mlme.c 87 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13
/*
 * BSS client mode implementation
 * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi>
 * Copyright 2004, Instant802 Networks, Inc.
 * Copyright 2005, Devicescape Software, Inc.
 * Copyright 2006-2007	Jiri Benc <jbenc@suse.cz>
 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 */

14
#include <linux/delay.h>
15 16 17 18 19 20 21
#include <linux/if_ether.h>
#include <linux/skbuff.h>
#include <linux/netdevice.h>
#include <linux/if_arp.h>
#include <linux/wireless.h>
#include <linux/random.h>
#include <linux/etherdevice.h>
22
#include <linux/rtnetlink.h>
23 24
#include <net/iw_handler.h>
#include <net/mac80211.h>
Johannes Berg's avatar
Johannes Berg committed
25

26
#include "ieee80211_i.h"
Johannes Berg's avatar
Johannes Berg committed
27 28
#include "rate.h"
#include "led.h"
29
#include "mesh.h"
30

31
#define IEEE80211_ASSOC_SCANS_MAX_TRIES 2
32 33 34 35 36
#define IEEE80211_AUTH_TIMEOUT (HZ / 5)
#define IEEE80211_AUTH_MAX_TRIES 3
#define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
#define IEEE80211_ASSOC_MAX_TRIES 3
#define IEEE80211_MONITORING_INTERVAL (2 * HZ)
37
#define IEEE80211_MESH_HOUSEKEEPING_INTERVAL (60 * HZ)
38 39 40 41
#define IEEE80211_PROBE_INTERVAL (60 * HZ)
#define IEEE80211_RETRY_AUTH_INTERVAL (1 * HZ)
#define IEEE80211_SCAN_INTERVAL (2 * HZ)
#define IEEE80211_SCAN_INTERVAL_SLOW (15 * HZ)
42
#define IEEE80211_IBSS_JOIN_TIMEOUT (7 * HZ)
43 44 45

#define IEEE80211_IBSS_MERGE_INTERVAL (30 * HZ)
#define IEEE80211_IBSS_INACTIVITY_LIMIT (60 * HZ)
46
#define IEEE80211_MESH_PEER_INACTIVITY_LIMIT (1800 * HZ)
47 48 49 50

#define IEEE80211_IBSS_MAX_STA_ENTRIES 128


51 52
/* utils */
static int ecw2cw(int ecw)
Johannes Berg's avatar
Johannes Berg committed
53
{
54
	return (1 << ecw) - 1;
Johannes Berg's avatar
Johannes Berg committed
55 56 57
}

static u8 *ieee80211_bss_get_ie(struct ieee80211_sta_bss *bss, u8 ie)
58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76
{
	u8 *end, *pos;

	pos = bss->ies;
	if (pos == NULL)
		return NULL;
	end = pos + bss->ies_len;

	while (pos + 1 < end) {
		if (pos + 2 + pos[1] > end)
			break;
		if (pos[0] == ie)
			return pos;
		pos += 2 + pos[1];
	}

	return NULL;
}

Johannes Berg's avatar
Johannes Berg committed
77 78 79 80 81 82 83 84
/* frame sending functions */
void ieee80211_sta_tx(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb,
		      int encrypt)
{
	skb->dev = sdata->local->mdev;
	skb_set_mac_header(skb, 0);
	skb_set_network_header(skb, 0);
	skb_set_transport_header(skb, 0);
85

Johannes Berg's avatar
Johannes Berg committed
86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128
	skb->iif = sdata->dev->ifindex;
	skb->do_not_encrypt = !encrypt;

	dev_queue_xmit(skb);
}

static void ieee80211_send_auth(struct ieee80211_sub_if_data *sdata,
				struct ieee80211_if_sta *ifsta,
				int transaction, u8 *extra, size_t extra_len,
				int encrypt)
{
	struct ieee80211_local *local = sdata->local;
	struct sk_buff *skb;
	struct ieee80211_mgmt *mgmt;

	skb = dev_alloc_skb(local->hw.extra_tx_headroom +
			    sizeof(*mgmt) + 6 + extra_len);
	if (!skb) {
		printk(KERN_DEBUG "%s: failed to allocate buffer for auth "
		       "frame\n", sdata->dev->name);
		return;
	}
	skb_reserve(skb, local->hw.extra_tx_headroom);

	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24 + 6);
	memset(mgmt, 0, 24 + 6);
	mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
					  IEEE80211_STYPE_AUTH);
	if (encrypt)
		mgmt->frame_control |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
	memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
	memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
	memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
	mgmt->u.auth.auth_alg = cpu_to_le16(ifsta->auth_alg);
	mgmt->u.auth.auth_transaction = cpu_to_le16(transaction);
	ifsta->auth_transaction = transaction + 1;
	mgmt->u.auth.status_code = cpu_to_le16(0);
	if (extra)
		memcpy(skb_put(skb, extra_len), extra, extra_len);

	ieee80211_sta_tx(sdata, skb, encrypt);
}

129 130
void ieee80211_send_probe_req(struct ieee80211_sub_if_data *sdata, u8 *dst,
			      u8 *ssid, size_t ssid_len)
Johannes Berg's avatar
Johannes Berg committed
131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189
{
	struct ieee80211_local *local = sdata->local;
	struct ieee80211_supported_band *sband;
	struct sk_buff *skb;
	struct ieee80211_mgmt *mgmt;
	u8 *pos, *supp_rates, *esupp_rates = NULL;
	int i;

	skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt) + 200);
	if (!skb) {
		printk(KERN_DEBUG "%s: failed to allocate buffer for probe "
		       "request\n", sdata->dev->name);
		return;
	}
	skb_reserve(skb, local->hw.extra_tx_headroom);

	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
	memset(mgmt, 0, 24);
	mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
					  IEEE80211_STYPE_PROBE_REQ);
	memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
	if (dst) {
		memcpy(mgmt->da, dst, ETH_ALEN);
		memcpy(mgmt->bssid, dst, ETH_ALEN);
	} else {
		memset(mgmt->da, 0xff, ETH_ALEN);
		memset(mgmt->bssid, 0xff, ETH_ALEN);
	}
	pos = skb_put(skb, 2 + ssid_len);
	*pos++ = WLAN_EID_SSID;
	*pos++ = ssid_len;
	memcpy(pos, ssid, ssid_len);

	supp_rates = skb_put(skb, 2);
	supp_rates[0] = WLAN_EID_SUPP_RATES;
	supp_rates[1] = 0;
	sband = local->hw.wiphy->bands[local->hw.conf.channel->band];

	for (i = 0; i < sband->n_bitrates; i++) {
		struct ieee80211_rate *rate = &sband->bitrates[i];
		if (esupp_rates) {
			pos = skb_put(skb, 1);
			esupp_rates[1]++;
		} else if (supp_rates[1] == 8) {
			esupp_rates = skb_put(skb, 3);
			esupp_rates[0] = WLAN_EID_EXT_SUPP_RATES;
			esupp_rates[1] = 1;
			pos = &esupp_rates[2];
		} else {
			pos = skb_put(skb, 1);
			supp_rates[1]++;
		}
		*pos = rate->bitrate / 5;
	}

	ieee80211_sta_tx(sdata, skb, 0);
}

/* MLME */
190
static void ieee80211_sta_def_wmm_params(struct ieee80211_sub_if_data *sdata,
191
					 struct ieee80211_sta_bss *bss)
192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224
{
	struct ieee80211_local *local = sdata->local;
	int i, have_higher_than_11mbit = 0;


	/* cf. IEEE 802.11 9.2.12 */
	for (i = 0; i < bss->supp_rates_len; i++)
		if ((bss->supp_rates[i] & 0x7f) * 5 > 110)
			have_higher_than_11mbit = 1;

	if (local->hw.conf.channel->band == IEEE80211_BAND_2GHZ &&
	    have_higher_than_11mbit)
		sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE;
	else
		sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE;


	if (local->ops->conf_tx) {
		struct ieee80211_tx_queue_params qparam;

		memset(&qparam, 0, sizeof(qparam));

		qparam.aifs = 2;

		if (local->hw.conf.channel->band == IEEE80211_BAND_2GHZ &&
		    !(sdata->flags & IEEE80211_SDATA_OPERATING_GMODE))
			qparam.cw_min = 31;
		else
			qparam.cw_min = 15;

		qparam.cw_max = 1023;
		qparam.txop = 0;

Johannes Berg's avatar
Johannes Berg committed
225 226
		for (i = 0; i < local_to_hw(local)->queues; i++)
			local->ops->conf_tx(local_to_hw(local), i, &qparam);
227 228 229
	}
}

230
static void ieee80211_sta_wmm_params(struct ieee80211_local *local,
231 232 233 234 235 236 237 238
				     struct ieee80211_if_sta *ifsta,
				     u8 *wmm_param, size_t wmm_param_len)
{
	struct ieee80211_tx_queue_params params;
	size_t left;
	int count;
	u8 *pos;

239 240 241 242 243 244
	if (!(ifsta->flags & IEEE80211_STA_WMM_ENABLED))
		return;

	if (!wmm_param)
		return;

245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267
	if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1)
		return;
	count = wmm_param[6] & 0x0f;
	if (count == ifsta->wmm_last_param_set)
		return;
	ifsta->wmm_last_param_set = count;

	pos = wmm_param + 8;
	left = wmm_param_len - 8;

	memset(&params, 0, sizeof(params));

	if (!local->ops->conf_tx)
		return;

	local->wmm_acm = 0;
	for (; left >= 4; left -= 4, pos += 4) {
		int aci = (pos[0] >> 5) & 0x03;
		int acm = (pos[0] >> 4) & 0x01;
		int queue;

		switch (aci) {
		case 1:
Johannes Berg's avatar
Johannes Berg committed
268
			queue = 3;
Johannes Berg's avatar
Johannes Berg committed
269
			if (acm)
270 271 272
				local->wmm_acm |= BIT(0) | BIT(3);
			break;
		case 2:
Johannes Berg's avatar
Johannes Berg committed
273
			queue = 1;
Johannes Berg's avatar
Johannes Berg committed
274
			if (acm)
275 276 277
				local->wmm_acm |= BIT(4) | BIT(5);
			break;
		case 3:
Johannes Berg's avatar
Johannes Berg committed
278
			queue = 0;
Johannes Berg's avatar
Johannes Berg committed
279
			if (acm)
280 281 282 283
				local->wmm_acm |= BIT(6) | BIT(7);
			break;
		case 0:
		default:
Johannes Berg's avatar
Johannes Berg committed
284
			queue = 2;
Johannes Berg's avatar
Johannes Berg committed
285
			if (acm)
286 287 288 289 290 291 292
				local->wmm_acm |= BIT(1) | BIT(2);
			break;
		}

		params.aifs = pos[0] & 0x0f;
		params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4);
		params.cw_min = ecw2cw(pos[1] & 0x0f);
293
		params.txop = get_unaligned_le16(pos + 2);
294
#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
295
		printk(KERN_DEBUG "%s: WMM queue=%d aci=%d acm=%d aifs=%d "
296
		       "cWmin=%d cWmax=%d txop=%d\n",
297
		       local->mdev->name, queue, aci, acm, params.aifs, params.cw_min,
298 299
		       params.cw_max, params.txop);
#endif
300 301 302 303
		/* TODO: handle ACM (block TX, fallback to next lowest allowed
		 * AC for now) */
		if (local->ops->conf_tx(local_to_hw(local), queue, &params)) {
			printk(KERN_DEBUG "%s: failed to set TX queue "
304
			       "parameters for queue %d\n", local->mdev->name, queue);
305 306 307 308
		}
	}
}

309 310 311
static u32 ieee80211_handle_protect_preamb(struct ieee80211_sub_if_data *sdata,
					   bool use_protection,
					   bool use_short_preamble)
312
{
313
	struct ieee80211_bss_conf *bss_conf = &sdata->bss_conf;
314
#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
315
	struct ieee80211_if_sta *ifsta = &sdata->u.sta;
316
	DECLARE_MAC_BUF(mac);
317
#endif
318
	u32 changed = 0;
319

320
	if (use_protection != bss_conf->use_cts_prot) {
321
#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
322 323
		if (net_ratelimit()) {
			printk(KERN_DEBUG "%s: CTS protection %s (BSSID="
324
			       "%s)\n",
325
			       sdata->dev->name,
326
			       use_protection ? "enabled" : "disabled",
327
			       print_mac(mac, ifsta->bssid));
328
		}
329
#endif
330 331
		bss_conf->use_cts_prot = use_protection;
		changed |= BSS_CHANGED_ERP_CTS_PROT;
332
	}
333

334
	if (use_short_preamble != bss_conf->use_short_preamble) {
335
#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
336 337
		if (net_ratelimit()) {
			printk(KERN_DEBUG "%s: switched to %s barker preamble"
338
			       " (BSSID=%s)\n",
339
			       sdata->dev->name,
340
			       use_short_preamble ? "short" : "long",
341
			       print_mac(mac, ifsta->bssid));
342
		}
343
#endif
344
		bss_conf->use_short_preamble = use_short_preamble;
345
		changed |= BSS_CHANGED_ERP_PREAMBLE;
346
	}
347

348
	return changed;
349 350
}

351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376
static u32 ieee80211_handle_erp_ie(struct ieee80211_sub_if_data *sdata,
				   u8 erp_value)
{
	bool use_protection = (erp_value & WLAN_ERP_USE_PROTECTION) != 0;
	bool use_short_preamble = (erp_value & WLAN_ERP_BARKER_PREAMBLE) == 0;

	return ieee80211_handle_protect_preamb(sdata,
			use_protection, use_short_preamble);
}

static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata,
					   struct ieee80211_sta_bss *bss)
{
	u32 changed = 0;

	if (bss->has_erp_value)
		changed |= ieee80211_handle_erp_ie(sdata, bss->erp_value);
	else {
		u16 capab = bss->capability;
		changed |= ieee80211_handle_protect_preamb(sdata, false,
				(capab & WLAN_CAPABILITY_SHORT_PREAMBLE) != 0);
	}

	return changed;
}

377 378 379 380 381 382 383 384 385 386 387
static void ieee80211_sta_send_apinfo(struct ieee80211_sub_if_data *sdata,
					struct ieee80211_if_sta *ifsta)
{
	union iwreq_data wrqu;
	memset(&wrqu, 0, sizeof(wrqu));
	if (ifsta->flags & IEEE80211_STA_ASSOCIATED)
		memcpy(wrqu.ap_addr.sa_data, sdata->u.sta.bssid, ETH_ALEN);
	wrqu.ap_addr.sa_family = ARPHRD_ETHER;
	wireless_send_event(sdata->dev, SIOCGIWAP, &wrqu, NULL);
}

388
static void ieee80211_sta_send_associnfo(struct ieee80211_sub_if_data *sdata,
389 390 391 392 393
					 struct ieee80211_if_sta *ifsta)
{
	union iwreq_data wrqu;

	if (ifsta->assocreq_ies) {
394 395
		memset(&wrqu, 0, sizeof(wrqu));
		wrqu.data.length = ifsta->assocreq_ies_len;
396
		wireless_send_event(sdata->dev, IWEVASSOCREQIE, &wrqu,
397
				    ifsta->assocreq_ies);
398
	}
399 400 401
	if (ifsta->assocresp_ies) {
		memset(&wrqu, 0, sizeof(wrqu));
		wrqu.data.length = ifsta->assocresp_ies_len;
402
		wireless_send_event(sdata->dev, IWEVASSOCRESPIE, &wrqu,
403
				    ifsta->assocresp_ies);
404 405 406 407
	}
}


408
static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
409
				     struct ieee80211_if_sta *ifsta)
410
{
411
	struct ieee80211_local *local = sdata->local;
Tomas Winkler's avatar
Tomas Winkler committed
412
	struct ieee80211_conf *conf = &local_to_hw(local)->conf;
413
	u32 changed = BSS_CHANGED_ASSOC;
414

415
	struct ieee80211_sta_bss *bss;
416

417
	ifsta->flags |= IEEE80211_STA_ASSOCIATED;
418

419 420
	if (sdata->vif.type != IEEE80211_IF_TYPE_STA)
		return;
421

422 423 424 425 426 427 428 429
	bss = ieee80211_rx_bss_get(local, ifsta->bssid,
				   conf->channel->center_freq,
				   ifsta->ssid, ifsta->ssid_len);
	if (bss) {
		/* set timing information */
		sdata->bss_conf.beacon_int = bss->beacon_int;
		sdata->bss_conf.timestamp = bss->timestamp;
		sdata->bss_conf.dtim_period = bss->dtim_period;
430

431
		changed |= ieee80211_handle_bss_capability(sdata, bss);
432

433 434
		ieee80211_rx_bss_put(local, bss);
	}
Tomas Winkler's avatar
Tomas Winkler committed
435

436 437 438 439 440 441
	if (conf->flags & IEEE80211_CONF_SUPPORT_HT_MODE) {
		changed |= BSS_CHANGED_HT;
		sdata->bss_conf.assoc_ht = 1;
		sdata->bss_conf.ht_conf = &conf->ht_conf;
		sdata->bss_conf.ht_bss_conf = &conf->ht_bss_conf;
	}
Tomas Winkler's avatar
Tomas Winkler committed
442

443 444 445
	ifsta->flags |= IEEE80211_STA_PREV_BSSID_SET;
	memcpy(ifsta->prev_bssid, sdata->u.sta.bssid, ETH_ALEN);
	ieee80211_sta_send_associnfo(sdata, ifsta);
Tomas Winkler's avatar
Tomas Winkler committed
446

447
	ifsta->last_probe = jiffies;
448
	ieee80211_led_assoc(local, 1);
449

450
	sdata->bss_conf.assoc = 1;
451
	ieee80211_bss_info_change_notify(sdata, changed);
452

453
	netif_tx_start_all_queues(sdata->dev);
454
	netif_carrier_on(sdata->dev);
455

456
	ieee80211_sta_send_apinfo(sdata, ifsta);
457 458
}

459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488
static void ieee80211_direct_probe(struct ieee80211_sub_if_data *sdata,
				   struct ieee80211_if_sta *ifsta)
{
	DECLARE_MAC_BUF(mac);

	ifsta->direct_probe_tries++;
	if (ifsta->direct_probe_tries > IEEE80211_AUTH_MAX_TRIES) {
		printk(KERN_DEBUG "%s: direct probe to AP %s timed out\n",
		       sdata->dev->name, print_mac(mac, ifsta->bssid));
		ifsta->state = IEEE80211_STA_MLME_DISABLED;
		return;
	}

	printk(KERN_DEBUG "%s: direct probe to AP %s try %d\n",
			sdata->dev->name, print_mac(mac, ifsta->bssid),
			ifsta->direct_probe_tries);

	ifsta->state = IEEE80211_STA_MLME_DIRECT_PROBE;

	set_bit(IEEE80211_STA_REQ_DIRECT_PROBE, &ifsta->request);

	/* Direct probe is sent to broadcast address as some APs
	 * will not answer to direct packet in unassociated state.
	 */
	ieee80211_send_probe_req(sdata, NULL,
				 ifsta->ssid, ifsta->ssid_len);

	mod_timer(&ifsta->timer, jiffies + IEEE80211_AUTH_TIMEOUT);
}

489

490
static void ieee80211_authenticate(struct ieee80211_sub_if_data *sdata,
491 492
				   struct ieee80211_if_sta *ifsta)
{
493 494
	DECLARE_MAC_BUF(mac);

495 496
	ifsta->auth_tries++;
	if (ifsta->auth_tries > IEEE80211_AUTH_MAX_TRIES) {
497
		printk(KERN_DEBUG "%s: authentication with AP %s"
498
		       " timed out\n",
499
		       sdata->dev->name, print_mac(mac, ifsta->bssid));
500
		ifsta->state = IEEE80211_STA_MLME_DISABLED;
501 502 503
		return;
	}

504
	ifsta->state = IEEE80211_STA_MLME_AUTHENTICATE;
505
	printk(KERN_DEBUG "%s: authenticate with AP %s\n",
506
	       sdata->dev->name, print_mac(mac, ifsta->bssid));
507

508
	ieee80211_send_auth(sdata, ifsta, 1, NULL, 0, 0);
509 510 511 512

	mod_timer(&ifsta->timer, jiffies + IEEE80211_AUTH_TIMEOUT);
}

513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532
static int ieee80211_compatible_rates(struct ieee80211_sta_bss *bss,
				      struct ieee80211_supported_band *sband,
				      u64 *rates)
{
	int i, j, count;
	*rates = 0;
	count = 0;
	for (i = 0; i < bss->supp_rates_len; i++) {
		int rate = (bss->supp_rates[i] & 0x7F) * 5;

		for (j = 0; j < sband->n_bitrates; j++)
			if (sband->bitrates[j].bitrate == rate) {
				*rates |= BIT(j);
				count++;
				break;
			}
	}

	return count;
}
533

534
static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata,
535 536
				 struct ieee80211_if_sta *ifsta)
{
537
	struct ieee80211_local *local = sdata->local;
538 539
	struct sk_buff *skb;
	struct ieee80211_mgmt *mgmt;
540
	u8 *pos, *ies, *ht_add_ie;
541
	int i, len, count, rates_len, supp_rates_len;
542 543 544
	u16 capab;
	struct ieee80211_sta_bss *bss;
	int wmm = 0;
545
	struct ieee80211_supported_band *sband;
546
	u64 rates = 0;
547 548 549 550 551 552

	skb = dev_alloc_skb(local->hw.extra_tx_headroom +
			    sizeof(*mgmt) + 200 + ifsta->extra_ie_len +
			    ifsta->ssid_len);
	if (!skb) {
		printk(KERN_DEBUG "%s: failed to allocate buffer for assoc "
553
		       "frame\n", sdata->dev->name);
554 555 556 557
		return;
	}
	skb_reserve(skb, local->hw.extra_tx_headroom);

558 559
	sband = local->hw.wiphy->bands[local->hw.conf.channel->band];

560
	capab = ifsta->capab;
561 562 563 564 565 566

	if (local->hw.conf.channel->band == IEEE80211_BAND_2GHZ) {
		if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE))
			capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
		if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE))
			capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
567
	}
568

569
	bss = ieee80211_rx_bss_get(local, ifsta->bssid,
570
				   local->hw.conf.channel->center_freq,
571
				   ifsta->ssid, ifsta->ssid_len);
572 573 574
	if (bss) {
		if (bss->capability & WLAN_CAPABILITY_PRIVACY)
			capab |= WLAN_CAPABILITY_PRIVACY;
575
		if (bss->wmm_used)
576
			wmm = 1;
577 578 579 580 581 582 583

		/* get all rates supported by the device and the AP as
		 * some APs don't like getting a superset of their rates
		 * in the association request (e.g. D-Link DAP 1353 in
		 * b-only mode) */
		rates_len = ieee80211_compatible_rates(bss, sband, &rates);

584 585 586 587
		if ((bss->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) &&
		    (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT))
			capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;

588
		ieee80211_rx_bss_put(local, bss);
589 590 591
	} else {
		rates = ~0;
		rates_len = sband->n_bitrates;
592 593 594 595 596
	}

	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
	memset(mgmt, 0, 24);
	memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
597
	memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
598 599
	memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);

600
	if (ifsta->flags & IEEE80211_STA_PREV_BSSID_SET) {
601
		skb_put(skb, 10);
602 603
		mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
						  IEEE80211_STYPE_REASSOC_REQ);
604
		mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab);
605 606
		mgmt->u.reassoc_req.listen_interval =
				cpu_to_le16(local->hw.conf.listen_interval);
607 608 609 610
		memcpy(mgmt->u.reassoc_req.current_ap, ifsta->prev_bssid,
		       ETH_ALEN);
	} else {
		skb_put(skb, 4);
611 612
		mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
						  IEEE80211_STYPE_ASSOC_REQ);
613
		mgmt->u.assoc_req.capab_info = cpu_to_le16(capab);
614 615
		mgmt->u.reassoc_req.listen_interval =
				cpu_to_le16(local->hw.conf.listen_interval);
616 617 618 619 620 621 622 623
	}

	/* SSID */
	ies = pos = skb_put(skb, 2 + ifsta->ssid_len);
	*pos++ = WLAN_EID_SSID;
	*pos++ = ifsta->ssid_len;
	memcpy(pos, ifsta->ssid, ifsta->ssid_len);

624
	/* add all rates which were marked to be used above */
625 626 627 628
	supp_rates_len = rates_len;
	if (supp_rates_len > 8)
		supp_rates_len = 8;

629
	len = sband->n_bitrates;
630
	pos = skb_put(skb, supp_rates_len + 2);
631
	*pos++ = WLAN_EID_SUPP_RATES;
632
	*pos++ = supp_rates_len;
633

634 635 636
	count = 0;
	for (i = 0; i < sband->n_bitrates; i++) {
		if (BIT(i) & rates) {
637
			int rate = sband->bitrates[i].bitrate;
638
			*pos++ = (u8) (rate / 5);
639 640 641 642 643
			if (++count == 8)
				break;
		}
	}

644
	if (rates_len > count) {
645 646 647 648 649 650 651 652 653
		pos = skb_put(skb, rates_len - count + 2);
		*pos++ = WLAN_EID_EXT_SUPP_RATES;
		*pos++ = rates_len - count;

		for (i++; i < sband->n_bitrates; i++) {
			if (BIT(i) & rates) {
				int rate = sband->bitrates[i].bitrate;
				*pos++ = (u8) (rate / 5);
			}
654 655 656
		}
	}

657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676
	if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) {
		/* 1. power capabilities */
		pos = skb_put(skb, 4);
		*pos++ = WLAN_EID_PWR_CAPABILITY;
		*pos++ = 2;
		*pos++ = 0; /* min tx power */
		*pos++ = local->hw.conf.channel->max_power; /* max tx power */

		/* 2. supported channels */
		/* TODO: get this in reg domain format */
		pos = skb_put(skb, 2 * sband->n_channels + 2);
		*pos++ = WLAN_EID_SUPPORTED_CHANNELS;
		*pos++ = 2 * sband->n_channels;
		for (i = 0; i < sband->n_channels; i++) {
			*pos++ = ieee80211_frequency_to_channel(
					sband->channels[i].center_freq);
			*pos++ = 1; /* one channel in the subband*/
		}
	}

677 678 679 680 681
	if (ifsta->extra_ie) {
		pos = skb_put(skb, ifsta->extra_ie_len);
		memcpy(pos, ifsta->extra_ie, ifsta->extra_ie_len);
	}

682
	if (wmm && (ifsta->flags & IEEE80211_STA_WMM_ENABLED)) {
683 684 685 686 687 688 689 690 691 692 693
		pos = skb_put(skb, 9);
		*pos++ = WLAN_EID_VENDOR_SPECIFIC;
		*pos++ = 7; /* len */
		*pos++ = 0x00; /* Microsoft OUI 00:50:F2 */
		*pos++ = 0x50;
		*pos++ = 0xf2;
		*pos++ = 2; /* WME */
		*pos++ = 0; /* WME info */
		*pos++ = 1; /* WME ver */
		*pos++ = 0;
	}
694

695
	/* wmm support is a must to HT */
696
	if (wmm && (ifsta->flags & IEEE80211_STA_WMM_ENABLED) &&
697 698
	    sband->ht_info.ht_supported &&
	    (ht_add_ie = ieee80211_bss_get_ie(bss, WLAN_EID_HT_EXTRA_INFO))) {
699
		struct ieee80211_ht_addt_info *ht_add_info =
700
			(struct ieee80211_ht_addt_info *)ht_add_ie;
701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720
		u16 cap = sband->ht_info.cap;
		__le16 tmp;
		u32 flags = local->hw.conf.channel->flags;

		switch (ht_add_info->ht_param & IEEE80211_HT_IE_CHA_SEC_OFFSET) {
		case IEEE80211_HT_IE_CHA_SEC_ABOVE:
			if (flags & IEEE80211_CHAN_NO_FAT_ABOVE) {
				cap &= ~IEEE80211_HT_CAP_SUP_WIDTH;
				cap &= ~IEEE80211_HT_CAP_SGI_40;
			}
			break;
		case IEEE80211_HT_IE_CHA_SEC_BELOW:
			if (flags & IEEE80211_CHAN_NO_FAT_BELOW) {
				cap &= ~IEEE80211_HT_CAP_SUP_WIDTH;
				cap &= ~IEEE80211_HT_CAP_SGI_40;
			}
			break;
		}

		tmp = cpu_to_le16(cap);
721 722 723 724 725 726
		pos = skb_put(skb, sizeof(struct ieee80211_ht_cap)+2);
		*pos++ = WLAN_EID_HT_CAPABILITY;
		*pos++ = sizeof(struct ieee80211_ht_cap);
		memset(pos, 0, sizeof(struct ieee80211_ht_cap));
		memcpy(pos, &tmp, sizeof(u16));
		pos += sizeof(u16);
727 728 729 730
		/* TODO: needs a define here for << 2 */
		*pos++ = sband->ht_info.ampdu_factor |
			 (sband->ht_info.ampdu_density << 2);
		memcpy(pos, sband->ht_info.supp_mcs_set, 16);
731
	}
732 733 734

	kfree(ifsta->assocreq_ies);
	ifsta->assocreq_ies_len = (skb->data + skb->len) - ies;
735
	ifsta->assocreq_ies = kmalloc(ifsta->assocreq_ies_len, GFP_KERNEL);
736 737 738
	if (ifsta->assocreq_ies)
		memcpy(ifsta->assocreq_ies, ies, ifsta->assocreq_ies_len);

739
	ieee80211_sta_tx(sdata, skb, 0);
740 741 742
}


743
static void ieee80211_send_deauth(struct ieee80211_sub_if_data *sdata,
744 745
				  struct ieee80211_if_sta *ifsta, u16 reason)
{
746
	struct ieee80211_local *local = sdata->local;
747 748 749 750 751 752
	struct sk_buff *skb;
	struct ieee80211_mgmt *mgmt;

	skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt));
	if (!skb) {
		printk(KERN_DEBUG "%s: failed to allocate buffer for deauth "
753
		       "frame\n", sdata->dev->name);
754 755 756 757 758 759 760
		return;
	}
	skb_reserve(skb, local->hw.extra_tx_headroom);

	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
	memset(mgmt, 0, 24);
	memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
761
	memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
762
	memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
763 764
	mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
					  IEEE80211_STYPE_DEAUTH);
765 766 767
	skb_put(skb, 2);
	mgmt->u.deauth.reason_code = cpu_to_le16(reason);

768
	ieee80211_sta_tx(sdata, skb, 0);
769 770
}

Johannes Berg's avatar
Johannes Berg committed
771 772 773 774 775 776 777
static int ieee80211_sta_wep_configured(struct ieee80211_sub_if_data *sdata)
{
	if (!sdata || !sdata->default_key ||
	    sdata->default_key->conf.alg != ALG_WEP)
		return 0;
	return 1;
}
778

779
static void ieee80211_send_disassoc(struct ieee80211_sub_if_data *sdata,
780 781
				    struct ieee80211_if_sta *ifsta, u16 reason)
{
782
	struct ieee80211_local *local = sdata->local;
783 784 785 786 787 788
	struct sk_buff *skb;
	struct ieee80211_mgmt *mgmt;

	skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt));
	if (!skb) {
		printk(KERN_DEBUG "%s: failed to allocate buffer for disassoc "
789
		       "frame\n", sdata->dev->name);
790 791 792 793 794 795 796
		return;
	}
	skb_reserve(skb, local->hw.extra_tx_headroom);

	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
	memset(mgmt, 0, 24);
	memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
797
	memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
798
	memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
799 800
	mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
					  IEEE80211_STYPE_DISASSOC);
801 802 803
	skb_put(skb, 2);
	mgmt->u.disassoc.reason_code = cpu_to_le16(reason);

804
	ieee80211_sta_tx(sdata, skb, 0);
805 806
}

807 808 809 810 811 812
static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
				   struct ieee80211_if_sta *ifsta, bool deauth,
				   bool self_disconnected, u16 reason)
{
	struct ieee80211_local *local = sdata->local;
	struct sta_info *sta;
813
	u32 changed = BSS_CHANGED_ASSOC;
814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829

	rcu_read_lock();

	sta = sta_info_get(local, ifsta->bssid);
	if (!sta) {
		rcu_read_unlock();
		return;
	}

	if (deauth) {
		ifsta->direct_probe_tries = 0;
		ifsta->auth_tries = 0;
	}
	ifsta->assoc_scan_tries = 0;
	ifsta->assoc_tries = 0;

830
	netif_tx_stop_all_queues(sdata->dev);
831 832 833 834 835 836 837 838 839 840 841
	netif_carrier_off(sdata->dev);

	ieee80211_sta_tear_down_BA_sessions(sdata, sta->addr);

	if (self_disconnected) {
		if (deauth)
			ieee80211_send_deauth(sdata, ifsta, reason);
		else
			ieee80211_send_disassoc(sdata, ifsta, reason);
	}

842 843 844 845 846 847 848 849 850 851 852 853 854 855
	ifsta->flags &= ~IEEE80211_STA_ASSOCIATED;
	changed |= ieee80211_reset_erp_info(sdata);

	if (sdata->bss_conf.assoc_ht)
		changed |= BSS_CHANGED_HT;

	sdata->bss_conf.assoc_ht = 0;
	sdata->bss_conf.ht_conf = NULL;
	sdata->bss_conf.ht_bss_conf = NULL;

	ieee80211_led_assoc(local, 0);
	sdata->bss_conf.assoc = 0;

	ieee80211_sta_send_apinfo(sdata, ifsta);
856 857 858 859 860 861 862 863 864 865

	if (self_disconnected)
		ifsta->state = IEEE80211_STA_MLME_DISABLED;

	sta_info_unlink(&sta);

	rcu_read_unlock();

	sta_info_destroy(sta);
}
866

867
static int ieee80211_privacy_mismatch(struct ieee80211_sub_if_data *sdata,
868 869
				      struct ieee80211_if_sta *ifsta)
{
870
	struct ieee80211_local *local = sdata->local;
871
	struct ieee80211_sta_bss *bss;
872 873 874
	int bss_privacy;
	int wep_privacy;
	int privacy_invoked;
875

876
	if (!ifsta || (ifsta->flags & IEEE80211_STA_MIXED_CELL))
877 878
		return 0;

879
	bss = ieee80211_rx_bss_get(local, ifsta->bssid,
880
				   local->hw.conf.channel->center_freq,
881
				   ifsta->ssid, ifsta->ssid_len);
882 883 884
	if (!bss)
		return 0;

885
	bss_privacy = !!(bss->capability & WLAN_CAPABILITY_PRIVACY);
886
	wep_privacy = !!ieee80211_sta_wep_configured(sdata);
887
	privacy_invoked = !!(ifsta->flags & IEEE80211_STA_PRIVACY_INVOKED);
888

889
	ieee80211_rx_bss_put(local, bss);
890

891 892 893 894
	if ((bss_privacy == wep_privacy) || (bss_privacy == privacy_invoked))
		return 0;

	return 1;
895 896
}

897
static void ieee80211_associate(struct ieee80211_sub_if_data *sdata,
898 899
				struct ieee80211_if_sta *ifsta)
{
900 901
	DECLARE_MAC_BUF(mac);

902 903
	ifsta->assoc_tries++;
	if (ifsta->assoc_tries > IEEE80211_ASSOC_MAX_TRIES) {
904
		printk(KERN_DEBUG "%s: association with AP %s"
905
		       " timed out\n",
906
		       sdata->dev->name, print_mac(mac, ifsta->bssid));
907
		ifsta->state = IEEE80211_STA_MLME_DISABLED;
908 909 910
		return;
	}

911
	ifsta->state = IEEE80211_STA_MLME_ASSOCIATE;
912
	printk(KERN_DEBUG "%s: associate with AP %s\n",
913 914
	       sdata->dev->name, print_mac(mac, ifsta->bssid));
	if (ieee80211_privacy_mismatch(sdata, ifsta)) {
915
		printk(KERN_DEBUG "%s: mismatch in privacy configuration and "
916
		       "mixed-cell disabled - abort association\n", sdata->dev->name);
917
		ifsta->state = IEEE80211_STA_MLME_DISABLED;
918 919 920
		return;
	}

921
	ieee80211_send_assoc(sdata, ifsta);
922 923 924 925 926

	mod_timer(&ifsta->timer, jiffies + IEEE80211_ASSOC_TIMEOUT);
}


927
static void ieee80211_associated(struct ieee80211_sub_if_data *sdata,
928 929
				 struct ieee80211_if_sta *ifsta)
{
930
	struct ieee80211_local *local = sdata->local;
931 932
	struct sta_info *sta;
	int disassoc;
933
	DECLARE_MAC_BUF(mac);
934 935 936 937 938 939

	/* TODO: start monitoring current AP signal quality and number of
	 * missed beacons. Scan other channels every now and then and search
	 * for better APs. */
	/* TODO: remove expired BSSes */

940
	ifsta->state = IEEE80211_STA_MLME_ASSOCIATED;
941

942 943
	rcu_read_lock();

944 945
	sta = sta_info_get(local, ifsta->bssid);
	if (!sta) {
946
		printk(KERN_DEBUG "%s: No STA entry for own AP %s\n",
947
		       sdata->dev->name, print_mac(mac, ifsta->bssid));
948 949 950 951 952
		disassoc = 1;
	} else {
		disassoc = 0;
		if (time_after(jiffies,
			       sta->last_rx + IEEE80211_MONITORING_INTERVAL)) {
953
			if (ifsta->flags & IEEE80211_STA_PROBEREQ_POLL) {
954
				printk(KERN_DEBUG "%s: No ProbeResp from "
955
				       "current AP %s - assume out of "
956
				       "range\n",
957
				       sdata->dev->name, print_mac(mac, ifsta->bssid));
958
				disassoc = 1;
959
			} else
960
				ieee80211_send_probe_req(sdata, ifsta->bssid,
961 962
							 local->scan_ssid,
							 local->scan_ssid_len);
963
			ifsta->flags ^= IEEE80211_STA_PROBEREQ_POLL;
964
		} else {
965
			ifsta->flags &= ~IEEE80211_STA_PROBEREQ_POLL;
966 967 968
			if (time_after(jiffies, ifsta->last_probe +
				       IEEE80211_PROBE_INTERVAL)) {
				ifsta->last_probe = jiffies;
969
				ieee80211_send_probe_req(sdata, ifsta->bssid,
970 971 972 973 974
							 ifsta->ssid,
							 ifsta->ssid_len);
			}
		}
	}
975 976 977

	rcu_read_unlock();

Johannes Berg's avatar
Johannes Berg committed
978 979 980 981 982 983
	if (disassoc)
		ieee80211_set_disassoc(sdata, ifsta, true, true,
					WLAN_REASON_PREV_AUTH_NOT_VALID);
	else
		mod_timer(&ifsta->timer, jiffies +
				      IEEE80211_MONITORING_INTERVAL);
984 985 986
}


987
static void ieee80211_auth_completed(struct ieee80211_sub_if_data *sdata,
988 989
				     struct ieee80211_if_sta *ifsta)
{
990
	printk(KERN_DEBUG "%s: authenticated\n", sdata->dev->name);
991
	ifsta->flags |= IEEE80211_STA_AUTHENTICATED;
992
	ieee80211_associate(sdata, ifsta);
993 994 995
}


996
static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata,
997 998 999 1000 1001 1002 1003 1004
				     struct ieee80211_if_sta *ifsta,
				     struct ieee80211_mgmt *mgmt,
				     size_t len)
{
	u8 *pos;
	struct ieee802_11_elems elems;

	pos = mgmt->u.auth.variable;
1005
	ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
1006
	if (!elems.challenge)
1007
		return;
1008
	ieee80211_send_auth(sdata, ifsta, 3, elems.challenge - 2,
1009 1010 1011
			    elems.challenge_len + 2, 1);
}

1012
static void ieee80211_send_addba_resp(struct ieee80211_sub_if_data *sdata, u8 *da, u16 tid,
1013 1014 1015 1016
					u8 dialog_token, u16 status, u16 policy,
					u16 buf_size, u16 timeout)
{
	struct ieee80211_if_sta *ifsta = &sdata->u.sta;
1017
	struct ieee80211_local *local = sdata->local;
1018 1019 1020 1021
	struct sk_buff *skb;
	struct ieee80211_mgmt *mgmt;
	u16 capab;

1022 1023
	skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom);

1024 1025
	if (!skb) {
		printk(KERN_DEBUG "%s: failed to allocate buffer "
1026
		       "for addba resp frame\n", sdata->dev->name);
1027 1028 1029 1030 1031 1032 1033
		return;
	}

	skb_reserve(skb, local->hw.extra_tx_headroom);
	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
	memset(mgmt, 0, 24);
	memcpy(mgmt->da, da, ETH_ALEN);
1034
	memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
1035
	if (sdata->vif.type == IEEE80211_IF_TYPE_AP)
1036
		memcpy(mgmt->bssid, sdata->dev->dev_addr, ETH_ALEN);
1037 1038
	else
		memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
1039 1040
	mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
					  IEEE80211_STYPE_ACTION);
1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054

	skb_put(skb, 1 + sizeof(mgmt->u.action.u.addba_resp));
	mgmt->u.action.category = WLAN_CATEGORY_BACK;
	mgmt->u.action.u.addba_resp.action_code = WLAN_ACTION_ADDBA_RESP;
	mgmt->u.action.u.addba_resp.dialog_token = dialog_token;

	capab = (u16)(policy << 1);	/* bit 1 aggregation policy */
	capab |= (u16)(tid << 2); 	/* bit 5:2 TID number */
	capab |= (u16)(buf_size << 6);	/* bit 15:6 max size of aggregation */

	mgmt->u.action.u.addba_resp.capab = cpu_to_le16(capab);
	mgmt->u.action.u.addba_resp.timeout = cpu_to_le16(timeout);
	mgmt->u.action.u.addba_resp.status = cpu_to_le16(status);

1055
	ieee80211_sta_tx(sdata, skb, 0);
1056 1057 1058 1059

	return;
}

Johannes Berg's avatar
Johannes Berg committed
1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083
/*
 * After accepting the AddBA Request we activated a timer,
 * resetting it after each frame that arrives from the originator.
 * if this timer expires ieee80211_sta_stop_rx_ba_session will be executed.
 */
static void sta_rx_agg_session_timer_expired(unsigned long data)
{
	/* not an elegant detour, but there is no choice as the timer passes
	 * only one argument, and various sta_info are needed here, so init
	 * flow in sta_info_create gives the TID as data, while the timer_to_id
	 * array gives the sta through container_of */
	u8 *ptid = (u8 *)data;
	u8 *timer_to_id = ptid - *ptid;
	struct sta_info *sta = container_of(timer_to_id, struct sta_info,
					 timer_to_tid[0]);

#ifdef CONFIG_MAC80211_HT_DEBUG
	printk(KERN_DEBUG "rx session timer expired on tid %d\n", (u16)*ptid);
#endif
	ieee80211_sta_stop_rx_ba_session(sta->sdata, sta->addr,
					 (u16)*ptid, WLAN_BACK_TIMER,
					 WLAN_REASON_QSTA_TIMEOUT);
}

1084
static void ieee80211_sta_process_addba_request(struct ieee80211_local *local,
1085 1086 1087
						struct ieee80211_mgmt *mgmt,
						size_t len)
{
1088 1089
	struct ieee80211_hw *hw = &local->hw;
	struct ieee80211_conf *conf = &hw->conf;
1090
	struct sta_info *sta;
1091 1092
	struct tid_ampdu_rx *tid_agg_rx;
	u16 capab, tid, timeout, ba_policy, buf_size, start_seq_num, status;
1093
	u8 dialog_token;
1094 1095
	int ret = -EOPNOTSUPP;
	DECLARE_MAC_BUF(mac);
1096

1097 1098
	rcu_read_lock();

1099
	sta = sta_info_get(local, mgmt->sa);
1100 1101
	if (!sta) {
		rcu_read_unlock();
1102
		return;
1103
	}
1104 1105 1106 1107

	/* extract session parameters from addba request frame */
	dialog_token = mgmt->u.action.u.addba_req.dialog_token;
	timeout = le16_to_cpu(mgmt->u.action.u.addba_req.timeout);
1108 1109
	start_seq_num =
		le16_to_cpu(mgmt->u.action.u.addba_req.start_seq_num) >> 4;
1110 1111 1112 1113 1114 1115 1116 1117

	capab = le16_to_cpu(mgmt->u.action.u.addba_req.capab);
	ba_policy = (capab & IEEE80211_ADDBA_PARAM_POLICY_MASK) >> 1;
	tid = (capab & IEEE80211_ADDBA_PARAM_TID_MASK) >> 2;
	buf_size = (capab & IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK) >> 6;

	status = WLAN_STATUS_REQUEST_DECLINED;

1118 1119 1120 1121 1122 1123 1124 1125 1126
	/* sanity check for incoming parameters:
	 * check if configuration can support the BA policy
	 * and if buffer size does not exceeds max value */
	if (((ba_policy != 1)
		&& (!(conf->ht_conf.cap & IEEE80211_HT_CAP_DELAY_BA)))
		|| (buf_size > IEEE80211_MAX_AMPDU_BUF)) {
		status = WLAN_STATUS_INVALID_QOS_PARAM;
#ifdef CONFIG_MAC80211_HT_DEBUG
		if (net_ratelimit())
1127
			printk(KERN_DEBUG "AddBA Req with bad params from "
1128 1129 1130 1131 1132 1133 1134 1135
				"%s on tid %u. policy %d, buffer size %d\n",
				print_mac(mac, mgmt->sa), tid, ba_policy,
				buf_size);
#endif /* CONFIG_MAC80211_HT_DEBUG */
		goto end_no_lock;
	}
	/* determine default buffer size */
	if (buf_size == 0) {
1136 1137 1138
		struct ieee80211_supported_band *sband;

		sband = local->hw.wiphy->bands[conf->channel->band];
1139
		buf_size = IEEE80211_MIN_AMPDU_BUF;
1140
		buf_size = buf_size << sband->ht_info.ampdu_factor;
1141 1142 1143 1144
	}


	/* examine state machine */
1145
	spin_lock_bh(&sta->lock);
1146

1147
	if (sta->ampdu_mlme.tid_state_rx[tid] != HT_AGG_STATE_IDLE) {
1148 1149
#ifdef CONFIG_MAC80211_HT_DEBUG
		if (net_ratelimit())
1150
			printk(KERN_DEBUG "unexpected AddBA Req from "
1151 1152 1153 1154 1155 1156
				"%s on tid %u\n",
				print_mac(mac, mgmt->sa), tid);
#endif /* CONFIG_MAC80211_HT_DEBUG */
		goto end;
	}

1157 1158 1159 1160
	/* prepare A-MPDU MLME for Rx aggregation */
	sta->ampdu_mlme.tid_rx[tid] =
			kmalloc(sizeof(struct tid_ampdu_rx), GFP_ATOMIC);
	if (!sta->ampdu_mlme.tid_rx[tid]) {
1161
#ifdef CONFIG_MAC80211_HT_DEBUG
1162 1163 1164
		if (net_ratelimit())
			printk(KERN_ERR "allocate rx mlme to tid %d failed\n",
					tid);
1165
#endif
1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176
		goto end;
	}
	/* rx timer */
	sta->ampdu_mlme.tid_rx[tid]->session_timer.function =
				sta_rx_agg_session_timer_expired;
	sta->ampdu_mlme.tid_rx[tid]->session_timer.data =
				(unsigned long)&sta->timer_to_tid[tid];
	init_timer(&sta->ampdu_mlme.tid_rx[tid]->session_timer);

	tid_agg_rx = sta->ampdu_mlme.tid_rx[tid];

1177 1178
	/* prepare reordering buffer */
	tid_agg_rx->reorder_buf =
1179
		kmalloc(buf_size * sizeof(struct sk_buff *), GFP_ATOMIC);
1180
	if (!tid_agg_rx->reorder_buf) {
1181
#ifdef CONFIG_MAC80211_HT_DEBUG
1182 1183 1184
		if (net_ratelimit())
			printk(KERN_ERR "can not allocate reordering buffer "
			       "to tid %d\n", tid);
1185
#endif
1186
		kfree(sta->ampdu_mlme.tid_rx[tid]);
1187 1188 1189
		goto end;
	}
	memset(tid_agg_rx->reorder_buf, 0,
1190
		buf_size * sizeof(struct sk_buff *));
1191 1192