SAFE public projects git trees. - safe/jmp/linux-2.6/blob - net/mac80211/scan.c

   1 /*
   2  * BSS client mode implementation
   3  * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi>
   4  * Copyright 2004, Instant802 Networks, Inc.
   5  * Copyright 2005, Devicescape Software, Inc.
   6  * Copyright 2006-2007  Jiri Benc <jbenc@suse.cz>
   7  * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
   8  *
   9  * This program is free software; you can redistribute it and/or modify
  10  * it under the terms of the GNU General Public License version 2 as
  11  * published by the Free Software Foundation.
  12  */
  13
  14 #include <linux/wireless.h>
  15 #include <linux/if_arp.h>
  16 #include <net/mac80211.h>
  17 #include <net/iw_handler.h>
  18
  19 #include "ieee80211_i.h"
  20
  21 #define IEEE80211_PROBE_DELAY (HZ / 33)
  22 #define IEEE80211_CHANNEL_TIME (HZ / 33)
  23 #define IEEE80211_PASSIVE_CHANNEL_TIME (HZ / 5)
  24
  25
  26 ieee80211_rx_result
  27 ieee80211_sta_rx_scan(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb,
  28                       struct ieee80211_rx_status *rx_status)
  29 {
  30         struct ieee80211_mgmt *mgmt;
  31         struct ieee80211_sta_bss *bss;
  32         u8 *elements;
  33         struct ieee80211_channel *channel;
  34         size_t baselen;
  35         int freq;
  36         __le16 fc;
  37         bool presp, beacon = false;
  38         struct ieee802_11_elems elems;
  39
  40         if (skb->len < 2)
  41                 return RX_DROP_UNUSABLE;
  42
  43         mgmt = (struct ieee80211_mgmt *) skb->data;
  44         fc = mgmt->frame_control;
  45
  46         if (ieee80211_is_ctl(fc))
  47                 return RX_CONTINUE;
  48
  49         if (skb->len < 24)
  50                 return RX_DROP_MONITOR;
  51
  52         presp = ieee80211_is_probe_resp(fc);
  53         if (presp) {
  54                 /* ignore ProbeResp to foreign address */
  55                 if (memcmp(mgmt->da, sdata->dev->dev_addr, ETH_ALEN))
  56                         return RX_DROP_MONITOR;
  57
  58                 presp = true;
  59                 elements = mgmt->u.probe_resp.variable;
  60                 baselen = offsetof(struct ieee80211_mgmt, u.probe_resp.variable);
  61         } else {
  62                 beacon = ieee80211_is_beacon(fc);
  63                 baselen = offsetof(struct ieee80211_mgmt, u.beacon.variable);
  64                 elements = mgmt->u.beacon.variable;
  65         }
  66
  67         if (!presp && !beacon)
  68                 return RX_CONTINUE;
  69
  70         if (baselen > skb->len)
  71                 return RX_DROP_MONITOR;
  72
  73         ieee802_11_parse_elems(elements, skb->len - baselen, &elems);
  74
  75         if (elems.ds_params && elems.ds_params_len == 1)
  76                 freq = ieee80211_channel_to_frequency(elems.ds_params[0]);
  77         else
  78                 freq = rx_status->freq;
  79
  80         channel = ieee80211_get_channel(sdata->local->hw.wiphy, freq);
  81
  82         if (!channel || channel->flags & IEEE80211_CHAN_DISABLED)
  83                 return RX_DROP_MONITOR;
  84
  85         bss = ieee80211_bss_info_update(sdata->local, rx_status,
  86                                         mgmt, skb->len, &elems,
  87                                         freq, beacon);
  88         ieee80211_rx_bss_put(sdata->local, bss);
  89
  90         dev_kfree_skb(skb);
  91         return RX_QUEUED;
  92 }
  93
  94 static void ieee80211_send_nullfunc(struct ieee80211_local *local,
  95                                     struct ieee80211_sub_if_data *sdata,
  96                                     int powersave)
  97 {
  98         struct sk_buff *skb;
  99         struct ieee80211_hdr *nullfunc;
 100         __le16 fc;
 101
 102         skb = dev_alloc_skb(local->hw.extra_tx_headroom + 24);
 103         if (!skb) {
 104                 printk(KERN_DEBUG "%s: failed to allocate buffer for nullfunc "
 105                        "frame\n", sdata->dev->name);
 106                 return;
 107         }
 108         skb_reserve(skb, local->hw.extra_tx_headroom);
 109
 110         nullfunc = (struct ieee80211_hdr *) skb_put(skb, 24);
 111         memset(nullfunc, 0, 24);
 112         fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC |
 113                          IEEE80211_FCTL_TODS);
 114         if (powersave)
 115                 fc |= cpu_to_le16(IEEE80211_FCTL_PM);
 116         nullfunc->frame_control = fc;
 117         memcpy(nullfunc->addr1, sdata->u.sta.bssid, ETH_ALEN);
 118         memcpy(nullfunc->addr2, sdata->dev->dev_addr, ETH_ALEN);
 119         memcpy(nullfunc->addr3, sdata->u.sta.bssid, ETH_ALEN);
 120
 121         ieee80211_sta_tx(sdata, skb, 0);
 122 }
 123
 124 static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata)
 125 {
 126         if (sdata->vif.type == IEEE80211_IF_TYPE_STA ||
 127             ieee80211_vif_is_mesh(&sdata->vif))
 128                 ieee80211_sta_timer((unsigned long)sdata);
 129 }
 130
 131 void ieee80211_scan_completed(struct ieee80211_hw *hw)
 132 {
 133         struct ieee80211_local *local = hw_to_local(hw);
 134         struct ieee80211_sub_if_data *sdata;
 135         union iwreq_data wrqu;
 136
 137         local->last_scan_completed = jiffies;
 138         memset(&wrqu, 0, sizeof(wrqu));
 139         wireless_send_event(local->scan_sdata->dev, SIOCGIWSCAN, &wrqu, NULL);
 140
 141         if (local->sta_hw_scanning) {
 142                 local->sta_hw_scanning = 0;
 143                 if (ieee80211_hw_config(local))
 144                         printk(KERN_DEBUG "%s: failed to restore operational "
 145                                "channel after scan\n", wiphy_name(local->hw.wiphy));
 146                 /* Restart STA timer for HW scan case */
 147                 rcu_read_lock();
 148                 list_for_each_entry_rcu(sdata, &local->interfaces, list)
 149                         ieee80211_restart_sta_timer(sdata);
 150                 rcu_read_unlock();
 151
 152                 goto done;
 153         }
 154
 155         local->sta_sw_scanning = 0;
 156         if (ieee80211_hw_config(local))
 157                 printk(KERN_DEBUG "%s: failed to restore operational "
 158                        "channel after scan\n", wiphy_name(local->hw.wiphy));
 159
 160
 161         netif_tx_lock_bh(local->mdev);
 162         netif_addr_lock(local->mdev);
 163         local->filter_flags &= ~FIF_BCN_PRBRESP_PROMISC;
 164         local->ops->configure_filter(local_to_hw(local),
 165                                      FIF_BCN_PRBRESP_PROMISC,
 166                                      &local->filter_flags,
 167                                      local->mdev->mc_count,
 168                                      local->mdev->mc_list);
 169
 170         netif_addr_unlock(local->mdev);
 171         netif_tx_unlock_bh(local->mdev);
 172
 173         rcu_read_lock();
 174         list_for_each_entry_rcu(sdata, &local->interfaces, list) {
 175                 /* Tell AP we're back */
 176                 if (sdata->vif.type == IEEE80211_IF_TYPE_STA) {
 177                         if (sdata->u.sta.flags & IEEE80211_STA_ASSOCIATED) {
 178                                 ieee80211_send_nullfunc(local, sdata, 0);
 179                                 netif_tx_wake_all_queues(sdata->dev);
 180                         }
 181                 } else
 182                         netif_tx_wake_all_queues(sdata->dev);
 183
 184                 ieee80211_restart_sta_timer(sdata);
 185         }
 186         rcu_read_unlock();
 187
 188  done:
 189         ieee80211_mlme_notify_scan_completed(local);
 190 }
 191 EXPORT_SYMBOL(ieee80211_scan_completed);
 192
 193
 194 void ieee80211_sta_scan_work(struct work_struct *work)
 195 {
 196         struct ieee80211_local *local =
 197                 container_of(work, struct ieee80211_local, scan_work.work);
 198         struct ieee80211_sub_if_data *sdata = local->scan_sdata;
 199         struct ieee80211_supported_band *sband;
 200         struct ieee80211_channel *chan;
 201         int skip;
 202         unsigned long next_delay = 0;
 203
 204         if (!local->sta_sw_scanning)
 205                 return;
 206
 207         switch (local->scan_state) {
 208         case SCAN_SET_CHANNEL:
 209                 /*
 210                  * Get current scan band. scan_band may be IEEE80211_NUM_BANDS
 211                  * after we successfully scanned the last channel of the last
 212                  * band (and the last band is supported by the hw)
 213                  */
 214                 if (local->scan_band < IEEE80211_NUM_BANDS)
 215                         sband = local->hw.wiphy->bands[local->scan_band];
 216                 else
 217                         sband = NULL;
 218
 219                 /*
 220                  * If we are at an unsupported band and have more bands
 221                  * left to scan, advance to the next supported one.
 222                  */
 223                 while (!sband && local->scan_band < IEEE80211_NUM_BANDS - 1) {
 224                         local->scan_band++;
 225                         sband = local->hw.wiphy->bands[local->scan_band];
 226                         local->scan_channel_idx = 0;
 227                 }
 228
 229                 /* if no more bands/channels left, complete scan */
 230                 if (!sband || local->scan_channel_idx >= sband->n_channels) {
 231                         ieee80211_scan_completed(local_to_hw(local));
 232                         return;
 233                 }
 234                 skip = 0;
 235                 chan = &sband->channels[local->scan_channel_idx];
 236
 237                 if (chan->flags & IEEE80211_CHAN_DISABLED ||
 238                     (sdata->vif.type == IEEE80211_IF_TYPE_IBSS &&
 239                      chan->flags & IEEE80211_CHAN_NO_IBSS))
 240                         skip = 1;
 241
 242                 if (!skip) {
 243                         local->scan_channel = chan;
 244                         if (ieee80211_hw_config(local)) {
 245                                 printk(KERN_DEBUG "%s: failed to set freq to "
 246                                        "%d MHz for scan\n", wiphy_name(local->hw.wiphy),
 247                                        chan->center_freq);
 248                                 skip = 1;
 249                         }
 250                 }
 251
 252                 /* advance state machine to next channel/band */
 253                 local->scan_channel_idx++;
 254                 if (local->scan_channel_idx >= sband->n_channels) {
 255                         /*
 256                          * scan_band may end up == IEEE80211_NUM_BANDS, but
 257                          * we'll catch that case above and complete the scan
 258                          * if that is the case.
 259                          */
 260                         local->scan_band++;
 261                         local->scan_channel_idx = 0;
 262                 }
 263
 264                 if (skip)
 265                         break;
 266
 267                 next_delay = IEEE80211_PROBE_DELAY +
 268                              usecs_to_jiffies(local->hw.channel_change_time);
 269                 local->scan_state = SCAN_SEND_PROBE;
 270                 break;
 271         case SCAN_SEND_PROBE:
 272                 next_delay = IEEE80211_PASSIVE_CHANNEL_TIME;
 273                 local->scan_state = SCAN_SET_CHANNEL;
 274
 275                 if (local->scan_channel->flags & IEEE80211_CHAN_PASSIVE_SCAN)
 276                         break;
 277                 ieee80211_send_probe_req(sdata, NULL, local->scan_ssid,
 278                                          local->scan_ssid_len);
 279                 next_delay = IEEE80211_CHANNEL_TIME;
 280                 break;
 281         }
 282
 283         if (local->sta_sw_scanning)
 284                 queue_delayed_work(local->hw.workqueue, &local->scan_work,
 285                                    next_delay);
 286 }
 287
 288
 289 int ieee80211_sta_start_scan(struct ieee80211_sub_if_data *scan_sdata,
 290                              u8 *ssid, size_t ssid_len)
 291 {
 292         struct ieee80211_local *local = scan_sdata->local;
 293         struct ieee80211_sub_if_data *sdata;
 294
 295         if (ssid_len > IEEE80211_MAX_SSID_LEN)
 296                 return -EINVAL;
 297
 298         /* MLME-SCAN.request (page 118)  page 144 (11.1.3.1)
 299          * BSSType: INFRASTRUCTURE, INDEPENDENT, ANY_BSS
 300          * BSSID: MACAddress
 301          * SSID
 302          * ScanType: ACTIVE, PASSIVE
 303          * ProbeDelay: delay (in microseconds) to be used prior to transmitting
 304          *    a Probe frame during active scanning
 305          * ChannelList
 306          * MinChannelTime (>= ProbeDelay), in TU
 307          * MaxChannelTime: (>= MinChannelTime), in TU
 308          */
 309
 310          /* MLME-SCAN.confirm
 311           * BSSDescriptionSet
 312           * ResultCode: SUCCESS, INVALID_PARAMETERS
 313          */
 314
 315         if (local->sta_sw_scanning || local->sta_hw_scanning) {
 316                 if (local->scan_sdata == scan_sdata)
 317                         return 0;
 318                 return -EBUSY;
 319         }
 320
 321         if (local->ops->hw_scan) {
 322                 int rc = local->ops->hw_scan(local_to_hw(local),
 323                                              ssid, ssid_len);
 324                 if (!rc) {
 325                         local->sta_hw_scanning = 1;
 326                         local->scan_sdata = scan_sdata;
 327                 }
 328                 return rc;
 329         }
 330
 331         local->sta_sw_scanning = 1;
 332
 333         rcu_read_lock();
 334         list_for_each_entry_rcu(sdata, &local->interfaces, list) {
 335                 if (sdata->vif.type == IEEE80211_IF_TYPE_STA) {
 336                         if (sdata->u.sta.flags & IEEE80211_STA_ASSOCIATED) {
 337                                 netif_tx_stop_all_queues(sdata->dev);
 338                                 ieee80211_send_nullfunc(local, sdata, 1);
 339                         }
 340                 } else
 341                         netif_tx_stop_all_queues(sdata->dev);
 342         }
 343         rcu_read_unlock();
 344
 345         if (ssid) {
 346                 local->scan_ssid_len = ssid_len;
 347                 memcpy(local->scan_ssid, ssid, ssid_len);
 348         } else
 349                 local->scan_ssid_len = 0;
 350         local->scan_state = SCAN_SET_CHANNEL;
 351         local->scan_channel_idx = 0;
 352         local->scan_band = IEEE80211_BAND_2GHZ;
 353         local->scan_sdata = scan_sdata;
 354
 355         netif_addr_lock_bh(local->mdev);
 356         local->filter_flags |= FIF_BCN_PRBRESP_PROMISC;
 357         local->ops->configure_filter(local_to_hw(local),
 358                                      FIF_BCN_PRBRESP_PROMISC,
 359                                      &local->filter_flags,
 360                                      local->mdev->mc_count,
 361                                      local->mdev->mc_list);
 362         netif_addr_unlock_bh(local->mdev);
 363
 364         /* TODO: start scan as soon as all nullfunc frames are ACKed */
 365         queue_delayed_work(local->hw.workqueue, &local->scan_work,
 366                            IEEE80211_CHANNEL_TIME);
 367
 368         return 0;
 369 }
 370
 371
 372 int ieee80211_sta_req_scan(struct ieee80211_sub_if_data *sdata, u8 *ssid, size_t ssid_len)
 373 {
 374         struct ieee80211_if_sta *ifsta = &sdata->u.sta;
 375         struct ieee80211_local *local = sdata->local;
 376
 377         if (sdata->vif.type != IEEE80211_IF_TYPE_STA)
 378                 return ieee80211_sta_start_scan(sdata, ssid, ssid_len);
 379
 380         if (local->sta_sw_scanning || local->sta_hw_scanning) {
 381                 if (local->scan_sdata == sdata)
 382                         return 0;
 383                 return -EBUSY;
 384         }
 385
 386         ifsta->scan_ssid_len = ssid_len;
 387         if (ssid_len)
 388                 memcpy(ifsta->scan_ssid, ssid, ssid_len);
 389         set_bit(IEEE80211_STA_REQ_SCAN, &ifsta->request);
 390         queue_work(local->hw.workqueue, &ifsta->work);
 391         return 0;
 392 }
 393
 394
 395 static void ieee80211_sta_add_scan_ies(struct iw_request_info *info,
 396                                        struct ieee80211_sta_bss *bss,
 397                                        char **current_ev, char *end_buf)
 398 {
 399         u8 *pos, *end, *next;
 400         struct iw_event iwe;
 401
 402         if (bss == NULL || bss->ies == NULL)
 403                 return;
 404
 405         /*
 406          * If needed, fragment the IEs buffer (at IE boundaries) into short
 407          * enough fragments to fit into IW_GENERIC_IE_MAX octet messages.
 408          */
 409         pos = bss->ies;
 410         end = pos + bss->ies_len;
 411
 412         while (end - pos > IW_GENERIC_IE_MAX) {
 413                 next = pos + 2 + pos[1];
 414                 while (next + 2 + next[1] - pos < IW_GENERIC_IE_MAX)
 415                         next = next + 2 + next[1];
 416
 417                 memset(&iwe, 0, sizeof(iwe));
 418                 iwe.cmd = IWEVGENIE;
 419                 iwe.u.data.length = next - pos;
 420                 *current_ev = iwe_stream_add_point(info, *current_ev,
 421                                                    end_buf, &iwe, pos);
 422
 423                 pos = next;
 424         }
 425
 426         if (end > pos) {
 427                 memset(&iwe, 0, sizeof(iwe));
 428                 iwe.cmd = IWEVGENIE;
 429                 iwe.u.data.length = end - pos;
 430                 *current_ev = iwe_stream_add_point(info, *current_ev,
 431                                                    end_buf, &iwe, pos);
 432         }
 433 }
 434
 435
 436 static char *
 437 ieee80211_sta_scan_result(struct ieee80211_local *local,
 438                           struct iw_request_info *info,
 439                           struct ieee80211_sta_bss *bss,
 440                           char *current_ev, char *end_buf)
 441 {
 442         struct iw_event iwe;
 443         char *buf;
 444
 445         if (time_after(jiffies,
 446                        bss->last_update + IEEE80211_SCAN_RESULT_EXPIRE))
 447                 return current_ev;
 448
 449         memset(&iwe, 0, sizeof(iwe));
 450         iwe.cmd = SIOCGIWAP;
 451         iwe.u.ap_addr.sa_family = ARPHRD_ETHER;
 452         memcpy(iwe.u.ap_addr.sa_data, bss->bssid, ETH_ALEN);
 453         current_ev = iwe_stream_add_event(info, current_ev, end_buf, &iwe,
 454                                           IW_EV_ADDR_LEN);
 455
 456         memset(&iwe, 0, sizeof(iwe));
 457         iwe.cmd = SIOCGIWESSID;
 458         if (bss_mesh_cfg(bss)) {
 459                 iwe.u.data.length = bss_mesh_id_len(bss);
 460                 iwe.u.data.flags = 1;
 461                 current_ev = iwe_stream_add_point(info, current_ev, end_buf,
 462                                                   &iwe, bss_mesh_id(bss));
 463         } else {
 464                 iwe.u.data.length = bss->ssid_len;
 465                 iwe.u.data.flags = 1;
 466                 current_ev = iwe_stream_add_point(info, current_ev, end_buf,
 467                                                   &iwe, bss->ssid);
 468         }
 469
 470         if (bss->capability & (WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_IBSS)
 471             || bss_mesh_cfg(bss)) {
 472                 memset(&iwe, 0, sizeof(iwe));
 473                 iwe.cmd = SIOCGIWMODE;
 474                 if (bss_mesh_cfg(bss))
 475                         iwe.u.mode = IW_MODE_MESH;
 476                 else if (bss->capability & WLAN_CAPABILITY_ESS)
 477                         iwe.u.mode = IW_MODE_MASTER;
 478                 else
 479                         iwe.u.mode = IW_MODE_ADHOC;
 480                 current_ev = iwe_stream_add_event(info, current_ev, end_buf,
 481                                                   &iwe, IW_EV_UINT_LEN);
 482         }
 483
 484         memset(&iwe, 0, sizeof(iwe));
 485         iwe.cmd = SIOCGIWFREQ;
 486         iwe.u.freq.m = ieee80211_frequency_to_channel(bss->freq);
 487         iwe.u.freq.e = 0;
 488         current_ev = iwe_stream_add_event(info, current_ev, end_buf, &iwe,
 489                                           IW_EV_FREQ_LEN);
 490
 491         memset(&iwe, 0, sizeof(iwe));
 492         iwe.cmd = SIOCGIWFREQ;
 493         iwe.u.freq.m = bss->freq;
 494         iwe.u.freq.e = 6;
 495         current_ev = iwe_stream_add_event(info, current_ev, end_buf, &iwe,
 496                                           IW_EV_FREQ_LEN);
 497         memset(&iwe, 0, sizeof(iwe));
 498         iwe.cmd = IWEVQUAL;
 499         iwe.u.qual.qual = bss->qual;
 500         iwe.u.qual.level = bss->signal;
 501         iwe.u.qual.noise = bss->noise;
 502         iwe.u.qual.updated = local->wstats_flags;
 503         current_ev = iwe_stream_add_event(info, current_ev, end_buf, &iwe,
 504                                           IW_EV_QUAL_LEN);
 505
 506         memset(&iwe, 0, sizeof(iwe));
 507         iwe.cmd = SIOCGIWENCODE;
 508         if (bss->capability & WLAN_CAPABILITY_PRIVACY)
 509                 iwe.u.data.flags = IW_ENCODE_ENABLED | IW_ENCODE_NOKEY;
 510         else
 511                 iwe.u.data.flags = IW_ENCODE_DISABLED;
 512         iwe.u.data.length = 0;
 513         current_ev = iwe_stream_add_point(info, current_ev, end_buf,
 514                                           &iwe, "");
 515
 516         ieee80211_sta_add_scan_ies(info, bss, &current_ev, end_buf);
 517
 518         if (bss->supp_rates_len > 0) {
 519                 /* display all supported rates in readable format */
 520                 char *p = current_ev + iwe_stream_lcp_len(info);
 521                 int i;
 522
 523                 memset(&iwe, 0, sizeof(iwe));
 524                 iwe.cmd = SIOCGIWRATE;
 525                 /* Those two flags are ignored... */
 526                 iwe.u.bitrate.fixed = iwe.u.bitrate.disabled = 0;
 527
 528                 for (i = 0; i < bss->supp_rates_len; i++) {
 529                         iwe.u.bitrate.value = ((bss->supp_rates[i] &
 530                                                         0x7f) * 500000);
 531                         p = iwe_stream_add_value(info, current_ev, p,
 532                                         end_buf, &iwe, IW_EV_PARAM_LEN);
 533                 }
 534                 current_ev = p;
 535         }
 536
 537         buf = kmalloc(30, GFP_ATOMIC);
 538         if (buf) {
 539                 memset(&iwe, 0, sizeof(iwe));
 540                 iwe.cmd = IWEVCUSTOM;
 541                 sprintf(buf, "tsf=%016llx", (unsigned long long)(bss->timestamp));
 542                 iwe.u.data.length = strlen(buf);
 543                 current_ev = iwe_stream_add_point(info, current_ev, end_buf,
 544                                                   &iwe, buf);
 545                 memset(&iwe, 0, sizeof(iwe));
 546                 iwe.cmd = IWEVCUSTOM;
 547                 sprintf(buf, " Last beacon: %dms ago",
 548                         jiffies_to_msecs(jiffies - bss->last_update));
 549                 iwe.u.data.length = strlen(buf);
 550                 current_ev = iwe_stream_add_point(info, current_ev,
 551                                                   end_buf, &iwe, buf);
 552                 kfree(buf);
 553         }
 554
 555         if (bss_mesh_cfg(bss)) {
 556                 u8 *cfg = bss_mesh_cfg(bss);
 557                 buf = kmalloc(50, GFP_ATOMIC);
 558                 if (buf) {
 559                         memset(&iwe, 0, sizeof(iwe));
 560                         iwe.cmd = IWEVCUSTOM;
 561                         sprintf(buf, "Mesh network (version %d)", cfg[0]);
 562                         iwe.u.data.length = strlen(buf);
 563                         current_ev = iwe_stream_add_point(info, current_ev,
 564                                                           end_buf,
 565                                                           &iwe, buf);
 566                         sprintf(buf, "Path Selection Protocol ID: "
 567                                 "0x%02X%02X%02X%02X", cfg[1], cfg[2], cfg[3],
 568                                                         cfg[4]);
 569                         iwe.u.data.length = strlen(buf);
 570                         current_ev = iwe_stream_add_point(info, current_ev,
 571                                                           end_buf,
 572                                                           &iwe, buf);
 573                         sprintf(buf, "Path Selection Metric ID: "
 574                                 "0x%02X%02X%02X%02X", cfg[5], cfg[6], cfg[7],
 575                                                         cfg[8]);
 576                         iwe.u.data.length = strlen(buf);
 577                         current_ev = iwe_stream_add_point(info, current_ev,
 578                                                           end_buf,
 579                                                           &iwe, buf);
 580                         sprintf(buf, "Congestion Control Mode ID: "
 581                                 "0x%02X%02X%02X%02X", cfg[9], cfg[10],
 582                                                         cfg[11], cfg[12]);
 583                         iwe.u.data.length = strlen(buf);
 584                         current_ev = iwe_stream_add_point(info, current_ev,
 585                                                           end_buf,
 586                                                           &iwe, buf);
 587                         sprintf(buf, "Channel Precedence: "
 588                                 "0x%02X%02X%02X%02X", cfg[13], cfg[14],
 589                                                         cfg[15], cfg[16]);
 590                         iwe.u.data.length = strlen(buf);
 591                         current_ev = iwe_stream_add_point(info, current_ev,
 592                                                           end_buf,
 593                                                           &iwe, buf);
 594                         kfree(buf);
 595                 }
 596         }
 597
 598         return current_ev;
 599 }
 600
 601
 602 int ieee80211_sta_scan_results(struct ieee80211_local *local,
 603                                struct iw_request_info *info,
 604                                char *buf, size_t len)
 605 {
 606         char *current_ev = buf;
 607         char *end_buf = buf + len;
 608         struct ieee80211_sta_bss *bss;
 609
 610         spin_lock_bh(&local->sta_bss_lock);
 611         list_for_each_entry(bss, &local->sta_bss_list, list) {
 612                 if (buf + len - current_ev <= IW_EV_ADDR_LEN) {
 613                         spin_unlock_bh(&local->sta_bss_lock);
 614                         return -E2BIG;
 615                 }
 616                 current_ev = ieee80211_sta_scan_result(local, info, bss,
 617                                                        current_ev, end_buf);
 618         }
 619         spin_unlock_bh(&local->sta_bss_lock);
 620         return current_ev - buf;
 621 }