2 * cfg80211 scan result handling
4 * Copyright 2008 Johannes Berg <johannes@sipsolutions.net>
6 #include <linux/kernel.h>
7 #include <linux/slab.h>
8 #include <linux/module.h>
9 #include <linux/netdevice.h>
10 #include <linux/wireless.h>
11 #include <linux/nl80211.h>
12 #include <linux/etherdevice.h>
14 #include <net/cfg80211.h>
15 #include <net/cfg80211-wext.h>
16 #include <net/iw_handler.h>
19 #include "wext-compat.h"
23 * DOC: BSS tree/list structure
25 * At the top level, the BSS list is kept in both a list in each
26 * registered device (@bss_list) as well as an RB-tree for faster
27 * lookup. In the RB-tree, entries can be looked up using their
28 * channel, MESHID, MESHCONF (for MBSSes) or channel, BSSID, SSID
31 * Due to the possibility of hidden SSIDs, there's a second level
32 * structure, the "hidden_list" and "hidden_beacon_bss" pointer.
33 * The hidden_list connects all BSSes belonging to a single AP
34 * that has a hidden SSID, and connects beacon and probe response
35 * entries. For a probe response entry for a hidden SSID, the
36 * hidden_beacon_bss pointer points to the BSS struct holding the
37 * beacon's information.
39 * Reference counting is done for all these references except for
40 * the hidden_list, so that a beacon BSS struct that is otherwise
41 * not referenced has one reference for being on the bss_list and
42 * one for each probe response entry that points to it using the
43 * hidden_beacon_bss pointer. When a BSS struct that has such a
44 * pointer is get/put, the refcount update is also propagated to
45 * the referenced struct, this ensure that it cannot get removed
46 * while somebody is using the probe response version.
48 * Note that the hidden_beacon_bss pointer never changes, due to
49 * the reference counting. Therefore, no locking is needed for
52 * Also note that the hidden_beacon_bss pointer is only relevant
53 * if the driver uses something other than the IEs, e.g. private
54 * data stored stored in the BSS struct, since the beacon IEs are
55 * also linked into the probe response struct.
58 #define IEEE80211_SCAN_RESULT_EXPIRE (30 * HZ)
60 static void bss_free(struct cfg80211_internal_bss *bss)
62 struct cfg80211_bss_ies *ies;
64 if (WARN_ON(atomic_read(&bss->hold)))
67 ies = (void *)rcu_access_pointer(bss->pub.beacon_ies);
68 if (ies && !bss->pub.hidden_beacon_bss)
69 kfree_rcu(ies, rcu_head);
70 ies = (void *)rcu_access_pointer(bss->pub.proberesp_ies);
72 kfree_rcu(ies, rcu_head);
75 * This happens when the module is removed, it doesn't
76 * really matter any more save for completeness
78 if (!list_empty(&bss->hidden_list))
79 list_del(&bss->hidden_list);
84 static inline void bss_ref_get(struct cfg80211_registered_device *dev,
85 struct cfg80211_internal_bss *bss)
87 lockdep_assert_held(&dev->bss_lock);
90 if (bss->pub.hidden_beacon_bss) {
91 bss = container_of(bss->pub.hidden_beacon_bss,
92 struct cfg80211_internal_bss,
98 static inline void bss_ref_put(struct cfg80211_registered_device *dev,
99 struct cfg80211_internal_bss *bss)
101 lockdep_assert_held(&dev->bss_lock);
103 if (bss->pub.hidden_beacon_bss) {
104 struct cfg80211_internal_bss *hbss;
105 hbss = container_of(bss->pub.hidden_beacon_bss,
106 struct cfg80211_internal_bss,
109 if (hbss->refcount == 0)
113 if (bss->refcount == 0)
117 static bool __cfg80211_unlink_bss(struct cfg80211_registered_device *dev,
118 struct cfg80211_internal_bss *bss)
120 lockdep_assert_held(&dev->bss_lock);
122 if (!list_empty(&bss->hidden_list)) {
124 * don't remove the beacon entry if it has
125 * probe responses associated with it
127 if (!bss->pub.hidden_beacon_bss)
130 * if it's a probe response entry break its
131 * link to the other entries in the group
133 list_del_init(&bss->hidden_list);
136 list_del_init(&bss->list);
137 rb_erase(&bss->rbn, &dev->bss_tree);
138 bss_ref_put(dev, bss);
142 static void __cfg80211_bss_expire(struct cfg80211_registered_device *dev,
143 unsigned long expire_time)
145 struct cfg80211_internal_bss *bss, *tmp;
146 bool expired = false;
148 lockdep_assert_held(&dev->bss_lock);
150 list_for_each_entry_safe(bss, tmp, &dev->bss_list, list) {
151 if (atomic_read(&bss->hold))
153 if (!time_after(expire_time, bss->ts))
156 if (__cfg80211_unlink_bss(dev, bss))
161 dev->bss_generation++;
164 void ___cfg80211_scan_done(struct cfg80211_registered_device *rdev)
166 struct cfg80211_scan_request *request;
167 struct wireless_dev *wdev;
168 #ifdef CONFIG_CFG80211_WEXT
169 union iwreq_data wrqu;
174 request = rdev->scan_req;
179 wdev = request->wdev;
182 * This must be before sending the other events!
183 * Otherwise, wpa_supplicant gets completely confused with
187 cfg80211_sme_scan_done(wdev->netdev);
189 if (request->aborted) {
190 nl80211_send_scan_aborted(rdev, wdev);
192 if (request->flags & NL80211_SCAN_FLAG_FLUSH) {
193 /* flush entries from previous scans */
194 spin_lock_bh(&rdev->bss_lock);
195 __cfg80211_bss_expire(rdev, request->scan_start);
196 spin_unlock_bh(&rdev->bss_lock);
198 nl80211_send_scan_done(rdev, wdev);
201 #ifdef CONFIG_CFG80211_WEXT
202 if (wdev->netdev && !request->aborted) {
203 memset(&wrqu, 0, sizeof(wrqu));
205 wireless_send_event(wdev->netdev, SIOCGIWSCAN, &wrqu, NULL);
210 dev_put(wdev->netdev);
212 rdev->scan_req = NULL;
216 void __cfg80211_scan_done(struct work_struct *wk)
218 struct cfg80211_registered_device *rdev;
220 rdev = container_of(wk, struct cfg80211_registered_device,
224 ___cfg80211_scan_done(rdev);
228 void cfg80211_scan_done(struct cfg80211_scan_request *request, bool aborted)
230 trace_cfg80211_scan_done(request, aborted);
231 WARN_ON(request != wiphy_to_dev(request->wiphy)->scan_req);
233 request->aborted = aborted;
234 request->notified = true;
235 queue_work(cfg80211_wq, &wiphy_to_dev(request->wiphy)->scan_done_wk);
237 EXPORT_SYMBOL(cfg80211_scan_done);
239 void __cfg80211_sched_scan_results(struct work_struct *wk)
241 struct cfg80211_registered_device *rdev;
242 struct cfg80211_sched_scan_request *request;
244 rdev = container_of(wk, struct cfg80211_registered_device,
245 sched_scan_results_wk);
249 request = rdev->sched_scan_req;
251 /* we don't have sched_scan_req anymore if the scan is stopping */
253 if (request->flags & NL80211_SCAN_FLAG_FLUSH) {
254 /* flush entries from previous scans */
255 spin_lock_bh(&rdev->bss_lock);
256 __cfg80211_bss_expire(rdev, request->scan_start);
257 spin_unlock_bh(&rdev->bss_lock);
258 request->scan_start =
259 jiffies + msecs_to_jiffies(request->interval);
261 nl80211_send_sched_scan_results(rdev, request->dev);
267 void cfg80211_sched_scan_results(struct wiphy *wiphy)
269 trace_cfg80211_sched_scan_results(wiphy);
270 /* ignore if we're not scanning */
271 if (wiphy_to_dev(wiphy)->sched_scan_req)
272 queue_work(cfg80211_wq,
273 &wiphy_to_dev(wiphy)->sched_scan_results_wk);
275 EXPORT_SYMBOL(cfg80211_sched_scan_results);
277 void cfg80211_sched_scan_stopped(struct wiphy *wiphy)
279 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
281 trace_cfg80211_sched_scan_stopped(wiphy);
284 __cfg80211_stop_sched_scan(rdev, true);
287 EXPORT_SYMBOL(cfg80211_sched_scan_stopped);
289 int __cfg80211_stop_sched_scan(struct cfg80211_registered_device *rdev,
290 bool driver_initiated)
292 struct net_device *dev;
296 if (!rdev->sched_scan_req)
299 dev = rdev->sched_scan_req->dev;
301 if (!driver_initiated) {
302 int err = rdev_sched_scan_stop(rdev, dev);
307 nl80211_send_sched_scan(rdev, dev, NL80211_CMD_SCHED_SCAN_STOPPED);
309 kfree(rdev->sched_scan_req);
310 rdev->sched_scan_req = NULL;
315 void cfg80211_bss_age(struct cfg80211_registered_device *dev,
316 unsigned long age_secs)
318 struct cfg80211_internal_bss *bss;
319 unsigned long age_jiffies = msecs_to_jiffies(age_secs * MSEC_PER_SEC);
321 spin_lock_bh(&dev->bss_lock);
322 list_for_each_entry(bss, &dev->bss_list, list)
323 bss->ts -= age_jiffies;
324 spin_unlock_bh(&dev->bss_lock);
327 void cfg80211_bss_expire(struct cfg80211_registered_device *dev)
329 __cfg80211_bss_expire(dev, jiffies - IEEE80211_SCAN_RESULT_EXPIRE);
332 const u8 *cfg80211_find_ie(u8 eid, const u8 *ies, int len)
334 while (len > 2 && ies[0] != eid) {
340 if (len < 2 + ies[1])
344 EXPORT_SYMBOL(cfg80211_find_ie);
346 const u8 *cfg80211_find_vendor_ie(unsigned int oui, u8 oui_type,
347 const u8 *ies, int len)
349 struct ieee80211_vendor_ie *ie;
350 const u8 *pos = ies, *end = ies + len;
354 pos = cfg80211_find_ie(WLAN_EID_VENDOR_SPECIFIC, pos,
359 ie = (struct ieee80211_vendor_ie *)pos;
361 /* make sure we can access ie->len */
362 BUILD_BUG_ON(offsetof(struct ieee80211_vendor_ie, len) != 1);
364 if (ie->len < sizeof(*ie))
367 ie_oui = ie->oui[0] << 16 | ie->oui[1] << 8 | ie->oui[2];
368 if (ie_oui == oui && ie->oui_type == oui_type)
375 EXPORT_SYMBOL(cfg80211_find_vendor_ie);
377 static bool is_bss(struct cfg80211_bss *a, const u8 *bssid,
378 const u8 *ssid, size_t ssid_len)
380 const struct cfg80211_bss_ies *ies;
383 if (bssid && !ether_addr_equal(a->bssid, bssid))
389 ies = rcu_access_pointer(a->ies);
392 ssidie = cfg80211_find_ie(WLAN_EID_SSID, ies->data, ies->len);
395 if (ssidie[1] != ssid_len)
397 return memcmp(ssidie + 2, ssid, ssid_len) == 0;
401 * enum bss_compare_mode - BSS compare mode
402 * @BSS_CMP_REGULAR: regular compare mode (for insertion and normal find)
403 * @BSS_CMP_HIDE_ZLEN: find hidden SSID with zero-length mode
404 * @BSS_CMP_HIDE_NUL: find hidden SSID with NUL-ed out mode
406 enum bss_compare_mode {
412 static int cmp_bss(struct cfg80211_bss *a,
413 struct cfg80211_bss *b,
414 enum bss_compare_mode mode)
416 const struct cfg80211_bss_ies *a_ies, *b_ies;
417 const u8 *ie1 = NULL;
418 const u8 *ie2 = NULL;
421 if (a->channel != b->channel)
422 return b->channel->center_freq - a->channel->center_freq;
424 a_ies = rcu_access_pointer(a->ies);
427 b_ies = rcu_access_pointer(b->ies);
431 if (WLAN_CAPABILITY_IS_STA_BSS(a->capability))
432 ie1 = cfg80211_find_ie(WLAN_EID_MESH_ID,
433 a_ies->data, a_ies->len);
434 if (WLAN_CAPABILITY_IS_STA_BSS(b->capability))
435 ie2 = cfg80211_find_ie(WLAN_EID_MESH_ID,
436 b_ies->data, b_ies->len);
440 if (ie1[1] == ie2[1])
441 mesh_id_cmp = memcmp(ie1 + 2, ie2 + 2, ie1[1]);
443 mesh_id_cmp = ie2[1] - ie1[1];
445 ie1 = cfg80211_find_ie(WLAN_EID_MESH_CONFIG,
446 a_ies->data, a_ies->len);
447 ie2 = cfg80211_find_ie(WLAN_EID_MESH_CONFIG,
448 b_ies->data, b_ies->len);
452 if (ie1[1] != ie2[1])
453 return ie2[1] - ie1[1];
454 return memcmp(ie1 + 2, ie2 + 2, ie1[1]);
458 r = memcmp(a->bssid, b->bssid, sizeof(a->bssid));
462 ie1 = cfg80211_find_ie(WLAN_EID_SSID, a_ies->data, a_ies->len);
463 ie2 = cfg80211_find_ie(WLAN_EID_SSID, b_ies->data, b_ies->len);
469 * Note that with "hide_ssid", the function returns a match if
470 * the already-present BSS ("b") is a hidden SSID beacon for
474 /* sort missing IE before (left of) present IE */
481 case BSS_CMP_HIDE_ZLEN:
483 * In ZLEN mode we assume the BSS entry we're
484 * looking for has a zero-length SSID. So if
485 * the one we're looking at right now has that,
486 * return 0. Otherwise, return the difference
487 * in length, but since we're looking for the
488 * 0-length it's really equivalent to returning
489 * the length of the one we're looking at.
491 * No content comparison is needed as we assume
492 * the content length is zero.
495 case BSS_CMP_REGULAR:
497 /* sort by length first, then by contents */
498 if (ie1[1] != ie2[1])
499 return ie2[1] - ie1[1];
500 return memcmp(ie1 + 2, ie2 + 2, ie1[1]);
501 case BSS_CMP_HIDE_NUL:
502 if (ie1[1] != ie2[1])
503 return ie2[1] - ie1[1];
504 /* this is equivalent to memcmp(zeroes, ie2 + 2, len) */
505 for (i = 0; i < ie2[1]; i++)
512 /* Returned bss is reference counted and must be cleaned up appropriately. */
513 struct cfg80211_bss *cfg80211_get_bss(struct wiphy *wiphy,
514 struct ieee80211_channel *channel,
516 const u8 *ssid, size_t ssid_len,
517 u16 capa_mask, u16 capa_val)
519 struct cfg80211_registered_device *dev = wiphy_to_dev(wiphy);
520 struct cfg80211_internal_bss *bss, *res = NULL;
521 unsigned long now = jiffies;
523 trace_cfg80211_get_bss(wiphy, channel, bssid, ssid, ssid_len, capa_mask,
526 spin_lock_bh(&dev->bss_lock);
528 list_for_each_entry(bss, &dev->bss_list, list) {
529 if ((bss->pub.capability & capa_mask) != capa_val)
531 if (channel && bss->pub.channel != channel)
533 /* Don't get expired BSS structs */
534 if (time_after(now, bss->ts + IEEE80211_SCAN_RESULT_EXPIRE) &&
535 !atomic_read(&bss->hold))
537 if (is_bss(&bss->pub, bssid, ssid, ssid_len)) {
539 bss_ref_get(dev, res);
544 spin_unlock_bh(&dev->bss_lock);
547 trace_cfg80211_return_bss(&res->pub);
550 EXPORT_SYMBOL(cfg80211_get_bss);
552 static void rb_insert_bss(struct cfg80211_registered_device *dev,
553 struct cfg80211_internal_bss *bss)
555 struct rb_node **p = &dev->bss_tree.rb_node;
556 struct rb_node *parent = NULL;
557 struct cfg80211_internal_bss *tbss;
562 tbss = rb_entry(parent, struct cfg80211_internal_bss, rbn);
564 cmp = cmp_bss(&bss->pub, &tbss->pub, BSS_CMP_REGULAR);
567 /* will sort of leak this BSS */
577 rb_link_node(&bss->rbn, parent, p);
578 rb_insert_color(&bss->rbn, &dev->bss_tree);
581 static struct cfg80211_internal_bss *
582 rb_find_bss(struct cfg80211_registered_device *dev,
583 struct cfg80211_internal_bss *res,
584 enum bss_compare_mode mode)
586 struct rb_node *n = dev->bss_tree.rb_node;
587 struct cfg80211_internal_bss *bss;
591 bss = rb_entry(n, struct cfg80211_internal_bss, rbn);
592 r = cmp_bss(&res->pub, &bss->pub, mode);
605 static bool cfg80211_combine_bsses(struct cfg80211_registered_device *dev,
606 struct cfg80211_internal_bss *new)
608 const struct cfg80211_bss_ies *ies;
609 struct cfg80211_internal_bss *bss;
614 ies = rcu_access_pointer(new->pub.beacon_ies);
618 ie = cfg80211_find_ie(WLAN_EID_SSID, ies->data, ies->len);
625 for (i = 0; i < ssidlen; i++)
629 /* not a hidden SSID */
633 /* This is the bad part ... */
635 list_for_each_entry(bss, &dev->bss_list, list) {
636 if (!ether_addr_equal(bss->pub.bssid, new->pub.bssid))
638 if (bss->pub.channel != new->pub.channel)
640 if (bss->pub.scan_width != new->pub.scan_width)
642 if (rcu_access_pointer(bss->pub.beacon_ies))
644 ies = rcu_access_pointer(bss->pub.ies);
647 ie = cfg80211_find_ie(WLAN_EID_SSID, ies->data, ies->len);
650 if (ssidlen && ie[1] != ssidlen)
652 /* that would be odd ... */
653 if (bss->pub.beacon_ies)
655 if (WARN_ON_ONCE(bss->pub.hidden_beacon_bss))
657 if (WARN_ON_ONCE(!list_empty(&bss->hidden_list)))
658 list_del(&bss->hidden_list);
660 list_add(&bss->hidden_list, &new->hidden_list);
661 bss->pub.hidden_beacon_bss = &new->pub;
662 new->refcount += bss->refcount;
663 rcu_assign_pointer(bss->pub.beacon_ies,
664 new->pub.beacon_ies);
670 /* Returned bss is reference counted and must be cleaned up appropriately. */
671 static struct cfg80211_internal_bss *
672 cfg80211_bss_update(struct cfg80211_registered_device *dev,
673 struct cfg80211_internal_bss *tmp)
675 struct cfg80211_internal_bss *found = NULL;
677 if (WARN_ON(!tmp->pub.channel))
682 spin_lock_bh(&dev->bss_lock);
684 if (WARN_ON(!rcu_access_pointer(tmp->pub.ies))) {
685 spin_unlock_bh(&dev->bss_lock);
689 found = rb_find_bss(dev, tmp, BSS_CMP_REGULAR);
693 if (rcu_access_pointer(tmp->pub.proberesp_ies)) {
694 const struct cfg80211_bss_ies *old;
696 old = rcu_access_pointer(found->pub.proberesp_ies);
698 rcu_assign_pointer(found->pub.proberesp_ies,
699 tmp->pub.proberesp_ies);
700 /* Override possible earlier Beacon frame IEs */
701 rcu_assign_pointer(found->pub.ies,
702 tmp->pub.proberesp_ies);
704 kfree_rcu((struct cfg80211_bss_ies *)old,
706 } else if (rcu_access_pointer(tmp->pub.beacon_ies)) {
707 const struct cfg80211_bss_ies *old;
708 struct cfg80211_internal_bss *bss;
710 if (found->pub.hidden_beacon_bss &&
711 !list_empty(&found->hidden_list)) {
712 const struct cfg80211_bss_ies *f;
715 * The found BSS struct is one of the probe
716 * response members of a group, but we're
717 * receiving a beacon (beacon_ies in the tmp
718 * bss is used). This can only mean that the
719 * AP changed its beacon from not having an
720 * SSID to showing it, which is confusing so
721 * drop this information.
724 f = rcu_access_pointer(tmp->pub.beacon_ies);
725 kfree_rcu((struct cfg80211_bss_ies *)f,
730 old = rcu_access_pointer(found->pub.beacon_ies);
732 rcu_assign_pointer(found->pub.beacon_ies,
733 tmp->pub.beacon_ies);
735 /* Override IEs if they were from a beacon before */
736 if (old == rcu_access_pointer(found->pub.ies))
737 rcu_assign_pointer(found->pub.ies,
738 tmp->pub.beacon_ies);
740 /* Assign beacon IEs to all sub entries */
741 list_for_each_entry(bss, &found->hidden_list,
743 const struct cfg80211_bss_ies *ies;
745 ies = rcu_access_pointer(bss->pub.beacon_ies);
748 rcu_assign_pointer(bss->pub.beacon_ies,
749 tmp->pub.beacon_ies);
753 kfree_rcu((struct cfg80211_bss_ies *)old,
757 found->pub.beacon_interval = tmp->pub.beacon_interval;
758 found->pub.signal = tmp->pub.signal;
759 found->pub.capability = tmp->pub.capability;
762 struct cfg80211_internal_bss *new;
763 struct cfg80211_internal_bss *hidden;
764 struct cfg80211_bss_ies *ies;
767 * create a copy -- the "res" variable that is passed in
768 * is allocated on the stack since it's not needed in the
769 * more common case of an update
771 new = kzalloc(sizeof(*new) + dev->wiphy.bss_priv_size,
774 ies = (void *)rcu_dereference(tmp->pub.beacon_ies);
776 kfree_rcu(ies, rcu_head);
777 ies = (void *)rcu_dereference(tmp->pub.proberesp_ies);
779 kfree_rcu(ies, rcu_head);
782 memcpy(new, tmp, sizeof(*new));
784 INIT_LIST_HEAD(&new->hidden_list);
786 if (rcu_access_pointer(tmp->pub.proberesp_ies)) {
787 hidden = rb_find_bss(dev, tmp, BSS_CMP_HIDE_ZLEN);
789 hidden = rb_find_bss(dev, tmp,
792 new->pub.hidden_beacon_bss = &hidden->pub;
793 list_add(&new->hidden_list,
794 &hidden->hidden_list);
796 rcu_assign_pointer(new->pub.beacon_ies,
797 hidden->pub.beacon_ies);
801 * Ok so we found a beacon, and don't have an entry. If
802 * it's a beacon with hidden SSID, we might be in for an
803 * expensive search for any probe responses that should
804 * be grouped with this beacon for updates ...
806 if (!cfg80211_combine_bsses(dev, new)) {
812 list_add_tail(&new->list, &dev->bss_list);
813 rb_insert_bss(dev, new);
817 dev->bss_generation++;
818 bss_ref_get(dev, found);
819 spin_unlock_bh(&dev->bss_lock);
823 spin_unlock_bh(&dev->bss_lock);
827 static struct ieee80211_channel *
828 cfg80211_get_bss_channel(struct wiphy *wiphy, const u8 *ie, size_t ielen,
829 struct ieee80211_channel *channel)
833 int channel_number = -1;
835 tmp = cfg80211_find_ie(WLAN_EID_DS_PARAMS, ie, ielen);
836 if (tmp && tmp[1] == 1) {
837 channel_number = tmp[2];
839 tmp = cfg80211_find_ie(WLAN_EID_HT_OPERATION, ie, ielen);
840 if (tmp && tmp[1] >= sizeof(struct ieee80211_ht_operation)) {
841 struct ieee80211_ht_operation *htop = (void *)(tmp + 2);
843 channel_number = htop->primary_chan;
847 if (channel_number < 0)
850 freq = ieee80211_channel_to_frequency(channel_number, channel->band);
851 channel = ieee80211_get_channel(wiphy, freq);
854 if (channel->flags & IEEE80211_CHAN_DISABLED)
859 /* Returned bss is reference counted and must be cleaned up appropriately. */
861 cfg80211_inform_bss_width(struct wiphy *wiphy,
862 struct ieee80211_channel *channel,
863 enum nl80211_bss_scan_width scan_width,
864 const u8 *bssid, u64 tsf, u16 capability,
865 u16 beacon_interval, const u8 *ie, size_t ielen,
866 s32 signal, gfp_t gfp)
868 struct cfg80211_bss_ies *ies;
869 struct cfg80211_internal_bss tmp = {}, *res;
874 if (WARN_ON(wiphy->signal_type == CFG80211_SIGNAL_TYPE_UNSPEC &&
875 (signal < 0 || signal > 100)))
878 channel = cfg80211_get_bss_channel(wiphy, ie, ielen, channel);
882 memcpy(tmp.pub.bssid, bssid, ETH_ALEN);
883 tmp.pub.channel = channel;
884 tmp.pub.scan_width = scan_width;
885 tmp.pub.signal = signal;
886 tmp.pub.beacon_interval = beacon_interval;
887 tmp.pub.capability = capability;
889 * Since we do not know here whether the IEs are from a Beacon or Probe
890 * Response frame, we need to pick one of the options and only use it
891 * with the driver that does not provide the full Beacon/Probe Response
892 * frame. Use Beacon frame pointer to avoid indicating that this should
893 * override the IEs pointer should we have received an earlier
894 * indication of Probe Response data.
896 ies = kmalloc(sizeof(*ies) + ielen, gfp);
901 memcpy(ies->data, ie, ielen);
903 rcu_assign_pointer(tmp.pub.beacon_ies, ies);
904 rcu_assign_pointer(tmp.pub.ies, ies);
906 res = cfg80211_bss_update(wiphy_to_dev(wiphy), &tmp);
910 if (res->pub.capability & WLAN_CAPABILITY_ESS)
911 regulatory_hint_found_beacon(wiphy, channel, gfp);
913 trace_cfg80211_return_bss(&res->pub);
914 /* cfg80211_bss_update gives us a referenced result */
917 EXPORT_SYMBOL(cfg80211_inform_bss_width);
919 /* Returned bss is reference counted and must be cleaned up appropriately. */
920 struct cfg80211_bss *
921 cfg80211_inform_bss_width_frame(struct wiphy *wiphy,
922 struct ieee80211_channel *channel,
923 enum nl80211_bss_scan_width scan_width,
924 struct ieee80211_mgmt *mgmt, size_t len,
925 s32 signal, gfp_t gfp)
927 struct cfg80211_internal_bss tmp = {}, *res;
928 struct cfg80211_bss_ies *ies;
929 size_t ielen = len - offsetof(struct ieee80211_mgmt,
930 u.probe_resp.variable);
932 BUILD_BUG_ON(offsetof(struct ieee80211_mgmt, u.probe_resp.variable) !=
933 offsetof(struct ieee80211_mgmt, u.beacon.variable));
935 trace_cfg80211_inform_bss_width_frame(wiphy, channel, scan_width, mgmt,
944 if (WARN_ON(wiphy->signal_type == CFG80211_SIGNAL_TYPE_UNSPEC &&
945 (signal < 0 || signal > 100)))
948 if (WARN_ON(len < offsetof(struct ieee80211_mgmt, u.probe_resp.variable)))
951 channel = cfg80211_get_bss_channel(wiphy, mgmt->u.beacon.variable,
956 ies = kmalloc(sizeof(*ies) + ielen, gfp);
960 ies->tsf = le64_to_cpu(mgmt->u.probe_resp.timestamp);
961 memcpy(ies->data, mgmt->u.probe_resp.variable, ielen);
963 if (ieee80211_is_probe_resp(mgmt->frame_control))
964 rcu_assign_pointer(tmp.pub.proberesp_ies, ies);
966 rcu_assign_pointer(tmp.pub.beacon_ies, ies);
967 rcu_assign_pointer(tmp.pub.ies, ies);
969 memcpy(tmp.pub.bssid, mgmt->bssid, ETH_ALEN);
970 tmp.pub.channel = channel;
971 tmp.pub.scan_width = scan_width;
972 tmp.pub.signal = signal;
973 tmp.pub.beacon_interval = le16_to_cpu(mgmt->u.probe_resp.beacon_int);
974 tmp.pub.capability = le16_to_cpu(mgmt->u.probe_resp.capab_info);
976 res = cfg80211_bss_update(wiphy_to_dev(wiphy), &tmp);
980 if (res->pub.capability & WLAN_CAPABILITY_ESS)
981 regulatory_hint_found_beacon(wiphy, channel, gfp);
983 trace_cfg80211_return_bss(&res->pub);
984 /* cfg80211_bss_update gives us a referenced result */
987 EXPORT_SYMBOL(cfg80211_inform_bss_width_frame);
989 void cfg80211_ref_bss(struct wiphy *wiphy, struct cfg80211_bss *pub)
991 struct cfg80211_registered_device *dev = wiphy_to_dev(wiphy);
992 struct cfg80211_internal_bss *bss;
997 bss = container_of(pub, struct cfg80211_internal_bss, pub);
999 spin_lock_bh(&dev->bss_lock);
1000 bss_ref_get(dev, bss);
1001 spin_unlock_bh(&dev->bss_lock);
1003 EXPORT_SYMBOL(cfg80211_ref_bss);
1005 void cfg80211_put_bss(struct wiphy *wiphy, struct cfg80211_bss *pub)
1007 struct cfg80211_registered_device *dev = wiphy_to_dev(wiphy);
1008 struct cfg80211_internal_bss *bss;
1013 bss = container_of(pub, struct cfg80211_internal_bss, pub);
1015 spin_lock_bh(&dev->bss_lock);
1016 bss_ref_put(dev, bss);
1017 spin_unlock_bh(&dev->bss_lock);
1019 EXPORT_SYMBOL(cfg80211_put_bss);
1021 void cfg80211_unlink_bss(struct wiphy *wiphy, struct cfg80211_bss *pub)
1023 struct cfg80211_registered_device *dev = wiphy_to_dev(wiphy);
1024 struct cfg80211_internal_bss *bss;
1029 bss = container_of(pub, struct cfg80211_internal_bss, pub);
1031 spin_lock_bh(&dev->bss_lock);
1032 if (!list_empty(&bss->list)) {
1033 if (__cfg80211_unlink_bss(dev, bss))
1034 dev->bss_generation++;
1036 spin_unlock_bh(&dev->bss_lock);
1038 EXPORT_SYMBOL(cfg80211_unlink_bss);
1040 #ifdef CONFIG_CFG80211_WEXT
1041 static struct cfg80211_registered_device *
1042 cfg80211_get_dev_from_ifindex(struct net *net, int ifindex)
1044 struct cfg80211_registered_device *rdev;
1045 struct net_device *dev;
1049 dev = dev_get_by_index(net, ifindex);
1051 return ERR_PTR(-ENODEV);
1052 if (dev->ieee80211_ptr)
1053 rdev = wiphy_to_dev(dev->ieee80211_ptr->wiphy);
1055 rdev = ERR_PTR(-ENODEV);
1060 int cfg80211_wext_siwscan(struct net_device *dev,
1061 struct iw_request_info *info,
1062 union iwreq_data *wrqu, char *extra)
1064 struct cfg80211_registered_device *rdev;
1065 struct wiphy *wiphy;
1066 struct iw_scan_req *wreq = NULL;
1067 struct cfg80211_scan_request *creq = NULL;
1068 int i, err, n_channels = 0;
1069 enum ieee80211_band band;
1071 if (!netif_running(dev))
1074 if (wrqu->data.length == sizeof(struct iw_scan_req))
1075 wreq = (struct iw_scan_req *)extra;
1077 rdev = cfg80211_get_dev_from_ifindex(dev_net(dev), dev->ifindex);
1080 return PTR_ERR(rdev);
1082 if (rdev->scan_req) {
1087 wiphy = &rdev->wiphy;
1089 /* Determine number of channels, needed to allocate creq */
1090 if (wreq && wreq->num_channels)
1091 n_channels = wreq->num_channels;
1093 n_channels = ieee80211_get_num_supported_channels(wiphy);
1095 creq = kzalloc(sizeof(*creq) + sizeof(struct cfg80211_ssid) +
1096 n_channels * sizeof(void *),
1103 creq->wiphy = wiphy;
1104 creq->wdev = dev->ieee80211_ptr;
1105 /* SSIDs come after channels */
1106 creq->ssids = (void *)&creq->channels[n_channels];
1107 creq->n_channels = n_channels;
1109 creq->scan_start = jiffies;
1111 /* translate "Scan on frequencies" request */
1113 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
1116 if (!wiphy->bands[band])
1119 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
1120 /* ignore disabled channels */
1121 if (wiphy->bands[band]->channels[j].flags &
1122 IEEE80211_CHAN_DISABLED)
1125 /* If we have a wireless request structure and the
1126 * wireless request specifies frequencies, then search
1127 * for the matching hardware channel.
1129 if (wreq && wreq->num_channels) {
1131 int wiphy_freq = wiphy->bands[band]->channels[j].center_freq;
1132 for (k = 0; k < wreq->num_channels; k++) {
1133 int wext_freq = cfg80211_wext_freq(wiphy, &wreq->channel_list[k]);
1134 if (wext_freq == wiphy_freq)
1135 goto wext_freq_found;
1137 goto wext_freq_not_found;
1141 creq->channels[i] = &wiphy->bands[band]->channels[j];
1143 wext_freq_not_found: ;
1146 /* No channels found? */
1152 /* Set real number of channels specified in creq->channels[] */
1153 creq->n_channels = i;
1155 /* translate "Scan for SSID" request */
1157 if (wrqu->data.flags & IW_SCAN_THIS_ESSID) {
1158 if (wreq->essid_len > IEEE80211_MAX_SSID_LEN) {
1162 memcpy(creq->ssids[0].ssid, wreq->essid, wreq->essid_len);
1163 creq->ssids[0].ssid_len = wreq->essid_len;
1165 if (wreq->scan_type == IW_SCAN_TYPE_PASSIVE)
1169 for (i = 0; i < IEEE80211_NUM_BANDS; i++)
1170 if (wiphy->bands[i])
1171 creq->rates[i] = (1 << wiphy->bands[i]->n_bitrates) - 1;
1173 rdev->scan_req = creq;
1174 err = rdev_scan(rdev, creq);
1176 rdev->scan_req = NULL;
1177 /* creq will be freed below */
1179 nl80211_send_scan_start(rdev, dev->ieee80211_ptr);
1180 /* creq now owned by driver */
1188 EXPORT_SYMBOL_GPL(cfg80211_wext_siwscan);
1190 static void ieee80211_scan_add_ies(struct iw_request_info *info,
1191 const struct cfg80211_bss_ies *ies,
1192 char **current_ev, char *end_buf)
1194 const u8 *pos, *end, *next;
1195 struct iw_event iwe;
1201 * If needed, fragment the IEs buffer (at IE boundaries) into short
1202 * enough fragments to fit into IW_GENERIC_IE_MAX octet messages.
1205 end = pos + ies->len;
1207 while (end - pos > IW_GENERIC_IE_MAX) {
1208 next = pos + 2 + pos[1];
1209 while (next + 2 + next[1] - pos < IW_GENERIC_IE_MAX)
1210 next = next + 2 + next[1];
1212 memset(&iwe, 0, sizeof(iwe));
1213 iwe.cmd = IWEVGENIE;
1214 iwe.u.data.length = next - pos;
1215 *current_ev = iwe_stream_add_point(info, *current_ev,
1223 memset(&iwe, 0, sizeof(iwe));
1224 iwe.cmd = IWEVGENIE;
1225 iwe.u.data.length = end - pos;
1226 *current_ev = iwe_stream_add_point(info, *current_ev,
1233 ieee80211_bss(struct wiphy *wiphy, struct iw_request_info *info,
1234 struct cfg80211_internal_bss *bss, char *current_ev,
1237 const struct cfg80211_bss_ies *ies;
1238 struct iw_event iwe;
1242 bool ismesh = false;
1244 memset(&iwe, 0, sizeof(iwe));
1245 iwe.cmd = SIOCGIWAP;
1246 iwe.u.ap_addr.sa_family = ARPHRD_ETHER;
1247 memcpy(iwe.u.ap_addr.sa_data, bss->pub.bssid, ETH_ALEN);
1248 current_ev = iwe_stream_add_event(info, current_ev, end_buf, &iwe,
1251 memset(&iwe, 0, sizeof(iwe));
1252 iwe.cmd = SIOCGIWFREQ;
1253 iwe.u.freq.m = ieee80211_frequency_to_channel(bss->pub.channel->center_freq);
1255 current_ev = iwe_stream_add_event(info, current_ev, end_buf, &iwe,
1258 memset(&iwe, 0, sizeof(iwe));
1259 iwe.cmd = SIOCGIWFREQ;
1260 iwe.u.freq.m = bss->pub.channel->center_freq;
1262 current_ev = iwe_stream_add_event(info, current_ev, end_buf, &iwe,
1265 if (wiphy->signal_type != CFG80211_SIGNAL_TYPE_NONE) {
1266 memset(&iwe, 0, sizeof(iwe));
1268 iwe.u.qual.updated = IW_QUAL_LEVEL_UPDATED |
1269 IW_QUAL_NOISE_INVALID |
1270 IW_QUAL_QUAL_UPDATED;
1271 switch (wiphy->signal_type) {
1272 case CFG80211_SIGNAL_TYPE_MBM:
1273 sig = bss->pub.signal / 100;
1274 iwe.u.qual.level = sig;
1275 iwe.u.qual.updated |= IW_QUAL_DBM;
1276 if (sig < -110) /* rather bad */
1278 else if (sig > -40) /* perfect */
1280 /* will give a range of 0 .. 70 */
1281 iwe.u.qual.qual = sig + 110;
1283 case CFG80211_SIGNAL_TYPE_UNSPEC:
1284 iwe.u.qual.level = bss->pub.signal;
1285 /* will give range 0 .. 100 */
1286 iwe.u.qual.qual = bss->pub.signal;
1292 current_ev = iwe_stream_add_event(info, current_ev, end_buf,
1293 &iwe, IW_EV_QUAL_LEN);
1296 memset(&iwe, 0, sizeof(iwe));
1297 iwe.cmd = SIOCGIWENCODE;
1298 if (bss->pub.capability & WLAN_CAPABILITY_PRIVACY)
1299 iwe.u.data.flags = IW_ENCODE_ENABLED | IW_ENCODE_NOKEY;
1301 iwe.u.data.flags = IW_ENCODE_DISABLED;
1302 iwe.u.data.length = 0;
1303 current_ev = iwe_stream_add_point(info, current_ev, end_buf,
1307 ies = rcu_dereference(bss->pub.ies);
1313 if (ie[1] > rem - 2)
1318 memset(&iwe, 0, sizeof(iwe));
1319 iwe.cmd = SIOCGIWESSID;
1320 iwe.u.data.length = ie[1];
1321 iwe.u.data.flags = 1;
1322 current_ev = iwe_stream_add_point(info, current_ev, end_buf,
1323 &iwe, (u8 *)ie + 2);
1325 case WLAN_EID_MESH_ID:
1326 memset(&iwe, 0, sizeof(iwe));
1327 iwe.cmd = SIOCGIWESSID;
1328 iwe.u.data.length = ie[1];
1329 iwe.u.data.flags = 1;
1330 current_ev = iwe_stream_add_point(info, current_ev, end_buf,
1331 &iwe, (u8 *)ie + 2);
1333 case WLAN_EID_MESH_CONFIG:
1335 if (ie[1] != sizeof(struct ieee80211_meshconf_ie))
1337 buf = kmalloc(50, GFP_ATOMIC);
1341 memset(&iwe, 0, sizeof(iwe));
1342 iwe.cmd = IWEVCUSTOM;
1343 sprintf(buf, "Mesh Network Path Selection Protocol ID: "
1345 iwe.u.data.length = strlen(buf);
1346 current_ev = iwe_stream_add_point(info, current_ev,
1349 sprintf(buf, "Path Selection Metric ID: 0x%02X",
1351 iwe.u.data.length = strlen(buf);
1352 current_ev = iwe_stream_add_point(info, current_ev,
1355 sprintf(buf, "Congestion Control Mode ID: 0x%02X",
1357 iwe.u.data.length = strlen(buf);
1358 current_ev = iwe_stream_add_point(info, current_ev,
1361 sprintf(buf, "Synchronization ID: 0x%02X", cfg[3]);
1362 iwe.u.data.length = strlen(buf);
1363 current_ev = iwe_stream_add_point(info, current_ev,
1366 sprintf(buf, "Authentication ID: 0x%02X", cfg[4]);
1367 iwe.u.data.length = strlen(buf);
1368 current_ev = iwe_stream_add_point(info, current_ev,
1371 sprintf(buf, "Formation Info: 0x%02X", cfg[5]);
1372 iwe.u.data.length = strlen(buf);
1373 current_ev = iwe_stream_add_point(info, current_ev,
1376 sprintf(buf, "Capabilities: 0x%02X", cfg[6]);
1377 iwe.u.data.length = strlen(buf);
1378 current_ev = iwe_stream_add_point(info, current_ev,
1383 case WLAN_EID_SUPP_RATES:
1384 case WLAN_EID_EXT_SUPP_RATES:
1385 /* display all supported rates in readable format */
1386 p = current_ev + iwe_stream_lcp_len(info);
1388 memset(&iwe, 0, sizeof(iwe));
1389 iwe.cmd = SIOCGIWRATE;
1390 /* Those two flags are ignored... */
1391 iwe.u.bitrate.fixed = iwe.u.bitrate.disabled = 0;
1393 for (i = 0; i < ie[1]; i++) {
1394 iwe.u.bitrate.value =
1395 ((ie[i + 2] & 0x7f) * 500000);
1396 p = iwe_stream_add_value(info, current_ev, p,
1397 end_buf, &iwe, IW_EV_PARAM_LEN);
1406 if (bss->pub.capability & (WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_IBSS) ||
1408 memset(&iwe, 0, sizeof(iwe));
1409 iwe.cmd = SIOCGIWMODE;
1411 iwe.u.mode = IW_MODE_MESH;
1412 else if (bss->pub.capability & WLAN_CAPABILITY_ESS)
1413 iwe.u.mode = IW_MODE_MASTER;
1415 iwe.u.mode = IW_MODE_ADHOC;
1416 current_ev = iwe_stream_add_event(info, current_ev, end_buf,
1417 &iwe, IW_EV_UINT_LEN);
1420 buf = kmalloc(31, GFP_ATOMIC);
1422 memset(&iwe, 0, sizeof(iwe));
1423 iwe.cmd = IWEVCUSTOM;
1424 sprintf(buf, "tsf=%016llx", (unsigned long long)(ies->tsf));
1425 iwe.u.data.length = strlen(buf);
1426 current_ev = iwe_stream_add_point(info, current_ev, end_buf,
1428 memset(&iwe, 0, sizeof(iwe));
1429 iwe.cmd = IWEVCUSTOM;
1430 sprintf(buf, " Last beacon: %ums ago",
1431 elapsed_jiffies_msecs(bss->ts));
1432 iwe.u.data.length = strlen(buf);
1433 current_ev = iwe_stream_add_point(info, current_ev,
1434 end_buf, &iwe, buf);
1438 ieee80211_scan_add_ies(info, ies, ¤t_ev, end_buf);
1445 static int ieee80211_scan_results(struct cfg80211_registered_device *dev,
1446 struct iw_request_info *info,
1447 char *buf, size_t len)
1449 char *current_ev = buf;
1450 char *end_buf = buf + len;
1451 struct cfg80211_internal_bss *bss;
1453 spin_lock_bh(&dev->bss_lock);
1454 cfg80211_bss_expire(dev);
1456 list_for_each_entry(bss, &dev->bss_list, list) {
1457 if (buf + len - current_ev <= IW_EV_ADDR_LEN) {
1458 spin_unlock_bh(&dev->bss_lock);
1461 current_ev = ieee80211_bss(&dev->wiphy, info, bss,
1462 current_ev, end_buf);
1464 spin_unlock_bh(&dev->bss_lock);
1465 return current_ev - buf;
1469 int cfg80211_wext_giwscan(struct net_device *dev,
1470 struct iw_request_info *info,
1471 struct iw_point *data, char *extra)
1473 struct cfg80211_registered_device *rdev;
1476 if (!netif_running(dev))
1479 rdev = cfg80211_get_dev_from_ifindex(dev_net(dev), dev->ifindex);
1482 return PTR_ERR(rdev);
1487 res = ieee80211_scan_results(rdev, info, extra, data->length);
1496 EXPORT_SYMBOL_GPL(cfg80211_wext_giwscan);
projects / ~andy / linux / blob