android_kernel_xiaomi_sm8350/drivers/net/wireless/hostap/hostap_ap.c
Jouni Malinen 5bee720fd7 [PATCH] hostap: Fix skb->cb use for TX meta data
Old AP mode code for power saving was using skb->cb for couple of
flags before the more generic 802.11 TX code started using the same
buffer for struct hostap_skb_tx_data. This resulted in the power save
code corrupting the magic value in beginning of the buffer and TX code
dropping the power saved packets because of this for the case where
STAs send PS-Poll frames with PwrMgmt flag set.

This patch modifies the power save code to use the same struct
hostap_skb_tx_data as rest of the TX path in order to avoid corrupting
the data in skb->cb.

In addition, this patch reorders fields in the structure and makes
them use smaller types in order to make the structure fit in skb->cb
on 64-bit hosts.

Signed-off-by: Jouni Malinen <jkmaline@cc.hut.fi>
Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
2005-08-14 23:06:26 -04:00

3288 lines
86 KiB
C

/*
* Intersil Prism2 driver with Host AP (software access point) support
* Copyright (c) 2001-2002, SSH Communications Security Corp and Jouni Malinen
* <jkmaline@cc.hut.fi>
* Copyright (c) 2002-2005, Jouni Malinen <jkmaline@cc.hut.fi>
*
* This file is to be included into hostap.c when S/W AP functionality is
* compiled.
*
* AP: FIX:
* - if unicast Class 2 (assoc,reassoc,disassoc) frame received from
* unauthenticated STA, send deauth. frame (8802.11: 5.5)
* - if unicast Class 3 (data with to/from DS,deauth,pspoll) frame received
* from authenticated, but unassoc STA, send disassoc frame (8802.11: 5.5)
* - if unicast Class 3 received from unauthenticated STA, send deauth. frame
* (8802.11: 5.5)
*/
static int other_ap_policy[MAX_PARM_DEVICES] = { AP_OTHER_AP_SKIP_ALL,
DEF_INTS };
module_param_array(other_ap_policy, int, NULL, 0444);
MODULE_PARM_DESC(other_ap_policy, "Other AP beacon monitoring policy (0-3)");
static int ap_max_inactivity[MAX_PARM_DEVICES] = { AP_MAX_INACTIVITY_SEC,
DEF_INTS };
module_param_array(ap_max_inactivity, int, NULL, 0444);
MODULE_PARM_DESC(ap_max_inactivity, "AP timeout (in seconds) for station "
"inactivity");
static int ap_bridge_packets[MAX_PARM_DEVICES] = { 1, DEF_INTS };
module_param_array(ap_bridge_packets, int, NULL, 0444);
MODULE_PARM_DESC(ap_bridge_packets, "Bridge packets directly between "
"stations");
static int autom_ap_wds[MAX_PARM_DEVICES] = { 0, DEF_INTS };
module_param_array(autom_ap_wds, int, NULL, 0444);
MODULE_PARM_DESC(autom_ap_wds, "Add WDS connections to other APs "
"automatically");
static struct sta_info* ap_get_sta(struct ap_data *ap, u8 *sta);
static void hostap_event_expired_sta(struct net_device *dev,
struct sta_info *sta);
static void handle_add_proc_queue(void *data);
#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
static void handle_wds_oper_queue(void *data);
static void prism2_send_mgmt(struct net_device *dev,
int type, int subtype, char *body,
int body_len, u8 *addr, u16 tx_cb_idx);
#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
#ifndef PRISM2_NO_PROCFS_DEBUG
static int ap_debug_proc_read(char *page, char **start, off_t off,
int count, int *eof, void *data)
{
char *p = page;
struct ap_data *ap = (struct ap_data *) data;
if (off != 0) {
*eof = 1;
return 0;
}
p += sprintf(p, "BridgedUnicastFrames=%u\n", ap->bridged_unicast);
p += sprintf(p, "BridgedMulticastFrames=%u\n", ap->bridged_multicast);
p += sprintf(p, "max_inactivity=%u\n", ap->max_inactivity / HZ);
p += sprintf(p, "bridge_packets=%u\n", ap->bridge_packets);
p += sprintf(p, "nullfunc_ack=%u\n", ap->nullfunc_ack);
p += sprintf(p, "autom_ap_wds=%u\n", ap->autom_ap_wds);
p += sprintf(p, "auth_algs=%u\n", ap->local->auth_algs);
p += sprintf(p, "tx_drop_nonassoc=%u\n", ap->tx_drop_nonassoc);
return (p - page);
}
#endif /* PRISM2_NO_PROCFS_DEBUG */
static void ap_sta_hash_add(struct ap_data *ap, struct sta_info *sta)
{
sta->hnext = ap->sta_hash[STA_HASH(sta->addr)];
ap->sta_hash[STA_HASH(sta->addr)] = sta;
}
static void ap_sta_hash_del(struct ap_data *ap, struct sta_info *sta)
{
struct sta_info *s;
s = ap->sta_hash[STA_HASH(sta->addr)];
if (s == NULL) return;
if (memcmp(s->addr, sta->addr, ETH_ALEN) == 0) {
ap->sta_hash[STA_HASH(sta->addr)] = s->hnext;
return;
}
while (s->hnext != NULL && memcmp(s->hnext->addr, sta->addr, ETH_ALEN)
!= 0)
s = s->hnext;
if (s->hnext != NULL)
s->hnext = s->hnext->hnext;
else
printk("AP: could not remove STA " MACSTR " from hash table\n",
MAC2STR(sta->addr));
}
static void ap_free_sta(struct ap_data *ap, struct sta_info *sta)
{
if (sta->ap && sta->local)
hostap_event_expired_sta(sta->local->dev, sta);
if (ap->proc != NULL) {
char name[20];
sprintf(name, MACSTR, MAC2STR(sta->addr));
remove_proc_entry(name, ap->proc);
}
if (sta->crypt) {
sta->crypt->ops->deinit(sta->crypt->priv);
kfree(sta->crypt);
sta->crypt = NULL;
}
skb_queue_purge(&sta->tx_buf);
ap->num_sta--;
#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
if (sta->aid > 0)
ap->sta_aid[sta->aid - 1] = NULL;
if (!sta->ap && sta->u.sta.challenge)
kfree(sta->u.sta.challenge);
del_timer(&sta->timer);
#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
kfree(sta);
}
static void hostap_set_tim(local_info_t *local, int aid, int set)
{
if (local->func->set_tim)
local->func->set_tim(local->dev, aid, set);
}
static void hostap_event_new_sta(struct net_device *dev, struct sta_info *sta)
{
union iwreq_data wrqu;
memset(&wrqu, 0, sizeof(wrqu));
memcpy(wrqu.addr.sa_data, sta->addr, ETH_ALEN);
wrqu.addr.sa_family = ARPHRD_ETHER;
wireless_send_event(dev, IWEVREGISTERED, &wrqu, NULL);
}
static void hostap_event_expired_sta(struct net_device *dev,
struct sta_info *sta)
{
union iwreq_data wrqu;
memset(&wrqu, 0, sizeof(wrqu));
memcpy(wrqu.addr.sa_data, sta->addr, ETH_ALEN);
wrqu.addr.sa_family = ARPHRD_ETHER;
wireless_send_event(dev, IWEVEXPIRED, &wrqu, NULL);
}
#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
static void ap_handle_timer(unsigned long data)
{
struct sta_info *sta = (struct sta_info *) data;
local_info_t *local;
struct ap_data *ap;
unsigned long next_time = 0;
int was_assoc;
if (sta == NULL || sta->local == NULL || sta->local->ap == NULL) {
PDEBUG(DEBUG_AP, "ap_handle_timer() called with NULL data\n");
return;
}
local = sta->local;
ap = local->ap;
was_assoc = sta->flags & WLAN_STA_ASSOC;
if (atomic_read(&sta->users) != 0)
next_time = jiffies + HZ;
else if ((sta->flags & WLAN_STA_PERM) && !(sta->flags & WLAN_STA_AUTH))
next_time = jiffies + ap->max_inactivity;
if (time_before(jiffies, sta->last_rx + ap->max_inactivity)) {
/* station activity detected; reset timeout state */
sta->timeout_next = STA_NULLFUNC;
next_time = sta->last_rx + ap->max_inactivity;
} else if (sta->timeout_next == STA_DISASSOC &&
!(sta->flags & WLAN_STA_PENDING_POLL)) {
/* STA ACKed data nullfunc frame poll */
sta->timeout_next = STA_NULLFUNC;
next_time = jiffies + ap->max_inactivity;
}
if (next_time) {
sta->timer.expires = next_time;
add_timer(&sta->timer);
return;
}
if (sta->ap)
sta->timeout_next = STA_DEAUTH;
if (sta->timeout_next == STA_DEAUTH && !(sta->flags & WLAN_STA_PERM)) {
spin_lock(&ap->sta_table_lock);
ap_sta_hash_del(ap, sta);
list_del(&sta->list);
spin_unlock(&ap->sta_table_lock);
sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC);
} else if (sta->timeout_next == STA_DISASSOC)
sta->flags &= ~WLAN_STA_ASSOC;
if (was_assoc && !(sta->flags & WLAN_STA_ASSOC) && !sta->ap)
hostap_event_expired_sta(local->dev, sta);
if (sta->timeout_next == STA_DEAUTH && sta->aid > 0 &&
!skb_queue_empty(&sta->tx_buf)) {
hostap_set_tim(local, sta->aid, 0);
sta->flags &= ~WLAN_STA_TIM;
}
if (sta->ap) {
if (ap->autom_ap_wds) {
PDEBUG(DEBUG_AP, "%s: removing automatic WDS "
"connection to AP " MACSTR "\n",
local->dev->name, MAC2STR(sta->addr));
hostap_wds_link_oper(local, sta->addr, WDS_DEL);
}
} else if (sta->timeout_next == STA_NULLFUNC) {
/* send data frame to poll STA and check whether this frame
* is ACKed */
/* FIX: WLAN_FC_STYPE_NULLFUNC would be more appropriate, but
* it is apparently not retried so TX Exc events are not
* received for it */
sta->flags |= WLAN_STA_PENDING_POLL;
prism2_send_mgmt(local->dev, WLAN_FC_TYPE_DATA,
WLAN_FC_STYPE_DATA, NULL, 0,
sta->addr, ap->tx_callback_poll);
} else {
int deauth = sta->timeout_next == STA_DEAUTH;
u16 resp;
PDEBUG(DEBUG_AP, "%s: sending %s info to STA " MACSTR
"(last=%lu, jiffies=%lu)\n",
local->dev->name,
deauth ? "deauthentication" : "disassociation",
MAC2STR(sta->addr), sta->last_rx, jiffies);
resp = cpu_to_le16(deauth ? WLAN_REASON_PREV_AUTH_NOT_VALID :
WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY);
prism2_send_mgmt(local->dev, WLAN_FC_TYPE_MGMT,
(deauth ? WLAN_FC_STYPE_DEAUTH :
WLAN_FC_STYPE_DISASSOC),
(char *) &resp, 2, sta->addr, 0);
}
if (sta->timeout_next == STA_DEAUTH) {
if (sta->flags & WLAN_STA_PERM) {
PDEBUG(DEBUG_AP, "%s: STA " MACSTR " would have been "
"removed, but it has 'perm' flag\n",
local->dev->name, MAC2STR(sta->addr));
} else
ap_free_sta(ap, sta);
return;
}
if (sta->timeout_next == STA_NULLFUNC) {
sta->timeout_next = STA_DISASSOC;
sta->timer.expires = jiffies + AP_DISASSOC_DELAY;
} else {
sta->timeout_next = STA_DEAUTH;
sta->timer.expires = jiffies + AP_DEAUTH_DELAY;
}
add_timer(&sta->timer);
}
void hostap_deauth_all_stas(struct net_device *dev, struct ap_data *ap,
int resend)
{
u8 addr[ETH_ALEN];
u16 resp;
int i;
PDEBUG(DEBUG_AP, "%s: Deauthenticate all stations\n", dev->name);
memset(addr, 0xff, ETH_ALEN);
resp = __constant_cpu_to_le16(WLAN_REASON_PREV_AUTH_NOT_VALID);
/* deauth message sent; try to resend it few times; the message is
* broadcast, so it may be delayed until next DTIM; there is not much
* else we can do at this point since the driver is going to be shut
* down */
for (i = 0; i < 5; i++) {
prism2_send_mgmt(dev, WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_DEAUTH,
(char *) &resp, 2, addr, 0);
if (!resend || ap->num_sta <= 0)
return;
mdelay(50);
}
}
static int ap_control_proc_read(char *page, char **start, off_t off,
int count, int *eof, void *data)
{
char *p = page;
struct ap_data *ap = (struct ap_data *) data;
char *policy_txt;
struct list_head *ptr;
struct mac_entry *entry;
if (off != 0) {
*eof = 1;
return 0;
}
switch (ap->mac_restrictions.policy) {
case MAC_POLICY_OPEN:
policy_txt = "open";
break;
case MAC_POLICY_ALLOW:
policy_txt = "allow";
break;
case MAC_POLICY_DENY:
policy_txt = "deny";
break;
default:
policy_txt = "unknown";
break;
};
p += sprintf(p, "MAC policy: %s\n", policy_txt);
p += sprintf(p, "MAC entries: %u\n", ap->mac_restrictions.entries);
p += sprintf(p, "MAC list:\n");
spin_lock_bh(&ap->mac_restrictions.lock);
for (ptr = ap->mac_restrictions.mac_list.next;
ptr != &ap->mac_restrictions.mac_list; ptr = ptr->next) {
if (p - page > PAGE_SIZE - 80) {
p += sprintf(p, "All entries did not fit one page.\n");
break;
}
entry = list_entry(ptr, struct mac_entry, list);
p += sprintf(p, MACSTR "\n", MAC2STR(entry->addr));
}
spin_unlock_bh(&ap->mac_restrictions.lock);
return (p - page);
}
static int ap_control_add_mac(struct mac_restrictions *mac_restrictions,
u8 *mac)
{
struct mac_entry *entry;
entry = kmalloc(sizeof(struct mac_entry), GFP_KERNEL);
if (entry == NULL)
return -1;
memcpy(entry->addr, mac, ETH_ALEN);
spin_lock_bh(&mac_restrictions->lock);
list_add_tail(&entry->list, &mac_restrictions->mac_list);
mac_restrictions->entries++;
spin_unlock_bh(&mac_restrictions->lock);
return 0;
}
static int ap_control_del_mac(struct mac_restrictions *mac_restrictions,
u8 *mac)
{
struct list_head *ptr;
struct mac_entry *entry;
spin_lock_bh(&mac_restrictions->lock);
for (ptr = mac_restrictions->mac_list.next;
ptr != &mac_restrictions->mac_list; ptr = ptr->next) {
entry = list_entry(ptr, struct mac_entry, list);
if (memcmp(entry->addr, mac, ETH_ALEN) == 0) {
list_del(ptr);
kfree(entry);
mac_restrictions->entries--;
spin_unlock_bh(&mac_restrictions->lock);
return 0;
}
}
spin_unlock_bh(&mac_restrictions->lock);
return -1;
}
static int ap_control_mac_deny(struct mac_restrictions *mac_restrictions,
u8 *mac)
{
struct list_head *ptr;
struct mac_entry *entry;
int found = 0;
if (mac_restrictions->policy == MAC_POLICY_OPEN)
return 0;
spin_lock_bh(&mac_restrictions->lock);
for (ptr = mac_restrictions->mac_list.next;
ptr != &mac_restrictions->mac_list; ptr = ptr->next) {
entry = list_entry(ptr, struct mac_entry, list);
if (memcmp(entry->addr, mac, ETH_ALEN) == 0) {
found = 1;
break;
}
}
spin_unlock_bh(&mac_restrictions->lock);
if (mac_restrictions->policy == MAC_POLICY_ALLOW)
return !found;
else
return found;
}
static void ap_control_flush_macs(struct mac_restrictions *mac_restrictions)
{
struct list_head *ptr, *n;
struct mac_entry *entry;
if (mac_restrictions->entries == 0)
return;
spin_lock_bh(&mac_restrictions->lock);
for (ptr = mac_restrictions->mac_list.next, n = ptr->next;
ptr != &mac_restrictions->mac_list;
ptr = n, n = ptr->next) {
entry = list_entry(ptr, struct mac_entry, list);
list_del(ptr);
kfree(entry);
}
mac_restrictions->entries = 0;
spin_unlock_bh(&mac_restrictions->lock);
}
static int ap_control_kick_mac(struct ap_data *ap, struct net_device *dev,
u8 *mac)
{
struct sta_info *sta;
u16 resp;
spin_lock_bh(&ap->sta_table_lock);
sta = ap_get_sta(ap, mac);
if (sta) {
ap_sta_hash_del(ap, sta);
list_del(&sta->list);
}
spin_unlock_bh(&ap->sta_table_lock);
if (!sta)
return -EINVAL;
resp = cpu_to_le16(WLAN_REASON_PREV_AUTH_NOT_VALID);
prism2_send_mgmt(dev, WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_DEAUTH,
(char *) &resp, 2, sta->addr, 0);
if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap)
hostap_event_expired_sta(dev, sta);
ap_free_sta(ap, sta);
return 0;
}
#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
static void ap_control_kickall(struct ap_data *ap)
{
struct list_head *ptr, *n;
struct sta_info *sta;
spin_lock_bh(&ap->sta_table_lock);
for (ptr = ap->sta_list.next, n = ptr->next; ptr != &ap->sta_list;
ptr = n, n = ptr->next) {
sta = list_entry(ptr, struct sta_info, list);
ap_sta_hash_del(ap, sta);
list_del(&sta->list);
if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap && sta->local)
hostap_event_expired_sta(sta->local->dev, sta);
ap_free_sta(ap, sta);
}
spin_unlock_bh(&ap->sta_table_lock);
}
#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
#define PROC_LIMIT (PAGE_SIZE - 80)
static int prism2_ap_proc_read(char *page, char **start, off_t off,
int count, int *eof, void *data)
{
char *p = page;
struct ap_data *ap = (struct ap_data *) data;
struct list_head *ptr;
int i;
if (off > PROC_LIMIT) {
*eof = 1;
return 0;
}
p += sprintf(p, "# BSSID CHAN SIGNAL NOISE RATE SSID FLAGS\n");
spin_lock_bh(&ap->sta_table_lock);
for (ptr = ap->sta_list.next; ptr != &ap->sta_list; ptr = ptr->next) {
struct sta_info *sta = (struct sta_info *) ptr;
if (!sta->ap)
continue;
p += sprintf(p, MACSTR " %d %d %d %d '", MAC2STR(sta->addr),
sta->u.ap.channel, sta->last_rx_signal,
sta->last_rx_silence, sta->last_rx_rate);
for (i = 0; i < sta->u.ap.ssid_len; i++)
p += sprintf(p, ((sta->u.ap.ssid[i] >= 32 &&
sta->u.ap.ssid[i] < 127) ?
"%c" : "<%02x>"),
sta->u.ap.ssid[i]);
p += sprintf(p, "'");
if (sta->capability & WLAN_CAPABILITY_ESS)
p += sprintf(p, " [ESS]");
if (sta->capability & WLAN_CAPABILITY_IBSS)
p += sprintf(p, " [IBSS]");
if (sta->capability & WLAN_CAPABILITY_PRIVACY)
p += sprintf(p, " [WEP]");
p += sprintf(p, "\n");
if ((p - page) > PROC_LIMIT) {
printk(KERN_DEBUG "hostap: ap proc did not fit\n");
break;
}
}
spin_unlock_bh(&ap->sta_table_lock);
if ((p - page) <= off) {
*eof = 1;
return 0;
}
*start = page + off;
return (p - page - off);
}
#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
void hostap_check_sta_fw_version(struct ap_data *ap, int sta_fw_ver)
{
if (!ap)
return;
if (sta_fw_ver == PRISM2_FW_VER(0,8,0)) {
PDEBUG(DEBUG_AP, "Using data::nullfunc ACK workaround - "
"firmware upgrade recommended\n");
ap->nullfunc_ack = 1;
} else
ap->nullfunc_ack = 0;
if (sta_fw_ver == PRISM2_FW_VER(1,4,2)) {
printk(KERN_WARNING "%s: Warning: secondary station firmware "
"version 1.4.2 does not seem to work in Host AP mode\n",
ap->local->dev->name);
}
}
/* Called only as a tasklet (software IRQ) */
static void hostap_ap_tx_cb(struct sk_buff *skb, int ok, void *data)
{
struct ap_data *ap = data;
u16 fc;
struct hostap_ieee80211_hdr *hdr;
if (!ap->local->hostapd || !ap->local->apdev) {
dev_kfree_skb(skb);
return;
}
hdr = (struct hostap_ieee80211_hdr *) skb->data;
fc = le16_to_cpu(hdr->frame_control);
/* Pass the TX callback frame to the hostapd; use 802.11 header version
* 1 to indicate failure (no ACK) and 2 success (frame ACKed) */
fc &= ~WLAN_FC_PVER;
fc |= ok ? BIT(1) : BIT(0);
hdr->frame_control = cpu_to_le16(fc);
skb->dev = ap->local->apdev;
skb_pull(skb, hostap_80211_get_hdrlen(fc));
skb->pkt_type = PACKET_OTHERHOST;
skb->protocol = __constant_htons(ETH_P_802_2);
memset(skb->cb, 0, sizeof(skb->cb));
netif_rx(skb);
}
#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
/* Called only as a tasklet (software IRQ) */
static void hostap_ap_tx_cb_auth(struct sk_buff *skb, int ok, void *data)
{
struct ap_data *ap = data;
struct net_device *dev = ap->local->dev;
struct hostap_ieee80211_hdr *hdr;
u16 fc, *pos, auth_alg, auth_transaction, status;
struct sta_info *sta = NULL;
char *txt = NULL;
if (ap->local->hostapd) {
dev_kfree_skb(skb);
return;
}
hdr = (struct hostap_ieee80211_hdr *) skb->data;
fc = le16_to_cpu(hdr->frame_control);
if (HOSTAP_FC_GET_TYPE(fc) != WLAN_FC_TYPE_MGMT ||
HOSTAP_FC_GET_STYPE(fc) != WLAN_FC_STYPE_AUTH ||
skb->len < IEEE80211_MGMT_HDR_LEN + 6) {
printk(KERN_DEBUG "%s: hostap_ap_tx_cb_auth received invalid "
"frame\n", dev->name);
dev_kfree_skb(skb);
return;
}
pos = (u16 *) (skb->data + IEEE80211_MGMT_HDR_LEN);
auth_alg = le16_to_cpu(*pos++);
auth_transaction = le16_to_cpu(*pos++);
status = le16_to_cpu(*pos++);
if (!ok) {
txt = "frame was not ACKed";
goto done;
}
spin_lock(&ap->sta_table_lock);
sta = ap_get_sta(ap, hdr->addr1);
if (sta)
atomic_inc(&sta->users);
spin_unlock(&ap->sta_table_lock);
if (!sta) {
txt = "STA not found";
goto done;
}
if (status == WLAN_STATUS_SUCCESS &&
((auth_alg == WLAN_AUTH_OPEN && auth_transaction == 2) ||
(auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 4))) {
txt = "STA authenticated";
sta->flags |= WLAN_STA_AUTH;
sta->last_auth = jiffies;
} else if (status != WLAN_STATUS_SUCCESS)
txt = "authentication failed";
done:
if (sta)
atomic_dec(&sta->users);
if (txt) {
PDEBUG(DEBUG_AP, "%s: " MACSTR " auth_cb - alg=%d trans#=%d "
"status=%d - %s\n",
dev->name, MAC2STR(hdr->addr1), auth_alg,
auth_transaction, status, txt);
}
dev_kfree_skb(skb);
}
/* Called only as a tasklet (software IRQ) */
static void hostap_ap_tx_cb_assoc(struct sk_buff *skb, int ok, void *data)
{
struct ap_data *ap = data;
struct net_device *dev = ap->local->dev;
struct hostap_ieee80211_hdr *hdr;
u16 fc, *pos, status;
struct sta_info *sta = NULL;
char *txt = NULL;
if (ap->local->hostapd) {
dev_kfree_skb(skb);
return;
}
hdr = (struct hostap_ieee80211_hdr *) skb->data;
fc = le16_to_cpu(hdr->frame_control);
if (HOSTAP_FC_GET_TYPE(fc) != WLAN_FC_TYPE_MGMT ||
(HOSTAP_FC_GET_STYPE(fc) != WLAN_FC_STYPE_ASSOC_RESP &&
HOSTAP_FC_GET_STYPE(fc) != WLAN_FC_STYPE_REASSOC_RESP) ||
skb->len < IEEE80211_MGMT_HDR_LEN + 4) {
printk(KERN_DEBUG "%s: hostap_ap_tx_cb_assoc received invalid "
"frame\n", dev->name);
dev_kfree_skb(skb);
return;
}
if (!ok) {
txt = "frame was not ACKed";
goto done;
}
spin_lock(&ap->sta_table_lock);
sta = ap_get_sta(ap, hdr->addr1);
if (sta)
atomic_inc(&sta->users);
spin_unlock(&ap->sta_table_lock);
if (!sta) {
txt = "STA not found";
goto done;
}
pos = (u16 *) (skb->data + IEEE80211_MGMT_HDR_LEN);
pos++;
status = le16_to_cpu(*pos++);
if (status == WLAN_STATUS_SUCCESS) {
if (!(sta->flags & WLAN_STA_ASSOC))
hostap_event_new_sta(dev, sta);
txt = "STA associated";
sta->flags |= WLAN_STA_ASSOC;
sta->last_assoc = jiffies;
} else
txt = "association failed";
done:
if (sta)
atomic_dec(&sta->users);
if (txt) {
PDEBUG(DEBUG_AP, "%s: " MACSTR " assoc_cb - %s\n",
dev->name, MAC2STR(hdr->addr1), txt);
}
dev_kfree_skb(skb);
}
/* Called only as a tasklet (software IRQ); TX callback for poll frames used
* in verifying whether the STA is still present. */
static void hostap_ap_tx_cb_poll(struct sk_buff *skb, int ok, void *data)
{
struct ap_data *ap = data;
struct hostap_ieee80211_hdr *hdr;
struct sta_info *sta;
if (skb->len < 24)
goto fail;
hdr = (struct hostap_ieee80211_hdr *) skb->data;
if (ok) {
spin_lock(&ap->sta_table_lock);
sta = ap_get_sta(ap, hdr->addr1);
if (sta)
sta->flags &= ~WLAN_STA_PENDING_POLL;
spin_unlock(&ap->sta_table_lock);
} else {
PDEBUG(DEBUG_AP, "%s: STA " MACSTR " did not ACK activity "
"poll frame\n", ap->local->dev->name,
MAC2STR(hdr->addr1));
}
fail:
dev_kfree_skb(skb);
}
#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
void hostap_init_data(local_info_t *local)
{
struct ap_data *ap = local->ap;
if (ap == NULL) {
printk(KERN_WARNING "hostap_init_data: ap == NULL\n");
return;
}
memset(ap, 0, sizeof(struct ap_data));
ap->local = local;
ap->ap_policy = GET_INT_PARM(other_ap_policy, local->card_idx);
ap->bridge_packets = GET_INT_PARM(ap_bridge_packets, local->card_idx);
ap->max_inactivity =
GET_INT_PARM(ap_max_inactivity, local->card_idx) * HZ;
ap->autom_ap_wds = GET_INT_PARM(autom_ap_wds, local->card_idx);
spin_lock_init(&ap->sta_table_lock);
INIT_LIST_HEAD(&ap->sta_list);
/* Initialize task queue structure for AP management */
INIT_WORK(&local->ap->add_sta_proc_queue, handle_add_proc_queue, ap);
ap->tx_callback_idx =
hostap_tx_callback_register(local, hostap_ap_tx_cb, ap);
if (ap->tx_callback_idx == 0)
printk(KERN_WARNING "%s: failed to register TX callback for "
"AP\n", local->dev->name);
#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
INIT_WORK(&local->ap->wds_oper_queue, handle_wds_oper_queue, local);
ap->tx_callback_auth =
hostap_tx_callback_register(local, hostap_ap_tx_cb_auth, ap);
ap->tx_callback_assoc =
hostap_tx_callback_register(local, hostap_ap_tx_cb_assoc, ap);
ap->tx_callback_poll =
hostap_tx_callback_register(local, hostap_ap_tx_cb_poll, ap);
if (ap->tx_callback_auth == 0 || ap->tx_callback_assoc == 0 ||
ap->tx_callback_poll == 0)
printk(KERN_WARNING "%s: failed to register TX callback for "
"AP\n", local->dev->name);
spin_lock_init(&ap->mac_restrictions.lock);
INIT_LIST_HEAD(&ap->mac_restrictions.mac_list);
#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
ap->initialized = 1;
}
void hostap_init_ap_proc(local_info_t *local)
{
struct ap_data *ap = local->ap;
ap->proc = local->proc;
if (ap->proc == NULL)
return;
#ifndef PRISM2_NO_PROCFS_DEBUG
create_proc_read_entry("ap_debug", 0, ap->proc,
ap_debug_proc_read, ap);
#endif /* PRISM2_NO_PROCFS_DEBUG */
#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
create_proc_read_entry("ap_control", 0, ap->proc,
ap_control_proc_read, ap);
create_proc_read_entry("ap", 0, ap->proc,
prism2_ap_proc_read, ap);
#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
}
void hostap_free_data(struct ap_data *ap)
{
struct list_head *n, *ptr;
if (ap == NULL || !ap->initialized) {
printk(KERN_DEBUG "hostap_free_data: ap has not yet been "
"initialized - skip resource freeing\n");
return;
}
#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
if (ap->crypt)
ap->crypt->deinit(ap->crypt_priv);
ap->crypt = ap->crypt_priv = NULL;
#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
list_for_each_safe(ptr, n, &ap->sta_list) {
struct sta_info *sta = list_entry(ptr, struct sta_info, list);
ap_sta_hash_del(ap, sta);
list_del(&sta->list);
if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap && sta->local)
hostap_event_expired_sta(sta->local->dev, sta);
ap_free_sta(ap, sta);
}
#ifndef PRISM2_NO_PROCFS_DEBUG
if (ap->proc != NULL) {
remove_proc_entry("ap_debug", ap->proc);
}
#endif /* PRISM2_NO_PROCFS_DEBUG */
#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
if (ap->proc != NULL) {
remove_proc_entry("ap", ap->proc);
remove_proc_entry("ap_control", ap->proc);
}
ap_control_flush_macs(&ap->mac_restrictions);
#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
ap->initialized = 0;
}
/* caller should have mutex for AP STA list handling */
static struct sta_info* ap_get_sta(struct ap_data *ap, u8 *sta)
{
struct sta_info *s;
s = ap->sta_hash[STA_HASH(sta)];
while (s != NULL && memcmp(s->addr, sta, ETH_ALEN) != 0)
s = s->hnext;
return s;
}
#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
/* Called from timer handler and from scheduled AP queue handlers */
static void prism2_send_mgmt(struct net_device *dev,
int type, int subtype, char *body,
int body_len, u8 *addr, u16 tx_cb_idx)
{
struct hostap_interface *iface;
local_info_t *local;
struct hostap_ieee80211_hdr *hdr;
u16 fc;
struct sk_buff *skb;
struct hostap_skb_tx_data *meta;
int hdrlen;
iface = netdev_priv(dev);
local = iface->local;
dev = local->dev; /* always use master radio device */
iface = netdev_priv(dev);
if (!(dev->flags & IFF_UP)) {
PDEBUG(DEBUG_AP, "%s: prism2_send_mgmt - device is not UP - "
"cannot send frame\n", dev->name);
return;
}
skb = dev_alloc_skb(sizeof(*hdr) + body_len);
if (skb == NULL) {
PDEBUG(DEBUG_AP, "%s: prism2_send_mgmt failed to allocate "
"skb\n", dev->name);
return;
}
fc = (type << 2) | (subtype << 4);
hdrlen = hostap_80211_get_hdrlen(fc);
hdr = (struct hostap_ieee80211_hdr *) skb_put(skb, hdrlen);
if (body)
memcpy(skb_put(skb, body_len), body, body_len);
memset(hdr, 0, hdrlen);
/* FIX: ctrl::ack sending used special HFA384X_TX_CTRL_802_11
* tx_control instead of using local->tx_control */
memcpy(hdr->addr1, addr, ETH_ALEN); /* DA / RA */
if (type == WLAN_FC_TYPE_DATA) {
fc |= WLAN_FC_FROMDS;
memcpy(hdr->addr2, dev->dev_addr, ETH_ALEN); /* BSSID */
memcpy(hdr->addr3, dev->dev_addr, ETH_ALEN); /* SA */
} else if (type == WLAN_FC_TYPE_CTRL) {
/* control:ACK does not have addr2 or addr3 */
memset(hdr->addr2, 0, ETH_ALEN);
memset(hdr->addr3, 0, ETH_ALEN);
} else {
memcpy(hdr->addr2, dev->dev_addr, ETH_ALEN); /* SA */
memcpy(hdr->addr3, dev->dev_addr, ETH_ALEN); /* BSSID */
}
hdr->frame_control = cpu_to_le16(fc);
meta = (struct hostap_skb_tx_data *) skb->cb;
memset(meta, 0, sizeof(*meta));
meta->magic = HOSTAP_SKB_TX_DATA_MAGIC;
meta->iface = iface;
meta->tx_cb_idx = tx_cb_idx;
skb->dev = dev;
skb->mac.raw = skb->nh.raw = skb->data;
dev_queue_xmit(skb);
}
#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
static int prism2_sta_proc_read(char *page, char **start, off_t off,
int count, int *eof, void *data)
{
char *p = page;
struct sta_info *sta = (struct sta_info *) data;
int i;
/* FIX: possible race condition.. the STA data could have just expired,
* but proc entry was still here so that the read could have started;
* some locking should be done here.. */
if (off != 0) {
*eof = 1;
return 0;
}
p += sprintf(p, "%s=" MACSTR "\nusers=%d\naid=%d\n"
"flags=0x%04x%s%s%s%s%s%s%s\n"
"capability=0x%02x\nlisten_interval=%d\nsupported_rates=",
sta->ap ? "AP" : "STA",
MAC2STR(sta->addr), atomic_read(&sta->users), sta->aid,
sta->flags,
sta->flags & WLAN_STA_AUTH ? " AUTH" : "",
sta->flags & WLAN_STA_ASSOC ? " ASSOC" : "",
sta->flags & WLAN_STA_PS ? " PS" : "",
sta->flags & WLAN_STA_TIM ? " TIM" : "",
sta->flags & WLAN_STA_PERM ? " PERM" : "",
sta->flags & WLAN_STA_AUTHORIZED ? " AUTHORIZED" : "",
sta->flags & WLAN_STA_PENDING_POLL ? " POLL" : "",
sta->capability, sta->listen_interval);
/* supported_rates: 500 kbit/s units with msb ignored */
for (i = 0; i < sizeof(sta->supported_rates); i++)
if (sta->supported_rates[i] != 0)
p += sprintf(p, "%d%sMbps ",
(sta->supported_rates[i] & 0x7f) / 2,
sta->supported_rates[i] & 1 ? ".5" : "");
p += sprintf(p, "\njiffies=%lu\nlast_auth=%lu\nlast_assoc=%lu\n"
"last_rx=%lu\nlast_tx=%lu\nrx_packets=%lu\n"
"tx_packets=%lu\n"
"rx_bytes=%lu\ntx_bytes=%lu\nbuffer_count=%d\n"
"last_rx: silence=%d dBm signal=%d dBm rate=%d%s Mbps\n"
"tx_rate=%d\ntx[1M]=%d\ntx[2M]=%d\ntx[5.5M]=%d\n"
"tx[11M]=%d\n"
"rx[1M]=%d\nrx[2M]=%d\nrx[5.5M]=%d\nrx[11M]=%d\n",
jiffies, sta->last_auth, sta->last_assoc, sta->last_rx,
sta->last_tx,
sta->rx_packets, sta->tx_packets, sta->rx_bytes,
sta->tx_bytes, skb_queue_len(&sta->tx_buf),
sta->last_rx_silence,
sta->last_rx_signal, sta->last_rx_rate / 10,
sta->last_rx_rate % 10 ? ".5" : "",
sta->tx_rate, sta->tx_count[0], sta->tx_count[1],
sta->tx_count[2], sta->tx_count[3], sta->rx_count[0],
sta->rx_count[1], sta->rx_count[2], sta->rx_count[3]);
if (sta->crypt && sta->crypt->ops && sta->crypt->ops->print_stats)
p = sta->crypt->ops->print_stats(p, sta->crypt->priv);
#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
if (sta->ap) {
if (sta->u.ap.channel >= 0)
p += sprintf(p, "channel=%d\n", sta->u.ap.channel);
p += sprintf(p, "ssid=");
for (i = 0; i < sta->u.ap.ssid_len; i++)
p += sprintf(p, ((sta->u.ap.ssid[i] >= 32 &&
sta->u.ap.ssid[i] < 127) ?
"%c" : "<%02x>"),
sta->u.ap.ssid[i]);
p += sprintf(p, "\n");
}
#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
return (p - page);
}
static void handle_add_proc_queue(void *data)
{
struct ap_data *ap = (struct ap_data *) data;
struct sta_info *sta;
char name[20];
struct add_sta_proc_data *entry, *prev;
entry = ap->add_sta_proc_entries;
ap->add_sta_proc_entries = NULL;
while (entry) {
spin_lock_bh(&ap->sta_table_lock);
sta = ap_get_sta(ap, entry->addr);
if (sta)
atomic_inc(&sta->users);
spin_unlock_bh(&ap->sta_table_lock);
if (sta) {
sprintf(name, MACSTR, MAC2STR(sta->addr));
sta->proc = create_proc_read_entry(
name, 0, ap->proc,
prism2_sta_proc_read, sta);
atomic_dec(&sta->users);
}
prev = entry;
entry = entry->next;
kfree(prev);
}
}
static struct sta_info * ap_add_sta(struct ap_data *ap, u8 *addr)
{
struct sta_info *sta;
sta = (struct sta_info *)
kmalloc(sizeof(struct sta_info), GFP_ATOMIC);
if (sta == NULL) {
PDEBUG(DEBUG_AP, "AP: kmalloc failed\n");
return NULL;
}
/* initialize STA info data */
memset(sta, 0, sizeof(struct sta_info));
sta->local = ap->local;
skb_queue_head_init(&sta->tx_buf);
memcpy(sta->addr, addr, ETH_ALEN);
atomic_inc(&sta->users);
spin_lock_bh(&ap->sta_table_lock);
list_add(&sta->list, &ap->sta_list);
ap->num_sta++;
ap_sta_hash_add(ap, sta);
spin_unlock_bh(&ap->sta_table_lock);
if (ap->proc) {
struct add_sta_proc_data *entry;
/* schedule a non-interrupt context process to add a procfs
* entry for the STA since procfs code use GFP_KERNEL */
entry = kmalloc(sizeof(*entry), GFP_ATOMIC);
if (entry) {
memcpy(entry->addr, sta->addr, ETH_ALEN);
entry->next = ap->add_sta_proc_entries;
ap->add_sta_proc_entries = entry;
schedule_work(&ap->add_sta_proc_queue);
} else
printk(KERN_DEBUG "Failed to add STA proc data\n");
}
#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
init_timer(&sta->timer);
sta->timer.expires = jiffies + ap->max_inactivity;
sta->timer.data = (unsigned long) sta;
sta->timer.function = ap_handle_timer;
if (!ap->local->hostapd)
add_timer(&sta->timer);
#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
return sta;
}
static int ap_tx_rate_ok(int rateidx, struct sta_info *sta,
local_info_t *local)
{
if (rateidx > sta->tx_max_rate ||
!(sta->tx_supp_rates & (1 << rateidx)))
return 0;
if (local->tx_rate_control != 0 &&
!(local->tx_rate_control & (1 << rateidx)))
return 0;
return 1;
}
static void prism2_check_tx_rates(struct sta_info *sta)
{
int i;
sta->tx_supp_rates = 0;
for (i = 0; i < sizeof(sta->supported_rates); i++) {
if ((sta->supported_rates[i] & 0x7f) == 2)
sta->tx_supp_rates |= WLAN_RATE_1M;
if ((sta->supported_rates[i] & 0x7f) == 4)
sta->tx_supp_rates |= WLAN_RATE_2M;
if ((sta->supported_rates[i] & 0x7f) == 11)
sta->tx_supp_rates |= WLAN_RATE_5M5;
if ((sta->supported_rates[i] & 0x7f) == 22)
sta->tx_supp_rates |= WLAN_RATE_11M;
}
sta->tx_max_rate = sta->tx_rate = sta->tx_rate_idx = 0;
if (sta->tx_supp_rates & WLAN_RATE_1M) {
sta->tx_max_rate = 0;
if (ap_tx_rate_ok(0, sta, sta->local)) {
sta->tx_rate = 10;
sta->tx_rate_idx = 0;
}
}
if (sta->tx_supp_rates & WLAN_RATE_2M) {
sta->tx_max_rate = 1;
if (ap_tx_rate_ok(1, sta, sta->local)) {
sta->tx_rate = 20;
sta->tx_rate_idx = 1;
}
}
if (sta->tx_supp_rates & WLAN_RATE_5M5) {
sta->tx_max_rate = 2;
if (ap_tx_rate_ok(2, sta, sta->local)) {
sta->tx_rate = 55;
sta->tx_rate_idx = 2;
}
}
if (sta->tx_supp_rates & WLAN_RATE_11M) {
sta->tx_max_rate = 3;
if (ap_tx_rate_ok(3, sta, sta->local)) {
sta->tx_rate = 110;
sta->tx_rate_idx = 3;
}
}
}
#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
static void ap_crypt_init(struct ap_data *ap)
{
ap->crypt = ieee80211_get_crypto_ops("WEP");
if (ap->crypt) {
if (ap->crypt->init) {
ap->crypt_priv = ap->crypt->init(0);
if (ap->crypt_priv == NULL)
ap->crypt = NULL;
else {
u8 key[WEP_KEY_LEN];
get_random_bytes(key, WEP_KEY_LEN);
ap->crypt->set_key(key, WEP_KEY_LEN, NULL,
ap->crypt_priv);
}
}
}
if (ap->crypt == NULL) {
printk(KERN_WARNING "AP could not initialize WEP: load module "
"ieee80211_crypt_wep.ko\n");
}
}
/* Generate challenge data for shared key authentication. IEEE 802.11 specifies
* that WEP algorithm is used for generating challange. This should be unique,
* but otherwise there is not really need for randomness etc. Initialize WEP
* with pseudo random key and then use increasing IV to get unique challenge
* streams.
*
* Called only as a scheduled task for pending AP frames.
*/
static char * ap_auth_make_challenge(struct ap_data *ap)
{
char *tmpbuf;
struct sk_buff *skb;
if (ap->crypt == NULL) {
ap_crypt_init(ap);
if (ap->crypt == NULL)
return NULL;
}
tmpbuf = (char *) kmalloc(WLAN_AUTH_CHALLENGE_LEN, GFP_ATOMIC);
if (tmpbuf == NULL) {
PDEBUG(DEBUG_AP, "AP: kmalloc failed for challenge\n");
return NULL;
}
skb = dev_alloc_skb(WLAN_AUTH_CHALLENGE_LEN +
ap->crypt->extra_prefix_len +
ap->crypt->extra_postfix_len);
if (skb == NULL) {
kfree(tmpbuf);
return NULL;
}
skb_reserve(skb, ap->crypt->extra_prefix_len);
memset(skb_put(skb, WLAN_AUTH_CHALLENGE_LEN), 0,
WLAN_AUTH_CHALLENGE_LEN);
if (ap->crypt->encrypt_mpdu(skb, 0, ap->crypt_priv)) {
dev_kfree_skb(skb);
kfree(tmpbuf);
return NULL;
}
memcpy(tmpbuf, skb->data + ap->crypt->extra_prefix_len,
WLAN_AUTH_CHALLENGE_LEN);
dev_kfree_skb(skb);
return tmpbuf;
}
/* Called only as a scheduled task for pending AP frames. */
static void handle_authen(local_info_t *local, struct sk_buff *skb,
struct hostap_80211_rx_status *rx_stats)
{
struct net_device *dev = local->dev;
struct hostap_ieee80211_hdr *hdr =
(struct hostap_ieee80211_hdr *) skb->data;
size_t hdrlen;
struct ap_data *ap = local->ap;
char body[8 + WLAN_AUTH_CHALLENGE_LEN], *challenge = NULL;
int len, olen;
u16 auth_alg, auth_transaction, status_code, *pos;
u16 resp = WLAN_STATUS_SUCCESS, fc;
struct sta_info *sta = NULL;
struct ieee80211_crypt_data *crypt;
char *txt = "";
len = skb->len - IEEE80211_MGMT_HDR_LEN;
fc = le16_to_cpu(hdr->frame_control);
hdrlen = hostap_80211_get_hdrlen(fc);
if (len < 6) {
PDEBUG(DEBUG_AP, "%s: handle_authen - too short payload "
"(len=%d) from " MACSTR "\n", dev->name, len,
MAC2STR(hdr->addr2));
return;
}
spin_lock_bh(&local->ap->sta_table_lock);
sta = ap_get_sta(local->ap, hdr->addr2);
if (sta)
atomic_inc(&sta->users);
spin_unlock_bh(&local->ap->sta_table_lock);
if (sta && sta->crypt)
crypt = sta->crypt;
else {
int idx = 0;
if (skb->len >= hdrlen + 3)
idx = skb->data[hdrlen + 3] >> 6;
crypt = local->crypt[idx];
}
pos = (u16 *) (skb->data + IEEE80211_MGMT_HDR_LEN);
auth_alg = __le16_to_cpu(*pos);
pos++;
auth_transaction = __le16_to_cpu(*pos);
pos++;
status_code = __le16_to_cpu(*pos);
pos++;
if (memcmp(dev->dev_addr, hdr->addr2, ETH_ALEN) == 0 ||
ap_control_mac_deny(&ap->mac_restrictions, hdr->addr2)) {
txt = "authentication denied";
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
goto fail;
}
if (((local->auth_algs & PRISM2_AUTH_OPEN) &&
auth_alg == WLAN_AUTH_OPEN) ||
((local->auth_algs & PRISM2_AUTH_SHARED_KEY) &&
crypt && auth_alg == WLAN_AUTH_SHARED_KEY)) {
} else {
txt = "unsupported algorithm";
resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG;
goto fail;
}
if (len >= 8) {
u8 *u = (u8 *) pos;
if (*u == WLAN_EID_CHALLENGE) {
if (*(u + 1) != WLAN_AUTH_CHALLENGE_LEN) {
txt = "invalid challenge len";
resp = WLAN_STATUS_CHALLENGE_FAIL;
goto fail;
}
if (len - 8 < WLAN_AUTH_CHALLENGE_LEN) {
txt = "challenge underflow";
resp = WLAN_STATUS_CHALLENGE_FAIL;
goto fail;
}
challenge = (char *) (u + 2);
}
}
if (sta && sta->ap) {
if (time_after(jiffies, sta->u.ap.last_beacon +
(10 * sta->listen_interval * HZ) / 1024)) {
PDEBUG(DEBUG_AP, "%s: no beacons received for a while,"
" assuming AP " MACSTR " is now STA\n",
dev->name, MAC2STR(sta->addr));
sta->ap = 0;
sta->flags = 0;
sta->u.sta.challenge = NULL;
} else {
txt = "AP trying to authenticate?";
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
goto fail;
}
}
if ((auth_alg == WLAN_AUTH_OPEN && auth_transaction == 1) ||
(auth_alg == WLAN_AUTH_SHARED_KEY &&
(auth_transaction == 1 ||
(auth_transaction == 3 && sta != NULL &&
sta->u.sta.challenge != NULL)))) {
} else {
txt = "unknown authentication transaction number";
resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION;
goto fail;
}
if (sta == NULL) {
txt = "new STA";
if (local->ap->num_sta >= MAX_STA_COUNT) {
/* FIX: might try to remove some old STAs first? */
txt = "no more room for new STAs";
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
goto fail;
}
sta = ap_add_sta(local->ap, hdr->addr2);
if (sta == NULL) {
txt = "ap_add_sta failed";
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
goto fail;
}
}
switch (auth_alg) {
case WLAN_AUTH_OPEN:
txt = "authOK";
/* IEEE 802.11 standard is not completely clear about
* whether STA is considered authenticated after
* authentication OK frame has been send or after it
* has been ACKed. In order to reduce interoperability
* issues, mark the STA authenticated before ACK. */
sta->flags |= WLAN_STA_AUTH;
break;
case WLAN_AUTH_SHARED_KEY:
if (auth_transaction == 1) {
if (sta->u.sta.challenge == NULL) {
sta->u.sta.challenge =
ap_auth_make_challenge(local->ap);
if (sta->u.sta.challenge == NULL) {
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
goto fail;
}
}
} else {
if (sta->u.sta.challenge == NULL ||
challenge == NULL ||
memcmp(sta->u.sta.challenge, challenge,
WLAN_AUTH_CHALLENGE_LEN) != 0 ||
!(fc & WLAN_FC_ISWEP)) {
txt = "challenge response incorrect";
resp = WLAN_STATUS_CHALLENGE_FAIL;
goto fail;
}
txt = "challenge OK - authOK";
/* IEEE 802.11 standard is not completely clear about
* whether STA is considered authenticated after
* authentication OK frame has been send or after it
* has been ACKed. In order to reduce interoperability
* issues, mark the STA authenticated before ACK. */
sta->flags |= WLAN_STA_AUTH;
kfree(sta->u.sta.challenge);
sta->u.sta.challenge = NULL;
}
break;
}
fail:
pos = (u16 *) body;
*pos = cpu_to_le16(auth_alg);
pos++;
*pos = cpu_to_le16(auth_transaction + 1);
pos++;
*pos = cpu_to_le16(resp); /* status_code */
pos++;
olen = 6;
if (resp == WLAN_STATUS_SUCCESS && sta != NULL &&
sta->u.sta.challenge != NULL &&
auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 1) {
u8 *tmp = (u8 *) pos;
*tmp++ = WLAN_EID_CHALLENGE;
*tmp++ = WLAN_AUTH_CHALLENGE_LEN;
pos++;
memcpy(pos, sta->u.sta.challenge, WLAN_AUTH_CHALLENGE_LEN);
olen += 2 + WLAN_AUTH_CHALLENGE_LEN;
}
prism2_send_mgmt(dev, WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_AUTH,
body, olen, hdr->addr2, ap->tx_callback_auth);
if (sta) {
sta->last_rx = jiffies;
atomic_dec(&sta->users);
}
if (resp) {
PDEBUG(DEBUG_AP, "%s: " MACSTR " auth (alg=%d trans#=%d "
"stat=%d len=%d fc=%04x) ==> %d (%s)\n",
dev->name, MAC2STR(hdr->addr2), auth_alg,
auth_transaction, status_code, len, fc, resp, txt);
}
}
/* Called only as a scheduled task for pending AP frames. */
static void handle_assoc(local_info_t *local, struct sk_buff *skb,
struct hostap_80211_rx_status *rx_stats, int reassoc)
{
struct net_device *dev = local->dev;
struct hostap_ieee80211_hdr *hdr =
(struct hostap_ieee80211_hdr *) skb->data;
char body[12], *p, *lpos;
int len, left;
u16 *pos;
u16 resp = WLAN_STATUS_SUCCESS;
struct sta_info *sta = NULL;
int send_deauth = 0;
char *txt = "";
u8 prev_ap[ETH_ALEN];
left = len = skb->len - IEEE80211_MGMT_HDR_LEN;
if (len < (reassoc ? 10 : 4)) {
PDEBUG(DEBUG_AP, "%s: handle_assoc - too short payload "
"(len=%d, reassoc=%d) from " MACSTR "\n",
dev->name, len, reassoc, MAC2STR(hdr->addr2));
return;
}
spin_lock_bh(&local->ap->sta_table_lock);
sta = ap_get_sta(local->ap, hdr->addr2);
if (sta == NULL || (sta->flags & WLAN_STA_AUTH) == 0) {
spin_unlock_bh(&local->ap->sta_table_lock);
txt = "trying to associate before authentication";
send_deauth = 1;
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
sta = NULL; /* do not decrement sta->users */
goto fail;
}
atomic_inc(&sta->users);
spin_unlock_bh(&local->ap->sta_table_lock);
pos = (u16 *) (skb->data + IEEE80211_MGMT_HDR_LEN);
sta->capability = __le16_to_cpu(*pos);
pos++; left -= 2;
sta->listen_interval = __le16_to_cpu(*pos);
pos++; left -= 2;
if (reassoc) {
memcpy(prev_ap, pos, ETH_ALEN);
pos++; pos++; pos++; left -= 6;
} else
memset(prev_ap, 0, ETH_ALEN);
if (left >= 2) {
unsigned int ileft;
unsigned char *u = (unsigned char *) pos;
if (*u == WLAN_EID_SSID) {
u++; left--;
ileft = *u;
u++; left--;
if (ileft > left || ileft > MAX_SSID_LEN) {
txt = "SSID overflow";
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
goto fail;
}
if (ileft != strlen(local->essid) ||
memcmp(local->essid, u, ileft) != 0) {
txt = "not our SSID";
resp = WLAN_STATUS_ASSOC_DENIED_UNSPEC;
goto fail;
}
u += ileft;
left -= ileft;
}
if (left >= 2 && *u == WLAN_EID_SUPP_RATES) {
u++; left--;
ileft = *u;
u++; left--;
if (ileft > left || ileft == 0 ||
ileft > WLAN_SUPP_RATES_MAX) {
txt = "SUPP_RATES len error";
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
goto fail;
}
memset(sta->supported_rates, 0,
sizeof(sta->supported_rates));
memcpy(sta->supported_rates, u, ileft);
prism2_check_tx_rates(sta);
u += ileft;
left -= ileft;
}
if (left > 0) {
PDEBUG(DEBUG_AP, "%s: assoc from " MACSTR " with extra"
" data (%d bytes) [",
dev->name, MAC2STR(hdr->addr2), left);
while (left > 0) {
PDEBUG2(DEBUG_AP, "<%02x>", *u);
u++; left--;
}
PDEBUG2(DEBUG_AP, "]\n");
}
} else {
txt = "frame underflow";
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
goto fail;
}
/* get a unique AID */
if (sta->aid > 0)
txt = "OK, old AID";
else {
spin_lock_bh(&local->ap->sta_table_lock);
for (sta->aid = 1; sta->aid <= MAX_AID_TABLE_SIZE; sta->aid++)
if (local->ap->sta_aid[sta->aid - 1] == NULL)
break;
if (sta->aid > MAX_AID_TABLE_SIZE) {
sta->aid = 0;
spin_unlock_bh(&local->ap->sta_table_lock);
resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
txt = "no room for more AIDs";
} else {
local->ap->sta_aid[sta->aid - 1] = sta;
spin_unlock_bh(&local->ap->sta_table_lock);
txt = "OK, new AID";
}
}
fail:
pos = (u16 *) body;
if (send_deauth) {
*pos = __constant_cpu_to_le16(
WLAN_REASON_STA_REQ_ASSOC_WITHOUT_AUTH);
pos++;
} else {
/* FIX: CF-Pollable and CF-PollReq should be set to match the
* values in beacons/probe responses */
/* FIX: how about privacy and WEP? */
/* capability */
*pos = __constant_cpu_to_le16(WLAN_CAPABILITY_ESS);
pos++;
/* status_code */
*pos = __cpu_to_le16(resp);
pos++;
*pos = __cpu_to_le16((sta && sta->aid > 0 ? sta->aid : 0) |
BIT(14) | BIT(15)); /* AID */
pos++;
/* Supported rates (Information element) */
p = (char *) pos;
*p++ = WLAN_EID_SUPP_RATES;
lpos = p;
*p++ = 0; /* len */
if (local->tx_rate_control & WLAN_RATE_1M) {
*p++ = local->basic_rates & WLAN_RATE_1M ? 0x82 : 0x02;
(*lpos)++;
}
if (local->tx_rate_control & WLAN_RATE_2M) {
*p++ = local->basic_rates & WLAN_RATE_2M ? 0x84 : 0x04;
(*lpos)++;
}
if (local->tx_rate_control & WLAN_RATE_5M5) {
*p++ = local->basic_rates & WLAN_RATE_5M5 ?
0x8b : 0x0b;
(*lpos)++;
}
if (local->tx_rate_control & WLAN_RATE_11M) {
*p++ = local->basic_rates & WLAN_RATE_11M ?
0x96 : 0x16;
(*lpos)++;
}
pos = (u16 *) p;
}
prism2_send_mgmt(dev, WLAN_FC_TYPE_MGMT,
(send_deauth ? WLAN_FC_STYPE_DEAUTH :
(reassoc ? WLAN_FC_STYPE_REASSOC_RESP :
WLAN_FC_STYPE_ASSOC_RESP)),
body, (u8 *) pos - (u8 *) body,
hdr->addr2,
send_deauth ? 0 : local->ap->tx_callback_assoc);
if (sta) {
if (resp == WLAN_STATUS_SUCCESS) {
sta->last_rx = jiffies;
/* STA will be marked associated from TX callback, if
* AssocResp is ACKed */
}
atomic_dec(&sta->users);
}
#if 0
PDEBUG(DEBUG_AP, "%s: " MACSTR " %sassoc (len=%d prev_ap=" MACSTR
") => %d(%d) (%s)\n",
dev->name, MAC2STR(hdr->addr2), reassoc ? "re" : "", len,
MAC2STR(prev_ap), resp, send_deauth, txt);
#endif
}
/* Called only as a scheduled task for pending AP frames. */
static void handle_deauth(local_info_t *local, struct sk_buff *skb,
struct hostap_80211_rx_status *rx_stats)
{
struct net_device *dev = local->dev;
struct hostap_ieee80211_hdr *hdr =
(struct hostap_ieee80211_hdr *) skb->data;
char *body = (char *) (skb->data + IEEE80211_MGMT_HDR_LEN);
int len;
u16 reason_code, *pos;
struct sta_info *sta = NULL;
len = skb->len - IEEE80211_MGMT_HDR_LEN;
if (len < 2) {
printk("handle_deauth - too short payload (len=%d)\n", len);
return;
}
pos = (u16 *) body;
reason_code = __le16_to_cpu(*pos);
PDEBUG(DEBUG_AP, "%s: deauthentication: " MACSTR " len=%d, "
"reason_code=%d\n", dev->name, MAC2STR(hdr->addr2), len,
reason_code);
spin_lock_bh(&local->ap->sta_table_lock);
sta = ap_get_sta(local->ap, hdr->addr2);
if (sta != NULL) {
if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap)
hostap_event_expired_sta(local->dev, sta);
sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC);
}
spin_unlock_bh(&local->ap->sta_table_lock);
if (sta == NULL) {
printk("%s: deauthentication from " MACSTR ", "
"reason_code=%d, but STA not authenticated\n", dev->name,
MAC2STR(hdr->addr2), reason_code);
}
}
/* Called only as a scheduled task for pending AP frames. */
static void handle_disassoc(local_info_t *local, struct sk_buff *skb,
struct hostap_80211_rx_status *rx_stats)
{
struct net_device *dev = local->dev;
struct hostap_ieee80211_hdr *hdr =
(struct hostap_ieee80211_hdr *) skb->data;
char *body = skb->data + IEEE80211_MGMT_HDR_LEN;
int len;
u16 reason_code, *pos;
struct sta_info *sta = NULL;
len = skb->len - IEEE80211_MGMT_HDR_LEN;
if (len < 2) {
printk("handle_disassoc - too short payload (len=%d)\n", len);
return;
}
pos = (u16 *) body;
reason_code = __le16_to_cpu(*pos);
PDEBUG(DEBUG_AP, "%s: disassociation: " MACSTR " len=%d, "
"reason_code=%d\n", dev->name, MAC2STR(hdr->addr2), len,
reason_code);
spin_lock_bh(&local->ap->sta_table_lock);
sta = ap_get_sta(local->ap, hdr->addr2);
if (sta != NULL) {
if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap)
hostap_event_expired_sta(local->dev, sta);
sta->flags &= ~WLAN_STA_ASSOC;
}
spin_unlock_bh(&local->ap->sta_table_lock);
if (sta == NULL) {
printk("%s: disassociation from " MACSTR ", "
"reason_code=%d, but STA not authenticated\n",
dev->name, MAC2STR(hdr->addr2), reason_code);
}
}
/* Called only as a scheduled task for pending AP frames. */
static void ap_handle_data_nullfunc(local_info_t *local,
struct hostap_ieee80211_hdr *hdr)
{
struct net_device *dev = local->dev;
/* some STA f/w's seem to require control::ACK frame for
* data::nullfunc, but at least Prism2 station f/w version 0.8.0 does
* not send this..
* send control::ACK for the data::nullfunc */
printk(KERN_DEBUG "Sending control::ACK for data::nullfunc\n");
prism2_send_mgmt(dev, WLAN_FC_TYPE_CTRL, WLAN_FC_STYPE_ACK,
NULL, 0, hdr->addr2, 0);
}
/* Called only as a scheduled task for pending AP frames. */
static void ap_handle_dropped_data(local_info_t *local,
struct hostap_ieee80211_hdr *hdr)
{
struct net_device *dev = local->dev;
struct sta_info *sta;
u16 reason;
spin_lock_bh(&local->ap->sta_table_lock);
sta = ap_get_sta(local->ap, hdr->addr2);
if (sta)
atomic_inc(&sta->users);
spin_unlock_bh(&local->ap->sta_table_lock);
if (sta != NULL && (sta->flags & WLAN_STA_ASSOC)) {
PDEBUG(DEBUG_AP, "ap_handle_dropped_data: STA is now okay?\n");
atomic_dec(&sta->users);
return;
}
reason = __constant_cpu_to_le16(
WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
prism2_send_mgmt(dev, WLAN_FC_TYPE_MGMT,
((sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) ?
WLAN_FC_STYPE_DEAUTH : WLAN_FC_STYPE_DISASSOC),
(char *) &reason, sizeof(reason), hdr->addr2, 0);
if (sta)
atomic_dec(&sta->users);
}
#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
/* Called only as a scheduled task for pending AP frames. */
static void pspoll_send_buffered(local_info_t *local, struct sta_info *sta,
struct sk_buff *skb)
{
struct hostap_skb_tx_data *meta;
if (!(sta->flags & WLAN_STA_PS)) {
/* Station has moved to non-PS mode, so send all buffered
* frames using normal device queue. */
dev_queue_xmit(skb);
return;
}
/* add a flag for hostap_handle_sta_tx() to know that this skb should
* be passed through even though STA is using PS */
meta = (struct hostap_skb_tx_data *) skb->cb;
meta->flags |= HOSTAP_TX_FLAGS_BUFFERED_FRAME;
if (!skb_queue_empty(&sta->tx_buf)) {
/* indicate to STA that more frames follow */
meta->flags |= HOSTAP_TX_FLAGS_ADD_MOREDATA;
}
dev_queue_xmit(skb);
}
/* Called only as a scheduled task for pending AP frames. */
static void handle_pspoll(local_info_t *local,
struct hostap_ieee80211_hdr *hdr,
struct hostap_80211_rx_status *rx_stats)
{
struct net_device *dev = local->dev;
struct sta_info *sta;
u16 aid;
struct sk_buff *skb;
PDEBUG(DEBUG_PS2, "handle_pspoll: BSSID=" MACSTR ", TA=" MACSTR
" PWRMGT=%d\n",
MAC2STR(hdr->addr1), MAC2STR(hdr->addr2),
!!(le16_to_cpu(hdr->frame_control) & WLAN_FC_PWRMGT));
if (memcmp(hdr->addr1, dev->dev_addr, ETH_ALEN)) {
PDEBUG(DEBUG_AP, "handle_pspoll - addr1(BSSID)=" MACSTR
" not own MAC\n", MAC2STR(hdr->addr1));
return;
}
aid = __le16_to_cpu(hdr->duration_id);
if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14))) {
PDEBUG(DEBUG_PS, " PSPOLL and AID[15:14] not set\n");
return;
}
aid &= ~BIT(15) & ~BIT(14);
if (aid == 0 || aid > MAX_AID_TABLE_SIZE) {
PDEBUG(DEBUG_PS, " invalid aid=%d\n", aid);
return;
}
PDEBUG(DEBUG_PS2, " aid=%d\n", aid);
spin_lock_bh(&local->ap->sta_table_lock);
sta = ap_get_sta(local->ap, hdr->addr2);
if (sta)
atomic_inc(&sta->users);
spin_unlock_bh(&local->ap->sta_table_lock);
if (sta == NULL) {
PDEBUG(DEBUG_PS, " STA not found\n");
return;
}
if (sta->aid != aid) {
PDEBUG(DEBUG_PS, " received aid=%i does not match with "
"assoc.aid=%d\n", aid, sta->aid);
return;
}
/* FIX: todo:
* - add timeout for buffering (clear aid in TIM vector if buffer timed
* out (expiry time must be longer than ListenInterval for
* the corresponding STA; "8802-11: 11.2.1.9 AP aging function"
* - what to do, if buffered, pspolled, and sent frame is not ACKed by
* sta; store buffer for later use and leave TIM aid bit set? use
* TX event to check whether frame was ACKed?
*/
while ((skb = skb_dequeue(&sta->tx_buf)) != NULL) {
/* send buffered frame .. */
PDEBUG(DEBUG_PS2, "Sending buffered frame to STA after PS POLL"
" (buffer_count=%d)\n", skb_queue_len(&sta->tx_buf));
pspoll_send_buffered(local, sta, skb);
if (sta->flags & WLAN_STA_PS) {
/* send only one buffered packet per PS Poll */
/* FIX: should ignore further PS Polls until the
* buffered packet that was just sent is acknowledged
* (Tx or TxExc event) */
break;
}
}
if (skb_queue_empty(&sta->tx_buf)) {
/* try to clear aid from TIM */
if (!(sta->flags & WLAN_STA_TIM))
PDEBUG(DEBUG_PS2, "Re-unsetting TIM for aid %d\n",
aid);
hostap_set_tim(local, aid, 0);
sta->flags &= ~WLAN_STA_TIM;
}
atomic_dec(&sta->users);
}
#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
static void handle_wds_oper_queue(void *data)
{
local_info_t *local = data;
struct wds_oper_data *entry, *prev;
spin_lock_bh(&local->lock);
entry = local->ap->wds_oper_entries;
local->ap->wds_oper_entries = NULL;
spin_unlock_bh(&local->lock);
while (entry) {
PDEBUG(DEBUG_AP, "%s: %s automatic WDS connection "
"to AP " MACSTR "\n",
local->dev->name,
entry->type == WDS_ADD ? "adding" : "removing",
MAC2STR(entry->addr));
if (entry->type == WDS_ADD)
prism2_wds_add(local, entry->addr, 0);
else if (entry->type == WDS_DEL)
prism2_wds_del(local, entry->addr, 0, 1);
prev = entry;
entry = entry->next;
kfree(prev);
}
}
/* Called only as a scheduled task for pending AP frames. */
static void handle_beacon(local_info_t *local, struct sk_buff *skb,
struct hostap_80211_rx_status *rx_stats)
{
struct hostap_ieee80211_hdr *hdr =
(struct hostap_ieee80211_hdr *) skb->data;
char *body = skb->data + IEEE80211_MGMT_HDR_LEN;
int len, left;
u16 *pos, beacon_int, capability;
char *ssid = NULL;
unsigned char *supp_rates = NULL;
int ssid_len = 0, supp_rates_len = 0;
struct sta_info *sta = NULL;
int new_sta = 0, channel = -1;
len = skb->len - IEEE80211_MGMT_HDR_LEN;
if (len < 8 + 2 + 2) {
printk(KERN_DEBUG "handle_beacon - too short payload "
"(len=%d)\n", len);
return;
}
pos = (u16 *) body;
left = len;
/* Timestamp (8 octets) */
pos += 4; left -= 8;
/* Beacon interval (2 octets) */
beacon_int = __le16_to_cpu(*pos);
pos++; left -= 2;
/* Capability information (2 octets) */
capability = __le16_to_cpu(*pos);
pos++; left -= 2;
if (local->ap->ap_policy != AP_OTHER_AP_EVEN_IBSS &&
capability & WLAN_CAPABILITY_IBSS)
return;
if (left >= 2) {
unsigned int ileft;
unsigned char *u = (unsigned char *) pos;
if (*u == WLAN_EID_SSID) {
u++; left--;
ileft = *u;
u++; left--;
if (ileft > left || ileft > MAX_SSID_LEN) {
PDEBUG(DEBUG_AP, "SSID: overflow\n");
return;
}
if (local->ap->ap_policy == AP_OTHER_AP_SAME_SSID &&
(ileft != strlen(local->essid) ||
memcmp(local->essid, u, ileft) != 0)) {
/* not our SSID */
return;
}
ssid = u;
ssid_len = ileft;
u += ileft;
left -= ileft;
}
if (*u == WLAN_EID_SUPP_RATES) {
u++; left--;
ileft = *u;
u++; left--;
if (ileft > left || ileft == 0 || ileft > 8) {
PDEBUG(DEBUG_AP, " - SUPP_RATES len error\n");
return;
}
supp_rates = u;
supp_rates_len = ileft;
u += ileft;
left -= ileft;
}
if (*u == WLAN_EID_DS_PARAMS) {
u++; left--;
ileft = *u;
u++; left--;
if (ileft > left || ileft != 1) {
PDEBUG(DEBUG_AP, " - DS_PARAMS len error\n");
return;
}
channel = *u;
u += ileft;
left -= ileft;
}
}
spin_lock_bh(&local->ap->sta_table_lock);
sta = ap_get_sta(local->ap, hdr->addr2);
if (sta != NULL)
atomic_inc(&sta->users);
spin_unlock_bh(&local->ap->sta_table_lock);
if (sta == NULL) {
/* add new AP */
new_sta = 1;
sta = ap_add_sta(local->ap, hdr->addr2);
if (sta == NULL) {
printk(KERN_INFO "prism2: kmalloc failed for AP "
"data structure\n");
return;
}
hostap_event_new_sta(local->dev, sta);
/* mark APs authentication and associated for pseudo ad-hoc
* style communication */
sta->flags = WLAN_STA_AUTH | WLAN_STA_ASSOC;
if (local->ap->autom_ap_wds) {
hostap_wds_link_oper(local, sta->addr, WDS_ADD);
}
}
sta->ap = 1;
if (ssid) {
sta->u.ap.ssid_len = ssid_len;
memcpy(sta->u.ap.ssid, ssid, ssid_len);
sta->u.ap.ssid[ssid_len] = '\0';
} else {
sta->u.ap.ssid_len = 0;
sta->u.ap.ssid[0] = '\0';
}
sta->u.ap.channel = channel;
sta->rx_packets++;
sta->rx_bytes += len;
sta->u.ap.last_beacon = sta->last_rx = jiffies;
sta->capability = capability;
sta->listen_interval = beacon_int;
atomic_dec(&sta->users);
if (new_sta) {
memset(sta->supported_rates, 0, sizeof(sta->supported_rates));
memcpy(sta->supported_rates, supp_rates, supp_rates_len);
prism2_check_tx_rates(sta);
}
}
#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
/* Called only as a tasklet. */
static void handle_ap_item(local_info_t *local, struct sk_buff *skb,
struct hostap_80211_rx_status *rx_stats)
{
#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
struct net_device *dev = local->dev;
#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
u16 fc, type, stype;
struct hostap_ieee80211_hdr *hdr;
/* FIX: should give skb->len to handler functions and check that the
* buffer is long enough */
hdr = (struct hostap_ieee80211_hdr *) skb->data;
fc = le16_to_cpu(hdr->frame_control);
type = HOSTAP_FC_GET_TYPE(fc);
stype = HOSTAP_FC_GET_STYPE(fc);
#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
if (!local->hostapd && type == WLAN_FC_TYPE_DATA) {
PDEBUG(DEBUG_AP, "handle_ap_item - data frame\n");
if (!(fc & WLAN_FC_TODS) || (fc & WLAN_FC_FROMDS)) {
if (stype == WLAN_FC_STYPE_NULLFUNC) {
/* no ToDS nullfunc seems to be used to check
* AP association; so send reject message to
* speed up re-association */
ap_handle_dropped_data(local, hdr);
goto done;
}
PDEBUG(DEBUG_AP, " not ToDS frame (fc=0x%04x)\n",
fc);
goto done;
}
if (memcmp(hdr->addr1, dev->dev_addr, ETH_ALEN)) {
PDEBUG(DEBUG_AP, "handle_ap_item - addr1(BSSID)="
MACSTR " not own MAC\n",
MAC2STR(hdr->addr1));
goto done;
}
if (local->ap->nullfunc_ack && stype == WLAN_FC_STYPE_NULLFUNC)
ap_handle_data_nullfunc(local, hdr);
else
ap_handle_dropped_data(local, hdr);
goto done;
}
if (type == WLAN_FC_TYPE_MGMT && stype == WLAN_FC_STYPE_BEACON) {
handle_beacon(local, skb, rx_stats);
goto done;
}
#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
if (type == WLAN_FC_TYPE_CTRL && stype == WLAN_FC_STYPE_PSPOLL) {
handle_pspoll(local, hdr, rx_stats);
goto done;
}
if (local->hostapd) {
PDEBUG(DEBUG_AP, "Unknown frame in AP queue: type=0x%02x "
"subtype=0x%02x\n", type, stype);
goto done;
}
#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
if (type != WLAN_FC_TYPE_MGMT) {
PDEBUG(DEBUG_AP, "handle_ap_item - not a management frame?\n");
goto done;
}
if (memcmp(hdr->addr1, dev->dev_addr, ETH_ALEN)) {
PDEBUG(DEBUG_AP, "handle_ap_item - addr1(DA)=" MACSTR
" not own MAC\n", MAC2STR(hdr->addr1));
goto done;
}
if (memcmp(hdr->addr3, dev->dev_addr, ETH_ALEN)) {
PDEBUG(DEBUG_AP, "handle_ap_item - addr3(BSSID)=" MACSTR
" not own MAC\n", MAC2STR(hdr->addr3));
goto done;
}
switch (stype) {
case WLAN_FC_STYPE_ASSOC_REQ:
handle_assoc(local, skb, rx_stats, 0);
break;
case WLAN_FC_STYPE_ASSOC_RESP:
PDEBUG(DEBUG_AP, "==> ASSOC RESP (ignored)\n");
break;
case WLAN_FC_STYPE_REASSOC_REQ:
handle_assoc(local, skb, rx_stats, 1);
break;
case WLAN_FC_STYPE_REASSOC_RESP:
PDEBUG(DEBUG_AP, "==> REASSOC RESP (ignored)\n");
break;
case WLAN_FC_STYPE_ATIM:
PDEBUG(DEBUG_AP, "==> ATIM (ignored)\n");
break;
case WLAN_FC_STYPE_DISASSOC:
handle_disassoc(local, skb, rx_stats);
break;
case WLAN_FC_STYPE_AUTH:
handle_authen(local, skb, rx_stats);
break;
case WLAN_FC_STYPE_DEAUTH:
handle_deauth(local, skb, rx_stats);
break;
default:
PDEBUG(DEBUG_AP, "Unknown mgmt frame subtype 0x%02x\n", stype);
break;
}
#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
done:
dev_kfree_skb(skb);
}
/* Called only as a tasklet (software IRQ) */
void hostap_rx(struct net_device *dev, struct sk_buff *skb,
struct hostap_80211_rx_status *rx_stats)
{
struct hostap_interface *iface;
local_info_t *local;
u16 fc;
struct hostap_ieee80211_hdr *hdr;
iface = netdev_priv(dev);
local = iface->local;
if (skb->len < 16)
goto drop;
local->stats.rx_packets++;
hdr = (struct hostap_ieee80211_hdr *) skb->data;
fc = le16_to_cpu(hdr->frame_control);
if (local->ap->ap_policy == AP_OTHER_AP_SKIP_ALL &&
HOSTAP_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
HOSTAP_FC_GET_STYPE(fc) == WLAN_FC_STYPE_BEACON)
goto drop;
skb->protocol = __constant_htons(ETH_P_HOSTAP);
handle_ap_item(local, skb, rx_stats);
return;
drop:
dev_kfree_skb(skb);
}
/* Called only as a tasklet (software IRQ) */
static void schedule_packet_send(local_info_t *local, struct sta_info *sta)
{
struct sk_buff *skb;
struct hostap_ieee80211_hdr *hdr;
struct hostap_80211_rx_status rx_stats;
if (skb_queue_empty(&sta->tx_buf))
return;
skb = dev_alloc_skb(16);
if (skb == NULL) {
printk(KERN_DEBUG "%s: schedule_packet_send: skb alloc "
"failed\n", local->dev->name);
return;
}
hdr = (struct hostap_ieee80211_hdr *) skb_put(skb, 16);
/* Generate a fake pspoll frame to start packet delivery */
hdr->frame_control = __constant_cpu_to_le16(
(WLAN_FC_TYPE_CTRL << 2) | (WLAN_FC_STYPE_PSPOLL << 4));
memcpy(hdr->addr1, local->dev->dev_addr, ETH_ALEN);
memcpy(hdr->addr2, sta->addr, ETH_ALEN);
hdr->duration_id = cpu_to_le16(sta->aid | BIT(15) | BIT(14));
PDEBUG(DEBUG_PS2, "%s: Scheduling buffered packet delivery for "
"STA " MACSTR "\n", local->dev->name, MAC2STR(sta->addr));
skb->dev = local->dev;
memset(&rx_stats, 0, sizeof(rx_stats));
hostap_rx(local->dev, skb, &rx_stats);
}
static int prism2_ap_get_sta_qual(local_info_t *local, struct sockaddr addr[],
struct iw_quality qual[], int buf_size,
int aplist)
{
struct ap_data *ap = local->ap;
struct list_head *ptr;
int count = 0;
spin_lock_bh(&ap->sta_table_lock);
for (ptr = ap->sta_list.next; ptr != NULL && ptr != &ap->sta_list;
ptr = ptr->next) {
struct sta_info *sta = (struct sta_info *) ptr;
if (aplist && !sta->ap)
continue;
addr[count].sa_family = ARPHRD_ETHER;
memcpy(addr[count].sa_data, sta->addr, ETH_ALEN);
if (sta->last_rx_silence == 0)
qual[count].qual = sta->last_rx_signal < 27 ?
0 : (sta->last_rx_signal - 27) * 92 / 127;
else
qual[count].qual = sta->last_rx_signal -
sta->last_rx_silence - 35;
qual[count].level = HFA384X_LEVEL_TO_dBm(sta->last_rx_signal);
qual[count].noise = HFA384X_LEVEL_TO_dBm(sta->last_rx_silence);
qual[count].updated = sta->last_rx_updated;
sta->last_rx_updated = 0;
count++;
if (count >= buf_size)
break;
}
spin_unlock_bh(&ap->sta_table_lock);
return count;
}
/* Translate our list of Access Points & Stations to a card independant
* format that the Wireless Tools will understand - Jean II */
static int prism2_ap_translate_scan(struct net_device *dev, char *buffer)
{
struct hostap_interface *iface;
local_info_t *local;
struct ap_data *ap;
struct list_head *ptr;
struct iw_event iwe;
char *current_ev = buffer;
char *end_buf = buffer + IW_SCAN_MAX_DATA;
#if !defined(PRISM2_NO_KERNEL_IEEE80211_MGMT)
char buf[64];
#endif
iface = netdev_priv(dev);
local = iface->local;
ap = local->ap;
spin_lock_bh(&ap->sta_table_lock);
for (ptr = ap->sta_list.next; ptr != NULL && ptr != &ap->sta_list;
ptr = ptr->next) {
struct sta_info *sta = (struct sta_info *) ptr;
/* First entry *MUST* be the AP MAC address */
memset(&iwe, 0, sizeof(iwe));
iwe.cmd = SIOCGIWAP;
iwe.u.ap_addr.sa_family = ARPHRD_ETHER;
memcpy(iwe.u.ap_addr.sa_data, sta->addr, ETH_ALEN);
iwe.len = IW_EV_ADDR_LEN;
current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe,
IW_EV_ADDR_LEN);
/* Use the mode to indicate if it's a station or
* an Access Point */
memset(&iwe, 0, sizeof(iwe));
iwe.cmd = SIOCGIWMODE;
if (sta->ap)
iwe.u.mode = IW_MODE_MASTER;
else
iwe.u.mode = IW_MODE_INFRA;
iwe.len = IW_EV_UINT_LEN;
current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe,
IW_EV_UINT_LEN);
/* Some quality */
memset(&iwe, 0, sizeof(iwe));
iwe.cmd = IWEVQUAL;
if (sta->last_rx_silence == 0)
iwe.u.qual.qual = sta->last_rx_signal < 27 ?
0 : (sta->last_rx_signal - 27) * 92 / 127;
else
iwe.u.qual.qual = sta->last_rx_signal -
sta->last_rx_silence - 35;
iwe.u.qual.level = HFA384X_LEVEL_TO_dBm(sta->last_rx_signal);
iwe.u.qual.noise = HFA384X_LEVEL_TO_dBm(sta->last_rx_silence);
iwe.u.qual.updated = sta->last_rx_updated;
iwe.len = IW_EV_QUAL_LEN;
current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe,
IW_EV_QUAL_LEN);
#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
if (sta->ap) {
memset(&iwe, 0, sizeof(iwe));
iwe.cmd = SIOCGIWESSID;
iwe.u.data.length = sta->u.ap.ssid_len;
iwe.u.data.flags = 1;
current_ev = iwe_stream_add_point(current_ev, end_buf,
&iwe,
sta->u.ap.ssid);
memset(&iwe, 0, sizeof(iwe));
iwe.cmd = SIOCGIWENCODE;
if (sta->capability & WLAN_CAPABILITY_PRIVACY)
iwe.u.data.flags =
IW_ENCODE_ENABLED | IW_ENCODE_NOKEY;
else
iwe.u.data.flags = IW_ENCODE_DISABLED;
current_ev = iwe_stream_add_point(current_ev, end_buf,
&iwe,
sta->u.ap.ssid
/* 0 byte memcpy */);
if (sta->u.ap.channel > 0 &&
sta->u.ap.channel <= FREQ_COUNT) {
memset(&iwe, 0, sizeof(iwe));
iwe.cmd = SIOCGIWFREQ;
iwe.u.freq.m = freq_list[sta->u.ap.channel - 1]
* 100000;
iwe.u.freq.e = 1;
current_ev = iwe_stream_add_event(
current_ev, end_buf, &iwe,
IW_EV_FREQ_LEN);
}
memset(&iwe, 0, sizeof(iwe));
iwe.cmd = IWEVCUSTOM;
sprintf(buf, "beacon_interval=%d",
sta->listen_interval);
iwe.u.data.length = strlen(buf);
current_ev = iwe_stream_add_point(current_ev, end_buf,
&iwe, buf);
}
#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
sta->last_rx_updated = 0;
/* To be continued, we should make good use of IWEVCUSTOM */
}
spin_unlock_bh(&ap->sta_table_lock);
return current_ev - buffer;
}
static int prism2_hostapd_add_sta(struct ap_data *ap,
struct prism2_hostapd_param *param)
{
struct sta_info *sta;
spin_lock_bh(&ap->sta_table_lock);
sta = ap_get_sta(ap, param->sta_addr);
if (sta)
atomic_inc(&sta->users);
spin_unlock_bh(&ap->sta_table_lock);
if (sta == NULL) {
sta = ap_add_sta(ap, param->sta_addr);
if (sta == NULL)
return -1;
}
if (!(sta->flags & WLAN_STA_ASSOC) && !sta->ap && sta->local)
hostap_event_new_sta(sta->local->dev, sta);
sta->flags |= WLAN_STA_AUTH | WLAN_STA_ASSOC;
sta->last_rx = jiffies;
sta->aid = param->u.add_sta.aid;
sta->capability = param->u.add_sta.capability;
sta->tx_supp_rates = param->u.add_sta.tx_supp_rates;
if (sta->tx_supp_rates & WLAN_RATE_1M)
sta->supported_rates[0] = 2;
if (sta->tx_supp_rates & WLAN_RATE_2M)
sta->supported_rates[1] = 4;
if (sta->tx_supp_rates & WLAN_RATE_5M5)
sta->supported_rates[2] = 11;
if (sta->tx_supp_rates & WLAN_RATE_11M)
sta->supported_rates[3] = 22;
prism2_check_tx_rates(sta);
atomic_dec(&sta->users);
return 0;
}
static int prism2_hostapd_remove_sta(struct ap_data *ap,
struct prism2_hostapd_param *param)
{
struct sta_info *sta;
spin_lock_bh(&ap->sta_table_lock);
sta = ap_get_sta(ap, param->sta_addr);
if (sta) {
ap_sta_hash_del(ap, sta);
list_del(&sta->list);
}
spin_unlock_bh(&ap->sta_table_lock);
if (!sta)
return -ENOENT;
if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap && sta->local)
hostap_event_expired_sta(sta->local->dev, sta);
ap_free_sta(ap, sta);
return 0;
}
static int prism2_hostapd_get_info_sta(struct ap_data *ap,
struct prism2_hostapd_param *param)
{
struct sta_info *sta;
spin_lock_bh(&ap->sta_table_lock);
sta = ap_get_sta(ap, param->sta_addr);
if (sta)
atomic_inc(&sta->users);
spin_unlock_bh(&ap->sta_table_lock);
if (!sta)
return -ENOENT;
param->u.get_info_sta.inactive_sec = (jiffies - sta->last_rx) / HZ;
atomic_dec(&sta->users);
return 1;
}
static int prism2_hostapd_set_flags_sta(struct ap_data *ap,
struct prism2_hostapd_param *param)
{
struct sta_info *sta;
spin_lock_bh(&ap->sta_table_lock);
sta = ap_get_sta(ap, param->sta_addr);
if (sta) {
sta->flags |= param->u.set_flags_sta.flags_or;
sta->flags &= param->u.set_flags_sta.flags_and;
}
spin_unlock_bh(&ap->sta_table_lock);
if (!sta)
return -ENOENT;
return 0;
}
static int prism2_hostapd_sta_clear_stats(struct ap_data *ap,
struct prism2_hostapd_param *param)
{
struct sta_info *sta;
int rate;
spin_lock_bh(&ap->sta_table_lock);
sta = ap_get_sta(ap, param->sta_addr);
if (sta) {
sta->rx_packets = sta->tx_packets = 0;
sta->rx_bytes = sta->tx_bytes = 0;
for (rate = 0; rate < WLAN_RATE_COUNT; rate++) {
sta->tx_count[rate] = 0;
sta->rx_count[rate] = 0;
}
}
spin_unlock_bh(&ap->sta_table_lock);
if (!sta)
return -ENOENT;
return 0;
}
static int prism2_hostapd(struct ap_data *ap,
struct prism2_hostapd_param *param)
{
switch (param->cmd) {
case PRISM2_HOSTAPD_FLUSH:
ap_control_kickall(ap);
return 0;
case PRISM2_HOSTAPD_ADD_STA:
return prism2_hostapd_add_sta(ap, param);
case PRISM2_HOSTAPD_REMOVE_STA:
return prism2_hostapd_remove_sta(ap, param);
case PRISM2_HOSTAPD_GET_INFO_STA:
return prism2_hostapd_get_info_sta(ap, param);
case PRISM2_HOSTAPD_SET_FLAGS_STA:
return prism2_hostapd_set_flags_sta(ap, param);
case PRISM2_HOSTAPD_STA_CLEAR_STATS:
return prism2_hostapd_sta_clear_stats(ap, param);
default:
printk(KERN_WARNING "prism2_hostapd: unknown cmd=%d\n",
param->cmd);
return -EOPNOTSUPP;
}
}
/* Update station info for host-based TX rate control and return current
* TX rate */
static int ap_update_sta_tx_rate(struct sta_info *sta, struct net_device *dev)
{
int ret = sta->tx_rate;
struct hostap_interface *iface;
local_info_t *local;
iface = netdev_priv(dev);
local = iface->local;
sta->tx_count[sta->tx_rate_idx]++;
sta->tx_since_last_failure++;
sta->tx_consecutive_exc = 0;
if (sta->tx_since_last_failure >= WLAN_RATE_UPDATE_COUNT &&
sta->tx_rate_idx < sta->tx_max_rate) {
/* use next higher rate */
int old_rate, new_rate;
old_rate = new_rate = sta->tx_rate_idx;
while (new_rate < sta->tx_max_rate) {
new_rate++;
if (ap_tx_rate_ok(new_rate, sta, local)) {
sta->tx_rate_idx = new_rate;
break;
}
}
if (old_rate != sta->tx_rate_idx) {
switch (sta->tx_rate_idx) {
case 0: sta->tx_rate = 10; break;
case 1: sta->tx_rate = 20; break;
case 2: sta->tx_rate = 55; break;
case 3: sta->tx_rate = 110; break;
default: sta->tx_rate = 0; break;
}
PDEBUG(DEBUG_AP, "%s: STA " MACSTR " TX rate raised to"
" %d\n", dev->name, MAC2STR(sta->addr),
sta->tx_rate);
}
sta->tx_since_last_failure = 0;
}
return ret;
}
/* Called only from software IRQ. Called for each TX frame prior possible
* encryption and transmit. */
ap_tx_ret hostap_handle_sta_tx(local_info_t *local, struct hostap_tx_data *tx)
{
struct sta_info *sta = NULL;
struct sk_buff *skb = tx->skb;
int set_tim, ret;
struct hostap_ieee80211_hdr *hdr;
struct hostap_skb_tx_data *meta;
meta = (struct hostap_skb_tx_data *) skb->cb;
ret = AP_TX_CONTINUE;
if (local->ap == NULL || skb->len < 10 ||
meta->iface->type == HOSTAP_INTERFACE_STA)
goto out;
hdr = (struct hostap_ieee80211_hdr *) skb->data;
if (hdr->addr1[0] & 0x01) {
/* broadcast/multicast frame - no AP related processing */
goto out;
}
/* unicast packet - check whether destination STA is associated */
spin_lock(&local->ap->sta_table_lock);
sta = ap_get_sta(local->ap, hdr->addr1);
if (sta)
atomic_inc(&sta->users);
spin_unlock(&local->ap->sta_table_lock);
if (local->iw_mode == IW_MODE_MASTER && sta == NULL &&
!(meta->flags & HOSTAP_TX_FLAGS_WDS) &&
meta->iface->type != HOSTAP_INTERFACE_MASTER &&
meta->iface->type != HOSTAP_INTERFACE_AP) {
#if 0
/* This can happen, e.g., when wlan0 is added to a bridge and
* bridging code does not know which port is the correct target
* for a unicast frame. In this case, the packet is send to all
* ports of the bridge. Since this is a valid scenario, do not
* print out any errors here. */
if (net_ratelimit()) {
printk(KERN_DEBUG "AP: drop packet to non-associated "
"STA " MACSTR "\n", MAC2STR(hdr->addr1));
}
#endif
local->ap->tx_drop_nonassoc++;
ret = AP_TX_DROP;
goto out;
}
if (sta == NULL)
goto out;
if (!(sta->flags & WLAN_STA_AUTHORIZED))
ret = AP_TX_CONTINUE_NOT_AUTHORIZED;
/* Set tx_rate if using host-based TX rate control */
if (!local->fw_tx_rate_control)
local->ap->last_tx_rate = meta->rate =
ap_update_sta_tx_rate(sta, local->dev);
if (local->iw_mode != IW_MODE_MASTER)
goto out;
if (!(sta->flags & WLAN_STA_PS))
goto out;
if (meta->flags & HOSTAP_TX_FLAGS_ADD_MOREDATA) {
/* indicate to STA that more frames follow */
hdr->frame_control |= __constant_cpu_to_le16(WLAN_FC_MOREDATA);
}
if (meta->flags & HOSTAP_TX_FLAGS_BUFFERED_FRAME) {
/* packet was already buffered and now send due to
* PS poll, so do not rebuffer it */
goto out;
}
if (skb_queue_len(&sta->tx_buf) >= STA_MAX_TX_BUFFER) {
PDEBUG(DEBUG_PS, "%s: No more space in STA (" MACSTR ")'s PS "
"mode buffer\n", local->dev->name, MAC2STR(sta->addr));
/* Make sure that TIM is set for the station (it might not be
* after AP wlan hw reset). */
/* FIX: should fix hw reset to restore bits based on STA
* buffer state.. */
hostap_set_tim(local, sta->aid, 1);
sta->flags |= WLAN_STA_TIM;
ret = AP_TX_DROP;
goto out;
}
/* STA in PS mode, buffer frame for later delivery */
set_tim = skb_queue_empty(&sta->tx_buf);
skb_queue_tail(&sta->tx_buf, skb);
/* FIX: could save RX time to skb and expire buffered frames after
* some time if STA does not poll for them */
if (set_tim) {
if (sta->flags & WLAN_STA_TIM)
PDEBUG(DEBUG_PS2, "Re-setting TIM for aid %d\n",
sta->aid);
hostap_set_tim(local, sta->aid, 1);
sta->flags |= WLAN_STA_TIM;
}
ret = AP_TX_BUFFERED;
out:
if (sta != NULL) {
if (ret == AP_TX_CONTINUE ||
ret == AP_TX_CONTINUE_NOT_AUTHORIZED) {
sta->tx_packets++;
sta->tx_bytes += skb->len;
sta->last_tx = jiffies;
}
if ((ret == AP_TX_CONTINUE ||
ret == AP_TX_CONTINUE_NOT_AUTHORIZED) &&
sta->crypt && tx->host_encrypt) {
tx->crypt = sta->crypt;
tx->sta_ptr = sta; /* hostap_handle_sta_release() will
* be called to release sta info
* later */
} else
atomic_dec(&sta->users);
}
return ret;
}
void hostap_handle_sta_release(void *ptr)
{
struct sta_info *sta = ptr;
atomic_dec(&sta->users);
}
/* Called only as a tasklet (software IRQ) */
void hostap_handle_sta_tx_exc(local_info_t *local, struct sk_buff *skb)
{
struct sta_info *sta;
struct hostap_ieee80211_hdr *hdr;
struct hostap_skb_tx_data *meta;
hdr = (struct hostap_ieee80211_hdr *) skb->data;
meta = (struct hostap_skb_tx_data *) skb->cb;
spin_lock(&local->ap->sta_table_lock);
sta = ap_get_sta(local->ap, hdr->addr1);
if (!sta) {
spin_unlock(&local->ap->sta_table_lock);
PDEBUG(DEBUG_AP, "%s: Could not find STA " MACSTR " for this "
"TX error (@%lu)\n",
local->dev->name, MAC2STR(hdr->addr1), jiffies);
return;
}
sta->tx_since_last_failure = 0;
sta->tx_consecutive_exc++;
if (sta->tx_consecutive_exc >= WLAN_RATE_DECREASE_THRESHOLD &&
sta->tx_rate_idx > 0 && meta->rate <= sta->tx_rate) {
/* use next lower rate */
int old, rate;
old = rate = sta->tx_rate_idx;
while (rate > 0) {
rate--;
if (ap_tx_rate_ok(rate, sta, local)) {
sta->tx_rate_idx = rate;
break;
}
}
if (old != sta->tx_rate_idx) {
switch (sta->tx_rate_idx) {
case 0: sta->tx_rate = 10; break;
case 1: sta->tx_rate = 20; break;
case 2: sta->tx_rate = 55; break;
case 3: sta->tx_rate = 110; break;
default: sta->tx_rate = 0; break;
}
PDEBUG(DEBUG_AP, "%s: STA " MACSTR " TX rate lowered "
"to %d\n", local->dev->name, MAC2STR(sta->addr),
sta->tx_rate);
}
sta->tx_consecutive_exc = 0;
}
spin_unlock(&local->ap->sta_table_lock);
}
static void hostap_update_sta_ps2(local_info_t *local, struct sta_info *sta,
int pwrmgt, int type, int stype)
{
if (pwrmgt && !(sta->flags & WLAN_STA_PS)) {
sta->flags |= WLAN_STA_PS;
PDEBUG(DEBUG_PS2, "STA " MACSTR " changed to use PS "
"mode (type=0x%02X, stype=0x%02X)\n",
MAC2STR(sta->addr), type, stype);
} else if (!pwrmgt && (sta->flags & WLAN_STA_PS)) {
sta->flags &= ~WLAN_STA_PS;
PDEBUG(DEBUG_PS2, "STA " MACSTR " changed to not use "
"PS mode (type=0x%02X, stype=0x%02X)\n",
MAC2STR(sta->addr), type, stype);
if (type != WLAN_FC_TYPE_CTRL || stype != WLAN_FC_STYPE_PSPOLL)
schedule_packet_send(local, sta);
}
}
/* Called only as a tasklet (software IRQ). Called for each RX frame to update
* STA power saving state. pwrmgt is a flag from 802.11 frame_control field. */
int hostap_update_sta_ps(local_info_t *local, struct hostap_ieee80211_hdr *hdr)
{
struct sta_info *sta;
u16 fc;
spin_lock(&local->ap->sta_table_lock);
sta = ap_get_sta(local->ap, hdr->addr2);
if (sta)
atomic_inc(&sta->users);
spin_unlock(&local->ap->sta_table_lock);
if (!sta)
return -1;
fc = le16_to_cpu(hdr->frame_control);
hostap_update_sta_ps2(local, sta, fc & WLAN_FC_PWRMGT,
HOSTAP_FC_GET_TYPE(fc), HOSTAP_FC_GET_STYPE(fc));
atomic_dec(&sta->users);
return 0;
}
/* Called only as a tasklet (software IRQ). Called for each RX frame after
* getting RX header and payload from hardware. */
ap_rx_ret hostap_handle_sta_rx(local_info_t *local, struct net_device *dev,
struct sk_buff *skb,
struct hostap_80211_rx_status *rx_stats,
int wds)
{
int ret;
struct sta_info *sta;
u16 fc, type, stype;
struct hostap_ieee80211_hdr *hdr;
if (local->ap == NULL)
return AP_RX_CONTINUE;
hdr = (struct hostap_ieee80211_hdr *) skb->data;
fc = le16_to_cpu(hdr->frame_control);
type = HOSTAP_FC_GET_TYPE(fc);
stype = HOSTAP_FC_GET_STYPE(fc);
spin_lock(&local->ap->sta_table_lock);
sta = ap_get_sta(local->ap, hdr->addr2);
if (sta)
atomic_inc(&sta->users);
spin_unlock(&local->ap->sta_table_lock);
if (sta && !(sta->flags & WLAN_STA_AUTHORIZED))
ret = AP_RX_CONTINUE_NOT_AUTHORIZED;
else
ret = AP_RX_CONTINUE;
if (fc & WLAN_FC_TODS) {
if (!wds && (sta == NULL || !(sta->flags & WLAN_STA_ASSOC))) {
if (local->hostapd) {
prism2_rx_80211(local->apdev, skb, rx_stats,
PRISM2_RX_NON_ASSOC);
#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
} else {
printk(KERN_DEBUG "%s: dropped received packet"
" from non-associated STA " MACSTR
" (type=0x%02x, subtype=0x%02x)\n",
dev->name, MAC2STR(hdr->addr2), type,
stype);
hostap_rx(dev, skb, rx_stats);
#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
}
ret = AP_RX_EXIT;
goto out;
}
} else if (fc & WLAN_FC_FROMDS) {
if (!wds) {
/* FromDS frame - not for us; probably
* broadcast/multicast in another BSS - drop */
if (memcmp(hdr->addr1, dev->dev_addr, ETH_ALEN) == 0) {
printk(KERN_DEBUG "Odd.. FromDS packet "
"received with own BSSID\n");
hostap_dump_rx_80211(dev->name, skb, rx_stats);
}
ret = AP_RX_DROP;
goto out;
}
} else if (stype == WLAN_FC_STYPE_NULLFUNC && sta == NULL &&
memcmp(hdr->addr1, dev->dev_addr, ETH_ALEN) == 0) {
if (local->hostapd) {
prism2_rx_80211(local->apdev, skb, rx_stats,
PRISM2_RX_NON_ASSOC);
#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
} else {
/* At least Lucent f/w seems to send data::nullfunc
* frames with no ToDS flag when the current AP returns
* after being unavailable for some time. Speed up
* re-association by informing the station about it not
* being associated. */
printk(KERN_DEBUG "%s: rejected received nullfunc "
"frame without ToDS from not associated STA "
MACSTR "\n",
dev->name, MAC2STR(hdr->addr2));
hostap_rx(dev, skb, rx_stats);
#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
}
ret = AP_RX_EXIT;
goto out;
} else if (stype == WLAN_FC_STYPE_NULLFUNC) {
/* At least Lucent cards seem to send periodic nullfunc
* frames with ToDS. Let these through to update SQ
* stats and PS state. Nullfunc frames do not contain
* any data and they will be dropped below. */
} else {
/* If BSSID (Addr3) is foreign, this frame is a normal
* broadcast frame from an IBSS network. Drop it silently.
* If BSSID is own, report the dropping of this frame. */
if (memcmp(hdr->addr3, dev->dev_addr, ETH_ALEN) == 0) {
printk(KERN_DEBUG "%s: dropped received packet from "
MACSTR " with no ToDS flag (type=0x%02x, "
"subtype=0x%02x)\n", dev->name,
MAC2STR(hdr->addr2), type, stype);
hostap_dump_rx_80211(dev->name, skb, rx_stats);
}
ret = AP_RX_DROP;
goto out;
}
if (sta) {
hostap_update_sta_ps2(local, sta, fc & WLAN_FC_PWRMGT,
type, stype);
sta->rx_packets++;
sta->rx_bytes += skb->len;
sta->last_rx = jiffies;
}
if (local->ap->nullfunc_ack && stype == WLAN_FC_STYPE_NULLFUNC &&
fc & WLAN_FC_TODS) {
if (local->hostapd) {
prism2_rx_80211(local->apdev, skb, rx_stats,
PRISM2_RX_NULLFUNC_ACK);
#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
} else {
/* some STA f/w's seem to require control::ACK frame
* for data::nullfunc, but Prism2 f/w 0.8.0 (at least
* from Compaq) does not send this.. Try to generate
* ACK for these frames from the host driver to make
* power saving work with, e.g., Lucent WaveLAN f/w */
hostap_rx(dev, skb, rx_stats);
#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
}
ret = AP_RX_EXIT;
goto out;
}
out:
if (sta)
atomic_dec(&sta->users);
return ret;
}
/* Called only as a tasklet (software IRQ) */
int hostap_handle_sta_crypto(local_info_t *local,
struct hostap_ieee80211_hdr *hdr,
struct ieee80211_crypt_data **crypt,
void **sta_ptr)
{
struct sta_info *sta;
spin_lock(&local->ap->sta_table_lock);
sta = ap_get_sta(local->ap, hdr->addr2);
if (sta)
atomic_inc(&sta->users);
spin_unlock(&local->ap->sta_table_lock);
if (!sta)
return -1;
if (sta->crypt) {
*crypt = sta->crypt;
*sta_ptr = sta;
/* hostap_handle_sta_release() will be called to release STA
* info */
} else
atomic_dec(&sta->users);
return 0;
}
/* Called only as a tasklet (software IRQ) */
int hostap_is_sta_assoc(struct ap_data *ap, u8 *sta_addr)
{
struct sta_info *sta;
int ret = 0;
spin_lock(&ap->sta_table_lock);
sta = ap_get_sta(ap, sta_addr);
if (sta != NULL && (sta->flags & WLAN_STA_ASSOC) && !sta->ap)
ret = 1;
spin_unlock(&ap->sta_table_lock);
return ret;
}
/* Called only as a tasklet (software IRQ) */
int hostap_is_sta_authorized(struct ap_data *ap, u8 *sta_addr)
{
struct sta_info *sta;
int ret = 0;
spin_lock(&ap->sta_table_lock);
sta = ap_get_sta(ap, sta_addr);
if (sta != NULL && (sta->flags & WLAN_STA_ASSOC) && !sta->ap &&
((sta->flags & WLAN_STA_AUTHORIZED) ||
ap->local->ieee_802_1x == 0))
ret = 1;
spin_unlock(&ap->sta_table_lock);
return ret;
}
/* Called only as a tasklet (software IRQ) */
int hostap_add_sta(struct ap_data *ap, u8 *sta_addr)
{
struct sta_info *sta;
int ret = 1;
if (!ap)
return -1;
spin_lock(&ap->sta_table_lock);
sta = ap_get_sta(ap, sta_addr);
if (sta)
ret = 0;
spin_unlock(&ap->sta_table_lock);
if (ret == 1) {
sta = ap_add_sta(ap, sta_addr);
if (!sta)
ret = -1;
sta->flags = WLAN_STA_AUTH | WLAN_STA_ASSOC;
sta->ap = 1;
memset(sta->supported_rates, 0, sizeof(sta->supported_rates));
/* No way of knowing which rates are supported since we did not
* get supported rates element from beacon/assoc req. Assume
* that remote end supports all 802.11b rates. */
sta->supported_rates[0] = 0x82;
sta->supported_rates[1] = 0x84;
sta->supported_rates[2] = 0x0b;
sta->supported_rates[3] = 0x16;
sta->tx_supp_rates = WLAN_RATE_1M | WLAN_RATE_2M |
WLAN_RATE_5M5 | WLAN_RATE_11M;
sta->tx_rate = 110;
sta->tx_max_rate = sta->tx_rate_idx = 3;
}
return ret;
}
/* Called only as a tasklet (software IRQ) */
int hostap_update_rx_stats(struct ap_data *ap,
struct hostap_ieee80211_hdr *hdr,
struct hostap_80211_rx_status *rx_stats)
{
struct sta_info *sta;
if (!ap)
return -1;
spin_lock(&ap->sta_table_lock);
sta = ap_get_sta(ap, hdr->addr2);
if (sta) {
sta->last_rx_silence = rx_stats->noise;
sta->last_rx_signal = rx_stats->signal;
sta->last_rx_rate = rx_stats->rate;
sta->last_rx_updated = 7;
if (rx_stats->rate == 10)
sta->rx_count[0]++;
else if (rx_stats->rate == 20)
sta->rx_count[1]++;
else if (rx_stats->rate == 55)
sta->rx_count[2]++;
else if (rx_stats->rate == 110)
sta->rx_count[3]++;
}
spin_unlock(&ap->sta_table_lock);
return sta ? 0 : -1;
}
void hostap_update_rates(local_info_t *local)
{
struct list_head *ptr;
struct ap_data *ap = local->ap;
if (!ap)
return;
spin_lock_bh(&ap->sta_table_lock);
for (ptr = ap->sta_list.next; ptr != &ap->sta_list; ptr = ptr->next) {
struct sta_info *sta = (struct sta_info *) ptr;
prism2_check_tx_rates(sta);
}
spin_unlock_bh(&ap->sta_table_lock);
}
static void * ap_crypt_get_ptrs(struct ap_data *ap, u8 *addr, int permanent,
struct ieee80211_crypt_data ***crypt)
{
struct sta_info *sta;
spin_lock_bh(&ap->sta_table_lock);
sta = ap_get_sta(ap, addr);
if (sta)
atomic_inc(&sta->users);
spin_unlock_bh(&ap->sta_table_lock);
if (!sta && permanent)
sta = ap_add_sta(ap, addr);
if (!sta)
return NULL;
if (permanent)
sta->flags |= WLAN_STA_PERM;
*crypt = &sta->crypt;
return sta;
}
void hostap_add_wds_links(local_info_t *local)
{
struct ap_data *ap = local->ap;
struct list_head *ptr;
spin_lock_bh(&ap->sta_table_lock);
list_for_each(ptr, &ap->sta_list) {
struct sta_info *sta = list_entry(ptr, struct sta_info, list);
if (sta->ap)
hostap_wds_link_oper(local, sta->addr, WDS_ADD);
}
spin_unlock_bh(&ap->sta_table_lock);
schedule_work(&local->ap->wds_oper_queue);
}
void hostap_wds_link_oper(local_info_t *local, u8 *addr, wds_oper_type type)
{
struct wds_oper_data *entry;
entry = kmalloc(sizeof(*entry), GFP_ATOMIC);
if (!entry)
return;
memcpy(entry->addr, addr, ETH_ALEN);
entry->type = type;
spin_lock_bh(&local->lock);
entry->next = local->ap->wds_oper_entries;
local->ap->wds_oper_entries = entry;
spin_unlock_bh(&local->lock);
schedule_work(&local->ap->wds_oper_queue);
}
EXPORT_SYMBOL(hostap_init_data);
EXPORT_SYMBOL(hostap_init_ap_proc);
EXPORT_SYMBOL(hostap_free_data);
EXPORT_SYMBOL(hostap_check_sta_fw_version);
EXPORT_SYMBOL(hostap_handle_sta_tx);
EXPORT_SYMBOL(hostap_handle_sta_release);
EXPORT_SYMBOL(hostap_handle_sta_tx_exc);
EXPORT_SYMBOL(hostap_update_sta_ps);
EXPORT_SYMBOL(hostap_handle_sta_rx);
EXPORT_SYMBOL(hostap_is_sta_assoc);
EXPORT_SYMBOL(hostap_is_sta_authorized);
EXPORT_SYMBOL(hostap_add_sta);
EXPORT_SYMBOL(hostap_update_rates);
EXPORT_SYMBOL(hostap_add_wds_links);
EXPORT_SYMBOL(hostap_wds_link_oper);
#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
EXPORT_SYMBOL(hostap_deauth_all_stas);
#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */