scan.c revision b629ea3db4c0da4465ffa532914e4a3081f93cdf
1/* 2 * cfg80211 scan result handling 3 * 4 * Copyright 2008 Johannes Berg <johannes@sipsolutions.net> 5 */ 6#include <linux/kernel.h> 7#include <linux/slab.h> 8#include <linux/module.h> 9#include <linux/netdevice.h> 10#include <linux/wireless.h> 11#include <linux/nl80211.h> 12#include <linux/etherdevice.h> 13#include <net/arp.h> 14#include <net/cfg80211.h> 15#include <net/cfg80211-wext.h> 16#include <net/iw_handler.h> 17#include "core.h" 18#include "nl80211.h" 19#include "wext-compat.h" 20#include "rdev-ops.h" 21 22#define IEEE80211_SCAN_RESULT_EXPIRE (30 * HZ) 23 24static void bss_release(struct kref *ref) 25{ 26 struct cfg80211_internal_bss *bss; 27 28 bss = container_of(ref, struct cfg80211_internal_bss, ref); 29 30 if (WARN_ON(atomic_read(&bss->hold))) 31 return; 32 33 if (bss->pub.free_priv) 34 bss->pub.free_priv(&bss->pub); 35 36 if (bss->beacon_ies_allocated) 37 kfree(bss->pub.beacon_ies); 38 if (bss->proberesp_ies_allocated) 39 kfree(bss->pub.proberesp_ies); 40 41 kfree(bss); 42} 43 44/* must hold dev->bss_lock! */ 45static void __cfg80211_unlink_bss(struct cfg80211_registered_device *dev, 46 struct cfg80211_internal_bss *bss) 47{ 48 list_del_init(&bss->list); 49 rb_erase(&bss->rbn, &dev->bss_tree); 50 kref_put(&bss->ref, bss_release); 51} 52 53/* must hold dev->bss_lock! */ 54static void __cfg80211_bss_expire(struct cfg80211_registered_device *dev, 55 unsigned long expire_time) 56{ 57 struct cfg80211_internal_bss *bss, *tmp; 58 bool expired = false; 59 60 list_for_each_entry_safe(bss, tmp, &dev->bss_list, list) { 61 if (atomic_read(&bss->hold)) 62 continue; 63 if (!time_after(expire_time, bss->ts)) 64 continue; 65 66 __cfg80211_unlink_bss(dev, bss); 67 expired = true; 68 } 69 70 if (expired) 71 dev->bss_generation++; 72} 73 74void ___cfg80211_scan_done(struct cfg80211_registered_device *rdev, bool leak) 75{ 76 struct cfg80211_scan_request *request; 77 struct wireless_dev *wdev; 78#ifdef CONFIG_CFG80211_WEXT 79 union iwreq_data wrqu; 80#endif 81 82 ASSERT_RDEV_LOCK(rdev); 83 84 request = rdev->scan_req; 85 86 if (!request) 87 return; 88 89 wdev = request->wdev; 90 91 /* 92 * This must be before sending the other events! 93 * Otherwise, wpa_supplicant gets completely confused with 94 * wext events. 95 */ 96 if (wdev->netdev) 97 cfg80211_sme_scan_done(wdev->netdev); 98 99 if (request->aborted) { 100 nl80211_send_scan_aborted(rdev, wdev); 101 } else { 102 if (request->flags & NL80211_SCAN_FLAG_FLUSH) { 103 /* flush entries from previous scans */ 104 spin_lock_bh(&rdev->bss_lock); 105 __cfg80211_bss_expire(rdev, request->scan_start); 106 spin_unlock_bh(&rdev->bss_lock); 107 } 108 nl80211_send_scan_done(rdev, wdev); 109 } 110 111#ifdef CONFIG_CFG80211_WEXT 112 if (wdev->netdev && !request->aborted) { 113 memset(&wrqu, 0, sizeof(wrqu)); 114 115 wireless_send_event(wdev->netdev, SIOCGIWSCAN, &wrqu, NULL); 116 } 117#endif 118 119 if (wdev->netdev) 120 dev_put(wdev->netdev); 121 122 rdev->scan_req = NULL; 123 124 /* 125 * OK. If this is invoked with "leak" then we can't 126 * free this ... but we've cleaned it up anyway. The 127 * driver failed to call the scan_done callback, so 128 * all bets are off, it might still be trying to use 129 * the scan request or not ... if it accesses the dev 130 * in there (it shouldn't anyway) then it may crash. 131 */ 132 if (!leak) 133 kfree(request); 134} 135 136void __cfg80211_scan_done(struct work_struct *wk) 137{ 138 struct cfg80211_registered_device *rdev; 139 140 rdev = container_of(wk, struct cfg80211_registered_device, 141 scan_done_wk); 142 143 cfg80211_lock_rdev(rdev); 144 ___cfg80211_scan_done(rdev, false); 145 cfg80211_unlock_rdev(rdev); 146} 147 148void cfg80211_scan_done(struct cfg80211_scan_request *request, bool aborted) 149{ 150 trace_cfg80211_scan_done(request, aborted); 151 WARN_ON(request != wiphy_to_dev(request->wiphy)->scan_req); 152 153 request->aborted = aborted; 154 queue_work(cfg80211_wq, &wiphy_to_dev(request->wiphy)->scan_done_wk); 155} 156EXPORT_SYMBOL(cfg80211_scan_done); 157 158void __cfg80211_sched_scan_results(struct work_struct *wk) 159{ 160 struct cfg80211_registered_device *rdev; 161 struct cfg80211_sched_scan_request *request; 162 163 rdev = container_of(wk, struct cfg80211_registered_device, 164 sched_scan_results_wk); 165 166 request = rdev->sched_scan_req; 167 168 mutex_lock(&rdev->sched_scan_mtx); 169 170 /* we don't have sched_scan_req anymore if the scan is stopping */ 171 if (request) { 172 if (request->flags & NL80211_SCAN_FLAG_FLUSH) { 173 /* flush entries from previous scans */ 174 spin_lock_bh(&rdev->bss_lock); 175 __cfg80211_bss_expire(rdev, request->scan_start); 176 spin_unlock_bh(&rdev->bss_lock); 177 request->scan_start = 178 jiffies + msecs_to_jiffies(request->interval); 179 } 180 nl80211_send_sched_scan_results(rdev, request->dev); 181 } 182 183 mutex_unlock(&rdev->sched_scan_mtx); 184} 185 186void cfg80211_sched_scan_results(struct wiphy *wiphy) 187{ 188 trace_cfg80211_sched_scan_results(wiphy); 189 /* ignore if we're not scanning */ 190 if (wiphy_to_dev(wiphy)->sched_scan_req) 191 queue_work(cfg80211_wq, 192 &wiphy_to_dev(wiphy)->sched_scan_results_wk); 193} 194EXPORT_SYMBOL(cfg80211_sched_scan_results); 195 196void cfg80211_sched_scan_stopped(struct wiphy *wiphy) 197{ 198 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 199 200 trace_cfg80211_sched_scan_stopped(wiphy); 201 202 mutex_lock(&rdev->sched_scan_mtx); 203 __cfg80211_stop_sched_scan(rdev, true); 204 mutex_unlock(&rdev->sched_scan_mtx); 205} 206EXPORT_SYMBOL(cfg80211_sched_scan_stopped); 207 208int __cfg80211_stop_sched_scan(struct cfg80211_registered_device *rdev, 209 bool driver_initiated) 210{ 211 struct net_device *dev; 212 213 lockdep_assert_held(&rdev->sched_scan_mtx); 214 215 if (!rdev->sched_scan_req) 216 return -ENOENT; 217 218 dev = rdev->sched_scan_req->dev; 219 220 if (!driver_initiated) { 221 int err = rdev_sched_scan_stop(rdev, dev); 222 if (err) 223 return err; 224 } 225 226 nl80211_send_sched_scan(rdev, dev, NL80211_CMD_SCHED_SCAN_STOPPED); 227 228 kfree(rdev->sched_scan_req); 229 rdev->sched_scan_req = NULL; 230 231 return 0; 232} 233 234/* must hold dev->bss_lock! */ 235void cfg80211_bss_age(struct cfg80211_registered_device *dev, 236 unsigned long age_secs) 237{ 238 struct cfg80211_internal_bss *bss; 239 unsigned long age_jiffies = msecs_to_jiffies(age_secs * MSEC_PER_SEC); 240 241 list_for_each_entry(bss, &dev->bss_list, list) { 242 bss->ts -= age_jiffies; 243 } 244} 245 246void cfg80211_bss_expire(struct cfg80211_registered_device *dev) 247{ 248 __cfg80211_bss_expire(dev, jiffies - IEEE80211_SCAN_RESULT_EXPIRE); 249} 250 251const u8 *cfg80211_find_ie(u8 eid, const u8 *ies, int len) 252{ 253 while (len > 2 && ies[0] != eid) { 254 len -= ies[1] + 2; 255 ies += ies[1] + 2; 256 } 257 if (len < 2) 258 return NULL; 259 if (len < 2 + ies[1]) 260 return NULL; 261 return ies; 262} 263EXPORT_SYMBOL(cfg80211_find_ie); 264 265const u8 *cfg80211_find_vendor_ie(unsigned int oui, u8 oui_type, 266 const u8 *ies, int len) 267{ 268 struct ieee80211_vendor_ie *ie; 269 const u8 *pos = ies, *end = ies + len; 270 int ie_oui; 271 272 while (pos < end) { 273 pos = cfg80211_find_ie(WLAN_EID_VENDOR_SPECIFIC, pos, 274 end - pos); 275 if (!pos) 276 return NULL; 277 278 if (end - pos < sizeof(*ie)) 279 return NULL; 280 281 ie = (struct ieee80211_vendor_ie *)pos; 282 ie_oui = ie->oui[0] << 16 | ie->oui[1] << 8 | ie->oui[2]; 283 if (ie_oui == oui && ie->oui_type == oui_type) 284 return pos; 285 286 pos += 2 + ie->len; 287 } 288 return NULL; 289} 290EXPORT_SYMBOL(cfg80211_find_vendor_ie); 291 292static int cmp_ies(u8 num, u8 *ies1, size_t len1, u8 *ies2, size_t len2) 293{ 294 const u8 *ie1 = cfg80211_find_ie(num, ies1, len1); 295 const u8 *ie2 = cfg80211_find_ie(num, ies2, len2); 296 297 /* equal if both missing */ 298 if (!ie1 && !ie2) 299 return 0; 300 /* sort missing IE before (left of) present IE */ 301 if (!ie1) 302 return -1; 303 if (!ie2) 304 return 1; 305 306 /* sort by length first, then by contents */ 307 if (ie1[1] != ie2[1]) 308 return ie2[1] - ie1[1]; 309 return memcmp(ie1 + 2, ie2 + 2, ie1[1]); 310} 311 312static bool is_bss(struct cfg80211_bss *a, 313 const u8 *bssid, 314 const u8 *ssid, size_t ssid_len) 315{ 316 const u8 *ssidie; 317 318 if (bssid && !ether_addr_equal(a->bssid, bssid)) 319 return false; 320 321 if (!ssid) 322 return true; 323 324 ssidie = cfg80211_find_ie(WLAN_EID_SSID, 325 a->information_elements, 326 a->len_information_elements); 327 if (!ssidie) 328 return false; 329 if (ssidie[1] != ssid_len) 330 return false; 331 return memcmp(ssidie + 2, ssid, ssid_len) == 0; 332} 333 334static bool is_mesh_bss(struct cfg80211_bss *a) 335{ 336 const u8 *ie; 337 338 if (!WLAN_CAPABILITY_IS_STA_BSS(a->capability)) 339 return false; 340 341 ie = cfg80211_find_ie(WLAN_EID_MESH_ID, 342 a->information_elements, 343 a->len_information_elements); 344 if (!ie) 345 return false; 346 347 ie = cfg80211_find_ie(WLAN_EID_MESH_CONFIG, 348 a->information_elements, 349 a->len_information_elements); 350 if (!ie) 351 return false; 352 353 return true; 354} 355 356static bool is_mesh(struct cfg80211_bss *a, 357 const u8 *meshid, size_t meshidlen, 358 const u8 *meshcfg) 359{ 360 const u8 *ie; 361 362 if (!WLAN_CAPABILITY_IS_STA_BSS(a->capability)) 363 return false; 364 365 ie = cfg80211_find_ie(WLAN_EID_MESH_ID, 366 a->information_elements, 367 a->len_information_elements); 368 if (!ie) 369 return false; 370 if (ie[1] != meshidlen) 371 return false; 372 if (memcmp(ie + 2, meshid, meshidlen)) 373 return false; 374 375 ie = cfg80211_find_ie(WLAN_EID_MESH_CONFIG, 376 a->information_elements, 377 a->len_information_elements); 378 if (!ie) 379 return false; 380 if (ie[1] != sizeof(struct ieee80211_meshconf_ie)) 381 return false; 382 383 /* 384 * Ignore mesh capability (last two bytes of the IE) when 385 * comparing since that may differ between stations taking 386 * part in the same mesh. 387 */ 388 return memcmp(ie + 2, meshcfg, 389 sizeof(struct ieee80211_meshconf_ie) - 2) == 0; 390} 391 392static int cmp_bss_core(struct cfg80211_bss *a, 393 struct cfg80211_bss *b) 394{ 395 int r; 396 397 if (a->channel != b->channel) 398 return b->channel->center_freq - a->channel->center_freq; 399 400 if (is_mesh_bss(a) && is_mesh_bss(b)) { 401 r = cmp_ies(WLAN_EID_MESH_ID, 402 a->information_elements, 403 a->len_information_elements, 404 b->information_elements, 405 b->len_information_elements); 406 if (r) 407 return r; 408 return cmp_ies(WLAN_EID_MESH_CONFIG, 409 a->information_elements, 410 a->len_information_elements, 411 b->information_elements, 412 b->len_information_elements); 413 } 414 415 /* 416 * we can't use compare_ether_addr here since we need a < > operator. 417 * The binary return value of compare_ether_addr isn't enough 418 */ 419 return memcmp(a->bssid, b->bssid, sizeof(a->bssid)); 420} 421 422static int cmp_bss(struct cfg80211_bss *a, 423 struct cfg80211_bss *b) 424{ 425 int r; 426 427 r = cmp_bss_core(a, b); 428 if (r) 429 return r; 430 431 return cmp_ies(WLAN_EID_SSID, 432 a->information_elements, 433 a->len_information_elements, 434 b->information_elements, 435 b->len_information_elements); 436} 437 438static int cmp_hidden_bss(struct cfg80211_bss *a, 439 struct cfg80211_bss *b) 440{ 441 const u8 *ie1; 442 const u8 *ie2; 443 int i; 444 int r; 445 446 r = cmp_bss_core(a, b); 447 if (r) 448 return r; 449 450 ie1 = cfg80211_find_ie(WLAN_EID_SSID, 451 a->information_elements, 452 a->len_information_elements); 453 ie2 = cfg80211_find_ie(WLAN_EID_SSID, 454 b->information_elements, 455 b->len_information_elements); 456 457 /* Key comparator must use same algorithm in any rb-tree 458 * search function (order is important), otherwise ordering 459 * of items in the tree is broken and search gives incorrect 460 * results. This code uses same order as cmp_ies() does. */ 461 462 /* sort missing IE before (left of) present IE */ 463 if (!ie1) 464 return -1; 465 if (!ie2) 466 return 1; 467 468 /* zero-size SSID is used as an indication of the hidden bss */ 469 if (!ie2[1]) 470 return 0; 471 472 /* sort by length first, then by contents */ 473 if (ie1[1] != ie2[1]) 474 return ie2[1] - ie1[1]; 475 476 /* zeroed SSID ie is another indication of a hidden bss */ 477 for (i = 0; i < ie2[1]; i++) 478 if (ie2[i + 2]) 479 return -1; 480 481 return 0; 482} 483 484struct cfg80211_bss *cfg80211_get_bss(struct wiphy *wiphy, 485 struct ieee80211_channel *channel, 486 const u8 *bssid, 487 const u8 *ssid, size_t ssid_len, 488 u16 capa_mask, u16 capa_val) 489{ 490 struct cfg80211_registered_device *dev = wiphy_to_dev(wiphy); 491 struct cfg80211_internal_bss *bss, *res = NULL; 492 unsigned long now = jiffies; 493 494 trace_cfg80211_get_bss(wiphy, channel, bssid, ssid, ssid_len, capa_mask, 495 capa_val); 496 497 spin_lock_bh(&dev->bss_lock); 498 499 list_for_each_entry(bss, &dev->bss_list, list) { 500 if ((bss->pub.capability & capa_mask) != capa_val) 501 continue; 502 if (channel && bss->pub.channel != channel) 503 continue; 504 /* Don't get expired BSS structs */ 505 if (time_after(now, bss->ts + IEEE80211_SCAN_RESULT_EXPIRE) && 506 !atomic_read(&bss->hold)) 507 continue; 508 if (is_bss(&bss->pub, bssid, ssid, ssid_len)) { 509 res = bss; 510 kref_get(&res->ref); 511 break; 512 } 513 } 514 515 spin_unlock_bh(&dev->bss_lock); 516 if (!res) 517 return NULL; 518 trace_cfg80211_return_bss(&res->pub); 519 return &res->pub; 520} 521EXPORT_SYMBOL(cfg80211_get_bss); 522 523struct cfg80211_bss *cfg80211_get_mesh(struct wiphy *wiphy, 524 struct ieee80211_channel *channel, 525 const u8 *meshid, size_t meshidlen, 526 const u8 *meshcfg) 527{ 528 struct cfg80211_registered_device *dev = wiphy_to_dev(wiphy); 529 struct cfg80211_internal_bss *bss, *res = NULL; 530 531 spin_lock_bh(&dev->bss_lock); 532 533 list_for_each_entry(bss, &dev->bss_list, list) { 534 if (channel && bss->pub.channel != channel) 535 continue; 536 if (is_mesh(&bss->pub, meshid, meshidlen, meshcfg)) { 537 res = bss; 538 kref_get(&res->ref); 539 break; 540 } 541 } 542 543 spin_unlock_bh(&dev->bss_lock); 544 if (!res) 545 return NULL; 546 return &res->pub; 547} 548EXPORT_SYMBOL(cfg80211_get_mesh); 549 550 551static void rb_insert_bss(struct cfg80211_registered_device *dev, 552 struct cfg80211_internal_bss *bss) 553{ 554 struct rb_node **p = &dev->bss_tree.rb_node; 555 struct rb_node *parent = NULL; 556 struct cfg80211_internal_bss *tbss; 557 int cmp; 558 559 while (*p) { 560 parent = *p; 561 tbss = rb_entry(parent, struct cfg80211_internal_bss, rbn); 562 563 cmp = cmp_bss(&bss->pub, &tbss->pub); 564 565 if (WARN_ON(!cmp)) { 566 /* will sort of leak this BSS */ 567 return; 568 } 569 570 if (cmp < 0) 571 p = &(*p)->rb_left; 572 else 573 p = &(*p)->rb_right; 574 } 575 576 rb_link_node(&bss->rbn, parent, p); 577 rb_insert_color(&bss->rbn, &dev->bss_tree); 578} 579 580static struct cfg80211_internal_bss * 581rb_find_bss(struct cfg80211_registered_device *dev, 582 struct cfg80211_internal_bss *res) 583{ 584 struct rb_node *n = dev->bss_tree.rb_node; 585 struct cfg80211_internal_bss *bss; 586 int r; 587 588 while (n) { 589 bss = rb_entry(n, struct cfg80211_internal_bss, rbn); 590 r = cmp_bss(&res->pub, &bss->pub); 591 592 if (r == 0) 593 return bss; 594 else if (r < 0) 595 n = n->rb_left; 596 else 597 n = n->rb_right; 598 } 599 600 return NULL; 601} 602 603static struct cfg80211_internal_bss * 604rb_find_hidden_bss(struct cfg80211_registered_device *dev, 605 struct cfg80211_internal_bss *res) 606{ 607 struct rb_node *n = dev->bss_tree.rb_node; 608 struct cfg80211_internal_bss *bss; 609 int r; 610 611 while (n) { 612 bss = rb_entry(n, struct cfg80211_internal_bss, rbn); 613 r = cmp_hidden_bss(&res->pub, &bss->pub); 614 615 if (r == 0) 616 return bss; 617 else if (r < 0) 618 n = n->rb_left; 619 else 620 n = n->rb_right; 621 } 622 623 return NULL; 624} 625 626static void 627copy_hidden_ies(struct cfg80211_internal_bss *res, 628 struct cfg80211_internal_bss *hidden) 629{ 630 if (unlikely(res->pub.beacon_ies)) 631 return; 632 if (WARN_ON(!hidden->pub.beacon_ies)) 633 return; 634 635 res->pub.beacon_ies = kmalloc(hidden->pub.len_beacon_ies, GFP_ATOMIC); 636 if (unlikely(!res->pub.beacon_ies)) 637 return; 638 639 res->beacon_ies_allocated = true; 640 res->pub.len_beacon_ies = hidden->pub.len_beacon_ies; 641 memcpy(res->pub.beacon_ies, hidden->pub.beacon_ies, 642 res->pub.len_beacon_ies); 643} 644 645static struct cfg80211_internal_bss * 646cfg80211_bss_update(struct cfg80211_registered_device *dev, 647 struct cfg80211_internal_bss *res) 648{ 649 struct cfg80211_internal_bss *found = NULL; 650 651 /* 652 * The reference to "res" is donated to this function. 653 */ 654 655 if (WARN_ON(!res->pub.channel)) { 656 kref_put(&res->ref, bss_release); 657 return NULL; 658 } 659 660 res->ts = jiffies; 661 662 spin_lock_bh(&dev->bss_lock); 663 664 found = rb_find_bss(dev, res); 665 666 if (found) { 667 found->pub.beacon_interval = res->pub.beacon_interval; 668 found->pub.tsf = res->pub.tsf; 669 found->pub.signal = res->pub.signal; 670 found->pub.capability = res->pub.capability; 671 found->ts = res->ts; 672 673 /* Update IEs */ 674 if (res->pub.proberesp_ies) { 675 size_t used = dev->wiphy.bss_priv_size + sizeof(*res); 676 size_t ielen = res->pub.len_proberesp_ies; 677 678 if (found->pub.proberesp_ies && 679 !found->proberesp_ies_allocated && 680 ksize(found) >= used + ielen) { 681 memcpy(found->pub.proberesp_ies, 682 res->pub.proberesp_ies, ielen); 683 found->pub.len_proberesp_ies = ielen; 684 } else { 685 u8 *ies = found->pub.proberesp_ies; 686 687 if (found->proberesp_ies_allocated) 688 ies = krealloc(ies, ielen, GFP_ATOMIC); 689 else 690 ies = kmalloc(ielen, GFP_ATOMIC); 691 692 if (ies) { 693 memcpy(ies, res->pub.proberesp_ies, 694 ielen); 695 found->proberesp_ies_allocated = true; 696 found->pub.proberesp_ies = ies; 697 found->pub.len_proberesp_ies = ielen; 698 } 699 } 700 701 /* Override possible earlier Beacon frame IEs */ 702 found->pub.information_elements = 703 found->pub.proberesp_ies; 704 found->pub.len_information_elements = 705 found->pub.len_proberesp_ies; 706 } 707 if (res->pub.beacon_ies) { 708 size_t used = dev->wiphy.bss_priv_size + sizeof(*res); 709 size_t ielen = res->pub.len_beacon_ies; 710 bool information_elements_is_beacon_ies = 711 (found->pub.information_elements == 712 found->pub.beacon_ies); 713 714 if (found->pub.beacon_ies && 715 !found->beacon_ies_allocated && 716 ksize(found) >= used + ielen) { 717 memcpy(found->pub.beacon_ies, 718 res->pub.beacon_ies, ielen); 719 found->pub.len_beacon_ies = ielen; 720 } else { 721 u8 *ies = found->pub.beacon_ies; 722 723 if (found->beacon_ies_allocated) 724 ies = krealloc(ies, ielen, GFP_ATOMIC); 725 else 726 ies = kmalloc(ielen, GFP_ATOMIC); 727 728 if (ies) { 729 memcpy(ies, res->pub.beacon_ies, 730 ielen); 731 found->beacon_ies_allocated = true; 732 found->pub.beacon_ies = ies; 733 found->pub.len_beacon_ies = ielen; 734 } 735 } 736 737 /* Override IEs if they were from a beacon before */ 738 if (information_elements_is_beacon_ies) { 739 found->pub.information_elements = 740 found->pub.beacon_ies; 741 found->pub.len_information_elements = 742 found->pub.len_beacon_ies; 743 } 744 } 745 746 kref_put(&res->ref, bss_release); 747 } else { 748 struct cfg80211_internal_bss *hidden; 749 750 /* First check if the beacon is a probe response from 751 * a hidden bss. If so, copy beacon ies (with nullified 752 * ssid) into the probe response bss entry (with real ssid). 753 * It is required basically for PSM implementation 754 * (probe responses do not contain tim ie) */ 755 756 /* TODO: The code is not trying to update existing probe 757 * response bss entries when beacon ies are 758 * getting changed. */ 759 hidden = rb_find_hidden_bss(dev, res); 760 if (hidden) 761 copy_hidden_ies(res, hidden); 762 763 /* this "consumes" the reference */ 764 list_add_tail(&res->list, &dev->bss_list); 765 rb_insert_bss(dev, res); 766 found = res; 767 } 768 769 dev->bss_generation++; 770 spin_unlock_bh(&dev->bss_lock); 771 772 kref_get(&found->ref); 773 return found; 774} 775 776static struct ieee80211_channel * 777cfg80211_get_bss_channel(struct wiphy *wiphy, const u8 *ie, size_t ielen, 778 struct ieee80211_channel *channel) 779{ 780 const u8 *tmp; 781 u32 freq; 782 int channel_number = -1; 783 784 tmp = cfg80211_find_ie(WLAN_EID_DS_PARAMS, ie, ielen); 785 if (tmp && tmp[1] == 1) { 786 channel_number = tmp[2]; 787 } else { 788 tmp = cfg80211_find_ie(WLAN_EID_HT_OPERATION, ie, ielen); 789 if (tmp && tmp[1] >= sizeof(struct ieee80211_ht_operation)) { 790 struct ieee80211_ht_operation *htop = (void *)(tmp + 2); 791 792 channel_number = htop->primary_chan; 793 } 794 } 795 796 if (channel_number < 0) 797 return channel; 798 799 freq = ieee80211_channel_to_frequency(channel_number, channel->band); 800 channel = ieee80211_get_channel(wiphy, freq); 801 if (!channel) 802 return NULL; 803 if (channel->flags & IEEE80211_CHAN_DISABLED) 804 return NULL; 805 return channel; 806} 807 808struct cfg80211_bss* 809cfg80211_inform_bss(struct wiphy *wiphy, 810 struct ieee80211_channel *channel, 811 const u8 *bssid, u64 tsf, u16 capability, 812 u16 beacon_interval, const u8 *ie, size_t ielen, 813 s32 signal, gfp_t gfp) 814{ 815 struct cfg80211_internal_bss *res; 816 size_t privsz; 817 818 if (WARN_ON(!wiphy)) 819 return NULL; 820 821 privsz = wiphy->bss_priv_size; 822 823 if (WARN_ON(wiphy->signal_type == CFG80211_SIGNAL_TYPE_UNSPEC && 824 (signal < 0 || signal > 100))) 825 return NULL; 826 827 channel = cfg80211_get_bss_channel(wiphy, ie, ielen, channel); 828 if (!channel) 829 return NULL; 830 831 res = kzalloc(sizeof(*res) + privsz + ielen, gfp); 832 if (!res) 833 return NULL; 834 835 memcpy(res->pub.bssid, bssid, ETH_ALEN); 836 res->pub.channel = channel; 837 res->pub.signal = signal; 838 res->pub.tsf = tsf; 839 res->pub.beacon_interval = beacon_interval; 840 res->pub.capability = capability; 841 /* 842 * Since we do not know here whether the IEs are from a Beacon or Probe 843 * Response frame, we need to pick one of the options and only use it 844 * with the driver that does not provide the full Beacon/Probe Response 845 * frame. Use Beacon frame pointer to avoid indicating that this should 846 * override the information_elements pointer should we have received an 847 * earlier indication of Probe Response data. 848 * 849 * The initial buffer for the IEs is allocated with the BSS entry and 850 * is located after the private area. 851 */ 852 res->pub.beacon_ies = (u8 *)res + sizeof(*res) + privsz; 853 memcpy(res->pub.beacon_ies, ie, ielen); 854 res->pub.len_beacon_ies = ielen; 855 res->pub.information_elements = res->pub.beacon_ies; 856 res->pub.len_information_elements = res->pub.len_beacon_ies; 857 858 kref_init(&res->ref); 859 860 res = cfg80211_bss_update(wiphy_to_dev(wiphy), res); 861 if (!res) 862 return NULL; 863 864 if (res->pub.capability & WLAN_CAPABILITY_ESS) 865 regulatory_hint_found_beacon(wiphy, channel, gfp); 866 867 trace_cfg80211_return_bss(&res->pub); 868 /* cfg80211_bss_update gives us a referenced result */ 869 return &res->pub; 870} 871EXPORT_SYMBOL(cfg80211_inform_bss); 872 873struct cfg80211_bss * 874cfg80211_inform_bss_frame(struct wiphy *wiphy, 875 struct ieee80211_channel *channel, 876 struct ieee80211_mgmt *mgmt, size_t len, 877 s32 signal, gfp_t gfp) 878{ 879 struct cfg80211_internal_bss *res; 880 size_t ielen = len - offsetof(struct ieee80211_mgmt, 881 u.probe_resp.variable); 882 size_t privsz; 883 884 BUILD_BUG_ON(offsetof(struct ieee80211_mgmt, u.probe_resp.variable) != 885 offsetof(struct ieee80211_mgmt, u.beacon.variable)); 886 887 trace_cfg80211_inform_bss_frame(wiphy, channel, mgmt, len, signal); 888 889 if (WARN_ON(!mgmt)) 890 return NULL; 891 892 if (WARN_ON(!wiphy)) 893 return NULL; 894 895 if (WARN_ON(wiphy->signal_type == CFG80211_SIGNAL_TYPE_UNSPEC && 896 (signal < 0 || signal > 100))) 897 return NULL; 898 899 if (WARN_ON(len < offsetof(struct ieee80211_mgmt, u.probe_resp.variable))) 900 return NULL; 901 902 privsz = wiphy->bss_priv_size; 903 904 channel = cfg80211_get_bss_channel(wiphy, mgmt->u.beacon.variable, 905 ielen, channel); 906 if (!channel) 907 return NULL; 908 909 res = kzalloc(sizeof(*res) + privsz + ielen, gfp); 910 if (!res) 911 return NULL; 912 913 memcpy(res->pub.bssid, mgmt->bssid, ETH_ALEN); 914 res->pub.channel = channel; 915 res->pub.signal = signal; 916 res->pub.tsf = le64_to_cpu(mgmt->u.probe_resp.timestamp); 917 res->pub.beacon_interval = le16_to_cpu(mgmt->u.probe_resp.beacon_int); 918 res->pub.capability = le16_to_cpu(mgmt->u.probe_resp.capab_info); 919 /* 920 * The initial buffer for the IEs is allocated with the BSS entry and 921 * is located after the private area. 922 */ 923 if (ieee80211_is_probe_resp(mgmt->frame_control)) { 924 res->pub.proberesp_ies = (u8 *) res + sizeof(*res) + privsz; 925 memcpy(res->pub.proberesp_ies, mgmt->u.probe_resp.variable, 926 ielen); 927 res->pub.len_proberesp_ies = ielen; 928 res->pub.information_elements = res->pub.proberesp_ies; 929 res->pub.len_information_elements = res->pub.len_proberesp_ies; 930 } else { 931 res->pub.beacon_ies = (u8 *) res + sizeof(*res) + privsz; 932 memcpy(res->pub.beacon_ies, mgmt->u.beacon.variable, ielen); 933 res->pub.len_beacon_ies = ielen; 934 res->pub.information_elements = res->pub.beacon_ies; 935 res->pub.len_information_elements = res->pub.len_beacon_ies; 936 } 937 938 kref_init(&res->ref); 939 940 res = cfg80211_bss_update(wiphy_to_dev(wiphy), res); 941 if (!res) 942 return NULL; 943 944 if (res->pub.capability & WLAN_CAPABILITY_ESS) 945 regulatory_hint_found_beacon(wiphy, channel, gfp); 946 947 trace_cfg80211_return_bss(&res->pub); 948 /* cfg80211_bss_update gives us a referenced result */ 949 return &res->pub; 950} 951EXPORT_SYMBOL(cfg80211_inform_bss_frame); 952 953void cfg80211_ref_bss(struct cfg80211_bss *pub) 954{ 955 struct cfg80211_internal_bss *bss; 956 957 if (!pub) 958 return; 959 960 bss = container_of(pub, struct cfg80211_internal_bss, pub); 961 kref_get(&bss->ref); 962} 963EXPORT_SYMBOL(cfg80211_ref_bss); 964 965void cfg80211_put_bss(struct cfg80211_bss *pub) 966{ 967 struct cfg80211_internal_bss *bss; 968 969 if (!pub) 970 return; 971 972 bss = container_of(pub, struct cfg80211_internal_bss, pub); 973 kref_put(&bss->ref, bss_release); 974} 975EXPORT_SYMBOL(cfg80211_put_bss); 976 977void cfg80211_unlink_bss(struct wiphy *wiphy, struct cfg80211_bss *pub) 978{ 979 struct cfg80211_registered_device *dev = wiphy_to_dev(wiphy); 980 struct cfg80211_internal_bss *bss; 981 982 if (WARN_ON(!pub)) 983 return; 984 985 bss = container_of(pub, struct cfg80211_internal_bss, pub); 986 987 spin_lock_bh(&dev->bss_lock); 988 if (!list_empty(&bss->list)) { 989 __cfg80211_unlink_bss(dev, bss); 990 dev->bss_generation++; 991 } 992 spin_unlock_bh(&dev->bss_lock); 993} 994EXPORT_SYMBOL(cfg80211_unlink_bss); 995 996#ifdef CONFIG_CFG80211_WEXT 997int cfg80211_wext_siwscan(struct net_device *dev, 998 struct iw_request_info *info, 999 union iwreq_data *wrqu, char *extra) 1000{ 1001 struct cfg80211_registered_device *rdev; 1002 struct wiphy *wiphy; 1003 struct iw_scan_req *wreq = NULL; 1004 struct cfg80211_scan_request *creq = NULL; 1005 int i, err, n_channels = 0; 1006 enum ieee80211_band band; 1007 1008 if (!netif_running(dev)) 1009 return -ENETDOWN; 1010 1011 if (wrqu->data.length == sizeof(struct iw_scan_req)) 1012 wreq = (struct iw_scan_req *)extra; 1013 1014 rdev = cfg80211_get_dev_from_ifindex(dev_net(dev), dev->ifindex); 1015 1016 if (IS_ERR(rdev)) 1017 return PTR_ERR(rdev); 1018 1019 if (rdev->scan_req) { 1020 err = -EBUSY; 1021 goto out; 1022 } 1023 1024 wiphy = &rdev->wiphy; 1025 1026 /* Determine number of channels, needed to allocate creq */ 1027 if (wreq && wreq->num_channels) 1028 n_channels = wreq->num_channels; 1029 else { 1030 for (band = 0; band < IEEE80211_NUM_BANDS; band++) 1031 if (wiphy->bands[band]) 1032 n_channels += wiphy->bands[band]->n_channels; 1033 } 1034 1035 creq = kzalloc(sizeof(*creq) + sizeof(struct cfg80211_ssid) + 1036 n_channels * sizeof(void *), 1037 GFP_ATOMIC); 1038 if (!creq) { 1039 err = -ENOMEM; 1040 goto out; 1041 } 1042 1043 creq->wiphy = wiphy; 1044 creq->wdev = dev->ieee80211_ptr; 1045 /* SSIDs come after channels */ 1046 creq->ssids = (void *)&creq->channels[n_channels]; 1047 creq->n_channels = n_channels; 1048 creq->n_ssids = 1; 1049 creq->scan_start = jiffies; 1050 1051 /* translate "Scan on frequencies" request */ 1052 i = 0; 1053 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 1054 int j; 1055 1056 if (!wiphy->bands[band]) 1057 continue; 1058 1059 for (j = 0; j < wiphy->bands[band]->n_channels; j++) { 1060 /* ignore disabled channels */ 1061 if (wiphy->bands[band]->channels[j].flags & 1062 IEEE80211_CHAN_DISABLED) 1063 continue; 1064 1065 /* If we have a wireless request structure and the 1066 * wireless request specifies frequencies, then search 1067 * for the matching hardware channel. 1068 */ 1069 if (wreq && wreq->num_channels) { 1070 int k; 1071 int wiphy_freq = wiphy->bands[band]->channels[j].center_freq; 1072 for (k = 0; k < wreq->num_channels; k++) { 1073 int wext_freq = cfg80211_wext_freq(wiphy, &wreq->channel_list[k]); 1074 if (wext_freq == wiphy_freq) 1075 goto wext_freq_found; 1076 } 1077 goto wext_freq_not_found; 1078 } 1079 1080 wext_freq_found: 1081 creq->channels[i] = &wiphy->bands[band]->channels[j]; 1082 i++; 1083 wext_freq_not_found: ; 1084 } 1085 } 1086 /* No channels found? */ 1087 if (!i) { 1088 err = -EINVAL; 1089 goto out; 1090 } 1091 1092 /* Set real number of channels specified in creq->channels[] */ 1093 creq->n_channels = i; 1094 1095 /* translate "Scan for SSID" request */ 1096 if (wreq) { 1097 if (wrqu->data.flags & IW_SCAN_THIS_ESSID) { 1098 if (wreq->essid_len > IEEE80211_MAX_SSID_LEN) { 1099 err = -EINVAL; 1100 goto out; 1101 } 1102 memcpy(creq->ssids[0].ssid, wreq->essid, wreq->essid_len); 1103 creq->ssids[0].ssid_len = wreq->essid_len; 1104 } 1105 if (wreq->scan_type == IW_SCAN_TYPE_PASSIVE) 1106 creq->n_ssids = 0; 1107 } 1108 1109 for (i = 0; i < IEEE80211_NUM_BANDS; i++) 1110 if (wiphy->bands[i]) 1111 creq->rates[i] = (1 << wiphy->bands[i]->n_bitrates) - 1; 1112 1113 rdev->scan_req = creq; 1114 err = rdev_scan(rdev, creq); 1115 if (err) { 1116 rdev->scan_req = NULL; 1117 /* creq will be freed below */ 1118 } else { 1119 nl80211_send_scan_start(rdev, dev->ieee80211_ptr); 1120 /* creq now owned by driver */ 1121 creq = NULL; 1122 dev_hold(dev); 1123 } 1124 out: 1125 kfree(creq); 1126 cfg80211_unlock_rdev(rdev); 1127 return err; 1128} 1129EXPORT_SYMBOL_GPL(cfg80211_wext_siwscan); 1130 1131static void ieee80211_scan_add_ies(struct iw_request_info *info, 1132 struct cfg80211_bss *bss, 1133 char **current_ev, char *end_buf) 1134{ 1135 u8 *pos, *end, *next; 1136 struct iw_event iwe; 1137 1138 if (!bss->information_elements || 1139 !bss->len_information_elements) 1140 return; 1141 1142 /* 1143 * If needed, fragment the IEs buffer (at IE boundaries) into short 1144 * enough fragments to fit into IW_GENERIC_IE_MAX octet messages. 1145 */ 1146 pos = bss->information_elements; 1147 end = pos + bss->len_information_elements; 1148 1149 while (end - pos > IW_GENERIC_IE_MAX) { 1150 next = pos + 2 + pos[1]; 1151 while (next + 2 + next[1] - pos < IW_GENERIC_IE_MAX) 1152 next = next + 2 + next[1]; 1153 1154 memset(&iwe, 0, sizeof(iwe)); 1155 iwe.cmd = IWEVGENIE; 1156 iwe.u.data.length = next - pos; 1157 *current_ev = iwe_stream_add_point(info, *current_ev, 1158 end_buf, &iwe, pos); 1159 1160 pos = next; 1161 } 1162 1163 if (end > pos) { 1164 memset(&iwe, 0, sizeof(iwe)); 1165 iwe.cmd = IWEVGENIE; 1166 iwe.u.data.length = end - pos; 1167 *current_ev = iwe_stream_add_point(info, *current_ev, 1168 end_buf, &iwe, pos); 1169 } 1170} 1171 1172static inline unsigned int elapsed_jiffies_msecs(unsigned long start) 1173{ 1174 unsigned long end = jiffies; 1175 1176 if (end >= start) 1177 return jiffies_to_msecs(end - start); 1178 1179 return jiffies_to_msecs(end + (MAX_JIFFY_OFFSET - start) + 1); 1180} 1181 1182static char * 1183ieee80211_bss(struct wiphy *wiphy, struct iw_request_info *info, 1184 struct cfg80211_internal_bss *bss, char *current_ev, 1185 char *end_buf) 1186{ 1187 struct iw_event iwe; 1188 u8 *buf, *cfg, *p; 1189 u8 *ie = bss->pub.information_elements; 1190 int rem = bss->pub.len_information_elements, i, sig; 1191 bool ismesh = false; 1192 1193 memset(&iwe, 0, sizeof(iwe)); 1194 iwe.cmd = SIOCGIWAP; 1195 iwe.u.ap_addr.sa_family = ARPHRD_ETHER; 1196 memcpy(iwe.u.ap_addr.sa_data, bss->pub.bssid, ETH_ALEN); 1197 current_ev = iwe_stream_add_event(info, current_ev, end_buf, &iwe, 1198 IW_EV_ADDR_LEN); 1199 1200 memset(&iwe, 0, sizeof(iwe)); 1201 iwe.cmd = SIOCGIWFREQ; 1202 iwe.u.freq.m = ieee80211_frequency_to_channel(bss->pub.channel->center_freq); 1203 iwe.u.freq.e = 0; 1204 current_ev = iwe_stream_add_event(info, current_ev, end_buf, &iwe, 1205 IW_EV_FREQ_LEN); 1206 1207 memset(&iwe, 0, sizeof(iwe)); 1208 iwe.cmd = SIOCGIWFREQ; 1209 iwe.u.freq.m = bss->pub.channel->center_freq; 1210 iwe.u.freq.e = 6; 1211 current_ev = iwe_stream_add_event(info, current_ev, end_buf, &iwe, 1212 IW_EV_FREQ_LEN); 1213 1214 if (wiphy->signal_type != CFG80211_SIGNAL_TYPE_NONE) { 1215 memset(&iwe, 0, sizeof(iwe)); 1216 iwe.cmd = IWEVQUAL; 1217 iwe.u.qual.updated = IW_QUAL_LEVEL_UPDATED | 1218 IW_QUAL_NOISE_INVALID | 1219 IW_QUAL_QUAL_UPDATED; 1220 switch (wiphy->signal_type) { 1221 case CFG80211_SIGNAL_TYPE_MBM: 1222 sig = bss->pub.signal / 100; 1223 iwe.u.qual.level = sig; 1224 iwe.u.qual.updated |= IW_QUAL_DBM; 1225 if (sig < -110) /* rather bad */ 1226 sig = -110; 1227 else if (sig > -40) /* perfect */ 1228 sig = -40; 1229 /* will give a range of 0 .. 70 */ 1230 iwe.u.qual.qual = sig + 110; 1231 break; 1232 case CFG80211_SIGNAL_TYPE_UNSPEC: 1233 iwe.u.qual.level = bss->pub.signal; 1234 /* will give range 0 .. 100 */ 1235 iwe.u.qual.qual = bss->pub.signal; 1236 break; 1237 default: 1238 /* not reached */ 1239 break; 1240 } 1241 current_ev = iwe_stream_add_event(info, current_ev, end_buf, 1242 &iwe, IW_EV_QUAL_LEN); 1243 } 1244 1245 memset(&iwe, 0, sizeof(iwe)); 1246 iwe.cmd = SIOCGIWENCODE; 1247 if (bss->pub.capability & WLAN_CAPABILITY_PRIVACY) 1248 iwe.u.data.flags = IW_ENCODE_ENABLED | IW_ENCODE_NOKEY; 1249 else 1250 iwe.u.data.flags = IW_ENCODE_DISABLED; 1251 iwe.u.data.length = 0; 1252 current_ev = iwe_stream_add_point(info, current_ev, end_buf, 1253 &iwe, ""); 1254 1255 while (rem >= 2) { 1256 /* invalid data */ 1257 if (ie[1] > rem - 2) 1258 break; 1259 1260 switch (ie[0]) { 1261 case WLAN_EID_SSID: 1262 memset(&iwe, 0, sizeof(iwe)); 1263 iwe.cmd = SIOCGIWESSID; 1264 iwe.u.data.length = ie[1]; 1265 iwe.u.data.flags = 1; 1266 current_ev = iwe_stream_add_point(info, current_ev, end_buf, 1267 &iwe, ie + 2); 1268 break; 1269 case WLAN_EID_MESH_ID: 1270 memset(&iwe, 0, sizeof(iwe)); 1271 iwe.cmd = SIOCGIWESSID; 1272 iwe.u.data.length = ie[1]; 1273 iwe.u.data.flags = 1; 1274 current_ev = iwe_stream_add_point(info, current_ev, end_buf, 1275 &iwe, ie + 2); 1276 break; 1277 case WLAN_EID_MESH_CONFIG: 1278 ismesh = true; 1279 if (ie[1] != sizeof(struct ieee80211_meshconf_ie)) 1280 break; 1281 buf = kmalloc(50, GFP_ATOMIC); 1282 if (!buf) 1283 break; 1284 cfg = ie + 2; 1285 memset(&iwe, 0, sizeof(iwe)); 1286 iwe.cmd = IWEVCUSTOM; 1287 sprintf(buf, "Mesh Network Path Selection Protocol ID: " 1288 "0x%02X", cfg[0]); 1289 iwe.u.data.length = strlen(buf); 1290 current_ev = iwe_stream_add_point(info, current_ev, 1291 end_buf, 1292 &iwe, buf); 1293 sprintf(buf, "Path Selection Metric ID: 0x%02X", 1294 cfg[1]); 1295 iwe.u.data.length = strlen(buf); 1296 current_ev = iwe_stream_add_point(info, current_ev, 1297 end_buf, 1298 &iwe, buf); 1299 sprintf(buf, "Congestion Control Mode ID: 0x%02X", 1300 cfg[2]); 1301 iwe.u.data.length = strlen(buf); 1302 current_ev = iwe_stream_add_point(info, current_ev, 1303 end_buf, 1304 &iwe, buf); 1305 sprintf(buf, "Synchronization ID: 0x%02X", cfg[3]); 1306 iwe.u.data.length = strlen(buf); 1307 current_ev = iwe_stream_add_point(info, current_ev, 1308 end_buf, 1309 &iwe, buf); 1310 sprintf(buf, "Authentication ID: 0x%02X", cfg[4]); 1311 iwe.u.data.length = strlen(buf); 1312 current_ev = iwe_stream_add_point(info, current_ev, 1313 end_buf, 1314 &iwe, buf); 1315 sprintf(buf, "Formation Info: 0x%02X", cfg[5]); 1316 iwe.u.data.length = strlen(buf); 1317 current_ev = iwe_stream_add_point(info, current_ev, 1318 end_buf, 1319 &iwe, buf); 1320 sprintf(buf, "Capabilities: 0x%02X", cfg[6]); 1321 iwe.u.data.length = strlen(buf); 1322 current_ev = iwe_stream_add_point(info, current_ev, 1323 end_buf, 1324 &iwe, buf); 1325 kfree(buf); 1326 break; 1327 case WLAN_EID_SUPP_RATES: 1328 case WLAN_EID_EXT_SUPP_RATES: 1329 /* display all supported rates in readable format */ 1330 p = current_ev + iwe_stream_lcp_len(info); 1331 1332 memset(&iwe, 0, sizeof(iwe)); 1333 iwe.cmd = SIOCGIWRATE; 1334 /* Those two flags are ignored... */ 1335 iwe.u.bitrate.fixed = iwe.u.bitrate.disabled = 0; 1336 1337 for (i = 0; i < ie[1]; i++) { 1338 iwe.u.bitrate.value = 1339 ((ie[i + 2] & 0x7f) * 500000); 1340 p = iwe_stream_add_value(info, current_ev, p, 1341 end_buf, &iwe, IW_EV_PARAM_LEN); 1342 } 1343 current_ev = p; 1344 break; 1345 } 1346 rem -= ie[1] + 2; 1347 ie += ie[1] + 2; 1348 } 1349 1350 if (bss->pub.capability & (WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_IBSS) || 1351 ismesh) { 1352 memset(&iwe, 0, sizeof(iwe)); 1353 iwe.cmd = SIOCGIWMODE; 1354 if (ismesh) 1355 iwe.u.mode = IW_MODE_MESH; 1356 else if (bss->pub.capability & WLAN_CAPABILITY_ESS) 1357 iwe.u.mode = IW_MODE_MASTER; 1358 else 1359 iwe.u.mode = IW_MODE_ADHOC; 1360 current_ev = iwe_stream_add_event(info, current_ev, end_buf, 1361 &iwe, IW_EV_UINT_LEN); 1362 } 1363 1364 buf = kmalloc(30, GFP_ATOMIC); 1365 if (buf) { 1366 memset(&iwe, 0, sizeof(iwe)); 1367 iwe.cmd = IWEVCUSTOM; 1368 sprintf(buf, "tsf=%016llx", (unsigned long long)(bss->pub.tsf)); 1369 iwe.u.data.length = strlen(buf); 1370 current_ev = iwe_stream_add_point(info, current_ev, end_buf, 1371 &iwe, buf); 1372 memset(&iwe, 0, sizeof(iwe)); 1373 iwe.cmd = IWEVCUSTOM; 1374 sprintf(buf, " Last beacon: %ums ago", 1375 elapsed_jiffies_msecs(bss->ts)); 1376 iwe.u.data.length = strlen(buf); 1377 current_ev = iwe_stream_add_point(info, current_ev, 1378 end_buf, &iwe, buf); 1379 kfree(buf); 1380 } 1381 1382 ieee80211_scan_add_ies(info, &bss->pub, ¤t_ev, end_buf); 1383 1384 return current_ev; 1385} 1386 1387 1388static int ieee80211_scan_results(struct cfg80211_registered_device *dev, 1389 struct iw_request_info *info, 1390 char *buf, size_t len) 1391{ 1392 char *current_ev = buf; 1393 char *end_buf = buf + len; 1394 struct cfg80211_internal_bss *bss; 1395 1396 spin_lock_bh(&dev->bss_lock); 1397 cfg80211_bss_expire(dev); 1398 1399 list_for_each_entry(bss, &dev->bss_list, list) { 1400 if (buf + len - current_ev <= IW_EV_ADDR_LEN) { 1401 spin_unlock_bh(&dev->bss_lock); 1402 return -E2BIG; 1403 } 1404 current_ev = ieee80211_bss(&dev->wiphy, info, bss, 1405 current_ev, end_buf); 1406 } 1407 spin_unlock_bh(&dev->bss_lock); 1408 return current_ev - buf; 1409} 1410 1411 1412int cfg80211_wext_giwscan(struct net_device *dev, 1413 struct iw_request_info *info, 1414 struct iw_point *data, char *extra) 1415{ 1416 struct cfg80211_registered_device *rdev; 1417 int res; 1418 1419 if (!netif_running(dev)) 1420 return -ENETDOWN; 1421 1422 rdev = cfg80211_get_dev_from_ifindex(dev_net(dev), dev->ifindex); 1423 1424 if (IS_ERR(rdev)) 1425 return PTR_ERR(rdev); 1426 1427 if (rdev->scan_req) { 1428 res = -EAGAIN; 1429 goto out; 1430 } 1431 1432 res = ieee80211_scan_results(rdev, info, extra, data->length); 1433 data->length = 0; 1434 if (res >= 0) { 1435 data->length = res; 1436 res = 0; 1437 } 1438 1439 out: 1440 cfg80211_unlock_rdev(rdev); 1441 return res; 1442} 1443EXPORT_SYMBOL_GPL(cfg80211_wext_giwscan); 1444#endif 1445