
332 * extensions proposal contains, we can actually report
333 * the whole set of tries we did.
334 */
335 if ((info->status.rates[0].flags & IEEE80211_TX_RC_USE_RTS_CTS) ||
336 (info->status.rates[0].flags & IEEE80211_TX_RC_USE_CTS_PROTECT))
337 rthdr->tx_flags |= cpu_to_le16(IEEE80211_RADIOTAP_F_TX_CTS);
338 else if (info->status.rates[0].flags & IEEE80211_TX_RC_USE_RTS_CTS)
339 rthdr->tx_flags |= cpu_to_le16(IEEE80211_RADIOTAP_F_TX_RTS);
340 if (info->status.rates[0].idx >= 0 &&
341 !(info->status.rates[0].flags & IEEE80211_TX_RC_MCS))
342 rthdr->rate = sband->bitrates[
343 info->status.rates[0].idx].bitrate / 5;
344
345 /* for now report the total retry_count */
346 rthdr->data_retries = retry_count;
347
348 /* Need to make a copy before skb->cb gets cleared */
349 injected = !!(info->flags & IEEE80211_TX_CTL_INJECTED);
350
351 /* XXX: is this sufficient for BPF? */
352 skb_set_mac_header(skb, 0);
353 skb->ip_summed = CHECKSUM_UNNECESSARY;
354 skb->pkt_type = PACKET_OTHERHOST;
355 skb->protocol = htons(ETH_P_802_2);
356 memset(skb->cb, 0, sizeof(skb->cb));
357
358 rcu_read_lock();
359 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
360 if (sdata->vif.type == NL80211_IFTYPE_MONITOR) {
361 if (!ieee80211_sdata_running(sdata))
362 continue;
363
364 if ((sdata->u.mntr_flags & MONITOR_FLAG_COOK_FRAMES) &&
365 !injected &&
366 (type == IEEE80211_FTYPE_DATA))
367 continue;
368
369 if (prev_dev) {
370 skb2 = skb_clone(skb, GFP_ATOMIC);
371 if (skb2) {
372 skb2->dev = prev_dev;
373 netif_rx(skb2);
374 }
375 }
376
377 prev_dev = sdata->dev;
378 }
379 }
380 if (prev_dev) {
381 skb->dev = prev_dev;
382 netif_rx(skb);
383 skb = NULL;
384 }
385 rcu_read_unlock();
386 dev_kfree_skb(skb);
387}
388EXPORT_SYMBOL(ieee80211_tx_status);
diff --git a/net/mac80211/tkip.c b/net/mac80211/tkip.c
index 964b7faa7f17..7ef491e9d66d 100644
--- a/net/mac80211/tkip.c
+++ b/net/mac80211/tkip.c
@@ -100,7 +100,7 @@ static void tkip_mixing_phase1(const u8 *tk, struct tkip_ctx *ctx,
100 p1k[3] += tkipS(p1k[2] ^ get_unaligned_le16(tk + 12 + j)); 100 p1k[3] += tkipS(p1k[2] ^ get_unaligned_le16(tk + 12 + j));
101 p1k[4] += tkipS(p1k[3] ^ get_unaligned_le16(tk + 0 + j)) + i; 101 p1k[4] += tkipS(p1k[3] ^ get_unaligned_le16(tk + 0 + j)) + i;
102 } 102 }
103 ctx->initialized = 1; 103 ctx->state = TKIP_STATE_PHASE1_DONE;
104} 104}
105 105
106static void tkip_mixing_phase2(const u8 *tk, struct tkip_ctx *ctx, 106static void tkip_mixing_phase2(const u8 *tk, struct tkip_ctx *ctx,
@@ -183,7 +183,7 @@ void ieee80211_get_tkip_key(struct ieee80211_key_conf *keyconf,
183 /* Update the p1k only when the iv16 in the packet wraps around, this 183 /* Update the p1k only when the iv16 in the packet wraps around, this
184 * might occur after the wrap around of iv16 in the key in case of 184 * might occur after the wrap around of iv16 in the key in case of
185 * fragmented packets. */ 185 * fragmented packets. */
186 if (iv16 == 0 || !ctx->initialized) 186 if (iv16 == 0 || ctx->state == TKIP_STATE_NOT_INIT)
187 tkip_mixing_phase1(tk, ctx, hdr->addr2, iv32); 187 tkip_mixing_phase1(tk, ctx, hdr->addr2, iv32);
188 188
189 if (type == IEEE80211_TKIP_P1_KEY) { 189 if (type == IEEE80211_TKIP_P1_KEY) {
@@ -195,11 +195,13 @@ void ieee80211_get_tkip_key(struct ieee80211_key_conf *keyconf,
195} 195}
196EXPORT_SYMBOL(ieee80211_get_tkip_key); 196EXPORT_SYMBOL(ieee80211_get_tkip_key);
197 197
198/* Encrypt packet payload with TKIP using @key. @pos is a pointer to the 198/*
199 * Encrypt packet payload with TKIP using @key. @pos is a pointer to the
199 * beginning of the buffer containing payload. This payload must include 200 * beginning of the buffer containing payload. This payload must include
200 * headroom of eight octets for IV and Ext. IV and taildroom of four octets 201 * the IV/Ext.IV and space for (taildroom) four octets for ICV.
201 * for ICV. @payload_len is the length of payload (_not_ including extra 202 * @payload_len is the length of payload (_not_ including IV/ICV length).
202 * headroom and tailroom). @ta is the transmitter addresses. */ 203 * @ta is the transmitter addresses.
204 */
203void ieee80211_tkip_encrypt_data(struct crypto_blkcipher *tfm, 205void ieee80211_tkip_encrypt_data(struct crypto_blkcipher *tfm,
204 struct ieee80211_key *key, 206 struct ieee80211_key *key,
205 u8 *pos, size_t payload_len, u8 *ta) 207 u8 *pos, size_t payload_len, u8 *ta)
@@ -209,12 +211,11 @@ void ieee80211_tkip_encrypt_data(struct crypto_blkcipher *tfm,
209 const u8 *tk = &key->conf.key[NL80211_TKIP_DATA_OFFSET_ENCR_KEY]; 211 const u8 *tk = &key->conf.key[NL80211_TKIP_DATA_OFFSET_ENCR_KEY];
210 212
211 /* Calculate per-packet key */ 213 /* Calculate per-packet key */
212 if (ctx->iv16 == 0 || !ctx->initialized) 214 if (ctx->iv16 == 0 || ctx->state == TKIP_STATE_NOT_INIT)
213 tkip_mixing_phase1(tk, ctx, ta, ctx->iv32); 215 tkip_mixing_phase1(tk, ctx, ta, ctx->iv32);
214 216
215 tkip_mixing_phase2(tk, ctx, ctx->iv16, rc4key); 217 tkip_mixing_phase2(tk, ctx, ctx->iv16, rc4key);
216 218
217 pos = ieee80211_tkip_add_iv(pos, key, key->u.tkip.tx.iv16);
218 ieee80211_wep_encrypt_data(tfm, rc4key, 16, pos, payload_len); 219 ieee80211_wep_encrypt_data(tfm, rc4key, 16, pos, payload_len);
219} 220}
220 221
@@ -259,7 +260,7 @@ int ieee80211_tkip_decrypt_data(struct crypto_blkcipher *tfm,
259 if ((keyid >> 6) != key->conf.keyidx) 260 if ((keyid >> 6) != key->conf.keyidx)
260 return TKIP_DECRYPT_INVALID_KEYIDX; 261 return TKIP_DECRYPT_INVALID_KEYIDX;
261 262
262 if (key->u.tkip.rx[queue].initialized && 263 if (key->u.tkip.rx[queue].state != TKIP_STATE_NOT_INIT &&
263 (iv32 < key->u.tkip.rx[queue].iv32 || 264 (iv32 < key->u.tkip.rx[queue].iv32 ||
264 (iv32 == key->u.tkip.rx[queue].iv32 && 265 (iv32 == key->u.tkip.rx[queue].iv32 &&
265 iv16 <= key->u.tkip.rx[queue].iv16))) { 266 iv16 <= key->u.tkip.rx[queue].iv16))) {
@@ -275,11 +276,11 @@ int ieee80211_tkip_decrypt_data(struct crypto_blkcipher *tfm,
275 276
276 if (only_iv) { 277 if (only_iv) {
277 res = TKIP_DECRYPT_OK; 278 res = TKIP_DECRYPT_OK;
278 key->u.tkip.rx[queue].initialized = 1; 279 key->u.tkip.rx[queue].state = TKIP_STATE_PHASE1_HW_UPLOADED;
279 goto done; 280 goto done;
280 } 281 }
281 282
282 if (!key->u.tkip.rx[queue].initialized || 283 if (key->u.tkip.rx[queue].state == TKIP_STATE_NOT_INIT ||
283 key->u.tkip.rx[queue].iv32 != iv32) { 284 key->u.tkip.rx[queue].iv32 != iv32) {
284 /* IV16 wrapped around - perform TKIP phase 1 */ 285 /* IV16 wrapped around - perform TKIP phase 1 */
285 tkip_mixing_phase1(tk, &key->u.tkip.rx[queue], ta, iv32); 286 tkip_mixing_phase1(tk, &key->u.tkip.rx[queue], ta, iv32);
@@ -299,18 +300,18 @@ int ieee80211_tkip_decrypt_data(struct crypto_blkcipher *tfm,
299 printk("\n"); 300 printk("\n");
300 } 301 }
301#endif 302#endif
302 if (key->local->ops->update_tkip_key && 303 }
303 key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) { 304 if (key->local->ops->update_tkip_key &&
304 u8 bcast[ETH_ALEN] = 305 key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE &&
305 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 306 key->u.tkip.rx[queue].state != TKIP_STATE_PHASE1_HW_UPLOADED) {
306 u8 *sta_addr = key->sta->sta.addr; 307 struct ieee80211_sub_if_data *sdata = key->sdata;
307 308
308 if (is_multicast_ether_addr(ra)) 309 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
309 sta_addr = bcast; 310 sdata = container_of(key->sdata->bss,
310 311 struct ieee80211_sub_if_data, u.ap);
311 drv_update_tkip_key(key->local, &key->conf, sta_addr, 312 drv_update_tkip_key(key->local, sdata, &key->conf, key->sta,
312 iv32, key->u.tkip.rx[queue].p1k); 313 iv32, key->u.tkip.rx[queue].p1k);
313 } 314 key->u.tkip.rx[queue].state = TKIP_STATE_PHASE1_HW_UPLOADED;
314 } 315 }
315 316
316 tkip_mixing_phase2(tk, &key->u.tkip.rx[queue], iv16, rc4key); 317 tkip_mixing_phase2(tk, &key->u.tkip.rx[queue], iv16, rc4key);
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index eaa4118de988..cfc473e1b050 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -180,6 +180,71 @@ static int inline is_ieee80211_device(struct ieee80211_local *local,
180} 180}
181 181
182/* tx handlers */ 182/* tx handlers */
183static ieee80211_tx_result debug_noinline
184ieee80211_tx_h_dynamic_ps(struct ieee80211_tx_data *tx)
185{
186 struct ieee80211_local *local = tx->local;
187 struct ieee80211_if_managed *ifmgd;
188
189 /* driver doesn't support power save */
190 if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_PS))
191 return TX_CONTINUE;
192
193 /* hardware does dynamic power save */
194 if (local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)
195 return TX_CONTINUE;
196
197 /* dynamic power save disabled */
198 if (local->hw.conf.dynamic_ps_timeout <= 0)
199 return TX_CONTINUE;
200
201 /* we are scanning, don't enable power save */
202 if (local->scanning)
203 return TX_CONTINUE;
204
205 if (!local->ps_sdata)
206 return TX_CONTINUE;
207
208 /* No point if we're going to suspend */
209 if (local->quiescing)
210 return TX_CONTINUE;
211
212 /* dynamic ps is supported only in managed mode */
213 if (tx->sdata->vif.type != NL80211_IFTYPE_STATION)
214 return TX_CONTINUE;
215
216 ifmgd = &tx->sdata->u.mgd;
217
218 /*
219 * Don't wakeup from power save if u-apsd is enabled, voip ac has
220 * u-apsd enabled and the frame is in voip class. This effectively
221 * means that even if all access categories have u-apsd enabled, in
222 * practise u-apsd is only used with the voip ac. This is a
223 * workaround for the case when received voip class packets do not
224 * have correct qos tag for some reason, due the network or the
225 * peer application.
226 *
227 * Note: local->uapsd_queues access is racy here. If the value is
228 * changed via debugfs, user needs to reassociate manually to have
229 * everything in sync.
230 */
231 if ((ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED)
232 && (local->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO)
233 && skb_get_queue_mapping(tx->skb) == 0)
234 return TX_CONTINUE;
235
236 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
237 ieee80211_stop_queues_by_reason(&local->hw,
238 IEEE80211_QUEUE_STOP_REASON_PS);
239 ieee80211_queue_work(&local->hw,
240 &local->dynamic_ps_disable_work);
241 }
242
243 mod_timer(&local->dynamic_ps_timer, jiffies +
244 msecs_to_jiffies(local->hw.conf.dynamic_ps_timeout));
245
246 return TX_CONTINUE;
247}
183 248
184static ieee80211_tx_result debug_noinline 249static ieee80211_tx_result debug_noinline
185ieee80211_tx_h_check_assoc(struct ieee80211_tx_data *tx) 250ieee80211_tx_h_check_assoc(struct ieee80211_tx_data *tx)
@@ -223,7 +288,7 @@ ieee80211_tx_h_check_assoc(struct ieee80211_tx_data *tx)
223#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 288#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
224 printk(KERN_DEBUG "%s: dropped data frame to not " 289 printk(KERN_DEBUG "%s: dropped data frame to not "
225 "associated station %pM\n", 290 "associated station %pM\n",
226 tx->dev->name, hdr->addr1); 291 tx->sdata->name, hdr->addr1);
227#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */ 292#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
228 I802_DEBUG_INC(tx->local->tx_handlers_drop_not_assoc); 293 I802_DEBUG_INC(tx->local->tx_handlers_drop_not_assoc);
229 return TX_DROP; 294 return TX_DROP;
@@ -317,12 +382,11 @@ ieee80211_tx_h_multicast_ps_buf(struct ieee80211_tx_data *tx)
317 if (!atomic_read(&tx->sdata->bss->num_sta_ps)) 382 if (!atomic_read(&tx->sdata->bss->num_sta_ps))
318 return TX_CONTINUE; 383 return TX_CONTINUE;
319 384
320 /* buffered in hardware */ 385 info->flags |= IEEE80211_TX_CTL_SEND_AFTER_DTIM;
321 if (!(tx->local->hw.flags & IEEE80211_HW_HOST_BROADCAST_PS_BUFFERING)) {
322 info->flags |= IEEE80211_TX_CTL_SEND_AFTER_DTIM;
323 386
387 /* device releases frame after DTIM beacon */
388 if (!(tx->local->hw.flags & IEEE80211_HW_HOST_BROADCAST_PS_BUFFERING))
324 return TX_CONTINUE; 389 return TX_CONTINUE;
325 }
326 390
327 /* buffered in mac80211 */ 391 /* buffered in mac80211 */
328 if (tx->local->total_ps_buffered >= TOTAL_MAX_TX_BUFFER) 392 if (tx->local->total_ps_buffered >= TOTAL_MAX_TX_BUFFER)
@@ -332,7 +396,7 @@ ieee80211_tx_h_multicast_ps_buf(struct ieee80211_tx_data *tx)
332#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 396#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
333 if (net_ratelimit()) 397 if (net_ratelimit())
334 printk(KERN_DEBUG "%s: BC TX buffer full - dropping the oldest frame\n", 398 printk(KERN_DEBUG "%s: BC TX buffer full - dropping the oldest frame\n",
335 tx->dev->name); 399 tx->sdata->name);
336#endif 400#endif
337 dev_kfree_skb(skb_dequeue(&tx->sdata->bss->ps_bc_buf)); 401 dev_kfree_skb(skb_dequeue(&tx->sdata->bss->ps_bc_buf));
338 } else 402 } else
@@ -367,15 +431,16 @@ ieee80211_tx_h_unicast_ps_buf(struct ieee80211_tx_data *tx)
367 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data; 431 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
368 u32 staflags; 432 u32 staflags;
369 433
370 if (unlikely(!sta || ieee80211_is_probe_resp(hdr->frame_control) 434 if (unlikely(!sta ||
371 || ieee80211_is_auth(hdr->frame_control) 435 ieee80211_is_probe_resp(hdr->frame_control) ||
372 || ieee80211_is_assoc_resp(hdr->frame_control) 436 ieee80211_is_auth(hdr->frame_control) ||
373 || ieee80211_is_reassoc_resp(hdr->frame_control))) 437 ieee80211_is_assoc_resp(hdr->frame_control) ||
438 ieee80211_is_reassoc_resp(hdr->frame_control)))
374 return TX_CONTINUE; 439 return TX_CONTINUE;
375 440
376 staflags = get_sta_flags(sta); 441 staflags = get_sta_flags(sta);
377 442
378 if (unlikely((staflags & WLAN_STA_PS) && 443 if (unlikely((staflags & (WLAN_STA_PS_STA | WLAN_STA_PS_DRIVER)) &&
379 !(info->flags & IEEE80211_TX_CTL_PSPOLL_RESPONSE))) { 444 !(info->flags & IEEE80211_TX_CTL_PSPOLL_RESPONSE))) {
380#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 445#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
381 printk(KERN_DEBUG "STA %pM aid %d: PS buffer (entries " 446 printk(KERN_DEBUG "STA %pM aid %d: PS buffer (entries "
@@ -391,15 +456,20 @@ ieee80211_tx_h_unicast_ps_buf(struct ieee80211_tx_data *tx)
391 if (net_ratelimit()) { 456 if (net_ratelimit()) {
392 printk(KERN_DEBUG "%s: STA %pM TX " 457 printk(KERN_DEBUG "%s: STA %pM TX "
393 "buffer full - dropping oldest frame\n", 458 "buffer full - dropping oldest frame\n",
394 tx->dev->name, sta->sta.addr); 459 tx->sdata->name, sta->sta.addr);
395 } 460 }
396#endif 461#endif
397 dev_kfree_skb(old); 462 dev_kfree_skb(old);
398 } else 463 } else
399 tx->local->total_ps_buffered++; 464 tx->local->total_ps_buffered++;
400 465
401 /* Queue frame to be sent after STA sends an PS Poll frame */ 466 /*
402 if (skb_queue_empty(&sta->ps_tx_buf)) 467 * Queue frame to be sent after STA wakes up/polls,
468 * but don't set the TIM bit if the driver is blocking
469 * wakeup or poll response transmissions anyway.
470 */
471 if (skb_queue_empty(&sta->ps_tx_buf) &&
472 !(staflags & WLAN_STA_PS_DRIVER))
403 sta_info_set_tim_bit(sta); 473 sta_info_set_tim_bit(sta);
404 474
405 info->control.jiffies = jiffies; 475 info->control.jiffies = jiffies;
@@ -409,9 +479,9 @@ ieee80211_tx_h_unicast_ps_buf(struct ieee80211_tx_data *tx)
409 return TX_QUEUED; 479 return TX_QUEUED;
410 } 480 }
411#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 481#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
412 else if (unlikely(test_sta_flags(sta, WLAN_STA_PS))) { 482 else if (unlikely(staflags & WLAN_STA_PS_STA)) {
413 printk(KERN_DEBUG "%s: STA %pM in PS mode, but pspoll " 483 printk(KERN_DEBUG "%s: STA %pM in PS mode, but pspoll "
414 "set -> send frame\n", tx->dev->name, 484 "set -> send frame\n", tx->sdata->name,
415 sta->sta.addr); 485 sta->sta.addr);
416 } 486 }
417#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */ 487#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
@@ -459,6 +529,8 @@ ieee80211_tx_h_select_key(struct ieee80211_tx_data *tx)
459 tx->key = NULL; 529 tx->key = NULL;
460 530
461 if (tx->key) { 531 if (tx->key) {
532 bool skip_hw = false;
533
462 tx->key->tx_rx_count++; 534 tx->key->tx_rx_count++;
463 /* TODO: add threshold stuff again */ 535 /* TODO: add threshold stuff again */
464 536
@@ -475,16 +547,32 @@ ieee80211_tx_h_select_key(struct ieee80211_tx_data *tx)
475 !ieee80211_use_mfp(hdr->frame_control, tx->sta, 547 !ieee80211_use_mfp(hdr->frame_control, tx->sta,
476 tx->skb)) 548 tx->skb))
477 tx->key = NULL; 549 tx->key = NULL;
550 else
551 skip_hw = (tx->key->conf.flags &
552 IEEE80211_KEY_FLAG_SW_MGMT) &&
553 ieee80211_is_mgmt(hdr->frame_control);
478 break; 554 break;
479 case ALG_AES_CMAC: 555 case ALG_AES_CMAC:
480 if (!ieee80211_is_mgmt(hdr->frame_control)) 556 if (!ieee80211_is_mgmt(hdr->frame_control))
481 tx->key = NULL; 557 tx->key = NULL;
482 break; 558 break;
483 } 559 }
560
561 if (!skip_hw && tx->key &&
562 tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)
563 info->control.hw_key = &tx->key->conf;
484 } 564 }
485 565
486 if (!tx->key || !(tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)) 566 return TX_CONTINUE;
487 info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 567}
568
569static ieee80211_tx_result debug_noinline
570ieee80211_tx_h_sta(struct ieee80211_tx_data *tx)
571{
572 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
573
574 if (tx->sta && tx->sta->uploaded)
575 info->control.sta = &tx->sta->sta;
488 576
489 return TX_CONTINUE; 577 return TX_CONTINUE;
490} 578}
@@ -514,7 +602,12 @@ ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx)
514 txrc.bss_conf = &tx->sdata->vif.bss_conf; 602 txrc.bss_conf = &tx->sdata->vif.bss_conf;
515 txrc.skb = tx->skb; 603 txrc.skb = tx->skb;
516 txrc.reported_rate.idx = -1; 604 txrc.reported_rate.idx = -1;
517 txrc.max_rate_idx = tx->sdata->max_ratectrl_rateidx; 605 txrc.rate_idx_mask = tx->sdata->rc_rateidx_mask[tx->channel->band];
606 if (txrc.rate_idx_mask == (1 << sband->n_bitrates) - 1)
607 txrc.max_rate_idx = -1;
608 else
609 txrc.max_rate_idx = fls(txrc.rate_idx_mask) - 1;
610 txrc.ap = tx->sdata->vif.type == NL80211_IFTYPE_AP;
518 611
519 /* set up RTS protection if desired */ 612 /* set up RTS protection if desired */
520 if (len > tx->local->hw.wiphy->rts_threshold) { 613 if (len > tx->local->hw.wiphy->rts_threshold) {
@@ -544,7 +637,7 @@ ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx)
544 "%s: Dropped data frame as no usable bitrate found while " 637 "%s: Dropped data frame as no usable bitrate found while "
545 "scanning and associated. Target station: " 638 "scanning and associated. Target station: "
546 "%pM on %d GHz band\n", 639 "%pM on %d GHz band\n",
547 tx->dev->name, hdr->addr1, 640 tx->sdata->name, hdr->addr1,
548 tx->channel->band ? 5 : 2)) 641 tx->channel->band ? 5 : 2))
549 return TX_DROP; 642 return TX_DROP;
550 643
@@ -659,17 +752,6 @@ ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx)
659} 752}
660 753
661static ieee80211_tx_result debug_noinline 754static ieee80211_tx_result debug_noinline
662ieee80211_tx_h_misc(struct ieee80211_tx_data *tx)
663{
664 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
665
666 if (tx->sta)
667 info->control.sta = &tx->sta->sta;
668
669 return TX_CONTINUE;
670}
671
672static ieee80211_tx_result debug_noinline
673ieee80211_tx_h_sequence(struct ieee80211_tx_data *tx) 755ieee80211_tx_h_sequence(struct ieee80211_tx_data *tx)
674{ 756{
675 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb); 757 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
@@ -928,7 +1010,8 @@ static bool __ieee80211_parse_tx_radiotap(struct ieee80211_tx_data *tx,
928 (struct ieee80211_radiotap_header *) skb->data; 1010 (struct ieee80211_radiotap_header *) skb->data;
929 struct ieee80211_supported_band *sband; 1011 struct ieee80211_supported_band *sband;
930 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 1012 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
931 int ret = ieee80211_radiotap_iterator_init(&iterator, rthdr, skb->len); 1013 int ret = ieee80211_radiotap_iterator_init(&iterator, rthdr, skb->len,
1014 NULL);
932 1015
933 sband = tx->local->hw.wiphy->bands[tx->channel->band]; 1016 sband = tx->local->hw.wiphy->bands[tx->channel->band];
934 1017
@@ -964,7 +1047,7 @@ static bool __ieee80211_parse_tx_radiotap(struct ieee80211_tx_data *tx,
964 * because it will be recomputed and added 1047 * because it will be recomputed and added
965 * on transmission 1048 * on transmission
966 */ 1049 */
967 if (skb->len < (iterator.max_length + FCS_LEN)) 1050 if (skb->len < (iterator._max_length + FCS_LEN))
968 return false; 1051 return false;
969 1052
970 skb_trim(skb, skb->len - FCS_LEN); 1053 skb_trim(skb, skb->len - FCS_LEN);
@@ -991,10 +1074,10 @@ static bool __ieee80211_parse_tx_radiotap(struct ieee80211_tx_data *tx,
991 1074
992 /* 1075 /*
993 * remove the radiotap header 1076 * remove the radiotap header
994 * iterator->max_length was sanity-checked against 1077 * iterator->_max_length was sanity-checked against
995 * skb->len by iterator init 1078 * skb->len by iterator init
996 */ 1079 */
997 skb_pull(skb, iterator.max_length); 1080 skb_pull(skb, iterator._max_length);
998 1081
999 return true; 1082 return true;
1000} 1083}
@@ -1016,7 +1099,6 @@ ieee80211_tx_prepare(struct ieee80211_sub_if_data *sdata,
1016 1099
1017 memset(tx, 0, sizeof(*tx)); 1100 memset(tx, 0, sizeof(*tx));
1018 tx->skb = skb; 1101 tx->skb = skb;
1019 tx->dev = sdata->dev; /* use original interface */
1020 tx->local = local; 1102 tx->local = local;
1021 tx->sdata = sdata; 1103 tx->sdata = sdata;
1022 tx->channel = local->hw.conf.channel; 1104 tx->channel = local->hw.conf.channel;
@@ -1027,7 +1109,7 @@ ieee80211_tx_prepare(struct ieee80211_sub_if_data *sdata,
1027 tx->flags |= IEEE80211_TX_FRAGMENTED; 1109 tx->flags |= IEEE80211_TX_FRAGMENTED;
1028 1110
1029 /* process and remove the injection radiotap header */ 1111 /* process and remove the injection radiotap header */
1030 if (unlikely(info->flags & IEEE80211_TX_CTL_INJECTED)) { 1112 if (unlikely(info->flags & IEEE80211_TX_INTFL_HAS_RADIOTAP)) {
1031 if (!__ieee80211_parse_tx_radiotap(tx, skb)) 1113 if (!__ieee80211_parse_tx_radiotap(tx, skb))
1032 return TX_DROP; 1114 return TX_DROP;
1033 1115
@@ -1036,6 +1118,7 @@ ieee80211_tx_prepare(struct ieee80211_sub_if_data *sdata,
1036 * the radiotap header that was present and pre-filled 1118 * the radiotap header that was present and pre-filled
1037 * 'tx' with tx control information. 1119 * 'tx' with tx control information.
1038 */ 1120 */
1121 info->flags &= ~IEEE80211_TX_INTFL_HAS_RADIOTAP;
1039 } 1122 }
1040 1123
1041 /* 1124 /*
@@ -1047,7 +1130,15 @@ ieee80211_tx_prepare(struct ieee80211_sub_if_data *sdata,
1047 1130
1048 hdr = (struct ieee80211_hdr *) skb->data; 1131 hdr = (struct ieee80211_hdr *) skb->data;
1049 1132
1050 tx->sta = sta_info_get(local, hdr->addr1); 1133 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
1134 tx->sta = rcu_dereference(sdata->u.vlan.sta);
1135 if (!tx->sta && sdata->dev->ieee80211_ptr->use_4addr)
1136 return TX_DROP;
1137 } else if (info->flags & IEEE80211_TX_CTL_INJECTED) {
1138 tx->sta = sta_info_get_bss(sdata, hdr->addr1);
1139 }
1140 if (!tx->sta)
1141 tx->sta = sta_info_get(sdata, hdr->addr1);
1051 1142
1052 if (tx->sta && ieee80211_is_data_qos(hdr->frame_control) && 1143 if (tx->sta && ieee80211_is_data_qos(hdr->frame_control) &&
1053 (local->hw.flags & IEEE80211_HW_AMPDU_AGGREGATION)) { 1144 (local->hw.flags & IEEE80211_HW_AMPDU_AGGREGATION)) {
@@ -1199,25 +1290,34 @@ static int __ieee80211_tx(struct ieee80211_local *local,
1199static int invoke_tx_handlers(struct ieee80211_tx_data *tx) 1290static int invoke_tx_handlers(struct ieee80211_tx_data *tx)
1200{ 1291{
1201 struct sk_buff *skb = tx->skb; 1292 struct sk_buff *skb = tx->skb;
1293 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1202 ieee80211_tx_result res = TX_DROP; 1294 ieee80211_tx_result res = TX_DROP;
1203 1295
1204#define CALL_TXH(txh) \ 1296#define CALL_TXH(txh) \
1205 res = txh(tx); \ 1297 do { \
1206 if (res != TX_CONTINUE) \ 1298 res = txh(tx); \
1299 if (res != TX_CONTINUE) \
1300 goto txh_done; \
1301 } while (0)
1302
1303 CALL_TXH(ieee80211_tx_h_dynamic_ps);
1304 CALL_TXH(ieee80211_tx_h_check_assoc);
1305 CALL_TXH(ieee80211_tx_h_ps_buf);
1306 CALL_TXH(ieee80211_tx_h_select_key);
1307 CALL_TXH(ieee80211_tx_h_sta);
1308 if (!(tx->local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL))
1309 CALL_TXH(ieee80211_tx_h_rate_ctrl);
1310
1311 if (unlikely(info->flags & IEEE80211_TX_INTFL_RETRANSMISSION))
1207 goto txh_done; 1312 goto txh_done;
1208 1313
1209 CALL_TXH(ieee80211_tx_h_check_assoc) 1314 CALL_TXH(ieee80211_tx_h_michael_mic_add);
1210 CALL_TXH(ieee80211_tx_h_ps_buf) 1315 CALL_TXH(ieee80211_tx_h_sequence);
1211 CALL_TXH(ieee80211_tx_h_select_key) 1316 CALL_TXH(ieee80211_tx_h_fragment);
1212 CALL_TXH(ieee80211_tx_h_michael_mic_add)
1213 CALL_TXH(ieee80211_tx_h_rate_ctrl)
1214 CALL_TXH(ieee80211_tx_h_misc)
1215 CALL_TXH(ieee80211_tx_h_sequence)
1216 CALL_TXH(ieee80211_tx_h_fragment)
1217 /* handlers after fragment must be aware of tx info fragmentation! */ 1317 /* handlers after fragment must be aware of tx info fragmentation! */
1218 CALL_TXH(ieee80211_tx_h_stats) 1318 CALL_TXH(ieee80211_tx_h_stats);
1219 CALL_TXH(ieee80211_tx_h_encrypt) 1319 CALL_TXH(ieee80211_tx_h_encrypt);
1220 CALL_TXH(ieee80211_tx_h_calculate_duration) 1320 CALL_TXH(ieee80211_tx_h_calculate_duration);
1221#undef CALL_TXH 1321#undef CALL_TXH
1222 1322
1223 txh_done: 1323 txh_done:
@@ -1397,29 +1497,14 @@ static void ieee80211_xmit(struct ieee80211_sub_if_data *sdata,
1397 int headroom; 1497 int headroom;
1398 bool may_encrypt; 1498 bool may_encrypt;
1399 1499
1400 dev_hold(sdata->dev); 1500 rcu_read_lock();
1401
1402 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) &&
1403 local->hw.conf.dynamic_ps_timeout > 0 &&
1404 !(local->scanning) && local->ps_sdata) {
1405 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
1406 ieee80211_stop_queues_by_reason(&local->hw,
1407 IEEE80211_QUEUE_STOP_REASON_PS);
1408 ieee80211_queue_work(&local->hw,
1409 &local->dynamic_ps_disable_work);
1410 }
1411
1412 mod_timer(&local->dynamic_ps_timer, jiffies +
1413 msecs_to_jiffies(local->hw.conf.dynamic_ps_timeout));
1414 }
1415
1416 info->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
1417 1501
1418 if (unlikely(sdata->vif.type == NL80211_IFTYPE_MONITOR)) { 1502 if (unlikely(sdata->vif.type == NL80211_IFTYPE_MONITOR)) {
1419 int hdrlen; 1503 int hdrlen;
1420 u16 len_rthdr; 1504 u16 len_rthdr;
1421 1505
1422 info->flags |= IEEE80211_TX_CTL_INJECTED; 1506 info->flags |= IEEE80211_TX_CTL_INJECTED |
1507 IEEE80211_TX_INTFL_HAS_RADIOTAP;
1423 1508
1424 len_rthdr = ieee80211_get_radiotap_len(skb->data); 1509 len_rthdr = ieee80211_get_radiotap_len(skb->data);
1425 hdr = (struct ieee80211_hdr *)(skb->data + len_rthdr); 1510 hdr = (struct ieee80211_hdr *)(skb->data + len_rthdr);
@@ -1437,22 +1522,18 @@ static void ieee80211_xmit(struct ieee80211_sub_if_data *sdata,
1437 * support we will need a different mechanism. 1522 * support we will need a different mechanism.
1438 */ 1523 */
1439 1524
1440 rcu_read_lock();
1441 list_for_each_entry_rcu(tmp_sdata, &local->interfaces, 1525 list_for_each_entry_rcu(tmp_sdata, &local->interfaces,
1442 list) { 1526 list) {
1443 if (!netif_running(tmp_sdata->dev)) 1527 if (!ieee80211_sdata_running(tmp_sdata))
1444 continue; 1528 continue;
1445 if (tmp_sdata->vif.type != NL80211_IFTYPE_AP) 1529 if (tmp_sdata->vif.type != NL80211_IFTYPE_AP)
1446 continue; 1530 continue;
1447 if (compare_ether_addr(tmp_sdata->dev->dev_addr, 1531 if (compare_ether_addr(tmp_sdata->vif.addr,
1448 hdr->addr2) == 0) { 1532 hdr->addr2) == 0) {
1449 dev_hold(tmp_sdata->dev);
1450 dev_put(sdata->dev);
1451 sdata = tmp_sdata; 1533 sdata = tmp_sdata;
1452 break; 1534 break;
1453 } 1535 }
1454 } 1536 }
1455 rcu_read_unlock();
1456 } 1537 }
1457 } 1538 }
1458 1539
@@ -1466,7 +1547,7 @@ static void ieee80211_xmit(struct ieee80211_sub_if_data *sdata,
1466 1547
1467 if (ieee80211_skb_resize(local, skb, headroom, may_encrypt)) { 1548 if (ieee80211_skb_resize(local, skb, headroom, may_encrypt)) {
1468 dev_kfree_skb(skb); 1549 dev_kfree_skb(skb);
1469 dev_put(sdata->dev); 1550 rcu_read_unlock();
1470 return; 1551 return;
1471 } 1552 }
1472 1553
@@ -1477,13 +1558,13 @@ static void ieee80211_xmit(struct ieee80211_sub_if_data *sdata,
1477 !is_multicast_ether_addr(hdr->addr1)) 1558 !is_multicast_ether_addr(hdr->addr1))
1478 if (mesh_nexthop_lookup(skb, sdata)) { 1559 if (mesh_nexthop_lookup(skb, sdata)) {
1479 /* skb queued: don't free */ 1560 /* skb queued: don't free */
1480 dev_put(sdata->dev); 1561 rcu_read_unlock();
1481 return; 1562 return;
1482 } 1563 }
1483 1564
1484 ieee80211_select_queue(local, skb); 1565 ieee80211_set_qos_hdr(local, skb);
1485 ieee80211_tx(sdata, skb, false); 1566 ieee80211_tx(sdata, skb, false);
1486 dev_put(sdata->dev); 1567 rcu_read_unlock();
1487} 1568}
1488 1569
1489netdev_tx_t ieee80211_monitor_start_xmit(struct sk_buff *skb, 1570netdev_tx_t ieee80211_monitor_start_xmit(struct sk_buff *skb,
@@ -1547,6 +1628,8 @@ netdev_tx_t ieee80211_monitor_start_xmit(struct sk_buff *skb,
1547 1628
1548 memset(info, 0, sizeof(*info)); 1629 memset(info, 0, sizeof(*info));
1549 1630
1631 info->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
1632
1550 /* pass the radiotap header up to xmit */ 1633 /* pass the radiotap header up to xmit */
1551 ieee80211_xmit(IEEE80211_DEV_TO_SUB_IF(dev), skb); 1634 ieee80211_xmit(IEEE80211_DEV_TO_SUB_IF(dev), skb);
1552 return NETDEV_TX_OK; 1635 return NETDEV_TX_OK;
@@ -1585,7 +1668,7 @@ netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
1585 const u8 *encaps_data; 1668 const u8 *encaps_data;
1586 int encaps_len, skip_header_bytes; 1669 int encaps_len, skip_header_bytes;
1587 int nh_pos, h_pos; 1670 int nh_pos, h_pos;
1588 struct sta_info *sta; 1671 struct sta_info *sta = NULL;
1589 u32 sta_flags = 0; 1672 u32 sta_flags = 0;
1590 1673
1591 if (unlikely(skb->len < ETH_HLEN)) { 1674 if (unlikely(skb->len < ETH_HLEN)) {
@@ -1602,12 +1685,28 @@ netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
1602 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA); 1685 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA);
1603 1686
1604 switch (sdata->vif.type) { 1687 switch (sdata->vif.type) {
1605 case NL80211_IFTYPE_AP:
1606 case NL80211_IFTYPE_AP_VLAN: 1688 case NL80211_IFTYPE_AP_VLAN:
1689 rcu_read_lock();
1690 sta = rcu_dereference(sdata->u.vlan.sta);
1691 if (sta) {
1692 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
1693 /* RA TA DA SA */
1694 memcpy(hdr.addr1, sta->sta.addr, ETH_ALEN);
1695 memcpy(hdr.addr2, sdata->vif.addr, ETH_ALEN);
1696 memcpy(hdr.addr3, skb->data, ETH_ALEN);
1697 memcpy(hdr.addr4, skb->data + ETH_ALEN, ETH_ALEN);
1698 hdrlen = 30;
1699 sta_flags = get_sta_flags(sta);
1700 }
1701 rcu_read_unlock();
1702 if (sta)
1703 break;
1704 /* fall through */
1705 case NL80211_IFTYPE_AP:
1607 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS); 1706 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS);
1608 /* DA BSSID SA */ 1707 /* DA BSSID SA */
1609 memcpy(hdr.addr1, skb->data, ETH_ALEN); 1708 memcpy(hdr.addr1, skb->data, ETH_ALEN);
1610 memcpy(hdr.addr2, dev->dev_addr, ETH_ALEN); 1709 memcpy(hdr.addr2, sdata->vif.addr, ETH_ALEN);
1611 memcpy(hdr.addr3, skb->data + ETH_ALEN, ETH_ALEN); 1710 memcpy(hdr.addr3, skb->data + ETH_ALEN, ETH_ALEN);
1612 hdrlen = 24; 1711 hdrlen = 24;
1613 break; 1712 break;
@@ -1615,7 +1714,7 @@ netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
1615 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS); 1714 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
1616 /* RA TA DA SA */ 1715 /* RA TA DA SA */
1617 memcpy(hdr.addr1, sdata->u.wds.remote_addr, ETH_ALEN); 1716 memcpy(hdr.addr1, sdata->u.wds.remote_addr, ETH_ALEN);
1618 memcpy(hdr.addr2, dev->dev_addr, ETH_ALEN); 1717 memcpy(hdr.addr2, sdata->vif.addr, ETH_ALEN);
1619 memcpy(hdr.addr3, skb->data, ETH_ALEN); 1718 memcpy(hdr.addr3, skb->data, ETH_ALEN);
1620 memcpy(hdr.addr4, skb->data + ETH_ALEN, ETH_ALEN); 1719 memcpy(hdr.addr4, skb->data + ETH_ALEN, ETH_ALEN);
1621 hdrlen = 30; 1720 hdrlen = 30;
@@ -1629,8 +1728,8 @@ netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
1629 goto fail; 1728 goto fail;
1630 } 1729 }
1631 1730
1632 if (compare_ether_addr(dev->dev_addr, 1731 if (compare_ether_addr(sdata->vif.addr,
1633 skb->data + ETH_ALEN) == 0) { 1732 skb->data + ETH_ALEN) == 0) {
1634 hdrlen = ieee80211_fill_mesh_addresses(&hdr, &fc, 1733 hdrlen = ieee80211_fill_mesh_addresses(&hdr, &fc,
1635 skb->data, skb->data + ETH_ALEN); 1734 skb->data, skb->data + ETH_ALEN);
1636 meshhdrlen = ieee80211_new_mesh_header(&mesh_hdr, 1735 meshhdrlen = ieee80211_new_mesh_header(&mesh_hdr,
@@ -1639,24 +1738,28 @@ netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
1639 /* packet from other interface */ 1738 /* packet from other interface */
1640 struct mesh_path *mppath; 1739 struct mesh_path *mppath;
1641 int is_mesh_mcast = 1; 1740 int is_mesh_mcast = 1;
1642 char *mesh_da; 1741 const u8 *mesh_da;
1643 1742
1644 rcu_read_lock(); 1743 rcu_read_lock();
1645 if (is_multicast_ether_addr(skb->data)) 1744 if (is_multicast_ether_addr(skb->data))
1646 /* DA TA mSA AE:SA */ 1745 /* DA TA mSA AE:SA */
1647 mesh_da = skb->data; 1746 mesh_da = skb->data;
1648 else { 1747 else {
1748 static const u8 bcast[ETH_ALEN] =
1749 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
1750
1649 mppath = mpp_path_lookup(skb->data, sdata); 1751 mppath = mpp_path_lookup(skb->data, sdata);
1650 if (mppath) { 1752 if (mppath) {
1651 /* RA TA mDA mSA AE:DA SA */ 1753 /* RA TA mDA mSA AE:DA SA */
1652 mesh_da = mppath->mpp; 1754 mesh_da = mppath->mpp;
1653 is_mesh_mcast = 0; 1755 is_mesh_mcast = 0;
1654 } else 1756 } else {
1655 /* DA TA mSA AE:SA */ 1757 /* DA TA mSA AE:SA */
1656 mesh_da = dev->broadcast; 1758 mesh_da = bcast;
1759 }
1657 } 1760 }
1658 hdrlen = ieee80211_fill_mesh_addresses(&hdr, &fc, 1761 hdrlen = ieee80211_fill_mesh_addresses(&hdr, &fc,
1659 mesh_da, dev->dev_addr); 1762 mesh_da, sdata->vif.addr);
1660 rcu_read_unlock(); 1763 rcu_read_unlock();
1661 if (is_mesh_mcast) 1764 if (is_mesh_mcast)
1662 meshhdrlen = 1765 meshhdrlen =
@@ -1677,12 +1780,21 @@ netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
1677 break; 1780 break;
1678#endif 1781#endif
1679 case NL80211_IFTYPE_STATION: 1782 case NL80211_IFTYPE_STATION:
1680 fc |= cpu_to_le16(IEEE80211_FCTL_TODS);
1681 /* BSSID SA DA */
1682 memcpy(hdr.addr1, sdata->u.mgd.bssid, ETH_ALEN); 1783 memcpy(hdr.addr1, sdata->u.mgd.bssid, ETH_ALEN);
1683 memcpy(hdr.addr2, skb->data + ETH_ALEN, ETH_ALEN); 1784 if (sdata->u.mgd.use_4addr && ethertype != ETH_P_PAE) {
1684 memcpy(hdr.addr3, skb->data, ETH_ALEN); 1785 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
1685 hdrlen = 24; 1786 /* RA TA DA SA */
1787 memcpy(hdr.addr2, sdata->vif.addr, ETH_ALEN);
1788 memcpy(hdr.addr3, skb->data, ETH_ALEN);
1789 memcpy(hdr.addr4, skb->data + ETH_ALEN, ETH_ALEN);
1790 hdrlen = 30;
1791 } else {
1792 fc |= cpu_to_le16(IEEE80211_FCTL_TODS);
1793 /* BSSID SA DA */
1794 memcpy(hdr.addr2, skb->data + ETH_ALEN, ETH_ALEN);
1795 memcpy(hdr.addr3, skb->data, ETH_ALEN);
1796 hdrlen = 24;
1797 }
1686 break; 1798 break;
1687 case NL80211_IFTYPE_ADHOC: 1799 case NL80211_IFTYPE_ADHOC:
1688 /* DA SA BSSID */ 1800 /* DA SA BSSID */
@@ -1703,9 +1815,8 @@ netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
1703 */ 1815 */
1704 if (!is_multicast_ether_addr(hdr.addr1)) { 1816 if (!is_multicast_ether_addr(hdr.addr1)) {
1705 rcu_read_lock(); 1817 rcu_read_lock();
1706 sta = sta_info_get(local, hdr.addr1); 1818 sta = sta_info_get(sdata, hdr.addr1);
1707 /* XXX: in the future, use sdata to look up the sta */ 1819 if (sta)
1708 if (sta && sta->sdata == sdata)
1709 sta_flags = get_sta_flags(sta); 1820 sta_flags = get_sta_flags(sta);
1710 rcu_read_unlock(); 1821 rcu_read_unlock();
1711 } 1822 }
@@ -1724,7 +1835,7 @@ netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
1724 unlikely(!is_multicast_ether_addr(hdr.addr1) && 1835 unlikely(!is_multicast_ether_addr(hdr.addr1) &&
1725 !(sta_flags & WLAN_STA_AUTHORIZED) && 1836 !(sta_flags & WLAN_STA_AUTHORIZED) &&
1726 !(ethertype == ETH_P_PAE && 1837 !(ethertype == ETH_P_PAE &&
1727 compare_ether_addr(dev->dev_addr, 1838 compare_ether_addr(sdata->vif.addr,
1728 skb->data + ETH_ALEN) == 0))) { 1839 skb->data + ETH_ALEN) == 0))) {
1729#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 1840#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
1730 if (net_ratelimit()) 1841 if (net_ratelimit())
@@ -1864,7 +1975,7 @@ static bool ieee80211_tx_pending_skb(struct ieee80211_local *local,
1864 ieee80211_tx(sdata, skb, true); 1975 ieee80211_tx(sdata, skb, true);
1865 } else { 1976 } else {
1866 hdr = (struct ieee80211_hdr *)skb->data; 1977 hdr = (struct ieee80211_hdr *)skb->data;
1867 sta = sta_info_get(local, hdr->addr1); 1978 sta = sta_info_get(sdata, hdr->addr1);
1868 1979
1869 ret = __ieee80211_tx(local, &skb, sta, true); 1980 ret = __ieee80211_tx(local, &skb, sta, true);
1870 if (ret != IEEE80211_TX_OK) 1981 if (ret != IEEE80211_TX_OK)
@@ -1880,6 +1991,7 @@ static bool ieee80211_tx_pending_skb(struct ieee80211_local *local,
1880void ieee80211_tx_pending(unsigned long data) 1991void ieee80211_tx_pending(unsigned long data)
1881{ 1992{
1882 struct ieee80211_local *local = (struct ieee80211_local *)data; 1993 struct ieee80211_local *local = (struct ieee80211_local *)data;
1994 struct ieee80211_sub_if_data *sdata;
1883 unsigned long flags; 1995 unsigned long flags;
1884 int i; 1996 int i;
1885 bool txok; 1997 bool txok;
@@ -1907,12 +2019,10 @@ void ieee80211_tx_pending(unsigned long data)
1907 } 2019 }
1908 2020
1909 sdata = vif_to_sdata(info->control.vif); 2021 sdata = vif_to_sdata(info->control.vif);
1910 dev_hold(sdata->dev);
1911 spin_unlock_irqrestore(&local->queue_stop_reason_lock, 2022 spin_unlock_irqrestore(&local->queue_stop_reason_lock,
1912 flags); 2023 flags);
1913 2024
1914 txok = ieee80211_tx_pending_skb(local, skb); 2025 txok = ieee80211_tx_pending_skb(local, skb);
1915 dev_put(sdata->dev);
1916 if (!txok) 2026 if (!txok)
1917 __skb_queue_head(&local->pending[i], skb); 2027 __skb_queue_head(&local->pending[i], skb);
1918 spin_lock_irqsave(&local->queue_stop_reason_lock, 2028 spin_lock_irqsave(&local->queue_stop_reason_lock,
@@ -1920,6 +2030,11 @@ void ieee80211_tx_pending(unsigned long data)
1920 if (!txok) 2030 if (!txok)
1921 break; 2031 break;
1922 } 2032 }
2033
2034 if (skb_queue_empty(&local->pending[i]))
2035 list_for_each_entry_rcu(sdata, &local->interfaces, list)
2036 netif_tx_wake_queue(
2037 netdev_get_tx_queue(sdata->dev, i));
1923 } 2038 }
1924 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); 2039 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
1925 2040
@@ -1990,8 +2105,9 @@ static void ieee80211_beacon_add_tim(struct ieee80211_if_ap *bss,
1990 } 2105 }
1991} 2106}
1992 2107
1993struct sk_buff *ieee80211_beacon_get(struct ieee80211_hw *hw, 2108struct sk_buff *ieee80211_beacon_get_tim(struct ieee80211_hw *hw,
1994 struct ieee80211_vif *vif) 2109 struct ieee80211_vif *vif,
2110 u16 *tim_offset, u16 *tim_length)
1995{ 2111{
1996 struct ieee80211_local *local = hw_to_local(hw); 2112 struct ieee80211_local *local = hw_to_local(hw);
1997 struct sk_buff *skb = NULL; 2113 struct sk_buff *skb = NULL;
@@ -2001,6 +2117,7 @@ struct sk_buff *ieee80211_beacon_get(struct ieee80211_hw *hw,
2001 struct beacon_data *beacon; 2117 struct beacon_data *beacon;
2002 struct ieee80211_supported_band *sband; 2118 struct ieee80211_supported_band *sband;
2003 enum ieee80211_band band = local->hw.conf.channel->band; 2119 enum ieee80211_band band = local->hw.conf.channel->band;
2120 struct ieee80211_tx_rate_control txrc;
2004 2121
2005 sband = local->hw.wiphy->bands[band]; 2122 sband = local->hw.wiphy->bands[band];
2006 2123
@@ -2008,6 +2125,11 @@ struct sk_buff *ieee80211_beacon_get(struct ieee80211_hw *hw,
2008 2125
2009 sdata = vif_to_sdata(vif); 2126 sdata = vif_to_sdata(vif);
2010 2127
2128 if (tim_offset)
2129 *tim_offset = 0;
2130 if (tim_length)
2131 *tim_length = 0;
2132
2011 if (sdata->vif.type == NL80211_IFTYPE_AP) { 2133 if (sdata->vif.type == NL80211_IFTYPE_AP) {
2012 ap = &sdata->u.ap; 2134 ap = &sdata->u.ap;
2013 beacon = rcu_dereference(ap->beacon); 2135 beacon = rcu_dereference(ap->beacon);
@@ -2043,6 +2165,11 @@ struct sk_buff *ieee80211_beacon_get(struct ieee80211_hw *hw,
2043 spin_unlock_irqrestore(&local->sta_lock, flags); 2165 spin_unlock_irqrestore(&local->sta_lock, flags);
2044 } 2166 }
2045 2167
2168 if (tim_offset)
2169 *tim_offset = beacon->head_len;
2170 if (tim_length)
2171 *tim_length = skb->len - beacon->head_len;
2172
2046 if (beacon->tail) 2173 if (beacon->tail)
2047 memcpy(skb_put(skb, beacon->tail_len), 2174 memcpy(skb_put(skb, beacon->tail_len),
2048 beacon->tail, beacon->tail_len); 2175 beacon->tail, beacon->tail_len);
@@ -2079,8 +2206,8 @@ struct sk_buff *ieee80211_beacon_get(struct ieee80211_hw *hw,
2079 mgmt->frame_control = 2206 mgmt->frame_control =
2080 cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_BEACON); 2207 cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_BEACON);
2081 memset(mgmt->da, 0xff, ETH_ALEN); 2208 memset(mgmt->da, 0xff, ETH_ALEN);
2082 memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN); 2209 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
2083 /* BSSID is left zeroed, wildcard value */ 2210 memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN);
2084 mgmt->u.beacon.beacon_int = 2211 mgmt->u.beacon.beacon_int =
2085 cpu_to_le16(sdata->vif.bss_conf.beacon_int); 2212 cpu_to_le16(sdata->vif.bss_conf.beacon_int);
2086 mgmt->u.beacon.capab_info = 0x0; /* 0x0 for MPs */ 2213 mgmt->u.beacon.capab_info = 0x0; /* 0x0 for MPs */
@@ -2098,28 +2225,160 @@ struct sk_buff *ieee80211_beacon_get(struct ieee80211_hw *hw,
2098 info = IEEE80211_SKB_CB(skb); 2225 info = IEEE80211_SKB_CB(skb);
2099 2226
2100 info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 2227 info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
2228 info->flags |= IEEE80211_TX_CTL_NO_ACK;
2101 info->band = band; 2229 info->band = band;
2102 /* 2230
2103 * XXX: For now, always use the lowest rate 2231 memset(&txrc, 0, sizeof(txrc));
2104 */ 2232 txrc.hw = hw;
2105 info->control.rates[0].idx = 0; 2233 txrc.sband = sband;
2106 info->control.rates[0].count = 1; 2234 txrc.bss_conf = &sdata->vif.bss_conf;
2107 info->control.rates[1].idx = -1; 2235 txrc.skb = skb;
2108 info->control.rates[2].idx = -1; 2236 txrc.reported_rate.idx = -1;
2109 info->control.rates[3].idx = -1; 2237 txrc.rate_idx_mask = sdata->rc_rateidx_mask[band];
2110 info->control.rates[4].idx = -1; 2238 if (txrc.rate_idx_mask == (1 << sband->n_bitrates) - 1)
2111 BUILD_BUG_ON(IEEE80211_TX_MAX_RATES != 5); 2239 txrc.max_rate_idx = -1;
2240 else
2241 txrc.max_rate_idx = fls(txrc.rate_idx_mask) - 1;
2242 txrc.ap = true;
2243 rate_control_get_rate(sdata, NULL, &txrc);
2112 2244
2113 info->control.vif = vif; 2245 info->control.vif = vif;
2114 2246
2115 info->flags |= IEEE80211_TX_CTL_NO_ACK;
2116 info->flags |= IEEE80211_TX_CTL_CLEAR_PS_FILT; 2247 info->flags |= IEEE80211_TX_CTL_CLEAR_PS_FILT;
2117 info->flags |= IEEE80211_TX_CTL_ASSIGN_SEQ; 2248 info->flags |= IEEE80211_TX_CTL_ASSIGN_SEQ;
2118 out: 2249 out:
2119 rcu_read_unlock(); 2250 rcu_read_unlock();
2120 return skb; 2251 return skb;
2121} 2252}
2122EXPORT_SYMBOL(ieee80211_beacon_get); 2253EXPORT_SYMBOL(ieee80211_beacon_get_tim);
2254
2255struct sk_buff *ieee80211_pspoll_get(struct ieee80211_hw *hw,
2256 struct ieee80211_vif *vif)
2257{
2258 struct ieee80211_sub_if_data *sdata;
2259 struct ieee80211_if_managed *ifmgd;
2260 struct ieee80211_pspoll *pspoll;
2261 struct ieee80211_local *local;
2262 struct sk_buff *skb;
2263
2264 if (WARN_ON(vif->type != NL80211_IFTYPE_STATION))
2265 return NULL;
2266
2267 sdata = vif_to_sdata(vif);
2268 ifmgd = &sdata->u.mgd;
2269 local = sdata->local;
2270
2271 skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*pspoll));
2272 if (!skb) {
2273 printk(KERN_DEBUG "%s: failed to allocate buffer for "
2274 "pspoll template\n", sdata->name);
2275 return NULL;
2276 }
2277 skb_reserve(skb, local->hw.extra_tx_headroom);
2278
2279 pspoll = (struct ieee80211_pspoll *) skb_put(skb, sizeof(*pspoll));
2280 memset(pspoll, 0, sizeof(*pspoll));
2281 pspoll->frame_control = cpu_to_le16(IEEE80211_FTYPE_CTL |
2282 IEEE80211_STYPE_PSPOLL);
2283 pspoll->aid = cpu_to_le16(ifmgd->aid);
2284
2285 /* aid in PS-Poll has its two MSBs each set to 1 */
2286 pspoll->aid |= cpu_to_le16(1 << 15 | 1 << 14);
2287
2288 memcpy(pspoll->bssid, ifmgd->bssid, ETH_ALEN);
2289 memcpy(pspoll->ta, vif->addr, ETH_ALEN);
2290
2291 return skb;
2292}
2293EXPORT_SYMBOL(ieee80211_pspoll_get);
2294
2295struct sk_buff *ieee80211_nullfunc_get(struct ieee80211_hw *hw,
2296 struct ieee80211_vif *vif)
2297{
2298 struct ieee80211_hdr_3addr *nullfunc;
2299 struct ieee80211_sub_if_data *sdata;
2300 struct ieee80211_if_managed *ifmgd;
2301 struct ieee80211_local *local;
2302 struct sk_buff *skb;
2303
2304 if (WARN_ON(vif->type != NL80211_IFTYPE_STATION))
2305 return NULL;
2306
2307 sdata = vif_to_sdata(vif);
2308 ifmgd = &sdata->u.mgd;
2309 local = sdata->local;
2310
2311 skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*nullfunc));
2312 if (!skb) {
2313 printk(KERN_DEBUG "%s: failed to allocate buffer for nullfunc "
2314 "template\n", sdata->name);
2315 return NULL;
2316 }
2317 skb_reserve(skb, local->hw.extra_tx_headroom);
2318
2319 nullfunc = (struct ieee80211_hdr_3addr *) skb_put(skb,
2320 sizeof(*nullfunc));
2321 memset(nullfunc, 0, sizeof(*nullfunc));
2322 nullfunc->frame_control = cpu_to_le16(IEEE80211_FTYPE_DATA |
2323 IEEE80211_STYPE_NULLFUNC |
2324 IEEE80211_FCTL_TODS);
2325 memcpy(nullfunc->addr1, ifmgd->bssid, ETH_ALEN);
2326 memcpy(nullfunc->addr2, vif->addr, ETH_ALEN);
2327 memcpy(nullfunc->addr3, ifmgd->bssid, ETH_ALEN);
2328
2329 return skb;
2330}
2331EXPORT_SYMBOL(ieee80211_nullfunc_get);
2332
2333struct sk_buff *ieee80211_probereq_get(struct ieee80211_hw *hw,
2334 struct ieee80211_vif *vif,
2335 const u8 *ssid, size_t ssid_len,
2336 const u8 *ie, size_t ie_len)
2337{
2338 struct ieee80211_sub_if_data *sdata;
2339 struct ieee80211_local *local;
2340 struct ieee80211_hdr_3addr *hdr;
2341 struct sk_buff *skb;
2342 size_t ie_ssid_len;
2343 u8 *pos;
2344
2345 sdata = vif_to_sdata(vif);
2346 local = sdata->local;
2347 ie_ssid_len = 2 + ssid_len;
2348
2349 skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*hdr) +
2350 ie_ssid_len + ie_len);
2351 if (!skb) {
2352 printk(KERN_DEBUG "%s: failed to allocate buffer for probe "
2353 "request template\n", sdata->name);
2354 return NULL;
2355 }
2356
2357 skb_reserve(skb, local->hw.extra_tx_headroom);
2358
2359 hdr = (struct ieee80211_hdr_3addr *) skb_put(skb, sizeof(*hdr));
2360 memset(hdr, 0, sizeof(*hdr));
2361 hdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
2362 IEEE80211_STYPE_PROBE_REQ);
2363 memset(hdr->addr1, 0xff, ETH_ALEN);
2364 memcpy(hdr->addr2, vif->addr, ETH_ALEN);
2365 memset(hdr->addr3, 0xff, ETH_ALEN);
2366
2367 pos = skb_put(skb, ie_ssid_len);
2368 *pos++ = WLAN_EID_SSID;
2369 *pos++ = ssid_len;
2370 if (ssid)
2371 memcpy(pos, ssid, ssid_len);
2372 pos += ssid_len;
2373
2374 if (ie) {
2375 pos = skb_put(skb, ie_len);
2376 memcpy(pos, ie, ie_len);
2377 }
2378
2379 return skb;
2380}
2381EXPORT_SYMBOL(ieee80211_probereq_get);
2123 2382
2124void ieee80211_rts_get(struct ieee80211_hw *hw, struct ieee80211_vif *vif, 2383void ieee80211_rts_get(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
2125 const void *frame, size_t frame_len, 2384 const void *frame, size_t frame_len,
@@ -2214,16 +2473,14 @@ ieee80211_get_buffered_bc(struct ieee80211_hw *hw,
2214} 2473}
2215EXPORT_SYMBOL(ieee80211_get_buffered_bc); 2474EXPORT_SYMBOL(ieee80211_get_buffered_bc);
2216 2475
2217void ieee80211_tx_skb(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb, 2476void ieee80211_tx_skb(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb)
2218 int encrypt)
2219{ 2477{
2220 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
2221 skb_set_mac_header(skb, 0); 2478 skb_set_mac_header(skb, 0);
2222 skb_set_network_header(skb, 0); 2479 skb_set_network_header(skb, 0);
2223 skb_set_transport_header(skb, 0); 2480 skb_set_transport_header(skb, 0);
2224 2481
2225 if (!encrypt) 2482 /* send all internal mgmt frames on VO */
2226 info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 2483 skb_set_queue_mapping(skb, 0);
2227 2484
2228 /* 2485 /*
2229 * The other path calling ieee80211_xmit is from the tasklet, 2486 * The other path calling ieee80211_xmit is from the tasklet,
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index e6c08da8da26..53af57047435 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -18,7 +18,6 @@
18#include <linux/skbuff.h> 18#include <linux/skbuff.h>
19#include <linux/etherdevice.h> 19#include <linux/etherdevice.h>
20#include <linux/if_arp.h> 20#include <linux/if_arp.h>
21#include <linux/wireless.h>
22#include <linux/bitmap.h> 21#include <linux/bitmap.h>
23#include <linux/crc32.h> 22#include <linux/crc32.h>
24#include <net/net_namespace.h> 23#include <net/net_namespace.h>
@@ -269,6 +268,7 @@ static void __ieee80211_wake_queue(struct ieee80211_hw *hw, int queue,
269 enum queue_stop_reason reason) 268 enum queue_stop_reason reason)
270{ 269{
271 struct ieee80211_local *local = hw_to_local(hw); 270 struct ieee80211_local *local = hw_to_local(hw);
271 struct ieee80211_sub_if_data *sdata;
272 272
273 if (WARN_ON(queue >= hw->queues)) 273 if (WARN_ON(queue >= hw->queues))
274 return; 274 return;
@@ -279,7 +279,12 @@ static void __ieee80211_wake_queue(struct ieee80211_hw *hw, int queue,
279 /* someone still has this queue stopped */ 279 /* someone still has this queue stopped */
280 return; 280 return;
281 281
282 if (!skb_queue_empty(&local->pending[queue])) 282 if (skb_queue_empty(&local->pending[queue])) {
283 rcu_read_lock();
284 list_for_each_entry_rcu(sdata, &local->interfaces, list)
285 netif_tx_wake_queue(netdev_get_tx_queue(sdata->dev, queue));
286 rcu_read_unlock();
287 } else
283 tasklet_schedule(&local->tx_pending_tasklet); 288 tasklet_schedule(&local->tx_pending_tasklet);
284} 289}
285 290
@@ -305,11 +310,17 @@ static void __ieee80211_stop_queue(struct ieee80211_hw *hw, int queue,
305 enum queue_stop_reason reason) 310 enum queue_stop_reason reason)
306{ 311{
307 struct ieee80211_local *local = hw_to_local(hw); 312 struct ieee80211_local *local = hw_to_local(hw);
313 struct ieee80211_sub_if_data *sdata;
308 314
309 if (WARN_ON(queue >= hw->queues)) 315 if (WARN_ON(queue >= hw->queues))
310 return; 316 return;
311 317
312 __set_bit(reason, &local->queue_stop_reasons[queue]); 318 __set_bit(reason, &local->queue_stop_reasons[queue]);
319
320 rcu_read_lock();
321 list_for_each_entry_rcu(sdata, &local->interfaces, list)
322 netif_tx_stop_queue(netdev_get_tx_queue(sdata->dev, queue));
323 rcu_read_unlock();
313} 324}
314 325
315void ieee80211_stop_queue_by_reason(struct ieee80211_hw *hw, int queue, 326void ieee80211_stop_queue_by_reason(struct ieee80211_hw *hw, int queue,
@@ -468,8 +479,8 @@ void ieee80211_iterate_active_interfaces(
468 case NL80211_IFTYPE_MESH_POINT: 479 case NL80211_IFTYPE_MESH_POINT:
469 break; 480 break;
470 } 481 }
471 if (netif_running(sdata->dev)) 482 if (ieee80211_sdata_running(sdata))
472 iterator(data, sdata->dev->dev_addr, 483 iterator(data, sdata->vif.addr,
473 &sdata->vif); 484 &sdata->vif);
474 } 485 }
475 486
@@ -502,8 +513,8 @@ void ieee80211_iterate_active_interfaces_atomic(
502 case NL80211_IFTYPE_MESH_POINT: 513 case NL80211_IFTYPE_MESH_POINT:
503 break; 514 break;
504 } 515 }
505 if (netif_running(sdata->dev)) 516 if (ieee80211_sdata_running(sdata))
506 iterator(data, sdata->dev->dev_addr, 517 iterator(data, sdata->vif.addr,
507 &sdata->vif); 518 &sdata->vif);
508 } 519 }
509 520
@@ -579,7 +590,7 @@ u32 ieee802_11_parse_elems_crc(u8 *start, size_t len,
579 if (elen > left) 590 if (elen > left)
580 break; 591 break;
581 592
582 if (calc_crc && id < 64 && (filter & BIT(id))) 593 if (calc_crc && id < 64 && (filter & (1ULL << id)))
583 crc = crc32_be(crc, pos - 2, elen + 2); 594 crc = crc32_be(crc, pos - 2, elen + 2);
584 595
585 switch (id) { 596 switch (id) {
@@ -666,8 +677,8 @@ u32 ieee802_11_parse_elems_crc(u8 *start, size_t len,
666 elems->mesh_id_len = elen; 677 elems->mesh_id_len = elen;
667 break; 678 break;
668 case WLAN_EID_MESH_CONFIG: 679 case WLAN_EID_MESH_CONFIG:
669 elems->mesh_config = pos; 680 if (elen >= sizeof(struct ieee80211_meshconf_ie))
670 elems->mesh_config_len = elen; 681 elems->mesh_config = (void *)pos;
671 break; 682 break;
672 case WLAN_EID_PEER_LINK: 683 case WLAN_EID_PEER_LINK:
673 elems->peer_link = pos; 684 elems->peer_link = pos;
@@ -685,6 +696,10 @@ u32 ieee802_11_parse_elems_crc(u8 *start, size_t len,
685 elems->perr = pos; 696 elems->perr = pos;
686 elems->perr_len = elen; 697 elems->perr_len = elen;
687 break; 698 break;
699 case WLAN_EID_RANN:
700 if (elen >= sizeof(struct ieee80211_rann_ie))
701 elems->rann = (void *)pos;
702 break;
688 case WLAN_EID_CHANNEL_SWITCH: 703 case WLAN_EID_CHANNEL_SWITCH:
689 elems->ch_switch_elem = pos; 704 elems->ch_switch_elem = pos;
690 elems->ch_switch_elem_len = elen; 705 elems->ch_switch_elem_len = elen;
@@ -777,6 +792,8 @@ void ieee80211_set_wmm_default(struct ieee80211_sub_if_data *sdata)
777 break; 792 break;
778 } 793 }
779 794
795 qparam.uapsd = false;
796
780 drv_conf_tx(local, queue, &qparam); 797 drv_conf_tx(local, queue, &qparam);
781 } 798 }
782} 799}
@@ -844,7 +861,7 @@ void ieee80211_send_auth(struct ieee80211_sub_if_data *sdata,
844 sizeof(*mgmt) + 6 + extra_len); 861 sizeof(*mgmt) + 6 + extra_len);
845 if (!skb) { 862 if (!skb) {
846 printk(KERN_DEBUG "%s: failed to allocate buffer for auth " 863 printk(KERN_DEBUG "%s: failed to allocate buffer for auth "
847 "frame\n", sdata->dev->name); 864 "frame\n", sdata->name);
848 return; 865 return;
849 } 866 }
850 skb_reserve(skb, local->hw.extra_tx_headroom); 867 skb_reserve(skb, local->hw.extra_tx_headroom);
@@ -854,7 +871,7 @@ void ieee80211_send_auth(struct ieee80211_sub_if_data *sdata,
854 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 871 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
855 IEEE80211_STYPE_AUTH); 872 IEEE80211_STYPE_AUTH);
856 memcpy(mgmt->da, bssid, ETH_ALEN); 873 memcpy(mgmt->da, bssid, ETH_ALEN);
857 memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN); 874 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
858 memcpy(mgmt->bssid, bssid, ETH_ALEN); 875 memcpy(mgmt->bssid, bssid, ETH_ALEN);
859 mgmt->u.auth.auth_alg = cpu_to_le16(auth_alg); 876 mgmt->u.auth.auth_alg = cpu_to_le16(auth_alg);
860 mgmt->u.auth.auth_transaction = cpu_to_le16(transaction); 877 mgmt->u.auth.auth_transaction = cpu_to_le16(transaction);
@@ -868,50 +885,96 @@ void ieee80211_send_auth(struct ieee80211_sub_if_data *sdata,
868 WARN_ON(err); 885 WARN_ON(err);
869 } 886 }
870 887
871 ieee80211_tx_skb(sdata, skb, 0); 888 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
889 ieee80211_tx_skb(sdata, skb);
872} 890}
873 891
874int ieee80211_build_preq_ies(struct ieee80211_local *local, u8 *buffer, 892int ieee80211_build_preq_ies(struct ieee80211_local *local, u8 *buffer,
875 const u8 *ie, size_t ie_len) 893 const u8 *ie, size_t ie_len,
894 enum ieee80211_band band)
876{ 895{
877 struct ieee80211_supported_band *sband; 896 struct ieee80211_supported_band *sband;
878 u8 *pos, *supp_rates_len, *esupp_rates_len = NULL; 897 u8 *pos;
879 int i; 898 size_t offset = 0, noffset;
899 int supp_rates_len, i;
880 900
881 sband = local->hw.wiphy->bands[local->hw.conf.channel->band]; 901 sband = local->hw.wiphy->bands[band];
882 902
883 pos = buffer; 903 pos = buffer;
884 904
905 supp_rates_len = min_t(int, sband->n_bitrates, 8);
906
885 *pos++ = WLAN_EID_SUPP_RATES; 907 *pos++ = WLAN_EID_SUPP_RATES;
886 supp_rates_len = pos; 908 *pos++ = supp_rates_len;
887 *pos++ = 0;
888
889 for (i = 0; i < sband->n_bitrates; i++) {
890 struct ieee80211_rate *rate = &sband->bitrates[i];
891
892 if (esupp_rates_len) {
893 *esupp_rates_len += 1;
894 } else if (*supp_rates_len == 8) {
895 *pos++ = WLAN_EID_EXT_SUPP_RATES;
896 esupp_rates_len = pos;
897 *pos++ = 1;
898 } else
899 *supp_rates_len += 1;
900 909
901 *pos++ = rate->bitrate / 5; 910 for (i = 0; i < supp_rates_len; i++) {
911 int rate = sband->bitrates[i].bitrate;
912 *pos++ = (u8) (rate / 5);
913 }
914
915 /* insert "request information" if in custom IEs */
916 if (ie && ie_len) {
917 static const u8 before_extrates[] = {
918 WLAN_EID_SSID,
919 WLAN_EID_SUPP_RATES,
920 WLAN_EID_REQUEST,
921 };
922 noffset = ieee80211_ie_split(ie, ie_len,
923 before_extrates,
924 ARRAY_SIZE(before_extrates),
925 offset);
926 memcpy(pos, ie + offset, noffset - offset);
927 pos += noffset - offset;
928 offset = noffset;
929 }
930
931 if (sband->n_bitrates > i) {
932 *pos++ = WLAN_EID_EXT_SUPP_RATES;
933 *pos++ = sband->n_bitrates - i;
934
935 for (; i < sband->n_bitrates; i++) {
936 int rate = sband->bitrates[i].bitrate;
937 *pos++ = (u8) (rate / 5);
938 }
939 }
940
941 /* insert custom IEs that go before HT */
942 if (ie && ie_len) {
943 static const u8 before_ht[] = {
944 WLAN_EID_SSID,
945 WLAN_EID_SUPP_RATES,
946 WLAN_EID_REQUEST,
947 WLAN_EID_EXT_SUPP_RATES,
948 WLAN_EID_DS_PARAMS,
949 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
950 };
951 noffset = ieee80211_ie_split(ie, ie_len,
952 before_ht, ARRAY_SIZE(before_ht),
953 offset);
954 memcpy(pos, ie + offset, noffset - offset);
955 pos += noffset - offset;
956 offset = noffset;
902 } 957 }
903 958
904 if (sband->ht_cap.ht_supported) { 959 if (sband->ht_cap.ht_supported) {
905 __le16 tmp = cpu_to_le16(sband->ht_cap.cap); 960 u16 cap = sband->ht_cap.cap;
961 __le16 tmp;
962
963 if (ieee80211_disable_40mhz_24ghz &&
964 sband->band == IEEE80211_BAND_2GHZ) {
965 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
966 cap &= ~IEEE80211_HT_CAP_SGI_40;
967 }
906 968
907 *pos++ = WLAN_EID_HT_CAPABILITY; 969 *pos++ = WLAN_EID_HT_CAPABILITY;
908 *pos++ = sizeof(struct ieee80211_ht_cap); 970 *pos++ = sizeof(struct ieee80211_ht_cap);
909 memset(pos, 0, sizeof(struct ieee80211_ht_cap)); 971 memset(pos, 0, sizeof(struct ieee80211_ht_cap));
972 tmp = cpu_to_le16(cap);
910 memcpy(pos, &tmp, sizeof(u16)); 973 memcpy(pos, &tmp, sizeof(u16));
911 pos += sizeof(u16); 974 pos += sizeof(u16);
912 /* TODO: needs a define here for << 2 */
913 *pos++ = sband->ht_cap.ampdu_factor | 975 *pos++ = sband->ht_cap.ampdu_factor |
914 (sband->ht_cap.ampdu_density << 2); 976 (sband->ht_cap.ampdu_density <<
977 IEEE80211_HT_AMPDU_PARM_DENSITY_SHIFT);
915 memcpy(pos, &sband->ht_cap.mcs, sizeof(sband->ht_cap.mcs)); 978 memcpy(pos, &sband->ht_cap.mcs, sizeof(sband->ht_cap.mcs));
916 pos += sizeof(sband->ht_cap.mcs); 979 pos += sizeof(sband->ht_cap.mcs);
917 pos += 2 + 4 + 1; /* ext info, BF cap, antsel */ 980 pos += 2 + 4 + 1; /* ext info, BF cap, antsel */
@@ -922,9 +985,11 @@ int ieee80211_build_preq_ies(struct ieee80211_local *local, u8 *buffer,
922 * that calculates local->scan_ies_len. 985 * that calculates local->scan_ies_len.
923 */ 986 */
924 987
925 if (ie) { 988 /* add any remaining custom IEs */
926 memcpy(pos, ie, ie_len); 989 if (ie && ie_len) {
927 pos += ie_len; 990 noffset = ie_len;
991 memcpy(pos, ie + offset, noffset - offset);
992 pos += noffset - offset;
928 } 993 }
929 994
930 return pos - buffer; 995 return pos - buffer;
@@ -937,38 +1002,33 @@ void ieee80211_send_probe_req(struct ieee80211_sub_if_data *sdata, u8 *dst,
937 struct ieee80211_local *local = sdata->local; 1002 struct ieee80211_local *local = sdata->local;
938 struct sk_buff *skb; 1003 struct sk_buff *skb;
939 struct ieee80211_mgmt *mgmt; 1004 struct ieee80211_mgmt *mgmt;
940 u8 *pos; 1005 size_t buf_len;
941 1006 u8 *buf;
942 skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt) + 200 + 1007
943 ie_len); 1008 /* FIXME: come up with a proper value */
944 if (!skb) { 1009 buf = kmalloc(200 + ie_len, GFP_KERNEL);
945 printk(KERN_DEBUG "%s: failed to allocate buffer for probe " 1010 if (!buf) {
946 "request\n", sdata->dev->name); 1011 printk(KERN_DEBUG "%s: failed to allocate temporary IE "
1012 "buffer\n", sdata->name);
947 return; 1013 return;
948 } 1014 }
949 skb_reserve(skb, local->hw.extra_tx_headroom);
950 1015
951 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24); 1016 buf_len = ieee80211_build_preq_ies(local, buf, ie, ie_len,
952 memset(mgmt, 0, 24); 1017 local->hw.conf.channel->band);
953 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 1018
954 IEEE80211_STYPE_PROBE_REQ); 1019 skb = ieee80211_probereq_get(&local->hw, &sdata->vif,
955 memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN); 1020 ssid, ssid_len,
1021 buf, buf_len);
1022
956 if (dst) { 1023 if (dst) {
1024 mgmt = (struct ieee80211_mgmt *) skb->data;
957 memcpy(mgmt->da, dst, ETH_ALEN); 1025 memcpy(mgmt->da, dst, ETH_ALEN);
958 memcpy(mgmt->bssid, dst, ETH_ALEN); 1026 memcpy(mgmt->bssid, dst, ETH_ALEN);
959 } else {
960 memset(mgmt->da, 0xff, ETH_ALEN);
961 memset(mgmt->bssid, 0xff, ETH_ALEN);
962 } 1027 }
963 pos = skb_put(skb, 2 + ssid_len);
964 *pos++ = WLAN_EID_SSID;
965 *pos++ = ssid_len;
966 memcpy(pos, ssid, ssid_len);
967 pos += ssid_len;
968 1028
969 skb_put(skb, ieee80211_build_preq_ies(local, pos, ie, ie_len)); 1029 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
970 1030 ieee80211_tx_skb(sdata, skb);
971 ieee80211_tx_skb(sdata, skb, 0); 1031 kfree(buf);
972} 1032}
973 1033
974u32 ieee80211_sta_get_rates(struct ieee80211_local *local, 1034u32 ieee80211_sta_get_rates(struct ieee80211_local *local,
@@ -1012,18 +1072,16 @@ void ieee80211_stop_device(struct ieee80211_local *local)
1012 ieee80211_led_radio(local, false); 1072 ieee80211_led_radio(local, false);
1013 1073
1014 cancel_work_sync(&local->reconfig_filter); 1074 cancel_work_sync(&local->reconfig_filter);
1015 drv_stop(local);
1016 1075
1017 flush_workqueue(local->workqueue); 1076 flush_workqueue(local->workqueue);
1077 drv_stop(local);
1018} 1078}
1019 1079
1020int ieee80211_reconfig(struct ieee80211_local *local) 1080int ieee80211_reconfig(struct ieee80211_local *local)
1021{ 1081{
1022 struct ieee80211_hw *hw = &local->hw; 1082 struct ieee80211_hw *hw = &local->hw;
1023 struct ieee80211_sub_if_data *sdata; 1083 struct ieee80211_sub_if_data *sdata;
1024 struct ieee80211_if_init_conf conf;
1025 struct sta_info *sta; 1084 struct sta_info *sta;
1026 unsigned long flags;
1027 int res; 1085 int res;
1028 1086
1029 if (local->suspended) 1087 if (local->suspended)
@@ -1031,7 +1089,19 @@ int ieee80211_reconfig(struct ieee80211_local *local)
1031 1089
1032 /* restart hardware */ 1090 /* restart hardware */
1033 if (local->open_count) { 1091 if (local->open_count) {
1092 /*
1093 * Upon resume hardware can sometimes be goofy due to
1094 * various platform / driver / bus issues, so restarting
1095 * the device may at times not work immediately. Propagate
1096 * the error.
1097 */
1034 res = drv_start(local); 1098 res = drv_start(local);
1099 if (res) {
1100 WARN(local->suspended, "Hardware became unavailable "
1101 "upon resume. This could be a software issue "
1102 "prior to suspend or a hardware issue.\n");
1103 return res;
1104 }
1035 1105
1036 ieee80211_led_radio(local, true); 1106 ieee80211_led_radio(local, true);
1037 } 1107 }
@@ -1040,29 +1110,24 @@ int ieee80211_reconfig(struct ieee80211_local *local)
1040 list_for_each_entry(sdata, &local->interfaces, list) { 1110 list_for_each_entry(sdata, &local->interfaces, list) {
1041 if (sdata->vif.type != NL80211_IFTYPE_AP_VLAN && 1111 if (sdata->vif.type != NL80211_IFTYPE_AP_VLAN &&
1042 sdata->vif.type != NL80211_IFTYPE_MONITOR && 1112 sdata->vif.type != NL80211_IFTYPE_MONITOR &&
1043 netif_running(sdata->dev)) { 1113 ieee80211_sdata_running(sdata))
1044 conf.vif = &sdata->vif; 1114 res = drv_add_interface(local, &sdata->vif);
1045 conf.type = sdata->vif.type;
1046 conf.mac_addr = sdata->dev->dev_addr;
1047 res = drv_add_interface(local, &conf);
1048 }
1049 } 1115 }
1050 1116
1051 /* add STAs back */ 1117 /* add STAs back */
1052 if (local->ops->sta_notify) { 1118 mutex_lock(&local->sta_mtx);
1053 spin_lock_irqsave(&local->sta_lock, flags); 1119 list_for_each_entry(sta, &local->sta_list, list) {
1054 list_for_each_entry(sta, &local->sta_list, list) { 1120 if (sta->uploaded) {
1055 sdata = sta->sdata; 1121 sdata = sta->sdata;
1056 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) 1122 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
1057 sdata = container_of(sdata->bss, 1123 sdata = container_of(sdata->bss,
1058 struct ieee80211_sub_if_data, 1124 struct ieee80211_sub_if_data,
1059 u.ap); 1125 u.ap);
1060 1126
1061 drv_sta_notify(local, &sdata->vif, STA_NOTIFY_ADD, 1127 WARN_ON(drv_sta_add(local, sdata, &sta->sta));
1062 &sta->sta);
1063 } 1128 }
1064 spin_unlock_irqrestore(&local->sta_lock, flags);
1065 } 1129 }
1130 mutex_unlock(&local->sta_mtx);
1066 1131
1067 /* Clear Suspend state so that ADDBA requests can be processed */ 1132 /* Clear Suspend state so that ADDBA requests can be processed */
1068 1133
@@ -1087,7 +1152,7 @@ int ieee80211_reconfig(struct ieee80211_local *local)
1087 /* Finally also reconfigure all the BSS information */ 1152 /* Finally also reconfigure all the BSS information */
1088 list_for_each_entry(sdata, &local->interfaces, list) { 1153 list_for_each_entry(sdata, &local->interfaces, list) {
1089 u32 changed = ~0; 1154 u32 changed = ~0;
1090 if (!netif_running(sdata->dev)) 1155 if (!ieee80211_sdata_running(sdata))
1091 continue; 1156 continue;
1092 switch (sdata->vif.type) { 1157 switch (sdata->vif.type) {
1093 case NL80211_IFTYPE_STATION: 1158 case NL80211_IFTYPE_STATION:
@@ -1113,9 +1178,17 @@ int ieee80211_reconfig(struct ieee80211_local *local)
1113 } 1178 }
1114 } 1179 }
1115 1180
1181 rcu_read_lock();
1182 if (hw->flags & IEEE80211_HW_AMPDU_AGGREGATION) {
1183 list_for_each_entry_rcu(sta, &local->sta_list, list) {
1184 ieee80211_sta_tear_down_BA_sessions(sta);
1185 }
1186 }
1187 rcu_read_unlock();
1188
1116 /* add back keys */ 1189 /* add back keys */
1117 list_for_each_entry(sdata, &local->interfaces, list) 1190 list_for_each_entry(sdata, &local->interfaces, list)
1118 if (netif_running(sdata->dev)) 1191 if (ieee80211_sdata_running(sdata))
1119 ieee80211_enable_keys(sdata); 1192 ieee80211_enable_keys(sdata);
1120 1193
1121 ieee80211_wake_queues_by_reason(hw, 1194 ieee80211_wake_queues_by_reason(hw,
@@ -1152,13 +1225,143 @@ int ieee80211_reconfig(struct ieee80211_local *local)
1152 1225
1153 add_timer(&local->sta_cleanup); 1226 add_timer(&local->sta_cleanup);
1154 1227
1155 spin_lock_irqsave(&local->sta_lock, flags); 1228 mutex_lock(&local->sta_mtx);
1156 list_for_each_entry(sta, &local->sta_list, list) 1229 list_for_each_entry(sta, &local->sta_list, list)
1157 mesh_plink_restart(sta); 1230 mesh_plink_restart(sta);
1158 spin_unlock_irqrestore(&local->sta_lock, flags); 1231 mutex_unlock(&local->sta_mtx);
1159#else 1232#else
1160 WARN_ON(1); 1233 WARN_ON(1);
1161#endif 1234#endif
1162 return 0; 1235 return 0;
1163} 1236}
1164 1237
1238static int check_mgd_smps(struct ieee80211_if_managed *ifmgd,
1239 enum ieee80211_smps_mode *smps_mode)
1240{
1241 if (ifmgd->associated) {
1242 *smps_mode = ifmgd->ap_smps;
1243
1244 if (*smps_mode == IEEE80211_SMPS_AUTOMATIC) {
1245 if (ifmgd->powersave)
1246 *smps_mode = IEEE80211_SMPS_DYNAMIC;
1247 else
1248 *smps_mode = IEEE80211_SMPS_OFF;
1249 }
1250
1251 return 1;
1252 }
1253
1254 return 0;
1255}
1256
1257/* must hold iflist_mtx */
1258void ieee80211_recalc_smps(struct ieee80211_local *local,
1259 struct ieee80211_sub_if_data *forsdata)
1260{
1261 struct ieee80211_sub_if_data *sdata;
1262 enum ieee80211_smps_mode smps_mode = IEEE80211_SMPS_OFF;
1263 int count = 0;
1264
1265 if (forsdata)
1266 WARN_ON(!mutex_is_locked(&forsdata->u.mgd.mtx));
1267
1268 WARN_ON(!mutex_is_locked(&local->iflist_mtx));
1269
1270 /*
1271 * This function could be improved to handle multiple
1272 * interfaces better, but right now it makes any
1273 * non-station interfaces force SM PS to be turned
1274 * off. If there are multiple station interfaces it
1275 * could also use the best possible mode, e.g. if
1276 * one is in static and the other in dynamic then
1277 * dynamic is ok.
1278 */
1279
1280 list_for_each_entry(sdata, &local->interfaces, list) {
1281 if (!netif_running(sdata->dev))
1282 continue;
1283 if (sdata->vif.type != NL80211_IFTYPE_STATION)
1284 goto set;
1285 if (sdata != forsdata) {
1286 /*
1287 * This nested is ok -- we are holding the iflist_mtx
1288 * so can't get here twice or so. But it's required
1289 * since normally we acquire it first and then the
1290 * iflist_mtx.
1291 */
1292 mutex_lock_nested(&sdata->u.mgd.mtx, SINGLE_DEPTH_NESTING);
1293 count += check_mgd_smps(&sdata->u.mgd, &smps_mode);
1294 mutex_unlock(&sdata->u.mgd.mtx);
1295 } else
1296 count += check_mgd_smps(&sdata->u.mgd, &smps_mode);
1297
1298 if (count > 1) {
1299 smps_mode = IEEE80211_SMPS_OFF;
1300 break;
1301 }
1302 }
1303
1304 if (smps_mode == local->smps_mode)
1305 return;
1306
1307 set:
1308 local->smps_mode = smps_mode;
1309 /* changed flag is auto-detected for this */
1310 ieee80211_hw_config(local, 0);
1311}
1312
1313static bool ieee80211_id_in_list(const u8 *ids, int n_ids, u8 id)
1314{
1315 int i;
1316
1317 for (i = 0; i < n_ids; i++)
1318 if (ids[i] == id)
1319 return true;
1320 return false;
1321}
1322
1323/**
1324 * ieee80211_ie_split - split an IE buffer according to ordering
1325 *
1326 * @ies: the IE buffer
1327 * @ielen: the length of the IE buffer
1328 * @ids: an array with element IDs that are allowed before
1329 * the split
1330 * @n_ids: the size of the element ID array
1331 * @offset: offset where to start splitting in the buffer
1332 *
1333 * This function splits an IE buffer by updating the @offset
1334 * variable to point to the location where the buffer should be
1335 * split.
1336 *
1337 * It assumes that the given IE buffer is well-formed, this
1338 * has to be guaranteed by the caller!
1339 *
1340 * It also assumes that the IEs in the buffer are ordered
1341 * correctly, if not the result of using this function will not
1342 * be ordered correctly either, i.e. it does no reordering.
1343 *
1344 * The function returns the offset where the next part of the
1345 * buffer starts, which may be @ielen if the entire (remainder)
1346 * of the buffer should be used.
1347 */
1348size_t ieee80211_ie_split(const u8 *ies, size_t ielen,
1349 const u8 *ids, int n_ids, size_t offset)
1350{
1351 size_t pos = offset;
1352
1353 while (pos < ielen && ieee80211_id_in_list(ids, n_ids, ies[pos]))
1354 pos += 2 + ies[pos + 1];
1355
1356 return pos;
1357}
1358
1359size_t ieee80211_ie_split_vendor(const u8 *ies, size_t ielen, size_t offset)
1360{
1361 size_t pos = offset;
1362
1363 while (pos < ielen && ies[pos] != WLAN_EID_VENDOR_SPECIFIC)
1364 pos += 2 + ies[pos + 1];
1365
1366 return pos;
1367}
diff --git a/net/mac80211/wep.c b/net/mac80211/wep.c
index 8a980f136941..5f3a4113bda1 100644
--- a/net/mac80211/wep.c
+++ b/net/mac80211/wep.c
@@ -17,6 +17,7 @@
17#include <linux/err.h> 17#include <linux/err.h>
18#include <linux/mm.h> 18#include <linux/mm.h>
19#include <linux/scatterlist.h> 19#include <linux/scatterlist.h>
20#include <linux/slab.h>
20#include <asm/unaligned.h> 21#include <asm/unaligned.h>
21 22
22#include <net/mac80211.h> 23#include <net/mac80211.h>
@@ -281,16 +282,18 @@ bool ieee80211_wep_is_weak_iv(struct sk_buff *skb, struct ieee80211_key *key)
281ieee80211_rx_result 282ieee80211_rx_result
282ieee80211_crypto_wep_decrypt(struct ieee80211_rx_data *rx) 283ieee80211_crypto_wep_decrypt(struct ieee80211_rx_data *rx)
283{ 284{
284 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; 285 struct sk_buff *skb = rx->skb;
286 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
287 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
285 288
286 if (!ieee80211_is_data(hdr->frame_control) && 289 if (!ieee80211_is_data(hdr->frame_control) &&
287 !ieee80211_is_auth(hdr->frame_control)) 290 !ieee80211_is_auth(hdr->frame_control))
288 return RX_CONTINUE; 291 return RX_CONTINUE;
289 292
290 if (!(rx->status->flag & RX_FLAG_DECRYPTED)) { 293 if (!(status->flag & RX_FLAG_DECRYPTED)) {
291 if (ieee80211_wep_decrypt(rx->local, rx->skb, rx->key)) 294 if (ieee80211_wep_decrypt(rx->local, rx->skb, rx->key))
292 return RX_DROP_UNUSABLE; 295 return RX_DROP_UNUSABLE;
293 } else if (!(rx->status->flag & RX_FLAG_IV_STRIPPED)) { 296 } else if (!(status->flag & RX_FLAG_IV_STRIPPED)) {
294 ieee80211_wep_remove_iv(rx->local, rx->skb, rx->key); 297 ieee80211_wep_remove_iv(rx->local, rx->skb, rx->key);
295 /* remove ICV */ 298 /* remove ICV */
296 skb_trim(rx->skb, rx->skb->len - WEP_ICV_LEN); 299 skb_trim(rx->skb, rx->skb->len - WEP_ICV_LEN);
@@ -303,20 +306,19 @@ static int wep_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
303{ 306{
304 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 307 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
305 308
306 if (!(tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)) { 309 if (!info->control.hw_key) {
307 if (ieee80211_wep_encrypt(tx->local, skb, tx->key->conf.key, 310 if (ieee80211_wep_encrypt(tx->local, skb, tx->key->conf.key,
308 tx->key->conf.keylen, 311 tx->key->conf.keylen,
309 tx->key->conf.keyidx)) 312 tx->key->conf.keyidx))
310 return -1; 313 return -1;
311 } else { 314 } else if (info->control.hw_key->flags &
312 info->control.hw_key = &tx->key->conf; 315 IEEE80211_KEY_FLAG_GENERATE_IV) {
313 if (tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV) { 316 if (!ieee80211_wep_add_iv(tx->local, skb,
314 if (!ieee80211_wep_add_iv(tx->local, skb, 317 tx->key->conf.keylen,
315 tx->key->conf.keylen, 318 tx->key->conf.keyidx))
316 tx->key->conf.keyidx)) 319 return -1;
317 return -1;
318 }
319 } 320 }
321
320 return 0; 322 return 0;
321} 323}
322 324
diff --git a/net/mac80211/wme.c b/net/mac80211/wme.c
index b19b7696f3a2..34e6d02da779 100644
--- a/net/mac80211/wme.c
+++ b/net/mac80211/wme.c
@@ -44,22 +44,69 @@ static int wme_downgrade_ac(struct sk_buff *skb)
44} 44}
45 45
46 46
47/* Indicate which queue to use. */ 47/* Indicate which queue to use. */
48static u16 classify80211(struct ieee80211_local *local, struct sk_buff *skb) 48u16 ieee80211_select_queue(struct ieee80211_sub_if_data *sdata,
49 struct sk_buff *skb)
49{ 50{
50 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 51 struct ieee80211_local *local = sdata->local;
52 struct sta_info *sta = NULL;
53 u32 sta_flags = 0;
54 const u8 *ra = NULL;
55 bool qos = false;
51 56
52 if (!ieee80211_is_data(hdr->frame_control)) { 57 if (local->hw.queues < 4 || skb->len < 6) {
53 /* management frames go on AC_VO queue, but are sent 58 skb->priority = 0; /* required for correct WPA/11i MIC */
54 * without QoS control fields */ 59 return min_t(u16, local->hw.queues - 1,
55 return 0; 60 ieee802_1d_to_ac[skb->priority]);
61 }
62
63 rcu_read_lock();
64 switch (sdata->vif.type) {
65 case NL80211_IFTYPE_AP_VLAN:
66 rcu_read_lock();
67 sta = rcu_dereference(sdata->u.vlan.sta);
68 if (sta)
69 sta_flags = get_sta_flags(sta);
70 rcu_read_unlock();
71 if (sta)
72 break;
73 case NL80211_IFTYPE_AP:
74 ra = skb->data;
75 break;
76 case NL80211_IFTYPE_WDS:
77 ra = sdata->u.wds.remote_addr;
78 break;
79#ifdef CONFIG_MAC80211_MESH
80 case NL80211_IFTYPE_MESH_POINT:
81 /*
82 * XXX: This is clearly broken ... but already was before,
83 * because ieee80211_fill_mesh_addresses() would clear A1
84 * except for multicast addresses.
85 */
86 break;
87#endif
88 case NL80211_IFTYPE_STATION:
89 ra = sdata->u.mgd.bssid;
90 break;
91 case NL80211_IFTYPE_ADHOC:
92 ra = skb->data;
93 break;
94 default:
95 break;
56 } 96 }
57 97
58 if (0 /* injected */) { 98 if (!sta && ra && !is_multicast_ether_addr(ra)) {
59 /* use AC from radiotap */ 99 sta = sta_info_get(sdata, ra);
100 if (sta)
101 sta_flags = get_sta_flags(sta);
60 } 102 }
61 103
62 if (!ieee80211_is_data_qos(hdr->frame_control)) { 104 if (sta_flags & WLAN_STA_WME)
105 qos = true;
106
107 rcu_read_unlock();
108
109 if (!qos) {
63 skb->priority = 0; /* required for correct WPA/11i MIC */ 110 skb->priority = 0; /* required for correct WPA/11i MIC */
64 return ieee802_1d_to_ac[skb->priority]; 111 return ieee802_1d_to_ac[skb->priority];
65 } 112 }
@@ -68,6 +115,12 @@ static u16 classify80211(struct ieee80211_local *local, struct sk_buff *skb)
68 * data frame has */ 115 * data frame has */
69 skb->priority = cfg80211_classify8021d(skb); 116 skb->priority = cfg80211_classify8021d(skb);
70 117
118 return ieee80211_downgrade_queue(local, skb);
119}
120
121u16 ieee80211_downgrade_queue(struct ieee80211_local *local,
122 struct sk_buff *skb)
123{
71 /* in case we are a client verify acm is not set for this ac */ 124 /* in case we are a client verify acm is not set for this ac */
72 while (unlikely(local->wmm_acm & BIT(skb->priority))) { 125 while (unlikely(local->wmm_acm & BIT(skb->priority))) {
73 if (wme_downgrade_ac(skb)) { 126 if (wme_downgrade_ac(skb)) {
@@ -85,24 +138,17 @@ static u16 classify80211(struct ieee80211_local *local, struct sk_buff *skb)
85 return ieee802_1d_to_ac[skb->priority]; 138 return ieee802_1d_to_ac[skb->priority];
86} 139}
87 140
88void ieee80211_select_queue(struct ieee80211_local *local, struct sk_buff *skb) 141void ieee80211_set_qos_hdr(struct ieee80211_local *local, struct sk_buff *skb)
89{ 142{
90 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 143 struct ieee80211_hdr *hdr = (void *)skb->data;
91 u16 queue; 144
92 u8 tid; 145 /* Fill in the QoS header if there is one. */
93
94 queue = classify80211(local, skb);
95 if (unlikely(queue >= local->hw.queues))
96 queue = local->hw.queues - 1;
97
98 /*
99 * Now we know the 1d priority, fill in the QoS header if
100 * there is one (and we haven't done this before).
101 */
102 if (ieee80211_is_data_qos(hdr->frame_control)) { 146 if (ieee80211_is_data_qos(hdr->frame_control)) {
103 u8 *p = ieee80211_get_qos_ctl(hdr); 147 u8 *p = ieee80211_get_qos_ctl(hdr);
104 u8 ack_policy = 0; 148 u8 ack_policy = 0, tid;
149
105 tid = skb->priority & IEEE80211_QOS_CTL_TAG1D_MASK; 150 tid = skb->priority & IEEE80211_QOS_CTL_TAG1D_MASK;
151
106 if (unlikely(local->wifi_wme_noack_test)) 152 if (unlikely(local->wifi_wme_noack_test))
107 ack_policy |= QOS_CONTROL_ACK_POLICY_NOACK << 153 ack_policy |= QOS_CONTROL_ACK_POLICY_NOACK <<
108 QOS_CONTROL_ACK_POLICY_SHIFT; 154 QOS_CONTROL_ACK_POLICY_SHIFT;
@@ -110,6 +156,4 @@ void ieee80211_select_queue(struct ieee80211_local *local, struct sk_buff *skb)
110 *p++ = ack_policy | tid; 156 *p++ = ack_policy | tid;
111 *p = 0; 157 *p = 0;
112 } 158 }
113
114 skb_set_queue_mapping(skb, queue);
115} 159}
diff --git a/net/mac80211/wme.h b/net/mac80211/wme.h
index d4fd87ca5118..6053b1c9feee 100644
--- a/net/mac80211/wme.h
+++ b/net/mac80211/wme.h
@@ -20,7 +20,11 @@
20 20
21extern const int ieee802_1d_to_ac[8]; 21extern const int ieee802_1d_to_ac[8];
22 22
23void ieee80211_select_queue(struct ieee80211_local *local, 23u16 ieee80211_select_queue(struct ieee80211_sub_if_data *sdata,
24 struct sk_buff *skb); 24 struct sk_buff *skb);
25void ieee80211_set_qos_hdr(struct ieee80211_local *local, struct sk_buff *skb);
26u16 ieee80211_downgrade_queue(struct ieee80211_local *local,
27 struct sk_buff *skb);
28
25 29
26#endif /* _WME_H */ 30#endif /* _WME_H */
diff --git a/net/mac80211/work.c b/net/mac80211/work.c
new file mode 100644
index 000000000000..15e1ba931b87
--- /dev/null
+++ b/net/mac80211/work.c
@@ -0,0 +1,1101 @@
1/*
2 * mac80211 work implementation
3 *
4 * Copyright 2003-2008, Jouni Malinen <j@w1.fi>
5 * Copyright 2004, Instant802 Networks, Inc.
6 * Copyright 2005, Devicescape Software, Inc.
7 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
8 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
9 * Copyright 2009, Johannes Berg <johannes@sipsolutions.net>
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License version 2 as
13 * published by the Free Software Foundation.
14 */
15
16#include <linux/delay.h>
17#include <linux/if_ether.h>
18#include <linux/skbuff.h>
19#include <linux/if_arp.h>
20#include <linux/etherdevice.h>
21#include <linux/crc32.h>
22#include <linux/slab.h>
23#include <net/mac80211.h>
24#include <asm/unaligned.h>
25
26#include "ieee80211_i.h"
27#include "rate.h"
28
29#define IEEE80211_AUTH_TIMEOUT (HZ / 5)
30#define IEEE80211_AUTH_MAX_TRIES 3
31#define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
32#define IEEE80211_ASSOC_MAX_TRIES 3
33#define IEEE80211_MAX_PROBE_TRIES 5
34
35enum work_action {
36 WORK_ACT_NONE,
37 WORK_ACT_TIMEOUT,
38 WORK_ACT_DONE,
39};
40
41
42/* utils */
43static inline void ASSERT_WORK_MTX(struct ieee80211_local *local)
44{
45 WARN_ON(!mutex_is_locked(&local->work_mtx));
46}
47
48/*
49 * We can have multiple work items (and connection probing)
50 * scheduling this timer, but we need to take care to only
51 * reschedule it when it should fire _earlier_ than it was
52 * asked for before, or if it's not pending right now. This
53 * function ensures that. Note that it then is required to
54 * run this function for all timeouts after the first one
55 * has happened -- the work that runs from this timer will
56 * do that.
57 */
58static void run_again(struct ieee80211_local *local,
59 unsigned long timeout)
60{
61 ASSERT_WORK_MTX(local);
62
63 if (!timer_pending(&local->work_timer) ||
64 time_before(timeout, local->work_timer.expires))
65 mod_timer(&local->work_timer, timeout);
66}
67
68static void work_free_rcu(struct rcu_head *head)
69{
70 struct ieee80211_work *wk =
71 container_of(head, struct ieee80211_work, rcu_head);
72
73 kfree(wk);
74}
75
76void free_work(struct ieee80211_work *wk)
77{
78 call_rcu(&wk->rcu_head, work_free_rcu);
79}
80
81static int ieee80211_compatible_rates(const u8 *supp_rates, int supp_rates_len,
82 struct ieee80211_supported_band *sband,
83 u32 *rates)
84{
85 int i, j, count;
86 *rates = 0;
87 count = 0;
88 for (i = 0; i < supp_rates_len; i++) {
89 int rate = (supp_rates[i] & 0x7F) * 5;
90
91 for (j = 0; j < sband->n_bitrates; j++)
92 if (sband->bitrates[j].bitrate == rate) {
93 *rates |= BIT(j);
94 count++;
95 break;
96 }
97 }
98
99 return count;
100}
101
102/* frame sending functions */
103
104static void ieee80211_add_ht_ie(struct sk_buff *skb, const u8 *ht_info_ie,
105 struct ieee80211_supported_band *sband,
106 struct ieee80211_channel *channel,
107 enum ieee80211_smps_mode smps)
108{
109 struct ieee80211_ht_info *ht_info;
110 u8 *pos;
111 u32 flags = channel->flags;
112 u16 cap = sband->ht_cap.cap;
113 __le16 tmp;
114
115 if (!sband->ht_cap.ht_supported)
116 return;
117
118 if (!ht_info_ie)
119 return;
120
121 if (ht_info_ie[1] < sizeof(struct ieee80211_ht_info))
122 return;
123
124 ht_info = (struct ieee80211_ht_info *)(ht_info_ie + 2);
125
126 /* determine capability flags */
127
128 if (ieee80211_disable_40mhz_24ghz &&
129 sband->band == IEEE80211_BAND_2GHZ) {
130 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
131 cap &= ~IEEE80211_HT_CAP_SGI_40;
132 }
133
134 switch (ht_info->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
135 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
136 if (flags & IEEE80211_CHAN_NO_HT40PLUS) {
137 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
138 cap &= ~IEEE80211_HT_CAP_SGI_40;
139 }
140 break;
141 case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
142 if (flags & IEEE80211_CHAN_NO_HT40MINUS) {
143 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
144 cap &= ~IEEE80211_HT_CAP_SGI_40;
145 }
146 break;
147 }
148
149 /* set SM PS mode properly */
150 cap &= ~IEEE80211_HT_CAP_SM_PS;
151 switch (smps) {
152 case IEEE80211_SMPS_AUTOMATIC:
153 case IEEE80211_SMPS_NUM_MODES:
154 WARN_ON(1);
155 case IEEE80211_SMPS_OFF:
156 cap |= WLAN_HT_CAP_SM_PS_DISABLED <<
157 IEEE80211_HT_CAP_SM_PS_SHIFT;
158 break;
159 case IEEE80211_SMPS_STATIC:
160 cap |= WLAN_HT_CAP_SM_PS_STATIC <<
161 IEEE80211_HT_CAP_SM_PS_SHIFT;
162 break;
163 case IEEE80211_SMPS_DYNAMIC:
164 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC <<
165 IEEE80211_HT_CAP_SM_PS_SHIFT;
166 break;
167 }
168
169 /* reserve and fill IE */
170
171 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2);
172 *pos++ = WLAN_EID_HT_CAPABILITY;
173 *pos++ = sizeof(struct ieee80211_ht_cap);
174 memset(pos, 0, sizeof(struct ieee80211_ht_cap));
175
176 /* capability flags */
177 tmp = cpu_to_le16(cap);
178 memcpy(pos, &tmp, sizeof(u16));
179 pos += sizeof(u16);
180
181 /* AMPDU parameters */
182 *pos++ = sband->ht_cap.ampdu_factor |
183 (sband->ht_cap.ampdu_density <<
184 IEEE80211_HT_AMPDU_PARM_DENSITY_SHIFT);
185
186 /* MCS set */
187 memcpy(pos, &sband->ht_cap.mcs, sizeof(sband->ht_cap.mcs));
188 pos += sizeof(sband->ht_cap.mcs);
189
190 /* extended capabilities */
191 pos += sizeof(__le16);
192
193 /* BF capabilities */
194 pos += sizeof(__le32);
195
196 /* antenna selection */
197 pos += sizeof(u8);
198}
199
200static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata,
201 struct ieee80211_work *wk)
202{
203 struct ieee80211_local *local = sdata->local;
204 struct sk_buff *skb;
205 struct ieee80211_mgmt *mgmt;
206 u8 *pos, qos_info;
207 const u8 *ies;
208 size_t offset = 0, noffset;
209 int i, len, count, rates_len, supp_rates_len;
210 u16 capab;
211 struct ieee80211_supported_band *sband;
212 u32 rates = 0;
213
214 sband = local->hw.wiphy->bands[wk->chan->band];
215
216 /*
217 * Get all rates supported by the device and the AP as
218 * some APs don't like getting a superset of their rates
219 * in the association request (e.g. D-Link DAP 1353 in
220 * b-only mode)...
221 */
222 rates_len = ieee80211_compatible_rates(wk->assoc.supp_rates,
223 wk->assoc.supp_rates_len,
224 sband, &rates);
225
226 skb = alloc_skb(local->hw.extra_tx_headroom +
227 sizeof(*mgmt) + /* bit too much but doesn't matter */
228 2 + wk->assoc.ssid_len + /* SSID */
229 4 + rates_len + /* (extended) rates */
230 4 + /* power capability */
231 2 + 2 * sband->n_channels + /* supported channels */
232 2 + sizeof(struct ieee80211_ht_cap) + /* HT */
233 wk->ie_len + /* extra IEs */
234 9, /* WMM */
235 GFP_KERNEL);
236 if (!skb) {
237 printk(KERN_DEBUG "%s: failed to allocate buffer for assoc "
238 "frame\n", sdata->name);
239 return;
240 }
241 skb_reserve(skb, local->hw.extra_tx_headroom);
242
243 capab = WLAN_CAPABILITY_ESS;
244
245 if (sband->band == IEEE80211_BAND_2GHZ) {
246 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE))
247 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
248 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE))
249 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
250 }
251
252 if (wk->assoc.capability & WLAN_CAPABILITY_PRIVACY)
253 capab |= WLAN_CAPABILITY_PRIVACY;
254
255 if ((wk->assoc.capability & WLAN_CAPABILITY_SPECTRUM_MGMT) &&
256 (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT))
257 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;
258
259 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
260 memset(mgmt, 0, 24);
261 memcpy(mgmt->da, wk->filter_ta, ETH_ALEN);
262 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
263 memcpy(mgmt->bssid, wk->filter_ta, ETH_ALEN);
264
265 if (!is_zero_ether_addr(wk->assoc.prev_bssid)) {
266 skb_put(skb, 10);
267 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
268 IEEE80211_STYPE_REASSOC_REQ);
269 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab);
270 mgmt->u.reassoc_req.listen_interval =
271 cpu_to_le16(local->hw.conf.listen_interval);
272 memcpy(mgmt->u.reassoc_req.current_ap, wk->assoc.prev_bssid,
273 ETH_ALEN);
274 } else {
275 skb_put(skb, 4);
276 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
277 IEEE80211_STYPE_ASSOC_REQ);
278 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab);
279 mgmt->u.assoc_req.listen_interval =
280 cpu_to_le16(local->hw.conf.listen_interval);
281 }
282
283 /* SSID */
284 ies = pos = skb_put(skb, 2 + wk->assoc.ssid_len);
285 *pos++ = WLAN_EID_SSID;
286 *pos++ = wk->assoc.ssid_len;
287 memcpy(pos, wk->assoc.ssid, wk->assoc.ssid_len);
288
289 /* add all rates which were marked to be used above */
290 supp_rates_len = rates_len;
291 if (supp_rates_len > 8)
292 supp_rates_len = 8;
293
294 len = sband->n_bitrates;
295 pos = skb_put(skb, supp_rates_len + 2);
296 *pos++ = WLAN_EID_SUPP_RATES;
297 *pos++ = supp_rates_len;
298
299 count = 0;
300 for (i = 0; i < sband->n_bitrates; i++) {
301 if (BIT(i) & rates) {
302 int rate = sband->bitrates[i].bitrate;
303 *pos++ = (u8) (rate / 5);
304 if (++count == 8)
305 break;
306 }
307 }
308
309 if (rates_len > count) {
310 pos = skb_put(skb, rates_len - count + 2);
311 *pos++ = WLAN_EID_EXT_SUPP_RATES;
312 *pos++ = rates_len - count;
313
314 for (i++; i < sband->n_bitrates; i++) {
315 if (BIT(i) & rates) {
316 int rate = sband->bitrates[i].bitrate;
317 *pos++ = (u8) (rate / 5);
318 }
319 }
320 }
321
322 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) {
323 /* 1. power capabilities */
324 pos = skb_put(skb, 4);
325 *pos++ = WLAN_EID_PWR_CAPABILITY;
326 *pos++ = 2;
327 *pos++ = 0; /* min tx power */
328 *pos++ = wk->chan->max_power; /* max tx power */
329
330 /* 2. supported channels */
331 /* TODO: get this in reg domain format */
332 pos = skb_put(skb, 2 * sband->n_channels + 2);
333 *pos++ = WLAN_EID_SUPPORTED_CHANNELS;
334 *pos++ = 2 * sband->n_channels;
335 for (i = 0; i < sband->n_channels; i++) {
336 *pos++ = ieee80211_frequency_to_channel(
337 sband->channels[i].center_freq);
338 *pos++ = 1; /* one channel in the subband*/
339 }
340 }
341
342 /* if present, add any custom IEs that go before HT */
343 if (wk->ie_len && wk->ie) {
344 static const u8 before_ht[] = {
345 WLAN_EID_SSID,
346 WLAN_EID_SUPP_RATES,
347 WLAN_EID_EXT_SUPP_RATES,
348 WLAN_EID_PWR_CAPABILITY,
349 WLAN_EID_SUPPORTED_CHANNELS,
350 WLAN_EID_RSN,
351 WLAN_EID_QOS_CAPA,
352 WLAN_EID_RRM_ENABLED_CAPABILITIES,
353 WLAN_EID_MOBILITY_DOMAIN,
354 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
355 };
356 noffset = ieee80211_ie_split(wk->ie, wk->ie_len,
357 before_ht, ARRAY_SIZE(before_ht),
358 offset);
359 pos = skb_put(skb, noffset - offset);
360 memcpy(pos, wk->ie + offset, noffset - offset);
361 offset = noffset;
362 }
363
364 if (wk->assoc.use_11n && wk->assoc.wmm_used &&
365 local->hw.queues >= 4)
366 ieee80211_add_ht_ie(skb, wk->assoc.ht_information_ie,
367 sband, wk->chan, wk->assoc.smps);
368
369 /* if present, add any custom non-vendor IEs that go after HT */
370 if (wk->ie_len && wk->ie) {
371 noffset = ieee80211_ie_split_vendor(wk->ie, wk->ie_len,
372 offset);
373 pos = skb_put(skb, noffset - offset);
374 memcpy(pos, wk->ie + offset, noffset - offset);
375 offset = noffset;
376 }
377
378 if (wk->assoc.wmm_used && local->hw.queues >= 4) {
379 if (wk->assoc.uapsd_used) {
380 qos_info = local->uapsd_queues;
381 qos_info |= (local->uapsd_max_sp_len <<
382 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT);
383 } else {
384 qos_info = 0;
385 }
386
387 pos = skb_put(skb, 9);
388 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
389 *pos++ = 7; /* len */
390 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */
391 *pos++ = 0x50;
392 *pos++ = 0xf2;
393 *pos++ = 2; /* WME */
394 *pos++ = 0; /* WME info */
395 *pos++ = 1; /* WME ver */
396 *pos++ = qos_info;
397 }
398
399 /* add any remaining custom (i.e. vendor specific here) IEs */
400 if (wk->ie_len && wk->ie) {
401 noffset = wk->ie_len;
402 pos = skb_put(skb, noffset - offset);
403 memcpy(pos, wk->ie + offset, noffset - offset);
404 }
405
406 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
407 ieee80211_tx_skb(sdata, skb);
408}
409
410static void ieee80211_remove_auth_bss(struct ieee80211_local *local,
411 struct ieee80211_work *wk)
412{
413 struct cfg80211_bss *cbss;
414 u16 capa_val = WLAN_CAPABILITY_ESS;
415
416 if (wk->probe_auth.privacy)
417 capa_val |= WLAN_CAPABILITY_PRIVACY;
418
419 cbss = cfg80211_get_bss(local->hw.wiphy, wk->chan, wk->filter_ta,
420 wk->probe_auth.ssid, wk->probe_auth.ssid_len,
421 WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_PRIVACY,
422 capa_val);
423 if (!cbss)
424 return;
425
426 cfg80211_unlink_bss(local->hw.wiphy, cbss);
427 cfg80211_put_bss(cbss);
428}
429
430static enum work_action __must_check
431ieee80211_direct_probe(struct ieee80211_work *wk)
432{
433 struct ieee80211_sub_if_data *sdata = wk->sdata;
434 struct ieee80211_local *local = sdata->local;
435
436 wk->probe_auth.tries++;
437 if (wk->probe_auth.tries > IEEE80211_AUTH_MAX_TRIES) {
438 printk(KERN_DEBUG "%s: direct probe to %pM timed out\n",
439 sdata->name, wk->filter_ta);
440
441 /*
442 * Most likely AP is not in the range so remove the
443 * bss struct for that AP.
444 */
445 ieee80211_remove_auth_bss(local, wk);
446
447 return WORK_ACT_TIMEOUT;
448 }
449
450 printk(KERN_DEBUG "%s: direct probe to %pM (try %d)\n",
451 sdata->name, wk->filter_ta, wk->probe_auth.tries);
452
453 /*
454 * Direct probe is sent to broadcast address as some APs
455 * will not answer to direct packet in unassociated state.
456 */
457 ieee80211_send_probe_req(sdata, NULL, wk->probe_auth.ssid,
458 wk->probe_auth.ssid_len, NULL, 0);
459
460 wk->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
461 run_again(local, wk->timeout);
462
463 return WORK_ACT_NONE;
464}
465
466
467static enum work_action __must_check
468ieee80211_authenticate(struct ieee80211_work *wk)
469{
470 struct ieee80211_sub_if_data *sdata = wk->sdata;
471 struct ieee80211_local *local = sdata->local;
472
473 wk->probe_auth.tries++;
474 if (wk->probe_auth.tries > IEEE80211_AUTH_MAX_TRIES) {
475 printk(KERN_DEBUG "%s: authentication with %pM"
476 " timed out\n", sdata->name, wk->filter_ta);
477
478 /*
479 * Most likely AP is not in the range so remove the
480 * bss struct for that AP.
481 */
482 ieee80211_remove_auth_bss(local, wk);
483
484 return WORK_ACT_TIMEOUT;
485 }
486
487 printk(KERN_DEBUG "%s: authenticate with %pM (try %d)\n",
488 sdata->name, wk->filter_ta, wk->probe_auth.tries);
489
490 ieee80211_send_auth(sdata, 1, wk->probe_auth.algorithm, wk->ie,
491 wk->ie_len, wk->filter_ta, NULL, 0, 0);
492 wk->probe_auth.transaction = 2;
493
494 wk->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
495 run_again(local, wk->timeout);
496
497 return WORK_ACT_NONE;
498}
499
500static enum work_action __must_check
501ieee80211_associate(struct ieee80211_work *wk)
502{
503 struct ieee80211_sub_if_data *sdata = wk->sdata;
504 struct ieee80211_local *local = sdata->local;
505
506 wk->assoc.tries++;
507 if (wk->assoc.tries > IEEE80211_ASSOC_MAX_TRIES) {
508 printk(KERN_DEBUG "%s: association with %pM"
509 " timed out\n",
510 sdata->name, wk->filter_ta);
511
512 /*
513 * Most likely AP is not in the range so remove the
514 * bss struct for that AP.
515 */
516 if (wk->assoc.bss)
517 cfg80211_unlink_bss(local->hw.wiphy, wk->assoc.bss);
518
519 return WORK_ACT_TIMEOUT;
520 }
521
522 printk(KERN_DEBUG "%s: associate with %pM (try %d)\n",
523 sdata->name, wk->filter_ta, wk->assoc.tries);
524 ieee80211_send_assoc(sdata, wk);
525
526 wk->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT;
527 run_again(local, wk->timeout);
528
529 return WORK_ACT_NONE;
530}
531
532static enum work_action __must_check
533ieee80211_remain_on_channel_timeout(struct ieee80211_work *wk)
534{
535 /*
536 * First time we run, do nothing -- the generic code will
537 * have switched to the right channel etc.
538 */
539 if (!wk->started) {
540 wk->timeout = jiffies + msecs_to_jiffies(wk->remain.duration);
541
542 cfg80211_ready_on_channel(wk->sdata->dev, (unsigned long) wk,
543 wk->chan, wk->chan_type,
544 wk->remain.duration, GFP_KERNEL);
545
546 return WORK_ACT_NONE;
547 }
548
549 return WORK_ACT_TIMEOUT;
550}
551
552static void ieee80211_auth_challenge(struct ieee80211_work *wk,
553 struct ieee80211_mgmt *mgmt,
554 size_t len)
555{
556 struct ieee80211_sub_if_data *sdata = wk->sdata;
557 u8 *pos;
558 struct ieee802_11_elems elems;
559
560 pos = mgmt->u.auth.variable;
561 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
562 if (!elems.challenge)
563 return;
564 ieee80211_send_auth(sdata, 3, wk->probe_auth.algorithm,
565 elems.challenge - 2, elems.challenge_len + 2,
566 wk->filter_ta, wk->probe_auth.key,
567 wk->probe_auth.key_len, wk->probe_auth.key_idx);
568 wk->probe_auth.transaction = 4;
569}
570
571static enum work_action __must_check
572ieee80211_rx_mgmt_auth(struct ieee80211_work *wk,
573 struct ieee80211_mgmt *mgmt, size_t len)
574{
575 u16 auth_alg, auth_transaction, status_code;
576
577 if (wk->type != IEEE80211_WORK_AUTH)
578 return WORK_ACT_NONE;
579
580 if (len < 24 + 6)
581 return WORK_ACT_NONE;
582
583 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
584 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
585 status_code = le16_to_cpu(mgmt->u.auth.status_code);
586
587 if (auth_alg != wk->probe_auth.algorithm ||
588 auth_transaction != wk->probe_auth.transaction)
589 return WORK_ACT_NONE;
590
591 if (status_code != WLAN_STATUS_SUCCESS) {
592 printk(KERN_DEBUG "%s: %pM denied authentication (status %d)\n",
593 wk->sdata->name, mgmt->sa, status_code);
594 return WORK_ACT_DONE;
595 }
596
597 switch (wk->probe_auth.algorithm) {
598 case WLAN_AUTH_OPEN:
599 case WLAN_AUTH_LEAP:
600 case WLAN_AUTH_FT:
601 break;
602 case WLAN_AUTH_SHARED_KEY:
603 if (wk->probe_auth.transaction != 4) {
604 ieee80211_auth_challenge(wk, mgmt, len);
605 /* need another frame */
606 return WORK_ACT_NONE;
607 }
608 break;
609 default:
610 WARN_ON(1);
611 return WORK_ACT_NONE;
612 }
613
614 printk(KERN_DEBUG "%s: authenticated\n", wk->sdata->name);
615 return WORK_ACT_DONE;
616}
617
618static enum work_action __must_check
619ieee80211_rx_mgmt_assoc_resp(struct ieee80211_work *wk,
620 struct ieee80211_mgmt *mgmt, size_t len,
621 bool reassoc)
622{
623 struct ieee80211_sub_if_data *sdata = wk->sdata;
624 struct ieee80211_local *local = sdata->local;
625 u16 capab_info, status_code, aid;
626 struct ieee802_11_elems elems;
627 u8 *pos;
628
629 /*
630 * AssocResp and ReassocResp have identical structure, so process both
631 * of them in this function.
632 */
633
634 if (len < 24 + 6)
635 return WORK_ACT_NONE;
636
637 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
638 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
639 aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
640
641 printk(KERN_DEBUG "%s: RX %sssocResp from %pM (capab=0x%x "
642 "status=%d aid=%d)\n",
643 sdata->name, reassoc ? "Rea" : "A", mgmt->sa,
644 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14))));
645
646 pos = mgmt->u.assoc_resp.variable;
647 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
648
649 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY &&
650 elems.timeout_int && elems.timeout_int_len == 5 &&
651 elems.timeout_int[0] == WLAN_TIMEOUT_ASSOC_COMEBACK) {
652 u32 tu, ms;
653 tu = get_unaligned_le32(elems.timeout_int + 1);
654 ms = tu * 1024 / 1000;
655 printk(KERN_DEBUG "%s: %pM rejected association temporarily; "
656 "comeback duration %u TU (%u ms)\n",
657 sdata->name, mgmt->sa, tu, ms);
658 wk->timeout = jiffies + msecs_to_jiffies(ms);
659 if (ms > IEEE80211_ASSOC_TIMEOUT)
660 run_again(local, wk->timeout);
661 return WORK_ACT_NONE;
662 }
663
664 if (status_code != WLAN_STATUS_SUCCESS)
665 printk(KERN_DEBUG "%s: %pM denied association (code=%d)\n",
666 sdata->name, mgmt->sa, status_code);
667 else
668 printk(KERN_DEBUG "%s: associated\n", sdata->name);
669
670 return WORK_ACT_DONE;
671}
672
673static enum work_action __must_check
674ieee80211_rx_mgmt_probe_resp(struct ieee80211_work *wk,
675 struct ieee80211_mgmt *mgmt, size_t len,
676 struct ieee80211_rx_status *rx_status)
677{
678 struct ieee80211_sub_if_data *sdata = wk->sdata;
679 struct ieee80211_local *local = sdata->local;
680 size_t baselen;
681
682 ASSERT_WORK_MTX(local);
683
684 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt;
685 if (baselen > len)
686 return WORK_ACT_NONE;
687
688 printk(KERN_DEBUG "%s: direct probe responded\n", sdata->name);
689 return WORK_ACT_DONE;
690}
691
692static void ieee80211_work_rx_queued_mgmt(struct ieee80211_local *local,
693 struct sk_buff *skb)
694{
695 struct ieee80211_rx_status *rx_status;
696 struct ieee80211_mgmt *mgmt;
697 struct ieee80211_work *wk;
698 enum work_action rma = WORK_ACT_NONE;
699 u16 fc;
700
701 rx_status = (struct ieee80211_rx_status *) skb->cb;
702 mgmt = (struct ieee80211_mgmt *) skb->data;
703 fc = le16_to_cpu(mgmt->frame_control);
704
705 mutex_lock(&local->work_mtx);
706
707 list_for_each_entry(wk, &local->work_list, list) {
708 const u8 *bssid = NULL;
709
710 switch (wk->type) {
711 case IEEE80211_WORK_DIRECT_PROBE:
712 case IEEE80211_WORK_AUTH:
713 case IEEE80211_WORK_ASSOC:
714 bssid = wk->filter_ta;
715 break;
716 default:
717 continue;
718 }
719
720 /*
721 * Before queuing, we already verified mgmt->sa,
722 * so this is needed just for matching.
723 */
724 if (compare_ether_addr(bssid, mgmt->bssid))
725 continue;
726
727 switch (fc & IEEE80211_FCTL_STYPE) {
728 case IEEE80211_STYPE_PROBE_RESP:
729 rma = ieee80211_rx_mgmt_probe_resp(wk, mgmt, skb->len,
730 rx_status);
731 break;
732 case IEEE80211_STYPE_AUTH:
733 rma = ieee80211_rx_mgmt_auth(wk, mgmt, skb->len);
734 break;
735 case IEEE80211_STYPE_ASSOC_RESP:
736 rma = ieee80211_rx_mgmt_assoc_resp(wk, mgmt,
737 skb->len, false);
738 break;
739 case IEEE80211_STYPE_REASSOC_RESP:
740 rma = ieee80211_rx_mgmt_assoc_resp(wk, mgmt,
741 skb->len, true);
742 break;
743 default:
744 WARN_ON(1);
745 }
746 /*
747 * We've processed this frame for that work, so it can't
748 * belong to another work struct.
749 * NB: this is also required for correctness for 'rma'!
750 */
751 break;
752 }
753
754 switch (rma) {
755 case WORK_ACT_NONE:
756 break;
757 case WORK_ACT_DONE:
758 list_del_rcu(&wk->list);
759 break;
760 default:
761 WARN(1, "unexpected: %d", rma);
762 }
763
764 mutex_unlock(&local->work_mtx);
765
766 if (rma != WORK_ACT_DONE)
767 goto out;
768
769 switch (wk->done(wk, skb)) {
770 case WORK_DONE_DESTROY:
771 free_work(wk);
772 break;
773 case WORK_DONE_REQUEUE:
774 synchronize_rcu();
775 wk->started = false; /* restart */
776 mutex_lock(&local->work_mtx);
777 list_add_tail(&wk->list, &local->work_list);
778 mutex_unlock(&local->work_mtx);
779 }
780
781 out:
782 kfree_skb(skb);
783}
784
785static void ieee80211_work_timer(unsigned long data)
786{
787 struct ieee80211_local *local = (void *) data;
788
789 if (local->quiescing)
790 return;
791
792 ieee80211_queue_work(&local->hw, &local->work_work);
793}
794
795static void ieee80211_work_work(struct work_struct *work)
796{
797 struct ieee80211_local *local =
798 container_of(work, struct ieee80211_local, work_work);
799 struct sk_buff *skb;
800 struct ieee80211_work *wk, *tmp;
801 LIST_HEAD(free_work);
802 enum work_action rma;
803 bool remain_off_channel = false;
804
805 if (local->scanning)
806 return;
807
808 /*
809 * ieee80211_queue_work() should have picked up most cases,
810 * here we'll pick the the rest.
811 */
812 if (WARN(local->suspended, "work scheduled while going to suspend\n"))
813 return;
814
815 /* first process frames to avoid timing out while a frame is pending */
816 while ((skb = skb_dequeue(&local->work_skb_queue)))
817 ieee80211_work_rx_queued_mgmt(local, skb);
818
819 ieee80211_recalc_idle(local);
820
821 mutex_lock(&local->work_mtx);
822
823 list_for_each_entry_safe(wk, tmp, &local->work_list, list) {
824 bool started = wk->started;
825
826 /* mark work as started if it's on the current off-channel */
827 if (!started && local->tmp_channel &&
828 wk->chan == local->tmp_channel &&
829 wk->chan_type == local->tmp_channel_type) {
830 started = true;
831 wk->timeout = jiffies;
832 }
833
834 if (!started && !local->tmp_channel) {
835 /*
836 * TODO: could optimize this by leaving the
837 * station vifs in awake mode if they
838 * happen to be on the same channel as
839 * the requested channel
840 */
841 ieee80211_offchannel_stop_beaconing(local);
842 ieee80211_offchannel_stop_station(local);
843
844 local->tmp_channel = wk->chan;
845 local->tmp_channel_type = wk->chan_type;
846 ieee80211_hw_config(local, 0);
847 started = true;
848 wk->timeout = jiffies;
849 }
850
851 /* don't try to work with items that aren't started */
852 if (!started)
853 continue;
854
855 if (time_is_after_jiffies(wk->timeout)) {
856 /*
857 * This work item isn't supposed to be worked on
858 * right now, but take care to adjust the timer
859 * properly.
860 */
861 run_again(local, wk->timeout);
862 continue;
863 }
864
865 switch (wk->type) {
866 default:
867 WARN_ON(1);
868 /* nothing */
869 rma = WORK_ACT_NONE;
870 break;
871 case IEEE80211_WORK_ABORT:
872 rma = WORK_ACT_TIMEOUT;
873 break;
874 case IEEE80211_WORK_DIRECT_PROBE:
875 rma = ieee80211_direct_probe(wk);
876 break;
877 case IEEE80211_WORK_AUTH:
878 rma = ieee80211_authenticate(wk);
879 break;
880 case IEEE80211_WORK_ASSOC:
881 rma = ieee80211_associate(wk);
882 break;
883 case IEEE80211_WORK_REMAIN_ON_CHANNEL:
884 rma = ieee80211_remain_on_channel_timeout(wk);
885 break;
886 }
887
888 wk->started = started;
889
890 switch (rma) {
891 case WORK_ACT_NONE:
892 /* might have changed the timeout */
893 run_again(local, wk->timeout);
894 break;
895 case WORK_ACT_TIMEOUT:
896 list_del_rcu(&wk->list);
897 synchronize_rcu();
898 list_add(&wk->list, &free_work);
899 break;
900 default:
901 WARN(1, "unexpected: %d", rma);
902 }
903 }
904
905 list_for_each_entry(wk, &local->work_list, list) {
906 if (!wk->started)
907 continue;
908 if (wk->chan != local->tmp_channel)
909 continue;
910 if (wk->chan_type != local->tmp_channel_type)
911 continue;
912 remain_off_channel = true;
913 }
914
915 if (!remain_off_channel && local->tmp_channel) {
916 local->tmp_channel = NULL;
917 ieee80211_hw_config(local, 0);
918 ieee80211_offchannel_return(local, true);
919 /* give connection some time to breathe */
920 run_again(local, jiffies + HZ/2);
921 }
922
923 if (list_empty(&local->work_list) && local->scan_req)
924 ieee80211_queue_delayed_work(&local->hw,
925 &local->scan_work,
926 round_jiffies_relative(0));
927
928 mutex_unlock(&local->work_mtx);
929
930 ieee80211_recalc_idle(local);
931
932 list_for_each_entry_safe(wk, tmp, &free_work, list) {
933 wk->done(wk, NULL);
934 list_del(&wk->list);
935 kfree(wk);
936 }
937}
938
939void ieee80211_add_work(struct ieee80211_work *wk)
940{
941 struct ieee80211_local *local;
942
943 if (WARN_ON(!wk->chan))
944 return;
945
946 if (WARN_ON(!wk->sdata))
947 return;
948
949 if (WARN_ON(!wk->done))
950 return;
951
952 if (WARN_ON(!ieee80211_sdata_running(wk->sdata)))
953 return;
954
955 wk->started = false;
956
957 local = wk->sdata->local;
958 mutex_lock(&local->work_mtx);
959 list_add_tail(&wk->list, &local->work_list);
960 mutex_unlock(&local->work_mtx);
961
962 ieee80211_queue_work(&local->hw, &local->work_work);
963}
964
965void ieee80211_work_init(struct ieee80211_local *local)
966{
967 mutex_init(&local->work_mtx);
968 INIT_LIST_HEAD(&local->work_list);
969 setup_timer(&local->work_timer, ieee80211_work_timer,
970 (unsigned long)local);
971 INIT_WORK(&local->work_work, ieee80211_work_work);
972 skb_queue_head_init(&local->work_skb_queue);
973}
974
975void ieee80211_work_purge(struct ieee80211_sub_if_data *sdata)
976{
977 struct ieee80211_local *local = sdata->local;
978 struct ieee80211_work *wk;
979
980 mutex_lock(&local->work_mtx);
981 list_for_each_entry(wk, &local->work_list, list) {
982 if (wk->sdata != sdata)
983 continue;
984 wk->type = IEEE80211_WORK_ABORT;
985 wk->started = true;
986 wk->timeout = jiffies;
987 }
988 mutex_unlock(&local->work_mtx);
989
990 /* run cleanups etc. */
991 ieee80211_work_work(&local->work_work);
992
993 mutex_lock(&local->work_mtx);
994 list_for_each_entry(wk, &local->work_list, list) {
995 if (wk->sdata != sdata)
996 continue;
997 WARN_ON(1);
998 break;
999 }
1000 mutex_unlock(&local->work_mtx);
1001}
1002
1003ieee80211_rx_result ieee80211_work_rx_mgmt(struct ieee80211_sub_if_data *sdata,
1004 struct sk_buff *skb)
1005{
1006 struct ieee80211_local *local = sdata->local;
1007 struct ieee80211_mgmt *mgmt;
1008 struct ieee80211_work *wk;
1009 u16 fc;
1010
1011 if (skb->len < 24)
1012 return RX_DROP_MONITOR;
1013
1014 mgmt = (struct ieee80211_mgmt *) skb->data;
1015 fc = le16_to_cpu(mgmt->frame_control);
1016
1017 list_for_each_entry_rcu(wk, &local->work_list, list) {
1018 if (sdata != wk->sdata)
1019 continue;
1020 if (compare_ether_addr(wk->filter_ta, mgmt->sa))
1021 continue;
1022 if (compare_ether_addr(wk->filter_ta, mgmt->bssid))
1023 continue;
1024
1025 switch (fc & IEEE80211_FCTL_STYPE) {
1026 case IEEE80211_STYPE_AUTH:
1027 case IEEE80211_STYPE_PROBE_RESP:
1028 case IEEE80211_STYPE_ASSOC_RESP:
1029 case IEEE80211_STYPE_REASSOC_RESP:
1030 skb_queue_tail(&local->work_skb_queue, skb);
1031 ieee80211_queue_work(&local->hw, &local->work_work);
1032 return RX_QUEUED;
1033 }
1034 }
1035
1036 return RX_CONTINUE;
1037}
1038
1039static enum work_done_result ieee80211_remain_done(struct ieee80211_work *wk,
1040 struct sk_buff *skb)
1041{
1042 /*
1043 * We are done serving the remain-on-channel command.
1044 */
1045 cfg80211_remain_on_channel_expired(wk->sdata->dev, (unsigned long) wk,
1046 wk->chan, wk->chan_type,
1047 GFP_KERNEL);
1048
1049 return WORK_DONE_DESTROY;
1050}
1051
1052int ieee80211_wk_remain_on_channel(struct ieee80211_sub_if_data *sdata,
1053 struct ieee80211_channel *chan,
1054 enum nl80211_channel_type channel_type,
1055 unsigned int duration, u64 *cookie)
1056{
1057 struct ieee80211_work *wk;
1058
1059 wk = kzalloc(sizeof(*wk), GFP_KERNEL);
1060 if (!wk)
1061 return -ENOMEM;
1062
1063 wk->type = IEEE80211_WORK_REMAIN_ON_CHANNEL;
1064 wk->chan = chan;
1065 wk->chan_type = channel_type;
1066 wk->sdata = sdata;
1067 wk->done = ieee80211_remain_done;
1068
1069 wk->remain.duration = duration;
1070
1071 *cookie = (unsigned long) wk;
1072
1073 ieee80211_add_work(wk);
1074
1075 return 0;
1076}
1077
1078int ieee80211_wk_cancel_remain_on_channel(struct ieee80211_sub_if_data *sdata,
1079 u64 cookie)
1080{
1081 struct ieee80211_local *local = sdata->local;
1082 struct ieee80211_work *wk, *tmp;
1083 bool found = false;
1084
1085 mutex_lock(&local->work_mtx);
1086 list_for_each_entry_safe(wk, tmp, &local->work_list, list) {
1087 if ((unsigned long) wk == cookie) {
1088 wk->timeout = jiffies;
1089 found = true;
1090 break;
1091 }
1092 }
1093 mutex_unlock(&local->work_mtx);
1094
1095 if (!found)
1096 return -ENOENT;
1097
1098 ieee80211_queue_work(&local->hw, &local->work_work);
1099
1100 return 0;
1101}
diff --git a/net/mac80211/wpa.c b/net/mac80211/wpa.c
index 70778694877b..0adbcc941ac9 100644
--- a/net/mac80211/wpa.c
+++ b/net/mac80211/wpa.c
@@ -9,10 +9,10 @@
9 9
10#include <linux/netdevice.h> 10#include <linux/netdevice.h>
11#include <linux/types.h> 11#include <linux/types.h>
12#include <linux/slab.h>
13#include <linux/skbuff.h> 12#include <linux/skbuff.h>
14#include <linux/compiler.h> 13#include <linux/compiler.h>
15#include <linux/ieee80211.h> 14#include <linux/ieee80211.h>
15#include <linux/gfp.h>
16#include <asm/unaligned.h> 16#include <asm/unaligned.h>
17#include <net/mac80211.h> 17#include <net/mac80211.h>
18 18
@@ -31,8 +31,8 @@ ieee80211_tx_h_michael_mic_add(struct ieee80211_tx_data *tx)
31 unsigned int hdrlen; 31 unsigned int hdrlen;
32 struct ieee80211_hdr *hdr; 32 struct ieee80211_hdr *hdr;
33 struct sk_buff *skb = tx->skb; 33 struct sk_buff *skb = tx->skb;
34 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
34 int authenticator; 35 int authenticator;
35 int wpa_test = 0;
36 int tail; 36 int tail;
37 37
38 hdr = (struct ieee80211_hdr *)skb->data; 38 hdr = (struct ieee80211_hdr *)skb->data;
@@ -47,16 +47,15 @@ ieee80211_tx_h_michael_mic_add(struct ieee80211_tx_data *tx)
47 data = skb->data + hdrlen; 47 data = skb->data + hdrlen;
48 data_len = skb->len - hdrlen; 48 data_len = skb->len - hdrlen;
49 49
50 if ((tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) && 50 if (info->control.hw_key &&
51 !(tx->flags & IEEE80211_TX_FRAGMENTED) && 51 !(tx->flags & IEEE80211_TX_FRAGMENTED) &&
52 !(tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC) && 52 !(tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC)) {
53 !wpa_test) { 53 /* hwaccel - with no need for SW-generated MMIC */
54 /* hwaccel - with no need for preallocated room for MMIC */
55 return TX_CONTINUE; 54 return TX_CONTINUE;
56 } 55 }
57 56
58 tail = MICHAEL_MIC_LEN; 57 tail = MICHAEL_MIC_LEN;
59 if (!(tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)) 58 if (!info->control.hw_key)
60 tail += TKIP_ICV_LEN; 59 tail += TKIP_ICV_LEN;
61 60
62 if (WARN_ON(skb_tailroom(skb) < tail || 61 if (WARN_ON(skb_tailroom(skb) < tail ||
@@ -85,16 +84,16 @@ ieee80211_rx_h_michael_mic_verify(struct ieee80211_rx_data *rx)
85 u8 *data, *key = NULL, key_offset; 84 u8 *data, *key = NULL, key_offset;
86 size_t data_len; 85 size_t data_len;
87 unsigned int hdrlen; 86 unsigned int hdrlen;
88 struct ieee80211_hdr *hdr;
89 u8 mic[MICHAEL_MIC_LEN]; 87 u8 mic[MICHAEL_MIC_LEN];
90 struct sk_buff *skb = rx->skb; 88 struct sk_buff *skb = rx->skb;
89 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
90 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
91 int authenticator = 1, wpa_test = 0; 91 int authenticator = 1, wpa_test = 0;
92 92
93 /* No way to verify the MIC if the hardware stripped it */ 93 /* No way to verify the MIC if the hardware stripped it */
94 if (rx->status->flag & RX_FLAG_MMIC_STRIPPED) 94 if (status->flag & RX_FLAG_MMIC_STRIPPED)
95 return RX_CONTINUE; 95 return RX_CONTINUE;
96 96
97 hdr = (struct ieee80211_hdr *)skb->data;
98 if (!rx->key || rx->key->conf.alg != ALG_TKIP || 97 if (!rx->key || rx->key->conf.alg != ALG_TKIP ||
99 !ieee80211_has_protected(hdr->frame_control) || 98 !ieee80211_has_protected(hdr->frame_control) ||
100 !ieee80211_is_data_present(hdr->frame_control)) 99 !ieee80211_is_data_present(hdr->frame_control))
@@ -147,17 +146,16 @@ static int tkip_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
147 int len, tail; 146 int len, tail;
148 u8 *pos; 147 u8 *pos;
149 148
150 if ((tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) && 149 if (info->control.hw_key &&
151 !(tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV)) { 150 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV)) {
152 /* hwaccel - with no need for preallocated room for IV/ICV */ 151 /* hwaccel - with no need for software-generated IV */
153 info->control.hw_key = &tx->key->conf;
154 return 0; 152 return 0;
155 } 153 }
156 154
157 hdrlen = ieee80211_hdrlen(hdr->frame_control); 155 hdrlen = ieee80211_hdrlen(hdr->frame_control);
158 len = skb->len - hdrlen; 156 len = skb->len - hdrlen;
159 157
160 if (tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) 158 if (info->control.hw_key)
161 tail = 0; 159 tail = 0;
162 else 160 else
163 tail = TKIP_ICV_LEN; 161 tail = TKIP_ICV_LEN;
@@ -175,13 +173,11 @@ static int tkip_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
175 if (key->u.tkip.tx.iv16 == 0) 173 if (key->u.tkip.tx.iv16 == 0)
176 key->u.tkip.tx.iv32++; 174 key->u.tkip.tx.iv32++;
177 175
178 if (tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) { 176 pos = ieee80211_tkip_add_iv(pos, key, key->u.tkip.tx.iv16);
179 /* hwaccel - with preallocated room for IV */
180 ieee80211_tkip_add_iv(pos, key, key->u.tkip.tx.iv16);
181 177
182 info->control.hw_key = &tx->key->conf; 178 /* hwaccel - with software IV */
179 if (info->control.hw_key)
183 return 0; 180 return 0;
184 }
185 181
186 /* Add room for ICV */ 182 /* Add room for ICV */
187 skb_put(skb, TKIP_ICV_LEN); 183 skb_put(skb, TKIP_ICV_LEN);
@@ -216,6 +212,7 @@ ieee80211_crypto_tkip_decrypt(struct ieee80211_rx_data *rx)
216 int hdrlen, res, hwaccel = 0, wpa_test = 0; 212 int hdrlen, res, hwaccel = 0, wpa_test = 0;
217 struct ieee80211_key *key = rx->key; 213 struct ieee80211_key *key = rx->key;
218 struct sk_buff *skb = rx->skb; 214 struct sk_buff *skb = rx->skb;
215 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
219 216
220 hdrlen = ieee80211_hdrlen(hdr->frame_control); 217 hdrlen = ieee80211_hdrlen(hdr->frame_control);
221 218
@@ -225,8 +222,8 @@ ieee80211_crypto_tkip_decrypt(struct ieee80211_rx_data *rx)
225 if (!rx->sta || skb->len - hdrlen < 12) 222 if (!rx->sta || skb->len - hdrlen < 12)
226 return RX_DROP_UNUSABLE; 223 return RX_DROP_UNUSABLE;
227 224
228 if (rx->status->flag & RX_FLAG_DECRYPTED) { 225 if (status->flag & RX_FLAG_DECRYPTED) {
229 if (rx->status->flag & RX_FLAG_IV_STRIPPED) { 226 if (status->flag & RX_FLAG_IV_STRIPPED) {
230 /* 227 /*
231 * Hardware took care of all processing, including 228 * Hardware took care of all processing, including
232 * replay protection, and stripped the ICV/IV so 229 * replay protection, and stripped the ICV/IV so
@@ -362,24 +359,20 @@ static int ccmp_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
362 int hdrlen, len, tail; 359 int hdrlen, len, tail;
363 u8 *pos, *pn; 360 u8 *pos, *pn;
364 int i; 361 int i;
365 bool skip_hw;
366
367 skip_hw = (tx->key->conf.flags & IEEE80211_KEY_FLAG_SW_MGMT) &&
368 ieee80211_is_mgmt(hdr->frame_control);
369 362
370 if ((tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) && 363 if (info->control.hw_key &&
371 !(tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV) && 364 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV)) {
372 !skip_hw) { 365 /*
373 /* hwaccel - with no need for preallocated room for CCMP 366 * hwaccel has no need for preallocated room for CCMP
374 * header or MIC fields */ 367 * header or MIC fields
375 info->control.hw_key = &tx->key->conf; 368 */
376 return 0; 369 return 0;
377 } 370 }
378 371
379 hdrlen = ieee80211_hdrlen(hdr->frame_control); 372 hdrlen = ieee80211_hdrlen(hdr->frame_control);
380 len = skb->len - hdrlen; 373 len = skb->len - hdrlen;
381 374
382 if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) 375 if (info->control.hw_key)
383 tail = 0; 376 tail = 0;
384 else 377 else
385 tail = CCMP_MIC_LEN; 378 tail = CCMP_MIC_LEN;
@@ -404,11 +397,9 @@ static int ccmp_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
404 397
405 ccmp_pn2hdr(pos, pn, key->conf.keyidx); 398 ccmp_pn2hdr(pos, pn, key->conf.keyidx);
406 399
407 if ((key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) && !skip_hw) { 400 /* hwaccel - with software CCMP header */
408 /* hwaccel - with preallocated room for CCMP header */ 401 if (info->control.hw_key)
409 info->control.hw_key = &tx->key->conf;
410 return 0; 402 return 0;
411 }
412 403
413 pos += CCMP_HDR_LEN; 404 pos += CCMP_HDR_LEN;
414 ccmp_special_blocks(skb, pn, key->u.ccmp.tx_crypto_buf, 0); 405 ccmp_special_blocks(skb, pn, key->u.ccmp.tx_crypto_buf, 0);
@@ -442,6 +433,7 @@ ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx)
442 int hdrlen; 433 int hdrlen;
443 struct ieee80211_key *key = rx->key; 434 struct ieee80211_key *key = rx->key;
444 struct sk_buff *skb = rx->skb; 435 struct sk_buff *skb = rx->skb;
436 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
445 u8 pn[CCMP_PN_LEN]; 437 u8 pn[CCMP_PN_LEN];
446 int data_len; 438 int data_len;
447 439
@@ -455,8 +447,8 @@ ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx)
455 if (!rx->sta || data_len < 0) 447 if (!rx->sta || data_len < 0)
456 return RX_DROP_UNUSABLE; 448 return RX_DROP_UNUSABLE;
457 449
458 if ((rx->status->flag & RX_FLAG_DECRYPTED) && 450 if ((status->flag & RX_FLAG_DECRYPTED) &&
459 (rx->status->flag & RX_FLAG_IV_STRIPPED)) 451 (status->flag & RX_FLAG_IV_STRIPPED))
460 return RX_CONTINUE; 452 return RX_CONTINUE;
461 453
462 ccmp_hdr2pn(pn, skb->data + hdrlen); 454 ccmp_hdr2pn(pn, skb->data + hdrlen);
@@ -466,7 +458,7 @@ ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx)
466 return RX_DROP_UNUSABLE; 458 return RX_DROP_UNUSABLE;
467 } 459 }
468 460
469 if (!(rx->status->flag & RX_FLAG_DECRYPTED)) { 461 if (!(status->flag & RX_FLAG_DECRYPTED)) {
470 /* hardware didn't decrypt/verify MIC */ 462 /* hardware didn't decrypt/verify MIC */
471 ccmp_special_blocks(skb, pn, key->u.ccmp.rx_crypto_buf, 1); 463 ccmp_special_blocks(skb, pn, key->u.ccmp.rx_crypto_buf, 1);
472 464
@@ -523,11 +515,8 @@ ieee80211_crypto_aes_cmac_encrypt(struct ieee80211_tx_data *tx)
523 u8 *pn, aad[20]; 515 u8 *pn, aad[20];
524 int i; 516 int i;
525 517
526 if (tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) { 518 if (info->control.hw_key)
527 /* hwaccel */
528 info->control.hw_key = &tx->key->conf;
529 return 0; 519 return 0;
530 }
531 520
532 if (WARN_ON(skb_tailroom(skb) < sizeof(*mmie))) 521 if (WARN_ON(skb_tailroom(skb) < sizeof(*mmie)))
533 return TX_DROP; 522 return TX_DROP;
@@ -563,6 +552,7 @@ ieee80211_rx_result
563ieee80211_crypto_aes_cmac_decrypt(struct ieee80211_rx_data *rx) 552ieee80211_crypto_aes_cmac_decrypt(struct ieee80211_rx_data *rx)
564{ 553{
565 struct sk_buff *skb = rx->skb; 554 struct sk_buff *skb = rx->skb;
555 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
566 struct ieee80211_key *key = rx->key; 556 struct ieee80211_key *key = rx->key;
567 struct ieee80211_mmie *mmie; 557 struct ieee80211_mmie *mmie;
568 u8 aad[20], mic[8], ipn[6]; 558 u8 aad[20], mic[8], ipn[6];
@@ -571,8 +561,8 @@ ieee80211_crypto_aes_cmac_decrypt(struct ieee80211_rx_data *rx)
571 if (!ieee80211_is_mgmt(hdr->frame_control)) 561 if (!ieee80211_is_mgmt(hdr->frame_control))
572 return RX_CONTINUE; 562 return RX_CONTINUE;
573 563
574 if ((rx->status->flag & RX_FLAG_DECRYPTED) && 564 if ((status->flag & RX_FLAG_DECRYPTED) &&
575 (rx->status->flag & RX_FLAG_IV_STRIPPED)) 565 (status->flag & RX_FLAG_IV_STRIPPED))
576 return RX_CONTINUE; 566 return RX_CONTINUE;
577 567
578 if (skb->len < 24 + sizeof(*mmie)) 568 if (skb->len < 24 + sizeof(*mmie))
@@ -591,7 +581,7 @@ ieee80211_crypto_aes_cmac_decrypt(struct ieee80211_rx_data *rx)
591 return RX_DROP_UNUSABLE; 581 return RX_DROP_UNUSABLE;
592 } 582 }
593 583
594 if (!(rx->status->flag & RX_FLAG_DECRYPTED)) { 584 if (!(status->flag & RX_FLAG_DECRYPTED)) {
595 /* hardware didn't decrypt/verify MIC */ 585 /* hardware didn't decrypt/verify MIC */
596 bip_aad(skb, aad); 586 bip_aad(skb, aad);
597 ieee80211_aes_cmac(key->u.aes_cmac.tfm, 587 ieee80211_aes_cmac(key->u.aes_cmac.tfm,
generated by cgit v1.2.2 (git 2.25.0) at 2026-01-06 18:47:50 -0500