2 * cfg80211 scan result handling
4 * Copyright 2008 Johannes Berg <johannes@sipsolutions.net>
5 * Copyright 2013-2014 Intel Mobile Communications GmbH
7 #include <linux/kernel.h>
8 #include <linux/slab.h>
9 #include <linux/module.h>
10 #include <linux/netdevice.h>
11 #include <linux/wireless.h>
12 #include <linux/nl80211.h>
13 #include <linux/etherdevice.h>
15 #include <net/cfg80211.h>
16 #include <net/cfg80211-wext.h>
17 #include <net/iw_handler.h>
20 #include "wext-compat.h"
24 * DOC: BSS tree/list structure
26 * At the top level, the BSS list is kept in both a list in each
27 * registered device (@bss_list) as well as an RB-tree for faster
28 * lookup. In the RB-tree, entries can be looked up using their
29 * channel, MESHID, MESHCONF (for MBSSes) or channel, BSSID, SSID
32 * Due to the possibility of hidden SSIDs, there's a second level
33 * structure, the "hidden_list" and "hidden_beacon_bss" pointer.
34 * The hidden_list connects all BSSes belonging to a single AP
35 * that has a hidden SSID, and connects beacon and probe response
36 * entries. For a probe response entry for a hidden SSID, the
37 * hidden_beacon_bss pointer points to the BSS struct holding the
38 * beacon's information.
40 * Reference counting is done for all these references except for
41 * the hidden_list, so that a beacon BSS struct that is otherwise
42 * not referenced has one reference for being on the bss_list and
43 * one for each probe response entry that points to it using the
44 * hidden_beacon_bss pointer. When a BSS struct that has such a
45 * pointer is get/put, the refcount update is also propagated to
46 * the referenced struct, this ensure that it cannot get removed
47 * while somebody is using the probe response version.
49 * Note that the hidden_beacon_bss pointer never changes, due to
50 * the reference counting. Therefore, no locking is needed for
53 * Also note that the hidden_beacon_bss pointer is only relevant
54 * if the driver uses something other than the IEs, e.g. private
55 * data stored stored in the BSS struct, since the beacon IEs are
56 * also linked into the probe response struct.
59 #define IEEE80211_SCAN_RESULT_EXPIRE (30 * HZ)
61 static void bss_free(struct cfg80211_internal_bss *bss)
63 struct cfg80211_bss_ies *ies;
65 if (WARN_ON(atomic_read(&bss->hold)))
68 ies = (void *)rcu_access_pointer(bss->pub.beacon_ies);
69 if (ies && !bss->pub.hidden_beacon_bss)
70 kfree_rcu(ies, rcu_head);
71 ies = (void *)rcu_access_pointer(bss->pub.proberesp_ies);
73 kfree_rcu(ies, rcu_head);
76 * This happens when the module is removed, it doesn't
77 * really matter any more save for completeness
79 if (!list_empty(&bss->hidden_list))
80 list_del(&bss->hidden_list);
85 static inline void bss_ref_get(struct cfg80211_registered_device *rdev,
86 struct cfg80211_internal_bss *bss)
88 lockdep_assert_held(&rdev->bss_lock);
91 if (bss->pub.hidden_beacon_bss) {
92 bss = container_of(bss->pub.hidden_beacon_bss,
93 struct cfg80211_internal_bss,
99 static inline void bss_ref_put(struct cfg80211_registered_device *rdev,
100 struct cfg80211_internal_bss *bss)
102 lockdep_assert_held(&rdev->bss_lock);
104 if (bss->pub.hidden_beacon_bss) {
105 struct cfg80211_internal_bss *hbss;
106 hbss = container_of(bss->pub.hidden_beacon_bss,
107 struct cfg80211_internal_bss,
110 if (hbss->refcount == 0)
114 if (bss->refcount == 0)
118 static bool __cfg80211_unlink_bss(struct cfg80211_registered_device *rdev,
119 struct cfg80211_internal_bss *bss)
121 lockdep_assert_held(&rdev->bss_lock);
123 if (!list_empty(&bss->hidden_list)) {
125 * don't remove the beacon entry if it has
126 * probe responses associated with it
128 if (!bss->pub.hidden_beacon_bss)
131 * if it's a probe response entry break its
132 * link to the other entries in the group
134 list_del_init(&bss->hidden_list);
137 list_del_init(&bss->list);
138 rb_erase(&bss->rbn, &rdev->bss_tree);
139 bss_ref_put(rdev, bss);
143 static void __cfg80211_bss_expire(struct cfg80211_registered_device *rdev,
144 unsigned long expire_time)
146 struct cfg80211_internal_bss *bss, *tmp;
147 bool expired = false;
149 lockdep_assert_held(&rdev->bss_lock);
151 list_for_each_entry_safe(bss, tmp, &rdev->bss_list, list) {
152 if (atomic_read(&bss->hold))
154 if (!time_after(expire_time, bss->ts))
157 if (__cfg80211_unlink_bss(rdev, bss))
162 rdev->bss_generation++;
165 void ___cfg80211_scan_done(struct cfg80211_registered_device *rdev,
168 struct cfg80211_scan_request *request;
169 struct wireless_dev *wdev;
171 #ifdef CONFIG_CFG80211_WEXT
172 union iwreq_data wrqu;
177 if (rdev->scan_msg) {
178 nl80211_send_scan_result(rdev, rdev->scan_msg);
179 rdev->scan_msg = NULL;
183 request = rdev->scan_req;
187 wdev = request->wdev;
190 * This must be before sending the other events!
191 * Otherwise, wpa_supplicant gets completely confused with
195 cfg80211_sme_scan_done(wdev->netdev);
197 if (!request->aborted &&
198 request->flags & NL80211_SCAN_FLAG_FLUSH) {
199 /* flush entries from previous scans */
200 spin_lock_bh(&rdev->bss_lock);
201 __cfg80211_bss_expire(rdev, request->scan_start);
202 spin_unlock_bh(&rdev->bss_lock);
205 msg = nl80211_build_scan_msg(rdev, wdev, request->aborted);
207 #ifdef CONFIG_CFG80211_WEXT
208 if (wdev->netdev && !request->aborted) {
209 memset(&wrqu, 0, sizeof(wrqu));
211 wireless_send_event(wdev->netdev, SIOCGIWSCAN, &wrqu, NULL);
216 dev_put(wdev->netdev);
218 rdev->scan_req = NULL;
222 rdev->scan_msg = msg;
224 nl80211_send_scan_result(rdev, msg);
227 void __cfg80211_scan_done(struct work_struct *wk)
229 struct cfg80211_registered_device *rdev;
231 rdev = container_of(wk, struct cfg80211_registered_device,
235 ___cfg80211_scan_done(rdev, true);
239 void cfg80211_scan_done(struct cfg80211_scan_request *request, bool aborted)
241 trace_cfg80211_scan_done(request, aborted);
242 WARN_ON(request != wiphy_to_rdev(request->wiphy)->scan_req);
244 request->aborted = aborted;
245 request->notified = true;
246 queue_work(cfg80211_wq, &wiphy_to_rdev(request->wiphy)->scan_done_wk);
248 EXPORT_SYMBOL(cfg80211_scan_done);
250 void __cfg80211_sched_scan_results(struct work_struct *wk)
252 struct cfg80211_registered_device *rdev;
253 struct cfg80211_sched_scan_request *request;
255 rdev = container_of(wk, struct cfg80211_registered_device,
256 sched_scan_results_wk);
260 request = rtnl_dereference(rdev->sched_scan_req);
262 /* we don't have sched_scan_req anymore if the scan is stopping */
264 if (request->flags & NL80211_SCAN_FLAG_FLUSH) {
265 /* flush entries from previous scans */
266 spin_lock_bh(&rdev->bss_lock);
267 __cfg80211_bss_expire(rdev, request->scan_start);
268 spin_unlock_bh(&rdev->bss_lock);
269 request->scan_start =
270 jiffies + msecs_to_jiffies(request->interval);
272 nl80211_send_sched_scan_results(rdev, request->dev);
278 void cfg80211_sched_scan_results(struct wiphy *wiphy)
280 trace_cfg80211_sched_scan_results(wiphy);
281 /* ignore if we're not scanning */
283 if (rcu_access_pointer(wiphy_to_rdev(wiphy)->sched_scan_req))
284 queue_work(cfg80211_wq,
285 &wiphy_to_rdev(wiphy)->sched_scan_results_wk);
287 EXPORT_SYMBOL(cfg80211_sched_scan_results);
289 void cfg80211_sched_scan_stopped_rtnl(struct wiphy *wiphy)
291 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
295 trace_cfg80211_sched_scan_stopped(wiphy);
297 __cfg80211_stop_sched_scan(rdev, true);
299 EXPORT_SYMBOL(cfg80211_sched_scan_stopped_rtnl);
301 void cfg80211_sched_scan_stopped(struct wiphy *wiphy)
304 cfg80211_sched_scan_stopped_rtnl(wiphy);
307 EXPORT_SYMBOL(cfg80211_sched_scan_stopped);
309 int __cfg80211_stop_sched_scan(struct cfg80211_registered_device *rdev,
310 bool driver_initiated)
312 struct cfg80211_sched_scan_request *sched_scan_req;
313 struct net_device *dev;
317 if (!rdev->sched_scan_req)
320 sched_scan_req = rtnl_dereference(rdev->sched_scan_req);
321 dev = sched_scan_req->dev;
323 if (!driver_initiated) {
324 int err = rdev_sched_scan_stop(rdev, dev);
329 nl80211_send_sched_scan(rdev, dev, NL80211_CMD_SCHED_SCAN_STOPPED);
331 RCU_INIT_POINTER(rdev->sched_scan_req, NULL);
332 kfree_rcu(sched_scan_req, rcu_head);
337 void cfg80211_bss_age(struct cfg80211_registered_device *rdev,
338 unsigned long age_secs)
340 struct cfg80211_internal_bss *bss;
341 unsigned long age_jiffies = msecs_to_jiffies(age_secs * MSEC_PER_SEC);
343 spin_lock_bh(&rdev->bss_lock);
344 list_for_each_entry(bss, &rdev->bss_list, list)
345 bss->ts -= age_jiffies;
346 spin_unlock_bh(&rdev->bss_lock);
349 void cfg80211_bss_expire(struct cfg80211_registered_device *rdev)
351 __cfg80211_bss_expire(rdev, jiffies - IEEE80211_SCAN_RESULT_EXPIRE);
354 const u8 *cfg80211_find_ie(u8 eid, const u8 *ies, int len)
356 while (len > 2 && ies[0] != eid) {
362 if (len < 2 + ies[1])
366 EXPORT_SYMBOL(cfg80211_find_ie);
368 const u8 *cfg80211_find_vendor_ie(unsigned int oui, u8 oui_type,
369 const u8 *ies, int len)
371 struct ieee80211_vendor_ie *ie;
372 const u8 *pos = ies, *end = ies + len;
376 pos = cfg80211_find_ie(WLAN_EID_VENDOR_SPECIFIC, pos,
381 ie = (struct ieee80211_vendor_ie *)pos;
383 /* make sure we can access ie->len */
384 BUILD_BUG_ON(offsetof(struct ieee80211_vendor_ie, len) != 1);
386 if (ie->len < sizeof(*ie))
389 ie_oui = ie->oui[0] << 16 | ie->oui[1] << 8 | ie->oui[2];
390 if (ie_oui == oui && ie->oui_type == oui_type)
397 EXPORT_SYMBOL(cfg80211_find_vendor_ie);
399 static bool is_bss(struct cfg80211_bss *a, const u8 *bssid,
400 const u8 *ssid, size_t ssid_len)
402 const struct cfg80211_bss_ies *ies;
405 if (bssid && !ether_addr_equal(a->bssid, bssid))
411 ies = rcu_access_pointer(a->ies);
414 ssidie = cfg80211_find_ie(WLAN_EID_SSID, ies->data, ies->len);
417 if (ssidie[1] != ssid_len)
419 return memcmp(ssidie + 2, ssid, ssid_len) == 0;
423 * enum bss_compare_mode - BSS compare mode
424 * @BSS_CMP_REGULAR: regular compare mode (for insertion and normal find)
425 * @BSS_CMP_HIDE_ZLEN: find hidden SSID with zero-length mode
426 * @BSS_CMP_HIDE_NUL: find hidden SSID with NUL-ed out mode
428 enum bss_compare_mode {
434 static int cmp_bss(struct cfg80211_bss *a,
435 struct cfg80211_bss *b,
436 enum bss_compare_mode mode)
438 const struct cfg80211_bss_ies *a_ies, *b_ies;
439 const u8 *ie1 = NULL;
440 const u8 *ie2 = NULL;
443 if (a->channel != b->channel)
444 return b->channel->center_freq - a->channel->center_freq;
446 a_ies = rcu_access_pointer(a->ies);
449 b_ies = rcu_access_pointer(b->ies);
453 if (WLAN_CAPABILITY_IS_STA_BSS(a->capability))
454 ie1 = cfg80211_find_ie(WLAN_EID_MESH_ID,
455 a_ies->data, a_ies->len);
456 if (WLAN_CAPABILITY_IS_STA_BSS(b->capability))
457 ie2 = cfg80211_find_ie(WLAN_EID_MESH_ID,
458 b_ies->data, b_ies->len);
462 if (ie1[1] == ie2[1])
463 mesh_id_cmp = memcmp(ie1 + 2, ie2 + 2, ie1[1]);
465 mesh_id_cmp = ie2[1] - ie1[1];
467 ie1 = cfg80211_find_ie(WLAN_EID_MESH_CONFIG,
468 a_ies->data, a_ies->len);
469 ie2 = cfg80211_find_ie(WLAN_EID_MESH_CONFIG,
470 b_ies->data, b_ies->len);
474 if (ie1[1] != ie2[1])
475 return ie2[1] - ie1[1];
476 return memcmp(ie1 + 2, ie2 + 2, ie1[1]);
480 r = memcmp(a->bssid, b->bssid, sizeof(a->bssid));
484 ie1 = cfg80211_find_ie(WLAN_EID_SSID, a_ies->data, a_ies->len);
485 ie2 = cfg80211_find_ie(WLAN_EID_SSID, b_ies->data, b_ies->len);
491 * Note that with "hide_ssid", the function returns a match if
492 * the already-present BSS ("b") is a hidden SSID beacon for
496 /* sort missing IE before (left of) present IE */
503 case BSS_CMP_HIDE_ZLEN:
505 * In ZLEN mode we assume the BSS entry we're
506 * looking for has a zero-length SSID. So if
507 * the one we're looking at right now has that,
508 * return 0. Otherwise, return the difference
509 * in length, but since we're looking for the
510 * 0-length it's really equivalent to returning
511 * the length of the one we're looking at.
513 * No content comparison is needed as we assume
514 * the content length is zero.
517 case BSS_CMP_REGULAR:
519 /* sort by length first, then by contents */
520 if (ie1[1] != ie2[1])
521 return ie2[1] - ie1[1];
522 return memcmp(ie1 + 2, ie2 + 2, ie1[1]);
523 case BSS_CMP_HIDE_NUL:
524 if (ie1[1] != ie2[1])
525 return ie2[1] - ie1[1];
526 /* this is equivalent to memcmp(zeroes, ie2 + 2, len) */
527 for (i = 0; i < ie2[1]; i++)
534 /* Returned bss is reference counted and must be cleaned up appropriately. */
535 struct cfg80211_bss *cfg80211_get_bss(struct wiphy *wiphy,
536 struct ieee80211_channel *channel,
538 const u8 *ssid, size_t ssid_len,
539 u16 capa_mask, u16 capa_val)
541 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
542 struct cfg80211_internal_bss *bss, *res = NULL;
543 unsigned long now = jiffies;
545 trace_cfg80211_get_bss(wiphy, channel, bssid, ssid, ssid_len, capa_mask,
548 spin_lock_bh(&rdev->bss_lock);
550 list_for_each_entry(bss, &rdev->bss_list, list) {
551 if ((bss->pub.capability & capa_mask) != capa_val)
553 if (channel && bss->pub.channel != channel)
555 if (!is_valid_ether_addr(bss->pub.bssid))
557 /* Don't get expired BSS structs */
558 if (time_after(now, bss->ts + IEEE80211_SCAN_RESULT_EXPIRE) &&
559 !atomic_read(&bss->hold))
561 if (is_bss(&bss->pub, bssid, ssid, ssid_len)) {
563 bss_ref_get(rdev, res);
568 spin_unlock_bh(&rdev->bss_lock);
571 trace_cfg80211_return_bss(&res->pub);
574 EXPORT_SYMBOL(cfg80211_get_bss);
576 static void rb_insert_bss(struct cfg80211_registered_device *rdev,
577 struct cfg80211_internal_bss *bss)
579 struct rb_node **p = &rdev->bss_tree.rb_node;
580 struct rb_node *parent = NULL;
581 struct cfg80211_internal_bss *tbss;
586 tbss = rb_entry(parent, struct cfg80211_internal_bss, rbn);
588 cmp = cmp_bss(&bss->pub, &tbss->pub, BSS_CMP_REGULAR);
591 /* will sort of leak this BSS */
601 rb_link_node(&bss->rbn, parent, p);
602 rb_insert_color(&bss->rbn, &rdev->bss_tree);
605 static struct cfg80211_internal_bss *
606 rb_find_bss(struct cfg80211_registered_device *rdev,
607 struct cfg80211_internal_bss *res,
608 enum bss_compare_mode mode)
610 struct rb_node *n = rdev->bss_tree.rb_node;
611 struct cfg80211_internal_bss *bss;
615 bss = rb_entry(n, struct cfg80211_internal_bss, rbn);
616 r = cmp_bss(&res->pub, &bss->pub, mode);
629 static bool cfg80211_combine_bsses(struct cfg80211_registered_device *rdev,
630 struct cfg80211_internal_bss *new)
632 const struct cfg80211_bss_ies *ies;
633 struct cfg80211_internal_bss *bss;
638 ies = rcu_access_pointer(new->pub.beacon_ies);
642 ie = cfg80211_find_ie(WLAN_EID_SSID, ies->data, ies->len);
649 for (i = 0; i < ssidlen; i++)
653 /* not a hidden SSID */
657 /* This is the bad part ... */
659 list_for_each_entry(bss, &rdev->bss_list, list) {
660 if (!ether_addr_equal(bss->pub.bssid, new->pub.bssid))
662 if (bss->pub.channel != new->pub.channel)
664 if (bss->pub.scan_width != new->pub.scan_width)
666 if (rcu_access_pointer(bss->pub.beacon_ies))
668 ies = rcu_access_pointer(bss->pub.ies);
671 ie = cfg80211_find_ie(WLAN_EID_SSID, ies->data, ies->len);
674 if (ssidlen && ie[1] != ssidlen)
676 if (WARN_ON_ONCE(bss->pub.hidden_beacon_bss))
678 if (WARN_ON_ONCE(!list_empty(&bss->hidden_list)))
679 list_del(&bss->hidden_list);
681 list_add(&bss->hidden_list, &new->hidden_list);
682 bss->pub.hidden_beacon_bss = &new->pub;
683 new->refcount += bss->refcount;
684 rcu_assign_pointer(bss->pub.beacon_ies,
685 new->pub.beacon_ies);
691 /* Returned bss is reference counted and must be cleaned up appropriately. */
692 static struct cfg80211_internal_bss *
693 cfg80211_bss_update(struct cfg80211_registered_device *rdev,
694 struct cfg80211_internal_bss *tmp,
697 struct cfg80211_internal_bss *found = NULL;
699 if (WARN_ON(!tmp->pub.channel))
704 spin_lock_bh(&rdev->bss_lock);
706 if (WARN_ON(!rcu_access_pointer(tmp->pub.ies))) {
707 spin_unlock_bh(&rdev->bss_lock);
711 found = rb_find_bss(rdev, tmp, BSS_CMP_REGULAR);
715 if (rcu_access_pointer(tmp->pub.proberesp_ies)) {
716 const struct cfg80211_bss_ies *old;
718 old = rcu_access_pointer(found->pub.proberesp_ies);
720 rcu_assign_pointer(found->pub.proberesp_ies,
721 tmp->pub.proberesp_ies);
722 /* Override possible earlier Beacon frame IEs */
723 rcu_assign_pointer(found->pub.ies,
724 tmp->pub.proberesp_ies);
726 kfree_rcu((struct cfg80211_bss_ies *)old,
728 } else if (rcu_access_pointer(tmp->pub.beacon_ies)) {
729 const struct cfg80211_bss_ies *old;
730 struct cfg80211_internal_bss *bss;
732 if (found->pub.hidden_beacon_bss &&
733 !list_empty(&found->hidden_list)) {
734 const struct cfg80211_bss_ies *f;
737 * The found BSS struct is one of the probe
738 * response members of a group, but we're
739 * receiving a beacon (beacon_ies in the tmp
740 * bss is used). This can only mean that the
741 * AP changed its beacon from not having an
742 * SSID to showing it, which is confusing so
743 * drop this information.
746 f = rcu_access_pointer(tmp->pub.beacon_ies);
747 kfree_rcu((struct cfg80211_bss_ies *)f,
752 old = rcu_access_pointer(found->pub.beacon_ies);
754 rcu_assign_pointer(found->pub.beacon_ies,
755 tmp->pub.beacon_ies);
757 /* Override IEs if they were from a beacon before */
758 if (old == rcu_access_pointer(found->pub.ies))
759 rcu_assign_pointer(found->pub.ies,
760 tmp->pub.beacon_ies);
762 /* Assign beacon IEs to all sub entries */
763 list_for_each_entry(bss, &found->hidden_list,
765 const struct cfg80211_bss_ies *ies;
767 ies = rcu_access_pointer(bss->pub.beacon_ies);
770 rcu_assign_pointer(bss->pub.beacon_ies,
771 tmp->pub.beacon_ies);
775 kfree_rcu((struct cfg80211_bss_ies *)old,
779 found->pub.beacon_interval = tmp->pub.beacon_interval;
781 * don't update the signal if beacon was heard on
785 found->pub.signal = tmp->pub.signal;
786 found->pub.capability = tmp->pub.capability;
789 struct cfg80211_internal_bss *new;
790 struct cfg80211_internal_bss *hidden;
791 struct cfg80211_bss_ies *ies;
794 * create a copy -- the "res" variable that is passed in
795 * is allocated on the stack since it's not needed in the
796 * more common case of an update
798 new = kzalloc(sizeof(*new) + rdev->wiphy.bss_priv_size,
801 ies = (void *)rcu_dereference(tmp->pub.beacon_ies);
803 kfree_rcu(ies, rcu_head);
804 ies = (void *)rcu_dereference(tmp->pub.proberesp_ies);
806 kfree_rcu(ies, rcu_head);
809 memcpy(new, tmp, sizeof(*new));
811 INIT_LIST_HEAD(&new->hidden_list);
813 if (rcu_access_pointer(tmp->pub.proberesp_ies)) {
814 hidden = rb_find_bss(rdev, tmp, BSS_CMP_HIDE_ZLEN);
816 hidden = rb_find_bss(rdev, tmp,
819 new->pub.hidden_beacon_bss = &hidden->pub;
820 list_add(&new->hidden_list,
821 &hidden->hidden_list);
823 rcu_assign_pointer(new->pub.beacon_ies,
824 hidden->pub.beacon_ies);
828 * Ok so we found a beacon, and don't have an entry. If
829 * it's a beacon with hidden SSID, we might be in for an
830 * expensive search for any probe responses that should
831 * be grouped with this beacon for updates ...
833 if (!cfg80211_combine_bsses(rdev, new)) {
839 list_add_tail(&new->list, &rdev->bss_list);
840 rb_insert_bss(rdev, new);
844 rdev->bss_generation++;
845 bss_ref_get(rdev, found);
846 spin_unlock_bh(&rdev->bss_lock);
850 spin_unlock_bh(&rdev->bss_lock);
854 static struct ieee80211_channel *
855 cfg80211_get_bss_channel(struct wiphy *wiphy, const u8 *ie, size_t ielen,
856 struct ieee80211_channel *channel)
860 int channel_number = -1;
862 tmp = cfg80211_find_ie(WLAN_EID_DS_PARAMS, ie, ielen);
863 if (tmp && tmp[1] == 1) {
864 channel_number = tmp[2];
866 tmp = cfg80211_find_ie(WLAN_EID_HT_OPERATION, ie, ielen);
867 if (tmp && tmp[1] >= sizeof(struct ieee80211_ht_operation)) {
868 struct ieee80211_ht_operation *htop = (void *)(tmp + 2);
870 channel_number = htop->primary_chan;
874 if (channel_number < 0)
877 freq = ieee80211_channel_to_frequency(channel_number, channel->band);
878 channel = ieee80211_get_channel(wiphy, freq);
881 if (channel->flags & IEEE80211_CHAN_DISABLED)
886 /* Returned bss is reference counted and must be cleaned up appropriately. */
888 cfg80211_inform_bss_width(struct wiphy *wiphy,
889 struct ieee80211_channel *rx_channel,
890 enum nl80211_bss_scan_width scan_width,
891 enum cfg80211_bss_frame_type ftype,
892 const u8 *bssid, u64 tsf, u16 capability,
893 u16 beacon_interval, const u8 *ie, size_t ielen,
894 s32 signal, gfp_t gfp)
896 struct cfg80211_bss_ies *ies;
897 struct ieee80211_channel *channel;
898 struct cfg80211_internal_bss tmp = {}, *res;
904 if (WARN_ON(wiphy->signal_type == CFG80211_SIGNAL_TYPE_UNSPEC &&
905 (signal < 0 || signal > 100)))
908 channel = cfg80211_get_bss_channel(wiphy, ie, ielen, rx_channel);
912 memcpy(tmp.pub.bssid, bssid, ETH_ALEN);
913 tmp.pub.channel = channel;
914 tmp.pub.scan_width = scan_width;
915 tmp.pub.signal = signal;
916 tmp.pub.beacon_interval = beacon_interval;
917 tmp.pub.capability = capability;
919 * If we do not know here whether the IEs are from a Beacon or Probe
920 * Response frame, we need to pick one of the options and only use it
921 * with the driver that does not provide the full Beacon/Probe Response
922 * frame. Use Beacon frame pointer to avoid indicating that this should
923 * override the IEs pointer should we have received an earlier
924 * indication of Probe Response data.
926 ies = kzalloc(sizeof(*ies) + ielen, gfp);
931 ies->from_beacon = false;
932 memcpy(ies->data, ie, ielen);
935 case CFG80211_BSS_FTYPE_BEACON:
936 ies->from_beacon = true;
937 /* fall through to assign */
938 case CFG80211_BSS_FTYPE_UNKNOWN:
939 rcu_assign_pointer(tmp.pub.beacon_ies, ies);
941 case CFG80211_BSS_FTYPE_PRESP:
942 rcu_assign_pointer(tmp.pub.proberesp_ies, ies);
945 rcu_assign_pointer(tmp.pub.ies, ies);
947 signal_valid = abs(rx_channel->center_freq - channel->center_freq) <=
948 wiphy->max_adj_channel_rssi_comp;
949 res = cfg80211_bss_update(wiphy_to_rdev(wiphy), &tmp, signal_valid);
953 if (res->pub.capability & WLAN_CAPABILITY_ESS)
954 regulatory_hint_found_beacon(wiphy, channel, gfp);
956 trace_cfg80211_return_bss(&res->pub);
957 /* cfg80211_bss_update gives us a referenced result */
960 EXPORT_SYMBOL(cfg80211_inform_bss_width);
962 /* Returned bss is reference counted and must be cleaned up appropriately. */
963 struct cfg80211_bss *
964 cfg80211_inform_bss_width_frame(struct wiphy *wiphy,
965 struct ieee80211_channel *rx_channel,
966 enum nl80211_bss_scan_width scan_width,
967 struct ieee80211_mgmt *mgmt, size_t len,
968 s32 signal, gfp_t gfp)
970 struct cfg80211_internal_bss tmp = {}, *res;
971 struct cfg80211_bss_ies *ies;
972 struct ieee80211_channel *channel;
974 size_t ielen = len - offsetof(struct ieee80211_mgmt,
975 u.probe_resp.variable);
977 BUILD_BUG_ON(offsetof(struct ieee80211_mgmt, u.probe_resp.variable) !=
978 offsetof(struct ieee80211_mgmt, u.beacon.variable));
980 trace_cfg80211_inform_bss_width_frame(wiphy, rx_channel, scan_width, mgmt,
989 if (WARN_ON(wiphy->signal_type == CFG80211_SIGNAL_TYPE_UNSPEC &&
990 (signal < 0 || signal > 100)))
993 if (WARN_ON(len < offsetof(struct ieee80211_mgmt, u.probe_resp.variable)))
996 channel = cfg80211_get_bss_channel(wiphy, mgmt->u.beacon.variable,
1001 ies = kzalloc(sizeof(*ies) + ielen, gfp);
1005 ies->tsf = le64_to_cpu(mgmt->u.probe_resp.timestamp);
1006 ies->from_beacon = ieee80211_is_beacon(mgmt->frame_control);
1007 memcpy(ies->data, mgmt->u.probe_resp.variable, ielen);
1009 if (ieee80211_is_probe_resp(mgmt->frame_control))
1010 rcu_assign_pointer(tmp.pub.proberesp_ies, ies);
1012 rcu_assign_pointer(tmp.pub.beacon_ies, ies);
1013 rcu_assign_pointer(tmp.pub.ies, ies);
1015 memcpy(tmp.pub.bssid, mgmt->bssid, ETH_ALEN);
1016 tmp.pub.channel = channel;
1017 tmp.pub.scan_width = scan_width;
1018 tmp.pub.signal = signal;
1019 tmp.pub.beacon_interval = le16_to_cpu(mgmt->u.probe_resp.beacon_int);
1020 tmp.pub.capability = le16_to_cpu(mgmt->u.probe_resp.capab_info);
1022 signal_valid = abs(rx_channel->center_freq - channel->center_freq) <=
1023 wiphy->max_adj_channel_rssi_comp;
1024 res = cfg80211_bss_update(wiphy_to_rdev(wiphy), &tmp, signal_valid);
1028 if (res->pub.capability & WLAN_CAPABILITY_ESS)
1029 regulatory_hint_found_beacon(wiphy, channel, gfp);
1031 trace_cfg80211_return_bss(&res->pub);
1032 /* cfg80211_bss_update gives us a referenced result */
1035 EXPORT_SYMBOL(cfg80211_inform_bss_width_frame);
1037 void cfg80211_ref_bss(struct wiphy *wiphy, struct cfg80211_bss *pub)
1039 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
1040 struct cfg80211_internal_bss *bss;
1045 bss = container_of(pub, struct cfg80211_internal_bss, pub);
1047 spin_lock_bh(&rdev->bss_lock);
1048 bss_ref_get(rdev, bss);
1049 spin_unlock_bh(&rdev->bss_lock);
1051 EXPORT_SYMBOL(cfg80211_ref_bss);
1053 void cfg80211_put_bss(struct wiphy *wiphy, struct cfg80211_bss *pub)
1055 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
1056 struct cfg80211_internal_bss *bss;
1061 bss = container_of(pub, struct cfg80211_internal_bss, pub);
1063 spin_lock_bh(&rdev->bss_lock);
1064 bss_ref_put(rdev, bss);
1065 spin_unlock_bh(&rdev->bss_lock);
1067 EXPORT_SYMBOL(cfg80211_put_bss);
1069 void cfg80211_unlink_bss(struct wiphy *wiphy, struct cfg80211_bss *pub)
1071 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
1072 struct cfg80211_internal_bss *bss;
1077 bss = container_of(pub, struct cfg80211_internal_bss, pub);
1079 spin_lock_bh(&rdev->bss_lock);
1080 if (!list_empty(&bss->list)) {
1081 if (__cfg80211_unlink_bss(rdev, bss))
1082 rdev->bss_generation++;
1084 spin_unlock_bh(&rdev->bss_lock);
1086 EXPORT_SYMBOL(cfg80211_unlink_bss);
1088 #ifdef CONFIG_CFG80211_WEXT
1089 static struct cfg80211_registered_device *
1090 cfg80211_get_dev_from_ifindex(struct net *net, int ifindex)
1092 struct cfg80211_registered_device *rdev;
1093 struct net_device *dev;
1097 dev = dev_get_by_index(net, ifindex);
1099 return ERR_PTR(-ENODEV);
1100 if (dev->ieee80211_ptr)
1101 rdev = wiphy_to_rdev(dev->ieee80211_ptr->wiphy);
1103 rdev = ERR_PTR(-ENODEV);
1108 int cfg80211_wext_siwscan(struct net_device *dev,
1109 struct iw_request_info *info,
1110 union iwreq_data *wrqu, char *extra)
1112 struct cfg80211_registered_device *rdev;
1113 struct wiphy *wiphy;
1114 struct iw_scan_req *wreq = NULL;
1115 struct cfg80211_scan_request *creq = NULL;
1116 int i, err, n_channels = 0;
1117 enum ieee80211_band band;
1119 if (!netif_running(dev))
1122 if (wrqu->data.length == sizeof(struct iw_scan_req))
1123 wreq = (struct iw_scan_req *)extra;
1125 rdev = cfg80211_get_dev_from_ifindex(dev_net(dev), dev->ifindex);
1128 return PTR_ERR(rdev);
1130 if (rdev->scan_req || rdev->scan_msg) {
1135 wiphy = &rdev->wiphy;
1137 /* Determine number of channels, needed to allocate creq */
1138 if (wreq && wreq->num_channels)
1139 n_channels = wreq->num_channels;
1141 n_channels = ieee80211_get_num_supported_channels(wiphy);
1143 creq = kzalloc(sizeof(*creq) + sizeof(struct cfg80211_ssid) +
1144 n_channels * sizeof(void *),
1151 creq->wiphy = wiphy;
1152 creq->wdev = dev->ieee80211_ptr;
1153 /* SSIDs come after channels */
1154 creq->ssids = (void *)&creq->channels[n_channels];
1155 creq->n_channels = n_channels;
1157 creq->scan_start = jiffies;
1159 /* translate "Scan on frequencies" request */
1161 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
1164 if (!wiphy->bands[band])
1167 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
1168 /* ignore disabled channels */
1169 if (wiphy->bands[band]->channels[j].flags &
1170 IEEE80211_CHAN_DISABLED)
1173 /* If we have a wireless request structure and the
1174 * wireless request specifies frequencies, then search
1175 * for the matching hardware channel.
1177 if (wreq && wreq->num_channels) {
1179 int wiphy_freq = wiphy->bands[band]->channels[j].center_freq;
1180 for (k = 0; k < wreq->num_channels; k++) {
1181 struct iw_freq *freq =
1182 &wreq->channel_list[k];
1184 cfg80211_wext_freq(freq);
1186 if (wext_freq == wiphy_freq)
1187 goto wext_freq_found;
1189 goto wext_freq_not_found;
1193 creq->channels[i] = &wiphy->bands[band]->channels[j];
1195 wext_freq_not_found: ;
1198 /* No channels found? */
1204 /* Set real number of channels specified in creq->channels[] */
1205 creq->n_channels = i;
1207 /* translate "Scan for SSID" request */
1209 if (wrqu->data.flags & IW_SCAN_THIS_ESSID) {
1210 if (wreq->essid_len > IEEE80211_MAX_SSID_LEN) {
1214 memcpy(creq->ssids[0].ssid, wreq->essid, wreq->essid_len);
1215 creq->ssids[0].ssid_len = wreq->essid_len;
1217 if (wreq->scan_type == IW_SCAN_TYPE_PASSIVE)
1221 for (i = 0; i < IEEE80211_NUM_BANDS; i++)
1222 if (wiphy->bands[i])
1223 creq->rates[i] = (1 << wiphy->bands[i]->n_bitrates) - 1;
1225 rdev->scan_req = creq;
1226 err = rdev_scan(rdev, creq);
1228 rdev->scan_req = NULL;
1229 /* creq will be freed below */
1231 nl80211_send_scan_start(rdev, dev->ieee80211_ptr);
1232 /* creq now owned by driver */
1240 EXPORT_SYMBOL_GPL(cfg80211_wext_siwscan);
1242 static void ieee80211_scan_add_ies(struct iw_request_info *info,
1243 const struct cfg80211_bss_ies *ies,
1244 char **current_ev, char *end_buf)
1246 const u8 *pos, *end, *next;
1247 struct iw_event iwe;
1253 * If needed, fragment the IEs buffer (at IE boundaries) into short
1254 * enough fragments to fit into IW_GENERIC_IE_MAX octet messages.
1257 end = pos + ies->len;
1259 while (end - pos > IW_GENERIC_IE_MAX) {
1260 next = pos + 2 + pos[1];
1261 while (next + 2 + next[1] - pos < IW_GENERIC_IE_MAX)
1262 next = next + 2 + next[1];
1264 memset(&iwe, 0, sizeof(iwe));
1265 iwe.cmd = IWEVGENIE;
1266 iwe.u.data.length = next - pos;
1267 *current_ev = iwe_stream_add_point(info, *current_ev,
1275 memset(&iwe, 0, sizeof(iwe));
1276 iwe.cmd = IWEVGENIE;
1277 iwe.u.data.length = end - pos;
1278 *current_ev = iwe_stream_add_point(info, *current_ev,
1285 ieee80211_bss(struct wiphy *wiphy, struct iw_request_info *info,
1286 struct cfg80211_internal_bss *bss, char *current_ev,
1289 const struct cfg80211_bss_ies *ies;
1290 struct iw_event iwe;
1294 bool ismesh = false;
1296 memset(&iwe, 0, sizeof(iwe));
1297 iwe.cmd = SIOCGIWAP;
1298 iwe.u.ap_addr.sa_family = ARPHRD_ETHER;
1299 memcpy(iwe.u.ap_addr.sa_data, bss->pub.bssid, ETH_ALEN);
1300 current_ev = iwe_stream_add_event(info, current_ev, end_buf, &iwe,
1303 memset(&iwe, 0, sizeof(iwe));
1304 iwe.cmd = SIOCGIWFREQ;
1305 iwe.u.freq.m = ieee80211_frequency_to_channel(bss->pub.channel->center_freq);
1307 current_ev = iwe_stream_add_event(info, current_ev, end_buf, &iwe,
1310 memset(&iwe, 0, sizeof(iwe));
1311 iwe.cmd = SIOCGIWFREQ;
1312 iwe.u.freq.m = bss->pub.channel->center_freq;
1314 current_ev = iwe_stream_add_event(info, current_ev, end_buf, &iwe,
1317 if (wiphy->signal_type != CFG80211_SIGNAL_TYPE_NONE) {
1318 memset(&iwe, 0, sizeof(iwe));
1320 iwe.u.qual.updated = IW_QUAL_LEVEL_UPDATED |
1321 IW_QUAL_NOISE_INVALID |
1322 IW_QUAL_QUAL_UPDATED;
1323 switch (wiphy->signal_type) {
1324 case CFG80211_SIGNAL_TYPE_MBM:
1325 sig = bss->pub.signal / 100;
1326 iwe.u.qual.level = sig;
1327 iwe.u.qual.updated |= IW_QUAL_DBM;
1328 if (sig < -110) /* rather bad */
1330 else if (sig > -40) /* perfect */
1332 /* will give a range of 0 .. 70 */
1333 iwe.u.qual.qual = sig + 110;
1335 case CFG80211_SIGNAL_TYPE_UNSPEC:
1336 iwe.u.qual.level = bss->pub.signal;
1337 /* will give range 0 .. 100 */
1338 iwe.u.qual.qual = bss->pub.signal;
1344 current_ev = iwe_stream_add_event(info, current_ev, end_buf,
1345 &iwe, IW_EV_QUAL_LEN);
1348 memset(&iwe, 0, sizeof(iwe));
1349 iwe.cmd = SIOCGIWENCODE;
1350 if (bss->pub.capability & WLAN_CAPABILITY_PRIVACY)
1351 iwe.u.data.flags = IW_ENCODE_ENABLED | IW_ENCODE_NOKEY;
1353 iwe.u.data.flags = IW_ENCODE_DISABLED;
1354 iwe.u.data.length = 0;
1355 current_ev = iwe_stream_add_point(info, current_ev, end_buf,
1359 ies = rcu_dereference(bss->pub.ies);
1365 if (ie[1] > rem - 2)
1370 memset(&iwe, 0, sizeof(iwe));
1371 iwe.cmd = SIOCGIWESSID;
1372 iwe.u.data.length = ie[1];
1373 iwe.u.data.flags = 1;
1374 current_ev = iwe_stream_add_point(info, current_ev, end_buf,
1375 &iwe, (u8 *)ie + 2);
1377 case WLAN_EID_MESH_ID:
1378 memset(&iwe, 0, sizeof(iwe));
1379 iwe.cmd = SIOCGIWESSID;
1380 iwe.u.data.length = ie[1];
1381 iwe.u.data.flags = 1;
1382 current_ev = iwe_stream_add_point(info, current_ev, end_buf,
1383 &iwe, (u8 *)ie + 2);
1385 case WLAN_EID_MESH_CONFIG:
1387 if (ie[1] != sizeof(struct ieee80211_meshconf_ie))
1389 buf = kmalloc(50, GFP_ATOMIC);
1393 memset(&iwe, 0, sizeof(iwe));
1394 iwe.cmd = IWEVCUSTOM;
1395 sprintf(buf, "Mesh Network Path Selection Protocol ID: "
1397 iwe.u.data.length = strlen(buf);
1398 current_ev = iwe_stream_add_point(info, current_ev,
1401 sprintf(buf, "Path Selection Metric ID: 0x%02X",
1403 iwe.u.data.length = strlen(buf);
1404 current_ev = iwe_stream_add_point(info, current_ev,
1407 sprintf(buf, "Congestion Control Mode ID: 0x%02X",
1409 iwe.u.data.length = strlen(buf);
1410 current_ev = iwe_stream_add_point(info, current_ev,
1413 sprintf(buf, "Synchronization ID: 0x%02X", cfg[3]);
1414 iwe.u.data.length = strlen(buf);
1415 current_ev = iwe_stream_add_point(info, current_ev,
1418 sprintf(buf, "Authentication ID: 0x%02X", cfg[4]);
1419 iwe.u.data.length = strlen(buf);
1420 current_ev = iwe_stream_add_point(info, current_ev,
1423 sprintf(buf, "Formation Info: 0x%02X", cfg[5]);
1424 iwe.u.data.length = strlen(buf);
1425 current_ev = iwe_stream_add_point(info, current_ev,
1428 sprintf(buf, "Capabilities: 0x%02X", cfg[6]);
1429 iwe.u.data.length = strlen(buf);
1430 current_ev = iwe_stream_add_point(info, current_ev,
1435 case WLAN_EID_SUPP_RATES:
1436 case WLAN_EID_EXT_SUPP_RATES:
1437 /* display all supported rates in readable format */
1438 p = current_ev + iwe_stream_lcp_len(info);
1440 memset(&iwe, 0, sizeof(iwe));
1441 iwe.cmd = SIOCGIWRATE;
1442 /* Those two flags are ignored... */
1443 iwe.u.bitrate.fixed = iwe.u.bitrate.disabled = 0;
1445 for (i = 0; i < ie[1]; i++) {
1446 iwe.u.bitrate.value =
1447 ((ie[i + 2] & 0x7f) * 500000);
1448 p = iwe_stream_add_value(info, current_ev, p,
1449 end_buf, &iwe, IW_EV_PARAM_LEN);
1458 if (bss->pub.capability & (WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_IBSS) ||
1460 memset(&iwe, 0, sizeof(iwe));
1461 iwe.cmd = SIOCGIWMODE;
1463 iwe.u.mode = IW_MODE_MESH;
1464 else if (bss->pub.capability & WLAN_CAPABILITY_ESS)
1465 iwe.u.mode = IW_MODE_MASTER;
1467 iwe.u.mode = IW_MODE_ADHOC;
1468 current_ev = iwe_stream_add_event(info, current_ev, end_buf,
1469 &iwe, IW_EV_UINT_LEN);
1472 buf = kmalloc(31, GFP_ATOMIC);
1474 memset(&iwe, 0, sizeof(iwe));
1475 iwe.cmd = IWEVCUSTOM;
1476 sprintf(buf, "tsf=%016llx", (unsigned long long)(ies->tsf));
1477 iwe.u.data.length = strlen(buf);
1478 current_ev = iwe_stream_add_point(info, current_ev, end_buf,
1480 memset(&iwe, 0, sizeof(iwe));
1481 iwe.cmd = IWEVCUSTOM;
1482 sprintf(buf, " Last beacon: %ums ago",
1483 elapsed_jiffies_msecs(bss->ts));
1484 iwe.u.data.length = strlen(buf);
1485 current_ev = iwe_stream_add_point(info, current_ev,
1486 end_buf, &iwe, buf);
1490 ieee80211_scan_add_ies(info, ies, ¤t_ev, end_buf);
1497 static int ieee80211_scan_results(struct cfg80211_registered_device *rdev,
1498 struct iw_request_info *info,
1499 char *buf, size_t len)
1501 char *current_ev = buf;
1502 char *end_buf = buf + len;
1503 struct cfg80211_internal_bss *bss;
1505 spin_lock_bh(&rdev->bss_lock);
1506 cfg80211_bss_expire(rdev);
1508 list_for_each_entry(bss, &rdev->bss_list, list) {
1509 if (buf + len - current_ev <= IW_EV_ADDR_LEN) {
1510 spin_unlock_bh(&rdev->bss_lock);
1513 current_ev = ieee80211_bss(&rdev->wiphy, info, bss,
1514 current_ev, end_buf);
1516 spin_unlock_bh(&rdev->bss_lock);
1517 return current_ev - buf;
1521 int cfg80211_wext_giwscan(struct net_device *dev,
1522 struct iw_request_info *info,
1523 struct iw_point *data, char *extra)
1525 struct cfg80211_registered_device *rdev;
1528 if (!netif_running(dev))
1531 rdev = cfg80211_get_dev_from_ifindex(dev_net(dev), dev->ifindex);
1534 return PTR_ERR(rdev);
1536 if (rdev->scan_req || rdev->scan_msg)
1539 res = ieee80211_scan_results(rdev, info, extra, data->length);
1548 EXPORT_SYMBOL_GPL(cfg80211_wext_giwscan);
projects / cascardo / linux.git / blob