Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
hostap_ap.c
Go to the documentation of this file.
1 /*
2  * Intersil Prism2 driver with Host AP (software access point) support
3  * Copyright (c) 2001-2002, SSH Communications Security Corp and Jouni Malinen
4  * <[email protected]>
5  * Copyright (c) 2002-2005, Jouni Malinen <[email protected]>
6  *
7  * This file is to be included into hostap.c when S/W AP functionality is
8  * compiled.
9  *
10  * AP: FIX:
11  * - if unicast Class 2 (assoc,reassoc,disassoc) frame received from
12  * unauthenticated STA, send deauth. frame (8802.11: 5.5)
13  * - if unicast Class 3 (data with to/from DS,deauth,pspoll) frame received
14  * from authenticated, but unassoc STA, send disassoc frame (8802.11: 5.5)
15  * - if unicast Class 3 received from unauthenticated STA, send deauth. frame
16  * (8802.11: 5.5)
17  */
18 
19 #include <linux/proc_fs.h>
20 #include <linux/delay.h>
21 #include <linux/random.h>
22 #include <linux/if_arp.h>
23 #include <linux/slab.h>
24 #include <linux/export.h>
25 #include <linux/moduleparam.h>
26 
27 #include "hostap_wlan.h"
28 #include "hostap.h"
29 #include "hostap_ap.h"
30 
31 static int other_ap_policy[MAX_PARM_DEVICES] = { AP_OTHER_AP_SKIP_ALL,
32  DEF_INTS };
33 module_param_array(other_ap_policy, int, NULL, 0444);
34 MODULE_PARM_DESC(other_ap_policy, "Other AP beacon monitoring policy (0-3)");
35 
36 static int ap_max_inactivity[MAX_PARM_DEVICES] = { AP_MAX_INACTIVITY_SEC,
37  DEF_INTS };
38 module_param_array(ap_max_inactivity, int, NULL, 0444);
39 MODULE_PARM_DESC(ap_max_inactivity, "AP timeout (in seconds) for station "
40  "inactivity");
41 
42 static int ap_bridge_packets[MAX_PARM_DEVICES] = { 1, DEF_INTS };
43 module_param_array(ap_bridge_packets, int, NULL, 0444);
44 MODULE_PARM_DESC(ap_bridge_packets, "Bridge packets directly between "
45  "stations");
46 
47 static int autom_ap_wds[MAX_PARM_DEVICES] = { 0, DEF_INTS };
48 module_param_array(autom_ap_wds, int, NULL, 0444);
49 MODULE_PARM_DESC(autom_ap_wds, "Add WDS connections to other APs "
50  "automatically");
51 
52 
53 static struct sta_info* ap_get_sta(struct ap_data *ap, u8 *sta);
54 static void hostap_event_expired_sta(struct net_device *dev,
55  struct sta_info *sta);
56 static void handle_add_proc_queue(struct work_struct *work);
57 
58 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
59 static void handle_wds_oper_queue(struct work_struct *work);
60 static void prism2_send_mgmt(struct net_device *dev,
61  u16 type_subtype, char *body,
62  int body_len, u8 *addr, u16 tx_cb_idx);
63 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
64 
65 
66 #ifndef PRISM2_NO_PROCFS_DEBUG
67 static int ap_debug_proc_read(char *page, char **start, off_t off,
68  int count, int *eof, void *data)
69 {
70  char *p = page;
71  struct ap_data *ap = (struct ap_data *) data;
72 
73  if (off != 0) {
74  *eof = 1;
75  return 0;
76  }
77 
78  p += sprintf(p, "BridgedUnicastFrames=%u\n", ap->bridged_unicast);
79  p += sprintf(p, "BridgedMulticastFrames=%u\n", ap->bridged_multicast);
80  p += sprintf(p, "max_inactivity=%u\n", ap->max_inactivity / HZ);
81  p += sprintf(p, "bridge_packets=%u\n", ap->bridge_packets);
82  p += sprintf(p, "nullfunc_ack=%u\n", ap->nullfunc_ack);
83  p += sprintf(p, "autom_ap_wds=%u\n", ap->autom_ap_wds);
84  p += sprintf(p, "auth_algs=%u\n", ap->local->auth_algs);
85  p += sprintf(p, "tx_drop_nonassoc=%u\n", ap->tx_drop_nonassoc);
86 
87  return (p - page);
88 }
89 #endif /* PRISM2_NO_PROCFS_DEBUG */
90 
91 
92 static void ap_sta_hash_add(struct ap_data *ap, struct sta_info *sta)
93 {
94  sta->hnext = ap->sta_hash[STA_HASH(sta->addr)];
95  ap->sta_hash[STA_HASH(sta->addr)] = sta;
96 }
97 
98 static void ap_sta_hash_del(struct ap_data *ap, struct sta_info *sta)
99 {
100  struct sta_info *s;
101 
102  s = ap->sta_hash[STA_HASH(sta->addr)];
103  if (s == NULL) return;
104  if (memcmp(s->addr, sta->addr, ETH_ALEN) == 0) {
105  ap->sta_hash[STA_HASH(sta->addr)] = s->hnext;
106  return;
107  }
108 
109  while (s->hnext != NULL && memcmp(s->hnext->addr, sta->addr, ETH_ALEN)
110  != 0)
111  s = s->hnext;
112  if (s->hnext != NULL)
113  s->hnext = s->hnext->hnext;
114  else
115  printk("AP: could not remove STA %pM from hash table\n",
116  sta->addr);
117 }
118 
119 static void ap_free_sta(struct ap_data *ap, struct sta_info *sta)
120 {
121  if (sta->ap && sta->local)
122  hostap_event_expired_sta(sta->local->dev, sta);
123 
124  if (ap->proc != NULL) {
125  char name[20];
126  sprintf(name, "%pM", sta->addr);
127  remove_proc_entry(name, ap->proc);
128  }
129 
130  if (sta->crypt) {
131  sta->crypt->ops->deinit(sta->crypt->priv);
132  kfree(sta->crypt);
133  sta->crypt = NULL;
134  }
135 
136  skb_queue_purge(&sta->tx_buf);
137 
138  ap->num_sta--;
139 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
140  if (sta->aid > 0)
141  ap->sta_aid[sta->aid - 1] = NULL;
142 
143  if (!sta->ap && sta->u.sta.challenge)
144  kfree(sta->u.sta.challenge);
145  del_timer(&sta->timer);
146 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
147 
148  kfree(sta);
149 }
150 
151 
152 static void hostap_set_tim(local_info_t *local, int aid, int set)
153 {
154  if (local->func->set_tim)
155  local->func->set_tim(local->dev, aid, set);
156 }
157 
158 
159 static void hostap_event_new_sta(struct net_device *dev, struct sta_info *sta)
160 {
161  union iwreq_data wrqu;
162  memset(&wrqu, 0, sizeof(wrqu));
163  memcpy(wrqu.addr.sa_data, sta->addr, ETH_ALEN);
164  wrqu.addr.sa_family = ARPHRD_ETHER;
165  wireless_send_event(dev, IWEVREGISTERED, &wrqu, NULL);
166 }
167 
168 
169 static void hostap_event_expired_sta(struct net_device *dev,
170  struct sta_info *sta)
171 {
172  union iwreq_data wrqu;
173  memset(&wrqu, 0, sizeof(wrqu));
174  memcpy(wrqu.addr.sa_data, sta->addr, ETH_ALEN);
175  wrqu.addr.sa_family = ARPHRD_ETHER;
176  wireless_send_event(dev, IWEVEXPIRED, &wrqu, NULL);
177 }
178 
179 
180 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
181 
182 static void ap_handle_timer(unsigned long data)
183 {
184  struct sta_info *sta = (struct sta_info *) data;
185  local_info_t *local;
186  struct ap_data *ap;
187  unsigned long next_time = 0;
188  int was_assoc;
189 
190  if (sta == NULL || sta->local == NULL || sta->local->ap == NULL) {
191  PDEBUG(DEBUG_AP, "ap_handle_timer() called with NULL data\n");
192  return;
193  }
194 
195  local = sta->local;
196  ap = local->ap;
197  was_assoc = sta->flags & WLAN_STA_ASSOC;
198 
199  if (atomic_read(&sta->users) != 0)
200  next_time = jiffies + HZ;
201  else if ((sta->flags & WLAN_STA_PERM) && !(sta->flags & WLAN_STA_AUTH))
202  next_time = jiffies + ap->max_inactivity;
203 
204  if (time_before(jiffies, sta->last_rx + ap->max_inactivity)) {
205  /* station activity detected; reset timeout state */
206  sta->timeout_next = STA_NULLFUNC;
207  next_time = sta->last_rx + ap->max_inactivity;
208  } else if (sta->timeout_next == STA_DISASSOC &&
209  !(sta->flags & WLAN_STA_PENDING_POLL)) {
210  /* STA ACKed data nullfunc frame poll */
211  sta->timeout_next = STA_NULLFUNC;
212  next_time = jiffies + ap->max_inactivity;
213  }
214 
215  if (next_time) {
216  sta->timer.expires = next_time;
217  add_timer(&sta->timer);
218  return;
219  }
220 
221  if (sta->ap)
222  sta->timeout_next = STA_DEAUTH;
223 
224  if (sta->timeout_next == STA_DEAUTH && !(sta->flags & WLAN_STA_PERM)) {
225  spin_lock(&ap->sta_table_lock);
226  ap_sta_hash_del(ap, sta);
227  list_del(&sta->list);
228  spin_unlock(&ap->sta_table_lock);
229  sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC);
230  } else if (sta->timeout_next == STA_DISASSOC)
231  sta->flags &= ~WLAN_STA_ASSOC;
232 
233  if (was_assoc && !(sta->flags & WLAN_STA_ASSOC) && !sta->ap)
234  hostap_event_expired_sta(local->dev, sta);
235 
236  if (sta->timeout_next == STA_DEAUTH && sta->aid > 0 &&
237  !skb_queue_empty(&sta->tx_buf)) {
238  hostap_set_tim(local, sta->aid, 0);
239  sta->flags &= ~WLAN_STA_TIM;
240  }
241 
242  if (sta->ap) {
243  if (ap->autom_ap_wds) {
244  PDEBUG(DEBUG_AP, "%s: removing automatic WDS "
245  "connection to AP %pM\n",
246  local->dev->name, sta->addr);
247  hostap_wds_link_oper(local, sta->addr, WDS_DEL);
248  }
249  } else if (sta->timeout_next == STA_NULLFUNC) {
250  /* send data frame to poll STA and check whether this frame
251  * is ACKed */
252  /* FIX: IEEE80211_STYPE_NULLFUNC would be more appropriate, but
253  * it is apparently not retried so TX Exc events are not
254  * received for it */
255  sta->flags |= WLAN_STA_PENDING_POLL;
256  prism2_send_mgmt(local->dev, IEEE80211_FTYPE_DATA |
257  IEEE80211_STYPE_DATA, NULL, 0,
258  sta->addr, ap->tx_callback_poll);
259  } else {
260  int deauth = sta->timeout_next == STA_DEAUTH;
261  __le16 resp;
262  PDEBUG(DEBUG_AP, "%s: sending %s info to STA %pM"
263  "(last=%lu, jiffies=%lu)\n",
264  local->dev->name,
265  deauth ? "deauthentication" : "disassociation",
266  sta->addr, sta->last_rx, jiffies);
267 
268  resp = cpu_to_le16(deauth ? WLAN_REASON_PREV_AUTH_NOT_VALID :
269  WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY);
270  prism2_send_mgmt(local->dev, IEEE80211_FTYPE_MGMT |
271  (deauth ? IEEE80211_STYPE_DEAUTH :
272  IEEE80211_STYPE_DISASSOC),
273  (char *) &resp, 2, sta->addr, 0);
274  }
275 
276  if (sta->timeout_next == STA_DEAUTH) {
277  if (sta->flags & WLAN_STA_PERM) {
278  PDEBUG(DEBUG_AP, "%s: STA %pM"
279  " would have been removed, "
280  "but it has 'perm' flag\n",
281  local->dev->name, sta->addr);
282  } else
283  ap_free_sta(ap, sta);
284  return;
285  }
286 
287  if (sta->timeout_next == STA_NULLFUNC) {
288  sta->timeout_next = STA_DISASSOC;
289  sta->timer.expires = jiffies + AP_DISASSOC_DELAY;
290  } else {
291  sta->timeout_next = STA_DEAUTH;
292  sta->timer.expires = jiffies + AP_DEAUTH_DELAY;
293  }
294 
295  add_timer(&sta->timer);
296 }
297 
298 
299 void hostap_deauth_all_stas(struct net_device *dev, struct ap_data *ap,
300  int resend)
301 {
302  u8 addr[ETH_ALEN];
303  __le16 resp;
304  int i;
305 
306  PDEBUG(DEBUG_AP, "%s: Deauthenticate all stations\n", dev->name);
307  memset(addr, 0xff, ETH_ALEN);
308 
309  resp = cpu_to_le16(WLAN_REASON_PREV_AUTH_NOT_VALID);
310 
311  /* deauth message sent; try to resend it few times; the message is
312  * broadcast, so it may be delayed until next DTIM; there is not much
313  * else we can do at this point since the driver is going to be shut
314  * down */
315  for (i = 0; i < 5; i++) {
316  prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT |
317  IEEE80211_STYPE_DEAUTH,
318  (char *) &resp, 2, addr, 0);
319 
320  if (!resend || ap->num_sta <= 0)
321  return;
322 
323  mdelay(50);
324  }
325 }
326 
327 
328 static int ap_control_proc_read(char *page, char **start, off_t off,
329  int count, int *eof, void *data)
330 {
331  char *p = page;
332  struct ap_data *ap = (struct ap_data *) data;
333  char *policy_txt;
334  struct mac_entry *entry;
335 
336  if (off != 0) {
337  *eof = 1;
338  return 0;
339  }
340 
341  switch (ap->mac_restrictions.policy) {
342  case MAC_POLICY_OPEN:
343  policy_txt = "open";
344  break;
345  case MAC_POLICY_ALLOW:
346  policy_txt = "allow";
347  break;
348  case MAC_POLICY_DENY:
349  policy_txt = "deny";
350  break;
351  default:
352  policy_txt = "unknown";
353  break;
354  }
355  p += sprintf(p, "MAC policy: %s\n", policy_txt);
356  p += sprintf(p, "MAC entries: %u\n", ap->mac_restrictions.entries);
357  p += sprintf(p, "MAC list:\n");
358  spin_lock_bh(&ap->mac_restrictions.lock);
359  list_for_each_entry(entry, &ap->mac_restrictions.mac_list, list) {
360  if (p - page > PAGE_SIZE - 80) {
361  p += sprintf(p, "All entries did not fit one page.\n");
362  break;
363  }
364 
365  p += sprintf(p, "%pM\n", entry->addr);
366  }
367  spin_unlock_bh(&ap->mac_restrictions.lock);
368 
369  return (p - page);
370 }
371 
372 
373 int ap_control_add_mac(struct mac_restrictions *mac_restrictions, u8 *mac)
374 {
375  struct mac_entry *entry;
376 
377  entry = kmalloc(sizeof(struct mac_entry), GFP_KERNEL);
378  if (entry == NULL)
379  return -1;
380 
381  memcpy(entry->addr, mac, ETH_ALEN);
382 
383  spin_lock_bh(&mac_restrictions->lock);
384  list_add_tail(&entry->list, &mac_restrictions->mac_list);
385  mac_restrictions->entries++;
386  spin_unlock_bh(&mac_restrictions->lock);
387 
388  return 0;
389 }
390 
391 
392 int ap_control_del_mac(struct mac_restrictions *mac_restrictions, u8 *mac)
393 {
394  struct list_head *ptr;
395  struct mac_entry *entry;
396 
397  spin_lock_bh(&mac_restrictions->lock);
398  for (ptr = mac_restrictions->mac_list.next;
399  ptr != &mac_restrictions->mac_list; ptr = ptr->next) {
400  entry = list_entry(ptr, struct mac_entry, list);
401 
402  if (memcmp(entry->addr, mac, ETH_ALEN) == 0) {
403  list_del(ptr);
404  kfree(entry);
405  mac_restrictions->entries--;
406  spin_unlock_bh(&mac_restrictions->lock);
407  return 0;
408  }
409  }
410  spin_unlock_bh(&mac_restrictions->lock);
411  return -1;
412 }
413 
414 
415 static int ap_control_mac_deny(struct mac_restrictions *mac_restrictions,
416  u8 *mac)
417 {
418  struct mac_entry *entry;
419  int found = 0;
420 
421  if (mac_restrictions->policy == MAC_POLICY_OPEN)
422  return 0;
423 
424  spin_lock_bh(&mac_restrictions->lock);
425  list_for_each_entry(entry, &mac_restrictions->mac_list, list) {
426  if (memcmp(entry->addr, mac, ETH_ALEN) == 0) {
427  found = 1;
428  break;
429  }
430  }
431  spin_unlock_bh(&mac_restrictions->lock);
432 
433  if (mac_restrictions->policy == MAC_POLICY_ALLOW)
434  return !found;
435  else
436  return found;
437 }
438 
439 
440 void ap_control_flush_macs(struct mac_restrictions *mac_restrictions)
441 {
442  struct list_head *ptr, *n;
443  struct mac_entry *entry;
444 
445  if (mac_restrictions->entries == 0)
446  return;
447 
448  spin_lock_bh(&mac_restrictions->lock);
449  for (ptr = mac_restrictions->mac_list.next, n = ptr->next;
450  ptr != &mac_restrictions->mac_list;
451  ptr = n, n = ptr->next) {
452  entry = list_entry(ptr, struct mac_entry, list);
453  list_del(ptr);
454  kfree(entry);
455  }
456  mac_restrictions->entries = 0;
457  spin_unlock_bh(&mac_restrictions->lock);
458 }
459 
460 
461 int ap_control_kick_mac(struct ap_data *ap, struct net_device *dev, u8 *mac)
462 {
463  struct sta_info *sta;
464  __le16 resp;
465 
466  spin_lock_bh(&ap->sta_table_lock);
467  sta = ap_get_sta(ap, mac);
468  if (sta) {
469  ap_sta_hash_del(ap, sta);
470  list_del(&sta->list);
471  }
472  spin_unlock_bh(&ap->sta_table_lock);
473 
474  if (!sta)
475  return -EINVAL;
476 
477  resp = cpu_to_le16(WLAN_REASON_PREV_AUTH_NOT_VALID);
478  prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_DEAUTH,
479  (char *) &resp, 2, sta->addr, 0);
480 
481  if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap)
482  hostap_event_expired_sta(dev, sta);
483 
484  ap_free_sta(ap, sta);
485 
486  return 0;
487 }
488 
489 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
490 
491 
492 void ap_control_kickall(struct ap_data *ap)
493 {
494  struct list_head *ptr, *n;
495  struct sta_info *sta;
496 
497  spin_lock_bh(&ap->sta_table_lock);
498  for (ptr = ap->sta_list.next, n = ptr->next; ptr != &ap->sta_list;
499  ptr = n, n = ptr->next) {
500  sta = list_entry(ptr, struct sta_info, list);
501  ap_sta_hash_del(ap, sta);
502  list_del(&sta->list);
503  if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap && sta->local)
504  hostap_event_expired_sta(sta->local->dev, sta);
505  ap_free_sta(ap, sta);
506  }
507  spin_unlock_bh(&ap->sta_table_lock);
508 }
509 
510 
511 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
512 
513 #define PROC_LIMIT (PAGE_SIZE - 80)
514 
515 static int prism2_ap_proc_read(char *page, char **start, off_t off,
516  int count, int *eof, void *data)
517 {
518  char *p = page;
519  struct ap_data *ap = (struct ap_data *) data;
520  struct sta_info *sta;
521  int i;
522 
523  if (off > PROC_LIMIT) {
524  *eof = 1;
525  return 0;
526  }
527 
528  p += sprintf(p, "# BSSID CHAN SIGNAL NOISE RATE SSID FLAGS\n");
529  spin_lock_bh(&ap->sta_table_lock);
530  list_for_each_entry(sta, &ap->sta_list, list) {
531  if (!sta->ap)
532  continue;
533 
534  p += sprintf(p, "%pM %d %d %d %d '",
535  sta->addr,
536  sta->u.ap.channel, sta->last_rx_signal,
537  sta->last_rx_silence, sta->last_rx_rate);
538  for (i = 0; i < sta->u.ap.ssid_len; i++)
539  p += sprintf(p, ((sta->u.ap.ssid[i] >= 32 &&
540  sta->u.ap.ssid[i] < 127) ?
541  "%c" : "<%02x>"),
542  sta->u.ap.ssid[i]);
543  p += sprintf(p, "'");
544  if (sta->capability & WLAN_CAPABILITY_ESS)
545  p += sprintf(p, " [ESS]");
546  if (sta->capability & WLAN_CAPABILITY_IBSS)
547  p += sprintf(p, " [IBSS]");
548  if (sta->capability & WLAN_CAPABILITY_PRIVACY)
549  p += sprintf(p, " [WEP]");
550  p += sprintf(p, "\n");
551 
552  if ((p - page) > PROC_LIMIT) {
553  printk(KERN_DEBUG "hostap: ap proc did not fit\n");
554  break;
555  }
556  }
557  spin_unlock_bh(&ap->sta_table_lock);
558 
559  if ((p - page) <= off) {
560  *eof = 1;
561  return 0;
562  }
563 
564  *start = page + off;
565 
566  return (p - page - off);
567 }
568 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
569 
570 
571 void hostap_check_sta_fw_version(struct ap_data *ap, int sta_fw_ver)
572 {
573  if (!ap)
574  return;
575 
576  if (sta_fw_ver == PRISM2_FW_VER(0,8,0)) {
577  PDEBUG(DEBUG_AP, "Using data::nullfunc ACK workaround - "
578  "firmware upgrade recommended\n");
579  ap->nullfunc_ack = 1;
580  } else
581  ap->nullfunc_ack = 0;
582 
583  if (sta_fw_ver == PRISM2_FW_VER(1,4,2)) {
584  printk(KERN_WARNING "%s: Warning: secondary station firmware "
585  "version 1.4.2 does not seem to work in Host AP mode\n",
586  ap->local->dev->name);
587  }
588 }
589 
590 
591 /* Called only as a tasklet (software IRQ) */
592 static void hostap_ap_tx_cb(struct sk_buff *skb, int ok, void *data)
593 {
594  struct ap_data *ap = data;
595  struct ieee80211_hdr *hdr;
596 
597  if (!ap->local->hostapd || !ap->local->apdev) {
598  dev_kfree_skb(skb);
599  return;
600  }
601 
602  /* Pass the TX callback frame to the hostapd; use 802.11 header version
603  * 1 to indicate failure (no ACK) and 2 success (frame ACKed) */
604 
605  hdr = (struct ieee80211_hdr *) skb->data;
606  hdr->frame_control &= cpu_to_le16(~IEEE80211_FCTL_VERS);
607  hdr->frame_control |= cpu_to_le16(ok ? BIT(1) : BIT(0));
608 
609  skb->dev = ap->local->apdev;
610  skb_pull(skb, hostap_80211_get_hdrlen(hdr->frame_control));
611  skb->pkt_type = PACKET_OTHERHOST;
612  skb->protocol = cpu_to_be16(ETH_P_802_2);
613  memset(skb->cb, 0, sizeof(skb->cb));
614  netif_rx(skb);
615 }
616 
617 
618 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
619 /* Called only as a tasklet (software IRQ) */
620 static void hostap_ap_tx_cb_auth(struct sk_buff *skb, int ok, void *data)
621 {
622  struct ap_data *ap = data;
623  struct net_device *dev = ap->local->dev;
624  struct ieee80211_hdr *hdr;
625  u16 auth_alg, auth_transaction, status;
626  __le16 *pos;
627  struct sta_info *sta = NULL;
628  char *txt = NULL;
629 
630  if (ap->local->hostapd) {
631  dev_kfree_skb(skb);
632  return;
633  }
634 
635  hdr = (struct ieee80211_hdr *) skb->data;
636  if (!ieee80211_is_auth(hdr->frame_control) ||
637  skb->len < IEEE80211_MGMT_HDR_LEN + 6) {
638  printk(KERN_DEBUG "%s: hostap_ap_tx_cb_auth received invalid "
639  "frame\n", dev->name);
640  dev_kfree_skb(skb);
641  return;
642  }
643 
644  pos = (__le16 *) (skb->data + IEEE80211_MGMT_HDR_LEN);
645  auth_alg = le16_to_cpu(*pos++);
646  auth_transaction = le16_to_cpu(*pos++);
647  status = le16_to_cpu(*pos++);
648 
649  if (!ok) {
650  txt = "frame was not ACKed";
651  goto done;
652  }
653 
654  spin_lock(&ap->sta_table_lock);
655  sta = ap_get_sta(ap, hdr->addr1);
656  if (sta)
657  atomic_inc(&sta->users);
658  spin_unlock(&ap->sta_table_lock);
659 
660  if (!sta) {
661  txt = "STA not found";
662  goto done;
663  }
664 
665  if (status == WLAN_STATUS_SUCCESS &&
666  ((auth_alg == WLAN_AUTH_OPEN && auth_transaction == 2) ||
667  (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 4))) {
668  txt = "STA authenticated";
669  sta->flags |= WLAN_STA_AUTH;
670  sta->last_auth = jiffies;
671  } else if (status != WLAN_STATUS_SUCCESS)
672  txt = "authentication failed";
673 
674  done:
675  if (sta)
676  atomic_dec(&sta->users);
677  if (txt) {
678  PDEBUG(DEBUG_AP, "%s: %pM auth_cb - alg=%d "
679  "trans#=%d status=%d - %s\n",
680  dev->name, hdr->addr1,
681  auth_alg, auth_transaction, status, txt);
682  }
683  dev_kfree_skb(skb);
684 }
685 
686 
687 /* Called only as a tasklet (software IRQ) */
688 static void hostap_ap_tx_cb_assoc(struct sk_buff *skb, int ok, void *data)
689 {
690  struct ap_data *ap = data;
691  struct net_device *dev = ap->local->dev;
692  struct ieee80211_hdr *hdr;
693  u16 status;
694  __le16 *pos;
695  struct sta_info *sta = NULL;
696  char *txt = NULL;
697 
698  if (ap->local->hostapd) {
699  dev_kfree_skb(skb);
700  return;
701  }
702 
703  hdr = (struct ieee80211_hdr *) skb->data;
704  if ((!ieee80211_is_assoc_resp(hdr->frame_control) &&
705  !ieee80211_is_reassoc_resp(hdr->frame_control)) ||
706  skb->len < IEEE80211_MGMT_HDR_LEN + 4) {
707  printk(KERN_DEBUG "%s: hostap_ap_tx_cb_assoc received invalid "
708  "frame\n", dev->name);
709  dev_kfree_skb(skb);
710  return;
711  }
712 
713  if (!ok) {
714  txt = "frame was not ACKed";
715  goto done;
716  }
717 
718  spin_lock(&ap->sta_table_lock);
719  sta = ap_get_sta(ap, hdr->addr1);
720  if (sta)
721  atomic_inc(&sta->users);
722  spin_unlock(&ap->sta_table_lock);
723 
724  if (!sta) {
725  txt = "STA not found";
726  goto done;
727  }
728 
729  pos = (__le16 *) (skb->data + IEEE80211_MGMT_HDR_LEN);
730  pos++;
731  status = le16_to_cpu(*pos++);
732  if (status == WLAN_STATUS_SUCCESS) {
733  if (!(sta->flags & WLAN_STA_ASSOC))
734  hostap_event_new_sta(dev, sta);
735  txt = "STA associated";
736  sta->flags |= WLAN_STA_ASSOC;
737  sta->last_assoc = jiffies;
738  } else
739  txt = "association failed";
740 
741  done:
742  if (sta)
743  atomic_dec(&sta->users);
744  if (txt) {
745  PDEBUG(DEBUG_AP, "%s: %pM assoc_cb - %s\n",
746  dev->name, hdr->addr1, txt);
747  }
748  dev_kfree_skb(skb);
749 }
750 
751 /* Called only as a tasklet (software IRQ); TX callback for poll frames used
752  * in verifying whether the STA is still present. */
753 static void hostap_ap_tx_cb_poll(struct sk_buff *skb, int ok, void *data)
754 {
755  struct ap_data *ap = data;
756  struct ieee80211_hdr *hdr;
757  struct sta_info *sta;
758 
759  if (skb->len < 24)
760  goto fail;
761  hdr = (struct ieee80211_hdr *) skb->data;
762  if (ok) {
763  spin_lock(&ap->sta_table_lock);
764  sta = ap_get_sta(ap, hdr->addr1);
765  if (sta)
766  sta->flags &= ~WLAN_STA_PENDING_POLL;
767  spin_unlock(&ap->sta_table_lock);
768  } else {
769  PDEBUG(DEBUG_AP,
770  "%s: STA %pM did not ACK activity poll frame\n",
771  ap->local->dev->name, hdr->addr1);
772  }
773 
774  fail:
775  dev_kfree_skb(skb);
776 }
777 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
778 
779 
780 void hostap_init_data(local_info_t *local)
781 {
782  struct ap_data *ap = local->ap;
783 
784  if (ap == NULL) {
785  printk(KERN_WARNING "hostap_init_data: ap == NULL\n");
786  return;
787  }
788  memset(ap, 0, sizeof(struct ap_data));
789  ap->local = local;
790 
791  ap->ap_policy = GET_INT_PARM(other_ap_policy, local->card_idx);
792  ap->bridge_packets = GET_INT_PARM(ap_bridge_packets, local->card_idx);
793  ap->max_inactivity =
794  GET_INT_PARM(ap_max_inactivity, local->card_idx) * HZ;
795  ap->autom_ap_wds = GET_INT_PARM(autom_ap_wds, local->card_idx);
796 
797  spin_lock_init(&ap->sta_table_lock);
798  INIT_LIST_HEAD(&ap->sta_list);
799 
800  /* Initialize task queue structure for AP management */
801  INIT_WORK(&local->ap->add_sta_proc_queue, handle_add_proc_queue);
802 
803  ap->tx_callback_idx =
804  hostap_tx_callback_register(local, hostap_ap_tx_cb, ap);
805  if (ap->tx_callback_idx == 0)
806  printk(KERN_WARNING "%s: failed to register TX callback for "
807  "AP\n", local->dev->name);
808 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
809  INIT_WORK(&local->ap->wds_oper_queue, handle_wds_oper_queue);
810 
811  ap->tx_callback_auth =
812  hostap_tx_callback_register(local, hostap_ap_tx_cb_auth, ap);
813  ap->tx_callback_assoc =
814  hostap_tx_callback_register(local, hostap_ap_tx_cb_assoc, ap);
815  ap->tx_callback_poll =
816  hostap_tx_callback_register(local, hostap_ap_tx_cb_poll, ap);
817  if (ap->tx_callback_auth == 0 || ap->tx_callback_assoc == 0 ||
818  ap->tx_callback_poll == 0)
819  printk(KERN_WARNING "%s: failed to register TX callback for "
820  "AP\n", local->dev->name);
821 
822  spin_lock_init(&ap->mac_restrictions.lock);
823  INIT_LIST_HEAD(&ap->mac_restrictions.mac_list);
824 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
825 
826  ap->initialized = 1;
827 }
828 
829 
830 void hostap_init_ap_proc(local_info_t *local)
831 {
832  struct ap_data *ap = local->ap;
833 
834  ap->proc = local->proc;
835  if (ap->proc == NULL)
836  return;
837 
838 #ifndef PRISM2_NO_PROCFS_DEBUG
839  create_proc_read_entry("ap_debug", 0, ap->proc,
840  ap_debug_proc_read, ap);
841 #endif /* PRISM2_NO_PROCFS_DEBUG */
842 
843 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
844  create_proc_read_entry("ap_control", 0, ap->proc,
845  ap_control_proc_read, ap);
846  create_proc_read_entry("ap", 0, ap->proc,
847  prism2_ap_proc_read, ap);
848 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
849 
850 }
851 
852 
853 void hostap_free_data(struct ap_data *ap)
854 {
855  struct sta_info *n, *sta;
856 
857  if (ap == NULL || !ap->initialized) {
858  printk(KERN_DEBUG "hostap_free_data: ap has not yet been "
859  "initialized - skip resource freeing\n");
860  return;
861  }
862 
863  flush_work(&ap->add_sta_proc_queue);
864 
865 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
866  flush_work(&ap->wds_oper_queue);
867  if (ap->crypt)
868  ap->crypt->deinit(ap->crypt_priv);
869  ap->crypt = ap->crypt_priv = NULL;
870 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
871 
872  list_for_each_entry_safe(sta, n, &ap->sta_list, list) {
873  ap_sta_hash_del(ap, sta);
874  list_del(&sta->list);
875  if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap && sta->local)
876  hostap_event_expired_sta(sta->local->dev, sta);
877  ap_free_sta(ap, sta);
878  }
879 
880 #ifndef PRISM2_NO_PROCFS_DEBUG
881  if (ap->proc != NULL) {
882  remove_proc_entry("ap_debug", ap->proc);
883  }
884 #endif /* PRISM2_NO_PROCFS_DEBUG */
885 
886 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
887  if (ap->proc != NULL) {
888  remove_proc_entry("ap", ap->proc);
889  remove_proc_entry("ap_control", ap->proc);
890  }
891  ap_control_flush_macs(&ap->mac_restrictions);
892 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
893 
894  ap->initialized = 0;
895 }
896 
897 
898 /* caller should have mutex for AP STA list handling */
899 static struct sta_info* ap_get_sta(struct ap_data *ap, u8 *sta)
900 {
901  struct sta_info *s;
902 
903  s = ap->sta_hash[STA_HASH(sta)];
904  while (s != NULL && memcmp(s->addr, sta, ETH_ALEN) != 0)
905  s = s->hnext;
906  return s;
907 }
908 
909 
910 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
911 
912 /* Called from timer handler and from scheduled AP queue handlers */
913 static void prism2_send_mgmt(struct net_device *dev,
914  u16 type_subtype, char *body,
915  int body_len, u8 *addr, u16 tx_cb_idx)
916 {
917  struct hostap_interface *iface;
918  local_info_t *local;
919  struct ieee80211_hdr *hdr;
920  u16 fc;
921  struct sk_buff *skb;
922  struct hostap_skb_tx_data *meta;
923  int hdrlen;
924 
925  iface = netdev_priv(dev);
926  local = iface->local;
927  dev = local->dev; /* always use master radio device */
928  iface = netdev_priv(dev);
929 
930  if (!(dev->flags & IFF_UP)) {
931  PDEBUG(DEBUG_AP, "%s: prism2_send_mgmt - device is not UP - "
932  "cannot send frame\n", dev->name);
933  return;
934  }
935 
936  skb = dev_alloc_skb(sizeof(*hdr) + body_len);
937  if (skb == NULL) {
938  PDEBUG(DEBUG_AP, "%s: prism2_send_mgmt failed to allocate "
939  "skb\n", dev->name);
940  return;
941  }
942 
943  fc = type_subtype;
944  hdrlen = hostap_80211_get_hdrlen(cpu_to_le16(type_subtype));
945  hdr = (struct ieee80211_hdr *) skb_put(skb, hdrlen);
946  if (body)
947  memcpy(skb_put(skb, body_len), body, body_len);
948 
949  memset(hdr, 0, hdrlen);
950 
951  /* FIX: ctrl::ack sending used special HFA384X_TX_CTRL_802_11
952  * tx_control instead of using local->tx_control */
953 
954 
955  memcpy(hdr->addr1, addr, ETH_ALEN); /* DA / RA */
956  if (ieee80211_is_data(hdr->frame_control)) {
957  fc |= IEEE80211_FCTL_FROMDS;
958  memcpy(hdr->addr2, dev->dev_addr, ETH_ALEN); /* BSSID */
959  memcpy(hdr->addr3, dev->dev_addr, ETH_ALEN); /* SA */
960  } else if (ieee80211_is_ctl(hdr->frame_control)) {
961  /* control:ACK does not have addr2 or addr3 */
962  memset(hdr->addr2, 0, ETH_ALEN);
963  memset(hdr->addr3, 0, ETH_ALEN);
964  } else {
965  memcpy(hdr->addr2, dev->dev_addr, ETH_ALEN); /* SA */
966  memcpy(hdr->addr3, dev->dev_addr, ETH_ALEN); /* BSSID */
967  }
968 
969  hdr->frame_control = cpu_to_le16(fc);
970 
971  meta = (struct hostap_skb_tx_data *) skb->cb;
972  memset(meta, 0, sizeof(*meta));
973  meta->magic = HOSTAP_SKB_TX_DATA_MAGIC;
974  meta->iface = iface;
975  meta->tx_cb_idx = tx_cb_idx;
976 
977  skb->dev = dev;
978  skb_reset_mac_header(skb);
979  skb_reset_network_header(skb);
980  dev_queue_xmit(skb);
981 }
982 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
983 
984 
985 static int prism2_sta_proc_read(char *page, char **start, off_t off,
986  int count, int *eof, void *data)
987 {
988  char *p = page;
989  struct sta_info *sta = (struct sta_info *) data;
990  int i;
991 
992  /* FIX: possible race condition.. the STA data could have just expired,
993  * but proc entry was still here so that the read could have started;
994  * some locking should be done here.. */
995 
996  if (off != 0) {
997  *eof = 1;
998  return 0;
999  }
1000 
1001  p += sprintf(p, "%s=%pM\nusers=%d\naid=%d\n"
1002  "flags=0x%04x%s%s%s%s%s%s%s\n"
1003  "capability=0x%02x\nlisten_interval=%d\nsupported_rates=",
1004  sta->ap ? "AP" : "STA",
1005  sta->addr, atomic_read(&sta->users), sta->aid,
1006  sta->flags,
1007  sta->flags & WLAN_STA_AUTH ? " AUTH" : "",
1008  sta->flags & WLAN_STA_ASSOC ? " ASSOC" : "",
1009  sta->flags & WLAN_STA_PS ? " PS" : "",
1010  sta->flags & WLAN_STA_TIM ? " TIM" : "",
1011  sta->flags & WLAN_STA_PERM ? " PERM" : "",
1012  sta->flags & WLAN_STA_AUTHORIZED ? " AUTHORIZED" : "",
1013  sta->flags & WLAN_STA_PENDING_POLL ? " POLL" : "",
1014  sta->capability, sta->listen_interval);
1015  /* supported_rates: 500 kbit/s units with msb ignored */
1016  for (i = 0; i < sizeof(sta->supported_rates); i++)
1017  if (sta->supported_rates[i] != 0)
1018  p += sprintf(p, "%d%sMbps ",
1019  (sta->supported_rates[i] & 0x7f) / 2,
1020  sta->supported_rates[i] & 1 ? ".5" : "");
1021  p += sprintf(p, "\njiffies=%lu\nlast_auth=%lu\nlast_assoc=%lu\n"
1022  "last_rx=%lu\nlast_tx=%lu\nrx_packets=%lu\n"
1023  "tx_packets=%lu\n"
1024  "rx_bytes=%lu\ntx_bytes=%lu\nbuffer_count=%d\n"
1025  "last_rx: silence=%d dBm signal=%d dBm rate=%d%s Mbps\n"
1026  "tx_rate=%d\ntx[1M]=%d\ntx[2M]=%d\ntx[5.5M]=%d\n"
1027  "tx[11M]=%d\n"
1028  "rx[1M]=%d\nrx[2M]=%d\nrx[5.5M]=%d\nrx[11M]=%d\n",
1029  jiffies, sta->last_auth, sta->last_assoc, sta->last_rx,
1030  sta->last_tx,
1031  sta->rx_packets, sta->tx_packets, sta->rx_bytes,
1032  sta->tx_bytes, skb_queue_len(&sta->tx_buf),
1033  sta->last_rx_silence,
1034  sta->last_rx_signal, sta->last_rx_rate / 10,
1035  sta->last_rx_rate % 10 ? ".5" : "",
1036  sta->tx_rate, sta->tx_count[0], sta->tx_count[1],
1037  sta->tx_count[2], sta->tx_count[3], sta->rx_count[0],
1038  sta->rx_count[1], sta->rx_count[2], sta->rx_count[3]);
1039  if (sta->crypt && sta->crypt->ops && sta->crypt->ops->print_stats)
1040  p = sta->crypt->ops->print_stats(p, sta->crypt->priv);
1041 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
1042  if (sta->ap) {
1043  if (sta->u.ap.channel >= 0)
1044  p += sprintf(p, "channel=%d\n", sta->u.ap.channel);
1045  p += sprintf(p, "ssid=");
1046  for (i = 0; i < sta->u.ap.ssid_len; i++)
1047  p += sprintf(p, ((sta->u.ap.ssid[i] >= 32 &&
1048  sta->u.ap.ssid[i] < 127) ?
1049  "%c" : "<%02x>"),
1050  sta->u.ap.ssid[i]);
1051  p += sprintf(p, "\n");
1052  }
1053 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
1054 
1055  return (p - page);
1056 }
1057 
1058 
1059 static void handle_add_proc_queue(struct work_struct *work)
1060 {
1061  struct ap_data *ap = container_of(work, struct ap_data,
1062  add_sta_proc_queue);
1063  struct sta_info *sta;
1064  char name[20];
1065  struct add_sta_proc_data *entry, *prev;
1066 
1067  entry = ap->add_sta_proc_entries;
1068  ap->add_sta_proc_entries = NULL;
1069 
1070  while (entry) {
1071  spin_lock_bh(&ap->sta_table_lock);
1072  sta = ap_get_sta(ap, entry->addr);
1073  if (sta)
1074  atomic_inc(&sta->users);
1075  spin_unlock_bh(&ap->sta_table_lock);
1076 
1077  if (sta) {
1078  sprintf(name, "%pM", sta->addr);
1079  sta->proc = create_proc_read_entry(
1080  name, 0, ap->proc,
1081  prism2_sta_proc_read, sta);
1082 
1083  atomic_dec(&sta->users);
1084  }
1085 
1086  prev = entry;
1087  entry = entry->next;
1088  kfree(prev);
1089  }
1090 }
1091 
1092 
1093 static struct sta_info * ap_add_sta(struct ap_data *ap, u8 *addr)
1094 {
1095  struct sta_info *sta;
1096 
1097  sta = kzalloc(sizeof(struct sta_info), GFP_ATOMIC);
1098  if (sta == NULL) {
1099  PDEBUG(DEBUG_AP, "AP: kmalloc failed\n");
1100  return NULL;
1101  }
1102 
1103  /* initialize STA info data */
1104  sta->local = ap->local;
1105  skb_queue_head_init(&sta->tx_buf);
1106  memcpy(sta->addr, addr, ETH_ALEN);
1107 
1108  atomic_inc(&sta->users);
1109  spin_lock_bh(&ap->sta_table_lock);
1110  list_add(&sta->list, &ap->sta_list);
1111  ap->num_sta++;
1112  ap_sta_hash_add(ap, sta);
1113  spin_unlock_bh(&ap->sta_table_lock);
1114 
1115  if (ap->proc) {
1116  struct add_sta_proc_data *entry;
1117  /* schedule a non-interrupt context process to add a procfs
1118  * entry for the STA since procfs code use GFP_KERNEL */
1119  entry = kmalloc(sizeof(*entry), GFP_ATOMIC);
1120  if (entry) {
1121  memcpy(entry->addr, sta->addr, ETH_ALEN);
1122  entry->next = ap->add_sta_proc_entries;
1123  ap->add_sta_proc_entries = entry;
1124  schedule_work(&ap->add_sta_proc_queue);
1125  } else
1126  printk(KERN_DEBUG "Failed to add STA proc data\n");
1127  }
1128 
1129 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
1130  init_timer(&sta->timer);
1131  sta->timer.expires = jiffies + ap->max_inactivity;
1132  sta->timer.data = (unsigned long) sta;
1133  sta->timer.function = ap_handle_timer;
1134  if (!ap->local->hostapd)
1135  add_timer(&sta->timer);
1136 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
1137 
1138  return sta;
1139 }
1140 
1141 
1142 static int ap_tx_rate_ok(int rateidx, struct sta_info *sta,
1143  local_info_t *local)
1144 {
1145  if (rateidx > sta->tx_max_rate ||
1146  !(sta->tx_supp_rates & (1 << rateidx)))
1147  return 0;
1148 
1149  if (local->tx_rate_control != 0 &&
1150  !(local->tx_rate_control & (1 << rateidx)))
1151  return 0;
1152 
1153  return 1;
1154 }
1155 
1156 
1157 static void prism2_check_tx_rates(struct sta_info *sta)
1158 {
1159  int i;
1160 
1161  sta->tx_supp_rates = 0;
1162  for (i = 0; i < sizeof(sta->supported_rates); i++) {
1163  if ((sta->supported_rates[i] & 0x7f) == 2)
1164  sta->tx_supp_rates |= WLAN_RATE_1M;
1165  if ((sta->supported_rates[i] & 0x7f) == 4)
1166  sta->tx_supp_rates |= WLAN_RATE_2M;
1167  if ((sta->supported_rates[i] & 0x7f) == 11)
1168  sta->tx_supp_rates |= WLAN_RATE_5M5;
1169  if ((sta->supported_rates[i] & 0x7f) == 22)
1170  sta->tx_supp_rates |= WLAN_RATE_11M;
1171  }
1172  sta->tx_max_rate = sta->tx_rate = sta->tx_rate_idx = 0;
1173  if (sta->tx_supp_rates & WLAN_RATE_1M) {
1174  sta->tx_max_rate = 0;
1175  if (ap_tx_rate_ok(0, sta, sta->local)) {
1176  sta->tx_rate = 10;
1177  sta->tx_rate_idx = 0;
1178  }
1179  }
1180  if (sta->tx_supp_rates & WLAN_RATE_2M) {
1181  sta->tx_max_rate = 1;
1182  if (ap_tx_rate_ok(1, sta, sta->local)) {
1183  sta->tx_rate = 20;
1184  sta->tx_rate_idx = 1;
1185  }
1186  }
1187  if (sta->tx_supp_rates & WLAN_RATE_5M5) {
1188  sta->tx_max_rate = 2;
1189  if (ap_tx_rate_ok(2, sta, sta->local)) {
1190  sta->tx_rate = 55;
1191  sta->tx_rate_idx = 2;
1192  }
1193  }
1194  if (sta->tx_supp_rates & WLAN_RATE_11M) {
1195  sta->tx_max_rate = 3;
1196  if (ap_tx_rate_ok(3, sta, sta->local)) {
1197  sta->tx_rate = 110;
1198  sta->tx_rate_idx = 3;
1199  }
1200  }
1201 }
1202 
1203 
1204 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
1205 
1206 static void ap_crypt_init(struct ap_data *ap)
1207 {
1208  ap->crypt = lib80211_get_crypto_ops("WEP");
1209 
1210  if (ap->crypt) {
1211  if (ap->crypt->init) {
1212  ap->crypt_priv = ap->crypt->init(0);
1213  if (ap->crypt_priv == NULL)
1214  ap->crypt = NULL;
1215  else {
1216  u8 key[WEP_KEY_LEN];
1217  get_random_bytes(key, WEP_KEY_LEN);
1218  ap->crypt->set_key(key, WEP_KEY_LEN, NULL,
1219  ap->crypt_priv);
1220  }
1221  }
1222  }
1223 
1224  if (ap->crypt == NULL) {
1225  printk(KERN_WARNING "AP could not initialize WEP: load module "
1226  "lib80211_crypt_wep.ko\n");
1227  }
1228 }
1229 
1230 
1231 /* Generate challenge data for shared key authentication. IEEE 802.11 specifies
1232  * that WEP algorithm is used for generating challenge. This should be unique,
1233  * but otherwise there is not really need for randomness etc. Initialize WEP
1234  * with pseudo random key and then use increasing IV to get unique challenge
1235  * streams.
1236  *
1237  * Called only as a scheduled task for pending AP frames.
1238  */
1239 static char * ap_auth_make_challenge(struct ap_data *ap)
1240 {
1241  char *tmpbuf;
1242  struct sk_buff *skb;
1243 
1244  if (ap->crypt == NULL) {
1245  ap_crypt_init(ap);
1246  if (ap->crypt == NULL)
1247  return NULL;
1248  }
1249 
1250  tmpbuf = kmalloc(WLAN_AUTH_CHALLENGE_LEN, GFP_ATOMIC);
1251  if (tmpbuf == NULL) {
1252  PDEBUG(DEBUG_AP, "AP: kmalloc failed for challenge\n");
1253  return NULL;
1254  }
1255 
1256  skb = dev_alloc_skb(WLAN_AUTH_CHALLENGE_LEN +
1257  ap->crypt->extra_mpdu_prefix_len +
1258  ap->crypt->extra_mpdu_postfix_len);
1259  if (skb == NULL) {
1260  kfree(tmpbuf);
1261  return NULL;
1262  }
1263 
1264  skb_reserve(skb, ap->crypt->extra_mpdu_prefix_len);
1265  memset(skb_put(skb, WLAN_AUTH_CHALLENGE_LEN), 0,
1266  WLAN_AUTH_CHALLENGE_LEN);
1267  if (ap->crypt->encrypt_mpdu(skb, 0, ap->crypt_priv)) {
1268  dev_kfree_skb(skb);
1269  kfree(tmpbuf);
1270  return NULL;
1271  }
1272 
1273  skb_copy_from_linear_data_offset(skb, ap->crypt->extra_mpdu_prefix_len,
1274  tmpbuf, WLAN_AUTH_CHALLENGE_LEN);
1275  dev_kfree_skb(skb);
1276 
1277  return tmpbuf;
1278 }
1279 
1280 
1281 /* Called only as a scheduled task for pending AP frames. */
1282 static void handle_authen(local_info_t *local, struct sk_buff *skb,
1283  struct hostap_80211_rx_status *rx_stats)
1284 {
1285  struct net_device *dev = local->dev;
1286  struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
1287  size_t hdrlen;
1288  struct ap_data *ap = local->ap;
1289  char body[8 + WLAN_AUTH_CHALLENGE_LEN], *challenge = NULL;
1290  int len, olen;
1291  u16 auth_alg, auth_transaction, status_code;
1292  __le16 *pos;
1293  u16 resp = WLAN_STATUS_SUCCESS;
1294  struct sta_info *sta = NULL;
1295  struct lib80211_crypt_data *crypt;
1296  char *txt = "";
1297 
1298  len = skb->len - IEEE80211_MGMT_HDR_LEN;
1299 
1300  hdrlen = hostap_80211_get_hdrlen(hdr->frame_control);
1301 
1302  if (len < 6) {
1303  PDEBUG(DEBUG_AP, "%s: handle_authen - too short payload "
1304  "(len=%d) from %pM\n", dev->name, len, hdr->addr2);
1305  return;
1306  }
1307 
1308  spin_lock_bh(&local->ap->sta_table_lock);
1309  sta = ap_get_sta(local->ap, hdr->addr2);
1310  if (sta)
1311  atomic_inc(&sta->users);
1312  spin_unlock_bh(&local->ap->sta_table_lock);
1313 
1314  if (sta && sta->crypt)
1315  crypt = sta->crypt;
1316  else {
1317  int idx = 0;
1318  if (skb->len >= hdrlen + 3)
1319  idx = skb->data[hdrlen + 3] >> 6;
1320  crypt = local->crypt_info.crypt[idx];
1321  }
1322 
1323  pos = (__le16 *) (skb->data + IEEE80211_MGMT_HDR_LEN);
1324  auth_alg = __le16_to_cpu(*pos);
1325  pos++;
1326  auth_transaction = __le16_to_cpu(*pos);
1327  pos++;
1328  status_code = __le16_to_cpu(*pos);
1329  pos++;
1330 
1331  if (memcmp(dev->dev_addr, hdr->addr2, ETH_ALEN) == 0 ||
1332  ap_control_mac_deny(&ap->mac_restrictions, hdr->addr2)) {
1333  txt = "authentication denied";
1334  resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1335  goto fail;
1336  }
1337 
1338  if (((local->auth_algs & PRISM2_AUTH_OPEN) &&
1339  auth_alg == WLAN_AUTH_OPEN) ||
1340  ((local->auth_algs & PRISM2_AUTH_SHARED_KEY) &&
1341  crypt && auth_alg == WLAN_AUTH_SHARED_KEY)) {
1342  } else {
1343  txt = "unsupported algorithm";
1344  resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG;
1345  goto fail;
1346  }
1347 
1348  if (len >= 8) {
1349  u8 *u = (u8 *) pos;
1350  if (*u == WLAN_EID_CHALLENGE) {
1351  if (*(u + 1) != WLAN_AUTH_CHALLENGE_LEN) {
1352  txt = "invalid challenge len";
1353  resp = WLAN_STATUS_CHALLENGE_FAIL;
1354  goto fail;
1355  }
1356  if (len - 8 < WLAN_AUTH_CHALLENGE_LEN) {
1357  txt = "challenge underflow";
1358  resp = WLAN_STATUS_CHALLENGE_FAIL;
1359  goto fail;
1360  }
1361  challenge = (char *) (u + 2);
1362  }
1363  }
1364 
1365  if (sta && sta->ap) {
1366  if (time_after(jiffies, sta->u.ap.last_beacon +
1367  (10 * sta->listen_interval * HZ) / 1024)) {
1368  PDEBUG(DEBUG_AP, "%s: no beacons received for a while,"
1369  " assuming AP %pM is now STA\n",
1370  dev->name, sta->addr);
1371  sta->ap = 0;
1372  sta->flags = 0;
1373  sta->u.sta.challenge = NULL;
1374  } else {
1375  txt = "AP trying to authenticate?";
1376  resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1377  goto fail;
1378  }
1379  }
1380 
1381  if ((auth_alg == WLAN_AUTH_OPEN && auth_transaction == 1) ||
1382  (auth_alg == WLAN_AUTH_SHARED_KEY &&
1383  (auth_transaction == 1 ||
1384  (auth_transaction == 3 && sta != NULL &&
1385  sta->u.sta.challenge != NULL)))) {
1386  } else {
1387  txt = "unknown authentication transaction number";
1388  resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION;
1389  goto fail;
1390  }
1391 
1392  if (sta == NULL) {
1393  txt = "new STA";
1394 
1395  if (local->ap->num_sta >= MAX_STA_COUNT) {
1396  /* FIX: might try to remove some old STAs first? */
1397  txt = "no more room for new STAs";
1398  resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1399  goto fail;
1400  }
1401 
1402  sta = ap_add_sta(local->ap, hdr->addr2);
1403  if (sta == NULL) {
1404  txt = "ap_add_sta failed";
1405  resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1406  goto fail;
1407  }
1408  }
1409 
1410  switch (auth_alg) {
1411  case WLAN_AUTH_OPEN:
1412  txt = "authOK";
1413  /* IEEE 802.11 standard is not completely clear about
1414  * whether STA is considered authenticated after
1415  * authentication OK frame has been send or after it
1416  * has been ACKed. In order to reduce interoperability
1417  * issues, mark the STA authenticated before ACK. */
1418  sta->flags |= WLAN_STA_AUTH;
1419  break;
1420 
1421  case WLAN_AUTH_SHARED_KEY:
1422  if (auth_transaction == 1) {
1423  if (sta->u.sta.challenge == NULL) {
1424  sta->u.sta.challenge =
1425  ap_auth_make_challenge(local->ap);
1426  if (sta->u.sta.challenge == NULL) {
1427  resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1428  goto fail;
1429  }
1430  }
1431  } else {
1432  if (sta->u.sta.challenge == NULL ||
1433  challenge == NULL ||
1434  memcmp(sta->u.sta.challenge, challenge,
1435  WLAN_AUTH_CHALLENGE_LEN) != 0 ||
1436  !ieee80211_has_protected(hdr->frame_control)) {
1437  txt = "challenge response incorrect";
1438  resp = WLAN_STATUS_CHALLENGE_FAIL;
1439  goto fail;
1440  }
1441 
1442  txt = "challenge OK - authOK";
1443  /* IEEE 802.11 standard is not completely clear about
1444  * whether STA is considered authenticated after
1445  * authentication OK frame has been send or after it
1446  * has been ACKed. In order to reduce interoperability
1447  * issues, mark the STA authenticated before ACK. */
1448  sta->flags |= WLAN_STA_AUTH;
1449  kfree(sta->u.sta.challenge);
1450  sta->u.sta.challenge = NULL;
1451  }
1452  break;
1453  }
1454 
1455  fail:
1456  pos = (__le16 *) body;
1457  *pos = cpu_to_le16(auth_alg);
1458  pos++;
1459  *pos = cpu_to_le16(auth_transaction + 1);
1460  pos++;
1461  *pos = cpu_to_le16(resp); /* status_code */
1462  pos++;
1463  olen = 6;
1464 
1465  if (resp == WLAN_STATUS_SUCCESS && sta != NULL &&
1466  sta->u.sta.challenge != NULL &&
1467  auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 1) {
1468  u8 *tmp = (u8 *) pos;
1469  *tmp++ = WLAN_EID_CHALLENGE;
1470  *tmp++ = WLAN_AUTH_CHALLENGE_LEN;
1471  pos++;
1472  memcpy(pos, sta->u.sta.challenge, WLAN_AUTH_CHALLENGE_LEN);
1473  olen += 2 + WLAN_AUTH_CHALLENGE_LEN;
1474  }
1475 
1476  prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_AUTH,
1477  body, olen, hdr->addr2, ap->tx_callback_auth);
1478 
1479  if (sta) {
1480  sta->last_rx = jiffies;
1481  atomic_dec(&sta->users);
1482  }
1483 
1484  if (resp) {
1485  PDEBUG(DEBUG_AP, "%s: %pM auth (alg=%d "
1486  "trans#=%d stat=%d len=%d fc=%04x) ==> %d (%s)\n",
1487  dev->name, hdr->addr2,
1488  auth_alg, auth_transaction, status_code, len,
1489  le16_to_cpu(hdr->frame_control), resp, txt);
1490  }
1491 }
1492 
1493 
1494 /* Called only as a scheduled task for pending AP frames. */
1495 static void handle_assoc(local_info_t *local, struct sk_buff *skb,
1496  struct hostap_80211_rx_status *rx_stats, int reassoc)
1497 {
1498  struct net_device *dev = local->dev;
1499  struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
1500  char body[12], *p, *lpos;
1501  int len, left;
1502  __le16 *pos;
1503  u16 resp = WLAN_STATUS_SUCCESS;
1504  struct sta_info *sta = NULL;
1505  int send_deauth = 0;
1506  char *txt = "";
1507  u8 prev_ap[ETH_ALEN];
1508 
1509  left = len = skb->len - IEEE80211_MGMT_HDR_LEN;
1510 
1511  if (len < (reassoc ? 10 : 4)) {
1512  PDEBUG(DEBUG_AP, "%s: handle_assoc - too short payload "
1513  "(len=%d, reassoc=%d) from %pM\n",
1514  dev->name, len, reassoc, hdr->addr2);
1515  return;
1516  }
1517 
1518  spin_lock_bh(&local->ap->sta_table_lock);
1519  sta = ap_get_sta(local->ap, hdr->addr2);
1520  if (sta == NULL || (sta->flags & WLAN_STA_AUTH) == 0) {
1521  spin_unlock_bh(&local->ap->sta_table_lock);
1522  txt = "trying to associate before authentication";
1523  send_deauth = 1;
1524  resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1525  sta = NULL; /* do not decrement sta->users */
1526  goto fail;
1527  }
1528  atomic_inc(&sta->users);
1529  spin_unlock_bh(&local->ap->sta_table_lock);
1530 
1531  pos = (__le16 *) (skb->data + IEEE80211_MGMT_HDR_LEN);
1532  sta->capability = __le16_to_cpu(*pos);
1533  pos++; left -= 2;
1534  sta->listen_interval = __le16_to_cpu(*pos);
1535  pos++; left -= 2;
1536 
1537  if (reassoc) {
1538  memcpy(prev_ap, pos, ETH_ALEN);
1539  pos++; pos++; pos++; left -= 6;
1540  } else
1541  memset(prev_ap, 0, ETH_ALEN);
1542 
1543  if (left >= 2) {
1544  unsigned int ileft;
1545  unsigned char *u = (unsigned char *) pos;
1546 
1547  if (*u == WLAN_EID_SSID) {
1548  u++; left--;
1549  ileft = *u;
1550  u++; left--;
1551 
1552  if (ileft > left || ileft > MAX_SSID_LEN) {
1553  txt = "SSID overflow";
1554  resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1555  goto fail;
1556  }
1557 
1558  if (ileft != strlen(local->essid) ||
1559  memcmp(local->essid, u, ileft) != 0) {
1560  txt = "not our SSID";
1561  resp = WLAN_STATUS_ASSOC_DENIED_UNSPEC;
1562  goto fail;
1563  }
1564 
1565  u += ileft;
1566  left -= ileft;
1567  }
1568 
1569  if (left >= 2 && *u == WLAN_EID_SUPP_RATES) {
1570  u++; left--;
1571  ileft = *u;
1572  u++; left--;
1573 
1574  if (ileft > left || ileft == 0 ||
1575  ileft > WLAN_SUPP_RATES_MAX) {
1576  txt = "SUPP_RATES len error";
1577  resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1578  goto fail;
1579  }
1580 
1581  memset(sta->supported_rates, 0,
1582  sizeof(sta->supported_rates));
1583  memcpy(sta->supported_rates, u, ileft);
1584  prism2_check_tx_rates(sta);
1585 
1586  u += ileft;
1587  left -= ileft;
1588  }
1589 
1590  if (left > 0) {
1591  PDEBUG(DEBUG_AP, "%s: assoc from %pM"
1592  " with extra data (%d bytes) [",
1593  dev->name, hdr->addr2, left);
1594  while (left > 0) {
1595  PDEBUG2(DEBUG_AP, "<%02x>", *u);
1596  u++; left--;
1597  }
1598  PDEBUG2(DEBUG_AP, "]\n");
1599  }
1600  } else {
1601  txt = "frame underflow";
1602  resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1603  goto fail;
1604  }
1605 
1606  /* get a unique AID */
1607  if (sta->aid > 0)
1608  txt = "OK, old AID";
1609  else {
1610  spin_lock_bh(&local->ap->sta_table_lock);
1611  for (sta->aid = 1; sta->aid <= MAX_AID_TABLE_SIZE; sta->aid++)
1612  if (local->ap->sta_aid[sta->aid - 1] == NULL)
1613  break;
1614  if (sta->aid > MAX_AID_TABLE_SIZE) {
1615  sta->aid = 0;
1616  spin_unlock_bh(&local->ap->sta_table_lock);
1617  resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
1618  txt = "no room for more AIDs";
1619  } else {
1620  local->ap->sta_aid[sta->aid - 1] = sta;
1621  spin_unlock_bh(&local->ap->sta_table_lock);
1622  txt = "OK, new AID";
1623  }
1624  }
1625 
1626  fail:
1627  pos = (__le16 *) body;
1628 
1629  if (send_deauth) {
1630  *pos = cpu_to_le16(WLAN_REASON_STA_REQ_ASSOC_WITHOUT_AUTH);
1631  pos++;
1632  } else {
1633  /* FIX: CF-Pollable and CF-PollReq should be set to match the
1634  * values in beacons/probe responses */
1635  /* FIX: how about privacy and WEP? */
1636  /* capability */
1637  *pos = cpu_to_le16(WLAN_CAPABILITY_ESS);
1638  pos++;
1639 
1640  /* status_code */
1641  *pos = cpu_to_le16(resp);
1642  pos++;
1643 
1644  *pos = cpu_to_le16((sta && sta->aid > 0 ? sta->aid : 0) |
1645  BIT(14) | BIT(15)); /* AID */
1646  pos++;
1647 
1648  /* Supported rates (Information element) */
1649  p = (char *) pos;
1650  *p++ = WLAN_EID_SUPP_RATES;
1651  lpos = p;
1652  *p++ = 0; /* len */
1653  if (local->tx_rate_control & WLAN_RATE_1M) {
1654  *p++ = local->basic_rates & WLAN_RATE_1M ? 0x82 : 0x02;
1655  (*lpos)++;
1656  }
1657  if (local->tx_rate_control & WLAN_RATE_2M) {
1658  *p++ = local->basic_rates & WLAN_RATE_2M ? 0x84 : 0x04;
1659  (*lpos)++;
1660  }
1661  if (local->tx_rate_control & WLAN_RATE_5M5) {
1662  *p++ = local->basic_rates & WLAN_RATE_5M5 ?
1663  0x8b : 0x0b;
1664  (*lpos)++;
1665  }
1666  if (local->tx_rate_control & WLAN_RATE_11M) {
1667  *p++ = local->basic_rates & WLAN_RATE_11M ?
1668  0x96 : 0x16;
1669  (*lpos)++;
1670  }
1671  pos = (__le16 *) p;
1672  }
1673 
1674  prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT |
1675  (send_deauth ? IEEE80211_STYPE_DEAUTH :
1676  (reassoc ? IEEE80211_STYPE_REASSOC_RESP :
1677  IEEE80211_STYPE_ASSOC_RESP)),
1678  body, (u8 *) pos - (u8 *) body,
1679  hdr->addr2,
1680  send_deauth ? 0 : local->ap->tx_callback_assoc);
1681 
1682  if (sta) {
1683  if (resp == WLAN_STATUS_SUCCESS) {
1684  sta->last_rx = jiffies;
1685  /* STA will be marked associated from TX callback, if
1686  * AssocResp is ACKed */
1687  }
1688  atomic_dec(&sta->users);
1689  }
1690 
1691 #if 0
1692  PDEBUG(DEBUG_AP, "%s: %pM %sassoc (len=%d "
1693  "prev_ap=%pM) => %d(%d) (%s)\n",
1694  dev->name,
1695  hdr->addr2,
1696  reassoc ? "re" : "", len,
1697  prev_ap,
1698  resp, send_deauth, txt);
1699 #endif
1700 }
1701 
1702 
1703 /* Called only as a scheduled task for pending AP frames. */
1704 static void handle_deauth(local_info_t *local, struct sk_buff *skb,
1705  struct hostap_80211_rx_status *rx_stats)
1706 {
1707  struct net_device *dev = local->dev;
1708  struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
1709  char *body = (char *) (skb->data + IEEE80211_MGMT_HDR_LEN);
1710  int len;
1711  u16 reason_code;
1712  __le16 *pos;
1713  struct sta_info *sta = NULL;
1714 
1715  len = skb->len - IEEE80211_MGMT_HDR_LEN;
1716 
1717  if (len < 2) {
1718  printk("handle_deauth - too short payload (len=%d)\n", len);
1719  return;
1720  }
1721 
1722  pos = (__le16 *) body;
1723  reason_code = le16_to_cpu(*pos);
1724 
1725  PDEBUG(DEBUG_AP, "%s: deauthentication: %pM len=%d, "
1726  "reason_code=%d\n", dev->name, hdr->addr2,
1727  len, reason_code);
1728 
1729  spin_lock_bh(&local->ap->sta_table_lock);
1730  sta = ap_get_sta(local->ap, hdr->addr2);
1731  if (sta != NULL) {
1732  if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap)
1733  hostap_event_expired_sta(local->dev, sta);
1734  sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC);
1735  }
1736  spin_unlock_bh(&local->ap->sta_table_lock);
1737  if (sta == NULL) {
1738  printk("%s: deauthentication from %pM, "
1739  "reason_code=%d, but STA not authenticated\n", dev->name,
1740  hdr->addr2, reason_code);
1741  }
1742 }
1743 
1744 
1745 /* Called only as a scheduled task for pending AP frames. */
1746 static void handle_disassoc(local_info_t *local, struct sk_buff *skb,
1747  struct hostap_80211_rx_status *rx_stats)
1748 {
1749  struct net_device *dev = local->dev;
1750  struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
1751  char *body = skb->data + IEEE80211_MGMT_HDR_LEN;
1752  int len;
1753  u16 reason_code;
1754  __le16 *pos;
1755  struct sta_info *sta = NULL;
1756 
1757  len = skb->len - IEEE80211_MGMT_HDR_LEN;
1758 
1759  if (len < 2) {
1760  printk("handle_disassoc - too short payload (len=%d)\n", len);
1761  return;
1762  }
1763 
1764  pos = (__le16 *) body;
1765  reason_code = le16_to_cpu(*pos);
1766 
1767  PDEBUG(DEBUG_AP, "%s: disassociation: %pM len=%d, "
1768  "reason_code=%d\n", dev->name, hdr->addr2,
1769  len, reason_code);
1770 
1771  spin_lock_bh(&local->ap->sta_table_lock);
1772  sta = ap_get_sta(local->ap, hdr->addr2);
1773  if (sta != NULL) {
1774  if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap)
1775  hostap_event_expired_sta(local->dev, sta);
1776  sta->flags &= ~WLAN_STA_ASSOC;
1777  }
1778  spin_unlock_bh(&local->ap->sta_table_lock);
1779  if (sta == NULL) {
1780  printk("%s: disassociation from %pM, "
1781  "reason_code=%d, but STA not authenticated\n",
1782  dev->name, hdr->addr2, reason_code);
1783  }
1784 }
1785 
1786 
1787 /* Called only as a scheduled task for pending AP frames. */
1788 static void ap_handle_data_nullfunc(local_info_t *local,
1789  struct ieee80211_hdr *hdr)
1790 {
1791  struct net_device *dev = local->dev;
1792 
1793  /* some STA f/w's seem to require control::ACK frame for
1794  * data::nullfunc, but at least Prism2 station f/w version 0.8.0 does
1795  * not send this..
1796  * send control::ACK for the data::nullfunc */
1797 
1798  printk(KERN_DEBUG "Sending control::ACK for data::nullfunc\n");
1799  prism2_send_mgmt(dev, IEEE80211_FTYPE_CTL | IEEE80211_STYPE_ACK,
1800  NULL, 0, hdr->addr2, 0);
1801 }
1802 
1803 
1804 /* Called only as a scheduled task for pending AP frames. */
1805 static void ap_handle_dropped_data(local_info_t *local,
1806  struct ieee80211_hdr *hdr)
1807 {
1808  struct net_device *dev = local->dev;
1809  struct sta_info *sta;
1810  __le16 reason;
1811 
1812  spin_lock_bh(&local->ap->sta_table_lock);
1813  sta = ap_get_sta(local->ap, hdr->addr2);
1814  if (sta)
1815  atomic_inc(&sta->users);
1816  spin_unlock_bh(&local->ap->sta_table_lock);
1817 
1818  if (sta != NULL && (sta->flags & WLAN_STA_ASSOC)) {
1819  PDEBUG(DEBUG_AP, "ap_handle_dropped_data: STA is now okay?\n");
1820  atomic_dec(&sta->users);
1821  return;
1822  }
1823 
1824  reason = cpu_to_le16(WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
1825  prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT |
1826  ((sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) ?
1827  IEEE80211_STYPE_DEAUTH : IEEE80211_STYPE_DISASSOC),
1828  (char *) &reason, sizeof(reason), hdr->addr2, 0);
1829 
1830  if (sta)
1831  atomic_dec(&sta->users);
1832 }
1833 
1834 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
1835 
1836 
1837 /* Called only as a scheduled task for pending AP frames. */
1838 static void pspoll_send_buffered(local_info_t *local, struct sta_info *sta,
1839  struct sk_buff *skb)
1840 {
1841  struct hostap_skb_tx_data *meta;
1842 
1843  if (!(sta->flags & WLAN_STA_PS)) {
1844  /* Station has moved to non-PS mode, so send all buffered
1845  * frames using normal device queue. */
1846  dev_queue_xmit(skb);
1847  return;
1848  }
1849 
1850  /* add a flag for hostap_handle_sta_tx() to know that this skb should
1851  * be passed through even though STA is using PS */
1852  meta = (struct hostap_skb_tx_data *) skb->cb;
1853  meta->flags |= HOSTAP_TX_FLAGS_BUFFERED_FRAME;
1854  if (!skb_queue_empty(&sta->tx_buf)) {
1855  /* indicate to STA that more frames follow */
1856  meta->flags |= HOSTAP_TX_FLAGS_ADD_MOREDATA;
1857  }
1858  dev_queue_xmit(skb);
1859 }
1860 
1861 
1862 /* Called only as a scheduled task for pending AP frames. */
1863 static void handle_pspoll(local_info_t *local,
1864  struct ieee80211_hdr *hdr,
1865  struct hostap_80211_rx_status *rx_stats)
1866 {
1867  struct net_device *dev = local->dev;
1868  struct sta_info *sta;
1869  u16 aid;
1870  struct sk_buff *skb;
1871 
1872  PDEBUG(DEBUG_PS2, "handle_pspoll: BSSID=%pM, TA=%pM PWRMGT=%d\n",
1873  hdr->addr1, hdr->addr2, !!ieee80211_has_pm(hdr->frame_control));
1874 
1875  if (memcmp(hdr->addr1, dev->dev_addr, ETH_ALEN)) {
1876  PDEBUG(DEBUG_AP,
1877  "handle_pspoll - addr1(BSSID)=%pM not own MAC\n",
1878  hdr->addr1);
1879  return;
1880  }
1881 
1882  aid = le16_to_cpu(hdr->duration_id);
1883  if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14))) {
1884  PDEBUG(DEBUG_PS, " PSPOLL and AID[15:14] not set\n");
1885  return;
1886  }
1887  aid &= ~(BIT(15) | BIT(14));
1888  if (aid == 0 || aid > MAX_AID_TABLE_SIZE) {
1889  PDEBUG(DEBUG_PS, " invalid aid=%d\n", aid);
1890  return;
1891  }
1892  PDEBUG(DEBUG_PS2, " aid=%d\n", aid);
1893 
1894  spin_lock_bh(&local->ap->sta_table_lock);
1895  sta = ap_get_sta(local->ap, hdr->addr2);
1896  if (sta)
1897  atomic_inc(&sta->users);
1898  spin_unlock_bh(&local->ap->sta_table_lock);
1899 
1900  if (sta == NULL) {
1901  PDEBUG(DEBUG_PS, " STA not found\n");
1902  return;
1903  }
1904  if (sta->aid != aid) {
1905  PDEBUG(DEBUG_PS, " received aid=%i does not match with "
1906  "assoc.aid=%d\n", aid, sta->aid);
1907  return;
1908  }
1909 
1910  /* FIX: todo:
1911  * - add timeout for buffering (clear aid in TIM vector if buffer timed
1912  * out (expiry time must be longer than ListenInterval for
1913  * the corresponding STA; "8802-11: 11.2.1.9 AP aging function"
1914  * - what to do, if buffered, pspolled, and sent frame is not ACKed by
1915  * sta; store buffer for later use and leave TIM aid bit set? use
1916  * TX event to check whether frame was ACKed?
1917  */
1918 
1919  while ((skb = skb_dequeue(&sta->tx_buf)) != NULL) {
1920  /* send buffered frame .. */
1921  PDEBUG(DEBUG_PS2, "Sending buffered frame to STA after PS POLL"
1922  " (buffer_count=%d)\n", skb_queue_len(&sta->tx_buf));
1923 
1924  pspoll_send_buffered(local, sta, skb);
1925 
1926  if (sta->flags & WLAN_STA_PS) {
1927  /* send only one buffered packet per PS Poll */
1928  /* FIX: should ignore further PS Polls until the
1929  * buffered packet that was just sent is acknowledged
1930  * (Tx or TxExc event) */
1931  break;
1932  }
1933  }
1934 
1935  if (skb_queue_empty(&sta->tx_buf)) {
1936  /* try to clear aid from TIM */
1937  if (!(sta->flags & WLAN_STA_TIM))
1938  PDEBUG(DEBUG_PS2, "Re-unsetting TIM for aid %d\n",
1939  aid);
1940  hostap_set_tim(local, aid, 0);
1941  sta->flags &= ~WLAN_STA_TIM;
1942  }
1943 
1944  atomic_dec(&sta->users);
1945 }
1946 
1947 
1948 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
1949 
1950 static void handle_wds_oper_queue(struct work_struct *work)
1951 {
1952  struct ap_data *ap = container_of(work, struct ap_data,
1953  wds_oper_queue);
1954  local_info_t *local = ap->local;
1955  struct wds_oper_data *entry, *prev;
1956 
1957  spin_lock_bh(&local->lock);
1958  entry = local->ap->wds_oper_entries;
1959  local->ap->wds_oper_entries = NULL;
1960  spin_unlock_bh(&local->lock);
1961 
1962  while (entry) {
1963  PDEBUG(DEBUG_AP, "%s: %s automatic WDS connection "
1964  "to AP %pM\n",
1965  local->dev->name,
1966  entry->type == WDS_ADD ? "adding" : "removing",
1967  entry->addr);
1968  if (entry->type == WDS_ADD)
1969  prism2_wds_add(local, entry->addr, 0);
1970  else if (entry->type == WDS_DEL)
1971  prism2_wds_del(local, entry->addr, 0, 1);
1972 
1973  prev = entry;
1974  entry = entry->next;
1975  kfree(prev);
1976  }
1977 }
1978 
1979 
1980 /* Called only as a scheduled task for pending AP frames. */
1981 static void handle_beacon(local_info_t *local, struct sk_buff *skb,
1982  struct hostap_80211_rx_status *rx_stats)
1983 {
1984  struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
1985  char *body = skb->data + IEEE80211_MGMT_HDR_LEN;
1986  int len, left;
1987  u16 beacon_int, capability;
1988  __le16 *pos;
1989  char *ssid = NULL;
1990  unsigned char *supp_rates = NULL;
1991  int ssid_len = 0, supp_rates_len = 0;
1992  struct sta_info *sta = NULL;
1993  int new_sta = 0, channel = -1;
1994 
1995  len = skb->len - IEEE80211_MGMT_HDR_LEN;
1996 
1997  if (len < 8 + 2 + 2) {
1998  printk(KERN_DEBUG "handle_beacon - too short payload "
1999  "(len=%d)\n", len);
2000  return;
2001  }
2002 
2003  pos = (__le16 *) body;
2004  left = len;
2005 
2006  /* Timestamp (8 octets) */
2007  pos += 4; left -= 8;
2008  /* Beacon interval (2 octets) */
2009  beacon_int = le16_to_cpu(*pos);
2010  pos++; left -= 2;
2011  /* Capability information (2 octets) */
2012  capability = le16_to_cpu(*pos);
2013  pos++; left -= 2;
2014 
2015  if (local->ap->ap_policy != AP_OTHER_AP_EVEN_IBSS &&
2016  capability & WLAN_CAPABILITY_IBSS)
2017  return;
2018 
2019  if (left >= 2) {
2020  unsigned int ileft;
2021  unsigned char *u = (unsigned char *) pos;
2022 
2023  if (*u == WLAN_EID_SSID) {
2024  u++; left--;
2025  ileft = *u;
2026  u++; left--;
2027 
2028  if (ileft > left || ileft > MAX_SSID_LEN) {
2029  PDEBUG(DEBUG_AP, "SSID: overflow\n");
2030  return;
2031  }
2032 
2033  if (local->ap->ap_policy == AP_OTHER_AP_SAME_SSID &&
2034  (ileft != strlen(local->essid) ||
2035  memcmp(local->essid, u, ileft) != 0)) {
2036  /* not our SSID */
2037  return;
2038  }
2039 
2040  ssid = u;
2041  ssid_len = ileft;
2042 
2043  u += ileft;
2044  left -= ileft;
2045  }
2046 
2047  if (*u == WLAN_EID_SUPP_RATES) {
2048  u++; left--;
2049  ileft = *u;
2050  u++; left--;
2051 
2052  if (ileft > left || ileft == 0 || ileft > 8) {
2053  PDEBUG(DEBUG_AP, " - SUPP_RATES len error\n");
2054  return;
2055  }
2056 
2057  supp_rates = u;
2058  supp_rates_len = ileft;
2059 
2060  u += ileft;
2061  left -= ileft;
2062  }
2063 
2064  if (*u == WLAN_EID_DS_PARAMS) {
2065  u++; left--;
2066  ileft = *u;
2067  u++; left--;
2068 
2069  if (ileft > left || ileft != 1) {
2070  PDEBUG(DEBUG_AP, " - DS_PARAMS len error\n");
2071  return;
2072  }
2073 
2074  channel = *u;
2075 
2076  u += ileft;
2077  left -= ileft;
2078  }
2079  }
2080 
2081  spin_lock_bh(&local->ap->sta_table_lock);
2082  sta = ap_get_sta(local->ap, hdr->addr2);
2083  if (sta != NULL)
2084  atomic_inc(&sta->users);
2085  spin_unlock_bh(&local->ap->sta_table_lock);
2086 
2087  if (sta == NULL) {
2088  /* add new AP */
2089  new_sta = 1;
2090  sta = ap_add_sta(local->ap, hdr->addr2);
2091  if (sta == NULL) {
2092  printk(KERN_INFO "prism2: kmalloc failed for AP "
2093  "data structure\n");
2094  return;
2095  }
2096  hostap_event_new_sta(local->dev, sta);
2097 
2098  /* mark APs authentication and associated for pseudo ad-hoc
2099  * style communication */
2100  sta->flags = WLAN_STA_AUTH | WLAN_STA_ASSOC;
2101 
2102  if (local->ap->autom_ap_wds) {
2103  hostap_wds_link_oper(local, sta->addr, WDS_ADD);
2104  }
2105  }
2106 
2107  sta->ap = 1;
2108  if (ssid) {
2109  sta->u.ap.ssid_len = ssid_len;
2110  memcpy(sta->u.ap.ssid, ssid, ssid_len);
2111  sta->u.ap.ssid[ssid_len] = '\0';
2112  } else {
2113  sta->u.ap.ssid_len = 0;
2114  sta->u.ap.ssid[0] = '\0';
2115  }
2116  sta->u.ap.channel = channel;
2117  sta->rx_packets++;
2118  sta->rx_bytes += len;
2119  sta->u.ap.last_beacon = sta->last_rx = jiffies;
2120  sta->capability = capability;
2121  sta->listen_interval = beacon_int;
2122 
2123  atomic_dec(&sta->users);
2124 
2125  if (new_sta) {
2126  memset(sta->supported_rates, 0, sizeof(sta->supported_rates));
2127  memcpy(sta->supported_rates, supp_rates, supp_rates_len);
2128  prism2_check_tx_rates(sta);
2129  }
2130 }
2131 
2132 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
2133 
2134 
2135 /* Called only as a tasklet. */
2136 static void handle_ap_item(local_info_t *local, struct sk_buff *skb,
2137  struct hostap_80211_rx_status *rx_stats)
2138 {
2139 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
2140  struct net_device *dev = local->dev;
2141 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
2142  u16 fc, type, stype;
2143  struct ieee80211_hdr *hdr;
2144 
2145  /* FIX: should give skb->len to handler functions and check that the
2146  * buffer is long enough */
2147  hdr = (struct ieee80211_hdr *) skb->data;
2148  fc = le16_to_cpu(hdr->frame_control);
2149  type = fc & IEEE80211_FCTL_FTYPE;
2150  stype = fc & IEEE80211_FCTL_STYPE;
2151 
2152 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
2153  if (!local->hostapd && type == IEEE80211_FTYPE_DATA) {
2154  PDEBUG(DEBUG_AP, "handle_ap_item - data frame\n");
2155 
2156  if (!(fc & IEEE80211_FCTL_TODS) ||
2157  (fc & IEEE80211_FCTL_FROMDS)) {
2158  if (stype == IEEE80211_STYPE_NULLFUNC) {
2159  /* no ToDS nullfunc seems to be used to check
2160  * AP association; so send reject message to
2161  * speed up re-association */
2162  ap_handle_dropped_data(local, hdr);
2163  goto done;
2164  }
2165  PDEBUG(DEBUG_AP, " not ToDS frame (fc=0x%04x)\n",
2166  fc);
2167  goto done;
2168  }
2169 
2170  if (memcmp(hdr->addr1, dev->dev_addr, ETH_ALEN)) {
2171  PDEBUG(DEBUG_AP, "handle_ap_item - addr1(BSSID)=%pM"
2172  " not own MAC\n", hdr->addr1);
2173  goto done;
2174  }
2175 
2176  if (local->ap->nullfunc_ack &&
2177  stype == IEEE80211_STYPE_NULLFUNC)
2178  ap_handle_data_nullfunc(local, hdr);
2179  else
2180  ap_handle_dropped_data(local, hdr);
2181  goto done;
2182  }
2183 
2184  if (type == IEEE80211_FTYPE_MGMT && stype == IEEE80211_STYPE_BEACON) {
2185  handle_beacon(local, skb, rx_stats);
2186  goto done;
2187  }
2188 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
2189 
2190  if (type == IEEE80211_FTYPE_CTL && stype == IEEE80211_STYPE_PSPOLL) {
2191  handle_pspoll(local, hdr, rx_stats);
2192  goto done;
2193  }
2194 
2195  if (local->hostapd) {
2196  PDEBUG(DEBUG_AP, "Unknown frame in AP queue: type=0x%02x "
2197  "subtype=0x%02x\n", type, stype);
2198  goto done;
2199  }
2200 
2201 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
2202  if (type != IEEE80211_FTYPE_MGMT) {
2203  PDEBUG(DEBUG_AP, "handle_ap_item - not a management frame?\n");
2204  goto done;
2205  }
2206 
2207  if (memcmp(hdr->addr1, dev->dev_addr, ETH_ALEN)) {
2208  PDEBUG(DEBUG_AP, "handle_ap_item - addr1(DA)=%pM"
2209  " not own MAC\n", hdr->addr1);
2210  goto done;
2211  }
2212 
2213  if (memcmp(hdr->addr3, dev->dev_addr, ETH_ALEN)) {
2214  PDEBUG(DEBUG_AP, "handle_ap_item - addr3(BSSID)=%pM"
2215  " not own MAC\n", hdr->addr3);
2216  goto done;
2217  }
2218 
2219  switch (stype) {
2220  case IEEE80211_STYPE_ASSOC_REQ:
2221  handle_assoc(local, skb, rx_stats, 0);
2222  break;
2223  case IEEE80211_STYPE_ASSOC_RESP:
2224  PDEBUG(DEBUG_AP, "==> ASSOC RESP (ignored)\n");
2225  break;
2226  case IEEE80211_STYPE_REASSOC_REQ:
2227  handle_assoc(local, skb, rx_stats, 1);
2228  break;
2229  case IEEE80211_STYPE_REASSOC_RESP:
2230  PDEBUG(DEBUG_AP, "==> REASSOC RESP (ignored)\n");
2231  break;
2232  case IEEE80211_STYPE_ATIM:
2233  PDEBUG(DEBUG_AP, "==> ATIM (ignored)\n");
2234  break;
2235  case IEEE80211_STYPE_DISASSOC:
2236  handle_disassoc(local, skb, rx_stats);
2237  break;
2238  case IEEE80211_STYPE_AUTH:
2239  handle_authen(local, skb, rx_stats);
2240  break;
2241  case IEEE80211_STYPE_DEAUTH:
2242  handle_deauth(local, skb, rx_stats);
2243  break;
2244  default:
2245  PDEBUG(DEBUG_AP, "Unknown mgmt frame subtype 0x%02x\n",
2246  stype >> 4);
2247  break;
2248  }
2249 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
2250 
2251  done:
2252  dev_kfree_skb(skb);
2253 }
2254 
2255 
2256 /* Called only as a tasklet (software IRQ) */
2257 void hostap_rx(struct net_device *dev, struct sk_buff *skb,
2258  struct hostap_80211_rx_status *rx_stats)
2259 {
2260  struct hostap_interface *iface;
2261  local_info_t *local;
2262  struct ieee80211_hdr *hdr;
2263 
2264  iface = netdev_priv(dev);
2265  local = iface->local;
2266 
2267  if (skb->len < 16)
2268  goto drop;
2269 
2270  dev->stats.rx_packets++;
2271 
2272  hdr = (struct ieee80211_hdr *) skb->data;
2273 
2274  if (local->ap->ap_policy == AP_OTHER_AP_SKIP_ALL &&
2275  ieee80211_is_beacon(hdr->frame_control))
2276  goto drop;
2277 
2278  skb->protocol = cpu_to_be16(ETH_P_HOSTAP);
2279  handle_ap_item(local, skb, rx_stats);
2280  return;
2281 
2282  drop:
2283  dev_kfree_skb(skb);
2284 }
2285 
2286 
2287 /* Called only as a tasklet (software IRQ) */
2288 static void schedule_packet_send(local_info_t *local, struct sta_info *sta)
2289 {
2290  struct sk_buff *skb;
2291  struct ieee80211_hdr *hdr;
2292  struct hostap_80211_rx_status rx_stats;
2293 
2294  if (skb_queue_empty(&sta->tx_buf))
2295  return;
2296 
2297  skb = dev_alloc_skb(16);
2298  if (skb == NULL) {
2299  printk(KERN_DEBUG "%s: schedule_packet_send: skb alloc "
2300  "failed\n", local->dev->name);
2301  return;
2302  }
2303 
2304  hdr = (struct ieee80211_hdr *) skb_put(skb, 16);
2305 
2306  /* Generate a fake pspoll frame to start packet delivery */
2307  hdr->frame_control = cpu_to_le16(
2308  IEEE80211_FTYPE_CTL | IEEE80211_STYPE_PSPOLL);
2309  memcpy(hdr->addr1, local->dev->dev_addr, ETH_ALEN);
2310  memcpy(hdr->addr2, sta->addr, ETH_ALEN);
2311  hdr->duration_id = cpu_to_le16(sta->aid | BIT(15) | BIT(14));
2312 
2313  PDEBUG(DEBUG_PS2,
2314  "%s: Scheduling buffered packet delivery for STA %pM\n",
2315  local->dev->name, sta->addr);
2316 
2317  skb->dev = local->dev;
2318 
2319  memset(&rx_stats, 0, sizeof(rx_stats));
2320  hostap_rx(local->dev, skb, &rx_stats);
2321 }
2322 
2323 
2324 int prism2_ap_get_sta_qual(local_info_t *local, struct sockaddr addr[],
2325  struct iw_quality qual[], int buf_size,
2326  int aplist)
2327 {
2328  struct ap_data *ap = local->ap;
2329  struct list_head *ptr;
2330  int count = 0;
2331 
2332  spin_lock_bh(&ap->sta_table_lock);
2333 
2334  for (ptr = ap->sta_list.next; ptr != NULL && ptr != &ap->sta_list;
2335  ptr = ptr->next) {
2336  struct sta_info *sta = (struct sta_info *) ptr;
2337 
2338  if (aplist && !sta->ap)
2339  continue;
2340  addr[count].sa_family = ARPHRD_ETHER;
2341  memcpy(addr[count].sa_data, sta->addr, ETH_ALEN);
2342  if (sta->last_rx_silence == 0)
2343  qual[count].qual = sta->last_rx_signal < 27 ?
2344  0 : (sta->last_rx_signal - 27) * 92 / 127;
2345  else
2346  qual[count].qual = sta->last_rx_signal -
2347  sta->last_rx_silence - 35;
2348  qual[count].level = HFA384X_LEVEL_TO_dBm(sta->last_rx_signal);
2349  qual[count].noise = HFA384X_LEVEL_TO_dBm(sta->last_rx_silence);
2350  qual[count].updated = sta->last_rx_updated;
2351 
2352  sta->last_rx_updated = IW_QUAL_DBM;
2353 
2354  count++;
2355  if (count >= buf_size)
2356  break;
2357  }
2358  spin_unlock_bh(&ap->sta_table_lock);
2359 
2360  return count;
2361 }
2362 
2363 
2364 /* Translate our list of Access Points & Stations to a card independent
2365  * format that the Wireless Tools will understand - Jean II */
2366 int prism2_ap_translate_scan(struct net_device *dev,
2367  struct iw_request_info *info, char *buffer)
2368 {
2369  struct hostap_interface *iface;
2370  local_info_t *local;
2371  struct ap_data *ap;
2372  struct list_head *ptr;
2373  struct iw_event iwe;
2374  char *current_ev = buffer;
2375  char *end_buf = buffer + IW_SCAN_MAX_DATA;
2376 #if !defined(PRISM2_NO_KERNEL_IEEE80211_MGMT)
2377  char buf[64];
2378 #endif
2379 
2380  iface = netdev_priv(dev);
2381  local = iface->local;
2382  ap = local->ap;
2383 
2384  spin_lock_bh(&ap->sta_table_lock);
2385 
2386  for (ptr = ap->sta_list.next; ptr != NULL && ptr != &ap->sta_list;
2387  ptr = ptr->next) {
2388  struct sta_info *sta = (struct sta_info *) ptr;
2389 
2390  /* First entry *MUST* be the AP MAC address */
2391  memset(&iwe, 0, sizeof(iwe));
2392  iwe.cmd = SIOCGIWAP;
2393  iwe.u.ap_addr.sa_family = ARPHRD_ETHER;
2394  memcpy(iwe.u.ap_addr.sa_data, sta->addr, ETH_ALEN);
2395  iwe.len = IW_EV_ADDR_LEN;
2396  current_ev = iwe_stream_add_event(info, current_ev, end_buf,
2397  &iwe, IW_EV_ADDR_LEN);
2398 
2399  /* Use the mode to indicate if it's a station or
2400  * an Access Point */
2401  memset(&iwe, 0, sizeof(iwe));
2402  iwe.cmd = SIOCGIWMODE;
2403  if (sta->ap)
2404  iwe.u.mode = IW_MODE_MASTER;
2405  else
2406  iwe.u.mode = IW_MODE_INFRA;
2407  iwe.len = IW_EV_UINT_LEN;
2408  current_ev = iwe_stream_add_event(info, current_ev, end_buf,
2409  &iwe, IW_EV_UINT_LEN);
2410 
2411  /* Some quality */
2412  memset(&iwe, 0, sizeof(iwe));
2413  iwe.cmd = IWEVQUAL;
2414  if (sta->last_rx_silence == 0)
2415  iwe.u.qual.qual = sta->last_rx_signal < 27 ?
2416  0 : (sta->last_rx_signal - 27) * 92 / 127;
2417  else
2418  iwe.u.qual.qual = sta->last_rx_signal -
2419  sta->last_rx_silence - 35;
2420  iwe.u.qual.level = HFA384X_LEVEL_TO_dBm(sta->last_rx_signal);
2421  iwe.u.qual.noise = HFA384X_LEVEL_TO_dBm(sta->last_rx_silence);
2422  iwe.u.qual.updated = sta->last_rx_updated;
2423  iwe.len = IW_EV_QUAL_LEN;
2424  current_ev = iwe_stream_add_event(info, current_ev, end_buf,
2425  &iwe, IW_EV_QUAL_LEN);
2426 
2427 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
2428  if (sta->ap) {
2429  memset(&iwe, 0, sizeof(iwe));
2430  iwe.cmd = SIOCGIWESSID;
2431  iwe.u.data.length = sta->u.ap.ssid_len;
2432  iwe.u.data.flags = 1;
2433  current_ev = iwe_stream_add_point(info, current_ev,
2434  end_buf, &iwe,
2435  sta->u.ap.ssid);
2436 
2437  memset(&iwe, 0, sizeof(iwe));
2438  iwe.cmd = SIOCGIWENCODE;
2439  if (sta->capability & WLAN_CAPABILITY_PRIVACY)
2440  iwe.u.data.flags =
2441  IW_ENCODE_ENABLED | IW_ENCODE_NOKEY;
2442  else
2443  iwe.u.data.flags = IW_ENCODE_DISABLED;
2444  current_ev = iwe_stream_add_point(info, current_ev,
2445  end_buf, &iwe,
2446  sta->u.ap.ssid);
2447 
2448  if (sta->u.ap.channel > 0 &&
2449  sta->u.ap.channel <= FREQ_COUNT) {
2450  memset(&iwe, 0, sizeof(iwe));
2451  iwe.cmd = SIOCGIWFREQ;
2452  iwe.u.freq.m = freq_list[sta->u.ap.channel - 1]
2453  * 100000;
2454  iwe.u.freq.e = 1;
2455  current_ev = iwe_stream_add_event(
2456  info, current_ev, end_buf, &iwe,
2457  IW_EV_FREQ_LEN);
2458  }
2459 
2460  memset(&iwe, 0, sizeof(iwe));
2461  iwe.cmd = IWEVCUSTOM;
2462  sprintf(buf, "beacon_interval=%d",
2463  sta->listen_interval);
2464  iwe.u.data.length = strlen(buf);
2465  current_ev = iwe_stream_add_point(info, current_ev,
2466  end_buf, &iwe, buf);
2467  }
2468 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
2469 
2470  sta->last_rx_updated = IW_QUAL_DBM;
2471 
2472  /* To be continued, we should make good use of IWEVCUSTOM */
2473  }
2474 
2475  spin_unlock_bh(&ap->sta_table_lock);
2476 
2477  return current_ev - buffer;
2478 }
2479 
2480 
2481 static int prism2_hostapd_add_sta(struct ap_data *ap,
2482  struct prism2_hostapd_param *param)
2483 {
2484  struct sta_info *sta;
2485 
2486  spin_lock_bh(&ap->sta_table_lock);
2487  sta = ap_get_sta(ap, param->sta_addr);
2488  if (sta)
2489  atomic_inc(&sta->users);
2490  spin_unlock_bh(&ap->sta_table_lock);
2491 
2492  if (sta == NULL) {
2493  sta = ap_add_sta(ap, param->sta_addr);
2494  if (sta == NULL)
2495  return -1;
2496  }
2497 
2498  if (!(sta->flags & WLAN_STA_ASSOC) && !sta->ap && sta->local)
2499  hostap_event_new_sta(sta->local->dev, sta);
2500 
2501  sta->flags |= WLAN_STA_AUTH | WLAN_STA_ASSOC;
2502  sta->last_rx = jiffies;
2503  sta->aid = param->u.add_sta.aid;
2504  sta->capability = param->u.add_sta.capability;
2505  sta->tx_supp_rates = param->u.add_sta.tx_supp_rates;
2506  if (sta->tx_supp_rates & WLAN_RATE_1M)
2507  sta->supported_rates[0] = 2;
2508  if (sta->tx_supp_rates & WLAN_RATE_2M)
2509  sta->supported_rates[1] = 4;
2510  if (sta->tx_supp_rates & WLAN_RATE_5M5)
2511  sta->supported_rates[2] = 11;
2512  if (sta->tx_supp_rates & WLAN_RATE_11M)
2513  sta->supported_rates[3] = 22;
2514  prism2_check_tx_rates(sta);
2515  atomic_dec(&sta->users);
2516  return 0;
2517 }
2518 
2519 
2520 static int prism2_hostapd_remove_sta(struct ap_data *ap,
2521  struct prism2_hostapd_param *param)
2522 {
2523  struct sta_info *sta;
2524 
2525  spin_lock_bh(&ap->sta_table_lock);
2526  sta = ap_get_sta(ap, param->sta_addr);
2527  if (sta) {
2528  ap_sta_hash_del(ap, sta);
2529  list_del(&sta->list);
2530  }
2531  spin_unlock_bh(&ap->sta_table_lock);
2532 
2533  if (!sta)
2534  return -ENOENT;
2535 
2536  if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap && sta->local)
2537  hostap_event_expired_sta(sta->local->dev, sta);
2538  ap_free_sta(ap, sta);
2539 
2540  return 0;
2541 }
2542 
2543 
2544 static int prism2_hostapd_get_info_sta(struct ap_data *ap,
2545  struct prism2_hostapd_param *param)
2546 {
2547  struct sta_info *sta;
2548 
2549  spin_lock_bh(&ap->sta_table_lock);
2550  sta = ap_get_sta(ap, param->sta_addr);
2551  if (sta)
2552  atomic_inc(&sta->users);
2553  spin_unlock_bh(&ap->sta_table_lock);
2554 
2555  if (!sta)
2556  return -ENOENT;
2557 
2558  param->u.get_info_sta.inactive_sec = (jiffies - sta->last_rx) / HZ;
2559 
2560  atomic_dec(&sta->users);
2561 
2562  return 1;
2563 }
2564 
2565 
2566 static int prism2_hostapd_set_flags_sta(struct ap_data *ap,
2567  struct prism2_hostapd_param *param)
2568 {
2569  struct sta_info *sta;
2570 
2571  spin_lock_bh(&ap->sta_table_lock);
2572  sta = ap_get_sta(ap, param->sta_addr);
2573  if (sta) {
2574  sta->flags |= param->u.set_flags_sta.flags_or;
2575  sta->flags &= param->u.set_flags_sta.flags_and;
2576  }
2577  spin_unlock_bh(&ap->sta_table_lock);
2578 
2579  if (!sta)
2580  return -ENOENT;
2581 
2582  return 0;
2583 }
2584 
2585 
2586 static int prism2_hostapd_sta_clear_stats(struct ap_data *ap,
2587  struct prism2_hostapd_param *param)
2588 {
2589  struct sta_info *sta;
2590  int rate;
2591 
2592  spin_lock_bh(&ap->sta_table_lock);
2593  sta = ap_get_sta(ap, param->sta_addr);
2594  if (sta) {
2595  sta->rx_packets = sta->tx_packets = 0;
2596  sta->rx_bytes = sta->tx_bytes = 0;
2597  for (rate = 0; rate < WLAN_RATE_COUNT; rate++) {
2598  sta->tx_count[rate] = 0;
2599  sta->rx_count[rate] = 0;
2600  }
2601  }
2602  spin_unlock_bh(&ap->sta_table_lock);
2603 
2604  if (!sta)
2605  return -ENOENT;
2606 
2607  return 0;
2608 }
2609 
2610 
2611 int prism2_hostapd(struct ap_data *ap, struct prism2_hostapd_param *param)
2612 {
2613  switch (param->cmd) {
2614  case PRISM2_HOSTAPD_FLUSH:
2615  ap_control_kickall(ap);
2616  return 0;
2617  case PRISM2_HOSTAPD_ADD_STA:
2618  return prism2_hostapd_add_sta(ap, param);
2619  case PRISM2_HOSTAPD_REMOVE_STA:
2620  return prism2_hostapd_remove_sta(ap, param);
2621  case PRISM2_HOSTAPD_GET_INFO_STA:
2622  return prism2_hostapd_get_info_sta(ap, param);
2623  case PRISM2_HOSTAPD_SET_FLAGS_STA:
2624  return prism2_hostapd_set_flags_sta(ap, param);
2625  case PRISM2_HOSTAPD_STA_CLEAR_STATS:
2626  return prism2_hostapd_sta_clear_stats(ap, param);
2627  default:
2628  printk(KERN_WARNING "prism2_hostapd: unknown cmd=%d\n",
2629  param->cmd);
2630  return -EOPNOTSUPP;
2631  }
2632 }
2633 
2634 
2635 /* Update station info for host-based TX rate control and return current
2636  * TX rate */
2637 static int ap_update_sta_tx_rate(struct sta_info *sta, struct net_device *dev)
2638 {
2639  int ret = sta->tx_rate;
2640  struct hostap_interface *iface;
2641  local_info_t *local;
2642 
2643  iface = netdev_priv(dev);
2644  local = iface->local;
2645 
2646  sta->tx_count[sta->tx_rate_idx]++;
2647  sta->tx_since_last_failure++;
2648  sta->tx_consecutive_exc = 0;
2649  if (sta->tx_since_last_failure >= WLAN_RATE_UPDATE_COUNT &&
2650  sta->tx_rate_idx < sta->tx_max_rate) {
2651  /* use next higher rate */
2652  int old_rate, new_rate;
2653  old_rate = new_rate = sta->tx_rate_idx;
2654  while (new_rate < sta->tx_max_rate) {
2655  new_rate++;
2656  if (ap_tx_rate_ok(new_rate, sta, local)) {
2657  sta->tx_rate_idx = new_rate;
2658  break;
2659  }
2660  }
2661  if (old_rate != sta->tx_rate_idx) {
2662  switch (sta->tx_rate_idx) {
2663  case 0: sta->tx_rate = 10; break;
2664  case 1: sta->tx_rate = 20; break;
2665  case 2: sta->tx_rate = 55; break;
2666  case 3: sta->tx_rate = 110; break;
2667  default: sta->tx_rate = 0; break;
2668  }
2669  PDEBUG(DEBUG_AP, "%s: STA %pM TX rate raised to %d\n",
2670  dev->name, sta->addr, sta->tx_rate);
2671  }
2672  sta->tx_since_last_failure = 0;
2673  }
2674 
2675  return ret;
2676 }
2677 
2678 
2679 /* Called only from software IRQ. Called for each TX frame prior possible
2680  * encryption and transmit. */
2681 ap_tx_ret hostap_handle_sta_tx(local_info_t *local, struct hostap_tx_data *tx)
2682 {
2683  struct sta_info *sta = NULL;
2684  struct sk_buff *skb = tx->skb;
2685  int set_tim, ret;
2686  struct ieee80211_hdr *hdr;
2687  struct hostap_skb_tx_data *meta;
2688 
2689  meta = (struct hostap_skb_tx_data *) skb->cb;
2690  ret = AP_TX_CONTINUE;
2691  if (local->ap == NULL || skb->len < 10 ||
2692  meta->iface->type == HOSTAP_INTERFACE_STA)
2693  goto out;
2694 
2695  hdr = (struct ieee80211_hdr *) skb->data;
2696 
2697  if (hdr->addr1[0] & 0x01) {
2698  /* broadcast/multicast frame - no AP related processing */
2699  if (local->ap->num_sta <= 0)
2700  ret = AP_TX_DROP;
2701  goto out;
2702  }
2703 
2704  /* unicast packet - check whether destination STA is associated */
2705  spin_lock(&local->ap->sta_table_lock);
2706  sta = ap_get_sta(local->ap, hdr->addr1);
2707  if (sta)
2708  atomic_inc(&sta->users);
2709  spin_unlock(&local->ap->sta_table_lock);
2710 
2711  if (local->iw_mode == IW_MODE_MASTER && sta == NULL &&
2712  !(meta->flags & HOSTAP_TX_FLAGS_WDS) &&
2713  meta->iface->type != HOSTAP_INTERFACE_MASTER &&
2714  meta->iface->type != HOSTAP_INTERFACE_AP) {
2715 #if 0
2716  /* This can happen, e.g., when wlan0 is added to a bridge and
2717  * bridging code does not know which port is the correct target
2718  * for a unicast frame. In this case, the packet is send to all
2719  * ports of the bridge. Since this is a valid scenario, do not
2720  * print out any errors here. */
2721  if (net_ratelimit()) {
2722  printk(KERN_DEBUG "AP: drop packet to non-associated "
2723  "STA %pM\n", hdr->addr1);
2724  }
2725 #endif
2726  local->ap->tx_drop_nonassoc++;
2727  ret = AP_TX_DROP;
2728  goto out;
2729  }
2730 
2731  if (sta == NULL)
2732  goto out;
2733 
2734  if (!(sta->flags & WLAN_STA_AUTHORIZED))
2735  ret = AP_TX_CONTINUE_NOT_AUTHORIZED;
2736 
2737  /* Set tx_rate if using host-based TX rate control */
2738  if (!local->fw_tx_rate_control)
2739  local->ap->last_tx_rate = meta->rate =
2740  ap_update_sta_tx_rate(sta, local->dev);
2741 
2742  if (local->iw_mode != IW_MODE_MASTER)
2743  goto out;
2744 
2745  if (!(sta->flags & WLAN_STA_PS))
2746  goto out;
2747 
2748  if (meta->flags & HOSTAP_TX_FLAGS_ADD_MOREDATA) {
2749  /* indicate to STA that more frames follow */
2750  hdr->frame_control |=
2751  cpu_to_le16(IEEE80211_FCTL_MOREDATA);
2752  }
2753 
2754  if (meta->flags & HOSTAP_TX_FLAGS_BUFFERED_FRAME) {
2755  /* packet was already buffered and now send due to
2756  * PS poll, so do not rebuffer it */
2757  goto out;
2758  }
2759 
2760  if (skb_queue_len(&sta->tx_buf) >= STA_MAX_TX_BUFFER) {
2761  PDEBUG(DEBUG_PS, "%s: No more space in STA (%pM)'s"
2762  "PS mode buffer\n",
2763  local->dev->name, sta->addr);
2764  /* Make sure that TIM is set for the station (it might not be
2765  * after AP wlan hw reset). */
2766  /* FIX: should fix hw reset to restore bits based on STA
2767  * buffer state.. */
2768  hostap_set_tim(local, sta->aid, 1);
2769  sta->flags |= WLAN_STA_TIM;
2770  ret = AP_TX_DROP;
2771  goto out;
2772  }
2773 
2774  /* STA in PS mode, buffer frame for later delivery */
2775  set_tim = skb_queue_empty(&sta->tx_buf);
2776  skb_queue_tail(&sta->tx_buf, skb);
2777  /* FIX: could save RX time to skb and expire buffered frames after
2778  * some time if STA does not poll for them */
2779 
2780  if (set_tim) {
2781  if (sta->flags & WLAN_STA_TIM)
2782  PDEBUG(DEBUG_PS2, "Re-setting TIM for aid %d\n",
2783  sta->aid);
2784  hostap_set_tim(local, sta->aid, 1);
2785  sta->flags |= WLAN_STA_TIM;
2786  }
2787 
2788  ret = AP_TX_BUFFERED;
2789 
2790  out:
2791  if (sta != NULL) {
2792  if (ret == AP_TX_CONTINUE ||
2793  ret == AP_TX_CONTINUE_NOT_AUTHORIZED) {
2794  sta->tx_packets++;
2795  sta->tx_bytes += skb->len;
2796  sta->last_tx = jiffies;
2797  }
2798 
2799  if ((ret == AP_TX_CONTINUE ||
2800  ret == AP_TX_CONTINUE_NOT_AUTHORIZED) &&
2801  sta->crypt && tx->host_encrypt) {
2802  tx->crypt = sta->crypt;
2803  tx->sta_ptr = sta; /* hostap_handle_sta_release() will
2804  * be called to release sta info
2805  * later */
2806  } else
2807  atomic_dec(&sta->users);
2808  }
2809 
2810  return ret;
2811 }
2812 
2813 
2814 void hostap_handle_sta_release(void *ptr)
2815 {
2816  struct sta_info *sta = ptr;
2817  atomic_dec(&sta->users);
2818 }
2819 
2820 
2821 /* Called only as a tasklet (software IRQ) */
2822 void hostap_handle_sta_tx_exc(local_info_t *local, struct sk_buff *skb)
2823 {
2824  struct sta_info *sta;
2825  struct ieee80211_hdr *hdr;
2826  struct hostap_skb_tx_data *meta;
2827 
2828  hdr = (struct ieee80211_hdr *) skb->data;
2829  meta = (struct hostap_skb_tx_data *) skb->cb;
2830 
2831  spin_lock(&local->ap->sta_table_lock);
2832  sta = ap_get_sta(local->ap, hdr->addr1);
2833  if (!sta) {
2834  spin_unlock(&local->ap->sta_table_lock);
2835  PDEBUG(DEBUG_AP, "%s: Could not find STA %pM"
2836  " for this TX error (@%lu)\n",
2837  local->dev->name, hdr->addr1, jiffies);
2838  return;
2839  }
2840 
2841  sta->tx_since_last_failure = 0;
2842  sta->tx_consecutive_exc++;
2843 
2844  if (sta->tx_consecutive_exc >= WLAN_RATE_DECREASE_THRESHOLD &&
2845  sta->tx_rate_idx > 0 && meta->rate <= sta->tx_rate) {
2846  /* use next lower rate */
2847  int old, rate;
2848  old = rate = sta->tx_rate_idx;
2849  while (rate > 0) {
2850  rate--;
2851  if (ap_tx_rate_ok(rate, sta, local)) {
2852  sta->tx_rate_idx = rate;
2853  break;
2854  }
2855  }
2856  if (old != sta->tx_rate_idx) {
2857  switch (sta->tx_rate_idx) {
2858  case 0: sta->tx_rate = 10; break;
2859  case 1: sta->tx_rate = 20; break;
2860  case 2: sta->tx_rate = 55; break;
2861  case 3: sta->tx_rate = 110; break;
2862  default: sta->tx_rate = 0; break;
2863  }
2864  PDEBUG(DEBUG_AP,
2865  "%s: STA %pM TX rate lowered to %d\n",
2866  local->dev->name, sta->addr, sta->tx_rate);
2867  }
2868  sta->tx_consecutive_exc = 0;
2869  }
2870  spin_unlock(&local->ap->sta_table_lock);
2871 }
2872 
2873 
2874 static void hostap_update_sta_ps2(local_info_t *local, struct sta_info *sta,
2875  int pwrmgt, int type, int stype)
2876 {
2877  if (pwrmgt && !(sta->flags & WLAN_STA_PS)) {
2878  sta->flags |= WLAN_STA_PS;
2879  PDEBUG(DEBUG_PS2, "STA %pM changed to use PS "
2880  "mode (type=0x%02X, stype=0x%02X)\n",
2881  sta->addr, type >> 2, stype >> 4);
2882  } else if (!pwrmgt && (sta->flags & WLAN_STA_PS)) {
2883  sta->flags &= ~WLAN_STA_PS;
2884  PDEBUG(DEBUG_PS2, "STA %pM changed to not use "
2885  "PS mode (type=0x%02X, stype=0x%02X)\n",
2886  sta->addr, type >> 2, stype >> 4);
2887  if (type != IEEE80211_FTYPE_CTL ||
2888  stype != IEEE80211_STYPE_PSPOLL)
2889  schedule_packet_send(local, sta);
2890  }
2891 }
2892 
2893 
2894 /* Called only as a tasklet (software IRQ). Called for each RX frame to update
2895  * STA power saving state. pwrmgt is a flag from 802.11 frame_control field. */
2896 int hostap_update_sta_ps(local_info_t *local, struct ieee80211_hdr *hdr)
2897 {
2898  struct sta_info *sta;
2899  u16 fc;
2900 
2901  spin_lock(&local->ap->sta_table_lock);
2902  sta = ap_get_sta(local->ap, hdr->addr2);
2903  if (sta)
2904  atomic_inc(&sta->users);
2905  spin_unlock(&local->ap->sta_table_lock);
2906 
2907  if (!sta)
2908  return -1;
2909 
2910  fc = le16_to_cpu(hdr->frame_control);
2911  hostap_update_sta_ps2(local, sta, fc & IEEE80211_FCTL_PM,
2912  fc & IEEE80211_FCTL_FTYPE,
2913  fc & IEEE80211_FCTL_STYPE);
2914 
2915  atomic_dec(&sta->users);
2916  return 0;
2917 }
2918 
2919 
2920 /* Called only as a tasklet (software IRQ). Called for each RX frame after
2921  * getting RX header and payload from hardware. */
2922 ap_rx_ret hostap_handle_sta_rx(local_info_t *local, struct net_device *dev,
2923  struct sk_buff *skb,
2924  struct hostap_80211_rx_status *rx_stats,
2925  int wds)
2926 {
2927  int ret;
2928  struct sta_info *sta;
2929  u16 fc, type, stype;
2930  struct ieee80211_hdr *hdr;
2931 
2932  if (local->ap == NULL)
2933  return AP_RX_CONTINUE;
2934 
2935  hdr = (struct ieee80211_hdr *) skb->data;
2936 
2937  fc = le16_to_cpu(hdr->frame_control);
2938  type = fc & IEEE80211_FCTL_FTYPE;
2939  stype = fc & IEEE80211_FCTL_STYPE;
2940 
2941  spin_lock(&local->ap->sta_table_lock);
2942  sta = ap_get_sta(local->ap, hdr->addr2);
2943  if (sta)
2944  atomic_inc(&sta->users);
2945  spin_unlock(&local->ap->sta_table_lock);
2946 
2947  if (sta && !(sta->flags & WLAN_STA_AUTHORIZED))
2948  ret = AP_RX_CONTINUE_NOT_AUTHORIZED;
2949  else
2950  ret = AP_RX_CONTINUE;
2951 
2952 
2953  if (fc & IEEE80211_FCTL_TODS) {
2954  if (!wds && (sta == NULL || !(sta->flags & WLAN_STA_ASSOC))) {
2955  if (local->hostapd) {
2956  prism2_rx_80211(local->apdev, skb, rx_stats,
2957  PRISM2_RX_NON_ASSOC);
2958 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
2959  } else {
2960  printk(KERN_DEBUG "%s: dropped received packet"
2961  " from non-associated STA %pM"
2962  " (type=0x%02x, subtype=0x%02x)\n",
2963  dev->name, hdr->addr2,
2964  type >> 2, stype >> 4);
2965  hostap_rx(dev, skb, rx_stats);
2966 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
2967  }
2968  ret = AP_RX_EXIT;
2969  goto out;
2970  }
2971  } else if (fc & IEEE80211_FCTL_FROMDS) {
2972  if (!wds) {
2973  /* FromDS frame - not for us; probably
2974  * broadcast/multicast in another BSS - drop */
2975  if (memcmp(hdr->addr1, dev->dev_addr, ETH_ALEN) == 0) {
2976  printk(KERN_DEBUG "Odd.. FromDS packet "
2977  "received with own BSSID\n");
2978  hostap_dump_rx_80211(dev->name, skb, rx_stats);
2979  }
2980  ret = AP_RX_DROP;
2981  goto out;
2982  }
2983  } else if (stype == IEEE80211_STYPE_NULLFUNC && sta == NULL &&
2984  memcmp(hdr->addr1, dev->dev_addr, ETH_ALEN) == 0) {
2985 
2986  if (local->hostapd) {
2987  prism2_rx_80211(local->apdev, skb, rx_stats,
2988  PRISM2_RX_NON_ASSOC);
2989 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
2990  } else {
2991  /* At least Lucent f/w seems to send data::nullfunc
2992  * frames with no ToDS flag when the current AP returns
2993  * after being unavailable for some time. Speed up
2994  * re-association by informing the station about it not
2995  * being associated. */
2996  printk(KERN_DEBUG "%s: rejected received nullfunc frame"
2997  " without ToDS from not associated STA %pM\n",
2998  dev->name, hdr->addr2);
2999  hostap_rx(dev, skb, rx_stats);
3000 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
3001  }
3002  ret = AP_RX_EXIT;
3003  goto out;
3004  } else if (stype == IEEE80211_STYPE_NULLFUNC) {
3005  /* At least Lucent cards seem to send periodic nullfunc
3006  * frames with ToDS. Let these through to update SQ
3007  * stats and PS state. Nullfunc frames do not contain
3008  * any data and they will be dropped below. */
3009  } else {
3010  /* If BSSID (Addr3) is foreign, this frame is a normal
3011  * broadcast frame from an IBSS network. Drop it silently.
3012  * If BSSID is own, report the dropping of this frame. */
3013  if (memcmp(hdr->addr3, dev->dev_addr, ETH_ALEN) == 0) {
3014  printk(KERN_DEBUG "%s: dropped received packet from %pM"
3015  " with no ToDS flag "
3016  "(type=0x%02x, subtype=0x%02x)\n", dev->name,
3017  hdr->addr2, type >> 2, stype >> 4);
3018  hostap_dump_rx_80211(dev->name, skb, rx_stats);
3019  }
3020  ret = AP_RX_DROP;
3021  goto out;
3022  }
3023 
3024  if (sta) {
3025  hostap_update_sta_ps2(local, sta, fc & IEEE80211_FCTL_PM,
3026  type, stype);
3027 
3028  sta->rx_packets++;
3029  sta->rx_bytes += skb->len;
3030  sta->last_rx = jiffies;
3031  }
3032 
3033  if (local->ap->nullfunc_ack && stype == IEEE80211_STYPE_NULLFUNC &&
3034  fc & IEEE80211_FCTL_TODS) {
3035  if (local->hostapd) {
3036  prism2_rx_80211(local->apdev, skb, rx_stats,
3037  PRISM2_RX_NULLFUNC_ACK);
3038 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
3039  } else {
3040  /* some STA f/w's seem to require control::ACK frame
3041  * for data::nullfunc, but Prism2 f/w 0.8.0 (at least
3042  * from Compaq) does not send this.. Try to generate
3043  * ACK for these frames from the host driver to make
3044  * power saving work with, e.g., Lucent WaveLAN f/w */
3045  hostap_rx(dev, skb, rx_stats);
3046 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
3047  }
3048  ret = AP_RX_EXIT;
3049  goto out;
3050  }
3051 
3052  out:
3053  if (sta)
3054  atomic_dec(&sta->users);
3055 
3056  return ret;
3057 }
3058 
3059 
3060 /* Called only as a tasklet (software IRQ) */
3061 int hostap_handle_sta_crypto(local_info_t *local,
3062  struct ieee80211_hdr *hdr,
3063  struct lib80211_crypt_data **crypt,
3064  void **sta_ptr)
3065 {
3066  struct sta_info *sta;
3067 
3068  spin_lock(&local->ap->sta_table_lock);
3069  sta = ap_get_sta(local->ap, hdr->addr2);
3070  if (sta)
3071  atomic_inc(&sta->users);
3072  spin_unlock(&local->ap->sta_table_lock);
3073 
3074  if (!sta)
3075  return -1;
3076 
3077  if (sta->crypt) {
3078  *crypt = sta->crypt;
3079  *sta_ptr = sta;
3080  /* hostap_handle_sta_release() will be called to release STA
3081  * info */
3082  } else
3083  atomic_dec(&sta->users);
3084 
3085  return 0;
3086 }
3087 
3088 
3089 /* Called only as a tasklet (software IRQ) */
3090 int hostap_is_sta_assoc(struct ap_data *ap, u8 *sta_addr)
3091 {
3092  struct sta_info *sta;
3093  int ret = 0;
3094 
3095  spin_lock(&ap->sta_table_lock);
3096  sta = ap_get_sta(ap, sta_addr);
3097  if (sta != NULL && (sta->flags & WLAN_STA_ASSOC) && !sta->ap)
3098  ret = 1;
3099  spin_unlock(&ap->sta_table_lock);
3100 
3101  return ret;
3102 }
3103 
3104 
3105 /* Called only as a tasklet (software IRQ) */
3106 int hostap_is_sta_authorized(struct ap_data *ap, u8 *sta_addr)
3107 {
3108  struct sta_info *sta;
3109  int ret = 0;
3110 
3111  spin_lock(&ap->sta_table_lock);
3112  sta = ap_get_sta(ap, sta_addr);
3113  if (sta != NULL && (sta->flags & WLAN_STA_ASSOC) && !sta->ap &&
3114  ((sta->flags & WLAN_STA_AUTHORIZED) ||
3115  ap->local->ieee_802_1x == 0))
3116  ret = 1;
3117  spin_unlock(&ap->sta_table_lock);
3118 
3119  return ret;
3120 }
3121 
3122 
3123 /* Called only as a tasklet (software IRQ) */
3124 int hostap_add_sta(struct ap_data *ap, u8 *sta_addr)
3125 {
3126  struct sta_info *sta;
3127  int ret = 1;
3128 
3129  if (!ap)
3130  return -1;
3131 
3132  spin_lock(&ap->sta_table_lock);
3133  sta = ap_get_sta(ap, sta_addr);
3134  if (sta)
3135  ret = 0;
3136  spin_unlock(&ap->sta_table_lock);
3137 
3138  if (ret == 1) {
3139  sta = ap_add_sta(ap, sta_addr);
3140  if (!sta)
3141  return -1;
3142  sta->flags = WLAN_STA_AUTH | WLAN_STA_ASSOC;
3143  sta->ap = 1;
3144  memset(sta->supported_rates, 0, sizeof(sta->supported_rates));
3145  /* No way of knowing which rates are supported since we did not
3146  * get supported rates element from beacon/assoc req. Assume
3147  * that remote end supports all 802.11b rates. */
3148  sta->supported_rates[0] = 0x82;
3149  sta->supported_rates[1] = 0x84;
3150  sta->supported_rates[2] = 0x0b;
3151  sta->supported_rates[3] = 0x16;
3152  sta->tx_supp_rates = WLAN_RATE_1M | WLAN_RATE_2M |
3153  WLAN_RATE_5M5 | WLAN_RATE_11M;
3154  sta->tx_rate = 110;
3155  sta->tx_max_rate = sta->tx_rate_idx = 3;
3156  }
3157 
3158  return ret;
3159 }
3160 
3161 
3162 /* Called only as a tasklet (software IRQ) */
3163 int hostap_update_rx_stats(struct ap_data *ap,
3164  struct ieee80211_hdr *hdr,
3165  struct hostap_80211_rx_status *rx_stats)
3166 {
3167  struct sta_info *sta;
3168 
3169  if (!ap)
3170  return -1;
3171 
3172  spin_lock(&ap->sta_table_lock);
3173  sta = ap_get_sta(ap, hdr->addr2);
3174  if (sta) {
3175  sta->last_rx_silence = rx_stats->noise;
3176  sta->last_rx_signal = rx_stats->signal;
3177  sta->last_rx_rate = rx_stats->rate;
3178  sta->last_rx_updated = IW_QUAL_ALL_UPDATED | IW_QUAL_DBM;
3179  if (rx_stats->rate == 10)
3180  sta->rx_count[0]++;
3181  else if (rx_stats->rate == 20)
3182  sta->rx_count[1]++;
3183  else if (rx_stats->rate == 55)
3184  sta->rx_count[2]++;
3185  else if (rx_stats->rate == 110)
3186  sta->rx_count[3]++;
3187  }
3188  spin_unlock(&ap->sta_table_lock);
3189 
3190  return sta ? 0 : -1;
3191 }
3192 
3193 
3194 void hostap_update_rates(local_info_t *local)
3195 {
3196  struct sta_info *sta;
3197  struct ap_data *ap = local->ap;
3198 
3199  if (!ap)
3200  return;
3201 
3202  spin_lock_bh(&ap->sta_table_lock);
3203  list_for_each_entry(sta, &ap->sta_list, list) {
3204  prism2_check_tx_rates(sta);
3205  }
3206  spin_unlock_bh(&ap->sta_table_lock);
3207 }
3208 
3209 
3210 void * ap_crypt_get_ptrs(struct ap_data *ap, u8 *addr, int permanent,
3211  struct lib80211_crypt_data ***crypt)
3212 {
3213  struct sta_info *sta;
3214 
3215  spin_lock_bh(&ap->sta_table_lock);
3216  sta = ap_get_sta(ap, addr);
3217  if (sta)
3218  atomic_inc(&sta->users);
3219  spin_unlock_bh(&ap->sta_table_lock);
3220 
3221  if (!sta && permanent)
3222  sta = ap_add_sta(ap, addr);
3223 
3224  if (!sta)
3225  return NULL;
3226 
3227  if (permanent)
3228  sta->flags |= WLAN_STA_PERM;
3229 
3230  *crypt = &sta->crypt;
3231 
3232  return sta;
3233 }
3234 
3235 
3236 void hostap_add_wds_links(local_info_t *local)
3237 {
3238  struct ap_data *ap = local->ap;
3239  struct sta_info *sta;
3240 
3241  spin_lock_bh(&ap->sta_table_lock);
3242  list_for_each_entry(sta, &ap->sta_list, list) {
3243  if (sta->ap)
3244  hostap_wds_link_oper(local, sta->addr, WDS_ADD);
3245  }
3246  spin_unlock_bh(&ap->sta_table_lock);
3247 
3248  schedule_work(&local->ap->wds_oper_queue);
3249 }
3250 
3251 
3252 void hostap_wds_link_oper(local_info_t *local, u8 *addr, wds_oper_type type)
3253 {
3254  struct wds_oper_data *entry;
3255 
3256  entry = kmalloc(sizeof(*entry), GFP_ATOMIC);
3257  if (!entry)
3258  return;
3259  memcpy(entry->addr, addr, ETH_ALEN);
3260  entry->type = type;
3261  spin_lock_bh(&local->lock);
3262  entry->next = local->ap->wds_oper_entries;
3263  local->ap->wds_oper_entries = entry;
3264  spin_unlock_bh(&local->lock);
3265 
3266  schedule_work(&local->ap->wds_oper_queue);
3267 }
3268 
3269 
3270 EXPORT_SYMBOL(hostap_init_data);
3271 EXPORT_SYMBOL(hostap_init_ap_proc);
3272 EXPORT_SYMBOL(hostap_free_data);
3273 EXPORT_SYMBOL(hostap_check_sta_fw_version);
3274 EXPORT_SYMBOL(hostap_handle_sta_tx_exc);
3275 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
3276 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
Generated on Thu Jan 10 2013 14:10:48 for Linux Kernel by   doxygen 1.8.2