2 * mac80211 work implementation
4 * Copyright 2003-2008, Jouni Malinen <j@w1.fi>
5 * Copyright 2004, Instant802 Networks, Inc.
6 * Copyright 2005, Devicescape Software, Inc.
7 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
8 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
9 * Copyright 2009, Johannes Berg <johannes@sipsolutions.net>
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License version 2 as
13 * published by the Free Software Foundation.
16 #include <linux/delay.h>
17 #include <linux/if_ether.h>
18 #include <linux/skbuff.h>
19 #include <linux/if_arp.h>
20 #include <linux/etherdevice.h>
21 #include <linux/crc32.h>
22 #include <linux/slab.h>
23 #include <net/mac80211.h>
24 #include <asm/unaligned.h>
26 #include "ieee80211_i.h"
29 #define IEEE80211_AUTH_TIMEOUT (HZ / 5)
30 #define IEEE80211_AUTH_MAX_TRIES 3
31 #define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
32 #define IEEE80211_ASSOC_MAX_TRIES 3
33 #define IEEE80211_MAX_PROBE_TRIES 5
44 static inline void ASSERT_WORK_MTX(struct ieee80211_local *local)
46 lockdep_assert_held(&local->mtx);
50 * We can have multiple work items (and connection probing)
51 * scheduling this timer, but we need to take care to only
52 * reschedule it when it should fire _earlier_ than it was
53 * asked for before, or if it's not pending right now. This
54 * function ensures that. Note that it then is required to
55 * run this function for all timeouts after the first one
56 * has happened -- the work that runs from this timer will
59 static void run_again(struct ieee80211_local *local,
60 unsigned long timeout)
62 ASSERT_WORK_MTX(local);
64 if (!timer_pending(&local->work_timer) ||
65 time_before(timeout, local->work_timer.expires))
66 mod_timer(&local->work_timer, timeout);
69 static void work_free_rcu(struct rcu_head *head)
71 struct ieee80211_work *wk =
72 container_of(head, struct ieee80211_work, rcu_head);
77 void free_work(struct ieee80211_work *wk)
79 call_rcu(&wk->rcu_head, work_free_rcu);
82 static int ieee80211_compatible_rates(const u8 *supp_rates, int supp_rates_len,
83 struct ieee80211_supported_band *sband,
89 for (i = 0; i < supp_rates_len; i++) {
90 int rate = (supp_rates[i] & 0x7F) * 5;
92 for (j = 0; j < sband->n_bitrates; j++)
93 if (sband->bitrates[j].bitrate == rate) {
103 /* frame sending functions */
105 static void ieee80211_add_ht_ie(struct sk_buff *skb, const u8 *ht_info_ie,
106 struct ieee80211_supported_band *sband,
107 struct ieee80211_channel *channel,
108 enum ieee80211_smps_mode smps)
110 struct ieee80211_ht_info *ht_info;
112 u32 flags = channel->flags;
113 u16 cap = sband->ht_cap.cap;
116 if (!sband->ht_cap.ht_supported)
122 if (ht_info_ie[1] < sizeof(struct ieee80211_ht_info))
125 ht_info = (struct ieee80211_ht_info *)(ht_info_ie + 2);
127 /* determine capability flags */
129 switch (ht_info->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
130 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
131 if (flags & IEEE80211_CHAN_NO_HT40PLUS) {
132 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
133 cap &= ~IEEE80211_HT_CAP_SGI_40;
136 case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
137 if (flags & IEEE80211_CHAN_NO_HT40MINUS) {
138 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
139 cap &= ~IEEE80211_HT_CAP_SGI_40;
144 /* set SM PS mode properly */
145 cap &= ~IEEE80211_HT_CAP_SM_PS;
147 case IEEE80211_SMPS_AUTOMATIC:
148 case IEEE80211_SMPS_NUM_MODES:
150 case IEEE80211_SMPS_OFF:
151 cap |= WLAN_HT_CAP_SM_PS_DISABLED <<
152 IEEE80211_HT_CAP_SM_PS_SHIFT;
154 case IEEE80211_SMPS_STATIC:
155 cap |= WLAN_HT_CAP_SM_PS_STATIC <<
156 IEEE80211_HT_CAP_SM_PS_SHIFT;
158 case IEEE80211_SMPS_DYNAMIC:
159 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC <<
160 IEEE80211_HT_CAP_SM_PS_SHIFT;
164 /* reserve and fill IE */
166 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2);
167 *pos++ = WLAN_EID_HT_CAPABILITY;
168 *pos++ = sizeof(struct ieee80211_ht_cap);
169 memset(pos, 0, sizeof(struct ieee80211_ht_cap));
171 /* capability flags */
172 tmp = cpu_to_le16(cap);
173 memcpy(pos, &tmp, sizeof(u16));
176 /* AMPDU parameters */
177 *pos++ = sband->ht_cap.ampdu_factor |
178 (sband->ht_cap.ampdu_density <<
179 IEEE80211_HT_AMPDU_PARM_DENSITY_SHIFT);
182 memcpy(pos, &sband->ht_cap.mcs, sizeof(sband->ht_cap.mcs));
183 pos += sizeof(sband->ht_cap.mcs);
185 /* extended capabilities */
186 pos += sizeof(__le16);
188 /* BF capabilities */
189 pos += sizeof(__le32);
191 /* antenna selection */
195 static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata,
196 struct ieee80211_work *wk)
198 struct ieee80211_local *local = sdata->local;
200 struct ieee80211_mgmt *mgmt;
203 size_t offset = 0, noffset;
204 int i, len, count, rates_len, supp_rates_len;
206 struct ieee80211_supported_band *sband;
209 sband = local->hw.wiphy->bands[wk->chan->band];
211 if (wk->assoc.supp_rates_len) {
213 * Get all rates supported by the device and the AP as
214 * some APs don't like getting a superset of their rates
215 * in the association request (e.g. D-Link DAP 1353 in
218 rates_len = ieee80211_compatible_rates(wk->assoc.supp_rates,
219 wk->assoc.supp_rates_len,
223 * In case AP not provide any supported rates information
224 * before association, we send information element(s) with
225 * all rates that we support.
228 rates_len = sband->n_bitrates;
231 skb = alloc_skb(local->hw.extra_tx_headroom +
232 sizeof(*mgmt) + /* bit too much but doesn't matter */
233 2 + wk->assoc.ssid_len + /* SSID */
234 4 + rates_len + /* (extended) rates */
235 4 + /* power capability */
236 2 + 2 * sband->n_channels + /* supported channels */
237 2 + sizeof(struct ieee80211_ht_cap) + /* HT */
238 wk->ie_len + /* extra IEs */
242 printk(KERN_DEBUG "%s: failed to allocate buffer for assoc "
243 "frame\n", sdata->name);
246 skb_reserve(skb, local->hw.extra_tx_headroom);
248 capab = WLAN_CAPABILITY_ESS;
250 if (sband->band == IEEE80211_BAND_2GHZ) {
251 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE))
252 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
253 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE))
254 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
257 if (wk->assoc.capability & WLAN_CAPABILITY_PRIVACY)
258 capab |= WLAN_CAPABILITY_PRIVACY;
260 if ((wk->assoc.capability & WLAN_CAPABILITY_SPECTRUM_MGMT) &&
261 (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT))
262 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;
264 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
266 memcpy(mgmt->da, wk->filter_ta, ETH_ALEN);
267 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
268 memcpy(mgmt->bssid, wk->filter_ta, ETH_ALEN);
270 if (!is_zero_ether_addr(wk->assoc.prev_bssid)) {
272 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
273 IEEE80211_STYPE_REASSOC_REQ);
274 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab);
275 mgmt->u.reassoc_req.listen_interval =
276 cpu_to_le16(local->hw.conf.listen_interval);
277 memcpy(mgmt->u.reassoc_req.current_ap, wk->assoc.prev_bssid,
281 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
282 IEEE80211_STYPE_ASSOC_REQ);
283 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab);
284 mgmt->u.assoc_req.listen_interval =
285 cpu_to_le16(local->hw.conf.listen_interval);
289 ies = pos = skb_put(skb, 2 + wk->assoc.ssid_len);
290 *pos++ = WLAN_EID_SSID;
291 *pos++ = wk->assoc.ssid_len;
292 memcpy(pos, wk->assoc.ssid, wk->assoc.ssid_len);
294 /* add all rates which were marked to be used above */
295 supp_rates_len = rates_len;
296 if (supp_rates_len > 8)
299 len = sband->n_bitrates;
300 pos = skb_put(skb, supp_rates_len + 2);
301 *pos++ = WLAN_EID_SUPP_RATES;
302 *pos++ = supp_rates_len;
305 for (i = 0; i < sband->n_bitrates; i++) {
306 if (BIT(i) & rates) {
307 int rate = sband->bitrates[i].bitrate;
308 *pos++ = (u8) (rate / 5);
314 if (rates_len > count) {
315 pos = skb_put(skb, rates_len - count + 2);
316 *pos++ = WLAN_EID_EXT_SUPP_RATES;
317 *pos++ = rates_len - count;
319 for (i++; i < sband->n_bitrates; i++) {
320 if (BIT(i) & rates) {
321 int rate = sband->bitrates[i].bitrate;
322 *pos++ = (u8) (rate / 5);
327 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) {
328 /* 1. power capabilities */
329 pos = skb_put(skb, 4);
330 *pos++ = WLAN_EID_PWR_CAPABILITY;
332 *pos++ = 0; /* min tx power */
333 *pos++ = wk->chan->max_power; /* max tx power */
335 /* 2. supported channels */
336 /* TODO: get this in reg domain format */
337 pos = skb_put(skb, 2 * sband->n_channels + 2);
338 *pos++ = WLAN_EID_SUPPORTED_CHANNELS;
339 *pos++ = 2 * sband->n_channels;
340 for (i = 0; i < sband->n_channels; i++) {
341 *pos++ = ieee80211_frequency_to_channel(
342 sband->channels[i].center_freq);
343 *pos++ = 1; /* one channel in the subband*/
347 /* if present, add any custom IEs that go before HT */
348 if (wk->ie_len && wk->ie) {
349 static const u8 before_ht[] = {
352 WLAN_EID_EXT_SUPP_RATES,
353 WLAN_EID_PWR_CAPABILITY,
354 WLAN_EID_SUPPORTED_CHANNELS,
357 WLAN_EID_RRM_ENABLED_CAPABILITIES,
358 WLAN_EID_MOBILITY_DOMAIN,
359 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
361 noffset = ieee80211_ie_split(wk->ie, wk->ie_len,
362 before_ht, ARRAY_SIZE(before_ht),
364 pos = skb_put(skb, noffset - offset);
365 memcpy(pos, wk->ie + offset, noffset - offset);
369 if (wk->assoc.use_11n && wk->assoc.wmm_used &&
370 local->hw.queues >= 4)
371 ieee80211_add_ht_ie(skb, wk->assoc.ht_information_ie,
372 sband, wk->chan, wk->assoc.smps);
374 /* if present, add any custom non-vendor IEs that go after HT */
375 if (wk->ie_len && wk->ie) {
376 noffset = ieee80211_ie_split_vendor(wk->ie, wk->ie_len,
378 pos = skb_put(skb, noffset - offset);
379 memcpy(pos, wk->ie + offset, noffset - offset);
383 if (wk->assoc.wmm_used && local->hw.queues >= 4) {
384 if (wk->assoc.uapsd_used) {
385 qos_info = local->uapsd_queues;
386 qos_info |= (local->uapsd_max_sp_len <<
387 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT);
392 pos = skb_put(skb, 9);
393 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
394 *pos++ = 7; /* len */
395 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */
398 *pos++ = 2; /* WME */
399 *pos++ = 0; /* WME info */
400 *pos++ = 1; /* WME ver */
404 /* add any remaining custom (i.e. vendor specific here) IEs */
405 if (wk->ie_len && wk->ie) {
406 noffset = wk->ie_len;
407 pos = skb_put(skb, noffset - offset);
408 memcpy(pos, wk->ie + offset, noffset - offset);
411 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
412 ieee80211_tx_skb(sdata, skb);
415 static void ieee80211_remove_auth_bss(struct ieee80211_local *local,
416 struct ieee80211_work *wk)
418 struct cfg80211_bss *cbss;
419 u16 capa_val = WLAN_CAPABILITY_ESS;
421 if (wk->probe_auth.privacy)
422 capa_val |= WLAN_CAPABILITY_PRIVACY;
424 cbss = cfg80211_get_bss(local->hw.wiphy, wk->chan, wk->filter_ta,
425 wk->probe_auth.ssid, wk->probe_auth.ssid_len,
426 WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_PRIVACY,
431 cfg80211_unlink_bss(local->hw.wiphy, cbss);
432 cfg80211_put_bss(cbss);
435 static enum work_action __must_check
436 ieee80211_direct_probe(struct ieee80211_work *wk)
438 struct ieee80211_sub_if_data *sdata = wk->sdata;
439 struct ieee80211_local *local = sdata->local;
441 wk->probe_auth.tries++;
442 if (wk->probe_auth.tries > IEEE80211_AUTH_MAX_TRIES) {
443 printk(KERN_DEBUG "%s: direct probe to %pM timed out\n",
444 sdata->name, wk->filter_ta);
447 * Most likely AP is not in the range so remove the
448 * bss struct for that AP.
450 ieee80211_remove_auth_bss(local, wk);
452 return WORK_ACT_TIMEOUT;
455 printk(KERN_DEBUG "%s: direct probe to %pM (try %d/%i)\n",
456 sdata->name, wk->filter_ta, wk->probe_auth.tries,
457 IEEE80211_AUTH_MAX_TRIES);
460 * Direct probe is sent to broadcast address as some APs
461 * will not answer to direct packet in unassociated state.
463 ieee80211_send_probe_req(sdata, NULL, wk->probe_auth.ssid,
464 wk->probe_auth.ssid_len, NULL, 0);
466 wk->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
467 run_again(local, wk->timeout);
469 return WORK_ACT_NONE;
473 static enum work_action __must_check
474 ieee80211_authenticate(struct ieee80211_work *wk)
476 struct ieee80211_sub_if_data *sdata = wk->sdata;
477 struct ieee80211_local *local = sdata->local;
479 wk->probe_auth.tries++;
480 if (wk->probe_auth.tries > IEEE80211_AUTH_MAX_TRIES) {
481 printk(KERN_DEBUG "%s: authentication with %pM"
482 " timed out\n", sdata->name, wk->filter_ta);
485 * Most likely AP is not in the range so remove the
486 * bss struct for that AP.
488 ieee80211_remove_auth_bss(local, wk);
490 return WORK_ACT_TIMEOUT;
493 printk(KERN_DEBUG "%s: authenticate with %pM (try %d)\n",
494 sdata->name, wk->filter_ta, wk->probe_auth.tries);
496 ieee80211_send_auth(sdata, 1, wk->probe_auth.algorithm, wk->ie,
497 wk->ie_len, wk->filter_ta, NULL, 0, 0);
498 wk->probe_auth.transaction = 2;
500 wk->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
501 run_again(local, wk->timeout);
503 return WORK_ACT_NONE;
506 static enum work_action __must_check
507 ieee80211_associate(struct ieee80211_work *wk)
509 struct ieee80211_sub_if_data *sdata = wk->sdata;
510 struct ieee80211_local *local = sdata->local;
513 if (wk->assoc.tries > IEEE80211_ASSOC_MAX_TRIES) {
514 printk(KERN_DEBUG "%s: association with %pM"
516 sdata->name, wk->filter_ta);
519 * Most likely AP is not in the range so remove the
520 * bss struct for that AP.
523 cfg80211_unlink_bss(local->hw.wiphy, wk->assoc.bss);
525 return WORK_ACT_TIMEOUT;
528 printk(KERN_DEBUG "%s: associate with %pM (try %d)\n",
529 sdata->name, wk->filter_ta, wk->assoc.tries);
530 ieee80211_send_assoc(sdata, wk);
532 wk->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT;
533 run_again(local, wk->timeout);
535 return WORK_ACT_NONE;
538 static enum work_action __must_check
539 ieee80211_remain_on_channel_timeout(struct ieee80211_work *wk)
542 * First time we run, do nothing -- the generic code will
543 * have switched to the right channel etc.
546 wk->timeout = jiffies + msecs_to_jiffies(wk->remain.duration);
548 cfg80211_ready_on_channel(wk->sdata->dev, (unsigned long) wk,
549 wk->chan, wk->chan_type,
550 wk->remain.duration, GFP_KERNEL);
552 return WORK_ACT_NONE;
555 return WORK_ACT_TIMEOUT;
558 static enum work_action __must_check
559 ieee80211_offchannel_tx(struct ieee80211_work *wk)
562 wk->timeout = jiffies + msecs_to_jiffies(wk->offchan_tx.wait);
565 * After this, offchan_tx.frame remains but now is no
566 * longer a valid pointer -- we still need it as the
567 * cookie for canceling this work.
569 ieee80211_tx_skb(wk->sdata, wk->offchan_tx.frame);
571 return WORK_ACT_NONE;
574 return WORK_ACT_TIMEOUT;
577 static enum work_action __must_check
578 ieee80211_assoc_beacon_wait(struct ieee80211_work *wk)
581 return WORK_ACT_TIMEOUT;
584 * Wait up to one beacon interval ...
585 * should this be more if we miss one?
587 printk(KERN_DEBUG "%s: waiting for beacon from %pM\n",
588 wk->sdata->name, wk->filter_ta);
589 wk->timeout = TU_TO_EXP_TIME(wk->assoc.bss->beacon_interval);
590 return WORK_ACT_NONE;
593 static void ieee80211_auth_challenge(struct ieee80211_work *wk,
594 struct ieee80211_mgmt *mgmt,
597 struct ieee80211_sub_if_data *sdata = wk->sdata;
599 struct ieee802_11_elems elems;
601 pos = mgmt->u.auth.variable;
602 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
603 if (!elems.challenge)
605 ieee80211_send_auth(sdata, 3, wk->probe_auth.algorithm,
606 elems.challenge - 2, elems.challenge_len + 2,
607 wk->filter_ta, wk->probe_auth.key,
608 wk->probe_auth.key_len, wk->probe_auth.key_idx);
609 wk->probe_auth.transaction = 4;
612 static enum work_action __must_check
613 ieee80211_rx_mgmt_auth(struct ieee80211_work *wk,
614 struct ieee80211_mgmt *mgmt, size_t len)
616 u16 auth_alg, auth_transaction, status_code;
618 if (wk->type != IEEE80211_WORK_AUTH)
619 return WORK_ACT_MISMATCH;
622 return WORK_ACT_NONE;
624 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
625 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
626 status_code = le16_to_cpu(mgmt->u.auth.status_code);
628 if (auth_alg != wk->probe_auth.algorithm ||
629 auth_transaction != wk->probe_auth.transaction)
630 return WORK_ACT_NONE;
632 if (status_code != WLAN_STATUS_SUCCESS) {
633 printk(KERN_DEBUG "%s: %pM denied authentication (status %d)\n",
634 wk->sdata->name, mgmt->sa, status_code);
635 return WORK_ACT_DONE;
638 switch (wk->probe_auth.algorithm) {
643 case WLAN_AUTH_SHARED_KEY:
644 if (wk->probe_auth.transaction != 4) {
645 ieee80211_auth_challenge(wk, mgmt, len);
646 /* need another frame */
647 return WORK_ACT_NONE;
652 return WORK_ACT_NONE;
655 printk(KERN_DEBUG "%s: authenticated\n", wk->sdata->name);
656 return WORK_ACT_DONE;
659 static enum work_action __must_check
660 ieee80211_rx_mgmt_assoc_resp(struct ieee80211_work *wk,
661 struct ieee80211_mgmt *mgmt, size_t len,
664 struct ieee80211_sub_if_data *sdata = wk->sdata;
665 struct ieee80211_local *local = sdata->local;
666 u16 capab_info, status_code, aid;
667 struct ieee802_11_elems elems;
670 if (wk->type != IEEE80211_WORK_ASSOC)
671 return WORK_ACT_MISMATCH;
674 * AssocResp and ReassocResp have identical structure, so process both
675 * of them in this function.
679 return WORK_ACT_NONE;
681 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
682 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
683 aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
685 printk(KERN_DEBUG "%s: RX %sssocResp from %pM (capab=0x%x "
686 "status=%d aid=%d)\n",
687 sdata->name, reassoc ? "Rea" : "A", mgmt->sa,
688 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14))));
690 pos = mgmt->u.assoc_resp.variable;
691 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
693 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY &&
694 elems.timeout_int && elems.timeout_int_len == 5 &&
695 elems.timeout_int[0] == WLAN_TIMEOUT_ASSOC_COMEBACK) {
697 tu = get_unaligned_le32(elems.timeout_int + 1);
698 ms = tu * 1024 / 1000;
699 printk(KERN_DEBUG "%s: %pM rejected association temporarily; "
700 "comeback duration %u TU (%u ms)\n",
701 sdata->name, mgmt->sa, tu, ms);
702 wk->timeout = jiffies + msecs_to_jiffies(ms);
703 if (ms > IEEE80211_ASSOC_TIMEOUT)
704 run_again(local, wk->timeout);
705 return WORK_ACT_NONE;
708 if (status_code != WLAN_STATUS_SUCCESS)
709 printk(KERN_DEBUG "%s: %pM denied association (code=%d)\n",
710 sdata->name, mgmt->sa, status_code);
712 printk(KERN_DEBUG "%s: associated\n", sdata->name);
714 return WORK_ACT_DONE;
717 static enum work_action __must_check
718 ieee80211_rx_mgmt_probe_resp(struct ieee80211_work *wk,
719 struct ieee80211_mgmt *mgmt, size_t len,
720 struct ieee80211_rx_status *rx_status)
722 struct ieee80211_sub_if_data *sdata = wk->sdata;
723 struct ieee80211_local *local = sdata->local;
726 ASSERT_WORK_MTX(local);
728 if (wk->type != IEEE80211_WORK_DIRECT_PROBE)
729 return WORK_ACT_MISMATCH;
732 return WORK_ACT_NONE;
734 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt;
736 return WORK_ACT_NONE;
738 printk(KERN_DEBUG "%s: direct probe responded\n", sdata->name);
739 return WORK_ACT_DONE;
742 static enum work_action __must_check
743 ieee80211_rx_mgmt_beacon(struct ieee80211_work *wk,
744 struct ieee80211_mgmt *mgmt, size_t len)
746 struct ieee80211_sub_if_data *sdata = wk->sdata;
747 struct ieee80211_local *local = sdata->local;
749 ASSERT_WORK_MTX(local);
751 if (wk->type != IEEE80211_WORK_ASSOC_BEACON_WAIT)
752 return WORK_ACT_MISMATCH;
755 return WORK_ACT_NONE;
757 printk(KERN_DEBUG "%s: beacon received\n", sdata->name);
758 return WORK_ACT_DONE;
761 static void ieee80211_work_rx_queued_mgmt(struct ieee80211_local *local,
764 struct ieee80211_rx_status *rx_status;
765 struct ieee80211_mgmt *mgmt;
766 struct ieee80211_work *wk;
767 enum work_action rma = WORK_ACT_NONE;
770 rx_status = (struct ieee80211_rx_status *) skb->cb;
771 mgmt = (struct ieee80211_mgmt *) skb->data;
772 fc = le16_to_cpu(mgmt->frame_control);
774 mutex_lock(&local->mtx);
776 list_for_each_entry(wk, &local->work_list, list) {
777 const u8 *bssid = NULL;
780 case IEEE80211_WORK_DIRECT_PROBE:
781 case IEEE80211_WORK_AUTH:
782 case IEEE80211_WORK_ASSOC:
783 case IEEE80211_WORK_ASSOC_BEACON_WAIT:
784 bssid = wk->filter_ta;
791 * Before queuing, we already verified mgmt->sa,
792 * so this is needed just for matching.
794 if (compare_ether_addr(bssid, mgmt->bssid))
797 switch (fc & IEEE80211_FCTL_STYPE) {
798 case IEEE80211_STYPE_BEACON:
799 rma = ieee80211_rx_mgmt_beacon(wk, mgmt, skb->len);
801 case IEEE80211_STYPE_PROBE_RESP:
802 rma = ieee80211_rx_mgmt_probe_resp(wk, mgmt, skb->len,
805 case IEEE80211_STYPE_AUTH:
806 rma = ieee80211_rx_mgmt_auth(wk, mgmt, skb->len);
808 case IEEE80211_STYPE_ASSOC_RESP:
809 rma = ieee80211_rx_mgmt_assoc_resp(wk, mgmt,
812 case IEEE80211_STYPE_REASSOC_RESP:
813 rma = ieee80211_rx_mgmt_assoc_resp(wk, mgmt,
822 * We've either received an unexpected frame, or we have
823 * multiple work items and need to match the frame to the
826 if (rma == WORK_ACT_MISMATCH)
830 * We've processed this frame for that work, so it can't
831 * belong to another work struct.
832 * NB: this is also required for correctness for 'rma'!
838 case WORK_ACT_MISMATCH:
839 /* ignore this unmatched frame */
844 list_del_rcu(&wk->list);
847 WARN(1, "unexpected: %d", rma);
850 mutex_unlock(&local->mtx);
852 if (rma != WORK_ACT_DONE)
855 switch (wk->done(wk, skb)) {
856 case WORK_DONE_DESTROY:
859 case WORK_DONE_REQUEUE:
861 wk->started = false; /* restart */
862 mutex_lock(&local->mtx);
863 list_add_tail(&wk->list, &local->work_list);
864 mutex_unlock(&local->mtx);
871 static bool ieee80211_work_ct_coexists(enum nl80211_channel_type wk_ct,
872 enum nl80211_channel_type oper_ct)
875 case NL80211_CHAN_NO_HT:
877 case NL80211_CHAN_HT20:
878 if (oper_ct != NL80211_CHAN_NO_HT)
881 case NL80211_CHAN_HT40MINUS:
882 case NL80211_CHAN_HT40PLUS:
883 return (wk_ct == oper_ct);
885 WARN_ON(1); /* shouldn't get here */
889 static enum nl80211_channel_type
890 ieee80211_calc_ct(enum nl80211_channel_type wk_ct,
891 enum nl80211_channel_type oper_ct)
894 case NL80211_CHAN_NO_HT:
896 case NL80211_CHAN_HT20:
897 if (oper_ct != NL80211_CHAN_NO_HT)
900 case NL80211_CHAN_HT40MINUS:
901 case NL80211_CHAN_HT40PLUS:
904 WARN_ON(1); /* shouldn't get here */
909 static void ieee80211_work_timer(unsigned long data)
911 struct ieee80211_local *local = (void *) data;
913 if (local->quiescing)
916 ieee80211_queue_work(&local->hw, &local->work_work);
919 static void ieee80211_work_work(struct work_struct *work)
921 struct ieee80211_local *local =
922 container_of(work, struct ieee80211_local, work_work);
924 struct ieee80211_work *wk, *tmp;
925 LIST_HEAD(free_work);
926 enum work_action rma;
927 bool remain_off_channel = false;
933 * ieee80211_queue_work() should have picked up most cases,
934 * here we'll pick the rest.
936 if (WARN(local->suspended, "work scheduled while going to suspend\n"))
939 /* first process frames to avoid timing out while a frame is pending */
940 while ((skb = skb_dequeue(&local->work_skb_queue)))
941 ieee80211_work_rx_queued_mgmt(local, skb);
943 mutex_lock(&local->mtx);
945 ieee80211_recalc_idle(local);
947 list_for_each_entry_safe(wk, tmp, &local->work_list, list) {
948 bool started = wk->started;
950 /* mark work as started if it's on the current off-channel */
951 if (!started && local->tmp_channel &&
952 wk->chan == local->tmp_channel &&
953 wk->chan_type == local->tmp_channel_type) {
955 wk->timeout = jiffies;
958 if (!started && !local->tmp_channel) {
960 bool tmp_chan_changed = false;
962 enum nl80211_channel_type wk_ct;
963 on_oper_chan = ieee80211_cfg_on_oper_channel(local);
965 /* Work with existing channel type if possible. */
966 wk_ct = wk->chan_type;
967 if (wk->chan == local->hw.conf.channel)
968 wk_ct = ieee80211_calc_ct(wk->chan_type,
969 local->hw.conf.channel_type);
971 if (local->tmp_channel)
972 if ((local->tmp_channel != wk->chan) ||
973 (local->tmp_channel_type != wk_ct))
974 tmp_chan_changed = true;
976 local->tmp_channel = wk->chan;
977 local->tmp_channel_type = wk_ct;
979 * Leave the station vifs in awake mode if they
980 * happen to be on the same channel as
981 * the requested channel.
983 on_oper_chan2 = ieee80211_cfg_on_oper_channel(local);
984 if (on_oper_chan != on_oper_chan2) {
986 /* going off oper channel, PS too */
987 ieee80211_offchannel_stop_vifs(local,
989 ieee80211_hw_config(local, 0);
991 /* going on channel, but leave PS
993 ieee80211_hw_config(local, 0);
994 ieee80211_offchannel_return(local,
998 } else if (tmp_chan_changed)
999 /* Still off-channel, but on some other
1000 * channel, so update hardware.
1001 * PS should already be off-channel.
1003 ieee80211_hw_config(local, 0);
1006 wk->timeout = jiffies;
1009 /* don't try to work with items that aren't started */
1013 if (time_is_after_jiffies(wk->timeout)) {
1015 * This work item isn't supposed to be worked on
1016 * right now, but take care to adjust the timer
1019 run_again(local, wk->timeout);
1027 rma = WORK_ACT_NONE;
1029 case IEEE80211_WORK_ABORT:
1030 rma = WORK_ACT_TIMEOUT;
1032 case IEEE80211_WORK_DIRECT_PROBE:
1033 rma = ieee80211_direct_probe(wk);
1035 case IEEE80211_WORK_AUTH:
1036 rma = ieee80211_authenticate(wk);
1038 case IEEE80211_WORK_ASSOC:
1039 rma = ieee80211_associate(wk);
1041 case IEEE80211_WORK_REMAIN_ON_CHANNEL:
1042 rma = ieee80211_remain_on_channel_timeout(wk);
1044 case IEEE80211_WORK_OFFCHANNEL_TX:
1045 rma = ieee80211_offchannel_tx(wk);
1047 case IEEE80211_WORK_ASSOC_BEACON_WAIT:
1048 rma = ieee80211_assoc_beacon_wait(wk);
1052 wk->started = started;
1056 /* might have changed the timeout */
1057 run_again(local, wk->timeout);
1059 case WORK_ACT_TIMEOUT:
1060 list_del_rcu(&wk->list);
1062 list_add(&wk->list, &free_work);
1065 WARN(1, "unexpected: %d", rma);
1069 list_for_each_entry(wk, &local->work_list, list) {
1072 if (wk->chan != local->tmp_channel)
1074 if (ieee80211_work_ct_coexists(wk->chan_type,
1075 local->tmp_channel_type))
1077 remain_off_channel = true;
1080 if (!remain_off_channel && local->tmp_channel) {
1081 bool on_oper_chan = ieee80211_cfg_on_oper_channel(local);
1082 local->tmp_channel = NULL;
1083 /* If tmp_channel wasn't operating channel, then
1084 * we need to go back on-channel.
1085 * NOTE: If we can ever be here while scannning,
1086 * or if the hw_config() channel config logic changes,
1087 * then we may need to do a more thorough check to see if
1088 * we still need to do a hardware config. Currently,
1089 * we cannot be here while scanning, however.
1091 if (ieee80211_cfg_on_oper_channel(local) && !on_oper_chan)
1092 ieee80211_hw_config(local, 0);
1094 /* At the least, we need to disable offchannel_ps,
1095 * so just go ahead and run the entire offchannel
1096 * return logic here. We *could* skip enabling
1097 * beaconing if we were already on-oper-channel
1098 * as a future optimization.
1100 ieee80211_offchannel_return(local, true, true);
1102 /* give connection some time to breathe */
1103 run_again(local, jiffies + HZ/2);
1106 if (list_empty(&local->work_list) && local->scan_req &&
1108 ieee80211_queue_delayed_work(&local->hw,
1110 round_jiffies_relative(0));
1112 ieee80211_recalc_idle(local);
1114 mutex_unlock(&local->mtx);
1116 list_for_each_entry_safe(wk, tmp, &free_work, list) {
1118 list_del(&wk->list);
1123 void ieee80211_add_work(struct ieee80211_work *wk)
1125 struct ieee80211_local *local;
1127 if (WARN_ON(!wk->chan))
1130 if (WARN_ON(!wk->sdata))
1133 if (WARN_ON(!wk->done))
1136 if (WARN_ON(!ieee80211_sdata_running(wk->sdata)))
1139 wk->started = false;
1141 local = wk->sdata->local;
1142 mutex_lock(&local->mtx);
1143 list_add_tail(&wk->list, &local->work_list);
1144 mutex_unlock(&local->mtx);
1146 ieee80211_queue_work(&local->hw, &local->work_work);
1149 void ieee80211_work_init(struct ieee80211_local *local)
1151 INIT_LIST_HEAD(&local->work_list);
1152 setup_timer(&local->work_timer, ieee80211_work_timer,
1153 (unsigned long)local);
1154 INIT_WORK(&local->work_work, ieee80211_work_work);
1155 skb_queue_head_init(&local->work_skb_queue);
1158 void ieee80211_work_purge(struct ieee80211_sub_if_data *sdata)
1160 struct ieee80211_local *local = sdata->local;
1161 struct ieee80211_work *wk;
1162 bool cleanup = false;
1164 mutex_lock(&local->mtx);
1165 list_for_each_entry(wk, &local->work_list, list) {
1166 if (wk->sdata != sdata)
1169 wk->type = IEEE80211_WORK_ABORT;
1171 wk->timeout = jiffies;
1173 mutex_unlock(&local->mtx);
1175 /* run cleanups etc. */
1177 ieee80211_work_work(&local->work_work);
1179 mutex_lock(&local->mtx);
1180 list_for_each_entry(wk, &local->work_list, list) {
1181 if (wk->sdata != sdata)
1186 mutex_unlock(&local->mtx);
1189 ieee80211_rx_result ieee80211_work_rx_mgmt(struct ieee80211_sub_if_data *sdata,
1190 struct sk_buff *skb)
1192 struct ieee80211_local *local = sdata->local;
1193 struct ieee80211_mgmt *mgmt;
1194 struct ieee80211_work *wk;
1198 return RX_DROP_MONITOR;
1200 mgmt = (struct ieee80211_mgmt *) skb->data;
1201 fc = le16_to_cpu(mgmt->frame_control);
1203 list_for_each_entry_rcu(wk, &local->work_list, list) {
1204 if (sdata != wk->sdata)
1206 if (compare_ether_addr(wk->filter_ta, mgmt->sa))
1208 if (compare_ether_addr(wk->filter_ta, mgmt->bssid))
1211 switch (fc & IEEE80211_FCTL_STYPE) {
1212 case IEEE80211_STYPE_AUTH:
1213 case IEEE80211_STYPE_PROBE_RESP:
1214 case IEEE80211_STYPE_ASSOC_RESP:
1215 case IEEE80211_STYPE_REASSOC_RESP:
1216 case IEEE80211_STYPE_BEACON:
1217 skb_queue_tail(&local->work_skb_queue, skb);
1218 ieee80211_queue_work(&local->hw, &local->work_work);
1226 static enum work_done_result ieee80211_remain_done(struct ieee80211_work *wk,
1227 struct sk_buff *skb)
1230 * We are done serving the remain-on-channel command.
1232 cfg80211_remain_on_channel_expired(wk->sdata->dev, (unsigned long) wk,
1233 wk->chan, wk->chan_type,
1236 return WORK_DONE_DESTROY;
1239 int ieee80211_wk_remain_on_channel(struct ieee80211_sub_if_data *sdata,
1240 struct ieee80211_channel *chan,
1241 enum nl80211_channel_type channel_type,
1242 unsigned int duration, u64 *cookie)
1244 struct ieee80211_work *wk;
1246 wk = kzalloc(sizeof(*wk), GFP_KERNEL);
1250 wk->type = IEEE80211_WORK_REMAIN_ON_CHANNEL;
1252 wk->chan_type = channel_type;
1254 wk->done = ieee80211_remain_done;
1256 wk->remain.duration = duration;
1258 *cookie = (unsigned long) wk;
1260 ieee80211_add_work(wk);
1265 int ieee80211_wk_cancel_remain_on_channel(struct ieee80211_sub_if_data *sdata,
1268 struct ieee80211_local *local = sdata->local;
1269 struct ieee80211_work *wk, *tmp;
1272 mutex_lock(&local->mtx);
1273 list_for_each_entry_safe(wk, tmp, &local->work_list, list) {
1274 if ((unsigned long) wk == cookie) {
1275 wk->timeout = jiffies;
1280 mutex_unlock(&local->mtx);
1285 ieee80211_queue_work(&local->hw, &local->work_work);