linux/net/mac80211/mlme.c
<<
>>
Prefs
   1/*
   2 * BSS client mode implementation
   3 * Copyright 2003-2008, Jouni Malinen <j@w1.fi>
   4 * Copyright 2004, Instant802 Networks, Inc.
   5 * Copyright 2005, Devicescape Software, Inc.
   6 * Copyright 2006-2007  Jiri Benc <jbenc@suse.cz>
   7 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
   8 *
   9 * This program is free software; you can redistribute it and/or modify
  10 * it under the terms of the GNU General Public License version 2 as
  11 * published by the Free Software Foundation.
  12 */
  13
  14#include <linux/delay.h>
  15#include <linux/if_ether.h>
  16#include <linux/skbuff.h>
  17#include <linux/if_arp.h>
  18#include <linux/etherdevice.h>
  19#include <linux/rtnetlink.h>
  20#include <net/mac80211.h>
  21#include <asm/unaligned.h>
  22
  23#include "ieee80211_i.h"
  24#include "rate.h"
  25#include "led.h"
  26
  27#define IEEE80211_ASSOC_SCANS_MAX_TRIES 2
  28#define IEEE80211_AUTH_TIMEOUT (HZ / 5)
  29#define IEEE80211_AUTH_MAX_TRIES 3
  30#define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
  31#define IEEE80211_ASSOC_MAX_TRIES 3
  32#define IEEE80211_MONITORING_INTERVAL (2 * HZ)
  33#define IEEE80211_PROBE_IDLE_TIME (60 * HZ)
  34#define IEEE80211_RETRY_AUTH_INTERVAL (1 * HZ)
  35
  36/* utils */
  37static int ecw2cw(int ecw)
  38{
  39        return (1 << ecw) - 1;
  40}
  41
  42static u8 *ieee80211_bss_get_ie(struct ieee80211_bss *bss, u8 ie)
  43{
  44        u8 *end, *pos;
  45
  46        pos = bss->cbss.information_elements;
  47        if (pos == NULL)
  48                return NULL;
  49        end = pos + bss->cbss.len_information_elements;
  50
  51        while (pos + 1 < end) {
  52                if (pos + 2 + pos[1] > end)
  53                        break;
  54                if (pos[0] == ie)
  55                        return pos;
  56                pos += 2 + pos[1];
  57        }
  58
  59        return NULL;
  60}
  61
  62static int ieee80211_compatible_rates(struct ieee80211_bss *bss,
  63                                      struct ieee80211_supported_band *sband,
  64                                      u32 *rates)
  65{
  66        int i, j, count;
  67        *rates = 0;
  68        count = 0;
  69        for (i = 0; i < bss->supp_rates_len; i++) {
  70                int rate = (bss->supp_rates[i] & 0x7F) * 5;
  71
  72                for (j = 0; j < sband->n_bitrates; j++)
  73                        if (sband->bitrates[j].bitrate == rate) {
  74                                *rates |= BIT(j);
  75                                count++;
  76                                break;
  77                        }
  78        }
  79
  80        return count;
  81}
  82
  83/* frame sending functions */
  84
  85static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata)
  86{
  87        struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
  88        struct ieee80211_local *local = sdata->local;
  89        struct sk_buff *skb;
  90        struct ieee80211_mgmt *mgmt;
  91        u8 *pos, *ies, *ht_ie;
  92        int i, len, count, rates_len, supp_rates_len;
  93        u16 capab;
  94        struct ieee80211_bss *bss;
  95        int wmm = 0;
  96        struct ieee80211_supported_band *sband;
  97        u32 rates = 0;
  98
  99        skb = dev_alloc_skb(local->hw.extra_tx_headroom +
 100                            sizeof(*mgmt) + 200 + ifmgd->extra_ie_len +
 101                            ifmgd->ssid_len);
 102        if (!skb) {
 103                printk(KERN_DEBUG "%s: failed to allocate buffer for assoc "
 104                       "frame\n", sdata->dev->name);
 105                return;
 106        }
 107        skb_reserve(skb, local->hw.extra_tx_headroom);
 108
 109        sband = local->hw.wiphy->bands[local->hw.conf.channel->band];
 110
 111        capab = ifmgd->capab;
 112
 113        if (local->hw.conf.channel->band == IEEE80211_BAND_2GHZ) {
 114                if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE))
 115                        capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
 116                if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE))
 117                        capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
 118        }
 119
 120        bss = ieee80211_rx_bss_get(local, ifmgd->bssid,
 121                                   local->hw.conf.channel->center_freq,
 122                                   ifmgd->ssid, ifmgd->ssid_len);
 123        if (bss) {
 124                if (bss->cbss.capability & WLAN_CAPABILITY_PRIVACY)
 125                        capab |= WLAN_CAPABILITY_PRIVACY;
 126                if (bss->wmm_used)
 127                        wmm = 1;
 128
 129                /* get all rates supported by the device and the AP as
 130                 * some APs don't like getting a superset of their rates
 131                 * in the association request (e.g. D-Link DAP 1353 in
 132                 * b-only mode) */
 133                rates_len = ieee80211_compatible_rates(bss, sband, &rates);
 134
 135                if ((bss->cbss.capability & WLAN_CAPABILITY_SPECTRUM_MGMT) &&
 136                    (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT))
 137                        capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;
 138
 139                ieee80211_rx_bss_put(local, bss);
 140        } else {
 141                rates = ~0;
 142                rates_len = sband->n_bitrates;
 143        }
 144
 145        mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
 146        memset(mgmt, 0, 24);
 147        memcpy(mgmt->da, ifmgd->bssid, ETH_ALEN);
 148        memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
 149        memcpy(mgmt->bssid, ifmgd->bssid, ETH_ALEN);
 150
 151        if (ifmgd->flags & IEEE80211_STA_PREV_BSSID_SET) {
 152                skb_put(skb, 10);
 153                mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
 154                                                  IEEE80211_STYPE_REASSOC_REQ);
 155                mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab);
 156                mgmt->u.reassoc_req.listen_interval =
 157                                cpu_to_le16(local->hw.conf.listen_interval);
 158                memcpy(mgmt->u.reassoc_req.current_ap, ifmgd->prev_bssid,
 159                       ETH_ALEN);
 160        } else {
 161                skb_put(skb, 4);
 162                mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
 163                                                  IEEE80211_STYPE_ASSOC_REQ);
 164                mgmt->u.assoc_req.capab_info = cpu_to_le16(capab);
 165                mgmt->u.assoc_req.listen_interval =
 166                                cpu_to_le16(local->hw.conf.listen_interval);
 167        }
 168
 169        /* SSID */
 170        ies = pos = skb_put(skb, 2 + ifmgd->ssid_len);
 171        *pos++ = WLAN_EID_SSID;
 172        *pos++ = ifmgd->ssid_len;
 173        memcpy(pos, ifmgd->ssid, ifmgd->ssid_len);
 174
 175        /* add all rates which were marked to be used above */
 176        supp_rates_len = rates_len;
 177        if (supp_rates_len > 8)
 178                supp_rates_len = 8;
 179
 180        len = sband->n_bitrates;
 181        pos = skb_put(skb, supp_rates_len + 2);
 182        *pos++ = WLAN_EID_SUPP_RATES;
 183        *pos++ = supp_rates_len;
 184
 185        count = 0;
 186        for (i = 0; i < sband->n_bitrates; i++) {
 187                if (BIT(i) & rates) {
 188                        int rate = sband->bitrates[i].bitrate;
 189                        *pos++ = (u8) (rate / 5);
 190                        if (++count == 8)
 191                                break;
 192                }
 193        }
 194
 195        if (rates_len > count) {
 196                pos = skb_put(skb, rates_len - count + 2);
 197                *pos++ = WLAN_EID_EXT_SUPP_RATES;
 198                *pos++ = rates_len - count;
 199
 200                for (i++; i < sband->n_bitrates; i++) {
 201                        if (BIT(i) & rates) {
 202                                int rate = sband->bitrates[i].bitrate;
 203                                *pos++ = (u8) (rate / 5);
 204                        }
 205                }
 206        }
 207
 208        if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) {
 209                /* 1. power capabilities */
 210                pos = skb_put(skb, 4);
 211                *pos++ = WLAN_EID_PWR_CAPABILITY;
 212                *pos++ = 2;
 213                *pos++ = 0; /* min tx power */
 214                *pos++ = local->hw.conf.channel->max_power; /* max tx power */
 215
 216                /* 2. supported channels */
 217                /* TODO: get this in reg domain format */
 218                pos = skb_put(skb, 2 * sband->n_channels + 2);
 219                *pos++ = WLAN_EID_SUPPORTED_CHANNELS;
 220                *pos++ = 2 * sband->n_channels;
 221                for (i = 0; i < sband->n_channels; i++) {
 222                        *pos++ = ieee80211_frequency_to_channel(
 223                                        sband->channels[i].center_freq);
 224                        *pos++ = 1; /* one channel in the subband*/
 225                }
 226        }
 227
 228        if (ifmgd->extra_ie) {
 229                pos = skb_put(skb, ifmgd->extra_ie_len);
 230                memcpy(pos, ifmgd->extra_ie, ifmgd->extra_ie_len);
 231        }
 232
 233        if (wmm && (ifmgd->flags & IEEE80211_STA_WMM_ENABLED)) {
 234                pos = skb_put(skb, 9);
 235                *pos++ = WLAN_EID_VENDOR_SPECIFIC;
 236                *pos++ = 7; /* len */
 237                *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */
 238                *pos++ = 0x50;
 239                *pos++ = 0xf2;
 240                *pos++ = 2; /* WME */
 241                *pos++ = 0; /* WME info */
 242                *pos++ = 1; /* WME ver */
 243                *pos++ = 0;
 244        }
 245
 246        /* wmm support is a must to HT */
 247        /*
 248         * IEEE802.11n does not allow TKIP/WEP as pairwise
 249         * ciphers in HT mode. We still associate in non-ht
 250         * mode (11a/b/g) if any one of these ciphers is
 251         * configured as pairwise.
 252         */
 253        if (wmm && (ifmgd->flags & IEEE80211_STA_WMM_ENABLED) &&
 254            sband->ht_cap.ht_supported &&
 255            (ht_ie = ieee80211_bss_get_ie(bss, WLAN_EID_HT_INFORMATION)) &&
 256            ht_ie[1] >= sizeof(struct ieee80211_ht_info) &&
 257            (!(ifmgd->flags & IEEE80211_STA_TKIP_WEP_USED))) {
 258                struct ieee80211_ht_info *ht_info =
 259                        (struct ieee80211_ht_info *)(ht_ie + 2);
 260                u16 cap = sband->ht_cap.cap;
 261                __le16 tmp;
 262                u32 flags = local->hw.conf.channel->flags;
 263
 264                switch (ht_info->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
 265                case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
 266                        if (flags & IEEE80211_CHAN_NO_FAT_ABOVE) {
 267                                cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
 268                                cap &= ~IEEE80211_HT_CAP_SGI_40;
 269                        }
 270                        break;
 271                case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
 272                        if (flags & IEEE80211_CHAN_NO_FAT_BELOW) {
 273                                cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
 274                                cap &= ~IEEE80211_HT_CAP_SGI_40;
 275                        }
 276                        break;
 277                }
 278
 279                tmp = cpu_to_le16(cap);
 280                pos = skb_put(skb, sizeof(struct ieee80211_ht_cap)+2);
 281                *pos++ = WLAN_EID_HT_CAPABILITY;
 282                *pos++ = sizeof(struct ieee80211_ht_cap);
 283                memset(pos, 0, sizeof(struct ieee80211_ht_cap));
 284                memcpy(pos, &tmp, sizeof(u16));
 285                pos += sizeof(u16);
 286                /* TODO: needs a define here for << 2 */
 287                *pos++ = sband->ht_cap.ampdu_factor |
 288                         (sband->ht_cap.ampdu_density << 2);
 289                memcpy(pos, &sband->ht_cap.mcs, sizeof(sband->ht_cap.mcs));
 290        }
 291
 292        kfree(ifmgd->assocreq_ies);
 293        ifmgd->assocreq_ies_len = (skb->data + skb->len) - ies;
 294        ifmgd->assocreq_ies = kmalloc(ifmgd->assocreq_ies_len, GFP_KERNEL);
 295        if (ifmgd->assocreq_ies)
 296                memcpy(ifmgd->assocreq_ies, ies, ifmgd->assocreq_ies_len);
 297
 298        ieee80211_tx_skb(sdata, skb, 0);
 299}
 300
 301
 302static void ieee80211_send_deauth_disassoc(struct ieee80211_sub_if_data *sdata,
 303                                           u16 stype, u16 reason)
 304{
 305        struct ieee80211_local *local = sdata->local;
 306        struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
 307        struct sk_buff *skb;
 308        struct ieee80211_mgmt *mgmt;
 309
 310        skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt));
 311        if (!skb) {
 312                printk(KERN_DEBUG "%s: failed to allocate buffer for "
 313                       "deauth/disassoc frame\n", sdata->dev->name);
 314                return;
 315        }
 316        skb_reserve(skb, local->hw.extra_tx_headroom);
 317
 318        mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
 319        memset(mgmt, 0, 24);
 320        memcpy(mgmt->da, ifmgd->bssid, ETH_ALEN);
 321        memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
 322        memcpy(mgmt->bssid, ifmgd->bssid, ETH_ALEN);
 323        mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | stype);
 324        skb_put(skb, 2);
 325        /* u.deauth.reason_code == u.disassoc.reason_code */
 326        mgmt->u.deauth.reason_code = cpu_to_le16(reason);
 327
 328        ieee80211_tx_skb(sdata, skb, ifmgd->flags & IEEE80211_STA_MFP_ENABLED);
 329}
 330
 331void ieee80211_send_pspoll(struct ieee80211_local *local,
 332                           struct ieee80211_sub_if_data *sdata)
 333{
 334        struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
 335        struct ieee80211_pspoll *pspoll;
 336        struct sk_buff *skb;
 337        u16 fc;
 338
 339        skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*pspoll));
 340        if (!skb) {
 341                printk(KERN_DEBUG "%s: failed to allocate buffer for "
 342                       "pspoll frame\n", sdata->dev->name);
 343                return;
 344        }
 345        skb_reserve(skb, local->hw.extra_tx_headroom);
 346
 347        pspoll = (struct ieee80211_pspoll *) skb_put(skb, sizeof(*pspoll));
 348        memset(pspoll, 0, sizeof(*pspoll));
 349        fc = IEEE80211_FTYPE_CTL | IEEE80211_STYPE_PSPOLL | IEEE80211_FCTL_PM;
 350        pspoll->frame_control = cpu_to_le16(fc);
 351        pspoll->aid = cpu_to_le16(ifmgd->aid);
 352
 353        /* aid in PS-Poll has its two MSBs each set to 1 */
 354        pspoll->aid |= cpu_to_le16(1 << 15 | 1 << 14);
 355
 356        memcpy(pspoll->bssid, ifmgd->bssid, ETH_ALEN);
 357        memcpy(pspoll->ta, sdata->dev->dev_addr, ETH_ALEN);
 358
 359        ieee80211_tx_skb(sdata, skb, 0);
 360}
 361
 362/* MLME */
 363static void ieee80211_sta_wmm_params(struct ieee80211_local *local,
 364                                     struct ieee80211_if_managed *ifmgd,
 365                                     u8 *wmm_param, size_t wmm_param_len)
 366{
 367        struct ieee80211_tx_queue_params params;
 368        size_t left;
 369        int count;
 370        u8 *pos;
 371
 372        if (!(ifmgd->flags & IEEE80211_STA_WMM_ENABLED))
 373                return;
 374
 375        if (!wmm_param)
 376                return;
 377
 378        if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1)
 379                return;
 380        count = wmm_param[6] & 0x0f;
 381        if (count == ifmgd->wmm_last_param_set)
 382                return;
 383        ifmgd->wmm_last_param_set = count;
 384
 385        pos = wmm_param + 8;
 386        left = wmm_param_len - 8;
 387
 388        memset(&params, 0, sizeof(params));
 389
 390        local->wmm_acm = 0;
 391        for (; left >= 4; left -= 4, pos += 4) {
 392                int aci = (pos[0] >> 5) & 0x03;
 393                int acm = (pos[0] >> 4) & 0x01;
 394                int queue;
 395
 396                switch (aci) {
 397                case 1: /* AC_BK */
 398                        queue = 3;
 399                        if (acm)
 400                                local->wmm_acm |= BIT(1) | BIT(2); /* BK/- */
 401                        break;
 402                case 2: /* AC_VI */
 403                        queue = 1;
 404                        if (acm)
 405                                local->wmm_acm |= BIT(4) | BIT(5); /* CL/VI */
 406                        break;
 407                case 3: /* AC_VO */
 408                        queue = 0;
 409                        if (acm)
 410                                local->wmm_acm |= BIT(6) | BIT(7); /* VO/NC */
 411                        break;
 412                case 0: /* AC_BE */
 413                default:
 414                        queue = 2;
 415                        if (acm)
 416                                local->wmm_acm |= BIT(0) | BIT(3); /* BE/EE */
 417                        break;
 418                }
 419
 420                params.aifs = pos[0] & 0x0f;
 421                params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4);
 422                params.cw_min = ecw2cw(pos[1] & 0x0f);
 423                params.txop = get_unaligned_le16(pos + 2);
 424#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
 425                printk(KERN_DEBUG "%s: WMM queue=%d aci=%d acm=%d aifs=%d "
 426                       "cWmin=%d cWmax=%d txop=%d\n",
 427                       local->mdev->name, queue, aci, acm, params.aifs, params.cw_min,
 428                       params.cw_max, params.txop);
 429#endif
 430                if (local->ops->conf_tx &&
 431                    local->ops->conf_tx(local_to_hw(local), queue, &params)) {
 432                        printk(KERN_DEBUG "%s: failed to set TX queue "
 433                               "parameters for queue %d\n", local->mdev->name, queue);
 434                }
 435        }
 436}
 437
 438static bool ieee80211_check_tim(struct ieee802_11_elems *elems, u16 aid)
 439{
 440        u8 mask;
 441        u8 index, indexn1, indexn2;
 442        struct ieee80211_tim_ie *tim = (struct ieee80211_tim_ie *) elems->tim;
 443
 444        if (unlikely(!tim || elems->tim_len < 4))
 445                return false;
 446
 447        aid &= 0x3fff;
 448        index = aid / 8;
 449        mask  = 1 << (aid & 7);
 450
 451        indexn1 = tim->bitmap_ctrl & 0xfe;
 452        indexn2 = elems->tim_len + indexn1 - 4;
 453
 454        if (index < indexn1 || index > indexn2)
 455                return false;
 456
 457        index -= indexn1;
 458
 459        return !!(tim->virtual_map[index] & mask);
 460}
 461
 462static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata,
 463                                           u16 capab, bool erp_valid, u8 erp)
 464{
 465        struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
 466#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
 467        struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
 468#endif
 469        u32 changed = 0;
 470        bool use_protection;
 471        bool use_short_preamble;
 472        bool use_short_slot;
 473
 474        if (erp_valid) {
 475                use_protection = (erp & WLAN_ERP_USE_PROTECTION) != 0;
 476                use_short_preamble = (erp & WLAN_ERP_BARKER_PREAMBLE) == 0;
 477        } else {
 478                use_protection = false;
 479                use_short_preamble = !!(capab & WLAN_CAPABILITY_SHORT_PREAMBLE);
 480        }
 481
 482        use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME);
 483
 484        if (use_protection != bss_conf->use_cts_prot) {
 485#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
 486                if (net_ratelimit()) {
 487                        printk(KERN_DEBUG "%s: CTS protection %s (BSSID=%pM)\n",
 488                               sdata->dev->name,
 489                               use_protection ? "enabled" : "disabled",
 490                               ifmgd->bssid);
 491                }
 492#endif
 493                bss_conf->use_cts_prot = use_protection;
 494                changed |= BSS_CHANGED_ERP_CTS_PROT;
 495        }
 496
 497        if (use_short_preamble != bss_conf->use_short_preamble) {
 498#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
 499                if (net_ratelimit()) {
 500                        printk(KERN_DEBUG "%s: switched to %s barker preamble"
 501                               " (BSSID=%pM)\n",
 502                               sdata->dev->name,
 503                               use_short_preamble ? "short" : "long",
 504                               ifmgd->bssid);
 505                }
 506#endif
 507                bss_conf->use_short_preamble = use_short_preamble;
 508                changed |= BSS_CHANGED_ERP_PREAMBLE;
 509        }
 510
 511        if (use_short_slot != bss_conf->use_short_slot) {
 512#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
 513                if (net_ratelimit()) {
 514                        printk(KERN_DEBUG "%s: switched to %s slot time"
 515                               " (BSSID=%pM)\n",
 516                               sdata->dev->name,
 517                               use_short_slot ? "short" : "long",
 518                               ifmgd->bssid);
 519                }
 520#endif
 521                bss_conf->use_short_slot = use_short_slot;
 522                changed |= BSS_CHANGED_ERP_SLOT;
 523        }
 524
 525        return changed;
 526}
 527
 528static void ieee80211_sta_send_apinfo(struct ieee80211_sub_if_data *sdata)
 529{
 530        union iwreq_data wrqu;
 531
 532        memset(&wrqu, 0, sizeof(wrqu));
 533        if (sdata->u.mgd.flags & IEEE80211_STA_ASSOCIATED)
 534                memcpy(wrqu.ap_addr.sa_data, sdata->u.mgd.bssid, ETH_ALEN);
 535        wrqu.ap_addr.sa_family = ARPHRD_ETHER;
 536        wireless_send_event(sdata->dev, SIOCGIWAP, &wrqu, NULL);
 537}
 538
 539static void ieee80211_sta_send_associnfo(struct ieee80211_sub_if_data *sdata)
 540{
 541        struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
 542        char *buf;
 543        size_t len;
 544        int i;
 545        union iwreq_data wrqu;
 546
 547        if (!ifmgd->assocreq_ies && !ifmgd->assocresp_ies)
 548                return;
 549
 550        buf = kmalloc(50 + 2 * (ifmgd->assocreq_ies_len +
 551                                ifmgd->assocresp_ies_len), GFP_KERNEL);
 552        if (!buf)
 553                return;
 554
 555        len = sprintf(buf, "ASSOCINFO(");
 556        if (ifmgd->assocreq_ies) {
 557                len += sprintf(buf + len, "ReqIEs=");
 558                for (i = 0; i < ifmgd->assocreq_ies_len; i++) {
 559                        len += sprintf(buf + len, "%02x",
 560                                       ifmgd->assocreq_ies[i]);
 561                }
 562        }
 563        if (ifmgd->assocresp_ies) {
 564                if (ifmgd->assocreq_ies)
 565                        len += sprintf(buf + len, " ");
 566                len += sprintf(buf + len, "RespIEs=");
 567                for (i = 0; i < ifmgd->assocresp_ies_len; i++) {
 568                        len += sprintf(buf + len, "%02x",
 569                                       ifmgd->assocresp_ies[i]);
 570                }
 571        }
 572        len += sprintf(buf + len, ")");
 573
 574        if (len > IW_CUSTOM_MAX) {
 575                len = sprintf(buf, "ASSOCRESPIE=");
 576                for (i = 0; i < ifmgd->assocresp_ies_len; i++) {
 577                        len += sprintf(buf + len, "%02x",
 578                                       ifmgd->assocresp_ies[i]);
 579                }
 580        }
 581
 582        if (len <= IW_CUSTOM_MAX) {
 583                memset(&wrqu, 0, sizeof(wrqu));
 584                wrqu.data.length = len;
 585                wireless_send_event(sdata->dev, IWEVCUSTOM, &wrqu, buf);
 586        }
 587
 588        kfree(buf);
 589}
 590
 591
 592static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
 593                                     u32 bss_info_changed)
 594{
 595        struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
 596        struct ieee80211_local *local = sdata->local;
 597        struct ieee80211_conf *conf = &local_to_hw(local)->conf;
 598
 599        struct ieee80211_bss *bss;
 600
 601        bss_info_changed |= BSS_CHANGED_ASSOC;
 602        ifmgd->flags |= IEEE80211_STA_ASSOCIATED;
 603
 604        bss = ieee80211_rx_bss_get(local, ifmgd->bssid,
 605                                   conf->channel->center_freq,
 606                                   ifmgd->ssid, ifmgd->ssid_len);
 607        if (bss) {
 608                /* set timing information */
 609                sdata->vif.bss_conf.beacon_int = bss->cbss.beacon_interval;
 610                sdata->vif.bss_conf.timestamp = bss->cbss.tsf;
 611                sdata->vif.bss_conf.dtim_period = bss->dtim_period;
 612
 613                bss_info_changed |= ieee80211_handle_bss_capability(sdata,
 614                        bss->cbss.capability, bss->has_erp_value, bss->erp_value);
 615
 616                cfg80211_hold_bss(&bss->cbss);
 617
 618                ieee80211_rx_bss_put(local, bss);
 619        }
 620
 621        ifmgd->flags |= IEEE80211_STA_PREV_BSSID_SET;
 622        memcpy(ifmgd->prev_bssid, sdata->u.mgd.bssid, ETH_ALEN);
 623        ieee80211_sta_send_associnfo(sdata);
 624
 625        ifmgd->last_probe = jiffies;
 626        ieee80211_led_assoc(local, 1);
 627
 628        sdata->vif.bss_conf.assoc = 1;
 629        /*
 630         * For now just always ask the driver to update the basic rateset
 631         * when we have associated, we aren't checking whether it actually
 632         * changed or not.
 633         */
 634        bss_info_changed |= BSS_CHANGED_BASIC_RATES;
 635        ieee80211_bss_info_change_notify(sdata, bss_info_changed);
 636
 637        if (local->powersave) {
 638                if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS) &&
 639                    local->hw.conf.dynamic_ps_timeout > 0) {
 640                        mod_timer(&local->dynamic_ps_timer, jiffies +
 641                                  msecs_to_jiffies(
 642                                        local->hw.conf.dynamic_ps_timeout));
 643                } else {
 644                        if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)
 645                                ieee80211_send_nullfunc(local, sdata, 1);
 646                        conf->flags |= IEEE80211_CONF_PS;
 647                        ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
 648                }
 649        }
 650
 651        netif_tx_start_all_queues(sdata->dev);
 652        netif_carrier_on(sdata->dev);
 653
 654        ieee80211_sta_send_apinfo(sdata);
 655}
 656
 657static void ieee80211_direct_probe(struct ieee80211_sub_if_data *sdata)
 658{
 659        struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
 660        struct ieee80211_local *local = sdata->local;
 661
 662        ifmgd->direct_probe_tries++;
 663        if (ifmgd->direct_probe_tries > IEEE80211_AUTH_MAX_TRIES) {
 664                printk(KERN_DEBUG "%s: direct probe to AP %pM timed out\n",
 665                       sdata->dev->name, ifmgd->bssid);
 666                ifmgd->state = IEEE80211_STA_MLME_DISABLED;
 667                ieee80211_sta_send_apinfo(sdata);
 668
 669                /*
 670                 * Most likely AP is not in the range so remove the
 671                 * bss information associated to the AP
 672                 */
 673                ieee80211_rx_bss_remove(sdata, ifmgd->bssid,
 674                                sdata->local->hw.conf.channel->center_freq,
 675                                ifmgd->ssid, ifmgd->ssid_len);
 676
 677                /*
 678                 * We might have a pending scan which had no chance to run yet
 679                 * due to state == IEEE80211_STA_MLME_DIRECT_PROBE.
 680                 * Hence, queue the STAs work again
 681                 */
 682                queue_work(local->hw.workqueue, &ifmgd->work);
 683                return;
 684        }
 685
 686        printk(KERN_DEBUG "%s: direct probe to AP %pM try %d\n",
 687                        sdata->dev->name, ifmgd->bssid,
 688                        ifmgd->direct_probe_tries);
 689
 690        ifmgd->state = IEEE80211_STA_MLME_DIRECT_PROBE;
 691
 692        set_bit(IEEE80211_STA_REQ_DIRECT_PROBE, &ifmgd->request);
 693
 694        /* Direct probe is sent to broadcast address as some APs
 695         * will not answer to direct packet in unassociated state.
 696         */
 697        ieee80211_send_probe_req(sdata, NULL,
 698                                 ifmgd->ssid, ifmgd->ssid_len, NULL, 0);
 699
 700        mod_timer(&ifmgd->timer, jiffies + IEEE80211_AUTH_TIMEOUT);
 701}
 702
 703
 704static void ieee80211_authenticate(struct ieee80211_sub_if_data *sdata)
 705{
 706        struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
 707        struct ieee80211_local *local = sdata->local;
 708        u8 *ies;
 709        size_t ies_len;
 710
 711        ifmgd->auth_tries++;
 712        if (ifmgd->auth_tries > IEEE80211_AUTH_MAX_TRIES) {
 713                printk(KERN_DEBUG "%s: authentication with AP %pM"
 714                       " timed out\n",
 715                       sdata->dev->name, ifmgd->bssid);
 716                ifmgd->state = IEEE80211_STA_MLME_DISABLED;
 717                ieee80211_sta_send_apinfo(sdata);
 718                ieee80211_rx_bss_remove(sdata, ifmgd->bssid,
 719                                sdata->local->hw.conf.channel->center_freq,
 720                                ifmgd->ssid, ifmgd->ssid_len);
 721
 722                /*
 723                 * We might have a pending scan which had no chance to run yet
 724                 * due to state == IEEE80211_STA_MLME_AUTHENTICATE.
 725                 * Hence, queue the STAs work again
 726                 */
 727                queue_work(local->hw.workqueue, &ifmgd->work);
 728                return;
 729        }
 730
 731        ifmgd->state = IEEE80211_STA_MLME_AUTHENTICATE;
 732        printk(KERN_DEBUG "%s: authenticate with AP %pM\n",
 733               sdata->dev->name, ifmgd->bssid);
 734
 735        if (ifmgd->flags & IEEE80211_STA_EXT_SME) {
 736                ies = ifmgd->sme_auth_ie;
 737                ies_len = ifmgd->sme_auth_ie_len;
 738        } else {
 739                ies = NULL;
 740                ies_len = 0;
 741        }
 742        ieee80211_send_auth(sdata, 1, ifmgd->auth_alg, ies, ies_len,
 743                            ifmgd->bssid, 0);
 744        ifmgd->auth_transaction = 2;
 745
 746        mod_timer(&ifmgd->timer, jiffies + IEEE80211_AUTH_TIMEOUT);
 747}
 748
 749/*
 750 * The disassoc 'reason' argument can be either our own reason
 751 * if self disconnected or a reason code from the AP.
 752 */
 753static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
 754                                   bool deauth, bool self_disconnected,
 755                                   u16 reason)
 756{
 757        struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
 758        struct ieee80211_local *local = sdata->local;
 759        struct ieee80211_conf *conf = &local_to_hw(local)->conf;
 760        struct ieee80211_bss *bss;
 761        struct sta_info *sta;
 762        u32 changed = 0, config_changed = 0;
 763
 764        rcu_read_lock();
 765
 766        sta = sta_info_get(local, ifmgd->bssid);
 767        if (!sta) {
 768                rcu_read_unlock();
 769                return;
 770        }
 771
 772        if (deauth) {
 773                ifmgd->direct_probe_tries = 0;
 774                ifmgd->auth_tries = 0;
 775        }
 776        ifmgd->assoc_scan_tries = 0;
 777        ifmgd->assoc_tries = 0;
 778
 779        netif_tx_stop_all_queues(sdata->dev);
 780        netif_carrier_off(sdata->dev);
 781
 782        ieee80211_sta_tear_down_BA_sessions(sta);
 783
 784        bss = ieee80211_rx_bss_get(local, ifmgd->bssid,
 785                                   conf->channel->center_freq,
 786                                   ifmgd->ssid, ifmgd->ssid_len);
 787
 788        if (bss) {
 789                cfg80211_unhold_bss(&bss->cbss);
 790                ieee80211_rx_bss_put(local, bss);
 791        }
 792
 793        if (self_disconnected) {
 794                if (deauth)
 795                        ieee80211_send_deauth_disassoc(sdata,
 796                                IEEE80211_STYPE_DEAUTH, reason);
 797                else
 798                        ieee80211_send_deauth_disassoc(sdata,
 799                                IEEE80211_STYPE_DISASSOC, reason);
 800        }
 801
 802        ifmgd->flags &= ~IEEE80211_STA_ASSOCIATED;
 803        changed |= ieee80211_reset_erp_info(sdata);
 804
 805        ieee80211_led_assoc(local, 0);
 806        changed |= BSS_CHANGED_ASSOC;
 807        sdata->vif.bss_conf.assoc = false;
 808
 809        ieee80211_sta_send_apinfo(sdata);
 810
 811        if (self_disconnected || reason == WLAN_REASON_DISASSOC_STA_HAS_LEFT) {
 812                ifmgd->state = IEEE80211_STA_MLME_DISABLED;
 813                ieee80211_rx_bss_remove(sdata, ifmgd->bssid,
 814                                sdata->local->hw.conf.channel->center_freq,
 815                                ifmgd->ssid, ifmgd->ssid_len);
 816        }
 817
 818        rcu_read_unlock();
 819
 820        /* channel(_type) changes are handled by ieee80211_hw_config */
 821        local->oper_channel_type = NL80211_CHAN_NO_HT;
 822
 823        local->power_constr_level = 0;
 824
 825        del_timer_sync(&local->dynamic_ps_timer);
 826        cancel_work_sync(&local->dynamic_ps_enable_work);
 827
 828        if (local->hw.conf.flags & IEEE80211_CONF_PS) {
 829                local->hw.conf.flags &= ~IEEE80211_CONF_PS;
 830                config_changed |= IEEE80211_CONF_CHANGE_PS;
 831        }
 832
 833        ieee80211_hw_config(local, config_changed);
 834        ieee80211_bss_info_change_notify(sdata, changed);
 835
 836        rcu_read_lock();
 837
 838        sta = sta_info_get(local, ifmgd->bssid);
 839        if (!sta) {
 840                rcu_read_unlock();
 841                return;
 842        }
 843
 844        sta_info_unlink(&sta);
 845
 846        rcu_read_unlock();
 847
 848        sta_info_destroy(sta);
 849}
 850
 851static int ieee80211_sta_wep_configured(struct ieee80211_sub_if_data *sdata)
 852{
 853        if (!sdata || !sdata->default_key ||
 854            sdata->default_key->conf.alg != ALG_WEP)
 855                return 0;
 856        return 1;
 857}
 858
 859static int ieee80211_privacy_mismatch(struct ieee80211_sub_if_data *sdata)
 860{
 861        struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
 862        struct ieee80211_local *local = sdata->local;
 863        struct ieee80211_bss *bss;
 864        int bss_privacy;
 865        int wep_privacy;
 866        int privacy_invoked;
 867
 868        if (!ifmgd || (ifmgd->flags & IEEE80211_STA_EXT_SME))
 869                return 0;
 870
 871        bss = ieee80211_rx_bss_get(local, ifmgd->bssid,
 872                                   local->hw.conf.channel->center_freq,
 873                                   ifmgd->ssid, ifmgd->ssid_len);
 874        if (!bss)
 875                return 0;
 876
 877        bss_privacy = !!(bss->cbss.capability & WLAN_CAPABILITY_PRIVACY);
 878        wep_privacy = !!ieee80211_sta_wep_configured(sdata);
 879        privacy_invoked = !!(ifmgd->flags & IEEE80211_STA_PRIVACY_INVOKED);
 880
 881        ieee80211_rx_bss_put(local, bss);
 882
 883        if ((bss_privacy == wep_privacy) || (bss_privacy == privacy_invoked))
 884                return 0;
 885
 886        return 1;
 887}
 888
 889static void ieee80211_associate(struct ieee80211_sub_if_data *sdata)
 890{
 891        struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
 892        struct ieee80211_local *local = sdata->local;
 893
 894        ifmgd->assoc_tries++;
 895        if (ifmgd->assoc_tries > IEEE80211_ASSOC_MAX_TRIES) {
 896                printk(KERN_DEBUG "%s: association with AP %pM"
 897                       " timed out\n",
 898                       sdata->dev->name, ifmgd->bssid);
 899                ifmgd->state = IEEE80211_STA_MLME_DISABLED;
 900                ieee80211_sta_send_apinfo(sdata);
 901                ieee80211_rx_bss_remove(sdata, ifmgd->bssid,
 902                                sdata->local->hw.conf.channel->center_freq,
 903                                ifmgd->ssid, ifmgd->ssid_len);
 904                /*
 905                 * We might have a pending scan which had no chance to run yet
 906                 * due to state == IEEE80211_STA_MLME_ASSOCIATE.
 907                 * Hence, queue the STAs work again
 908                 */
 909                queue_work(local->hw.workqueue, &ifmgd->work);
 910                return;
 911        }
 912
 913        ifmgd->state = IEEE80211_STA_MLME_ASSOCIATE;
 914        printk(KERN_DEBUG "%s: associate with AP %pM\n",
 915               sdata->dev->name, ifmgd->bssid);
 916        if (ieee80211_privacy_mismatch(sdata)) {
 917                printk(KERN_DEBUG "%s: mismatch in privacy configuration and "
 918                       "mixed-cell disabled - abort association\n", sdata->dev->name);
 919                ifmgd->state = IEEE80211_STA_MLME_DISABLED;
 920                return;
 921        }
 922
 923        ieee80211_send_assoc(sdata);
 924
 925        mod_timer(&ifmgd->timer, jiffies + IEEE80211_ASSOC_TIMEOUT);
 926}
 927
 928void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata,
 929                             struct ieee80211_hdr *hdr)
 930{
 931        /*
 932         * We can postpone the mgd.timer whenever receiving unicast frames
 933         * from AP because we know that the connection is working both ways
 934         * at that time. But multicast frames (and hence also beacons) must
 935         * be ignored here, because we need to trigger the timer during
 936         * data idle periods for sending the periodical probe request to
 937         * the AP.
 938         */
 939        if (!is_multicast_ether_addr(hdr->addr1))
 940                mod_timer(&sdata->u.mgd.timer,
 941                          jiffies + IEEE80211_MONITORING_INTERVAL);
 942}
 943
 944void ieee80211_beacon_loss_work(struct work_struct *work)
 945{
 946        struct ieee80211_sub_if_data *sdata =
 947                container_of(work, struct ieee80211_sub_if_data,
 948                             u.mgd.beacon_loss_work);
 949        struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
 950
 951#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
 952        if (net_ratelimit()) {
 953                printk(KERN_DEBUG "%s: driver reports beacon loss from AP %pM "
 954                       "- sending probe request\n", sdata->dev->name,
 955                       sdata->u.mgd.bssid);
 956        }
 957#endif
 958
 959        ifmgd->flags |= IEEE80211_STA_PROBEREQ_POLL;
 960        ieee80211_send_probe_req(sdata, ifmgd->bssid, ifmgd->ssid,
 961                                 ifmgd->ssid_len, NULL, 0);
 962
 963        mod_timer(&ifmgd->timer, jiffies + IEEE80211_MONITORING_INTERVAL);
 964}
 965
 966void ieee80211_beacon_loss(struct ieee80211_vif *vif)
 967{
 968        struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
 969
 970        queue_work(sdata->local->hw.workqueue,
 971                   &sdata->u.mgd.beacon_loss_work);
 972}
 973EXPORT_SYMBOL(ieee80211_beacon_loss);
 974
 975static void ieee80211_associated(struct ieee80211_sub_if_data *sdata)
 976{
 977        struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
 978        struct ieee80211_local *local = sdata->local;
 979        struct sta_info *sta;
 980        bool disassoc = false;
 981
 982        /* TODO: start monitoring current AP signal quality and number of
 983         * missed beacons. Scan other channels every now and then and search
 984         * for better APs. */
 985        /* TODO: remove expired BSSes */
 986
 987        ifmgd->state = IEEE80211_STA_MLME_ASSOCIATED;
 988
 989        rcu_read_lock();
 990
 991        sta = sta_info_get(local, ifmgd->bssid);
 992        if (!sta) {
 993                printk(KERN_DEBUG "%s: No STA entry for own AP %pM\n",
 994                       sdata->dev->name, ifmgd->bssid);
 995                disassoc = true;
 996                goto unlock;
 997        }
 998
 999        if ((ifmgd->flags & IEEE80211_STA_PROBEREQ_POLL) &&
1000            time_after(jiffies, sta->last_rx + IEEE80211_MONITORING_INTERVAL)) {
1001                printk(KERN_DEBUG "%s: no probe response from AP %pM "
1002                       "- disassociating\n",
1003                       sdata->dev->name, ifmgd->bssid);
1004                disassoc = true;
1005                ifmgd->flags &= ~IEEE80211_STA_PROBEREQ_POLL;
1006                goto unlock;
1007        }
1008
1009        /*
1010         * Beacon filtering is only enabled with power save and then the
1011         * stack should not check for beacon loss.
1012         */
1013        if (!((local->hw.flags & IEEE80211_HW_BEACON_FILTER) &&
1014              (local->hw.conf.flags & IEEE80211_CONF_PS)) &&
1015            time_after(jiffies,
1016                       ifmgd->last_beacon + IEEE80211_MONITORING_INTERVAL)) {
1017#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
1018                if (net_ratelimit()) {
1019                        printk(KERN_DEBUG "%s: beacon loss from AP %pM "
1020                               "- sending probe request\n",
1021                               sdata->dev->name, ifmgd->bssid);
1022                }
1023#endif
1024                ifmgd->flags |= IEEE80211_STA_PROBEREQ_POLL;
1025                ieee80211_send_probe_req(sdata, ifmgd->bssid, ifmgd->ssid,
1026                                         ifmgd->ssid_len, NULL, 0);
1027                goto unlock;
1028
1029        }
1030
1031        if (time_after(jiffies, sta->last_rx + IEEE80211_PROBE_IDLE_TIME)) {
1032                ifmgd->flags |= IEEE80211_STA_PROBEREQ_POLL;
1033                ieee80211_send_probe_req(sdata, ifmgd->bssid, ifmgd->ssid,
1034                                         ifmgd->ssid_len, NULL, 0);
1035        }
1036
1037 unlock:
1038        rcu_read_unlock();
1039
1040        if (disassoc)
1041                ieee80211_set_disassoc(sdata, true, true,
1042                                        WLAN_REASON_PREV_AUTH_NOT_VALID);
1043        else
1044                mod_timer(&ifmgd->timer, jiffies +
1045                                      IEEE80211_MONITORING_INTERVAL);
1046}
1047
1048
1049static void ieee80211_auth_completed(struct ieee80211_sub_if_data *sdata)
1050{
1051        struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1052
1053        printk(KERN_DEBUG "%s: authenticated\n", sdata->dev->name);
1054        ifmgd->flags |= IEEE80211_STA_AUTHENTICATED;
1055        if (ifmgd->flags & IEEE80211_STA_EXT_SME) {
1056                /* Wait for SME to request association */
1057                ifmgd->state = IEEE80211_STA_MLME_DISABLED;
1058        } else
1059                ieee80211_associate(sdata);
1060}
1061
1062
1063static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata,
1064                                     struct ieee80211_mgmt *mgmt,
1065                                     size_t len)
1066{
1067        u8 *pos;
1068        struct ieee802_11_elems elems;
1069
1070        pos = mgmt->u.auth.variable;
1071        ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
1072        if (!elems.challenge)
1073                return;
1074        ieee80211_send_auth(sdata, 3, sdata->u.mgd.auth_alg,
1075                            elems.challenge - 2, elems.challenge_len + 2,
1076                            sdata->u.mgd.bssid, 1);
1077        sdata->u.mgd.auth_transaction = 4;
1078}
1079
1080static void ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata,
1081                                   struct ieee80211_mgmt *mgmt,
1082                                   size_t len)
1083{
1084        struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1085        u16 auth_alg, auth_transaction, status_code;
1086
1087        if (ifmgd->state != IEEE80211_STA_MLME_AUTHENTICATE)
1088                return;
1089
1090        if (len < 24 + 6)
1091                return;
1092
1093        if (memcmp(ifmgd->bssid, mgmt->sa, ETH_ALEN) != 0)
1094                return;
1095
1096        if (memcmp(ifmgd->bssid, mgmt->bssid, ETH_ALEN) != 0)
1097                return;
1098
1099        auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
1100        auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
1101        status_code = le16_to_cpu(mgmt->u.auth.status_code);
1102
1103        if (auth_alg != ifmgd->auth_alg ||
1104            auth_transaction != ifmgd->auth_transaction)
1105                return;
1106
1107        if (status_code != WLAN_STATUS_SUCCESS) {
1108                if (status_code == WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG) {
1109                        u8 algs[3];
1110                        const int num_algs = ARRAY_SIZE(algs);
1111                        int i, pos;
1112                        algs[0] = algs[1] = algs[2] = 0xff;
1113                        if (ifmgd->auth_algs & IEEE80211_AUTH_ALG_OPEN)
1114                                algs[0] = WLAN_AUTH_OPEN;
1115                        if (ifmgd->auth_algs & IEEE80211_AUTH_ALG_SHARED_KEY)
1116                                algs[1] = WLAN_AUTH_SHARED_KEY;
1117                        if (ifmgd->auth_algs & IEEE80211_AUTH_ALG_LEAP)
1118                                algs[2] = WLAN_AUTH_LEAP;
1119                        if (ifmgd->auth_alg == WLAN_AUTH_OPEN)
1120                                pos = 0;
1121                        else if (ifmgd->auth_alg == WLAN_AUTH_SHARED_KEY)
1122                                pos = 1;
1123                        else
1124                                pos = 2;
1125                        for (i = 0; i < num_algs; i++) {
1126                                pos++;
1127                                if (pos >= num_algs)
1128                                        pos = 0;
1129                                if (algs[pos] == ifmgd->auth_alg ||
1130                                    algs[pos] == 0xff)
1131                                        continue;
1132                                if (algs[pos] == WLAN_AUTH_SHARED_KEY &&
1133                                    !ieee80211_sta_wep_configured(sdata))
1134                                        continue;
1135                                ifmgd->auth_alg = algs[pos];
1136                                break;
1137                        }
1138                }
1139                return;
1140        }
1141
1142        switch (ifmgd->auth_alg) {
1143        case WLAN_AUTH_OPEN:
1144        case WLAN_AUTH_LEAP:
1145        case WLAN_AUTH_FT:
1146                ieee80211_auth_completed(sdata);
1147                cfg80211_send_rx_auth(sdata->dev, (u8 *) mgmt, len);
1148                break;
1149        case WLAN_AUTH_SHARED_KEY:
1150                if (ifmgd->auth_transaction == 4) {
1151                        ieee80211_auth_completed(sdata);
1152                        cfg80211_send_rx_auth(sdata->dev, (u8 *) mgmt, len);
1153                } else
1154                        ieee80211_auth_challenge(sdata, mgmt, len);
1155                break;
1156        }
1157}
1158
1159
1160static void ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata,
1161                                     struct ieee80211_mgmt *mgmt,
1162                                     size_t len)
1163{
1164        struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1165        u16 reason_code;
1166
1167        if (len < 24 + 2)
1168                return;
1169
1170        if (memcmp(ifmgd->bssid, mgmt->sa, ETH_ALEN))
1171                return;
1172
1173        reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
1174
1175        if (ifmgd->flags & IEEE80211_STA_AUTHENTICATED)
1176                printk(KERN_DEBUG "%s: deauthenticated (Reason: %u)\n",
1177                                sdata->dev->name, reason_code);
1178
1179        if (!(ifmgd->flags & IEEE80211_STA_EXT_SME) &&
1180            (ifmgd->state == IEEE80211_STA_MLME_AUTHENTICATE ||
1181             ifmgd->state == IEEE80211_STA_MLME_ASSOCIATE ||
1182             ifmgd->state == IEEE80211_STA_MLME_ASSOCIATED)) {
1183                ifmgd->state = IEEE80211_STA_MLME_DIRECT_PROBE;
1184                mod_timer(&ifmgd->timer, jiffies +
1185                                      IEEE80211_RETRY_AUTH_INTERVAL);
1186        }
1187
1188        ieee80211_set_disassoc(sdata, true, false, 0);
1189        ifmgd->flags &= ~IEEE80211_STA_AUTHENTICATED;
1190        cfg80211_send_rx_deauth(sdata->dev, (u8 *) mgmt, len);
1191}
1192
1193
1194static void ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata,
1195                                       struct ieee80211_mgmt *mgmt,
1196                                       size_t len)
1197{
1198        struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1199        u16 reason_code;
1200
1201        if (len < 24 + 2)
1202                return;
1203
1204        if (memcmp(ifmgd->bssid, mgmt->sa, ETH_ALEN))
1205                return;
1206
1207        reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
1208
1209        if (ifmgd->flags & IEEE80211_STA_ASSOCIATED)
1210                printk(KERN_DEBUG "%s: disassociated (Reason: %u)\n",
1211                                sdata->dev->name, reason_code);
1212
1213        if (!(ifmgd->flags & IEEE80211_STA_EXT_SME) &&
1214            ifmgd->state == IEEE80211_STA_MLME_ASSOCIATED) {
1215                ifmgd->state = IEEE80211_STA_MLME_ASSOCIATE;
1216                mod_timer(&ifmgd->timer, jiffies +
1217                                      IEEE80211_RETRY_AUTH_INTERVAL);
1218        }
1219
1220        ieee80211_set_disassoc(sdata, false, false, reason_code);
1221        cfg80211_send_rx_disassoc(sdata->dev, (u8 *) mgmt, len);
1222}
1223
1224
1225static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
1226                                         struct ieee80211_mgmt *mgmt,
1227                                         size_t len,
1228                                         int reassoc)
1229{
1230        struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1231        struct ieee80211_local *local = sdata->local;
1232        struct ieee80211_supported_band *sband;
1233        struct sta_info *sta;
1234        u32 rates, basic_rates;
1235        u16 capab_info, status_code, aid;
1236        struct ieee802_11_elems elems;
1237        struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
1238        u8 *pos;
1239        u32 changed = 0;
1240        int i, j;
1241        bool have_higher_than_11mbit = false, newsta = false;
1242        u16 ap_ht_cap_flags;
1243
1244        /* AssocResp and ReassocResp have identical structure, so process both
1245         * of them in this function. */
1246
1247        if (ifmgd->state != IEEE80211_STA_MLME_ASSOCIATE)
1248                return;
1249
1250        if (len < 24 + 6)
1251                return;
1252
1253        if (memcmp(ifmgd->bssid, mgmt->sa, ETH_ALEN) != 0)
1254                return;
1255
1256        capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
1257        status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
1258        aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
1259
1260        printk(KERN_DEBUG "%s: RX %sssocResp from %pM (capab=0x%x "
1261               "status=%d aid=%d)\n",
1262               sdata->dev->name, reassoc ? "Rea" : "A", mgmt->sa,
1263               capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14))));
1264
1265        pos = mgmt->u.assoc_resp.variable;
1266        ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
1267
1268        if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY &&
1269            elems.timeout_int && elems.timeout_int_len == 5 &&
1270            elems.timeout_int[0] == WLAN_TIMEOUT_ASSOC_COMEBACK) {
1271                u32 tu, ms;
1272                tu = get_unaligned_le32(elems.timeout_int + 1);
1273                ms = tu * 1024 / 1000;
1274                printk(KERN_DEBUG "%s: AP rejected association temporarily; "
1275                       "comeback duration %u TU (%u ms)\n",
1276                       sdata->dev->name, tu, ms);
1277                if (ms > IEEE80211_ASSOC_TIMEOUT)
1278                        mod_timer(&ifmgd->timer,
1279                                  jiffies + msecs_to_jiffies(ms));
1280                return;
1281        }
1282
1283        if (status_code != WLAN_STATUS_SUCCESS) {
1284                printk(KERN_DEBUG "%s: AP denied association (code=%d)\n",
1285                       sdata->dev->name, status_code);
1286                /* if this was a reassociation, ensure we try a "full"
1287                 * association next time. This works around some broken APs
1288                 * which do not correctly reject reassociation requests. */
1289                ifmgd->flags &= ~IEEE80211_STA_PREV_BSSID_SET;
1290                return;
1291        }
1292
1293        if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14)))
1294                printk(KERN_DEBUG "%s: invalid aid value %d; bits 15:14 not "
1295                       "set\n", sdata->dev->name, aid);
1296        aid &= ~(BIT(15) | BIT(14));
1297
1298        if (!elems.supp_rates) {
1299                printk(KERN_DEBUG "%s: no SuppRates element in AssocResp\n",
1300                       sdata->dev->name);
1301                return;
1302        }
1303
1304        printk(KERN_DEBUG "%s: associated\n", sdata->dev->name);
1305        ifmgd->aid = aid;
1306        ifmgd->ap_capab = capab_info;
1307
1308        kfree(ifmgd->assocresp_ies);
1309        ifmgd->assocresp_ies_len = len - (pos - (u8 *) mgmt);
1310        ifmgd->assocresp_ies = kmalloc(ifmgd->assocresp_ies_len, GFP_KERNEL);
1311        if (ifmgd->assocresp_ies)
1312                memcpy(ifmgd->assocresp_ies, pos, ifmgd->assocresp_ies_len);
1313
1314        rcu_read_lock();
1315
1316        /* Add STA entry for the AP */
1317        sta = sta_info_get(local, ifmgd->bssid);
1318        if (!sta) {
1319                newsta = true;
1320
1321                sta = sta_info_alloc(sdata, ifmgd->bssid, GFP_ATOMIC);
1322                if (!sta) {
1323                        printk(KERN_DEBUG "%s: failed to alloc STA entry for"
1324                               " the AP\n", sdata->dev->name);
1325                        rcu_read_unlock();
1326                        return;
1327                }
1328
1329                /* update new sta with its last rx activity */
1330                sta->last_rx = jiffies;
1331        }
1332
1333        /*
1334         * FIXME: Do we really need to update the sta_info's information here?
1335         *        We already know about the AP (we found it in our list) so it
1336         *        should already be filled with the right info, no?
1337         *        As is stands, all this is racy because typically we assume
1338         *        the information that is filled in here (except flags) doesn't
1339         *        change while a STA structure is alive. As such, it should move
1340         *        to between the sta_info_alloc() and sta_info_insert() above.
1341         */
1342
1343        set_sta_flags(sta, WLAN_STA_AUTH | WLAN_STA_ASSOC | WLAN_STA_ASSOC_AP |
1344                           WLAN_STA_AUTHORIZED);
1345
1346        rates = 0;
1347        basic_rates = 0;
1348        sband = local->hw.wiphy->bands[local->hw.conf.channel->band];
1349
1350        for (i = 0; i < elems.supp_rates_len; i++) {
1351                int rate = (elems.supp_rates[i] & 0x7f) * 5;
1352                bool is_basic = !!(elems.supp_rates[i] & 0x80);
1353
1354                if (rate > 110)
1355                        have_higher_than_11mbit = true;
1356
1357                for (j = 0; j < sband->n_bitrates; j++) {
1358                        if (sband->bitrates[j].bitrate == rate) {
1359                                rates |= BIT(j);
1360                                if (is_basic)
1361                                        basic_rates |= BIT(j);
1362                                break;
1363                        }
1364                }
1365        }
1366
1367        for (i = 0; i < elems.ext_supp_rates_len; i++) {
1368                int rate = (elems.ext_supp_rates[i] & 0x7f) * 5;
1369                bool is_basic = !!(elems.ext_supp_rates[i] & 0x80);
1370
1371                if (rate > 110)
1372                        have_higher_than_11mbit = true;
1373
1374                for (j = 0; j < sband->n_bitrates; j++) {
1375                        if (sband->bitrates[j].bitrate == rate) {
1376                                rates |= BIT(j);
1377                                if (is_basic)
1378                                        basic_rates |= BIT(j);
1379                                break;
1380                        }
1381                }
1382        }
1383
1384        sta->sta.supp_rates[local->hw.conf.channel->band] = rates;
1385        sdata->vif.bss_conf.basic_rates = basic_rates;
1386
1387        /* cf. IEEE 802.11 9.2.12 */
1388        if (local->hw.conf.channel->band == IEEE80211_BAND_2GHZ &&
1389            have_higher_than_11mbit)
1390                sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE;
1391        else
1392                sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE;
1393
1394        /* If TKIP/WEP is used, no need to parse AP's HT capabilities */
1395        if (elems.ht_cap_elem && !(ifmgd->flags & IEEE80211_STA_TKIP_WEP_USED))
1396                ieee80211_ht_cap_ie_to_sta_ht_cap(sband,
1397                                elems.ht_cap_elem, &sta->sta.ht_cap);
1398
1399        ap_ht_cap_flags = sta->sta.ht_cap.cap;
1400
1401        rate_control_rate_init(sta);
1402
1403        if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED)
1404                set_sta_flags(sta, WLAN_STA_MFP);
1405
1406        if (elems.wmm_param)
1407                set_sta_flags(sta, WLAN_STA_WME);
1408
1409        if (newsta) {
1410                int err = sta_info_insert(sta);
1411                if (err) {
1412                        printk(KERN_DEBUG "%s: failed to insert STA entry for"
1413                               " the AP (error %d)\n", sdata->dev->name, err);
1414                        rcu_read_unlock();
1415                        return;
1416                }
1417        }
1418
1419        rcu_read_unlock();
1420
1421        if (elems.wmm_param)
1422                ieee80211_sta_wmm_params(local, ifmgd, elems.wmm_param,
1423                                         elems.wmm_param_len);
1424
1425        if (elems.ht_info_elem && elems.wmm_param &&
1426            (ifmgd->flags & IEEE80211_STA_WMM_ENABLED) &&
1427            !(ifmgd->flags & IEEE80211_STA_TKIP_WEP_USED))
1428                changed |= ieee80211_enable_ht(sdata, elems.ht_info_elem,
1429                                               ap_ht_cap_flags);
1430
1431        /* set AID and assoc capability,
1432         * ieee80211_set_associated() will tell the driver */
1433        bss_conf->aid = aid;
1434        bss_conf->assoc_capability = capab_info;
1435        ieee80211_set_associated(sdata, changed);
1436
1437        /*
1438         * initialise the time of last beacon to be the association time,
1439         * otherwise beacon loss check will trigger immediately
1440         */
1441        ifmgd->last_beacon = jiffies;
1442
1443        ieee80211_associated(sdata);
1444        cfg80211_send_rx_assoc(sdata->dev, (u8 *) mgmt, len);
1445}
1446
1447
1448static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
1449                                  struct ieee80211_mgmt *mgmt,
1450                                  size_t len,
1451                                  struct ieee80211_rx_status *rx_status,
1452                                  struct ieee802_11_elems *elems,
1453                                  bool beacon)
1454{
1455        struct ieee80211_local *local = sdata->local;
1456        int freq;
1457        struct ieee80211_bss *bss;
1458        struct ieee80211_channel *channel;
1459
1460        if (elems->ds_params && elems->ds_params_len == 1)
1461                freq = ieee80211_channel_to_frequency(elems->ds_params[0]);
1462        else
1463                freq = rx_status->freq;
1464
1465        channel = ieee80211_get_channel(local->hw.wiphy, freq);
1466
1467        if (!channel || channel->flags & IEEE80211_CHAN_DISABLED)
1468                return;
1469
1470        bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, elems,
1471                                        channel, beacon);
1472        if (!bss)
1473                return;
1474
1475        if (elems->ch_switch_elem && (elems->ch_switch_elem_len == 3) &&
1476            (memcmp(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN) == 0)) {
1477                struct ieee80211_channel_sw_ie *sw_elem =
1478                        (struct ieee80211_channel_sw_ie *)elems->ch_switch_elem;
1479                ieee80211_process_chanswitch(sdata, sw_elem, bss);
1480        }
1481
1482        ieee80211_rx_bss_put(local, bss);
1483}
1484
1485
1486static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata,
1487                                         struct ieee80211_mgmt *mgmt,
1488                                         size_t len,
1489                                         struct ieee80211_rx_status *rx_status)
1490{
1491        struct ieee80211_if_managed *ifmgd;
1492        size_t baselen;
1493        struct ieee802_11_elems elems;
1494
1495        ifmgd = &sdata->u.mgd;
1496
1497        if (memcmp(mgmt->da, sdata->dev->dev_addr, ETH_ALEN))
1498                return; /* ignore ProbeResp to foreign address */
1499
1500        baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt;
1501        if (baselen > len)
1502                return;
1503
1504        ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen,
1505                                &elems);
1506
1507        ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems, false);
1508
1509        /* direct probe may be part of the association flow */
1510        if (test_and_clear_bit(IEEE80211_STA_REQ_DIRECT_PROBE,
1511                               &ifmgd->request)) {
1512                printk(KERN_DEBUG "%s direct probe responded\n",
1513                       sdata->dev->name);
1514                ieee80211_authenticate(sdata);
1515        }
1516
1517        if (ifmgd->flags & IEEE80211_STA_PROBEREQ_POLL)
1518                ifmgd->flags &= ~IEEE80211_STA_PROBEREQ_POLL;
1519}
1520
1521static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
1522                                     struct ieee80211_mgmt *mgmt,
1523                                     size_t len,
1524                                     struct ieee80211_rx_status *rx_status)
1525{
1526        struct ieee80211_if_managed *ifmgd;
1527        size_t baselen;
1528        struct ieee802_11_elems elems;
1529        struct ieee80211_local *local = sdata->local;
1530        u32 changed = 0;
1531        bool erp_valid, directed_tim;
1532        u8 erp_value = 0;
1533
1534        /* Process beacon from the current BSS */
1535        baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
1536        if (baselen > len)
1537                return;
1538
1539        ieee802_11_parse_elems(mgmt->u.beacon.variable, len - baselen, &elems);
1540
1541        ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems, true);
1542
1543        if (sdata->vif.type != NL80211_IFTYPE_STATION)
1544                return;
1545
1546        ifmgd = &sdata->u.mgd;
1547
1548        if (!(ifmgd->flags & IEEE80211_STA_ASSOCIATED) ||
1549            memcmp(ifmgd->bssid, mgmt->bssid, ETH_ALEN) != 0)
1550                return;
1551
1552        if (rx_status->freq != local->hw.conf.channel->center_freq)
1553                return;
1554
1555        ieee80211_sta_wmm_params(local, ifmgd, elems.wmm_param,
1556                                 elems.wmm_param_len);
1557
1558        if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) {
1559                directed_tim = ieee80211_check_tim(&elems, ifmgd->aid);
1560
1561                if (directed_tim) {
1562                        if (local->hw.conf.dynamic_ps_timeout > 0) {
1563                                local->hw.conf.flags &= ~IEEE80211_CONF_PS;
1564                                ieee80211_hw_config(local,
1565                                                    IEEE80211_CONF_CHANGE_PS);
1566                                ieee80211_send_nullfunc(local, sdata, 0);
1567                        } else {
1568                                local->pspolling = true;
1569
1570                                /*
1571                                 * Here is assumed that the driver will be
1572                                 * able to send ps-poll frame and receive a
1573                                 * response even though power save mode is
1574                                 * enabled, but some drivers might require
1575                                 * to disable power save here. This needs
1576                                 * to be investigated.
1577                                 */
1578                                ieee80211_send_pspoll(local, sdata);
1579                        }
1580                }
1581        }
1582
1583        if (elems.erp_info && elems.erp_info_len >= 1) {
1584                erp_valid = true;
1585                erp_value = elems.erp_info[0];
1586        } else {
1587                erp_valid = false;
1588        }
1589        changed |= ieee80211_handle_bss_capability(sdata,
1590                        le16_to_cpu(mgmt->u.beacon.capab_info),
1591                        erp_valid, erp_value);
1592
1593
1594        if (elems.ht_cap_elem && elems.ht_info_elem && elems.wmm_param &&
1595            !(ifmgd->flags & IEEE80211_STA_TKIP_WEP_USED)) {
1596                struct sta_info *sta;
1597                struct ieee80211_supported_band *sband;
1598                u16 ap_ht_cap_flags;
1599
1600                rcu_read_lock();
1601
1602                sta = sta_info_get(local, ifmgd->bssid);
1603                if (!sta) {
1604                        rcu_read_unlock();
1605                        return;
1606                }
1607
1608                sband = local->hw.wiphy->bands[local->hw.conf.channel->band];
1609
1610                ieee80211_ht_cap_ie_to_sta_ht_cap(sband,
1611                                elems.ht_cap_elem, &sta->sta.ht_cap);
1612
1613                ap_ht_cap_flags = sta->sta.ht_cap.cap;
1614
1615                rcu_read_unlock();
1616
1617                changed |= ieee80211_enable_ht(sdata, elems.ht_info_elem,
1618                                               ap_ht_cap_flags);
1619        }
1620
1621        if (elems.country_elem) {
1622                /* Note we are only reviewing this on beacons
1623                 * for the BSSID we are associated to */
1624                regulatory_hint_11d(local->hw.wiphy,
1625                        elems.country_elem, elems.country_elem_len);
1626
1627                /* TODO: IBSS also needs this */
1628                if (elems.pwr_constr_elem)
1629                        ieee80211_handle_pwr_constr(sdata,
1630                                le16_to_cpu(mgmt->u.probe_resp.capab_info),
1631                                elems.pwr_constr_elem,
1632                                elems.pwr_constr_elem_len);
1633        }
1634
1635        ieee80211_bss_info_change_notify(sdata, changed);
1636}
1637
1638ieee80211_rx_result ieee80211_sta_rx_mgmt(struct ieee80211_sub_if_data *sdata,
1639                                          struct sk_buff *skb,
1640                                          struct ieee80211_rx_status *rx_status)
1641{
1642        struct ieee80211_local *local = sdata->local;
1643        struct ieee80211_mgmt *mgmt;
1644        u16 fc;
1645
1646        if (skb->len < 24)
1647                return RX_DROP_MONITOR;
1648
1649        mgmt = (struct ieee80211_mgmt *) skb->data;
1650        fc = le16_to_cpu(mgmt->frame_control);
1651
1652        switch (fc & IEEE80211_FCTL_STYPE) {
1653        case IEEE80211_STYPE_PROBE_REQ:
1654        case IEEE80211_STYPE_PROBE_RESP:
1655        case IEEE80211_STYPE_BEACON:
1656                memcpy(skb->cb, rx_status, sizeof(*rx_status));
1657        case IEEE80211_STYPE_AUTH:
1658        case IEEE80211_STYPE_ASSOC_RESP:
1659        case IEEE80211_STYPE_REASSOC_RESP:
1660        case IEEE80211_STYPE_DEAUTH:
1661        case IEEE80211_STYPE_DISASSOC:
1662                skb_queue_tail(&sdata->u.mgd.skb_queue, skb);
1663                queue_work(local->hw.workqueue, &sdata->u.mgd.work);
1664                return RX_QUEUED;
1665        }
1666
1667        return RX_DROP_MONITOR;
1668}
1669
1670static void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
1671                                         struct sk_buff *skb)
1672{
1673        struct ieee80211_rx_status *rx_status;
1674        struct ieee80211_mgmt *mgmt;
1675        u16 fc;
1676
1677        rx_status = (struct ieee80211_rx_status *) skb->cb;
1678        mgmt = (struct ieee80211_mgmt *) skb->data;
1679        fc = le16_to_cpu(mgmt->frame_control);
1680
1681        switch (fc & IEEE80211_FCTL_STYPE) {
1682        case IEEE80211_STYPE_PROBE_RESP:
1683                ieee80211_rx_mgmt_probe_resp(sdata, mgmt, skb->len,
1684                                             rx_status);
1685                break;
1686        case IEEE80211_STYPE_BEACON:
1687                ieee80211_rx_mgmt_beacon(sdata, mgmt, skb->len,
1688                                         rx_status);
1689                break;
1690        case IEEE80211_STYPE_AUTH:
1691                ieee80211_rx_mgmt_auth(sdata, mgmt, skb->len);
1692                break;
1693        case IEEE80211_STYPE_ASSOC_RESP:
1694                ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len, 0);
1695                break;
1696        case IEEE80211_STYPE_REASSOC_RESP:
1697                ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len, 1);
1698                break;
1699        case IEEE80211_STYPE_DEAUTH:
1700                ieee80211_rx_mgmt_deauth(sdata, mgmt, skb->len);
1701                break;
1702        case IEEE80211_STYPE_DISASSOC:
1703                ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len);
1704                break;
1705        }
1706
1707        kfree_skb(skb);
1708}
1709
1710static void ieee80211_sta_timer(unsigned long data)
1711{
1712        struct ieee80211_sub_if_data *sdata =
1713                (struct ieee80211_sub_if_data *) data;
1714        struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1715        struct ieee80211_local *local = sdata->local;
1716
1717        set_bit(IEEE80211_STA_REQ_RUN, &ifmgd->request);
1718        queue_work(local->hw.workqueue, &ifmgd->work);
1719}
1720
1721static void ieee80211_sta_reset_auth(struct ieee80211_sub_if_data *sdata)
1722{
1723        struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1724        struct ieee80211_local *local = sdata->local;
1725
1726        if (local->ops->reset_tsf) {
1727                /* Reset own TSF to allow time synchronization work. */
1728                local->ops->reset_tsf(local_to_hw(local));
1729        }
1730
1731        ifmgd->wmm_last_param_set = -1; /* allow any WMM update */
1732
1733
1734        if (ifmgd->auth_algs & IEEE80211_AUTH_ALG_OPEN)
1735                ifmgd->auth_alg = WLAN_AUTH_OPEN;
1736        else if (ifmgd->auth_algs & IEEE80211_AUTH_ALG_SHARED_KEY)
1737                ifmgd->auth_alg = WLAN_AUTH_SHARED_KEY;
1738        else if (ifmgd->auth_algs & IEEE80211_AUTH_ALG_LEAP)
1739                ifmgd->auth_alg = WLAN_AUTH_LEAP;
1740        else if (ifmgd->auth_algs & IEEE80211_AUTH_ALG_FT)
1741                ifmgd->auth_alg = WLAN_AUTH_FT;
1742        else
1743                ifmgd->auth_alg = WLAN_AUTH_OPEN;
1744        ifmgd->auth_transaction = -1;
1745        ifmgd->flags &= ~IEEE80211_STA_ASSOCIATED;
1746        ifmgd->assoc_scan_tries = 0;
1747        ifmgd->direct_probe_tries = 0;
1748        ifmgd->auth_tries = 0;
1749        ifmgd->assoc_tries = 0;
1750        netif_tx_stop_all_queues(sdata->dev);
1751        netif_carrier_off(sdata->dev);
1752}
1753
1754static int ieee80211_sta_config_auth(struct ieee80211_sub_if_data *sdata)
1755{
1756        struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1757        struct ieee80211_local *local = sdata->local;
1758        struct ieee80211_bss *bss;
1759        u8 *bssid = ifmgd->bssid, *ssid = ifmgd->ssid;
1760        u8 ssid_len = ifmgd->ssid_len;
1761        u16 capa_mask = WLAN_CAPABILITY_ESS;
1762        u16 capa_val = WLAN_CAPABILITY_ESS;
1763        struct ieee80211_channel *chan = local->oper_channel;
1764
1765        if (!(ifmgd->flags & IEEE80211_STA_EXT_SME) &&
1766            ifmgd->flags & (IEEE80211_STA_AUTO_SSID_SEL |
1767                            IEEE80211_STA_AUTO_BSSID_SEL |
1768                            IEEE80211_STA_AUTO_CHANNEL_SEL)) {
1769                capa_mask |= WLAN_CAPABILITY_PRIVACY;
1770                if (sdata->default_key)
1771                        capa_val |= WLAN_CAPABILITY_PRIVACY;
1772        }
1773
1774        if (ifmgd->flags & IEEE80211_STA_AUTO_CHANNEL_SEL)
1775                chan = NULL;
1776
1777        if (ifmgd->flags & IEEE80211_STA_AUTO_BSSID_SEL)
1778                bssid = NULL;
1779
1780        if (ifmgd->flags & IEEE80211_STA_AUTO_SSID_SEL) {
1781                ssid = NULL;
1782                ssid_len = 0;
1783        }
1784
1785        bss = (void *)cfg80211_get_bss(local->hw.wiphy, chan,
1786                                       bssid, ssid, ssid_len,
1787                                       capa_mask, capa_val);
1788
1789        if (bss) {
1790                ieee80211_set_freq(sdata, bss->cbss.channel->center_freq);
1791                if (!(ifmgd->flags & IEEE80211_STA_SSID_SET))
1792                        ieee80211_sta_set_ssid(sdata, bss->ssid,
1793                                               bss->ssid_len);
1794                ieee80211_sta_set_bssid(sdata, bss->cbss.bssid);
1795                ieee80211_sta_def_wmm_params(sdata, bss->supp_rates_len,
1796                                                    bss->supp_rates);
1797                if (sdata->u.mgd.mfp == IEEE80211_MFP_REQUIRED)
1798                        sdata->u.mgd.flags |= IEEE80211_STA_MFP_ENABLED;
1799                else
1800                        sdata->u.mgd.flags &= ~IEEE80211_STA_MFP_ENABLED;
1801
1802                /* Send out direct probe if no probe resp was received or
1803                 * the one we have is outdated
1804                 */
1805                if (!bss->last_probe_resp ||
1806                    time_after(jiffies, bss->last_probe_resp
1807                                        + IEEE80211_SCAN_RESULT_EXPIRE))
1808                        ifmgd->state = IEEE80211_STA_MLME_DIRECT_PROBE;
1809                else
1810                        ifmgd->state = IEEE80211_STA_MLME_AUTHENTICATE;
1811
1812                ieee80211_rx_bss_put(local, bss);
1813                ieee80211_sta_reset_auth(sdata);
1814                return 0;
1815        } else {
1816                if (ifmgd->assoc_scan_tries < IEEE80211_ASSOC_SCANS_MAX_TRIES) {
1817                        ifmgd->assoc_scan_tries++;
1818                        /* XXX maybe racy? */
1819                        if (local->scan_req)
1820                                return -1;
1821                        memcpy(local->int_scan_req.ssids[0].ssid,
1822                               ifmgd->ssid, IEEE80211_MAX_SSID_LEN);
1823                        if (ifmgd->flags & IEEE80211_STA_AUTO_SSID_SEL)
1824                                local->int_scan_req.ssids[0].ssid_len = 0;
1825                        else
1826                                local->int_scan_req.ssids[0].ssid_len = ifmgd->ssid_len;
1827
1828                        if (ieee80211_start_scan(sdata, &local->int_scan_req))
1829                                ieee80211_scan_failed(local);
1830
1831                        ifmgd->state = IEEE80211_STA_MLME_AUTHENTICATE;
1832                        set_bit(IEEE80211_STA_REQ_AUTH, &ifmgd->request);
1833                } else {
1834                        ifmgd->assoc_scan_tries = 0;
1835                        ifmgd->state = IEEE80211_STA_MLME_DISABLED;
1836                }
1837        }
1838        return -1;
1839}
1840
1841
1842static void ieee80211_sta_work(struct work_struct *work)
1843{
1844        struct ieee80211_sub_if_data *sdata =
1845                container_of(work, struct ieee80211_sub_if_data, u.mgd.work);
1846        struct ieee80211_local *local = sdata->local;
1847        struct ieee80211_if_managed *ifmgd;
1848        struct sk_buff *skb;
1849
1850        if (!netif_running(sdata->dev))
1851                return;
1852
1853        if (local->sw_scanning || local->hw_scanning)
1854                return;
1855
1856        if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
1857                return;
1858        ifmgd = &sdata->u.mgd;
1859
1860        while ((skb = skb_dequeue(&ifmgd->skb_queue)))
1861                ieee80211_sta_rx_queued_mgmt(sdata, skb);
1862
1863        if (ifmgd->state != IEEE80211_STA_MLME_DIRECT_PROBE &&
1864            ifmgd->state != IEEE80211_STA_MLME_AUTHENTICATE &&
1865            ifmgd->state != IEEE80211_STA_MLME_ASSOCIATE &&
1866            test_and_clear_bit(IEEE80211_STA_REQ_SCAN, &ifmgd->request)) {
1867                /*
1868                 * The call to ieee80211_start_scan can fail but ieee80211_request_scan
1869                 * (which queued ieee80211_sta_work) did not return an error. Thus, call
1870                 * ieee80211_scan_failed here if ieee80211_start_scan fails in order to
1871                 * notify the scan requester.
1872                 */
1873                if (ieee80211_start_scan(sdata, local->scan_req))
1874                        ieee80211_scan_failed(local);
1875                return;
1876        }
1877
1878        if (test_and_clear_bit(IEEE80211_STA_REQ_AUTH, &ifmgd->request)) {
1879                if (ieee80211_sta_config_auth(sdata))
1880                        return;
1881                clear_bit(IEEE80211_STA_REQ_RUN, &ifmgd->request);
1882        } else if (!test_and_clear_bit(IEEE80211_STA_REQ_RUN, &ifmgd->request))
1883                return;
1884
1885        switch (ifmgd->state) {
1886        case IEEE80211_STA_MLME_DISABLED:
1887                break;
1888        case IEEE80211_STA_MLME_DIRECT_PROBE:
1889                ieee80211_direct_probe(sdata);
1890                break;
1891        case IEEE80211_STA_MLME_AUTHENTICATE:
1892                ieee80211_authenticate(sdata);
1893                break;
1894        case IEEE80211_STA_MLME_ASSOCIATE:
1895                ieee80211_associate(sdata);
1896                break;
1897        case IEEE80211_STA_MLME_ASSOCIATED:
1898                ieee80211_associated(sdata);
1899                break;
1900        default:
1901                WARN_ON(1);
1902                break;
1903        }
1904
1905        if (ieee80211_privacy_mismatch(sdata)) {
1906                printk(KERN_DEBUG "%s: privacy configuration mismatch and "
1907                       "mixed-cell disabled - disassociate\n", sdata->dev->name);
1908
1909                ieee80211_set_disassoc(sdata, false, true,
1910                                        WLAN_REASON_UNSPECIFIED);
1911        }
1912}
1913
1914static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata)
1915{
1916        if (sdata->vif.type == NL80211_IFTYPE_STATION) {
1917                /*
1918                 * Need to update last_beacon to avoid beacon loss
1919                 * test to trigger.
1920                 */
1921                sdata->u.mgd.last_beacon = jiffies;
1922
1923
1924                queue_work(sdata->local->hw.workqueue,
1925                           &sdata->u.mgd.work);
1926        }
1927}
1928
1929/* interface setup */
1930void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata)
1931{
1932        struct ieee80211_if_managed *ifmgd;
1933
1934        ifmgd = &sdata->u.mgd;
1935        INIT_WORK(&ifmgd->work, ieee80211_sta_work);
1936        INIT_WORK(&ifmgd->chswitch_work, ieee80211_chswitch_work);
1937        INIT_WORK(&ifmgd->beacon_loss_work, ieee80211_beacon_loss_work);
1938        setup_timer(&ifmgd->timer, ieee80211_sta_timer,
1939                    (unsigned long) sdata);
1940        setup_timer(&ifmgd->chswitch_timer, ieee80211_chswitch_timer,
1941                    (unsigned long) sdata);
1942        skb_queue_head_init(&ifmgd->skb_queue);
1943
1944        ifmgd->capab = WLAN_CAPABILITY_ESS;
1945        ifmgd->auth_algs = IEEE80211_AUTH_ALG_OPEN |
1946                IEEE80211_AUTH_ALG_SHARED_KEY;
1947        ifmgd->flags |= IEEE80211_STA_CREATE_IBSS |
1948                IEEE80211_STA_AUTO_BSSID_SEL |
1949                IEEE80211_STA_AUTO_CHANNEL_SEL;
1950        if (sdata->local->hw.queues >= 4)
1951                ifmgd->flags |= IEEE80211_STA_WMM_ENABLED;
1952}
1953
1954/* configuration hooks */
1955void ieee80211_sta_req_auth(struct ieee80211_sub_if_data *sdata)
1956{
1957        struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1958        struct ieee80211_local *local = sdata->local;
1959
1960        if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
1961                return;
1962
1963        if ((ifmgd->flags & (IEEE80211_STA_BSSID_SET |
1964                             IEEE80211_STA_AUTO_BSSID_SEL)) &&
1965            (ifmgd->flags & (IEEE80211_STA_SSID_SET |
1966                             IEEE80211_STA_AUTO_SSID_SEL))) {
1967
1968                if (ifmgd->state == IEEE80211_STA_MLME_ASSOCIATED)
1969                        ieee80211_set_disassoc(sdata, true, true,
1970                                               WLAN_REASON_DEAUTH_LEAVING);
1971
1972                if (!(ifmgd->flags & IEEE80211_STA_EXT_SME) ||
1973                    ifmgd->state != IEEE80211_STA_MLME_ASSOCIATE)
1974                        set_bit(IEEE80211_STA_REQ_AUTH, &ifmgd->request);
1975                else if (ifmgd->flags & IEEE80211_STA_EXT_SME)
1976                        set_bit(IEEE80211_STA_REQ_RUN, &ifmgd->request);
1977                queue_work(local->hw.workqueue, &ifmgd->work);
1978        }
1979}
1980
1981int ieee80211_sta_commit(struct ieee80211_sub_if_data *sdata)
1982{
1983        struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1984
1985        if (ifmgd->ssid_len)
1986                ifmgd->flags |= IEEE80211_STA_SSID_SET;
1987        else
1988                ifmgd->flags &= ~IEEE80211_STA_SSID_SET;
1989
1990        return 0;
1991}
1992
1993int ieee80211_sta_set_ssid(struct ieee80211_sub_if_data *sdata, char *ssid, size_t len)
1994{
1995        struct ieee80211_if_managed *ifmgd;
1996
1997        if (len > IEEE80211_MAX_SSID_LEN)
1998                return -EINVAL;
1999
2000        ifmgd = &sdata->u.mgd;
2001
2002        if (ifmgd->ssid_len != len || memcmp(ifmgd->ssid, ssid, len) != 0) {
2003                /*
2004                 * Do not use reassociation if SSID is changed (different ESS).
2005                 */
2006                ifmgd->flags &= ~IEEE80211_STA_PREV_BSSID_SET;
2007                memset(ifmgd->ssid, 0, sizeof(ifmgd->ssid));
2008                memcpy(ifmgd->ssid, ssid, len);
2009                ifmgd->ssid_len = len;
2010        }
2011
2012        return ieee80211_sta_commit(sdata);
2013}
2014
2015int ieee80211_sta_get_ssid(struct ieee80211_sub_if_data *sdata, char *ssid, size_t *len)
2016{
2017        struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2018        memcpy(ssid, ifmgd->ssid, ifmgd->ssid_len);
2019        *len = ifmgd->ssid_len;
2020        return 0;
2021}
2022
2023int ieee80211_sta_set_bssid(struct ieee80211_sub_if_data *sdata, u8 *bssid)
2024{
2025        struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2026
2027        if (is_valid_ether_addr(bssid)) {
2028                memcpy(ifmgd->bssid, bssid, ETH_ALEN);
2029                ifmgd->flags |= IEEE80211_STA_BSSID_SET;
2030        } else {
2031                memset(ifmgd->bssid, 0, ETH_ALEN);
2032                ifmgd->flags &= ~IEEE80211_STA_BSSID_SET;
2033        }
2034
2035        if (netif_running(sdata->dev)) {
2036                if (ieee80211_if_config(sdata, IEEE80211_IFCC_BSSID)) {
2037                        printk(KERN_DEBUG "%s: Failed to config new BSSID to "
2038                               "the low-level driver\n", sdata->dev->name);
2039                }
2040        }
2041
2042        return ieee80211_sta_commit(sdata);
2043}
2044
2045int ieee80211_sta_set_extra_ie(struct ieee80211_sub_if_data *sdata,
2046                               const char *ie, size_t len)
2047{
2048        struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2049
2050        kfree(ifmgd->extra_ie);
2051        if (len == 0) {
2052                ifmgd->extra_ie = NULL;
2053                ifmgd->extra_ie_len = 0;
2054                return 0;
2055        }
2056        ifmgd->extra_ie = kmalloc(len, GFP_KERNEL);
2057        if (!ifmgd->extra_ie) {
2058                ifmgd->extra_ie_len = 0;
2059                return -ENOMEM;
2060        }
2061        memcpy(ifmgd->extra_ie, ie, len);
2062        ifmgd->extra_ie_len = len;
2063        return 0;
2064}
2065
2066int ieee80211_sta_deauthenticate(struct ieee80211_sub_if_data *sdata, u16 reason)
2067{
2068        printk(KERN_DEBUG "%s: deauthenticating by local choice (reason=%d)\n",
2069               sdata->dev->name, reason);
2070
2071        if (sdata->vif.type != NL80211_IFTYPE_STATION)
2072                return -EINVAL;
2073
2074        ieee80211_set_disassoc(sdata, true, true, reason);
2075        return 0;
2076}
2077
2078int ieee80211_sta_disassociate(struct ieee80211_sub_if_data *sdata, u16 reason)
2079{
2080        struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2081
2082        printk(KERN_DEBUG "%s: disassociating by local choice (reason=%d)\n",
2083               sdata->dev->name, reason);
2084
2085        if (sdata->vif.type != NL80211_IFTYPE_STATION)
2086                return -EINVAL;
2087
2088        if (!(ifmgd->flags & IEEE80211_STA_ASSOCIATED))
2089                return -ENOLINK;
2090
2091        ieee80211_set_disassoc(sdata, false, true, reason);
2092        return 0;
2093}
2094
2095/* scan finished notification */
2096void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local)
2097{
2098        struct ieee80211_sub_if_data *sdata = local->scan_sdata;
2099
2100        /* Restart STA timers */
2101        rcu_read_lock();
2102        list_for_each_entry_rcu(sdata, &local->interfaces, list)
2103                ieee80211_restart_sta_timer(sdata);
2104        rcu_read_unlock();
2105}
2106
2107void ieee80211_dynamic_ps_disable_work(struct work_struct *work)
2108{
2109        struct ieee80211_local *local =
2110                container_of(work, struct ieee80211_local,
2111                             dynamic_ps_disable_work);
2112
2113        if (local->hw.conf.flags & IEEE80211_CONF_PS) {
2114                local->hw.conf.flags &= ~IEEE80211_CONF_PS;
2115                ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
2116        }
2117
2118        ieee80211_wake_queues_by_reason(&local->hw,
2119                                        IEEE80211_QUEUE_STOP_REASON_PS);
2120}
2121
2122void ieee80211_dynamic_ps_enable_work(struct work_struct *work)
2123{
2124        struct ieee80211_local *local =
2125                container_of(work, struct ieee80211_local,
2126                             dynamic_ps_enable_work);
2127        /* XXX: using scan_sdata is completely broken! */
2128        struct ieee80211_sub_if_data *sdata = local->scan_sdata;
2129
2130        if (local->hw.conf.flags & IEEE80211_CONF_PS)
2131                return;
2132
2133        if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK && sdata)
2134                ieee80211_send_nullfunc(local, sdata, 1);
2135
2136        local->hw.conf.flags |= IEEE80211_CONF_PS;
2137        ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
2138}
2139
2140void ieee80211_dynamic_ps_timer(unsigned long data)
2141{
2142        struct ieee80211_local *local = (void *) data;
2143
2144        queue_work(local->hw.workqueue, &local->dynamic_ps_enable_work);
2145}
2146
2147void ieee80211_send_nullfunc(struct ieee80211_local *local,
2148                             struct ieee80211_sub_if_data *sdata,
2149                             int powersave)
2150{
2151        struct sk_buff *skb;
2152        struct ieee80211_hdr *nullfunc;
2153        __le16 fc;
2154
2155        if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
2156                return;
2157
2158        skb = dev_alloc_skb(local->hw.extra_tx_headroom + 24);
2159        if (!skb) {
2160                printk(KERN_DEBUG "%s: failed to allocate buffer for nullfunc "
2161                       "frame\n", sdata->dev->name);
2162                return;
2163        }
2164        skb_reserve(skb, local->hw.extra_tx_headroom);
2165
2166        nullfunc = (struct ieee80211_hdr *) skb_put(skb, 24);
2167        memset(nullfunc, 0, 24);
2168        fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC |
2169                         IEEE80211_FCTL_TODS);
2170        if (powersave)
2171                fc |= cpu_to_le16(IEEE80211_FCTL_PM);
2172        nullfunc->frame_control = fc;
2173        memcpy(nullfunc->addr1, sdata->u.mgd.bssid, ETH_ALEN);
2174        memcpy(nullfunc->addr2, sdata->dev->dev_addr, ETH_ALEN);
2175        memcpy(nullfunc->addr3, sdata->u.mgd.bssid, ETH_ALEN);
2176
2177        ieee80211_tx_skb(sdata, skb, 0);
2178}
2179