1 /* 2 * HT handling 3 * 4 * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi> 5 * Copyright 2002-2005, Instant802 Networks, Inc. 6 * Copyright 2005-2006, Devicescape Software, Inc. 7 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 8 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 9 * Copyright 2007-2009, Intel Corporation 10 * 11 * This program is free software; you can redistribute it and/or modify 12 * it under the terms of the GNU General Public License version 2 as 13 * published by the Free Software Foundation. 14 */ 15 16 #include <linux/ieee80211.h> 17 #include <linux/slab.h> 18 #include <net/mac80211.h> 19 #include "ieee80211_i.h" 20 #include "driver-ops.h" 21 #include "wme.h" 22 23 /** 24 * DOC: TX aggregation 25 * 26 * Aggregation on the TX side requires setting the hardware flag 27 * %IEEE80211_HW_AMPDU_AGGREGATION as well as, if present, the @ampdu_queues 28 * hardware parameter to the number of hardware AMPDU queues. If there are no 29 * hardware queues then the driver will (currently) have to do all frame 30 * buffering. 31 * 32 * When TX aggregation is started by some subsystem (usually the rate control 33 * algorithm would be appropriate) by calling the 34 * ieee80211_start_tx_ba_session() function, the driver will be notified via 35 * its @ampdu_action function, with the %IEEE80211_AMPDU_TX_START action. 36 * 37 * In response to that, the driver is later required to call the 38 * ieee80211_start_tx_ba_cb() (or ieee80211_start_tx_ba_cb_irqsafe()) 39 * function, which will start the aggregation session. 40 * 41 * Similarly, when the aggregation session is stopped by 42 * ieee80211_stop_tx_ba_session(), the driver's @ampdu_action function will 43 * be called with the action %IEEE80211_AMPDU_TX_STOP. In this case, the 44 * call must not fail, and the driver must later call ieee80211_stop_tx_ba_cb() 45 * (or ieee80211_stop_tx_ba_cb_irqsafe()). 46 */ 47 48 static void ieee80211_send_addba_request(struct ieee80211_sub_if_data *sdata, 49 const u8 *da, u16 tid, 50 u8 dialog_token, u16 start_seq_num, 51 u16 agg_size, u16 timeout) 52 { 53 struct ieee80211_local *local = sdata->local; 54 struct sk_buff *skb; 55 struct ieee80211_mgmt *mgmt; 56 u16 capab; 57 58 skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom); 59 60 if (!skb) { 61 printk(KERN_ERR "%s: failed to allocate buffer " 62 "for addba request frame\n", sdata->name); 63 return; 64 } 65 skb_reserve(skb, local->hw.extra_tx_headroom); 66 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24); 67 memset(mgmt, 0, 24); 68 memcpy(mgmt->da, da, ETH_ALEN); 69 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 70 if (sdata->vif.type == NL80211_IFTYPE_AP || 71 sdata->vif.type == NL80211_IFTYPE_AP_VLAN) 72 memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN); 73 else if (sdata->vif.type == NL80211_IFTYPE_STATION) 74 memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN); 75 76 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 77 IEEE80211_STYPE_ACTION); 78 79 skb_put(skb, 1 + sizeof(mgmt->u.action.u.addba_req)); 80 81 mgmt->u.action.category = WLAN_CATEGORY_BACK; 82 mgmt->u.action.u.addba_req.action_code = WLAN_ACTION_ADDBA_REQ; 83 84 mgmt->u.action.u.addba_req.dialog_token = dialog_token; 85 capab = (u16)(1 << 1); /* bit 1 aggregation policy */ 86 capab |= (u16)(tid << 2); /* bit 5:2 TID number */ 87 capab |= (u16)(agg_size << 6); /* bit 15:6 max size of aggergation */ 88 89 mgmt->u.action.u.addba_req.capab = cpu_to_le16(capab); 90 91 mgmt->u.action.u.addba_req.timeout = cpu_to_le16(timeout); 92 mgmt->u.action.u.addba_req.start_seq_num = 93 cpu_to_le16(start_seq_num << 4); 94 95 ieee80211_tx_skb(sdata, skb); 96 } 97 98 void ieee80211_send_bar(struct ieee80211_sub_if_data *sdata, u8 *ra, u16 tid, u16 ssn) 99 { 100 struct ieee80211_local *local = sdata->local; 101 struct sk_buff *skb; 102 struct ieee80211_bar *bar; 103 u16 bar_control = 0; 104 105 skb = dev_alloc_skb(sizeof(*bar) + local->hw.extra_tx_headroom); 106 if (!skb) { 107 printk(KERN_ERR "%s: failed to allocate buffer for " 108 "bar frame\n", sdata->name); 109 return; 110 } 111 skb_reserve(skb, local->hw.extra_tx_headroom); 112 bar = (struct ieee80211_bar *)skb_put(skb, sizeof(*bar)); 113 memset(bar, 0, sizeof(*bar)); 114 bar->frame_control = cpu_to_le16(IEEE80211_FTYPE_CTL | 115 IEEE80211_STYPE_BACK_REQ); 116 memcpy(bar->ra, ra, ETH_ALEN); 117 memcpy(bar->ta, sdata->vif.addr, ETH_ALEN); 118 bar_control |= (u16)IEEE80211_BAR_CTRL_ACK_POLICY_NORMAL; 119 bar_control |= (u16)IEEE80211_BAR_CTRL_CBMTID_COMPRESSED_BA; 120 bar_control |= (u16)(tid << 12); 121 bar->control = cpu_to_le16(bar_control); 122 bar->start_seq_num = cpu_to_le16(ssn); 123 124 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 125 ieee80211_tx_skb(sdata, skb); 126 } 127 128 int ___ieee80211_stop_tx_ba_session(struct sta_info *sta, u16 tid, 129 enum ieee80211_back_parties initiator) 130 { 131 struct ieee80211_local *local = sta->local; 132 int ret; 133 u8 *state; 134 135 #ifdef CONFIG_MAC80211_HT_DEBUG 136 printk(KERN_DEBUG "Tx BA session stop requested for %pM tid %u\n", 137 sta->sta.addr, tid); 138 #endif /* CONFIG_MAC80211_HT_DEBUG */ 139 140 state = &sta->ampdu_mlme.tid_state_tx[tid]; 141 142 if (*state == HT_AGG_STATE_OPERATIONAL) 143 sta->ampdu_mlme.addba_req_num[tid] = 0; 144 145 *state = HT_AGG_STATE_REQ_STOP_BA_MSK | 146 (initiator << HT_AGG_STATE_INITIATOR_SHIFT); 147 148 ret = drv_ampdu_action(local, sta->sdata, 149 IEEE80211_AMPDU_TX_STOP, 150 &sta->sta, tid, NULL); 151 152 /* HW shall not deny going back to legacy */ 153 if (WARN_ON(ret)) { 154 /* 155 * We may have pending packets get stuck in this case... 156 * Not bothering with a workaround for now. 157 */ 158 } 159 160 return ret; 161 } 162 163 /* 164 * After sending add Block Ack request we activated a timer until 165 * add Block Ack response will arrive from the recipient. 166 * If this timer expires sta_addba_resp_timer_expired will be executed. 167 */ 168 static void sta_addba_resp_timer_expired(unsigned long data) 169 { 170 /* not an elegant detour, but there is no choice as the timer passes 171 * only one argument, and both sta_info and TID are needed, so init 172 * flow in sta_info_create gives the TID as data, while the timer_to_id 173 * array gives the sta through container_of */ 174 u16 tid = *(u8 *)data; 175 struct sta_info *sta = container_of((void *)data, 176 struct sta_info, timer_to_tid[tid]); 177 u8 *state; 178 179 state = &sta->ampdu_mlme.tid_state_tx[tid]; 180 181 /* check if the TID waits for addBA response */ 182 spin_lock_bh(&sta->lock); 183 if ((*state & (HT_ADDBA_REQUESTED_MSK | HT_ADDBA_RECEIVED_MSK | 184 HT_AGG_STATE_REQ_STOP_BA_MSK)) != 185 HT_ADDBA_REQUESTED_MSK) { 186 spin_unlock_bh(&sta->lock); 187 #ifdef CONFIG_MAC80211_HT_DEBUG 188 printk(KERN_DEBUG "timer expired on tid %d but we are not " 189 "(or no longer) expecting addBA response there", 190 tid); 191 #endif 192 return; 193 } 194 195 #ifdef CONFIG_MAC80211_HT_DEBUG 196 printk(KERN_DEBUG "addBA response timer expired on tid %d\n", tid); 197 #endif 198 199 ___ieee80211_stop_tx_ba_session(sta, tid, WLAN_BACK_INITIATOR); 200 spin_unlock_bh(&sta->lock); 201 } 202 203 static inline int ieee80211_ac_from_tid(int tid) 204 { 205 return ieee802_1d_to_ac[tid & 7]; 206 } 207 208 int ieee80211_start_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid) 209 { 210 struct sta_info *sta = container_of(pubsta, struct sta_info, sta); 211 struct ieee80211_sub_if_data *sdata = sta->sdata; 212 struct ieee80211_local *local = sdata->local; 213 u8 *state; 214 int ret = 0; 215 u16 start_seq_num; 216 217 if (WARN_ON(!local->ops->ampdu_action)) 218 return -EINVAL; 219 220 if ((tid >= STA_TID_NUM) || 221 !(local->hw.flags & IEEE80211_HW_AMPDU_AGGREGATION)) 222 return -EINVAL; 223 224 #ifdef CONFIG_MAC80211_HT_DEBUG 225 printk(KERN_DEBUG "Open BA session requested for %pM tid %u\n", 226 pubsta->addr, tid); 227 #endif /* CONFIG_MAC80211_HT_DEBUG */ 228 229 /* 230 * The aggregation code is not prepared to handle 231 * anything but STA/AP due to the BSSID handling. 232 * IBSS could work in the code but isn't supported 233 * by drivers or the standard. 234 */ 235 if (sdata->vif.type != NL80211_IFTYPE_STATION && 236 sdata->vif.type != NL80211_IFTYPE_AP_VLAN && 237 sdata->vif.type != NL80211_IFTYPE_AP) 238 return -EINVAL; 239 240 if (test_sta_flags(sta, WLAN_STA_DISASSOC)) { 241 #ifdef CONFIG_MAC80211_HT_DEBUG 242 printk(KERN_DEBUG "Disassociation is in progress. " 243 "Denying BA session request\n"); 244 #endif 245 return -EINVAL; 246 } 247 248 if (test_sta_flags(sta, WLAN_STA_SUSPEND)) { 249 #ifdef CONFIG_MAC80211_HT_DEBUG 250 printk(KERN_DEBUG "Suspend in progress. " 251 "Denying BA session request\n"); 252 #endif 253 return -EINVAL; 254 } 255 256 spin_lock_bh(&sta->lock); 257 spin_lock(&local->ampdu_lock); 258 259 /* we have tried too many times, receiver does not want A-MPDU */ 260 if (sta->ampdu_mlme.addba_req_num[tid] > HT_AGG_MAX_RETRIES) { 261 ret = -EBUSY; 262 goto err_unlock_sta; 263 } 264 265 state = &sta->ampdu_mlme.tid_state_tx[tid]; 266 /* check if the TID is not in aggregation flow already */ 267 if (*state != HT_AGG_STATE_IDLE) { 268 #ifdef CONFIG_MAC80211_HT_DEBUG 269 printk(KERN_DEBUG "BA request denied - session is not " 270 "idle on tid %u\n", tid); 271 #endif /* CONFIG_MAC80211_HT_DEBUG */ 272 ret = -EAGAIN; 273 goto err_unlock_sta; 274 } 275 276 /* 277 * While we're asking the driver about the aggregation, 278 * stop the AC queue so that we don't have to worry 279 * about frames that came in while we were doing that, 280 * which would require us to put them to the AC pending 281 * afterwards which just makes the code more complex. 282 */ 283 ieee80211_stop_queue_by_reason( 284 &local->hw, ieee80211_ac_from_tid(tid), 285 IEEE80211_QUEUE_STOP_REASON_AGGREGATION); 286 287 /* prepare A-MPDU MLME for Tx aggregation */ 288 sta->ampdu_mlme.tid_tx[tid] = 289 kmalloc(sizeof(struct tid_ampdu_tx), GFP_ATOMIC); 290 if (!sta->ampdu_mlme.tid_tx[tid]) { 291 #ifdef CONFIG_MAC80211_HT_DEBUG 292 if (net_ratelimit()) 293 printk(KERN_ERR "allocate tx mlme to tid %d failed\n", 294 tid); 295 #endif 296 ret = -ENOMEM; 297 goto err_wake_queue; 298 } 299 300 skb_queue_head_init(&sta->ampdu_mlme.tid_tx[tid]->pending); 301 302 /* Tx timer */ 303 sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer.function = 304 sta_addba_resp_timer_expired; 305 sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer.data = 306 (unsigned long)&sta->timer_to_tid[tid]; 307 init_timer(&sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer); 308 309 /* Ok, the Addba frame hasn't been sent yet, but if the driver calls the 310 * call back right away, it must see that the flow has begun */ 311 *state |= HT_ADDBA_REQUESTED_MSK; 312 313 start_seq_num = sta->tid_seq[tid] >> 4; 314 315 ret = drv_ampdu_action(local, sdata, IEEE80211_AMPDU_TX_START, 316 pubsta, tid, &start_seq_num); 317 318 if (ret) { 319 #ifdef CONFIG_MAC80211_HT_DEBUG 320 printk(KERN_DEBUG "BA request denied - HW unavailable for" 321 " tid %d\n", tid); 322 #endif /* CONFIG_MAC80211_HT_DEBUG */ 323 *state = HT_AGG_STATE_IDLE; 324 goto err_free; 325 } 326 327 /* Driver vetoed or OKed, but we can take packets again now */ 328 ieee80211_wake_queue_by_reason( 329 &local->hw, ieee80211_ac_from_tid(tid), 330 IEEE80211_QUEUE_STOP_REASON_AGGREGATION); 331 332 spin_unlock(&local->ampdu_lock); 333 spin_unlock_bh(&sta->lock); 334 335 /* send an addBA request */ 336 sta->ampdu_mlme.dialog_token_allocator++; 337 sta->ampdu_mlme.tid_tx[tid]->dialog_token = 338 sta->ampdu_mlme.dialog_token_allocator; 339 sta->ampdu_mlme.tid_tx[tid]->ssn = start_seq_num; 340 341 ieee80211_send_addba_request(sdata, pubsta->addr, tid, 342 sta->ampdu_mlme.tid_tx[tid]->dialog_token, 343 sta->ampdu_mlme.tid_tx[tid]->ssn, 344 0x40, 5000); 345 sta->ampdu_mlme.addba_req_num[tid]++; 346 /* activate the timer for the recipient's addBA response */ 347 sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer.expires = 348 jiffies + ADDBA_RESP_INTERVAL; 349 add_timer(&sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer); 350 #ifdef CONFIG_MAC80211_HT_DEBUG 351 printk(KERN_DEBUG "activated addBA response timer on tid %d\n", tid); 352 #endif 353 return 0; 354 355 err_free: 356 kfree(sta->ampdu_mlme.tid_tx[tid]); 357 sta->ampdu_mlme.tid_tx[tid] = NULL; 358 err_wake_queue: 359 ieee80211_wake_queue_by_reason( 360 &local->hw, ieee80211_ac_from_tid(tid), 361 IEEE80211_QUEUE_STOP_REASON_AGGREGATION); 362 err_unlock_sta: 363 spin_unlock(&local->ampdu_lock); 364 spin_unlock_bh(&sta->lock); 365 return ret; 366 } 367 EXPORT_SYMBOL(ieee80211_start_tx_ba_session); 368 369 /* 370 * splice packets from the STA's pending to the local pending, 371 * requires a call to ieee80211_agg_splice_finish and holding 372 * local->ampdu_lock across both calls. 373 */ 374 static void ieee80211_agg_splice_packets(struct ieee80211_local *local, 375 struct sta_info *sta, u16 tid) 376 { 377 unsigned long flags; 378 u16 queue = ieee80211_ac_from_tid(tid); 379 380 ieee80211_stop_queue_by_reason( 381 &local->hw, queue, 382 IEEE80211_QUEUE_STOP_REASON_AGGREGATION); 383 384 if (!(sta->ampdu_mlme.tid_state_tx[tid] & HT_ADDBA_REQUESTED_MSK)) 385 return; 386 387 if (WARN(!sta->ampdu_mlme.tid_tx[tid], 388 "TID %d gone but expected when splicing aggregates from" 389 "the pending queue\n", tid)) 390 return; 391 392 if (!skb_queue_empty(&sta->ampdu_mlme.tid_tx[tid]->pending)) { 393 spin_lock_irqsave(&local->queue_stop_reason_lock, flags); 394 /* copy over remaining packets */ 395 skb_queue_splice_tail_init( 396 &sta->ampdu_mlme.tid_tx[tid]->pending, 397 &local->pending[queue]); 398 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); 399 } 400 } 401 402 static void ieee80211_agg_splice_finish(struct ieee80211_local *local, 403 struct sta_info *sta, u16 tid) 404 { 405 u16 queue = ieee80211_ac_from_tid(tid); 406 407 ieee80211_wake_queue_by_reason( 408 &local->hw, queue, 409 IEEE80211_QUEUE_STOP_REASON_AGGREGATION); 410 } 411 412 /* caller must hold sta->lock */ 413 static void ieee80211_agg_tx_operational(struct ieee80211_local *local, 414 struct sta_info *sta, u16 tid) 415 { 416 #ifdef CONFIG_MAC80211_HT_DEBUG 417 printk(KERN_DEBUG "Aggregation is on for tid %d \n", tid); 418 #endif 419 420 spin_lock(&local->ampdu_lock); 421 ieee80211_agg_splice_packets(local, sta, tid); 422 /* 423 * NB: we rely on sta->lock being taken in the TX 424 * processing here when adding to the pending queue, 425 * otherwise we could only change the state of the 426 * session to OPERATIONAL _here_. 427 */ 428 ieee80211_agg_splice_finish(local, sta, tid); 429 spin_unlock(&local->ampdu_lock); 430 431 drv_ampdu_action(local, sta->sdata, 432 IEEE80211_AMPDU_TX_OPERATIONAL, 433 &sta->sta, tid, NULL); 434 } 435 436 void ieee80211_start_tx_ba_cb(struct ieee80211_vif *vif, u8 *ra, u16 tid) 437 { 438 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 439 struct ieee80211_local *local = sdata->local; 440 struct sta_info *sta; 441 u8 *state; 442 443 if (tid >= STA_TID_NUM) { 444 #ifdef CONFIG_MAC80211_HT_DEBUG 445 printk(KERN_DEBUG "Bad TID value: tid = %d (>= %d)\n", 446 tid, STA_TID_NUM); 447 #endif 448 return; 449 } 450 451 rcu_read_lock(); 452 sta = sta_info_get(sdata, ra); 453 if (!sta) { 454 rcu_read_unlock(); 455 #ifdef CONFIG_MAC80211_HT_DEBUG 456 printk(KERN_DEBUG "Could not find station: %pM\n", ra); 457 #endif 458 return; 459 } 460 461 state = &sta->ampdu_mlme.tid_state_tx[tid]; 462 spin_lock_bh(&sta->lock); 463 464 if (WARN_ON(!(*state & HT_ADDBA_REQUESTED_MSK))) { 465 #ifdef CONFIG_MAC80211_HT_DEBUG 466 printk(KERN_DEBUG "addBA was not requested yet, state is %d\n", 467 *state); 468 #endif 469 spin_unlock_bh(&sta->lock); 470 rcu_read_unlock(); 471 return; 472 } 473 474 if (WARN_ON(*state & HT_ADDBA_DRV_READY_MSK)) 475 goto out; 476 477 *state |= HT_ADDBA_DRV_READY_MSK; 478 479 if (*state == HT_AGG_STATE_OPERATIONAL) 480 ieee80211_agg_tx_operational(local, sta, tid); 481 482 out: 483 spin_unlock_bh(&sta->lock); 484 rcu_read_unlock(); 485 } 486 EXPORT_SYMBOL(ieee80211_start_tx_ba_cb); 487 488 void ieee80211_start_tx_ba_cb_irqsafe(struct ieee80211_vif *vif, 489 const u8 *ra, u16 tid) 490 { 491 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 492 struct ieee80211_local *local = sdata->local; 493 struct ieee80211_ra_tid *ra_tid; 494 struct sk_buff *skb = dev_alloc_skb(0); 495 496 if (unlikely(!skb)) { 497 #ifdef CONFIG_MAC80211_HT_DEBUG 498 if (net_ratelimit()) 499 printk(KERN_WARNING "%s: Not enough memory, " 500 "dropping start BA session", sdata->name); 501 #endif 502 return; 503 } 504 ra_tid = (struct ieee80211_ra_tid *) &skb->cb; 505 memcpy(&ra_tid->ra, ra, ETH_ALEN); 506 ra_tid->tid = tid; 507 ra_tid->vif = vif; 508 509 skb->pkt_type = IEEE80211_ADDBA_MSG; 510 skb_queue_tail(&local->skb_queue, skb); 511 tasklet_schedule(&local->tasklet); 512 } 513 EXPORT_SYMBOL(ieee80211_start_tx_ba_cb_irqsafe); 514 515 int __ieee80211_stop_tx_ba_session(struct sta_info *sta, u16 tid, 516 enum ieee80211_back_parties initiator) 517 { 518 u8 *state; 519 int ret; 520 521 /* check if the TID is in aggregation */ 522 state = &sta->ampdu_mlme.tid_state_tx[tid]; 523 spin_lock_bh(&sta->lock); 524 525 if (*state != HT_AGG_STATE_OPERATIONAL) { 526 ret = -ENOENT; 527 goto unlock; 528 } 529 530 ret = ___ieee80211_stop_tx_ba_session(sta, tid, initiator); 531 532 unlock: 533 spin_unlock_bh(&sta->lock); 534 return ret; 535 } 536 537 int ieee80211_stop_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid, 538 enum ieee80211_back_parties initiator) 539 { 540 struct sta_info *sta = container_of(pubsta, struct sta_info, sta); 541 struct ieee80211_sub_if_data *sdata = sta->sdata; 542 struct ieee80211_local *local = sdata->local; 543 544 if (!local->ops->ampdu_action) 545 return -EINVAL; 546 547 if (tid >= STA_TID_NUM) 548 return -EINVAL; 549 550 return __ieee80211_stop_tx_ba_session(sta, tid, initiator); 551 } 552 EXPORT_SYMBOL(ieee80211_stop_tx_ba_session); 553 554 void ieee80211_stop_tx_ba_cb(struct ieee80211_vif *vif, u8 *ra, u8 tid) 555 { 556 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 557 struct ieee80211_local *local = sdata->local; 558 struct sta_info *sta; 559 u8 *state; 560 561 if (tid >= STA_TID_NUM) { 562 #ifdef CONFIG_MAC80211_HT_DEBUG 563 printk(KERN_DEBUG "Bad TID value: tid = %d (>= %d)\n", 564 tid, STA_TID_NUM); 565 #endif 566 return; 567 } 568 569 #ifdef CONFIG_MAC80211_HT_DEBUG 570 printk(KERN_DEBUG "Stopping Tx BA session for %pM tid %d\n", 571 ra, tid); 572 #endif /* CONFIG_MAC80211_HT_DEBUG */ 573 574 rcu_read_lock(); 575 sta = sta_info_get(sdata, ra); 576 if (!sta) { 577 #ifdef CONFIG_MAC80211_HT_DEBUG 578 printk(KERN_DEBUG "Could not find station: %pM\n", ra); 579 #endif 580 rcu_read_unlock(); 581 return; 582 } 583 state = &sta->ampdu_mlme.tid_state_tx[tid]; 584 585 /* NOTE: no need to use sta->lock in this state check, as 586 * ieee80211_stop_tx_ba_session will let only one stop call to 587 * pass through per sta/tid 588 */ 589 if ((*state & HT_AGG_STATE_REQ_STOP_BA_MSK) == 0) { 590 #ifdef CONFIG_MAC80211_HT_DEBUG 591 printk(KERN_DEBUG "unexpected callback to A-MPDU stop\n"); 592 #endif 593 rcu_read_unlock(); 594 return; 595 } 596 597 if (*state & HT_AGG_STATE_INITIATOR_MSK) 598 ieee80211_send_delba(sta->sdata, ra, tid, 599 WLAN_BACK_INITIATOR, WLAN_REASON_QSTA_NOT_USE); 600 601 spin_lock_bh(&sta->lock); 602 spin_lock(&local->ampdu_lock); 603 604 ieee80211_agg_splice_packets(local, sta, tid); 605 606 *state = HT_AGG_STATE_IDLE; 607 /* from now on packets are no longer put onto sta->pending */ 608 kfree(sta->ampdu_mlme.tid_tx[tid]); 609 sta->ampdu_mlme.tid_tx[tid] = NULL; 610 611 ieee80211_agg_splice_finish(local, sta, tid); 612 613 spin_unlock(&local->ampdu_lock); 614 spin_unlock_bh(&sta->lock); 615 616 rcu_read_unlock(); 617 } 618 EXPORT_SYMBOL(ieee80211_stop_tx_ba_cb); 619 620 void ieee80211_stop_tx_ba_cb_irqsafe(struct ieee80211_vif *vif, 621 const u8 *ra, u16 tid) 622 { 623 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 624 struct ieee80211_local *local = sdata->local; 625 struct ieee80211_ra_tid *ra_tid; 626 struct sk_buff *skb = dev_alloc_skb(0); 627 628 if (unlikely(!skb)) { 629 #ifdef CONFIG_MAC80211_HT_DEBUG 630 if (net_ratelimit()) 631 printk(KERN_WARNING "%s: Not enough memory, " 632 "dropping stop BA session", sdata->name); 633 #endif 634 return; 635 } 636 ra_tid = (struct ieee80211_ra_tid *) &skb->cb; 637 memcpy(&ra_tid->ra, ra, ETH_ALEN); 638 ra_tid->tid = tid; 639 ra_tid->vif = vif; 640 641 skb->pkt_type = IEEE80211_DELBA_MSG; 642 skb_queue_tail(&local->skb_queue, skb); 643 tasklet_schedule(&local->tasklet); 644 } 645 EXPORT_SYMBOL(ieee80211_stop_tx_ba_cb_irqsafe); 646 647 648 void ieee80211_process_addba_resp(struct ieee80211_local *local, 649 struct sta_info *sta, 650 struct ieee80211_mgmt *mgmt, 651 size_t len) 652 { 653 u16 capab, tid; 654 u8 *state; 655 656 capab = le16_to_cpu(mgmt->u.action.u.addba_resp.capab); 657 tid = (capab & IEEE80211_ADDBA_PARAM_TID_MASK) >> 2; 658 659 state = &sta->ampdu_mlme.tid_state_tx[tid]; 660 661 spin_lock_bh(&sta->lock); 662 663 if (!(*state & HT_ADDBA_REQUESTED_MSK)) 664 goto out; 665 666 if (mgmt->u.action.u.addba_resp.dialog_token != 667 sta->ampdu_mlme.tid_tx[tid]->dialog_token) { 668 #ifdef CONFIG_MAC80211_HT_DEBUG 669 printk(KERN_DEBUG "wrong addBA response token, tid %d\n", tid); 670 #endif /* CONFIG_MAC80211_HT_DEBUG */ 671 goto out; 672 } 673 674 del_timer(&sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer); 675 676 #ifdef CONFIG_MAC80211_HT_DEBUG 677 printk(KERN_DEBUG "switched off addBA timer for tid %d \n", tid); 678 #endif /* CONFIG_MAC80211_HT_DEBUG */ 679 680 if (le16_to_cpu(mgmt->u.action.u.addba_resp.status) 681 == WLAN_STATUS_SUCCESS) { 682 u8 curstate = *state; 683 684 *state |= HT_ADDBA_RECEIVED_MSK; 685 686 if (*state != curstate && *state == HT_AGG_STATE_OPERATIONAL) 687 ieee80211_agg_tx_operational(local, sta, tid); 688 689 sta->ampdu_mlme.addba_req_num[tid] = 0; 690 } else { 691 ___ieee80211_stop_tx_ba_session(sta, tid, WLAN_BACK_INITIATOR); 692 } 693 694 out: 695 spin_unlock_bh(&sta->lock); 696 } 697