Commit 2c706002 authored by Johannes Berg's avatar Johannes Berg Committed by John W. Linville

don't use net/ieee80211.h

Convert all the drivers using net/ieee80211.h to use linux/ieee80211.h.
Contains a bugfix in libertas where the SSID parsing could overrun the
buffer when the AP sends invalid information.
Signed-off-by: default avatarJohannes Berg <johannes@sipsolutions.net>
Acked-by: Dan Williams <dcbw@redhat.com> [airo, libertas]
Acked-by: Pavel Roskin <proski@gnu.org> [orinoco]
Acked-by: David Kilroy <kilroyd@googlemail.com> [orinoco]
Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
parent 9b1fbae4
...@@ -30,10 +30,11 @@ ...@@ -30,10 +30,11 @@
#include <linux/ip.h> #include <linux/ip.h>
#include <linux/tcp.h> #include <linux/tcp.h>
#include <linux/wireless.h> #include <linux/wireless.h>
#include <linux/ieee80211.h>
#include <linux/if_arp.h>
#include <linux/ctype.h> #include <linux/ctype.h>
#include <linux/string.h> #include <linux/string.h>
#include <net/iw_handler.h> #include <net/iw_handler.h>
#include <net/ieee80211.h>
#include <linux/dma-mapping.h> #include <linux/dma-mapping.h>
#include <net/checksum.h> #include <net/checksum.h>
...@@ -449,9 +450,9 @@ static size_t gelic_wl_synthesize_ie(u8 *buf, ...@@ -449,9 +450,9 @@ static size_t gelic_wl_synthesize_ie(u8 *buf,
/* element id */ /* element id */
if (rsn) if (rsn)
*buf++ = MFIE_TYPE_RSN; *buf++ = WLAN_EID_RSN;
else else
*buf++ = MFIE_TYPE_GENERIC; *buf++ = WLAN_EID_GENERIC;
/* length filed; set later */ /* length filed; set later */
buf++; buf++;
...@@ -539,7 +540,7 @@ static void gelic_wl_parse_ie(u8 *data, size_t len, ...@@ -539,7 +540,7 @@ static void gelic_wl_parse_ie(u8 *data, size_t len,
break; break;
switch (item_id) { switch (item_id) {
case MFIE_TYPE_GENERIC: case WLAN_EID_GENERIC:
if ((OUI_LEN + 1 <= item_len) && if ((OUI_LEN + 1 <= item_len) &&
!memcmp(pos, wpa_oui, OUI_LEN) && !memcmp(pos, wpa_oui, OUI_LEN) &&
pos[OUI_LEN] == 0x01) { pos[OUI_LEN] == 0x01) {
...@@ -547,7 +548,7 @@ static void gelic_wl_parse_ie(u8 *data, size_t len, ...@@ -547,7 +548,7 @@ static void gelic_wl_parse_ie(u8 *data, size_t len,
ie_info->wpa.len = item_len + 2; ie_info->wpa.len = item_len + 2;
} }
break; break;
case MFIE_TYPE_RSN: case WLAN_EID_RSN:
ie_info->rsn.data = pos - 2; ie_info->rsn.data = pos - 2;
/* length includes the header */ /* length includes the header */
ie_info->rsn.len = item_len + 2; ie_info->rsn.len = item_len + 2;
...@@ -581,7 +582,7 @@ static char *gelic_wl_translate_scan(struct net_device *netdev, ...@@ -581,7 +582,7 @@ static char *gelic_wl_translate_scan(struct net_device *netdev,
char *tmp; char *tmp;
u8 rate; u8 rate;
unsigned int i, j, len; unsigned int i, j, len;
u8 buf[MAX_WPA_IE_LEN]; u8 buf[64]; /* arbitrary size large enough */
pr_debug("%s: <-\n", __func__); pr_debug("%s: <-\n", __func__);
...@@ -1734,14 +1735,14 @@ static void gelic_wl_scan_complete_event(struct gelic_wl_info *wl) ...@@ -1734,14 +1735,14 @@ static void gelic_wl_scan_complete_event(struct gelic_wl_info *wl)
target->essid_len = strnlen(scan_info->essid, target->essid_len = strnlen(scan_info->essid,
sizeof(scan_info->essid)); sizeof(scan_info->essid));
target->rate_len = 0; target->rate_len = 0;
for (r = 0; r < MAX_RATES_LENGTH; r++) for (r = 0; r < 12; r++)
if (scan_info->rate[r]) if (scan_info->rate[r])
target->rate_len++; target->rate_len++;
if (8 < target->rate_len) if (8 < target->rate_len)
pr_info("%s: AP returns %d rates\n", __func__, pr_info("%s: AP returns %d rates\n", __func__,
target->rate_len); target->rate_len);
target->rate_ext_len = 0; target->rate_ext_len = 0;
for (r = 0; r < MAX_RATES_EX_LENGTH; r++) for (r = 0; r < 16; r++)
if (scan_info->ext_rate[r]) if (scan_info->ext_rate[r])
target->rate_ext_len++; target->rate_ext_len++;
list_move_tail(&target->list, &wl->network_list); list_move_tail(&target->list, &wl->network_list);
......
...@@ -164,8 +164,8 @@ struct gelic_eurus_scan_info { ...@@ -164,8 +164,8 @@ struct gelic_eurus_scan_info {
__be16 security; __be16 security;
u8 bssid[8]; /* last ETH_ALEN are valid. bssid[0],[1] are unused */ u8 bssid[8]; /* last ETH_ALEN are valid. bssid[0],[1] are unused */
u8 essid[32]; /* IW_ESSID_MAX_SIZE */ u8 essid[32]; /* IW_ESSID_MAX_SIZE */
u8 rate[16]; /* first MAX_RATES_LENGTH(12) are valid */ u8 rate[16]; /* first 12 are valid */
u8 ext_rate[16]; /* first MAX_RATES_EX_LENGTH(16) are valid */ u8 ext_rate[16]; /* first 16 are valid */
__be32 reserved1; __be32 reserved1;
__be32 reserved2; __be32 reserved2;
__be32 reserved3; __be32 reserved3;
......
...@@ -47,10 +47,11 @@ ...@@ -47,10 +47,11 @@
#include <linux/ioport.h> #include <linux/ioport.h>
#include <linux/pci.h> #include <linux/pci.h>
#include <asm/uaccess.h> #include <asm/uaccess.h>
#include <net/ieee80211.h>
#include <linux/kthread.h> #include <linux/kthread.h>
#include <linux/freezer.h> #include <linux/freezer.h>
#include <linux/ieee80211.h>
#include "airo.h" #include "airo.h"
#define DRV_NAME "airo" #define DRV_NAME "airo"
...@@ -7265,56 +7266,53 @@ static inline char *airo_translate_scan(struct net_device *dev, ...@@ -7265,56 +7266,53 @@ static inline char *airo_translate_scan(struct net_device *dev,
if (test_bit(FLAG_WPA_CAPABLE, &ai->flags)) { if (test_bit(FLAG_WPA_CAPABLE, &ai->flags)) {
unsigned int num_null_ies = 0; unsigned int num_null_ies = 0;
u16 length = sizeof (bss->extra.iep); u16 length = sizeof (bss->extra.iep);
struct ieee80211_info_element *info_element = u8 *ie = (void *)&bss->extra.iep;
(struct ieee80211_info_element *) &bss->extra.iep;
while ((length >= sizeof(*info_element)) && (num_null_ies < 2)) { while ((length >= 2) && (num_null_ies < 2)) {
if (sizeof(*info_element) + info_element->len > length) { if (2 + ie[1] > length) {
/* Invalid element, don't continue parsing IE */ /* Invalid element, don't continue parsing IE */
break; break;
} }
switch (info_element->id) { switch (ie[0]) {
case MFIE_TYPE_SSID: case WLAN_EID_SSID:
/* Two zero-length SSID elements /* Two zero-length SSID elements
* mean we're done parsing elements */ * mean we're done parsing elements */
if (!info_element->len) if (!ie[1])
num_null_ies++; num_null_ies++;
break; break;
case MFIE_TYPE_GENERIC: case WLAN_EID_GENERIC:
if (info_element->len >= 4 && if (ie[1] >= 4 &&
info_element->data[0] == 0x00 && ie[2] == 0x00 &&
info_element->data[1] == 0x50 && ie[3] == 0x50 &&
info_element->data[2] == 0xf2 && ie[4] == 0xf2 &&
info_element->data[3] == 0x01) { ie[5] == 0x01) {
iwe.cmd = IWEVGENIE; iwe.cmd = IWEVGENIE;
iwe.u.data.length = min(info_element->len + 2, /* 64 is an arbitrary cut-off */
MAX_WPA_IE_LEN); iwe.u.data.length = min(ie[1] + 2,
64);
current_ev = iwe_stream_add_point( current_ev = iwe_stream_add_point(
info, current_ev, info, current_ev,
end_buf, &iwe, end_buf, &iwe, ie);
(char *) info_element);
} }
break; break;
case MFIE_TYPE_RSN: case WLAN_EID_RSN:
iwe.cmd = IWEVGENIE; iwe.cmd = IWEVGENIE;
iwe.u.data.length = min(info_element->len + 2, /* 64 is an arbitrary cut-off */
MAX_WPA_IE_LEN); iwe.u.data.length = min(ie[1] + 2, 64);
current_ev = iwe_stream_add_point( current_ev = iwe_stream_add_point(
info, current_ev, end_buf, info, current_ev, end_buf,
&iwe, (char *) info_element); &iwe, ie);
break; break;
default: default:
break; break;
} }
length -= sizeof(*info_element) + info_element->len; length -= 2 + ie[1];
info_element = ie += 2 + ie[1];
(struct ieee80211_info_element *)&info_element->
data[info_element->len];
} }
} }
return current_ev; return current_ev;
......
...@@ -67,7 +67,7 @@ ...@@ -67,7 +67,7 @@
#include <linux/moduleparam.h> #include <linux/moduleparam.h>
#include <linux/firmware.h> #include <linux/firmware.h>
#include <linux/jiffies.h> #include <linux/jiffies.h>
#include <net/ieee80211.h> #include <linux/ieee80211.h>
#include "atmel.h" #include "atmel.h"
#define DRIVER_MAJOR 0 #define DRIVER_MAJOR 0
...@@ -569,7 +569,7 @@ static void atmel_wmem32(struct atmel_private *priv, u16 pos, u32 data); ...@@ -569,7 +569,7 @@ static void atmel_wmem32(struct atmel_private *priv, u16 pos, u32 data);
static void atmel_command_irq(struct atmel_private *priv); static void atmel_command_irq(struct atmel_private *priv);
static int atmel_validate_channel(struct atmel_private *priv, int channel); static int atmel_validate_channel(struct atmel_private *priv, int channel);
static void atmel_management_frame(struct atmel_private *priv, static void atmel_management_frame(struct atmel_private *priv,
struct ieee80211_hdr_4addr *header, struct ieee80211_hdr *header,
u16 frame_len, u8 rssi); u16 frame_len, u8 rssi);
static void atmel_management_timer(u_long a); static void atmel_management_timer(u_long a);
static void atmel_send_command(struct atmel_private *priv, int command, static void atmel_send_command(struct atmel_private *priv, int command,
...@@ -577,7 +577,7 @@ static void atmel_send_command(struct atmel_private *priv, int command, ...@@ -577,7 +577,7 @@ static void atmel_send_command(struct atmel_private *priv, int command,
static int atmel_send_command_wait(struct atmel_private *priv, int command, static int atmel_send_command_wait(struct atmel_private *priv, int command,
void *cmd, int cmd_size); void *cmd, int cmd_size);
static void atmel_transmit_management_frame(struct atmel_private *priv, static void atmel_transmit_management_frame(struct atmel_private *priv,
struct ieee80211_hdr_4addr *header, struct ieee80211_hdr *header,
u8 *body, int body_len); u8 *body, int body_len);
static u8 atmel_get_mib8(struct atmel_private *priv, u8 type, u8 index); static u8 atmel_get_mib8(struct atmel_private *priv, u8 type, u8 index);
...@@ -785,7 +785,7 @@ static int start_tx(struct sk_buff *skb, struct net_device *dev) ...@@ -785,7 +785,7 @@ static int start_tx(struct sk_buff *skb, struct net_device *dev)
{ {
static const u8 SNAP_RFC1024[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 }; static const u8 SNAP_RFC1024[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
struct atmel_private *priv = netdev_priv(dev); struct atmel_private *priv = netdev_priv(dev);
struct ieee80211_hdr_4addr header; struct ieee80211_hdr header;
unsigned long flags; unsigned long flags;
u16 buff, frame_ctl, len = (ETH_ZLEN < skb->len) ? skb->len : ETH_ZLEN; u16 buff, frame_ctl, len = (ETH_ZLEN < skb->len) ? skb->len : ETH_ZLEN;
...@@ -823,7 +823,7 @@ static int start_tx(struct sk_buff *skb, struct net_device *dev) ...@@ -823,7 +823,7 @@ static int start_tx(struct sk_buff *skb, struct net_device *dev)
frame_ctl = IEEE80211_FTYPE_DATA; frame_ctl = IEEE80211_FTYPE_DATA;
header.duration_id = 0; header.duration_id = 0;
header.seq_ctl = 0; header.seq_ctrl = 0;
if (priv->wep_is_on) if (priv->wep_is_on)
frame_ctl |= IEEE80211_FCTL_PROTECTED; frame_ctl |= IEEE80211_FCTL_PROTECTED;
if (priv->operating_mode == IW_MODE_ADHOC) { if (priv->operating_mode == IW_MODE_ADHOC) {
...@@ -840,7 +840,7 @@ static int start_tx(struct sk_buff *skb, struct net_device *dev) ...@@ -840,7 +840,7 @@ static int start_tx(struct sk_buff *skb, struct net_device *dev)
if (priv->use_wpa) if (priv->use_wpa)
memcpy(&header.addr4, SNAP_RFC1024, 6); memcpy(&header.addr4, SNAP_RFC1024, 6);
header.frame_ctl = cpu_to_le16(frame_ctl); header.frame_control = cpu_to_le16(frame_ctl);
/* Copy the wireless header into the card */ /* Copy the wireless header into the card */
atmel_copy_to_card(dev, buff, (unsigned char *)&header, DATA_FRAME_WS_HEADER_SIZE); atmel_copy_to_card(dev, buff, (unsigned char *)&header, DATA_FRAME_WS_HEADER_SIZE);
/* Copy the packet sans its 802.3 header addresses which have been replaced */ /* Copy the packet sans its 802.3 header addresses which have been replaced */
...@@ -860,7 +860,7 @@ static int start_tx(struct sk_buff *skb, struct net_device *dev) ...@@ -860,7 +860,7 @@ static int start_tx(struct sk_buff *skb, struct net_device *dev)
} }
static void atmel_transmit_management_frame(struct atmel_private *priv, static void atmel_transmit_management_frame(struct atmel_private *priv,
struct ieee80211_hdr_4addr *header, struct ieee80211_hdr *header,
u8 *body, int body_len) u8 *body, int body_len)
{ {
u16 buff; u16 buff;
...@@ -876,7 +876,7 @@ static void atmel_transmit_management_frame(struct atmel_private *priv, ...@@ -876,7 +876,7 @@ static void atmel_transmit_management_frame(struct atmel_private *priv,
} }
static void fast_rx_path(struct atmel_private *priv, static void fast_rx_path(struct atmel_private *priv,
struct ieee80211_hdr_4addr *header, struct ieee80211_hdr *header,
u16 msdu_size, u16 rx_packet_loc, u32 crc) u16 msdu_size, u16 rx_packet_loc, u32 crc)
{ {
/* fast path: unfragmented packet copy directly into skbuf */ /* fast path: unfragmented packet copy directly into skbuf */
...@@ -914,7 +914,7 @@ static void fast_rx_path(struct atmel_private *priv, ...@@ -914,7 +914,7 @@ static void fast_rx_path(struct atmel_private *priv,
} }
memcpy(skbp, header->addr1, 6); /* destination address */ memcpy(skbp, header->addr1, 6); /* destination address */
if (le16_to_cpu(header->frame_ctl) & IEEE80211_FCTL_FROMDS) if (le16_to_cpu(header->frame_control) & IEEE80211_FCTL_FROMDS)
memcpy(&skbp[6], header->addr3, 6); memcpy(&skbp[6], header->addr3, 6);
else else
memcpy(&skbp[6], header->addr2, 6); /* source address */ memcpy(&skbp[6], header->addr2, 6); /* source address */
...@@ -949,7 +949,7 @@ static int probe_crc(struct atmel_private *priv, u16 packet_loc, u16 msdu_size) ...@@ -949,7 +949,7 @@ static int probe_crc(struct atmel_private *priv, u16 packet_loc, u16 msdu_size)
} }
static void frag_rx_path(struct atmel_private *priv, static void frag_rx_path(struct atmel_private *priv,
struct ieee80211_hdr_4addr *header, struct ieee80211_hdr *header,
u16 msdu_size, u16 rx_packet_loc, u32 crc, u16 seq_no, u16 msdu_size, u16 rx_packet_loc, u32 crc, u16 seq_no,
u8 frag_no, int more_frags) u8 frag_no, int more_frags)
{ {
...@@ -957,7 +957,7 @@ static void frag_rx_path(struct atmel_private *priv, ...@@ -957,7 +957,7 @@ static void frag_rx_path(struct atmel_private *priv,
u8 source[6]; u8 source[6];
struct sk_buff *skb; struct sk_buff *skb;
if (le16_to_cpu(header->frame_ctl) & IEEE80211_FCTL_FROMDS) if (le16_to_cpu(header->frame_control) & IEEE80211_FCTL_FROMDS)
memcpy(source, header->addr3, 6); memcpy(source, header->addr3, 6);
else else
memcpy(source, header->addr2, 6); memcpy(source, header->addr2, 6);
...@@ -1039,7 +1039,7 @@ static void frag_rx_path(struct atmel_private *priv, ...@@ -1039,7 +1039,7 @@ static void frag_rx_path(struct atmel_private *priv,
static void rx_done_irq(struct atmel_private *priv) static void rx_done_irq(struct atmel_private *priv)
{ {
int i; int i;
struct ieee80211_hdr_4addr header; struct ieee80211_hdr header;
for (i = 0; for (i = 0;
atmel_rmem8(priv, atmel_rx(priv, RX_DESC_FLAGS_OFFSET, priv->rx_desc_head)) == RX_DESC_FLAG_VALID && atmel_rmem8(priv, atmel_rx(priv, RX_DESC_FLAGS_OFFSET, priv->rx_desc_head)) == RX_DESC_FLAG_VALID &&
...@@ -1066,10 +1066,10 @@ static void rx_done_irq(struct atmel_private *priv) ...@@ -1066,10 +1066,10 @@ static void rx_done_irq(struct atmel_private *priv)
goto next; goto next;
} }
/* Get header as far as end of seq_ctl */ /* Get header as far as end of seq_ctrl */
atmel_copy_to_host(priv->dev, (char *)&header, rx_packet_loc, 24); atmel_copy_to_host(priv->dev, (char *)&header, rx_packet_loc, 24);
frame_ctl = le16_to_cpu(header.frame_ctl); frame_ctl = le16_to_cpu(header.frame_control);
seq_control = le16_to_cpu(header.seq_ctl); seq_control = le16_to_cpu(header.seq_ctrl);
/* probe for CRC use here if needed once five packets have /* probe for CRC use here if needed once five packets have
arrived with the same crc status, we assume we know what's arrived with the same crc status, we assume we know what's
...@@ -1819,7 +1819,7 @@ static int atmel_set_encodeext(struct net_device *dev, ...@@ -1819,7 +1819,7 @@ static int atmel_set_encodeext(struct net_device *dev,
/* Determine and validate the key index */ /* Determine and validate the key index */
idx = encoding->flags & IW_ENCODE_INDEX; idx = encoding->flags & IW_ENCODE_INDEX;
if (idx) { if (idx) {
if (idx < 1 || idx > WEP_KEYS) if (idx < 1 || idx > 4)
return -EINVAL; return -EINVAL;
idx--; idx--;
} else } else
...@@ -1882,7 +1882,7 @@ static int atmel_get_encodeext(struct net_device *dev, ...@@ -1882,7 +1882,7 @@ static int atmel_get_encodeext(struct net_device *dev,
idx = encoding->flags & IW_ENCODE_INDEX; idx = encoding->flags & IW_ENCODE_INDEX;
if (idx) { if (idx) {
if (idx < 1 || idx > WEP_KEYS) if (idx < 1 || idx > 4)
return -EINVAL; return -EINVAL;
idx--; idx--;
} else } else
...@@ -2797,7 +2797,7 @@ static void handle_beacon_probe(struct atmel_private *priv, u16 capability, ...@@ -2797,7 +2797,7 @@ static void handle_beacon_probe(struct atmel_private *priv, u16 capability,
u8 channel) u8 channel)
{ {
int rejoin = 0; int rejoin = 0;
int new = capability & MFIE_TYPE_POWER_CONSTRAINT ? int new = capability & WLAN_CAPABILITY_SHORT_PREAMBLE ?
SHORT_PREAMBLE : LONG_PREAMBLE; SHORT_PREAMBLE : LONG_PREAMBLE;
if (priv->preamble != new) { if (priv->preamble != new) {
...@@ -2826,19 +2826,19 @@ static void handle_beacon_probe(struct atmel_private *priv, u16 capability, ...@@ -2826,19 +2826,19 @@ static void handle_beacon_probe(struct atmel_private *priv, u16 capability,
static void send_authentication_request(struct atmel_private *priv, u16 system, static void send_authentication_request(struct atmel_private *priv, u16 system,
u8 *challenge, int challenge_len) u8 *challenge, int challenge_len)
{ {
struct ieee80211_hdr_4addr header; struct ieee80211_hdr header;
struct auth_body auth; struct auth_body auth;
header.frame_ctl = cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_AUTH); header.frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_AUTH);
header.duration_id = cpu_to_le16(0x8000); header.duration_id = cpu_to_le16(0x8000);
header.seq_ctl = 0; header.seq_ctrl = 0;
memcpy(header.addr1, priv->CurrentBSSID, 6); memcpy(header.addr1, priv->CurrentBSSID, 6);
memcpy(header.addr2, priv->dev->dev_addr, 6); memcpy(header.addr2, priv->dev->dev_addr, 6);
memcpy(header.addr3, priv->CurrentBSSID, 6); memcpy(header.addr3, priv->CurrentBSSID, 6);
if (priv->wep_is_on && priv->CurrentAuthentTransactionSeqNum != 1) if (priv->wep_is_on && priv->CurrentAuthentTransactionSeqNum != 1)
/* no WEP for authentication frames with TrSeqNo 1 */ /* no WEP for authentication frames with TrSeqNo 1 */
header.frame_ctl |= cpu_to_le16(IEEE80211_FCTL_PROTECTED); header.frame_control |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
auth.alg = cpu_to_le16(system); auth.alg = cpu_to_le16(system);
...@@ -2861,7 +2861,7 @@ static void send_association_request(struct atmel_private *priv, int is_reassoc) ...@@ -2861,7 +2861,7 @@ static void send_association_request(struct atmel_private *priv, int is_reassoc)
{ {
u8 *ssid_el_p; u8 *ssid_el_p;
int bodysize; int bodysize;
struct ieee80211_hdr_4addr header; struct ieee80211_hdr header;
struct ass_req_format { struct ass_req_format {
__le16 capability; __le16 capability;
__le16 listen_interval; __le16 listen_interval;
...@@ -2874,10 +2874,10 @@ static void send_association_request(struct atmel_private *priv, int is_reassoc) ...@@ -2874,10 +2874,10 @@ static void send_association_request(struct atmel_private *priv, int is_reassoc)
u8 rates[4]; u8 rates[4];
} body; } body;
header.frame_ctl = cpu_to_le16(IEEE80211_FTYPE_MGMT | header.frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
(is_reassoc ? IEEE80211_STYPE_REASSOC_REQ : IEEE80211_STYPE_ASSOC_REQ)); (is_reassoc ? IEEE80211_STYPE_REASSOC_REQ : IEEE80211_STYPE_ASSOC_REQ));
header.duration_id = cpu_to_le16(0x8000); header.duration_id = cpu_to_le16(0x8000);
header.seq_ctl = 0; header.seq_ctrl = 0;
memcpy(header.addr1, priv->CurrentBSSID, 6); memcpy(header.addr1, priv->CurrentBSSID, 6);
memcpy(header.addr2, priv->dev->dev_addr, 6); memcpy(header.addr2, priv->dev->dev_addr, 6);
...@@ -2887,7 +2887,7 @@ static void send_association_request(struct atmel_private *priv, int is_reassoc) ...@@ -2887,7 +2887,7 @@ static void send_association_request(struct atmel_private *priv, int is_reassoc)
if (priv->wep_is_on) if (priv->wep_is_on)
body.capability |= cpu_to_le16(WLAN_CAPABILITY_PRIVACY); body.capability |= cpu_to_le16(WLAN_CAPABILITY_PRIVACY);
if (priv->preamble == SHORT_PREAMBLE) if (priv->preamble == SHORT_PREAMBLE)
body.capability |= cpu_to_le16(MFIE_TYPE_POWER_CONSTRAINT); body.capability |= cpu_to_le16(WLAN_CAPABILITY_SHORT_PREAMBLE);
body.listen_interval = cpu_to_le16(priv->listen_interval * priv->beacon_period); body.listen_interval = cpu_to_le16(priv->listen_interval * priv->beacon_period);
...@@ -2901,10 +2901,10 @@ static void send_association_request(struct atmel_private *priv, int is_reassoc) ...@@ -2901,10 +2901,10 @@ static void send_association_request(struct atmel_private *priv, int is_reassoc)
bodysize = 12 + priv->SSID_size; bodysize = 12 + priv->SSID_size;
} }
ssid_el_p[0] = MFIE_TYPE_SSID; ssid_el_p[0] = WLAN_EID_SSID;
ssid_el_p[1] = priv->SSID_size; ssid_el_p[1] = priv->SSID_size;
memcpy(ssid_el_p + 2, priv->SSID, priv->SSID_size); memcpy(ssid_el_p + 2, priv->SSID, priv->SSID_size);
ssid_el_p[2 + priv->SSID_size] = MFIE_TYPE_RATES; ssid_el_p[2 + priv->SSID_size] = WLAN_EID_SUPP_RATES;
ssid_el_p[3 + priv->SSID_size] = 4; /* len of suported rates */ ssid_el_p[3 + priv->SSID_size] = 4; /* len of suported rates */
memcpy(ssid_el_p + 4 + priv->SSID_size, atmel_basic_rates, 4); memcpy(ssid_el_p + 4 + priv->SSID_size, atmel_basic_rates, 4);
...@@ -2912,9 +2912,9 @@ static void send_association_request(struct atmel_private *priv, int is_reassoc) ...@@ -2912,9 +2912,9 @@ static void send_association_request(struct atmel_private *priv, int is_reassoc)
} }
static int is_frame_from_current_bss(struct atmel_private *priv, static int is_frame_from_current_bss(struct atmel_private *priv,
struct ieee80211_hdr_4addr *header) struct ieee80211_hdr *header)
{ {
if (le16_to_cpu(header->frame_ctl) & IEEE80211_FCTL_FROMDS) if (le16_to_cpu(header->frame_control) & IEEE80211_FCTL_FROMDS)
return memcmp(header->addr3, priv->CurrentBSSID, 6) == 0; return memcmp(header->addr3, priv->CurrentBSSID, 6) == 0;
else else
return memcmp(header->addr2, priv->CurrentBSSID, 6) == 0; return memcmp(header->addr2, priv->CurrentBSSID, 6) == 0;
...@@ -2962,7 +2962,7 @@ static int retrieve_bss(struct atmel_private *priv) ...@@ -2962,7 +2962,7 @@ static int retrieve_bss(struct atmel_private *priv)
} }
static void store_bss_info(struct atmel_private *priv, static void store_bss_info(struct atmel_private *priv,
struct ieee80211_hdr_4addr *header, u16 capability, struct ieee80211_hdr *header, u16 capability,
u16 beacon_period, u8 channel, u8 rssi, u8 ssid_len, u16 beacon_period, u8 channel, u8 rssi, u8 ssid_len,
u8 *ssid, int is_beacon) u8 *ssid, int is_beacon)
{ {
...@@ -3001,7 +3001,7 @@ static void store_bss_info(struct atmel_private *priv, ...@@ -3001,7 +3001,7 @@ static void store_bss_info(struct atmel_private *priv,
else if (capability & WLAN_CAPABILITY_ESS) else if (capability & WLAN_CAPABILITY_ESS)
priv->BSSinfo[index].BSStype =IW_MODE_INFRA; priv->BSSinfo[index].BSStype =IW_MODE_INFRA;
priv->BSSinfo[index].preamble = capability & MFIE_TYPE_POWER_CONSTRAINT ? priv->BSSinfo[index].preamble = capability & WLAN_CAPABILITY_SHORT_PREAMBLE ?
SHORT_PREAMBLE : LONG_PREAMBLE; SHORT_PREAMBLE : LONG_PREAMBLE;
} }
...@@ -3037,7 +3037,7 @@ static void authenticate(struct atmel_private *priv, u16 frame_len) ...@@ -3037,7 +3037,7 @@ static void authenticate(struct atmel_private *priv, u16 frame_len)
} }
} else if (system == WLAN_AUTH_SHARED_KEY) { } else if (system == WLAN_AUTH_SHARED_KEY) {
if (trans_seq_no == 0x0002 && if (trans_seq_no == 0x0002 &&
auth->el_id == MFIE_TYPE_CHALLENGE) { auth->el_id == WLAN_EID_CHALLENGE) {
send_authentication_request(priv, system, auth->chall_text, auth->chall_text_len); send_authentication_request(priv, system, auth->chall_text, auth->chall_text_len);
return; return;
} else if (trans_seq_no == 0x0004) { } else if (trans_seq_no == 0x0004) {
...@@ -3288,12 +3288,12 @@ static void atmel_smooth_qual(struct atmel_private *priv) ...@@ -3288,12 +3288,12 @@ static void atmel_smooth_qual(struct atmel_private *priv)
/* deals with incoming managment frames. */ /* deals with incoming managment frames. */
static void atmel_management_frame(struct atmel_private *priv, static void atmel_management_frame(struct atmel_private *priv,
struct ieee80211_hdr_4addr *header, struct ieee80211_hdr *header,
u16 frame_len, u8 rssi) u16 frame_len, u8 rssi)
{ {
u16 subtype; u16 subtype;
subtype = le16_to_cpu(header->frame_ctl) & IEEE80211_FCTL_STYPE; subtype = le16_to_cpu(header->frame_control) & IEEE80211_FCTL_STYPE;
switch (subtype) { switch (subtype) {
case IEEE80211_STYPE_BEACON: case IEEE80211_STYPE_BEACON:
case IEEE80211_STYPE_PROBE_RESP: case IEEE80211_STYPE_PROBE_RESP:
......
...@@ -2,6 +2,8 @@ ...@@ -2,6 +2,8 @@
#include <linux/types.h> #include <linux/types.h>
#include <linux/etherdevice.h> #include <linux/etherdevice.h>
#include <linux/ieee80211.h>
#include <linux/if_arp.h>
#include <net/lib80211.h> #include <net/lib80211.h>
#include "assoc.h" #include "assoc.h"
...@@ -341,12 +343,12 @@ static int lbs_adhoc_start(struct lbs_private *priv, ...@@ -341,12 +343,12 @@ static int lbs_adhoc_start(struct lbs_private *priv,
WARN_ON(!assoc_req->channel); WARN_ON(!assoc_req->channel);
/* set Physical parameter set */ /* set Physical parameter set */
cmd.phyparamset.dsparamset.elementid = MFIE_TYPE_DS_SET; cmd.phyparamset.dsparamset.elementid = WLAN_EID_DS_PARAMS;
cmd.phyparamset.dsparamset.len = 1; cmd.phyparamset.dsparamset.len = 1;
cmd.phyparamset.dsparamset.currentchan = assoc_req->channel; cmd.phyparamset.dsparamset.currentchan = assoc_req->channel;
/* set IBSS parameter set */ /* set IBSS parameter set */
cmd.ssparamset.ibssparamset.elementid = MFIE_TYPE_IBSS_SET; cmd.ssparamset.ibssparamset.elementid = WLAN_EID_IBSS_PARAMS;
cmd.ssparamset.ibssparamset.len = 2; cmd.ssparamset.ibssparamset.len = 2;
cmd.ssparamset.ibssparamset.atimwindow = 0; cmd.ssparamset.ibssparamset.atimwindow = 0;
...@@ -430,8 +432,8 @@ static inline int match_bss_no_security(struct lbs_802_11_security *secinfo, ...@@ -430,8 +432,8 @@ static inline int match_bss_no_security(struct lbs_802_11_security *secinfo,
{ {
if (!secinfo->wep_enabled && !secinfo->WPAenabled if (!secinfo->wep_enabled && !secinfo->WPAenabled
&& !secinfo->WPA2enabled && !secinfo->WPA2enabled
&& match_bss->wpa_ie[0] != MFIE_TYPE_GENERIC && match_bss->wpa_ie[0] != WLAN_EID_GENERIC
&& match_bss->rsn_ie[0] != MFIE_TYPE_RSN && match_bss->rsn_ie[0] != WLAN_EID_RSN
&& !(match_bss->capability & WLAN_CAPABILITY_PRIVACY)) && !(match_bss->capability & WLAN_CAPABILITY_PRIVACY))
return 1; return 1;
else else
...@@ -453,7 +455,7 @@ static inline int match_bss_wpa(struct lbs_802_11_security *secinfo, ...@@ -453,7 +455,7 @@ static inline int match_bss_wpa(struct lbs_802_11_security *secinfo,
struct bss_descriptor *match_bss) struct bss_descriptor *match_bss)
{ {
if (!secinfo->wep_enabled && secinfo->WPAenabled if (!secinfo->wep_enabled && secinfo->WPAenabled
&& (match_bss->wpa_ie[0] == MFIE_TYPE_GENERIC) && (match_bss->wpa_ie[0] == WLAN_EID_GENERIC)
/* privacy bit may NOT be set in some APs like LinkSys WRT54G /* privacy bit may NOT be set in some APs like LinkSys WRT54G
&& (match_bss->capability & WLAN_CAPABILITY_PRIVACY) */ && (match_bss->capability & WLAN_CAPABILITY_PRIVACY) */
) )
...@@ -466,7 +468,7 @@ static inline int match_bss_wpa2(struct lbs_802_11_security *secinfo, ...@@ -466,7 +468,7 @@ static inline int match_bss_wpa2(struct lbs_802_11_security *secinfo,
struct bss_descriptor *match_bss) struct bss_descriptor *match_bss)
{ {
if (!secinfo->wep_enabled && secinfo->WPA2enabled && if (!secinfo->wep_enabled && secinfo->WPA2enabled &&
(match_bss->rsn_ie[0] == MFIE_TYPE_RSN) (match_bss->rsn_ie[0] == WLAN_EID_RSN)
/* privacy bit may NOT be set in some APs like LinkSys WRT54G /* privacy bit may NOT be set in some APs like LinkSys WRT54G
(match_bss->capability & WLAN_CAPABILITY_PRIVACY) */ (match_bss->capability & WLAN_CAPABILITY_PRIVACY) */
) )
...@@ -480,8 +482,8 @@ static inline int match_bss_dynamic_wep(struct lbs_802_11_security *secinfo, ...@@ -480,8 +482,8 @@ static inline int match_bss_dynamic_wep(struct lbs_802_11_security *secinfo,
{ {
if (!secinfo->wep_enabled && !secinfo->WPAenabled if (!secinfo->wep_enabled && !secinfo->WPAenabled
&& !secinfo->WPA2enabled && !secinfo->WPA2enabled
&& (match_bss->wpa_ie[0] != MFIE_TYPE_GENERIC) && (match_bss->wpa_ie[0] != WLAN_EID_GENERIC)
&& (match_bss->rsn_ie[0] != MFIE_TYPE_RSN) && (match_bss->rsn_ie[0] != WLAN_EID_RSN)
&& (match_bss->capability & WLAN_CAPABILITY_PRIVACY)) && (match_bss->capability & WLAN_CAPABILITY_PRIVACY))
return 1; return 1;
else else
......
...@@ -5,7 +5,6 @@ ...@@ -5,7 +5,6 @@
#include <net/iw_handler.h> #include <net/iw_handler.h>
#include <net/lib80211.h> #include <net/lib80211.h>
#include <net/ieee80211.h>
#include <linux/kfifo.h> #include <linux/kfifo.h>
#include "host.h" #include "host.h"
#include "hostcmd.h" #include "hostcmd.h"
...@@ -1071,7 +1070,7 @@ int lbs_mesh_config(struct lbs_private *priv, uint16_t action, uint16_t chan) ...@@ -1071,7 +1070,7 @@ int lbs_mesh_config(struct lbs_private *priv, uint16_t action, uint16_t chan)
switch (action) { switch (action) {
case CMD_ACT_MESH_CONFIG_START: case CMD_ACT_MESH_CONFIG_START:
ie->hdr.id = MFIE_TYPE_GENERIC; ie->id = WLAN_EID_GENERIC;
ie->val.oui[0] = 0x00; ie->val.oui[0] = 0x00;
ie->val.oui[1] = 0x50; ie->val.oui[1] = 0x50;
ie->val.oui[2] = 0x43; ie->val.oui[2] = 0x43;
...@@ -1083,7 +1082,7 @@ int lbs_mesh_config(struct lbs_private *priv, uint16_t action, uint16_t chan) ...@@ -1083,7 +1082,7 @@ int lbs_mesh_config(struct lbs_private *priv, uint16_t action, uint16_t chan)
ie->val.mesh_capability = MARVELL_MESH_CAPABILITY; ie->val.mesh_capability = MARVELL_MESH_CAPABILITY;
ie->val.mesh_id_len = priv->mesh_ssid_len; ie->val.mesh_id_len = priv->mesh_ssid_len;
memcpy(ie->val.mesh_id, priv->mesh_ssid, priv->mesh_ssid_len); memcpy(ie->val.mesh_id, priv->mesh_ssid, priv->mesh_ssid_len);
ie->hdr.len = sizeof(struct mrvl_meshie_val) - ie->len = sizeof(struct mrvl_meshie_val) -
IW_ESSID_MAX_SIZE + priv->mesh_ssid_len; IW_ESSID_MAX_SIZE + priv->mesh_ssid_len;
cmd.length = cpu_to_le16(sizeof(struct mrvl_meshie_val)); cmd.length = cpu_to_le16(sizeof(struct mrvl_meshie_val));
break; break;
......
...@@ -10,7 +10,6 @@ ...@@ -10,7 +10,6 @@
#include <linux/wireless.h> #include <linux/wireless.h>
#include <linux/ethtool.h> #include <linux/ethtool.h>
#include <linux/debugfs.h> #include <linux/debugfs.h>
#include <net/ieee80211.h>
#include "defs.h" #include "defs.h"
#include "hostcmd.h" #include "hostcmd.h"
...@@ -278,6 +277,12 @@ struct lbs_private { ...@@ -278,6 +277,12 @@ struct lbs_private {
struct enc_key wpa_mcast_key; struct enc_key wpa_mcast_key;
struct enc_key wpa_unicast_key; struct enc_key wpa_unicast_key;
/*
* In theory, the IE is limited to the IE length, 255,
* but in practice 64 bytes are enough.
*/
#define MAX_WPA_IE_LEN 64
/** WPA Information Elements*/ /** WPA Information Elements*/
u8 wpa_ie[MAX_WPA_IE_LEN]; u8 wpa_ie[MAX_WPA_IE_LEN];
u8 wpa_ie_len; u8 wpa_ie_len;
......
...@@ -12,9 +12,8 @@ ...@@ -12,9 +12,8 @@
#include <linux/kthread.h> #include <linux/kthread.h>
#include <linux/kfifo.h> #include <linux/kfifo.h>
#include <linux/stddef.h> #include <linux/stddef.h>
#include <linux/ieee80211.h>
#include <net/iw_handler.h> #include <net/iw_handler.h>
#include <net/ieee80211.h>
#include "host.h" #include "host.h"
#include "decl.h" #include "decl.h"
......
...@@ -233,7 +233,7 @@ static ssize_t mesh_id_set(struct device *dev, struct device_attribute *attr, ...@@ -233,7 +233,7 @@ static ssize_t mesh_id_set(struct device *dev, struct device_attribute *attr,
/* SSID len */ /* SSID len */
ie->val.mesh_id_len = len; ie->val.mesh_id_len = len;
/* IE len */ /* IE len */
ie->hdr.len = sizeof(struct mrvl_meshie_val) - IW_ESSID_MAX_SIZE + len; ie->len = sizeof(struct mrvl_meshie_val) - IW_ESSID_MAX_SIZE + len;
ret = lbs_mesh_config_send(priv, &cmd, CMD_ACT_MESH_CONFIG_SET, ret = lbs_mesh_config_send(priv, &cmd, CMD_ACT_MESH_CONFIG_SET,
CMD_TYPE_MESH_SET_MESH_IE); CMD_TYPE_MESH_SET_MESH_IE);
......
...@@ -6,8 +6,8 @@ ...@@ -6,8 +6,8 @@
*/ */
#include <linux/types.h> #include <linux/types.h>
#include <linux/etherdevice.h> #include <linux/etherdevice.h>
#include <linux/if_arp.h>
#include <asm/unaligned.h> #include <asm/unaligned.h>
#include <net/lib80211.h> #include <net/lib80211.h>
#include "host.h" #include "host.h"
...@@ -55,6 +55,8 @@ ...@@ -55,6 +55,8 @@
//! Scan time specified in the channel TLV for each channel for active scans //! Scan time specified in the channel TLV for each channel for active scans
#define MRVDRV_ACTIVE_SCAN_CHAN_TIME 100 #define MRVDRV_ACTIVE_SCAN_CHAN_TIME 100
#define DEFAULT_MAX_SCAN_AGE (15 * HZ)
static int lbs_ret_80211_scan(struct lbs_private *priv, unsigned long dummy, static int lbs_ret_80211_scan(struct lbs_private *priv, unsigned long dummy,
struct cmd_header *resp); struct cmd_header *resp);
...@@ -591,38 +593,36 @@ static int lbs_process_bss(struct bss_descriptor *bss, ...@@ -591,38 +593,36 @@ static int lbs_process_bss(struct bss_descriptor *bss,
/* process variable IE */ /* process variable IE */
while (pos <= end - 2) { while (pos <= end - 2) {
struct ieee80211_info_element * elem = (void *)pos; if (pos + pos[1] > end) {
if (pos + elem->len > end) {
lbs_deb_scan("process_bss: error in processing IE, " lbs_deb_scan("process_bss: error in processing IE, "
"bytes left < IE length\n"); "bytes left < IE length\n");
break; break;
} }
switch (elem->id) { switch (pos[0]) {
case MFIE_TYPE_SSID: case WLAN_EID_SSID:
bss->ssid_len = min_t(int, 32, elem->len); bss->ssid_len = min_t(int, IEEE80211_MAX_SSID_LEN, pos[1]);
memcpy(bss->ssid, elem->data, bss->ssid_len); memcpy(bss->ssid, pos + 2, bss->ssid_len);
lbs_deb_scan("got SSID IE: '%s', len %u\n", lbs_deb_scan("got SSID IE: '%s', len %u\n",
print_ssid(ssid, bss->ssid, bss->ssid_len), print_ssid(ssid, bss->ssid, bss->ssid_len),
bss->ssid_len); bss->ssid_len);
break; break;
case MFIE_TYPE_RATES: case WLAN_EID_SUPP_RATES:
n_basic_rates = min_t(uint8_t, MAX_RATES, elem->len); n_basic_rates = min_t(uint8_t, MAX_RATES, pos[1]);
memcpy(bss->rates, elem->data, n_basic_rates); memcpy(bss->rates, pos + 2, n_basic_rates);
got_basic_rates = 1; got_basic_rates = 1;
lbs_deb_scan("got RATES IE\n"); lbs_deb_scan("got RATES IE\n");
break; break;
case MFIE_TYPE_FH_SET: case WLAN_EID_FH_PARAMS:
pFH = (struct ieeetypes_fhparamset *) pos; pFH = (struct ieeetypes_fhparamset *) pos;
memmove(&bss->phyparamset.fhparamset, pFH, memmove(&bss->phyparamset.fhparamset, pFH,
sizeof(struct ieeetypes_fhparamset)); sizeof(struct ieeetypes_fhparamset));
lbs_deb_scan("got FH IE\n"); lbs_deb_scan("got FH IE\n");
break; break;
case MFIE_TYPE_DS_SET: case WLAN_EID_DS_PARAMS:
pDS = (struct ieeetypes_dsparamset *) pos; pDS = (struct ieeetypes_dsparamset *) pos;
bss->channel = pDS->currentchan; bss->channel = pDS->currentchan;
memcpy(&bss->phyparamset.dsparamset, pDS, memcpy(&bss->phyparamset.dsparamset, pDS,
...@@ -630,14 +630,14 @@ static int lbs_process_bss(struct bss_descriptor *bss, ...@@ -630,14 +630,14 @@ static int lbs_process_bss(struct bss_descriptor *bss,
lbs_deb_scan("got DS IE, channel %d\n", bss->channel); lbs_deb_scan("got DS IE, channel %d\n", bss->channel);
break; break;
case MFIE_TYPE_CF_SET: case WLAN_EID_CF_PARAMS:
pCF = (struct ieeetypes_cfparamset *) pos; pCF = (struct ieeetypes_cfparamset *) pos;
memcpy(&bss->ssparamset.cfparamset, pCF, memcpy(&bss->ssparamset.cfparamset, pCF,
sizeof(struct ieeetypes_cfparamset)); sizeof(struct ieeetypes_cfparamset));
lbs_deb_scan("got CF IE\n"); lbs_deb_scan("got CF IE\n");
break; break;
case MFIE_TYPE_IBSS_SET: case WLAN_EID_IBSS_PARAMS:
pibss = (struct ieeetypes_ibssparamset *) pos; pibss = (struct ieeetypes_ibssparamset *) pos;
bss->atimwindow = le16_to_cpu(pibss->atimwindow); bss->atimwindow = le16_to_cpu(pibss->atimwindow);
memmove(&bss->ssparamset.ibssparamset, pibss, memmove(&bss->ssparamset.ibssparamset, pibss,
...@@ -645,7 +645,7 @@ static int lbs_process_bss(struct bss_descriptor *bss, ...@@ -645,7 +645,7 @@ static int lbs_process_bss(struct bss_descriptor *bss,
lbs_deb_scan("got IBSS IE\n"); lbs_deb_scan("got IBSS IE\n");
break; break;
case MFIE_TYPE_COUNTRY: case WLAN_EID_COUNTRY:
pcountryinfo = (struct ieeetypes_countryinfoset *) pos; pcountryinfo = (struct ieeetypes_countryinfoset *) pos;
lbs_deb_scan("got COUNTRY IE\n"); lbs_deb_scan("got COUNTRY IE\n");
if (pcountryinfo->len < sizeof(pcountryinfo->countrycode) if (pcountryinfo->len < sizeof(pcountryinfo->countrycode)
...@@ -662,7 +662,7 @@ static int lbs_process_bss(struct bss_descriptor *bss, ...@@ -662,7 +662,7 @@ static int lbs_process_bss(struct bss_descriptor *bss,
(int) (pcountryinfo->len + 2)); (int) (pcountryinfo->len + 2));
break; break;
case MFIE_TYPE_RATES_EX: case WLAN_EID_EXT_SUPP_RATES:
/* only process extended supported rate if data rate is /* only process extended supported rate if data rate is
* already found. Data rate IE should come before * already found. Data rate IE should come before
* extended supported rate IE * extended supported rate IE
...@@ -673,50 +673,51 @@ static int lbs_process_bss(struct bss_descriptor *bss, ...@@ -673,50 +673,51 @@ static int lbs_process_bss(struct bss_descriptor *bss,
break; break;
} }
n_ex_rates = elem->len; n_ex_rates = pos[1];
if (n_basic_rates + n_ex_rates > MAX_RATES) if (n_basic_rates + n_ex_rates > MAX_RATES)
n_ex_rates = MAX_RATES - n_basic_rates; n_ex_rates = MAX_RATES - n_basic_rates;
p = bss->rates + n_basic_rates; p = bss->rates + n_basic_rates;
memcpy(p, elem->data, n_ex_rates); memcpy(p, pos + 2, n_ex_rates);
break; break;
case MFIE_TYPE_GENERIC: case WLAN_EID_GENERIC:
if (elem->len >= 4 && if (pos[1] >= 4 &&
elem->data[0] == 0x00 && elem->data[1] == 0x50 && pos[2] == 0x00 && pos[3] == 0x50 &&
elem->data[2] == 0xf2 && elem->data[3] == 0x01) { pos[4] == 0xf2 && pos[5] == 0x01) {
bss->wpa_ie_len = min(elem->len + 2, MAX_WPA_IE_LEN); bss->wpa_ie_len = min(pos[1] + 2, MAX_WPA_IE_LEN);
memcpy(bss->wpa_ie, elem, bss->wpa_ie_len); memcpy(bss->wpa_ie, pos, bss->wpa_ie_len);
lbs_deb_scan("got WPA IE\n"); lbs_deb_scan("got WPA IE\n");
lbs_deb_hex(LBS_DEB_SCAN, "WPA IE", bss->wpa_ie, elem->len); lbs_deb_hex(LBS_DEB_SCAN, "WPA IE", bss->wpa_ie,
} else if (elem->len >= MARVELL_MESH_IE_LENGTH && bss->wpa_ie_len);
elem->data[0] == 0x00 && elem->data[1] == 0x50 && } else if (pos[1] >= MARVELL_MESH_IE_LENGTH &&
elem->data[2] == 0x43 && elem->data[3] == 0x04) { pos[2] == 0x00 && pos[3] == 0x50 &&
pos[4] == 0x43 && pos[4] == 0x04) {
lbs_deb_scan("got mesh IE\n"); lbs_deb_scan("got mesh IE\n");
bss->mesh = 1; bss->mesh = 1;
} else { } else {
lbs_deb_scan("got generic IE: %02x:%02x:%02x:%02x, len %d\n", lbs_deb_scan("got generic IE: %02x:%02x:%02x:%02x, len %d\n",
elem->data[0], elem->data[1], pos[2], pos[3],
elem->data[2], elem->data[3], pos[4], pos[5],
elem->len); pos[1]);
} }
break; break;
case MFIE_TYPE_RSN: case WLAN_EID_RSN:
lbs_deb_scan("got RSN IE\n"); lbs_deb_scan("got RSN IE\n");
bss->rsn_ie_len = min(elem->len + 2, MAX_WPA_IE_LEN); bss->rsn_ie_len = min(pos[1] + 2, MAX_WPA_IE_LEN);
memcpy(bss->rsn_ie, elem, bss->rsn_ie_len); memcpy(bss->rsn_ie, pos, bss->rsn_ie_len);
lbs_deb_hex(LBS_DEB_SCAN, "process_bss: RSN_IE", lbs_deb_hex(LBS_DEB_SCAN, "process_bss: RSN_IE",
bss->rsn_ie, elem->len); bss->rsn_ie, bss->rsn_ie_len);
break; break;
default: default:
lbs_deb_scan("got IE 0x%04x, len %d\n", lbs_deb_scan("got IE 0x%04x, len %d\n",
elem->id, elem->len); pos[0], pos[1]);
break; break;
} }
pos += elem->len + 2; pos += pos[1] + 2;
} }
/* Timestamp */ /* Timestamp */
......
...@@ -7,6 +7,10 @@ ...@@ -7,6 +7,10 @@
#ifndef _LBS_SCAN_H #ifndef _LBS_SCAN_H
#define _LBS_SCAN_H #define _LBS_SCAN_H
#include <net/iw_handler.h>
#define MAX_NETWORK_COUNT 128
/** /**
* @brief Maximum number of channels that can be sent in a setuserscan ioctl * @brief Maximum number of channels that can be sent in a setuserscan ioctl
*/ */
......
...@@ -7,7 +7,6 @@ ...@@ -7,7 +7,6 @@
#include <linux/if_ether.h> #include <linux/if_ether.h>
#include <asm/byteorder.h> #include <asm/byteorder.h>
#include <linux/wireless.h> #include <linux/wireless.h>
#include <net/ieee80211.h>
struct ieeetypes_cfparamset { struct ieeetypes_cfparamset {
u8 elementid; u8 elementid;
...@@ -258,7 +257,7 @@ struct mrvlietypes_ledbhv { ...@@ -258,7 +257,7 @@ struct mrvlietypes_ledbhv {
* Note that the len member of the ieee80211_info_element varies depending on * Note that the len member of the ieee80211_info_element varies depending on
* the mesh_id_len */ * the mesh_id_len */
struct mrvl_meshie_val { struct mrvl_meshie_val {
uint8_t oui[P80211_OUI_LEN]; uint8_t oui[3];
uint8_t type; uint8_t type;
uint8_t subtype; uint8_t subtype;
uint8_t version; uint8_t version;
...@@ -270,7 +269,7 @@ struct mrvl_meshie_val { ...@@ -270,7 +269,7 @@ struct mrvl_meshie_val {
} __attribute__ ((packed)); } __attribute__ ((packed));
struct mrvl_meshie { struct mrvl_meshie {
struct ieee80211_info_element hdr; u8 id, len;
struct mrvl_meshie_val val; struct mrvl_meshie_val val;
} __attribute__ ((packed)); } __attribute__ ((packed));
......
...@@ -9,7 +9,6 @@ ...@@ -9,7 +9,6 @@
#include <linux/bitops.h> #include <linux/bitops.h>
#include <net/lib80211.h> #include <net/lib80211.h>
#include <net/ieee80211.h>
#include <net/iw_handler.h> #include <net/iw_handler.h>
#include "host.h" #include "host.h"
......
...@@ -86,8 +86,8 @@ ...@@ -86,8 +86,8 @@
#include <linux/firmware.h> #include <linux/firmware.h>
#include <linux/if_arp.h> #include <linux/if_arp.h>
#include <linux/wireless.h> #include <linux/wireless.h>
#include <linux/ieee80211.h>
#include <net/iw_handler.h> #include <net/iw_handler.h>
#include <net/ieee80211.h>
#include <linux/scatterlist.h> #include <linux/scatterlist.h>
#include <linux/crypto.h> #include <linux/crypto.h>
...@@ -143,7 +143,7 @@ static const u8 encaps_hdr[] = {0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00}; ...@@ -143,7 +143,7 @@ static const u8 encaps_hdr[] = {0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00};
#define ENCAPS_OVERHEAD (sizeof(encaps_hdr) + 2) #define ENCAPS_OVERHEAD (sizeof(encaps_hdr) + 2)
#define ORINOCO_MIN_MTU 256 #define ORINOCO_MIN_MTU 256
#define ORINOCO_MAX_MTU (IEEE80211_DATA_LEN - ENCAPS_OVERHEAD) #define ORINOCO_MAX_MTU (IEEE80211_MAX_DATA_LEN - ENCAPS_OVERHEAD)
#define SYMBOL_MAX_VER_LEN (14) #define SYMBOL_MAX_VER_LEN (14)
#define USER_BAP 0 #define USER_BAP 0
...@@ -392,7 +392,7 @@ static void orinoco_bss_data_init(struct orinoco_private *priv) ...@@ -392,7 +392,7 @@ static void orinoco_bss_data_init(struct orinoco_private *priv)
} }
static inline u8 *orinoco_get_ie(u8 *data, size_t len, static inline u8 *orinoco_get_ie(u8 *data, size_t len,
enum ieee80211_mfie eid) enum ieee80211_eid eid)
{ {
u8 *p = data; u8 *p = data;
while ((p + 2) < (data + len)) { while ((p + 2) < (data + len)) {
...@@ -409,7 +409,7 @@ static inline u8 *orinoco_get_wpa_ie(u8 *data, size_t len) ...@@ -409,7 +409,7 @@ static inline u8 *orinoco_get_wpa_ie(u8 *data, size_t len)
{ {
u8 *p = data; u8 *p = data;
while ((p + 2 + WPA_SELECTOR_LEN) < (data + len)) { while ((p + 2 + WPA_SELECTOR_LEN) < (data + len)) {
if ((p[0] == MFIE_TYPE_GENERIC) && if ((p[0] == WLAN_EID_GENERIC) &&
(memcmp(&p[2], WPA_OUI_TYPE, WPA_SELECTOR_LEN) == 0)) (memcmp(&p[2], WPA_OUI_TYPE, WPA_SELECTOR_LEN) == 0))
return p; return p;
p += p[1] + 2; p += p[1] + 2;
...@@ -839,7 +839,8 @@ static int orinoco_change_mtu(struct net_device *dev, int new_mtu) ...@@ -839,7 +839,8 @@ static int orinoco_change_mtu(struct net_device *dev, int new_mtu)
if ( (new_mtu < ORINOCO_MIN_MTU) || (new_mtu > ORINOCO_MAX_MTU) ) if ( (new_mtu < ORINOCO_MIN_MTU) || (new_mtu > ORINOCO_MAX_MTU) )
return -EINVAL; return -EINVAL;
if ( (new_mtu + ENCAPS_OVERHEAD + IEEE80211_HLEN) > /* MTU + encapsulation + header length */
if ( (new_mtu + ENCAPS_OVERHEAD + sizeof(struct ieee80211_hdr)) >
(priv->nicbuf_size - ETH_HLEN) ) (priv->nicbuf_size - ETH_HLEN) )
return -EINVAL; return -EINVAL;
...@@ -1254,7 +1255,7 @@ static void orinoco_rx_monitor(struct net_device *dev, u16 rxfid, ...@@ -1254,7 +1255,7 @@ static void orinoco_rx_monitor(struct net_device *dev, u16 rxfid,
} }
/* sanity check the length */ /* sanity check the length */
if (datalen > IEEE80211_DATA_LEN + 12) { if (datalen > IEEE80211_MAX_DATA_LEN + 12) {
printk(KERN_DEBUG "%s: oversized monitor frame, " printk(KERN_DEBUG "%s: oversized monitor frame, "
"data length = %d\n", dev->name, datalen); "data length = %d\n", dev->name, datalen);
stats->rx_length_errors++; stats->rx_length_errors++;
...@@ -1382,7 +1383,7 @@ static void __orinoco_ev_rx(struct net_device *dev, hermes_t *hw) ...@@ -1382,7 +1383,7 @@ static void __orinoco_ev_rx(struct net_device *dev, hermes_t *hw)
data. */ data. */
goto out; goto out;
} }
if (length > IEEE80211_DATA_LEN) { if (length > IEEE80211_MAX_DATA_LEN) {
printk(KERN_WARNING "%s: Oversized frame received (%d bytes)\n", printk(KERN_WARNING "%s: Oversized frame received (%d bytes)\n",
dev->name, length); dev->name, length);
stats->rx_length_errors++; stats->rx_length_errors++;
...@@ -3285,7 +3286,7 @@ static int orinoco_init(struct net_device *dev) ...@@ -3285,7 +3286,7 @@ static int orinoco_init(struct net_device *dev)
/* No need to lock, the hw_unavailable flag is already set in /* No need to lock, the hw_unavailable flag is already set in
* alloc_orinocodev() */ * alloc_orinocodev() */
priv->nicbuf_size = IEEE80211_FRAME_LEN + ETH_HLEN; priv->nicbuf_size = IEEE80211_MAX_FRAME_LEN + ETH_HLEN;
/* Initialize the firmware */ /* Initialize the firmware */
err = hermes_init(hw); err = hermes_init(hw);
...@@ -4681,7 +4682,7 @@ static int orinoco_ioctl_set_encodeext(struct net_device *dev, ...@@ -4681,7 +4682,7 @@ static int orinoco_ioctl_set_encodeext(struct net_device *dev,
/* Determine and validate the key index */ /* Determine and validate the key index */
idx = encoding->flags & IW_ENCODE_INDEX; idx = encoding->flags & IW_ENCODE_INDEX;
if (idx) { if (idx) {
if ((idx < 1) || (idx > WEP_KEYS)) if ((idx < 1) || (idx > 4))
goto out; goto out;
idx--; idx--;
} else } else
...@@ -4786,7 +4787,7 @@ static int orinoco_ioctl_get_encodeext(struct net_device *dev, ...@@ -4786,7 +4787,7 @@ static int orinoco_ioctl_get_encodeext(struct net_device *dev,
idx = encoding->flags & IW_ENCODE_INDEX; idx = encoding->flags & IW_ENCODE_INDEX;
if (idx) { if (idx) {
if ((idx < 1) || (idx > WEP_KEYS)) if ((idx < 1) || (idx > 4))
goto out; goto out;
idx--; idx--;
} else } else
...@@ -4949,7 +4950,8 @@ static int orinoco_ioctl_set_genie(struct net_device *dev, ...@@ -4949,7 +4950,8 @@ static int orinoco_ioctl_set_genie(struct net_device *dev,
unsigned long flags; unsigned long flags;
int err = 0; int err = 0;
if ((wrqu->data.length > MAX_WPA_IE_LEN) || /* cut off at IEEE80211_MAX_DATA_LEN */
if ((wrqu->data.length > IEEE80211_MAX_DATA_LEN) ||
(wrqu->data.length && (extra == NULL))) (wrqu->data.length && (extra == NULL)))
return -EINVAL; return -EINVAL;
...@@ -5632,7 +5634,7 @@ static inline char *orinoco_translate_ext_scan(struct net_device *dev, ...@@ -5632,7 +5634,7 @@ static inline char *orinoco_translate_ext_scan(struct net_device *dev,
&iwe, IW_EV_UINT_LEN); &iwe, IW_EV_UINT_LEN);
} }
ie = orinoco_get_ie(bss->data, sizeof(bss->data), MFIE_TYPE_DS_SET); ie = orinoco_get_ie(bss->data, sizeof(bss->data), WLAN_EID_DS_PARAMS);
channel = ie ? ie[2] : 0; channel = ie ? ie[2] : 0;
if ((channel >= 1) && (channel <= NUM_CHANNELS)) { if ((channel >= 1) && (channel <= NUM_CHANNELS)) {
/* Add channel and frequency */ /* Add channel and frequency */
...@@ -5682,7 +5684,7 @@ static inline char *orinoco_translate_ext_scan(struct net_device *dev, ...@@ -5682,7 +5684,7 @@ static inline char *orinoco_translate_ext_scan(struct net_device *dev,
} }
/* RSN IE */ /* RSN IE */
ie = orinoco_get_ie(bss->data, sizeof(bss->data), MFIE_TYPE_RSN); ie = orinoco_get_ie(bss->data, sizeof(bss->data), WLAN_EID_RSN);
if (ie) { if (ie) {
iwe.cmd = IWEVGENIE; iwe.cmd = IWEVGENIE;
iwe.u.data.length = ie[1] + 2; iwe.u.data.length = ie[1] + 2;
...@@ -5690,7 +5692,7 @@ static inline char *orinoco_translate_ext_scan(struct net_device *dev, ...@@ -5690,7 +5692,7 @@ static inline char *orinoco_translate_ext_scan(struct net_device *dev,
&iwe, ie); &iwe, ie);
} }
ie = orinoco_get_ie(bss->data, sizeof(bss->data), MFIE_TYPE_RATES); ie = orinoco_get_ie(bss->data, sizeof(bss->data), WLAN_EID_SUPP_RATES);
if (ie) { if (ie) {
char *p = current_ev + iwe_stream_lcp_len(info); char *p = current_ev + iwe_stream_lcp_len(info);
int i; int i;
......
...@@ -37,11 +37,11 @@ ...@@ -37,11 +37,11 @@
#include <linux/usb.h> #include <linux/usb.h>
#include <linux/usb/cdc.h> #include <linux/usb/cdc.h>
#include <linux/wireless.h> #include <linux/wireless.h>
#include <linux/ieee80211.h>
#include <linux/if_arp.h> #include <linux/if_arp.h>
#include <linux/ctype.h> #include <linux/ctype.h>
#include <linux/spinlock.h> #include <linux/spinlock.h>
#include <net/iw_handler.h> #include <net/iw_handler.h>
#include <net/ieee80211.h>
#include <linux/usb/usbnet.h> #include <linux/usb/usbnet.h>
#include <linux/usb/rndis_host.h> #include <linux/usb/rndis_host.h>
...@@ -1652,7 +1652,7 @@ static char *rndis_translate_scan(struct net_device *dev, ...@@ -1652,7 +1652,7 @@ static char *rndis_translate_scan(struct net_device *dev,
#ifdef DEBUG #ifdef DEBUG
struct usbnet *usbdev = dev->priv; struct usbnet *usbdev = dev->priv;
#endif #endif
struct ieee80211_info_element *ie; u8 *ie;
char *current_val; char *current_val;
int bssid_len, ie_len, i; int bssid_len, ie_len, i;
u32 beacon, atim; u32 beacon, atim;
...@@ -1750,20 +1750,20 @@ static char *rndis_translate_scan(struct net_device *dev, ...@@ -1750,20 +1750,20 @@ static char *rndis_translate_scan(struct net_device *dev,
ie_len = min(bssid_len - (int)sizeof(*bssid), ie_len = min(bssid_len - (int)sizeof(*bssid),
(int)le32_to_cpu(bssid->ie_length)); (int)le32_to_cpu(bssid->ie_length));
ie_len -= sizeof(struct ndis_80211_fixed_ies); ie_len -= sizeof(struct ndis_80211_fixed_ies);
while (ie_len >= sizeof(*ie) && sizeof(*ie) + ie->len <= ie_len) { while (ie_len >= 2 && 2 + ie[1] <= ie_len) {
if ((ie->id == MFIE_TYPE_GENERIC && ie->len >= 4 && if ((ie[0] == WLAN_EID_GENERIC && ie[1] >= 4 &&
memcmp(ie->data, "\x00\x50\xf2\x01", 4) == 0) || memcmp(ie + 2, "\x00\x50\xf2\x01", 4) == 0) ||
ie->id == MFIE_TYPE_RSN) { ie[0] == WLAN_EID_RSN) {
devdbg(usbdev, "IE: WPA%d", devdbg(usbdev, "IE: WPA%d",
(ie->id == MFIE_TYPE_RSN) ? 2 : 1); (ie[0] == WLAN_EID_RSN) ? 2 : 1);
iwe.cmd = IWEVGENIE; iwe.cmd = IWEVGENIE;
iwe.u.data.length = min(ie->len + 2, MAX_WPA_IE_LEN); /* arbitrary cut-off at 64 */
cev = iwe_stream_add_point(info, cev, end_buf, &iwe, iwe.u.data.length = min(ie[1] + 2, 64);
(u8 *)ie); cev = iwe_stream_add_point(info, cev, end_buf, &iwe, ie);
} }
ie_len -= sizeof(*ie) + ie->len; ie_len -= 2 + ie[1];
ie = (struct ieee80211_info_element *)&ie->data[ie->len]; ie += 2 + ie[1];
} }
return cev; return cev;
......
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
#define __WL3501_H__ #define __WL3501_H__
#include <linux/spinlock.h> #include <linux/spinlock.h>
#include <net/ieee80211.h> #include <linux/ieee80211.h>
/* define for WLA 2.0 */ /* define for WLA 2.0 */
#define WL3501_BLKSZ 256 #define WL3501_BLKSZ 256
...@@ -548,7 +548,7 @@ struct wl3501_80211_tx_plcp_hdr { ...@@ -548,7 +548,7 @@ struct wl3501_80211_tx_plcp_hdr {
struct wl3501_80211_tx_hdr { struct wl3501_80211_tx_hdr {
struct wl3501_80211_tx_plcp_hdr pclp_hdr; struct wl3501_80211_tx_plcp_hdr pclp_hdr;
struct ieee80211_hdr_4addr mac_hdr; struct ieee80211_hdr mac_hdr;
} __attribute__ ((packed)); } __attribute__ ((packed));
/* /*
......
...@@ -17,11 +17,11 @@ ...@@ -17,11 +17,11 @@
#include <linux/netdevice.h> #include <linux/netdevice.h>
#include <linux/etherdevice.h> #include <linux/etherdevice.h>
#include <linux/wireless.h> #include <linux/wireless.h>
#include <linux/ieee80211.h>
#include <net/iw_handler.h> #include <net/iw_handler.h>
#include <linux/string.h> #include <linux/string.h>
#include <linux/if_arp.h> #include <linux/if_arp.h>
#include <linux/firmware.h> #include <linux/firmware.h>
#include <net/ieee80211.h>
#include "zd1201.h" #include "zd1201.h"
static struct usb_device_id zd1201_table[] = { static struct usb_device_id zd1201_table[] = {
...@@ -345,7 +345,7 @@ static void zd1201_usbrx(struct urb *urb) ...@@ -345,7 +345,7 @@ static void zd1201_usbrx(struct urb *urb)
frag = kmalloc(sizeof(*frag), GFP_ATOMIC); frag = kmalloc(sizeof(*frag), GFP_ATOMIC);
if (!frag) if (!frag)
goto resubmit; goto resubmit;
skb = dev_alloc_skb(IEEE80211_DATA_LEN +14+2); skb = dev_alloc_skb(IEEE80211_MAX_DATA_LEN +14+2);
if (!skb) { if (!skb) {
kfree(frag); kfree(frag);
goto resubmit; goto resubmit;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment