linux/drivers/net/wireless/marvell/libertas/cfg.c
<<
>>
Prefs
   1// SPDX-License-Identifier: GPL-2.0
   2/*
   3 * Implement cfg80211 ("iw") support.
   4 *
   5 * Copyright (C) 2009 M&N Solutions GmbH, 61191 Rosbach, Germany
   6 * Holger Schurig <hs4233@mail.mn-solutions.de>
   7 *
   8 */
   9
  10#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
  11
  12#include <linux/hardirq.h>
  13#include <linux/sched.h>
  14#include <linux/wait.h>
  15#include <linux/slab.h>
  16#include <linux/ieee80211.h>
  17#include <net/cfg80211.h>
  18#include <asm/unaligned.h>
  19
  20#include "decl.h"
  21#include "cfg.h"
  22#include "cmd.h"
  23#include "mesh.h"
  24
  25
  26#define CHAN2G(_channel, _freq, _flags) {        \
  27        .band             = NL80211_BAND_2GHZ, \
  28        .center_freq      = (_freq),             \
  29        .hw_value         = (_channel),          \
  30        .flags            = (_flags),            \
  31        .max_antenna_gain = 0,                   \
  32        .max_power        = 30,                  \
  33}
  34
  35static struct ieee80211_channel lbs_2ghz_channels[] = {
  36        CHAN2G(1,  2412, 0),
  37        CHAN2G(2,  2417, 0),
  38        CHAN2G(3,  2422, 0),
  39        CHAN2G(4,  2427, 0),
  40        CHAN2G(5,  2432, 0),
  41        CHAN2G(6,  2437, 0),
  42        CHAN2G(7,  2442, 0),
  43        CHAN2G(8,  2447, 0),
  44        CHAN2G(9,  2452, 0),
  45        CHAN2G(10, 2457, 0),
  46        CHAN2G(11, 2462, 0),
  47        CHAN2G(12, 2467, 0),
  48        CHAN2G(13, 2472, 0),
  49        CHAN2G(14, 2484, 0),
  50};
  51
  52#define RATETAB_ENT(_rate, _hw_value, _flags) { \
  53        .bitrate  = (_rate),                    \
  54        .hw_value = (_hw_value),                \
  55        .flags    = (_flags),                   \
  56}
  57
  58
  59/* Table 6 in section 3.2.1.1 */
  60static struct ieee80211_rate lbs_rates[] = {
  61        RATETAB_ENT(10,  0,  0),
  62        RATETAB_ENT(20,  1,  0),
  63        RATETAB_ENT(55,  2,  0),
  64        RATETAB_ENT(110, 3,  0),
  65        RATETAB_ENT(60,  9,  0),
  66        RATETAB_ENT(90,  6,  0),
  67        RATETAB_ENT(120, 7,  0),
  68        RATETAB_ENT(180, 8,  0),
  69        RATETAB_ENT(240, 9,  0),
  70        RATETAB_ENT(360, 10, 0),
  71        RATETAB_ENT(480, 11, 0),
  72        RATETAB_ENT(540, 12, 0),
  73};
  74
  75static struct ieee80211_supported_band lbs_band_2ghz = {
  76        .channels = lbs_2ghz_channels,
  77        .n_channels = ARRAY_SIZE(lbs_2ghz_channels),
  78        .bitrates = lbs_rates,
  79        .n_bitrates = ARRAY_SIZE(lbs_rates),
  80};
  81
  82
  83static const u32 cipher_suites[] = {
  84        WLAN_CIPHER_SUITE_WEP40,
  85        WLAN_CIPHER_SUITE_WEP104,
  86        WLAN_CIPHER_SUITE_TKIP,
  87        WLAN_CIPHER_SUITE_CCMP,
  88};
  89
  90/* Time to stay on the channel */
  91#define LBS_DWELL_PASSIVE 100
  92#define LBS_DWELL_ACTIVE  40
  93
  94
  95/***************************************************************************
  96 * Misc utility functions
  97 *
  98 * TLVs are Marvell specific. They are very similar to IEs, they have the
  99 * same structure: type, length, data*. The only difference: for IEs, the
 100 * type and length are u8, but for TLVs they're __le16.
 101 */
 102
 103/*
 104 * Convert NL80211's auth_type to the one from Libertas, see chapter 5.9.1
 105 * in the firmware spec
 106 */
 107static int lbs_auth_to_authtype(enum nl80211_auth_type auth_type)
 108{
 109        int ret = -ENOTSUPP;
 110
 111        switch (auth_type) {
 112        case NL80211_AUTHTYPE_OPEN_SYSTEM:
 113        case NL80211_AUTHTYPE_SHARED_KEY:
 114                ret = auth_type;
 115                break;
 116        case NL80211_AUTHTYPE_AUTOMATIC:
 117                ret = NL80211_AUTHTYPE_OPEN_SYSTEM;
 118                break;
 119        case NL80211_AUTHTYPE_NETWORK_EAP:
 120                ret = 0x80;
 121                break;
 122        default:
 123                /* silence compiler */
 124                break;
 125        }
 126        return ret;
 127}
 128
 129
 130/*
 131 * Various firmware commands need the list of supported rates, but with
 132 * the hight-bit set for basic rates
 133 */
 134static int lbs_add_rates(u8 *rates)
 135{
 136        size_t i;
 137
 138        for (i = 0; i < ARRAY_SIZE(lbs_rates); i++) {
 139                u8 rate = lbs_rates[i].bitrate / 5;
 140                if (rate == 0x02 || rate == 0x04 ||
 141                    rate == 0x0b || rate == 0x16)
 142                        rate |= 0x80;
 143                rates[i] = rate;
 144        }
 145        return ARRAY_SIZE(lbs_rates);
 146}
 147
 148
 149/***************************************************************************
 150 * TLV utility functions
 151 *
 152 * TLVs are Marvell specific. They are very similar to IEs, they have the
 153 * same structure: type, length, data*. The only difference: for IEs, the
 154 * type and length are u8, but for TLVs they're __le16.
 155 */
 156
 157
 158/*
 159 * Add ssid TLV
 160 */
 161#define LBS_MAX_SSID_TLV_SIZE                   \
 162        (sizeof(struct mrvl_ie_header)          \
 163         + IEEE80211_MAX_SSID_LEN)
 164
 165static int lbs_add_ssid_tlv(u8 *tlv, const u8 *ssid, int ssid_len)
 166{
 167        struct mrvl_ie_ssid_param_set *ssid_tlv = (void *)tlv;
 168
 169        /*
 170         * TLV-ID SSID  00 00
 171         * length       06 00
 172         * ssid         4d 4e 54 45 53 54
 173         */
 174        ssid_tlv->header.type = cpu_to_le16(TLV_TYPE_SSID);
 175        ssid_tlv->header.len = cpu_to_le16(ssid_len);
 176        memcpy(ssid_tlv->ssid, ssid, ssid_len);
 177        return sizeof(ssid_tlv->header) + ssid_len;
 178}
 179
 180
 181/*
 182 * Add channel list TLV (section 8.4.2)
 183 *
 184 * Actual channel data comes from priv->wdev->wiphy->channels.
 185 */
 186#define LBS_MAX_CHANNEL_LIST_TLV_SIZE                                   \
 187        (sizeof(struct mrvl_ie_header)                                  \
 188         + (LBS_SCAN_BEFORE_NAP * sizeof(struct chanscanparamset)))
 189
 190static int lbs_add_channel_list_tlv(struct lbs_private *priv, u8 *tlv,
 191                                    int last_channel, int active_scan)
 192{
 193        int chanscanparamsize = sizeof(struct chanscanparamset) *
 194                (last_channel - priv->scan_channel);
 195
 196        struct mrvl_ie_header *header = (void *) tlv;
 197
 198        /*
 199         * TLV-ID CHANLIST  01 01
 200         * length           0e 00
 201         * channel          00 01 00 00 00 64 00
 202         *   radio type     00
 203         *   channel           01
 204         *   scan type            00
 205         *   min scan time           00 00
 206         *   max scan time                 64 00
 207         * channel 2        00 02 00 00 00 64 00
 208         *
 209         */
 210
 211        header->type = cpu_to_le16(TLV_TYPE_CHANLIST);
 212        header->len  = cpu_to_le16(chanscanparamsize);
 213        tlv += sizeof(struct mrvl_ie_header);
 214
 215        /* lbs_deb_scan("scan: channels %d to %d\n", priv->scan_channel,
 216                     last_channel); */
 217        memset(tlv, 0, chanscanparamsize);
 218
 219        while (priv->scan_channel < last_channel) {
 220                struct chanscanparamset *param = (void *) tlv;
 221
 222                param->radiotype = CMD_SCAN_RADIO_TYPE_BG;
 223                param->channumber =
 224                        priv->scan_req->channels[priv->scan_channel]->hw_value;
 225                if (active_scan) {
 226                        param->maxscantime = cpu_to_le16(LBS_DWELL_ACTIVE);
 227                } else {
 228                        param->chanscanmode.passivescan = 1;
 229                        param->maxscantime = cpu_to_le16(LBS_DWELL_PASSIVE);
 230                }
 231                tlv += sizeof(struct chanscanparamset);
 232                priv->scan_channel++;
 233        }
 234        return sizeof(struct mrvl_ie_header) + chanscanparamsize;
 235}
 236
 237
 238/*
 239 * Add rates TLV
 240 *
 241 * The rates are in lbs_bg_rates[], but for the 802.11b
 242 * rates the high bit is set. We add this TLV only because
 243 * there's a firmware which otherwise doesn't report all
 244 * APs in range.
 245 */
 246#define LBS_MAX_RATES_TLV_SIZE                  \
 247        (sizeof(struct mrvl_ie_header)          \
 248         + (ARRAY_SIZE(lbs_rates)))
 249
 250/* Adds a TLV with all rates the hardware supports */
 251static int lbs_add_supported_rates_tlv(u8 *tlv)
 252{
 253        size_t i;
 254        struct mrvl_ie_rates_param_set *rate_tlv = (void *)tlv;
 255
 256        /*
 257         * TLV-ID RATES  01 00
 258         * length        0e 00
 259         * rates         82 84 8b 96 0c 12 18 24 30 48 60 6c
 260         */
 261        rate_tlv->header.type = cpu_to_le16(TLV_TYPE_RATES);
 262        tlv += sizeof(rate_tlv->header);
 263        i = lbs_add_rates(tlv);
 264        tlv += i;
 265        rate_tlv->header.len = cpu_to_le16(i);
 266        return sizeof(rate_tlv->header) + i;
 267}
 268
 269/* Add common rates from a TLV and return the new end of the TLV */
 270static u8 *
 271add_ie_rates(u8 *tlv, const u8 *ie, int *nrates)
 272{
 273        int hw, ap, ap_max = ie[1];
 274        u8 hw_rate;
 275
 276        /* Advance past IE header */
 277        ie += 2;
 278
 279        lbs_deb_hex(LBS_DEB_ASSOC, "AP IE Rates", (u8 *) ie, ap_max);
 280
 281        for (hw = 0; hw < ARRAY_SIZE(lbs_rates); hw++) {
 282                hw_rate = lbs_rates[hw].bitrate / 5;
 283                for (ap = 0; ap < ap_max; ap++) {
 284                        if (hw_rate == (ie[ap] & 0x7f)) {
 285                                *tlv++ = ie[ap];
 286                                *nrates = *nrates + 1;
 287                        }
 288                }
 289        }
 290        return tlv;
 291}
 292
 293/*
 294 * Adds a TLV with all rates the hardware *and* BSS supports.
 295 */
 296static int lbs_add_common_rates_tlv(u8 *tlv, struct cfg80211_bss *bss)
 297{
 298        struct mrvl_ie_rates_param_set *rate_tlv = (void *)tlv;
 299        const u8 *rates_eid, *ext_rates_eid;
 300        int n = 0;
 301
 302        rcu_read_lock();
 303        rates_eid = ieee80211_bss_get_ie(bss, WLAN_EID_SUPP_RATES);
 304        ext_rates_eid = ieee80211_bss_get_ie(bss, WLAN_EID_EXT_SUPP_RATES);
 305
 306        /*
 307         * 01 00                   TLV_TYPE_RATES
 308         * 04 00                   len
 309         * 82 84 8b 96             rates
 310         */
 311        rate_tlv->header.type = cpu_to_le16(TLV_TYPE_RATES);
 312        tlv += sizeof(rate_tlv->header);
 313
 314        /* Add basic rates */
 315        if (rates_eid) {
 316                tlv = add_ie_rates(tlv, rates_eid, &n);
 317
 318                /* Add extended rates, if any */
 319                if (ext_rates_eid)
 320                        tlv = add_ie_rates(tlv, ext_rates_eid, &n);
 321        } else {
 322                lbs_deb_assoc("assoc: bss had no basic rate IE\n");
 323                /* Fallback: add basic 802.11b rates */
 324                *tlv++ = 0x82;
 325                *tlv++ = 0x84;
 326                *tlv++ = 0x8b;
 327                *tlv++ = 0x96;
 328                n = 4;
 329        }
 330        rcu_read_unlock();
 331
 332        rate_tlv->header.len = cpu_to_le16(n);
 333        return sizeof(rate_tlv->header) + n;
 334}
 335
 336
 337/*
 338 * Add auth type TLV.
 339 *
 340 * This is only needed for newer firmware (V9 and up).
 341 */
 342#define LBS_MAX_AUTH_TYPE_TLV_SIZE \
 343        sizeof(struct mrvl_ie_auth_type)
 344
 345static int lbs_add_auth_type_tlv(u8 *tlv, enum nl80211_auth_type auth_type)
 346{
 347        struct mrvl_ie_auth_type *auth = (void *) tlv;
 348
 349        /*
 350         * 1f 01  TLV_TYPE_AUTH_TYPE
 351         * 01 00  len
 352         * 01     auth type
 353         */
 354        auth->header.type = cpu_to_le16(TLV_TYPE_AUTH_TYPE);
 355        auth->header.len = cpu_to_le16(sizeof(*auth)-sizeof(auth->header));
 356        auth->auth = cpu_to_le16(lbs_auth_to_authtype(auth_type));
 357        return sizeof(*auth);
 358}
 359
 360
 361/*
 362 * Add channel (phy ds) TLV
 363 */
 364#define LBS_MAX_CHANNEL_TLV_SIZE \
 365        sizeof(struct mrvl_ie_header)
 366
 367static int lbs_add_channel_tlv(u8 *tlv, u8 channel)
 368{
 369        struct mrvl_ie_ds_param_set *ds = (void *) tlv;
 370
 371        /*
 372         * 03 00  TLV_TYPE_PHY_DS
 373         * 01 00  len
 374         * 06     channel
 375         */
 376        ds->header.type = cpu_to_le16(TLV_TYPE_PHY_DS);
 377        ds->header.len = cpu_to_le16(sizeof(*ds)-sizeof(ds->header));
 378        ds->channel = channel;
 379        return sizeof(*ds);
 380}
 381
 382
 383/*
 384 * Add (empty) CF param TLV of the form:
 385 */
 386#define LBS_MAX_CF_PARAM_TLV_SIZE               \
 387        sizeof(struct mrvl_ie_header)
 388
 389static int lbs_add_cf_param_tlv(u8 *tlv)
 390{
 391        struct mrvl_ie_cf_param_set *cf = (void *)tlv;
 392
 393        /*
 394         * 04 00  TLV_TYPE_CF
 395         * 06 00  len
 396         * 00     cfpcnt
 397         * 00     cfpperiod
 398         * 00 00  cfpmaxduration
 399         * 00 00  cfpdurationremaining
 400         */
 401        cf->header.type = cpu_to_le16(TLV_TYPE_CF);
 402        cf->header.len = cpu_to_le16(sizeof(*cf)-sizeof(cf->header));
 403        return sizeof(*cf);
 404}
 405
 406/*
 407 * Add WPA TLV
 408 */
 409#define LBS_MAX_WPA_TLV_SIZE                    \
 410        (sizeof(struct mrvl_ie_header)          \
 411         + 128 /* TODO: I guessed the size */)
 412
 413static int lbs_add_wpa_tlv(u8 *tlv, const u8 *ie, u8 ie_len)
 414{
 415        size_t tlv_len;
 416
 417        /*
 418         * We need just convert an IE to an TLV. IEs use u8 for the header,
 419         *   u8      type
 420         *   u8      len
 421         *   u8[]    data
 422         * but TLVs use __le16 instead:
 423         *   __le16  type
 424         *   __le16  len
 425         *   u8[]    data
 426         */
 427        *tlv++ = *ie++;
 428        *tlv++ = 0;
 429        tlv_len = *tlv++ = *ie++;
 430        *tlv++ = 0;
 431        while (tlv_len--)
 432                *tlv++ = *ie++;
 433        /* the TLV is two bytes larger than the IE */
 434        return ie_len + 2;
 435}
 436
 437/*
 438 * Set Channel
 439 */
 440
 441static int lbs_cfg_set_monitor_channel(struct wiphy *wiphy,
 442                                       struct cfg80211_chan_def *chandef)
 443{
 444        struct lbs_private *priv = wiphy_priv(wiphy);
 445        int ret = -ENOTSUPP;
 446
 447        if (cfg80211_get_chandef_type(chandef) != NL80211_CHAN_NO_HT)
 448                goto out;
 449
 450        ret = lbs_set_channel(priv, chandef->chan->hw_value);
 451
 452 out:
 453        return ret;
 454}
 455
 456static int lbs_cfg_set_mesh_channel(struct wiphy *wiphy,
 457                                    struct net_device *netdev,
 458                                    struct ieee80211_channel *channel)
 459{
 460        struct lbs_private *priv = wiphy_priv(wiphy);
 461        int ret = -ENOTSUPP;
 462
 463        if (netdev != priv->mesh_dev)
 464                goto out;
 465
 466        ret = lbs_mesh_set_channel(priv, channel->hw_value);
 467
 468 out:
 469        return ret;
 470}
 471
 472
 473
 474/*
 475 * Scanning
 476 */
 477
 478/*
 479 * When scanning, the firmware doesn't send a nul packet with the power-safe
 480 * bit to the AP. So we cannot stay away from our current channel too long,
 481 * otherwise we loose data. So take a "nap" while scanning every other
 482 * while.
 483 */
 484#define LBS_SCAN_BEFORE_NAP 4
 485
 486
 487/*
 488 * When the firmware reports back a scan-result, it gives us an "u8 rssi",
 489 * which isn't really an RSSI, as it becomes larger when moving away from
 490 * the AP. Anyway, we need to convert that into mBm.
 491 */
 492#define LBS_SCAN_RSSI_TO_MBM(rssi) \
 493        ((-(int)rssi + 3)*100)
 494
 495static int lbs_ret_scan(struct lbs_private *priv, unsigned long dummy,
 496        struct cmd_header *resp)
 497{
 498        struct cfg80211_bss *bss;
 499        struct cmd_ds_802_11_scan_rsp *scanresp = (void *)resp;
 500        int bsssize;
 501        const u8 *pos;
 502        const u8 *tsfdesc;
 503        int tsfsize;
 504        int i;
 505        int ret = -EILSEQ;
 506
 507        bsssize = get_unaligned_le16(&scanresp->bssdescriptsize);
 508
 509        lbs_deb_scan("scan response: %d BSSs (%d bytes); resp size %d bytes\n",
 510                        scanresp->nr_sets, bsssize, le16_to_cpu(resp->size));
 511
 512        if (scanresp->nr_sets == 0) {
 513                ret = 0;
 514                goto done;
 515        }
 516
 517        /*
 518         * The general layout of the scan response is described in chapter
 519         * 5.7.1. Basically we have a common part, then any number of BSS
 520         * descriptor sections. Finally we have section with the same number
 521         * of TSFs.
 522         *
 523         * cmd_ds_802_11_scan_rsp
 524         *   cmd_header
 525         *   pos_size
 526         *   nr_sets
 527         *   bssdesc 1
 528         *     bssid
 529         *     rssi
 530         *     timestamp
 531         *     intvl
 532         *     capa
 533         *     IEs
 534         *   bssdesc 2
 535         *   bssdesc n
 536         *   MrvlIEtypes_TsfFimestamp_t
 537         *     TSF for BSS 1
 538         *     TSF for BSS 2
 539         *     TSF for BSS n
 540         */
 541
 542        pos = scanresp->bssdesc_and_tlvbuffer;
 543
 544        lbs_deb_hex(LBS_DEB_SCAN, "SCAN_RSP", scanresp->bssdesc_and_tlvbuffer,
 545                        scanresp->bssdescriptsize);
 546
 547        tsfdesc = pos + bsssize;
 548        tsfsize = 4 + 8 * scanresp->nr_sets;
 549        lbs_deb_hex(LBS_DEB_SCAN, "SCAN_TSF", (u8 *) tsfdesc, tsfsize);
 550
 551        /* Validity check: we expect a Marvell-Local TLV */
 552        i = get_unaligned_le16(tsfdesc);
 553        tsfdesc += 2;
 554        if (i != TLV_TYPE_TSFTIMESTAMP) {
 555                lbs_deb_scan("scan response: invalid TSF Timestamp %d\n", i);
 556                goto done;
 557        }
 558
 559        /*
 560         * Validity check: the TLV holds TSF values with 8 bytes each, so
 561         * the size in the TLV must match the nr_sets value
 562         */
 563        i = get_unaligned_le16(tsfdesc);
 564        tsfdesc += 2;
 565        if (i / 8 != scanresp->nr_sets) {
 566                lbs_deb_scan("scan response: invalid number of TSF timestamp "
 567                             "sets (expected %d got %d)\n", scanresp->nr_sets,
 568                             i / 8);
 569                goto done;
 570        }
 571
 572        for (i = 0; i < scanresp->nr_sets; i++) {
 573                const u8 *bssid;
 574                const u8 *ie;
 575                int left;
 576                int ielen;
 577                int rssi;
 578                u16 intvl;
 579                u16 capa;
 580                int chan_no = -1;
 581                const u8 *ssid = NULL;
 582                u8 ssid_len = 0;
 583
 584                int len = get_unaligned_le16(pos);
 585                pos += 2;
 586
 587                /* BSSID */
 588                bssid = pos;
 589                pos += ETH_ALEN;
 590                /* RSSI */
 591                rssi = *pos++;
 592                /* Packet time stamp */
 593                pos += 8;
 594                /* Beacon interval */
 595                intvl = get_unaligned_le16(pos);
 596                pos += 2;
 597                /* Capabilities */
 598                capa = get_unaligned_le16(pos);
 599                pos += 2;
 600
 601                /* To find out the channel, we must parse the IEs */
 602                ie = pos;
 603                /*
 604                 * 6+1+8+2+2: size of BSSID, RSSI, time stamp, beacon
 605                 * interval, capabilities
 606                 */
 607                ielen = left = len - (6 + 1 + 8 + 2 + 2);
 608                while (left >= 2) {
 609                        u8 id, elen;
 610                        id = *pos++;
 611                        elen = *pos++;
 612                        left -= 2;
 613                        if (elen > left) {
 614                                lbs_deb_scan("scan response: invalid IE fmt\n");
 615                                goto done;
 616                        }
 617
 618                        if (id == WLAN_EID_DS_PARAMS)
 619                                chan_no = *pos;
 620                        if (id == WLAN_EID_SSID) {
 621                                ssid = pos;
 622                                ssid_len = elen;
 623                        }
 624                        left -= elen;
 625                        pos += elen;
 626                }
 627
 628                /* No channel, no luck */
 629                if (chan_no != -1) {
 630                        struct wiphy *wiphy = priv->wdev->wiphy;
 631                        int freq = ieee80211_channel_to_frequency(chan_no,
 632                                                        NL80211_BAND_2GHZ);
 633                        struct ieee80211_channel *channel =
 634                                ieee80211_get_channel(wiphy, freq);
 635
 636                        lbs_deb_scan("scan: %pM, capa %04x, chan %2d, %*pE, %d dBm\n",
 637                                     bssid, capa, chan_no, ssid_len, ssid,
 638                                     LBS_SCAN_RSSI_TO_MBM(rssi)/100);
 639
 640                        if (channel &&
 641                            !(channel->flags & IEEE80211_CHAN_DISABLED)) {
 642                                bss = cfg80211_inform_bss(wiphy, channel,
 643                                        CFG80211_BSS_FTYPE_UNKNOWN,
 644                                        bssid, get_unaligned_le64(tsfdesc),
 645                                        capa, intvl, ie, ielen,
 646                                        LBS_SCAN_RSSI_TO_MBM(rssi),
 647                                        GFP_KERNEL);
 648                                cfg80211_put_bss(wiphy, bss);
 649                        }
 650                } else
 651                        lbs_deb_scan("scan response: missing BSS channel IE\n");
 652
 653                tsfdesc += 8;
 654        }
 655        ret = 0;
 656
 657 done:
 658        return ret;
 659}
 660
 661
 662/*
 663 * Our scan command contains a TLV, consting of a SSID TLV, a channel list
 664 * TLV and a rates TLV. Determine the maximum size of them:
 665 */
 666#define LBS_SCAN_MAX_CMD_SIZE                   \
 667        (sizeof(struct cmd_ds_802_11_scan)      \
 668         + LBS_MAX_SSID_TLV_SIZE                \
 669         + LBS_MAX_CHANNEL_LIST_TLV_SIZE        \
 670         + LBS_MAX_RATES_TLV_SIZE)
 671
 672/*
 673 * Assumes priv->scan_req is initialized and valid
 674 * Assumes priv->scan_channel is initialized
 675 */
 676static void lbs_scan_worker(struct work_struct *work)
 677{
 678        struct lbs_private *priv =
 679                container_of(work, struct lbs_private, scan_work.work);
 680        struct cmd_ds_802_11_scan *scan_cmd;
 681        u8 *tlv; /* pointer into our current, growing TLV storage area */
 682        int last_channel;
 683        int running, carrier;
 684
 685        scan_cmd = kzalloc(LBS_SCAN_MAX_CMD_SIZE, GFP_KERNEL);
 686        if (scan_cmd == NULL)
 687                return;
 688
 689        /* prepare fixed part of scan command */
 690        scan_cmd->bsstype = CMD_BSS_TYPE_ANY;
 691
 692        /* stop network while we're away from our main channel */
 693        running = !netif_queue_stopped(priv->dev);
 694        carrier = netif_carrier_ok(priv->dev);
 695        if (running)
 696                netif_stop_queue(priv->dev);
 697        if (carrier)
 698                netif_carrier_off(priv->dev);
 699
 700        /* prepare fixed part of scan command */
 701        tlv = scan_cmd->tlvbuffer;
 702
 703        /* add SSID TLV */
 704        if (priv->scan_req->n_ssids && priv->scan_req->ssids[0].ssid_len > 0)
 705                tlv += lbs_add_ssid_tlv(tlv,
 706                                        priv->scan_req->ssids[0].ssid,
 707                                        priv->scan_req->ssids[0].ssid_len);
 708
 709        /* add channel TLVs */
 710        last_channel = priv->scan_channel + LBS_SCAN_BEFORE_NAP;
 711        if (last_channel > priv->scan_req->n_channels)
 712                last_channel = priv->scan_req->n_channels;
 713        tlv += lbs_add_channel_list_tlv(priv, tlv, last_channel,
 714                priv->scan_req->n_ssids);
 715
 716        /* add rates TLV */
 717        tlv += lbs_add_supported_rates_tlv(tlv);
 718
 719        if (priv->scan_channel < priv->scan_req->n_channels) {
 720                cancel_delayed_work(&priv->scan_work);
 721                if (netif_running(priv->dev))
 722                        queue_delayed_work(priv->work_thread, &priv->scan_work,
 723                                msecs_to_jiffies(300));
 724        }
 725
 726        /* This is the final data we are about to send */
 727        scan_cmd->hdr.size = cpu_to_le16(tlv - (u8 *)scan_cmd);
 728        lbs_deb_hex(LBS_DEB_SCAN, "SCAN_CMD", (void *)scan_cmd,
 729                    sizeof(*scan_cmd));
 730        lbs_deb_hex(LBS_DEB_SCAN, "SCAN_TLV", scan_cmd->tlvbuffer,
 731                    tlv - scan_cmd->tlvbuffer);
 732
 733        __lbs_cmd(priv, CMD_802_11_SCAN, &scan_cmd->hdr,
 734                le16_to_cpu(scan_cmd->hdr.size),
 735                lbs_ret_scan, 0);
 736
 737        if (priv->scan_channel >= priv->scan_req->n_channels) {
 738                /* Mark scan done */
 739                cancel_delayed_work(&priv->scan_work);
 740                lbs_scan_done(priv);
 741        }
 742
 743        /* Restart network */
 744        if (carrier)
 745                netif_carrier_on(priv->dev);
 746        if (running && !priv->tx_pending_len)
 747                netif_wake_queue(priv->dev);
 748
 749        kfree(scan_cmd);
 750
 751        /* Wake up anything waiting on scan completion */
 752        if (priv->scan_req == NULL) {
 753                lbs_deb_scan("scan: waking up waiters\n");
 754                wake_up_all(&priv->scan_q);
 755        }
 756}
 757
 758static void _internal_start_scan(struct lbs_private *priv, bool internal,
 759        struct cfg80211_scan_request *request)
 760{
 761        lbs_deb_scan("scan: ssids %d, channels %d, ie_len %zd\n",
 762                request->n_ssids, request->n_channels, request->ie_len);
 763
 764        priv->scan_channel = 0;
 765        priv->scan_req = request;
 766        priv->internal_scan = internal;
 767
 768        queue_delayed_work(priv->work_thread, &priv->scan_work,
 769                msecs_to_jiffies(50));
 770}
 771
 772/*
 773 * Clean up priv->scan_req.  Should be used to handle the allocation details.
 774 */
 775void lbs_scan_done(struct lbs_private *priv)
 776{
 777        WARN_ON(!priv->scan_req);
 778
 779        if (priv->internal_scan) {
 780                kfree(priv->scan_req);
 781        } else {
 782                struct cfg80211_scan_info info = {
 783                        .aborted = false,
 784                };
 785
 786                cfg80211_scan_done(priv->scan_req, &info);
 787        }
 788
 789        priv->scan_req = NULL;
 790}
 791
 792static int lbs_cfg_scan(struct wiphy *wiphy,
 793        struct cfg80211_scan_request *request)
 794{
 795        struct lbs_private *priv = wiphy_priv(wiphy);
 796        int ret = 0;
 797
 798        if (priv->scan_req || delayed_work_pending(&priv->scan_work)) {
 799                /* old scan request not yet processed */
 800                ret = -EAGAIN;
 801                goto out;
 802        }
 803
 804        _internal_start_scan(priv, false, request);
 805
 806        if (priv->surpriseremoved)
 807                ret = -EIO;
 808
 809 out:
 810        return ret;
 811}
 812
 813
 814
 815
 816/*
 817 * Events
 818 */
 819
 820void lbs_send_disconnect_notification(struct lbs_private *priv,
 821                                      bool locally_generated)
 822{
 823        cfg80211_disconnected(priv->dev, 0, NULL, 0, locally_generated,
 824                              GFP_KERNEL);
 825}
 826
 827void lbs_send_mic_failureevent(struct lbs_private *priv, u32 event)
 828{
 829        cfg80211_michael_mic_failure(priv->dev,
 830                priv->assoc_bss,
 831                event == MACREG_INT_CODE_MIC_ERR_MULTICAST ?
 832                        NL80211_KEYTYPE_GROUP :
 833                        NL80211_KEYTYPE_PAIRWISE,
 834                -1,
 835                NULL,
 836                GFP_KERNEL);
 837}
 838
 839
 840
 841
 842/*
 843 * Connect/disconnect
 844 */
 845
 846
 847/*
 848 * This removes all WEP keys
 849 */
 850static int lbs_remove_wep_keys(struct lbs_private *priv)
 851{
 852        struct cmd_ds_802_11_set_wep cmd;
 853        int ret;
 854
 855        memset(&cmd, 0, sizeof(cmd));
 856        cmd.hdr.size = cpu_to_le16(sizeof(cmd));
 857        cmd.keyindex = cpu_to_le16(priv->wep_tx_key);
 858        cmd.action = cpu_to_le16(CMD_ACT_REMOVE);
 859
 860        ret = lbs_cmd_with_response(priv, CMD_802_11_SET_WEP, &cmd);
 861
 862        return ret;
 863}
 864
 865/*
 866 * Set WEP keys
 867 */
 868static int lbs_set_wep_keys(struct lbs_private *priv)
 869{
 870        struct cmd_ds_802_11_set_wep cmd;
 871        int i;
 872        int ret;
 873
 874        /*
 875         * command         13 00
 876         * size            50 00
 877         * sequence        xx xx
 878         * result          00 00
 879         * action          02 00     ACT_ADD
 880         * transmit key    00 00
 881         * type for key 1  01        WEP40
 882         * type for key 2  00
 883         * type for key 3  00
 884         * type for key 4  00
 885         * key 1           39 39 39 39 39 00 00 00
 886         *                 00 00 00 00 00 00 00 00
 887         * key 2           00 00 00 00 00 00 00 00
 888         *                 00 00 00 00 00 00 00 00
 889         * key 3           00 00 00 00 00 00 00 00
 890         *                 00 00 00 00 00 00 00 00
 891         * key 4           00 00 00 00 00 00 00 00
 892         */
 893        if (priv->wep_key_len[0] || priv->wep_key_len[1] ||
 894            priv->wep_key_len[2] || priv->wep_key_len[3]) {
 895                /* Only set wep keys if we have at least one of them */
 896                memset(&cmd, 0, sizeof(cmd));
 897                cmd.hdr.size = cpu_to_le16(sizeof(cmd));
 898                cmd.keyindex = cpu_to_le16(priv->wep_tx_key);
 899                cmd.action = cpu_to_le16(CMD_ACT_ADD);
 900
 901                for (i = 0; i < 4; i++) {
 902                        switch (priv->wep_key_len[i]) {
 903                        case WLAN_KEY_LEN_WEP40:
 904                                cmd.keytype[i] = CMD_TYPE_WEP_40_BIT;
 905                                break;
 906                        case WLAN_KEY_LEN_WEP104:
 907                                cmd.keytype[i] = CMD_TYPE_WEP_104_BIT;
 908                                break;
 909                        default:
 910                                cmd.keytype[i] = 0;
 911                                break;
 912                        }
 913                        memcpy(cmd.keymaterial[i], priv->wep_key[i],
 914                               priv->wep_key_len[i]);
 915                }
 916
 917                ret = lbs_cmd_with_response(priv, CMD_802_11_SET_WEP, &cmd);
 918        } else {
 919                /* Otherwise remove all wep keys */
 920                ret = lbs_remove_wep_keys(priv);
 921        }
 922
 923        return ret;
 924}
 925
 926
 927/*
 928 * Enable/Disable RSN status
 929 */
 930static int lbs_enable_rsn(struct lbs_private *priv, int enable)
 931{
 932        struct cmd_ds_802_11_enable_rsn cmd;
 933        int ret;
 934
 935        /*
 936         * cmd       2f 00
 937         * size      0c 00
 938         * sequence  xx xx
 939         * result    00 00
 940         * action    01 00    ACT_SET
 941         * enable    01 00
 942         */
 943        memset(&cmd, 0, sizeof(cmd));
 944        cmd.hdr.size = cpu_to_le16(sizeof(cmd));
 945        cmd.action = cpu_to_le16(CMD_ACT_SET);
 946        cmd.enable = cpu_to_le16(enable);
 947
 948        ret = lbs_cmd_with_response(priv, CMD_802_11_ENABLE_RSN, &cmd);
 949
 950        return ret;
 951}
 952
 953
 954/*
 955 * Set WPA/WPA key material
 956 */
 957
 958/*
 959 * like "struct cmd_ds_802_11_key_material", but with cmd_header. Once we
 960 * get rid of WEXT, this should go into host.h
 961 */
 962
 963struct cmd_key_material {
 964        struct cmd_header hdr;
 965
 966        __le16 action;
 967        struct MrvlIEtype_keyParamSet param;
 968} __packed;
 969
 970static int lbs_set_key_material(struct lbs_private *priv,
 971                                int key_type, int key_info,
 972                                const u8 *key, u16 key_len)
 973{
 974        struct cmd_key_material cmd;
 975        int ret;
 976
 977        /*
 978         * Example for WPA (TKIP):
 979         *
 980         * cmd       5e 00
 981         * size      34 00
 982         * sequence  xx xx
 983         * result    00 00
 984         * action    01 00
 985         * TLV type  00 01    key param
 986         * length    00 26
 987         * key type  01 00    TKIP
 988         * key info  06 00    UNICAST | ENABLED
 989         * key len   20 00
 990         * key       32 bytes
 991         */
 992        memset(&cmd, 0, sizeof(cmd));
 993        cmd.hdr.size = cpu_to_le16(sizeof(cmd));
 994        cmd.action = cpu_to_le16(CMD_ACT_SET);
 995        cmd.param.type = cpu_to_le16(TLV_TYPE_KEY_MATERIAL);
 996        cmd.param.length = cpu_to_le16(sizeof(cmd.param) - 4);
 997        cmd.param.keytypeid = cpu_to_le16(key_type);
 998        cmd.param.keyinfo = cpu_to_le16(key_info);
 999        cmd.param.keylen = cpu_to_le16(key_len);
1000        if (key && key_len)
1001                memcpy(cmd.param.key, key, key_len);
1002
1003        ret = lbs_cmd_with_response(priv, CMD_802_11_KEY_MATERIAL, &cmd);
1004
1005        return ret;
1006}
1007
1008
1009/*
1010 * Sets the auth type (open, shared, etc) in the firmware. That
1011 * we use CMD_802_11_AUTHENTICATE is misleading, this firmware
1012 * command doesn't send an authentication frame at all, it just
1013 * stores the auth_type.
1014 */
1015static int lbs_set_authtype(struct lbs_private *priv,
1016                            struct cfg80211_connect_params *sme)
1017{
1018        struct cmd_ds_802_11_authenticate cmd;
1019        int ret;
1020
1021        /*
1022         * cmd        11 00
1023         * size       19 00
1024         * sequence   xx xx
1025         * result     00 00
1026         * BSS id     00 13 19 80 da 30
1027         * auth type  00
1028         * reserved   00 00 00 00 00 00 00 00 00 00
1029         */
1030        memset(&cmd, 0, sizeof(cmd));
1031        cmd.hdr.size = cpu_to_le16(sizeof(cmd));
1032        if (sme->bssid)
1033                memcpy(cmd.bssid, sme->bssid, ETH_ALEN);
1034        /* convert auth_type */
1035        ret = lbs_auth_to_authtype(sme->auth_type);
1036        if (ret < 0)
1037                goto done;
1038
1039        cmd.authtype = ret;
1040        ret = lbs_cmd_with_response(priv, CMD_802_11_AUTHENTICATE, &cmd);
1041
1042 done:
1043        return ret;
1044}
1045
1046
1047/*
1048 * Create association request
1049 */
1050#define LBS_ASSOC_MAX_CMD_SIZE                     \
1051        (sizeof(struct cmd_ds_802_11_associate)    \
1052         - 512 /* cmd_ds_802_11_associate.iebuf */ \
1053         + LBS_MAX_SSID_TLV_SIZE                   \
1054         + LBS_MAX_CHANNEL_TLV_SIZE                \
1055         + LBS_MAX_CF_PARAM_TLV_SIZE               \
1056         + LBS_MAX_AUTH_TYPE_TLV_SIZE              \
1057         + LBS_MAX_WPA_TLV_SIZE)
1058
1059static int lbs_associate(struct lbs_private *priv,
1060                struct cfg80211_bss *bss,
1061                struct cfg80211_connect_params *sme)
1062{
1063        struct cmd_ds_802_11_associate_response *resp;
1064        struct cmd_ds_802_11_associate *cmd = kzalloc(LBS_ASSOC_MAX_CMD_SIZE,
1065                                                      GFP_KERNEL);
1066        const u8 *ssid_eid;
1067        size_t len, resp_ie_len;
1068        int status;
1069        int ret;
1070        u8 *pos;
1071        u8 *tmp;
1072
1073        if (!cmd) {
1074                ret = -ENOMEM;
1075                goto done;
1076        }
1077        pos = &cmd->iebuf[0];
1078
1079        /*
1080         * cmd              50 00
1081         * length           34 00
1082         * sequence         xx xx
1083         * result           00 00
1084         * BSS id           00 13 19 80 da 30
1085         * capabilities     11 00
1086         * listen interval  0a 00
1087         * beacon interval  00 00
1088         * DTIM period      00
1089         * TLVs             xx   (up to 512 bytes)
1090         */
1091        cmd->hdr.command = cpu_to_le16(CMD_802_11_ASSOCIATE);
1092
1093        /* Fill in static fields */
1094        memcpy(cmd->bssid, bss->bssid, ETH_ALEN);
1095        cmd->listeninterval = cpu_to_le16(MRVDRV_DEFAULT_LISTEN_INTERVAL);
1096        cmd->capability = cpu_to_le16(bss->capability);
1097
1098        /* add SSID TLV */
1099        rcu_read_lock();
1100        ssid_eid = ieee80211_bss_get_ie(bss, WLAN_EID_SSID);
1101        if (ssid_eid)
1102                pos += lbs_add_ssid_tlv(pos, ssid_eid + 2, ssid_eid[1]);
1103        else
1104                lbs_deb_assoc("no SSID\n");
1105        rcu_read_unlock();
1106
1107        /* add DS param TLV */
1108        if (bss->channel)
1109                pos += lbs_add_channel_tlv(pos, bss->channel->hw_value);
1110        else
1111                lbs_deb_assoc("no channel\n");
1112
1113        /* add (empty) CF param TLV */
1114        pos += lbs_add_cf_param_tlv(pos);
1115
1116        /* add rates TLV */
1117        tmp = pos + 4; /* skip Marvell IE header */
1118        pos += lbs_add_common_rates_tlv(pos, bss);
1119        lbs_deb_hex(LBS_DEB_ASSOC, "Common Rates", tmp, pos - tmp);
1120
1121        /* add auth type TLV */
1122        if (MRVL_FW_MAJOR_REV(priv->fwrelease) >= 9)
1123                pos += lbs_add_auth_type_tlv(pos, sme->auth_type);
1124
1125        /* add WPA/WPA2 TLV */
1126        if (sme->ie && sme->ie_len)
1127                pos += lbs_add_wpa_tlv(pos, sme->ie, sme->ie_len);
1128
1129        len = (sizeof(*cmd) - sizeof(cmd->iebuf)) +
1130                (u16)(pos - (u8 *) &cmd->iebuf);
1131        cmd->hdr.size = cpu_to_le16(len);
1132
1133        lbs_deb_hex(LBS_DEB_ASSOC, "ASSOC_CMD", (u8 *) cmd,
1134                        le16_to_cpu(cmd->hdr.size));
1135
1136        /* store for later use */
1137        memcpy(priv->assoc_bss, bss->bssid, ETH_ALEN);
1138
1139        ret = lbs_cmd_with_response(priv, CMD_802_11_ASSOCIATE, cmd);
1140        if (ret)
1141                goto done;
1142
1143        /* generate connect message to cfg80211 */
1144
1145        resp = (void *) cmd; /* recast for easier field access */
1146        status = le16_to_cpu(resp->statuscode);
1147
1148        /* Older FW versions map the IEEE 802.11 Status Code in the association
1149         * response to the following values returned in resp->statuscode:
1150         *
1151         *    IEEE Status Code                Marvell Status Code
1152         *    0                       ->      0x0000 ASSOC_RESULT_SUCCESS
1153         *    13                      ->      0x0004 ASSOC_RESULT_AUTH_REFUSED
1154         *    14                      ->      0x0004 ASSOC_RESULT_AUTH_REFUSED
1155         *    15                      ->      0x0004 ASSOC_RESULT_AUTH_REFUSED
1156         *    16                      ->      0x0004 ASSOC_RESULT_AUTH_REFUSED
1157         *    others                  ->      0x0003 ASSOC_RESULT_REFUSED
1158         *
1159         * Other response codes:
1160         *    0x0001 -> ASSOC_RESULT_INVALID_PARAMETERS (unused)
1161         *    0x0002 -> ASSOC_RESULT_TIMEOUT (internal timer expired waiting for
1162         *                                    association response from the AP)
1163         */
1164        if (MRVL_FW_MAJOR_REV(priv->fwrelease) <= 8) {
1165                switch (status) {
1166                case 0:
1167                        break;
1168                case 1:
1169                        lbs_deb_assoc("invalid association parameters\n");
1170                        status = WLAN_STATUS_CAPS_UNSUPPORTED;
1171                        break;
1172                case 2:
1173                        lbs_deb_assoc("timer expired while waiting for AP\n");
1174                        status = WLAN_STATUS_AUTH_TIMEOUT;
1175                        break;
1176                case 3:
1177                        lbs_deb_assoc("association refused by AP\n");
1178                        status = WLAN_STATUS_ASSOC_DENIED_UNSPEC;
1179                        break;
1180                case 4:
1181                        lbs_deb_assoc("authentication refused by AP\n");
1182                        status = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION;
1183                        break;
1184                default:
1185                        lbs_deb_assoc("association failure %d\n", status);
1186                        /* v5 OLPC firmware does return the AP status code if
1187                         * it's not one of the values above.  Let that through.
1188                         */
1189                        break;
1190                }
1191        }
1192
1193        lbs_deb_assoc("status %d, statuscode 0x%04x, capability 0x%04x, "
1194                      "aid 0x%04x\n", status, le16_to_cpu(resp->statuscode),
1195                      le16_to_cpu(resp->capability), le16_to_cpu(resp->aid));
1196
1197        resp_ie_len = le16_to_cpu(resp->hdr.size)
1198                - sizeof(resp->hdr)
1199                - 6;
1200        cfg80211_connect_result(priv->dev,
1201                                priv->assoc_bss,
1202                                sme->ie, sme->ie_len,
1203                                resp->iebuf, resp_ie_len,
1204                                status,
1205                                GFP_KERNEL);
1206
1207        if (status == 0) {
1208                /* TODO: get rid of priv->connect_status */
1209                priv->connect_status = LBS_CONNECTED;
1210                netif_carrier_on(priv->dev);
1211                if (!priv->tx_pending_len)
1212                        netif_tx_wake_all_queues(priv->dev);
1213        }
1214
1215        kfree(cmd);
1216done:
1217        return ret;
1218}
1219
1220static struct cfg80211_scan_request *
1221_new_connect_scan_req(struct wiphy *wiphy, struct cfg80211_connect_params *sme)
1222{
1223        struct cfg80211_scan_request *creq = NULL;
1224        int i, n_channels = ieee80211_get_num_supported_channels(wiphy);
1225        enum nl80211_band band;
1226
1227        creq = kzalloc(sizeof(*creq) + sizeof(struct cfg80211_ssid) +
1228                       n_channels * sizeof(void *),
1229                       GFP_ATOMIC);
1230        if (!creq)
1231                return NULL;
1232
1233        /* SSIDs come after channels */
1234        creq->ssids = (void *)&creq->channels[n_channels];
1235        creq->n_channels = n_channels;
1236        creq->n_ssids = 1;
1237
1238        /* Scan all available channels */
1239        i = 0;
1240        for (band = 0; band < NUM_NL80211_BANDS; band++) {
1241                int j;
1242
1243                if (!wiphy->bands[band])
1244                        continue;
1245
1246                for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
1247                        /* ignore disabled channels */
1248                        if (wiphy->bands[band]->channels[j].flags &
1249                                                IEEE80211_CHAN_DISABLED)
1250                                continue;
1251
1252                        creq->channels[i] = &wiphy->bands[band]->channels[j];
1253                        i++;
1254                }
1255        }
1256        if (i) {
1257                /* Set real number of channels specified in creq->channels[] */
1258                creq->n_channels = i;
1259
1260                /* Scan for the SSID we're going to connect to */
1261                memcpy(creq->ssids[0].ssid, sme->ssid, sme->ssid_len);
1262                creq->ssids[0].ssid_len = sme->ssid_len;
1263        } else {
1264                /* No channels found... */
1265                kfree(creq);
1266                creq = NULL;
1267        }
1268
1269        return creq;
1270}
1271
1272static int lbs_cfg_connect(struct wiphy *wiphy, struct net_device *dev,
1273                           struct cfg80211_connect_params *sme)
1274{
1275        struct lbs_private *priv = wiphy_priv(wiphy);
1276        struct cfg80211_bss *bss = NULL;
1277        int ret = 0;
1278        u8 preamble = RADIO_PREAMBLE_SHORT;
1279
1280        if (dev == priv->mesh_dev)
1281                return -EOPNOTSUPP;
1282
1283        if (!sme->bssid) {
1284                struct cfg80211_scan_request *creq;
1285
1286                /*
1287                 * Scan for the requested network after waiting for existing
1288                 * scans to finish.
1289                 */
1290                lbs_deb_assoc("assoc: waiting for existing scans\n");
1291                wait_event_interruptible_timeout(priv->scan_q,
1292                                                 (priv->scan_req == NULL),
1293                                                 (15 * HZ));
1294
1295                creq = _new_connect_scan_req(wiphy, sme);
1296                if (!creq) {
1297                        ret = -EINVAL;
1298                        goto done;
1299                }
1300
1301                lbs_deb_assoc("assoc: scanning for compatible AP\n");
1302                _internal_start_scan(priv, true, creq);
1303
1304                lbs_deb_assoc("assoc: waiting for scan to complete\n");
1305                wait_event_interruptible_timeout(priv->scan_q,
1306                                                 (priv->scan_req == NULL),
1307                                                 (15 * HZ));
1308                lbs_deb_assoc("assoc: scanning completed\n");
1309        }
1310
1311        /* Find the BSS we want using available scan results */
1312        bss = cfg80211_get_bss(wiphy, sme->channel, sme->bssid,
1313                sme->ssid, sme->ssid_len, IEEE80211_BSS_TYPE_ESS,
1314                IEEE80211_PRIVACY_ANY);
1315        if (!bss) {
1316                wiphy_err(wiphy, "assoc: bss %pM not in scan results\n",
1317                          sme->bssid);
1318                ret = -ENOENT;
1319                goto done;
1320        }
1321        lbs_deb_assoc("trying %pM\n", bss->bssid);
1322        lbs_deb_assoc("cipher 0x%x, key index %d, key len %d\n",
1323                      sme->crypto.cipher_group,
1324                      sme->key_idx, sme->key_len);
1325
1326        /* As this is a new connection, clear locally stored WEP keys */
1327        priv->wep_tx_key = 0;
1328        memset(priv->wep_key, 0, sizeof(priv->wep_key));
1329        memset(priv->wep_key_len, 0, sizeof(priv->wep_key_len));
1330
1331        /* set/remove WEP keys */
1332        switch (sme->crypto.cipher_group) {
1333        case WLAN_CIPHER_SUITE_WEP40:
1334        case WLAN_CIPHER_SUITE_WEP104:
1335                /* Store provided WEP keys in priv-> */
1336                priv->wep_tx_key = sme->key_idx;
1337                priv->wep_key_len[sme->key_idx] = sme->key_len;
1338                memcpy(priv->wep_key[sme->key_idx], sme->key, sme->key_len);
1339                /* Set WEP keys and WEP mode */
1340                lbs_set_wep_keys(priv);
1341                priv->mac_control |= CMD_ACT_MAC_WEP_ENABLE;
1342                lbs_set_mac_control(priv);
1343                /* No RSN mode for WEP */
1344                lbs_enable_rsn(priv, 0);
1345                break;
1346        case 0: /* there's no WLAN_CIPHER_SUITE_NONE definition */
1347                /*
1348                 * If we don't have no WEP, no WPA and no WPA2,
1349                 * we remove all keys like in the WPA/WPA2 setup,
1350                 * we just don't set RSN.
1351                 *
1352                 * Therefore: fall-through
1353                 */
1354        case WLAN_CIPHER_SUITE_TKIP:
1355        case WLAN_CIPHER_SUITE_CCMP:
1356                /* Remove WEP keys and WEP mode */
1357                lbs_remove_wep_keys(priv);
1358                priv->mac_control &= ~CMD_ACT_MAC_WEP_ENABLE;
1359                lbs_set_mac_control(priv);
1360
1361                /* clear the WPA/WPA2 keys */
1362                lbs_set_key_material(priv,
1363                        KEY_TYPE_ID_WEP, /* doesn't matter */
1364                        KEY_INFO_WPA_UNICAST,
1365                        NULL, 0);
1366                lbs_set_key_material(priv,
1367                        KEY_TYPE_ID_WEP, /* doesn't matter */
1368                        KEY_INFO_WPA_MCAST,
1369                        NULL, 0);
1370                /* RSN mode for WPA/WPA2 */
1371                lbs_enable_rsn(priv, sme->crypto.cipher_group != 0);
1372                break;
1373        default:
1374                wiphy_err(wiphy, "unsupported cipher group 0x%x\n",
1375                          sme->crypto.cipher_group);
1376                ret = -ENOTSUPP;
1377                goto done;
1378        }
1379
1380        ret = lbs_set_authtype(priv, sme);
1381        if (ret == -ENOTSUPP) {
1382                wiphy_err(wiphy, "unsupported authtype 0x%x\n", sme->auth_type);
1383                goto done;
1384        }
1385
1386        lbs_set_radio(priv, preamble, 1);
1387
1388        /* Do the actual association */
1389        ret = lbs_associate(priv, bss, sme);
1390
1391 done:
1392        if (bss)
1393                cfg80211_put_bss(wiphy, bss);
1394        return ret;
1395}
1396
1397int lbs_disconnect(struct lbs_private *priv, u16 reason)
1398{
1399        struct cmd_ds_802_11_deauthenticate cmd;
1400        int ret;
1401
1402        memset(&cmd, 0, sizeof(cmd));
1403        cmd.hdr.size = cpu_to_le16(sizeof(cmd));
1404        /* Mildly ugly to use a locally store my own BSSID ... */
1405        memcpy(cmd.macaddr, &priv->assoc_bss, ETH_ALEN);
1406        cmd.reasoncode = cpu_to_le16(reason);
1407
1408        ret = lbs_cmd_with_response(priv, CMD_802_11_DEAUTHENTICATE, &cmd);
1409        if (ret)
1410                return ret;
1411
1412        cfg80211_disconnected(priv->dev,
1413                        reason,
1414                        NULL, 0, true,
1415                        GFP_KERNEL);
1416        priv->connect_status = LBS_DISCONNECTED;
1417
1418        return 0;
1419}
1420
1421static int lbs_cfg_disconnect(struct wiphy *wiphy, struct net_device *dev,
1422        u16 reason_code)
1423{
1424        struct lbs_private *priv = wiphy_priv(wiphy);
1425
1426        if (dev == priv->mesh_dev)
1427                return -EOPNOTSUPP;
1428
1429        /* store for lbs_cfg_ret_disconnect() */
1430        priv->disassoc_reason = reason_code;
1431
1432        return lbs_disconnect(priv, reason_code);
1433}
1434
1435static int lbs_cfg_set_default_key(struct wiphy *wiphy,
1436                                   struct net_device *netdev,
1437                                   u8 key_index, bool unicast,
1438                                   bool multicast)
1439{
1440        struct lbs_private *priv = wiphy_priv(wiphy);
1441
1442        if (netdev == priv->mesh_dev)
1443                return -EOPNOTSUPP;
1444
1445        if (key_index != priv->wep_tx_key) {
1446                lbs_deb_assoc("set_default_key: to %d\n", key_index);
1447                priv->wep_tx_key = key_index;
1448                lbs_set_wep_keys(priv);
1449        }
1450
1451        return 0;
1452}
1453
1454
1455static int lbs_cfg_add_key(struct wiphy *wiphy, struct net_device *netdev,
1456                           u8 idx, bool pairwise, const u8 *mac_addr,
1457                           struct key_params *params)
1458{
1459        struct lbs_private *priv = wiphy_priv(wiphy);
1460        u16 key_info;
1461        u16 key_type;
1462        int ret = 0;
1463
1464        if (netdev == priv->mesh_dev)
1465                return -EOPNOTSUPP;
1466
1467        lbs_deb_assoc("add_key: cipher 0x%x, mac_addr %pM\n",
1468                      params->cipher, mac_addr);
1469        lbs_deb_assoc("add_key: key index %d, key len %d\n",
1470                      idx, params->key_len);
1471        if (params->key_len)
1472                lbs_deb_hex(LBS_DEB_CFG80211, "KEY",
1473                            params->key, params->key_len);
1474
1475        lbs_deb_assoc("add_key: seq len %d\n", params->seq_len);
1476        if (params->seq_len)
1477                lbs_deb_hex(LBS_DEB_CFG80211, "SEQ",
1478                            params->seq, params->seq_len);
1479
1480        switch (params->cipher) {
1481        case WLAN_CIPHER_SUITE_WEP40:
1482        case WLAN_CIPHER_SUITE_WEP104:
1483                /* actually compare if something has changed ... */
1484                if ((priv->wep_key_len[idx] != params->key_len) ||
1485                        memcmp(priv->wep_key[idx],
1486                               params->key, params->key_len) != 0) {
1487                        priv->wep_key_len[idx] = params->key_len;
1488                        memcpy(priv->wep_key[idx],
1489                               params->key, params->key_len);
1490                        lbs_set_wep_keys(priv);
1491                }
1492                break;
1493        case WLAN_CIPHER_SUITE_TKIP:
1494        case WLAN_CIPHER_SUITE_CCMP:
1495                key_info = KEY_INFO_WPA_ENABLED | ((idx == 0)
1496                                                   ? KEY_INFO_WPA_UNICAST
1497                                                   : KEY_INFO_WPA_MCAST);
1498                key_type = (params->cipher == WLAN_CIPHER_SUITE_TKIP)
1499                        ? KEY_TYPE_ID_TKIP
1500                        : KEY_TYPE_ID_AES;
1501                lbs_set_key_material(priv,
1502                                     key_type,
1503                                     key_info,
1504                                     params->key, params->key_len);
1505                break;
1506        default:
1507                wiphy_err(wiphy, "unhandled cipher 0x%x\n", params->cipher);
1508                ret = -ENOTSUPP;
1509                break;
1510        }
1511
1512        return ret;
1513}
1514
1515
1516static int lbs_cfg_del_key(struct wiphy *wiphy, struct net_device *netdev,
1517                           u8 key_index, bool pairwise, const u8 *mac_addr)
1518{
1519
1520        lbs_deb_assoc("del_key: key_idx %d, mac_addr %pM\n",
1521                      key_index, mac_addr);
1522
1523#ifdef TODO
1524        struct lbs_private *priv = wiphy_priv(wiphy);
1525        /*
1526         * I think can keep this a NO-OP, because:
1527
1528         * - we clear all keys whenever we do lbs_cfg_connect() anyway
1529         * - neither "iw" nor "wpa_supplicant" won't call this during
1530         *   an ongoing connection
1531         * - TODO: but I have to check if this is still true when
1532         *   I set the AP to periodic re-keying
1533         * - we've not kzallec() something when we've added a key at
1534         *   lbs_cfg_connect() or lbs_cfg_add_key().
1535         *
1536         * This causes lbs_cfg_del_key() only called at disconnect time,
1537         * where we'd just waste time deleting a key that is not going
1538         * to be used anyway.
1539         */
1540        if (key_index < 3 && priv->wep_key_len[key_index]) {
1541                priv->wep_key_len[key_index] = 0;
1542                lbs_set_wep_keys(priv);
1543        }
1544#endif
1545
1546        return 0;
1547}
1548
1549
1550/*
1551 * Get station
1552 */
1553
1554static int lbs_cfg_get_station(struct wiphy *wiphy, struct net_device *dev,
1555                               const u8 *mac, struct station_info *sinfo)
1556{
1557        struct lbs_private *priv = wiphy_priv(wiphy);
1558        s8 signal, noise;
1559        int ret;
1560        size_t i;
1561
1562        sinfo->filled |= BIT(NL80211_STA_INFO_TX_BYTES) |
1563                         BIT(NL80211_STA_INFO_TX_PACKETS) |
1564                         BIT(NL80211_STA_INFO_RX_BYTES) |
1565                         BIT(NL80211_STA_INFO_RX_PACKETS);
1566        sinfo->tx_bytes = priv->dev->stats.tx_bytes;
1567        sinfo->tx_packets = priv->dev->stats.tx_packets;
1568        sinfo->rx_bytes = priv->dev->stats.rx_bytes;
1569        sinfo->rx_packets = priv->dev->stats.rx_packets;
1570
1571        /* Get current RSSI */
1572        ret = lbs_get_rssi(priv, &signal, &noise);
1573        if (ret == 0) {
1574                sinfo->signal = signal;
1575                sinfo->filled |= BIT(NL80211_STA_INFO_SIGNAL);
1576        }
1577
1578        /* Convert priv->cur_rate from hw_value to NL80211 value */
1579        for (i = 0; i < ARRAY_SIZE(lbs_rates); i++) {
1580                if (priv->cur_rate == lbs_rates[i].hw_value) {
1581                        sinfo->txrate.legacy = lbs_rates[i].bitrate;
1582                        sinfo->filled |= BIT(NL80211_STA_INFO_TX_BITRATE);
1583                        break;
1584                }
1585        }
1586
1587        return 0;
1588}
1589
1590
1591
1592
1593/*
1594 * Change interface
1595 */
1596
1597static int lbs_change_intf(struct wiphy *wiphy, struct net_device *dev,
1598        enum nl80211_iftype type,
1599               struct vif_params *params)
1600{
1601        struct lbs_private *priv = wiphy_priv(wiphy);
1602        int ret = 0;
1603
1604        if (dev == priv->mesh_dev)
1605                return -EOPNOTSUPP;
1606
1607        switch (type) {
1608        case NL80211_IFTYPE_MONITOR:
1609        case NL80211_IFTYPE_STATION:
1610        case NL80211_IFTYPE_ADHOC:
1611                break;
1612        default:
1613                return -EOPNOTSUPP;
1614        }
1615
1616        if (priv->iface_running)
1617                ret = lbs_set_iface_type(priv, type);
1618
1619        if (!ret)
1620                priv->wdev->iftype = type;
1621
1622        return ret;
1623}
1624
1625
1626
1627/*
1628 * IBSS (Ad-Hoc)
1629 */
1630
1631/*
1632 * The firmware needs the following bits masked out of the beacon-derived
1633 * capability field when associating/joining to a BSS:
1634 *  9 (QoS), 11 (APSD), 12 (unused), 14 (unused), 15 (unused)
1635 */
1636#define CAPINFO_MASK (~(0xda00))
1637
1638
1639static void lbs_join_post(struct lbs_private *priv,
1640                          struct cfg80211_ibss_params *params,
1641                          u8 *bssid, u16 capability)
1642{
1643        u8 fake_ie[2 + IEEE80211_MAX_SSID_LEN + /* ssid */
1644                   2 + 4 +                      /* basic rates */
1645                   2 + 1 +                      /* DS parameter */
1646                   2 + 2 +                      /* atim */
1647                   2 + 8];                      /* extended rates */
1648        u8 *fake = fake_ie;
1649        struct cfg80211_bss *bss;
1650
1651        /*
1652         * For cfg80211_inform_bss, we'll need a fake IE, as we can't get
1653         * the real IE from the firmware. So we fabricate a fake IE based on
1654         * what the firmware actually sends (sniffed with wireshark).
1655         */
1656        /* Fake SSID IE */
1657        *fake++ = WLAN_EID_SSID;
1658        *fake++ = params->ssid_len;
1659        memcpy(fake, params->ssid, params->ssid_len);
1660        fake += params->ssid_len;
1661        /* Fake supported basic rates IE */
1662        *fake++ = WLAN_EID_SUPP_RATES;
1663        *fake++ = 4;
1664        *fake++ = 0x82;
1665        *fake++ = 0x84;
1666        *fake++ = 0x8b;
1667        *fake++ = 0x96;
1668        /* Fake DS channel IE */
1669        *fake++ = WLAN_EID_DS_PARAMS;
1670        *fake++ = 1;
1671        *fake++ = params->chandef.chan->hw_value;
1672        /* Fake IBSS params IE */
1673        *fake++ = WLAN_EID_IBSS_PARAMS;
1674        *fake++ = 2;
1675        *fake++ = 0; /* ATIM=0 */
1676        *fake++ = 0;
1677        /* Fake extended rates IE, TODO: don't add this for 802.11b only,
1678         * but I don't know how this could be checked */
1679        *fake++ = WLAN_EID_EXT_SUPP_RATES;
1680        *fake++ = 8;
1681        *fake++ = 0x0c;
1682        *fake++ = 0x12;
1683        *fake++ = 0x18;
1684        *fake++ = 0x24;
1685        *fake++ = 0x30;
1686        *fake++ = 0x48;
1687        *fake++ = 0x60;
1688        *fake++ = 0x6c;
1689        lbs_deb_hex(LBS_DEB_CFG80211, "IE", fake_ie, fake - fake_ie);
1690
1691        bss = cfg80211_inform_bss(priv->wdev->wiphy,
1692                                  params->chandef.chan,
1693                                  CFG80211_BSS_FTYPE_UNKNOWN,
1694                                  bssid,
1695                                  0,
1696                                  capability,
1697                                  params->beacon_interval,
1698                                  fake_ie, fake - fake_ie,
1699                                  0, GFP_KERNEL);
1700        cfg80211_put_bss(priv->wdev->wiphy, bss);
1701
1702        cfg80211_ibss_joined(priv->dev, bssid, params->chandef.chan,
1703                             GFP_KERNEL);
1704
1705        /* TODO: consider doing this at MACREG_INT_CODE_LINK_SENSED time */
1706        priv->connect_status = LBS_CONNECTED;
1707        netif_carrier_on(priv->dev);
1708        if (!priv->tx_pending_len)
1709                netif_wake_queue(priv->dev);
1710}
1711
1712static int lbs_ibss_join_existing(struct lbs_private *priv,
1713        struct cfg80211_ibss_params *params,
1714        struct cfg80211_bss *bss)
1715{
1716        const u8 *rates_eid;
1717        struct cmd_ds_802_11_ad_hoc_join cmd;
1718        u8 preamble = RADIO_PREAMBLE_SHORT;
1719        int ret = 0;
1720
1721        /* TODO: set preamble based on scan result */
1722        ret = lbs_set_radio(priv, preamble, 1);
1723        if (ret)
1724                goto out;
1725
1726        /*
1727         * Example CMD_802_11_AD_HOC_JOIN command:
1728         *
1729         * command         2c 00         CMD_802_11_AD_HOC_JOIN
1730         * size            65 00
1731         * sequence        xx xx
1732         * result          00 00
1733         * bssid           02 27 27 97 2f 96
1734         * ssid            49 42 53 53 00 00 00 00
1735         *                 00 00 00 00 00 00 00 00
1736         *                 00 00 00 00 00 00 00 00
1737         *                 00 00 00 00 00 00 00 00
1738         * type            02            CMD_BSS_TYPE_IBSS
1739         * beacon period   64 00
1740         * dtim period     00
1741         * timestamp       00 00 00 00 00 00 00 00
1742         * localtime       00 00 00 00 00 00 00 00
1743         * IE DS           03
1744         * IE DS len       01
1745         * IE DS channel   01
1746         * reserveed       00 00 00 00
1747         * IE IBSS         06
1748         * IE IBSS len     02
1749         * IE IBSS atim    00 00
1750         * reserved        00 00 00 00
1751         * capability      02 00
1752         * rates           82 84 8b 96 0c 12 18 24 30 48 60 6c 00
1753         * fail timeout    ff 00
1754         * probe delay     00 00
1755         */
1756        memset(&cmd, 0, sizeof(cmd));
1757        cmd.hdr.size = cpu_to_le16(sizeof(cmd));
1758
1759        memcpy(cmd.bss.bssid, bss->bssid, ETH_ALEN);
1760        memcpy(cmd.bss.ssid, params->ssid, params->ssid_len);
1761        cmd.bss.type = CMD_BSS_TYPE_IBSS;
1762        cmd.bss.beaconperiod = cpu_to_le16(params->beacon_interval);
1763        cmd.bss.ds.header.id = WLAN_EID_DS_PARAMS;
1764        cmd.bss.ds.header.len = 1;
1765        cmd.bss.ds.channel = params->chandef.chan->hw_value;
1766        cmd.bss.ibss.header.id = WLAN_EID_IBSS_PARAMS;
1767        cmd.bss.ibss.header.len = 2;
1768        cmd.bss.ibss.atimwindow = 0;
1769        cmd.bss.capability = cpu_to_le16(bss->capability & CAPINFO_MASK);
1770
1771        /* set rates to the intersection of our rates and the rates in the
1772           bss */
1773        rcu_read_lock();
1774        rates_eid = ieee80211_bss_get_ie(bss, WLAN_EID_SUPP_RATES);
1775        if (!rates_eid) {
1776                lbs_add_rates(cmd.bss.rates);
1777        } else {
1778                int hw, i;
1779                u8 rates_max = rates_eid[1];
1780                u8 *rates = cmd.bss.rates;
1781                for (hw = 0; hw < ARRAY_SIZE(lbs_rates); hw++) {
1782                        u8 hw_rate = lbs_rates[hw].bitrate / 5;
1783                        for (i = 0; i < rates_max; i++) {
1784                                if (hw_rate == (rates_eid[i+2] & 0x7f)) {
1785                                        u8 rate = rates_eid[i+2];
1786                                        if (rate == 0x02 || rate == 0x04 ||
1787                                            rate == 0x0b || rate == 0x16)
1788                                                rate |= 0x80;
1789                                        *rates++ = rate;
1790                                }
1791                        }
1792                }
1793        }
1794        rcu_read_unlock();
1795
1796        /* Only v8 and below support setting this */
1797        if (MRVL_FW_MAJOR_REV(priv->fwrelease) <= 8) {
1798                cmd.failtimeout = cpu_to_le16(MRVDRV_ASSOCIATION_TIME_OUT);
1799                cmd.probedelay = cpu_to_le16(CMD_SCAN_PROBE_DELAY_TIME);
1800        }
1801        ret = lbs_cmd_with_response(priv, CMD_802_11_AD_HOC_JOIN, &cmd);
1802        if (ret)
1803                goto out;
1804
1805        /*
1806         * This is a sample response to CMD_802_11_AD_HOC_JOIN:
1807         *
1808         * response        2c 80
1809         * size            09 00
1810         * sequence        xx xx
1811         * result          00 00
1812         * reserved        00
1813         */
1814        lbs_join_post(priv, params, bss->bssid, bss->capability);
1815
1816 out:
1817        return ret;
1818}
1819
1820
1821
1822static int lbs_ibss_start_new(struct lbs_private *priv,
1823        struct cfg80211_ibss_params *params)
1824{
1825        struct cmd_ds_802_11_ad_hoc_start cmd;
1826        struct cmd_ds_802_11_ad_hoc_result *resp =
1827                (struct cmd_ds_802_11_ad_hoc_result *) &cmd;
1828        u8 preamble = RADIO_PREAMBLE_SHORT;
1829        int ret = 0;
1830        u16 capability;
1831
1832        ret = lbs_set_radio(priv, preamble, 1);
1833        if (ret)
1834                goto out;
1835
1836        /*
1837         * Example CMD_802_11_AD_HOC_START command:
1838         *
1839         * command         2b 00         CMD_802_11_AD_HOC_START
1840         * size            b1 00
1841         * sequence        xx xx
1842         * result          00 00
1843         * ssid            54 45 53 54 00 00 00 00
1844         *                 00 00 00 00 00 00 00 00
1845         *                 00 00 00 00 00 00 00 00
1846         *                 00 00 00 00 00 00 00 00
1847         * bss type        02
1848         * beacon period   64 00
1849         * dtim period     00
1850         * IE IBSS         06
1851         * IE IBSS len     02
1852         * IE IBSS atim    00 00
1853         * reserved        00 00 00 00
1854         * IE DS           03
1855         * IE DS len       01
1856         * IE DS channel   01
1857         * reserved        00 00 00 00
1858         * probe delay     00 00
1859         * capability      02 00
1860         * rates           82 84 8b 96   (basic rates with have bit 7 set)
1861         *                 0c 12 18 24 30 48 60 6c
1862         * padding         100 bytes
1863         */
1864        memset(&cmd, 0, sizeof(cmd));
1865        cmd.hdr.size = cpu_to_le16(sizeof(cmd));
1866        memcpy(cmd.ssid, params->ssid, params->ssid_len);
1867        cmd.bsstype = CMD_BSS_TYPE_IBSS;
1868        cmd.beaconperiod = cpu_to_le16(params->beacon_interval);
1869        cmd.ibss.header.id = WLAN_EID_IBSS_PARAMS;
1870        cmd.ibss.header.len = 2;
1871        cmd.ibss.atimwindow = 0;
1872        cmd.ds.header.id = WLAN_EID_DS_PARAMS;
1873        cmd.ds.header.len = 1;
1874        cmd.ds.channel = params->chandef.chan->hw_value;
1875        /* Only v8 and below support setting probe delay */
1876        if (MRVL_FW_MAJOR_REV(priv->fwrelease) <= 8)
1877                cmd.probedelay = cpu_to_le16(CMD_SCAN_PROBE_DELAY_TIME);
1878        /* TODO: mix in WLAN_CAPABILITY_PRIVACY */
1879        capability = WLAN_CAPABILITY_IBSS;
1880        cmd.capability = cpu_to_le16(capability);
1881        lbs_add_rates(cmd.rates);
1882
1883
1884        ret = lbs_cmd_with_response(priv, CMD_802_11_AD_HOC_START, &cmd);
1885        if (ret)
1886                goto out;
1887
1888        /*
1889         * This is a sample response to CMD_802_11_AD_HOC_JOIN:
1890         *
1891         * response        2b 80
1892         * size            14 00
1893         * sequence        xx xx
1894         * result          00 00
1895         * reserved        00
1896         * bssid           02 2b 7b 0f 86 0e
1897         */
1898        lbs_join_post(priv, params, resp->bssid, capability);
1899
1900 out:
1901        return ret;
1902}
1903
1904
1905static int lbs_join_ibss(struct wiphy *wiphy, struct net_device *dev,
1906                struct cfg80211_ibss_params *params)
1907{
1908        struct lbs_private *priv = wiphy_priv(wiphy);
1909        int ret = 0;
1910        struct cfg80211_bss *bss;
1911
1912        if (dev == priv->mesh_dev)
1913                return -EOPNOTSUPP;
1914
1915        if (!params->chandef.chan) {
1916                ret = -ENOTSUPP;
1917                goto out;
1918        }
1919
1920        ret = lbs_set_channel(priv, params->chandef.chan->hw_value);
1921        if (ret)
1922                goto out;
1923
1924        /* Search if someone is beaconing. This assumes that the
1925         * bss list is populated already */
1926        bss = cfg80211_get_bss(wiphy, params->chandef.chan, params->bssid,
1927                params->ssid, params->ssid_len,
1928                IEEE80211_BSS_TYPE_IBSS, IEEE80211_PRIVACY_ANY);
1929
1930        if (bss) {
1931                ret = lbs_ibss_join_existing(priv, params, bss);
1932                cfg80211_put_bss(wiphy, bss);
1933        } else
1934                ret = lbs_ibss_start_new(priv, params);
1935
1936
1937 out:
1938        return ret;
1939}
1940
1941
1942static int lbs_leave_ibss(struct wiphy *wiphy, struct net_device *dev)
1943{
1944        struct lbs_private *priv = wiphy_priv(wiphy);
1945        struct cmd_ds_802_11_ad_hoc_stop cmd;
1946        int ret = 0;
1947
1948        if (dev == priv->mesh_dev)
1949                return -EOPNOTSUPP;
1950
1951        memset(&cmd, 0, sizeof(cmd));
1952        cmd.hdr.size = cpu_to_le16(sizeof(cmd));
1953        ret = lbs_cmd_with_response(priv, CMD_802_11_AD_HOC_STOP, &cmd);
1954
1955        /* TODO: consider doing this at MACREG_INT_CODE_ADHOC_BCN_LOST time */
1956        lbs_mac_event_disconnected(priv, true);
1957
1958        return ret;
1959}
1960
1961
1962
1963static int lbs_set_power_mgmt(struct wiphy *wiphy, struct net_device *dev,
1964                              bool enabled, int timeout)
1965{
1966        struct lbs_private *priv = wiphy_priv(wiphy);
1967
1968        if  (!(priv->fwcapinfo & FW_CAPINFO_PS)) {
1969                if (!enabled)
1970                        return 0;
1971                else
1972                        return -EINVAL;
1973        }
1974        /* firmware does not work well with too long latency with power saving
1975         * enabled, so do not enable it if there is only polling, no
1976         * interrupts (like in some sdio hosts which can only
1977         * poll for sdio irqs)
1978         */
1979        if  (priv->is_polling) {
1980                if (!enabled)
1981                        return 0;
1982                else
1983                        return -EINVAL;
1984        }
1985        if (!enabled) {
1986                priv->psmode = LBS802_11POWERMODECAM;
1987                if (priv->psstate != PS_STATE_FULL_POWER)
1988                        lbs_set_ps_mode(priv,
1989                                        PS_MODE_ACTION_EXIT_PS,
1990                                        true);
1991                return 0;
1992        }
1993        if (priv->psmode != LBS802_11POWERMODECAM)
1994                return 0;
1995        priv->psmode = LBS802_11POWERMODEMAX_PSP;
1996        if (priv->connect_status == LBS_CONNECTED)
1997                lbs_set_ps_mode(priv, PS_MODE_ACTION_ENTER_PS, true);
1998        return 0;
1999}
2000
2001/*
2002 * Initialization
2003 */
2004
2005static const struct cfg80211_ops lbs_cfg80211_ops = {
2006        .set_monitor_channel = lbs_cfg_set_monitor_channel,
2007        .libertas_set_mesh_channel = lbs_cfg_set_mesh_channel,
2008        .scan = lbs_cfg_scan,
2009        .connect = lbs_cfg_connect,
2010        .disconnect = lbs_cfg_disconnect,
2011        .add_key = lbs_cfg_add_key,
2012        .del_key = lbs_cfg_del_key,
2013        .set_default_key = lbs_cfg_set_default_key,
2014        .get_station = lbs_cfg_get_station,
2015        .change_virtual_intf = lbs_change_intf,
2016        .join_ibss = lbs_join_ibss,
2017        .leave_ibss = lbs_leave_ibss,
2018        .set_power_mgmt = lbs_set_power_mgmt,
2019};
2020
2021
2022/*
2023 * At this time lbs_private *priv doesn't even exist, so we just allocate
2024 * memory and don't initialize the wiphy further. This is postponed until we
2025 * can talk to the firmware and happens at registration time in
2026 * lbs_cfg_wiphy_register().
2027 */
2028struct wireless_dev *lbs_cfg_alloc(struct device *dev)
2029{
2030        int ret = 0;
2031        struct wireless_dev *wdev;
2032
2033        wdev = kzalloc(sizeof(struct wireless_dev), GFP_KERNEL);
2034        if (!wdev)
2035                return ERR_PTR(-ENOMEM);
2036
2037        wdev->wiphy = wiphy_new(&lbs_cfg80211_ops, sizeof(struct lbs_private));
2038        if (!wdev->wiphy) {
2039                dev_err(dev, "cannot allocate wiphy\n");
2040                ret = -ENOMEM;
2041                goto err_wiphy_new;
2042        }
2043
2044        return wdev;
2045
2046 err_wiphy_new:
2047        kfree(wdev);
2048        return ERR_PTR(ret);
2049}
2050
2051
2052static void lbs_cfg_set_regulatory_hint(struct lbs_private *priv)
2053{
2054        struct region_code_mapping {
2055                const char *cn;
2056                int code;
2057        };
2058
2059        /* Section 5.17.2 */
2060        static const struct region_code_mapping regmap[] = {
2061                {"US ", 0x10}, /* US FCC */
2062                {"CA ", 0x20}, /* Canada */
2063                {"EU ", 0x30}, /* ETSI   */
2064                {"ES ", 0x31}, /* Spain  */
2065                {"FR ", 0x32}, /* France */
2066                {"JP ", 0x40}, /* Japan  */
2067        };
2068        size_t i;
2069
2070        for (i = 0; i < ARRAY_SIZE(regmap); i++)
2071                if (regmap[i].code == priv->regioncode) {
2072                        regulatory_hint(priv->wdev->wiphy, regmap[i].cn);
2073                        break;
2074                }
2075}
2076
2077static void lbs_reg_notifier(struct wiphy *wiphy,
2078                             struct regulatory_request *request)
2079{
2080        struct lbs_private *priv = wiphy_priv(wiphy);
2081
2082        memcpy(priv->country_code, request->alpha2, sizeof(request->alpha2));
2083        if (lbs_iface_active(priv))
2084                lbs_set_11d_domain_info(priv);
2085}
2086
2087/*
2088 * This function get's called after lbs_setup_firmware() determined the
2089 * firmware capabities. So we can setup the wiphy according to our
2090 * hardware/firmware.
2091 */
2092int lbs_cfg_register(struct lbs_private *priv)
2093{
2094        struct wireless_dev *wdev = priv->wdev;
2095        int ret;
2096
2097        wdev->wiphy->max_scan_ssids = 1;
2098        wdev->wiphy->signal_type = CFG80211_SIGNAL_TYPE_MBM;
2099
2100        wdev->wiphy->interface_modes =
2101                        BIT(NL80211_IFTYPE_STATION) |
2102                        BIT(NL80211_IFTYPE_ADHOC);
2103        if (lbs_rtap_supported(priv))
2104                wdev->wiphy->interface_modes |= BIT(NL80211_IFTYPE_MONITOR);
2105        if (lbs_mesh_activated(priv))
2106                wdev->wiphy->interface_modes |= BIT(NL80211_IFTYPE_MESH_POINT);
2107
2108        wdev->wiphy->bands[NL80211_BAND_2GHZ] = &lbs_band_2ghz;
2109
2110        /*
2111         * We could check priv->fwcapinfo && FW_CAPINFO_WPA, but I have
2112         * never seen a firmware without WPA
2113         */
2114        wdev->wiphy->cipher_suites = cipher_suites;
2115        wdev->wiphy->n_cipher_suites = ARRAY_SIZE(cipher_suites);
2116        wdev->wiphy->reg_notifier = lbs_reg_notifier;
2117
2118        ret = wiphy_register(wdev->wiphy);
2119        if (ret < 0)
2120                pr_err("cannot register wiphy device\n");
2121
2122        priv->wiphy_registered = true;
2123
2124        ret = register_netdev(priv->dev);
2125        if (ret)
2126                pr_err("cannot register network device\n");
2127
2128        INIT_DELAYED_WORK(&priv->scan_work, lbs_scan_worker);
2129
2130        lbs_cfg_set_regulatory_hint(priv);
2131
2132        return ret;
2133}
2134
2135void lbs_scan_deinit(struct lbs_private *priv)
2136{
2137        cancel_delayed_work_sync(&priv->scan_work);
2138}
2139
2140
2141void lbs_cfg_free(struct lbs_private *priv)
2142{
2143        struct wireless_dev *wdev = priv->wdev;
2144
2145        if (!wdev)
2146                return;
2147
2148        if (priv->wiphy_registered)
2149                wiphy_unregister(wdev->wiphy);
2150
2151        if (wdev->wiphy)
2152                wiphy_free(wdev->wiphy);
2153
2154        kfree(wdev);
2155}
2156