2 * cfg80211 scan result handling
4 * Copyright 2008 Johannes Berg <johannes@sipsolutions.net>
5 * Copyright 2013-2014 Intel Mobile Communications GmbH
6 * Copyright 2016 Intel Deutschland GmbH
8 #include <linux/kernel.h>
9 #include <linux/slab.h>
10 #include <linux/module.h>
11 #include <linux/netdevice.h>
12 #include <linux/wireless.h>
13 #include <linux/nl80211.h>
14 #include <linux/etherdevice.h>
16 #include <net/cfg80211.h>
17 #include <net/cfg80211-wext.h>
18 #include <net/iw_handler.h>
21 #include "wext-compat.h"
25 * DOC: BSS tree/list structure
27 * At the top level, the BSS list is kept in both a list in each
28 * registered device (@bss_list) as well as an RB-tree for faster
29 * lookup. In the RB-tree, entries can be looked up using their
30 * channel, MESHID, MESHCONF (for MBSSes) or channel, BSSID, SSID
33 * Due to the possibility of hidden SSIDs, there's a second level
34 * structure, the "hidden_list" and "hidden_beacon_bss" pointer.
35 * The hidden_list connects all BSSes belonging to a single AP
36 * that has a hidden SSID, and connects beacon and probe response
37 * entries. For a probe response entry for a hidden SSID, the
38 * hidden_beacon_bss pointer points to the BSS struct holding the
39 * beacon's information.
41 * Reference counting is done for all these references except for
42 * the hidden_list, so that a beacon BSS struct that is otherwise
43 * not referenced has one reference for being on the bss_list and
44 * one for each probe response entry that points to it using the
45 * hidden_beacon_bss pointer. When a BSS struct that has such a
46 * pointer is get/put, the refcount update is also propagated to
47 * the referenced struct, this ensure that it cannot get removed
48 * while somebody is using the probe response version.
50 * Note that the hidden_beacon_bss pointer never changes, due to
51 * the reference counting. Therefore, no locking is needed for
54 * Also note that the hidden_beacon_bss pointer is only relevant
55 * if the driver uses something other than the IEs, e.g. private
56 * data stored stored in the BSS struct, since the beacon IEs are
57 * also linked into the probe response struct.
61 * Limit the number of BSS entries stored in mac80211. Each one is
62 * a bit over 4k at most, so this limits to roughly 4-5M of memory.
63 * If somebody wants to really attack this though, they'd likely
64 * use small beacons, and only one type of frame, limiting each of
65 * the entries to a much smaller size (in order to generate more
66 * entries in total, so overhead is bigger.)
68 static int bss_entries_limit = 1000;
69 module_param(bss_entries_limit, int, 0644);
70 MODULE_PARM_DESC(bss_entries_limit,
71 "limit to number of scan BSS entries (per wiphy, default 1000)");
73 #define IEEE80211_SCAN_RESULT_EXPIRE (30 * HZ)
75 static void bss_free(struct cfg80211_internal_bss *bss)
77 struct cfg80211_bss_ies *ies;
79 if (WARN_ON(atomic_read(&bss->hold)))
82 ies = (void *)rcu_access_pointer(bss->pub.beacon_ies);
83 if (ies && !bss->pub.hidden_beacon_bss)
84 kfree_rcu(ies, rcu_head);
85 ies = (void *)rcu_access_pointer(bss->pub.proberesp_ies);
87 kfree_rcu(ies, rcu_head);
90 * This happens when the module is removed, it doesn't
91 * really matter any more save for completeness
93 if (!list_empty(&bss->hidden_list))
94 list_del(&bss->hidden_list);
99 static inline void bss_ref_get(struct cfg80211_registered_device *rdev,
100 struct cfg80211_internal_bss *bss)
102 lockdep_assert_held(&rdev->bss_lock);
105 if (bss->pub.hidden_beacon_bss) {
106 bss = container_of(bss->pub.hidden_beacon_bss,
107 struct cfg80211_internal_bss,
113 static inline void bss_ref_put(struct cfg80211_registered_device *rdev,
114 struct cfg80211_internal_bss *bss)
116 lockdep_assert_held(&rdev->bss_lock);
118 if (bss->pub.hidden_beacon_bss) {
119 struct cfg80211_internal_bss *hbss;
120 hbss = container_of(bss->pub.hidden_beacon_bss,
121 struct cfg80211_internal_bss,
124 if (hbss->refcount == 0)
128 if (bss->refcount == 0)
132 static bool __cfg80211_unlink_bss(struct cfg80211_registered_device *rdev,
133 struct cfg80211_internal_bss *bss)
135 lockdep_assert_held(&rdev->bss_lock);
137 if (!list_empty(&bss->hidden_list)) {
139 * don't remove the beacon entry if it has
140 * probe responses associated with it
142 if (!bss->pub.hidden_beacon_bss)
145 * if it's a probe response entry break its
146 * link to the other entries in the group
148 list_del_init(&bss->hidden_list);
151 list_del_init(&bss->list);
152 rb_erase(&bss->rbn, &rdev->bss_tree);
154 WARN_ONCE((rdev->bss_entries == 0) ^ list_empty(&rdev->bss_list),
155 "rdev bss entries[%d]/list[empty:%d] corruption\n",
156 rdev->bss_entries, list_empty(&rdev->bss_list));
157 bss_ref_put(rdev, bss);
161 static void __cfg80211_bss_expire(struct cfg80211_registered_device *rdev,
162 unsigned long expire_time)
164 struct cfg80211_internal_bss *bss, *tmp;
165 bool expired = false;
167 lockdep_assert_held(&rdev->bss_lock);
169 list_for_each_entry_safe(bss, tmp, &rdev->bss_list, list) {
170 if (atomic_read(&bss->hold))
172 if (!time_after(expire_time, bss->ts))
175 if (__cfg80211_unlink_bss(rdev, bss))
180 rdev->bss_generation++;
183 static bool cfg80211_bss_expire_oldest(struct cfg80211_registered_device *rdev)
185 struct cfg80211_internal_bss *bss, *oldest = NULL;
188 lockdep_assert_held(&rdev->bss_lock);
190 list_for_each_entry(bss, &rdev->bss_list, list) {
191 if (atomic_read(&bss->hold))
194 if (!list_empty(&bss->hidden_list) &&
195 !bss->pub.hidden_beacon_bss)
198 if (oldest && time_before(oldest->ts, bss->ts))
203 if (WARN_ON(!oldest))
207 * The callers make sure to increase rdev->bss_generation if anything
208 * gets removed (and a new entry added), so there's no need to also do
212 ret = __cfg80211_unlink_bss(rdev, oldest);
217 void ___cfg80211_scan_done(struct cfg80211_registered_device *rdev,
220 struct cfg80211_scan_request *request;
221 struct wireless_dev *wdev;
223 #ifdef CONFIG_CFG80211_WEXT
224 union iwreq_data wrqu;
229 if (rdev->scan_msg) {
230 nl80211_send_scan_result(rdev, rdev->scan_msg);
231 rdev->scan_msg = NULL;
235 request = rdev->scan_req;
239 wdev = request->wdev;
242 * This must be before sending the other events!
243 * Otherwise, wpa_supplicant gets completely confused with
247 cfg80211_sme_scan_done(wdev->netdev);
249 if (!request->info.aborted &&
250 request->flags & NL80211_SCAN_FLAG_FLUSH) {
251 /* flush entries from previous scans */
252 spin_lock_bh(&rdev->bss_lock);
253 __cfg80211_bss_expire(rdev, request->scan_start);
254 spin_unlock_bh(&rdev->bss_lock);
257 msg = nl80211_build_scan_msg(rdev, wdev, request->info.aborted);
259 #ifdef CONFIG_CFG80211_WEXT
260 if (wdev->netdev && !request->info.aborted) {
261 memset(&wrqu, 0, sizeof(wrqu));
263 wireless_send_event(wdev->netdev, SIOCGIWSCAN, &wrqu, NULL);
268 dev_put(wdev->netdev);
270 rdev->scan_req = NULL;
274 rdev->scan_msg = msg;
276 nl80211_send_scan_result(rdev, msg);
279 void __cfg80211_scan_done(struct work_struct *wk)
281 struct cfg80211_registered_device *rdev;
283 rdev = container_of(wk, struct cfg80211_registered_device,
287 ___cfg80211_scan_done(rdev, true);
291 void cfg80211_scan_done(struct cfg80211_scan_request *request,
292 struct cfg80211_scan_info *info)
294 trace_cfg80211_scan_done(request, info);
295 WARN_ON(request != wiphy_to_rdev(request->wiphy)->scan_req);
297 request->info = *info;
298 request->notified = true;
299 queue_work(cfg80211_wq, &wiphy_to_rdev(request->wiphy)->scan_done_wk);
301 EXPORT_SYMBOL(cfg80211_scan_done);
303 void __cfg80211_sched_scan_results(struct work_struct *wk)
305 struct cfg80211_registered_device *rdev;
306 struct cfg80211_sched_scan_request *request;
308 rdev = container_of(wk, struct cfg80211_registered_device,
309 sched_scan_results_wk);
313 request = rtnl_dereference(rdev->sched_scan_req);
315 /* we don't have sched_scan_req anymore if the scan is stopping */
317 if (request->flags & NL80211_SCAN_FLAG_FLUSH) {
318 /* flush entries from previous scans */
319 spin_lock_bh(&rdev->bss_lock);
320 __cfg80211_bss_expire(rdev, request->scan_start);
321 spin_unlock_bh(&rdev->bss_lock);
322 request->scan_start = jiffies;
324 nl80211_send_sched_scan_results(rdev, request->dev);
330 void cfg80211_sched_scan_results(struct wiphy *wiphy)
332 trace_cfg80211_sched_scan_results(wiphy);
333 /* ignore if we're not scanning */
335 if (rcu_access_pointer(wiphy_to_rdev(wiphy)->sched_scan_req))
336 queue_work(cfg80211_wq,
337 &wiphy_to_rdev(wiphy)->sched_scan_results_wk);
339 EXPORT_SYMBOL(cfg80211_sched_scan_results);
341 void cfg80211_sched_scan_stopped_rtnl(struct wiphy *wiphy)
343 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
347 trace_cfg80211_sched_scan_stopped(wiphy);
349 __cfg80211_stop_sched_scan(rdev, true);
351 EXPORT_SYMBOL(cfg80211_sched_scan_stopped_rtnl);
353 void cfg80211_sched_scan_stopped(struct wiphy *wiphy)
356 cfg80211_sched_scan_stopped_rtnl(wiphy);
359 EXPORT_SYMBOL(cfg80211_sched_scan_stopped);
361 int __cfg80211_stop_sched_scan(struct cfg80211_registered_device *rdev,
362 bool driver_initiated)
364 struct cfg80211_sched_scan_request *sched_scan_req;
365 struct net_device *dev;
369 if (!rdev->sched_scan_req)
372 sched_scan_req = rtnl_dereference(rdev->sched_scan_req);
373 dev = sched_scan_req->dev;
375 if (!driver_initiated) {
376 int err = rdev_sched_scan_stop(rdev, dev);
381 nl80211_send_sched_scan(rdev, dev, NL80211_CMD_SCHED_SCAN_STOPPED);
383 RCU_INIT_POINTER(rdev->sched_scan_req, NULL);
384 kfree_rcu(sched_scan_req, rcu_head);
389 void cfg80211_bss_age(struct cfg80211_registered_device *rdev,
390 unsigned long age_secs)
392 struct cfg80211_internal_bss *bss;
393 unsigned long age_jiffies = msecs_to_jiffies(age_secs * MSEC_PER_SEC);
395 spin_lock_bh(&rdev->bss_lock);
396 list_for_each_entry(bss, &rdev->bss_list, list)
397 bss->ts -= age_jiffies;
398 spin_unlock_bh(&rdev->bss_lock);
401 void cfg80211_bss_expire(struct cfg80211_registered_device *rdev)
403 __cfg80211_bss_expire(rdev, jiffies - IEEE80211_SCAN_RESULT_EXPIRE);
406 const u8 *cfg80211_find_ie_match(u8 eid, const u8 *ies, int len,
407 const u8 *match, int match_len,
410 /* match_offset can't be smaller than 2, unless match_len is
411 * zero, in which case match_offset must be zero as well.
413 if (WARN_ON((match_len && match_offset < 2) ||
414 (!match_len && match_offset)))
417 while (len >= 2 && len >= ies[1] + 2) {
418 if ((ies[0] == eid) &&
419 (ies[1] + 2 >= match_offset + match_len) &&
420 !memcmp(ies + match_offset, match, match_len))
429 EXPORT_SYMBOL(cfg80211_find_ie_match);
431 const u8 *cfg80211_find_vendor_ie(unsigned int oui, int oui_type,
432 const u8 *ies, int len)
435 u8 match[] = { oui >> 16, oui >> 8, oui, oui_type };
436 int match_len = (oui_type < 0) ? 3 : sizeof(match);
438 if (WARN_ON(oui_type > 0xff))
441 ie = cfg80211_find_ie_match(WLAN_EID_VENDOR_SPECIFIC, ies, len,
442 match, match_len, 2);
444 if (ie && (ie[1] < 4))
449 EXPORT_SYMBOL(cfg80211_find_vendor_ie);
451 static bool is_bss(struct cfg80211_bss *a, const u8 *bssid,
452 const u8 *ssid, size_t ssid_len)
454 const struct cfg80211_bss_ies *ies;
457 if (bssid && !ether_addr_equal(a->bssid, bssid))
463 ies = rcu_access_pointer(a->ies);
466 ssidie = cfg80211_find_ie(WLAN_EID_SSID, ies->data, ies->len);
469 if (ssidie[1] != ssid_len)
471 return memcmp(ssidie + 2, ssid, ssid_len) == 0;
475 * enum bss_compare_mode - BSS compare mode
476 * @BSS_CMP_REGULAR: regular compare mode (for insertion and normal find)
477 * @BSS_CMP_HIDE_ZLEN: find hidden SSID with zero-length mode
478 * @BSS_CMP_HIDE_NUL: find hidden SSID with NUL-ed out mode
480 enum bss_compare_mode {
486 static int cmp_bss(struct cfg80211_bss *a,
487 struct cfg80211_bss *b,
488 enum bss_compare_mode mode)
490 const struct cfg80211_bss_ies *a_ies, *b_ies;
491 const u8 *ie1 = NULL;
492 const u8 *ie2 = NULL;
495 if (a->channel != b->channel)
496 return b->channel->center_freq - a->channel->center_freq;
498 a_ies = rcu_access_pointer(a->ies);
501 b_ies = rcu_access_pointer(b->ies);
505 if (WLAN_CAPABILITY_IS_STA_BSS(a->capability))
506 ie1 = cfg80211_find_ie(WLAN_EID_MESH_ID,
507 a_ies->data, a_ies->len);
508 if (WLAN_CAPABILITY_IS_STA_BSS(b->capability))
509 ie2 = cfg80211_find_ie(WLAN_EID_MESH_ID,
510 b_ies->data, b_ies->len);
514 if (ie1[1] == ie2[1])
515 mesh_id_cmp = memcmp(ie1 + 2, ie2 + 2, ie1[1]);
517 mesh_id_cmp = ie2[1] - ie1[1];
519 ie1 = cfg80211_find_ie(WLAN_EID_MESH_CONFIG,
520 a_ies->data, a_ies->len);
521 ie2 = cfg80211_find_ie(WLAN_EID_MESH_CONFIG,
522 b_ies->data, b_ies->len);
526 if (ie1[1] != ie2[1])
527 return ie2[1] - ie1[1];
528 return memcmp(ie1 + 2, ie2 + 2, ie1[1]);
532 r = memcmp(a->bssid, b->bssid, sizeof(a->bssid));
536 ie1 = cfg80211_find_ie(WLAN_EID_SSID, a_ies->data, a_ies->len);
537 ie2 = cfg80211_find_ie(WLAN_EID_SSID, b_ies->data, b_ies->len);
543 * Note that with "hide_ssid", the function returns a match if
544 * the already-present BSS ("b") is a hidden SSID beacon for
548 /* sort missing IE before (left of) present IE */
555 case BSS_CMP_HIDE_ZLEN:
557 * In ZLEN mode we assume the BSS entry we're
558 * looking for has a zero-length SSID. So if
559 * the one we're looking at right now has that,
560 * return 0. Otherwise, return the difference
561 * in length, but since we're looking for the
562 * 0-length it's really equivalent to returning
563 * the length of the one we're looking at.
565 * No content comparison is needed as we assume
566 * the content length is zero.
569 case BSS_CMP_REGULAR:
571 /* sort by length first, then by contents */
572 if (ie1[1] != ie2[1])
573 return ie2[1] - ie1[1];
574 return memcmp(ie1 + 2, ie2 + 2, ie1[1]);
575 case BSS_CMP_HIDE_NUL:
576 if (ie1[1] != ie2[1])
577 return ie2[1] - ie1[1];
578 /* this is equivalent to memcmp(zeroes, ie2 + 2, len) */
579 for (i = 0; i < ie2[1]; i++)
586 static bool cfg80211_bss_type_match(u16 capability,
587 enum nl80211_band band,
588 enum ieee80211_bss_type bss_type)
593 if (bss_type == IEEE80211_BSS_TYPE_ANY)
596 if (band == NL80211_BAND_60GHZ) {
597 mask = WLAN_CAPABILITY_DMG_TYPE_MASK;
599 case IEEE80211_BSS_TYPE_ESS:
600 val = WLAN_CAPABILITY_DMG_TYPE_AP;
602 case IEEE80211_BSS_TYPE_PBSS:
603 val = WLAN_CAPABILITY_DMG_TYPE_PBSS;
605 case IEEE80211_BSS_TYPE_IBSS:
606 val = WLAN_CAPABILITY_DMG_TYPE_IBSS;
612 mask = WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_IBSS;
614 case IEEE80211_BSS_TYPE_ESS:
615 val = WLAN_CAPABILITY_ESS;
617 case IEEE80211_BSS_TYPE_IBSS:
618 val = WLAN_CAPABILITY_IBSS;
620 case IEEE80211_BSS_TYPE_MBSS:
628 ret = ((capability & mask) == val);
632 /* Returned bss is reference counted and must be cleaned up appropriately. */
633 struct cfg80211_bss *cfg80211_get_bss(struct wiphy *wiphy,
634 struct ieee80211_channel *channel,
636 const u8 *ssid, size_t ssid_len,
637 enum ieee80211_bss_type bss_type,
638 enum ieee80211_privacy privacy)
640 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
641 struct cfg80211_internal_bss *bss, *res = NULL;
642 unsigned long now = jiffies;
645 trace_cfg80211_get_bss(wiphy, channel, bssid, ssid, ssid_len, bss_type,
648 spin_lock_bh(&rdev->bss_lock);
650 list_for_each_entry(bss, &rdev->bss_list, list) {
651 if (!cfg80211_bss_type_match(bss->pub.capability,
652 bss->pub.channel->band, bss_type))
655 bss_privacy = (bss->pub.capability & WLAN_CAPABILITY_PRIVACY);
656 if ((privacy == IEEE80211_PRIVACY_ON && !bss_privacy) ||
657 (privacy == IEEE80211_PRIVACY_OFF && bss_privacy))
659 if (channel && bss->pub.channel != channel)
661 if (!is_valid_ether_addr(bss->pub.bssid))
663 /* Don't get expired BSS structs */
664 if (time_after(now, bss->ts + IEEE80211_SCAN_RESULT_EXPIRE) &&
665 !atomic_read(&bss->hold))
667 if (is_bss(&bss->pub, bssid, ssid, ssid_len)) {
669 bss_ref_get(rdev, res);
674 spin_unlock_bh(&rdev->bss_lock);
677 trace_cfg80211_return_bss(&res->pub);
680 EXPORT_SYMBOL(cfg80211_get_bss);
682 static void rb_insert_bss(struct cfg80211_registered_device *rdev,
683 struct cfg80211_internal_bss *bss)
685 struct rb_node **p = &rdev->bss_tree.rb_node;
686 struct rb_node *parent = NULL;
687 struct cfg80211_internal_bss *tbss;
692 tbss = rb_entry(parent, struct cfg80211_internal_bss, rbn);
694 cmp = cmp_bss(&bss->pub, &tbss->pub, BSS_CMP_REGULAR);
697 /* will sort of leak this BSS */
707 rb_link_node(&bss->rbn, parent, p);
708 rb_insert_color(&bss->rbn, &rdev->bss_tree);
711 static struct cfg80211_internal_bss *
712 rb_find_bss(struct cfg80211_registered_device *rdev,
713 struct cfg80211_internal_bss *res,
714 enum bss_compare_mode mode)
716 struct rb_node *n = rdev->bss_tree.rb_node;
717 struct cfg80211_internal_bss *bss;
721 bss = rb_entry(n, struct cfg80211_internal_bss, rbn);
722 r = cmp_bss(&res->pub, &bss->pub, mode);
735 static bool cfg80211_combine_bsses(struct cfg80211_registered_device *rdev,
736 struct cfg80211_internal_bss *new)
738 const struct cfg80211_bss_ies *ies;
739 struct cfg80211_internal_bss *bss;
745 ies = rcu_access_pointer(new->pub.beacon_ies);
749 ie = cfg80211_find_ie(WLAN_EID_SSID, ies->data, ies->len);
756 for (i = 0; i < ssidlen; i++)
760 /* not a hidden SSID */
764 /* This is the bad part ... */
766 list_for_each_entry(bss, &rdev->bss_list, list) {
768 * we're iterating all the entries anyway, so take the
769 * opportunity to validate the list length accounting
773 if (!ether_addr_equal(bss->pub.bssid, new->pub.bssid))
775 if (bss->pub.channel != new->pub.channel)
777 if (bss->pub.scan_width != new->pub.scan_width)
779 if (rcu_access_pointer(bss->pub.beacon_ies))
781 ies = rcu_access_pointer(bss->pub.ies);
784 ie = cfg80211_find_ie(WLAN_EID_SSID, ies->data, ies->len);
787 if (ssidlen && ie[1] != ssidlen)
789 if (WARN_ON_ONCE(bss->pub.hidden_beacon_bss))
791 if (WARN_ON_ONCE(!list_empty(&bss->hidden_list)))
792 list_del(&bss->hidden_list);
794 list_add(&bss->hidden_list, &new->hidden_list);
795 bss->pub.hidden_beacon_bss = &new->pub;
796 new->refcount += bss->refcount;
797 rcu_assign_pointer(bss->pub.beacon_ies,
798 new->pub.beacon_ies);
801 WARN_ONCE(n_entries != rdev->bss_entries,
802 "rdev bss entries[%d]/list[len:%d] corruption\n",
803 rdev->bss_entries, n_entries);
808 /* Returned bss is reference counted and must be cleaned up appropriately. */
809 static struct cfg80211_internal_bss *
810 cfg80211_bss_update(struct cfg80211_registered_device *rdev,
811 struct cfg80211_internal_bss *tmp,
814 struct cfg80211_internal_bss *found = NULL;
816 if (WARN_ON(!tmp->pub.channel))
821 spin_lock_bh(&rdev->bss_lock);
823 if (WARN_ON(!rcu_access_pointer(tmp->pub.ies))) {
824 spin_unlock_bh(&rdev->bss_lock);
828 found = rb_find_bss(rdev, tmp, BSS_CMP_REGULAR);
832 if (rcu_access_pointer(tmp->pub.proberesp_ies)) {
833 const struct cfg80211_bss_ies *old;
835 old = rcu_access_pointer(found->pub.proberesp_ies);
837 rcu_assign_pointer(found->pub.proberesp_ies,
838 tmp->pub.proberesp_ies);
839 /* Override possible earlier Beacon frame IEs */
840 rcu_assign_pointer(found->pub.ies,
841 tmp->pub.proberesp_ies);
843 kfree_rcu((struct cfg80211_bss_ies *)old,
845 } else if (rcu_access_pointer(tmp->pub.beacon_ies)) {
846 const struct cfg80211_bss_ies *old;
847 struct cfg80211_internal_bss *bss;
849 if (found->pub.hidden_beacon_bss &&
850 !list_empty(&found->hidden_list)) {
851 const struct cfg80211_bss_ies *f;
854 * The found BSS struct is one of the probe
855 * response members of a group, but we're
856 * receiving a beacon (beacon_ies in the tmp
857 * bss is used). This can only mean that the
858 * AP changed its beacon from not having an
859 * SSID to showing it, which is confusing so
860 * drop this information.
863 f = rcu_access_pointer(tmp->pub.beacon_ies);
864 kfree_rcu((struct cfg80211_bss_ies *)f,
869 old = rcu_access_pointer(found->pub.beacon_ies);
871 rcu_assign_pointer(found->pub.beacon_ies,
872 tmp->pub.beacon_ies);
874 /* Override IEs if they were from a beacon before */
875 if (old == rcu_access_pointer(found->pub.ies))
876 rcu_assign_pointer(found->pub.ies,
877 tmp->pub.beacon_ies);
879 /* Assign beacon IEs to all sub entries */
880 list_for_each_entry(bss, &found->hidden_list,
882 const struct cfg80211_bss_ies *ies;
884 ies = rcu_access_pointer(bss->pub.beacon_ies);
887 rcu_assign_pointer(bss->pub.beacon_ies,
888 tmp->pub.beacon_ies);
892 kfree_rcu((struct cfg80211_bss_ies *)old,
896 found->pub.beacon_interval = tmp->pub.beacon_interval;
898 * don't update the signal if beacon was heard on
902 found->pub.signal = tmp->pub.signal;
903 found->pub.capability = tmp->pub.capability;
905 found->ts_boottime = tmp->ts_boottime;
906 found->parent_tsf = tmp->parent_tsf;
907 ether_addr_copy(found->parent_bssid, tmp->parent_bssid);
909 struct cfg80211_internal_bss *new;
910 struct cfg80211_internal_bss *hidden;
911 struct cfg80211_bss_ies *ies;
914 * create a copy -- the "res" variable that is passed in
915 * is allocated on the stack since it's not needed in the
916 * more common case of an update
918 new = kzalloc(sizeof(*new) + rdev->wiphy.bss_priv_size,
921 ies = (void *)rcu_dereference(tmp->pub.beacon_ies);
923 kfree_rcu(ies, rcu_head);
924 ies = (void *)rcu_dereference(tmp->pub.proberesp_ies);
926 kfree_rcu(ies, rcu_head);
929 memcpy(new, tmp, sizeof(*new));
931 INIT_LIST_HEAD(&new->hidden_list);
933 if (rcu_access_pointer(tmp->pub.proberesp_ies)) {
934 hidden = rb_find_bss(rdev, tmp, BSS_CMP_HIDE_ZLEN);
936 hidden = rb_find_bss(rdev, tmp,
939 new->pub.hidden_beacon_bss = &hidden->pub;
940 list_add(&new->hidden_list,
941 &hidden->hidden_list);
943 rcu_assign_pointer(new->pub.beacon_ies,
944 hidden->pub.beacon_ies);
948 * Ok so we found a beacon, and don't have an entry. If
949 * it's a beacon with hidden SSID, we might be in for an
950 * expensive search for any probe responses that should
951 * be grouped with this beacon for updates ...
953 if (!cfg80211_combine_bsses(rdev, new)) {
959 if (rdev->bss_entries >= bss_entries_limit &&
960 !cfg80211_bss_expire_oldest(rdev)) {
965 list_add_tail(&new->list, &rdev->bss_list);
967 rb_insert_bss(rdev, new);
971 rdev->bss_generation++;
972 bss_ref_get(rdev, found);
973 spin_unlock_bh(&rdev->bss_lock);
977 spin_unlock_bh(&rdev->bss_lock);
981 static struct ieee80211_channel *
982 cfg80211_get_bss_channel(struct wiphy *wiphy, const u8 *ie, size_t ielen,
983 struct ieee80211_channel *channel)
987 int channel_number = -1;
989 tmp = cfg80211_find_ie(WLAN_EID_DS_PARAMS, ie, ielen);
990 if (tmp && tmp[1] == 1) {
991 channel_number = tmp[2];
993 tmp = cfg80211_find_ie(WLAN_EID_HT_OPERATION, ie, ielen);
994 if (tmp && tmp[1] >= sizeof(struct ieee80211_ht_operation)) {
995 struct ieee80211_ht_operation *htop = (void *)(tmp + 2);
997 channel_number = htop->primary_chan;
1001 if (channel_number < 0)
1004 freq = ieee80211_channel_to_frequency(channel_number, channel->band);
1005 channel = ieee80211_get_channel(wiphy, freq);
1008 if (channel->flags & IEEE80211_CHAN_DISABLED)
1013 /* Returned bss is reference counted and must be cleaned up appropriately. */
1014 struct cfg80211_bss *
1015 cfg80211_inform_bss_data(struct wiphy *wiphy,
1016 struct cfg80211_inform_bss *data,
1017 enum cfg80211_bss_frame_type ftype,
1018 const u8 *bssid, u64 tsf, u16 capability,
1019 u16 beacon_interval, const u8 *ie, size_t ielen,
1022 struct cfg80211_bss_ies *ies;
1023 struct ieee80211_channel *channel;
1024 struct cfg80211_internal_bss tmp = {}, *res;
1028 if (WARN_ON(!wiphy))
1031 if (WARN_ON(wiphy->signal_type == CFG80211_SIGNAL_TYPE_UNSPEC &&
1032 (data->signal < 0 || data->signal > 100)))
1035 channel = cfg80211_get_bss_channel(wiphy, ie, ielen, data->chan);
1039 memcpy(tmp.pub.bssid, bssid, ETH_ALEN);
1040 tmp.pub.channel = channel;
1041 tmp.pub.scan_width = data->scan_width;
1042 tmp.pub.signal = data->signal;
1043 tmp.pub.beacon_interval = beacon_interval;
1044 tmp.pub.capability = capability;
1045 tmp.ts_boottime = data->boottime_ns;
1048 * If we do not know here whether the IEs are from a Beacon or Probe
1049 * Response frame, we need to pick one of the options and only use it
1050 * with the driver that does not provide the full Beacon/Probe Response
1051 * frame. Use Beacon frame pointer to avoid indicating that this should
1052 * override the IEs pointer should we have received an earlier
1053 * indication of Probe Response data.
1055 ies = kzalloc(sizeof(*ies) + ielen, gfp);
1060 ies->from_beacon = false;
1061 memcpy(ies->data, ie, ielen);
1064 case CFG80211_BSS_FTYPE_BEACON:
1065 ies->from_beacon = true;
1066 /* fall through to assign */
1067 case CFG80211_BSS_FTYPE_UNKNOWN:
1068 rcu_assign_pointer(tmp.pub.beacon_ies, ies);
1070 case CFG80211_BSS_FTYPE_PRESP:
1071 rcu_assign_pointer(tmp.pub.proberesp_ies, ies);
1074 rcu_assign_pointer(tmp.pub.ies, ies);
1076 signal_valid = abs(data->chan->center_freq - channel->center_freq) <=
1077 wiphy->max_adj_channel_rssi_comp;
1078 res = cfg80211_bss_update(wiphy_to_rdev(wiphy), &tmp, signal_valid);
1082 if (channel->band == NL80211_BAND_60GHZ) {
1083 bss_type = res->pub.capability & WLAN_CAPABILITY_DMG_TYPE_MASK;
1084 if (bss_type == WLAN_CAPABILITY_DMG_TYPE_AP ||
1085 bss_type == WLAN_CAPABILITY_DMG_TYPE_PBSS)
1086 regulatory_hint_found_beacon(wiphy, channel, gfp);
1088 if (res->pub.capability & WLAN_CAPABILITY_ESS)
1089 regulatory_hint_found_beacon(wiphy, channel, gfp);
1092 trace_cfg80211_return_bss(&res->pub);
1093 /* cfg80211_bss_update gives us a referenced result */
1096 EXPORT_SYMBOL(cfg80211_inform_bss_data);
1098 /* cfg80211_inform_bss_width_frame helper */
1099 struct cfg80211_bss *
1100 cfg80211_inform_bss_frame_data(struct wiphy *wiphy,
1101 struct cfg80211_inform_bss *data,
1102 struct ieee80211_mgmt *mgmt, size_t len,
1106 struct cfg80211_internal_bss tmp = {}, *res;
1107 struct cfg80211_bss_ies *ies;
1108 struct ieee80211_channel *channel;
1110 size_t ielen = len - offsetof(struct ieee80211_mgmt,
1111 u.probe_resp.variable);
1114 BUILD_BUG_ON(offsetof(struct ieee80211_mgmt, u.probe_resp.variable) !=
1115 offsetof(struct ieee80211_mgmt, u.beacon.variable));
1117 trace_cfg80211_inform_bss_frame(wiphy, data, mgmt, len);
1122 if (WARN_ON(!wiphy))
1125 if (WARN_ON(wiphy->signal_type == CFG80211_SIGNAL_TYPE_UNSPEC &&
1126 (data->signal < 0 || data->signal > 100)))
1129 if (WARN_ON(len < offsetof(struct ieee80211_mgmt, u.probe_resp.variable)))
1132 channel = cfg80211_get_bss_channel(wiphy, mgmt->u.beacon.variable,
1137 ies = kzalloc(sizeof(*ies) + ielen, gfp);
1141 ies->tsf = le64_to_cpu(mgmt->u.probe_resp.timestamp);
1142 ies->from_beacon = ieee80211_is_beacon(mgmt->frame_control);
1143 memcpy(ies->data, mgmt->u.probe_resp.variable, ielen);
1145 if (ieee80211_is_probe_resp(mgmt->frame_control))
1146 rcu_assign_pointer(tmp.pub.proberesp_ies, ies);
1148 rcu_assign_pointer(tmp.pub.beacon_ies, ies);
1149 rcu_assign_pointer(tmp.pub.ies, ies);
1151 memcpy(tmp.pub.bssid, mgmt->bssid, ETH_ALEN);
1152 tmp.pub.channel = channel;
1153 tmp.pub.scan_width = data->scan_width;
1154 tmp.pub.signal = data->signal;
1155 tmp.pub.beacon_interval = le16_to_cpu(mgmt->u.probe_resp.beacon_int);
1156 tmp.pub.capability = le16_to_cpu(mgmt->u.probe_resp.capab_info);
1157 tmp.ts_boottime = data->boottime_ns;
1158 tmp.parent_tsf = data->parent_tsf;
1159 ether_addr_copy(tmp.parent_bssid, data->parent_bssid);
1161 signal_valid = abs(data->chan->center_freq - channel->center_freq) <=
1162 wiphy->max_adj_channel_rssi_comp;
1163 res = cfg80211_bss_update(wiphy_to_rdev(wiphy), &tmp, signal_valid);
1167 if (channel->band == NL80211_BAND_60GHZ) {
1168 bss_type = res->pub.capability & WLAN_CAPABILITY_DMG_TYPE_MASK;
1169 if (bss_type == WLAN_CAPABILITY_DMG_TYPE_AP ||
1170 bss_type == WLAN_CAPABILITY_DMG_TYPE_PBSS)
1171 regulatory_hint_found_beacon(wiphy, channel, gfp);
1173 if (res->pub.capability & WLAN_CAPABILITY_ESS)
1174 regulatory_hint_found_beacon(wiphy, channel, gfp);
1177 trace_cfg80211_return_bss(&res->pub);
1178 /* cfg80211_bss_update gives us a referenced result */
1181 EXPORT_SYMBOL(cfg80211_inform_bss_frame_data);
1183 void cfg80211_ref_bss(struct wiphy *wiphy, struct cfg80211_bss *pub)
1185 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
1186 struct cfg80211_internal_bss *bss;
1191 bss = container_of(pub, struct cfg80211_internal_bss, pub);
1193 spin_lock_bh(&rdev->bss_lock);
1194 bss_ref_get(rdev, bss);
1195 spin_unlock_bh(&rdev->bss_lock);
1197 EXPORT_SYMBOL(cfg80211_ref_bss);
1199 void cfg80211_put_bss(struct wiphy *wiphy, struct cfg80211_bss *pub)
1201 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
1202 struct cfg80211_internal_bss *bss;
1207 bss = container_of(pub, struct cfg80211_internal_bss, pub);
1209 spin_lock_bh(&rdev->bss_lock);
1210 bss_ref_put(rdev, bss);
1211 spin_unlock_bh(&rdev->bss_lock);
1213 EXPORT_SYMBOL(cfg80211_put_bss);
1215 void cfg80211_unlink_bss(struct wiphy *wiphy, struct cfg80211_bss *pub)
1217 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
1218 struct cfg80211_internal_bss *bss;
1223 bss = container_of(pub, struct cfg80211_internal_bss, pub);
1225 spin_lock_bh(&rdev->bss_lock);
1226 if (!list_empty(&bss->list)) {
1227 if (__cfg80211_unlink_bss(rdev, bss))
1228 rdev->bss_generation++;
1230 spin_unlock_bh(&rdev->bss_lock);
1232 EXPORT_SYMBOL(cfg80211_unlink_bss);
1234 #ifdef CONFIG_CFG80211_WEXT
1235 static struct cfg80211_registered_device *
1236 cfg80211_get_dev_from_ifindex(struct net *net, int ifindex)
1238 struct cfg80211_registered_device *rdev;
1239 struct net_device *dev;
1243 dev = dev_get_by_index(net, ifindex);
1245 return ERR_PTR(-ENODEV);
1246 if (dev->ieee80211_ptr)
1247 rdev = wiphy_to_rdev(dev->ieee80211_ptr->wiphy);
1249 rdev = ERR_PTR(-ENODEV);
1254 int cfg80211_wext_siwscan(struct net_device *dev,
1255 struct iw_request_info *info,
1256 union iwreq_data *wrqu, char *extra)
1258 struct cfg80211_registered_device *rdev;
1259 struct wiphy *wiphy;
1260 struct iw_scan_req *wreq = NULL;
1261 struct cfg80211_scan_request *creq = NULL;
1262 int i, err, n_channels = 0;
1263 enum nl80211_band band;
1265 if (!netif_running(dev))
1268 if (wrqu->data.length == sizeof(struct iw_scan_req))
1269 wreq = (struct iw_scan_req *)extra;
1271 rdev = cfg80211_get_dev_from_ifindex(dev_net(dev), dev->ifindex);
1274 return PTR_ERR(rdev);
1276 if (rdev->scan_req || rdev->scan_msg) {
1281 wiphy = &rdev->wiphy;
1283 /* Determine number of channels, needed to allocate creq */
1284 if (wreq && wreq->num_channels)
1285 n_channels = wreq->num_channels;
1287 n_channels = ieee80211_get_num_supported_channels(wiphy);
1289 creq = kzalloc(sizeof(*creq) + sizeof(struct cfg80211_ssid) +
1290 n_channels * sizeof(void *),
1297 creq->wiphy = wiphy;
1298 creq->wdev = dev->ieee80211_ptr;
1299 /* SSIDs come after channels */
1300 creq->ssids = (void *)&creq->channels[n_channels];
1301 creq->n_channels = n_channels;
1303 creq->scan_start = jiffies;
1305 /* translate "Scan on frequencies" request */
1307 for (band = 0; band < NUM_NL80211_BANDS; band++) {
1310 if (!wiphy->bands[band])
1313 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
1314 /* ignore disabled channels */
1315 if (wiphy->bands[band]->channels[j].flags &
1316 IEEE80211_CHAN_DISABLED)
1319 /* If we have a wireless request structure and the
1320 * wireless request specifies frequencies, then search
1321 * for the matching hardware channel.
1323 if (wreq && wreq->num_channels) {
1325 int wiphy_freq = wiphy->bands[band]->channels[j].center_freq;
1326 for (k = 0; k < wreq->num_channels; k++) {
1327 struct iw_freq *freq =
1328 &wreq->channel_list[k];
1330 cfg80211_wext_freq(freq);
1332 if (wext_freq == wiphy_freq)
1333 goto wext_freq_found;
1335 goto wext_freq_not_found;
1339 creq->channels[i] = &wiphy->bands[band]->channels[j];
1341 wext_freq_not_found: ;
1344 /* No channels found? */
1350 /* Set real number of channels specified in creq->channels[] */
1351 creq->n_channels = i;
1353 /* translate "Scan for SSID" request */
1355 if (wrqu->data.flags & IW_SCAN_THIS_ESSID) {
1356 if (wreq->essid_len > IEEE80211_MAX_SSID_LEN) {
1360 memcpy(creq->ssids[0].ssid, wreq->essid, wreq->essid_len);
1361 creq->ssids[0].ssid_len = wreq->essid_len;
1363 if (wreq->scan_type == IW_SCAN_TYPE_PASSIVE)
1367 for (i = 0; i < NUM_NL80211_BANDS; i++)
1368 if (wiphy->bands[i])
1369 creq->rates[i] = (1 << wiphy->bands[i]->n_bitrates) - 1;
1371 eth_broadcast_addr(creq->bssid);
1373 rdev->scan_req = creq;
1374 err = rdev_scan(rdev, creq);
1376 rdev->scan_req = NULL;
1377 /* creq will be freed below */
1379 nl80211_send_scan_start(rdev, dev->ieee80211_ptr);
1380 /* creq now owned by driver */
1388 EXPORT_WEXT_HANDLER(cfg80211_wext_siwscan);
1390 static char *ieee80211_scan_add_ies(struct iw_request_info *info,
1391 const struct cfg80211_bss_ies *ies,
1392 char *current_ev, char *end_buf)
1394 const u8 *pos, *end, *next;
1395 struct iw_event iwe;
1401 * If needed, fragment the IEs buffer (at IE boundaries) into short
1402 * enough fragments to fit into IW_GENERIC_IE_MAX octet messages.
1405 end = pos + ies->len;
1407 while (end - pos > IW_GENERIC_IE_MAX) {
1408 next = pos + 2 + pos[1];
1409 while (next + 2 + next[1] - pos < IW_GENERIC_IE_MAX)
1410 next = next + 2 + next[1];
1412 memset(&iwe, 0, sizeof(iwe));
1413 iwe.cmd = IWEVGENIE;
1414 iwe.u.data.length = next - pos;
1415 current_ev = iwe_stream_add_point_check(info, current_ev,
1418 if (IS_ERR(current_ev))
1424 memset(&iwe, 0, sizeof(iwe));
1425 iwe.cmd = IWEVGENIE;
1426 iwe.u.data.length = end - pos;
1427 current_ev = iwe_stream_add_point_check(info, current_ev,
1430 if (IS_ERR(current_ev))
1438 ieee80211_bss(struct wiphy *wiphy, struct iw_request_info *info,
1439 struct cfg80211_internal_bss *bss, char *current_ev,
1442 const struct cfg80211_bss_ies *ies;
1443 struct iw_event iwe;
1448 bool ismesh = false;
1450 memset(&iwe, 0, sizeof(iwe));
1451 iwe.cmd = SIOCGIWAP;
1452 iwe.u.ap_addr.sa_family = ARPHRD_ETHER;
1453 memcpy(iwe.u.ap_addr.sa_data, bss->pub.bssid, ETH_ALEN);
1454 current_ev = iwe_stream_add_event_check(info, current_ev, end_buf, &iwe,
1456 if (IS_ERR(current_ev))
1459 memset(&iwe, 0, sizeof(iwe));
1460 iwe.cmd = SIOCGIWFREQ;
1461 iwe.u.freq.m = ieee80211_frequency_to_channel(bss->pub.channel->center_freq);
1463 current_ev = iwe_stream_add_event_check(info, current_ev, end_buf, &iwe,
1465 if (IS_ERR(current_ev))
1468 memset(&iwe, 0, sizeof(iwe));
1469 iwe.cmd = SIOCGIWFREQ;
1470 iwe.u.freq.m = bss->pub.channel->center_freq;
1472 current_ev = iwe_stream_add_event_check(info, current_ev, end_buf, &iwe,
1474 if (IS_ERR(current_ev))
1477 if (wiphy->signal_type != CFG80211_SIGNAL_TYPE_NONE) {
1478 memset(&iwe, 0, sizeof(iwe));
1480 iwe.u.qual.updated = IW_QUAL_LEVEL_UPDATED |
1481 IW_QUAL_NOISE_INVALID |
1482 IW_QUAL_QUAL_UPDATED;
1483 switch (wiphy->signal_type) {
1484 case CFG80211_SIGNAL_TYPE_MBM:
1485 sig = bss->pub.signal / 100;
1486 iwe.u.qual.level = sig;
1487 iwe.u.qual.updated |= IW_QUAL_DBM;
1488 if (sig < -110) /* rather bad */
1490 else if (sig > -40) /* perfect */
1492 /* will give a range of 0 .. 70 */
1493 iwe.u.qual.qual = sig + 110;
1495 case CFG80211_SIGNAL_TYPE_UNSPEC:
1496 iwe.u.qual.level = bss->pub.signal;
1497 /* will give range 0 .. 100 */
1498 iwe.u.qual.qual = bss->pub.signal;
1504 current_ev = iwe_stream_add_event_check(info, current_ev,
1507 if (IS_ERR(current_ev))
1511 memset(&iwe, 0, sizeof(iwe));
1512 iwe.cmd = SIOCGIWENCODE;
1513 if (bss->pub.capability & WLAN_CAPABILITY_PRIVACY)
1514 iwe.u.data.flags = IW_ENCODE_ENABLED | IW_ENCODE_NOKEY;
1516 iwe.u.data.flags = IW_ENCODE_DISABLED;
1517 iwe.u.data.length = 0;
1518 current_ev = iwe_stream_add_point_check(info, current_ev, end_buf,
1520 if (IS_ERR(current_ev))
1524 ies = rcu_dereference(bss->pub.ies);
1530 if (ie[1] > rem - 2)
1535 memset(&iwe, 0, sizeof(iwe));
1536 iwe.cmd = SIOCGIWESSID;
1537 iwe.u.data.length = ie[1];
1538 iwe.u.data.flags = 1;
1539 current_ev = iwe_stream_add_point_check(info,
1543 if (IS_ERR(current_ev))
1546 case WLAN_EID_MESH_ID:
1547 memset(&iwe, 0, sizeof(iwe));
1548 iwe.cmd = SIOCGIWESSID;
1549 iwe.u.data.length = ie[1];
1550 iwe.u.data.flags = 1;
1551 current_ev = iwe_stream_add_point_check(info,
1555 if (IS_ERR(current_ev))
1558 case WLAN_EID_MESH_CONFIG:
1560 if (ie[1] != sizeof(struct ieee80211_meshconf_ie))
1563 memset(&iwe, 0, sizeof(iwe));
1564 iwe.cmd = IWEVCUSTOM;
1565 sprintf(buf, "Mesh Network Path Selection Protocol ID: "
1567 iwe.u.data.length = strlen(buf);
1568 current_ev = iwe_stream_add_point_check(info,
1572 if (IS_ERR(current_ev))
1574 sprintf(buf, "Path Selection Metric ID: 0x%02X",
1576 iwe.u.data.length = strlen(buf);
1577 current_ev = iwe_stream_add_point_check(info,
1581 if (IS_ERR(current_ev))
1583 sprintf(buf, "Congestion Control Mode ID: 0x%02X",
1585 iwe.u.data.length = strlen(buf);
1586 current_ev = iwe_stream_add_point_check(info,
1590 if (IS_ERR(current_ev))
1592 sprintf(buf, "Synchronization ID: 0x%02X", cfg[3]);
1593 iwe.u.data.length = strlen(buf);
1594 current_ev = iwe_stream_add_point_check(info,
1598 if (IS_ERR(current_ev))
1600 sprintf(buf, "Authentication ID: 0x%02X", cfg[4]);
1601 iwe.u.data.length = strlen(buf);
1602 current_ev = iwe_stream_add_point_check(info,
1606 if (IS_ERR(current_ev))
1608 sprintf(buf, "Formation Info: 0x%02X", cfg[5]);
1609 iwe.u.data.length = strlen(buf);
1610 current_ev = iwe_stream_add_point_check(info,
1614 if (IS_ERR(current_ev))
1616 sprintf(buf, "Capabilities: 0x%02X", cfg[6]);
1617 iwe.u.data.length = strlen(buf);
1618 current_ev = iwe_stream_add_point_check(info,
1622 if (IS_ERR(current_ev))
1625 case WLAN_EID_SUPP_RATES:
1626 case WLAN_EID_EXT_SUPP_RATES:
1627 /* display all supported rates in readable format */
1628 p = current_ev + iwe_stream_lcp_len(info);
1630 memset(&iwe, 0, sizeof(iwe));
1631 iwe.cmd = SIOCGIWRATE;
1632 /* Those two flags are ignored... */
1633 iwe.u.bitrate.fixed = iwe.u.bitrate.disabled = 0;
1635 for (i = 0; i < ie[1]; i++) {
1636 iwe.u.bitrate.value =
1637 ((ie[i + 2] & 0x7f) * 500000);
1639 p = iwe_stream_add_value(info, current_ev, p,
1643 current_ev = ERR_PTR(-E2BIG);
1654 if (bss->pub.capability & (WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_IBSS) ||
1656 memset(&iwe, 0, sizeof(iwe));
1657 iwe.cmd = SIOCGIWMODE;
1659 iwe.u.mode = IW_MODE_MESH;
1660 else if (bss->pub.capability & WLAN_CAPABILITY_ESS)
1661 iwe.u.mode = IW_MODE_MASTER;
1663 iwe.u.mode = IW_MODE_ADHOC;
1664 current_ev = iwe_stream_add_event_check(info, current_ev,
1667 if (IS_ERR(current_ev))
1671 memset(&iwe, 0, sizeof(iwe));
1672 iwe.cmd = IWEVCUSTOM;
1673 sprintf(buf, "tsf=%016llx", (unsigned long long)(ies->tsf));
1674 iwe.u.data.length = strlen(buf);
1675 current_ev = iwe_stream_add_point_check(info, current_ev, end_buf,
1677 if (IS_ERR(current_ev))
1679 memset(&iwe, 0, sizeof(iwe));
1680 iwe.cmd = IWEVCUSTOM;
1681 sprintf(buf, " Last beacon: %ums ago",
1682 elapsed_jiffies_msecs(bss->ts));
1683 iwe.u.data.length = strlen(buf);
1684 current_ev = iwe_stream_add_point_check(info, current_ev,
1685 end_buf, &iwe, buf);
1686 if (IS_ERR(current_ev))
1689 current_ev = ieee80211_scan_add_ies(info, ies, current_ev, end_buf);
1697 static int ieee80211_scan_results(struct cfg80211_registered_device *rdev,
1698 struct iw_request_info *info,
1699 char *buf, size_t len)
1701 char *current_ev = buf;
1702 char *end_buf = buf + len;
1703 struct cfg80211_internal_bss *bss;
1706 spin_lock_bh(&rdev->bss_lock);
1707 cfg80211_bss_expire(rdev);
1709 list_for_each_entry(bss, &rdev->bss_list, list) {
1710 if (buf + len - current_ev <= IW_EV_ADDR_LEN) {
1714 current_ev = ieee80211_bss(&rdev->wiphy, info, bss,
1715 current_ev, end_buf);
1716 if (IS_ERR(current_ev)) {
1717 err = PTR_ERR(current_ev);
1721 spin_unlock_bh(&rdev->bss_lock);
1725 return current_ev - buf;
1729 int cfg80211_wext_giwscan(struct net_device *dev,
1730 struct iw_request_info *info,
1731 struct iw_point *data, char *extra)
1733 struct cfg80211_registered_device *rdev;
1736 if (!netif_running(dev))
1739 rdev = cfg80211_get_dev_from_ifindex(dev_net(dev), dev->ifindex);
1742 return PTR_ERR(rdev);
1744 if (rdev->scan_req || rdev->scan_msg)
1747 res = ieee80211_scan_results(rdev, info, extra, data->length);
1756 EXPORT_WEXT_HANDLER(cfg80211_wext_giwscan);
projects / releases.git / blob