Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
rndis_wlan.c
Go to the documentation of this file.
1 /*
2  * Driver for RNDIS based wireless USB devices.
3  *
4  * Copyright (C) 2007 by Bjorge Dijkstra <[email protected]>
5  * Copyright (C) 2008-2009 by Jussi Kivilinna <[email protected]>
6  *
7  * This program is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License as published by
9  * the Free Software Foundation; either version 2 of the License, or
10  * (at your option) any later version.
11  *
12  * This program is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15  * GNU General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License
18  * along with this program; if not, write to the Free Software
19  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20  *
21  * Portions of this file are based on NDISwrapper project,
22  * Copyright (C) 2003-2005 Pontus Fuchs, Giridhar Pemmasani
23  * http://ndiswrapper.sourceforge.net/
24  */
25 
26 // #define DEBUG // error path messages, extra info
27 // #define VERBOSE // more; success messages
28 
29 #include <linux/module.h>
30 #include <linux/init.h>
31 #include <linux/netdevice.h>
32 #include <linux/etherdevice.h>
33 #include <linux/ethtool.h>
34 #include <linux/workqueue.h>
35 #include <linux/mutex.h>
36 #include <linux/mii.h>
37 #include <linux/usb.h>
38 #include <linux/usb/cdc.h>
39 #include <linux/ieee80211.h>
40 #include <linux/if_arp.h>
41 #include <linux/ctype.h>
42 #include <linux/spinlock.h>
43 #include <linux/slab.h>
44 #include <net/cfg80211.h>
45 #include <linux/usb/usbnet.h>
46 #include <linux/usb/rndis_host.h>
47 
48 
49 /* NOTE: All these are settings for Broadcom chipset */
50 static char modparam_country[4] = "EU";
51 module_param_string(country, modparam_country, 4, 0444);
52 MODULE_PARM_DESC(country, "Country code (ISO 3166-1 alpha-2), default: EU");
53 
54 static int modparam_frameburst = 1;
55 module_param_named(frameburst, modparam_frameburst, int, 0444);
56 MODULE_PARM_DESC(frameburst, "enable frame bursting (default: on)");
57 
58 static int modparam_afterburner = 0;
59 module_param_named(afterburner, modparam_afterburner, int, 0444);
60 MODULE_PARM_DESC(afterburner,
61  "enable afterburner aka '125 High Speed Mode' (default: off)");
62 
63 static int modparam_power_save = 0;
64 module_param_named(power_save, modparam_power_save, int, 0444);
65 MODULE_PARM_DESC(power_save,
66  "set power save mode: 0=off, 1=on, 2=fast (default: off)");
67 
68 static int modparam_power_output = 3;
69 module_param_named(power_output, modparam_power_output, int, 0444);
70 MODULE_PARM_DESC(power_output,
71  "set power output: 0=25%, 1=50%, 2=75%, 3=100% (default: 100%)");
72 
73 static int modparam_roamtrigger = -70;
74 module_param_named(roamtrigger, modparam_roamtrigger, int, 0444);
75 MODULE_PARM_DESC(roamtrigger,
76  "set roaming dBm trigger: -80=optimize for distance, "
77  "-60=bandwidth (default: -70)");
78 
79 static int modparam_roamdelta = 1;
80 module_param_named(roamdelta, modparam_roamdelta, int, 0444);
81 MODULE_PARM_DESC(roamdelta,
82  "set roaming tendency: 0=aggressive, 1=moderate, "
83  "2=conservative (default: moderate)");
84 
85 static int modparam_workaround_interval;
86 module_param_named(workaround_interval, modparam_workaround_interval,
87  int, 0444);
88 MODULE_PARM_DESC(workaround_interval,
89  "set stall workaround interval in msecs (0=disabled) (default: 0)");
90 
91 /* Typical noise/maximum signal level values taken from ndiswrapper iw_ndis.h */
92 #define WL_NOISE -96 /* typical noise level in dBm */
93 #define WL_SIGMAX -32 /* typical maximum signal level in dBm */
94 
95 
96 /* Assume that Broadcom 4320 (only chipset at time of writing known to be
97  * based on wireless rndis) has default txpower of 13dBm.
98  * This value is from Linksys WUSB54GSC User Guide, Appendix F: Specifications.
99  * 100% : 20 mW ~ 13dBm
100  * 75% : 15 mW ~ 12dBm
101  * 50% : 10 mW ~ 10dBm
102  * 25% : 5 mW ~ 7dBm
103  */
104 #define BCM4320_DEFAULT_TXPOWER_DBM_100 13
105 #define BCM4320_DEFAULT_TXPOWER_DBM_75 12
106 #define BCM4320_DEFAULT_TXPOWER_DBM_50 10
107 #define BCM4320_DEFAULT_TXPOWER_DBM_25 7
108 
109 /* Known device types */
110 #define RNDIS_UNKNOWN 0
111 #define RNDIS_BCM4320A 1
112 #define RNDIS_BCM4320B 2
113 
114 
115 /* NDIS data structures. Taken from wpa_supplicant driver_ndis.c
116  * slightly modified for datatype endianess, etc
117  */
118 #define NDIS_802_11_LENGTH_SSID 32
119 #define NDIS_802_11_LENGTH_RATES 8
120 #define NDIS_802_11_LENGTH_RATES_EX 16
121 
127 };
128 
133 };
134 
144 };
145 
155 };
156 
160 };
161 
167 };
168 
172 };
173 
178 };
179 
185 };
186 
190 };
191 
196 };
197 
200 };
201 
204  u8 bssid[6];
207 } __packed;
208 
210  u8 bssid[6];
213 } __packed;
214 
219 } __packed;
220 
223  union {
228  } u;
229 } __packed;
230 
234 } __packed;
235 
241 } __packed;
242 
249 } __packed;
250 
253  u8 mac[6];
263  u8 ies[0];
264 } __packed;
265 
269 } __packed;
270 
275 } __packed;
276 
282 } __packed;
283 
288  u8 bssid[6];
290  u8 rsc[8];
292 } __packed;
293 
297  u8 bssid[6];
299 } __packed;
300 
307 } __packed;
308 
312  struct req_ie {
316  } req_ie;
320  struct resp_ie {
324  } resp_ie;
327 } __packed;
328 
332 } __packed;
333 
340 } __packed;
341 
343  u8 bssid[6];
344  u8 pmkid[16];
345 } __packed;
346 
351 } __packed;
352 
353 /*
354  * private data
355  */
356 #define CAP_MODE_80211A 1
357 #define CAP_MODE_80211B 2
358 #define CAP_MODE_80211G 4
359 #define CAP_MODE_MASK 7
360 
361 #define WORK_LINK_UP (1<<0)
362 #define WORK_LINK_DOWN (1<<1)
363 #define WORK_SET_MULTICAST_LIST (1<<2)
364 
365 #define RNDIS_WLAN_ALG_NONE 0
366 #define RNDIS_WLAN_ALG_WEP (1<<0)
367 #define RNDIS_WLAN_ALG_TKIP (1<<1)
368 #define RNDIS_WLAN_ALG_CCMP (1<<2)
369 
370 #define RNDIS_WLAN_NUM_KEYS 4
371 #define RNDIS_WLAN_KEY_MGMT_NONE 0
372 #define RNDIS_WLAN_KEY_MGMT_802_1X (1<<0)
373 #define RNDIS_WLAN_KEY_MGMT_PSK (1<<1)
374 
375 #define COMMAND_BUFFER_SIZE (CONTROL_BUFFER_SIZE + sizeof(struct rndis_set))
376 
377 static const struct ieee80211_channel rndis_channels[] = {
378  { .center_freq = 2412 },
379  { .center_freq = 2417 },
380  { .center_freq = 2422 },
381  { .center_freq = 2427 },
382  { .center_freq = 2432 },
383  { .center_freq = 2437 },
384  { .center_freq = 2442 },
385  { .center_freq = 2447 },
386  { .center_freq = 2452 },
387  { .center_freq = 2457 },
388  { .center_freq = 2462 },
389  { .center_freq = 2467 },
390  { .center_freq = 2472 },
391  { .center_freq = 2484 },
392 };
393 
394 static const struct ieee80211_rate rndis_rates[] = {
395  { .bitrate = 10 },
396  { .bitrate = 20, .flags = IEEE80211_RATE_SHORT_PREAMBLE },
397  { .bitrate = 55, .flags = IEEE80211_RATE_SHORT_PREAMBLE },
398  { .bitrate = 110, .flags = IEEE80211_RATE_SHORT_PREAMBLE },
399  { .bitrate = 60 },
400  { .bitrate = 90 },
401  { .bitrate = 120 },
402  { .bitrate = 180 },
403  { .bitrate = 240 },
404  { .bitrate = 360 },
405  { .bitrate = 480 },
406  { .bitrate = 540 }
407 };
408 
409 static const u32 rndis_cipher_suites[] = {
414 };
415 
417  int len;
421  bool pairwise;
422  bool tx_key;
423 };
424 
425 /* RNDIS device private data */
427  struct usbnet *usbdev;
428 
430 
432 
438  unsigned long work_pending;
443 
445  struct ieee80211_channel channels[ARRAY_SIZE(rndis_channels)];
446  struct ieee80211_rate rates[ARRAY_SIZE(rndis_rates)];
447  u32 cipher_suites[ARRAY_SIZE(rndis_cipher_suites)];
448 
450  int caps;
452 
453  /* module parameters */
454  char param_country[4];
462 
463  /* hardware state */
464  bool radio_on;
467  bool connected;
470 
471  /* encryption stuff */
475 
477 };
478 
479 /*
480  * cfg80211 ops
481  */
482 static int rndis_change_virtual_intf(struct wiphy *wiphy,
483  struct net_device *dev,
484  enum nl80211_iftype type, u32 *flags,
485  struct vif_params *params);
486 
487 static int rndis_scan(struct wiphy *wiphy,
489 
490 static int rndis_set_wiphy_params(struct wiphy *wiphy, u32 changed);
491 
492 static int rndis_set_tx_power(struct wiphy *wiphy,
494  int mbm);
495 static int rndis_get_tx_power(struct wiphy *wiphy, int *dbm);
496 
497 static int rndis_connect(struct wiphy *wiphy, struct net_device *dev,
498  struct cfg80211_connect_params *sme);
499 
500 static int rndis_disconnect(struct wiphy *wiphy, struct net_device *dev,
501  u16 reason_code);
502 
503 static int rndis_join_ibss(struct wiphy *wiphy, struct net_device *dev,
504  struct cfg80211_ibss_params *params);
505 
506 static int rndis_leave_ibss(struct wiphy *wiphy, struct net_device *dev);
507 
508 static int rndis_add_key(struct wiphy *wiphy, struct net_device *netdev,
509  u8 key_index, bool pairwise, const u8 *mac_addr,
510  struct key_params *params);
511 
512 static int rndis_del_key(struct wiphy *wiphy, struct net_device *netdev,
513  u8 key_index, bool pairwise, const u8 *mac_addr);
514 
515 static int rndis_set_default_key(struct wiphy *wiphy, struct net_device *netdev,
516  u8 key_index, bool unicast, bool multicast);
517 
518 static int rndis_get_station(struct wiphy *wiphy, struct net_device *dev,
519  u8 *mac, struct station_info *sinfo);
520 
521 static int rndis_dump_station(struct wiphy *wiphy, struct net_device *dev,
522  int idx, u8 *mac, struct station_info *sinfo);
523 
524 static int rndis_set_pmksa(struct wiphy *wiphy, struct net_device *netdev,
525  struct cfg80211_pmksa *pmksa);
526 
527 static int rndis_del_pmksa(struct wiphy *wiphy, struct net_device *netdev,
528  struct cfg80211_pmksa *pmksa);
529 
530 static int rndis_flush_pmksa(struct wiphy *wiphy, struct net_device *netdev);
531 
532 static int rndis_set_power_mgmt(struct wiphy *wiphy, struct net_device *dev,
533  bool enabled, int timeout);
534 
535 static int rndis_set_cqm_rssi_config(struct wiphy *wiphy,
536  struct net_device *dev,
537  s32 rssi_thold, u32 rssi_hyst);
538 
539 static const struct cfg80211_ops rndis_config_ops = {
540  .change_virtual_intf = rndis_change_virtual_intf,
541  .scan = rndis_scan,
542  .set_wiphy_params = rndis_set_wiphy_params,
543  .set_tx_power = rndis_set_tx_power,
544  .get_tx_power = rndis_get_tx_power,
545  .connect = rndis_connect,
546  .disconnect = rndis_disconnect,
547  .join_ibss = rndis_join_ibss,
548  .leave_ibss = rndis_leave_ibss,
549  .add_key = rndis_add_key,
550  .del_key = rndis_del_key,
551  .set_default_key = rndis_set_default_key,
552  .get_station = rndis_get_station,
553  .dump_station = rndis_dump_station,
554  .set_pmksa = rndis_set_pmksa,
555  .del_pmksa = rndis_del_pmksa,
556  .flush_pmksa = rndis_flush_pmksa,
557  .set_power_mgmt = rndis_set_power_mgmt,
558  .set_cqm_rssi_config = rndis_set_cqm_rssi_config,
559 };
560 
561 static void *rndis_wiphy_privid = &rndis_wiphy_privid;
562 
563 
564 static struct rndis_wlan_private *get_rndis_wlan_priv(struct usbnet *dev)
565 {
566  return (struct rndis_wlan_private *)dev->driver_priv;
567 }
568 
569 static u32 get_bcm4320_power_dbm(struct rndis_wlan_private *priv)
570 {
571  switch (priv->param_power_output) {
572  default:
573  case 3:
575  case 2:
577  case 1:
579  case 0:
581  }
582 }
583 
584 static bool is_wpa_key(struct rndis_wlan_private *priv, u8 idx)
585 {
586  int cipher = priv->encr_keys[idx].cipher;
587 
588  return (cipher == WLAN_CIPHER_SUITE_CCMP ||
589  cipher == WLAN_CIPHER_SUITE_TKIP);
590 }
591 
592 static int rndis_cipher_to_alg(u32 cipher)
593 {
594  switch (cipher) {
595  default:
596  return RNDIS_WLAN_ALG_NONE;
599  return RNDIS_WLAN_ALG_WEP;
601  return RNDIS_WLAN_ALG_TKIP;
603  return RNDIS_WLAN_ALG_CCMP;
604  }
605 }
606 
607 static int rndis_akm_suite_to_key_mgmt(u32 akm_suite)
608 {
609  switch (akm_suite) {
610  default:
614  case WLAN_AKM_SUITE_PSK:
616  }
617 }
618 
619 #ifdef DEBUG
620 static const char *oid_to_string(u32 oid)
621 {
622  switch (oid) {
623 #define OID_STR(oid) case oid: return(#oid)
624  /* from rndis_host.h */
629 
630  /* from rndis_wlan.c */
631  OID_STR(RNDIS_OID_GEN_LINK_SPEED);
633 
634  OID_STR(RNDIS_OID_GEN_XMIT_OK);
635  OID_STR(RNDIS_OID_GEN_RCV_OK);
636  OID_STR(RNDIS_OID_GEN_XMIT_ERROR);
637  OID_STR(RNDIS_OID_GEN_RCV_ERROR);
639 
643 
644  OID_STR(RNDIS_OID_802_11_BSSID);
645  OID_STR(RNDIS_OID_802_11_SSID);
647  OID_STR(RNDIS_OID_802_11_ADD_WEP);
654  OID_STR(RNDIS_OID_802_11_ADD_KEY);
658  OID_STR(RNDIS_OID_802_11_PMKID);
662  OID_STR(RNDIS_OID_802_11_RSSI);
670 #undef OID_STR
671  }
672 
673  return "?";
674 }
675 #else
676 static const char *oid_to_string(u32 oid)
677 {
678  return "?";
679 }
680 #endif
681 
682 /* translate error code */
683 static int rndis_error_status(__le32 rndis_status)
684 {
685  int ret = -EINVAL;
686  switch (le32_to_cpu(rndis_status)) {
688  ret = 0;
689  break;
692  ret = -EINVAL;
693  break;
695  ret = -EOPNOTSUPP;
696  break;
699  ret = -EBUSY;
700  break;
701  }
702  return ret;
703 }
704 
705 static int rndis_query_oid(struct usbnet *dev, u32 oid, void *data, int *len)
706 {
707  struct rndis_wlan_private *priv = get_rndis_wlan_priv(dev);
708  union {
709  void *buf;
710  struct rndis_msg_hdr *header;
711  struct rndis_query *get;
712  struct rndis_query_c *get_c;
713  } u;
714  int ret, buflen;
715  int resplen, respoffs, copylen;
716 
717  buflen = *len + sizeof(*u.get);
718  if (buflen < CONTROL_BUFFER_SIZE)
719  buflen = CONTROL_BUFFER_SIZE;
720 
721  if (buflen > COMMAND_BUFFER_SIZE) {
722  u.buf = kmalloc(buflen, GFP_KERNEL);
723  if (!u.buf)
724  return -ENOMEM;
725  } else {
726  u.buf = priv->command_buffer;
727  }
728 
729  mutex_lock(&priv->command_lock);
730 
731  memset(u.get, 0, sizeof *u.get);
732  u.get->msg_type = cpu_to_le32(RNDIS_MSG_QUERY);
733  u.get->msg_len = cpu_to_le32(sizeof *u.get);
734  u.get->oid = cpu_to_le32(oid);
735 
736  priv->current_command_oid = oid;
737  ret = rndis_command(dev, u.header, buflen);
738  priv->current_command_oid = 0;
739  if (ret < 0)
740  netdev_dbg(dev->net, "%s(%s): rndis_command() failed, %d (%08x)\n",
741  __func__, oid_to_string(oid), ret,
742  le32_to_cpu(u.get_c->status));
743 
744  if (ret == 0) {
745  resplen = le32_to_cpu(u.get_c->len);
746  respoffs = le32_to_cpu(u.get_c->offset) + 8;
747 
748  if (respoffs > buflen) {
749  /* Device returned data offset outside buffer, error. */
750  netdev_dbg(dev->net, "%s(%s): received invalid "
751  "data offset: %d > %d\n", __func__,
752  oid_to_string(oid), respoffs, buflen);
753 
754  ret = -EINVAL;
755  goto exit_unlock;
756  }
757 
758  if ((resplen + respoffs) > buflen) {
759  /* Device would have returned more data if buffer would
760  * have been big enough. Copy just the bits that we got.
761  */
762  copylen = buflen - respoffs;
763  } else {
764  copylen = resplen;
765  }
766 
767  if (copylen > *len)
768  copylen = *len;
769 
770  memcpy(data, u.buf + respoffs, copylen);
771 
772  *len = resplen;
773 
774  ret = rndis_error_status(u.get_c->status);
775  if (ret < 0)
776  netdev_dbg(dev->net, "%s(%s): device returned error, 0x%08x (%d)\n",
777  __func__, oid_to_string(oid),
778  le32_to_cpu(u.get_c->status), ret);
779  }
780 
781 exit_unlock:
782  mutex_unlock(&priv->command_lock);
783 
784  if (u.buf != priv->command_buffer)
785  kfree(u.buf);
786  return ret;
787 }
788 
789 static int rndis_set_oid(struct usbnet *dev, u32 oid, const void *data,
790  int len)
791 {
792  struct rndis_wlan_private *priv = get_rndis_wlan_priv(dev);
793  union {
794  void *buf;
795  struct rndis_msg_hdr *header;
796  struct rndis_set *set;
797  struct rndis_set_c *set_c;
798  } u;
799  int ret, buflen;
800 
801  buflen = len + sizeof(*u.set);
802  if (buflen < CONTROL_BUFFER_SIZE)
803  buflen = CONTROL_BUFFER_SIZE;
804 
805  if (buflen > COMMAND_BUFFER_SIZE) {
806  u.buf = kmalloc(buflen, GFP_KERNEL);
807  if (!u.buf)
808  return -ENOMEM;
809  } else {
810  u.buf = priv->command_buffer;
811  }
812 
813  mutex_lock(&priv->command_lock);
814 
815  memset(u.set, 0, sizeof *u.set);
816  u.set->msg_type = cpu_to_le32(RNDIS_MSG_SET);
817  u.set->msg_len = cpu_to_le32(sizeof(*u.set) + len);
818  u.set->oid = cpu_to_le32(oid);
819  u.set->len = cpu_to_le32(len);
820  u.set->offset = cpu_to_le32(sizeof(*u.set) - 8);
821  u.set->handle = cpu_to_le32(0);
822  memcpy(u.buf + sizeof(*u.set), data, len);
823 
824  priv->current_command_oid = oid;
825  ret = rndis_command(dev, u.header, buflen);
826  priv->current_command_oid = 0;
827  if (ret < 0)
828  netdev_dbg(dev->net, "%s(%s): rndis_command() failed, %d (%08x)\n",
829  __func__, oid_to_string(oid), ret,
830  le32_to_cpu(u.set_c->status));
831 
832  if (ret == 0) {
833  ret = rndis_error_status(u.set_c->status);
834 
835  if (ret < 0)
836  netdev_dbg(dev->net, "%s(%s): device returned error, 0x%08x (%d)\n",
837  __func__, oid_to_string(oid),
838  le32_to_cpu(u.set_c->status), ret);
839  }
840 
841  mutex_unlock(&priv->command_lock);
842 
843  if (u.buf != priv->command_buffer)
844  kfree(u.buf);
845  return ret;
846 }
847 
848 static int rndis_reset(struct usbnet *usbdev)
849 {
850  struct rndis_wlan_private *priv = get_rndis_wlan_priv(usbdev);
851  struct rndis_reset *reset;
852  int ret;
853 
854  mutex_lock(&priv->command_lock);
855 
856  reset = (void *)priv->command_buffer;
857  memset(reset, 0, sizeof(*reset));
859  reset->msg_len = cpu_to_le32(sizeof(*reset));
860  priv->current_command_oid = 0;
861  ret = rndis_command(usbdev, (void *)reset, CONTROL_BUFFER_SIZE);
862 
863  mutex_unlock(&priv->command_lock);
864 
865  if (ret < 0)
866  return ret;
867  return 0;
868 }
869 
870 /*
871  * Specs say that we can only set config parameters only soon after device
872  * initialization.
873  * value_type: 0 = u32, 2 = unicode string
874  */
875 static int rndis_set_config_parameter(struct usbnet *dev, char *param,
876  int value_type, void *value)
877 {
878  struct ndis_config_param *infobuf;
879  int value_len, info_len, param_len, ret, i;
880  __le16 *unibuf;
881  __le32 *dst_value;
882 
883  if (value_type == 0)
884  value_len = sizeof(__le32);
885  else if (value_type == 2)
886  value_len = strlen(value) * sizeof(__le16);
887  else
888  return -EINVAL;
889 
890  param_len = strlen(param) * sizeof(__le16);
891  info_len = sizeof(*infobuf) + param_len + value_len;
892 
893 #ifdef DEBUG
894  info_len += 12;
895 #endif
896  infobuf = kmalloc(info_len, GFP_KERNEL);
897  if (!infobuf)
898  return -ENOMEM;
899 
900 #ifdef DEBUG
901  info_len -= 12;
902  /* extra 12 bytes are for padding (debug output) */
903  memset(infobuf, 0xCC, info_len + 12);
904 #endif
905 
906  if (value_type == 2)
907  netdev_dbg(dev->net, "setting config parameter: %s, value: %s\n",
908  param, (u8 *)value);
909  else
910  netdev_dbg(dev->net, "setting config parameter: %s, value: %d\n",
911  param, *(u32 *)value);
912 
913  infobuf->name_offs = cpu_to_le32(sizeof(*infobuf));
914  infobuf->name_length = cpu_to_le32(param_len);
915  infobuf->type = cpu_to_le32(value_type);
916  infobuf->value_offs = cpu_to_le32(sizeof(*infobuf) + param_len);
917  infobuf->value_length = cpu_to_le32(value_len);
918 
919  /* simple string to unicode string conversion */
920  unibuf = (void *)infobuf + sizeof(*infobuf);
921  for (i = 0; i < param_len / sizeof(__le16); i++)
922  unibuf[i] = cpu_to_le16(param[i]);
923 
924  if (value_type == 2) {
925  unibuf = (void *)infobuf + sizeof(*infobuf) + param_len;
926  for (i = 0; i < value_len / sizeof(__le16); i++)
927  unibuf[i] = cpu_to_le16(((u8 *)value)[i]);
928  } else {
929  dst_value = (void *)infobuf + sizeof(*infobuf) + param_len;
930  *dst_value = cpu_to_le32(*(u32 *)value);
931  }
932 
933 #ifdef DEBUG
934  netdev_dbg(dev->net, "info buffer (len: %d)\n", info_len);
935  for (i = 0; i < info_len; i += 12) {
936  u32 *tmp = (u32 *)((u8 *)infobuf + i);
937  netdev_dbg(dev->net, "%08X:%08X:%08X\n",
938  cpu_to_be32(tmp[0]),
939  cpu_to_be32(tmp[1]),
940  cpu_to_be32(tmp[2]));
941  }
942 #endif
943 
944  ret = rndis_set_oid(dev, RNDIS_OID_GEN_RNDIS_CONFIG_PARAMETER,
945  infobuf, info_len);
946  if (ret != 0)
947  netdev_dbg(dev->net, "setting rndis config parameter failed, %d\n",
948  ret);
949 
950  kfree(infobuf);
951  return ret;
952 }
953 
954 static int rndis_set_config_parameter_str(struct usbnet *dev,
955  char *param, char *value)
956 {
957  return rndis_set_config_parameter(dev, param, 2, value);
958 }
959 
960 /*
961  * data conversion functions
962  */
963 static int level_to_qual(int level)
964 {
965  int qual = 100 * (level - WL_NOISE) / (WL_SIGMAX - WL_NOISE);
966  return qual >= 0 ? (qual <= 100 ? qual : 100) : 0;
967 }
968 
969 /*
970  * common functions
971  */
972 static int set_infra_mode(struct usbnet *usbdev, int mode);
973 static void restore_keys(struct usbnet *usbdev);
974 static int rndis_check_bssid_list(struct usbnet *usbdev, u8 *match_bssid,
975  bool *matched);
976 
977 static int rndis_start_bssid_list_scan(struct usbnet *usbdev)
978 {
979  __le32 tmp;
980 
981  /* Note: RNDIS_OID_802_11_BSSID_LIST_SCAN clears internal BSS list. */
982  tmp = cpu_to_le32(1);
983  return rndis_set_oid(usbdev, RNDIS_OID_802_11_BSSID_LIST_SCAN, &tmp,
984  sizeof(tmp));
985 }
986 
987 static int set_essid(struct usbnet *usbdev, struct ndis_80211_ssid *ssid)
988 {
989  struct rndis_wlan_private *priv = get_rndis_wlan_priv(usbdev);
990  int ret;
991 
992  ret = rndis_set_oid(usbdev, RNDIS_OID_802_11_SSID,
993  ssid, sizeof(*ssid));
994  if (ret < 0) {
995  netdev_warn(usbdev->net, "setting SSID failed (%08X)\n", ret);
996  return ret;
997  }
998  if (ret == 0) {
999  priv->radio_on = true;
1000  netdev_dbg(usbdev->net, "%s(): radio_on = true\n", __func__);
1001  }
1002 
1003  return ret;
1004 }
1005 
1006 static int set_bssid(struct usbnet *usbdev, const u8 *bssid)
1007 {
1008  int ret;
1009 
1010  ret = rndis_set_oid(usbdev, RNDIS_OID_802_11_BSSID,
1011  bssid, ETH_ALEN);
1012  if (ret < 0) {
1013  netdev_warn(usbdev->net, "setting BSSID[%pM] failed (%08X)\n",
1014  bssid, ret);
1015  return ret;
1016  }
1017 
1018  return ret;
1019 }
1020 
1021 static int clear_bssid(struct usbnet *usbdev)
1022 {
1023  static const u8 broadcast_mac[ETH_ALEN] = {
1024  0xff, 0xff, 0xff, 0xff, 0xff, 0xff
1025  };
1026 
1027  return set_bssid(usbdev, broadcast_mac);
1028 }
1029 
1030 static int get_bssid(struct usbnet *usbdev, u8 bssid[ETH_ALEN])
1031 {
1032  int ret, len;
1033 
1034  len = ETH_ALEN;
1035  ret = rndis_query_oid(usbdev, RNDIS_OID_802_11_BSSID,
1036  bssid, &len);
1037 
1038  if (ret != 0)
1039  memset(bssid, 0, ETH_ALEN);
1040 
1041  return ret;
1042 }
1043 
1044 static int get_association_info(struct usbnet *usbdev,
1045  struct ndis_80211_assoc_info *info, int len)
1046 {
1047  return rndis_query_oid(usbdev,
1049  info, &len);
1050 }
1051 
1052 static bool is_associated(struct usbnet *usbdev)
1053 {
1054  struct rndis_wlan_private *priv = get_rndis_wlan_priv(usbdev);
1055  u8 bssid[ETH_ALEN];
1056  int ret;
1057 
1058  if (!priv->radio_on)
1059  return false;
1060 
1061  ret = get_bssid(usbdev, bssid);
1062 
1063  return (ret == 0 && !is_zero_ether_addr(bssid));
1064 }
1065 
1066 static int disassociate(struct usbnet *usbdev, bool reset_ssid)
1067 {
1068  struct rndis_wlan_private *priv = get_rndis_wlan_priv(usbdev);
1069  struct ndis_80211_ssid ssid;
1070  int i, ret = 0;
1071 
1072  if (priv->radio_on) {
1073  ret = rndis_set_oid(usbdev,
1075  NULL, 0);
1076  if (ret == 0) {
1077  priv->radio_on = false;
1078  netdev_dbg(usbdev->net, "%s(): radio_on = false\n",
1079  __func__);
1080 
1081  if (reset_ssid)
1082  msleep(100);
1083  }
1084  }
1085 
1086  /* disassociate causes radio to be turned off; if reset_ssid
1087  * is given, set random ssid to enable radio */
1088  if (reset_ssid) {
1089  /* Set device to infrastructure mode so we don't get ad-hoc
1090  * 'media connect' indications with the random ssid.
1091  */
1092  set_infra_mode(usbdev, NDIS_80211_INFRA_INFRA);
1093 
1094  ssid.length = cpu_to_le32(sizeof(ssid.essid));
1095  get_random_bytes(&ssid.essid[2], sizeof(ssid.essid)-2);
1096  ssid.essid[0] = 0x1;
1097  ssid.essid[1] = 0xff;
1098  for (i = 2; i < sizeof(ssid.essid); i++)
1099  ssid.essid[i] = 0x1 + (ssid.essid[i] * 0xfe / 0xff);
1100  ret = set_essid(usbdev, &ssid);
1101  }
1102  return ret;
1103 }
1104 
1105 static int set_auth_mode(struct usbnet *usbdev, u32 wpa_version,
1106  enum nl80211_auth_type auth_type, int keymgmt)
1107 {
1108  struct rndis_wlan_private *priv = get_rndis_wlan_priv(usbdev);
1109  __le32 tmp;
1110  int auth_mode, ret;
1111 
1112  netdev_dbg(usbdev->net, "%s(): wpa_version=0x%x authalg=0x%x keymgmt=0x%x\n",
1113  __func__, wpa_version, auth_type, keymgmt);
1114 
1115  if (wpa_version & NL80211_WPA_VERSION_2) {
1116  if (keymgmt & RNDIS_WLAN_KEY_MGMT_802_1X)
1117  auth_mode = NDIS_80211_AUTH_WPA2;
1118  else
1119  auth_mode = NDIS_80211_AUTH_WPA2_PSK;
1120  } else if (wpa_version & NL80211_WPA_VERSION_1) {
1121  if (keymgmt & RNDIS_WLAN_KEY_MGMT_802_1X)
1122  auth_mode = NDIS_80211_AUTH_WPA;
1123  else if (keymgmt & RNDIS_WLAN_KEY_MGMT_PSK)
1124  auth_mode = NDIS_80211_AUTH_WPA_PSK;
1125  else
1126  auth_mode = NDIS_80211_AUTH_WPA_NONE;
1127  } else if (auth_type == NL80211_AUTHTYPE_SHARED_KEY)
1128  auth_mode = NDIS_80211_AUTH_SHARED;
1129  else if (auth_type == NL80211_AUTHTYPE_OPEN_SYSTEM)
1130  auth_mode = NDIS_80211_AUTH_OPEN;
1131  else if (auth_type == NL80211_AUTHTYPE_AUTOMATIC)
1132  auth_mode = NDIS_80211_AUTH_AUTO_SWITCH;
1133  else
1134  return -ENOTSUPP;
1135 
1136  tmp = cpu_to_le32(auth_mode);
1137  ret = rndis_set_oid(usbdev,
1139  &tmp, sizeof(tmp));
1140  if (ret != 0) {
1141  netdev_warn(usbdev->net, "setting auth mode failed (%08X)\n",
1142  ret);
1143  return ret;
1144  }
1145 
1146  priv->wpa_version = wpa_version;
1147 
1148  return 0;
1149 }
1150 
1151 static int set_priv_filter(struct usbnet *usbdev)
1152 {
1153  struct rndis_wlan_private *priv = get_rndis_wlan_priv(usbdev);
1154  __le32 tmp;
1155 
1156  netdev_dbg(usbdev->net, "%s(): wpa_version=0x%x\n",
1157  __func__, priv->wpa_version);
1158 
1159  if (priv->wpa_version & NL80211_WPA_VERSION_2 ||
1160  priv->wpa_version & NL80211_WPA_VERSION_1)
1162  else
1164 
1165  return rndis_set_oid(usbdev,
1167  sizeof(tmp));
1168 }
1169 
1170 static int set_encr_mode(struct usbnet *usbdev, int pairwise, int groupwise)
1171 {
1172  __le32 tmp;
1173  int encr_mode, ret;
1174 
1175  netdev_dbg(usbdev->net, "%s(): cipher_pair=0x%x cipher_group=0x%x\n",
1176  __func__, pairwise, groupwise);
1177 
1178  if (pairwise & RNDIS_WLAN_ALG_CCMP)
1179  encr_mode = NDIS_80211_ENCR_CCMP_ENABLED;
1180  else if (pairwise & RNDIS_WLAN_ALG_TKIP)
1181  encr_mode = NDIS_80211_ENCR_TKIP_ENABLED;
1182  else if (pairwise & RNDIS_WLAN_ALG_WEP)
1183  encr_mode = NDIS_80211_ENCR_WEP_ENABLED;
1184  else if (groupwise & RNDIS_WLAN_ALG_CCMP)
1185  encr_mode = NDIS_80211_ENCR_CCMP_ENABLED;
1186  else if (groupwise & RNDIS_WLAN_ALG_TKIP)
1187  encr_mode = NDIS_80211_ENCR_TKIP_ENABLED;
1188  else
1189  encr_mode = NDIS_80211_ENCR_DISABLED;
1190 
1191  tmp = cpu_to_le32(encr_mode);
1192  ret = rndis_set_oid(usbdev,
1194  sizeof(tmp));
1195  if (ret != 0) {
1196  netdev_warn(usbdev->net, "setting encr mode failed (%08X)\n",
1197  ret);
1198  return ret;
1199  }
1200 
1201  return 0;
1202 }
1203 
1204 static int set_infra_mode(struct usbnet *usbdev, int mode)
1205 {
1206  struct rndis_wlan_private *priv = get_rndis_wlan_priv(usbdev);
1207  __le32 tmp;
1208  int ret;
1209 
1210  netdev_dbg(usbdev->net, "%s(): infra_mode=0x%x\n",
1211  __func__, priv->infra_mode);
1212 
1213  tmp = cpu_to_le32(mode);
1214  ret = rndis_set_oid(usbdev,
1216  &tmp, sizeof(tmp));
1217  if (ret != 0) {
1218  netdev_warn(usbdev->net, "setting infra mode failed (%08X)\n",
1219  ret);
1220  return ret;
1221  }
1222 
1223  /* NDIS drivers clear keys when infrastructure mode is
1224  * changed. But Linux tools assume otherwise. So set the
1225  * keys */
1226  restore_keys(usbdev);
1227 
1228  priv->infra_mode = mode;
1229  return 0;
1230 }
1231 
1232 static int set_rts_threshold(struct usbnet *usbdev, u32 rts_threshold)
1233 {
1234  __le32 tmp;
1235 
1236  netdev_dbg(usbdev->net, "%s(): %i\n", __func__, rts_threshold);
1237 
1238  if (rts_threshold < 0 || rts_threshold > 2347)
1239  rts_threshold = 2347;
1240 
1241  tmp = cpu_to_le32(rts_threshold);
1242  return rndis_set_oid(usbdev,
1244  &tmp, sizeof(tmp));
1245 }
1246 
1247 static int set_frag_threshold(struct usbnet *usbdev, u32 frag_threshold)
1248 {
1249  __le32 tmp;
1250 
1251  netdev_dbg(usbdev->net, "%s(): %i\n", __func__, frag_threshold);
1252 
1253  if (frag_threshold < 256 || frag_threshold > 2346)
1254  frag_threshold = 2346;
1255 
1256  tmp = cpu_to_le32(frag_threshold);
1257  return rndis_set_oid(usbdev,
1259  &tmp, sizeof(tmp));
1260 }
1261 
1262 static void set_default_iw_params(struct usbnet *usbdev)
1263 {
1264  set_infra_mode(usbdev, NDIS_80211_INFRA_INFRA);
1265  set_auth_mode(usbdev, 0, NL80211_AUTHTYPE_OPEN_SYSTEM,
1267  set_priv_filter(usbdev);
1268  set_encr_mode(usbdev, RNDIS_WLAN_ALG_NONE, RNDIS_WLAN_ALG_NONE);
1269 }
1270 
1271 static int deauthenticate(struct usbnet *usbdev)
1272 {
1273  int ret;
1274 
1275  ret = disassociate(usbdev, true);
1276  set_default_iw_params(usbdev);
1277  return ret;
1278 }
1279 
1280 static int set_channel(struct usbnet *usbdev, int channel)
1281 {
1282  struct ndis_80211_conf config;
1283  unsigned int dsconfig;
1284  int len, ret;
1285 
1286  netdev_dbg(usbdev->net, "%s(%d)\n", __func__, channel);
1287 
1288  /* this OID is valid only when not associated */
1289  if (is_associated(usbdev))
1290  return 0;
1291 
1292  dsconfig = ieee80211_dsss_chan_to_freq(channel) * 1000;
1293 
1294  len = sizeof(config);
1295  ret = rndis_query_oid(usbdev,
1297  &config, &len);
1298  if (ret < 0) {
1299  netdev_dbg(usbdev->net, "%s(): querying configuration failed\n",
1300  __func__);
1301  return ret;
1302  }
1303 
1304  config.ds_config = cpu_to_le32(dsconfig);
1305  ret = rndis_set_oid(usbdev,
1307  &config, sizeof(config));
1308 
1309  netdev_dbg(usbdev->net, "%s(): %d -> %d\n", __func__, channel, ret);
1310 
1311  return ret;
1312 }
1313 
1314 static struct ieee80211_channel *get_current_channel(struct usbnet *usbdev,
1315  u32 *beacon_period)
1316 {
1317  struct rndis_wlan_private *priv = get_rndis_wlan_priv(usbdev);
1318  struct ieee80211_channel *channel;
1319  struct ndis_80211_conf config;
1320  int len, ret;
1321 
1322  /* Get channel and beacon interval */
1323  len = sizeof(config);
1324  ret = rndis_query_oid(usbdev,
1326  &config, &len);
1327  netdev_dbg(usbdev->net, "%s(): RNDIS_OID_802_11_CONFIGURATION -> %d\n",
1328  __func__, ret);
1329  if (ret < 0)
1330  return NULL;
1331 
1332  channel = ieee80211_get_channel(priv->wdev.wiphy,
1333  KHZ_TO_MHZ(le32_to_cpu(config.ds_config)));
1334  if (!channel)
1335  return NULL;
1336 
1337  if (beacon_period)
1338  *beacon_period = le32_to_cpu(config.beacon_period);
1339  return channel;
1340 }
1341 
1342 /* index must be 0 - N, as per NDIS */
1343 static int add_wep_key(struct usbnet *usbdev, const u8 *key, int key_len,
1344  u8 index)
1345 {
1346  struct rndis_wlan_private *priv = get_rndis_wlan_priv(usbdev);
1347  struct ndis_80211_wep_key ndis_key;
1348  u32 cipher;
1349  int ret;
1350 
1351  netdev_dbg(usbdev->net, "%s(idx: %d, len: %d)\n",
1352  __func__, index, key_len);
1353 
1354  if (index >= RNDIS_WLAN_NUM_KEYS)
1355  return -EINVAL;
1356 
1357  if (key_len == 5)
1358  cipher = WLAN_CIPHER_SUITE_WEP40;
1359  else if (key_len == 13)
1360  cipher = WLAN_CIPHER_SUITE_WEP104;
1361  else
1362  return -EINVAL;
1363 
1364  memset(&ndis_key, 0, sizeof(ndis_key));
1365 
1366  ndis_key.size = cpu_to_le32(sizeof(ndis_key));
1367  ndis_key.length = cpu_to_le32(key_len);
1368  ndis_key.index = cpu_to_le32(index);
1369  memcpy(&ndis_key.material, key, key_len);
1370 
1371  if (index == priv->encr_tx_key_index) {
1372  ndis_key.index |= NDIS_80211_ADDWEP_TRANSMIT_KEY;
1373  ret = set_encr_mode(usbdev, RNDIS_WLAN_ALG_WEP,
1375  if (ret)
1376  netdev_warn(usbdev->net, "encryption couldn't be enabled (%08X)\n",
1377  ret);
1378  }
1379 
1380  ret = rndis_set_oid(usbdev,
1381  RNDIS_OID_802_11_ADD_WEP, &ndis_key,
1382  sizeof(ndis_key));
1383  if (ret != 0) {
1384  netdev_warn(usbdev->net, "adding encryption key %d failed (%08X)\n",
1385  index + 1, ret);
1386  return ret;
1387  }
1388 
1389  priv->encr_keys[index].len = key_len;
1390  priv->encr_keys[index].cipher = cipher;
1391  memcpy(&priv->encr_keys[index].material, key, key_len);
1392  memset(&priv->encr_keys[index].bssid, 0xff, ETH_ALEN);
1393 
1394  return 0;
1395 }
1396 
1397 static int add_wpa_key(struct usbnet *usbdev, const u8 *key, int key_len,
1398  u8 index, const u8 *addr, const u8 *rx_seq,
1399  int seq_len, u32 cipher, __le32 flags)
1400 {
1401  struct rndis_wlan_private *priv = get_rndis_wlan_priv(usbdev);
1402  struct ndis_80211_key ndis_key;
1403  bool is_addr_ok;
1404  int ret;
1405 
1406  if (index >= RNDIS_WLAN_NUM_KEYS) {
1407  netdev_dbg(usbdev->net, "%s(): index out of range (%i)\n",
1408  __func__, index);
1409  return -EINVAL;
1410  }
1411  if (key_len > sizeof(ndis_key.material) || key_len < 0) {
1412  netdev_dbg(usbdev->net, "%s(): key length out of range (%i)\n",
1413  __func__, key_len);
1414  return -EINVAL;
1415  }
1417  if (!rx_seq || seq_len <= 0) {
1418  netdev_dbg(usbdev->net, "%s(): recv seq flag without buffer\n",
1419  __func__);
1420  return -EINVAL;
1421  }
1422  if (rx_seq && seq_len > sizeof(ndis_key.rsc)) {
1423  netdev_dbg(usbdev->net, "%s(): too big recv seq buffer\n", __func__);
1424  return -EINVAL;
1425  }
1426  }
1427 
1428  is_addr_ok = addr && !is_zero_ether_addr(addr) &&
1429  !is_broadcast_ether_addr(addr);
1430  if ((flags & NDIS_80211_ADDKEY_PAIRWISE_KEY) && !is_addr_ok) {
1431  netdev_dbg(usbdev->net, "%s(): pairwise but bssid invalid (%pM)\n",
1432  __func__, addr);
1433  return -EINVAL;
1434  }
1435 
1436  netdev_dbg(usbdev->net, "%s(%i): flags:%i%i%i\n",
1437  __func__, index,
1438  !!(flags & NDIS_80211_ADDKEY_TRANSMIT_KEY),
1439  !!(flags & NDIS_80211_ADDKEY_PAIRWISE_KEY),
1440  !!(flags & NDIS_80211_ADDKEY_SET_INIT_RECV_SEQ));
1441 
1442  memset(&ndis_key, 0, sizeof(ndis_key));
1443 
1444  ndis_key.size = cpu_to_le32(sizeof(ndis_key) -
1445  sizeof(ndis_key.material) + key_len);
1446  ndis_key.length = cpu_to_le32(key_len);
1447  ndis_key.index = cpu_to_le32(index) | flags;
1448 
1449  if (cipher == WLAN_CIPHER_SUITE_TKIP && key_len == 32) {
1450  /* wpa_supplicant gives us the Michael MIC RX/TX keys in
1451  * different order than NDIS spec, so swap the order here. */
1452  memcpy(ndis_key.material, key, 16);
1453  memcpy(ndis_key.material + 16, key + 24, 8);
1454  memcpy(ndis_key.material + 24, key + 16, 8);
1455  } else
1456  memcpy(ndis_key.material, key, key_len);
1457 
1458  if (flags & NDIS_80211_ADDKEY_SET_INIT_RECV_SEQ)
1459  memcpy(ndis_key.rsc, rx_seq, seq_len);
1460 
1461  if (flags & NDIS_80211_ADDKEY_PAIRWISE_KEY) {
1462  /* pairwise key */
1463  memcpy(ndis_key.bssid, addr, ETH_ALEN);
1464  } else {
1465  /* group key */
1466  if (priv->infra_mode == NDIS_80211_INFRA_ADHOC)
1467  memset(ndis_key.bssid, 0xff, ETH_ALEN);
1468  else
1469  get_bssid(usbdev, ndis_key.bssid);
1470  }
1471 
1472  ret = rndis_set_oid(usbdev,
1473  RNDIS_OID_802_11_ADD_KEY, &ndis_key,
1474  le32_to_cpu(ndis_key.size));
1475  netdev_dbg(usbdev->net, "%s(): RNDIS_OID_802_11_ADD_KEY -> %08X\n",
1476  __func__, ret);
1477  if (ret != 0)
1478  return ret;
1479 
1480  memset(&priv->encr_keys[index], 0, sizeof(priv->encr_keys[index]));
1481  priv->encr_keys[index].len = key_len;
1482  priv->encr_keys[index].cipher = cipher;
1483  memcpy(&priv->encr_keys[index].material, key, key_len);
1484  if (flags & NDIS_80211_ADDKEY_PAIRWISE_KEY)
1485  memcpy(&priv->encr_keys[index].bssid, ndis_key.bssid, ETH_ALEN);
1486  else
1487  memset(&priv->encr_keys[index].bssid, 0xff, ETH_ALEN);
1488 
1489  if (flags & NDIS_80211_ADDKEY_TRANSMIT_KEY)
1490  priv->encr_tx_key_index = index;
1491 
1492  return 0;
1493 }
1494 
1495 static int restore_key(struct usbnet *usbdev, u8 key_idx)
1496 {
1497  struct rndis_wlan_private *priv = get_rndis_wlan_priv(usbdev);
1498  struct rndis_wlan_encr_key key;
1499 
1500  if (is_wpa_key(priv, key_idx))
1501  return 0;
1502 
1503  key = priv->encr_keys[key_idx];
1504 
1505  netdev_dbg(usbdev->net, "%s(): %i:%i\n", __func__, key_idx, key.len);
1506 
1507  if (key.len == 0)
1508  return 0;
1509 
1510  return add_wep_key(usbdev, key.material, key.len, key_idx);
1511 }
1512 
1513 static void restore_keys(struct usbnet *usbdev)
1514 {
1515  int i;
1516 
1517  for (i = 0; i < 4; i++)
1518  restore_key(usbdev, i);
1519 }
1520 
1521 static void clear_key(struct rndis_wlan_private *priv, u8 idx)
1522 {
1523  memset(&priv->encr_keys[idx], 0, sizeof(priv->encr_keys[idx]));
1524 }
1525 
1526 /* remove_key is for both wep and wpa */
1527 static int remove_key(struct usbnet *usbdev, u8 index, const u8 *bssid)
1528 {
1529  struct rndis_wlan_private *priv = get_rndis_wlan_priv(usbdev);
1530  struct ndis_80211_remove_key remove_key;
1531  __le32 keyindex;
1532  bool is_wpa;
1533  int ret;
1534 
1535  if (index >= RNDIS_WLAN_NUM_KEYS)
1536  return -ENOENT;
1537 
1538  if (priv->encr_keys[index].len == 0)
1539  return 0;
1540 
1541  is_wpa = is_wpa_key(priv, index);
1542 
1543  netdev_dbg(usbdev->net, "%s(): %i:%s:%i\n",
1544  __func__, index, is_wpa ? "wpa" : "wep",
1545  priv->encr_keys[index].len);
1546 
1547  clear_key(priv, index);
1548 
1549  if (is_wpa) {
1550  remove_key.size = cpu_to_le32(sizeof(remove_key));
1551  remove_key.index = cpu_to_le32(index);
1552  if (bssid) {
1553  /* pairwise key */
1554  if (!is_broadcast_ether_addr(bssid))
1555  remove_key.index |=
1557  memcpy(remove_key.bssid, bssid,
1558  sizeof(remove_key.bssid));
1559  } else
1560  memset(remove_key.bssid, 0xff,
1561  sizeof(remove_key.bssid));
1562 
1563  ret = rndis_set_oid(usbdev,
1565  &remove_key, sizeof(remove_key));
1566  if (ret != 0)
1567  return ret;
1568  } else {
1569  keyindex = cpu_to_le32(index);
1570  ret = rndis_set_oid(usbdev,
1572  &keyindex, sizeof(keyindex));
1573  if (ret != 0) {
1574  netdev_warn(usbdev->net,
1575  "removing encryption key %d failed (%08X)\n",
1576  index, ret);
1577  return ret;
1578  }
1579  }
1580 
1581  /* if it is transmit key, disable encryption */
1582  if (index == priv->encr_tx_key_index)
1583  set_encr_mode(usbdev, RNDIS_WLAN_ALG_NONE, RNDIS_WLAN_ALG_NONE);
1584 
1585  return 0;
1586 }
1587 
1588 static void set_multicast_list(struct usbnet *usbdev)
1589 {
1590  struct rndis_wlan_private *priv = get_rndis_wlan_priv(usbdev);
1591  struct netdev_hw_addr *ha;
1592  __le32 filter, basefilter;
1593  int ret;
1594  char *mc_addrs = NULL;
1595  int mc_count;
1596 
1597  basefilter = filter = cpu_to_le32(RNDIS_PACKET_TYPE_DIRECTED |
1599 
1600  if (usbdev->net->flags & IFF_PROMISC) {
1603  } else if (usbdev->net->flags & IFF_ALLMULTI) {
1605  }
1606 
1607  if (filter != basefilter)
1608  goto set_filter;
1609 
1610  /*
1611  * mc_list should be accessed holding the lock, so copy addresses to
1612  * local buffer first.
1613  */
1614  netif_addr_lock_bh(usbdev->net);
1615  mc_count = netdev_mc_count(usbdev->net);
1616  if (mc_count > priv->multicast_size) {
1618  } else if (mc_count) {
1619  int i = 0;
1620 
1621  mc_addrs = kmalloc(mc_count * ETH_ALEN, GFP_ATOMIC);
1622  if (!mc_addrs) {
1623  netdev_warn(usbdev->net,
1624  "couldn't alloc %d bytes of memory\n",
1625  mc_count * ETH_ALEN);
1626  netif_addr_unlock_bh(usbdev->net);
1627  return;
1628  }
1629 
1630  netdev_for_each_mc_addr(ha, usbdev->net)
1631  memcpy(mc_addrs + i++ * ETH_ALEN,
1632  ha->addr, ETH_ALEN);
1633  }
1634  netif_addr_unlock_bh(usbdev->net);
1635 
1636  if (filter != basefilter)
1637  goto set_filter;
1638 
1639  if (mc_count) {
1640  ret = rndis_set_oid(usbdev,
1642  mc_addrs, mc_count * ETH_ALEN);
1643  kfree(mc_addrs);
1644  if (ret == 0)
1646  else
1648 
1649  netdev_dbg(usbdev->net, "RNDIS_OID_802_3_MULTICAST_LIST(%d, max: %d) -> %d\n",
1650  mc_count, priv->multicast_size, ret);
1651  }
1652 
1653 set_filter:
1654  ret = rndis_set_oid(usbdev, RNDIS_OID_GEN_CURRENT_PACKET_FILTER, &filter,
1655  sizeof(filter));
1656  if (ret < 0) {
1657  netdev_warn(usbdev->net, "couldn't set packet filter: %08x\n",
1658  le32_to_cpu(filter));
1659  }
1660 
1661  netdev_dbg(usbdev->net, "RNDIS_OID_GEN_CURRENT_PACKET_FILTER(%08x) -> %d\n",
1662  le32_to_cpu(filter), ret);
1663 }
1664 
1665 #ifdef DEBUG
1666 static void debug_print_pmkids(struct usbnet *usbdev,
1667  struct ndis_80211_pmkid *pmkids,
1668  const char *func_str)
1669 {
1670  struct rndis_wlan_private *priv = get_rndis_wlan_priv(usbdev);
1671  int i, len, count, max_pmkids, entry_len;
1672 
1673  max_pmkids = priv->wdev.wiphy->max_num_pmkids;
1674  len = le32_to_cpu(pmkids->length);
1675  count = le32_to_cpu(pmkids->bssid_info_count);
1676 
1677  entry_len = (count > 0) ? (len - sizeof(*pmkids)) / count : -1;
1678 
1679  netdev_dbg(usbdev->net, "%s(): %d PMKIDs (data len: %d, entry len: "
1680  "%d)\n", func_str, count, len, entry_len);
1681 
1682  if (count > max_pmkids)
1683  count = max_pmkids;
1684 
1685  for (i = 0; i < count; i++) {
1686  u32 *tmp = (u32 *)pmkids->bssid_info[i].pmkid;
1687 
1688  netdev_dbg(usbdev->net, "%s(): bssid: %pM, "
1689  "pmkid: %08X:%08X:%08X:%08X\n",
1690  func_str, pmkids->bssid_info[i].bssid,
1691  cpu_to_be32(tmp[0]), cpu_to_be32(tmp[1]),
1692  cpu_to_be32(tmp[2]), cpu_to_be32(tmp[3]));
1693  }
1694 }
1695 #else
1696 static void debug_print_pmkids(struct usbnet *usbdev,
1697  struct ndis_80211_pmkid *pmkids,
1698  const char *func_str)
1699 {
1700  return;
1701 }
1702 #endif
1703 
1704 static struct ndis_80211_pmkid *get_device_pmkids(struct usbnet *usbdev)
1705 {
1706  struct rndis_wlan_private *priv = get_rndis_wlan_priv(usbdev);
1707  struct ndis_80211_pmkid *pmkids;
1708  int len, ret, max_pmkids;
1709 
1710  max_pmkids = priv->wdev.wiphy->max_num_pmkids;
1711  len = sizeof(*pmkids) + max_pmkids * sizeof(pmkids->bssid_info[0]);
1712 
1713  pmkids = kzalloc(len, GFP_KERNEL);
1714  if (!pmkids)
1715  return ERR_PTR(-ENOMEM);
1716 
1717  pmkids->length = cpu_to_le32(len);
1718  pmkids->bssid_info_count = cpu_to_le32(max_pmkids);
1719 
1720  ret = rndis_query_oid(usbdev, RNDIS_OID_802_11_PMKID,
1721  pmkids, &len);
1722  if (ret < 0) {
1723  netdev_dbg(usbdev->net, "%s(): RNDIS_OID_802_11_PMKID(%d, %d)"
1724  " -> %d\n", __func__, len, max_pmkids, ret);
1725 
1726  kfree(pmkids);
1727  return ERR_PTR(ret);
1728  }
1729 
1730  if (le32_to_cpu(pmkids->bssid_info_count) > max_pmkids)
1731  pmkids->bssid_info_count = cpu_to_le32(max_pmkids);
1732 
1733  debug_print_pmkids(usbdev, pmkids, __func__);
1734 
1735  return pmkids;
1736 }
1737 
1738 static int set_device_pmkids(struct usbnet *usbdev,
1739  struct ndis_80211_pmkid *pmkids)
1740 {
1741  int ret, len, num_pmkids;
1742 
1743  num_pmkids = le32_to_cpu(pmkids->bssid_info_count);
1744  len = sizeof(*pmkids) + num_pmkids * sizeof(pmkids->bssid_info[0]);
1745  pmkids->length = cpu_to_le32(len);
1746 
1747  debug_print_pmkids(usbdev, pmkids, __func__);
1748 
1749  ret = rndis_set_oid(usbdev, RNDIS_OID_802_11_PMKID, pmkids,
1750  le32_to_cpu(pmkids->length));
1751  if (ret < 0) {
1752  netdev_dbg(usbdev->net, "%s(): RNDIS_OID_802_11_PMKID(%d, %d) -> %d"
1753  "\n", __func__, len, num_pmkids, ret);
1754  }
1755 
1756  kfree(pmkids);
1757  return ret;
1758 }
1759 
1760 static struct ndis_80211_pmkid *remove_pmkid(struct usbnet *usbdev,
1761  struct ndis_80211_pmkid *pmkids,
1762  struct cfg80211_pmksa *pmksa,
1763  int max_pmkids)
1764 {
1765  int i, newlen, err;
1766  unsigned int count;
1767 
1768  count = le32_to_cpu(pmkids->bssid_info_count);
1769 
1770  if (count > max_pmkids)
1771  count = max_pmkids;
1772 
1773  for (i = 0; i < count; i++)
1774  if (ether_addr_equal(pmkids->bssid_info[i].bssid,
1775  pmksa->bssid))
1776  break;
1777 
1778  /* pmkid not found */
1779  if (i == count) {
1780  netdev_dbg(usbdev->net, "%s(): bssid not found (%pM)\n",
1781  __func__, pmksa->bssid);
1782  err = -ENOENT;
1783  goto error;
1784  }
1785 
1786  for (; i + 1 < count; i++)
1787  pmkids->bssid_info[i] = pmkids->bssid_info[i + 1];
1788 
1789  count--;
1790  newlen = sizeof(*pmkids) + count * sizeof(pmkids->bssid_info[0]);
1791 
1792  pmkids->length = cpu_to_le32(newlen);
1793  pmkids->bssid_info_count = cpu_to_le32(count);
1794 
1795  return pmkids;
1796 error:
1797  kfree(pmkids);
1798  return ERR_PTR(err);
1799 }
1800 
1801 static struct ndis_80211_pmkid *update_pmkid(struct usbnet *usbdev,
1802  struct ndis_80211_pmkid *pmkids,
1803  struct cfg80211_pmksa *pmksa,
1804  int max_pmkids)
1805 {
1806  struct ndis_80211_pmkid *new_pmkids;
1807  int i, err, newlen;
1808  unsigned int count;
1809 
1810  count = le32_to_cpu(pmkids->bssid_info_count);
1811 
1812  if (count > max_pmkids)
1813  count = max_pmkids;
1814 
1815  /* update with new pmkid */
1816  for (i = 0; i < count; i++) {
1817  if (!ether_addr_equal(pmkids->bssid_info[i].bssid,
1818  pmksa->bssid))
1819  continue;
1820 
1821  memcpy(pmkids->bssid_info[i].pmkid, pmksa->pmkid,
1822  WLAN_PMKID_LEN);
1823 
1824  return pmkids;
1825  }
1826 
1827  /* out of space, return error */
1828  if (i == max_pmkids) {
1829  netdev_dbg(usbdev->net, "%s(): out of space\n", __func__);
1830  err = -ENOSPC;
1831  goto error;
1832  }
1833 
1834  /* add new pmkid */
1835  newlen = sizeof(*pmkids) + (count + 1) * sizeof(pmkids->bssid_info[0]);
1836 
1837  new_pmkids = krealloc(pmkids, newlen, GFP_KERNEL);
1838  if (!new_pmkids) {
1839  err = -ENOMEM;
1840  goto error;
1841  }
1842  pmkids = new_pmkids;
1843 
1844  pmkids->length = cpu_to_le32(newlen);
1845  pmkids->bssid_info_count = cpu_to_le32(count + 1);
1846 
1847  memcpy(pmkids->bssid_info[count].bssid, pmksa->bssid, ETH_ALEN);
1848  memcpy(pmkids->bssid_info[count].pmkid, pmksa->pmkid, WLAN_PMKID_LEN);
1849 
1850  return pmkids;
1851 error:
1852  kfree(pmkids);
1853  return ERR_PTR(err);
1854 }
1855 
1856 /*
1857  * cfg80211 ops
1858  */
1859 static int rndis_change_virtual_intf(struct wiphy *wiphy,
1860  struct net_device *dev,
1861  enum nl80211_iftype type, u32 *flags,
1862  struct vif_params *params)
1863 {
1864  struct rndis_wlan_private *priv = wiphy_priv(wiphy);
1865  struct usbnet *usbdev = priv->usbdev;
1866  int mode;
1867 
1868  switch (type) {
1869  case NL80211_IFTYPE_ADHOC:
1870  mode = NDIS_80211_INFRA_ADHOC;
1871  break;
1873  mode = NDIS_80211_INFRA_INFRA;
1874  break;
1875  default:
1876  return -EINVAL;
1877  }
1878 
1879  priv->wdev.iftype = type;
1880 
1881  return set_infra_mode(usbdev, mode);
1882 }
1883 
1884 static int rndis_set_wiphy_params(struct wiphy *wiphy, u32 changed)
1885 {
1886  struct rndis_wlan_private *priv = wiphy_priv(wiphy);
1887  struct usbnet *usbdev = priv->usbdev;
1888  int err;
1889 
1890  if (changed & WIPHY_PARAM_FRAG_THRESHOLD) {
1891  err = set_frag_threshold(usbdev, wiphy->frag_threshold);
1892  if (err < 0)
1893  return err;
1894  }
1895 
1896  if (changed & WIPHY_PARAM_RTS_THRESHOLD) {
1897  err = set_rts_threshold(usbdev, wiphy->rts_threshold);
1898  if (err < 0)
1899  return err;
1900  }
1901 
1902  return 0;
1903 }
1904 
1905 static int rndis_set_tx_power(struct wiphy *wiphy,
1906  enum nl80211_tx_power_setting type,
1907  int mbm)
1908 {
1909  struct rndis_wlan_private *priv = wiphy_priv(wiphy);
1910  struct usbnet *usbdev = priv->usbdev;
1911 
1912  netdev_dbg(usbdev->net, "%s(): type:0x%x mbm:%i\n",
1913  __func__, type, mbm);
1914 
1915  if (mbm < 0 || (mbm % 100))
1916  return -ENOTSUPP;
1917 
1918  /* Device doesn't support changing txpower after initialization, only
1919  * turn off/on radio. Support 'auto' mode and setting same dBm that is
1920  * currently used.
1921  */
1922  if (type == NL80211_TX_POWER_AUTOMATIC ||
1923  MBM_TO_DBM(mbm) == get_bcm4320_power_dbm(priv)) {
1924  if (!priv->radio_on)
1925  disassociate(usbdev, true); /* turn on radio */
1926 
1927  return 0;
1928  }
1929 
1930  return -ENOTSUPP;
1931 }
1932 
1933 static int rndis_get_tx_power(struct wiphy *wiphy, int *dbm)
1934 {
1935  struct rndis_wlan_private *priv = wiphy_priv(wiphy);
1936  struct usbnet *usbdev = priv->usbdev;
1937 
1938  *dbm = get_bcm4320_power_dbm(priv);
1939 
1940  netdev_dbg(usbdev->net, "%s(): dbm:%i\n", __func__, *dbm);
1941 
1942  return 0;
1943 }
1944 
1945 #define SCAN_DELAY_JIFFIES (6 * HZ)
1946 static int rndis_scan(struct wiphy *wiphy,
1948 {
1949  struct net_device *dev = request->wdev->netdev;
1950  struct usbnet *usbdev = netdev_priv(dev);
1951  struct rndis_wlan_private *priv = get_rndis_wlan_priv(usbdev);
1952  int ret;
1953  int delay = SCAN_DELAY_JIFFIES;
1954 
1955  netdev_dbg(usbdev->net, "cfg80211.scan\n");
1956 
1957  /* Get current bssid list from device before new scan, as new scan
1958  * clears internal bssid list.
1959  */
1960  rndis_check_bssid_list(usbdev, NULL, NULL);
1961 
1962  if (priv->scan_request && priv->scan_request != request)
1963  return -EBUSY;
1964 
1965  priv->scan_request = request;
1966 
1967  ret = rndis_start_bssid_list_scan(usbdev);
1968  if (ret == 0) {
1969  if (priv->device_type == RNDIS_BCM4320A)
1970  delay = HZ;
1971 
1972  /* Wait before retrieving scan results from device */
1973  queue_delayed_work(priv->workqueue, &priv->scan_work, delay);
1974  }
1975 
1976  return ret;
1977 }
1978 
1979 static bool rndis_bss_info_update(struct usbnet *usbdev,
1980  struct ndis_80211_bssid_ex *bssid)
1981 {
1982  struct rndis_wlan_private *priv = get_rndis_wlan_priv(usbdev);
1983  struct ieee80211_channel *channel;
1984  struct cfg80211_bss *bss;
1985  s32 signal;
1986  u64 timestamp;
1987  u16 capability;
1989  struct ndis_80211_fixed_ies *fixed;
1990  int ie_len, bssid_len;
1991  u8 *ie;
1992 
1993  netdev_dbg(usbdev->net, " found bssid: '%.32s' [%pM], len: %d\n",
1994  bssid->ssid.essid, bssid->mac, le32_to_cpu(bssid->length));
1995 
1996  /* parse bssid structure */
1997  bssid_len = le32_to_cpu(bssid->length);
1998 
1999  if (bssid_len < sizeof(struct ndis_80211_bssid_ex) +
2000  sizeof(struct ndis_80211_fixed_ies))
2001  return NULL;
2002 
2003  fixed = (struct ndis_80211_fixed_ies *)bssid->ies;
2004 
2005  ie = (void *)(bssid->ies + sizeof(struct ndis_80211_fixed_ies));
2006  ie_len = min(bssid_len - (int)sizeof(*bssid),
2007  (int)le32_to_cpu(bssid->ie_length));
2008  ie_len -= sizeof(struct ndis_80211_fixed_ies);
2009  if (ie_len < 0)
2010  return NULL;
2011 
2012  /* extract data for cfg80211_inform_bss */
2013  channel = ieee80211_get_channel(priv->wdev.wiphy,
2014  KHZ_TO_MHZ(le32_to_cpu(bssid->config.ds_config)));
2015  if (!channel)
2016  return NULL;
2017 
2018  signal = level_to_qual(le32_to_cpu(bssid->rssi));
2019  timestamp = le64_to_cpu(*(__le64 *)fixed->timestamp);
2020  capability = le16_to_cpu(fixed->capabilities);
2021  beacon_interval = le16_to_cpu(fixed->beacon_interval);
2022 
2023  bss = cfg80211_inform_bss(priv->wdev.wiphy, channel, bssid->mac,
2024  timestamp, capability, beacon_interval, ie, ie_len, signal,
2025  GFP_KERNEL);
2026  cfg80211_put_bss(bss);
2027 
2028  return (bss != NULL);
2029 }
2030 
2031 static struct ndis_80211_bssid_ex *next_bssid_list_item(
2032  struct ndis_80211_bssid_ex *bssid,
2033  int *bssid_len, void *buf, int len)
2034 {
2035  void *buf_end, *bssid_end;
2036 
2037  buf_end = (char *)buf + len;
2038  bssid_end = (char *)bssid + *bssid_len;
2039 
2040  if ((int)(buf_end - bssid_end) < sizeof(bssid->length)) {
2041  *bssid_len = 0;
2042  return NULL;
2043  } else {
2044  bssid = (void *)((char *)bssid + *bssid_len);
2045  *bssid_len = le32_to_cpu(bssid->length);
2046  return bssid;
2047  }
2048 }
2049 
2050 static bool check_bssid_list_item(struct ndis_80211_bssid_ex *bssid,
2051  int bssid_len, void *buf, int len)
2052 {
2053  void *buf_end, *bssid_end;
2054 
2055  if (!bssid || bssid_len <= 0 || bssid_len > len)
2056  return false;
2057 
2058  buf_end = (char *)buf + len;
2059  bssid_end = (char *)bssid + bssid_len;
2060 
2061  return (int)(buf_end - bssid_end) >= 0 && (int)(bssid_end - buf) >= 0;
2062 }
2063 
2064 static int rndis_check_bssid_list(struct usbnet *usbdev, u8 *match_bssid,
2065  bool *matched)
2066 {
2067  void *buf = NULL;
2068  struct ndis_80211_bssid_list_ex *bssid_list;
2069  struct ndis_80211_bssid_ex *bssid;
2070  int ret = -EINVAL, len, count, bssid_len, real_count, new_len;
2071 
2072  netdev_dbg(usbdev->net, "%s()\n", __func__);
2073 
2074  len = CONTROL_BUFFER_SIZE;
2075 resize_buf:
2076  buf = kzalloc(len, GFP_KERNEL);
2077  if (!buf) {
2078  ret = -ENOMEM;
2079  goto out;
2080  }
2081 
2082  /* BSSID-list might have got bigger last time we checked, keep
2083  * resizing until it won't get any bigger.
2084  */
2085  new_len = len;
2086  ret = rndis_query_oid(usbdev, RNDIS_OID_802_11_BSSID_LIST,
2087  buf, &new_len);
2088  if (ret != 0 || new_len < sizeof(struct ndis_80211_bssid_list_ex))
2089  goto out;
2090 
2091  if (new_len > len) {
2092  len = new_len;
2093  kfree(buf);
2094  goto resize_buf;
2095  }
2096 
2097  len = new_len;
2098 
2099  bssid_list = buf;
2100  count = le32_to_cpu(bssid_list->num_items);
2101  real_count = 0;
2102  netdev_dbg(usbdev->net, "%s(): buflen: %d\n", __func__, len);
2103 
2104  bssid_len = 0;
2105  bssid = next_bssid_list_item(bssid_list->bssid, &bssid_len, buf, len);
2106 
2107  /* Device returns incorrect 'num_items'. Workaround by ignoring the
2108  * received 'num_items' and walking through full bssid buffer instead.
2109  */
2110  while (check_bssid_list_item(bssid, bssid_len, buf, len)) {
2111  if (rndis_bss_info_update(usbdev, bssid) && match_bssid &&
2112  matched) {
2113  if (ether_addr_equal(bssid->mac, match_bssid))
2114  *matched = true;
2115  }
2116 
2117  real_count++;
2118  bssid = next_bssid_list_item(bssid, &bssid_len, buf, len);
2119  }
2120 
2121  netdev_dbg(usbdev->net, "%s(): num_items from device: %d, really found:"
2122  " %d\n", __func__, count, real_count);
2123 
2124 out:
2125  kfree(buf);
2126  return ret;
2127 }
2128 
2129 static void rndis_get_scan_results(struct work_struct *work)
2130 {
2131  struct rndis_wlan_private *priv =
2132  container_of(work, struct rndis_wlan_private, scan_work.work);
2133  struct usbnet *usbdev = priv->usbdev;
2134  int ret;
2135 
2136  netdev_dbg(usbdev->net, "get_scan_results\n");
2137 
2138  if (!priv->scan_request)
2139  return;
2140 
2141  ret = rndis_check_bssid_list(usbdev, NULL, NULL);
2142 
2143  cfg80211_scan_done(priv->scan_request, ret < 0);
2144 
2145  priv->scan_request = NULL;
2146 }
2147 
2148 static int rndis_connect(struct wiphy *wiphy, struct net_device *dev,
2149  struct cfg80211_connect_params *sme)
2150 {
2151  struct rndis_wlan_private *priv = wiphy_priv(wiphy);
2152  struct usbnet *usbdev = priv->usbdev;
2153  struct ieee80211_channel *channel = sme->channel;
2154  struct ndis_80211_ssid ssid;
2155  int pairwise = RNDIS_WLAN_ALG_NONE;
2156  int groupwise = RNDIS_WLAN_ALG_NONE;
2157  int keymgmt = RNDIS_WLAN_KEY_MGMT_NONE;
2158  int length, i, ret, chan = -1;
2159 
2160  if (channel)
2162 
2163  groupwise = rndis_cipher_to_alg(sme->crypto.cipher_group);
2164  for (i = 0; i < sme->crypto.n_ciphers_pairwise; i++)
2165  pairwise |=
2166  rndis_cipher_to_alg(sme->crypto.ciphers_pairwise[i]);
2167 
2168  if (sme->crypto.n_ciphers_pairwise > 0 &&
2169  pairwise == RNDIS_WLAN_ALG_NONE) {
2170  netdev_err(usbdev->net, "Unsupported pairwise cipher\n");
2171  return -ENOTSUPP;
2172  }
2173 
2174  for (i = 0; i < sme->crypto.n_akm_suites; i++)
2175  keymgmt |=
2176  rndis_akm_suite_to_key_mgmt(sme->crypto.akm_suites[i]);
2177 
2178  if (sme->crypto.n_akm_suites > 0 &&
2179  keymgmt == RNDIS_WLAN_KEY_MGMT_NONE) {
2180  netdev_err(usbdev->net, "Invalid keymgmt\n");
2181  return -ENOTSUPP;
2182  }
2183 
2184  netdev_dbg(usbdev->net, "cfg80211.connect('%.32s':[%pM]:%d:[%d,0x%x:0x%x]:[0x%x:0x%x]:0x%x)\n",
2185  sme->ssid, sme->bssid, chan,
2186  sme->privacy, sme->crypto.wpa_versions, sme->auth_type,
2187  groupwise, pairwise, keymgmt);
2188 
2189  if (is_associated(usbdev))
2190  disassociate(usbdev, false);
2191 
2192  ret = set_infra_mode(usbdev, NDIS_80211_INFRA_INFRA);
2193  if (ret < 0) {
2194  netdev_dbg(usbdev->net, "connect: set_infra_mode failed, %d\n",
2195  ret);
2196  goto err_turn_radio_on;
2197  }
2198 
2199  ret = set_auth_mode(usbdev, sme->crypto.wpa_versions, sme->auth_type,
2200  keymgmt);
2201  if (ret < 0) {
2202  netdev_dbg(usbdev->net, "connect: set_auth_mode failed, %d\n",
2203  ret);
2204  goto err_turn_radio_on;
2205  }
2206 
2207  set_priv_filter(usbdev);
2208 
2209  ret = set_encr_mode(usbdev, pairwise, groupwise);
2210  if (ret < 0) {
2211  netdev_dbg(usbdev->net, "connect: set_encr_mode failed, %d\n",
2212  ret);
2213  goto err_turn_radio_on;
2214  }
2215 
2216  if (channel) {
2217  ret = set_channel(usbdev, chan);
2218  if (ret < 0) {
2219  netdev_dbg(usbdev->net, "connect: set_channel failed, %d\n",
2220  ret);
2221  goto err_turn_radio_on;
2222  }
2223  }
2224 
2225  if (sme->key && ((groupwise | pairwise) & RNDIS_WLAN_ALG_WEP)) {
2226  priv->encr_tx_key_index = sme->key_idx;
2227  ret = add_wep_key(usbdev, sme->key, sme->key_len, sme->key_idx);
2228  if (ret < 0) {
2229  netdev_dbg(usbdev->net, "connect: add_wep_key failed, %d (%d, %d)\n",
2230  ret, sme->key_len, sme->key_idx);
2231  goto err_turn_radio_on;
2232  }
2233  }
2234 
2235  if (sme->bssid && !is_zero_ether_addr(sme->bssid) &&
2236  !is_broadcast_ether_addr(sme->bssid)) {
2237  ret = set_bssid(usbdev, sme->bssid);
2238  if (ret < 0) {
2239  netdev_dbg(usbdev->net, "connect: set_bssid failed, %d\n",
2240  ret);
2241  goto err_turn_radio_on;
2242  }
2243  } else
2244  clear_bssid(usbdev);
2245 
2246  length = sme->ssid_len;
2247  if (length > NDIS_802_11_LENGTH_SSID)
2248  length = NDIS_802_11_LENGTH_SSID;
2249 
2250  memset(&ssid, 0, sizeof(ssid));
2251  ssid.length = cpu_to_le32(length);
2252  memcpy(ssid.essid, sme->ssid, length);
2253 
2254  /* Pause and purge rx queue, so we don't pass packets before
2255  * 'media connect'-indication.
2256  */
2257  usbnet_pause_rx(usbdev);
2258  usbnet_purge_paused_rxq(usbdev);
2259 
2260  ret = set_essid(usbdev, &ssid);
2261  if (ret < 0)
2262  netdev_dbg(usbdev->net, "connect: set_essid failed, %d\n", ret);
2263  return ret;
2264 
2265 err_turn_radio_on:
2266  disassociate(usbdev, true);
2267 
2268  return ret;
2269 }
2270 
2271 static int rndis_disconnect(struct wiphy *wiphy, struct net_device *dev,
2272  u16 reason_code)
2273 {
2274  struct rndis_wlan_private *priv = wiphy_priv(wiphy);
2275  struct usbnet *usbdev = priv->usbdev;
2276 
2277  netdev_dbg(usbdev->net, "cfg80211.disconnect(%d)\n", reason_code);
2278 
2279  priv->connected = false;
2280  memset(priv->bssid, 0, ETH_ALEN);
2281 
2282  return deauthenticate(usbdev);
2283 }
2284 
2285 static int rndis_join_ibss(struct wiphy *wiphy, struct net_device *dev,
2286  struct cfg80211_ibss_params *params)
2287 {
2288  struct rndis_wlan_private *priv = wiphy_priv(wiphy);
2289  struct usbnet *usbdev = priv->usbdev;
2290  struct ieee80211_channel *channel = params->channel;
2291  struct ndis_80211_ssid ssid;
2292  enum nl80211_auth_type auth_type;
2293  int ret, alg, length, chan = -1;
2294 
2295  if (channel)
2297 
2298  /* TODO: How to handle ad-hoc encryption?
2299  * connect() has *key, join_ibss() doesn't. RNDIS requires key to be
2300  * pre-shared for encryption (open/shared/wpa), is key set before
2301  * join_ibss? Which auth_type to use (not in params)? What about WPA?
2302  */
2303  if (params->privacy) {
2304  auth_type = NL80211_AUTHTYPE_SHARED_KEY;
2305  alg = RNDIS_WLAN_ALG_WEP;
2306  } else {
2307  auth_type = NL80211_AUTHTYPE_OPEN_SYSTEM;
2308  alg = RNDIS_WLAN_ALG_NONE;
2309  }
2310 
2311  netdev_dbg(usbdev->net, "cfg80211.join_ibss('%.32s':[%pM]:%d:%d)\n",
2312  params->ssid, params->bssid, chan, params->privacy);
2313 
2314  if (is_associated(usbdev))
2315  disassociate(usbdev, false);
2316 
2317  ret = set_infra_mode(usbdev, NDIS_80211_INFRA_ADHOC);
2318  if (ret < 0) {
2319  netdev_dbg(usbdev->net, "join_ibss: set_infra_mode failed, %d\n",
2320  ret);
2321  goto err_turn_radio_on;
2322  }
2323 
2324  ret = set_auth_mode(usbdev, 0, auth_type, RNDIS_WLAN_KEY_MGMT_NONE);
2325  if (ret < 0) {
2326  netdev_dbg(usbdev->net, "join_ibss: set_auth_mode failed, %d\n",
2327  ret);
2328  goto err_turn_radio_on;
2329  }
2330 
2331  set_priv_filter(usbdev);
2332 
2333  ret = set_encr_mode(usbdev, alg, RNDIS_WLAN_ALG_NONE);
2334  if (ret < 0) {
2335  netdev_dbg(usbdev->net, "join_ibss: set_encr_mode failed, %d\n",
2336  ret);
2337  goto err_turn_radio_on;
2338  }
2339 
2340  if (channel) {
2341  ret = set_channel(usbdev, chan);
2342  if (ret < 0) {
2343  netdev_dbg(usbdev->net, "join_ibss: set_channel failed, %d\n",
2344  ret);
2345  goto err_turn_radio_on;
2346  }
2347  }
2348 
2349  if (params->bssid && !is_zero_ether_addr(params->bssid) &&
2350  !is_broadcast_ether_addr(params->bssid)) {
2351  ret = set_bssid(usbdev, params->bssid);
2352  if (ret < 0) {
2353  netdev_dbg(usbdev->net, "join_ibss: set_bssid failed, %d\n",
2354  ret);
2355  goto err_turn_radio_on;
2356  }
2357  } else
2358  clear_bssid(usbdev);
2359 
2360  length = params->ssid_len;
2361  if (length > NDIS_802_11_LENGTH_SSID)
2362  length = NDIS_802_11_LENGTH_SSID;
2363 
2364  memset(&ssid, 0, sizeof(ssid));
2365  ssid.length = cpu_to_le32(length);
2366  memcpy(ssid.essid, params->ssid, length);
2367 
2368  /* Don't need to pause rx queue for ad-hoc. */
2369  usbnet_purge_paused_rxq(usbdev);
2370  usbnet_resume_rx(usbdev);
2371 
2372  ret = set_essid(usbdev, &ssid);
2373  if (ret < 0)
2374  netdev_dbg(usbdev->net, "join_ibss: set_essid failed, %d\n",
2375  ret);
2376  return ret;
2377 
2378 err_turn_radio_on:
2379  disassociate(usbdev, true);
2380 
2381  return ret;
2382 }
2383 
2384 static int rndis_leave_ibss(struct wiphy *wiphy, struct net_device *dev)
2385 {
2386  struct rndis_wlan_private *priv = wiphy_priv(wiphy);
2387  struct usbnet *usbdev = priv->usbdev;
2388 
2389  netdev_dbg(usbdev->net, "cfg80211.leave_ibss()\n");
2390 
2391  priv->connected = false;
2392  memset(priv->bssid, 0, ETH_ALEN);
2393 
2394  return deauthenticate(usbdev);
2395 }
2396 
2397 static int rndis_add_key(struct wiphy *wiphy, struct net_device *netdev,
2398  u8 key_index, bool pairwise, const u8 *mac_addr,
2399  struct key_params *params)
2400 {
2401  struct rndis_wlan_private *priv = wiphy_priv(wiphy);
2402  struct usbnet *usbdev = priv->usbdev;
2403  __le32 flags;
2404 
2405  netdev_dbg(usbdev->net, "%s(%i, %pM, %08x)\n",
2406  __func__, key_index, mac_addr, params->cipher);
2407 
2408  switch (params->cipher) {
2411  return add_wep_key(usbdev, params->key, params->key_len,
2412  key_index);
2415  flags = 0;
2416 
2417  if (params->seq && params->seq_len > 0)
2419  if (mac_addr)
2420  flags |= NDIS_80211_ADDKEY_PAIRWISE_KEY |
2422 
2423  return add_wpa_key(usbdev, params->key, params->key_len,
2424  key_index, mac_addr, params->seq,
2425  params->seq_len, params->cipher, flags);
2426  default:
2427  netdev_dbg(usbdev->net, "%s(): unsupported cipher %08x\n",
2428  __func__, params->cipher);
2429  return -ENOTSUPP;
2430  }
2431 }
2432 
2433 static int rndis_del_key(struct wiphy *wiphy, struct net_device *netdev,
2434  u8 key_index, bool pairwise, const u8 *mac_addr)
2435 {
2436  struct rndis_wlan_private *priv = wiphy_priv(wiphy);
2437  struct usbnet *usbdev = priv->usbdev;
2438 
2439  netdev_dbg(usbdev->net, "%s(%i, %pM)\n", __func__, key_index, mac_addr);
2440 
2441  return remove_key(usbdev, key_index, mac_addr);
2442 }
2443 
2444 static int rndis_set_default_key(struct wiphy *wiphy, struct net_device *netdev,
2445  u8 key_index, bool unicast, bool multicast)
2446 {
2447  struct rndis_wlan_private *priv = wiphy_priv(wiphy);
2448  struct usbnet *usbdev = priv->usbdev;
2449  struct rndis_wlan_encr_key key;
2450 
2451  netdev_dbg(usbdev->net, "%s(%i)\n", __func__, key_index);
2452 
2453  if (key_index >= RNDIS_WLAN_NUM_KEYS)
2454  return -ENOENT;
2455 
2456  priv->encr_tx_key_index = key_index;
2457 
2458  if (is_wpa_key(priv, key_index))
2459  return 0;
2460 
2461  key = priv->encr_keys[key_index];
2462 
2463  return add_wep_key(usbdev, key.material, key.len, key_index);
2464 }
2465 
2466 static void rndis_fill_station_info(struct usbnet *usbdev,
2467  struct station_info *sinfo)
2468 {
2469  __le32 linkspeed, rssi;
2470  int ret, len;
2471 
2472  memset(sinfo, 0, sizeof(*sinfo));
2473 
2474  len = sizeof(linkspeed);
2475  ret = rndis_query_oid(usbdev, RNDIS_OID_GEN_LINK_SPEED, &linkspeed, &len);
2476  if (ret == 0) {
2477  sinfo->txrate.legacy = le32_to_cpu(linkspeed) / 1000;
2478  sinfo->filled |= STATION_INFO_TX_BITRATE;
2479  }
2480 
2481  len = sizeof(rssi);
2482  ret = rndis_query_oid(usbdev, RNDIS_OID_802_11_RSSI,
2483  &rssi, &len);
2484  if (ret == 0) {
2485  sinfo->signal = level_to_qual(le32_to_cpu(rssi));
2486  sinfo->filled |= STATION_INFO_SIGNAL;
2487  }
2488 }
2489 
2490 static int rndis_get_station(struct wiphy *wiphy, struct net_device *dev,
2491  u8 *mac, struct station_info *sinfo)
2492 {
2493  struct rndis_wlan_private *priv = wiphy_priv(wiphy);
2494  struct usbnet *usbdev = priv->usbdev;
2495 
2496  if (!ether_addr_equal(priv->bssid, mac))
2497  return -ENOENT;
2498 
2499  rndis_fill_station_info(usbdev, sinfo);
2500 
2501  return 0;
2502 }
2503 
2504 static int rndis_dump_station(struct wiphy *wiphy, struct net_device *dev,
2505  int idx, u8 *mac, struct station_info *sinfo)
2506 {
2507  struct rndis_wlan_private *priv = wiphy_priv(wiphy);
2508  struct usbnet *usbdev = priv->usbdev;
2509 
2510  if (idx != 0)
2511  return -ENOENT;
2512 
2513  memcpy(mac, priv->bssid, ETH_ALEN);
2514 
2515  rndis_fill_station_info(usbdev, sinfo);
2516 
2517  return 0;
2518 }
2519 
2520 static int rndis_set_pmksa(struct wiphy *wiphy, struct net_device *netdev,
2521  struct cfg80211_pmksa *pmksa)
2522 {
2523  struct rndis_wlan_private *priv = wiphy_priv(wiphy);
2524  struct usbnet *usbdev = priv->usbdev;
2525  struct ndis_80211_pmkid *pmkids;
2526  u32 *tmp = (u32 *)pmksa->pmkid;
2527 
2528  netdev_dbg(usbdev->net, "%s(%pM, %08X:%08X:%08X:%08X)\n", __func__,
2529  pmksa->bssid,
2530  cpu_to_be32(tmp[0]), cpu_to_be32(tmp[1]),
2531  cpu_to_be32(tmp[2]), cpu_to_be32(tmp[3]));
2532 
2533  pmkids = get_device_pmkids(usbdev);
2534  if (IS_ERR(pmkids)) {
2535  /* couldn't read PMKID cache from device */
2536  return PTR_ERR(pmkids);
2537  }
2538 
2539  pmkids = update_pmkid(usbdev, pmkids, pmksa, wiphy->max_num_pmkids);
2540  if (IS_ERR(pmkids)) {
2541  /* not found, list full, etc */
2542  return PTR_ERR(pmkids);
2543  }
2544 
2545  return set_device_pmkids(usbdev, pmkids);
2546 }
2547 
2548 static int rndis_del_pmksa(struct wiphy *wiphy, struct net_device *netdev,
2549  struct cfg80211_pmksa *pmksa)
2550 {
2551  struct rndis_wlan_private *priv = wiphy_priv(wiphy);
2552  struct usbnet *usbdev = priv->usbdev;
2553  struct ndis_80211_pmkid *pmkids;
2554  u32 *tmp = (u32 *)pmksa->pmkid;
2555 
2556  netdev_dbg(usbdev->net, "%s(%pM, %08X:%08X:%08X:%08X)\n", __func__,
2557  pmksa->bssid,
2558  cpu_to_be32(tmp[0]), cpu_to_be32(tmp[1]),
2559  cpu_to_be32(tmp[2]), cpu_to_be32(tmp[3]));
2560 
2561  pmkids = get_device_pmkids(usbdev);
2562  if (IS_ERR(pmkids)) {
2563  /* Couldn't read PMKID cache from device */
2564  return PTR_ERR(pmkids);
2565  }
2566 
2567  pmkids = remove_pmkid(usbdev, pmkids, pmksa, wiphy->max_num_pmkids);
2568  if (IS_ERR(pmkids)) {
2569  /* not found, etc */
2570  return PTR_ERR(pmkids);
2571  }
2572 
2573  return set_device_pmkids(usbdev, pmkids);
2574 }
2575 
2576 static int rndis_flush_pmksa(struct wiphy *wiphy, struct net_device *netdev)
2577 {
2578  struct rndis_wlan_private *priv = wiphy_priv(wiphy);
2579  struct usbnet *usbdev = priv->usbdev;
2580  struct ndis_80211_pmkid pmkid;
2581 
2582  netdev_dbg(usbdev->net, "%s()\n", __func__);
2583 
2584  memset(&pmkid, 0, sizeof(pmkid));
2585 
2586  pmkid.length = cpu_to_le32(sizeof(pmkid));
2587  pmkid.bssid_info_count = cpu_to_le32(0);
2588 
2589  return rndis_set_oid(usbdev, RNDIS_OID_802_11_PMKID,
2590  &pmkid, sizeof(pmkid));
2591 }
2592 
2593 static int rndis_set_power_mgmt(struct wiphy *wiphy, struct net_device *dev,
2594  bool enabled, int timeout)
2595 {
2596  struct rndis_wlan_private *priv = wiphy_priv(wiphy);
2597  struct usbnet *usbdev = priv->usbdev;
2598  int power_mode;
2599  __le32 mode;
2600  int ret;
2601 
2602  if (priv->device_type != RNDIS_BCM4320B)
2603  return -ENOTSUPP;
2604 
2605  netdev_dbg(usbdev->net, "%s(): %s, %d\n", __func__,
2606  enabled ? "enabled" : "disabled",
2607  timeout);
2608 
2609  if (enabled)
2610  power_mode = NDIS_80211_POWER_MODE_FAST_PSP;
2611  else
2612  power_mode = NDIS_80211_POWER_MODE_CAM;
2613 
2614  if (power_mode == priv->power_mode)
2615  return 0;
2616 
2617  priv->power_mode = power_mode;
2618 
2619  mode = cpu_to_le32(power_mode);
2620  ret = rndis_set_oid(usbdev, RNDIS_OID_802_11_POWER_MODE,
2621  &mode, sizeof(mode));
2622 
2623  netdev_dbg(usbdev->net, "%s(): RNDIS_OID_802_11_POWER_MODE -> %d\n",
2624  __func__, ret);
2625 
2626  return ret;
2627 }
2628 
2629 static int rndis_set_cqm_rssi_config(struct wiphy *wiphy,
2630  struct net_device *dev,
2631  s32 rssi_thold, u32 rssi_hyst)
2632 {
2633  struct rndis_wlan_private *priv = wiphy_priv(wiphy);
2634 
2635  priv->cqm_rssi_thold = rssi_thold;
2636  priv->cqm_rssi_hyst = rssi_hyst;
2637  priv->last_cqm_event_rssi = 0;
2638 
2639  return 0;
2640 }
2641 
2642 static void rndis_wlan_craft_connected_bss(struct usbnet *usbdev, u8 *bssid,
2643  struct ndis_80211_assoc_info *info)
2644 {
2645  struct rndis_wlan_private *priv = get_rndis_wlan_priv(usbdev);
2646  struct ieee80211_channel *channel;
2647  struct ndis_80211_ssid ssid;
2648  struct cfg80211_bss *bss;
2649  s32 signal;
2650  u64 timestamp;
2651  u16 capability;
2652  u32 beacon_period = 0;
2653  __le32 rssi;
2654  u8 ie_buf[34];
2655  int len, ret, ie_len;
2656 
2657  /* Get signal quality, in case of error use rssi=0 and ignore error. */
2658  len = sizeof(rssi);
2659  rssi = 0;
2660  ret = rndis_query_oid(usbdev, RNDIS_OID_802_11_RSSI,
2661  &rssi, &len);
2662  signal = level_to_qual(le32_to_cpu(rssi));
2663 
2664  netdev_dbg(usbdev->net, "%s(): RNDIS_OID_802_11_RSSI -> %d, "
2665  "rssi:%d, qual: %d\n", __func__, ret, le32_to_cpu(rssi),
2666  level_to_qual(le32_to_cpu(rssi)));
2667 
2668  /* Get AP capabilities */
2669  if (info) {
2670  capability = le16_to_cpu(info->resp_ie.capa);
2671  } else {
2672  /* Set atleast ESS/IBSS capability */
2673  capability = (priv->infra_mode == NDIS_80211_INFRA_INFRA) ?
2675  }
2676 
2677  /* Get channel and beacon interval */
2678  channel = get_current_channel(usbdev, &beacon_period);
2679  if (!channel) {
2680  netdev_warn(usbdev->net, "%s(): could not get channel.\n",
2681  __func__);
2682  return;
2683  }
2684 
2685  /* Get SSID, in case of error, use zero length SSID and ignore error. */
2686  len = sizeof(ssid);
2687  memset(&ssid, 0, sizeof(ssid));
2688  ret = rndis_query_oid(usbdev, RNDIS_OID_802_11_SSID,
2689  &ssid, &len);
2690  netdev_dbg(usbdev->net, "%s(): RNDIS_OID_802_11_SSID -> %d, len: %d, ssid: "
2691  "'%.32s'\n", __func__, ret,
2692  le32_to_cpu(ssid.length), ssid.essid);
2693 
2694  if (le32_to_cpu(ssid.length) > 32)
2695  ssid.length = cpu_to_le32(32);
2696 
2697  ie_buf[0] = WLAN_EID_SSID;
2698  ie_buf[1] = le32_to_cpu(ssid.length);
2699  memcpy(&ie_buf[2], ssid.essid, le32_to_cpu(ssid.length));
2700 
2701  ie_len = le32_to_cpu(ssid.length) + 2;
2702 
2703  /* no tsf */
2704  timestamp = 0;
2705 
2706  netdev_dbg(usbdev->net, "%s(): channel:%d(freq), bssid:[%pM], tsf:%d, "
2707  "capa:%x, beacon int:%d, resp_ie(len:%d, essid:'%.32s'), "
2708  "signal:%d\n", __func__, (channel ? channel->center_freq : -1),
2709  bssid, (u32)timestamp, capability, beacon_period, ie_len,
2710  ssid.essid, signal);
2711 
2712  bss = cfg80211_inform_bss(priv->wdev.wiphy, channel, bssid,
2713  timestamp, capability, beacon_period, ie_buf, ie_len,
2714  signal, GFP_KERNEL);
2715  cfg80211_put_bss(bss);
2716 }
2717 
2718 /*
2719  * workers, indication handlers, device poller
2720  */
2721 static void rndis_wlan_do_link_up_work(struct usbnet *usbdev)
2722 {
2723  struct rndis_wlan_private *priv = get_rndis_wlan_priv(usbdev);
2724  struct ndis_80211_assoc_info *info = NULL;
2725  u8 bssid[ETH_ALEN];
2726  unsigned int resp_ie_len, req_ie_len;
2727  unsigned int offset;
2728  u8 *req_ie, *resp_ie;
2729  int ret;
2730  bool roamed = false;
2731  bool match_bss;
2732 
2733  if (priv->infra_mode == NDIS_80211_INFRA_INFRA && priv->connected) {
2734  /* received media connect indication while connected, either
2735  * device reassociated with same AP or roamed to new. */
2736  roamed = true;
2737  }
2738 
2739  req_ie_len = 0;
2740  resp_ie_len = 0;
2741  req_ie = NULL;
2742  resp_ie = NULL;
2743 
2744  if (priv->infra_mode == NDIS_80211_INFRA_INFRA) {
2745  info = kzalloc(CONTROL_BUFFER_SIZE, GFP_KERNEL);
2746  if (!info) {
2747  /* No memory? Try resume work later */
2749  queue_work(priv->workqueue, &priv->work);
2750  return;
2751  }
2752 
2753  /* Get association info IEs from device. */
2754  ret = get_association_info(usbdev, info, CONTROL_BUFFER_SIZE);
2755  if (!ret) {
2756  req_ie_len = le32_to_cpu(info->req_ie_length);
2757  if (req_ie_len > CONTROL_BUFFER_SIZE)
2758  req_ie_len = CONTROL_BUFFER_SIZE;
2759  if (req_ie_len != 0) {
2760  offset = le32_to_cpu(info->offset_req_ies);
2761 
2762  if (offset > CONTROL_BUFFER_SIZE)
2763  offset = CONTROL_BUFFER_SIZE;
2764 
2765  req_ie = (u8 *)info + offset;
2766 
2767  if (offset + req_ie_len > CONTROL_BUFFER_SIZE)
2768  req_ie_len =
2770  }
2771 
2772  resp_ie_len = le32_to_cpu(info->resp_ie_length);
2773  if (resp_ie_len > CONTROL_BUFFER_SIZE)
2774  resp_ie_len = CONTROL_BUFFER_SIZE;
2775  if (resp_ie_len != 0) {
2776  offset = le32_to_cpu(info->offset_resp_ies);
2777 
2778  if (offset > CONTROL_BUFFER_SIZE)
2779  offset = CONTROL_BUFFER_SIZE;
2780 
2781  resp_ie = (u8 *)info + offset;
2782 
2783  if (offset + resp_ie_len > CONTROL_BUFFER_SIZE)
2784  resp_ie_len =
2786  }
2787  } else {
2788  /* Since rndis_wlan_craft_connected_bss() might use info
2789  * later and expects info to contain valid data if
2790  * non-null, free info and set NULL here.
2791  */
2792  kfree(info);
2793  info = NULL;
2794  }
2795  } else if (WARN_ON(priv->infra_mode != NDIS_80211_INFRA_ADHOC))
2796  return;
2797 
2798  ret = get_bssid(usbdev, bssid);
2799  if (ret < 0)
2800  memset(bssid, 0, sizeof(bssid));
2801 
2802  netdev_dbg(usbdev->net, "link up work: [%pM]%s\n",
2803  bssid, roamed ? " roamed" : "");
2804 
2805  /* Internal bss list in device should contain at least the currently
2806  * connected bss and we can get it to cfg80211 with
2807  * rndis_check_bssid_list().
2808  *
2809  * NDIS spec says: "If the device is associated, but the associated
2810  * BSSID is not in its BSSID scan list, then the driver must add an
2811  * entry for the BSSID at the end of the data that it returns in
2812  * response to query of RNDIS_OID_802_11_BSSID_LIST."
2813  *
2814  * NOTE: Seems to be true for BCM4320b variant, but not BCM4320a.
2815  */
2816  match_bss = false;
2817  rndis_check_bssid_list(usbdev, bssid, &match_bss);
2818 
2819  if (!is_zero_ether_addr(bssid) && !match_bss) {
2820  /* Couldn't get bss from device, we need to manually craft bss
2821  * for cfg80211.
2822  */
2823  rndis_wlan_craft_connected_bss(usbdev, bssid, info);
2824  }
2825 
2826  if (priv->infra_mode == NDIS_80211_INFRA_INFRA) {
2827  if (!roamed)
2828  cfg80211_connect_result(usbdev->net, bssid, req_ie,
2829  req_ie_len, resp_ie,
2830  resp_ie_len, 0, GFP_KERNEL);
2831  else
2832  cfg80211_roamed(usbdev->net,
2833  get_current_channel(usbdev, NULL),
2834  bssid, req_ie, req_ie_len,
2835  resp_ie, resp_ie_len, GFP_KERNEL);
2836  } else if (priv->infra_mode == NDIS_80211_INFRA_ADHOC)
2837  cfg80211_ibss_joined(usbdev->net, bssid, GFP_KERNEL);
2838 
2839  if (info != NULL)
2840  kfree(info);
2841 
2842  priv->connected = true;
2843  memcpy(priv->bssid, bssid, ETH_ALEN);
2844 
2845  usbnet_resume_rx(usbdev);
2846  netif_carrier_on(usbdev->net);
2847 }
2848 
2849 static void rndis_wlan_do_link_down_work(struct usbnet *usbdev)
2850 {
2851  struct rndis_wlan_private *priv = get_rndis_wlan_priv(usbdev);
2852 
2853  if (priv->connected) {
2854  priv->connected = false;
2855  memset(priv->bssid, 0, ETH_ALEN);
2856 
2857  deauthenticate(usbdev);
2858 
2859  cfg80211_disconnected(usbdev->net, 0, NULL, 0, GFP_KERNEL);
2860  }
2861 
2862  netif_carrier_off(usbdev->net);
2863 }
2864 
2865 static void rndis_wlan_worker(struct work_struct *work)
2866 {
2867  struct rndis_wlan_private *priv =
2868  container_of(work, struct rndis_wlan_private, work);
2869  struct usbnet *usbdev = priv->usbdev;
2870 
2872  rndis_wlan_do_link_up_work(usbdev);
2873 
2875  rndis_wlan_do_link_down_work(usbdev);
2876 
2878  set_multicast_list(usbdev);
2879 }
2880 
2881 static void rndis_wlan_set_multicast_list(struct net_device *dev)
2882 {
2883  struct usbnet *usbdev = netdev_priv(dev);
2884  struct rndis_wlan_private *priv = get_rndis_wlan_priv(usbdev);
2885 
2887  return;
2888 
2890  queue_work(priv->workqueue, &priv->work);
2891 }
2892 
2893 static void rndis_wlan_auth_indication(struct usbnet *usbdev,
2894  struct ndis_80211_status_indication *indication,
2895  int len)
2896 {
2897  u8 *buf;
2898  const char *type;
2899  int flags, buflen, key_id;
2900  bool pairwise_error, group_error;
2901  struct ndis_80211_auth_request *auth_req;
2902  enum nl80211_key_type key_type;
2903 
2904  /* must have at least one array entry */
2905  if (len < offsetof(struct ndis_80211_status_indication, u) +
2906  sizeof(struct ndis_80211_auth_request)) {
2907  netdev_info(usbdev->net, "authentication indication: too short message (%i)\n",
2908  len);
2909  return;
2910  }
2911 
2912  buf = (void *)&indication->u.auth_request[0];
2913  buflen = len - offsetof(struct ndis_80211_status_indication, u);
2914 
2915  while (buflen >= sizeof(*auth_req)) {
2916  auth_req = (void *)buf;
2917  type = "unknown";
2918  flags = le32_to_cpu(auth_req->flags);
2919  pairwise_error = false;
2920  group_error = false;
2921 
2922  if (flags & 0x1)
2923  type = "reauth request";
2924  if (flags & 0x2)
2925  type = "key update request";
2926  if (flags & 0x6) {
2927  pairwise_error = true;
2928  type = "pairwise_error";
2929  }
2930  if (flags & 0xe) {
2931  group_error = true;
2932  type = "group_error";
2933  }
2934 
2935  netdev_info(usbdev->net, "authentication indication: %s (0x%08x)\n",
2936  type, le32_to_cpu(auth_req->flags));
2937 
2938  if (pairwise_error) {
2939  key_type = NL80211_KEYTYPE_PAIRWISE;
2940  key_id = -1;
2941 
2943  auth_req->bssid,
2944  key_type, key_id, NULL,
2945  GFP_KERNEL);
2946  }
2947 
2948  if (group_error) {
2949  key_type = NL80211_KEYTYPE_GROUP;
2950  key_id = -1;
2951 
2953  auth_req->bssid,
2954  key_type, key_id, NULL,
2955  GFP_KERNEL);
2956  }
2957 
2958  buflen -= le32_to_cpu(auth_req->length);
2959  buf += le32_to_cpu(auth_req->length);
2960  }
2961 }
2962 
2963 static void rndis_wlan_pmkid_cand_list_indication(struct usbnet *usbdev,
2964  struct ndis_80211_status_indication *indication,
2965  int len)
2966 {
2967  struct ndis_80211_pmkid_cand_list *cand_list;
2968  int list_len, expected_len, i;
2969 
2970  if (len < offsetof(struct ndis_80211_status_indication, u) +
2971  sizeof(struct ndis_80211_pmkid_cand_list)) {
2972  netdev_info(usbdev->net, "pmkid candidate list indication: too short message (%i)\n",
2973  len);
2974  return;
2975  }
2976 
2977  list_len = le32_to_cpu(indication->u.cand_list.num_candidates) *
2978  sizeof(struct ndis_80211_pmkid_candidate);
2979  expected_len = sizeof(struct ndis_80211_pmkid_cand_list) + list_len +
2981 
2982  if (len < expected_len) {
2983  netdev_info(usbdev->net, "pmkid candidate list indication: list larger than buffer (%i < %i)\n",
2984  len, expected_len);
2985  return;
2986  }
2987 
2988  cand_list = &indication->u.cand_list;
2989 
2990  netdev_info(usbdev->net, "pmkid candidate list indication: version %i, candidates %i\n",
2991  le32_to_cpu(cand_list->version),
2992  le32_to_cpu(cand_list->num_candidates));
2993 
2994  if (le32_to_cpu(cand_list->version) != 1)
2995  return;
2996 
2997  for (i = 0; i < le32_to_cpu(cand_list->num_candidates); i++) {
2999  &cand_list->candidate_list[i];
3000  bool preauth = !!(cand->flags & NDIS_80211_PMKID_CAND_PREAUTH);
3001 
3002  netdev_dbg(usbdev->net, "cand[%i]: flags: 0x%08x, preauth: %d, bssid: %pM\n",
3003  i, le32_to_cpu(cand->flags), preauth, cand->bssid);
3004 
3005  cfg80211_pmksa_candidate_notify(usbdev->net, i, cand->bssid,
3006  preauth, GFP_ATOMIC);
3007  }
3008 }
3009 
3010 static void rndis_wlan_media_specific_indication(struct usbnet *usbdev,
3011  struct rndis_indicate *msg, int buflen)
3012 {
3013  struct ndis_80211_status_indication *indication;
3014  unsigned int len, offset;
3015 
3016  offset = offsetof(struct rndis_indicate, status) +
3017  le32_to_cpu(msg->offset);
3018  len = le32_to_cpu(msg->length);
3019 
3020  if (len < 8) {
3021  netdev_info(usbdev->net, "media specific indication, ignore too short message (%i < 8)\n",
3022  len);
3023  return;
3024  }
3025 
3026  if (len > buflen || offset > buflen || offset + len > buflen) {
3027  netdev_info(usbdev->net, "media specific indication, too large to fit to buffer (%i > %i)\n",
3028  offset + len, buflen);
3029  return;
3030  }
3031 
3032  indication = (void *)((u8 *)msg + offset);
3033 
3034  switch (le32_to_cpu(indication->status_type)) {
3036  netdev_info(usbdev->net, "radio state indication: %i\n",
3037  le32_to_cpu(indication->u.radio_status));
3038  return;
3039 
3041  netdev_info(usbdev->net, "media stream mode indication: %i\n",
3042  le32_to_cpu(indication->u.media_stream_mode));
3043  return;
3044 
3046  rndis_wlan_auth_indication(usbdev, indication, len);
3047  return;
3048 
3050  rndis_wlan_pmkid_cand_list_indication(usbdev, indication, len);
3051  return;
3052 
3053  default:
3054  netdev_info(usbdev->net, "media specific indication: unknown status type 0x%08x\n",
3055  le32_to_cpu(indication->status_type));
3056  }
3057 }
3058 
3059 static void rndis_wlan_indication(struct usbnet *usbdev, void *ind, int buflen)
3060 {
3061  struct rndis_wlan_private *priv = get_rndis_wlan_priv(usbdev);
3062  struct rndis_indicate *msg = ind;
3063 
3064  switch (le32_to_cpu(msg->status)) {
3067  /* RNDIS_OID_802_11_ADD_KEY causes sometimes extra
3068  * "media connect" indications which confuses driver
3069  * and userspace to think that device is
3070  * roaming/reassociating when it isn't.
3071  */
3072  netdev_dbg(usbdev->net, "ignored RNDIS_OID_802_11_ADD_KEY triggered 'media connect'\n");
3073  return;
3074  }
3075 
3076  usbnet_pause_rx(usbdev);
3077 
3078  netdev_info(usbdev->net, "media connect\n");
3079 
3080  /* queue work to avoid recursive calls into rndis_command */
3082  queue_work(priv->workqueue, &priv->work);
3083  break;
3084 
3086  netdev_info(usbdev->net, "media disconnect\n");
3087 
3088  /* queue work to avoid recursive calls into rndis_command */
3090  queue_work(priv->workqueue, &priv->work);
3091  break;
3092 
3094  rndis_wlan_media_specific_indication(usbdev, msg, buflen);
3095  break;
3096 
3097  default:
3098  netdev_info(usbdev->net, "indication: 0x%08x\n",
3099  le32_to_cpu(msg->status));
3100  break;
3101  }
3102 }
3103 
3104 static int rndis_wlan_get_caps(struct usbnet *usbdev, struct wiphy *wiphy)
3105 {
3106  struct {
3107  __le32 num_items;
3108  __le32 items[8];
3109  } networks_supported;
3110  struct ndis_80211_capability *caps;
3111  u8 caps_buf[sizeof(*caps) + sizeof(caps->auth_encr_pair) * 16];
3112  int len, retval, i, n;
3113  struct rndis_wlan_private *priv = get_rndis_wlan_priv(usbdev);
3114 
3115  /* determine supported modes */
3116  len = sizeof(networks_supported);
3117  retval = rndis_query_oid(usbdev,
3119  &networks_supported, &len);
3120  if (retval >= 0) {
3121  n = le32_to_cpu(networks_supported.num_items);
3122  if (n > 8)
3123  n = 8;
3124  for (i = 0; i < n; i++) {
3125  switch (le32_to_cpu(networks_supported.items[i])) {
3128  priv->caps |= CAP_MODE_80211B;
3129  break;
3131  priv->caps |= CAP_MODE_80211A;
3132  break;
3134  priv->caps |= CAP_MODE_80211G;
3135  break;
3136  }
3137  }
3138  }
3139 
3140  /* get device 802.11 capabilities, number of PMKIDs */
3141  caps = (struct ndis_80211_capability *)caps_buf;
3142  len = sizeof(caps_buf);
3143  retval = rndis_query_oid(usbdev,
3145  caps, &len);
3146  if (retval >= 0) {
3147  netdev_dbg(usbdev->net, "RNDIS_OID_802_11_CAPABILITY -> len %d, "
3148  "ver %d, pmkids %d, auth-encr-pairs %d\n",
3149  le32_to_cpu(caps->length),
3150  le32_to_cpu(caps->version),
3151  le32_to_cpu(caps->num_pmkids),
3153  wiphy->max_num_pmkids = le32_to_cpu(caps->num_pmkids);
3154  } else
3155  wiphy->max_num_pmkids = 0;
3156 
3157  return retval;
3158 }
3159 
3160 static void rndis_do_cqm(struct usbnet *usbdev, s32 rssi)
3161 {
3162  struct rndis_wlan_private *priv = get_rndis_wlan_priv(usbdev);
3164  int thold, hyst, last_event;
3165 
3166  if (priv->cqm_rssi_thold >= 0 || rssi >= 0)
3167  return;
3168  if (priv->infra_mode != NDIS_80211_INFRA_INFRA)
3169  return;
3170 
3171  last_event = priv->last_cqm_event_rssi;
3172  thold = priv->cqm_rssi_thold;
3173  hyst = priv->cqm_rssi_hyst;
3174 
3175  if (rssi < thold && (last_event == 0 || rssi < last_event - hyst))
3177  else if (rssi > thold && (last_event == 0 || rssi > last_event + hyst))
3179  else
3180  return;
3181 
3182  priv->last_cqm_event_rssi = rssi;
3183  cfg80211_cqm_rssi_notify(usbdev->net, event, GFP_KERNEL);
3184 }
3185 
3186 #define DEVICE_POLLER_JIFFIES (HZ)
3187 static void rndis_device_poller(struct work_struct *work)
3188 {
3189  struct rndis_wlan_private *priv =
3190  container_of(work, struct rndis_wlan_private,
3191  dev_poller_work.work);
3192  struct usbnet *usbdev = priv->usbdev;
3193  __le32 rssi, tmp;
3194  int len, ret, j;
3195  int update_jiffies = DEVICE_POLLER_JIFFIES;
3196  void *buf;
3197 
3198  /* Only check/do workaround when connected. Calling is_associated()
3199  * also polls device with rndis_command() and catches for media link
3200  * indications.
3201  */
3202  if (!is_associated(usbdev)) {
3203  /* Workaround bad scanning in BCM4320a devices with active
3204  * background scanning when not associated.
3205  */
3206  if (priv->device_type == RNDIS_BCM4320A && priv->radio_on &&
3207  !priv->scan_request) {
3208  /* Get previous scan results */
3209  rndis_check_bssid_list(usbdev, NULL, NULL);
3210 
3211  /* Initiate new scan */
3212  rndis_start_bssid_list_scan(usbdev);
3213  }
3214 
3215  goto end;
3216  }
3217 
3218  len = sizeof(rssi);
3219  ret = rndis_query_oid(usbdev, RNDIS_OID_802_11_RSSI,
3220  &rssi, &len);
3221  if (ret == 0) {
3222  priv->last_qual = level_to_qual(le32_to_cpu(rssi));
3223  rndis_do_cqm(usbdev, le32_to_cpu(rssi));
3224  }
3225 
3226  netdev_dbg(usbdev->net, "dev-poller: RNDIS_OID_802_11_RSSI -> %d, rssi:%d, qual: %d\n",
3227  ret, le32_to_cpu(rssi), level_to_qual(le32_to_cpu(rssi)));
3228 
3229  /* Workaround transfer stalls on poor quality links.
3230  * TODO: find right way to fix these stalls (as stalls do not happen
3231  * with ndiswrapper/windows driver). */
3232  if (priv->param_workaround_interval > 0 && priv->last_qual <= 25) {
3233  /* Decrease stats worker interval to catch stalls.
3234  * faster. Faster than 400-500ms causes packet loss,
3235  * Slower doesn't catch stalls fast enough.
3236  */
3238  if (j > DEVICE_POLLER_JIFFIES)
3240  else if (j <= 0)
3241  j = 1;
3242  update_jiffies = j;
3243 
3244  /* Send scan OID. Use of both OIDs is required to get device
3245  * working.
3246  */
3247  tmp = cpu_to_le32(1);
3248  rndis_set_oid(usbdev,
3250  &tmp, sizeof(tmp));
3251 
3252  len = CONTROL_BUFFER_SIZE;
3253  buf = kmalloc(len, GFP_KERNEL);
3254  if (!buf)
3255  goto end;
3256 
3257  rndis_query_oid(usbdev,
3259  buf, &len);
3260  kfree(buf);
3261  }
3262 
3263 end:
3264  if (update_jiffies >= HZ)
3265  update_jiffies = round_jiffies_relative(update_jiffies);
3266  else {
3267  j = round_jiffies_relative(update_jiffies);
3268  if (abs(j - update_jiffies) <= 10)
3269  update_jiffies = j;
3270  }
3271 
3273  update_jiffies);
3274 }
3275 
3276 /*
3277  * driver/device initialization
3278  */
3279 static void rndis_copy_module_params(struct usbnet *usbdev, int device_type)
3280 {
3281  struct rndis_wlan_private *priv = get_rndis_wlan_priv(usbdev);
3282 
3283  priv->device_type = device_type;
3284 
3285  priv->param_country[0] = modparam_country[0];
3286  priv->param_country[1] = modparam_country[1];
3287  priv->param_country[2] = 0;
3288  priv->param_frameburst = modparam_frameburst;
3289  priv->param_afterburner = modparam_afterburner;
3290  priv->param_power_save = modparam_power_save;
3291  priv->param_power_output = modparam_power_output;
3292  priv->param_roamtrigger = modparam_roamtrigger;
3293  priv->param_roamdelta = modparam_roamdelta;
3294 
3295  priv->param_country[0] = toupper(priv->param_country[0]);
3296  priv->param_country[1] = toupper(priv->param_country[1]);
3297  /* doesn't support EU as country code, use FI instead */
3298  if (!strcmp(priv->param_country, "EU"))
3299  strcpy(priv->param_country, "FI");
3300 
3301  if (priv->param_power_save < 0)
3302  priv->param_power_save = 0;
3303  else if (priv->param_power_save > 2)
3304  priv->param_power_save = 2;
3305 
3306  if (priv->param_power_output < 0)
3307  priv->param_power_output = 0;
3308  else if (priv->param_power_output > 3)
3309  priv->param_power_output = 3;
3310 
3311  if (priv->param_roamtrigger < -80)
3312  priv->param_roamtrigger = -80;
3313  else if (priv->param_roamtrigger > -60)
3314  priv->param_roamtrigger = -60;
3315 
3316  if (priv->param_roamdelta < 0)
3317  priv->param_roamdelta = 0;
3318  else if (priv->param_roamdelta > 2)
3319  priv->param_roamdelta = 2;
3320 
3321  if (modparam_workaround_interval < 0)
3322  priv->param_workaround_interval = 500;
3323  else
3324  priv->param_workaround_interval = modparam_workaround_interval;
3325 }
3326 
3327 static int unknown_early_init(struct usbnet *usbdev)
3328 {
3329  /* copy module parameters for unknown so that iwconfig reports txpower
3330  * and workaround parameter is copied to private structure correctly.
3331  */
3332  rndis_copy_module_params(usbdev, RNDIS_UNKNOWN);
3333 
3334  /* This is unknown device, so do not try set configuration parameters.
3335  */
3336 
3337  return 0;
3338 }
3339 
3340 static int bcm4320a_early_init(struct usbnet *usbdev)
3341 {
3342  /* copy module parameters for bcm4320a so that iwconfig reports txpower
3343  * and workaround parameter is copied to private structure correctly.
3344  */
3345  rndis_copy_module_params(usbdev, RNDIS_BCM4320A);
3346 
3347  /* bcm4320a doesn't handle configuration parameters well. Try
3348  * set any and you get partially zeroed mac and broken device.
3349  */
3350 
3351  return 0;
3352 }
3353 
3354 static int bcm4320b_early_init(struct usbnet *usbdev)
3355 {
3356  struct rndis_wlan_private *priv = get_rndis_wlan_priv(usbdev);
3357  char buf[8];
3358 
3359  rndis_copy_module_params(usbdev, RNDIS_BCM4320B);
3360 
3361  /* Early initialization settings, setting these won't have effect
3362  * if called after generic_rndis_bind().
3363  */
3364 
3365  rndis_set_config_parameter_str(usbdev, "Country", priv->param_country);
3366  rndis_set_config_parameter_str(usbdev, "FrameBursting",
3367  priv->param_frameburst ? "1" : "0");
3368  rndis_set_config_parameter_str(usbdev, "Afterburner",
3369  priv->param_afterburner ? "1" : "0");
3370  sprintf(buf, "%d", priv->param_power_save);
3371  rndis_set_config_parameter_str(usbdev, "PowerSaveMode", buf);
3372  sprintf(buf, "%d", priv->param_power_output);
3373  rndis_set_config_parameter_str(usbdev, "PwrOut", buf);
3374  sprintf(buf, "%d", priv->param_roamtrigger);
3375  rndis_set_config_parameter_str(usbdev, "RoamTrigger", buf);
3376  sprintf(buf, "%d", priv->param_roamdelta);
3377  rndis_set_config_parameter_str(usbdev, "RoamDelta", buf);
3378 
3379  return 0;
3380 }
3381 
3382 /* same as rndis_netdev_ops but with local multicast handler */
3383 static const struct net_device_ops rndis_wlan_netdev_ops = {
3384  .ndo_open = usbnet_open,
3385  .ndo_stop = usbnet_stop,
3386  .ndo_start_xmit = usbnet_start_xmit,
3387  .ndo_tx_timeout = usbnet_tx_timeout,
3388  .ndo_set_mac_address = eth_mac_addr,
3389  .ndo_validate_addr = eth_validate_addr,
3390  .ndo_set_rx_mode = rndis_wlan_set_multicast_list,
3391 };
3392 
3393 static int rndis_wlan_bind(struct usbnet *usbdev, struct usb_interface *intf)
3394 {
3395  struct wiphy *wiphy;
3396  struct rndis_wlan_private *priv;
3397  int retval, len;
3398  __le32 tmp;
3399 
3400  /* allocate wiphy and rndis private data
3401  * NOTE: We only support a single virtual interface, so wiphy
3402  * and wireless_dev are somewhat synonymous for this device.
3403  */
3404  wiphy = wiphy_new(&rndis_config_ops, sizeof(struct rndis_wlan_private));
3405  if (!wiphy)
3406  return -ENOMEM;
3407 
3408  priv = wiphy_priv(wiphy);
3409  usbdev->net->ieee80211_ptr = &priv->wdev;
3410  priv->wdev.wiphy = wiphy;
3411  priv->wdev.iftype = NL80211_IFTYPE_STATION;
3412 
3413  /* These have to be initialized before calling generic_rndis_bind().
3414  * Otherwise we'll be in big trouble in rndis_wlan_early_init().
3415  */
3416  usbdev->driver_priv = priv;
3417  priv->usbdev = usbdev;
3418 
3419  mutex_init(&priv->command_lock);
3420 
3421  /* because rndis_command() sleeps we need to use workqueue */
3422  priv->workqueue = create_singlethread_workqueue("rndis_wlan");
3423  INIT_WORK(&priv->work, rndis_wlan_worker);
3424  INIT_DELAYED_WORK(&priv->dev_poller_work, rndis_device_poller);
3425  INIT_DELAYED_WORK(&priv->scan_work, rndis_get_scan_results);
3426 
3427  /* try bind rndis_host */
3428  retval = generic_rndis_bind(usbdev, intf, FLAG_RNDIS_PHYM_WIRELESS);
3429  if (retval < 0)
3430  goto fail;
3431 
3432  /* generic_rndis_bind set packet filter to multicast_all+
3433  * promisc mode which doesn't work well for our devices (device
3434  * picks up rssi to closest station instead of to access point).
3435  *
3436  * rndis_host wants to avoid all OID as much as possible
3437  * so do promisc/multicast handling in rndis_wlan.
3438  */
3439  usbdev->net->netdev_ops = &rndis_wlan_netdev_ops;
3440 
3442  retval = rndis_set_oid(usbdev,
3444  &tmp, sizeof(tmp));
3445 
3446  len = sizeof(tmp);
3447  retval = rndis_query_oid(usbdev,
3449  &tmp, &len);
3450  priv->multicast_size = le32_to_cpu(tmp);
3451  if (retval < 0 || priv->multicast_size < 0)
3452  priv->multicast_size = 0;
3453  if (priv->multicast_size > 0)
3454  usbdev->net->flags |= IFF_MULTICAST;
3455  else
3456  usbdev->net->flags &= ~IFF_MULTICAST;
3457 
3458  /* fill-out wiphy structure and register w/ cfg80211 */
3459  memcpy(wiphy->perm_addr, usbdev->net->dev_addr, ETH_ALEN);
3460  wiphy->privid = rndis_wiphy_privid;
3463  wiphy->max_scan_ssids = 1;
3464 
3465  /* TODO: fill-out band/encr information based on priv->caps */
3466  rndis_wlan_get_caps(usbdev, wiphy);
3467 
3468  memcpy(priv->channels, rndis_channels, sizeof(rndis_channels));
3469  memcpy(priv->rates, rndis_rates, sizeof(rndis_rates));
3470  priv->band.channels = priv->channels;
3471  priv->band.n_channels = ARRAY_SIZE(rndis_channels);
3472  priv->band.bitrates = priv->rates;
3473  priv->band.n_bitrates = ARRAY_SIZE(rndis_rates);
3474  wiphy->bands[IEEE80211_BAND_2GHZ] = &priv->band;
3476 
3477  memcpy(priv->cipher_suites, rndis_cipher_suites,
3478  sizeof(rndis_cipher_suites));
3479  wiphy->cipher_suites = priv->cipher_suites;
3480  wiphy->n_cipher_suites = ARRAY_SIZE(rndis_cipher_suites);
3481 
3482  set_wiphy_dev(wiphy, &usbdev->udev->dev);
3483 
3484  if (wiphy_register(wiphy)) {
3485  retval = -ENODEV;
3486  goto fail;
3487  }
3488 
3489  set_default_iw_params(usbdev);
3490 
3491  priv->power_mode = -1;
3492 
3493  /* set default rts/frag */
3494  rndis_set_wiphy_params(wiphy,
3495  WIPHY_PARAM_FRAG_THRESHOLD | WIPHY_PARAM_RTS_THRESHOLD);
3496 
3497  /* turn radio off on init */
3498  priv->radio_on = false;
3499  disassociate(usbdev, false);
3500  netif_carrier_off(usbdev->net);
3501 
3502  return 0;
3503 
3504 fail:
3507  cancel_work_sync(&priv->work);
3508  flush_workqueue(priv->workqueue);
3510 
3511  wiphy_free(wiphy);
3512  return retval;
3513 }
3514 
3515 static void rndis_wlan_unbind(struct usbnet *usbdev, struct usb_interface *intf)
3516 {
3517  struct rndis_wlan_private *priv = get_rndis_wlan_priv(usbdev);
3518 
3519  /* turn radio off */
3520  disassociate(usbdev, false);
3521 
3524  cancel_work_sync(&priv->work);
3525  flush_workqueue(priv->workqueue);
3527 
3528  rndis_unbind(usbdev, intf);
3529 
3530  wiphy_unregister(priv->wdev.wiphy);
3531  wiphy_free(priv->wdev.wiphy);
3532 }
3533 
3534 static int rndis_wlan_reset(struct usbnet *usbdev)
3535 {
3536  struct rndis_wlan_private *priv = get_rndis_wlan_priv(usbdev);
3537  int retval;
3538 
3539  netdev_dbg(usbdev->net, "%s()\n", __func__);
3540 
3541  retval = rndis_reset(usbdev);
3542  if (retval)
3543  netdev_warn(usbdev->net, "rndis_reset failed: %d\n", retval);
3544 
3545  /* rndis_reset cleared multicast list, so restore here.
3546  (set_multicast_list() also turns on current packet filter) */
3547  set_multicast_list(usbdev);
3548 
3551 
3552  return deauthenticate(usbdev);
3553 }
3554 
3555 static int rndis_wlan_stop(struct usbnet *usbdev)
3556 {
3557  struct rndis_wlan_private *priv = get_rndis_wlan_priv(usbdev);
3558  int retval;
3559  __le32 filter;
3560 
3561  netdev_dbg(usbdev->net, "%s()\n", __func__);
3562 
3563  retval = disassociate(usbdev, false);
3564 
3565  priv->work_pending = 0;
3568  cancel_work_sync(&priv->work);
3569  flush_workqueue(priv->workqueue);
3570 
3571  if (priv->scan_request) {
3572  cfg80211_scan_done(priv->scan_request, true);
3573  priv->scan_request = NULL;
3574  }
3575 
3576  /* Set current packet filter zero to block receiving data packets from
3577  device. */
3578  filter = 0;
3579  rndis_set_oid(usbdev, RNDIS_OID_GEN_CURRENT_PACKET_FILTER, &filter,
3580  sizeof(filter));
3581 
3582  return retval;
3583 }
3584 
3585 static const struct driver_info bcm4320b_info = {
3586  .description = "Wireless RNDIS device, BCM4320b based",
3589  .bind = rndis_wlan_bind,
3590  .unbind = rndis_wlan_unbind,
3591  .status = rndis_status,
3592  .rx_fixup = rndis_rx_fixup,
3593  .tx_fixup = rndis_tx_fixup,
3594  .reset = rndis_wlan_reset,
3595  .stop = rndis_wlan_stop,
3596  .early_init = bcm4320b_early_init,
3597  .indication = rndis_wlan_indication,
3598 };
3599 
3600 static const struct driver_info bcm4320a_info = {
3601  .description = "Wireless RNDIS device, BCM4320a based",
3604  .bind = rndis_wlan_bind,
3605  .unbind = rndis_wlan_unbind,
3606  .status = rndis_status,
3607  .rx_fixup = rndis_rx_fixup,
3608  .tx_fixup = rndis_tx_fixup,
3609  .reset = rndis_wlan_reset,
3610  .stop = rndis_wlan_stop,
3611  .early_init = bcm4320a_early_init,
3612  .indication = rndis_wlan_indication,
3613 };
3614 
3615 static const struct driver_info rndis_wlan_info = {
3616  .description = "Wireless RNDIS device",
3619  .bind = rndis_wlan_bind,
3620  .unbind = rndis_wlan_unbind,
3621  .status = rndis_status,
3622  .rx_fixup = rndis_rx_fixup,
3623  .tx_fixup = rndis_tx_fixup,
3624  .reset = rndis_wlan_reset,
3625  .stop = rndis_wlan_stop,
3626  .early_init = unknown_early_init,
3627  .indication = rndis_wlan_indication,
3628 };
3629 
3630 /*-------------------------------------------------------------------------*/
3631 
3632 static const struct usb_device_id products [] = {
3633 #define RNDIS_MASTER_INTERFACE \
3634  .bInterfaceClass = USB_CLASS_COMM, \
3635  .bInterfaceSubClass = 2 /* ACM */, \
3636  .bInterfaceProtocol = 0x0ff
3637 
3638 /* INF driver for these devices have DriverVer >= 4.xx.xx.xx and many custom
3639  * parameters available. Chipset marked as 'BCM4320SKFBG' in NDISwrapper-wiki.
3640  */
3641 {
3642  .match_flags = USB_DEVICE_ID_MATCH_INT_INFO
3643  | USB_DEVICE_ID_MATCH_DEVICE,
3644  .idVendor = 0x0411,
3645  .idProduct = 0x00bc, /* Buffalo WLI-U2-KG125S */
3647  .driver_info = (unsigned long) &bcm4320b_info,
3648 }, {
3649  .match_flags = USB_DEVICE_ID_MATCH_INT_INFO
3650  | USB_DEVICE_ID_MATCH_DEVICE,
3651  .idVendor = 0x0baf,
3652  .idProduct = 0x011b, /* U.S. Robotics USR5421 */
3654  .driver_info = (unsigned long) &bcm4320b_info,
3655 }, {
3656  .match_flags = USB_DEVICE_ID_MATCH_INT_INFO
3657  | USB_DEVICE_ID_MATCH_DEVICE,
3658  .idVendor = 0x050d,
3659  .idProduct = 0x011b, /* Belkin F5D7051 */
3661  .driver_info = (unsigned long) &bcm4320b_info,
3662 }, {
3663  .match_flags = USB_DEVICE_ID_MATCH_INT_INFO
3664  | USB_DEVICE_ID_MATCH_DEVICE,
3665  .idVendor = 0x1799, /* Belkin has two vendor ids */
3666  .idProduct = 0x011b, /* Belkin F5D7051 */
3668  .driver_info = (unsigned long) &bcm4320b_info,
3669 }, {
3670  .match_flags = USB_DEVICE_ID_MATCH_INT_INFO
3671  | USB_DEVICE_ID_MATCH_DEVICE,
3672  .idVendor = 0x13b1,
3673  .idProduct = 0x0014, /* Linksys WUSB54GSv2 */
3675  .driver_info = (unsigned long) &bcm4320b_info,
3676 }, {
3677  .match_flags = USB_DEVICE_ID_MATCH_INT_INFO
3678  | USB_DEVICE_ID_MATCH_DEVICE,
3679  .idVendor = 0x13b1,
3680  .idProduct = 0x0026, /* Linksys WUSB54GSC */
3682  .driver_info = (unsigned long) &bcm4320b_info,
3683 }, {
3684  .match_flags = USB_DEVICE_ID_MATCH_INT_INFO
3685  | USB_DEVICE_ID_MATCH_DEVICE,
3686  .idVendor = 0x0b05,
3687  .idProduct = 0x1717, /* Asus WL169gE */
3689  .driver_info = (unsigned long) &bcm4320b_info,
3690 }, {
3691  .match_flags = USB_DEVICE_ID_MATCH_INT_INFO
3692  | USB_DEVICE_ID_MATCH_DEVICE,
3693  .idVendor = 0x0a5c,
3694  .idProduct = 0xd11b, /* Eminent EM4045 */
3696  .driver_info = (unsigned long) &bcm4320b_info,
3697 }, {
3698  .match_flags = USB_DEVICE_ID_MATCH_INT_INFO
3699  | USB_DEVICE_ID_MATCH_DEVICE,
3700  .idVendor = 0x1690,
3701  .idProduct = 0x0715, /* BT Voyager 1055 */
3703  .driver_info = (unsigned long) &bcm4320b_info,
3704 },
3705 /* These devices have DriverVer < 4.xx.xx.xx and do not have any custom
3706  * parameters available, hardware probably contain older firmware version with
3707  * no way of updating. Chipset marked as 'BCM4320????' in NDISwrapper-wiki.
3708  */
3709 {
3710  .match_flags = USB_DEVICE_ID_MATCH_INT_INFO
3711  | USB_DEVICE_ID_MATCH_DEVICE,
3712  .idVendor = 0x13b1,
3713  .idProduct = 0x000e, /* Linksys WUSB54GSv1 */
3715  .driver_info = (unsigned long) &bcm4320a_info,
3716 }, {
3717  .match_flags = USB_DEVICE_ID_MATCH_INT_INFO
3718  | USB_DEVICE_ID_MATCH_DEVICE,
3719  .idVendor = 0x0baf,
3720  .idProduct = 0x0111, /* U.S. Robotics USR5420 */
3722  .driver_info = (unsigned long) &bcm4320a_info,
3723 }, {
3724  .match_flags = USB_DEVICE_ID_MATCH_INT_INFO
3725  | USB_DEVICE_ID_MATCH_DEVICE,
3726  .idVendor = 0x0411,
3727  .idProduct = 0x004b, /* BUFFALO WLI-USB-G54 */
3729  .driver_info = (unsigned long) &bcm4320a_info,
3730 },
3731 /* Generic Wireless RNDIS devices that we don't have exact
3732  * idVendor/idProduct/chip yet.
3733  */
3734 {
3735  /* RNDIS is MSFT's un-official variant of CDC ACM */
3736  USB_INTERFACE_INFO(USB_CLASS_COMM, 2 /* ACM */, 0x0ff),
3737  .driver_info = (unsigned long) &rndis_wlan_info,
3738 }, {
3739  /* "ActiveSync" is an undocumented variant of RNDIS, used in WM5 */
3740  USB_INTERFACE_INFO(USB_CLASS_MISC, 1, 1),
3741  .driver_info = (unsigned long) &rndis_wlan_info,
3742 },
3743  { }, // END
3744 };
3745 MODULE_DEVICE_TABLE(usb, products);
3746 
3747 static struct usb_driver rndis_wlan_driver = {
3748  .name = "rndis_wlan",
3749  .id_table = products,
3750  .probe = usbnet_probe,
3751  .disconnect = usbnet_disconnect,
3752  .suspend = usbnet_suspend,
3753  .resume = usbnet_resume,
3754  .disable_hub_initiated_lpm = 1,
3755 };
3756 
3757 module_usb_driver(rndis_wlan_driver);
3758 
3759 MODULE_AUTHOR("Bjorge Dijkstra");
3760 MODULE_AUTHOR("Jussi Kivilinna");
3761 MODULE_DESCRIPTION("Driver for RNDIS based USB Wireless adapters");
3762 MODULE_LICENSE("GPL");
3763