Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael...
[linux-2.6.git] / net / mac80211 / mlme.c
1 /*
2  * BSS client mode implementation
3  * Copyright 2003-2008, Jouni Malinen <j@w1.fi>
4  * Copyright 2004, Instant802 Networks, Inc.
5  * Copyright 2005, Devicescape Software, Inc.
6  * Copyright 2006-2007  Jiri Benc <jbenc@suse.cz>
7  * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
8  *
9  * This program is free software; you can redistribute it and/or modify
10  * it under the terms of the GNU General Public License version 2 as
11  * published by the Free Software Foundation.
12  */
13
14 #include <linux/delay.h>
15 #include <linux/if_ether.h>
16 #include <linux/skbuff.h>
17 #include <linux/if_arp.h>
18 #include <linux/etherdevice.h>
19 #include <linux/rtnetlink.h>
20 #include <linux/pm_qos_params.h>
21 #include <linux/crc32.h>
22 #include <linux/slab.h>
23 #include <net/mac80211.h>
24 #include <asm/unaligned.h>
25
26 #include "ieee80211_i.h"
27 #include "driver-ops.h"
28 #include "rate.h"
29 #include "led.h"
30
31 #define IEEE80211_MAX_PROBE_TRIES 5
32
33 /*
34  * beacon loss detection timeout
35  * XXX: should depend on beacon interval
36  */
37 #define IEEE80211_BEACON_LOSS_TIME      (2 * HZ)
38 /*
39  * Time the connection can be idle before we probe
40  * it to see if we can still talk to the AP.
41  */
42 #define IEEE80211_CONNECTION_IDLE_TIME  (30 * HZ)
43 /*
44  * Time we wait for a probe response after sending
45  * a probe request because of beacon loss or for
46  * checking the connection still works.
47  */
48 #define IEEE80211_PROBE_WAIT            (HZ / 2)
49
50 #define TMR_RUNNING_TIMER       0
51 #define TMR_RUNNING_CHANSW      1
52
53 /*
54  * All cfg80211 functions have to be called outside a locked
55  * section so that they can acquire a lock themselves... This
56  * is much simpler than queuing up things in cfg80211, but we
57  * do need some indirection for that here.
58  */
59 enum rx_mgmt_action {
60         /* no action required */
61         RX_MGMT_NONE,
62
63         /* caller must call cfg80211_send_rx_auth() */
64         RX_MGMT_CFG80211_AUTH,
65
66         /* caller must call cfg80211_send_rx_assoc() */
67         RX_MGMT_CFG80211_ASSOC,
68
69         /* caller must call cfg80211_send_deauth() */
70         RX_MGMT_CFG80211_DEAUTH,
71
72         /* caller must call cfg80211_send_disassoc() */
73         RX_MGMT_CFG80211_DISASSOC,
74
75         /* caller must tell cfg80211 about internal error */
76         RX_MGMT_CFG80211_ASSOC_ERROR,
77 };
78
79 /* utils */
80 static inline void ASSERT_MGD_MTX(struct ieee80211_if_managed *ifmgd)
81 {
82         WARN_ON(!mutex_is_locked(&ifmgd->mtx));
83 }
84
85 /*
86  * We can have multiple work items (and connection probing)
87  * scheduling this timer, but we need to take care to only
88  * reschedule it when it should fire _earlier_ than it was
89  * asked for before, or if it's not pending right now. This
90  * function ensures that. Note that it then is required to
91  * run this function for all timeouts after the first one
92  * has happened -- the work that runs from this timer will
93  * do that.
94  */
95 static void run_again(struct ieee80211_if_managed *ifmgd,
96                              unsigned long timeout)
97 {
98         ASSERT_MGD_MTX(ifmgd);
99
100         if (!timer_pending(&ifmgd->timer) ||
101             time_before(timeout, ifmgd->timer.expires))
102                 mod_timer(&ifmgd->timer, timeout);
103 }
104
105 static void mod_beacon_timer(struct ieee80211_sub_if_data *sdata)
106 {
107         if (sdata->local->hw.flags & IEEE80211_HW_BEACON_FILTER)
108                 return;
109
110         mod_timer(&sdata->u.mgd.bcn_mon_timer,
111                   round_jiffies_up(jiffies + IEEE80211_BEACON_LOSS_TIME));
112 }
113
114 static int ecw2cw(int ecw)
115 {
116         return (1 << ecw) - 1;
117 }
118
119 /*
120  * ieee80211_enable_ht should be called only after the operating band
121  * has been determined as ht configuration depends on the hw's
122  * HT abilities for a specific band.
123  */
124 static u32 ieee80211_enable_ht(struct ieee80211_sub_if_data *sdata,
125                                struct ieee80211_ht_info *hti,
126                                const u8 *bssid, u16 ap_ht_cap_flags)
127 {
128         struct ieee80211_local *local = sdata->local;
129         struct ieee80211_supported_band *sband;
130         struct sta_info *sta;
131         u32 changed = 0;
132         u16 ht_opmode;
133         bool enable_ht = true, ht_changed;
134         enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
135
136         sband = local->hw.wiphy->bands[local->hw.conf.channel->band];
137
138         /* HT is not supported */
139         if (!sband->ht_cap.ht_supported)
140                 enable_ht = false;
141
142         /* check that channel matches the right operating channel */
143         if (local->hw.conf.channel->center_freq !=
144             ieee80211_channel_to_frequency(hti->control_chan))
145                 enable_ht = false;
146
147         if (enable_ht) {
148                 channel_type = NL80211_CHAN_HT20;
149
150                 if (!(ap_ht_cap_flags & IEEE80211_HT_CAP_40MHZ_INTOLERANT) &&
151                     (sband->ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) &&
152                     (hti->ht_param & IEEE80211_HT_PARAM_CHAN_WIDTH_ANY)) {
153                         switch(hti->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
154                         case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
155                                 if (!(local->hw.conf.channel->flags &
156                                     IEEE80211_CHAN_NO_HT40PLUS))
157                                         channel_type = NL80211_CHAN_HT40PLUS;
158                                 break;
159                         case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
160                                 if (!(local->hw.conf.channel->flags &
161                                     IEEE80211_CHAN_NO_HT40MINUS))
162                                         channel_type = NL80211_CHAN_HT40MINUS;
163                                 break;
164                         }
165                 }
166         }
167
168         ht_changed = conf_is_ht(&local->hw.conf) != enable_ht ||
169                      channel_type != local->hw.conf.channel_type;
170
171         if (local->tmp_channel)
172                 local->tmp_channel_type = channel_type;
173         local->oper_channel_type = channel_type;
174
175         if (ht_changed) {
176                 /* channel_type change automatically detected */
177                 ieee80211_hw_config(local, 0);
178
179                 rcu_read_lock();
180                 sta = sta_info_get(sdata, bssid);
181                 if (sta)
182                         rate_control_rate_update(local, sband, sta,
183                                                  IEEE80211_RC_HT_CHANGED,
184                                                  local->oper_channel_type);
185                 rcu_read_unlock();
186         }
187
188         /* disable HT */
189         if (!enable_ht)
190                 return 0;
191
192         ht_opmode = le16_to_cpu(hti->operation_mode);
193
194         /* if bss configuration changed store the new one */
195         if (!sdata->ht_opmode_valid ||
196             sdata->vif.bss_conf.ht_operation_mode != ht_opmode) {
197                 changed |= BSS_CHANGED_HT;
198                 sdata->vif.bss_conf.ht_operation_mode = ht_opmode;
199                 sdata->ht_opmode_valid = true;
200         }
201
202         return changed;
203 }
204
205 /* frame sending functions */
206
207 static void ieee80211_send_deauth_disassoc(struct ieee80211_sub_if_data *sdata,
208                                            const u8 *bssid, u16 stype, u16 reason,
209                                            void *cookie)
210 {
211         struct ieee80211_local *local = sdata->local;
212         struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
213         struct sk_buff *skb;
214         struct ieee80211_mgmt *mgmt;
215
216         skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt));
217         if (!skb) {
218                 printk(KERN_DEBUG "%s: failed to allocate buffer for "
219                        "deauth/disassoc frame\n", sdata->name);
220                 return;
221         }
222         skb_reserve(skb, local->hw.extra_tx_headroom);
223
224         mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
225         memset(mgmt, 0, 24);
226         memcpy(mgmt->da, bssid, ETH_ALEN);
227         memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
228         memcpy(mgmt->bssid, bssid, ETH_ALEN);
229         mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | stype);
230         skb_put(skb, 2);
231         /* u.deauth.reason_code == u.disassoc.reason_code */
232         mgmt->u.deauth.reason_code = cpu_to_le16(reason);
233
234         if (stype == IEEE80211_STYPE_DEAUTH)
235                 if (cookie)
236                         __cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len);
237                 else
238                         cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len);
239         else
240                 if (cookie)
241                         __cfg80211_send_disassoc(sdata->dev, (u8 *)mgmt, skb->len);
242                 else
243                         cfg80211_send_disassoc(sdata->dev, (u8 *)mgmt, skb->len);
244         if (!(ifmgd->flags & IEEE80211_STA_MFP_ENABLED))
245                 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
246         ieee80211_tx_skb(sdata, skb);
247 }
248
249 void ieee80211_send_pspoll(struct ieee80211_local *local,
250                            struct ieee80211_sub_if_data *sdata)
251 {
252         struct ieee80211_pspoll *pspoll;
253         struct sk_buff *skb;
254
255         skb = ieee80211_pspoll_get(&local->hw, &sdata->vif);
256         if (!skb)
257                 return;
258
259         pspoll = (struct ieee80211_pspoll *) skb->data;
260         pspoll->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
261
262         IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
263         ieee80211_tx_skb(sdata, skb);
264 }
265
266 void ieee80211_send_nullfunc(struct ieee80211_local *local,
267                              struct ieee80211_sub_if_data *sdata,
268                              int powersave)
269 {
270         struct sk_buff *skb;
271         struct ieee80211_hdr_3addr *nullfunc;
272
273         skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif);
274         if (!skb)
275                 return;
276
277         nullfunc = (struct ieee80211_hdr_3addr *) skb->data;
278         if (powersave)
279                 nullfunc->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
280
281         IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
282         ieee80211_tx_skb(sdata, skb);
283 }
284
285 static void ieee80211_send_4addr_nullfunc(struct ieee80211_local *local,
286                                           struct ieee80211_sub_if_data *sdata)
287 {
288         struct sk_buff *skb;
289         struct ieee80211_hdr *nullfunc;
290         __le16 fc;
291
292         if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
293                 return;
294
295         skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30);
296         if (!skb) {
297                 printk(KERN_DEBUG "%s: failed to allocate buffer for 4addr "
298                        "nullfunc frame\n", sdata->name);
299                 return;
300         }
301         skb_reserve(skb, local->hw.extra_tx_headroom);
302
303         nullfunc = (struct ieee80211_hdr *) skb_put(skb, 30);
304         memset(nullfunc, 0, 30);
305         fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC |
306                          IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
307         nullfunc->frame_control = fc;
308         memcpy(nullfunc->addr1, sdata->u.mgd.bssid, ETH_ALEN);
309         memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN);
310         memcpy(nullfunc->addr3, sdata->u.mgd.bssid, ETH_ALEN);
311         memcpy(nullfunc->addr4, sdata->vif.addr, ETH_ALEN);
312
313         IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
314         ieee80211_tx_skb(sdata, skb);
315 }
316
317 /* spectrum management related things */
318 static void ieee80211_chswitch_work(struct work_struct *work)
319 {
320         struct ieee80211_sub_if_data *sdata =
321                 container_of(work, struct ieee80211_sub_if_data, u.mgd.chswitch_work);
322         struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
323
324         if (!ieee80211_sdata_running(sdata))
325                 return;
326
327         mutex_lock(&ifmgd->mtx);
328         if (!ifmgd->associated)
329                 goto out;
330
331         sdata->local->oper_channel = sdata->local->csa_channel;
332         ieee80211_hw_config(sdata->local, IEEE80211_CONF_CHANGE_CHANNEL);
333
334         /* XXX: shouldn't really modify cfg80211-owned data! */
335         ifmgd->associated->channel = sdata->local->oper_channel;
336
337         ieee80211_wake_queues_by_reason(&sdata->local->hw,
338                                         IEEE80211_QUEUE_STOP_REASON_CSA);
339  out:
340         ifmgd->flags &= ~IEEE80211_STA_CSA_RECEIVED;
341         mutex_unlock(&ifmgd->mtx);
342 }
343
344 static void ieee80211_chswitch_timer(unsigned long data)
345 {
346         struct ieee80211_sub_if_data *sdata =
347                 (struct ieee80211_sub_if_data *) data;
348         struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
349
350         if (sdata->local->quiescing) {
351                 set_bit(TMR_RUNNING_CHANSW, &ifmgd->timers_running);
352                 return;
353         }
354
355         ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work);
356 }
357
358 void ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata,
359                                       struct ieee80211_channel_sw_ie *sw_elem,
360                                       struct ieee80211_bss *bss)
361 {
362         struct cfg80211_bss *cbss =
363                 container_of((void *)bss, struct cfg80211_bss, priv);
364         struct ieee80211_channel *new_ch;
365         struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
366         int new_freq = ieee80211_channel_to_frequency(sw_elem->new_ch_num);
367
368         ASSERT_MGD_MTX(ifmgd);
369
370         if (!ifmgd->associated)
371                 return;
372
373         if (sdata->local->scanning)
374                 return;
375
376         /* Disregard subsequent beacons if we are already running a timer
377            processing a CSA */
378
379         if (ifmgd->flags & IEEE80211_STA_CSA_RECEIVED)
380                 return;
381
382         new_ch = ieee80211_get_channel(sdata->local->hw.wiphy, new_freq);
383         if (!new_ch || new_ch->flags & IEEE80211_CHAN_DISABLED)
384                 return;
385
386         sdata->local->csa_channel = new_ch;
387
388         if (sw_elem->count <= 1) {
389                 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work);
390         } else {
391                 ieee80211_stop_queues_by_reason(&sdata->local->hw,
392                                         IEEE80211_QUEUE_STOP_REASON_CSA);
393                 ifmgd->flags |= IEEE80211_STA_CSA_RECEIVED;
394                 mod_timer(&ifmgd->chswitch_timer,
395                           jiffies +
396                           msecs_to_jiffies(sw_elem->count *
397                                            cbss->beacon_interval));
398         }
399 }
400
401 static void ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata,
402                                         u16 capab_info, u8 *pwr_constr_elem,
403                                         u8 pwr_constr_elem_len)
404 {
405         struct ieee80211_conf *conf = &sdata->local->hw.conf;
406
407         if (!(capab_info & WLAN_CAPABILITY_SPECTRUM_MGMT))
408                 return;
409
410         /* Power constraint IE length should be 1 octet */
411         if (pwr_constr_elem_len != 1)
412                 return;
413
414         if ((*pwr_constr_elem <= conf->channel->max_power) &&
415             (*pwr_constr_elem != sdata->local->power_constr_level)) {
416                 sdata->local->power_constr_level = *pwr_constr_elem;
417                 ieee80211_hw_config(sdata->local, 0);
418         }
419 }
420
421 /* powersave */
422 static void ieee80211_enable_ps(struct ieee80211_local *local,
423                                 struct ieee80211_sub_if_data *sdata)
424 {
425         struct ieee80211_conf *conf = &local->hw.conf;
426
427         /*
428          * If we are scanning right now then the parameters will
429          * take effect when scan finishes.
430          */
431         if (local->scanning)
432                 return;
433
434         if (conf->dynamic_ps_timeout > 0 &&
435             !(local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)) {
436                 mod_timer(&local->dynamic_ps_timer, jiffies +
437                           msecs_to_jiffies(conf->dynamic_ps_timeout));
438         } else {
439                 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)
440                         ieee80211_send_nullfunc(local, sdata, 1);
441
442                 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) &&
443                     (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS))
444                         return;
445
446                 conf->flags |= IEEE80211_CONF_PS;
447                 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
448         }
449 }
450
451 static void ieee80211_change_ps(struct ieee80211_local *local)
452 {
453         struct ieee80211_conf *conf = &local->hw.conf;
454
455         if (local->ps_sdata) {
456                 ieee80211_enable_ps(local, local->ps_sdata);
457         } else if (conf->flags & IEEE80211_CONF_PS) {
458                 conf->flags &= ~IEEE80211_CONF_PS;
459                 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
460                 del_timer_sync(&local->dynamic_ps_timer);
461                 cancel_work_sync(&local->dynamic_ps_enable_work);
462         }
463 }
464
465 /* need to hold RTNL or interface lock */
466 void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency)
467 {
468         struct ieee80211_sub_if_data *sdata, *found = NULL;
469         int count = 0;
470
471         if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_PS)) {
472                 local->ps_sdata = NULL;
473                 return;
474         }
475
476         if (!list_empty(&local->work_list)) {
477                 local->ps_sdata = NULL;
478                 goto change;
479         }
480
481         list_for_each_entry(sdata, &local->interfaces, list) {
482                 if (!ieee80211_sdata_running(sdata))
483                         continue;
484                 if (sdata->vif.type != NL80211_IFTYPE_STATION)
485                         continue;
486                 found = sdata;
487                 count++;
488         }
489
490         if (count == 1 && found->u.mgd.powersave &&
491             found->u.mgd.associated &&
492             found->u.mgd.associated->beacon_ies &&
493             !(found->u.mgd.flags & (IEEE80211_STA_BEACON_POLL |
494                                     IEEE80211_STA_CONNECTION_POLL))) {
495                 s32 beaconint_us;
496
497                 if (latency < 0)
498                         latency = pm_qos_request(PM_QOS_NETWORK_LATENCY);
499
500                 beaconint_us = ieee80211_tu_to_usec(
501                                         found->vif.bss_conf.beacon_int);
502
503                 if (beaconint_us > latency) {
504                         local->ps_sdata = NULL;
505                 } else {
506                         struct ieee80211_bss *bss;
507                         int maxslp = 1;
508                         u8 dtimper;
509
510                         bss = (void *)found->u.mgd.associated->priv;
511                         dtimper = bss->dtim_period;
512
513                         /* If the TIM IE is invalid, pretend the value is 1 */
514                         if (!dtimper)
515                                 dtimper = 1;
516                         else if (dtimper > 1)
517                                 maxslp = min_t(int, dtimper,
518                                                     latency / beaconint_us);
519
520                         local->hw.conf.max_sleep_period = maxslp;
521                         local->hw.conf.ps_dtim_period = dtimper;
522                         local->ps_sdata = found;
523                 }
524         } else {
525                 local->ps_sdata = NULL;
526         }
527
528  change:
529         ieee80211_change_ps(local);
530 }
531
532 void ieee80211_dynamic_ps_disable_work(struct work_struct *work)
533 {
534         struct ieee80211_local *local =
535                 container_of(work, struct ieee80211_local,
536                              dynamic_ps_disable_work);
537
538         if (local->hw.conf.flags & IEEE80211_CONF_PS) {
539                 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
540                 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
541         }
542
543         ieee80211_wake_queues_by_reason(&local->hw,
544                                         IEEE80211_QUEUE_STOP_REASON_PS);
545 }
546
547 void ieee80211_dynamic_ps_enable_work(struct work_struct *work)
548 {
549         struct ieee80211_local *local =
550                 container_of(work, struct ieee80211_local,
551                              dynamic_ps_enable_work);
552         struct ieee80211_sub_if_data *sdata = local->ps_sdata;
553         struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
554
555         /* can only happen when PS was just disabled anyway */
556         if (!sdata)
557                 return;
558
559         if (local->hw.conf.flags & IEEE80211_CONF_PS)
560                 return;
561
562         if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) &&
563             (!(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)))
564                 ieee80211_send_nullfunc(local, sdata, 1);
565
566         if (!((local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) &&
567               (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)) ||
568             (ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) {
569                 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED;
570                 local->hw.conf.flags |= IEEE80211_CONF_PS;
571                 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
572         }
573 }
574
575 void ieee80211_dynamic_ps_timer(unsigned long data)
576 {
577         struct ieee80211_local *local = (void *) data;
578
579         if (local->quiescing || local->suspended)
580                 return;
581
582         ieee80211_queue_work(&local->hw, &local->dynamic_ps_enable_work);
583 }
584
585 /* MLME */
586 static void ieee80211_sta_wmm_params(struct ieee80211_local *local,
587                                      struct ieee80211_if_managed *ifmgd,
588                                      u8 *wmm_param, size_t wmm_param_len)
589 {
590         struct ieee80211_tx_queue_params params;
591         size_t left;
592         int count;
593         u8 *pos, uapsd_queues = 0;
594
595         if (local->hw.queues < 4)
596                 return;
597
598         if (!wmm_param)
599                 return;
600
601         if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1)
602                 return;
603
604         if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED)
605                 uapsd_queues = local->uapsd_queues;
606
607         count = wmm_param[6] & 0x0f;
608         if (count == ifmgd->wmm_last_param_set)
609                 return;
610         ifmgd->wmm_last_param_set = count;
611
612         pos = wmm_param + 8;
613         left = wmm_param_len - 8;
614
615         memset(&params, 0, sizeof(params));
616
617         local->wmm_acm = 0;
618         for (; left >= 4; left -= 4, pos += 4) {
619                 int aci = (pos[0] >> 5) & 0x03;
620                 int acm = (pos[0] >> 4) & 0x01;
621                 bool uapsd = false;
622                 int queue;
623
624                 switch (aci) {
625                 case 1: /* AC_BK */
626                         queue = 3;
627                         if (acm)
628                                 local->wmm_acm |= BIT(1) | BIT(2); /* BK/- */
629                         if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK)
630                                 uapsd = true;
631                         break;
632                 case 2: /* AC_VI */
633                         queue = 1;
634                         if (acm)
635                                 local->wmm_acm |= BIT(4) | BIT(5); /* CL/VI */
636                         if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI)
637                                 uapsd = true;
638                         break;
639                 case 3: /* AC_VO */
640                         queue = 0;
641                         if (acm)
642                                 local->wmm_acm |= BIT(6) | BIT(7); /* VO/NC */
643                         if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO)
644                                 uapsd = true;
645                         break;
646                 case 0: /* AC_BE */
647                 default:
648                         queue = 2;
649                         if (acm)
650                                 local->wmm_acm |= BIT(0) | BIT(3); /* BE/EE */
651                         if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE)
652                                 uapsd = true;
653                         break;
654                 }
655
656                 params.aifs = pos[0] & 0x0f;
657                 params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4);
658                 params.cw_min = ecw2cw(pos[1] & 0x0f);
659                 params.txop = get_unaligned_le16(pos + 2);
660                 params.uapsd = uapsd;
661
662 #ifdef CONFIG_MAC80211_VERBOSE_DEBUG
663                 printk(KERN_DEBUG "%s: WMM queue=%d aci=%d acm=%d aifs=%d "
664                        "cWmin=%d cWmax=%d txop=%d uapsd=%d\n",
665                        wiphy_name(local->hw.wiphy), queue, aci, acm,
666                        params.aifs, params.cw_min, params.cw_max, params.txop,
667                        params.uapsd);
668 #endif
669                 if (drv_conf_tx(local, queue, &params) && local->ops->conf_tx)
670                         printk(KERN_DEBUG "%s: failed to set TX queue "
671                                "parameters for queue %d\n",
672                                wiphy_name(local->hw.wiphy), queue);
673         }
674 }
675
676 static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata,
677                                            u16 capab, bool erp_valid, u8 erp)
678 {
679         struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
680         u32 changed = 0;
681         bool use_protection;
682         bool use_short_preamble;
683         bool use_short_slot;
684
685         if (erp_valid) {
686                 use_protection = (erp & WLAN_ERP_USE_PROTECTION) != 0;
687                 use_short_preamble = (erp & WLAN_ERP_BARKER_PREAMBLE) == 0;
688         } else {
689                 use_protection = false;
690                 use_short_preamble = !!(capab & WLAN_CAPABILITY_SHORT_PREAMBLE);
691         }
692
693         use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME);
694         if (sdata->local->hw.conf.channel->band == IEEE80211_BAND_5GHZ)
695                 use_short_slot = true;
696
697         if (use_protection != bss_conf->use_cts_prot) {
698                 bss_conf->use_cts_prot = use_protection;
699                 changed |= BSS_CHANGED_ERP_CTS_PROT;
700         }
701
702         if (use_short_preamble != bss_conf->use_short_preamble) {
703                 bss_conf->use_short_preamble = use_short_preamble;
704                 changed |= BSS_CHANGED_ERP_PREAMBLE;
705         }
706
707         if (use_short_slot != bss_conf->use_short_slot) {
708                 bss_conf->use_short_slot = use_short_slot;
709                 changed |= BSS_CHANGED_ERP_SLOT;
710         }
711
712         return changed;
713 }
714
715 static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
716                                      struct cfg80211_bss *cbss,
717                                      u32 bss_info_changed)
718 {
719         struct ieee80211_bss *bss = (void *)cbss->priv;
720         struct ieee80211_local *local = sdata->local;
721
722         bss_info_changed |= BSS_CHANGED_ASSOC;
723         /* set timing information */
724         sdata->vif.bss_conf.beacon_int = cbss->beacon_interval;
725         sdata->vif.bss_conf.timestamp = cbss->tsf;
726
727         bss_info_changed |= BSS_CHANGED_BEACON_INT;
728         bss_info_changed |= ieee80211_handle_bss_capability(sdata,
729                 cbss->capability, bss->has_erp_value, bss->erp_value);
730
731         sdata->u.mgd.associated = cbss;
732         memcpy(sdata->u.mgd.bssid, cbss->bssid, ETH_ALEN);
733
734         /* just to be sure */
735         sdata->u.mgd.flags &= ~(IEEE80211_STA_CONNECTION_POLL |
736                                 IEEE80211_STA_BEACON_POLL);
737
738         /*
739          * Always handle WMM once after association regardless
740          * of the first value the AP uses. Setting -1 here has
741          * that effect because the AP values is an unsigned
742          * 4-bit value.
743          */
744         sdata->u.mgd.wmm_last_param_set = -1;
745
746         ieee80211_led_assoc(local, 1);
747
748         sdata->vif.bss_conf.assoc = 1;
749         /*
750          * For now just always ask the driver to update the basic rateset
751          * when we have associated, we aren't checking whether it actually
752          * changed or not.
753          */
754         bss_info_changed |= BSS_CHANGED_BASIC_RATES;
755
756         /* And the BSSID changed - we're associated now */
757         bss_info_changed |= BSS_CHANGED_BSSID;
758
759         ieee80211_bss_info_change_notify(sdata, bss_info_changed);
760
761         mutex_lock(&local->iflist_mtx);
762         ieee80211_recalc_ps(local, -1);
763         ieee80211_recalc_smps(local, sdata);
764         mutex_unlock(&local->iflist_mtx);
765
766         netif_tx_start_all_queues(sdata->dev);
767         netif_carrier_on(sdata->dev);
768 }
769
770 static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata)
771 {
772         struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
773         struct ieee80211_local *local = sdata->local;
774         struct sta_info *sta;
775         u32 changed = 0, config_changed = 0;
776         u8 bssid[ETH_ALEN];
777
778         ASSERT_MGD_MTX(ifmgd);
779
780         if (WARN_ON(!ifmgd->associated))
781                 return;
782
783         memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN);
784
785         ifmgd->associated = NULL;
786         memset(ifmgd->bssid, 0, ETH_ALEN);
787
788         /*
789          * we need to commit the associated = NULL change because the
790          * scan code uses that to determine whether this iface should
791          * go to/wake up from powersave or not -- and could otherwise
792          * wake the queues erroneously.
793          */
794         smp_mb();
795
796         /*
797          * Thus, we can only afterwards stop the queues -- to account
798          * for the case where another CPU is finishing a scan at this
799          * time -- we don't want the scan code to enable queues.
800          */
801
802         netif_tx_stop_all_queues(sdata->dev);
803         netif_carrier_off(sdata->dev);
804
805         rcu_read_lock();
806         sta = sta_info_get(sdata, bssid);
807         if (sta) {
808                 set_sta_flags(sta, WLAN_STA_DISASSOC);
809                 ieee80211_sta_tear_down_BA_sessions(sta);
810         }
811         rcu_read_unlock();
812
813         changed |= ieee80211_reset_erp_info(sdata);
814
815         ieee80211_led_assoc(local, 0);
816         changed |= BSS_CHANGED_ASSOC;
817         sdata->vif.bss_conf.assoc = false;
818
819         ieee80211_set_wmm_default(sdata);
820
821         /* channel(_type) changes are handled by ieee80211_hw_config */
822         local->oper_channel_type = NL80211_CHAN_NO_HT;
823
824         /* on the next assoc, re-program HT parameters */
825         sdata->ht_opmode_valid = false;
826
827         local->power_constr_level = 0;
828
829         del_timer_sync(&local->dynamic_ps_timer);
830         cancel_work_sync(&local->dynamic_ps_enable_work);
831
832         if (local->hw.conf.flags & IEEE80211_CONF_PS) {
833                 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
834                 config_changed |= IEEE80211_CONF_CHANGE_PS;
835         }
836
837         ieee80211_hw_config(local, config_changed);
838
839         /* And the BSSID changed -- not very interesting here */
840         changed |= BSS_CHANGED_BSSID;
841         ieee80211_bss_info_change_notify(sdata, changed);
842
843         sta_info_destroy_addr(sdata, bssid);
844 }
845
846 void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata,
847                              struct ieee80211_hdr *hdr)
848 {
849         /*
850          * We can postpone the mgd.timer whenever receiving unicast frames
851          * from AP because we know that the connection is working both ways
852          * at that time. But multicast frames (and hence also beacons) must
853          * be ignored here, because we need to trigger the timer during
854          * data idle periods for sending the periodic probe request to the
855          * AP we're connected to.
856          */
857         if (is_multicast_ether_addr(hdr->addr1))
858                 return;
859
860         mod_timer(&sdata->u.mgd.conn_mon_timer,
861                   round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME));
862 }
863
864 static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata)
865 {
866         struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
867         const u8 *ssid;
868
869         ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID);
870         ieee80211_send_probe_req(sdata, ifmgd->associated->bssid,
871                                  ssid + 2, ssid[1], NULL, 0);
872
873         ifmgd->probe_send_count++;
874         ifmgd->probe_timeout = jiffies + IEEE80211_PROBE_WAIT;
875         run_again(ifmgd, ifmgd->probe_timeout);
876 }
877
878 static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata,
879                                    bool beacon)
880 {
881         struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
882         bool already = false;
883
884         if (!ieee80211_sdata_running(sdata))
885                 return;
886
887         if (sdata->local->scanning)
888                 return;
889
890         if (sdata->local->tmp_channel)
891                 return;
892
893         mutex_lock(&ifmgd->mtx);
894
895         if (!ifmgd->associated)
896                 goto out;
897
898 #ifdef CONFIG_MAC80211_VERBOSE_DEBUG
899         if (beacon && net_ratelimit())
900                 printk(KERN_DEBUG "%s: detected beacon loss from AP "
901                        "- sending probe request\n", sdata->name);
902 #endif
903
904         /*
905          * The driver/our work has already reported this event or the
906          * connection monitoring has kicked in and we have already sent
907          * a probe request. Or maybe the AP died and the driver keeps
908          * reporting until we disassociate...
909          *
910          * In either case we have to ignore the current call to this
911          * function (except for setting the correct probe reason bit)
912          * because otherwise we would reset the timer every time and
913          * never check whether we received a probe response!
914          */
915         if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL |
916                             IEEE80211_STA_CONNECTION_POLL))
917                 already = true;
918
919         if (beacon)
920                 ifmgd->flags |= IEEE80211_STA_BEACON_POLL;
921         else
922                 ifmgd->flags |= IEEE80211_STA_CONNECTION_POLL;
923
924         if (already)
925                 goto out;
926
927         mutex_lock(&sdata->local->iflist_mtx);
928         ieee80211_recalc_ps(sdata->local, -1);
929         mutex_unlock(&sdata->local->iflist_mtx);
930
931         ifmgd->probe_send_count = 0;
932         ieee80211_mgd_probe_ap_send(sdata);
933  out:
934         mutex_unlock(&ifmgd->mtx);
935 }
936
937 void ieee80211_beacon_loss_work(struct work_struct *work)
938 {
939         struct ieee80211_sub_if_data *sdata =
940                 container_of(work, struct ieee80211_sub_if_data,
941                              u.mgd.beacon_loss_work);
942
943         ieee80211_mgd_probe_ap(sdata, true);
944 }
945
946 void ieee80211_beacon_loss(struct ieee80211_vif *vif)
947 {
948         struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
949
950         ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.beacon_loss_work);
951 }
952 EXPORT_SYMBOL(ieee80211_beacon_loss);
953
954 static enum rx_mgmt_action __must_check
955 ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata,
956                          struct ieee80211_mgmt *mgmt, size_t len)
957 {
958         struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
959         const u8 *bssid = NULL;
960         u16 reason_code;
961
962         if (len < 24 + 2)
963                 return RX_MGMT_NONE;
964
965         ASSERT_MGD_MTX(ifmgd);
966
967         bssid = ifmgd->associated->bssid;
968
969         reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
970
971         printk(KERN_DEBUG "%s: deauthenticated from %pM (Reason: %u)\n",
972                         sdata->name, bssid, reason_code);
973
974         ieee80211_set_disassoc(sdata);
975         ieee80211_recalc_idle(sdata->local);
976
977         return RX_MGMT_CFG80211_DEAUTH;
978 }
979
980
981 static enum rx_mgmt_action __must_check
982 ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata,
983                            struct ieee80211_mgmt *mgmt, size_t len)
984 {
985         struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
986         u16 reason_code;
987
988         if (len < 24 + 2)
989                 return RX_MGMT_NONE;
990
991         ASSERT_MGD_MTX(ifmgd);
992
993         if (WARN_ON(!ifmgd->associated))
994                 return RX_MGMT_NONE;
995
996         if (WARN_ON(memcmp(ifmgd->associated->bssid, mgmt->sa, ETH_ALEN)))
997                 return RX_MGMT_NONE;
998
999         reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
1000
1001         printk(KERN_DEBUG "%s: disassociated from %pM (Reason: %u)\n",
1002                         sdata->name, mgmt->sa, reason_code);
1003
1004         ieee80211_set_disassoc(sdata);
1005         ieee80211_recalc_idle(sdata->local);
1006         return RX_MGMT_CFG80211_DISASSOC;
1007 }
1008
1009
1010 static bool ieee80211_assoc_success(struct ieee80211_work *wk,
1011                                     struct ieee80211_mgmt *mgmt, size_t len)
1012 {
1013         struct ieee80211_sub_if_data *sdata = wk->sdata;
1014         struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1015         struct ieee80211_local *local = sdata->local;
1016         struct ieee80211_supported_band *sband;
1017         struct sta_info *sta;
1018         struct cfg80211_bss *cbss = wk->assoc.bss;
1019         u8 *pos;
1020         u32 rates, basic_rates;
1021         u16 capab_info, aid;
1022         struct ieee802_11_elems elems;
1023         struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
1024         u32 changed = 0;
1025         int i, j, err;
1026         bool have_higher_than_11mbit = false;
1027         u16 ap_ht_cap_flags;
1028
1029         /* AssocResp and ReassocResp have identical structure */
1030
1031         aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
1032         capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
1033
1034         if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14)))
1035                 printk(KERN_DEBUG "%s: invalid aid value %d; bits 15:14 not "
1036                        "set\n", sdata->name, aid);
1037         aid &= ~(BIT(15) | BIT(14));
1038
1039         pos = mgmt->u.assoc_resp.variable;
1040         ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
1041
1042         if (!elems.supp_rates) {
1043                 printk(KERN_DEBUG "%s: no SuppRates element in AssocResp\n",
1044                        sdata->name);
1045                 return false;
1046         }
1047
1048         ifmgd->aid = aid;
1049
1050         sta = sta_info_alloc(sdata, cbss->bssid, GFP_KERNEL);
1051         if (!sta) {
1052                 printk(KERN_DEBUG "%s: failed to alloc STA entry for"
1053                        " the AP\n", sdata->name);
1054                 return false;
1055         }
1056
1057         set_sta_flags(sta, WLAN_STA_AUTH | WLAN_STA_ASSOC |
1058                            WLAN_STA_ASSOC_AP);
1059         if (!(ifmgd->flags & IEEE80211_STA_CONTROL_PORT))
1060                 set_sta_flags(sta, WLAN_STA_AUTHORIZED);
1061
1062         rates = 0;
1063         basic_rates = 0;
1064         sband = local->hw.wiphy->bands[local->hw.conf.channel->band];
1065
1066         for (i = 0; i < elems.supp_rates_len; i++) {
1067                 int rate = (elems.supp_rates[i] & 0x7f) * 5;
1068                 bool is_basic = !!(elems.supp_rates[i] & 0x80);
1069
1070                 if (rate > 110)
1071                         have_higher_than_11mbit = true;
1072
1073                 for (j = 0; j < sband->n_bitrates; j++) {
1074                         if (sband->bitrates[j].bitrate == rate) {
1075                                 rates |= BIT(j);
1076                                 if (is_basic)
1077                                         basic_rates |= BIT(j);
1078                                 break;
1079                         }
1080                 }
1081         }
1082
1083         for (i = 0; i < elems.ext_supp_rates_len; i++) {
1084                 int rate = (elems.ext_supp_rates[i] & 0x7f) * 5;
1085                 bool is_basic = !!(elems.ext_supp_rates[i] & 0x80);
1086
1087                 if (rate > 110)
1088                         have_higher_than_11mbit = true;
1089
1090                 for (j = 0; j < sband->n_bitrates; j++) {
1091                         if (sband->bitrates[j].bitrate == rate) {
1092                                 rates |= BIT(j);
1093                                 if (is_basic)
1094                                         basic_rates |= BIT(j);
1095                                 break;
1096                         }
1097                 }
1098         }
1099
1100         sta->sta.supp_rates[local->hw.conf.channel->band] = rates;
1101         sdata->vif.bss_conf.basic_rates = basic_rates;
1102
1103         /* cf. IEEE 802.11 9.2.12 */
1104         if (local->hw.conf.channel->band == IEEE80211_BAND_2GHZ &&
1105             have_higher_than_11mbit)
1106                 sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE;
1107         else
1108                 sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE;
1109
1110         if (elems.ht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_11N))
1111                 ieee80211_ht_cap_ie_to_sta_ht_cap(sband,
1112                                 elems.ht_cap_elem, &sta->sta.ht_cap);
1113
1114         ap_ht_cap_flags = sta->sta.ht_cap.cap;
1115
1116         rate_control_rate_init(sta);
1117
1118         if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED)
1119                 set_sta_flags(sta, WLAN_STA_MFP);
1120
1121         if (elems.wmm_param)
1122                 set_sta_flags(sta, WLAN_STA_WME);
1123
1124         err = sta_info_insert(sta);
1125         sta = NULL;
1126         if (err) {
1127                 printk(KERN_DEBUG "%s: failed to insert STA entry for"
1128                        " the AP (error %d)\n", sdata->name, err);
1129                 return false;
1130         }
1131
1132         if (elems.wmm_param)
1133                 ieee80211_sta_wmm_params(local, ifmgd, elems.wmm_param,
1134                                          elems.wmm_param_len);
1135         else
1136                 ieee80211_set_wmm_default(sdata);
1137
1138         local->oper_channel = wk->chan;
1139
1140         if (elems.ht_info_elem && elems.wmm_param &&
1141             (sdata->local->hw.queues >= 4) &&
1142             !(ifmgd->flags & IEEE80211_STA_DISABLE_11N))
1143                 changed |= ieee80211_enable_ht(sdata, elems.ht_info_elem,
1144                                                cbss->bssid, ap_ht_cap_flags);
1145
1146         /* set AID and assoc capability,
1147          * ieee80211_set_associated() will tell the driver */
1148         bss_conf->aid = aid;
1149         bss_conf->assoc_capability = capab_info;
1150         ieee80211_set_associated(sdata, cbss, changed);
1151
1152         /*
1153          * If we're using 4-addr mode, let the AP know that we're
1154          * doing so, so that it can create the STA VLAN on its side
1155          */
1156         if (ifmgd->use_4addr)
1157                 ieee80211_send_4addr_nullfunc(local, sdata);
1158
1159         /*
1160          * Start timer to probe the connection to the AP now.
1161          * Also start the timer that will detect beacon loss.
1162          */
1163         ieee80211_sta_rx_notify(sdata, (struct ieee80211_hdr *)mgmt);
1164         mod_beacon_timer(sdata);
1165
1166         return true;
1167 }
1168
1169
1170 static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
1171                                   struct ieee80211_mgmt *mgmt,
1172                                   size_t len,
1173                                   struct ieee80211_rx_status *rx_status,
1174                                   struct ieee802_11_elems *elems,
1175                                   bool beacon)
1176 {
1177         struct ieee80211_local *local = sdata->local;
1178         int freq;
1179         struct ieee80211_bss *bss;
1180         struct ieee80211_channel *channel;
1181         bool need_ps = false;
1182
1183         if (sdata->u.mgd.associated) {
1184                 bss = (void *)sdata->u.mgd.associated->priv;
1185                 /* not previously set so we may need to recalc */
1186                 need_ps = !bss->dtim_period;
1187         }
1188
1189         if (elems->ds_params && elems->ds_params_len == 1)
1190                 freq = ieee80211_channel_to_frequency(elems->ds_params[0]);
1191         else
1192                 freq = rx_status->freq;
1193
1194         channel = ieee80211_get_channel(local->hw.wiphy, freq);
1195
1196         if (!channel || channel->flags & IEEE80211_CHAN_DISABLED)
1197                 return;
1198
1199         bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, elems,
1200                                         channel, beacon);
1201         if (bss)
1202                 ieee80211_rx_bss_put(local, bss);
1203
1204         if (!sdata->u.mgd.associated)
1205                 return;
1206
1207         if (need_ps) {
1208                 mutex_lock(&local->iflist_mtx);
1209                 ieee80211_recalc_ps(local, -1);
1210                 mutex_unlock(&local->iflist_mtx);
1211         }
1212
1213         if (elems->ch_switch_elem && (elems->ch_switch_elem_len == 3) &&
1214             (memcmp(mgmt->bssid, sdata->u.mgd.associated->bssid,
1215                                                         ETH_ALEN) == 0)) {
1216                 struct ieee80211_channel_sw_ie *sw_elem =
1217                         (struct ieee80211_channel_sw_ie *)elems->ch_switch_elem;
1218                 ieee80211_sta_process_chanswitch(sdata, sw_elem, bss);
1219         }
1220 }
1221
1222
1223 static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata,
1224                                          struct sk_buff *skb)
1225 {
1226         struct ieee80211_mgmt *mgmt = (void *)skb->data;
1227         struct ieee80211_if_managed *ifmgd;
1228         struct ieee80211_rx_status *rx_status = (void *) skb->cb;
1229         size_t baselen, len = skb->len;
1230         struct ieee802_11_elems elems;
1231
1232         ifmgd = &sdata->u.mgd;
1233
1234         ASSERT_MGD_MTX(ifmgd);
1235
1236         if (memcmp(mgmt->da, sdata->vif.addr, ETH_ALEN))
1237                 return; /* ignore ProbeResp to foreign address */
1238
1239         baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt;
1240         if (baselen > len)
1241                 return;
1242
1243         ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen,
1244                                 &elems);
1245
1246         ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems, false);
1247
1248         if (ifmgd->associated &&
1249             memcmp(mgmt->bssid, ifmgd->associated->bssid, ETH_ALEN) == 0 &&
1250             ifmgd->flags & (IEEE80211_STA_BEACON_POLL |
1251                             IEEE80211_STA_CONNECTION_POLL)) {
1252                 ifmgd->flags &= ~(IEEE80211_STA_CONNECTION_POLL |
1253                                   IEEE80211_STA_BEACON_POLL);
1254                 mutex_lock(&sdata->local->iflist_mtx);
1255                 ieee80211_recalc_ps(sdata->local, -1);
1256                 mutex_unlock(&sdata->local->iflist_mtx);
1257                 /*
1258                  * We've received a probe response, but are not sure whether
1259                  * we have or will be receiving any beacons or data, so let's
1260                  * schedule the timers again, just in case.
1261                  */
1262                 mod_beacon_timer(sdata);
1263                 mod_timer(&ifmgd->conn_mon_timer,
1264                           round_jiffies_up(jiffies +
1265                                            IEEE80211_CONNECTION_IDLE_TIME));
1266         }
1267 }
1268
1269 /*
1270  * This is the canonical list of information elements we care about,
1271  * the filter code also gives us all changes to the Microsoft OUI
1272  * (00:50:F2) vendor IE which is used for WMM which we need to track.
1273  *
1274  * We implement beacon filtering in software since that means we can
1275  * avoid processing the frame here and in cfg80211, and userspace
1276  * will not be able to tell whether the hardware supports it or not.
1277  *
1278  * XXX: This list needs to be dynamic -- userspace needs to be able to
1279  *      add items it requires. It also needs to be able to tell us to
1280  *      look out for other vendor IEs.
1281  */
1282 static const u64 care_about_ies =
1283         (1ULL << WLAN_EID_COUNTRY) |
1284         (1ULL << WLAN_EID_ERP_INFO) |
1285         (1ULL << WLAN_EID_CHANNEL_SWITCH) |
1286         (1ULL << WLAN_EID_PWR_CONSTRAINT) |
1287         (1ULL << WLAN_EID_HT_CAPABILITY) |
1288         (1ULL << WLAN_EID_HT_INFORMATION);
1289
1290 static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
1291                                      struct ieee80211_mgmt *mgmt,
1292                                      size_t len,
1293                                      struct ieee80211_rx_status *rx_status)
1294 {
1295         struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1296         size_t baselen;
1297         struct ieee802_11_elems elems;
1298         struct ieee80211_local *local = sdata->local;
1299         u32 changed = 0;
1300         bool erp_valid, directed_tim = false;
1301         u8 erp_value = 0;
1302         u32 ncrc;
1303         u8 *bssid;
1304
1305         ASSERT_MGD_MTX(ifmgd);
1306
1307         /* Process beacon from the current BSS */
1308         baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
1309         if (baselen > len)
1310                 return;
1311
1312         if (rx_status->freq != local->hw.conf.channel->center_freq)
1313                 return;
1314
1315         /*
1316          * We might have received a number of frames, among them a
1317          * disassoc frame and a beacon...
1318          */
1319         if (!ifmgd->associated)
1320                 return;
1321
1322         bssid = ifmgd->associated->bssid;
1323
1324         /*
1325          * And in theory even frames from a different AP we were just
1326          * associated to a split-second ago!
1327          */
1328         if (memcmp(bssid, mgmt->bssid, ETH_ALEN) != 0)
1329                 return;
1330
1331         if (ifmgd->flags & IEEE80211_STA_BEACON_POLL) {
1332 #ifdef CONFIG_MAC80211_VERBOSE_DEBUG
1333                 if (net_ratelimit()) {
1334                         printk(KERN_DEBUG "%s: cancelling probereq poll due "
1335                                "to a received beacon\n", sdata->name);
1336                 }
1337 #endif
1338                 ifmgd->flags &= ~IEEE80211_STA_BEACON_POLL;
1339                 mutex_lock(&local->iflist_mtx);
1340                 ieee80211_recalc_ps(local, -1);
1341                 mutex_unlock(&local->iflist_mtx);
1342         }
1343
1344         /*
1345          * Push the beacon loss detection into the future since
1346          * we are processing a beacon from the AP just now.
1347          */
1348         mod_beacon_timer(sdata);
1349
1350         ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4);
1351         ncrc = ieee802_11_parse_elems_crc(mgmt->u.beacon.variable,
1352                                           len - baselen, &elems,
1353                                           care_about_ies, ncrc);
1354
1355         if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)
1356                 directed_tim = ieee80211_check_tim(elems.tim, elems.tim_len,
1357                                                    ifmgd->aid);
1358
1359         if (ncrc != ifmgd->beacon_crc) {
1360                 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems,
1361                                       true);
1362
1363                 ieee80211_sta_wmm_params(local, ifmgd, elems.wmm_param,
1364                                          elems.wmm_param_len);
1365         }
1366
1367         if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) {
1368                 if (directed_tim) {
1369                         if (local->hw.conf.dynamic_ps_timeout > 0) {
1370                                 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
1371                                 ieee80211_hw_config(local,
1372                                                     IEEE80211_CONF_CHANGE_PS);
1373                                 ieee80211_send_nullfunc(local, sdata, 0);
1374                         } else {
1375                                 local->pspolling = true;
1376
1377                                 /*
1378                                  * Here is assumed that the driver will be
1379                                  * able to send ps-poll frame and receive a
1380                                  * response even though power save mode is
1381                                  * enabled, but some drivers might require
1382                                  * to disable power save here. This needs
1383                                  * to be investigated.
1384                                  */
1385                                 ieee80211_send_pspoll(local, sdata);
1386                         }
1387                 }
1388         }
1389
1390         if (ncrc == ifmgd->beacon_crc)
1391                 return;
1392         ifmgd->beacon_crc = ncrc;
1393
1394         if (elems.erp_info && elems.erp_info_len >= 1) {
1395                 erp_valid = true;
1396                 erp_value = elems.erp_info[0];
1397         } else {
1398                 erp_valid = false;
1399         }
1400         changed |= ieee80211_handle_bss_capability(sdata,
1401                         le16_to_cpu(mgmt->u.beacon.capab_info),
1402                         erp_valid, erp_value);
1403
1404
1405         if (elems.ht_cap_elem && elems.ht_info_elem && elems.wmm_param &&
1406             !(ifmgd->flags & IEEE80211_STA_DISABLE_11N)) {
1407                 struct sta_info *sta;
1408                 struct ieee80211_supported_band *sband;
1409                 u16 ap_ht_cap_flags;
1410
1411                 rcu_read_lock();
1412
1413                 sta = sta_info_get(sdata, bssid);
1414                 if (WARN_ON(!sta)) {
1415                         rcu_read_unlock();
1416                         return;
1417                 }
1418
1419                 sband = local->hw.wiphy->bands[local->hw.conf.channel->band];
1420
1421                 ieee80211_ht_cap_ie_to_sta_ht_cap(sband,
1422                                 elems.ht_cap_elem, &sta->sta.ht_cap);
1423
1424                 ap_ht_cap_flags = sta->sta.ht_cap.cap;
1425
1426                 rcu_read_unlock();
1427
1428                 changed |= ieee80211_enable_ht(sdata, elems.ht_info_elem,
1429                                                bssid, ap_ht_cap_flags);
1430         }
1431
1432         /* Note: country IE parsing is done for us by cfg80211 */
1433         if (elems.country_elem) {
1434                 /* TODO: IBSS also needs this */
1435                 if (elems.pwr_constr_elem)
1436                         ieee80211_handle_pwr_constr(sdata,
1437                                 le16_to_cpu(mgmt->u.probe_resp.capab_info),
1438                                 elems.pwr_constr_elem,
1439                                 elems.pwr_constr_elem_len);
1440         }
1441
1442         ieee80211_bss_info_change_notify(sdata, changed);
1443 }
1444
1445 ieee80211_rx_result ieee80211_sta_rx_mgmt(struct ieee80211_sub_if_data *sdata,
1446                                           struct sk_buff *skb)
1447 {
1448         struct ieee80211_local *local = sdata->local;
1449         struct ieee80211_mgmt *mgmt;
1450         u16 fc;
1451
1452         if (skb->len < 24)
1453                 return RX_DROP_MONITOR;
1454
1455         mgmt = (struct ieee80211_mgmt *) skb->data;
1456         fc = le16_to_cpu(mgmt->frame_control);
1457
1458         switch (fc & IEEE80211_FCTL_STYPE) {
1459         case IEEE80211_STYPE_PROBE_RESP:
1460         case IEEE80211_STYPE_BEACON:
1461         case IEEE80211_STYPE_DEAUTH:
1462         case IEEE80211_STYPE_DISASSOC:
1463         case IEEE80211_STYPE_ACTION:
1464                 skb_queue_tail(&sdata->u.mgd.skb_queue, skb);
1465                 ieee80211_queue_work(&local->hw, &sdata->u.mgd.work);
1466                 return RX_QUEUED;
1467         }
1468
1469         return RX_DROP_MONITOR;
1470 }
1471
1472 static void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
1473                                          struct sk_buff *skb)
1474 {
1475         struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1476         struct ieee80211_rx_status *rx_status;
1477         struct ieee80211_mgmt *mgmt;
1478         enum rx_mgmt_action rma = RX_MGMT_NONE;
1479         u16 fc;
1480
1481         rx_status = (struct ieee80211_rx_status *) skb->cb;
1482         mgmt = (struct ieee80211_mgmt *) skb->data;
1483         fc = le16_to_cpu(mgmt->frame_control);
1484
1485         mutex_lock(&ifmgd->mtx);
1486
1487         if (ifmgd->associated &&
1488             memcmp(ifmgd->associated->bssid, mgmt->bssid, ETH_ALEN) == 0) {
1489                 switch (fc & IEEE80211_FCTL_STYPE) {
1490                 case IEEE80211_STYPE_BEACON:
1491                         ieee80211_rx_mgmt_beacon(sdata, mgmt, skb->len,
1492                                                  rx_status);
1493                         break;
1494                 case IEEE80211_STYPE_PROBE_RESP:
1495                         ieee80211_rx_mgmt_probe_resp(sdata, skb);
1496                         break;
1497                 case IEEE80211_STYPE_DEAUTH:
1498                         rma = ieee80211_rx_mgmt_deauth(sdata, mgmt, skb->len);
1499                         break;
1500                 case IEEE80211_STYPE_DISASSOC:
1501                         rma = ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len);
1502                         break;
1503                 case IEEE80211_STYPE_ACTION:
1504                         if (mgmt->u.action.category != WLAN_CATEGORY_SPECTRUM_MGMT)
1505                                 break;
1506
1507                         ieee80211_sta_process_chanswitch(sdata,
1508                                         &mgmt->u.action.u.chan_switch.sw_elem,
1509                                         (void *)ifmgd->associated->priv);
1510                         break;
1511                 }
1512                 mutex_unlock(&ifmgd->mtx);
1513
1514                 switch (rma) {
1515                 case RX_MGMT_NONE:
1516                         /* no action */
1517                         break;
1518                 case RX_MGMT_CFG80211_DEAUTH:
1519                         cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len);
1520                         break;
1521                 case RX_MGMT_CFG80211_DISASSOC:
1522                         cfg80211_send_disassoc(sdata->dev, (u8 *)mgmt, skb->len);
1523                         break;
1524                 default:
1525                         WARN(1, "unexpected: %d", rma);
1526                 }
1527                 goto out;
1528         }
1529
1530         mutex_unlock(&ifmgd->mtx);
1531
1532         if (skb->len >= 24 + 2 /* mgmt + deauth reason */ &&
1533             (fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_DEAUTH)
1534                 cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len);
1535
1536  out:
1537         kfree_skb(skb);
1538 }
1539
1540 static void ieee80211_sta_timer(unsigned long data)
1541 {
1542         struct ieee80211_sub_if_data *sdata =
1543                 (struct ieee80211_sub_if_data *) data;
1544         struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1545         struct ieee80211_local *local = sdata->local;
1546
1547         if (local->quiescing) {
1548                 set_bit(TMR_RUNNING_TIMER, &ifmgd->timers_running);
1549                 return;
1550         }
1551
1552         ieee80211_queue_work(&local->hw, &ifmgd->work);
1553 }
1554
1555 static void ieee80211_sta_work(struct work_struct *work)
1556 {
1557         struct ieee80211_sub_if_data *sdata =
1558                 container_of(work, struct ieee80211_sub_if_data, u.mgd.work);
1559         struct ieee80211_local *local = sdata->local;
1560         struct ieee80211_if_managed *ifmgd;
1561         struct sk_buff *skb;
1562
1563         if (!ieee80211_sdata_running(sdata))
1564                 return;
1565
1566         if (local->scanning)
1567                 return;
1568
1569         if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
1570                 return;
1571
1572         /*
1573          * ieee80211_queue_work() should have picked up most cases,
1574          * here we'll pick the the rest.
1575          */
1576         if (WARN(local->suspended, "STA MLME work scheduled while "
1577                  "going to suspend\n"))
1578                 return;
1579
1580         ifmgd = &sdata->u.mgd;
1581
1582         /* first process frames to avoid timing out while a frame is pending */
1583         while ((skb = skb_dequeue(&ifmgd->skb_queue)))
1584                 ieee80211_sta_rx_queued_mgmt(sdata, skb);
1585
1586         /* then process the rest of the work */
1587         mutex_lock(&ifmgd->mtx);
1588
1589         if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL |
1590                             IEEE80211_STA_CONNECTION_POLL) &&
1591             ifmgd->associated) {
1592                 u8 bssid[ETH_ALEN];
1593
1594                 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN);
1595                 if (time_is_after_jiffies(ifmgd->probe_timeout))
1596                         run_again(ifmgd, ifmgd->probe_timeout);
1597
1598                 else if (ifmgd->probe_send_count < IEEE80211_MAX_PROBE_TRIES) {
1599 #ifdef CONFIG_MAC80211_VERBOSE_DEBUG
1600                         printk(KERN_DEBUG "No probe response from AP %pM"
1601                                 " after %dms, try %d\n", bssid,
1602                                 (1000 * IEEE80211_PROBE_WAIT)/HZ,
1603                                 ifmgd->probe_send_count);
1604 #endif
1605                         ieee80211_mgd_probe_ap_send(sdata);
1606                 } else {
1607                         /*
1608                          * We actually lost the connection ... or did we?
1609                          * Let's make sure!
1610                          */
1611                         ifmgd->flags &= ~(IEEE80211_STA_CONNECTION_POLL |
1612                                           IEEE80211_STA_BEACON_POLL);
1613                         printk(KERN_DEBUG "No probe response from AP %pM"
1614                                 " after %dms, disconnecting.\n",
1615                                 bssid, (1000 * IEEE80211_PROBE_WAIT)/HZ);
1616                         ieee80211_set_disassoc(sdata);
1617                         ieee80211_recalc_idle(local);
1618                         mutex_unlock(&ifmgd->mtx);
1619                         /*
1620                          * must be outside lock due to cfg80211,
1621                          * but that's not a problem.
1622                          */
1623                         ieee80211_send_deauth_disassoc(sdata, bssid,
1624                                         IEEE80211_STYPE_DEAUTH,
1625                                         WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
1626                                         NULL);
1627                         mutex_lock(&ifmgd->mtx);
1628                 }
1629         }
1630
1631         mutex_unlock(&ifmgd->mtx);
1632 }
1633
1634 static void ieee80211_sta_bcn_mon_timer(unsigned long data)
1635 {
1636         struct ieee80211_sub_if_data *sdata =
1637                 (struct ieee80211_sub_if_data *) data;
1638         struct ieee80211_local *local = sdata->local;
1639
1640         if (local->quiescing)
1641                 return;
1642
1643         ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.beacon_loss_work);
1644 }
1645
1646 static void ieee80211_sta_conn_mon_timer(unsigned long data)
1647 {
1648         struct ieee80211_sub_if_data *sdata =
1649                 (struct ieee80211_sub_if_data *) data;
1650         struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1651         struct ieee80211_local *local = sdata->local;
1652
1653         if (local->quiescing)
1654                 return;
1655
1656         ieee80211_queue_work(&local->hw, &ifmgd->monitor_work);
1657 }
1658
1659 static void ieee80211_sta_monitor_work(struct work_struct *work)
1660 {
1661         struct ieee80211_sub_if_data *sdata =
1662                 container_of(work, struct ieee80211_sub_if_data,
1663                              u.mgd.monitor_work);
1664
1665         ieee80211_mgd_probe_ap(sdata, false);
1666 }
1667
1668 static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata)
1669 {
1670         if (sdata->vif.type == NL80211_IFTYPE_STATION) {
1671                 sdata->u.mgd.flags &= ~(IEEE80211_STA_BEACON_POLL |
1672                                         IEEE80211_STA_CONNECTION_POLL);
1673
1674                 /* let's probe the connection once */
1675                 ieee80211_queue_work(&sdata->local->hw,
1676                            &sdata->u.mgd.monitor_work);
1677                 /* and do all the other regular work too */
1678                 ieee80211_queue_work(&sdata->local->hw,
1679                            &sdata->u.mgd.work);
1680         }
1681 }
1682
1683 #ifdef CONFIG_PM
1684 void ieee80211_sta_quiesce(struct ieee80211_sub_if_data *sdata)
1685 {
1686         struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1687
1688         /*
1689          * we need to use atomic bitops for the running bits
1690          * only because both timers might fire at the same
1691          * time -- the code here is properly synchronised.
1692          */
1693
1694         cancel_work_sync(&ifmgd->work);
1695         cancel_work_sync(&ifmgd->beacon_loss_work);
1696         if (del_timer_sync(&ifmgd->timer))
1697                 set_bit(TMR_RUNNING_TIMER, &ifmgd->timers_running);
1698
1699         cancel_work_sync(&ifmgd->chswitch_work);
1700         if (del_timer_sync(&ifmgd->chswitch_timer))
1701                 set_bit(TMR_RUNNING_CHANSW, &ifmgd->timers_running);
1702
1703         cancel_work_sync(&ifmgd->monitor_work);
1704         /* these will just be re-established on connection */
1705         del_timer_sync(&ifmgd->conn_mon_timer);
1706         del_timer_sync(&ifmgd->bcn_mon_timer);
1707 }
1708
1709 void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata)
1710 {
1711         struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1712
1713         if (test_and_clear_bit(TMR_RUNNING_TIMER, &ifmgd->timers_running))
1714                 add_timer(&ifmgd->timer);
1715         if (test_and_clear_bit(TMR_RUNNING_CHANSW, &ifmgd->timers_running))
1716                 add_timer(&ifmgd->chswitch_timer);
1717 }
1718 #endif
1719
1720 /* interface setup */
1721 void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata)
1722 {
1723         struct ieee80211_if_managed *ifmgd;
1724
1725         ifmgd = &sdata->u.mgd;
1726         INIT_WORK(&ifmgd->work, ieee80211_sta_work);
1727         INIT_WORK(&ifmgd->monitor_work, ieee80211_sta_monitor_work);
1728         INIT_WORK(&ifmgd->chswitch_work, ieee80211_chswitch_work);
1729         INIT_WORK(&ifmgd->beacon_loss_work, ieee80211_beacon_loss_work);
1730         setup_timer(&ifmgd->timer, ieee80211_sta_timer,
1731                     (unsigned long) sdata);
1732         setup_timer(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer,
1733                     (unsigned long) sdata);
1734         setup_timer(&ifmgd->conn_mon_timer, ieee80211_sta_conn_mon_timer,
1735                     (unsigned long) sdata);
1736         setup_timer(&ifmgd->chswitch_timer, ieee80211_chswitch_timer,
1737                     (unsigned long) sdata);
1738         skb_queue_head_init(&ifmgd->skb_queue);
1739
1740         ifmgd->flags = 0;
1741
1742         mutex_init(&ifmgd->mtx);
1743
1744         if (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_SMPS)
1745                 ifmgd->req_smps = IEEE80211_SMPS_AUTOMATIC;
1746         else
1747                 ifmgd->req_smps = IEEE80211_SMPS_OFF;
1748 }
1749
1750 /* scan finished notification */
1751 void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local)
1752 {
1753         struct ieee80211_sub_if_data *sdata = local->scan_sdata;
1754
1755         /* Restart STA timers */
1756         rcu_read_lock();
1757         list_for_each_entry_rcu(sdata, &local->interfaces, list)
1758                 ieee80211_restart_sta_timer(sdata);
1759         rcu_read_unlock();
1760 }
1761
1762 int ieee80211_max_network_latency(struct notifier_block *nb,
1763                                   unsigned long data, void *dummy)
1764 {
1765         s32 latency_usec = (s32) data;
1766         struct ieee80211_local *local =
1767                 container_of(nb, struct ieee80211_local,
1768                              network_latency_notifier);
1769
1770         mutex_lock(&local->iflist_mtx);
1771         ieee80211_recalc_ps(local, latency_usec);
1772         mutex_unlock(&local->iflist_mtx);
1773
1774         return 0;
1775 }
1776
1777 /* config hooks */
1778 static enum work_done_result
1779 ieee80211_probe_auth_done(struct ieee80211_work *wk,
1780                           struct sk_buff *skb)
1781 {
1782         if (!skb) {
1783                 cfg80211_send_auth_timeout(wk->sdata->dev, wk->filter_ta);
1784                 return WORK_DONE_DESTROY;
1785         }
1786
1787         if (wk->type == IEEE80211_WORK_AUTH) {
1788                 cfg80211_send_rx_auth(wk->sdata->dev, skb->data, skb->len);
1789                 return WORK_DONE_DESTROY;
1790         }
1791
1792         mutex_lock(&wk->sdata->u.mgd.mtx);
1793         ieee80211_rx_mgmt_probe_resp(wk->sdata, skb);
1794         mutex_unlock(&wk->sdata->u.mgd.mtx);
1795
1796         wk->type = IEEE80211_WORK_AUTH;
1797         wk->probe_auth.tries = 0;
1798         return WORK_DONE_REQUEUE;
1799 }
1800
1801 int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata,
1802                        struct cfg80211_auth_request *req)
1803 {
1804         const u8 *ssid;
1805         struct ieee80211_work *wk;
1806         u16 auth_alg;
1807
1808         switch (req->auth_type) {
1809         case NL80211_AUTHTYPE_OPEN_SYSTEM:
1810                 auth_alg = WLAN_AUTH_OPEN;
1811                 break;
1812         case NL80211_AUTHTYPE_SHARED_KEY:
1813                 auth_alg = WLAN_AUTH_SHARED_KEY;
1814                 break;
1815         case NL80211_AUTHTYPE_FT:
1816                 auth_alg = WLAN_AUTH_FT;
1817                 break;
1818         case NL80211_AUTHTYPE_NETWORK_EAP:
1819                 auth_alg = WLAN_AUTH_LEAP;
1820                 break;
1821         default:
1822                 return -EOPNOTSUPP;
1823         }
1824
1825         wk = kzalloc(sizeof(*wk) + req->ie_len, GFP_KERNEL);
1826         if (!wk)
1827                 return -ENOMEM;
1828
1829         memcpy(wk->filter_ta, req->bss->bssid, ETH_ALEN);
1830
1831         if (req->ie && req->ie_len) {
1832                 memcpy(wk->ie, req->ie, req->ie_len);
1833                 wk->ie_len = req->ie_len;
1834         }
1835
1836         if (req->key && req->key_len) {
1837                 wk->probe_auth.key_len = req->key_len;
1838                 wk->probe_auth.key_idx = req->key_idx;
1839                 memcpy(wk->probe_auth.key, req->key, req->key_len);
1840         }
1841
1842         ssid = ieee80211_bss_get_ie(req->bss, WLAN_EID_SSID);
1843         memcpy(wk->probe_auth.ssid, ssid + 2, ssid[1]);
1844         wk->probe_auth.ssid_len = ssid[1];
1845
1846         wk->probe_auth.algorithm = auth_alg;
1847         wk->probe_auth.privacy = req->bss->capability & WLAN_CAPABILITY_PRIVACY;
1848
1849         /* if we already have a probe, don't probe again */
1850         if (req->bss->proberesp_ies)
1851                 wk->type = IEEE80211_WORK_AUTH;
1852         else
1853                 wk->type = IEEE80211_WORK_DIRECT_PROBE;
1854         wk->chan = req->bss->channel;
1855         wk->sdata = sdata;
1856         wk->done = ieee80211_probe_auth_done;
1857
1858         ieee80211_add_work(wk);
1859         return 0;
1860 }
1861
1862 static enum work_done_result ieee80211_assoc_done(struct ieee80211_work *wk,
1863                                                   struct sk_buff *skb)
1864 {
1865         struct ieee80211_mgmt *mgmt;
1866         u16 status;
1867
1868         if (!skb) {
1869                 cfg80211_send_assoc_timeout(wk->sdata->dev, wk->filter_ta);
1870                 return WORK_DONE_DESTROY;
1871         }
1872
1873         mgmt = (void *)skb->data;
1874         status = le16_to_cpu(mgmt->u.assoc_resp.status_code);
1875
1876         if (status == WLAN_STATUS_SUCCESS) {
1877                 mutex_lock(&wk->sdata->u.mgd.mtx);
1878                 if (!ieee80211_assoc_success(wk, mgmt, skb->len)) {
1879                         mutex_unlock(&wk->sdata->u.mgd.mtx);
1880                         /* oops -- internal error -- send timeout for now */
1881                         cfg80211_send_assoc_timeout(wk->sdata->dev,
1882                                                     wk->filter_ta);
1883                         return WORK_DONE_DESTROY;
1884                 }
1885                 mutex_unlock(&wk->sdata->u.mgd.mtx);
1886         }
1887
1888         cfg80211_send_rx_assoc(wk->sdata->dev, skb->data, skb->len);
1889         return WORK_DONE_DESTROY;
1890 }
1891
1892 int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
1893                         struct cfg80211_assoc_request *req)
1894 {
1895         struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1896         struct ieee80211_bss *bss = (void *)req->bss->priv;
1897         struct ieee80211_work *wk;
1898         const u8 *ssid;
1899         int i;
1900
1901         mutex_lock(&ifmgd->mtx);
1902         if (ifmgd->associated) {
1903                 if (!req->prev_bssid ||
1904                     memcmp(req->prev_bssid, ifmgd->associated->bssid,
1905                            ETH_ALEN)) {
1906                         /*
1907                          * We are already associated and the request was not a
1908                          * reassociation request from the current BSS, so
1909                          * reject it.
1910                          */
1911                         mutex_unlock(&ifmgd->mtx);
1912                         return -EALREADY;
1913                 }
1914
1915                 /* Trying to reassociate - clear previous association state */
1916                 ieee80211_set_disassoc(sdata);
1917         }
1918         mutex_unlock(&ifmgd->mtx);
1919
1920         wk = kzalloc(sizeof(*wk) + req->ie_len, GFP_KERNEL);
1921         if (!wk)
1922                 return -ENOMEM;
1923
1924         ifmgd->flags &= ~IEEE80211_STA_DISABLE_11N;
1925         ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED;
1926
1927         for (i = 0; i < req->crypto.n_ciphers_pairwise; i++)
1928                 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 ||
1929                     req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP ||
1930                     req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104)
1931                         ifmgd->flags |= IEEE80211_STA_DISABLE_11N;
1932
1933
1934         if (req->ie && req->ie_len) {
1935                 memcpy(wk->ie, req->ie, req->ie_len);
1936                 wk->ie_len = req->ie_len;
1937         } else
1938                 wk->ie_len = 0;
1939
1940         wk->assoc.bss = req->bss;
1941
1942         memcpy(wk->filter_ta, req->bss->bssid, ETH_ALEN);
1943
1944         /* new association always uses requested smps mode */
1945         if (ifmgd->req_smps == IEEE80211_SMPS_AUTOMATIC) {
1946                 if (ifmgd->powersave)
1947                         ifmgd->ap_smps = IEEE80211_SMPS_DYNAMIC;
1948                 else
1949                         ifmgd->ap_smps = IEEE80211_SMPS_OFF;
1950         } else
1951                 ifmgd->ap_smps = ifmgd->req_smps;
1952
1953         wk->assoc.smps = ifmgd->ap_smps;
1954         /*
1955          * IEEE802.11n does not allow TKIP/WEP as pairwise ciphers in HT mode.
1956          * We still associate in non-HT mode (11a/b/g) if any one of these
1957          * ciphers is configured as pairwise.
1958          * We can set this to true for non-11n hardware, that'll be checked
1959          * separately along with the peer capabilities.
1960          */
1961         wk->assoc.use_11n = !(ifmgd->flags & IEEE80211_STA_DISABLE_11N);
1962         wk->assoc.capability = req->bss->capability;
1963         wk->assoc.wmm_used = bss->wmm_used;
1964         wk->assoc.supp_rates = bss->supp_rates;
1965         wk->assoc.supp_rates_len = bss->supp_rates_len;
1966         wk->assoc.ht_information_ie =
1967                 ieee80211_bss_get_ie(req->bss, WLAN_EID_HT_INFORMATION);
1968
1969         if (bss->wmm_used && bss->uapsd_supported &&
1970             (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD)) {
1971                 wk->assoc.uapsd_used = true;
1972                 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED;
1973         } else {
1974                 wk->assoc.uapsd_used = false;
1975                 ifmgd->flags &= ~IEEE80211_STA_UAPSD_ENABLED;
1976         }
1977
1978         ssid = ieee80211_bss_get_ie(req->bss, WLAN_EID_SSID);
1979         memcpy(wk->assoc.ssid, ssid + 2, ssid[1]);
1980         wk->assoc.ssid_len = ssid[1];
1981
1982         if (req->prev_bssid)
1983                 memcpy(wk->assoc.prev_bssid, req->prev_bssid, ETH_ALEN);
1984
1985         wk->type = IEEE80211_WORK_ASSOC;
1986         wk->chan = req->bss->channel;
1987         wk->sdata = sdata;
1988         wk->done = ieee80211_assoc_done;
1989
1990         if (req->use_mfp) {
1991                 ifmgd->mfp = IEEE80211_MFP_REQUIRED;
1992                 ifmgd->flags |= IEEE80211_STA_MFP_ENABLED;
1993         } else {
1994                 ifmgd->mfp = IEEE80211_MFP_DISABLED;
1995                 ifmgd->flags &= ~IEEE80211_STA_MFP_ENABLED;
1996         }
1997
1998         if (req->crypto.control_port)
1999                 ifmgd->flags |= IEEE80211_STA_CONTROL_PORT;
2000         else
2001                 ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT;
2002
2003         ieee80211_add_work(wk);
2004         return 0;
2005 }
2006
2007 int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
2008                          struct cfg80211_deauth_request *req,
2009                          void *cookie)
2010 {
2011         struct ieee80211_local *local = sdata->local;
2012         struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2013         struct ieee80211_work *wk;
2014         const u8 *bssid = req->bss->bssid;
2015
2016         mutex_lock(&ifmgd->mtx);
2017
2018         if (ifmgd->associated == req->bss) {
2019                 bssid = req->bss->bssid;
2020                 ieee80211_set_disassoc(sdata);
2021                 mutex_unlock(&ifmgd->mtx);
2022         } else {
2023                 bool not_auth_yet = false;
2024
2025                 mutex_unlock(&ifmgd->mtx);
2026
2027                 mutex_lock(&local->work_mtx);
2028                 list_for_each_entry(wk, &local->work_list, list) {
2029                         if (wk->sdata != sdata)
2030                                 continue;
2031
2032                         if (wk->type != IEEE80211_WORK_DIRECT_PROBE &&
2033                             wk->type != IEEE80211_WORK_AUTH &&
2034                             wk->type != IEEE80211_WORK_ASSOC)
2035                                 continue;
2036
2037                         if (memcmp(req->bss->bssid, wk->filter_ta, ETH_ALEN))
2038                                 continue;
2039
2040                         not_auth_yet = wk->type == IEEE80211_WORK_DIRECT_PROBE;
2041                         list_del_rcu(&wk->list);
2042                         free_work(wk);
2043                         break;
2044                 }
2045                 mutex_unlock(&local->work_mtx);
2046
2047                 /*
2048                  * If somebody requests authentication and we haven't
2049                  * sent out an auth frame yet there's no need to send
2050                  * out a deauth frame either. If the state was PROBE,
2051                  * then this is the case. If it's AUTH we have sent a
2052                  * frame, and if it's IDLE we have completed the auth
2053                  * process already.
2054                  */
2055                 if (not_auth_yet) {
2056                         __cfg80211_auth_canceled(sdata->dev, bssid);
2057                         return 0;
2058                 }
2059         }
2060
2061         printk(KERN_DEBUG "%s: deauthenticating from %pM by local choice (reason=%d)\n",
2062                sdata->name, bssid, req->reason_code);
2063
2064         ieee80211_send_deauth_disassoc(sdata, bssid,
2065                         IEEE80211_STYPE_DEAUTH, req->reason_code,
2066                         cookie);
2067
2068         ieee80211_recalc_idle(sdata->local);
2069
2070         return 0;
2071 }
2072
2073 int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata,
2074                            struct cfg80211_disassoc_request *req,
2075                            void *cookie)
2076 {
2077         struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2078
2079         mutex_lock(&ifmgd->mtx);
2080
2081         /*
2082          * cfg80211 should catch this ... but it's racy since
2083          * we can receive a disassoc frame, process it, hand it
2084          * to cfg80211 while that's in a locked section already
2085          * trying to tell us that the user wants to disconnect.
2086          */
2087         if (ifmgd->associated != req->bss) {
2088                 mutex_unlock(&ifmgd->mtx);
2089                 return -ENOLINK;
2090         }
2091
2092         printk(KERN_DEBUG "%s: disassociating from %pM by local choice (reason=%d)\n",
2093                sdata->name, req->bss->bssid, req->reason_code);
2094
2095         ieee80211_set_disassoc(sdata);
2096
2097         mutex_unlock(&ifmgd->mtx);
2098
2099         ieee80211_send_deauth_disassoc(sdata, req->bss->bssid,
2100                         IEEE80211_STYPE_DISASSOC, req->reason_code,
2101                         cookie);
2102
2103         ieee80211_recalc_idle(sdata->local);
2104
2105         return 0;
2106 }
2107
2108 int ieee80211_mgd_action(struct ieee80211_sub_if_data *sdata,
2109                          struct ieee80211_channel *chan,
2110                          enum nl80211_channel_type channel_type,
2111                          const u8 *buf, size_t len, u64 *cookie)
2112 {
2113         struct ieee80211_local *local = sdata->local;
2114         struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2115         struct sk_buff *skb;
2116
2117         /* Check that we are on the requested channel for transmission */
2118         if ((chan != local->tmp_channel ||
2119              channel_type != local->tmp_channel_type) &&
2120             (chan != local->oper_channel ||
2121              channel_type != local->oper_channel_type))
2122                 return -EBUSY;
2123
2124         skb = dev_alloc_skb(local->hw.extra_tx_headroom + len);
2125         if (!skb)
2126                 return -ENOMEM;
2127         skb_reserve(skb, local->hw.extra_tx_headroom);
2128
2129         memcpy(skb_put(skb, len), buf, len);
2130
2131         if (!(ifmgd->flags & IEEE80211_STA_MFP_ENABLED))
2132                 IEEE80211_SKB_CB(skb)->flags |=
2133                         IEEE80211_TX_INTFL_DONT_ENCRYPT;
2134         IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_NL80211_FRAME_TX |
2135                 IEEE80211_TX_CTL_REQ_TX_STATUS;
2136         skb->dev = sdata->dev;
2137         ieee80211_tx_skb(sdata, skb);
2138
2139         *cookie = (unsigned long) skb;
2140         return 0;
2141 }