2 * BSS client mode implementation
3 * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi>
4 * Copyright 2004, Instant802 Networks, Inc.
5 * Copyright 2005, Devicescape Software, Inc.
6 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
7 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License version 2 as
11 * published by the Free Software Foundation.
15 * BSS table: use <BSSID,SSID> as the key to support multi-SSID APs
16 * order BSS list by RSSI(?) ("quality of AP")
17 * scan result table filtering (by capability (privacy, IBSS/BSS, WPA/RSN IE,
20 #include <linux/delay.h>
21 #include <linux/if_ether.h>
22 #include <linux/skbuff.h>
23 #include <linux/netdevice.h>
24 #include <linux/if_arp.h>
25 #include <linux/wireless.h>
26 #include <linux/random.h>
27 #include <linux/etherdevice.h>
28 #include <linux/rtnetlink.h>
29 #include <net/iw_handler.h>
30 #include <asm/types.h>
32 #include <net/mac80211.h>
33 #include "ieee80211_i.h"
34 #include "ieee80211_rate.h"
35 #include "hostapd_ioctl.h"
37 #define IEEE80211_AUTH_TIMEOUT (HZ / 5)
38 #define IEEE80211_AUTH_MAX_TRIES 3
39 #define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
40 #define IEEE80211_ASSOC_MAX_TRIES 3
41 #define IEEE80211_MONITORING_INTERVAL (2 * HZ)
42 #define IEEE80211_PROBE_INTERVAL (60 * HZ)
43 #define IEEE80211_RETRY_AUTH_INTERVAL (1 * HZ)
44 #define IEEE80211_SCAN_INTERVAL (2 * HZ)
45 #define IEEE80211_SCAN_INTERVAL_SLOW (15 * HZ)
46 #define IEEE80211_IBSS_JOIN_TIMEOUT (20 * HZ)
48 #define IEEE80211_PROBE_DELAY (HZ / 33)
49 #define IEEE80211_CHANNEL_TIME (HZ / 33)
50 #define IEEE80211_PASSIVE_CHANNEL_TIME (HZ / 5)
51 #define IEEE80211_SCAN_RESULT_EXPIRE (10 * HZ)
52 #define IEEE80211_IBSS_MERGE_INTERVAL (30 * HZ)
53 #define IEEE80211_IBSS_INACTIVITY_LIMIT (60 * HZ)
55 #define IEEE80211_IBSS_MAX_STA_ENTRIES 128
58 #define IEEE80211_FC(type, stype) cpu_to_le16(type | stype)
60 #define ERP_INFO_USE_PROTECTION BIT(1)
62 /* mgmt header + 1 byte action code */
63 #define IEEE80211_MIN_ACTION_SIZE (24 + 1)
65 static void ieee80211_send_probe_req(struct net_device *dev, u8 *dst,
66 u8 *ssid, size_t ssid_len);
67 static struct ieee80211_sta_bss *
68 ieee80211_rx_bss_get(struct net_device *dev, u8 *bssid);
69 static void ieee80211_rx_bss_put(struct net_device *dev,
70 struct ieee80211_sta_bss *bss);
71 static int ieee80211_sta_find_ibss(struct net_device *dev,
72 struct ieee80211_if_sta *ifsta);
73 static int ieee80211_sta_wep_configured(struct net_device *dev);
74 static int ieee80211_sta_start_scan(struct net_device *dev,
75 u8 *ssid, size_t ssid_len);
76 static int ieee80211_sta_config_auth(struct net_device *dev,
77 struct ieee80211_if_sta *ifsta);
80 /* Parsed Information Elements */
81 struct ieee802_11_elems {
107 u8 ht_extra_param_len;
109 u8 ext_supp_rates_len;
118 typedef enum { ParseOK = 0, ParseUnknown = 1, ParseFailed = -1 } ParseRes;
121 static ParseRes ieee802_11_parse_elems(u8 *start, size_t len,
122 struct ieee802_11_elems *elems)
128 memset(elems, 0, sizeof(*elems));
140 printk(KERN_DEBUG "IEEE 802.11 element parse "
141 "failed (id=%d elen=%d left=%d)\n",
150 elems->ssid_len = elen;
152 case WLAN_EID_SUPP_RATES:
153 elems->supp_rates = pos;
154 elems->supp_rates_len = elen;
156 case WLAN_EID_FH_PARAMS:
157 elems->fh_params = pos;
158 elems->fh_params_len = elen;
160 case WLAN_EID_DS_PARAMS:
161 elems->ds_params = pos;
162 elems->ds_params_len = elen;
164 case WLAN_EID_CF_PARAMS:
165 elems->cf_params = pos;
166 elems->cf_params_len = elen;
170 elems->tim_len = elen;
172 case WLAN_EID_IBSS_PARAMS:
173 elems->ibss_params = pos;
174 elems->ibss_params_len = elen;
176 case WLAN_EID_CHALLENGE:
177 elems->challenge = pos;
178 elems->challenge_len = elen;
181 if (elen >= 4 && pos[0] == 0x00 && pos[1] == 0x50 &&
183 /* Microsoft OUI (00:50:F2) */
184 if (pos[3] == WIFI_OUI_TYPE_WPA) {
185 /* OUI Type 1 - WPA IE */
187 elems->wpa_len = elen;
188 } else if (elen >= 5 &&
189 pos[3] == WIFI_OUI_TYPE_WMM) {
191 case WIFI_OUI_STYPE_WMM_INFO:
192 elems->wmm_info = pos;
193 elems->wmm_info_len = elen;
195 case WIFI_OUI_STYPE_WMM_PARAM:
196 elems->wmm_param = pos;
197 elems->wmm_param_len = elen;
199 case WIFI_OUI_STYPE_WMM_TSPEC:
201 printk(KERN_ERR "Wrong "
205 elems->tspec = pos + 6;
206 elems->tspec_len = elen - 6;
209 //printk(KERN_ERR "Unsupported "
210 // "WiFi OUI %d\n", pos[4]);
218 elems->rsn_len = elen;
220 case WLAN_EID_ERP_INFO:
221 elems->erp_info = pos;
222 elems->erp_info_len = elen;
224 case WLAN_EID_EXT_SUPP_RATES:
225 elems->ext_supp_rates = pos;
226 elems->ext_supp_rates_len = elen;
228 case WLAN_EID_HT_CAPABILITY:
229 elems->ht_cap_param = pos;
230 elems->ht_cap_param_len = elen;
232 case WLAN_EID_HT_EXTRA_INFO:
233 elems->ht_extra_param = pos;
234 elems->ht_extra_param_len = elen;
238 printk(KERN_ERR "Wrong TSPEC size.\n");
242 elems->tspec_len = elen;
246 printk(KERN_DEBUG "IEEE 802.11 element parse ignored "
247 "unknown element (id=%d elen=%d)\n",
258 /* Do not trigger error if left == 1 as Apple Airport base stations
259 * send AssocResps that are one spurious byte too long. */
261 return unknown ? ParseUnknown : ParseOK;
267 static int ecw2cw(int ecw)
277 static void ieee80211_sta_wmm_params(struct net_device *dev,
278 struct ieee80211_if_sta *ifsta,
279 u8 *wmm_param, size_t wmm_param_len)
281 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
282 struct ieee80211_tx_queue_params params;
287 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1)
289 count = wmm_param[6] & 0x0f;
290 if (count == ifsta->wmm_last_param_set)
292 ifsta->wmm_last_param_set = count;
295 left = wmm_param_len - 8;
297 memset(¶ms, 0, sizeof(params));
299 if (!local->ops->conf_tx)
303 for (; left >= 4; left -= 4, pos += 4) {
304 int aci = (pos[0] >> 5) & 0x03;
305 int acm = (pos[0] >> 4) & 0x01;
310 queue = IEEE80211_TX_QUEUE_DATA3;
312 local->wmm_acm |= BIT(0) | BIT(3);
316 queue = IEEE80211_TX_QUEUE_DATA1;
318 local->wmm_acm |= BIT(4) | BIT(5);
322 queue = IEEE80211_TX_QUEUE_DATA0;
324 local->wmm_acm |= BIT(6) | BIT(7);
329 queue = IEEE80211_TX_QUEUE_DATA2;
331 local->wmm_acm |= BIT(1) | BIT(2);
336 params.aifs = pos[0] & 0x0f;
337 params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4);
338 params.cw_min = ecw2cw(pos[1] & 0x0f);
339 /* TXOP is in units of 32 usec; burst_time in 0.1 ms */
340 params.burst_time = (pos[2] | (pos[3] << 8)) * 32 / 100;
341 printk(KERN_DEBUG "%s: WMM queue=%d aci=%d acm=%d aifs=%d "
342 "cWmin=%d cWmax=%d burst=%d\n",
343 dev->name, queue, aci, acm, params.aifs, params.cw_min,
344 params.cw_max, params.burst_time);
345 /* TODO: handle ACM (block TX, fallback to next lowest allowed
347 if (local->ops->conf_tx(local_to_hw(local), queue, ¶ms)) {
348 printk(KERN_DEBUG "%s: failed to set TX queue "
349 "parameters for queue %d\n", dev->name, queue);
355 static void ieee80211_sta_send_associnfo(struct net_device *dev,
356 struct ieee80211_if_sta *ifsta)
361 union iwreq_data wrqu;
363 if (!ifsta->assocreq_ies && !ifsta->assocresp_ies)
366 buf = kmalloc(50 + 2 * (ifsta->assocreq_ies_len +
367 ifsta->assocresp_ies_len), GFP_ATOMIC);
371 len = sprintf(buf, "ASSOCINFO(");
372 if (ifsta->assocreq_ies) {
373 len += sprintf(buf + len, "ReqIEs=");
374 for (i = 0; i < ifsta->assocreq_ies_len; i++) {
375 len += sprintf(buf + len, "%02x",
376 ifsta->assocreq_ies[i]);
379 if (ifsta->assocresp_ies) {
380 if (ifsta->assocreq_ies)
381 len += sprintf(buf + len, " ");
382 len += sprintf(buf + len, "RespIEs=");
383 for (i = 0; i < ifsta->assocresp_ies_len; i++) {
384 len += sprintf(buf + len, "%02x",
385 ifsta->assocresp_ies[i]);
388 len += sprintf(buf + len, ")");
390 if (len > IW_CUSTOM_MAX) {
391 len = sprintf(buf, "ASSOCRESPIE=");
392 for (i = 0; i < ifsta->assocresp_ies_len; i++) {
393 len += sprintf(buf + len, "%02x",
394 ifsta->assocresp_ies[i]);
398 memset(&wrqu, 0, sizeof(wrqu));
399 wrqu.data.length = len;
400 wireless_send_event(dev, IWEVCUSTOM, &wrqu, buf);
406 static void ieee80211_set_associated(struct net_device *dev,
407 struct ieee80211_if_sta *ifsta, int assoc)
409 union iwreq_data wrqu;
411 if (ifsta->associated == assoc)
414 ifsta->associated = assoc;
417 struct ieee80211_sub_if_data *sdata;
418 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
419 if (sdata->type != IEEE80211_IF_TYPE_STA)
421 netif_carrier_on(dev);
422 ifsta->prev_bssid_set = 1;
423 memcpy(ifsta->prev_bssid, sdata->u.sta.bssid, ETH_ALEN);
424 memcpy(wrqu.ap_addr.sa_data, sdata->u.sta.bssid, ETH_ALEN);
425 ieee80211_sta_send_associnfo(dev, ifsta);
427 netif_carrier_off(dev);
428 memset(wrqu.ap_addr.sa_data, 0, ETH_ALEN);
430 wrqu.ap_addr.sa_family = ARPHRD_ETHER;
431 wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL);
432 ifsta->last_probe = jiffies;
435 static void ieee80211_set_disassoc(struct net_device *dev,
436 struct ieee80211_if_sta *ifsta, int deauth)
439 ifsta->auth_tries = 0;
440 ifsta->assoc_tries = 0;
441 ieee80211_set_associated(dev, ifsta, 0);
444 static void ieee80211_sta_tx(struct net_device *dev, struct sk_buff *skb,
447 struct ieee80211_sub_if_data *sdata;
448 struct ieee80211_tx_packet_data *pkt_data;
450 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
451 skb->dev = sdata->local->mdev;
452 skb_set_mac_header(skb, 0);
453 skb_set_network_header(skb, 0);
454 skb_set_transport_header(skb, 0);
456 pkt_data = (struct ieee80211_tx_packet_data *) skb->cb;
457 memset(pkt_data, 0, sizeof(struct ieee80211_tx_packet_data));
458 pkt_data->ifindex = sdata->dev->ifindex;
459 pkt_data->mgmt_iface = (sdata->type == IEEE80211_IF_TYPE_MGMT);
460 pkt_data->do_not_encrypt = !encrypt;
466 static void ieee80211_send_auth(struct net_device *dev,
467 struct ieee80211_if_sta *ifsta,
468 int transaction, u8 *extra, size_t extra_len,
471 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
473 struct ieee80211_mgmt *mgmt;
475 skb = dev_alloc_skb(local->hw.extra_tx_headroom +
476 sizeof(*mgmt) + 6 + extra_len);
478 printk(KERN_DEBUG "%s: failed to allocate buffer for auth "
479 "frame\n", dev->name);
482 skb_reserve(skb, local->hw.extra_tx_headroom);
484 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24 + 6);
485 memset(mgmt, 0, 24 + 6);
486 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
487 IEEE80211_STYPE_AUTH);
489 mgmt->frame_control |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
490 memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
491 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
492 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
493 mgmt->u.auth.auth_alg = cpu_to_le16(ifsta->auth_alg);
494 mgmt->u.auth.auth_transaction = cpu_to_le16(transaction);
495 ifsta->auth_transaction = transaction + 1;
496 mgmt->u.auth.status_code = cpu_to_le16(0);
498 memcpy(skb_put(skb, extra_len), extra, extra_len);
500 ieee80211_sta_tx(dev, skb, encrypt);
504 static void ieee80211_authenticate(struct net_device *dev,
505 struct ieee80211_if_sta *ifsta)
508 if (ifsta->auth_tries > IEEE80211_AUTH_MAX_TRIES) {
509 printk(KERN_DEBUG "%s: authentication with AP " MAC_FMT
511 dev->name, MAC_ARG(ifsta->bssid));
512 ifsta->state = IEEE80211_DISABLED;
516 ifsta->state = IEEE80211_AUTHENTICATE;
517 printk(KERN_DEBUG "%s: authenticate with AP " MAC_FMT "\n",
518 dev->name, MAC_ARG(ifsta->bssid));
520 ieee80211_send_auth(dev, ifsta, 1, NULL, 0, 0);
522 mod_timer(&ifsta->timer, jiffies + IEEE80211_AUTH_TIMEOUT);
526 static void ieee80211_send_assoc(struct net_device *dev,
527 struct ieee80211_if_sta *ifsta)
529 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
530 struct ieee80211_hw_mode *mode;
532 struct ieee80211_mgmt *mgmt;
536 struct ieee80211_sta_bss *bss;
540 skb = dev_alloc_skb(local->hw.extra_tx_headroom +
541 sizeof(*mgmt) + 200 + ifsta->extra_ie_len +
544 printk(KERN_DEBUG "%s: failed to allocate buffer for assoc "
545 "frame\n", dev->name);
548 skb_reserve(skb, local->hw.extra_tx_headroom);
550 mode = local->oper_hw_mode;
551 capab = ifsta->capab;
552 if (mode->mode == MODE_IEEE80211G) {
553 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME |
554 WLAN_CAPABILITY_SHORT_PREAMBLE;
556 bss = ieee80211_rx_bss_get(dev, ifsta->bssid);
558 if (bss->capability & WLAN_CAPABILITY_PRIVACY)
559 capab |= WLAN_CAPABILITY_PRIVACY;
565 ieee80211_rx_bss_put(dev, bss);
568 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
570 memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
571 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
572 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
574 if (ifsta->prev_bssid_set) {
576 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
577 IEEE80211_STYPE_REASSOC_REQ);
578 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab);
579 mgmt->u.reassoc_req.listen_interval = cpu_to_le16(1);
580 memcpy(mgmt->u.reassoc_req.current_ap, ifsta->prev_bssid,
584 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
585 IEEE80211_STYPE_ASSOC_REQ);
586 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab);
587 mgmt->u.assoc_req.listen_interval = cpu_to_le16(1);
591 ies = pos = skb_put(skb, 2 + ifsta->ssid_len);
592 *pos++ = WLAN_EID_SSID;
593 *pos++ = ifsta->ssid_len;
594 memcpy(pos, ifsta->ssid, ifsta->ssid_len);
596 len = mode->num_rates;
599 pos = skb_put(skb, len + 2);
600 *pos++ = WLAN_EID_SUPP_RATES;
602 for (i = 0; i < len; i++) {
603 int rate = mode->rates[i].rate;
604 if (mode->mode == MODE_ATHEROS_TURBO)
606 *pos++ = (u8) (rate / 5);
609 if (mode->num_rates > len) {
610 pos = skb_put(skb, mode->num_rates - len + 2);
611 *pos++ = WLAN_EID_EXT_SUPP_RATES;
612 *pos++ = mode->num_rates - len;
613 for (i = len; i < mode->num_rates; i++) {
614 int rate = mode->rates[i].rate;
615 if (mode->mode == MODE_ATHEROS_TURBO)
617 *pos++ = (u8) (rate / 5);
621 if (ifsta->extra_ie) {
622 pos = skb_put(skb, ifsta->extra_ie_len);
623 memcpy(pos, ifsta->extra_ie, ifsta->extra_ie_len);
626 if (wmm && ifsta->wmm_enabled) {
627 pos = skb_put(skb, 9);
628 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
629 *pos++ = 7; /* len */
630 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */
633 *pos++ = 2; /* WME */
634 *pos++ = 0; /* WME info */
635 *pos++ = 1; /* WME ver */
639 /* if low level driver supports 11n, fill in 11n IE */
640 if (ht_enabled && ifsta->ht_enabled && local->ops->get_ht_capab) {
641 pos = skb_put(skb, sizeof(struct ieee80211_ht_capability)+2);
642 *pos++ = WLAN_EID_HT_CAPABILITY;
643 *pos++ = sizeof(struct ieee80211_ht_capability);
644 memset(pos, 0, sizeof(struct ieee80211_ht_capability));
645 local->ops->get_ht_capab(local_to_hw(local),
646 (struct ieee80211_ht_capability *)pos);
649 kfree(ifsta->assocreq_ies);
650 ifsta->assocreq_ies_len = (skb->data + skb->len) - ies;
651 ifsta->assocreq_ies = kmalloc(ifsta->assocreq_ies_len, GFP_ATOMIC);
652 if (ifsta->assocreq_ies)
653 memcpy(ifsta->assocreq_ies, ies, ifsta->assocreq_ies_len);
655 ieee80211_sta_tx(dev, skb, 0);
659 static void ieee80211_send_deauth(struct net_device *dev,
660 struct ieee80211_if_sta *ifsta, u16 reason)
662 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
664 struct ieee80211_mgmt *mgmt;
666 skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt));
668 printk(KERN_DEBUG "%s: failed to allocate buffer for deauth "
669 "frame\n", dev->name);
672 skb_reserve(skb, local->hw.extra_tx_headroom);
674 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
676 memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
677 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
678 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
679 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
680 IEEE80211_STYPE_DEAUTH);
682 mgmt->u.deauth.reason_code = cpu_to_le16(reason);
684 ieee80211_sta_tx(dev, skb, 0);
688 static void ieee80211_send_disassoc(struct net_device *dev,
689 struct ieee80211_if_sta *ifsta, u16 reason)
691 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
693 struct ieee80211_mgmt *mgmt;
695 skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt));
697 printk(KERN_DEBUG "%s: failed to allocate buffer for disassoc "
698 "frame\n", dev->name);
701 skb_reserve(skb, local->hw.extra_tx_headroom);
703 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
705 memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
706 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
707 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
708 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
709 IEEE80211_STYPE_DISASSOC);
711 mgmt->u.disassoc.reason_code = cpu_to_le16(reason);
713 ieee80211_sta_tx(dev, skb, 0);
717 static int ieee80211_ts_index(u8 direction)
719 if (direction == WLAN_TSINFO_DOWNLINK ||
720 direction == WLAN_TSINFO_DIRECTLINK)
721 return STA_TS_DOWNLINK;
722 return STA_TS_UPLINK; /* UP and Bidirectional LINK */
726 void ieee80211_send_addts(struct net_device *dev,
727 struct ieee80211_if_sta *ifsta,
728 struct ieee80211_elem_tspec *tspec)
730 struct ieee80211_mgmt *mgmt;
733 struct ieee80211_elem_tspec *ptspec;
736 skb = dev_alloc_skb(sizeof(*mgmt) + sizeof(*tspec));
738 printk(KERN_DEBUG "%s: failed to allocate buffer for addts "
739 "frame\n", dev->name);
743 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
745 memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
746 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
747 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
748 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
749 IEEE80211_STYPE_ACTION);
751 skb_put(skb, 1 + sizeof(mgmt->u.action.u.addts_req));
752 mgmt->u.action.category = WLAN_CATEGORY_QOS;
753 mgmt->u.action.u.addts_req.action_code = WLAN_ACTION_QOS_ADDTS_REQ;
754 mgmt->u.action.u.addts_req.dialog_token = ++token % 127;
756 skb_put(skb, 2 + sizeof(*tspec));
757 pos = mgmt->u.action.u.addts_req.variable;
758 pos[0] = WLAN_EID_TSPEC;
759 pos[1] = sizeof(*tspec);
761 ptspec = (struct ieee80211_elem_tspec *)pos;
762 memcpy(ptspec, tspec, sizeof(*tspec));
764 ieee80211_sta_tx(dev, skb, 0);
768 void wmm_send_addts(struct net_device *dev,
769 struct ieee80211_if_sta *ifsta,
770 struct ieee80211_elem_tspec *tspec)
772 struct ieee80211_mgmt *mgmt;
775 struct ieee80211_elem_tspec *ptspec;
778 skb = dev_alloc_skb(sizeof(*mgmt) + 2 + 6 + sizeof(*tspec));
780 printk(KERN_DEBUG "%s: failed to allocate buffer for addts "
781 "frame\n", dev->name);
785 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
787 memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
788 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
789 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
790 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
791 IEEE80211_STYPE_ACTION);
793 skb_put(skb, 1 + sizeof(mgmt->u.action.u.wme_action));
794 mgmt->u.action.category = WLAN_CATEGORY_WMM;
795 mgmt->u.action.u.wme_action.action_code = WLAN_ACTION_QOS_ADDTS_REQ;
796 mgmt->u.action.u.wme_action.dialog_token = ++token % 127;
797 mgmt->u.action.u.wme_action.status_code = 0;
799 skb_put(skb, 2 + 6 + sizeof(*tspec));
800 pos = mgmt->u.action.u.wme_action.variable;
801 pos[0] = WLAN_EID_GENERIC;
804 pos[0] = 0x00; pos[1] = 0x50; pos[2] = 0xf2; /* Wi-Fi OUI (00:50:F2)*/
806 pos[0] = WIFI_OUI_TYPE_WMM;
807 pos[1] = WIFI_OUI_STYPE_WMM_TSPEC;
808 pos[2] = 1; /* Version */
810 ptspec = (struct ieee80211_elem_tspec *)pos;
811 memcpy(ptspec, tspec, sizeof(*tspec));
813 ieee80211_sta_tx(dev, skb, 0);
817 void ieee80211_send_delts(struct net_device *dev,
818 struct ieee80211_if_sta *ifsta,
819 struct ieee80211_elem_tspec *tp)
821 struct ieee80211_mgmt *mgmt;
823 u8 tsid = IEEE80211_TSINFO_TSID(tp->ts_info);
824 u8 direction = IEEE80211_TSINFO_DIR(tp->ts_info);
825 u16 medium_time = le16_to_cpu(tp->medium_time);
826 u8 index = ieee80211_ts_index(direction);
828 if (ifsta->ts_data[tsid][index].status == TS_STATUS_UNUSED) {
829 printk(KERN_DEBUG "%s: Trying to delete an ACM disabled TS "
830 "(%u:%u)\n", dev->name, tsid, direction);
833 skb = dev_alloc_skb(sizeof(*mgmt));
835 printk(KERN_DEBUG "%s: failed to allocate buffer for delts "
836 "frame\n", dev->name);
840 /* recompute admitted time */
841 ifsta->ts_data[tsid][index].admitted_time_usec -=
842 ifsta->dot11EDCAAveragingPeriod * medium_time * 32;
843 if ((s32)(ifsta->ts_data[tsid][index].admitted_time_usec) < 0)
844 ifsta->ts_data[tsid][index].admitted_time_usec = 0;
846 ifsta->ts_data[tsid][index].status = TS_STATUS_INACTIVE;
848 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
850 memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
851 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
852 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
853 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
854 IEEE80211_STYPE_ACTION);
855 skb_put(skb, 1 + sizeof(mgmt->u.action.u.delts));
856 mgmt->u.action.category = WLAN_CATEGORY_QOS;
857 mgmt->u.action.u.delts.action_code = WLAN_ACTION_QOS_DELTS;
858 mgmt->u.action.u.delts.reason_code = 0;
859 memset(&mgmt->u.action.u.delts.ts_info, 0,
860 sizeof(struct ieee80211_ts_info));
862 IEEE80211_SET_TSINFO_TSID(tp->ts_info, tsid);
863 IEEE80211_SET_TSINFO_DIR(tp->ts_info, direction);
864 IEEE80211_SET_TSINFO_POLICY(tp->ts_info, WLAN_TSINFO_EDCA);
865 IEEE80211_SET_TSINFO_APSD(tp->ts_info, WLAN_TSINFO_PSB_LEGACY);
866 IEEE80211_SET_TSINFO_UP(tp->ts_info, ifsta->ts_data[tsid][index].up);
868 ieee80211_sta_tx(dev, skb, 0);
872 void wmm_send_delts(struct net_device *dev,
873 struct ieee80211_if_sta *ifsta,
874 struct ieee80211_elem_tspec *tp)
876 struct ieee80211_mgmt *mgmt;
877 struct ieee80211_elem_tspec *tspec;
879 u8 tsid = IEEE80211_TSINFO_TSID(tp->ts_info);
880 u8 direction = IEEE80211_TSINFO_DIR(tp->ts_info);
881 u16 medium_time = le16_to_cpu(tp->medium_time);
882 u8 index = ieee80211_ts_index(direction);
885 if (ifsta->ts_data[tsid][index].status == TS_STATUS_UNUSED) {
886 printk(KERN_DEBUG "%s: Tring to delete a non-Actived TS "
887 "(%u %u)\n", dev->name, tsid, direction);
890 skb = dev_alloc_skb(sizeof(*mgmt) + 2 + 6 + sizeof(*tspec));
892 printk(KERN_DEBUG "%s: failed to allocate buffer for delts "
893 "frame\n", dev->name);
897 /* recompute admitted time */
898 ifsta->ts_data[tsid][index].admitted_time_usec -=
899 ifsta->dot11EDCAAveragingPeriod * medium_time * 32;
900 if ((s32)(ifsta->ts_data[tsid][index].admitted_time_usec < 0))
901 ifsta->ts_data[tsid][index].admitted_time_usec = 0;
903 ifsta->ts_data[tsid][index].status = TS_STATUS_INACTIVE;
905 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
907 memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
908 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
909 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
910 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
911 IEEE80211_STYPE_ACTION);
913 skb_put(skb, 1 + sizeof(mgmt->u.action.u.wme_action));
914 mgmt->u.action.category = WLAN_CATEGORY_WMM;
915 mgmt->u.action.u.wme_action.action_code = WLAN_ACTION_QOS_DELTS;
916 mgmt->u.action.u.wme_action.dialog_token = 0;
917 mgmt->u.action.u.wme_action.status_code = 0;
919 skb_put(skb, 2 + 6 + sizeof(*tspec));
920 pos = mgmt->u.action.u.wme_action.variable;
921 pos[0] = WLAN_EID_GENERIC;
924 pos[0] = 0x00; pos[1] = 0x50; pos[2] = 0xf2; /* Wi-Fi OUI (00:50:F2)*/
926 pos[0] = WIFI_OUI_TYPE_WMM;
927 pos[1] = WIFI_OUI_STYPE_WMM_TSPEC;
928 pos[2] = 1; /* Version */
930 tspec = (struct ieee80211_elem_tspec *)pos;
931 memset(tspec, 0, sizeof(*tspec));
933 IEEE80211_SET_TSINFO_TSID(tspec->ts_info, tsid);
934 IEEE80211_SET_TSINFO_DIR(tspec->ts_info, direction);
935 IEEE80211_SET_TSINFO_POLICY(tspec->ts_info, WLAN_TSINFO_EDCA);
936 IEEE80211_SET_TSINFO_APSD(tspec->ts_info, WLAN_TSINFO_PSB_LEGACY);
937 IEEE80211_SET_TSINFO_UP(tspec->ts_info, ifsta->ts_data[tsid][index].up);
939 ieee80211_sta_tx(dev, skb, 0);
943 void ieee80211_send_dls_req(struct net_device *dev,
944 struct ieee80211_if_sta *ifsta,
945 u8 *addr, u16 timeout)
947 struct ieee80211_hw_mode *mode;
949 struct ieee80211_mgmt *mgmt;
950 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
951 u8 *pos, *supp_rates, *esupp_rates = NULL;
954 skb = dev_alloc_skb(sizeof(*mgmt) + 200 /* rates + ext_rates Size */);
956 printk(KERN_DEBUG "%s: failed to allocate buffer for DLS REQ "
957 "frame\n", dev->name);
961 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
963 memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
964 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
965 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
966 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
967 IEEE80211_STYPE_ACTION);
969 skb_put(skb, 1 + sizeof(mgmt->u.action.u.dls_req));
970 mgmt->u.action.category = WLAN_CATEGORY_DLS;
971 mgmt->u.action.u.dls_req.action_code = WLAN_ACTION_DLS_REQ;
972 memcpy(mgmt->u.action.u.dls_req.dest, addr, ETH_ALEN);
973 memcpy(mgmt->u.action.u.dls_req.src, dev->dev_addr, ETH_ALEN);
974 mgmt->u.action.u.dls_req.capab_info = cpu_to_le16(ifsta->ap_capab);
975 mgmt->u.action.u.dls_req.timeout = cpu_to_le16(timeout);
977 /* Add supported rates and extended supported rates */
978 supp_rates = skb_put(skb, 2);
979 supp_rates[0] = WLAN_EID_SUPP_RATES;
981 mode = local->oper_hw_mode;
982 for (i = 0; i < mode->num_rates; i++) {
983 struct ieee80211_rate *rate = &mode->rates[i];
984 if (!(rate->flags & IEEE80211_RATE_SUPPORTED))
987 pos = skb_put(skb, 1);
989 } else if (supp_rates[1] == 8) {
990 esupp_rates = skb_put(skb, 3);
991 esupp_rates[0] = WLAN_EID_EXT_SUPP_RATES;
993 pos = &esupp_rates[2];
995 pos = skb_put(skb, 1);
998 if (local->hw.conf.phymode == MODE_ATHEROS_TURBO)
999 *pos = rate->rate / 10;
1001 *pos = rate->rate / 5;
1004 ieee80211_sta_tx(dev, skb, 0);
1008 static void ieee80211_send_dls_resp(struct net_device *dev,
1009 struct ieee80211_if_sta *ifsta,
1010 u8 *mac_addr, u16 status)
1012 struct ieee80211_hw_mode *mode;
1013 struct sk_buff *skb;
1014 struct ieee80211_mgmt *mgmt;
1015 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1016 u8 *pos, *supp_rates, *esupp_rates = NULL;
1019 skb = dev_alloc_skb(sizeof(*mgmt) + 200 /* rates + ext_rates Size */);
1021 printk(KERN_DEBUG "%s: failed to allocate buffer for dls resp "
1022 "frame\n", dev->name);
1026 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
1027 memset(mgmt, 0, 24);
1028 memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
1029 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
1030 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
1031 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
1032 IEEE80211_STYPE_ACTION);
1034 skb_put(skb, 1 + sizeof(mgmt->u.action.u.dls_resp));
1035 mgmt->u.action.category = WLAN_CATEGORY_DLS;
1036 mgmt->u.action.u.dls_resp.action_code = WLAN_ACTION_DLS_RESP;
1037 memcpy(mgmt->u.action.u.dls_resp.dest, dev->dev_addr, ETH_ALEN);
1038 memcpy(mgmt->u.action.u.dls_resp.src, mac_addr, ETH_ALEN);
1039 mgmt->u.action.u.dls_resp.status_code = cpu_to_le16(status);
1041 if (!mgmt->u.action.u.dls_resp.status_code) {
1042 ieee80211_sta_tx(dev, skb, 0);
1046 /* Add capability information */
1047 pos = skb_put(skb, 2);
1048 *(__le16 *)pos = cpu_to_le16(ifsta->ap_capab);
1050 /* Add supported rates and extended supported rates */
1051 supp_rates = skb_put(skb, 2);
1052 supp_rates[0] = WLAN_EID_SUPP_RATES;
1054 mode = local->oper_hw_mode;
1055 for (i = 0; i < mode->num_rates; i++) {
1056 struct ieee80211_rate *rate = &mode->rates[i];
1057 if (!(rate->flags & IEEE80211_RATE_SUPPORTED))
1060 pos = skb_put(skb, 1);
1062 } else if (supp_rates[1] == 8) {
1063 esupp_rates = skb_put(skb, 3);
1064 esupp_rates[0] = WLAN_EID_EXT_SUPP_RATES;
1066 pos = &esupp_rates[2];
1068 pos = skb_put(skb, 1);
1071 if (local->hw.conf.phymode == MODE_ATHEROS_TURBO)
1072 *pos = rate->rate / 10;
1074 *pos = rate->rate / 5;
1077 ieee80211_sta_tx(dev, skb, 0);
1081 void ieee80211_send_dls_teardown(struct net_device *dev,
1082 struct ieee80211_if_sta *ifsta,
1083 u8 *mac_addr, u16 reason)
1085 struct ieee80211_mgmt *mgmt;
1086 struct sk_buff *skb;
1088 skb = dev_alloc_skb(sizeof(*mgmt));
1090 printk(KERN_DEBUG "%s: failed to allocate buffer for DLS "
1091 "Teardown frame\n", dev->name);
1095 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
1096 memset(mgmt, 0, 24);
1097 memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
1098 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
1099 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
1100 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
1101 IEEE80211_STYPE_ACTION);
1102 skb_put(skb, 1 + sizeof(mgmt->u.action.u.dls_teardown));
1103 mgmt->u.action.category = WLAN_CATEGORY_DLS;
1104 mgmt->u.action.u.dls_teardown.action_code = WLAN_ACTION_DLS_TEARDOWN;
1105 memcpy(mgmt->u.action.u.dls_teardown.dest, mac_addr, ETH_ALEN);
1106 memcpy(mgmt->u.action.u.dls_teardown.src, dev->dev_addr, ETH_ALEN);
1107 mgmt->u.action.u.dls_teardown.reason_code = cpu_to_le16(reason);
1109 ieee80211_sta_tx(dev, skb, 0);
1113 static int ieee80211_privacy_mismatch(struct net_device *dev,
1114 struct ieee80211_if_sta *ifsta)
1116 struct ieee80211_sta_bss *bss;
1119 if (!ifsta || ifsta->mixed_cell ||
1120 ifsta->key_mgmt != IEEE80211_KEY_MGMT_NONE)
1123 bss = ieee80211_rx_bss_get(dev, ifsta->bssid);
1127 if (ieee80211_sta_wep_configured(dev) !=
1128 !!(bss->capability & WLAN_CAPABILITY_PRIVACY))
1131 ieee80211_rx_bss_put(dev, bss);
1137 static void ieee80211_associate(struct net_device *dev,
1138 struct ieee80211_if_sta *ifsta)
1140 ifsta->assoc_tries++;
1141 if (ifsta->assoc_tries > IEEE80211_ASSOC_MAX_TRIES) {
1142 printk(KERN_DEBUG "%s: association with AP " MAC_FMT
1144 dev->name, MAC_ARG(ifsta->bssid));
1145 ifsta->state = IEEE80211_DISABLED;
1149 ifsta->state = IEEE80211_ASSOCIATE;
1150 printk(KERN_DEBUG "%s: associate with AP " MAC_FMT "\n",
1151 dev->name, MAC_ARG(ifsta->bssid));
1152 if (ieee80211_privacy_mismatch(dev, ifsta)) {
1153 printk(KERN_DEBUG "%s: mismatch in privacy configuration and "
1154 "mixed-cell disabled - abort association\n", dev->name);
1155 ifsta->state = IEEE80211_DISABLED;
1159 ieee80211_send_assoc(dev, ifsta);
1161 mod_timer(&ifsta->timer, jiffies + IEEE80211_ASSOC_TIMEOUT);
1165 static void ieee80211_associated(struct net_device *dev,
1166 struct ieee80211_if_sta *ifsta)
1168 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1169 struct sta_info *sta;
1172 /* TODO: start monitoring current AP signal quality and number of
1173 * missed beacons. Scan other channels every now and then and search
1174 * for better APs. */
1175 /* TODO: remove expired BSSes */
1177 ifsta->state = IEEE80211_ASSOCIATED;
1179 sta = sta_info_get(local, ifsta->bssid);
1181 printk(KERN_DEBUG "%s: No STA entry for own AP " MAC_FMT "\n",
1182 dev->name, MAC_ARG(ifsta->bssid));
1186 if (time_after(jiffies,
1187 sta->last_rx + IEEE80211_MONITORING_INTERVAL)) {
1188 if (ifsta->probereq_poll) {
1189 printk(KERN_DEBUG "%s: No ProbeResp from "
1190 "current AP " MAC_FMT " - assume out of "
1192 dev->name, MAC_ARG(ifsta->bssid));
1194 sta_info_free(sta, 0);
1195 ifsta->probereq_poll = 0;
1197 ieee80211_send_probe_req(dev, ifsta->bssid,
1199 local->scan_ssid_len);
1200 ifsta->probereq_poll = 1;
1203 ifsta->probereq_poll = 0;
1204 if (time_after(jiffies, ifsta->last_probe +
1205 IEEE80211_PROBE_INTERVAL)) {
1206 ifsta->last_probe = jiffies;
1207 ieee80211_send_probe_req(dev, ifsta->bssid,
1215 union iwreq_data wrqu;
1216 memset(wrqu.ap_addr.sa_data, 0, ETH_ALEN);
1217 wrqu.ap_addr.sa_family = ARPHRD_ETHER;
1218 wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL);
1219 mod_timer(&ifsta->timer, jiffies +
1220 IEEE80211_MONITORING_INTERVAL + 30 * HZ);
1222 mod_timer(&ifsta->timer, jiffies +
1223 IEEE80211_MONITORING_INTERVAL);
1228 static void ieee80211_send_probe_req(struct net_device *dev, u8 *dst,
1229 u8 *ssid, size_t ssid_len)
1231 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1232 struct ieee80211_hw_mode *mode;
1233 struct sk_buff *skb;
1234 struct ieee80211_mgmt *mgmt;
1235 u8 *pos, *supp_rates, *esupp_rates = NULL;
1238 skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt) + 200);
1240 printk(KERN_DEBUG "%s: failed to allocate buffer for probe "
1241 "request\n", dev->name);
1244 skb_reserve(skb, local->hw.extra_tx_headroom);
1246 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
1247 memset(mgmt, 0, 24);
1248 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
1249 IEEE80211_STYPE_PROBE_REQ);
1250 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
1252 memcpy(mgmt->da, dst, ETH_ALEN);
1253 memcpy(mgmt->bssid, dst, ETH_ALEN);
1255 memset(mgmt->da, 0xff, ETH_ALEN);
1256 memset(mgmt->bssid, 0xff, ETH_ALEN);
1258 pos = skb_put(skb, 2 + ssid_len);
1259 *pos++ = WLAN_EID_SSID;
1261 memcpy(pos, ssid, ssid_len);
1263 supp_rates = skb_put(skb, 2);
1264 supp_rates[0] = WLAN_EID_SUPP_RATES;
1266 mode = local->oper_hw_mode;
1267 for (i = 0; i < mode->num_rates; i++) {
1268 struct ieee80211_rate *rate = &mode->rates[i];
1269 if (!(rate->flags & IEEE80211_RATE_SUPPORTED))
1272 pos = skb_put(skb, 1);
1274 } else if (supp_rates[1] == 8) {
1275 esupp_rates = skb_put(skb, 3);
1276 esupp_rates[0] = WLAN_EID_EXT_SUPP_RATES;
1278 pos = &esupp_rates[2];
1280 pos = skb_put(skb, 1);
1283 if (mode->mode == MODE_ATHEROS_TURBO)
1284 *pos = rate->rate / 10;
1286 *pos = rate->rate / 5;
1289 ieee80211_sta_tx(dev, skb, 0);
1293 static int ieee80211_sta_wep_configured(struct net_device *dev)
1295 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1296 if (!sdata || !sdata->default_key ||
1297 sdata->default_key->alg != ALG_WEP)
1303 static void ieee80211_auth_completed(struct net_device *dev,
1304 struct ieee80211_if_sta *ifsta)
1306 printk(KERN_DEBUG "%s: authenticated\n", dev->name);
1307 ifsta->authenticated = 1;
1308 ieee80211_associate(dev, ifsta);
1312 static void ieee80211_auth_challenge(struct net_device *dev,
1313 struct ieee80211_if_sta *ifsta,
1314 struct ieee80211_mgmt *mgmt,
1318 struct ieee802_11_elems elems;
1320 printk(KERN_DEBUG "%s: replying to auth challenge\n", dev->name);
1321 pos = mgmt->u.auth.variable;
1322 if (ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems)
1324 printk(KERN_DEBUG "%s: failed to parse Auth(challenge)\n",
1328 if (!elems.challenge) {
1329 printk(KERN_DEBUG "%s: no challenge IE in shared key auth "
1330 "frame\n", dev->name);
1333 ieee80211_send_auth(dev, ifsta, 3, elems.challenge - 2,
1334 elems.challenge_len + 2, 1);
1338 static void ieee80211_rx_mgmt_auth(struct net_device *dev,
1339 struct ieee80211_if_sta *ifsta,
1340 struct ieee80211_mgmt *mgmt,
1343 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1344 u16 auth_alg, auth_transaction, status_code;
1346 if (ifsta->state != IEEE80211_AUTHENTICATE &&
1347 sdata->type != IEEE80211_IF_TYPE_IBSS) {
1348 printk(KERN_DEBUG "%s: authentication frame received from "
1349 MAC_FMT ", but not in authenticate state - ignored\n",
1350 dev->name, MAC_ARG(mgmt->sa));
1355 printk(KERN_DEBUG "%s: too short (%zd) authentication frame "
1356 "received from " MAC_FMT " - ignored\n",
1357 dev->name, len, MAC_ARG(mgmt->sa));
1361 if (sdata->type != IEEE80211_IF_TYPE_IBSS &&
1362 memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) {
1363 printk(KERN_DEBUG "%s: authentication frame received from "
1364 "unknown AP (SA=" MAC_FMT " BSSID=" MAC_FMT ") - "
1365 "ignored\n", dev->name, MAC_ARG(mgmt->sa),
1366 MAC_ARG(mgmt->bssid));
1370 if (sdata->type != IEEE80211_IF_TYPE_IBSS &&
1371 memcmp(ifsta->bssid, mgmt->bssid, ETH_ALEN) != 0) {
1372 printk(KERN_DEBUG "%s: authentication frame received from "
1373 "unknown BSSID (SA=" MAC_FMT " BSSID=" MAC_FMT ") - "
1374 "ignored\n", dev->name, MAC_ARG(mgmt->sa),
1375 MAC_ARG(mgmt->bssid));
1379 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
1380 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
1381 status_code = le16_to_cpu(mgmt->u.auth.status_code);
1383 printk(KERN_DEBUG "%s: RX authentication from " MAC_FMT " (alg=%d "
1384 "transaction=%d status=%d)\n",
1385 dev->name, MAC_ARG(mgmt->sa), auth_alg,
1386 auth_transaction, status_code);
1388 if (sdata->type == IEEE80211_IF_TYPE_IBSS) {
1389 /* IEEE 802.11 standard does not require authentication in IBSS
1390 * networks and most implementations do not seem to use it.
1391 * However, try to reply to authentication attempts if someone
1392 * has actually implemented this.
1393 * TODO: Could implement shared key authentication. */
1394 if (auth_alg != WLAN_AUTH_OPEN || auth_transaction != 1) {
1395 printk(KERN_DEBUG "%s: unexpected IBSS authentication "
1396 "frame (alg=%d transaction=%d)\n",
1397 dev->name, auth_alg, auth_transaction);
1400 ieee80211_send_auth(dev, ifsta, 2, NULL, 0, 0);
1403 if (auth_alg != ifsta->auth_alg ||
1404 auth_transaction != ifsta->auth_transaction) {
1405 printk(KERN_DEBUG "%s: unexpected authentication frame "
1406 "(alg=%d transaction=%d)\n",
1407 dev->name, auth_alg, auth_transaction);
1411 if (status_code != WLAN_STATUS_SUCCESS) {
1412 printk(KERN_DEBUG "%s: AP denied authentication (auth_alg=%d "
1413 "code=%d)\n", dev->name, ifsta->auth_alg, status_code);
1414 if (status_code == WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG) {
1416 const int num_algs = ARRAY_SIZE(algs);
1418 algs[0] = algs[1] = algs[2] = 0xff;
1419 if (ifsta->auth_algs & IEEE80211_AUTH_ALG_OPEN)
1420 algs[0] = WLAN_AUTH_OPEN;
1421 if (ifsta->auth_algs & IEEE80211_AUTH_ALG_SHARED_KEY)
1422 algs[1] = WLAN_AUTH_SHARED_KEY;
1423 if (ifsta->auth_algs & IEEE80211_AUTH_ALG_LEAP)
1424 algs[2] = WLAN_AUTH_LEAP;
1425 if (ifsta->auth_alg == WLAN_AUTH_OPEN)
1427 else if (ifsta->auth_alg == WLAN_AUTH_SHARED_KEY)
1431 for (i = 0; i < num_algs; i++) {
1433 if (pos >= num_algs)
1435 if (algs[pos] == ifsta->auth_alg ||
1438 if (algs[pos] == WLAN_AUTH_SHARED_KEY &&
1439 !ieee80211_sta_wep_configured(dev))
1441 ifsta->auth_alg = algs[pos];
1442 printk(KERN_DEBUG "%s: set auth_alg=%d for "
1444 dev->name, ifsta->auth_alg);
1451 switch (ifsta->auth_alg) {
1452 case WLAN_AUTH_OPEN:
1453 case WLAN_AUTH_LEAP:
1454 ieee80211_auth_completed(dev, ifsta);
1456 case WLAN_AUTH_SHARED_KEY:
1457 if (ifsta->auth_transaction == 4)
1458 ieee80211_auth_completed(dev, ifsta);
1460 ieee80211_auth_challenge(dev, ifsta, mgmt, len);
1466 static void ieee80211_rx_mgmt_deauth(struct net_device *dev,
1467 struct ieee80211_if_sta *ifsta,
1468 struct ieee80211_mgmt *mgmt,
1474 printk(KERN_DEBUG "%s: too short (%zd) deauthentication frame "
1475 "received from " MAC_FMT " - ignored\n",
1476 dev->name, len, MAC_ARG(mgmt->sa));
1480 if (memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) {
1481 printk(KERN_DEBUG "%s: deauthentication frame received from "
1482 "unknown AP (SA=" MAC_FMT " BSSID=" MAC_FMT ") - "
1483 "ignored\n", dev->name, MAC_ARG(mgmt->sa),
1484 MAC_ARG(mgmt->bssid));
1488 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
1490 printk(KERN_DEBUG "%s: RX deauthentication from " MAC_FMT
1492 dev->name, MAC_ARG(mgmt->sa), reason_code);
1494 if (ifsta->authenticated) {
1495 printk(KERN_DEBUG "%s: deauthenticated\n", dev->name);
1498 if (ifsta->state == IEEE80211_AUTHENTICATE ||
1499 ifsta->state == IEEE80211_ASSOCIATE ||
1500 ifsta->state == IEEE80211_ASSOCIATED) {
1501 ifsta->state = IEEE80211_AUTHENTICATE;
1502 mod_timer(&ifsta->timer, jiffies +
1503 IEEE80211_RETRY_AUTH_INTERVAL);
1506 ieee80211_set_disassoc(dev, ifsta, 1);
1507 ifsta->authenticated = 0;
1511 static void ieee80211_rx_mgmt_disassoc(struct net_device *dev,
1512 struct ieee80211_if_sta *ifsta,
1513 struct ieee80211_mgmt *mgmt,
1519 printk(KERN_DEBUG "%s: too short (%zd) disassociation frame "
1520 "received from " MAC_FMT " - ignored\n",
1521 dev->name, len, MAC_ARG(mgmt->sa));
1525 if (memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) {
1526 printk(KERN_DEBUG "%s: disassociation frame received from "
1527 "unknown AP (SA=" MAC_FMT " BSSID=" MAC_FMT ") - "
1528 "ignored\n", dev->name, MAC_ARG(mgmt->sa),
1529 MAC_ARG(mgmt->bssid));
1533 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
1535 printk(KERN_DEBUG "%s: RX disassociation from " MAC_FMT
1537 dev->name, MAC_ARG(mgmt->sa), reason_code);
1539 if (ifsta->associated)
1540 printk(KERN_DEBUG "%s: disassociated\n", dev->name);
1542 if (ifsta->state == IEEE80211_ASSOCIATED) {
1543 ifsta->state = IEEE80211_ASSOCIATE;
1544 mod_timer(&ifsta->timer, jiffies +
1545 IEEE80211_RETRY_AUTH_INTERVAL);
1548 ieee80211_set_disassoc(dev, ifsta, 0);
1552 static void ieee80211_rx_mgmt_assoc_resp(struct net_device *dev,
1553 struct ieee80211_if_sta *ifsta,
1554 struct ieee80211_mgmt *mgmt,
1558 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1559 struct ieee80211_hw_mode *mode;
1560 struct sta_info *sta;
1562 u16 capab_info, status_code, aid;
1563 struct ieee802_11_elems elems;
1567 /* AssocResp and ReassocResp have identical structure, so process both
1568 * of them in this function. */
1570 if (ifsta->state != IEEE80211_ASSOCIATE) {
1571 printk(KERN_DEBUG "%s: association frame received from "
1572 MAC_FMT ", but not in associate state - ignored\n",
1573 dev->name, MAC_ARG(mgmt->sa));
1578 printk(KERN_DEBUG "%s: too short (%zd) association frame "
1579 "received from " MAC_FMT " - ignored\n",
1580 dev->name, len, MAC_ARG(mgmt->sa));
1584 if (memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) {
1585 printk(KERN_DEBUG "%s: association frame received from "
1586 "unknown AP (SA=" MAC_FMT " BSSID=" MAC_FMT ") - "
1587 "ignored\n", dev->name, MAC_ARG(mgmt->sa),
1588 MAC_ARG(mgmt->bssid));
1592 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
1593 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
1594 aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
1595 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14)))
1596 printk(KERN_DEBUG "%s: invalid aid value %d; bits 15:14 not "
1597 "set\n", dev->name, aid);
1598 aid &= ~(BIT(15) | BIT(14));
1600 printk(KERN_DEBUG "%s: RX %sssocResp from " MAC_FMT " (capab=0x%x "
1601 "status=%d aid=%d)\n",
1602 dev->name, reassoc ? "Rea" : "A", MAC_ARG(mgmt->sa),
1603 capab_info, status_code, aid);
1605 if (status_code != WLAN_STATUS_SUCCESS) {
1606 printk(KERN_DEBUG "%s: AP denied association (code=%d)\n",
1607 dev->name, status_code);
1608 if (status_code == WLAN_STATUS_REASSOC_NO_ASSOC)
1609 ifsta->prev_bssid_set = 0;
1613 pos = mgmt->u.assoc_resp.variable;
1614 if (ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems)
1616 printk(KERN_DEBUG "%s: failed to parse AssocResp\n",
1621 if (!elems.supp_rates) {
1622 printk(KERN_DEBUG "%s: no SuppRates element in AssocResp\n",
1627 printk(KERN_DEBUG "%s: associated\n", dev->name);
1629 ifsta->ap_capab = capab_info;
1631 kfree(ifsta->assocresp_ies);
1632 ifsta->assocresp_ies_len = len - (pos - (u8 *) mgmt);
1633 ifsta->assocresp_ies = kmalloc(ifsta->assocresp_ies_len, GFP_ATOMIC);
1634 if (ifsta->assocresp_ies)
1635 memcpy(ifsta->assocresp_ies, pos, ifsta->assocresp_ies_len);
1637 ieee80211_set_associated(dev, ifsta, 1);
1639 /* Add STA entry for the AP */
1640 sta = sta_info_get(local, ifsta->bssid);
1642 struct ieee80211_sta_bss *bss;
1643 sta = sta_info_add(local, dev, ifsta->bssid, GFP_ATOMIC);
1645 printk(KERN_DEBUG "%s: failed to add STA entry for the"
1646 " AP\n", dev->name);
1649 bss = ieee80211_rx_bss_get(dev, ifsta->bssid);
1651 sta->last_rssi = bss->rssi;
1652 sta->last_signal = bss->signal;
1653 sta->last_noise = bss->noise;
1654 ieee80211_rx_bss_put(dev, bss);
1659 sta->flags |= WLAN_STA_AUTH | WLAN_STA_ASSOC;
1663 mode = local->oper_hw_mode;
1664 for (i = 0; i < elems.supp_rates_len; i++) {
1665 int rate = (elems.supp_rates[i] & 0x7f) * 5;
1666 if (mode->mode == MODE_ATHEROS_TURBO)
1668 for (j = 0; j < mode->num_rates; j++)
1669 if (mode->rates[j].rate == rate)
1672 for (i = 0; i < elems.ext_supp_rates_len; i++) {
1673 int rate = (elems.ext_supp_rates[i] & 0x7f) * 5;
1674 if (mode->mode == MODE_ATHEROS_TURBO)
1676 for (j = 0; j < mode->num_rates; j++)
1677 if (mode->rates[j].rate == rate)
1680 sta->supp_rates = rates;
1682 if (elems.ht_extra_param && elems.ht_cap_param && elems.wmm_param &&
1683 ifsta->ht_enabled && local->ops->conf_ht){
1686 rc = local->ops->conf_ht(local_to_hw(local),
1687 (struct ieee80211_ht_capability *)
1689 (struct ieee80211_ht_additional_info *)
1690 elems.ht_extra_param);
1692 sta->flags |= WLAN_STA_HT;
1696 rate_control_rate_init(sta, local);
1698 if (elems.wmm_param && ifsta->wmm_enabled) {
1699 sta->flags |= WLAN_STA_WME;
1700 ieee80211_sta_wmm_params(dev, ifsta, elems.wmm_param,
1701 elems.wmm_param_len);
1707 ieee80211_associated(dev, ifsta);
1710 static u32 calculate_mpdu_exchange_time(struct ieee80211_local *local,
1711 struct ieee80211_elem_tspec *tspec)
1714 * FIXME: MPDUExchangeTime = duration(Nominal MSDU Size, Min PHY Rate) +
1715 * SIFS + ACK duration
1717 int extra = 0; /* SIFS + ACK */
1719 switch (local->hw.conf.phymode) {
1720 case MODE_IEEE80211A:
1723 case MODE_IEEE80211B:
1726 case MODE_IEEE80211G:
1731 return (tspec->nominal_msdu_size * 8) /
1732 (tspec->min_phy_rate / 1000000) + extra;
1735 static void sta_update_tspec(struct ieee80211_local *local,
1736 struct ieee80211_if_sta *ifsta,
1737 int action, struct ieee80211_elem_tspec *tspec)
1739 u8 tsid = IEEE80211_TSINFO_TSID(tspec->ts_info);
1740 u8 index = ieee80211_ts_index(IEEE80211_TSINFO_DIR(tspec->ts_info));
1743 case WLAN_ACTION_QOS_ADDTS_RESP:
1744 ifsta->ts_data[tsid][index].status = TS_STATUS_ACTIVE;
1745 ifsta->ts_data[tsid][index].up =
1746 IEEE80211_TSINFO_UP(tspec->ts_info);
1747 ifsta->ts_data[tsid][index].used_time_usec = 0;
1748 ifsta->ts_data[tsid][index].admitted_time_usec +=
1749 ifsta->dot11EDCAAveragingPeriod * tspec->medium_time * 32;
1750 ifsta->MPDUExchangeTime =
1751 calculate_mpdu_exchange_time(local, tspec);
1753 case WLAN_ACTION_QOS_DELTS:
1754 ifsta->ts_data[tsid][index].status = TS_STATUS_INACTIVE;
1755 ifsta->ts_data[tsid][index].used_time_usec = 0;
1756 ifsta->ts_data[tsid][index].admitted_time_usec -=
1757 ifsta->dot11EDCAAveragingPeriod * tspec->medium_time * 32;
1758 if (ifsta->ts_data[tsid][index].admitted_time_usec < 0)
1759 ifsta->ts_data[tsid][index].admitted_time_usec = 0;
1760 ifsta->MPDUExchangeTime = 0;
1763 printk(KERN_ERR "%s: invalid action type %d\n", __FUNCTION__,
1769 static void sta_parse_tspec(struct net_device *dev,
1770 struct ieee80211_if_sta *ifsta,
1771 struct ieee80211_mgmt *mgmt, size_t len, u8 prefix,
1772 struct ieee80211_elem_tspec *tspec)
1774 struct ieee802_11_elems elems;
1778 printk(KERN_DEBUG "Dialog_token: %d, TID: %u, Direction: %u, PSB: %d, "
1779 "UP: %d\n", mgmt->u.action.u.wme_action.dialog_token,
1780 IEEE80211_TSINFO_TSID(tspec->ts_info),
1781 IEEE80211_TSINFO_DIR(tspec->ts_info),
1782 IEEE80211_TSINFO_APSD(tspec->ts_info),
1783 IEEE80211_TSINFO_UP(tspec->ts_info));
1786 if (mgmt->u.action.category == WLAN_CATEGORY_QOS)
1787 pos = mgmt->u.action.u.addts_resp.variable + prefix;
1789 pos = mgmt->u.action.u.wme_action.variable + prefix;
1791 if (ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems)
1793 printk(KERN_DEBUG "%s: failed to parse TSPEC\n", dev->name);
1796 memcpy(tspec, elems.tspec, sizeof(*tspec));
1799 int dls_link_status(struct ieee80211_local *local, u8 *addr)
1801 struct sta_info *dls;
1802 int ret = DLS_STATUS_NOLINK;
1804 if ((dls = dls_info_get(local, addr)) != NULL) {
1805 ret = dls->dls_status;
1811 static void sta_process_dls_req(struct net_device *dev,
1812 struct ieee80211_if_sta *ifsta,
1813 struct ieee80211_mgmt *mgmt, size_t len)
1815 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1816 struct sta_info *dls;
1817 u8 *src = mgmt->u.action.u.dls_req.src;
1818 struct ieee802_11_elems elems;
1819 struct ieee80211_rate *rates;
1820 size_t baselen, num_rates;
1822 struct ieee80211_hw_mode *mode;
1825 printk(KERN_DEBUG "Receive DLS request from "
1826 "%02X:%02X:%02X:%02X:%02X:%02X\n",
1827 src[0], src[1], src[2], src[3], src[4], src[5]);
1829 baselen = (u8 *)mgmt->u.action.u.dls_req.variable - (u8 *)mgmt;
1833 if (ieee802_11_parse_elems(mgmt->u.action.u.dls_req.variable,
1834 len - baselen, &elems) == ParseFailed) {
1835 printk(KERN_ERR "DLS Parse support rates failed.\n");
1838 mode = local->sta_scanning ?
1839 local->scan_hw_mode : local->oper_hw_mode;
1840 rates = mode->rates;
1841 num_rates = mode->num_rates;
1843 for (i = 0; i < elems.supp_rates_len + elems.ext_supp_rates_len; i++) {
1845 if (i < elems.supp_rates_len)
1846 rate = elems.supp_rates[i];
1847 else if (elems.ext_supp_rates)
1848 rate = elems.ext_supp_rates[i - elems.supp_rates_len];
1849 rate = 5 * (rate & 0x7f);
1850 if (mode->mode == MODE_ATHEROS_TURBO)
1852 for (j = 0; j < num_rates; j++)
1853 if (rates[j].rate == rate)
1854 supp_rates |= BIT(j);
1856 if (supp_rates == 0) {
1857 /* Send DLS failed Response to the peer because
1858 * the supported rates are mismatch */
1859 ieee80211_send_dls_resp(dev, ifsta, src,
1860 WLAN_REASON_QSTA_NOT_USE);
1864 dls = dls_info_get(local, src);
1866 dls = sta_info_add(local, dev, src, GFP_ATOMIC);
1870 dls->dls_status = DLS_STATUS_OK;
1871 dls->dls_timeout = le16_to_cpu(mgmt->u.action.u.dls_req.timeout);
1872 dls->supp_rates = supp_rates;
1874 /* Send DLS successful Response to the peer */
1875 ieee80211_send_dls_resp(dev, ifsta, src, 0);
1879 static void sta_process_dls_resp(struct net_device *dev,
1880 struct ieee80211_if_sta *ifsta,
1881 struct ieee80211_mgmt *mgmt, size_t len)
1883 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1884 struct sta_info *dls;
1885 u8 *src = mgmt->u.action.u.dls_resp.src;
1886 struct ieee802_11_elems elems;
1887 struct ieee80211_rate *rates;
1888 size_t baselen, num_rates;
1890 struct ieee80211_hw_mode *mode;
1893 printk(KERN_DEBUG "Receive DLS response from "
1894 "%02X:%02X:%02X:%02X:%02X:%02X\n",
1895 src[0], src[1], src[2], src[3], src[4], src[5]);
1897 if (mgmt->u.action.u.dls_resp.status_code) {
1898 printk(KERN_ERR "DLS setup refused by peer. Reason %d\n",
1899 mgmt->u.action.u.dls_resp.status_code);
1903 baselen = (u8 *)mgmt->u.action.u.dls_resp.variable - (u8 *)mgmt;
1907 if (ieee802_11_parse_elems(mgmt->u.action.u.dls_resp.variable,
1908 len - baselen, &elems) == ParseFailed) {
1909 printk(KERN_ERR "DLS Parse support rates failed.\n");
1912 mode = local->sta_scanning ?
1913 local->scan_hw_mode : local->oper_hw_mode;
1914 rates = mode->rates;
1915 num_rates = mode->num_rates;
1917 for (i = 0; i < elems.supp_rates_len + elems.ext_supp_rates_len; i++) {
1919 if (i < elems.supp_rates_len)
1920 rate = elems.supp_rates[i];
1921 else if (elems.ext_supp_rates)
1922 rate = elems.ext_supp_rates[i - elems.supp_rates_len];
1923 rate = 5 * (rate & 0x7f);
1924 if (mode->mode == MODE_ATHEROS_TURBO)
1926 for (j = 0; j < num_rates; j++)
1927 if (rates[j].rate == rate)
1928 supp_rates |= BIT(j);
1931 dls = dls_info_get(local, src);
1933 dls = sta_info_add(local, dev, src, GFP_ATOMIC);
1937 dls->supp_rates = supp_rates;
1938 dls->dls_status = DLS_STATUS_OK;
1943 static void sta_process_dls_teardown(struct net_device *dev,
1944 struct ieee80211_if_sta *ifsta,
1945 struct ieee80211_mgmt *mgmt, size_t len)
1947 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1948 u8 *src = mgmt->u.action.u.dls_teardown.src;
1949 struct sta_info *dls;
1951 printk(KERN_DEBUG "DLS Teardown received from "
1952 "%02X:%02X:%02X:%02X:%02X:%02X. Reason %d\n",
1953 src[0], src[1], src[2], src[3], src[4], src[5],
1954 mgmt->u.action.u.dls_teardown.reason_code);
1956 dls = dls_info_get(local, src);
1958 sta_info_free(dls, 0);
1963 /* Caller must hold local->sta_bss_lock */
1964 static void __ieee80211_rx_bss_hash_add(struct net_device *dev,
1965 struct ieee80211_sta_bss *bss)
1967 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1968 bss->hnext = local->sta_bss_hash[STA_HASH(bss->bssid)];
1969 local->sta_bss_hash[STA_HASH(bss->bssid)] = bss;
1973 /* Caller must hold local->sta_bss_lock */
1974 static void __ieee80211_rx_bss_hash_del(struct net_device *dev,
1975 struct ieee80211_sta_bss *bss)
1977 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1978 struct ieee80211_sta_bss *b, *prev = NULL;
1979 b = local->sta_bss_hash[STA_HASH(bss->bssid)];
1983 local->sta_bss_hash[STA_HASH(bss->bssid)] =
1986 prev->hnext = bss->hnext;
1995 static struct ieee80211_sta_bss *
1996 ieee80211_rx_bss_add(struct net_device *dev, u8 *bssid)
1998 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1999 struct ieee80211_sta_bss *bss;
2001 bss = kmalloc(sizeof(*bss), GFP_ATOMIC);
2004 memset(bss, 0, sizeof(*bss));
2005 atomic_inc(&bss->users);
2006 atomic_inc(&bss->users);
2007 memcpy(bss->bssid, bssid, ETH_ALEN);
2009 spin_lock_bh(&local->sta_bss_lock);
2010 /* TODO: order by RSSI? */
2011 list_add_tail(&bss->list, &local->sta_bss_list);
2012 __ieee80211_rx_bss_hash_add(dev, bss);
2013 spin_unlock_bh(&local->sta_bss_lock);
2018 static struct ieee80211_sta_bss *
2019 ieee80211_rx_bss_get(struct net_device *dev, u8 *bssid)
2021 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2022 struct ieee80211_sta_bss *bss;
2024 spin_lock_bh(&local->sta_bss_lock);
2025 bss = local->sta_bss_hash[STA_HASH(bssid)];
2027 if (memcmp(bss->bssid, bssid, ETH_ALEN) == 0) {
2028 atomic_inc(&bss->users);
2033 spin_unlock_bh(&local->sta_bss_lock);
2038 static void ieee80211_rx_bss_free(struct ieee80211_sta_bss *bss)
2048 static void ieee80211_rx_bss_put(struct net_device *dev,
2049 struct ieee80211_sta_bss *bss)
2051 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2052 if (!atomic_dec_and_test(&bss->users))
2055 spin_lock_bh(&local->sta_bss_lock);
2056 __ieee80211_rx_bss_hash_del(dev, bss);
2057 list_del(&bss->list);
2058 spin_unlock_bh(&local->sta_bss_lock);
2059 ieee80211_rx_bss_free(bss);
2063 void ieee80211_rx_bss_list_init(struct net_device *dev)
2065 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2066 spin_lock_init(&local->sta_bss_lock);
2067 INIT_LIST_HEAD(&local->sta_bss_list);
2071 void ieee80211_rx_bss_list_deinit(struct net_device *dev)
2073 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2074 struct ieee80211_sta_bss *bss, *tmp;
2076 list_for_each_entry_safe(bss, tmp, &local->sta_bss_list, list)
2077 ieee80211_rx_bss_put(dev, bss);
2081 static void ieee80211_rx_bss_info(struct net_device *dev,
2082 struct ieee80211_mgmt *mgmt,
2084 struct ieee80211_rx_status *rx_status,
2087 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2088 struct ieee802_11_elems elems;
2090 int channel, invalid = 0, clen;
2091 struct ieee80211_sta_bss *bss;
2092 struct sta_info *sta;
2093 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2096 if (!beacon && memcmp(mgmt->da, dev->dev_addr, ETH_ALEN))
2097 return; /* ignore ProbeResp to foreign address */
2100 printk(KERN_DEBUG "%s: RX %s from " MAC_FMT " to " MAC_FMT "\n",
2101 dev->name, beacon ? "Beacon" : "Probe Response",
2102 MAC_ARG(mgmt->sa), MAC_ARG(mgmt->da));
2105 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
2109 timestamp = le64_to_cpu(mgmt->u.beacon.timestamp);
2111 if (sdata->type == IEEE80211_IF_TYPE_IBSS && beacon &&
2112 memcmp(mgmt->bssid, sdata->u.sta.bssid, ETH_ALEN) == 0) {
2113 #ifdef CONFIG_MAC80211_IBSS_DEBUG
2114 static unsigned long last_tsf_debug = 0;
2116 if (local->ops->get_tsf)
2117 tsf = local->ops->get_tsf(local_to_hw(local));
2120 if (time_after(jiffies, last_tsf_debug + 5 * HZ)) {
2121 printk(KERN_DEBUG "RX beacon SA=" MAC_FMT " BSSID="
2122 MAC_FMT " TSF=0x%llx BCN=0x%llx diff=%lld "
2124 MAC_ARG(mgmt->sa), MAC_ARG(mgmt->bssid),
2125 (unsigned long long)tsf,
2126 (unsigned long long)timestamp,
2127 (unsigned long long)(tsf - timestamp),
2129 last_tsf_debug = jiffies;
2131 #endif /* CONFIG_MAC80211_IBSS_DEBUG */
2134 if (ieee802_11_parse_elems(mgmt->u.beacon.variable, len - baselen,
2135 &elems) == ParseFailed)
2138 if (sdata->type == IEEE80211_IF_TYPE_IBSS && elems.supp_rates &&
2139 memcmp(mgmt->bssid, sdata->u.sta.bssid, ETH_ALEN) == 0 &&
2140 (sta = sta_info_get(local, mgmt->sa))) {
2141 struct ieee80211_hw_mode *mode;
2142 struct ieee80211_rate *rates;
2144 u32 supp_rates, prev_rates;
2147 mode = local->sta_scanning ?
2148 local->scan_hw_mode : local->oper_hw_mode;
2149 rates = mode->rates;
2150 num_rates = mode->num_rates;
2153 for (i = 0; i < elems.supp_rates_len +
2154 elems.ext_supp_rates_len; i++) {
2157 if (i < elems.supp_rates_len)
2158 rate = elems.supp_rates[i];
2159 else if (elems.ext_supp_rates)
2160 rate = elems.ext_supp_rates
2161 [i - elems.supp_rates_len];
2162 own_rate = 5 * (rate & 0x7f);
2163 if (mode->mode == MODE_ATHEROS_TURBO)
2165 for (j = 0; j < num_rates; j++)
2166 if (rates[j].rate == own_rate)
2167 supp_rates |= BIT(j);
2170 prev_rates = sta->supp_rates;
2171 sta->supp_rates &= supp_rates;
2172 if (sta->supp_rates == 0) {
2173 /* No matching rates - this should not really happen.
2174 * Make sure that at least one rate is marked
2175 * supported to avoid issues with TX rate ctrl. */
2176 sta->supp_rates = sdata->u.sta.supp_rates_bits;
2178 if (sta->supp_rates != prev_rates) {
2179 printk(KERN_DEBUG "%s: updated supp_rates set for "
2180 MAC_FMT " based on beacon info (0x%x & 0x%x -> "
2182 dev->name, MAC_ARG(sta->addr), prev_rates,
2183 supp_rates, sta->supp_rates);
2191 if (elems.ds_params && elems.ds_params_len == 1)
2192 channel = elems.ds_params[0];
2194 channel = rx_status->channel;
2196 bss = ieee80211_rx_bss_get(dev, mgmt->bssid);
2198 bss = ieee80211_rx_bss_add(dev, mgmt->bssid);
2203 /* TODO: order by RSSI? */
2204 spin_lock_bh(&local->sta_bss_lock);
2205 list_move_tail(&bss->list, &local->sta_bss_list);
2206 spin_unlock_bh(&local->sta_bss_lock);
2210 if (bss->probe_resp && beacon) {
2211 /* Do not allow beacon to override data from Probe Response. */
2212 ieee80211_rx_bss_put(dev, bss);
2216 bss->beacon_int = le16_to_cpu(mgmt->u.beacon.beacon_int);
2217 bss->capability = le16_to_cpu(mgmt->u.beacon.capab_info);
2218 if (elems.ssid && elems.ssid_len <= IEEE80211_MAX_SSID_LEN) {
2219 memcpy(bss->ssid, elems.ssid, elems.ssid_len);
2220 bss->ssid_len = elems.ssid_len;
2223 bss->supp_rates_len = 0;
2224 if (elems.supp_rates) {
2225 clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len;
2226 if (clen > elems.supp_rates_len)
2227 clen = elems.supp_rates_len;
2228 memcpy(&bss->supp_rates[bss->supp_rates_len], elems.supp_rates,
2230 bss->supp_rates_len += clen;
2232 if (elems.ext_supp_rates) {
2233 clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len;
2234 if (clen > elems.ext_supp_rates_len)
2235 clen = elems.ext_supp_rates_len;
2236 memcpy(&bss->supp_rates[bss->supp_rates_len],
2237 elems.ext_supp_rates, clen);
2238 bss->supp_rates_len += clen;
2242 (!bss->wpa_ie || bss->wpa_ie_len != elems.wpa_len ||
2243 memcmp(bss->wpa_ie, elems.wpa, elems.wpa_len))) {
2245 bss->wpa_ie = kmalloc(elems.wpa_len + 2, GFP_ATOMIC);
2247 memcpy(bss->wpa_ie, elems.wpa - 2, elems.wpa_len + 2);
2248 bss->wpa_ie_len = elems.wpa_len + 2;
2250 bss->wpa_ie_len = 0;
2251 } else if (!elems.wpa && bss->wpa_ie) {
2254 bss->wpa_ie_len = 0;
2258 (!bss->rsn_ie || bss->rsn_ie_len != elems.rsn_len ||
2259 memcmp(bss->rsn_ie, elems.rsn, elems.rsn_len))) {
2261 bss->rsn_ie = kmalloc(elems.rsn_len + 2, GFP_ATOMIC);
2263 memcpy(bss->rsn_ie, elems.rsn - 2, elems.rsn_len + 2);
2264 bss->rsn_ie_len = elems.rsn_len + 2;
2266 bss->rsn_ie_len = 0;
2267 } else if (!elems.rsn && bss->rsn_ie) {
2270 bss->rsn_ie_len = 0;
2273 if (elems.wmm_param &&
2274 (!bss->wmm_ie || bss->wmm_ie_len != elems.wmm_param_len ||
2275 memcmp(bss->wmm_ie, elems.wmm_param, elems.wmm_param_len))) {
2277 bss->wmm_ie = kmalloc(elems.wmm_param_len + 2, GFP_ATOMIC);
2279 memcpy(bss->wmm_ie, elems.wmm_param - 2,
2280 elems.wmm_param_len + 2);
2281 bss->wmm_ie_len = elems.wmm_param_len + 2;
2283 bss->wmm_ie_len = 0;
2284 } else if (!elems.wmm_param && bss->wmm_ie) {
2287 bss->wmm_ie_len = 0;
2290 if (elems.ht_cap_param &&
2291 (!bss->ht_ie || bss->ht_ie_len != elems.ht_cap_param_len ||
2292 memcmp(bss->ht_ie, elems.ht_cap_param, elems.ht_cap_param_len))) {
2295 bss->ht_ie = kmalloc(elems.ht_cap_param_len + 2, GFP_ATOMIC);
2297 memcpy(bss->ht_ie, elems.ht_cap_param - 2,
2298 elems.ht_cap_param_len + 2);
2299 bss->ht_ie_len = elems.ht_cap_param_len + 2;
2302 } else if (!elems.ht_cap_param && bss->ht_ie) {
2308 bss->hw_mode = rx_status->phymode;
2309 bss->channel = channel;
2310 bss->freq = rx_status->freq;
2311 if (channel != rx_status->channel &&
2312 (bss->hw_mode == MODE_IEEE80211G ||
2313 bss->hw_mode == MODE_IEEE80211B) &&
2314 channel >= 1 && channel <= 14) {
2315 static const int freq_list[] = {
2316 2412, 2417, 2422, 2427, 2432, 2437, 2442,
2317 2447, 2452, 2457, 2462, 2467, 2472, 2484
2319 /* IEEE 802.11g/b mode can receive packets from neighboring
2320 * channels, so map the channel into frequency. */
2321 bss->freq = freq_list[channel - 1];
2323 bss->timestamp = timestamp;
2324 bss->last_update = jiffies;
2325 bss->rssi = rx_status->ssi;
2326 bss->signal = rx_status->signal;
2327 bss->noise = rx_status->noise;
2330 ieee80211_rx_bss_put(dev, bss);
2334 static void ieee80211_rx_mgmt_probe_resp(struct net_device *dev,
2335 struct ieee80211_mgmt *mgmt,
2337 struct ieee80211_rx_status *rx_status)
2339 ieee80211_rx_bss_info(dev, mgmt, len, rx_status, 0);
2343 static void ieee80211_rx_mgmt_beacon(struct net_device *dev,
2344 struct ieee80211_mgmt *mgmt,
2346 struct ieee80211_rx_status *rx_status)
2348 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2349 struct ieee80211_sub_if_data *sdata;
2350 struct ieee80211_if_sta *ifsta;
2353 struct ieee802_11_elems elems;
2355 ieee80211_rx_bss_info(dev, mgmt, len, rx_status, 1);
2357 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2358 if (sdata->type != IEEE80211_IF_TYPE_STA)
2360 ifsta = &sdata->u.sta;
2362 if (!ifsta->associated ||
2363 memcmp(ifsta->bssid, mgmt->bssid, ETH_ALEN) != 0)
2366 /* Process beacon from the current BSS */
2367 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
2371 if (ieee802_11_parse_elems(mgmt->u.beacon.variable, len - baselen,
2372 &elems) == ParseFailed)
2376 if (elems.erp_info && elems.erp_info_len >= 1) {
2378 (elems.erp_info[0] & ERP_INFO_USE_PROTECTION) != 0;
2381 if (use_protection != !!ifsta->use_protection) {
2382 if (net_ratelimit()) {
2383 printk(KERN_DEBUG "%s: CTS protection %s (BSSID="
2386 use_protection ? "enabled" : "disabled",
2387 MAC_ARG(ifsta->bssid));
2389 ifsta->use_protection = use_protection ? 1 : 0;
2390 local->cts_protect_erp_frames = use_protection;
2393 if (elems.wmm_param && ifsta->wmm_enabled) {
2394 ieee80211_sta_wmm_params(dev, ifsta, elems.wmm_param,
2395 elems.wmm_param_len);
2400 static void ieee80211_rx_mgmt_probe_req(struct net_device *dev,
2401 struct ieee80211_if_sta *ifsta,
2402 struct ieee80211_mgmt *mgmt,
2404 struct ieee80211_rx_status *rx_status)
2406 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2407 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2409 struct sk_buff *skb;
2410 struct ieee80211_mgmt *resp;
2413 if (sdata->type != IEEE80211_IF_TYPE_IBSS ||
2414 ifsta->state != IEEE80211_IBSS_JOINED ||
2415 len < 24 + 2 || !ifsta->probe_resp)
2418 if (local->ops->tx_last_beacon)
2419 tx_last_beacon = local->ops->tx_last_beacon(local_to_hw(local));
2423 #ifdef CONFIG_MAC80211_IBSS_DEBUG
2424 printk(KERN_DEBUG "%s: RX ProbeReq SA=" MAC_FMT " DA=" MAC_FMT " BSSID="
2425 MAC_FMT " (tx_last_beacon=%d)\n",
2426 dev->name, MAC_ARG(mgmt->sa), MAC_ARG(mgmt->da),
2427 MAC_ARG(mgmt->bssid), tx_last_beacon);
2428 #endif /* CONFIG_MAC80211_IBSS_DEBUG */
2430 if (!tx_last_beacon)
2433 if (memcmp(mgmt->bssid, ifsta->bssid, ETH_ALEN) != 0 &&
2434 memcmp(mgmt->bssid, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) != 0)
2437 end = ((u8 *) mgmt) + len;
2438 pos = mgmt->u.probe_req.variable;
2439 if (pos[0] != WLAN_EID_SSID ||
2440 pos + 2 + pos[1] > end) {
2441 if (net_ratelimit()) {
2442 printk(KERN_DEBUG "%s: Invalid SSID IE in ProbeReq "
2443 "from " MAC_FMT "\n",
2444 dev->name, MAC_ARG(mgmt->sa));
2449 (pos[1] != ifsta->ssid_len ||
2450 memcmp(pos + 2, ifsta->ssid, ifsta->ssid_len) != 0)) {
2451 /* Ignore ProbeReq for foreign SSID */
2455 /* Reply with ProbeResp */
2456 skb = skb_copy(ifsta->probe_resp, GFP_ATOMIC);
2460 resp = (struct ieee80211_mgmt *) skb->data;
2461 memcpy(resp->da, mgmt->sa, ETH_ALEN);
2462 #ifdef CONFIG_MAC80211_IBSS_DEBUG
2463 printk(KERN_DEBUG "%s: Sending ProbeResp to " MAC_FMT "\n",
2464 dev->name, MAC_ARG(resp->da));
2465 #endif /* CONFIG_MAC80211_IBSS_DEBUG */
2466 ieee80211_sta_tx(dev, skb, 0);
2469 static void ieee80211_send_addba_resp(struct net_device *dev,
2470 struct ieee80211_mgmt *mgmt_src,
2474 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2475 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
2476 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2477 struct sk_buff *skb;
2478 struct ieee80211_mgmt *mgmt;
2480 skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom);
2482 printk(KERN_DEBUG "%s: failed to allocate buffer "
2483 "for addba resp frame\n", dev->name);
2487 skb_reserve(skb, local->hw.extra_tx_headroom);
2488 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
2489 memset(mgmt, 0, 24);
2490 memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
2491 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
2492 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
2493 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
2494 IEEE80211_STYPE_ACTION);
2496 skb_put(skb, 1 + sizeof(mgmt->u.action.u.addba_resp));
2497 mgmt->u.action.category = WLAN_CATEGORY_BACK;
2498 mgmt->u.action.u.addba_resp.action_code = WLAN_ACTION_ADDBA_RESP;
2499 mgmt->u.action.u.addba_resp.dialog_token =
2500 mgmt_src->u.action.u.addba_req.dialog_token;
2501 mgmt->u.action.u.addba_resp.capab =
2502 mgmt_src->u.action.u.addba_req.capab;
2503 mgmt->u.action.u.addba_resp.timeout =
2504 mgmt_src->u.action.u.addba_req.timeout;
2505 mgmt->u.action.u.addba_resp.status = cpu_to_le16(status);
2507 ieee80211_sta_tx(dev, skb, 0);
2512 static void ieee80211_rx_mgmt_action(struct net_device *dev,
2513 struct ieee80211_if_sta *ifsta,
2514 struct ieee80211_mgmt *mgmt,
2518 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2519 struct ieee80211_elem_tspec tspec;
2521 if (len < IEEE80211_MIN_ACTION_SIZE)
2524 switch (mgmt->u.action.category) {
2525 case WLAN_CATEGORY_QOS:
2526 case WLAN_CATEGORY_WMM:
2528 printk(KERN_DEBUG "%s: too short (%zd) QoS category "
2529 "frame received from " MAC_FMT " - ignored\n",
2530 dev->name, len, MAC_ARG(mgmt->sa));
2533 switch (mgmt->u.action.u.wme_action.action_code) {
2534 case WLAN_ACTION_QOS_ADDTS_REQ:
2535 printk(KERN_DEBUG "%s: WLAN_ACTION_QOS_ADDTS_REQ "
2536 "received in Non-AP STA mode!\n", dev->name);
2538 case WLAN_ACTION_QOS_ADDTS_RESP:
2539 if (mgmt->u.action.u.wme_action.status_code == 47) {
2540 /* TODO: handle TS Delay */
2543 /* TODO: handle TCLAS, TCLAS Porcessing here */
2545 if (mgmt->u.action.u.wme_action.status_code == 0) {
2546 /* TODO: handle Schedule */
2547 sta_parse_tspec(dev, ifsta, mgmt, len,
2549 sta_update_tspec(local, ifsta,
2550 WLAN_ACTION_QOS_ADDTS_RESP,
2552 mod_timer(&ifsta->admit_timer, jiffies +
2553 ifsta->dot11EDCAAveragingPeriod * HZ);
2556 case WLAN_ACTION_QOS_DELTS:
2557 sta_parse_tspec(dev, ifsta, mgmt, len, prefix, &tspec);
2558 sta_update_tspec(local, ifsta,
2559 WLAN_ACTION_QOS_DELTS, &tspec);
2562 printk(KERN_ERR "%s: unsupported QoS action code %d\n",
2564 mgmt->u.action.u.wme_action.action_code);
2569 case WLAN_CATEGORY_DLS:
2570 if (len < 24 + 16) {
2571 printk(KERN_DEBUG "%s: too short (%zd) DLS category "
2572 "frame received from " MAC_FMT " - ignored\n",
2573 dev->name, len, MAC_ARG(mgmt->sa));
2576 switch (mgmt->u.action.u.dls_req.action_code) {
2577 case WLAN_ACTION_DLS_REQ:
2578 sta_process_dls_req(dev, ifsta, mgmt, len);
2580 case WLAN_ACTION_DLS_RESP:
2581 sta_process_dls_resp(dev, ifsta, mgmt, len);
2583 case WLAN_ACTION_DLS_TEARDOWN:
2584 sta_process_dls_teardown(dev, ifsta, mgmt, len);
2587 printk(KERN_ERR "%s: unsupported DLS action code %d\n",
2588 dev->name, mgmt->u.action.u.dls_req.action_code);
2593 case WLAN_CATEGORY_BACK:
2594 switch (mgmt->u.action.u.addba_req.action_code) {
2595 case WLAN_ACTION_ADDBA_REQ:
2596 if (len < (IEEE80211_MIN_ACTION_SIZE +
2597 sizeof(mgmt->u.action.u.addba_req)))
2599 if (!local->ops->handle_ba_action ||
2600 (local->ops->handle_ba_action(local_to_hw(local),
2602 ieee80211_send_addba_resp(dev, mgmt, len,
2603 WLAN_STATUS_REQUEST_DECLINED);
2605 ieee80211_send_addba_resp(dev, mgmt, len,
2606 WLAN_STATUS_SUCCESS);
2608 case WLAN_ACTION_ADDBA_RESP:
2609 if (len < (IEEE80211_MIN_ACTION_SIZE +
2610 sizeof(mgmt->u.action.u.addba_resp)))
2612 if (!local->ops->handle_ba_action)
2614 local->ops->handle_ba_action(local_to_hw(local), mgmt);
2616 case WLAN_ACTION_DELBA:
2617 if (len < (IEEE80211_MIN_ACTION_SIZE +
2618 sizeof(mgmt->u.action.u.delba)))
2621 if (!local->ops->handle_ba_action)
2624 local->ops->handle_ba_action(local_to_hw(local), mgmt);
2636 void ieee80211_sta_rx_mgmt(struct net_device *dev, struct sk_buff *skb,
2637 struct ieee80211_rx_status *rx_status)
2639 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2640 struct ieee80211_sub_if_data *sdata;
2641 struct ieee80211_if_sta *ifsta;
2642 struct ieee80211_mgmt *mgmt;
2648 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2649 ifsta = &sdata->u.sta;
2651 mgmt = (struct ieee80211_mgmt *) skb->data;
2652 fc = le16_to_cpu(mgmt->frame_control);
2654 switch (fc & IEEE80211_FCTL_STYPE) {
2655 case IEEE80211_STYPE_PROBE_REQ:
2656 case IEEE80211_STYPE_PROBE_RESP:
2657 case IEEE80211_STYPE_BEACON:
2658 memcpy(skb->cb, rx_status, sizeof(*rx_status));
2659 case IEEE80211_STYPE_AUTH:
2660 case IEEE80211_STYPE_ASSOC_RESP:
2661 case IEEE80211_STYPE_REASSOC_RESP:
2662 case IEEE80211_STYPE_DEAUTH:
2663 case IEEE80211_STYPE_DISASSOC:
2664 case IEEE80211_STYPE_ACTION:
2665 skb_queue_tail(&ifsta->skb_queue, skb);
2666 queue_work(local->hw.workqueue, &ifsta->work);
2669 printk(KERN_DEBUG "%s: received unknown management frame - "
2670 "stype=%d\n", dev->name,
2671 (fc & IEEE80211_FCTL_STYPE) >> 4);
2680 static void ieee80211_sta_rx_queued_mgmt(struct net_device *dev,
2681 struct sk_buff *skb)
2683 struct ieee80211_rx_status *rx_status;
2684 struct ieee80211_sub_if_data *sdata;
2685 struct ieee80211_if_sta *ifsta;
2686 struct ieee80211_mgmt *mgmt;
2689 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2690 ifsta = &sdata->u.sta;
2692 rx_status = (struct ieee80211_rx_status *) skb->cb;
2693 mgmt = (struct ieee80211_mgmt *) skb->data;
2694 fc = le16_to_cpu(mgmt->frame_control);
2696 switch (fc & IEEE80211_FCTL_STYPE) {
2697 case IEEE80211_STYPE_PROBE_REQ:
2698 ieee80211_rx_mgmt_probe_req(dev, ifsta, mgmt, skb->len,
2701 case IEEE80211_STYPE_PROBE_RESP:
2702 ieee80211_rx_mgmt_probe_resp(dev, mgmt, skb->len, rx_status);
2704 case IEEE80211_STYPE_BEACON:
2705 ieee80211_rx_mgmt_beacon(dev, mgmt, skb->len, rx_status);
2707 case IEEE80211_STYPE_AUTH:
2708 ieee80211_rx_mgmt_auth(dev, ifsta, mgmt, skb->len);
2710 case IEEE80211_STYPE_ASSOC_RESP:
2711 ieee80211_rx_mgmt_assoc_resp(dev, ifsta, mgmt, skb->len, 0);
2713 case IEEE80211_STYPE_REASSOC_RESP:
2714 ieee80211_rx_mgmt_assoc_resp(dev, ifsta, mgmt, skb->len, 1);
2716 case IEEE80211_STYPE_DEAUTH:
2717 ieee80211_rx_mgmt_deauth(dev, ifsta, mgmt, skb->len);
2719 case IEEE80211_STYPE_DISASSOC:
2720 ieee80211_rx_mgmt_disassoc(dev, ifsta, mgmt, skb->len);
2722 case IEEE80211_STYPE_ACTION:
2723 ieee80211_rx_mgmt_action(dev, ifsta, mgmt, skb->len);
2731 void ieee80211_sta_rx_scan(struct net_device *dev, struct sk_buff *skb,
2732 struct ieee80211_rx_status *rx_status)
2734 struct ieee80211_mgmt *mgmt;
2737 if (skb->len < 24) {
2742 mgmt = (struct ieee80211_mgmt *) skb->data;
2743 fc = le16_to_cpu(mgmt->frame_control);
2745 if ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_MGMT) {
2746 if ((fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_PROBE_RESP) {
2747 ieee80211_rx_mgmt_probe_resp(dev, mgmt,
2748 skb->len, rx_status);
2749 } else if ((fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_BEACON) {
2750 ieee80211_rx_mgmt_beacon(dev, mgmt, skb->len,
2759 static int ieee80211_sta_active_ibss(struct net_device *dev)
2761 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2763 struct sta_info *sta;
2765 spin_lock_bh(&local->sta_lock);
2766 list_for_each_entry(sta, &local->sta_list, list) {
2767 if (sta->dev == dev &&
2768 time_after(sta->last_rx + IEEE80211_IBSS_MERGE_INTERVAL,
2774 spin_unlock_bh(&local->sta_lock);
2780 static void ieee80211_sta_expire(struct net_device *dev)
2782 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2783 struct sta_info *sta, *tmp;
2785 spin_lock_bh(&local->sta_lock);
2786 list_for_each_entry_safe(sta, tmp, &local->sta_list, list)
2787 if (time_after(jiffies, sta->last_rx +
2788 IEEE80211_IBSS_INACTIVITY_LIMIT)) {
2789 printk(KERN_DEBUG "%s: expiring inactive STA " MAC_FMT
2790 "\n", dev->name, MAC_ARG(sta->addr));
2791 sta_info_free(sta, 1);
2793 spin_unlock_bh(&local->sta_lock);
2797 static void ieee80211_sta_merge_ibss(struct net_device *dev,
2798 struct ieee80211_if_sta *ifsta)
2800 mod_timer(&ifsta->timer, jiffies + IEEE80211_IBSS_MERGE_INTERVAL);
2802 ieee80211_sta_expire(dev);
2803 if (ieee80211_sta_active_ibss(dev))
2806 printk(KERN_DEBUG "%s: No active IBSS STAs - trying to scan for other "
2807 "IBSS networks with same SSID (merge)\n", dev->name);
2808 ieee80211_sta_req_scan(dev, ifsta->ssid, ifsta->ssid_len);
2812 void ieee80211_sta_timer(unsigned long data)
2814 struct ieee80211_sub_if_data *sdata =
2815 (struct ieee80211_sub_if_data *) data;
2816 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
2817 struct ieee80211_local *local = wdev_priv(&sdata->wdev);
2819 set_bit(IEEE80211_STA_REQ_RUN, &ifsta->request);
2820 queue_work(local->hw.workqueue, &ifsta->work);
2824 void ieee80211_sta_work(struct work_struct *work)
2826 struct ieee80211_sub_if_data *sdata =
2827 container_of(work, struct ieee80211_sub_if_data, u.sta.work);
2828 struct net_device *dev = sdata->dev;
2829 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2830 struct ieee80211_if_sta *ifsta;
2831 struct sk_buff *skb;
2833 if (!netif_running(dev))
2836 if (local->sta_scanning)
2839 if (sdata->type != IEEE80211_IF_TYPE_STA &&
2840 sdata->type != IEEE80211_IF_TYPE_IBSS) {
2841 printk(KERN_DEBUG "%s: ieee80211_sta_work: non-STA interface "
2842 "(type=%d)\n", dev->name, sdata->type);
2845 ifsta = &sdata->u.sta;
2847 while ((skb = skb_dequeue(&ifsta->skb_queue)))
2848 ieee80211_sta_rx_queued_mgmt(dev, skb);
2850 if (ifsta->state != IEEE80211_AUTHENTICATE &&
2851 ifsta->state != IEEE80211_ASSOCIATE &&
2852 test_and_clear_bit(IEEE80211_STA_REQ_SCAN, &ifsta->request)) {
2853 ieee80211_sta_start_scan(dev, NULL, 0);
2857 if (test_and_clear_bit(IEEE80211_STA_REQ_AUTH, &ifsta->request)) {
2858 if (ieee80211_sta_config_auth(dev, ifsta))
2860 clear_bit(IEEE80211_STA_REQ_RUN, &ifsta->request);
2861 } else if (!test_and_clear_bit(IEEE80211_STA_REQ_RUN, &ifsta->request))
2864 switch (ifsta->state) {
2865 case IEEE80211_DISABLED:
2867 case IEEE80211_AUTHENTICATE:
2868 ieee80211_authenticate(dev, ifsta);
2870 case IEEE80211_ASSOCIATE:
2871 ieee80211_associate(dev, ifsta);
2873 case IEEE80211_ASSOCIATED:
2874 ieee80211_associated(dev, ifsta);
2876 case IEEE80211_IBSS_SEARCH:
2877 ieee80211_sta_find_ibss(dev, ifsta);
2879 case IEEE80211_IBSS_JOINED:
2880 ieee80211_sta_merge_ibss(dev, ifsta);
2883 printk(KERN_DEBUG "ieee80211_sta_work: Unknown state %d\n",
2888 if (ieee80211_privacy_mismatch(dev, ifsta)) {
2889 printk(KERN_DEBUG "%s: privacy configuration mismatch and "
2890 "mixed-cell disabled - disassociate\n", dev->name);
2892 ieee80211_send_disassoc(dev, ifsta, WLAN_REASON_UNSPECIFIED);
2893 ieee80211_set_disassoc(dev, ifsta, 0);
2898 void ieee80211_admit_refresh(unsigned long ptr)
2900 struct net_device *dev;
2901 struct ieee80211_sub_if_data *sdata;
2902 struct ieee80211_if_sta *ifsta;
2905 dev = (struct net_device *) ptr;
2906 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2907 ifsta = &sdata->u.sta;
2909 for (i = 0; i < STA_TSID_NUM; i++) {
2910 for (j = 0; j < STA_TSDIR_NUM; j++) {
2911 if ((ifsta->ts_data[i][j].status != TS_STATUS_ACTIVE) &&
2912 (ifsta->ts_data[i][j].status != TS_STATUS_THROTTLING))
2916 ifsta->ts_data[i][j].used_time_usec -=
2917 ifsta->ts_data[i][j].admitted_time_usec;
2918 if ((s32)(ifsta->ts_data[i][j].used_time_usec) < 0)
2919 ifsta->ts_data[i][j].used_time_usec = 0;
2921 ifsta->ts_data[i][j].status =
2922 (ifsta->ts_data[i][j].used_time_usec >=
2923 ifsta->ts_data[i][j].admitted_time_usec) ?
2924 TS_STATUS_THROTTLING :
2930 mod_timer(&ifsta->admit_timer, jiffies +
2931 ifsta->dot11EDCAAveragingPeriod * HZ);
2935 static void ieee80211_sta_reset_auth(struct net_device *dev,
2936 struct ieee80211_if_sta *ifsta)
2938 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2940 if (local->ops->reset_tsf) {
2941 /* Reset own TSF to allow time synchronization work. */
2942 local->ops->reset_tsf(local_to_hw(local));
2945 ifsta->wmm_last_param_set = -1; /* allow any WMM update */
2948 if (ifsta->auth_algs & IEEE80211_AUTH_ALG_OPEN)
2949 ifsta->auth_alg = WLAN_AUTH_OPEN;
2950 else if (ifsta->auth_algs & IEEE80211_AUTH_ALG_SHARED_KEY)
2951 ifsta->auth_alg = WLAN_AUTH_SHARED_KEY;
2952 else if (ifsta->auth_algs & IEEE80211_AUTH_ALG_LEAP)
2953 ifsta->auth_alg = WLAN_AUTH_LEAP;
2955 ifsta->auth_alg = WLAN_AUTH_OPEN;
2956 printk(KERN_DEBUG "%s: Initial auth_alg=%d\n", dev->name,
2958 ifsta->auth_transaction = -1;
2959 ifsta->associated = ifsta->auth_tries = ifsta->assoc_tries = 0;
2960 netif_carrier_off(dev);
2964 void ieee80211_sta_req_auth(struct net_device *dev,
2965 struct ieee80211_if_sta *ifsta)
2967 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2968 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2970 if (sdata->type != IEEE80211_IF_TYPE_STA)
2973 if ((ifsta->bssid_set || ifsta->auto_bssid_sel) &&
2974 (ifsta->ssid_set || ifsta->auto_ssid_sel)) {
2975 set_bit(IEEE80211_STA_REQ_AUTH, &ifsta->request);
2976 queue_work(local->hw.workqueue, &ifsta->work);
2980 static int ieee80211_sta_match_ssid(struct ieee80211_if_sta *ifsta,
2981 const char *ssid, int ssid_len)
2983 int tmp, hidden_ssid;
2985 if (!memcmp(ifsta->ssid, ssid, ssid_len))
2988 if (ifsta->auto_bssid_sel)
2994 if (ssid[tmp] != '\0') {
3000 if (hidden_ssid && ifsta->ssid_len == ssid_len)
3003 if (ssid_len == 1 && ssid[0] == ' ')
3009 static int ieee80211_sta_config_auth(struct net_device *dev,
3010 struct ieee80211_if_sta *ifsta)
3012 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
3013 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3014 struct ieee80211_sta_bss *bss, *selected = NULL;
3015 int top_rssi = 0, freq;
3019 if (!ifsta->auto_channel_sel && !ifsta->auto_bssid_sel &&
3020 !ifsta->auto_ssid_sel) {
3021 ifsta->state = IEEE80211_AUTHENTICATE;
3023 ieee80211_sta_reset_auth(dev, ifsta);
3027 spin_lock_bh(&local->sta_bss_lock);
3028 freq = local->oper_channel->freq;
3029 list_for_each_entry(bss, &local->sta_bss_list, list) {
3030 if (!(bss->capability & WLAN_CAPABILITY_ESS))
3033 if (!!(bss->capability & WLAN_CAPABILITY_PRIVACY) ^
3034 !!sdata->default_key)
3037 if (!ifsta->auto_channel_sel && bss->freq != freq)
3040 if (!ifsta->auto_bssid_sel &&
3041 memcmp(bss->bssid, ifsta->bssid, ETH_ALEN))
3044 if (!ifsta->auto_ssid_sel &&
3045 !ieee80211_sta_match_ssid(ifsta, bss->ssid, bss->ssid_len))
3048 if (!selected || top_rssi < bss->rssi) {
3050 top_rssi = bss->rssi;
3054 atomic_inc(&selected->users);
3055 spin_unlock_bh(&local->sta_bss_lock);
3058 ieee80211_set_channel(local, -1, selected->freq);
3059 if (!ifsta->ssid_set)
3060 ieee80211_sta_set_ssid(dev, selected->ssid,
3061 selected->ssid_len);
3062 ieee80211_sta_set_bssid(dev, selected->bssid);
3063 ieee80211_rx_bss_put(dev, selected);
3064 ifsta->state = IEEE80211_AUTHENTICATE;
3066 ieee80211_sta_reset_auth(dev, ifsta);
3069 if (ifsta->state != IEEE80211_AUTHENTICATE) {
3070 ieee80211_sta_start_scan(dev, NULL, 0);
3071 ifsta->state = IEEE80211_AUTHENTICATE;
3072 set_bit(IEEE80211_STA_REQ_AUTH, &ifsta->request);
3074 ifsta->state = IEEE80211_DISABLED;
3080 static int ieee80211_sta_join_ibss(struct net_device *dev,
3081 struct ieee80211_if_sta *ifsta,
3082 struct ieee80211_sta_bss *bss)
3084 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
3085 int res, rates, i, j;
3086 struct sk_buff *skb;
3087 struct ieee80211_mgmt *mgmt;
3088 struct ieee80211_tx_control control;
3089 struct ieee80211_rate *rate;
3090 struct ieee80211_hw_mode *mode;
3091 struct rate_control_extra extra;
3093 struct ieee80211_sub_if_data *sdata;
3095 /* Remove possible STA entries from other IBSS networks. */
3096 sta_info_flush(local, NULL);
3098 if (local->ops->reset_tsf) {
3099 /* Reset own TSF to allow time synchronization work. */
3100 local->ops->reset_tsf(local_to_hw(local));
3102 memcpy(ifsta->bssid, bss->bssid, ETH_ALEN);
3103 res = ieee80211_if_config(dev);
3107 local->hw.conf.beacon_int = bss->beacon_int >= 10 ? bss->beacon_int : 10;
3109 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3110 sdata->drop_unencrypted = bss->capability &
3111 WLAN_CAPABILITY_PRIVACY ? 1 : 0;
3113 res = ieee80211_set_channel(local, -1, bss->freq);
3115 if (!(local->oper_channel->flag & IEEE80211_CHAN_W_IBSS)) {
3116 printk(KERN_DEBUG "%s: IBSS not allowed on channel %d "
3117 "(%d MHz)\n", dev->name, local->hw.conf.channel,
3118 local->hw.conf.freq);
3122 /* Set beacon template based on scan results */
3123 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 400);
3128 skb_reserve(skb, local->hw.extra_tx_headroom);
3130 mgmt = (struct ieee80211_mgmt *)
3131 skb_put(skb, 24 + sizeof(mgmt->u.beacon));
3132 memset(mgmt, 0, 24 + sizeof(mgmt->u.beacon));
3133 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
3134 IEEE80211_STYPE_BEACON);
3135 memset(mgmt->da, 0xff, ETH_ALEN);
3136 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
3137 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
3138 mgmt->u.beacon.beacon_int =
3139 cpu_to_le16(local->hw.conf.beacon_int);
3140 mgmt->u.beacon.capab_info = cpu_to_le16(bss->capability);
3142 pos = skb_put(skb, 2 + ifsta->ssid_len);
3143 *pos++ = WLAN_EID_SSID;
3144 *pos++ = ifsta->ssid_len;
3145 memcpy(pos, ifsta->ssid, ifsta->ssid_len);
3147 rates = bss->supp_rates_len;
3150 pos = skb_put(skb, 2 + rates);
3151 *pos++ = WLAN_EID_SUPP_RATES;
3153 memcpy(pos, bss->supp_rates, rates);
3155 pos = skb_put(skb, 2 + 1);
3156 *pos++ = WLAN_EID_DS_PARAMS;
3158 *pos++ = bss->channel;
3160 pos = skb_put(skb, 2 + 2);
3161 *pos++ = WLAN_EID_IBSS_PARAMS;
3163 /* FIX: set ATIM window based on scan results */
3167 if (bss->supp_rates_len > 8) {
3168 rates = bss->supp_rates_len - 8;
3169 pos = skb_put(skb, 2 + rates);
3170 *pos++ = WLAN_EID_EXT_SUPP_RATES;
3172 memcpy(pos, &bss->supp_rates[8], rates);
3175 memset(&control, 0, sizeof(control));
3176 memset(&extra, 0, sizeof(extra));
3177 extra.mode = local->oper_hw_mode;
3178 rate = rate_control_get_rate(local, dev, skb, &extra);
3180 printk(KERN_DEBUG "%s: Failed to determine TX rate "
3181 "for IBSS beacon\n", dev->name);
3184 control.tx_rate = (local->short_preamble &&
3185 (rate->flags & IEEE80211_RATE_PREAMBLE2)) ?
3186 rate->val2 : rate->val;
3187 control.antenna_sel_tx = local->hw.conf.antenna_sel_tx;
3188 control.power_level = local->hw.conf.power_level;
3189 control.flags |= IEEE80211_TXCTL_NO_ACK;
3190 control.retry_limit = 1;
3192 ifsta->probe_resp = skb_copy(skb, GFP_ATOMIC);
3193 if (ifsta->probe_resp) {
3194 mgmt = (struct ieee80211_mgmt *)
3195 ifsta->probe_resp->data;
3196 mgmt->frame_control =
3197 IEEE80211_FC(IEEE80211_FTYPE_MGMT,
3198 IEEE80211_STYPE_PROBE_RESP);
3200 printk(KERN_DEBUG "%s: Could not allocate ProbeResp "
3201 "template for IBSS\n", dev->name);
3204 if (local->ops->beacon_update &&
3205 local->ops->beacon_update(local_to_hw(local),
3206 skb, &control) == 0) {
3207 printk(KERN_DEBUG "%s: Configured IBSS beacon "
3208 "template based on scan results\n", dev->name);
3213 mode = local->oper_hw_mode;
3214 for (i = 0; i < bss->supp_rates_len; i++) {
3215 int bitrate = (bss->supp_rates[i] & 0x7f) * 5;
3216 if (mode->mode == MODE_ATHEROS_TURBO)
3218 for (j = 0; j < mode->num_rates; j++)
3219 if (mode->rates[j].rate == bitrate)
3222 ifsta->supp_rates_bits = rates;
3226 printk(KERN_DEBUG "%s: Failed to configure IBSS beacon "
3227 "template\n", dev->name);
3231 ifsta->state = IEEE80211_IBSS_JOINED;
3232 mod_timer(&ifsta->timer, jiffies + IEEE80211_IBSS_MERGE_INTERVAL);
3234 ieee80211_rx_bss_put(dev, bss);
3240 static int ieee80211_sta_create_ibss(struct net_device *dev,
3241 struct ieee80211_if_sta *ifsta)
3243 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
3244 struct ieee80211_sta_bss *bss;
3245 struct ieee80211_sub_if_data *sdata;
3246 struct ieee80211_hw_mode *mode;
3247 u8 bssid[ETH_ALEN], *pos;
3251 /* Easier testing, use fixed BSSID. */
3252 memset(bssid, 0xfe, ETH_ALEN);
3254 /* Generate random, not broadcast, locally administered BSSID. Mix in
3255 * own MAC address to make sure that devices that do not have proper
3256 * random number generator get different BSSID. */
3257 get_random_bytes(bssid, ETH_ALEN);
3258 for (i = 0; i < ETH_ALEN; i++)
3259 bssid[i] ^= dev->dev_addr[i];
3264 printk(KERN_DEBUG "%s: Creating new IBSS network, BSSID " MAC_FMT "\n",
3265 dev->name, MAC_ARG(bssid));
3267 bss = ieee80211_rx_bss_add(dev, bssid);
3271 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3272 mode = local->oper_hw_mode;
3274 if (local->hw.conf.beacon_int == 0)
3275 local->hw.conf.beacon_int = 100;
3276 bss->beacon_int = local->hw.conf.beacon_int;
3277 bss->hw_mode = local->hw.conf.phymode;
3278 bss->channel = local->hw.conf.channel;
3279 bss->freq = local->hw.conf.freq;
3280 bss->last_update = jiffies;
3281 bss->capability = WLAN_CAPABILITY_IBSS;
3282 if (sdata->default_key) {
3283 bss->capability |= WLAN_CAPABILITY_PRIVACY;
3285 sdata->drop_unencrypted = 0;
3286 bss->supp_rates_len = mode->num_rates;
3287 pos = bss->supp_rates;
3288 for (i = 0; i < mode->num_rates; i++) {
3289 int rate = mode->rates[i].rate;
3290 if (mode->mode == MODE_ATHEROS_TURBO)
3292 *pos++ = (u8) (rate / 5);
3295 return ieee80211_sta_join_ibss(dev, ifsta, bss);
3299 static int ieee80211_sta_find_ibss(struct net_device *dev,
3300 struct ieee80211_if_sta *ifsta)
3302 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
3303 struct ieee80211_sta_bss *bss;
3308 if (ifsta->ssid_len == 0)
3311 active_ibss = ieee80211_sta_active_ibss(dev);
3312 #ifdef CONFIG_MAC80211_IBSS_DEBUG
3313 printk(KERN_DEBUG "%s: sta_find_ibss (active_ibss=%d)\n",
3314 dev->name, active_ibss);
3315 #endif /* CONFIG_MAC80211_IBSS_DEBUG */
3316 spin_lock_bh(&local->sta_bss_lock);
3317 list_for_each_entry(bss, &local->sta_bss_list, list) {
3318 if (ifsta->ssid_len != bss->ssid_len ||
3319 memcmp(ifsta->ssid, bss->ssid, bss->ssid_len) != 0
3320 || !(bss->capability & WLAN_CAPABILITY_IBSS))
3322 #ifdef CONFIG_MAC80211_IBSS_DEBUG
3323 printk(KERN_DEBUG " bssid=" MAC_FMT " found\n",
3324 MAC_ARG(bss->bssid));
3325 #endif /* CONFIG_MAC80211_IBSS_DEBUG */
3326 memcpy(bssid, bss->bssid, ETH_ALEN);
3328 if (active_ibss || memcmp(bssid, ifsta->bssid, ETH_ALEN) != 0)
3331 spin_unlock_bh(&local->sta_bss_lock);
3333 #ifdef CONFIG_MAC80211_IBSS_DEBUG
3334 printk(KERN_DEBUG " sta_find_ibss: selected " MAC_FMT " current "
3335 MAC_FMT "\n", MAC_ARG(bssid), MAC_ARG(ifsta->bssid));
3336 #endif /* CONFIG_MAC80211_IBSS_DEBUG */
3337 if (found && memcmp(ifsta->bssid, bssid, ETH_ALEN) != 0 &&
3338 (bss = ieee80211_rx_bss_get(dev, bssid))) {
3339 printk(KERN_DEBUG "%s: Selected IBSS BSSID " MAC_FMT
3340 " based on configured SSID\n",
3341 dev->name, MAC_ARG(bssid));
3342 return ieee80211_sta_join_ibss(dev, ifsta, bss);
3344 #ifdef CONFIG_MAC80211_IBSS_DEBUG
3345 printk(KERN_DEBUG " did not try to join ibss\n");
3346 #endif /* CONFIG_MAC80211_IBSS_DEBUG */
3348 /* Selected IBSS not found in current scan results - try to scan */
3349 if (ifsta->state == IEEE80211_IBSS_JOINED &&
3350 !ieee80211_sta_active_ibss(dev)) {
3351 mod_timer(&ifsta->timer, jiffies +
3352 IEEE80211_IBSS_MERGE_INTERVAL);
3353 } else if (time_after(jiffies, local->last_scan_completed +
3354 IEEE80211_SCAN_INTERVAL)) {
3355 printk(KERN_DEBUG "%s: Trigger new scan to find an IBSS to "
3356 "join\n", dev->name);
3357 return ieee80211_sta_req_scan(dev, ifsta->ssid,
3359 } else if (ifsta->state != IEEE80211_IBSS_JOINED) {
3360 int interval = IEEE80211_SCAN_INTERVAL;
3362 if (time_after(jiffies, ifsta->ibss_join_req +
3363 IEEE80211_IBSS_JOIN_TIMEOUT)) {
3364 if (ifsta->create_ibss &&
3365 local->oper_channel->flag & IEEE80211_CHAN_W_IBSS)
3366 return ieee80211_sta_create_ibss(dev, ifsta);
3367 if (ifsta->create_ibss) {
3368 printk(KERN_DEBUG "%s: IBSS not allowed on the"
3369 " configured channel %d (%d MHz)\n",
3370 dev->name, local->hw.conf.channel,
3371 local->hw.conf.freq);
3374 /* No IBSS found - decrease scan interval and continue
3376 interval = IEEE80211_SCAN_INTERVAL_SLOW;
3379 ifsta->state = IEEE80211_IBSS_SEARCH;
3380 mod_timer(&ifsta->timer, jiffies + interval);
3388 int ieee80211_sta_set_ssid(struct net_device *dev, char *ssid, size_t len)
3390 struct ieee80211_sub_if_data *sdata;
3391 struct ieee80211_if_sta *ifsta;
3392 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
3394 if (len > IEEE80211_MAX_SSID_LEN)
3397 /* TODO: This should always be done for IBSS, even if IEEE80211_QOS is
3399 if (local->ops->conf_tx) {
3400 struct ieee80211_tx_queue_params qparam;
3403 memset(&qparam, 0, sizeof(qparam));
3404 /* TODO: are these ok defaults for all hw_modes? */
3407 local->hw.conf.phymode == MODE_IEEE80211B ? 31 : 15;
3408 qparam.cw_max = 1023;
3409 qparam.burst_time = 0;
3410 for (i = IEEE80211_TX_QUEUE_DATA0; i < NUM_TX_DATA_QUEUES; i++)
3412 local->ops->conf_tx(local_to_hw(local),
3413 i + IEEE80211_TX_QUEUE_DATA0,
3416 /* IBSS uses different parameters for Beacon sending */
3420 local->ops->conf_tx(local_to_hw(local),
3421 IEEE80211_TX_QUEUE_BEACON, &qparam);
3424 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3425 ifsta = &sdata->u.sta;
3427 if (ifsta->ssid_len != len || memcmp(ifsta->ssid, ssid, len) != 0)
3428 ifsta->prev_bssid_set = 0;
3429 memcpy(ifsta->ssid, ssid, len);
3430 memset(ifsta->ssid + len, 0, IEEE80211_MAX_SSID_LEN - len);
3431 ifsta->ssid_len = len;
3433 ifsta->ssid_set = len ? 1 : 0;
3434 if (sdata->type == IEEE80211_IF_TYPE_IBSS && !ifsta->bssid_set) {
3435 ifsta->ibss_join_req = jiffies;
3436 ifsta->state = IEEE80211_IBSS_SEARCH;
3437 return ieee80211_sta_find_ibss(dev, ifsta);
3443 int ieee80211_sta_get_ssid(struct net_device *dev, char *ssid, size_t *len)
3445 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3446 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
3447 memcpy(ssid, ifsta->ssid, ifsta->ssid_len);
3448 *len = ifsta->ssid_len;
3453 int ieee80211_sta_set_bssid(struct net_device *dev, u8 *bssid)
3455 struct ieee80211_sub_if_data *sdata;
3456 struct ieee80211_if_sta *ifsta;
3459 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3460 ifsta = &sdata->u.sta;
3462 if (memcmp(ifsta->bssid, bssid, ETH_ALEN) != 0) {
3463 memcpy(ifsta->bssid, bssid, ETH_ALEN);
3464 res = ieee80211_if_config(dev);
3466 printk(KERN_DEBUG "%s: Failed to config new BSSID to "
3467 "the low-level driver\n", dev->name);
3472 if (!is_valid_ether_addr(bssid))
3473 ifsta->bssid_set = 0;
3475 ifsta->bssid_set = 1;
3480 static void ieee80211_send_nullfunc(struct ieee80211_local *local,
3481 struct ieee80211_sub_if_data *sdata,
3484 struct sk_buff *skb;
3485 struct ieee80211_hdr *nullfunc;
3488 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 24);
3490 printk(KERN_DEBUG "%s: failed to allocate buffer for nullfunc "
3491 "frame\n", sdata->dev->name);
3494 skb_reserve(skb, local->hw.extra_tx_headroom);
3496 nullfunc = (struct ieee80211_hdr *) skb_put(skb, 24);
3497 memset(nullfunc, 0, 24);
3498 fc = IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC |
3499 IEEE80211_FCTL_TODS;
3501 fc |= IEEE80211_FCTL_PM;
3502 nullfunc->frame_control = cpu_to_le16(fc);
3503 memcpy(nullfunc->addr1, sdata->u.sta.bssid, ETH_ALEN);
3504 memcpy(nullfunc->addr2, sdata->dev->dev_addr, ETH_ALEN);
3505 memcpy(nullfunc->addr3, sdata->u.sta.bssid, ETH_ALEN);
3507 ieee80211_sta_tx(sdata->dev, skb, 0);
3511 void ieee80211_scan_completed(struct ieee80211_hw *hw)
3513 struct ieee80211_local *local = hw_to_local(hw);
3514 struct net_device *dev = local->scan_dev;
3515 struct ieee80211_sub_if_data *sdata;
3516 union iwreq_data wrqu;
3518 local->last_scan_completed = jiffies;
3520 local->sta_scanning = 0;
3522 if (ieee80211_hw_config(local))
3523 printk(KERN_DEBUG "%s: failed to restore operational"
3524 "channel after scan\n", dev->name);
3526 if (!(local->hw.flags & IEEE80211_HW_NO_PROBE_FILTERING) &&
3527 ieee80211_if_config(dev))
3528 printk(KERN_DEBUG "%s: failed to restore operational"
3529 "BSSID after scan\n", dev->name);
3531 memset(&wrqu, 0, sizeof(wrqu));
3532 wireless_send_event(dev, SIOCGIWSCAN, &wrqu, NULL);
3534 read_lock(&local->sub_if_lock);
3535 list_for_each_entry(sdata, &local->sub_if_list, list) {
3537 /* No need to wake the master device. */
3538 if (sdata->dev == local->mdev)
3541 if (sdata->type == IEEE80211_IF_TYPE_STA) {
3542 if (sdata->u.sta.associated)
3543 ieee80211_send_nullfunc(local, sdata, 0);
3544 ieee80211_sta_timer((unsigned long)sdata);
3547 netif_wake_queue(sdata->dev);
3549 read_unlock(&local->sub_if_lock);
3551 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3552 if (sdata->type == IEEE80211_IF_TYPE_IBSS) {
3553 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
3554 if (!ifsta->bssid_set ||
3555 (!ifsta->state == IEEE80211_IBSS_JOINED &&
3556 !ieee80211_sta_active_ibss(dev)))
3557 ieee80211_sta_find_ibss(dev, ifsta);
3560 EXPORT_SYMBOL(ieee80211_scan_completed);
3562 void ieee80211_sta_scan_work(struct work_struct *work)
3564 struct ieee80211_local *local =
3565 container_of(work, struct ieee80211_local, scan_work.work);
3566 struct net_device *dev = local->scan_dev;
3567 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3568 struct ieee80211_hw_mode *mode;
3569 struct ieee80211_channel *chan;
3571 unsigned long next_delay = 0;
3573 if (!local->sta_scanning)
3576 switch (local->scan_state) {
3577 case SCAN_SET_CHANNEL:
3578 mode = local->scan_hw_mode;
3579 if (local->scan_hw_mode->list.next == &local->modes_list &&
3580 local->scan_channel_idx >= mode->num_channels) {
3581 ieee80211_scan_completed(local_to_hw(local));
3584 skip = !(local->enabled_modes & (1 << mode->mode));
3585 chan = &mode->channels[local->scan_channel_idx];
3586 if (!(chan->flag & IEEE80211_CHAN_W_SCAN) ||
3587 (sdata->type == IEEE80211_IF_TYPE_IBSS &&
3588 !(chan->flag & IEEE80211_CHAN_W_IBSS)) ||
3589 (local->hw_modes & local->enabled_modes &
3590 (1 << MODE_IEEE80211G) && mode->mode == MODE_IEEE80211B))
3595 printk(KERN_DEBUG "%s: scan channel %d (%d MHz)\n",
3596 dev->name, chan->chan, chan->freq);
3599 local->scan_channel = chan;
3600 if (ieee80211_hw_config(local)) {
3601 printk(KERN_DEBUG "%s: failed to set channel "
3602 "%d (%d MHz) for scan\n", dev->name,
3603 chan->chan, chan->freq);
3608 local->scan_channel_idx++;
3609 if (local->scan_channel_idx >= local->scan_hw_mode->num_channels) {
3610 if (local->scan_hw_mode->list.next != &local->modes_list) {
3611 local->scan_hw_mode = list_entry(local->scan_hw_mode->list.next,
3612 struct ieee80211_hw_mode,
3614 local->scan_channel_idx = 0;
3621 next_delay = IEEE80211_PROBE_DELAY +
3622 usecs_to_jiffies(local->hw.channel_change_time);
3623 local->scan_state = SCAN_SEND_PROBE;
3625 case SCAN_SEND_PROBE:
3626 if (local->scan_channel->flag & IEEE80211_CHAN_W_ACTIVE_SCAN) {
3627 ieee80211_send_probe_req(dev, NULL, local->scan_ssid,
3628 local->scan_ssid_len);
3629 next_delay = IEEE80211_CHANNEL_TIME;
3631 next_delay = IEEE80211_PASSIVE_CHANNEL_TIME;
3632 local->scan_state = SCAN_SET_CHANNEL;
3636 if (local->sta_scanning)
3637 queue_delayed_work(local->hw.workqueue, &local->scan_work,
3642 static int ieee80211_sta_start_scan(struct net_device *dev,
3643 u8 *ssid, size_t ssid_len)
3645 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
3646 struct ieee80211_sub_if_data *sdata;
3648 if (ssid_len > IEEE80211_MAX_SSID_LEN)
3651 /* MLME-SCAN.request (page 118) page 144 (11.1.3.1)
3652 * BSSType: INFRASTRUCTURE, INDEPENDENT, ANY_BSS
3655 * ScanType: ACTIVE, PASSIVE
3656 * ProbeDelay: delay (in microseconds) to be used prior to transmitting
3657 * a Probe frame during active scanning
3659 * MinChannelTime (>= ProbeDelay), in TU
3660 * MaxChannelTime: (>= MinChannelTime), in TU
3663 /* MLME-SCAN.confirm
3665 * ResultCode: SUCCESS, INVALID_PARAMETERS
3668 if (local->sta_scanning) {
3669 if (local->scan_dev == dev)
3674 if (local->ops->hw_scan) {
3675 int rc = local->ops->hw_scan(local_to_hw(local),
3678 local->sta_scanning = 1;
3679 local->scan_dev = dev;
3684 local->sta_scanning = 1;
3686 read_lock(&local->sub_if_lock);
3687 list_for_each_entry(sdata, &local->sub_if_list, list) {
3689 /* Don't stop the master interface, otherwise we can't transmit
3691 if (sdata->dev == local->mdev)
3694 netif_stop_queue(sdata->dev);
3695 if (sdata->type == IEEE80211_IF_TYPE_STA &&
3696 sdata->u.sta.associated)
3697 ieee80211_send_nullfunc(local, sdata, 1);
3699 read_unlock(&local->sub_if_lock);
3702 local->scan_ssid_len = ssid_len;
3703 memcpy(local->scan_ssid, ssid, ssid_len);
3705 local->scan_ssid_len = 0;
3706 local->scan_state = SCAN_SET_CHANNEL;
3707 local->scan_hw_mode = list_entry(local->modes_list.next,
3708 struct ieee80211_hw_mode,
3710 local->scan_channel_idx = 0;
3711 local->scan_dev = dev;
3713 if (!(local->hw.flags & IEEE80211_HW_NO_PROBE_FILTERING) &&
3714 ieee80211_if_config(dev))
3715 printk(KERN_DEBUG "%s: failed to set BSSID for scan\n",
3718 /* TODO: start scan as soon as all nullfunc frames are ACKed */
3719 queue_delayed_work(local->hw.workqueue, &local->scan_work,
3720 IEEE80211_CHANNEL_TIME);
3726 int ieee80211_sta_req_scan(struct net_device *dev, u8 *ssid, size_t ssid_len)
3728 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3729 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
3730 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
3732 if (sdata->type != IEEE80211_IF_TYPE_STA)
3733 return ieee80211_sta_start_scan(dev, ssid, ssid_len);
3735 if (local->sta_scanning) {
3736 if (local->scan_dev == dev)
3741 set_bit(IEEE80211_STA_REQ_SCAN, &ifsta->request);
3742 queue_work(local->hw.workqueue, &ifsta->work);
3747 ieee80211_sta_scan_result(struct net_device *dev,
3748 struct ieee80211_sta_bss *bss,
3749 char *current_ev, char *end_buf)
3751 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
3752 struct iw_event iwe;
3754 if (time_after(jiffies,
3755 bss->last_update + IEEE80211_SCAN_RESULT_EXPIRE))
3758 if (!(local->enabled_modes & (1 << bss->hw_mode)))
3761 if (local->scan_flags & IEEE80211_SCAN_WPA_ONLY &&
3762 !bss->wpa_ie && !bss->rsn_ie)
3765 if (local->scan_flags & IEEE80211_SCAN_MATCH_SSID &&
3766 (local->scan_ssid_len != bss->ssid_len ||
3767 memcmp(local->scan_ssid, bss->ssid, bss->ssid_len) != 0))
3770 memset(&iwe, 0, sizeof(iwe));
3771 iwe.cmd = SIOCGIWAP;
3772 iwe.u.ap_addr.sa_family = ARPHRD_ETHER;
3773 memcpy(iwe.u.ap_addr.sa_data, bss->bssid, ETH_ALEN);
3774 current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe,
3777 memset(&iwe, 0, sizeof(iwe));
3778 iwe.cmd = SIOCGIWESSID;
3779 iwe.u.data.length = bss->ssid_len;
3780 iwe.u.data.flags = 1;
3781 current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe,
3784 if (bss->capability & (WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_IBSS)) {
3785 memset(&iwe, 0, sizeof(iwe));
3786 iwe.cmd = SIOCGIWMODE;
3787 if (bss->capability & WLAN_CAPABILITY_ESS)
3788 iwe.u.mode = IW_MODE_MASTER;
3790 iwe.u.mode = IW_MODE_ADHOC;
3791 current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe,
3795 memset(&iwe, 0, sizeof(iwe));
3796 iwe.cmd = SIOCGIWFREQ;
3797 iwe.u.freq.m = bss->channel;
3799 current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe,
3801 iwe.u.freq.m = bss->freq * 100000;
3803 current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe,
3806 memset(&iwe, 0, sizeof(iwe));
3808 iwe.u.qual.qual = bss->signal;
3809 iwe.u.qual.level = bss->rssi;
3810 iwe.u.qual.noise = bss->noise;
3811 iwe.u.qual.updated = local->wstats_flags;
3812 current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe,
3815 memset(&iwe, 0, sizeof(iwe));
3816 iwe.cmd = SIOCGIWENCODE;
3817 if (bss->capability & WLAN_CAPABILITY_PRIVACY)
3818 iwe.u.data.flags = IW_ENCODE_ENABLED | IW_ENCODE_NOKEY;
3820 iwe.u.data.flags = IW_ENCODE_DISABLED;
3821 iwe.u.data.length = 0;
3822 current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe, "");
3824 if (bss && bss->wpa_ie) {
3825 memset(&iwe, 0, sizeof(iwe));
3826 iwe.cmd = IWEVGENIE;
3827 iwe.u.data.length = bss->wpa_ie_len;
3828 current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe,
3832 if (bss && bss->rsn_ie) {
3833 memset(&iwe, 0, sizeof(iwe));
3834 iwe.cmd = IWEVGENIE;
3835 iwe.u.data.length = bss->rsn_ie_len;
3836 current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe,
3840 if (bss && bss->supp_rates_len > 0) {
3841 /* display all supported rates in readable format */
3842 char *p = current_ev + IW_EV_LCP_LEN;
3845 memset(&iwe, 0, sizeof(iwe));
3846 iwe.cmd = SIOCGIWRATE;
3847 /* Those two flags are ignored... */
3848 iwe.u.bitrate.fixed = iwe.u.bitrate.disabled = 0;
3850 for (i = 0; i < bss->supp_rates_len; i++) {
3851 iwe.u.bitrate.value = ((bss->supp_rates[i] &
3853 p = iwe_stream_add_value(current_ev, p,
3854 end_buf, &iwe, IW_EV_PARAM_LEN);
3861 buf = kmalloc(30, GFP_ATOMIC);
3863 memset(&iwe, 0, sizeof(iwe));
3864 iwe.cmd = IWEVCUSTOM;
3865 sprintf(buf, "tsf=%016llx", (unsigned long long)(bss->timestamp));
3866 iwe.u.data.length = strlen(buf);
3867 current_ev = iwe_stream_add_point(current_ev, end_buf,
3876 if (!(local->scan_flags & IEEE80211_SCAN_EXTRA_INFO))
3879 buf = kmalloc(100, GFP_ATOMIC);
3883 memset(&iwe, 0, sizeof(iwe));
3884 iwe.cmd = IWEVCUSTOM;
3885 sprintf(buf, "bcn_int=%d", bss->beacon_int);
3886 iwe.u.data.length = strlen(buf);
3887 current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe,
3890 memset(&iwe, 0, sizeof(iwe));
3891 iwe.cmd = IWEVCUSTOM;
3892 sprintf(buf, "capab=0x%04x", bss->capability);
3893 iwe.u.data.length = strlen(buf);
3894 current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe,
3905 int ieee80211_sta_scan_results(struct net_device *dev, char *buf, size_t len)
3907 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
3908 char *current_ev = buf;
3909 char *end_buf = buf + len;
3910 struct ieee80211_sta_bss *bss;
3912 spin_lock_bh(&local->sta_bss_lock);
3913 list_for_each_entry(bss, &local->sta_bss_list, list) {
3914 if (buf + len - current_ev <= IW_EV_ADDR_LEN) {
3915 spin_unlock_bh(&local->sta_bss_lock);
3918 current_ev = ieee80211_sta_scan_result(dev, bss, current_ev,
3921 spin_unlock_bh(&local->sta_bss_lock);
3922 return current_ev - buf;
3926 int ieee80211_sta_set_extra_ie(struct net_device *dev, char *ie, size_t len)
3928 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3929 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
3930 kfree(ifsta->extra_ie);
3932 ifsta->extra_ie = NULL;
3933 ifsta->extra_ie_len = 0;
3936 ifsta->extra_ie = kmalloc(len, GFP_KERNEL);
3937 if (!ifsta->extra_ie) {
3938 ifsta->extra_ie_len = 0;
3941 memcpy(ifsta->extra_ie, ie, len);
3942 ifsta->extra_ie_len = len;
3947 struct sta_info * ieee80211_ibss_add_sta(struct net_device *dev,
3948 struct sk_buff *skb, u8 *bssid,
3951 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
3952 struct sta_info *sta;
3953 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3955 /* TODO: Could consider removing the least recently used entry and
3956 * allow new one to be added. */
3957 if (local->num_sta >= IEEE80211_IBSS_MAX_STA_ENTRIES) {
3958 if (net_ratelimit()) {
3959 printk(KERN_DEBUG "%s: No room for a new IBSS STA "
3960 "entry " MAC_FMT "\n", dev->name, MAC_ARG(addr));
3965 printk(KERN_DEBUG "%s: Adding new IBSS station " MAC_FMT " (dev=%s)\n",
3966 local->mdev->name, MAC_ARG(addr), dev->name);
3968 sta = sta_info_add(local, dev, addr, GFP_ATOMIC);
3972 sta->supp_rates = sdata->u.sta.supp_rates_bits;
3974 rate_control_rate_init(sta, local);
3976 return sta; /* caller will call sta_info_put() */
3980 int ieee80211_sta_deauthenticate(struct net_device *dev, u16 reason)
3982 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3983 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
3985 printk(KERN_DEBUG "%s: deauthenticate(reason=%d)\n",
3988 if (sdata->type != IEEE80211_IF_TYPE_STA &&
3989 sdata->type != IEEE80211_IF_TYPE_IBSS)
3992 ieee80211_send_deauth(dev, ifsta, reason);
3993 ieee80211_set_disassoc(dev, ifsta, 1);
3998 int ieee80211_sta_disassociate(struct net_device *dev, u16 reason)
4000 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4001 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
4003 printk(KERN_DEBUG "%s: disassociate(reason=%d)\n",
4006 if (sdata->type != IEEE80211_IF_TYPE_STA)
4009 if (!ifsta->associated)
4012 ieee80211_send_disassoc(dev, ifsta, reason);
4013 ieee80211_set_disassoc(dev, ifsta, 0);