If "offset" is negative then we can get past this check:
if (offset > CONTROL_BUFFER_SIZE)
Or if we pick a very high "req_ie_len" then we can get around the check:
if (offset + req_ie_len > CONTROL_BUFFER_SIZE)
I made "resp_ie_len" and "req_ie_len" unsigned. I don't know if it was
intentional that they were signed in the original.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Mesh peer links are established only if average rssi of the peer
candidate satisfies the threshold. This is not in 802.11s specification
but was requested by David Fulgham, an open80211s user. This is a way to avoid
marginal peer links with stations that are barely within range.
This patch adds a new mesh configuration parameter, mesh_rssi_threshold. This
feature is supported only for hardwares that report signal in dBm.
Signed-off-by: Ashok Nagarajan <ashok@cozybit.com>
Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
When using the bcm5354 (Soc with integrated LP-PHY Wifi) with a recent
firmware >= 478.104 it runs out of memory after a very short time in
OpenWrt after doing an active scan or any thing else where packages are
send. This was cased by a gpio misconfiguration, the firmware triggered
the GPIO pins used for buttons on some devices and that caused an other
driver (OpenWrt diag) listening for these buttons irqs to send many
messages to the user space.
This patch fixes the bug for my devices (Asus WL-520GU) and makes it
work with firmware 666.2. Now the firmware just uses LED GPIO pin
number 1 and not the button pins any more.
This is the GPIO Pin layout used on my device, see [0].
GPIO pin layout:
pin# name type
0 power led
1 wlan led
2 reset button
3 ses buttom
This is the nvram configuration output of "nvram show |grep gpio"
related nvram configuration:
wl0gpio2=11
wl0gpio3=11
wl0gpio0=11
wl0gpio1=0x02
reset_gpio=2
[0]: https://dev.openwrt.org/browser/trunk/package/broadcom-diag/src/diag.c
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
this does the same thing as the previous code
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
its better to zero initialize the 'valid_phy_rate_idx' array completely
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
According to Section Y.7.4 Actions on receipt of proactive RANN, an individually
addressed PREQ should be generated towards the neighbor peer mesh STA indicated
in the RANN Sender Address field in the forwarding information.
Signed-off-by: Chun-Yeow Yeoh <yeohchunyeow@gmail.com>
Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Thomas Pedersen <thomas@cozybit.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Currently if valid SSID list is provided in scan request, driver
performs specific SSID scan otherwise wildcard scan is chosen.
When wpa_supplicant provides valid SSID list followed by
zero-length SSID for wildcard scan, only specific SSID scan is
performed by driver. Actually driver is expected to do both type
of scanning in this case. The patch fixes this issue.
Also, use SSID list pointer provided by stack directly, instead
of copying SSID's to local structure.
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Use struct cfg80211_ssid available in include/net/cfg80211.h
instead of having similar definition in driver.
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
1. Driver and firmware do not support 22Mbps and 72Mbps bitrates.
Remove them from the rate table advertised to cfg80211.
2. First 4 rates from mwifiex_rates table are not valid for
5GHz/A band. Set correct bitrate array's index and no of rates for
ieee80211_supported_band for 5GHz band.
Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Nishant Sarmukadam <nishants@marvell.com>
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com>
Signed-off-by: Kiran Divekar <dkiran@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
On SoCs the sprom is often stored in nvram in the flashchip. This patch
registers a sprom fallback callback handler in bcma and provides the
sprom needed for this device.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Move the sprom parsing from nvram into sprom.c. There are all values
needed for sprom version 1 to 9 read from nvram and there are more
sanity checks added. This is based on the sprom parsing in the open
source part of the Broadcom SDK.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Explicitly enforce an char array of 6 bytes for the mac address.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
On SoCs the sprom is stored in the nvram in a special partition on the
flash chip. The nvram contains the sprom for the main bus, but
sometimes also for a pci devices using bcma. This patch makes it
possible for the arch code to register a function to fetch the needed
sprom from the nvram and provide it to the bcma code.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This function is needed by the bcm47xx arch code to get the number of
the ieee80211 core.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This patch extends the sprom struct to contain all sprom attributes
found in sprom version 1 to 9. This was done accordingly to the open
source part of the Broadcom SDK.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This member contains the country code encoded with two chars
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
On sprom version 4 and 5 there are 4 values for pa_2g, pa_5gl, pa_5g
and pa_5gh, for sprom version 8 and 9 there are only 3. Make the per
path sprom store also work for older sprom versions.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
There is no 2.4 GHz or 5GHz antenna gain stored in sprom. The sprom
just stores the gain values for antenna 1 and 2 or 1 to 4 for more
recent sprom versions. On old devices antenna 2 was used for 5 GHz wifi.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Some parts of the sprom struct are bigger than needed.
The leddc and maxpwr values are just 8 bit long and not 16.
rxpo2g and rxpo5g are signed
I got these information for the open source part of the Broadcom SDK
covering sprom version 1 to 9. rxpo2g contained a negative number on my
bcm5354 based device, this cased an error and Broadcom SDK says this is
signed.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Not doing so could cause the tx status queue to overflow during longer
periods of time without non-beacon tx. These events are also required
for proper drv_tx_last_beacon handling.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Since AR9003 uses a global tx status queue, processing tx status outside of
the regular tx tasklet is dangerous and messes up hardware/software
synchronization of tx status events.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The approach of this change is flawed, as it triggers tx status processing
from more callsites, yet the chips only have one global tx status queue.
Subsequent patches will properly fix the issue that this one tried to address.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
When authentication type is configured to NL80211_AUTHTYPE_AUTOMATIC,
driver tries to connect using open mode. The association is failed
if AP is configured in shared mode.
This patch adds code to try association using shared mode as well if
open mode association fails.
Now since we returned exact error code in association response handler
(instead of -1), corresponding changes are done in
mwifiex_process_cmdresp().
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
That commit intended for 3.4 renamed IEEE80211_TX_CTL_POLL_RESPONSE as
IEEE80211_TX_CTL_NO_PS_BUFFER. Meanwhile, "carl9170: fix frame delivery
if sta is in powersave mode" added a reference to
IEEE80211_TX_CTL_POLL_RESPONSE in the fixes stream for 3.3. This simple
patch fixes that merge boo-boo.
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Previous RX error checking was done exclusive-or for different error
types and caused DFS pulse events to be dropped when other error
flags (e.g. CRC) were set simultaneously.
This patch decouples PHY error processing from other types and ensures
that all pulses detected by HW are accounted by the pattern detector.
Signed-off-by: Zefir Kurtisi <zefir.kurtisi@neratec.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Remove the enum il4965_calib_enabled_state because it is not used.
Signed-off-by: Greg Dietsche <Gregory.Dietsche@cuw.edu>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Remove the enum il_calib. It defined one identifier: IL_CALIB_MAX.
Remove the function il4965_calib_free_results. It was doing nothing
because IL_CALIB_MAX is zero. Next, remove calib_results from the
il_priv structure and also remove the associated return
type/struct il_calib_result.
Signed-off-by: Greg Dietsche <Gregory.Dietsche@cuw.edu>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Since the menuconfig system doesn't indent the debug options
for the 3945 /4965, add some text to make it clear which
debug options are being configured.
Signed-off-by: Greg Dietsche <Gregory.Dietsche@cuw.edu>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Move the debug options so they appear below the 3945 / 4965 options.
Signed-off-by: Greg Dietsche <Gregory.Dietsche@cuw.edu>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This renames the IEEE80211_TX_CTL_POLL_RESPONSE
TX flag to IEEE80211_TX_CTL_NO_PS_BUFFER and also
uses it for non-bufferable MMPDUs (all MMPDUs but
deauth, disassoc and action frames.)
Previously, mac80211 would let the MMPDU through
but not set the flag so drivers supporting some
hardware aids for avoiding the PS races would
then reject the frame.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Instead of defining an 'enum', we can simply use 'u8' flag for WEP
status. Rename 'wep_status' to 'wep_enabled' to match with
'wpa_enabled' and 'wpa2_enabled'.
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
It should have been removed by commit "mwifiex: use cfg80211 dynamic
scan..." (7c6fa2a843..) after adding code to avoid an extra scan
during association because scan entries are valid for 15 seconds in
cfg80211 stack.
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The association sequence looks (roughly) like
this now:
* set BSSID
* set station to EXIST state
* send auth
* set station to AUTH state
* send assoc
* set station to ASSOC state
* set BSS info to associated
In contrast, the deauth/disassoc sequence is
the other way around:
* clear BSSID/BSS info state
* remove station
* send deauth/disassoc
(in some cases the last two steps are reversed.)
This patch encodes the entire sequence in the
ieee80211_set_disassoc() function and changes
it to be like this, for good measure with an
explicit flush:
* send deauth/disassoc
* flush
* remove station
* clear BSSID/BSS info state
At least iwlwifi gets confused with the other
sequence in P2P mode and complains that it
wasn't able to flush the queues.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
When ieee80211_set_disassoc() is called with the
tx argument set to true, it will send DelBA out
to the peer. This isn't useful or necessary in a
few cases where we do it today, those being when
we lost the connection or when the supplicant
explicitly asked us to not tell the AP.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Instead of calling cfg80211 in ieee80211_send_deauth_disassoc()
pass out the frame and call it from the caller. That saves the
SKB allocation if we don't actually want to send the frame and
enables us to make the ordering smarter in the future.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
In "cfg80211: no cookies in cfg80211_send_XXX()"
Holger Schurig removed the cookies in the calls
from mac80211 to cfg80211, but the ones in the
other direction were left in. Remove them now.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
It's just a duplicate of ipw2100_bg_rates[].
Signed-off-by: Stanislav Yakovlev <stas.yakovlev@gmail.com>
Reviewed-by: Julian Calaby <julian.calaby@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
I am running Debian testing kernel 3.1.0-1-amd64, using a 079b:0062 Sagem
XG-76NA 802.11bg stick.
Upon zd1211rw interface
bringup (ifconfig wlan0 up) I get the following timeout:
[ 950.330573] zd1211rw 1-3:1.0: phy2
[ 955.108510] zd1211rw 1-3:1.0: firmware version 4725
[ 955.148532] zd1211rw 1-3:1.0: zd1211b chip 079b:0062 v4810 high 00-19-70
AL2230_RF pa0 g--NS
[snip]
[ 955.204072] zd1211rw 1-3:1.0: error ioread32(CR_REG1): -110
A second ifconfig wlan0 up brings the interface up without problems.
After a bit more debugging, the call trace is the following:
[10241.028130] zd1211rw 1-3:1.0: zd_chip_lock_phy_regs: error
ioread32(CR_REG1): -110
[10241.028140] zd1211rw 1-3:1.0: zd_switch_radio_on: failed to lock PHY regs
[10241.028148] zd1211rw 1-3:1.0: zd_op_start: failed to set radio on
Adding a 10 milliseconds delay between the call to set_mc_hash() and
zd_chip_switch_radio_on() allows successful interface bringups in all
cases and matches what the vendor driver did.
Acked-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
Signed-off-by: Florian Fainelli <florian@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Recent commit
"mwifiex: clear previous security setting during association"
fixes association failure problems observed in some corner cases
by clearing previous security setting before each association.
We should reset encryption mode flag as well. This patch takes care
of it.
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Nicolas Cavallari discovered that carl9170 has some
serious problems delivering data to sleeping stations.
It turns out that the driver was not honoring two
important flags (IEEE80211_TX_CTL_POLL_RESPONSE and
IEEE80211_TX_CTL_CLEAR_PS_FILT) which are set on
frames that should be sent although the receiving
station is still in powersave mode.
Cc: stable <stable@vger.kernel.org>
Reported-by: Nicolas Cavallari <Nicolas.Cavallari@lri.fr>
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
On Access Point mode, when transmitting a packet, if the destination
station is in powersave mode, we abort transmitting the packet to the
device queue, but we do not reclaim the allocated memory. Given enough
packets, we can go in a state where there is no packet on the device
queue, but we think the device has no memory left, so no packet gets
transmitted, connections breaks and the AP stops working.
This undo the allocation done in the TX path when the station is in
power-save mode.
Signed-off-by: Nicolas Cavallari <cavallar@lri.fr>
Acked-by: Christian Lamparter <chunkeey@googlemail.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This is a fixup for my:
iwlwifi: kill iwl_bus.h
Please fold them into one patch for upstream
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
We can use forward declaration for the relevant struct since they
aren't dereferenced in the header file.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Also add a might_sleep to enforce the context requirements.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>