2 * cfg80211 scan result handling
4 * Copyright 2008 Johannes Berg <johannes@sipsolutions.net>
6 #include <linux/kernel.h>
7 #include <linux/slab.h>
8 #include <linux/module.h>
9 #include <linux/netdevice.h>
10 #include <linux/wireless.h>
11 #include <linux/nl80211.h>
12 #include <linux/etherdevice.h>
14 #include <net/cfg80211.h>
15 #include <net/cfg80211-wext.h>
16 #include <net/iw_handler.h>
19 #include "wext-compat.h"
22 #define IEEE80211_SCAN_RESULT_EXPIRE (30 * HZ)
24 static void bss_release(struct kref *ref)
26 struct cfg80211_internal_bss *bss;
28 bss = container_of(ref, struct cfg80211_internal_bss, ref);
29 if (bss->pub.free_priv)
30 bss->pub.free_priv(&bss->pub);
32 if (bss->beacon_ies_allocated)
33 kfree(bss->pub.beacon_ies);
34 if (bss->proberesp_ies_allocated)
35 kfree(bss->pub.proberesp_ies);
37 BUG_ON(atomic_read(&bss->hold));
42 /* must hold dev->bss_lock! */
43 static void __cfg80211_unlink_bss(struct cfg80211_registered_device *dev,
44 struct cfg80211_internal_bss *bss)
46 list_del_init(&bss->list);
47 rb_erase(&bss->rbn, &dev->bss_tree);
48 kref_put(&bss->ref, bss_release);
51 /* must hold dev->bss_lock! */
52 static void __cfg80211_bss_expire(struct cfg80211_registered_device *dev,
53 unsigned long expire_time)
55 struct cfg80211_internal_bss *bss, *tmp;
58 list_for_each_entry_safe(bss, tmp, &dev->bss_list, list) {
59 if (atomic_read(&bss->hold))
61 if (!time_after(expire_time, bss->ts))
64 __cfg80211_unlink_bss(dev, bss);
69 dev->bss_generation++;
72 void ___cfg80211_scan_done(struct cfg80211_registered_device *rdev, bool leak)
74 struct cfg80211_scan_request *request;
75 struct wireless_dev *wdev;
76 #ifdef CONFIG_CFG80211_WEXT
77 union iwreq_data wrqu;
80 ASSERT_RDEV_LOCK(rdev);
82 request = rdev->scan_req;
90 * This must be before sending the other events!
91 * Otherwise, wpa_supplicant gets completely confused with
95 cfg80211_sme_scan_done(wdev->netdev);
97 if (request->aborted) {
98 nl80211_send_scan_aborted(rdev, wdev);
100 if (request->flags & NL80211_SCAN_FLAG_FLUSH) {
101 /* flush entries from previous scans */
102 spin_lock_bh(&rdev->bss_lock);
103 __cfg80211_bss_expire(rdev, request->scan_start);
104 spin_unlock_bh(&rdev->bss_lock);
106 nl80211_send_scan_done(rdev, wdev);
109 #ifdef CONFIG_CFG80211_WEXT
110 if (wdev->netdev && !request->aborted) {
111 memset(&wrqu, 0, sizeof(wrqu));
113 wireless_send_event(wdev->netdev, SIOCGIWSCAN, &wrqu, NULL);
118 dev_put(wdev->netdev);
120 rdev->scan_req = NULL;
123 * OK. If this is invoked with "leak" then we can't
124 * free this ... but we've cleaned it up anyway. The
125 * driver failed to call the scan_done callback, so
126 * all bets are off, it might still be trying to use
127 * the scan request or not ... if it accesses the dev
128 * in there (it shouldn't anyway) then it may crash.
134 void __cfg80211_scan_done(struct work_struct *wk)
136 struct cfg80211_registered_device *rdev;
138 rdev = container_of(wk, struct cfg80211_registered_device,
141 cfg80211_lock_rdev(rdev);
142 ___cfg80211_scan_done(rdev, false);
143 cfg80211_unlock_rdev(rdev);
146 void cfg80211_scan_done(struct cfg80211_scan_request *request, bool aborted)
148 trace_cfg80211_scan_done(request, aborted);
149 WARN_ON(request != wiphy_to_dev(request->wiphy)->scan_req);
151 request->aborted = aborted;
152 queue_work(cfg80211_wq, &wiphy_to_dev(request->wiphy)->scan_done_wk);
154 EXPORT_SYMBOL(cfg80211_scan_done);
156 void __cfg80211_sched_scan_results(struct work_struct *wk)
158 struct cfg80211_registered_device *rdev;
159 struct cfg80211_sched_scan_request *request;
161 rdev = container_of(wk, struct cfg80211_registered_device,
162 sched_scan_results_wk);
164 request = rdev->sched_scan_req;
166 mutex_lock(&rdev->sched_scan_mtx);
168 /* we don't have sched_scan_req anymore if the scan is stopping */
170 if (request->flags & NL80211_SCAN_FLAG_FLUSH) {
171 /* flush entries from previous scans */
172 spin_lock_bh(&rdev->bss_lock);
173 __cfg80211_bss_expire(rdev, request->scan_start);
174 spin_unlock_bh(&rdev->bss_lock);
175 request->scan_start =
176 jiffies + msecs_to_jiffies(request->interval);
178 nl80211_send_sched_scan_results(rdev, request->dev);
181 mutex_unlock(&rdev->sched_scan_mtx);
184 void cfg80211_sched_scan_results(struct wiphy *wiphy)
186 trace_cfg80211_sched_scan_results(wiphy);
187 /* ignore if we're not scanning */
188 if (wiphy_to_dev(wiphy)->sched_scan_req)
189 queue_work(cfg80211_wq,
190 &wiphy_to_dev(wiphy)->sched_scan_results_wk);
192 EXPORT_SYMBOL(cfg80211_sched_scan_results);
194 void cfg80211_sched_scan_stopped(struct wiphy *wiphy)
196 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
198 trace_cfg80211_sched_scan_stopped(wiphy);
200 mutex_lock(&rdev->sched_scan_mtx);
201 __cfg80211_stop_sched_scan(rdev, true);
202 mutex_unlock(&rdev->sched_scan_mtx);
204 EXPORT_SYMBOL(cfg80211_sched_scan_stopped);
206 int __cfg80211_stop_sched_scan(struct cfg80211_registered_device *rdev,
207 bool driver_initiated)
209 struct net_device *dev;
211 lockdep_assert_held(&rdev->sched_scan_mtx);
213 if (!rdev->sched_scan_req)
216 dev = rdev->sched_scan_req->dev;
218 if (!driver_initiated) {
219 int err = rdev_sched_scan_stop(rdev, dev);
224 nl80211_send_sched_scan(rdev, dev, NL80211_CMD_SCHED_SCAN_STOPPED);
226 kfree(rdev->sched_scan_req);
227 rdev->sched_scan_req = NULL;
232 /* must hold dev->bss_lock! */
233 void cfg80211_bss_age(struct cfg80211_registered_device *dev,
234 unsigned long age_secs)
236 struct cfg80211_internal_bss *bss;
237 unsigned long age_jiffies = msecs_to_jiffies(age_secs * MSEC_PER_SEC);
239 list_for_each_entry(bss, &dev->bss_list, list) {
240 bss->ts -= age_jiffies;
244 void cfg80211_bss_expire(struct cfg80211_registered_device *dev)
246 __cfg80211_bss_expire(dev, jiffies - IEEE80211_SCAN_RESULT_EXPIRE);
249 const u8 *cfg80211_find_ie(u8 eid, const u8 *ies, int len)
251 while (len > 2 && ies[0] != eid) {
257 if (len < 2 + ies[1])
261 EXPORT_SYMBOL(cfg80211_find_ie);
263 const u8 *cfg80211_find_vendor_ie(unsigned int oui, u8 oui_type,
264 const u8 *ies, int len)
266 struct ieee80211_vendor_ie *ie;
267 const u8 *pos = ies, *end = ies + len;
271 pos = cfg80211_find_ie(WLAN_EID_VENDOR_SPECIFIC, pos,
276 if (end - pos < sizeof(*ie))
279 ie = (struct ieee80211_vendor_ie *)pos;
280 ie_oui = ie->oui[0] << 16 | ie->oui[1] << 8 | ie->oui[2];
281 if (ie_oui == oui && ie->oui_type == oui_type)
288 EXPORT_SYMBOL(cfg80211_find_vendor_ie);
290 static int cmp_ies(u8 num, u8 *ies1, size_t len1, u8 *ies2, size_t len2)
292 const u8 *ie1 = cfg80211_find_ie(num, ies1, len1);
293 const u8 *ie2 = cfg80211_find_ie(num, ies2, len2);
295 /* equal if both missing */
298 /* sort missing IE before (left of) present IE */
304 /* sort by length first, then by contents */
305 if (ie1[1] != ie2[1])
306 return ie2[1] - ie1[1];
307 return memcmp(ie1 + 2, ie2 + 2, ie1[1]);
310 static bool is_bss(struct cfg80211_bss *a,
312 const u8 *ssid, size_t ssid_len)
316 if (bssid && !ether_addr_equal(a->bssid, bssid))
322 ssidie = cfg80211_find_ie(WLAN_EID_SSID,
323 a->information_elements,
324 a->len_information_elements);
327 if (ssidie[1] != ssid_len)
329 return memcmp(ssidie + 2, ssid, ssid_len) == 0;
332 static bool is_mesh_bss(struct cfg80211_bss *a)
336 if (!WLAN_CAPABILITY_IS_STA_BSS(a->capability))
339 ie = cfg80211_find_ie(WLAN_EID_MESH_ID,
340 a->information_elements,
341 a->len_information_elements);
345 ie = cfg80211_find_ie(WLAN_EID_MESH_CONFIG,
346 a->information_elements,
347 a->len_information_elements);
354 static bool is_mesh(struct cfg80211_bss *a,
355 const u8 *meshid, size_t meshidlen,
360 if (!WLAN_CAPABILITY_IS_STA_BSS(a->capability))
363 ie = cfg80211_find_ie(WLAN_EID_MESH_ID,
364 a->information_elements,
365 a->len_information_elements);
368 if (ie[1] != meshidlen)
370 if (memcmp(ie + 2, meshid, meshidlen))
373 ie = cfg80211_find_ie(WLAN_EID_MESH_CONFIG,
374 a->information_elements,
375 a->len_information_elements);
378 if (ie[1] != sizeof(struct ieee80211_meshconf_ie))
382 * Ignore mesh capability (last two bytes of the IE) when
383 * comparing since that may differ between stations taking
384 * part in the same mesh.
386 return memcmp(ie + 2, meshcfg,
387 sizeof(struct ieee80211_meshconf_ie) - 2) == 0;
390 static int cmp_bss_core(struct cfg80211_bss *a,
391 struct cfg80211_bss *b)
395 if (a->channel != b->channel)
396 return b->channel->center_freq - a->channel->center_freq;
398 if (is_mesh_bss(a) && is_mesh_bss(b)) {
399 r = cmp_ies(WLAN_EID_MESH_ID,
400 a->information_elements,
401 a->len_information_elements,
402 b->information_elements,
403 b->len_information_elements);
406 return cmp_ies(WLAN_EID_MESH_CONFIG,
407 a->information_elements,
408 a->len_information_elements,
409 b->information_elements,
410 b->len_information_elements);
414 * we can't use compare_ether_addr here since we need a < > operator.
415 * The binary return value of compare_ether_addr isn't enough
417 return memcmp(a->bssid, b->bssid, sizeof(a->bssid));
420 static int cmp_bss(struct cfg80211_bss *a,
421 struct cfg80211_bss *b)
425 r = cmp_bss_core(a, b);
429 return cmp_ies(WLAN_EID_SSID,
430 a->information_elements,
431 a->len_information_elements,
432 b->information_elements,
433 b->len_information_elements);
436 static int cmp_hidden_bss(struct cfg80211_bss *a,
437 struct cfg80211_bss *b)
444 r = cmp_bss_core(a, b);
448 ie1 = cfg80211_find_ie(WLAN_EID_SSID,
449 a->information_elements,
450 a->len_information_elements);
451 ie2 = cfg80211_find_ie(WLAN_EID_SSID,
452 b->information_elements,
453 b->len_information_elements);
455 /* Key comparator must use same algorithm in any rb-tree
456 * search function (order is important), otherwise ordering
457 * of items in the tree is broken and search gives incorrect
458 * results. This code uses same order as cmp_ies() does. */
460 /* sort missing IE before (left of) present IE */
466 /* zero-size SSID is used as an indication of the hidden bss */
470 /* sort by length first, then by contents */
471 if (ie1[1] != ie2[1])
472 return ie2[1] - ie1[1];
474 /* zeroed SSID ie is another indication of a hidden bss */
475 for (i = 0; i < ie2[1]; i++)
482 struct cfg80211_bss *cfg80211_get_bss(struct wiphy *wiphy,
483 struct ieee80211_channel *channel,
485 const u8 *ssid, size_t ssid_len,
486 u16 capa_mask, u16 capa_val)
488 struct cfg80211_registered_device *dev = wiphy_to_dev(wiphy);
489 struct cfg80211_internal_bss *bss, *res = NULL;
490 unsigned long now = jiffies;
492 trace_cfg80211_get_bss(wiphy, channel, bssid, ssid, ssid_len, capa_mask,
495 spin_lock_bh(&dev->bss_lock);
497 list_for_each_entry(bss, &dev->bss_list, list) {
498 if ((bss->pub.capability & capa_mask) != capa_val)
500 if (channel && bss->pub.channel != channel)
502 /* Don't get expired BSS structs */
503 if (time_after(now, bss->ts + IEEE80211_SCAN_RESULT_EXPIRE) &&
504 !atomic_read(&bss->hold))
506 if (is_bss(&bss->pub, bssid, ssid, ssid_len)) {
513 spin_unlock_bh(&dev->bss_lock);
516 trace_cfg80211_return_bss(&res->pub);
519 EXPORT_SYMBOL(cfg80211_get_bss);
521 struct cfg80211_bss *cfg80211_get_mesh(struct wiphy *wiphy,
522 struct ieee80211_channel *channel,
523 const u8 *meshid, size_t meshidlen,
526 struct cfg80211_registered_device *dev = wiphy_to_dev(wiphy);
527 struct cfg80211_internal_bss *bss, *res = NULL;
529 spin_lock_bh(&dev->bss_lock);
531 list_for_each_entry(bss, &dev->bss_list, list) {
532 if (channel && bss->pub.channel != channel)
534 if (is_mesh(&bss->pub, meshid, meshidlen, meshcfg)) {
541 spin_unlock_bh(&dev->bss_lock);
546 EXPORT_SYMBOL(cfg80211_get_mesh);
549 static void rb_insert_bss(struct cfg80211_registered_device *dev,
550 struct cfg80211_internal_bss *bss)
552 struct rb_node **p = &dev->bss_tree.rb_node;
553 struct rb_node *parent = NULL;
554 struct cfg80211_internal_bss *tbss;
559 tbss = rb_entry(parent, struct cfg80211_internal_bss, rbn);
561 cmp = cmp_bss(&bss->pub, &tbss->pub);
564 /* will sort of leak this BSS */
574 rb_link_node(&bss->rbn, parent, p);
575 rb_insert_color(&bss->rbn, &dev->bss_tree);
578 static struct cfg80211_internal_bss *
579 rb_find_bss(struct cfg80211_registered_device *dev,
580 struct cfg80211_internal_bss *res)
582 struct rb_node *n = dev->bss_tree.rb_node;
583 struct cfg80211_internal_bss *bss;
587 bss = rb_entry(n, struct cfg80211_internal_bss, rbn);
588 r = cmp_bss(&res->pub, &bss->pub);
601 static struct cfg80211_internal_bss *
602 rb_find_hidden_bss(struct cfg80211_registered_device *dev,
603 struct cfg80211_internal_bss *res)
605 struct rb_node *n = dev->bss_tree.rb_node;
606 struct cfg80211_internal_bss *bss;
610 bss = rb_entry(n, struct cfg80211_internal_bss, rbn);
611 r = cmp_hidden_bss(&res->pub, &bss->pub);
625 copy_hidden_ies(struct cfg80211_internal_bss *res,
626 struct cfg80211_internal_bss *hidden)
628 if (unlikely(res->pub.beacon_ies))
630 if (WARN_ON(!hidden->pub.beacon_ies))
633 res->pub.beacon_ies = kmalloc(hidden->pub.len_beacon_ies, GFP_ATOMIC);
634 if (unlikely(!res->pub.beacon_ies))
637 res->beacon_ies_allocated = true;
638 res->pub.len_beacon_ies = hidden->pub.len_beacon_ies;
639 memcpy(res->pub.beacon_ies, hidden->pub.beacon_ies,
640 res->pub.len_beacon_ies);
643 static struct cfg80211_internal_bss *
644 cfg80211_bss_update(struct cfg80211_registered_device *dev,
645 struct cfg80211_internal_bss *res)
647 struct cfg80211_internal_bss *found = NULL;
650 * The reference to "res" is donated to this function.
653 if (WARN_ON(!res->pub.channel)) {
654 kref_put(&res->ref, bss_release);
660 spin_lock_bh(&dev->bss_lock);
662 found = rb_find_bss(dev, res);
665 found->pub.beacon_interval = res->pub.beacon_interval;
666 found->pub.tsf = res->pub.tsf;
667 found->pub.signal = res->pub.signal;
668 found->pub.capability = res->pub.capability;
672 if (res->pub.proberesp_ies) {
673 size_t used = dev->wiphy.bss_priv_size + sizeof(*res);
674 size_t ielen = res->pub.len_proberesp_ies;
676 if (found->pub.proberesp_ies &&
677 !found->proberesp_ies_allocated &&
678 ksize(found) >= used + ielen) {
679 memcpy(found->pub.proberesp_ies,
680 res->pub.proberesp_ies, ielen);
681 found->pub.len_proberesp_ies = ielen;
683 u8 *ies = found->pub.proberesp_ies;
685 if (found->proberesp_ies_allocated)
686 ies = krealloc(ies, ielen, GFP_ATOMIC);
688 ies = kmalloc(ielen, GFP_ATOMIC);
691 memcpy(ies, res->pub.proberesp_ies,
693 found->proberesp_ies_allocated = true;
694 found->pub.proberesp_ies = ies;
695 found->pub.len_proberesp_ies = ielen;
699 /* Override possible earlier Beacon frame IEs */
700 found->pub.information_elements =
701 found->pub.proberesp_ies;
702 found->pub.len_information_elements =
703 found->pub.len_proberesp_ies;
705 if (res->pub.beacon_ies) {
706 size_t used = dev->wiphy.bss_priv_size + sizeof(*res);
707 size_t ielen = res->pub.len_beacon_ies;
708 bool information_elements_is_beacon_ies =
709 (found->pub.information_elements ==
710 found->pub.beacon_ies);
712 if (found->pub.beacon_ies &&
713 !found->beacon_ies_allocated &&
714 ksize(found) >= used + ielen) {
715 memcpy(found->pub.beacon_ies,
716 res->pub.beacon_ies, ielen);
717 found->pub.len_beacon_ies = ielen;
719 u8 *ies = found->pub.beacon_ies;
721 if (found->beacon_ies_allocated)
722 ies = krealloc(ies, ielen, GFP_ATOMIC);
724 ies = kmalloc(ielen, GFP_ATOMIC);
727 memcpy(ies, res->pub.beacon_ies,
729 found->beacon_ies_allocated = true;
730 found->pub.beacon_ies = ies;
731 found->pub.len_beacon_ies = ielen;
735 /* Override IEs if they were from a beacon before */
736 if (information_elements_is_beacon_ies) {
737 found->pub.information_elements =
738 found->pub.beacon_ies;
739 found->pub.len_information_elements =
740 found->pub.len_beacon_ies;
744 kref_put(&res->ref, bss_release);
746 struct cfg80211_internal_bss *hidden;
748 /* First check if the beacon is a probe response from
749 * a hidden bss. If so, copy beacon ies (with nullified
750 * ssid) into the probe response bss entry (with real ssid).
751 * It is required basically for PSM implementation
752 * (probe responses do not contain tim ie) */
754 /* TODO: The code is not trying to update existing probe
755 * response bss entries when beacon ies are
756 * getting changed. */
757 hidden = rb_find_hidden_bss(dev, res);
759 copy_hidden_ies(res, hidden);
761 /* this "consumes" the reference */
762 list_add_tail(&res->list, &dev->bss_list);
763 rb_insert_bss(dev, res);
767 dev->bss_generation++;
768 spin_unlock_bh(&dev->bss_lock);
770 kref_get(&found->ref);
775 cfg80211_inform_bss(struct wiphy *wiphy,
776 struct ieee80211_channel *channel,
777 const u8 *bssid, u64 tsf, u16 capability,
778 u16 beacon_interval, const u8 *ie, size_t ielen,
779 s32 signal, gfp_t gfp)
781 struct cfg80211_internal_bss *res;
787 privsz = wiphy->bss_priv_size;
789 if (WARN_ON(wiphy->signal_type == CFG80211_SIGNAL_TYPE_UNSPEC &&
790 (signal < 0 || signal > 100)))
793 res = kzalloc(sizeof(*res) + privsz + ielen, gfp);
797 memcpy(res->pub.bssid, bssid, ETH_ALEN);
798 res->pub.channel = channel;
799 res->pub.signal = signal;
801 res->pub.beacon_interval = beacon_interval;
802 res->pub.capability = capability;
804 * Since we do not know here whether the IEs are from a Beacon or Probe
805 * Response frame, we need to pick one of the options and only use it
806 * with the driver that does not provide the full Beacon/Probe Response
807 * frame. Use Beacon frame pointer to avoid indicating that this should
808 * override the information_elements pointer should we have received an
809 * earlier indication of Probe Response data.
811 * The initial buffer for the IEs is allocated with the BSS entry and
812 * is located after the private area.
814 res->pub.beacon_ies = (u8 *)res + sizeof(*res) + privsz;
815 memcpy(res->pub.beacon_ies, ie, ielen);
816 res->pub.len_beacon_ies = ielen;
817 res->pub.information_elements = res->pub.beacon_ies;
818 res->pub.len_information_elements = res->pub.len_beacon_ies;
820 kref_init(&res->ref);
822 res = cfg80211_bss_update(wiphy_to_dev(wiphy), res);
826 if (res->pub.capability & WLAN_CAPABILITY_ESS)
827 regulatory_hint_found_beacon(wiphy, channel, gfp);
829 trace_cfg80211_return_bss(&res->pub);
830 /* cfg80211_bss_update gives us a referenced result */
833 EXPORT_SYMBOL(cfg80211_inform_bss);
835 struct cfg80211_bss *
836 cfg80211_inform_bss_frame(struct wiphy *wiphy,
837 struct ieee80211_channel *channel,
838 struct ieee80211_mgmt *mgmt, size_t len,
839 s32 signal, gfp_t gfp)
841 struct cfg80211_internal_bss *res;
843 size_t ielen = len - offsetof(struct ieee80211_mgmt,
844 u.probe_resp.variable);
847 trace_cfg80211_inform_bss_frame(wiphy, channel, mgmt, len, signal);
855 if (WARN_ON(wiphy->signal_type == CFG80211_SIGNAL_TYPE_UNSPEC &&
856 (signal < 0 || signal > 100)))
859 if (WARN_ON(len < offsetof(struct ieee80211_mgmt, u.probe_resp.variable)))
862 privsz = wiphy->bss_priv_size;
864 res = kzalloc(sizeof(*res) + privsz + ielen, gfp);
868 memcpy(res->pub.bssid, mgmt->bssid, ETH_ALEN);
869 res->pub.channel = channel;
870 res->pub.signal = signal;
871 res->pub.tsf = le64_to_cpu(mgmt->u.probe_resp.timestamp);
872 res->pub.beacon_interval = le16_to_cpu(mgmt->u.probe_resp.beacon_int);
873 res->pub.capability = le16_to_cpu(mgmt->u.probe_resp.capab_info);
875 * The initial buffer for the IEs is allocated with the BSS entry and
876 * is located after the private area.
878 if (ieee80211_is_probe_resp(mgmt->frame_control)) {
879 res->pub.proberesp_ies = (u8 *) res + sizeof(*res) + privsz;
880 memcpy(res->pub.proberesp_ies, mgmt->u.probe_resp.variable,
882 res->pub.len_proberesp_ies = ielen;
883 res->pub.information_elements = res->pub.proberesp_ies;
884 res->pub.len_information_elements = res->pub.len_proberesp_ies;
886 res->pub.beacon_ies = (u8 *) res + sizeof(*res) + privsz;
887 memcpy(res->pub.beacon_ies, mgmt->u.beacon.variable, ielen);
888 res->pub.len_beacon_ies = ielen;
889 res->pub.information_elements = res->pub.beacon_ies;
890 res->pub.len_information_elements = res->pub.len_beacon_ies;
893 kref_init(&res->ref);
895 res = cfg80211_bss_update(wiphy_to_dev(wiphy), res);
899 if (res->pub.capability & WLAN_CAPABILITY_ESS)
900 regulatory_hint_found_beacon(wiphy, channel, gfp);
902 trace_cfg80211_return_bss(&res->pub);
903 /* cfg80211_bss_update gives us a referenced result */
906 EXPORT_SYMBOL(cfg80211_inform_bss_frame);
908 void cfg80211_ref_bss(struct cfg80211_bss *pub)
910 struct cfg80211_internal_bss *bss;
915 bss = container_of(pub, struct cfg80211_internal_bss, pub);
918 EXPORT_SYMBOL(cfg80211_ref_bss);
920 void cfg80211_put_bss(struct cfg80211_bss *pub)
922 struct cfg80211_internal_bss *bss;
927 bss = container_of(pub, struct cfg80211_internal_bss, pub);
928 kref_put(&bss->ref, bss_release);
930 EXPORT_SYMBOL(cfg80211_put_bss);
932 void cfg80211_unlink_bss(struct wiphy *wiphy, struct cfg80211_bss *pub)
934 struct cfg80211_registered_device *dev = wiphy_to_dev(wiphy);
935 struct cfg80211_internal_bss *bss;
940 bss = container_of(pub, struct cfg80211_internal_bss, pub);
942 spin_lock_bh(&dev->bss_lock);
943 if (!list_empty(&bss->list)) {
944 __cfg80211_unlink_bss(dev, bss);
945 dev->bss_generation++;
947 spin_unlock_bh(&dev->bss_lock);
949 EXPORT_SYMBOL(cfg80211_unlink_bss);
951 #ifdef CONFIG_CFG80211_WEXT
952 int cfg80211_wext_siwscan(struct net_device *dev,
953 struct iw_request_info *info,
954 union iwreq_data *wrqu, char *extra)
956 struct cfg80211_registered_device *rdev;
958 struct iw_scan_req *wreq = NULL;
959 struct cfg80211_scan_request *creq = NULL;
960 int i, err, n_channels = 0;
961 enum ieee80211_band band;
963 if (!netif_running(dev))
966 if (wrqu->data.length == sizeof(struct iw_scan_req))
967 wreq = (struct iw_scan_req *)extra;
969 rdev = cfg80211_get_dev_from_ifindex(dev_net(dev), dev->ifindex);
972 return PTR_ERR(rdev);
974 if (rdev->scan_req) {
979 wiphy = &rdev->wiphy;
981 /* Determine number of channels, needed to allocate creq */
982 if (wreq && wreq->num_channels)
983 n_channels = wreq->num_channels;
985 for (band = 0; band < IEEE80211_NUM_BANDS; band++)
986 if (wiphy->bands[band])
987 n_channels += wiphy->bands[band]->n_channels;
990 creq = kzalloc(sizeof(*creq) + sizeof(struct cfg80211_ssid) +
991 n_channels * sizeof(void *),
999 creq->wdev = dev->ieee80211_ptr;
1000 /* SSIDs come after channels */
1001 creq->ssids = (void *)&creq->channels[n_channels];
1002 creq->n_channels = n_channels;
1004 creq->scan_start = jiffies;
1006 /* translate "Scan on frequencies" request */
1008 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
1011 if (!wiphy->bands[band])
1014 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
1015 /* ignore disabled channels */
1016 if (wiphy->bands[band]->channels[j].flags &
1017 IEEE80211_CHAN_DISABLED)
1020 /* If we have a wireless request structure and the
1021 * wireless request specifies frequencies, then search
1022 * for the matching hardware channel.
1024 if (wreq && wreq->num_channels) {
1026 int wiphy_freq = wiphy->bands[band]->channels[j].center_freq;
1027 for (k = 0; k < wreq->num_channels; k++) {
1028 int wext_freq = cfg80211_wext_freq(wiphy, &wreq->channel_list[k]);
1029 if (wext_freq == wiphy_freq)
1030 goto wext_freq_found;
1032 goto wext_freq_not_found;
1036 creq->channels[i] = &wiphy->bands[band]->channels[j];
1038 wext_freq_not_found: ;
1041 /* No channels found? */
1047 /* Set real number of channels specified in creq->channels[] */
1048 creq->n_channels = i;
1050 /* translate "Scan for SSID" request */
1052 if (wrqu->data.flags & IW_SCAN_THIS_ESSID) {
1053 if (wreq->essid_len > IEEE80211_MAX_SSID_LEN) {
1057 memcpy(creq->ssids[0].ssid, wreq->essid, wreq->essid_len);
1058 creq->ssids[0].ssid_len = wreq->essid_len;
1060 if (wreq->scan_type == IW_SCAN_TYPE_PASSIVE)
1064 for (i = 0; i < IEEE80211_NUM_BANDS; i++)
1065 if (wiphy->bands[i])
1066 creq->rates[i] = (1 << wiphy->bands[i]->n_bitrates) - 1;
1068 rdev->scan_req = creq;
1069 err = rdev_scan(rdev, creq);
1071 rdev->scan_req = NULL;
1072 /* creq will be freed below */
1074 nl80211_send_scan_start(rdev, dev->ieee80211_ptr);
1075 /* creq now owned by driver */
1081 cfg80211_unlock_rdev(rdev);
1084 EXPORT_SYMBOL_GPL(cfg80211_wext_siwscan);
1086 static void ieee80211_scan_add_ies(struct iw_request_info *info,
1087 struct cfg80211_bss *bss,
1088 char **current_ev, char *end_buf)
1090 u8 *pos, *end, *next;
1091 struct iw_event iwe;
1093 if (!bss->information_elements ||
1094 !bss->len_information_elements)
1098 * If needed, fragment the IEs buffer (at IE boundaries) into short
1099 * enough fragments to fit into IW_GENERIC_IE_MAX octet messages.
1101 pos = bss->information_elements;
1102 end = pos + bss->len_information_elements;
1104 while (end - pos > IW_GENERIC_IE_MAX) {
1105 next = pos + 2 + pos[1];
1106 while (next + 2 + next[1] - pos < IW_GENERIC_IE_MAX)
1107 next = next + 2 + next[1];
1109 memset(&iwe, 0, sizeof(iwe));
1110 iwe.cmd = IWEVGENIE;
1111 iwe.u.data.length = next - pos;
1112 *current_ev = iwe_stream_add_point(info, *current_ev,
1113 end_buf, &iwe, pos);
1119 memset(&iwe, 0, sizeof(iwe));
1120 iwe.cmd = IWEVGENIE;
1121 iwe.u.data.length = end - pos;
1122 *current_ev = iwe_stream_add_point(info, *current_ev,
1123 end_buf, &iwe, pos);
1127 static inline unsigned int elapsed_jiffies_msecs(unsigned long start)
1129 unsigned long end = jiffies;
1132 return jiffies_to_msecs(end - start);
1134 return jiffies_to_msecs(end + (MAX_JIFFY_OFFSET - start) + 1);
1138 ieee80211_bss(struct wiphy *wiphy, struct iw_request_info *info,
1139 struct cfg80211_internal_bss *bss, char *current_ev,
1142 struct iw_event iwe;
1144 u8 *ie = bss->pub.information_elements;
1145 int rem = bss->pub.len_information_elements, i, sig;
1146 bool ismesh = false;
1148 memset(&iwe, 0, sizeof(iwe));
1149 iwe.cmd = SIOCGIWAP;
1150 iwe.u.ap_addr.sa_family = ARPHRD_ETHER;
1151 memcpy(iwe.u.ap_addr.sa_data, bss->pub.bssid, ETH_ALEN);
1152 current_ev = iwe_stream_add_event(info, current_ev, end_buf, &iwe,
1155 memset(&iwe, 0, sizeof(iwe));
1156 iwe.cmd = SIOCGIWFREQ;
1157 iwe.u.freq.m = ieee80211_frequency_to_channel(bss->pub.channel->center_freq);
1159 current_ev = iwe_stream_add_event(info, current_ev, end_buf, &iwe,
1162 memset(&iwe, 0, sizeof(iwe));
1163 iwe.cmd = SIOCGIWFREQ;
1164 iwe.u.freq.m = bss->pub.channel->center_freq;
1166 current_ev = iwe_stream_add_event(info, current_ev, end_buf, &iwe,
1169 if (wiphy->signal_type != CFG80211_SIGNAL_TYPE_NONE) {
1170 memset(&iwe, 0, sizeof(iwe));
1172 iwe.u.qual.updated = IW_QUAL_LEVEL_UPDATED |
1173 IW_QUAL_NOISE_INVALID |
1174 IW_QUAL_QUAL_UPDATED;
1175 switch (wiphy->signal_type) {
1176 case CFG80211_SIGNAL_TYPE_MBM:
1177 sig = bss->pub.signal / 100;
1178 iwe.u.qual.level = sig;
1179 iwe.u.qual.updated |= IW_QUAL_DBM;
1180 if (sig < -110) /* rather bad */
1182 else if (sig > -40) /* perfect */
1184 /* will give a range of 0 .. 70 */
1185 iwe.u.qual.qual = sig + 110;
1187 case CFG80211_SIGNAL_TYPE_UNSPEC:
1188 iwe.u.qual.level = bss->pub.signal;
1189 /* will give range 0 .. 100 */
1190 iwe.u.qual.qual = bss->pub.signal;
1196 current_ev = iwe_stream_add_event(info, current_ev, end_buf,
1197 &iwe, IW_EV_QUAL_LEN);
1200 memset(&iwe, 0, sizeof(iwe));
1201 iwe.cmd = SIOCGIWENCODE;
1202 if (bss->pub.capability & WLAN_CAPABILITY_PRIVACY)
1203 iwe.u.data.flags = IW_ENCODE_ENABLED | IW_ENCODE_NOKEY;
1205 iwe.u.data.flags = IW_ENCODE_DISABLED;
1206 iwe.u.data.length = 0;
1207 current_ev = iwe_stream_add_point(info, current_ev, end_buf,
1212 if (ie[1] > rem - 2)
1217 memset(&iwe, 0, sizeof(iwe));
1218 iwe.cmd = SIOCGIWESSID;
1219 iwe.u.data.length = ie[1];
1220 iwe.u.data.flags = 1;
1221 current_ev = iwe_stream_add_point(info, current_ev, end_buf,
1224 case WLAN_EID_MESH_ID:
1225 memset(&iwe, 0, sizeof(iwe));
1226 iwe.cmd = SIOCGIWESSID;
1227 iwe.u.data.length = ie[1];
1228 iwe.u.data.flags = 1;
1229 current_ev = iwe_stream_add_point(info, current_ev, end_buf,
1232 case WLAN_EID_MESH_CONFIG:
1234 if (ie[1] != sizeof(struct ieee80211_meshconf_ie))
1236 buf = kmalloc(50, GFP_ATOMIC);
1240 memset(&iwe, 0, sizeof(iwe));
1241 iwe.cmd = IWEVCUSTOM;
1242 sprintf(buf, "Mesh Network Path Selection Protocol ID: "
1244 iwe.u.data.length = strlen(buf);
1245 current_ev = iwe_stream_add_point(info, current_ev,
1248 sprintf(buf, "Path Selection Metric ID: 0x%02X",
1250 iwe.u.data.length = strlen(buf);
1251 current_ev = iwe_stream_add_point(info, current_ev,
1254 sprintf(buf, "Congestion Control Mode ID: 0x%02X",
1256 iwe.u.data.length = strlen(buf);
1257 current_ev = iwe_stream_add_point(info, current_ev,
1260 sprintf(buf, "Synchronization ID: 0x%02X", cfg[3]);
1261 iwe.u.data.length = strlen(buf);
1262 current_ev = iwe_stream_add_point(info, current_ev,
1265 sprintf(buf, "Authentication ID: 0x%02X", cfg[4]);
1266 iwe.u.data.length = strlen(buf);
1267 current_ev = iwe_stream_add_point(info, current_ev,
1270 sprintf(buf, "Formation Info: 0x%02X", cfg[5]);
1271 iwe.u.data.length = strlen(buf);
1272 current_ev = iwe_stream_add_point(info, current_ev,
1275 sprintf(buf, "Capabilities: 0x%02X", cfg[6]);
1276 iwe.u.data.length = strlen(buf);
1277 current_ev = iwe_stream_add_point(info, current_ev,
1282 case WLAN_EID_SUPP_RATES:
1283 case WLAN_EID_EXT_SUPP_RATES:
1284 /* display all supported rates in readable format */
1285 p = current_ev + iwe_stream_lcp_len(info);
1287 memset(&iwe, 0, sizeof(iwe));
1288 iwe.cmd = SIOCGIWRATE;
1289 /* Those two flags are ignored... */
1290 iwe.u.bitrate.fixed = iwe.u.bitrate.disabled = 0;
1292 for (i = 0; i < ie[1]; i++) {
1293 iwe.u.bitrate.value =
1294 ((ie[i + 2] & 0x7f) * 500000);
1295 p = iwe_stream_add_value(info, current_ev, p,
1296 end_buf, &iwe, IW_EV_PARAM_LEN);
1305 if (bss->pub.capability & (WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_IBSS) ||
1307 memset(&iwe, 0, sizeof(iwe));
1308 iwe.cmd = SIOCGIWMODE;
1310 iwe.u.mode = IW_MODE_MESH;
1311 else if (bss->pub.capability & WLAN_CAPABILITY_ESS)
1312 iwe.u.mode = IW_MODE_MASTER;
1314 iwe.u.mode = IW_MODE_ADHOC;
1315 current_ev = iwe_stream_add_event(info, current_ev, end_buf,
1316 &iwe, IW_EV_UINT_LEN);
1319 buf = kmalloc(30, GFP_ATOMIC);
1321 memset(&iwe, 0, sizeof(iwe));
1322 iwe.cmd = IWEVCUSTOM;
1323 sprintf(buf, "tsf=%016llx", (unsigned long long)(bss->pub.tsf));
1324 iwe.u.data.length = strlen(buf);
1325 current_ev = iwe_stream_add_point(info, current_ev, end_buf,
1327 memset(&iwe, 0, sizeof(iwe));
1328 iwe.cmd = IWEVCUSTOM;
1329 sprintf(buf, " Last beacon: %ums ago",
1330 elapsed_jiffies_msecs(bss->ts));
1331 iwe.u.data.length = strlen(buf);
1332 current_ev = iwe_stream_add_point(info, current_ev,
1333 end_buf, &iwe, buf);
1337 ieee80211_scan_add_ies(info, &bss->pub, ¤t_ev, end_buf);
1343 static int ieee80211_scan_results(struct cfg80211_registered_device *dev,
1344 struct iw_request_info *info,
1345 char *buf, size_t len)
1347 char *current_ev = buf;
1348 char *end_buf = buf + len;
1349 struct cfg80211_internal_bss *bss;
1351 spin_lock_bh(&dev->bss_lock);
1352 cfg80211_bss_expire(dev);
1354 list_for_each_entry(bss, &dev->bss_list, list) {
1355 if (buf + len - current_ev <= IW_EV_ADDR_LEN) {
1356 spin_unlock_bh(&dev->bss_lock);
1359 current_ev = ieee80211_bss(&dev->wiphy, info, bss,
1360 current_ev, end_buf);
1362 spin_unlock_bh(&dev->bss_lock);
1363 return current_ev - buf;
1367 int cfg80211_wext_giwscan(struct net_device *dev,
1368 struct iw_request_info *info,
1369 struct iw_point *data, char *extra)
1371 struct cfg80211_registered_device *rdev;
1374 if (!netif_running(dev))
1377 rdev = cfg80211_get_dev_from_ifindex(dev_net(dev), dev->ifindex);
1380 return PTR_ERR(rdev);
1382 if (rdev->scan_req) {
1387 res = ieee80211_scan_results(rdev, info, extra, data->length);
1395 cfg80211_unlock_rdev(rdev);
1398 EXPORT_SYMBOL_GPL(cfg80211_wext_giwscan);
git.samba.org / sfrench / cifs-2.6.git / blob