Home Explore Help
Register Sign In
phyus
/
linux-vybrid_public
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 8b30b1fe36
Branches Tags
linux-vybrid_pu...
/
net
/
mac80211
/
ht.c

ht.c 31 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068 
  1. /*
    2. 

  2.  * HT handling
    3. 

  3.  *
    4. 

  4.  * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi>
    5. 

  5.  * Copyright 2002-2005, Instant802 Networks, Inc.
    6. 

  6.  * Copyright 2005-2006, Devicescape Software, Inc.
    7. 

  7.  * Copyright 2006-2007	Jiri Benc <jbenc@suse.cz>
    8. 

  8.  * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
    9. 

  9.  * Copyright 2007-2008, Intel Corporation
    10. 

  10.  *
    11. 

  11.  * This program is free software; you can redistribute it and/or modify
    12. 

  12.  * it under the terms of the GNU General Public License version 2 as
    13. 

  13.  * published by the Free Software Foundation.
    14. 

  14.  */
    15. 

  15. 

  16. #include <linux/ieee80211.h>
    17. 

  17. #include <net/wireless.h>
    18. 

  18. #include <net/mac80211.h>
    19. 

  19. #include "ieee80211_i.h"
    20. 

  20. #include "sta_info.h"
    21. 

  21. #include "wme.h"
    22. 

  22. 

  23. void ieee80211_ht_cap_ie_to_sta_ht_cap(struct ieee80211_supported_band *sband,
    24. 

  24. 				       struct ieee80211_ht_cap *ht_cap_ie,
    25. 

  25. 				       struct ieee80211_sta_ht_cap *ht_cap)
    26. 

  26. {
    27. 

  27. 	u8 ampdu_info, tx_mcs_set_cap;
    28. 

  28. 	int i, max_tx_streams;
    29. 

  29. 

  30. 	BUG_ON(!ht_cap);
    31. 

  31. 

  32. 	memset(ht_cap, 0, sizeof(*ht_cap));
    33. 

  33. 

  34. 	if (!ht_cap_ie)
    35. 

  35. 		return;
    36. 

  36. 

  37. 	ht_cap->ht_supported = true;
    38. 

  38. 

  39. 	ht_cap->cap = ht_cap->cap & sband->ht_cap.cap;
    40. 

  40. 	ht_cap->cap &= ~IEEE80211_HT_CAP_SM_PS;
    41. 

  41. 	ht_cap->cap |= sband->ht_cap.cap & IEEE80211_HT_CAP_SM_PS;
    42. 

  42. 

  43. 	ampdu_info = ht_cap_ie->ampdu_params_info;
    44. 

  44. 	ht_cap->ampdu_factor =
    45. 

  45. 		ampdu_info & IEEE80211_HT_AMPDU_PARM_FACTOR;
    46. 

  46. 	ht_cap->ampdu_density =
    47. 

  47. 		(ampdu_info & IEEE80211_HT_AMPDU_PARM_DENSITY) >> 2;
    48. 

  48. 

  49. 	/* own MCS TX capabilities */
    50. 

  50. 	tx_mcs_set_cap = sband->ht_cap.mcs.tx_params;
    51. 

  51. 

  52. 	/* can we TX with MCS rates? */
    53. 

  53. 	if (!(tx_mcs_set_cap & IEEE80211_HT_MCS_TX_DEFINED))
    54. 

  54. 		return;
    55. 

  55. 

  56. 	/* Counting from 0, therefore +1 */
    57. 

  57. 	if (tx_mcs_set_cap & IEEE80211_HT_MCS_TX_RX_DIFF)
    58. 

  58. 		max_tx_streams =
    59. 

  59. 			((tx_mcs_set_cap & IEEE80211_HT_MCS_TX_MAX_STREAMS_MASK)
    60. 

  60. 				>> IEEE80211_HT_MCS_TX_MAX_STREAMS_SHIFT) + 1;
    61. 

  61. 	else
    62. 

  62. 		max_tx_streams = IEEE80211_HT_MCS_TX_MAX_STREAMS;
    63. 

  63. 

  64. 	/*
    65. 

  65. 	 * 802.11n D5.0 20.3.5 / 20.6 says:
    66. 

  66. 	 * - indices 0 to 7 and 32 are single spatial stream
    67. 

  67. 	 * - 8 to 31 are multiple spatial streams using equal modulation
    68. 

  68. 	 *   [8..15 for two streams, 16..23 for three and 24..31 for four]
    69. 

  69. 	 * - remainder are multiple spatial streams using unequal modulation
    70. 

  70. 	 */
    71. 

  71. 	for (i = 0; i < max_tx_streams; i++)
    72. 

  72. 		ht_cap->mcs.rx_mask[i] =
    73. 

  73. 			sband->ht_cap.mcs.rx_mask[i] & ht_cap_ie->mcs.rx_mask[i];
    74. 

  74. 

  75. 	if (tx_mcs_set_cap & IEEE80211_HT_MCS_TX_UNEQUAL_MODULATION)
    76. 

  76. 		for (i = IEEE80211_HT_MCS_UNEQUAL_MODULATION_START_BYTE;
    77. 

  77. 		     i < IEEE80211_HT_MCS_MASK_LEN; i++)
    78. 

  78. 			ht_cap->mcs.rx_mask[i] =
    79. 

  79. 				sband->ht_cap.mcs.rx_mask[i] &
    80. 

  80. 					ht_cap_ie->mcs.rx_mask[i];
    81. 

  81. 

  82. 	/* handle MCS rate 32 too */
    83. 

  83. 	if (sband->ht_cap.mcs.rx_mask[32/8] & ht_cap_ie->mcs.rx_mask[32/8] & 1)
    84. 

  84. 		ht_cap->mcs.rx_mask[32/8] |= 1;
    85. 

  85. }
    86. 

  86. 

  87. /*
    88. 

  88.  * ieee80211_enable_ht should be called only after the operating band
    89. 

  89.  * has been determined as ht configuration depends on the hw's
    90. 

  90.  * HT abilities for a specific band.
    91. 

  91.  */
    92. 

  92. u32 ieee80211_enable_ht(struct ieee80211_sub_if_data *sdata,
    93. 

  93. 			struct ieee80211_ht_info *hti,
    94. 

  94. 			u16 ap_ht_cap_flags)
    95. 

  95. {
    96. 

  96. 	struct ieee80211_local *local = sdata->local;
    97. 

  97. 	struct ieee80211_supported_band *sband;
    98. 

  98. 	struct ieee80211_bss_ht_conf ht;
    99. 

  99. 	u32 changed = 0;
    100. 

  100. 	bool enable_ht = true, ht_changed;
    101. 

  101. 

  102. 	sband = local->hw.wiphy->bands[local->hw.conf.channel->band];
    103. 

  103. 

  104. 	memset(&ht, 0, sizeof(ht));
    105. 

  105. 

  106. 	/* HT is not supported */
    107. 

  107. 	if (!sband->ht_cap.ht_supported)
    108. 

  108. 		enable_ht = false;
    109. 

  109. 

  110. 	/* check that channel matches the right operating channel */
    111. 

  111. 	if (local->hw.conf.channel->center_freq !=
    112. 

  112. 	    ieee80211_channel_to_frequency(hti->control_chan))
    113. 

  113. 		enable_ht = false;
    114. 

  114. 

  115. 	/*
    116. 

  116. 	 * XXX: This is totally incorrect when there are multiple virtual
    117. 

  117. 	 *	interfaces, needs to be fixed later.
    118. 

  118. 	 */
    119. 

  119. 	ht_changed = local->hw.conf.ht.enabled != enable_ht;
    120. 

  120. 	local->hw.conf.ht.enabled = enable_ht;
    121. 

  121. 	if (ht_changed)
    122. 

  122. 		ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_HT);
    123. 

  123. 

  124. 	/* disable HT */
    125. 

  125. 	if (!enable_ht)
    126. 

  126. 		return 0;
    127. 

  127. 	ht.secondary_channel_offset =
    128. 

  128. 		hti->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET;
    129. 

  129. 	ht.width_40_ok =
    130. 

  130. 		!(ap_ht_cap_flags & IEEE80211_HT_CAP_40MHZ_INTOLERANT) &&
    131. 

  131. 		(sband->ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) &&
    132. 

  132. 		(hti->ht_param & IEEE80211_HT_PARAM_CHAN_WIDTH_ANY);
    133. 

  133. 	ht.operation_mode = le16_to_cpu(hti->operation_mode);
    134. 

  134. 

  135. 	/* if bss configuration changed store the new one */
    136. 

  136. 	if (memcmp(&sdata->vif.bss_conf.ht, &ht, sizeof(ht))) {
    137. 

  137. 		changed |= BSS_CHANGED_HT;
    138. 

  138. 		sdata->vif.bss_conf.ht = ht;
    139. 

  139. 	}
    140. 

  140. 

  141. 	return changed;
    142. 

  142. }
    143. 

  143. 

  144. static void ieee80211_send_addba_request(struct ieee80211_sub_if_data *sdata,
    145. 

  145. 					 const u8 *da, u16 tid,
    146. 

  146. 					 u8 dialog_token, u16 start_seq_num,
    147. 

  147. 					 u16 agg_size, u16 timeout)
    148. 

  148. {
    149. 

  149. 	struct ieee80211_local *local = sdata->local;
    150. 

  150. 	struct ieee80211_if_sta *ifsta = &sdata->u.sta;
    151. 

  151. 	struct sk_buff *skb;
    152. 

  152. 	struct ieee80211_mgmt *mgmt;
    153. 

  153. 	u16 capab;
    154. 

  154. 

  155. 	skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom);
    156. 

  156. 

  157. 	if (!skb) {
    158. 

  158. 		printk(KERN_ERR "%s: failed to allocate buffer "
    159. 

  159. 				"for addba request frame\n", sdata->dev->name);
    160. 

  160. 		return;
    161. 

  161. 	}
    162. 

  162. 	skb_reserve(skb, local->hw.extra_tx_headroom);
    163. 

  163. 	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
    164. 

  164. 	memset(mgmt, 0, 24);
    165. 

  165. 	memcpy(mgmt->da, da, ETH_ALEN);
    166. 

  166. 	memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
    167. 

  167. 	if (sdata->vif.type == NL80211_IFTYPE_AP)
    168. 

  168. 		memcpy(mgmt->bssid, sdata->dev->dev_addr, ETH_ALEN);
    169. 

  169. 	else
    170. 

  170. 		memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
    171. 

  171. 

  172. 	mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
    173. 

  173. 					  IEEE80211_STYPE_ACTION);
    174. 

  174. 

  175. 	skb_put(skb, 1 + sizeof(mgmt->u.action.u.addba_req));
    176. 

  176. 

  177. 	mgmt->u.action.category = WLAN_CATEGORY_BACK;
    178. 

  178. 	mgmt->u.action.u.addba_req.action_code = WLAN_ACTION_ADDBA_REQ;
    179. 

  179. 

  180. 	mgmt->u.action.u.addba_req.dialog_token = dialog_token;
    181. 

  181. 	capab = (u16)(1 << 1);		/* bit 1 aggregation policy */
    182. 

  182. 	capab |= (u16)(tid << 2); 	/* bit 5:2 TID number */
    183. 

  183. 	capab |= (u16)(agg_size << 6);	/* bit 15:6 max size of aggergation */
    184. 

  184. 

  185. 	mgmt->u.action.u.addba_req.capab = cpu_to_le16(capab);
    186. 

  186. 

  187. 	mgmt->u.action.u.addba_req.timeout = cpu_to_le16(timeout);
    188. 

  188. 	mgmt->u.action.u.addba_req.start_seq_num =
    189. 

  189. 					cpu_to_le16(start_seq_num << 4);
    190. 

  190. 

  191. 	ieee80211_tx_skb(sdata, skb, 0);
    192. 

  192. }
    193. 

  193. 

  194. static void ieee80211_send_addba_resp(struct ieee80211_sub_if_data *sdata, u8 *da, u16 tid,
    195. 

  195. 				      u8 dialog_token, u16 status, u16 policy,
    196. 

  196. 				      u16 buf_size, u16 timeout)
    197. 

  197. {
    198. 

  198. 	struct ieee80211_if_sta *ifsta = &sdata->u.sta;
    199. 

  199. 	struct ieee80211_local *local = sdata->local;
    200. 

  200. 	struct sk_buff *skb;
    201. 

  201. 	struct ieee80211_mgmt *mgmt;
    202. 

  202. 	u16 capab;
    203. 

  203. 

  204. 	skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom);
    205. 

  205. 

  206. 	if (!skb) {
    207. 

  207. 		printk(KERN_DEBUG "%s: failed to allocate buffer "
    208. 

  208. 		       "for addba resp frame\n", sdata->dev->name);
    209. 

  209. 		return;
    210. 

  210. 	}
    211. 

  211. 

  212. 	skb_reserve(skb, local->hw.extra_tx_headroom);
    213. 

  213. 	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
    214. 

  214. 	memset(mgmt, 0, 24);
    215. 

  215. 	memcpy(mgmt->da, da, ETH_ALEN);
    216. 

  216. 	memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
    217. 

  217. 	if (sdata->vif.type == NL80211_IFTYPE_AP)
    218. 

  218. 		memcpy(mgmt->bssid, sdata->dev->dev_addr, ETH_ALEN);
    219. 

  219. 	else
    220. 

  220. 		memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
    221. 

  221. 	mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
    222. 

  222. 					  IEEE80211_STYPE_ACTION);
    223. 

  223. 

  224. 	skb_put(skb, 1 + sizeof(mgmt->u.action.u.addba_resp));
    225. 

  225. 	mgmt->u.action.category = WLAN_CATEGORY_BACK;
    226. 

  226. 	mgmt->u.action.u.addba_resp.action_code = WLAN_ACTION_ADDBA_RESP;
    227. 

  227. 	mgmt->u.action.u.addba_resp.dialog_token = dialog_token;
    228. 

  228. 

  229. 	capab = (u16)(policy << 1);	/* bit 1 aggregation policy */
    230. 

  230. 	capab |= (u16)(tid << 2); 	/* bit 5:2 TID number */
    231. 

  231. 	capab |= (u16)(buf_size << 6);	/* bit 15:6 max size of aggregation */
    232. 

  232. 

  233. 	mgmt->u.action.u.addba_resp.capab = cpu_to_le16(capab);
    234. 

  234. 	mgmt->u.action.u.addba_resp.timeout = cpu_to_le16(timeout);
    235. 

  235. 	mgmt->u.action.u.addba_resp.status = cpu_to_le16(status);
    236. 

  236. 

  237. 	ieee80211_tx_skb(sdata, skb, 0);
    238. 

  238. }
    239. 

  239. 

  240. static void ieee80211_send_delba(struct ieee80211_sub_if_data *sdata,
    241. 

  241. 				 const u8 *da, u16 tid,
    242. 

  242. 				 u16 initiator, u16 reason_code)
    243. 

  243. {
    244. 

  244. 	struct ieee80211_local *local = sdata->local;
    245. 

  245. 	struct ieee80211_if_sta *ifsta = &sdata->u.sta;
    246. 

  246. 	struct sk_buff *skb;
    247. 

  247. 	struct ieee80211_mgmt *mgmt;
    248. 

  248. 	u16 params;
    249. 

  249. 

  250. 	skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom);
    251. 

  251. 

  252. 	if (!skb) {
    253. 

  253. 		printk(KERN_ERR "%s: failed to allocate buffer "
    254. 

  254. 					"for delba frame\n", sdata->dev->name);
    255. 

  255. 		return;
    256. 

  256. 	}
    257. 

  257. 

  258. 	skb_reserve(skb, local->hw.extra_tx_headroom);
    259. 

  259. 	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
    260. 

  260. 	memset(mgmt, 0, 24);
    261. 

  261. 	memcpy(mgmt->da, da, ETH_ALEN);
    262. 

  262. 	memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
    263. 

  263. 	if (sdata->vif.type == NL80211_IFTYPE_AP)
    264. 

  264. 		memcpy(mgmt->bssid, sdata->dev->dev_addr, ETH_ALEN);
    265. 

  265. 	else
    266. 

  266. 		memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
    267. 

  267. 	mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
    268. 

  268. 					  IEEE80211_STYPE_ACTION);
    269. 

  269. 

  270. 	skb_put(skb, 1 + sizeof(mgmt->u.action.u.delba));
    271. 

  271. 

  272. 	mgmt->u.action.category = WLAN_CATEGORY_BACK;
    273. 

  273. 	mgmt->u.action.u.delba.action_code = WLAN_ACTION_DELBA;
    274. 

  274. 	params = (u16)(initiator << 11); 	/* bit 11 initiator */
    275. 

  275. 	params |= (u16)(tid << 12); 		/* bit 15:12 TID number */
    276. 

  276. 

  277. 	mgmt->u.action.u.delba.params = cpu_to_le16(params);
    278. 

  278. 	mgmt->u.action.u.delba.reason_code = cpu_to_le16(reason_code);
    279. 

  279. 

  280. 	ieee80211_tx_skb(sdata, skb, 0);
    281. 

  281. }
    282. 

  282. 

  283. void ieee80211_send_bar(struct ieee80211_sub_if_data *sdata, u8 *ra, u16 tid, u16 ssn)
    284. 

  284. {
    285. 

  285. 	struct ieee80211_local *local = sdata->local;
    286. 

  286. 	struct sk_buff *skb;
    287. 

  287. 	struct ieee80211_bar *bar;
    288. 

  288. 	u16 bar_control = 0;
    289. 

  289. 

  290. 	skb = dev_alloc_skb(sizeof(*bar) + local->hw.extra_tx_headroom);
    291. 

  291. 	if (!skb) {
    292. 

  292. 		printk(KERN_ERR "%s: failed to allocate buffer for "
    293. 

  293. 			"bar frame\n", sdata->dev->name);
    294. 

  294. 		return;
    295. 

  295. 	}
    296. 

  296. 	skb_reserve(skb, local->hw.extra_tx_headroom);
    297. 

  297. 	bar = (struct ieee80211_bar *)skb_put(skb, sizeof(*bar));
    298. 

  298. 	memset(bar, 0, sizeof(*bar));
    299. 

  299. 	bar->frame_control = cpu_to_le16(IEEE80211_FTYPE_CTL |
    300. 

  300. 					 IEEE80211_STYPE_BACK_REQ);
    301. 

  301. 	memcpy(bar->ra, ra, ETH_ALEN);
    302. 

  302. 	memcpy(bar->ta, sdata->dev->dev_addr, ETH_ALEN);
    303. 

  303. 	bar_control |= (u16)IEEE80211_BAR_CTRL_ACK_POLICY_NORMAL;
    304. 

  304. 	bar_control |= (u16)IEEE80211_BAR_CTRL_CBMTID_COMPRESSED_BA;
    305. 

  305. 	bar_control |= (u16)(tid << 12);
    306. 

  306. 	bar->control = cpu_to_le16(bar_control);
    307. 

  307. 	bar->start_seq_num = cpu_to_le16(ssn);
    308. 

  308. 

  309. 	ieee80211_tx_skb(sdata, skb, 0);
    310. 

  310. }
    311. 

  311. 

  312. void ieee80211_sta_stop_rx_ba_session(struct ieee80211_sub_if_data *sdata, u8 *ra, u16 tid,
    313. 

  313. 					u16 initiator, u16 reason)
    314. 

  314. {
    315. 

  315. 	struct ieee80211_local *local = sdata->local;
    316. 

  316. 	struct ieee80211_hw *hw = &local->hw;
    317. 

  317. 	struct sta_info *sta;
    318. 

  318. 	int ret, i;
    319. 

  319. 

  320. 	rcu_read_lock();
    321. 

  321. 

  322. 	sta = sta_info_get(local, ra);
    323. 

  323. 	if (!sta) {
    324. 

  324. 		rcu_read_unlock();
    325. 

  325. 		return;
    326. 

  326. 	}
    327. 

  327. 

  328. 	/* check if TID is in operational state */
    329. 

  329. 	spin_lock_bh(&sta->lock);
    330. 

  330. 	if (sta->ampdu_mlme.tid_state_rx[tid]
    331. 

  331. 				!= HT_AGG_STATE_OPERATIONAL) {
    332. 

  332. 		spin_unlock_bh(&sta->lock);
    333. 

  333. 		rcu_read_unlock();
    334. 

  334. 		return;
    335. 

  335. 	}
    336. 

  336. 	sta->ampdu_mlme.tid_state_rx[tid] =
    337. 

  337. 		HT_AGG_STATE_REQ_STOP_BA_MSK |
    338. 

  338. 		(initiator << HT_AGG_STATE_INITIATOR_SHIFT);
    339. 

  339. 	spin_unlock_bh(&sta->lock);
    340. 

  340. 

  341. 	/* stop HW Rx aggregation. ampdu_action existence
    342. 

  342. 	 * already verified in session init so we add the BUG_ON */
    343. 

  343. 	BUG_ON(!local->ops->ampdu_action);
    344. 

  344. 

  345. #ifdef CONFIG_MAC80211_HT_DEBUG
    346. 

  346. 	printk(KERN_DEBUG "Rx BA session stop requested for %pM tid %u\n",
    347. 

  347. 	       ra, tid);
    348. 

  348. #endif /* CONFIG_MAC80211_HT_DEBUG */
    349. 

  349. 

  350. 	ret = local->ops->ampdu_action(hw, IEEE80211_AMPDU_RX_STOP,
    351. 

  351. 				       &sta->sta, tid, NULL);
    352. 

  352. 	if (ret)
    353. 

  353. 		printk(KERN_DEBUG "HW problem - can not stop rx "
    354. 

  354. 				"aggregation for tid %d\n", tid);
    355. 

  355. 

  356. 	/* shutdown timer has not expired */
    357. 

  357. 	if (initiator != WLAN_BACK_TIMER)
    358. 

  358. 		del_timer_sync(&sta->ampdu_mlme.tid_rx[tid]->session_timer);
    359. 

  359. 

  360. 	/* check if this is a self generated aggregation halt */
    361. 

  361. 	if (initiator == WLAN_BACK_RECIPIENT || initiator == WLAN_BACK_TIMER)
    362. 

  362. 		ieee80211_send_delba(sdata, ra, tid, 0, reason);
    363. 

  363. 

  364. 	/* free the reordering buffer */
    365. 

  365. 	for (i = 0; i < sta->ampdu_mlme.tid_rx[tid]->buf_size; i++) {
    366. 

  366. 		if (sta->ampdu_mlme.tid_rx[tid]->reorder_buf[i]) {
    367. 

  367. 			/* release the reordered frames */
    368. 

  368. 			dev_kfree_skb(sta->ampdu_mlme.tid_rx[tid]->reorder_buf[i]);
    369. 

  369. 			sta->ampdu_mlme.tid_rx[tid]->stored_mpdu_num--;
    370. 

  370. 			sta->ampdu_mlme.tid_rx[tid]->reorder_buf[i] = NULL;
    371. 

  371. 		}
    372. 

  372. 	}
    373. 

  373. 	/* free resources */
    374. 

  374. 	kfree(sta->ampdu_mlme.tid_rx[tid]->reorder_buf);
    375. 

  375. 	kfree(sta->ampdu_mlme.tid_rx[tid]);
    376. 

  376. 	sta->ampdu_mlme.tid_rx[tid] = NULL;
    377. 

  377. 	sta->ampdu_mlme.tid_state_rx[tid] = HT_AGG_STATE_IDLE;
    378. 

  378. 

  379. 	rcu_read_unlock();
    380. 

  380. }
    381. 

  381. 

  382. 

  383. /*
    384. 

  384.  * After sending add Block Ack request we activated a timer until
    385. 

  385.  * add Block Ack response will arrive from the recipient.
    386. 

  386.  * If this timer expires sta_addba_resp_timer_expired will be executed.
    387. 

  387.  */
    388. 

  388. static void sta_addba_resp_timer_expired(unsigned long data)
    389. 

  389. {
    390. 

  390. 	/* not an elegant detour, but there is no choice as the timer passes
    391. 

  391. 	 * only one argument, and both sta_info and TID are needed, so init
    392. 

  392. 	 * flow in sta_info_create gives the TID as data, while the timer_to_id
    393. 

  393. 	 * array gives the sta through container_of */
    394. 

  394. 	u16 tid = *(u8 *)data;
    395. 

  395. 	struct sta_info *temp_sta = container_of((void *)data,
    396. 

  396. 		struct sta_info, timer_to_tid[tid]);
    397. 

  397. 

  398. 	struct ieee80211_local *local = temp_sta->local;
    399. 

  399. 	struct ieee80211_hw *hw = &local->hw;
    400. 

  400. 	struct sta_info *sta;
    401. 

  401. 	u8 *state;
    402. 

  402. 

  403. 	rcu_read_lock();
    404. 

  404. 

  405. 	sta = sta_info_get(local, temp_sta->sta.addr);
    406. 

  406. 	if (!sta) {
    407. 

  407. 		rcu_read_unlock();
    408. 

  408. 		return;
    409. 

  409. 	}
    410. 

  410. 

  411. 	state = &sta->ampdu_mlme.tid_state_tx[tid];
    412. 

  412. 	/* check if the TID waits for addBA response */
    413. 

  413. 	spin_lock_bh(&sta->lock);
    414. 

  414. 	if (!(*state & HT_ADDBA_REQUESTED_MSK)) {
    415. 

  415. 		spin_unlock_bh(&sta->lock);
    416. 

  416. 		*state = HT_AGG_STATE_IDLE;
    417. 

  417. #ifdef CONFIG_MAC80211_HT_DEBUG
    418. 

  418. 		printk(KERN_DEBUG "timer expired on tid %d but we are not "
    419. 

  419. 				"expecting addBA response there", tid);
    420. 

  420. #endif
    421. 

  421. 		goto timer_expired_exit;
    422. 

  422. 	}
    423. 

  423. 

  424. #ifdef CONFIG_MAC80211_HT_DEBUG
    425. 

  425. 	printk(KERN_DEBUG "addBA response timer expired on tid %d\n", tid);
    426. 

  426. #endif
    427. 

  427. 

  428. 	/* go through the state check in stop_BA_session */
    429. 

  429. 	*state = HT_AGG_STATE_OPERATIONAL;
    430. 

  430. 	spin_unlock_bh(&sta->lock);
    431. 

  431. 	ieee80211_stop_tx_ba_session(hw, temp_sta->sta.addr, tid,
    432. 

  432. 				     WLAN_BACK_INITIATOR);
    433. 

  433. 

  434. timer_expired_exit:
    435. 

  435. 	rcu_read_unlock();
    436. 

  436. }
    437. 

  437. 

  438. void ieee80211_sta_tear_down_BA_sessions(struct ieee80211_sub_if_data *sdata, u8 *addr)
    439. 

  439. {
    440. 

  440. 	struct ieee80211_local *local = sdata->local;
    441. 

  441. 	int i;
    442. 

  442. 

  443. 	for (i = 0; i <  STA_TID_NUM; i++) {
    444. 

  444. 		ieee80211_stop_tx_ba_session(&local->hw, addr, i,
    445. 

  445. 					     WLAN_BACK_INITIATOR);
    446. 

  446. 		ieee80211_sta_stop_rx_ba_session(sdata, addr, i,
    447. 

  447. 						 WLAN_BACK_RECIPIENT,
    448. 

  448. 						 WLAN_REASON_QSTA_LEAVE_QBSS);
    449. 

  449. 	}
    450. 

  450. }
    451. 

  451. 

  452. int ieee80211_start_tx_ba_session(struct ieee80211_hw *hw, u8 *ra, u16 tid)
    453. 

  453. {
    454. 

  454. 	struct ieee80211_local *local = hw_to_local(hw);
    455. 

  455. 	struct sta_info *sta;
    456. 

  456. 	struct ieee80211_sub_if_data *sdata;
    457. 

  457. 	u16 start_seq_num;
    458. 

  458. 	u8 *state;
    459. 

  459. 	int ret;
    460. 

  460. 

  461. 	if ((tid >= STA_TID_NUM) || !(hw->flags & IEEE80211_HW_AMPDU_AGGREGATION))
    462. 

  462. 		return -EINVAL;
    463. 

  463. 

  464. #ifdef CONFIG_MAC80211_HT_DEBUG
    465. 

  465. 	printk(KERN_DEBUG "Open BA session requested for %pM tid %u\n",
    466. 

  466. 	       ra, tid);
    467. 

  467. #endif /* CONFIG_MAC80211_HT_DEBUG */
    468. 

  468. 

  469. 	rcu_read_lock();
    470. 

  470. 

  471. 	sta = sta_info_get(local, ra);
    472. 

  472. 	if (!sta) {
    473. 

  473. #ifdef CONFIG_MAC80211_HT_DEBUG
    474. 

  474. 		printk(KERN_DEBUG "Could not find the station\n");
    475. 

  475. #endif
    476. 

  476. 		ret = -ENOENT;
    477. 

  477. 		goto exit;
    478. 

  478. 	}
    479. 

  479. 

  480. 	spin_lock_bh(&sta->lock);
    481. 

  481. 

  482. 	/* we have tried too many times, receiver does not want A-MPDU */
    483. 

  483. 	if (sta->ampdu_mlme.addba_req_num[tid] > HT_AGG_MAX_RETRIES) {
    484. 

  484. 		ret = -EBUSY;
    485. 

  485. 		goto err_unlock_sta;
    486. 

  486. 	}
    487. 

  487. 

  488. 	state = &sta->ampdu_mlme.tid_state_tx[tid];
    489. 

  489. 	/* check if the TID is not in aggregation flow already */
    490. 

  490. 	if (*state != HT_AGG_STATE_IDLE) {
    491. 

  491. #ifdef CONFIG_MAC80211_HT_DEBUG
    492. 

  492. 		printk(KERN_DEBUG "BA request denied - session is not "
    493. 

  493. 				 "idle on tid %u\n", tid);
    494. 

  494. #endif /* CONFIG_MAC80211_HT_DEBUG */
    495. 

  495. 		ret = -EAGAIN;
    496. 

  496. 		goto err_unlock_sta;
    497. 

  497. 	}
    498. 

  498. 

  499. 	/* prepare A-MPDU MLME for Tx aggregation */
    500. 

  500. 	sta->ampdu_mlme.tid_tx[tid] =
    501. 

  501. 			kmalloc(sizeof(struct tid_ampdu_tx), GFP_ATOMIC);
    502. 

  502. 	if (!sta->ampdu_mlme.tid_tx[tid]) {
    503. 

  503. #ifdef CONFIG_MAC80211_HT_DEBUG
    504. 

  504. 		if (net_ratelimit())
    505. 

  505. 			printk(KERN_ERR "allocate tx mlme to tid %d failed\n",
    506. 

  506. 					tid);
    507. 

  507. #endif
    508. 

  508. 		ret = -ENOMEM;
    509. 

  509. 		goto err_unlock_sta;
    510. 

  510. 	}
    511. 

  511. 	/* Tx timer */
    512. 

  512. 	sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer.function =
    513. 

  513. 			sta_addba_resp_timer_expired;
    514. 

  514. 	sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer.data =
    515. 

  515. 			(unsigned long)&sta->timer_to_tid[tid];
    516. 

  516. 	init_timer(&sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer);
    517. 

  517. 

  518. 	if (hw->ampdu_queues) {
    519. 

  519. 		/* create a new queue for this aggregation */
    520. 

  520. 		ret = ieee80211_ht_agg_queue_add(local, sta, tid);
    521. 

  521. 

  522. 		/* case no queue is available to aggregation
    523. 

  523. 		 * don't switch to aggregation */
    524. 

  524. 		if (ret) {
    525. 

  525. #ifdef CONFIG_MAC80211_HT_DEBUG
    526. 

  526. 			printk(KERN_DEBUG "BA request denied - "
    527. 

  527. 			       "queue unavailable for tid %d\n", tid);
    528. 

  528. #endif /* CONFIG_MAC80211_HT_DEBUG */
    529. 

  529. 			goto err_unlock_queue;
    530. 

  530. 		}
    531. 

  531. 	}
    532. 

  532. 	sdata = sta->sdata;
    533. 

  533. 

  534. 	/* Ok, the Addba frame hasn't been sent yet, but if the driver calls the
    535. 

  535. 	 * call back right away, it must see that the flow has begun */
    536. 

  536. 	*state |= HT_ADDBA_REQUESTED_MSK;
    537. 

  537. 

  538. 	/* This is slightly racy because the queue isn't stopped */
    539. 

  539. 	start_seq_num = sta->tid_seq[tid];
    540. 

  540. 

  541. 	if (local->ops->ampdu_action)
    542. 

  542. 		ret = local->ops->ampdu_action(hw, IEEE80211_AMPDU_TX_START,
    543. 

  543. 					       &sta->sta, tid, &start_seq_num);
    544. 

  544. 

  545. 	if (ret) {
    546. 

  546. 		/* No need to requeue the packets in the agg queue, since we
    547. 

  547. 		 * held the tx lock: no packet could be enqueued to the newly
    548. 

  548. 		 * allocated queue */
    549. 

  549. 		if (hw->ampdu_queues)
    550. 

  550. 			ieee80211_ht_agg_queue_remove(local, sta, tid, 0);
    551. 

  551. #ifdef CONFIG_MAC80211_HT_DEBUG
    552. 

  552. 		printk(KERN_DEBUG "BA request denied - HW unavailable for"
    553. 

  553. 					" tid %d\n", tid);
    554. 

  554. #endif /* CONFIG_MAC80211_HT_DEBUG */
    555. 

  555. 		*state = HT_AGG_STATE_IDLE;
    556. 

  556. 		goto err_unlock_queue;
    557. 

  557. 	}
    558. 

  558. 

  559. 	/* Will put all the packets in the new SW queue */
    560. 

  560. 	if (hw->ampdu_queues)
    561. 

  561. 		ieee80211_requeue(local, ieee802_1d_to_ac[tid]);
    562. 

  562. 	spin_unlock_bh(&sta->lock);
    563. 

  563. 

  564. 	/* send an addBA request */
    565. 

  565. 	sta->ampdu_mlme.dialog_token_allocator++;
    566. 

  566. 	sta->ampdu_mlme.tid_tx[tid]->dialog_token =
    567. 

  567. 			sta->ampdu_mlme.dialog_token_allocator;
    568. 

  568. 	sta->ampdu_mlme.tid_tx[tid]->ssn = start_seq_num;
    569. 

  569. 

  570. 

  571. 	ieee80211_send_addba_request(sta->sdata, ra, tid,
    572. 

  572. 			 sta->ampdu_mlme.tid_tx[tid]->dialog_token,
    573. 

  573. 			 sta->ampdu_mlme.tid_tx[tid]->ssn,
    574. 

  574. 			 0x40, 5000);
    575. 

  575. 	/* activate the timer for the recipient's addBA response */
    576. 

  576. 	sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer.expires =
    577. 

  577. 				jiffies + ADDBA_RESP_INTERVAL;
    578. 

  578. 	add_timer(&sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer);
    579. 

  579. #ifdef CONFIG_MAC80211_HT_DEBUG
    580. 

  580. 	printk(KERN_DEBUG "activated addBA response timer on tid %d\n", tid);
    581. 

  581. #endif
    582. 

  582. 	goto exit;
    583. 

  583. 

  584. err_unlock_queue:
    585. 

  585. 	kfree(sta->ampdu_mlme.tid_tx[tid]);
    586. 

  586. 	sta->ampdu_mlme.tid_tx[tid] = NULL;
    587. 

  587. 	ret = -EBUSY;
    588. 

  588. err_unlock_sta:
    589. 

  589. 	spin_unlock_bh(&sta->lock);
    590. 

  590. exit:
    591. 

  591. 	rcu_read_unlock();
    592. 

  592. 	return ret;
    593. 

  593. }
    594. 

  594. EXPORT_SYMBOL(ieee80211_start_tx_ba_session);
    595. 

  595. 

  596. int ieee80211_stop_tx_ba_session(struct ieee80211_hw *hw,
    597. 

  597. 				 u8 *ra, u16 tid,
    598. 

  598. 				 enum ieee80211_back_parties initiator)
    599. 

  599. {
    600. 

  600. 	struct ieee80211_local *local = hw_to_local(hw);
    601. 

  601. 	struct sta_info *sta;
    602. 

  602. 	u8 *state;
    603. 

  603. 	int ret = 0;
    604. 

  604. 

  605. 	if (tid >= STA_TID_NUM)
    606. 

  606. 		return -EINVAL;
    607. 

  607. 

  608. 	rcu_read_lock();
    609. 

  609. 	sta = sta_info_get(local, ra);
    610. 

  610. 	if (!sta) {
    611. 

  611. 		rcu_read_unlock();
    612. 

  612. 		return -ENOENT;
    613. 

  613. 	}
    614. 

  614. 

  615. 	/* check if the TID is in aggregation */
    616. 

  616. 	state = &sta->ampdu_mlme.tid_state_tx[tid];
    617. 

  617. 	spin_lock_bh(&sta->lock);
    618. 

  618. 

  619. 	if (*state != HT_AGG_STATE_OPERATIONAL) {
    620. 

  620. 		ret = -ENOENT;
    621. 

  621. 		goto stop_BA_exit;
    622. 

  622. 	}
    623. 

  623. 

  624. #ifdef CONFIG_MAC80211_HT_DEBUG
    625. 

  625. 	printk(KERN_DEBUG "Tx BA session stop requested for %pM tid %u\n",
    626. 

  626. 	       ra, tid);
    627. 

  627. #endif /* CONFIG_MAC80211_HT_DEBUG */
    628. 

  628. 

  629. 	if (hw->ampdu_queues)
    630. 

  630. 		ieee80211_stop_queue(hw, sta->tid_to_tx_q[tid]);
    631. 

  631. 

  632. 	*state = HT_AGG_STATE_REQ_STOP_BA_MSK |
    633. 

  633. 		(initiator << HT_AGG_STATE_INITIATOR_SHIFT);
    634. 

  634. 

  635. 	if (local->ops->ampdu_action)
    636. 

  636. 		ret = local->ops->ampdu_action(hw, IEEE80211_AMPDU_TX_STOP,
    637. 

  637. 					       &sta->sta, tid, NULL);
    638. 

  638. 

  639. 	/* case HW denied going back to legacy */
    640. 

  640. 	if (ret) {
    641. 

  641. 		WARN_ON(ret != -EBUSY);
    642. 

  642. 		*state = HT_AGG_STATE_OPERATIONAL;
    643. 

  643. 		if (hw->ampdu_queues)
    644. 

  644. 			ieee80211_wake_queue(hw, sta->tid_to_tx_q[tid]);
    645. 

  645. 		goto stop_BA_exit;
    646. 

  646. 	}
    647. 

  647. 

  648. stop_BA_exit:
    649. 

  649. 	spin_unlock_bh(&sta->lock);
    650. 

  650. 	rcu_read_unlock();
    651. 

  651. 	return ret;
    652. 

  652. }
    653. 

  653. EXPORT_SYMBOL(ieee80211_stop_tx_ba_session);
    654. 

  654. 

  655. void ieee80211_start_tx_ba_cb(struct ieee80211_hw *hw, u8 *ra, u16 tid)
    656. 

  656. {
    657. 

  657. 	struct ieee80211_local *local = hw_to_local(hw);
    658. 

  658. 	struct sta_info *sta;
    659. 

  659. 	u8 *state;
    660. 

  660. 

  661. 	if (tid >= STA_TID_NUM) {
    662. 

  662. #ifdef CONFIG_MAC80211_HT_DEBUG
    663. 

  663. 		printk(KERN_DEBUG "Bad TID value: tid = %d (>= %d)\n",
    664. 

  664. 				tid, STA_TID_NUM);
    665. 

  665. #endif
    666. 

  666. 		return;
    667. 

  667. 	}
    668. 

  668. 

  669. 	rcu_read_lock();
    670. 

  670. 	sta = sta_info_get(local, ra);
    671. 

  671. 	if (!sta) {
    672. 

  672. 		rcu_read_unlock();
    673. 

  673. #ifdef CONFIG_MAC80211_HT_DEBUG
    674. 

  674. 		printk(KERN_DEBUG "Could not find station: %pM\n", ra);
    675. 

  675. #endif
    676. 

  676. 		return;
    677. 

  677. 	}
    678. 

  678. 

  679. 	state = &sta->ampdu_mlme.tid_state_tx[tid];
    680. 

  680. 	spin_lock_bh(&sta->lock);
    681. 

  681. 

  682. 	if (!(*state & HT_ADDBA_REQUESTED_MSK)) {
    683. 

  683. #ifdef CONFIG_MAC80211_HT_DEBUG
    684. 

  684. 		printk(KERN_DEBUG "addBA was not requested yet, state is %d\n",
    685. 

  685. 				*state);
    686. 

  686. #endif
    687. 

  687. 		spin_unlock_bh(&sta->lock);
    688. 

  688. 		rcu_read_unlock();
    689. 

  689. 		return;
    690. 

  690. 	}
    691. 

  691. 

  692. 	WARN_ON_ONCE(*state & HT_ADDBA_DRV_READY_MSK);
    693. 

  693. 

  694. 	*state |= HT_ADDBA_DRV_READY_MSK;
    695. 

  695. 

  696. 	if (*state == HT_AGG_STATE_OPERATIONAL) {
    697. 

  697. #ifdef CONFIG_MAC80211_HT_DEBUG
    698. 

  698. 		printk(KERN_DEBUG "Aggregation is on for tid %d \n", tid);
    699. 

  699. #endif
    700. 

  700. 		if (hw->ampdu_queues)
    701. 

  701. 			ieee80211_wake_queue(hw, sta->tid_to_tx_q[tid]);
    702. 

  702. 	}
    703. 

  703. 	spin_unlock_bh(&sta->lock);
    704. 

  704. 	rcu_read_unlock();
    705. 

  705. }
    706. 

  706. EXPORT_SYMBOL(ieee80211_start_tx_ba_cb);
    707. 

  707. 

  708. void ieee80211_stop_tx_ba_cb(struct ieee80211_hw *hw, u8 *ra, u8 tid)
    709. 

  709. {
    710. 

  710. 	struct ieee80211_local *local = hw_to_local(hw);
    711. 

  711. 	struct sta_info *sta;
    712. 

  712. 	u8 *state;
    713. 

  713. 	int agg_queue;
    714. 

  714. 

  715. 	if (tid >= STA_TID_NUM) {
    716. 

  716. #ifdef CONFIG_MAC80211_HT_DEBUG
    717. 

  717. 		printk(KERN_DEBUG "Bad TID value: tid = %d (>= %d)\n",
    718. 

  718. 				tid, STA_TID_NUM);
    719. 

  719. #endif
    720. 

  720. 		return;
    721. 

  721. 	}
    722. 

  722. 

  723. #ifdef CONFIG_MAC80211_HT_DEBUG
    724. 

  724. 	printk(KERN_DEBUG "Stopping Tx BA session for %pM tid %d\n",
    725. 

  725. 	       ra, tid);
    726. 

  726. #endif /* CONFIG_MAC80211_HT_DEBUG */
    727. 

  727. 

  728. 	rcu_read_lock();
    729. 

  729. 	sta = sta_info_get(local, ra);
    730. 

  730. 	if (!sta) {
    731. 

  731. #ifdef CONFIG_MAC80211_HT_DEBUG
    732. 

  732. 		printk(KERN_DEBUG "Could not find station: %pM\n", ra);
    733. 

  733. #endif
    734. 

  734. 		rcu_read_unlock();
    735. 

  735. 		return;
    736. 

  736. 	}
    737. 

  737. 	state = &sta->ampdu_mlme.tid_state_tx[tid];
    738. 

  738. 

  739. 	/* NOTE: no need to use sta->lock in this state check, as
    740. 

  740. 	 * ieee80211_stop_tx_ba_session will let only one stop call to
    741. 

  741. 	 * pass through per sta/tid
    742. 

  742. 	 */
    743. 

  743. 	if ((*state & HT_AGG_STATE_REQ_STOP_BA_MSK) == 0) {
    744. 

  744. #ifdef CONFIG_MAC80211_HT_DEBUG
    745. 

  745. 		printk(KERN_DEBUG "unexpected callback to A-MPDU stop\n");
    746. 

  746. #endif
    747. 

  747. 		rcu_read_unlock();
    748. 

  748. 		return;
    749. 

  749. 	}
    750. 

  750. 

  751. 	if (*state & HT_AGG_STATE_INITIATOR_MSK)
    752. 

  752. 		ieee80211_send_delba(sta->sdata, ra, tid,
    753. 

  753. 			WLAN_BACK_INITIATOR, WLAN_REASON_QSTA_NOT_USE);
    754. 

  754. 

  755. 	if (hw->ampdu_queues) {
    756. 

  756. 		agg_queue = sta->tid_to_tx_q[tid];
    757. 

  757. 		ieee80211_ht_agg_queue_remove(local, sta, tid, 1);
    758. 

  758. 

  759. 		/* We just requeued the all the frames that were in the
    760. 

  760. 		 * removed queue, and since we might miss a softirq we do
    761. 

  761. 		 * netif_schedule_queue.  ieee80211_wake_queue is not used
    762. 

  762. 		 * here as this queue is not necessarily stopped
    763. 

  763. 		 */
    764. 

  764. 		netif_schedule_queue(netdev_get_tx_queue(local->mdev,
    765. 

  765. 							 agg_queue));
    766. 

  766. 	}
    767. 

  767. 	spin_lock_bh(&sta->lock);
    768. 

  768. 	*state = HT_AGG_STATE_IDLE;
    769. 

  769. 	sta->ampdu_mlme.addba_req_num[tid] = 0;
    770. 

  770. 	kfree(sta->ampdu_mlme.tid_tx[tid]);
    771. 

  771. 	sta->ampdu_mlme.tid_tx[tid] = NULL;
    772. 

  772. 	spin_unlock_bh(&sta->lock);
    773. 

  773. 

  774. 	rcu_read_unlock();
    775. 

  775. }
    776. 

  776. EXPORT_SYMBOL(ieee80211_stop_tx_ba_cb);
    777. 

  777. 

  778. void ieee80211_start_tx_ba_cb_irqsafe(struct ieee80211_hw *hw,
    779. 

  779. 				      const u8 *ra, u16 tid)
    780. 

  780. {
    781. 

  781. 	struct ieee80211_local *local = hw_to_local(hw);
    782. 

  782. 	struct ieee80211_ra_tid *ra_tid;
    783. 

  783. 	struct sk_buff *skb = dev_alloc_skb(0);
    784. 

  784. 

  785. 	if (unlikely(!skb)) {
    786. 

  786. #ifdef CONFIG_MAC80211_HT_DEBUG
    787. 

  787. 		if (net_ratelimit())
    788. 

  788. 			printk(KERN_WARNING "%s: Not enough memory, "
    789. 

  789. 			       "dropping start BA session", skb->dev->name);
    790. 

  790. #endif
    791. 

  791. 		return;
    792. 

  792. 	}
    793. 

  793. 	ra_tid = (struct ieee80211_ra_tid *) &skb->cb;
    794. 

  794. 	memcpy(&ra_tid->ra, ra, ETH_ALEN);
    795. 

  795. 	ra_tid->tid = tid;
    796. 

  796. 

  797. 	skb->pkt_type = IEEE80211_ADDBA_MSG;
    798. 

  798. 	skb_queue_tail(&local->skb_queue, skb);
    799. 

  799. 	tasklet_schedule(&local->tasklet);
    800. 

  800. }
    801. 

  801. EXPORT_SYMBOL(ieee80211_start_tx_ba_cb_irqsafe);
    802. 

  802. 

  803. void ieee80211_stop_tx_ba_cb_irqsafe(struct ieee80211_hw *hw,
    804. 

  804. 				     const u8 *ra, u16 tid)
    805. 

  805. {
    806. 

  806. 	struct ieee80211_local *local = hw_to_local(hw);
    807. 

  807. 	struct ieee80211_ra_tid *ra_tid;
    808. 

  808. 	struct sk_buff *skb = dev_alloc_skb(0);
    809. 

  809. 

  810. 	if (unlikely(!skb)) {
    811. 

  811. #ifdef CONFIG_MAC80211_HT_DEBUG
    812. 

  812. 		if (net_ratelimit())
    813. 

  813. 			printk(KERN_WARNING "%s: Not enough memory, "
    814. 

  814. 			       "dropping stop BA session", skb->dev->name);
    815. 

  815. #endif
    816. 

  816. 		return;
    817. 

  817. 	}
    818. 

  818. 	ra_tid = (struct ieee80211_ra_tid *) &skb->cb;
    819. 

  819. 	memcpy(&ra_tid->ra, ra, ETH_ALEN);
    820. 

  820. 	ra_tid->tid = tid;
    821. 

  821. 

  822. 	skb->pkt_type = IEEE80211_DELBA_MSG;
    823. 

  823. 	skb_queue_tail(&local->skb_queue, skb);
    824. 

  824. 	tasklet_schedule(&local->tasklet);
    825. 

  825. }
    826. 

  826. EXPORT_SYMBOL(ieee80211_stop_tx_ba_cb_irqsafe);
    827. 

  827. 

  828. /*
    829. 

  829.  * After accepting the AddBA Request we activated a timer,
    830. 

  830.  * resetting it after each frame that arrives from the originator.
    831. 

  831.  * if this timer expires ieee80211_sta_stop_rx_ba_session will be executed.
    832. 

  832.  */
    833. 

  833. static void sta_rx_agg_session_timer_expired(unsigned long data)
    834. 

  834. {
    835. 

  835. 	/* not an elegant detour, but there is no choice as the timer passes
    836. 

  836. 	 * only one argument, and various sta_info are needed here, so init
    837. 

  837. 	 * flow in sta_info_create gives the TID as data, while the timer_to_id
    838. 

  838. 	 * array gives the sta through container_of */
    839. 

  839. 	u8 *ptid = (u8 *)data;
    840. 

  840. 	u8 *timer_to_id = ptid - *ptid;
    841. 

  841. 	struct sta_info *sta = container_of(timer_to_id, struct sta_info,
    842. 

  842. 					 timer_to_tid[0]);
    843. 

  843. 

  844. #ifdef CONFIG_MAC80211_HT_DEBUG
    845. 

  845. 	printk(KERN_DEBUG "rx session timer expired on tid %d\n", (u16)*ptid);
    846. 

  846. #endif
    847. 

  847. 	ieee80211_sta_stop_rx_ba_session(sta->sdata, sta->sta.addr,
    848. 

  848. 					 (u16)*ptid, WLAN_BACK_TIMER,
    849. 

  849. 					 WLAN_REASON_QSTA_TIMEOUT);
    850. 

  850. }
    851. 

  851. 

  852. void ieee80211_process_addba_request(struct ieee80211_local *local,
    853. 

  853. 				     struct sta_info *sta,
    854. 

  854. 				     struct ieee80211_mgmt *mgmt,
    855. 

  855. 				     size_t len)
    856. 

  856. {
    857. 

  857. 	struct ieee80211_hw *hw = &local->hw;
    858. 

  858. 	struct ieee80211_conf *conf = &hw->conf;
    859. 

  859. 	struct tid_ampdu_rx *tid_agg_rx;
    860. 

  860. 	u16 capab, tid, timeout, ba_policy, buf_size, start_seq_num, status;
    861. 

  861. 	u8 dialog_token;
    862. 

  862. 	int ret = -EOPNOTSUPP;
    863. 

  863. 

  864. 	/* extract session parameters from addba request frame */
    865. 

  865. 	dialog_token = mgmt->u.action.u.addba_req.dialog_token;
    866. 

  866. 	timeout = le16_to_cpu(mgmt->u.action.u.addba_req.timeout);
    867. 

  867. 	start_seq_num =
    868. 

  868. 		le16_to_cpu(mgmt->u.action.u.addba_req.start_seq_num) >> 4;
    869. 

  869. 

  870. 	capab = le16_to_cpu(mgmt->u.action.u.addba_req.capab);
    871. 

  871. 	ba_policy = (capab & IEEE80211_ADDBA_PARAM_POLICY_MASK) >> 1;
    872. 

  872. 	tid = (capab & IEEE80211_ADDBA_PARAM_TID_MASK) >> 2;
    873. 

  873. 	buf_size = (capab & IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK) >> 6;
    874. 

  874. 

  875. 	status = WLAN_STATUS_REQUEST_DECLINED;
    876. 

  876. 

  877. 	/* sanity check for incoming parameters:
    878. 

  878. 	 * check if configuration can support the BA policy
    879. 

  879. 	 * and if buffer size does not exceeds max value */
    880. 

  880. 	/* XXX: check own ht delayed BA capability?? */
    881. 

  881. 	if (((ba_policy != 1)
    882. 

  882. 		&& (!(sta->sta.ht_cap.cap & IEEE80211_HT_CAP_DELAY_BA)))
    883. 

  883. 		|| (buf_size > IEEE80211_MAX_AMPDU_BUF)) {
    884. 

  884. 		status = WLAN_STATUS_INVALID_QOS_PARAM;
    885. 

  885. #ifdef CONFIG_MAC80211_HT_DEBUG
    886. 

  886. 		if (net_ratelimit())
    887. 

  887. 			printk(KERN_DEBUG "AddBA Req with bad params from "
    888. 

  888. 				"%pM on tid %u. policy %d, buffer size %d\n",
    889. 

  889. 				mgmt->sa, tid, ba_policy,
    890. 

  890. 				buf_size);
    891. 

  891. #endif /* CONFIG_MAC80211_HT_DEBUG */
    892. 

  892. 		goto end_no_lock;
    893. 

  893. 	}
    894. 

  894. 	/* determine default buffer size */
    895. 

  895. 	if (buf_size == 0) {
    896. 

  896. 		struct ieee80211_supported_band *sband;
    897. 

  897. 

  898. 		sband = local->hw.wiphy->bands[conf->channel->band];
    899. 

  899. 		buf_size = IEEE80211_MIN_AMPDU_BUF;
    900. 

  900. 		buf_size = buf_size << sband->ht_cap.ampdu_factor;
    901. 

  901. 	}
    902. 

  902. 

  903. 

  904. 	/* examine state machine */
    905. 

  905. 	spin_lock_bh(&sta->lock);
    906. 

  906. 

  907. 	if (sta->ampdu_mlme.tid_state_rx[tid] != HT_AGG_STATE_IDLE) {
    908. 

  908. #ifdef CONFIG_MAC80211_HT_DEBUG
    909. 

  909. 		if (net_ratelimit())
    910. 

  910. 			printk(KERN_DEBUG "unexpected AddBA Req from "
    911. 

  911. 				"%pM on tid %u\n",
    912. 

  912. 				mgmt->sa, tid);
    913. 

  913. #endif /* CONFIG_MAC80211_HT_DEBUG */
    914. 

  914. 		goto end;
    915. 

  915. 	}
    916. 

  916. 

  917. 	/* prepare A-MPDU MLME for Rx aggregation */
    918. 

  918. 	sta->ampdu_mlme.tid_rx[tid] =
    919. 

  919. 			kmalloc(sizeof(struct tid_ampdu_rx), GFP_ATOMIC);
    920. 

  920. 	if (!sta->ampdu_mlme.tid_rx[tid]) {
    921. 

  921. #ifdef CONFIG_MAC80211_HT_DEBUG
    922. 

  922. 		if (net_ratelimit())
    923. 

  923. 			printk(KERN_ERR "allocate rx mlme to tid %d failed\n",
    924. 

  924. 					tid);
    925. 

  925. #endif
    926. 

  926. 		goto end;
    927. 

  927. 	}
    928. 

  928. 	/* rx timer */
    929. 

  929. 	sta->ampdu_mlme.tid_rx[tid]->session_timer.function =
    930. 

  930. 				sta_rx_agg_session_timer_expired;
    931. 

  931. 	sta->ampdu_mlme.tid_rx[tid]->session_timer.data =
    932. 

  932. 				(unsigned long)&sta->timer_to_tid[tid];
    933. 

  933. 	init_timer(&sta->ampdu_mlme.tid_rx[tid]->session_timer);
    934. 

  934. 

  935. 	tid_agg_rx = sta->ampdu_mlme.tid_rx[tid];
    936. 

  936. 

  937. 	/* prepare reordering buffer */
    938. 

  938. 	tid_agg_rx->reorder_buf =
    939. 

  939. 		kmalloc(buf_size * sizeof(struct sk_buff *), GFP_ATOMIC);
    940. 

  940. 	if (!tid_agg_rx->reorder_buf) {
    941. 

  941. #ifdef CONFIG_MAC80211_HT_DEBUG
    942. 

  942. 		if (net_ratelimit())
    943. 

  943. 			printk(KERN_ERR "can not allocate reordering buffer "
    944. 

  944. 			       "to tid %d\n", tid);
    945. 

  945. #endif
    946. 

  946. 		kfree(sta->ampdu_mlme.tid_rx[tid]);
    947. 

  947. 		goto end;
    948. 

  948. 	}
    949. 

  949. 	memset(tid_agg_rx->reorder_buf, 0,
    950. 

  950. 		buf_size * sizeof(struct sk_buff *));
    951. 

  951. 

  952. 	if (local->ops->ampdu_action)
    953. 

  953. 		ret = local->ops->ampdu_action(hw, IEEE80211_AMPDU_RX_START,
    954. 

  954. 					       &sta->sta, tid, &start_seq_num);
    955. 

  955. #ifdef CONFIG_MAC80211_HT_DEBUG
    956. 

  956. 	printk(KERN_DEBUG "Rx A-MPDU request on tid %d result %d\n", tid, ret);
    957. 

  957. #endif /* CONFIG_MAC80211_HT_DEBUG */
    958. 

  958. 

  959. 	if (ret) {
    960. 

  960. 		kfree(tid_agg_rx->reorder_buf);
    961. 

  961. 		kfree(tid_agg_rx);
    962. 

  962. 		sta->ampdu_mlme.tid_rx[tid] = NULL;
    963. 

  963. 		goto end;
    964. 

  964. 	}
    965. 

  965. 

  966. 	/* change state and send addba resp */
    967. 

  967. 	sta->ampdu_mlme.tid_state_rx[tid] = HT_AGG_STATE_OPERATIONAL;
    968. 

  968. 	tid_agg_rx->dialog_token = dialog_token;
    969. 

  969. 	tid_agg_rx->ssn = start_seq_num;
    970. 

  970. 	tid_agg_rx->head_seq_num = start_seq_num;
    971. 

  971. 	tid_agg_rx->buf_size = buf_size;
    972. 

  972. 	tid_agg_rx->timeout = timeout;
    973. 

  973. 	tid_agg_rx->stored_mpdu_num = 0;
    974. 

  974. 	status = WLAN_STATUS_SUCCESS;
    975. 

  975. end:
    976. 

  976. 	spin_unlock_bh(&sta->lock);
    977. 

  977. 

  978. end_no_lock:
    979. 

  979. 	ieee80211_send_addba_resp(sta->sdata, sta->sta.addr, tid,
    980. 

  980. 				  dialog_token, status, 1, buf_size, timeout);
    981. 

  981. }
    982. 

  982. 

  983. void ieee80211_process_addba_resp(struct ieee80211_local *local,
    984. 

  984. 				  struct sta_info *sta,
    985. 

  985. 				  struct ieee80211_mgmt *mgmt,
    986. 

  986. 				  size_t len)
    987. 

  987. {
    988. 

  988. 	struct ieee80211_hw *hw = &local->hw;
    989. 

  989. 	u16 capab;
    990. 

  990. 	u16 tid;
    991. 

  991. 	u8 *state;
    992. 

  992. 

  993. 	capab = le16_to_cpu(mgmt->u.action.u.addba_resp.capab);
    994. 

  994. 	tid = (capab & IEEE80211_ADDBA_PARAM_TID_MASK) >> 2;
    995. 

  995. 

  996. 	state = &sta->ampdu_mlme.tid_state_tx[tid];
    997. 

  997. 

  998. 	spin_lock_bh(&sta->lock);
    999. 

  999. 

  1000. 	if (!(*state & HT_ADDBA_REQUESTED_MSK)) {
    1001. 

  1001. 		spin_unlock_bh(&sta->lock);
    1002. 

  1002. 		return;
    1003. 

  1003. 	}
    1004. 

  1004. 

  1005. 	if (mgmt->u.action.u.addba_resp.dialog_token !=
    1006. 

  1006. 		sta->ampdu_mlme.tid_tx[tid]->dialog_token) {
    1007. 

  1007. 		spin_unlock_bh(&sta->lock);
    1008. 

  1008. #ifdef CONFIG_MAC80211_HT_DEBUG
    1009. 

  1009. 		printk(KERN_DEBUG "wrong addBA response token, tid %d\n", tid);
    1010. 

  1010. #endif /* CONFIG_MAC80211_HT_DEBUG */
    1011. 

  1011. 		return;
    1012. 

  1012. 	}
    1013. 

  1013. 

  1014. 	del_timer_sync(&sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer);
    1015. 

  1015. #ifdef CONFIG_MAC80211_HT_DEBUG
    1016. 

  1016. 	printk(KERN_DEBUG "switched off addBA timer for tid %d \n", tid);
    1017. 

  1017. #endif /* CONFIG_MAC80211_HT_DEBUG */
    1018. 

  1018. 	if (le16_to_cpu(mgmt->u.action.u.addba_resp.status)
    1019. 

  1019. 			== WLAN_STATUS_SUCCESS) {
    1020. 

  1020. 		*state |= HT_ADDBA_RECEIVED_MSK;
    1021. 

  1021. 		sta->ampdu_mlme.addba_req_num[tid] = 0;
    1022. 

  1022. 

  1023. 		if (*state == HT_AGG_STATE_OPERATIONAL &&
    1024. 

  1024. 		    local->hw.ampdu_queues)
    1025. 

  1025. 			ieee80211_wake_queue(hw, sta->tid_to_tx_q[tid]);
    1026. 

  1026. 

  1027. 		spin_unlock_bh(&sta->lock);
    1028. 

  1028. 	} else {
    1029. 

  1029. 		sta->ampdu_mlme.addba_req_num[tid]++;
    1030. 

  1030. 		/* this will allow the state check in stop_BA_session */
    1031. 

  1031. 		*state = HT_AGG_STATE_OPERATIONAL;
    1032. 

  1032. 		spin_unlock_bh(&sta->lock);
    1033. 

  1033. 		ieee80211_stop_tx_ba_session(hw, sta->sta.addr, tid,
    1034. 

  1034. 					     WLAN_BACK_INITIATOR);
    1035. 

  1035. 	}
    1036. 

  1036. }
    1037. 

  1037. 

  1038. void ieee80211_process_delba(struct ieee80211_sub_if_data *sdata,
    1039. 

  1039. 			     struct sta_info *sta,
    1040. 

  1040. 			     struct ieee80211_mgmt *mgmt, size_t len)
    1041. 

  1041. {
    1042. 

  1042. 	struct ieee80211_local *local = sdata->local;
    1043. 

  1043. 	u16 tid, params;
    1044. 

  1044. 	u16 initiator;
    1045. 

  1045. 

  1046. 	params = le16_to_cpu(mgmt->u.action.u.delba.params);
    1047. 

  1047. 	tid = (params & IEEE80211_DELBA_PARAM_TID_MASK) >> 12;
    1048. 

  1048. 	initiator = (params & IEEE80211_DELBA_PARAM_INITIATOR_MASK) >> 11;
    1049. 

  1049. 

  1050. #ifdef CONFIG_MAC80211_HT_DEBUG
    1051. 

  1051. 	if (net_ratelimit())
    1052. 

  1052. 		printk(KERN_DEBUG "delba from %pM (%s) tid %d reason code %d\n",
    1053. 

  1053. 			mgmt->sa, initiator ? "initiator" : "recipient", tid,
    1054. 

  1054. 			mgmt->u.action.u.delba.reason_code);
    1055. 

  1055. #endif /* CONFIG_MAC80211_HT_DEBUG */
    1056. 

  1056. 

  1057. 	if (initiator == WLAN_BACK_INITIATOR)
    1058. 

  1058. 		ieee80211_sta_stop_rx_ba_session(sdata, sta->sta.addr, tid,
    1059. 

  1059. 						 WLAN_BACK_INITIATOR, 0);
    1060. 

  1060. 	else { /* WLAN_BACK_RECIPIENT */
    1061. 

  1061. 		spin_lock_bh(&sta->lock);
    1062. 

  1062. 		sta->ampdu_mlme.tid_state_tx[tid] =
    1063. 

  1063. 				HT_AGG_STATE_OPERATIONAL;
    1064. 

  1064. 		spin_unlock_bh(&sta->lock);
    1065. 

  1065. 		ieee80211_stop_tx_ba_session(&local->hw, sta->sta.addr, tid,
    1066. 

  1066. 					     WLAN_BACK_RECIPIENT);
    1067. 

  1067. 	}
    1068. 

  1068. }
    1069.