mac80211: refactor association
[linux-2.6.git] / net / mac80211 / work.c
1 /*
2  * mac80211 work implementation
3  *
4  * Copyright 2003-2008, Jouni Malinen <j@w1.fi>
5  * Copyright 2004, Instant802 Networks, Inc.
6  * Copyright 2005, Devicescape Software, Inc.
7  * Copyright 2006-2007  Jiri Benc <jbenc@suse.cz>
8  * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
9  * Copyright 2009, Johannes Berg <johannes@sipsolutions.net>
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License version 2 as
13  * published by the Free Software Foundation.
14  */
15
16 #include <linux/delay.h>
17 #include <linux/if_ether.h>
18 #include <linux/skbuff.h>
19 #include <linux/if_arp.h>
20 #include <linux/etherdevice.h>
21 #include <linux/crc32.h>
22 #include <net/mac80211.h>
23 #include <asm/unaligned.h>
24
25 #include "ieee80211_i.h"
26 #include "rate.h"
27
28 #define IEEE80211_AUTH_TIMEOUT (HZ / 5)
29 #define IEEE80211_AUTH_MAX_TRIES 3
30 #define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
31 #define IEEE80211_ASSOC_MAX_TRIES 3
32 #define IEEE80211_MAX_PROBE_TRIES 5
33
34 enum work_action {
35         WORK_ACT_NONE,
36         WORK_ACT_TIMEOUT,
37         WORK_ACT_DONE,
38 };
39
40
41 /* utils */
42 static inline void ASSERT_WORK_MTX(struct ieee80211_local *local)
43 {
44         WARN_ON(!mutex_is_locked(&local->work_mtx));
45 }
46
47 /*
48  * We can have multiple work items (and connection probing)
49  * scheduling this timer, but we need to take care to only
50  * reschedule it when it should fire _earlier_ than it was
51  * asked for before, or if it's not pending right now. This
52  * function ensures that. Note that it then is required to
53  * run this function for all timeouts after the first one
54  * has happened -- the work that runs from this timer will
55  * do that.
56  */
57 static void run_again(struct ieee80211_local *local,
58                       unsigned long timeout)
59 {
60         ASSERT_WORK_MTX(local);
61
62         if (!timer_pending(&local->work_timer) ||
63             time_before(timeout, local->work_timer.expires))
64                 mod_timer(&local->work_timer, timeout);
65 }
66
67 static void work_free_rcu(struct rcu_head *head)
68 {
69         struct ieee80211_work *wk =
70                 container_of(head, struct ieee80211_work, rcu_head);
71
72         kfree(wk);
73 }
74
75 void free_work(struct ieee80211_work *wk)
76 {
77         call_rcu(&wk->rcu_head, work_free_rcu);
78 }
79
80 static int ieee80211_compatible_rates(const u8 *supp_rates, int supp_rates_len,
81                                       struct ieee80211_supported_band *sband,
82                                       u32 *rates)
83 {
84         int i, j, count;
85         *rates = 0;
86         count = 0;
87         for (i = 0; i < supp_rates_len; i++) {
88                 int rate = (supp_rates[i] & 0x7F) * 5;
89
90                 for (j = 0; j < sband->n_bitrates; j++)
91                         if (sband->bitrates[j].bitrate == rate) {
92                                 *rates |= BIT(j);
93                                 count++;
94                                 break;
95                         }
96         }
97
98         return count;
99 }
100
101 /* frame sending functions */
102
103 static void ieee80211_add_ht_ie(struct sk_buff *skb, const u8 *ht_info_ie,
104                                 struct ieee80211_supported_band *sband,
105                                 struct ieee80211_channel *channel,
106                                 enum ieee80211_smps_mode smps)
107 {
108         struct ieee80211_ht_info *ht_info;
109         u8 *pos;
110         u32 flags = channel->flags;
111         u16 cap = sband->ht_cap.cap;
112         __le16 tmp;
113
114         if (!sband->ht_cap.ht_supported)
115                 return;
116
117         if (!ht_info_ie)
118                 return;
119
120         if (ht_info_ie[1] < sizeof(struct ieee80211_ht_info))
121                 return;
122
123         ht_info = (struct ieee80211_ht_info *)(ht_info_ie + 2);
124
125         /* determine capability flags */
126
127         if (ieee80211_disable_40mhz_24ghz &&
128             sband->band == IEEE80211_BAND_2GHZ) {
129                 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
130                 cap &= ~IEEE80211_HT_CAP_SGI_40;
131         }
132
133         switch (ht_info->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
134         case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
135                 if (flags & IEEE80211_CHAN_NO_HT40PLUS) {
136                         cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
137                         cap &= ~IEEE80211_HT_CAP_SGI_40;
138                 }
139                 break;
140         case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
141                 if (flags & IEEE80211_CHAN_NO_HT40MINUS) {
142                         cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
143                         cap &= ~IEEE80211_HT_CAP_SGI_40;
144                 }
145                 break;
146         }
147
148         /* set SM PS mode properly */
149         cap &= ~IEEE80211_HT_CAP_SM_PS;
150         switch (smps) {
151         case IEEE80211_SMPS_AUTOMATIC:
152         case IEEE80211_SMPS_NUM_MODES:
153                 WARN_ON(1);
154         case IEEE80211_SMPS_OFF:
155                 cap |= WLAN_HT_CAP_SM_PS_DISABLED <<
156                         IEEE80211_HT_CAP_SM_PS_SHIFT;
157                 break;
158         case IEEE80211_SMPS_STATIC:
159                 cap |= WLAN_HT_CAP_SM_PS_STATIC <<
160                         IEEE80211_HT_CAP_SM_PS_SHIFT;
161                 break;
162         case IEEE80211_SMPS_DYNAMIC:
163                 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC <<
164                         IEEE80211_HT_CAP_SM_PS_SHIFT;
165                 break;
166         }
167
168         /* reserve and fill IE */
169
170         pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2);
171         *pos++ = WLAN_EID_HT_CAPABILITY;
172         *pos++ = sizeof(struct ieee80211_ht_cap);
173         memset(pos, 0, sizeof(struct ieee80211_ht_cap));
174
175         /* capability flags */
176         tmp = cpu_to_le16(cap);
177         memcpy(pos, &tmp, sizeof(u16));
178         pos += sizeof(u16);
179
180         /* AMPDU parameters */
181         *pos++ = sband->ht_cap.ampdu_factor |
182                  (sband->ht_cap.ampdu_density <<
183                         IEEE80211_HT_AMPDU_PARM_DENSITY_SHIFT);
184
185         /* MCS set */
186         memcpy(pos, &sband->ht_cap.mcs, sizeof(sband->ht_cap.mcs));
187         pos += sizeof(sband->ht_cap.mcs);
188
189         /* extended capabilities */
190         pos += sizeof(__le16);
191
192         /* BF capabilities */
193         pos += sizeof(__le32);
194
195         /* antenna selection */
196         pos += sizeof(u8);
197 }
198
199 static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata,
200                                  struct ieee80211_work *wk)
201 {
202         struct ieee80211_local *local = sdata->local;
203         struct sk_buff *skb;
204         struct ieee80211_mgmt *mgmt;
205         u8 *pos;
206         const u8 *ies;
207         int i, len, count, rates_len, supp_rates_len;
208         u16 capab;
209         struct ieee80211_supported_band *sband;
210         u32 rates = 0;
211
212         sband = local->hw.wiphy->bands[wk->chan->band];
213
214         /*
215          * Get all rates supported by the device and the AP as
216          * some APs don't like getting a superset of their rates
217          * in the association request (e.g. D-Link DAP 1353 in
218          * b-only mode)...
219          */
220         rates_len = ieee80211_compatible_rates(wk->assoc.supp_rates,
221                                                wk->assoc.supp_rates_len,
222                                                sband, &rates);
223
224         skb = alloc_skb(local->hw.extra_tx_headroom +
225                         sizeof(*mgmt) + /* bit too much but doesn't matter */
226                         2 + wk->assoc.ssid_len + /* SSID */
227                         4 + rates_len + /* (extended) rates */
228                         4 + /* power capability */
229                         2 + 2 * sband->n_channels + /* supported channels */
230                         2 + sizeof(struct ieee80211_ht_cap) + /* HT */
231                         wk->ie_len + /* extra IEs */
232                         9, /* WMM */
233                         GFP_KERNEL);
234         if (!skb) {
235                 printk(KERN_DEBUG "%s: failed to allocate buffer for assoc "
236                        "frame\n", sdata->name);
237                 return;
238         }
239         skb_reserve(skb, local->hw.extra_tx_headroom);
240
241         capab = WLAN_CAPABILITY_ESS;
242
243         if (sband->band == IEEE80211_BAND_2GHZ) {
244                 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE))
245                         capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
246                 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE))
247                         capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
248         }
249
250         if (wk->assoc.capability & WLAN_CAPABILITY_PRIVACY)
251                 capab |= WLAN_CAPABILITY_PRIVACY;
252
253         if ((wk->assoc.capability & WLAN_CAPABILITY_SPECTRUM_MGMT) &&
254             (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT))
255                 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;
256
257         mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
258         memset(mgmt, 0, 24);
259         memcpy(mgmt->da, wk->filter_ta, ETH_ALEN);
260         memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
261         memcpy(mgmt->bssid, wk->filter_ta, ETH_ALEN);
262
263         if (!is_zero_ether_addr(wk->assoc.prev_bssid)) {
264                 skb_put(skb, 10);
265                 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
266                                                   IEEE80211_STYPE_REASSOC_REQ);
267                 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab);
268                 mgmt->u.reassoc_req.listen_interval =
269                                 cpu_to_le16(local->hw.conf.listen_interval);
270                 memcpy(mgmt->u.reassoc_req.current_ap, wk->assoc.prev_bssid,
271                        ETH_ALEN);
272         } else {
273                 skb_put(skb, 4);
274                 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
275                                                   IEEE80211_STYPE_ASSOC_REQ);
276                 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab);
277                 mgmt->u.assoc_req.listen_interval =
278                                 cpu_to_le16(local->hw.conf.listen_interval);
279         }
280
281         /* SSID */
282         ies = pos = skb_put(skb, 2 + wk->assoc.ssid_len);
283         *pos++ = WLAN_EID_SSID;
284         *pos++ = wk->assoc.ssid_len;
285         memcpy(pos, wk->assoc.ssid, wk->assoc.ssid_len);
286
287         /* add all rates which were marked to be used above */
288         supp_rates_len = rates_len;
289         if (supp_rates_len > 8)
290                 supp_rates_len = 8;
291
292         len = sband->n_bitrates;
293         pos = skb_put(skb, supp_rates_len + 2);
294         *pos++ = WLAN_EID_SUPP_RATES;
295         *pos++ = supp_rates_len;
296
297         count = 0;
298         for (i = 0; i < sband->n_bitrates; i++) {
299                 if (BIT(i) & rates) {
300                         int rate = sband->bitrates[i].bitrate;
301                         *pos++ = (u8) (rate / 5);
302                         if (++count == 8)
303                                 break;
304                 }
305         }
306
307         if (rates_len > count) {
308                 pos = skb_put(skb, rates_len - count + 2);
309                 *pos++ = WLAN_EID_EXT_SUPP_RATES;
310                 *pos++ = rates_len - count;
311
312                 for (i++; i < sband->n_bitrates; i++) {
313                         if (BIT(i) & rates) {
314                                 int rate = sband->bitrates[i].bitrate;
315                                 *pos++ = (u8) (rate / 5);
316                         }
317                 }
318         }
319
320         if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) {
321                 /* 1. power capabilities */
322                 pos = skb_put(skb, 4);
323                 *pos++ = WLAN_EID_PWR_CAPABILITY;
324                 *pos++ = 2;
325                 *pos++ = 0; /* min tx power */
326                 *pos++ = wk->chan->max_power; /* max tx power */
327
328                 /* 2. supported channels */
329                 /* TODO: get this in reg domain format */
330                 pos = skb_put(skb, 2 * sband->n_channels + 2);
331                 *pos++ = WLAN_EID_SUPPORTED_CHANNELS;
332                 *pos++ = 2 * sband->n_channels;
333                 for (i = 0; i < sband->n_channels; i++) {
334                         *pos++ = ieee80211_frequency_to_channel(
335                                         sband->channels[i].center_freq);
336                         *pos++ = 1; /* one channel in the subband*/
337                 }
338         }
339
340         /*
341          * XXX: These IEs could contain (vendor-specified)
342          *      IEs that belong after HT -- the buffer may
343          *      need to be split up.
344          */
345         if (wk->ie_len && wk->ie) {
346                 pos = skb_put(skb, wk->ie_len);
347                 memcpy(pos, wk->ie, wk->ie_len);
348         }
349
350         if (wk->assoc.use_11n && wk->assoc.wmm_used &&
351             local->hw.queues >= 4)
352                 ieee80211_add_ht_ie(skb, wk->assoc.ht_information_ie,
353                                     sband, wk->chan, wk->assoc.smps);
354
355         if (wk->assoc.wmm_used && local->hw.queues >= 4) {
356                 pos = skb_put(skb, 9);
357                 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
358                 *pos++ = 7; /* len */
359                 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */
360                 *pos++ = 0x50;
361                 *pos++ = 0xf2;
362                 *pos++ = 2; /* WME */
363                 *pos++ = 0; /* WME info */
364                 *pos++ = 1; /* WME ver */
365                 *pos++ = 0;
366         }
367
368         IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
369         ieee80211_tx_skb(sdata, skb);
370 }
371
372 static void ieee80211_remove_auth_bss(struct ieee80211_local *local,
373                                       struct ieee80211_work *wk)
374 {
375         struct cfg80211_bss *cbss;
376         u16 capa_val = WLAN_CAPABILITY_ESS;
377
378         if (wk->probe_auth.privacy)
379                 capa_val |= WLAN_CAPABILITY_PRIVACY;
380
381         cbss = cfg80211_get_bss(local->hw.wiphy, wk->chan, wk->filter_ta,
382                                 wk->probe_auth.ssid, wk->probe_auth.ssid_len,
383                                 WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_PRIVACY,
384                                 capa_val);
385         if (!cbss)
386                 return;
387
388         cfg80211_unlink_bss(local->hw.wiphy, cbss);
389         cfg80211_put_bss(cbss);
390 }
391
392 static enum work_action __must_check
393 ieee80211_direct_probe(struct ieee80211_work *wk)
394 {
395         struct ieee80211_sub_if_data *sdata = wk->sdata;
396         struct ieee80211_local *local = sdata->local;
397
398         wk->probe_auth.tries++;
399         if (wk->probe_auth.tries > IEEE80211_AUTH_MAX_TRIES) {
400                 printk(KERN_DEBUG "%s: direct probe to %pM timed out\n",
401                        sdata->name, wk->filter_ta);
402
403                 /*
404                  * Most likely AP is not in the range so remove the
405                  * bss struct for that AP.
406                  */
407                 ieee80211_remove_auth_bss(local, wk);
408
409                 /*
410                  * We might have a pending scan which had no chance to run yet
411                  * due to work needing to be done. Hence, queue the STAs work
412                  * again for that.
413                  */
414                 ieee80211_queue_work(&local->hw, &local->work_work);
415                 return WORK_ACT_TIMEOUT;
416         }
417
418         printk(KERN_DEBUG "%s: direct probe to %pM (try %d)\n",
419                         sdata->name, wk->filter_ta, wk->probe_auth.tries);
420
421         /*
422          * Direct probe is sent to broadcast address as some APs
423          * will not answer to direct packet in unassociated state.
424          */
425         ieee80211_send_probe_req(sdata, NULL, wk->probe_auth.ssid,
426                                  wk->probe_auth.ssid_len, NULL, 0);
427
428         wk->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
429         run_again(local, wk->timeout);
430
431         return WORK_ACT_NONE;
432 }
433
434
435 static enum work_action __must_check
436 ieee80211_authenticate(struct ieee80211_work *wk)
437 {
438         struct ieee80211_sub_if_data *sdata = wk->sdata;
439         struct ieee80211_local *local = sdata->local;
440
441         wk->probe_auth.tries++;
442         if (wk->probe_auth.tries > IEEE80211_AUTH_MAX_TRIES) {
443                 printk(KERN_DEBUG "%s: authentication with %pM"
444                        " timed out\n", sdata->name, wk->filter_ta);
445
446                 /*
447                  * Most likely AP is not in the range so remove the
448                  * bss struct for that AP.
449                  */
450                 ieee80211_remove_auth_bss(local, wk);
451
452                 /*
453                  * We might have a pending scan which had no chance to run yet
454                  * due to work needing to be done. Hence, queue the STAs work
455                  * again for that.
456                  */
457                 ieee80211_queue_work(&local->hw, &local->work_work);
458                 return WORK_ACT_TIMEOUT;
459         }
460
461         printk(KERN_DEBUG "%s: authenticate with %pM (try %d)\n",
462                sdata->name, wk->filter_ta, wk->probe_auth.tries);
463
464         ieee80211_send_auth(sdata, 1, wk->probe_auth.algorithm, wk->ie,
465                             wk->ie_len, wk->filter_ta, NULL, 0, 0);
466         wk->probe_auth.transaction = 2;
467
468         wk->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
469         run_again(local, wk->timeout);
470
471         return WORK_ACT_NONE;
472 }
473
474 static enum work_action __must_check
475 ieee80211_associate(struct ieee80211_work *wk)
476 {
477         struct ieee80211_sub_if_data *sdata = wk->sdata;
478         struct ieee80211_local *local = sdata->local;
479
480         wk->assoc.tries++;
481         if (wk->assoc.tries > IEEE80211_ASSOC_MAX_TRIES) {
482                 printk(KERN_DEBUG "%s: association with %pM"
483                        " timed out\n",
484                        sdata->name, wk->filter_ta);
485
486                 /*
487                  * Most likely AP is not in the range so remove the
488                  * bss struct for that AP.
489                  */
490                 if (wk->assoc.bss)
491                         cfg80211_unlink_bss(local->hw.wiphy,
492                                             &wk->assoc.bss->cbss);
493
494                 /*
495                  * We might have a pending scan which had no chance to run yet
496                  * due to work needing to be done. Hence, queue the STAs work
497                  * again for that.
498                  */
499                 ieee80211_queue_work(&local->hw, &local->work_work);
500                 return WORK_ACT_TIMEOUT;
501         }
502
503         printk(KERN_DEBUG "%s: associate with %pM (try %d)\n",
504                sdata->name, wk->filter_ta, wk->assoc.tries);
505         ieee80211_send_assoc(sdata, wk);
506
507         wk->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT;
508         run_again(local, wk->timeout);
509
510         return WORK_ACT_NONE;
511 }
512
513 static void ieee80211_auth_challenge(struct ieee80211_work *wk,
514                                      struct ieee80211_mgmt *mgmt,
515                                      size_t len)
516 {
517         struct ieee80211_sub_if_data *sdata = wk->sdata;
518         u8 *pos;
519         struct ieee802_11_elems elems;
520
521         pos = mgmt->u.auth.variable;
522         ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
523         if (!elems.challenge)
524                 return;
525         ieee80211_send_auth(sdata, 3, wk->probe_auth.algorithm,
526                             elems.challenge - 2, elems.challenge_len + 2,
527                             wk->filter_ta, wk->probe_auth.key,
528                             wk->probe_auth.key_len, wk->probe_auth.key_idx);
529         wk->probe_auth.transaction = 4;
530 }
531
532 static enum work_action __must_check
533 ieee80211_rx_mgmt_auth(struct ieee80211_work *wk,
534                        struct ieee80211_mgmt *mgmt, size_t len)
535 {
536         u16 auth_alg, auth_transaction, status_code;
537
538         if (wk->type != IEEE80211_WORK_AUTH)
539                 return WORK_ACT_NONE;
540
541         if (len < 24 + 6)
542                 return WORK_ACT_NONE;
543
544         auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
545         auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
546         status_code = le16_to_cpu(mgmt->u.auth.status_code);
547
548         if (auth_alg != wk->probe_auth.algorithm ||
549             auth_transaction != wk->probe_auth.transaction)
550                 return WORK_ACT_NONE;
551
552         if (status_code != WLAN_STATUS_SUCCESS) {
553                 printk(KERN_DEBUG "%s: %pM denied authentication (status %d)\n",
554                        wk->sdata->name, mgmt->sa, status_code);
555                 return WORK_ACT_DONE;
556         }
557
558         switch (wk->probe_auth.algorithm) {
559         case WLAN_AUTH_OPEN:
560         case WLAN_AUTH_LEAP:
561         case WLAN_AUTH_FT:
562                 break;
563         case WLAN_AUTH_SHARED_KEY:
564                 if (wk->probe_auth.transaction != 4) {
565                         ieee80211_auth_challenge(wk, mgmt, len);
566                         /* need another frame */
567                         return WORK_ACT_NONE;
568                 }
569                 break;
570         default:
571                 WARN_ON(1);
572                 return WORK_ACT_NONE;
573         }
574
575         printk(KERN_DEBUG "%s: authenticated\n", wk->sdata->name);
576         return WORK_ACT_DONE;
577 }
578
579 static enum work_action __must_check
580 ieee80211_rx_mgmt_assoc_resp(struct ieee80211_work *wk,
581                              struct ieee80211_mgmt *mgmt, size_t len,
582                              bool reassoc)
583 {
584         struct ieee80211_sub_if_data *sdata = wk->sdata;
585         struct ieee80211_local *local = sdata->local;
586         u16 capab_info, status_code, aid;
587         struct ieee802_11_elems elems;
588         u8 *pos;
589
590         /*
591          * AssocResp and ReassocResp have identical structure, so process both
592          * of them in this function.
593          */
594
595         if (len < 24 + 6)
596                 return WORK_ACT_NONE;
597
598         capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
599         status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
600         aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
601
602         printk(KERN_DEBUG "%s: RX %sssocResp from %pM (capab=0x%x "
603                "status=%d aid=%d)\n",
604                sdata->name, reassoc ? "Rea" : "A", mgmt->sa,
605                capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14))));
606
607         pos = mgmt->u.assoc_resp.variable;
608         ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
609
610         if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY &&
611             elems.timeout_int && elems.timeout_int_len == 5 &&
612             elems.timeout_int[0] == WLAN_TIMEOUT_ASSOC_COMEBACK) {
613                 u32 tu, ms;
614                 tu = get_unaligned_le32(elems.timeout_int + 1);
615                 ms = tu * 1024 / 1000;
616                 printk(KERN_DEBUG "%s: %pM rejected association temporarily; "
617                        "comeback duration %u TU (%u ms)\n",
618                        sdata->name, mgmt->sa, tu, ms);
619                 wk->timeout = jiffies + msecs_to_jiffies(ms);
620                 if (ms > IEEE80211_ASSOC_TIMEOUT)
621                         run_again(local, wk->timeout);
622                 return WORK_ACT_NONE;
623         }
624
625         if (status_code != WLAN_STATUS_SUCCESS)
626                 printk(KERN_DEBUG "%s: %pM denied association (code=%d)\n",
627                        sdata->name, mgmt->sa, status_code);
628         else
629                 printk(KERN_DEBUG "%s: associated\n", sdata->name);
630
631         return WORK_ACT_DONE;
632 }
633
634 static enum work_action __must_check
635 ieee80211_rx_mgmt_probe_resp(struct ieee80211_work *wk,
636                              struct ieee80211_mgmt *mgmt, size_t len,
637                              struct ieee80211_rx_status *rx_status)
638 {
639         struct ieee80211_sub_if_data *sdata = wk->sdata;
640         struct ieee80211_local *local = sdata->local;
641         size_t baselen;
642
643         ASSERT_WORK_MTX(local);
644
645         baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt;
646         if (baselen > len)
647                 return WORK_ACT_NONE;
648
649         printk(KERN_DEBUG "%s: direct probe responded\n", sdata->name);
650         return WORK_ACT_DONE;
651 }
652
653 static void ieee80211_work_rx_queued_mgmt(struct ieee80211_local *local,
654                                           struct sk_buff *skb)
655 {
656         struct ieee80211_rx_status *rx_status;
657         struct ieee80211_mgmt *mgmt;
658         struct ieee80211_work *wk;
659         enum work_action rma = WORK_ACT_NONE;
660         u16 fc;
661
662         rx_status = (struct ieee80211_rx_status *) skb->cb;
663         mgmt = (struct ieee80211_mgmt *) skb->data;
664         fc = le16_to_cpu(mgmt->frame_control);
665
666         mutex_lock(&local->work_mtx);
667
668         list_for_each_entry(wk, &local->work_list, list) {
669                 const u8 *bssid = NULL;
670
671                 switch (wk->type) {
672                 case IEEE80211_WORK_DIRECT_PROBE:
673                 case IEEE80211_WORK_AUTH:
674                 case IEEE80211_WORK_ASSOC:
675                         bssid = wk->filter_ta;
676                         break;
677                 default:
678                         continue;
679                 }
680
681                 /*
682                  * Before queuing, we already verified mgmt->sa,
683                  * so this is needed just for matching.
684                  */
685                 if (compare_ether_addr(bssid, mgmt->bssid))
686                         continue;
687
688                 switch (fc & IEEE80211_FCTL_STYPE) {
689                 case IEEE80211_STYPE_PROBE_RESP:
690                         rma = ieee80211_rx_mgmt_probe_resp(wk, mgmt, skb->len,
691                                                            rx_status);
692                         break;
693                 case IEEE80211_STYPE_AUTH:
694                         rma = ieee80211_rx_mgmt_auth(wk, mgmt, skb->len);
695                         break;
696                 case IEEE80211_STYPE_ASSOC_RESP:
697                         rma = ieee80211_rx_mgmt_assoc_resp(wk, mgmt,
698                                                            skb->len, false);
699                         break;
700                 case IEEE80211_STYPE_REASSOC_RESP:
701                         rma = ieee80211_rx_mgmt_assoc_resp(wk, mgmt,
702                                                            skb->len, true);
703                         break;
704                 default:
705                         WARN_ON(1);
706                 }
707                 /*
708                  * We've processed this frame for that work, so it can't
709                  * belong to another work struct.
710                  * NB: this is also required for correctness for 'rma'!
711                  */
712                 break;
713         }
714
715         switch (rma) {
716         case WORK_ACT_NONE:
717                 break;
718         case WORK_ACT_DONE:
719                 list_del_rcu(&wk->list);
720                 break;
721         default:
722                 WARN(1, "unexpected: %d", rma);
723         }
724
725         mutex_unlock(&local->work_mtx);
726
727         if (rma != WORK_ACT_DONE)
728                 goto out;
729
730         switch (wk->done(wk, skb)) {
731         case WORK_DONE_DESTROY:
732                 free_work(wk);
733                 break;
734         case WORK_DONE_REQUEUE:
735                 synchronize_rcu();
736                 wk->timeout = jiffies; /* run again directly */
737                 mutex_lock(&local->work_mtx);
738                 list_add_tail(&wk->list, &local->work_list);
739                 mutex_unlock(&local->work_mtx);
740         }
741
742  out:
743         kfree_skb(skb);
744 }
745
746 static void ieee80211_work_timer(unsigned long data)
747 {
748         struct ieee80211_local *local = (void *) data;
749
750         if (local->quiescing)
751                 return;
752
753         ieee80211_queue_work(&local->hw, &local->work_work);
754 }
755
756 static void ieee80211_work_work(struct work_struct *work)
757 {
758         struct ieee80211_local *local =
759                 container_of(work, struct ieee80211_local, work_work);
760         struct sk_buff *skb;
761         struct ieee80211_work *wk, *tmp;
762         LIST_HEAD(free_work);
763         enum work_action rma;
764
765         if (local->scanning)
766                 return;
767
768         /*
769          * ieee80211_queue_work() should have picked up most cases,
770          * here we'll pick the the rest.
771          */
772         if (WARN(local->suspended, "work scheduled while going to suspend\n"))
773                 return;
774
775         /* first process frames to avoid timing out while a frame is pending */
776         while ((skb = skb_dequeue(&local->work_skb_queue)))
777                 ieee80211_work_rx_queued_mgmt(local, skb);
778
779         ieee80211_recalc_idle(local);
780
781         mutex_lock(&local->work_mtx);
782
783         list_for_each_entry_safe(wk, tmp, &local->work_list, list) {
784                 if (time_is_after_jiffies(wk->timeout)) {
785                         /*
786                          * This work item isn't supposed to be worked on
787                          * right now, but take care to adjust the timer
788                          * properly.
789                          */
790                         run_again(local, wk->timeout);
791                         continue;
792                 }
793
794                 switch (wk->type) {
795                 default:
796                         WARN_ON(1);
797                         /* nothing */
798                         rma = WORK_ACT_NONE;
799                         break;
800                 case IEEE80211_WORK_DIRECT_PROBE:
801                         rma = ieee80211_direct_probe(wk);
802                         break;
803                 case IEEE80211_WORK_AUTH:
804                         rma = ieee80211_authenticate(wk);
805                         break;
806                 case IEEE80211_WORK_ASSOC:
807                         rma = ieee80211_associate(wk);
808                         break;
809                 }
810
811                 switch (rma) {
812                 case WORK_ACT_NONE:
813                         /* no action required */
814                         break;
815                 case WORK_ACT_TIMEOUT:
816                         list_del_rcu(&wk->list);
817                         synchronize_rcu();
818                         list_add(&wk->list, &free_work);
819                         break;
820                 default:
821                         WARN(1, "unexpected: %d", rma);
822                 }
823         }
824
825         if (list_empty(&local->work_list) && local->scan_req)
826                 ieee80211_queue_delayed_work(&local->hw,
827                                              &local->scan_work,
828                                              round_jiffies_relative(0));
829
830         mutex_unlock(&local->work_mtx);
831
832         list_for_each_entry_safe(wk, tmp, &free_work, list) {
833                 wk->done(wk, NULL);
834                 list_del(&wk->list);
835                 kfree(wk);
836         }
837 }
838
839 void ieee80211_add_work(struct ieee80211_work *wk)
840 {
841         struct ieee80211_local *local;
842
843         if (WARN_ON(!wk->chan))
844                 return;
845
846         if (WARN_ON(!wk->sdata))
847                 return;
848
849         if (WARN_ON(!wk->done))
850                 return;
851
852         wk->timeout = jiffies;
853
854         local = wk->sdata->local;
855         mutex_lock(&local->work_mtx);
856         list_add_tail(&wk->list, &local->work_list);
857         mutex_unlock(&local->work_mtx);
858
859         ieee80211_queue_work(&local->hw, &local->work_work);
860 }
861
862 void ieee80211_work_init(struct ieee80211_local *local)
863 {
864         mutex_init(&local->work_mtx);
865         INIT_LIST_HEAD(&local->work_list);
866         setup_timer(&local->work_timer, ieee80211_work_timer,
867                     (unsigned long)local);
868         INIT_WORK(&local->work_work, ieee80211_work_work);
869         skb_queue_head_init(&local->work_skb_queue);
870 }
871
872 void ieee80211_work_purge(struct ieee80211_sub_if_data *sdata)
873 {
874         struct ieee80211_local *local = sdata->local;
875         struct ieee80211_work *wk, *tmp;
876
877         mutex_lock(&local->work_mtx);
878         list_for_each_entry_safe(wk, tmp, &local->work_list, list) {
879                 if (wk->sdata != sdata)
880                         continue;
881                 list_del(&wk->list);
882                 free_work(wk);
883         }
884         mutex_unlock(&local->work_mtx);
885 }
886
887 ieee80211_rx_result ieee80211_work_rx_mgmt(struct ieee80211_sub_if_data *sdata,
888                                            struct sk_buff *skb)
889 {
890         struct ieee80211_local *local = sdata->local;
891         struct ieee80211_mgmt *mgmt;
892         struct ieee80211_work *wk;
893         u16 fc;
894
895         if (skb->len < 24)
896                 return RX_DROP_MONITOR;
897
898         mgmt = (struct ieee80211_mgmt *) skb->data;
899         fc = le16_to_cpu(mgmt->frame_control);
900
901         list_for_each_entry_rcu(wk, &local->work_list, list) {
902                 if (sdata != wk->sdata)
903                         continue;
904                 if (compare_ether_addr(wk->filter_ta, mgmt->sa))
905                         continue;
906                 if (compare_ether_addr(wk->filter_ta, mgmt->bssid))
907                         continue;
908
909                 switch (fc & IEEE80211_FCTL_STYPE) {
910                 case IEEE80211_STYPE_AUTH:
911                 case IEEE80211_STYPE_PROBE_RESP:
912                 case IEEE80211_STYPE_ASSOC_RESP:
913                 case IEEE80211_STYPE_REASSOC_RESP:
914                 case IEEE80211_STYPE_DEAUTH:
915                 case IEEE80211_STYPE_DISASSOC:
916                         skb_queue_tail(&local->work_skb_queue, skb);
917                         ieee80211_queue_work(&local->hw, &local->work_work);
918                         return RX_QUEUED;
919                 }
920         }
921
922         return RX_CONTINUE;
923 }