1/* 2 * Intersil Prism2 driver with Host AP (software access point) support 3 * Copyright (c) 2001-2002, SSH Communications Security Corp and Jouni Malinen 4 * <j@w1.fi> 5 * Copyright (c) 2002-2005, Jouni Malinen <j@w1.fi> 6 * 7 * This file is to be included into hostap.c when S/W AP functionality is 8 * compiled. 9 * 10 * AP: FIX: 11 * - if unicast Class 2 (assoc,reassoc,disassoc) frame received from 12 * unauthenticated STA, send deauth. frame (8802.11: 5.5) 13 * - if unicast Class 3 (data with to/from DS,deauth,pspoll) frame received 14 * from authenticated, but unassoc STA, send disassoc frame (8802.11: 5.5) 15 * - if unicast Class 3 received from unauthenticated STA, send deauth. frame 16 * (8802.11: 5.5) 17 */ 18 19#include <linux/proc_fs.h> 20#include <linux/seq_file.h> 21#include <linux/delay.h> 22#include <linux/random.h> 23#include <linux/if_arp.h> 24#include <linux/slab.h> 25#include <linux/export.h> 26#include <linux/moduleparam.h> 27#include <linux/etherdevice.h> 28 29#include "hostap_wlan.h" 30#include "hostap.h" 31#include "hostap_ap.h" 32 33static int other_ap_policy[MAX_PARM_DEVICES] = { AP_OTHER_AP_SKIP_ALL, 34 DEF_INTS }; 35module_param_array(other_ap_policy, int, NULL, 0444); 36MODULE_PARM_DESC(other_ap_policy, "Other AP beacon monitoring policy (0-3)"); 37 38static int ap_max_inactivity[MAX_PARM_DEVICES] = { AP_MAX_INACTIVITY_SEC, 39 DEF_INTS }; 40module_param_array(ap_max_inactivity, int, NULL, 0444); 41MODULE_PARM_DESC(ap_max_inactivity, "AP timeout (in seconds) for station " 42 "inactivity"); 43 44static int ap_bridge_packets[MAX_PARM_DEVICES] = { 1, DEF_INTS }; 45module_param_array(ap_bridge_packets, int, NULL, 0444); 46MODULE_PARM_DESC(ap_bridge_packets, "Bridge packets directly between " 47 "stations"); 48 49static int autom_ap_wds[MAX_PARM_DEVICES] = { 0, DEF_INTS }; 50module_param_array(autom_ap_wds, int, NULL, 0444); 51MODULE_PARM_DESC(autom_ap_wds, "Add WDS connections to other APs " 52 "automatically"); 53 54 55static struct sta_info* ap_get_sta(struct ap_data *ap, u8 *sta); 56static void hostap_event_expired_sta(struct net_device *dev, 57 struct sta_info *sta); 58static void handle_add_proc_queue(struct work_struct *work); 59 60#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 61static void handle_wds_oper_queue(struct work_struct *work); 62static void prism2_send_mgmt(struct net_device *dev, 63 u16 type_subtype, char *body, 64 int body_len, u8 *addr, u16 tx_cb_idx); 65#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 66 67 68#ifndef PRISM2_NO_PROCFS_DEBUG 69static int ap_debug_proc_show(struct seq_file *m, void *v) 70{ 71 struct ap_data *ap = m->private; 72 73 seq_printf(m, "BridgedUnicastFrames=%u\n", ap->bridged_unicast); 74 seq_printf(m, "BridgedMulticastFrames=%u\n", ap->bridged_multicast); 75 seq_printf(m, "max_inactivity=%u\n", ap->max_inactivity / HZ); 76 seq_printf(m, "bridge_packets=%u\n", ap->bridge_packets); 77 seq_printf(m, "nullfunc_ack=%u\n", ap->nullfunc_ack); 78 seq_printf(m, "autom_ap_wds=%u\n", ap->autom_ap_wds); 79 seq_printf(m, "auth_algs=%u\n", ap->local->auth_algs); 80 seq_printf(m, "tx_drop_nonassoc=%u\n", ap->tx_drop_nonassoc); 81 return 0; 82} 83 84static int ap_debug_proc_open(struct inode *inode, struct file *file) 85{ 86 return single_open(file, ap_debug_proc_show, PDE_DATA(inode)); 87} 88 89static const struct file_operations ap_debug_proc_fops = { 90 .open = ap_debug_proc_open, 91 .read = seq_read, 92 .llseek = seq_lseek, 93 .release = single_release, 94}; 95#endif /* PRISM2_NO_PROCFS_DEBUG */ 96 97 98static void ap_sta_hash_add(struct ap_data *ap, struct sta_info *sta) 99{ 100 sta->hnext = ap->sta_hash[STA_HASH(sta->addr)]; 101 ap->sta_hash[STA_HASH(sta->addr)] = sta; 102} 103 104static void ap_sta_hash_del(struct ap_data *ap, struct sta_info *sta) 105{ 106 struct sta_info *s; 107 108 s = ap->sta_hash[STA_HASH(sta->addr)]; 109 if (s == NULL) return; 110 if (ether_addr_equal(s->addr, sta->addr)) { 111 ap->sta_hash[STA_HASH(sta->addr)] = s->hnext; 112 return; 113 } 114 115 while (s->hnext != NULL && !ether_addr_equal(s->hnext->addr, sta->addr)) 116 s = s->hnext; 117 if (s->hnext != NULL) 118 s->hnext = s->hnext->hnext; 119 else 120 printk("AP: could not remove STA %pM from hash table\n", 121 sta->addr); 122} 123 124static void ap_free_sta(struct ap_data *ap, struct sta_info *sta) 125{ 126 if (sta->ap && sta->local) 127 hostap_event_expired_sta(sta->local->dev, sta); 128 129 if (ap->proc != NULL) { 130 char name[20]; 131 sprintf(name, "%pM", sta->addr); 132 remove_proc_entry(name, ap->proc); 133 } 134 135 if (sta->crypt) { 136 sta->crypt->ops->deinit(sta->crypt->priv); 137 kfree(sta->crypt); 138 sta->crypt = NULL; 139 } 140 141 skb_queue_purge(&sta->tx_buf); 142 143 ap->num_sta--; 144#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 145 if (sta->aid > 0) 146 ap->sta_aid[sta->aid - 1] = NULL; 147 148 if (!sta->ap) 149 kfree(sta->u.sta.challenge); 150 del_timer_sync(&sta->timer); 151#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 152 153 kfree(sta); 154} 155 156 157static void hostap_set_tim(local_info_t *local, int aid, int set) 158{ 159 if (local->func->set_tim) 160 local->func->set_tim(local->dev, aid, set); 161} 162 163 164static void hostap_event_new_sta(struct net_device *dev, struct sta_info *sta) 165{ 166 union iwreq_data wrqu; 167 memset(&wrqu, 0, sizeof(wrqu)); 168 memcpy(wrqu.addr.sa_data, sta->addr, ETH_ALEN); 169 wrqu.addr.sa_family = ARPHRD_ETHER; 170 wireless_send_event(dev, IWEVREGISTERED, &wrqu, NULL); 171} 172 173 174static void hostap_event_expired_sta(struct net_device *dev, 175 struct sta_info *sta) 176{ 177 union iwreq_data wrqu; 178 memset(&wrqu, 0, sizeof(wrqu)); 179 memcpy(wrqu.addr.sa_data, sta->addr, ETH_ALEN); 180 wrqu.addr.sa_family = ARPHRD_ETHER; 181 wireless_send_event(dev, IWEVEXPIRED, &wrqu, NULL); 182} 183 184 185#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 186 187static void ap_handle_timer(unsigned long data) 188{ 189 struct sta_info *sta = (struct sta_info *) data; 190 local_info_t *local; 191 struct ap_data *ap; 192 unsigned long next_time = 0; 193 int was_assoc; 194 195 if (sta == NULL || sta->local == NULL || sta->local->ap == NULL) { 196 PDEBUG(DEBUG_AP, "ap_handle_timer() called with NULL data\n"); 197 return; 198 } 199 200 local = sta->local; 201 ap = local->ap; 202 was_assoc = sta->flags & WLAN_STA_ASSOC; 203 204 if (atomic_read(&sta->users) != 0) 205 next_time = jiffies + HZ; 206 else if ((sta->flags & WLAN_STA_PERM) && !(sta->flags & WLAN_STA_AUTH)) 207 next_time = jiffies + ap->max_inactivity; 208 209 if (time_before(jiffies, sta->last_rx + ap->max_inactivity)) { 210 /* station activity detected; reset timeout state */ 211 sta->timeout_next = STA_NULLFUNC; 212 next_time = sta->last_rx + ap->max_inactivity; 213 } else if (sta->timeout_next == STA_DISASSOC && 214 !(sta->flags & WLAN_STA_PENDING_POLL)) { 215 /* STA ACKed data nullfunc frame poll */ 216 sta->timeout_next = STA_NULLFUNC; 217 next_time = jiffies + ap->max_inactivity; 218 } 219 220 if (next_time) { 221 sta->timer.expires = next_time; 222 add_timer(&sta->timer); 223 return; 224 } 225 226 if (sta->ap) 227 sta->timeout_next = STA_DEAUTH; 228 229 if (sta->timeout_next == STA_DEAUTH && !(sta->flags & WLAN_STA_PERM)) { 230 spin_lock(&ap->sta_table_lock); 231 ap_sta_hash_del(ap, sta); 232 list_del(&sta->list); 233 spin_unlock(&ap->sta_table_lock); 234 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC); 235 } else if (sta->timeout_next == STA_DISASSOC) 236 sta->flags &= ~WLAN_STA_ASSOC; 237 238 if (was_assoc && !(sta->flags & WLAN_STA_ASSOC) && !sta->ap) 239 hostap_event_expired_sta(local->dev, sta); 240 241 if (sta->timeout_next == STA_DEAUTH && sta->aid > 0 && 242 !skb_queue_empty(&sta->tx_buf)) { 243 hostap_set_tim(local, sta->aid, 0); 244 sta->flags &= ~WLAN_STA_TIM; 245 } 246 247 if (sta->ap) { 248 if (ap->autom_ap_wds) { 249 PDEBUG(DEBUG_AP, "%s: removing automatic WDS " 250 "connection to AP %pM\n", 251 local->dev->name, sta->addr); 252 hostap_wds_link_oper(local, sta->addr, WDS_DEL); 253 } 254 } else if (sta->timeout_next == STA_NULLFUNC) { 255 /* send data frame to poll STA and check whether this frame 256 * is ACKed */ 257 /* FIX: IEEE80211_STYPE_NULLFUNC would be more appropriate, but 258 * it is apparently not retried so TX Exc events are not 259 * received for it */ 260 sta->flags |= WLAN_STA_PENDING_POLL; 261 prism2_send_mgmt(local->dev, IEEE80211_FTYPE_DATA | 262 IEEE80211_STYPE_DATA, NULL, 0, 263 sta->addr, ap->tx_callback_poll); 264 } else { 265 int deauth = sta->timeout_next == STA_DEAUTH; 266 __le16 resp; 267 PDEBUG(DEBUG_AP, "%s: sending %s info to STA %pM" 268 "(last=%lu, jiffies=%lu)\n", 269 local->dev->name, 270 deauth ? "deauthentication" : "disassociation", 271 sta->addr, sta->last_rx, jiffies); 272 273 resp = cpu_to_le16(deauth ? WLAN_REASON_PREV_AUTH_NOT_VALID : 274 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY); 275 prism2_send_mgmt(local->dev, IEEE80211_FTYPE_MGMT | 276 (deauth ? IEEE80211_STYPE_DEAUTH : 277 IEEE80211_STYPE_DISASSOC), 278 (char *) &resp, 2, sta->addr, 0); 279 } 280 281 if (sta->timeout_next == STA_DEAUTH) { 282 if (sta->flags & WLAN_STA_PERM) { 283 PDEBUG(DEBUG_AP, "%s: STA %pM" 284 " would have been removed, " 285 "but it has 'perm' flag\n", 286 local->dev->name, sta->addr); 287 } else 288 ap_free_sta(ap, sta); 289 return; 290 } 291 292 if (sta->timeout_next == STA_NULLFUNC) { 293 sta->timeout_next = STA_DISASSOC; 294 sta->timer.expires = jiffies + AP_DISASSOC_DELAY; 295 } else { 296 sta->timeout_next = STA_DEAUTH; 297 sta->timer.expires = jiffies + AP_DEAUTH_DELAY; 298 } 299 300 add_timer(&sta->timer); 301} 302 303 304void hostap_deauth_all_stas(struct net_device *dev, struct ap_data *ap, 305 int resend) 306{ 307 u8 addr[ETH_ALEN]; 308 __le16 resp; 309 int i; 310 311 PDEBUG(DEBUG_AP, "%s: Deauthenticate all stations\n", dev->name); 312 eth_broadcast_addr(addr); 313 314 resp = cpu_to_le16(WLAN_REASON_PREV_AUTH_NOT_VALID); 315 316 /* deauth message sent; try to resend it few times; the message is 317 * broadcast, so it may be delayed until next DTIM; there is not much 318 * else we can do at this point since the driver is going to be shut 319 * down */ 320 for (i = 0; i < 5; i++) { 321 prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT | 322 IEEE80211_STYPE_DEAUTH, 323 (char *) &resp, 2, addr, 0); 324 325 if (!resend || ap->num_sta <= 0) 326 return; 327 328 mdelay(50); 329 } 330} 331 332 333static int ap_control_proc_show(struct seq_file *m, void *v) 334{ 335 struct ap_data *ap = m->private; 336 char *policy_txt; 337 struct mac_entry *entry; 338 339 if (v == SEQ_START_TOKEN) { 340 switch (ap->mac_restrictions.policy) { 341 case MAC_POLICY_OPEN: 342 policy_txt = "open"; 343 break; 344 case MAC_POLICY_ALLOW: 345 policy_txt = "allow"; 346 break; 347 case MAC_POLICY_DENY: 348 policy_txt = "deny"; 349 break; 350 default: 351 policy_txt = "unknown"; 352 break; 353 } 354 seq_printf(m, "MAC policy: %s\n", policy_txt); 355 seq_printf(m, "MAC entries: %u\n", ap->mac_restrictions.entries); 356 seq_puts(m, "MAC list:\n"); 357 return 0; 358 } 359 360 entry = v; 361 seq_printf(m, "%pM\n", entry->addr); 362 return 0; 363} 364 365static void *ap_control_proc_start(struct seq_file *m, loff_t *_pos) 366{ 367 struct ap_data *ap = m->private; 368 spin_lock_bh(&ap->mac_restrictions.lock); 369 return seq_list_start_head(&ap->mac_restrictions.mac_list, *_pos); 370} 371 372static void *ap_control_proc_next(struct seq_file *m, void *v, loff_t *_pos) 373{ 374 struct ap_data *ap = m->private; 375 return seq_list_next(v, &ap->mac_restrictions.mac_list, _pos); 376} 377 378static void ap_control_proc_stop(struct seq_file *m, void *v) 379{ 380 struct ap_data *ap = m->private; 381 spin_unlock_bh(&ap->mac_restrictions.lock); 382} 383 384static const struct seq_operations ap_control_proc_seqops = { 385 .start = ap_control_proc_start, 386 .next = ap_control_proc_next, 387 .stop = ap_control_proc_stop, 388 .show = ap_control_proc_show, 389}; 390 391static int ap_control_proc_open(struct inode *inode, struct file *file) 392{ 393 int ret = seq_open(file, &ap_control_proc_seqops); 394 if (ret == 0) { 395 struct seq_file *m = file->private_data; 396 m->private = PDE_DATA(inode); 397 } 398 return ret; 399} 400 401static const struct file_operations ap_control_proc_fops = { 402 .open = ap_control_proc_open, 403 .read = seq_read, 404 .llseek = seq_lseek, 405 .release = seq_release, 406}; 407 408 409int ap_control_add_mac(struct mac_restrictions *mac_restrictions, u8 *mac) 410{ 411 struct mac_entry *entry; 412 413 entry = kmalloc(sizeof(struct mac_entry), GFP_KERNEL); 414 if (entry == NULL) 415 return -ENOMEM; 416 417 memcpy(entry->addr, mac, ETH_ALEN); 418 419 spin_lock_bh(&mac_restrictions->lock); 420 list_add_tail(&entry->list, &mac_restrictions->mac_list); 421 mac_restrictions->entries++; 422 spin_unlock_bh(&mac_restrictions->lock); 423 424 return 0; 425} 426 427 428int ap_control_del_mac(struct mac_restrictions *mac_restrictions, u8 *mac) 429{ 430 struct list_head *ptr; 431 struct mac_entry *entry; 432 433 spin_lock_bh(&mac_restrictions->lock); 434 for (ptr = mac_restrictions->mac_list.next; 435 ptr != &mac_restrictions->mac_list; ptr = ptr->next) { 436 entry = list_entry(ptr, struct mac_entry, list); 437 438 if (ether_addr_equal(entry->addr, mac)) { 439 list_del(ptr); 440 kfree(entry); 441 mac_restrictions->entries--; 442 spin_unlock_bh(&mac_restrictions->lock); 443 return 0; 444 } 445 } 446 spin_unlock_bh(&mac_restrictions->lock); 447 return -1; 448} 449 450 451static int ap_control_mac_deny(struct mac_restrictions *mac_restrictions, 452 u8 *mac) 453{ 454 struct mac_entry *entry; 455 int found = 0; 456 457 if (mac_restrictions->policy == MAC_POLICY_OPEN) 458 return 0; 459 460 spin_lock_bh(&mac_restrictions->lock); 461 list_for_each_entry(entry, &mac_restrictions->mac_list, list) { 462 if (ether_addr_equal(entry->addr, mac)) { 463 found = 1; 464 break; 465 } 466 } 467 spin_unlock_bh(&mac_restrictions->lock); 468 469 if (mac_restrictions->policy == MAC_POLICY_ALLOW) 470 return !found; 471 else 472 return found; 473} 474 475 476void ap_control_flush_macs(struct mac_restrictions *mac_restrictions) 477{ 478 struct list_head *ptr, *n; 479 struct mac_entry *entry; 480 481 if (mac_restrictions->entries == 0) 482 return; 483 484 spin_lock_bh(&mac_restrictions->lock); 485 for (ptr = mac_restrictions->mac_list.next, n = ptr->next; 486 ptr != &mac_restrictions->mac_list; 487 ptr = n, n = ptr->next) { 488 entry = list_entry(ptr, struct mac_entry, list); 489 list_del(ptr); 490 kfree(entry); 491 } 492 mac_restrictions->entries = 0; 493 spin_unlock_bh(&mac_restrictions->lock); 494} 495 496 497int ap_control_kick_mac(struct ap_data *ap, struct net_device *dev, u8 *mac) 498{ 499 struct sta_info *sta; 500 __le16 resp; 501 502 spin_lock_bh(&ap->sta_table_lock); 503 sta = ap_get_sta(ap, mac); 504 if (sta) { 505 ap_sta_hash_del(ap, sta); 506 list_del(&sta->list); 507 } 508 spin_unlock_bh(&ap->sta_table_lock); 509 510 if (!sta) 511 return -EINVAL; 512 513 resp = cpu_to_le16(WLAN_REASON_PREV_AUTH_NOT_VALID); 514 prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_DEAUTH, 515 (char *) &resp, 2, sta->addr, 0); 516 517 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap) 518 hostap_event_expired_sta(dev, sta); 519 520 ap_free_sta(ap, sta); 521 522 return 0; 523} 524 525#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 526 527 528void ap_control_kickall(struct ap_data *ap) 529{ 530 struct list_head *ptr, *n; 531 struct sta_info *sta; 532 533 spin_lock_bh(&ap->sta_table_lock); 534 for (ptr = ap->sta_list.next, n = ptr->next; ptr != &ap->sta_list; 535 ptr = n, n = ptr->next) { 536 sta = list_entry(ptr, struct sta_info, list); 537 ap_sta_hash_del(ap, sta); 538 list_del(&sta->list); 539 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap && sta->local) 540 hostap_event_expired_sta(sta->local->dev, sta); 541 ap_free_sta(ap, sta); 542 } 543 spin_unlock_bh(&ap->sta_table_lock); 544} 545 546 547#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 548 549static int prism2_ap_proc_show(struct seq_file *m, void *v) 550{ 551 struct sta_info *sta = v; 552 int i; 553 554 if (v == SEQ_START_TOKEN) { 555 seq_printf(m, "# BSSID CHAN SIGNAL NOISE RATE SSID FLAGS\n"); 556 return 0; 557 } 558 559 if (!sta->ap) 560 return 0; 561 562 seq_printf(m, "%pM %d %d %d %d '", 563 sta->addr, 564 sta->u.ap.channel, sta->last_rx_signal, 565 sta->last_rx_silence, sta->last_rx_rate); 566 567 for (i = 0; i < sta->u.ap.ssid_len; i++) { 568 if (sta->u.ap.ssid[i] >= 32 && sta->u.ap.ssid[i] < 127) 569 seq_putc(m, sta->u.ap.ssid[i]); 570 else 571 seq_printf(m, "<%02x>", sta->u.ap.ssid[i]); 572 } 573 574 seq_putc(m, '\''); 575 if (sta->capability & WLAN_CAPABILITY_ESS) 576 seq_puts(m, " [ESS]"); 577 if (sta->capability & WLAN_CAPABILITY_IBSS) 578 seq_puts(m, " [IBSS]"); 579 if (sta->capability & WLAN_CAPABILITY_PRIVACY) 580 seq_puts(m, " [WEP]"); 581 seq_putc(m, '\n'); 582 return 0; 583} 584 585static void *prism2_ap_proc_start(struct seq_file *m, loff_t *_pos) 586{ 587 struct ap_data *ap = m->private; 588 spin_lock_bh(&ap->sta_table_lock); 589 return seq_list_start_head(&ap->sta_list, *_pos); 590} 591 592static void *prism2_ap_proc_next(struct seq_file *m, void *v, loff_t *_pos) 593{ 594 struct ap_data *ap = m->private; 595 return seq_list_next(v, &ap->sta_list, _pos); 596} 597 598static void prism2_ap_proc_stop(struct seq_file *m, void *v) 599{ 600 struct ap_data *ap = m->private; 601 spin_unlock_bh(&ap->sta_table_lock); 602} 603 604static const struct seq_operations prism2_ap_proc_seqops = { 605 .start = prism2_ap_proc_start, 606 .next = prism2_ap_proc_next, 607 .stop = prism2_ap_proc_stop, 608 .show = prism2_ap_proc_show, 609}; 610 611static int prism2_ap_proc_open(struct inode *inode, struct file *file) 612{ 613 int ret = seq_open(file, &prism2_ap_proc_seqops); 614 if (ret == 0) { 615 struct seq_file *m = file->private_data; 616 m->private = PDE_DATA(inode); 617 } 618 return ret; 619} 620 621static const struct file_operations prism2_ap_proc_fops = { 622 .open = prism2_ap_proc_open, 623 .read = seq_read, 624 .llseek = seq_lseek, 625 .release = seq_release, 626}; 627#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 628 629 630void hostap_check_sta_fw_version(struct ap_data *ap, int sta_fw_ver) 631{ 632 if (!ap) 633 return; 634 635 if (sta_fw_ver == PRISM2_FW_VER(0,8,0)) { 636 PDEBUG(DEBUG_AP, "Using data::nullfunc ACK workaround - " 637 "firmware upgrade recommended\n"); 638 ap->nullfunc_ack = 1; 639 } else 640 ap->nullfunc_ack = 0; 641 642 if (sta_fw_ver == PRISM2_FW_VER(1,4,2)) { 643 printk(KERN_WARNING "%s: Warning: secondary station firmware " 644 "version 1.4.2 does not seem to work in Host AP mode\n", 645 ap->local->dev->name); 646 } 647} 648 649 650/* Called only as a tasklet (software IRQ) */ 651static void hostap_ap_tx_cb(struct sk_buff *skb, int ok, void *data) 652{ 653 struct ap_data *ap = data; 654 struct ieee80211_hdr *hdr; 655 656 if (!ap->local->hostapd || !ap->local->apdev) { 657 dev_kfree_skb(skb); 658 return; 659 } 660 661 /* Pass the TX callback frame to the hostapd; use 802.11 header version 662 * 1 to indicate failure (no ACK) and 2 success (frame ACKed) */ 663 664 hdr = (struct ieee80211_hdr *) skb->data; 665 hdr->frame_control &= cpu_to_le16(~IEEE80211_FCTL_VERS); 666 hdr->frame_control |= cpu_to_le16(ok ? BIT(1) : BIT(0)); 667 668 skb->dev = ap->local->apdev; 669 skb_pull(skb, hostap_80211_get_hdrlen(hdr->frame_control)); 670 skb->pkt_type = PACKET_OTHERHOST; 671 skb->protocol = cpu_to_be16(ETH_P_802_2); 672 memset(skb->cb, 0, sizeof(skb->cb)); 673 netif_rx(skb); 674} 675 676 677#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 678/* Called only as a tasklet (software IRQ) */ 679static void hostap_ap_tx_cb_auth(struct sk_buff *skb, int ok, void *data) 680{ 681 struct ap_data *ap = data; 682 struct net_device *dev = ap->local->dev; 683 struct ieee80211_hdr *hdr; 684 u16 auth_alg, auth_transaction, status; 685 __le16 *pos; 686 struct sta_info *sta = NULL; 687 char *txt = NULL; 688 689 if (ap->local->hostapd) { 690 dev_kfree_skb(skb); 691 return; 692 } 693 694 hdr = (struct ieee80211_hdr *) skb->data; 695 if (!ieee80211_is_auth(hdr->frame_control) || 696 skb->len < IEEE80211_MGMT_HDR_LEN + 6) { 697 printk(KERN_DEBUG "%s: hostap_ap_tx_cb_auth received invalid " 698 "frame\n", dev->name); 699 dev_kfree_skb(skb); 700 return; 701 } 702 703 pos = (__le16 *) (skb->data + IEEE80211_MGMT_HDR_LEN); 704 auth_alg = le16_to_cpu(*pos++); 705 auth_transaction = le16_to_cpu(*pos++); 706 status = le16_to_cpu(*pos++); 707 708 if (!ok) { 709 txt = "frame was not ACKed"; 710 goto done; 711 } 712 713 spin_lock(&ap->sta_table_lock); 714 sta = ap_get_sta(ap, hdr->addr1); 715 if (sta) 716 atomic_inc(&sta->users); 717 spin_unlock(&ap->sta_table_lock); 718 719 if (!sta) { 720 txt = "STA not found"; 721 goto done; 722 } 723 724 if (status == WLAN_STATUS_SUCCESS && 725 ((auth_alg == WLAN_AUTH_OPEN && auth_transaction == 2) || 726 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 4))) { 727 txt = "STA authenticated"; 728 sta->flags |= WLAN_STA_AUTH; 729 sta->last_auth = jiffies; 730 } else if (status != WLAN_STATUS_SUCCESS) 731 txt = "authentication failed"; 732 733 done: 734 if (sta) 735 atomic_dec(&sta->users); 736 if (txt) { 737 PDEBUG(DEBUG_AP, "%s: %pM auth_cb - alg=%d " 738 "trans#=%d status=%d - %s\n", 739 dev->name, hdr->addr1, 740 auth_alg, auth_transaction, status, txt); 741 } 742 dev_kfree_skb(skb); 743} 744 745 746/* Called only as a tasklet (software IRQ) */ 747static void hostap_ap_tx_cb_assoc(struct sk_buff *skb, int ok, void *data) 748{ 749 struct ap_data *ap = data; 750 struct net_device *dev = ap->local->dev; 751 struct ieee80211_hdr *hdr; 752 u16 status; 753 __le16 *pos; 754 struct sta_info *sta = NULL; 755 char *txt = NULL; 756 757 if (ap->local->hostapd) { 758 dev_kfree_skb(skb); 759 return; 760 } 761 762 hdr = (struct ieee80211_hdr *) skb->data; 763 if ((!ieee80211_is_assoc_resp(hdr->frame_control) && 764 !ieee80211_is_reassoc_resp(hdr->frame_control)) || 765 skb->len < IEEE80211_MGMT_HDR_LEN + 4) { 766 printk(KERN_DEBUG "%s: hostap_ap_tx_cb_assoc received invalid " 767 "frame\n", dev->name); 768 dev_kfree_skb(skb); 769 return; 770 } 771 772 if (!ok) { 773 txt = "frame was not ACKed"; 774 goto done; 775 } 776 777 spin_lock(&ap->sta_table_lock); 778 sta = ap_get_sta(ap, hdr->addr1); 779 if (sta) 780 atomic_inc(&sta->users); 781 spin_unlock(&ap->sta_table_lock); 782 783 if (!sta) { 784 txt = "STA not found"; 785 goto done; 786 } 787 788 pos = (__le16 *) (skb->data + IEEE80211_MGMT_HDR_LEN); 789 pos++; 790 status = le16_to_cpu(*pos++); 791 if (status == WLAN_STATUS_SUCCESS) { 792 if (!(sta->flags & WLAN_STA_ASSOC)) 793 hostap_event_new_sta(dev, sta); 794 txt = "STA associated"; 795 sta->flags |= WLAN_STA_ASSOC; 796 sta->last_assoc = jiffies; 797 } else 798 txt = "association failed"; 799 800 done: 801 if (sta) 802 atomic_dec(&sta->users); 803 if (txt) { 804 PDEBUG(DEBUG_AP, "%s: %pM assoc_cb - %s\n", 805 dev->name, hdr->addr1, txt); 806 } 807 dev_kfree_skb(skb); 808} 809 810/* Called only as a tasklet (software IRQ); TX callback for poll frames used 811 * in verifying whether the STA is still present. */ 812static void hostap_ap_tx_cb_poll(struct sk_buff *skb, int ok, void *data) 813{ 814 struct ap_data *ap = data; 815 struct ieee80211_hdr *hdr; 816 struct sta_info *sta; 817 818 if (skb->len < 24) 819 goto fail; 820 hdr = (struct ieee80211_hdr *) skb->data; 821 if (ok) { 822 spin_lock(&ap->sta_table_lock); 823 sta = ap_get_sta(ap, hdr->addr1); 824 if (sta) 825 sta->flags &= ~WLAN_STA_PENDING_POLL; 826 spin_unlock(&ap->sta_table_lock); 827 } else { 828 PDEBUG(DEBUG_AP, 829 "%s: STA %pM did not ACK activity poll frame\n", 830 ap->local->dev->name, hdr->addr1); 831 } 832 833 fail: 834 dev_kfree_skb(skb); 835} 836#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 837 838 839void hostap_init_data(local_info_t *local) 840{ 841 struct ap_data *ap = local->ap; 842 843 if (ap == NULL) { 844 printk(KERN_WARNING "hostap_init_data: ap == NULL\n"); 845 return; 846 } 847 memset(ap, 0, sizeof(struct ap_data)); 848 ap->local = local; 849 850 ap->ap_policy = GET_INT_PARM(other_ap_policy, local->card_idx); 851 ap->bridge_packets = GET_INT_PARM(ap_bridge_packets, local->card_idx); 852 ap->max_inactivity = 853 GET_INT_PARM(ap_max_inactivity, local->card_idx) * HZ; 854 ap->autom_ap_wds = GET_INT_PARM(autom_ap_wds, local->card_idx); 855 856 spin_lock_init(&ap->sta_table_lock); 857 INIT_LIST_HEAD(&ap->sta_list); 858 859 /* Initialize task queue structure for AP management */ 860 INIT_WORK(&local->ap->add_sta_proc_queue, handle_add_proc_queue); 861 862 ap->tx_callback_idx = 863 hostap_tx_callback_register(local, hostap_ap_tx_cb, ap); 864 if (ap->tx_callback_idx == 0) 865 printk(KERN_WARNING "%s: failed to register TX callback for " 866 "AP\n", local->dev->name); 867#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 868 INIT_WORK(&local->ap->wds_oper_queue, handle_wds_oper_queue); 869 870 ap->tx_callback_auth = 871 hostap_tx_callback_register(local, hostap_ap_tx_cb_auth, ap); 872 ap->tx_callback_assoc = 873 hostap_tx_callback_register(local, hostap_ap_tx_cb_assoc, ap); 874 ap->tx_callback_poll = 875 hostap_tx_callback_register(local, hostap_ap_tx_cb_poll, ap); 876 if (ap->tx_callback_auth == 0 || ap->tx_callback_assoc == 0 || 877 ap->tx_callback_poll == 0) 878 printk(KERN_WARNING "%s: failed to register TX callback for " 879 "AP\n", local->dev->name); 880 881 spin_lock_init(&ap->mac_restrictions.lock); 882 INIT_LIST_HEAD(&ap->mac_restrictions.mac_list); 883#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 884 885 ap->initialized = 1; 886} 887 888 889void hostap_init_ap_proc(local_info_t *local) 890{ 891 struct ap_data *ap = local->ap; 892 893 ap->proc = local->proc; 894 if (ap->proc == NULL) 895 return; 896 897#ifndef PRISM2_NO_PROCFS_DEBUG 898 proc_create_data("ap_debug", 0, ap->proc, &ap_debug_proc_fops, ap); 899#endif /* PRISM2_NO_PROCFS_DEBUG */ 900 901#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 902 proc_create_data("ap_control", 0, ap->proc, &ap_control_proc_fops, ap); 903 proc_create_data("ap", 0, ap->proc, &prism2_ap_proc_fops, ap); 904#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 905 906} 907 908 909void hostap_free_data(struct ap_data *ap) 910{ 911 struct sta_info *n, *sta; 912 913 if (ap == NULL || !ap->initialized) { 914 printk(KERN_DEBUG "hostap_free_data: ap has not yet been " 915 "initialized - skip resource freeing\n"); 916 return; 917 } 918 919 flush_work(&ap->add_sta_proc_queue); 920 921#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 922 flush_work(&ap->wds_oper_queue); 923 if (ap->crypt) 924 ap->crypt->deinit(ap->crypt_priv); 925 ap->crypt = ap->crypt_priv = NULL; 926#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 927 928 list_for_each_entry_safe(sta, n, &ap->sta_list, list) { 929 ap_sta_hash_del(ap, sta); 930 list_del(&sta->list); 931 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap && sta->local) 932 hostap_event_expired_sta(sta->local->dev, sta); 933 ap_free_sta(ap, sta); 934 } 935 936#ifndef PRISM2_NO_PROCFS_DEBUG 937 if (ap->proc != NULL) { 938 remove_proc_entry("ap_debug", ap->proc); 939 } 940#endif /* PRISM2_NO_PROCFS_DEBUG */ 941 942#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 943 if (ap->proc != NULL) { 944 remove_proc_entry("ap", ap->proc); 945 remove_proc_entry("ap_control", ap->proc); 946 } 947 ap_control_flush_macs(&ap->mac_restrictions); 948#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 949 950 ap->initialized = 0; 951} 952 953 954/* caller should have mutex for AP STA list handling */ 955static struct sta_info* ap_get_sta(struct ap_data *ap, u8 *sta) 956{ 957 struct sta_info *s; 958 959 s = ap->sta_hash[STA_HASH(sta)]; 960 while (s != NULL && !ether_addr_equal(s->addr, sta)) 961 s = s->hnext; 962 return s; 963} 964 965 966#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 967 968/* Called from timer handler and from scheduled AP queue handlers */ 969static void prism2_send_mgmt(struct net_device *dev, 970 u16 type_subtype, char *body, 971 int body_len, u8 *addr, u16 tx_cb_idx) 972{ 973 struct hostap_interface *iface; 974 local_info_t *local; 975 struct ieee80211_hdr *hdr; 976 u16 fc; 977 struct sk_buff *skb; 978 struct hostap_skb_tx_data *meta; 979 int hdrlen; 980 981 iface = netdev_priv(dev); 982 local = iface->local; 983 dev = local->dev; /* always use master radio device */ 984 iface = netdev_priv(dev); 985 986 if (!(dev->flags & IFF_UP)) { 987 PDEBUG(DEBUG_AP, "%s: prism2_send_mgmt - device is not UP - " 988 "cannot send frame\n", dev->name); 989 return; 990 } 991 992 skb = dev_alloc_skb(sizeof(*hdr) + body_len); 993 if (skb == NULL) { 994 PDEBUG(DEBUG_AP, "%s: prism2_send_mgmt failed to allocate " 995 "skb\n", dev->name); 996 return; 997 } 998 999 fc = type_subtype; 1000 hdrlen = hostap_80211_get_hdrlen(cpu_to_le16(type_subtype)); 1001 hdr = (struct ieee80211_hdr *) skb_put(skb, hdrlen); 1002 if (body) 1003 memcpy(skb_put(skb, body_len), body, body_len); 1004 1005 memset(hdr, 0, hdrlen); 1006 1007 /* FIX: ctrl::ack sending used special HFA384X_TX_CTRL_802_11 1008 * tx_control instead of using local->tx_control */ 1009 1010 1011 memcpy(hdr->addr1, addr, ETH_ALEN); /* DA / RA */ 1012 if (ieee80211_is_data(hdr->frame_control)) { 1013 fc |= IEEE80211_FCTL_FROMDS; 1014 memcpy(hdr->addr2, dev->dev_addr, ETH_ALEN); /* BSSID */ 1015 memcpy(hdr->addr3, dev->dev_addr, ETH_ALEN); /* SA */ 1016 } else if (ieee80211_is_ctl(hdr->frame_control)) { 1017 /* control:ACK does not have addr2 or addr3 */ 1018 eth_zero_addr(hdr->addr2); 1019 eth_zero_addr(hdr->addr3); 1020 } else { 1021 memcpy(hdr->addr2, dev->dev_addr, ETH_ALEN); /* SA */ 1022 memcpy(hdr->addr3, dev->dev_addr, ETH_ALEN); /* BSSID */ 1023 } 1024 1025 hdr->frame_control = cpu_to_le16(fc); 1026 1027 meta = (struct hostap_skb_tx_data *) skb->cb; 1028 memset(meta, 0, sizeof(*meta)); 1029 meta->magic = HOSTAP_SKB_TX_DATA_MAGIC; 1030 meta->iface = iface; 1031 meta->tx_cb_idx = tx_cb_idx; 1032 1033 skb->dev = dev; 1034 skb_reset_mac_header(skb); 1035 skb_reset_network_header(skb); 1036 dev_queue_xmit(skb); 1037} 1038#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 1039 1040 1041static int prism2_sta_proc_show(struct seq_file *m, void *v) 1042{ 1043 struct sta_info *sta = m->private; 1044 int i; 1045 1046 /* FIX: possible race condition.. the STA data could have just expired, 1047 * but proc entry was still here so that the read could have started; 1048 * some locking should be done here.. */ 1049 1050 seq_printf(m, 1051 "%s=%pM\nusers=%d\naid=%d\n" 1052 "flags=0x%04x%s%s%s%s%s%s%s\n" 1053 "capability=0x%02x\nlisten_interval=%d\nsupported_rates=", 1054 sta->ap ? "AP" : "STA", 1055 sta->addr, atomic_read(&sta->users), sta->aid, 1056 sta->flags, 1057 sta->flags & WLAN_STA_AUTH ? " AUTH" : "", 1058 sta->flags & WLAN_STA_ASSOC ? " ASSOC" : "", 1059 sta->flags & WLAN_STA_PS ? " PS" : "", 1060 sta->flags & WLAN_STA_TIM ? " TIM" : "", 1061 sta->flags & WLAN_STA_PERM ? " PERM" : "", 1062 sta->flags & WLAN_STA_AUTHORIZED ? " AUTHORIZED" : "", 1063 sta->flags & WLAN_STA_PENDING_POLL ? " POLL" : "", 1064 sta->capability, sta->listen_interval); 1065 /* supported_rates: 500 kbit/s units with msb ignored */ 1066 for (i = 0; i < sizeof(sta->supported_rates); i++) 1067 if (sta->supported_rates[i] != 0) 1068 seq_printf(m, "%d%sMbps ", 1069 (sta->supported_rates[i] & 0x7f) / 2, 1070 sta->supported_rates[i] & 1 ? ".5" : ""); 1071 seq_printf(m, 1072 "\njiffies=%lu\nlast_auth=%lu\nlast_assoc=%lu\n" 1073 "last_rx=%lu\nlast_tx=%lu\nrx_packets=%lu\n" 1074 "tx_packets=%lu\n" 1075 "rx_bytes=%lu\ntx_bytes=%lu\nbuffer_count=%d\n" 1076 "last_rx: silence=%d dBm signal=%d dBm rate=%d%s Mbps\n" 1077 "tx_rate=%d\ntx[1M]=%d\ntx[2M]=%d\ntx[5.5M]=%d\n" 1078 "tx[11M]=%d\n" 1079 "rx[1M]=%d\nrx[2M]=%d\nrx[5.5M]=%d\nrx[11M]=%d\n", 1080 jiffies, sta->last_auth, sta->last_assoc, sta->last_rx, 1081 sta->last_tx, 1082 sta->rx_packets, sta->tx_packets, sta->rx_bytes, 1083 sta->tx_bytes, skb_queue_len(&sta->tx_buf), 1084 sta->last_rx_silence, 1085 sta->last_rx_signal, sta->last_rx_rate / 10, 1086 sta->last_rx_rate % 10 ? ".5" : "", 1087 sta->tx_rate, sta->tx_count[0], sta->tx_count[1], 1088 sta->tx_count[2], sta->tx_count[3], sta->rx_count[0], 1089 sta->rx_count[1], sta->rx_count[2], sta->rx_count[3]); 1090 if (sta->crypt && sta->crypt->ops && sta->crypt->ops->print_stats) 1091 sta->crypt->ops->print_stats(m, sta->crypt->priv); 1092#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 1093 if (sta->ap) { 1094 if (sta->u.ap.channel >= 0) 1095 seq_printf(m, "channel=%d\n", sta->u.ap.channel); 1096 seq_puts(m, "ssid="); 1097 for (i = 0; i < sta->u.ap.ssid_len; i++) { 1098 if (sta->u.ap.ssid[i] >= 32 && sta->u.ap.ssid[i] < 127) 1099 seq_putc(m, sta->u.ap.ssid[i]); 1100 else 1101 seq_printf(m, "<%02x>", sta->u.ap.ssid[i]); 1102 } 1103 seq_putc(m, '\n'); 1104 } 1105#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 1106 1107 return 0; 1108} 1109 1110static int prism2_sta_proc_open(struct inode *inode, struct file *file) 1111{ 1112 return single_open(file, prism2_sta_proc_show, PDE_DATA(inode)); 1113} 1114 1115static const struct file_operations prism2_sta_proc_fops = { 1116 .open = prism2_sta_proc_open, 1117 .read = seq_read, 1118 .llseek = seq_lseek, 1119 .release = single_release, 1120}; 1121 1122static void handle_add_proc_queue(struct work_struct *work) 1123{ 1124 struct ap_data *ap = container_of(work, struct ap_data, 1125 add_sta_proc_queue); 1126 struct sta_info *sta; 1127 char name[20]; 1128 struct add_sta_proc_data *entry, *prev; 1129 1130 entry = ap->add_sta_proc_entries; 1131 ap->add_sta_proc_entries = NULL; 1132 1133 while (entry) { 1134 spin_lock_bh(&ap->sta_table_lock); 1135 sta = ap_get_sta(ap, entry->addr); 1136 if (sta) 1137 atomic_inc(&sta->users); 1138 spin_unlock_bh(&ap->sta_table_lock); 1139 1140 if (sta) { 1141 sprintf(name, "%pM", sta->addr); 1142 sta->proc = proc_create_data( 1143 name, 0, ap->proc, 1144 &prism2_sta_proc_fops, sta); 1145 1146 atomic_dec(&sta->users); 1147 } 1148 1149 prev = entry; 1150 entry = entry->next; 1151 kfree(prev); 1152 } 1153} 1154 1155 1156static struct sta_info * ap_add_sta(struct ap_data *ap, u8 *addr) 1157{ 1158 struct sta_info *sta; 1159 1160 sta = kzalloc(sizeof(struct sta_info), GFP_ATOMIC); 1161 if (sta == NULL) { 1162 PDEBUG(DEBUG_AP, "AP: kmalloc failed\n"); 1163 return NULL; 1164 } 1165 1166 /* initialize STA info data */ 1167 sta->local = ap->local; 1168 skb_queue_head_init(&sta->tx_buf); 1169 memcpy(sta->addr, addr, ETH_ALEN); 1170 1171 atomic_inc(&sta->users); 1172 spin_lock_bh(&ap->sta_table_lock); 1173 list_add(&sta->list, &ap->sta_list); 1174 ap->num_sta++; 1175 ap_sta_hash_add(ap, sta); 1176 spin_unlock_bh(&ap->sta_table_lock); 1177 1178 if (ap->proc) { 1179 struct add_sta_proc_data *entry; 1180 /* schedule a non-interrupt context process to add a procfs 1181 * entry for the STA since procfs code use GFP_KERNEL */ 1182 entry = kmalloc(sizeof(*entry), GFP_ATOMIC); 1183 if (entry) { 1184 memcpy(entry->addr, sta->addr, ETH_ALEN); 1185 entry->next = ap->add_sta_proc_entries; 1186 ap->add_sta_proc_entries = entry; 1187 schedule_work(&ap->add_sta_proc_queue); 1188 } else 1189 printk(KERN_DEBUG "Failed to add STA proc data\n"); 1190 } 1191 1192#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 1193 init_timer(&sta->timer); 1194 sta->timer.expires = jiffies + ap->max_inactivity; 1195 sta->timer.data = (unsigned long) sta; 1196 sta->timer.function = ap_handle_timer; 1197 if (!ap->local->hostapd) 1198 add_timer(&sta->timer); 1199#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 1200 1201 return sta; 1202} 1203 1204 1205static int ap_tx_rate_ok(int rateidx, struct sta_info *sta, 1206 local_info_t *local) 1207{ 1208 if (rateidx > sta->tx_max_rate || 1209 !(sta->tx_supp_rates & (1 << rateidx))) 1210 return 0; 1211 1212 if (local->tx_rate_control != 0 && 1213 !(local->tx_rate_control & (1 << rateidx))) 1214 return 0; 1215 1216 return 1; 1217} 1218 1219 1220static void prism2_check_tx_rates(struct sta_info *sta) 1221{ 1222 int i; 1223 1224 sta->tx_supp_rates = 0; 1225 for (i = 0; i < sizeof(sta->supported_rates); i++) { 1226 if ((sta->supported_rates[i] & 0x7f) == 2) 1227 sta->tx_supp_rates |= WLAN_RATE_1M; 1228 if ((sta->supported_rates[i] & 0x7f) == 4) 1229 sta->tx_supp_rates |= WLAN_RATE_2M; 1230 if ((sta->supported_rates[i] & 0x7f) == 11) 1231 sta->tx_supp_rates |= WLAN_RATE_5M5; 1232 if ((sta->supported_rates[i] & 0x7f) == 22) 1233 sta->tx_supp_rates |= WLAN_RATE_11M; 1234 } 1235 sta->tx_max_rate = sta->tx_rate = sta->tx_rate_idx = 0; 1236 if (sta->tx_supp_rates & WLAN_RATE_1M) { 1237 sta->tx_max_rate = 0; 1238 if (ap_tx_rate_ok(0, sta, sta->local)) { 1239 sta->tx_rate = 10; 1240 sta->tx_rate_idx = 0; 1241 } 1242 } 1243 if (sta->tx_supp_rates & WLAN_RATE_2M) { 1244 sta->tx_max_rate = 1; 1245 if (ap_tx_rate_ok(1, sta, sta->local)) { 1246 sta->tx_rate = 20; 1247 sta->tx_rate_idx = 1; 1248 } 1249 } 1250 if (sta->tx_supp_rates & WLAN_RATE_5M5) { 1251 sta->tx_max_rate = 2; 1252 if (ap_tx_rate_ok(2, sta, sta->local)) { 1253 sta->tx_rate = 55; 1254 sta->tx_rate_idx = 2; 1255 } 1256 } 1257 if (sta->tx_supp_rates & WLAN_RATE_11M) { 1258 sta->tx_max_rate = 3; 1259 if (ap_tx_rate_ok(3, sta, sta->local)) { 1260 sta->tx_rate = 110; 1261 sta->tx_rate_idx = 3; 1262 } 1263 } 1264} 1265 1266 1267#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 1268 1269static void ap_crypt_init(struct ap_data *ap) 1270{ 1271 ap->crypt = lib80211_get_crypto_ops("WEP"); 1272 1273 if (ap->crypt) { 1274 if (ap->crypt->init) { 1275 ap->crypt_priv = ap->crypt->init(0); 1276 if (ap->crypt_priv == NULL) 1277 ap->crypt = NULL; 1278 else { 1279 u8 key[WEP_KEY_LEN]; 1280 get_random_bytes(key, WEP_KEY_LEN); 1281 ap->crypt->set_key(key, WEP_KEY_LEN, NULL, 1282 ap->crypt_priv); 1283 } 1284 } 1285 } 1286 1287 if (ap->crypt == NULL) { 1288 printk(KERN_WARNING "AP could not initialize WEP: load module " 1289 "lib80211_crypt_wep.ko\n"); 1290 } 1291} 1292 1293 1294/* Generate challenge data for shared key authentication. IEEE 802.11 specifies 1295 * that WEP algorithm is used for generating challenge. This should be unique, 1296 * but otherwise there is not really need for randomness etc. Initialize WEP 1297 * with pseudo random key and then use increasing IV to get unique challenge 1298 * streams. 1299 * 1300 * Called only as a scheduled task for pending AP frames. 1301 */ 1302static char * ap_auth_make_challenge(struct ap_data *ap) 1303{ 1304 char *tmpbuf; 1305 struct sk_buff *skb; 1306 1307 if (ap->crypt == NULL) { 1308 ap_crypt_init(ap); 1309 if (ap->crypt == NULL) 1310 return NULL; 1311 } 1312 1313 tmpbuf = kmalloc(WLAN_AUTH_CHALLENGE_LEN, GFP_ATOMIC); 1314 if (tmpbuf == NULL) { 1315 PDEBUG(DEBUG_AP, "AP: kmalloc failed for challenge\n"); 1316 return NULL; 1317 } 1318 1319 skb = dev_alloc_skb(WLAN_AUTH_CHALLENGE_LEN + 1320 ap->crypt->extra_mpdu_prefix_len + 1321 ap->crypt->extra_mpdu_postfix_len); 1322 if (skb == NULL) { 1323 kfree(tmpbuf); 1324 return NULL; 1325 } 1326 1327 skb_reserve(skb, ap->crypt->extra_mpdu_prefix_len); 1328 memset(skb_put(skb, WLAN_AUTH_CHALLENGE_LEN), 0, 1329 WLAN_AUTH_CHALLENGE_LEN); 1330 if (ap->crypt->encrypt_mpdu(skb, 0, ap->crypt_priv)) { 1331 dev_kfree_skb(skb); 1332 kfree(tmpbuf); 1333 return NULL; 1334 } 1335 1336 skb_copy_from_linear_data_offset(skb, ap->crypt->extra_mpdu_prefix_len, 1337 tmpbuf, WLAN_AUTH_CHALLENGE_LEN); 1338 dev_kfree_skb(skb); 1339 1340 return tmpbuf; 1341} 1342 1343 1344/* Called only as a scheduled task for pending AP frames. */ 1345static void handle_authen(local_info_t *local, struct sk_buff *skb, 1346 struct hostap_80211_rx_status *rx_stats) 1347{ 1348 struct net_device *dev = local->dev; 1349 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 1350 size_t hdrlen; 1351 struct ap_data *ap = local->ap; 1352 char body[8 + WLAN_AUTH_CHALLENGE_LEN], *challenge = NULL; 1353 int len, olen; 1354 u16 auth_alg, auth_transaction, status_code; 1355 __le16 *pos; 1356 u16 resp = WLAN_STATUS_SUCCESS; 1357 struct sta_info *sta = NULL; 1358 struct lib80211_crypt_data *crypt; 1359 char *txt = ""; 1360 1361 len = skb->len - IEEE80211_MGMT_HDR_LEN; 1362 1363 hdrlen = hostap_80211_get_hdrlen(hdr->frame_control); 1364 1365 if (len < 6) { 1366 PDEBUG(DEBUG_AP, "%s: handle_authen - too short payload " 1367 "(len=%d) from %pM\n", dev->name, len, hdr->addr2); 1368 return; 1369 } 1370 1371 spin_lock_bh(&local->ap->sta_table_lock); 1372 sta = ap_get_sta(local->ap, hdr->addr2); 1373 if (sta) 1374 atomic_inc(&sta->users); 1375 spin_unlock_bh(&local->ap->sta_table_lock); 1376 1377 if (sta && sta->crypt) 1378 crypt = sta->crypt; 1379 else { 1380 int idx = 0; 1381 if (skb->len >= hdrlen + 3) 1382 idx = skb->data[hdrlen + 3] >> 6; 1383 crypt = local->crypt_info.crypt[idx]; 1384 } 1385 1386 pos = (__le16 *) (skb->data + IEEE80211_MGMT_HDR_LEN); 1387 auth_alg = __le16_to_cpu(*pos); 1388 pos++; 1389 auth_transaction = __le16_to_cpu(*pos); 1390 pos++; 1391 status_code = __le16_to_cpu(*pos); 1392 pos++; 1393 1394 if (ether_addr_equal(dev->dev_addr, hdr->addr2) || 1395 ap_control_mac_deny(&ap->mac_restrictions, hdr->addr2)) { 1396 txt = "authentication denied"; 1397 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1398 goto fail; 1399 } 1400 1401 if (((local->auth_algs & PRISM2_AUTH_OPEN) && 1402 auth_alg == WLAN_AUTH_OPEN) || 1403 ((local->auth_algs & PRISM2_AUTH_SHARED_KEY) && 1404 crypt && auth_alg == WLAN_AUTH_SHARED_KEY)) { 1405 } else { 1406 txt = "unsupported algorithm"; 1407 resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG; 1408 goto fail; 1409 } 1410 1411 if (len >= 8) { 1412 u8 *u = (u8 *) pos; 1413 if (*u == WLAN_EID_CHALLENGE) { 1414 if (*(u + 1) != WLAN_AUTH_CHALLENGE_LEN) { 1415 txt = "invalid challenge len"; 1416 resp = WLAN_STATUS_CHALLENGE_FAIL; 1417 goto fail; 1418 } 1419 if (len - 8 < WLAN_AUTH_CHALLENGE_LEN) { 1420 txt = "challenge underflow"; 1421 resp = WLAN_STATUS_CHALLENGE_FAIL; 1422 goto fail; 1423 } 1424 challenge = (char *) (u + 2); 1425 } 1426 } 1427 1428 if (sta && sta->ap) { 1429 if (time_after(jiffies, sta->u.ap.last_beacon + 1430 (10 * sta->listen_interval * HZ) / 1024)) { 1431 PDEBUG(DEBUG_AP, "%s: no beacons received for a while," 1432 " assuming AP %pM is now STA\n", 1433 dev->name, sta->addr); 1434 sta->ap = 0; 1435 sta->flags = 0; 1436 sta->u.sta.challenge = NULL; 1437 } else { 1438 txt = "AP trying to authenticate?"; 1439 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1440 goto fail; 1441 } 1442 } 1443 1444 if ((auth_alg == WLAN_AUTH_OPEN && auth_transaction == 1) || 1445 (auth_alg == WLAN_AUTH_SHARED_KEY && 1446 (auth_transaction == 1 || 1447 (auth_transaction == 3 && sta != NULL && 1448 sta->u.sta.challenge != NULL)))) { 1449 } else { 1450 txt = "unknown authentication transaction number"; 1451 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION; 1452 goto fail; 1453 } 1454 1455 if (sta == NULL) { 1456 txt = "new STA"; 1457 1458 if (local->ap->num_sta >= MAX_STA_COUNT) { 1459 /* FIX: might try to remove some old STAs first? */ 1460 txt = "no more room for new STAs"; 1461 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1462 goto fail; 1463 } 1464 1465 sta = ap_add_sta(local->ap, hdr->addr2); 1466 if (sta == NULL) { 1467 txt = "ap_add_sta failed"; 1468 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1469 goto fail; 1470 } 1471 } 1472 1473 switch (auth_alg) { 1474 case WLAN_AUTH_OPEN: 1475 txt = "authOK"; 1476 /* IEEE 802.11 standard is not completely clear about 1477 * whether STA is considered authenticated after 1478 * authentication OK frame has been send or after it 1479 * has been ACKed. In order to reduce interoperability 1480 * issues, mark the STA authenticated before ACK. */ 1481 sta->flags |= WLAN_STA_AUTH; 1482 break; 1483 1484 case WLAN_AUTH_SHARED_KEY: 1485 if (auth_transaction == 1) { 1486 if (sta->u.sta.challenge == NULL) { 1487 sta->u.sta.challenge = 1488 ap_auth_make_challenge(local->ap); 1489 if (sta->u.sta.challenge == NULL) { 1490 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1491 goto fail; 1492 } 1493 } 1494 } else { 1495 if (sta->u.sta.challenge == NULL || 1496 challenge == NULL || 1497 memcmp(sta->u.sta.challenge, challenge, 1498 WLAN_AUTH_CHALLENGE_LEN) != 0 || 1499 !ieee80211_has_protected(hdr->frame_control)) { 1500 txt = "challenge response incorrect"; 1501 resp = WLAN_STATUS_CHALLENGE_FAIL; 1502 goto fail; 1503 } 1504 1505 txt = "challenge OK - authOK"; 1506 /* IEEE 802.11 standard is not completely clear about 1507 * whether STA is considered authenticated after 1508 * authentication OK frame has been send or after it 1509 * has been ACKed. In order to reduce interoperability 1510 * issues, mark the STA authenticated before ACK. */ 1511 sta->flags |= WLAN_STA_AUTH; 1512 kfree(sta->u.sta.challenge); 1513 sta->u.sta.challenge = NULL; 1514 } 1515 break; 1516 } 1517 1518 fail: 1519 pos = (__le16 *) body; 1520 *pos = cpu_to_le16(auth_alg); 1521 pos++; 1522 *pos = cpu_to_le16(auth_transaction + 1); 1523 pos++; 1524 *pos = cpu_to_le16(resp); /* status_code */ 1525 pos++; 1526 olen = 6; 1527 1528 if (resp == WLAN_STATUS_SUCCESS && sta != NULL && 1529 sta->u.sta.challenge != NULL && 1530 auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 1) { 1531 u8 *tmp = (u8 *) pos; 1532 *tmp++ = WLAN_EID_CHALLENGE; 1533 *tmp++ = WLAN_AUTH_CHALLENGE_LEN; 1534 pos++; 1535 memcpy(pos, sta->u.sta.challenge, WLAN_AUTH_CHALLENGE_LEN); 1536 olen += 2 + WLAN_AUTH_CHALLENGE_LEN; 1537 } 1538 1539 prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_AUTH, 1540 body, olen, hdr->addr2, ap->tx_callback_auth); 1541 1542 if (sta) { 1543 sta->last_rx = jiffies; 1544 atomic_dec(&sta->users); 1545 } 1546 1547 if (resp) { 1548 PDEBUG(DEBUG_AP, "%s: %pM auth (alg=%d " 1549 "trans#=%d stat=%d len=%d fc=%04x) ==> %d (%s)\n", 1550 dev->name, hdr->addr2, 1551 auth_alg, auth_transaction, status_code, len, 1552 le16_to_cpu(hdr->frame_control), resp, txt); 1553 } 1554} 1555 1556 1557/* Called only as a scheduled task for pending AP frames. */ 1558static void handle_assoc(local_info_t *local, struct sk_buff *skb, 1559 struct hostap_80211_rx_status *rx_stats, int reassoc) 1560{ 1561 struct net_device *dev = local->dev; 1562 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 1563 char body[12], *p, *lpos; 1564 int len, left; 1565 __le16 *pos; 1566 u16 resp = WLAN_STATUS_SUCCESS; 1567 struct sta_info *sta = NULL; 1568 int send_deauth = 0; 1569 char *txt = ""; 1570 u8 prev_ap[ETH_ALEN]; 1571 1572 left = len = skb->len - IEEE80211_MGMT_HDR_LEN; 1573 1574 if (len < (reassoc ? 10 : 4)) { 1575 PDEBUG(DEBUG_AP, "%s: handle_assoc - too short payload " 1576 "(len=%d, reassoc=%d) from %pM\n", 1577 dev->name, len, reassoc, hdr->addr2); 1578 return; 1579 } 1580 1581 spin_lock_bh(&local->ap->sta_table_lock); 1582 sta = ap_get_sta(local->ap, hdr->addr2); 1583 if (sta == NULL || (sta->flags & WLAN_STA_AUTH) == 0) { 1584 spin_unlock_bh(&local->ap->sta_table_lock); 1585 txt = "trying to associate before authentication"; 1586 send_deauth = 1; 1587 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1588 sta = NULL; /* do not decrement sta->users */ 1589 goto fail; 1590 } 1591 atomic_inc(&sta->users); 1592 spin_unlock_bh(&local->ap->sta_table_lock); 1593 1594 pos = (__le16 *) (skb->data + IEEE80211_MGMT_HDR_LEN); 1595 sta->capability = __le16_to_cpu(*pos); 1596 pos++; left -= 2; 1597 sta->listen_interval = __le16_to_cpu(*pos); 1598 pos++; left -= 2; 1599 1600 if (reassoc) { 1601 memcpy(prev_ap, pos, ETH_ALEN); 1602 pos++; pos++; pos++; left -= 6; 1603 } else 1604 eth_zero_addr(prev_ap); 1605 1606 if (left >= 2) { 1607 unsigned int ileft; 1608 unsigned char *u = (unsigned char *) pos; 1609 1610 if (*u == WLAN_EID_SSID) { 1611 u++; left--; 1612 ileft = *u; 1613 u++; left--; 1614 1615 if (ileft > left || ileft > MAX_SSID_LEN) { 1616 txt = "SSID overflow"; 1617 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1618 goto fail; 1619 } 1620 1621 if (ileft != strlen(local->essid) || 1622 memcmp(local->essid, u, ileft) != 0) { 1623 txt = "not our SSID"; 1624 resp = WLAN_STATUS_ASSOC_DENIED_UNSPEC; 1625 goto fail; 1626 } 1627 1628 u += ileft; 1629 left -= ileft; 1630 } 1631 1632 if (left >= 2 && *u == WLAN_EID_SUPP_RATES) { 1633 u++; left--; 1634 ileft = *u; 1635 u++; left--; 1636 1637 if (ileft > left || ileft == 0 || 1638 ileft > WLAN_SUPP_RATES_MAX) { 1639 txt = "SUPP_RATES len error"; 1640 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1641 goto fail; 1642 } 1643 1644 memset(sta->supported_rates, 0, 1645 sizeof(sta->supported_rates)); 1646 memcpy(sta->supported_rates, u, ileft); 1647 prism2_check_tx_rates(sta); 1648 1649 u += ileft; 1650 left -= ileft; 1651 } 1652 1653 if (left > 0) { 1654 PDEBUG(DEBUG_AP, "%s: assoc from %pM" 1655 " with extra data (%d bytes) [", 1656 dev->name, hdr->addr2, left); 1657 while (left > 0) { 1658 PDEBUG2(DEBUG_AP, "<%02x>", *u); 1659 u++; left--; 1660 } 1661 PDEBUG2(DEBUG_AP, "]\n"); 1662 } 1663 } else { 1664 txt = "frame underflow"; 1665 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1666 goto fail; 1667 } 1668 1669 /* get a unique AID */ 1670 if (sta->aid > 0) 1671 txt = "OK, old AID"; 1672 else { 1673 spin_lock_bh(&local->ap->sta_table_lock); 1674 for (sta->aid = 1; sta->aid <= MAX_AID_TABLE_SIZE; sta->aid++) 1675 if (local->ap->sta_aid[sta->aid - 1] == NULL) 1676 break; 1677 if (sta->aid > MAX_AID_TABLE_SIZE) { 1678 sta->aid = 0; 1679 spin_unlock_bh(&local->ap->sta_table_lock); 1680 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA; 1681 txt = "no room for more AIDs"; 1682 } else { 1683 local->ap->sta_aid[sta->aid - 1] = sta; 1684 spin_unlock_bh(&local->ap->sta_table_lock); 1685 txt = "OK, new AID"; 1686 } 1687 } 1688 1689 fail: 1690 pos = (__le16 *) body; 1691 1692 if (send_deauth) { 1693 *pos = cpu_to_le16(WLAN_REASON_STA_REQ_ASSOC_WITHOUT_AUTH); 1694 pos++; 1695 } else { 1696 /* FIX: CF-Pollable and CF-PollReq should be set to match the 1697 * values in beacons/probe responses */ 1698 /* FIX: how about privacy and WEP? */ 1699 /* capability */ 1700 *pos = cpu_to_le16(WLAN_CAPABILITY_ESS); 1701 pos++; 1702 1703 /* status_code */ 1704 *pos = cpu_to_le16(resp); 1705 pos++; 1706 1707 *pos = cpu_to_le16((sta && sta->aid > 0 ? sta->aid : 0) | 1708 BIT(14) | BIT(15)); /* AID */ 1709 pos++; 1710 1711 /* Supported rates (Information element) */ 1712 p = (char *) pos; 1713 *p++ = WLAN_EID_SUPP_RATES; 1714 lpos = p; 1715 *p++ = 0; /* len */ 1716 if (local->tx_rate_control & WLAN_RATE_1M) { 1717 *p++ = local->basic_rates & WLAN_RATE_1M ? 0x82 : 0x02; 1718 (*lpos)++; 1719 } 1720 if (local->tx_rate_control & WLAN_RATE_2M) { 1721 *p++ = local->basic_rates & WLAN_RATE_2M ? 0x84 : 0x04; 1722 (*lpos)++; 1723 } 1724 if (local->tx_rate_control & WLAN_RATE_5M5) { 1725 *p++ = local->basic_rates & WLAN_RATE_5M5 ? 1726 0x8b : 0x0b; 1727 (*lpos)++; 1728 } 1729 if (local->tx_rate_control & WLAN_RATE_11M) { 1730 *p++ = local->basic_rates & WLAN_RATE_11M ? 1731 0x96 : 0x16; 1732 (*lpos)++; 1733 } 1734 pos = (__le16 *) p; 1735 } 1736 1737 prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT | 1738 (send_deauth ? IEEE80211_STYPE_DEAUTH : 1739 (reassoc ? IEEE80211_STYPE_REASSOC_RESP : 1740 IEEE80211_STYPE_ASSOC_RESP)), 1741 body, (u8 *) pos - (u8 *) body, 1742 hdr->addr2, 1743 send_deauth ? 0 : local->ap->tx_callback_assoc); 1744 1745 if (sta) { 1746 if (resp == WLAN_STATUS_SUCCESS) { 1747 sta->last_rx = jiffies; 1748 /* STA will be marked associated from TX callback, if 1749 * AssocResp is ACKed */ 1750 } 1751 atomic_dec(&sta->users); 1752 } 1753 1754#if 0 1755 PDEBUG(DEBUG_AP, "%s: %pM %sassoc (len=%d " 1756 "prev_ap=%pM) => %d(%d) (%s)\n", 1757 dev->name, 1758 hdr->addr2, 1759 reassoc ? "re" : "", len, 1760 prev_ap, 1761 resp, send_deauth, txt); 1762#endif 1763} 1764 1765 1766/* Called only as a scheduled task for pending AP frames. */ 1767static void handle_deauth(local_info_t *local, struct sk_buff *skb, 1768 struct hostap_80211_rx_status *rx_stats) 1769{ 1770 struct net_device *dev = local->dev; 1771 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 1772 char *body = (char *) (skb->data + IEEE80211_MGMT_HDR_LEN); 1773 int len; 1774 u16 reason_code; 1775 __le16 *pos; 1776 struct sta_info *sta = NULL; 1777 1778 len = skb->len - IEEE80211_MGMT_HDR_LEN; 1779 1780 if (len < 2) { 1781 printk("handle_deauth - too short payload (len=%d)\n", len); 1782 return; 1783 } 1784 1785 pos = (__le16 *) body; 1786 reason_code = le16_to_cpu(*pos); 1787 1788 PDEBUG(DEBUG_AP, "%s: deauthentication: %pM len=%d, " 1789 "reason_code=%d\n", dev->name, hdr->addr2, 1790 len, reason_code); 1791 1792 spin_lock_bh(&local->ap->sta_table_lock); 1793 sta = ap_get_sta(local->ap, hdr->addr2); 1794 if (sta != NULL) { 1795 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap) 1796 hostap_event_expired_sta(local->dev, sta); 1797 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC); 1798 } 1799 spin_unlock_bh(&local->ap->sta_table_lock); 1800 if (sta == NULL) { 1801 printk("%s: deauthentication from %pM, " 1802 "reason_code=%d, but STA not authenticated\n", dev->name, 1803 hdr->addr2, reason_code); 1804 } 1805} 1806 1807 1808/* Called only as a scheduled task for pending AP frames. */ 1809static void handle_disassoc(local_info_t *local, struct sk_buff *skb, 1810 struct hostap_80211_rx_status *rx_stats) 1811{ 1812 struct net_device *dev = local->dev; 1813 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 1814 char *body = skb->data + IEEE80211_MGMT_HDR_LEN; 1815 int len; 1816 u16 reason_code; 1817 __le16 *pos; 1818 struct sta_info *sta = NULL; 1819 1820 len = skb->len - IEEE80211_MGMT_HDR_LEN; 1821 1822 if (len < 2) { 1823 printk("handle_disassoc - too short payload (len=%d)\n", len); 1824 return; 1825 } 1826 1827 pos = (__le16 *) body; 1828 reason_code = le16_to_cpu(*pos); 1829 1830 PDEBUG(DEBUG_AP, "%s: disassociation: %pM len=%d, " 1831 "reason_code=%d\n", dev->name, hdr->addr2, 1832 len, reason_code); 1833 1834 spin_lock_bh(&local->ap->sta_table_lock); 1835 sta = ap_get_sta(local->ap, hdr->addr2); 1836 if (sta != NULL) { 1837 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap) 1838 hostap_event_expired_sta(local->dev, sta); 1839 sta->flags &= ~WLAN_STA_ASSOC; 1840 } 1841 spin_unlock_bh(&local->ap->sta_table_lock); 1842 if (sta == NULL) { 1843 printk("%s: disassociation from %pM, " 1844 "reason_code=%d, but STA not authenticated\n", 1845 dev->name, hdr->addr2, reason_code); 1846 } 1847} 1848 1849 1850/* Called only as a scheduled task for pending AP frames. */ 1851static void ap_handle_data_nullfunc(local_info_t *local, 1852 struct ieee80211_hdr *hdr) 1853{ 1854 struct net_device *dev = local->dev; 1855 1856 /* some STA f/w's seem to require control::ACK frame for 1857 * data::nullfunc, but at least Prism2 station f/w version 0.8.0 does 1858 * not send this.. 1859 * send control::ACK for the data::nullfunc */ 1860 1861 printk(KERN_DEBUG "Sending control::ACK for data::nullfunc\n"); 1862 prism2_send_mgmt(dev, IEEE80211_FTYPE_CTL | IEEE80211_STYPE_ACK, 1863 NULL, 0, hdr->addr2, 0); 1864} 1865 1866 1867/* Called only as a scheduled task for pending AP frames. */ 1868static void ap_handle_dropped_data(local_info_t *local, 1869 struct ieee80211_hdr *hdr) 1870{ 1871 struct net_device *dev = local->dev; 1872 struct sta_info *sta; 1873 __le16 reason; 1874 1875 spin_lock_bh(&local->ap->sta_table_lock); 1876 sta = ap_get_sta(local->ap, hdr->addr2); 1877 if (sta) 1878 atomic_inc(&sta->users); 1879 spin_unlock_bh(&local->ap->sta_table_lock); 1880 1881 if (sta != NULL && (sta->flags & WLAN_STA_ASSOC)) { 1882 PDEBUG(DEBUG_AP, "ap_handle_dropped_data: STA is now okay?\n"); 1883 atomic_dec(&sta->users); 1884 return; 1885 } 1886 1887 reason = cpu_to_le16(WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA); 1888 prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT | 1889 ((sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) ? 1890 IEEE80211_STYPE_DEAUTH : IEEE80211_STYPE_DISASSOC), 1891 (char *) &reason, sizeof(reason), hdr->addr2, 0); 1892 1893 if (sta) 1894 atomic_dec(&sta->users); 1895} 1896 1897#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 1898 1899 1900/* Called only as a scheduled task for pending AP frames. */ 1901static void pspoll_send_buffered(local_info_t *local, struct sta_info *sta, 1902 struct sk_buff *skb) 1903{ 1904 struct hostap_skb_tx_data *meta; 1905 1906 if (!(sta->flags & WLAN_STA_PS)) { 1907 /* Station has moved to non-PS mode, so send all buffered 1908 * frames using normal device queue. */ 1909 dev_queue_xmit(skb); 1910 return; 1911 } 1912 1913 /* add a flag for hostap_handle_sta_tx() to know that this skb should 1914 * be passed through even though STA is using PS */ 1915 meta = (struct hostap_skb_tx_data *) skb->cb; 1916 meta->flags |= HOSTAP_TX_FLAGS_BUFFERED_FRAME; 1917 if (!skb_queue_empty(&sta->tx_buf)) { 1918 /* indicate to STA that more frames follow */ 1919 meta->flags |= HOSTAP_TX_FLAGS_ADD_MOREDATA; 1920 } 1921 dev_queue_xmit(skb); 1922} 1923 1924 1925/* Called only as a scheduled task for pending AP frames. */ 1926static void handle_pspoll(local_info_t *local, 1927 struct ieee80211_hdr *hdr, 1928 struct hostap_80211_rx_status *rx_stats) 1929{ 1930 struct net_device *dev = local->dev; 1931 struct sta_info *sta; 1932 u16 aid; 1933 struct sk_buff *skb; 1934 1935 PDEBUG(DEBUG_PS2, "handle_pspoll: BSSID=%pM, TA=%pM PWRMGT=%d\n", 1936 hdr->addr1, hdr->addr2, !!ieee80211_has_pm(hdr->frame_control)); 1937 1938 if (!ether_addr_equal(hdr->addr1, dev->dev_addr)) { 1939 PDEBUG(DEBUG_AP, 1940 "handle_pspoll - addr1(BSSID)=%pM not own MAC\n", 1941 hdr->addr1); 1942 return; 1943 } 1944 1945 aid = le16_to_cpu(hdr->duration_id); 1946 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14))) { 1947 PDEBUG(DEBUG_PS, " PSPOLL and AID[15:14] not set\n"); 1948 return; 1949 } 1950 aid &= ~(BIT(15) | BIT(14)); 1951 if (aid == 0 || aid > MAX_AID_TABLE_SIZE) { 1952 PDEBUG(DEBUG_PS, " invalid aid=%d\n", aid); 1953 return; 1954 } 1955 PDEBUG(DEBUG_PS2, " aid=%d\n", aid); 1956 1957 spin_lock_bh(&local->ap->sta_table_lock); 1958 sta = ap_get_sta(local->ap, hdr->addr2); 1959 if (sta) 1960 atomic_inc(&sta->users); 1961 spin_unlock_bh(&local->ap->sta_table_lock); 1962 1963 if (sta == NULL) { 1964 PDEBUG(DEBUG_PS, " STA not found\n"); 1965 return; 1966 } 1967 if (sta->aid != aid) { 1968 PDEBUG(DEBUG_PS, " received aid=%i does not match with " 1969 "assoc.aid=%d\n", aid, sta->aid); 1970 return; 1971 } 1972 1973 /* FIX: todo: 1974 * - add timeout for buffering (clear aid in TIM vector if buffer timed 1975 * out (expiry time must be longer than ListenInterval for 1976 * the corresponding STA; "8802-11: 11.2.1.9 AP aging function" 1977 * - what to do, if buffered, pspolled, and sent frame is not ACKed by 1978 * sta; store buffer for later use and leave TIM aid bit set? use 1979 * TX event to check whether frame was ACKed? 1980 */ 1981 1982 while ((skb = skb_dequeue(&sta->tx_buf)) != NULL) { 1983 /* send buffered frame .. */ 1984 PDEBUG(DEBUG_PS2, "Sending buffered frame to STA after PS POLL" 1985 " (buffer_count=%d)\n", skb_queue_len(&sta->tx_buf)); 1986 1987 pspoll_send_buffered(local, sta, skb); 1988 1989 if (sta->flags & WLAN_STA_PS) { 1990 /* send only one buffered packet per PS Poll */ 1991 /* FIX: should ignore further PS Polls until the 1992 * buffered packet that was just sent is acknowledged 1993 * (Tx or TxExc event) */ 1994 break; 1995 } 1996 } 1997 1998 if (skb_queue_empty(&sta->tx_buf)) { 1999 /* try to clear aid from TIM */ 2000 if (!(sta->flags & WLAN_STA_TIM)) 2001 PDEBUG(DEBUG_PS2, "Re-unsetting TIM for aid %d\n", 2002 aid); 2003 hostap_set_tim(local, aid, 0); 2004 sta->flags &= ~WLAN_STA_TIM; 2005 } 2006 2007 atomic_dec(&sta->users); 2008} 2009 2010 2011#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 2012 2013static void handle_wds_oper_queue(struct work_struct *work) 2014{ 2015 struct ap_data *ap = container_of(work, struct ap_data, 2016 wds_oper_queue); 2017 local_info_t *local = ap->local; 2018 struct wds_oper_data *entry, *prev; 2019 2020 spin_lock_bh(&local->lock); 2021 entry = local->ap->wds_oper_entries; 2022 local->ap->wds_oper_entries = NULL; 2023 spin_unlock_bh(&local->lock); 2024 2025 while (entry) { 2026 PDEBUG(DEBUG_AP, "%s: %s automatic WDS connection " 2027 "to AP %pM\n", 2028 local->dev->name, 2029 entry->type == WDS_ADD ? "adding" : "removing", 2030 entry->addr); 2031 if (entry->type == WDS_ADD) 2032 prism2_wds_add(local, entry->addr, 0); 2033 else if (entry->type == WDS_DEL) 2034 prism2_wds_del(local, entry->addr, 0, 1); 2035 2036 prev = entry; 2037 entry = entry->next; 2038 kfree(prev); 2039 } 2040} 2041 2042 2043/* Called only as a scheduled task for pending AP frames. */ 2044static void handle_beacon(local_info_t *local, struct sk_buff *skb, 2045 struct hostap_80211_rx_status *rx_stats) 2046{ 2047 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 2048 char *body = skb->data + IEEE80211_MGMT_HDR_LEN; 2049 int len, left; 2050 u16 beacon_int, capability; 2051 __le16 *pos; 2052 char *ssid = NULL; 2053 unsigned char *supp_rates = NULL; 2054 int ssid_len = 0, supp_rates_len = 0; 2055 struct sta_info *sta = NULL; 2056 int new_sta = 0, channel = -1; 2057 2058 len = skb->len - IEEE80211_MGMT_HDR_LEN; 2059 2060 if (len < 8 + 2 + 2) { 2061 printk(KERN_DEBUG "handle_beacon - too short payload " 2062 "(len=%d)\n", len); 2063 return; 2064 } 2065 2066 pos = (__le16 *) body; 2067 left = len; 2068 2069 /* Timestamp (8 octets) */ 2070 pos += 4; left -= 8; 2071 /* Beacon interval (2 octets) */ 2072 beacon_int = le16_to_cpu(*pos); 2073 pos++; left -= 2; 2074 /* Capability information (2 octets) */ 2075 capability = le16_to_cpu(*pos); 2076 pos++; left -= 2; 2077 2078 if (local->ap->ap_policy != AP_OTHER_AP_EVEN_IBSS && 2079 capability & WLAN_CAPABILITY_IBSS) 2080 return; 2081 2082 if (left >= 2) { 2083 unsigned int ileft; 2084 unsigned char *u = (unsigned char *) pos; 2085 2086 if (*u == WLAN_EID_SSID) { 2087 u++; left--; 2088 ileft = *u; 2089 u++; left--; 2090 2091 if (ileft > left || ileft > MAX_SSID_LEN) { 2092 PDEBUG(DEBUG_AP, "SSID: overflow\n"); 2093 return; 2094 } 2095 2096 if (local->ap->ap_policy == AP_OTHER_AP_SAME_SSID && 2097 (ileft != strlen(local->essid) || 2098 memcmp(local->essid, u, ileft) != 0)) { 2099 /* not our SSID */ 2100 return; 2101 } 2102 2103 ssid = u; 2104 ssid_len = ileft; 2105 2106 u += ileft; 2107 left -= ileft; 2108 } 2109 2110 if (*u == WLAN_EID_SUPP_RATES) { 2111 u++; left--; 2112 ileft = *u; 2113 u++; left--; 2114 2115 if (ileft > left || ileft == 0 || ileft > 8) { 2116 PDEBUG(DEBUG_AP, " - SUPP_RATES len error\n"); 2117 return; 2118 } 2119 2120 supp_rates = u; 2121 supp_rates_len = ileft; 2122 2123 u += ileft; 2124 left -= ileft; 2125 } 2126 2127 if (*u == WLAN_EID_DS_PARAMS) { 2128 u++; left--; 2129 ileft = *u; 2130 u++; left--; 2131 2132 if (ileft > left || ileft != 1) { 2133 PDEBUG(DEBUG_AP, " - DS_PARAMS len error\n"); 2134 return; 2135 } 2136 2137 channel = *u; 2138 2139 u += ileft; 2140 left -= ileft; 2141 } 2142 } 2143 2144 spin_lock_bh(&local->ap->sta_table_lock); 2145 sta = ap_get_sta(local->ap, hdr->addr2); 2146 if (sta != NULL) 2147 atomic_inc(&sta->users); 2148 spin_unlock_bh(&local->ap->sta_table_lock); 2149 2150 if (sta == NULL) { 2151 /* add new AP */ 2152 new_sta = 1; 2153 sta = ap_add_sta(local->ap, hdr->addr2); 2154 if (sta == NULL) { 2155 printk(KERN_INFO "prism2: kmalloc failed for AP " 2156 "data structure\n"); 2157 return; 2158 } 2159 hostap_event_new_sta(local->dev, sta); 2160 2161 /* mark APs authentication and associated for pseudo ad-hoc 2162 * style communication */ 2163 sta->flags = WLAN_STA_AUTH | WLAN_STA_ASSOC; 2164 2165 if (local->ap->autom_ap_wds) { 2166 hostap_wds_link_oper(local, sta->addr, WDS_ADD); 2167 } 2168 } 2169 2170 sta->ap = 1; 2171 if (ssid) { 2172 sta->u.ap.ssid_len = ssid_len; 2173 memcpy(sta->u.ap.ssid, ssid, ssid_len); 2174 sta->u.ap.ssid[ssid_len] = '\0'; 2175 } else { 2176 sta->u.ap.ssid_len = 0; 2177 sta->u.ap.ssid[0] = '\0'; 2178 } 2179 sta->u.ap.channel = channel; 2180 sta->rx_packets++; 2181 sta->rx_bytes += len; 2182 sta->u.ap.last_beacon = sta->last_rx = jiffies; 2183 sta->capability = capability; 2184 sta->listen_interval = beacon_int; 2185 2186 atomic_dec(&sta->users); 2187 2188 if (new_sta) { 2189 memset(sta->supported_rates, 0, sizeof(sta->supported_rates)); 2190 memcpy(sta->supported_rates, supp_rates, supp_rates_len); 2191 prism2_check_tx_rates(sta); 2192 } 2193} 2194 2195#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 2196 2197 2198/* Called only as a tasklet. */ 2199static void handle_ap_item(local_info_t *local, struct sk_buff *skb, 2200 struct hostap_80211_rx_status *rx_stats) 2201{ 2202#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 2203 struct net_device *dev = local->dev; 2204#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 2205 u16 fc, type, stype; 2206 struct ieee80211_hdr *hdr; 2207 2208 /* FIX: should give skb->len to handler functions and check that the 2209 * buffer is long enough */ 2210 hdr = (struct ieee80211_hdr *) skb->data; 2211 fc = le16_to_cpu(hdr->frame_control); 2212 type = fc & IEEE80211_FCTL_FTYPE; 2213 stype = fc & IEEE80211_FCTL_STYPE; 2214 2215#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 2216 if (!local->hostapd && type == IEEE80211_FTYPE_DATA) { 2217 PDEBUG(DEBUG_AP, "handle_ap_item - data frame\n"); 2218 2219 if (!(fc & IEEE80211_FCTL_TODS) || 2220 (fc & IEEE80211_FCTL_FROMDS)) { 2221 if (stype == IEEE80211_STYPE_NULLFUNC) { 2222 /* no ToDS nullfunc seems to be used to check 2223 * AP association; so send reject message to 2224 * speed up re-association */ 2225 ap_handle_dropped_data(local, hdr); 2226 goto done; 2227 } 2228 PDEBUG(DEBUG_AP, " not ToDS frame (fc=0x%04x)\n", 2229 fc); 2230 goto done; 2231 } 2232 2233 if (!ether_addr_equal(hdr->addr1, dev->dev_addr)) { 2234 PDEBUG(DEBUG_AP, "handle_ap_item - addr1(BSSID)=%pM" 2235 " not own MAC\n", hdr->addr1); 2236 goto done; 2237 } 2238 2239 if (local->ap->nullfunc_ack && 2240 stype == IEEE80211_STYPE_NULLFUNC) 2241 ap_handle_data_nullfunc(local, hdr); 2242 else 2243 ap_handle_dropped_data(local, hdr); 2244 goto done; 2245 } 2246 2247 if (type == IEEE80211_FTYPE_MGMT && stype == IEEE80211_STYPE_BEACON) { 2248 handle_beacon(local, skb, rx_stats); 2249 goto done; 2250 } 2251#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 2252 2253 if (type == IEEE80211_FTYPE_CTL && stype == IEEE80211_STYPE_PSPOLL) { 2254 handle_pspoll(local, hdr, rx_stats); 2255 goto done; 2256 } 2257 2258 if (local->hostapd) { 2259 PDEBUG(DEBUG_AP, "Unknown frame in AP queue: type=0x%02x " 2260 "subtype=0x%02x\n", type, stype); 2261 goto done; 2262 } 2263 2264#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 2265 if (type != IEEE80211_FTYPE_MGMT) { 2266 PDEBUG(DEBUG_AP, "handle_ap_item - not a management frame?\n"); 2267 goto done; 2268 } 2269 2270 if (!ether_addr_equal(hdr->addr1, dev->dev_addr)) { 2271 PDEBUG(DEBUG_AP, "handle_ap_item - addr1(DA)=%pM" 2272 " not own MAC\n", hdr->addr1); 2273 goto done; 2274 } 2275 2276 if (!ether_addr_equal(hdr->addr3, dev->dev_addr)) { 2277 PDEBUG(DEBUG_AP, "handle_ap_item - addr3(BSSID)=%pM" 2278 " not own MAC\n", hdr->addr3); 2279 goto done; 2280 } 2281 2282 switch (stype) { 2283 case IEEE80211_STYPE_ASSOC_REQ: 2284 handle_assoc(local, skb, rx_stats, 0); 2285 break; 2286 case IEEE80211_STYPE_ASSOC_RESP: 2287 PDEBUG(DEBUG_AP, "==> ASSOC RESP (ignored)\n"); 2288 break; 2289 case IEEE80211_STYPE_REASSOC_REQ: 2290 handle_assoc(local, skb, rx_stats, 1); 2291 break; 2292 case IEEE80211_STYPE_REASSOC_RESP: 2293 PDEBUG(DEBUG_AP, "==> REASSOC RESP (ignored)\n"); 2294 break; 2295 case IEEE80211_STYPE_ATIM: 2296 PDEBUG(DEBUG_AP, "==> ATIM (ignored)\n"); 2297 break; 2298 case IEEE80211_STYPE_DISASSOC: 2299 handle_disassoc(local, skb, rx_stats); 2300 break; 2301 case IEEE80211_STYPE_AUTH: 2302 handle_authen(local, skb, rx_stats); 2303 break; 2304 case IEEE80211_STYPE_DEAUTH: 2305 handle_deauth(local, skb, rx_stats); 2306 break; 2307 default: 2308 PDEBUG(DEBUG_AP, "Unknown mgmt frame subtype 0x%02x\n", 2309 stype >> 4); 2310 break; 2311 } 2312#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 2313 2314 done: 2315 dev_kfree_skb(skb); 2316} 2317 2318 2319/* Called only as a tasklet (software IRQ) */ 2320void hostap_rx(struct net_device *dev, struct sk_buff *skb, 2321 struct hostap_80211_rx_status *rx_stats) 2322{ 2323 struct hostap_interface *iface; 2324 local_info_t *local; 2325 struct ieee80211_hdr *hdr; 2326 2327 iface = netdev_priv(dev); 2328 local = iface->local; 2329 2330 if (skb->len < 16) 2331 goto drop; 2332 2333 dev->stats.rx_packets++; 2334 2335 hdr = (struct ieee80211_hdr *) skb->data; 2336 2337 if (local->ap->ap_policy == AP_OTHER_AP_SKIP_ALL && 2338 ieee80211_is_beacon(hdr->frame_control)) 2339 goto drop; 2340 2341 skb->protocol = cpu_to_be16(ETH_P_HOSTAP); 2342 handle_ap_item(local, skb, rx_stats); 2343 return; 2344 2345 drop: 2346 dev_kfree_skb(skb); 2347} 2348 2349 2350/* Called only as a tasklet (software IRQ) */ 2351static void schedule_packet_send(local_info_t *local, struct sta_info *sta) 2352{ 2353 struct sk_buff *skb; 2354 struct ieee80211_hdr *hdr; 2355 struct hostap_80211_rx_status rx_stats; 2356 2357 if (skb_queue_empty(&sta->tx_buf)) 2358 return; 2359 2360 skb = dev_alloc_skb(16); 2361 if (skb == NULL) { 2362 printk(KERN_DEBUG "%s: schedule_packet_send: skb alloc " 2363 "failed\n", local->dev->name); 2364 return; 2365 } 2366 2367 hdr = (struct ieee80211_hdr *) skb_put(skb, 16); 2368 2369 /* Generate a fake pspoll frame to start packet delivery */ 2370 hdr->frame_control = cpu_to_le16( 2371 IEEE80211_FTYPE_CTL | IEEE80211_STYPE_PSPOLL); 2372 memcpy(hdr->addr1, local->dev->dev_addr, ETH_ALEN); 2373 memcpy(hdr->addr2, sta->addr, ETH_ALEN); 2374 hdr->duration_id = cpu_to_le16(sta->aid | BIT(15) | BIT(14)); 2375 2376 PDEBUG(DEBUG_PS2, 2377 "%s: Scheduling buffered packet delivery for STA %pM\n", 2378 local->dev->name, sta->addr); 2379 2380 skb->dev = local->dev; 2381 2382 memset(&rx_stats, 0, sizeof(rx_stats)); 2383 hostap_rx(local->dev, skb, &rx_stats); 2384} 2385 2386 2387int prism2_ap_get_sta_qual(local_info_t *local, struct sockaddr addr[], 2388 struct iw_quality qual[], int buf_size, 2389 int aplist) 2390{ 2391 struct ap_data *ap = local->ap; 2392 struct list_head *ptr; 2393 int count = 0; 2394 2395 spin_lock_bh(&ap->sta_table_lock); 2396 2397 for (ptr = ap->sta_list.next; ptr != NULL && ptr != &ap->sta_list; 2398 ptr = ptr->next) { 2399 struct sta_info *sta = (struct sta_info *) ptr; 2400 2401 if (aplist && !sta->ap) 2402 continue; 2403 addr[count].sa_family = ARPHRD_ETHER; 2404 memcpy(addr[count].sa_data, sta->addr, ETH_ALEN); 2405 if (sta->last_rx_silence == 0) 2406 qual[count].qual = sta->last_rx_signal < 27 ? 2407 0 : (sta->last_rx_signal - 27) * 92 / 127; 2408 else 2409 qual[count].qual = sta->last_rx_signal - 2410 sta->last_rx_silence - 35; 2411 qual[count].level = HFA384X_LEVEL_TO_dBm(sta->last_rx_signal); 2412 qual[count].noise = HFA384X_LEVEL_TO_dBm(sta->last_rx_silence); 2413 qual[count].updated = sta->last_rx_updated; 2414 2415 sta->last_rx_updated = IW_QUAL_DBM; 2416 2417 count++; 2418 if (count >= buf_size) 2419 break; 2420 } 2421 spin_unlock_bh(&ap->sta_table_lock); 2422 2423 return count; 2424} 2425 2426 2427/* Translate our list of Access Points & Stations to a card independent 2428 * format that the Wireless Tools will understand - Jean II */ 2429int prism2_ap_translate_scan(struct net_device *dev, 2430 struct iw_request_info *info, char *buffer) 2431{ 2432 struct hostap_interface *iface; 2433 local_info_t *local; 2434 struct ap_data *ap; 2435 struct list_head *ptr; 2436 struct iw_event iwe; 2437 char *current_ev = buffer; 2438 char *end_buf = buffer + IW_SCAN_MAX_DATA; 2439#if !defined(PRISM2_NO_KERNEL_IEEE80211_MGMT) 2440 char buf[64]; 2441#endif 2442 2443 iface = netdev_priv(dev); 2444 local = iface->local; 2445 ap = local->ap; 2446 2447 spin_lock_bh(&ap->sta_table_lock); 2448 2449 for (ptr = ap->sta_list.next; ptr != NULL && ptr != &ap->sta_list; 2450 ptr = ptr->next) { 2451 struct sta_info *sta = (struct sta_info *) ptr; 2452 2453 /* First entry *MUST* be the AP MAC address */ 2454 memset(&iwe, 0, sizeof(iwe)); 2455 iwe.cmd = SIOCGIWAP; 2456 iwe.u.ap_addr.sa_family = ARPHRD_ETHER; 2457 memcpy(iwe.u.ap_addr.sa_data, sta->addr, ETH_ALEN); 2458 iwe.len = IW_EV_ADDR_LEN; 2459 current_ev = iwe_stream_add_event(info, current_ev, end_buf, 2460 &iwe, IW_EV_ADDR_LEN); 2461 2462 /* Use the mode to indicate if it's a station or 2463 * an Access Point */ 2464 memset(&iwe, 0, sizeof(iwe)); 2465 iwe.cmd = SIOCGIWMODE; 2466 if (sta->ap) 2467 iwe.u.mode = IW_MODE_MASTER; 2468 else 2469 iwe.u.mode = IW_MODE_INFRA; 2470 iwe.len = IW_EV_UINT_LEN; 2471 current_ev = iwe_stream_add_event(info, current_ev, end_buf, 2472 &iwe, IW_EV_UINT_LEN); 2473 2474 /* Some quality */ 2475 memset(&iwe, 0, sizeof(iwe)); 2476 iwe.cmd = IWEVQUAL; 2477 if (sta->last_rx_silence == 0) 2478 iwe.u.qual.qual = sta->last_rx_signal < 27 ? 2479 0 : (sta->last_rx_signal - 27) * 92 / 127; 2480 else 2481 iwe.u.qual.qual = sta->last_rx_signal - 2482 sta->last_rx_silence - 35; 2483 iwe.u.qual.level = HFA384X_LEVEL_TO_dBm(sta->last_rx_signal); 2484 iwe.u.qual.noise = HFA384X_LEVEL_TO_dBm(sta->last_rx_silence); 2485 iwe.u.qual.updated = sta->last_rx_updated; 2486 iwe.len = IW_EV_QUAL_LEN; 2487 current_ev = iwe_stream_add_event(info, current_ev, end_buf, 2488 &iwe, IW_EV_QUAL_LEN); 2489 2490#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 2491 if (sta->ap) { 2492 memset(&iwe, 0, sizeof(iwe)); 2493 iwe.cmd = SIOCGIWESSID; 2494 iwe.u.data.length = sta->u.ap.ssid_len; 2495 iwe.u.data.flags = 1; 2496 current_ev = iwe_stream_add_point(info, current_ev, 2497 end_buf, &iwe, 2498 sta->u.ap.ssid); 2499 2500 memset(&iwe, 0, sizeof(iwe)); 2501 iwe.cmd = SIOCGIWENCODE; 2502 if (sta->capability & WLAN_CAPABILITY_PRIVACY) 2503 iwe.u.data.flags = 2504 IW_ENCODE_ENABLED | IW_ENCODE_NOKEY; 2505 else 2506 iwe.u.data.flags = IW_ENCODE_DISABLED; 2507 current_ev = iwe_stream_add_point(info, current_ev, 2508 end_buf, &iwe, 2509 sta->u.ap.ssid); 2510 2511 if (sta->u.ap.channel > 0 && 2512 sta->u.ap.channel <= FREQ_COUNT) { 2513 memset(&iwe, 0, sizeof(iwe)); 2514 iwe.cmd = SIOCGIWFREQ; 2515 iwe.u.freq.m = freq_list[sta->u.ap.channel - 1] 2516 * 100000; 2517 iwe.u.freq.e = 1; 2518 current_ev = iwe_stream_add_event( 2519 info, current_ev, end_buf, &iwe, 2520 IW_EV_FREQ_LEN); 2521 } 2522 2523 memset(&iwe, 0, sizeof(iwe)); 2524 iwe.cmd = IWEVCUSTOM; 2525 sprintf(buf, "beacon_interval=%d", 2526 sta->listen_interval); 2527 iwe.u.data.length = strlen(buf); 2528 current_ev = iwe_stream_add_point(info, current_ev, 2529 end_buf, &iwe, buf); 2530 } 2531#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 2532 2533 sta->last_rx_updated = IW_QUAL_DBM; 2534 2535 /* To be continued, we should make good use of IWEVCUSTOM */ 2536 } 2537 2538 spin_unlock_bh(&ap->sta_table_lock); 2539 2540 return current_ev - buffer; 2541} 2542 2543 2544static int prism2_hostapd_add_sta(struct ap_data *ap, 2545 struct prism2_hostapd_param *param) 2546{ 2547 struct sta_info *sta; 2548 2549 spin_lock_bh(&ap->sta_table_lock); 2550 sta = ap_get_sta(ap, param->sta_addr); 2551 if (sta) 2552 atomic_inc(&sta->users); 2553 spin_unlock_bh(&ap->sta_table_lock); 2554 2555 if (sta == NULL) { 2556 sta = ap_add_sta(ap, param->sta_addr); 2557 if (sta == NULL) 2558 return -1; 2559 } 2560 2561 if (!(sta->flags & WLAN_STA_ASSOC) && !sta->ap && sta->local) 2562 hostap_event_new_sta(sta->local->dev, sta); 2563 2564 sta->flags |= WLAN_STA_AUTH | WLAN_STA_ASSOC; 2565 sta->last_rx = jiffies; 2566 sta->aid = param->u.add_sta.aid; 2567 sta->capability = param->u.add_sta.capability; 2568 sta->tx_supp_rates = param->u.add_sta.tx_supp_rates; 2569 if (sta->tx_supp_rates & WLAN_RATE_1M) 2570 sta->supported_rates[0] = 2; 2571 if (sta->tx_supp_rates & WLAN_RATE_2M) 2572 sta->supported_rates[1] = 4; 2573 if (sta->tx_supp_rates & WLAN_RATE_5M5) 2574 sta->supported_rates[2] = 11; 2575 if (sta->tx_supp_rates & WLAN_RATE_11M) 2576 sta->supported_rates[3] = 22; 2577 prism2_check_tx_rates(sta); 2578 atomic_dec(&sta->users); 2579 return 0; 2580} 2581 2582 2583static int prism2_hostapd_remove_sta(struct ap_data *ap, 2584 struct prism2_hostapd_param *param) 2585{ 2586 struct sta_info *sta; 2587 2588 spin_lock_bh(&ap->sta_table_lock); 2589 sta = ap_get_sta(ap, param->sta_addr); 2590 if (sta) { 2591 ap_sta_hash_del(ap, sta); 2592 list_del(&sta->list); 2593 } 2594 spin_unlock_bh(&ap->sta_table_lock); 2595 2596 if (!sta) 2597 return -ENOENT; 2598 2599 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap && sta->local) 2600 hostap_event_expired_sta(sta->local->dev, sta); 2601 ap_free_sta(ap, sta); 2602 2603 return 0; 2604} 2605 2606 2607static int prism2_hostapd_get_info_sta(struct ap_data *ap, 2608 struct prism2_hostapd_param *param) 2609{ 2610 struct sta_info *sta; 2611 2612 spin_lock_bh(&ap->sta_table_lock); 2613 sta = ap_get_sta(ap, param->sta_addr); 2614 if (sta) 2615 atomic_inc(&sta->users); 2616 spin_unlock_bh(&ap->sta_table_lock); 2617 2618 if (!sta) 2619 return -ENOENT; 2620 2621 param->u.get_info_sta.inactive_sec = (jiffies - sta->last_rx) / HZ; 2622 2623 atomic_dec(&sta->users); 2624 2625 return 1; 2626} 2627 2628 2629static int prism2_hostapd_set_flags_sta(struct ap_data *ap, 2630 struct prism2_hostapd_param *param) 2631{ 2632 struct sta_info *sta; 2633 2634 spin_lock_bh(&ap->sta_table_lock); 2635 sta = ap_get_sta(ap, param->sta_addr); 2636 if (sta) { 2637 sta->flags |= param->u.set_flags_sta.flags_or; 2638 sta->flags &= param->u.set_flags_sta.flags_and; 2639 } 2640 spin_unlock_bh(&ap->sta_table_lock); 2641 2642 if (!sta) 2643 return -ENOENT; 2644 2645 return 0; 2646} 2647 2648 2649static int prism2_hostapd_sta_clear_stats(struct ap_data *ap, 2650 struct prism2_hostapd_param *param) 2651{ 2652 struct sta_info *sta; 2653 int rate; 2654 2655 spin_lock_bh(&ap->sta_table_lock); 2656 sta = ap_get_sta(ap, param->sta_addr); 2657 if (sta) { 2658 sta->rx_packets = sta->tx_packets = 0; 2659 sta->rx_bytes = sta->tx_bytes = 0; 2660 for (rate = 0; rate < WLAN_RATE_COUNT; rate++) { 2661 sta->tx_count[rate] = 0; 2662 sta->rx_count[rate] = 0; 2663 } 2664 } 2665 spin_unlock_bh(&ap->sta_table_lock); 2666 2667 if (!sta) 2668 return -ENOENT; 2669 2670 return 0; 2671} 2672 2673 2674int prism2_hostapd(struct ap_data *ap, struct prism2_hostapd_param *param) 2675{ 2676 switch (param->cmd) { 2677 case PRISM2_HOSTAPD_FLUSH: 2678 ap_control_kickall(ap); 2679 return 0; 2680 case PRISM2_HOSTAPD_ADD_STA: 2681 return prism2_hostapd_add_sta(ap, param); 2682 case PRISM2_HOSTAPD_REMOVE_STA: 2683 return prism2_hostapd_remove_sta(ap, param); 2684 case PRISM2_HOSTAPD_GET_INFO_STA: 2685 return prism2_hostapd_get_info_sta(ap, param); 2686 case PRISM2_HOSTAPD_SET_FLAGS_STA: 2687 return prism2_hostapd_set_flags_sta(ap, param); 2688 case PRISM2_HOSTAPD_STA_CLEAR_STATS: 2689 return prism2_hostapd_sta_clear_stats(ap, param); 2690 default: 2691 printk(KERN_WARNING "prism2_hostapd: unknown cmd=%d\n", 2692 param->cmd); 2693 return -EOPNOTSUPP; 2694 } 2695} 2696 2697 2698/* Update station info for host-based TX rate control and return current 2699 * TX rate */ 2700static int ap_update_sta_tx_rate(struct sta_info *sta, struct net_device *dev) 2701{ 2702 int ret = sta->tx_rate; 2703 struct hostap_interface *iface; 2704 local_info_t *local; 2705 2706 iface = netdev_priv(dev); 2707 local = iface->local; 2708 2709 sta->tx_count[sta->tx_rate_idx]++; 2710 sta->tx_since_last_failure++; 2711 sta->tx_consecutive_exc = 0; 2712 if (sta->tx_since_last_failure >= WLAN_RATE_UPDATE_COUNT && 2713 sta->tx_rate_idx < sta->tx_max_rate) { 2714 /* use next higher rate */ 2715 int old_rate, new_rate; 2716 old_rate = new_rate = sta->tx_rate_idx; 2717 while (new_rate < sta->tx_max_rate) { 2718 new_rate++; 2719 if (ap_tx_rate_ok(new_rate, sta, local)) { 2720 sta->tx_rate_idx = new_rate; 2721 break; 2722 } 2723 } 2724 if (old_rate != sta->tx_rate_idx) { 2725 switch (sta->tx_rate_idx) { 2726 case 0: sta->tx_rate = 10; break; 2727 case 1: sta->tx_rate = 20; break; 2728 case 2: sta->tx_rate = 55; break; 2729 case 3: sta->tx_rate = 110; break; 2730 default: sta->tx_rate = 0; break; 2731 } 2732 PDEBUG(DEBUG_AP, "%s: STA %pM TX rate raised to %d\n", 2733 dev->name, sta->addr, sta->tx_rate); 2734 } 2735 sta->tx_since_last_failure = 0; 2736 } 2737 2738 return ret; 2739} 2740 2741 2742/* Called only from software IRQ. Called for each TX frame prior possible 2743 * encryption and transmit. */ 2744ap_tx_ret hostap_handle_sta_tx(local_info_t *local, struct hostap_tx_data *tx) 2745{ 2746 struct sta_info *sta = NULL; 2747 struct sk_buff *skb = tx->skb; 2748 int set_tim, ret; 2749 struct ieee80211_hdr *hdr; 2750 struct hostap_skb_tx_data *meta; 2751 2752 meta = (struct hostap_skb_tx_data *) skb->cb; 2753 ret = AP_TX_CONTINUE; 2754 if (local->ap == NULL || skb->len < 10 || 2755 meta->iface->type == HOSTAP_INTERFACE_STA) 2756 goto out; 2757 2758 hdr = (struct ieee80211_hdr *) skb->data; 2759 2760 if (hdr->addr1[0] & 0x01) { 2761 /* broadcast/multicast frame - no AP related processing */ 2762 if (local->ap->num_sta <= 0) 2763 ret = AP_TX_DROP; 2764 goto out; 2765 } 2766 2767 /* unicast packet - check whether destination STA is associated */ 2768 spin_lock(&local->ap->sta_table_lock); 2769 sta = ap_get_sta(local->ap, hdr->addr1); 2770 if (sta) 2771 atomic_inc(&sta->users); 2772 spin_unlock(&local->ap->sta_table_lock); 2773 2774 if (local->iw_mode == IW_MODE_MASTER && sta == NULL && 2775 !(meta->flags & HOSTAP_TX_FLAGS_WDS) && 2776 meta->iface->type != HOSTAP_INTERFACE_MASTER && 2777 meta->iface->type != HOSTAP_INTERFACE_AP) { 2778#if 0 2779 /* This can happen, e.g., when wlan0 is added to a bridge and 2780 * bridging code does not know which port is the correct target 2781 * for a unicast frame. In this case, the packet is send to all 2782 * ports of the bridge. Since this is a valid scenario, do not 2783 * print out any errors here. */ 2784 if (net_ratelimit()) { 2785 printk(KERN_DEBUG "AP: drop packet to non-associated " 2786 "STA %pM\n", hdr->addr1); 2787 } 2788#endif 2789 local->ap->tx_drop_nonassoc++; 2790 ret = AP_TX_DROP; 2791 goto out; 2792 } 2793 2794 if (sta == NULL) 2795 goto out; 2796 2797 if (!(sta->flags & WLAN_STA_AUTHORIZED)) 2798 ret = AP_TX_CONTINUE_NOT_AUTHORIZED; 2799 2800 /* Set tx_rate if using host-based TX rate control */ 2801 if (!local->fw_tx_rate_control) 2802 local->ap->last_tx_rate = meta->rate = 2803 ap_update_sta_tx_rate(sta, local->dev); 2804 2805 if (local->iw_mode != IW_MODE_MASTER) 2806 goto out; 2807 2808 if (!(sta->flags & WLAN_STA_PS)) 2809 goto out; 2810 2811 if (meta->flags & HOSTAP_TX_FLAGS_ADD_MOREDATA) { 2812 /* indicate to STA that more frames follow */ 2813 hdr->frame_control |= 2814 cpu_to_le16(IEEE80211_FCTL_MOREDATA); 2815 } 2816 2817 if (meta->flags & HOSTAP_TX_FLAGS_BUFFERED_FRAME) { 2818 /* packet was already buffered and now send due to 2819 * PS poll, so do not rebuffer it */ 2820 goto out; 2821 } 2822 2823 if (skb_queue_len(&sta->tx_buf) >= STA_MAX_TX_BUFFER) { 2824 PDEBUG(DEBUG_PS, "%s: No more space in STA (%pM)'s" 2825 "PS mode buffer\n", 2826 local->dev->name, sta->addr); 2827 /* Make sure that TIM is set for the station (it might not be 2828 * after AP wlan hw reset). */ 2829 /* FIX: should fix hw reset to restore bits based on STA 2830 * buffer state.. */ 2831 hostap_set_tim(local, sta->aid, 1); 2832 sta->flags |= WLAN_STA_TIM; 2833 ret = AP_TX_DROP; 2834 goto out; 2835 } 2836 2837 /* STA in PS mode, buffer frame for later delivery */ 2838 set_tim = skb_queue_empty(&sta->tx_buf); 2839 skb_queue_tail(&sta->tx_buf, skb); 2840 /* FIX: could save RX time to skb and expire buffered frames after 2841 * some time if STA does not poll for them */ 2842 2843 if (set_tim) { 2844 if (sta->flags & WLAN_STA_TIM) 2845 PDEBUG(DEBUG_PS2, "Re-setting TIM for aid %d\n", 2846 sta->aid); 2847 hostap_set_tim(local, sta->aid, 1); 2848 sta->flags |= WLAN_STA_TIM; 2849 } 2850 2851 ret = AP_TX_BUFFERED; 2852 2853 out: 2854 if (sta != NULL) { 2855 if (ret == AP_TX_CONTINUE || 2856 ret == AP_TX_CONTINUE_NOT_AUTHORIZED) { 2857 sta->tx_packets++; 2858 sta->tx_bytes += skb->len; 2859 sta->last_tx = jiffies; 2860 } 2861 2862 if ((ret == AP_TX_CONTINUE || 2863 ret == AP_TX_CONTINUE_NOT_AUTHORIZED) && 2864 sta->crypt && tx->host_encrypt) { 2865 tx->crypt = sta->crypt; 2866 tx->sta_ptr = sta; /* hostap_handle_sta_release() will 2867 * be called to release sta info 2868 * later */ 2869 } else 2870 atomic_dec(&sta->users); 2871 } 2872 2873 return ret; 2874} 2875 2876 2877void hostap_handle_sta_release(void *ptr) 2878{ 2879 struct sta_info *sta = ptr; 2880 atomic_dec(&sta->users); 2881} 2882 2883 2884/* Called only as a tasklet (software IRQ) */ 2885void hostap_handle_sta_tx_exc(local_info_t *local, struct sk_buff *skb) 2886{ 2887 struct sta_info *sta; 2888 struct ieee80211_hdr *hdr; 2889 struct hostap_skb_tx_data *meta; 2890 2891 hdr = (struct ieee80211_hdr *) skb->data; 2892 meta = (struct hostap_skb_tx_data *) skb->cb; 2893 2894 spin_lock(&local->ap->sta_table_lock); 2895 sta = ap_get_sta(local->ap, hdr->addr1); 2896 if (!sta) { 2897 spin_unlock(&local->ap->sta_table_lock); 2898 PDEBUG(DEBUG_AP, "%s: Could not find STA %pM" 2899 " for this TX error (@%lu)\n", 2900 local->dev->name, hdr->addr1, jiffies); 2901 return; 2902 } 2903 2904 sta->tx_since_last_failure = 0; 2905 sta->tx_consecutive_exc++; 2906 2907 if (sta->tx_consecutive_exc >= WLAN_RATE_DECREASE_THRESHOLD && 2908 sta->tx_rate_idx > 0 && meta->rate <= sta->tx_rate) { 2909 /* use next lower rate */ 2910 int old, rate; 2911 old = rate = sta->tx_rate_idx; 2912 while (rate > 0) { 2913 rate--; 2914 if (ap_tx_rate_ok(rate, sta, local)) { 2915 sta->tx_rate_idx = rate; 2916 break; 2917 } 2918 } 2919 if (old != sta->tx_rate_idx) { 2920 switch (sta->tx_rate_idx) { 2921 case 0: sta->tx_rate = 10; break; 2922 case 1: sta->tx_rate = 20; break; 2923 case 2: sta->tx_rate = 55; break; 2924 case 3: sta->tx_rate = 110; break; 2925 default: sta->tx_rate = 0; break; 2926 } 2927 PDEBUG(DEBUG_AP, 2928 "%s: STA %pM TX rate lowered to %d\n", 2929 local->dev->name, sta->addr, sta->tx_rate); 2930 } 2931 sta->tx_consecutive_exc = 0; 2932 } 2933 spin_unlock(&local->ap->sta_table_lock); 2934} 2935 2936 2937static void hostap_update_sta_ps2(local_info_t *local, struct sta_info *sta, 2938 int pwrmgt, int type, int stype) 2939{ 2940 if (pwrmgt && !(sta->flags & WLAN_STA_PS)) { 2941 sta->flags |= WLAN_STA_PS; 2942 PDEBUG(DEBUG_PS2, "STA %pM changed to use PS " 2943 "mode (type=0x%02X, stype=0x%02X)\n", 2944 sta->addr, type >> 2, stype >> 4); 2945 } else if (!pwrmgt && (sta->flags & WLAN_STA_PS)) { 2946 sta->flags &= ~WLAN_STA_PS; 2947 PDEBUG(DEBUG_PS2, "STA %pM changed to not use " 2948 "PS mode (type=0x%02X, stype=0x%02X)\n", 2949 sta->addr, type >> 2, stype >> 4); 2950 if (type != IEEE80211_FTYPE_CTL || 2951 stype != IEEE80211_STYPE_PSPOLL) 2952 schedule_packet_send(local, sta); 2953 } 2954} 2955 2956 2957/* Called only as a tasklet (software IRQ). Called for each RX frame to update 2958 * STA power saving state. pwrmgt is a flag from 802.11 frame_control field. */ 2959int hostap_update_sta_ps(local_info_t *local, struct ieee80211_hdr *hdr) 2960{ 2961 struct sta_info *sta; 2962 u16 fc; 2963 2964 spin_lock(&local->ap->sta_table_lock); 2965 sta = ap_get_sta(local->ap, hdr->addr2); 2966 if (sta) 2967 atomic_inc(&sta->users); 2968 spin_unlock(&local->ap->sta_table_lock); 2969 2970 if (!sta) 2971 return -1; 2972 2973 fc = le16_to_cpu(hdr->frame_control); 2974 hostap_update_sta_ps2(local, sta, fc & IEEE80211_FCTL_PM, 2975 fc & IEEE80211_FCTL_FTYPE, 2976 fc & IEEE80211_FCTL_STYPE); 2977 2978 atomic_dec(&sta->users); 2979 return 0; 2980} 2981 2982 2983/* Called only as a tasklet (software IRQ). Called for each RX frame after 2984 * getting RX header and payload from hardware. */ 2985ap_rx_ret hostap_handle_sta_rx(local_info_t *local, struct net_device *dev, 2986 struct sk_buff *skb, 2987 struct hostap_80211_rx_status *rx_stats, 2988 int wds) 2989{ 2990 int ret; 2991 struct sta_info *sta; 2992 u16 fc, type, stype; 2993 struct ieee80211_hdr *hdr; 2994 2995 if (local->ap == NULL) 2996 return AP_RX_CONTINUE; 2997 2998 hdr = (struct ieee80211_hdr *) skb->data; 2999 3000 fc = le16_to_cpu(hdr->frame_control); 3001 type = fc & IEEE80211_FCTL_FTYPE; 3002 stype = fc & IEEE80211_FCTL_STYPE; 3003 3004 spin_lock(&local->ap->sta_table_lock); 3005 sta = ap_get_sta(local->ap, hdr->addr2); 3006 if (sta) 3007 atomic_inc(&sta->users); 3008 spin_unlock(&local->ap->sta_table_lock); 3009 3010 if (sta && !(sta->flags & WLAN_STA_AUTHORIZED)) 3011 ret = AP_RX_CONTINUE_NOT_AUTHORIZED; 3012 else 3013 ret = AP_RX_CONTINUE; 3014 3015 3016 if (fc & IEEE80211_FCTL_TODS) { 3017 if (!wds && (sta == NULL || !(sta->flags & WLAN_STA_ASSOC))) { 3018 if (local->hostapd) { 3019 prism2_rx_80211(local->apdev, skb, rx_stats, 3020 PRISM2_RX_NON_ASSOC); 3021#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 3022 } else { 3023 printk(KERN_DEBUG "%s: dropped received packet" 3024 " from non-associated STA %pM" 3025 " (type=0x%02x, subtype=0x%02x)\n", 3026 dev->name, hdr->addr2, 3027 type >> 2, stype >> 4); 3028 hostap_rx(dev, skb, rx_stats); 3029#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 3030 } 3031 ret = AP_RX_EXIT; 3032 goto out; 3033 } 3034 } else if (fc & IEEE80211_FCTL_FROMDS) { 3035 if (!wds) { 3036 /* FromDS frame - not for us; probably 3037 * broadcast/multicast in another BSS - drop */ 3038 if (ether_addr_equal(hdr->addr1, dev->dev_addr)) { 3039 printk(KERN_DEBUG "Odd.. FromDS packet " 3040 "received with own BSSID\n"); 3041 hostap_dump_rx_80211(dev->name, skb, rx_stats); 3042 } 3043 ret = AP_RX_DROP; 3044 goto out; 3045 } 3046 } else if (stype == IEEE80211_STYPE_NULLFUNC && sta == NULL && 3047 ether_addr_equal(hdr->addr1, dev->dev_addr)) { 3048 3049 if (local->hostapd) { 3050 prism2_rx_80211(local->apdev, skb, rx_stats, 3051 PRISM2_RX_NON_ASSOC); 3052#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 3053 } else { 3054 /* At least Lucent f/w seems to send data::nullfunc 3055 * frames with no ToDS flag when the current AP returns 3056 * after being unavailable for some time. Speed up 3057 * re-association by informing the station about it not 3058 * being associated. */ 3059 printk(KERN_DEBUG "%s: rejected received nullfunc frame" 3060 " without ToDS from not associated STA %pM\n", 3061 dev->name, hdr->addr2); 3062 hostap_rx(dev, skb, rx_stats); 3063#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 3064 } 3065 ret = AP_RX_EXIT; 3066 goto out; 3067 } else if (stype == IEEE80211_STYPE_NULLFUNC) { 3068 /* At least Lucent cards seem to send periodic nullfunc 3069 * frames with ToDS. Let these through to update SQ 3070 * stats and PS state. Nullfunc frames do not contain 3071 * any data and they will be dropped below. */ 3072 } else { 3073 /* If BSSID (Addr3) is foreign, this frame is a normal 3074 * broadcast frame from an IBSS network. Drop it silently. 3075 * If BSSID is own, report the dropping of this frame. */ 3076 if (ether_addr_equal(hdr->addr3, dev->dev_addr)) { 3077 printk(KERN_DEBUG "%s: dropped received packet from %pM" 3078 " with no ToDS flag " 3079 "(type=0x%02x, subtype=0x%02x)\n", dev->name, 3080 hdr->addr2, type >> 2, stype >> 4); 3081 hostap_dump_rx_80211(dev->name, skb, rx_stats); 3082 } 3083 ret = AP_RX_DROP; 3084 goto out; 3085 } 3086 3087 if (sta) { 3088 hostap_update_sta_ps2(local, sta, fc & IEEE80211_FCTL_PM, 3089 type, stype); 3090 3091 sta->rx_packets++; 3092 sta->rx_bytes += skb->len; 3093 sta->last_rx = jiffies; 3094 } 3095 3096 if (local->ap->nullfunc_ack && stype == IEEE80211_STYPE_NULLFUNC && 3097 fc & IEEE80211_FCTL_TODS) { 3098 if (local->hostapd) { 3099 prism2_rx_80211(local->apdev, skb, rx_stats, 3100 PRISM2_RX_NULLFUNC_ACK); 3101#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 3102 } else { 3103 /* some STA f/w's seem to require control::ACK frame 3104 * for data::nullfunc, but Prism2 f/w 0.8.0 (at least 3105 * from Compaq) does not send this.. Try to generate 3106 * ACK for these frames from the host driver to make 3107 * power saving work with, e.g., Lucent WaveLAN f/w */ 3108 hostap_rx(dev, skb, rx_stats); 3109#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 3110 } 3111 ret = AP_RX_EXIT; 3112 goto out; 3113 } 3114 3115 out: 3116 if (sta) 3117 atomic_dec(&sta->users); 3118 3119 return ret; 3120} 3121 3122 3123/* Called only as a tasklet (software IRQ) */ 3124int hostap_handle_sta_crypto(local_info_t *local, 3125 struct ieee80211_hdr *hdr, 3126 struct lib80211_crypt_data **crypt, 3127 void **sta_ptr) 3128{ 3129 struct sta_info *sta; 3130 3131 spin_lock(&local->ap->sta_table_lock); 3132 sta = ap_get_sta(local->ap, hdr->addr2); 3133 if (sta) 3134 atomic_inc(&sta->users); 3135 spin_unlock(&local->ap->sta_table_lock); 3136 3137 if (!sta) 3138 return -1; 3139 3140 if (sta->crypt) { 3141 *crypt = sta->crypt; 3142 *sta_ptr = sta; 3143 /* hostap_handle_sta_release() will be called to release STA 3144 * info */ 3145 } else 3146 atomic_dec(&sta->users); 3147 3148 return 0; 3149} 3150 3151 3152/* Called only as a tasklet (software IRQ) */ 3153int hostap_is_sta_assoc(struct ap_data *ap, u8 *sta_addr) 3154{ 3155 struct sta_info *sta; 3156 int ret = 0; 3157 3158 spin_lock(&ap->sta_table_lock); 3159 sta = ap_get_sta(ap, sta_addr); 3160 if (sta != NULL && (sta->flags & WLAN_STA_ASSOC) && !sta->ap) 3161 ret = 1; 3162 spin_unlock(&ap->sta_table_lock); 3163 3164 return ret; 3165} 3166 3167 3168/* Called only as a tasklet (software IRQ) */ 3169int hostap_is_sta_authorized(struct ap_data *ap, u8 *sta_addr) 3170{ 3171 struct sta_info *sta; 3172 int ret = 0; 3173 3174 spin_lock(&ap->sta_table_lock); 3175 sta = ap_get_sta(ap, sta_addr); 3176 if (sta != NULL && (sta->flags & WLAN_STA_ASSOC) && !sta->ap && 3177 ((sta->flags & WLAN_STA_AUTHORIZED) || 3178 ap->local->ieee_802_1x == 0)) 3179 ret = 1; 3180 spin_unlock(&ap->sta_table_lock); 3181 3182 return ret; 3183} 3184 3185 3186/* Called only as a tasklet (software IRQ) */ 3187int hostap_add_sta(struct ap_data *ap, u8 *sta_addr) 3188{ 3189 struct sta_info *sta; 3190 int ret = 1; 3191 3192 if (!ap) 3193 return -1; 3194 3195 spin_lock(&ap->sta_table_lock); 3196 sta = ap_get_sta(ap, sta_addr); 3197 if (sta) 3198 ret = 0; 3199 spin_unlock(&ap->sta_table_lock); 3200 3201 if (ret == 1) { 3202 sta = ap_add_sta(ap, sta_addr); 3203 if (!sta) 3204 return -1; 3205 sta->flags = WLAN_STA_AUTH | WLAN_STA_ASSOC; 3206 sta->ap = 1; 3207 memset(sta->supported_rates, 0, sizeof(sta->supported_rates)); 3208 /* No way of knowing which rates are supported since we did not 3209 * get supported rates element from beacon/assoc req. Assume 3210 * that remote end supports all 802.11b rates. */ 3211 sta->supported_rates[0] = 0x82; 3212 sta->supported_rates[1] = 0x84; 3213 sta->supported_rates[2] = 0x0b; 3214 sta->supported_rates[3] = 0x16; 3215 sta->tx_supp_rates = WLAN_RATE_1M | WLAN_RATE_2M | 3216 WLAN_RATE_5M5 | WLAN_RATE_11M; 3217 sta->tx_rate = 110; 3218 sta->tx_max_rate = sta->tx_rate_idx = 3; 3219 } 3220 3221 return ret; 3222} 3223 3224 3225/* Called only as a tasklet (software IRQ) */ 3226int hostap_update_rx_stats(struct ap_data *ap, 3227 struct ieee80211_hdr *hdr, 3228 struct hostap_80211_rx_status *rx_stats) 3229{ 3230 struct sta_info *sta; 3231 3232 if (!ap) 3233 return -1; 3234 3235 spin_lock(&ap->sta_table_lock); 3236 sta = ap_get_sta(ap, hdr->addr2); 3237 if (sta) { 3238 sta->last_rx_silence = rx_stats->noise; 3239 sta->last_rx_signal = rx_stats->signal; 3240 sta->last_rx_rate = rx_stats->rate; 3241 sta->last_rx_updated = IW_QUAL_ALL_UPDATED | IW_QUAL_DBM; 3242 if (rx_stats->rate == 10) 3243 sta->rx_count[0]++; 3244 else if (rx_stats->rate == 20) 3245 sta->rx_count[1]++; 3246 else if (rx_stats->rate == 55) 3247 sta->rx_count[2]++; 3248 else if (rx_stats->rate == 110) 3249 sta->rx_count[3]++; 3250 } 3251 spin_unlock(&ap->sta_table_lock); 3252 3253 return sta ? 0 : -1; 3254} 3255 3256 3257void hostap_update_rates(local_info_t *local) 3258{ 3259 struct sta_info *sta; 3260 struct ap_data *ap = local->ap; 3261 3262 if (!ap) 3263 return; 3264 3265 spin_lock_bh(&ap->sta_table_lock); 3266 list_for_each_entry(sta, &ap->sta_list, list) { 3267 prism2_check_tx_rates(sta); 3268 } 3269 spin_unlock_bh(&ap->sta_table_lock); 3270} 3271 3272 3273void * ap_crypt_get_ptrs(struct ap_data *ap, u8 *addr, int permanent, 3274 struct lib80211_crypt_data ***crypt) 3275{ 3276 struct sta_info *sta; 3277 3278 spin_lock_bh(&ap->sta_table_lock); 3279 sta = ap_get_sta(ap, addr); 3280 if (sta) 3281 atomic_inc(&sta->users); 3282 spin_unlock_bh(&ap->sta_table_lock); 3283 3284 if (!sta && permanent) 3285 sta = ap_add_sta(ap, addr); 3286 3287 if (!sta) 3288 return NULL; 3289 3290 if (permanent) 3291 sta->flags |= WLAN_STA_PERM; 3292 3293 *crypt = &sta->crypt; 3294 3295 return sta; 3296} 3297 3298 3299void hostap_add_wds_links(local_info_t *local) 3300{ 3301 struct ap_data *ap = local->ap; 3302 struct sta_info *sta; 3303 3304 spin_lock_bh(&ap->sta_table_lock); 3305 list_for_each_entry(sta, &ap->sta_list, list) { 3306 if (sta->ap) 3307 hostap_wds_link_oper(local, sta->addr, WDS_ADD); 3308 } 3309 spin_unlock_bh(&ap->sta_table_lock); 3310 3311 schedule_work(&local->ap->wds_oper_queue); 3312} 3313 3314 3315void hostap_wds_link_oper(local_info_t *local, u8 *addr, wds_oper_type type) 3316{ 3317 struct wds_oper_data *entry; 3318 3319 entry = kmalloc(sizeof(*entry), GFP_ATOMIC); 3320 if (!entry) 3321 return; 3322 memcpy(entry->addr, addr, ETH_ALEN); 3323 entry->type = type; 3324 spin_lock_bh(&local->lock); 3325 entry->next = local->ap->wds_oper_entries; 3326 local->ap->wds_oper_entries = entry; 3327 spin_unlock_bh(&local->lock); 3328 3329 schedule_work(&local->ap->wds_oper_queue); 3330} 3331 3332 3333EXPORT_SYMBOL(hostap_init_data); 3334EXPORT_SYMBOL(hostap_init_ap_proc); 3335EXPORT_SYMBOL(hostap_free_data); 3336EXPORT_SYMBOL(hostap_check_sta_fw_version); 3337EXPORT_SYMBOL(hostap_handle_sta_tx_exc); 3338#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 3339#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 3340