aboutsummaryrefslogtreecommitdiffstats
path: root/net/mac80211
diff options
context:
space:
mode:
Diffstat (limited to 'net/mac80211')
-rw-r--r--net/mac80211/Kconfig13
-rw-r--r--net/mac80211/Makefile2
-rw-r--r--net/mac80211/agg-rx.c14
-rw-r--r--net/mac80211/agg-tx.c103
-rw-r--r--net/mac80211/cfg.c55
-rw-r--r--net/mac80211/debugfs.c75
-rw-r--r--net/mac80211/debugfs.h2
-rw-r--r--net/mac80211/debugfs_key.c44
-rw-r--r--net/mac80211/debugfs_netdev.c176
-rw-r--r--net/mac80211/debugfs_sta.c67
-rw-r--r--net/mac80211/driver-ops.h5
-rw-r--r--net/mac80211/driver-trace.h35
-rw-r--r--net/mac80211/ht.c2
-rw-r--r--net/mac80211/ibss.c7
-rw-r--r--net/mac80211/ieee80211_i.h180
-rw-r--r--net/mac80211/iface.c44
-rw-r--r--net/mac80211/key.h12
-rw-r--r--net/mac80211/main.c350
-rw-r--r--net/mac80211/mesh.c153
-rw-r--r--net/mac80211/mesh.h30
-rw-r--r--net/mac80211/mesh_hwmp.c413
-rw-r--r--net/mac80211/mesh_pathtbl.c21
-rw-r--r--net/mac80211/mesh_plink.c58
-rw-r--r--net/mac80211/mlme.c53
-rw-r--r--net/mac80211/rate.c19
-rw-r--r--net/mac80211/rate.h9
-rw-r--r--net/mac80211/rx.c991
-rw-r--r--net/mac80211/scan.c129
-rw-r--r--net/mac80211/spectmgmt.c2
-rw-r--r--net/mac80211/sta_info.c175
-rw-r--r--net/mac80211/sta_info.h51
-rw-r--r--net/mac80211/status.c341
-rw-r--r--net/mac80211/tkip.c4
-rw-r--r--net/mac80211/tx.c190
-rw-r--r--net/mac80211/util.c22
-rw-r--r--net/mac80211/wep.c8
-rw-r--r--net/mac80211/wpa.c25
37 files changed, 2067 insertions, 1813 deletions
diff --git a/net/mac80211/Kconfig b/net/mac80211/Kconfig
index 4d5543af3123..a10d508b07e1 100644
--- a/net/mac80211/Kconfig
+++ b/net/mac80211/Kconfig
@@ -194,6 +194,19 @@ config MAC80211_VERBOSE_MPL_DEBUG
194 194
195 Do not select this option. 195 Do not select this option.
196 196
197config MAC80211_VERBOSE_MHWMP_DEBUG
198 bool "Verbose mesh HWMP routing debugging"
199 depends on MAC80211_DEBUG_MENU
200 depends on MAC80211_MESH
201 ---help---
202 Selecting this option causes mac80211 to print out very
203 verbose mesh routing (HWMP) debugging messages (when mac80211
204 is taking part in a mesh network).
205 It should not be selected on production systems as those
206 messages are remotely triggerable.
207
208 Do not select this option.
209
197config MAC80211_DEBUG_COUNTERS 210config MAC80211_DEBUG_COUNTERS
198 bool "Extra statistics for TX/RX debugging" 211 bool "Extra statistics for TX/RX debugging"
199 depends on MAC80211_DEBUG_MENU 212 depends on MAC80211_DEBUG_MENU
diff --git a/net/mac80211/Makefile b/net/mac80211/Makefile
index 9f3cf7129324..298cfcc1bf8d 100644
--- a/net/mac80211/Makefile
+++ b/net/mac80211/Makefile
@@ -2,7 +2,7 @@ obj-$(CONFIG_MAC80211) += mac80211.o
2 2
3# mac80211 objects 3# mac80211 objects
4mac80211-y := \ 4mac80211-y := \
5 main.o \ 5 main.o status.o \
6 sta_info.o \ 6 sta_info.o \
7 wep.o \ 7 wep.o \
8 wpa.o \ 8 wpa.o \
diff --git a/net/mac80211/agg-rx.c b/net/mac80211/agg-rx.c
index ce8e0e772bab..51c7dc3c4c3b 100644
--- a/net/mac80211/agg-rx.c
+++ b/net/mac80211/agg-rx.c
@@ -41,7 +41,8 @@ void __ieee80211_stop_rx_ba_session(struct sta_info *sta, u16 tid,
41 sta->sta.addr, tid); 41 sta->sta.addr, tid);
42#endif /* CONFIG_MAC80211_HT_DEBUG */ 42#endif /* CONFIG_MAC80211_HT_DEBUG */
43 43
44 if (drv_ampdu_action(local, IEEE80211_AMPDU_RX_STOP, 44 if (drv_ampdu_action(local, &sta->sdata->vif,
45 IEEE80211_AMPDU_RX_STOP,
45 &sta->sta, tid, NULL)) 46 &sta->sta, tid, NULL))
46 printk(KERN_DEBUG "HW problem - can not stop rx " 47 printk(KERN_DEBUG "HW problem - can not stop rx "
47 "aggregation for tid %d\n", tid); 48 "aggregation for tid %d\n", tid);
@@ -166,7 +167,7 @@ static void ieee80211_send_addba_resp(struct ieee80211_sub_if_data *sdata, u8 *d
166 mgmt->u.action.u.addba_resp.timeout = cpu_to_le16(timeout); 167 mgmt->u.action.u.addba_resp.timeout = cpu_to_le16(timeout);
167 mgmt->u.action.u.addba_resp.status = cpu_to_le16(status); 168 mgmt->u.action.u.addba_resp.status = cpu_to_le16(status);
168 169
169 ieee80211_tx_skb(sdata, skb, 1); 170 ieee80211_tx_skb(sdata, skb);
170} 171}
171 172
172void ieee80211_process_addba_request(struct ieee80211_local *local, 173void ieee80211_process_addba_request(struct ieee80211_local *local,
@@ -206,9 +207,9 @@ void ieee80211_process_addba_request(struct ieee80211_local *local,
206 * check if configuration can support the BA policy 207 * check if configuration can support the BA policy
207 * and if buffer size does not exceeds max value */ 208 * and if buffer size does not exceeds max value */
208 /* XXX: check own ht delayed BA capability?? */ 209 /* XXX: check own ht delayed BA capability?? */
209 if (((ba_policy != 1) 210 if (((ba_policy != 1) &&
210 && (!(sta->sta.ht_cap.cap & IEEE80211_HT_CAP_DELAY_BA))) 211 (!(sta->sta.ht_cap.cap & IEEE80211_HT_CAP_DELAY_BA))) ||
211 || (buf_size > IEEE80211_MAX_AMPDU_BUF)) { 212 (buf_size > IEEE80211_MAX_AMPDU_BUF)) {
212 status = WLAN_STATUS_INVALID_QOS_PARAM; 213 status = WLAN_STATUS_INVALID_QOS_PARAM;
213#ifdef CONFIG_MAC80211_HT_DEBUG 214#ifdef CONFIG_MAC80211_HT_DEBUG
214 if (net_ratelimit()) 215 if (net_ratelimit())
@@ -280,7 +281,8 @@ void ieee80211_process_addba_request(struct ieee80211_local *local,
280 goto end; 281 goto end;
281 } 282 }
282 283
283 ret = drv_ampdu_action(local, IEEE80211_AMPDU_RX_START, 284 ret = drv_ampdu_action(local, &sta->sdata->vif,
285 IEEE80211_AMPDU_RX_START,
284 &sta->sta, tid, &start_seq_num); 286 &sta->sta, tid, &start_seq_num);
285#ifdef CONFIG_MAC80211_HT_DEBUG 287#ifdef CONFIG_MAC80211_HT_DEBUG
286 printk(KERN_DEBUG "Rx A-MPDU request on tid %d result %d\n", tid, ret); 288 printk(KERN_DEBUG "Rx A-MPDU request on tid %d result %d\n", tid, ret);
diff --git a/net/mac80211/agg-tx.c b/net/mac80211/agg-tx.c
index 89e238b001de..5e3a7eccef5a 100644
--- a/net/mac80211/agg-tx.c
+++ b/net/mac80211/agg-tx.c
@@ -91,7 +91,7 @@ static void ieee80211_send_addba_request(struct ieee80211_sub_if_data *sdata,
91 mgmt->u.action.u.addba_req.start_seq_num = 91 mgmt->u.action.u.addba_req.start_seq_num =
92 cpu_to_le16(start_seq_num << 4); 92 cpu_to_le16(start_seq_num << 4);
93 93
94 ieee80211_tx_skb(sdata, skb, 1); 94 ieee80211_tx_skb(sdata, skb);
95} 95}
96 96
97void ieee80211_send_bar(struct ieee80211_sub_if_data *sdata, u8 *ra, u16 tid, u16 ssn) 97void ieee80211_send_bar(struct ieee80211_sub_if_data *sdata, u8 *ra, u16 tid, u16 ssn)
@@ -120,7 +120,8 @@ void ieee80211_send_bar(struct ieee80211_sub_if_data *sdata, u8 *ra, u16 tid, u1
120 bar->control = cpu_to_le16(bar_control); 120 bar->control = cpu_to_le16(bar_control);
121 bar->start_seq_num = cpu_to_le16(ssn); 121 bar->start_seq_num = cpu_to_le16(ssn);
122 122
123 ieee80211_tx_skb(sdata, skb, 0); 123 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
124 ieee80211_tx_skb(sdata, skb);
124} 125}
125 126
126int ___ieee80211_stop_tx_ba_session(struct sta_info *sta, u16 tid, 127int ___ieee80211_stop_tx_ba_session(struct sta_info *sta, u16 tid,
@@ -143,7 +144,8 @@ int ___ieee80211_stop_tx_ba_session(struct sta_info *sta, u16 tid,
143 *state = HT_AGG_STATE_REQ_STOP_BA_MSK | 144 *state = HT_AGG_STATE_REQ_STOP_BA_MSK |
144 (initiator << HT_AGG_STATE_INITIATOR_SHIFT); 145 (initiator << HT_AGG_STATE_INITIATOR_SHIFT);
145 146
146 ret = drv_ampdu_action(local, IEEE80211_AMPDU_TX_STOP, 147 ret = drv_ampdu_action(local, &sta->sdata->vif,
148 IEEE80211_AMPDU_TX_STOP,
147 &sta->sta, tid, NULL); 149 &sta->sta, tid, NULL);
148 150
149 /* HW shall not deny going back to legacy */ 151 /* HW shall not deny going back to legacy */
@@ -202,11 +204,11 @@ static inline int ieee80211_ac_from_tid(int tid)
202 return ieee802_1d_to_ac[tid & 7]; 204 return ieee802_1d_to_ac[tid & 7];
203} 205}
204 206
205int ieee80211_start_tx_ba_session(struct ieee80211_hw *hw, u8 *ra, u16 tid) 207int ieee80211_start_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid)
206{ 208{
207 struct ieee80211_local *local = hw_to_local(hw); 209 struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
208 struct sta_info *sta; 210 struct ieee80211_sub_if_data *sdata = sta->sdata;
209 struct ieee80211_sub_if_data *sdata; 211 struct ieee80211_local *local = sdata->local;
210 u8 *state; 212 u8 *state;
211 int ret = 0; 213 int ret = 0;
212 u16 start_seq_num; 214 u16 start_seq_num;
@@ -214,52 +216,37 @@ int ieee80211_start_tx_ba_session(struct ieee80211_hw *hw, u8 *ra, u16 tid)
214 if (WARN_ON(!local->ops->ampdu_action)) 216 if (WARN_ON(!local->ops->ampdu_action))
215 return -EINVAL; 217 return -EINVAL;
216 218
217 if ((tid >= STA_TID_NUM) || !(hw->flags & IEEE80211_HW_AMPDU_AGGREGATION)) 219 if ((tid >= STA_TID_NUM) ||
220 !(local->hw.flags & IEEE80211_HW_AMPDU_AGGREGATION))
218 return -EINVAL; 221 return -EINVAL;
219 222
220#ifdef CONFIG_MAC80211_HT_DEBUG 223#ifdef CONFIG_MAC80211_HT_DEBUG
221 printk(KERN_DEBUG "Open BA session requested for %pM tid %u\n", 224 printk(KERN_DEBUG "Open BA session requested for %pM tid %u\n",
222 ra, tid); 225 pubsta->addr, tid);
223#endif /* CONFIG_MAC80211_HT_DEBUG */ 226#endif /* CONFIG_MAC80211_HT_DEBUG */
224 227
225 rcu_read_lock();
226
227 sta = sta_info_get(local, ra);
228 if (!sta) {
229#ifdef CONFIG_MAC80211_HT_DEBUG
230 printk(KERN_DEBUG "Could not find the station\n");
231#endif
232 ret = -ENOENT;
233 goto unlock;
234 }
235
236 /* 228 /*
237 * The aggregation code is not prepared to handle 229 * The aggregation code is not prepared to handle
238 * anything but STA/AP due to the BSSID handling. 230 * anything but STA/AP due to the BSSID handling.
239 * IBSS could work in the code but isn't supported 231 * IBSS could work in the code but isn't supported
240 * by drivers or the standard. 232 * by drivers or the standard.
241 */ 233 */
242 if (sta->sdata->vif.type != NL80211_IFTYPE_STATION && 234 if (sdata->vif.type != NL80211_IFTYPE_STATION &&
243 sta->sdata->vif.type != NL80211_IFTYPE_AP_VLAN && 235 sdata->vif.type != NL80211_IFTYPE_AP_VLAN &&
244 sta->sdata->vif.type != NL80211_IFTYPE_AP) { 236 sdata->vif.type != NL80211_IFTYPE_AP)
245 ret = -EINVAL; 237 return -EINVAL;
246 goto unlock;
247 }
248 238
249 if (test_sta_flags(sta, WLAN_STA_SUSPEND)) { 239 if (test_sta_flags(sta, WLAN_STA_SUSPEND)) {
250#ifdef CONFIG_MAC80211_HT_DEBUG 240#ifdef CONFIG_MAC80211_HT_DEBUG
251 printk(KERN_DEBUG "Suspend in progress. " 241 printk(KERN_DEBUG "Suspend in progress. "
252 "Denying BA session request\n"); 242 "Denying BA session request\n");
253#endif 243#endif
254 ret = -EINVAL; 244 return -EINVAL;
255 goto unlock;
256 } 245 }
257 246
258 spin_lock_bh(&sta->lock); 247 spin_lock_bh(&sta->lock);
259 spin_lock(&local->ampdu_lock); 248 spin_lock(&local->ampdu_lock);
260 249
261 sdata = sta->sdata;
262
263 /* we have tried too many times, receiver does not want A-MPDU */ 250 /* we have tried too many times, receiver does not want A-MPDU */
264 if (sta->ampdu_mlme.addba_req_num[tid] > HT_AGG_MAX_RETRIES) { 251 if (sta->ampdu_mlme.addba_req_num[tid] > HT_AGG_MAX_RETRIES) {
265 ret = -EBUSY; 252 ret = -EBUSY;
@@ -316,8 +303,9 @@ int ieee80211_start_tx_ba_session(struct ieee80211_hw *hw, u8 *ra, u16 tid)
316 303
317 start_seq_num = sta->tid_seq[tid]; 304 start_seq_num = sta->tid_seq[tid];
318 305
319 ret = drv_ampdu_action(local, IEEE80211_AMPDU_TX_START, 306 ret = drv_ampdu_action(local, &sdata->vif,
320 &sta->sta, tid, &start_seq_num); 307 IEEE80211_AMPDU_TX_START,
308 pubsta, tid, &start_seq_num);
321 309
322 if (ret) { 310 if (ret) {
323#ifdef CONFIG_MAC80211_HT_DEBUG 311#ifdef CONFIG_MAC80211_HT_DEBUG
@@ -342,7 +330,7 @@ int ieee80211_start_tx_ba_session(struct ieee80211_hw *hw, u8 *ra, u16 tid)
342 sta->ampdu_mlme.dialog_token_allocator; 330 sta->ampdu_mlme.dialog_token_allocator;
343 sta->ampdu_mlme.tid_tx[tid]->ssn = start_seq_num; 331 sta->ampdu_mlme.tid_tx[tid]->ssn = start_seq_num;
344 332
345 ieee80211_send_addba_request(sta->sdata, ra, tid, 333 ieee80211_send_addba_request(sdata, pubsta->addr, tid,
346 sta->ampdu_mlme.tid_tx[tid]->dialog_token, 334 sta->ampdu_mlme.tid_tx[tid]->dialog_token,
347 sta->ampdu_mlme.tid_tx[tid]->ssn, 335 sta->ampdu_mlme.tid_tx[tid]->ssn,
348 0x40, 5000); 336 0x40, 5000);
@@ -354,7 +342,7 @@ int ieee80211_start_tx_ba_session(struct ieee80211_hw *hw, u8 *ra, u16 tid)
354#ifdef CONFIG_MAC80211_HT_DEBUG 342#ifdef CONFIG_MAC80211_HT_DEBUG
355 printk(KERN_DEBUG "activated addBA response timer on tid %d\n", tid); 343 printk(KERN_DEBUG "activated addBA response timer on tid %d\n", tid);
356#endif 344#endif
357 goto unlock; 345 return 0;
358 346
359 err_free: 347 err_free:
360 kfree(sta->ampdu_mlme.tid_tx[tid]); 348 kfree(sta->ampdu_mlme.tid_tx[tid]);
@@ -366,8 +354,6 @@ int ieee80211_start_tx_ba_session(struct ieee80211_hw *hw, u8 *ra, u16 tid)
366 err_unlock_sta: 354 err_unlock_sta:
367 spin_unlock(&local->ampdu_lock); 355 spin_unlock(&local->ampdu_lock);
368 spin_unlock_bh(&sta->lock); 356 spin_unlock_bh(&sta->lock);
369 unlock:
370 rcu_read_unlock();
371 return ret; 357 return ret;
372} 358}
373EXPORT_SYMBOL(ieee80211_start_tx_ba_session); 359EXPORT_SYMBOL(ieee80211_start_tx_ba_session);
@@ -434,13 +420,15 @@ static void ieee80211_agg_tx_operational(struct ieee80211_local *local,
434 ieee80211_agg_splice_finish(local, sta, tid); 420 ieee80211_agg_splice_finish(local, sta, tid);
435 spin_unlock(&local->ampdu_lock); 421 spin_unlock(&local->ampdu_lock);
436 422
437 drv_ampdu_action(local, IEEE80211_AMPDU_TX_OPERATIONAL, 423 drv_ampdu_action(local, &sta->sdata->vif,
424 IEEE80211_AMPDU_TX_OPERATIONAL,
438 &sta->sta, tid, NULL); 425 &sta->sta, tid, NULL);
439} 426}
440 427
441void ieee80211_start_tx_ba_cb(struct ieee80211_hw *hw, u8 *ra, u16 tid) 428void ieee80211_start_tx_ba_cb(struct ieee80211_vif *vif, u8 *ra, u16 tid)
442{ 429{
443 struct ieee80211_local *local = hw_to_local(hw); 430 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
431 struct ieee80211_local *local = sdata->local;
444 struct sta_info *sta; 432 struct sta_info *sta;
445 u8 *state; 433 u8 *state;
446 434
@@ -489,10 +477,11 @@ void ieee80211_start_tx_ba_cb(struct ieee80211_hw *hw, u8 *ra, u16 tid)
489} 477}
490EXPORT_SYMBOL(ieee80211_start_tx_ba_cb); 478EXPORT_SYMBOL(ieee80211_start_tx_ba_cb);
491 479
492void ieee80211_start_tx_ba_cb_irqsafe(struct ieee80211_hw *hw, 480void ieee80211_start_tx_ba_cb_irqsafe(struct ieee80211_vif *vif,
493 const u8 *ra, u16 tid) 481 const u8 *ra, u16 tid)
494{ 482{
495 struct ieee80211_local *local = hw_to_local(hw); 483 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
484 struct ieee80211_local *local = sdata->local;
496 struct ieee80211_ra_tid *ra_tid; 485 struct ieee80211_ra_tid *ra_tid;
497 struct sk_buff *skb = dev_alloc_skb(0); 486 struct sk_buff *skb = dev_alloc_skb(0);
498 487
@@ -507,6 +496,7 @@ void ieee80211_start_tx_ba_cb_irqsafe(struct ieee80211_hw *hw,
507 ra_tid = (struct ieee80211_ra_tid *) &skb->cb; 496 ra_tid = (struct ieee80211_ra_tid *) &skb->cb;
508 memcpy(&ra_tid->ra, ra, ETH_ALEN); 497 memcpy(&ra_tid->ra, ra, ETH_ALEN);
509 ra_tid->tid = tid; 498 ra_tid->tid = tid;
499 ra_tid->vif = vif;
510 500
511 skb->pkt_type = IEEE80211_ADDBA_MSG; 501 skb->pkt_type = IEEE80211_ADDBA_MSG;
512 skb_queue_tail(&local->skb_queue, skb); 502 skb_queue_tail(&local->skb_queue, skb);
@@ -536,13 +526,12 @@ int __ieee80211_stop_tx_ba_session(struct sta_info *sta, u16 tid,
536 return ret; 526 return ret;
537} 527}
538 528
539int ieee80211_stop_tx_ba_session(struct ieee80211_hw *hw, 529int ieee80211_stop_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid,
540 u8 *ra, u16 tid,
541 enum ieee80211_back_parties initiator) 530 enum ieee80211_back_parties initiator)
542{ 531{
543 struct ieee80211_local *local = hw_to_local(hw); 532 struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
544 struct sta_info *sta; 533 struct ieee80211_sub_if_data *sdata = sta->sdata;
545 int ret = 0; 534 struct ieee80211_local *local = sdata->local;
546 535
547 if (!local->ops->ampdu_action) 536 if (!local->ops->ampdu_action)
548 return -EINVAL; 537 return -EINVAL;
@@ -550,22 +539,14 @@ int ieee80211_stop_tx_ba_session(struct ieee80211_hw *hw,
550 if (tid >= STA_TID_NUM) 539 if (tid >= STA_TID_NUM)
551 return -EINVAL; 540 return -EINVAL;
552 541
553 rcu_read_lock(); 542 return __ieee80211_stop_tx_ba_session(sta, tid, initiator);
554 sta = sta_info_get(local, ra);
555 if (!sta) {
556 rcu_read_unlock();
557 return -ENOENT;
558 }
559
560 ret = __ieee80211_stop_tx_ba_session(sta, tid, initiator);
561 rcu_read_unlock();
562 return ret;
563} 543}
564EXPORT_SYMBOL(ieee80211_stop_tx_ba_session); 544EXPORT_SYMBOL(ieee80211_stop_tx_ba_session);
565 545
566void ieee80211_stop_tx_ba_cb(struct ieee80211_hw *hw, u8 *ra, u8 tid) 546void ieee80211_stop_tx_ba_cb(struct ieee80211_vif *vif, u8 *ra, u8 tid)
567{ 547{
568 struct ieee80211_local *local = hw_to_local(hw); 548 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
549 struct ieee80211_local *local = sdata->local;
569 struct sta_info *sta; 550 struct sta_info *sta;
570 u8 *state; 551 u8 *state;
571 552
@@ -628,10 +609,11 @@ void ieee80211_stop_tx_ba_cb(struct ieee80211_hw *hw, u8 *ra, u8 tid)
628} 609}
629EXPORT_SYMBOL(ieee80211_stop_tx_ba_cb); 610EXPORT_SYMBOL(ieee80211_stop_tx_ba_cb);
630 611
631void ieee80211_stop_tx_ba_cb_irqsafe(struct ieee80211_hw *hw, 612void ieee80211_stop_tx_ba_cb_irqsafe(struct ieee80211_vif *vif,
632 const u8 *ra, u16 tid) 613 const u8 *ra, u16 tid)
633{ 614{
634 struct ieee80211_local *local = hw_to_local(hw); 615 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
616 struct ieee80211_local *local = sdata->local;
635 struct ieee80211_ra_tid *ra_tid; 617 struct ieee80211_ra_tid *ra_tid;
636 struct sk_buff *skb = dev_alloc_skb(0); 618 struct sk_buff *skb = dev_alloc_skb(0);
637 619
@@ -646,6 +628,7 @@ void ieee80211_stop_tx_ba_cb_irqsafe(struct ieee80211_hw *hw,
646 ra_tid = (struct ieee80211_ra_tid *) &skb->cb; 628 ra_tid = (struct ieee80211_ra_tid *) &skb->cb;
647 memcpy(&ra_tid->ra, ra, ETH_ALEN); 629 memcpy(&ra_tid->ra, ra, ETH_ALEN);
648 ra_tid->tid = tid; 630 ra_tid->tid = tid;
631 ra_tid->vif = vif;
649 632
650 skb->pkt_type = IEEE80211_DELBA_MSG; 633 skb->pkt_type = IEEE80211_DELBA_MSG;
651 skb_queue_tail(&local->skb_queue, skb); 634 skb_queue_tail(&local->skb_queue, skb);
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index 7b5131bd6fa1..93ee1fd5c08d 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -36,6 +36,15 @@ static bool nl80211_type_check(enum nl80211_iftype type)
36 } 36 }
37} 37}
38 38
39static bool nl80211_params_check(enum nl80211_iftype type,
40 struct vif_params *params)
41{
42 if (!nl80211_type_check(type))
43 return false;
44
45 return true;
46}
47
39static int ieee80211_add_iface(struct wiphy *wiphy, char *name, 48static int ieee80211_add_iface(struct wiphy *wiphy, char *name,
40 enum nl80211_iftype type, u32 *flags, 49 enum nl80211_iftype type, u32 *flags,
41 struct vif_params *params) 50 struct vif_params *params)
@@ -45,7 +54,7 @@ static int ieee80211_add_iface(struct wiphy *wiphy, char *name,
45 struct ieee80211_sub_if_data *sdata; 54 struct ieee80211_sub_if_data *sdata;
46 int err; 55 int err;
47 56
48 if (!nl80211_type_check(type)) 57 if (!nl80211_params_check(type, params))
49 return -EINVAL; 58 return -EINVAL;
50 59
51 err = ieee80211_if_add(local, name, &dev, type, params); 60 err = ieee80211_if_add(local, name, &dev, type, params);
@@ -75,7 +84,7 @@ static int ieee80211_change_iface(struct wiphy *wiphy,
75 if (netif_running(dev)) 84 if (netif_running(dev))
76 return -EBUSY; 85 return -EBUSY;
77 86
78 if (!nl80211_type_check(type)) 87 if (!nl80211_params_check(type, params))
79 return -EINVAL; 88 return -EINVAL;
80 89
81 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 90 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
@@ -92,6 +101,13 @@ static int ieee80211_change_iface(struct wiphy *wiphy,
92 if (sdata->vif.type != NL80211_IFTYPE_MONITOR || !flags) 101 if (sdata->vif.type != NL80211_IFTYPE_MONITOR || !flags)
93 return 0; 102 return 0;
94 103
104 if (type == NL80211_IFTYPE_AP_VLAN &&
105 params && params->use_4addr == 0)
106 rcu_assign_pointer(sdata->u.vlan.sta, NULL);
107 else if (type == NL80211_IFTYPE_STATION &&
108 params && params->use_4addr >= 0)
109 sdata->u.mgd.use_4addr = params->use_4addr;
110
95 sdata->u.mntr_flags = *flags; 111 sdata->u.mntr_flags = *flags;
96 return 0; 112 return 0;
97} 113}
@@ -377,13 +393,13 @@ static void sta_set_sinfo(struct sta_info *sta, struct station_info *sinfo)
377static int ieee80211_dump_station(struct wiphy *wiphy, struct net_device *dev, 393static int ieee80211_dump_station(struct wiphy *wiphy, struct net_device *dev,
378 int idx, u8 *mac, struct station_info *sinfo) 394 int idx, u8 *mac, struct station_info *sinfo)
379{ 395{
380 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 396 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
381 struct sta_info *sta; 397 struct sta_info *sta;
382 int ret = -ENOENT; 398 int ret = -ENOENT;
383 399
384 rcu_read_lock(); 400 rcu_read_lock();
385 401
386 sta = sta_info_get_by_idx(local, idx, dev); 402 sta = sta_info_get_by_idx(sdata, idx);
387 if (sta) { 403 if (sta) {
388 ret = 0; 404 ret = 0;
389 memcpy(mac, sta->sta.addr, ETH_ALEN); 405 memcpy(mac, sta->sta.addr, ETH_ALEN);
@@ -738,13 +754,6 @@ static int ieee80211_add_station(struct wiphy *wiphy, struct net_device *dev,
738 754
739 err = sta_info_insert(sta); 755 err = sta_info_insert(sta);
740 if (err) { 756 if (err) {
741 /* STA has been freed */
742 if (err == -EEXIST && layer2_update) {
743 /* Need to update layer 2 devices on reassociation */
744 sta = sta_info_get(local, mac);
745 if (sta)
746 ieee80211_send_layer2_update(sta);
747 }
748 rcu_read_unlock(); 757 rcu_read_unlock();
749 return err; 758 return err;
750 } 759 }
@@ -813,6 +822,15 @@ static int ieee80211_change_station(struct wiphy *wiphy,
813 return -EINVAL; 822 return -EINVAL;
814 } 823 }
815 824
825 if (params->vlan->ieee80211_ptr->use_4addr) {
826 if (vlansdata->u.vlan.sta) {
827 rcu_read_unlock();
828 return -EBUSY;
829 }
830
831 rcu_assign_pointer(vlansdata->u.vlan.sta, sta);
832 }
833
816 sta->sdata = vlansdata; 834 sta->sdata = vlansdata;
817 ieee80211_send_layer2_update(sta); 835 ieee80211_send_layer2_update(sta);
818 } 836 }
@@ -914,7 +932,7 @@ static void mpath_set_pinfo(struct mesh_path *mpath, u8 *next_hop,
914 pinfo->generation = mesh_paths_generation; 932 pinfo->generation = mesh_paths_generation;
915 933
916 pinfo->filled = MPATH_INFO_FRAME_QLEN | 934 pinfo->filled = MPATH_INFO_FRAME_QLEN |
917 MPATH_INFO_DSN | 935 MPATH_INFO_SN |
918 MPATH_INFO_METRIC | 936 MPATH_INFO_METRIC |
919 MPATH_INFO_EXPTIME | 937 MPATH_INFO_EXPTIME |
920 MPATH_INFO_DISCOVERY_TIMEOUT | 938 MPATH_INFO_DISCOVERY_TIMEOUT |
@@ -922,7 +940,7 @@ static void mpath_set_pinfo(struct mesh_path *mpath, u8 *next_hop,
922 MPATH_INFO_FLAGS; 940 MPATH_INFO_FLAGS;
923 941
924 pinfo->frame_qlen = mpath->frame_queue.qlen; 942 pinfo->frame_qlen = mpath->frame_queue.qlen;
925 pinfo->dsn = mpath->dsn; 943 pinfo->sn = mpath->sn;
926 pinfo->metric = mpath->metric; 944 pinfo->metric = mpath->metric;
927 if (time_before(jiffies, mpath->exp_time)) 945 if (time_before(jiffies, mpath->exp_time))
928 pinfo->exptime = jiffies_to_msecs(mpath->exp_time - jiffies); 946 pinfo->exptime = jiffies_to_msecs(mpath->exp_time - jiffies);
@@ -934,8 +952,8 @@ static void mpath_set_pinfo(struct mesh_path *mpath, u8 *next_hop,
934 pinfo->flags |= NL80211_MPATH_FLAG_ACTIVE; 952 pinfo->flags |= NL80211_MPATH_FLAG_ACTIVE;
935 if (mpath->flags & MESH_PATH_RESOLVING) 953 if (mpath->flags & MESH_PATH_RESOLVING)
936 pinfo->flags |= NL80211_MPATH_FLAG_RESOLVING; 954 pinfo->flags |= NL80211_MPATH_FLAG_RESOLVING;
937 if (mpath->flags & MESH_PATH_DSN_VALID) 955 if (mpath->flags & MESH_PATH_SN_VALID)
938 pinfo->flags |= NL80211_MPATH_FLAG_DSN_VALID; 956 pinfo->flags |= NL80211_MPATH_FLAG_SN_VALID;
939 if (mpath->flags & MESH_PATH_FIXED) 957 if (mpath->flags & MESH_PATH_FIXED)
940 pinfo->flags |= NL80211_MPATH_FLAG_FIXED; 958 pinfo->flags |= NL80211_MPATH_FLAG_FIXED;
941 if (mpath->flags & MESH_PATH_RESOLVING) 959 if (mpath->flags & MESH_PATH_RESOLVING)
@@ -1008,7 +1026,10 @@ static int ieee80211_set_mesh_params(struct wiphy *wiphy,
1008{ 1026{
1009 struct mesh_config *conf; 1027 struct mesh_config *conf;
1010 struct ieee80211_sub_if_data *sdata; 1028 struct ieee80211_sub_if_data *sdata;
1029 struct ieee80211_if_mesh *ifmsh;
1030
1011 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1031 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1032 ifmsh = &sdata->u.mesh;
1012 1033
1013 /* Set the config options which we are interested in setting */ 1034 /* Set the config options which we are interested in setting */
1014 conf = &(sdata->u.mesh.mshcfg); 1035 conf = &(sdata->u.mesh.mshcfg);
@@ -1043,6 +1064,10 @@ static int ieee80211_set_mesh_params(struct wiphy *wiphy,
1043 mask)) 1064 mask))
1044 conf->dot11MeshHWMPnetDiameterTraversalTime = 1065 conf->dot11MeshHWMPnetDiameterTraversalTime =
1045 nconf->dot11MeshHWMPnetDiameterTraversalTime; 1066 nconf->dot11MeshHWMPnetDiameterTraversalTime;
1067 if (_chg_mesh_attr(NL80211_MESHCONF_HWMP_ROOTMODE, mask)) {
1068 conf->dot11MeshHWMPRootMode = nconf->dot11MeshHWMPRootMode;
1069 ieee80211_mesh_root_setup(ifmsh);
1070 }
1046 return 0; 1071 return 0;
1047} 1072}
1048 1073
diff --git a/net/mac80211/debugfs.c b/net/mac80211/debugfs.c
index 96991b68f048..e4b54093d41b 100644
--- a/net/mac80211/debugfs.c
+++ b/net/mac80211/debugfs.c
@@ -1,3 +1,4 @@
1
1/* 2/*
2 * mac80211 debugfs for wireless PHYs 3 * mac80211 debugfs for wireless PHYs
3 * 4 *
@@ -38,16 +39,10 @@ static const struct file_operations name## _ops = { \
38}; 39};
39 40
40#define DEBUGFS_ADD(name) \ 41#define DEBUGFS_ADD(name) \
41 local->debugfs.name = debugfs_create_file(#name, 0400, phyd, \ 42 debugfs_create_file(#name, 0400, phyd, local, &name## _ops);
42 local, &name## _ops);
43 43
44#define DEBUGFS_ADD_MODE(name, mode) \ 44#define DEBUGFS_ADD_MODE(name, mode) \
45 local->debugfs.name = debugfs_create_file(#name, mode, phyd, \ 45 debugfs_create_file(#name, mode, phyd, local, &name## _ops);
46 local, &name## _ops);
47
48#define DEBUGFS_DEL(name) \
49 debugfs_remove(local->debugfs.name); \
50 local->debugfs.name = NULL;
51 46
52 47
53DEBUGFS_READONLY_FILE(frequency, 20, "%d", 48DEBUGFS_READONLY_FILE(frequency, 20, "%d",
@@ -57,7 +52,7 @@ DEBUGFS_READONLY_FILE(total_ps_buffered, 20, "%d",
57DEBUGFS_READONLY_FILE(wep_iv, 20, "%#08x", 52DEBUGFS_READONLY_FILE(wep_iv, 20, "%#08x",
58 local->wep_iv & 0xffffff); 53 local->wep_iv & 0xffffff);
59DEBUGFS_READONLY_FILE(rate_ctrl_alg, 100, "%s", 54DEBUGFS_READONLY_FILE(rate_ctrl_alg, 100, "%s",
60 local->rate_ctrl ? local->rate_ctrl->ops->name : "<unset>"); 55 local->rate_ctrl ? local->rate_ctrl->ops->name : "hw/driver");
61 56
62static ssize_t tsf_read(struct file *file, char __user *user_buf, 57static ssize_t tsf_read(struct file *file, char __user *user_buf,
63 size_t count, loff_t *ppos) 58 size_t count, loff_t *ppos)
@@ -233,12 +228,7 @@ static const struct file_operations stats_ ##name## _ops = { \
233}; 228};
234 229
235#define DEBUGFS_STATS_ADD(name) \ 230#define DEBUGFS_STATS_ADD(name) \
236 local->debugfs.stats.name = debugfs_create_file(#name, 0400, statsd,\ 231 debugfs_create_file(#name, 0400, statsd, local, &stats_ ##name## _ops);
237 local, &stats_ ##name## _ops);
238
239#define DEBUGFS_STATS_DEL(name) \
240 debugfs_remove(local->debugfs.stats.name); \
241 local->debugfs.stats.name = NULL;
242 232
243DEBUGFS_STATS_FILE(transmitted_fragment_count, 20, "%u", 233DEBUGFS_STATS_FILE(transmitted_fragment_count, 20, "%u",
244 local->dot11TransmittedFragmentCount); 234 local->dot11TransmittedFragmentCount);
@@ -326,7 +316,6 @@ void debugfs_hw_add(struct ieee80211_local *local)
326 DEBUGFS_ADD(noack); 316 DEBUGFS_ADD(noack);
327 317
328 statsd = debugfs_create_dir("statistics", phyd); 318 statsd = debugfs_create_dir("statistics", phyd);
329 local->debugfs.statistics = statsd;
330 319
331 /* if the dir failed, don't put all the other things into the root! */ 320 /* if the dir failed, don't put all the other things into the root! */
332 if (!statsd) 321 if (!statsd)
@@ -367,57 +356,3 @@ void debugfs_hw_add(struct ieee80211_local *local)
367 DEBUGFS_STATS_ADD(dot11FCSErrorCount); 356 DEBUGFS_STATS_ADD(dot11FCSErrorCount);
368 DEBUGFS_STATS_ADD(dot11RTSSuccessCount); 357 DEBUGFS_STATS_ADD(dot11RTSSuccessCount);
369} 358}
370
371void debugfs_hw_del(struct ieee80211_local *local)
372{
373 DEBUGFS_DEL(frequency);
374 DEBUGFS_DEL(total_ps_buffered);
375 DEBUGFS_DEL(wep_iv);
376 DEBUGFS_DEL(tsf);
377 DEBUGFS_DEL(queues);
378 DEBUGFS_DEL(reset);
379 DEBUGFS_DEL(noack);
380
381 DEBUGFS_STATS_DEL(transmitted_fragment_count);
382 DEBUGFS_STATS_DEL(multicast_transmitted_frame_count);
383 DEBUGFS_STATS_DEL(failed_count);
384 DEBUGFS_STATS_DEL(retry_count);
385 DEBUGFS_STATS_DEL(multiple_retry_count);
386 DEBUGFS_STATS_DEL(frame_duplicate_count);
387 DEBUGFS_STATS_DEL(received_fragment_count);
388 DEBUGFS_STATS_DEL(multicast_received_frame_count);
389 DEBUGFS_STATS_DEL(transmitted_frame_count);
390 DEBUGFS_STATS_DEL(num_scans);
391#ifdef CONFIG_MAC80211_DEBUG_COUNTERS
392 DEBUGFS_STATS_DEL(tx_handlers_drop);
393 DEBUGFS_STATS_DEL(tx_handlers_queued);
394 DEBUGFS_STATS_DEL(tx_handlers_drop_unencrypted);
395 DEBUGFS_STATS_DEL(tx_handlers_drop_fragment);
396 DEBUGFS_STATS_DEL(tx_handlers_drop_wep);
397 DEBUGFS_STATS_DEL(tx_handlers_drop_not_assoc);
398 DEBUGFS_STATS_DEL(tx_handlers_drop_unauth_port);
399 DEBUGFS_STATS_DEL(rx_handlers_drop);
400 DEBUGFS_STATS_DEL(rx_handlers_queued);
401 DEBUGFS_STATS_DEL(rx_handlers_drop_nullfunc);
402 DEBUGFS_STATS_DEL(rx_handlers_drop_defrag);
403 DEBUGFS_STATS_DEL(rx_handlers_drop_short);
404 DEBUGFS_STATS_DEL(rx_handlers_drop_passive_scan);
405 DEBUGFS_STATS_DEL(tx_expand_skb_head);
406 DEBUGFS_STATS_DEL(tx_expand_skb_head_cloned);
407 DEBUGFS_STATS_DEL(rx_expand_skb_head);
408 DEBUGFS_STATS_DEL(rx_expand_skb_head2);
409 DEBUGFS_STATS_DEL(rx_handlers_fragments);
410 DEBUGFS_STATS_DEL(tx_status_drop);
411#endif
412 DEBUGFS_STATS_DEL(dot11ACKFailureCount);
413 DEBUGFS_STATS_DEL(dot11RTSFailureCount);
414 DEBUGFS_STATS_DEL(dot11FCSErrorCount);
415 DEBUGFS_STATS_DEL(dot11RTSSuccessCount);
416
417 debugfs_remove(local->debugfs.statistics);
418 local->debugfs.statistics = NULL;
419 debugfs_remove(local->debugfs.stations);
420 local->debugfs.stations = NULL;
421 debugfs_remove(local->debugfs.keys);
422 local->debugfs.keys = NULL;
423}
diff --git a/net/mac80211/debugfs.h b/net/mac80211/debugfs.h
index dd2541935c27..68e6a2050f9a 100644
--- a/net/mac80211/debugfs.h
+++ b/net/mac80211/debugfs.h
@@ -3,14 +3,12 @@
3 3
4#ifdef CONFIG_MAC80211_DEBUGFS 4#ifdef CONFIG_MAC80211_DEBUGFS
5extern void debugfs_hw_add(struct ieee80211_local *local); 5extern void debugfs_hw_add(struct ieee80211_local *local);
6extern void debugfs_hw_del(struct ieee80211_local *local);
7extern int mac80211_open_file_generic(struct inode *inode, struct file *file); 6extern int mac80211_open_file_generic(struct inode *inode, struct file *file);
8#else 7#else
9static inline void debugfs_hw_add(struct ieee80211_local *local) 8static inline void debugfs_hw_add(struct ieee80211_local *local)
10{ 9{
11 return; 10 return;
12} 11}
13static inline void debugfs_hw_del(struct ieee80211_local *local) {}
14#endif 12#endif
15 13
16#endif /* __MAC80211_DEBUGFS_H */ 14#endif /* __MAC80211_DEBUGFS_H */
diff --git a/net/mac80211/debugfs_key.c b/net/mac80211/debugfs_key.c
index 99c752588b30..e0f5224630da 100644
--- a/net/mac80211/debugfs_key.c
+++ b/net/mac80211/debugfs_key.c
@@ -225,8 +225,8 @@ static ssize_t key_key_read(struct file *file, char __user *userbuf,
225KEY_OPS(key); 225KEY_OPS(key);
226 226
227#define DEBUGFS_ADD(name) \ 227#define DEBUGFS_ADD(name) \
228 key->debugfs.name = debugfs_create_file(#name, 0400,\ 228 debugfs_create_file(#name, 0400, key->debugfs.dir, \
229 key->debugfs.dir, key, &key_##name##_ops); 229 key, &key_##name##_ops);
230 230
231void ieee80211_debugfs_key_add(struct ieee80211_key *key) 231void ieee80211_debugfs_key_add(struct ieee80211_key *key)
232 { 232 {
@@ -271,30 +271,12 @@ void ieee80211_debugfs_key_add(struct ieee80211_key *key)
271 DEBUGFS_ADD(ifindex); 271 DEBUGFS_ADD(ifindex);
272}; 272};
273 273
274#define DEBUGFS_DEL(name) \
275 debugfs_remove(key->debugfs.name); key->debugfs.name = NULL;
276
277void ieee80211_debugfs_key_remove(struct ieee80211_key *key) 274void ieee80211_debugfs_key_remove(struct ieee80211_key *key)
278{ 275{
279 if (!key) 276 if (!key)
280 return; 277 return;
281 278
282 DEBUGFS_DEL(keylen); 279 debugfs_remove_recursive(key->debugfs.dir);
283 DEBUGFS_DEL(flags);
284 DEBUGFS_DEL(keyidx);
285 DEBUGFS_DEL(hw_key_idx);
286 DEBUGFS_DEL(tx_rx_count);
287 DEBUGFS_DEL(algorithm);
288 DEBUGFS_DEL(tx_spec);
289 DEBUGFS_DEL(rx_spec);
290 DEBUGFS_DEL(replays);
291 DEBUGFS_DEL(icverrors);
292 DEBUGFS_DEL(key);
293 DEBUGFS_DEL(ifindex);
294
295 debugfs_remove(key->debugfs.stalink);
296 key->debugfs.stalink = NULL;
297 debugfs_remove(key->debugfs.dir);
298 key->debugfs.dir = NULL; 280 key->debugfs.dir = NULL;
299} 281}
300void ieee80211_debugfs_key_add_default(struct ieee80211_sub_if_data *sdata) 282void ieee80211_debugfs_key_add_default(struct ieee80211_sub_if_data *sdata)
@@ -302,7 +284,7 @@ void ieee80211_debugfs_key_add_default(struct ieee80211_sub_if_data *sdata)
302 char buf[50]; 284 char buf[50];
303 struct ieee80211_key *key; 285 struct ieee80211_key *key;
304 286
305 if (!sdata->debugfsdir) 287 if (!sdata->debugfs.dir)
306 return; 288 return;
307 289
308 /* this is running under the key lock */ 290 /* this is running under the key lock */
@@ -310,9 +292,9 @@ void ieee80211_debugfs_key_add_default(struct ieee80211_sub_if_data *sdata)
310 key = sdata->default_key; 292 key = sdata->default_key;
311 if (key) { 293 if (key) {
312 sprintf(buf, "../keys/%d", key->debugfs.cnt); 294 sprintf(buf, "../keys/%d", key->debugfs.cnt);
313 sdata->common_debugfs.default_key = 295 sdata->debugfs.default_key =
314 debugfs_create_symlink("default_key", 296 debugfs_create_symlink("default_key",
315 sdata->debugfsdir, buf); 297 sdata->debugfs.dir, buf);
316 } else 298 } else
317 ieee80211_debugfs_key_remove_default(sdata); 299 ieee80211_debugfs_key_remove_default(sdata);
318} 300}
@@ -322,8 +304,8 @@ void ieee80211_debugfs_key_remove_default(struct ieee80211_sub_if_data *sdata)
322 if (!sdata) 304 if (!sdata)
323 return; 305 return;
324 306
325 debugfs_remove(sdata->common_debugfs.default_key); 307 debugfs_remove(sdata->debugfs.default_key);
326 sdata->common_debugfs.default_key = NULL; 308 sdata->debugfs.default_key = NULL;
327} 309}
328 310
329void ieee80211_debugfs_key_add_mgmt_default(struct ieee80211_sub_if_data *sdata) 311void ieee80211_debugfs_key_add_mgmt_default(struct ieee80211_sub_if_data *sdata)
@@ -331,7 +313,7 @@ void ieee80211_debugfs_key_add_mgmt_default(struct ieee80211_sub_if_data *sdata)
331 char buf[50]; 313 char buf[50];
332 struct ieee80211_key *key; 314 struct ieee80211_key *key;
333 315
334 if (!sdata->debugfsdir) 316 if (!sdata->debugfs.dir)
335 return; 317 return;
336 318
337 /* this is running under the key lock */ 319 /* this is running under the key lock */
@@ -339,9 +321,9 @@ void ieee80211_debugfs_key_add_mgmt_default(struct ieee80211_sub_if_data *sdata)
339 key = sdata->default_mgmt_key; 321 key = sdata->default_mgmt_key;
340 if (key) { 322 if (key) {
341 sprintf(buf, "../keys/%d", key->debugfs.cnt); 323 sprintf(buf, "../keys/%d", key->debugfs.cnt);
342 sdata->common_debugfs.default_mgmt_key = 324 sdata->debugfs.default_mgmt_key =
343 debugfs_create_symlink("default_mgmt_key", 325 debugfs_create_symlink("default_mgmt_key",
344 sdata->debugfsdir, buf); 326 sdata->debugfs.dir, buf);
345 } else 327 } else
346 ieee80211_debugfs_key_remove_mgmt_default(sdata); 328 ieee80211_debugfs_key_remove_mgmt_default(sdata);
347} 329}
@@ -351,8 +333,8 @@ void ieee80211_debugfs_key_remove_mgmt_default(struct ieee80211_sub_if_data *sda
351 if (!sdata) 333 if (!sdata)
352 return; 334 return;
353 335
354 debugfs_remove(sdata->common_debugfs.default_mgmt_key); 336 debugfs_remove(sdata->debugfs.default_mgmt_key);
355 sdata->common_debugfs.default_mgmt_key = NULL; 337 sdata->debugfs.default_mgmt_key = NULL;
356} 338}
357 339
358void ieee80211_debugfs_key_sta_del(struct ieee80211_key *key, 340void ieee80211_debugfs_key_sta_del(struct ieee80211_key *key,
diff --git a/net/mac80211/debugfs_netdev.c b/net/mac80211/debugfs_netdev.c
index 61234e79022b..472b2039906c 100644
--- a/net/mac80211/debugfs_netdev.c
+++ b/net/mac80211/debugfs_netdev.c
@@ -149,12 +149,14 @@ IEEE80211_IF_FILE(path_refresh_time,
149 u.mesh.mshcfg.path_refresh_time, DEC); 149 u.mesh.mshcfg.path_refresh_time, DEC);
150IEEE80211_IF_FILE(min_discovery_timeout, 150IEEE80211_IF_FILE(min_discovery_timeout,
151 u.mesh.mshcfg.min_discovery_timeout, DEC); 151 u.mesh.mshcfg.min_discovery_timeout, DEC);
152IEEE80211_IF_FILE(dot11MeshHWMPRootMode,
153 u.mesh.mshcfg.dot11MeshHWMPRootMode, DEC);
152#endif 154#endif
153 155
154 156
155#define DEBUGFS_ADD(name, type)\ 157#define DEBUGFS_ADD(name, type) \
156 sdata->debugfs.type.name = debugfs_create_file(#name, 0400,\ 158 debugfs_create_file(#name, 0400, sdata->debugfs.dir, \
157 sdata->debugfsdir, sdata, &name##_ops); 159 sdata, &name##_ops);
158 160
159static void add_sta_files(struct ieee80211_sub_if_data *sdata) 161static void add_sta_files(struct ieee80211_sub_if_data *sdata)
160{ 162{
@@ -199,30 +201,32 @@ static void add_monitor_files(struct ieee80211_sub_if_data *sdata)
199} 201}
200 202
201#ifdef CONFIG_MAC80211_MESH 203#ifdef CONFIG_MAC80211_MESH
202#define MESHSTATS_ADD(name)\
203 sdata->mesh_stats.name = debugfs_create_file(#name, 0400,\
204 sdata->mesh_stats_dir, sdata, &name##_ops);
205 204
206static void add_mesh_stats(struct ieee80211_sub_if_data *sdata) 205static void add_mesh_stats(struct ieee80211_sub_if_data *sdata)
207{ 206{
208 sdata->mesh_stats_dir = debugfs_create_dir("mesh_stats", 207 struct dentry *dir = debugfs_create_dir("mesh_stats",
209 sdata->debugfsdir); 208 sdata->debugfs.dir);
209
210#define MESHSTATS_ADD(name)\
211 debugfs_create_file(#name, 0400, dir, sdata, &name##_ops);
212
210 MESHSTATS_ADD(fwded_mcast); 213 MESHSTATS_ADD(fwded_mcast);
211 MESHSTATS_ADD(fwded_unicast); 214 MESHSTATS_ADD(fwded_unicast);
212 MESHSTATS_ADD(fwded_frames); 215 MESHSTATS_ADD(fwded_frames);
213 MESHSTATS_ADD(dropped_frames_ttl); 216 MESHSTATS_ADD(dropped_frames_ttl);
214 MESHSTATS_ADD(dropped_frames_no_route); 217 MESHSTATS_ADD(dropped_frames_no_route);
215 MESHSTATS_ADD(estab_plinks); 218 MESHSTATS_ADD(estab_plinks);
219#undef MESHSTATS_ADD
216} 220}
217 221
218#define MESHPARAMS_ADD(name)\
219 sdata->mesh_config.name = debugfs_create_file(#name, 0600,\
220 sdata->mesh_config_dir, sdata, &name##_ops);
221
222static void add_mesh_config(struct ieee80211_sub_if_data *sdata) 222static void add_mesh_config(struct ieee80211_sub_if_data *sdata)
223{ 223{
224 sdata->mesh_config_dir = debugfs_create_dir("mesh_config", 224 struct dentry *dir = debugfs_create_dir("mesh_config",
225 sdata->debugfsdir); 225 sdata->debugfs.dir);
226
227#define MESHPARAMS_ADD(name) \
228 debugfs_create_file(#name, 0600, dir, sdata, &name##_ops);
229
226 MESHPARAMS_ADD(dot11MeshMaxRetries); 230 MESHPARAMS_ADD(dot11MeshMaxRetries);
227 MESHPARAMS_ADD(dot11MeshRetryTimeout); 231 MESHPARAMS_ADD(dot11MeshRetryTimeout);
228 MESHPARAMS_ADD(dot11MeshConfirmTimeout); 232 MESHPARAMS_ADD(dot11MeshConfirmTimeout);
@@ -236,12 +240,14 @@ static void add_mesh_config(struct ieee80211_sub_if_data *sdata)
236 MESHPARAMS_ADD(dot11MeshHWMPmaxPREQretries); 240 MESHPARAMS_ADD(dot11MeshHWMPmaxPREQretries);
237 MESHPARAMS_ADD(path_refresh_time); 241 MESHPARAMS_ADD(path_refresh_time);
238 MESHPARAMS_ADD(min_discovery_timeout); 242 MESHPARAMS_ADD(min_discovery_timeout);
243
244#undef MESHPARAMS_ADD
239} 245}
240#endif 246#endif
241 247
242static void add_files(struct ieee80211_sub_if_data *sdata) 248static void add_files(struct ieee80211_sub_if_data *sdata)
243{ 249{
244 if (!sdata->debugfsdir) 250 if (!sdata->debugfs.dir)
245 return; 251 return;
246 252
247 switch (sdata->vif.type) { 253 switch (sdata->vif.type) {
@@ -274,134 +280,6 @@ static void add_files(struct ieee80211_sub_if_data *sdata)
274 } 280 }
275} 281}
276 282
277#define DEBUGFS_DEL(name, type) \
278 do { \
279 debugfs_remove(sdata->debugfs.type.name); \
280 sdata->debugfs.type.name = NULL; \
281 } while (0)
282
283static void del_sta_files(struct ieee80211_sub_if_data *sdata)
284{
285 DEBUGFS_DEL(drop_unencrypted, sta);
286 DEBUGFS_DEL(force_unicast_rateidx, sta);
287 DEBUGFS_DEL(max_ratectrl_rateidx, sta);
288
289 DEBUGFS_DEL(bssid, sta);
290 DEBUGFS_DEL(aid, sta);
291 DEBUGFS_DEL(capab, sta);
292}
293
294static void del_ap_files(struct ieee80211_sub_if_data *sdata)
295{
296 DEBUGFS_DEL(drop_unencrypted, ap);
297 DEBUGFS_DEL(force_unicast_rateidx, ap);
298 DEBUGFS_DEL(max_ratectrl_rateidx, ap);
299
300 DEBUGFS_DEL(num_sta_ps, ap);
301 DEBUGFS_DEL(dtim_count, ap);
302 DEBUGFS_DEL(num_buffered_multicast, ap);
303}
304
305static void del_wds_files(struct ieee80211_sub_if_data *sdata)
306{
307 DEBUGFS_DEL(drop_unencrypted, wds);
308 DEBUGFS_DEL(force_unicast_rateidx, wds);
309 DEBUGFS_DEL(max_ratectrl_rateidx, wds);
310
311 DEBUGFS_DEL(peer, wds);
312}
313
314static void del_vlan_files(struct ieee80211_sub_if_data *sdata)
315{
316 DEBUGFS_DEL(drop_unencrypted, vlan);
317 DEBUGFS_DEL(force_unicast_rateidx, vlan);
318 DEBUGFS_DEL(max_ratectrl_rateidx, vlan);
319}
320
321static void del_monitor_files(struct ieee80211_sub_if_data *sdata)
322{
323}
324
325#ifdef CONFIG_MAC80211_MESH
326#define MESHSTATS_DEL(name) \
327 do { \
328 debugfs_remove(sdata->mesh_stats.name); \
329 sdata->mesh_stats.name = NULL; \
330 } while (0)
331
332static void del_mesh_stats(struct ieee80211_sub_if_data *sdata)
333{
334 MESHSTATS_DEL(fwded_mcast);
335 MESHSTATS_DEL(fwded_unicast);
336 MESHSTATS_DEL(fwded_frames);
337 MESHSTATS_DEL(dropped_frames_ttl);
338 MESHSTATS_DEL(dropped_frames_no_route);
339 MESHSTATS_DEL(estab_plinks);
340 debugfs_remove(sdata->mesh_stats_dir);
341 sdata->mesh_stats_dir = NULL;
342}
343
344#define MESHPARAMS_DEL(name) \
345 do { \
346 debugfs_remove(sdata->mesh_config.name); \
347 sdata->mesh_config.name = NULL; \
348 } while (0)
349
350static void del_mesh_config(struct ieee80211_sub_if_data *sdata)
351{
352 MESHPARAMS_DEL(dot11MeshMaxRetries);
353 MESHPARAMS_DEL(dot11MeshRetryTimeout);
354 MESHPARAMS_DEL(dot11MeshConfirmTimeout);
355 MESHPARAMS_DEL(dot11MeshHoldingTimeout);
356 MESHPARAMS_DEL(dot11MeshTTL);
357 MESHPARAMS_DEL(auto_open_plinks);
358 MESHPARAMS_DEL(dot11MeshMaxPeerLinks);
359 MESHPARAMS_DEL(dot11MeshHWMPactivePathTimeout);
360 MESHPARAMS_DEL(dot11MeshHWMPpreqMinInterval);
361 MESHPARAMS_DEL(dot11MeshHWMPnetDiameterTraversalTime);
362 MESHPARAMS_DEL(dot11MeshHWMPmaxPREQretries);
363 MESHPARAMS_DEL(path_refresh_time);
364 MESHPARAMS_DEL(min_discovery_timeout);
365 debugfs_remove(sdata->mesh_config_dir);
366 sdata->mesh_config_dir = NULL;
367}
368#endif
369
370static void del_files(struct ieee80211_sub_if_data *sdata)
371{
372 if (!sdata->debugfsdir)
373 return;
374
375 switch (sdata->vif.type) {
376 case NL80211_IFTYPE_MESH_POINT:
377#ifdef CONFIG_MAC80211_MESH
378 del_mesh_stats(sdata);
379 del_mesh_config(sdata);
380#endif
381 break;
382 case NL80211_IFTYPE_STATION:
383 del_sta_files(sdata);
384 break;
385 case NL80211_IFTYPE_ADHOC:
386 /* XXX */
387 break;
388 case NL80211_IFTYPE_AP:
389 del_ap_files(sdata);
390 break;
391 case NL80211_IFTYPE_WDS:
392 del_wds_files(sdata);
393 break;
394 case NL80211_IFTYPE_MONITOR:
395 del_monitor_files(sdata);
396 break;
397 case NL80211_IFTYPE_AP_VLAN:
398 del_vlan_files(sdata);
399 break;
400 default:
401 break;
402 }
403}
404
405static int notif_registered; 283static int notif_registered;
406 284
407void ieee80211_debugfs_add_netdev(struct ieee80211_sub_if_data *sdata) 285void ieee80211_debugfs_add_netdev(struct ieee80211_sub_if_data *sdata)
@@ -412,16 +290,18 @@ void ieee80211_debugfs_add_netdev(struct ieee80211_sub_if_data *sdata)
412 return; 290 return;
413 291
414 sprintf(buf, "netdev:%s", sdata->dev->name); 292 sprintf(buf, "netdev:%s", sdata->dev->name);
415 sdata->debugfsdir = debugfs_create_dir(buf, 293 sdata->debugfs.dir = debugfs_create_dir(buf,
416 sdata->local->hw.wiphy->debugfsdir); 294 sdata->local->hw.wiphy->debugfsdir);
417 add_files(sdata); 295 add_files(sdata);
418} 296}
419 297
420void ieee80211_debugfs_remove_netdev(struct ieee80211_sub_if_data *sdata) 298void ieee80211_debugfs_remove_netdev(struct ieee80211_sub_if_data *sdata)
421{ 299{
422 del_files(sdata); 300 if (!sdata->debugfs.dir)
423 debugfs_remove(sdata->debugfsdir); 301 return;
424 sdata->debugfsdir = NULL; 302
303 debugfs_remove_recursive(sdata->debugfs.dir);
304 sdata->debugfs.dir = NULL;
425} 305}
426 306
427static int netdev_notify(struct notifier_block *nb, 307static int netdev_notify(struct notifier_block *nb,
@@ -444,7 +324,7 @@ static int netdev_notify(struct notifier_block *nb,
444 324
445 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 325 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
446 326
447 dir = sdata->debugfsdir; 327 dir = sdata->debugfs.dir;
448 328
449 if (!dir) 329 if (!dir)
450 return 0; 330 return 0;
diff --git a/net/mac80211/debugfs_sta.c b/net/mac80211/debugfs_sta.c
index 33a2e892115b..3f41608c8081 100644
--- a/net/mac80211/debugfs_sta.c
+++ b/net/mac80211/debugfs_sta.c
@@ -57,7 +57,6 @@ STA_FILE(tx_filtered, tx_filtered_count, LU);
57STA_FILE(tx_retry_failed, tx_retry_failed, LU); 57STA_FILE(tx_retry_failed, tx_retry_failed, LU);
58STA_FILE(tx_retry_count, tx_retry_count, LU); 58STA_FILE(tx_retry_count, tx_retry_count, LU);
59STA_FILE(last_signal, last_signal, D); 59STA_FILE(last_signal, last_signal, D);
60STA_FILE(last_qual, last_qual, D);
61STA_FILE(last_noise, last_noise, D); 60STA_FILE(last_noise, last_noise, D);
62STA_FILE(wep_weak_iv_count, wep_weak_iv_count, LU); 61STA_FILE(wep_weak_iv_count, wep_weak_iv_count, LU);
63 62
@@ -67,10 +66,11 @@ static ssize_t sta_flags_read(struct file *file, char __user *userbuf,
67 char buf[100]; 66 char buf[100];
68 struct sta_info *sta = file->private_data; 67 struct sta_info *sta = file->private_data;
69 u32 staflags = get_sta_flags(sta); 68 u32 staflags = get_sta_flags(sta);
70 int res = scnprintf(buf, sizeof(buf), "%s%s%s%s%s%s%s%s", 69 int res = scnprintf(buf, sizeof(buf), "%s%s%s%s%s%s%s%s%s",
71 staflags & WLAN_STA_AUTH ? "AUTH\n" : "", 70 staflags & WLAN_STA_AUTH ? "AUTH\n" : "",
72 staflags & WLAN_STA_ASSOC ? "ASSOC\n" : "", 71 staflags & WLAN_STA_ASSOC ? "ASSOC\n" : "",
73 staflags & WLAN_STA_PS ? "PS\n" : "", 72 staflags & WLAN_STA_PS_STA ? "PS (sta)\n" : "",
73 staflags & WLAN_STA_PS_DRIVER ? "PS (driver)\n" : "",
74 staflags & WLAN_STA_AUTHORIZED ? "AUTHORIZED\n" : "", 74 staflags & WLAN_STA_AUTHORIZED ? "AUTHORIZED\n" : "",
75 staflags & WLAN_STA_SHORT_PREAMBLE ? "SHORT PREAMBLE\n" : "", 75 staflags & WLAN_STA_SHORT_PREAMBLE ? "SHORT PREAMBLE\n" : "",
76 staflags & WLAN_STA_WME ? "WME\n" : "", 76 staflags & WLAN_STA_WME ? "WME\n" : "",
@@ -157,14 +157,38 @@ static ssize_t sta_agg_status_read(struct file *file, char __user *userbuf,
157} 157}
158STA_OPS(agg_status); 158STA_OPS(agg_status);
159 159
160static ssize_t sta_ht_capa_read(struct file *file, char __user *userbuf,
161 size_t count, loff_t *ppos)
162{
163 char buf[200], *p = buf;
164 int i;
165 struct sta_info *sta = file->private_data;
166 struct ieee80211_sta_ht_cap *htc = &sta->sta.ht_cap;
167
168 p += scnprintf(p, sizeof(buf) + buf - p, "ht %ssupported\n",
169 htc->ht_supported ? "" : "not ");
170 if (htc->ht_supported) {
171 p += scnprintf(p, sizeof(buf)+buf-p, "cap: %#.2x\n", htc->cap);
172 p += scnprintf(p, sizeof(buf)+buf-p, "ampdu factor/density: %d/%d\n",
173 htc->ampdu_factor, htc->ampdu_density);
174 p += scnprintf(p, sizeof(buf)+buf-p, "MCS mask:");
175 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
176 p += scnprintf(p, sizeof(buf)+buf-p, " %.2x",
177 htc->mcs.rx_mask[i]);
178 p += scnprintf(p, sizeof(buf)+buf-p, "\nMCS rx highest: %d\n",
179 le16_to_cpu(htc->mcs.rx_highest));
180 p += scnprintf(p, sizeof(buf)+buf-p, "MCS tx params: %x\n",
181 htc->mcs.tx_params);
182 }
183
184 return simple_read_from_buffer(userbuf, count, ppos, buf, p - buf);
185}
186STA_OPS(ht_capa);
187
160#define DEBUGFS_ADD(name) \ 188#define DEBUGFS_ADD(name) \
161 sta->debugfs.name = debugfs_create_file(#name, 0400, \ 189 debugfs_create_file(#name, 0400, \
162 sta->debugfs.dir, sta, &sta_ ##name## _ops); 190 sta->debugfs.dir, sta, &sta_ ##name## _ops);
163 191
164#define DEBUGFS_DEL(name) \
165 debugfs_remove(sta->debugfs.name);\
166 sta->debugfs.name = NULL;
167
168 192
169void ieee80211_sta_debugfs_add(struct sta_info *sta) 193void ieee80211_sta_debugfs_add(struct sta_info *sta)
170{ 194{
@@ -209,36 +233,13 @@ void ieee80211_sta_debugfs_add(struct sta_info *sta)
209 DEBUGFS_ADD(tx_retry_failed); 233 DEBUGFS_ADD(tx_retry_failed);
210 DEBUGFS_ADD(tx_retry_count); 234 DEBUGFS_ADD(tx_retry_count);
211 DEBUGFS_ADD(last_signal); 235 DEBUGFS_ADD(last_signal);
212 DEBUGFS_ADD(last_qual);
213 DEBUGFS_ADD(last_noise); 236 DEBUGFS_ADD(last_noise);
214 DEBUGFS_ADD(wep_weak_iv_count); 237 DEBUGFS_ADD(wep_weak_iv_count);
238 DEBUGFS_ADD(ht_capa);
215} 239}
216 240
217void ieee80211_sta_debugfs_remove(struct sta_info *sta) 241void ieee80211_sta_debugfs_remove(struct sta_info *sta)
218{ 242{
219 DEBUGFS_DEL(flags); 243 debugfs_remove_recursive(sta->debugfs.dir);
220 DEBUGFS_DEL(num_ps_buf_frames);
221 DEBUGFS_DEL(inactive_ms);
222 DEBUGFS_DEL(last_seq_ctrl);
223 DEBUGFS_DEL(agg_status);
224 DEBUGFS_DEL(aid);
225 DEBUGFS_DEL(dev);
226 DEBUGFS_DEL(rx_packets);
227 DEBUGFS_DEL(tx_packets);
228 DEBUGFS_DEL(rx_bytes);
229 DEBUGFS_DEL(tx_bytes);
230 DEBUGFS_DEL(rx_duplicates);
231 DEBUGFS_DEL(rx_fragments);
232 DEBUGFS_DEL(rx_dropped);
233 DEBUGFS_DEL(tx_fragments);
234 DEBUGFS_DEL(tx_filtered);
235 DEBUGFS_DEL(tx_retry_failed);
236 DEBUGFS_DEL(tx_retry_count);
237 DEBUGFS_DEL(last_signal);
238 DEBUGFS_DEL(last_qual);
239 DEBUGFS_DEL(last_noise);
240 DEBUGFS_DEL(wep_weak_iv_count);
241
242 debugfs_remove(sta->debugfs.dir);
243 sta->debugfs.dir = NULL; 244 sta->debugfs.dir = NULL;
244} 245}
diff --git a/net/mac80211/driver-ops.h b/net/mac80211/driver-ops.h
index 020a94a31106..921dd9c9ff62 100644
--- a/net/mac80211/driver-ops.h
+++ b/net/mac80211/driver-ops.h
@@ -239,15 +239,16 @@ static inline int drv_tx_last_beacon(struct ieee80211_local *local)
239} 239}
240 240
241static inline int drv_ampdu_action(struct ieee80211_local *local, 241static inline int drv_ampdu_action(struct ieee80211_local *local,
242 struct ieee80211_vif *vif,
242 enum ieee80211_ampdu_mlme_action action, 243 enum ieee80211_ampdu_mlme_action action,
243 struct ieee80211_sta *sta, u16 tid, 244 struct ieee80211_sta *sta, u16 tid,
244 u16 *ssn) 245 u16 *ssn)
245{ 246{
246 int ret = -EOPNOTSUPP; 247 int ret = -EOPNOTSUPP;
247 if (local->ops->ampdu_action) 248 if (local->ops->ampdu_action)
248 ret = local->ops->ampdu_action(&local->hw, action, 249 ret = local->ops->ampdu_action(&local->hw, vif, action,
249 sta, tid, ssn); 250 sta, tid, ssn);
250 trace_drv_ampdu_action(local, action, sta, tid, ssn, ret); 251 trace_drv_ampdu_action(local, vif, action, sta, tid, ssn, ret);
251 return ret; 252 return ret;
252} 253}
253 254
diff --git a/net/mac80211/driver-trace.h b/net/mac80211/driver-trace.h
index 37b9051afcf3..ee94ea0c67e9 100644
--- a/net/mac80211/driver-trace.h
+++ b/net/mac80211/driver-trace.h
@@ -131,17 +131,35 @@ TRACE_EVENT(drv_config,
131 LOCAL_ENTRY 131 LOCAL_ENTRY
132 __field(u32, changed) 132 __field(u32, changed)
133 __field(int, ret) 133 __field(int, ret)
134 __field(u32, flags)
135 __field(int, power_level)
136 __field(int, dynamic_ps_timeout)
137 __field(int, max_sleep_period)
138 __field(u16, listen_interval)
139 __field(u8, long_frame_max_tx_count)
140 __field(u8, short_frame_max_tx_count)
141 __field(int, center_freq)
142 __field(int, channel_type)
134 ), 143 ),
135 144
136 TP_fast_assign( 145 TP_fast_assign(
137 LOCAL_ASSIGN; 146 LOCAL_ASSIGN;
138 __entry->changed = changed; 147 __entry->changed = changed;
139 __entry->ret = ret; 148 __entry->ret = ret;
149 __entry->flags = local->hw.conf.flags;
150 __entry->power_level = local->hw.conf.power_level;
151 __entry->dynamic_ps_timeout = local->hw.conf.dynamic_ps_timeout;
152 __entry->max_sleep_period = local->hw.conf.max_sleep_period;
153 __entry->listen_interval = local->hw.conf.listen_interval;
154 __entry->long_frame_max_tx_count = local->hw.conf.long_frame_max_tx_count;
155 __entry->short_frame_max_tx_count = local->hw.conf.short_frame_max_tx_count;
156 __entry->center_freq = local->hw.conf.channel->center_freq;
157 __entry->channel_type = local->hw.conf.channel_type;
140 ), 158 ),
141 159
142 TP_printk( 160 TP_printk(
143 LOCAL_PR_FMT " ch:%#x ret:%d", 161 LOCAL_PR_FMT " ch:%#x freq:%d ret:%d",
144 LOCAL_PR_ARG, __entry->changed, __entry->ret 162 LOCAL_PR_ARG, __entry->changed, __entry->center_freq, __entry->ret
145 ) 163 )
146); 164);
147 165
@@ -167,6 +185,8 @@ TRACE_EVENT(drv_bss_info_changed,
167 __field(u64, timestamp) 185 __field(u64, timestamp)
168 __field(u32, basic_rates) 186 __field(u32, basic_rates)
169 __field(u32, changed) 187 __field(u32, changed)
188 __field(bool, enable_beacon)
189 __field(u16, ht_operation_mode)
170 ), 190 ),
171 191
172 TP_fast_assign( 192 TP_fast_assign(
@@ -183,6 +203,8 @@ TRACE_EVENT(drv_bss_info_changed,
183 __entry->assoc_cap = info->assoc_capability; 203 __entry->assoc_cap = info->assoc_capability;
184 __entry->timestamp = info->timestamp; 204 __entry->timestamp = info->timestamp;
185 __entry->basic_rates = info->basic_rates; 205 __entry->basic_rates = info->basic_rates;
206 __entry->enable_beacon = info->enable_beacon;
207 __entry->ht_operation_mode = info->ht_operation_mode;
186 ), 208 ),
187 209
188 TP_printk( 210 TP_printk(
@@ -634,11 +656,12 @@ TRACE_EVENT(drv_tx_last_beacon,
634 656
635TRACE_EVENT(drv_ampdu_action, 657TRACE_EVENT(drv_ampdu_action,
636 TP_PROTO(struct ieee80211_local *local, 658 TP_PROTO(struct ieee80211_local *local,
659 struct ieee80211_vif *vif,
637 enum ieee80211_ampdu_mlme_action action, 660 enum ieee80211_ampdu_mlme_action action,
638 struct ieee80211_sta *sta, u16 tid, 661 struct ieee80211_sta *sta, u16 tid,
639 u16 *ssn, int ret), 662 u16 *ssn, int ret),
640 663
641 TP_ARGS(local, action, sta, tid, ssn, ret), 664 TP_ARGS(local, vif, action, sta, tid, ssn, ret),
642 665
643 TP_STRUCT__entry( 666 TP_STRUCT__entry(
644 LOCAL_ENTRY 667 LOCAL_ENTRY
@@ -647,10 +670,12 @@ TRACE_EVENT(drv_ampdu_action,
647 __field(u16, tid) 670 __field(u16, tid)
648 __field(u16, ssn) 671 __field(u16, ssn)
649 __field(int, ret) 672 __field(int, ret)
673 VIF_ENTRY
650 ), 674 ),
651 675
652 TP_fast_assign( 676 TP_fast_assign(
653 LOCAL_ASSIGN; 677 LOCAL_ASSIGN;
678 VIF_ASSIGN;
654 STA_ASSIGN; 679 STA_ASSIGN;
655 __entry->ret = ret; 680 __entry->ret = ret;
656 __entry->action = action; 681 __entry->action = action;
@@ -659,8 +684,8 @@ TRACE_EVENT(drv_ampdu_action,
659 ), 684 ),
660 685
661 TP_printk( 686 TP_printk(
662 LOCAL_PR_FMT STA_PR_FMT " action:%d tid:%d ret:%d", 687 LOCAL_PR_FMT VIF_PR_FMT STA_PR_FMT " action:%d tid:%d ret:%d",
663 LOCAL_PR_ARG, STA_PR_ARG, __entry->action, __entry->tid, __entry->ret 688 LOCAL_PR_ARG, VIF_PR_ARG, STA_PR_ARG, __entry->action, __entry->tid, __entry->ret
664 ) 689 )
665); 690);
666#endif /* !__MAC80211_DRIVER_TRACE || TRACE_HEADER_MULTI_READ */ 691#endif /* !__MAC80211_DRIVER_TRACE || TRACE_HEADER_MULTI_READ */
diff --git a/net/mac80211/ht.c b/net/mac80211/ht.c
index cdc58e61d921..3787455fb696 100644
--- a/net/mac80211/ht.c
+++ b/net/mac80211/ht.c
@@ -134,7 +134,7 @@ void ieee80211_send_delba(struct ieee80211_sub_if_data *sdata,
134 mgmt->u.action.u.delba.params = cpu_to_le16(params); 134 mgmt->u.action.u.delba.params = cpu_to_le16(params);
135 mgmt->u.action.u.delba.reason_code = cpu_to_le16(reason_code); 135 mgmt->u.action.u.delba.reason_code = cpu_to_le16(reason_code);
136 136
137 ieee80211_tx_skb(sdata, skb, 1); 137 ieee80211_tx_skb(sdata, skb);
138} 138}
139 139
140void ieee80211_process_delba(struct ieee80211_sub_if_data *sdata, 140void ieee80211_process_delba(struct ieee80211_sub_if_data *sdata,
diff --git a/net/mac80211/ibss.c b/net/mac80211/ibss.c
index f1362f32c17d..10d13856f86c 100644
--- a/net/mac80211/ibss.c
+++ b/net/mac80211/ibss.c
@@ -455,6 +455,10 @@ static void ieee80211_sta_merge_ibss(struct ieee80211_sub_if_data *sdata)
455 455
456 ieee80211_sta_expire(sdata, IEEE80211_IBSS_INACTIVITY_LIMIT); 456 ieee80211_sta_expire(sdata, IEEE80211_IBSS_INACTIVITY_LIMIT);
457 457
458 if (time_before(jiffies, ifibss->last_scan_completed +
459 IEEE80211_IBSS_MERGE_INTERVAL))
460 return;
461
458 if (ieee80211_sta_active_ibss(sdata)) 462 if (ieee80211_sta_active_ibss(sdata))
459 return; 463 return;
460 464
@@ -655,7 +659,8 @@ static void ieee80211_rx_mgmt_probe_req(struct ieee80211_sub_if_data *sdata,
655 printk(KERN_DEBUG "%s: Sending ProbeResp to %pM\n", 659 printk(KERN_DEBUG "%s: Sending ProbeResp to %pM\n",
656 sdata->dev->name, resp->da); 660 sdata->dev->name, resp->da);
657#endif /* CONFIG_MAC80211_IBSS_DEBUG */ 661#endif /* CONFIG_MAC80211_IBSS_DEBUG */
658 ieee80211_tx_skb(sdata, skb, 0); 662 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
663 ieee80211_tx_skb(sdata, skb);
659} 664}
660 665
661static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata, 666static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata,
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index 10d316e455de..419f186cfcf0 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -23,6 +23,7 @@
23#include <linux/types.h> 23#include <linux/types.h>
24#include <linux/spinlock.h> 24#include <linux/spinlock.h>
25#include <linux/etherdevice.h> 25#include <linux/etherdevice.h>
26#include <net/ieee80211_radiotap.h>
26#include <net/cfg80211.h> 27#include <net/cfg80211.h>
27#include <net/mac80211.h> 28#include <net/mac80211.h>
28#include "key.h" 29#include "key.h"
@@ -162,21 +163,17 @@ typedef unsigned __bitwise__ ieee80211_rx_result;
162/* frame is destined to interface currently processed (incl. multicast frames) */ 163/* frame is destined to interface currently processed (incl. multicast frames) */
163#define IEEE80211_RX_RA_MATCH BIT(1) 164#define IEEE80211_RX_RA_MATCH BIT(1)
164#define IEEE80211_RX_AMSDU BIT(2) 165#define IEEE80211_RX_AMSDU BIT(2)
165#define IEEE80211_RX_CMNTR_REPORTED BIT(3) 166#define IEEE80211_RX_FRAGMENTED BIT(3)
166#define IEEE80211_RX_FRAGMENTED BIT(4) 167/* only add flags here that do not change with subframes of an aMPDU */
167 168
168struct ieee80211_rx_data { 169struct ieee80211_rx_data {
169 struct sk_buff *skb; 170 struct sk_buff *skb;
170 struct net_device *dev;
171 struct ieee80211_local *local; 171 struct ieee80211_local *local;
172 struct ieee80211_sub_if_data *sdata; 172 struct ieee80211_sub_if_data *sdata;
173 struct sta_info *sta; 173 struct sta_info *sta;
174 struct ieee80211_key *key; 174 struct ieee80211_key *key;
175 struct ieee80211_rx_status *status;
176 struct ieee80211_rate *rate;
177 175
178 unsigned int flags; 176 unsigned int flags;
179 int sent_ps_buffered;
180 int queue; 177 int queue;
181 u32 tkip_iv32; 178 u32 tkip_iv32;
182 u16 tkip_iv16; 179 u16 tkip_iv16;
@@ -209,6 +206,9 @@ struct ieee80211_if_wds {
209 206
210struct ieee80211_if_vlan { 207struct ieee80211_if_vlan {
211 struct list_head list; 208 struct list_head list;
209
210 /* used for all tx if the VLAN is configured to 4-addr mode */
211 struct sta_info *sta;
212}; 212};
213 213
214struct mesh_stats { 214struct mesh_stats {
@@ -312,6 +312,8 @@ struct ieee80211_if_managed {
312 } mfp; /* management frame protection */ 312 } mfp; /* management frame protection */
313 313
314 int wmm_last_param_set; 314 int wmm_last_param_set;
315
316 u8 use_4addr;
315}; 317};
316 318
317enum ieee80211_ibss_request { 319enum ieee80211_ibss_request {
@@ -353,6 +355,7 @@ struct ieee80211_if_mesh {
353 struct work_struct work; 355 struct work_struct work;
354 struct timer_list housekeeping_timer; 356 struct timer_list housekeeping_timer;
355 struct timer_list mesh_path_timer; 357 struct timer_list mesh_path_timer;
358 struct timer_list mesh_path_root_timer;
356 struct sk_buff_head skb_queue; 359 struct sk_buff_head skb_queue;
357 360
358 unsigned long timers_running; 361 unsigned long timers_running;
@@ -362,23 +365,23 @@ struct ieee80211_if_mesh {
362 u8 mesh_id[IEEE80211_MAX_MESH_ID_LEN]; 365 u8 mesh_id[IEEE80211_MAX_MESH_ID_LEN];
363 size_t mesh_id_len; 366 size_t mesh_id_len;
364 /* Active Path Selection Protocol Identifier */ 367 /* Active Path Selection Protocol Identifier */
365 u8 mesh_pp_id[4]; 368 u8 mesh_pp_id;
366 /* Active Path Selection Metric Identifier */ 369 /* Active Path Selection Metric Identifier */
367 u8 mesh_pm_id[4]; 370 u8 mesh_pm_id;
368 /* Congestion Control Mode Identifier */ 371 /* Congestion Control Mode Identifier */
369 u8 mesh_cc_id[4]; 372 u8 mesh_cc_id;
370 /* Synchronization Protocol Identifier */ 373 /* Synchronization Protocol Identifier */
371 u8 mesh_sp_id[4]; 374 u8 mesh_sp_id;
372 /* Authentication Protocol Identifier */ 375 /* Authentication Protocol Identifier */
373 u8 mesh_auth_id[4]; 376 u8 mesh_auth_id;
374 /* Local mesh Destination Sequence Number */ 377 /* Local mesh Sequence Number */
375 u32 dsn; 378 u32 sn;
376 /* Last used PREQ ID */ 379 /* Last used PREQ ID */
377 u32 preq_id; 380 u32 preq_id;
378 atomic_t mpaths; 381 atomic_t mpaths;
379 /* Timestamp of last DSN update */ 382 /* Timestamp of last SN update */
380 unsigned long last_dsn_update; 383 unsigned long last_sn_update;
381 /* Timestamp of last DSN sent */ 384 /* Timestamp of last SN sent */
382 unsigned long last_preq; 385 unsigned long last_preq;
383 struct mesh_rmc *rmc; 386 struct mesh_rmc *rmc;
384 spinlock_t mesh_preq_queue_lock; 387 spinlock_t mesh_preq_queue_lock;
@@ -471,74 +474,11 @@ struct ieee80211_sub_if_data {
471 } u; 474 } u;
472 475
473#ifdef CONFIG_MAC80211_DEBUGFS 476#ifdef CONFIG_MAC80211_DEBUGFS
474 struct dentry *debugfsdir;
475 union {
476 struct {
477 struct dentry *drop_unencrypted;
478 struct dentry *bssid;
479 struct dentry *aid;
480 struct dentry *capab;
481 struct dentry *force_unicast_rateidx;
482 struct dentry *max_ratectrl_rateidx;
483 } sta;
484 struct {
485 struct dentry *drop_unencrypted;
486 struct dentry *num_sta_ps;
487 struct dentry *dtim_count;
488 struct dentry *force_unicast_rateidx;
489 struct dentry *max_ratectrl_rateidx;
490 struct dentry *num_buffered_multicast;
491 } ap;
492 struct {
493 struct dentry *drop_unencrypted;
494 struct dentry *peer;
495 struct dentry *force_unicast_rateidx;
496 struct dentry *max_ratectrl_rateidx;
497 } wds;
498 struct {
499 struct dentry *drop_unencrypted;
500 struct dentry *force_unicast_rateidx;
501 struct dentry *max_ratectrl_rateidx;
502 } vlan;
503 struct {
504 struct dentry *mode;
505 } monitor;
506 } debugfs;
507 struct { 477 struct {
478 struct dentry *dir;
508 struct dentry *default_key; 479 struct dentry *default_key;
509 struct dentry *default_mgmt_key; 480 struct dentry *default_mgmt_key;
510 } common_debugfs; 481 } debugfs;
511
512#ifdef CONFIG_MAC80211_MESH
513 struct dentry *mesh_stats_dir;
514 struct {
515 struct dentry *fwded_mcast;
516 struct dentry *fwded_unicast;
517 struct dentry *fwded_frames;
518 struct dentry *dropped_frames_ttl;
519 struct dentry *dropped_frames_no_route;
520 struct dentry *estab_plinks;
521 struct timer_list mesh_path_timer;
522 } mesh_stats;
523
524 struct dentry *mesh_config_dir;
525 struct {
526 struct dentry *dot11MeshRetryTimeout;
527 struct dentry *dot11MeshConfirmTimeout;
528 struct dentry *dot11MeshHoldingTimeout;
529 struct dentry *dot11MeshMaxRetries;
530 struct dentry *dot11MeshTTL;
531 struct dentry *auto_open_plinks;
532 struct dentry *dot11MeshMaxPeerLinks;
533 struct dentry *dot11MeshHWMPactivePathTimeout;
534 struct dentry *dot11MeshHWMPpreqMinInterval;
535 struct dentry *dot11MeshHWMPnetDiameterTraversalTime;
536 struct dentry *dot11MeshHWMPmaxPREQretries;
537 struct dentry *path_refresh_time;
538 struct dentry *min_discovery_timeout;
539 } mesh_config;
540#endif
541
542#endif 482#endif
543 /* must be last, dynamically sized area in this! */ 483 /* must be last, dynamically sized area in this! */
544 struct ieee80211_vif vif; 484 struct ieee80211_vif vif;
@@ -639,7 +579,6 @@ struct ieee80211_local {
639 /* number of interfaces with corresponding FIF_ flags */ 579 /* number of interfaces with corresponding FIF_ flags */
640 int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll; 580 int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll;
641 unsigned int filter_flags; /* FIF_* */ 581 unsigned int filter_flags; /* FIF_* */
642 struct iw_statistics wstats;
643 582
644 /* protects the aggregated multicast list and filter calls */ 583 /* protects the aggregated multicast list and filter calls */
645 spinlock_t filter_lock; 584 spinlock_t filter_lock;
@@ -738,10 +677,9 @@ struct ieee80211_local {
738 unsigned long scanning; 677 unsigned long scanning;
739 struct cfg80211_ssid scan_ssid; 678 struct cfg80211_ssid scan_ssid;
740 struct cfg80211_scan_request *int_scan_req; 679 struct cfg80211_scan_request *int_scan_req;
741 struct cfg80211_scan_request *scan_req; 680 struct cfg80211_scan_request *scan_req, *hw_scan_req;
742 struct ieee80211_channel *scan_channel; 681 struct ieee80211_channel *scan_channel;
743 const u8 *orig_ies; 682 enum ieee80211_band hw_scan_band;
744 int orig_ies_len;
745 int scan_channel_idx; 683 int scan_channel_idx;
746 int scan_ies_len; 684 int scan_ies_len;
747 685
@@ -826,53 +764,6 @@ struct ieee80211_local {
826#ifdef CONFIG_MAC80211_DEBUGFS 764#ifdef CONFIG_MAC80211_DEBUGFS
827 struct local_debugfsdentries { 765 struct local_debugfsdentries {
828 struct dentry *rcdir; 766 struct dentry *rcdir;
829 struct dentry *rcname;
830 struct dentry *frequency;
831 struct dentry *total_ps_buffered;
832 struct dentry *wep_iv;
833 struct dentry *tsf;
834 struct dentry *queues;
835 struct dentry *reset;
836 struct dentry *noack;
837 struct dentry *statistics;
838 struct local_debugfsdentries_statsdentries {
839 struct dentry *transmitted_fragment_count;
840 struct dentry *multicast_transmitted_frame_count;
841 struct dentry *failed_count;
842 struct dentry *retry_count;
843 struct dentry *multiple_retry_count;
844 struct dentry *frame_duplicate_count;
845 struct dentry *received_fragment_count;
846 struct dentry *multicast_received_frame_count;
847 struct dentry *transmitted_frame_count;
848 struct dentry *wep_undecryptable_count;
849 struct dentry *num_scans;
850#ifdef CONFIG_MAC80211_DEBUG_COUNTERS
851 struct dentry *tx_handlers_drop;
852 struct dentry *tx_handlers_queued;
853 struct dentry *tx_handlers_drop_unencrypted;
854 struct dentry *tx_handlers_drop_fragment;
855 struct dentry *tx_handlers_drop_wep;
856 struct dentry *tx_handlers_drop_not_assoc;
857 struct dentry *tx_handlers_drop_unauth_port;
858 struct dentry *rx_handlers_drop;
859 struct dentry *rx_handlers_queued;
860 struct dentry *rx_handlers_drop_nullfunc;
861 struct dentry *rx_handlers_drop_defrag;
862 struct dentry *rx_handlers_drop_short;
863 struct dentry *rx_handlers_drop_passive_scan;
864 struct dentry *tx_expand_skb_head;
865 struct dentry *tx_expand_skb_head_cloned;
866 struct dentry *rx_expand_skb_head;
867 struct dentry *rx_expand_skb_head2;
868 struct dentry *rx_handlers_fragments;
869 struct dentry *tx_status_drop;
870#endif
871 struct dentry *dot11ACKFailureCount;
872 struct dentry *dot11RTSFailureCount;
873 struct dentry *dot11FCSErrorCount;
874 struct dentry *dot11RTSSuccessCount;
875 } stats;
876 struct dentry *stations; 767 struct dentry *stations;
877 struct dentry *keys; 768 struct dentry *keys;
878 } debugfs; 769 } debugfs;
@@ -885,8 +776,9 @@ IEEE80211_DEV_TO_SUB_IF(struct net_device *dev)
885 return netdev_priv(dev); 776 return netdev_priv(dev);
886} 777}
887 778
888/* this struct represents 802.11n's RA/TID combination */ 779/* this struct represents 802.11n's RA/TID combination along with our vif */
889struct ieee80211_ra_tid { 780struct ieee80211_ra_tid {
781 struct ieee80211_vif *vif;
890 u8 ra[ETH_ALEN]; 782 u8 ra[ETH_ALEN];
891 u16 tid; 783 u16 tid;
892}; 784};
@@ -913,12 +805,13 @@ struct ieee802_11_elems {
913 u8 *wmm_param; 805 u8 *wmm_param;
914 struct ieee80211_ht_cap *ht_cap_elem; 806 struct ieee80211_ht_cap *ht_cap_elem;
915 struct ieee80211_ht_info *ht_info_elem; 807 struct ieee80211_ht_info *ht_info_elem;
916 u8 *mesh_config; 808 struct ieee80211_meshconf_ie *mesh_config;
917 u8 *mesh_id; 809 u8 *mesh_id;
918 u8 *peer_link; 810 u8 *peer_link;
919 u8 *preq; 811 u8 *preq;
920 u8 *prep; 812 u8 *prep;
921 u8 *perr; 813 u8 *perr;
814 struct ieee80211_rann_ie *rann;
922 u8 *ch_switch_elem; 815 u8 *ch_switch_elem;
923 u8 *country_elem; 816 u8 *country_elem;
924 u8 *pwr_constr_elem; 817 u8 *pwr_constr_elem;
@@ -940,7 +833,6 @@ struct ieee802_11_elems {
940 u8 ext_supp_rates_len; 833 u8 ext_supp_rates_len;
941 u8 wmm_info_len; 834 u8 wmm_info_len;
942 u8 wmm_param_len; 835 u8 wmm_param_len;
943 u8 mesh_config_len;
944 u8 mesh_id_len; 836 u8 mesh_id_len;
945 u8 peer_link_len; 837 u8 peer_link_len;
946 u8 preq_len; 838 u8 preq_len;
@@ -1063,6 +955,18 @@ netdev_tx_t ieee80211_monitor_start_xmit(struct sk_buff *skb,
1063netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb, 955netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
1064 struct net_device *dev); 956 struct net_device *dev);
1065 957
958/*
959 * radiotap header for status frames
960 */
961struct ieee80211_tx_status_rtap_hdr {
962 struct ieee80211_radiotap_header hdr;
963 u8 rate;
964 u8 padding_for_rate;
965 __le16 tx_flags;
966 u8 data_retries;
967} __attribute__ ((packed));
968
969
1066/* HT */ 970/* HT */
1067void ieee80211_ht_cap_ie_to_sta_ht_cap(struct ieee80211_supported_band *sband, 971void ieee80211_ht_cap_ie_to_sta_ht_cap(struct ieee80211_supported_band *sband,
1068 struct ieee80211_ht_cap *ht_cap_ie, 972 struct ieee80211_ht_cap *ht_cap_ie,
@@ -1132,8 +1036,7 @@ void mac80211_ev_michael_mic_failure(struct ieee80211_sub_if_data *sdata, int ke
1132 struct ieee80211_hdr *hdr, const u8 *tsc, 1036 struct ieee80211_hdr *hdr, const u8 *tsc,
1133 gfp_t gfp); 1037 gfp_t gfp);
1134void ieee80211_set_wmm_default(struct ieee80211_sub_if_data *sdata); 1038void ieee80211_set_wmm_default(struct ieee80211_sub_if_data *sdata);
1135void ieee80211_tx_skb(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb, 1039void ieee80211_tx_skb(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb);
1136 int encrypt);
1137void ieee802_11_parse_elems(u8 *start, size_t len, 1040void ieee802_11_parse_elems(u8 *start, size_t len,
1138 struct ieee802_11_elems *elems); 1041 struct ieee802_11_elems *elems);
1139u32 ieee802_11_parse_elems_crc(u8 *start, size_t len, 1042u32 ieee802_11_parse_elems_crc(u8 *start, size_t len,
@@ -1170,7 +1073,8 @@ void ieee80211_send_auth(struct ieee80211_sub_if_data *sdata,
1170 u8 *extra, size_t extra_len, const u8 *bssid, 1073 u8 *extra, size_t extra_len, const u8 *bssid,
1171 const u8 *key, u8 key_len, u8 key_idx); 1074 const u8 *key, u8 key_len, u8 key_idx);
1172int ieee80211_build_preq_ies(struct ieee80211_local *local, u8 *buffer, 1075int ieee80211_build_preq_ies(struct ieee80211_local *local, u8 *buffer,
1173 const u8 *ie, size_t ie_len); 1076 const u8 *ie, size_t ie_len,
1077 enum ieee80211_band band);
1174void ieee80211_send_probe_req(struct ieee80211_sub_if_data *sdata, u8 *dst, 1078void ieee80211_send_probe_req(struct ieee80211_sub_if_data *sdata, u8 *dst,
1175 const u8 *ssid, size_t ssid_len, 1079 const u8 *ssid, size_t ssid_len,
1176 const u8 *ie, size_t ie_len); 1080 const u8 *ie, size_t ie_len);
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
index b8295cbd7e8f..80c16f6e2af6 100644
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
@@ -184,10 +184,12 @@ static int ieee80211_open(struct net_device *dev)
184 * No need to check netif_running since we do not allow 184 * No need to check netif_running since we do not allow
185 * it to start up with this invalid address. 185 * it to start up with this invalid address.
186 */ 186 */
187 if (compare_ether_addr(null_addr, ndev->dev_addr) == 0) 187 if (compare_ether_addr(null_addr, ndev->dev_addr) == 0) {
188 memcpy(ndev->dev_addr, 188 memcpy(ndev->dev_addr,
189 local->hw.wiphy->perm_addr, 189 local->hw.wiphy->perm_addr,
190 ETH_ALEN); 190 ETH_ALEN);
191 memcpy(ndev->perm_addr, ndev->dev_addr, ETH_ALEN);
192 }
191 } 193 }
192 194
193 /* 195 /*
@@ -212,8 +214,8 @@ static int ieee80211_open(struct net_device *dev)
212 /* must be before the call to ieee80211_configure_filter */ 214 /* must be before the call to ieee80211_configure_filter */
213 local->monitors++; 215 local->monitors++;
214 if (local->monitors == 1) { 216 if (local->monitors == 1) {
215 local->hw.conf.flags |= IEEE80211_CONF_RADIOTAP; 217 local->hw.conf.flags |= IEEE80211_CONF_MONITOR;
216 hw_reconf_flags |= IEEE80211_CONF_CHANGE_RADIOTAP; 218 hw_reconf_flags |= IEEE80211_CONF_CHANGE_MONITOR;
217 } 219 }
218 220
219 if (sdata->u.mntr_flags & MONITOR_FLAG_FCSFAIL) 221 if (sdata->u.mntr_flags & MONITOR_FLAG_FCSFAIL)
@@ -312,7 +314,7 @@ static int ieee80211_open(struct net_device *dev)
312 if (sdata->vif.type == NL80211_IFTYPE_STATION) 314 if (sdata->vif.type == NL80211_IFTYPE_STATION)
313 ieee80211_queue_work(&local->hw, &sdata->u.mgd.work); 315 ieee80211_queue_work(&local->hw, &sdata->u.mgd.work);
314 316
315 netif_tx_start_all_queues(dev); 317 netif_start_queue(dev);
316 318
317 return 0; 319 return 0;
318 err_del_interface: 320 err_del_interface:
@@ -341,7 +343,7 @@ static int ieee80211_stop(struct net_device *dev)
341 /* 343 /*
342 * Stop TX on this interface first. 344 * Stop TX on this interface first.
343 */ 345 */
344 netif_tx_stop_all_queues(dev); 346 netif_stop_queue(dev);
345 347
346 /* 348 /*
347 * Now delete all active aggregation sessions. 349 * Now delete all active aggregation sessions.
@@ -433,8 +435,8 @@ static int ieee80211_stop(struct net_device *dev)
433 435
434 local->monitors--; 436 local->monitors--;
435 if (local->monitors == 0) { 437 if (local->monitors == 0) {
436 local->hw.conf.flags &= ~IEEE80211_CONF_RADIOTAP; 438 local->hw.conf.flags &= ~IEEE80211_CONF_MONITOR;
437 hw_reconf_flags |= IEEE80211_CONF_CHANGE_RADIOTAP; 439 hw_reconf_flags |= IEEE80211_CONF_CHANGE_MONITOR;
438 } 440 }
439 441
440 if (sdata->u.mntr_flags & MONITOR_FLAG_FCSFAIL) 442 if (sdata->u.mntr_flags & MONITOR_FLAG_FCSFAIL)
@@ -750,14 +752,12 @@ int ieee80211_if_change_type(struct ieee80211_sub_if_data *sdata,
750 ieee80211_mandatory_rates(sdata->local, 752 ieee80211_mandatory_rates(sdata->local,
751 sdata->local->hw.conf.channel->band); 753 sdata->local->hw.conf.channel->band);
752 sdata->drop_unencrypted = 0; 754 sdata->drop_unencrypted = 0;
755 if (type == NL80211_IFTYPE_STATION)
756 sdata->u.mgd.use_4addr = false;
753 757
754 return 0; 758 return 0;
755} 759}
756 760
757static struct device_type wiphy_type = {
758 .name = "wlan",
759};
760
761int ieee80211_if_add(struct ieee80211_local *local, const char *name, 761int ieee80211_if_add(struct ieee80211_local *local, const char *name,
762 struct net_device **new_dev, enum nl80211_iftype type, 762 struct net_device **new_dev, enum nl80211_iftype type,
763 struct vif_params *params) 763 struct vif_params *params)
@@ -788,8 +788,8 @@ int ieee80211_if_add(struct ieee80211_local *local, const char *name,
788 goto fail; 788 goto fail;
789 789
790 memcpy(ndev->dev_addr, local->hw.wiphy->perm_addr, ETH_ALEN); 790 memcpy(ndev->dev_addr, local->hw.wiphy->perm_addr, ETH_ALEN);
791 memcpy(ndev->perm_addr, ndev->dev_addr, ETH_ALEN);
791 SET_NETDEV_DEV(ndev, wiphy_dev(local->hw.wiphy)); 792 SET_NETDEV_DEV(ndev, wiphy_dev(local->hw.wiphy));
792 SET_NETDEV_DEVTYPE(ndev, &wiphy_type);
793 793
794 /* don't use IEEE80211_DEV_TO_SUB_IF because it checks too much */ 794 /* don't use IEEE80211_DEV_TO_SUB_IF because it checks too much */
795 sdata = netdev_priv(ndev); 795 sdata = netdev_priv(ndev);
@@ -811,6 +811,12 @@ int ieee80211_if_add(struct ieee80211_local *local, const char *name,
811 /* setup type-dependent data */ 811 /* setup type-dependent data */
812 ieee80211_setup_sdata(sdata, type); 812 ieee80211_setup_sdata(sdata, type);
813 813
814 if (params) {
815 ndev->ieee80211_ptr->use_4addr = params->use_4addr;
816 if (type == NL80211_IFTYPE_STATION)
817 sdata->u.mgd.use_4addr = params->use_4addr;
818 }
819
814 ret = register_netdevice(ndev); 820 ret = register_netdevice(ndev);
815 if (ret) 821 if (ret)
816 goto fail; 822 goto fail;
@@ -854,22 +860,18 @@ void ieee80211_if_remove(struct ieee80211_sub_if_data *sdata)
854void ieee80211_remove_interfaces(struct ieee80211_local *local) 860void ieee80211_remove_interfaces(struct ieee80211_local *local)
855{ 861{
856 struct ieee80211_sub_if_data *sdata, *tmp; 862 struct ieee80211_sub_if_data *sdata, *tmp;
863 LIST_HEAD(unreg_list);
857 864
858 ASSERT_RTNL(); 865 ASSERT_RTNL();
859 866
867 mutex_lock(&local->iflist_mtx);
860 list_for_each_entry_safe(sdata, tmp, &local->interfaces, list) { 868 list_for_each_entry_safe(sdata, tmp, &local->interfaces, list) {
861 /*
862 * we cannot hold the iflist_mtx across unregister_netdevice,
863 * but we only need to hold it for list modifications to lock
864 * out readers since we're under the RTNL here as all other
865 * writers.
866 */
867 mutex_lock(&local->iflist_mtx);
868 list_del(&sdata->list); 869 list_del(&sdata->list);
869 mutex_unlock(&local->iflist_mtx);
870 870
871 unregister_netdevice(sdata->dev); 871 unregister_netdevice_queue(sdata->dev, &unreg_list);
872 } 872 }
873 mutex_unlock(&local->iflist_mtx);
874 unregister_netdevice_many(&unreg_list);
873} 875}
874 876
875static u32 ieee80211_idle_off(struct ieee80211_local *local, 877static u32 ieee80211_idle_off(struct ieee80211_local *local,
diff --git a/net/mac80211/key.h b/net/mac80211/key.h
index 9572e00f532c..a49f93b79e92 100644
--- a/net/mac80211/key.h
+++ b/net/mac80211/key.h
@@ -118,18 +118,6 @@ struct ieee80211_key {
118 struct { 118 struct {
119 struct dentry *stalink; 119 struct dentry *stalink;
120 struct dentry *dir; 120 struct dentry *dir;
121 struct dentry *keylen;
122 struct dentry *flags;
123 struct dentry *keyidx;
124 struct dentry *hw_key_idx;
125 struct dentry *tx_rx_count;
126 struct dentry *algorithm;
127 struct dentry *tx_spec;
128 struct dentry *rx_spec;
129 struct dentry *replays;
130 struct dentry *icverrors;
131 struct dentry *key;
132 struct dentry *ifindex;
133 int cnt; 121 int cnt;
134 } debugfs; 122 } debugfs;
135#endif 123#endif
diff --git a/net/mac80211/main.c b/net/mac80211/main.c
index 797f53942e5f..8116d1a96a4a 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -9,7 +9,6 @@
9 */ 9 */
10 10
11#include <net/mac80211.h> 11#include <net/mac80211.h>
12#include <net/ieee80211_radiotap.h>
13#include <linux/module.h> 12#include <linux/module.h>
14#include <linux/init.h> 13#include <linux/init.h>
15#include <linux/netdevice.h> 14#include <linux/netdevice.h>
@@ -30,26 +29,11 @@
30#include "rate.h" 29#include "rate.h"
31#include "mesh.h" 30#include "mesh.h"
32#include "wep.h" 31#include "wep.h"
33#include "wme.h"
34#include "aes_ccm.h"
35#include "led.h" 32#include "led.h"
36#include "cfg.h" 33#include "cfg.h"
37#include "debugfs.h" 34#include "debugfs.h"
38#include "debugfs_netdev.h" 35#include "debugfs_netdev.h"
39 36
40/*
41 * For seeing transmitted packets on monitor interfaces
42 * we have a radiotap header too.
43 */
44struct ieee80211_tx_status_rtap_hdr {
45 struct ieee80211_radiotap_header hdr;
46 u8 rate;
47 u8 padding_for_rate;
48 __le16 tx_flags;
49 u8 data_retries;
50} __attribute__ ((packed));
51
52
53void ieee80211_configure_filter(struct ieee80211_local *local) 37void ieee80211_configure_filter(struct ieee80211_local *local)
54{ 38{
55 u64 mc; 39 u64 mc;
@@ -253,28 +237,6 @@ u32 ieee80211_reset_erp_info(struct ieee80211_sub_if_data *sdata)
253 BSS_CHANGED_ERP_SLOT; 237 BSS_CHANGED_ERP_SLOT;
254} 238}
255 239
256void ieee80211_tx_status_irqsafe(struct ieee80211_hw *hw,
257 struct sk_buff *skb)
258{
259 struct ieee80211_local *local = hw_to_local(hw);
260 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
261 int tmp;
262
263 skb->pkt_type = IEEE80211_TX_STATUS_MSG;
264 skb_queue_tail(info->flags & IEEE80211_TX_CTL_REQ_TX_STATUS ?
265 &local->skb_queue : &local->skb_queue_unreliable, skb);
266 tmp = skb_queue_len(&local->skb_queue) +
267 skb_queue_len(&local->skb_queue_unreliable);
268 while (tmp > IEEE80211_IRQSAFE_QUEUE_LIMIT &&
269 (skb = skb_dequeue(&local->skb_queue_unreliable))) {
270 dev_kfree_skb_irq(skb);
271 tmp--;
272 I802_DEBUG_INC(local->tx_status_drop);
273 }
274 tasklet_schedule(&local->tasklet);
275}
276EXPORT_SYMBOL(ieee80211_tx_status_irqsafe);
277
278static void ieee80211_tasklet_handler(unsigned long data) 240static void ieee80211_tasklet_handler(unsigned long data)
279{ 241{
280 struct ieee80211_local *local = (struct ieee80211_local *) data; 242 struct ieee80211_local *local = (struct ieee80211_local *) data;
@@ -296,14 +258,14 @@ static void ieee80211_tasklet_handler(unsigned long data)
296 break; 258 break;
297 case IEEE80211_DELBA_MSG: 259 case IEEE80211_DELBA_MSG:
298 ra_tid = (struct ieee80211_ra_tid *) &skb->cb; 260 ra_tid = (struct ieee80211_ra_tid *) &skb->cb;
299 ieee80211_stop_tx_ba_cb(local_to_hw(local), 261 ieee80211_stop_tx_ba_cb(ra_tid->vif, ra_tid->ra,
300 ra_tid->ra, ra_tid->tid); 262 ra_tid->tid);
301 dev_kfree_skb(skb); 263 dev_kfree_skb(skb);
302 break; 264 break;
303 case IEEE80211_ADDBA_MSG: 265 case IEEE80211_ADDBA_MSG:
304 ra_tid = (struct ieee80211_ra_tid *) &skb->cb; 266 ra_tid = (struct ieee80211_ra_tid *) &skb->cb;
305 ieee80211_start_tx_ba_cb(local_to_hw(local), 267 ieee80211_start_tx_ba_cb(ra_tid->vif, ra_tid->ra,
306 ra_tid->ra, ra_tid->tid); 268 ra_tid->tid);
307 dev_kfree_skb(skb); 269 dev_kfree_skb(skb);
308 break ; 270 break ;
309 default: 271 default:
@@ -315,299 +277,6 @@ static void ieee80211_tasklet_handler(unsigned long data)
315 } 277 }
316} 278}
317 279
318static void ieee80211_handle_filtered_frame(struct ieee80211_local *local,
319 struct sta_info *sta,
320 struct sk_buff *skb)
321{
322 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
323
324 /*
325 * XXX: This is temporary!
326 *
327 * The problem here is that when we get here, the driver will
328 * quite likely have pretty much overwritten info->control by
329 * using info->driver_data or info->rate_driver_data. Thus,
330 * when passing out the frame to the driver again, we would be
331 * passing completely bogus data since the driver would then
332 * expect a properly filled info->control. In mac80211 itself
333 * the same problem occurs, since we need info->control.vif
334 * internally.
335 *
336 * To fix this, we should send the frame through TX processing
337 * again. However, it's not that simple, since the frame will
338 * have been software-encrypted (if applicable) already, and
339 * encrypting it again doesn't do much good. So to properly do
340 * that, we not only have to skip the actual 'raw' encryption
341 * (key selection etc. still has to be done!) but also the
342 * sequence number assignment since that impacts the crypto
343 * encapsulation, of course.
344 *
345 * Hence, for now, fix the bug by just dropping the frame.
346 */
347 goto drop;
348
349 sta->tx_filtered_count++;
350
351 /*
352 * Clear the TX filter mask for this STA when sending the next
353 * packet. If the STA went to power save mode, this will happen
354 * when it wakes up for the next time.
355 */
356 set_sta_flags(sta, WLAN_STA_CLEAR_PS_FILT);
357
358 /*
359 * This code races in the following way:
360 *
361 * (1) STA sends frame indicating it will go to sleep and does so
362 * (2) hardware/firmware adds STA to filter list, passes frame up
363 * (3) hardware/firmware processes TX fifo and suppresses a frame
364 * (4) we get TX status before having processed the frame and
365 * knowing that the STA has gone to sleep.
366 *
367 * This is actually quite unlikely even when both those events are
368 * processed from interrupts coming in quickly after one another or
369 * even at the same time because we queue both TX status events and
370 * RX frames to be processed by a tasklet and process them in the
371 * same order that they were received or TX status last. Hence, there
372 * is no race as long as the frame RX is processed before the next TX
373 * status, which drivers can ensure, see below.
374 *
375 * Note that this can only happen if the hardware or firmware can
376 * actually add STAs to the filter list, if this is done by the
377 * driver in response to set_tim() (which will only reduce the race
378 * this whole filtering tries to solve, not completely solve it)
379 * this situation cannot happen.
380 *
381 * To completely solve this race drivers need to make sure that they
382 * (a) don't mix the irq-safe/not irq-safe TX status/RX processing
383 * functions and
384 * (b) always process RX events before TX status events if ordering
385 * can be unknown, for example with different interrupt status
386 * bits.
387 */
388 if (test_sta_flags(sta, WLAN_STA_PS) &&
389 skb_queue_len(&sta->tx_filtered) < STA_MAX_TX_BUFFER) {
390 skb_queue_tail(&sta->tx_filtered, skb);
391 return;
392 }
393
394 if (!test_sta_flags(sta, WLAN_STA_PS) &&
395 !(info->flags & IEEE80211_TX_INTFL_RETRIED)) {
396 /* Software retry the packet once */
397 info->flags |= IEEE80211_TX_INTFL_RETRIED;
398 ieee80211_add_pending_skb(local, skb);
399 return;
400 }
401
402 drop:
403#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
404 if (net_ratelimit())
405 printk(KERN_DEBUG "%s: dropped TX filtered frame, "
406 "queue_len=%d PS=%d @%lu\n",
407 wiphy_name(local->hw.wiphy),
408 skb_queue_len(&sta->tx_filtered),
409 !!test_sta_flags(sta, WLAN_STA_PS), jiffies);
410#endif
411 dev_kfree_skb(skb);
412}
413
414void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
415{
416 struct sk_buff *skb2;
417 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
418 struct ieee80211_local *local = hw_to_local(hw);
419 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
420 u16 frag, type;
421 __le16 fc;
422 struct ieee80211_supported_band *sband;
423 struct ieee80211_tx_status_rtap_hdr *rthdr;
424 struct ieee80211_sub_if_data *sdata;
425 struct net_device *prev_dev = NULL;
426 struct sta_info *sta;
427 int retry_count = -1, i;
428
429 for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) {
430 /* the HW cannot have attempted that rate */
431 if (i >= hw->max_rates) {
432 info->status.rates[i].idx = -1;
433 info->status.rates[i].count = 0;
434 }
435
436 retry_count += info->status.rates[i].count;
437 }
438 if (retry_count < 0)
439 retry_count = 0;
440
441 rcu_read_lock();
442
443 sband = local->hw.wiphy->bands[info->band];
444
445 sta = sta_info_get(local, hdr->addr1);
446
447 if (sta) {
448 if (!(info->flags & IEEE80211_TX_STAT_ACK) &&
449 test_sta_flags(sta, WLAN_STA_PS)) {
450 /*
451 * The STA is in power save mode, so assume
452 * that this TX packet failed because of that.
453 */
454 ieee80211_handle_filtered_frame(local, sta, skb);
455 rcu_read_unlock();
456 return;
457 }
458
459 fc = hdr->frame_control;
460
461 if ((info->flags & IEEE80211_TX_STAT_AMPDU_NO_BACK) &&
462 (ieee80211_is_data_qos(fc))) {
463 u16 tid, ssn;
464 u8 *qc;
465
466 qc = ieee80211_get_qos_ctl(hdr);
467 tid = qc[0] & 0xf;
468 ssn = ((le16_to_cpu(hdr->seq_ctrl) + 0x10)
469 & IEEE80211_SCTL_SEQ);
470 ieee80211_send_bar(sta->sdata, hdr->addr1,
471 tid, ssn);
472 }
473
474 if (info->flags & IEEE80211_TX_STAT_TX_FILTERED) {
475 ieee80211_handle_filtered_frame(local, sta, skb);
476 rcu_read_unlock();
477 return;
478 } else {
479 if (!(info->flags & IEEE80211_TX_STAT_ACK))
480 sta->tx_retry_failed++;
481 sta->tx_retry_count += retry_count;
482 }
483
484 rate_control_tx_status(local, sband, sta, skb);
485 if (ieee80211_vif_is_mesh(&sta->sdata->vif))
486 ieee80211s_update_metric(local, sta, skb);
487 }
488
489 rcu_read_unlock();
490
491 ieee80211_led_tx(local, 0);
492
493 /* SNMP counters
494 * Fragments are passed to low-level drivers as separate skbs, so these
495 * are actually fragments, not frames. Update frame counters only for
496 * the first fragment of the frame. */
497
498 frag = le16_to_cpu(hdr->seq_ctrl) & IEEE80211_SCTL_FRAG;
499 type = le16_to_cpu(hdr->frame_control) & IEEE80211_FCTL_FTYPE;
500
501 if (info->flags & IEEE80211_TX_STAT_ACK) {
502 if (frag == 0) {
503 local->dot11TransmittedFrameCount++;
504 if (is_multicast_ether_addr(hdr->addr1))
505 local->dot11MulticastTransmittedFrameCount++;
506 if (retry_count > 0)
507 local->dot11RetryCount++;
508 if (retry_count > 1)
509 local->dot11MultipleRetryCount++;
510 }
511
512 /* This counter shall be incremented for an acknowledged MPDU
513 * with an individual address in the address 1 field or an MPDU
514 * with a multicast address in the address 1 field of type Data
515 * or Management. */
516 if (!is_multicast_ether_addr(hdr->addr1) ||
517 type == IEEE80211_FTYPE_DATA ||
518 type == IEEE80211_FTYPE_MGMT)
519 local->dot11TransmittedFragmentCount++;
520 } else {
521 if (frag == 0)
522 local->dot11FailedCount++;
523 }
524
525 /* this was a transmitted frame, but now we want to reuse it */
526 skb_orphan(skb);
527
528 /*
529 * This is a bit racy but we can avoid a lot of work
530 * with this test...
531 */
532 if (!local->monitors && !local->cooked_mntrs) {
533 dev_kfree_skb(skb);
534 return;
535 }
536
537 /* send frame to monitor interfaces now */
538
539 if (skb_headroom(skb) < sizeof(*rthdr)) {
540 printk(KERN_ERR "ieee80211_tx_status: headroom too small\n");
541 dev_kfree_skb(skb);
542 return;
543 }
544
545 rthdr = (struct ieee80211_tx_status_rtap_hdr *)
546 skb_push(skb, sizeof(*rthdr));
547
548 memset(rthdr, 0, sizeof(*rthdr));
549 rthdr->hdr.it_len = cpu_to_le16(sizeof(*rthdr));
550 rthdr->hdr.it_present =
551 cpu_to_le32((1 << IEEE80211_RADIOTAP_TX_FLAGS) |
552 (1 << IEEE80211_RADIOTAP_DATA_RETRIES) |
553 (1 << IEEE80211_RADIOTAP_RATE));
554
555 if (!(info->flags & IEEE80211_TX_STAT_ACK) &&
556 !is_multicast_ether_addr(hdr->addr1))
557 rthdr->tx_flags |= cpu_to_le16(IEEE80211_RADIOTAP_F_TX_FAIL);
558
559 /*
560 * XXX: Once radiotap gets the bitmap reset thing the vendor
561 * extensions proposal contains, we can actually report
562 * the whole set of tries we did.
563 */
564 if ((info->status.rates[0].flags & IEEE80211_TX_RC_USE_RTS_CTS) ||
565 (info->status.rates[0].flags & IEEE80211_TX_RC_USE_CTS_PROTECT))
566 rthdr->tx_flags |= cpu_to_le16(IEEE80211_RADIOTAP_F_TX_CTS);
567 else if (info->status.rates[0].flags & IEEE80211_TX_RC_USE_RTS_CTS)
568 rthdr->tx_flags |= cpu_to_le16(IEEE80211_RADIOTAP_F_TX_RTS);
569 if (info->status.rates[0].idx >= 0 &&
570 !(info->status.rates[0].flags & IEEE80211_TX_RC_MCS))
571 rthdr->rate = sband->bitrates[
572 info->status.rates[0].idx].bitrate / 5;
573
574 /* for now report the total retry_count */
575 rthdr->data_retries = retry_count;
576
577 /* XXX: is this sufficient for BPF? */
578 skb_set_mac_header(skb, 0);
579 skb->ip_summed = CHECKSUM_UNNECESSARY;
580 skb->pkt_type = PACKET_OTHERHOST;
581 skb->protocol = htons(ETH_P_802_2);
582 memset(skb->cb, 0, sizeof(skb->cb));
583
584 rcu_read_lock();
585 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
586 if (sdata->vif.type == NL80211_IFTYPE_MONITOR) {
587 if (!netif_running(sdata->dev))
588 continue;
589
590 if (prev_dev) {
591 skb2 = skb_clone(skb, GFP_ATOMIC);
592 if (skb2) {
593 skb2->dev = prev_dev;
594 netif_rx(skb2);
595 }
596 }
597
598 prev_dev = sdata->dev;
599 }
600 }
601 if (prev_dev) {
602 skb->dev = prev_dev;
603 netif_rx(skb);
604 skb = NULL;
605 }
606 rcu_read_unlock();
607 dev_kfree_skb(skb);
608}
609EXPORT_SYMBOL(ieee80211_tx_status);
610
611static void ieee80211_restart_work(struct work_struct *work) 280static void ieee80211_restart_work(struct work_struct *work)
612{ 281{
613 struct ieee80211_local *local = 282 struct ieee80211_local *local =
@@ -659,7 +328,9 @@ struct ieee80211_hw *ieee80211_alloc_hw(size_t priv_data_len,
659 if (!wiphy) 328 if (!wiphy)
660 return NULL; 329 return NULL;
661 330
662 wiphy->netnsok = true; 331 wiphy->flags |= WIPHY_FLAG_NETNS_OK |
332 WIPHY_FLAG_4ADDR_AP |
333 WIPHY_FLAG_4ADDR_STATION;
663 wiphy->privid = mac80211_wiphy_privid; 334 wiphy->privid = mac80211_wiphy_privid;
664 335
665 /* Yes, putting cfg80211_bss into ieee80211_bss is a hack */ 336 /* Yes, putting cfg80211_bss into ieee80211_bss is a hack */
@@ -901,6 +572,7 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
901 i++; 572 i++;
902 } 573 }
903 } 574 }
575 local->int_scan_req->n_channels = i;
904 576
905 local->network_latency_notifier.notifier_call = 577 local->network_latency_notifier.notifier_call =
906 ieee80211_max_network_latency; 578 ieee80211_max_network_latency;
@@ -923,7 +595,6 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
923 fail_wep: 595 fail_wep:
924 sta_info_stop(local); 596 sta_info_stop(local);
925 fail_sta_info: 597 fail_sta_info:
926 debugfs_hw_del(local);
927 destroy_workqueue(local->workqueue); 598 destroy_workqueue(local->workqueue);
928 fail_workqueue: 599 fail_workqueue:
929 wiphy_unregister(local->hw.wiphy); 600 wiphy_unregister(local->hw.wiphy);
@@ -959,10 +630,9 @@ void ieee80211_unregister_hw(struct ieee80211_hw *hw)
959 ieee80211_clear_tx_pending(local); 630 ieee80211_clear_tx_pending(local);
960 sta_info_stop(local); 631 sta_info_stop(local);
961 rate_control_deinitialize(local); 632 rate_control_deinitialize(local);
962 debugfs_hw_del(local);
963 633
964 if (skb_queue_len(&local->skb_queue) 634 if (skb_queue_len(&local->skb_queue) ||
965 || skb_queue_len(&local->skb_queue_unreliable)) 635 skb_queue_len(&local->skb_queue_unreliable))
966 printk(KERN_WARNING "%s: skb_queue not empty\n", 636 printk(KERN_WARNING "%s: skb_queue not empty\n",
967 wiphy_name(local->hw.wiphy)); 637 wiphy_name(local->hw.wiphy));
968 skb_queue_purge(&local->skb_queue); 638 skb_queue_purge(&local->skb_queue);
diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c
index f7364e56f1ee..c0fe46493f71 100644
--- a/net/mac80211/mesh.c
+++ b/net/mac80211/mesh.c
@@ -1,5 +1,5 @@
1/* 1/*
2 * Copyright (c) 2008 open80211s Ltd. 2 * Copyright (c) 2008, 2009 open80211s Ltd.
3 * Authors: Luis Carlos Cobo <luisca@cozybit.com> 3 * Authors: Luis Carlos Cobo <luisca@cozybit.com>
4 * Javier Cardona <javier@cozybit.com> 4 * Javier Cardona <javier@cozybit.com>
5 * 5 *
@@ -14,18 +14,14 @@
14 14
15#define IEEE80211_MESH_PEER_INACTIVITY_LIMIT (1800 * HZ) 15#define IEEE80211_MESH_PEER_INACTIVITY_LIMIT (1800 * HZ)
16#define IEEE80211_MESH_HOUSEKEEPING_INTERVAL (60 * HZ) 16#define IEEE80211_MESH_HOUSEKEEPING_INTERVAL (60 * HZ)
17#define IEEE80211_MESH_RANN_INTERVAL (1 * HZ)
17 18
18#define PP_OFFSET 1 /* Path Selection Protocol */ 19#define MESHCONF_CAPAB_ACCEPT_PLINKS 0x01
19#define PM_OFFSET 5 /* Path Selection Metric */ 20#define MESHCONF_CAPAB_FORWARDING 0x08
20#define CC_OFFSET 9 /* Congestion Control Mode */
21#define SP_OFFSET 13 /* Synchronization Protocol */
22#define AUTH_OFFSET 17 /* Authentication Protocol */
23#define CAPAB_OFFSET 22
24#define CAPAB_ACCEPT_PLINKS 0x80
25#define CAPAB_FORWARDING 0x10
26 21
27#define TMR_RUNNING_HK 0 22#define TMR_RUNNING_HK 0
28#define TMR_RUNNING_MP 1 23#define TMR_RUNNING_MP 1
24#define TMR_RUNNING_MPR 2
29 25
30int mesh_allocated; 26int mesh_allocated;
31static struct kmem_cache *rm_cache; 27static struct kmem_cache *rm_cache;
@@ -50,7 +46,7 @@ static void ieee80211_mesh_housekeeping_timer(unsigned long data)
50 struct ieee80211_local *local = sdata->local; 46 struct ieee80211_local *local = sdata->local;
51 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; 47 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
52 48
53 ifmsh->wrkq_flags |= MESH_WORK_HOUSEKEEPING; 49 set_bit(MESH_WORK_HOUSEKEEPING, &ifmsh->wrkq_flags);
54 50
55 if (local->quiescing) { 51 if (local->quiescing) {
56 set_bit(TMR_RUNNING_HK, &ifmsh->timers_running); 52 set_bit(TMR_RUNNING_HK, &ifmsh->timers_running);
@@ -85,11 +81,11 @@ bool mesh_matches_local(struct ieee802_11_elems *ie, struct ieee80211_sub_if_dat
85 */ 81 */
86 if (ifmsh->mesh_id_len == ie->mesh_id_len && 82 if (ifmsh->mesh_id_len == ie->mesh_id_len &&
87 memcmp(ifmsh->mesh_id, ie->mesh_id, ie->mesh_id_len) == 0 && 83 memcmp(ifmsh->mesh_id, ie->mesh_id, ie->mesh_id_len) == 0 &&
88 memcmp(ifmsh->mesh_pp_id, ie->mesh_config + PP_OFFSET, 4) == 0 && 84 (ifmsh->mesh_pp_id == ie->mesh_config->meshconf_psel) &&
89 memcmp(ifmsh->mesh_pm_id, ie->mesh_config + PM_OFFSET, 4) == 0 && 85 (ifmsh->mesh_pm_id == ie->mesh_config->meshconf_pmetric) &&
90 memcmp(ifmsh->mesh_cc_id, ie->mesh_config + CC_OFFSET, 4) == 0 && 86 (ifmsh->mesh_cc_id == ie->mesh_config->meshconf_congest) &&
91 memcmp(ifmsh->mesh_sp_id, ie->mesh_config + SP_OFFSET, 4) == 0 && 87 (ifmsh->mesh_sp_id == ie->mesh_config->meshconf_synch) &&
92 memcmp(ifmsh->mesh_auth_id, ie->mesh_config + AUTH_OFFSET, 4) == 0) 88 (ifmsh->mesh_auth_id == ie->mesh_config->meshconf_auth))
93 return true; 89 return true;
94 90
95 return false; 91 return false;
@@ -102,7 +98,8 @@ bool mesh_matches_local(struct ieee802_11_elems *ie, struct ieee80211_sub_if_dat
102 */ 98 */
103bool mesh_peer_accepts_plinks(struct ieee802_11_elems *ie) 99bool mesh_peer_accepts_plinks(struct ieee802_11_elems *ie)
104{ 100{
105 return (*(ie->mesh_config + CAPAB_OFFSET) & CAPAB_ACCEPT_PLINKS) != 0; 101 return (ie->mesh_config->meshconf_cap &
102 MESHCONF_CAPAB_ACCEPT_PLINKS) != 0;
106} 103}
107 104
108/** 105/**
@@ -128,18 +125,11 @@ void mesh_accept_plinks_update(struct ieee80211_sub_if_data *sdata)
128 125
129void mesh_ids_set_default(struct ieee80211_if_mesh *sta) 126void mesh_ids_set_default(struct ieee80211_if_mesh *sta)
130{ 127{
131 u8 oui[3] = {0x00, 0x0F, 0xAC}; 128 sta->mesh_pp_id = 0; /* HWMP */
132 129 sta->mesh_pm_id = 0; /* Airtime */
133 memcpy(sta->mesh_pp_id, oui, sizeof(oui)); 130 sta->mesh_cc_id = 0; /* Disabled */
134 memcpy(sta->mesh_pm_id, oui, sizeof(oui)); 131 sta->mesh_sp_id = 0; /* Neighbor Offset */
135 memcpy(sta->mesh_cc_id, oui, sizeof(oui)); 132 sta->mesh_auth_id = 0; /* Disabled */
136 memcpy(sta->mesh_sp_id, oui, sizeof(oui));
137 memcpy(sta->mesh_auth_id, oui, sizeof(oui));
138 sta->mesh_pp_id[sizeof(oui)] = 0;
139 sta->mesh_pm_id[sizeof(oui)] = 0;
140 sta->mesh_cc_id[sizeof(oui)] = 0xff;
141 sta->mesh_sp_id[sizeof(oui)] = 0xff;
142 sta->mesh_auth_id[sizeof(oui)] = 0x0;
143} 133}
144 134
145int mesh_rmc_init(struct ieee80211_sub_if_data *sdata) 135int mesh_rmc_init(struct ieee80211_sub_if_data *sdata)
@@ -205,8 +195,8 @@ int mesh_rmc_check(u8 *sa, struct ieee80211s_hdr *mesh_hdr,
205 list_del(&p->list); 195 list_del(&p->list);
206 kmem_cache_free(rm_cache, p); 196 kmem_cache_free(rm_cache, p);
207 --entries; 197 --entries;
208 } else if ((seqnum == p->seqnum) 198 } else if ((seqnum == p->seqnum) &&
209 && (memcmp(sa, p->sa, ETH_ALEN) == 0)) 199 (memcmp(sa, p->sa, ETH_ALEN) == 0))
210 return -1; 200 return -1;
211 } 201 }
212 202
@@ -228,6 +218,7 @@ void mesh_mgmt_ies_add(struct sk_buff *skb, struct ieee80211_sub_if_data *sdata)
228 struct ieee80211_supported_band *sband; 218 struct ieee80211_supported_band *sband;
229 u8 *pos; 219 u8 *pos;
230 int len, i, rate; 220 int len, i, rate;
221 u8 neighbors;
231 222
232 sband = local->hw.wiphy->bands[local->hw.conf.channel->band]; 223 sband = local->hw.wiphy->bands[local->hw.conf.channel->band];
233 len = sband->n_bitrates; 224 len = sband->n_bitrates;
@@ -251,46 +242,49 @@ void mesh_mgmt_ies_add(struct sk_buff *skb, struct ieee80211_sub_if_data *sdata)
251 } 242 }
252 } 243 }
253 244
245 if (sband->band == IEEE80211_BAND_2GHZ) {
246 pos = skb_put(skb, 2 + 1);
247 *pos++ = WLAN_EID_DS_PARAMS;
248 *pos++ = 1;
249 *pos++ = ieee80211_frequency_to_channel(local->hw.conf.channel->center_freq);
250 }
251
254 pos = skb_put(skb, 2 + sdata->u.mesh.mesh_id_len); 252 pos = skb_put(skb, 2 + sdata->u.mesh.mesh_id_len);
255 *pos++ = WLAN_EID_MESH_ID; 253 *pos++ = WLAN_EID_MESH_ID;
256 *pos++ = sdata->u.mesh.mesh_id_len; 254 *pos++ = sdata->u.mesh.mesh_id_len;
257 if (sdata->u.mesh.mesh_id_len) 255 if (sdata->u.mesh.mesh_id_len)
258 memcpy(pos, sdata->u.mesh.mesh_id, sdata->u.mesh.mesh_id_len); 256 memcpy(pos, sdata->u.mesh.mesh_id, sdata->u.mesh.mesh_id_len);
259 257
260 pos = skb_put(skb, 2 + IEEE80211_MESH_CONFIG_LEN); 258 pos = skb_put(skb, 2 + sizeof(struct ieee80211_meshconf_ie));
261 *pos++ = WLAN_EID_MESH_CONFIG; 259 *pos++ = WLAN_EID_MESH_CONFIG;
262 *pos++ = IEEE80211_MESH_CONFIG_LEN; 260 *pos++ = sizeof(struct ieee80211_meshconf_ie);
263 /* Version */
264 *pos++ = 1;
265 261
266 /* Active path selection protocol ID */ 262 /* Active path selection protocol ID */
267 memcpy(pos, sdata->u.mesh.mesh_pp_id, 4); 263 *pos++ = sdata->u.mesh.mesh_pp_id;
268 pos += 4;
269 264
270 /* Active path selection metric ID */ 265 /* Active path selection metric ID */
271 memcpy(pos, sdata->u.mesh.mesh_pm_id, 4); 266 *pos++ = sdata->u.mesh.mesh_pm_id;
272 pos += 4;
273 267
274 /* Congestion control mode identifier */ 268 /* Congestion control mode identifier */
275 memcpy(pos, sdata->u.mesh.mesh_cc_id, 4); 269 *pos++ = sdata->u.mesh.mesh_cc_id;
276 pos += 4;
277 270
278 /* Synchronization protocol identifier */ 271 /* Synchronization protocol identifier */
279 memcpy(pos, sdata->u.mesh.mesh_sp_id, 4); 272 *pos++ = sdata->u.mesh.mesh_sp_id;
280 pos += 4;
281 273
282 /* Authentication Protocol identifier */ 274 /* Authentication Protocol identifier */
283 memcpy(pos, sdata->u.mesh.mesh_auth_id, 4); 275 *pos++ = sdata->u.mesh.mesh_auth_id;
284 pos += 4;
285 276
286 /* Mesh Formation Info */ 277 /* Mesh Formation Info - number of neighbors */
287 memset(pos, 0x00, 1); 278 neighbors = atomic_read(&sdata->u.mesh.mshstats.estab_plinks);
288 pos += 1; 279 /* Number of neighbor mesh STAs or 15 whichever is smaller */
280 neighbors = (neighbors > 15) ? 15 : neighbors;
281 *pos++ = neighbors << 1;
289 282
290 /* Mesh capability */ 283 /* Mesh capability */
291 sdata->u.mesh.accepting_plinks = mesh_plink_availables(sdata); 284 sdata->u.mesh.accepting_plinks = mesh_plink_availables(sdata);
292 *pos = CAPAB_FORWARDING; 285 *pos = MESHCONF_CAPAB_FORWARDING;
293 *pos++ |= sdata->u.mesh.accepting_plinks ? CAPAB_ACCEPT_PLINKS : 0x00; 286 *pos++ |= sdata->u.mesh.accepting_plinks ?
287 MESHCONF_CAPAB_ACCEPT_PLINKS : 0x00;
294 *pos++ = 0x00; 288 *pos++ = 0x00;
295 289
296 return; 290 return;
@@ -355,6 +349,34 @@ static void ieee80211_mesh_path_timer(unsigned long data)
355 ieee80211_queue_work(&local->hw, &ifmsh->work); 349 ieee80211_queue_work(&local->hw, &ifmsh->work);
356} 350}
357 351
352static void ieee80211_mesh_path_root_timer(unsigned long data)
353{
354 struct ieee80211_sub_if_data *sdata =
355 (struct ieee80211_sub_if_data *) data;
356 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
357 struct ieee80211_local *local = sdata->local;
358
359 set_bit(MESH_WORK_ROOT, &ifmsh->wrkq_flags);
360
361 if (local->quiescing) {
362 set_bit(TMR_RUNNING_MPR, &ifmsh->timers_running);
363 return;
364 }
365
366 ieee80211_queue_work(&local->hw, &ifmsh->work);
367}
368
369void ieee80211_mesh_root_setup(struct ieee80211_if_mesh *ifmsh)
370{
371 if (ifmsh->mshcfg.dot11MeshHWMPRootMode)
372 set_bit(MESH_WORK_ROOT, &ifmsh->wrkq_flags);
373 else {
374 clear_bit(MESH_WORK_ROOT, &ifmsh->wrkq_flags);
375 /* stop running timer */
376 del_timer_sync(&ifmsh->mesh_path_root_timer);
377 }
378}
379
358/** 380/**
359 * ieee80211_fill_mesh_addresses - fill addresses of a locally originated mesh frame 381 * ieee80211_fill_mesh_addresses - fill addresses of a locally originated mesh frame
360 * @hdr: 802.11 frame header 382 * @hdr: 802.11 frame header
@@ -365,8 +387,9 @@ static void ieee80211_mesh_path_timer(unsigned long data)
365 * 387 *
366 * Return the length of the 802.11 (does not include a mesh control header) 388 * Return the length of the 802.11 (does not include a mesh control header)
367 */ 389 */
368int ieee80211_fill_mesh_addresses(struct ieee80211_hdr *hdr, __le16 *fc, char 390int ieee80211_fill_mesh_addresses(struct ieee80211_hdr *hdr, __le16 *fc,
369 *meshda, char *meshsa) { 391 const u8 *meshda, const u8 *meshsa)
392{
370 if (is_multicast_ether_addr(meshda)) { 393 if (is_multicast_ether_addr(meshda)) {
371 *fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS); 394 *fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS);
372 /* DA TA SA */ 395 /* DA TA SA */
@@ -448,6 +471,15 @@ static void ieee80211_mesh_housekeeping(struct ieee80211_sub_if_data *sdata,
448 round_jiffies(jiffies + IEEE80211_MESH_HOUSEKEEPING_INTERVAL)); 471 round_jiffies(jiffies + IEEE80211_MESH_HOUSEKEEPING_INTERVAL));
449} 472}
450 473
474static void ieee80211_mesh_rootpath(struct ieee80211_sub_if_data *sdata)
475{
476 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
477
478 mesh_path_tx_root_frame(sdata);
479 mod_timer(&ifmsh->mesh_path_root_timer,
480 round_jiffies(jiffies + IEEE80211_MESH_RANN_INTERVAL));
481}
482
451#ifdef CONFIG_PM 483#ifdef CONFIG_PM
452void ieee80211_mesh_quiesce(struct ieee80211_sub_if_data *sdata) 484void ieee80211_mesh_quiesce(struct ieee80211_sub_if_data *sdata)
453{ 485{
@@ -462,6 +494,8 @@ void ieee80211_mesh_quiesce(struct ieee80211_sub_if_data *sdata)
462 set_bit(TMR_RUNNING_HK, &ifmsh->timers_running); 494 set_bit(TMR_RUNNING_HK, &ifmsh->timers_running);
463 if (del_timer_sync(&ifmsh->mesh_path_timer)) 495 if (del_timer_sync(&ifmsh->mesh_path_timer))
464 set_bit(TMR_RUNNING_MP, &ifmsh->timers_running); 496 set_bit(TMR_RUNNING_MP, &ifmsh->timers_running);
497 if (del_timer_sync(&ifmsh->mesh_path_root_timer))
498 set_bit(TMR_RUNNING_MPR, &ifmsh->timers_running);
465} 499}
466 500
467void ieee80211_mesh_restart(struct ieee80211_sub_if_data *sdata) 501void ieee80211_mesh_restart(struct ieee80211_sub_if_data *sdata)
@@ -472,6 +506,9 @@ void ieee80211_mesh_restart(struct ieee80211_sub_if_data *sdata)
472 add_timer(&ifmsh->housekeeping_timer); 506 add_timer(&ifmsh->housekeeping_timer);
473 if (test_and_clear_bit(TMR_RUNNING_MP, &ifmsh->timers_running)) 507 if (test_and_clear_bit(TMR_RUNNING_MP, &ifmsh->timers_running))
474 add_timer(&ifmsh->mesh_path_timer); 508 add_timer(&ifmsh->mesh_path_timer);
509 if (test_and_clear_bit(TMR_RUNNING_MPR, &ifmsh->timers_running))
510 add_timer(&ifmsh->mesh_path_root_timer);
511 ieee80211_mesh_root_setup(ifmsh);
475} 512}
476#endif 513#endif
477 514
@@ -480,7 +517,8 @@ void ieee80211_start_mesh(struct ieee80211_sub_if_data *sdata)
480 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; 517 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
481 struct ieee80211_local *local = sdata->local; 518 struct ieee80211_local *local = sdata->local;
482 519
483 ifmsh->wrkq_flags |= MESH_WORK_HOUSEKEEPING; 520 set_bit(MESH_WORK_HOUSEKEEPING, &ifmsh->wrkq_flags);
521 ieee80211_mesh_root_setup(ifmsh);
484 ieee80211_queue_work(&local->hw, &ifmsh->work); 522 ieee80211_queue_work(&local->hw, &ifmsh->work);
485 sdata->vif.bss_conf.beacon_int = MESH_DEFAULT_BEACON_INTERVAL; 523 sdata->vif.bss_conf.beacon_int = MESH_DEFAULT_BEACON_INTERVAL;
486 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON | 524 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON |
@@ -491,6 +529,7 @@ void ieee80211_start_mesh(struct ieee80211_sub_if_data *sdata)
491void ieee80211_stop_mesh(struct ieee80211_sub_if_data *sdata) 529void ieee80211_stop_mesh(struct ieee80211_sub_if_data *sdata)
492{ 530{
493 del_timer_sync(&sdata->u.mesh.housekeeping_timer); 531 del_timer_sync(&sdata->u.mesh.housekeeping_timer);
532 del_timer_sync(&sdata->u.mesh.mesh_path_root_timer);
494 /* 533 /*
495 * If the timer fired while we waited for it, it will have 534 * If the timer fired while we waited for it, it will have
496 * requeued the work. Now the work will be running again 535 * requeued the work. Now the work will be running again
@@ -561,7 +600,7 @@ static void ieee80211_mesh_rx_mgmt_action(struct ieee80211_sub_if_data *sdata,
561 struct ieee80211_rx_status *rx_status) 600 struct ieee80211_rx_status *rx_status)
562{ 601{
563 switch (mgmt->u.action.category) { 602 switch (mgmt->u.action.category) {
564 case PLINK_CATEGORY: 603 case MESH_PLINK_CATEGORY:
565 mesh_rx_plink_frame(sdata, mgmt, len, rx_status); 604 mesh_rx_plink_frame(sdata, mgmt, len, rx_status);
566 break; 605 break;
567 case MESH_PATH_SEL_CATEGORY: 606 case MESH_PATH_SEL_CATEGORY:
@@ -628,6 +667,9 @@ static void ieee80211_mesh_work(struct work_struct *work)
628 667
629 if (test_and_clear_bit(MESH_WORK_HOUSEKEEPING, &ifmsh->wrkq_flags)) 668 if (test_and_clear_bit(MESH_WORK_HOUSEKEEPING, &ifmsh->wrkq_flags))
630 ieee80211_mesh_housekeeping(sdata, ifmsh); 669 ieee80211_mesh_housekeeping(sdata, ifmsh);
670
671 if (test_and_clear_bit(MESH_WORK_ROOT, &ifmsh->wrkq_flags))
672 ieee80211_mesh_rootpath(sdata);
631} 673}
632 674
633void ieee80211_mesh_notify_scan_completed(struct ieee80211_local *local) 675void ieee80211_mesh_notify_scan_completed(struct ieee80211_local *local)
@@ -673,7 +715,7 @@ void ieee80211_mesh_init_sdata(struct ieee80211_sub_if_data *sdata)
673 MESH_MIN_DISCOVERY_TIMEOUT; 715 MESH_MIN_DISCOVERY_TIMEOUT;
674 ifmsh->accepting_plinks = true; 716 ifmsh->accepting_plinks = true;
675 ifmsh->preq_id = 0; 717 ifmsh->preq_id = 0;
676 ifmsh->dsn = 0; 718 ifmsh->sn = 0;
677 atomic_set(&ifmsh->mpaths, 0); 719 atomic_set(&ifmsh->mpaths, 0);
678 mesh_rmc_init(sdata); 720 mesh_rmc_init(sdata);
679 ifmsh->last_preq = jiffies; 721 ifmsh->last_preq = jiffies;
@@ -684,6 +726,9 @@ void ieee80211_mesh_init_sdata(struct ieee80211_sub_if_data *sdata)
684 setup_timer(&ifmsh->mesh_path_timer, 726 setup_timer(&ifmsh->mesh_path_timer,
685 ieee80211_mesh_path_timer, 727 ieee80211_mesh_path_timer,
686 (unsigned long) sdata); 728 (unsigned long) sdata);
729 setup_timer(&ifmsh->mesh_path_root_timer,
730 ieee80211_mesh_path_root_timer,
731 (unsigned long) sdata);
687 INIT_LIST_HEAD(&ifmsh->preq_queue.list); 732 INIT_LIST_HEAD(&ifmsh->preq_queue.list);
688 spin_lock_init(&ifmsh->mesh_preq_queue_lock); 733 spin_lock_init(&ifmsh->mesh_preq_queue_lock);
689} 734}
diff --git a/net/mac80211/mesh.h b/net/mac80211/mesh.h
index dd1c19319f0a..31e102541869 100644
--- a/net/mac80211/mesh.h
+++ b/net/mac80211/mesh.h
@@ -1,5 +1,5 @@
1/* 1/*
2 * Copyright (c) 2008 open80211s Ltd. 2 * Copyright (c) 2008, 2009 open80211s Ltd.
3 * Authors: Luis Carlos Cobo <luisca@cozybit.com> 3 * Authors: Luis Carlos Cobo <luisca@cozybit.com>
4 * Javier Cardona <javier@cozybit.com> 4 * Javier Cardona <javier@cozybit.com>
5 * 5 *
@@ -26,7 +26,7 @@
26 * 26 *
27 * @MESH_PATH_ACTIVE: the mesh path can be used for forwarding 27 * @MESH_PATH_ACTIVE: the mesh path can be used for forwarding
28 * @MESH_PATH_RESOLVING: the discovery process is running for this mesh path 28 * @MESH_PATH_RESOLVING: the discovery process is running for this mesh path
29 * @MESH_PATH_DSN_VALID: the mesh path contains a valid destination sequence 29 * @MESH_PATH_SN_VALID: the mesh path contains a valid destination sequence
30 * number 30 * number
31 * @MESH_PATH_FIXED: the mesh path has been manually set and should not be 31 * @MESH_PATH_FIXED: the mesh path has been manually set and should not be
32 * modified 32 * modified
@@ -38,7 +38,7 @@
38enum mesh_path_flags { 38enum mesh_path_flags {
39 MESH_PATH_ACTIVE = BIT(0), 39 MESH_PATH_ACTIVE = BIT(0),
40 MESH_PATH_RESOLVING = BIT(1), 40 MESH_PATH_RESOLVING = BIT(1),
41 MESH_PATH_DSN_VALID = BIT(2), 41 MESH_PATH_SN_VALID = BIT(2),
42 MESH_PATH_FIXED = BIT(3), 42 MESH_PATH_FIXED = BIT(3),
43 MESH_PATH_RESOLVED = BIT(4), 43 MESH_PATH_RESOLVED = BIT(4),
44}; 44};
@@ -53,11 +53,13 @@ enum mesh_path_flags {
53 * to grow. 53 * to grow.
54 * @MESH_WORK_GROW_MPP_TABLE: the mesh portals table is full and needs to 54 * @MESH_WORK_GROW_MPP_TABLE: the mesh portals table is full and needs to
55 * grow 55 * grow
56 * @MESH_WORK_ROOT: the mesh root station needs to send a frame
56 */ 57 */
57enum mesh_deferred_task_flags { 58enum mesh_deferred_task_flags {
58 MESH_WORK_HOUSEKEEPING, 59 MESH_WORK_HOUSEKEEPING,
59 MESH_WORK_GROW_MPATH_TABLE, 60 MESH_WORK_GROW_MPATH_TABLE,
60 MESH_WORK_GROW_MPP_TABLE, 61 MESH_WORK_GROW_MPP_TABLE,
62 MESH_WORK_ROOT,
61}; 63};
62 64
63/** 65/**
@@ -70,7 +72,7 @@ enum mesh_deferred_task_flags {
70 * @timer: mesh path discovery timer 72 * @timer: mesh path discovery timer
71 * @frame_queue: pending queue for frames sent to this destination while the 73 * @frame_queue: pending queue for frames sent to this destination while the
72 * path is unresolved 74 * path is unresolved
73 * @dsn: destination sequence number of the destination 75 * @sn: target sequence number
74 * @metric: current metric to this destination 76 * @metric: current metric to this destination
75 * @hop_count: hops to destination 77 * @hop_count: hops to destination
76 * @exp_time: in jiffies, when the path will expire or when it expired 78 * @exp_time: in jiffies, when the path will expire or when it expired
@@ -94,7 +96,7 @@ struct mesh_path {
94 struct timer_list timer; 96 struct timer_list timer;
95 struct sk_buff_head frame_queue; 97 struct sk_buff_head frame_queue;
96 struct rcu_head rcu; 98 struct rcu_head rcu;
97 u32 dsn; 99 u32 sn;
98 u32 metric; 100 u32 metric;
99 u8 hop_count; 101 u8 hop_count;
100 unsigned long exp_time; 102 unsigned long exp_time;
@@ -174,7 +176,7 @@ struct mesh_rmc {
174#define MESH_CFG_CMP_LEN (IEEE80211_MESH_CONFIG_LEN - 2) 176#define MESH_CFG_CMP_LEN (IEEE80211_MESH_CONFIG_LEN - 2)
175 177
176/* Default values, timeouts in ms */ 178/* Default values, timeouts in ms */
177#define MESH_TTL 5 179#define MESH_TTL 31
178#define MESH_MAX_RETR 3 180#define MESH_MAX_RETR 3
179#define MESH_RET_T 100 181#define MESH_RET_T 100
180#define MESH_CONF_T 100 182#define MESH_CONF_T 100
@@ -206,13 +208,19 @@ struct mesh_rmc {
206#define MESH_MAX_MPATHS 1024 208#define MESH_MAX_MPATHS 1024
207 209
208/* Pending ANA approval */ 210/* Pending ANA approval */
209#define PLINK_CATEGORY 30 211#define MESH_PLINK_CATEGORY 30
210#define MESH_PATH_SEL_CATEGORY 32 212#define MESH_PATH_SEL_CATEGORY 32
213#define MESH_PATH_SEL_ACTION 0
214
215/* PERR reason codes */
216#define PEER_RCODE_UNSPECIFIED 11
217#define PERR_RCODE_NO_ROUTE 12
218#define PERR_RCODE_DEST_UNREACH 13
211 219
212/* Public interfaces */ 220/* Public interfaces */
213/* Various */ 221/* Various */
214int ieee80211_fill_mesh_addresses(struct ieee80211_hdr *hdr, __le16 *fc, 222int ieee80211_fill_mesh_addresses(struct ieee80211_hdr *hdr, __le16 *fc,
215 char *da, char *sa); 223 const u8 *da, const u8 *sa);
216int ieee80211_new_mesh_header(struct ieee80211s_hdr *meshhdr, 224int ieee80211_new_mesh_header(struct ieee80211s_hdr *meshhdr,
217 struct ieee80211_sub_if_data *sdata, char *addr4, 225 struct ieee80211_sub_if_data *sdata, char *addr4,
218 char *addr5, char *addr6); 226 char *addr5, char *addr6);
@@ -234,6 +242,7 @@ ieee80211_rx_result
234ieee80211_mesh_rx_mgmt(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb); 242ieee80211_mesh_rx_mgmt(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb);
235void ieee80211_start_mesh(struct ieee80211_sub_if_data *sdata); 243void ieee80211_start_mesh(struct ieee80211_sub_if_data *sdata);
236void ieee80211_stop_mesh(struct ieee80211_sub_if_data *sdata); 244void ieee80211_stop_mesh(struct ieee80211_sub_if_data *sdata);
245void ieee80211_mesh_root_setup(struct ieee80211_if_mesh *ifmsh);
237 246
238/* Mesh paths */ 247/* Mesh paths */
239int mesh_nexthop_lookup(struct sk_buff *skb, 248int mesh_nexthop_lookup(struct sk_buff *skb,
@@ -274,8 +283,8 @@ void mesh_mpp_table_grow(void);
274u32 mesh_table_hash(u8 *addr, struct ieee80211_sub_if_data *sdata, 283u32 mesh_table_hash(u8 *addr, struct ieee80211_sub_if_data *sdata,
275 struct mesh_table *tbl); 284 struct mesh_table *tbl);
276/* Mesh paths */ 285/* Mesh paths */
277int mesh_path_error_tx(u8 *dest, __le32 dest_dsn, u8 *ra, 286int mesh_path_error_tx(u8 ttl, u8 *target, __le32 target_sn, __le16 target_rcode,
278 struct ieee80211_sub_if_data *sdata); 287 const u8 *ra, struct ieee80211_sub_if_data *sdata);
279void mesh_path_assign_nexthop(struct mesh_path *mpath, struct sta_info *sta); 288void mesh_path_assign_nexthop(struct mesh_path *mpath, struct sta_info *sta);
280void mesh_path_flush_pending(struct mesh_path *mpath); 289void mesh_path_flush_pending(struct mesh_path *mpath);
281void mesh_path_tx_pending(struct mesh_path *mpath); 290void mesh_path_tx_pending(struct mesh_path *mpath);
@@ -288,6 +297,7 @@ void mesh_path_discard_frame(struct sk_buff *skb,
288 struct ieee80211_sub_if_data *sdata); 297 struct ieee80211_sub_if_data *sdata);
289void mesh_path_quiesce(struct ieee80211_sub_if_data *sdata); 298void mesh_path_quiesce(struct ieee80211_sub_if_data *sdata);
290void mesh_path_restart(struct ieee80211_sub_if_data *sdata); 299void mesh_path_restart(struct ieee80211_sub_if_data *sdata);
300void mesh_path_tx_root_frame(struct ieee80211_sub_if_data *sdata);
291 301
292extern int mesh_paths_generation; 302extern int mesh_paths_generation;
293 303
diff --git a/net/mac80211/mesh_hwmp.c b/net/mac80211/mesh_hwmp.c
index 29b82e98effa..833b2f3670c5 100644
--- a/net/mac80211/mesh_hwmp.c
+++ b/net/mac80211/mesh_hwmp.c
@@ -1,5 +1,5 @@
1/* 1/*
2 * Copyright (c) 2008 open80211s Ltd. 2 * Copyright (c) 2008, 2009 open80211s Ltd.
3 * Author: Luis Carlos Cobo <luisca@cozybit.com> 3 * Author: Luis Carlos Cobo <luisca@cozybit.com>
4 * 4 *
5 * This program is free software; you can redistribute it and/or modify 5 * This program is free software; you can redistribute it and/or modify
@@ -9,6 +9,12 @@
9 9
10#include "mesh.h" 10#include "mesh.h"
11 11
12#ifdef CONFIG_MAC80211_VERBOSE_MHWMP_DEBUG
13#define mhwmp_dbg(fmt, args...) printk(KERN_DEBUG "Mesh HWMP: " fmt, ##args)
14#else
15#define mhwmp_dbg(fmt, args...) do { (void)(0); } while (0)
16#endif
17
12#define TEST_FRAME_LEN 8192 18#define TEST_FRAME_LEN 8192
13#define MAX_METRIC 0xffffffff 19#define MAX_METRIC 0xffffffff
14#define ARITH_SHIFT 8 20#define ARITH_SHIFT 8
@@ -21,6 +27,12 @@
21#define MP_F_DO 0x1 27#define MP_F_DO 0x1
22/* Reply and forward */ 28/* Reply and forward */
23#define MP_F_RF 0x2 29#define MP_F_RF 0x2
30/* Unknown Sequence Number */
31#define MP_F_USN 0x01
32/* Reason code Present */
33#define MP_F_RCODE 0x02
34
35static void mesh_queue_preq(struct mesh_path *, u8);
24 36
25static inline u32 u32_field_get(u8 *preq_elem, int offset, bool ae) 37static inline u32 u32_field_get(u8 *preq_elem, int offset, bool ae)
26{ 38{
@@ -29,6 +41,13 @@ static inline u32 u32_field_get(u8 *preq_elem, int offset, bool ae)
29 return get_unaligned_le32(preq_elem + offset); 41 return get_unaligned_le32(preq_elem + offset);
30} 42}
31 43
44static inline u32 u16_field_get(u8 *preq_elem, int offset, bool ae)
45{
46 if (ae)
47 offset += 6;
48 return get_unaligned_le16(preq_elem + offset);
49}
50
32/* HWMP IE processing macros */ 51/* HWMP IE processing macros */
33#define AE_F (1<<6) 52#define AE_F (1<<6)
34#define AE_F_SET(x) (*x & AE_F) 53#define AE_F_SET(x) (*x & AE_F)
@@ -37,30 +56,33 @@ static inline u32 u32_field_get(u8 *preq_elem, int offset, bool ae)
37#define PREQ_IE_TTL(x) (*(x + 2)) 56#define PREQ_IE_TTL(x) (*(x + 2))
38#define PREQ_IE_PREQ_ID(x) u32_field_get(x, 3, 0) 57#define PREQ_IE_PREQ_ID(x) u32_field_get(x, 3, 0)
39#define PREQ_IE_ORIG_ADDR(x) (x + 7) 58#define PREQ_IE_ORIG_ADDR(x) (x + 7)
40#define PREQ_IE_ORIG_DSN(x) u32_field_get(x, 13, 0); 59#define PREQ_IE_ORIG_SN(x) u32_field_get(x, 13, 0);
41#define PREQ_IE_LIFETIME(x) u32_field_get(x, 17, AE_F_SET(x)); 60#define PREQ_IE_LIFETIME(x) u32_field_get(x, 17, AE_F_SET(x));
42#define PREQ_IE_METRIC(x) u32_field_get(x, 21, AE_F_SET(x)); 61#define PREQ_IE_METRIC(x) u32_field_get(x, 21, AE_F_SET(x));
43#define PREQ_IE_DST_F(x) (*(AE_F_SET(x) ? x + 32 : x + 26)) 62#define PREQ_IE_TARGET_F(x) (*(AE_F_SET(x) ? x + 32 : x + 26))
44#define PREQ_IE_DST_ADDR(x) (AE_F_SET(x) ? x + 33 : x + 27) 63#define PREQ_IE_TARGET_ADDR(x) (AE_F_SET(x) ? x + 33 : x + 27)
45#define PREQ_IE_DST_DSN(x) u32_field_get(x, 33, AE_F_SET(x)); 64#define PREQ_IE_TARGET_SN(x) u32_field_get(x, 33, AE_F_SET(x));
46 65
47 66
48#define PREP_IE_FLAGS(x) PREQ_IE_FLAGS(x) 67#define PREP_IE_FLAGS(x) PREQ_IE_FLAGS(x)
49#define PREP_IE_HOPCOUNT(x) PREQ_IE_HOPCOUNT(x) 68#define PREP_IE_HOPCOUNT(x) PREQ_IE_HOPCOUNT(x)
50#define PREP_IE_TTL(x) PREQ_IE_TTL(x) 69#define PREP_IE_TTL(x) PREQ_IE_TTL(x)
51#define PREP_IE_ORIG_ADDR(x) (x + 3) 70#define PREP_IE_ORIG_ADDR(x) (x + 3)
52#define PREP_IE_ORIG_DSN(x) u32_field_get(x, 9, 0); 71#define PREP_IE_ORIG_SN(x) u32_field_get(x, 9, 0);
53#define PREP_IE_LIFETIME(x) u32_field_get(x, 13, AE_F_SET(x)); 72#define PREP_IE_LIFETIME(x) u32_field_get(x, 13, AE_F_SET(x));
54#define PREP_IE_METRIC(x) u32_field_get(x, 17, AE_F_SET(x)); 73#define PREP_IE_METRIC(x) u32_field_get(x, 17, AE_F_SET(x));
55#define PREP_IE_DST_ADDR(x) (AE_F_SET(x) ? x + 27 : x + 21) 74#define PREP_IE_TARGET_ADDR(x) (AE_F_SET(x) ? x + 27 : x + 21)
56#define PREP_IE_DST_DSN(x) u32_field_get(x, 27, AE_F_SET(x)); 75#define PREP_IE_TARGET_SN(x) u32_field_get(x, 27, AE_F_SET(x));
57 76
58#define PERR_IE_DST_ADDR(x) (x + 2) 77#define PERR_IE_TTL(x) (*(x))
59#define PERR_IE_DST_DSN(x) u32_field_get(x, 8, 0); 78#define PERR_IE_TARGET_FLAGS(x) (*(x + 2))
79#define PERR_IE_TARGET_ADDR(x) (x + 3)
80#define PERR_IE_TARGET_SN(x) u32_field_get(x, 9, 0);
81#define PERR_IE_TARGET_RCODE(x) u16_field_get(x, 13, 0);
60 82
61#define MSEC_TO_TU(x) (x*1000/1024) 83#define MSEC_TO_TU(x) (x*1000/1024)
62#define DSN_GT(x, y) ((long) (y) - (long) (x) < 0) 84#define SN_GT(x, y) ((long) (y) - (long) (x) < 0)
63#define DSN_LT(x, y) ((long) (x) - (long) (y) < 0) 85#define SN_LT(x, y) ((long) (x) - (long) (y) < 0)
64 86
65#define net_traversal_jiffies(s) \ 87#define net_traversal_jiffies(s) \
66 msecs_to_jiffies(s->u.mesh.mshcfg.dot11MeshHWMPnetDiameterTraversalTime) 88 msecs_to_jiffies(s->u.mesh.mshcfg.dot11MeshHWMPnetDiameterTraversalTime)
@@ -75,13 +97,17 @@ static inline u32 u32_field_get(u8 *preq_elem, int offset, bool ae)
75enum mpath_frame_type { 97enum mpath_frame_type {
76 MPATH_PREQ = 0, 98 MPATH_PREQ = 0,
77 MPATH_PREP, 99 MPATH_PREP,
78 MPATH_PERR 100 MPATH_PERR,
101 MPATH_RANN
79}; 102};
80 103
104static const u8 broadcast_addr[ETH_ALEN] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
105
81static int mesh_path_sel_frame_tx(enum mpath_frame_type action, u8 flags, 106static int mesh_path_sel_frame_tx(enum mpath_frame_type action, u8 flags,
82 u8 *orig_addr, __le32 orig_dsn, u8 dst_flags, u8 *dst, 107 u8 *orig_addr, __le32 orig_sn, u8 target_flags, u8 *target,
83 __le32 dst_dsn, u8 *da, u8 hop_count, u8 ttl, __le32 lifetime, 108 __le32 target_sn, const u8 *da, u8 hop_count, u8 ttl,
84 __le32 metric, __le32 preq_id, struct ieee80211_sub_if_data *sdata) 109 __le32 lifetime, __le32 metric, __le32 preq_id,
110 struct ieee80211_sub_if_data *sdata)
85{ 111{
86 struct ieee80211_local *local = sdata->local; 112 struct ieee80211_local *local = sdata->local;
87 struct sk_buff *skb = dev_alloc_skb(local->hw.extra_tx_headroom + 400); 113 struct sk_buff *skb = dev_alloc_skb(local->hw.extra_tx_headroom + 400);
@@ -103,21 +129,30 @@ static int mesh_path_sel_frame_tx(enum mpath_frame_type action, u8 flags,
103 129
104 memcpy(mgmt->da, da, ETH_ALEN); 130 memcpy(mgmt->da, da, ETH_ALEN);
105 memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN); 131 memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
106 /* BSSID is left zeroed, wildcard value */ 132 /* BSSID == SA */
133 memcpy(mgmt->bssid, sdata->dev->dev_addr, ETH_ALEN);
107 mgmt->u.action.category = MESH_PATH_SEL_CATEGORY; 134 mgmt->u.action.category = MESH_PATH_SEL_CATEGORY;
108 mgmt->u.action.u.mesh_action.action_code = action; 135 mgmt->u.action.u.mesh_action.action_code = MESH_PATH_SEL_ACTION;
109 136
110 switch (action) { 137 switch (action) {
111 case MPATH_PREQ: 138 case MPATH_PREQ:
139 mhwmp_dbg("sending PREQ to %pM\n", target);
112 ie_len = 37; 140 ie_len = 37;
113 pos = skb_put(skb, 2 + ie_len); 141 pos = skb_put(skb, 2 + ie_len);
114 *pos++ = WLAN_EID_PREQ; 142 *pos++ = WLAN_EID_PREQ;
115 break; 143 break;
116 case MPATH_PREP: 144 case MPATH_PREP:
145 mhwmp_dbg("sending PREP to %pM\n", target);
117 ie_len = 31; 146 ie_len = 31;
118 pos = skb_put(skb, 2 + ie_len); 147 pos = skb_put(skb, 2 + ie_len);
119 *pos++ = WLAN_EID_PREP; 148 *pos++ = WLAN_EID_PREP;
120 break; 149 break;
150 case MPATH_RANN:
151 mhwmp_dbg("sending RANN from %pM\n", orig_addr);
152 ie_len = sizeof(struct ieee80211_rann_ie);
153 pos = skb_put(skb, 2 + ie_len);
154 *pos++ = WLAN_EID_RANN;
155 break;
121 default: 156 default:
122 kfree_skb(skb); 157 kfree_skb(skb);
123 return -ENOTSUPP; 158 return -ENOTSUPP;
@@ -133,34 +168,40 @@ static int mesh_path_sel_frame_tx(enum mpath_frame_type action, u8 flags,
133 } 168 }
134 memcpy(pos, orig_addr, ETH_ALEN); 169 memcpy(pos, orig_addr, ETH_ALEN);
135 pos += ETH_ALEN; 170 pos += ETH_ALEN;
136 memcpy(pos, &orig_dsn, 4); 171 memcpy(pos, &orig_sn, 4);
137 pos += 4;
138 memcpy(pos, &lifetime, 4);
139 pos += 4; 172 pos += 4;
173 if (action != MPATH_RANN) {
174 memcpy(pos, &lifetime, 4);
175 pos += 4;
176 }
140 memcpy(pos, &metric, 4); 177 memcpy(pos, &metric, 4);
141 pos += 4; 178 pos += 4;
142 if (action == MPATH_PREQ) { 179 if (action == MPATH_PREQ) {
143 /* destination count */ 180 /* destination count */
144 *pos++ = 1; 181 *pos++ = 1;
145 *pos++ = dst_flags; 182 *pos++ = target_flags;
183 }
184 if (action != MPATH_RANN) {
185 memcpy(pos, target, ETH_ALEN);
186 pos += ETH_ALEN;
187 memcpy(pos, &target_sn, 4);
146 } 188 }
147 memcpy(pos, dst, ETH_ALEN);
148 pos += ETH_ALEN;
149 memcpy(pos, &dst_dsn, 4);
150 189
151 ieee80211_tx_skb(sdata, skb, 1); 190 ieee80211_tx_skb(sdata, skb);
152 return 0; 191 return 0;
153} 192}
154 193
155/** 194/**
156 * mesh_send_path error - Sends a PERR mesh management frame 195 * mesh_send_path error - Sends a PERR mesh management frame
157 * 196 *
158 * @dst: broken destination 197 * @target: broken destination
159 * @dst_dsn: dsn of the broken destination 198 * @target_sn: SN of the broken destination
199 * @target_rcode: reason code for this PERR
160 * @ra: node this frame is addressed to 200 * @ra: node this frame is addressed to
161 */ 201 */
162int mesh_path_error_tx(u8 *dst, __le32 dst_dsn, u8 *ra, 202int mesh_path_error_tx(u8 ttl, u8 *target, __le32 target_sn,
163 struct ieee80211_sub_if_data *sdata) 203 __le16 target_rcode, const u8 *ra,
204 struct ieee80211_sub_if_data *sdata)
164{ 205{
165 struct ieee80211_local *local = sdata->local; 206 struct ieee80211_local *local = sdata->local;
166 struct sk_buff *skb = dev_alloc_skb(local->hw.extra_tx_headroom + 400); 207 struct sk_buff *skb = dev_alloc_skb(local->hw.extra_tx_headroom + 400);
@@ -184,20 +225,32 @@ int mesh_path_error_tx(u8 *dst, __le32 dst_dsn, u8 *ra,
184 memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN); 225 memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
185 /* BSSID is left zeroed, wildcard value */ 226 /* BSSID is left zeroed, wildcard value */
186 mgmt->u.action.category = MESH_PATH_SEL_CATEGORY; 227 mgmt->u.action.category = MESH_PATH_SEL_CATEGORY;
187 mgmt->u.action.u.mesh_action.action_code = MPATH_PERR; 228 mgmt->u.action.u.mesh_action.action_code = MESH_PATH_SEL_ACTION;
188 ie_len = 12; 229 ie_len = 15;
189 pos = skb_put(skb, 2 + ie_len); 230 pos = skb_put(skb, 2 + ie_len);
190 *pos++ = WLAN_EID_PERR; 231 *pos++ = WLAN_EID_PERR;
191 *pos++ = ie_len; 232 *pos++ = ie_len;
192 /* mode flags, reserved */ 233 /* ttl */
193 *pos++ = 0; 234 *pos++ = MESH_TTL;
194 /* number of destinations */ 235 /* number of destinations */
195 *pos++ = 1; 236 *pos++ = 1;
196 memcpy(pos, dst, ETH_ALEN); 237 /*
238 * flags bit, bit 1 is unset if we know the sequence number and
239 * bit 2 is set if we have a reason code
240 */
241 *pos = 0;
242 if (!target_sn)
243 *pos |= MP_F_USN;
244 if (target_rcode)
245 *pos |= MP_F_RCODE;
246 pos++;
247 memcpy(pos, target, ETH_ALEN);
197 pos += ETH_ALEN; 248 pos += ETH_ALEN;
198 memcpy(pos, &dst_dsn, 4); 249 memcpy(pos, &target_sn, 4);
250 pos += 4;
251 memcpy(pos, &target_rcode, 2);
199 252
200 ieee80211_tx_skb(sdata, skb, 1); 253 ieee80211_tx_skb(sdata, skb);
201 return 0; 254 return 0;
202} 255}
203 256
@@ -269,18 +322,17 @@ static u32 airtime_link_metric_get(struct ieee80211_local *local,
269 */ 322 */
270static u32 hwmp_route_info_get(struct ieee80211_sub_if_data *sdata, 323static u32 hwmp_route_info_get(struct ieee80211_sub_if_data *sdata,
271 struct ieee80211_mgmt *mgmt, 324 struct ieee80211_mgmt *mgmt,
272 u8 *hwmp_ie) 325 u8 *hwmp_ie, enum mpath_frame_type action)
273{ 326{
274 struct ieee80211_local *local = sdata->local; 327 struct ieee80211_local *local = sdata->local;
275 struct mesh_path *mpath; 328 struct mesh_path *mpath;
276 struct sta_info *sta; 329 struct sta_info *sta;
277 bool fresh_info; 330 bool fresh_info;
278 u8 *orig_addr, *ta; 331 u8 *orig_addr, *ta;
279 u32 orig_dsn, orig_metric; 332 u32 orig_sn, orig_metric;
280 unsigned long orig_lifetime, exp_time; 333 unsigned long orig_lifetime, exp_time;
281 u32 last_hop_metric, new_metric; 334 u32 last_hop_metric, new_metric;
282 bool process = true; 335 bool process = true;
283 u8 action = mgmt->u.action.u.mesh_action.action_code;
284 336
285 rcu_read_lock(); 337 rcu_read_lock();
286 sta = sta_info_get(local, mgmt->sa); 338 sta = sta_info_get(local, mgmt->sa);
@@ -296,7 +348,7 @@ static u32 hwmp_route_info_get(struct ieee80211_sub_if_data *sdata,
296 switch (action) { 348 switch (action) {
297 case MPATH_PREQ: 349 case MPATH_PREQ:
298 orig_addr = PREQ_IE_ORIG_ADDR(hwmp_ie); 350 orig_addr = PREQ_IE_ORIG_ADDR(hwmp_ie);
299 orig_dsn = PREQ_IE_ORIG_DSN(hwmp_ie); 351 orig_sn = PREQ_IE_ORIG_SN(hwmp_ie);
300 orig_lifetime = PREQ_IE_LIFETIME(hwmp_ie); 352 orig_lifetime = PREQ_IE_LIFETIME(hwmp_ie);
301 orig_metric = PREQ_IE_METRIC(hwmp_ie); 353 orig_metric = PREQ_IE_METRIC(hwmp_ie);
302 break; 354 break;
@@ -309,7 +361,7 @@ static u32 hwmp_route_info_get(struct ieee80211_sub_if_data *sdata,
309 * information from both PREQ and PREP frames. 361 * information from both PREQ and PREP frames.
310 */ 362 */
311 orig_addr = PREP_IE_ORIG_ADDR(hwmp_ie); 363 orig_addr = PREP_IE_ORIG_ADDR(hwmp_ie);
312 orig_dsn = PREP_IE_ORIG_DSN(hwmp_ie); 364 orig_sn = PREP_IE_ORIG_SN(hwmp_ie);
313 orig_lifetime = PREP_IE_LIFETIME(hwmp_ie); 365 orig_lifetime = PREP_IE_LIFETIME(hwmp_ie);
314 orig_metric = PREP_IE_METRIC(hwmp_ie); 366 orig_metric = PREP_IE_METRIC(hwmp_ie);
315 break; 367 break;
@@ -335,9 +387,9 @@ static u32 hwmp_route_info_get(struct ieee80211_sub_if_data *sdata,
335 if (mpath->flags & MESH_PATH_FIXED) 387 if (mpath->flags & MESH_PATH_FIXED)
336 fresh_info = false; 388 fresh_info = false;
337 else if ((mpath->flags & MESH_PATH_ACTIVE) && 389 else if ((mpath->flags & MESH_PATH_ACTIVE) &&
338 (mpath->flags & MESH_PATH_DSN_VALID)) { 390 (mpath->flags & MESH_PATH_SN_VALID)) {
339 if (DSN_GT(mpath->dsn, orig_dsn) || 391 if (SN_GT(mpath->sn, orig_sn) ||
340 (mpath->dsn == orig_dsn && 392 (mpath->sn == orig_sn &&
341 action == MPATH_PREQ && 393 action == MPATH_PREQ &&
342 new_metric > mpath->metric)) { 394 new_metric > mpath->metric)) {
343 process = false; 395 process = false;
@@ -356,9 +408,9 @@ static u32 hwmp_route_info_get(struct ieee80211_sub_if_data *sdata,
356 408
357 if (fresh_info) { 409 if (fresh_info) {
358 mesh_path_assign_nexthop(mpath, sta); 410 mesh_path_assign_nexthop(mpath, sta);
359 mpath->flags |= MESH_PATH_DSN_VALID; 411 mpath->flags |= MESH_PATH_SN_VALID;
360 mpath->metric = new_metric; 412 mpath->metric = new_metric;
361 mpath->dsn = orig_dsn; 413 mpath->sn = orig_sn;
362 mpath->exp_time = time_after(mpath->exp_time, exp_time) 414 mpath->exp_time = time_after(mpath->exp_time, exp_time)
363 ? mpath->exp_time : exp_time; 415 ? mpath->exp_time : exp_time;
364 mesh_path_activate(mpath); 416 mesh_path_activate(mpath);
@@ -397,7 +449,7 @@ static u32 hwmp_route_info_get(struct ieee80211_sub_if_data *sdata,
397 449
398 if (fresh_info) { 450 if (fresh_info) {
399 mesh_path_assign_nexthop(mpath, sta); 451 mesh_path_assign_nexthop(mpath, sta);
400 mpath->flags &= ~MESH_PATH_DSN_VALID; 452 mpath->flags &= ~MESH_PATH_SN_VALID;
401 mpath->metric = last_hop_metric; 453 mpath->metric = last_hop_metric;
402 mpath->exp_time = time_after(mpath->exp_time, exp_time) 454 mpath->exp_time = time_after(mpath->exp_time, exp_time)
403 ? mpath->exp_time : exp_time; 455 ? mpath->exp_time : exp_time;
@@ -419,44 +471,47 @@ static void hwmp_preq_frame_process(struct ieee80211_sub_if_data *sdata,
419{ 471{
420 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; 472 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
421 struct mesh_path *mpath; 473 struct mesh_path *mpath;
422 u8 *dst_addr, *orig_addr; 474 u8 *target_addr, *orig_addr;
423 u8 dst_flags, ttl; 475 u8 target_flags, ttl;
424 u32 orig_dsn, dst_dsn, lifetime; 476 u32 orig_sn, target_sn, lifetime;
425 bool reply = false; 477 bool reply = false;
426 bool forward = true; 478 bool forward = true;
427 479
428 /* Update destination DSN, if present */ 480 /* Update target SN, if present */
429 dst_addr = PREQ_IE_DST_ADDR(preq_elem); 481 target_addr = PREQ_IE_TARGET_ADDR(preq_elem);
430 orig_addr = PREQ_IE_ORIG_ADDR(preq_elem); 482 orig_addr = PREQ_IE_ORIG_ADDR(preq_elem);
431 dst_dsn = PREQ_IE_DST_DSN(preq_elem); 483 target_sn = PREQ_IE_TARGET_SN(preq_elem);
432 orig_dsn = PREQ_IE_ORIG_DSN(preq_elem); 484 orig_sn = PREQ_IE_ORIG_SN(preq_elem);
433 dst_flags = PREQ_IE_DST_F(preq_elem); 485 target_flags = PREQ_IE_TARGET_F(preq_elem);
434 486
435 if (memcmp(dst_addr, sdata->dev->dev_addr, ETH_ALEN) == 0) { 487 mhwmp_dbg("received PREQ from %pM\n", orig_addr);
488
489 if (memcmp(target_addr, sdata->dev->dev_addr, ETH_ALEN) == 0) {
490 mhwmp_dbg("PREQ is for us\n");
436 forward = false; 491 forward = false;
437 reply = true; 492 reply = true;
438 metric = 0; 493 metric = 0;
439 if (time_after(jiffies, ifmsh->last_dsn_update + 494 if (time_after(jiffies, ifmsh->last_sn_update +
440 net_traversal_jiffies(sdata)) || 495 net_traversal_jiffies(sdata)) ||
441 time_before(jiffies, ifmsh->last_dsn_update)) { 496 time_before(jiffies, ifmsh->last_sn_update)) {
442 dst_dsn = ++ifmsh->dsn; 497 target_sn = ++ifmsh->sn;
443 ifmsh->last_dsn_update = jiffies; 498 ifmsh->last_sn_update = jiffies;
444 } 499 }
445 } else { 500 } else {
446 rcu_read_lock(); 501 rcu_read_lock();
447 mpath = mesh_path_lookup(dst_addr, sdata); 502 mpath = mesh_path_lookup(target_addr, sdata);
448 if (mpath) { 503 if (mpath) {
449 if ((!(mpath->flags & MESH_PATH_DSN_VALID)) || 504 if ((!(mpath->flags & MESH_PATH_SN_VALID)) ||
450 DSN_LT(mpath->dsn, dst_dsn)) { 505 SN_LT(mpath->sn, target_sn)) {
451 mpath->dsn = dst_dsn; 506 mpath->sn = target_sn;
452 mpath->flags |= MESH_PATH_DSN_VALID; 507 mpath->flags |= MESH_PATH_SN_VALID;
453 } else if ((!(dst_flags & MP_F_DO)) && 508 } else if ((!(target_flags & MP_F_DO)) &&
454 (mpath->flags & MESH_PATH_ACTIVE)) { 509 (mpath->flags & MESH_PATH_ACTIVE)) {
455 reply = true; 510 reply = true;
456 metric = mpath->metric; 511 metric = mpath->metric;
457 dst_dsn = mpath->dsn; 512 target_sn = mpath->sn;
458 if (dst_flags & MP_F_RF) 513 if (target_flags & MP_F_RF)
459 dst_flags |= MP_F_DO; 514 target_flags |= MP_F_DO;
460 else 515 else
461 forward = false; 516 forward = false;
462 } 517 }
@@ -467,13 +522,14 @@ static void hwmp_preq_frame_process(struct ieee80211_sub_if_data *sdata,
467 if (reply) { 522 if (reply) {
468 lifetime = PREQ_IE_LIFETIME(preq_elem); 523 lifetime = PREQ_IE_LIFETIME(preq_elem);
469 ttl = ifmsh->mshcfg.dot11MeshTTL; 524 ttl = ifmsh->mshcfg.dot11MeshTTL;
470 if (ttl != 0) 525 if (ttl != 0) {
471 mesh_path_sel_frame_tx(MPATH_PREP, 0, dst_addr, 526 mhwmp_dbg("replying to the PREQ\n");
472 cpu_to_le32(dst_dsn), 0, orig_addr, 527 mesh_path_sel_frame_tx(MPATH_PREP, 0, target_addr,
473 cpu_to_le32(orig_dsn), mgmt->sa, 0, ttl, 528 cpu_to_le32(target_sn), 0, orig_addr,
529 cpu_to_le32(orig_sn), mgmt->sa, 0, ttl,
474 cpu_to_le32(lifetime), cpu_to_le32(metric), 530 cpu_to_le32(lifetime), cpu_to_le32(metric),
475 0, sdata); 531 0, sdata);
476 else 532 } else
477 ifmsh->mshstats.dropped_frames_ttl++; 533 ifmsh->mshstats.dropped_frames_ttl++;
478 } 534 }
479 535
@@ -487,13 +543,14 @@ static void hwmp_preq_frame_process(struct ieee80211_sub_if_data *sdata,
487 ifmsh->mshstats.dropped_frames_ttl++; 543 ifmsh->mshstats.dropped_frames_ttl++;
488 return; 544 return;
489 } 545 }
546 mhwmp_dbg("forwarding the PREQ from %pM\n", orig_addr);
490 --ttl; 547 --ttl;
491 flags = PREQ_IE_FLAGS(preq_elem); 548 flags = PREQ_IE_FLAGS(preq_elem);
492 preq_id = PREQ_IE_PREQ_ID(preq_elem); 549 preq_id = PREQ_IE_PREQ_ID(preq_elem);
493 hopcount = PREQ_IE_HOPCOUNT(preq_elem) + 1; 550 hopcount = PREQ_IE_HOPCOUNT(preq_elem) + 1;
494 mesh_path_sel_frame_tx(MPATH_PREQ, flags, orig_addr, 551 mesh_path_sel_frame_tx(MPATH_PREQ, flags, orig_addr,
495 cpu_to_le32(orig_dsn), dst_flags, dst_addr, 552 cpu_to_le32(orig_sn), target_flags, target_addr,
496 cpu_to_le32(dst_dsn), sdata->dev->broadcast, 553 cpu_to_le32(target_sn), broadcast_addr,
497 hopcount, ttl, cpu_to_le32(lifetime), 554 hopcount, ttl, cpu_to_le32(lifetime),
498 cpu_to_le32(metric), cpu_to_le32(preq_id), 555 cpu_to_le32(metric), cpu_to_le32(preq_id),
499 sdata); 556 sdata);
@@ -508,10 +565,12 @@ static void hwmp_prep_frame_process(struct ieee80211_sub_if_data *sdata,
508 u8 *prep_elem, u32 metric) 565 u8 *prep_elem, u32 metric)
509{ 566{
510 struct mesh_path *mpath; 567 struct mesh_path *mpath;
511 u8 *dst_addr, *orig_addr; 568 u8 *target_addr, *orig_addr;
512 u8 ttl, hopcount, flags; 569 u8 ttl, hopcount, flags;
513 u8 next_hop[ETH_ALEN]; 570 u8 next_hop[ETH_ALEN];
514 u32 dst_dsn, orig_dsn, lifetime; 571 u32 target_sn, orig_sn, lifetime;
572
573 mhwmp_dbg("received PREP from %pM\n", PREP_IE_ORIG_ADDR(prep_elem));
515 574
516 /* Note that we divert from the draft nomenclature and denominate 575 /* Note that we divert from the draft nomenclature and denominate
517 * destination to what the draft refers to as origininator. So in this 576 * destination to what the draft refers to as origininator. So in this
@@ -519,8 +578,8 @@ static void hwmp_prep_frame_process(struct ieee80211_sub_if_data *sdata,
519 * which corresponds with the originator of the PREQ which this PREP 578 * which corresponds with the originator of the PREQ which this PREP
520 * replies 579 * replies
521 */ 580 */
522 dst_addr = PREP_IE_DST_ADDR(prep_elem); 581 target_addr = PREP_IE_TARGET_ADDR(prep_elem);
523 if (memcmp(dst_addr, sdata->dev->dev_addr, ETH_ALEN) == 0) 582 if (memcmp(target_addr, sdata->dev->dev_addr, ETH_ALEN) == 0)
524 /* destination, no forwarding required */ 583 /* destination, no forwarding required */
525 return; 584 return;
526 585
@@ -531,7 +590,7 @@ static void hwmp_prep_frame_process(struct ieee80211_sub_if_data *sdata,
531 } 590 }
532 591
533 rcu_read_lock(); 592 rcu_read_lock();
534 mpath = mesh_path_lookup(dst_addr, sdata); 593 mpath = mesh_path_lookup(target_addr, sdata);
535 if (mpath) 594 if (mpath)
536 spin_lock_bh(&mpath->state_lock); 595 spin_lock_bh(&mpath->state_lock);
537 else 596 else
@@ -547,13 +606,13 @@ static void hwmp_prep_frame_process(struct ieee80211_sub_if_data *sdata,
547 lifetime = PREP_IE_LIFETIME(prep_elem); 606 lifetime = PREP_IE_LIFETIME(prep_elem);
548 hopcount = PREP_IE_HOPCOUNT(prep_elem) + 1; 607 hopcount = PREP_IE_HOPCOUNT(prep_elem) + 1;
549 orig_addr = PREP_IE_ORIG_ADDR(prep_elem); 608 orig_addr = PREP_IE_ORIG_ADDR(prep_elem);
550 dst_dsn = PREP_IE_DST_DSN(prep_elem); 609 target_sn = PREP_IE_TARGET_SN(prep_elem);
551 orig_dsn = PREP_IE_ORIG_DSN(prep_elem); 610 orig_sn = PREP_IE_ORIG_SN(prep_elem);
552 611
553 mesh_path_sel_frame_tx(MPATH_PREP, flags, orig_addr, 612 mesh_path_sel_frame_tx(MPATH_PREP, flags, orig_addr,
554 cpu_to_le32(orig_dsn), 0, dst_addr, 613 cpu_to_le32(orig_sn), 0, target_addr,
555 cpu_to_le32(dst_dsn), mpath->next_hop->sta.addr, hopcount, ttl, 614 cpu_to_le32(target_sn), mpath->next_hop->sta.addr, hopcount,
556 cpu_to_le32(lifetime), cpu_to_le32(metric), 615 ttl, cpu_to_le32(lifetime), cpu_to_le32(metric),
557 0, sdata); 616 0, sdata);
558 rcu_read_unlock(); 617 rcu_read_unlock();
559 618
@@ -570,32 +629,96 @@ fail:
570static void hwmp_perr_frame_process(struct ieee80211_sub_if_data *sdata, 629static void hwmp_perr_frame_process(struct ieee80211_sub_if_data *sdata,
571 struct ieee80211_mgmt *mgmt, u8 *perr_elem) 630 struct ieee80211_mgmt *mgmt, u8 *perr_elem)
572{ 631{
632 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
573 struct mesh_path *mpath; 633 struct mesh_path *mpath;
574 u8 *ta, *dst_addr; 634 u8 ttl;
575 u32 dst_dsn; 635 u8 *ta, *target_addr;
636 u8 target_flags;
637 u32 target_sn;
638 u16 target_rcode;
576 639
577 ta = mgmt->sa; 640 ta = mgmt->sa;
578 dst_addr = PERR_IE_DST_ADDR(perr_elem); 641 ttl = PERR_IE_TTL(perr_elem);
579 dst_dsn = PERR_IE_DST_DSN(perr_elem); 642 if (ttl <= 1) {
643 ifmsh->mshstats.dropped_frames_ttl++;
644 return;
645 }
646 ttl--;
647 target_flags = PERR_IE_TARGET_FLAGS(perr_elem);
648 target_addr = PERR_IE_TARGET_ADDR(perr_elem);
649 target_sn = PERR_IE_TARGET_SN(perr_elem);
650 target_rcode = PERR_IE_TARGET_RCODE(perr_elem);
651
580 rcu_read_lock(); 652 rcu_read_lock();
581 mpath = mesh_path_lookup(dst_addr, sdata); 653 mpath = mesh_path_lookup(target_addr, sdata);
582 if (mpath) { 654 if (mpath) {
583 spin_lock_bh(&mpath->state_lock); 655 spin_lock_bh(&mpath->state_lock);
584 if (mpath->flags & MESH_PATH_ACTIVE && 656 if (mpath->flags & MESH_PATH_ACTIVE &&
585 memcmp(ta, mpath->next_hop->sta.addr, ETH_ALEN) == 0 && 657 memcmp(ta, mpath->next_hop->sta.addr, ETH_ALEN) == 0 &&
586 (!(mpath->flags & MESH_PATH_DSN_VALID) || 658 (!(mpath->flags & MESH_PATH_SN_VALID) ||
587 DSN_GT(dst_dsn, mpath->dsn))) { 659 SN_GT(target_sn, mpath->sn))) {
588 mpath->flags &= ~MESH_PATH_ACTIVE; 660 mpath->flags &= ~MESH_PATH_ACTIVE;
589 mpath->dsn = dst_dsn; 661 mpath->sn = target_sn;
590 spin_unlock_bh(&mpath->state_lock); 662 spin_unlock_bh(&mpath->state_lock);
591 mesh_path_error_tx(dst_addr, cpu_to_le32(dst_dsn), 663 mesh_path_error_tx(ttl, target_addr, cpu_to_le32(target_sn),
592 sdata->dev->broadcast, sdata); 664 cpu_to_le16(target_rcode),
665 broadcast_addr, sdata);
593 } else 666 } else
594 spin_unlock_bh(&mpath->state_lock); 667 spin_unlock_bh(&mpath->state_lock);
595 } 668 }
596 rcu_read_unlock(); 669 rcu_read_unlock();
597} 670}
598 671
672static void hwmp_rann_frame_process(struct ieee80211_sub_if_data *sdata,
673 struct ieee80211_mgmt *mgmt,
674 struct ieee80211_rann_ie *rann)
675{
676 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
677 struct mesh_path *mpath;
678 u8 *ta;
679 u8 ttl, flags, hopcount;
680 u8 *orig_addr;
681 u32 orig_sn, metric;
682
683 ta = mgmt->sa;
684 ttl = rann->rann_ttl;
685 if (ttl <= 1) {
686 ifmsh->mshstats.dropped_frames_ttl++;
687 return;
688 }
689 ttl--;
690 flags = rann->rann_flags;
691 orig_addr = rann->rann_addr;
692 orig_sn = rann->rann_seq;
693 hopcount = rann->rann_hopcount;
694 hopcount++;
695 metric = rann->rann_metric;
696 mhwmp_dbg("received RANN from %pM\n", orig_addr);
697
698 rcu_read_lock();
699 mpath = mesh_path_lookup(orig_addr, sdata);
700 if (!mpath) {
701 mesh_path_add(orig_addr, sdata);
702 mpath = mesh_path_lookup(orig_addr, sdata);
703 if (!mpath) {
704 rcu_read_unlock();
705 sdata->u.mesh.mshstats.dropped_frames_no_route++;
706 return;
707 }
708 mesh_queue_preq(mpath,
709 PREQ_Q_F_START | PREQ_Q_F_REFRESH);
710 }
711 if (mpath->sn < orig_sn) {
712 mesh_path_sel_frame_tx(MPATH_RANN, flags, orig_addr,
713 cpu_to_le32(orig_sn),
714 0, NULL, 0, broadcast_addr,
715 hopcount, ttl, 0,
716 cpu_to_le32(metric + mpath->metric),
717 0, sdata);
718 mpath->sn = orig_sn;
719 }
720 rcu_read_unlock();
721}
599 722
600 723
601void mesh_rx_path_sel_frame(struct ieee80211_sub_if_data *sdata, 724void mesh_rx_path_sel_frame(struct ieee80211_sub_if_data *sdata,
@@ -614,34 +737,34 @@ void mesh_rx_path_sel_frame(struct ieee80211_sub_if_data *sdata,
614 ieee802_11_parse_elems(mgmt->u.action.u.mesh_action.variable, 737 ieee802_11_parse_elems(mgmt->u.action.u.mesh_action.variable,
615 len - baselen, &elems); 738 len - baselen, &elems);
616 739
617 switch (mgmt->u.action.u.mesh_action.action_code) { 740 if (elems.preq) {
618 case MPATH_PREQ: 741 if (elems.preq_len != 37)
619 if (!elems.preq || elems.preq_len != 37)
620 /* Right now we support just 1 destination and no AE */ 742 /* Right now we support just 1 destination and no AE */
621 return; 743 return;
622 last_hop_metric = hwmp_route_info_get(sdata, mgmt, elems.preq); 744 last_hop_metric = hwmp_route_info_get(sdata, mgmt, elems.preq,
623 if (!last_hop_metric) 745 MPATH_PREQ);
624 return; 746 if (last_hop_metric)
625 hwmp_preq_frame_process(sdata, mgmt, elems.preq, last_hop_metric); 747 hwmp_preq_frame_process(sdata, mgmt, elems.preq,
626 break; 748 last_hop_metric);
627 case MPATH_PREP: 749 }
628 if (!elems.prep || elems.prep_len != 31) 750 if (elems.prep) {
751 if (elems.prep_len != 31)
629 /* Right now we support no AE */ 752 /* Right now we support no AE */
630 return; 753 return;
631 last_hop_metric = hwmp_route_info_get(sdata, mgmt, elems.prep); 754 last_hop_metric = hwmp_route_info_get(sdata, mgmt, elems.prep,
632 if (!last_hop_metric) 755 MPATH_PREP);
633 return; 756 if (last_hop_metric)
634 hwmp_prep_frame_process(sdata, mgmt, elems.prep, last_hop_metric); 757 hwmp_prep_frame_process(sdata, mgmt, elems.prep,
635 break; 758 last_hop_metric);
636 case MPATH_PERR: 759 }
637 if (!elems.perr || elems.perr_len != 12) 760 if (elems.perr) {
761 if (elems.perr_len != 15)
638 /* Right now we support only one destination per PERR */ 762 /* Right now we support only one destination per PERR */
639 return; 763 return;
640 hwmp_perr_frame_process(sdata, mgmt, elems.perr); 764 hwmp_perr_frame_process(sdata, mgmt, elems.perr);
641 default:
642 return;
643 } 765 }
644 766 if (elems.rann)
767 hwmp_rann_frame_process(sdata, mgmt, elems.rann);
645} 768}
646 769
647/** 770/**
@@ -661,7 +784,7 @@ static void mesh_queue_preq(struct mesh_path *mpath, u8 flags)
661 784
662 preq_node = kmalloc(sizeof(struct mesh_preq_queue), GFP_ATOMIC); 785 preq_node = kmalloc(sizeof(struct mesh_preq_queue), GFP_ATOMIC);
663 if (!preq_node) { 786 if (!preq_node) {
664 printk(KERN_DEBUG "Mesh HWMP: could not allocate PREQ node\n"); 787 mhwmp_dbg("could not allocate PREQ node\n");
665 return; 788 return;
666 } 789 }
667 790
@@ -670,7 +793,7 @@ static void mesh_queue_preq(struct mesh_path *mpath, u8 flags)
670 spin_unlock(&ifmsh->mesh_preq_queue_lock); 793 spin_unlock(&ifmsh->mesh_preq_queue_lock);
671 kfree(preq_node); 794 kfree(preq_node);
672 if (printk_ratelimit()) 795 if (printk_ratelimit())
673 printk(KERN_DEBUG "Mesh HWMP: PREQ node queue full\n"); 796 mhwmp_dbg("PREQ node queue full\n");
674 return; 797 return;
675 } 798 }
676 799
@@ -705,7 +828,7 @@ void mesh_path_start_discovery(struct ieee80211_sub_if_data *sdata)
705 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; 828 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
706 struct mesh_preq_queue *preq_node; 829 struct mesh_preq_queue *preq_node;
707 struct mesh_path *mpath; 830 struct mesh_path *mpath;
708 u8 ttl, dst_flags; 831 u8 ttl, target_flags;
709 u32 lifetime; 832 u32 lifetime;
710 833
711 spin_lock_bh(&ifmsh->mesh_preq_queue_lock); 834 spin_lock_bh(&ifmsh->mesh_preq_queue_lock);
@@ -747,11 +870,11 @@ void mesh_path_start_discovery(struct ieee80211_sub_if_data *sdata)
747 870
748 ifmsh->last_preq = jiffies; 871 ifmsh->last_preq = jiffies;
749 872
750 if (time_after(jiffies, ifmsh->last_dsn_update + 873 if (time_after(jiffies, ifmsh->last_sn_update +
751 net_traversal_jiffies(sdata)) || 874 net_traversal_jiffies(sdata)) ||
752 time_before(jiffies, ifmsh->last_dsn_update)) { 875 time_before(jiffies, ifmsh->last_sn_update)) {
753 ++ifmsh->dsn; 876 ++ifmsh->sn;
754 sdata->u.mesh.last_dsn_update = jiffies; 877 sdata->u.mesh.last_sn_update = jiffies;
755 } 878 }
756 lifetime = default_lifetime(sdata); 879 lifetime = default_lifetime(sdata);
757 ttl = sdata->u.mesh.mshcfg.dot11MeshTTL; 880 ttl = sdata->u.mesh.mshcfg.dot11MeshTTL;
@@ -762,14 +885,14 @@ void mesh_path_start_discovery(struct ieee80211_sub_if_data *sdata)
762 } 885 }
763 886
764 if (preq_node->flags & PREQ_Q_F_REFRESH) 887 if (preq_node->flags & PREQ_Q_F_REFRESH)
765 dst_flags = MP_F_DO; 888 target_flags = MP_F_DO;
766 else 889 else
767 dst_flags = MP_F_RF; 890 target_flags = MP_F_RF;
768 891
769 spin_unlock_bh(&mpath->state_lock); 892 spin_unlock_bh(&mpath->state_lock);
770 mesh_path_sel_frame_tx(MPATH_PREQ, 0, sdata->dev->dev_addr, 893 mesh_path_sel_frame_tx(MPATH_PREQ, 0, sdata->dev->dev_addr,
771 cpu_to_le32(ifmsh->dsn), dst_flags, mpath->dst, 894 cpu_to_le32(ifmsh->sn), target_flags, mpath->dst,
772 cpu_to_le32(mpath->dsn), sdata->dev->broadcast, 0, 895 cpu_to_le32(mpath->sn), broadcast_addr, 0,
773 ttl, cpu_to_le32(lifetime), 0, 896 ttl, cpu_to_le32(lifetime), 0,
774 cpu_to_le32(ifmsh->preq_id++), sdata); 897 cpu_to_le32(ifmsh->preq_id++), sdata);
775 mod_timer(&mpath->timer, jiffies + mpath->discovery_timeout); 898 mod_timer(&mpath->timer, jiffies + mpath->discovery_timeout);
@@ -796,15 +919,15 @@ int mesh_nexthop_lookup(struct sk_buff *skb,
796 struct sk_buff *skb_to_free = NULL; 919 struct sk_buff *skb_to_free = NULL;
797 struct mesh_path *mpath; 920 struct mesh_path *mpath;
798 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 921 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
799 u8 *dst_addr = hdr->addr3; 922 u8 *target_addr = hdr->addr3;
800 int err = 0; 923 int err = 0;
801 924
802 rcu_read_lock(); 925 rcu_read_lock();
803 mpath = mesh_path_lookup(dst_addr, sdata); 926 mpath = mesh_path_lookup(target_addr, sdata);
804 927
805 if (!mpath) { 928 if (!mpath) {
806 mesh_path_add(dst_addr, sdata); 929 mesh_path_add(target_addr, sdata);
807 mpath = mesh_path_lookup(dst_addr, sdata); 930 mpath = mesh_path_lookup(target_addr, sdata);
808 if (!mpath) { 931 if (!mpath) {
809 sdata->u.mesh.mshstats.dropped_frames_no_route++; 932 sdata->u.mesh.mshstats.dropped_frames_no_route++;
810 err = -ENOSPC; 933 err = -ENOSPC;
@@ -813,17 +936,16 @@ int mesh_nexthop_lookup(struct sk_buff *skb,
813 } 936 }
814 937
815 if (mpath->flags & MESH_PATH_ACTIVE) { 938 if (mpath->flags & MESH_PATH_ACTIVE) {
816 if (time_after(jiffies, mpath->exp_time + 939 if (time_after(jiffies,
817 msecs_to_jiffies(sdata->u.mesh.mshcfg.path_refresh_time)) 940 mpath->exp_time +
818 && !memcmp(sdata->dev->dev_addr, hdr->addr4, 941 msecs_to_jiffies(sdata->u.mesh.mshcfg.path_refresh_time)) &&
819 ETH_ALEN) 942 !memcmp(sdata->dev->dev_addr, hdr->addr4, ETH_ALEN) &&
820 && !(mpath->flags & MESH_PATH_RESOLVING) 943 !(mpath->flags & MESH_PATH_RESOLVING) &&
821 && !(mpath->flags & MESH_PATH_FIXED)) { 944 !(mpath->flags & MESH_PATH_FIXED)) {
822 mesh_queue_preq(mpath, 945 mesh_queue_preq(mpath,
823 PREQ_Q_F_START | PREQ_Q_F_REFRESH); 946 PREQ_Q_F_START | PREQ_Q_F_REFRESH);
824 } 947 }
825 memcpy(hdr->addr1, mpath->next_hop->sta.addr, 948 memcpy(hdr->addr1, mpath->next_hop->sta.addr, ETH_ALEN);
826 ETH_ALEN);
827 } else { 949 } else {
828 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 950 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
829 if (!(mpath->flags & MESH_PATH_RESOLVING)) { 951 if (!(mpath->flags & MESH_PATH_RESOLVING)) {
@@ -882,3 +1004,14 @@ void mesh_path_timer(unsigned long data)
882endmpathtimer: 1004endmpathtimer:
883 rcu_read_unlock(); 1005 rcu_read_unlock();
884} 1006}
1007
1008void
1009mesh_path_tx_root_frame(struct ieee80211_sub_if_data *sdata)
1010{
1011 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
1012
1013 mesh_path_sel_frame_tx(MPATH_RANN, 0, sdata->dev->dev_addr,
1014 cpu_to_le32(++ifmsh->sn),
1015 0, NULL, 0, broadcast_addr,
1016 0, MESH_TTL, 0, 0, 0, sdata);
1017}
diff --git a/net/mac80211/mesh_pathtbl.c b/net/mac80211/mesh_pathtbl.c
index 719ddbc9e48c..0192cfdacae4 100644
--- a/net/mac80211/mesh_pathtbl.c
+++ b/net/mac80211/mesh_pathtbl.c
@@ -1,5 +1,5 @@
1/* 1/*
2 * Copyright (c) 2008 open80211s Ltd. 2 * Copyright (c) 2008, 2009 open80211s Ltd.
3 * Author: Luis Carlos Cobo <luisca@cozybit.com> 3 * Author: Luis Carlos Cobo <luisca@cozybit.com>
4 * 4 *
5 * This program is free software; you can redistribute it and/or modify 5 * This program is free software; you can redistribute it and/or modify
@@ -449,6 +449,7 @@ err_path_alloc:
449 */ 449 */
450void mesh_plink_broken(struct sta_info *sta) 450void mesh_plink_broken(struct sta_info *sta)
451{ 451{
452 static const u8 bcast[ETH_ALEN] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
452 struct mesh_path *mpath; 453 struct mesh_path *mpath;
453 struct mpath_node *node; 454 struct mpath_node *node;
454 struct hlist_node *p; 455 struct hlist_node *p;
@@ -463,11 +464,12 @@ void mesh_plink_broken(struct sta_info *sta)
463 mpath->flags & MESH_PATH_ACTIVE && 464 mpath->flags & MESH_PATH_ACTIVE &&
464 !(mpath->flags & MESH_PATH_FIXED)) { 465 !(mpath->flags & MESH_PATH_FIXED)) {
465 mpath->flags &= ~MESH_PATH_ACTIVE; 466 mpath->flags &= ~MESH_PATH_ACTIVE;
466 ++mpath->dsn; 467 ++mpath->sn;
467 spin_unlock_bh(&mpath->state_lock); 468 spin_unlock_bh(&mpath->state_lock);
468 mesh_path_error_tx(mpath->dst, 469 mesh_path_error_tx(MESH_TTL, mpath->dst,
469 cpu_to_le32(mpath->dsn), 470 cpu_to_le32(mpath->sn),
470 sdata->dev->broadcast, sdata); 471 cpu_to_le16(PERR_RCODE_DEST_UNREACH),
472 bcast, sdata);
471 } else 473 } else
472 spin_unlock_bh(&mpath->state_lock); 474 spin_unlock_bh(&mpath->state_lock);
473 } 475 }
@@ -601,7 +603,7 @@ void mesh_path_discard_frame(struct sk_buff *skb,
601{ 603{
602 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 604 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
603 struct mesh_path *mpath; 605 struct mesh_path *mpath;
604 u32 dsn = 0; 606 u32 sn = 0;
605 607
606 if (memcmp(hdr->addr4, sdata->dev->dev_addr, ETH_ALEN) != 0) { 608 if (memcmp(hdr->addr4, sdata->dev->dev_addr, ETH_ALEN) != 0) {
607 u8 *ra, *da; 609 u8 *ra, *da;
@@ -610,8 +612,9 @@ void mesh_path_discard_frame(struct sk_buff *skb,
610 ra = hdr->addr1; 612 ra = hdr->addr1;
611 mpath = mesh_path_lookup(da, sdata); 613 mpath = mesh_path_lookup(da, sdata);
612 if (mpath) 614 if (mpath)
613 dsn = ++mpath->dsn; 615 sn = ++mpath->sn;
614 mesh_path_error_tx(skb->data, cpu_to_le32(dsn), ra, sdata); 616 mesh_path_error_tx(MESH_TTL, skb->data, cpu_to_le32(sn),
617 cpu_to_le16(PERR_RCODE_NO_ROUTE), ra, sdata);
615 } 618 }
616 619
617 kfree_skb(skb); 620 kfree_skb(skb);
@@ -646,7 +649,7 @@ void mesh_path_fix_nexthop(struct mesh_path *mpath, struct sta_info *next_hop)
646{ 649{
647 spin_lock_bh(&mpath->state_lock); 650 spin_lock_bh(&mpath->state_lock);
648 mesh_path_assign_nexthop(mpath, next_hop); 651 mesh_path_assign_nexthop(mpath, next_hop);
649 mpath->dsn = 0xffff; 652 mpath->sn = 0xffff;
650 mpath->metric = 0; 653 mpath->metric = 0;
651 mpath->hop_count = 0; 654 mpath->hop_count = 0;
652 mpath->exp_time = 0; 655 mpath->exp_time = 0;
diff --git a/net/mac80211/mesh_plink.c b/net/mac80211/mesh_plink.c
index ffcbad75e09b..0f7c6e6a4248 100644
--- a/net/mac80211/mesh_plink.c
+++ b/net/mac80211/mesh_plink.c
@@ -1,5 +1,5 @@
1/* 1/*
2 * Copyright (c) 2008 open80211s Ltd. 2 * Copyright (c) 2008, 2009 open80211s Ltd.
3 * Author: Luis Carlos Cobo <luisca@cozybit.com> 3 * Author: Luis Carlos Cobo <luisca@cozybit.com>
4 * 4 *
5 * This program is free software; you can redistribute it and/or modify 5 * This program is free software; you can redistribute it and/or modify
@@ -18,9 +18,8 @@
18#define mpl_dbg(fmt, args...) do { (void)(0); } while (0) 18#define mpl_dbg(fmt, args...) do { (void)(0); } while (0)
19#endif 19#endif
20 20
21#define PLINK_GET_FRAME_SUBTYPE(p) (p) 21#define PLINK_GET_LLID(p) (p + 4)
22#define PLINK_GET_LLID(p) (p + 1) 22#define PLINK_GET_PLID(p) (p + 6)
23#define PLINK_GET_PLID(p) (p + 3)
24 23
25#define mod_plink_timer(s, t) (mod_timer(&s->plink_timer, \ 24#define mod_plink_timer(s, t) (mod_timer(&s->plink_timer, \
26 jiffies + HZ * t / 1000)) 25 jiffies + HZ * t / 1000))
@@ -65,6 +64,7 @@ void mesh_plink_inc_estab_count(struct ieee80211_sub_if_data *sdata)
65{ 64{
66 atomic_inc(&sdata->u.mesh.mshstats.estab_plinks); 65 atomic_inc(&sdata->u.mesh.mshstats.estab_plinks);
67 mesh_accept_plinks_update(sdata); 66 mesh_accept_plinks_update(sdata);
67 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON);
68} 68}
69 69
70static inline 70static inline
@@ -72,12 +72,13 @@ void mesh_plink_dec_estab_count(struct ieee80211_sub_if_data *sdata)
72{ 72{
73 atomic_dec(&sdata->u.mesh.mshstats.estab_plinks); 73 atomic_dec(&sdata->u.mesh.mshstats.estab_plinks);
74 mesh_accept_plinks_update(sdata); 74 mesh_accept_plinks_update(sdata);
75 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON);
75} 76}
76 77
77/** 78/**
78 * mesh_plink_fsm_restart - restart a mesh peer link finite state machine 79 * mesh_plink_fsm_restart - restart a mesh peer link finite state machine
79 * 80 *
80 * @sta: mes peer link to restart 81 * @sta: mesh peer link to restart
81 * 82 *
82 * Locking: this function must be called holding sta->lock 83 * Locking: this function must be called holding sta->lock
83 */ 84 */
@@ -152,6 +153,7 @@ static int mesh_plink_frame_tx(struct ieee80211_sub_if_data *sdata,
152 struct sk_buff *skb = dev_alloc_skb(local->hw.extra_tx_headroom + 400); 153 struct sk_buff *skb = dev_alloc_skb(local->hw.extra_tx_headroom + 400);
153 struct ieee80211_mgmt *mgmt; 154 struct ieee80211_mgmt *mgmt;
154 bool include_plid = false; 155 bool include_plid = false;
156 static const u8 meshpeeringproto[] = { 0x00, 0x0F, 0xAC, 0x2A };
155 u8 *pos; 157 u8 *pos;
156 int ie_len; 158 int ie_len;
157 159
@@ -169,7 +171,7 @@ static int mesh_plink_frame_tx(struct ieee80211_sub_if_data *sdata,
169 memcpy(mgmt->da, da, ETH_ALEN); 171 memcpy(mgmt->da, da, ETH_ALEN);
170 memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN); 172 memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
171 /* BSSID is left zeroed, wildcard value */ 173 /* BSSID is left zeroed, wildcard value */
172 mgmt->u.action.category = PLINK_CATEGORY; 174 mgmt->u.action.category = MESH_PLINK_CATEGORY;
173 mgmt->u.action.u.plink_action.action_code = action; 175 mgmt->u.action.u.plink_action.action_code = action;
174 176
175 if (action == PLINK_CLOSE) 177 if (action == PLINK_CLOSE)
@@ -179,7 +181,8 @@ static int mesh_plink_frame_tx(struct ieee80211_sub_if_data *sdata,
179 if (action == PLINK_CONFIRM) { 181 if (action == PLINK_CONFIRM) {
180 pos = skb_put(skb, 4); 182 pos = skb_put(skb, 4);
181 /* two-byte status code followed by two-byte AID */ 183 /* two-byte status code followed by two-byte AID */
182 memset(pos, 0, 4); 184 memset(pos, 0, 2);
185 memcpy(pos + 2, &plid, 2);
183 } 186 }
184 mesh_mgmt_ies_add(skb, sdata); 187 mesh_mgmt_ies_add(skb, sdata);
185 } 188 }
@@ -187,18 +190,18 @@ static int mesh_plink_frame_tx(struct ieee80211_sub_if_data *sdata,
187 /* Add Peer Link Management element */ 190 /* Add Peer Link Management element */
188 switch (action) { 191 switch (action) {
189 case PLINK_OPEN: 192 case PLINK_OPEN:
190 ie_len = 3; 193 ie_len = 6;
191 break; 194 break;
192 case PLINK_CONFIRM: 195 case PLINK_CONFIRM:
193 ie_len = 5; 196 ie_len = 8;
194 include_plid = true; 197 include_plid = true;
195 break; 198 break;
196 case PLINK_CLOSE: 199 case PLINK_CLOSE:
197 default: 200 default:
198 if (!plid) 201 if (!plid)
199 ie_len = 5; 202 ie_len = 8;
200 else { 203 else {
201 ie_len = 7; 204 ie_len = 10;
202 include_plid = true; 205 include_plid = true;
203 } 206 }
204 break; 207 break;
@@ -207,7 +210,8 @@ static int mesh_plink_frame_tx(struct ieee80211_sub_if_data *sdata,
207 pos = skb_put(skb, 2 + ie_len); 210 pos = skb_put(skb, 2 + ie_len);
208 *pos++ = WLAN_EID_PEER_LINK; 211 *pos++ = WLAN_EID_PEER_LINK;
209 *pos++ = ie_len; 212 *pos++ = ie_len;
210 *pos++ = action; 213 memcpy(pos, meshpeeringproto, sizeof(meshpeeringproto));
214 pos += 4;
211 memcpy(pos, &llid, 2); 215 memcpy(pos, &llid, 2);
212 if (include_plid) { 216 if (include_plid) {
213 pos += 2; 217 pos += 2;
@@ -218,7 +222,7 @@ static int mesh_plink_frame_tx(struct ieee80211_sub_if_data *sdata,
218 memcpy(pos, &reason, 2); 222 memcpy(pos, &reason, 2);
219 } 223 }
220 224
221 ieee80211_tx_skb(sdata, skb, 1); 225 ieee80211_tx_skb(sdata, skb);
222 return 0; 226 return 0;
223} 227}
224 228
@@ -395,6 +399,17 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_m
395 u8 ie_len; 399 u8 ie_len;
396 u8 *baseaddr; 400 u8 *baseaddr;
397 __le16 plid, llid, reason; 401 __le16 plid, llid, reason;
402#ifdef CONFIG_MAC80211_VERBOSE_MPL_DEBUG
403 static const char *mplstates[] = {
404 [PLINK_LISTEN] = "LISTEN",
405 [PLINK_OPN_SNT] = "OPN-SNT",
406 [PLINK_OPN_RCVD] = "OPN-RCVD",
407 [PLINK_CNF_RCVD] = "CNF_RCVD",
408 [PLINK_ESTAB] = "ESTAB",
409 [PLINK_HOLDING] = "HOLDING",
410 [PLINK_BLOCKED] = "BLOCKED"
411 };
412#endif
398 413
399 /* need action_code, aux */ 414 /* need action_code, aux */
400 if (len < IEEE80211_MIN_ACTION_SIZE + 3) 415 if (len < IEEE80211_MIN_ACTION_SIZE + 3)
@@ -417,12 +432,13 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_m
417 return; 432 return;
418 } 433 }
419 434
420 ftype = *((u8 *)PLINK_GET_FRAME_SUBTYPE(elems.peer_link)); 435 ftype = mgmt->u.action.u.plink_action.action_code;
421 ie_len = elems.peer_link_len; 436 ie_len = elems.peer_link_len;
422 if ((ftype == PLINK_OPEN && ie_len != 3) || 437 if ((ftype == PLINK_OPEN && ie_len != 6) ||
423 (ftype == PLINK_CONFIRM && ie_len != 5) || 438 (ftype == PLINK_CONFIRM && ie_len != 8) ||
424 (ftype == PLINK_CLOSE && ie_len != 5 && ie_len != 7)) { 439 (ftype == PLINK_CLOSE && ie_len != 8 && ie_len != 10)) {
425 mpl_dbg("Mesh plink: incorrect plink ie length\n"); 440 mpl_dbg("Mesh plink: incorrect plink ie length %d %d\n",
441 ftype, ie_len);
426 return; 442 return;
427 } 443 }
428 444
@@ -434,7 +450,7 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_m
434 * from the point of view of this host. 450 * from the point of view of this host.
435 */ 451 */
436 memcpy(&plid, PLINK_GET_LLID(elems.peer_link), 2); 452 memcpy(&plid, PLINK_GET_LLID(elems.peer_link), 2);
437 if (ftype == PLINK_CONFIRM || (ftype == PLINK_CLOSE && ie_len == 7)) 453 if (ftype == PLINK_CONFIRM || (ftype == PLINK_CLOSE && ie_len == 10))
438 memcpy(&llid, PLINK_GET_PLID(elems.peer_link), 2); 454 memcpy(&llid, PLINK_GET_PLID(elems.peer_link), 2);
439 455
440 rcu_read_lock(); 456 rcu_read_lock();
@@ -532,8 +548,8 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_m
532 } 548 }
533 } 549 }
534 550
535 mpl_dbg("Mesh plink (peer, state, llid, plid, event): %pM %d %d %d %d\n", 551 mpl_dbg("Mesh plink (peer, state, llid, plid, event): %pM %s %d %d %d\n",
536 mgmt->sa, sta->plink_state, 552 mgmt->sa, mplstates[sta->plink_state],
537 le16_to_cpu(sta->llid), le16_to_cpu(sta->plid), 553 le16_to_cpu(sta->llid), le16_to_cpu(sta->plid),
538 event); 554 event);
539 reason = 0; 555 reason = 0;
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index dc5049d58c51..6dc7b5ad9a41 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -426,7 +426,8 @@ static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata,
426 memcpy(pos, &sband->ht_cap.mcs, sizeof(sband->ht_cap.mcs)); 426 memcpy(pos, &sband->ht_cap.mcs, sizeof(sband->ht_cap.mcs));
427 } 427 }
428 428
429 ieee80211_tx_skb(sdata, skb, 0); 429 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
430 ieee80211_tx_skb(sdata, skb);
430} 431}
431 432
432 433
@@ -458,10 +459,18 @@ static void ieee80211_send_deauth_disassoc(struct ieee80211_sub_if_data *sdata,
458 mgmt->u.deauth.reason_code = cpu_to_le16(reason); 459 mgmt->u.deauth.reason_code = cpu_to_le16(reason);
459 460
460 if (stype == IEEE80211_STYPE_DEAUTH) 461 if (stype == IEEE80211_STYPE_DEAUTH)
461 cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len, cookie); 462 if (cookie)
463 __cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len);
464 else
465 cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len);
462 else 466 else
463 cfg80211_send_disassoc(sdata->dev, (u8 *)mgmt, skb->len, cookie); 467 if (cookie)
464 ieee80211_tx_skb(sdata, skb, ifmgd->flags & IEEE80211_STA_MFP_ENABLED); 468 __cfg80211_send_disassoc(sdata->dev, (u8 *)mgmt, skb->len);
469 else
470 cfg80211_send_disassoc(sdata->dev, (u8 *)mgmt, skb->len);
471 if (!(ifmgd->flags & IEEE80211_STA_MFP_ENABLED))
472 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
473 ieee80211_tx_skb(sdata, skb);
465} 474}
466 475
467void ieee80211_send_pspoll(struct ieee80211_local *local, 476void ieee80211_send_pspoll(struct ieee80211_local *local,
@@ -492,7 +501,8 @@ void ieee80211_send_pspoll(struct ieee80211_local *local,
492 memcpy(pspoll->bssid, ifmgd->bssid, ETH_ALEN); 501 memcpy(pspoll->bssid, ifmgd->bssid, ETH_ALEN);
493 memcpy(pspoll->ta, sdata->dev->dev_addr, ETH_ALEN); 502 memcpy(pspoll->ta, sdata->dev->dev_addr, ETH_ALEN);
494 503
495 ieee80211_tx_skb(sdata, skb, 0); 504 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
505 ieee80211_tx_skb(sdata, skb);
496} 506}
497 507
498void ieee80211_send_nullfunc(struct ieee80211_local *local, 508void ieee80211_send_nullfunc(struct ieee80211_local *local,
@@ -525,7 +535,8 @@ void ieee80211_send_nullfunc(struct ieee80211_local *local,
525 memcpy(nullfunc->addr2, sdata->dev->dev_addr, ETH_ALEN); 535 memcpy(nullfunc->addr2, sdata->dev->dev_addr, ETH_ALEN);
526 memcpy(nullfunc->addr3, sdata->u.mgd.bssid, ETH_ALEN); 536 memcpy(nullfunc->addr3, sdata->u.mgd.bssid, ETH_ALEN);
527 537
528 ieee80211_tx_skb(sdata, skb, 0); 538 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
539 ieee80211_tx_skb(sdata, skb);
529} 540}
530 541
531/* spectrum management related things */ 542/* spectrum management related things */
@@ -923,7 +934,7 @@ static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
923 ieee80211_recalc_ps(local, -1); 934 ieee80211_recalc_ps(local, -1);
924 mutex_unlock(&local->iflist_mtx); 935 mutex_unlock(&local->iflist_mtx);
925 936
926 netif_tx_start_all_queues(sdata->dev); 937 netif_start_queue(sdata->dev);
927 netif_carrier_on(sdata->dev); 938 netif_carrier_on(sdata->dev);
928} 939}
929 940
@@ -1055,7 +1066,7 @@ static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
1055 * time -- we don't want the scan code to enable queues. 1066 * time -- we don't want the scan code to enable queues.
1056 */ 1067 */
1057 1068
1058 netif_tx_stop_all_queues(sdata->dev); 1069 netif_stop_queue(sdata->dev);
1059 netif_carrier_off(sdata->dev); 1070 netif_carrier_off(sdata->dev);
1060 1071
1061 rcu_read_lock(); 1072 rcu_read_lock();
@@ -1892,7 +1903,6 @@ ieee80211_rx_result ieee80211_sta_rx_mgmt(struct ieee80211_sub_if_data *sdata,
1892 fc = le16_to_cpu(mgmt->frame_control); 1903 fc = le16_to_cpu(mgmt->frame_control);
1893 1904
1894 switch (fc & IEEE80211_FCTL_STYPE) { 1905 switch (fc & IEEE80211_FCTL_STYPE) {
1895 case IEEE80211_STYPE_PROBE_REQ:
1896 case IEEE80211_STYPE_PROBE_RESP: 1906 case IEEE80211_STYPE_PROBE_RESP:
1897 case IEEE80211_STYPE_BEACON: 1907 case IEEE80211_STYPE_BEACON:
1898 case IEEE80211_STYPE_AUTH: 1908 case IEEE80211_STYPE_AUTH:
@@ -1958,12 +1968,10 @@ static void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
1958 /* no action */ 1968 /* no action */
1959 break; 1969 break;
1960 case RX_MGMT_CFG80211_DEAUTH: 1970 case RX_MGMT_CFG80211_DEAUTH:
1961 cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len, 1971 cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len);
1962 NULL);
1963 break; 1972 break;
1964 case RX_MGMT_CFG80211_DISASSOC: 1973 case RX_MGMT_CFG80211_DISASSOC:
1965 cfg80211_send_disassoc(sdata->dev, (u8 *)mgmt, skb->len, 1974 cfg80211_send_disassoc(sdata->dev, (u8 *)mgmt, skb->len);
1966 NULL);
1967 break; 1975 break;
1968 default: 1976 default:
1969 WARN(1, "unexpected: %d", rma); 1977 WARN(1, "unexpected: %d", rma);
@@ -2018,7 +2026,7 @@ static void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
2018 cfg80211_send_rx_assoc(sdata->dev, (u8 *) mgmt, skb->len); 2026 cfg80211_send_rx_assoc(sdata->dev, (u8 *) mgmt, skb->len);
2019 break; 2027 break;
2020 case RX_MGMT_CFG80211_DEAUTH: 2028 case RX_MGMT_CFG80211_DEAUTH:
2021 cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len, NULL); 2029 cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len);
2022 break; 2030 break;
2023 default: 2031 default:
2024 WARN(1, "unexpected: %d", rma); 2032 WARN(1, "unexpected: %d", rma);
@@ -2500,6 +2508,7 @@ int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
2500 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2508 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2501 struct ieee80211_mgd_work *wk; 2509 struct ieee80211_mgd_work *wk;
2502 const u8 *bssid = NULL; 2510 const u8 *bssid = NULL;
2511 bool not_auth_yet = false;
2503 2512
2504 mutex_lock(&ifmgd->mtx); 2513 mutex_lock(&ifmgd->mtx);
2505 2514
@@ -2509,6 +2518,8 @@ int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
2509 } else list_for_each_entry(wk, &ifmgd->work_list, list) { 2518 } else list_for_each_entry(wk, &ifmgd->work_list, list) {
2510 if (&wk->bss->cbss == req->bss) { 2519 if (&wk->bss->cbss == req->bss) {
2511 bssid = req->bss->bssid; 2520 bssid = req->bss->bssid;
2521 if (wk->state == IEEE80211_MGD_STATE_PROBE)
2522 not_auth_yet = true;
2512 list_del(&wk->list); 2523 list_del(&wk->list);
2513 kfree(wk); 2524 kfree(wk);
2514 break; 2525 break;
@@ -2516,6 +2527,20 @@ int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
2516 } 2527 }
2517 2528
2518 /* 2529 /*
2530 * If somebody requests authentication and we haven't
2531 * sent out an auth frame yet there's no need to send
2532 * out a deauth frame either. If the state was PROBE,
2533 * then this is the case. If it's AUTH we have sent a
2534 * frame, and if it's IDLE we have completed the auth
2535 * process already.
2536 */
2537 if (not_auth_yet) {
2538 mutex_unlock(&ifmgd->mtx);
2539 __cfg80211_auth_canceled(sdata->dev, bssid);
2540 return 0;
2541 }
2542
2543 /*
2519 * cfg80211 should catch this ... but it's racy since 2544 * cfg80211 should catch this ... but it's racy since
2520 * we can receive a deauth frame, process it, hand it 2545 * we can receive a deauth frame, process it, hand it
2521 * to cfg80211 while that's in a locked section already 2546 * to cfg80211 while that's in a locked section already
diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c
index b33efc4fc267..b9007f80cb92 100644
--- a/net/mac80211/rate.c
+++ b/net/mac80211/rate.c
@@ -163,8 +163,7 @@ struct rate_control_ref *rate_control_alloc(const char *name,
163#ifdef CONFIG_MAC80211_DEBUGFS 163#ifdef CONFIG_MAC80211_DEBUGFS
164 debugfsdir = debugfs_create_dir("rc", local->hw.wiphy->debugfsdir); 164 debugfsdir = debugfs_create_dir("rc", local->hw.wiphy->debugfsdir);
165 local->debugfs.rcdir = debugfsdir; 165 local->debugfs.rcdir = debugfsdir;
166 local->debugfs.rcname = debugfs_create_file("name", 0400, debugfsdir, 166 debugfs_create_file("name", 0400, debugfsdir, ref, &rcname_ops);
167 ref, &rcname_ops);
168#endif 167#endif
169 168
170 ref->priv = ref->ops->alloc(&local->hw, debugfsdir); 169 ref->priv = ref->ops->alloc(&local->hw, debugfsdir);
@@ -188,9 +187,7 @@ static void rate_control_release(struct kref *kref)
188 ctrl_ref->ops->free(ctrl_ref->priv); 187 ctrl_ref->ops->free(ctrl_ref->priv);
189 188
190#ifdef CONFIG_MAC80211_DEBUGFS 189#ifdef CONFIG_MAC80211_DEBUGFS
191 debugfs_remove(ctrl_ref->local->debugfs.rcname); 190 debugfs_remove_recursive(ctrl_ref->local->debugfs.rcdir);
192 ctrl_ref->local->debugfs.rcname = NULL;
193 debugfs_remove(ctrl_ref->local->debugfs.rcdir);
194 ctrl_ref->local->debugfs.rcdir = NULL; 191 ctrl_ref->local->debugfs.rcdir = NULL;
195#endif 192#endif
196 193
@@ -287,9 +284,16 @@ int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local,
287 struct rate_control_ref *ref, *old; 284 struct rate_control_ref *ref, *old;
288 285
289 ASSERT_RTNL(); 286 ASSERT_RTNL();
287
290 if (local->open_count) 288 if (local->open_count)
291 return -EBUSY; 289 return -EBUSY;
292 290
291 if (local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL) {
292 if (WARN_ON(!local->ops->set_rts_threshold))
293 return -EINVAL;
294 return 0;
295 }
296
293 ref = rate_control_alloc(name, local); 297 ref = rate_control_alloc(name, local);
294 if (!ref) { 298 if (!ref) {
295 printk(KERN_WARNING "%s: Failed to select rate control " 299 printk(KERN_WARNING "%s: Failed to select rate control "
@@ -308,7 +312,6 @@ int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local,
308 "algorithm '%s'\n", wiphy_name(local->hw.wiphy), 312 "algorithm '%s'\n", wiphy_name(local->hw.wiphy),
309 ref->ops->name); 313 ref->ops->name);
310 314
311
312 return 0; 315 return 0;
313} 316}
314 317
@@ -317,6 +320,10 @@ void rate_control_deinitialize(struct ieee80211_local *local)
317 struct rate_control_ref *ref; 320 struct rate_control_ref *ref;
318 321
319 ref = local->rate_ctrl; 322 ref = local->rate_ctrl;
323
324 if (!ref)
325 return;
326
320 local->rate_ctrl = NULL; 327 local->rate_ctrl = NULL;
321 rate_control_put(ref); 328 rate_control_put(ref);
322} 329}
diff --git a/net/mac80211/rate.h b/net/mac80211/rate.h
index 2ab5ad9e71ce..cb9bd1f65e27 100644
--- a/net/mac80211/rate.h
+++ b/net/mac80211/rate.h
@@ -59,6 +59,9 @@ static inline void rate_control_rate_init(struct sta_info *sta)
59 void *priv_sta = sta->rate_ctrl_priv; 59 void *priv_sta = sta->rate_ctrl_priv;
60 struct ieee80211_supported_band *sband; 60 struct ieee80211_supported_band *sband;
61 61
62 if (!ref)
63 return;
64
62 sband = local->hw.wiphy->bands[local->hw.conf.channel->band]; 65 sband = local->hw.wiphy->bands[local->hw.conf.channel->band];
63 66
64 ref->ops->rate_init(ref->priv, sband, ista, priv_sta); 67 ref->ops->rate_init(ref->priv, sband, ista, priv_sta);
@@ -72,7 +75,7 @@ static inline void rate_control_rate_update(struct ieee80211_local *local,
72 struct ieee80211_sta *ista = &sta->sta; 75 struct ieee80211_sta *ista = &sta->sta;
73 void *priv_sta = sta->rate_ctrl_priv; 76 void *priv_sta = sta->rate_ctrl_priv;
74 77
75 if (ref->ops->rate_update) 78 if (ref && ref->ops->rate_update)
76 ref->ops->rate_update(ref->priv, sband, ista, 79 ref->ops->rate_update(ref->priv, sband, ista,
77 priv_sta, changed); 80 priv_sta, changed);
78} 81}
@@ -97,7 +100,7 @@ static inline void rate_control_add_sta_debugfs(struct sta_info *sta)
97{ 100{
98#ifdef CONFIG_MAC80211_DEBUGFS 101#ifdef CONFIG_MAC80211_DEBUGFS
99 struct rate_control_ref *ref = sta->rate_ctrl; 102 struct rate_control_ref *ref = sta->rate_ctrl;
100 if (sta->debugfs.dir && ref->ops->add_sta_debugfs) 103 if (ref && sta->debugfs.dir && ref->ops->add_sta_debugfs)
101 ref->ops->add_sta_debugfs(ref->priv, sta->rate_ctrl_priv, 104 ref->ops->add_sta_debugfs(ref->priv, sta->rate_ctrl_priv,
102 sta->debugfs.dir); 105 sta->debugfs.dir);
103#endif 106#endif
@@ -107,7 +110,7 @@ static inline void rate_control_remove_sta_debugfs(struct sta_info *sta)
107{ 110{
108#ifdef CONFIG_MAC80211_DEBUGFS 111#ifdef CONFIG_MAC80211_DEBUGFS
109 struct rate_control_ref *ref = sta->rate_ctrl; 112 struct rate_control_ref *ref = sta->rate_ctrl;
110 if (ref->ops->remove_sta_debugfs) 113 if (ref && ref->ops->remove_sta_debugfs)
111 ref->ops->remove_sta_debugfs(ref->priv, sta->rate_ctrl_priv); 114 ref->ops->remove_sta_debugfs(ref->priv, sta->rate_ctrl_priv);
112#endif 115#endif
113} 116}
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 7170bf4565a8..f237df408378 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -27,11 +27,6 @@
27#include "tkip.h" 27#include "tkip.h"
28#include "wme.h" 28#include "wme.h"
29 29
30static u8 ieee80211_sta_manage_reorder_buf(struct ieee80211_hw *hw,
31 struct tid_ampdu_rx *tid_agg_rx,
32 struct sk_buff *skb,
33 u16 mpdu_seq_num,
34 int bar_req);
35/* 30/*
36 * monitor mode reception 31 * monitor mode reception
37 * 32 *
@@ -39,11 +34,8 @@ static u8 ieee80211_sta_manage_reorder_buf(struct ieee80211_hw *hw,
39 * only useful for monitoring. 34 * only useful for monitoring.
40 */ 35 */
41static struct sk_buff *remove_monitor_info(struct ieee80211_local *local, 36static struct sk_buff *remove_monitor_info(struct ieee80211_local *local,
42 struct sk_buff *skb, 37 struct sk_buff *skb)
43 int rtap_len)
44{ 38{
45 skb_pull(skb, rtap_len);
46
47 if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS) { 39 if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS) {
48 if (likely(skb->len > FCS_LEN)) 40 if (likely(skb->len > FCS_LEN))
49 skb_trim(skb, skb->len - FCS_LEN); 41 skb_trim(skb, skb->len - FCS_LEN);
@@ -59,15 +51,14 @@ static struct sk_buff *remove_monitor_info(struct ieee80211_local *local,
59} 51}
60 52
61static inline int should_drop_frame(struct sk_buff *skb, 53static inline int should_drop_frame(struct sk_buff *skb,
62 int present_fcs_len, 54 int present_fcs_len)
63 int radiotap_len)
64{ 55{
65 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); 56 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
66 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 57 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
67 58
68 if (status->flag & (RX_FLAG_FAILED_FCS_CRC | RX_FLAG_FAILED_PLCP_CRC)) 59 if (status->flag & (RX_FLAG_FAILED_FCS_CRC | RX_FLAG_FAILED_PLCP_CRC))
69 return 1; 60 return 1;
70 if (unlikely(skb->len < 16 + present_fcs_len + radiotap_len)) 61 if (unlikely(skb->len < 16 + present_fcs_len))
71 return 1; 62 return 1;
72 if (ieee80211_is_ctl(hdr->frame_control) && 63 if (ieee80211_is_ctl(hdr->frame_control) &&
73 !ieee80211_is_pspoll(hdr->frame_control) && 64 !ieee80211_is_pspoll(hdr->frame_control) &&
@@ -95,10 +86,6 @@ ieee80211_rx_radiotap_len(struct ieee80211_local *local,
95 if (len & 1) /* padding for RX_FLAGS if necessary */ 86 if (len & 1) /* padding for RX_FLAGS if necessary */
96 len++; 87 len++;
97 88
98 /* make sure radiotap starts at a naturally aligned address */
99 if (len % 8)
100 len = roundup(len, 8);
101
102 return len; 89 return len;
103} 90}
104 91
@@ -116,6 +103,7 @@ ieee80211_add_rx_radiotap_header(struct ieee80211_local *local,
116 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); 103 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
117 struct ieee80211_radiotap_header *rthdr; 104 struct ieee80211_radiotap_header *rthdr;
118 unsigned char *pos; 105 unsigned char *pos;
106 u16 rx_flags = 0;
119 107
120 rthdr = (struct ieee80211_radiotap_header *)skb_push(skb, rtap_len); 108 rthdr = (struct ieee80211_radiotap_header *)skb_push(skb, rtap_len);
121 memset(rthdr, 0, rtap_len); 109 memset(rthdr, 0, rtap_len);
@@ -134,7 +122,7 @@ ieee80211_add_rx_radiotap_header(struct ieee80211_local *local,
134 122
135 /* IEEE80211_RADIOTAP_TSFT */ 123 /* IEEE80211_RADIOTAP_TSFT */
136 if (status->flag & RX_FLAG_TSFT) { 124 if (status->flag & RX_FLAG_TSFT) {
137 *(__le64 *)pos = cpu_to_le64(status->mactime); 125 put_unaligned_le64(status->mactime, pos);
138 rthdr->it_present |= 126 rthdr->it_present |=
139 cpu_to_le32(1 << IEEE80211_RADIOTAP_TSFT); 127 cpu_to_le32(1 << IEEE80211_RADIOTAP_TSFT);
140 pos += 8; 128 pos += 8;
@@ -166,17 +154,20 @@ ieee80211_add_rx_radiotap_header(struct ieee80211_local *local,
166 pos++; 154 pos++;
167 155
168 /* IEEE80211_RADIOTAP_CHANNEL */ 156 /* IEEE80211_RADIOTAP_CHANNEL */
169 *(__le16 *)pos = cpu_to_le16(status->freq); 157 put_unaligned_le16(status->freq, pos);
170 pos += 2; 158 pos += 2;
171 if (status->band == IEEE80211_BAND_5GHZ) 159 if (status->band == IEEE80211_BAND_5GHZ)
172 *(__le16 *)pos = cpu_to_le16(IEEE80211_CHAN_OFDM | 160 put_unaligned_le16(IEEE80211_CHAN_OFDM | IEEE80211_CHAN_5GHZ,
173 IEEE80211_CHAN_5GHZ); 161 pos);
162 else if (status->flag & RX_FLAG_HT)
163 put_unaligned_le16(IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ,
164 pos);
174 else if (rate->flags & IEEE80211_RATE_ERP_G) 165 else if (rate->flags & IEEE80211_RATE_ERP_G)
175 *(__le16 *)pos = cpu_to_le16(IEEE80211_CHAN_OFDM | 166 put_unaligned_le16(IEEE80211_CHAN_OFDM | IEEE80211_CHAN_2GHZ,
176 IEEE80211_CHAN_2GHZ); 167 pos);
177 else 168 else
178 *(__le16 *)pos = cpu_to_le16(IEEE80211_CHAN_CCK | 169 put_unaligned_le16(IEEE80211_CHAN_CCK | IEEE80211_CHAN_2GHZ,
179 IEEE80211_CHAN_2GHZ); 170 pos);
180 pos += 2; 171 pos += 2;
181 172
182 /* IEEE80211_RADIOTAP_DBM_ANTSIGNAL */ 173 /* IEEE80211_RADIOTAP_DBM_ANTSIGNAL */
@@ -205,10 +196,11 @@ ieee80211_add_rx_radiotap_header(struct ieee80211_local *local,
205 196
206 /* IEEE80211_RADIOTAP_RX_FLAGS */ 197 /* IEEE80211_RADIOTAP_RX_FLAGS */
207 /* ensure 2 byte alignment for the 2 byte field as required */ 198 /* ensure 2 byte alignment for the 2 byte field as required */
208 if ((pos - (unsigned char *)rthdr) & 1) 199 if ((pos - (u8 *)rthdr) & 1)
209 pos++; 200 pos++;
210 if (status->flag & RX_FLAG_FAILED_PLCP_CRC) 201 if (status->flag & RX_FLAG_FAILED_PLCP_CRC)
211 *(__le16 *)pos |= cpu_to_le16(IEEE80211_RADIOTAP_F_RX_BADPLCP); 202 rx_flags |= IEEE80211_RADIOTAP_F_RX_BADPLCP;
203 put_unaligned_le16(rx_flags, pos);
212 pos += 2; 204 pos += 2;
213} 205}
214 206
@@ -227,7 +219,6 @@ ieee80211_rx_monitor(struct ieee80211_local *local, struct sk_buff *origskb,
227 struct sk_buff *skb, *skb2; 219 struct sk_buff *skb, *skb2;
228 struct net_device *prev_dev = NULL; 220 struct net_device *prev_dev = NULL;
229 int present_fcs_len = 0; 221 int present_fcs_len = 0;
230 int rtap_len = 0;
231 222
232 /* 223 /*
233 * First, we may need to make a copy of the skb because 224 * First, we may need to make a copy of the skb because
@@ -237,25 +228,23 @@ ieee80211_rx_monitor(struct ieee80211_local *local, struct sk_buff *origskb,
237 * We don't need to, of course, if we aren't going to return 228 * We don't need to, of course, if we aren't going to return
238 * the SKB because it has a bad FCS/PLCP checksum. 229 * the SKB because it has a bad FCS/PLCP checksum.
239 */ 230 */
240 if (status->flag & RX_FLAG_RADIOTAP) 231
241 rtap_len = ieee80211_get_radiotap_len(origskb->data); 232 /* room for the radiotap header based on driver features */
242 else 233 needed_headroom = ieee80211_rx_radiotap_len(local, status);
243 /* room for the radiotap header based on driver features */
244 needed_headroom = ieee80211_rx_radiotap_len(local, status);
245 234
246 if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS) 235 if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS)
247 present_fcs_len = FCS_LEN; 236 present_fcs_len = FCS_LEN;
248 237
249 if (!local->monitors) { 238 if (!local->monitors) {
250 if (should_drop_frame(origskb, present_fcs_len, rtap_len)) { 239 if (should_drop_frame(origskb, present_fcs_len)) {
251 dev_kfree_skb(origskb); 240 dev_kfree_skb(origskb);
252 return NULL; 241 return NULL;
253 } 242 }
254 243
255 return remove_monitor_info(local, origskb, rtap_len); 244 return remove_monitor_info(local, origskb);
256 } 245 }
257 246
258 if (should_drop_frame(origskb, present_fcs_len, rtap_len)) { 247 if (should_drop_frame(origskb, present_fcs_len)) {
259 /* only need to expand headroom if necessary */ 248 /* only need to expand headroom if necessary */
260 skb = origskb; 249 skb = origskb;
261 origskb = NULL; 250 origskb = NULL;
@@ -279,16 +268,14 @@ ieee80211_rx_monitor(struct ieee80211_local *local, struct sk_buff *origskb,
279 */ 268 */
280 skb = skb_copy_expand(origskb, needed_headroom, 0, GFP_ATOMIC); 269 skb = skb_copy_expand(origskb, needed_headroom, 0, GFP_ATOMIC);
281 270
282 origskb = remove_monitor_info(local, origskb, rtap_len); 271 origskb = remove_monitor_info(local, origskb);
283 272
284 if (!skb) 273 if (!skb)
285 return origskb; 274 return origskb;
286 } 275 }
287 276
288 /* if necessary, prepend radiotap information */ 277 /* prepend radiotap information */
289 if (!(status->flag & RX_FLAG_RADIOTAP)) 278 ieee80211_add_rx_radiotap_header(local, skb, rate, needed_headroom);
290 ieee80211_add_rx_radiotap_header(local, skb, rate,
291 needed_headroom);
292 279
293 skb_reset_mac_header(skb); 280 skb_reset_mac_header(skb);
294 skb->ip_summed = CHECKSUM_UNNECESSARY; 281 skb->ip_summed = CHECKSUM_UNNECESSARY;
@@ -489,7 +476,7 @@ ieee80211_rx_mesh_check(struct ieee80211_rx_data *rx)
489{ 476{
490 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; 477 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
491 unsigned int hdrlen = ieee80211_hdrlen(hdr->frame_control); 478 unsigned int hdrlen = ieee80211_hdrlen(hdr->frame_control);
492 char *dev_addr = rx->dev->dev_addr; 479 char *dev_addr = rx->sdata->dev->dev_addr;
493 480
494 if (ieee80211_is_data(hdr->frame_control)) { 481 if (ieee80211_is_data(hdr->frame_control)) {
495 if (is_multicast_ether_addr(hdr->addr1)) { 482 if (is_multicast_ether_addr(hdr->addr1)) {
@@ -518,7 +505,7 @@ ieee80211_rx_mesh_check(struct ieee80211_rx_data *rx)
518 505
519 if (ieee80211_is_action(hdr->frame_control)) { 506 if (ieee80211_is_action(hdr->frame_control)) {
520 mgmt = (struct ieee80211_mgmt *)hdr; 507 mgmt = (struct ieee80211_mgmt *)hdr;
521 if (mgmt->u.action.category != PLINK_CATEGORY) 508 if (mgmt->u.action.category != MESH_PLINK_CATEGORY)
522 return RX_DROP_MONITOR; 509 return RX_DROP_MONITOR;
523 return RX_CONTINUE; 510 return RX_CONTINUE;
524 } 511 }
@@ -543,6 +530,242 @@ ieee80211_rx_mesh_check(struct ieee80211_rx_data *rx)
543 return RX_CONTINUE; 530 return RX_CONTINUE;
544} 531}
545 532
533#define SEQ_MODULO 0x1000
534#define SEQ_MASK 0xfff
535
536static inline int seq_less(u16 sq1, u16 sq2)
537{
538 return ((sq1 - sq2) & SEQ_MASK) > (SEQ_MODULO >> 1);
539}
540
541static inline u16 seq_inc(u16 sq)
542{
543 return (sq + 1) & SEQ_MASK;
544}
545
546static inline u16 seq_sub(u16 sq1, u16 sq2)
547{
548 return (sq1 - sq2) & SEQ_MASK;
549}
550
551
552static void ieee80211_release_reorder_frame(struct ieee80211_hw *hw,
553 struct tid_ampdu_rx *tid_agg_rx,
554 int index,
555 struct sk_buff_head *frames)
556{
557 struct ieee80211_supported_band *sband;
558 struct ieee80211_rate *rate = NULL;
559 struct sk_buff *skb = tid_agg_rx->reorder_buf[index];
560 struct ieee80211_rx_status *status;
561
562 if (!skb)
563 goto no_frame;
564
565 status = IEEE80211_SKB_RXCB(skb);
566
567 /* release the reordered frames to stack */
568 sband = hw->wiphy->bands[status->band];
569 if (!(status->flag & RX_FLAG_HT))
570 rate = &sband->bitrates[status->rate_idx];
571 tid_agg_rx->stored_mpdu_num--;
572 tid_agg_rx->reorder_buf[index] = NULL;
573 __skb_queue_tail(frames, skb);
574
575no_frame:
576 tid_agg_rx->head_seq_num = seq_inc(tid_agg_rx->head_seq_num);
577}
578
579static void ieee80211_release_reorder_frames(struct ieee80211_hw *hw,
580 struct tid_ampdu_rx *tid_agg_rx,
581 u16 head_seq_num,
582 struct sk_buff_head *frames)
583{
584 int index;
585
586 while (seq_less(tid_agg_rx->head_seq_num, head_seq_num)) {
587 index = seq_sub(tid_agg_rx->head_seq_num, tid_agg_rx->ssn) %
588 tid_agg_rx->buf_size;
589 ieee80211_release_reorder_frame(hw, tid_agg_rx, index, frames);
590 }
591}
592
593/*
594 * Timeout (in jiffies) for skb's that are waiting in the RX reorder buffer. If
595 * the skb was added to the buffer longer than this time ago, the earlier
596 * frames that have not yet been received are assumed to be lost and the skb
597 * can be released for processing. This may also release other skb's from the
598 * reorder buffer if there are no additional gaps between the frames.
599 */
600#define HT_RX_REORDER_BUF_TIMEOUT (HZ / 10)
601
602/*
603 * As this function belongs to the RX path it must be under
604 * rcu_read_lock protection. It returns false if the frame
605 * can be processed immediately, true if it was consumed.
606 */
607static bool ieee80211_sta_manage_reorder_buf(struct ieee80211_hw *hw,
608 struct tid_ampdu_rx *tid_agg_rx,
609 struct sk_buff *skb,
610 struct sk_buff_head *frames)
611{
612 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
613 u16 sc = le16_to_cpu(hdr->seq_ctrl);
614 u16 mpdu_seq_num = (sc & IEEE80211_SCTL_SEQ) >> 4;
615 u16 head_seq_num, buf_size;
616 int index;
617
618 buf_size = tid_agg_rx->buf_size;
619 head_seq_num = tid_agg_rx->head_seq_num;
620
621 /* frame with out of date sequence number */
622 if (seq_less(mpdu_seq_num, head_seq_num)) {
623 dev_kfree_skb(skb);
624 return true;
625 }
626
627 /*
628 * If frame the sequence number exceeds our buffering window
629 * size release some previous frames to make room for this one.
630 */
631 if (!seq_less(mpdu_seq_num, head_seq_num + buf_size)) {
632 head_seq_num = seq_inc(seq_sub(mpdu_seq_num, buf_size));
633 /* release stored frames up to new head to stack */
634 ieee80211_release_reorder_frames(hw, tid_agg_rx, head_seq_num,
635 frames);
636 }
637
638 /* Now the new frame is always in the range of the reordering buffer */
639
640 index = seq_sub(mpdu_seq_num, tid_agg_rx->ssn) % tid_agg_rx->buf_size;
641
642 /* check if we already stored this frame */
643 if (tid_agg_rx->reorder_buf[index]) {
644 dev_kfree_skb(skb);
645 return true;
646 }
647
648 /*
649 * If the current MPDU is in the right order and nothing else
650 * is stored we can process it directly, no need to buffer it.
651 */
652 if (mpdu_seq_num == tid_agg_rx->head_seq_num &&
653 tid_agg_rx->stored_mpdu_num == 0) {
654 tid_agg_rx->head_seq_num = seq_inc(tid_agg_rx->head_seq_num);
655 return false;
656 }
657
658 /* put the frame in the reordering buffer */
659 tid_agg_rx->reorder_buf[index] = skb;
660 tid_agg_rx->reorder_time[index] = jiffies;
661 tid_agg_rx->stored_mpdu_num++;
662 /* release the buffer until next missing frame */
663 index = seq_sub(tid_agg_rx->head_seq_num, tid_agg_rx->ssn) %
664 tid_agg_rx->buf_size;
665 if (!tid_agg_rx->reorder_buf[index] &&
666 tid_agg_rx->stored_mpdu_num > 1) {
667 /*
668 * No buffers ready to be released, but check whether any
669 * frames in the reorder buffer have timed out.
670 */
671 int j;
672 int skipped = 1;
673 for (j = (index + 1) % tid_agg_rx->buf_size; j != index;
674 j = (j + 1) % tid_agg_rx->buf_size) {
675 if (!tid_agg_rx->reorder_buf[j]) {
676 skipped++;
677 continue;
678 }
679 if (!time_after(jiffies, tid_agg_rx->reorder_time[j] +
680 HT_RX_REORDER_BUF_TIMEOUT))
681 break;
682
683#ifdef CONFIG_MAC80211_HT_DEBUG
684 if (net_ratelimit())
685 printk(KERN_DEBUG "%s: release an RX reorder "
686 "frame due to timeout on earlier "
687 "frames\n",
688 wiphy_name(hw->wiphy));
689#endif
690 ieee80211_release_reorder_frame(hw, tid_agg_rx,
691 j, frames);
692
693 /*
694 * Increment the head seq# also for the skipped slots.
695 */
696 tid_agg_rx->head_seq_num =
697 (tid_agg_rx->head_seq_num + skipped) & SEQ_MASK;
698 skipped = 0;
699 }
700 } else while (tid_agg_rx->reorder_buf[index]) {
701 ieee80211_release_reorder_frame(hw, tid_agg_rx, index, frames);
702 index = seq_sub(tid_agg_rx->head_seq_num, tid_agg_rx->ssn) %
703 tid_agg_rx->buf_size;
704 }
705
706 return true;
707}
708
709/*
710 * Reorder MPDUs from A-MPDUs, keeping them on a buffer. Returns
711 * true if the MPDU was buffered, false if it should be processed.
712 */
713static void ieee80211_rx_reorder_ampdu(struct ieee80211_rx_data *rx,
714 struct sk_buff_head *frames)
715{
716 struct sk_buff *skb = rx->skb;
717 struct ieee80211_local *local = rx->local;
718 struct ieee80211_hw *hw = &local->hw;
719 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
720 struct sta_info *sta = rx->sta;
721 struct tid_ampdu_rx *tid_agg_rx;
722 u16 sc;
723 int tid;
724
725 if (!ieee80211_is_data_qos(hdr->frame_control))
726 goto dont_reorder;
727
728 /*
729 * filter the QoS data rx stream according to
730 * STA/TID and check if this STA/TID is on aggregation
731 */
732
733 if (!sta)
734 goto dont_reorder;
735
736 tid = *ieee80211_get_qos_ctl(hdr) & IEEE80211_QOS_CTL_TID_MASK;
737
738 if (sta->ampdu_mlme.tid_state_rx[tid] != HT_AGG_STATE_OPERATIONAL)
739 goto dont_reorder;
740
741 tid_agg_rx = sta->ampdu_mlme.tid_rx[tid];
742
743 /* qos null data frames are excluded */
744 if (unlikely(hdr->frame_control & cpu_to_le16(IEEE80211_STYPE_NULLFUNC)))
745 goto dont_reorder;
746
747 /* new, potentially un-ordered, ampdu frame - process it */
748
749 /* reset session timer */
750 if (tid_agg_rx->timeout)
751 mod_timer(&tid_agg_rx->session_timer,
752 TU_TO_EXP_TIME(tid_agg_rx->timeout));
753
754 /* if this mpdu is fragmented - terminate rx aggregation session */
755 sc = le16_to_cpu(hdr->seq_ctrl);
756 if (sc & IEEE80211_SCTL_FRAG) {
757 ieee80211_sta_stop_rx_ba_session(sta->sdata, sta->sta.addr,
758 tid, 0, WLAN_REASON_QSTA_REQUIRE_SETUP);
759 dev_kfree_skb(skb);
760 return;
761 }
762
763 if (ieee80211_sta_manage_reorder_buf(hw, tid_agg_rx, skb, frames))
764 return;
765
766 dont_reorder:
767 __skb_queue_tail(frames, skb);
768}
546 769
547static ieee80211_rx_result debug_noinline 770static ieee80211_rx_result debug_noinline
548ieee80211_rx_h_check(struct ieee80211_rx_data *rx) 771ieee80211_rx_h_check(struct ieee80211_rx_data *rx)
@@ -603,7 +826,9 @@ ieee80211_rx_h_check(struct ieee80211_rx_data *rx)
603static ieee80211_rx_result debug_noinline 826static ieee80211_rx_result debug_noinline
604ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx) 827ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
605{ 828{
606 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; 829 struct sk_buff *skb = rx->skb;
830 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
831 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
607 int keyidx; 832 int keyidx;
608 int hdrlen; 833 int hdrlen;
609 ieee80211_rx_result result = RX_DROP_UNUSABLE; 834 ieee80211_rx_result result = RX_DROP_UNUSABLE;
@@ -644,6 +869,9 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
644 if (!(rx->flags & IEEE80211_RX_RA_MATCH)) 869 if (!(rx->flags & IEEE80211_RX_RA_MATCH))
645 return RX_CONTINUE; 870 return RX_CONTINUE;
646 871
872 /* start without a key */
873 rx->key = NULL;
874
647 if (rx->sta) 875 if (rx->sta)
648 stakey = rcu_dereference(rx->sta->key); 876 stakey = rcu_dereference(rx->sta->key);
649 877
@@ -657,8 +885,8 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
657 return RX_CONTINUE; 885 return RX_CONTINUE;
658 } else if (mmie_keyidx >= 0) { 886 } else if (mmie_keyidx >= 0) {
659 /* Broadcast/multicast robust management frame / BIP */ 887 /* Broadcast/multicast robust management frame / BIP */
660 if ((rx->status->flag & RX_FLAG_DECRYPTED) && 888 if ((status->flag & RX_FLAG_DECRYPTED) &&
661 (rx->status->flag & RX_FLAG_IV_STRIPPED)) 889 (status->flag & RX_FLAG_IV_STRIPPED))
662 return RX_CONTINUE; 890 return RX_CONTINUE;
663 891
664 if (mmie_keyidx < NUM_DEFAULT_KEYS || 892 if (mmie_keyidx < NUM_DEFAULT_KEYS ||
@@ -690,8 +918,8 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
690 * we somehow allow the driver to tell us which key 918 * we somehow allow the driver to tell us which key
691 * the hardware used if this flag is set? 919 * the hardware used if this flag is set?
692 */ 920 */
693 if ((rx->status->flag & RX_FLAG_DECRYPTED) && 921 if ((status->flag & RX_FLAG_DECRYPTED) &&
694 (rx->status->flag & RX_FLAG_IV_STRIPPED)) 922 (status->flag & RX_FLAG_IV_STRIPPED))
695 return RX_CONTINUE; 923 return RX_CONTINUE;
696 924
697 hdrlen = ieee80211_hdrlen(hdr->frame_control); 925 hdrlen = ieee80211_hdrlen(hdr->frame_control);
@@ -727,8 +955,8 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
727 /* Check for weak IVs if possible */ 955 /* Check for weak IVs if possible */
728 if (rx->sta && rx->key->conf.alg == ALG_WEP && 956 if (rx->sta && rx->key->conf.alg == ALG_WEP &&
729 ieee80211_is_data(hdr->frame_control) && 957 ieee80211_is_data(hdr->frame_control) &&
730 (!(rx->status->flag & RX_FLAG_IV_STRIPPED) || 958 (!(status->flag & RX_FLAG_IV_STRIPPED) ||
731 !(rx->status->flag & RX_FLAG_DECRYPTED)) && 959 !(status->flag & RX_FLAG_DECRYPTED)) &&
732 ieee80211_wep_is_weak_iv(rx->skb, rx->key)) 960 ieee80211_wep_is_weak_iv(rx->skb, rx->key))
733 rx->sta->wep_weak_iv_count++; 961 rx->sta->wep_weak_iv_count++;
734 962
@@ -748,7 +976,7 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
748 } 976 }
749 977
750 /* either the frame has been decrypted or will be dropped */ 978 /* either the frame has been decrypted or will be dropped */
751 rx->status->flag |= RX_FLAG_DECRYPTED; 979 status->flag |= RX_FLAG_DECRYPTED;
752 980
753 return result; 981 return result;
754} 982}
@@ -792,7 +1020,7 @@ static void ap_sta_ps_start(struct sta_info *sta)
792 struct ieee80211_local *local = sdata->local; 1020 struct ieee80211_local *local = sdata->local;
793 1021
794 atomic_inc(&sdata->bss->num_sta_ps); 1022 atomic_inc(&sdata->bss->num_sta_ps);
795 set_sta_flags(sta, WLAN_STA_PS); 1023 set_sta_flags(sta, WLAN_STA_PS_STA);
796 drv_sta_notify(local, &sdata->vif, STA_NOTIFY_SLEEP, &sta->sta); 1024 drv_sta_notify(local, &sdata->vif, STA_NOTIFY_SLEEP, &sta->sta);
797#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 1025#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
798 printk(KERN_DEBUG "%s: STA %pM aid %d enters power save mode\n", 1026 printk(KERN_DEBUG "%s: STA %pM aid %d enters power save mode\n",
@@ -800,45 +1028,37 @@ static void ap_sta_ps_start(struct sta_info *sta)
800#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */ 1028#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
801} 1029}
802 1030
803static int ap_sta_ps_end(struct sta_info *sta) 1031static void ap_sta_ps_end(struct sta_info *sta)
804{ 1032{
805 struct ieee80211_sub_if_data *sdata = sta->sdata; 1033 struct ieee80211_sub_if_data *sdata = sta->sdata;
806 struct ieee80211_local *local = sdata->local;
807 int sent, buffered;
808 1034
809 atomic_dec(&sdata->bss->num_sta_ps); 1035 atomic_dec(&sdata->bss->num_sta_ps);
810 1036
811 clear_sta_flags(sta, WLAN_STA_PS); 1037 clear_sta_flags(sta, WLAN_STA_PS_STA);
812 drv_sta_notify(local, &sdata->vif, STA_NOTIFY_AWAKE, &sta->sta);
813
814 if (!skb_queue_empty(&sta->ps_tx_buf))
815 sta_info_clear_tim_bit(sta);
816 1038
817#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 1039#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
818 printk(KERN_DEBUG "%s: STA %pM aid %d exits power save mode\n", 1040 printk(KERN_DEBUG "%s: STA %pM aid %d exits power save mode\n",
819 sdata->dev->name, sta->sta.addr, sta->sta.aid); 1041 sdata->dev->name, sta->sta.addr, sta->sta.aid);
820#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */ 1042#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
821 1043
822 /* Send all buffered frames to the station */ 1044 if (test_sta_flags(sta, WLAN_STA_PS_DRIVER)) {
823 sent = ieee80211_add_pending_skbs(local, &sta->tx_filtered);
824 buffered = ieee80211_add_pending_skbs(local, &sta->ps_tx_buf);
825 sent += buffered;
826 local->total_ps_buffered -= buffered;
827
828#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 1045#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
829 printk(KERN_DEBUG "%s: STA %pM aid %d sending %d filtered/%d PS frames " 1046 printk(KERN_DEBUG "%s: STA %pM aid %d driver-ps-blocked\n",
830 "since STA not sleeping anymore\n", sdata->dev->name, 1047 sdata->dev->name, sta->sta.addr, sta->sta.aid);
831 sta->sta.addr, sta->sta.aid, sent - buffered, buffered);
832#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */ 1048#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
1049 return;
1050 }
833 1051
834 return sent; 1052 ieee80211_sta_ps_deliver_wakeup(sta);
835} 1053}
836 1054
837static ieee80211_rx_result debug_noinline 1055static ieee80211_rx_result debug_noinline
838ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx) 1056ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx)
839{ 1057{
840 struct sta_info *sta = rx->sta; 1058 struct sta_info *sta = rx->sta;
841 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; 1059 struct sk_buff *skb = rx->skb;
1060 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
1061 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
842 1062
843 if (!sta) 1063 if (!sta)
844 return RX_CONTINUE; 1064 return RX_CONTINUE;
@@ -869,9 +1089,8 @@ ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx)
869 1089
870 sta->rx_fragments++; 1090 sta->rx_fragments++;
871 sta->rx_bytes += rx->skb->len; 1091 sta->rx_bytes += rx->skb->len;
872 sta->last_signal = rx->status->signal; 1092 sta->last_signal = status->signal;
873 sta->last_qual = rx->status->qual; 1093 sta->last_noise = status->noise;
874 sta->last_noise = rx->status->noise;
875 1094
876 /* 1095 /*
877 * Change STA power saving mode only at the end of a frame 1096 * Change STA power saving mode only at the end of a frame
@@ -880,7 +1099,7 @@ ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx)
880 if (!ieee80211_has_morefrags(hdr->frame_control) && 1099 if (!ieee80211_has_morefrags(hdr->frame_control) &&
881 (rx->sdata->vif.type == NL80211_IFTYPE_AP || 1100 (rx->sdata->vif.type == NL80211_IFTYPE_AP ||
882 rx->sdata->vif.type == NL80211_IFTYPE_AP_VLAN)) { 1101 rx->sdata->vif.type == NL80211_IFTYPE_AP_VLAN)) {
883 if (test_sta_flags(sta, WLAN_STA_PS)) { 1102 if (test_sta_flags(sta, WLAN_STA_PS_STA)) {
884 /* 1103 /*
885 * Ignore doze->wake transitions that are 1104 * Ignore doze->wake transitions that are
886 * indicated by non-data frames, the standard 1105 * indicated by non-data frames, the standard
@@ -891,19 +1110,24 @@ ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx)
891 */ 1110 */
892 if (ieee80211_is_data(hdr->frame_control) && 1111 if (ieee80211_is_data(hdr->frame_control) &&
893 !ieee80211_has_pm(hdr->frame_control)) 1112 !ieee80211_has_pm(hdr->frame_control))
894 rx->sent_ps_buffered += ap_sta_ps_end(sta); 1113 ap_sta_ps_end(sta);
895 } else { 1114 } else {
896 if (ieee80211_has_pm(hdr->frame_control)) 1115 if (ieee80211_has_pm(hdr->frame_control))
897 ap_sta_ps_start(sta); 1116 ap_sta_ps_start(sta);
898 } 1117 }
899 } 1118 }
900 1119
901 /* Drop data::nullfunc frames silently, since they are used only to 1120 /*
902 * control station power saving mode. */ 1121 * Drop (qos-)data::nullfunc frames silently, since they
903 if (ieee80211_is_nullfunc(hdr->frame_control)) { 1122 * are used only to control station power saving mode.
1123 */
1124 if (ieee80211_is_nullfunc(hdr->frame_control) ||
1125 ieee80211_is_qos_nullfunc(hdr->frame_control)) {
904 I802_DEBUG_INC(rx->local->rx_handlers_drop_nullfunc); 1126 I802_DEBUG_INC(rx->local->rx_handlers_drop_nullfunc);
905 /* Update counter and free packet here to avoid counting this 1127 /*
906 * as a dropped packed. */ 1128 * Update counter and free packet here to avoid
1129 * counting this as a dropped packed.
1130 */
907 sta->rx_packets++; 1131 sta->rx_packets++;
908 dev_kfree_skb(rx->skb); 1132 dev_kfree_skb(rx->skb);
909 return RX_QUEUED; 1133 return RX_QUEUED;
@@ -1103,9 +1327,7 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
1103static ieee80211_rx_result debug_noinline 1327static ieee80211_rx_result debug_noinline
1104ieee80211_rx_h_ps_poll(struct ieee80211_rx_data *rx) 1328ieee80211_rx_h_ps_poll(struct ieee80211_rx_data *rx)
1105{ 1329{
1106 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev); 1330 struct ieee80211_sub_if_data *sdata = rx->sdata;
1107 struct sk_buff *skb;
1108 int no_pending_pkts;
1109 __le16 fc = ((struct ieee80211_hdr *)rx->skb->data)->frame_control; 1331 __le16 fc = ((struct ieee80211_hdr *)rx->skb->data)->frame_control;
1110 1332
1111 if (likely(!rx->sta || !ieee80211_is_pspoll(fc) || 1333 if (likely(!rx->sta || !ieee80211_is_pspoll(fc) ||
@@ -1116,56 +1338,10 @@ ieee80211_rx_h_ps_poll(struct ieee80211_rx_data *rx)
1116 (sdata->vif.type != NL80211_IFTYPE_AP_VLAN)) 1338 (sdata->vif.type != NL80211_IFTYPE_AP_VLAN))
1117 return RX_DROP_UNUSABLE; 1339 return RX_DROP_UNUSABLE;
1118 1340
1119 skb = skb_dequeue(&rx->sta->tx_filtered); 1341 if (!test_sta_flags(rx->sta, WLAN_STA_PS_DRIVER))
1120 if (!skb) { 1342 ieee80211_sta_ps_deliver_poll_response(rx->sta);
1121 skb = skb_dequeue(&rx->sta->ps_tx_buf); 1343 else
1122 if (skb) 1344 set_sta_flags(rx->sta, WLAN_STA_PSPOLL);
1123 rx->local->total_ps_buffered--;
1124 }
1125 no_pending_pkts = skb_queue_empty(&rx->sta->tx_filtered) &&
1126 skb_queue_empty(&rx->sta->ps_tx_buf);
1127
1128 if (skb) {
1129 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1130 struct ieee80211_hdr *hdr =
1131 (struct ieee80211_hdr *) skb->data;
1132
1133 /*
1134 * Tell TX path to send this frame even though the STA may
1135 * still remain is PS mode after this frame exchange.
1136 */
1137 info->flags |= IEEE80211_TX_CTL_PSPOLL_RESPONSE;
1138
1139#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
1140 printk(KERN_DEBUG "STA %pM aid %d: PS Poll (entries after %d)\n",
1141 rx->sta->sta.addr, rx->sta->sta.aid,
1142 skb_queue_len(&rx->sta->ps_tx_buf));
1143#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
1144
1145 /* Use MoreData flag to indicate whether there are more
1146 * buffered frames for this STA */
1147 if (no_pending_pkts)
1148 hdr->frame_control &= cpu_to_le16(~IEEE80211_FCTL_MOREDATA);
1149 else
1150 hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_MOREDATA);
1151
1152 ieee80211_add_pending_skb(rx->local, skb);
1153
1154 if (no_pending_pkts)
1155 sta_info_clear_tim_bit(rx->sta);
1156#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
1157 } else if (!rx->sent_ps_buffered) {
1158 /*
1159 * FIXME: This can be the result of a race condition between
1160 * us expiring a frame and the station polling for it.
1161 * Should we send it a null-func frame indicating we
1162 * have nothing buffered for it?
1163 */
1164 printk(KERN_DEBUG "%s: STA %pM sent PS Poll even "
1165 "though there are no buffered frames for it\n",
1166 rx->dev->name, rx->sta->sta.addr);
1167#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
1168 }
1169 1345
1170 /* Free PS Poll skb here instead of returning RX_DROP that would 1346 /* Free PS Poll skb here instead of returning RX_DROP that would
1171 * count as an dropped frame. */ 1347 * count as an dropped frame. */
@@ -1206,11 +1382,14 @@ ieee80211_802_1x_port_control(struct ieee80211_rx_data *rx)
1206static int 1382static int
1207ieee80211_drop_unencrypted(struct ieee80211_rx_data *rx, __le16 fc) 1383ieee80211_drop_unencrypted(struct ieee80211_rx_data *rx, __le16 fc)
1208{ 1384{
1385 struct sk_buff *skb = rx->skb;
1386 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
1387
1209 /* 1388 /*
1210 * Pass through unencrypted frames if the hardware has 1389 * Pass through unencrypted frames if the hardware has
1211 * decrypted them already. 1390 * decrypted them already.
1212 */ 1391 */
1213 if (rx->status->flag & RX_FLAG_DECRYPTED) 1392 if (status->flag & RX_FLAG_DECRYPTED)
1214 return 0; 1393 return 0;
1215 1394
1216 /* Drop unencrypted frames if key is set. */ 1395 /* Drop unencrypted frames if key is set. */
@@ -1224,8 +1403,8 @@ ieee80211_drop_unencrypted(struct ieee80211_rx_data *rx, __le16 fc)
1224 rx->key)) 1403 rx->key))
1225 return -EACCES; 1404 return -EACCES;
1226 /* BIP does not use Protected field, so need to check MMIE */ 1405 /* BIP does not use Protected field, so need to check MMIE */
1227 if (unlikely(ieee80211_is_multicast_robust_mgmt_frame(rx->skb) 1406 if (unlikely(ieee80211_is_multicast_robust_mgmt_frame(rx->skb) &&
1228 && ieee80211_get_mmie_keyidx(rx->skb) < 0 && 1407 ieee80211_get_mmie_keyidx(rx->skb) < 0 &&
1229 rx->key)) 1408 rx->key))
1230 return -EACCES; 1409 return -EACCES;
1231 /* 1410 /*
@@ -1244,8 +1423,18 @@ ieee80211_drop_unencrypted(struct ieee80211_rx_data *rx, __le16 fc)
1244static int 1423static int
1245__ieee80211_data_to_8023(struct ieee80211_rx_data *rx) 1424__ieee80211_data_to_8023(struct ieee80211_rx_data *rx)
1246{ 1425{
1247 struct net_device *dev = rx->dev; 1426 struct ieee80211_sub_if_data *sdata = rx->sdata;
1248 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1427 struct net_device *dev = sdata->dev;
1428 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
1429
1430 if (ieee80211_has_a4(hdr->frame_control) &&
1431 sdata->vif.type == NL80211_IFTYPE_AP_VLAN && !sdata->u.vlan.sta)
1432 return -1;
1433
1434 if (is_multicast_ether_addr(hdr->addr1) &&
1435 ((sdata->vif.type == NL80211_IFTYPE_AP_VLAN && sdata->u.vlan.sta) ||
1436 (sdata->vif.type == NL80211_IFTYPE_STATION && sdata->u.mgd.use_4addr)))
1437 return -1;
1249 1438
1250 return ieee80211_data_to_8023(rx->skb, dev->dev_addr, sdata->vif.type); 1439 return ieee80211_data_to_8023(rx->skb, dev->dev_addr, sdata->vif.type);
1251} 1440}
@@ -1264,7 +1453,7 @@ static bool ieee80211_frame_allowed(struct ieee80211_rx_data *rx, __le16 fc)
1264 * of whether the frame was encrypted or not. 1453 * of whether the frame was encrypted or not.
1265 */ 1454 */
1266 if (ehdr->h_proto == htons(ETH_P_PAE) && 1455 if (ehdr->h_proto == htons(ETH_P_PAE) &&
1267 (compare_ether_addr(ehdr->h_dest, rx->dev->dev_addr) == 0 || 1456 (compare_ether_addr(ehdr->h_dest, rx->sdata->dev->dev_addr) == 0 ||
1268 compare_ether_addr(ehdr->h_dest, pae_group_addr) == 0)) 1457 compare_ether_addr(ehdr->h_dest, pae_group_addr) == 0))
1269 return true; 1458 return true;
1270 1459
@@ -1281,10 +1470,10 @@ static bool ieee80211_frame_allowed(struct ieee80211_rx_data *rx, __le16 fc)
1281static void 1470static void
1282ieee80211_deliver_skb(struct ieee80211_rx_data *rx) 1471ieee80211_deliver_skb(struct ieee80211_rx_data *rx)
1283{ 1472{
1284 struct net_device *dev = rx->dev; 1473 struct ieee80211_sub_if_data *sdata = rx->sdata;
1474 struct net_device *dev = sdata->dev;
1285 struct ieee80211_local *local = rx->local; 1475 struct ieee80211_local *local = rx->local;
1286 struct sk_buff *skb, *xmit_skb; 1476 struct sk_buff *skb, *xmit_skb;
1287 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1288 struct ethhdr *ehdr = (struct ethhdr *) rx->skb->data; 1477 struct ethhdr *ehdr = (struct ethhdr *) rx->skb->data;
1289 struct sta_info *dsta; 1478 struct sta_info *dsta;
1290 1479
@@ -1294,7 +1483,8 @@ ieee80211_deliver_skb(struct ieee80211_rx_data *rx)
1294 if ((sdata->vif.type == NL80211_IFTYPE_AP || 1483 if ((sdata->vif.type == NL80211_IFTYPE_AP ||
1295 sdata->vif.type == NL80211_IFTYPE_AP_VLAN) && 1484 sdata->vif.type == NL80211_IFTYPE_AP_VLAN) &&
1296 !(sdata->flags & IEEE80211_SDATA_DONT_BRIDGE_PACKETS) && 1485 !(sdata->flags & IEEE80211_SDATA_DONT_BRIDGE_PACKETS) &&
1297 (rx->flags & IEEE80211_RX_RA_MATCH)) { 1486 (rx->flags & IEEE80211_RX_RA_MATCH) &&
1487 (sdata->vif.type != NL80211_IFTYPE_AP_VLAN || !sdata->u.vlan.sta)) {
1298 if (is_multicast_ether_addr(ehdr->h_dest)) { 1488 if (is_multicast_ether_addr(ehdr->h_dest)) {
1299 /* 1489 /*
1300 * send multicast frames both to higher layers in 1490 * send multicast frames both to higher layers in
@@ -1337,10 +1527,10 @@ ieee80211_deliver_skb(struct ieee80211_rx_data *rx)
1337 skb = NULL; 1527 skb = NULL;
1338 } else { 1528 } else {
1339 u8 *data = skb->data; 1529 u8 *data = skb->data;
1340 size_t len = skb->len; 1530 size_t len = skb_headlen(skb);
1341 u8 *new = __skb_push(skb, align); 1531 skb->data -= align;
1342 memmove(new, data, len); 1532 memmove(skb->data, data, len);
1343 __skb_trim(skb, len); 1533 skb_set_tail_pointer(skb, len);
1344 } 1534 }
1345 } 1535 }
1346#endif 1536#endif
@@ -1365,7 +1555,7 @@ ieee80211_deliver_skb(struct ieee80211_rx_data *rx)
1365static ieee80211_rx_result debug_noinline 1555static ieee80211_rx_result debug_noinline
1366ieee80211_rx_h_amsdu(struct ieee80211_rx_data *rx) 1556ieee80211_rx_h_amsdu(struct ieee80211_rx_data *rx)
1367{ 1557{
1368 struct net_device *dev = rx->dev; 1558 struct net_device *dev = rx->sdata->dev;
1369 struct ieee80211_local *local = rx->local; 1559 struct ieee80211_local *local = rx->local;
1370 u16 ethertype; 1560 u16 ethertype;
1371 u8 *payload; 1561 u8 *payload;
@@ -1490,12 +1680,11 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
1490 unsigned int hdrlen; 1680 unsigned int hdrlen;
1491 struct sk_buff *skb = rx->skb, *fwd_skb; 1681 struct sk_buff *skb = rx->skb, *fwd_skb;
1492 struct ieee80211_local *local = rx->local; 1682 struct ieee80211_local *local = rx->local;
1493 struct ieee80211_sub_if_data *sdata; 1683 struct ieee80211_sub_if_data *sdata = rx->sdata;
1494 1684
1495 hdr = (struct ieee80211_hdr *) skb->data; 1685 hdr = (struct ieee80211_hdr *) skb->data;
1496 hdrlen = ieee80211_hdrlen(hdr->frame_control); 1686 hdrlen = ieee80211_hdrlen(hdr->frame_control);
1497 mesh_hdr = (struct ieee80211s_hdr *) (skb->data + hdrlen); 1687 mesh_hdr = (struct ieee80211s_hdr *) (skb->data + hdrlen);
1498 sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev);
1499 1688
1500 if (!ieee80211_is_data(hdr->frame_control)) 1689 if (!ieee80211_is_data(hdr->frame_control))
1501 return RX_CONTINUE; 1690 return RX_CONTINUE;
@@ -1504,19 +1693,28 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
1504 /* illegal frame */ 1693 /* illegal frame */
1505 return RX_DROP_MONITOR; 1694 return RX_DROP_MONITOR;
1506 1695
1507 if (!is_multicast_ether_addr(hdr->addr1) && 1696 if (mesh_hdr->flags & MESH_FLAGS_AE) {
1508 (mesh_hdr->flags & MESH_FLAGS_AE_A5_A6)) {
1509 struct mesh_path *mppath; 1697 struct mesh_path *mppath;
1698 char *proxied_addr;
1699 char *mpp_addr;
1700
1701 if (is_multicast_ether_addr(hdr->addr1)) {
1702 mpp_addr = hdr->addr3;
1703 proxied_addr = mesh_hdr->eaddr1;
1704 } else {
1705 mpp_addr = hdr->addr4;
1706 proxied_addr = mesh_hdr->eaddr2;
1707 }
1510 1708
1511 rcu_read_lock(); 1709 rcu_read_lock();
1512 mppath = mpp_path_lookup(mesh_hdr->eaddr2, sdata); 1710 mppath = mpp_path_lookup(proxied_addr, sdata);
1513 if (!mppath) { 1711 if (!mppath) {
1514 mpp_path_add(mesh_hdr->eaddr2, hdr->addr4, sdata); 1712 mpp_path_add(proxied_addr, mpp_addr, sdata);
1515 } else { 1713 } else {
1516 spin_lock_bh(&mppath->state_lock); 1714 spin_lock_bh(&mppath->state_lock);
1517 mppath->exp_time = jiffies; 1715 mppath->exp_time = jiffies;
1518 if (compare_ether_addr(mppath->mpp, hdr->addr4) != 0) 1716 if (compare_ether_addr(mppath->mpp, mpp_addr) != 0)
1519 memcpy(mppath->mpp, hdr->addr4, ETH_ALEN); 1717 memcpy(mppath->mpp, mpp_addr, ETH_ALEN);
1520 spin_unlock_bh(&mppath->state_lock); 1718 spin_unlock_bh(&mppath->state_lock);
1521 } 1719 }
1522 rcu_read_unlock(); 1720 rcu_read_unlock();
@@ -1524,7 +1722,7 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
1524 1722
1525 /* Frame has reached destination. Don't forward */ 1723 /* Frame has reached destination. Don't forward */
1526 if (!is_multicast_ether_addr(hdr->addr1) && 1724 if (!is_multicast_ether_addr(hdr->addr1) &&
1527 compare_ether_addr(rx->dev->dev_addr, hdr->addr3) == 0) 1725 compare_ether_addr(sdata->dev->dev_addr, hdr->addr3) == 0)
1528 return RX_CONTINUE; 1726 return RX_CONTINUE;
1529 1727
1530 mesh_hdr->ttl--; 1728 mesh_hdr->ttl--;
@@ -1541,10 +1739,10 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
1541 1739
1542 if (!fwd_skb && net_ratelimit()) 1740 if (!fwd_skb && net_ratelimit())
1543 printk(KERN_DEBUG "%s: failed to clone mesh frame\n", 1741 printk(KERN_DEBUG "%s: failed to clone mesh frame\n",
1544 rx->dev->name); 1742 sdata->dev->name);
1545 1743
1546 fwd_hdr = (struct ieee80211_hdr *) fwd_skb->data; 1744 fwd_hdr = (struct ieee80211_hdr *) fwd_skb->data;
1547 memcpy(fwd_hdr->addr2, rx->dev->dev_addr, ETH_ALEN); 1745 memcpy(fwd_hdr->addr2, sdata->dev->dev_addr, ETH_ALEN);
1548 info = IEEE80211_SKB_CB(fwd_skb); 1746 info = IEEE80211_SKB_CB(fwd_skb);
1549 memset(info, 0, sizeof(*info)); 1747 memset(info, 0, sizeof(*info));
1550 info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING; 1748 info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING;
@@ -1578,7 +1776,7 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
1578 } 1776 }
1579 1777
1580 if (is_multicast_ether_addr(hdr->addr1) || 1778 if (is_multicast_ether_addr(hdr->addr1) ||
1581 rx->dev->flags & IFF_PROMISC) 1779 sdata->dev->flags & IFF_PROMISC)
1582 return RX_CONTINUE; 1780 return RX_CONTINUE;
1583 else 1781 else
1584 return RX_DROP_MONITOR; 1782 return RX_DROP_MONITOR;
@@ -1588,7 +1786,8 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
1588static ieee80211_rx_result debug_noinline 1786static ieee80211_rx_result debug_noinline
1589ieee80211_rx_h_data(struct ieee80211_rx_data *rx) 1787ieee80211_rx_h_data(struct ieee80211_rx_data *rx)
1590{ 1788{
1591 struct net_device *dev = rx->dev; 1789 struct ieee80211_sub_if_data *sdata = rx->sdata;
1790 struct net_device *dev = sdata->dev;
1592 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; 1791 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
1593 __le16 fc = hdr->frame_control; 1792 __le16 fc = hdr->frame_control;
1594 int err; 1793 int err;
@@ -1599,6 +1798,14 @@ ieee80211_rx_h_data(struct ieee80211_rx_data *rx)
1599 if (unlikely(!ieee80211_is_data_present(hdr->frame_control))) 1798 if (unlikely(!ieee80211_is_data_present(hdr->frame_control)))
1600 return RX_DROP_MONITOR; 1799 return RX_DROP_MONITOR;
1601 1800
1801 /*
1802 * Allow the cooked monitor interface of an AP to see 4-addr frames so
1803 * that a 4-addr station can be detected and moved into a separate VLAN
1804 */
1805 if (ieee80211_has_a4(hdr->frame_control) &&
1806 sdata->vif.type == NL80211_IFTYPE_AP)
1807 return RX_DROP_MONITOR;
1808
1602 err = __ieee80211_data_to_8023(rx); 1809 err = __ieee80211_data_to_8023(rx);
1603 if (unlikely(err)) 1810 if (unlikely(err))
1604 return RX_DROP_UNUSABLE; 1811 return RX_DROP_UNUSABLE;
@@ -1617,7 +1824,7 @@ ieee80211_rx_h_data(struct ieee80211_rx_data *rx)
1617} 1824}
1618 1825
1619static ieee80211_rx_result debug_noinline 1826static ieee80211_rx_result debug_noinline
1620ieee80211_rx_h_ctrl(struct ieee80211_rx_data *rx) 1827ieee80211_rx_h_ctrl(struct ieee80211_rx_data *rx, struct sk_buff_head *frames)
1621{ 1828{
1622 struct ieee80211_local *local = rx->local; 1829 struct ieee80211_local *local = rx->local;
1623 struct ieee80211_hw *hw = &local->hw; 1830 struct ieee80211_hw *hw = &local->hw;
@@ -1632,11 +1839,11 @@ ieee80211_rx_h_ctrl(struct ieee80211_rx_data *rx)
1632 1839
1633 if (ieee80211_is_back_req(bar->frame_control)) { 1840 if (ieee80211_is_back_req(bar->frame_control)) {
1634 if (!rx->sta) 1841 if (!rx->sta)
1635 return RX_CONTINUE; 1842 return RX_DROP_MONITOR;
1636 tid = le16_to_cpu(bar->control) >> 12; 1843 tid = le16_to_cpu(bar->control) >> 12;
1637 if (rx->sta->ampdu_mlme.tid_state_rx[tid] 1844 if (rx->sta->ampdu_mlme.tid_state_rx[tid]
1638 != HT_AGG_STATE_OPERATIONAL) 1845 != HT_AGG_STATE_OPERATIONAL)
1639 return RX_CONTINUE; 1846 return RX_DROP_MONITOR;
1640 tid_agg_rx = rx->sta->ampdu_mlme.tid_rx[tid]; 1847 tid_agg_rx = rx->sta->ampdu_mlme.tid_rx[tid];
1641 1848
1642 start_seq_num = le16_to_cpu(bar->start_seq_num) >> 4; 1849 start_seq_num = le16_to_cpu(bar->start_seq_num) >> 4;
@@ -1646,13 +1853,11 @@ ieee80211_rx_h_ctrl(struct ieee80211_rx_data *rx)
1646 mod_timer(&tid_agg_rx->session_timer, 1853 mod_timer(&tid_agg_rx->session_timer,
1647 TU_TO_EXP_TIME(tid_agg_rx->timeout)); 1854 TU_TO_EXP_TIME(tid_agg_rx->timeout));
1648 1855
1649 /* manage reordering buffer according to requested */ 1856 /* release stored frames up to start of BAR */
1650 /* sequence number */ 1857 ieee80211_release_reorder_frames(hw, tid_agg_rx, start_seq_num,
1651 rcu_read_lock(); 1858 frames);
1652 ieee80211_sta_manage_reorder_buf(hw, tid_agg_rx, NULL, 1859 kfree_skb(skb);
1653 start_seq_num, 1); 1860 return RX_QUEUED;
1654 rcu_read_unlock();
1655 return RX_DROP_UNUSABLE;
1656 } 1861 }
1657 1862
1658 return RX_CONTINUE; 1863 return RX_CONTINUE;
@@ -1701,14 +1906,14 @@ static void ieee80211_process_sa_query_req(struct ieee80211_sub_if_data *sdata,
1701 mgmt->u.action.u.sa_query.trans_id, 1906 mgmt->u.action.u.sa_query.trans_id,
1702 WLAN_SA_QUERY_TR_ID_LEN); 1907 WLAN_SA_QUERY_TR_ID_LEN);
1703 1908
1704 ieee80211_tx_skb(sdata, skb, 1); 1909 ieee80211_tx_skb(sdata, skb);
1705} 1910}
1706 1911
1707static ieee80211_rx_result debug_noinline 1912static ieee80211_rx_result debug_noinline
1708ieee80211_rx_h_action(struct ieee80211_rx_data *rx) 1913ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
1709{ 1914{
1710 struct ieee80211_local *local = rx->local; 1915 struct ieee80211_local *local = rx->local;
1711 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev); 1916 struct ieee80211_sub_if_data *sdata = rx->sdata;
1712 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) rx->skb->data; 1917 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) rx->skb->data;
1713 int len = rx->skb->len; 1918 int len = rx->skb->len;
1714 1919
@@ -1820,7 +2025,7 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
1820static ieee80211_rx_result debug_noinline 2025static ieee80211_rx_result debug_noinline
1821ieee80211_rx_h_mgmt(struct ieee80211_rx_data *rx) 2026ieee80211_rx_h_mgmt(struct ieee80211_rx_data *rx)
1822{ 2027{
1823 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev); 2028 struct ieee80211_sub_if_data *sdata = rx->sdata;
1824 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) rx->skb->data; 2029 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) rx->skb->data;
1825 2030
1826 if (!(rx->flags & IEEE80211_RX_RA_MATCH)) 2031 if (!(rx->flags & IEEE80211_RX_RA_MATCH))
@@ -1858,11 +2063,11 @@ static void ieee80211_rx_michael_mic_report(struct ieee80211_hdr *hdr,
1858 * Some hardware seem to generate incorrect Michael MIC 2063 * Some hardware seem to generate incorrect Michael MIC
1859 * reports; ignore them to avoid triggering countermeasures. 2064 * reports; ignore them to avoid triggering countermeasures.
1860 */ 2065 */
1861 goto ignore; 2066 return;
1862 } 2067 }
1863 2068
1864 if (!ieee80211_has_protected(hdr->frame_control)) 2069 if (!ieee80211_has_protected(hdr->frame_control))
1865 goto ignore; 2070 return;
1866 2071
1867 if (rx->sdata->vif.type == NL80211_IFTYPE_AP && keyidx) { 2072 if (rx->sdata->vif.type == NL80211_IFTYPE_AP && keyidx) {
1868 /* 2073 /*
@@ -1871,37 +2076,35 @@ static void ieee80211_rx_michael_mic_report(struct ieee80211_hdr *hdr,
1871 * group keys and only the AP is sending real multicast 2076 * group keys and only the AP is sending real multicast
1872 * frames in the BSS. 2077 * frames in the BSS.
1873 */ 2078 */
1874 goto ignore; 2079 return;
1875 } 2080 }
1876 2081
1877 if (!ieee80211_is_data(hdr->frame_control) && 2082 if (!ieee80211_is_data(hdr->frame_control) &&
1878 !ieee80211_is_auth(hdr->frame_control)) 2083 !ieee80211_is_auth(hdr->frame_control))
1879 goto ignore; 2084 return;
1880 2085
1881 mac80211_ev_michael_mic_failure(rx->sdata, keyidx, hdr, NULL, 2086 mac80211_ev_michael_mic_failure(rx->sdata, keyidx, hdr, NULL,
1882 GFP_ATOMIC); 2087 GFP_ATOMIC);
1883 ignore:
1884 dev_kfree_skb(rx->skb);
1885 rx->skb = NULL;
1886} 2088}
1887 2089
1888/* TODO: use IEEE80211_RX_FRAGMENTED */ 2090/* TODO: use IEEE80211_RX_FRAGMENTED */
1889static void ieee80211_rx_cooked_monitor(struct ieee80211_rx_data *rx) 2091static void ieee80211_rx_cooked_monitor(struct ieee80211_rx_data *rx,
2092 struct ieee80211_rate *rate)
1890{ 2093{
1891 struct ieee80211_sub_if_data *sdata; 2094 struct ieee80211_sub_if_data *sdata;
1892 struct ieee80211_local *local = rx->local; 2095 struct ieee80211_local *local = rx->local;
1893 struct ieee80211_rtap_hdr { 2096 struct ieee80211_rtap_hdr {
1894 struct ieee80211_radiotap_header hdr; 2097 struct ieee80211_radiotap_header hdr;
1895 u8 flags; 2098 u8 flags;
1896 u8 rate; 2099 u8 rate_or_pad;
1897 __le16 chan_freq; 2100 __le16 chan_freq;
1898 __le16 chan_flags; 2101 __le16 chan_flags;
1899 } __attribute__ ((packed)) *rthdr; 2102 } __attribute__ ((packed)) *rthdr;
1900 struct sk_buff *skb = rx->skb, *skb2; 2103 struct sk_buff *skb = rx->skb, *skb2;
1901 struct net_device *prev_dev = NULL; 2104 struct net_device *prev_dev = NULL;
1902 struct ieee80211_rx_status *status = rx->status; 2105 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
1903 2106
1904 if (rx->flags & IEEE80211_RX_CMNTR_REPORTED) 2107 if (status->flag & RX_FLAG_INTERNAL_CMTR)
1905 goto out_free_skb; 2108 goto out_free_skb;
1906 2109
1907 if (skb_headroom(skb) < sizeof(*rthdr) && 2110 if (skb_headroom(skb) < sizeof(*rthdr) &&
@@ -1913,10 +2116,13 @@ static void ieee80211_rx_cooked_monitor(struct ieee80211_rx_data *rx)
1913 rthdr->hdr.it_len = cpu_to_le16(sizeof(*rthdr)); 2116 rthdr->hdr.it_len = cpu_to_le16(sizeof(*rthdr));
1914 rthdr->hdr.it_present = 2117 rthdr->hdr.it_present =
1915 cpu_to_le32((1 << IEEE80211_RADIOTAP_FLAGS) | 2118 cpu_to_le32((1 << IEEE80211_RADIOTAP_FLAGS) |
1916 (1 << IEEE80211_RADIOTAP_RATE) |
1917 (1 << IEEE80211_RADIOTAP_CHANNEL)); 2119 (1 << IEEE80211_RADIOTAP_CHANNEL));
1918 2120
1919 rthdr->rate = rx->rate->bitrate / 5; 2121 if (rate) {
2122 rthdr->rate_or_pad = rate->bitrate / 5;
2123 rthdr->hdr.it_present |=
2124 cpu_to_le32(1 << IEEE80211_RADIOTAP_RATE);
2125 }
1920 rthdr->chan_freq = cpu_to_le16(status->freq); 2126 rthdr->chan_freq = cpu_to_le16(status->freq);
1921 2127
1922 if (status->band == IEEE80211_BAND_5GHZ) 2128 if (status->band == IEEE80211_BAND_5GHZ)
@@ -1959,7 +2165,7 @@ static void ieee80211_rx_cooked_monitor(struct ieee80211_rx_data *rx)
1959 } else 2165 } else
1960 goto out_free_skb; 2166 goto out_free_skb;
1961 2167
1962 rx->flags |= IEEE80211_RX_CMNTR_REPORTED; 2168 status->flag |= RX_FLAG_INTERNAL_CMTR;
1963 return; 2169 return;
1964 2170
1965 out_free_skb: 2171 out_free_skb:
@@ -1969,62 +2175,87 @@ static void ieee80211_rx_cooked_monitor(struct ieee80211_rx_data *rx)
1969 2175
1970static void ieee80211_invoke_rx_handlers(struct ieee80211_sub_if_data *sdata, 2176static void ieee80211_invoke_rx_handlers(struct ieee80211_sub_if_data *sdata,
1971 struct ieee80211_rx_data *rx, 2177 struct ieee80211_rx_data *rx,
1972 struct sk_buff *skb) 2178 struct sk_buff *skb,
2179 struct ieee80211_rate *rate)
1973{ 2180{
2181 struct sk_buff_head reorder_release;
1974 ieee80211_rx_result res = RX_DROP_MONITOR; 2182 ieee80211_rx_result res = RX_DROP_MONITOR;
1975 2183
2184 __skb_queue_head_init(&reorder_release);
2185
1976 rx->skb = skb; 2186 rx->skb = skb;
1977 rx->sdata = sdata; 2187 rx->sdata = sdata;
1978 rx->dev = sdata->dev;
1979 2188
1980#define CALL_RXH(rxh) \ 2189#define CALL_RXH(rxh) \
1981 do { \ 2190 do { \
1982 res = rxh(rx); \ 2191 res = rxh(rx); \
1983 if (res != RX_CONTINUE) \ 2192 if (res != RX_CONTINUE) \
1984 goto rxh_done; \ 2193 goto rxh_next; \
1985 } while (0); 2194 } while (0);
1986 2195
2196 /*
2197 * NB: the rxh_next label works even if we jump
2198 * to it from here because then the list will
2199 * be empty, which is a trivial check
2200 */
1987 CALL_RXH(ieee80211_rx_h_passive_scan) 2201 CALL_RXH(ieee80211_rx_h_passive_scan)
1988 CALL_RXH(ieee80211_rx_h_check) 2202 CALL_RXH(ieee80211_rx_h_check)
1989 CALL_RXH(ieee80211_rx_h_decrypt) 2203
1990 CALL_RXH(ieee80211_rx_h_check_more_data) 2204 ieee80211_rx_reorder_ampdu(rx, &reorder_release);
1991 CALL_RXH(ieee80211_rx_h_sta_process) 2205
1992 CALL_RXH(ieee80211_rx_h_defragment) 2206 while ((skb = __skb_dequeue(&reorder_release))) {
1993 CALL_RXH(ieee80211_rx_h_ps_poll) 2207 /*
1994 CALL_RXH(ieee80211_rx_h_michael_mic_verify) 2208 * all the other fields are valid across frames
1995 /* must be after MMIC verify so header is counted in MPDU mic */ 2209 * that belong to an aMPDU since they are on the
1996 CALL_RXH(ieee80211_rx_h_remove_qos_control) 2210 * same TID from the same station
1997 CALL_RXH(ieee80211_rx_h_amsdu) 2211 */
2212 rx->skb = skb;
2213
2214 CALL_RXH(ieee80211_rx_h_decrypt)
2215 CALL_RXH(ieee80211_rx_h_check_more_data)
2216 CALL_RXH(ieee80211_rx_h_sta_process)
2217 CALL_RXH(ieee80211_rx_h_defragment)
2218 CALL_RXH(ieee80211_rx_h_ps_poll)
2219 CALL_RXH(ieee80211_rx_h_michael_mic_verify)
2220 /* must be after MMIC verify so header is counted in MPDU mic */
2221 CALL_RXH(ieee80211_rx_h_remove_qos_control)
2222 CALL_RXH(ieee80211_rx_h_amsdu)
1998#ifdef CONFIG_MAC80211_MESH 2223#ifdef CONFIG_MAC80211_MESH
1999 if (ieee80211_vif_is_mesh(&sdata->vif)) 2224 if (ieee80211_vif_is_mesh(&sdata->vif))
2000 CALL_RXH(ieee80211_rx_h_mesh_fwding); 2225 CALL_RXH(ieee80211_rx_h_mesh_fwding);
2001#endif 2226#endif
2002 CALL_RXH(ieee80211_rx_h_data) 2227 CALL_RXH(ieee80211_rx_h_data)
2003 CALL_RXH(ieee80211_rx_h_ctrl) 2228
2004 CALL_RXH(ieee80211_rx_h_action) 2229 /* special treatment -- needs the queue */
2005 CALL_RXH(ieee80211_rx_h_mgmt) 2230 res = ieee80211_rx_h_ctrl(rx, &reorder_release);
2231 if (res != RX_CONTINUE)
2232 goto rxh_next;
2233
2234 CALL_RXH(ieee80211_rx_h_action)
2235 CALL_RXH(ieee80211_rx_h_mgmt)
2006 2236
2007#undef CALL_RXH 2237#undef CALL_RXH
2008 2238
2009 rxh_done: 2239 rxh_next:
2010 switch (res) { 2240 switch (res) {
2011 case RX_DROP_MONITOR: 2241 case RX_DROP_MONITOR:
2012 I802_DEBUG_INC(sdata->local->rx_handlers_drop); 2242 I802_DEBUG_INC(sdata->local->rx_handlers_drop);
2013 if (rx->sta) 2243 if (rx->sta)
2014 rx->sta->rx_dropped++; 2244 rx->sta->rx_dropped++;
2015 /* fall through */ 2245 /* fall through */
2016 case RX_CONTINUE: 2246 case RX_CONTINUE:
2017 ieee80211_rx_cooked_monitor(rx); 2247 ieee80211_rx_cooked_monitor(rx, rate);
2018 break; 2248 break;
2019 case RX_DROP_UNUSABLE: 2249 case RX_DROP_UNUSABLE:
2020 I802_DEBUG_INC(sdata->local->rx_handlers_drop); 2250 I802_DEBUG_INC(sdata->local->rx_handlers_drop);
2021 if (rx->sta) 2251 if (rx->sta)
2022 rx->sta->rx_dropped++; 2252 rx->sta->rx_dropped++;
2023 dev_kfree_skb(rx->skb); 2253 dev_kfree_skb(rx->skb);
2024 break; 2254 break;
2025 case RX_QUEUED: 2255 case RX_QUEUED:
2026 I802_DEBUG_INC(sdata->local->rx_handlers_queued); 2256 I802_DEBUG_INC(sdata->local->rx_handlers_queued);
2027 break; 2257 break;
2258 }
2028 } 2259 }
2029} 2260}
2030 2261
@@ -2034,12 +2265,14 @@ static int prepare_for_handlers(struct ieee80211_sub_if_data *sdata,
2034 struct ieee80211_rx_data *rx, 2265 struct ieee80211_rx_data *rx,
2035 struct ieee80211_hdr *hdr) 2266 struct ieee80211_hdr *hdr)
2036{ 2267{
2037 u8 *bssid = ieee80211_get_bssid(hdr, rx->skb->len, sdata->vif.type); 2268 struct sk_buff *skb = rx->skb;
2269 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
2270 u8 *bssid = ieee80211_get_bssid(hdr, skb->len, sdata->vif.type);
2038 int multicast = is_multicast_ether_addr(hdr->addr1); 2271 int multicast = is_multicast_ether_addr(hdr->addr1);
2039 2272
2040 switch (sdata->vif.type) { 2273 switch (sdata->vif.type) {
2041 case NL80211_IFTYPE_STATION: 2274 case NL80211_IFTYPE_STATION:
2042 if (!bssid) 2275 if (!bssid && !sdata->u.mgd.use_4addr)
2043 return 0; 2276 return 0;
2044 if (!multicast && 2277 if (!multicast &&
2045 compare_ether_addr(sdata->dev->dev_addr, hdr->addr1) != 0) { 2278 compare_ether_addr(sdata->dev->dev_addr, hdr->addr1) != 0) {
@@ -2066,10 +2299,10 @@ static int prepare_for_handlers(struct ieee80211_sub_if_data *sdata,
2066 rx->flags &= ~IEEE80211_RX_RA_MATCH; 2299 rx->flags &= ~IEEE80211_RX_RA_MATCH;
2067 } else if (!rx->sta) { 2300 } else if (!rx->sta) {
2068 int rate_idx; 2301 int rate_idx;
2069 if (rx->status->flag & RX_FLAG_HT) 2302 if (status->flag & RX_FLAG_HT)
2070 rate_idx = 0; /* TODO: HT rates */ 2303 rate_idx = 0; /* TODO: HT rates */
2071 else 2304 else
2072 rate_idx = rx->status->rate_idx; 2305 rate_idx = status->rate_idx;
2073 rx->sta = ieee80211_ibss_add_sta(sdata, bssid, hdr->addr2, 2306 rx->sta = ieee80211_ibss_add_sta(sdata, bssid, hdr->addr2,
2074 BIT(rate_idx)); 2307 BIT(rate_idx));
2075 } 2308 }
@@ -2104,8 +2337,6 @@ static int prepare_for_handlers(struct ieee80211_sub_if_data *sdata,
2104 return 0; 2337 return 0;
2105 break; 2338 break;
2106 case NL80211_IFTYPE_MONITOR: 2339 case NL80211_IFTYPE_MONITOR:
2107 /* take everything */
2108 break;
2109 case NL80211_IFTYPE_UNSPECIFIED: 2340 case NL80211_IFTYPE_UNSPECIFIED:
2110 case __NL80211_IFTYPE_AFTER_LAST: 2341 case __NL80211_IFTYPE_AFTER_LAST:
2111 /* should never get here */ 2342 /* should never get here */
@@ -2138,23 +2369,9 @@ static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
2138 rx.skb = skb; 2369 rx.skb = skb;
2139 rx.local = local; 2370 rx.local = local;
2140 2371
2141 rx.status = status;
2142 rx.rate = rate;
2143
2144 if (ieee80211_is_data(hdr->frame_control) || ieee80211_is_mgmt(hdr->frame_control)) 2372 if (ieee80211_is_data(hdr->frame_control) || ieee80211_is_mgmt(hdr->frame_control))
2145 local->dot11ReceivedFragmentCount++; 2373 local->dot11ReceivedFragmentCount++;
2146 2374
2147 rx.sta = sta_info_get(local, hdr->addr2);
2148 if (rx.sta) {
2149 rx.sdata = rx.sta->sdata;
2150 rx.dev = rx.sta->sdata->dev;
2151 }
2152
2153 if ((status->flag & RX_FLAG_MMIC_ERROR)) {
2154 ieee80211_rx_michael_mic_report(hdr, &rx);
2155 return;
2156 }
2157
2158 if (unlikely(test_bit(SCAN_HW_SCANNING, &local->scanning) || 2375 if (unlikely(test_bit(SCAN_HW_SCANNING, &local->scanning) ||
2159 test_bit(SCAN_OFF_CHANNEL, &local->scanning))) 2376 test_bit(SCAN_OFF_CHANNEL, &local->scanning)))
2160 rx.flags |= IEEE80211_RX_IN_SCAN; 2377 rx.flags |= IEEE80211_RX_IN_SCAN;
@@ -2162,13 +2379,20 @@ static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
2162 ieee80211_parse_qos(&rx); 2379 ieee80211_parse_qos(&rx);
2163 ieee80211_verify_alignment(&rx); 2380 ieee80211_verify_alignment(&rx);
2164 2381
2165 skb = rx.skb; 2382 rx.sta = sta_info_get(local, hdr->addr2);
2383 if (rx.sta)
2384 rx.sdata = rx.sta->sdata;
2166 2385
2167 if (rx.sdata && ieee80211_is_data(hdr->frame_control)) { 2386 if (rx.sdata && ieee80211_is_data(hdr->frame_control)) {
2168 rx.flags |= IEEE80211_RX_RA_MATCH; 2387 rx.flags |= IEEE80211_RX_RA_MATCH;
2169 prepares = prepare_for_handlers(rx.sdata, &rx, hdr); 2388 prepares = prepare_for_handlers(rx.sdata, &rx, hdr);
2170 if (prepares) 2389 if (prepares) {
2171 prev = rx.sdata; 2390 if (status->flag & RX_FLAG_MMIC_ERROR) {
2391 if (rx.flags & IEEE80211_RX_RA_MATCH)
2392 ieee80211_rx_michael_mic_report(hdr, &rx);
2393 } else
2394 prev = rx.sdata;
2395 }
2172 } else list_for_each_entry_rcu(sdata, &local->interfaces, list) { 2396 } else list_for_each_entry_rcu(sdata, &local->interfaces, list) {
2173 if (!netif_running(sdata->dev)) 2397 if (!netif_running(sdata->dev))
2174 continue; 2398 continue;
@@ -2183,6 +2407,13 @@ static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
2183 if (!prepares) 2407 if (!prepares)
2184 continue; 2408 continue;
2185 2409
2410 if (status->flag & RX_FLAG_MMIC_ERROR) {
2411 rx.sdata = sdata;
2412 if (rx.flags & IEEE80211_RX_RA_MATCH)
2413 ieee80211_rx_michael_mic_report(hdr, &rx);
2414 continue;
2415 }
2416
2186 /* 2417 /*
2187 * frame is destined for this interface, but if it's not 2418 * frame is destined for this interface, but if it's not
2188 * also for the previous one we handle that after the 2419 * also for the previous one we handle that after the
@@ -2208,240 +2439,15 @@ static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
2208 prev->dev->name); 2439 prev->dev->name);
2209 continue; 2440 continue;
2210 } 2441 }
2211 ieee80211_invoke_rx_handlers(prev, &rx, skb_new); 2442 ieee80211_invoke_rx_handlers(prev, &rx, skb_new, rate);
2212 prev = sdata; 2443 prev = sdata;
2213 } 2444 }
2214 if (prev) 2445 if (prev)
2215 ieee80211_invoke_rx_handlers(prev, &rx, skb); 2446 ieee80211_invoke_rx_handlers(prev, &rx, skb, rate);
2216 else 2447 else
2217 dev_kfree_skb(skb); 2448 dev_kfree_skb(skb);
2218} 2449}
2219 2450
2220#define SEQ_MODULO 0x1000
2221#define SEQ_MASK 0xfff
2222
2223static inline int seq_less(u16 sq1, u16 sq2)
2224{
2225 return ((sq1 - sq2) & SEQ_MASK) > (SEQ_MODULO >> 1);
2226}
2227
2228static inline u16 seq_inc(u16 sq)
2229{
2230 return (sq + 1) & SEQ_MASK;
2231}
2232
2233static inline u16 seq_sub(u16 sq1, u16 sq2)
2234{
2235 return (sq1 - sq2) & SEQ_MASK;
2236}
2237
2238
2239static void ieee80211_release_reorder_frame(struct ieee80211_hw *hw,
2240 struct tid_ampdu_rx *tid_agg_rx,
2241 int index)
2242{
2243 struct ieee80211_supported_band *sband;
2244 struct ieee80211_rate *rate;
2245 struct sk_buff *skb = tid_agg_rx->reorder_buf[index];
2246 struct ieee80211_rx_status *status;
2247
2248 if (!skb)
2249 goto no_frame;
2250
2251 status = IEEE80211_SKB_RXCB(skb);
2252
2253 /* release the reordered frames to stack */
2254 sband = hw->wiphy->bands[status->band];
2255 if (status->flag & RX_FLAG_HT)
2256 rate = sband->bitrates; /* TODO: HT rates */
2257 else
2258 rate = &sband->bitrates[status->rate_idx];
2259 __ieee80211_rx_handle_packet(hw, skb, rate);
2260 tid_agg_rx->stored_mpdu_num--;
2261 tid_agg_rx->reorder_buf[index] = NULL;
2262
2263no_frame:
2264 tid_agg_rx->head_seq_num = seq_inc(tid_agg_rx->head_seq_num);
2265}
2266
2267
2268/*
2269 * Timeout (in jiffies) for skb's that are waiting in the RX reorder buffer. If
2270 * the skb was added to the buffer longer than this time ago, the earlier
2271 * frames that have not yet been received are assumed to be lost and the skb
2272 * can be released for processing. This may also release other skb's from the
2273 * reorder buffer if there are no additional gaps between the frames.
2274 */
2275#define HT_RX_REORDER_BUF_TIMEOUT (HZ / 10)
2276
2277/*
2278 * As it function blongs to Rx path it must be called with
2279 * the proper rcu_read_lock protection for its flow.
2280 */
2281static u8 ieee80211_sta_manage_reorder_buf(struct ieee80211_hw *hw,
2282 struct tid_ampdu_rx *tid_agg_rx,
2283 struct sk_buff *skb,
2284 u16 mpdu_seq_num,
2285 int bar_req)
2286{
2287 u16 head_seq_num, buf_size;
2288 int index;
2289
2290 buf_size = tid_agg_rx->buf_size;
2291 head_seq_num = tid_agg_rx->head_seq_num;
2292
2293 /* frame with out of date sequence number */
2294 if (seq_less(mpdu_seq_num, head_seq_num)) {
2295 dev_kfree_skb(skb);
2296 return 1;
2297 }
2298
2299 /* if frame sequence number exceeds our buffering window size or
2300 * block Ack Request arrived - release stored frames */
2301 if ((!seq_less(mpdu_seq_num, head_seq_num + buf_size)) || (bar_req)) {
2302 /* new head to the ordering buffer */
2303 if (bar_req)
2304 head_seq_num = mpdu_seq_num;
2305 else
2306 head_seq_num =
2307 seq_inc(seq_sub(mpdu_seq_num, buf_size));
2308 /* release stored frames up to new head to stack */
2309 while (seq_less(tid_agg_rx->head_seq_num, head_seq_num)) {
2310 index = seq_sub(tid_agg_rx->head_seq_num,
2311 tid_agg_rx->ssn)
2312 % tid_agg_rx->buf_size;
2313 ieee80211_release_reorder_frame(hw, tid_agg_rx,
2314 index);
2315 }
2316 if (bar_req)
2317 return 1;
2318 }
2319
2320 /* now the new frame is always in the range of the reordering */
2321 /* buffer window */
2322 index = seq_sub(mpdu_seq_num, tid_agg_rx->ssn)
2323 % tid_agg_rx->buf_size;
2324 /* check if we already stored this frame */
2325 if (tid_agg_rx->reorder_buf[index]) {
2326 dev_kfree_skb(skb);
2327 return 1;
2328 }
2329
2330 /* if arrived mpdu is in the right order and nothing else stored */
2331 /* release it immediately */
2332 if (mpdu_seq_num == tid_agg_rx->head_seq_num &&
2333 tid_agg_rx->stored_mpdu_num == 0) {
2334 tid_agg_rx->head_seq_num =
2335 seq_inc(tid_agg_rx->head_seq_num);
2336 return 0;
2337 }
2338
2339 /* put the frame in the reordering buffer */
2340 tid_agg_rx->reorder_buf[index] = skb;
2341 tid_agg_rx->reorder_time[index] = jiffies;
2342 tid_agg_rx->stored_mpdu_num++;
2343 /* release the buffer until next missing frame */
2344 index = seq_sub(tid_agg_rx->head_seq_num, tid_agg_rx->ssn)
2345 % tid_agg_rx->buf_size;
2346 if (!tid_agg_rx->reorder_buf[index] &&
2347 tid_agg_rx->stored_mpdu_num > 1) {
2348 /*
2349 * No buffers ready to be released, but check whether any
2350 * frames in the reorder buffer have timed out.
2351 */
2352 int j;
2353 int skipped = 1;
2354 for (j = (index + 1) % tid_agg_rx->buf_size; j != index;
2355 j = (j + 1) % tid_agg_rx->buf_size) {
2356 if (tid_agg_rx->reorder_buf[j] == NULL) {
2357 skipped++;
2358 continue;
2359 }
2360 if (!time_after(jiffies, tid_agg_rx->reorder_time[j] +
2361 HZ / 10))
2362 break;
2363
2364#ifdef CONFIG_MAC80211_HT_DEBUG
2365 if (net_ratelimit())
2366 printk(KERN_DEBUG "%s: release an RX reorder "
2367 "frame due to timeout on earlier "
2368 "frames\n",
2369 wiphy_name(hw->wiphy));
2370#endif
2371 ieee80211_release_reorder_frame(hw, tid_agg_rx, j);
2372
2373 /*
2374 * Increment the head seq# also for the skipped slots.
2375 */
2376 tid_agg_rx->head_seq_num =
2377 (tid_agg_rx->head_seq_num + skipped) &
2378 SEQ_MASK;
2379 skipped = 0;
2380 }
2381 } else while (tid_agg_rx->reorder_buf[index]) {
2382 ieee80211_release_reorder_frame(hw, tid_agg_rx, index);
2383 index = seq_sub(tid_agg_rx->head_seq_num,
2384 tid_agg_rx->ssn) % tid_agg_rx->buf_size;
2385 }
2386 return 1;
2387}
2388
2389static u8 ieee80211_rx_reorder_ampdu(struct ieee80211_local *local,
2390 struct sk_buff *skb)
2391{
2392 struct ieee80211_hw *hw = &local->hw;
2393 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
2394 struct sta_info *sta;
2395 struct tid_ampdu_rx *tid_agg_rx;
2396 u16 sc;
2397 u16 mpdu_seq_num;
2398 u8 ret = 0;
2399 int tid;
2400
2401 sta = sta_info_get(local, hdr->addr2);
2402 if (!sta)
2403 return ret;
2404
2405 /* filter the QoS data rx stream according to
2406 * STA/TID and check if this STA/TID is on aggregation */
2407 if (!ieee80211_is_data_qos(hdr->frame_control))
2408 goto end_reorder;
2409
2410 tid = *ieee80211_get_qos_ctl(hdr) & IEEE80211_QOS_CTL_TID_MASK;
2411
2412 if (sta->ampdu_mlme.tid_state_rx[tid] != HT_AGG_STATE_OPERATIONAL)
2413 goto end_reorder;
2414
2415 tid_agg_rx = sta->ampdu_mlme.tid_rx[tid];
2416
2417 /* qos null data frames are excluded */
2418 if (unlikely(hdr->frame_control & cpu_to_le16(IEEE80211_STYPE_NULLFUNC)))
2419 goto end_reorder;
2420
2421 /* new un-ordered ampdu frame - process it */
2422
2423 /* reset session timer */
2424 if (tid_agg_rx->timeout)
2425 mod_timer(&tid_agg_rx->session_timer,
2426 TU_TO_EXP_TIME(tid_agg_rx->timeout));
2427
2428 /* if this mpdu is fragmented - terminate rx aggregation session */
2429 sc = le16_to_cpu(hdr->seq_ctrl);
2430 if (sc & IEEE80211_SCTL_FRAG) {
2431 ieee80211_sta_stop_rx_ba_session(sta->sdata, sta->sta.addr,
2432 tid, 0, WLAN_REASON_QSTA_REQUIRE_SETUP);
2433 ret = 1;
2434 goto end_reorder;
2435 }
2436
2437 /* according to mpdu sequence number deal with reordering buffer */
2438 mpdu_seq_num = (sc & IEEE80211_SCTL_SEQ) >> 4;
2439 ret = ieee80211_sta_manage_reorder_buf(hw, tid_agg_rx, skb,
2440 mpdu_seq_num, 0);
2441 end_reorder:
2442 return ret;
2443}
2444
2445/* 2451/*
2446 * This is the receive path handler. It is called by a low level driver when an 2452 * This is the receive path handler. It is called by a low level driver when an
2447 * 802.11 MPDU is received from the hardware. 2453 * 802.11 MPDU is received from the hardware.
@@ -2481,14 +2487,22 @@ void ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb)
2481 goto drop; 2487 goto drop;
2482 2488
2483 if (status->flag & RX_FLAG_HT) { 2489 if (status->flag & RX_FLAG_HT) {
2484 /* rate_idx is MCS index */ 2490 /*
2485 if (WARN_ON(status->rate_idx < 0 || 2491 * rate_idx is MCS index, which can be [0-76] as documented on:
2486 status->rate_idx >= 76)) 2492 *
2493 * http://wireless.kernel.org/en/developers/Documentation/ieee80211/802.11n
2494 *
2495 * Anything else would be some sort of driver or hardware error.
2496 * The driver should catch hardware errors.
2497 */
2498 if (WARN((status->rate_idx < 0 ||
2499 status->rate_idx > 76),
2500 "Rate marked as an HT rate but passed "
2501 "status->rate_idx is not "
2502 "an MCS index [0-76]: %d (0x%02x)\n",
2503 status->rate_idx,
2504 status->rate_idx))
2487 goto drop; 2505 goto drop;
2488 /* HT rates are not in the table - use the highest legacy rate
2489 * for now since other parts of mac80211 may not yet be fully
2490 * MCS aware. */
2491 rate = &sband->bitrates[sband->n_bitrates - 1];
2492 } else { 2506 } else {
2493 if (WARN_ON(status->rate_idx < 0 || 2507 if (WARN_ON(status->rate_idx < 0 ||
2494 status->rate_idx >= sband->n_bitrates)) 2508 status->rate_idx >= sband->n_bitrates))
@@ -2515,20 +2529,7 @@ void ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb)
2515 return; 2529 return;
2516 } 2530 }
2517 2531
2518 /* 2532 __ieee80211_rx_handle_packet(hw, skb, rate);
2519 * In theory, the block ack reordering should happen after duplicate
2520 * removal (ieee80211_rx_h_check(), which is an RX handler). As such,
2521 * the call to ieee80211_rx_reorder_ampdu() should really be moved to
2522 * happen as a new RX handler between ieee80211_rx_h_check and
2523 * ieee80211_rx_h_decrypt. This cleanup may eventually happen, but for
2524 * the time being, the call can be here since RX reorder buf processing
2525 * will implicitly skip duplicates. We could, in theory at least,
2526 * process frames that ieee80211_rx_h_passive_scan would drop (e.g.,
2527 * frames from other than operational channel), but that should not
2528 * happen in normal networks.
2529 */
2530 if (!ieee80211_rx_reorder_ampdu(local, skb))
2531 __ieee80211_rx_handle_packet(hw, skb, rate);
2532 2533
2533 rcu_read_unlock(); 2534 rcu_read_unlock();
2534 2535
diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c
index 71e10cabf811..4cf387c944bf 100644
--- a/net/mac80211/scan.c
+++ b/net/mac80211/scan.c
@@ -12,8 +12,6 @@
12 * published by the Free Software Foundation. 12 * published by the Free Software Foundation.
13 */ 13 */
14 14
15/* TODO: figure out how to avoid that the "current BSS" expires */
16
17#include <linux/wireless.h> 15#include <linux/wireless.h>
18#include <linux/if_arp.h> 16#include <linux/if_arp.h>
19#include <linux/rtnetlink.h> 17#include <linux/rtnetlink.h>
@@ -189,6 +187,39 @@ ieee80211_scan_rx(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb)
189 return RX_QUEUED; 187 return RX_QUEUED;
190} 188}
191 189
190/* return false if no more work */
191static bool ieee80211_prep_hw_scan(struct ieee80211_local *local)
192{
193 struct cfg80211_scan_request *req = local->scan_req;
194 enum ieee80211_band band;
195 int i, ielen, n_chans;
196
197 do {
198 if (local->hw_scan_band == IEEE80211_NUM_BANDS)
199 return false;
200
201 band = local->hw_scan_band;
202 n_chans = 0;
203 for (i = 0; i < req->n_channels; i++) {
204 if (req->channels[i]->band == band) {
205 local->hw_scan_req->channels[n_chans] =
206 req->channels[i];
207 n_chans++;
208 }
209 }
210
211 local->hw_scan_band++;
212 } while (!n_chans);
213
214 local->hw_scan_req->n_channels = n_chans;
215
216 ielen = ieee80211_build_preq_ies(local, (u8 *)local->hw_scan_req->ie,
217 req->ie, req->ie_len, band);
218 local->hw_scan_req->ie_len = ielen;
219
220 return true;
221}
222
192/* 223/*
193 * inform AP that we will go to sleep so that it will buffer the frames 224 * inform AP that we will go to sleep so that it will buffer the frames
194 * while we scan 225 * while we scan
@@ -249,13 +280,6 @@ static void ieee80211_scan_ps_disable(struct ieee80211_sub_if_data *sdata)
249 } 280 }
250} 281}
251 282
252static void ieee80211_restore_scan_ies(struct ieee80211_local *local)
253{
254 kfree(local->scan_req->ie);
255 local->scan_req->ie = local->orig_ies;
256 local->scan_req->ie_len = local->orig_ies_len;
257}
258
259void ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted) 283void ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted)
260{ 284{
261 struct ieee80211_local *local = hw_to_local(hw); 285 struct ieee80211_local *local = hw_to_local(hw);
@@ -264,25 +288,36 @@ void ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted)
264 288
265 mutex_lock(&local->scan_mtx); 289 mutex_lock(&local->scan_mtx);
266 290
267 if (WARN_ON(!local->scanning)) { 291 /*
292 * It's ok to abort a not-yet-running scan (that
293 * we have one at all will be verified by checking
294 * local->scan_req next), but not to complete it
295 * successfully.
296 */
297 if (WARN_ON(!local->scanning && !aborted))
298 aborted = true;
299
300 if (WARN_ON(!local->scan_req)) {
268 mutex_unlock(&local->scan_mtx); 301 mutex_unlock(&local->scan_mtx);
269 return; 302 return;
270 } 303 }
271 304
272 if (WARN_ON(!local->scan_req)) { 305 was_hw_scan = test_bit(SCAN_HW_SCANNING, &local->scanning);
306 if (was_hw_scan && !aborted && ieee80211_prep_hw_scan(local)) {
307 ieee80211_queue_delayed_work(&local->hw,
308 &local->scan_work, 0);
273 mutex_unlock(&local->scan_mtx); 309 mutex_unlock(&local->scan_mtx);
274 return; 310 return;
275 } 311 }
276 312
277 if (test_bit(SCAN_HW_SCANNING, &local->scanning)) 313 kfree(local->hw_scan_req);
278 ieee80211_restore_scan_ies(local); 314 local->hw_scan_req = NULL;
279 315
280 if (local->scan_req != local->int_scan_req) 316 if (local->scan_req != local->int_scan_req)
281 cfg80211_scan_done(local->scan_req, aborted); 317 cfg80211_scan_done(local->scan_req, aborted);
282 local->scan_req = NULL; 318 local->scan_req = NULL;
283 local->scan_sdata = NULL; 319 local->scan_sdata = NULL;
284 320
285 was_hw_scan = test_bit(SCAN_HW_SCANNING, &local->scanning);
286 local->scanning = 0; 321 local->scanning = 0;
287 local->scan_channel = NULL; 322 local->scan_channel = NULL;
288 323
@@ -306,10 +341,10 @@ void ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted)
306 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 341 if (sdata->vif.type == NL80211_IFTYPE_STATION) {
307 if (sdata->u.mgd.associated) { 342 if (sdata->u.mgd.associated) {
308 ieee80211_scan_ps_disable(sdata); 343 ieee80211_scan_ps_disable(sdata);
309 netif_tx_wake_all_queues(sdata->dev); 344 netif_wake_queue(sdata->dev);
310 } 345 }
311 } else 346 } else
312 netif_tx_wake_all_queues(sdata->dev); 347 netif_wake_queue(sdata->dev);
313 348
314 /* re-enable beaconing */ 349 /* re-enable beaconing */
315 if (sdata->vif.type == NL80211_IFTYPE_AP || 350 if (sdata->vif.type == NL80211_IFTYPE_AP ||
@@ -364,7 +399,7 @@ static int ieee80211_start_sw_scan(struct ieee80211_local *local)
364 * are handled in the scan state machine 399 * are handled in the scan state machine
365 */ 400 */
366 if (sdata->vif.type != NL80211_IFTYPE_STATION) 401 if (sdata->vif.type != NL80211_IFTYPE_STATION)
367 netif_tx_stop_all_queues(sdata->dev); 402 netif_stop_queue(sdata->dev);
368 } 403 }
369 mutex_unlock(&local->iflist_mtx); 404 mutex_unlock(&local->iflist_mtx);
370 405
@@ -394,19 +429,23 @@ static int __ieee80211_start_scan(struct ieee80211_sub_if_data *sdata,
394 429
395 if (local->ops->hw_scan) { 430 if (local->ops->hw_scan) {
396 u8 *ies; 431 u8 *ies;
397 int ielen;
398 432
399 ies = kmalloc(2 + IEEE80211_MAX_SSID_LEN + 433 local->hw_scan_req = kmalloc(
400 local->scan_ies_len + req->ie_len, GFP_KERNEL); 434 sizeof(*local->hw_scan_req) +
401 if (!ies) 435 req->n_channels * sizeof(req->channels[0]) +
436 2 + IEEE80211_MAX_SSID_LEN + local->scan_ies_len +
437 req->ie_len, GFP_KERNEL);
438 if (!local->hw_scan_req)
402 return -ENOMEM; 439 return -ENOMEM;
403 440
404 ielen = ieee80211_build_preq_ies(local, ies, 441 local->hw_scan_req->ssids = req->ssids;
405 req->ie, req->ie_len); 442 local->hw_scan_req->n_ssids = req->n_ssids;
406 local->orig_ies = req->ie; 443 ies = (u8 *)local->hw_scan_req +
407 local->orig_ies_len = req->ie_len; 444 sizeof(*local->hw_scan_req) +
408 req->ie = ies; 445 req->n_channels * sizeof(req->channels[0]);
409 req->ie_len = ielen; 446 local->hw_scan_req->ie = ies;
447
448 local->hw_scan_band = 0;
410 } 449 }
411 450
412 local->scan_req = req; 451 local->scan_req = req;
@@ -438,16 +477,17 @@ static int __ieee80211_start_scan(struct ieee80211_sub_if_data *sdata,
438 ieee80211_recalc_idle(local); 477 ieee80211_recalc_idle(local);
439 mutex_unlock(&local->scan_mtx); 478 mutex_unlock(&local->scan_mtx);
440 479
441 if (local->ops->hw_scan) 480 if (local->ops->hw_scan) {
442 rc = drv_hw_scan(local, local->scan_req); 481 WARN_ON(!ieee80211_prep_hw_scan(local));
443 else 482 rc = drv_hw_scan(local, local->hw_scan_req);
483 } else
444 rc = ieee80211_start_sw_scan(local); 484 rc = ieee80211_start_sw_scan(local);
445 485
446 mutex_lock(&local->scan_mtx); 486 mutex_lock(&local->scan_mtx);
447 487
448 if (rc) { 488 if (rc) {
449 if (local->ops->hw_scan) 489 kfree(local->hw_scan_req);
450 ieee80211_restore_scan_ies(local); 490 local->hw_scan_req = NULL;
451 local->scanning = 0; 491 local->scanning = 0;
452 492
453 ieee80211_recalc_idle(local); 493 ieee80211_recalc_idle(local);
@@ -523,7 +563,7 @@ static void ieee80211_scan_state_leave_oper_channel(struct ieee80211_local *loca
523 continue; 563 continue;
524 564
525 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 565 if (sdata->vif.type == NL80211_IFTYPE_STATION) {
526 netif_tx_stop_all_queues(sdata->dev); 566 netif_stop_queue(sdata->dev);
527 if (sdata->u.mgd.associated) 567 if (sdata->u.mgd.associated)
528 ieee80211_scan_ps_enable(sdata); 568 ieee80211_scan_ps_enable(sdata);
529 } 569 }
@@ -558,7 +598,7 @@ static void ieee80211_scan_state_enter_oper_channel(struct ieee80211_local *loca
558 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 598 if (sdata->vif.type == NL80211_IFTYPE_STATION) {
559 if (sdata->u.mgd.associated) 599 if (sdata->u.mgd.associated)
560 ieee80211_scan_ps_disable(sdata); 600 ieee80211_scan_ps_disable(sdata);
561 netif_tx_wake_all_queues(sdata->dev); 601 netif_wake_queue(sdata->dev);
562 } 602 }
563 } 603 }
564 mutex_unlock(&local->iflist_mtx); 604 mutex_unlock(&local->iflist_mtx);
@@ -574,23 +614,14 @@ static void ieee80211_scan_state_set_channel(struct ieee80211_local *local,
574{ 614{
575 int skip; 615 int skip;
576 struct ieee80211_channel *chan; 616 struct ieee80211_channel *chan;
577 struct ieee80211_sub_if_data *sdata = local->scan_sdata;
578 617
579 skip = 0; 618 skip = 0;
580 chan = local->scan_req->channels[local->scan_channel_idx]; 619 chan = local->scan_req->channels[local->scan_channel_idx];
581 620
582 if (chan->flags & IEEE80211_CHAN_DISABLED || 621 local->scan_channel = chan;
583 (sdata->vif.type == NL80211_IFTYPE_ADHOC && 622 if (ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL))
584 chan->flags & IEEE80211_CHAN_NO_IBSS))
585 skip = 1; 623 skip = 1;
586 624
587 if (!skip) {
588 local->scan_channel = chan;
589 if (ieee80211_hw_config(local,
590 IEEE80211_CONF_CHANGE_CHANNEL))
591 skip = 1;
592 }
593
594 /* advance state machine to next channel/band */ 625 /* advance state machine to next channel/band */
595 local->scan_channel_idx++; 626 local->scan_channel_idx++;
596 627
@@ -656,6 +687,14 @@ void ieee80211_scan_work(struct work_struct *work)
656 return; 687 return;
657 } 688 }
658 689
690 if (local->hw_scan_req) {
691 int rc = drv_hw_scan(local, local->hw_scan_req);
692 mutex_unlock(&local->scan_mtx);
693 if (rc)
694 ieee80211_scan_completed(&local->hw, true);
695 return;
696 }
697
659 if (local->scan_req && !local->scanning) { 698 if (local->scan_req && !local->scanning) {
660 struct cfg80211_scan_request *req = local->scan_req; 699 struct cfg80211_scan_request *req = local->scan_req;
661 int rc; 700 int rc;
diff --git a/net/mac80211/spectmgmt.c b/net/mac80211/spectmgmt.c
index 68953033403d..aa743a895cf9 100644
--- a/net/mac80211/spectmgmt.c
+++ b/net/mac80211/spectmgmt.c
@@ -65,7 +65,7 @@ static void ieee80211_send_refuse_measurement_request(struct ieee80211_sub_if_da
65 IEEE80211_SPCT_MSR_RPRT_MODE_REFUSED; 65 IEEE80211_SPCT_MSR_RPRT_MODE_REFUSED;
66 msr_report->u.action.u.measurement.msr_elem.type = request_ie->type; 66 msr_report->u.action.u.measurement.msr_elem.type = request_ie->type;
67 67
68 ieee80211_tx_skb(sdata, skb, 1); 68 ieee80211_tx_skb(sdata, skb);
69} 69}
70 70
71void ieee80211_process_measurement_req(struct ieee80211_sub_if_data *sdata, 71void ieee80211_process_measurement_req(struct ieee80211_sub_if_data *sdata,
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index 594f2318c3d8..71f370dd24bc 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -116,14 +116,15 @@ struct sta_info *sta_info_get(struct ieee80211_local *local, const u8 *addr)
116 return sta; 116 return sta;
117} 117}
118 118
119struct sta_info *sta_info_get_by_idx(struct ieee80211_local *local, int idx, 119struct sta_info *sta_info_get_by_idx(struct ieee80211_sub_if_data *sdata,
120 struct net_device *dev) 120 int idx)
121{ 121{
122 struct ieee80211_local *local = sdata->local;
122 struct sta_info *sta; 123 struct sta_info *sta;
123 int i = 0; 124 int i = 0;
124 125
125 list_for_each_entry_rcu(sta, &local->sta_list, list) { 126 list_for_each_entry_rcu(sta, &local->sta_list, list) {
126 if (dev && dev != sta->sdata->dev) 127 if (sdata != sta->sdata)
127 continue; 128 continue;
128 if (i < idx) { 129 if (i < idx) {
129 ++i; 130 ++i;
@@ -147,8 +148,10 @@ struct sta_info *sta_info_get_by_idx(struct ieee80211_local *local, int idx,
147static void __sta_info_free(struct ieee80211_local *local, 148static void __sta_info_free(struct ieee80211_local *local,
148 struct sta_info *sta) 149 struct sta_info *sta)
149{ 150{
150 rate_control_free_sta(sta); 151 if (sta->rate_ctrl) {
151 rate_control_put(sta->rate_ctrl); 152 rate_control_free_sta(sta);
153 rate_control_put(sta->rate_ctrl);
154 }
152 155
153#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 156#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
154 printk(KERN_DEBUG "%s: Destroyed STA %pM\n", 157 printk(KERN_DEBUG "%s: Destroyed STA %pM\n",
@@ -171,6 +174,8 @@ void sta_info_destroy(struct sta_info *sta)
171 174
172 local = sta->local; 175 local = sta->local;
173 176
177 cancel_work_sync(&sta->drv_unblock_wk);
178
174 rate_control_remove_sta_debugfs(sta); 179 rate_control_remove_sta_debugfs(sta);
175 ieee80211_sta_debugfs_remove(sta); 180 ieee80211_sta_debugfs_remove(sta);
176 181
@@ -259,6 +264,38 @@ static void sta_info_hash_add(struct ieee80211_local *local,
259 rcu_assign_pointer(local->sta_hash[STA_HASH(sta->sta.addr)], sta); 264 rcu_assign_pointer(local->sta_hash[STA_HASH(sta->sta.addr)], sta);
260} 265}
261 266
267static void sta_unblock(struct work_struct *wk)
268{
269 struct sta_info *sta;
270
271 sta = container_of(wk, struct sta_info, drv_unblock_wk);
272
273 if (sta->dead)
274 return;
275
276 if (!test_sta_flags(sta, WLAN_STA_PS_STA))
277 ieee80211_sta_ps_deliver_wakeup(sta);
278 else if (test_and_clear_sta_flags(sta, WLAN_STA_PSPOLL))
279 ieee80211_sta_ps_deliver_poll_response(sta);
280}
281
282static int sta_prepare_rate_control(struct ieee80211_local *local,
283 struct sta_info *sta, gfp_t gfp)
284{
285 if (local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL)
286 return 0;
287
288 sta->rate_ctrl = rate_control_get(local->rate_ctrl);
289 sta->rate_ctrl_priv = rate_control_alloc_sta(sta->rate_ctrl,
290 &sta->sta, gfp);
291 if (!sta->rate_ctrl_priv) {
292 rate_control_put(sta->rate_ctrl);
293 return -ENOMEM;
294 }
295
296 return 0;
297}
298
262struct sta_info *sta_info_alloc(struct ieee80211_sub_if_data *sdata, 299struct sta_info *sta_info_alloc(struct ieee80211_sub_if_data *sdata,
263 u8 *addr, gfp_t gfp) 300 u8 *addr, gfp_t gfp)
264{ 301{
@@ -272,16 +309,13 @@ struct sta_info *sta_info_alloc(struct ieee80211_sub_if_data *sdata,
272 309
273 spin_lock_init(&sta->lock); 310 spin_lock_init(&sta->lock);
274 spin_lock_init(&sta->flaglock); 311 spin_lock_init(&sta->flaglock);
312 INIT_WORK(&sta->drv_unblock_wk, sta_unblock);
275 313
276 memcpy(sta->sta.addr, addr, ETH_ALEN); 314 memcpy(sta->sta.addr, addr, ETH_ALEN);
277 sta->local = local; 315 sta->local = local;
278 sta->sdata = sdata; 316 sta->sdata = sdata;
279 317
280 sta->rate_ctrl = rate_control_get(local->rate_ctrl); 318 if (sta_prepare_rate_control(local, sta, gfp)) {
281 sta->rate_ctrl_priv = rate_control_alloc_sta(sta->rate_ctrl,
282 &sta->sta, gfp);
283 if (!sta->rate_ctrl_priv) {
284 rate_control_put(sta->rate_ctrl);
285 kfree(sta); 319 kfree(sta);
286 return NULL; 320 return NULL;
287 } 321 }
@@ -478,8 +512,10 @@ static void __sta_info_unlink(struct sta_info **sta)
478 } 512 }
479 513
480 list_del(&(*sta)->list); 514 list_del(&(*sta)->list);
515 (*sta)->dead = true;
481 516
482 if (test_and_clear_sta_flags(*sta, WLAN_STA_PS)) { 517 if (test_and_clear_sta_flags(*sta,
518 WLAN_STA_PS_STA | WLAN_STA_PS_DRIVER)) {
483 BUG_ON(!sdata->bss); 519 BUG_ON(!sdata->bss);
484 520
485 atomic_dec(&sdata->bss->num_sta_ps); 521 atomic_dec(&sdata->bss->num_sta_ps);
@@ -489,6 +525,9 @@ static void __sta_info_unlink(struct sta_info **sta)
489 local->num_sta--; 525 local->num_sta--;
490 local->sta_generation++; 526 local->sta_generation++;
491 527
528 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
529 rcu_assign_pointer(sdata->u.vlan.sta, NULL);
530
492 if (local->ops->sta_notify) { 531 if (local->ops->sta_notify) {
493 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) 532 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
494 sdata = container_of(sdata->bss, 533 sdata = container_of(sdata->bss,
@@ -801,8 +840,8 @@ void ieee80211_sta_expire(struct ieee80211_sub_if_data *sdata,
801 sta_info_destroy(sta); 840 sta_info_destroy(sta);
802} 841}
803 842
804struct ieee80211_sta *ieee80211_find_sta(struct ieee80211_hw *hw, 843struct ieee80211_sta *ieee80211_find_sta_by_hw(struct ieee80211_hw *hw,
805 const u8 *addr) 844 const u8 *addr)
806{ 845{
807 struct sta_info *sta = sta_info_get(hw_to_local(hw), addr); 846 struct sta_info *sta = sta_info_get(hw_to_local(hw), addr);
808 847
@@ -810,4 +849,114 @@ struct ieee80211_sta *ieee80211_find_sta(struct ieee80211_hw *hw,
810 return NULL; 849 return NULL;
811 return &sta->sta; 850 return &sta->sta;
812} 851}
852EXPORT_SYMBOL_GPL(ieee80211_find_sta_by_hw);
853
854struct ieee80211_sta *ieee80211_find_sta(struct ieee80211_vif *vif,
855 const u8 *addr)
856{
857 struct ieee80211_sub_if_data *sdata;
858
859 if (!vif)
860 return NULL;
861
862 sdata = vif_to_sdata(vif);
863
864 return ieee80211_find_sta_by_hw(&sdata->local->hw, addr);
865}
813EXPORT_SYMBOL(ieee80211_find_sta); 866EXPORT_SYMBOL(ieee80211_find_sta);
867
868/* powersave support code */
869void ieee80211_sta_ps_deliver_wakeup(struct sta_info *sta)
870{
871 struct ieee80211_sub_if_data *sdata = sta->sdata;
872 struct ieee80211_local *local = sdata->local;
873 int sent, buffered;
874
875 drv_sta_notify(local, &sdata->vif, STA_NOTIFY_AWAKE, &sta->sta);
876
877 if (!skb_queue_empty(&sta->ps_tx_buf))
878 sta_info_clear_tim_bit(sta);
879
880 /* Send all buffered frames to the station */
881 sent = ieee80211_add_pending_skbs(local, &sta->tx_filtered);
882 buffered = ieee80211_add_pending_skbs(local, &sta->ps_tx_buf);
883 sent += buffered;
884 local->total_ps_buffered -= buffered;
885
886#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
887 printk(KERN_DEBUG "%s: STA %pM aid %d sending %d filtered/%d PS frames "
888 "since STA not sleeping anymore\n", sdata->dev->name,
889 sta->sta.addr, sta->sta.aid, sent - buffered, buffered);
890#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
891}
892
893void ieee80211_sta_ps_deliver_poll_response(struct sta_info *sta)
894{
895 struct ieee80211_sub_if_data *sdata = sta->sdata;
896 struct ieee80211_local *local = sdata->local;
897 struct sk_buff *skb;
898 int no_pending_pkts;
899
900 skb = skb_dequeue(&sta->tx_filtered);
901 if (!skb) {
902 skb = skb_dequeue(&sta->ps_tx_buf);
903 if (skb)
904 local->total_ps_buffered--;
905 }
906 no_pending_pkts = skb_queue_empty(&sta->tx_filtered) &&
907 skb_queue_empty(&sta->ps_tx_buf);
908
909 if (skb) {
910 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
911 struct ieee80211_hdr *hdr =
912 (struct ieee80211_hdr *) skb->data;
913
914 /*
915 * Tell TX path to send this frame even though the STA may
916 * still remain is PS mode after this frame exchange.
917 */
918 info->flags |= IEEE80211_TX_CTL_PSPOLL_RESPONSE;
919
920#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
921 printk(KERN_DEBUG "STA %pM aid %d: PS Poll (entries after %d)\n",
922 sta->sta.addr, sta->sta.aid,
923 skb_queue_len(&sta->ps_tx_buf));
924#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
925
926 /* Use MoreData flag to indicate whether there are more
927 * buffered frames for this STA */
928 if (no_pending_pkts)
929 hdr->frame_control &= cpu_to_le16(~IEEE80211_FCTL_MOREDATA);
930 else
931 hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_MOREDATA);
932
933 ieee80211_add_pending_skb(local, skb);
934
935 if (no_pending_pkts)
936 sta_info_clear_tim_bit(sta);
937#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
938 } else {
939 /*
940 * FIXME: This can be the result of a race condition between
941 * us expiring a frame and the station polling for it.
942 * Should we send it a null-func frame indicating we
943 * have nothing buffered for it?
944 */
945 printk(KERN_DEBUG "%s: STA %pM sent PS Poll even "
946 "though there are no buffered frames for it\n",
947 sdata->dev->name, sta->sta.addr);
948#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
949 }
950}
951
952void ieee80211_sta_block_awake(struct ieee80211_hw *hw,
953 struct ieee80211_sta *pubsta, bool block)
954{
955 struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
956
957 if (block)
958 set_sta_flags(sta, WLAN_STA_PS_DRIVER);
959 else
960 ieee80211_queue_work(hw, &sta->drv_unblock_wk);
961}
962EXPORT_SYMBOL(ieee80211_sta_block_awake);
diff --git a/net/mac80211/sta_info.h b/net/mac80211/sta_info.h
index ccc3adf962c7..b4810f6aa94f 100644
--- a/net/mac80211/sta_info.h
+++ b/net/mac80211/sta_info.h
@@ -12,6 +12,7 @@
12#include <linux/list.h> 12#include <linux/list.h>
13#include <linux/types.h> 13#include <linux/types.h>
14#include <linux/if_ether.h> 14#include <linux/if_ether.h>
15#include <linux/workqueue.h>
15#include "key.h" 16#include "key.h"
16 17
17/** 18/**
@@ -21,7 +22,7 @@
21 * 22 *
22 * @WLAN_STA_AUTH: Station is authenticated. 23 * @WLAN_STA_AUTH: Station is authenticated.
23 * @WLAN_STA_ASSOC: Station is associated. 24 * @WLAN_STA_ASSOC: Station is associated.
24 * @WLAN_STA_PS: Station is in power-save mode 25 * @WLAN_STA_PS_STA: Station is in power-save mode
25 * @WLAN_STA_AUTHORIZED: Station is authorized to send/receive traffic. 26 * @WLAN_STA_AUTHORIZED: Station is authorized to send/receive traffic.
26 * This bit is always checked so needs to be enabled for all stations 27 * This bit is always checked so needs to be enabled for all stations
27 * when virtual port control is not in use. 28 * when virtual port control is not in use.
@@ -36,11 +37,16 @@
36 * @WLAN_STA_MFP: Management frame protection is used with this STA. 37 * @WLAN_STA_MFP: Management frame protection is used with this STA.
37 * @WLAN_STA_SUSPEND: Set/cleared during a suspend/resume cycle. 38 * @WLAN_STA_SUSPEND: Set/cleared during a suspend/resume cycle.
38 * Used to deny ADDBA requests (both TX and RX). 39 * Used to deny ADDBA requests (both TX and RX).
40 * @WLAN_STA_PS_DRIVER: driver requires keeping this station in
41 * power-save mode logically to flush frames that might still
42 * be in the queues
43 * @WLAN_STA_PSPOLL: Station sent PS-poll while driver was keeping
44 * station in power-save mode, reply when the driver unblocks.
39 */ 45 */
40enum ieee80211_sta_info_flags { 46enum ieee80211_sta_info_flags {
41 WLAN_STA_AUTH = 1<<0, 47 WLAN_STA_AUTH = 1<<0,
42 WLAN_STA_ASSOC = 1<<1, 48 WLAN_STA_ASSOC = 1<<1,
43 WLAN_STA_PS = 1<<2, 49 WLAN_STA_PS_STA = 1<<2,
44 WLAN_STA_AUTHORIZED = 1<<3, 50 WLAN_STA_AUTHORIZED = 1<<3,
45 WLAN_STA_SHORT_PREAMBLE = 1<<4, 51 WLAN_STA_SHORT_PREAMBLE = 1<<4,
46 WLAN_STA_ASSOC_AP = 1<<5, 52 WLAN_STA_ASSOC_AP = 1<<5,
@@ -48,7 +54,9 @@ enum ieee80211_sta_info_flags {
48 WLAN_STA_WDS = 1<<7, 54 WLAN_STA_WDS = 1<<7,
49 WLAN_STA_CLEAR_PS_FILT = 1<<9, 55 WLAN_STA_CLEAR_PS_FILT = 1<<9,
50 WLAN_STA_MFP = 1<<10, 56 WLAN_STA_MFP = 1<<10,
51 WLAN_STA_SUSPEND = 1<<11 57 WLAN_STA_SUSPEND = 1<<11,
58 WLAN_STA_PS_DRIVER = 1<<12,
59 WLAN_STA_PSPOLL = 1<<13,
52}; 60};
53 61
54#define STA_TID_NUM 16 62#define STA_TID_NUM 16
@@ -177,6 +185,7 @@ struct sta_ampdu_mlme {
177 * @lock: used for locking all fields that require locking, see comments 185 * @lock: used for locking all fields that require locking, see comments
178 * in the header file. 186 * in the header file.
179 * @flaglock: spinlock for flags accesses 187 * @flaglock: spinlock for flags accesses
188 * @drv_unblock_wk: used for driver PS unblocking
180 * @listen_interval: listen interval of this station, when we're acting as AP 189 * @listen_interval: listen interval of this station, when we're acting as AP
181 * @pin_status: used internally for pinning a STA struct into memory 190 * @pin_status: used internally for pinning a STA struct into memory
182 * @flags: STA flags, see &enum ieee80211_sta_info_flags 191 * @flags: STA flags, see &enum ieee80211_sta_info_flags
@@ -193,7 +202,6 @@ struct sta_ampdu_mlme {
193 * @rx_fragments: number of received MPDUs 202 * @rx_fragments: number of received MPDUs
194 * @rx_dropped: number of dropped MPDUs from this STA 203 * @rx_dropped: number of dropped MPDUs from this STA
195 * @last_signal: signal of last received frame from this STA 204 * @last_signal: signal of last received frame from this STA
196 * @last_qual: qual of last received frame from this STA
197 * @last_noise: noise of last received frame from this STA 205 * @last_noise: noise of last received frame from this STA
198 * @last_seq_ctrl: last received seq/frag number from this STA (per RX queue) 206 * @last_seq_ctrl: last received seq/frag number from this STA (per RX queue)
199 * @tx_filtered_count: number of frames the hardware filtered for this STA 207 * @tx_filtered_count: number of frames the hardware filtered for this STA
@@ -217,6 +225,7 @@ struct sta_ampdu_mlme {
217 * @plink_timer_was_running: used by suspend/resume to restore timers 225 * @plink_timer_was_running: used by suspend/resume to restore timers
218 * @debugfs: debug filesystem info 226 * @debugfs: debug filesystem info
219 * @sta: station information we share with the driver 227 * @sta: station information we share with the driver
228 * @dead: set to true when sta is unlinked
220 */ 229 */
221struct sta_info { 230struct sta_info {
222 /* General information, mostly static */ 231 /* General information, mostly static */
@@ -230,8 +239,12 @@ struct sta_info {
230 spinlock_t lock; 239 spinlock_t lock;
231 spinlock_t flaglock; 240 spinlock_t flaglock;
232 241
242 struct work_struct drv_unblock_wk;
243
233 u16 listen_interval; 244 u16 listen_interval;
234 245
246 bool dead;
247
235 /* 248 /*
236 * for use by the internal lifetime management, 249 * for use by the internal lifetime management,
237 * see __sta_info_unlink 250 * see __sta_info_unlink
@@ -259,7 +272,6 @@ struct sta_info {
259 unsigned long rx_fragments; 272 unsigned long rx_fragments;
260 unsigned long rx_dropped; 273 unsigned long rx_dropped;
261 int last_signal; 274 int last_signal;
262 int last_qual;
263 int last_noise; 275 int last_noise;
264 __le16 last_seq_ctrl[NUM_RX_DATA_QUEUES]; 276 __le16 last_seq_ctrl[NUM_RX_DATA_QUEUES];
265 277
@@ -301,28 +313,6 @@ struct sta_info {
301#ifdef CONFIG_MAC80211_DEBUGFS 313#ifdef CONFIG_MAC80211_DEBUGFS
302 struct sta_info_debugfsdentries { 314 struct sta_info_debugfsdentries {
303 struct dentry *dir; 315 struct dentry *dir;
304 struct dentry *flags;
305 struct dentry *num_ps_buf_frames;
306 struct dentry *inactive_ms;
307 struct dentry *last_seq_ctrl;
308 struct dentry *agg_status;
309 struct dentry *aid;
310 struct dentry *dev;
311 struct dentry *rx_packets;
312 struct dentry *tx_packets;
313 struct dentry *rx_bytes;
314 struct dentry *tx_bytes;
315 struct dentry *rx_duplicates;
316 struct dentry *rx_fragments;
317 struct dentry *rx_dropped;
318 struct dentry *tx_fragments;
319 struct dentry *tx_filtered;
320 struct dentry *tx_retry_failed;
321 struct dentry *tx_retry_count;
322 struct dentry *last_signal;
323 struct dentry *last_qual;
324 struct dentry *last_noise;
325 struct dentry *wep_weak_iv_count;
326 bool add_has_run; 316 bool add_has_run;
327 } debugfs; 317 } debugfs;
328#endif 318#endif
@@ -419,8 +409,8 @@ struct sta_info *sta_info_get(struct ieee80211_local *local, const u8 *addr);
419/* 409/*
420 * Get STA info by index, BROKEN! 410 * Get STA info by index, BROKEN!
421 */ 411 */
422struct sta_info *sta_info_get_by_idx(struct ieee80211_local *local, int idx, 412struct sta_info *sta_info_get_by_idx(struct ieee80211_sub_if_data *sdata,
423 struct net_device *dev); 413 int idx);
424/* 414/*
425 * Create a new STA info, caller owns returned structure 415 * Create a new STA info, caller owns returned structure
426 * until sta_info_insert(). 416 * until sta_info_insert().
@@ -454,4 +444,7 @@ int sta_info_flush(struct ieee80211_local *local,
454void ieee80211_sta_expire(struct ieee80211_sub_if_data *sdata, 444void ieee80211_sta_expire(struct ieee80211_sub_if_data *sdata,
455 unsigned long exp_time); 445 unsigned long exp_time);
456 446
447void ieee80211_sta_ps_deliver_wakeup(struct sta_info *sta);
448void ieee80211_sta_ps_deliver_poll_response(struct sta_info *sta);
449
457#endif /* STA_INFO_H */ 450#endif /* STA_INFO_H */
diff --git a/net/mac80211/status.c b/net/mac80211/status.c
new file mode 100644
index 000000000000..d78f36c64c7b
--- /dev/null
+++ b/net/mac80211/status.c
@@ -0,0 +1,341 @@
1/*
2 * Copyright 2002-2005, Instant802 Networks, Inc.
3 * Copyright 2005-2006, Devicescape Software, Inc.
4 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
5 * Copyright 2008-2009 Johannes Berg <johannes@sipsolutions.net>
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
10 */
11
12#include <net/mac80211.h>
13#include "ieee80211_i.h"
14#include "rate.h"
15#include "mesh.h"
16#include "led.h"
17
18
19void ieee80211_tx_status_irqsafe(struct ieee80211_hw *hw,
20 struct sk_buff *skb)
21{
22 struct ieee80211_local *local = hw_to_local(hw);
23 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
24 int tmp;
25
26 skb->pkt_type = IEEE80211_TX_STATUS_MSG;
27 skb_queue_tail(info->flags & IEEE80211_TX_CTL_REQ_TX_STATUS ?
28 &local->skb_queue : &local->skb_queue_unreliable, skb);
29 tmp = skb_queue_len(&local->skb_queue) +
30 skb_queue_len(&local->skb_queue_unreliable);
31 while (tmp > IEEE80211_IRQSAFE_QUEUE_LIMIT &&
32 (skb = skb_dequeue(&local->skb_queue_unreliable))) {
33 dev_kfree_skb_irq(skb);
34 tmp--;
35 I802_DEBUG_INC(local->tx_status_drop);
36 }
37 tasklet_schedule(&local->tasklet);
38}
39EXPORT_SYMBOL(ieee80211_tx_status_irqsafe);
40
41static void ieee80211_handle_filtered_frame(struct ieee80211_local *local,
42 struct sta_info *sta,
43 struct sk_buff *skb)
44{
45 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
46
47 /*
48 * XXX: This is temporary!
49 *
50 * The problem here is that when we get here, the driver will
51 * quite likely have pretty much overwritten info->control by
52 * using info->driver_data or info->rate_driver_data. Thus,
53 * when passing out the frame to the driver again, we would be
54 * passing completely bogus data since the driver would then
55 * expect a properly filled info->control. In mac80211 itself
56 * the same problem occurs, since we need info->control.vif
57 * internally.
58 *
59 * To fix this, we should send the frame through TX processing
60 * again. However, it's not that simple, since the frame will
61 * have been software-encrypted (if applicable) already, and
62 * encrypting it again doesn't do much good. So to properly do
63 * that, we not only have to skip the actual 'raw' encryption
64 * (key selection etc. still has to be done!) but also the
65 * sequence number assignment since that impacts the crypto
66 * encapsulation, of course.
67 *
68 * Hence, for now, fix the bug by just dropping the frame.
69 */
70 goto drop;
71
72 sta->tx_filtered_count++;
73
74 /*
75 * Clear the TX filter mask for this STA when sending the next
76 * packet. If the STA went to power save mode, this will happen
77 * when it wakes up for the next time.
78 */
79 set_sta_flags(sta, WLAN_STA_CLEAR_PS_FILT);
80
81 /*
82 * This code races in the following way:
83 *
84 * (1) STA sends frame indicating it will go to sleep and does so
85 * (2) hardware/firmware adds STA to filter list, passes frame up
86 * (3) hardware/firmware processes TX fifo and suppresses a frame
87 * (4) we get TX status before having processed the frame and
88 * knowing that the STA has gone to sleep.
89 *
90 * This is actually quite unlikely even when both those events are
91 * processed from interrupts coming in quickly after one another or
92 * even at the same time because we queue both TX status events and
93 * RX frames to be processed by a tasklet and process them in the
94 * same order that they were received or TX status last. Hence, there
95 * is no race as long as the frame RX is processed before the next TX
96 * status, which drivers can ensure, see below.
97 *
98 * Note that this can only happen if the hardware or firmware can
99 * actually add STAs to the filter list, if this is done by the
100 * driver in response to set_tim() (which will only reduce the race
101 * this whole filtering tries to solve, not completely solve it)
102 * this situation cannot happen.
103 *
104 * To completely solve this race drivers need to make sure that they
105 * (a) don't mix the irq-safe/not irq-safe TX status/RX processing
106 * functions and
107 * (b) always process RX events before TX status events if ordering
108 * can be unknown, for example with different interrupt status
109 * bits.
110 */
111 if (test_sta_flags(sta, WLAN_STA_PS_STA) &&
112 skb_queue_len(&sta->tx_filtered) < STA_MAX_TX_BUFFER) {
113 skb_queue_tail(&sta->tx_filtered, skb);
114 return;
115 }
116
117 if (!test_sta_flags(sta, WLAN_STA_PS_STA) &&
118 !(info->flags & IEEE80211_TX_INTFL_RETRIED)) {
119 /* Software retry the packet once */
120 info->flags |= IEEE80211_TX_INTFL_RETRIED;
121 ieee80211_add_pending_skb(local, skb);
122 return;
123 }
124
125 drop:
126#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
127 if (net_ratelimit())
128 printk(KERN_DEBUG "%s: dropped TX filtered frame, "
129 "queue_len=%d PS=%d @%lu\n",
130 wiphy_name(local->hw.wiphy),
131 skb_queue_len(&sta->tx_filtered),
132 !!test_sta_flags(sta, WLAN_STA_PS_STA), jiffies);
133#endif
134 dev_kfree_skb(skb);
135}
136
137void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
138{
139 struct sk_buff *skb2;
140 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
141 struct ieee80211_local *local = hw_to_local(hw);
142 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
143 u16 frag, type;
144 __le16 fc;
145 struct ieee80211_supported_band *sband;
146 struct ieee80211_tx_status_rtap_hdr *rthdr;
147 struct ieee80211_sub_if_data *sdata;
148 struct net_device *prev_dev = NULL;
149 struct sta_info *sta;
150 int retry_count = -1, i;
151 bool injected;
152
153 for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) {
154 /* the HW cannot have attempted that rate */
155 if (i >= hw->max_rates) {
156 info->status.rates[i].idx = -1;
157 info->status.rates[i].count = 0;
158 }
159
160 retry_count += info->status.rates[i].count;
161 }
162 if (retry_count < 0)
163 retry_count = 0;
164
165 rcu_read_lock();
166
167 sband = local->hw.wiphy->bands[info->band];
168
169 sta = sta_info_get(local, hdr->addr1);
170
171 if (sta) {
172 if (!(info->flags & IEEE80211_TX_STAT_ACK) &&
173 test_sta_flags(sta, WLAN_STA_PS_STA)) {
174 /*
175 * The STA is in power save mode, so assume
176 * that this TX packet failed because of that.
177 */
178 ieee80211_handle_filtered_frame(local, sta, skb);
179 rcu_read_unlock();
180 return;
181 }
182
183 fc = hdr->frame_control;
184
185 if ((info->flags & IEEE80211_TX_STAT_AMPDU_NO_BACK) &&
186 (ieee80211_is_data_qos(fc))) {
187 u16 tid, ssn;
188 u8 *qc;
189
190 qc = ieee80211_get_qos_ctl(hdr);
191 tid = qc[0] & 0xf;
192 ssn = ((le16_to_cpu(hdr->seq_ctrl) + 0x10)
193 & IEEE80211_SCTL_SEQ);
194 ieee80211_send_bar(sta->sdata, hdr->addr1,
195 tid, ssn);
196 }
197
198 if (info->flags & IEEE80211_TX_STAT_TX_FILTERED) {
199 ieee80211_handle_filtered_frame(local, sta, skb);
200 rcu_read_unlock();
201 return;
202 } else {
203 if (!(info->flags & IEEE80211_TX_STAT_ACK))
204 sta->tx_retry_failed++;
205 sta->tx_retry_count += retry_count;
206 }
207
208 rate_control_tx_status(local, sband, sta, skb);
209 if (ieee80211_vif_is_mesh(&sta->sdata->vif))
210 ieee80211s_update_metric(local, sta, skb);
211 }
212
213 rcu_read_unlock();
214
215 ieee80211_led_tx(local, 0);
216
217 /* SNMP counters
218 * Fragments are passed to low-level drivers as separate skbs, so these
219 * are actually fragments, not frames. Update frame counters only for
220 * the first fragment of the frame. */
221
222 frag = le16_to_cpu(hdr->seq_ctrl) & IEEE80211_SCTL_FRAG;
223 type = le16_to_cpu(hdr->frame_control) & IEEE80211_FCTL_FTYPE;
224
225 if (info->flags & IEEE80211_TX_STAT_ACK) {
226 if (frag == 0) {
227 local->dot11TransmittedFrameCount++;
228 if (is_multicast_ether_addr(hdr->addr1))
229 local->dot11MulticastTransmittedFrameCount++;
230 if (retry_count > 0)
231 local->dot11RetryCount++;
232 if (retry_count > 1)
233 local->dot11MultipleRetryCount++;
234 }
235
236 /* This counter shall be incremented for an acknowledged MPDU
237 * with an individual address in the address 1 field or an MPDU
238 * with a multicast address in the address 1 field of type Data
239 * or Management. */
240 if (!is_multicast_ether_addr(hdr->addr1) ||
241 type == IEEE80211_FTYPE_DATA ||
242 type == IEEE80211_FTYPE_MGMT)
243 local->dot11TransmittedFragmentCount++;
244 } else {
245 if (frag == 0)
246 local->dot11FailedCount++;
247 }
248
249 /* this was a transmitted frame, but now we want to reuse it */
250 skb_orphan(skb);
251
252 /*
253 * This is a bit racy but we can avoid a lot of work
254 * with this test...
255 */
256 if (!local->monitors && !local->cooked_mntrs) {
257 dev_kfree_skb(skb);
258 return;
259 }
260
261 /* send frame to monitor interfaces now */
262
263 if (skb_headroom(skb) < sizeof(*rthdr)) {
264 printk(KERN_ERR "ieee80211_tx_status: headroom too small\n");
265 dev_kfree_skb(skb);
266 return;
267 }
268
269 rthdr = (struct ieee80211_tx_status_rtap_hdr *)
270 skb_push(skb, sizeof(*rthdr));
271
272 memset(rthdr, 0, sizeof(*rthdr));
273 rthdr->hdr.it_len = cpu_to_le16(sizeof(*rthdr));
274 rthdr->hdr.it_present =
275 cpu_to_le32((1 << IEEE80211_RADIOTAP_TX_FLAGS) |
276 (1 << IEEE80211_RADIOTAP_DATA_RETRIES) |
277 (1 << IEEE80211_RADIOTAP_RATE));
278
279 if (!(info->flags & IEEE80211_TX_STAT_ACK) &&
280 !is_multicast_ether_addr(hdr->addr1))
281 rthdr->tx_flags |= cpu_to_le16(IEEE80211_RADIOTAP_F_TX_FAIL);
282
283 /*
284 * XXX: Once radiotap gets the bitmap reset thing the vendor
285 * extensions proposal contains, we can actually report
286 * the whole set of tries we did.
287 */
288 if ((info->status.rates[0].flags & IEEE80211_TX_RC_USE_RTS_CTS) ||
289 (info->status.rates[0].flags & IEEE80211_TX_RC_USE_CTS_PROTECT))
290 rthdr->tx_flags |= cpu_to_le16(IEEE80211_RADIOTAP_F_TX_CTS);
291 else if (info->status.rates[0].flags & IEEE80211_TX_RC_USE_RTS_CTS)
292 rthdr->tx_flags |= cpu_to_le16(IEEE80211_RADIOTAP_F_TX_RTS);
293 if (info->status.rates[0].idx >= 0 &&
294 !(info->status.rates[0].flags & IEEE80211_TX_RC_MCS))
295 rthdr->rate = sband->bitrates[
296 info->status.rates[0].idx].bitrate / 5;
297
298 /* for now report the total retry_count */
299 rthdr->data_retries = retry_count;
300
301 /* Need to make a copy before skb->cb gets cleared */
302 injected = !!(info->flags & IEEE80211_TX_CTL_INJECTED);
303
304 /* XXX: is this sufficient for BPF? */
305 skb_set_mac_header(skb, 0);
306 skb->ip_summed = CHECKSUM_UNNECESSARY;
307 skb->pkt_type = PACKET_OTHERHOST;
308 skb->protocol = htons(ETH_P_802_2);
309 memset(skb->cb, 0, sizeof(skb->cb));
310
311 rcu_read_lock();
312 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
313 if (sdata->vif.type == NL80211_IFTYPE_MONITOR) {
314 if (!netif_running(sdata->dev))
315 continue;
316
317 if ((sdata->u.mntr_flags & MONITOR_FLAG_COOK_FRAMES) &&
318 !injected &&
319 (type == IEEE80211_FTYPE_DATA))
320 continue;
321
322 if (prev_dev) {
323 skb2 = skb_clone(skb, GFP_ATOMIC);
324 if (skb2) {
325 skb2->dev = prev_dev;
326 netif_rx(skb2);
327 }
328 }
329
330 prev_dev = sdata->dev;
331 }
332 }
333 if (prev_dev) {
334 skb->dev = prev_dev;
335 netif_rx(skb);
336 skb = NULL;
337 }
338 rcu_read_unlock();
339 dev_kfree_skb(skb);
340}
341EXPORT_SYMBOL(ieee80211_tx_status);
diff --git a/net/mac80211/tkip.c b/net/mac80211/tkip.c
index 964b7faa7f17..4921d724b6c7 100644
--- a/net/mac80211/tkip.c
+++ b/net/mac80211/tkip.c
@@ -301,9 +301,9 @@ int ieee80211_tkip_decrypt_data(struct crypto_blkcipher *tfm,
301#endif 301#endif
302 if (key->local->ops->update_tkip_key && 302 if (key->local->ops->update_tkip_key &&
303 key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) { 303 key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
304 u8 bcast[ETH_ALEN] = 304 static const u8 bcast[ETH_ALEN] =
305 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 305 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
306 u8 *sta_addr = key->sta->sta.addr; 306 const u8 *sta_addr = key->sta->sta.addr;
307 307
308 if (is_multicast_ether_addr(ra)) 308 if (is_multicast_ether_addr(ra))
309 sta_addr = bcast; 309 sta_addr = bcast;
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index eaa4118de988..8834cc93c716 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -317,12 +317,11 @@ ieee80211_tx_h_multicast_ps_buf(struct ieee80211_tx_data *tx)
317 if (!atomic_read(&tx->sdata->bss->num_sta_ps)) 317 if (!atomic_read(&tx->sdata->bss->num_sta_ps))
318 return TX_CONTINUE; 318 return TX_CONTINUE;
319 319
320 /* buffered in hardware */ 320 info->flags |= IEEE80211_TX_CTL_SEND_AFTER_DTIM;
321 if (!(tx->local->hw.flags & IEEE80211_HW_HOST_BROADCAST_PS_BUFFERING)) {
322 info->flags |= IEEE80211_TX_CTL_SEND_AFTER_DTIM;
323 321
322 /* device releases frame after DTIM beacon */
323 if (!(tx->local->hw.flags & IEEE80211_HW_HOST_BROADCAST_PS_BUFFERING))
324 return TX_CONTINUE; 324 return TX_CONTINUE;
325 }
326 325
327 /* buffered in mac80211 */ 326 /* buffered in mac80211 */
328 if (tx->local->total_ps_buffered >= TOTAL_MAX_TX_BUFFER) 327 if (tx->local->total_ps_buffered >= TOTAL_MAX_TX_BUFFER)
@@ -367,15 +366,16 @@ ieee80211_tx_h_unicast_ps_buf(struct ieee80211_tx_data *tx)
367 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data; 366 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
368 u32 staflags; 367 u32 staflags;
369 368
370 if (unlikely(!sta || ieee80211_is_probe_resp(hdr->frame_control) 369 if (unlikely(!sta ||
371 || ieee80211_is_auth(hdr->frame_control) 370 ieee80211_is_probe_resp(hdr->frame_control) ||
372 || ieee80211_is_assoc_resp(hdr->frame_control) 371 ieee80211_is_auth(hdr->frame_control) ||
373 || ieee80211_is_reassoc_resp(hdr->frame_control))) 372 ieee80211_is_assoc_resp(hdr->frame_control) ||
373 ieee80211_is_reassoc_resp(hdr->frame_control)))
374 return TX_CONTINUE; 374 return TX_CONTINUE;
375 375
376 staflags = get_sta_flags(sta); 376 staflags = get_sta_flags(sta);
377 377
378 if (unlikely((staflags & WLAN_STA_PS) && 378 if (unlikely((staflags & (WLAN_STA_PS_STA | WLAN_STA_PS_DRIVER)) &&
379 !(info->flags & IEEE80211_TX_CTL_PSPOLL_RESPONSE))) { 379 !(info->flags & IEEE80211_TX_CTL_PSPOLL_RESPONSE))) {
380#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 380#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
381 printk(KERN_DEBUG "STA %pM aid %d: PS buffer (entries " 381 printk(KERN_DEBUG "STA %pM aid %d: PS buffer (entries "
@@ -398,8 +398,13 @@ ieee80211_tx_h_unicast_ps_buf(struct ieee80211_tx_data *tx)
398 } else 398 } else
399 tx->local->total_ps_buffered++; 399 tx->local->total_ps_buffered++;
400 400
401 /* Queue frame to be sent after STA sends an PS Poll frame */ 401 /*
402 if (skb_queue_empty(&sta->ps_tx_buf)) 402 * Queue frame to be sent after STA wakes up/polls,
403 * but don't set the TIM bit if the driver is blocking
404 * wakeup or poll response transmissions anyway.
405 */
406 if (skb_queue_empty(&sta->ps_tx_buf) &&
407 !(staflags & WLAN_STA_PS_DRIVER))
403 sta_info_set_tim_bit(sta); 408 sta_info_set_tim_bit(sta);
404 409
405 info->control.jiffies = jiffies; 410 info->control.jiffies = jiffies;
@@ -409,7 +414,7 @@ ieee80211_tx_h_unicast_ps_buf(struct ieee80211_tx_data *tx)
409 return TX_QUEUED; 414 return TX_QUEUED;
410 } 415 }
411#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 416#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
412 else if (unlikely(test_sta_flags(sta, WLAN_STA_PS))) { 417 else if (unlikely(staflags & WLAN_STA_PS_STA)) {
413 printk(KERN_DEBUG "%s: STA %pM in PS mode, but pspoll " 418 printk(KERN_DEBUG "%s: STA %pM in PS mode, but pspoll "
414 "set -> send frame\n", tx->dev->name, 419 "set -> send frame\n", tx->dev->name,
415 sta->sta.addr); 420 sta->sta.addr);
@@ -1047,7 +1052,10 @@ ieee80211_tx_prepare(struct ieee80211_sub_if_data *sdata,
1047 1052
1048 hdr = (struct ieee80211_hdr *) skb->data; 1053 hdr = (struct ieee80211_hdr *) skb->data;
1049 1054
1050 tx->sta = sta_info_get(local, hdr->addr1); 1055 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
1056 tx->sta = rcu_dereference(sdata->u.vlan.sta);
1057 if (!tx->sta)
1058 tx->sta = sta_info_get(local, hdr->addr1);
1051 1059
1052 if (tx->sta && ieee80211_is_data_qos(hdr->frame_control) && 1060 if (tx->sta && ieee80211_is_data_qos(hdr->frame_control) &&
1053 (local->hw.flags & IEEE80211_HW_AMPDU_AGGREGATION)) { 1061 (local->hw.flags & IEEE80211_HW_AMPDU_AGGREGATION)) {
@@ -1201,23 +1209,26 @@ static int invoke_tx_handlers(struct ieee80211_tx_data *tx)
1201 struct sk_buff *skb = tx->skb; 1209 struct sk_buff *skb = tx->skb;
1202 ieee80211_tx_result res = TX_DROP; 1210 ieee80211_tx_result res = TX_DROP;
1203 1211
1204#define CALL_TXH(txh) \ 1212#define CALL_TXH(txh) \
1205 res = txh(tx); \ 1213 do { \
1206 if (res != TX_CONTINUE) \ 1214 res = txh(tx); \
1207 goto txh_done; 1215 if (res != TX_CONTINUE) \
1208 1216 goto txh_done; \
1209 CALL_TXH(ieee80211_tx_h_check_assoc) 1217 } while (0)
1210 CALL_TXH(ieee80211_tx_h_ps_buf) 1218
1211 CALL_TXH(ieee80211_tx_h_select_key) 1219 CALL_TXH(ieee80211_tx_h_check_assoc);
1212 CALL_TXH(ieee80211_tx_h_michael_mic_add) 1220 CALL_TXH(ieee80211_tx_h_ps_buf);
1213 CALL_TXH(ieee80211_tx_h_rate_ctrl) 1221 CALL_TXH(ieee80211_tx_h_select_key);
1214 CALL_TXH(ieee80211_tx_h_misc) 1222 CALL_TXH(ieee80211_tx_h_michael_mic_add);
1215 CALL_TXH(ieee80211_tx_h_sequence) 1223 if (!(tx->local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL))
1216 CALL_TXH(ieee80211_tx_h_fragment) 1224 CALL_TXH(ieee80211_tx_h_rate_ctrl);
1225 CALL_TXH(ieee80211_tx_h_misc);
1226 CALL_TXH(ieee80211_tx_h_sequence);
1227 CALL_TXH(ieee80211_tx_h_fragment);
1217 /* handlers after fragment must be aware of tx info fragmentation! */ 1228 /* handlers after fragment must be aware of tx info fragmentation! */
1218 CALL_TXH(ieee80211_tx_h_stats) 1229 CALL_TXH(ieee80211_tx_h_stats);
1219 CALL_TXH(ieee80211_tx_h_encrypt) 1230 CALL_TXH(ieee80211_tx_h_encrypt);
1220 CALL_TXH(ieee80211_tx_h_calculate_duration) 1231 CALL_TXH(ieee80211_tx_h_calculate_duration);
1221#undef CALL_TXH 1232#undef CALL_TXH
1222 1233
1223 txh_done: 1234 txh_done:
@@ -1387,6 +1398,30 @@ static int ieee80211_skb_resize(struct ieee80211_local *local,
1387 return 0; 1398 return 0;
1388} 1399}
1389 1400
1401static bool need_dynamic_ps(struct ieee80211_local *local)
1402{
1403 /* driver doesn't support power save */
1404 if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_PS))
1405 return false;
1406
1407 /* hardware does dynamic power save */
1408 if (local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)
1409 return false;
1410
1411 /* dynamic power save disabled */
1412 if (local->hw.conf.dynamic_ps_timeout <= 0)
1413 return false;
1414
1415 /* we are scanning, don't enable power save */
1416 if (local->scanning)
1417 return false;
1418
1419 if (!local->ps_sdata)
1420 return false;
1421
1422 return true;
1423}
1424
1390static void ieee80211_xmit(struct ieee80211_sub_if_data *sdata, 1425static void ieee80211_xmit(struct ieee80211_sub_if_data *sdata,
1391 struct sk_buff *skb) 1426 struct sk_buff *skb)
1392{ 1427{
@@ -1397,11 +1432,7 @@ static void ieee80211_xmit(struct ieee80211_sub_if_data *sdata,
1397 int headroom; 1432 int headroom;
1398 bool may_encrypt; 1433 bool may_encrypt;
1399 1434
1400 dev_hold(sdata->dev); 1435 if (need_dynamic_ps(local)) {
1401
1402 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) &&
1403 local->hw.conf.dynamic_ps_timeout > 0 &&
1404 !(local->scanning) && local->ps_sdata) {
1405 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 1436 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
1406 ieee80211_stop_queues_by_reason(&local->hw, 1437 ieee80211_stop_queues_by_reason(&local->hw,
1407 IEEE80211_QUEUE_STOP_REASON_PS); 1438 IEEE80211_QUEUE_STOP_REASON_PS);
@@ -1413,7 +1444,7 @@ static void ieee80211_xmit(struct ieee80211_sub_if_data *sdata,
1413 msecs_to_jiffies(local->hw.conf.dynamic_ps_timeout)); 1444 msecs_to_jiffies(local->hw.conf.dynamic_ps_timeout));
1414 } 1445 }
1415 1446
1416 info->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS; 1447 rcu_read_lock();
1417 1448
1418 if (unlikely(sdata->vif.type == NL80211_IFTYPE_MONITOR)) { 1449 if (unlikely(sdata->vif.type == NL80211_IFTYPE_MONITOR)) {
1419 int hdrlen; 1450 int hdrlen;
@@ -1437,7 +1468,6 @@ static void ieee80211_xmit(struct ieee80211_sub_if_data *sdata,
1437 * support we will need a different mechanism. 1468 * support we will need a different mechanism.
1438 */ 1469 */
1439 1470
1440 rcu_read_lock();
1441 list_for_each_entry_rcu(tmp_sdata, &local->interfaces, 1471 list_for_each_entry_rcu(tmp_sdata, &local->interfaces,
1442 list) { 1472 list) {
1443 if (!netif_running(tmp_sdata->dev)) 1473 if (!netif_running(tmp_sdata->dev))
@@ -1446,13 +1476,10 @@ static void ieee80211_xmit(struct ieee80211_sub_if_data *sdata,
1446 continue; 1476 continue;
1447 if (compare_ether_addr(tmp_sdata->dev->dev_addr, 1477 if (compare_ether_addr(tmp_sdata->dev->dev_addr,
1448 hdr->addr2) == 0) { 1478 hdr->addr2) == 0) {
1449 dev_hold(tmp_sdata->dev);
1450 dev_put(sdata->dev);
1451 sdata = tmp_sdata; 1479 sdata = tmp_sdata;
1452 break; 1480 break;
1453 } 1481 }
1454 } 1482 }
1455 rcu_read_unlock();
1456 } 1483 }
1457 } 1484 }
1458 1485
@@ -1466,7 +1493,7 @@ static void ieee80211_xmit(struct ieee80211_sub_if_data *sdata,
1466 1493
1467 if (ieee80211_skb_resize(local, skb, headroom, may_encrypt)) { 1494 if (ieee80211_skb_resize(local, skb, headroom, may_encrypt)) {
1468 dev_kfree_skb(skb); 1495 dev_kfree_skb(skb);
1469 dev_put(sdata->dev); 1496 rcu_read_unlock();
1470 return; 1497 return;
1471 } 1498 }
1472 1499
@@ -1477,13 +1504,13 @@ static void ieee80211_xmit(struct ieee80211_sub_if_data *sdata,
1477 !is_multicast_ether_addr(hdr->addr1)) 1504 !is_multicast_ether_addr(hdr->addr1))
1478 if (mesh_nexthop_lookup(skb, sdata)) { 1505 if (mesh_nexthop_lookup(skb, sdata)) {
1479 /* skb queued: don't free */ 1506 /* skb queued: don't free */
1480 dev_put(sdata->dev); 1507 rcu_read_unlock();
1481 return; 1508 return;
1482 } 1509 }
1483 1510
1484 ieee80211_select_queue(local, skb); 1511 ieee80211_select_queue(local, skb);
1485 ieee80211_tx(sdata, skb, false); 1512 ieee80211_tx(sdata, skb, false);
1486 dev_put(sdata->dev); 1513 rcu_read_unlock();
1487} 1514}
1488 1515
1489netdev_tx_t ieee80211_monitor_start_xmit(struct sk_buff *skb, 1516netdev_tx_t ieee80211_monitor_start_xmit(struct sk_buff *skb,
@@ -1547,6 +1574,8 @@ netdev_tx_t ieee80211_monitor_start_xmit(struct sk_buff *skb,
1547 1574
1548 memset(info, 0, sizeof(*info)); 1575 memset(info, 0, sizeof(*info));
1549 1576
1577 info->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
1578
1550 /* pass the radiotap header up to xmit */ 1579 /* pass the radiotap header up to xmit */
1551 ieee80211_xmit(IEEE80211_DEV_TO_SUB_IF(dev), skb); 1580 ieee80211_xmit(IEEE80211_DEV_TO_SUB_IF(dev), skb);
1552 return NETDEV_TX_OK; 1581 return NETDEV_TX_OK;
@@ -1585,7 +1614,7 @@ netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
1585 const u8 *encaps_data; 1614 const u8 *encaps_data;
1586 int encaps_len, skip_header_bytes; 1615 int encaps_len, skip_header_bytes;
1587 int nh_pos, h_pos; 1616 int nh_pos, h_pos;
1588 struct sta_info *sta; 1617 struct sta_info *sta = NULL;
1589 u32 sta_flags = 0; 1618 u32 sta_flags = 0;
1590 1619
1591 if (unlikely(skb->len < ETH_HLEN)) { 1620 if (unlikely(skb->len < ETH_HLEN)) {
@@ -1602,8 +1631,24 @@ netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
1602 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA); 1631 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA);
1603 1632
1604 switch (sdata->vif.type) { 1633 switch (sdata->vif.type) {
1605 case NL80211_IFTYPE_AP:
1606 case NL80211_IFTYPE_AP_VLAN: 1634 case NL80211_IFTYPE_AP_VLAN:
1635 rcu_read_lock();
1636 sta = rcu_dereference(sdata->u.vlan.sta);
1637 if (sta) {
1638 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
1639 /* RA TA DA SA */
1640 memcpy(hdr.addr1, sta->sta.addr, ETH_ALEN);
1641 memcpy(hdr.addr2, dev->dev_addr, ETH_ALEN);
1642 memcpy(hdr.addr3, skb->data, ETH_ALEN);
1643 memcpy(hdr.addr4, skb->data + ETH_ALEN, ETH_ALEN);
1644 hdrlen = 30;
1645 sta_flags = get_sta_flags(sta);
1646 }
1647 rcu_read_unlock();
1648 if (sta)
1649 break;
1650 /* fall through */
1651 case NL80211_IFTYPE_AP:
1607 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS); 1652 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS);
1608 /* DA BSSID SA */ 1653 /* DA BSSID SA */
1609 memcpy(hdr.addr1, skb->data, ETH_ALEN); 1654 memcpy(hdr.addr1, skb->data, ETH_ALEN);
@@ -1639,21 +1684,25 @@ netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
1639 /* packet from other interface */ 1684 /* packet from other interface */
1640 struct mesh_path *mppath; 1685 struct mesh_path *mppath;
1641 int is_mesh_mcast = 1; 1686 int is_mesh_mcast = 1;
1642 char *mesh_da; 1687 const u8 *mesh_da;
1643 1688
1644 rcu_read_lock(); 1689 rcu_read_lock();
1645 if (is_multicast_ether_addr(skb->data)) 1690 if (is_multicast_ether_addr(skb->data))
1646 /* DA TA mSA AE:SA */ 1691 /* DA TA mSA AE:SA */
1647 mesh_da = skb->data; 1692 mesh_da = skb->data;
1648 else { 1693 else {
1694 static const u8 bcast[ETH_ALEN] =
1695 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
1696
1649 mppath = mpp_path_lookup(skb->data, sdata); 1697 mppath = mpp_path_lookup(skb->data, sdata);
1650 if (mppath) { 1698 if (mppath) {
1651 /* RA TA mDA mSA AE:DA SA */ 1699 /* RA TA mDA mSA AE:DA SA */
1652 mesh_da = mppath->mpp; 1700 mesh_da = mppath->mpp;
1653 is_mesh_mcast = 0; 1701 is_mesh_mcast = 0;
1654 } else 1702 } else {
1655 /* DA TA mSA AE:SA */ 1703 /* DA TA mSA AE:SA */
1656 mesh_da = dev->broadcast; 1704 mesh_da = bcast;
1705 }
1657 } 1706 }
1658 hdrlen = ieee80211_fill_mesh_addresses(&hdr, &fc, 1707 hdrlen = ieee80211_fill_mesh_addresses(&hdr, &fc,
1659 mesh_da, dev->dev_addr); 1708 mesh_da, dev->dev_addr);
@@ -1677,12 +1726,21 @@ netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
1677 break; 1726 break;
1678#endif 1727#endif
1679 case NL80211_IFTYPE_STATION: 1728 case NL80211_IFTYPE_STATION:
1680 fc |= cpu_to_le16(IEEE80211_FCTL_TODS);
1681 /* BSSID SA DA */
1682 memcpy(hdr.addr1, sdata->u.mgd.bssid, ETH_ALEN); 1729 memcpy(hdr.addr1, sdata->u.mgd.bssid, ETH_ALEN);
1683 memcpy(hdr.addr2, skb->data + ETH_ALEN, ETH_ALEN); 1730 if (sdata->u.mgd.use_4addr && ethertype != ETH_P_PAE) {
1684 memcpy(hdr.addr3, skb->data, ETH_ALEN); 1731 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
1685 hdrlen = 24; 1732 /* RA TA DA SA */
1733 memcpy(hdr.addr2, dev->dev_addr, ETH_ALEN);
1734 memcpy(hdr.addr3, skb->data, ETH_ALEN);
1735 memcpy(hdr.addr4, skb->data + ETH_ALEN, ETH_ALEN);
1736 hdrlen = 30;
1737 } else {
1738 fc |= cpu_to_le16(IEEE80211_FCTL_TODS);
1739 /* BSSID SA DA */
1740 memcpy(hdr.addr2, skb->data + ETH_ALEN, ETH_ALEN);
1741 memcpy(hdr.addr3, skb->data, ETH_ALEN);
1742 hdrlen = 24;
1743 }
1686 break; 1744 break;
1687 case NL80211_IFTYPE_ADHOC: 1745 case NL80211_IFTYPE_ADHOC:
1688 /* DA SA BSSID */ 1746 /* DA SA BSSID */
@@ -1907,12 +1965,10 @@ void ieee80211_tx_pending(unsigned long data)
1907 } 1965 }
1908 1966
1909 sdata = vif_to_sdata(info->control.vif); 1967 sdata = vif_to_sdata(info->control.vif);
1910 dev_hold(sdata->dev);
1911 spin_unlock_irqrestore(&local->queue_stop_reason_lock, 1968 spin_unlock_irqrestore(&local->queue_stop_reason_lock,
1912 flags); 1969 flags);
1913 1970
1914 txok = ieee80211_tx_pending_skb(local, skb); 1971 txok = ieee80211_tx_pending_skb(local, skb);
1915 dev_put(sdata->dev);
1916 if (!txok) 1972 if (!txok)
1917 __skb_queue_head(&local->pending[i], skb); 1973 __skb_queue_head(&local->pending[i], skb);
1918 spin_lock_irqsave(&local->queue_stop_reason_lock, 1974 spin_lock_irqsave(&local->queue_stop_reason_lock,
@@ -1990,8 +2046,9 @@ static void ieee80211_beacon_add_tim(struct ieee80211_if_ap *bss,
1990 } 2046 }
1991} 2047}
1992 2048
1993struct sk_buff *ieee80211_beacon_get(struct ieee80211_hw *hw, 2049struct sk_buff *ieee80211_beacon_get_tim(struct ieee80211_hw *hw,
1994 struct ieee80211_vif *vif) 2050 struct ieee80211_vif *vif,
2051 u16 *tim_offset, u16 *tim_length)
1995{ 2052{
1996 struct ieee80211_local *local = hw_to_local(hw); 2053 struct ieee80211_local *local = hw_to_local(hw);
1997 struct sk_buff *skb = NULL; 2054 struct sk_buff *skb = NULL;
@@ -2008,6 +2065,11 @@ struct sk_buff *ieee80211_beacon_get(struct ieee80211_hw *hw,
2008 2065
2009 sdata = vif_to_sdata(vif); 2066 sdata = vif_to_sdata(vif);
2010 2067
2068 if (tim_offset)
2069 *tim_offset = 0;
2070 if (tim_length)
2071 *tim_length = 0;
2072
2011 if (sdata->vif.type == NL80211_IFTYPE_AP) { 2073 if (sdata->vif.type == NL80211_IFTYPE_AP) {
2012 ap = &sdata->u.ap; 2074 ap = &sdata->u.ap;
2013 beacon = rcu_dereference(ap->beacon); 2075 beacon = rcu_dereference(ap->beacon);
@@ -2043,6 +2105,11 @@ struct sk_buff *ieee80211_beacon_get(struct ieee80211_hw *hw,
2043 spin_unlock_irqrestore(&local->sta_lock, flags); 2105 spin_unlock_irqrestore(&local->sta_lock, flags);
2044 } 2106 }
2045 2107
2108 if (tim_offset)
2109 *tim_offset = beacon->head_len;
2110 if (tim_length)
2111 *tim_length = skb->len - beacon->head_len;
2112
2046 if (beacon->tail) 2113 if (beacon->tail)
2047 memcpy(skb_put(skb, beacon->tail_len), 2114 memcpy(skb_put(skb, beacon->tail_len),
2048 beacon->tail, beacon->tail_len); 2115 beacon->tail, beacon->tail_len);
@@ -2080,7 +2147,7 @@ struct sk_buff *ieee80211_beacon_get(struct ieee80211_hw *hw,
2080 cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_BEACON); 2147 cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_BEACON);
2081 memset(mgmt->da, 0xff, ETH_ALEN); 2148 memset(mgmt->da, 0xff, ETH_ALEN);
2082 memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN); 2149 memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
2083 /* BSSID is left zeroed, wildcard value */ 2150 memcpy(mgmt->bssid, sdata->dev->dev_addr, ETH_ALEN);
2084 mgmt->u.beacon.beacon_int = 2151 mgmt->u.beacon.beacon_int =
2085 cpu_to_le16(sdata->vif.bss_conf.beacon_int); 2152 cpu_to_le16(sdata->vif.bss_conf.beacon_int);
2086 mgmt->u.beacon.capab_info = 0x0; /* 0x0 for MPs */ 2153 mgmt->u.beacon.capab_info = 0x0; /* 0x0 for MPs */
@@ -2119,7 +2186,7 @@ struct sk_buff *ieee80211_beacon_get(struct ieee80211_hw *hw,
2119 rcu_read_unlock(); 2186 rcu_read_unlock();
2120 return skb; 2187 return skb;
2121} 2188}
2122EXPORT_SYMBOL(ieee80211_beacon_get); 2189EXPORT_SYMBOL(ieee80211_beacon_get_tim);
2123 2190
2124void ieee80211_rts_get(struct ieee80211_hw *hw, struct ieee80211_vif *vif, 2191void ieee80211_rts_get(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
2125 const void *frame, size_t frame_len, 2192 const void *frame, size_t frame_len,
@@ -2214,17 +2281,12 @@ ieee80211_get_buffered_bc(struct ieee80211_hw *hw,
2214} 2281}
2215EXPORT_SYMBOL(ieee80211_get_buffered_bc); 2282EXPORT_SYMBOL(ieee80211_get_buffered_bc);
2216 2283
2217void ieee80211_tx_skb(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb, 2284void ieee80211_tx_skb(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb)
2218 int encrypt)
2219{ 2285{
2220 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
2221 skb_set_mac_header(skb, 0); 2286 skb_set_mac_header(skb, 0);
2222 skb_set_network_header(skb, 0); 2287 skb_set_network_header(skb, 0);
2223 skb_set_transport_header(skb, 0); 2288 skb_set_transport_header(skb, 0);
2224 2289
2225 if (!encrypt)
2226 info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
2227
2228 /* 2290 /*
2229 * The other path calling ieee80211_xmit is from the tasklet, 2291 * The other path calling ieee80211_xmit is from the tasklet,
2230 * and while we can handle concurrent transmissions locking 2292 * and while we can handle concurrent transmissions locking
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index e6c08da8da26..d09f78bb2442 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -666,8 +666,8 @@ u32 ieee802_11_parse_elems_crc(u8 *start, size_t len,
666 elems->mesh_id_len = elen; 666 elems->mesh_id_len = elen;
667 break; 667 break;
668 case WLAN_EID_MESH_CONFIG: 668 case WLAN_EID_MESH_CONFIG:
669 elems->mesh_config = pos; 669 if (elen >= sizeof(struct ieee80211_meshconf_ie))
670 elems->mesh_config_len = elen; 670 elems->mesh_config = (void *)pos;
671 break; 671 break;
672 case WLAN_EID_PEER_LINK: 672 case WLAN_EID_PEER_LINK:
673 elems->peer_link = pos; 673 elems->peer_link = pos;
@@ -685,6 +685,10 @@ u32 ieee802_11_parse_elems_crc(u8 *start, size_t len,
685 elems->perr = pos; 685 elems->perr = pos;
686 elems->perr_len = elen; 686 elems->perr_len = elen;
687 break; 687 break;
688 case WLAN_EID_RANN:
689 if (elen >= sizeof(struct ieee80211_rann_ie))
690 elems->rann = (void *)pos;
691 break;
688 case WLAN_EID_CHANNEL_SWITCH: 692 case WLAN_EID_CHANNEL_SWITCH:
689 elems->ch_switch_elem = pos; 693 elems->ch_switch_elem = pos;
690 elems->ch_switch_elem_len = elen; 694 elems->ch_switch_elem_len = elen;
@@ -868,17 +872,19 @@ void ieee80211_send_auth(struct ieee80211_sub_if_data *sdata,
868 WARN_ON(err); 872 WARN_ON(err);
869 } 873 }
870 874
871 ieee80211_tx_skb(sdata, skb, 0); 875 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
876 ieee80211_tx_skb(sdata, skb);
872} 877}
873 878
874int ieee80211_build_preq_ies(struct ieee80211_local *local, u8 *buffer, 879int ieee80211_build_preq_ies(struct ieee80211_local *local, u8 *buffer,
875 const u8 *ie, size_t ie_len) 880 const u8 *ie, size_t ie_len,
881 enum ieee80211_band band)
876{ 882{
877 struct ieee80211_supported_band *sband; 883 struct ieee80211_supported_band *sband;
878 u8 *pos, *supp_rates_len, *esupp_rates_len = NULL; 884 u8 *pos, *supp_rates_len, *esupp_rates_len = NULL;
879 int i; 885 int i;
880 886
881 sband = local->hw.wiphy->bands[local->hw.conf.channel->band]; 887 sband = local->hw.wiphy->bands[band];
882 888
883 pos = buffer; 889 pos = buffer;
884 890
@@ -966,9 +972,11 @@ void ieee80211_send_probe_req(struct ieee80211_sub_if_data *sdata, u8 *dst,
966 memcpy(pos, ssid, ssid_len); 972 memcpy(pos, ssid, ssid_len);
967 pos += ssid_len; 973 pos += ssid_len;
968 974
969 skb_put(skb, ieee80211_build_preq_ies(local, pos, ie, ie_len)); 975 skb_put(skb, ieee80211_build_preq_ies(local, pos, ie, ie_len,
976 local->hw.conf.channel->band));
970 977
971 ieee80211_tx_skb(sdata, skb, 0); 978 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
979 ieee80211_tx_skb(sdata, skb);
972} 980}
973 981
974u32 ieee80211_sta_get_rates(struct ieee80211_local *local, 982u32 ieee80211_sta_get_rates(struct ieee80211_local *local,
diff --git a/net/mac80211/wep.c b/net/mac80211/wep.c
index 8a980f136941..247123fe1a7a 100644
--- a/net/mac80211/wep.c
+++ b/net/mac80211/wep.c
@@ -281,16 +281,18 @@ bool ieee80211_wep_is_weak_iv(struct sk_buff *skb, struct ieee80211_key *key)
281ieee80211_rx_result 281ieee80211_rx_result
282ieee80211_crypto_wep_decrypt(struct ieee80211_rx_data *rx) 282ieee80211_crypto_wep_decrypt(struct ieee80211_rx_data *rx)
283{ 283{
284 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; 284 struct sk_buff *skb = rx->skb;
285 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
286 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
285 287
286 if (!ieee80211_is_data(hdr->frame_control) && 288 if (!ieee80211_is_data(hdr->frame_control) &&
287 !ieee80211_is_auth(hdr->frame_control)) 289 !ieee80211_is_auth(hdr->frame_control))
288 return RX_CONTINUE; 290 return RX_CONTINUE;
289 291
290 if (!(rx->status->flag & RX_FLAG_DECRYPTED)) { 292 if (!(status->flag & RX_FLAG_DECRYPTED)) {
291 if (ieee80211_wep_decrypt(rx->local, rx->skb, rx->key)) 293 if (ieee80211_wep_decrypt(rx->local, rx->skb, rx->key))
292 return RX_DROP_UNUSABLE; 294 return RX_DROP_UNUSABLE;
293 } else if (!(rx->status->flag & RX_FLAG_IV_STRIPPED)) { 295 } else if (!(status->flag & RX_FLAG_IV_STRIPPED)) {
294 ieee80211_wep_remove_iv(rx->local, rx->skb, rx->key); 296 ieee80211_wep_remove_iv(rx->local, rx->skb, rx->key);
295 /* remove ICV */ 297 /* remove ICV */
296 skb_trim(rx->skb, rx->skb->len - WEP_ICV_LEN); 298 skb_trim(rx->skb, rx->skb->len - WEP_ICV_LEN);
diff --git a/net/mac80211/wpa.c b/net/mac80211/wpa.c
index 70778694877b..5332014cb229 100644
--- a/net/mac80211/wpa.c
+++ b/net/mac80211/wpa.c
@@ -85,16 +85,16 @@ ieee80211_rx_h_michael_mic_verify(struct ieee80211_rx_data *rx)
85 u8 *data, *key = NULL, key_offset; 85 u8 *data, *key = NULL, key_offset;
86 size_t data_len; 86 size_t data_len;
87 unsigned int hdrlen; 87 unsigned int hdrlen;
88 struct ieee80211_hdr *hdr;
89 u8 mic[MICHAEL_MIC_LEN]; 88 u8 mic[MICHAEL_MIC_LEN];
90 struct sk_buff *skb = rx->skb; 89 struct sk_buff *skb = rx->skb;
90 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
91 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
91 int authenticator = 1, wpa_test = 0; 92 int authenticator = 1, wpa_test = 0;
92 93
93 /* No way to verify the MIC if the hardware stripped it */ 94 /* No way to verify the MIC if the hardware stripped it */
94 if (rx->status->flag & RX_FLAG_MMIC_STRIPPED) 95 if (status->flag & RX_FLAG_MMIC_STRIPPED)
95 return RX_CONTINUE; 96 return RX_CONTINUE;
96 97
97 hdr = (struct ieee80211_hdr *)skb->data;
98 if (!rx->key || rx->key->conf.alg != ALG_TKIP || 98 if (!rx->key || rx->key->conf.alg != ALG_TKIP ||
99 !ieee80211_has_protected(hdr->frame_control) || 99 !ieee80211_has_protected(hdr->frame_control) ||
100 !ieee80211_is_data_present(hdr->frame_control)) 100 !ieee80211_is_data_present(hdr->frame_control))
@@ -216,6 +216,7 @@ ieee80211_crypto_tkip_decrypt(struct ieee80211_rx_data *rx)
216 int hdrlen, res, hwaccel = 0, wpa_test = 0; 216 int hdrlen, res, hwaccel = 0, wpa_test = 0;
217 struct ieee80211_key *key = rx->key; 217 struct ieee80211_key *key = rx->key;
218 struct sk_buff *skb = rx->skb; 218 struct sk_buff *skb = rx->skb;
219 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
219 220
220 hdrlen = ieee80211_hdrlen(hdr->frame_control); 221 hdrlen = ieee80211_hdrlen(hdr->frame_control);
221 222
@@ -225,8 +226,8 @@ ieee80211_crypto_tkip_decrypt(struct ieee80211_rx_data *rx)
225 if (!rx->sta || skb->len - hdrlen < 12) 226 if (!rx->sta || skb->len - hdrlen < 12)
226 return RX_DROP_UNUSABLE; 227 return RX_DROP_UNUSABLE;
227 228
228 if (rx->status->flag & RX_FLAG_DECRYPTED) { 229 if (status->flag & RX_FLAG_DECRYPTED) {
229 if (rx->status->flag & RX_FLAG_IV_STRIPPED) { 230 if (status->flag & RX_FLAG_IV_STRIPPED) {
230 /* 231 /*
231 * Hardware took care of all processing, including 232 * Hardware took care of all processing, including
232 * replay protection, and stripped the ICV/IV so 233 * replay protection, and stripped the ICV/IV so
@@ -442,6 +443,7 @@ ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx)
442 int hdrlen; 443 int hdrlen;
443 struct ieee80211_key *key = rx->key; 444 struct ieee80211_key *key = rx->key;
444 struct sk_buff *skb = rx->skb; 445 struct sk_buff *skb = rx->skb;
446 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
445 u8 pn[CCMP_PN_LEN]; 447 u8 pn[CCMP_PN_LEN];
446 int data_len; 448 int data_len;
447 449
@@ -455,8 +457,8 @@ ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx)
455 if (!rx->sta || data_len < 0) 457 if (!rx->sta || data_len < 0)
456 return RX_DROP_UNUSABLE; 458 return RX_DROP_UNUSABLE;
457 459
458 if ((rx->status->flag & RX_FLAG_DECRYPTED) && 460 if ((status->flag & RX_FLAG_DECRYPTED) &&
459 (rx->status->flag & RX_FLAG_IV_STRIPPED)) 461 (status->flag & RX_FLAG_IV_STRIPPED))
460 return RX_CONTINUE; 462 return RX_CONTINUE;
461 463
462 ccmp_hdr2pn(pn, skb->data + hdrlen); 464 ccmp_hdr2pn(pn, skb->data + hdrlen);
@@ -466,7 +468,7 @@ ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx)
466 return RX_DROP_UNUSABLE; 468 return RX_DROP_UNUSABLE;
467 } 469 }
468 470
469 if (!(rx->status->flag & RX_FLAG_DECRYPTED)) { 471 if (!(status->flag & RX_FLAG_DECRYPTED)) {
470 /* hardware didn't decrypt/verify MIC */ 472 /* hardware didn't decrypt/verify MIC */
471 ccmp_special_blocks(skb, pn, key->u.ccmp.rx_crypto_buf, 1); 473 ccmp_special_blocks(skb, pn, key->u.ccmp.rx_crypto_buf, 1);
472 474
@@ -563,6 +565,7 @@ ieee80211_rx_result
563ieee80211_crypto_aes_cmac_decrypt(struct ieee80211_rx_data *rx) 565ieee80211_crypto_aes_cmac_decrypt(struct ieee80211_rx_data *rx)
564{ 566{
565 struct sk_buff *skb = rx->skb; 567 struct sk_buff *skb = rx->skb;
568 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
566 struct ieee80211_key *key = rx->key; 569 struct ieee80211_key *key = rx->key;
567 struct ieee80211_mmie *mmie; 570 struct ieee80211_mmie *mmie;
568 u8 aad[20], mic[8], ipn[6]; 571 u8 aad[20], mic[8], ipn[6];
@@ -571,8 +574,8 @@ ieee80211_crypto_aes_cmac_decrypt(struct ieee80211_rx_data *rx)
571 if (!ieee80211_is_mgmt(hdr->frame_control)) 574 if (!ieee80211_is_mgmt(hdr->frame_control))
572 return RX_CONTINUE; 575 return RX_CONTINUE;
573 576
574 if ((rx->status->flag & RX_FLAG_DECRYPTED) && 577 if ((status->flag & RX_FLAG_DECRYPTED) &&
575 (rx->status->flag & RX_FLAG_IV_STRIPPED)) 578 (status->flag & RX_FLAG_IV_STRIPPED))
576 return RX_CONTINUE; 579 return RX_CONTINUE;
577 580
578 if (skb->len < 24 + sizeof(*mmie)) 581 if (skb->len < 24 + sizeof(*mmie))
@@ -591,7 +594,7 @@ ieee80211_crypto_aes_cmac_decrypt(struct ieee80211_rx_data *rx)
591 return RX_DROP_UNUSABLE; 594 return RX_DROP_UNUSABLE;
592 } 595 }
593 596
594 if (!(rx->status->flag & RX_FLAG_DECRYPTED)) { 597 if (!(status->flag & RX_FLAG_DECRYPTED)) {
595 /* hardware didn't decrypt/verify MIC */ 598 /* hardware didn't decrypt/verify MIC */
596 bip_aad(skb, aad); 599 bip_aad(skb, aad);
597 ieee80211_aes_cmac(key->u.aes_cmac.tfm, 600 ieee80211_aes_cmac(key->u.aes_cmac.tfm,
generated by cgit v1.2.2 (git 2.25.0) at 2024-10-26 07:42:03 -0400