mlme.c 120 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
/*
 * BSS client mode implementation
 * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi>
 * Copyright 2004, Instant802 Networks, Inc.
 * Copyright 2005, Devicescape Software, Inc.
 * Copyright 2006-2007	Jiri Benc <jbenc@suse.cz>
 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 */

/* TODO:
 * order BSS list by RSSI(?) ("quality of AP")
 * scan result table filtering (by capability (privacy, IBSS/BSS, WPA/RSN IE,
 *    SSID)
 */
19
#include <linux/delay.h>
20
21
22
23
24
25
26
#include <linux/if_ether.h>
#include <linux/skbuff.h>
#include <linux/netdevice.h>
#include <linux/if_arp.h>
#include <linux/wireless.h>
#include <linux/random.h>
#include <linux/etherdevice.h>
27
#include <linux/rtnetlink.h>
28
29
30
31
32
#include <net/iw_handler.h>
#include <asm/types.h>

#include <net/mac80211.h>
#include "ieee80211_i.h"
Johannes Berg's avatar
Johannes Berg committed
33
34
#include "rate.h"
#include "led.h"
35
#include "mesh.h"
36

37
#define IEEE80211_ASSOC_SCANS_MAX_TRIES 2
38
39
40
41
42
#define IEEE80211_AUTH_TIMEOUT (HZ / 5)
#define IEEE80211_AUTH_MAX_TRIES 3
#define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
#define IEEE80211_ASSOC_MAX_TRIES 3
#define IEEE80211_MONITORING_INTERVAL (2 * HZ)
43
#define IEEE80211_MESH_HOUSEKEEPING_INTERVAL (60 * HZ)
44
45
46
47
#define IEEE80211_PROBE_INTERVAL (60 * HZ)
#define IEEE80211_RETRY_AUTH_INTERVAL (1 * HZ)
#define IEEE80211_SCAN_INTERVAL (2 * HZ)
#define IEEE80211_SCAN_INTERVAL_SLOW (15 * HZ)
48
#define IEEE80211_IBSS_JOIN_TIMEOUT (7 * HZ)
49
50
51
52
53
54
55

#define IEEE80211_PROBE_DELAY (HZ / 33)
#define IEEE80211_CHANNEL_TIME (HZ / 33)
#define IEEE80211_PASSIVE_CHANNEL_TIME (HZ / 5)
#define IEEE80211_SCAN_RESULT_EXPIRE (10 * HZ)
#define IEEE80211_IBSS_MERGE_INTERVAL (30 * HZ)
#define IEEE80211_IBSS_INACTIVITY_LIMIT (60 * HZ)
56
#define IEEE80211_MESH_PEER_INACTIVITY_LIMIT (1800 * HZ)
57
58
59
60
61
62

#define IEEE80211_IBSS_MAX_STA_ENTRIES 128


#define ERP_INFO_USE_PROTECTION BIT(1)

63
/* mgmt header + 1 byte category code */
64
65
66
67
68
#define IEEE80211_MIN_ACTION_SIZE (24 + 1)

#define IEEE80211_ADDBA_PARAM_POLICY_MASK 0x0002
#define IEEE80211_ADDBA_PARAM_TID_MASK 0x003C
#define IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK 0xFFA0
69
70
#define IEEE80211_DELBA_PARAM_TID_MASK 0xF000
#define IEEE80211_DELBA_PARAM_INITIATOR_MASK 0x0800
71

72
73
74
75
76
/* next values represent the buffer size for A-MPDU frame.
 * According to IEEE802.11n spec size varies from 8K to 64K (in powers of 2) */
#define IEEE80211_MIN_AMPDU_BUF 0x8
#define IEEE80211_MAX_AMPDU_BUF 0x40

77
static void ieee80211_send_probe_req(struct ieee80211_sub_if_data *sdata, u8 *dst,
78
79
				     u8 *ssid, size_t ssid_len);
static struct ieee80211_sta_bss *
80
ieee80211_rx_bss_get(struct ieee80211_local *local, u8 *bssid, int freq,
81
		     u8 *ssid, u8 ssid_len);
82
static void ieee80211_rx_bss_put(struct ieee80211_local *local,
83
				 struct ieee80211_sta_bss *bss);
84
static int ieee80211_sta_find_ibss(struct ieee80211_sub_if_data *sdata,
85
				   struct ieee80211_if_sta *ifsta);
86
87
static int ieee80211_sta_wep_configured(struct ieee80211_sub_if_data *sdata);
static int ieee80211_sta_start_scan(struct ieee80211_sub_if_data *sdata,
88
				    u8 *ssid, size_t ssid_len);
89
static int ieee80211_sta_config_auth(struct ieee80211_sub_if_data *sdata,
90
				     struct ieee80211_if_sta *ifsta);
91
static void sta_rx_agg_session_timer_expired(unsigned long data);
92
93


94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
static u8 * ieee80211_bss_get_ie(struct ieee80211_sta_bss *bss, u8 ie)
{
	u8 *end, *pos;

	pos = bss->ies;
	if (pos == NULL)
		return NULL;
	end = pos + bss->ies_len;

	while (pos + 1 < end) {
		if (pos + 2 + pos[1] > end)
			break;
		if (pos[0] == ie)
			return pos;
		pos += 2 + pos[1];
	}

	return NULL;
}


115
116
static int ecw2cw(int ecw)
{
117
	return (1 << ecw) - 1;
118
119
}

120

121
static void ieee80211_sta_def_wmm_params(struct ieee80211_sub_if_data *sdata,
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
					 struct ieee80211_sta_bss *bss,
					 int ibss)
{
	struct ieee80211_local *local = sdata->local;
	int i, have_higher_than_11mbit = 0;


	/* cf. IEEE 802.11 9.2.12 */
	for (i = 0; i < bss->supp_rates_len; i++)
		if ((bss->supp_rates[i] & 0x7f) * 5 > 110)
			have_higher_than_11mbit = 1;

	if (local->hw.conf.channel->band == IEEE80211_BAND_2GHZ &&
	    have_higher_than_11mbit)
		sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE;
	else
		sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE;


	if (local->ops->conf_tx) {
		struct ieee80211_tx_queue_params qparam;

		memset(&qparam, 0, sizeof(qparam));

		qparam.aifs = 2;

		if (local->hw.conf.channel->band == IEEE80211_BAND_2GHZ &&
		    !(sdata->flags & IEEE80211_SDATA_OPERATING_GMODE))
			qparam.cw_min = 31;
		else
			qparam.cw_min = 15;

		qparam.cw_max = 1023;
		qparam.txop = 0;

Johannes Berg's avatar
Johannes Berg committed
157
158
		for (i = 0; i < local_to_hw(local)->queues; i++)
			local->ops->conf_tx(local_to_hw(local), i, &qparam);
159
160
161
	}
}

162
static void ieee80211_sta_wmm_params(struct ieee80211_local *local,
163
164
165
166
167
168
169
170
				     struct ieee80211_if_sta *ifsta,
				     u8 *wmm_param, size_t wmm_param_len)
{
	struct ieee80211_tx_queue_params params;
	size_t left;
	int count;
	u8 *pos;

171
172
173
174
175
176
	if (!(ifsta->flags & IEEE80211_STA_WMM_ENABLED))
		return;

	if (!wmm_param)
		return;

177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
	if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1)
		return;
	count = wmm_param[6] & 0x0f;
	if (count == ifsta->wmm_last_param_set)
		return;
	ifsta->wmm_last_param_set = count;

	pos = wmm_param + 8;
	left = wmm_param_len - 8;

	memset(&params, 0, sizeof(params));

	if (!local->ops->conf_tx)
		return;

	local->wmm_acm = 0;
	for (; left >= 4; left -= 4, pos += 4) {
		int aci = (pos[0] >> 5) & 0x03;
		int acm = (pos[0] >> 4) & 0x01;
		int queue;

		switch (aci) {
		case 1:
Johannes Berg's avatar
Johannes Berg committed
200
			queue = 3;
Johannes Berg's avatar
Johannes Berg committed
201
			if (acm)
202
203
204
				local->wmm_acm |= BIT(0) | BIT(3);
			break;
		case 2:
Johannes Berg's avatar
Johannes Berg committed
205
			queue = 1;
Johannes Berg's avatar
Johannes Berg committed
206
			if (acm)
207
208
209
				local->wmm_acm |= BIT(4) | BIT(5);
			break;
		case 3:
Johannes Berg's avatar
Johannes Berg committed
210
			queue = 0;
Johannes Berg's avatar
Johannes Berg committed
211
			if (acm)
212
213
214
215
				local->wmm_acm |= BIT(6) | BIT(7);
			break;
		case 0:
		default:
Johannes Berg's avatar
Johannes Berg committed
216
			queue = 2;
Johannes Berg's avatar
Johannes Berg committed
217
			if (acm)
218
219
220
221
222
223
224
				local->wmm_acm |= BIT(1) | BIT(2);
			break;
		}

		params.aifs = pos[0] & 0x0f;
		params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4);
		params.cw_min = ecw2cw(pos[1] & 0x0f);
225
		params.txop = get_unaligned_le16(pos + 2);
226
#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
227
		printk(KERN_DEBUG "%s: WMM queue=%d aci=%d acm=%d aifs=%d "
228
		       "cWmin=%d cWmax=%d txop=%d\n",
229
		       local->mdev->name, queue, aci, acm, params.aifs, params.cw_min,
230
231
		       params.cw_max, params.txop);
#endif
232
233
234
235
		/* TODO: handle ACM (block TX, fallback to next lowest allowed
		 * AC for now) */
		if (local->ops->conf_tx(local_to_hw(local), queue, &params)) {
			printk(KERN_DEBUG "%s: failed to set TX queue "
236
			       "parameters for queue %d\n", local->mdev->name, queue);
237
238
239
240
		}
	}
}

241
242
243
static u32 ieee80211_handle_protect_preamb(struct ieee80211_sub_if_data *sdata,
					   bool use_protection,
					   bool use_short_preamble)
244
{
245
	struct ieee80211_bss_conf *bss_conf = &sdata->bss_conf;
246
#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
247
	struct ieee80211_if_sta *ifsta = &sdata->u.sta;
248
	DECLARE_MAC_BUF(mac);
249
#endif
250
	u32 changed = 0;
251

252
	if (use_protection != bss_conf->use_cts_prot) {
253
#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
254
255
		if (net_ratelimit()) {
			printk(KERN_DEBUG "%s: CTS protection %s (BSSID="
256
			       "%s)\n",
257
			       sdata->dev->name,
258
			       use_protection ? "enabled" : "disabled",
259
			       print_mac(mac, ifsta->bssid));
260
		}
261
#endif
262
263
		bss_conf->use_cts_prot = use_protection;
		changed |= BSS_CHANGED_ERP_CTS_PROT;
264
	}
265

266
	if (use_short_preamble != bss_conf->use_short_preamble) {
267
#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
268
269
		if (net_ratelimit()) {
			printk(KERN_DEBUG "%s: switched to %s barker preamble"
270
			       " (BSSID=%s)\n",
271
			       sdata->dev->name,
272
			       use_short_preamble ? "short" : "long",
273
			       print_mac(mac, ifsta->bssid));
274
		}
275
#endif
276
		bss_conf->use_short_preamble = use_short_preamble;
277
		changed |= BSS_CHANGED_ERP_PREAMBLE;
278
	}
279

280
	return changed;
281
282
}

283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
static u32 ieee80211_handle_erp_ie(struct ieee80211_sub_if_data *sdata,
				   u8 erp_value)
{
	bool use_protection = (erp_value & WLAN_ERP_USE_PROTECTION) != 0;
	bool use_short_preamble = (erp_value & WLAN_ERP_BARKER_PREAMBLE) == 0;

	return ieee80211_handle_protect_preamb(sdata,
			use_protection, use_short_preamble);
}

static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata,
					   struct ieee80211_sta_bss *bss)
{
	u32 changed = 0;

	if (bss->has_erp_value)
		changed |= ieee80211_handle_erp_ie(sdata, bss->erp_value);
	else {
		u16 capab = bss->capability;
		changed |= ieee80211_handle_protect_preamb(sdata, false,
				(capab & WLAN_CAPABILITY_SHORT_PREAMBLE) != 0);
	}

	return changed;
}

309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
int ieee80211_ht_cap_ie_to_ht_info(struct ieee80211_ht_cap *ht_cap_ie,
				   struct ieee80211_ht_info *ht_info)
{

	if (ht_info == NULL)
		return -EINVAL;

	memset(ht_info, 0, sizeof(*ht_info));

	if (ht_cap_ie) {
		u8 ampdu_info = ht_cap_ie->ampdu_params_info;

		ht_info->ht_supported = 1;
		ht_info->cap = le16_to_cpu(ht_cap_ie->cap_info);
		ht_info->ampdu_factor =
			ampdu_info & IEEE80211_HT_CAP_AMPDU_FACTOR;
		ht_info->ampdu_density =
			(ampdu_info & IEEE80211_HT_CAP_AMPDU_DENSITY) >> 2;
		memcpy(ht_info->supp_mcs_set, ht_cap_ie->supp_mcs_set, 16);
	} else
		ht_info->ht_supported = 0;

	return 0;
}

int ieee80211_ht_addt_info_ie_to_ht_bss_info(
			struct ieee80211_ht_addt_info *ht_add_info_ie,
			struct ieee80211_ht_bss_info *bss_info)
{
	if (bss_info == NULL)
		return -EINVAL;

	memset(bss_info, 0, sizeof(*bss_info));

	if (ht_add_info_ie) {
		u16 op_mode;
		op_mode = le16_to_cpu(ht_add_info_ie->operation_mode);

		bss_info->primary_channel = ht_add_info_ie->control_chan;
		bss_info->bss_cap = ht_add_info_ie->ht_param;
		bss_info->bss_op_mode = (u8)(op_mode & 0xff);
	}

	return 0;
}
354

355
static void ieee80211_sta_send_associnfo(struct ieee80211_sub_if_data *sdata,
356
357
358
359
360
					 struct ieee80211_if_sta *ifsta)
{
	union iwreq_data wrqu;

	if (ifsta->assocreq_ies) {
361
362
		memset(&wrqu, 0, sizeof(wrqu));
		wrqu.data.length = ifsta->assocreq_ies_len;
363
		wireless_send_event(sdata->dev, IWEVASSOCREQIE, &wrqu,
364
				    ifsta->assocreq_ies);
365
	}
366
367
368
	if (ifsta->assocresp_ies) {
		memset(&wrqu, 0, sizeof(wrqu));
		wrqu.data.length = ifsta->assocresp_ies_len;
369
		wireless_send_event(sdata->dev, IWEVASSOCRESPIE, &wrqu,
370
				    ifsta->assocresp_ies);
371
372
373
374
	}
}


375
static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
376
				     struct ieee80211_if_sta *ifsta,
377
				     bool assoc)
378
{
379
	struct ieee80211_local *local = sdata->local;
Tomas Winkler's avatar
Tomas Winkler committed
380
	struct ieee80211_conf *conf = &local_to_hw(local)->conf;
381
	union iwreq_data wrqu;
382
	u32 changed = BSS_CHANGED_ASSOC;
383
384

	if (assoc) {
385
		struct ieee80211_sta_bss *bss;
386
387
388

		ifsta->flags |= IEEE80211_STA_ASSOCIATED;

389
		if (sdata->vif.type != IEEE80211_IF_TYPE_STA)
390
			return;
391

392
		bss = ieee80211_rx_bss_get(local, ifsta->bssid,
Tomas Winkler's avatar
Tomas Winkler committed
393
					   conf->channel->center_freq,
394
					   ifsta->ssid, ifsta->ssid_len);
395
		if (bss) {
396
397
398
			/* set timing information */
			sdata->bss_conf.beacon_int = bss->beacon_int;
			sdata->bss_conf.timestamp = bss->timestamp;
399
			sdata->bss_conf.dtim_period = bss->dtim_period;
400

401
			changed |= ieee80211_handle_bss_capability(sdata, bss);
402

403
			ieee80211_rx_bss_put(local, bss);
404
405
		}

Tomas Winkler's avatar
Tomas Winkler committed
406
407
408
409
410
411
412
		if (conf->flags & IEEE80211_CONF_SUPPORT_HT_MODE) {
			changed |= BSS_CHANGED_HT;
			sdata->bss_conf.assoc_ht = 1;
			sdata->bss_conf.ht_conf = &conf->ht_conf;
			sdata->bss_conf.ht_bss_conf = &conf->ht_bss_conf;
		}

413
		ifsta->flags |= IEEE80211_STA_PREV_BSSID_SET;
414
415
		memcpy(ifsta->prev_bssid, sdata->u.sta.bssid, ETH_ALEN);
		memcpy(wrqu.ap_addr.sa_data, sdata->u.sta.bssid, ETH_ALEN);
416
		ieee80211_sta_send_associnfo(sdata, ifsta);
417
	} else {
418
		ifsta->flags &= ~IEEE80211_STA_ASSOCIATED;
419
		changed |= ieee80211_reset_erp_info(sdata);
Tomas Winkler's avatar
Tomas Winkler committed
420
421
422
423
424

		sdata->bss_conf.assoc_ht = 0;
		sdata->bss_conf.ht_conf = NULL;
		sdata->bss_conf.ht_bss_conf = NULL;

425
426
427
		memset(wrqu.ap_addr.sa_data, 0, ETH_ALEN);
	}
	ifsta->last_probe = jiffies;
428
	ieee80211_led_assoc(local, assoc);
429

430
	sdata->bss_conf.assoc = assoc;
431
	ieee80211_bss_info_change_notify(sdata, changed);
432
433

	if (assoc)
434
		netif_carrier_on(sdata->dev);
435

436
	wrqu.ap_addr.sa_family = ARPHRD_ETHER;
437
	wireless_send_event(sdata->dev, SIOCGIWAP, &wrqu, NULL);
438
439
}

440
void ieee80211_sta_tx(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb,
441
		      int encrypt)
442
443
444
445
446
447
{
	skb->dev = sdata->local->mdev;
	skb_set_mac_header(skb, 0);
	skb_set_network_header(skb, 0);
	skb_set_transport_header(skb, 0);

448
449
	skb->iif = sdata->dev->ifindex;
	skb->do_not_encrypt = !encrypt;
450
451
452
453
454

	dev_queue_xmit(skb);
}


455
static void ieee80211_send_auth(struct ieee80211_sub_if_data *sdata,
456
457
458
459
				struct ieee80211_if_sta *ifsta,
				int transaction, u8 *extra, size_t extra_len,
				int encrypt)
{
460
	struct ieee80211_local *local = sdata->local;
461
462
463
464
465
466
467
	struct sk_buff *skb;
	struct ieee80211_mgmt *mgmt;

	skb = dev_alloc_skb(local->hw.extra_tx_headroom +
			    sizeof(*mgmt) + 6 + extra_len);
	if (!skb) {
		printk(KERN_DEBUG "%s: failed to allocate buffer for auth "
468
		       "frame\n", sdata->dev->name);
469
470
471
472
473
474
		return;
	}
	skb_reserve(skb, local->hw.extra_tx_headroom);

	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24 + 6);
	memset(mgmt, 0, 24 + 6);
475
476
	mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
					  IEEE80211_STYPE_AUTH);
477
478
479
	if (encrypt)
		mgmt->frame_control |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
	memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
480
	memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
481
482
483
484
485
486
487
488
	memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
	mgmt->u.auth.auth_alg = cpu_to_le16(ifsta->auth_alg);
	mgmt->u.auth.auth_transaction = cpu_to_le16(transaction);
	ifsta->auth_transaction = transaction + 1;
	mgmt->u.auth.status_code = cpu_to_le16(0);
	if (extra)
		memcpy(skb_put(skb, extra_len), extra, extra_len);

489
	ieee80211_sta_tx(sdata, skb, encrypt);
490
491
}

492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
static void ieee80211_direct_probe(struct ieee80211_sub_if_data *sdata,
				   struct ieee80211_if_sta *ifsta)
{
	DECLARE_MAC_BUF(mac);

	ifsta->direct_probe_tries++;
	if (ifsta->direct_probe_tries > IEEE80211_AUTH_MAX_TRIES) {
		printk(KERN_DEBUG "%s: direct probe to AP %s timed out\n",
		       sdata->dev->name, print_mac(mac, ifsta->bssid));
		ifsta->state = IEEE80211_STA_MLME_DISABLED;
		return;
	}

	printk(KERN_DEBUG "%s: direct probe to AP %s try %d\n",
			sdata->dev->name, print_mac(mac, ifsta->bssid),
			ifsta->direct_probe_tries);

	ifsta->state = IEEE80211_STA_MLME_DIRECT_PROBE;

	set_bit(IEEE80211_STA_REQ_DIRECT_PROBE, &ifsta->request);

	/* Direct probe is sent to broadcast address as some APs
	 * will not answer to direct packet in unassociated state.
	 */
	ieee80211_send_probe_req(sdata, NULL,
				 ifsta->ssid, ifsta->ssid_len);

	mod_timer(&ifsta->timer, jiffies + IEEE80211_AUTH_TIMEOUT);
}

522

523
static void ieee80211_authenticate(struct ieee80211_sub_if_data *sdata,
524
525
				   struct ieee80211_if_sta *ifsta)
{
526
527
	DECLARE_MAC_BUF(mac);

528
529
	ifsta->auth_tries++;
	if (ifsta->auth_tries > IEEE80211_AUTH_MAX_TRIES) {
530
		printk(KERN_DEBUG "%s: authentication with AP %s"
531
		       " timed out\n",
532
		       sdata->dev->name, print_mac(mac, ifsta->bssid));
533
		ifsta->state = IEEE80211_STA_MLME_DISABLED;
534
535
536
		return;
	}

537
	ifsta->state = IEEE80211_STA_MLME_AUTHENTICATE;
538
	printk(KERN_DEBUG "%s: authenticate with AP %s\n",
539
	       sdata->dev->name, print_mac(mac, ifsta->bssid));
540

541
	ieee80211_send_auth(sdata, ifsta, 1, NULL, 0, 0);
542
543
544
545

	mod_timer(&ifsta->timer, jiffies + IEEE80211_AUTH_TIMEOUT);
}

546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
static int ieee80211_compatible_rates(struct ieee80211_sta_bss *bss,
				      struct ieee80211_supported_band *sband,
				      u64 *rates)
{
	int i, j, count;
	*rates = 0;
	count = 0;
	for (i = 0; i < bss->supp_rates_len; i++) {
		int rate = (bss->supp_rates[i] & 0x7F) * 5;

		for (j = 0; j < sband->n_bitrates; j++)
			if (sband->bitrates[j].bitrate == rate) {
				*rates |= BIT(j);
				count++;
				break;
			}
	}

	return count;
}
566

567
static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata,
568
569
				 struct ieee80211_if_sta *ifsta)
{
570
	struct ieee80211_local *local = sdata->local;
571
572
	struct sk_buff *skb;
	struct ieee80211_mgmt *mgmt;
573
	u8 *pos, *ies, *ht_add_ie;
574
	int i, len, count, rates_len, supp_rates_len;
575
576
577
	u16 capab;
	struct ieee80211_sta_bss *bss;
	int wmm = 0;
578
	struct ieee80211_supported_band *sband;
579
	u64 rates = 0;
580
581
582
583
584
585

	skb = dev_alloc_skb(local->hw.extra_tx_headroom +
			    sizeof(*mgmt) + 200 + ifsta->extra_ie_len +
			    ifsta->ssid_len);
	if (!skb) {
		printk(KERN_DEBUG "%s: failed to allocate buffer for assoc "
586
		       "frame\n", sdata->dev->name);
587
588
589
590
		return;
	}
	skb_reserve(skb, local->hw.extra_tx_headroom);

591
592
	sband = local->hw.wiphy->bands[local->hw.conf.channel->band];

593
	capab = ifsta->capab;
594
595
596
597
598
599

	if (local->hw.conf.channel->band == IEEE80211_BAND_2GHZ) {
		if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE))
			capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
		if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE))
			capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
600
	}
601

602
	bss = ieee80211_rx_bss_get(local, ifsta->bssid,
603
				   local->hw.conf.channel->center_freq,
604
				   ifsta->ssid, ifsta->ssid_len);
605
606
607
	if (bss) {
		if (bss->capability & WLAN_CAPABILITY_PRIVACY)
			capab |= WLAN_CAPABILITY_PRIVACY;
608
		if (bss->wmm_used)
609
			wmm = 1;
610
611
612
613
614
615
616

		/* get all rates supported by the device and the AP as
		 * some APs don't like getting a superset of their rates
		 * in the association request (e.g. D-Link DAP 1353 in
		 * b-only mode) */
		rates_len = ieee80211_compatible_rates(bss, sband, &rates);

617
618
619
620
		if ((bss->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) &&
		    (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT))
			capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;

621
		ieee80211_rx_bss_put(local, bss);
622
623
624
	} else {
		rates = ~0;
		rates_len = sband->n_bitrates;
625
626
627
628
629
	}

	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
	memset(mgmt, 0, 24);
	memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
630
	memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
631
632
	memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);

633
	if (ifsta->flags & IEEE80211_STA_PREV_BSSID_SET) {
634
		skb_put(skb, 10);
635
636
		mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
						  IEEE80211_STYPE_REASSOC_REQ);
637
		mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab);
638
639
		mgmt->u.reassoc_req.listen_interval =
				cpu_to_le16(local->hw.conf.listen_interval);
640
641
642
643
		memcpy(mgmt->u.reassoc_req.current_ap, ifsta->prev_bssid,
		       ETH_ALEN);
	} else {
		skb_put(skb, 4);
644
645
		mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
						  IEEE80211_STYPE_ASSOC_REQ);
646
		mgmt->u.assoc_req.capab_info = cpu_to_le16(capab);
647
648
		mgmt->u.reassoc_req.listen_interval =
				cpu_to_le16(local->hw.conf.listen_interval);
649
650
651
652
653
654
655
656
	}

	/* SSID */
	ies = pos = skb_put(skb, 2 + ifsta->ssid_len);
	*pos++ = WLAN_EID_SSID;
	*pos++ = ifsta->ssid_len;
	memcpy(pos, ifsta->ssid, ifsta->ssid_len);

657
	/* add all rates which were marked to be used above */
658
659
660
661
	supp_rates_len = rates_len;
	if (supp_rates_len > 8)
		supp_rates_len = 8;

662
	len = sband->n_bitrates;
663
	pos = skb_put(skb, supp_rates_len + 2);
664
	*pos++ = WLAN_EID_SUPP_RATES;
665
	*pos++ = supp_rates_len;
666

667
668
669
	count = 0;
	for (i = 0; i < sband->n_bitrates; i++) {
		if (BIT(i) & rates) {
670
			int rate = sband->bitrates[i].bitrate;
671
			*pos++ = (u8) (rate / 5);
672
673
674
675
676
			if (++count == 8)
				break;
		}
	}

677
	if (rates_len > count) {
678
679
680
681
682
683
684
685
686
		pos = skb_put(skb, rates_len - count + 2);
		*pos++ = WLAN_EID_EXT_SUPP_RATES;
		*pos++ = rates_len - count;

		for (i++; i < sband->n_bitrates; i++) {
			if (BIT(i) & rates) {
				int rate = sband->bitrates[i].bitrate;
				*pos++ = (u8) (rate / 5);
			}
687
688
689
		}
	}

690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
	if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) {
		/* 1. power capabilities */
		pos = skb_put(skb, 4);
		*pos++ = WLAN_EID_PWR_CAPABILITY;
		*pos++ = 2;
		*pos++ = 0; /* min tx power */
		*pos++ = local->hw.conf.channel->max_power; /* max tx power */

		/* 2. supported channels */
		/* TODO: get this in reg domain format */
		pos = skb_put(skb, 2 * sband->n_channels + 2);
		*pos++ = WLAN_EID_SUPPORTED_CHANNELS;
		*pos++ = 2 * sband->n_channels;
		for (i = 0; i < sband->n_channels; i++) {
			*pos++ = ieee80211_frequency_to_channel(
					sband->channels[i].center_freq);
			*pos++ = 1; /* one channel in the subband*/
		}
	}

710
711
712
713
714
	if (ifsta->extra_ie) {
		pos = skb_put(skb, ifsta->extra_ie_len);
		memcpy(pos, ifsta->extra_ie, ifsta->extra_ie_len);
	}

715
	if (wmm && (ifsta->flags & IEEE80211_STA_WMM_ENABLED)) {
716
717
718
719
720
721
722
723
724
725
726
		pos = skb_put(skb, 9);
		*pos++ = WLAN_EID_VENDOR_SPECIFIC;
		*pos++ = 7; /* len */
		*pos++ = 0x00; /* Microsoft OUI 00:50:F2 */
		*pos++ = 0x50;
		*pos++ = 0xf2;
		*pos++ = 2; /* WME */
		*pos++ = 0; /* WME info */
		*pos++ = 1; /* WME ver */
		*pos++ = 0;
	}
727

728
	/* wmm support is a must to HT */
729
	if (wmm && (ifsta->flags & IEEE80211_STA_WMM_ENABLED) &&
730
731
	    sband->ht_info.ht_supported &&
	    (ht_add_ie = ieee80211_bss_get_ie(bss, WLAN_EID_HT_EXTRA_INFO))) {
732
		struct ieee80211_ht_addt_info *ht_add_info =
733
			(struct ieee80211_ht_addt_info *)ht_add_ie;
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
		u16 cap = sband->ht_info.cap;
		__le16 tmp;
		u32 flags = local->hw.conf.channel->flags;

		switch (ht_add_info->ht_param & IEEE80211_HT_IE_CHA_SEC_OFFSET) {
		case IEEE80211_HT_IE_CHA_SEC_ABOVE:
			if (flags & IEEE80211_CHAN_NO_FAT_ABOVE) {
				cap &= ~IEEE80211_HT_CAP_SUP_WIDTH;
				cap &= ~IEEE80211_HT_CAP_SGI_40;
			}
			break;
		case IEEE80211_HT_IE_CHA_SEC_BELOW:
			if (flags & IEEE80211_CHAN_NO_FAT_BELOW) {
				cap &= ~IEEE80211_HT_CAP_SUP_WIDTH;
				cap &= ~IEEE80211_HT_CAP_SGI_40;
			}
			break;
		}

		tmp = cpu_to_le16(cap);
754
755
756
757
758
759
		pos = skb_put(skb, sizeof(struct ieee80211_ht_cap)+2);
		*pos++ = WLAN_EID_HT_CAPABILITY;
		*pos++ = sizeof(struct ieee80211_ht_cap);
		memset(pos, 0, sizeof(struct ieee80211_ht_cap));
		memcpy(pos, &tmp, sizeof(u16));
		pos += sizeof(u16);
760
761
762
763
		/* TODO: needs a define here for << 2 */
		*pos++ = sband->ht_info.ampdu_factor |
			 (sband->ht_info.ampdu_density << 2);
		memcpy(pos, sband->ht_info.supp_mcs_set, 16);
764
	}
765
766
767

	kfree(ifsta->assocreq_ies);
	ifsta->assocreq_ies_len = (skb->data + skb->len) - ies;
768
	ifsta->assocreq_ies = kmalloc(ifsta->assocreq_ies_len, GFP_KERNEL);
769
770
771
	if (ifsta->assocreq_ies)
		memcpy(ifsta->assocreq_ies, ies, ifsta->assocreq_ies_len);

772
	ieee80211_sta_tx(sdata, skb, 0);
773
774
775
}


776
static void ieee80211_send_deauth(struct ieee80211_sub_if_data *sdata,
777
778
				  struct ieee80211_if_sta *ifsta, u16 reason)
{
779
	struct ieee80211_local *local = sdata->local;
780
781
782
783
784
785
	struct sk_buff *skb;
	struct ieee80211_mgmt *mgmt;

	skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt));
	if (!skb) {
		printk(KERN_DEBUG "%s: failed to allocate buffer for deauth "
786
		       "frame\n", sdata->dev->name);
787
788
789
790
791
792
793
		return;
	}
	skb_reserve(skb, local->hw.extra_tx_headroom);

	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
	memset(mgmt, 0, 24);
	memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
794
	memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
795
	memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
796
797
	mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
					  IEEE80211_STYPE_DEAUTH);
798
799
800
	skb_put(skb, 2);
	mgmt->u.deauth.reason_code = cpu_to_le16(reason);

801
	ieee80211_sta_tx(sdata, skb, 0);
802
803
804
}


805
static void ieee80211_send_disassoc(struct ieee80211_sub_if_data *sdata,
806
807
				    struct ieee80211_if_sta *ifsta, u16 reason)
{
808
	struct ieee80211_local *local = sdata->local;
809
810
811
812
813
814
	struct sk_buff *skb;
	struct ieee80211_mgmt *mgmt;

	skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt));
	if (!skb) {
		printk(KERN_DEBUG "%s: failed to allocate buffer for disassoc "
815
		       "frame\n", sdata->dev->name);
816
817
818
819
820
821
822
		return;
	}
	skb_reserve(skb, local->hw.extra_tx_headroom);

	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
	memset(mgmt, 0, 24);
	memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
823
	memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
824
	memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
825
826
	mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
					  IEEE80211_STYPE_DISASSOC);
827
828
829
	skb_put(skb, 2);
	mgmt->u.disassoc.reason_code = cpu_to_le16(reason);

830
	ieee80211_sta_tx(sdata, skb, 0);
831
832
}

833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
				   struct ieee80211_if_sta *ifsta, bool deauth,
				   bool self_disconnected, u16 reason)
{
	struct ieee80211_local *local = sdata->local;
	struct sta_info *sta;

	rcu_read_lock();

	sta = sta_info_get(local, ifsta->bssid);
	if (!sta) {
		rcu_read_unlock();
		return;
	}

	if (deauth) {
		ifsta->direct_probe_tries = 0;
		ifsta->auth_tries = 0;
	}
	ifsta->assoc_scan_tries = 0;
	ifsta->assoc_tries = 0;

	netif_carrier_off(sdata->dev);

	ieee80211_sta_tear_down_BA_sessions(sdata, sta->addr);

	if (self_disconnected) {
		if (deauth)
			ieee80211_send_deauth(sdata, ifsta, reason);
		else
			ieee80211_send_disassoc(sdata, ifsta, reason);
	}

	ieee80211_set_associated(sdata, ifsta, 0);

	if (self_disconnected)
		ifsta->state = IEEE80211_STA_MLME_DISABLED;

	sta_info_unlink(&sta);

	rcu_read_unlock();

	sta_info_destroy(sta);
}
877

878
static int ieee80211_privacy_mismatch(struct ieee80211_sub_if_data *sdata,
879
880
				      struct ieee80211_if_sta *ifsta)
{
881
	struct ieee80211_local *local = sdata->local;
882
	struct ieee80211_sta_bss *bss;
883
884
885
	int bss_privacy;
	int wep_privacy;
	int privacy_invoked;
886

887
	if (!ifsta || (ifsta->flags & IEEE80211_STA_MIXED_CELL))
888
889
		return 0;

890
	bss = ieee80211_rx_bss_get(local, ifsta->bssid,
891
				   local->hw.conf.channel->center_freq,
892
				   ifsta->ssid, ifsta->ssid_len);
893
894
895
	if (!bss)
		return 0;

896
	bss_privacy = !!(bss->capability & WLAN_CAPABILITY_PRIVACY);
897
	wep_privacy = !!ieee80211_sta_wep_configured(sdata);
898
	privacy_invoked = !!(ifsta->flags & IEEE80211_STA_PRIVACY_INVOKED);
899

900
	ieee80211_rx_bss_put(local, bss);
901

902
903
904
905
	if ((bss_privacy == wep_privacy) || (bss_privacy == privacy_invoked))
		return 0;

	return 1;
906
907
908
}


909
static void ieee80211_associate(struct ieee80211_sub_if_data *sdata,
910
911
				struct ieee80211_if_sta *ifsta)
{
912
913
	DECLARE_MAC_BUF(mac);

914
915
	ifsta->assoc_tries++;
	if (ifsta->assoc_tries > IEEE80211_ASSOC_MAX_TRIES) {
916
		printk(KERN_DEBUG "%s: association with AP %s"
917
		       " timed out\n",
918
		       sdata->dev->name, print_mac(mac, ifsta->bssid));
919
		ifsta->state = IEEE80211_STA_MLME_DISABLED;
920
921
922
		return;
	}

923
	ifsta->state = IEEE80211_STA_MLME_ASSOCIATE;
924
	printk(KERN_DEBUG "%s: associate with AP %s\n",
925
926
	       sdata->dev->name, print_mac(mac, ifsta->bssid));
	if (ieee80211_privacy_mismatch(sdata, ifsta)) {
927
		printk(KERN_DEBUG "%s: mismatch in privacy configuration and "
928
		       "mixed-cell disabled - abort association\n", sdata->dev->name);
929
		ifsta->state = IEEE80211_STA_MLME_DISABLED;
930
931
932
		return;
	}

933
	ieee80211_send_assoc(sdata, ifsta);
934
935
936
937
938

	mod_timer(&ifsta->timer, jiffies + IEEE80211_ASSOC_TIMEOUT);
}


939
static void ieee80211_associated(struct ieee80211_sub_if_data *sdata,
940
941
				 struct ieee80211_if_sta *ifsta)
{
942
	struct ieee80211_local *local = sdata->local;
943
944
	struct sta_info *sta;
	int disassoc;
945
	DECLARE_MAC_BUF(mac);
946
947
948
949
950
951

	/* TODO: start monitoring current AP signal quality and number of
	 * missed beacons. Scan other channels every now and then and search
	 * for better APs. */
	/* TODO: remove expired BSSes */

952
	ifsta->state = IEEE80211_STA_MLME_ASSOCIATED;
953

954
955
	rcu_read_lock();

956
957
	sta = sta_info_get(local, ifsta->bssid);
	if (!sta) {
958
		printk(KERN_DEBUG "%s: No STA entry for own AP %s\n",
959
		       sdata->dev->name, print_mac(mac, ifsta->bssid));
960
961
962
963
964
		disassoc = 1;
	} else {
		disassoc = 0;
		if (time_after(jiffies,
			       sta->last_rx + IEEE80211_MONITORING_INTERVAL)) {
965
			if (ifsta->flags & IEEE80211_STA_PROBEREQ_POLL) {
966
				printk(KERN_DEBUG "%s: No ProbeResp from "
967
				       "current AP %s - assume out of "
968
				       "range\n",
969
				       sdata->dev->name, print_mac(mac, ifsta->bssid));
970
				disassoc = 1;
971
			} else
972
				ieee80211_send_probe_req(sdata, ifsta->bssid,
973
974
							 local->scan_ssid,
							 local->scan_ssid_len);
975
			ifsta->flags ^= IEEE80211_STA_PROBEREQ_POLL;
976
		} else {
977
			ifsta->flags &= ~IEEE80211_STA_PROBEREQ_POLL;
978
979
980
			if (time_after(jiffies, ifsta->last_probe +
				       IEEE80211_PROBE_INTERVAL)) {
				ifsta->last_probe = jiffies;
981
				ieee80211_send_probe_req(sdata, ifsta->bssid,
982
983
984
985
986
							 ifsta->ssid,
							 ifsta->ssid_len);
			}
		}
	}
987
988
989

	rcu_read_unlock();

990
991
992
993
	if (disassoc)
		ieee80211_set_disassoc(sdata, ifsta, true, true,
					WLAN_REASON_PREV_AUTH_NOT_VALID);
	else
994
995
996
997
998
		mod_timer(&ifsta->timer, jiffies +
				      IEEE80211_MONITORING_INTERVAL);
}


999
static void ieee80211_send_probe_req(struct ieee80211_sub_if_data *sdata, u8 *dst,
1000
1001
				     u8 *ssid, size_t ssid_len)
{
1002
	struct ieee80211_local *local = sdata->local;
1003
	struct ieee80211_supported_band *sband;
1004
1005
1006
1007
1008
1009
1010
1011
	struct sk_buff *skb;
	struct ieee80211_mgmt *mgmt;
	u8 *pos, *supp_rates, *esupp_rates = NULL;
	int i;

	skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt) + 200);
	if (!skb) {
		printk(KERN_DEBUG "%s: failed to allocate buffer for probe "
1012
		       "request\n", sdata->dev->name);
1013
1014
1015
1016
1017
1018
		return;
	}
	skb_reserve(skb, local->hw.extra_tx_headroom);

	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
	memset(mgmt, 0, 24);
1019
1020
	mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
					  IEEE80211_STYPE_PROBE_REQ);
1021
	memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
	if (dst) {
		memcpy(mgmt->da, dst, ETH_ALEN);
		memcpy(mgmt->bssid, dst, ETH_ALEN);
	} else {
		memset(mgmt->da, 0xff, ETH_ALEN);
		memset(mgmt->bssid, 0xff, ETH_ALEN);
	}
	pos = skb_put(skb, 2 + ssid_len);
	*pos++ = WLAN_EID_SSID;
	*pos++ = ssid_len;
	memcpy(pos, ssid, ssid_len);

	supp_rates = skb_put(skb, 2);
	supp_rates[0] = WLAN_EID_SUPP_RATES;
	supp_rates[1] = 0;
1037
1038
1039
1040
	sband = local->hw.wiphy->bands[local->hw.conf.channel->band];

	for (i = 0; i < sband->n_bitrates; i++) {
		struct ieee80211_rate *rate = &sband->bitrates[i];
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
		if (esupp_rates) {
			pos = skb_put(skb, 1);
			esupp_rates[1]++;
		} else if (supp_rates[1] == 8) {
			esupp_rates = skb_put(skb, 3);
			esupp_rates[0] = WLAN_EID_EXT_SUPP_RATES;
			esupp_rates[1] = 1;
			pos = &esupp_rates[2];
		} else {
			pos = skb_put(skb, 1);
			supp_rates[1]++;
		}
1053
		*pos = rate->bitrate / 5;
1054
1055
	}

1056
	ieee80211_sta_tx(sdata, skb, 0);
1057
1058
1059
}


1060
static int ieee80211_sta_wep_configured(struct ieee80211_sub_if_data *sdata)
1061
1062
{
	if (!sdata || !sdata->default_key ||
1063
	    sdata->default_key->conf.alg != ALG_WEP)
1064
1065
1066
1067
1068
		return 0;
	return 1;
}


1069
static void ieee80211_auth_completed(struct ieee80211_sub_if_data *sdata,
1070
1071
				     struct ieee80211_if_sta *ifsta)
{
1072
	printk(KERN_DEBUG "%s: authenticated\n", sdata->dev->name);
1073
	ifsta->flags |= IEEE80211_STA_AUTHENTICATED;
1074
	ieee80211_associate(sdata, ifsta);
1075
1076
1077
}


1078
static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata,
1079
1080
1081
1082
1083
1084
1085
1086
				     struct ieee80211_if_sta *ifsta,
				     struct ieee80211_mgmt *mgmt,
				     size_t len)
{
	u8 *pos;
	struct ieee802_11_elems elems;

	pos = mgmt->u.auth.variable;
1087
	ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
1088
	if (!elems.challenge)
1089
		return;
1090
	ieee80211_send_auth(sdata, ifsta, 3, elems.challenge - 2,
1091
1092
1093
			    elems.challenge_len + 2, 1);
}

1094
static void ieee80211_send_addba_resp(struct ieee80211_sub_if_data *sdata, u8 *da, u16 tid,
1095
1096
1097
1098
					u8 dialog_token, u16 status, u16 policy,
					u16 buf_size, u16 timeout)
{
	struct ieee80211_if_sta *ifsta = &sdata->u.sta;
1099
	struct ieee80211_local *local = sdata->local;
1100
1101
1102
1103
	struct sk_buff *skb;
	struct ieee80211_mgmt *mgmt;
	u16 capab;

1104
1105
	skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom);

1106
1107
	if (!skb) {
		printk(KERN_DEBUG "%s: failed to allocate buffer "
1108
		       "for addba resp frame\n", sdata->dev->name);
1109
1110
1111
1112
1113
1114
1115
		return;
	}

	skb_reserve(skb, local->hw.extra_tx_headroom);
	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
	memset(mgmt, 0, 24);
	memcpy(mgmt->da, da, ETH_ALEN);
1116
	memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
1117
	if (sdata->vif.type == IEEE80211_IF_TYPE_AP)
1118
		memcpy(mgmt->bssid, sdata->dev->dev_addr, ETH_ALEN);