2 * mac80211 work implementation
4 * Copyright 2003-2008, Jouni Malinen <j@w1.fi>
5 * Copyright 2004, Instant802 Networks, Inc.
6 * Copyright 2005, Devicescape Software, Inc.
7 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
8 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
9 * Copyright 2009, Johannes Berg <johannes@sipsolutions.net>
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License version 2 as
13 * published by the Free Software Foundation.
16 #include <linux/delay.h>
17 #include <linux/if_ether.h>
18 #include <linux/skbuff.h>
19 #include <linux/if_arp.h>
20 #include <linux/etherdevice.h>
21 #include <linux/crc32.h>
22 #include <linux/slab.h>
23 #include <net/mac80211.h>
24 #include <asm/unaligned.h>
26 #include "ieee80211_i.h"
29 #define IEEE80211_AUTH_TIMEOUT (HZ / 5)
30 #define IEEE80211_AUTH_MAX_TRIES 3
31 #define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
32 #define IEEE80211_ASSOC_MAX_TRIES 3
43 static inline void ASSERT_WORK_MTX(struct ieee80211_local *local)
45 lockdep_assert_held(&local->mtx);
49 * We can have multiple work items (and connection probing)
50 * scheduling this timer, but we need to take care to only
51 * reschedule it when it should fire _earlier_ than it was
52 * asked for before, or if it's not pending right now. This
53 * function ensures that. Note that it then is required to
54 * run this function for all timeouts after the first one
55 * has happened -- the work that runs from this timer will
58 static void run_again(struct ieee80211_local *local,
59 unsigned long timeout)
61 ASSERT_WORK_MTX(local);
63 if (!timer_pending(&local->work_timer) ||
64 time_before(timeout, local->work_timer.expires))
65 mod_timer(&local->work_timer, timeout);
68 static void work_free_rcu(struct rcu_head *head)
70 struct ieee80211_work *wk =
71 container_of(head, struct ieee80211_work, rcu_head);
76 void free_work(struct ieee80211_work *wk)
78 call_rcu(&wk->rcu_head, work_free_rcu);
81 static int ieee80211_compatible_rates(const u8 *supp_rates, int supp_rates_len,
82 struct ieee80211_supported_band *sband,
88 for (i = 0; i < supp_rates_len; i++) {
89 int rate = (supp_rates[i] & 0x7F) * 5;
91 for (j = 0; j < sband->n_bitrates; j++)
92 if (sband->bitrates[j].bitrate == rate) {
102 /* frame sending functions */
104 static void ieee80211_add_ht_ie(struct sk_buff *skb, const u8 *ht_info_ie,
105 struct ieee80211_supported_band *sband,
106 struct ieee80211_channel *channel,
107 enum ieee80211_smps_mode smps)
109 struct ieee80211_ht_info *ht_info;
111 u32 flags = channel->flags;
112 u16 cap = sband->ht_cap.cap;
115 if (!sband->ht_cap.ht_supported)
121 if (ht_info_ie[1] < sizeof(struct ieee80211_ht_info))
124 ht_info = (struct ieee80211_ht_info *)(ht_info_ie + 2);
126 /* determine capability flags */
128 switch (ht_info->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
129 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
130 if (flags & IEEE80211_CHAN_NO_HT40PLUS) {
131 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
132 cap &= ~IEEE80211_HT_CAP_SGI_40;
135 case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
136 if (flags & IEEE80211_CHAN_NO_HT40MINUS) {
137 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
138 cap &= ~IEEE80211_HT_CAP_SGI_40;
143 /* set SM PS mode properly */
144 cap &= ~IEEE80211_HT_CAP_SM_PS;
146 case IEEE80211_SMPS_AUTOMATIC:
147 case IEEE80211_SMPS_NUM_MODES:
149 case IEEE80211_SMPS_OFF:
150 cap |= WLAN_HT_CAP_SM_PS_DISABLED <<
151 IEEE80211_HT_CAP_SM_PS_SHIFT;
153 case IEEE80211_SMPS_STATIC:
154 cap |= WLAN_HT_CAP_SM_PS_STATIC <<
155 IEEE80211_HT_CAP_SM_PS_SHIFT;
157 case IEEE80211_SMPS_DYNAMIC:
158 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC <<
159 IEEE80211_HT_CAP_SM_PS_SHIFT;
163 /* reserve and fill IE */
165 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2);
166 *pos++ = WLAN_EID_HT_CAPABILITY;
167 *pos++ = sizeof(struct ieee80211_ht_cap);
168 memset(pos, 0, sizeof(struct ieee80211_ht_cap));
170 /* capability flags */
171 tmp = cpu_to_le16(cap);
172 memcpy(pos, &tmp, sizeof(u16));
175 /* AMPDU parameters */
176 *pos++ = sband->ht_cap.ampdu_factor |
177 (sband->ht_cap.ampdu_density <<
178 IEEE80211_HT_AMPDU_PARM_DENSITY_SHIFT);
181 memcpy(pos, &sband->ht_cap.mcs, sizeof(sband->ht_cap.mcs));
182 pos += sizeof(sband->ht_cap.mcs);
184 /* extended capabilities */
185 pos += sizeof(__le16);
187 /* BF capabilities */
188 pos += sizeof(__le32);
190 /* antenna selection */
194 static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata,
195 struct ieee80211_work *wk)
197 struct ieee80211_local *local = sdata->local;
199 struct ieee80211_mgmt *mgmt;
201 size_t offset = 0, noffset;
202 int i, count, rates_len, supp_rates_len;
204 struct ieee80211_supported_band *sband;
207 sband = local->hw.wiphy->bands[wk->chan->band];
209 if (wk->assoc.supp_rates_len) {
211 * Get all rates supported by the device and the AP as
212 * some APs don't like getting a superset of their rates
213 * in the association request (e.g. D-Link DAP 1353 in
216 rates_len = ieee80211_compatible_rates(wk->assoc.supp_rates,
217 wk->assoc.supp_rates_len,
221 * In case AP not provide any supported rates information
222 * before association, we send information element(s) with
223 * all rates that we support.
226 rates_len = sband->n_bitrates;
229 skb = alloc_skb(local->hw.extra_tx_headroom +
230 sizeof(*mgmt) + /* bit too much but doesn't matter */
231 2 + wk->assoc.ssid_len + /* SSID */
232 4 + rates_len + /* (extended) rates */
233 4 + /* power capability */
234 2 + 2 * sband->n_channels + /* supported channels */
235 2 + sizeof(struct ieee80211_ht_cap) + /* HT */
236 wk->ie_len + /* extra IEs */
240 printk(KERN_DEBUG "%s: failed to allocate buffer for assoc "
241 "frame\n", sdata->name);
244 skb_reserve(skb, local->hw.extra_tx_headroom);
246 capab = WLAN_CAPABILITY_ESS;
248 if (sband->band == IEEE80211_BAND_2GHZ) {
249 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE))
250 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
251 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE))
252 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
255 if (wk->assoc.capability & WLAN_CAPABILITY_PRIVACY)
256 capab |= WLAN_CAPABILITY_PRIVACY;
258 if ((wk->assoc.capability & WLAN_CAPABILITY_SPECTRUM_MGMT) &&
259 (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT))
260 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;
262 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
264 memcpy(mgmt->da, wk->filter_ta, ETH_ALEN);
265 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
266 memcpy(mgmt->bssid, wk->filter_ta, ETH_ALEN);
268 if (!is_zero_ether_addr(wk->assoc.prev_bssid)) {
270 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
271 IEEE80211_STYPE_REASSOC_REQ);
272 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab);
273 mgmt->u.reassoc_req.listen_interval =
274 cpu_to_le16(local->hw.conf.listen_interval);
275 memcpy(mgmt->u.reassoc_req.current_ap, wk->assoc.prev_bssid,
279 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
280 IEEE80211_STYPE_ASSOC_REQ);
281 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab);
282 mgmt->u.assoc_req.listen_interval =
283 cpu_to_le16(local->hw.conf.listen_interval);
287 pos = skb_put(skb, 2 + wk->assoc.ssid_len);
288 *pos++ = WLAN_EID_SSID;
289 *pos++ = wk->assoc.ssid_len;
290 memcpy(pos, wk->assoc.ssid, wk->assoc.ssid_len);
292 /* add all rates which were marked to be used above */
293 supp_rates_len = rates_len;
294 if (supp_rates_len > 8)
297 pos = skb_put(skb, supp_rates_len + 2);
298 *pos++ = WLAN_EID_SUPP_RATES;
299 *pos++ = supp_rates_len;
302 for (i = 0; i < sband->n_bitrates; i++) {
303 if (BIT(i) & rates) {
304 int rate = sband->bitrates[i].bitrate;
305 *pos++ = (u8) (rate / 5);
311 if (rates_len > count) {
312 pos = skb_put(skb, rates_len - count + 2);
313 *pos++ = WLAN_EID_EXT_SUPP_RATES;
314 *pos++ = rates_len - count;
316 for (i++; i < sband->n_bitrates; i++) {
317 if (BIT(i) & rates) {
318 int rate = sband->bitrates[i].bitrate;
319 *pos++ = (u8) (rate / 5);
324 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) {
325 /* 1. power capabilities */
326 pos = skb_put(skb, 4);
327 *pos++ = WLAN_EID_PWR_CAPABILITY;
329 *pos++ = 0; /* min tx power */
330 *pos++ = wk->chan->max_power; /* max tx power */
332 /* 2. supported channels */
333 /* TODO: get this in reg domain format */
334 pos = skb_put(skb, 2 * sband->n_channels + 2);
335 *pos++ = WLAN_EID_SUPPORTED_CHANNELS;
336 *pos++ = 2 * sband->n_channels;
337 for (i = 0; i < sband->n_channels; i++) {
338 *pos++ = ieee80211_frequency_to_channel(
339 sband->channels[i].center_freq);
340 *pos++ = 1; /* one channel in the subband*/
344 /* if present, add any custom IEs that go before HT */
345 if (wk->ie_len && wk->ie) {
346 static const u8 before_ht[] = {
349 WLAN_EID_EXT_SUPP_RATES,
350 WLAN_EID_PWR_CAPABILITY,
351 WLAN_EID_SUPPORTED_CHANNELS,
354 WLAN_EID_RRM_ENABLED_CAPABILITIES,
355 WLAN_EID_MOBILITY_DOMAIN,
356 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
358 noffset = ieee80211_ie_split(wk->ie, wk->ie_len,
359 before_ht, ARRAY_SIZE(before_ht),
361 pos = skb_put(skb, noffset - offset);
362 memcpy(pos, wk->ie + offset, noffset - offset);
366 if (wk->assoc.use_11n && wk->assoc.wmm_used &&
367 local->hw.queues >= 4)
368 ieee80211_add_ht_ie(skb, wk->assoc.ht_information_ie,
369 sband, wk->chan, wk->assoc.smps);
371 /* if present, add any custom non-vendor IEs that go after HT */
372 if (wk->ie_len && wk->ie) {
373 noffset = ieee80211_ie_split_vendor(wk->ie, wk->ie_len,
375 pos = skb_put(skb, noffset - offset);
376 memcpy(pos, wk->ie + offset, noffset - offset);
380 if (wk->assoc.wmm_used && local->hw.queues >= 4) {
381 if (wk->assoc.uapsd_used) {
382 qos_info = local->uapsd_queues;
383 qos_info |= (local->uapsd_max_sp_len <<
384 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT);
389 pos = skb_put(skb, 9);
390 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
391 *pos++ = 7; /* len */
392 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */
395 *pos++ = 2; /* WME */
396 *pos++ = 0; /* WME info */
397 *pos++ = 1; /* WME ver */
401 /* add any remaining custom (i.e. vendor specific here) IEs */
402 if (wk->ie_len && wk->ie) {
403 noffset = wk->ie_len;
404 pos = skb_put(skb, noffset - offset);
405 memcpy(pos, wk->ie + offset, noffset - offset);
408 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
409 ieee80211_tx_skb(sdata, skb);
412 static void ieee80211_remove_auth_bss(struct ieee80211_local *local,
413 struct ieee80211_work *wk)
415 struct cfg80211_bss *cbss;
416 u16 capa_val = WLAN_CAPABILITY_ESS;
418 if (wk->probe_auth.privacy)
419 capa_val |= WLAN_CAPABILITY_PRIVACY;
421 cbss = cfg80211_get_bss(local->hw.wiphy, wk->chan, wk->filter_ta,
422 wk->probe_auth.ssid, wk->probe_auth.ssid_len,
423 WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_PRIVACY,
428 cfg80211_unlink_bss(local->hw.wiphy, cbss);
429 cfg80211_put_bss(cbss);
432 static enum work_action __must_check
433 ieee80211_direct_probe(struct ieee80211_work *wk)
435 struct ieee80211_sub_if_data *sdata = wk->sdata;
436 struct ieee80211_local *local = sdata->local;
438 wk->probe_auth.tries++;
439 if (wk->probe_auth.tries > IEEE80211_AUTH_MAX_TRIES) {
440 printk(KERN_DEBUG "%s: direct probe to %pM timed out\n",
441 sdata->name, wk->filter_ta);
444 * Most likely AP is not in the range so remove the
445 * bss struct for that AP.
447 ieee80211_remove_auth_bss(local, wk);
449 return WORK_ACT_TIMEOUT;
452 printk(KERN_DEBUG "%s: direct probe to %pM (try %d/%i)\n",
453 sdata->name, wk->filter_ta, wk->probe_auth.tries,
454 IEEE80211_AUTH_MAX_TRIES);
457 * Direct probe is sent to broadcast address as some APs
458 * will not answer to direct packet in unassociated state.
460 ieee80211_send_probe_req(sdata, NULL, wk->probe_auth.ssid,
461 wk->probe_auth.ssid_len, NULL, 0);
463 wk->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
464 run_again(local, wk->timeout);
466 return WORK_ACT_NONE;
470 static enum work_action __must_check
471 ieee80211_authenticate(struct ieee80211_work *wk)
473 struct ieee80211_sub_if_data *sdata = wk->sdata;
474 struct ieee80211_local *local = sdata->local;
476 wk->probe_auth.tries++;
477 if (wk->probe_auth.tries > IEEE80211_AUTH_MAX_TRIES) {
478 printk(KERN_DEBUG "%s: authentication with %pM"
479 " timed out\n", sdata->name, wk->filter_ta);
482 * Most likely AP is not in the range so remove the
483 * bss struct for that AP.
485 ieee80211_remove_auth_bss(local, wk);
487 return WORK_ACT_TIMEOUT;
490 printk(KERN_DEBUG "%s: authenticate with %pM (try %d)\n",
491 sdata->name, wk->filter_ta, wk->probe_auth.tries);
493 ieee80211_send_auth(sdata, 1, wk->probe_auth.algorithm, wk->ie,
494 wk->ie_len, wk->filter_ta, NULL, 0, 0);
495 wk->probe_auth.transaction = 2;
497 wk->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
498 run_again(local, wk->timeout);
500 return WORK_ACT_NONE;
503 static enum work_action __must_check
504 ieee80211_associate(struct ieee80211_work *wk)
506 struct ieee80211_sub_if_data *sdata = wk->sdata;
507 struct ieee80211_local *local = sdata->local;
510 if (wk->assoc.tries > IEEE80211_ASSOC_MAX_TRIES) {
511 printk(KERN_DEBUG "%s: association with %pM"
513 sdata->name, wk->filter_ta);
516 * Most likely AP is not in the range so remove the
517 * bss struct for that AP.
520 cfg80211_unlink_bss(local->hw.wiphy, wk->assoc.bss);
522 return WORK_ACT_TIMEOUT;
525 printk(KERN_DEBUG "%s: associate with %pM (try %d)\n",
526 sdata->name, wk->filter_ta, wk->assoc.tries);
527 ieee80211_send_assoc(sdata, wk);
529 wk->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT;
530 run_again(local, wk->timeout);
532 return WORK_ACT_NONE;
535 static enum work_action __must_check
536 ieee80211_remain_on_channel_timeout(struct ieee80211_work *wk)
539 * First time we run, do nothing -- the generic code will
540 * have switched to the right channel etc.
543 wk->timeout = jiffies + msecs_to_jiffies(wk->remain.duration);
545 cfg80211_ready_on_channel(wk->sdata->dev, (unsigned long) wk,
546 wk->chan, wk->chan_type,
547 wk->remain.duration, GFP_KERNEL);
549 return WORK_ACT_NONE;
552 return WORK_ACT_TIMEOUT;
555 static enum work_action __must_check
556 ieee80211_offchannel_tx(struct ieee80211_work *wk)
559 wk->timeout = jiffies + msecs_to_jiffies(wk->offchan_tx.wait);
562 * After this, offchan_tx.frame remains but now is no
563 * longer a valid pointer -- we still need it as the
564 * cookie for canceling this work.
566 ieee80211_tx_skb(wk->sdata, wk->offchan_tx.frame);
568 return WORK_ACT_NONE;
571 return WORK_ACT_TIMEOUT;
574 static enum work_action __must_check
575 ieee80211_assoc_beacon_wait(struct ieee80211_work *wk)
578 return WORK_ACT_TIMEOUT;
581 * Wait up to one beacon interval ...
582 * should this be more if we miss one?
584 printk(KERN_DEBUG "%s: waiting for beacon from %pM\n",
585 wk->sdata->name, wk->filter_ta);
586 wk->timeout = TU_TO_EXP_TIME(wk->assoc.bss->beacon_interval);
587 return WORK_ACT_NONE;
590 static void ieee80211_auth_challenge(struct ieee80211_work *wk,
591 struct ieee80211_mgmt *mgmt,
594 struct ieee80211_sub_if_data *sdata = wk->sdata;
596 struct ieee802_11_elems elems;
598 pos = mgmt->u.auth.variable;
599 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
600 if (!elems.challenge)
602 ieee80211_send_auth(sdata, 3, wk->probe_auth.algorithm,
603 elems.challenge - 2, elems.challenge_len + 2,
604 wk->filter_ta, wk->probe_auth.key,
605 wk->probe_auth.key_len, wk->probe_auth.key_idx);
606 wk->probe_auth.transaction = 4;
609 static enum work_action __must_check
610 ieee80211_rx_mgmt_auth(struct ieee80211_work *wk,
611 struct ieee80211_mgmt *mgmt, size_t len)
613 u16 auth_alg, auth_transaction, status_code;
615 if (wk->type != IEEE80211_WORK_AUTH)
616 return WORK_ACT_MISMATCH;
619 return WORK_ACT_NONE;
621 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
622 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
623 status_code = le16_to_cpu(mgmt->u.auth.status_code);
625 if (auth_alg != wk->probe_auth.algorithm ||
626 auth_transaction != wk->probe_auth.transaction)
627 return WORK_ACT_NONE;
629 if (status_code != WLAN_STATUS_SUCCESS) {
630 printk(KERN_DEBUG "%s: %pM denied authentication (status %d)\n",
631 wk->sdata->name, mgmt->sa, status_code);
632 return WORK_ACT_DONE;
635 switch (wk->probe_auth.algorithm) {
640 case WLAN_AUTH_SHARED_KEY:
641 if (wk->probe_auth.transaction != 4) {
642 ieee80211_auth_challenge(wk, mgmt, len);
643 /* need another frame */
644 return WORK_ACT_NONE;
649 return WORK_ACT_NONE;
652 printk(KERN_DEBUG "%s: authenticated\n", wk->sdata->name);
653 return WORK_ACT_DONE;
656 static enum work_action __must_check
657 ieee80211_rx_mgmt_assoc_resp(struct ieee80211_work *wk,
658 struct ieee80211_mgmt *mgmt, size_t len,
661 struct ieee80211_sub_if_data *sdata = wk->sdata;
662 struct ieee80211_local *local = sdata->local;
663 u16 capab_info, status_code, aid;
664 struct ieee802_11_elems elems;
667 if (wk->type != IEEE80211_WORK_ASSOC)
668 return WORK_ACT_MISMATCH;
671 * AssocResp and ReassocResp have identical structure, so process both
672 * of them in this function.
676 return WORK_ACT_NONE;
678 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
679 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
680 aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
682 printk(KERN_DEBUG "%s: RX %sssocResp from %pM (capab=0x%x "
683 "status=%d aid=%d)\n",
684 sdata->name, reassoc ? "Rea" : "A", mgmt->sa,
685 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14))));
687 pos = mgmt->u.assoc_resp.variable;
688 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
690 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY &&
691 elems.timeout_int && elems.timeout_int_len == 5 &&
692 elems.timeout_int[0] == WLAN_TIMEOUT_ASSOC_COMEBACK) {
694 tu = get_unaligned_le32(elems.timeout_int + 1);
695 ms = tu * 1024 / 1000;
696 printk(KERN_DEBUG "%s: %pM rejected association temporarily; "
697 "comeback duration %u TU (%u ms)\n",
698 sdata->name, mgmt->sa, tu, ms);
699 wk->timeout = jiffies + msecs_to_jiffies(ms);
700 if (ms > IEEE80211_ASSOC_TIMEOUT)
701 run_again(local, wk->timeout);
702 return WORK_ACT_NONE;
705 if (status_code != WLAN_STATUS_SUCCESS)
706 printk(KERN_DEBUG "%s: %pM denied association (code=%d)\n",
707 sdata->name, mgmt->sa, status_code);
709 printk(KERN_DEBUG "%s: associated\n", sdata->name);
711 return WORK_ACT_DONE;
714 static enum work_action __must_check
715 ieee80211_rx_mgmt_probe_resp(struct ieee80211_work *wk,
716 struct ieee80211_mgmt *mgmt, size_t len,
717 struct ieee80211_rx_status *rx_status)
719 struct ieee80211_sub_if_data *sdata = wk->sdata;
720 struct ieee80211_local *local = sdata->local;
723 ASSERT_WORK_MTX(local);
725 if (wk->type != IEEE80211_WORK_DIRECT_PROBE)
726 return WORK_ACT_MISMATCH;
729 return WORK_ACT_NONE;
731 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt;
733 return WORK_ACT_NONE;
735 printk(KERN_DEBUG "%s: direct probe responded\n", sdata->name);
736 return WORK_ACT_DONE;
739 static enum work_action __must_check
740 ieee80211_rx_mgmt_beacon(struct ieee80211_work *wk,
741 struct ieee80211_mgmt *mgmt, size_t len)
743 struct ieee80211_sub_if_data *sdata = wk->sdata;
744 struct ieee80211_local *local = sdata->local;
746 ASSERT_WORK_MTX(local);
748 if (wk->type != IEEE80211_WORK_ASSOC_BEACON_WAIT)
749 return WORK_ACT_MISMATCH;
752 return WORK_ACT_NONE;
754 printk(KERN_DEBUG "%s: beacon received\n", sdata->name);
755 return WORK_ACT_DONE;
758 static void ieee80211_work_rx_queued_mgmt(struct ieee80211_local *local,
761 struct ieee80211_rx_status *rx_status;
762 struct ieee80211_mgmt *mgmt;
763 struct ieee80211_work *wk;
764 enum work_action rma = WORK_ACT_NONE;
767 rx_status = (struct ieee80211_rx_status *) skb->cb;
768 mgmt = (struct ieee80211_mgmt *) skb->data;
769 fc = le16_to_cpu(mgmt->frame_control);
771 mutex_lock(&local->mtx);
773 list_for_each_entry(wk, &local->work_list, list) {
774 const u8 *bssid = NULL;
777 case IEEE80211_WORK_DIRECT_PROBE:
778 case IEEE80211_WORK_AUTH:
779 case IEEE80211_WORK_ASSOC:
780 case IEEE80211_WORK_ASSOC_BEACON_WAIT:
781 bssid = wk->filter_ta;
788 * Before queuing, we already verified mgmt->sa,
789 * so this is needed just for matching.
791 if (compare_ether_addr(bssid, mgmt->bssid))
794 switch (fc & IEEE80211_FCTL_STYPE) {
795 case IEEE80211_STYPE_BEACON:
796 rma = ieee80211_rx_mgmt_beacon(wk, mgmt, skb->len);
798 case IEEE80211_STYPE_PROBE_RESP:
799 rma = ieee80211_rx_mgmt_probe_resp(wk, mgmt, skb->len,
802 case IEEE80211_STYPE_AUTH:
803 rma = ieee80211_rx_mgmt_auth(wk, mgmt, skb->len);
805 case IEEE80211_STYPE_ASSOC_RESP:
806 rma = ieee80211_rx_mgmt_assoc_resp(wk, mgmt,
809 case IEEE80211_STYPE_REASSOC_RESP:
810 rma = ieee80211_rx_mgmt_assoc_resp(wk, mgmt,
819 * We've either received an unexpected frame, or we have
820 * multiple work items and need to match the frame to the
823 if (rma == WORK_ACT_MISMATCH)
827 * We've processed this frame for that work, so it can't
828 * belong to another work struct.
829 * NB: this is also required for correctness for 'rma'!
835 case WORK_ACT_MISMATCH:
836 /* ignore this unmatched frame */
841 list_del_rcu(&wk->list);
844 WARN(1, "unexpected: %d", rma);
847 mutex_unlock(&local->mtx);
849 if (rma != WORK_ACT_DONE)
852 switch (wk->done(wk, skb)) {
853 case WORK_DONE_DESTROY:
856 case WORK_DONE_REQUEUE:
858 wk->started = false; /* restart */
859 mutex_lock(&local->mtx);
860 list_add_tail(&wk->list, &local->work_list);
861 mutex_unlock(&local->mtx);
868 static bool ieee80211_work_ct_coexists(enum nl80211_channel_type wk_ct,
869 enum nl80211_channel_type oper_ct)
872 case NL80211_CHAN_NO_HT:
874 case NL80211_CHAN_HT20:
875 if (oper_ct != NL80211_CHAN_NO_HT)
878 case NL80211_CHAN_HT40MINUS:
879 case NL80211_CHAN_HT40PLUS:
880 return (wk_ct == oper_ct);
882 WARN_ON(1); /* shouldn't get here */
886 static enum nl80211_channel_type
887 ieee80211_calc_ct(enum nl80211_channel_type wk_ct,
888 enum nl80211_channel_type oper_ct)
891 case NL80211_CHAN_NO_HT:
893 case NL80211_CHAN_HT20:
894 if (oper_ct != NL80211_CHAN_NO_HT)
897 case NL80211_CHAN_HT40MINUS:
898 case NL80211_CHAN_HT40PLUS:
901 WARN_ON(1); /* shouldn't get here */
906 static void ieee80211_work_timer(unsigned long data)
908 struct ieee80211_local *local = (void *) data;
910 if (local->quiescing)
913 ieee80211_queue_work(&local->hw, &local->work_work);
916 static void ieee80211_work_work(struct work_struct *work)
918 struct ieee80211_local *local =
919 container_of(work, struct ieee80211_local, work_work);
921 struct ieee80211_work *wk, *tmp;
922 LIST_HEAD(free_work);
923 enum work_action rma;
924 bool remain_off_channel = false;
930 * ieee80211_queue_work() should have picked up most cases,
931 * here we'll pick the rest.
933 if (WARN(local->suspended, "work scheduled while going to suspend\n"))
936 /* first process frames to avoid timing out while a frame is pending */
937 while ((skb = skb_dequeue(&local->work_skb_queue)))
938 ieee80211_work_rx_queued_mgmt(local, skb);
940 mutex_lock(&local->mtx);
942 ieee80211_recalc_idle(local);
944 list_for_each_entry_safe(wk, tmp, &local->work_list, list) {
945 bool started = wk->started;
947 /* mark work as started if it's on the current off-channel */
948 if (!started && local->tmp_channel &&
949 wk->chan == local->tmp_channel &&
950 wk->chan_type == local->tmp_channel_type) {
952 wk->timeout = jiffies;
955 if (!started && !local->tmp_channel) {
957 bool tmp_chan_changed = false;
959 enum nl80211_channel_type wk_ct;
960 on_oper_chan = ieee80211_cfg_on_oper_channel(local);
962 /* Work with existing channel type if possible. */
963 wk_ct = wk->chan_type;
964 if (wk->chan == local->hw.conf.channel)
965 wk_ct = ieee80211_calc_ct(wk->chan_type,
966 local->hw.conf.channel_type);
968 if (local->tmp_channel)
969 if ((local->tmp_channel != wk->chan) ||
970 (local->tmp_channel_type != wk_ct))
971 tmp_chan_changed = true;
973 local->tmp_channel = wk->chan;
974 local->tmp_channel_type = wk_ct;
976 * Leave the station vifs in awake mode if they
977 * happen to be on the same channel as
978 * the requested channel.
980 on_oper_chan2 = ieee80211_cfg_on_oper_channel(local);
981 if (on_oper_chan != on_oper_chan2) {
983 /* going off oper channel, PS too */
984 ieee80211_offchannel_stop_vifs(local,
986 ieee80211_hw_config(local, 0);
988 /* going on channel, but leave PS
990 ieee80211_hw_config(local, 0);
991 ieee80211_offchannel_return(local,
995 } else if (tmp_chan_changed)
996 /* Still off-channel, but on some other
997 * channel, so update hardware.
998 * PS should already be off-channel.
1000 ieee80211_hw_config(local, 0);
1003 wk->timeout = jiffies;
1006 /* don't try to work with items that aren't started */
1010 if (time_is_after_jiffies(wk->timeout)) {
1012 * This work item isn't supposed to be worked on
1013 * right now, but take care to adjust the timer
1016 run_again(local, wk->timeout);
1024 rma = WORK_ACT_NONE;
1026 case IEEE80211_WORK_ABORT:
1027 rma = WORK_ACT_TIMEOUT;
1029 case IEEE80211_WORK_DIRECT_PROBE:
1030 rma = ieee80211_direct_probe(wk);
1032 case IEEE80211_WORK_AUTH:
1033 rma = ieee80211_authenticate(wk);
1035 case IEEE80211_WORK_ASSOC:
1036 rma = ieee80211_associate(wk);
1038 case IEEE80211_WORK_REMAIN_ON_CHANNEL:
1039 rma = ieee80211_remain_on_channel_timeout(wk);
1041 case IEEE80211_WORK_OFFCHANNEL_TX:
1042 rma = ieee80211_offchannel_tx(wk);
1044 case IEEE80211_WORK_ASSOC_BEACON_WAIT:
1045 rma = ieee80211_assoc_beacon_wait(wk);
1049 wk->started = started;
1053 /* might have changed the timeout */
1054 run_again(local, wk->timeout);
1056 case WORK_ACT_TIMEOUT:
1057 list_del_rcu(&wk->list);
1059 list_add(&wk->list, &free_work);
1062 WARN(1, "unexpected: %d", rma);
1066 list_for_each_entry(wk, &local->work_list, list) {
1069 if (wk->chan != local->tmp_channel)
1071 if (ieee80211_work_ct_coexists(wk->chan_type,
1072 local->tmp_channel_type))
1074 remain_off_channel = true;
1077 if (!remain_off_channel && local->tmp_channel) {
1078 bool on_oper_chan = ieee80211_cfg_on_oper_channel(local);
1079 local->tmp_channel = NULL;
1080 /* If tmp_channel wasn't operating channel, then
1081 * we need to go back on-channel.
1082 * NOTE: If we can ever be here while scannning,
1083 * or if the hw_config() channel config logic changes,
1084 * then we may need to do a more thorough check to see if
1085 * we still need to do a hardware config. Currently,
1086 * we cannot be here while scanning, however.
1088 if (ieee80211_cfg_on_oper_channel(local) && !on_oper_chan)
1089 ieee80211_hw_config(local, 0);
1091 /* At the least, we need to disable offchannel_ps,
1092 * so just go ahead and run the entire offchannel
1093 * return logic here. We *could* skip enabling
1094 * beaconing if we were already on-oper-channel
1095 * as a future optimization.
1097 ieee80211_offchannel_return(local, true, true);
1099 /* give connection some time to breathe */
1100 run_again(local, jiffies + HZ/2);
1103 if (list_empty(&local->work_list) && local->scan_req &&
1105 ieee80211_queue_delayed_work(&local->hw,
1107 round_jiffies_relative(0));
1109 ieee80211_recalc_idle(local);
1111 mutex_unlock(&local->mtx);
1113 list_for_each_entry_safe(wk, tmp, &free_work, list) {
1115 list_del(&wk->list);
1120 void ieee80211_add_work(struct ieee80211_work *wk)
1122 struct ieee80211_local *local;
1124 if (WARN_ON(!wk->chan))
1127 if (WARN_ON(!wk->sdata))
1130 if (WARN_ON(!wk->done))
1133 if (WARN_ON(!ieee80211_sdata_running(wk->sdata)))
1136 wk->started = false;
1138 local = wk->sdata->local;
1139 mutex_lock(&local->mtx);
1140 list_add_tail(&wk->list, &local->work_list);
1141 mutex_unlock(&local->mtx);
1143 ieee80211_queue_work(&local->hw, &local->work_work);
1146 void ieee80211_work_init(struct ieee80211_local *local)
1148 INIT_LIST_HEAD(&local->work_list);
1149 setup_timer(&local->work_timer, ieee80211_work_timer,
1150 (unsigned long)local);
1151 INIT_WORK(&local->work_work, ieee80211_work_work);
1152 skb_queue_head_init(&local->work_skb_queue);
1155 void ieee80211_work_purge(struct ieee80211_sub_if_data *sdata)
1157 struct ieee80211_local *local = sdata->local;
1158 struct ieee80211_work *wk;
1159 bool cleanup = false;
1161 mutex_lock(&local->mtx);
1162 list_for_each_entry(wk, &local->work_list, list) {
1163 if (wk->sdata != sdata)
1166 wk->type = IEEE80211_WORK_ABORT;
1168 wk->timeout = jiffies;
1170 mutex_unlock(&local->mtx);
1172 /* run cleanups etc. */
1174 ieee80211_work_work(&local->work_work);
1176 mutex_lock(&local->mtx);
1177 list_for_each_entry(wk, &local->work_list, list) {
1178 if (wk->sdata != sdata)
1183 mutex_unlock(&local->mtx);
1186 ieee80211_rx_result ieee80211_work_rx_mgmt(struct ieee80211_sub_if_data *sdata,
1187 struct sk_buff *skb)
1189 struct ieee80211_local *local = sdata->local;
1190 struct ieee80211_mgmt *mgmt;
1191 struct ieee80211_work *wk;
1195 return RX_DROP_MONITOR;
1197 mgmt = (struct ieee80211_mgmt *) skb->data;
1198 fc = le16_to_cpu(mgmt->frame_control);
1200 list_for_each_entry_rcu(wk, &local->work_list, list) {
1201 if (sdata != wk->sdata)
1203 if (compare_ether_addr(wk->filter_ta, mgmt->sa))
1205 if (compare_ether_addr(wk->filter_ta, mgmt->bssid))
1208 switch (fc & IEEE80211_FCTL_STYPE) {
1209 case IEEE80211_STYPE_AUTH:
1210 case IEEE80211_STYPE_PROBE_RESP:
1211 case IEEE80211_STYPE_ASSOC_RESP:
1212 case IEEE80211_STYPE_REASSOC_RESP:
1213 case IEEE80211_STYPE_BEACON:
1214 skb_queue_tail(&local->work_skb_queue, skb);
1215 ieee80211_queue_work(&local->hw, &local->work_work);
1223 static enum work_done_result ieee80211_remain_done(struct ieee80211_work *wk,
1224 struct sk_buff *skb)
1227 * We are done serving the remain-on-channel command.
1229 cfg80211_remain_on_channel_expired(wk->sdata->dev, (unsigned long) wk,
1230 wk->chan, wk->chan_type,
1233 return WORK_DONE_DESTROY;
1236 int ieee80211_wk_remain_on_channel(struct ieee80211_sub_if_data *sdata,
1237 struct ieee80211_channel *chan,
1238 enum nl80211_channel_type channel_type,
1239 unsigned int duration, u64 *cookie)
1241 struct ieee80211_work *wk;
1243 wk = kzalloc(sizeof(*wk), GFP_KERNEL);
1247 wk->type = IEEE80211_WORK_REMAIN_ON_CHANNEL;
1249 wk->chan_type = channel_type;
1251 wk->done = ieee80211_remain_done;
1253 wk->remain.duration = duration;
1255 *cookie = (unsigned long) wk;
1257 ieee80211_add_work(wk);
1262 int ieee80211_wk_cancel_remain_on_channel(struct ieee80211_sub_if_data *sdata,
1265 struct ieee80211_local *local = sdata->local;
1266 struct ieee80211_work *wk, *tmp;
1269 mutex_lock(&local->mtx);
1270 list_for_each_entry_safe(wk, tmp, &local->work_list, list) {
1271 if ((unsigned long) wk == cookie) {
1272 wk->timeout = jiffies;
1277 mutex_unlock(&local->mtx);
1282 ieee80211_queue_work(&local->hw, &local->work_work);