2 * BSS client mode implementation
3 * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi>
4 * Copyright 2004, Instant802 Networks, Inc.
5 * Copyright 2005, Devicescape Software, Inc.
6 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
7 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License version 2 as
11 * published by the Free Software Foundation.
15 * BSS table: use <BSSID,SSID> as the key to support multi-SSID APs
16 * order BSS list by RSSI(?) ("quality of AP")
17 * scan result table filtering (by capability (privacy, IBSS/BSS, WPA/RSN IE,
20 #include <linux/delay.h>
21 #include <linux/if_ether.h>
22 #include <linux/skbuff.h>
23 #include <linux/netdevice.h>
24 #include <linux/if_arp.h>
25 #include <linux/wireless.h>
26 #include <linux/random.h>
27 #include <linux/etherdevice.h>
28 #include <net/iw_handler.h>
29 #include <asm/types.h>
31 #include <net/mac80211.h>
32 #include "ieee80211_i.h"
33 #include "ieee80211_rate.h"
34 #include "ieee80211_led.h"
36 #define IEEE80211_AUTH_TIMEOUT (HZ / 5)
37 #define IEEE80211_AUTH_MAX_TRIES 3
38 #define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
39 #define IEEE80211_ASSOC_MAX_TRIES 3
40 #define IEEE80211_MONITORING_INTERVAL (2 * HZ)
41 #define IEEE80211_PROBE_INTERVAL (60 * HZ)
42 #define IEEE80211_RETRY_AUTH_INTERVAL (1 * HZ)
43 #define IEEE80211_SCAN_INTERVAL (2 * HZ)
44 #define IEEE80211_SCAN_INTERVAL_SLOW (15 * HZ)
45 #define IEEE80211_IBSS_JOIN_TIMEOUT (20 * HZ)
47 #define IEEE80211_PROBE_DELAY (HZ / 33)
48 #define IEEE80211_CHANNEL_TIME (HZ / 33)
49 #define IEEE80211_PASSIVE_CHANNEL_TIME (HZ / 5)
50 #define IEEE80211_SCAN_RESULT_EXPIRE (10 * HZ)
51 #define IEEE80211_IBSS_MERGE_INTERVAL (30 * HZ)
52 #define IEEE80211_IBSS_INACTIVITY_LIMIT (60 * HZ)
54 #define IEEE80211_IBSS_MAX_STA_ENTRIES 128
57 #define IEEE80211_FC(type, stype) cpu_to_le16(type | stype)
59 #define ERP_INFO_USE_PROTECTION BIT(1)
61 static void ieee80211_send_probe_req(struct net_device *dev, u8 *dst,
62 u8 *ssid, size_t ssid_len);
63 static struct ieee80211_sta_bss *
64 ieee80211_rx_bss_get(struct net_device *dev, u8 *bssid, int channel);
65 static void ieee80211_rx_bss_put(struct net_device *dev,
66 struct ieee80211_sta_bss *bss);
67 static int ieee80211_sta_find_ibss(struct net_device *dev,
68 struct ieee80211_if_sta *ifsta);
69 static int ieee80211_sta_wep_configured(struct net_device *dev);
70 static int ieee80211_sta_start_scan(struct net_device *dev,
71 u8 *ssid, size_t ssid_len);
72 static int ieee80211_sta_config_auth(struct net_device *dev,
73 struct ieee80211_if_sta *ifsta);
76 /* Parsed Information Elements */
77 struct ieee802_11_elems {
94 /* length of them, respectively */
106 u8 ext_supp_rates_len;
111 enum ParseRes { ParseOK = 0, ParseUnknown = 1, ParseFailed = -1 };
113 static enum ParseRes ieee802_11_parse_elems(u8 *start, size_t len,
114 struct ieee802_11_elems *elems)
120 memset(elems, 0, sizeof(*elems));
132 printk(KERN_DEBUG "IEEE 802.11 element parse "
133 "failed (id=%d elen=%d left=%d)\n",
142 elems->ssid_len = elen;
144 case WLAN_EID_SUPP_RATES:
145 elems->supp_rates = pos;
146 elems->supp_rates_len = elen;
148 case WLAN_EID_FH_PARAMS:
149 elems->fh_params = pos;
150 elems->fh_params_len = elen;
152 case WLAN_EID_DS_PARAMS:
153 elems->ds_params = pos;
154 elems->ds_params_len = elen;
156 case WLAN_EID_CF_PARAMS:
157 elems->cf_params = pos;
158 elems->cf_params_len = elen;
162 elems->tim_len = elen;
164 case WLAN_EID_IBSS_PARAMS:
165 elems->ibss_params = pos;
166 elems->ibss_params_len = elen;
168 case WLAN_EID_CHALLENGE:
169 elems->challenge = pos;
170 elems->challenge_len = elen;
173 if (elen >= 4 && pos[0] == 0x00 && pos[1] == 0x50 &&
175 /* Microsoft OUI (00:50:F2) */
177 /* OUI Type 1 - WPA IE */
179 elems->wpa_len = elen;
180 } else if (elen >= 5 && pos[3] == 2) {
182 elems->wmm_info = pos;
183 elems->wmm_info_len = elen;
184 } else if (pos[4] == 1) {
185 elems->wmm_param = pos;
186 elems->wmm_param_len = elen;
193 elems->rsn_len = elen;
195 case WLAN_EID_ERP_INFO:
196 elems->erp_info = pos;
197 elems->erp_info_len = elen;
199 case WLAN_EID_EXT_SUPP_RATES:
200 elems->ext_supp_rates = pos;
201 elems->ext_supp_rates_len = elen;
205 printk(KERN_DEBUG "IEEE 802.11 element parse ignored "
206 "unknown element (id=%d elen=%d)\n",
217 /* Do not trigger error if left == 1 as Apple Airport base stations
218 * send AssocResps that are one spurious byte too long. */
220 return unknown ? ParseUnknown : ParseOK;
226 static int ecw2cw(int ecw)
236 static void ieee80211_sta_wmm_params(struct net_device *dev,
237 struct ieee80211_if_sta *ifsta,
238 u8 *wmm_param, size_t wmm_param_len)
240 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
241 struct ieee80211_tx_queue_params params;
246 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1)
248 count = wmm_param[6] & 0x0f;
249 if (count == ifsta->wmm_last_param_set)
251 ifsta->wmm_last_param_set = count;
254 left = wmm_param_len - 8;
256 memset(¶ms, 0, sizeof(params));
258 if (!local->ops->conf_tx)
262 for (; left >= 4; left -= 4, pos += 4) {
263 int aci = (pos[0] >> 5) & 0x03;
264 int acm = (pos[0] >> 4) & 0x01;
269 queue = IEEE80211_TX_QUEUE_DATA3;
271 local->wmm_acm |= BIT(0) | BIT(3);
275 queue = IEEE80211_TX_QUEUE_DATA1;
277 local->wmm_acm |= BIT(4) | BIT(5);
281 queue = IEEE80211_TX_QUEUE_DATA0;
283 local->wmm_acm |= BIT(6) | BIT(7);
288 queue = IEEE80211_TX_QUEUE_DATA2;
290 local->wmm_acm |= BIT(1) | BIT(2);
295 params.aifs = pos[0] & 0x0f;
296 params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4);
297 params.cw_min = ecw2cw(pos[1] & 0x0f);
298 /* TXOP is in units of 32 usec; burst_time in 0.1 ms */
299 params.burst_time = (pos[2] | (pos[3] << 8)) * 32 / 100;
300 printk(KERN_DEBUG "%s: WMM queue=%d aci=%d acm=%d aifs=%d "
301 "cWmin=%d cWmax=%d burst=%d\n",
302 dev->name, queue, aci, acm, params.aifs, params.cw_min,
303 params.cw_max, params.burst_time);
304 /* TODO: handle ACM (block TX, fallback to next lowest allowed
306 if (local->ops->conf_tx(local_to_hw(local), queue, ¶ms)) {
307 printk(KERN_DEBUG "%s: failed to set TX queue "
308 "parameters for queue %d\n", dev->name, queue);
314 static void ieee80211_handle_erp_ie(struct net_device *dev, u8 erp_value)
316 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
317 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
318 int use_protection = (erp_value & WLAN_ERP_USE_PROTECTION) != 0;
319 int preamble_mode = (erp_value & WLAN_ERP_BARKER_PREAMBLE) != 0;
321 DECLARE_MAC_BUF(mac);
323 if (use_protection != !!(sdata->flags & IEEE80211_SDATA_USE_PROTECTION)) {
324 if (net_ratelimit()) {
325 printk(KERN_DEBUG "%s: CTS protection %s (BSSID="
328 use_protection ? "enabled" : "disabled",
329 print_mac(mac, ifsta->bssid));
332 sdata->flags |= IEEE80211_SDATA_USE_PROTECTION;
334 sdata->flags &= ~IEEE80211_SDATA_USE_PROTECTION;
335 changes |= IEEE80211_ERP_CHANGE_PROTECTION;
338 if (preamble_mode != !(sdata->flags & IEEE80211_SDATA_SHORT_PREAMBLE)) {
339 if (net_ratelimit()) {
340 printk(KERN_DEBUG "%s: switched to %s barker preamble"
343 (preamble_mode == WLAN_ERP_PREAMBLE_SHORT) ?
345 print_mac(mac, ifsta->bssid));
348 sdata->flags &= ~IEEE80211_SDATA_SHORT_PREAMBLE;
350 sdata->flags |= IEEE80211_SDATA_SHORT_PREAMBLE;
351 changes |= IEEE80211_ERP_CHANGE_PREAMBLE;
355 ieee80211_erp_info_change_notify(dev, changes);
359 static void ieee80211_sta_send_associnfo(struct net_device *dev,
360 struct ieee80211_if_sta *ifsta)
365 union iwreq_data wrqu;
367 if (!ifsta->assocreq_ies && !ifsta->assocresp_ies)
370 buf = kmalloc(50 + 2 * (ifsta->assocreq_ies_len +
371 ifsta->assocresp_ies_len), GFP_KERNEL);
375 len = sprintf(buf, "ASSOCINFO(");
376 if (ifsta->assocreq_ies) {
377 len += sprintf(buf + len, "ReqIEs=");
378 for (i = 0; i < ifsta->assocreq_ies_len; i++) {
379 len += sprintf(buf + len, "%02x",
380 ifsta->assocreq_ies[i]);
383 if (ifsta->assocresp_ies) {
384 if (ifsta->assocreq_ies)
385 len += sprintf(buf + len, " ");
386 len += sprintf(buf + len, "RespIEs=");
387 for (i = 0; i < ifsta->assocresp_ies_len; i++) {
388 len += sprintf(buf + len, "%02x",
389 ifsta->assocresp_ies[i]);
392 len += sprintf(buf + len, ")");
394 if (len > IW_CUSTOM_MAX) {
395 len = sprintf(buf, "ASSOCRESPIE=");
396 for (i = 0; i < ifsta->assocresp_ies_len; i++) {
397 len += sprintf(buf + len, "%02x",
398 ifsta->assocresp_ies[i]);
402 memset(&wrqu, 0, sizeof(wrqu));
403 wrqu.data.length = len;
404 wireless_send_event(dev, IWEVCUSTOM, &wrqu, buf);
410 static void ieee80211_set_associated(struct net_device *dev,
411 struct ieee80211_if_sta *ifsta,
414 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
415 union iwreq_data wrqu;
417 if (!!(ifsta->flags & IEEE80211_STA_ASSOCIATED) == assoc)
421 struct ieee80211_sub_if_data *sdata;
422 struct ieee80211_sta_bss *bss;
424 ifsta->flags |= IEEE80211_STA_ASSOCIATED;
426 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
427 if (sdata->type != IEEE80211_IF_TYPE_STA)
430 bss = ieee80211_rx_bss_get(dev, ifsta->bssid,
431 local->hw.conf.channel);
433 if (bss->has_erp_value)
434 ieee80211_handle_erp_ie(dev, bss->erp_value);
435 ieee80211_rx_bss_put(dev, bss);
438 netif_carrier_on(dev);
439 ifsta->flags |= IEEE80211_STA_PREV_BSSID_SET;
440 memcpy(ifsta->prev_bssid, sdata->u.sta.bssid, ETH_ALEN);
441 memcpy(wrqu.ap_addr.sa_data, sdata->u.sta.bssid, ETH_ALEN);
442 ieee80211_sta_send_associnfo(dev, ifsta);
444 ifsta->flags &= ~IEEE80211_STA_ASSOCIATED;
446 netif_carrier_off(dev);
447 ieee80211_reset_erp_info(dev);
448 memset(wrqu.ap_addr.sa_data, 0, ETH_ALEN);
450 wrqu.ap_addr.sa_family = ARPHRD_ETHER;
451 wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL);
452 ifsta->last_probe = jiffies;
453 ieee80211_led_assoc(local, assoc);
456 static void ieee80211_set_disassoc(struct net_device *dev,
457 struct ieee80211_if_sta *ifsta, int deauth)
460 ifsta->auth_tries = 0;
461 ifsta->assoc_tries = 0;
462 ieee80211_set_associated(dev, ifsta, 0);
465 static void ieee80211_sta_tx(struct net_device *dev, struct sk_buff *skb,
468 struct ieee80211_sub_if_data *sdata;
469 struct ieee80211_tx_packet_data *pkt_data;
471 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
472 skb->dev = sdata->local->mdev;
473 skb_set_mac_header(skb, 0);
474 skb_set_network_header(skb, 0);
475 skb_set_transport_header(skb, 0);
477 pkt_data = (struct ieee80211_tx_packet_data *) skb->cb;
478 memset(pkt_data, 0, sizeof(struct ieee80211_tx_packet_data));
479 pkt_data->ifindex = sdata->dev->ifindex;
481 pkt_data->flags |= IEEE80211_TXPD_DO_NOT_ENCRYPT;
487 static void ieee80211_send_auth(struct net_device *dev,
488 struct ieee80211_if_sta *ifsta,
489 int transaction, u8 *extra, size_t extra_len,
492 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
494 struct ieee80211_mgmt *mgmt;
496 skb = dev_alloc_skb(local->hw.extra_tx_headroom +
497 sizeof(*mgmt) + 6 + extra_len);
499 printk(KERN_DEBUG "%s: failed to allocate buffer for auth "
500 "frame\n", dev->name);
503 skb_reserve(skb, local->hw.extra_tx_headroom);
505 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24 + 6);
506 memset(mgmt, 0, 24 + 6);
507 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
508 IEEE80211_STYPE_AUTH);
510 mgmt->frame_control |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
511 memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
512 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
513 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
514 mgmt->u.auth.auth_alg = cpu_to_le16(ifsta->auth_alg);
515 mgmt->u.auth.auth_transaction = cpu_to_le16(transaction);
516 ifsta->auth_transaction = transaction + 1;
517 mgmt->u.auth.status_code = cpu_to_le16(0);
519 memcpy(skb_put(skb, extra_len), extra, extra_len);
521 ieee80211_sta_tx(dev, skb, encrypt);
525 static void ieee80211_authenticate(struct net_device *dev,
526 struct ieee80211_if_sta *ifsta)
528 DECLARE_MAC_BUF(mac);
531 if (ifsta->auth_tries > IEEE80211_AUTH_MAX_TRIES) {
532 printk(KERN_DEBUG "%s: authentication with AP %s"
534 dev->name, print_mac(mac, ifsta->bssid));
535 ifsta->state = IEEE80211_DISABLED;
539 ifsta->state = IEEE80211_AUTHENTICATE;
540 printk(KERN_DEBUG "%s: authenticate with AP %s\n",
541 dev->name, print_mac(mac, ifsta->bssid));
543 ieee80211_send_auth(dev, ifsta, 1, NULL, 0, 0);
545 mod_timer(&ifsta->timer, jiffies + IEEE80211_AUTH_TIMEOUT);
549 static void ieee80211_send_assoc(struct net_device *dev,
550 struct ieee80211_if_sta *ifsta)
552 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
553 struct ieee80211_hw_mode *mode;
555 struct ieee80211_mgmt *mgmt;
559 struct ieee80211_sta_bss *bss;
562 skb = dev_alloc_skb(local->hw.extra_tx_headroom +
563 sizeof(*mgmt) + 200 + ifsta->extra_ie_len +
566 printk(KERN_DEBUG "%s: failed to allocate buffer for assoc "
567 "frame\n", dev->name);
570 skb_reserve(skb, local->hw.extra_tx_headroom);
572 mode = local->oper_hw_mode;
573 capab = ifsta->capab;
574 if (mode->mode == MODE_IEEE80211G) {
575 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME |
576 WLAN_CAPABILITY_SHORT_PREAMBLE;
578 bss = ieee80211_rx_bss_get(dev, ifsta->bssid, local->hw.conf.channel);
580 if (bss->capability & WLAN_CAPABILITY_PRIVACY)
581 capab |= WLAN_CAPABILITY_PRIVACY;
585 ieee80211_rx_bss_put(dev, bss);
588 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
590 memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
591 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
592 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
594 if (ifsta->flags & IEEE80211_STA_PREV_BSSID_SET) {
596 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
597 IEEE80211_STYPE_REASSOC_REQ);
598 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab);
599 mgmt->u.reassoc_req.listen_interval = cpu_to_le16(1);
600 memcpy(mgmt->u.reassoc_req.current_ap, ifsta->prev_bssid,
604 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
605 IEEE80211_STYPE_ASSOC_REQ);
606 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab);
607 mgmt->u.assoc_req.listen_interval = cpu_to_le16(1);
611 ies = pos = skb_put(skb, 2 + ifsta->ssid_len);
612 *pos++ = WLAN_EID_SSID;
613 *pos++ = ifsta->ssid_len;
614 memcpy(pos, ifsta->ssid, ifsta->ssid_len);
616 len = mode->num_rates;
619 pos = skb_put(skb, len + 2);
620 *pos++ = WLAN_EID_SUPP_RATES;
622 for (i = 0; i < len; i++) {
623 int rate = mode->rates[i].rate;
624 *pos++ = (u8) (rate / 5);
627 if (mode->num_rates > len) {
628 pos = skb_put(skb, mode->num_rates - len + 2);
629 *pos++ = WLAN_EID_EXT_SUPP_RATES;
630 *pos++ = mode->num_rates - len;
631 for (i = len; i < mode->num_rates; i++) {
632 int rate = mode->rates[i].rate;
633 *pos++ = (u8) (rate / 5);
637 if (ifsta->extra_ie) {
638 pos = skb_put(skb, ifsta->extra_ie_len);
639 memcpy(pos, ifsta->extra_ie, ifsta->extra_ie_len);
642 if (wmm && (ifsta->flags & IEEE80211_STA_WMM_ENABLED)) {
643 pos = skb_put(skb, 9);
644 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
645 *pos++ = 7; /* len */
646 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */
649 *pos++ = 2; /* WME */
650 *pos++ = 0; /* WME info */
651 *pos++ = 1; /* WME ver */
655 kfree(ifsta->assocreq_ies);
656 ifsta->assocreq_ies_len = (skb->data + skb->len) - ies;
657 ifsta->assocreq_ies = kmalloc(ifsta->assocreq_ies_len, GFP_KERNEL);
658 if (ifsta->assocreq_ies)
659 memcpy(ifsta->assocreq_ies, ies, ifsta->assocreq_ies_len);
661 ieee80211_sta_tx(dev, skb, 0);
665 static void ieee80211_send_deauth(struct net_device *dev,
666 struct ieee80211_if_sta *ifsta, u16 reason)
668 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
670 struct ieee80211_mgmt *mgmt;
672 skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt));
674 printk(KERN_DEBUG "%s: failed to allocate buffer for deauth "
675 "frame\n", dev->name);
678 skb_reserve(skb, local->hw.extra_tx_headroom);
680 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
682 memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
683 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
684 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
685 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
686 IEEE80211_STYPE_DEAUTH);
688 mgmt->u.deauth.reason_code = cpu_to_le16(reason);
690 ieee80211_sta_tx(dev, skb, 0);
694 static void ieee80211_send_disassoc(struct net_device *dev,
695 struct ieee80211_if_sta *ifsta, u16 reason)
697 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
699 struct ieee80211_mgmt *mgmt;
701 skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt));
703 printk(KERN_DEBUG "%s: failed to allocate buffer for disassoc "
704 "frame\n", dev->name);
707 skb_reserve(skb, local->hw.extra_tx_headroom);
709 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
711 memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
712 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
713 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
714 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
715 IEEE80211_STYPE_DISASSOC);
717 mgmt->u.disassoc.reason_code = cpu_to_le16(reason);
719 ieee80211_sta_tx(dev, skb, 0);
723 static int ieee80211_privacy_mismatch(struct net_device *dev,
724 struct ieee80211_if_sta *ifsta)
726 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
727 struct ieee80211_sta_bss *bss;
730 if (!ifsta || (ifsta->flags & IEEE80211_STA_MIXED_CELL) ||
731 ifsta->key_management_enabled)
734 bss = ieee80211_rx_bss_get(dev, ifsta->bssid, local->hw.conf.channel);
738 if (ieee80211_sta_wep_configured(dev) !=
739 !!(bss->capability & WLAN_CAPABILITY_PRIVACY))
742 ieee80211_rx_bss_put(dev, bss);
748 static void ieee80211_associate(struct net_device *dev,
749 struct ieee80211_if_sta *ifsta)
751 DECLARE_MAC_BUF(mac);
753 ifsta->assoc_tries++;
754 if (ifsta->assoc_tries > IEEE80211_ASSOC_MAX_TRIES) {
755 printk(KERN_DEBUG "%s: association with AP %s"
757 dev->name, print_mac(mac, ifsta->bssid));
758 ifsta->state = IEEE80211_DISABLED;
762 ifsta->state = IEEE80211_ASSOCIATE;
763 printk(KERN_DEBUG "%s: associate with AP %s\n",
764 dev->name, print_mac(mac, ifsta->bssid));
765 if (ieee80211_privacy_mismatch(dev, ifsta)) {
766 printk(KERN_DEBUG "%s: mismatch in privacy configuration and "
767 "mixed-cell disabled - abort association\n", dev->name);
768 ifsta->state = IEEE80211_DISABLED;
772 ieee80211_send_assoc(dev, ifsta);
774 mod_timer(&ifsta->timer, jiffies + IEEE80211_ASSOC_TIMEOUT);
778 static void ieee80211_associated(struct net_device *dev,
779 struct ieee80211_if_sta *ifsta)
781 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
782 struct sta_info *sta;
784 DECLARE_MAC_BUF(mac);
786 /* TODO: start monitoring current AP signal quality and number of
787 * missed beacons. Scan other channels every now and then and search
789 /* TODO: remove expired BSSes */
791 ifsta->state = IEEE80211_ASSOCIATED;
793 sta = sta_info_get(local, ifsta->bssid);
795 printk(KERN_DEBUG "%s: No STA entry for own AP %s\n",
796 dev->name, print_mac(mac, ifsta->bssid));
800 if (time_after(jiffies,
801 sta->last_rx + IEEE80211_MONITORING_INTERVAL)) {
802 if (ifsta->flags & IEEE80211_STA_PROBEREQ_POLL) {
803 printk(KERN_DEBUG "%s: No ProbeResp from "
804 "current AP %s - assume out of "
806 dev->name, print_mac(mac, ifsta->bssid));
810 ieee80211_send_probe_req(dev, ifsta->bssid,
812 local->scan_ssid_len);
813 ifsta->flags ^= IEEE80211_STA_PROBEREQ_POLL;
815 ifsta->flags &= ~IEEE80211_STA_PROBEREQ_POLL;
816 if (time_after(jiffies, ifsta->last_probe +
817 IEEE80211_PROBE_INTERVAL)) {
818 ifsta->last_probe = jiffies;
819 ieee80211_send_probe_req(dev, ifsta->bssid,
827 union iwreq_data wrqu;
828 memset(wrqu.ap_addr.sa_data, 0, ETH_ALEN);
829 wrqu.ap_addr.sa_family = ARPHRD_ETHER;
830 wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL);
831 mod_timer(&ifsta->timer, jiffies +
832 IEEE80211_MONITORING_INTERVAL + 30 * HZ);
834 mod_timer(&ifsta->timer, jiffies +
835 IEEE80211_MONITORING_INTERVAL);
840 static void ieee80211_send_probe_req(struct net_device *dev, u8 *dst,
841 u8 *ssid, size_t ssid_len)
843 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
844 struct ieee80211_hw_mode *mode;
846 struct ieee80211_mgmt *mgmt;
847 u8 *pos, *supp_rates, *esupp_rates = NULL;
850 skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt) + 200);
852 printk(KERN_DEBUG "%s: failed to allocate buffer for probe "
853 "request\n", dev->name);
856 skb_reserve(skb, local->hw.extra_tx_headroom);
858 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
860 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
861 IEEE80211_STYPE_PROBE_REQ);
862 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
864 memcpy(mgmt->da, dst, ETH_ALEN);
865 memcpy(mgmt->bssid, dst, ETH_ALEN);
867 memset(mgmt->da, 0xff, ETH_ALEN);
868 memset(mgmt->bssid, 0xff, ETH_ALEN);
870 pos = skb_put(skb, 2 + ssid_len);
871 *pos++ = WLAN_EID_SSID;
873 memcpy(pos, ssid, ssid_len);
875 supp_rates = skb_put(skb, 2);
876 supp_rates[0] = WLAN_EID_SUPP_RATES;
878 mode = local->oper_hw_mode;
879 for (i = 0; i < mode->num_rates; i++) {
880 struct ieee80211_rate *rate = &mode->rates[i];
881 if (!(rate->flags & IEEE80211_RATE_SUPPORTED))
884 pos = skb_put(skb, 1);
886 } else if (supp_rates[1] == 8) {
887 esupp_rates = skb_put(skb, 3);
888 esupp_rates[0] = WLAN_EID_EXT_SUPP_RATES;
890 pos = &esupp_rates[2];
892 pos = skb_put(skb, 1);
895 *pos = rate->rate / 5;
898 ieee80211_sta_tx(dev, skb, 0);
902 static int ieee80211_sta_wep_configured(struct net_device *dev)
904 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
905 if (!sdata || !sdata->default_key ||
906 sdata->default_key->conf.alg != ALG_WEP)
912 static void ieee80211_auth_completed(struct net_device *dev,
913 struct ieee80211_if_sta *ifsta)
915 printk(KERN_DEBUG "%s: authenticated\n", dev->name);
916 ifsta->flags |= IEEE80211_STA_AUTHENTICATED;
917 ieee80211_associate(dev, ifsta);
921 static void ieee80211_auth_challenge(struct net_device *dev,
922 struct ieee80211_if_sta *ifsta,
923 struct ieee80211_mgmt *mgmt,
927 struct ieee802_11_elems elems;
929 printk(KERN_DEBUG "%s: replying to auth challenge\n", dev->name);
930 pos = mgmt->u.auth.variable;
931 if (ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems)
933 printk(KERN_DEBUG "%s: failed to parse Auth(challenge)\n",
937 if (!elems.challenge) {
938 printk(KERN_DEBUG "%s: no challenge IE in shared key auth "
939 "frame\n", dev->name);
942 ieee80211_send_auth(dev, ifsta, 3, elems.challenge - 2,
943 elems.challenge_len + 2, 1);
947 static void ieee80211_rx_mgmt_auth(struct net_device *dev,
948 struct ieee80211_if_sta *ifsta,
949 struct ieee80211_mgmt *mgmt,
952 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
953 u16 auth_alg, auth_transaction, status_code;
954 DECLARE_MAC_BUF(mac);
956 if (ifsta->state != IEEE80211_AUTHENTICATE &&
957 sdata->type != IEEE80211_IF_TYPE_IBSS) {
958 printk(KERN_DEBUG "%s: authentication frame received from "
959 "%s, but not in authenticate state - ignored\n",
960 dev->name, print_mac(mac, mgmt->sa));
965 printk(KERN_DEBUG "%s: too short (%zd) authentication frame "
966 "received from %s - ignored\n",
967 dev->name, len, print_mac(mac, mgmt->sa));
971 if (sdata->type != IEEE80211_IF_TYPE_IBSS &&
972 memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) {
973 printk(KERN_DEBUG "%s: authentication frame received from "
974 "unknown AP (SA=%s BSSID=%s) - "
975 "ignored\n", dev->name, print_mac(mac, mgmt->sa),
976 print_mac(mac, mgmt->bssid));
980 if (sdata->type != IEEE80211_IF_TYPE_IBSS &&
981 memcmp(ifsta->bssid, mgmt->bssid, ETH_ALEN) != 0) {
982 printk(KERN_DEBUG "%s: authentication frame received from "
983 "unknown BSSID (SA=%s BSSID=%s) - "
984 "ignored\n", dev->name, print_mac(mac, mgmt->sa),
985 print_mac(mac, mgmt->bssid));
989 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
990 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
991 status_code = le16_to_cpu(mgmt->u.auth.status_code);
993 printk(KERN_DEBUG "%s: RX authentication from %s (alg=%d "
994 "transaction=%d status=%d)\n",
995 dev->name, print_mac(mac, mgmt->sa), auth_alg,
996 auth_transaction, status_code);
998 if (sdata->type == IEEE80211_IF_TYPE_IBSS) {
999 /* IEEE 802.11 standard does not require authentication in IBSS
1000 * networks and most implementations do not seem to use it.
1001 * However, try to reply to authentication attempts if someone
1002 * has actually implemented this.
1003 * TODO: Could implement shared key authentication. */
1004 if (auth_alg != WLAN_AUTH_OPEN || auth_transaction != 1) {
1005 printk(KERN_DEBUG "%s: unexpected IBSS authentication "
1006 "frame (alg=%d transaction=%d)\n",
1007 dev->name, auth_alg, auth_transaction);
1010 ieee80211_send_auth(dev, ifsta, 2, NULL, 0, 0);
1013 if (auth_alg != ifsta->auth_alg ||
1014 auth_transaction != ifsta->auth_transaction) {
1015 printk(KERN_DEBUG "%s: unexpected authentication frame "
1016 "(alg=%d transaction=%d)\n",
1017 dev->name, auth_alg, auth_transaction);
1021 if (status_code != WLAN_STATUS_SUCCESS) {
1022 printk(KERN_DEBUG "%s: AP denied authentication (auth_alg=%d "
1023 "code=%d)\n", dev->name, ifsta->auth_alg, status_code);
1024 if (status_code == WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG) {
1026 const int num_algs = ARRAY_SIZE(algs);
1028 algs[0] = algs[1] = algs[2] = 0xff;
1029 if (ifsta->auth_algs & IEEE80211_AUTH_ALG_OPEN)
1030 algs[0] = WLAN_AUTH_OPEN;
1031 if (ifsta->auth_algs & IEEE80211_AUTH_ALG_SHARED_KEY)
1032 algs[1] = WLAN_AUTH_SHARED_KEY;
1033 if (ifsta->auth_algs & IEEE80211_AUTH_ALG_LEAP)
1034 algs[2] = WLAN_AUTH_LEAP;
1035 if (ifsta->auth_alg == WLAN_AUTH_OPEN)
1037 else if (ifsta->auth_alg == WLAN_AUTH_SHARED_KEY)
1041 for (i = 0; i < num_algs; i++) {
1043 if (pos >= num_algs)
1045 if (algs[pos] == ifsta->auth_alg ||
1048 if (algs[pos] == WLAN_AUTH_SHARED_KEY &&
1049 !ieee80211_sta_wep_configured(dev))
1051 ifsta->auth_alg = algs[pos];
1052 printk(KERN_DEBUG "%s: set auth_alg=%d for "
1054 dev->name, ifsta->auth_alg);
1061 switch (ifsta->auth_alg) {
1062 case WLAN_AUTH_OPEN:
1063 case WLAN_AUTH_LEAP:
1064 ieee80211_auth_completed(dev, ifsta);
1066 case WLAN_AUTH_SHARED_KEY:
1067 if (ifsta->auth_transaction == 4)
1068 ieee80211_auth_completed(dev, ifsta);
1070 ieee80211_auth_challenge(dev, ifsta, mgmt, len);
1076 static void ieee80211_rx_mgmt_deauth(struct net_device *dev,
1077 struct ieee80211_if_sta *ifsta,
1078 struct ieee80211_mgmt *mgmt,
1082 DECLARE_MAC_BUF(mac);
1085 printk(KERN_DEBUG "%s: too short (%zd) deauthentication frame "
1086 "received from %s - ignored\n",
1087 dev->name, len, print_mac(mac, mgmt->sa));
1091 if (memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) {
1092 printk(KERN_DEBUG "%s: deauthentication frame received from "
1093 "unknown AP (SA=%s BSSID=%s) - "
1094 "ignored\n", dev->name, print_mac(mac, mgmt->sa),
1095 print_mac(mac, mgmt->bssid));
1099 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
1101 printk(KERN_DEBUG "%s: RX deauthentication from %s"
1103 dev->name, print_mac(mac, mgmt->sa), reason_code);
1105 if (ifsta->flags & IEEE80211_STA_AUTHENTICATED) {
1106 printk(KERN_DEBUG "%s: deauthenticated\n", dev->name);
1109 if (ifsta->state == IEEE80211_AUTHENTICATE ||
1110 ifsta->state == IEEE80211_ASSOCIATE ||
1111 ifsta->state == IEEE80211_ASSOCIATED) {
1112 ifsta->state = IEEE80211_AUTHENTICATE;
1113 mod_timer(&ifsta->timer, jiffies +
1114 IEEE80211_RETRY_AUTH_INTERVAL);
1117 ieee80211_set_disassoc(dev, ifsta, 1);
1118 ifsta->flags &= ~IEEE80211_STA_AUTHENTICATED;
1122 static void ieee80211_rx_mgmt_disassoc(struct net_device *dev,
1123 struct ieee80211_if_sta *ifsta,
1124 struct ieee80211_mgmt *mgmt,
1128 DECLARE_MAC_BUF(mac);
1131 printk(KERN_DEBUG "%s: too short (%zd) disassociation frame "
1132 "received from %s - ignored\n",
1133 dev->name, len, print_mac(mac, mgmt->sa));
1137 if (memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) {
1138 printk(KERN_DEBUG "%s: disassociation frame received from "
1139 "unknown AP (SA=%s BSSID=%s) - "
1140 "ignored\n", dev->name, print_mac(mac, mgmt->sa),
1141 print_mac(mac, mgmt->bssid));
1145 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
1147 printk(KERN_DEBUG "%s: RX disassociation from %s"
1149 dev->name, print_mac(mac, mgmt->sa), reason_code);
1151 if (ifsta->flags & IEEE80211_STA_ASSOCIATED)
1152 printk(KERN_DEBUG "%s: disassociated\n", dev->name);
1154 if (ifsta->state == IEEE80211_ASSOCIATED) {
1155 ifsta->state = IEEE80211_ASSOCIATE;
1156 mod_timer(&ifsta->timer, jiffies +
1157 IEEE80211_RETRY_AUTH_INTERVAL);
1160 ieee80211_set_disassoc(dev, ifsta, 0);
1164 static void ieee80211_rx_mgmt_assoc_resp(struct net_device *dev,
1165 struct ieee80211_if_sta *ifsta,
1166 struct ieee80211_mgmt *mgmt,
1170 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1171 struct ieee80211_hw_mode *mode;
1172 struct sta_info *sta;
1174 u16 capab_info, status_code, aid;
1175 struct ieee802_11_elems elems;
1178 DECLARE_MAC_BUF(mac);
1180 /* AssocResp and ReassocResp have identical structure, so process both
1181 * of them in this function. */
1183 if (ifsta->state != IEEE80211_ASSOCIATE) {
1184 printk(KERN_DEBUG "%s: association frame received from "
1185 "%s, but not in associate state - ignored\n",
1186 dev->name, print_mac(mac, mgmt->sa));
1191 printk(KERN_DEBUG "%s: too short (%zd) association frame "
1192 "received from %s - ignored\n",
1193 dev->name, len, print_mac(mac, mgmt->sa));
1197 if (memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) {
1198 printk(KERN_DEBUG "%s: association frame received from "
1199 "unknown AP (SA=%s BSSID=%s) - "
1200 "ignored\n", dev->name, print_mac(mac, mgmt->sa),
1201 print_mac(mac, mgmt->bssid));
1205 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
1206 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
1207 aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
1209 printk(KERN_DEBUG "%s: RX %sssocResp from %s (capab=0x%x "
1210 "status=%d aid=%d)\n",
1211 dev->name, reassoc ? "Rea" : "A", print_mac(mac, mgmt->sa),
1212 capab_info, status_code, aid & ~(BIT(15) | BIT(14)));
1214 if (status_code != WLAN_STATUS_SUCCESS) {
1215 printk(KERN_DEBUG "%s: AP denied association (code=%d)\n",
1216 dev->name, status_code);
1217 /* if this was a reassociation, ensure we try a "full"
1218 * association next time. This works around some broken APs
1219 * which do not correctly reject reassociation requests. */
1220 ifsta->flags &= ~IEEE80211_STA_PREV_BSSID_SET;
1224 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14)))
1225 printk(KERN_DEBUG "%s: invalid aid value %d; bits 15:14 not "
1226 "set\n", dev->name, aid);
1227 aid &= ~(BIT(15) | BIT(14));
1229 pos = mgmt->u.assoc_resp.variable;
1230 if (ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems)
1232 printk(KERN_DEBUG "%s: failed to parse AssocResp\n",
1237 if (!elems.supp_rates) {
1238 printk(KERN_DEBUG "%s: no SuppRates element in AssocResp\n",
1243 /* it probably doesn't, but if the frame includes an ERP value then
1244 * update our stored copy */
1245 if (elems.erp_info && elems.erp_info_len >= 1) {
1246 struct ieee80211_sta_bss *bss
1247 = ieee80211_rx_bss_get(dev, ifsta->bssid,
1248 local->hw.conf.channel);
1250 bss->erp_value = elems.erp_info[0];
1251 bss->has_erp_value = 1;
1252 ieee80211_rx_bss_put(dev, bss);
1256 printk(KERN_DEBUG "%s: associated\n", dev->name);
1258 ifsta->ap_capab = capab_info;
1260 kfree(ifsta->assocresp_ies);
1261 ifsta->assocresp_ies_len = len - (pos - (u8 *) mgmt);
1262 ifsta->assocresp_ies = kmalloc(ifsta->assocresp_ies_len, GFP_KERNEL);
1263 if (ifsta->assocresp_ies)
1264 memcpy(ifsta->assocresp_ies, pos, ifsta->assocresp_ies_len);
1266 ieee80211_set_associated(dev, ifsta, 1);
1268 /* Add STA entry for the AP */
1269 sta = sta_info_get(local, ifsta->bssid);
1271 struct ieee80211_sta_bss *bss;
1272 sta = sta_info_add(local, dev, ifsta->bssid, GFP_KERNEL);
1274 printk(KERN_DEBUG "%s: failed to add STA entry for the"
1275 " AP\n", dev->name);
1278 bss = ieee80211_rx_bss_get(dev, ifsta->bssid,
1279 local->hw.conf.channel);
1281 sta->last_rssi = bss->rssi;
1282 sta->last_signal = bss->signal;
1283 sta->last_noise = bss->noise;
1284 ieee80211_rx_bss_put(dev, bss);
1289 sta->flags |= WLAN_STA_AUTH | WLAN_STA_ASSOC | WLAN_STA_ASSOC_AP;
1292 mode = local->oper_hw_mode;
1293 for (i = 0; i < elems.supp_rates_len; i++) {
1294 int rate = (elems.supp_rates[i] & 0x7f) * 5;
1295 for (j = 0; j < mode->num_rates; j++)
1296 if (mode->rates[j].rate == rate)
1299 for (i = 0; i < elems.ext_supp_rates_len; i++) {
1300 int rate = (elems.ext_supp_rates[i] & 0x7f) * 5;
1301 for (j = 0; j < mode->num_rates; j++)
1302 if (mode->rates[j].rate == rate)
1305 sta->supp_rates = rates;
1307 rate_control_rate_init(sta, local);
1309 if (elems.wmm_param && (ifsta->flags & IEEE80211_STA_WMM_ENABLED)) {
1310 sta->flags |= WLAN_STA_WME;
1311 ieee80211_sta_wmm_params(dev, ifsta, elems.wmm_param,
1312 elems.wmm_param_len);
1318 ieee80211_associated(dev, ifsta);
1322 /* Caller must hold local->sta_bss_lock */
1323 static void __ieee80211_rx_bss_hash_add(struct net_device *dev,
1324 struct ieee80211_sta_bss *bss)
1326 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1327 bss->hnext = local->sta_bss_hash[STA_HASH(bss->bssid)];
1328 local->sta_bss_hash[STA_HASH(bss->bssid)] = bss;
1332 /* Caller must hold local->sta_bss_lock */
1333 static void __ieee80211_rx_bss_hash_del(struct net_device *dev,
1334 struct ieee80211_sta_bss *bss)
1336 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1337 struct ieee80211_sta_bss *b, *prev = NULL;
1338 b = local->sta_bss_hash[STA_HASH(bss->bssid)];
1342 local->sta_bss_hash[STA_HASH(bss->bssid)] =
1345 prev->hnext = bss->hnext;
1354 static struct ieee80211_sta_bss *
1355 ieee80211_rx_bss_add(struct net_device *dev, u8 *bssid, int channel)
1357 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1358 struct ieee80211_sta_bss *bss;
1360 bss = kzalloc(sizeof(*bss), GFP_ATOMIC);
1363 atomic_inc(&bss->users);
1364 atomic_inc(&bss->users);
1365 memcpy(bss->bssid, bssid, ETH_ALEN);
1366 bss->channel = channel;
1368 spin_lock_bh(&local->sta_bss_lock);
1369 /* TODO: order by RSSI? */
1370 list_add_tail(&bss->list, &local->sta_bss_list);
1371 __ieee80211_rx_bss_hash_add(dev, bss);
1372 spin_unlock_bh(&local->sta_bss_lock);
1377 static struct ieee80211_sta_bss *
1378 ieee80211_rx_bss_get(struct net_device *dev, u8 *bssid, int channel)
1380 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1381 struct ieee80211_sta_bss *bss;
1383 spin_lock_bh(&local->sta_bss_lock);
1384 bss = local->sta_bss_hash[STA_HASH(bssid)];
1386 if (memcmp(bss->bssid, bssid, ETH_ALEN) == 0 &&
1387 bss->channel == channel) {
1388 atomic_inc(&bss->users);
1393 spin_unlock_bh(&local->sta_bss_lock);
1398 static void ieee80211_rx_bss_free(struct ieee80211_sta_bss *bss)
1407 static void ieee80211_rx_bss_put(struct net_device *dev,
1408 struct ieee80211_sta_bss *bss)
1410 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1411 if (!atomic_dec_and_test(&bss->users))
1414 spin_lock_bh(&local->sta_bss_lock);
1415 __ieee80211_rx_bss_hash_del(dev, bss);
1416 list_del(&bss->list);
1417 spin_unlock_bh(&local->sta_bss_lock);
1418 ieee80211_rx_bss_free(bss);
1422 void ieee80211_rx_bss_list_init(struct net_device *dev)
1424 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1425 spin_lock_init(&local->sta_bss_lock);
1426 INIT_LIST_HEAD(&local->sta_bss_list);
1430 void ieee80211_rx_bss_list_deinit(struct net_device *dev)
1432 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1433 struct ieee80211_sta_bss *bss, *tmp;
1435 list_for_each_entry_safe(bss, tmp, &local->sta_bss_list, list)
1436 ieee80211_rx_bss_put(dev, bss);
1440 static void ieee80211_rx_bss_info(struct net_device *dev,
1441 struct ieee80211_mgmt *mgmt,
1443 struct ieee80211_rx_status *rx_status,
1446 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1447 struct ieee802_11_elems elems;
1449 int channel, invalid = 0, clen;
1450 struct ieee80211_sta_bss *bss;
1451 struct sta_info *sta;
1452 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1454 DECLARE_MAC_BUF(mac);
1455 DECLARE_MAC_BUF(mac2);
1457 if (!beacon && memcmp(mgmt->da, dev->dev_addr, ETH_ALEN))
1458 return; /* ignore ProbeResp to foreign address */
1461 printk(KERN_DEBUG "%s: RX %s from %s to %s\n",
1462 dev->name, beacon ? "Beacon" : "Probe Response",
1463 print_mac(mac, mgmt->sa), print_mac(mac2, mgmt->da));
1466 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
1470 timestamp = le64_to_cpu(mgmt->u.beacon.timestamp);
1472 if (sdata->type == IEEE80211_IF_TYPE_IBSS && beacon &&
1473 memcmp(mgmt->bssid, sdata->u.sta.bssid, ETH_ALEN) == 0) {
1474 #ifdef CONFIG_MAC80211_IBSS_DEBUG
1475 static unsigned long last_tsf_debug = 0;
1477 if (local->ops->get_tsf)
1478 tsf = local->ops->get_tsf(local_to_hw(local));
1481 if (time_after(jiffies, last_tsf_debug + 5 * HZ)) {
1482 printk(KERN_DEBUG "RX beacon SA=%s BSSID="
1483 "%s TSF=0x%llx BCN=0x%llx diff=%lld "
1485 print_mac(mac, mgmt->sa), print_mac(mac2, mgmt->bssid),
1486 (unsigned long long)tsf,
1487 (unsigned long long)timestamp,
1488 (unsigned long long)(tsf - timestamp),
1490 last_tsf_debug = jiffies;
1492 #endif /* CONFIG_MAC80211_IBSS_DEBUG */
1495 if (ieee802_11_parse_elems(mgmt->u.beacon.variable, len - baselen,
1496 &elems) == ParseFailed)
1499 if (sdata->type == IEEE80211_IF_TYPE_IBSS && elems.supp_rates &&
1500 memcmp(mgmt->bssid, sdata->u.sta.bssid, ETH_ALEN) == 0 &&
1501 (sta = sta_info_get(local, mgmt->sa))) {
1502 struct ieee80211_hw_mode *mode;
1503 struct ieee80211_rate *rates;
1505 u32 supp_rates, prev_rates;
1508 mode = local->sta_scanning ?
1509 local->scan_hw_mode : local->oper_hw_mode;
1510 rates = mode->rates;
1511 num_rates = mode->num_rates;
1514 for (i = 0; i < elems.supp_rates_len +
1515 elems.ext_supp_rates_len; i++) {
1518 if (i < elems.supp_rates_len)
1519 rate = elems.supp_rates[i];
1520 else if (elems.ext_supp_rates)
1521 rate = elems.ext_supp_rates
1522 [i - elems.supp_rates_len];
1523 own_rate = 5 * (rate & 0x7f);
1524 for (j = 0; j < num_rates; j++)
1525 if (rates[j].rate == own_rate)
1526 supp_rates |= BIT(j);
1529 prev_rates = sta->supp_rates;
1530 sta->supp_rates &= supp_rates;
1531 if (sta->supp_rates == 0) {
1532 /* No matching rates - this should not really happen.
1533 * Make sure that at least one rate is marked
1534 * supported to avoid issues with TX rate ctrl. */
1535 sta->supp_rates = sdata->u.sta.supp_rates_bits;
1537 if (sta->supp_rates != prev_rates) {
1538 printk(KERN_DEBUG "%s: updated supp_rates set for "
1539 "%s based on beacon info (0x%x & 0x%x -> "
1541 dev->name, print_mac(mac, sta->addr), prev_rates,
1542 supp_rates, sta->supp_rates);
1550 if (elems.ds_params && elems.ds_params_len == 1)
1551 channel = elems.ds_params[0];
1553 channel = rx_status->channel;
1555 bss = ieee80211_rx_bss_get(dev, mgmt->bssid, channel);
1557 bss = ieee80211_rx_bss_add(dev, mgmt->bssid, channel);
1562 /* TODO: order by RSSI? */
1563 spin_lock_bh(&local->sta_bss_lock);
1564 list_move_tail(&bss->list, &local->sta_bss_list);
1565 spin_unlock_bh(&local->sta_bss_lock);
1569 if (bss->probe_resp && beacon) {
1570 /* Do not allow beacon to override data from Probe Response. */
1571 ieee80211_rx_bss_put(dev, bss);
1575 /* save the ERP value so that it is available at association time */
1576 if (elems.erp_info && elems.erp_info_len >= 1) {
1577 bss->erp_value = elems.erp_info[0];
1578 bss->has_erp_value = 1;
1581 bss->beacon_int = le16_to_cpu(mgmt->u.beacon.beacon_int);
1582 bss->capability = le16_to_cpu(mgmt->u.beacon.capab_info);
1583 if (elems.ssid && elems.ssid_len <= IEEE80211_MAX_SSID_LEN) {
1584 memcpy(bss->ssid, elems.ssid, elems.ssid_len);
1585 bss->ssid_len = elems.ssid_len;
1588 bss->supp_rates_len = 0;
1589 if (elems.supp_rates) {
1590 clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len;
1591 if (clen > elems.supp_rates_len)
1592 clen = elems.supp_rates_len;
1593 memcpy(&bss->supp_rates[bss->supp_rates_len], elems.supp_rates,
1595 bss->supp_rates_len += clen;
1597 if (elems.ext_supp_rates) {
1598 clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len;
1599 if (clen > elems.ext_supp_rates_len)
1600 clen = elems.ext_supp_rates_len;
1601 memcpy(&bss->supp_rates[bss->supp_rates_len],
1602 elems.ext_supp_rates, clen);
1603 bss->supp_rates_len += clen;
1607 (!bss->wpa_ie || bss->wpa_ie_len != elems.wpa_len ||
1608 memcmp(bss->wpa_ie, elems.wpa, elems.wpa_len))) {
1610 bss->wpa_ie = kmalloc(elems.wpa_len + 2, GFP_ATOMIC);
1612 memcpy(bss->wpa_ie, elems.wpa - 2, elems.wpa_len + 2);
1613 bss->wpa_ie_len = elems.wpa_len + 2;
1615 bss->wpa_ie_len = 0;
1616 } else if (!elems.wpa && bss->wpa_ie) {
1619 bss->wpa_ie_len = 0;
1623 (!bss->rsn_ie || bss->rsn_ie_len != elems.rsn_len ||
1624 memcmp(bss->rsn_ie, elems.rsn, elems.rsn_len))) {
1626 bss->rsn_ie = kmalloc(elems.rsn_len + 2, GFP_ATOMIC);
1628 memcpy(bss->rsn_ie, elems.rsn - 2, elems.rsn_len + 2);
1629 bss->rsn_ie_len = elems.rsn_len + 2;
1631 bss->rsn_ie_len = 0;
1632 } else if (!elems.rsn && bss->rsn_ie) {
1635 bss->rsn_ie_len = 0;
1638 if (elems.wmm_param &&
1639 (!bss->wmm_ie || bss->wmm_ie_len != elems.wmm_param_len ||
1640 memcmp(bss->wmm_ie, elems.wmm_param, elems.wmm_param_len))) {
1642 bss->wmm_ie = kmalloc(elems.wmm_param_len + 2, GFP_ATOMIC);
1644 memcpy(bss->wmm_ie, elems.wmm_param - 2,
1645 elems.wmm_param_len + 2);
1646 bss->wmm_ie_len = elems.wmm_param_len + 2;
1648 bss->wmm_ie_len = 0;
1649 } else if (!elems.wmm_param && bss->wmm_ie) {
1652 bss->wmm_ie_len = 0;
1656 bss->hw_mode = rx_status->phymode;
1657 bss->freq = rx_status->freq;
1658 if (channel != rx_status->channel &&
1659 (bss->hw_mode == MODE_IEEE80211G ||
1660 bss->hw_mode == MODE_IEEE80211B) &&
1661 channel >= 1 && channel <= 14) {
1662 static const int freq_list[] = {
1663 2412, 2417, 2422, 2427, 2432, 2437, 2442,
1664 2447, 2452, 2457, 2462, 2467, 2472, 2484
1666 /* IEEE 802.11g/b mode can receive packets from neighboring
1667 * channels, so map the channel into frequency. */
1668 bss->freq = freq_list[channel - 1];
1670 bss->timestamp = timestamp;
1671 bss->last_update = jiffies;
1672 bss->rssi = rx_status->ssi;
1673 bss->signal = rx_status->signal;
1674 bss->noise = rx_status->noise;
1677 ieee80211_rx_bss_put(dev, bss);
1681 static void ieee80211_rx_mgmt_probe_resp(struct net_device *dev,
1682 struct ieee80211_mgmt *mgmt,
1684 struct ieee80211_rx_status *rx_status)
1686 ieee80211_rx_bss_info(dev, mgmt, len, rx_status, 0);
1690 static void ieee80211_rx_mgmt_beacon(struct net_device *dev,
1691 struct ieee80211_mgmt *mgmt,
1693 struct ieee80211_rx_status *rx_status)
1695 struct ieee80211_sub_if_data *sdata;
1696 struct ieee80211_if_sta *ifsta;
1698 struct ieee802_11_elems elems;
1700 ieee80211_rx_bss_info(dev, mgmt, len, rx_status, 1);
1702 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1703 if (sdata->type != IEEE80211_IF_TYPE_STA)
1705 ifsta = &sdata->u.sta;
1707 if (!(ifsta->flags & IEEE80211_STA_ASSOCIATED) ||
1708 memcmp(ifsta->bssid, mgmt->bssid, ETH_ALEN) != 0)
1711 /* Process beacon from the current BSS */
1712 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
1716 if (ieee802_11_parse_elems(mgmt->u.beacon.variable, len - baselen,
1717 &elems) == ParseFailed)
1720 if (elems.erp_info && elems.erp_info_len >= 1)
1721 ieee80211_handle_erp_ie(dev, elems.erp_info[0]);
1723 if (elems.wmm_param && (ifsta->flags & IEEE80211_STA_WMM_ENABLED)) {
1724 ieee80211_sta_wmm_params(dev, ifsta, elems.wmm_param,
1725 elems.wmm_param_len);
1730 static void ieee80211_rx_mgmt_probe_req(struct net_device *dev,
1731 struct ieee80211_if_sta *ifsta,
1732 struct ieee80211_mgmt *mgmt,
1734 struct ieee80211_rx_status *rx_status)
1736 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1737 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1739 struct sk_buff *skb;
1740 struct ieee80211_mgmt *resp;
1742 DECLARE_MAC_BUF(mac);
1743 #ifdef CONFIG_MAC80211_IBSS_DEBUG
1744 DECLARE_MAC_BUF(mac2);
1745 DECLARE_MAC_BUF(mac3);
1748 if (sdata->type != IEEE80211_IF_TYPE_IBSS ||
1749 ifsta->state != IEEE80211_IBSS_JOINED ||
1750 len < 24 + 2 || !ifsta->probe_resp)
1753 if (local->ops->tx_last_beacon)
1754 tx_last_beacon = local->ops->tx_last_beacon(local_to_hw(local));
1758 #ifdef CONFIG_MAC80211_IBSS_DEBUG
1759 printk(KERN_DEBUG "%s: RX ProbeReq SA=%s DA=%s BSSID="
1760 "%s (tx_last_beacon=%d)\n",
1761 dev->name, print_mac(mac, mgmt->sa), print_mac(mac2, mgmt->da),
1762 print_mac(mac3, mgmt->bssid), tx_last_beacon);
1763 #endif /* CONFIG_MAC80211_IBSS_DEBUG */
1765 if (!tx_last_beacon)
1768 if (memcmp(mgmt->bssid, ifsta->bssid, ETH_ALEN) != 0 &&
1769 memcmp(mgmt->bssid, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) != 0)
1772 end = ((u8 *) mgmt) + len;
1773 pos = mgmt->u.probe_req.variable;
1774 if (pos[0] != WLAN_EID_SSID ||
1775 pos + 2 + pos[1] > end) {
1776 if (net_ratelimit()) {
1777 printk(KERN_DEBUG "%s: Invalid SSID IE in ProbeReq "
1779 dev->name, print_mac(mac, mgmt->sa));
1784 (pos[1] != ifsta->ssid_len ||
1785 memcmp(pos + 2, ifsta->ssid, ifsta->ssid_len) != 0)) {
1786 /* Ignore ProbeReq for foreign SSID */
1790 /* Reply with ProbeResp */
1791 skb = skb_copy(ifsta->probe_resp, GFP_KERNEL);
1795 resp = (struct ieee80211_mgmt *) skb->data;
1796 memcpy(resp->da, mgmt->sa, ETH_ALEN);
1797 #ifdef CONFIG_MAC80211_IBSS_DEBUG
1798 printk(KERN_DEBUG "%s: Sending ProbeResp to %s\n",
1799 dev->name, print_mac(mac, resp->da));
1800 #endif /* CONFIG_MAC80211_IBSS_DEBUG */
1801 ieee80211_sta_tx(dev, skb, 0);
1805 void ieee80211_sta_rx_mgmt(struct net_device *dev, struct sk_buff *skb,
1806 struct ieee80211_rx_status *rx_status)
1808 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1809 struct ieee80211_sub_if_data *sdata;
1810 struct ieee80211_if_sta *ifsta;
1811 struct ieee80211_mgmt *mgmt;
1817 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1818 ifsta = &sdata->u.sta;
1820 mgmt = (struct ieee80211_mgmt *) skb->data;
1821 fc = le16_to_cpu(mgmt->frame_control);
1823 switch (fc & IEEE80211_FCTL_STYPE) {
1824 case IEEE80211_STYPE_PROBE_REQ:
1825 case IEEE80211_STYPE_PROBE_RESP:
1826 case IEEE80211_STYPE_BEACON:
1827 memcpy(skb->cb, rx_status, sizeof(*rx_status));
1828 case IEEE80211_STYPE_AUTH:
1829 case IEEE80211_STYPE_ASSOC_RESP:
1830 case IEEE80211_STYPE_REASSOC_RESP:
1831 case IEEE80211_STYPE_DEAUTH:
1832 case IEEE80211_STYPE_DISASSOC:
1833 skb_queue_tail(&ifsta->skb_queue, skb);
1834 queue_work(local->hw.workqueue, &ifsta->work);
1837 printk(KERN_DEBUG "%s: received unknown management frame - "
1838 "stype=%d\n", dev->name,
1839 (fc & IEEE80211_FCTL_STYPE) >> 4);
1848 static void ieee80211_sta_rx_queued_mgmt(struct net_device *dev,
1849 struct sk_buff *skb)
1851 struct ieee80211_rx_status *rx_status;
1852 struct ieee80211_sub_if_data *sdata;
1853 struct ieee80211_if_sta *ifsta;
1854 struct ieee80211_mgmt *mgmt;
1857 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1858 ifsta = &sdata->u.sta;
1860 rx_status = (struct ieee80211_rx_status *) skb->cb;
1861 mgmt = (struct ieee80211_mgmt *) skb->data;
1862 fc = le16_to_cpu(mgmt->frame_control);
1864 switch (fc & IEEE80211_FCTL_STYPE) {
1865 case IEEE80211_STYPE_PROBE_REQ:
1866 ieee80211_rx_mgmt_probe_req(dev, ifsta, mgmt, skb->len,
1869 case IEEE80211_STYPE_PROBE_RESP:
1870 ieee80211_rx_mgmt_probe_resp(dev, mgmt, skb->len, rx_status);
1872 case IEEE80211_STYPE_BEACON:
1873 ieee80211_rx_mgmt_beacon(dev, mgmt, skb->len, rx_status);
1875 case IEEE80211_STYPE_AUTH:
1876 ieee80211_rx_mgmt_auth(dev, ifsta, mgmt, skb->len);
1878 case IEEE80211_STYPE_ASSOC_RESP:
1879 ieee80211_rx_mgmt_assoc_resp(dev, ifsta, mgmt, skb->len, 0);
1881 case IEEE80211_STYPE_REASSOC_RESP:
1882 ieee80211_rx_mgmt_assoc_resp(dev, ifsta, mgmt, skb->len, 1);
1884 case IEEE80211_STYPE_DEAUTH:
1885 ieee80211_rx_mgmt_deauth(dev, ifsta, mgmt, skb->len);
1887 case IEEE80211_STYPE_DISASSOC:
1888 ieee80211_rx_mgmt_disassoc(dev, ifsta, mgmt, skb->len);
1896 void ieee80211_sta_rx_scan(struct net_device *dev, struct sk_buff *skb,
1897 struct ieee80211_rx_status *rx_status)
1899 struct ieee80211_mgmt *mgmt;
1902 if (skb->len < 24) {
1907 mgmt = (struct ieee80211_mgmt *) skb->data;
1908 fc = le16_to_cpu(mgmt->frame_control);
1910 if ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_MGMT) {
1911 if ((fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_PROBE_RESP) {
1912 ieee80211_rx_mgmt_probe_resp(dev, mgmt,
1913 skb->len, rx_status);
1914 } else if ((fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_BEACON) {
1915 ieee80211_rx_mgmt_beacon(dev, mgmt, skb->len,
1924 static int ieee80211_sta_active_ibss(struct net_device *dev)
1926 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1928 struct sta_info *sta;
1930 read_lock_bh(&local->sta_lock);
1931 list_for_each_entry(sta, &local->sta_list, list) {
1932 if (sta->dev == dev &&
1933 time_after(sta->last_rx + IEEE80211_IBSS_MERGE_INTERVAL,
1939 read_unlock_bh(&local->sta_lock);
1945 static void ieee80211_sta_expire(struct net_device *dev)
1947 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1948 struct sta_info *sta, *tmp;
1949 LIST_HEAD(tmp_list);
1950 DECLARE_MAC_BUF(mac);
1952 write_lock_bh(&local->sta_lock);
1953 list_for_each_entry_safe(sta, tmp, &local->sta_list, list)
1954 if (time_after(jiffies, sta->last_rx +
1955 IEEE80211_IBSS_INACTIVITY_LIMIT)) {
1956 printk(KERN_DEBUG "%s: expiring inactive STA %s\n",
1957 dev->name, print_mac(mac, sta->addr));
1958 __sta_info_get(sta);
1959 sta_info_remove(sta);
1960 list_add(&sta->list, &tmp_list);
1962 write_unlock_bh(&local->sta_lock);
1964 list_for_each_entry_safe(sta, tmp, &tmp_list, list) {
1971 static void ieee80211_sta_merge_ibss(struct net_device *dev,
1972 struct ieee80211_if_sta *ifsta)
1974 mod_timer(&ifsta->timer, jiffies + IEEE80211_IBSS_MERGE_INTERVAL);
1976 ieee80211_sta_expire(dev);
1977 if (ieee80211_sta_active_ibss(dev))
1980 printk(KERN_DEBUG "%s: No active IBSS STAs - trying to scan for other "
1981 "IBSS networks with same SSID (merge)\n", dev->name);
1982 ieee80211_sta_req_scan(dev, ifsta->ssid, ifsta->ssid_len);
1986 void ieee80211_sta_timer(unsigned long data)
1988 struct ieee80211_sub_if_data *sdata =
1989 (struct ieee80211_sub_if_data *) data;
1990 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
1991 struct ieee80211_local *local = wdev_priv(&sdata->wdev);
1993 set_bit(IEEE80211_STA_REQ_RUN, &ifsta->request);
1994 queue_work(local->hw.workqueue, &ifsta->work);
1998 void ieee80211_sta_work(struct work_struct *work)
2000 struct ieee80211_sub_if_data *sdata =
2001 container_of(work, struct ieee80211_sub_if_data, u.sta.work);
2002 struct net_device *dev = sdata->dev;
2003 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2004 struct ieee80211_if_sta *ifsta;
2005 struct sk_buff *skb;
2007 if (!netif_running(dev))
2010 if (local->sta_scanning)
2013 if (sdata->type != IEEE80211_IF_TYPE_STA &&
2014 sdata->type != IEEE80211_IF_TYPE_IBSS) {
2015 printk(KERN_DEBUG "%s: ieee80211_sta_work: non-STA interface "
2016 "(type=%d)\n", dev->name, sdata->type);
2019 ifsta = &sdata->u.sta;
2021 while ((skb = skb_dequeue(&ifsta->skb_queue)))
2022 ieee80211_sta_rx_queued_mgmt(dev, skb);
2024 if (ifsta->state != IEEE80211_AUTHENTICATE &&
2025 ifsta->state != IEEE80211_ASSOCIATE &&
2026 test_and_clear_bit(IEEE80211_STA_REQ_SCAN, &ifsta->request)) {
2027 ieee80211_sta_start_scan(dev, NULL, 0);
2031 if (test_and_clear_bit(IEEE80211_STA_REQ_AUTH, &ifsta->request)) {
2032 if (ieee80211_sta_config_auth(dev, ifsta))
2034 clear_bit(IEEE80211_STA_REQ_RUN, &ifsta->request);
2035 } else if (!test_and_clear_bit(IEEE80211_STA_REQ_RUN, &ifsta->request))
2038 switch (ifsta->state) {
2039 case IEEE80211_DISABLED:
2041 case IEEE80211_AUTHENTICATE:
2042 ieee80211_authenticate(dev, ifsta);
2044 case IEEE80211_ASSOCIATE:
2045 ieee80211_associate(dev, ifsta);
2047 case IEEE80211_ASSOCIATED:
2048 ieee80211_associated(dev, ifsta);
2050 case IEEE80211_IBSS_SEARCH:
2051 ieee80211_sta_find_ibss(dev, ifsta);
2053 case IEEE80211_IBSS_JOINED:
2054 ieee80211_sta_merge_ibss(dev, ifsta);
2057 printk(KERN_DEBUG "ieee80211_sta_work: Unknown state %d\n",
2062 if (ieee80211_privacy_mismatch(dev, ifsta)) {
2063 printk(KERN_DEBUG "%s: privacy configuration mismatch and "
2064 "mixed-cell disabled - disassociate\n", dev->name);
2066 ieee80211_send_disassoc(dev, ifsta, WLAN_REASON_UNSPECIFIED);
2067 ieee80211_set_disassoc(dev, ifsta, 0);
2072 static void ieee80211_sta_reset_auth(struct net_device *dev,
2073 struct ieee80211_if_sta *ifsta)
2075 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2077 if (local->ops->reset_tsf) {
2078 /* Reset own TSF to allow time synchronization work. */
2079 local->ops->reset_tsf(local_to_hw(local));
2082 ifsta->wmm_last_param_set = -1; /* allow any WMM update */
2085 if (ifsta->auth_algs & IEEE80211_AUTH_ALG_OPEN)
2086 ifsta->auth_alg = WLAN_AUTH_OPEN;
2087 else if (ifsta->auth_algs & IEEE80211_AUTH_ALG_SHARED_KEY)
2088 ifsta->auth_alg = WLAN_AUTH_SHARED_KEY;
2089 else if (ifsta->auth_algs & IEEE80211_AUTH_ALG_LEAP)
2090 ifsta->auth_alg = WLAN_AUTH_LEAP;
2092 ifsta->auth_alg = WLAN_AUTH_OPEN;
2093 printk(KERN_DEBUG "%s: Initial auth_alg=%d\n", dev->name,
2095 ifsta->auth_transaction = -1;
2096 ifsta->flags &= ~IEEE80211_STA_ASSOCIATED;
2097 ifsta->auth_tries = ifsta->assoc_tries = 0;
2098 netif_carrier_off(dev);
2102 void ieee80211_sta_req_auth(struct net_device *dev,
2103 struct ieee80211_if_sta *ifsta)
2105 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2106 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2108 if (sdata->type != IEEE80211_IF_TYPE_STA)
2111 if ((ifsta->flags & (IEEE80211_STA_BSSID_SET |
2112 IEEE80211_STA_AUTO_BSSID_SEL)) &&
2113 (ifsta->flags & (IEEE80211_STA_SSID_SET |
2114 IEEE80211_STA_AUTO_SSID_SEL))) {
2115 set_bit(IEEE80211_STA_REQ_AUTH, &ifsta->request);
2116 queue_work(local->hw.workqueue, &ifsta->work);
2120 static int ieee80211_sta_match_ssid(struct ieee80211_if_sta *ifsta,
2121 const char *ssid, int ssid_len)
2123 int tmp, hidden_ssid;
2125 if (!memcmp(ifsta->ssid, ssid, ssid_len))
2128 if (ifsta->flags & IEEE80211_STA_AUTO_BSSID_SEL)
2134 if (ssid[tmp] != '\0') {
2140 if (hidden_ssid && ifsta->ssid_len == ssid_len)
2143 if (ssid_len == 1 && ssid[0] == ' ')
2149 static int ieee80211_sta_config_auth(struct net_device *dev,
2150 struct ieee80211_if_sta *ifsta)
2152 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2153 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2154 struct ieee80211_sta_bss *bss, *selected = NULL;
2155 int top_rssi = 0, freq;
2157 if (!(ifsta->flags & (IEEE80211_STA_AUTO_SSID_SEL |
2158 IEEE80211_STA_AUTO_BSSID_SEL | IEEE80211_STA_AUTO_CHANNEL_SEL))) {
2159 ifsta->state = IEEE80211_AUTHENTICATE;
2160 ieee80211_sta_reset_auth(dev, ifsta);
2164 spin_lock_bh(&local->sta_bss_lock);
2165 freq = local->oper_channel->freq;
2166 list_for_each_entry(bss, &local->sta_bss_list, list) {
2167 if (!(bss->capability & WLAN_CAPABILITY_ESS))
2170 if (!!(bss->capability & WLAN_CAPABILITY_PRIVACY) ^
2171 !!sdata->default_key)
2174 if (!(ifsta->flags & IEEE80211_STA_AUTO_CHANNEL_SEL) &&
2178 if (!(ifsta->flags & IEEE80211_STA_AUTO_BSSID_SEL) &&
2179 memcmp(bss->bssid, ifsta->bssid, ETH_ALEN))
2182 if (!(ifsta->flags & IEEE80211_STA_AUTO_SSID_SEL) &&
2183 !ieee80211_sta_match_ssid(ifsta, bss->ssid, bss->ssid_len))
2186 if (!selected || top_rssi < bss->rssi) {
2188 top_rssi = bss->rssi;
2192 atomic_inc(&selected->users);
2193 spin_unlock_bh(&local->sta_bss_lock);
2196 ieee80211_set_channel(local, -1, selected->freq);
2197 if (!(ifsta->flags & IEEE80211_STA_SSID_SET))
2198 ieee80211_sta_set_ssid(dev, selected->ssid,
2199 selected->ssid_len);
2200 ieee80211_sta_set_bssid(dev, selected->bssid);
2201 ieee80211_rx_bss_put(dev, selected);
2202 ifsta->state = IEEE80211_AUTHENTICATE;
2203 ieee80211_sta_reset_auth(dev, ifsta);
2206 if (ifsta->state != IEEE80211_AUTHENTICATE) {
2207 if (ifsta->flags & IEEE80211_STA_AUTO_SSID_SEL)
2208 ieee80211_sta_start_scan(dev, NULL, 0);
2210 ieee80211_sta_start_scan(dev, ifsta->ssid,
2212 ifsta->state = IEEE80211_AUTHENTICATE;
2213 set_bit(IEEE80211_STA_REQ_AUTH, &ifsta->request);
2215 ifsta->state = IEEE80211_DISABLED;
2220 static int ieee80211_sta_join_ibss(struct net_device *dev,
2221 struct ieee80211_if_sta *ifsta,
2222 struct ieee80211_sta_bss *bss)
2224 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2225 int res, rates, i, j;
2226 struct sk_buff *skb;
2227 struct ieee80211_mgmt *mgmt;
2228 struct ieee80211_tx_control control;
2229 struct ieee80211_rate *rate;
2230 struct ieee80211_hw_mode *mode;
2231 struct rate_control_extra extra;
2233 struct ieee80211_sub_if_data *sdata;
2235 /* Remove possible STA entries from other IBSS networks. */
2236 sta_info_flush(local, NULL);
2238 if (local->ops->reset_tsf) {
2239 /* Reset own TSF to allow time synchronization work. */
2240 local->ops->reset_tsf(local_to_hw(local));
2242 memcpy(ifsta->bssid, bss->bssid, ETH_ALEN);
2243 res = ieee80211_if_config(dev);
2247 local->hw.conf.beacon_int = bss->beacon_int >= 10 ? bss->beacon_int : 10;
2249 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2250 sdata->drop_unencrypted = bss->capability &
2251 WLAN_CAPABILITY_PRIVACY ? 1 : 0;
2253 res = ieee80211_set_channel(local, -1, bss->freq);
2255 if (!(local->oper_channel->flag & IEEE80211_CHAN_W_IBSS)) {
2256 printk(KERN_DEBUG "%s: IBSS not allowed on channel %d "
2257 "(%d MHz)\n", dev->name, local->hw.conf.channel,
2258 local->hw.conf.freq);
2262 /* Set beacon template based on scan results */
2263 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 400);
2268 skb_reserve(skb, local->hw.extra_tx_headroom);
2270 mgmt = (struct ieee80211_mgmt *)
2271 skb_put(skb, 24 + sizeof(mgmt->u.beacon));
2272 memset(mgmt, 0, 24 + sizeof(mgmt->u.beacon));
2273 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
2274 IEEE80211_STYPE_BEACON);
2275 memset(mgmt->da, 0xff, ETH_ALEN);
2276 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
2277 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
2278 mgmt->u.beacon.beacon_int =
2279 cpu_to_le16(local->hw.conf.beacon_int);
2280 mgmt->u.beacon.capab_info = cpu_to_le16(bss->capability);
2282 pos = skb_put(skb, 2 + ifsta->ssid_len);
2283 *pos++ = WLAN_EID_SSID;
2284 *pos++ = ifsta->ssid_len;
2285 memcpy(pos, ifsta->ssid, ifsta->ssid_len);
2287 rates = bss->supp_rates_len;
2290 pos = skb_put(skb, 2 + rates);
2291 *pos++ = WLAN_EID_SUPP_RATES;
2293 memcpy(pos, bss->supp_rates, rates);
2295 pos = skb_put(skb, 2 + 1);
2296 *pos++ = WLAN_EID_DS_PARAMS;
2298 *pos++ = bss->channel;
2300 pos = skb_put(skb, 2 + 2);
2301 *pos++ = WLAN_EID_IBSS_PARAMS;
2303 /* FIX: set ATIM window based on scan results */
2307 if (bss->supp_rates_len > 8) {
2308 rates = bss->supp_rates_len - 8;
2309 pos = skb_put(skb, 2 + rates);
2310 *pos++ = WLAN_EID_EXT_SUPP_RATES;
2312 memcpy(pos, &bss->supp_rates[8], rates);
2315 memset(&control, 0, sizeof(control));
2316 memset(&extra, 0, sizeof(extra));
2317 extra.mode = local->oper_hw_mode;
2318 rate = rate_control_get_rate(local, dev, skb, &extra);
2320 printk(KERN_DEBUG "%s: Failed to determine TX rate "
2321 "for IBSS beacon\n", dev->name);
2325 ((sdata->flags & IEEE80211_SDATA_SHORT_PREAMBLE) &&
2326 (rate->flags & IEEE80211_RATE_PREAMBLE2)) ?
2327 rate->val2 : rate->val;
2328 control.antenna_sel_tx = local->hw.conf.antenna_sel_tx;
2329 control.power_level = local->hw.conf.power_level;
2330 control.flags |= IEEE80211_TXCTL_NO_ACK;
2331 control.retry_limit = 1;
2333 ifsta->probe_resp = skb_copy(skb, GFP_ATOMIC);
2334 if (ifsta->probe_resp) {
2335 mgmt = (struct ieee80211_mgmt *)
2336 ifsta->probe_resp->data;
2337 mgmt->frame_control =
2338 IEEE80211_FC(IEEE80211_FTYPE_MGMT,
2339 IEEE80211_STYPE_PROBE_RESP);
2341 printk(KERN_DEBUG "%s: Could not allocate ProbeResp "
2342 "template for IBSS\n", dev->name);
2345 if (local->ops->beacon_update &&
2346 local->ops->beacon_update(local_to_hw(local),
2347 skb, &control) == 0) {
2348 printk(KERN_DEBUG "%s: Configured IBSS beacon "
2349 "template based on scan results\n", dev->name);
2354 mode = local->oper_hw_mode;
2355 for (i = 0; i < bss->supp_rates_len; i++) {
2356 int bitrate = (bss->supp_rates[i] & 0x7f) * 5;
2357 for (j = 0; j < mode->num_rates; j++)
2358 if (mode->rates[j].rate == bitrate)
2361 ifsta->supp_rates_bits = rates;
2365 printk(KERN_DEBUG "%s: Failed to configure IBSS beacon "
2366 "template\n", dev->name);
2370 ifsta->state = IEEE80211_IBSS_JOINED;
2371 mod_timer(&ifsta->timer, jiffies + IEEE80211_IBSS_MERGE_INTERVAL);
2373 ieee80211_rx_bss_put(dev, bss);
2379 static int ieee80211_sta_create_ibss(struct net_device *dev,
2380 struct ieee80211_if_sta *ifsta)
2382 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2383 struct ieee80211_sta_bss *bss;
2384 struct ieee80211_sub_if_data *sdata;
2385 struct ieee80211_hw_mode *mode;
2386 u8 bssid[ETH_ALEN], *pos;
2388 DECLARE_MAC_BUF(mac);
2391 /* Easier testing, use fixed BSSID. */
2392 memset(bssid, 0xfe, ETH_ALEN);
2394 /* Generate random, not broadcast, locally administered BSSID. Mix in
2395 * own MAC address to make sure that devices that do not have proper
2396 * random number generator get different BSSID. */
2397 get_random_bytes(bssid, ETH_ALEN);
2398 for (i = 0; i < ETH_ALEN; i++)
2399 bssid[i] ^= dev->dev_addr[i];
2404 printk(KERN_DEBUG "%s: Creating new IBSS network, BSSID %s\n",
2405 dev->name, print_mac(mac, bssid));
2407 bss = ieee80211_rx_bss_add(dev, bssid, local->hw.conf.channel);
2411 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2412 mode = local->oper_hw_mode;
2414 if (local->hw.conf.beacon_int == 0)
2415 local->hw.conf.beacon_int = 100;
2416 bss->beacon_int = local->hw.conf.beacon_int;
2417 bss->hw_mode = local->hw.conf.phymode;
2418 bss->freq = local->hw.conf.freq;
2419 bss->last_update = jiffies;
2420 bss->capability = WLAN_CAPABILITY_IBSS;
2421 if (sdata->default_key) {
2422 bss->capability |= WLAN_CAPABILITY_PRIVACY;
2424 sdata->drop_unencrypted = 0;
2425 bss->supp_rates_len = mode->num_rates;
2426 pos = bss->supp_rates;
2427 for (i = 0; i < mode->num_rates; i++) {
2428 int rate = mode->rates[i].rate;
2429 *pos++ = (u8) (rate / 5);
2432 return ieee80211_sta_join_ibss(dev, ifsta, bss);
2436 static int ieee80211_sta_find_ibss(struct net_device *dev,
2437 struct ieee80211_if_sta *ifsta)
2439 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2440 struct ieee80211_sta_bss *bss;
2444 DECLARE_MAC_BUF(mac);
2445 DECLARE_MAC_BUF(mac2);
2447 if (ifsta->ssid_len == 0)
2450 active_ibss = ieee80211_sta_active_ibss(dev);
2451 #ifdef CONFIG_MAC80211_IBSS_DEBUG
2452 printk(KERN_DEBUG "%s: sta_find_ibss (active_ibss=%d)\n",
2453 dev->name, active_ibss);
2454 #endif /* CONFIG_MAC80211_IBSS_DEBUG */
2455 spin_lock_bh(&local->sta_bss_lock);
2456 list_for_each_entry(bss, &local->sta_bss_list, list) {
2457 if (ifsta->ssid_len != bss->ssid_len ||
2458 memcmp(ifsta->ssid, bss->ssid, bss->ssid_len) != 0
2459 || !(bss->capability & WLAN_CAPABILITY_IBSS))
2461 #ifdef CONFIG_MAC80211_IBSS_DEBUG
2462 printk(KERN_DEBUG " bssid=%s found\n",
2463 print_mac(mac, bss->bssid));
2464 #endif /* CONFIG_MAC80211_IBSS_DEBUG */
2465 memcpy(bssid, bss->bssid, ETH_ALEN);
2467 if (active_ibss || memcmp(bssid, ifsta->bssid, ETH_ALEN) != 0)
2470 spin_unlock_bh(&local->sta_bss_lock);
2472 #ifdef CONFIG_MAC80211_IBSS_DEBUG
2473 printk(KERN_DEBUG " sta_find_ibss: selected %s current "
2474 "%s\n", print_mac(mac, bssid), print_mac(mac2, ifsta->bssid));
2475 #endif /* CONFIG_MAC80211_IBSS_DEBUG */
2476 if (found && memcmp(ifsta->bssid, bssid, ETH_ALEN) != 0 &&
2477 (bss = ieee80211_rx_bss_get(dev, bssid, local->hw.conf.channel))) {
2478 printk(KERN_DEBUG "%s: Selected IBSS BSSID %s"
2479 " based on configured SSID\n",
2480 dev->name, print_mac(mac, bssid));
2481 return ieee80211_sta_join_ibss(dev, ifsta, bss);
2483 #ifdef CONFIG_MAC80211_IBSS_DEBUG
2484 printk(KERN_DEBUG " did not try to join ibss\n");
2485 #endif /* CONFIG_MAC80211_IBSS_DEBUG */
2487 /* Selected IBSS not found in current scan results - try to scan */
2488 if (ifsta->state == IEEE80211_IBSS_JOINED &&
2489 !ieee80211_sta_active_ibss(dev)) {
2490 mod_timer(&ifsta->timer, jiffies +
2491 IEEE80211_IBSS_MERGE_INTERVAL);
2492 } else if (time_after(jiffies, local->last_scan_completed +
2493 IEEE80211_SCAN_INTERVAL)) {
2494 printk(KERN_DEBUG "%s: Trigger new scan to find an IBSS to "
2495 "join\n", dev->name);
2496 return ieee80211_sta_req_scan(dev, ifsta->ssid,
2498 } else if (ifsta->state != IEEE80211_IBSS_JOINED) {
2499 int interval = IEEE80211_SCAN_INTERVAL;
2501 if (time_after(jiffies, ifsta->ibss_join_req +
2502 IEEE80211_IBSS_JOIN_TIMEOUT)) {
2503 if ((ifsta->flags & IEEE80211_STA_CREATE_IBSS) &&
2504 local->oper_channel->flag & IEEE80211_CHAN_W_IBSS)
2505 return ieee80211_sta_create_ibss(dev, ifsta);
2506 if (ifsta->flags & IEEE80211_STA_CREATE_IBSS) {
2507 printk(KERN_DEBUG "%s: IBSS not allowed on the"
2508 " configured channel %d (%d MHz)\n",
2509 dev->name, local->hw.conf.channel,
2510 local->hw.conf.freq);
2513 /* No IBSS found - decrease scan interval and continue
2515 interval = IEEE80211_SCAN_INTERVAL_SLOW;
2518 ifsta->state = IEEE80211_IBSS_SEARCH;
2519 mod_timer(&ifsta->timer, jiffies + interval);
2527 int ieee80211_sta_set_ssid(struct net_device *dev, char *ssid, size_t len)
2529 struct ieee80211_sub_if_data *sdata;
2530 struct ieee80211_if_sta *ifsta;
2531 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2533 if (len > IEEE80211_MAX_SSID_LEN)
2536 /* TODO: This should always be done for IBSS, even if IEEE80211_QOS is
2538 if (local->ops->conf_tx) {
2539 struct ieee80211_tx_queue_params qparam;
2542 memset(&qparam, 0, sizeof(qparam));
2543 /* TODO: are these ok defaults for all hw_modes? */
2546 local->hw.conf.phymode == MODE_IEEE80211B ? 31 : 15;
2547 qparam.cw_max = 1023;
2548 qparam.burst_time = 0;
2549 for (i = IEEE80211_TX_QUEUE_DATA0; i < NUM_TX_DATA_QUEUES; i++)
2551 local->ops->conf_tx(local_to_hw(local),
2552 i + IEEE80211_TX_QUEUE_DATA0,
2555 /* IBSS uses different parameters for Beacon sending */
2559 local->ops->conf_tx(local_to_hw(local),
2560 IEEE80211_TX_QUEUE_BEACON, &qparam);
2563 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2564 ifsta = &sdata->u.sta;
2566 if (ifsta->ssid_len != len || memcmp(ifsta->ssid, ssid, len) != 0)
2567 ifsta->flags &= ~IEEE80211_STA_PREV_BSSID_SET;
2568 memcpy(ifsta->ssid, ssid, len);
2569 memset(ifsta->ssid + len, 0, IEEE80211_MAX_SSID_LEN - len);
2570 ifsta->ssid_len = len;
2573 ifsta->flags |= IEEE80211_STA_SSID_SET;
2575 ifsta->flags &= ~IEEE80211_STA_SSID_SET;
2576 if (sdata->type == IEEE80211_IF_TYPE_IBSS &&
2577 !(ifsta->flags & IEEE80211_STA_BSSID_SET)) {
2578 ifsta->ibss_join_req = jiffies;
2579 ifsta->state = IEEE80211_IBSS_SEARCH;
2580 return ieee80211_sta_find_ibss(dev, ifsta);
2586 int ieee80211_sta_get_ssid(struct net_device *dev, char *ssid, size_t *len)
2588 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2589 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
2590 memcpy(ssid, ifsta->ssid, ifsta->ssid_len);
2591 *len = ifsta->ssid_len;
2596 int ieee80211_sta_set_bssid(struct net_device *dev, u8 *bssid)
2598 struct ieee80211_sub_if_data *sdata;
2599 struct ieee80211_if_sta *ifsta;
2602 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2603 ifsta = &sdata->u.sta;
2605 if (memcmp(ifsta->bssid, bssid, ETH_ALEN) != 0) {
2606 memcpy(ifsta->bssid, bssid, ETH_ALEN);
2607 res = ieee80211_if_config(dev);
2609 printk(KERN_DEBUG "%s: Failed to config new BSSID to "
2610 "the low-level driver\n", dev->name);
2615 if (is_valid_ether_addr(bssid))
2616 ifsta->flags |= IEEE80211_STA_BSSID_SET;
2618 ifsta->flags &= ~IEEE80211_STA_BSSID_SET;
2624 static void ieee80211_send_nullfunc(struct ieee80211_local *local,
2625 struct ieee80211_sub_if_data *sdata,
2628 struct sk_buff *skb;
2629 struct ieee80211_hdr *nullfunc;
2632 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 24);
2634 printk(KERN_DEBUG "%s: failed to allocate buffer for nullfunc "
2635 "frame\n", sdata->dev->name);
2638 skb_reserve(skb, local->hw.extra_tx_headroom);
2640 nullfunc = (struct ieee80211_hdr *) skb_put(skb, 24);
2641 memset(nullfunc, 0, 24);
2642 fc = IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC |
2643 IEEE80211_FCTL_TODS;
2645 fc |= IEEE80211_FCTL_PM;
2646 nullfunc->frame_control = cpu_to_le16(fc);
2647 memcpy(nullfunc->addr1, sdata->u.sta.bssid, ETH_ALEN);
2648 memcpy(nullfunc->addr2, sdata->dev->dev_addr, ETH_ALEN);
2649 memcpy(nullfunc->addr3, sdata->u.sta.bssid, ETH_ALEN);
2651 ieee80211_sta_tx(sdata->dev, skb, 0);
2655 void ieee80211_scan_completed(struct ieee80211_hw *hw)
2657 struct ieee80211_local *local = hw_to_local(hw);
2658 struct net_device *dev = local->scan_dev;
2659 struct ieee80211_sub_if_data *sdata;
2660 union iwreq_data wrqu;
2662 local->last_scan_completed = jiffies;
2664 local->sta_scanning = 0;
2666 if (ieee80211_hw_config(local))
2667 printk(KERN_DEBUG "%s: failed to restore operational"
2668 "channel after scan\n", dev->name);
2671 netif_tx_lock_bh(local->mdev);
2672 local->filter_flags &= ~FIF_BCN_PRBRESP_PROMISC;
2673 local->ops->configure_filter(local_to_hw(local),
2674 FIF_BCN_PRBRESP_PROMISC,
2675 &local->filter_flags,
2676 local->mdev->mc_count,
2677 local->mdev->mc_list);
2679 netif_tx_unlock_bh(local->mdev);
2681 memset(&wrqu, 0, sizeof(wrqu));
2682 wireless_send_event(dev, SIOCGIWSCAN, &wrqu, NULL);
2685 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
2687 /* No need to wake the master device. */
2688 if (sdata->dev == local->mdev)
2691 if (sdata->type == IEEE80211_IF_TYPE_STA) {
2692 if (sdata->u.sta.flags & IEEE80211_STA_ASSOCIATED)
2693 ieee80211_send_nullfunc(local, sdata, 0);
2694 ieee80211_sta_timer((unsigned long)sdata);
2697 netif_wake_queue(sdata->dev);
2701 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2702 if (sdata->type == IEEE80211_IF_TYPE_IBSS) {
2703 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
2704 if (!(ifsta->flags & IEEE80211_STA_BSSID_SET) ||
2705 (!ifsta->state == IEEE80211_IBSS_JOINED &&
2706 !ieee80211_sta_active_ibss(dev)))
2707 ieee80211_sta_find_ibss(dev, ifsta);
2710 EXPORT_SYMBOL(ieee80211_scan_completed);
2712 void ieee80211_sta_scan_work(struct work_struct *work)
2714 struct ieee80211_local *local =
2715 container_of(work, struct ieee80211_local, scan_work.work);
2716 struct net_device *dev = local->scan_dev;
2717 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2718 struct ieee80211_hw_mode *mode;
2719 struct ieee80211_channel *chan;
2721 unsigned long next_delay = 0;
2723 if (!local->sta_scanning)
2726 switch (local->scan_state) {
2727 case SCAN_SET_CHANNEL:
2728 mode = local->scan_hw_mode;
2729 if (local->scan_hw_mode->list.next == &local->modes_list &&
2730 local->scan_channel_idx >= mode->num_channels) {
2731 ieee80211_scan_completed(local_to_hw(local));
2734 skip = !(local->enabled_modes & (1 << mode->mode));
2735 chan = &mode->channels[local->scan_channel_idx];
2736 if (!(chan->flag & IEEE80211_CHAN_W_SCAN) ||
2737 (sdata->type == IEEE80211_IF_TYPE_IBSS &&
2738 !(chan->flag & IEEE80211_CHAN_W_IBSS)) ||
2739 (local->hw_modes & local->enabled_modes &
2740 (1 << MODE_IEEE80211G) && mode->mode == MODE_IEEE80211B))
2745 printk(KERN_DEBUG "%s: scan channel %d (%d MHz)\n",
2746 dev->name, chan->chan, chan->freq);
2749 local->scan_channel = chan;
2750 if (ieee80211_hw_config(local)) {
2751 printk(KERN_DEBUG "%s: failed to set channel "
2752 "%d (%d MHz) for scan\n", dev->name,
2753 chan->chan, chan->freq);
2758 local->scan_channel_idx++;
2759 if (local->scan_channel_idx >= local->scan_hw_mode->num_channels) {
2760 if (local->scan_hw_mode->list.next != &local->modes_list) {
2761 local->scan_hw_mode = list_entry(local->scan_hw_mode->list.next,
2762 struct ieee80211_hw_mode,
2764 local->scan_channel_idx = 0;
2771 next_delay = IEEE80211_PROBE_DELAY +
2772 usecs_to_jiffies(local->hw.channel_change_time);
2773 local->scan_state = SCAN_SEND_PROBE;
2775 case SCAN_SEND_PROBE:
2776 if (local->scan_channel->flag & IEEE80211_CHAN_W_ACTIVE_SCAN) {
2777 ieee80211_send_probe_req(dev, NULL, local->scan_ssid,
2778 local->scan_ssid_len);
2779 next_delay = IEEE80211_CHANNEL_TIME;
2781 next_delay = IEEE80211_PASSIVE_CHANNEL_TIME;
2782 local->scan_state = SCAN_SET_CHANNEL;
2786 if (local->sta_scanning)
2787 queue_delayed_work(local->hw.workqueue, &local->scan_work,
2792 static int ieee80211_sta_start_scan(struct net_device *dev,
2793 u8 *ssid, size_t ssid_len)
2795 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2796 struct ieee80211_sub_if_data *sdata;
2798 if (ssid_len > IEEE80211_MAX_SSID_LEN)
2801 /* MLME-SCAN.request (page 118) page 144 (11.1.3.1)
2802 * BSSType: INFRASTRUCTURE, INDEPENDENT, ANY_BSS
2805 * ScanType: ACTIVE, PASSIVE
2806 * ProbeDelay: delay (in microseconds) to be used prior to transmitting
2807 * a Probe frame during active scanning
2809 * MinChannelTime (>= ProbeDelay), in TU
2810 * MaxChannelTime: (>= MinChannelTime), in TU
2813 /* MLME-SCAN.confirm
2815 * ResultCode: SUCCESS, INVALID_PARAMETERS
2818 if (local->sta_scanning) {
2819 if (local->scan_dev == dev)
2824 if (local->ops->hw_scan) {
2825 int rc = local->ops->hw_scan(local_to_hw(local),
2828 local->sta_scanning = 1;
2829 local->scan_dev = dev;
2834 local->sta_scanning = 1;
2837 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
2839 /* Don't stop the master interface, otherwise we can't transmit
2841 if (sdata->dev == local->mdev)
2844 netif_stop_queue(sdata->dev);
2845 if (sdata->type == IEEE80211_IF_TYPE_STA &&
2846 (sdata->u.sta.flags & IEEE80211_STA_ASSOCIATED))
2847 ieee80211_send_nullfunc(local, sdata, 1);
2852 local->scan_ssid_len = ssid_len;
2853 memcpy(local->scan_ssid, ssid, ssid_len);
2855 local->scan_ssid_len = 0;
2856 local->scan_state = SCAN_SET_CHANNEL;
2857 local->scan_hw_mode = list_entry(local->modes_list.next,
2858 struct ieee80211_hw_mode,
2860 local->scan_channel_idx = 0;
2861 local->scan_dev = dev;
2863 netif_tx_lock_bh(local->mdev);
2864 local->filter_flags |= FIF_BCN_PRBRESP_PROMISC;
2865 local->ops->configure_filter(local_to_hw(local),
2866 FIF_BCN_PRBRESP_PROMISC,
2867 &local->filter_flags,
2868 local->mdev->mc_count,
2869 local->mdev->mc_list);
2870 netif_tx_unlock_bh(local->mdev);
2872 /* TODO: start scan as soon as all nullfunc frames are ACKed */
2873 queue_delayed_work(local->hw.workqueue, &local->scan_work,
2874 IEEE80211_CHANNEL_TIME);
2880 int ieee80211_sta_req_scan(struct net_device *dev, u8 *ssid, size_t ssid_len)
2882 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2883 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
2884 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2886 if (sdata->type != IEEE80211_IF_TYPE_STA)
2887 return ieee80211_sta_start_scan(dev, ssid, ssid_len);
2889 if (local->sta_scanning) {
2890 if (local->scan_dev == dev)
2895 set_bit(IEEE80211_STA_REQ_SCAN, &ifsta->request);
2896 queue_work(local->hw.workqueue, &ifsta->work);
2901 ieee80211_sta_scan_result(struct net_device *dev,
2902 struct ieee80211_sta_bss *bss,
2903 char *current_ev, char *end_buf)
2905 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2906 struct iw_event iwe;
2908 if (time_after(jiffies,
2909 bss->last_update + IEEE80211_SCAN_RESULT_EXPIRE))
2912 if (!(local->enabled_modes & (1 << bss->hw_mode)))
2915 if (local->scan_flags & IEEE80211_SCAN_WPA_ONLY &&
2916 !bss->wpa_ie && !bss->rsn_ie)
2919 if (local->scan_flags & IEEE80211_SCAN_MATCH_SSID &&
2920 (local->scan_ssid_len != bss->ssid_len ||
2921 memcmp(local->scan_ssid, bss->ssid, bss->ssid_len) != 0))
2924 memset(&iwe, 0, sizeof(iwe));
2925 iwe.cmd = SIOCGIWAP;
2926 iwe.u.ap_addr.sa_family = ARPHRD_ETHER;
2927 memcpy(iwe.u.ap_addr.sa_data, bss->bssid, ETH_ALEN);
2928 current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe,
2931 memset(&iwe, 0, sizeof(iwe));
2932 iwe.cmd = SIOCGIWESSID;
2933 iwe.u.data.length = bss->ssid_len;
2934 iwe.u.data.flags = 1;
2935 current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe,
2938 if (bss->capability & (WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_IBSS)) {
2939 memset(&iwe, 0, sizeof(iwe));
2940 iwe.cmd = SIOCGIWMODE;
2941 if (bss->capability & WLAN_CAPABILITY_ESS)
2942 iwe.u.mode = IW_MODE_MASTER;
2944 iwe.u.mode = IW_MODE_ADHOC;
2945 current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe,
2949 memset(&iwe, 0, sizeof(iwe));
2950 iwe.cmd = SIOCGIWFREQ;
2951 iwe.u.freq.m = bss->channel;
2953 current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe,
2955 iwe.u.freq.m = bss->freq * 100000;
2957 current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe,
2960 memset(&iwe, 0, sizeof(iwe));
2962 iwe.u.qual.qual = bss->signal;
2963 iwe.u.qual.level = bss->rssi;
2964 iwe.u.qual.noise = bss->noise;
2965 iwe.u.qual.updated = local->wstats_flags;
2966 current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe,
2969 memset(&iwe, 0, sizeof(iwe));
2970 iwe.cmd = SIOCGIWENCODE;
2971 if (bss->capability & WLAN_CAPABILITY_PRIVACY)
2972 iwe.u.data.flags = IW_ENCODE_ENABLED | IW_ENCODE_NOKEY;
2974 iwe.u.data.flags = IW_ENCODE_DISABLED;
2975 iwe.u.data.length = 0;
2976 current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe, "");
2978 if (bss && bss->wpa_ie) {
2979 memset(&iwe, 0, sizeof(iwe));
2980 iwe.cmd = IWEVGENIE;
2981 iwe.u.data.length = bss->wpa_ie_len;
2982 current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe,
2986 if (bss && bss->rsn_ie) {
2987 memset(&iwe, 0, sizeof(iwe));
2988 iwe.cmd = IWEVGENIE;
2989 iwe.u.data.length = bss->rsn_ie_len;
2990 current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe,
2994 if (bss && bss->supp_rates_len > 0) {
2995 /* display all supported rates in readable format */
2996 char *p = current_ev + IW_EV_LCP_LEN;
2999 memset(&iwe, 0, sizeof(iwe));
3000 iwe.cmd = SIOCGIWRATE;
3001 /* Those two flags are ignored... */
3002 iwe.u.bitrate.fixed = iwe.u.bitrate.disabled = 0;
3004 for (i = 0; i < bss->supp_rates_len; i++) {
3005 iwe.u.bitrate.value = ((bss->supp_rates[i] &
3007 p = iwe_stream_add_value(current_ev, p,
3008 end_buf, &iwe, IW_EV_PARAM_LEN);
3015 buf = kmalloc(30, GFP_ATOMIC);
3017 memset(&iwe, 0, sizeof(iwe));
3018 iwe.cmd = IWEVCUSTOM;
3019 sprintf(buf, "tsf=%016llx", (unsigned long long)(bss->timestamp));
3020 iwe.u.data.length = strlen(buf);
3021 current_ev = iwe_stream_add_point(current_ev, end_buf,
3030 if (!(local->scan_flags & IEEE80211_SCAN_EXTRA_INFO))
3033 buf = kmalloc(100, GFP_ATOMIC);
3037 memset(&iwe, 0, sizeof(iwe));
3038 iwe.cmd = IWEVCUSTOM;
3039 sprintf(buf, "bcn_int=%d", bss->beacon_int);
3040 iwe.u.data.length = strlen(buf);
3041 current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe,
3044 memset(&iwe, 0, sizeof(iwe));
3045 iwe.cmd = IWEVCUSTOM;
3046 sprintf(buf, "capab=0x%04x", bss->capability);
3047 iwe.u.data.length = strlen(buf);
3048 current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe,
3059 int ieee80211_sta_scan_results(struct net_device *dev, char *buf, size_t len)
3061 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
3062 char *current_ev = buf;
3063 char *end_buf = buf + len;
3064 struct ieee80211_sta_bss *bss;
3066 spin_lock_bh(&local->sta_bss_lock);
3067 list_for_each_entry(bss, &local->sta_bss_list, list) {
3068 if (buf + len - current_ev <= IW_EV_ADDR_LEN) {
3069 spin_unlock_bh(&local->sta_bss_lock);
3072 current_ev = ieee80211_sta_scan_result(dev, bss, current_ev,
3075 spin_unlock_bh(&local->sta_bss_lock);
3076 return current_ev - buf;
3080 int ieee80211_sta_set_extra_ie(struct net_device *dev, char *ie, size_t len)
3082 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3083 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
3084 kfree(ifsta->extra_ie);
3086 ifsta->extra_ie = NULL;
3087 ifsta->extra_ie_len = 0;
3090 ifsta->extra_ie = kmalloc(len, GFP_KERNEL);
3091 if (!ifsta->extra_ie) {
3092 ifsta->extra_ie_len = 0;
3095 memcpy(ifsta->extra_ie, ie, len);
3096 ifsta->extra_ie_len = len;
3101 struct sta_info * ieee80211_ibss_add_sta(struct net_device *dev,
3102 struct sk_buff *skb, u8 *bssid,
3105 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
3106 struct sta_info *sta;
3107 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3108 DECLARE_MAC_BUF(mac);
3110 /* TODO: Could consider removing the least recently used entry and
3111 * allow new one to be added. */
3112 if (local->num_sta >= IEEE80211_IBSS_MAX_STA_ENTRIES) {
3113 if (net_ratelimit()) {
3114 printk(KERN_DEBUG "%s: No room for a new IBSS STA "
3115 "entry %s\n", dev->name, print_mac(mac, addr));
3120 printk(KERN_DEBUG "%s: Adding new IBSS station %s (dev=%s)\n",
3121 wiphy_name(local->hw.wiphy), print_mac(mac, addr), dev->name);
3123 sta = sta_info_add(local, dev, addr, GFP_ATOMIC);
3127 sta->supp_rates = sdata->u.sta.supp_rates_bits;
3129 rate_control_rate_init(sta, local);
3131 return sta; /* caller will call sta_info_put() */
3135 int ieee80211_sta_deauthenticate(struct net_device *dev, u16 reason)
3137 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3138 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
3140 printk(KERN_DEBUG "%s: deauthenticate(reason=%d)\n",
3143 if (sdata->type != IEEE80211_IF_TYPE_STA &&
3144 sdata->type != IEEE80211_IF_TYPE_IBSS)
3147 ieee80211_send_deauth(dev, ifsta, reason);
3148 ieee80211_set_disassoc(dev, ifsta, 1);
3153 int ieee80211_sta_disassociate(struct net_device *dev, u16 reason)
3155 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3156 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
3158 printk(KERN_DEBUG "%s: disassociate(reason=%d)\n",
3161 if (sdata->type != IEEE80211_IF_TYPE_STA)
3164 if (!(ifsta->flags & IEEE80211_STA_ASSOCIATED))
3167 ieee80211_send_disassoc(dev, ifsta, reason);
3168 ieee80211_set_disassoc(dev, ifsta, 0);