On roaming, the auth and assoc req are sent with the sta
hlid. This is wrong, as the sta hlid is configured according
to the old ap. Use the dev_hlid instead.
Move the wl1271_tx_update_filters() call into wl1271_tx_get_hlid(),
so wl->dev_hlid will be valid.
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
There is a race condition between wl1271_tx_work() and the
channel switch, so make sure all the pending packets are
being sent before switching channel.
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
wl12xx uses a single probe response template, regardless of
the probe request.
However, the P2P spec forbids including the p2p ie in some
cases (e.g. the probe request didn't include the p2p ie).
The fw responds only to probe requests that don't
include the p2p ie, and passes up probe requests that
include them (the supplicant will answer them).
Thus, strip the p2p ie from the probe response template.
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
wl12xx uses the beacon as the probe response template.
However, the beacon includes a TIM ie, which shouldn't
exist in the probe response.
Delete it from the skb before configuring the probe
response template.
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
We were including only 11b rates in IBSS mode. This patch adds OFDM
rates.
[Rephrased commit log and removed one unnecessary comment. -- Luca]
Signed-off-by: Shahar Levi <shahar_levi@ti.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Due to some changes in PM in recent kernels, the sdio_test module has
been broken for a while. This patch fixes the code that powers the
card on and off.
Also made some small indentation fixes in the Makefile.
[Rephrased commit log and removed the change in the FW name, since
it's done in another patch. -- Luca]
Signed-off-by: Shahar Levi <shahar_levi@ti.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Driver does not report disconnect event properly when in connecting state,
this leads to issues failures in starting reconnection. Send a disconnect
command to target when a disconnect event is received with reason code
other than 3 (DISCONNECT_CMD - disconnect request from host) to make the
frimware stop trying to connect even after giving disconnect event. There
will be one more disconnect event for this disconnect command with reason
code DISCONNECT_CMD which will be notified to cfg80211.
Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
When pinging form ar6003 to the AP RTT was high even when power save was
disabled:
100 packets transmitted, 97 received, 3% packet loss, time 99125ms
rtt min/avg/max/mdev = 1.875/46.733/795.506/139.181 ms
After some investigation one reason for this was that received
multicast traffic confused the aggrecation logic and caused 400 ms
timeouts when receiving multicast frames from AP.
A simple way to fix is to pass only unicast frames for aggregation. This
improves RTT:
100 packets transmitted, 99 received, 1% packet loss, time 99144ms
rtt min/avg/max/mdev = 2.083/13.084/403.390/56.794 ms
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
We were using incorrect max and min dwell times during forced passive
scans because we were still using the active scan states to scan
(passively) the channels that were not marked as passive.
Instead of doing passive scans in active states, we now skip active
states and scan for all channels in passive states.
Cc: <stable@kernel.org> # 2.6.36+
Signed-off-by: Luciano Coelho <coelho@ti.com>
This allows RSN pre-authentication to be used when roaming decisions are
done in the target.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
When the rssi of the current AP drops, both wpa_supplicant and the
firmware may do a background scan to find a better AP and try to
associate. This might lead to a race condition where both may try
to connect to some AP based on their scan results.
Since the firmware is capable of handling roaming, let
wpa_supplicant know about this capability so that it will back off
from bgscan based roaming.
Signed-off-by: Vivek Natarajan <nataraja@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Now that we allow the first Beacon frame after each connection to
be processed at the host, we can figure out the DTIM period and
expose it with Beacon interval through STA info BSS parameters
to user space.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Since we may end up using a dummy BSS entry when roaming, allow one Beacon
frame -based bssinfo from the current BSS to be processed prior to starting
to filter all bssinfo events. This allows cfg80211 BSS table to be filled
with proper data in the roaming case where the full Beacon data may not
have been present at the time of roamed event.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
There is no point in unconditionally converting the bssinfo header
to the old version since only the new header is being used and the
driver can as well read the values from it when needed. Leaving out
the conversion saves some extra memory copying.
In addition, use the calculated "rssi" value snr - 95 dBm to get the
proper value in cfg80211 BSS table (i.e., something that more or less
matches with the value used in STA info).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Now that the scan results are reported directly to the cfg80211 BSS
table there is no need for maintaining this internal node table
implementation for scan results. Remove the definitions and node
table functions.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
The internal node table in ath6kl was not really used for any useful
purpose. It was just used to collect scan results during a scan and then
provide them in a burst to cfg80211 at the completion of the scan. There
is no point in doing this since cfg80211 is perfectly capable of
maintaining the BSS table and the BSS inform messages are sent in
separate function calls anyway.
This provides more complete information in the cfg80211 BSS table since
this allows Beacon and Probe Response frames to be distinguished and IEs
from them reported separately.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Since ath6kl does not actually update cfg80211 BSS table when this
event occurs, there is not much need for removing the entries from
the internal table that is not really used or exposed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
ath6kl does not actually update cfg80211 BSS table when this update
occurs, so there is not much need in updating the internal table
that is not used or exposed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
This event has been deprecated and there is no need for ath6kl to
include code for processing it.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
This fixes the BSS "update" just before the connected or roamed event.
The previous implementation was completely broken: it forced a hardcoded
signal strength and IEs from Association _Request_ frame instead of any
Beacon information. This broke various things, including PMKSA caching.
The current workaround for creating a dummy BSS entry before the roamed
event is not exactly ideal, but that is quite a bit better than the
previous state. As a future improvement, cfg80211 could potentially be
extended to allow this type of use or ath6kl could delay sending the
roamed event before receiving a BSS info event.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
We dereference "rate" on the lines before so the checks here are too
late to help. This function is only called from
mwifiex_dump_station_info() and "rate" is always a non-NULL pointer
so the check can be removed.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
We're not likely to hit this small memory leak, but lets fix it
anyway to keep the static checkers happy.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
iwl_trans_rx_alloc is only called from iwl_rx_init, so no need
to init the lists twice.
Signed-off-by: Amit Beka <amit.beka@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
During my works on the transport layer I removed code that updated
a local variable (is_agg) that is needed to keep the pending_frames
count up to date. Fix this.
Also, there should be no way to have a packet with TX_CTL_AMPDU set
while the internal aggregation state machine is not in AGG_ON state.
Add a WARN_ON to ensure that.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This has been removed but the declaration hasn't.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This simplifies both the transport layer and the upper layer.
Kill the union in the device command, which avoids the funny syntax
we had: cmd->cmd.payload.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Before this patch, the upper layer could register a callback for each
host command. This mechanism allowed the upper layer to have
different callbacks for the same command ID. In fact, it wasn't used
and the rx_handlers is enough: same callback for all the command with
a specific command ID.
The iwl_send_add_station needs the access the command that was sent
while handling the response (regardless if the command was sent in
SYNC or ASYNC mode). So now, all the handlers receive the host
command that was sent. This implies a change in the handler signature.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
If we're associated and want to do P2P at the same
time, the scan for remain-on-channel is currently
limited to 80ms because of the way the device will
behave in that case. Instead of doing that, split
up the dwell times into little pieces. It will not
actually be a single big dwell time then, but will
be close enough. This improves robustness of P2P
in such scenarios.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Since the driver split there's no more need for
shared/non-shared private station data so remove
struct iwl_station_priv_common entirely.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Since the driver split there's no longer a need
to have the scan code scattered across multiple
files, so move it all back to iwl-scan.c
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Send a Mesh Peering Close frame when we deactivate a mesh peer link.
Signed-off-by: Thomas Pedersen <thomas@cozybit.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
When an AP interface is removed without the
AP/VLAN interfaces having been removed before
already, the AP-VLAN interface might still
have sleeping stations and buffer multicast
frames which will happen on the AP interface.
Thus, we need to remove AP/VLAN interfaces
before purging buffered broadcast frames.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Incorrect variable was used in validating the akm_suites array from
NL80211_ATTR_AKM_SUITES. In addition, there was no explicit
validation of the array length (we only have room for
NL80211_MAX_NR_AKM_SUITES).
This can result in a buffer write overflow for stack variables with
arbitrary data from user space. The nl80211 commands using the affected
functionality require GENL_ADMIN_PERM, so this is only exposed to admin
users.
Cc: stable@kernel.org
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
iwlegacy version of fix:
commit effd4d9aec
Author: Johannes Berg <johannes.berg@intel.com>
Date: Thu Sep 15 11:46:52 2011 -0700
iwlagn: do not use interruptible waits
Since the dawn of its time, iwlwifi has used
interruptible waits to wait for synchronous
commands and firmware loading.
This leads to "interesting" bugs, because it
can't actually handle the interruptions; for
example when a command sending is interrupted
it will assume the command completed fully,
and then leave it pending, which leads to all
kinds of trouble when the command finishes
later.
Since there's no easy way to gracefully deal
with interruptions, fix the driver to not use
interruptible waits.
This at least fixes the error
iwlagn 0000:02:00.0: Error: Response NULL in 'REPLY_SCAN_ABORT_CMD'
I have seen in P2P testing, but it is likely
that there are other errors caused by this.
Cc: stable@kernel.org # 2.6.39+
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
iwlegacy version of fix:
commit 282cdb325a
Author: Johannes Berg <johannes.berg@intel.com>
Date: Mon Sep 12 12:09:10 2011 -0700
iwlagn: fix command queue timeout
If the command queue is constantly busy,
which can happen in P2P, the hangcheck
timer will frequently find a command in
it and will eventually reset the device
because nothing sets the timestamp for
this queue when commands are processed.
Fix this by setting the timestamp when
a command completes.
iwlegacy does not support P2P, but this patch fix possible
unneeded hardware resets, hence is needed.
Cc: stable@kernel.org # 2.6.39+
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
During the endurance testing, rx frames are not getting DMAd from
MAC whereas pcu rx frame counters are getting updated properly.
As per systems team input updated the initval to fix rx dma stuck
issue.
Cc: stable@kernel.org
Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
l2cap_create_iframe_pdu is only used in l2cap_core.c
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
The mgmt_device_found event will be used to report LE devices found
during discovery procedure. Since LE advertising reports events
doesn't have class of device information, we need to check if
'dev_class' is not NULL before copying it.
Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
This patch reduces the critial region (protected by hdev->lock) in
hci_cc_le_set_scan_enable(). This way, only really required code is
synchronized.
Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
This patch fixes wrong memcpy size when copying rand value to
HCI_OP_LE_START_ENC command.
The compiler pretends that the array parameter was declared as a pointer
and sizeof reports the size of the pointer. [1]
[1] http://www.c-faq.com/aryptr/aryparmsize.html
Signed-off-by: Anderson Briglia <anderson.briglia@openbossa.org>
Signed-off-by: Anderson Lizardo <anderson.lizardo@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
For now, only the LTK is properly supported. We are able to receive
and generate the other types of keys, but we are not able to use
them. So it's better not request them to be distributed.
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
For slave initiated security, we should set a default security level,
for now BT_SECURITY_MEDIUM.
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
This reverts commit 5a0a8b4974.
If we use separate messages and list for SMP specific keys we can
simplify the code.
Conflicts:
net/bluetooth/mgmt.c
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
When receiving a security request from the remote device we should find
if there is already a LTK associated with the remote device, if found
we should use it to encrypt the link.
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Until we support any pairing method (Passkey Entry, OOB) that gives
MITM protection we shouldn't send that we have MITM protection.
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Add management interface events for blocking/unblocking a device.
Sender of the block device command gets cmd complete and other
mgmt sockets get the event. Event is also sent to mgmt sockets when
blocking is done with ioctl, e.g when blocking a device with
hciconfig. This makes it possible for bluetoothd to track status
of blocked devices when a third party block or unblocks a device.
Event sending is handled in mgmt_device_blocked function which gets
called from hci_blacklist_add in hci_core.c. A pending command is
added in mgmt_block_device, so that it can found when sending the
event - the event is not sent to the socket from which the pending
command came. Locks were moved out from hci_core.c to hci_sock.c
and mgmt.c, because locking is needed also for mgmt_pending_add in
mgmt.c.
Signed-off-by: Antti Julku <antti.julku@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
This lifts the requirement of 16 digits pin codes when pairing
with devices that do not support SSP when using the mgmt interface.
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
The HIGH security level requires a 16 digit pin code for non-SSP
bondings. Sometimes this requirement is not acceptable and we still
want protection againts MITM attacks (which is something that the
MEDIUM security level doesn't provide), for that we should allow
another way to request authentication without using the HIGH security
level.
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>