1/* 2 * Intersil Prism2 driver with Host AP (software access point) support 3 * Copyright (c) 2001-2002, SSH Communications Security Corp and Jouni Malinen 4 * <j@w1.fi> 5 * Copyright (c) 2002-2005, Jouni Malinen <j@w1.fi> 6 * 7 * This file is to be included into hostap.c when S/W AP functionality is 8 * compiled. 9 * 10 * AP: FIX: 11 * - if unicast Class 2 (assoc,reassoc,disassoc) frame received from 12 * unauthenticated STA, send deauth. frame (8802.11: 5.5) 13 * - if unicast Class 3 (data with to/from DS,deauth,pspoll) frame received 14 * from authenticated, but unassoc STA, send disassoc frame (8802.11: 5.5) 15 * - if unicast Class 3 received from unauthenticated STA, send deauth. frame 16 * (8802.11: 5.5) 17 */ 18 19#include <linux/proc_fs.h> 20#include <linux/delay.h> 21#include <linux/random.h> 22 23#include "hostap_wlan.h" 24#include "hostap.h" 25#include "hostap_ap.h" 26 27static int other_ap_policy[MAX_PARM_DEVICES] = { AP_OTHER_AP_SKIP_ALL, 28 DEF_INTS }; 29module_param_array(other_ap_policy, int, NULL, 0444); 30MODULE_PARM_DESC(other_ap_policy, "Other AP beacon monitoring policy (0-3)"); 31 32static int ap_max_inactivity[MAX_PARM_DEVICES] = { AP_MAX_INACTIVITY_SEC, 33 DEF_INTS }; 34module_param_array(ap_max_inactivity, int, NULL, 0444); 35MODULE_PARM_DESC(ap_max_inactivity, "AP timeout (in seconds) for station " 36 "inactivity"); 37 38static int ap_bridge_packets[MAX_PARM_DEVICES] = { 1, DEF_INTS }; 39module_param_array(ap_bridge_packets, int, NULL, 0444); 40MODULE_PARM_DESC(ap_bridge_packets, "Bridge packets directly between " 41 "stations"); 42 43static int autom_ap_wds[MAX_PARM_DEVICES] = { 0, DEF_INTS }; 44module_param_array(autom_ap_wds, int, NULL, 0444); 45MODULE_PARM_DESC(autom_ap_wds, "Add WDS connections to other APs " 46 "automatically"); 47 48 49static struct sta_info* ap_get_sta(struct ap_data *ap, u8 *sta); 50static void hostap_event_expired_sta(struct net_device *dev, 51 struct sta_info *sta); 52static void handle_add_proc_queue(struct work_struct *work); 53 54#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 55static void handle_wds_oper_queue(struct work_struct *work); 56static void prism2_send_mgmt(struct net_device *dev, 57 u16 type_subtype, char *body, 58 int body_len, u8 *addr, u16 tx_cb_idx); 59#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 60 61 62#ifndef PRISM2_NO_PROCFS_DEBUG 63static int ap_debug_proc_read(char *page, char **start, off_t off, 64 int count, int *eof, void *data) 65{ 66 char *p = page; 67 struct ap_data *ap = (struct ap_data *) data; 68 69 if (off != 0) { 70 *eof = 1; 71 return 0; 72 } 73 74 p += sprintf(p, "BridgedUnicastFrames=%u\n", ap->bridged_unicast); 75 p += sprintf(p, "BridgedMulticastFrames=%u\n", ap->bridged_multicast); 76 p += sprintf(p, "max_inactivity=%u\n", ap->max_inactivity / HZ); 77 p += sprintf(p, "bridge_packets=%u\n", ap->bridge_packets); 78 p += sprintf(p, "nullfunc_ack=%u\n", ap->nullfunc_ack); 79 p += sprintf(p, "autom_ap_wds=%u\n", ap->autom_ap_wds); 80 p += sprintf(p, "auth_algs=%u\n", ap->local->auth_algs); 81 p += sprintf(p, "tx_drop_nonassoc=%u\n", ap->tx_drop_nonassoc); 82 83 return (p - page); 84} 85#endif /* PRISM2_NO_PROCFS_DEBUG */ 86 87 88static void ap_sta_hash_add(struct ap_data *ap, struct sta_info *sta) 89{ 90 sta->hnext = ap->sta_hash[STA_HASH(sta->addr)]; 91 ap->sta_hash[STA_HASH(sta->addr)] = sta; 92} 93 94static void ap_sta_hash_del(struct ap_data *ap, struct sta_info *sta) 95{ 96 struct sta_info *s; 97 98 s = ap->sta_hash[STA_HASH(sta->addr)]; 99 if (s == NULL) return; 100 if (memcmp(s->addr, sta->addr, ETH_ALEN) == 0) { 101 ap->sta_hash[STA_HASH(sta->addr)] = s->hnext; 102 return; 103 } 104 105 while (s->hnext != NULL && memcmp(s->hnext->addr, sta->addr, ETH_ALEN) 106 != 0) 107 s = s->hnext; 108 if (s->hnext != NULL) 109 s->hnext = s->hnext->hnext; 110 else 111 printk("AP: could not remove STA " MACSTR " from hash table\n", 112 MAC2STR(sta->addr)); 113} 114 115static void ap_free_sta(struct ap_data *ap, struct sta_info *sta) 116{ 117 if (sta->ap && sta->local) 118 hostap_event_expired_sta(sta->local->dev, sta); 119 120 if (ap->proc != NULL) { 121 char name[20]; 122 sprintf(name, MACSTR, MAC2STR(sta->addr)); 123 remove_proc_entry(name, ap->proc); 124 } 125 126 if (sta->crypt) { 127 sta->crypt->ops->deinit(sta->crypt->priv); 128 kfree(sta->crypt); 129 sta->crypt = NULL; 130 } 131 132 skb_queue_purge(&sta->tx_buf); 133 134 ap->num_sta--; 135#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 136 if (sta->aid > 0) 137 ap->sta_aid[sta->aid - 1] = NULL; 138 139 if (!sta->ap && sta->u.sta.challenge) 140 kfree(sta->u.sta.challenge); 141 del_timer(&sta->timer); 142#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 143 144 kfree(sta); 145} 146 147 148static void hostap_set_tim(local_info_t *local, int aid, int set) 149{ 150 if (local->func->set_tim) 151 local->func->set_tim(local->dev, aid, set); 152} 153 154 155static void hostap_event_new_sta(struct net_device *dev, struct sta_info *sta) 156{ 157 union iwreq_data wrqu; 158 memset(&wrqu, 0, sizeof(wrqu)); 159 memcpy(wrqu.addr.sa_data, sta->addr, ETH_ALEN); 160 wrqu.addr.sa_family = ARPHRD_ETHER; 161 wireless_send_event(dev, IWEVREGISTERED, &wrqu, NULL); 162} 163 164 165static void hostap_event_expired_sta(struct net_device *dev, 166 struct sta_info *sta) 167{ 168 union iwreq_data wrqu; 169 memset(&wrqu, 0, sizeof(wrqu)); 170 memcpy(wrqu.addr.sa_data, sta->addr, ETH_ALEN); 171 wrqu.addr.sa_family = ARPHRD_ETHER; 172 wireless_send_event(dev, IWEVEXPIRED, &wrqu, NULL); 173} 174 175 176#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 177 178static void ap_handle_timer(unsigned long data) 179{ 180 struct sta_info *sta = (struct sta_info *) data; 181 local_info_t *local; 182 struct ap_data *ap; 183 unsigned long next_time = 0; 184 int was_assoc; 185 186 if (sta == NULL || sta->local == NULL || sta->local->ap == NULL) { 187 PDEBUG(DEBUG_AP, "ap_handle_timer() called with NULL data\n"); 188 return; 189 } 190 191 local = sta->local; 192 ap = local->ap; 193 was_assoc = sta->flags & WLAN_STA_ASSOC; 194 195 if (atomic_read(&sta->users) != 0) 196 next_time = jiffies + HZ; 197 else if ((sta->flags & WLAN_STA_PERM) && !(sta->flags & WLAN_STA_AUTH)) 198 next_time = jiffies + ap->max_inactivity; 199 200 if (time_before(jiffies, sta->last_rx + ap->max_inactivity)) { 201 /* station activity detected; reset timeout state */ 202 sta->timeout_next = STA_NULLFUNC; 203 next_time = sta->last_rx + ap->max_inactivity; 204 } else if (sta->timeout_next == STA_DISASSOC && 205 !(sta->flags & WLAN_STA_PENDING_POLL)) { 206 /* STA ACKed data nullfunc frame poll */ 207 sta->timeout_next = STA_NULLFUNC; 208 next_time = jiffies + ap->max_inactivity; 209 } 210 211 if (next_time) { 212 sta->timer.expires = next_time; 213 add_timer(&sta->timer); 214 return; 215 } 216 217 if (sta->ap) 218 sta->timeout_next = STA_DEAUTH; 219 220 if (sta->timeout_next == STA_DEAUTH && !(sta->flags & WLAN_STA_PERM)) { 221 spin_lock(&ap->sta_table_lock); 222 ap_sta_hash_del(ap, sta); 223 list_del(&sta->list); 224 spin_unlock(&ap->sta_table_lock); 225 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC); 226 } else if (sta->timeout_next == STA_DISASSOC) 227 sta->flags &= ~WLAN_STA_ASSOC; 228 229 if (was_assoc && !(sta->flags & WLAN_STA_ASSOC) && !sta->ap) 230 hostap_event_expired_sta(local->dev, sta); 231 232 if (sta->timeout_next == STA_DEAUTH && sta->aid > 0 && 233 !skb_queue_empty(&sta->tx_buf)) { 234 hostap_set_tim(local, sta->aid, 0); 235 sta->flags &= ~WLAN_STA_TIM; 236 } 237 238 if (sta->ap) { 239 if (ap->autom_ap_wds) { 240 PDEBUG(DEBUG_AP, "%s: removing automatic WDS " 241 "connection to AP " MACSTR "\n", 242 local->dev->name, MAC2STR(sta->addr)); 243 hostap_wds_link_oper(local, sta->addr, WDS_DEL); 244 } 245 } else if (sta->timeout_next == STA_NULLFUNC) { 246 /* send data frame to poll STA and check whether this frame 247 * is ACKed */ 248 /* FIX: IEEE80211_STYPE_NULLFUNC would be more appropriate, but 249 * it is apparently not retried so TX Exc events are not 250 * received for it */ 251 sta->flags |= WLAN_STA_PENDING_POLL; 252 prism2_send_mgmt(local->dev, IEEE80211_FTYPE_DATA | 253 IEEE80211_STYPE_DATA, NULL, 0, 254 sta->addr, ap->tx_callback_poll); 255 } else { 256 int deauth = sta->timeout_next == STA_DEAUTH; 257 u16 resp; 258 PDEBUG(DEBUG_AP, "%s: sending %s info to STA " MACSTR 259 "(last=%lu, jiffies=%lu)\n", 260 local->dev->name, 261 deauth ? "deauthentication" : "disassociation", 262 MAC2STR(sta->addr), sta->last_rx, jiffies); 263 264 resp = cpu_to_le16(deauth ? WLAN_REASON_PREV_AUTH_NOT_VALID : 265 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY); 266 prism2_send_mgmt(local->dev, IEEE80211_FTYPE_MGMT | 267 (deauth ? IEEE80211_STYPE_DEAUTH : 268 IEEE80211_STYPE_DISASSOC), 269 (char *) &resp, 2, sta->addr, 0); 270 } 271 272 if (sta->timeout_next == STA_DEAUTH) { 273 if (sta->flags & WLAN_STA_PERM) { 274 PDEBUG(DEBUG_AP, "%s: STA " MACSTR " would have been " 275 "removed, but it has 'perm' flag\n", 276 local->dev->name, MAC2STR(sta->addr)); 277 } else 278 ap_free_sta(ap, sta); 279 return; 280 } 281 282 if (sta->timeout_next == STA_NULLFUNC) { 283 sta->timeout_next = STA_DISASSOC; 284 sta->timer.expires = jiffies + AP_DISASSOC_DELAY; 285 } else { 286 sta->timeout_next = STA_DEAUTH; 287 sta->timer.expires = jiffies + AP_DEAUTH_DELAY; 288 } 289 290 add_timer(&sta->timer); 291} 292 293 294void hostap_deauth_all_stas(struct net_device *dev, struct ap_data *ap, 295 int resend) 296{ 297 u8 addr[ETH_ALEN]; 298 u16 resp; 299 int i; 300 301 PDEBUG(DEBUG_AP, "%s: Deauthenticate all stations\n", dev->name); 302 memset(addr, 0xff, ETH_ALEN); 303 304 resp = __constant_cpu_to_le16(WLAN_REASON_PREV_AUTH_NOT_VALID); 305 306 /* deauth message sent; try to resend it few times; the message is 307 * broadcast, so it may be delayed until next DTIM; there is not much 308 * else we can do at this point since the driver is going to be shut 309 * down */ 310 for (i = 0; i < 5; i++) { 311 prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT | 312 IEEE80211_STYPE_DEAUTH, 313 (char *) &resp, 2, addr, 0); 314 315 if (!resend || ap->num_sta <= 0) 316 return; 317 318 mdelay(50); 319 } 320} 321 322 323static int ap_control_proc_read(char *page, char **start, off_t off, 324 int count, int *eof, void *data) 325{ 326 char *p = page; 327 struct ap_data *ap = (struct ap_data *) data; 328 char *policy_txt; 329 struct list_head *ptr; 330 struct mac_entry *entry; 331 332 if (off != 0) { 333 *eof = 1; 334 return 0; 335 } 336 337 switch (ap->mac_restrictions.policy) { 338 case MAC_POLICY_OPEN: 339 policy_txt = "open"; 340 break; 341 case MAC_POLICY_ALLOW: 342 policy_txt = "allow"; 343 break; 344 case MAC_POLICY_DENY: 345 policy_txt = "deny"; 346 break; 347 default: 348 policy_txt = "unknown"; 349 break; 350 }; 351 p += sprintf(p, "MAC policy: %s\n", policy_txt); 352 p += sprintf(p, "MAC entries: %u\n", ap->mac_restrictions.entries); 353 p += sprintf(p, "MAC list:\n"); 354 spin_lock_bh(&ap->mac_restrictions.lock); 355 for (ptr = ap->mac_restrictions.mac_list.next; 356 ptr != &ap->mac_restrictions.mac_list; ptr = ptr->next) { 357 if (p - page > PAGE_SIZE - 80) { 358 p += sprintf(p, "All entries did not fit one page.\n"); 359 break; 360 } 361 362 entry = list_entry(ptr, struct mac_entry, list); 363 p += sprintf(p, MACSTR "\n", MAC2STR(entry->addr)); 364 } 365 spin_unlock_bh(&ap->mac_restrictions.lock); 366 367 return (p - page); 368} 369 370 371int ap_control_add_mac(struct mac_restrictions *mac_restrictions, u8 *mac) 372{ 373 struct mac_entry *entry; 374 375 entry = kmalloc(sizeof(struct mac_entry), GFP_KERNEL); 376 if (entry == NULL) 377 return -1; 378 379 memcpy(entry->addr, mac, ETH_ALEN); 380 381 spin_lock_bh(&mac_restrictions->lock); 382 list_add_tail(&entry->list, &mac_restrictions->mac_list); 383 mac_restrictions->entries++; 384 spin_unlock_bh(&mac_restrictions->lock); 385 386 return 0; 387} 388 389 390int ap_control_del_mac(struct mac_restrictions *mac_restrictions, u8 *mac) 391{ 392 struct list_head *ptr; 393 struct mac_entry *entry; 394 395 spin_lock_bh(&mac_restrictions->lock); 396 for (ptr = mac_restrictions->mac_list.next; 397 ptr != &mac_restrictions->mac_list; ptr = ptr->next) { 398 entry = list_entry(ptr, struct mac_entry, list); 399 400 if (memcmp(entry->addr, mac, ETH_ALEN) == 0) { 401 list_del(ptr); 402 kfree(entry); 403 mac_restrictions->entries--; 404 spin_unlock_bh(&mac_restrictions->lock); 405 return 0; 406 } 407 } 408 spin_unlock_bh(&mac_restrictions->lock); 409 return -1; 410} 411 412 413static int ap_control_mac_deny(struct mac_restrictions *mac_restrictions, 414 u8 *mac) 415{ 416 struct list_head *ptr; 417 struct mac_entry *entry; 418 int found = 0; 419 420 if (mac_restrictions->policy == MAC_POLICY_OPEN) 421 return 0; 422 423 spin_lock_bh(&mac_restrictions->lock); 424 for (ptr = mac_restrictions->mac_list.next; 425 ptr != &mac_restrictions->mac_list; ptr = ptr->next) { 426 entry = list_entry(ptr, struct mac_entry, list); 427 428 if (memcmp(entry->addr, mac, ETH_ALEN) == 0) { 429 found = 1; 430 break; 431 } 432 } 433 spin_unlock_bh(&mac_restrictions->lock); 434 435 if (mac_restrictions->policy == MAC_POLICY_ALLOW) 436 return !found; 437 else 438 return found; 439} 440 441 442void ap_control_flush_macs(struct mac_restrictions *mac_restrictions) 443{ 444 struct list_head *ptr, *n; 445 struct mac_entry *entry; 446 447 if (mac_restrictions->entries == 0) 448 return; 449 450 spin_lock_bh(&mac_restrictions->lock); 451 for (ptr = mac_restrictions->mac_list.next, n = ptr->next; 452 ptr != &mac_restrictions->mac_list; 453 ptr = n, n = ptr->next) { 454 entry = list_entry(ptr, struct mac_entry, list); 455 list_del(ptr); 456 kfree(entry); 457 } 458 mac_restrictions->entries = 0; 459 spin_unlock_bh(&mac_restrictions->lock); 460} 461 462 463int ap_control_kick_mac(struct ap_data *ap, struct net_device *dev, u8 *mac) 464{ 465 struct sta_info *sta; 466 u16 resp; 467 468 spin_lock_bh(&ap->sta_table_lock); 469 sta = ap_get_sta(ap, mac); 470 if (sta) { 471 ap_sta_hash_del(ap, sta); 472 list_del(&sta->list); 473 } 474 spin_unlock_bh(&ap->sta_table_lock); 475 476 if (!sta) 477 return -EINVAL; 478 479 resp = cpu_to_le16(WLAN_REASON_PREV_AUTH_NOT_VALID); 480 prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_DEAUTH, 481 (char *) &resp, 2, sta->addr, 0); 482 483 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap) 484 hostap_event_expired_sta(dev, sta); 485 486 ap_free_sta(ap, sta); 487 488 return 0; 489} 490 491#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 492 493 494void ap_control_kickall(struct ap_data *ap) 495{ 496 struct list_head *ptr, *n; 497 struct sta_info *sta; 498 499 spin_lock_bh(&ap->sta_table_lock); 500 for (ptr = ap->sta_list.next, n = ptr->next; ptr != &ap->sta_list; 501 ptr = n, n = ptr->next) { 502 sta = list_entry(ptr, struct sta_info, list); 503 ap_sta_hash_del(ap, sta); 504 list_del(&sta->list); 505 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap && sta->local) 506 hostap_event_expired_sta(sta->local->dev, sta); 507 ap_free_sta(ap, sta); 508 } 509 spin_unlock_bh(&ap->sta_table_lock); 510} 511 512 513#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 514 515#define PROC_LIMIT (PAGE_SIZE - 80) 516 517static int prism2_ap_proc_read(char *page, char **start, off_t off, 518 int count, int *eof, void *data) 519{ 520 char *p = page; 521 struct ap_data *ap = (struct ap_data *) data; 522 struct list_head *ptr; 523 int i; 524 525 if (off > PROC_LIMIT) { 526 *eof = 1; 527 return 0; 528 } 529 530 p += sprintf(p, "# BSSID CHAN SIGNAL NOISE RATE SSID FLAGS\n"); 531 spin_lock_bh(&ap->sta_table_lock); 532 for (ptr = ap->sta_list.next; ptr != &ap->sta_list; ptr = ptr->next) { 533 struct sta_info *sta = (struct sta_info *) ptr; 534 535 if (!sta->ap) 536 continue; 537 538 p += sprintf(p, MACSTR " %d %d %d %d '", MAC2STR(sta->addr), 539 sta->u.ap.channel, sta->last_rx_signal, 540 sta->last_rx_silence, sta->last_rx_rate); 541 for (i = 0; i < sta->u.ap.ssid_len; i++) 542 p += sprintf(p, ((sta->u.ap.ssid[i] >= 32 && 543 sta->u.ap.ssid[i] < 127) ? 544 "%c" : "<%02x>"), 545 sta->u.ap.ssid[i]); 546 p += sprintf(p, "'"); 547 if (sta->capability & WLAN_CAPABILITY_ESS) 548 p += sprintf(p, " [ESS]"); 549 if (sta->capability & WLAN_CAPABILITY_IBSS) 550 p += sprintf(p, " [IBSS]"); 551 if (sta->capability & WLAN_CAPABILITY_PRIVACY) 552 p += sprintf(p, " [WEP]"); 553 p += sprintf(p, "\n"); 554 555 if ((p - page) > PROC_LIMIT) { 556 printk(KERN_DEBUG "hostap: ap proc did not fit\n"); 557 break; 558 } 559 } 560 spin_unlock_bh(&ap->sta_table_lock); 561 562 if ((p - page) <= off) { 563 *eof = 1; 564 return 0; 565 } 566 567 *start = page + off; 568 569 return (p - page - off); 570} 571#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 572 573 574void hostap_check_sta_fw_version(struct ap_data *ap, int sta_fw_ver) 575{ 576 if (!ap) 577 return; 578 579 if (sta_fw_ver == PRISM2_FW_VER(0,8,0)) { 580 PDEBUG(DEBUG_AP, "Using data::nullfunc ACK workaround - " 581 "firmware upgrade recommended\n"); 582 ap->nullfunc_ack = 1; 583 } else 584 ap->nullfunc_ack = 0; 585 586 if (sta_fw_ver == PRISM2_FW_VER(1,4,2)) { 587 printk(KERN_WARNING "%s: Warning: secondary station firmware " 588 "version 1.4.2 does not seem to work in Host AP mode\n", 589 ap->local->dev->name); 590 } 591} 592 593 594/* Called only as a tasklet (software IRQ) */ 595static void hostap_ap_tx_cb(struct sk_buff *skb, int ok, void *data) 596{ 597 struct ap_data *ap = data; 598 u16 fc; 599 struct ieee80211_hdr_4addr *hdr; 600 601 if (!ap->local->hostapd || !ap->local->apdev) { 602 dev_kfree_skb(skb); 603 return; 604 } 605 606 hdr = (struct ieee80211_hdr_4addr *) skb->data; 607 fc = le16_to_cpu(hdr->frame_ctl); 608 609 /* Pass the TX callback frame to the hostapd; use 802.11 header version 610 * 1 to indicate failure (no ACK) and 2 success (frame ACKed) */ 611 612 fc &= ~IEEE80211_FCTL_VERS; 613 fc |= ok ? BIT(1) : BIT(0); 614 hdr->frame_ctl = cpu_to_le16(fc); 615 616 skb->dev = ap->local->apdev; 617 skb_pull(skb, hostap_80211_get_hdrlen(fc)); 618 skb->pkt_type = PACKET_OTHERHOST; 619 skb->protocol = __constant_htons(ETH_P_802_2); 620 memset(skb->cb, 0, sizeof(skb->cb)); 621 netif_rx(skb); 622} 623 624 625#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 626/* Called only as a tasklet (software IRQ) */ 627static void hostap_ap_tx_cb_auth(struct sk_buff *skb, int ok, void *data) 628{ 629 struct ap_data *ap = data; 630 struct net_device *dev = ap->local->dev; 631 struct ieee80211_hdr_4addr *hdr; 632 u16 fc, *pos, auth_alg, auth_transaction, status; 633 struct sta_info *sta = NULL; 634 char *txt = NULL; 635 636 if (ap->local->hostapd) { 637 dev_kfree_skb(skb); 638 return; 639 } 640 641 hdr = (struct ieee80211_hdr_4addr *) skb->data; 642 fc = le16_to_cpu(hdr->frame_ctl); 643 if (WLAN_FC_GET_TYPE(fc) != IEEE80211_FTYPE_MGMT || 644 WLAN_FC_GET_STYPE(fc) != IEEE80211_STYPE_AUTH || 645 skb->len < IEEE80211_MGMT_HDR_LEN + 6) { 646 printk(KERN_DEBUG "%s: hostap_ap_tx_cb_auth received invalid " 647 "frame\n", dev->name); 648 dev_kfree_skb(skb); 649 return; 650 } 651 652 pos = (u16 *) (skb->data + IEEE80211_MGMT_HDR_LEN); 653 auth_alg = le16_to_cpu(*pos++); 654 auth_transaction = le16_to_cpu(*pos++); 655 status = le16_to_cpu(*pos++); 656 657 if (!ok) { 658 txt = "frame was not ACKed"; 659 goto done; 660 } 661 662 spin_lock(&ap->sta_table_lock); 663 sta = ap_get_sta(ap, hdr->addr1); 664 if (sta) 665 atomic_inc(&sta->users); 666 spin_unlock(&ap->sta_table_lock); 667 668 if (!sta) { 669 txt = "STA not found"; 670 goto done; 671 } 672 673 if (status == WLAN_STATUS_SUCCESS && 674 ((auth_alg == WLAN_AUTH_OPEN && auth_transaction == 2) || 675 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 4))) { 676 txt = "STA authenticated"; 677 sta->flags |= WLAN_STA_AUTH; 678 sta->last_auth = jiffies; 679 } else if (status != WLAN_STATUS_SUCCESS) 680 txt = "authentication failed"; 681 682 done: 683 if (sta) 684 atomic_dec(&sta->users); 685 if (txt) { 686 PDEBUG(DEBUG_AP, "%s: " MACSTR " auth_cb - alg=%d trans#=%d " 687 "status=%d - %s\n", 688 dev->name, MAC2STR(hdr->addr1), auth_alg, 689 auth_transaction, status, txt); 690 } 691 dev_kfree_skb(skb); 692} 693 694 695/* Called only as a tasklet (software IRQ) */ 696static void hostap_ap_tx_cb_assoc(struct sk_buff *skb, int ok, void *data) 697{ 698 struct ap_data *ap = data; 699 struct net_device *dev = ap->local->dev; 700 struct ieee80211_hdr_4addr *hdr; 701 u16 fc, *pos, status; 702 struct sta_info *sta = NULL; 703 char *txt = NULL; 704 705 if (ap->local->hostapd) { 706 dev_kfree_skb(skb); 707 return; 708 } 709 710 hdr = (struct ieee80211_hdr_4addr *) skb->data; 711 fc = le16_to_cpu(hdr->frame_ctl); 712 if (WLAN_FC_GET_TYPE(fc) != IEEE80211_FTYPE_MGMT || 713 (WLAN_FC_GET_STYPE(fc) != IEEE80211_STYPE_ASSOC_RESP && 714 WLAN_FC_GET_STYPE(fc) != IEEE80211_STYPE_REASSOC_RESP) || 715 skb->len < IEEE80211_MGMT_HDR_LEN + 4) { 716 printk(KERN_DEBUG "%s: hostap_ap_tx_cb_assoc received invalid " 717 "frame\n", dev->name); 718 dev_kfree_skb(skb); 719 return; 720 } 721 722 if (!ok) { 723 txt = "frame was not ACKed"; 724 goto done; 725 } 726 727 spin_lock(&ap->sta_table_lock); 728 sta = ap_get_sta(ap, hdr->addr1); 729 if (sta) 730 atomic_inc(&sta->users); 731 spin_unlock(&ap->sta_table_lock); 732 733 if (!sta) { 734 txt = "STA not found"; 735 goto done; 736 } 737 738 pos = (u16 *) (skb->data + IEEE80211_MGMT_HDR_LEN); 739 pos++; 740 status = le16_to_cpu(*pos++); 741 if (status == WLAN_STATUS_SUCCESS) { 742 if (!(sta->flags & WLAN_STA_ASSOC)) 743 hostap_event_new_sta(dev, sta); 744 txt = "STA associated"; 745 sta->flags |= WLAN_STA_ASSOC; 746 sta->last_assoc = jiffies; 747 } else 748 txt = "association failed"; 749 750 done: 751 if (sta) 752 atomic_dec(&sta->users); 753 if (txt) { 754 PDEBUG(DEBUG_AP, "%s: " MACSTR " assoc_cb - %s\n", 755 dev->name, MAC2STR(hdr->addr1), txt); 756 } 757 dev_kfree_skb(skb); 758} 759 760/* Called only as a tasklet (software IRQ); TX callback for poll frames used 761 * in verifying whether the STA is still present. */ 762static void hostap_ap_tx_cb_poll(struct sk_buff *skb, int ok, void *data) 763{ 764 struct ap_data *ap = data; 765 struct ieee80211_hdr_4addr *hdr; 766 struct sta_info *sta; 767 768 if (skb->len < 24) 769 goto fail; 770 hdr = (struct ieee80211_hdr_4addr *) skb->data; 771 if (ok) { 772 spin_lock(&ap->sta_table_lock); 773 sta = ap_get_sta(ap, hdr->addr1); 774 if (sta) 775 sta->flags &= ~WLAN_STA_PENDING_POLL; 776 spin_unlock(&ap->sta_table_lock); 777 } else { 778 PDEBUG(DEBUG_AP, "%s: STA " MACSTR " did not ACK activity " 779 "poll frame\n", ap->local->dev->name, 780 MAC2STR(hdr->addr1)); 781 } 782 783 fail: 784 dev_kfree_skb(skb); 785} 786#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 787 788 789void hostap_init_data(local_info_t *local) 790{ 791 struct ap_data *ap = local->ap; 792 793 if (ap == NULL) { 794 printk(KERN_WARNING "hostap_init_data: ap == NULL\n"); 795 return; 796 } 797 memset(ap, 0, sizeof(struct ap_data)); 798 ap->local = local; 799 800 ap->ap_policy = GET_INT_PARM(other_ap_policy, local->card_idx); 801 ap->bridge_packets = GET_INT_PARM(ap_bridge_packets, local->card_idx); 802 ap->max_inactivity = 803 GET_INT_PARM(ap_max_inactivity, local->card_idx) * HZ; 804 ap->autom_ap_wds = GET_INT_PARM(autom_ap_wds, local->card_idx); 805 806 spin_lock_init(&ap->sta_table_lock); 807 INIT_LIST_HEAD(&ap->sta_list); 808 809 /* Initialize task queue structure for AP management */ 810 INIT_WORK(&local->ap->add_sta_proc_queue, handle_add_proc_queue); 811 812 ap->tx_callback_idx = 813 hostap_tx_callback_register(local, hostap_ap_tx_cb, ap); 814 if (ap->tx_callback_idx == 0) 815 printk(KERN_WARNING "%s: failed to register TX callback for " 816 "AP\n", local->dev->name); 817#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 818 INIT_WORK(&local->ap->wds_oper_queue, handle_wds_oper_queue); 819 820 ap->tx_callback_auth = 821 hostap_tx_callback_register(local, hostap_ap_tx_cb_auth, ap); 822 ap->tx_callback_assoc = 823 hostap_tx_callback_register(local, hostap_ap_tx_cb_assoc, ap); 824 ap->tx_callback_poll = 825 hostap_tx_callback_register(local, hostap_ap_tx_cb_poll, ap); 826 if (ap->tx_callback_auth == 0 || ap->tx_callback_assoc == 0 || 827 ap->tx_callback_poll == 0) 828 printk(KERN_WARNING "%s: failed to register TX callback for " 829 "AP\n", local->dev->name); 830 831 spin_lock_init(&ap->mac_restrictions.lock); 832 INIT_LIST_HEAD(&ap->mac_restrictions.mac_list); 833#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 834 835 ap->initialized = 1; 836} 837 838 839void hostap_init_ap_proc(local_info_t *local) 840{ 841 struct ap_data *ap = local->ap; 842 843 ap->proc = local->proc; 844 if (ap->proc == NULL) 845 return; 846 847#ifndef PRISM2_NO_PROCFS_DEBUG 848 create_proc_read_entry("ap_debug", 0, ap->proc, 849 ap_debug_proc_read, ap); 850#endif /* PRISM2_NO_PROCFS_DEBUG */ 851 852#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 853 create_proc_read_entry("ap_control", 0, ap->proc, 854 ap_control_proc_read, ap); 855 create_proc_read_entry("ap", 0, ap->proc, 856 prism2_ap_proc_read, ap); 857#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 858 859} 860 861 862void hostap_free_data(struct ap_data *ap) 863{ 864 struct list_head *n, *ptr; 865 866 if (ap == NULL || !ap->initialized) { 867 printk(KERN_DEBUG "hostap_free_data: ap has not yet been " 868 "initialized - skip resource freeing\n"); 869 return; 870 } 871 872#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 873 if (ap->crypt) 874 ap->crypt->deinit(ap->crypt_priv); 875 ap->crypt = ap->crypt_priv = NULL; 876#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 877 878 list_for_each_safe(ptr, n, &ap->sta_list) { 879 struct sta_info *sta = list_entry(ptr, struct sta_info, list); 880 ap_sta_hash_del(ap, sta); 881 list_del(&sta->list); 882 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap && sta->local) 883 hostap_event_expired_sta(sta->local->dev, sta); 884 ap_free_sta(ap, sta); 885 } 886 887#ifndef PRISM2_NO_PROCFS_DEBUG 888 if (ap->proc != NULL) { 889 remove_proc_entry("ap_debug", ap->proc); 890 } 891#endif /* PRISM2_NO_PROCFS_DEBUG */ 892 893#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 894 if (ap->proc != NULL) { 895 remove_proc_entry("ap", ap->proc); 896 remove_proc_entry("ap_control", ap->proc); 897 } 898 ap_control_flush_macs(&ap->mac_restrictions); 899#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 900 901 ap->initialized = 0; 902} 903 904 905/* caller should have mutex for AP STA list handling */ 906static struct sta_info* ap_get_sta(struct ap_data *ap, u8 *sta) 907{ 908 struct sta_info *s; 909 910 s = ap->sta_hash[STA_HASH(sta)]; 911 while (s != NULL && memcmp(s->addr, sta, ETH_ALEN) != 0) 912 s = s->hnext; 913 return s; 914} 915 916 917#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 918 919/* Called from timer handler and from scheduled AP queue handlers */ 920static void prism2_send_mgmt(struct net_device *dev, 921 u16 type_subtype, char *body, 922 int body_len, u8 *addr, u16 tx_cb_idx) 923{ 924 struct hostap_interface *iface; 925 local_info_t *local; 926 struct ieee80211_hdr_4addr *hdr; 927 u16 fc; 928 struct sk_buff *skb; 929 struct hostap_skb_tx_data *meta; 930 int hdrlen; 931 932 iface = netdev_priv(dev); 933 local = iface->local; 934 dev = local->dev; /* always use master radio device */ 935 iface = netdev_priv(dev); 936 937 if (!(dev->flags & IFF_UP)) { 938 PDEBUG(DEBUG_AP, "%s: prism2_send_mgmt - device is not UP - " 939 "cannot send frame\n", dev->name); 940 return; 941 } 942 943 skb = dev_alloc_skb(sizeof(*hdr) + body_len); 944 if (skb == NULL) { 945 PDEBUG(DEBUG_AP, "%s: prism2_send_mgmt failed to allocate " 946 "skb\n", dev->name); 947 return; 948 } 949 950 fc = type_subtype; 951 hdrlen = hostap_80211_get_hdrlen(fc); 952 hdr = (struct ieee80211_hdr_4addr *) skb_put(skb, hdrlen); 953 if (body) 954 memcpy(skb_put(skb, body_len), body, body_len); 955 956 memset(hdr, 0, hdrlen); 957 958 /* FIX: ctrl::ack sending used special HFA384X_TX_CTRL_802_11 959 * tx_control instead of using local->tx_control */ 960 961 962 memcpy(hdr->addr1, addr, ETH_ALEN); /* DA / RA */ 963 if (WLAN_FC_GET_TYPE(fc) == IEEE80211_FTYPE_DATA) { 964 fc |= IEEE80211_FCTL_FROMDS; 965 memcpy(hdr->addr2, dev->dev_addr, ETH_ALEN); /* BSSID */ 966 memcpy(hdr->addr3, dev->dev_addr, ETH_ALEN); /* SA */ 967 } else if (WLAN_FC_GET_TYPE(fc) == IEEE80211_FTYPE_CTL) { 968 /* control:ACK does not have addr2 or addr3 */ 969 memset(hdr->addr2, 0, ETH_ALEN); 970 memset(hdr->addr3, 0, ETH_ALEN); 971 } else { 972 memcpy(hdr->addr2, dev->dev_addr, ETH_ALEN); /* SA */ 973 memcpy(hdr->addr3, dev->dev_addr, ETH_ALEN); /* BSSID */ 974 } 975 976 hdr->frame_ctl = cpu_to_le16(fc); 977 978 meta = (struct hostap_skb_tx_data *) skb->cb; 979 memset(meta, 0, sizeof(*meta)); 980 meta->magic = HOSTAP_SKB_TX_DATA_MAGIC; 981 meta->iface = iface; 982 meta->tx_cb_idx = tx_cb_idx; 983 984 skb->dev = dev; 985 skb_reset_mac_header(skb); 986 skb_reset_network_header(skb); 987 dev_queue_xmit(skb); 988} 989#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 990 991 992static int prism2_sta_proc_read(char *page, char **start, off_t off, 993 int count, int *eof, void *data) 994{ 995 char *p = page; 996 struct sta_info *sta = (struct sta_info *) data; 997 int i; 998 999 /* FIX: possible race condition.. the STA data could have just expired, 1000 * but proc entry was still here so that the read could have started; 1001 * some locking should be done here.. */ 1002 1003 if (off != 0) { 1004 *eof = 1; 1005 return 0; 1006 } 1007 1008 p += sprintf(p, "%s=" MACSTR "\nusers=%d\naid=%d\n" 1009 "flags=0x%04x%s%s%s%s%s%s%s\n" 1010 "capability=0x%02x\nlisten_interval=%d\nsupported_rates=", 1011 sta->ap ? "AP" : "STA", 1012 MAC2STR(sta->addr), atomic_read(&sta->users), sta->aid, 1013 sta->flags, 1014 sta->flags & WLAN_STA_AUTH ? " AUTH" : "", 1015 sta->flags & WLAN_STA_ASSOC ? " ASSOC" : "", 1016 sta->flags & WLAN_STA_PS ? " PS" : "", 1017 sta->flags & WLAN_STA_TIM ? " TIM" : "", 1018 sta->flags & WLAN_STA_PERM ? " PERM" : "", 1019 sta->flags & WLAN_STA_AUTHORIZED ? " AUTHORIZED" : "", 1020 sta->flags & WLAN_STA_PENDING_POLL ? " POLL" : "", 1021 sta->capability, sta->listen_interval); 1022 /* supported_rates: 500 kbit/s units with msb ignored */ 1023 for (i = 0; i < sizeof(sta->supported_rates); i++) 1024 if (sta->supported_rates[i] != 0) 1025 p += sprintf(p, "%d%sMbps ", 1026 (sta->supported_rates[i] & 0x7f) / 2, 1027 sta->supported_rates[i] & 1 ? ".5" : ""); 1028 p += sprintf(p, "\njiffies=%lu\nlast_auth=%lu\nlast_assoc=%lu\n" 1029 "last_rx=%lu\nlast_tx=%lu\nrx_packets=%lu\n" 1030 "tx_packets=%lu\n" 1031 "rx_bytes=%lu\ntx_bytes=%lu\nbuffer_count=%d\n" 1032 "last_rx: silence=%d dBm signal=%d dBm rate=%d%s Mbps\n" 1033 "tx_rate=%d\ntx[1M]=%d\ntx[2M]=%d\ntx[5.5M]=%d\n" 1034 "tx[11M]=%d\n" 1035 "rx[1M]=%d\nrx[2M]=%d\nrx[5.5M]=%d\nrx[11M]=%d\n", 1036 jiffies, sta->last_auth, sta->last_assoc, sta->last_rx, 1037 sta->last_tx, 1038 sta->rx_packets, sta->tx_packets, sta->rx_bytes, 1039 sta->tx_bytes, skb_queue_len(&sta->tx_buf), 1040 sta->last_rx_silence, 1041 sta->last_rx_signal, sta->last_rx_rate / 10, 1042 sta->last_rx_rate % 10 ? ".5" : "", 1043 sta->tx_rate, sta->tx_count[0], sta->tx_count[1], 1044 sta->tx_count[2], sta->tx_count[3], sta->rx_count[0], 1045 sta->rx_count[1], sta->rx_count[2], sta->rx_count[3]); 1046 if (sta->crypt && sta->crypt->ops && sta->crypt->ops->print_stats) 1047 p = sta->crypt->ops->print_stats(p, sta->crypt->priv); 1048#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 1049 if (sta->ap) { 1050 if (sta->u.ap.channel >= 0) 1051 p += sprintf(p, "channel=%d\n", sta->u.ap.channel); 1052 p += sprintf(p, "ssid="); 1053 for (i = 0; i < sta->u.ap.ssid_len; i++) 1054 p += sprintf(p, ((sta->u.ap.ssid[i] >= 32 && 1055 sta->u.ap.ssid[i] < 127) ? 1056 "%c" : "<%02x>"), 1057 sta->u.ap.ssid[i]); 1058 p += sprintf(p, "\n"); 1059 } 1060#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 1061 1062 return (p - page); 1063} 1064 1065 1066static void handle_add_proc_queue(struct work_struct *work) 1067{ 1068 struct ap_data *ap = container_of(work, struct ap_data, 1069 add_sta_proc_queue); 1070 struct sta_info *sta; 1071 char name[20]; 1072 struct add_sta_proc_data *entry, *prev; 1073 1074 entry = ap->add_sta_proc_entries; 1075 ap->add_sta_proc_entries = NULL; 1076 1077 while (entry) { 1078 spin_lock_bh(&ap->sta_table_lock); 1079 sta = ap_get_sta(ap, entry->addr); 1080 if (sta) 1081 atomic_inc(&sta->users); 1082 spin_unlock_bh(&ap->sta_table_lock); 1083 1084 if (sta) { 1085 sprintf(name, MACSTR, MAC2STR(sta->addr)); 1086 sta->proc = create_proc_read_entry( 1087 name, 0, ap->proc, 1088 prism2_sta_proc_read, sta); 1089 1090 atomic_dec(&sta->users); 1091 } 1092 1093 prev = entry; 1094 entry = entry->next; 1095 kfree(prev); 1096 } 1097} 1098 1099 1100static struct sta_info * ap_add_sta(struct ap_data *ap, u8 *addr) 1101{ 1102 struct sta_info *sta; 1103 1104 sta = kzalloc(sizeof(struct sta_info), GFP_ATOMIC); 1105 if (sta == NULL) { 1106 PDEBUG(DEBUG_AP, "AP: kmalloc failed\n"); 1107 return NULL; 1108 } 1109 1110 /* initialize STA info data */ 1111 sta->local = ap->local; 1112 skb_queue_head_init(&sta->tx_buf); 1113 memcpy(sta->addr, addr, ETH_ALEN); 1114 1115 atomic_inc(&sta->users); 1116 spin_lock_bh(&ap->sta_table_lock); 1117 list_add(&sta->list, &ap->sta_list); 1118 ap->num_sta++; 1119 ap_sta_hash_add(ap, sta); 1120 spin_unlock_bh(&ap->sta_table_lock); 1121 1122 if (ap->proc) { 1123 struct add_sta_proc_data *entry; 1124 /* schedule a non-interrupt context process to add a procfs 1125 * entry for the STA since procfs code use GFP_KERNEL */ 1126 entry = kmalloc(sizeof(*entry), GFP_ATOMIC); 1127 if (entry) { 1128 memcpy(entry->addr, sta->addr, ETH_ALEN); 1129 entry->next = ap->add_sta_proc_entries; 1130 ap->add_sta_proc_entries = entry; 1131 schedule_work(&ap->add_sta_proc_queue); 1132 } else 1133 printk(KERN_DEBUG "Failed to add STA proc data\n"); 1134 } 1135 1136#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 1137 init_timer(&sta->timer); 1138 sta->timer.expires = jiffies + ap->max_inactivity; 1139 sta->timer.data = (unsigned long) sta; 1140 sta->timer.function = ap_handle_timer; 1141 if (!ap->local->hostapd) 1142 add_timer(&sta->timer); 1143#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 1144 1145 return sta; 1146} 1147 1148 1149static int ap_tx_rate_ok(int rateidx, struct sta_info *sta, 1150 local_info_t *local) 1151{ 1152 if (rateidx > sta->tx_max_rate || 1153 !(sta->tx_supp_rates & (1 << rateidx))) 1154 return 0; 1155 1156 if (local->tx_rate_control != 0 && 1157 !(local->tx_rate_control & (1 << rateidx))) 1158 return 0; 1159 1160 return 1; 1161} 1162 1163 1164static void prism2_check_tx_rates(struct sta_info *sta) 1165{ 1166 int i; 1167 1168 sta->tx_supp_rates = 0; 1169 for (i = 0; i < sizeof(sta->supported_rates); i++) { 1170 if ((sta->supported_rates[i] & 0x7f) == 2) 1171 sta->tx_supp_rates |= WLAN_RATE_1M; 1172 if ((sta->supported_rates[i] & 0x7f) == 4) 1173 sta->tx_supp_rates |= WLAN_RATE_2M; 1174 if ((sta->supported_rates[i] & 0x7f) == 11) 1175 sta->tx_supp_rates |= WLAN_RATE_5M5; 1176 if ((sta->supported_rates[i] & 0x7f) == 22) 1177 sta->tx_supp_rates |= WLAN_RATE_11M; 1178 } 1179 sta->tx_max_rate = sta->tx_rate = sta->tx_rate_idx = 0; 1180 if (sta->tx_supp_rates & WLAN_RATE_1M) { 1181 sta->tx_max_rate = 0; 1182 if (ap_tx_rate_ok(0, sta, sta->local)) { 1183 sta->tx_rate = 10; 1184 sta->tx_rate_idx = 0; 1185 } 1186 } 1187 if (sta->tx_supp_rates & WLAN_RATE_2M) { 1188 sta->tx_max_rate = 1; 1189 if (ap_tx_rate_ok(1, sta, sta->local)) { 1190 sta->tx_rate = 20; 1191 sta->tx_rate_idx = 1; 1192 } 1193 } 1194 if (sta->tx_supp_rates & WLAN_RATE_5M5) { 1195 sta->tx_max_rate = 2; 1196 if (ap_tx_rate_ok(2, sta, sta->local)) { 1197 sta->tx_rate = 55; 1198 sta->tx_rate_idx = 2; 1199 } 1200 } 1201 if (sta->tx_supp_rates & WLAN_RATE_11M) { 1202 sta->tx_max_rate = 3; 1203 if (ap_tx_rate_ok(3, sta, sta->local)) { 1204 sta->tx_rate = 110; 1205 sta->tx_rate_idx = 3; 1206 } 1207 } 1208} 1209 1210 1211#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 1212 1213static void ap_crypt_init(struct ap_data *ap) 1214{ 1215 ap->crypt = ieee80211_get_crypto_ops("WEP"); 1216 1217 if (ap->crypt) { 1218 if (ap->crypt->init) { 1219 ap->crypt_priv = ap->crypt->init(0); 1220 if (ap->crypt_priv == NULL) 1221 ap->crypt = NULL; 1222 else { 1223 u8 key[WEP_KEY_LEN]; 1224 get_random_bytes(key, WEP_KEY_LEN); 1225 ap->crypt->set_key(key, WEP_KEY_LEN, NULL, 1226 ap->crypt_priv); 1227 } 1228 } 1229 } 1230 1231 if (ap->crypt == NULL) { 1232 printk(KERN_WARNING "AP could not initialize WEP: load module " 1233 "ieee80211_crypt_wep.ko\n"); 1234 } 1235} 1236 1237 1238/* Generate challenge data for shared key authentication. IEEE 802.11 specifies 1239 * that WEP algorithm is used for generating challange. This should be unique, 1240 * but otherwise there is not really need for randomness etc. Initialize WEP 1241 * with pseudo random key and then use increasing IV to get unique challenge 1242 * streams. 1243 * 1244 * Called only as a scheduled task for pending AP frames. 1245 */ 1246static char * ap_auth_make_challenge(struct ap_data *ap) 1247{ 1248 char *tmpbuf; 1249 struct sk_buff *skb; 1250 1251 if (ap->crypt == NULL) { 1252 ap_crypt_init(ap); 1253 if (ap->crypt == NULL) 1254 return NULL; 1255 } 1256 1257 tmpbuf = kmalloc(WLAN_AUTH_CHALLENGE_LEN, GFP_ATOMIC); 1258 if (tmpbuf == NULL) { 1259 PDEBUG(DEBUG_AP, "AP: kmalloc failed for challenge\n"); 1260 return NULL; 1261 } 1262 1263 skb = dev_alloc_skb(WLAN_AUTH_CHALLENGE_LEN + 1264 ap->crypt->extra_mpdu_prefix_len + 1265 ap->crypt->extra_mpdu_postfix_len); 1266 if (skb == NULL) { 1267 kfree(tmpbuf); 1268 return NULL; 1269 } 1270 1271 skb_reserve(skb, ap->crypt->extra_mpdu_prefix_len); 1272 memset(skb_put(skb, WLAN_AUTH_CHALLENGE_LEN), 0, 1273 WLAN_AUTH_CHALLENGE_LEN); 1274 if (ap->crypt->encrypt_mpdu(skb, 0, ap->crypt_priv)) { 1275 dev_kfree_skb(skb); 1276 kfree(tmpbuf); 1277 return NULL; 1278 } 1279 1280 skb_copy_from_linear_data_offset(skb, ap->crypt->extra_mpdu_prefix_len, 1281 tmpbuf, WLAN_AUTH_CHALLENGE_LEN); 1282 dev_kfree_skb(skb); 1283 1284 return tmpbuf; 1285} 1286 1287 1288/* Called only as a scheduled task for pending AP frames. */ 1289static void handle_authen(local_info_t *local, struct sk_buff *skb, 1290 struct hostap_80211_rx_status *rx_stats) 1291{ 1292 struct net_device *dev = local->dev; 1293 struct ieee80211_hdr_4addr *hdr = (struct ieee80211_hdr_4addr *) skb->data; 1294 size_t hdrlen; 1295 struct ap_data *ap = local->ap; 1296 char body[8 + WLAN_AUTH_CHALLENGE_LEN], *challenge = NULL; 1297 int len, olen; 1298 u16 auth_alg, auth_transaction, status_code, *pos; 1299 u16 resp = WLAN_STATUS_SUCCESS, fc; 1300 struct sta_info *sta = NULL; 1301 struct ieee80211_crypt_data *crypt; 1302 char *txt = ""; 1303 1304 len = skb->len - IEEE80211_MGMT_HDR_LEN; 1305 1306 fc = le16_to_cpu(hdr->frame_ctl); 1307 hdrlen = hostap_80211_get_hdrlen(fc); 1308 1309 if (len < 6) { 1310 PDEBUG(DEBUG_AP, "%s: handle_authen - too short payload " 1311 "(len=%d) from " MACSTR "\n", dev->name, len, 1312 MAC2STR(hdr->addr2)); 1313 return; 1314 } 1315 1316 spin_lock_bh(&local->ap->sta_table_lock); 1317 sta = ap_get_sta(local->ap, hdr->addr2); 1318 if (sta) 1319 atomic_inc(&sta->users); 1320 spin_unlock_bh(&local->ap->sta_table_lock); 1321 1322 if (sta && sta->crypt) 1323 crypt = sta->crypt; 1324 else { 1325 int idx = 0; 1326 if (skb->len >= hdrlen + 3) 1327 idx = skb->data[hdrlen + 3] >> 6; 1328 crypt = local->crypt[idx]; 1329 } 1330 1331 pos = (u16 *) (skb->data + IEEE80211_MGMT_HDR_LEN); 1332 auth_alg = __le16_to_cpu(*pos); 1333 pos++; 1334 auth_transaction = __le16_to_cpu(*pos); 1335 pos++; 1336 status_code = __le16_to_cpu(*pos); 1337 pos++; 1338 1339 if (memcmp(dev->dev_addr, hdr->addr2, ETH_ALEN) == 0 || 1340 ap_control_mac_deny(&ap->mac_restrictions, hdr->addr2)) { 1341 txt = "authentication denied"; 1342 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1343 goto fail; 1344 } 1345 1346 if (((local->auth_algs & PRISM2_AUTH_OPEN) && 1347 auth_alg == WLAN_AUTH_OPEN) || 1348 ((local->auth_algs & PRISM2_AUTH_SHARED_KEY) && 1349 crypt && auth_alg == WLAN_AUTH_SHARED_KEY)) { 1350 } else { 1351 txt = "unsupported algorithm"; 1352 resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG; 1353 goto fail; 1354 } 1355 1356 if (len >= 8) { 1357 u8 *u = (u8 *) pos; 1358 if (*u == WLAN_EID_CHALLENGE) { 1359 if (*(u + 1) != WLAN_AUTH_CHALLENGE_LEN) { 1360 txt = "invalid challenge len"; 1361 resp = WLAN_STATUS_CHALLENGE_FAIL; 1362 goto fail; 1363 } 1364 if (len - 8 < WLAN_AUTH_CHALLENGE_LEN) { 1365 txt = "challenge underflow"; 1366 resp = WLAN_STATUS_CHALLENGE_FAIL; 1367 goto fail; 1368 } 1369 challenge = (char *) (u + 2); 1370 } 1371 } 1372 1373 if (sta && sta->ap) { 1374 if (time_after(jiffies, sta->u.ap.last_beacon + 1375 (10 * sta->listen_interval * HZ) / 1024)) { 1376 PDEBUG(DEBUG_AP, "%s: no beacons received for a while," 1377 " assuming AP " MACSTR " is now STA\n", 1378 dev->name, MAC2STR(sta->addr)); 1379 sta->ap = 0; 1380 sta->flags = 0; 1381 sta->u.sta.challenge = NULL; 1382 } else { 1383 txt = "AP trying to authenticate?"; 1384 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1385 goto fail; 1386 } 1387 } 1388 1389 if ((auth_alg == WLAN_AUTH_OPEN && auth_transaction == 1) || 1390 (auth_alg == WLAN_AUTH_SHARED_KEY && 1391 (auth_transaction == 1 || 1392 (auth_transaction == 3 && sta != NULL && 1393 sta->u.sta.challenge != NULL)))) { 1394 } else { 1395 txt = "unknown authentication transaction number"; 1396 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION; 1397 goto fail; 1398 } 1399 1400 if (sta == NULL) { 1401 txt = "new STA"; 1402 1403 if (local->ap->num_sta >= MAX_STA_COUNT) { 1404 /* FIX: might try to remove some old STAs first? */ 1405 txt = "no more room for new STAs"; 1406 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1407 goto fail; 1408 } 1409 1410 sta = ap_add_sta(local->ap, hdr->addr2); 1411 if (sta == NULL) { 1412 txt = "ap_add_sta failed"; 1413 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1414 goto fail; 1415 } 1416 } 1417 1418 switch (auth_alg) { 1419 case WLAN_AUTH_OPEN: 1420 txt = "authOK"; 1421 /* IEEE 802.11 standard is not completely clear about 1422 * whether STA is considered authenticated after 1423 * authentication OK frame has been send or after it 1424 * has been ACKed. In order to reduce interoperability 1425 * issues, mark the STA authenticated before ACK. */ 1426 sta->flags |= WLAN_STA_AUTH; 1427 break; 1428 1429 case WLAN_AUTH_SHARED_KEY: 1430 if (auth_transaction == 1) { 1431 if (sta->u.sta.challenge == NULL) { 1432 sta->u.sta.challenge = 1433 ap_auth_make_challenge(local->ap); 1434 if (sta->u.sta.challenge == NULL) { 1435 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1436 goto fail; 1437 } 1438 } 1439 } else { 1440 if (sta->u.sta.challenge == NULL || 1441 challenge == NULL || 1442 memcmp(sta->u.sta.challenge, challenge, 1443 WLAN_AUTH_CHALLENGE_LEN) != 0 || 1444 !(fc & IEEE80211_FCTL_PROTECTED)) { 1445 txt = "challenge response incorrect"; 1446 resp = WLAN_STATUS_CHALLENGE_FAIL; 1447 goto fail; 1448 } 1449 1450 txt = "challenge OK - authOK"; 1451 /* IEEE 802.11 standard is not completely clear about 1452 * whether STA is considered authenticated after 1453 * authentication OK frame has been send or after it 1454 * has been ACKed. In order to reduce interoperability 1455 * issues, mark the STA authenticated before ACK. */ 1456 sta->flags |= WLAN_STA_AUTH; 1457 kfree(sta->u.sta.challenge); 1458 sta->u.sta.challenge = NULL; 1459 } 1460 break; 1461 } 1462 1463 fail: 1464 pos = (u16 *) body; 1465 *pos = cpu_to_le16(auth_alg); 1466 pos++; 1467 *pos = cpu_to_le16(auth_transaction + 1); 1468 pos++; 1469 *pos = cpu_to_le16(resp); /* status_code */ 1470 pos++; 1471 olen = 6; 1472 1473 if (resp == WLAN_STATUS_SUCCESS && sta != NULL && 1474 sta->u.sta.challenge != NULL && 1475 auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 1) { 1476 u8 *tmp = (u8 *) pos; 1477 *tmp++ = WLAN_EID_CHALLENGE; 1478 *tmp++ = WLAN_AUTH_CHALLENGE_LEN; 1479 pos++; 1480 memcpy(pos, sta->u.sta.challenge, WLAN_AUTH_CHALLENGE_LEN); 1481 olen += 2 + WLAN_AUTH_CHALLENGE_LEN; 1482 } 1483 1484 prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_AUTH, 1485 body, olen, hdr->addr2, ap->tx_callback_auth); 1486 1487 if (sta) { 1488 sta->last_rx = jiffies; 1489 atomic_dec(&sta->users); 1490 } 1491 1492 if (resp) { 1493 PDEBUG(DEBUG_AP, "%s: " MACSTR " auth (alg=%d trans#=%d " 1494 "stat=%d len=%d fc=%04x) ==> %d (%s)\n", 1495 dev->name, MAC2STR(hdr->addr2), auth_alg, 1496 auth_transaction, status_code, len, fc, resp, txt); 1497 } 1498} 1499 1500 1501/* Called only as a scheduled task for pending AP frames. */ 1502static void handle_assoc(local_info_t *local, struct sk_buff *skb, 1503 struct hostap_80211_rx_status *rx_stats, int reassoc) 1504{ 1505 struct net_device *dev = local->dev; 1506 struct ieee80211_hdr_4addr *hdr = (struct ieee80211_hdr_4addr *) skb->data; 1507 char body[12], *p, *lpos; 1508 int len, left; 1509 u16 *pos; 1510 u16 resp = WLAN_STATUS_SUCCESS; 1511 struct sta_info *sta = NULL; 1512 int send_deauth = 0; 1513 char *txt = ""; 1514 u8 prev_ap[ETH_ALEN]; 1515 1516 left = len = skb->len - IEEE80211_MGMT_HDR_LEN; 1517 1518 if (len < (reassoc ? 10 : 4)) { 1519 PDEBUG(DEBUG_AP, "%s: handle_assoc - too short payload " 1520 "(len=%d, reassoc=%d) from " MACSTR "\n", 1521 dev->name, len, reassoc, MAC2STR(hdr->addr2)); 1522 return; 1523 } 1524 1525 spin_lock_bh(&local->ap->sta_table_lock); 1526 sta = ap_get_sta(local->ap, hdr->addr2); 1527 if (sta == NULL || (sta->flags & WLAN_STA_AUTH) == 0) { 1528 spin_unlock_bh(&local->ap->sta_table_lock); 1529 txt = "trying to associate before authentication"; 1530 send_deauth = 1; 1531 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1532 sta = NULL; /* do not decrement sta->users */ 1533 goto fail; 1534 } 1535 atomic_inc(&sta->users); 1536 spin_unlock_bh(&local->ap->sta_table_lock); 1537 1538 pos = (u16 *) (skb->data + IEEE80211_MGMT_HDR_LEN); 1539 sta->capability = __le16_to_cpu(*pos); 1540 pos++; left -= 2; 1541 sta->listen_interval = __le16_to_cpu(*pos); 1542 pos++; left -= 2; 1543 1544 if (reassoc) { 1545 memcpy(prev_ap, pos, ETH_ALEN); 1546 pos++; pos++; pos++; left -= 6; 1547 } else 1548 memset(prev_ap, 0, ETH_ALEN); 1549 1550 if (left >= 2) { 1551 unsigned int ileft; 1552 unsigned char *u = (unsigned char *) pos; 1553 1554 if (*u == WLAN_EID_SSID) { 1555 u++; left--; 1556 ileft = *u; 1557 u++; left--; 1558 1559 if (ileft > left || ileft > MAX_SSID_LEN) { 1560 txt = "SSID overflow"; 1561 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1562 goto fail; 1563 } 1564 1565 if (ileft != strlen(local->essid) || 1566 memcmp(local->essid, u, ileft) != 0) { 1567 txt = "not our SSID"; 1568 resp = WLAN_STATUS_ASSOC_DENIED_UNSPEC; 1569 goto fail; 1570 } 1571 1572 u += ileft; 1573 left -= ileft; 1574 } 1575 1576 if (left >= 2 && *u == WLAN_EID_SUPP_RATES) { 1577 u++; left--; 1578 ileft = *u; 1579 u++; left--; 1580 1581 if (ileft > left || ileft == 0 || 1582 ileft > WLAN_SUPP_RATES_MAX) { 1583 txt = "SUPP_RATES len error"; 1584 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1585 goto fail; 1586 } 1587 1588 memset(sta->supported_rates, 0, 1589 sizeof(sta->supported_rates)); 1590 memcpy(sta->supported_rates, u, ileft); 1591 prism2_check_tx_rates(sta); 1592 1593 u += ileft; 1594 left -= ileft; 1595 } 1596 1597 if (left > 0) { 1598 PDEBUG(DEBUG_AP, "%s: assoc from " MACSTR " with extra" 1599 " data (%d bytes) [", 1600 dev->name, MAC2STR(hdr->addr2), left); 1601 while (left > 0) { 1602 PDEBUG2(DEBUG_AP, "<%02x>", *u); 1603 u++; left--; 1604 } 1605 PDEBUG2(DEBUG_AP, "]\n"); 1606 } 1607 } else { 1608 txt = "frame underflow"; 1609 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1610 goto fail; 1611 } 1612 1613 /* get a unique AID */ 1614 if (sta->aid > 0) 1615 txt = "OK, old AID"; 1616 else { 1617 spin_lock_bh(&local->ap->sta_table_lock); 1618 for (sta->aid = 1; sta->aid <= MAX_AID_TABLE_SIZE; sta->aid++) 1619 if (local->ap->sta_aid[sta->aid - 1] == NULL) 1620 break; 1621 if (sta->aid > MAX_AID_TABLE_SIZE) { 1622 sta->aid = 0; 1623 spin_unlock_bh(&local->ap->sta_table_lock); 1624 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA; 1625 txt = "no room for more AIDs"; 1626 } else { 1627 local->ap->sta_aid[sta->aid - 1] = sta; 1628 spin_unlock_bh(&local->ap->sta_table_lock); 1629 txt = "OK, new AID"; 1630 } 1631 } 1632 1633 fail: 1634 pos = (u16 *) body; 1635 1636 if (send_deauth) { 1637 *pos = __constant_cpu_to_le16( 1638 WLAN_REASON_STA_REQ_ASSOC_WITHOUT_AUTH); 1639 pos++; 1640 } else { 1641 /* FIX: CF-Pollable and CF-PollReq should be set to match the 1642 * values in beacons/probe responses */ 1643 /* FIX: how about privacy and WEP? */ 1644 /* capability */ 1645 *pos = __constant_cpu_to_le16(WLAN_CAPABILITY_ESS); 1646 pos++; 1647 1648 /* status_code */ 1649 *pos = __cpu_to_le16(resp); 1650 pos++; 1651 1652 *pos = __cpu_to_le16((sta && sta->aid > 0 ? sta->aid : 0) | 1653 BIT(14) | BIT(15)); /* AID */ 1654 pos++; 1655 1656 /* Supported rates (Information element) */ 1657 p = (char *) pos; 1658 *p++ = WLAN_EID_SUPP_RATES; 1659 lpos = p; 1660 *p++ = 0; /* len */ 1661 if (local->tx_rate_control & WLAN_RATE_1M) { 1662 *p++ = local->basic_rates & WLAN_RATE_1M ? 0x82 : 0x02; 1663 (*lpos)++; 1664 } 1665 if (local->tx_rate_control & WLAN_RATE_2M) { 1666 *p++ = local->basic_rates & WLAN_RATE_2M ? 0x84 : 0x04; 1667 (*lpos)++; 1668 } 1669 if (local->tx_rate_control & WLAN_RATE_5M5) { 1670 *p++ = local->basic_rates & WLAN_RATE_5M5 ? 1671 0x8b : 0x0b; 1672 (*lpos)++; 1673 } 1674 if (local->tx_rate_control & WLAN_RATE_11M) { 1675 *p++ = local->basic_rates & WLAN_RATE_11M ? 1676 0x96 : 0x16; 1677 (*lpos)++; 1678 } 1679 pos = (u16 *) p; 1680 } 1681 1682 prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT | 1683 (send_deauth ? IEEE80211_STYPE_DEAUTH : 1684 (reassoc ? IEEE80211_STYPE_REASSOC_RESP : 1685 IEEE80211_STYPE_ASSOC_RESP)), 1686 body, (u8 *) pos - (u8 *) body, 1687 hdr->addr2, 1688 send_deauth ? 0 : local->ap->tx_callback_assoc); 1689 1690 if (sta) { 1691 if (resp == WLAN_STATUS_SUCCESS) { 1692 sta->last_rx = jiffies; 1693 /* STA will be marked associated from TX callback, if 1694 * AssocResp is ACKed */ 1695 } 1696 atomic_dec(&sta->users); 1697 } 1698 1699} 1700 1701 1702/* Called only as a scheduled task for pending AP frames. */ 1703static void handle_deauth(local_info_t *local, struct sk_buff *skb, 1704 struct hostap_80211_rx_status *rx_stats) 1705{ 1706 struct net_device *dev = local->dev; 1707 struct ieee80211_hdr_4addr *hdr = (struct ieee80211_hdr_4addr *) skb->data; 1708 char *body = (char *) (skb->data + IEEE80211_MGMT_HDR_LEN); 1709 int len; 1710 u16 reason_code, *pos; 1711 struct sta_info *sta = NULL; 1712 1713 len = skb->len - IEEE80211_MGMT_HDR_LEN; 1714 1715 if (len < 2) { 1716 printk("handle_deauth - too short payload (len=%d)\n", len); 1717 return; 1718 } 1719 1720 pos = (u16 *) body; 1721 reason_code = __le16_to_cpu(*pos); 1722 1723 PDEBUG(DEBUG_AP, "%s: deauthentication: " MACSTR " len=%d, " 1724 "reason_code=%d\n", dev->name, MAC2STR(hdr->addr2), len, 1725 reason_code); 1726 1727 spin_lock_bh(&local->ap->sta_table_lock); 1728 sta = ap_get_sta(local->ap, hdr->addr2); 1729 if (sta != NULL) { 1730 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap) 1731 hostap_event_expired_sta(local->dev, sta); 1732 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC); 1733 } 1734 spin_unlock_bh(&local->ap->sta_table_lock); 1735 if (sta == NULL) { 1736 printk("%s: deauthentication from " MACSTR ", " 1737 "reason_code=%d, but STA not authenticated\n", dev->name, 1738 MAC2STR(hdr->addr2), reason_code); 1739 } 1740} 1741 1742 1743/* Called only as a scheduled task for pending AP frames. */ 1744static void handle_disassoc(local_info_t *local, struct sk_buff *skb, 1745 struct hostap_80211_rx_status *rx_stats) 1746{ 1747 struct net_device *dev = local->dev; 1748 struct ieee80211_hdr_4addr *hdr = (struct ieee80211_hdr_4addr *) skb->data; 1749 char *body = skb->data + IEEE80211_MGMT_HDR_LEN; 1750 int len; 1751 u16 reason_code, *pos; 1752 struct sta_info *sta = NULL; 1753 1754 len = skb->len - IEEE80211_MGMT_HDR_LEN; 1755 1756 if (len < 2) { 1757 printk("handle_disassoc - too short payload (len=%d)\n", len); 1758 return; 1759 } 1760 1761 pos = (u16 *) body; 1762 reason_code = __le16_to_cpu(*pos); 1763 1764 PDEBUG(DEBUG_AP, "%s: disassociation: " MACSTR " len=%d, " 1765 "reason_code=%d\n", dev->name, MAC2STR(hdr->addr2), len, 1766 reason_code); 1767 1768 spin_lock_bh(&local->ap->sta_table_lock); 1769 sta = ap_get_sta(local->ap, hdr->addr2); 1770 if (sta != NULL) { 1771 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap) 1772 hostap_event_expired_sta(local->dev, sta); 1773 sta->flags &= ~WLAN_STA_ASSOC; 1774 } 1775 spin_unlock_bh(&local->ap->sta_table_lock); 1776 if (sta == NULL) { 1777 printk("%s: disassociation from " MACSTR ", " 1778 "reason_code=%d, but STA not authenticated\n", 1779 dev->name, MAC2STR(hdr->addr2), reason_code); 1780 } 1781} 1782 1783 1784/* Called only as a scheduled task for pending AP frames. */ 1785static void ap_handle_data_nullfunc(local_info_t *local, 1786 struct ieee80211_hdr_4addr *hdr) 1787{ 1788 struct net_device *dev = local->dev; 1789 1790 /* some STA f/w's seem to require control::ACK frame for 1791 * data::nullfunc, but at least Prism2 station f/w version 0.8.0 does 1792 * not send this.. 1793 * send control::ACK for the data::nullfunc */ 1794 1795 printk(KERN_DEBUG "Sending control::ACK for data::nullfunc\n"); 1796 prism2_send_mgmt(dev, IEEE80211_FTYPE_CTL | IEEE80211_STYPE_ACK, 1797 NULL, 0, hdr->addr2, 0); 1798} 1799 1800 1801/* Called only as a scheduled task for pending AP frames. */ 1802static void ap_handle_dropped_data(local_info_t *local, 1803 struct ieee80211_hdr_4addr *hdr) 1804{ 1805 struct net_device *dev = local->dev; 1806 struct sta_info *sta; 1807 u16 reason; 1808 1809 spin_lock_bh(&local->ap->sta_table_lock); 1810 sta = ap_get_sta(local->ap, hdr->addr2); 1811 if (sta) 1812 atomic_inc(&sta->users); 1813 spin_unlock_bh(&local->ap->sta_table_lock); 1814 1815 if (sta != NULL && (sta->flags & WLAN_STA_ASSOC)) { 1816 PDEBUG(DEBUG_AP, "ap_handle_dropped_data: STA is now okay?\n"); 1817 atomic_dec(&sta->users); 1818 return; 1819 } 1820 1821 reason = __constant_cpu_to_le16( 1822 WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA); 1823 prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT | 1824 ((sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) ? 1825 IEEE80211_STYPE_DEAUTH : IEEE80211_STYPE_DISASSOC), 1826 (char *) &reason, sizeof(reason), hdr->addr2, 0); 1827 1828 if (sta) 1829 atomic_dec(&sta->users); 1830} 1831 1832#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 1833 1834 1835/* Called only as a scheduled task for pending AP frames. */ 1836static void pspoll_send_buffered(local_info_t *local, struct sta_info *sta, 1837 struct sk_buff *skb) 1838{ 1839 struct hostap_skb_tx_data *meta; 1840 1841 if (!(sta->flags & WLAN_STA_PS)) { 1842 /* Station has moved to non-PS mode, so send all buffered 1843 * frames using normal device queue. */ 1844 dev_queue_xmit(skb); 1845 return; 1846 } 1847 1848 /* add a flag for hostap_handle_sta_tx() to know that this skb should 1849 * be passed through even though STA is using PS */ 1850 meta = (struct hostap_skb_tx_data *) skb->cb; 1851 meta->flags |= HOSTAP_TX_FLAGS_BUFFERED_FRAME; 1852 if (!skb_queue_empty(&sta->tx_buf)) { 1853 /* indicate to STA that more frames follow */ 1854 meta->flags |= HOSTAP_TX_FLAGS_ADD_MOREDATA; 1855 } 1856 dev_queue_xmit(skb); 1857} 1858 1859 1860/* Called only as a scheduled task for pending AP frames. */ 1861static void handle_pspoll(local_info_t *local, 1862 struct ieee80211_hdr_4addr *hdr, 1863 struct hostap_80211_rx_status *rx_stats) 1864{ 1865 struct net_device *dev = local->dev; 1866 struct sta_info *sta; 1867 u16 aid; 1868 struct sk_buff *skb; 1869 1870 PDEBUG(DEBUG_PS2, "handle_pspoll: BSSID=" MACSTR ", TA=" MACSTR 1871 " PWRMGT=%d\n", 1872 MAC2STR(hdr->addr1), MAC2STR(hdr->addr2), 1873 !!(le16_to_cpu(hdr->frame_ctl) & IEEE80211_FCTL_PM)); 1874 1875 if (memcmp(hdr->addr1, dev->dev_addr, ETH_ALEN)) { 1876 PDEBUG(DEBUG_AP, "handle_pspoll - addr1(BSSID)=" MACSTR 1877 " not own MAC\n", MAC2STR(hdr->addr1)); 1878 return; 1879 } 1880 1881 aid = __le16_to_cpu(hdr->duration_id); 1882 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14))) { 1883 PDEBUG(DEBUG_PS, " PSPOLL and AID[15:14] not set\n"); 1884 return; 1885 } 1886 aid &= ~BIT(15) & ~BIT(14); 1887 if (aid == 0 || aid > MAX_AID_TABLE_SIZE) { 1888 PDEBUG(DEBUG_PS, " invalid aid=%d\n", aid); 1889 return; 1890 } 1891 PDEBUG(DEBUG_PS2, " aid=%d\n", aid); 1892 1893 spin_lock_bh(&local->ap->sta_table_lock); 1894 sta = ap_get_sta(local->ap, hdr->addr2); 1895 if (sta) 1896 atomic_inc(&sta->users); 1897 spin_unlock_bh(&local->ap->sta_table_lock); 1898 1899 if (sta == NULL) { 1900 PDEBUG(DEBUG_PS, " STA not found\n"); 1901 return; 1902 } 1903 if (sta->aid != aid) { 1904 PDEBUG(DEBUG_PS, " received aid=%i does not match with " 1905 "assoc.aid=%d\n", aid, sta->aid); 1906 return; 1907 } 1908 1909 /* FIX: todo: 1910 * - add timeout for buffering (clear aid in TIM vector if buffer timed 1911 * out (expiry time must be longer than ListenInterval for 1912 * the corresponding STA; "8802-11: 11.2.1.9 AP aging function" 1913 * - what to do, if buffered, pspolled, and sent frame is not ACKed by 1914 * sta; store buffer for later use and leave TIM aid bit set? use 1915 * TX event to check whether frame was ACKed? 1916 */ 1917 1918 while ((skb = skb_dequeue(&sta->tx_buf)) != NULL) { 1919 /* send buffered frame .. */ 1920 PDEBUG(DEBUG_PS2, "Sending buffered frame to STA after PS POLL" 1921 " (buffer_count=%d)\n", skb_queue_len(&sta->tx_buf)); 1922 1923 pspoll_send_buffered(local, sta, skb); 1924 1925 if (sta->flags & WLAN_STA_PS) { 1926 /* send only one buffered packet per PS Poll */ 1927 /* FIX: should ignore further PS Polls until the 1928 * buffered packet that was just sent is acknowledged 1929 * (Tx or TxExc event) */ 1930 break; 1931 } 1932 } 1933 1934 if (skb_queue_empty(&sta->tx_buf)) { 1935 /* try to clear aid from TIM */ 1936 if (!(sta->flags & WLAN_STA_TIM)) 1937 PDEBUG(DEBUG_PS2, "Re-unsetting TIM for aid %d\n", 1938 aid); 1939 hostap_set_tim(local, aid, 0); 1940 sta->flags &= ~WLAN_STA_TIM; 1941 } 1942 1943 atomic_dec(&sta->users); 1944} 1945 1946 1947#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 1948 1949static void handle_wds_oper_queue(struct work_struct *work) 1950{ 1951 struct ap_data *ap = container_of(work, struct ap_data, 1952 wds_oper_queue); 1953 local_info_t *local = ap->local; 1954 struct wds_oper_data *entry, *prev; 1955 1956 spin_lock_bh(&local->lock); 1957 entry = local->ap->wds_oper_entries; 1958 local->ap->wds_oper_entries = NULL; 1959 spin_unlock_bh(&local->lock); 1960 1961 while (entry) { 1962 PDEBUG(DEBUG_AP, "%s: %s automatic WDS connection " 1963 "to AP " MACSTR "\n", 1964 local->dev->name, 1965 entry->type == WDS_ADD ? "adding" : "removing", 1966 MAC2STR(entry->addr)); 1967 if (entry->type == WDS_ADD) 1968 prism2_wds_add(local, entry->addr, 0); 1969 else if (entry->type == WDS_DEL) 1970 prism2_wds_del(local, entry->addr, 0, 1); 1971 1972 prev = entry; 1973 entry = entry->next; 1974 kfree(prev); 1975 } 1976} 1977 1978 1979/* Called only as a scheduled task for pending AP frames. */ 1980static void handle_beacon(local_info_t *local, struct sk_buff *skb, 1981 struct hostap_80211_rx_status *rx_stats) 1982{ 1983 struct ieee80211_hdr_4addr *hdr = (struct ieee80211_hdr_4addr *) skb->data; 1984 char *body = skb->data + IEEE80211_MGMT_HDR_LEN; 1985 int len, left; 1986 u16 *pos, beacon_int, capability; 1987 char *ssid = NULL; 1988 unsigned char *supp_rates = NULL; 1989 int ssid_len = 0, supp_rates_len = 0; 1990 struct sta_info *sta = NULL; 1991 int new_sta = 0, channel = -1; 1992 1993 len = skb->len - IEEE80211_MGMT_HDR_LEN; 1994 1995 if (len < 8 + 2 + 2) { 1996 printk(KERN_DEBUG "handle_beacon - too short payload " 1997 "(len=%d)\n", len); 1998 return; 1999 } 2000 2001 pos = (u16 *) body; 2002 left = len; 2003 2004 /* Timestamp (8 octets) */ 2005 pos += 4; left -= 8; 2006 /* Beacon interval (2 octets) */ 2007 beacon_int = __le16_to_cpu(*pos); 2008 pos++; left -= 2; 2009 /* Capability information (2 octets) */ 2010 capability = __le16_to_cpu(*pos); 2011 pos++; left -= 2; 2012 2013 if (local->ap->ap_policy != AP_OTHER_AP_EVEN_IBSS && 2014 capability & WLAN_CAPABILITY_IBSS) 2015 return; 2016 2017 if (left >= 2) { 2018 unsigned int ileft; 2019 unsigned char *u = (unsigned char *) pos; 2020 2021 if (*u == WLAN_EID_SSID) { 2022 u++; left--; 2023 ileft = *u; 2024 u++; left--; 2025 2026 if (ileft > left || ileft > MAX_SSID_LEN) { 2027 PDEBUG(DEBUG_AP, "SSID: overflow\n"); 2028 return; 2029 } 2030 2031 if (local->ap->ap_policy == AP_OTHER_AP_SAME_SSID && 2032 (ileft != strlen(local->essid) || 2033 memcmp(local->essid, u, ileft) != 0)) { 2034 /* not our SSID */ 2035 return; 2036 } 2037 2038 ssid = u; 2039 ssid_len = ileft; 2040 2041 u += ileft; 2042 left -= ileft; 2043 } 2044 2045 if (*u == WLAN_EID_SUPP_RATES) { 2046 u++; left--; 2047 ileft = *u; 2048 u++; left--; 2049 2050 if (ileft > left || ileft == 0 || ileft > 8) { 2051 PDEBUG(DEBUG_AP, " - SUPP_RATES len error\n"); 2052 return; 2053 } 2054 2055 supp_rates = u; 2056 supp_rates_len = ileft; 2057 2058 u += ileft; 2059 left -= ileft; 2060 } 2061 2062 if (*u == WLAN_EID_DS_PARAMS) { 2063 u++; left--; 2064 ileft = *u; 2065 u++; left--; 2066 2067 if (ileft > left || ileft != 1) { 2068 PDEBUG(DEBUG_AP, " - DS_PARAMS len error\n"); 2069 return; 2070 } 2071 2072 channel = *u; 2073 2074 u += ileft; 2075 left -= ileft; 2076 } 2077 } 2078 2079 spin_lock_bh(&local->ap->sta_table_lock); 2080 sta = ap_get_sta(local->ap, hdr->addr2); 2081 if (sta != NULL) 2082 atomic_inc(&sta->users); 2083 spin_unlock_bh(&local->ap->sta_table_lock); 2084 2085 if (sta == NULL) { 2086 /* add new AP */ 2087 new_sta = 1; 2088 sta = ap_add_sta(local->ap, hdr->addr2); 2089 if (sta == NULL) { 2090 printk(KERN_INFO "prism2: kmalloc failed for AP " 2091 "data structure\n"); 2092 return; 2093 } 2094 hostap_event_new_sta(local->dev, sta); 2095 2096 /* mark APs authentication and associated for pseudo ad-hoc 2097 * style communication */ 2098 sta->flags = WLAN_STA_AUTH | WLAN_STA_ASSOC; 2099 2100 if (local->ap->autom_ap_wds) { 2101 hostap_wds_link_oper(local, sta->addr, WDS_ADD); 2102 } 2103 } 2104 2105 sta->ap = 1; 2106 if (ssid) { 2107 sta->u.ap.ssid_len = ssid_len; 2108 memcpy(sta->u.ap.ssid, ssid, ssid_len); 2109 sta->u.ap.ssid[ssid_len] = '\0'; 2110 } else { 2111 sta->u.ap.ssid_len = 0; 2112 sta->u.ap.ssid[0] = '\0'; 2113 } 2114 sta->u.ap.channel = channel; 2115 sta->rx_packets++; 2116 sta->rx_bytes += len; 2117 sta->u.ap.last_beacon = sta->last_rx = jiffies; 2118 sta->capability = capability; 2119 sta->listen_interval = beacon_int; 2120 2121 atomic_dec(&sta->users); 2122 2123 if (new_sta) { 2124 memset(sta->supported_rates, 0, sizeof(sta->supported_rates)); 2125 memcpy(sta->supported_rates, supp_rates, supp_rates_len); 2126 prism2_check_tx_rates(sta); 2127 } 2128} 2129 2130#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 2131 2132 2133/* Called only as a tasklet. */ 2134static void handle_ap_item(local_info_t *local, struct sk_buff *skb, 2135 struct hostap_80211_rx_status *rx_stats) 2136{ 2137#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 2138 struct net_device *dev = local->dev; 2139#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 2140 u16 fc, type, stype; 2141 struct ieee80211_hdr_4addr *hdr; 2142 2143 /* FIX: should give skb->len to handler functions and check that the 2144 * buffer is long enough */ 2145 hdr = (struct ieee80211_hdr_4addr *) skb->data; 2146 fc = le16_to_cpu(hdr->frame_ctl); 2147 type = WLAN_FC_GET_TYPE(fc); 2148 stype = WLAN_FC_GET_STYPE(fc); 2149 2150#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 2151 if (!local->hostapd && type == IEEE80211_FTYPE_DATA) { 2152 PDEBUG(DEBUG_AP, "handle_ap_item - data frame\n"); 2153 2154 if (!(fc & IEEE80211_FCTL_TODS) || 2155 (fc & IEEE80211_FCTL_FROMDS)) { 2156 if (stype == IEEE80211_STYPE_NULLFUNC) { 2157 /* no ToDS nullfunc seems to be used to check 2158 * AP association; so send reject message to 2159 * speed up re-association */ 2160 ap_handle_dropped_data(local, hdr); 2161 goto done; 2162 } 2163 PDEBUG(DEBUG_AP, " not ToDS frame (fc=0x%04x)\n", 2164 fc); 2165 goto done; 2166 } 2167 2168 if (memcmp(hdr->addr1, dev->dev_addr, ETH_ALEN)) { 2169 PDEBUG(DEBUG_AP, "handle_ap_item - addr1(BSSID)=" 2170 MACSTR " not own MAC\n", 2171 MAC2STR(hdr->addr1)); 2172 goto done; 2173 } 2174 2175 if (local->ap->nullfunc_ack && 2176 stype == IEEE80211_STYPE_NULLFUNC) 2177 ap_handle_data_nullfunc(local, hdr); 2178 else 2179 ap_handle_dropped_data(local, hdr); 2180 goto done; 2181 } 2182 2183 if (type == IEEE80211_FTYPE_MGMT && stype == IEEE80211_STYPE_BEACON) { 2184 handle_beacon(local, skb, rx_stats); 2185 goto done; 2186 } 2187#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 2188 2189 if (type == IEEE80211_FTYPE_CTL && stype == IEEE80211_STYPE_PSPOLL) { 2190 handle_pspoll(local, hdr, rx_stats); 2191 goto done; 2192 } 2193 2194 if (local->hostapd) { 2195 PDEBUG(DEBUG_AP, "Unknown frame in AP queue: type=0x%02x " 2196 "subtype=0x%02x\n", type, stype); 2197 goto done; 2198 } 2199 2200#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 2201 if (type != IEEE80211_FTYPE_MGMT) { 2202 PDEBUG(DEBUG_AP, "handle_ap_item - not a management frame?\n"); 2203 goto done; 2204 } 2205 2206 if (memcmp(hdr->addr1, dev->dev_addr, ETH_ALEN)) { 2207 PDEBUG(DEBUG_AP, "handle_ap_item - addr1(DA)=" MACSTR 2208 " not own MAC\n", MAC2STR(hdr->addr1)); 2209 goto done; 2210 } 2211 2212 if (memcmp(hdr->addr3, dev->dev_addr, ETH_ALEN)) { 2213 PDEBUG(DEBUG_AP, "handle_ap_item - addr3(BSSID)=" MACSTR 2214 " not own MAC\n", MAC2STR(hdr->addr3)); 2215 goto done; 2216 } 2217 2218 switch (stype) { 2219 case IEEE80211_STYPE_ASSOC_REQ: 2220 handle_assoc(local, skb, rx_stats, 0); 2221 break; 2222 case IEEE80211_STYPE_ASSOC_RESP: 2223 PDEBUG(DEBUG_AP, "==> ASSOC RESP (ignored)\n"); 2224 break; 2225 case IEEE80211_STYPE_REASSOC_REQ: 2226 handle_assoc(local, skb, rx_stats, 1); 2227 break; 2228 case IEEE80211_STYPE_REASSOC_RESP: 2229 PDEBUG(DEBUG_AP, "==> REASSOC RESP (ignored)\n"); 2230 break; 2231 case IEEE80211_STYPE_ATIM: 2232 PDEBUG(DEBUG_AP, "==> ATIM (ignored)\n"); 2233 break; 2234 case IEEE80211_STYPE_DISASSOC: 2235 handle_disassoc(local, skb, rx_stats); 2236 break; 2237 case IEEE80211_STYPE_AUTH: 2238 handle_authen(local, skb, rx_stats); 2239 break; 2240 case IEEE80211_STYPE_DEAUTH: 2241 handle_deauth(local, skb, rx_stats); 2242 break; 2243 default: 2244 PDEBUG(DEBUG_AP, "Unknown mgmt frame subtype 0x%02x\n", 2245 stype >> 4); 2246 break; 2247 } 2248#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 2249 2250 done: 2251 dev_kfree_skb(skb); 2252} 2253 2254 2255/* Called only as a tasklet (software IRQ) */ 2256void hostap_rx(struct net_device *dev, struct sk_buff *skb, 2257 struct hostap_80211_rx_status *rx_stats) 2258{ 2259 struct hostap_interface *iface; 2260 local_info_t *local; 2261 u16 fc; 2262 struct ieee80211_hdr_4addr *hdr; 2263 2264 iface = netdev_priv(dev); 2265 local = iface->local; 2266 2267 if (skb->len < 16) 2268 goto drop; 2269 2270 local->stats.rx_packets++; 2271 2272 hdr = (struct ieee80211_hdr_4addr *) skb->data; 2273 fc = le16_to_cpu(hdr->frame_ctl); 2274 2275 if (local->ap->ap_policy == AP_OTHER_AP_SKIP_ALL && 2276 WLAN_FC_GET_TYPE(fc) == IEEE80211_FTYPE_MGMT && 2277 WLAN_FC_GET_STYPE(fc) == IEEE80211_STYPE_BEACON) 2278 goto drop; 2279 2280 skb->protocol = __constant_htons(ETH_P_HOSTAP); 2281 handle_ap_item(local, skb, rx_stats); 2282 return; 2283 2284 drop: 2285 dev_kfree_skb(skb); 2286} 2287 2288 2289/* Called only as a tasklet (software IRQ) */ 2290static void schedule_packet_send(local_info_t *local, struct sta_info *sta) 2291{ 2292 struct sk_buff *skb; 2293 struct ieee80211_hdr_4addr *hdr; 2294 struct hostap_80211_rx_status rx_stats; 2295 2296 if (skb_queue_empty(&sta->tx_buf)) 2297 return; 2298 2299 skb = dev_alloc_skb(16); 2300 if (skb == NULL) { 2301 printk(KERN_DEBUG "%s: schedule_packet_send: skb alloc " 2302 "failed\n", local->dev->name); 2303 return; 2304 } 2305 2306 hdr = (struct ieee80211_hdr_4addr *) skb_put(skb, 16); 2307 2308 /* Generate a fake pspoll frame to start packet delivery */ 2309 hdr->frame_ctl = __constant_cpu_to_le16( 2310 IEEE80211_FTYPE_CTL | IEEE80211_STYPE_PSPOLL); 2311 memcpy(hdr->addr1, local->dev->dev_addr, ETH_ALEN); 2312 memcpy(hdr->addr2, sta->addr, ETH_ALEN); 2313 hdr->duration_id = cpu_to_le16(sta->aid | BIT(15) | BIT(14)); 2314 2315 PDEBUG(DEBUG_PS2, "%s: Scheduling buffered packet delivery for " 2316 "STA " MACSTR "\n", local->dev->name, MAC2STR(sta->addr)); 2317 2318 skb->dev = local->dev; 2319 2320 memset(&rx_stats, 0, sizeof(rx_stats)); 2321 hostap_rx(local->dev, skb, &rx_stats); 2322} 2323 2324 2325int prism2_ap_get_sta_qual(local_info_t *local, struct sockaddr addr[], 2326 struct iw_quality qual[], int buf_size, 2327 int aplist) 2328{ 2329 struct ap_data *ap = local->ap; 2330 struct list_head *ptr; 2331 int count = 0; 2332 2333 spin_lock_bh(&ap->sta_table_lock); 2334 2335 for (ptr = ap->sta_list.next; ptr != NULL && ptr != &ap->sta_list; 2336 ptr = ptr->next) { 2337 struct sta_info *sta = (struct sta_info *) ptr; 2338 2339 if (aplist && !sta->ap) 2340 continue; 2341 addr[count].sa_family = ARPHRD_ETHER; 2342 memcpy(addr[count].sa_data, sta->addr, ETH_ALEN); 2343 if (sta->last_rx_silence == 0) 2344 qual[count].qual = sta->last_rx_signal < 27 ? 2345 0 : (sta->last_rx_signal - 27) * 92 / 127; 2346 else 2347 qual[count].qual = sta->last_rx_signal - 2348 sta->last_rx_silence - 35; 2349 qual[count].level = HFA384X_LEVEL_TO_dBm(sta->last_rx_signal); 2350 qual[count].noise = HFA384X_LEVEL_TO_dBm(sta->last_rx_silence); 2351 qual[count].updated = sta->last_rx_updated; 2352 2353 sta->last_rx_updated = IW_QUAL_DBM; 2354 2355 count++; 2356 if (count >= buf_size) 2357 break; 2358 } 2359 spin_unlock_bh(&ap->sta_table_lock); 2360 2361 return count; 2362} 2363 2364 2365/* Translate our list of Access Points & Stations to a card independant 2366 * format that the Wireless Tools will understand - Jean II */ 2367int prism2_ap_translate_scan(struct net_device *dev, char *buffer) 2368{ 2369 struct hostap_interface *iface; 2370 local_info_t *local; 2371 struct ap_data *ap; 2372 struct list_head *ptr; 2373 struct iw_event iwe; 2374 char *current_ev = buffer; 2375 char *end_buf = buffer + IW_SCAN_MAX_DATA; 2376#if !defined(PRISM2_NO_KERNEL_IEEE80211_MGMT) 2377 char buf[64]; 2378#endif 2379 2380 iface = netdev_priv(dev); 2381 local = iface->local; 2382 ap = local->ap; 2383 2384 spin_lock_bh(&ap->sta_table_lock); 2385 2386 for (ptr = ap->sta_list.next; ptr != NULL && ptr != &ap->sta_list; 2387 ptr = ptr->next) { 2388 struct sta_info *sta = (struct sta_info *) ptr; 2389 2390 /* First entry *MUST* be the AP MAC address */ 2391 memset(&iwe, 0, sizeof(iwe)); 2392 iwe.cmd = SIOCGIWAP; 2393 iwe.u.ap_addr.sa_family = ARPHRD_ETHER; 2394 memcpy(iwe.u.ap_addr.sa_data, sta->addr, ETH_ALEN); 2395 iwe.len = IW_EV_ADDR_LEN; 2396 current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe, 2397 IW_EV_ADDR_LEN); 2398 2399 /* Use the mode to indicate if it's a station or 2400 * an Access Point */ 2401 memset(&iwe, 0, sizeof(iwe)); 2402 iwe.cmd = SIOCGIWMODE; 2403 if (sta->ap) 2404 iwe.u.mode = IW_MODE_MASTER; 2405 else 2406 iwe.u.mode = IW_MODE_INFRA; 2407 iwe.len = IW_EV_UINT_LEN; 2408 current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe, 2409 IW_EV_UINT_LEN); 2410 2411 /* Some quality */ 2412 memset(&iwe, 0, sizeof(iwe)); 2413 iwe.cmd = IWEVQUAL; 2414 if (sta->last_rx_silence == 0) 2415 iwe.u.qual.qual = sta->last_rx_signal < 27 ? 2416 0 : (sta->last_rx_signal - 27) * 92 / 127; 2417 else 2418 iwe.u.qual.qual = sta->last_rx_signal - 2419 sta->last_rx_silence - 35; 2420 iwe.u.qual.level = HFA384X_LEVEL_TO_dBm(sta->last_rx_signal); 2421 iwe.u.qual.noise = HFA384X_LEVEL_TO_dBm(sta->last_rx_silence); 2422 iwe.u.qual.updated = sta->last_rx_updated; 2423 iwe.len = IW_EV_QUAL_LEN; 2424 current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe, 2425 IW_EV_QUAL_LEN); 2426 2427#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 2428 if (sta->ap) { 2429 memset(&iwe, 0, sizeof(iwe)); 2430 iwe.cmd = SIOCGIWESSID; 2431 iwe.u.data.length = sta->u.ap.ssid_len; 2432 iwe.u.data.flags = 1; 2433 current_ev = iwe_stream_add_point(current_ev, end_buf, 2434 &iwe, 2435 sta->u.ap.ssid); 2436 2437 memset(&iwe, 0, sizeof(iwe)); 2438 iwe.cmd = SIOCGIWENCODE; 2439 if (sta->capability & WLAN_CAPABILITY_PRIVACY) 2440 iwe.u.data.flags = 2441 IW_ENCODE_ENABLED | IW_ENCODE_NOKEY; 2442 else 2443 iwe.u.data.flags = IW_ENCODE_DISABLED; 2444 current_ev = iwe_stream_add_point(current_ev, end_buf, 2445 &iwe, 2446 sta->u.ap.ssid 2447 /* 0 byte memcpy */); 2448 2449 if (sta->u.ap.channel > 0 && 2450 sta->u.ap.channel <= FREQ_COUNT) { 2451 memset(&iwe, 0, sizeof(iwe)); 2452 iwe.cmd = SIOCGIWFREQ; 2453 iwe.u.freq.m = freq_list[sta->u.ap.channel - 1] 2454 * 100000; 2455 iwe.u.freq.e = 1; 2456 current_ev = iwe_stream_add_event( 2457 current_ev, end_buf, &iwe, 2458 IW_EV_FREQ_LEN); 2459 } 2460 2461 memset(&iwe, 0, sizeof(iwe)); 2462 iwe.cmd = IWEVCUSTOM; 2463 sprintf(buf, "beacon_interval=%d", 2464 sta->listen_interval); 2465 iwe.u.data.length = strlen(buf); 2466 current_ev = iwe_stream_add_point(current_ev, end_buf, 2467 &iwe, buf); 2468 } 2469#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 2470 2471 sta->last_rx_updated = IW_QUAL_DBM; 2472 2473 /* To be continued, we should make good use of IWEVCUSTOM */ 2474 } 2475 2476 spin_unlock_bh(&ap->sta_table_lock); 2477 2478 return current_ev - buffer; 2479} 2480 2481 2482static int prism2_hostapd_add_sta(struct ap_data *ap, 2483 struct prism2_hostapd_param *param) 2484{ 2485 struct sta_info *sta; 2486 2487 spin_lock_bh(&ap->sta_table_lock); 2488 sta = ap_get_sta(ap, param->sta_addr); 2489 if (sta) 2490 atomic_inc(&sta->users); 2491 spin_unlock_bh(&ap->sta_table_lock); 2492 2493 if (sta == NULL) { 2494 sta = ap_add_sta(ap, param->sta_addr); 2495 if (sta == NULL) 2496 return -1; 2497 } 2498 2499 if (!(sta->flags & WLAN_STA_ASSOC) && !sta->ap && sta->local) 2500 hostap_event_new_sta(sta->local->dev, sta); 2501 2502 sta->flags |= WLAN_STA_AUTH | WLAN_STA_ASSOC; 2503 sta->last_rx = jiffies; 2504 sta->aid = param->u.add_sta.aid; 2505 sta->capability = param->u.add_sta.capability; 2506 sta->tx_supp_rates = param->u.add_sta.tx_supp_rates; 2507 if (sta->tx_supp_rates & WLAN_RATE_1M) 2508 sta->supported_rates[0] = 2; 2509 if (sta->tx_supp_rates & WLAN_RATE_2M) 2510 sta->supported_rates[1] = 4; 2511 if (sta->tx_supp_rates & WLAN_RATE_5M5) 2512 sta->supported_rates[2] = 11; 2513 if (sta->tx_supp_rates & WLAN_RATE_11M) 2514 sta->supported_rates[3] = 22; 2515 prism2_check_tx_rates(sta); 2516 atomic_dec(&sta->users); 2517 return 0; 2518} 2519 2520 2521static int prism2_hostapd_remove_sta(struct ap_data *ap, 2522 struct prism2_hostapd_param *param) 2523{ 2524 struct sta_info *sta; 2525 2526 spin_lock_bh(&ap->sta_table_lock); 2527 sta = ap_get_sta(ap, param->sta_addr); 2528 if (sta) { 2529 ap_sta_hash_del(ap, sta); 2530 list_del(&sta->list); 2531 } 2532 spin_unlock_bh(&ap->sta_table_lock); 2533 2534 if (!sta) 2535 return -ENOENT; 2536 2537 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap && sta->local) 2538 hostap_event_expired_sta(sta->local->dev, sta); 2539 ap_free_sta(ap, sta); 2540 2541 return 0; 2542} 2543 2544 2545static int prism2_hostapd_get_info_sta(struct ap_data *ap, 2546 struct prism2_hostapd_param *param) 2547{ 2548 struct sta_info *sta; 2549 2550 spin_lock_bh(&ap->sta_table_lock); 2551 sta = ap_get_sta(ap, param->sta_addr); 2552 if (sta) 2553 atomic_inc(&sta->users); 2554 spin_unlock_bh(&ap->sta_table_lock); 2555 2556 if (!sta) 2557 return -ENOENT; 2558 2559 param->u.get_info_sta.inactive_sec = (jiffies - sta->last_rx) / HZ; 2560 2561 atomic_dec(&sta->users); 2562 2563 return 1; 2564} 2565 2566 2567static int prism2_hostapd_set_flags_sta(struct ap_data *ap, 2568 struct prism2_hostapd_param *param) 2569{ 2570 struct sta_info *sta; 2571 2572 spin_lock_bh(&ap->sta_table_lock); 2573 sta = ap_get_sta(ap, param->sta_addr); 2574 if (sta) { 2575 sta->flags |= param->u.set_flags_sta.flags_or; 2576 sta->flags &= param->u.set_flags_sta.flags_and; 2577 } 2578 spin_unlock_bh(&ap->sta_table_lock); 2579 2580 if (!sta) 2581 return -ENOENT; 2582 2583 return 0; 2584} 2585 2586 2587static int prism2_hostapd_sta_clear_stats(struct ap_data *ap, 2588 struct prism2_hostapd_param *param) 2589{ 2590 struct sta_info *sta; 2591 int rate; 2592 2593 spin_lock_bh(&ap->sta_table_lock); 2594 sta = ap_get_sta(ap, param->sta_addr); 2595 if (sta) { 2596 sta->rx_packets = sta->tx_packets = 0; 2597 sta->rx_bytes = sta->tx_bytes = 0; 2598 for (rate = 0; rate < WLAN_RATE_COUNT; rate++) { 2599 sta->tx_count[rate] = 0; 2600 sta->rx_count[rate] = 0; 2601 } 2602 } 2603 spin_unlock_bh(&ap->sta_table_lock); 2604 2605 if (!sta) 2606 return -ENOENT; 2607 2608 return 0; 2609} 2610 2611 2612int prism2_hostapd(struct ap_data *ap, struct prism2_hostapd_param *param) 2613{ 2614 switch (param->cmd) { 2615 case PRISM2_HOSTAPD_FLUSH: 2616 ap_control_kickall(ap); 2617 return 0; 2618 case PRISM2_HOSTAPD_ADD_STA: 2619 return prism2_hostapd_add_sta(ap, param); 2620 case PRISM2_HOSTAPD_REMOVE_STA: 2621 return prism2_hostapd_remove_sta(ap, param); 2622 case PRISM2_HOSTAPD_GET_INFO_STA: 2623 return prism2_hostapd_get_info_sta(ap, param); 2624 case PRISM2_HOSTAPD_SET_FLAGS_STA: 2625 return prism2_hostapd_set_flags_sta(ap, param); 2626 case PRISM2_HOSTAPD_STA_CLEAR_STATS: 2627 return prism2_hostapd_sta_clear_stats(ap, param); 2628 default: 2629 printk(KERN_WARNING "prism2_hostapd: unknown cmd=%d\n", 2630 param->cmd); 2631 return -EOPNOTSUPP; 2632 } 2633} 2634 2635 2636/* Update station info for host-based TX rate control and return current 2637 * TX rate */ 2638static int ap_update_sta_tx_rate(struct sta_info *sta, struct net_device *dev) 2639{ 2640 int ret = sta->tx_rate; 2641 struct hostap_interface *iface; 2642 local_info_t *local; 2643 2644 iface = netdev_priv(dev); 2645 local = iface->local; 2646 2647 sta->tx_count[sta->tx_rate_idx]++; 2648 sta->tx_since_last_failure++; 2649 sta->tx_consecutive_exc = 0; 2650 if (sta->tx_since_last_failure >= WLAN_RATE_UPDATE_COUNT && 2651 sta->tx_rate_idx < sta->tx_max_rate) { 2652 /* use next higher rate */ 2653 int old_rate, new_rate; 2654 old_rate = new_rate = sta->tx_rate_idx; 2655 while (new_rate < sta->tx_max_rate) { 2656 new_rate++; 2657 if (ap_tx_rate_ok(new_rate, sta, local)) { 2658 sta->tx_rate_idx = new_rate; 2659 break; 2660 } 2661 } 2662 if (old_rate != sta->tx_rate_idx) { 2663 switch (sta->tx_rate_idx) { 2664 case 0: sta->tx_rate = 10; break; 2665 case 1: sta->tx_rate = 20; break; 2666 case 2: sta->tx_rate = 55; break; 2667 case 3: sta->tx_rate = 110; break; 2668 default: sta->tx_rate = 0; break; 2669 } 2670 PDEBUG(DEBUG_AP, "%s: STA " MACSTR " TX rate raised to" 2671 " %d\n", dev->name, MAC2STR(sta->addr), 2672 sta->tx_rate); 2673 } 2674 sta->tx_since_last_failure = 0; 2675 } 2676 2677 return ret; 2678} 2679 2680 2681/* Called only from software IRQ. Called for each TX frame prior possible 2682 * encryption and transmit. */ 2683ap_tx_ret hostap_handle_sta_tx(local_info_t *local, struct hostap_tx_data *tx) 2684{ 2685 struct sta_info *sta = NULL; 2686 struct sk_buff *skb = tx->skb; 2687 int set_tim, ret; 2688 struct ieee80211_hdr_4addr *hdr; 2689 struct hostap_skb_tx_data *meta; 2690 2691 meta = (struct hostap_skb_tx_data *) skb->cb; 2692 ret = AP_TX_CONTINUE; 2693 if (local->ap == NULL || skb->len < 10 || 2694 meta->iface->type == HOSTAP_INTERFACE_STA) 2695 goto out; 2696 2697 hdr = (struct ieee80211_hdr_4addr *) skb->data; 2698 2699 if (hdr->addr1[0] & 0x01) { 2700 /* broadcast/multicast frame - no AP related processing */ 2701 goto out; 2702 } 2703 2704 /* unicast packet - check whether destination STA is associated */ 2705 spin_lock(&local->ap->sta_table_lock); 2706 sta = ap_get_sta(local->ap, hdr->addr1); 2707 if (sta) 2708 atomic_inc(&sta->users); 2709 spin_unlock(&local->ap->sta_table_lock); 2710 2711 if (local->iw_mode == IW_MODE_MASTER && sta == NULL && 2712 !(meta->flags & HOSTAP_TX_FLAGS_WDS) && 2713 meta->iface->type != HOSTAP_INTERFACE_MASTER && 2714 meta->iface->type != HOSTAP_INTERFACE_AP) { 2715 local->ap->tx_drop_nonassoc++; 2716 ret = AP_TX_DROP; 2717 goto out; 2718 } 2719 2720 if (sta == NULL) 2721 goto out; 2722 2723 if (!(sta->flags & WLAN_STA_AUTHORIZED)) 2724 ret = AP_TX_CONTINUE_NOT_AUTHORIZED; 2725 2726 /* Set tx_rate if using host-based TX rate control */ 2727 if (!local->fw_tx_rate_control) 2728 local->ap->last_tx_rate = meta->rate = 2729 ap_update_sta_tx_rate(sta, local->dev); 2730 2731 if (local->iw_mode != IW_MODE_MASTER) 2732 goto out; 2733 2734 if (!(sta->flags & WLAN_STA_PS)) 2735 goto out; 2736 2737 if (meta->flags & HOSTAP_TX_FLAGS_ADD_MOREDATA) { 2738 /* indicate to STA that more frames follow */ 2739 hdr->frame_ctl |= 2740 __constant_cpu_to_le16(IEEE80211_FCTL_MOREDATA); 2741 } 2742 2743 if (meta->flags & HOSTAP_TX_FLAGS_BUFFERED_FRAME) { 2744 /* packet was already buffered and now send due to 2745 * PS poll, so do not rebuffer it */ 2746 goto out; 2747 } 2748 2749 if (skb_queue_len(&sta->tx_buf) >= STA_MAX_TX_BUFFER) { 2750 PDEBUG(DEBUG_PS, "%s: No more space in STA (" MACSTR ")'s PS " 2751 "mode buffer\n", local->dev->name, MAC2STR(sta->addr)); 2752 /* Make sure that TIM is set for the station (it might not be 2753 * after AP wlan hw reset). */ 2754 /* FIX: should fix hw reset to restore bits based on STA 2755 * buffer state.. */ 2756 hostap_set_tim(local, sta->aid, 1); 2757 sta->flags |= WLAN_STA_TIM; 2758 ret = AP_TX_DROP; 2759 goto out; 2760 } 2761 2762 /* STA in PS mode, buffer frame for later delivery */ 2763 set_tim = skb_queue_empty(&sta->tx_buf); 2764 skb_queue_tail(&sta->tx_buf, skb); 2765 /* FIX: could save RX time to skb and expire buffered frames after 2766 * some time if STA does not poll for them */ 2767 2768 if (set_tim) { 2769 if (sta->flags & WLAN_STA_TIM) 2770 PDEBUG(DEBUG_PS2, "Re-setting TIM for aid %d\n", 2771 sta->aid); 2772 hostap_set_tim(local, sta->aid, 1); 2773 sta->flags |= WLAN_STA_TIM; 2774 } 2775 2776 ret = AP_TX_BUFFERED; 2777 2778 out: 2779 if (sta != NULL) { 2780 if (ret == AP_TX_CONTINUE || 2781 ret == AP_TX_CONTINUE_NOT_AUTHORIZED) { 2782 sta->tx_packets++; 2783 sta->tx_bytes += skb->len; 2784 sta->last_tx = jiffies; 2785 } 2786 2787 if ((ret == AP_TX_CONTINUE || 2788 ret == AP_TX_CONTINUE_NOT_AUTHORIZED) && 2789 sta->crypt && tx->host_encrypt) { 2790 tx->crypt = sta->crypt; 2791 tx->sta_ptr = sta; /* hostap_handle_sta_release() will 2792 * be called to release sta info 2793 * later */ 2794 } else 2795 atomic_dec(&sta->users); 2796 } 2797 2798 return ret; 2799} 2800 2801 2802void hostap_handle_sta_release(void *ptr) 2803{ 2804 struct sta_info *sta = ptr; 2805 atomic_dec(&sta->users); 2806} 2807 2808 2809/* Called only as a tasklet (software IRQ) */ 2810void hostap_handle_sta_tx_exc(local_info_t *local, struct sk_buff *skb) 2811{ 2812 struct sta_info *sta; 2813 struct ieee80211_hdr_4addr *hdr; 2814 struct hostap_skb_tx_data *meta; 2815 2816 hdr = (struct ieee80211_hdr_4addr *) skb->data; 2817 meta = (struct hostap_skb_tx_data *) skb->cb; 2818 2819 spin_lock(&local->ap->sta_table_lock); 2820 sta = ap_get_sta(local->ap, hdr->addr1); 2821 if (!sta) { 2822 spin_unlock(&local->ap->sta_table_lock); 2823 PDEBUG(DEBUG_AP, "%s: Could not find STA " MACSTR " for this " 2824 "TX error (@%lu)\n", 2825 local->dev->name, MAC2STR(hdr->addr1), jiffies); 2826 return; 2827 } 2828 2829 sta->tx_since_last_failure = 0; 2830 sta->tx_consecutive_exc++; 2831 2832 if (sta->tx_consecutive_exc >= WLAN_RATE_DECREASE_THRESHOLD && 2833 sta->tx_rate_idx > 0 && meta->rate <= sta->tx_rate) { 2834 /* use next lower rate */ 2835 int old, rate; 2836 old = rate = sta->tx_rate_idx; 2837 while (rate > 0) { 2838 rate--; 2839 if (ap_tx_rate_ok(rate, sta, local)) { 2840 sta->tx_rate_idx = rate; 2841 break; 2842 } 2843 } 2844 if (old != sta->tx_rate_idx) { 2845 switch (sta->tx_rate_idx) { 2846 case 0: sta->tx_rate = 10; break; 2847 case 1: sta->tx_rate = 20; break; 2848 case 2: sta->tx_rate = 55; break; 2849 case 3: sta->tx_rate = 110; break; 2850 default: sta->tx_rate = 0; break; 2851 } 2852 PDEBUG(DEBUG_AP, "%s: STA " MACSTR " TX rate lowered " 2853 "to %d\n", local->dev->name, MAC2STR(sta->addr), 2854 sta->tx_rate); 2855 } 2856 sta->tx_consecutive_exc = 0; 2857 } 2858 spin_unlock(&local->ap->sta_table_lock); 2859} 2860 2861 2862static void hostap_update_sta_ps2(local_info_t *local, struct sta_info *sta, 2863 int pwrmgt, int type, int stype) 2864{ 2865 if (pwrmgt && !(sta->flags & WLAN_STA_PS)) { 2866 sta->flags |= WLAN_STA_PS; 2867 PDEBUG(DEBUG_PS2, "STA " MACSTR " changed to use PS " 2868 "mode (type=0x%02X, stype=0x%02X)\n", 2869 MAC2STR(sta->addr), type >> 2, stype >> 4); 2870 } else if (!pwrmgt && (sta->flags & WLAN_STA_PS)) { 2871 sta->flags &= ~WLAN_STA_PS; 2872 PDEBUG(DEBUG_PS2, "STA " MACSTR " changed to not use " 2873 "PS mode (type=0x%02X, stype=0x%02X)\n", 2874 MAC2STR(sta->addr), type >> 2, stype >> 4); 2875 if (type != IEEE80211_FTYPE_CTL || 2876 stype != IEEE80211_STYPE_PSPOLL) 2877 schedule_packet_send(local, sta); 2878 } 2879} 2880 2881 2882/* Called only as a tasklet (software IRQ). Called for each RX frame to update 2883 * STA power saving state. pwrmgt is a flag from 802.11 frame_ctl field. */ 2884int hostap_update_sta_ps(local_info_t *local, struct ieee80211_hdr_4addr *hdr) 2885{ 2886 struct sta_info *sta; 2887 u16 fc; 2888 2889 spin_lock(&local->ap->sta_table_lock); 2890 sta = ap_get_sta(local->ap, hdr->addr2); 2891 if (sta) 2892 atomic_inc(&sta->users); 2893 spin_unlock(&local->ap->sta_table_lock); 2894 2895 if (!sta) 2896 return -1; 2897 2898 fc = le16_to_cpu(hdr->frame_ctl); 2899 hostap_update_sta_ps2(local, sta, fc & IEEE80211_FCTL_PM, 2900 WLAN_FC_GET_TYPE(fc), WLAN_FC_GET_STYPE(fc)); 2901 2902 atomic_dec(&sta->users); 2903 return 0; 2904} 2905 2906 2907/* Called only as a tasklet (software IRQ). Called for each RX frame after 2908 * getting RX header and payload from hardware. */ 2909ap_rx_ret hostap_handle_sta_rx(local_info_t *local, struct net_device *dev, 2910 struct sk_buff *skb, 2911 struct hostap_80211_rx_status *rx_stats, 2912 int wds) 2913{ 2914 int ret; 2915 struct sta_info *sta; 2916 u16 fc, type, stype; 2917 struct ieee80211_hdr_4addr *hdr; 2918 2919 if (local->ap == NULL) 2920 return AP_RX_CONTINUE; 2921 2922 hdr = (struct ieee80211_hdr_4addr *) skb->data; 2923 2924 fc = le16_to_cpu(hdr->frame_ctl); 2925 type = WLAN_FC_GET_TYPE(fc); 2926 stype = WLAN_FC_GET_STYPE(fc); 2927 2928 spin_lock(&local->ap->sta_table_lock); 2929 sta = ap_get_sta(local->ap, hdr->addr2); 2930 if (sta) 2931 atomic_inc(&sta->users); 2932 spin_unlock(&local->ap->sta_table_lock); 2933 2934 if (sta && !(sta->flags & WLAN_STA_AUTHORIZED)) 2935 ret = AP_RX_CONTINUE_NOT_AUTHORIZED; 2936 else 2937 ret = AP_RX_CONTINUE; 2938 2939 2940 if (fc & IEEE80211_FCTL_TODS) { 2941 if (!wds && (sta == NULL || !(sta->flags & WLAN_STA_ASSOC))) { 2942 if (local->hostapd) { 2943 prism2_rx_80211(local->apdev, skb, rx_stats, 2944 PRISM2_RX_NON_ASSOC); 2945#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 2946 } else { 2947 printk(KERN_DEBUG "%s: dropped received packet" 2948 " from non-associated STA " MACSTR 2949 " (type=0x%02x, subtype=0x%02x)\n", 2950 dev->name, MAC2STR(hdr->addr2), 2951 type >> 2, stype >> 4); 2952 hostap_rx(dev, skb, rx_stats); 2953#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 2954 } 2955 ret = AP_RX_EXIT; 2956 goto out; 2957 } 2958 } else if (fc & IEEE80211_FCTL_FROMDS) { 2959 if (!wds) { 2960 /* FromDS frame - not for us; probably 2961 * broadcast/multicast in another BSS - drop */ 2962 if (memcmp(hdr->addr1, dev->dev_addr, ETH_ALEN) == 0) { 2963 printk(KERN_DEBUG "Odd.. FromDS packet " 2964 "received with own BSSID\n"); 2965 hostap_dump_rx_80211(dev->name, skb, rx_stats); 2966 } 2967 ret = AP_RX_DROP; 2968 goto out; 2969 } 2970 } else if (stype == IEEE80211_STYPE_NULLFUNC && sta == NULL && 2971 memcmp(hdr->addr1, dev->dev_addr, ETH_ALEN) == 0) { 2972 2973 if (local->hostapd) { 2974 prism2_rx_80211(local->apdev, skb, rx_stats, 2975 PRISM2_RX_NON_ASSOC); 2976#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 2977 } else { 2978 /* At least Lucent f/w seems to send data::nullfunc 2979 * frames with no ToDS flag when the current AP returns 2980 * after being unavailable for some time. Speed up 2981 * re-association by informing the station about it not 2982 * being associated. */ 2983 printk(KERN_DEBUG "%s: rejected received nullfunc " 2984 "frame without ToDS from not associated STA " 2985 MACSTR "\n", 2986 dev->name, MAC2STR(hdr->addr2)); 2987 hostap_rx(dev, skb, rx_stats); 2988#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 2989 } 2990 ret = AP_RX_EXIT; 2991 goto out; 2992 } else if (stype == IEEE80211_STYPE_NULLFUNC) { 2993 /* At least Lucent cards seem to send periodic nullfunc 2994 * frames with ToDS. Let these through to update SQ 2995 * stats and PS state. Nullfunc frames do not contain 2996 * any data and they will be dropped below. */ 2997 } else { 2998 /* If BSSID (Addr3) is foreign, this frame is a normal 2999 * broadcast frame from an IBSS network. Drop it silently. 3000 * If BSSID is own, report the dropping of this frame. */ 3001 if (memcmp(hdr->addr3, dev->dev_addr, ETH_ALEN) == 0) { 3002 printk(KERN_DEBUG "%s: dropped received packet from " 3003 MACSTR " with no ToDS flag (type=0x%02x, " 3004 "subtype=0x%02x)\n", dev->name, 3005 MAC2STR(hdr->addr2), type >> 2, stype >> 4); 3006 hostap_dump_rx_80211(dev->name, skb, rx_stats); 3007 } 3008 ret = AP_RX_DROP; 3009 goto out; 3010 } 3011 3012 if (sta) { 3013 hostap_update_sta_ps2(local, sta, fc & IEEE80211_FCTL_PM, 3014 type, stype); 3015 3016 sta->rx_packets++; 3017 sta->rx_bytes += skb->len; 3018 sta->last_rx = jiffies; 3019 } 3020 3021 if (local->ap->nullfunc_ack && stype == IEEE80211_STYPE_NULLFUNC && 3022 fc & IEEE80211_FCTL_TODS) { 3023 if (local->hostapd) { 3024 prism2_rx_80211(local->apdev, skb, rx_stats, 3025 PRISM2_RX_NULLFUNC_ACK); 3026#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 3027 } else { 3028 /* some STA f/w's seem to require control::ACK frame 3029 * for data::nullfunc, but Prism2 f/w 0.8.0 (at least 3030 * from Compaq) does not send this.. Try to generate 3031 * ACK for these frames from the host driver to make 3032 * power saving work with, e.g., Lucent WaveLAN f/w */ 3033 hostap_rx(dev, skb, rx_stats); 3034#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 3035 } 3036 ret = AP_RX_EXIT; 3037 goto out; 3038 } 3039 3040 out: 3041 if (sta) 3042 atomic_dec(&sta->users); 3043 3044 return ret; 3045} 3046 3047 3048/* Called only as a tasklet (software IRQ) */ 3049int hostap_handle_sta_crypto(local_info_t *local, 3050 struct ieee80211_hdr_4addr *hdr, 3051 struct ieee80211_crypt_data **crypt, 3052 void **sta_ptr) 3053{ 3054 struct sta_info *sta; 3055 3056 spin_lock(&local->ap->sta_table_lock); 3057 sta = ap_get_sta(local->ap, hdr->addr2); 3058 if (sta) 3059 atomic_inc(&sta->users); 3060 spin_unlock(&local->ap->sta_table_lock); 3061 3062 if (!sta) 3063 return -1; 3064 3065 if (sta->crypt) { 3066 *crypt = sta->crypt; 3067 *sta_ptr = sta; 3068 /* hostap_handle_sta_release() will be called to release STA 3069 * info */ 3070 } else 3071 atomic_dec(&sta->users); 3072 3073 return 0; 3074} 3075 3076 3077/* Called only as a tasklet (software IRQ) */ 3078int hostap_is_sta_assoc(struct ap_data *ap, u8 *sta_addr) 3079{ 3080 struct sta_info *sta; 3081 int ret = 0; 3082 3083 spin_lock(&ap->sta_table_lock); 3084 sta = ap_get_sta(ap, sta_addr); 3085 if (sta != NULL && (sta->flags & WLAN_STA_ASSOC) && !sta->ap) 3086 ret = 1; 3087 spin_unlock(&ap->sta_table_lock); 3088 3089 return ret; 3090} 3091 3092 3093/* Called only as a tasklet (software IRQ) */ 3094int hostap_is_sta_authorized(struct ap_data *ap, u8 *sta_addr) 3095{ 3096 struct sta_info *sta; 3097 int ret = 0; 3098 3099 spin_lock(&ap->sta_table_lock); 3100 sta = ap_get_sta(ap, sta_addr); 3101 if (sta != NULL && (sta->flags & WLAN_STA_ASSOC) && !sta->ap && 3102 ((sta->flags & WLAN_STA_AUTHORIZED) || 3103 ap->local->ieee_802_1x == 0)) 3104 ret = 1; 3105 spin_unlock(&ap->sta_table_lock); 3106 3107 return ret; 3108} 3109 3110 3111/* Called only as a tasklet (software IRQ) */ 3112int hostap_add_sta(struct ap_data *ap, u8 *sta_addr) 3113{ 3114 struct sta_info *sta; 3115 int ret = 1; 3116 3117 if (!ap) 3118 return -1; 3119 3120 spin_lock(&ap->sta_table_lock); 3121 sta = ap_get_sta(ap, sta_addr); 3122 if (sta) 3123 ret = 0; 3124 spin_unlock(&ap->sta_table_lock); 3125 3126 if (ret == 1) { 3127 sta = ap_add_sta(ap, sta_addr); 3128 if (!sta) 3129 return -1; 3130 sta->flags = WLAN_STA_AUTH | WLAN_STA_ASSOC; 3131 sta->ap = 1; 3132 memset(sta->supported_rates, 0, sizeof(sta->supported_rates)); 3133 /* No way of knowing which rates are supported since we did not 3134 * get supported rates element from beacon/assoc req. Assume 3135 * that remote end supports all 802.11b rates. */ 3136 sta->supported_rates[0] = 0x82; 3137 sta->supported_rates[1] = 0x84; 3138 sta->supported_rates[2] = 0x0b; 3139 sta->supported_rates[3] = 0x16; 3140 sta->tx_supp_rates = WLAN_RATE_1M | WLAN_RATE_2M | 3141 WLAN_RATE_5M5 | WLAN_RATE_11M; 3142 sta->tx_rate = 110; 3143 sta->tx_max_rate = sta->tx_rate_idx = 3; 3144 } 3145 3146 return ret; 3147} 3148 3149 3150/* Called only as a tasklet (software IRQ) */ 3151int hostap_update_rx_stats(struct ap_data *ap, 3152 struct ieee80211_hdr_4addr *hdr, 3153 struct hostap_80211_rx_status *rx_stats) 3154{ 3155 struct sta_info *sta; 3156 3157 if (!ap) 3158 return -1; 3159 3160 spin_lock(&ap->sta_table_lock); 3161 sta = ap_get_sta(ap, hdr->addr2); 3162 if (sta) { 3163 sta->last_rx_silence = rx_stats->noise; 3164 sta->last_rx_signal = rx_stats->signal; 3165 sta->last_rx_rate = rx_stats->rate; 3166 sta->last_rx_updated = IW_QUAL_ALL_UPDATED | IW_QUAL_DBM; 3167 if (rx_stats->rate == 10) 3168 sta->rx_count[0]++; 3169 else if (rx_stats->rate == 20) 3170 sta->rx_count[1]++; 3171 else if (rx_stats->rate == 55) 3172 sta->rx_count[2]++; 3173 else if (rx_stats->rate == 110) 3174 sta->rx_count[3]++; 3175 } 3176 spin_unlock(&ap->sta_table_lock); 3177 3178 return sta ? 0 : -1; 3179} 3180 3181 3182void hostap_update_rates(local_info_t *local) 3183{ 3184 struct list_head *ptr; 3185 struct ap_data *ap = local->ap; 3186 3187 if (!ap) 3188 return; 3189 3190 spin_lock_bh(&ap->sta_table_lock); 3191 for (ptr = ap->sta_list.next; ptr != &ap->sta_list; ptr = ptr->next) { 3192 struct sta_info *sta = (struct sta_info *) ptr; 3193 prism2_check_tx_rates(sta); 3194 } 3195 spin_unlock_bh(&ap->sta_table_lock); 3196} 3197 3198 3199void * ap_crypt_get_ptrs(struct ap_data *ap, u8 *addr, int permanent, 3200 struct ieee80211_crypt_data ***crypt) 3201{ 3202 struct sta_info *sta; 3203 3204 spin_lock_bh(&ap->sta_table_lock); 3205 sta = ap_get_sta(ap, addr); 3206 if (sta) 3207 atomic_inc(&sta->users); 3208 spin_unlock_bh(&ap->sta_table_lock); 3209 3210 if (!sta && permanent) 3211 sta = ap_add_sta(ap, addr); 3212 3213 if (!sta) 3214 return NULL; 3215 3216 if (permanent) 3217 sta->flags |= WLAN_STA_PERM; 3218 3219 *crypt = &sta->crypt; 3220 3221 return sta; 3222} 3223 3224 3225void hostap_add_wds_links(local_info_t *local) 3226{ 3227 struct ap_data *ap = local->ap; 3228 struct list_head *ptr; 3229 3230 spin_lock_bh(&ap->sta_table_lock); 3231 list_for_each(ptr, &ap->sta_list) { 3232 struct sta_info *sta = list_entry(ptr, struct sta_info, list); 3233 if (sta->ap) 3234 hostap_wds_link_oper(local, sta->addr, WDS_ADD); 3235 } 3236 spin_unlock_bh(&ap->sta_table_lock); 3237 3238 schedule_work(&local->ap->wds_oper_queue); 3239} 3240 3241 3242void hostap_wds_link_oper(local_info_t *local, u8 *addr, wds_oper_type type) 3243{ 3244 struct wds_oper_data *entry; 3245 3246 entry = kmalloc(sizeof(*entry), GFP_ATOMIC); 3247 if (!entry) 3248 return; 3249 memcpy(entry->addr, addr, ETH_ALEN); 3250 entry->type = type; 3251 spin_lock_bh(&local->lock); 3252 entry->next = local->ap->wds_oper_entries; 3253 local->ap->wds_oper_entries = entry; 3254 spin_unlock_bh(&local->lock); 3255 3256 schedule_work(&local->ap->wds_oper_queue); 3257} 3258 3259 3260EXPORT_SYMBOL(hostap_init_data); 3261EXPORT_SYMBOL(hostap_init_ap_proc); 3262EXPORT_SYMBOL(hostap_free_data); 3263EXPORT_SYMBOL(hostap_check_sta_fw_version); 3264EXPORT_SYMBOL(hostap_handle_sta_tx_exc); 3265#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 3266#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 3267