mlme.c 87 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13
/*
 * BSS client mode implementation
 * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi>
 * Copyright 2004, Instant802 Networks, Inc.
 * Copyright 2005, Devicescape Software, Inc.
 * Copyright 2006-2007	Jiri Benc <jbenc@suse.cz>
 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 */

14
#include <linux/delay.h>
15 16 17 18 19 20 21
#include <linux/if_ether.h>
#include <linux/skbuff.h>
#include <linux/netdevice.h>
#include <linux/if_arp.h>
#include <linux/wireless.h>
#include <linux/random.h>
#include <linux/etherdevice.h>
22
#include <linux/rtnetlink.h>
23 24
#include <net/iw_handler.h>
#include <net/mac80211.h>
Johannes Berg's avatar
Johannes Berg committed
25

26
#include "ieee80211_i.h"
Johannes Berg's avatar
Johannes Berg committed
27 28
#include "rate.h"
#include "led.h"
29
#include "mesh.h"
30

31
#define IEEE80211_ASSOC_SCANS_MAX_TRIES 2
32 33 34 35 36
#define IEEE80211_AUTH_TIMEOUT (HZ / 5)
#define IEEE80211_AUTH_MAX_TRIES 3
#define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
#define IEEE80211_ASSOC_MAX_TRIES 3
#define IEEE80211_MONITORING_INTERVAL (2 * HZ)
37
#define IEEE80211_MESH_HOUSEKEEPING_INTERVAL (60 * HZ)
38 39 40 41
#define IEEE80211_PROBE_INTERVAL (60 * HZ)
#define IEEE80211_RETRY_AUTH_INTERVAL (1 * HZ)
#define IEEE80211_SCAN_INTERVAL (2 * HZ)
#define IEEE80211_SCAN_INTERVAL_SLOW (15 * HZ)
42
#define IEEE80211_IBSS_JOIN_TIMEOUT (7 * HZ)
43 44 45

#define IEEE80211_IBSS_MERGE_INTERVAL (30 * HZ)
#define IEEE80211_IBSS_INACTIVITY_LIMIT (60 * HZ)
46
#define IEEE80211_MESH_PEER_INACTIVITY_LIMIT (1800 * HZ)
47 48 49 50

#define IEEE80211_IBSS_MAX_STA_ENTRIES 128


51 52
/* utils */
static int ecw2cw(int ecw)
Johannes Berg's avatar
Johannes Berg committed
53
{
54
	return (1 << ecw) - 1;
Johannes Berg's avatar
Johannes Berg committed
55 56 57
}

static u8 *ieee80211_bss_get_ie(struct ieee80211_sta_bss *bss, u8 ie)
58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76
{
	u8 *end, *pos;

	pos = bss->ies;
	if (pos == NULL)
		return NULL;
	end = pos + bss->ies_len;

	while (pos + 1 < end) {
		if (pos + 2 + pos[1] > end)
			break;
		if (pos[0] == ie)
			return pos;
		pos += 2 + pos[1];
	}

	return NULL;
}

Johannes Berg's avatar
Johannes Berg committed
77 78 79 80 81 82 83 84
/* frame sending functions */
void ieee80211_sta_tx(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb,
		      int encrypt)
{
	skb->dev = sdata->local->mdev;
	skb_set_mac_header(skb, 0);
	skb_set_network_header(skb, 0);
	skb_set_transport_header(skb, 0);
85

Johannes Berg's avatar
Johannes Berg committed
86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128
	skb->iif = sdata->dev->ifindex;
	skb->do_not_encrypt = !encrypt;

	dev_queue_xmit(skb);
}

static void ieee80211_send_auth(struct ieee80211_sub_if_data *sdata,
				struct ieee80211_if_sta *ifsta,
				int transaction, u8 *extra, size_t extra_len,
				int encrypt)
{
	struct ieee80211_local *local = sdata->local;
	struct sk_buff *skb;
	struct ieee80211_mgmt *mgmt;

	skb = dev_alloc_skb(local->hw.extra_tx_headroom +
			    sizeof(*mgmt) + 6 + extra_len);
	if (!skb) {
		printk(KERN_DEBUG "%s: failed to allocate buffer for auth "
		       "frame\n", sdata->dev->name);
		return;
	}
	skb_reserve(skb, local->hw.extra_tx_headroom);

	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24 + 6);
	memset(mgmt, 0, 24 + 6);
	mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
					  IEEE80211_STYPE_AUTH);
	if (encrypt)
		mgmt->frame_control |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
	memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
	memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
	memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
	mgmt->u.auth.auth_alg = cpu_to_le16(ifsta->auth_alg);
	mgmt->u.auth.auth_transaction = cpu_to_le16(transaction);
	ifsta->auth_transaction = transaction + 1;
	mgmt->u.auth.status_code = cpu_to_le16(0);
	if (extra)
		memcpy(skb_put(skb, extra_len), extra, extra_len);

	ieee80211_sta_tx(sdata, skb, encrypt);
}

129 130
void ieee80211_send_probe_req(struct ieee80211_sub_if_data *sdata, u8 *dst,
			      u8 *ssid, size_t ssid_len)
Johannes Berg's avatar
Johannes Berg committed
131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189
{
	struct ieee80211_local *local = sdata->local;
	struct ieee80211_supported_band *sband;
	struct sk_buff *skb;
	struct ieee80211_mgmt *mgmt;
	u8 *pos, *supp_rates, *esupp_rates = NULL;
	int i;

	skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt) + 200);
	if (!skb) {
		printk(KERN_DEBUG "%s: failed to allocate buffer for probe "
		       "request\n", sdata->dev->name);
		return;
	}
	skb_reserve(skb, local->hw.extra_tx_headroom);

	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
	memset(mgmt, 0, 24);
	mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
					  IEEE80211_STYPE_PROBE_REQ);
	memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
	if (dst) {
		memcpy(mgmt->da, dst, ETH_ALEN);
		memcpy(mgmt->bssid, dst, ETH_ALEN);
	} else {
		memset(mgmt->da, 0xff, ETH_ALEN);
		memset(mgmt->bssid, 0xff, ETH_ALEN);
	}
	pos = skb_put(skb, 2 + ssid_len);
	*pos++ = WLAN_EID_SSID;
	*pos++ = ssid_len;
	memcpy(pos, ssid, ssid_len);

	supp_rates = skb_put(skb, 2);
	supp_rates[0] = WLAN_EID_SUPP_RATES;
	supp_rates[1] = 0;
	sband = local->hw.wiphy->bands[local->hw.conf.channel->band];

	for (i = 0; i < sband->n_bitrates; i++) {
		struct ieee80211_rate *rate = &sband->bitrates[i];
		if (esupp_rates) {
			pos = skb_put(skb, 1);
			esupp_rates[1]++;
		} else if (supp_rates[1] == 8) {
			esupp_rates = skb_put(skb, 3);
			esupp_rates[0] = WLAN_EID_EXT_SUPP_RATES;
			esupp_rates[1] = 1;
			pos = &esupp_rates[2];
		} else {
			pos = skb_put(skb, 1);
			supp_rates[1]++;
		}
		*pos = rate->bitrate / 5;
	}

	ieee80211_sta_tx(sdata, skb, 0);
}

/* MLME */
190
static void ieee80211_sta_def_wmm_params(struct ieee80211_sub_if_data *sdata,
191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225
					 struct ieee80211_sta_bss *bss,
					 int ibss)
{
	struct ieee80211_local *local = sdata->local;
	int i, have_higher_than_11mbit = 0;


	/* cf. IEEE 802.11 9.2.12 */
	for (i = 0; i < bss->supp_rates_len; i++)
		if ((bss->supp_rates[i] & 0x7f) * 5 > 110)
			have_higher_than_11mbit = 1;

	if (local->hw.conf.channel->band == IEEE80211_BAND_2GHZ &&
	    have_higher_than_11mbit)
		sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE;
	else
		sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE;


	if (local->ops->conf_tx) {
		struct ieee80211_tx_queue_params qparam;

		memset(&qparam, 0, sizeof(qparam));

		qparam.aifs = 2;

		if (local->hw.conf.channel->band == IEEE80211_BAND_2GHZ &&
		    !(sdata->flags & IEEE80211_SDATA_OPERATING_GMODE))
			qparam.cw_min = 31;
		else
			qparam.cw_min = 15;

		qparam.cw_max = 1023;
		qparam.txop = 0;

Johannes Berg's avatar
Johannes Berg committed
226 227
		for (i = 0; i < local_to_hw(local)->queues; i++)
			local->ops->conf_tx(local_to_hw(local), i, &qparam);
228 229 230
	}
}

231
static void ieee80211_sta_wmm_params(struct ieee80211_local *local,
232 233 234 235 236 237 238 239
				     struct ieee80211_if_sta *ifsta,
				     u8 *wmm_param, size_t wmm_param_len)
{
	struct ieee80211_tx_queue_params params;
	size_t left;
	int count;
	u8 *pos;

240 241 242 243 244 245
	if (!(ifsta->flags & IEEE80211_STA_WMM_ENABLED))
		return;

	if (!wmm_param)
		return;

246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268
	if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1)
		return;
	count = wmm_param[6] & 0x0f;
	if (count == ifsta->wmm_last_param_set)
		return;
	ifsta->wmm_last_param_set = count;

	pos = wmm_param + 8;
	left = wmm_param_len - 8;

	memset(&params, 0, sizeof(params));

	if (!local->ops->conf_tx)
		return;

	local->wmm_acm = 0;
	for (; left >= 4; left -= 4, pos += 4) {
		int aci = (pos[0] >> 5) & 0x03;
		int acm = (pos[0] >> 4) & 0x01;
		int queue;

		switch (aci) {
		case 1:
Johannes Berg's avatar
Johannes Berg committed
269
			queue = 3;
Johannes Berg's avatar
Johannes Berg committed
270
			if (acm)
271 272 273
				local->wmm_acm |= BIT(0) | BIT(3);
			break;
		case 2:
Johannes Berg's avatar
Johannes Berg committed
274
			queue = 1;
Johannes Berg's avatar
Johannes Berg committed
275
			if (acm)
276 277 278
				local->wmm_acm |= BIT(4) | BIT(5);
			break;
		case 3:
Johannes Berg's avatar
Johannes Berg committed
279
			queue = 0;
Johannes Berg's avatar
Johannes Berg committed
280
			if (acm)
281 282 283 284
				local->wmm_acm |= BIT(6) | BIT(7);
			break;
		case 0:
		default:
Johannes Berg's avatar
Johannes Berg committed
285
			queue = 2;
Johannes Berg's avatar
Johannes Berg committed
286
			if (acm)
287 288 289 290 291 292 293
				local->wmm_acm |= BIT(1) | BIT(2);
			break;
		}

		params.aifs = pos[0] & 0x0f;
		params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4);
		params.cw_min = ecw2cw(pos[1] & 0x0f);
294
		params.txop = get_unaligned_le16(pos + 2);
295
#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
296
		printk(KERN_DEBUG "%s: WMM queue=%d aci=%d acm=%d aifs=%d "
297
		       "cWmin=%d cWmax=%d txop=%d\n",
298
		       local->mdev->name, queue, aci, acm, params.aifs, params.cw_min,
299 300
		       params.cw_max, params.txop);
#endif
301 302 303 304
		/* TODO: handle ACM (block TX, fallback to next lowest allowed
		 * AC for now) */
		if (local->ops->conf_tx(local_to_hw(local), queue, &params)) {
			printk(KERN_DEBUG "%s: failed to set TX queue "
305
			       "parameters for queue %d\n", local->mdev->name, queue);
306 307 308 309
		}
	}
}

310 311 312
static u32 ieee80211_handle_protect_preamb(struct ieee80211_sub_if_data *sdata,
					   bool use_protection,
					   bool use_short_preamble)
313
{
314
	struct ieee80211_bss_conf *bss_conf = &sdata->bss_conf;
315
#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
316
	struct ieee80211_if_sta *ifsta = &sdata->u.sta;
317
	DECLARE_MAC_BUF(mac);
318
#endif
319
	u32 changed = 0;
320

321
	if (use_protection != bss_conf->use_cts_prot) {
322
#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
323 324
		if (net_ratelimit()) {
			printk(KERN_DEBUG "%s: CTS protection %s (BSSID="
325
			       "%s)\n",
326
			       sdata->dev->name,
327
			       use_protection ? "enabled" : "disabled",
328
			       print_mac(mac, ifsta->bssid));
329
		}
330
#endif
331 332
		bss_conf->use_cts_prot = use_protection;
		changed |= BSS_CHANGED_ERP_CTS_PROT;
333
	}
334

335
	if (use_short_preamble != bss_conf->use_short_preamble) {
336
#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
337 338
		if (net_ratelimit()) {
			printk(KERN_DEBUG "%s: switched to %s barker preamble"
339
			       " (BSSID=%s)\n",
340
			       sdata->dev->name,
341
			       use_short_preamble ? "short" : "long",
342
			       print_mac(mac, ifsta->bssid));
343
		}
344
#endif
345
		bss_conf->use_short_preamble = use_short_preamble;
346
		changed |= BSS_CHANGED_ERP_PREAMBLE;
347
	}
348

349
	return changed;
350 351
}

352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377
static u32 ieee80211_handle_erp_ie(struct ieee80211_sub_if_data *sdata,
				   u8 erp_value)
{
	bool use_protection = (erp_value & WLAN_ERP_USE_PROTECTION) != 0;
	bool use_short_preamble = (erp_value & WLAN_ERP_BARKER_PREAMBLE) == 0;

	return ieee80211_handle_protect_preamb(sdata,
			use_protection, use_short_preamble);
}

static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata,
					   struct ieee80211_sta_bss *bss)
{
	u32 changed = 0;

	if (bss->has_erp_value)
		changed |= ieee80211_handle_erp_ie(sdata, bss->erp_value);
	else {
		u16 capab = bss->capability;
		changed |= ieee80211_handle_protect_preamb(sdata, false,
				(capab & WLAN_CAPABILITY_SHORT_PREAMBLE) != 0);
	}

	return changed;
}

378 379 380 381 382 383 384 385 386 387 388
static void ieee80211_sta_send_apinfo(struct ieee80211_sub_if_data *sdata,
					struct ieee80211_if_sta *ifsta)
{
	union iwreq_data wrqu;
	memset(&wrqu, 0, sizeof(wrqu));
	if (ifsta->flags & IEEE80211_STA_ASSOCIATED)
		memcpy(wrqu.ap_addr.sa_data, sdata->u.sta.bssid, ETH_ALEN);
	wrqu.ap_addr.sa_family = ARPHRD_ETHER;
	wireless_send_event(sdata->dev, SIOCGIWAP, &wrqu, NULL);
}

389
static void ieee80211_sta_send_associnfo(struct ieee80211_sub_if_data *sdata,
390 391 392 393 394
					 struct ieee80211_if_sta *ifsta)
{
	union iwreq_data wrqu;

	if (ifsta->assocreq_ies) {
395 396
		memset(&wrqu, 0, sizeof(wrqu));
		wrqu.data.length = ifsta->assocreq_ies_len;
397
		wireless_send_event(sdata->dev, IWEVASSOCREQIE, &wrqu,
398
				    ifsta->assocreq_ies);
399
	}
400 401 402
	if (ifsta->assocresp_ies) {
		memset(&wrqu, 0, sizeof(wrqu));
		wrqu.data.length = ifsta->assocresp_ies_len;
403
		wireless_send_event(sdata->dev, IWEVASSOCRESPIE, &wrqu,
404
				    ifsta->assocresp_ies);
405 406 407 408
	}
}


409
static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
410
				     struct ieee80211_if_sta *ifsta)
411
{
412
	struct ieee80211_local *local = sdata->local;
Tomas Winkler's avatar
Tomas Winkler committed
413
	struct ieee80211_conf *conf = &local_to_hw(local)->conf;
414
	u32 changed = BSS_CHANGED_ASSOC;
415

416
	struct ieee80211_sta_bss *bss;
417

418
	ifsta->flags |= IEEE80211_STA_ASSOCIATED;
419

420 421
	if (sdata->vif.type != IEEE80211_IF_TYPE_STA)
		return;
422

423 424 425 426 427 428 429 430
	bss = ieee80211_rx_bss_get(local, ifsta->bssid,
				   conf->channel->center_freq,
				   ifsta->ssid, ifsta->ssid_len);
	if (bss) {
		/* set timing information */
		sdata->bss_conf.beacon_int = bss->beacon_int;
		sdata->bss_conf.timestamp = bss->timestamp;
		sdata->bss_conf.dtim_period = bss->dtim_period;
431

432
		changed |= ieee80211_handle_bss_capability(sdata, bss);
433

434 435
		ieee80211_rx_bss_put(local, bss);
	}
Tomas Winkler's avatar
Tomas Winkler committed
436

437 438 439 440 441 442
	if (conf->flags & IEEE80211_CONF_SUPPORT_HT_MODE) {
		changed |= BSS_CHANGED_HT;
		sdata->bss_conf.assoc_ht = 1;
		sdata->bss_conf.ht_conf = &conf->ht_conf;
		sdata->bss_conf.ht_bss_conf = &conf->ht_bss_conf;
	}
Tomas Winkler's avatar
Tomas Winkler committed
443

444 445 446
	ifsta->flags |= IEEE80211_STA_PREV_BSSID_SET;
	memcpy(ifsta->prev_bssid, sdata->u.sta.bssid, ETH_ALEN);
	ieee80211_sta_send_associnfo(sdata, ifsta);
Tomas Winkler's avatar
Tomas Winkler committed
447

448
	ifsta->last_probe = jiffies;
449
	ieee80211_led_assoc(local, 1);
450

451
	sdata->bss_conf.assoc = 1;
452
	ieee80211_bss_info_change_notify(sdata, changed);
453

454
	netif_tx_start_all_queues(sdata->dev);
455
	netif_carrier_on(sdata->dev);
456

457
	ieee80211_sta_send_apinfo(sdata, ifsta);
458 459
}

460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489
static void ieee80211_direct_probe(struct ieee80211_sub_if_data *sdata,
				   struct ieee80211_if_sta *ifsta)
{
	DECLARE_MAC_BUF(mac);

	ifsta->direct_probe_tries++;
	if (ifsta->direct_probe_tries > IEEE80211_AUTH_MAX_TRIES) {
		printk(KERN_DEBUG "%s: direct probe to AP %s timed out\n",
		       sdata->dev->name, print_mac(mac, ifsta->bssid));
		ifsta->state = IEEE80211_STA_MLME_DISABLED;
		return;
	}

	printk(KERN_DEBUG "%s: direct probe to AP %s try %d\n",
			sdata->dev->name, print_mac(mac, ifsta->bssid),
			ifsta->direct_probe_tries);

	ifsta->state = IEEE80211_STA_MLME_DIRECT_PROBE;

	set_bit(IEEE80211_STA_REQ_DIRECT_PROBE, &ifsta->request);

	/* Direct probe is sent to broadcast address as some APs
	 * will not answer to direct packet in unassociated state.
	 */
	ieee80211_send_probe_req(sdata, NULL,
				 ifsta->ssid, ifsta->ssid_len);

	mod_timer(&ifsta->timer, jiffies + IEEE80211_AUTH_TIMEOUT);
}

490

491
static void ieee80211_authenticate(struct ieee80211_sub_if_data *sdata,
492 493
				   struct ieee80211_if_sta *ifsta)
{
494 495
	DECLARE_MAC_BUF(mac);

496 497
	ifsta->auth_tries++;
	if (ifsta->auth_tries > IEEE80211_AUTH_MAX_TRIES) {
498
		printk(KERN_DEBUG "%s: authentication with AP %s"
499
		       " timed out\n",
500
		       sdata->dev->name, print_mac(mac, ifsta->bssid));
501
		ifsta->state = IEEE80211_STA_MLME_DISABLED;
502 503 504
		return;
	}

505
	ifsta->state = IEEE80211_STA_MLME_AUTHENTICATE;
506
	printk(KERN_DEBUG "%s: authenticate with AP %s\n",
507
	       sdata->dev->name, print_mac(mac, ifsta->bssid));
508

509
	ieee80211_send_auth(sdata, ifsta, 1, NULL, 0, 0);
510 511 512 513

	mod_timer(&ifsta->timer, jiffies + IEEE80211_AUTH_TIMEOUT);
}

514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533
static int ieee80211_compatible_rates(struct ieee80211_sta_bss *bss,
				      struct ieee80211_supported_band *sband,
				      u64 *rates)
{
	int i, j, count;
	*rates = 0;
	count = 0;
	for (i = 0; i < bss->supp_rates_len; i++) {
		int rate = (bss->supp_rates[i] & 0x7F) * 5;

		for (j = 0; j < sband->n_bitrates; j++)
			if (sband->bitrates[j].bitrate == rate) {
				*rates |= BIT(j);
				count++;
				break;
			}
	}

	return count;
}
534

535
static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata,
536 537
				 struct ieee80211_if_sta *ifsta)
{
538
	struct ieee80211_local *local = sdata->local;
539 540
	struct sk_buff *skb;
	struct ieee80211_mgmt *mgmt;
541
	u8 *pos, *ies, *ht_add_ie;
542
	int i, len, count, rates_len, supp_rates_len;
543 544 545
	u16 capab;
	struct ieee80211_sta_bss *bss;
	int wmm = 0;
546
	struct ieee80211_supported_band *sband;
547
	u64 rates = 0;
548 549 550 551 552 553

	skb = dev_alloc_skb(local->hw.extra_tx_headroom +
			    sizeof(*mgmt) + 200 + ifsta->extra_ie_len +
			    ifsta->ssid_len);
	if (!skb) {
		printk(KERN_DEBUG "%s: failed to allocate buffer for assoc "
554
		       "frame\n", sdata->dev->name);
555 556 557 558
		return;
	}
	skb_reserve(skb, local->hw.extra_tx_headroom);

559 560
	sband = local->hw.wiphy->bands[local->hw.conf.channel->band];

561
	capab = ifsta->capab;
562 563 564 565 566 567

	if (local->hw.conf.channel->band == IEEE80211_BAND_2GHZ) {
		if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE))
			capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
		if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE))
			capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
568
	}
569

570
	bss = ieee80211_rx_bss_get(local, ifsta->bssid,
571
				   local->hw.conf.channel->center_freq,
572
				   ifsta->ssid, ifsta->ssid_len);
573 574 575
	if (bss) {
		if (bss->capability & WLAN_CAPABILITY_PRIVACY)
			capab |= WLAN_CAPABILITY_PRIVACY;
576
		if (bss->wmm_used)
577
			wmm = 1;
578 579 580 581 582 583 584

		/* get all rates supported by the device and the AP as
		 * some APs don't like getting a superset of their rates
		 * in the association request (e.g. D-Link DAP 1353 in
		 * b-only mode) */
		rates_len = ieee80211_compatible_rates(bss, sband, &rates);

585 586 587 588
		if ((bss->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) &&
		    (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT))
			capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;

589
		ieee80211_rx_bss_put(local, bss);
590 591 592
	} else {
		rates = ~0;
		rates_len = sband->n_bitrates;
593 594 595 596 597
	}

	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
	memset(mgmt, 0, 24);
	memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
598
	memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
599 600
	memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);

601
	if (ifsta->flags & IEEE80211_STA_PREV_BSSID_SET) {
602
		skb_put(skb, 10);
603 604
		mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
						  IEEE80211_STYPE_REASSOC_REQ);
605
		mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab);
606 607
		mgmt->u.reassoc_req.listen_interval =
				cpu_to_le16(local->hw.conf.listen_interval);
608 609 610 611
		memcpy(mgmt->u.reassoc_req.current_ap, ifsta->prev_bssid,
		       ETH_ALEN);
	} else {
		skb_put(skb, 4);
612 613
		mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
						  IEEE80211_STYPE_ASSOC_REQ);
614
		mgmt->u.assoc_req.capab_info = cpu_to_le16(capab);
615 616
		mgmt->u.reassoc_req.listen_interval =
				cpu_to_le16(local->hw.conf.listen_interval);
617 618 619 620 621 622 623 624
	}

	/* SSID */
	ies = pos = skb_put(skb, 2 + ifsta->ssid_len);
	*pos++ = WLAN_EID_SSID;
	*pos++ = ifsta->ssid_len;
	memcpy(pos, ifsta->ssid, ifsta->ssid_len);

625
	/* add all rates which were marked to be used above */
626 627 628 629
	supp_rates_len = rates_len;
	if (supp_rates_len > 8)
		supp_rates_len = 8;

630
	len = sband->n_bitrates;
631
	pos = skb_put(skb, supp_rates_len + 2);
632
	*pos++ = WLAN_EID_SUPP_RATES;
633
	*pos++ = supp_rates_len;
634

635 636 637
	count = 0;
	for (i = 0; i < sband->n_bitrates; i++) {
		if (BIT(i) & rates) {
638
			int rate = sband->bitrates[i].bitrate;
639
			*pos++ = (u8) (rate / 5);
640 641 642 643 644
			if (++count == 8)
				break;
		}
	}

645
	if (rates_len > count) {
646 647 648 649 650 651 652 653 654
		pos = skb_put(skb, rates_len - count + 2);
		*pos++ = WLAN_EID_EXT_SUPP_RATES;
		*pos++ = rates_len - count;

		for (i++; i < sband->n_bitrates; i++) {
			if (BIT(i) & rates) {
				int rate = sband->bitrates[i].bitrate;
				*pos++ = (u8) (rate / 5);
			}
655 656 657
		}
	}

658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677
	if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) {
		/* 1. power capabilities */
		pos = skb_put(skb, 4);
		*pos++ = WLAN_EID_PWR_CAPABILITY;
		*pos++ = 2;
		*pos++ = 0; /* min tx power */
		*pos++ = local->hw.conf.channel->max_power; /* max tx power */

		/* 2. supported channels */
		/* TODO: get this in reg domain format */
		pos = skb_put(skb, 2 * sband->n_channels + 2);
		*pos++ = WLAN_EID_SUPPORTED_CHANNELS;
		*pos++ = 2 * sband->n_channels;
		for (i = 0; i < sband->n_channels; i++) {
			*pos++ = ieee80211_frequency_to_channel(
					sband->channels[i].center_freq);
			*pos++ = 1; /* one channel in the subband*/
		}
	}

678 679 680 681 682
	if (ifsta->extra_ie) {
		pos = skb_put(skb, ifsta->extra_ie_len);
		memcpy(pos, ifsta->extra_ie, ifsta->extra_ie_len);
	}

683
	if (wmm && (ifsta->flags & IEEE80211_STA_WMM_ENABLED)) {
684 685 686 687 688 689 690 691 692 693 694
		pos = skb_put(skb, 9);
		*pos++ = WLAN_EID_VENDOR_SPECIFIC;
		*pos++ = 7; /* len */
		*pos++ = 0x00; /* Microsoft OUI 00:50:F2 */
		*pos++ = 0x50;
		*pos++ = 0xf2;
		*pos++ = 2; /* WME */
		*pos++ = 0; /* WME info */
		*pos++ = 1; /* WME ver */
		*pos++ = 0;
	}
695

696
	/* wmm support is a must to HT */
697
	if (wmm && (ifsta->flags & IEEE80211_STA_WMM_ENABLED) &&
698 699
	    sband->ht_info.ht_supported &&
	    (ht_add_ie = ieee80211_bss_get_ie(bss, WLAN_EID_HT_EXTRA_INFO))) {
700
		struct ieee80211_ht_addt_info *ht_add_info =
701
			(struct ieee80211_ht_addt_info *)ht_add_ie;
702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721
		u16 cap = sband->ht_info.cap;
		__le16 tmp;
		u32 flags = local->hw.conf.channel->flags;

		switch (ht_add_info->ht_param & IEEE80211_HT_IE_CHA_SEC_OFFSET) {
		case IEEE80211_HT_IE_CHA_SEC_ABOVE:
			if (flags & IEEE80211_CHAN_NO_FAT_ABOVE) {
				cap &= ~IEEE80211_HT_CAP_SUP_WIDTH;
				cap &= ~IEEE80211_HT_CAP_SGI_40;
			}
			break;
		case IEEE80211_HT_IE_CHA_SEC_BELOW:
			if (flags & IEEE80211_CHAN_NO_FAT_BELOW) {
				cap &= ~IEEE80211_HT_CAP_SUP_WIDTH;
				cap &= ~IEEE80211_HT_CAP_SGI_40;
			}
			break;
		}

		tmp = cpu_to_le16(cap);
722 723 724 725 726 727
		pos = skb_put(skb, sizeof(struct ieee80211_ht_cap)+2);
		*pos++ = WLAN_EID_HT_CAPABILITY;
		*pos++ = sizeof(struct ieee80211_ht_cap);
		memset(pos, 0, sizeof(struct ieee80211_ht_cap));
		memcpy(pos, &tmp, sizeof(u16));
		pos += sizeof(u16);
728 729 730 731
		/* TODO: needs a define here for << 2 */
		*pos++ = sband->ht_info.ampdu_factor |
			 (sband->ht_info.ampdu_density << 2);
		memcpy(pos, sband->ht_info.supp_mcs_set, 16);
732
	}
733 734 735

	kfree(ifsta->assocreq_ies);
	ifsta->assocreq_ies_len = (skb->data + skb->len) - ies;
736
	ifsta->assocreq_ies = kmalloc(ifsta->assocreq_ies_len, GFP_KERNEL);
737 738 739
	if (ifsta->assocreq_ies)
		memcpy(ifsta->assocreq_ies, ies, ifsta->assocreq_ies_len);

740
	ieee80211_sta_tx(sdata, skb, 0);
741 742 743
}


744
static void ieee80211_send_deauth(struct ieee80211_sub_if_data *sdata,
745 746
				  struct ieee80211_if_sta *ifsta, u16 reason)
{
747
	struct ieee80211_local *local = sdata->local;
748 749 750 751 752 753
	struct sk_buff *skb;
	struct ieee80211_mgmt *mgmt;

	skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt));
	if (!skb) {
		printk(KERN_DEBUG "%s: failed to allocate buffer for deauth "
754
		       "frame\n", sdata->dev->name);
755 756 757 758 759 760 761
		return;
	}
	skb_reserve(skb, local->hw.extra_tx_headroom);

	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
	memset(mgmt, 0, 24);
	memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
762
	memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
763
	memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
764 765
	mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
					  IEEE80211_STYPE_DEAUTH);
766 767 768
	skb_put(skb, 2);
	mgmt->u.deauth.reason_code = cpu_to_le16(reason);

769
	ieee80211_sta_tx(sdata, skb, 0);
770 771
}

Johannes Berg's avatar
Johannes Berg committed
772 773 774 775 776 777 778
static int ieee80211_sta_wep_configured(struct ieee80211_sub_if_data *sdata)
{
	if (!sdata || !sdata->default_key ||
	    sdata->default_key->conf.alg != ALG_WEP)
		return 0;
	return 1;
}
779

780
static void ieee80211_send_disassoc(struct ieee80211_sub_if_data *sdata,
781 782
				    struct ieee80211_if_sta *ifsta, u16 reason)
{
783
	struct ieee80211_local *local = sdata->local;
784 785 786 787 788 789
	struct sk_buff *skb;
	struct ieee80211_mgmt *mgmt;

	skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt));
	if (!skb) {
		printk(KERN_DEBUG "%s: failed to allocate buffer for disassoc "
790
		       "frame\n", sdata->dev->name);
791 792 793 794 795 796 797
		return;
	}
	skb_reserve(skb, local->hw.extra_tx_headroom);

	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
	memset(mgmt, 0, 24);
	memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
798
	memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
799
	memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
800 801
	mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
					  IEEE80211_STYPE_DISASSOC);
802 803 804
	skb_put(skb, 2);
	mgmt->u.disassoc.reason_code = cpu_to_le16(reason);

805
	ieee80211_sta_tx(sdata, skb, 0);
806 807
}

808 809 810 811 812 813
static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
				   struct ieee80211_if_sta *ifsta, bool deauth,
				   bool self_disconnected, u16 reason)
{
	struct ieee80211_local *local = sdata->local;
	struct sta_info *sta;
814
	u32 changed = BSS_CHANGED_ASSOC;
815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830

	rcu_read_lock();

	sta = sta_info_get(local, ifsta->bssid);
	if (!sta) {
		rcu_read_unlock();
		return;
	}

	if (deauth) {
		ifsta->direct_probe_tries = 0;
		ifsta->auth_tries = 0;
	}
	ifsta->assoc_scan_tries = 0;
	ifsta->assoc_tries = 0;

831
	netif_tx_stop_all_queues(sdata->dev);
832 833 834 835 836 837 838 839 840 841 842
	netif_carrier_off(sdata->dev);

	ieee80211_sta_tear_down_BA_sessions(sdata, sta->addr);

	if (self_disconnected) {
		if (deauth)
			ieee80211_send_deauth(sdata, ifsta, reason);
		else
			ieee80211_send_disassoc(sdata, ifsta, reason);
	}

843 844 845 846 847 848 849 850 851 852 853 854 855 856
	ifsta->flags &= ~IEEE80211_STA_ASSOCIATED;
	changed |= ieee80211_reset_erp_info(sdata);

	if (sdata->bss_conf.assoc_ht)
		changed |= BSS_CHANGED_HT;

	sdata->bss_conf.assoc_ht = 0;
	sdata->bss_conf.ht_conf = NULL;
	sdata->bss_conf.ht_bss_conf = NULL;

	ieee80211_led_assoc(local, 0);
	sdata->bss_conf.assoc = 0;

	ieee80211_sta_send_apinfo(sdata, ifsta);
857 858 859 860 861 862 863 864 865 866

	if (self_disconnected)
		ifsta->state = IEEE80211_STA_MLME_DISABLED;

	sta_info_unlink(&sta);

	rcu_read_unlock();

	sta_info_destroy(sta);
}
867

868
static int ieee80211_privacy_mismatch(struct ieee80211_sub_if_data *sdata,
869 870
				      struct ieee80211_if_sta *ifsta)
{
871
	struct ieee80211_local *local = sdata->local;
872
	struct ieee80211_sta_bss *bss;
873 874 875
	int bss_privacy;
	int wep_privacy;
	int privacy_invoked;
876

877
	if (!ifsta || (ifsta->flags & IEEE80211_STA_MIXED_CELL))
878 879
		return 0;

880
	bss = ieee80211_rx_bss_get(local, ifsta->bssid,
881
				   local->hw.conf.channel->center_freq,
882
				   ifsta->ssid, ifsta->ssid_len);
883 884 885
	if (!bss)
		return 0;

886
	bss_privacy = !!(bss->capability & WLAN_CAPABILITY_PRIVACY);
887
	wep_privacy = !!ieee80211_sta_wep_configured(sdata);
888
	privacy_invoked = !!(ifsta->flags & IEEE80211_STA_PRIVACY_INVOKED);
889

890
	ieee80211_rx_bss_put(local, bss);
891

892 893 894 895
	if ((bss_privacy == wep_privacy) || (bss_privacy == privacy_invoked))
		return 0;

	return 1;
896 897
}

898
static void ieee80211_associate(struct ieee80211_sub_if_data *sdata,
899 900
				struct ieee80211_if_sta *ifsta)
{
901 902
	DECLARE_MAC_BUF(mac);

903 904
	ifsta->assoc_tries++;
	if (ifsta->assoc_tries > IEEE80211_ASSOC_MAX_TRIES) {
905
		printk(KERN_DEBUG "%s: association with AP %s"
906
		       " timed out\n",
907
		       sdata->dev->name, print_mac(mac, ifsta->bssid));
908
		ifsta->state = IEEE80211_STA_MLME_DISABLED;
909 910 911
		return;
	}

912
	ifsta->state = IEEE80211_STA_MLME_ASSOCIATE;
913
	printk(KERN_DEBUG "%s: associate with AP %s\n",
914 915
	       sdata->dev->name, print_mac(mac, ifsta->bssid));
	if (ieee80211_privacy_mismatch(sdata, ifsta)) {
916
		printk(KERN_DEBUG "%s: mismatch in privacy configuration and "
917
		       "mixed-cell disabled - abort association\n", sdata->dev->name);
918
		ifsta->state = IEEE80211_STA_MLME_DISABLED;
919 920 921
		return;
	}

922
	ieee80211_send_assoc(sdata, ifsta);
923 924 925 926 927

	mod_timer(&ifsta->timer, jiffies + IEEE80211_ASSOC_TIMEOUT);
}


928
static void ieee80211_associated(struct ieee80211_sub_if_data *sdata,
929 930
				 struct ieee80211_if_sta *ifsta)
{
931
	struct ieee80211_local *local = sdata->local;
932 933
	struct sta_info *sta;
	int disassoc;
934
	DECLARE_MAC_BUF(mac);
935 936 937 938 939 940

	/* TODO: start monitoring current AP signal quality and number of
	 * missed beacons. Scan other channels every now and then and search
	 * for better APs. */
	/* TODO: remove expired BSSes */

941
	ifsta->state = IEEE80211_STA_MLME_ASSOCIATED;
942

943 944
	rcu_read_lock();

945 946
	sta = sta_info_get(local, ifsta->bssid);
	if (!sta) {
947
		printk(KERN_DEBUG "%s: No STA entry for own AP %s\n",
948
		       sdata->dev->name, print_mac(mac, ifsta->bssid));
949 950 951 952 953
		disassoc = 1;
	} else {
		disassoc = 0;
		if (time_after(jiffies,
			       sta->last_rx + IEEE80211_MONITORING_INTERVAL)) {
954
			if (ifsta->flags & IEEE80211_STA_PROBEREQ_POLL) {
955
				printk(KERN_DEBUG "%s: No ProbeResp from "
956
				       "current AP %s - assume out of "
957
				       "range\n",
958
				       sdata->dev->name, print_mac(mac, ifsta->bssid));
959
				disassoc = 1;
960
			} else
961
				ieee80211_send_probe_req(sdata, ifsta->bssid,
962 963
							 local->scan_ssid,
							 local->scan_ssid_len);
964
			ifsta->flags ^= IEEE80211_STA_PROBEREQ_POLL;
965
		} else {
966
			ifsta->flags &= ~IEEE80211_STA_PROBEREQ_POLL;
967 968 969
			if (time_after(jiffies, ifsta->last_probe +
				       IEEE80211_PROBE_INTERVAL)) {
				ifsta->last_probe = jiffies;
970
				ieee80211_send_probe_req(sdata, ifsta->bssid,
971 972 973 974 975
							 ifsta->ssid,
							 ifsta->ssid_len);
			}
		}
	}
976 977 978

	rcu_read_unlock();

Johannes Berg's avatar
Johannes Berg committed
979 980 981 982 983 984
	if (disassoc)
		ieee80211_set_disassoc(sdata, ifsta, true, true,
					WLAN_REASON_PREV_AUTH_NOT_VALID);
	else
		mod_timer(&ifsta->timer, jiffies +
				      IEEE80211_MONITORING_INTERVAL);
985 986 987
}


988
static void ieee80211_auth_completed(struct ieee80211_sub_if_data *sdata,
989 990
				     struct ieee80211_if_sta *ifsta)
{
991
	printk(KERN_DEBUG "%s: authenticated\n", sdata->dev->name);
992
	ifsta->flags |= IEEE80211_STA_AUTHENTICATED;
993
	ieee80211_associate(sdata, ifsta);
994 995 996
}


997
static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata,
998 999 1000 1001 1002 1003 1004 1005
				     struct ieee80211_if_sta *ifsta,
				     struct ieee80211_mgmt *mgmt,
				     size_t len)
{
	u8 *pos;
	struct ieee802_11_elems elems;

	pos = mgmt->u.auth.variable;
1006
	ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
1007
	if (!elems.challenge)
1008
		return;
1009
	ieee80211_send_auth(sdata, ifsta, 3, elems.challenge - 2,
1010 1011 1012
			    elems.challenge_len + 2, 1);
}

1013
static void ieee80211_send_addba_resp(struct ieee80211_sub_if_data *sdata, u8 *da, u16 tid,
1014 1015 1016 1017
					u8 dialog_token, u16 status, u16 policy,
					u16 buf_size, u16 timeout)
{
	struct ieee80211_if_sta *ifsta = &sdata->u.sta;
1018
	struct ieee80211_local *local = sdata->local;
1019 1020 1021 1022
	struct sk_buff *skb;
	struct ieee80211_mgmt *mgmt;
	u16 capab;

1023 1024
	skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom);

1025 1026
	if (!skb) {
		printk(KERN_DEBUG "%s: failed to allocate buffer "
1027
		       "for addba resp frame\n", sdata->dev->name);
1028 1029 1030 1031 1032 1033 1034
		return;
	}

	skb_reserve(skb, local->hw.extra_tx_headroom);
	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
	memset(mgmt, 0, 24);
	memcpy(mgmt->da, da, ETH_ALEN);
1035
	memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
1036
	if (sdata->vif.type == IEEE80211_IF_TYPE_AP)
1037
		memcpy(mgmt->bssid, sdata->dev->dev_addr, ETH_ALEN);
1038 1039
	else
		memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
1040 1041
	mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
					  IEEE80211_STYPE_ACTION);
1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055

	skb_put(skb, 1 + sizeof(mgmt->u.action.u.addba_resp));
	mgmt->u.action.category = WLAN_CATEGORY_BACK;
	mgmt->u.action.u.addba_resp.action_code = WLAN_ACTION_ADDBA_RESP;
	mgmt->u.action.u.addba_resp.dialog_token = dialog_token;

	capab = (u16)(policy << 1);	/* bit 1 aggregation policy */
	capab |= (u16)(tid << 2); 	/* bit 5:2 TID number */
	capab |= (u16)(buf_size << 6);	/* bit 15:6 max size of aggregation */

	mgmt->u.action.u.addba_resp.capab = cpu_to_le16(capab);
	mgmt->u.action.u.addba_resp.timeout = cpu_to_le16(timeout);
	mgmt->u.action.u.addba_resp.status = cpu_to_le16(status);

1056
	ieee80211_sta_tx(sdata, skb, 0);
1057 1058 1059 1060

	return;
}

Johannes Berg's avatar
Johannes Berg committed
1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084
/*
 * After accepting the AddBA Request we activated a timer,
 * resetting it after each frame that arrives from the originator.
 * if this timer expires ieee80211_sta_stop_rx_ba_session will be executed.
 */
static void sta_rx_agg_session_timer_expired(unsigned long data)
{
	/* not an elegant detour, but there is no choice as the timer passes
	 * only one argument, and various sta_info are needed here, so init
	 * flow in sta_info_create gives the TID as data, while the timer_to_id
	 * array gives the sta through container_of */
	u8 *ptid = (u8 *)data;
	u8 *timer_to_id = ptid - *ptid;
	struct sta_info *sta = container_of(timer_to_id, struct sta_info,
					 timer_to_tid[0]);

#ifdef CONFIG_MAC80211_HT_DEBUG
	printk(KERN_DEBUG "rx session timer expired on tid %d\n", (u16)*ptid);
#endif
	ieee80211_sta_stop_rx_ba_session(sta->sdata, sta->addr,
					 (u16)*ptid, WLAN_BACK_TIMER,
					 WLAN_REASON_QSTA_TIMEOUT);
}

1085
static void ieee80211_sta_process_addba_request(struct ieee80211_local *local,
1086 1087 1088
						struct ieee80211_mgmt *mgmt,
						size_t len)
{
1089 1090
	struct ieee80211_hw *hw = &local->hw;
	struct ieee80211_conf *conf = &hw->conf;
1091
	struct sta_info *sta;
1092 1093
	struct tid_ampdu_rx *tid_agg_rx;
	u16 capab, tid, timeout, ba_policy, buf_size, start_seq_num, status;
1094
	u8 dialog_token;
1095 1096
	int ret = -EOPNOTSUPP;
	DECLARE_MAC_BUF(mac);
1097

1098 1099
	rcu_read_lock();

1100
	sta = sta_info_get(local, mgmt->sa);
1101 1102
	if (!sta) {
		rcu_read_unlock();
1103
		return;
1104
	}
1105 1106 1107 1108

	/* extract session parameters from addba request frame */
	dialog_token = mgmt->u.action.u.addba_req.dialog_token;
	timeout = le16_to_cpu(mgmt->u.action.u.addba_req.timeout);
1109 1110
	start_seq_num =
		le16_to_cpu(mgmt->u.action.u.addba_req.start_seq_num) >> 4;
1111 1112 1113 1114 1115 1116 1117 1118

	capab = le16_to_cpu(mgmt->u.action.u.addba_req.capab);
	ba_policy = (capab & IEEE80211_ADDBA_PARAM_POLICY_MASK) >> 1;
	tid = (capab & IEEE80211_ADDBA_PARAM_TID_MASK) >> 2;
	buf_size = (capab & IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK) >> 6;

	status = WLAN_STATUS_REQUEST_DECLINED;

1119 1120 1121 1122 1123 1124 1125 1126 1127
	/* sanity check for incoming parameters:
	 * check if configuration can support the BA policy
	 * and if buffer size does not exceeds max value */
	if (((ba_policy != 1)
		&& (!(conf->ht_conf.cap & IEEE80211_HT_CAP_DELAY_BA)))
		|| (buf_size > IEEE80211_MAX_AMPDU_BUF)) {
		status = WLAN_STATUS_INVALID_QOS_PARAM;
#ifdef CONFIG_MAC80211_HT_DEBUG
		if (net_ratelimit())
1128
			printk(KERN_DEBUG "AddBA Req with bad params from "
1129 1130 1131 1132 1133 1134 1135 1136
				"%s on tid %u. policy %d, buffer size %d\n",
				print_mac(mac, mgmt->sa), tid, ba_policy,
				buf_size);
#endif /* CONFIG_MAC80211_HT_DEBUG */
		goto end_no_lock;
	}
	/* determine default buffer size */
	if (buf_size == 0) {
1137 1138 1139
		struct ieee80211_supported_band *sband;

		sband = local->hw.wiphy->bands[conf->channel->band];
1140
		buf_size = IEEE80211_MIN_AMPDU_BUF;
1141
		buf_size = buf_size << sband->ht_info.ampdu_factor;
1142 1143 1144 1145
	}


	/* examine state machine */
1146
	spin_lock_bh(&sta->lock);
1147

1148
	if (sta->ampdu_mlme.tid_state_rx[tid] != HT_AGG_STATE_IDLE) {
1149 1150
#ifdef CONFIG_MAC80211_HT_DEBUG
		if (net_ratelimit())
1151
			printk(KERN_DEBUG "unexpected AddBA Req from "
1152 1153 1154 1155 1156 1157
				"%s on tid %u\n",
				print_mac(mac, mgmt->sa), tid);
#endif /* CONFIG_MAC80211_HT_DEBUG */
		goto end;
	}

1158 1159 1160 1161
	/* prepare A-MPDU MLME for Rx aggregation */
	sta->ampdu_mlme.tid_rx[tid] =
			kmalloc(sizeof(struct tid_ampdu_rx), GFP_ATOMIC);
	if (!sta->ampdu_mlme.tid_rx[tid]) {
1162
#ifdef CONFIG_MAC80211_HT_DEBUG
1163 1164 1165
		if (net_ratelimit())
			printk(KERN_ERR "allocate rx mlme to tid %d failed\n",
					tid);
1166
#endif
1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177
		goto end;
	}
	/* rx timer */
	sta->ampdu_mlme.tid_rx[tid]->session_timer.function =
				sta_rx_agg_session_timer_expired;
	sta->ampdu_mlme.tid_rx[tid]->session_timer.data =
				(unsigned long)&sta->timer_to_tid[tid];
	init_timer(&sta->ampdu_mlme.tid_rx[tid]->session_timer);

	tid_agg_rx = sta->ampdu_mlme.tid_rx[tid];

1178 1179
	/* prepare reordering buffer */
	tid_agg_rx->reorder_buf =
1180
		kmalloc(buf_size * sizeof(struct sk_buff *), GFP_ATOMIC);
1181
	if (!tid_agg_rx->reorder_buf) {
1182
#ifdef CONFIG_MAC80211_HT_DEBUG
1183 1184 1185
		if (net_ratelimit())
			printk(KERN_ERR "can not allocate reordering buffer "
			       "to tid %d\n", tid);
1186
#endif
1187
		kfree(sta->ampdu_mlme.tid_rx[tid]);
1188 1189 1190
		goto end;
	}
	memset(tid_agg_rx->reorder_buf, 0,
1191
		buf_size * sizeof(struct sk_buff *));
1192 1193 1194

	if (local->ops->ampdu_action)
		ret = local->ops->ampdu_action(hw, IEEE80211_AMPDU_RX_START,