1/* 2 * cfg80211 scan result handling 3 * 4 * Copyright 2008 Johannes Berg <johannes@sipsolutions.net> 5 * Copyright 2013-2014 Intel Mobile Communications GmbH 6 */ 7#include <linux/kernel.h> 8#include <linux/slab.h> 9#include <linux/module.h> 10#include <linux/netdevice.h> 11#include <linux/wireless.h> 12#include <linux/nl80211.h> 13#include <linux/etherdevice.h> 14#include <net/arp.h> 15#include <net/cfg80211.h> 16#include <net/cfg80211-wext.h> 17#include <net/iw_handler.h> 18#include "core.h" 19#include "nl80211.h" 20#include "wext-compat.h" 21#include "rdev-ops.h" 22 23/** 24 * DOC: BSS tree/list structure 25 * 26 * At the top level, the BSS list is kept in both a list in each 27 * registered device (@bss_list) as well as an RB-tree for faster 28 * lookup. In the RB-tree, entries can be looked up using their 29 * channel, MESHID, MESHCONF (for MBSSes) or channel, BSSID, SSID 30 * for other BSSes. 31 * 32 * Due to the possibility of hidden SSIDs, there's a second level 33 * structure, the "hidden_list" and "hidden_beacon_bss" pointer. 34 * The hidden_list connects all BSSes belonging to a single AP 35 * that has a hidden SSID, and connects beacon and probe response 36 * entries. For a probe response entry for a hidden SSID, the 37 * hidden_beacon_bss pointer points to the BSS struct holding the 38 * beacon's information. 39 * 40 * Reference counting is done for all these references except for 41 * the hidden_list, so that a beacon BSS struct that is otherwise 42 * not referenced has one reference for being on the bss_list and 43 * one for each probe response entry that points to it using the 44 * hidden_beacon_bss pointer. When a BSS struct that has such a 45 * pointer is get/put, the refcount update is also propagated to 46 * the referenced struct, this ensure that it cannot get removed 47 * while somebody is using the probe response version. 48 * 49 * Note that the hidden_beacon_bss pointer never changes, due to 50 * the reference counting. Therefore, no locking is needed for 51 * it. 52 * 53 * Also note that the hidden_beacon_bss pointer is only relevant 54 * if the driver uses something other than the IEs, e.g. private 55 * data stored stored in the BSS struct, since the beacon IEs are 56 * also linked into the probe response struct. 57 */ 58 59#define IEEE80211_SCAN_RESULT_EXPIRE (7 * HZ) 60 61static void bss_free(struct cfg80211_internal_bss *bss) 62{ 63 struct cfg80211_bss_ies *ies; 64 65 if (WARN_ON(atomic_read(&bss->hold))) 66 return; 67 68 ies = (void *)rcu_access_pointer(bss->pub.beacon_ies); 69 if (ies && !bss->pub.hidden_beacon_bss) 70 kfree_rcu(ies, rcu_head); 71 ies = (void *)rcu_access_pointer(bss->pub.proberesp_ies); 72 if (ies) 73 kfree_rcu(ies, rcu_head); 74 75 /* 76 * This happens when the module is removed, it doesn't 77 * really matter any more save for completeness 78 */ 79 if (!list_empty(&bss->hidden_list)) 80 list_del(&bss->hidden_list); 81 82 kfree(bss); 83} 84 85static inline void bss_ref_get(struct cfg80211_registered_device *rdev, 86 struct cfg80211_internal_bss *bss) 87{ 88 lockdep_assert_held(&rdev->bss_lock); 89 90 bss->refcount++; 91 if (bss->pub.hidden_beacon_bss) { 92 bss = container_of(bss->pub.hidden_beacon_bss, 93 struct cfg80211_internal_bss, 94 pub); 95 bss->refcount++; 96 } 97} 98 99static inline void bss_ref_put(struct cfg80211_registered_device *rdev, 100 struct cfg80211_internal_bss *bss) 101{ 102 lockdep_assert_held(&rdev->bss_lock); 103 104 if (bss->pub.hidden_beacon_bss) { 105 struct cfg80211_internal_bss *hbss; 106 hbss = container_of(bss->pub.hidden_beacon_bss, 107 struct cfg80211_internal_bss, 108 pub); 109 hbss->refcount--; 110 if (hbss->refcount == 0) 111 bss_free(hbss); 112 } 113 bss->refcount--; 114 if (bss->refcount == 0) 115 bss_free(bss); 116} 117 118static bool __cfg80211_unlink_bss(struct cfg80211_registered_device *rdev, 119 struct cfg80211_internal_bss *bss) 120{ 121 lockdep_assert_held(&rdev->bss_lock); 122 123 if (!list_empty(&bss->hidden_list)) { 124 /* 125 * don't remove the beacon entry if it has 126 * probe responses associated with it 127 */ 128 if (!bss->pub.hidden_beacon_bss) 129 return false; 130 /* 131 * if it's a probe response entry break its 132 * link to the other entries in the group 133 */ 134 list_del_init(&bss->hidden_list); 135 } 136 137 list_del_init(&bss->list); 138 rb_erase(&bss->rbn, &rdev->bss_tree); 139 bss_ref_put(rdev, bss); 140 return true; 141} 142 143static void __cfg80211_bss_expire(struct cfg80211_registered_device *rdev, 144 unsigned long expire_time) 145{ 146 struct cfg80211_internal_bss *bss, *tmp; 147 bool expired = false; 148 149 lockdep_assert_held(&rdev->bss_lock); 150 151 list_for_each_entry_safe(bss, tmp, &rdev->bss_list, list) { 152 if (atomic_read(&bss->hold)) 153 continue; 154 if (!time_after(expire_time, bss->ts)) 155 continue; 156 157 if (__cfg80211_unlink_bss(rdev, bss)) 158 expired = true; 159 } 160 161 if (expired) 162 rdev->bss_generation++; 163} 164 165void ___cfg80211_scan_done(struct cfg80211_registered_device *rdev, 166 bool send_message) 167{ 168 struct cfg80211_scan_request *request; 169 struct wireless_dev *wdev; 170 struct sk_buff *msg; 171#ifdef CONFIG_CFG80211_WEXT 172 union iwreq_data wrqu; 173#endif 174 175 ASSERT_RTNL(); 176 177 if (rdev->scan_msg) { 178 nl80211_send_scan_result(rdev, rdev->scan_msg); 179 rdev->scan_msg = NULL; 180 return; 181 } 182 183 request = rdev->scan_req; 184 if (!request) 185 return; 186 187 wdev = request->wdev; 188 189 /* 190 * This must be before sending the other events! 191 * Otherwise, wpa_supplicant gets completely confused with 192 * wext events. 193 */ 194 if (wdev->netdev) 195 cfg80211_sme_scan_done(wdev->netdev); 196 197 if (!request->aborted && 198 request->flags & NL80211_SCAN_FLAG_FLUSH) { 199 /* flush entries from previous scans */ 200 spin_lock_bh(&rdev->bss_lock); 201 __cfg80211_bss_expire(rdev, request->scan_start); 202 spin_unlock_bh(&rdev->bss_lock); 203 } 204 205 msg = nl80211_build_scan_msg(rdev, wdev, request->aborted); 206 207#ifdef CONFIG_CFG80211_WEXT 208 if (wdev->netdev && !request->aborted) { 209 memset(&wrqu, 0, sizeof(wrqu)); 210 211 wireless_send_event(wdev->netdev, SIOCGIWSCAN, &wrqu, NULL); 212 } 213#endif 214 215 if (wdev->netdev) 216 dev_put(wdev->netdev); 217 218 rdev->scan_req = NULL; 219 kfree(request); 220 221 if (!send_message) 222 rdev->scan_msg = msg; 223 else 224 nl80211_send_scan_result(rdev, msg); 225} 226 227void __cfg80211_scan_done(struct work_struct *wk) 228{ 229 struct cfg80211_registered_device *rdev; 230 231 rdev = container_of(wk, struct cfg80211_registered_device, 232 scan_done_wk); 233 234 rtnl_lock(); 235 ___cfg80211_scan_done(rdev, true); 236 rtnl_unlock(); 237} 238 239void cfg80211_scan_done(struct cfg80211_scan_request *request, bool aborted) 240{ 241 trace_cfg80211_scan_done(request, aborted); 242 WARN_ON(request != wiphy_to_rdev(request->wiphy)->scan_req); 243 244 request->aborted = aborted; 245 request->notified = true; 246 queue_work(cfg80211_wq, &wiphy_to_rdev(request->wiphy)->scan_done_wk); 247} 248EXPORT_SYMBOL(cfg80211_scan_done); 249 250void __cfg80211_sched_scan_results(struct work_struct *wk) 251{ 252 struct cfg80211_registered_device *rdev; 253 struct cfg80211_sched_scan_request *request; 254 255 rdev = container_of(wk, struct cfg80211_registered_device, 256 sched_scan_results_wk); 257 258 rtnl_lock(); 259 260 request = rdev->sched_scan_req; 261 262 /* we don't have sched_scan_req anymore if the scan is stopping */ 263 if (request) { 264 if (request->flags & NL80211_SCAN_FLAG_FLUSH) { 265 /* flush entries from previous scans */ 266 spin_lock_bh(&rdev->bss_lock); 267 __cfg80211_bss_expire(rdev, request->scan_start); 268 spin_unlock_bh(&rdev->bss_lock); 269 request->scan_start = 270 jiffies + msecs_to_jiffies(request->interval); 271 } 272 nl80211_send_sched_scan_results(rdev, request->dev); 273 } 274 275 rtnl_unlock(); 276} 277 278void cfg80211_sched_scan_results(struct wiphy *wiphy) 279{ 280 trace_cfg80211_sched_scan_results(wiphy); 281 /* ignore if we're not scanning */ 282 if (wiphy_to_rdev(wiphy)->sched_scan_req) 283 queue_work(cfg80211_wq, 284 &wiphy_to_rdev(wiphy)->sched_scan_results_wk); 285} 286EXPORT_SYMBOL(cfg80211_sched_scan_results); 287 288void cfg80211_sched_scan_stopped_rtnl(struct wiphy *wiphy) 289{ 290 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 291 292 ASSERT_RTNL(); 293 294 trace_cfg80211_sched_scan_stopped(wiphy); 295 296 __cfg80211_stop_sched_scan(rdev, true); 297} 298EXPORT_SYMBOL(cfg80211_sched_scan_stopped_rtnl); 299 300void cfg80211_sched_scan_stopped(struct wiphy *wiphy) 301{ 302 rtnl_lock(); 303 cfg80211_sched_scan_stopped_rtnl(wiphy); 304 rtnl_unlock(); 305} 306EXPORT_SYMBOL(cfg80211_sched_scan_stopped); 307 308int __cfg80211_stop_sched_scan(struct cfg80211_registered_device *rdev, 309 bool driver_initiated) 310{ 311 struct net_device *dev; 312 313 ASSERT_RTNL(); 314 315 if (!rdev->sched_scan_req) 316 return -ENOENT; 317 318 dev = rdev->sched_scan_req->dev; 319 320 if (!driver_initiated) { 321 int err = rdev_sched_scan_stop(rdev, dev); 322 if (err) 323 return err; 324 } 325 326 nl80211_send_sched_scan(rdev, dev, NL80211_CMD_SCHED_SCAN_STOPPED); 327 328 kfree(rdev->sched_scan_req); 329 rdev->sched_scan_req = NULL; 330 331 return 0; 332} 333 334void cfg80211_bss_age(struct cfg80211_registered_device *rdev, 335 unsigned long age_secs) 336{ 337 struct cfg80211_internal_bss *bss; 338 unsigned long age_jiffies = msecs_to_jiffies(age_secs * MSEC_PER_SEC); 339 340 spin_lock_bh(&rdev->bss_lock); 341 list_for_each_entry(bss, &rdev->bss_list, list) 342 bss->ts -= age_jiffies; 343 spin_unlock_bh(&rdev->bss_lock); 344} 345 346void cfg80211_bss_expire(struct cfg80211_registered_device *rdev) 347{ 348 __cfg80211_bss_expire(rdev, jiffies - IEEE80211_SCAN_RESULT_EXPIRE); 349} 350 351const u8 *cfg80211_find_ie(u8 eid, const u8 *ies, int len) 352{ 353 while (len > 2 && ies[0] != eid) { 354 len -= ies[1] + 2; 355 ies += ies[1] + 2; 356 } 357 if (len < 2) 358 return NULL; 359 if (len < 2 + ies[1]) 360 return NULL; 361 return ies; 362} 363EXPORT_SYMBOL(cfg80211_find_ie); 364 365const u8 *cfg80211_find_vendor_ie(unsigned int oui, u8 oui_type, 366 const u8 *ies, int len) 367{ 368 struct ieee80211_vendor_ie *ie; 369 const u8 *pos = ies, *end = ies + len; 370 int ie_oui; 371 372 while (pos < end) { 373 pos = cfg80211_find_ie(WLAN_EID_VENDOR_SPECIFIC, pos, 374 end - pos); 375 if (!pos) 376 return NULL; 377 378 ie = (struct ieee80211_vendor_ie *)pos; 379 380 /* make sure we can access ie->len */ 381 BUILD_BUG_ON(offsetof(struct ieee80211_vendor_ie, len) != 1); 382 383 if (ie->len < sizeof(*ie)) 384 goto cont; 385 386 ie_oui = ie->oui[0] << 16 | ie->oui[1] << 8 | ie->oui[2]; 387 if (ie_oui == oui && ie->oui_type == oui_type) 388 return pos; 389cont: 390 pos += 2 + ie->len; 391 } 392 return NULL; 393} 394EXPORT_SYMBOL(cfg80211_find_vendor_ie); 395 396static bool is_bss(struct cfg80211_bss *a, const u8 *bssid, 397 const u8 *ssid, size_t ssid_len) 398{ 399 const struct cfg80211_bss_ies *ies; 400 const u8 *ssidie; 401 402 if (bssid && !ether_addr_equal(a->bssid, bssid)) 403 return false; 404 405 if (!ssid) 406 return true; 407 408 ies = rcu_access_pointer(a->ies); 409 if (!ies) 410 return false; 411 ssidie = cfg80211_find_ie(WLAN_EID_SSID, ies->data, ies->len); 412 if (!ssidie) 413 return false; 414 if (ssidie[1] != ssid_len) 415 return false; 416 return memcmp(ssidie + 2, ssid, ssid_len) == 0; 417} 418 419/** 420 * enum bss_compare_mode - BSS compare mode 421 * @BSS_CMP_REGULAR: regular compare mode (for insertion and normal find) 422 * @BSS_CMP_HIDE_ZLEN: find hidden SSID with zero-length mode 423 * @BSS_CMP_HIDE_NUL: find hidden SSID with NUL-ed out mode 424 */ 425enum bss_compare_mode { 426 BSS_CMP_REGULAR, 427 BSS_CMP_HIDE_ZLEN, 428 BSS_CMP_HIDE_NUL, 429}; 430 431static int cmp_bss(struct cfg80211_bss *a, 432 struct cfg80211_bss *b, 433 enum bss_compare_mode mode) 434{ 435 const struct cfg80211_bss_ies *a_ies, *b_ies; 436 const u8 *ie1 = NULL; 437 const u8 *ie2 = NULL; 438 int i, r; 439 440 if (a->channel != b->channel) 441 return b->channel->center_freq - a->channel->center_freq; 442 443 a_ies = rcu_access_pointer(a->ies); 444 if (!a_ies) 445 return -1; 446 b_ies = rcu_access_pointer(b->ies); 447 if (!b_ies) 448 return 1; 449 450 if (WLAN_CAPABILITY_IS_STA_BSS(a->capability)) 451 ie1 = cfg80211_find_ie(WLAN_EID_MESH_ID, 452 a_ies->data, a_ies->len); 453 if (WLAN_CAPABILITY_IS_STA_BSS(b->capability)) 454 ie2 = cfg80211_find_ie(WLAN_EID_MESH_ID, 455 b_ies->data, b_ies->len); 456 if (ie1 && ie2) { 457 int mesh_id_cmp; 458 459 if (ie1[1] == ie2[1]) 460 mesh_id_cmp = memcmp(ie1 + 2, ie2 + 2, ie1[1]); 461 else 462 mesh_id_cmp = ie2[1] - ie1[1]; 463 464 ie1 = cfg80211_find_ie(WLAN_EID_MESH_CONFIG, 465 a_ies->data, a_ies->len); 466 ie2 = cfg80211_find_ie(WLAN_EID_MESH_CONFIG, 467 b_ies->data, b_ies->len); 468 if (ie1 && ie2) { 469 if (mesh_id_cmp) 470 return mesh_id_cmp; 471 if (ie1[1] != ie2[1]) 472 return ie2[1] - ie1[1]; 473 return memcmp(ie1 + 2, ie2 + 2, ie1[1]); 474 } 475 } 476 477 r = memcmp(a->bssid, b->bssid, sizeof(a->bssid)); 478 if (r) 479 return r; 480 481 ie1 = cfg80211_find_ie(WLAN_EID_SSID, a_ies->data, a_ies->len); 482 ie2 = cfg80211_find_ie(WLAN_EID_SSID, b_ies->data, b_ies->len); 483 484 if (!ie1 && !ie2) 485 return 0; 486 487 /* 488 * Note that with "hide_ssid", the function returns a match if 489 * the already-present BSS ("b") is a hidden SSID beacon for 490 * the new BSS ("a"). 491 */ 492 493 /* sort missing IE before (left of) present IE */ 494 if (!ie1) 495 return -1; 496 if (!ie2) 497 return 1; 498 499 switch (mode) { 500 case BSS_CMP_HIDE_ZLEN: 501 /* 502 * In ZLEN mode we assume the BSS entry we're 503 * looking for has a zero-length SSID. So if 504 * the one we're looking at right now has that, 505 * return 0. Otherwise, return the difference 506 * in length, but since we're looking for the 507 * 0-length it's really equivalent to returning 508 * the length of the one we're looking at. 509 * 510 * No content comparison is needed as we assume 511 * the content length is zero. 512 */ 513 return ie2[1]; 514 case BSS_CMP_REGULAR: 515 default: 516 /* sort by length first, then by contents */ 517 if (ie1[1] != ie2[1]) 518 return ie2[1] - ie1[1]; 519 return memcmp(ie1 + 2, ie2 + 2, ie1[1]); 520 case BSS_CMP_HIDE_NUL: 521 if (ie1[1] != ie2[1]) 522 return ie2[1] - ie1[1]; 523 /* this is equivalent to memcmp(zeroes, ie2 + 2, len) */ 524 for (i = 0; i < ie2[1]; i++) 525 if (ie2[i + 2]) 526 return -1; 527 return 0; 528 } 529} 530 531/* Returned bss is reference counted and must be cleaned up appropriately. */ 532struct cfg80211_bss *cfg80211_get_bss(struct wiphy *wiphy, 533 struct ieee80211_channel *channel, 534 const u8 *bssid, 535 const u8 *ssid, size_t ssid_len, 536 u16 capa_mask, u16 capa_val) 537{ 538 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 539 struct cfg80211_internal_bss *bss, *res = NULL; 540 unsigned long now = jiffies; 541 542 trace_cfg80211_get_bss(wiphy, channel, bssid, ssid, ssid_len, capa_mask, 543 capa_val); 544 545 spin_lock_bh(&rdev->bss_lock); 546 547 list_for_each_entry(bss, &rdev->bss_list, list) { 548 if ((bss->pub.capability & capa_mask) != capa_val) 549 continue; 550 if (channel && bss->pub.channel != channel) 551 continue; 552 if (!is_valid_ether_addr(bss->pub.bssid)) 553 continue; 554 /* Don't get expired BSS structs */ 555 if (time_after(now, bss->ts + IEEE80211_SCAN_RESULT_EXPIRE) && 556 !atomic_read(&bss->hold)) 557 continue; 558 if (is_bss(&bss->pub, bssid, ssid, ssid_len)) { 559 res = bss; 560 bss_ref_get(rdev, res); 561 break; 562 } 563 } 564 565 spin_unlock_bh(&rdev->bss_lock); 566 if (!res) 567 return NULL; 568 trace_cfg80211_return_bss(&res->pub); 569 return &res->pub; 570} 571EXPORT_SYMBOL(cfg80211_get_bss); 572 573static void rb_insert_bss(struct cfg80211_registered_device *rdev, 574 struct cfg80211_internal_bss *bss) 575{ 576 struct rb_node **p = &rdev->bss_tree.rb_node; 577 struct rb_node *parent = NULL; 578 struct cfg80211_internal_bss *tbss; 579 int cmp; 580 581 while (*p) { 582 parent = *p; 583 tbss = rb_entry(parent, struct cfg80211_internal_bss, rbn); 584 585 cmp = cmp_bss(&bss->pub, &tbss->pub, BSS_CMP_REGULAR); 586 587 if (WARN_ON(!cmp)) { 588 /* will sort of leak this BSS */ 589 return; 590 } 591 592 if (cmp < 0) 593 p = &(*p)->rb_left; 594 else 595 p = &(*p)->rb_right; 596 } 597 598 rb_link_node(&bss->rbn, parent, p); 599 rb_insert_color(&bss->rbn, &rdev->bss_tree); 600} 601 602static struct cfg80211_internal_bss * 603rb_find_bss(struct cfg80211_registered_device *rdev, 604 struct cfg80211_internal_bss *res, 605 enum bss_compare_mode mode) 606{ 607 struct rb_node *n = rdev->bss_tree.rb_node; 608 struct cfg80211_internal_bss *bss; 609 int r; 610 611 while (n) { 612 bss = rb_entry(n, struct cfg80211_internal_bss, rbn); 613 r = cmp_bss(&res->pub, &bss->pub, mode); 614 615 if (r == 0) 616 return bss; 617 else if (r < 0) 618 n = n->rb_left; 619 else 620 n = n->rb_right; 621 } 622 623 return NULL; 624} 625 626static bool cfg80211_combine_bsses(struct cfg80211_registered_device *rdev, 627 struct cfg80211_internal_bss *new) 628{ 629 const struct cfg80211_bss_ies *ies; 630 struct cfg80211_internal_bss *bss; 631 const u8 *ie; 632 int i, ssidlen; 633 u8 fold = 0; 634 635 ies = rcu_access_pointer(new->pub.beacon_ies); 636 if (WARN_ON(!ies)) 637 return false; 638 639 ie = cfg80211_find_ie(WLAN_EID_SSID, ies->data, ies->len); 640 if (!ie) { 641 /* nothing to do */ 642 return true; 643 } 644 645 ssidlen = ie[1]; 646 for (i = 0; i < ssidlen; i++) 647 fold |= ie[2 + i]; 648 649 if (fold) { 650 /* not a hidden SSID */ 651 return true; 652 } 653 654 /* This is the bad part ... */ 655 656 list_for_each_entry(bss, &rdev->bss_list, list) { 657 if (!ether_addr_equal(bss->pub.bssid, new->pub.bssid)) 658 continue; 659 if (bss->pub.channel != new->pub.channel) 660 continue; 661 if (bss->pub.scan_width != new->pub.scan_width) 662 continue; 663 if (rcu_access_pointer(bss->pub.beacon_ies)) 664 continue; 665 ies = rcu_access_pointer(bss->pub.ies); 666 if (!ies) 667 continue; 668 ie = cfg80211_find_ie(WLAN_EID_SSID, ies->data, ies->len); 669 if (!ie) 670 continue; 671 if (ssidlen && ie[1] != ssidlen) 672 continue; 673 if (WARN_ON_ONCE(bss->pub.hidden_beacon_bss)) 674 continue; 675 if (WARN_ON_ONCE(!list_empty(&bss->hidden_list))) 676 list_del(&bss->hidden_list); 677 /* combine them */ 678 list_add(&bss->hidden_list, &new->hidden_list); 679 bss->pub.hidden_beacon_bss = &new->pub; 680 new->refcount += bss->refcount; 681 rcu_assign_pointer(bss->pub.beacon_ies, 682 new->pub.beacon_ies); 683 } 684 685 return true; 686} 687 688/* Returned bss is reference counted and must be cleaned up appropriately. */ 689static struct cfg80211_internal_bss * 690cfg80211_bss_update(struct cfg80211_registered_device *rdev, 691 struct cfg80211_internal_bss *tmp, 692 bool signal_valid) 693{ 694 struct cfg80211_internal_bss *found = NULL; 695 696 if (WARN_ON(!tmp->pub.channel)) 697 return NULL; 698 699 tmp->ts = jiffies; 700 701 spin_lock_bh(&rdev->bss_lock); 702 703 if (WARN_ON(!rcu_access_pointer(tmp->pub.ies))) { 704 spin_unlock_bh(&rdev->bss_lock); 705 return NULL; 706 } 707 708 found = rb_find_bss(rdev, tmp, BSS_CMP_REGULAR); 709 710 if (found) { 711 /* Update IEs */ 712 if (rcu_access_pointer(tmp->pub.proberesp_ies)) { 713 const struct cfg80211_bss_ies *old; 714 715 old = rcu_access_pointer(found->pub.proberesp_ies); 716 717 rcu_assign_pointer(found->pub.proberesp_ies, 718 tmp->pub.proberesp_ies); 719 /* Override possible earlier Beacon frame IEs */ 720 rcu_assign_pointer(found->pub.ies, 721 tmp->pub.proberesp_ies); 722 if (old) 723 kfree_rcu((struct cfg80211_bss_ies *)old, 724 rcu_head); 725 } else if (rcu_access_pointer(tmp->pub.beacon_ies)) { 726 const struct cfg80211_bss_ies *old; 727 struct cfg80211_internal_bss *bss; 728 729 if (found->pub.hidden_beacon_bss && 730 !list_empty(&found->hidden_list)) { 731 const struct cfg80211_bss_ies *f; 732 733 /* 734 * The found BSS struct is one of the probe 735 * response members of a group, but we're 736 * receiving a beacon (beacon_ies in the tmp 737 * bss is used). This can only mean that the 738 * AP changed its beacon from not having an 739 * SSID to showing it, which is confusing so 740 * drop this information. 741 */ 742 743 f = rcu_access_pointer(tmp->pub.beacon_ies); 744 kfree_rcu((struct cfg80211_bss_ies *)f, 745 rcu_head); 746 goto drop; 747 } 748 749 old = rcu_access_pointer(found->pub.beacon_ies); 750 751 rcu_assign_pointer(found->pub.beacon_ies, 752 tmp->pub.beacon_ies); 753 754 /* Override IEs if they were from a beacon before */ 755 if (old == rcu_access_pointer(found->pub.ies)) 756 rcu_assign_pointer(found->pub.ies, 757 tmp->pub.beacon_ies); 758 759 /* Assign beacon IEs to all sub entries */ 760 list_for_each_entry(bss, &found->hidden_list, 761 hidden_list) { 762 const struct cfg80211_bss_ies *ies; 763 764 ies = rcu_access_pointer(bss->pub.beacon_ies); 765 WARN_ON(ies != old); 766 767 rcu_assign_pointer(bss->pub.beacon_ies, 768 tmp->pub.beacon_ies); 769 } 770 771 if (old) 772 kfree_rcu((struct cfg80211_bss_ies *)old, 773 rcu_head); 774 } 775 776 found->pub.beacon_interval = tmp->pub.beacon_interval; 777 /* 778 * don't update the signal if beacon was heard on 779 * adjacent channel. 780 */ 781 if (signal_valid) 782 found->pub.signal = tmp->pub.signal; 783 found->pub.capability = tmp->pub.capability; 784 found->ts = tmp->ts; 785 } else { 786 struct cfg80211_internal_bss *new; 787 struct cfg80211_internal_bss *hidden; 788 struct cfg80211_bss_ies *ies; 789 790 /* 791 * create a copy -- the "res" variable that is passed in 792 * is allocated on the stack since it's not needed in the 793 * more common case of an update 794 */ 795 new = kzalloc(sizeof(*new) + rdev->wiphy.bss_priv_size, 796 GFP_ATOMIC); 797 if (!new) { 798 ies = (void *)rcu_dereference(tmp->pub.beacon_ies); 799 if (ies) 800 kfree_rcu(ies, rcu_head); 801 ies = (void *)rcu_dereference(tmp->pub.proberesp_ies); 802 if (ies) 803 kfree_rcu(ies, rcu_head); 804 goto drop; 805 } 806 memcpy(new, tmp, sizeof(*new)); 807 new->refcount = 1; 808 INIT_LIST_HEAD(&new->hidden_list); 809 810 if (rcu_access_pointer(tmp->pub.proberesp_ies)) { 811 hidden = rb_find_bss(rdev, tmp, BSS_CMP_HIDE_ZLEN); 812 if (!hidden) 813 hidden = rb_find_bss(rdev, tmp, 814 BSS_CMP_HIDE_NUL); 815 if (hidden) { 816 new->pub.hidden_beacon_bss = &hidden->pub; 817 list_add(&new->hidden_list, 818 &hidden->hidden_list); 819 hidden->refcount++; 820 rcu_assign_pointer(new->pub.beacon_ies, 821 hidden->pub.beacon_ies); 822 } 823 } else { 824 /* 825 * Ok so we found a beacon, and don't have an entry. If 826 * it's a beacon with hidden SSID, we might be in for an 827 * expensive search for any probe responses that should 828 * be grouped with this beacon for updates ... 829 */ 830 if (!cfg80211_combine_bsses(rdev, new)) { 831 kfree(new); 832 goto drop; 833 } 834 } 835 836 list_add_tail(&new->list, &rdev->bss_list); 837 rb_insert_bss(rdev, new); 838 found = new; 839 } 840 841 rdev->bss_generation++; 842 bss_ref_get(rdev, found); 843 spin_unlock_bh(&rdev->bss_lock); 844 845 return found; 846 drop: 847 spin_unlock_bh(&rdev->bss_lock); 848 return NULL; 849} 850 851static struct ieee80211_channel * 852cfg80211_get_bss_channel(struct wiphy *wiphy, const u8 *ie, size_t ielen, 853 struct ieee80211_channel *channel) 854{ 855 const u8 *tmp; 856 u32 freq; 857 int channel_number = -1; 858 859 tmp = cfg80211_find_ie(WLAN_EID_DS_PARAMS, ie, ielen); 860 if (tmp && tmp[1] == 1) { 861 channel_number = tmp[2]; 862 } else { 863 tmp = cfg80211_find_ie(WLAN_EID_HT_OPERATION, ie, ielen); 864 if (tmp && tmp[1] >= sizeof(struct ieee80211_ht_operation)) { 865 struct ieee80211_ht_operation *htop = (void *)(tmp + 2); 866 867 channel_number = htop->primary_chan; 868 } 869 } 870 871 if (channel_number < 0) 872 return channel; 873 874 freq = ieee80211_channel_to_frequency(channel_number, channel->band); 875 channel = ieee80211_get_channel(wiphy, freq); 876 if (!channel) 877 return NULL; 878 if (channel->flags & IEEE80211_CHAN_DISABLED) 879 return NULL; 880 return channel; 881} 882 883/* Returned bss is reference counted and must be cleaned up appropriately. */ 884struct cfg80211_bss* 885cfg80211_inform_bss_width(struct wiphy *wiphy, 886 struct ieee80211_channel *rx_channel, 887 enum nl80211_bss_scan_width scan_width, 888 enum cfg80211_bss_frame_type ftype, 889 const u8 *bssid, u64 tsf, u16 capability, 890 u16 beacon_interval, const u8 *ie, size_t ielen, 891 s32 signal, gfp_t gfp) 892{ 893 struct cfg80211_bss_ies *ies; 894 struct ieee80211_channel *channel; 895 struct cfg80211_internal_bss tmp = {}, *res; 896 bool signal_valid; 897 898 if (WARN_ON(!wiphy)) 899 return NULL; 900 901 if (WARN_ON(wiphy->signal_type == CFG80211_SIGNAL_TYPE_UNSPEC && 902 (signal < 0 || signal > 100))) 903 return NULL; 904 905 channel = cfg80211_get_bss_channel(wiphy, ie, ielen, rx_channel); 906 if (!channel) 907 return NULL; 908 909 memcpy(tmp.pub.bssid, bssid, ETH_ALEN); 910 tmp.pub.channel = channel; 911 tmp.pub.scan_width = scan_width; 912 tmp.pub.signal = signal; 913 tmp.pub.beacon_interval = beacon_interval; 914 tmp.pub.capability = capability; 915 /* 916 * If we do not know here whether the IEs are from a Beacon or Probe 917 * Response frame, we need to pick one of the options and only use it 918 * with the driver that does not provide the full Beacon/Probe Response 919 * frame. Use Beacon frame pointer to avoid indicating that this should 920 * override the IEs pointer should we have received an earlier 921 * indication of Probe Response data. 922 */ 923 ies = kzalloc(sizeof(*ies) + ielen, gfp); 924 if (!ies) 925 return NULL; 926 ies->len = ielen; 927 ies->tsf = tsf; 928 ies->from_beacon = false; 929 memcpy(ies->data, ie, ielen); 930 931 switch (ftype) { 932 case CFG80211_BSS_FTYPE_BEACON: 933 ies->from_beacon = true; 934 /* fall through to assign */ 935 case CFG80211_BSS_FTYPE_UNKNOWN: 936 rcu_assign_pointer(tmp.pub.beacon_ies, ies); 937 break; 938 case CFG80211_BSS_FTYPE_PRESP: 939 rcu_assign_pointer(tmp.pub.proberesp_ies, ies); 940 break; 941 } 942 rcu_assign_pointer(tmp.pub.ies, ies); 943 944 signal_valid = abs(rx_channel->center_freq - channel->center_freq) <= 945 wiphy->max_adj_channel_rssi_comp; 946 res = cfg80211_bss_update(wiphy_to_rdev(wiphy), &tmp, signal_valid); 947 if (!res) 948 return NULL; 949 950 if (res->pub.capability & WLAN_CAPABILITY_ESS) 951 regulatory_hint_found_beacon(wiphy, channel, gfp); 952 953 trace_cfg80211_return_bss(&res->pub); 954 /* cfg80211_bss_update gives us a referenced result */ 955 return &res->pub; 956} 957EXPORT_SYMBOL(cfg80211_inform_bss_width); 958 959/* Returned bss is reference counted and must be cleaned up appropriately. */ 960struct cfg80211_bss * 961cfg80211_inform_bss_width_frame(struct wiphy *wiphy, 962 struct ieee80211_channel *rx_channel, 963 enum nl80211_bss_scan_width scan_width, 964 struct ieee80211_mgmt *mgmt, size_t len, 965 s32 signal, gfp_t gfp) 966{ 967 struct cfg80211_internal_bss tmp = {}, *res; 968 struct cfg80211_bss_ies *ies; 969 struct ieee80211_channel *channel; 970 bool signal_valid; 971 size_t ielen = len - offsetof(struct ieee80211_mgmt, 972 u.probe_resp.variable); 973 974 BUILD_BUG_ON(offsetof(struct ieee80211_mgmt, u.probe_resp.variable) != 975 offsetof(struct ieee80211_mgmt, u.beacon.variable)); 976 977 trace_cfg80211_inform_bss_width_frame(wiphy, rx_channel, scan_width, mgmt, 978 len, signal); 979 980 if (WARN_ON(!mgmt)) 981 return NULL; 982 983 if (WARN_ON(!wiphy)) 984 return NULL; 985 986 if (WARN_ON(wiphy->signal_type == CFG80211_SIGNAL_TYPE_UNSPEC && 987 (signal < 0 || signal > 100))) 988 return NULL; 989 990 if (WARN_ON(len < offsetof(struct ieee80211_mgmt, u.probe_resp.variable))) 991 return NULL; 992 993 channel = cfg80211_get_bss_channel(wiphy, mgmt->u.beacon.variable, 994 ielen, rx_channel); 995 if (!channel) 996 return NULL; 997 998 ies = kzalloc(sizeof(*ies) + ielen, gfp); 999 if (!ies) 1000 return NULL; 1001 ies->len = ielen; 1002 ies->tsf = le64_to_cpu(mgmt->u.probe_resp.timestamp); 1003 ies->from_beacon = ieee80211_is_beacon(mgmt->frame_control); 1004 memcpy(ies->data, mgmt->u.probe_resp.variable, ielen); 1005 1006 if (ieee80211_is_probe_resp(mgmt->frame_control)) 1007 rcu_assign_pointer(tmp.pub.proberesp_ies, ies); 1008 else 1009 rcu_assign_pointer(tmp.pub.beacon_ies, ies); 1010 rcu_assign_pointer(tmp.pub.ies, ies); 1011 1012 memcpy(tmp.pub.bssid, mgmt->bssid, ETH_ALEN); 1013 tmp.pub.channel = channel; 1014 tmp.pub.scan_width = scan_width; 1015 tmp.pub.signal = signal; 1016 tmp.pub.beacon_interval = le16_to_cpu(mgmt->u.probe_resp.beacon_int); 1017 tmp.pub.capability = le16_to_cpu(mgmt->u.probe_resp.capab_info); 1018 1019 signal_valid = abs(rx_channel->center_freq - channel->center_freq) <= 1020 wiphy->max_adj_channel_rssi_comp; 1021 res = cfg80211_bss_update(wiphy_to_rdev(wiphy), &tmp, signal_valid); 1022 if (!res) 1023 return NULL; 1024 1025 if (res->pub.capability & WLAN_CAPABILITY_ESS) 1026 regulatory_hint_found_beacon(wiphy, channel, gfp); 1027 1028 trace_cfg80211_return_bss(&res->pub); 1029 /* cfg80211_bss_update gives us a referenced result */ 1030 return &res->pub; 1031} 1032EXPORT_SYMBOL(cfg80211_inform_bss_width_frame); 1033 1034void cfg80211_ref_bss(struct wiphy *wiphy, struct cfg80211_bss *pub) 1035{ 1036 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 1037 struct cfg80211_internal_bss *bss; 1038 1039 if (!pub) 1040 return; 1041 1042 bss = container_of(pub, struct cfg80211_internal_bss, pub); 1043 1044 spin_lock_bh(&rdev->bss_lock); 1045 bss_ref_get(rdev, bss); 1046 spin_unlock_bh(&rdev->bss_lock); 1047} 1048EXPORT_SYMBOL(cfg80211_ref_bss); 1049 1050void cfg80211_put_bss(struct wiphy *wiphy, struct cfg80211_bss *pub) 1051{ 1052 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 1053 struct cfg80211_internal_bss *bss; 1054 1055 if (!pub) 1056 return; 1057 1058 bss = container_of(pub, struct cfg80211_internal_bss, pub); 1059 1060 spin_lock_bh(&rdev->bss_lock); 1061 bss_ref_put(rdev, bss); 1062 spin_unlock_bh(&rdev->bss_lock); 1063} 1064EXPORT_SYMBOL(cfg80211_put_bss); 1065 1066void cfg80211_unlink_bss(struct wiphy *wiphy, struct cfg80211_bss *pub) 1067{ 1068 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 1069 struct cfg80211_internal_bss *bss; 1070 1071 if (WARN_ON(!pub)) 1072 return; 1073 1074 bss = container_of(pub, struct cfg80211_internal_bss, pub); 1075 1076 spin_lock_bh(&rdev->bss_lock); 1077 if (!list_empty(&bss->list)) { 1078 if (__cfg80211_unlink_bss(rdev, bss)) 1079 rdev->bss_generation++; 1080 } 1081 spin_unlock_bh(&rdev->bss_lock); 1082} 1083EXPORT_SYMBOL(cfg80211_unlink_bss); 1084 1085#ifdef CONFIG_CFG80211_WEXT 1086static struct cfg80211_registered_device * 1087cfg80211_get_dev_from_ifindex(struct net *net, int ifindex) 1088{ 1089 struct cfg80211_registered_device *rdev; 1090 struct net_device *dev; 1091 1092 ASSERT_RTNL(); 1093 1094 dev = dev_get_by_index(net, ifindex); 1095 if (!dev) 1096 return ERR_PTR(-ENODEV); 1097 if (dev->ieee80211_ptr) 1098 rdev = wiphy_to_rdev(dev->ieee80211_ptr->wiphy); 1099 else 1100 rdev = ERR_PTR(-ENODEV); 1101 dev_put(dev); 1102 return rdev; 1103} 1104 1105int cfg80211_wext_siwscan(struct net_device *dev, 1106 struct iw_request_info *info, 1107 union iwreq_data *wrqu, char *extra) 1108{ 1109 struct cfg80211_registered_device *rdev; 1110 struct wiphy *wiphy; 1111 struct iw_scan_req *wreq = NULL; 1112 struct cfg80211_scan_request *creq = NULL; 1113 int i, err, n_channels = 0; 1114 enum ieee80211_band band; 1115 1116 if (!netif_running(dev)) 1117 return -ENETDOWN; 1118 1119 if (wrqu->data.length == sizeof(struct iw_scan_req)) 1120 wreq = (struct iw_scan_req *)extra; 1121 1122 rdev = cfg80211_get_dev_from_ifindex(dev_net(dev), dev->ifindex); 1123 1124 if (IS_ERR(rdev)) 1125 return PTR_ERR(rdev); 1126 1127 if (rdev->scan_req || rdev->scan_msg) { 1128 err = -EBUSY; 1129 goto out; 1130 } 1131 1132 wiphy = &rdev->wiphy; 1133 1134 /* Determine number of channels, needed to allocate creq */ 1135 if (wreq && wreq->num_channels) 1136 n_channels = wreq->num_channels; 1137 else 1138 n_channels = ieee80211_get_num_supported_channels(wiphy); 1139 1140 creq = kzalloc(sizeof(*creq) + sizeof(struct cfg80211_ssid) + 1141 n_channels * sizeof(void *), 1142 GFP_ATOMIC); 1143 if (!creq) { 1144 err = -ENOMEM; 1145 goto out; 1146 } 1147 1148 creq->wiphy = wiphy; 1149 creq->wdev = dev->ieee80211_ptr; 1150 /* SSIDs come after channels */ 1151 creq->ssids = (void *)&creq->channels[n_channels]; 1152 creq->n_channels = n_channels; 1153 creq->n_ssids = 1; 1154 creq->scan_start = jiffies; 1155 1156 /* translate "Scan on frequencies" request */ 1157 i = 0; 1158 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 1159 int j; 1160 1161 if (!wiphy->bands[band]) 1162 continue; 1163 1164 for (j = 0; j < wiphy->bands[band]->n_channels; j++) { 1165 /* ignore disabled channels */ 1166 if (wiphy->bands[band]->channels[j].flags & 1167 IEEE80211_CHAN_DISABLED) 1168 continue; 1169 1170 /* If we have a wireless request structure and the 1171 * wireless request specifies frequencies, then search 1172 * for the matching hardware channel. 1173 */ 1174 if (wreq && wreq->num_channels) { 1175 int k; 1176 int wiphy_freq = wiphy->bands[band]->channels[j].center_freq; 1177 for (k = 0; k < wreq->num_channels; k++) { 1178 struct iw_freq *freq = 1179 &wreq->channel_list[k]; 1180 int wext_freq = 1181 cfg80211_wext_freq(freq); 1182 1183 if (wext_freq == wiphy_freq) 1184 goto wext_freq_found; 1185 } 1186 goto wext_freq_not_found; 1187 } 1188 1189 wext_freq_found: 1190 creq->channels[i] = &wiphy->bands[band]->channels[j]; 1191 i++; 1192 wext_freq_not_found: ; 1193 } 1194 } 1195 /* No channels found? */ 1196 if (!i) { 1197 err = -EINVAL; 1198 goto out; 1199 } 1200 1201 /* Set real number of channels specified in creq->channels[] */ 1202 creq->n_channels = i; 1203 1204 /* translate "Scan for SSID" request */ 1205 if (wreq) { 1206 if (wrqu->data.flags & IW_SCAN_THIS_ESSID) { 1207 if (wreq->essid_len > IEEE80211_MAX_SSID_LEN) { 1208 err = -EINVAL; 1209 goto out; 1210 } 1211 memcpy(creq->ssids[0].ssid, wreq->essid, wreq->essid_len); 1212 creq->ssids[0].ssid_len = wreq->essid_len; 1213 } 1214 if (wreq->scan_type == IW_SCAN_TYPE_PASSIVE) 1215 creq->n_ssids = 0; 1216 } 1217 1218 for (i = 0; i < IEEE80211_NUM_BANDS; i++) 1219 if (wiphy->bands[i]) 1220 creq->rates[i] = (1 << wiphy->bands[i]->n_bitrates) - 1; 1221 1222 rdev->scan_req = creq; 1223 err = rdev_scan(rdev, creq); 1224 if (err) { 1225 rdev->scan_req = NULL; 1226 /* creq will be freed below */ 1227 } else { 1228 nl80211_send_scan_start(rdev, dev->ieee80211_ptr); 1229 /* creq now owned by driver */ 1230 creq = NULL; 1231 dev_hold(dev); 1232 } 1233 out: 1234 kfree(creq); 1235 return err; 1236} 1237EXPORT_SYMBOL_GPL(cfg80211_wext_siwscan); 1238 1239static void ieee80211_scan_add_ies(struct iw_request_info *info, 1240 const struct cfg80211_bss_ies *ies, 1241 char **current_ev, char *end_buf) 1242{ 1243 const u8 *pos, *end, *next; 1244 struct iw_event iwe; 1245 1246 if (!ies) 1247 return; 1248 1249 /* 1250 * If needed, fragment the IEs buffer (at IE boundaries) into short 1251 * enough fragments to fit into IW_GENERIC_IE_MAX octet messages. 1252 */ 1253 pos = ies->data; 1254 end = pos + ies->len; 1255 1256 while (end - pos > IW_GENERIC_IE_MAX) { 1257 next = pos + 2 + pos[1]; 1258 while (next + 2 + next[1] - pos < IW_GENERIC_IE_MAX) 1259 next = next + 2 + next[1]; 1260 1261 memset(&iwe, 0, sizeof(iwe)); 1262 iwe.cmd = IWEVGENIE; 1263 iwe.u.data.length = next - pos; 1264 *current_ev = iwe_stream_add_point(info, *current_ev, 1265 end_buf, &iwe, 1266 (void *)pos); 1267 1268 pos = next; 1269 } 1270 1271 if (end > pos) { 1272 memset(&iwe, 0, sizeof(iwe)); 1273 iwe.cmd = IWEVGENIE; 1274 iwe.u.data.length = end - pos; 1275 *current_ev = iwe_stream_add_point(info, *current_ev, 1276 end_buf, &iwe, 1277 (void *)pos); 1278 } 1279} 1280 1281static char * 1282ieee80211_bss(struct wiphy *wiphy, struct iw_request_info *info, 1283 struct cfg80211_internal_bss *bss, char *current_ev, 1284 char *end_buf) 1285{ 1286 const struct cfg80211_bss_ies *ies; 1287 struct iw_event iwe; 1288 const u8 *ie; 1289 u8 *buf, *cfg, *p; 1290 int rem, i, sig; 1291 bool ismesh = false; 1292 1293 memset(&iwe, 0, sizeof(iwe)); 1294 iwe.cmd = SIOCGIWAP; 1295 iwe.u.ap_addr.sa_family = ARPHRD_ETHER; 1296 memcpy(iwe.u.ap_addr.sa_data, bss->pub.bssid, ETH_ALEN); 1297 current_ev = iwe_stream_add_event(info, current_ev, end_buf, &iwe, 1298 IW_EV_ADDR_LEN); 1299 1300 memset(&iwe, 0, sizeof(iwe)); 1301 iwe.cmd = SIOCGIWFREQ; 1302 iwe.u.freq.m = ieee80211_frequency_to_channel(bss->pub.channel->center_freq); 1303 iwe.u.freq.e = 0; 1304 current_ev = iwe_stream_add_event(info, current_ev, end_buf, &iwe, 1305 IW_EV_FREQ_LEN); 1306 1307 memset(&iwe, 0, sizeof(iwe)); 1308 iwe.cmd = SIOCGIWFREQ; 1309 iwe.u.freq.m = bss->pub.channel->center_freq; 1310 iwe.u.freq.e = 6; 1311 current_ev = iwe_stream_add_event(info, current_ev, end_buf, &iwe, 1312 IW_EV_FREQ_LEN); 1313 1314 if (wiphy->signal_type != CFG80211_SIGNAL_TYPE_NONE) { 1315 memset(&iwe, 0, sizeof(iwe)); 1316 iwe.cmd = IWEVQUAL; 1317 iwe.u.qual.updated = IW_QUAL_LEVEL_UPDATED | 1318 IW_QUAL_NOISE_INVALID | 1319 IW_QUAL_QUAL_UPDATED; 1320 switch (wiphy->signal_type) { 1321 case CFG80211_SIGNAL_TYPE_MBM: 1322 sig = bss->pub.signal / 100; 1323 iwe.u.qual.level = sig; 1324 iwe.u.qual.updated |= IW_QUAL_DBM; 1325 if (sig < -110) /* rather bad */ 1326 sig = -110; 1327 else if (sig > -40) /* perfect */ 1328 sig = -40; 1329 /* will give a range of 0 .. 70 */ 1330 iwe.u.qual.qual = sig + 110; 1331 break; 1332 case CFG80211_SIGNAL_TYPE_UNSPEC: 1333 iwe.u.qual.level = bss->pub.signal; 1334 /* will give range 0 .. 100 */ 1335 iwe.u.qual.qual = bss->pub.signal; 1336 break; 1337 default: 1338 /* not reached */ 1339 break; 1340 } 1341 current_ev = iwe_stream_add_event(info, current_ev, end_buf, 1342 &iwe, IW_EV_QUAL_LEN); 1343 } 1344 1345 memset(&iwe, 0, sizeof(iwe)); 1346 iwe.cmd = SIOCGIWENCODE; 1347 if (bss->pub.capability & WLAN_CAPABILITY_PRIVACY) 1348 iwe.u.data.flags = IW_ENCODE_ENABLED | IW_ENCODE_NOKEY; 1349 else 1350 iwe.u.data.flags = IW_ENCODE_DISABLED; 1351 iwe.u.data.length = 0; 1352 current_ev = iwe_stream_add_point(info, current_ev, end_buf, 1353 &iwe, ""); 1354 1355 rcu_read_lock(); 1356 ies = rcu_dereference(bss->pub.ies); 1357 rem = ies->len; 1358 ie = ies->data; 1359 1360 while (rem >= 2) { 1361 /* invalid data */ 1362 if (ie[1] > rem - 2) 1363 break; 1364 1365 switch (ie[0]) { 1366 case WLAN_EID_SSID: 1367 memset(&iwe, 0, sizeof(iwe)); 1368 iwe.cmd = SIOCGIWESSID; 1369 iwe.u.data.length = ie[1]; 1370 iwe.u.data.flags = 1; 1371 current_ev = iwe_stream_add_point(info, current_ev, end_buf, 1372 &iwe, (u8 *)ie + 2); 1373 break; 1374 case WLAN_EID_MESH_ID: 1375 memset(&iwe, 0, sizeof(iwe)); 1376 iwe.cmd = SIOCGIWESSID; 1377 iwe.u.data.length = ie[1]; 1378 iwe.u.data.flags = 1; 1379 current_ev = iwe_stream_add_point(info, current_ev, end_buf, 1380 &iwe, (u8 *)ie + 2); 1381 break; 1382 case WLAN_EID_MESH_CONFIG: 1383 ismesh = true; 1384 if (ie[1] != sizeof(struct ieee80211_meshconf_ie)) 1385 break; 1386 buf = kmalloc(50, GFP_ATOMIC); 1387 if (!buf) 1388 break; 1389 cfg = (u8 *)ie + 2; 1390 memset(&iwe, 0, sizeof(iwe)); 1391 iwe.cmd = IWEVCUSTOM; 1392 sprintf(buf, "Mesh Network Path Selection Protocol ID: " 1393 "0x%02X", cfg[0]); 1394 iwe.u.data.length = strlen(buf); 1395 current_ev = iwe_stream_add_point(info, current_ev, 1396 end_buf, 1397 &iwe, buf); 1398 sprintf(buf, "Path Selection Metric ID: 0x%02X", 1399 cfg[1]); 1400 iwe.u.data.length = strlen(buf); 1401 current_ev = iwe_stream_add_point(info, current_ev, 1402 end_buf, 1403 &iwe, buf); 1404 sprintf(buf, "Congestion Control Mode ID: 0x%02X", 1405 cfg[2]); 1406 iwe.u.data.length = strlen(buf); 1407 current_ev = iwe_stream_add_point(info, current_ev, 1408 end_buf, 1409 &iwe, buf); 1410 sprintf(buf, "Synchronization ID: 0x%02X", cfg[3]); 1411 iwe.u.data.length = strlen(buf); 1412 current_ev = iwe_stream_add_point(info, current_ev, 1413 end_buf, 1414 &iwe, buf); 1415 sprintf(buf, "Authentication ID: 0x%02X", cfg[4]); 1416 iwe.u.data.length = strlen(buf); 1417 current_ev = iwe_stream_add_point(info, current_ev, 1418 end_buf, 1419 &iwe, buf); 1420 sprintf(buf, "Formation Info: 0x%02X", cfg[5]); 1421 iwe.u.data.length = strlen(buf); 1422 current_ev = iwe_stream_add_point(info, current_ev, 1423 end_buf, 1424 &iwe, buf); 1425 sprintf(buf, "Capabilities: 0x%02X", cfg[6]); 1426 iwe.u.data.length = strlen(buf); 1427 current_ev = iwe_stream_add_point(info, current_ev, 1428 end_buf, 1429 &iwe, buf); 1430 kfree(buf); 1431 break; 1432 case WLAN_EID_SUPP_RATES: 1433 case WLAN_EID_EXT_SUPP_RATES: 1434 /* display all supported rates in readable format */ 1435 p = current_ev + iwe_stream_lcp_len(info); 1436 1437 memset(&iwe, 0, sizeof(iwe)); 1438 iwe.cmd = SIOCGIWRATE; 1439 /* Those two flags are ignored... */ 1440 iwe.u.bitrate.fixed = iwe.u.bitrate.disabled = 0; 1441 1442 for (i = 0; i < ie[1]; i++) { 1443 iwe.u.bitrate.value = 1444 ((ie[i + 2] & 0x7f) * 500000); 1445 p = iwe_stream_add_value(info, current_ev, p, 1446 end_buf, &iwe, IW_EV_PARAM_LEN); 1447 } 1448 current_ev = p; 1449 break; 1450 } 1451 rem -= ie[1] + 2; 1452 ie += ie[1] + 2; 1453 } 1454 1455 if (bss->pub.capability & (WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_IBSS) || 1456 ismesh) { 1457 memset(&iwe, 0, sizeof(iwe)); 1458 iwe.cmd = SIOCGIWMODE; 1459 if (ismesh) 1460 iwe.u.mode = IW_MODE_MESH; 1461 else if (bss->pub.capability & WLAN_CAPABILITY_ESS) 1462 iwe.u.mode = IW_MODE_MASTER; 1463 else 1464 iwe.u.mode = IW_MODE_ADHOC; 1465 current_ev = iwe_stream_add_event(info, current_ev, end_buf, 1466 &iwe, IW_EV_UINT_LEN); 1467 } 1468 1469 buf = kmalloc(31, GFP_ATOMIC); 1470 if (buf) { 1471 memset(&iwe, 0, sizeof(iwe)); 1472 iwe.cmd = IWEVCUSTOM; 1473 sprintf(buf, "tsf=%016llx", (unsigned long long)(ies->tsf)); 1474 iwe.u.data.length = strlen(buf); 1475 current_ev = iwe_stream_add_point(info, current_ev, end_buf, 1476 &iwe, buf); 1477 memset(&iwe, 0, sizeof(iwe)); 1478 iwe.cmd = IWEVCUSTOM; 1479 sprintf(buf, " Last beacon: %ums ago", 1480 elapsed_jiffies_msecs(bss->ts)); 1481 iwe.u.data.length = strlen(buf); 1482 current_ev = iwe_stream_add_point(info, current_ev, 1483 end_buf, &iwe, buf); 1484 kfree(buf); 1485 } 1486 1487 ieee80211_scan_add_ies(info, ies, ¤t_ev, end_buf); 1488 rcu_read_unlock(); 1489 1490 return current_ev; 1491} 1492 1493 1494static int ieee80211_scan_results(struct cfg80211_registered_device *rdev, 1495 struct iw_request_info *info, 1496 char *buf, size_t len) 1497{ 1498 char *current_ev = buf; 1499 char *end_buf = buf + len; 1500 struct cfg80211_internal_bss *bss; 1501 1502 spin_lock_bh(&rdev->bss_lock); 1503 cfg80211_bss_expire(rdev); 1504 1505 list_for_each_entry(bss, &rdev->bss_list, list) { 1506 if (buf + len - current_ev <= IW_EV_ADDR_LEN) { 1507 spin_unlock_bh(&rdev->bss_lock); 1508 return -E2BIG; 1509 } 1510 current_ev = ieee80211_bss(&rdev->wiphy, info, bss, 1511 current_ev, end_buf); 1512 } 1513 spin_unlock_bh(&rdev->bss_lock); 1514 return current_ev - buf; 1515} 1516 1517 1518int cfg80211_wext_giwscan(struct net_device *dev, 1519 struct iw_request_info *info, 1520 struct iw_point *data, char *extra) 1521{ 1522 struct cfg80211_registered_device *rdev; 1523 int res; 1524 1525 if (!netif_running(dev)) 1526 return -ENETDOWN; 1527 1528 rdev = cfg80211_get_dev_from_ifindex(dev_net(dev), dev->ifindex); 1529 1530 if (IS_ERR(rdev)) 1531 return PTR_ERR(rdev); 1532 1533 if (rdev->scan_req || rdev->scan_msg) 1534 return -EAGAIN; 1535 1536 res = ieee80211_scan_results(rdev, info, extra, data->length); 1537 data->length = 0; 1538 if (res >= 0) { 1539 data->length = res; 1540 res = 0; 1541 } 1542 1543 return res; 1544} 1545EXPORT_SYMBOL_GPL(cfg80211_wext_giwscan); 1546#endif 1547