2 * Intersil Prism2 driver with Host AP (software access point) support
3 * Copyright (c) 2001-2002, SSH Communications Security Corp and Jouni Malinen
5 * Copyright (c) 2002-2005, Jouni Malinen <j@w1.fi>
7 * This file is to be included into hostap.c when S/W AP functionality is
11 * - if unicast Class 2 (assoc,reassoc,disassoc) frame received from
12 * unauthenticated STA, send deauth. frame (8802.11: 5.5)
13 * - if unicast Class 3 (data with to/from DS,deauth,pspoll) frame received
14 * from authenticated, but unassoc STA, send disassoc frame (8802.11: 5.5)
15 * - if unicast Class 3 received from unauthenticated STA, send deauth. frame
19 #include <linux/proc_fs.h>
20 #include <linux/delay.h>
21 #include <linux/random.h>
22 #include <linux/if_arp.h>
23 #include <linux/slab.h>
24 #include <linux/export.h>
26 #include "hostap_wlan.h"
28 #include "hostap_ap.h"
30 static int other_ap_policy[MAX_PARM_DEVICES] = { AP_OTHER_AP_SKIP_ALL,
32 module_param_array(other_ap_policy, int, NULL, 0444);
33 MODULE_PARM_DESC(other_ap_policy, "Other AP beacon monitoring policy (0-3)");
35 static int ap_max_inactivity[MAX_PARM_DEVICES] = { AP_MAX_INACTIVITY_SEC,
37 module_param_array(ap_max_inactivity, int, NULL, 0444);
38 MODULE_PARM_DESC(ap_max_inactivity, "AP timeout (in seconds) for station "
41 static int ap_bridge_packets[MAX_PARM_DEVICES] = { 1, DEF_INTS };
42 module_param_array(ap_bridge_packets, int, NULL, 0444);
43 MODULE_PARM_DESC(ap_bridge_packets, "Bridge packets directly between "
46 static int autom_ap_wds[MAX_PARM_DEVICES] = { 0, DEF_INTS };
47 module_param_array(autom_ap_wds, int, NULL, 0444);
48 MODULE_PARM_DESC(autom_ap_wds, "Add WDS connections to other APs "
52 static struct sta_info* ap_get_sta(struct ap_data *ap, u8 *sta);
53 static void hostap_event_expired_sta(struct net_device *dev,
54 struct sta_info *sta);
55 static void handle_add_proc_queue(struct work_struct *work);
57 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
58 static void handle_wds_oper_queue(struct work_struct *work);
59 static void prism2_send_mgmt(struct net_device *dev,
60 u16 type_subtype, char *body,
61 int body_len, u8 *addr, u16 tx_cb_idx);
62 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
65 #ifndef PRISM2_NO_PROCFS_DEBUG
66 static int ap_debug_proc_read(char *page, char **start, off_t off,
67 int count, int *eof, void *data)
70 struct ap_data *ap = (struct ap_data *) data;
77 p += sprintf(p, "BridgedUnicastFrames=%u\n", ap->bridged_unicast);
78 p += sprintf(p, "BridgedMulticastFrames=%u\n", ap->bridged_multicast);
79 p += sprintf(p, "max_inactivity=%u\n", ap->max_inactivity / HZ);
80 p += sprintf(p, "bridge_packets=%u\n", ap->bridge_packets);
81 p += sprintf(p, "nullfunc_ack=%u\n", ap->nullfunc_ack);
82 p += sprintf(p, "autom_ap_wds=%u\n", ap->autom_ap_wds);
83 p += sprintf(p, "auth_algs=%u\n", ap->local->auth_algs);
84 p += sprintf(p, "tx_drop_nonassoc=%u\n", ap->tx_drop_nonassoc);
88 #endif /* PRISM2_NO_PROCFS_DEBUG */
91 static void ap_sta_hash_add(struct ap_data *ap, struct sta_info *sta)
93 sta->hnext = ap->sta_hash[STA_HASH(sta->addr)];
94 ap->sta_hash[STA_HASH(sta->addr)] = sta;
97 static void ap_sta_hash_del(struct ap_data *ap, struct sta_info *sta)
101 s = ap->sta_hash[STA_HASH(sta->addr)];
102 if (s == NULL) return;
103 if (memcmp(s->addr, sta->addr, ETH_ALEN) == 0) {
104 ap->sta_hash[STA_HASH(sta->addr)] = s->hnext;
108 while (s->hnext != NULL && memcmp(s->hnext->addr, sta->addr, ETH_ALEN)
111 if (s->hnext != NULL)
112 s->hnext = s->hnext->hnext;
114 printk("AP: could not remove STA %pM from hash table\n",
118 static void ap_free_sta(struct ap_data *ap, struct sta_info *sta)
120 if (sta->ap && sta->local)
121 hostap_event_expired_sta(sta->local->dev, sta);
123 if (ap->proc != NULL) {
125 sprintf(name, "%pM", sta->addr);
126 remove_proc_entry(name, ap->proc);
130 sta->crypt->ops->deinit(sta->crypt->priv);
135 skb_queue_purge(&sta->tx_buf);
138 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
140 ap->sta_aid[sta->aid - 1] = NULL;
142 if (!sta->ap && sta->u.sta.challenge)
143 kfree(sta->u.sta.challenge);
144 del_timer(&sta->timer);
145 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
151 static void hostap_set_tim(local_info_t *local, int aid, int set)
153 if (local->func->set_tim)
154 local->func->set_tim(local->dev, aid, set);
158 static void hostap_event_new_sta(struct net_device *dev, struct sta_info *sta)
160 union iwreq_data wrqu;
161 memset(&wrqu, 0, sizeof(wrqu));
162 memcpy(wrqu.addr.sa_data, sta->addr, ETH_ALEN);
163 wrqu.addr.sa_family = ARPHRD_ETHER;
164 wireless_send_event(dev, IWEVREGISTERED, &wrqu, NULL);
168 static void hostap_event_expired_sta(struct net_device *dev,
169 struct sta_info *sta)
171 union iwreq_data wrqu;
172 memset(&wrqu, 0, sizeof(wrqu));
173 memcpy(wrqu.addr.sa_data, sta->addr, ETH_ALEN);
174 wrqu.addr.sa_family = ARPHRD_ETHER;
175 wireless_send_event(dev, IWEVEXPIRED, &wrqu, NULL);
179 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
181 static void ap_handle_timer(unsigned long data)
183 struct sta_info *sta = (struct sta_info *) data;
186 unsigned long next_time = 0;
189 if (sta == NULL || sta->local == NULL || sta->local->ap == NULL) {
190 PDEBUG(DEBUG_AP, "ap_handle_timer() called with NULL data\n");
196 was_assoc = sta->flags & WLAN_STA_ASSOC;
198 if (atomic_read(&sta->users) != 0)
199 next_time = jiffies + HZ;
200 else if ((sta->flags & WLAN_STA_PERM) && !(sta->flags & WLAN_STA_AUTH))
201 next_time = jiffies + ap->max_inactivity;
203 if (time_before(jiffies, sta->last_rx + ap->max_inactivity)) {
204 /* station activity detected; reset timeout state */
205 sta->timeout_next = STA_NULLFUNC;
206 next_time = sta->last_rx + ap->max_inactivity;
207 } else if (sta->timeout_next == STA_DISASSOC &&
208 !(sta->flags & WLAN_STA_PENDING_POLL)) {
209 /* STA ACKed data nullfunc frame poll */
210 sta->timeout_next = STA_NULLFUNC;
211 next_time = jiffies + ap->max_inactivity;
215 sta->timer.expires = next_time;
216 add_timer(&sta->timer);
221 sta->timeout_next = STA_DEAUTH;
223 if (sta->timeout_next == STA_DEAUTH && !(sta->flags & WLAN_STA_PERM)) {
224 spin_lock(&ap->sta_table_lock);
225 ap_sta_hash_del(ap, sta);
226 list_del(&sta->list);
227 spin_unlock(&ap->sta_table_lock);
228 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC);
229 } else if (sta->timeout_next == STA_DISASSOC)
230 sta->flags &= ~WLAN_STA_ASSOC;
232 if (was_assoc && !(sta->flags & WLAN_STA_ASSOC) && !sta->ap)
233 hostap_event_expired_sta(local->dev, sta);
235 if (sta->timeout_next == STA_DEAUTH && sta->aid > 0 &&
236 !skb_queue_empty(&sta->tx_buf)) {
237 hostap_set_tim(local, sta->aid, 0);
238 sta->flags &= ~WLAN_STA_TIM;
242 if (ap->autom_ap_wds) {
243 PDEBUG(DEBUG_AP, "%s: removing automatic WDS "
244 "connection to AP %pM\n",
245 local->dev->name, sta->addr);
246 hostap_wds_link_oper(local, sta->addr, WDS_DEL);
248 } else if (sta->timeout_next == STA_NULLFUNC) {
249 /* send data frame to poll STA and check whether this frame
251 /* FIX: IEEE80211_STYPE_NULLFUNC would be more appropriate, but
252 * it is apparently not retried so TX Exc events are not
254 sta->flags |= WLAN_STA_PENDING_POLL;
255 prism2_send_mgmt(local->dev, IEEE80211_FTYPE_DATA |
256 IEEE80211_STYPE_DATA, NULL, 0,
257 sta->addr, ap->tx_callback_poll);
259 int deauth = sta->timeout_next == STA_DEAUTH;
261 PDEBUG(DEBUG_AP, "%s: sending %s info to STA %pM"
262 "(last=%lu, jiffies=%lu)\n",
264 deauth ? "deauthentication" : "disassociation",
265 sta->addr, sta->last_rx, jiffies);
267 resp = cpu_to_le16(deauth ? WLAN_REASON_PREV_AUTH_NOT_VALID :
268 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY);
269 prism2_send_mgmt(local->dev, IEEE80211_FTYPE_MGMT |
270 (deauth ? IEEE80211_STYPE_DEAUTH :
271 IEEE80211_STYPE_DISASSOC),
272 (char *) &resp, 2, sta->addr, 0);
275 if (sta->timeout_next == STA_DEAUTH) {
276 if (sta->flags & WLAN_STA_PERM) {
277 PDEBUG(DEBUG_AP, "%s: STA %pM"
278 " would have been removed, "
279 "but it has 'perm' flag\n",
280 local->dev->name, sta->addr);
282 ap_free_sta(ap, sta);
286 if (sta->timeout_next == STA_NULLFUNC) {
287 sta->timeout_next = STA_DISASSOC;
288 sta->timer.expires = jiffies + AP_DISASSOC_DELAY;
290 sta->timeout_next = STA_DEAUTH;
291 sta->timer.expires = jiffies + AP_DEAUTH_DELAY;
294 add_timer(&sta->timer);
298 void hostap_deauth_all_stas(struct net_device *dev, struct ap_data *ap,
305 PDEBUG(DEBUG_AP, "%s: Deauthenticate all stations\n", dev->name);
306 memset(addr, 0xff, ETH_ALEN);
308 resp = cpu_to_le16(WLAN_REASON_PREV_AUTH_NOT_VALID);
310 /* deauth message sent; try to resend it few times; the message is
311 * broadcast, so it may be delayed until next DTIM; there is not much
312 * else we can do at this point since the driver is going to be shut
314 for (i = 0; i < 5; i++) {
315 prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT |
316 IEEE80211_STYPE_DEAUTH,
317 (char *) &resp, 2, addr, 0);
319 if (!resend || ap->num_sta <= 0)
327 static int ap_control_proc_read(char *page, char **start, off_t off,
328 int count, int *eof, void *data)
331 struct ap_data *ap = (struct ap_data *) data;
333 struct mac_entry *entry;
340 switch (ap->mac_restrictions.policy) {
341 case MAC_POLICY_OPEN:
344 case MAC_POLICY_ALLOW:
345 policy_txt = "allow";
347 case MAC_POLICY_DENY:
351 policy_txt = "unknown";
354 p += sprintf(p, "MAC policy: %s\n", policy_txt);
355 p += sprintf(p, "MAC entries: %u\n", ap->mac_restrictions.entries);
356 p += sprintf(p, "MAC list:\n");
357 spin_lock_bh(&ap->mac_restrictions.lock);
358 list_for_each_entry(entry, &ap->mac_restrictions.mac_list, list) {
359 if (p - page > PAGE_SIZE - 80) {
360 p += sprintf(p, "All entries did not fit one page.\n");
364 p += sprintf(p, "%pM\n", entry->addr);
366 spin_unlock_bh(&ap->mac_restrictions.lock);
372 int ap_control_add_mac(struct mac_restrictions *mac_restrictions, u8 *mac)
374 struct mac_entry *entry;
376 entry = kmalloc(sizeof(struct mac_entry), GFP_KERNEL);
380 memcpy(entry->addr, mac, ETH_ALEN);
382 spin_lock_bh(&mac_restrictions->lock);
383 list_add_tail(&entry->list, &mac_restrictions->mac_list);
384 mac_restrictions->entries++;
385 spin_unlock_bh(&mac_restrictions->lock);
391 int ap_control_del_mac(struct mac_restrictions *mac_restrictions, u8 *mac)
393 struct list_head *ptr;
394 struct mac_entry *entry;
396 spin_lock_bh(&mac_restrictions->lock);
397 for (ptr = mac_restrictions->mac_list.next;
398 ptr != &mac_restrictions->mac_list; ptr = ptr->next) {
399 entry = list_entry(ptr, struct mac_entry, list);
401 if (memcmp(entry->addr, mac, ETH_ALEN) == 0) {
404 mac_restrictions->entries--;
405 spin_unlock_bh(&mac_restrictions->lock);
409 spin_unlock_bh(&mac_restrictions->lock);
414 static int ap_control_mac_deny(struct mac_restrictions *mac_restrictions,
417 struct mac_entry *entry;
420 if (mac_restrictions->policy == MAC_POLICY_OPEN)
423 spin_lock_bh(&mac_restrictions->lock);
424 list_for_each_entry(entry, &mac_restrictions->mac_list, list) {
425 if (memcmp(entry->addr, mac, ETH_ALEN) == 0) {
430 spin_unlock_bh(&mac_restrictions->lock);
432 if (mac_restrictions->policy == MAC_POLICY_ALLOW)
439 void ap_control_flush_macs(struct mac_restrictions *mac_restrictions)
441 struct list_head *ptr, *n;
442 struct mac_entry *entry;
444 if (mac_restrictions->entries == 0)
447 spin_lock_bh(&mac_restrictions->lock);
448 for (ptr = mac_restrictions->mac_list.next, n = ptr->next;
449 ptr != &mac_restrictions->mac_list;
450 ptr = n, n = ptr->next) {
451 entry = list_entry(ptr, struct mac_entry, list);
455 mac_restrictions->entries = 0;
456 spin_unlock_bh(&mac_restrictions->lock);
460 int ap_control_kick_mac(struct ap_data *ap, struct net_device *dev, u8 *mac)
462 struct sta_info *sta;
465 spin_lock_bh(&ap->sta_table_lock);
466 sta = ap_get_sta(ap, mac);
468 ap_sta_hash_del(ap, sta);
469 list_del(&sta->list);
471 spin_unlock_bh(&ap->sta_table_lock);
476 resp = cpu_to_le16(WLAN_REASON_PREV_AUTH_NOT_VALID);
477 prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_DEAUTH,
478 (char *) &resp, 2, sta->addr, 0);
480 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap)
481 hostap_event_expired_sta(dev, sta);
483 ap_free_sta(ap, sta);
488 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
491 void ap_control_kickall(struct ap_data *ap)
493 struct list_head *ptr, *n;
494 struct sta_info *sta;
496 spin_lock_bh(&ap->sta_table_lock);
497 for (ptr = ap->sta_list.next, n = ptr->next; ptr != &ap->sta_list;
498 ptr = n, n = ptr->next) {
499 sta = list_entry(ptr, struct sta_info, list);
500 ap_sta_hash_del(ap, sta);
501 list_del(&sta->list);
502 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap && sta->local)
503 hostap_event_expired_sta(sta->local->dev, sta);
504 ap_free_sta(ap, sta);
506 spin_unlock_bh(&ap->sta_table_lock);
510 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
512 #define PROC_LIMIT (PAGE_SIZE - 80)
514 static int prism2_ap_proc_read(char *page, char **start, off_t off,
515 int count, int *eof, void *data)
518 struct ap_data *ap = (struct ap_data *) data;
519 struct sta_info *sta;
522 if (off > PROC_LIMIT) {
527 p += sprintf(p, "# BSSID CHAN SIGNAL NOISE RATE SSID FLAGS\n");
528 spin_lock_bh(&ap->sta_table_lock);
529 list_for_each_entry(sta, &ap->sta_list, list) {
533 p += sprintf(p, "%pM %d %d %d %d '",
535 sta->u.ap.channel, sta->last_rx_signal,
536 sta->last_rx_silence, sta->last_rx_rate);
537 for (i = 0; i < sta->u.ap.ssid_len; i++)
538 p += sprintf(p, ((sta->u.ap.ssid[i] >= 32 &&
539 sta->u.ap.ssid[i] < 127) ?
542 p += sprintf(p, "'");
543 if (sta->capability & WLAN_CAPABILITY_ESS)
544 p += sprintf(p, " [ESS]");
545 if (sta->capability & WLAN_CAPABILITY_IBSS)
546 p += sprintf(p, " [IBSS]");
547 if (sta->capability & WLAN_CAPABILITY_PRIVACY)
548 p += sprintf(p, " [WEP]");
549 p += sprintf(p, "\n");
551 if ((p - page) > PROC_LIMIT) {
552 printk(KERN_DEBUG "hostap: ap proc did not fit\n");
556 spin_unlock_bh(&ap->sta_table_lock);
558 if ((p - page) <= off) {
565 return (p - page - off);
567 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
570 void hostap_check_sta_fw_version(struct ap_data *ap, int sta_fw_ver)
575 if (sta_fw_ver == PRISM2_FW_VER(0,8,0)) {
576 PDEBUG(DEBUG_AP, "Using data::nullfunc ACK workaround - "
577 "firmware upgrade recommended\n");
578 ap->nullfunc_ack = 1;
580 ap->nullfunc_ack = 0;
582 if (sta_fw_ver == PRISM2_FW_VER(1,4,2)) {
583 printk(KERN_WARNING "%s: Warning: secondary station firmware "
584 "version 1.4.2 does not seem to work in Host AP mode\n",
585 ap->local->dev->name);
590 /* Called only as a tasklet (software IRQ) */
591 static void hostap_ap_tx_cb(struct sk_buff *skb, int ok, void *data)
593 struct ap_data *ap = data;
594 struct ieee80211_hdr *hdr;
596 if (!ap->local->hostapd || !ap->local->apdev) {
601 /* Pass the TX callback frame to the hostapd; use 802.11 header version
602 * 1 to indicate failure (no ACK) and 2 success (frame ACKed) */
604 hdr = (struct ieee80211_hdr *) skb->data;
605 hdr->frame_control &= cpu_to_le16(~IEEE80211_FCTL_VERS);
606 hdr->frame_control |= cpu_to_le16(ok ? BIT(1) : BIT(0));
608 skb->dev = ap->local->apdev;
609 skb_pull(skb, hostap_80211_get_hdrlen(hdr->frame_control));
610 skb->pkt_type = PACKET_OTHERHOST;
611 skb->protocol = cpu_to_be16(ETH_P_802_2);
612 memset(skb->cb, 0, sizeof(skb->cb));
617 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
618 /* Called only as a tasklet (software IRQ) */
619 static void hostap_ap_tx_cb_auth(struct sk_buff *skb, int ok, void *data)
621 struct ap_data *ap = data;
622 struct net_device *dev = ap->local->dev;
623 struct ieee80211_hdr *hdr;
624 u16 auth_alg, auth_transaction, status;
626 struct sta_info *sta = NULL;
629 if (ap->local->hostapd) {
634 hdr = (struct ieee80211_hdr *) skb->data;
635 if (!ieee80211_is_auth(hdr->frame_control) ||
636 skb->len < IEEE80211_MGMT_HDR_LEN + 6) {
637 printk(KERN_DEBUG "%s: hostap_ap_tx_cb_auth received invalid "
638 "frame\n", dev->name);
643 pos = (__le16 *) (skb->data + IEEE80211_MGMT_HDR_LEN);
644 auth_alg = le16_to_cpu(*pos++);
645 auth_transaction = le16_to_cpu(*pos++);
646 status = le16_to_cpu(*pos++);
649 txt = "frame was not ACKed";
653 spin_lock(&ap->sta_table_lock);
654 sta = ap_get_sta(ap, hdr->addr1);
656 atomic_inc(&sta->users);
657 spin_unlock(&ap->sta_table_lock);
660 txt = "STA not found";
664 if (status == WLAN_STATUS_SUCCESS &&
665 ((auth_alg == WLAN_AUTH_OPEN && auth_transaction == 2) ||
666 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 4))) {
667 txt = "STA authenticated";
668 sta->flags |= WLAN_STA_AUTH;
669 sta->last_auth = jiffies;
670 } else if (status != WLAN_STATUS_SUCCESS)
671 txt = "authentication failed";
675 atomic_dec(&sta->users);
677 PDEBUG(DEBUG_AP, "%s: %pM auth_cb - alg=%d "
678 "trans#=%d status=%d - %s\n",
679 dev->name, hdr->addr1,
680 auth_alg, auth_transaction, status, txt);
686 /* Called only as a tasklet (software IRQ) */
687 static void hostap_ap_tx_cb_assoc(struct sk_buff *skb, int ok, void *data)
689 struct ap_data *ap = data;
690 struct net_device *dev = ap->local->dev;
691 struct ieee80211_hdr *hdr;
694 struct sta_info *sta = NULL;
697 if (ap->local->hostapd) {
702 hdr = (struct ieee80211_hdr *) skb->data;
703 if ((!ieee80211_is_assoc_resp(hdr->frame_control) &&
704 !ieee80211_is_reassoc_resp(hdr->frame_control)) ||
705 skb->len < IEEE80211_MGMT_HDR_LEN + 4) {
706 printk(KERN_DEBUG "%s: hostap_ap_tx_cb_assoc received invalid "
707 "frame\n", dev->name);
713 txt = "frame was not ACKed";
717 spin_lock(&ap->sta_table_lock);
718 sta = ap_get_sta(ap, hdr->addr1);
720 atomic_inc(&sta->users);
721 spin_unlock(&ap->sta_table_lock);
724 txt = "STA not found";
728 pos = (__le16 *) (skb->data + IEEE80211_MGMT_HDR_LEN);
730 status = le16_to_cpu(*pos++);
731 if (status == WLAN_STATUS_SUCCESS) {
732 if (!(sta->flags & WLAN_STA_ASSOC))
733 hostap_event_new_sta(dev, sta);
734 txt = "STA associated";
735 sta->flags |= WLAN_STA_ASSOC;
736 sta->last_assoc = jiffies;
738 txt = "association failed";
742 atomic_dec(&sta->users);
744 PDEBUG(DEBUG_AP, "%s: %pM assoc_cb - %s\n",
745 dev->name, hdr->addr1, txt);
750 /* Called only as a tasklet (software IRQ); TX callback for poll frames used
751 * in verifying whether the STA is still present. */
752 static void hostap_ap_tx_cb_poll(struct sk_buff *skb, int ok, void *data)
754 struct ap_data *ap = data;
755 struct ieee80211_hdr *hdr;
756 struct sta_info *sta;
760 hdr = (struct ieee80211_hdr *) skb->data;
762 spin_lock(&ap->sta_table_lock);
763 sta = ap_get_sta(ap, hdr->addr1);
765 sta->flags &= ~WLAN_STA_PENDING_POLL;
766 spin_unlock(&ap->sta_table_lock);
769 "%s: STA %pM did not ACK activity poll frame\n",
770 ap->local->dev->name, hdr->addr1);
776 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
779 void hostap_init_data(local_info_t *local)
781 struct ap_data *ap = local->ap;
784 printk(KERN_WARNING "hostap_init_data: ap == NULL\n");
787 memset(ap, 0, sizeof(struct ap_data));
790 ap->ap_policy = GET_INT_PARM(other_ap_policy, local->card_idx);
791 ap->bridge_packets = GET_INT_PARM(ap_bridge_packets, local->card_idx);
793 GET_INT_PARM(ap_max_inactivity, local->card_idx) * HZ;
794 ap->autom_ap_wds = GET_INT_PARM(autom_ap_wds, local->card_idx);
796 spin_lock_init(&ap->sta_table_lock);
797 INIT_LIST_HEAD(&ap->sta_list);
799 /* Initialize task queue structure for AP management */
800 INIT_WORK(&local->ap->add_sta_proc_queue, handle_add_proc_queue);
802 ap->tx_callback_idx =
803 hostap_tx_callback_register(local, hostap_ap_tx_cb, ap);
804 if (ap->tx_callback_idx == 0)
805 printk(KERN_WARNING "%s: failed to register TX callback for "
806 "AP\n", local->dev->name);
807 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
808 INIT_WORK(&local->ap->wds_oper_queue, handle_wds_oper_queue);
810 ap->tx_callback_auth =
811 hostap_tx_callback_register(local, hostap_ap_tx_cb_auth, ap);
812 ap->tx_callback_assoc =
813 hostap_tx_callback_register(local, hostap_ap_tx_cb_assoc, ap);
814 ap->tx_callback_poll =
815 hostap_tx_callback_register(local, hostap_ap_tx_cb_poll, ap);
816 if (ap->tx_callback_auth == 0 || ap->tx_callback_assoc == 0 ||
817 ap->tx_callback_poll == 0)
818 printk(KERN_WARNING "%s: failed to register TX callback for "
819 "AP\n", local->dev->name);
821 spin_lock_init(&ap->mac_restrictions.lock);
822 INIT_LIST_HEAD(&ap->mac_restrictions.mac_list);
823 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
829 void hostap_init_ap_proc(local_info_t *local)
831 struct ap_data *ap = local->ap;
833 ap->proc = local->proc;
834 if (ap->proc == NULL)
837 #ifndef PRISM2_NO_PROCFS_DEBUG
838 create_proc_read_entry("ap_debug", 0, ap->proc,
839 ap_debug_proc_read, ap);
840 #endif /* PRISM2_NO_PROCFS_DEBUG */
842 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
843 create_proc_read_entry("ap_control", 0, ap->proc,
844 ap_control_proc_read, ap);
845 create_proc_read_entry("ap", 0, ap->proc,
846 prism2_ap_proc_read, ap);
847 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
852 void hostap_free_data(struct ap_data *ap)
854 struct sta_info *n, *sta;
856 if (ap == NULL || !ap->initialized) {
857 printk(KERN_DEBUG "hostap_free_data: ap has not yet been "
858 "initialized - skip resource freeing\n");
862 flush_work_sync(&ap->add_sta_proc_queue);
864 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
865 flush_work_sync(&ap->wds_oper_queue);
867 ap->crypt->deinit(ap->crypt_priv);
868 ap->crypt = ap->crypt_priv = NULL;
869 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
871 list_for_each_entry_safe(sta, n, &ap->sta_list, list) {
872 ap_sta_hash_del(ap, sta);
873 list_del(&sta->list);
874 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap && sta->local)
875 hostap_event_expired_sta(sta->local->dev, sta);
876 ap_free_sta(ap, sta);
879 #ifndef PRISM2_NO_PROCFS_DEBUG
880 if (ap->proc != NULL) {
881 remove_proc_entry("ap_debug", ap->proc);
883 #endif /* PRISM2_NO_PROCFS_DEBUG */
885 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
886 if (ap->proc != NULL) {
887 remove_proc_entry("ap", ap->proc);
888 remove_proc_entry("ap_control", ap->proc);
890 ap_control_flush_macs(&ap->mac_restrictions);
891 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
897 /* caller should have mutex for AP STA list handling */
898 static struct sta_info* ap_get_sta(struct ap_data *ap, u8 *sta)
902 s = ap->sta_hash[STA_HASH(sta)];
903 while (s != NULL && memcmp(s->addr, sta, ETH_ALEN) != 0)
909 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
911 /* Called from timer handler and from scheduled AP queue handlers */
912 static void prism2_send_mgmt(struct net_device *dev,
913 u16 type_subtype, char *body,
914 int body_len, u8 *addr, u16 tx_cb_idx)
916 struct hostap_interface *iface;
918 struct ieee80211_hdr *hdr;
921 struct hostap_skb_tx_data *meta;
924 iface = netdev_priv(dev);
925 local = iface->local;
926 dev = local->dev; /* always use master radio device */
927 iface = netdev_priv(dev);
929 if (!(dev->flags & IFF_UP)) {
930 PDEBUG(DEBUG_AP, "%s: prism2_send_mgmt - device is not UP - "
931 "cannot send frame\n", dev->name);
935 skb = dev_alloc_skb(sizeof(*hdr) + body_len);
937 PDEBUG(DEBUG_AP, "%s: prism2_send_mgmt failed to allocate "
943 hdrlen = hostap_80211_get_hdrlen(cpu_to_le16(type_subtype));
944 hdr = (struct ieee80211_hdr *) skb_put(skb, hdrlen);
946 memcpy(skb_put(skb, body_len), body, body_len);
948 memset(hdr, 0, hdrlen);
950 /* FIX: ctrl::ack sending used special HFA384X_TX_CTRL_802_11
951 * tx_control instead of using local->tx_control */
954 memcpy(hdr->addr1, addr, ETH_ALEN); /* DA / RA */
955 if (ieee80211_is_data(hdr->frame_control)) {
956 fc |= IEEE80211_FCTL_FROMDS;
957 memcpy(hdr->addr2, dev->dev_addr, ETH_ALEN); /* BSSID */
958 memcpy(hdr->addr3, dev->dev_addr, ETH_ALEN); /* SA */
959 } else if (ieee80211_is_ctl(hdr->frame_control)) {
960 /* control:ACK does not have addr2 or addr3 */
961 memset(hdr->addr2, 0, ETH_ALEN);
962 memset(hdr->addr3, 0, ETH_ALEN);
964 memcpy(hdr->addr2, dev->dev_addr, ETH_ALEN); /* SA */
965 memcpy(hdr->addr3, dev->dev_addr, ETH_ALEN); /* BSSID */
968 hdr->frame_control = cpu_to_le16(fc);
970 meta = (struct hostap_skb_tx_data *) skb->cb;
971 memset(meta, 0, sizeof(*meta));
972 meta->magic = HOSTAP_SKB_TX_DATA_MAGIC;
974 meta->tx_cb_idx = tx_cb_idx;
977 skb_reset_mac_header(skb);
978 skb_reset_network_header(skb);
981 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
984 static int prism2_sta_proc_read(char *page, char **start, off_t off,
985 int count, int *eof, void *data)
988 struct sta_info *sta = (struct sta_info *) data;
991 /* FIX: possible race condition.. the STA data could have just expired,
992 * but proc entry was still here so that the read could have started;
993 * some locking should be done here.. */
1000 p += sprintf(p, "%s=%pM\nusers=%d\naid=%d\n"
1001 "flags=0x%04x%s%s%s%s%s%s%s\n"
1002 "capability=0x%02x\nlisten_interval=%d\nsupported_rates=",
1003 sta->ap ? "AP" : "STA",
1004 sta->addr, atomic_read(&sta->users), sta->aid,
1006 sta->flags & WLAN_STA_AUTH ? " AUTH" : "",
1007 sta->flags & WLAN_STA_ASSOC ? " ASSOC" : "",
1008 sta->flags & WLAN_STA_PS ? " PS" : "",
1009 sta->flags & WLAN_STA_TIM ? " TIM" : "",
1010 sta->flags & WLAN_STA_PERM ? " PERM" : "",
1011 sta->flags & WLAN_STA_AUTHORIZED ? " AUTHORIZED" : "",
1012 sta->flags & WLAN_STA_PENDING_POLL ? " POLL" : "",
1013 sta->capability, sta->listen_interval);
1014 /* supported_rates: 500 kbit/s units with msb ignored */
1015 for (i = 0; i < sizeof(sta->supported_rates); i++)
1016 if (sta->supported_rates[i] != 0)
1017 p += sprintf(p, "%d%sMbps ",
1018 (sta->supported_rates[i] & 0x7f) / 2,
1019 sta->supported_rates[i] & 1 ? ".5" : "");
1020 p += sprintf(p, "\njiffies=%lu\nlast_auth=%lu\nlast_assoc=%lu\n"
1021 "last_rx=%lu\nlast_tx=%lu\nrx_packets=%lu\n"
1023 "rx_bytes=%lu\ntx_bytes=%lu\nbuffer_count=%d\n"
1024 "last_rx: silence=%d dBm signal=%d dBm rate=%d%s Mbps\n"
1025 "tx_rate=%d\ntx[1M]=%d\ntx[2M]=%d\ntx[5.5M]=%d\n"
1027 "rx[1M]=%d\nrx[2M]=%d\nrx[5.5M]=%d\nrx[11M]=%d\n",
1028 jiffies, sta->last_auth, sta->last_assoc, sta->last_rx,
1030 sta->rx_packets, sta->tx_packets, sta->rx_bytes,
1031 sta->tx_bytes, skb_queue_len(&sta->tx_buf),
1032 sta->last_rx_silence,
1033 sta->last_rx_signal, sta->last_rx_rate / 10,
1034 sta->last_rx_rate % 10 ? ".5" : "",
1035 sta->tx_rate, sta->tx_count[0], sta->tx_count[1],
1036 sta->tx_count[2], sta->tx_count[3], sta->rx_count[0],
1037 sta->rx_count[1], sta->rx_count[2], sta->rx_count[3]);
1038 if (sta->crypt && sta->crypt->ops && sta->crypt->ops->print_stats)
1039 p = sta->crypt->ops->print_stats(p, sta->crypt->priv);
1040 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
1042 if (sta->u.ap.channel >= 0)
1043 p += sprintf(p, "channel=%d\n", sta->u.ap.channel);
1044 p += sprintf(p, "ssid=");
1045 for (i = 0; i < sta->u.ap.ssid_len; i++)
1046 p += sprintf(p, ((sta->u.ap.ssid[i] >= 32 &&
1047 sta->u.ap.ssid[i] < 127) ?
1050 p += sprintf(p, "\n");
1052 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
1058 static void handle_add_proc_queue(struct work_struct *work)
1060 struct ap_data *ap = container_of(work, struct ap_data,
1061 add_sta_proc_queue);
1062 struct sta_info *sta;
1064 struct add_sta_proc_data *entry, *prev;
1066 entry = ap->add_sta_proc_entries;
1067 ap->add_sta_proc_entries = NULL;
1070 spin_lock_bh(&ap->sta_table_lock);
1071 sta = ap_get_sta(ap, entry->addr);
1073 atomic_inc(&sta->users);
1074 spin_unlock_bh(&ap->sta_table_lock);
1077 sprintf(name, "%pM", sta->addr);
1078 sta->proc = create_proc_read_entry(
1080 prism2_sta_proc_read, sta);
1082 atomic_dec(&sta->users);
1086 entry = entry->next;
1092 static struct sta_info * ap_add_sta(struct ap_data *ap, u8 *addr)
1094 struct sta_info *sta;
1096 sta = kzalloc(sizeof(struct sta_info), GFP_ATOMIC);
1098 PDEBUG(DEBUG_AP, "AP: kmalloc failed\n");
1102 /* initialize STA info data */
1103 sta->local = ap->local;
1104 skb_queue_head_init(&sta->tx_buf);
1105 memcpy(sta->addr, addr, ETH_ALEN);
1107 atomic_inc(&sta->users);
1108 spin_lock_bh(&ap->sta_table_lock);
1109 list_add(&sta->list, &ap->sta_list);
1111 ap_sta_hash_add(ap, sta);
1112 spin_unlock_bh(&ap->sta_table_lock);
1115 struct add_sta_proc_data *entry;
1116 /* schedule a non-interrupt context process to add a procfs
1117 * entry for the STA since procfs code use GFP_KERNEL */
1118 entry = kmalloc(sizeof(*entry), GFP_ATOMIC);
1120 memcpy(entry->addr, sta->addr, ETH_ALEN);
1121 entry->next = ap->add_sta_proc_entries;
1122 ap->add_sta_proc_entries = entry;
1123 schedule_work(&ap->add_sta_proc_queue);
1125 printk(KERN_DEBUG "Failed to add STA proc data\n");
1128 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
1129 init_timer(&sta->timer);
1130 sta->timer.expires = jiffies + ap->max_inactivity;
1131 sta->timer.data = (unsigned long) sta;
1132 sta->timer.function = ap_handle_timer;
1133 if (!ap->local->hostapd)
1134 add_timer(&sta->timer);
1135 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
1141 static int ap_tx_rate_ok(int rateidx, struct sta_info *sta,
1142 local_info_t *local)
1144 if (rateidx > sta->tx_max_rate ||
1145 !(sta->tx_supp_rates & (1 << rateidx)))
1148 if (local->tx_rate_control != 0 &&
1149 !(local->tx_rate_control & (1 << rateidx)))
1156 static void prism2_check_tx_rates(struct sta_info *sta)
1160 sta->tx_supp_rates = 0;
1161 for (i = 0; i < sizeof(sta->supported_rates); i++) {
1162 if ((sta->supported_rates[i] & 0x7f) == 2)
1163 sta->tx_supp_rates |= WLAN_RATE_1M;
1164 if ((sta->supported_rates[i] & 0x7f) == 4)
1165 sta->tx_supp_rates |= WLAN_RATE_2M;
1166 if ((sta->supported_rates[i] & 0x7f) == 11)
1167 sta->tx_supp_rates |= WLAN_RATE_5M5;
1168 if ((sta->supported_rates[i] & 0x7f) == 22)
1169 sta->tx_supp_rates |= WLAN_RATE_11M;
1171 sta->tx_max_rate = sta->tx_rate = sta->tx_rate_idx = 0;
1172 if (sta->tx_supp_rates & WLAN_RATE_1M) {
1173 sta->tx_max_rate = 0;
1174 if (ap_tx_rate_ok(0, sta, sta->local)) {
1176 sta->tx_rate_idx = 0;
1179 if (sta->tx_supp_rates & WLAN_RATE_2M) {
1180 sta->tx_max_rate = 1;
1181 if (ap_tx_rate_ok(1, sta, sta->local)) {
1183 sta->tx_rate_idx = 1;
1186 if (sta->tx_supp_rates & WLAN_RATE_5M5) {
1187 sta->tx_max_rate = 2;
1188 if (ap_tx_rate_ok(2, sta, sta->local)) {
1190 sta->tx_rate_idx = 2;
1193 if (sta->tx_supp_rates & WLAN_RATE_11M) {
1194 sta->tx_max_rate = 3;
1195 if (ap_tx_rate_ok(3, sta, sta->local)) {
1197 sta->tx_rate_idx = 3;
1203 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
1205 static void ap_crypt_init(struct ap_data *ap)
1207 ap->crypt = lib80211_get_crypto_ops("WEP");
1210 if (ap->crypt->init) {
1211 ap->crypt_priv = ap->crypt->init(0);
1212 if (ap->crypt_priv == NULL)
1215 u8 key[WEP_KEY_LEN];
1216 get_random_bytes(key, WEP_KEY_LEN);
1217 ap->crypt->set_key(key, WEP_KEY_LEN, NULL,
1223 if (ap->crypt == NULL) {
1224 printk(KERN_WARNING "AP could not initialize WEP: load module "
1225 "lib80211_crypt_wep.ko\n");
1230 /* Generate challenge data for shared key authentication. IEEE 802.11 specifies
1231 * that WEP algorithm is used for generating challenge. This should be unique,
1232 * but otherwise there is not really need for randomness etc. Initialize WEP
1233 * with pseudo random key and then use increasing IV to get unique challenge
1236 * Called only as a scheduled task for pending AP frames.
1238 static char * ap_auth_make_challenge(struct ap_data *ap)
1241 struct sk_buff *skb;
1243 if (ap->crypt == NULL) {
1245 if (ap->crypt == NULL)
1249 tmpbuf = kmalloc(WLAN_AUTH_CHALLENGE_LEN, GFP_ATOMIC);
1250 if (tmpbuf == NULL) {
1251 PDEBUG(DEBUG_AP, "AP: kmalloc failed for challenge\n");
1255 skb = dev_alloc_skb(WLAN_AUTH_CHALLENGE_LEN +
1256 ap->crypt->extra_mpdu_prefix_len +
1257 ap->crypt->extra_mpdu_postfix_len);
1263 skb_reserve(skb, ap->crypt->extra_mpdu_prefix_len);
1264 memset(skb_put(skb, WLAN_AUTH_CHALLENGE_LEN), 0,
1265 WLAN_AUTH_CHALLENGE_LEN);
1266 if (ap->crypt->encrypt_mpdu(skb, 0, ap->crypt_priv)) {
1272 skb_copy_from_linear_data_offset(skb, ap->crypt->extra_mpdu_prefix_len,
1273 tmpbuf, WLAN_AUTH_CHALLENGE_LEN);
1280 /* Called only as a scheduled task for pending AP frames. */
1281 static void handle_authen(local_info_t *local, struct sk_buff *skb,
1282 struct hostap_80211_rx_status *rx_stats)
1284 struct net_device *dev = local->dev;
1285 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
1287 struct ap_data *ap = local->ap;
1288 char body[8 + WLAN_AUTH_CHALLENGE_LEN], *challenge = NULL;
1290 u16 auth_alg, auth_transaction, status_code;
1292 u16 resp = WLAN_STATUS_SUCCESS;
1293 struct sta_info *sta = NULL;
1294 struct lib80211_crypt_data *crypt;
1297 len = skb->len - IEEE80211_MGMT_HDR_LEN;
1299 hdrlen = hostap_80211_get_hdrlen(hdr->frame_control);
1302 PDEBUG(DEBUG_AP, "%s: handle_authen - too short payload "
1303 "(len=%d) from %pM\n", dev->name, len, hdr->addr2);
1307 spin_lock_bh(&local->ap->sta_table_lock);
1308 sta = ap_get_sta(local->ap, hdr->addr2);
1310 atomic_inc(&sta->users);
1311 spin_unlock_bh(&local->ap->sta_table_lock);
1313 if (sta && sta->crypt)
1317 if (skb->len >= hdrlen + 3)
1318 idx = skb->data[hdrlen + 3] >> 6;
1319 crypt = local->crypt_info.crypt[idx];
1322 pos = (__le16 *) (skb->data + IEEE80211_MGMT_HDR_LEN);
1323 auth_alg = __le16_to_cpu(*pos);
1325 auth_transaction = __le16_to_cpu(*pos);
1327 status_code = __le16_to_cpu(*pos);
1330 if (memcmp(dev->dev_addr, hdr->addr2, ETH_ALEN) == 0 ||
1331 ap_control_mac_deny(&ap->mac_restrictions, hdr->addr2)) {
1332 txt = "authentication denied";
1333 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1337 if (((local->auth_algs & PRISM2_AUTH_OPEN) &&
1338 auth_alg == WLAN_AUTH_OPEN) ||
1339 ((local->auth_algs & PRISM2_AUTH_SHARED_KEY) &&
1340 crypt && auth_alg == WLAN_AUTH_SHARED_KEY)) {
1342 txt = "unsupported algorithm";
1343 resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG;
1349 if (*u == WLAN_EID_CHALLENGE) {
1350 if (*(u + 1) != WLAN_AUTH_CHALLENGE_LEN) {
1351 txt = "invalid challenge len";
1352 resp = WLAN_STATUS_CHALLENGE_FAIL;
1355 if (len - 8 < WLAN_AUTH_CHALLENGE_LEN) {
1356 txt = "challenge underflow";
1357 resp = WLAN_STATUS_CHALLENGE_FAIL;
1360 challenge = (char *) (u + 2);
1364 if (sta && sta->ap) {
1365 if (time_after(jiffies, sta->u.ap.last_beacon +
1366 (10 * sta->listen_interval * HZ) / 1024)) {
1367 PDEBUG(DEBUG_AP, "%s: no beacons received for a while,"
1368 " assuming AP %pM is now STA\n",
1369 dev->name, sta->addr);
1372 sta->u.sta.challenge = NULL;
1374 txt = "AP trying to authenticate?";
1375 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1380 if ((auth_alg == WLAN_AUTH_OPEN && auth_transaction == 1) ||
1381 (auth_alg == WLAN_AUTH_SHARED_KEY &&
1382 (auth_transaction == 1 ||
1383 (auth_transaction == 3 && sta != NULL &&
1384 sta->u.sta.challenge != NULL)))) {
1386 txt = "unknown authentication transaction number";
1387 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION;
1394 if (local->ap->num_sta >= MAX_STA_COUNT) {
1395 /* FIX: might try to remove some old STAs first? */
1396 txt = "no more room for new STAs";
1397 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1401 sta = ap_add_sta(local->ap, hdr->addr2);
1403 txt = "ap_add_sta failed";
1404 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1410 case WLAN_AUTH_OPEN:
1412 /* IEEE 802.11 standard is not completely clear about
1413 * whether STA is considered authenticated after
1414 * authentication OK frame has been send or after it
1415 * has been ACKed. In order to reduce interoperability
1416 * issues, mark the STA authenticated before ACK. */
1417 sta->flags |= WLAN_STA_AUTH;
1420 case WLAN_AUTH_SHARED_KEY:
1421 if (auth_transaction == 1) {
1422 if (sta->u.sta.challenge == NULL) {
1423 sta->u.sta.challenge =
1424 ap_auth_make_challenge(local->ap);
1425 if (sta->u.sta.challenge == NULL) {
1426 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1431 if (sta->u.sta.challenge == NULL ||
1432 challenge == NULL ||
1433 memcmp(sta->u.sta.challenge, challenge,
1434 WLAN_AUTH_CHALLENGE_LEN) != 0 ||
1435 !ieee80211_has_protected(hdr->frame_control)) {
1436 txt = "challenge response incorrect";
1437 resp = WLAN_STATUS_CHALLENGE_FAIL;
1441 txt = "challenge OK - authOK";
1442 /* IEEE 802.11 standard is not completely clear about
1443 * whether STA is considered authenticated after
1444 * authentication OK frame has been send or after it
1445 * has been ACKed. In order to reduce interoperability
1446 * issues, mark the STA authenticated before ACK. */
1447 sta->flags |= WLAN_STA_AUTH;
1448 kfree(sta->u.sta.challenge);
1449 sta->u.sta.challenge = NULL;
1455 pos = (__le16 *) body;
1456 *pos = cpu_to_le16(auth_alg);
1458 *pos = cpu_to_le16(auth_transaction + 1);
1460 *pos = cpu_to_le16(resp); /* status_code */
1464 if (resp == WLAN_STATUS_SUCCESS && sta != NULL &&
1465 sta->u.sta.challenge != NULL &&
1466 auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 1) {
1467 u8 *tmp = (u8 *) pos;
1468 *tmp++ = WLAN_EID_CHALLENGE;
1469 *tmp++ = WLAN_AUTH_CHALLENGE_LEN;
1471 memcpy(pos, sta->u.sta.challenge, WLAN_AUTH_CHALLENGE_LEN);
1472 olen += 2 + WLAN_AUTH_CHALLENGE_LEN;
1475 prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_AUTH,
1476 body, olen, hdr->addr2, ap->tx_callback_auth);
1479 sta->last_rx = jiffies;
1480 atomic_dec(&sta->users);
1484 PDEBUG(DEBUG_AP, "%s: %pM auth (alg=%d "
1485 "trans#=%d stat=%d len=%d fc=%04x) ==> %d (%s)\n",
1486 dev->name, hdr->addr2,
1487 auth_alg, auth_transaction, status_code, len,
1488 le16_to_cpu(hdr->frame_control), resp, txt);
1493 /* Called only as a scheduled task for pending AP frames. */
1494 static void handle_assoc(local_info_t *local, struct sk_buff *skb,
1495 struct hostap_80211_rx_status *rx_stats, int reassoc)
1497 struct net_device *dev = local->dev;
1498 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
1499 char body[12], *p, *lpos;
1502 u16 resp = WLAN_STATUS_SUCCESS;
1503 struct sta_info *sta = NULL;
1504 int send_deauth = 0;
1506 u8 prev_ap[ETH_ALEN];
1508 left = len = skb->len - IEEE80211_MGMT_HDR_LEN;
1510 if (len < (reassoc ? 10 : 4)) {
1511 PDEBUG(DEBUG_AP, "%s: handle_assoc - too short payload "
1512 "(len=%d, reassoc=%d) from %pM\n",
1513 dev->name, len, reassoc, hdr->addr2);
1517 spin_lock_bh(&local->ap->sta_table_lock);
1518 sta = ap_get_sta(local->ap, hdr->addr2);
1519 if (sta == NULL || (sta->flags & WLAN_STA_AUTH) == 0) {
1520 spin_unlock_bh(&local->ap->sta_table_lock);
1521 txt = "trying to associate before authentication";
1523 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1524 sta = NULL; /* do not decrement sta->users */
1527 atomic_inc(&sta->users);
1528 spin_unlock_bh(&local->ap->sta_table_lock);
1530 pos = (__le16 *) (skb->data + IEEE80211_MGMT_HDR_LEN);
1531 sta->capability = __le16_to_cpu(*pos);
1533 sta->listen_interval = __le16_to_cpu(*pos);
1537 memcpy(prev_ap, pos, ETH_ALEN);
1538 pos++; pos++; pos++; left -= 6;
1540 memset(prev_ap, 0, ETH_ALEN);
1544 unsigned char *u = (unsigned char *) pos;
1546 if (*u == WLAN_EID_SSID) {
1551 if (ileft > left || ileft > MAX_SSID_LEN) {
1552 txt = "SSID overflow";
1553 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1557 if (ileft != strlen(local->essid) ||
1558 memcmp(local->essid, u, ileft) != 0) {
1559 txt = "not our SSID";
1560 resp = WLAN_STATUS_ASSOC_DENIED_UNSPEC;
1568 if (left >= 2 && *u == WLAN_EID_SUPP_RATES) {
1573 if (ileft > left || ileft == 0 ||
1574 ileft > WLAN_SUPP_RATES_MAX) {
1575 txt = "SUPP_RATES len error";
1576 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1580 memset(sta->supported_rates, 0,
1581 sizeof(sta->supported_rates));
1582 memcpy(sta->supported_rates, u, ileft);
1583 prism2_check_tx_rates(sta);
1590 PDEBUG(DEBUG_AP, "%s: assoc from %pM"
1591 " with extra data (%d bytes) [",
1592 dev->name, hdr->addr2, left);
1594 PDEBUG2(DEBUG_AP, "<%02x>", *u);
1597 PDEBUG2(DEBUG_AP, "]\n");
1600 txt = "frame underflow";
1601 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1605 /* get a unique AID */
1607 txt = "OK, old AID";
1609 spin_lock_bh(&local->ap->sta_table_lock);
1610 for (sta->aid = 1; sta->aid <= MAX_AID_TABLE_SIZE; sta->aid++)
1611 if (local->ap->sta_aid[sta->aid - 1] == NULL)
1613 if (sta->aid > MAX_AID_TABLE_SIZE) {
1615 spin_unlock_bh(&local->ap->sta_table_lock);
1616 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
1617 txt = "no room for more AIDs";
1619 local->ap->sta_aid[sta->aid - 1] = sta;
1620 spin_unlock_bh(&local->ap->sta_table_lock);
1621 txt = "OK, new AID";
1626 pos = (__le16 *) body;
1629 *pos = cpu_to_le16(WLAN_REASON_STA_REQ_ASSOC_WITHOUT_AUTH);
1632 /* FIX: CF-Pollable and CF-PollReq should be set to match the
1633 * values in beacons/probe responses */
1634 /* FIX: how about privacy and WEP? */
1636 *pos = cpu_to_le16(WLAN_CAPABILITY_ESS);
1640 *pos = cpu_to_le16(resp);
1643 *pos = cpu_to_le16((sta && sta->aid > 0 ? sta->aid : 0) |
1644 BIT(14) | BIT(15)); /* AID */
1647 /* Supported rates (Information element) */
1649 *p++ = WLAN_EID_SUPP_RATES;
1652 if (local->tx_rate_control & WLAN_RATE_1M) {
1653 *p++ = local->basic_rates & WLAN_RATE_1M ? 0x82 : 0x02;
1656 if (local->tx_rate_control & WLAN_RATE_2M) {
1657 *p++ = local->basic_rates & WLAN_RATE_2M ? 0x84 : 0x04;
1660 if (local->tx_rate_control & WLAN_RATE_5M5) {
1661 *p++ = local->basic_rates & WLAN_RATE_5M5 ?
1665 if (local->tx_rate_control & WLAN_RATE_11M) {
1666 *p++ = local->basic_rates & WLAN_RATE_11M ?
1673 prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT |
1674 (send_deauth ? IEEE80211_STYPE_DEAUTH :
1675 (reassoc ? IEEE80211_STYPE_REASSOC_RESP :
1676 IEEE80211_STYPE_ASSOC_RESP)),
1677 body, (u8 *) pos - (u8 *) body,
1679 send_deauth ? 0 : local->ap->tx_callback_assoc);
1682 if (resp == WLAN_STATUS_SUCCESS) {
1683 sta->last_rx = jiffies;
1684 /* STA will be marked associated from TX callback, if
1685 * AssocResp is ACKed */
1687 atomic_dec(&sta->users);
1691 PDEBUG(DEBUG_AP, "%s: %pM %sassoc (len=%d "
1692 "prev_ap=%pM) => %d(%d) (%s)\n",
1695 reassoc ? "re" : "", len,
1697 resp, send_deauth, txt);
1702 /* Called only as a scheduled task for pending AP frames. */
1703 static void handle_deauth(local_info_t *local, struct sk_buff *skb,
1704 struct hostap_80211_rx_status *rx_stats)
1706 struct net_device *dev = local->dev;
1707 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
1708 char *body = (char *) (skb->data + IEEE80211_MGMT_HDR_LEN);
1712 struct sta_info *sta = NULL;
1714 len = skb->len - IEEE80211_MGMT_HDR_LEN;
1717 printk("handle_deauth - too short payload (len=%d)\n", len);
1721 pos = (__le16 *) body;
1722 reason_code = le16_to_cpu(*pos);
1724 PDEBUG(DEBUG_AP, "%s: deauthentication: %pM len=%d, "
1725 "reason_code=%d\n", dev->name, hdr->addr2,
1728 spin_lock_bh(&local->ap->sta_table_lock);
1729 sta = ap_get_sta(local->ap, hdr->addr2);
1731 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap)
1732 hostap_event_expired_sta(local->dev, sta);
1733 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC);
1735 spin_unlock_bh(&local->ap->sta_table_lock);
1737 printk("%s: deauthentication from %pM, "
1738 "reason_code=%d, but STA not authenticated\n", dev->name,
1739 hdr->addr2, reason_code);
1744 /* Called only as a scheduled task for pending AP frames. */
1745 static void handle_disassoc(local_info_t *local, struct sk_buff *skb,
1746 struct hostap_80211_rx_status *rx_stats)
1748 struct net_device *dev = local->dev;
1749 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
1750 char *body = skb->data + IEEE80211_MGMT_HDR_LEN;
1754 struct sta_info *sta = NULL;
1756 len = skb->len - IEEE80211_MGMT_HDR_LEN;
1759 printk("handle_disassoc - too short payload (len=%d)\n", len);
1763 pos = (__le16 *) body;
1764 reason_code = le16_to_cpu(*pos);
1766 PDEBUG(DEBUG_AP, "%s: disassociation: %pM len=%d, "
1767 "reason_code=%d\n", dev->name, hdr->addr2,
1770 spin_lock_bh(&local->ap->sta_table_lock);
1771 sta = ap_get_sta(local->ap, hdr->addr2);
1773 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap)
1774 hostap_event_expired_sta(local->dev, sta);
1775 sta->flags &= ~WLAN_STA_ASSOC;
1777 spin_unlock_bh(&local->ap->sta_table_lock);
1779 printk("%s: disassociation from %pM, "
1780 "reason_code=%d, but STA not authenticated\n",
1781 dev->name, hdr->addr2, reason_code);
1786 /* Called only as a scheduled task for pending AP frames. */
1787 static void ap_handle_data_nullfunc(local_info_t *local,
1788 struct ieee80211_hdr *hdr)
1790 struct net_device *dev = local->dev;
1792 /* some STA f/w's seem to require control::ACK frame for
1793 * data::nullfunc, but at least Prism2 station f/w version 0.8.0 does
1795 * send control::ACK for the data::nullfunc */
1797 printk(KERN_DEBUG "Sending control::ACK for data::nullfunc\n");
1798 prism2_send_mgmt(dev, IEEE80211_FTYPE_CTL | IEEE80211_STYPE_ACK,
1799 NULL, 0, hdr->addr2, 0);
1803 /* Called only as a scheduled task for pending AP frames. */
1804 static void ap_handle_dropped_data(local_info_t *local,
1805 struct ieee80211_hdr *hdr)
1807 struct net_device *dev = local->dev;
1808 struct sta_info *sta;
1811 spin_lock_bh(&local->ap->sta_table_lock);
1812 sta = ap_get_sta(local->ap, hdr->addr2);
1814 atomic_inc(&sta->users);
1815 spin_unlock_bh(&local->ap->sta_table_lock);
1817 if (sta != NULL && (sta->flags & WLAN_STA_ASSOC)) {
1818 PDEBUG(DEBUG_AP, "ap_handle_dropped_data: STA is now okay?\n");
1819 atomic_dec(&sta->users);
1823 reason = cpu_to_le16(WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
1824 prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT |
1825 ((sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) ?
1826 IEEE80211_STYPE_DEAUTH : IEEE80211_STYPE_DISASSOC),
1827 (char *) &reason, sizeof(reason), hdr->addr2, 0);
1830 atomic_dec(&sta->users);
1833 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
1836 /* Called only as a scheduled task for pending AP frames. */
1837 static void pspoll_send_buffered(local_info_t *local, struct sta_info *sta,
1838 struct sk_buff *skb)
1840 struct hostap_skb_tx_data *meta;
1842 if (!(sta->flags & WLAN_STA_PS)) {
1843 /* Station has moved to non-PS mode, so send all buffered
1844 * frames using normal device queue. */
1845 dev_queue_xmit(skb);
1849 /* add a flag for hostap_handle_sta_tx() to know that this skb should
1850 * be passed through even though STA is using PS */
1851 meta = (struct hostap_skb_tx_data *) skb->cb;
1852 meta->flags |= HOSTAP_TX_FLAGS_BUFFERED_FRAME;
1853 if (!skb_queue_empty(&sta->tx_buf)) {
1854 /* indicate to STA that more frames follow */
1855 meta->flags |= HOSTAP_TX_FLAGS_ADD_MOREDATA;
1857 dev_queue_xmit(skb);
1861 /* Called only as a scheduled task for pending AP frames. */
1862 static void handle_pspoll(local_info_t *local,
1863 struct ieee80211_hdr *hdr,
1864 struct hostap_80211_rx_status *rx_stats)
1866 struct net_device *dev = local->dev;
1867 struct sta_info *sta;
1869 struct sk_buff *skb;
1871 PDEBUG(DEBUG_PS2, "handle_pspoll: BSSID=%pM, TA=%pM PWRMGT=%d\n",
1872 hdr->addr1, hdr->addr2, !!ieee80211_has_pm(hdr->frame_control));
1874 if (memcmp(hdr->addr1, dev->dev_addr, ETH_ALEN)) {
1876 "handle_pspoll - addr1(BSSID)=%pM not own MAC\n",
1881 aid = le16_to_cpu(hdr->duration_id);
1882 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14))) {
1883 PDEBUG(DEBUG_PS, " PSPOLL and AID[15:14] not set\n");
1886 aid &= ~(BIT(15) | BIT(14));
1887 if (aid == 0 || aid > MAX_AID_TABLE_SIZE) {
1888 PDEBUG(DEBUG_PS, " invalid aid=%d\n", aid);
1891 PDEBUG(DEBUG_PS2, " aid=%d\n", aid);
1893 spin_lock_bh(&local->ap->sta_table_lock);
1894 sta = ap_get_sta(local->ap, hdr->addr2);
1896 atomic_inc(&sta->users);
1897 spin_unlock_bh(&local->ap->sta_table_lock);
1900 PDEBUG(DEBUG_PS, " STA not found\n");
1903 if (sta->aid != aid) {
1904 PDEBUG(DEBUG_PS, " received aid=%i does not match with "
1905 "assoc.aid=%d\n", aid, sta->aid);
1910 * - add timeout for buffering (clear aid in TIM vector if buffer timed
1911 * out (expiry time must be longer than ListenInterval for
1912 * the corresponding STA; "8802-11: 11.2.1.9 AP aging function"
1913 * - what to do, if buffered, pspolled, and sent frame is not ACKed by
1914 * sta; store buffer for later use and leave TIM aid bit set? use
1915 * TX event to check whether frame was ACKed?
1918 while ((skb = skb_dequeue(&sta->tx_buf)) != NULL) {
1919 /* send buffered frame .. */
1920 PDEBUG(DEBUG_PS2, "Sending buffered frame to STA after PS POLL"
1921 " (buffer_count=%d)\n", skb_queue_len(&sta->tx_buf));
1923 pspoll_send_buffered(local, sta, skb);
1925 if (sta->flags & WLAN_STA_PS) {
1926 /* send only one buffered packet per PS Poll */
1927 /* FIX: should ignore further PS Polls until the
1928 * buffered packet that was just sent is acknowledged
1929 * (Tx or TxExc event) */
1934 if (skb_queue_empty(&sta->tx_buf)) {
1935 /* try to clear aid from TIM */
1936 if (!(sta->flags & WLAN_STA_TIM))
1937 PDEBUG(DEBUG_PS2, "Re-unsetting TIM for aid %d\n",
1939 hostap_set_tim(local, aid, 0);
1940 sta->flags &= ~WLAN_STA_TIM;
1943 atomic_dec(&sta->users);
1947 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
1949 static void handle_wds_oper_queue(struct work_struct *work)
1951 struct ap_data *ap = container_of(work, struct ap_data,
1953 local_info_t *local = ap->local;
1954 struct wds_oper_data *entry, *prev;
1956 spin_lock_bh(&local->lock);
1957 entry = local->ap->wds_oper_entries;
1958 local->ap->wds_oper_entries = NULL;
1959 spin_unlock_bh(&local->lock);
1962 PDEBUG(DEBUG_AP, "%s: %s automatic WDS connection "
1965 entry->type == WDS_ADD ? "adding" : "removing",
1967 if (entry->type == WDS_ADD)
1968 prism2_wds_add(local, entry->addr, 0);
1969 else if (entry->type == WDS_DEL)
1970 prism2_wds_del(local, entry->addr, 0, 1);
1973 entry = entry->next;
1979 /* Called only as a scheduled task for pending AP frames. */
1980 static void handle_beacon(local_info_t *local, struct sk_buff *skb,
1981 struct hostap_80211_rx_status *rx_stats)
1983 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
1984 char *body = skb->data + IEEE80211_MGMT_HDR_LEN;
1986 u16 beacon_int, capability;
1989 unsigned char *supp_rates = NULL;
1990 int ssid_len = 0, supp_rates_len = 0;
1991 struct sta_info *sta = NULL;
1992 int new_sta = 0, channel = -1;
1994 len = skb->len - IEEE80211_MGMT_HDR_LEN;
1996 if (len < 8 + 2 + 2) {
1997 printk(KERN_DEBUG "handle_beacon - too short payload "
2002 pos = (__le16 *) body;
2005 /* Timestamp (8 octets) */
2006 pos += 4; left -= 8;
2007 /* Beacon interval (2 octets) */
2008 beacon_int = le16_to_cpu(*pos);
2010 /* Capability information (2 octets) */
2011 capability = le16_to_cpu(*pos);
2014 if (local->ap->ap_policy != AP_OTHER_AP_EVEN_IBSS &&
2015 capability & WLAN_CAPABILITY_IBSS)
2020 unsigned char *u = (unsigned char *) pos;
2022 if (*u == WLAN_EID_SSID) {
2027 if (ileft > left || ileft > MAX_SSID_LEN) {
2028 PDEBUG(DEBUG_AP, "SSID: overflow\n");
2032 if (local->ap->ap_policy == AP_OTHER_AP_SAME_SSID &&
2033 (ileft != strlen(local->essid) ||
2034 memcmp(local->essid, u, ileft) != 0)) {
2046 if (*u == WLAN_EID_SUPP_RATES) {
2051 if (ileft > left || ileft == 0 || ileft > 8) {
2052 PDEBUG(DEBUG_AP, " - SUPP_RATES len error\n");
2057 supp_rates_len = ileft;
2063 if (*u == WLAN_EID_DS_PARAMS) {
2068 if (ileft > left || ileft != 1) {
2069 PDEBUG(DEBUG_AP, " - DS_PARAMS len error\n");
2080 spin_lock_bh(&local->ap->sta_table_lock);
2081 sta = ap_get_sta(local->ap, hdr->addr2);
2083 atomic_inc(&sta->users);
2084 spin_unlock_bh(&local->ap->sta_table_lock);
2089 sta = ap_add_sta(local->ap, hdr->addr2);
2091 printk(KERN_INFO "prism2: kmalloc failed for AP "
2092 "data structure\n");
2095 hostap_event_new_sta(local->dev, sta);
2097 /* mark APs authentication and associated for pseudo ad-hoc
2098 * style communication */
2099 sta->flags = WLAN_STA_AUTH | WLAN_STA_ASSOC;
2101 if (local->ap->autom_ap_wds) {
2102 hostap_wds_link_oper(local, sta->addr, WDS_ADD);
2108 sta->u.ap.ssid_len = ssid_len;
2109 memcpy(sta->u.ap.ssid, ssid, ssid_len);
2110 sta->u.ap.ssid[ssid_len] = '\0';
2112 sta->u.ap.ssid_len = 0;
2113 sta->u.ap.ssid[0] = '\0';
2115 sta->u.ap.channel = channel;
2117 sta->rx_bytes += len;
2118 sta->u.ap.last_beacon = sta->last_rx = jiffies;
2119 sta->capability = capability;
2120 sta->listen_interval = beacon_int;
2122 atomic_dec(&sta->users);
2125 memset(sta->supported_rates, 0, sizeof(sta->supported_rates));
2126 memcpy(sta->supported_rates, supp_rates, supp_rates_len);
2127 prism2_check_tx_rates(sta);
2131 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
2134 /* Called only as a tasklet. */
2135 static void handle_ap_item(local_info_t *local, struct sk_buff *skb,
2136 struct hostap_80211_rx_status *rx_stats)
2138 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
2139 struct net_device *dev = local->dev;
2140 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
2141 u16 fc, type, stype;
2142 struct ieee80211_hdr *hdr;
2144 /* FIX: should give skb->len to handler functions and check that the
2145 * buffer is long enough */
2146 hdr = (struct ieee80211_hdr *) skb->data;
2147 fc = le16_to_cpu(hdr->frame_control);
2148 type = fc & IEEE80211_FCTL_FTYPE;
2149 stype = fc & IEEE80211_FCTL_STYPE;
2151 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
2152 if (!local->hostapd && type == IEEE80211_FTYPE_DATA) {
2153 PDEBUG(DEBUG_AP, "handle_ap_item - data frame\n");
2155 if (!(fc & IEEE80211_FCTL_TODS) ||
2156 (fc & IEEE80211_FCTL_FROMDS)) {
2157 if (stype == IEEE80211_STYPE_NULLFUNC) {
2158 /* no ToDS nullfunc seems to be used to check
2159 * AP association; so send reject message to
2160 * speed up re-association */
2161 ap_handle_dropped_data(local, hdr);
2164 PDEBUG(DEBUG_AP, " not ToDS frame (fc=0x%04x)\n",
2169 if (memcmp(hdr->addr1, dev->dev_addr, ETH_ALEN)) {
2170 PDEBUG(DEBUG_AP, "handle_ap_item - addr1(BSSID)=%pM"
2171 " not own MAC\n", hdr->addr1);
2175 if (local->ap->nullfunc_ack &&
2176 stype == IEEE80211_STYPE_NULLFUNC)
2177 ap_handle_data_nullfunc(local, hdr);
2179 ap_handle_dropped_data(local, hdr);
2183 if (type == IEEE80211_FTYPE_MGMT && stype == IEEE80211_STYPE_BEACON) {
2184 handle_beacon(local, skb, rx_stats);
2187 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
2189 if (type == IEEE80211_FTYPE_CTL && stype == IEEE80211_STYPE_PSPOLL) {
2190 handle_pspoll(local, hdr, rx_stats);
2194 if (local->hostapd) {
2195 PDEBUG(DEBUG_AP, "Unknown frame in AP queue: type=0x%02x "
2196 "subtype=0x%02x\n", type, stype);
2200 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
2201 if (type != IEEE80211_FTYPE_MGMT) {
2202 PDEBUG(DEBUG_AP, "handle_ap_item - not a management frame?\n");
2206 if (memcmp(hdr->addr1, dev->dev_addr, ETH_ALEN)) {
2207 PDEBUG(DEBUG_AP, "handle_ap_item - addr1(DA)=%pM"
2208 " not own MAC\n", hdr->addr1);
2212 if (memcmp(hdr->addr3, dev->dev_addr, ETH_ALEN)) {
2213 PDEBUG(DEBUG_AP, "handle_ap_item - addr3(BSSID)=%pM"
2214 " not own MAC\n", hdr->addr3);
2219 case IEEE80211_STYPE_ASSOC_REQ:
2220 handle_assoc(local, skb, rx_stats, 0);
2222 case IEEE80211_STYPE_ASSOC_RESP:
2223 PDEBUG(DEBUG_AP, "==> ASSOC RESP (ignored)\n");
2225 case IEEE80211_STYPE_REASSOC_REQ:
2226 handle_assoc(local, skb, rx_stats, 1);
2228 case IEEE80211_STYPE_REASSOC_RESP:
2229 PDEBUG(DEBUG_AP, "==> REASSOC RESP (ignored)\n");
2231 case IEEE80211_STYPE_ATIM:
2232 PDEBUG(DEBUG_AP, "==> ATIM (ignored)\n");
2234 case IEEE80211_STYPE_DISASSOC:
2235 handle_disassoc(local, skb, rx_stats);
2237 case IEEE80211_STYPE_AUTH:
2238 handle_authen(local, skb, rx_stats);
2240 case IEEE80211_STYPE_DEAUTH:
2241 handle_deauth(local, skb, rx_stats);
2244 PDEBUG(DEBUG_AP, "Unknown mgmt frame subtype 0x%02x\n",
2248 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
2255 /* Called only as a tasklet (software IRQ) */
2256 void hostap_rx(struct net_device *dev, struct sk_buff *skb,
2257 struct hostap_80211_rx_status *rx_stats)
2259 struct hostap_interface *iface;
2260 local_info_t *local;
2261 struct ieee80211_hdr *hdr;
2263 iface = netdev_priv(dev);
2264 local = iface->local;
2269 dev->stats.rx_packets++;
2271 hdr = (struct ieee80211_hdr *) skb->data;
2273 if (local->ap->ap_policy == AP_OTHER_AP_SKIP_ALL &&
2274 ieee80211_is_beacon(hdr->frame_control))
2277 skb->protocol = cpu_to_be16(ETH_P_HOSTAP);
2278 handle_ap_item(local, skb, rx_stats);
2286 /* Called only as a tasklet (software IRQ) */
2287 static void schedule_packet_send(local_info_t *local, struct sta_info *sta)
2289 struct sk_buff *skb;
2290 struct ieee80211_hdr *hdr;
2291 struct hostap_80211_rx_status rx_stats;
2293 if (skb_queue_empty(&sta->tx_buf))
2296 skb = dev_alloc_skb(16);
2298 printk(KERN_DEBUG "%s: schedule_packet_send: skb alloc "
2299 "failed\n", local->dev->name);
2303 hdr = (struct ieee80211_hdr *) skb_put(skb, 16);
2305 /* Generate a fake pspoll frame to start packet delivery */
2306 hdr->frame_control = cpu_to_le16(
2307 IEEE80211_FTYPE_CTL | IEEE80211_STYPE_PSPOLL);
2308 memcpy(hdr->addr1, local->dev->dev_addr, ETH_ALEN);
2309 memcpy(hdr->addr2, sta->addr, ETH_ALEN);
2310 hdr->duration_id = cpu_to_le16(sta->aid | BIT(15) | BIT(14));
2313 "%s: Scheduling buffered packet delivery for STA %pM\n",
2314 local->dev->name, sta->addr);
2316 skb->dev = local->dev;
2318 memset(&rx_stats, 0, sizeof(rx_stats));
2319 hostap_rx(local->dev, skb, &rx_stats);
2323 int prism2_ap_get_sta_qual(local_info_t *local, struct sockaddr addr[],
2324 struct iw_quality qual[], int buf_size,
2327 struct ap_data *ap = local->ap;
2328 struct list_head *ptr;
2331 spin_lock_bh(&ap->sta_table_lock);
2333 for (ptr = ap->sta_list.next; ptr != NULL && ptr != &ap->sta_list;
2335 struct sta_info *sta = (struct sta_info *) ptr;
2337 if (aplist && !sta->ap)
2339 addr[count].sa_family = ARPHRD_ETHER;
2340 memcpy(addr[count].sa_data, sta->addr, ETH_ALEN);
2341 if (sta->last_rx_silence == 0)
2342 qual[count].qual = sta->last_rx_signal < 27 ?
2343 0 : (sta->last_rx_signal - 27) * 92 / 127;
2345 qual[count].qual = sta->last_rx_signal -
2346 sta->last_rx_silence - 35;
2347 qual[count].level = HFA384X_LEVEL_TO_dBm(sta->last_rx_signal);
2348 qual[count].noise = HFA384X_LEVEL_TO_dBm(sta->last_rx_silence);
2349 qual[count].updated = sta->last_rx_updated;
2351 sta->last_rx_updated = IW_QUAL_DBM;
2354 if (count >= buf_size)
2357 spin_unlock_bh(&ap->sta_table_lock);
2363 /* Translate our list of Access Points & Stations to a card independent
2364 * format that the Wireless Tools will understand - Jean II */
2365 int prism2_ap_translate_scan(struct net_device *dev,
2366 struct iw_request_info *info, char *buffer)
2368 struct hostap_interface *iface;
2369 local_info_t *local;
2371 struct list_head *ptr;
2372 struct iw_event iwe;
2373 char *current_ev = buffer;
2374 char *end_buf = buffer + IW_SCAN_MAX_DATA;
2375 #if !defined(PRISM2_NO_KERNEL_IEEE80211_MGMT)
2379 iface = netdev_priv(dev);
2380 local = iface->local;
2383 spin_lock_bh(&ap->sta_table_lock);
2385 for (ptr = ap->sta_list.next; ptr != NULL && ptr != &ap->sta_list;
2387 struct sta_info *sta = (struct sta_info *) ptr;
2389 /* First entry *MUST* be the AP MAC address */
2390 memset(&iwe, 0, sizeof(iwe));
2391 iwe.cmd = SIOCGIWAP;
2392 iwe.u.ap_addr.sa_family = ARPHRD_ETHER;
2393 memcpy(iwe.u.ap_addr.sa_data, sta->addr, ETH_ALEN);
2394 iwe.len = IW_EV_ADDR_LEN;
2395 current_ev = iwe_stream_add_event(info, current_ev, end_buf,
2396 &iwe, IW_EV_ADDR_LEN);
2398 /* Use the mode to indicate if it's a station or
2399 * an Access Point */
2400 memset(&iwe, 0, sizeof(iwe));
2401 iwe.cmd = SIOCGIWMODE;
2403 iwe.u.mode = IW_MODE_MASTER;
2405 iwe.u.mode = IW_MODE_INFRA;
2406 iwe.len = IW_EV_UINT_LEN;
2407 current_ev = iwe_stream_add_event(info, current_ev, end_buf,
2408 &iwe, IW_EV_UINT_LEN);
2411 memset(&iwe, 0, sizeof(iwe));
2413 if (sta->last_rx_silence == 0)
2414 iwe.u.qual.qual = sta->last_rx_signal < 27 ?
2415 0 : (sta->last_rx_signal - 27) * 92 / 127;
2417 iwe.u.qual.qual = sta->last_rx_signal -
2418 sta->last_rx_silence - 35;
2419 iwe.u.qual.level = HFA384X_LEVEL_TO_dBm(sta->last_rx_signal);
2420 iwe.u.qual.noise = HFA384X_LEVEL_TO_dBm(sta->last_rx_silence);
2421 iwe.u.qual.updated = sta->last_rx_updated;
2422 iwe.len = IW_EV_QUAL_LEN;
2423 current_ev = iwe_stream_add_event(info, current_ev, end_buf,
2424 &iwe, IW_EV_QUAL_LEN);
2426 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
2428 memset(&iwe, 0, sizeof(iwe));
2429 iwe.cmd = SIOCGIWESSID;
2430 iwe.u.data.length = sta->u.ap.ssid_len;
2431 iwe.u.data.flags = 1;
2432 current_ev = iwe_stream_add_point(info, current_ev,
2436 memset(&iwe, 0, sizeof(iwe));
2437 iwe.cmd = SIOCGIWENCODE;
2438 if (sta->capability & WLAN_CAPABILITY_PRIVACY)
2440 IW_ENCODE_ENABLED | IW_ENCODE_NOKEY;
2442 iwe.u.data.flags = IW_ENCODE_DISABLED;
2443 current_ev = iwe_stream_add_point(info, current_ev,
2447 if (sta->u.ap.channel > 0 &&
2448 sta->u.ap.channel <= FREQ_COUNT) {
2449 memset(&iwe, 0, sizeof(iwe));
2450 iwe.cmd = SIOCGIWFREQ;
2451 iwe.u.freq.m = freq_list[sta->u.ap.channel - 1]
2454 current_ev = iwe_stream_add_event(
2455 info, current_ev, end_buf, &iwe,
2459 memset(&iwe, 0, sizeof(iwe));
2460 iwe.cmd = IWEVCUSTOM;
2461 sprintf(buf, "beacon_interval=%d",
2462 sta->listen_interval);
2463 iwe.u.data.length = strlen(buf);
2464 current_ev = iwe_stream_add_point(info, current_ev,
2465 end_buf, &iwe, buf);
2467 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
2469 sta->last_rx_updated = IW_QUAL_DBM;
2471 /* To be continued, we should make good use of IWEVCUSTOM */
2474 spin_unlock_bh(&ap->sta_table_lock);
2476 return current_ev - buffer;
2480 static int prism2_hostapd_add_sta(struct ap_data *ap,
2481 struct prism2_hostapd_param *param)
2483 struct sta_info *sta;
2485 spin_lock_bh(&ap->sta_table_lock);
2486 sta = ap_get_sta(ap, param->sta_addr);
2488 atomic_inc(&sta->users);
2489 spin_unlock_bh(&ap->sta_table_lock);
2492 sta = ap_add_sta(ap, param->sta_addr);
2497 if (!(sta->flags & WLAN_STA_ASSOC) && !sta->ap && sta->local)
2498 hostap_event_new_sta(sta->local->dev, sta);
2500 sta->flags |= WLAN_STA_AUTH | WLAN_STA_ASSOC;
2501 sta->last_rx = jiffies;
2502 sta->aid = param->u.add_sta.aid;
2503 sta->capability = param->u.add_sta.capability;
2504 sta->tx_supp_rates = param->u.add_sta.tx_supp_rates;
2505 if (sta->tx_supp_rates & WLAN_RATE_1M)
2506 sta->supported_rates[0] = 2;
2507 if (sta->tx_supp_rates & WLAN_RATE_2M)
2508 sta->supported_rates[1] = 4;
2509 if (sta->tx_supp_rates & WLAN_RATE_5M5)
2510 sta->supported_rates[2] = 11;
2511 if (sta->tx_supp_rates & WLAN_RATE_11M)
2512 sta->supported_rates[3] = 22;
2513 prism2_check_tx_rates(sta);
2514 atomic_dec(&sta->users);
2519 static int prism2_hostapd_remove_sta(struct ap_data *ap,
2520 struct prism2_hostapd_param *param)
2522 struct sta_info *sta;
2524 spin_lock_bh(&ap->sta_table_lock);
2525 sta = ap_get_sta(ap, param->sta_addr);
2527 ap_sta_hash_del(ap, sta);
2528 list_del(&sta->list);
2530 spin_unlock_bh(&ap->sta_table_lock);
2535 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap && sta->local)
2536 hostap_event_expired_sta(sta->local->dev, sta);
2537 ap_free_sta(ap, sta);
2543 static int prism2_hostapd_get_info_sta(struct ap_data *ap,
2544 struct prism2_hostapd_param *param)
2546 struct sta_info *sta;
2548 spin_lock_bh(&ap->sta_table_lock);
2549 sta = ap_get_sta(ap, param->sta_addr);
2551 atomic_inc(&sta->users);
2552 spin_unlock_bh(&ap->sta_table_lock);
2557 param->u.get_info_sta.inactive_sec = (jiffies - sta->last_rx) / HZ;
2559 atomic_dec(&sta->users);
2565 static int prism2_hostapd_set_flags_sta(struct ap_data *ap,
2566 struct prism2_hostapd_param *param)
2568 struct sta_info *sta;
2570 spin_lock_bh(&ap->sta_table_lock);
2571 sta = ap_get_sta(ap, param->sta_addr);
2573 sta->flags |= param->u.set_flags_sta.flags_or;
2574 sta->flags &= param->u.set_flags_sta.flags_and;
2576 spin_unlock_bh(&ap->sta_table_lock);
2585 static int prism2_hostapd_sta_clear_stats(struct ap_data *ap,
2586 struct prism2_hostapd_param *param)
2588 struct sta_info *sta;
2591 spin_lock_bh(&ap->sta_table_lock);
2592 sta = ap_get_sta(ap, param->sta_addr);
2594 sta->rx_packets = sta->tx_packets = 0;
2595 sta->rx_bytes = sta->tx_bytes = 0;
2596 for (rate = 0; rate < WLAN_RATE_COUNT; rate++) {
2597 sta->tx_count[rate] = 0;
2598 sta->rx_count[rate] = 0;
2601 spin_unlock_bh(&ap->sta_table_lock);
2610 int prism2_hostapd(struct ap_data *ap, struct prism2_hostapd_param *param)
2612 switch (param->cmd) {
2613 case PRISM2_HOSTAPD_FLUSH:
2614 ap_control_kickall(ap);
2616 case PRISM2_HOSTAPD_ADD_STA:
2617 return prism2_hostapd_add_sta(ap, param);
2618 case PRISM2_HOSTAPD_REMOVE_STA:
2619 return prism2_hostapd_remove_sta(ap, param);
2620 case PRISM2_HOSTAPD_GET_INFO_STA:
2621 return prism2_hostapd_get_info_sta(ap, param);
2622 case PRISM2_HOSTAPD_SET_FLAGS_STA:
2623 return prism2_hostapd_set_flags_sta(ap, param);
2624 case PRISM2_HOSTAPD_STA_CLEAR_STATS:
2625 return prism2_hostapd_sta_clear_stats(ap, param);
2627 printk(KERN_WARNING "prism2_hostapd: unknown cmd=%d\n",
2634 /* Update station info for host-based TX rate control and return current
2636 static int ap_update_sta_tx_rate(struct sta_info *sta, struct net_device *dev)
2638 int ret = sta->tx_rate;
2639 struct hostap_interface *iface;
2640 local_info_t *local;
2642 iface = netdev_priv(dev);
2643 local = iface->local;
2645 sta->tx_count[sta->tx_rate_idx]++;
2646 sta->tx_since_last_failure++;
2647 sta->tx_consecutive_exc = 0;
2648 if (sta->tx_since_last_failure >= WLAN_RATE_UPDATE_COUNT &&
2649 sta->tx_rate_idx < sta->tx_max_rate) {
2650 /* use next higher rate */
2651 int old_rate, new_rate;
2652 old_rate = new_rate = sta->tx_rate_idx;
2653 while (new_rate < sta->tx_max_rate) {
2655 if (ap_tx_rate_ok(new_rate, sta, local)) {
2656 sta->tx_rate_idx = new_rate;
2660 if (old_rate != sta->tx_rate_idx) {
2661 switch (sta->tx_rate_idx) {
2662 case 0: sta->tx_rate = 10; break;
2663 case 1: sta->tx_rate = 20; break;
2664 case 2: sta->tx_rate = 55; break;
2665 case 3: sta->tx_rate = 110; break;
2666 default: sta->tx_rate = 0; break;
2668 PDEBUG(DEBUG_AP, "%s: STA %pM TX rate raised to %d\n",
2669 dev->name, sta->addr, sta->tx_rate);
2671 sta->tx_since_last_failure = 0;
2678 /* Called only from software IRQ. Called for each TX frame prior possible
2679 * encryption and transmit. */
2680 ap_tx_ret hostap_handle_sta_tx(local_info_t *local, struct hostap_tx_data *tx)
2682 struct sta_info *sta = NULL;
2683 struct sk_buff *skb = tx->skb;
2685 struct ieee80211_hdr *hdr;
2686 struct hostap_skb_tx_data *meta;
2688 meta = (struct hostap_skb_tx_data *) skb->cb;
2689 ret = AP_TX_CONTINUE;
2690 if (local->ap == NULL || skb->len < 10 ||
2691 meta->iface->type == HOSTAP_INTERFACE_STA)
2694 hdr = (struct ieee80211_hdr *) skb->data;
2696 if (hdr->addr1[0] & 0x01) {
2697 /* broadcast/multicast frame - no AP related processing */
2698 if (local->ap->num_sta <= 0)
2703 /* unicast packet - check whether destination STA is associated */
2704 spin_lock(&local->ap->sta_table_lock);
2705 sta = ap_get_sta(local->ap, hdr->addr1);
2707 atomic_inc(&sta->users);
2708 spin_unlock(&local->ap->sta_table_lock);
2710 if (local->iw_mode == IW_MODE_MASTER && sta == NULL &&
2711 !(meta->flags & HOSTAP_TX_FLAGS_WDS) &&
2712 meta->iface->type != HOSTAP_INTERFACE_MASTER &&
2713 meta->iface->type != HOSTAP_INTERFACE_AP) {
2715 /* This can happen, e.g., when wlan0 is added to a bridge and
2716 * bridging code does not know which port is the correct target
2717 * for a unicast frame. In this case, the packet is send to all
2718 * ports of the bridge. Since this is a valid scenario, do not
2719 * print out any errors here. */
2720 if (net_ratelimit()) {
2721 printk(KERN_DEBUG "AP: drop packet to non-associated "
2722 "STA %pM\n", hdr->addr1);
2725 local->ap->tx_drop_nonassoc++;
2733 if (!(sta->flags & WLAN_STA_AUTHORIZED))
2734 ret = AP_TX_CONTINUE_NOT_AUTHORIZED;
2736 /* Set tx_rate if using host-based TX rate control */
2737 if (!local->fw_tx_rate_control)
2738 local->ap->last_tx_rate = meta->rate =
2739 ap_update_sta_tx_rate(sta, local->dev);
2741 if (local->iw_mode != IW_MODE_MASTER)
2744 if (!(sta->flags & WLAN_STA_PS))
2747 if (meta->flags & HOSTAP_TX_FLAGS_ADD_MOREDATA) {
2748 /* indicate to STA that more frames follow */
2749 hdr->frame_control |=
2750 cpu_to_le16(IEEE80211_FCTL_MOREDATA);
2753 if (meta->flags & HOSTAP_TX_FLAGS_BUFFERED_FRAME) {
2754 /* packet was already buffered and now send due to
2755 * PS poll, so do not rebuffer it */
2759 if (skb_queue_len(&sta->tx_buf) >= STA_MAX_TX_BUFFER) {
2760 PDEBUG(DEBUG_PS, "%s: No more space in STA (%pM)'s"
2762 local->dev->name, sta->addr);
2763 /* Make sure that TIM is set for the station (it might not be
2764 * after AP wlan hw reset). */
2765 /* FIX: should fix hw reset to restore bits based on STA
2767 hostap_set_tim(local, sta->aid, 1);
2768 sta->flags |= WLAN_STA_TIM;
2773 /* STA in PS mode, buffer frame for later delivery */
2774 set_tim = skb_queue_empty(&sta->tx_buf);
2775 skb_queue_tail(&sta->tx_buf, skb);
2776 /* FIX: could save RX time to skb and expire buffered frames after
2777 * some time if STA does not poll for them */
2780 if (sta->flags & WLAN_STA_TIM)
2781 PDEBUG(DEBUG_PS2, "Re-setting TIM for aid %d\n",
2783 hostap_set_tim(local, sta->aid, 1);
2784 sta->flags |= WLAN_STA_TIM;
2787 ret = AP_TX_BUFFERED;
2791 if (ret == AP_TX_CONTINUE ||
2792 ret == AP_TX_CONTINUE_NOT_AUTHORIZED) {
2794 sta->tx_bytes += skb->len;
2795 sta->last_tx = jiffies;
2798 if ((ret == AP_TX_CONTINUE ||
2799 ret == AP_TX_CONTINUE_NOT_AUTHORIZED) &&
2800 sta->crypt && tx->host_encrypt) {
2801 tx->crypt = sta->crypt;
2802 tx->sta_ptr = sta; /* hostap_handle_sta_release() will
2803 * be called to release sta info
2806 atomic_dec(&sta->users);
2813 void hostap_handle_sta_release(void *ptr)
2815 struct sta_info *sta = ptr;
2816 atomic_dec(&sta->users);
2820 /* Called only as a tasklet (software IRQ) */
2821 void hostap_handle_sta_tx_exc(local_info_t *local, struct sk_buff *skb)
2823 struct sta_info *sta;
2824 struct ieee80211_hdr *hdr;
2825 struct hostap_skb_tx_data *meta;
2827 hdr = (struct ieee80211_hdr *) skb->data;
2828 meta = (struct hostap_skb_tx_data *) skb->cb;
2830 spin_lock(&local->ap->sta_table_lock);
2831 sta = ap_get_sta(local->ap, hdr->addr1);
2833 spin_unlock(&local->ap->sta_table_lock);
2834 PDEBUG(DEBUG_AP, "%s: Could not find STA %pM"
2835 " for this TX error (@%lu)\n",
2836 local->dev->name, hdr->addr1, jiffies);
2840 sta->tx_since_last_failure = 0;
2841 sta->tx_consecutive_exc++;
2843 if (sta->tx_consecutive_exc >= WLAN_RATE_DECREASE_THRESHOLD &&
2844 sta->tx_rate_idx > 0 && meta->rate <= sta->tx_rate) {
2845 /* use next lower rate */
2847 old = rate = sta->tx_rate_idx;
2850 if (ap_tx_rate_ok(rate, sta, local)) {
2851 sta->tx_rate_idx = rate;
2855 if (old != sta->tx_rate_idx) {
2856 switch (sta->tx_rate_idx) {
2857 case 0: sta->tx_rate = 10; break;
2858 case 1: sta->tx_rate = 20; break;
2859 case 2: sta->tx_rate = 55; break;
2860 case 3: sta->tx_rate = 110; break;
2861 default: sta->tx_rate = 0; break;
2864 "%s: STA %pM TX rate lowered to %d\n",
2865 local->dev->name, sta->addr, sta->tx_rate);
2867 sta->tx_consecutive_exc = 0;
2869 spin_unlock(&local->ap->sta_table_lock);
2873 static void hostap_update_sta_ps2(local_info_t *local, struct sta_info *sta,
2874 int pwrmgt, int type, int stype)
2876 if (pwrmgt && !(sta->flags & WLAN_STA_PS)) {
2877 sta->flags |= WLAN_STA_PS;
2878 PDEBUG(DEBUG_PS2, "STA %pM changed to use PS "
2879 "mode (type=0x%02X, stype=0x%02X)\n",
2880 sta->addr, type >> 2, stype >> 4);
2881 } else if (!pwrmgt && (sta->flags & WLAN_STA_PS)) {
2882 sta->flags &= ~WLAN_STA_PS;
2883 PDEBUG(DEBUG_PS2, "STA %pM changed to not use "
2884 "PS mode (type=0x%02X, stype=0x%02X)\n",
2885 sta->addr, type >> 2, stype >> 4);
2886 if (type != IEEE80211_FTYPE_CTL ||
2887 stype != IEEE80211_STYPE_PSPOLL)
2888 schedule_packet_send(local, sta);
2893 /* Called only as a tasklet (software IRQ). Called for each RX frame to update
2894 * STA power saving state. pwrmgt is a flag from 802.11 frame_control field. */
2895 int hostap_update_sta_ps(local_info_t *local, struct ieee80211_hdr *hdr)
2897 struct sta_info *sta;
2900 spin_lock(&local->ap->sta_table_lock);
2901 sta = ap_get_sta(local->ap, hdr->addr2);
2903 atomic_inc(&sta->users);
2904 spin_unlock(&local->ap->sta_table_lock);
2909 fc = le16_to_cpu(hdr->frame_control);
2910 hostap_update_sta_ps2(local, sta, fc & IEEE80211_FCTL_PM,
2911 fc & IEEE80211_FCTL_FTYPE,
2912 fc & IEEE80211_FCTL_STYPE);
2914 atomic_dec(&sta->users);
2919 /* Called only as a tasklet (software IRQ). Called for each RX frame after
2920 * getting RX header and payload from hardware. */
2921 ap_rx_ret hostap_handle_sta_rx(local_info_t *local, struct net_device *dev,
2922 struct sk_buff *skb,
2923 struct hostap_80211_rx_status *rx_stats,
2927 struct sta_info *sta;
2928 u16 fc, type, stype;
2929 struct ieee80211_hdr *hdr;
2931 if (local->ap == NULL)
2932 return AP_RX_CONTINUE;
2934 hdr = (struct ieee80211_hdr *) skb->data;
2936 fc = le16_to_cpu(hdr->frame_control);
2937 type = fc & IEEE80211_FCTL_FTYPE;
2938 stype = fc & IEEE80211_FCTL_STYPE;
2940 spin_lock(&local->ap->sta_table_lock);
2941 sta = ap_get_sta(local->ap, hdr->addr2);
2943 atomic_inc(&sta->users);
2944 spin_unlock(&local->ap->sta_table_lock);
2946 if (sta && !(sta->flags & WLAN_STA_AUTHORIZED))
2947 ret = AP_RX_CONTINUE_NOT_AUTHORIZED;
2949 ret = AP_RX_CONTINUE;
2952 if (fc & IEEE80211_FCTL_TODS) {
2953 if (!wds && (sta == NULL || !(sta->flags & WLAN_STA_ASSOC))) {
2954 if (local->hostapd) {
2955 prism2_rx_80211(local->apdev, skb, rx_stats,
2956 PRISM2_RX_NON_ASSOC);
2957 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
2959 printk(KERN_DEBUG "%s: dropped received packet"
2960 " from non-associated STA %pM"
2961 " (type=0x%02x, subtype=0x%02x)\n",
2962 dev->name, hdr->addr2,
2963 type >> 2, stype >> 4);
2964 hostap_rx(dev, skb, rx_stats);
2965 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
2970 } else if (fc & IEEE80211_FCTL_FROMDS) {
2972 /* FromDS frame - not for us; probably
2973 * broadcast/multicast in another BSS - drop */
2974 if (memcmp(hdr->addr1, dev->dev_addr, ETH_ALEN) == 0) {
2975 printk(KERN_DEBUG "Odd.. FromDS packet "
2976 "received with own BSSID\n");
2977 hostap_dump_rx_80211(dev->name, skb, rx_stats);
2982 } else if (stype == IEEE80211_STYPE_NULLFUNC && sta == NULL &&
2983 memcmp(hdr->addr1, dev->dev_addr, ETH_ALEN) == 0) {
2985 if (local->hostapd) {
2986 prism2_rx_80211(local->apdev, skb, rx_stats,
2987 PRISM2_RX_NON_ASSOC);
2988 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
2990 /* At least Lucent f/w seems to send data::nullfunc
2991 * frames with no ToDS flag when the current AP returns
2992 * after being unavailable for some time. Speed up
2993 * re-association by informing the station about it not
2994 * being associated. */
2995 printk(KERN_DEBUG "%s: rejected received nullfunc frame"
2996 " without ToDS from not associated STA %pM\n",
2997 dev->name, hdr->addr2);
2998 hostap_rx(dev, skb, rx_stats);
2999 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
3003 } else if (stype == IEEE80211_STYPE_NULLFUNC) {
3004 /* At least Lucent cards seem to send periodic nullfunc
3005 * frames with ToDS. Let these through to update SQ
3006 * stats and PS state. Nullfunc frames do not contain
3007 * any data and they will be dropped below. */
3009 /* If BSSID (Addr3) is foreign, this frame is a normal
3010 * broadcast frame from an IBSS network. Drop it silently.
3011 * If BSSID is own, report the dropping of this frame. */
3012 if (memcmp(hdr->addr3, dev->dev_addr, ETH_ALEN) == 0) {
3013 printk(KERN_DEBUG "%s: dropped received packet from %pM"
3014 " with no ToDS flag "
3015 "(type=0x%02x, subtype=0x%02x)\n", dev->name,
3016 hdr->addr2, type >> 2, stype >> 4);
3017 hostap_dump_rx_80211(dev->name, skb, rx_stats);
3024 hostap_update_sta_ps2(local, sta, fc & IEEE80211_FCTL_PM,
3028 sta->rx_bytes += skb->len;
3029 sta->last_rx = jiffies;
3032 if (local->ap->nullfunc_ack && stype == IEEE80211_STYPE_NULLFUNC &&
3033 fc & IEEE80211_FCTL_TODS) {
3034 if (local->hostapd) {
3035 prism2_rx_80211(local->apdev, skb, rx_stats,
3036 PRISM2_RX_NULLFUNC_ACK);
3037 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
3039 /* some STA f/w's seem to require control::ACK frame
3040 * for data::nullfunc, but Prism2 f/w 0.8.0 (at least
3041 * from Compaq) does not send this.. Try to generate
3042 * ACK for these frames from the host driver to make
3043 * power saving work with, e.g., Lucent WaveLAN f/w */
3044 hostap_rx(dev, skb, rx_stats);
3045 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
3053 atomic_dec(&sta->users);
3059 /* Called only as a tasklet (software IRQ) */
3060 int hostap_handle_sta_crypto(local_info_t *local,
3061 struct ieee80211_hdr *hdr,
3062 struct lib80211_crypt_data **crypt,
3065 struct sta_info *sta;
3067 spin_lock(&local->ap->sta_table_lock);
3068 sta = ap_get_sta(local->ap, hdr->addr2);
3070 atomic_inc(&sta->users);
3071 spin_unlock(&local->ap->sta_table_lock);
3077 *crypt = sta->crypt;
3079 /* hostap_handle_sta_release() will be called to release STA
3082 atomic_dec(&sta->users);
3088 /* Called only as a tasklet (software IRQ) */
3089 int hostap_is_sta_assoc(struct ap_data *ap, u8 *sta_addr)
3091 struct sta_info *sta;
3094 spin_lock(&ap->sta_table_lock);
3095 sta = ap_get_sta(ap, sta_addr);
3096 if (sta != NULL && (sta->flags & WLAN_STA_ASSOC) && !sta->ap)
3098 spin_unlock(&ap->sta_table_lock);
3104 /* Called only as a tasklet (software IRQ) */
3105 int hostap_is_sta_authorized(struct ap_data *ap, u8 *sta_addr)
3107 struct sta_info *sta;
3110 spin_lock(&ap->sta_table_lock);
3111 sta = ap_get_sta(ap, sta_addr);
3112 if (sta != NULL && (sta->flags & WLAN_STA_ASSOC) && !sta->ap &&
3113 ((sta->flags & WLAN_STA_AUTHORIZED) ||
3114 ap->local->ieee_802_1x == 0))
3116 spin_unlock(&ap->sta_table_lock);
3122 /* Called only as a tasklet (software IRQ) */
3123 int hostap_add_sta(struct ap_data *ap, u8 *sta_addr)
3125 struct sta_info *sta;
3131 spin_lock(&ap->sta_table_lock);
3132 sta = ap_get_sta(ap, sta_addr);
3135 spin_unlock(&ap->sta_table_lock);
3138 sta = ap_add_sta(ap, sta_addr);
3141 sta->flags = WLAN_STA_AUTH | WLAN_STA_ASSOC;
3143 memset(sta->supported_rates, 0, sizeof(sta->supported_rates));
3144 /* No way of knowing which rates are supported since we did not
3145 * get supported rates element from beacon/assoc req. Assume
3146 * that remote end supports all 802.11b rates. */
3147 sta->supported_rates[0] = 0x82;
3148 sta->supported_rates[1] = 0x84;
3149 sta->supported_rates[2] = 0x0b;
3150 sta->supported_rates[3] = 0x16;
3151 sta->tx_supp_rates = WLAN_RATE_1M | WLAN_RATE_2M |
3152 WLAN_RATE_5M5 | WLAN_RATE_11M;
3154 sta->tx_max_rate = sta->tx_rate_idx = 3;
3161 /* Called only as a tasklet (software IRQ) */
3162 int hostap_update_rx_stats(struct ap_data *ap,
3163 struct ieee80211_hdr *hdr,
3164 struct hostap_80211_rx_status *rx_stats)
3166 struct sta_info *sta;
3171 spin_lock(&ap->sta_table_lock);
3172 sta = ap_get_sta(ap, hdr->addr2);
3174 sta->last_rx_silence = rx_stats->noise;
3175 sta->last_rx_signal = rx_stats->signal;
3176 sta->last_rx_rate = rx_stats->rate;
3177 sta->last_rx_updated = IW_QUAL_ALL_UPDATED | IW_QUAL_DBM;
3178 if (rx_stats->rate == 10)
3180 else if (rx_stats->rate == 20)
3182 else if (rx_stats->rate == 55)
3184 else if (rx_stats->rate == 110)
3187 spin_unlock(&ap->sta_table_lock);
3189 return sta ? 0 : -1;
3193 void hostap_update_rates(local_info_t *local)
3195 struct sta_info *sta;
3196 struct ap_data *ap = local->ap;
3201 spin_lock_bh(&ap->sta_table_lock);
3202 list_for_each_entry(sta, &ap->sta_list, list) {
3203 prism2_check_tx_rates(sta);
3205 spin_unlock_bh(&ap->sta_table_lock);
3209 void * ap_crypt_get_ptrs(struct ap_data *ap, u8 *addr, int permanent,
3210 struct lib80211_crypt_data ***crypt)
3212 struct sta_info *sta;
3214 spin_lock_bh(&ap->sta_table_lock);
3215 sta = ap_get_sta(ap, addr);
3217 atomic_inc(&sta->users);
3218 spin_unlock_bh(&ap->sta_table_lock);
3220 if (!sta && permanent)
3221 sta = ap_add_sta(ap, addr);
3227 sta->flags |= WLAN_STA_PERM;
3229 *crypt = &sta->crypt;
3235 void hostap_add_wds_links(local_info_t *local)
3237 struct ap_data *ap = local->ap;
3238 struct sta_info *sta;
3240 spin_lock_bh(&ap->sta_table_lock);
3241 list_for_each_entry(sta, &ap->sta_list, list) {
3243 hostap_wds_link_oper(local, sta->addr, WDS_ADD);
3245 spin_unlock_bh(&ap->sta_table_lock);
3247 schedule_work(&local->ap->wds_oper_queue);
3251 void hostap_wds_link_oper(local_info_t *local, u8 *addr, wds_oper_type type)
3253 struct wds_oper_data *entry;
3255 entry = kmalloc(sizeof(*entry), GFP_ATOMIC);
3258 memcpy(entry->addr, addr, ETH_ALEN);
3260 spin_lock_bh(&local->lock);
3261 entry->next = local->ap->wds_oper_entries;
3262 local->ap->wds_oper_entries = entry;
3263 spin_unlock_bh(&local->lock);
3265 schedule_work(&local->ap->wds_oper_queue);
3269 EXPORT_SYMBOL(hostap_init_data);
3270 EXPORT_SYMBOL(hostap_init_ap_proc);
3271 EXPORT_SYMBOL(hostap_free_data);
3272 EXPORT_SYMBOL(hostap_check_sta_fw_version);
3273 EXPORT_SYMBOL(hostap_handle_sta_tx_exc);
3274 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
3275 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */