1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20#include <linux/proc_fs.h>
21#include <linux/seq_file.h>
22#include <linux/delay.h>
23#include <linux/random.h>
24#include <linux/if_arp.h>
25#include <linux/slab.h>
26#include <linux/export.h>
27#include <linux/moduleparam.h>
28#include <linux/etherdevice.h>
29
30#include "hostap_wlan.h"
31#include "hostap.h"
32#include "hostap_ap.h"
33
34static int other_ap_policy[MAX_PARM_DEVICES] = { AP_OTHER_AP_SKIP_ALL,
35 DEF_INTS };
36module_param_array(other_ap_policy, int, NULL, 0444);
37MODULE_PARM_DESC(other_ap_policy, "Other AP beacon monitoring policy (0-3)");
38
39static int ap_max_inactivity[MAX_PARM_DEVICES] = { AP_MAX_INACTIVITY_SEC,
40 DEF_INTS };
41module_param_array(ap_max_inactivity, int, NULL, 0444);
42MODULE_PARM_DESC(ap_max_inactivity, "AP timeout (in seconds) for station "
43 "inactivity");
44
45static int ap_bridge_packets[MAX_PARM_DEVICES] = { 1, DEF_INTS };
46module_param_array(ap_bridge_packets, int, NULL, 0444);
47MODULE_PARM_DESC(ap_bridge_packets, "Bridge packets directly between "
48 "stations");
49
50static int autom_ap_wds[MAX_PARM_DEVICES] = { 0, DEF_INTS };
51module_param_array(autom_ap_wds, int, NULL, 0444);
52MODULE_PARM_DESC(autom_ap_wds, "Add WDS connections to other APs "
53 "automatically");
54
55
56static struct sta_info* ap_get_sta(struct ap_data *ap, u8 *sta);
57static void hostap_event_expired_sta(struct net_device *dev,
58 struct sta_info *sta);
59static void handle_add_proc_queue(struct work_struct *work);
60
61#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
62static void handle_wds_oper_queue(struct work_struct *work);
63static void prism2_send_mgmt(struct net_device *dev,
64 u16 type_subtype, char *body,
65 int body_len, u8 *addr, u16 tx_cb_idx);
66#endif
67
68
69#ifndef PRISM2_NO_PROCFS_DEBUG
70static int ap_debug_proc_show(struct seq_file *m, void *v)
71{
72 struct ap_data *ap = m->private;
73
74 seq_printf(m, "BridgedUnicastFrames=%u\n", ap->bridged_unicast);
75 seq_printf(m, "BridgedMulticastFrames=%u\n", ap->bridged_multicast);
76 seq_printf(m, "max_inactivity=%u\n", ap->max_inactivity / HZ);
77 seq_printf(m, "bridge_packets=%u\n", ap->bridge_packets);
78 seq_printf(m, "nullfunc_ack=%u\n", ap->nullfunc_ack);
79 seq_printf(m, "autom_ap_wds=%u\n", ap->autom_ap_wds);
80 seq_printf(m, "auth_algs=%u\n", ap->local->auth_algs);
81 seq_printf(m, "tx_drop_nonassoc=%u\n", ap->tx_drop_nonassoc);
82 return 0;
83}
84
85static int ap_debug_proc_open(struct inode *inode, struct file *file)
86{
87 return single_open(file, ap_debug_proc_show, PDE_DATA(inode));
88}
89
90static const struct file_operations ap_debug_proc_fops = {
91 .open = ap_debug_proc_open,
92 .read = seq_read,
93 .llseek = seq_lseek,
94 .release = single_release,
95};
96#endif
97
98
99static void ap_sta_hash_add(struct ap_data *ap, struct sta_info *sta)
100{
101 sta->hnext = ap->sta_hash[STA_HASH(sta->addr)];
102 ap->sta_hash[STA_HASH(sta->addr)] = sta;
103}
104
105static void ap_sta_hash_del(struct ap_data *ap, struct sta_info *sta)
106{
107 struct sta_info *s;
108
109 s = ap->sta_hash[STA_HASH(sta->addr)];
110 if (s == NULL) return;
111 if (ether_addr_equal(s->addr, sta->addr)) {
112 ap->sta_hash[STA_HASH(sta->addr)] = s->hnext;
113 return;
114 }
115
116 while (s->hnext != NULL && !ether_addr_equal(s->hnext->addr, sta->addr))
117 s = s->hnext;
118 if (s->hnext != NULL)
119 s->hnext = s->hnext->hnext;
120 else
121 printk("AP: could not remove STA %pM from hash table\n",
122 sta->addr);
123}
124
125static void ap_free_sta(struct ap_data *ap, struct sta_info *sta)
126{
127 if (sta->ap && sta->local)
128 hostap_event_expired_sta(sta->local->dev, sta);
129
130 if (ap->proc != NULL) {
131 char name[20];
132 sprintf(name, "%pM", sta->addr);
133 remove_proc_entry(name, ap->proc);
134 }
135
136 if (sta->crypt) {
137 sta->crypt->ops->deinit(sta->crypt->priv);
138 kfree(sta->crypt);
139 sta->crypt = NULL;
140 }
141
142 skb_queue_purge(&sta->tx_buf);
143
144 ap->num_sta--;
145#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
146 if (sta->aid > 0)
147 ap->sta_aid[sta->aid - 1] = NULL;
148
149 if (!sta->ap)
150 kfree(sta->u.sta.challenge);
151 del_timer_sync(&sta->timer);
152#endif
153
154 kfree(sta);
155}
156
157
158static void hostap_set_tim(local_info_t *local, int aid, int set)
159{
160 if (local->func->set_tim)
161 local->func->set_tim(local->dev, aid, set);
162}
163
164
165static void hostap_event_new_sta(struct net_device *dev, struct sta_info *sta)
166{
167 union iwreq_data wrqu;
168 memset(&wrqu, 0, sizeof(wrqu));
169 memcpy(wrqu.addr.sa_data, sta->addr, ETH_ALEN);
170 wrqu.addr.sa_family = ARPHRD_ETHER;
171 wireless_send_event(dev, IWEVREGISTERED, &wrqu, NULL);
172}
173
174
175static void hostap_event_expired_sta(struct net_device *dev,
176 struct sta_info *sta)
177{
178 union iwreq_data wrqu;
179 memset(&wrqu, 0, sizeof(wrqu));
180 memcpy(wrqu.addr.sa_data, sta->addr, ETH_ALEN);
181 wrqu.addr.sa_family = ARPHRD_ETHER;
182 wireless_send_event(dev, IWEVEXPIRED, &wrqu, NULL);
183}
184
185
186#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
187
188static void ap_handle_timer(struct timer_list *t)
189{
190 struct sta_info *sta = from_timer(sta, t, timer);
191 local_info_t *local;
192 struct ap_data *ap;
193 unsigned long next_time = 0;
194 int was_assoc;
195
196 if (sta == NULL || sta->local == NULL || sta->local->ap == NULL) {
197 PDEBUG(DEBUG_AP, "ap_handle_timer() called with NULL data\n");
198 return;
199 }
200
201 local = sta->local;
202 ap = local->ap;
203 was_assoc = sta->flags & WLAN_STA_ASSOC;
204
205 if (atomic_read(&sta->users) != 0)
206 next_time = jiffies + HZ;
207 else if ((sta->flags & WLAN_STA_PERM) && !(sta->flags & WLAN_STA_AUTH))
208 next_time = jiffies + ap->max_inactivity;
209
210 if (time_before(jiffies, sta->last_rx + ap->max_inactivity)) {
211
212 sta->timeout_next = STA_NULLFUNC;
213 next_time = sta->last_rx + ap->max_inactivity;
214 } else if (sta->timeout_next == STA_DISASSOC &&
215 !(sta->flags & WLAN_STA_PENDING_POLL)) {
216
217 sta->timeout_next = STA_NULLFUNC;
218 next_time = jiffies + ap->max_inactivity;
219 }
220
221 if (next_time) {
222 sta->timer.expires = next_time;
223 add_timer(&sta->timer);
224 return;
225 }
226
227 if (sta->ap)
228 sta->timeout_next = STA_DEAUTH;
229
230 if (sta->timeout_next == STA_DEAUTH && !(sta->flags & WLAN_STA_PERM)) {
231 spin_lock(&ap->sta_table_lock);
232 ap_sta_hash_del(ap, sta);
233 list_del(&sta->list);
234 spin_unlock(&ap->sta_table_lock);
235 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC);
236 } else if (sta->timeout_next == STA_DISASSOC)
237 sta->flags &= ~WLAN_STA_ASSOC;
238
239 if (was_assoc && !(sta->flags & WLAN_STA_ASSOC) && !sta->ap)
240 hostap_event_expired_sta(local->dev, sta);
241
242 if (sta->timeout_next == STA_DEAUTH && sta->aid > 0 &&
243 !skb_queue_empty(&sta->tx_buf)) {
244 hostap_set_tim(local, sta->aid, 0);
245 sta->flags &= ~WLAN_STA_TIM;
246 }
247
248 if (sta->ap) {
249 if (ap->autom_ap_wds) {
250 PDEBUG(DEBUG_AP, "%s: removing automatic WDS "
251 "connection to AP %pM\n",
252 local->dev->name, sta->addr);
253 hostap_wds_link_oper(local, sta->addr, WDS_DEL);
254 }
255 } else if (sta->timeout_next == STA_NULLFUNC) {
256
257
258
259
260
261 sta->flags |= WLAN_STA_PENDING_POLL;
262 prism2_send_mgmt(local->dev, IEEE80211_FTYPE_DATA |
263 IEEE80211_STYPE_DATA, NULL, 0,
264 sta->addr, ap->tx_callback_poll);
265 } else {
266 int deauth = sta->timeout_next == STA_DEAUTH;
267 __le16 resp;
268 PDEBUG(DEBUG_AP, "%s: sending %s info to STA %pM"
269 "(last=%lu, jiffies=%lu)\n",
270 local->dev->name,
271 deauth ? "deauthentication" : "disassociation",
272 sta->addr, sta->last_rx, jiffies);
273
274 resp = cpu_to_le16(deauth ? WLAN_REASON_PREV_AUTH_NOT_VALID :
275 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY);
276 prism2_send_mgmt(local->dev, IEEE80211_FTYPE_MGMT |
277 (deauth ? IEEE80211_STYPE_DEAUTH :
278 IEEE80211_STYPE_DISASSOC),
279 (char *) &resp, 2, sta->addr, 0);
280 }
281
282 if (sta->timeout_next == STA_DEAUTH) {
283 if (sta->flags & WLAN_STA_PERM) {
284 PDEBUG(DEBUG_AP, "%s: STA %pM"
285 " would have been removed, "
286 "but it has 'perm' flag\n",
287 local->dev->name, sta->addr);
288 } else
289 ap_free_sta(ap, sta);
290 return;
291 }
292
293 if (sta->timeout_next == STA_NULLFUNC) {
294 sta->timeout_next = STA_DISASSOC;
295 sta->timer.expires = jiffies + AP_DISASSOC_DELAY;
296 } else {
297 sta->timeout_next = STA_DEAUTH;
298 sta->timer.expires = jiffies + AP_DEAUTH_DELAY;
299 }
300
301 add_timer(&sta->timer);
302}
303
304
305void hostap_deauth_all_stas(struct net_device *dev, struct ap_data *ap,
306 int resend)
307{
308 u8 addr[ETH_ALEN];
309 __le16 resp;
310 int i;
311
312 PDEBUG(DEBUG_AP, "%s: Deauthenticate all stations\n", dev->name);
313 eth_broadcast_addr(addr);
314
315 resp = cpu_to_le16(WLAN_REASON_PREV_AUTH_NOT_VALID);
316
317
318
319
320
321 for (i = 0; i < 5; i++) {
322 prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT |
323 IEEE80211_STYPE_DEAUTH,
324 (char *) &resp, 2, addr, 0);
325
326 if (!resend || ap->num_sta <= 0)
327 return;
328
329 mdelay(50);
330 }
331}
332
333
334static int ap_control_proc_show(struct seq_file *m, void *v)
335{
336 struct ap_data *ap = m->private;
337 char *policy_txt;
338 struct mac_entry *entry;
339
340 if (v == SEQ_START_TOKEN) {
341 switch (ap->mac_restrictions.policy) {
342 case MAC_POLICY_OPEN:
343 policy_txt = "open";
344 break;
345 case MAC_POLICY_ALLOW:
346 policy_txt = "allow";
347 break;
348 case MAC_POLICY_DENY:
349 policy_txt = "deny";
350 break;
351 default:
352 policy_txt = "unknown";
353 break;
354 }
355 seq_printf(m, "MAC policy: %s\n", policy_txt);
356 seq_printf(m, "MAC entries: %u\n", ap->mac_restrictions.entries);
357 seq_puts(m, "MAC list:\n");
358 return 0;
359 }
360
361 entry = v;
362 seq_printf(m, "%pM\n", entry->addr);
363 return 0;
364}
365
366static void *ap_control_proc_start(struct seq_file *m, loff_t *_pos)
367{
368 struct ap_data *ap = m->private;
369 spin_lock_bh(&ap->mac_restrictions.lock);
370 return seq_list_start_head(&ap->mac_restrictions.mac_list, *_pos);
371}
372
373static void *ap_control_proc_next(struct seq_file *m, void *v, loff_t *_pos)
374{
375 struct ap_data *ap = m->private;
376 return seq_list_next(v, &ap->mac_restrictions.mac_list, _pos);
377}
378
379static void ap_control_proc_stop(struct seq_file *m, void *v)
380{
381 struct ap_data *ap = m->private;
382 spin_unlock_bh(&ap->mac_restrictions.lock);
383}
384
385static const struct seq_operations ap_control_proc_seqops = {
386 .start = ap_control_proc_start,
387 .next = ap_control_proc_next,
388 .stop = ap_control_proc_stop,
389 .show = ap_control_proc_show,
390};
391
392static int ap_control_proc_open(struct inode *inode, struct file *file)
393{
394 int ret = seq_open(file, &ap_control_proc_seqops);
395 if (ret == 0) {
396 struct seq_file *m = file->private_data;
397 m->private = PDE_DATA(inode);
398 }
399 return ret;
400}
401
402static const struct file_operations ap_control_proc_fops = {
403 .open = ap_control_proc_open,
404 .read = seq_read,
405 .llseek = seq_lseek,
406 .release = seq_release,
407};
408
409
410int ap_control_add_mac(struct mac_restrictions *mac_restrictions, u8 *mac)
411{
412 struct mac_entry *entry;
413
414 entry = kmalloc(sizeof(struct mac_entry), GFP_KERNEL);
415 if (entry == NULL)
416 return -ENOMEM;
417
418 memcpy(entry->addr, mac, ETH_ALEN);
419
420 spin_lock_bh(&mac_restrictions->lock);
421 list_add_tail(&entry->list, &mac_restrictions->mac_list);
422 mac_restrictions->entries++;
423 spin_unlock_bh(&mac_restrictions->lock);
424
425 return 0;
426}
427
428
429int ap_control_del_mac(struct mac_restrictions *mac_restrictions, u8 *mac)
430{
431 struct list_head *ptr;
432 struct mac_entry *entry;
433
434 spin_lock_bh(&mac_restrictions->lock);
435 for (ptr = mac_restrictions->mac_list.next;
436 ptr != &mac_restrictions->mac_list; ptr = ptr->next) {
437 entry = list_entry(ptr, struct mac_entry, list);
438
439 if (ether_addr_equal(entry->addr, mac)) {
440 list_del(ptr);
441 kfree(entry);
442 mac_restrictions->entries--;
443 spin_unlock_bh(&mac_restrictions->lock);
444 return 0;
445 }
446 }
447 spin_unlock_bh(&mac_restrictions->lock);
448 return -1;
449}
450
451
452static int ap_control_mac_deny(struct mac_restrictions *mac_restrictions,
453 u8 *mac)
454{
455 struct mac_entry *entry;
456 int found = 0;
457
458 if (mac_restrictions->policy == MAC_POLICY_OPEN)
459 return 0;
460
461 spin_lock_bh(&mac_restrictions->lock);
462 list_for_each_entry(entry, &mac_restrictions->mac_list, list) {
463 if (ether_addr_equal(entry->addr, mac)) {
464 found = 1;
465 break;
466 }
467 }
468 spin_unlock_bh(&mac_restrictions->lock);
469
470 if (mac_restrictions->policy == MAC_POLICY_ALLOW)
471 return !found;
472 else
473 return found;
474}
475
476
477void ap_control_flush_macs(struct mac_restrictions *mac_restrictions)
478{
479 struct list_head *ptr, *n;
480 struct mac_entry *entry;
481
482 if (mac_restrictions->entries == 0)
483 return;
484
485 spin_lock_bh(&mac_restrictions->lock);
486 for (ptr = mac_restrictions->mac_list.next, n = ptr->next;
487 ptr != &mac_restrictions->mac_list;
488 ptr = n, n = ptr->next) {
489 entry = list_entry(ptr, struct mac_entry, list);
490 list_del(ptr);
491 kfree(entry);
492 }
493 mac_restrictions->entries = 0;
494 spin_unlock_bh(&mac_restrictions->lock);
495}
496
497
498int ap_control_kick_mac(struct ap_data *ap, struct net_device *dev, u8 *mac)
499{
500 struct sta_info *sta;
501 __le16 resp;
502
503 spin_lock_bh(&ap->sta_table_lock);
504 sta = ap_get_sta(ap, mac);
505 if (sta) {
506 ap_sta_hash_del(ap, sta);
507 list_del(&sta->list);
508 }
509 spin_unlock_bh(&ap->sta_table_lock);
510
511 if (!sta)
512 return -EINVAL;
513
514 resp = cpu_to_le16(WLAN_REASON_PREV_AUTH_NOT_VALID);
515 prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_DEAUTH,
516 (char *) &resp, 2, sta->addr, 0);
517
518 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap)
519 hostap_event_expired_sta(dev, sta);
520
521 ap_free_sta(ap, sta);
522
523 return 0;
524}
525
526#endif
527
528
529void ap_control_kickall(struct ap_data *ap)
530{
531 struct list_head *ptr, *n;
532 struct sta_info *sta;
533
534 spin_lock_bh(&ap->sta_table_lock);
535 for (ptr = ap->sta_list.next, n = ptr->next; ptr != &ap->sta_list;
536 ptr = n, n = ptr->next) {
537 sta = list_entry(ptr, struct sta_info, list);
538 ap_sta_hash_del(ap, sta);
539 list_del(&sta->list);
540 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap && sta->local)
541 hostap_event_expired_sta(sta->local->dev, sta);
542 ap_free_sta(ap, sta);
543 }
544 spin_unlock_bh(&ap->sta_table_lock);
545}
546
547
548#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
549
550static int prism2_ap_proc_show(struct seq_file *m, void *v)
551{
552 struct sta_info *sta = v;
553 int i;
554
555 if (v == SEQ_START_TOKEN) {
556 seq_printf(m, "# BSSID CHAN SIGNAL NOISE RATE SSID FLAGS\n");
557 return 0;
558 }
559
560 if (!sta->ap)
561 return 0;
562
563 seq_printf(m, "%pM %d %d %d %d '",
564 sta->addr,
565 sta->u.ap.channel, sta->last_rx_signal,
566 sta->last_rx_silence, sta->last_rx_rate);
567
568 for (i = 0; i < sta->u.ap.ssid_len; i++) {
569 if (sta->u.ap.ssid[i] >= 32 && sta->u.ap.ssid[i] < 127)
570 seq_putc(m, sta->u.ap.ssid[i]);
571 else
572 seq_printf(m, "<%02x>", sta->u.ap.ssid[i]);
573 }
574
575 seq_putc(m, '\'');
576 if (sta->capability & WLAN_CAPABILITY_ESS)
577 seq_puts(m, " [ESS]");
578 if (sta->capability & WLAN_CAPABILITY_IBSS)
579 seq_puts(m, " [IBSS]");
580 if (sta->capability & WLAN_CAPABILITY_PRIVACY)
581 seq_puts(m, " [WEP]");
582 seq_putc(m, '\n');
583 return 0;
584}
585
586static void *prism2_ap_proc_start(struct seq_file *m, loff_t *_pos)
587{
588 struct ap_data *ap = m->private;
589 spin_lock_bh(&ap->sta_table_lock);
590 return seq_list_start_head(&ap->sta_list, *_pos);
591}
592
593static void *prism2_ap_proc_next(struct seq_file *m, void *v, loff_t *_pos)
594{
595 struct ap_data *ap = m->private;
596 return seq_list_next(v, &ap->sta_list, _pos);
597}
598
599static void prism2_ap_proc_stop(struct seq_file *m, void *v)
600{
601 struct ap_data *ap = m->private;
602 spin_unlock_bh(&ap->sta_table_lock);
603}
604
605static const struct seq_operations prism2_ap_proc_seqops = {
606 .start = prism2_ap_proc_start,
607 .next = prism2_ap_proc_next,
608 .stop = prism2_ap_proc_stop,
609 .show = prism2_ap_proc_show,
610};
611
612static int prism2_ap_proc_open(struct inode *inode, struct file *file)
613{
614 int ret = seq_open(file, &prism2_ap_proc_seqops);
615 if (ret == 0) {
616 struct seq_file *m = file->private_data;
617 m->private = PDE_DATA(inode);
618 }
619 return ret;
620}
621
622static const struct file_operations prism2_ap_proc_fops = {
623 .open = prism2_ap_proc_open,
624 .read = seq_read,
625 .llseek = seq_lseek,
626 .release = seq_release,
627};
628#endif
629
630
631void hostap_check_sta_fw_version(struct ap_data *ap, int sta_fw_ver)
632{
633 if (!ap)
634 return;
635
636 if (sta_fw_ver == PRISM2_FW_VER(0,8,0)) {
637 PDEBUG(DEBUG_AP, "Using data::nullfunc ACK workaround - "
638 "firmware upgrade recommended\n");
639 ap->nullfunc_ack = 1;
640 } else
641 ap->nullfunc_ack = 0;
642
643 if (sta_fw_ver == PRISM2_FW_VER(1,4,2)) {
644 printk(KERN_WARNING "%s: Warning: secondary station firmware "
645 "version 1.4.2 does not seem to work in Host AP mode\n",
646 ap->local->dev->name);
647 }
648}
649
650
651
652static void hostap_ap_tx_cb(struct sk_buff *skb, int ok, void *data)
653{
654 struct ap_data *ap = data;
655 struct ieee80211_hdr *hdr;
656
657 if (!ap->local->hostapd || !ap->local->apdev) {
658 dev_kfree_skb(skb);
659 return;
660 }
661
662
663
664
665 hdr = (struct ieee80211_hdr *) skb->data;
666 hdr->frame_control &= cpu_to_le16(~IEEE80211_FCTL_VERS);
667 hdr->frame_control |= cpu_to_le16(ok ? BIT(1) : BIT(0));
668
669 skb->dev = ap->local->apdev;
670 skb_pull(skb, hostap_80211_get_hdrlen(hdr->frame_control));
671 skb->pkt_type = PACKET_OTHERHOST;
672 skb->protocol = cpu_to_be16(ETH_P_802_2);
673 memset(skb->cb, 0, sizeof(skb->cb));
674 netif_rx(skb);
675}
676
677
678#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
679
680static void hostap_ap_tx_cb_auth(struct sk_buff *skb, int ok, void *data)
681{
682 struct ap_data *ap = data;
683 struct net_device *dev = ap->local->dev;
684 struct ieee80211_hdr *hdr;
685 u16 auth_alg, auth_transaction, status;
686 __le16 *pos;
687 struct sta_info *sta = NULL;
688 char *txt = NULL;
689
690 if (ap->local->hostapd) {
691 dev_kfree_skb(skb);
692 return;
693 }
694
695 hdr = (struct ieee80211_hdr *) skb->data;
696 if (!ieee80211_is_auth(hdr->frame_control) ||
697 skb->len < IEEE80211_MGMT_HDR_LEN + 6) {
698 printk(KERN_DEBUG "%s: hostap_ap_tx_cb_auth received invalid "
699 "frame\n", dev->name);
700 dev_kfree_skb(skb);
701 return;
702 }
703
704 pos = (__le16 *) (skb->data + IEEE80211_MGMT_HDR_LEN);
705 auth_alg = le16_to_cpu(*pos++);
706 auth_transaction = le16_to_cpu(*pos++);
707 status = le16_to_cpu(*pos++);
708
709 if (!ok) {
710 txt = "frame was not ACKed";
711 goto done;
712 }
713
714 spin_lock(&ap->sta_table_lock);
715 sta = ap_get_sta(ap, hdr->addr1);
716 if (sta)
717 atomic_inc(&sta->users);
718 spin_unlock(&ap->sta_table_lock);
719
720 if (!sta) {
721 txt = "STA not found";
722 goto done;
723 }
724
725 if (status == WLAN_STATUS_SUCCESS &&
726 ((auth_alg == WLAN_AUTH_OPEN && auth_transaction == 2) ||
727 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 4))) {
728 txt = "STA authenticated";
729 sta->flags |= WLAN_STA_AUTH;
730 sta->last_auth = jiffies;
731 } else if (status != WLAN_STATUS_SUCCESS)
732 txt = "authentication failed";
733
734 done:
735 if (sta)
736 atomic_dec(&sta->users);
737 if (txt) {
738 PDEBUG(DEBUG_AP, "%s: %pM auth_cb - alg=%d "
739 "trans#=%d status=%d - %s\n",
740 dev->name, hdr->addr1,
741 auth_alg, auth_transaction, status, txt);
742 }
743 dev_kfree_skb(skb);
744}
745
746
747
748static void hostap_ap_tx_cb_assoc(struct sk_buff *skb, int ok, void *data)
749{
750 struct ap_data *ap = data;
751 struct net_device *dev = ap->local->dev;
752 struct ieee80211_hdr *hdr;
753 u16 status;
754 __le16 *pos;
755 struct sta_info *sta = NULL;
756 char *txt = NULL;
757
758 if (ap->local->hostapd) {
759 dev_kfree_skb(skb);
760 return;
761 }
762
763 hdr = (struct ieee80211_hdr *) skb->data;
764 if ((!ieee80211_is_assoc_resp(hdr->frame_control) &&
765 !ieee80211_is_reassoc_resp(hdr->frame_control)) ||
766 skb->len < IEEE80211_MGMT_HDR_LEN + 4) {
767 printk(KERN_DEBUG "%s: hostap_ap_tx_cb_assoc received invalid "
768 "frame\n", dev->name);
769 dev_kfree_skb(skb);
770 return;
771 }
772
773 if (!ok) {
774 txt = "frame was not ACKed";
775 goto done;
776 }
777
778 spin_lock(&ap->sta_table_lock);
779 sta = ap_get_sta(ap, hdr->addr1);
780 if (sta)
781 atomic_inc(&sta->users);
782 spin_unlock(&ap->sta_table_lock);
783
784 if (!sta) {
785 txt = "STA not found";
786 goto done;
787 }
788
789 pos = (__le16 *) (skb->data + IEEE80211_MGMT_HDR_LEN);
790 pos++;
791 status = le16_to_cpu(*pos++);
792 if (status == WLAN_STATUS_SUCCESS) {
793 if (!(sta->flags & WLAN_STA_ASSOC))
794 hostap_event_new_sta(dev, sta);
795 txt = "STA associated";
796 sta->flags |= WLAN_STA_ASSOC;
797 sta->last_assoc = jiffies;
798 } else
799 txt = "association failed";
800
801 done:
802 if (sta)
803 atomic_dec(&sta->users);
804 if (txt) {
805 PDEBUG(DEBUG_AP, "%s: %pM assoc_cb - %s\n",
806 dev->name, hdr->addr1, txt);
807 }
808 dev_kfree_skb(skb);
809}
810
811
812
813static void hostap_ap_tx_cb_poll(struct sk_buff *skb, int ok, void *data)
814{
815 struct ap_data *ap = data;
816 struct ieee80211_hdr *hdr;
817 struct sta_info *sta;
818
819 if (skb->len < 24)
820 goto fail;
821 hdr = (struct ieee80211_hdr *) skb->data;
822 if (ok) {
823 spin_lock(&ap->sta_table_lock);
824 sta = ap_get_sta(ap, hdr->addr1);
825 if (sta)
826 sta->flags &= ~WLAN_STA_PENDING_POLL;
827 spin_unlock(&ap->sta_table_lock);
828 } else {
829 PDEBUG(DEBUG_AP,
830 "%s: STA %pM did not ACK activity poll frame\n",
831 ap->local->dev->name, hdr->addr1);
832 }
833
834 fail:
835 dev_kfree_skb(skb);
836}
837#endif
838
839
840void hostap_init_data(local_info_t *local)
841{
842 struct ap_data *ap = local->ap;
843
844 if (ap == NULL) {
845 printk(KERN_WARNING "hostap_init_data: ap == NULL\n");
846 return;
847 }
848 memset(ap, 0, sizeof(struct ap_data));
849 ap->local = local;
850
851 ap->ap_policy = GET_INT_PARM(other_ap_policy, local->card_idx);
852 ap->bridge_packets = GET_INT_PARM(ap_bridge_packets, local->card_idx);
853 ap->max_inactivity =
854 GET_INT_PARM(ap_max_inactivity, local->card_idx) * HZ;
855 ap->autom_ap_wds = GET_INT_PARM(autom_ap_wds, local->card_idx);
856
857 spin_lock_init(&ap->sta_table_lock);
858 INIT_LIST_HEAD(&ap->sta_list);
859
860
861 INIT_WORK(&local->ap->add_sta_proc_queue, handle_add_proc_queue);
862
863 ap->tx_callback_idx =
864 hostap_tx_callback_register(local, hostap_ap_tx_cb, ap);
865 if (ap->tx_callback_idx == 0)
866 printk(KERN_WARNING "%s: failed to register TX callback for "
867 "AP\n", local->dev->name);
868#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
869 INIT_WORK(&local->ap->wds_oper_queue, handle_wds_oper_queue);
870
871 ap->tx_callback_auth =
872 hostap_tx_callback_register(local, hostap_ap_tx_cb_auth, ap);
873 ap->tx_callback_assoc =
874 hostap_tx_callback_register(local, hostap_ap_tx_cb_assoc, ap);
875 ap->tx_callback_poll =
876 hostap_tx_callback_register(local, hostap_ap_tx_cb_poll, ap);
877 if (ap->tx_callback_auth == 0 || ap->tx_callback_assoc == 0 ||
878 ap->tx_callback_poll == 0)
879 printk(KERN_WARNING "%s: failed to register TX callback for "
880 "AP\n", local->dev->name);
881
882 spin_lock_init(&ap->mac_restrictions.lock);
883 INIT_LIST_HEAD(&ap->mac_restrictions.mac_list);
884#endif
885
886 ap->initialized = 1;
887}
888
889
890void hostap_init_ap_proc(local_info_t *local)
891{
892 struct ap_data *ap = local->ap;
893
894 ap->proc = local->proc;
895 if (ap->proc == NULL)
896 return;
897
898#ifndef PRISM2_NO_PROCFS_DEBUG
899 proc_create_data("ap_debug", 0, ap->proc, &ap_debug_proc_fops, ap);
900#endif
901
902#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
903 proc_create_data("ap_control", 0, ap->proc, &ap_control_proc_fops, ap);
904 proc_create_data("ap", 0, ap->proc, &prism2_ap_proc_fops, ap);
905#endif
906
907}
908
909
910void hostap_free_data(struct ap_data *ap)
911{
912 struct sta_info *n, *sta;
913
914 if (ap == NULL || !ap->initialized) {
915 printk(KERN_DEBUG "hostap_free_data: ap has not yet been "
916 "initialized - skip resource freeing\n");
917 return;
918 }
919
920 flush_work(&ap->add_sta_proc_queue);
921
922#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
923 flush_work(&ap->wds_oper_queue);
924 if (ap->crypt)
925 ap->crypt->deinit(ap->crypt_priv);
926 ap->crypt = ap->crypt_priv = NULL;
927#endif
928
929 list_for_each_entry_safe(sta, n, &ap->sta_list, list) {
930 ap_sta_hash_del(ap, sta);
931 list_del(&sta->list);
932 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap && sta->local)
933 hostap_event_expired_sta(sta->local->dev, sta);
934 ap_free_sta(ap, sta);
935 }
936
937#ifndef PRISM2_NO_PROCFS_DEBUG
938 if (ap->proc != NULL) {
939 remove_proc_entry("ap_debug", ap->proc);
940 }
941#endif
942
943#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
944 if (ap->proc != NULL) {
945 remove_proc_entry("ap", ap->proc);
946 remove_proc_entry("ap_control", ap->proc);
947 }
948 ap_control_flush_macs(&ap->mac_restrictions);
949#endif
950
951 ap->initialized = 0;
952}
953
954
955
956static struct sta_info* ap_get_sta(struct ap_data *ap, u8 *sta)
957{
958 struct sta_info *s;
959
960 s = ap->sta_hash[STA_HASH(sta)];
961 while (s != NULL && !ether_addr_equal(s->addr, sta))
962 s = s->hnext;
963 return s;
964}
965
966
967#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
968
969
970static void prism2_send_mgmt(struct net_device *dev,
971 u16 type_subtype, char *body,
972 int body_len, u8 *addr, u16 tx_cb_idx)
973{
974 struct hostap_interface *iface;
975 local_info_t *local;
976 struct ieee80211_hdr *hdr;
977 u16 fc;
978 struct sk_buff *skb;
979 struct hostap_skb_tx_data *meta;
980 int hdrlen;
981
982 iface = netdev_priv(dev);
983 local = iface->local;
984 dev = local->dev;
985 iface = netdev_priv(dev);
986
987 if (!(dev->flags & IFF_UP)) {
988 PDEBUG(DEBUG_AP, "%s: prism2_send_mgmt - device is not UP - "
989 "cannot send frame\n", dev->name);
990 return;
991 }
992
993 skb = dev_alloc_skb(sizeof(*hdr) + body_len);
994 if (skb == NULL) {
995 PDEBUG(DEBUG_AP, "%s: prism2_send_mgmt failed to allocate "
996 "skb\n", dev->name);
997 return;
998 }
999
1000 fc = type_subtype;
1001 hdrlen = hostap_80211_get_hdrlen(cpu_to_le16(type_subtype));
1002 hdr = skb_put_zero(skb, hdrlen);
1003 if (body)
1004 skb_put_data(skb, body, body_len);
1005
1006
1007
1008
1009
1010 memcpy(hdr->addr1, addr, ETH_ALEN);
1011 if (ieee80211_is_data(hdr->frame_control)) {
1012 fc |= IEEE80211_FCTL_FROMDS;
1013 memcpy(hdr->addr2, dev->dev_addr, ETH_ALEN);
1014 memcpy(hdr->addr3, dev->dev_addr, ETH_ALEN);
1015 } else if (ieee80211_is_ctl(hdr->frame_control)) {
1016
1017 eth_zero_addr(hdr->addr2);
1018 eth_zero_addr(hdr->addr3);
1019 } else {
1020 memcpy(hdr->addr2, dev->dev_addr, ETH_ALEN);
1021 memcpy(hdr->addr3, dev->dev_addr, ETH_ALEN);
1022 }
1023
1024 hdr->frame_control = cpu_to_le16(fc);
1025
1026 meta = (struct hostap_skb_tx_data *) skb->cb;
1027 memset(meta, 0, sizeof(*meta));
1028 meta->magic = HOSTAP_SKB_TX_DATA_MAGIC;
1029 meta->iface = iface;
1030 meta->tx_cb_idx = tx_cb_idx;
1031
1032 skb->dev = dev;
1033 skb_reset_mac_header(skb);
1034 skb_reset_network_header(skb);
1035 dev_queue_xmit(skb);
1036}
1037#endif
1038
1039
1040static int prism2_sta_proc_show(struct seq_file *m, void *v)
1041{
1042 struct sta_info *sta = m->private;
1043 int i;
1044
1045
1046
1047
1048
1049 seq_printf(m,
1050 "%s=%pM\nusers=%d\naid=%d\n"
1051 "flags=0x%04x%s%s%s%s%s%s%s\n"
1052 "capability=0x%02x\nlisten_interval=%d\nsupported_rates=",
1053 sta->ap ? "AP" : "STA",
1054 sta->addr, atomic_read(&sta->users), sta->aid,
1055 sta->flags,
1056 sta->flags & WLAN_STA_AUTH ? " AUTH" : "",
1057 sta->flags & WLAN_STA_ASSOC ? " ASSOC" : "",
1058 sta->flags & WLAN_STA_PS ? " PS" : "",
1059 sta->flags & WLAN_STA_TIM ? " TIM" : "",
1060 sta->flags & WLAN_STA_PERM ? " PERM" : "",
1061 sta->flags & WLAN_STA_AUTHORIZED ? " AUTHORIZED" : "",
1062 sta->flags & WLAN_STA_PENDING_POLL ? " POLL" : "",
1063 sta->capability, sta->listen_interval);
1064
1065 for (i = 0; i < sizeof(sta->supported_rates); i++)
1066 if (sta->supported_rates[i] != 0)
1067 seq_printf(m, "%d%sMbps ",
1068 (sta->supported_rates[i] & 0x7f) / 2,
1069 sta->supported_rates[i] & 1 ? ".5" : "");
1070 seq_printf(m,
1071 "\njiffies=%lu\nlast_auth=%lu\nlast_assoc=%lu\n"
1072 "last_rx=%lu\nlast_tx=%lu\nrx_packets=%lu\n"
1073 "tx_packets=%lu\n"
1074 "rx_bytes=%lu\ntx_bytes=%lu\nbuffer_count=%d\n"
1075 "last_rx: silence=%d dBm signal=%d dBm rate=%d%s Mbps\n"
1076 "tx_rate=%d\ntx[1M]=%d\ntx[2M]=%d\ntx[5.5M]=%d\n"
1077 "tx[11M]=%d\n"
1078 "rx[1M]=%d\nrx[2M]=%d\nrx[5.5M]=%d\nrx[11M]=%d\n",
1079 jiffies, sta->last_auth, sta->last_assoc, sta->last_rx,
1080 sta->last_tx,
1081 sta->rx_packets, sta->tx_packets, sta->rx_bytes,
1082 sta->tx_bytes, skb_queue_len(&sta->tx_buf),
1083 sta->last_rx_silence,
1084 sta->last_rx_signal, sta->last_rx_rate / 10,
1085 sta->last_rx_rate % 10 ? ".5" : "",
1086 sta->tx_rate, sta->tx_count[0], sta->tx_count[1],
1087 sta->tx_count[2], sta->tx_count[3], sta->rx_count[0],
1088 sta->rx_count[1], sta->rx_count[2], sta->rx_count[3]);
1089 if (sta->crypt && sta->crypt->ops && sta->crypt->ops->print_stats)
1090 sta->crypt->ops->print_stats(m, sta->crypt->priv);
1091#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
1092 if (sta->ap) {
1093 if (sta->u.ap.channel >= 0)
1094 seq_printf(m, "channel=%d\n", sta->u.ap.channel);
1095 seq_puts(m, "ssid=");
1096 for (i = 0; i < sta->u.ap.ssid_len; i++) {
1097 if (sta->u.ap.ssid[i] >= 32 && sta->u.ap.ssid[i] < 127)
1098 seq_putc(m, sta->u.ap.ssid[i]);
1099 else
1100 seq_printf(m, "<%02x>", sta->u.ap.ssid[i]);
1101 }
1102 seq_putc(m, '\n');
1103 }
1104#endif
1105
1106 return 0;
1107}
1108
1109static int prism2_sta_proc_open(struct inode *inode, struct file *file)
1110{
1111 return single_open(file, prism2_sta_proc_show, PDE_DATA(inode));
1112}
1113
1114static const struct file_operations prism2_sta_proc_fops = {
1115 .open = prism2_sta_proc_open,
1116 .read = seq_read,
1117 .llseek = seq_lseek,
1118 .release = single_release,
1119};
1120
1121static void handle_add_proc_queue(struct work_struct *work)
1122{
1123 struct ap_data *ap = container_of(work, struct ap_data,
1124 add_sta_proc_queue);
1125 struct sta_info *sta;
1126 char name[20];
1127 struct add_sta_proc_data *entry, *prev;
1128
1129 entry = ap->add_sta_proc_entries;
1130 ap->add_sta_proc_entries = NULL;
1131
1132 while (entry) {
1133 spin_lock_bh(&ap->sta_table_lock);
1134 sta = ap_get_sta(ap, entry->addr);
1135 if (sta)
1136 atomic_inc(&sta->users);
1137 spin_unlock_bh(&ap->sta_table_lock);
1138
1139 if (sta) {
1140 sprintf(name, "%pM", sta->addr);
1141 sta->proc = proc_create_data(
1142 name, 0, ap->proc,
1143 &prism2_sta_proc_fops, sta);
1144
1145 atomic_dec(&sta->users);
1146 }
1147
1148 prev = entry;
1149 entry = entry->next;
1150 kfree(prev);
1151 }
1152}
1153
1154
1155static struct sta_info * ap_add_sta(struct ap_data *ap, u8 *addr)
1156{
1157 struct sta_info *sta;
1158
1159 sta = kzalloc(sizeof(struct sta_info), GFP_ATOMIC);
1160 if (sta == NULL) {
1161 PDEBUG(DEBUG_AP, "AP: kmalloc failed\n");
1162 return NULL;
1163 }
1164
1165
1166 sta->local = ap->local;
1167 skb_queue_head_init(&sta->tx_buf);
1168 memcpy(sta->addr, addr, ETH_ALEN);
1169
1170 atomic_inc(&sta->users);
1171 spin_lock_bh(&ap->sta_table_lock);
1172 list_add(&sta->list, &ap->sta_list);
1173 ap->num_sta++;
1174 ap_sta_hash_add(ap, sta);
1175 spin_unlock_bh(&ap->sta_table_lock);
1176
1177 if (ap->proc) {
1178 struct add_sta_proc_data *entry;
1179
1180
1181 entry = kmalloc(sizeof(*entry), GFP_ATOMIC);
1182 if (entry) {
1183 memcpy(entry->addr, sta->addr, ETH_ALEN);
1184 entry->next = ap->add_sta_proc_entries;
1185 ap->add_sta_proc_entries = entry;
1186 schedule_work(&ap->add_sta_proc_queue);
1187 } else
1188 printk(KERN_DEBUG "Failed to add STA proc data\n");
1189 }
1190
1191#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
1192 timer_setup(&sta->timer, ap_handle_timer, 0);
1193 sta->timer.expires = jiffies + ap->max_inactivity;
1194 if (!ap->local->hostapd)
1195 add_timer(&sta->timer);
1196#endif
1197
1198 return sta;
1199}
1200
1201
1202static int ap_tx_rate_ok(int rateidx, struct sta_info *sta,
1203 local_info_t *local)
1204{
1205 if (rateidx > sta->tx_max_rate ||
1206 !(sta->tx_supp_rates & (1 << rateidx)))
1207 return 0;
1208
1209 if (local->tx_rate_control != 0 &&
1210 !(local->tx_rate_control & (1 << rateidx)))
1211 return 0;
1212
1213 return 1;
1214}
1215
1216
1217static void prism2_check_tx_rates(struct sta_info *sta)
1218{
1219 int i;
1220
1221 sta->tx_supp_rates = 0;
1222 for (i = 0; i < sizeof(sta->supported_rates); i++) {
1223 if ((sta->supported_rates[i] & 0x7f) == 2)
1224 sta->tx_supp_rates |= WLAN_RATE_1M;
1225 if ((sta->supported_rates[i] & 0x7f) == 4)
1226 sta->tx_supp_rates |= WLAN_RATE_2M;
1227 if ((sta->supported_rates[i] & 0x7f) == 11)
1228 sta->tx_supp_rates |= WLAN_RATE_5M5;
1229 if ((sta->supported_rates[i] & 0x7f) == 22)
1230 sta->tx_supp_rates |= WLAN_RATE_11M;
1231 }
1232 sta->tx_max_rate = sta->tx_rate = sta->tx_rate_idx = 0;
1233 if (sta->tx_supp_rates & WLAN_RATE_1M) {
1234 sta->tx_max_rate = 0;
1235 if (ap_tx_rate_ok(0, sta, sta->local)) {
1236 sta->tx_rate = 10;
1237 sta->tx_rate_idx = 0;
1238 }
1239 }
1240 if (sta->tx_supp_rates & WLAN_RATE_2M) {
1241 sta->tx_max_rate = 1;
1242 if (ap_tx_rate_ok(1, sta, sta->local)) {
1243 sta->tx_rate = 20;
1244 sta->tx_rate_idx = 1;
1245 }
1246 }
1247 if (sta->tx_supp_rates & WLAN_RATE_5M5) {
1248 sta->tx_max_rate = 2;
1249 if (ap_tx_rate_ok(2, sta, sta->local)) {
1250 sta->tx_rate = 55;
1251 sta->tx_rate_idx = 2;
1252 }
1253 }
1254 if (sta->tx_supp_rates & WLAN_RATE_11M) {
1255 sta->tx_max_rate = 3;
1256 if (ap_tx_rate_ok(3, sta, sta->local)) {
1257 sta->tx_rate = 110;
1258 sta->tx_rate_idx = 3;
1259 }
1260 }
1261}
1262
1263
1264#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
1265
1266static void ap_crypt_init(struct ap_data *ap)
1267{
1268 ap->crypt = lib80211_get_crypto_ops("WEP");
1269
1270 if (ap->crypt) {
1271 if (ap->crypt->init) {
1272 ap->crypt_priv = ap->crypt->init(0);
1273 if (ap->crypt_priv == NULL)
1274 ap->crypt = NULL;
1275 else {
1276 u8 key[WEP_KEY_LEN];
1277 get_random_bytes(key, WEP_KEY_LEN);
1278 ap->crypt->set_key(key, WEP_KEY_LEN, NULL,
1279 ap->crypt_priv);
1280 }
1281 }
1282 }
1283
1284 if (ap->crypt == NULL) {
1285 printk(KERN_WARNING "AP could not initialize WEP: load module "
1286 "lib80211_crypt_wep.ko\n");
1287 }
1288}
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299static char * ap_auth_make_challenge(struct ap_data *ap)
1300{
1301 char *tmpbuf;
1302 struct sk_buff *skb;
1303
1304 if (ap->crypt == NULL) {
1305 ap_crypt_init(ap);
1306 if (ap->crypt == NULL)
1307 return NULL;
1308 }
1309
1310 tmpbuf = kmalloc(WLAN_AUTH_CHALLENGE_LEN, GFP_ATOMIC);
1311 if (tmpbuf == NULL) {
1312 PDEBUG(DEBUG_AP, "AP: kmalloc failed for challenge\n");
1313 return NULL;
1314 }
1315
1316 skb = dev_alloc_skb(WLAN_AUTH_CHALLENGE_LEN +
1317 ap->crypt->extra_mpdu_prefix_len +
1318 ap->crypt->extra_mpdu_postfix_len);
1319 if (skb == NULL) {
1320 kfree(tmpbuf);
1321 return NULL;
1322 }
1323
1324 skb_reserve(skb, ap->crypt->extra_mpdu_prefix_len);
1325 skb_put_zero(skb, WLAN_AUTH_CHALLENGE_LEN);
1326 if (ap->crypt->encrypt_mpdu(skb, 0, ap->crypt_priv)) {
1327 dev_kfree_skb(skb);
1328 kfree(tmpbuf);
1329 return NULL;
1330 }
1331
1332 skb_copy_from_linear_data_offset(skb, ap->crypt->extra_mpdu_prefix_len,
1333 tmpbuf, WLAN_AUTH_CHALLENGE_LEN);
1334 dev_kfree_skb(skb);
1335
1336 return tmpbuf;
1337}
1338
1339
1340
1341static void handle_authen(local_info_t *local, struct sk_buff *skb,
1342 struct hostap_80211_rx_status *rx_stats)
1343{
1344 struct net_device *dev = local->dev;
1345 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
1346 size_t hdrlen;
1347 struct ap_data *ap = local->ap;
1348 char body[8 + WLAN_AUTH_CHALLENGE_LEN], *challenge = NULL;
1349 int len, olen;
1350 u16 auth_alg, auth_transaction, status_code;
1351 __le16 *pos;
1352 u16 resp = WLAN_STATUS_SUCCESS;
1353 struct sta_info *sta = NULL;
1354 struct lib80211_crypt_data *crypt;
1355 char *txt = "";
1356
1357 len = skb->len - IEEE80211_MGMT_HDR_LEN;
1358
1359 hdrlen = hostap_80211_get_hdrlen(hdr->frame_control);
1360
1361 if (len < 6) {
1362 PDEBUG(DEBUG_AP, "%s: handle_authen - too short payload "
1363 "(len=%d) from %pM\n", dev->name, len, hdr->addr2);
1364 return;
1365 }
1366
1367 spin_lock_bh(&local->ap->sta_table_lock);
1368 sta = ap_get_sta(local->ap, hdr->addr2);
1369 if (sta)
1370 atomic_inc(&sta->users);
1371 spin_unlock_bh(&local->ap->sta_table_lock);
1372
1373 if (sta && sta->crypt)
1374 crypt = sta->crypt;
1375 else {
1376 int idx = 0;
1377 if (skb->len >= hdrlen + 3)
1378 idx = skb->data[hdrlen + 3] >> 6;
1379 crypt = local->crypt_info.crypt[idx];
1380 }
1381
1382 pos = (__le16 *) (skb->data + IEEE80211_MGMT_HDR_LEN);
1383 auth_alg = __le16_to_cpu(*pos);
1384 pos++;
1385 auth_transaction = __le16_to_cpu(*pos);
1386 pos++;
1387 status_code = __le16_to_cpu(*pos);
1388 pos++;
1389
1390 if (ether_addr_equal(dev->dev_addr, hdr->addr2) ||
1391 ap_control_mac_deny(&ap->mac_restrictions, hdr->addr2)) {
1392 txt = "authentication denied";
1393 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1394 goto fail;
1395 }
1396
1397 if (((local->auth_algs & PRISM2_AUTH_OPEN) &&
1398 auth_alg == WLAN_AUTH_OPEN) ||
1399 ((local->auth_algs & PRISM2_AUTH_SHARED_KEY) &&
1400 crypt && auth_alg == WLAN_AUTH_SHARED_KEY)) {
1401 } else {
1402 txt = "unsupported algorithm";
1403 resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG;
1404 goto fail;
1405 }
1406
1407 if (len >= 8) {
1408 u8 *u = (u8 *) pos;
1409 if (*u == WLAN_EID_CHALLENGE) {
1410 if (*(u + 1) != WLAN_AUTH_CHALLENGE_LEN) {
1411 txt = "invalid challenge len";
1412 resp = WLAN_STATUS_CHALLENGE_FAIL;
1413 goto fail;
1414 }
1415 if (len - 8 < WLAN_AUTH_CHALLENGE_LEN) {
1416 txt = "challenge underflow";
1417 resp = WLAN_STATUS_CHALLENGE_FAIL;
1418 goto fail;
1419 }
1420 challenge = (char *) (u + 2);
1421 }
1422 }
1423
1424 if (sta && sta->ap) {
1425 if (time_after(jiffies, sta->u.ap.last_beacon +
1426 (10 * sta->listen_interval * HZ) / 1024)) {
1427 PDEBUG(DEBUG_AP, "%s: no beacons received for a while,"
1428 " assuming AP %pM is now STA\n",
1429 dev->name, sta->addr);
1430 sta->ap = 0;
1431 sta->flags = 0;
1432 sta->u.sta.challenge = NULL;
1433 } else {
1434 txt = "AP trying to authenticate?";
1435 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1436 goto fail;
1437 }
1438 }
1439
1440 if ((auth_alg == WLAN_AUTH_OPEN && auth_transaction == 1) ||
1441 (auth_alg == WLAN_AUTH_SHARED_KEY &&
1442 (auth_transaction == 1 ||
1443 (auth_transaction == 3 && sta != NULL &&
1444 sta->u.sta.challenge != NULL)))) {
1445 } else {
1446 txt = "unknown authentication transaction number";
1447 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION;
1448 goto fail;
1449 }
1450
1451 if (sta == NULL) {
1452 txt = "new STA";
1453
1454 if (local->ap->num_sta >= MAX_STA_COUNT) {
1455
1456 txt = "no more room for new STAs";
1457 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1458 goto fail;
1459 }
1460
1461 sta = ap_add_sta(local->ap, hdr->addr2);
1462 if (sta == NULL) {
1463 txt = "ap_add_sta failed";
1464 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1465 goto fail;
1466 }
1467 }
1468
1469 switch (auth_alg) {
1470 case WLAN_AUTH_OPEN:
1471 txt = "authOK";
1472
1473
1474
1475
1476
1477 sta->flags |= WLAN_STA_AUTH;
1478 break;
1479
1480 case WLAN_AUTH_SHARED_KEY:
1481 if (auth_transaction == 1) {
1482 if (sta->u.sta.challenge == NULL) {
1483 sta->u.sta.challenge =
1484 ap_auth_make_challenge(local->ap);
1485 if (sta->u.sta.challenge == NULL) {
1486 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1487 goto fail;
1488 }
1489 }
1490 } else {
1491 if (sta->u.sta.challenge == NULL ||
1492 challenge == NULL ||
1493 memcmp(sta->u.sta.challenge, challenge,
1494 WLAN_AUTH_CHALLENGE_LEN) != 0 ||
1495 !ieee80211_has_protected(hdr->frame_control)) {
1496 txt = "challenge response incorrect";
1497 resp = WLAN_STATUS_CHALLENGE_FAIL;
1498 goto fail;
1499 }
1500
1501 txt = "challenge OK - authOK";
1502
1503
1504
1505
1506
1507 sta->flags |= WLAN_STA_AUTH;
1508 kfree(sta->u.sta.challenge);
1509 sta->u.sta.challenge = NULL;
1510 }
1511 break;
1512 }
1513
1514 fail:
1515 pos = (__le16 *) body;
1516 *pos = cpu_to_le16(auth_alg);
1517 pos++;
1518 *pos = cpu_to_le16(auth_transaction + 1);
1519 pos++;
1520 *pos = cpu_to_le16(resp);
1521 pos++;
1522 olen = 6;
1523
1524 if (resp == WLAN_STATUS_SUCCESS && sta != NULL &&
1525 sta->u.sta.challenge != NULL &&
1526 auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 1) {
1527 u8 *tmp = (u8 *) pos;
1528 *tmp++ = WLAN_EID_CHALLENGE;
1529 *tmp++ = WLAN_AUTH_CHALLENGE_LEN;
1530 pos++;
1531 memcpy(pos, sta->u.sta.challenge, WLAN_AUTH_CHALLENGE_LEN);
1532 olen += 2 + WLAN_AUTH_CHALLENGE_LEN;
1533 }
1534
1535 prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_AUTH,
1536 body, olen, hdr->addr2, ap->tx_callback_auth);
1537
1538 if (sta) {
1539 sta->last_rx = jiffies;
1540 atomic_dec(&sta->users);
1541 }
1542
1543 if (resp) {
1544 PDEBUG(DEBUG_AP, "%s: %pM auth (alg=%d "
1545 "trans#=%d stat=%d len=%d fc=%04x) ==> %d (%s)\n",
1546 dev->name, hdr->addr2,
1547 auth_alg, auth_transaction, status_code, len,
1548 le16_to_cpu(hdr->frame_control), resp, txt);
1549 }
1550}
1551
1552
1553
1554static void handle_assoc(local_info_t *local, struct sk_buff *skb,
1555 struct hostap_80211_rx_status *rx_stats, int reassoc)
1556{
1557 struct net_device *dev = local->dev;
1558 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
1559 char body[12], *p, *lpos;
1560 int len, left;
1561 __le16 *pos;
1562 u16 resp = WLAN_STATUS_SUCCESS;
1563 struct sta_info *sta = NULL;
1564 int send_deauth = 0;
1565 char *txt = "";
1566 u8 prev_ap[ETH_ALEN];
1567
1568 left = len = skb->len - IEEE80211_MGMT_HDR_LEN;
1569
1570 if (len < (reassoc ? 10 : 4)) {
1571 PDEBUG(DEBUG_AP, "%s: handle_assoc - too short payload "
1572 "(len=%d, reassoc=%d) from %pM\n",
1573 dev->name, len, reassoc, hdr->addr2);
1574 return;
1575 }
1576
1577 spin_lock_bh(&local->ap->sta_table_lock);
1578 sta = ap_get_sta(local->ap, hdr->addr2);
1579 if (sta == NULL || (sta->flags & WLAN_STA_AUTH) == 0) {
1580 spin_unlock_bh(&local->ap->sta_table_lock);
1581 txt = "trying to associate before authentication";
1582 send_deauth = 1;
1583 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1584 sta = NULL;
1585 goto fail;
1586 }
1587 atomic_inc(&sta->users);
1588 spin_unlock_bh(&local->ap->sta_table_lock);
1589
1590 pos = (__le16 *) (skb->data + IEEE80211_MGMT_HDR_LEN);
1591 sta->capability = __le16_to_cpu(*pos);
1592 pos++; left -= 2;
1593 sta->listen_interval = __le16_to_cpu(*pos);
1594 pos++; left -= 2;
1595
1596 if (reassoc) {
1597 memcpy(prev_ap, pos, ETH_ALEN);
1598 pos++; pos++; pos++; left -= 6;
1599 } else
1600 eth_zero_addr(prev_ap);
1601
1602 if (left >= 2) {
1603 unsigned int ileft;
1604 unsigned char *u = (unsigned char *) pos;
1605
1606 if (*u == WLAN_EID_SSID) {
1607 u++; left--;
1608 ileft = *u;
1609 u++; left--;
1610
1611 if (ileft > left || ileft > MAX_SSID_LEN) {
1612 txt = "SSID overflow";
1613 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1614 goto fail;
1615 }
1616
1617 if (ileft != strlen(local->essid) ||
1618 memcmp(local->essid, u, ileft) != 0) {
1619 txt = "not our SSID";
1620 resp = WLAN_STATUS_ASSOC_DENIED_UNSPEC;
1621 goto fail;
1622 }
1623
1624 u += ileft;
1625 left -= ileft;
1626 }
1627
1628 if (left >= 2 && *u == WLAN_EID_SUPP_RATES) {
1629 u++; left--;
1630 ileft = *u;
1631 u++; left--;
1632
1633 if (ileft > left || ileft == 0 ||
1634 ileft > WLAN_SUPP_RATES_MAX) {
1635 txt = "SUPP_RATES len error";
1636 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1637 goto fail;
1638 }
1639
1640 memset(sta->supported_rates, 0,
1641 sizeof(sta->supported_rates));
1642 memcpy(sta->supported_rates, u, ileft);
1643 prism2_check_tx_rates(sta);
1644
1645 u += ileft;
1646 left -= ileft;
1647 }
1648
1649 if (left > 0) {
1650 PDEBUG(DEBUG_AP, "%s: assoc from %pM"
1651 " with extra data (%d bytes) [",
1652 dev->name, hdr->addr2, left);
1653 while (left > 0) {
1654 PDEBUG2(DEBUG_AP, "<%02x>", *u);
1655 u++; left--;
1656 }
1657 PDEBUG2(DEBUG_AP, "]\n");
1658 }
1659 } else {
1660 txt = "frame underflow";
1661 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1662 goto fail;
1663 }
1664
1665
1666 if (sta->aid > 0)
1667 txt = "OK, old AID";
1668 else {
1669 spin_lock_bh(&local->ap->sta_table_lock);
1670 for (sta->aid = 1; sta->aid <= MAX_AID_TABLE_SIZE; sta->aid++)
1671 if (local->ap->sta_aid[sta->aid - 1] == NULL)
1672 break;
1673 if (sta->aid > MAX_AID_TABLE_SIZE) {
1674 sta->aid = 0;
1675 spin_unlock_bh(&local->ap->sta_table_lock);
1676 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
1677 txt = "no room for more AIDs";
1678 } else {
1679 local->ap->sta_aid[sta->aid - 1] = sta;
1680 spin_unlock_bh(&local->ap->sta_table_lock);
1681 txt = "OK, new AID";
1682 }
1683 }
1684
1685 fail:
1686 pos = (__le16 *) body;
1687
1688 if (send_deauth) {
1689 *pos = cpu_to_le16(WLAN_REASON_STA_REQ_ASSOC_WITHOUT_AUTH);
1690 pos++;
1691 } else {
1692
1693
1694
1695
1696 *pos = cpu_to_le16(WLAN_CAPABILITY_ESS);
1697 pos++;
1698
1699
1700 *pos = cpu_to_le16(resp);
1701 pos++;
1702
1703 *pos = cpu_to_le16((sta && sta->aid > 0 ? sta->aid : 0) |
1704 BIT(14) | BIT(15));
1705 pos++;
1706
1707
1708 p = (char *) pos;
1709 *p++ = WLAN_EID_SUPP_RATES;
1710 lpos = p;
1711 *p++ = 0;
1712 if (local->tx_rate_control & WLAN_RATE_1M) {
1713 *p++ = local->basic_rates & WLAN_RATE_1M ? 0x82 : 0x02;
1714 (*lpos)++;
1715 }
1716 if (local->tx_rate_control & WLAN_RATE_2M) {
1717 *p++ = local->basic_rates & WLAN_RATE_2M ? 0x84 : 0x04;
1718 (*lpos)++;
1719 }
1720 if (local->tx_rate_control & WLAN_RATE_5M5) {
1721 *p++ = local->basic_rates & WLAN_RATE_5M5 ?
1722 0x8b : 0x0b;
1723 (*lpos)++;
1724 }
1725 if (local->tx_rate_control & WLAN_RATE_11M) {
1726 *p++ = local->basic_rates & WLAN_RATE_11M ?
1727 0x96 : 0x16;
1728 (*lpos)++;
1729 }
1730 pos = (__le16 *) p;
1731 }
1732
1733 prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT |
1734 (send_deauth ? IEEE80211_STYPE_DEAUTH :
1735 (reassoc ? IEEE80211_STYPE_REASSOC_RESP :
1736 IEEE80211_STYPE_ASSOC_RESP)),
1737 body, (u8 *) pos - (u8 *) body,
1738 hdr->addr2,
1739 send_deauth ? 0 : local->ap->tx_callback_assoc);
1740
1741 if (sta) {
1742 if (resp == WLAN_STATUS_SUCCESS) {
1743 sta->last_rx = jiffies;
1744
1745
1746 }
1747 atomic_dec(&sta->users);
1748 }
1749
1750#if 0
1751 PDEBUG(DEBUG_AP, "%s: %pM %sassoc (len=%d "
1752 "prev_ap=%pM) => %d(%d) (%s)\n",
1753 dev->name,
1754 hdr->addr2,
1755 reassoc ? "re" : "", len,
1756 prev_ap,
1757 resp, send_deauth, txt);
1758#endif
1759}
1760
1761
1762
1763static void handle_deauth(local_info_t *local, struct sk_buff *skb,
1764 struct hostap_80211_rx_status *rx_stats)
1765{
1766 struct net_device *dev = local->dev;
1767 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
1768 char *body = (char *) (skb->data + IEEE80211_MGMT_HDR_LEN);
1769 int len;
1770 u16 reason_code;
1771 __le16 *pos;
1772 struct sta_info *sta = NULL;
1773
1774 len = skb->len - IEEE80211_MGMT_HDR_LEN;
1775
1776 if (len < 2) {
1777 printk("handle_deauth - too short payload (len=%d)\n", len);
1778 return;
1779 }
1780
1781 pos = (__le16 *) body;
1782 reason_code = le16_to_cpu(*pos);
1783
1784 PDEBUG(DEBUG_AP, "%s: deauthentication: %pM len=%d, "
1785 "reason_code=%d\n", dev->name, hdr->addr2,
1786 len, reason_code);
1787
1788 spin_lock_bh(&local->ap->sta_table_lock);
1789 sta = ap_get_sta(local->ap, hdr->addr2);
1790 if (sta != NULL) {
1791 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap)
1792 hostap_event_expired_sta(local->dev, sta);
1793 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC);
1794 }
1795 spin_unlock_bh(&local->ap->sta_table_lock);
1796 if (sta == NULL) {
1797 printk("%s: deauthentication from %pM, "
1798 "reason_code=%d, but STA not authenticated\n", dev->name,
1799 hdr->addr2, reason_code);
1800 }
1801}
1802
1803
1804
1805static void handle_disassoc(local_info_t *local, struct sk_buff *skb,
1806 struct hostap_80211_rx_status *rx_stats)
1807{
1808 struct net_device *dev = local->dev;
1809 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
1810 char *body = skb->data + IEEE80211_MGMT_HDR_LEN;
1811 int len;
1812 u16 reason_code;
1813 __le16 *pos;
1814 struct sta_info *sta = NULL;
1815
1816 len = skb->len - IEEE80211_MGMT_HDR_LEN;
1817
1818 if (len < 2) {
1819 printk("handle_disassoc - too short payload (len=%d)\n", len);
1820 return;
1821 }
1822
1823 pos = (__le16 *) body;
1824 reason_code = le16_to_cpu(*pos);
1825
1826 PDEBUG(DEBUG_AP, "%s: disassociation: %pM len=%d, "
1827 "reason_code=%d\n", dev->name, hdr->addr2,
1828 len, reason_code);
1829
1830 spin_lock_bh(&local->ap->sta_table_lock);
1831 sta = ap_get_sta(local->ap, hdr->addr2);
1832 if (sta != NULL) {
1833 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap)
1834 hostap_event_expired_sta(local->dev, sta);
1835 sta->flags &= ~WLAN_STA_ASSOC;
1836 }
1837 spin_unlock_bh(&local->ap->sta_table_lock);
1838 if (sta == NULL) {
1839 printk("%s: disassociation from %pM, "
1840 "reason_code=%d, but STA not authenticated\n",
1841 dev->name, hdr->addr2, reason_code);
1842 }
1843}
1844
1845
1846
1847static void ap_handle_data_nullfunc(local_info_t *local,
1848 struct ieee80211_hdr *hdr)
1849{
1850 struct net_device *dev = local->dev;
1851
1852
1853
1854
1855
1856
1857 printk(KERN_DEBUG "Sending control::ACK for data::nullfunc\n");
1858 prism2_send_mgmt(dev, IEEE80211_FTYPE_CTL | IEEE80211_STYPE_ACK,
1859 NULL, 0, hdr->addr2, 0);
1860}
1861
1862
1863
1864static void ap_handle_dropped_data(local_info_t *local,
1865 struct ieee80211_hdr *hdr)
1866{
1867 struct net_device *dev = local->dev;
1868 struct sta_info *sta;
1869 __le16 reason;
1870
1871 spin_lock_bh(&local->ap->sta_table_lock);
1872 sta = ap_get_sta(local->ap, hdr->addr2);
1873 if (sta)
1874 atomic_inc(&sta->users);
1875 spin_unlock_bh(&local->ap->sta_table_lock);
1876
1877 if (sta != NULL && (sta->flags & WLAN_STA_ASSOC)) {
1878 PDEBUG(DEBUG_AP, "ap_handle_dropped_data: STA is now okay?\n");
1879 atomic_dec(&sta->users);
1880 return;
1881 }
1882
1883 reason = cpu_to_le16(WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
1884 prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT |
1885 ((sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) ?
1886 IEEE80211_STYPE_DEAUTH : IEEE80211_STYPE_DISASSOC),
1887 (char *) &reason, sizeof(reason), hdr->addr2, 0);
1888
1889 if (sta)
1890 atomic_dec(&sta->users);
1891}
1892
1893#endif
1894
1895
1896
1897static void pspoll_send_buffered(local_info_t *local, struct sta_info *sta,
1898 struct sk_buff *skb)
1899{
1900 struct hostap_skb_tx_data *meta;
1901
1902 if (!(sta->flags & WLAN_STA_PS)) {
1903
1904
1905 dev_queue_xmit(skb);
1906 return;
1907 }
1908
1909
1910
1911 meta = (struct hostap_skb_tx_data *) skb->cb;
1912 meta->flags |= HOSTAP_TX_FLAGS_BUFFERED_FRAME;
1913 if (!skb_queue_empty(&sta->tx_buf)) {
1914
1915 meta->flags |= HOSTAP_TX_FLAGS_ADD_MOREDATA;
1916 }
1917 dev_queue_xmit(skb);
1918}
1919
1920
1921
1922static void handle_pspoll(local_info_t *local,
1923 struct ieee80211_hdr *hdr,
1924 struct hostap_80211_rx_status *rx_stats)
1925{
1926 struct net_device *dev = local->dev;
1927 struct sta_info *sta;
1928 u16 aid;
1929 struct sk_buff *skb;
1930
1931 PDEBUG(DEBUG_PS2, "handle_pspoll: BSSID=%pM, TA=%pM PWRMGT=%d\n",
1932 hdr->addr1, hdr->addr2, !!ieee80211_has_pm(hdr->frame_control));
1933
1934 if (!ether_addr_equal(hdr->addr1, dev->dev_addr)) {
1935 PDEBUG(DEBUG_AP,
1936 "handle_pspoll - addr1(BSSID)=%pM not own MAC\n",
1937 hdr->addr1);
1938 return;
1939 }
1940
1941 aid = le16_to_cpu(hdr->duration_id);
1942 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14))) {
1943 PDEBUG(DEBUG_PS, " PSPOLL and AID[15:14] not set\n");
1944 return;
1945 }
1946 aid &= ~(BIT(15) | BIT(14));
1947 if (aid == 0 || aid > MAX_AID_TABLE_SIZE) {
1948 PDEBUG(DEBUG_PS, " invalid aid=%d\n", aid);
1949 return;
1950 }
1951 PDEBUG(DEBUG_PS2, " aid=%d\n", aid);
1952
1953 spin_lock_bh(&local->ap->sta_table_lock);
1954 sta = ap_get_sta(local->ap, hdr->addr2);
1955 if (sta)
1956 atomic_inc(&sta->users);
1957 spin_unlock_bh(&local->ap->sta_table_lock);
1958
1959 if (sta == NULL) {
1960 PDEBUG(DEBUG_PS, " STA not found\n");
1961 return;
1962 }
1963 if (sta->aid != aid) {
1964 PDEBUG(DEBUG_PS, " received aid=%i does not match with "
1965 "assoc.aid=%d\n", aid, sta->aid);
1966 return;
1967 }
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978 while ((skb = skb_dequeue(&sta->tx_buf)) != NULL) {
1979
1980 PDEBUG(DEBUG_PS2, "Sending buffered frame to STA after PS POLL"
1981 " (buffer_count=%d)\n", skb_queue_len(&sta->tx_buf));
1982
1983 pspoll_send_buffered(local, sta, skb);
1984
1985 if (sta->flags & WLAN_STA_PS) {
1986
1987
1988
1989
1990 break;
1991 }
1992 }
1993
1994 if (skb_queue_empty(&sta->tx_buf)) {
1995
1996 if (!(sta->flags & WLAN_STA_TIM))
1997 PDEBUG(DEBUG_PS2, "Re-unsetting TIM for aid %d\n",
1998 aid);
1999 hostap_set_tim(local, aid, 0);
2000 sta->flags &= ~WLAN_STA_TIM;
2001 }
2002
2003 atomic_dec(&sta->users);
2004}
2005
2006
2007#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
2008
2009static void handle_wds_oper_queue(struct work_struct *work)
2010{
2011 struct ap_data *ap = container_of(work, struct ap_data,
2012 wds_oper_queue);
2013 local_info_t *local = ap->local;
2014 struct wds_oper_data *entry, *prev;
2015
2016 spin_lock_bh(&local->lock);
2017 entry = local->ap->wds_oper_entries;
2018 local->ap->wds_oper_entries = NULL;
2019 spin_unlock_bh(&local->lock);
2020
2021 while (entry) {
2022 PDEBUG(DEBUG_AP, "%s: %s automatic WDS connection "
2023 "to AP %pM\n",
2024 local->dev->name,
2025 entry->type == WDS_ADD ? "adding" : "removing",
2026 entry->addr);
2027 if (entry->type == WDS_ADD)
2028 prism2_wds_add(local, entry->addr, 0);
2029 else if (entry->type == WDS_DEL)
2030 prism2_wds_del(local, entry->addr, 0, 1);
2031
2032 prev = entry;
2033 entry = entry->next;
2034 kfree(prev);
2035 }
2036}
2037
2038
2039
2040static void handle_beacon(local_info_t *local, struct sk_buff *skb,
2041 struct hostap_80211_rx_status *rx_stats)
2042{
2043 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
2044 char *body = skb->data + IEEE80211_MGMT_HDR_LEN;
2045 int len, left;
2046 u16 beacon_int, capability;
2047 __le16 *pos;
2048 char *ssid = NULL;
2049 unsigned char *supp_rates = NULL;
2050 int ssid_len = 0, supp_rates_len = 0;
2051 struct sta_info *sta = NULL;
2052 int new_sta = 0, channel = -1;
2053
2054 len = skb->len - IEEE80211_MGMT_HDR_LEN;
2055
2056 if (len < 8 + 2 + 2) {
2057 printk(KERN_DEBUG "handle_beacon - too short payload "
2058 "(len=%d)\n", len);
2059 return;
2060 }
2061
2062 pos = (__le16 *) body;
2063 left = len;
2064
2065
2066 pos += 4; left -= 8;
2067
2068 beacon_int = le16_to_cpu(*pos);
2069 pos++; left -= 2;
2070
2071 capability = le16_to_cpu(*pos);
2072 pos++; left -= 2;
2073
2074 if (local->ap->ap_policy != AP_OTHER_AP_EVEN_IBSS &&
2075 capability & WLAN_CAPABILITY_IBSS)
2076 return;
2077
2078 if (left >= 2) {
2079 unsigned int ileft;
2080 unsigned char *u = (unsigned char *) pos;
2081
2082 if (*u == WLAN_EID_SSID) {
2083 u++; left--;
2084 ileft = *u;
2085 u++; left--;
2086
2087 if (ileft > left || ileft > MAX_SSID_LEN) {
2088 PDEBUG(DEBUG_AP, "SSID: overflow\n");
2089 return;
2090 }
2091
2092 if (local->ap->ap_policy == AP_OTHER_AP_SAME_SSID &&
2093 (ileft != strlen(local->essid) ||
2094 memcmp(local->essid, u, ileft) != 0)) {
2095
2096 return;
2097 }
2098
2099 ssid = u;
2100 ssid_len = ileft;
2101
2102 u += ileft;
2103 left -= ileft;
2104 }
2105
2106 if (*u == WLAN_EID_SUPP_RATES) {
2107 u++; left--;
2108 ileft = *u;
2109 u++; left--;
2110
2111 if (ileft > left || ileft == 0 || ileft > 8) {
2112 PDEBUG(DEBUG_AP, " - SUPP_RATES len error\n");
2113 return;
2114 }
2115
2116 supp_rates = u;
2117 supp_rates_len = ileft;
2118
2119 u += ileft;
2120 left -= ileft;
2121 }
2122
2123 if (*u == WLAN_EID_DS_PARAMS) {
2124 u++; left--;
2125 ileft = *u;
2126 u++; left--;
2127
2128 if (ileft > left || ileft != 1) {
2129 PDEBUG(DEBUG_AP, " - DS_PARAMS len error\n");
2130 return;
2131 }
2132
2133 channel = *u;
2134
2135 u += ileft;
2136 left -= ileft;
2137 }
2138 }
2139
2140 spin_lock_bh(&local->ap->sta_table_lock);
2141 sta = ap_get_sta(local->ap, hdr->addr2);
2142 if (sta != NULL)
2143 atomic_inc(&sta->users);
2144 spin_unlock_bh(&local->ap->sta_table_lock);
2145
2146 if (sta == NULL) {
2147
2148 new_sta = 1;
2149 sta = ap_add_sta(local->ap, hdr->addr2);
2150 if (sta == NULL) {
2151 printk(KERN_INFO "prism2: kmalloc failed for AP "
2152 "data structure\n");
2153 return;
2154 }
2155 hostap_event_new_sta(local->dev, sta);
2156
2157
2158
2159 sta->flags = WLAN_STA_AUTH | WLAN_STA_ASSOC;
2160
2161 if (local->ap->autom_ap_wds) {
2162 hostap_wds_link_oper(local, sta->addr, WDS_ADD);
2163 }
2164 }
2165
2166 sta->ap = 1;
2167 if (ssid) {
2168 sta->u.ap.ssid_len = ssid_len;
2169 memcpy(sta->u.ap.ssid, ssid, ssid_len);
2170 sta->u.ap.ssid[ssid_len] = '\0';
2171 } else {
2172 sta->u.ap.ssid_len = 0;
2173 sta->u.ap.ssid[0] = '\0';
2174 }
2175 sta->u.ap.channel = channel;
2176 sta->rx_packets++;
2177 sta->rx_bytes += len;
2178 sta->u.ap.last_beacon = sta->last_rx = jiffies;
2179 sta->capability = capability;
2180 sta->listen_interval = beacon_int;
2181
2182 atomic_dec(&sta->users);
2183
2184 if (new_sta) {
2185 memset(sta->supported_rates, 0, sizeof(sta->supported_rates));
2186 memcpy(sta->supported_rates, supp_rates, supp_rates_len);
2187 prism2_check_tx_rates(sta);
2188 }
2189}
2190
2191#endif
2192
2193
2194
2195static void handle_ap_item(local_info_t *local, struct sk_buff *skb,
2196 struct hostap_80211_rx_status *rx_stats)
2197{
2198#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
2199 struct net_device *dev = local->dev;
2200#endif
2201 u16 fc, type, stype;
2202 struct ieee80211_hdr *hdr;
2203
2204
2205
2206 hdr = (struct ieee80211_hdr *) skb->data;
2207 fc = le16_to_cpu(hdr->frame_control);
2208 type = fc & IEEE80211_FCTL_FTYPE;
2209 stype = fc & IEEE80211_FCTL_STYPE;
2210
2211#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
2212 if (!local->hostapd && type == IEEE80211_FTYPE_DATA) {
2213 PDEBUG(DEBUG_AP, "handle_ap_item - data frame\n");
2214
2215 if (!(fc & IEEE80211_FCTL_TODS) ||
2216 (fc & IEEE80211_FCTL_FROMDS)) {
2217 if (stype == IEEE80211_STYPE_NULLFUNC) {
2218
2219
2220
2221 ap_handle_dropped_data(local, hdr);
2222 goto done;
2223 }
2224 PDEBUG(DEBUG_AP, " not ToDS frame (fc=0x%04x)\n",
2225 fc);
2226 goto done;
2227 }
2228
2229 if (!ether_addr_equal(hdr->addr1, dev->dev_addr)) {
2230 PDEBUG(DEBUG_AP, "handle_ap_item - addr1(BSSID)=%pM"
2231 " not own MAC\n", hdr->addr1);
2232 goto done;
2233 }
2234
2235 if (local->ap->nullfunc_ack &&
2236 stype == IEEE80211_STYPE_NULLFUNC)
2237 ap_handle_data_nullfunc(local, hdr);
2238 else
2239 ap_handle_dropped_data(local, hdr);
2240 goto done;
2241 }
2242
2243 if (type == IEEE80211_FTYPE_MGMT && stype == IEEE80211_STYPE_BEACON) {
2244 handle_beacon(local, skb, rx_stats);
2245 goto done;
2246 }
2247#endif
2248
2249 if (type == IEEE80211_FTYPE_CTL && stype == IEEE80211_STYPE_PSPOLL) {
2250 handle_pspoll(local, hdr, rx_stats);
2251 goto done;
2252 }
2253
2254 if (local->hostapd) {
2255 PDEBUG(DEBUG_AP, "Unknown frame in AP queue: type=0x%02x "
2256 "subtype=0x%02x\n", type, stype);
2257 goto done;
2258 }
2259
2260#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
2261 if (type != IEEE80211_FTYPE_MGMT) {
2262 PDEBUG(DEBUG_AP, "handle_ap_item - not a management frame?\n");
2263 goto done;
2264 }
2265
2266 if (!ether_addr_equal(hdr->addr1, dev->dev_addr)) {
2267 PDEBUG(DEBUG_AP, "handle_ap_item - addr1(DA)=%pM"
2268 " not own MAC\n", hdr->addr1);
2269 goto done;
2270 }
2271
2272 if (!ether_addr_equal(hdr->addr3, dev->dev_addr)) {
2273 PDEBUG(DEBUG_AP, "handle_ap_item - addr3(BSSID)=%pM"
2274 " not own MAC\n", hdr->addr3);
2275 goto done;
2276 }
2277
2278 switch (stype) {
2279 case IEEE80211_STYPE_ASSOC_REQ:
2280 handle_assoc(local, skb, rx_stats, 0);
2281 break;
2282 case IEEE80211_STYPE_ASSOC_RESP:
2283 PDEBUG(DEBUG_AP, "==> ASSOC RESP (ignored)\n");
2284 break;
2285 case IEEE80211_STYPE_REASSOC_REQ:
2286 handle_assoc(local, skb, rx_stats, 1);
2287 break;
2288 case IEEE80211_STYPE_REASSOC_RESP:
2289 PDEBUG(DEBUG_AP, "==> REASSOC RESP (ignored)\n");
2290 break;
2291 case IEEE80211_STYPE_ATIM:
2292 PDEBUG(DEBUG_AP, "==> ATIM (ignored)\n");
2293 break;
2294 case IEEE80211_STYPE_DISASSOC:
2295 handle_disassoc(local, skb, rx_stats);
2296 break;
2297 case IEEE80211_STYPE_AUTH:
2298 handle_authen(local, skb, rx_stats);
2299 break;
2300 case IEEE80211_STYPE_DEAUTH:
2301 handle_deauth(local, skb, rx_stats);
2302 break;
2303 default:
2304 PDEBUG(DEBUG_AP, "Unknown mgmt frame subtype 0x%02x\n",
2305 stype >> 4);
2306 break;
2307 }
2308#endif
2309
2310 done:
2311 dev_kfree_skb(skb);
2312}
2313
2314
2315
2316void hostap_rx(struct net_device *dev, struct sk_buff *skb,
2317 struct hostap_80211_rx_status *rx_stats)
2318{
2319 struct hostap_interface *iface;
2320 local_info_t *local;
2321 struct ieee80211_hdr *hdr;
2322
2323 iface = netdev_priv(dev);
2324 local = iface->local;
2325
2326 if (skb->len < 16)
2327 goto drop;
2328
2329 dev->stats.rx_packets++;
2330
2331 hdr = (struct ieee80211_hdr *) skb->data;
2332
2333 if (local->ap->ap_policy == AP_OTHER_AP_SKIP_ALL &&
2334 ieee80211_is_beacon(hdr->frame_control))
2335 goto drop;
2336
2337 skb->protocol = cpu_to_be16(ETH_P_HOSTAP);
2338 handle_ap_item(local, skb, rx_stats);
2339 return;
2340
2341 drop:
2342 dev_kfree_skb(skb);
2343}
2344
2345
2346
2347static void schedule_packet_send(local_info_t *local, struct sta_info *sta)
2348{
2349 struct sk_buff *skb;
2350 struct ieee80211_hdr *hdr;
2351 struct hostap_80211_rx_status rx_stats;
2352
2353 if (skb_queue_empty(&sta->tx_buf))
2354 return;
2355
2356 skb = dev_alloc_skb(16);
2357 if (skb == NULL) {
2358 printk(KERN_DEBUG "%s: schedule_packet_send: skb alloc "
2359 "failed\n", local->dev->name);
2360 return;
2361 }
2362
2363 hdr = skb_put(skb, 16);
2364
2365
2366 hdr->frame_control = cpu_to_le16(
2367 IEEE80211_FTYPE_CTL | IEEE80211_STYPE_PSPOLL);
2368 memcpy(hdr->addr1, local->dev->dev_addr, ETH_ALEN);
2369 memcpy(hdr->addr2, sta->addr, ETH_ALEN);
2370 hdr->duration_id = cpu_to_le16(sta->aid | BIT(15) | BIT(14));
2371
2372 PDEBUG(DEBUG_PS2,
2373 "%s: Scheduling buffered packet delivery for STA %pM\n",
2374 local->dev->name, sta->addr);
2375
2376 skb->dev = local->dev;
2377
2378 memset(&rx_stats, 0, sizeof(rx_stats));
2379 hostap_rx(local->dev, skb, &rx_stats);
2380}
2381
2382
2383int prism2_ap_get_sta_qual(local_info_t *local, struct sockaddr addr[],
2384 struct iw_quality qual[], int buf_size,
2385 int aplist)
2386{
2387 struct ap_data *ap = local->ap;
2388 struct list_head *ptr;
2389 int count = 0;
2390
2391 spin_lock_bh(&ap->sta_table_lock);
2392
2393 for (ptr = ap->sta_list.next; ptr != NULL && ptr != &ap->sta_list;
2394 ptr = ptr->next) {
2395 struct sta_info *sta = (struct sta_info *) ptr;
2396
2397 if (aplist && !sta->ap)
2398 continue;
2399 addr[count].sa_family = ARPHRD_ETHER;
2400 memcpy(addr[count].sa_data, sta->addr, ETH_ALEN);
2401 if (sta->last_rx_silence == 0)
2402 qual[count].qual = sta->last_rx_signal < 27 ?
2403 0 : (sta->last_rx_signal - 27) * 92 / 127;
2404 else
2405 qual[count].qual = sta->last_rx_signal -
2406 sta->last_rx_silence - 35;
2407 qual[count].level = HFA384X_LEVEL_TO_dBm(sta->last_rx_signal);
2408 qual[count].noise = HFA384X_LEVEL_TO_dBm(sta->last_rx_silence);
2409 qual[count].updated = sta->last_rx_updated;
2410
2411 sta->last_rx_updated = IW_QUAL_DBM;
2412
2413 count++;
2414 if (count >= buf_size)
2415 break;
2416 }
2417 spin_unlock_bh(&ap->sta_table_lock);
2418
2419 return count;
2420}
2421
2422
2423
2424
2425int prism2_ap_translate_scan(struct net_device *dev,
2426 struct iw_request_info *info, char *buffer)
2427{
2428 struct hostap_interface *iface;
2429 local_info_t *local;
2430 struct ap_data *ap;
2431 struct list_head *ptr;
2432 struct iw_event iwe;
2433 char *current_ev = buffer;
2434 char *end_buf = buffer + IW_SCAN_MAX_DATA;
2435#if !defined(PRISM2_NO_KERNEL_IEEE80211_MGMT)
2436 char buf[64];
2437#endif
2438
2439 iface = netdev_priv(dev);
2440 local = iface->local;
2441 ap = local->ap;
2442
2443 spin_lock_bh(&ap->sta_table_lock);
2444
2445 for (ptr = ap->sta_list.next; ptr != NULL && ptr != &ap->sta_list;
2446 ptr = ptr->next) {
2447 struct sta_info *sta = (struct sta_info *) ptr;
2448
2449
2450 memset(&iwe, 0, sizeof(iwe));
2451 iwe.cmd = SIOCGIWAP;
2452 iwe.u.ap_addr.sa_family = ARPHRD_ETHER;
2453 memcpy(iwe.u.ap_addr.sa_data, sta->addr, ETH_ALEN);
2454 iwe.len = IW_EV_ADDR_LEN;
2455 current_ev = iwe_stream_add_event(info, current_ev, end_buf,
2456 &iwe, IW_EV_ADDR_LEN);
2457
2458
2459
2460 memset(&iwe, 0, sizeof(iwe));
2461 iwe.cmd = SIOCGIWMODE;
2462 if (sta->ap)
2463 iwe.u.mode = IW_MODE_MASTER;
2464 else
2465 iwe.u.mode = IW_MODE_INFRA;
2466 iwe.len = IW_EV_UINT_LEN;
2467 current_ev = iwe_stream_add_event(info, current_ev, end_buf,
2468 &iwe, IW_EV_UINT_LEN);
2469
2470
2471 memset(&iwe, 0, sizeof(iwe));
2472 iwe.cmd = IWEVQUAL;
2473 if (sta->last_rx_silence == 0)
2474 iwe.u.qual.qual = sta->last_rx_signal < 27 ?
2475 0 : (sta->last_rx_signal - 27) * 92 / 127;
2476 else
2477 iwe.u.qual.qual = sta->last_rx_signal -
2478 sta->last_rx_silence - 35;
2479 iwe.u.qual.level = HFA384X_LEVEL_TO_dBm(sta->last_rx_signal);
2480 iwe.u.qual.noise = HFA384X_LEVEL_TO_dBm(sta->last_rx_silence);
2481 iwe.u.qual.updated = sta->last_rx_updated;
2482 iwe.len = IW_EV_QUAL_LEN;
2483 current_ev = iwe_stream_add_event(info, current_ev, end_buf,
2484 &iwe, IW_EV_QUAL_LEN);
2485
2486#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
2487 if (sta->ap) {
2488 memset(&iwe, 0, sizeof(iwe));
2489 iwe.cmd = SIOCGIWESSID;
2490 iwe.u.data.length = sta->u.ap.ssid_len;
2491 iwe.u.data.flags = 1;
2492 current_ev = iwe_stream_add_point(info, current_ev,
2493 end_buf, &iwe,
2494 sta->u.ap.ssid);
2495
2496 memset(&iwe, 0, sizeof(iwe));
2497 iwe.cmd = SIOCGIWENCODE;
2498 if (sta->capability & WLAN_CAPABILITY_PRIVACY)
2499 iwe.u.data.flags =
2500 IW_ENCODE_ENABLED | IW_ENCODE_NOKEY;
2501 else
2502 iwe.u.data.flags = IW_ENCODE_DISABLED;
2503 current_ev = iwe_stream_add_point(info, current_ev,
2504 end_buf, &iwe,
2505 sta->u.ap.ssid);
2506
2507 if (sta->u.ap.channel > 0 &&
2508 sta->u.ap.channel <= FREQ_COUNT) {
2509 memset(&iwe, 0, sizeof(iwe));
2510 iwe.cmd = SIOCGIWFREQ;
2511 iwe.u.freq.m = freq_list[sta->u.ap.channel - 1]
2512 * 100000;
2513 iwe.u.freq.e = 1;
2514 current_ev = iwe_stream_add_event(
2515 info, current_ev, end_buf, &iwe,
2516 IW_EV_FREQ_LEN);
2517 }
2518
2519 memset(&iwe, 0, sizeof(iwe));
2520 iwe.cmd = IWEVCUSTOM;
2521 sprintf(buf, "beacon_interval=%d",
2522 sta->listen_interval);
2523 iwe.u.data.length = strlen(buf);
2524 current_ev = iwe_stream_add_point(info, current_ev,
2525 end_buf, &iwe, buf);
2526 }
2527#endif
2528
2529 sta->last_rx_updated = IW_QUAL_DBM;
2530
2531
2532 }
2533
2534 spin_unlock_bh(&ap->sta_table_lock);
2535
2536 return current_ev - buffer;
2537}
2538
2539
2540static int prism2_hostapd_add_sta(struct ap_data *ap,
2541 struct prism2_hostapd_param *param)
2542{
2543 struct sta_info *sta;
2544
2545 spin_lock_bh(&ap->sta_table_lock);
2546 sta = ap_get_sta(ap, param->sta_addr);
2547 if (sta)
2548 atomic_inc(&sta->users);
2549 spin_unlock_bh(&ap->sta_table_lock);
2550
2551 if (sta == NULL) {
2552 sta = ap_add_sta(ap, param->sta_addr);
2553 if (sta == NULL)
2554 return -1;
2555 }
2556
2557 if (!(sta->flags & WLAN_STA_ASSOC) && !sta->ap && sta->local)
2558 hostap_event_new_sta(sta->local->dev, sta);
2559
2560 sta->flags |= WLAN_STA_AUTH | WLAN_STA_ASSOC;
2561 sta->last_rx = jiffies;
2562 sta->aid = param->u.add_sta.aid;
2563 sta->capability = param->u.add_sta.capability;
2564 sta->tx_supp_rates = param->u.add_sta.tx_supp_rates;
2565 if (sta->tx_supp_rates & WLAN_RATE_1M)
2566 sta->supported_rates[0] = 2;
2567 if (sta->tx_supp_rates & WLAN_RATE_2M)
2568 sta->supported_rates[1] = 4;
2569 if (sta->tx_supp_rates & WLAN_RATE_5M5)
2570 sta->supported_rates[2] = 11;
2571 if (sta->tx_supp_rates & WLAN_RATE_11M)
2572 sta->supported_rates[3] = 22;
2573 prism2_check_tx_rates(sta);
2574 atomic_dec(&sta->users);
2575 return 0;
2576}
2577
2578
2579static int prism2_hostapd_remove_sta(struct ap_data *ap,
2580 struct prism2_hostapd_param *param)
2581{
2582 struct sta_info *sta;
2583
2584 spin_lock_bh(&ap->sta_table_lock);
2585 sta = ap_get_sta(ap, param->sta_addr);
2586 if (sta) {
2587 ap_sta_hash_del(ap, sta);
2588 list_del(&sta->list);
2589 }
2590 spin_unlock_bh(&ap->sta_table_lock);
2591
2592 if (!sta)
2593 return -ENOENT;
2594
2595 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap && sta->local)
2596 hostap_event_expired_sta(sta->local->dev, sta);
2597 ap_free_sta(ap, sta);
2598
2599 return 0;
2600}
2601
2602
2603static int prism2_hostapd_get_info_sta(struct ap_data *ap,
2604 struct prism2_hostapd_param *param)
2605{
2606 struct sta_info *sta;
2607
2608 spin_lock_bh(&ap->sta_table_lock);
2609 sta = ap_get_sta(ap, param->sta_addr);
2610 if (sta)
2611 atomic_inc(&sta->users);
2612 spin_unlock_bh(&ap->sta_table_lock);
2613
2614 if (!sta)
2615 return -ENOENT;
2616
2617 param->u.get_info_sta.inactive_sec = (jiffies - sta->last_rx) / HZ;
2618
2619 atomic_dec(&sta->users);
2620
2621 return 1;
2622}
2623
2624
2625static int prism2_hostapd_set_flags_sta(struct ap_data *ap,
2626 struct prism2_hostapd_param *param)
2627{
2628 struct sta_info *sta;
2629
2630 spin_lock_bh(&ap->sta_table_lock);
2631 sta = ap_get_sta(ap, param->sta_addr);
2632 if (sta) {
2633 sta->flags |= param->u.set_flags_sta.flags_or;
2634 sta->flags &= param->u.set_flags_sta.flags_and;
2635 }
2636 spin_unlock_bh(&ap->sta_table_lock);
2637
2638 if (!sta)
2639 return -ENOENT;
2640
2641 return 0;
2642}
2643
2644
2645static int prism2_hostapd_sta_clear_stats(struct ap_data *ap,
2646 struct prism2_hostapd_param *param)
2647{
2648 struct sta_info *sta;
2649 int rate;
2650
2651 spin_lock_bh(&ap->sta_table_lock);
2652 sta = ap_get_sta(ap, param->sta_addr);
2653 if (sta) {
2654 sta->rx_packets = sta->tx_packets = 0;
2655 sta->rx_bytes = sta->tx_bytes = 0;
2656 for (rate = 0; rate < WLAN_RATE_COUNT; rate++) {
2657 sta->tx_count[rate] = 0;
2658 sta->rx_count[rate] = 0;
2659 }
2660 }
2661 spin_unlock_bh(&ap->sta_table_lock);
2662
2663 if (!sta)
2664 return -ENOENT;
2665
2666 return 0;
2667}
2668
2669
2670int prism2_hostapd(struct ap_data *ap, struct prism2_hostapd_param *param)
2671{
2672 switch (param->cmd) {
2673 case PRISM2_HOSTAPD_FLUSH:
2674 ap_control_kickall(ap);
2675 return 0;
2676 case PRISM2_HOSTAPD_ADD_STA:
2677 return prism2_hostapd_add_sta(ap, param);
2678 case PRISM2_HOSTAPD_REMOVE_STA:
2679 return prism2_hostapd_remove_sta(ap, param);
2680 case PRISM2_HOSTAPD_GET_INFO_STA:
2681 return prism2_hostapd_get_info_sta(ap, param);
2682 case PRISM2_HOSTAPD_SET_FLAGS_STA:
2683 return prism2_hostapd_set_flags_sta(ap, param);
2684 case PRISM2_HOSTAPD_STA_CLEAR_STATS:
2685 return prism2_hostapd_sta_clear_stats(ap, param);
2686 default:
2687 printk(KERN_WARNING "prism2_hostapd: unknown cmd=%d\n",
2688 param->cmd);
2689 return -EOPNOTSUPP;
2690 }
2691}
2692
2693
2694
2695
2696static int ap_update_sta_tx_rate(struct sta_info *sta, struct net_device *dev)
2697{
2698 int ret = sta->tx_rate;
2699 struct hostap_interface *iface;
2700 local_info_t *local;
2701
2702 iface = netdev_priv(dev);
2703 local = iface->local;
2704
2705 sta->tx_count[sta->tx_rate_idx]++;
2706 sta->tx_since_last_failure++;
2707 sta->tx_consecutive_exc = 0;
2708 if (sta->tx_since_last_failure >= WLAN_RATE_UPDATE_COUNT &&
2709 sta->tx_rate_idx < sta->tx_max_rate) {
2710
2711 int old_rate, new_rate;
2712 old_rate = new_rate = sta->tx_rate_idx;
2713 while (new_rate < sta->tx_max_rate) {
2714 new_rate++;
2715 if (ap_tx_rate_ok(new_rate, sta, local)) {
2716 sta->tx_rate_idx = new_rate;
2717 break;
2718 }
2719 }
2720 if (old_rate != sta->tx_rate_idx) {
2721 switch (sta->tx_rate_idx) {
2722 case 0: sta->tx_rate = 10; break;
2723 case 1: sta->tx_rate = 20; break;
2724 case 2: sta->tx_rate = 55; break;
2725 case 3: sta->tx_rate = 110; break;
2726 default: sta->tx_rate = 0; break;
2727 }
2728 PDEBUG(DEBUG_AP, "%s: STA %pM TX rate raised to %d\n",
2729 dev->name, sta->addr, sta->tx_rate);
2730 }
2731 sta->tx_since_last_failure = 0;
2732 }
2733
2734 return ret;
2735}
2736
2737
2738
2739
2740ap_tx_ret hostap_handle_sta_tx(local_info_t *local, struct hostap_tx_data *tx)
2741{
2742 struct sta_info *sta = NULL;
2743 struct sk_buff *skb = tx->skb;
2744 int set_tim, ret;
2745 struct ieee80211_hdr *hdr;
2746 struct hostap_skb_tx_data *meta;
2747
2748 meta = (struct hostap_skb_tx_data *) skb->cb;
2749 ret = AP_TX_CONTINUE;
2750 if (local->ap == NULL || skb->len < 10 ||
2751 meta->iface->type == HOSTAP_INTERFACE_STA)
2752 goto out;
2753
2754 hdr = (struct ieee80211_hdr *) skb->data;
2755
2756 if (hdr->addr1[0] & 0x01) {
2757
2758 if (local->ap->num_sta <= 0)
2759 ret = AP_TX_DROP;
2760 goto out;
2761 }
2762
2763
2764 spin_lock(&local->ap->sta_table_lock);
2765 sta = ap_get_sta(local->ap, hdr->addr1);
2766 if (sta)
2767 atomic_inc(&sta->users);
2768 spin_unlock(&local->ap->sta_table_lock);
2769
2770 if (local->iw_mode == IW_MODE_MASTER && sta == NULL &&
2771 !(meta->flags & HOSTAP_TX_FLAGS_WDS) &&
2772 meta->iface->type != HOSTAP_INTERFACE_MASTER &&
2773 meta->iface->type != HOSTAP_INTERFACE_AP) {
2774#if 0
2775
2776
2777
2778
2779
2780 if (net_ratelimit()) {
2781 printk(KERN_DEBUG "AP: drop packet to non-associated "
2782 "STA %pM\n", hdr->addr1);
2783 }
2784#endif
2785 local->ap->tx_drop_nonassoc++;
2786 ret = AP_TX_DROP;
2787 goto out;
2788 }
2789
2790 if (sta == NULL)
2791 goto out;
2792
2793 if (!(sta->flags & WLAN_STA_AUTHORIZED))
2794 ret = AP_TX_CONTINUE_NOT_AUTHORIZED;
2795
2796
2797 if (!local->fw_tx_rate_control)
2798 local->ap->last_tx_rate = meta->rate =
2799 ap_update_sta_tx_rate(sta, local->dev);
2800
2801 if (local->iw_mode != IW_MODE_MASTER)
2802 goto out;
2803
2804 if (!(sta->flags & WLAN_STA_PS))
2805 goto out;
2806
2807 if (meta->flags & HOSTAP_TX_FLAGS_ADD_MOREDATA) {
2808
2809 hdr->frame_control |=
2810 cpu_to_le16(IEEE80211_FCTL_MOREDATA);
2811 }
2812
2813 if (meta->flags & HOSTAP_TX_FLAGS_BUFFERED_FRAME) {
2814
2815
2816 goto out;
2817 }
2818
2819 if (skb_queue_len(&sta->tx_buf) >= STA_MAX_TX_BUFFER) {
2820 PDEBUG(DEBUG_PS, "%s: No more space in STA (%pM)'s"
2821 "PS mode buffer\n",
2822 local->dev->name, sta->addr);
2823
2824
2825
2826
2827 hostap_set_tim(local, sta->aid, 1);
2828 sta->flags |= WLAN_STA_TIM;
2829 ret = AP_TX_DROP;
2830 goto out;
2831 }
2832
2833
2834 set_tim = skb_queue_empty(&sta->tx_buf);
2835 skb_queue_tail(&sta->tx_buf, skb);
2836
2837
2838
2839 if (set_tim) {
2840 if (sta->flags & WLAN_STA_TIM)
2841 PDEBUG(DEBUG_PS2, "Re-setting TIM for aid %d\n",
2842 sta->aid);
2843 hostap_set_tim(local, sta->aid, 1);
2844 sta->flags |= WLAN_STA_TIM;
2845 }
2846
2847 ret = AP_TX_BUFFERED;
2848
2849 out:
2850 if (sta != NULL) {
2851 if (ret == AP_TX_CONTINUE ||
2852 ret == AP_TX_CONTINUE_NOT_AUTHORIZED) {
2853 sta->tx_packets++;
2854 sta->tx_bytes += skb->len;
2855 sta->last_tx = jiffies;
2856 }
2857
2858 if ((ret == AP_TX_CONTINUE ||
2859 ret == AP_TX_CONTINUE_NOT_AUTHORIZED) &&
2860 sta->crypt && tx->host_encrypt) {
2861 tx->crypt = sta->crypt;
2862 tx->sta_ptr = sta;
2863
2864
2865 } else
2866 atomic_dec(&sta->users);
2867 }
2868
2869 return ret;
2870}
2871
2872
2873void hostap_handle_sta_release(void *ptr)
2874{
2875 struct sta_info *sta = ptr;
2876 atomic_dec(&sta->users);
2877}
2878
2879
2880
2881void hostap_handle_sta_tx_exc(local_info_t *local, struct sk_buff *skb)
2882{
2883 struct sta_info *sta;
2884 struct ieee80211_hdr *hdr;
2885 struct hostap_skb_tx_data *meta;
2886
2887 hdr = (struct ieee80211_hdr *) skb->data;
2888 meta = (struct hostap_skb_tx_data *) skb->cb;
2889
2890 spin_lock(&local->ap->sta_table_lock);
2891 sta = ap_get_sta(local->ap, hdr->addr1);
2892 if (!sta) {
2893 spin_unlock(&local->ap->sta_table_lock);
2894 PDEBUG(DEBUG_AP, "%s: Could not find STA %pM"
2895 " for this TX error (@%lu)\n",
2896 local->dev->name, hdr->addr1, jiffies);
2897 return;
2898 }
2899
2900 sta->tx_since_last_failure = 0;
2901 sta->tx_consecutive_exc++;
2902
2903 if (sta->tx_consecutive_exc >= WLAN_RATE_DECREASE_THRESHOLD &&
2904 sta->tx_rate_idx > 0 && meta->rate <= sta->tx_rate) {
2905
2906 int old, rate;
2907 old = rate = sta->tx_rate_idx;
2908 while (rate > 0) {
2909 rate--;
2910 if (ap_tx_rate_ok(rate, sta, local)) {
2911 sta->tx_rate_idx = rate;
2912 break;
2913 }
2914 }
2915 if (old != sta->tx_rate_idx) {
2916 switch (sta->tx_rate_idx) {
2917 case 0: sta->tx_rate = 10; break;
2918 case 1: sta->tx_rate = 20; break;
2919 case 2: sta->tx_rate = 55; break;
2920 case 3: sta->tx_rate = 110; break;
2921 default: sta->tx_rate = 0; break;
2922 }
2923 PDEBUG(DEBUG_AP,
2924 "%s: STA %pM TX rate lowered to %d\n",
2925 local->dev->name, sta->addr, sta->tx_rate);
2926 }
2927 sta->tx_consecutive_exc = 0;
2928 }
2929 spin_unlock(&local->ap->sta_table_lock);
2930}
2931
2932
2933static void hostap_update_sta_ps2(local_info_t *local, struct sta_info *sta,
2934 int pwrmgt, int type, int stype)
2935{
2936 if (pwrmgt && !(sta->flags & WLAN_STA_PS)) {
2937 sta->flags |= WLAN_STA_PS;
2938 PDEBUG(DEBUG_PS2, "STA %pM changed to use PS "
2939 "mode (type=0x%02X, stype=0x%02X)\n",
2940 sta->addr, type >> 2, stype >> 4);
2941 } else if (!pwrmgt && (sta->flags & WLAN_STA_PS)) {
2942 sta->flags &= ~WLAN_STA_PS;
2943 PDEBUG(DEBUG_PS2, "STA %pM changed to not use "
2944 "PS mode (type=0x%02X, stype=0x%02X)\n",
2945 sta->addr, type >> 2, stype >> 4);
2946 if (type != IEEE80211_FTYPE_CTL ||
2947 stype != IEEE80211_STYPE_PSPOLL)
2948 schedule_packet_send(local, sta);
2949 }
2950}
2951
2952
2953
2954
2955int hostap_update_sta_ps(local_info_t *local, struct ieee80211_hdr *hdr)
2956{
2957 struct sta_info *sta;
2958 u16 fc;
2959
2960 spin_lock(&local->ap->sta_table_lock);
2961 sta = ap_get_sta(local->ap, hdr->addr2);
2962 if (sta)
2963 atomic_inc(&sta->users);
2964 spin_unlock(&local->ap->sta_table_lock);
2965
2966 if (!sta)
2967 return -1;
2968
2969 fc = le16_to_cpu(hdr->frame_control);
2970 hostap_update_sta_ps2(local, sta, fc & IEEE80211_FCTL_PM,
2971 fc & IEEE80211_FCTL_FTYPE,
2972 fc & IEEE80211_FCTL_STYPE);
2973
2974 atomic_dec(&sta->users);
2975 return 0;
2976}
2977
2978
2979
2980
2981ap_rx_ret hostap_handle_sta_rx(local_info_t *local, struct net_device *dev,
2982 struct sk_buff *skb,
2983 struct hostap_80211_rx_status *rx_stats,
2984 int wds)
2985{
2986 int ret;
2987 struct sta_info *sta;
2988 u16 fc, type, stype;
2989 struct ieee80211_hdr *hdr;
2990
2991 if (local->ap == NULL)
2992 return AP_RX_CONTINUE;
2993
2994 hdr = (struct ieee80211_hdr *) skb->data;
2995
2996 fc = le16_to_cpu(hdr->frame_control);
2997 type = fc & IEEE80211_FCTL_FTYPE;
2998 stype = fc & IEEE80211_FCTL_STYPE;
2999
3000 spin_lock(&local->ap->sta_table_lock);
3001 sta = ap_get_sta(local->ap, hdr->addr2);
3002 if (sta)
3003 atomic_inc(&sta->users);
3004 spin_unlock(&local->ap->sta_table_lock);
3005
3006 if (sta && !(sta->flags & WLAN_STA_AUTHORIZED))
3007 ret = AP_RX_CONTINUE_NOT_AUTHORIZED;
3008 else
3009 ret = AP_RX_CONTINUE;
3010
3011
3012 if (fc & IEEE80211_FCTL_TODS) {
3013 if (!wds && (sta == NULL || !(sta->flags & WLAN_STA_ASSOC))) {
3014 if (local->hostapd) {
3015 prism2_rx_80211(local->apdev, skb, rx_stats,
3016 PRISM2_RX_NON_ASSOC);
3017#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
3018 } else {
3019 printk(KERN_DEBUG "%s: dropped received packet"
3020 " from non-associated STA %pM"
3021 " (type=0x%02x, subtype=0x%02x)\n",
3022 dev->name, hdr->addr2,
3023 type >> 2, stype >> 4);
3024 hostap_rx(dev, skb, rx_stats);
3025#endif
3026 }
3027 ret = AP_RX_EXIT;
3028 goto out;
3029 }
3030 } else if (fc & IEEE80211_FCTL_FROMDS) {
3031 if (!wds) {
3032
3033
3034 if (ether_addr_equal(hdr->addr1, dev->dev_addr)) {
3035 printk(KERN_DEBUG "Odd.. FromDS packet "
3036 "received with own BSSID\n");
3037 hostap_dump_rx_80211(dev->name, skb, rx_stats);
3038 }
3039 ret = AP_RX_DROP;
3040 goto out;
3041 }
3042 } else if (stype == IEEE80211_STYPE_NULLFUNC && sta == NULL &&
3043 ether_addr_equal(hdr->addr1, dev->dev_addr)) {
3044
3045 if (local->hostapd) {
3046 prism2_rx_80211(local->apdev, skb, rx_stats,
3047 PRISM2_RX_NON_ASSOC);
3048#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
3049 } else {
3050
3051
3052
3053
3054
3055 printk(KERN_DEBUG "%s: rejected received nullfunc frame"
3056 " without ToDS from not associated STA %pM\n",
3057 dev->name, hdr->addr2);
3058 hostap_rx(dev, skb, rx_stats);
3059#endif
3060 }
3061 ret = AP_RX_EXIT;
3062 goto out;
3063 } else if (stype == IEEE80211_STYPE_NULLFUNC) {
3064
3065
3066
3067
3068 } else {
3069
3070
3071
3072 if (ether_addr_equal(hdr->addr3, dev->dev_addr)) {
3073 printk(KERN_DEBUG "%s: dropped received packet from %pM"
3074 " with no ToDS flag "
3075 "(type=0x%02x, subtype=0x%02x)\n", dev->name,
3076 hdr->addr2, type >> 2, stype >> 4);
3077 hostap_dump_rx_80211(dev->name, skb, rx_stats);
3078 }
3079 ret = AP_RX_DROP;
3080 goto out;
3081 }
3082
3083 if (sta) {
3084 hostap_update_sta_ps2(local, sta, fc & IEEE80211_FCTL_PM,
3085 type, stype);
3086
3087 sta->rx_packets++;
3088 sta->rx_bytes += skb->len;
3089 sta->last_rx = jiffies;
3090 }
3091
3092 if (local->ap->nullfunc_ack && stype == IEEE80211_STYPE_NULLFUNC &&
3093 fc & IEEE80211_FCTL_TODS) {
3094 if (local->hostapd) {
3095 prism2_rx_80211(local->apdev, skb, rx_stats,
3096 PRISM2_RX_NULLFUNC_ACK);
3097#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
3098 } else {
3099
3100
3101
3102
3103
3104 hostap_rx(dev, skb, rx_stats);
3105#endif
3106 }
3107 ret = AP_RX_EXIT;
3108 goto out;
3109 }
3110
3111 out:
3112 if (sta)
3113 atomic_dec(&sta->users);
3114
3115 return ret;
3116}
3117
3118
3119
3120int hostap_handle_sta_crypto(local_info_t *local,
3121 struct ieee80211_hdr *hdr,
3122 struct lib80211_crypt_data **crypt,
3123 void **sta_ptr)
3124{
3125 struct sta_info *sta;
3126
3127 spin_lock(&local->ap->sta_table_lock);
3128 sta = ap_get_sta(local->ap, hdr->addr2);
3129 if (sta)
3130 atomic_inc(&sta->users);
3131 spin_unlock(&local->ap->sta_table_lock);
3132
3133 if (!sta)
3134 return -1;
3135
3136 if (sta->crypt) {
3137 *crypt = sta->crypt;
3138 *sta_ptr = sta;
3139
3140
3141 } else
3142 atomic_dec(&sta->users);
3143
3144 return 0;
3145}
3146
3147
3148
3149int hostap_is_sta_assoc(struct ap_data *ap, u8 *sta_addr)
3150{
3151 struct sta_info *sta;
3152 int ret = 0;
3153
3154 spin_lock(&ap->sta_table_lock);
3155 sta = ap_get_sta(ap, sta_addr);
3156 if (sta != NULL && (sta->flags & WLAN_STA_ASSOC) && !sta->ap)
3157 ret = 1;
3158 spin_unlock(&ap->sta_table_lock);
3159
3160 return ret;
3161}
3162
3163
3164
3165int hostap_is_sta_authorized(struct ap_data *ap, u8 *sta_addr)
3166{
3167 struct sta_info *sta;
3168 int ret = 0;
3169
3170 spin_lock(&ap->sta_table_lock);
3171 sta = ap_get_sta(ap, sta_addr);
3172 if (sta != NULL && (sta->flags & WLAN_STA_ASSOC) && !sta->ap &&
3173 ((sta->flags & WLAN_STA_AUTHORIZED) ||
3174 ap->local->ieee_802_1x == 0))
3175 ret = 1;
3176 spin_unlock(&ap->sta_table_lock);
3177
3178 return ret;
3179}
3180
3181
3182
3183int hostap_add_sta(struct ap_data *ap, u8 *sta_addr)
3184{
3185 struct sta_info *sta;
3186 int ret = 1;
3187
3188 if (!ap)
3189 return -1;
3190
3191 spin_lock(&ap->sta_table_lock);
3192 sta = ap_get_sta(ap, sta_addr);
3193 if (sta)
3194 ret = 0;
3195 spin_unlock(&ap->sta_table_lock);
3196
3197 if (ret == 1) {
3198 sta = ap_add_sta(ap, sta_addr);
3199 if (!sta)
3200 return -1;
3201 sta->flags = WLAN_STA_AUTH | WLAN_STA_ASSOC;
3202 sta->ap = 1;
3203 memset(sta->supported_rates, 0, sizeof(sta->supported_rates));
3204
3205
3206
3207 sta->supported_rates[0] = 0x82;
3208 sta->supported_rates[1] = 0x84;
3209 sta->supported_rates[2] = 0x0b;
3210 sta->supported_rates[3] = 0x16;
3211 sta->tx_supp_rates = WLAN_RATE_1M | WLAN_RATE_2M |
3212 WLAN_RATE_5M5 | WLAN_RATE_11M;
3213 sta->tx_rate = 110;
3214 sta->tx_max_rate = sta->tx_rate_idx = 3;
3215 }
3216
3217 return ret;
3218}
3219
3220
3221
3222int hostap_update_rx_stats(struct ap_data *ap,
3223 struct ieee80211_hdr *hdr,
3224 struct hostap_80211_rx_status *rx_stats)
3225{
3226 struct sta_info *sta;
3227
3228 if (!ap)
3229 return -1;
3230
3231 spin_lock(&ap->sta_table_lock);
3232 sta = ap_get_sta(ap, hdr->addr2);
3233 if (sta) {
3234 sta->last_rx_silence = rx_stats->noise;
3235 sta->last_rx_signal = rx_stats->signal;
3236 sta->last_rx_rate = rx_stats->rate;
3237 sta->last_rx_updated = IW_QUAL_ALL_UPDATED | IW_QUAL_DBM;
3238 if (rx_stats->rate == 10)
3239 sta->rx_count[0]++;
3240 else if (rx_stats->rate == 20)
3241 sta->rx_count[1]++;
3242 else if (rx_stats->rate == 55)
3243 sta->rx_count[2]++;
3244 else if (rx_stats->rate == 110)
3245 sta->rx_count[3]++;
3246 }
3247 spin_unlock(&ap->sta_table_lock);
3248
3249 return sta ? 0 : -1;
3250}
3251
3252
3253void hostap_update_rates(local_info_t *local)
3254{
3255 struct sta_info *sta;
3256 struct ap_data *ap = local->ap;
3257
3258 if (!ap)
3259 return;
3260
3261 spin_lock_bh(&ap->sta_table_lock);
3262 list_for_each_entry(sta, &ap->sta_list, list) {
3263 prism2_check_tx_rates(sta);
3264 }
3265 spin_unlock_bh(&ap->sta_table_lock);
3266}
3267
3268
3269void * ap_crypt_get_ptrs(struct ap_data *ap, u8 *addr, int permanent,
3270 struct lib80211_crypt_data ***crypt)
3271{
3272 struct sta_info *sta;
3273
3274 spin_lock_bh(&ap->sta_table_lock);
3275 sta = ap_get_sta(ap, addr);
3276 if (sta)
3277 atomic_inc(&sta->users);
3278 spin_unlock_bh(&ap->sta_table_lock);
3279
3280 if (!sta && permanent)
3281 sta = ap_add_sta(ap, addr);
3282
3283 if (!sta)
3284 return NULL;
3285
3286 if (permanent)
3287 sta->flags |= WLAN_STA_PERM;
3288
3289 *crypt = &sta->crypt;
3290
3291 return sta;
3292}
3293
3294
3295void hostap_add_wds_links(local_info_t *local)
3296{
3297 struct ap_data *ap = local->ap;
3298 struct sta_info *sta;
3299
3300 spin_lock_bh(&ap->sta_table_lock);
3301 list_for_each_entry(sta, &ap->sta_list, list) {
3302 if (sta->ap)
3303 hostap_wds_link_oper(local, sta->addr, WDS_ADD);
3304 }
3305 spin_unlock_bh(&ap->sta_table_lock);
3306
3307 schedule_work(&local->ap->wds_oper_queue);
3308}
3309
3310
3311void hostap_wds_link_oper(local_info_t *local, u8 *addr, wds_oper_type type)
3312{
3313 struct wds_oper_data *entry;
3314
3315 entry = kmalloc(sizeof(*entry), GFP_ATOMIC);
3316 if (!entry)
3317 return;
3318 memcpy(entry->addr, addr, ETH_ALEN);
3319 entry->type = type;
3320 spin_lock_bh(&local->lock);
3321 entry->next = local->ap->wds_oper_entries;
3322 local->ap->wds_oper_entries = entry;
3323 spin_unlock_bh(&local->lock);
3324
3325 schedule_work(&local->ap->wds_oper_queue);
3326}
3327
3328
3329EXPORT_SYMBOL(hostap_init_data);
3330EXPORT_SYMBOL(hostap_init_ap_proc);
3331EXPORT_SYMBOL(hostap_free_data);
3332EXPORT_SYMBOL(hostap_check_sta_fw_version);
3333EXPORT_SYMBOL(hostap_handle_sta_tx_exc);
3334#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
3335#endif
3336
