[deliverable/linux.git] / net / mac80211 / agg-rx.c

/*
 * HT handling
 *
 * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi>
 * Copyright 2002-2005, Instant802 Networks, Inc.
 * Copyright 2005-2006, Devicescape Software, Inc.
 * Copyright 2006-2007	Jiri Benc <jbenc@suse.cz>
 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
 * Copyright 2007-2010, Intel Corporation
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 */

/**
 * DOC: RX A-MPDU aggregation
 *
 * Aggregation on the RX side requires only implementing the
 * @ampdu_action callback that is invoked to start/stop any
 * block-ack sessions for RX aggregation.
 *
 * When RX aggregation is started by the peer, the driver is
 * notified via @ampdu_action function, with the
 * %IEEE80211_AMPDU_RX_START action, and may reject the request
 * in which case a negative response is sent to the peer, if it
 * accepts it a positive response is sent.
 *
 * While the session is active, the device/driver are required
 * to de-aggregate frames and pass them up one by one to mac80211,
 * which will handle the reorder buffer.
 *
 * When the aggregation session is stopped again by the peer or
 * ourselves, the driver's @ampdu_action function will be called
 * with the action %IEEE80211_AMPDU_RX_STOP. In this case, the
 * call must not fail.
 */

#include <linux/ieee80211.h>
#include <linux/slab.h>
#include <linux/export.h>
#include <net/mac80211.h>
#include "ieee80211_i.h"
#include "driver-ops.h"

static void ieee80211_free_tid_rx(struct rcu_head *h)
{
	struct tid_ampdu_rx *tid_rx =
		container_of(h, struct tid_ampdu_rx, rcu_head);
	int i;

	for (i = 0; i < tid_rx->buf_size; i++)
		dev_kfree_skb(tid_rx->reorder_buf[i]);
	kfree(tid_rx->reorder_buf);
	kfree(tid_rx->reorder_time);
	kfree(tid_rx);
}

void ___ieee80211_stop_rx_ba_session(struct sta_info *sta, u16 tid,
				     u16 initiator, u16 reason, bool tx)
{
	struct ieee80211_local *local = sta->local;
	struct tid_ampdu_rx *tid_rx;

	lockdep_assert_held(&sta->ampdu_mlme.mtx);

	tid_rx = rcu_dereference_protected(sta->ampdu_mlme.tid_rx[tid],
					lockdep_is_held(&sta->ampdu_mlme.mtx));

	if (!tid_rx)
		return;

	RCU_INIT_POINTER(sta->ampdu_mlme.tid_rx[tid], NULL);

#ifdef CONFIG_MAC80211_HT_DEBUG
	printk(KERN_DEBUG
	       "Rx BA session stop requested for %pM tid %u %s reason: %d\n",
	       sta->sta.addr, tid,
	       initiator == WLAN_BACK_RECIPIENT ? "recipient" : "inititator",
	       (int)reason);
#endif /* CONFIG_MAC80211_HT_DEBUG */

	if (drv_ampdu_action(local, sta->sdata, IEEE80211_AMPDU_RX_STOP,
			     &sta->sta, tid, NULL, 0))
		printk(KERN_DEBUG "HW problem - can not stop rx "
				"aggregation for tid %d\n", tid);

	/* check if this is a self generated aggregation halt */
	if (initiator == WLAN_BACK_RECIPIENT && tx)
		ieee80211_send_delba(sta->sdata, sta->sta.addr,
				     tid, WLAN_BACK_RECIPIENT, reason);

	del_timer_sync(&tid_rx->session_timer);
	del_timer_sync(&tid_rx->reorder_timer);

	call_rcu(&tid_rx->rcu_head, ieee80211_free_tid_rx);
}

void __ieee80211_stop_rx_ba_session(struct sta_info *sta, u16 tid,
				    u16 initiator, u16 reason, bool tx)
{
	mutex_lock(&sta->ampdu_mlme.mtx);
	___ieee80211_stop_rx_ba_session(sta, tid, initiator, reason, tx);
	mutex_unlock(&sta->ampdu_mlme.mtx);
}

void ieee80211_stop_rx_ba_session(struct ieee80211_vif *vif, u16 ba_rx_bitmap,
				  const u8 *addr)
{
	struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
	struct sta_info *sta;
	int i;

	rcu_read_lock();
	sta = sta_info_get_bss(sdata, addr);
	if (!sta) {
		rcu_read_unlock();
		return;
	}

	for (i = 0; i < STA_TID_NUM; i++)
		if (ba_rx_bitmap & BIT(i))
			set_bit(i, sta->ampdu_mlme.tid_rx_stop_requested);

	ieee80211_queue_work(&sta->local->hw, &sta->ampdu_mlme.work);
	rcu_read_unlock();
}
EXPORT_SYMBOL(ieee80211_stop_rx_ba_session);

/*
 * After accepting the AddBA Request we activated a timer,
 * resetting it after each frame that arrives from the originator.
 */
static void sta_rx_agg_session_timer_expired(unsigned long data)
{
	/* not an elegant detour, but there is no choice as the timer passes
	 * only one argument, and various sta_info are needed here, so init
	 * flow in sta_info_create gives the TID as data, while the timer_to_id
	 * array gives the sta through container_of */
	u8 *ptid = (u8 *)data;
	u8 *timer_to_id = ptid - *ptid;
	struct sta_info *sta = container_of(timer_to_id, struct sta_info,
					 timer_to_tid[0]);

#ifdef CONFIG_MAC80211_HT_DEBUG
	printk(KERN_DEBUG "rx session timer expired on tid %d\n", (u16)*ptid);
#endif
	set_bit(*ptid, sta->ampdu_mlme.tid_rx_timer_expired);
	ieee80211_queue_work(&sta->local->hw, &sta->ampdu_mlme.work);
}

static void sta_rx_agg_reorder_timer_expired(unsigned long data)
{
	u8 *ptid = (u8 *)data;
	u8 *timer_to_id = ptid - *ptid;
	struct sta_info *sta = container_of(timer_to_id, struct sta_info,
			timer_to_tid[0]);

	rcu_read_lock();
	ieee80211_release_reorder_timeout(sta, *ptid);
	rcu_read_unlock();
}

static void ieee80211_send_addba_resp(struct ieee80211_sub_if_data *sdata, u8 *da, u16 tid,
				      u8 dialog_token, u16 status, u16 policy,
				      u16 buf_size, u16 timeout)
{
	struct ieee80211_local *local = sdata->local;
	struct sk_buff *skb;
	struct ieee80211_mgmt *mgmt;
	u16 capab;

	skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom);
	if (!skb)
		return;

	skb_reserve(skb, local->hw.extra_tx_headroom);
	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
	memset(mgmt, 0, 24);
	memcpy(mgmt->da, da, ETH_ALEN);
	memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
	if (sdata->vif.type == NL80211_IFTYPE_AP ||
	    sdata->vif.type == NL80211_IFTYPE_AP_VLAN ||
	    sdata->vif.type == NL80211_IFTYPE_MESH_POINT)
		memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN);
	else if (sdata->vif.type == NL80211_IFTYPE_STATION)
		memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN);
	else if (sdata->vif.type == NL80211_IFTYPE_ADHOC)
		memcpy(mgmt->bssid, sdata->u.ibss.bssid, ETH_ALEN);

	mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
					  IEEE80211_STYPE_ACTION);

	skb_put(skb, 1 + sizeof(mgmt->u.action.u.addba_resp));
	mgmt->u.action.category = WLAN_CATEGORY_BACK;
	mgmt->u.action.u.addba_resp.action_code = WLAN_ACTION_ADDBA_RESP;
	mgmt->u.action.u.addba_resp.dialog_token = dialog_token;

	capab = (u16)(policy << 1);	/* bit 1 aggregation policy */
	capab |= (u16)(tid << 2); 	/* bit 5:2 TID number */
	capab |= (u16)(buf_size << 6);	/* bit 15:6 max size of aggregation */

	mgmt->u.action.u.addba_resp.capab = cpu_to_le16(capab);
	mgmt->u.action.u.addba_resp.timeout = cpu_to_le16(timeout);
	mgmt->u.action.u.addba_resp.status = cpu_to_le16(status);

	ieee80211_tx_skb(sdata, skb);
}

void ieee80211_process_addba_request(struct ieee80211_local *local,
				     struct sta_info *sta,
				     struct ieee80211_mgmt *mgmt,
				     size_t len)
{
	struct tid_ampdu_rx *tid_agg_rx;
	u16 capab, tid, timeout, ba_policy, buf_size, start_seq_num, status;
	u8 dialog_token;
	int ret = -EOPNOTSUPP;

	/* extract session parameters from addba request frame */
	dialog_token = mgmt->u.action.u.addba_req.dialog_token;
	timeout = le16_to_cpu(mgmt->u.action.u.addba_req.timeout);
	start_seq_num =
		le16_to_cpu(mgmt->u.action.u.addba_req.start_seq_num) >> 4;

	capab = le16_to_cpu(mgmt->u.action.u.addba_req.capab);
	ba_policy = (capab & IEEE80211_ADDBA_PARAM_POLICY_MASK) >> 1;
	tid = (capab & IEEE80211_ADDBA_PARAM_TID_MASK) >> 2;
	buf_size = (capab & IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK) >> 6;

	status = WLAN_STATUS_REQUEST_DECLINED;

	if (test_sta_flag(sta, WLAN_STA_BLOCK_BA)) {
#ifdef CONFIG_MAC80211_HT_DEBUG
		printk(KERN_DEBUG "Suspend in progress. "
		       "Denying ADDBA request\n");
#endif
		goto end_no_lock;
	}

	/* sanity check for incoming parameters:
	 * check if configuration can support the BA policy
	 * and if buffer size does not exceeds max value */
	/* XXX: check own ht delayed BA capability?? */
	if (((ba_policy != 1) &&
	     (!(sta->sta.ht_cap.cap & IEEE80211_HT_CAP_DELAY_BA))) ||
	    (buf_size > IEEE80211_MAX_AMPDU_BUF)) {
		status = WLAN_STATUS_INVALID_QOS_PARAM;
#ifdef CONFIG_MAC80211_HT_DEBUG
		if (net_ratelimit())
			printk(KERN_DEBUG "AddBA Req with bad params from "
				"%pM on tid %u. policy %d, buffer size %d\n",
				mgmt->sa, tid, ba_policy,
				buf_size);
#endif /* CONFIG_MAC80211_HT_DEBUG */
		goto end_no_lock;
	}
	/* determine default buffer size */
	if (buf_size == 0)
		buf_size = IEEE80211_MAX_AMPDU_BUF;

	/* make sure the size doesn't exceed the maximum supported by the hw */
	if (buf_size > local->hw.max_rx_aggregation_subframes)
		buf_size = local->hw.max_rx_aggregation_subframes;

	/* examine state machine */
	mutex_lock(&sta->ampdu_mlme.mtx);

	if (sta->ampdu_mlme.tid_rx[tid]) {
#ifdef CONFIG_MAC80211_HT_DEBUG
		if (net_ratelimit())
			printk(KERN_DEBUG "unexpected AddBA Req from "
				"%pM on tid %u\n",
				mgmt->sa, tid);
#endif /* CONFIG_MAC80211_HT_DEBUG */

		/* delete existing Rx BA session on the same tid */
		___ieee80211_stop_rx_ba_session(sta, tid, WLAN_BACK_RECIPIENT,
						WLAN_STATUS_UNSPECIFIED_QOS,
						false);
	}

	/* prepare A-MPDU MLME for Rx aggregation */
	tid_agg_rx = kmalloc(sizeof(struct tid_ampdu_rx), GFP_KERNEL);
	if (!tid_agg_rx)
		goto end;

	spin_lock_init(&tid_agg_rx->reorder_lock);

	/* rx timer */
	tid_agg_rx->session_timer.function = sta_rx_agg_session_timer_expired;
	tid_agg_rx->session_timer.data = (unsigned long)&sta->timer_to_tid[tid];
	init_timer(&tid_agg_rx->session_timer);

	/* rx reorder timer */
	tid_agg_rx->reorder_timer.function = sta_rx_agg_reorder_timer_expired;
	tid_agg_rx->reorder_timer.data = (unsigned long)&sta->timer_to_tid[tid];
	init_timer(&tid_agg_rx->reorder_timer);

	/* prepare reordering buffer */
	tid_agg_rx->reorder_buf =
		kcalloc(buf_size, sizeof(struct sk_buff *), GFP_KERNEL);
	tid_agg_rx->reorder_time =
		kcalloc(buf_size, sizeof(unsigned long), GFP_KERNEL);
	if (!tid_agg_rx->reorder_buf || !tid_agg_rx->reorder_time) {
		kfree(tid_agg_rx->reorder_buf);
		kfree(tid_agg_rx->reorder_time);
		kfree(tid_agg_rx);
		goto end;
	}

	ret = drv_ampdu_action(local, sta->sdata, IEEE80211_AMPDU_RX_START,
			       &sta->sta, tid, &start_seq_num, 0);
#ifdef CONFIG_MAC80211_HT_DEBUG
	printk(KERN_DEBUG "Rx A-MPDU request on tid %d result %d\n", tid, ret);
#endif /* CONFIG_MAC80211_HT_DEBUG */

	if (ret) {
		kfree(tid_agg_rx->reorder_buf);
		kfree(tid_agg_rx->reorder_time);
		kfree(tid_agg_rx);
		goto end;
	}

	/* update data */
	tid_agg_rx->dialog_token = dialog_token;
	tid_agg_rx->ssn = start_seq_num;
	tid_agg_rx->head_seq_num = start_seq_num;
	tid_agg_rx->buf_size = buf_size;
	tid_agg_rx->timeout = timeout;
	tid_agg_rx->stored_mpdu_num = 0;
	status = WLAN_STATUS_SUCCESS;

	/* activate it for RX */
	rcu_assign_pointer(sta->ampdu_mlme.tid_rx[tid], tid_agg_rx);

	if (timeout)
		mod_timer(&tid_agg_rx->session_timer, TU_TO_EXP_TIME(timeout));

end:
	mutex_unlock(&sta->ampdu_mlme.mtx);

end_no_lock:
	ieee80211_send_addba_resp(sta->sdata, sta->sta.addr, tid,
				  dialog_token, status, 1, buf_size, timeout);
}
Commit	Line	Data
b8695a8f JB	1	/*
	2	* HT handling
	3	*
	4	* Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi>
	5	* Copyright 2002-2005, Instant802 Networks, Inc.
	6	* Copyright 2005-2006, Devicescape Software, Inc.
	7	* Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
	8	* Copyright 2007, Michael Wu <flamingice@sourmilk.net>
a93e3644	9	* Copyright 2007-2010, Intel Corporation
b8695a8f JB	10	*
	11	* This program is free software; you can redistribute it and/or modify
	12	* it under the terms of the GNU General Public License version 2 as
	13	* published by the Free Software Foundation.
	14	*/
	15
73a72a81 JB	16	/**
	17	* DOC: RX A-MPDU aggregation
	18	*
	19	* Aggregation on the RX side requires only implementing the
	20	* @ampdu_action callback that is invoked to start/stop any
	21	* block-ack sessions for RX aggregation.
	22	*
	23	* When RX aggregation is started by the peer, the driver is
	24	* notified via @ampdu_action function, with the
	25	* %IEEE80211_AMPDU_RX_START action, and may reject the request
	26	* in which case a negative response is sent to the peer, if it
	27	* accepts it a positive response is sent.
	28	*
	29	* While the session is active, the device/driver are required
	30	* to de-aggregate frames and pass them up one by one to mac80211,
	31	* which will handle the reorder buffer.
	32	*
	33	* When the aggregation session is stopped again by the peer or
	34	* ourselves, the driver's @ampdu_action function will be called
	35	* with the action %IEEE80211_AMPDU_RX_STOP. In this case, the
	36	* call must not fail.
	37	*/
	38
b8695a8f	39	#include <linux/ieee80211.h>
5a0e3ad6	40	#include <linux/slab.h>
bc3b2d7f	41	#include <linux/export.h>
b8695a8f JB	42	#include <net/mac80211.h>
b8695a8f JB	43	#include "ieee80211_i.h"
24487981	44	#include "driver-ops.h"
b8695a8f	45
a87f736d JB	46	static void ieee80211_free_tid_rx(struct rcu_head *h)
	47	{
	48	struct tid_ampdu_rx *tid_rx =
	49	container_of(h, struct tid_ampdu_rx, rcu_head);
	50	int i;
	51
	52	for (i = 0; i < tid_rx->buf_size; i++)
	53	dev_kfree_skb(tid_rx->reorder_buf[i]);
	54	kfree(tid_rx->reorder_buf);
	55	kfree(tid_rx->reorder_time);
	56	kfree(tid_rx);
	57	}
	58
7c3b1dd8	59	void ___ieee80211_stop_rx_ba_session(struct sta_info *sta, u16 tid,
53f73c09	60	u16 initiator, u16 reason, bool tx)
b8695a8f	61	{
d75636ef	62	struct ieee80211_local *local = sta->local;
098a6070	63	struct tid_ampdu_rx *tid_rx;
b8695a8f	64
a93e3644	65	lockdep_assert_held(&sta->ampdu_mlme.mtx);
098a6070	66
40b275b6 JB	67	tid_rx = rcu_dereference_protected(sta->ampdu_mlme.tid_rx[tid],
40b275b6 JB	68	lockdep_is_held(&sta->ampdu_mlme.mtx));
a87f736d	69
7c3b1dd8	70	if (!tid_rx)
b8695a8f	71	return;
d75636ef	72
a9b3cd7f	73	RCU_INIT_POINTER(sta->ampdu_mlme.tid_rx[tid], NULL);
b8695a8f	74
b8695a8f	75	#ifdef CONFIG_MAC80211_HT_DEBUG
5ccc32ff NM	76	printk(KERN_DEBUG
	77	"Rx BA session stop requested for %pM tid %u %s reason: %d\n",
	78	sta->sta.addr, tid,
	79	initiator == WLAN_BACK_RECIPIENT ? "recipient" : "inititator",
	80	(int)reason);
b8695a8f JB	81	#endif /* CONFIG_MAC80211_HT_DEBUG */
b8695a8f JB	82
12375ef9	83	if (drv_ampdu_action(local, sta->sdata, IEEE80211_AMPDU_RX_STOP,
0b01f030	84	&sta->sta, tid, NULL, 0))
b8695a8f JB	85	printk(KERN_DEBUG "HW problem - can not stop rx "
	86	"aggregation for tid %d\n", tid);
	87
b8695a8f	88	/* check if this is a self generated aggregation halt */
53f73c09	89	if (initiator == WLAN_BACK_RECIPIENT && tx)
d75636ef	90	ieee80211_send_delba(sta->sdata, sta->sta.addr,
a7f39f60	91	tid, WLAN_BACK_RECIPIENT, reason);
b8695a8f	92
7c3b1dd8	93	del_timer_sync(&tid_rx->session_timer);
2bff8ebf	94	del_timer_sync(&tid_rx->reorder_timer);
a87f736d JB	95
a87f736d JB	96	call_rcu(&tid_rx->rcu_head, ieee80211_free_tid_rx);
b8695a8f JB	97	}
b8695a8f JB	98
2aab4c27	99	void __ieee80211_stop_rx_ba_session(struct sta_info *sta, u16 tid,
53f73c09	100	u16 initiator, u16 reason, bool tx)
2aab4c27	101	{
a93e3644	102	mutex_lock(&sta->ampdu_mlme.mtx);
53f73c09	103	___ieee80211_stop_rx_ba_session(sta, tid, initiator, reason, tx);
a93e3644	104	mutex_unlock(&sta->ampdu_mlme.mtx);
2aab4c27 JB	105	}
2aab4c27 JB	106
f41ccd71 SL	107	void ieee80211_stop_rx_ba_session(struct ieee80211_vif *vif, u16 ba_rx_bitmap,
	108	const u8 *addr)
	109	{
	110	struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
0a557ed3	111	struct sta_info *sta;
f41ccd71 SL	112	int i;
f41ccd71 SL	113
0a557ed3	114	rcu_read_lock();
bc192f89	115	sta = sta_info_get_bss(sdata, addr);
0a557ed3 EP	116	if (!sta) {
	117	rcu_read_unlock();
	118	return;
	119	}
	120
f41ccd71 SL	121	for (i = 0; i < STA_TID_NUM; i++)
	122	if (ba_rx_bitmap & BIT(i))
	123	set_bit(i, sta->ampdu_mlme.tid_rx_stop_requested);
	124
	125	ieee80211_queue_work(&sta->local->hw, &sta->ampdu_mlme.work);
0a557ed3	126	rcu_read_unlock();
f41ccd71 SL	127	}
	128	EXPORT_SYMBOL(ieee80211_stop_rx_ba_session);
	129
b8695a8f JB	130	/*
	131	* After accepting the AddBA Request we activated a timer,
	132	* resetting it after each frame that arrives from the originator.
b8695a8f JB	133	*/
	134	static void sta_rx_agg_session_timer_expired(unsigned long data)
	135	{
	136	/* not an elegant detour, but there is no choice as the timer passes
	137	* only one argument, and various sta_info are needed here, so init
	138	* flow in sta_info_create gives the TID as data, while the timer_to_id
	139	* array gives the sta through container_of */
	140	u8 ptid = (u8 )data;
	141	u8 timer_to_id = ptid - ptid;
	142	struct sta_info *sta = container_of(timer_to_id, struct sta_info,
	143	timer_to_tid[0]);
	144
	145	#ifdef CONFIG_MAC80211_HT_DEBUG
	146	printk(KERN_DEBUG "rx session timer expired on tid %d\n", (u16)*ptid);
	147	#endif
7c3b1dd8 JB	148	set_bit(*ptid, sta->ampdu_mlme.tid_rx_timer_expired);
7c3b1dd8 JB	149	ieee80211_queue_work(&sta->local->hw, &sta->ampdu_mlme.work);
b8695a8f JB	150	}
b8695a8f JB	151
2bff8ebf CL	152	static void sta_rx_agg_reorder_timer_expired(unsigned long data)
	153	{
	154	u8 ptid = (u8 )data;
	155	u8 timer_to_id = ptid - ptid;
	156	struct sta_info *sta = container_of(timer_to_id, struct sta_info,
	157	timer_to_tid[0]);
	158
	159	rcu_read_lock();
2bff8ebf	160	ieee80211_release_reorder_timeout(sta, *ptid);
2bff8ebf CL	161	rcu_read_unlock();
	162	}
	163
b8695a8f JB	164	static void ieee80211_send_addba_resp(struct ieee80211_sub_if_data sdata, u8 da, u16 tid,
	165	u8 dialog_token, u16 status, u16 policy,
	166	u16 buf_size, u16 timeout)
	167	{
b8695a8f JB	168	struct ieee80211_local *local = sdata->local;
	169	struct sk_buff *skb;
	170	struct ieee80211_mgmt *mgmt;
	171	u16 capab;
	172
	173	skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom);
d15b8459	174	if (!skb)
b8695a8f	175	return;
b8695a8f JB	176
	177	skb_reserve(skb, local->hw.extra_tx_headroom);
	178	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
	179	memset(mgmt, 0, 24);
	180	memcpy(mgmt->da, da, ETH_ALEN);
47846c9b	181	memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
8abd3f9b	182	if (sdata->vif.type == NL80211_IFTYPE_AP \|\|
ae2772b3 TP	183	sdata->vif.type == NL80211_IFTYPE_AP_VLAN \|\|
ae2772b3 TP	184	sdata->vif.type == NL80211_IFTYPE_MESH_POINT)
47846c9b	185	memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN);
46900298 JB	186	else if (sdata->vif.type == NL80211_IFTYPE_STATION)
46900298 JB	187	memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN);
13c40c54 AS	188	else if (sdata->vif.type == NL80211_IFTYPE_ADHOC)
13c40c54 AS	189	memcpy(mgmt->bssid, sdata->u.ibss.bssid, ETH_ALEN);
46900298	190
b8695a8f JB	191	mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT \|
	192	IEEE80211_STYPE_ACTION);
	193
	194	skb_put(skb, 1 + sizeof(mgmt->u.action.u.addba_resp));
	195	mgmt->u.action.category = WLAN_CATEGORY_BACK;
	196	mgmt->u.action.u.addba_resp.action_code = WLAN_ACTION_ADDBA_RESP;
	197	mgmt->u.action.u.addba_resp.dialog_token = dialog_token;
	198
	199	capab = (u16)(policy << 1); /* bit 1 aggregation policy */
	200	capab \|= (u16)(tid << 2); /* bit 5:2 TID number */
	201	capab \|= (u16)(buf_size << 6); /* bit 15:6 max size of aggregation */
	202
	203	mgmt->u.action.u.addba_resp.capab = cpu_to_le16(capab);
	204	mgmt->u.action.u.addba_resp.timeout = cpu_to_le16(timeout);
	205	mgmt->u.action.u.addba_resp.status = cpu_to_le16(status);
	206
62ae67be	207	ieee80211_tx_skb(sdata, skb);
b8695a8f JB	208	}
	209
	210	void ieee80211_process_addba_request(struct ieee80211_local *local,
	211	struct sta_info *sta,
	212	struct ieee80211_mgmt *mgmt,
	213	size_t len)
	214	{
b8695a8f JB	215	struct tid_ampdu_rx *tid_agg_rx;
	216	u16 capab, tid, timeout, ba_policy, buf_size, start_seq_num, status;
	217	u8 dialog_token;
	218	int ret = -EOPNOTSUPP;
	219
	220	/* extract session parameters from addba request frame */
	221	dialog_token = mgmt->u.action.u.addba_req.dialog_token;
	222	timeout = le16_to_cpu(mgmt->u.action.u.addba_req.timeout);
	223	start_seq_num =
	224	le16_to_cpu(mgmt->u.action.u.addba_req.start_seq_num) >> 4;
	225
	226	capab = le16_to_cpu(mgmt->u.action.u.addba_req.capab);
	227	ba_policy = (capab & IEEE80211_ADDBA_PARAM_POLICY_MASK) >> 1;
	228	tid = (capab & IEEE80211_ADDBA_PARAM_TID_MASK) >> 2;
	229	buf_size = (capab & IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK) >> 6;
	230
	231	status = WLAN_STATUS_REQUEST_DECLINED;
	232
c2c98fde	233	if (test_sta_flag(sta, WLAN_STA_BLOCK_BA)) {
722f069a S	234	#ifdef CONFIG_MAC80211_HT_DEBUG
	235	printk(KERN_DEBUG "Suspend in progress. "
	236	"Denying ADDBA request\n");
	237	#endif
	238	goto end_no_lock;
	239	}
	240
b8695a8f JB	241	/* sanity check for incoming parameters:
	242	* check if configuration can support the BA policy
	243	* and if buffer size does not exceeds max value */
	244	/* XXX: check own ht delayed BA capability?? */
f64f9e71 JP	245	if (((ba_policy != 1) &&
	246	(!(sta->sta.ht_cap.cap & IEEE80211_HT_CAP_DELAY_BA))) \|\|
	247	(buf_size > IEEE80211_MAX_AMPDU_BUF)) {
b8695a8f JB	248	status = WLAN_STATUS_INVALID_QOS_PARAM;
	249	#ifdef CONFIG_MAC80211_HT_DEBUG
	250	if (net_ratelimit())
	251	printk(KERN_DEBUG "AddBA Req with bad params from "
	252	"%pM on tid %u. policy %d, buffer size %d\n",
	253	mgmt->sa, tid, ba_policy,
	254	buf_size);
	255	#endif /* CONFIG_MAC80211_HT_DEBUG */
	256	goto end_no_lock;
	257	}
	258	/* determine default buffer size */
82694f76 LC	259	if (buf_size == 0)
82694f76 LC	260	buf_size = IEEE80211_MAX_AMPDU_BUF;
b8695a8f	261
df6ba5d8 LC	262	/* make sure the size doesn't exceed the maximum supported by the hw */
	263	if (buf_size > local->hw.max_rx_aggregation_subframes)
	264	buf_size = local->hw.max_rx_aggregation_subframes;
b8695a8f JB	265
b8695a8f JB	266	/* examine state machine */
a93e3644	267	mutex_lock(&sta->ampdu_mlme.mtx);
b8695a8f	268
a87f736d	269	if (sta->ampdu_mlme.tid_rx[tid]) {
b8695a8f JB	270	#ifdef CONFIG_MAC80211_HT_DEBUG
	271	if (net_ratelimit())
	272	printk(KERN_DEBUG "unexpected AddBA Req from "
	273	"%pM on tid %u\n",
	274	mgmt->sa, tid);
	275	#endif /* CONFIG_MAC80211_HT_DEBUG */
15b4d843 AN	276
	277	/* delete existing Rx BA session on the same tid */
	278	___ieee80211_stop_rx_ba_session(sta, tid, WLAN_BACK_RECIPIENT,
	279	WLAN_STATUS_UNSPECIFIED_QOS,
	280	false);
b8695a8f JB	281	}
	282
	283	/* prepare A-MPDU MLME for Rx aggregation */
dd318575	284	tid_agg_rx = kmalloc(sizeof(struct tid_ampdu_rx), GFP_KERNEL);
d15b8459	285	if (!tid_agg_rx)
b8695a8f	286	goto end;
b8695a8f	287
2bff8ebf CL	288	spin_lock_init(&tid_agg_rx->reorder_lock);
2bff8ebf CL	289
a87f736d JB	290	/* rx timer */
	291	tid_agg_rx->session_timer.function = sta_rx_agg_session_timer_expired;
	292	tid_agg_rx->session_timer.data = (unsigned long)&sta->timer_to_tid[tid];
	293	init_timer(&tid_agg_rx->session_timer);
b8695a8f	294
2bff8ebf CL	295	/* rx reorder timer */
	296	tid_agg_rx->reorder_timer.function = sta_rx_agg_reorder_timer_expired;
	297	tid_agg_rx->reorder_timer.data = (unsigned long)&sta->timer_to_tid[tid];
	298	init_timer(&tid_agg_rx->reorder_timer);
	299
b8695a8f JB	300	/* prepare reordering buffer */
b8695a8f JB	301	tid_agg_rx->reorder_buf =
dd318575	302	kcalloc(buf_size, sizeof(struct sk_buff *), GFP_KERNEL);
4d050f1d	303	tid_agg_rx->reorder_time =
dd318575	304	kcalloc(buf_size, sizeof(unsigned long), GFP_KERNEL);
4d050f1d	305	if (!tid_agg_rx->reorder_buf \|\| !tid_agg_rx->reorder_time) {
4d050f1d JM	306	kfree(tid_agg_rx->reorder_buf);
4d050f1d JM	307	kfree(tid_agg_rx->reorder_time);
a87f736d	308	kfree(tid_agg_rx);
b8695a8f JB	309	goto end;
	310	}
	311
12375ef9	312	ret = drv_ampdu_action(local, sta->sdata, IEEE80211_AMPDU_RX_START,
0b01f030	313	&sta->sta, tid, &start_seq_num, 0);
b8695a8f JB	314	#ifdef CONFIG_MAC80211_HT_DEBUG
	315	printk(KERN_DEBUG "Rx A-MPDU request on tid %d result %d\n", tid, ret);
	316	#endif /* CONFIG_MAC80211_HT_DEBUG */
	317
	318	if (ret) {
	319	kfree(tid_agg_rx->reorder_buf);
a87f736d	320	kfree(tid_agg_rx->reorder_time);
b8695a8f	321	kfree(tid_agg_rx);
b8695a8f JB	322	goto end;
	323	}
	324
a87f736d	325	/* update data */
b8695a8f JB	326	tid_agg_rx->dialog_token = dialog_token;
	327	tid_agg_rx->ssn = start_seq_num;
	328	tid_agg_rx->head_seq_num = start_seq_num;
	329	tid_agg_rx->buf_size = buf_size;
	330	tid_agg_rx->timeout = timeout;
	331	tid_agg_rx->stored_mpdu_num = 0;
	332	status = WLAN_STATUS_SUCCESS;
a87f736d JB	333
a87f736d JB	334	/* activate it for RX */
cf778b00	335	rcu_assign_pointer(sta->ampdu_mlme.tid_rx[tid], tid_agg_rx);
f955ebb4 JB	336
	337	if (timeout)
	338	mod_timer(&tid_agg_rx->session_timer, TU_TO_EXP_TIME(timeout));
	339
b8695a8f	340	end:
a93e3644	341	mutex_unlock(&sta->ampdu_mlme.mtx);
b8695a8f JB	342
	343	end_no_lock:
	344	ieee80211_send_addba_resp(sta->sdata, sta->sta.addr, tid,
	345	dialog_token, status, 1, buf_size, timeout);
	346	}