include $(TOPDIR)/rules.mk
 
 PKG_NAME:=hostapd
-PKG_VERSION:=0.5.8
+PKG_REV:=03ec0ec5cdb974d51a4a2a566bea4c4568138576
+PKG_VERSION:=20071107_$(PKG_REV)
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=http://hostap.epitest.fi/releases/
-PKG_MD5SUM:=40416b48cae9c78e5a2452caf214aff3
-
-PKG_BUILD_DEPENDS:=madwifi
+PKG_SOURCE_URL:=git://w1.fi/srv/git/hostap.git
+PKG_SOURCE_SUBDIR:=hostapd-$(PKG_VERSION)
+PKG_SOURCE_VERSION:=$(PKG_REV)
+PKG_BUILD_DEPENDS:=madwifi mac80211
 
 include $(INCLUDE_DIR)/package.mk
 
   CATEGORY:=Network
   TITLE:=IEEE 802.1x Authenticator
   URL:=http://hostap.epitest.fi/
-  DEPENDS:=@!TARGET_avr32 @!TARGET_etrax
+  DEPENDS:=@!TARGET_avr32 @!TARGET_etrax $(if $(DUMP)$(CONFIG_LINUX_2_6_23),+libnl)
 endef
 
 define Package/hostapd
   DEPENDS+= +libopenssl
 endef
 
-define Package/hostapd/conffiles
-/etc/hostapd.conf
-endef
+#define Package/hostapd/conffiles
+#/etc/hostapd.conf
+#endef
 
 define Package/hostapd/description
  This package contains a full featured IEEE 802.1x/WPA/EAP/RADIUS 
   TITLE+= (WPA-PSK only)
 endef
 
-define Package/hostapd-mini/conffiles
-/etc/hostapd.conf
-endef
+#define Package/hostapd-mini/conffiles
+#/etc/hostapd.conf
+#endef
 
 define Package/hostapd-mini/description
  This package contains a minimal IEEE 802.1x/WPA/EAP/RADIUS Authenticator 
 endef
 
 define Build/ConfigureTarget
-       $(CP) $(PKG_BUILD_DIR) $(PKG_BUILD_DIR)_$(1)
-       $(CP) ./files/$(1).config $(PKG_BUILD_DIR)_$(1)/.config
-ifneq ($(CONFIG_PACKAGE_kmod-madwifi),)
-       echo "CONFIG_DRIVER_MADWIFI=y" >> $(PKG_BUILD_DIR)_$(1)/.config
-endif
+       rm -rf $(PKG_BUILD_DIR)/hostapd.$(1)
+       $(CP) $(PKG_BUILD_DIR)/hostapd $(PKG_BUILD_DIR)/hostapd.$(1)
+       $(CP) ./files/$(1).config $(PKG_BUILD_DIR)/hostapd.$(1)/.config
+       [ -d $(STAGING_DIR)/usr/include/mac80211 ] || $(SED) 's,^CONFIG_DRIVER_DEVICESCAPE,#CONFIG_DRIVER_DEVICESCAPE,g' $(PKG_BUILD_DIR)/hostapd.$(1)/.config
+       [ -d $(STAGING_DIR)/usr/include/madwifi ] || $(SED) 's,^CONFIG_DRIVER_MADWIFI,#CONFIG_DRIVER_MADWIFI,g' $(PKG_BUILD_DIR)/hostapd.$(1)/.config
 endef
 
 define Build/CompileTarget
-       $(MAKE) -C $(PKG_BUILD_DIR)_$(1) \
+       CFLAGS="$(TARGET_CFLAGS) -I$(STAGING_DIR)/usr/include/madwifi -I$(STAGING_DIR)/usr/include/mac80211 -I$(STAGING_DIR)/usr/include" \
+       $(MAKE) -C $(PKG_BUILD_DIR)/hostapd.$(1) \
                $(TARGET_CONFIGURE_OPTS) \
-               OPTFLAGS="$(TARGET_CFLAGS)" \
-               CPPFLAGS="$(TARGET_CPPFLAGS) -I$(STAGING_DIR)/usr/include/madwifi" \
-               LDFLAGS="$(TARGET_LDFLAGS)" \
+               LIBS="$(TARGET_LDFLAGS) -L$(STAGING_DIR)/usr/lib \
+                       $(if $(wildcard $(STAGING_DIR)/usr/include/mac80211/*),-lnl)" \
                hostapd hostapd_cli
-       $(CP) $(PKG_BUILD_DIR)_$(1)/hostapd_cli $(PKG_BUILD_DIR)/
+       $(CP) $(PKG_BUILD_DIR)/hostapd.$(1)/hostapd_cli $(PKG_BUILD_DIR)/
 endef
 
 define Package/InstallTemplate
-       if [ \! -f "$(PKG_BUILD_DIR)_$(2)/hostapd" ]; then \
-               rm -f $(PKG_BUILD_DIR)/.built; \
-               $(MAKE) $(PKG_BUILD_DIR)/.built; \
-       fi
        $(INSTALL_DIR) $$(1)/lib/wifi
        $(INSTALL_DATA) ./files/hostapd.sh $$(1)/lib/wifi/hostapd.sh
-       $(INSTALL_DIR) $$(1)/etc
-ifneq ($(CONFIG_PACKAGE_kmod-madwifi),)
-       $(INSTALL_CONF) $(PKG_BUILD_DIR)_$(2)/madwifi.conf $$(1)/etc/hostapd.conf
-else
-       $(INSTALL_CONF) $(PKG_BUILD_DIR)_$(2)/hostapd.conf $$(1)/etc/hostapd.conf
-endif
+# config is managed through uci
+#      $(INSTALL_DIR) $$(1)/etc
+#      $(INSTALL_CONF) $(PKG_BUILD_DIR)/hostapd.$(2)/hostapd.conf $$(1)/etc/hostapd.conf 
        $(INSTALL_DIR) $$(1)/usr/sbin
-       $(INSTALL_BIN) $(PKG_BUILD_DIR)_$(2)/hostapd $$(1)/usr/sbin/
+       $(INSTALL_BIN) $(PKG_BUILD_DIR)/hostapd.$(2)/hostapd $$(1)/usr/sbin/
 endef
 
 define Package/Template
 
 CONFIG_DRIVER_HOSTAP=y
 
 # Driver interface for wired authenticator
-#CONFIG_DRIVER_WIRED=y
+CONFIG_DRIVER_WIRED=y
 
 # Driver interface for madwifi driver
-#CONFIG_DRIVER_MADWIFI=y
+CONFIG_DRIVER_MADWIFI=y
 #CFLAGS += -I../head # change to reflect local setup; directory for madwifi src
 
 # Driver interface for Prism54 driver
 #CONFIG_DRIVER_PRISM54=y
 
+# Driver interface for drivers using Devicescape IEEE 802.11 stack
+CONFIG_DRIVER_DEVICESCAPE=y
+# Currently, driver_devicescape.c build requires some additional parameters
+# to be able to include some of the kernel header files. Following lines can
+# be used to set these (WIRELESS_DEV must point to the root directory of the
+# wireless-dev.git tree).
+#WIRELESS_DEV=/usr/src/wireless-dev
+#CFLAGS += -I$(WIRELESS_DEV)/net/mac80211
+# driver_devicescape.c requires a rather new libnl, probably not
+# shipped with your distribution yet
+#LIBNL=/usr/src/libnl
+#CFLAGS += -I$(LIBNL)/include
+#LIBS += -L$(LIBNL)/lib
+
 # Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
 #CONFIG_DRIVER_BSD=y
 #CFLAGS += -I/usr/local/include
 # WPA2/IEEE 802.11i RSN pre-authentication
 CONFIG_RSN_PREAUTH=y
 
-# Integrated EAP authenticator
+# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS)
+CONFIG_PEERKEY=y
+
+# IEEE 802.11w (management frame protection)
+# This version is an experimental implementation based on IEEE 802.11w/D1.0
+# draft and is subject to change since the standard has not yet been finalized.
+# Driver support is also needed for IEEE 802.11w.
+#CONFIG_IEEE80211W=y
+
+# Integrated EAP server
 CONFIG_EAP=y
 
-# EAP-MD5 for the integrated EAP authenticator
+# EAP-MD5 for the integrated EAP server
 CONFIG_EAP_MD5=y
 
-# EAP-TLS for the integrated EAP authenticator
+# EAP-TLS for the integrated EAP server
 CONFIG_EAP_TLS=y
 
-# EAP-MSCHAPv2 for the integrated EAP authenticator
+# EAP-MSCHAPv2 for the integrated EAP server
 CONFIG_EAP_MSCHAPV2=y
 
-# EAP-PEAP for the integrated EAP authenticator
+# EAP-PEAP for the integrated EAP server
 CONFIG_EAP_PEAP=y
 
-# EAP-PSK for the integrated EAP authenticator
-CONFIG_EAP_PSK=y
-
-# EAP-GTC for the integrated EAP authenticator
+# EAP-GTC for the integrated EAP server
 CONFIG_EAP_GTC=y
 
-# EAP-TTLS for the integrated EAP authenticator
+# EAP-TTLS for the integrated EAP server
 CONFIG_EAP_TTLS=y
 
-# EAP-SIM for the integrated EAP authenticator
+# EAP-SIM for the integrated EAP server
 #CONFIG_EAP_SIM=y
 
+# EAP-AKA for the integrated EAP server
+#CONFIG_EAP_AKA=y
+
+# EAP-PAX for the integrated EAP server
+#CONFIG_EAP_PAX=y
+
+# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK)
+#CONFIG_EAP_PSK=y
+
+# EAP-SAKE for the integrated EAP server
+#CONFIG_EAP_SAKE=y
+
+# EAP-GPSK for the integrated EAP server
+#CONFIG_EAP_GPSK=y
+# Include support for optional SHA256 cipher suite in EAP-GPSK
+#CONFIG_EAP_GPSK_SHA256=y
+
+# EAP-FAST for the integrated EAP server
+# Note: Default OpenSSL package does not include support for all the
+# functionality needed for EAP-FAST. If EAP-FAST is enabled with OpenSSL,
+# the OpenSSL library must be patched (openssl-0.9.9-session-ticket.patch)
+# to add the needed functions.
+#CONFIG_EAP_FAST=y
+
 # PKCS#12 (PFX) support (used to read private key and certificate file from
 # a file that usually has extension .p12 or .pfx)
 CONFIG_PKCS12=y
 
 # RADIUS authentication server. This provides access to the integrated EAP
-# authenticator from external hosts using RADIUS.
+# server from external hosts using RADIUS.
 #CONFIG_RADIUS_SERVER=y
+
+# Build IPv6 support for RADIUS operations
+CONFIG_IPV6=y
+
+# IEEE 802.11r/D4.1 (Fast BSS Transition)
+# This enables an experimental implementation of a draft version of
+# IEEE 802.11r. This draft is still subject to change, so it should be noted
+# that this version may not comply with the final standard.
+#CONFIG_IEEE80211R=y
 
 CONFIG_DRIVER_HOSTAP=y
 
 # Driver interface for wired authenticator
-#CONFIG_DRIVER_WIRED=y
+CONFIG_DRIVER_WIRED=y
 
 # Driver interface for madwifi driver
-#CONFIG_DRIVER_MADWIFI=y
+CONFIG_DRIVER_MADWIFI=y
 #CFLAGS += -I../head # change to reflect local setup; directory for madwifi src
 
 # Driver interface for Prism54 driver
 #CONFIG_DRIVER_PRISM54=y
 
+# Driver interface for drivers using Devicescape IEEE 802.11 stack
+CONFIG_DRIVER_DEVICESCAPE=y
+# Currently, driver_devicescape.c build requires some additional parameters
+# to be able to include some of the kernel header files. Following lines can
+# be used to set these (WIRELESS_DEV must point to the root directory of the
+# wireless-dev.git tree).
+#WIRELESS_DEV=/usr/src/wireless-dev
+#CFLAGS += -I$(WIRELESS_DEV)/net/mac80211
+# driver_devicescape.c requires a rather new libnl, probably not
+# shipped with your distribution yet
+#LIBNL=/usr/src/libnl
+#CFLAGS += -I$(LIBNL)/include
+#LIBS += -L$(LIBNL)/lib
+
 # Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
 #CONFIG_DRIVER_BSD=y
 #CFLAGS += -I/usr/local/include
 # WPA2/IEEE 802.11i RSN pre-authentication
 CONFIG_RSN_PREAUTH=y
 
-# Integrated EAP authenticator
-CONFIG_EAP=y
+# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS)
+CONFIG_PEERKEY=y
+
+# IEEE 802.11w (management frame protection)
+# This version is an experimental implementation based on IEEE 802.11w/D1.0
+# draft and is subject to change since the standard has not yet been finalized.
+# Driver support is also needed for IEEE 802.11w.
+#CONFIG_IEEE80211W=y
+
+# Integrated EAP server
+#CONFIG_EAP=y
 
-# EAP-MD5 for the integrated EAP authenticator
+# EAP-MD5 for the integrated EAP server
 #CONFIG_EAP_MD5=y
 
-# EAP-TLS for the integrated EAP authenticator
+# EAP-TLS for the integrated EAP server
 #CONFIG_EAP_TLS=y
 
-# EAP-MSCHAPv2 for the integrated EAP authenticator
+# EAP-MSCHAPv2 for the integrated EAP server
 #CONFIG_EAP_MSCHAPV2=y
 
-# EAP-PEAP for the integrated EAP authenticator
+# EAP-PEAP for the integrated EAP server
 #CONFIG_EAP_PEAP=y
 
-# EAP-PSK for the integrated EAP authenticator
-CONFIG_EAP_PSK=y
-
-# EAP-GTC for the integrated EAP authenticator
+# EAP-GTC for the integrated EAP server
 #CONFIG_EAP_GTC=y
 
-# EAP-TTLS for the integrated EAP authenticator
+# EAP-TTLS for the integrated EAP server
 #CONFIG_EAP_TTLS=y
 
-# EAP-SIM for the integrated EAP authenticator
+# EAP-SIM for the integrated EAP server
 #CONFIG_EAP_SIM=y
 
+# EAP-AKA for the integrated EAP server
+#CONFIG_EAP_AKA=y
+
+# EAP-PAX for the integrated EAP server
+#CONFIG_EAP_PAX=y
+
+# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK)
+#CONFIG_EAP_PSK=y
+
+# EAP-SAKE for the integrated EAP server
+#CONFIG_EAP_SAKE=y
+
+# EAP-GPSK for the integrated EAP server
+#CONFIG_EAP_GPSK=y
+# Include support for optional SHA256 cipher suite in EAP-GPSK
+#CONFIG_EAP_GPSK_SHA256=y
+
+# EAP-FAST for the integrated EAP server
+# Note: Default OpenSSL package does not include support for all the
+# functionality needed for EAP-FAST. If EAP-FAST is enabled with OpenSSL,
+# the OpenSSL library must be patched (openssl-0.9.9-session-ticket.patch)
+# to add the needed functions.
+#CONFIG_EAP_FAST=y
+
 # PKCS#12 (PFX) support (used to read private key and certificate file from
 # a file that usually has extension .p12 or .pfx)
 #CONFIG_PKCS12=y
 
 # RADIUS authentication server. This provides access to the integrated EAP
-# authenticator from external hosts using RADIUS.
+# server from external hosts using RADIUS.
 #CONFIG_RADIUS_SERVER=y
+
+# Build IPv6 support for RADIUS operations
+#CONFIG_IPV6=y
+
+# IEEE 802.11r/D4.1 (Fast BSS Transition)
+# This enables an experimental implementation of a draft version of
+# IEEE 802.11r. This draft is still subject to change, so it should be noted
+# that this version may not comply with the final standard.
+#CONFIG_IEEE80211R=y
 
+++ /dev/null
-Common subdirectories: hostapd-0.5.2/logwatch and hostapd-0.5.2.new/logwatch
-Index: hostapd-0.5.7/Makefile
-===================================================================
---- hostapd-0.5.7.orig/Makefile        2007-06-04 13:22:31.790022464 +0200
-+++ hostapd-0.5.7/Makefile     2007-06-04 13:22:31.856012432 +0200
-@@ -2,7 +2,7 @@
- DIR_WPA_SUPPLICANT=.
- 
- ifndef CFLAGS
--CFLAGS = -MMD -O2 -Wall -g
-+CFLAGS = -MMD $(OPTFLAGS) $(CPPFLAGS)
- endif
- 
- # define HOSTAPD_DUMP_STATE to include SIGUSR1 handler for dumping state to
-@@ -336,7 +336,7 @@
-       for i in $(ALL); do cp $$i /usr/local/bin/$$i; done
- 
- hostapd: $(OBJS)
--      $(CC) -o hostapd $(OBJS) $(LIBS)
-+      $(CC) -o hostapd $(OBJS) $(LDFLAGS) $(LIBS)
- 
- driver_conf.c: Makefile .config
-       rm -f driver_conf.c
-@@ -400,10 +400,10 @@
- endif
- 
- nt_password_hash: $(NOBJS)
--      $(CC) -o nt_password_hash $(NOBJS) $(LIBS_n)
-+      $(CC) -o nt_password_hash $(NOBJS) $(LDFLAGS) $(LIBS_n)
- 
- hlr_auc_gw: $(HOBJS)
--      $(CC) -o hlr_auc_gw $(HOBJS) $(LIBS_h)
-+      $(CC) -o hlr_auc_gw $(HOBJS) $(LDFLAGS) $(LIBS_h)
- 
- clean:
-       rm -f core *~ *.o hostapd hostapd_cli nt_password_hash hlr_auc_gw
 
--- /dev/null
+---
+ hostapd/driver_devicescape.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- hostap.orig/hostapd/driver_devicescape.c   2007-11-09 13:41:08.000000000 +0100
++++ hostap/hostapd/driver_devicescape.c        2007-11-09 13:41:12.000000000 +0100
+@@ -1386,10 +1386,10 @@ static void handle_frame(struct hostapd_
+       case ieee80211_msg_wep_frame_unknown_key:
+               ieee802_11_rx_unknown_key(hapd, buf, data_len);
+               return;
+- */
+       case ieee80211_msg_michael_mic_failure:
+               hostapd_michael_mic_failure(hapd, buf, data_len);
+               return;
++ */
+ /*
+  * TODO
+  * We should be telling them to go away. But we don't support that now.
 
--- /dev/null
+---
+ hostapd/driver_devicescape.c |   93 ++++++++++++++++++++++++++++++-------------
+ 1 file changed, 67 insertions(+), 26 deletions(-)
+
+--- hostap.orig/hostapd/driver_devicescape.c   2007-11-09 13:41:12.000000000 +0100
++++ hostap/hostapd/driver_devicescape.c        2007-11-09 13:41:13.000000000 +0100
+@@ -150,38 +150,79 @@ static int i802_set_encryption(const cha
+                              size_t key_len, int txkey)
+ {
+       struct i802_driver_data *drv = priv;
+-      struct prism2_hostapd_param *param;
+-      u8 *buf;
+-      size_t blen;
+-      int ret = 0;
++      struct nl_msg *msg;
++      int ret = -1;
++      int err = 0;
+ 
+-      blen = sizeof(*param) + key_len;
+-      buf = os_zalloc(blen);
+-      if (buf == NULL)
+-              return -1;
++      msg = nlmsg_alloc();
++      if (!msg)
++              goto out;
+ 
+-      param = (struct prism2_hostapd_param *) buf;
+-      param->cmd = PRISM2_SET_ENCRYPTION;
+-      if (addr == NULL)
+-              memset(param->sta_addr, 0xff, ETH_ALEN);
+-      else
+-              memcpy(param->sta_addr, addr, ETH_ALEN);
+-      os_strlcpy((char *) param->u.crypt.alg, alg,
+-                 HOSTAP_CRYPT_ALG_NAME_LEN);
+-      param->u.crypt.flags = txkey ? HOSTAP_CRYPT_FLAG_SET_TX_KEY : 0;
+-      param->u.crypt.idx = idx;
+-      param->u.crypt.key_len = key_len;
+-      memcpy(param->u.crypt.key, key, key_len);
++      if (strcmp(alg, "none") == 0) {
++              genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
++                          0, NL80211_CMD_DEL_KEY, 0);
++      } else {
++              genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
++                          0, NL80211_CMD_NEW_KEY, 0);
++              NLA_PUT(msg, NL80211_ATTR_KEY_DATA, key_len, key);
++              if (strcmp(alg, "WEP") == 0) {
++                      if (key_len == 5)
++                              NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
++                                          0x000FAC01);
++                      else
++                              NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
++                                          0x000FAC05);
++              } else if (strcmp(alg, "TKIP") == 0)
++                      NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 0x000FAC02);
++              else if (strcmp(alg, "CCMP") == 0)
++                      NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 0x000FAC04);
++              else
++                      goto out;
++      }
+ 
+-      if (hostapd_ioctl_iface(iface, drv, param, blen) && errno != ENOENT) {
+-              printf("%s: Failed to set encryption to alg '%s' addr " MACSTR
+-                     " errno=%d\n",
+-                     iface, alg, MAC2STR(param->sta_addr), errno);
+-              ret = -1;
++      if (addr)
++              NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
++      NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, idx);
++      NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface));
++
++      if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
++          (err = nl_wait_for_ack(drv->nl_handle)) < 0) {
++              if (err != -ENOENT) {
++                      err = 0;
++                      goto out;
++              }
+       }
+ 
+-      free(buf);
++      if (!txkey) {
++              ret = 0;
++              goto out;
++      }
++
++      nlmsg_free(msg);
++
++      msg = nlmsg_alloc();
++      if (!msg)
++              goto out;
+ 
++      genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
++                  0, NL80211_CMD_SET_KEY, 0);
++      NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, idx);
++      NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface));
++      NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT);
++
++      if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
++          (err = nl_wait_for_ack(drv->nl_handle)) < 0) {
++              if (err != -ENOENT) {
++                      err = 0;
++                      goto out;
++              }
++      }
++
++      ret = 0;
++
++ out:
++ nla_put_failure:
++      nlmsg_free(msg);
+       return ret;
+ }
+ 
 
--- /dev/null
+---
+ hostapd/driver_devicescape.c |  111 +++++++++++++++++++++++++++++++------------
+ 1 file changed, 82 insertions(+), 29 deletions(-)
+
+--- hostap.orig/hostapd/driver_devicescape.c   2007-11-09 13:41:13.000000000 +0100
++++ hostap/hostapd/driver_devicescape.c        2007-11-09 13:41:13.000000000 +0100
+@@ -68,6 +68,8 @@ struct i802_driver_data {
+       struct nl_handle *nl_handle;
+       struct nl_cache *nl_cache;
+       struct genl_family *nl80211;
++      int dtim_period;
++      unsigned int beacon_set:1;
+ };
+ 
+ 
+@@ -908,37 +910,44 @@ static int i802_bss_remove(void *priv, c
+ }
+ 
+ 
+-static int i802_set_beacon(const char *ifname, void *priv,
++static int i802_set_beacon(const char *iface, void *priv,
+                          u8 *head, size_t head_len,
+                          u8 *tail, size_t tail_len)
+ {
+       struct i802_driver_data *drv = priv;
+-      struct prism2_hostapd_param *param;
+-      int len, ret = 0;
++      struct nl_msg *msg;
++      u8 cmd = NL80211_CMD_NEW_BEACON;
++      int ret = -1;
+ 
+-      param = os_zalloc(sizeof(*param) + head_len + tail_len);
+-      if (param == NULL) {
+-              printf("Failed to alloc memory for beacon ioctl\n");
+-              return -1;
+-      }
+-      len = (¶m->u.beacon.data[0] - (u8 *) param) + head_len + tail_len;
+-      param->cmd = PRISM2_HOSTAPD_SET_BEACON;
+-      param->u.beacon.head_len = head_len;
+-      param->u.beacon.tail_len = tail_len;
+-      memcpy(¶m->u.beacon.data[0], head, head_len);
+-      memcpy(¶m->u.beacon.data[0] + head_len, tail, tail_len);
+-
+-      if (len < (int) sizeof(*param))
+-              len = sizeof(*param);
+-      if (hostapd_ioctl_iface(ifname, drv, param, len)) {
+-              printf("Could not set beacon data to kernel driver.\n");
+-              printf("ifname='%s' head=%p head_len=%d tail=%p tail_len=%d "
+-                     "cmd=%d\n",
+-                     ifname, head, head_len, tail, tail_len, param->cmd);
+-              ret = -1;
+-      }
++      msg = nlmsg_alloc();
++      if (!msg)
++              goto out;
+ 
+-      free(param);
++      if (drv->beacon_set)
++              cmd = NL80211_CMD_SET_BEACON;
++
++      genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
++                  0, cmd, 0);
++      NLA_PUT(msg, NL80211_ATTR_BEACON_HEAD, head_len, head);
++      NLA_PUT(msg, NL80211_ATTR_BEACON_TAIL, tail_len, tail);
++      NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface));
++      NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, 1000);
++
++      if (!drv->dtim_period)
++              drv->dtim_period = 2;
++      NLA_PUT_U32(msg, NL80211_ATTR_DTIM_PERIOD, drv->dtim_period);
++
++      if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
++          nl_wait_for_ack(drv->nl_handle) < 0)
++              goto out;
++
++      ret = 0;
++
++      drv->beacon_set = 1;
++
++ out:
++ nla_put_failure:
++      nlmsg_free(msg);
+       return ret;
+ }
+ 
+@@ -985,15 +994,59 @@ static int i802_set_internal_bridge(void
+ static int i802_set_beacon_int(void *priv, int value)
+ {
+       struct i802_driver_data *drv = priv;
+-      return hostap_ioctl_prism2param(drv, PRISM2_PARAM_BEACON_INT, value);
++      struct nl_msg *msg;
++      int ret = -1;
++
++      msg = nlmsg_alloc();
++      if (!msg)
++              goto out;
++
++      genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
++                  0, NL80211_CMD_SET_BEACON, 0);
++      NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(drv->iface));
++
++      NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, value);
++
++      if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
++          nl_wait_for_ack(drv->nl_handle) < 0)
++              goto out;
++
++      ret = 0;
++
++ out:
++ nla_put_failure:
++      nlmsg_free(msg);
++      return ret;
+ }
+ 
+ 
+-static int i802_set_dtim_period(const char *ifname, void *priv, int value)
++static int i802_set_dtim_period(const char *iface, void *priv, int value)
+ {
+       struct i802_driver_data *drv = priv;
+-      return hostap_ioctl_prism2param_iface(ifname, drv,
+-                                            PRISM2_PARAM_DTIM_PERIOD, value);
++      struct nl_msg *msg;
++      int ret = -1;
++
++      msg = nlmsg_alloc();
++      if (!msg)
++              goto out;
++
++      genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
++                  0, NL80211_CMD_SET_BEACON, 0);
++      NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface));
++
++      drv->dtim_period = value;
++      NLA_PUT_U32(msg, NL80211_ATTR_DTIM_PERIOD, drv->dtim_period);
++
++      if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
++          nl_wait_for_ack(drv->nl_handle) < 0)
++              goto out;
++
++      ret = 0;
++
++ out:
++ nla_put_failure:
++      nlmsg_free(msg);
++      return ret;
+ }
+ 
+ 
 
--- /dev/null
+---
+ hostapd/driver_devicescape.c |   96 ++++++++++++++++++++++++++++++++++---------
+ 1 file changed, 76 insertions(+), 20 deletions(-)
+
+--- hostap.orig/hostapd/driver_devicescape.c   2007-11-09 13:41:13.000000000 +0100
++++ hostap/hostapd/driver_devicescape.c        2007-11-09 13:41:14.000000000 +0100
+@@ -228,33 +228,89 @@ static int i802_set_encryption(const cha
+       return ret;
+ }
+ 
++static inline int min_int(int a, int b)
++{
++      if (a<b)
++              return a;
++      return b;
++}
++
++static int get_key_handler(struct nl_msg *msg, void *arg)
++{
++      struct nlattr *tb[NL80211_ATTR_MAX];
++      struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
++
++      nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
++                genlmsg_attrlen(gnlh, 0), NULL);
++
++      /*
++       * TODO: validate the key index and mac address!
++       * Otherwise, there's a race condition as soon as
++       * the kernel starts sending key notifications.
++       */
++
++      if (tb[NL80211_ATTR_KEY_SEQ])
++              memcpy(arg, nla_data(tb[NL80211_ATTR_KEY_SEQ]),
++                     min_int(nla_len(tb[NL80211_ATTR_KEY_SEQ]), 6));
++      return NL_SKIP;
++}
++
++static int ack_wait_handler(struct nl_msg *msg, void *arg)
++{
++      int *finished = arg;
++
++      *finished = 1;
++      return NL_STOP;
++}
+ 
+ static int i802_get_seqnum(const char *iface, void *priv, const u8 *addr,
+                          int idx, u8 *seq)
+ {
+       struct i802_driver_data *drv = priv;
+-      struct prism2_hostapd_param *param;
+-      size_t param_len;
+-      int ret;
++      struct nl_msg *msg;
++      struct nl_cb *cb = NULL;
++      int ret = -1;
++      int err = 0;
++      int finished = 0;
+ 
+-      param_len = sizeof(struct prism2_hostapd_param) + 32;
+-      param = os_zalloc(param_len);
+-      if (param == NULL)
+-              return -1;
++      msg = nlmsg_alloc();
++      if (!msg)
++              goto out;
+ 
+-      param->cmd = PRISM2_GET_ENCRYPTION;
+-      if (addr == NULL)
+-              memset(param->sta_addr, 0xff, ETH_ALEN);
+-      else
+-              memcpy(param->sta_addr, addr, ETH_ALEN);
+-      param->u.crypt.idx = idx;
+-
+-      ret = hostapd_ioctl_iface(iface, drv, param, param_len);
+-      if (ret == 0) {
+-              memcpy(seq, param->u.crypt.seq_counter,
+-                     HOSTAP_SEQ_COUNTER_SIZE);
+-      }
+-      free(param);
++      genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
++                  0, NL80211_CMD_GET_KEY, 0);
++
++      if (addr)
++              NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
++      NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, idx);
++      NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface));
++
++      cb = nl_cb_alloc(NL_CB_CUSTOM);
++      if (!cb)
++              goto out;
++
++      memset(seq, 0, 6);
++
++      if (nl_send_auto_complete(drv->nl_handle, msg) < 0)
++              goto out;
++
++      nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, get_key_handler, seq);
++      nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_wait_handler, &finished);
++
++      err = nl_recvmsgs(drv->nl_handle, cb);
++
++      if (!finished)
++              err = nl_wait_for_ack(drv->nl_handle);
++
++      if (err < 0)
++              goto out;
++
++      ret = 0;
++
++ out:
++      nl_cb_put(cb);
++ nla_put_failure:
++      nlmsg_free(msg);
+       return ret;
+ }
+ 
 
--- /dev/null
+---
+ hostapd/driver.h             |    8 ++++----
+ hostapd/driver_bsd.c         |    3 ++-
+ hostapd/driver_devicescape.c |    6 +++---
+ hostapd/driver_hostap.c      |    4 ++--
+ hostapd/driver_madwifi.c     |    3 ++-
+ hostapd/driver_prism54.c     |    3 ++-
+ hostapd/ieee802_11.c         |    4 ++--
+ hostapd/ieee802_1x.c         |    4 ++--
+ hostapd/wme.c                |    6 ++++--
+ 9 files changed, 23 insertions(+), 18 deletions(-)
+
+--- hostap.orig/hostapd/driver.h       2007-11-09 13:41:07.000000000 +0100
++++ hostap/hostapd/driver.h    2007-11-09 13:41:15.000000000 +0100
+@@ -92,7 +92,7 @@ struct wpa_driver_ops {
+       int (*get_retry)(void *priv, int *short_retry, int *long_retry);
+ 
+       int (*sta_set_flags)(void *priv, const u8 *addr,
+-                           int flags_or, int flags_and);
++                           int total_flags, int flags_or, int flags_and);
+       int (*set_rate_sets)(void *priv, int *supp_rates, int *basic_rates,
+                            int mode);
+       int (*set_channel_flag)(void *priv, int mode, int chan, int flag,
+@@ -427,12 +427,12 @@ hostapd_get_retry(struct hostapd_data *h
+ 
+ static inline int
+ hostapd_sta_set_flags(struct hostapd_data *hapd, u8 *addr,
+-                    int flags_or, int flags_and)
++                    int total_flags, int flags_or, int flags_and)
+ {
+       if (hapd->driver == NULL || hapd->driver->sta_set_flags == NULL)
+               return 0;
+-      return hapd->driver->sta_set_flags(hapd->drv_priv, addr, flags_or,
+-                                         flags_and);
++      return hapd->driver->sta_set_flags(hapd->drv_priv, addr, total_flags,
++                                         flags_or, flags_and);
+ }
+ 
+ static inline int
+--- hostap.orig/hostapd/driver_bsd.c   2007-11-09 13:41:07.000000000 +0100
++++ hostap/hostapd/driver_bsd.c        2007-11-09 13:41:15.000000000 +0100
+@@ -322,7 +322,8 @@ bsd_set_sta_authorized(void *priv, const
+ }
+ 
+ static int
+-bsd_sta_set_flags(void *priv, const u8 *addr, int flags_or, int flags_and)
++bsd_sta_set_flags(void *priv, const u8 *addr, int total_flags, int flags_or,
++                int flags_and)
+ {
+       /* For now, only support setting Authorized flag */
+       if (flags_or & WLAN_STA_AUTHORIZED)
+--- hostap.orig/hostapd/driver_devicescape.c   2007-11-09 13:41:14.000000000 +0100
++++ hostap/hostapd/driver_devicescape.c        2007-11-09 13:41:15.000000000 +0100
+@@ -76,7 +76,7 @@ struct i802_driver_data {
+ #define HAPD_DECL     struct hostapd_data *hapd = iface->bss[0]
+ 
+ static int i802_sta_set_flags(void *priv, const u8 *addr,
+-                            int flags_or, int flags_and);
++                            int total_flags, int flags_or, int flags_and);
+ 
+ 
+ static int hostapd_set_iface_flags(struct i802_driver_data *drv, int dev_up)
+@@ -765,7 +765,7 @@ static int i802_sta_remove(void *priv, c
+       struct i802_driver_data *drv = priv;
+       struct prism2_hostapd_param param;
+ 
+-      i802_sta_set_flags(drv, addr, 0, ~WLAN_STA_AUTHORIZED);
++      i802_sta_set_flags(drv, addr, 0, 0, ~WLAN_STA_AUTHORIZED);
+ 
+       memset(¶m, 0, sizeof(param));
+       param.cmd = PRISM2_HOSTAPD_REMOVE_STA;
+@@ -777,7 +777,7 @@ static int i802_sta_remove(void *priv, c
+ 
+ 
+ static int i802_sta_set_flags(void *priv, const u8 *addr,
+-                            int flags_or, int flags_and)
++                            int total_flags, int flags_or, int flags_and)
+ {
+       struct i802_driver_data *drv = priv;
+       struct prism2_hostapd_param param;
+--- hostap.orig/hostapd/driver_hostap.c        2007-11-09 13:41:07.000000000 +0100
++++ hostap/hostapd/driver_hostap.c     2007-11-09 13:41:15.000000000 +0100
+@@ -374,7 +374,7 @@ static int hostap_send_eapol(void *priv,
+ 
+ 
+ static int hostap_sta_set_flags(void *priv, const u8 *addr,
+-                              int flags_or, int flags_and)
++                              int total_flags, int flags_or, int flags_and)
+ {
+       struct hostap_driver_data *drv = priv;
+       struct prism2_hostapd_param param;
+@@ -694,7 +694,7 @@ static int hostap_sta_remove(void *priv,
+       struct hostap_driver_data *drv = priv;
+       struct prism2_hostapd_param param;
+ 
+-      hostap_sta_set_flags(drv, addr, 0, ~WLAN_STA_AUTHORIZED);
++      hostap_sta_set_flags(drv, addr, 0, 0, ~WLAN_STA_AUTHORIZED);
+ 
+       memset(¶m, 0, sizeof(param));
+       param.cmd = PRISM2_HOSTAPD_REMOVE_STA;
+--- hostap.orig/hostapd/driver_madwifi.c       2007-11-09 13:41:07.000000000 +0100
++++ hostap/hostapd/driver_madwifi.c    2007-11-09 13:41:15.000000000 +0100
+@@ -410,7 +410,8 @@ madwifi_set_sta_authorized(void *priv, c
+ }
+ 
+ static int
+-madwifi_sta_set_flags(void *priv, const u8 *addr, int flags_or, int flags_and)
++madwifi_sta_set_flags(void *priv, const u8 *addr, int total_flags,
++                    int flags_or, int flags_and)
+ {
+       /* For now, only support setting Authorized flag */
+       if (flags_or & WLAN_STA_AUTHORIZED)
+--- hostap.orig/hostapd/driver_prism54.c       2007-11-09 13:41:07.000000000 +0100
++++ hostap/hostapd/driver_prism54.c    2007-11-09 13:41:15.000000000 +0100
+@@ -187,7 +187,8 @@ static int prism54_set_sta_authorized(vo
+ 
+ 
+ static int
+-prism54_sta_set_flags(void *priv, const u8 *addr, int flags_or, int flags_and)
++prism54_sta_set_flags(void *priv, const u8 *addr, int total_flags,
++                    int flags_or, int flags_and)
+ {
+       /* For now, only support setting Authorized flag */
+       if (flags_or & WLAN_STA_AUTHORIZED)
+--- hostap.orig/hostapd/ieee802_11.c   2007-11-09 13:41:07.000000000 +0100
++++ hostap/hostapd/ieee802_11.c        2007-11-09 13:41:15.000000000 +0100
+@@ -1625,10 +1625,10 @@ static void handle_assoc_cb(struct hosta
+               ap_sta_bind_vlan(hapd, sta, 0);
+       }
+       if (sta->flags & WLAN_STA_SHORT_PREAMBLE) {
+-              hostapd_sta_set_flags(hapd, sta->addr,
++              hostapd_sta_set_flags(hapd, sta->addr, sta->flags,
+                                     WLAN_STA_SHORT_PREAMBLE, ~0);
+       } else {
+-              hostapd_sta_set_flags(hapd, sta->addr,
++              hostapd_sta_set_flags(hapd, sta->addr, sta->flags,
+                                     0, ~WLAN_STA_SHORT_PREAMBLE);
+       }
+ 
+--- hostap.orig/hostapd/ieee802_1x.c   2007-11-09 13:41:07.000000000 +0100
++++ hostap/hostapd/ieee802_1x.c        2007-11-09 13:41:15.000000000 +0100
+@@ -94,13 +94,13 @@ void ieee802_1x_set_sta_authorized(struc
+ 
+       if (authorized) {
+               sta->flags |= WLAN_STA_AUTHORIZED;
+-              res = hostapd_sta_set_flags(hapd, sta->addr,
++              res = hostapd_sta_set_flags(hapd, sta->addr, sta->flags,
+                                           WLAN_STA_AUTHORIZED, ~0);
+               hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
+                              HOSTAPD_LEVEL_DEBUG, "authorizing port");
+       } else {
+               sta->flags &= ~WLAN_STA_AUTHORIZED;
+-              res = hostapd_sta_set_flags(hapd, sta->addr,
++              res = hostapd_sta_set_flags(hapd, sta->addr, sta->flags,
+                                           0, ~WLAN_STA_AUTHORIZED);
+               hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
+                              HOSTAPD_LEVEL_DEBUG, "unauthorizing port");
+--- hostap.orig/hostapd/wme.c  2007-11-09 13:41:07.000000000 +0100
++++ hostap/hostapd/wme.c       2007-11-09 13:41:15.000000000 +0100
+@@ -110,9 +110,11 @@ int hostapd_wme_sta_config(struct hostap
+ {
+       /* update kernel STA data for WME related items (WLAN_STA_WPA flag) */
+       if (sta->flags & WLAN_STA_WME)
+-              hostapd_sta_set_flags(hapd, sta->addr, WLAN_STA_WME, ~0);
++              hostapd_sta_set_flags(hapd, sta->addr, sta->flags,
++                                    WLAN_STA_WME, ~0);
+       else
+-              hostapd_sta_set_flags(hapd, sta->addr, 0, ~WLAN_STA_WME);
++              hostapd_sta_set_flags(hapd, sta->addr, sta->flags,
++                                    0, ~WLAN_STA_WME);
+ 
+       return 0;
+ }
 
--- /dev/null
+---
+ hostapd/driver_devicescape.c |  330 ++++++++++++++++++++++++++++++++-----------
+ 1 file changed, 249 insertions(+), 81 deletions(-)
+
+--- hostap.orig/hostapd/driver_devicescape.c   2007-11-09 13:41:15.000000000 +0100
++++ hostap/hostapd/driver_devicescape.c        2007-11-09 13:41:16.000000000 +0100
+@@ -75,8 +75,14 @@ struct i802_driver_data {
+ 
+ #define HAPD_DECL     struct hostapd_data *hapd = iface->bss[0]
+ 
+-static int i802_sta_set_flags(void *priv, const u8 *addr,
+-                            int total_flags, int flags_or, int flags_and);
++/* helper for netlink get routines */
++static int ack_wait_handler(struct nl_msg *msg, void *arg)
++{
++      int *finished = arg;
++
++      *finished = 1;
++      return NL_STOP;
++}
+ 
+ 
+ static int hostapd_set_iface_flags(struct i802_driver_data *drv, int dev_up)
+@@ -255,14 +261,6 @@ static int get_key_handler(struct nl_msg
+       return NL_SKIP;
+ }
+ 
+-static int ack_wait_handler(struct nl_msg *msg, void *arg)
+-{
+-      int *finished = arg;
+-
+-      *finished = 1;
+-      return NL_STOP;
+-}
+-
+ static int i802_get_seqnum(const char *iface, void *priv, const u8 *addr,
+                          int idx, u8 *seq)
+ {
+@@ -629,43 +627,126 @@ static int i802_get_retry(void *priv, in
+ static int i802_flush(void *priv)
+ {
+       struct i802_driver_data *drv = priv;
+-      struct prism2_hostapd_param param;
++      struct nl_msg *msg;
++      int ret = -1;
+ 
+-      memset(¶m, 0, sizeof(param));
+-      param.cmd = PRISM2_HOSTAPD_FLUSH;
+-      return hostapd_ioctl(drv, ¶m, sizeof(param));
++      msg = nlmsg_alloc();
++      if (!msg)
++              goto out;
++
++      genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
++                  0, NL80211_CMD_NEW_STATION, 0);
++
++      /*
++       * XXX: FIX! this needs to flush all VLANs too
++       */
++      NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
++                  if_nametoindex(drv->iface));
++
++      ret = 0;
++
++      if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
++          nl_wait_for_ack(drv->nl_handle) < 0) {
++              ret = -1;
++      }
++
++ nla_put_failure:
++      nlmsg_free(msg);
++
++ out:
++      return ret;
+ }
+ 
+ 
++static int get_sta_handler(struct nl_msg *msg, void *arg)
++{
++      struct nlattr *tb[NL80211_ATTR_MAX + 1];
++      struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
++      struct hostap_sta_driver_data *data = arg;
++      struct nlattr *stats[NL80211_STA_STAT_MAX + 1];
++      static struct nla_policy stats_policy[NL80211_STA_STAT_MAX + 1] = {
++              [NL80211_STA_STAT_INACTIVE_TIME] = { .type = NLA_U32 },
++              [NL80211_STA_STAT_RX_BYTES] = { .type = NLA_U32 },
++              [NL80211_STA_STAT_TX_BYTES] = { .type = NLA_U32 },
++      };
++
++      nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
++                genlmsg_attrlen(gnlh, 0), NULL);
++
++      /*
++       * TODO: validate the interface and mac address!
++       * Otherwise, there's a race condition as soon as
++       * the kernel starts sending station notifications.
++       */
++
++      if (!tb[NL80211_ATTR_STA_STATS]) {
++              printf("sta stats missing!\n");
++              return NL_SKIP;
++      }
++      if (nla_parse_nested(stats, NL80211_STA_STAT_MAX,
++                           tb[NL80211_ATTR_STA_STATS],
++                           stats_policy)) {
++              printf("failed to parse nested attributes!\n");
++              return NL_SKIP;
++      }
++
++      if (stats[NL80211_STA_STAT_INACTIVE_TIME])
++              data->inactive_msec =
++                      nla_get_u32(stats[NL80211_STA_STAT_INACTIVE_TIME]);
++      if (stats[NL80211_STA_STAT_RX_BYTES])
++              data->rx_bytes = nla_get_u32(stats[NL80211_STA_STAT_RX_BYTES]);
++      if (stats[NL80211_STA_STAT_TX_BYTES])
++              data->rx_bytes = nla_get_u32(stats[NL80211_STA_STAT_TX_BYTES]);
++
++      return NL_SKIP;
++}
++
+ static int i802_read_sta_data(void *priv, struct hostap_sta_driver_data *data,
+                             const u8 *addr)
+ {
+       struct i802_driver_data *drv = priv;
+-      struct prism2_hostapd_param param;
++      struct nl_msg *msg;
++      struct nl_cb *cb = NULL;
++      int ret = -1;
++      int err = 0;
++      int finished = 0;
+ 
+-      memset(data, 0, sizeof(*data));
++      msg = nlmsg_alloc();
++      if (!msg)
++              goto out;
+ 
+-      memset(¶m, 0, sizeof(param));
+-      param.cmd = PRISM2_HOSTAPD_GET_INFO_STA;
+-      memcpy(param.sta_addr, addr, ETH_ALEN);
+-      if (hostapd_ioctl(drv, ¶m, sizeof(param))) {
+-              printf("  Could not get station info from kernel driver.\n");
+-              return -1;
+-      }
++      genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
++                  0, NL80211_CMD_GET_STATION, 0);
++
++      NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
++      NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(drv->iface));
++
++      cb = nl_cb_alloc(NL_CB_CUSTOM);
++      if (!cb)
++              goto out;
++
++      if (nl_send_auto_complete(drv->nl_handle, msg) < 0)
++              goto out;
++
++      nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, get_sta_handler, data);
++      nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_wait_handler, &finished);
++
++      err = nl_recvmsgs(drv->nl_handle, cb);
++
++      if (!finished)
++              err = nl_wait_for_ack(drv->nl_handle);
++
++      if (err < 0)
++              goto out;
++
++      ret = 0;
++
++ out:
++      nl_cb_put(cb);
++ nla_put_failure:
++      nlmsg_free(msg);
++      return ret;
+ 
+-      data->inactive_msec = param.u.get_info_sta.inactive_msec;
+-      data->rx_packets = param.u.get_info_sta.rx_packets;
+-      data->tx_packets = param.u.get_info_sta.tx_packets;
+-      data->rx_bytes = param.u.get_info_sta.rx_bytes;
+-      data->tx_bytes = param.u.get_info_sta.tx_bytes;
+-      data->current_tx_rate = param.u.get_info_sta.current_tx_rate;
+-      data->flags = param.u.get_info_sta.flags;
+-      data->num_ps_buf_frames = param.u.get_info_sta.num_ps_buf_frames;
+-      data->tx_retry_failed = param.u.get_info_sta.tx_retry_failed;
+-      data->tx_retry_count = param.u.get_info_sta.tx_retry_count;
+-      data->last_rssi = param.u.get_info_sta.last_rssi;
+-      data->last_ack_rssi = param.u.get_info_sta.last_ack_rssi;
+-      return 0;
+ }
+ 
+ 
+@@ -744,35 +825,68 @@ static int i802_sta_add(const char *ifna
+                       size_t supp_rates_len, int flags)
+ {
+       struct i802_driver_data *drv = priv;
+-      struct prism2_hostapd_param param;
+-      size_t len;
++      struct nl_msg *msg;
++      int ret = -1;
+ 
+-      memset(¶m, 0, sizeof(param));
+-      param.cmd = PRISM2_HOSTAPD_ADD_STA;
+-      memcpy(param.sta_addr, addr, ETH_ALEN);
+-      param.u.add_sta.aid = aid;
+-      param.u.add_sta.capability = capability;
+-      len = supp_rates_len;
+-      if (len > sizeof(param.u.add_sta.supp_rates))
+-              len = sizeof(param.u.add_sta.supp_rates);
+-      memcpy(param.u.add_sta.supp_rates, supp_rates, len);
+-      return hostapd_ioctl_iface(ifname, drv, ¶m, sizeof(param));
++      msg = nlmsg_alloc();
++      if (!msg)
++              goto out;
++
++      genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
++                  0, NL80211_CMD_NEW_STATION, 0);
++
++      NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
++                  if_nametoindex(drv->iface));
++      NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
++      NLA_PUT_U16(msg, NL80211_ATTR_STA_AID, aid);
++      NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_RATES, supp_rates_len,
++              supp_rates);
++      NLA_PUT_U16(msg, NL80211_ATTR_STA_LISTEN_INTERVAL, 0);
++
++      ret = 0;
++
++      if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
++          nl_wait_for_ack(drv->nl_handle) < 0) {
++              ret = -1;
++      }
++
++ nla_put_failure:
++      nlmsg_free(msg);
++
++ out:
++      return ret;
+ }
+ 
+ 
+ static int i802_sta_remove(void *priv, const u8 *addr)
+ {
+       struct i802_driver_data *drv = priv;
+-      struct prism2_hostapd_param param;
++      struct nl_msg *msg;
++      int ret = -1;
+ 
+-      i802_sta_set_flags(drv, addr, 0, 0, ~WLAN_STA_AUTHORIZED);
++      msg = nlmsg_alloc();
++      if (!msg)
++              goto out;
+ 
+-      memset(¶m, 0, sizeof(param));
+-      param.cmd = PRISM2_HOSTAPD_REMOVE_STA;
+-      memcpy(param.sta_addr, addr, ETH_ALEN);
+-      if (hostapd_ioctl(drv, ¶m, sizeof(param)))
+-              return -1;
+-      return 0;
++      genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
++                  0, NL80211_CMD_DEL_STATION, 0);
++
++      NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
++                  if_nametoindex(drv->iface));
++      NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
++
++      ret = 0;
++
++      if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
++          nl_wait_for_ack(drv->nl_handle) < 0) {
++              ret = -1;
++      }
++
++ nla_put_failure:
++      nlmsg_free(msg);
++
++ out:
++      return ret;
+ }
+ 
+ 
+@@ -780,14 +894,51 @@ static int i802_sta_set_flags(void *priv
+                             int total_flags, int flags_or, int flags_and)
+ {
+       struct i802_driver_data *drv = priv;
+-      struct prism2_hostapd_param param;
++      struct nl_msg *msg, *flags = NULL;
++      int ret = -1;
+ 
+-      memset(¶m, 0, sizeof(param));
+-      param.cmd = PRISM2_HOSTAPD_SET_FLAGS_STA;
+-      memcpy(param.sta_addr, addr, ETH_ALEN);
+-      param.u.set_flags_sta.flags_or = flags_or;
+-      param.u.set_flags_sta.flags_and = flags_and;
+-      return hostapd_ioctl(drv, ¶m, sizeof(param));
++      msg = nlmsg_alloc();
++      if (!msg)
++              goto out;
++
++      flags = nlmsg_alloc();
++      if (!flags)
++              goto free_msg;
++
++      genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
++                  0, NL80211_CMD_SET_STATION, 0);
++
++      NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
++                  if_nametoindex(drv->iface));
++      NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
++
++      if (total_flags & WLAN_STA_AUTHORIZED)
++              NLA_PUT_FLAG(flags, NL80211_STA_FLAG_AUTHORIZED);
++
++      if (total_flags & WLAN_STA_WME)
++              NLA_PUT_FLAG(flags, NL80211_STA_FLAG_WME);
++
++      if (total_flags & WLAN_STA_SHORT_PREAMBLE)
++              NLA_PUT_FLAG(flags, NL80211_STA_FLAG_SHORT_PREAMBLE);
++
++      if (nla_put_nested(msg, NL80211_ATTR_STA_FLAGS, flags))
++              goto nla_put_failure;
++
++      ret = 0;
++
++      if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
++          nl_wait_for_ack(drv->nl_handle) < 0) {
++              ret = -1;
++      }
++
++ nla_put_failure:
++      nlmsg_free(flags);
++
++ free_msg:
++      nlmsg_free(msg);
++
++ out:
++      return ret;
+ }
+ 
+ 
+@@ -1257,18 +1408,38 @@ static struct hostapd_hw_modes * i802_ge
+ }
+ 
+ 
+-static int i802_set_sta_vlan(void *priv, const u8 *addr, const char *ifname,
+-                           int vlan_id)
++static int i802_set_sta_vlan(void *priv, const u8 *addr,
++                           const char *ifname, int vlan_id)
+ {
+       struct i802_driver_data *drv = priv;
+-      struct prism2_hostapd_param param;
++      struct nl_msg *msg;
++      int ret = -1;
+ 
+-      memset(¶m, 0, sizeof(param));
+-      param.cmd = PRISM2_HOSTAPD_SET_STA_VLAN;
+-      memcpy(param.sta_addr, addr, ETH_ALEN);
+-      os_strlcpy(param.u.set_sta_vlan.vlan_name, ifname, IFNAMSIZ);
+-      param.u.set_sta_vlan.vlan_id = vlan_id;
+-      return hostapd_ioctl(drv, ¶m, sizeof(param));
++      msg = nlmsg_alloc();
++      if (!msg)
++              goto out;
++
++      genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
++                  0, NL80211_CMD_SET_STATION, 0);
++
++      NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
++                  if_nametoindex(drv->iface));
++      NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
++      NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
++                  if_nametoindex(ifname));
++
++      ret = 0;
++
++      if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
++          nl_wait_for_ack(drv->nl_handle) < 0) {
++              ret = -1;
++      }
++
++ nla_put_failure:
++      nlmsg_free(msg);
++
++ out:
++      return ret;
+ }
+ 
+ 
+@@ -1750,17 +1921,14 @@ static int i802_init_sockets(struct i802
+ 
+ static int i802_get_inact_sec(void *priv, const u8 *addr)
+ {
+-      struct i802_driver_data *drv = priv;
+-      struct prism2_hostapd_param param;
++      struct hostap_sta_driver_data data;
++      int ret;
+ 
+-      memset(¶m, 0, sizeof(param));
+-      param.cmd = PRISM2_HOSTAPD_GET_INFO_STA;
+-      memcpy(param.sta_addr, addr, ETH_ALEN);
+-      if (hostapd_ioctl(drv, ¶m, sizeof(param))) {
++      data.inactive_msec = -1;
++      ret = i802_read_sta_data(priv, &data, addr);
++      if (ret || data.inactive_msec == -1)
+               return -1;
+-      }
+-
+-      return param.u.get_info_sta.inactive_msec / 1000;
++      return data.inactive_msec / 1000;
+ }
+ 
+ 
 
+++ /dev/null
-Index: hostapd-0.5.7/driver_madwifi.c
-===================================================================
---- hostapd-0.5.7.orig/driver_madwifi.c        2007-06-04 13:22:31.768025808 +0200
-+++ hostapd-0.5.7/driver_madwifi.c     2007-06-04 13:22:32.051982640 +0200
-@@ -21,12 +21,9 @@
- #include <include/compat.h>
- #include <net80211/ieee80211.h>
- #ifdef WME_NUM_AC
--/* Assume this is built against BSD branch of madwifi driver. */
--#define MADWIFI_BSD
--#include <net80211/_ieee80211.h>
--#endif /* WME_NUM_AC */
- #include <net80211/ieee80211_crypto.h>
- #include <net80211/ieee80211_ioctl.h>
-+#endif /* WME_NUM_AC */
- 
- #ifdef IEEE80211_IOCTL_SETWMMPARAMS
- /* Assume this is built against madwifi-ng */
-@@ -169,6 +166,11 @@
-       return 0;
- }
- 
-+static int madwifi_get_inact_sec(void *priv, const u8 *addr)
-+{
-+      return 0;
-+}
-+
- static int
- set80211param(struct madwifi_driver_data *drv, int op, int arg)
- {
-@@ -1258,7 +1260,6 @@
-               goto bad;
-       }
- 
--      madwifi_set_iface_flags(drv, 0);        /* mark down during setup */
-       madwifi_set_privacy(drv->iface, drv, 0); /* default to no privacy */
- 
-       hapd->driver = &drv->ops;
-@@ -1281,7 +1282,6 @@
- 
-       drv->hapd->driver = NULL;
- 
--      (void) madwifi_set_iface_flags(drv, 0);
-       if (drv->ioctl_sock >= 0)
-               close(drv->ioctl_sock);
-       if (drv->sock_recv != NULL && drv->sock_recv != drv->sock_xmit)
-@@ -1367,6 +1367,7 @@
-       .get_ssid               = madwifi_get_ssid,
-       .set_countermeasures    = madwifi_set_countermeasures,
-       .sta_clear_stats        = madwifi_sta_clear_stats,
-+      .get_inact_sec          = madwifi_get_inact_sec,
-       .commit                 = madwifi_commit,
- };
- 
 
                install
 endef
 
-define Build/InstallDev
+ifneq ($(CONFIG_LINUX_2_6_23),)
+  define Build/InstallDev
        $(CP) $(PKG_INSTALL_DIR)/* $(1)/
-endef
+       $(CP) $(PKG_BUILD_DIR)/include/linux $(1)/usr/include/
+  endef
 
-define Build/UninstallDev
-endef
+  define Build/UninstallDev
+  endef
 
-define Package/libnl/install
+  define Package/libnl/install
        $(INSTALL_DIR) $(1)/usr/lib
        $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/libnl.so.1 $(1)/usr/lib/
-endef
+  endef
+endif
 
 $(eval $(call BuildPackage,libnl))
 
   TITLE:=Linux 802.11 Wireless Networking Stack
   DEPENDS:=@LINUX_2_6_23 +kmod-crypto-arc4 +kmod-crypto-aes +wireless-tools
   FILES:= \
-       $(PKG_BUILD_DIR)/mac80211/mac80211.$(LINUX_KMOD_SUFFIX) \
-       $(PKG_BUILD_DIR)/mac80211/rc80211_simple.$(LINUX_KMOD_SUFFIX) \
-       $(PKG_BUILD_DIR)/wireless/cfg80211.$(LINUX_KMOD_SUFFIX)
-  AUTOLOAD:=$(call AutoLoad,20,cfg80211 mac80211 rc80211_simple)
+       $(PKG_BUILD_DIR)/net/mac80211/mac80211.$(LINUX_KMOD_SUFFIX) \
+       $(PKG_BUILD_DIR)/net/wireless/cfg80211.$(LINUX_KMOD_SUFFIX)
+  AUTOLOAD:=$(call AutoLoad,20,cfg80211 mac80211)
 endef
 
 define KernelPackage/mac80211/description
 CONFOPTS:=MAC80211 CFG80211 NL80211
 
 BUILDFLAGS:= \
-       $(foreach opt,$(CONFOPTS),-DCONFIG_$(opt) ) \
+       $(foreach opt,$(CONFOPTS),-DCONFIG_$(opt) -DCONFIG_MAC80211_RCSIMPLE=1) \
        $(if $(CONFIG_LEDS_TRIGGERS), -DCONFIG_MAC80211_LEDS -DCONFIG_LEDS_TRIGGERS)
 
 MAKE_OPTS:= \
        EXTRA_CFLAGS="$(BUILDFLAGS)" \
        $(foreach opt,$(CONFOPTS),CONFIG_$(opt)=m) \
        CONFIG_NL80211=y \
+       CONFIG_MAC80211_RCSIMPLE=y \
        CONFIG_MAC80211_LEDS=$(CONFIG_LEDS_TRIGGERS) \
-       LINUXINCLUDE="-I${CURDIR}/src/include -I$(LINUX_DIR)/include -include linux/autoconf.h" \
+       LINUXINCLUDE="-I$(PKG_BUILD_DIR)/include -I$(LINUX_DIR)/include -include linux/autoconf.h" \
 
 define Build/Prepare
-       mkdir -p $(PKG_BUILD_DIR)/mac80211
-       $(CP) ./src/mac80211/* $(PKG_BUILD_DIR)/mac80211/
-       mkdir -p $(PKG_BUILD_DIR)/wireless
-       $(CP) ./src/wireless/* $(PKG_BUILD_DIR)/wireless/
+       rm -rf $(PKG_BUILD_DIR)
+       mkdir -p $(PKG_BUILD_DIR)
+       $(CP) ./src/* $(PKG_BUILD_DIR)/
+       $(Build/Patch)
+       $(if $(QUILT),touch $(PKG_BUILD_DIR)/.quilt_used)
 endef
 
 define Build/Compile
-       $(MAKE) -C "$(LINUX_DIR)" $(MAKE_OPTS) SUBDIRS="$(PKG_BUILD_DIR)/wireless" modules
-       $(MAKE) -C "$(LINUX_DIR)" $(MAKE_OPTS) SUBDIRS="$(PKG_BUILD_DIR)/mac80211" modules
+       $(MAKE) -C "$(LINUX_DIR)" $(MAKE_OPTS) SUBDIRS="$(PKG_BUILD_DIR)/net/wireless" modules
+       $(MAKE) -C "$(LINUX_DIR)" $(MAKE_OPTS) SUBDIRS="$(PKG_BUILD_DIR)/net/mac80211" modules
 endef
 
 define Build/InstallDev
        mkdir -p $(1)/usr/include/mac80211
-       $(CP) ./src/include/* $(1)/usr/include/mac80211/
+       $(CP) $(PKG_BUILD_DIR)/net/mac80211/*.h $(PKG_BUILD_DIR)/include/* $(1)/usr/include/mac80211/
 endef
 
 define Build/UninstallDev
 
--- /dev/null
+Index: mac80211/include/linux/ieee80211.h
+===================================================================
+--- mac80211.orig/include/linux/ieee80211.h    2007-11-11 15:45:23.153490050 +0100
++++ mac80211/include/linux/ieee80211.h 2007-11-11 15:45:30.417904025 +0100
+@@ -81,18 +81,18 @@
+ 
+ 
+ /* miscellaneous IEEE 802.11 constants */
+-#define IEEE80211_MAX_FRAG_THRESHOLD  2346
+-#define IEEE80211_MAX_RTS_THRESHOLD   2347
++#define IEEE80211_MAX_FRAG_THRESHOLD  2352
++#define IEEE80211_MAX_RTS_THRESHOLD   2353
+ #define IEEE80211_MAX_AID             2007
+ #define IEEE80211_MAX_TIM_LEN         251
+-#define IEEE80211_MAX_DATA_LEN                2304
+ /* Maximum size for the MA-UNITDATA primitive, 802.11 standard section
+    6.2.1.1.2.
+ 
+-   The figure in section 7.1.2 suggests a body size of up to 2312
+-   bytes is allowed, which is a bit confusing, I suspect this
+-   represents the 2304 bytes of real data, plus a possible 8 bytes of
+-   WEP IV and ICV. (this interpretation suggested by Ramiro Barreiro) */
++   802.11e clarifies the figure in section 7.1.2. The frame body is
++   up to 2304 octets long (maximum MSDU size) plus any crypt overhead. */
++#define IEEE80211_MAX_DATA_LEN                2304
++/* 30 byte 4 addr hdr, 2 byte QoS, 2304 byte MSDU, 12 byte crypt, 4 byte FCS */
++#define IEEE80211_MAX_FRAME_LEN               2352
+ 
+ #define IEEE80211_MAX_SSID_LEN                32
+ 
+Index: mac80211/include/linux/nl80211.h
+===================================================================
+--- mac80211.orig/include/linux/nl80211.h      2007-11-11 15:45:23.161490506 +0100
++++ mac80211/include/linux/nl80211.h   2007-11-11 15:45:30.421904255 +0100
+@@ -25,7 +25,7 @@
+  *    either a dump request on a %NL80211_ATTR_WIPHY or a specific get
+  *    on an %NL80211_ATTR_IFINDEX is supported.
+  * @NL80211_CMD_SET_INTERFACE: Set type of a virtual interface, requires
+-      %NL80211_ATTR_IFINDEX and %NL80211_ATTR_IFTYPE.
++ *    %NL80211_ATTR_IFINDEX and %NL80211_ATTR_IFTYPE.
+  * @NL80211_CMD_NEW_INTERFACE: Newly created virtual interface or response
+  *    to %NL80211_CMD_GET_INTERFACE. Has %NL80211_ATTR_IFINDEX,
+  *    %NL80211_ATTR_WIPHY and %NL80211_ATTR_IFTYPE attributes. Can also
+Index: mac80211/include/net/mac80211.h
+===================================================================
+--- mac80211.orig/include/net/mac80211.h       2007-11-11 15:45:23.169490961 +0100
++++ mac80211/include/net/mac80211.h    2007-11-11 15:45:30.429904707 +0100
+@@ -706,11 +706,16 @@
+  *
+  * @queues: number of available hardware transmit queues for
+  *    data packets. WMM/QoS requires at least four.
++ *
++ * @rate_control_algorithm: rate control algorithm for this hardware.
++ *    If unset (NULL), the default algorithm will be used. Must be
++ *    set before calling ieee80211_register_hw().
+  */
+ struct ieee80211_hw {
+       struct ieee80211_conf conf;
+       struct wiphy *wiphy;
+       struct workqueue_struct *workqueue;
++      const char *rate_control_algorithm;
+       void *priv;
+       u32 flags;
+       unsigned int extra_tx_headroom;
+@@ -936,27 +941,11 @@
+  *    and remove_interface calls, i.e. while the interface with the
+  *    given local_address is enabled.
+  *
+- * @set_ieee8021x: Enable/disable IEEE 802.1X. This item requests wlan card
+- *    to pass unencrypted EAPOL-Key frames even when encryption is
+- *    configured. If the wlan card does not require such a configuration,
+- *    this function pointer can be set to NULL.
+- *
+- * @set_port_auth: Set port authorization state (IEEE 802.1X PAE) to be
+- *    authorized (@authorized=1) or unauthorized (=0). This function can be
+- *    used if the wlan hardware or low-level driver implements PAE.
+- *    mac80211 will filter frames based on authorization state in any case,
+- *    so this function pointer can be NULL if low-level driver does not
+- *    require event notification about port state changes.
+- *
+  * @hw_scan: Ask the hardware to service the scan request, no need to start
+  *    the scan state machine in stack.
+  *
+  * @get_stats: return low-level statistics
+  *
+- * @set_privacy_invoked: For devices that generate their own beacons and probe
+- *    response or association responses this updates the state of privacy_invoked
+- *    returns 0 for success or an error number.
+- *
+  * @get_sequence_counter: For devices that have internal sequence counters this
+  *    callback allows mac80211 to access the current value of a counter.
+  *    This callback seems not well-defined, tell us if you need it.
+@@ -1029,14 +1018,9 @@
+       int (*set_key)(struct ieee80211_hw *hw, enum set_key_cmd cmd,
+                      const u8 *local_address, const u8 *address,
+                      struct ieee80211_key_conf *key);
+-      int (*set_ieee8021x)(struct ieee80211_hw *hw, int use_ieee8021x);
+-      int (*set_port_auth)(struct ieee80211_hw *hw, u8 *addr,
+-                           int authorized);
+       int (*hw_scan)(struct ieee80211_hw *hw, u8 *ssid, size_t len);
+       int (*get_stats)(struct ieee80211_hw *hw,
+                        struct ieee80211_low_level_stats *stats);
+-      int (*set_privacy_invoked)(struct ieee80211_hw *hw,
+-                                 int privacy_invoked);
+       int (*get_sequence_counter)(struct ieee80211_hw *hw,
+                                   u8* addr, u8 keyidx, u8 txrx,
+                                   u32* iv32, u16* iv16);
+Index: mac80211/net/mac80211/aes_ccm.c
+===================================================================
+--- mac80211.orig/net/mac80211/aes_ccm.c       2007-11-11 15:45:23.177491419 +0100
++++ mac80211/net/mac80211/aes_ccm.c    2007-11-11 15:45:30.433904936 +0100
+@@ -7,10 +7,10 @@
+  * published by the Free Software Foundation.
+  */
+ 
++#include <linux/kernel.h>
+ #include <linux/types.h>
+ #include <linux/crypto.h>
+ #include <linux/err.h>
+-#include <asm/scatterlist.h>
+ 
+ #include <net/mac80211.h>
+ #include "ieee80211_key.h"
+@@ -63,7 +63,7 @@
+       s_0 = scratch + AES_BLOCK_LEN;
+       e = scratch + 2 * AES_BLOCK_LEN;
+ 
+-      num_blocks = (data_len + AES_BLOCK_LEN - 1) / AES_BLOCK_LEN;
++      num_blocks = DIV_ROUND_UP(data_len, AES_BLOCK_LEN);
+       last_len = data_len % AES_BLOCK_LEN;
+       aes_ccm_prepare(tfm, b_0, aad, b, s_0, b);
+ 
+@@ -102,7 +102,7 @@
+       s_0 = scratch + AES_BLOCK_LEN;
+       a = scratch + 2 * AES_BLOCK_LEN;
+ 
+-      num_blocks = (data_len + AES_BLOCK_LEN - 1) / AES_BLOCK_LEN;
++      num_blocks = DIV_ROUND_UP(data_len, AES_BLOCK_LEN);
+       last_len = data_len % AES_BLOCK_LEN;
+       aes_ccm_prepare(tfm, b_0, aad, b, s_0, a);
+ 
+Index: mac80211/net/mac80211/ieee80211.c
+===================================================================
+--- mac80211.orig/net/mac80211/ieee80211.c     2007-11-11 15:45:23.185491871 +0100
++++ mac80211/net/mac80211/ieee80211.c  2007-11-11 15:45:30.437905164 +0100
+@@ -1061,7 +1061,8 @@
+       ieee80211_debugfs_add_netdev(IEEE80211_DEV_TO_SUB_IF(local->mdev));
+       ieee80211_if_set_type(local->mdev, IEEE80211_IF_TYPE_AP);
+ 
+-      result = ieee80211_init_rate_ctrl_alg(local, NULL);
++      result = ieee80211_init_rate_ctrl_alg(local,
++                                            hw->rate_control_algorithm);
+       if (result < 0) {
+               printk(KERN_DEBUG "%s: Failed to initialize rate control "
+                      "algorithm\n", wiphy_name(local->hw.wiphy));
+@@ -1222,8 +1223,17 @@
+ 
+       BUILD_BUG_ON(sizeof(struct ieee80211_tx_packet_data) > sizeof(skb->cb));
+ 
++#ifdef CONFIG_MAC80211_RCSIMPLE
++      ret = ieee80211_rate_control_register(&mac80211_rcsimple);
++      if (ret)
++              return ret;
++#endif
++
+       ret = ieee80211_wme_register();
+       if (ret) {
++#ifdef CONFIG_MAC80211_RCSIMPLE
++              ieee80211_rate_control_unregister(&mac80211_rcsimple);
++#endif
+               printk(KERN_DEBUG "ieee80211_init: failed to "
+                      "initialize WME (err=%d)\n", ret);
+               return ret;
+@@ -1237,6 +1247,10 @@
+ 
+ static void __exit ieee80211_exit(void)
+ {
++#ifdef CONFIG_MAC80211_RCSIMPLE
++      ieee80211_rate_control_unregister(&mac80211_rcsimple);
++#endif
++
+       ieee80211_wme_unregister();
+       ieee80211_debugfs_netdev_exit();
+ }
+Index: mac80211/net/mac80211/ieee80211_i.h
+===================================================================
+--- mac80211.orig/net/mac80211/ieee80211_i.h   2007-11-11 15:45:23.189492100 +0100
++++ mac80211/net/mac80211/ieee80211_i.h        2007-11-11 15:45:30.441905395 +0100
+@@ -232,6 +232,7 @@
+ #define IEEE80211_STA_AUTO_SSID_SEL   BIT(10)
+ #define IEEE80211_STA_AUTO_BSSID_SEL  BIT(11)
+ #define IEEE80211_STA_AUTO_CHANNEL_SEL        BIT(12)
++#define IEEE80211_STA_PRIVACY_INVOKED BIT(13)
+ struct ieee80211_if_sta {
+       enum {
+               IEEE80211_DISABLED, IEEE80211_AUTHENTICATE,
+@@ -261,7 +262,6 @@
+       unsigned long request;
+       struct sk_buff_head skb_queue;
+ 
+-      int key_management_enabled;
+       unsigned long last_probe;
+ 
+ #define IEEE80211_AUTH_ALG_OPEN BIT(0)
+Index: mac80211/net/mac80211/ieee80211_ioctl.c
+===================================================================
+--- mac80211.orig/net/mac80211/ieee80211_ioctl.c       2007-11-11 15:45:23.197492559 +0100
++++ mac80211/net/mac80211/ieee80211_ioctl.c    2007-11-11 15:45:30.441905395 +0100
+@@ -305,9 +305,12 @@
+                           ((chan->chan == channel) || (chan->freq == freq))) {
+                               local->oper_channel = chan;
+                               local->oper_hw_mode = mode;
+-                              set++;
++                              set = 1;
++                              break;
+                       }
+               }
++              if (set)
++                      break;
+       }
+ 
+       if (set) {
+@@ -507,10 +510,11 @@
+ 
+ static int ieee80211_ioctl_siwscan(struct net_device *dev,
+                                  struct iw_request_info *info,
+-                                 struct iw_point *data, char *extra)
++                                 union iwreq_data *wrqu, char *extra)
+ {
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
++      struct iw_scan_req *req = NULL;
+       u8 *ssid = NULL;
+       size_t ssid_len = 0;
+ 
+@@ -535,6 +539,14 @@
+               return -EOPNOTSUPP;
+       }
+ 
++      /* if SSID was specified explicitly then use that */
++      if (wrqu->data.length == sizeof(struct iw_scan_req) &&
++          wrqu->data.flags & IW_SCAN_THIS_ESSID) {
++              req = (struct iw_scan_req *)extra;
++              ssid = req->essid;
++              ssid_len = req->essid_len;
++      }
++
+       return ieee80211_sta_req_scan(dev, ssid, ssid_len);
+ }
+ 
+@@ -621,22 +633,35 @@
+ {
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       bool need_reconfig = 0;
++      u8 new_power_level;
+ 
+       if ((data->txpower.flags & IW_TXPOW_TYPE) != IW_TXPOW_DBM)
+               return -EINVAL;
+       if (data->txpower.flags & IW_TXPOW_RANGE)
+               return -EINVAL;
+-      if (!data->txpower.fixed)
+-              return -EINVAL;
+ 
+-      if (local->hw.conf.power_level != data->txpower.value) {
+-              local->hw.conf.power_level = data->txpower.value;
++      if (data->txpower.fixed) {
++              new_power_level = data->txpower.value;
++      } else {
++              /* Automatic power level. Get the px power from the current
++               * channel. */
++              struct ieee80211_channel* chan = local->oper_channel;
++              if (!chan)
++                      return -EINVAL;
++
++              new_power_level = chan->power_level;
++      }
++
++      if (local->hw.conf.power_level != new_power_level) {
++              local->hw.conf.power_level = new_power_level;
+               need_reconfig = 1;
+       }
++
+       if (local->hw.conf.radio_enabled != !(data->txpower.disabled)) {
+               local->hw.conf.radio_enabled = !(data->txpower.disabled);
+               need_reconfig = 1;
+       }
++
+       if (need_reconfig) {
+               ieee80211_hw_config(local);
+               /* The return value of hw_config is not of big interest here,
+@@ -904,7 +929,6 @@
+                                  struct iw_request_info *info,
+                                  struct iw_param *data, char *extra)
+ {
+-      struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       int ret = 0;
+ 
+@@ -914,18 +938,21 @@
+       case IW_AUTH_CIPHER_GROUP:
+       case IW_AUTH_WPA_ENABLED:
+       case IW_AUTH_RX_UNENCRYPTED_EAPOL:
+-              break;
+       case IW_AUTH_KEY_MGMT:
++              break;
++      case IW_AUTH_PRIVACY_INVOKED:
+               if (sdata->type != IEEE80211_IF_TYPE_STA)
+                       ret = -EINVAL;
+               else {
++                      sdata->u.sta.flags &= ~IEEE80211_STA_PRIVACY_INVOKED;
+                       /*
+-                       * Key management was set by wpa_supplicant,
+-                       * we only need this to associate to a network
+-                       * that has privacy enabled regardless of not
+-                       * having a key.
++                       * Privacy invoked by wpa_supplicant, store the
++                       * value and allow associating to a protected
++                       * network without having a key up front.
+                        */
+-                      sdata->u.sta.key_management_enabled = !!data->value;
++                      if (data->value)
++                              sdata->u.sta.flags |=
++                                      IEEE80211_STA_PRIVACY_INVOKED;
+               }
+               break;
+       case IW_AUTH_80211_AUTH_ALG:
+@@ -935,11 +962,6 @@
+               else
+                       ret = -EOPNOTSUPP;
+               break;
+-      case IW_AUTH_PRIVACY_INVOKED:
+-              if (local->ops->set_privacy_invoked)
+-                      ret = local->ops->set_privacy_invoked(
+-                                      local_to_hw(local), data->value);
+-              break;
+       default:
+               ret = -EOPNOTSUPP;
+               break;
+Index: mac80211/net/mac80211/ieee80211_rate.c
+===================================================================
+--- mac80211.orig/net/mac80211/ieee80211_rate.c        2007-11-11 15:45:23.205493011 +0100
++++ mac80211/net/mac80211/ieee80211_rate.c     2007-11-11 15:45:30.441905395 +0100
+@@ -25,13 +25,25 @@
+ {
+       struct rate_control_alg *alg;
+ 
++      if (!ops->name)
++              return -EINVAL;
++
++      mutex_lock(&rate_ctrl_mutex);
++      list_for_each_entry(alg, &rate_ctrl_algs, list) {
++              if (!strcmp(alg->ops->name, ops->name)) {
++                      /* don't register an algorithm twice */
++                      WARN_ON(1);
++                      return -EALREADY;
++              }
++      }
++
+       alg = kzalloc(sizeof(*alg), GFP_KERNEL);
+       if (alg == NULL) {
++              mutex_unlock(&rate_ctrl_mutex);
+               return -ENOMEM;
+       }
+       alg->ops = ops;
+ 
+-      mutex_lock(&rate_ctrl_mutex);
+       list_add_tail(&alg->list, &rate_ctrl_algs);
+       mutex_unlock(&rate_ctrl_mutex);
+ 
+@@ -61,9 +73,12 @@
+       struct rate_control_alg *alg;
+       struct rate_control_ops *ops = NULL;
+ 
++      if (!name)
++              return NULL;
++
+       mutex_lock(&rate_ctrl_mutex);
+       list_for_each_entry(alg, &rate_ctrl_algs, list) {
+-              if (!name || !strcmp(alg->ops->name, name))
++              if (!strcmp(alg->ops->name, name))
+                       if (try_module_get(alg->ops->module)) {
+                               ops = alg->ops;
+                               break;
+@@ -80,9 +95,12 @@
+ {
+       struct rate_control_ops *ops;
+ 
++      if (!name)
++              name = "simple";
++
+       ops = ieee80211_try_rate_control_ops_get(name);
+       if (!ops) {
+-              request_module("rc80211_%s", name ? name : "default");
++              request_module("rc80211_%s", name);
+               ops = ieee80211_try_rate_control_ops_get(name);
+       }
+       return ops;
+Index: mac80211/net/mac80211/ieee80211_rate.h
+===================================================================
+--- mac80211.orig/net/mac80211/ieee80211_rate.h        2007-11-11 15:45:23.213493469 +0100
++++ mac80211/net/mac80211/ieee80211_rate.h     2007-11-11 15:45:30.445905621 +0100
+@@ -65,6 +65,9 @@
+       struct kref kref;
+ };
+ 
++/* default 'simple' algorithm */
++extern struct rate_control_ops mac80211_rcsimple;
++
+ int ieee80211_rate_control_register(struct rate_control_ops *ops);
+ void ieee80211_rate_control_unregister(struct rate_control_ops *ops);
+ 
+Index: mac80211/net/mac80211/ieee80211_sta.c
+===================================================================
+--- mac80211.orig/net/mac80211/ieee80211_sta.c 2007-11-11 15:45:23.217493699 +0100
++++ mac80211/net/mac80211/ieee80211_sta.c      2007-11-11 15:46:32.885463850 +0100
+@@ -12,7 +12,6 @@
+  */
+ 
+ /* TODO:
+- * BSS table: use <BSSID,SSID> as the key to support multi-SSID APs
+  * order BSS list by RSSI(?) ("quality of AP")
+  * scan result table filtering (by capability (privacy, IBSS/BSS, WPA/RSN IE,
+  *    SSID)
+@@ -61,7 +60,8 @@
+ static void ieee80211_send_probe_req(struct net_device *dev, u8 *dst,
+                                    u8 *ssid, size_t ssid_len);
+ static struct ieee80211_sta_bss *
+-ieee80211_rx_bss_get(struct net_device *dev, u8 *bssid);
++ieee80211_rx_bss_get(struct net_device *dev, u8 *bssid, int channel,
++                   u8 *ssid, u8 ssid_len);
+ static void ieee80211_rx_bss_put(struct net_device *dev,
+                                struct ieee80211_sta_bss *bss);
+ static int ieee80211_sta_find_ibss(struct net_device *dev,
+@@ -108,14 +108,11 @@
+       u8 wmm_param_len;
+ };
+ 
+-enum ParseRes { ParseOK = 0, ParseUnknown = 1, ParseFailed = -1 };
+-
+-static enum ParseRes ieee802_11_parse_elems(u8 *start, size_t len,
+-                                          struct ieee802_11_elems *elems)
++static void ieee802_11_parse_elems(u8 *start, size_t len,
++                                 struct ieee802_11_elems *elems)
+ {
+       size_t left = len;
+       u8 *pos = start;
+-      int unknown = 0;
+ 
+       memset(elems, 0, sizeof(*elems));
+ 
+@@ -126,15 +123,8 @@
+               elen = *pos++;
+               left -= 2;
+ 
+-              if (elen > left) {
+-#if 0
+-                      if (net_ratelimit())
+-                              printk(KERN_DEBUG "IEEE 802.11 element parse "
+-                                     "failed (id=%d elen=%d left=%d)\n",
+-                                     id, elen, left);
+-#endif
+-                      return ParseFailed;
+-              }
++              if (elen > left)
++                      return;
+ 
+               switch (id) {
+               case WLAN_EID_SSID:
+@@ -201,28 +191,15 @@
+                       elems->ext_supp_rates_len = elen;
+                       break;
+               default:
+-#if 0
+-                      printk(KERN_DEBUG "IEEE 802.11 element parse ignored "
+-                                    "unknown element (id=%d elen=%d)\n",
+-                                    id, elen);
+-#endif
+-                      unknown++;
+                       break;
+               }
+ 
+               left -= elen;
+               pos += elen;
+       }
+-
+-      /* Do not trigger error if left == 1 as Apple Airport base stations
+-       * send AssocResps that are one spurious byte too long. */
+-
+-      return unknown ? ParseUnknown : ParseOK;
+ }
+ 
+ 
+-
+-
+ static int ecw2cw(int ecw)
+ {
+       int cw = 1;
+@@ -426,7 +403,9 @@
+               if (sdata->type != IEEE80211_IF_TYPE_STA)
+                       return;
+ 
+-              bss = ieee80211_rx_bss_get(dev, ifsta->bssid);
++              bss = ieee80211_rx_bss_get(dev, ifsta->bssid,
++                                         local->hw.conf.channel,
++                                         ifsta->ssid, ifsta->ssid_len);
+               if (bss) {
+                       if (bss->has_erp_value)
+                               ieee80211_handle_erp_ie(dev, bss->erp_value);
+@@ -571,7 +550,8 @@
+               capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME |
+                       WLAN_CAPABILITY_SHORT_PREAMBLE;
+       }
+-      bss = ieee80211_rx_bss_get(dev, ifsta->bssid);
++      bss = ieee80211_rx_bss_get(dev, ifsta->bssid, local->hw.conf.channel,
++                                 ifsta->ssid, ifsta->ssid_len);
+       if (bss) {
+               if (bss->capability & WLAN_CAPABILITY_PRIVACY)
+                       capab |= WLAN_CAPABILITY_PRIVACY;
+@@ -719,24 +699,30 @@
+ static int ieee80211_privacy_mismatch(struct net_device *dev,
+                                     struct ieee80211_if_sta *ifsta)
+ {
++      struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_sta_bss *bss;
+-      int res = 0;
++      int bss_privacy;
++      int wep_privacy;
++      int privacy_invoked;
+ 
+-      if (!ifsta || (ifsta->flags & IEEE80211_STA_MIXED_CELL) ||
+-          ifsta->key_management_enabled)
++      if (!ifsta || (ifsta->flags & IEEE80211_STA_MIXED_CELL))
+               return 0;
+ 
+-      bss = ieee80211_rx_bss_get(dev, ifsta->bssid);
++      bss = ieee80211_rx_bss_get(dev, ifsta->bssid, local->hw.conf.channel,
++                                 ifsta->ssid, ifsta->ssid_len);
+       if (!bss)
+               return 0;
+ 
+-      if (ieee80211_sta_wep_configured(dev) !=
+-          !!(bss->capability & WLAN_CAPABILITY_PRIVACY))
+-              res = 1;
++      bss_privacy = !!(bss->capability & WLAN_CAPABILITY_PRIVACY);
++      wep_privacy = !!ieee80211_sta_wep_configured(dev);
++      privacy_invoked = !!(ifsta->flags & IEEE80211_STA_PRIVACY_INVOKED);
+ 
+       ieee80211_rx_bss_put(dev, bss);
+ 
+-      return res;
++      if ((bss_privacy == wep_privacy) || (bss_privacy == privacy_invoked))
++              return 0;
++
++      return 1;
+ }
+ 
+ 
+@@ -920,12 +906,7 @@
+ 
+       printk(KERN_DEBUG "%s: replying to auth challenge\n", dev->name);
+       pos = mgmt->u.auth.variable;
+-      if (ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems)
+-          == ParseFailed) {
+-              printk(KERN_DEBUG "%s: failed to parse Auth(challenge)\n",
+-                     dev->name);
+-              return;
+-      }
++      ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
+       if (!elems.challenge) {
+               printk(KERN_DEBUG "%s: no challenge IE in shared key auth "
+                      "frame\n", dev->name);
+@@ -1214,12 +1195,7 @@
+       }
+ 
+       pos = mgmt->u.assoc_resp.variable;
+-      if (ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems)
+-          == ParseFailed) {
+-              printk(KERN_DEBUG "%s: failed to parse AssocResp\n",
+-                     dev->name);
+-              return;
+-      }
++      ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
+ 
+       if (!elems.supp_rates) {
+               printk(KERN_DEBUG "%s: no SuppRates element in AssocResp\n",
+@@ -1231,7 +1207,9 @@
+        * update our stored copy */
+       if (elems.erp_info && elems.erp_info_len >= 1) {
+               struct ieee80211_sta_bss *bss
+-                      = ieee80211_rx_bss_get(dev, ifsta->bssid);
++                      = ieee80211_rx_bss_get(dev, ifsta->bssid,
++                                             local->hw.conf.channel,
++                                             ifsta->ssid, ifsta->ssid_len);
+               if (bss) {
+                       bss->erp_value = elems.erp_info[0];
+                       bss->has_erp_value = 1;
+@@ -1261,7 +1239,9 @@
+                              " AP\n", dev->name);
+                       return;
+               }
+-              bss = ieee80211_rx_bss_get(dev, ifsta->bssid);
++              bss = ieee80211_rx_bss_get(dev, ifsta->bssid,
++                                         local->hw.conf.channel,
++                                         ifsta->ssid, ifsta->ssid_len);
+               if (bss) {
+                       sta->last_rssi = bss->rssi;
+                       sta->last_signal = bss->signal;
+@@ -1337,7 +1317,8 @@
+ 
+ 
+ static struct ieee80211_sta_bss *
+-ieee80211_rx_bss_add(struct net_device *dev, u8 *bssid)
++ieee80211_rx_bss_add(struct net_device *dev, u8 *bssid, int channel,
++                   u8 *ssid, u8 ssid_len)
+ {
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_sta_bss *bss;
+@@ -1348,6 +1329,11 @@
+       atomic_inc(&bss->users);
+       atomic_inc(&bss->users);
+       memcpy(bss->bssid, bssid, ETH_ALEN);
++      bss->channel = channel;
++      if (ssid && ssid_len <= IEEE80211_MAX_SSID_LEN) {
++              memcpy(bss->ssid, ssid, ssid_len);
++              bss->ssid_len = ssid_len;
++      }
+ 
+       spin_lock_bh(&local->sta_bss_lock);
+       /* TODO: order by RSSI? */
+@@ -1359,7 +1345,8 @@
+ 
+ 
+ static struct ieee80211_sta_bss *
+-ieee80211_rx_bss_get(struct net_device *dev, u8 *bssid)
++ieee80211_rx_bss_get(struct net_device *dev, u8 *bssid, int channel,
++                   u8 *ssid, u8 ssid_len)
+ {
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_sta_bss *bss;
+@@ -1367,7 +1354,10 @@
+       spin_lock_bh(&local->sta_bss_lock);
+       bss = local->sta_bss_hash[STA_HASH(bssid)];
+       while (bss) {
+-              if (memcmp(bss->bssid, bssid, ETH_ALEN) == 0) {
++              if (!memcmp(bss->bssid, bssid, ETH_ALEN) &&
++                  bss->channel == channel &&
++                  bss->ssid_len == ssid_len &&
++                  (ssid_len == 0 || !memcmp(bss->ssid, ssid, ssid_len))) {
+                       atomic_inc(&bss->users);
+                       break;
+               }
+@@ -1429,7 +1419,7 @@
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee802_11_elems elems;
+       size_t baselen;
+-      int channel, invalid = 0, clen;
++      int channel, clen;
+       struct ieee80211_sta_bss *bss;
+       struct sta_info *sta;
+       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+@@ -1473,9 +1463,7 @@
+ #endif /* CONFIG_MAC80211_IBSS_DEBUG */
+       }
+ 
+-      if (ieee802_11_parse_elems(mgmt->u.beacon.variable, len - baselen,
+-                                 &elems) == ParseFailed)
+-              invalid = 1;
++      ieee802_11_parse_elems(mgmt->u.beacon.variable, len - baselen, &elems);
+ 
+       if (sdata->type == IEEE80211_IF_TYPE_IBSS && elems.supp_rates &&
+           memcmp(mgmt->bssid, sdata->u.sta.bssid, ETH_ALEN) == 0 &&
+@@ -1533,9 +1521,11 @@
+       else
+               channel = rx_status->channel;
+ 
+-      bss = ieee80211_rx_bss_get(dev, mgmt->bssid);
++      bss = ieee80211_rx_bss_get(dev, mgmt->bssid, channel,
++                                 elems.ssid, elems.ssid_len);
+       if (!bss) {
+-              bss = ieee80211_rx_bss_add(dev, mgmt->bssid);
++              bss = ieee80211_rx_bss_add(dev, mgmt->bssid, channel,
++                                         elems.ssid, elems.ssid_len);
+               if (!bss)
+                       return;
+       } else {
+@@ -1561,10 +1551,6 @@
+ 
+       bss->beacon_int = le16_to_cpu(mgmt->u.beacon.beacon_int);
+       bss->capability = le16_to_cpu(mgmt->u.beacon.capab_info);
+-      if (elems.ssid && elems.ssid_len <= IEEE80211_MAX_SSID_LEN) {
+-              memcpy(bss->ssid, elems.ssid, elems.ssid_len);
+-              bss->ssid_len = elems.ssid_len;
+-      }
+ 
+       bss->supp_rates_len = 0;
+       if (elems.supp_rates) {
+@@ -1635,7 +1621,6 @@
+ 
+ 
+       bss->hw_mode = rx_status->phymode;
+-      bss->channel = channel;
+       bss->freq = rx_status->freq;
+       if (channel != rx_status->channel &&
+           (bss->hw_mode == MODE_IEEE80211G ||
+@@ -1695,9 +1680,7 @@
+       if (baselen > len)
+               return;
+ 
+-      if (ieee802_11_parse_elems(mgmt->u.beacon.variable, len - baselen,
+-                                 &elems) == ParseFailed)
+-              return;
++      ieee802_11_parse_elems(mgmt->u.beacon.variable, len - baselen, &elems);
+ 
+       if (elems.erp_info && elems.erp_info_len >= 1)
+               ieee80211_handle_erp_ie(dev, elems.erp_info[0]);
+@@ -2098,7 +2081,8 @@
+ {
+       int tmp, hidden_ssid;
+ 
+-      if (!memcmp(ifsta->ssid, ssid, ssid_len))
++      if (ssid_len == ifsta->ssid_len &&
++          !memcmp(ifsta->ssid, ssid, ssid_len))
+               return 1;
+ 
+       if (ifsta->flags & IEEE80211_STA_AUTO_BSSID_SEL)
+@@ -2357,7 +2341,7 @@
+ {
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_sta_bss *bss;
+-      struct ieee80211_sub_if_data *sdata;
++      struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       struct ieee80211_hw_mode *mode;
+       u8 bssid[ETH_ALEN], *pos;
+       int i;
+@@ -2379,18 +2363,17 @@
+       printk(KERN_DEBUG "%s: Creating new IBSS network, BSSID " MAC_FMT "\n",
+              dev->name, MAC_ARG(bssid));
+ 
+-      bss = ieee80211_rx_bss_add(dev, bssid);
++      bss = ieee80211_rx_bss_add(dev, bssid, local->hw.conf.channel,
++                                 sdata->u.sta.ssid, sdata->u.sta.ssid_len);
+       if (!bss)
+               return -ENOMEM;
+ 
+-      sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       mode = local->oper_hw_mode;
+ 
+       if (local->hw.conf.beacon_int == 0)
+               local->hw.conf.beacon_int = 100;
+       bss->beacon_int = local->hw.conf.beacon_int;
+       bss->hw_mode = local->hw.conf.phymode;
+-      bss->channel = local->hw.conf.channel;
+       bss->freq = local->hw.conf.freq;
+       bss->last_update = jiffies;
+       bss->capability = WLAN_CAPABILITY_IBSS;
+@@ -2448,7 +2431,8 @@
+              MAC_FMT "\n", MAC_ARG(bssid), MAC_ARG(ifsta->bssid));
+ #endif /* CONFIG_MAC80211_IBSS_DEBUG */
+       if (found && memcmp(ifsta->bssid, bssid, ETH_ALEN) != 0 &&
+-          (bss = ieee80211_rx_bss_get(dev, bssid))) {
++          (bss = ieee80211_rx_bss_get(dev, bssid, local->hw.conf.channel,
++                                      ifsta->ssid, ifsta->ssid_len))) {
+               printk(KERN_DEBUG "%s: Selected IBSS BSSID " MAC_FMT
+                      " based on configured SSID\n",
+                      dev->name, MAC_ARG(bssid));
+Index: mac80211/net/mac80211/Kconfig
+===================================================================
+--- mac80211.orig/net/mac80211/Kconfig 2007-11-11 15:45:23.225494151 +0100
++++ mac80211/net/mac80211/Kconfig      2007-11-11 15:45:30.449905846 +0100
+@@ -13,6 +13,18 @@
+       This option enables the hardware independent IEEE 802.11
+       networking stack.
+ 
++config MAC80211_RCSIMPLE
++      bool "'simple' rate control algorithm" if EMBEDDED
++      default y
++      depends on MAC80211
++      help
++        This option allows you to turn off the 'simple' rate
++        control algorithm in mac80211. If you do turn it off,
++        you absolutely need another rate control algorithm.
++
++        Say Y unless you know you will have another algorithm
++        available.
++
+ config MAC80211_LEDS
+       bool "Enable LED triggers"
+       depends on MAC80211 && LEDS_TRIGGERS
+Index: mac80211/net/mac80211/Makefile
+===================================================================
+--- mac80211.orig/net/mac80211/Makefile        2007-11-11 15:45:23.233494609 +0100
++++ mac80211/net/mac80211/Makefile     2007-11-11 15:45:30.449905846 +0100
+@@ -1,8 +1,9 @@
+-obj-$(CONFIG_MAC80211) += mac80211.o rc80211_simple.o
++obj-$(CONFIG_MAC80211) += mac80211.o
+ 
+ mac80211-objs-$(CONFIG_MAC80211_LEDS) += ieee80211_led.o
+ mac80211-objs-$(CONFIG_MAC80211_DEBUGFS) += debugfs.o debugfs_sta.o debugfs_netdev.o debugfs_key.o
+ mac80211-objs-$(CONFIG_NET_SCHED) += wme.o
++mac80211-objs-$(CONFIG_MAC80211_RCSIMPLE) += rc80211_simple.o
+ 
+ mac80211-objs := \
+       ieee80211.o \
+Index: mac80211/net/mac80211/rc80211_simple.c
+===================================================================
+--- mac80211.orig/net/mac80211/rc80211_simple.c        2007-11-11 15:45:23.237494839 +0100
++++ mac80211/net/mac80211/rc80211_simple.c     2007-11-11 15:45:30.449905846 +0100
+@@ -7,7 +7,6 @@
+  * published by the Free Software Foundation.
+  */
+ 
+-#include <linux/module.h>
+ #include <linux/init.h>
+ #include <linux/netdevice.h>
+ #include <linux/types.h>
+@@ -29,8 +28,6 @@
+ #define RATE_CONTROL_INTERVAL (HZ / 20)
+ #define RATE_CONTROL_MIN_TX 10
+ 
+-MODULE_ALIAS("rc80211_default");
+-
+ static void rate_control_rate_inc(struct ieee80211_local *local,
+                                 struct sta_info *sta)
+ {
+@@ -393,8 +390,7 @@
+ }
+ #endif
+ 
+-static struct rate_control_ops rate_control_simple = {
+-      .module = THIS_MODULE,
++struct rate_control_ops mac80211_rcsimple = {
+       .name = "simple",
+       .tx_status = rate_control_simple_tx_status,
+       .get_rate = rate_control_simple_get_rate,
+@@ -409,22 +405,3 @@
+       .remove_sta_debugfs = rate_control_simple_remove_sta_debugfs,
+ #endif
+ };
+-
+-
+-static int __init rate_control_simple_init(void)
+-{
+-      return ieee80211_rate_control_register(&rate_control_simple);
+-}
+-
+-
+-static void __exit rate_control_simple_exit(void)
+-{
+-      ieee80211_rate_control_unregister(&rate_control_simple);
+-}
+-
+-
+-subsys_initcall(rate_control_simple_init);
+-module_exit(rate_control_simple_exit);
+-
+-MODULE_DESCRIPTION("Simple rate control algorithm for ieee80211");
+-MODULE_LICENSE("GPL");
+Index: mac80211/net/mac80211/rx.c
+===================================================================
+--- mac80211.orig/net/mac80211/rx.c    2007-11-11 15:45:23.245495291 +0100
++++ mac80211/net/mac80211/rx.c 2007-11-11 15:45:30.449905846 +0100
+@@ -509,9 +509,11 @@
+               rx->key->tx_rx_count++;
+               /* TODO: add threshold stuff again */
+       } else {
++#ifdef CONFIG_MAC80211_DEBUG
+               if (net_ratelimit())
+                       printk(KERN_DEBUG "%s: RX protected frame,"
+                              " but have no key\n", rx->dev->name);
++#endif /* CONFIG_MAC80211_DEBUG */
+               return TXRX_DROP;
+       }
+ 
+Index: mac80211/net/mac80211/wep.c
+===================================================================
+--- mac80211.orig/net/mac80211/wep.c   2007-11-11 15:45:23.253495749 +0100
++++ mac80211/net/mac80211/wep.c        2007-11-11 15:45:30.449905846 +0100
+@@ -16,7 +16,7 @@
+ #include <linux/crypto.h>
+ #include <linux/err.h>
+ #include <linux/mm.h>
+-#include <asm/scatterlist.h>
++#include <linux/scatterlist.h>
+ 
+ #include <net/mac80211.h>
+ #include "ieee80211_i.h"
+@@ -138,9 +138,7 @@
+       *icv = cpu_to_le32(~crc32_le(~0, data, data_len));
+ 
+       crypto_blkcipher_setkey(tfm, rc4key, klen);
+-      sg.page = virt_to_page(data);
+-      sg.offset = offset_in_page(data);
+-      sg.length = data_len + WEP_ICV_LEN;
++      sg_init_one(&sg, data, data_len + WEP_ICV_LEN);
+       crypto_blkcipher_encrypt(&desc, &sg, &sg, sg.length);
+ }
+ 
+@@ -204,9 +202,7 @@
+       __le32 crc;
+ 
+       crypto_blkcipher_setkey(tfm, rc4key, klen);
+-      sg.page = virt_to_page(data);
+-      sg.offset = offset_in_page(data);
+-      sg.length = data_len + WEP_ICV_LEN;
++      sg_init_one(&sg, data, data_len + WEP_ICV_LEN);
+       crypto_blkcipher_decrypt(&desc, &sg, &sg, sg.length);
+ 
+       crc = cpu_to_le32(~crc32_le(~0, data, data_len));
+@@ -318,9 +314,11 @@
+ 
+       if (!(rx->u.rx.status->flag & RX_FLAG_DECRYPTED)) {
+               if (ieee80211_wep_decrypt(rx->local, rx->skb, rx->key)) {
++#ifdef CONFIG_MAC80211_DEBUG
+                       if (net_ratelimit())
+                               printk(KERN_DEBUG "%s: RX WEP frame, decrypt "
+                                      "failed\n", rx->dev->name);
++#endif /* CONFIG_MAC80211_DEBUG */
+                       return TXRX_DROP;
+               }
+       } else if (!(rx->u.rx.status->flag & RX_FLAG_IV_STRIPPED)) {
+Index: mac80211/net/wireless/Kconfig
+===================================================================
+--- mac80211.orig/net/wireless/Kconfig 2007-11-11 15:45:23.261496205 +0100
++++ mac80211/net/wireless/Kconfig      2007-11-11 15:45:30.453906075 +0100
+@@ -3,7 +3,7 @@
+ 
+ config NL80211
+       bool "nl80211 new netlink interface support"
+-      depends CFG80211
++      depends on CFG80211
+       default y
+       ---help---
+          This option turns on the new netlink interface
 
--- /dev/null
+---
+ net/mac80211/hostapd_ioctl.h |  103 +++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 103 insertions(+)
+
+--- /dev/null  1970-01-01 00:00:00.000000000 +0000
++++ everything/net/mac80211/hostapd_ioctl.h    2007-11-07 13:19:23.031516330 +0100
+@@ -0,0 +1,103 @@
++/*
++ * Host AP (software wireless LAN access point) user space daemon for
++ * Host AP kernel driver
++ * Copyright 2002-2003, Jouni Malinen <jkmaline@cc.hut.fi>
++ * Copyright 2002-2004, Instant802 Networks, Inc.
++ * Copyright 2005, Devicescape Software, Inc.
++ *
++ * This program is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License version 2 as
++ * published by the Free Software Foundation.
++ */
++
++#ifndef HOSTAPD_IOCTL_H
++#define HOSTAPD_IOCTL_H
++
++#ifdef __KERNEL__
++#include <linux/types.h>
++#endif /* __KERNEL__ */
++
++#define PRISM2_IOCTL_PRISM2_PARAM (SIOCIWFIRSTPRIV + 0)
++#define PRISM2_IOCTL_GET_PRISM2_PARAM (SIOCIWFIRSTPRIV + 1)
++#define PRISM2_IOCTL_HOSTAPD (SIOCIWFIRSTPRIV + 3)
++
++/* PRISM2_IOCTL_PRISM2_PARAM ioctl() subtypes:
++ * This table is no longer added to, the whole sub-ioctl
++ * mess shall be deleted completely. */
++enum {
++      PRISM2_PARAM_AP_BRIDGE_PACKETS = 10,
++      PRISM2_PARAM_IEEE_802_1X = 23,
++
++      /* Instant802 additions */
++      PRISM2_PARAM_CTS_PROTECT_ERP_FRAMES = 1001,
++      PRISM2_PARAM_PREAMBLE = 1003,
++      PRISM2_PARAM_SHORT_SLOT_TIME = 1006,
++      PRISM2_PARAM_NEXT_MODE = 1008,
++      PRISM2_PARAM_PRIVACY_INVOKED = 1014,
++      PRISM2_PARAM_EAPOL = 1023,
++      PRISM2_PARAM_MGMT_IF = 1046,
++};
++
++/* PRISM2_IOCTL_HOSTAPD ioctl() cmd:
++ * This table is no longer added to, the hostapd ioctl
++ * shall be deleted completely. */
++enum {
++      PRISM2_HOSTAPD_FLUSH = 1,
++
++      /* Instant802 additions */
++      PRISM2_HOSTAPD_GET_HW_FEATURES = 1002,
++      PRISM2_HOSTAPD_SET_RATE_SETS = 1005,
++      PRISM2_HOSTAPD_SET_CHANNEL_FLAG = 1012,
++      PRISM2_HOSTAPD_SET_REGULATORY_DOMAIN = 1013,
++      PRISM2_HOSTAPD_SET_TX_QUEUE_PARAMS = 1014,
++};
++
++#define PRISM2_HOSTAPD_MAX_BUF_SIZE 2048
++#define ALIGNED __attribute__ ((aligned))
++
++struct prism2_hostapd_param {
++      u32 cmd;
++      u8 sta_addr[ETH_ALEN];
++      u8 pad[2];
++      union {
++              struct {
++                      u16 num_modes;
++                      u16 flags;
++                      u8 data[0] ALIGNED; /* num_modes * feature data */
++              } hw_features;
++              struct {
++                      u16 mode; /* MODE_* */
++                      u16 num_supported_rates;
++                      u16 num_basic_rates;
++                      u8 data[0] ALIGNED; /* num_supported_rates * u16 +
++                                           * num_basic_rates * u16 */
++              } set_rate_sets;
++              struct {
++                      u16 mode; /* MODE_* */
++                      u16 chan;
++                      u32 flag;
++                      u8 power_level; /* regulatory limit in dBm */
++                      u8 antenna_max;
++              } set_channel_flag;
++              struct {
++                      u32 rd;
++              } set_regulatory_domain;
++              struct {
++                      u32 queue;
++                      s32 aifs;
++                      u32 cw_min;
++                      u32 cw_max;
++                      u32 burst_time; /* maximum burst time in 0.1 ms, i.e.,
++                                       * 10 = 1 ms */
++              } tx_queue_params;
++      } u;
++};
++
++/* Data structures used for get_hw_features ioctl */
++struct hostapd_ioctl_hw_modes_hdr {
++      int mode;
++      int num_channels;
++      int num_rates;
++};
++
++#endif /* HOSTAPD_IOCTL_H */
 
--- /dev/null
+---
+ net/mac80211/ieee80211.c       |    5 +
+ net/mac80211/ieee80211_ioctl.c |  121 +++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 126 insertions(+)
+
+--- everything.orig/net/mac80211/ieee80211_ioctl.c     2007-11-07 13:06:34.902124618 +0100
++++ everything/net/mac80211/ieee80211_ioctl.c  2007-11-07 13:19:24.311521482 +0100
+@@ -21,6 +21,7 @@
+ 
+ #include <net/mac80211.h>
+ #include "ieee80211_i.h"
++#include "hostapd_ioctl.h"
+ #include "ieee80211_rate.h"
+ #include "wpa.h"
+ #include "aes_ccm.h"
+@@ -124,6 +125,47 @@ static int ieee80211_ioctl_siwgenie(stru
+       return -EOPNOTSUPP;
+ }
+ 
++
++static int ieee80211_ioctl_priv_hostapd(struct net_device *dev,
++                                      struct iw_point *p)
++{
++      struct prism2_hostapd_param *param;
++      int ret = 0;
++
++      if (p->length < sizeof(struct prism2_hostapd_param) ||
++          p->length > PRISM2_HOSTAPD_MAX_BUF_SIZE || !p->pointer) {
++              printk(KERN_DEBUG "%s: hostapd ioctl: ptr=%p len=%d min=%d "
++                     "max=%d\n", dev->name, p->pointer, p->length,
++                     (int)sizeof(struct prism2_hostapd_param),
++                     PRISM2_HOSTAPD_MAX_BUF_SIZE);
++              return -EINVAL;
++      }
++
++      param = kmalloc(p->length, GFP_KERNEL);
++      if (!param)
++              return -ENOMEM;
++
++      if (copy_from_user(param, p->pointer, p->length)) {
++              ret = -EFAULT;
++              goto out;
++      }
++
++      switch (param->cmd) {
++      default:
++              ret = -EOPNOTSUPP;
++              break;
++      }
++
++      if (copy_to_user(p->pointer, param, p->length))
++              ret = -EFAULT;
++
++ out:
++      kfree(param);
++
++      return ret;
++}
++
++
+ static int ieee80211_ioctl_giwname(struct net_device *dev,
+                                  struct iw_request_info *info,
+                                  char *name, char *extra)
+@@ -819,6 +861,49 @@ static int ieee80211_ioctl_giwretry(stru
+       return 0;
+ }
+ 
++static int ieee80211_ioctl_prism2_param(struct net_device *dev,
++                                      struct iw_request_info *info,
++                                      void *wrqu, char *extra)
++{
++      struct ieee80211_sub_if_data *sdata;
++      int *i = (int *) extra;
++      int param = *i;
++      int ret = 0;
++
++      if (!capable(CAP_NET_ADMIN))
++              return -EPERM;
++
++      sdata = IEEE80211_DEV_TO_SUB_IF(dev);
++
++      switch (param) {
++      default:
++              ret = -EOPNOTSUPP;
++              break;
++      }
++
++      return ret;
++}
++
++
++static int ieee80211_ioctl_get_prism2_param(struct net_device *dev,
++                                          struct iw_request_info *info,
++                                          void *wrqu, char *extra)
++{
++      struct ieee80211_sub_if_data *sdata;
++      int *param = (int *) extra;
++      int ret = 0;
++
++      sdata = IEEE80211_DEV_TO_SUB_IF(dev);
++
++      switch (*param) {
++      default:
++              ret = -EOPNOTSUPP;
++              break;
++      }
++
++      return ret;
++}
++
+ static int ieee80211_ioctl_siwmlme(struct net_device *dev,
+                                  struct iw_request_info *info,
+                                  struct iw_point *data, char *extra)
+@@ -1073,6 +1158,32 @@ static int ieee80211_ioctl_siwencodeext(
+ }
+ 
+ 
++static const struct iw_priv_args ieee80211_ioctl_priv[] = {
++      { PRISM2_IOCTL_PRISM2_PARAM,
++        IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 2, 0, "param" },
++      { PRISM2_IOCTL_GET_PRISM2_PARAM,
++        IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1,
++        IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, "get_param" },
++};
++
++
++int ieee80211_ioctl(struct net_device *dev, struct ifreq *rq, int cmd)
++{
++      struct iwreq *wrq = (struct iwreq *) rq;
++
++      switch (cmd) {
++              /* Private ioctls (iwpriv) that have not yet been converted
++               * into new wireless extensions API */
++      case PRISM2_IOCTL_HOSTAPD:
++              if (!capable(CAP_NET_ADMIN))
++                      return -EPERM;
++              return ieee80211_ioctl_priv_hostapd(dev, &wrq->u.data);
++      default:
++              return -EOPNOTSUPP;
++      }
++}
++
++
+ /* Structures to export the Wireless Handlers */
+ 
+ static const iw_handler ieee80211_handler[] =
+@@ -1135,9 +1246,19 @@ static const iw_handler ieee80211_handle
+       (iw_handler) NULL,                              /* -- hole -- */
+ };
+ 
++static const iw_handler ieee80211_private_handler[] =
++{                                                     /* SIOCIWFIRSTPRIV + */
++      (iw_handler) ieee80211_ioctl_prism2_param,      /* 0 */
++      (iw_handler) ieee80211_ioctl_get_prism2_param,  /* 1 */
++};
++
+ const struct iw_handler_def ieee80211_iw_handler_def =
+ {
+       .num_standard   = ARRAY_SIZE(ieee80211_handler),
++      .num_private    = ARRAY_SIZE(ieee80211_private_handler),
++      .num_private_args = ARRAY_SIZE(ieee80211_ioctl_priv),
+       .standard       = (iw_handler *) ieee80211_handler,
++      .private        = (iw_handler *) ieee80211_private_handler,
++      .private_args   = (struct iw_priv_args *) ieee80211_ioctl_priv,
+       .get_wireless_stats = ieee80211_get_wireless_stats,
+ };
+--- everything.orig/net/mac80211/ieee80211.c   2007-11-07 13:18:36.001511500 +0100
++++ everything/net/mac80211/ieee80211.c        2007-11-07 13:19:24.311521482 +0100
+@@ -413,6 +413,9 @@ static const struct header_ops ieee80211
+       .cache_update   = eth_header_cache_update,
+ };
+ 
++/* HACK */
++extern int ieee80211_ioctl(struct net_device *dev, struct ifreq *rq, int cmd);
++
+ /* Must not be called for mdev */
+ void ieee80211_if_setup(struct net_device *dev)
+ {
+@@ -425,6 +428,8 @@ void ieee80211_if_setup(struct net_devic
+       dev->open = ieee80211_open;
+       dev->stop = ieee80211_stop;
+       dev->destructor = ieee80211_if_free;
++
++      dev->do_ioctl = ieee80211_ioctl;
+ }
+ 
+ /* WDS specialties */
 
--- /dev/null
+---
+ include/net/mac80211.h          |    1 
+ net/mac80211/ieee80211.c        |  198 ++++++++++++++++++++++++++++++++++++++--
+ net/mac80211/ieee80211_common.h |   64 ++++++++++++
+ net/mac80211/ieee80211_i.h      |    9 +
+ net/mac80211/ieee80211_iface.c  |   66 +++++++++++++
+ net/mac80211/ieee80211_ioctl.c  |   21 ++++
+ net/mac80211/ieee80211_rate.c   |    3 
+ net/mac80211/ieee80211_rate.h   |    2 
+ net/mac80211/ieee80211_sta.c    |    2 
+ net/mac80211/rx.c               |   29 ++++-
+ net/mac80211/tx.c               |   14 ++
+ net/mac80211/wme.c              |   10 +-
+ 12 files changed, 399 insertions(+), 20 deletions(-)
+
+Index: mac80211/include/net/mac80211.h
+===================================================================
+--- mac80211.orig/include/net/mac80211.h       2007-11-11 15:15:42.824034853 +0100
++++ mac80211/include/net/mac80211.h    2007-11-11 15:15:53.784659457 +0100
+@@ -472,6 +472,7 @@
+ enum ieee80211_if_types {
+       IEEE80211_IF_TYPE_INVALID,
+       IEEE80211_IF_TYPE_AP,
++      IEEE80211_IF_TYPE_MGMT,
+       IEEE80211_IF_TYPE_STA,
+       IEEE80211_IF_TYPE_IBSS,
+       IEEE80211_IF_TYPE_MNTR,
+Index: mac80211/net/mac80211/ieee80211.c
+===================================================================
+--- mac80211.orig/net/mac80211/ieee80211.c     2007-11-11 15:15:51.536531354 +0100
++++ mac80211/net/mac80211/ieee80211.c  2007-11-11 15:16:22.214279577 +0100
+@@ -23,6 +23,7 @@
+ #include <linux/bitmap.h>
+ #include <net/cfg80211.h>
+ 
++#include "ieee80211_common.h"
+ #include "ieee80211_i.h"
+ #include "ieee80211_rate.h"
+ #include "wep.h"
+@@ -121,6 +122,152 @@
+       ieee80211_configure_filter(local);
+ }
+ 
++/* management interface */
++
++static void
++ieee80211_fill_frame_info(struct ieee80211_local *local,
++                        struct ieee80211_frame_info *fi,
++                        struct ieee80211_rx_status *status)
++{
++      if (status) {
++              struct timespec ts;
++              struct ieee80211_rate *rate;
++
++              jiffies_to_timespec(jiffies, &ts);
++              fi->hosttime = cpu_to_be64((u64) ts.tv_sec * 1000000 +
++                                         ts.tv_nsec / 1000);
++              fi->mactime = cpu_to_be64(status->mactime);
++              switch (status->phymode) {
++              case MODE_IEEE80211A:
++                      fi->phytype = htonl(ieee80211_phytype_ofdm_dot11_a);
++                      break;
++              case MODE_IEEE80211B:
++                      fi->phytype = htonl(ieee80211_phytype_dsss_dot11_b);
++                      break;
++              case MODE_IEEE80211G:
++                      fi->phytype = htonl(ieee80211_phytype_pbcc_dot11_g);
++                      break;
++              default:
++                      fi->phytype = htonl(0xAAAAAAAA);
++                      break;
++              }
++              fi->channel = htonl(status->channel);
++              rate = ieee80211_get_rate(local, status->phymode,
++                                        status->rate);
++              if (rate) {
++                      fi->datarate = htonl(rate->rate);
++                      if (rate->flags & IEEE80211_RATE_PREAMBLE2) {
++                              if (status->rate == rate->val)
++                                      fi->preamble = htonl(2); /* long */
++                              else if (status->rate == rate->val2)
++                                      fi->preamble = htonl(1); /* short */
++                      } else
++                              fi->preamble = htonl(0);
++              } else {
++                      fi->datarate = htonl(0);
++                      fi->preamble = htonl(0);
++              }
++
++              fi->antenna = htonl(status->antenna);
++              fi->priority = htonl(0xffffffff); /* no clue */
++              fi->ssi_type = htonl(ieee80211_ssi_raw);
++              fi->ssi_signal = htonl(status->ssi);
++              fi->ssi_noise = 0x00000000;
++              fi->encoding = 0;
++      } else {
++              /* clear everything because we really don't know.
++               * the msg_type field isn't present on monitor frames
++               * so we don't know whether it will be present or not,
++               * but it's ok to not clear it since it'll be assigned
++               * anyway */
++              memset(fi, 0, sizeof(*fi) - sizeof(fi->msg_type));
++
++              fi->ssi_type = htonl(ieee80211_ssi_none);
++      }
++      fi->version = htonl(IEEE80211_FI_VERSION);
++      fi->length = cpu_to_be32(sizeof(*fi) - sizeof(fi->msg_type));
++}
++
++/* this routine is actually not just for this, but also
++ * for pushing fake 'management' frames into userspace.
++ * it shall be replaced by a netlink-based system. */
++void
++ieee80211_rx_mgmt(struct ieee80211_local *local, struct sk_buff *skb,
++                struct ieee80211_rx_status *status, u32 msg_type)
++{
++      struct ieee80211_frame_info *fi;
++      const size_t hlen = sizeof(struct ieee80211_frame_info);
++      struct net_device *dev = local->apdev;
++
++      skb->dev = dev;
++
++      if (skb_headroom(skb) < hlen) {
++              I802_DEBUG_INC(local->rx_expand_skb_head);
++              if (pskb_expand_head(skb, hlen, 0, GFP_ATOMIC)) {
++                      dev_kfree_skb(skb);
++                      return;
++              }
++      }
++
++      fi = (struct ieee80211_frame_info *) skb_push(skb, hlen);
++
++      ieee80211_fill_frame_info(local, fi, status);
++      fi->msg_type = htonl(msg_type);
++
++      dev->stats.rx_packets++;
++      dev->stats.rx_bytes += skb->len;
++
++      skb_set_mac_header(skb, 0);
++      skb->ip_summed = CHECKSUM_UNNECESSARY;
++      skb->pkt_type = PACKET_OTHERHOST;
++      skb->protocol = htons(ETH_P_802_2);
++      memset(skb->cb, 0, sizeof(skb->cb));
++      netif_rx(skb);
++}
++
++static int ieee80211_mgmt_open(struct net_device *dev)
++{
++      struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
++
++      if (!netif_running(local->mdev))
++              return -EOPNOTSUPP;
++      return 0;
++}
++
++static int ieee80211_mgmt_stop(struct net_device *dev)
++{
++      return 0;
++}
++
++static int ieee80211_change_mtu_apdev(struct net_device *dev, int new_mtu)
++{
++      /* FIX: what would be proper limits for MTU?
++       * This interface uses 802.11 frames. */
++      if (new_mtu < 256 || new_mtu > IEEE80211_MAX_DATA_LEN) {
++              printk(KERN_WARNING "%s: invalid MTU %d\n",
++                     dev->name, new_mtu);
++              return -EINVAL;
++      }
++
++#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
++      printk(KERN_DEBUG "%s: setting MTU %d\n", dev->name, new_mtu);
++#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
++      dev->mtu = new_mtu;
++      return 0;
++}
++
++void ieee80211_if_mgmt_setup(struct net_device *dev)
++{
++      ether_setup(dev);
++      dev->hard_start_xmit = ieee80211_mgmt_start_xmit;
++      dev->change_mtu = ieee80211_change_mtu_apdev;
++      dev->open = ieee80211_mgmt_open;
++      dev->stop = ieee80211_mgmt_stop;
++      dev->type = ARPHRD_IEEE80211_PRISM;
++      dev->hard_header_parse = &header_parse_80211;
++      dev->destructor = ieee80211_if_free;
++}
++
+ /* regular interfaces */
+ 
+ static int ieee80211_change_mtu(struct net_device *dev, int new_mtu)
+@@ -198,6 +345,7 @@
+                       return -ENOLINK;
+               break;
+       case IEEE80211_IF_TYPE_AP:
++      case IEEE80211_IF_TYPE_MGMT:
+       case IEEE80211_IF_TYPE_STA:
+       case IEEE80211_IF_TYPE_MNTR:
+       case IEEE80211_IF_TYPE_IBSS:
+@@ -262,6 +410,10 @@
+       if (local->open_count == 0) {
+               res = dev_open(local->mdev);
+               WARN_ON(res);
++              if (local->apdev) {
++                      res = dev_open(local->apdev);
++                      WARN_ON(res);
++              }
+               tasklet_enable(&local->tx_pending_tasklet);
+               tasklet_enable(&local->tasklet);
+       }
+@@ -347,6 +499,9 @@
+               if (netif_running(local->mdev))
+                       dev_close(local->mdev);
+ 
++              if (local->apdev)
++                      dev_close(local->apdev);
++
+               if (local->ops->stop)
+                       local->ops->stop(local_to_hw(local));
+ 
+@@ -646,6 +801,8 @@
+               pkt_data->flags |= IEEE80211_TXPD_DO_NOT_ENCRYPT;
+       if (control->flags & IEEE80211_TXCTL_REQUEUE)
+               pkt_data->flags |= IEEE80211_TXPD_REQUEUE;
++      if (control->type == IEEE80211_IF_TYPE_MGMT)
++              pkt_data->flags |= IEEE80211_TXPD_MGMT_IFACE;
+       pkt_data->queue = control->queue;
+ 
+       hdrlen = ieee80211_get_hdrlen_from_skb(skb);
+@@ -698,6 +855,7 @@
+       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
+       struct ieee80211_local *local = hw_to_local(hw);
+       u16 frag, type;
++      u32 msg_type;
+       struct ieee80211_tx_status_rtap_hdr *rthdr;
+       struct ieee80211_sub_if_data *sdata;
+       int monitors;
+@@ -812,9 +970,29 @@
+                       local->dot11FailedCount++;
+       }
+ 
++      msg_type = (status->flags & IEEE80211_TX_STATUS_ACK) ?
++              ieee80211_msg_tx_callback_ack : ieee80211_msg_tx_callback_fail;
++
+       /* this was a transmitted frame, but now we want to reuse it */
+       skb_orphan(skb);
+ 
++      if ((status->control.flags & IEEE80211_TXCTL_REQ_TX_STATUS) &&
++          local->apdev) {
++              if (local->monitors) {
++                      skb2 = skb_clone(skb, GFP_ATOMIC);
++              } else {
++                      skb2 = skb;
++                      skb = NULL;
++              }
++
++              if (skb2)
++                      /* Send frame to hostapd */
++                      ieee80211_rx_mgmt(local, skb2, NULL, msg_type);
++
++              if (!skb)
++                      return;
++      }
++
+       if (!local->monitors) {
+               dev_kfree_skb(skb);
+               return;
+@@ -1161,6 +1339,8 @@
+       BUG_ON(local->reg_state != IEEE80211_DEV_REGISTERED);
+ 
+       local->reg_state = IEEE80211_DEV_UNREGISTERED;
++      if (local->apdev)
++              ieee80211_if_del_mgmt(local);
+ 
+       /*
+        * At this point, interface list manipulations are fine
+Index: mac80211/net/mac80211/ieee80211_i.h
+===================================================================
+--- mac80211.orig/net/mac80211/ieee80211_i.h   2007-11-11 15:15:42.840035769 +0100
++++ mac80211/net/mac80211/ieee80211_i.h        2007-11-11 15:15:53.792659922 +0100
+@@ -142,6 +142,7 @@
+                        * when using CTS protection with IEEE 802.11g. */
+                       struct ieee80211_rate *last_frag_rate;
+                       int last_frag_hwrate;
++                      int mgmt_interface;
+ 
+                       /* Extra fragments (in addition to the first fragment
+                        * in skb) */
+@@ -163,6 +164,7 @@
+ #define IEEE80211_TXPD_REQ_TX_STATUS  BIT(0)
+ #define IEEE80211_TXPD_DO_NOT_ENCRYPT BIT(1)
+ #define IEEE80211_TXPD_REQUEUE                BIT(2)
++#define IEEE80211_TXPD_MGMT_IFACE     BIT(3)
+ /* Stored in sk_buff->cb */
+ struct ieee80211_tx_packet_data {
+       int ifindex;
+@@ -408,6 +410,7 @@
+       struct list_head modes_list;
+ 
+       struct net_device *mdev; /* wmaster# - "master" 802.11 device */
++      struct net_device *apdev; /* wlan#ap - management frames (hostapd) */
+       int open_count;
+       int monitors;
+       unsigned int filter_flags; /* FIF_* */
+@@ -701,11 +704,14 @@
+ int ieee80211_hw_config(struct ieee80211_local *local);
+ int ieee80211_if_config(struct net_device *dev);
+ int ieee80211_if_config_beacon(struct net_device *dev);
++void ieee80211_rx_mgmt(struct ieee80211_local *local, struct sk_buff *skb,
++                     struct ieee80211_rx_status *status, u32 msg_type);
+ void ieee80211_prepare_rates(struct ieee80211_local *local,
+                            struct ieee80211_hw_mode *mode);
+ void ieee80211_tx_set_iswep(struct ieee80211_txrx_data *tx);
+ int ieee80211_if_update_wds(struct net_device *dev, u8 *remote_addr);
+ void ieee80211_if_setup(struct net_device *dev);
++void ieee80211_if_mgmt_setup(struct net_device *dev);
+ struct ieee80211_rate *ieee80211_get_rate(struct ieee80211_local *local,
+                                         int phymode, int hwrate);
+ 
+@@ -772,6 +778,8 @@
+ int ieee80211_if_remove(struct net_device *dev, const char *name, int id);
+ void ieee80211_if_free(struct net_device *dev);
+ void ieee80211_if_sdata_init(struct ieee80211_sub_if_data *sdata);
++int ieee80211_if_add_mgmt(struct ieee80211_local *local);
++void ieee80211_if_del_mgmt(struct ieee80211_local *local);
+ 
+ /* regdomain.c */
+ void ieee80211_regdomain_init(void);
+@@ -788,6 +796,7 @@
+ int ieee80211_master_start_xmit(struct sk_buff *skb, struct net_device *dev);
+ int ieee80211_monitor_start_xmit(struct sk_buff *skb, struct net_device *dev);
+ int ieee80211_subif_start_xmit(struct sk_buff *skb, struct net_device *dev);
++int ieee80211_mgmt_start_xmit(struct sk_buff *skb, struct net_device *dev);
+ 
+ /* utility functions/constants */
+ extern void *mac80211_wiphy_privid; /* for wiphy privid */
+Index: mac80211/net/mac80211/ieee80211_iface.c
+===================================================================
+--- mac80211.orig/net/mac80211/ieee80211_iface.c       2007-11-11 15:15:42.848036222 +0100
++++ mac80211/net/mac80211/ieee80211_iface.c    2007-11-11 15:15:53.796660158 +0100
+@@ -96,6 +96,66 @@
+       return ret;
+ }
+ 
++int ieee80211_if_add_mgmt(struct ieee80211_local *local)
++{
++      struct net_device *ndev;
++      struct ieee80211_sub_if_data *nsdata;
++      int ret;
++
++      ASSERT_RTNL();
++
++      ndev = alloc_netdev(sizeof(struct ieee80211_sub_if_data), "wmgmt%d",
++                          ieee80211_if_mgmt_setup);
++      if (!ndev)
++              return -ENOMEM;
++      ret = dev_alloc_name(ndev, ndev->name);
++      if (ret < 0)
++              goto fail;
++
++      memcpy(ndev->dev_addr, local->hw.wiphy->perm_addr, ETH_ALEN);
++      SET_NETDEV_DEV(ndev, wiphy_dev(local->hw.wiphy));
++
++      nsdata = IEEE80211_DEV_TO_SUB_IF(ndev);
++      ndev->ieee80211_ptr = &nsdata->wdev;
++      nsdata->wdev.wiphy = local->hw.wiphy;
++      nsdata->type = IEEE80211_IF_TYPE_MGMT;
++      nsdata->dev = ndev;
++      nsdata->local = local;
++      ieee80211_if_sdata_init(nsdata);
++
++      ret = register_netdevice(ndev);
++      if (ret)
++              goto fail;
++
++      /*
++       * Called even when register_netdevice fails, it would
++       * oops if assigned before initialising the rest.
++       */
++      ndev->uninit = ieee80211_if_reinit;
++
++      ieee80211_debugfs_add_netdev(nsdata);
++
++      if (local->open_count > 0)
++              dev_open(ndev);
++      local->apdev = ndev;
++      return 0;
++
++fail:
++      free_netdev(ndev);
++      return ret;
++}
++
++void ieee80211_if_del_mgmt(struct ieee80211_local *local)
++{
++      struct net_device *apdev;
++
++      ASSERT_RTNL();
++      apdev = local->apdev;
++      ieee80211_debugfs_remove_netdev(IEEE80211_DEV_TO_SUB_IF(apdev));
++      local->apdev = NULL;
++      unregister_netdevice(apdev);
++}
++
+ void ieee80211_if_set_type(struct net_device *dev, int type)
+ {
+       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+@@ -183,6 +243,9 @@
+       ieee80211_if_sdata_deinit(sdata);
+ 
+       switch (sdata->type) {
++      case IEEE80211_IF_TYPE_MGMT:
++              /* nothing to do */
++              break;
+       case IEEE80211_IF_TYPE_INVALID:
+               /* cannot happen */
+               WARN_ON(1);
+@@ -294,8 +357,11 @@
+ 
+ void ieee80211_if_free(struct net_device *dev)
+ {
++      struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+ 
++      /* local->apdev must be NULL when freeing management interface */
++      BUG_ON(dev == local->apdev);
+       ieee80211_if_sdata_deinit(sdata);
+       free_netdev(dev);
+ }
+Index: mac80211/net/mac80211/ieee80211_rate.c
+===================================================================
+--- mac80211.orig/net/mac80211/ieee80211_rate.c        2007-11-11 15:15:42.852036451 +0100
++++ mac80211/net/mac80211/ieee80211_rate.c     2007-11-11 15:15:53.800660386 +0100
+@@ -145,7 +145,8 @@
+       struct rate_control_ref *ref, *old;
+ 
+       ASSERT_RTNL();
+-      if (local->open_count || netif_running(local->mdev))
++      if (local->open_count || netif_running(local->mdev) ||
++          (local->apdev && netif_running(local->apdev)))
+               return -EBUSY;
+ 
+       ref = rate_control_alloc(name, local);
+Index: mac80211/net/mac80211/ieee80211_rate.h
+===================================================================
+--- mac80211.orig/net/mac80211/ieee80211_rate.h        2007-11-11 15:15:42.860036908 +0100
++++ mac80211/net/mac80211/ieee80211_rate.h     2007-11-11 15:15:53.800660386 +0100
+@@ -30,6 +30,8 @@
+ 
+       /* parameters from the caller to rate_control_get_rate(): */
+       struct ieee80211_hw_mode *mode;
++      int mgmt_data; /* this is data frame that is used for management
++                      * (e.g., IEEE 802.1X EAPOL) */
+       u16 ethertype;
+ };
+ 
+Index: mac80211/net/mac80211/ieee80211_sta.c
+===================================================================
+--- mac80211.orig/net/mac80211/ieee80211_sta.c 2007-11-11 15:15:42.868037362 +0100
++++ mac80211/net/mac80211/ieee80211_sta.c      2007-11-11 15:15:53.800660386 +0100
+@@ -475,6 +475,8 @@
+       pkt_data = (struct ieee80211_tx_packet_data *) skb->cb;
+       memset(pkt_data, 0, sizeof(struct ieee80211_tx_packet_data));
+       pkt_data->ifindex = sdata->dev->ifindex;
++      if (sdata->type == IEEE80211_IF_TYPE_MGMT)
++              pkt_data->flags |= IEEE80211_TXPD_MGMT_IFACE;
+       if (!encrypt)
+               pkt_data->flags |= IEEE80211_TXPD_DO_NOT_ENCRYPT;
+ 
+Index: mac80211/net/mac80211/rx.c
+===================================================================
+--- mac80211.orig/net/mac80211/rx.c    2007-11-11 15:15:42.872037591 +0100
++++ mac80211/net/mac80211/rx.c 2007-11-11 15:15:53.804660611 +0100
+@@ -19,6 +19,7 @@
+ 
+ #include "ieee80211_i.h"
+ #include "ieee80211_led.h"
++#include "ieee80211_common.h"
+ #include "wep.h"
+ #include "wpa.h"
+ #include "tkip.h"
+@@ -411,7 +412,12 @@
+                       return TXRX_DROP;
+               }
+ 
+-              return TXRX_DROP;
++              if (!rx->local->apdev)
++                      return TXRX_DROP;
++
++              ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status,
++                                ieee80211_msg_sta_not_assoc);
++              return TXRX_QUEUED;
+       }
+ 
+       return TXRX_CONTINUE;
+@@ -953,8 +959,15 @@
+ {
+       if (rx->sdata->eapol && ieee80211_is_eapol(rx->skb) &&
+           rx->sdata->type != IEEE80211_IF_TYPE_STA &&
+-          (rx->flags & IEEE80211_TXRXD_RXRA_MATCH))
+-              return TXRX_CONTINUE;
++          (rx->flags & IEEE80211_TXRXD_RXRA_MATCH)) {
++              /* Pass both encrypted and unencrypted EAPOL frames to user
++               * space for processing. */
++              if (!rx->local->apdev)
++                      return TXRX_DROP;
++              ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status,
++                                ieee80211_msg_normal);
++              return TXRX_QUEUED;
++      }
+ 
+       if (unlikely(rx->sdata->ieee802_1x &&
+                    (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
+@@ -1196,8 +1209,13 @@
+            sdata->type == IEEE80211_IF_TYPE_IBSS) &&
+           !(sdata->flags & IEEE80211_SDATA_USERSPACE_MLME))
+               ieee80211_sta_rx_mgmt(rx->dev, rx->skb, rx->u.rx.status);
+-      else
+-              return TXRX_DROP;
++      else {
++              /* Management frames are sent to hostapd for processing */
++              if (!rx->local->apdev)
++                      return TXRX_DROP;
++              ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status,
++                                ieee80211_msg_normal);
++      }
+ 
+       return TXRX_QUEUED;
+ }
+@@ -1407,6 +1425,7 @@
+               /* take everything */
+               break;
+       case IEEE80211_IF_TYPE_INVALID:
++      case IEEE80211_IF_TYPE_MGMT:
+               /* should never get here */
+               WARN_ON(1);
+               break;
+Index: mac80211/net/mac80211/tx.c
+===================================================================
+--- mac80211.orig/net/mac80211/tx.c    2007-11-11 15:15:42.880038048 +0100
++++ mac80211/net/mac80211/tx.c 2007-11-11 15:15:53.804660611 +0100
+@@ -258,7 +258,7 @@
+               return TXRX_CONTINUE;
+       }
+ 
+-      if (unlikely(/* !injected && */ tx->sdata->ieee802_1x &&
++      if (unlikely(!tx->u.tx.mgmt_interface && tx->sdata->ieee802_1x &&
+                    !(sta_flags & WLAN_STA_AUTHORIZED))) {
+ #ifdef CONFIG_MAC80211_VERBOSE_DEBUG
+               printk(KERN_DEBUG "%s: dropped frame to " MAC_FMT
+@@ -568,6 +568,8 @@
+               memset(&extra, 0, sizeof(extra));
+               extra.mode = tx->u.tx.mode;
+               extra.ethertype = tx->ethertype;
++              extra.mgmt_data = tx->sdata &&
++                                tx->sdata->type == IEEE80211_IF_TYPE_MGMT;
+ 
+               tx->u.tx.rate = rate_control_get_rate(tx->local, tx->dev,
+                                                     tx->skb, &extra);
+@@ -1076,7 +1078,7 @@
+ }
+ 
+ static int ieee80211_tx(struct net_device *dev, struct sk_buff *skb,
+-                      struct ieee80211_tx_control *control)
++                      struct ieee80211_tx_control *control, int mgmt)
+ {
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct sta_info *sta;
+@@ -1107,6 +1109,7 @@
+       rcu_read_lock();
+ 
+       sta = tx.sta;
++      tx.u.tx.mgmt_interface = mgmt;
+       tx.u.tx.mode = local->hw.conf.mode;
+ 
+       for (handler = local->tx_handlers; *handler != NULL;
+@@ -1253,7 +1256,8 @@
+               control.flags |= IEEE80211_TXCTL_REQUEUE;
+       control.queue = pkt_data->queue;
+ 
+-      ret = ieee80211_tx(odev, skb, &control);
++      ret = ieee80211_tx(odev, skb, &control,
++                         control.type == IEEE80211_IF_TYPE_MGMT);
+       dev_put(odev);
+ 
+       return ret;
+@@ -1498,6 +1502,8 @@
+       pkt_data = (struct ieee80211_tx_packet_data *)skb->cb;
+       memset(pkt_data, 0, sizeof(struct ieee80211_tx_packet_data));
+       pkt_data->ifindex = dev->ifindex;
++      if (sdata->type == IEEE80211_IF_TYPE_MGMT)
++              pkt_data->flags |= IEEE80211_TXPD_MGMT_IFACE;
+ 
+       skb->dev = local->mdev;
+       dev->stats.tx_packets++;
+@@ -1555,6 +1561,8 @@
+       pkt_data = (struct ieee80211_tx_packet_data *) skb->cb;
+       memset(pkt_data, 0, sizeof(struct ieee80211_tx_packet_data));
+       pkt_data->ifindex = sdata->dev->ifindex;
++      if (sdata->type == IEEE80211_IF_TYPE_MGMT)
++              pkt_data->flags |= IEEE80211_TXPD_MGMT_IFACE;
+ 
+       skb->priority = 20; /* use hardcoded priority for mgmt TX queue */
+       skb->dev = sdata->local->mdev;
+Index: mac80211/net/mac80211/wme.c
+===================================================================
+--- mac80211.orig/net/mac80211/wme.c   2007-11-11 15:15:42.888038502 +0100
++++ mac80211/net/mac80211/wme.c        2007-11-11 15:15:53.804660611 +0100
+@@ -94,6 +94,8 @@
+ static inline int classify80211(struct sk_buff *skb, struct Qdisc *qd)
+ {
+       struct ieee80211_local *local = wdev_priv(qd->dev->ieee80211_ptr);
++      struct ieee80211_tx_packet_data *pkt_data =
++              (struct ieee80211_tx_packet_data *) skb->cb;
+       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
+       unsigned short fc = le16_to_cpu(hdr->frame_control);
+       int qos;
+@@ -106,8 +108,12 @@
+               return IEEE80211_TX_QUEUE_DATA0;
+       }
+ 
+-      if (0 /* injected */) {
+-              /* use AC from radiotap */
++      if (unlikely(pkt_data->flags & IEEE80211_TXPD_MGMT_IFACE)) {
++              /* Data frames from hostapd (mainly, EAPOL) use AC_VO
++              * and they will include QoS control fields if
++              * the target STA is using WME. */
++              skb->priority = 7;
++              return ieee802_1d_to_ac[skb->priority];
+       }
+ 
+       /* is this a QoS frame? */
+Index: mac80211/net/mac80211/ieee80211_ioctl.c
+===================================================================
+--- mac80211.orig/net/mac80211/ieee80211_ioctl.c       2007-11-11 15:15:51.532531127 +0100
++++ mac80211/net/mac80211/ieee80211_ioctl.c    2007-11-11 15:15:53.808660833 +0100
+@@ -840,16 +840,29 @@
+                                       void *wrqu, char *extra)
+ {
+       struct ieee80211_sub_if_data *sdata;
++      struct ieee80211_local *local;
+       int *i = (int *) extra;
+       int param = *i;
++      int value = *(i + 1);
+       int ret = 0;
+ 
+       if (!capable(CAP_NET_ADMIN))
+               return -EPERM;
+ 
+       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
++      local = sdata->local;
+ 
+       switch (param) {
++      case PRISM2_PARAM_MGMT_IF:
++              if (value == 1) {
++                      if (!local->apdev)
++                              ret = ieee80211_if_add_mgmt(local);
++              } else if (value == 0) {
++                      if (local->apdev)
++                              ieee80211_if_del_mgmt(local);
++              } else
++                      ret = -EINVAL;
++              break;
+       default:
+               ret = -EOPNOTSUPP;
+               break;
+@@ -864,12 +877,20 @@
+                                           void *wrqu, char *extra)
+ {
+       struct ieee80211_sub_if_data *sdata;
++      struct ieee80211_local *local;
+       int *param = (int *) extra;
+       int ret = 0;
+ 
+       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
++      local = sdata->local;
+ 
+       switch (*param) {
++      case PRISM2_PARAM_MGMT_IF:
++              if (local->apdev)
++                      *param = local->apdev->ifindex;
++              else
++                      ret = -ENOENT;
++              break;
+       default:
+               ret = -EOPNOTSUPP;
+               break;
 
--- /dev/null
+Subject: mac80211: allow AP and VLAN modes
+
+This adds AP/VLAN modes to the list of modes that a mac80211
+interface can be created in/switched into.
+
+Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
+
+---
+ net/mac80211/cfg.c             |    4 ++++
+ net/mac80211/ieee80211_ioctl.c |    3 +++
+ 2 files changed, 7 insertions(+)
+
+--- everything.orig/net/mac80211/cfg.c 2007-10-30 15:33:43.227379286 +0100
++++ everything/net/mac80211/cfg.c      2007-11-07 13:19:27.981515569 +0100
+@@ -25,6 +25,10 @@ nl80211_type_to_mac80211_type(enum nl802
+               return IEEE80211_IF_TYPE_STA;
+       case NL80211_IFTYPE_MONITOR:
+               return IEEE80211_IF_TYPE_MNTR;
++      case NL80211_IFTYPE_AP:
++              return IEEE80211_IF_TYPE_AP;
++      case NL80211_IFTYPE_AP_VLAN:
++              return IEEE80211_IF_TYPE_VLAN;
+       default:
+               return IEEE80211_IF_TYPE_INVALID;
+       }
+--- everything.orig/net/mac80211/ieee80211_ioctl.c     2007-11-07 13:19:25.851524684 +0100
++++ everything/net/mac80211/ieee80211_ioctl.c  2007-11-07 13:19:27.981515569 +0100
+@@ -284,6 +284,9 @@ static int ieee80211_ioctl_siwmode(struc
+       case IW_MODE_MONITOR:
+               type = IEEE80211_IF_TYPE_MNTR;
+               break;
++      case IW_MODE_MASTER:
++              type = IEEE80211_IF_TYPE_AP;
++              break;
+       default:
+               return -EINVAL;
+       }
 
--- /dev/null
+Subject: mac80211: allow WDS mode
+
+This allows creating interfaces in WDS mode or switching
+existing ones into WDS mode (both via cfg80211.)
+
+Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
+
+---
+ net/mac80211/cfg.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- everything.orig/net/mac80211/cfg.c 2007-11-07 13:19:27.981515569 +0100
++++ everything/net/mac80211/cfg.c      2007-11-07 13:19:29.441515732 +0100
+@@ -29,6 +29,8 @@ nl80211_type_to_mac80211_type(enum nl802
+               return IEEE80211_IF_TYPE_AP;
+       case NL80211_IFTYPE_AP_VLAN:
+               return IEEE80211_IF_TYPE_VLAN;
++      case NL80211_IFTYPE_WDS:
++              return IEEE80211_IF_TYPE_WDS;
+       default:
+               return IEEE80211_IF_TYPE_INVALID;
+       }
 
--- /dev/null
+---
+ net/mac80211/ieee80211_ioctl.c |    6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- everything.orig/net/mac80211/ieee80211_ioctl.c     2007-11-07 13:19:27.981515569 +0100
++++ everything/net/mac80211/ieee80211_ioctl.c  2007-11-07 13:19:30.781513182 +0100
+@@ -882,6 +882,9 @@ static int ieee80211_ioctl_prism2_param(
+       local = sdata->local;
+ 
+       switch (param) {
++      case PRISM2_PARAM_AP_BRIDGE_PACKETS:
++              local->bridge_packets = value;
++              break;
+       case PRISM2_PARAM_MGMT_IF:
+               if (value == 1) {
+                       if (!local->apdev)
+@@ -914,6 +917,9 @@ static int ieee80211_ioctl_get_prism2_pa
+       local = sdata->local;
+ 
+       switch (*param) {
++      case PRISM2_PARAM_AP_BRIDGE_PACKETS:
++              *param = local->bridge_packets;
++              break;
+       case PRISM2_PARAM_MGMT_IF:
+               if (local->apdev)
+                       *param = local->apdev->ifindex;
 
--- /dev/null
+---
+ net/mac80211/ieee80211_ioctl.c |    6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- everything.orig/net/mac80211/ieee80211_ioctl.c     2007-11-07 13:19:30.781513182 +0100
++++ everything/net/mac80211/ieee80211_ioctl.c  2007-11-07 13:19:32.281514919 +0100
+@@ -882,6 +882,9 @@ static int ieee80211_ioctl_prism2_param(
+       local = sdata->local;
+ 
+       switch (param) {
++      case PRISM2_PARAM_IEEE_802_1X:
++              sdata->ieee802_1x = value;
++              break;
+       case PRISM2_PARAM_AP_BRIDGE_PACKETS:
+               local->bridge_packets = value;
+               break;
+@@ -917,6 +920,9 @@ static int ieee80211_ioctl_get_prism2_pa
+       local = sdata->local;
+ 
+       switch (*param) {
++      case PRISM2_PARAM_IEEE_802_1X:
++              *param = sdata->ieee802_1x;
++              break;
+       case PRISM2_PARAM_AP_BRIDGE_PACKETS:
+               *param = local->bridge_packets;
+               break;
 
--- /dev/null
+---
+ net/mac80211/ieee80211_ioctl.c |  102 +++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 102 insertions(+)
+
+--- everything.orig/net/mac80211/ieee80211_ioctl.c     2007-11-07 13:19:32.281514919 +0100
++++ everything/net/mac80211/ieee80211_ioctl.c  2007-11-07 13:19:33.681513453 +0100
+@@ -125,6 +125,105 @@ static int ieee80211_ioctl_siwgenie(stru
+       return -EOPNOTSUPP;
+ }
+ 
++/*
++ * Wow. This ioctl interface is such crap, it's tied
++ * to internal definitions. I hope it dies soon.
++ */
++static int mode_to_hostapd_mode(enum ieee80211_phymode mode)
++{
++      switch (mode) {
++      case MODE_IEEE80211A:
++              return 0;
++      case MODE_IEEE80211B:
++              return 1;
++      case MODE_IEEE80211G:
++              return 3;
++      case NUM_IEEE80211_MODES:
++              WARN_ON(1);
++              break;
++      }
++      WARN_ON(1);
++      return -1;
++}
++
++static int channel_flags_to_hostapd_flags(int flags)
++{
++      int res = 0;
++
++      if (flags & IEEE80211_CHAN_W_SCAN)
++              res |= 1;
++      if (flags & IEEE80211_CHAN_W_ACTIVE_SCAN)
++              res |= 2;
++      if (flags & IEEE80211_CHAN_W_IBSS)
++              res |= 4;
++
++      return res;
++}
++
++struct ieee80211_channel_data {
++      short chan; /* channel number (IEEE 802.11) */
++      short freq; /* frequency in MHz */
++      int flag; /* flag for hostapd use (IEEE80211_CHAN_*) */
++};
++
++struct ieee80211_rate_data {
++      int rate; /* rate in 100 kbps */
++      int flags; /* IEEE80211_RATE_ flags */
++};
++
++static int ieee80211_ioctl_get_hw_features(struct net_device *dev,
++                                         struct prism2_hostapd_param *param,
++                                         int param_len)
++{
++      struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
++      u8 *pos = param->u.hw_features.data;
++      int left = param_len - (pos - (u8 *) param);
++      int i;
++      struct hostapd_ioctl_hw_modes_hdr *hdr;
++      struct ieee80211_rate_data *rate;
++      struct ieee80211_channel_data *chan;
++      struct ieee80211_hw_mode *mode;
++
++      param->u.hw_features.flags = 0;
++
++      param->u.hw_features.num_modes = 0;
++      list_for_each_entry(mode, &local->modes_list, list) {
++              int clen, rlen;
++
++              param->u.hw_features.num_modes++;
++              clen =
++                  mode->num_channels * sizeof(struct ieee80211_channel_data);
++              rlen = mode->num_rates * sizeof(struct ieee80211_rate_data);
++              if (left < sizeof(*hdr) + clen + rlen)
++                      return -E2BIG;
++              left -= sizeof(*hdr) + clen + rlen;
++
++              hdr = (struct hostapd_ioctl_hw_modes_hdr *)pos;
++              hdr->mode = mode_to_hostapd_mode(mode->mode);
++              hdr->num_channels = mode->num_channels;
++              hdr->num_rates = mode->num_rates;
++
++              pos = (u8 *) (hdr + 1);
++              chan = (struct ieee80211_channel_data *)pos;
++              for (i = 0; i < mode->num_channels; i++) {
++                      chan[i].chan = mode->channels[i].chan;
++                      chan[i].freq = mode->channels[i].freq;
++                      chan[i].flag = channel_flags_to_hostapd_flags(
++                                              mode->channels[i].flag);
++              }
++              pos += clen;
++
++              rate = (struct ieee80211_rate_data *)pos;
++              for (i = 0; i < mode->num_rates; i++) {
++                      rate[i].rate = mode->rates[i].rate;
++                      rate[i].flags = mode->rates[i].flags;
++              }
++              pos += rlen;
++      }
++
++      return 0;
++}
++
+ 
+ static int ieee80211_ioctl_priv_hostapd(struct net_device *dev,
+                                       struct iw_point *p)
+@@ -151,6 +250,9 @@ static int ieee80211_ioctl_priv_hostapd(
+       }
+ 
+       switch (param->cmd) {
++      case PRISM2_HOSTAPD_GET_HW_FEATURES:
++              ret = ieee80211_ioctl_get_hw_features(dev, param, p->length);
++              break;
+       default:
+               ret = -EOPNOTSUPP;
+               break;
 
--- /dev/null
+---
+ net/mac80211/ieee80211_ioctl.c |    6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- everything.orig/net/mac80211/ieee80211_ioctl.c     2007-11-07 13:19:33.681513453 +0100
++++ everything/net/mac80211/ieee80211_ioctl.c  2007-11-07 13:19:35.171517576 +0100
+@@ -984,6 +984,9 @@ static int ieee80211_ioctl_prism2_param(
+       local = sdata->local;
+ 
+       switch (param) {
++      case PRISM2_PARAM_EAPOL:
++              sdata->eapol = value;
++              break;
+       case PRISM2_PARAM_IEEE_802_1X:
+               sdata->ieee802_1x = value;
+               break;
+@@ -1022,6 +1025,9 @@ static int ieee80211_ioctl_get_prism2_pa
+       local = sdata->local;
+ 
+       switch (*param) {
++      case PRISM2_PARAM_EAPOL:
++              *param = sdata->eapol;
++              break;
+       case PRISM2_PARAM_IEEE_802_1X:
+               *param = sdata->ieee802_1x;
+               break;
 
--- /dev/null
+Subject: cfg80211/nl80211: introduce key handling
+
+This introduces key handling to cfg80211/nl80211. Default
+and group keys can be added, changed and removed; sequence
+counters for each key can be retrieved.
+
+Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
+
+---
+ include/linux/nl80211.h |   34 +++++
+ include/net/cfg80211.h  |   44 +++++++
+ net/wireless/core.c     |    3 
+ net/wireless/nl80211.c  |  289 ++++++++++++++++++++++++++++++++++++++++++++++++
+ 4 files changed, 370 insertions(+)
+
+--- everything.orig/include/linux/nl80211.h    2007-10-30 15:33:43.587381346 +0100
++++ everything/include/linux/nl80211.h 2007-11-07 13:19:37.861516599 +0100
+@@ -37,6 +37,16 @@
+  *    userspace to request deletion of a virtual interface, then requires
+  *    attribute %NL80211_ATTR_IFINDEX.
+  *
++ * @NL80211_CMD_GET_KEY: Get sequence counter information for a key specified
++ *    by %NL80211_ATTR_KEY_IDX and/or %NL80211_ATTR_MAC.
++ * @NL80211_CMD_SET_KEY: Set key attributes %NL80211_ATTR_KEY_DEFAULT or
++ *    %NL80211_ATTR_KEY_THRESHOLD.
++ * @NL80211_CMD_NEW_KEY: add a key with given %NL80211_ATTR_KEY_DATA,
++ *    %NL80211_ATTR_KEY_IDX, %NL80211_ATTR_MAC and %NL80211_ATTR_KEY_CIPHER
++ *    attributes.
++ * @NL80211_CMD_DEL_KEY: delete a key identified by %NL80211_ATTR_KEY_IDX
++ *    or %NL80211_ATTR_MAC.
++ *
+  * @NL80211_CMD_MAX: highest used command number
+  * @__NL80211_CMD_AFTER_LAST: internal use
+  */
+@@ -54,6 +64,11 @@ enum nl80211_commands {
+       NL80211_CMD_NEW_INTERFACE,
+       NL80211_CMD_DEL_INTERFACE,
+ 
++      NL80211_CMD_GET_KEY,
++      NL80211_CMD_SET_KEY,
++      NL80211_CMD_NEW_KEY,
++      NL80211_CMD_DEL_KEY,
++
+       /* add commands here */
+ 
+       /* used to define NL80211_CMD_MAX below */
+@@ -75,6 +90,17 @@ enum nl80211_commands {
+  * @NL80211_ATTR_IFNAME: network interface name
+  * @NL80211_ATTR_IFTYPE: type of virtual interface, see &enum nl80211_iftype
+  *
++ * @NL80211_ATTR_MAC: MAC address (various uses)
++ *
++ * @NL80211_ATTR_KEY_DATA: (temporal) key data; for TKIP this consists of
++ *    16 bytes encryption key followed by 8 bytes each for TX and RX MIC
++ *    keys
++ * @NL80211_ATTR_KEY_IDX: key ID (u8, 0-3)
++ * @NL80211_ATTR_KEY_CIPHER: key cipher suite (u32, as defined by IEEE 802.11
++ *    section 7.3.2.25.1, e.g. 0x000FAC04)
++ * @NL80211_ATTR_KEY_SEQ: transmit key sequence number (IV/PN) for TKIP and
++ *    CCMP keys, each six bytes in little endian
++ *
+  * @NL80211_ATTR_MAX: highest attribute number currently defined
+  * @__NL80211_ATTR_AFTER_LAST: internal use
+  */
+@@ -89,6 +115,14 @@ enum nl80211_attrs {
+       NL80211_ATTR_IFNAME,
+       NL80211_ATTR_IFTYPE,
+ 
++      NL80211_ATTR_MAC,
++
++      NL80211_ATTR_KEY_DATA,
++      NL80211_ATTR_KEY_IDX,
++      NL80211_ATTR_KEY_CIPHER,
++      NL80211_ATTR_KEY_SEQ,
++      NL80211_ATTR_KEY_DEFAULT,
++
+       /* add attributes here, update the policy in nl80211.c */
+ 
+       __NL80211_ATTR_AFTER_LAST,
+--- everything.orig/net/wireless/nl80211.c     2007-10-30 15:33:43.637380153 +0100
++++ everything/net/wireless/nl80211.c  2007-11-07 13:19:38.201511066 +0100
+@@ -61,6 +61,14 @@ static struct nla_policy nl80211_policy[
+       [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
+       [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
+       [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
++
++      [NL80211_ATTR_MAC] = { .type = NLA_BINARY, .len = ETH_ALEN },
++
++      [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
++                                  .len = WLAN_MAX_KEY_LEN },
++      [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
++      [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
++      [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
+ };
+ 
+ /* message building helper */
+@@ -335,6 +343,263 @@ static int nl80211_del_interface(struct 
+       return err;
+ }
+ 
++struct get_key_cookie {
++      struct sk_buff *msg;
++      int error;
++};
++
++static void get_key_callback(void *c, struct key_params *params)
++{
++      struct get_key_cookie *cookie = c;
++
++      if (params->key)
++              NLA_PUT(cookie->msg, NL80211_ATTR_KEY_DATA,
++                      params->key_len, params->key);
++
++      if (params->seq)
++              NLA_PUT(cookie->msg, NL80211_ATTR_KEY_SEQ,
++                      params->seq_len, params->seq);
++
++      if (params->cipher)
++              NLA_PUT_U32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
++                          params->cipher);
++
++      return;
++ nla_put_failure:
++      cookie->error = 1;
++}
++
++static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
++{
++      struct cfg80211_registered_device *drv;
++      int err;
++      struct net_device *dev;
++      u8 key_idx = 0;
++      u8 *mac_addr = NULL;
++      struct get_key_cookie cookie = {
++              .error = 0,
++      };
++      void *hdr;
++      struct sk_buff *msg;
++
++      if (info->attrs[NL80211_ATTR_KEY_IDX])
++              key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
++
++      if (key_idx > 3)
++              return -EINVAL;
++
++      if (info->attrs[NL80211_ATTR_MAC])
++              mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
++
++      err = get_drv_dev_by_info_ifindex(info, &drv, &dev);
++      if (err)
++              return err;
++
++      if (!drv->ops->get_key) {
++              err = -EOPNOTSUPP;
++              goto out;
++      }
++
++      msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
++      if (!msg) {
++              err = -ENOMEM;
++              goto out;
++      }
++
++      hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
++                           NL80211_CMD_NEW_KEY);
++
++      if (IS_ERR(hdr)) {
++              err = PTR_ERR(hdr);
++              goto out;
++      }
++
++      cookie.msg = msg;
++
++      NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
++      NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
++      if (mac_addr)
++              NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr);
++
++      rtnl_lock();
++      err = drv->ops->get_key(&drv->wiphy, dev, key_idx, mac_addr,
++                              &cookie, get_key_callback);
++      rtnl_unlock();
++
++      if (err)
++              goto out;
++
++      if (cookie.error)
++              goto nla_put_failure;
++
++      genlmsg_end(msg, hdr);
++      err = genlmsg_unicast(msg, info->snd_pid);
++      goto out;
++
++ nla_put_failure:
++      err = -ENOBUFS;
++      nlmsg_free(msg);
++ out:
++      cfg80211_put_dev(drv);
++      dev_put(dev);
++      return err;
++}
++
++static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
++{
++      struct cfg80211_registered_device *drv;
++      int err;
++      struct net_device *dev;
++      u8 key_idx;
++
++      if (!info->attrs[NL80211_ATTR_KEY_IDX])
++              return -EINVAL;
++
++      key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
++
++      if (key_idx > 3)
++              return -EINVAL;
++
++      /* currently only support setting default key */
++      if (!info->attrs[NL80211_ATTR_KEY_DEFAULT])
++              return -EINVAL;
++
++      err = get_drv_dev_by_info_ifindex(info, &drv, &dev);
++      if (err)
++              return err;
++
++      if (!drv->ops->set_default_key) {
++              err = -EOPNOTSUPP;
++              goto out;
++      }
++
++      rtnl_lock();
++      err = drv->ops->set_default_key(&drv->wiphy, dev, key_idx);
++      rtnl_unlock();
++
++ out:
++      cfg80211_put_dev(drv);
++      dev_put(dev);
++      return err;
++}
++
++static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
++{
++      struct cfg80211_registered_device *drv;
++      int err;
++      struct net_device *dev;
++      struct key_params params;
++      u8 key_idx = 0;
++      u8 *mac_addr = NULL;
++
++      memset(¶ms, 0, sizeof(params));
++
++      if (!info->attrs[NL80211_ATTR_KEY_CIPHER])
++              return -EINVAL;
++
++      if (info->attrs[NL80211_ATTR_KEY_DATA]) {
++              params.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
++              params.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
++      }
++
++      if (info->attrs[NL80211_ATTR_KEY_IDX])
++              key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
++
++      params.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
++
++      if (info->attrs[NL80211_ATTR_MAC])
++              mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
++
++      if (key_idx > 3)
++              return -EINVAL;
++
++      /*
++       * Disallow pairwise keys with non-zero index unless it's WEP
++       * (because current deployments use pairwise WEP keys with
++       * non-zero indizes but 802.11i clearly specifies to use zero)
++       */
++      if (mac_addr && key_idx &&
++          params.cipher != WLAN_CIPHER_SUITE_WEP40 &&
++          params.cipher != WLAN_CIPHER_SUITE_WEP104)
++              return -EINVAL;
++
++      /* TODO: add definitions for the lengths to linux/ieee80211.h */
++      switch (params.cipher) {
++      case WLAN_CIPHER_SUITE_WEP40:
++              if (params.key_len != 5)
++                      return -EINVAL;
++              break;
++      case WLAN_CIPHER_SUITE_TKIP:
++              if (params.key_len != 32)
++                      return -EINVAL;
++              break;
++      case WLAN_CIPHER_SUITE_CCMP:
++              if (params.key_len != 16)
++                      return -EINVAL;
++              break;
++      case WLAN_CIPHER_SUITE_WEP104:
++              if (params.key_len != 13)
++                      return -EINVAL;
++              break;
++      default:
++              return -EINVAL;
++      }
++
++      err = get_drv_dev_by_info_ifindex(info, &drv, &dev);
++      if (err)
++              return err;
++
++      if (!drv->ops->add_key) {
++              err = -EOPNOTSUPP;
++              goto out;
++      }
++
++      rtnl_lock();
++      err = drv->ops->add_key(&drv->wiphy, dev, key_idx, mac_addr, ¶ms);
++      rtnl_unlock();
++
++ out:
++      cfg80211_put_dev(drv);
++      dev_put(dev);
++      return err;
++}
++
++static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
++{
++      struct cfg80211_registered_device *drv;
++      int err;
++      struct net_device *dev;
++      u8 key_idx = 0;
++      u8 *mac_addr = NULL;
++
++      if (info->attrs[NL80211_ATTR_KEY_IDX])
++              key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
++
++      if (key_idx > 3)
++              return -EINVAL;
++
++      if (info->attrs[NL80211_ATTR_MAC])
++              mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
++
++      err = get_drv_dev_by_info_ifindex(info, &drv, &dev);
++      if (err)
++              return err;
++
++      if (!drv->ops->del_key) {
++              err = -EOPNOTSUPP;
++              goto out;
++      }
++
++      rtnl_lock();
++      err = drv->ops->del_key(&drv->wiphy, dev, key_idx, mac_addr);
++      rtnl_unlock();
++
++ out:
++      cfg80211_put_dev(drv);
++      dev_put(dev);
++      return err;
++}
++
+ static struct genl_ops nl80211_ops[] = {
+       {
+               .cmd = NL80211_CMD_GET_WIPHY,
+@@ -374,6 +639,30 @@ static struct genl_ops nl80211_ops[] = {
+               .policy = nl80211_policy,
+               .flags = GENL_ADMIN_PERM,
+       },
++      {
++              .cmd = NL80211_CMD_GET_KEY,
++              .doit = nl80211_get_key,
++              .policy = nl80211_policy,
++              .flags = GENL_ADMIN_PERM,
++      },
++      {
++              .cmd = NL80211_CMD_SET_KEY,
++              .doit = nl80211_set_key,
++              .policy = nl80211_policy,
++              .flags = GENL_ADMIN_PERM,
++      },
++      {
++              .cmd = NL80211_CMD_NEW_KEY,
++              .doit = nl80211_new_key,
++              .policy = nl80211_policy,
++              .flags = GENL_ADMIN_PERM,
++      },
++      {
++              .cmd = NL80211_CMD_DEL_KEY,
++              .doit = nl80211_del_key,
++              .policy = nl80211_policy,
++              .flags = GENL_ADMIN_PERM,
++      },
+ };
+ 
+ /* multicast groups */
+--- everything.orig/net/wireless/core.c        2007-10-30 15:33:43.677380478 +0100
++++ everything/net/wireless/core.c     2007-11-07 13:19:38.221513833 +0100
+@@ -184,6 +184,9 @@ struct wiphy *wiphy_new(struct cfg80211_
+       struct cfg80211_registered_device *drv;
+       int alloc_size;
+ 
++      WARN_ON(!ops->add_key && ops->del_key);
++      WARN_ON(ops->add_key && !ops->del_key);
++
+       alloc_size = sizeof(*drv) + sizeof_priv;
+ 
+       drv = kzalloc(alloc_size, GFP_KERNEL);
+--- everything.orig/include/net/cfg80211.h     2007-10-30 15:33:43.617381780 +0100
++++ everything/include/net/cfg80211.h  2007-11-07 13:19:38.231512748 +0100
+@@ -49,6 +49,26 @@ extern int ieee80211_radiotap_iterator_n
+    struct ieee80211_radiotap_iterator *iterator);
+ 
+ 
++ /**
++ * struct key_params - key information
++ *
++ * Information about a key
++ *
++ * @key: key material
++ * @key_len: length of key material
++ * @cipher: cipher suite selector
++ * @seq: sequence counter (IV/PN) for TKIP and CCMP keys, only used
++ *    with the get_key() callback, must be in little endian,
++ *    length given by @seq_len.
++ */
++struct key_params {
++      u8 *key;
++      u8 *seq;
++      int key_len;
++      int seq_len;
++      u32 cipher;
++};
++
+ /* from net/wireless.h */
+ struct wiphy;
+ 
+@@ -71,6 +91,18 @@ struct wiphy;
+  *
+  * @change_virtual_intf: change type of virtual interface
+  *
++ * @add_key: add a key with the given parameters. @mac_addr will be %NULL
++ *    when adding a group key.
++ *
++ * @get_key: get information about the key with the given parameters.
++ *    @mac_addr will be %NULL when requesting information for a group
++ *    key. All pointers given to the @callback function need not be valid
++ *    after it returns.
++ *
++ * @del_key: remove a key given the @mac_addr (%NULL for a group key)
++ *    and @key_index
++ *
++ * @set_default_key: set the default key on an interface
+  */
+ struct cfg80211_ops {
+       int     (*add_virtual_intf)(struct wiphy *wiphy, char *name,
+@@ -78,6 +110,18 @@ struct cfg80211_ops {
+       int     (*del_virtual_intf)(struct wiphy *wiphy, int ifindex);
+       int     (*change_virtual_intf)(struct wiphy *wiphy, int ifindex,
+                                      enum nl80211_iftype type);
++
++      int     (*add_key)(struct wiphy *wiphy, struct net_device *netdev,
++                         u8 key_index, u8 *mac_addr,
++                         struct key_params *params);
++      int     (*get_key)(struct wiphy *wiphy, struct net_device *netdev,
++                         u8 key_index, u8 *mac_addr, void *cookie,
++                         void (*callback)(void *cookie, struct key_params*));
++      int     (*del_key)(struct wiphy *wiphy, struct net_device *netdev,
++                         u8 key_index, u8 *mac_addr);
++      int     (*set_default_key)(struct wiphy *wiphy,
++                                 struct net_device *netdev,
++                                 u8 key_index);
+ };
+ 
+ #endif /* __NET_CFG80211_H */
 
--- /dev/null
+Subject: mac80211: support adding/removing keys via cfg80211
+
+This adds the necessary hooks to mac80211 to allow userspace
+to edit keys with cfg80211 (through nl80211.)
+
+Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
+
+---
+ net/mac80211/cfg.c |   91 +++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 91 insertions(+)
+
+--- everything.orig/net/mac80211/cfg.c 2007-11-07 13:19:29.441515732 +0100
++++ everything/net/mac80211/cfg.c      2007-11-07 13:19:39.531517685 +0100
+@@ -6,6 +6,7 @@
+  * This file is GPLv2 as found in COPYING.
+  */
+ 
++#include <linux/ieee80211.h>
+ #include <linux/nl80211.h>
+ #include <linux/rtnetlink.h>
+ #include <net/net_namespace.h>
+@@ -105,8 +106,98 @@ static int ieee80211_change_iface(struct
+       return 0;
+ }
+ 
++static int ieee80211_add_key(struct wiphy *wiphy, struct net_device *dev,
++                           u8 key_idx, u8 *mac_addr,
++                           struct key_params *params)
++{
++      struct ieee80211_sub_if_data *sdata;
++      struct sta_info *sta = NULL;
++      enum ieee80211_key_alg alg;
++      int ret;
++
++      sdata = IEEE80211_DEV_TO_SUB_IF(dev);
++
++      switch (params->cipher) {
++      case WLAN_CIPHER_SUITE_WEP40:
++      case WLAN_CIPHER_SUITE_WEP104:
++              alg = ALG_WEP;
++              break;
++      case WLAN_CIPHER_SUITE_TKIP:
++              alg = ALG_TKIP;
++              break;
++      case WLAN_CIPHER_SUITE_CCMP:
++              alg = ALG_CCMP;
++              break;
++      default:
++              return -EINVAL;
++      }
++
++      if (mac_addr) {
++              sta = sta_info_get(sdata->local, mac_addr);
++              if (!sta)
++                      return -ENOENT;
++      }
++
++      ret = 0;
++      if (!ieee80211_key_alloc(sdata, sta, alg, key_idx,
++                               params->key_len, params->key))
++              ret = -ENOMEM;
++
++      if (sta)
++              sta_info_put(sta);
++
++      return ret;
++}
++
++static int ieee80211_del_key(struct wiphy *wiphy, struct net_device *dev,
++                           u8 key_idx, u8 *mac_addr)
++{
++      struct ieee80211_sub_if_data *sdata;
++      struct sta_info *sta;
++      int ret;
++
++      sdata = IEEE80211_DEV_TO_SUB_IF(dev);
++
++      if (mac_addr) {
++              sta = sta_info_get(sdata->local, mac_addr);
++              if (!sta)
++                      return -ENOENT;
++
++              ret = 0;
++              if (sta->key)
++                      ieee80211_key_free(sta->key);
++              else
++                      ret = -ENOENT;
++
++              sta_info_put(sta);
++              return ret;
++      }
++
++      if (!sdata->keys[key_idx])
++              return -ENOENT;
++
++      ieee80211_key_free(sdata->keys[key_idx]);
++
++      return 0;
++}
++
++static int ieee80211_config_default_key(struct wiphy *wiphy,
++                                      struct net_device *dev,
++                                      u8 key_idx)
++{
++      struct ieee80211_sub_if_data *sdata;
++
++      sdata = IEEE80211_DEV_TO_SUB_IF(dev);
++      ieee80211_set_default_key(sdata, key_idx);
++
++      return 0;
++}
++
+ struct cfg80211_ops mac80211_config_ops = {
+       .add_virtual_intf = ieee80211_add_iface,
+       .del_virtual_intf = ieee80211_del_iface,
+       .change_virtual_intf = ieee80211_change_iface,
++      .add_key = ieee80211_add_key,
++      .del_key = ieee80211_del_key,
++      .set_default_key = ieee80211_config_default_key,
+ };
 
--- /dev/null
+Subject: mac80211: support getting key sequence counters via cfg80211
+
+This implements cfg80211's get_key() to allow retrieving the sequence
+counter for a TKIP or CCMP key from userspace. It also cleans up and
+documents the associated low-level driver interface.
+
+Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
+
+---
+ include/net/mac80211.h |   14 ++------
+ net/mac80211/cfg.c     |   85 ++++++++++++++++++++++++++++++++++++++++++++++++-
+ 2 files changed, 89 insertions(+), 10 deletions(-)
+
+Index: mac80211/net/mac80211/cfg.c
+===================================================================
+--- mac80211.orig/net/mac80211/cfg.c   2007-11-11 15:46:41.497954646 +0100
++++ mac80211/net/mac80211/cfg.c        2007-11-11 15:46:51.346515884 +0100
+@@ -1,7 +1,7 @@
+ /*
+  * mac80211 configuration hooks for cfg80211
+  *
+- * Copyright 2006     Johannes Berg <johannes@sipsolutions.net>
++ * Copyright 2006, 2007       Johannes Berg <johannes@sipsolutions.net>
+  *
+  * This file is GPLv2 as found in COPYING.
+  */
+@@ -180,6 +180,88 @@
+       return 0;
+ }
+ 
++static int ieee80211_get_key(struct wiphy *wiphy, struct net_device *dev,
++                           u8 key_idx, u8 *mac_addr, void *cookie,
++                           void (*callback)(void *cookie,
++                                            struct key_params *params))
++{
++      struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
++      struct sta_info *sta = NULL;
++      u8 seq[6] = {0};
++      struct key_params params;
++      struct ieee80211_key *key;
++      u32 iv32;
++      u16 iv16;
++      int err = -ENOENT;
++
++      if (mac_addr) {
++              sta = sta_info_get(sdata->local, mac_addr);
++              if (!sta)
++                      goto out;
++
++              key = sta->key;
++      } else
++              key = sdata->keys[key_idx];
++
++      if (!key)
++              goto out;
++
++      memset(¶ms, 0, sizeof(params));
++
++      switch (key->conf.alg) {
++      case ALG_TKIP:
++              params.cipher = WLAN_CIPHER_SUITE_TKIP;
++
++              iv32 = key->u.tkip.iv32;
++              iv16 = key->u.tkip.iv16;
++
++              if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE &&
++                  sdata->local->ops->get_tkip_seq)
++                      sdata->local->ops->get_tkip_seq(
++                              local_to_hw(sdata->local),
++                              key->conf.hw_key_idx,
++                              &iv32, &iv16);
++
++              seq[0] = iv16 & 0xff;
++              seq[1] = (iv16 >> 8) & 0xff;
++              seq[2] = iv32 & 0xff;
++              seq[3] = (iv32 >> 8) & 0xff;
++              seq[4] = (iv32 >> 16) & 0xff;
++              seq[5] = (iv32 >> 24) & 0xff;
++              params.seq = seq;
++              params.seq_len = 6;
++              break;
++      case ALG_CCMP:
++              params.cipher = WLAN_CIPHER_SUITE_CCMP;
++              seq[0] = key->u.ccmp.tx_pn[5];
++              seq[1] = key->u.ccmp.tx_pn[4];
++              seq[2] = key->u.ccmp.tx_pn[3];
++              seq[3] = key->u.ccmp.tx_pn[2];
++              seq[4] = key->u.ccmp.tx_pn[1];
++              seq[5] = key->u.ccmp.tx_pn[0];
++              params.seq = seq;
++              params.seq_len = 6;
++              break;
++      case ALG_WEP:
++              if (key->conf.keylen == 5)
++                      params.cipher = WLAN_CIPHER_SUITE_WEP40;
++              else
++                      params.cipher = WLAN_CIPHER_SUITE_WEP104;
++              break;
++      }
++
++      params.key = key->conf.key;
++      params.key_len = key->conf.keylen;
++
++      callback(cookie, ¶ms);
++      err = 0;
++
++ out:
++      if (sta)
++              sta_info_put(sta);
++      return err;
++}
++
+ static int ieee80211_config_default_key(struct wiphy *wiphy,
+                                       struct net_device *dev,
+                                       u8 key_idx)
+@@ -198,5 +280,6 @@
+       .change_virtual_intf = ieee80211_change_iface,
+       .add_key = ieee80211_add_key,
+       .del_key = ieee80211_del_key,
++      .get_key = ieee80211_get_key,
+       .set_default_key = ieee80211_config_default_key,
+ };
+Index: mac80211/include/net/mac80211.h
+===================================================================
+--- mac80211.orig/include/net/mac80211.h       2007-11-11 15:46:41.377947807 +0100
++++ mac80211/include/net/mac80211.h    2007-11-11 15:47:08.183475366 +0100
+@@ -598,9 +598,6 @@
+       u8 key[0];
+ };
+ 
+-#define IEEE80211_SEQ_COUNTER_RX      0
+-#define IEEE80211_SEQ_COUNTER_TX      1
+-
+ /**
+  * enum set_key_cmd - key command
+  *
+@@ -947,9 +944,9 @@
+  *
+  * @get_stats: return low-level statistics
+  *
+- * @get_sequence_counter: For devices that have internal sequence counters this
+- *    callback allows mac80211 to access the current value of a counter.
+- *    This callback seems not well-defined, tell us if you need it.
++ * @get_tkip_seq: If your device implements TKIP encryption in hardware this
++ *    callback should be provided to read the TKIP transmit IVs (both IV32
++ *    and IV16) for the given key from hardware.
+  *
+  * @set_rts_threshold: Configuration of RTS threshold (if device needs it)
+  *
+@@ -1022,9 +1019,8 @@
+       int (*hw_scan)(struct ieee80211_hw *hw, u8 *ssid, size_t len);
+       int (*get_stats)(struct ieee80211_hw *hw,
+                        struct ieee80211_low_level_stats *stats);
+-      int (*get_sequence_counter)(struct ieee80211_hw *hw,
+-                                  u8* addr, u8 keyidx, u8 txrx,
+-                                  u32* iv32, u16* iv16);
++      void (*get_tkip_seq)(struct ieee80211_hw *hw, u8 hw_key_idx,
++                           u32 *iv32, u16 *iv16);
+       int (*set_rts_threshold)(struct ieee80211_hw *hw, u32 value);
+       int (*set_frag_threshold)(struct ieee80211_hw *hw, u32 value);
+       int (*set_retry_limit)(struct ieee80211_hw *hw,
 
--- /dev/null
+Subject: cfg80211/nl80211: add beacon settings
+
+This adds the necessary API to cfg80211/nl80211 to allow
+changing beaconing settings.
+
+Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
+
+---
+ include/linux/nl80211.h |   24 ++++++++
+ include/net/cfg80211.h  |   33 +++++++++++
+ net/wireless/nl80211.c  |  133 ++++++++++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 190 insertions(+)
+
+--- everything.orig/include/net/cfg80211.h     2007-11-08 11:50:57.412840007 +0100
++++ everything/include/net/cfg80211.h  2007-11-08 16:50:38.421522842 +0100
+@@ -69,6 +69,26 @@ struct key_params {
+       u32 cipher;
+ };
+ 
++/**
++ * struct beacon_parameters - beacon parameters
++ *
++ * Used to configure the beacon for an interface.
++ *
++ * @head: head portion of beacon (before TIM IE)
++ *     or %NULL if not changed
++ * @tail: tail portion of beacon (after TIM IE)
++ *     or %NULL if not changed
++ * @interval: beacon interval or zero if not changed
++ * @dtim_period: DTIM period or zero if not changed
++ * @head_len: length of @head
++ * @tail_len: length of @tail
++ */
++struct beacon_parameters {
++      u8 *head, *tail;
++      int interval, dtim_period;
++      int head_len, tail_len;
++};
++
+ /* from net/wireless.h */
+ struct wiphy;
+ 
+@@ -103,6 +123,13 @@ struct wiphy;
+  *    and @key_index
+  *
+  * @set_default_key: set the default key on an interface
++ *
++ * @add_beacon: Add a beacon with given parameters, @head, @interval
++ *    and @dtim_period will be valid, @tail is optional.
++ * @set_beacon: Change the beacon parameters for an access point mode
++ *    interface. This should reject the call when no beacon has been
++ *    configured.
++ * @del_beacon: Remove beacon configuration and stop sending the beacon.
+  */
+ struct cfg80211_ops {
+       int     (*add_virtual_intf)(struct wiphy *wiphy, char *name,
+@@ -122,6 +149,12 @@ struct cfg80211_ops {
+       int     (*set_default_key)(struct wiphy *wiphy,
+                                  struct net_device *netdev,
+                                  u8 key_index);
++
++      int     (*add_beacon)(struct wiphy *wiphy, struct net_device *dev,
++                            struct beacon_parameters *info);
++      int     (*set_beacon)(struct wiphy *wiphy, struct net_device *dev,
++                            struct beacon_parameters *info);
++      int     (*del_beacon)(struct wiphy *wiphy, struct net_device *dev);
+ };
+ 
+ #endif /* __NET_CFG80211_H */
+--- everything.orig/include/linux/nl80211.h    2007-11-08 11:50:57.362839952 +0100
++++ everything/include/linux/nl80211.h 2007-11-08 16:56:32.431522732 +0100
+@@ -47,6 +47,15 @@
+  * @NL80211_CMD_DEL_KEY: delete a key identified by %NL80211_ATTR_KEY_IDX
+  *    or %NL80211_ATTR_MAC.
+  *
++ * @NL80211_CMD_GET_BEACON: retrieve beacon information (returned in a
++ *    %NL80222_CMD_NEW_BEACON message)
++ * @NL80211_CMD_SET_BEACON: set the beacon on an access point interface
++ *    using the %NL80211_ATTR_BEACON_INTERVAL, %NL80211_ATTR_DTIM_PERIOD,
++ *    %NL80211_BEACON_HEAD and %NL80211_BEACON_TAIL attributes.
++ * @NL80211_CMD_NEW_BEACON: add a new beacon to an access point interface,
++ *    parameters are like for %NL80211_CMD_SET_BEACON.
++ * @NL80211_CMD_DEL_BEACON: remove the beacon, stop sending it
++ *
+  * @NL80211_CMD_MAX: highest used command number
+  * @__NL80211_CMD_AFTER_LAST: internal use
+  */
+@@ -69,6 +78,11 @@ enum nl80211_commands {
+       NL80211_CMD_NEW_KEY,
+       NL80211_CMD_DEL_KEY,
+ 
++      NL80211_CMD_GET_BEACON,
++      NL80211_CMD_SET_BEACON,
++      NL80211_CMD_NEW_BEACON,
++      NL80211_CMD_DEL_BEACON,
++
+       /* add commands here */
+ 
+       /* used to define NL80211_CMD_MAX below */
+@@ -101,6 +115,11 @@ enum nl80211_commands {
+  * @NL80211_ATTR_KEY_SEQ: transmit key sequence number (IV/PN) for TKIP and
+  *    CCMP keys, each six bytes in little endian
+  *
++ * @NL80211_ATTR_BEACON_INTERVAL: beacon interval in TU
++ * @NL80211_ATTR_DTIM_PERIOD: DTIM period for beaconing
++ * @NL80211_ATTR_BEACON_HEAD: portion of the beacon before the TIM IE
++ * @NL80211_ATTR_BEACON_TAIL: portion of the beacon after the TIM IE
++ *
+  * @NL80211_ATTR_MAX: highest attribute number currently defined
+  * @__NL80211_ATTR_AFTER_LAST: internal use
+  */
+@@ -123,6 +142,11 @@ enum nl80211_attrs {
+       NL80211_ATTR_KEY_SEQ,
+       NL80211_ATTR_KEY_DEFAULT,
+ 
++      NL80211_ATTR_BEACON_INTERVAL,
++      NL80211_ATTR_DTIM_PERIOD,
++      NL80211_ATTR_BEACON_HEAD,
++      NL80211_ATTR_BEACON_TAIL,
++
+       /* add attributes here, update the policy in nl80211.c */
+ 
+       __NL80211_ATTR_AFTER_LAST,
+--- everything.orig/net/wireless/nl80211.c     2007-11-08 11:50:57.382836589 +0100
++++ everything/net/wireless/nl80211.c  2007-11-08 16:58:36.711524524 +0100
+@@ -69,6 +69,13 @@ static struct nla_policy nl80211_policy[
+       [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
+       [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
+       [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
++
++      [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
++      [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
++      [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
++                                     .len = IEEE80211_MAX_DATA_LEN },
++      [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
++                                     .len = IEEE80211_MAX_DATA_LEN },
+ };
+ 
+ /* message building helper */
+@@ -600,6 +607,114 @@ static int nl80211_del_key(struct sk_buf
+       return err;
+ }
+ 
++static int nl80211_addset_beacon(struct sk_buff *skb, struct genl_info *info)
++{
++        int (*call)(struct wiphy *wiphy, struct net_device *dev,
++                  struct beacon_parameters *info);
++      struct cfg80211_registered_device *drv;
++      int err;
++      struct net_device *dev;
++      struct beacon_parameters params;
++      int haveinfo = 0;
++
++      err = get_drv_dev_by_info_ifindex(info, &drv, &dev);
++      if (err)
++              return err;
++
++      switch (info->genlhdr->cmd) {
++      case NL80211_CMD_NEW_BEACON:
++              /* these are required for NEW_BEACON */
++              if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
++                  !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
++                  !info->attrs[NL80211_ATTR_BEACON_HEAD]) {
++                      err = -EINVAL;
++                      goto out;
++              }
++
++              call = drv->ops->add_beacon;
++              break;
++      case NL80211_CMD_SET_BEACON:
++              call = drv->ops->set_beacon;
++              break;
++      default:
++              WARN_ON(1);
++              err = -EOPNOTSUPP;
++              goto out;
++      }
++
++      if (!call) {
++              err = -EOPNOTSUPP;
++              goto out;
++      }
++
++      memset(¶ms, 0, sizeof(params));
++
++      if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
++              params.interval =
++                  nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
++              haveinfo = 1;
++      }
++
++      if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
++              params.dtim_period =
++                  nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
++              haveinfo = 1;
++      }
++
++      if (info->attrs[NL80211_ATTR_BEACON_HEAD]) {
++              params.head = nla_data(info->attrs[NL80211_ATTR_BEACON_HEAD]);
++              params.head_len =
++                  nla_len(info->attrs[NL80211_ATTR_BEACON_HEAD]);
++              haveinfo = 1;
++      }
++
++      if (info->attrs[NL80211_ATTR_BEACON_TAIL]) {
++              params.tail = nla_data(info->attrs[NL80211_ATTR_BEACON_TAIL]);
++              params.tail_len =
++                  nla_len(info->attrs[NL80211_ATTR_BEACON_TAIL]);
++              haveinfo = 1;
++      }
++
++      if (!haveinfo) {
++              err = -EINVAL;
++              goto out;
++      }
++
++      rtnl_lock();
++      err = call(&drv->wiphy, dev, ¶ms);
++      rtnl_unlock();
++
++ out:
++      cfg80211_put_dev(drv);
++      dev_put(dev);
++      return err;
++}
++
++static int nl80211_del_beacon(struct sk_buff *skb, struct genl_info *info)
++{
++      struct cfg80211_registered_device *drv;
++      int err;
++      struct net_device *dev;
++
++      err = get_drv_dev_by_info_ifindex(info, &drv, &dev);
++      if (err)
++              return err;
++
++      if (!drv->ops->del_beacon) {
++              err = -EOPNOTSUPP;
++              goto out;
++      }
++
++      rtnl_lock();
++      err = drv->ops->del_beacon(&drv->wiphy, dev);
++      rtnl_unlock();
++
++ out:
++      cfg80211_put_dev(drv);
++      dev_put(dev);
++      return err;
++}
++
+ static struct genl_ops nl80211_ops[] = {
+       {
+               .cmd = NL80211_CMD_GET_WIPHY,
+@@ -663,6 +778,24 @@ static struct genl_ops nl80211_ops[] = {
+               .policy = nl80211_policy,
+               .flags = GENL_ADMIN_PERM,
+       },
++      {
++              .cmd = NL80211_CMD_SET_BEACON,
++              .policy = nl80211_policy,
++              .flags = GENL_ADMIN_PERM,
++              .doit = nl80211_addset_beacon,
++      },
++      {
++              .cmd = NL80211_CMD_NEW_BEACON,
++              .policy = nl80211_policy,
++              .flags = GENL_ADMIN_PERM,
++              .doit = nl80211_addset_beacon,
++      },
++      {
++              .cmd = NL80211_CMD_DEL_BEACON,
++              .policy = nl80211_policy,
++              .flags = GENL_ADMIN_PERM,
++              .doit = nl80211_del_beacon,
++      },
+ };
+ 
+ /* multicast groups */
 
--- /dev/null
+Subject: mac80211: add beacon configuration via cfg80211
+
+This patch implements the cfg80211 hooks for configuring beaconing
+on an access point interface in mac80211. While doing so, it fixes
+a number of races that could badly crash the machine when the
+beacon is changed while being requested by the driver.
+
+Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
+
+---
+The dtim_count field should possibly also be part of the beacon
+structure, but the possible race there doesn't really matter,
+worst thing is that one beacon will be sent with a wrong dtim
+count if (and only if) userspace changes the dtim period during
+operation.
+
+ net/mac80211/cfg.c             |  156 +++++++++++++++++++++++++++++++++++++++++
+ net/mac80211/debugfs_netdev.c  |   27 -------
+ net/mac80211/ieee80211_i.h     |   14 ++-
+ net/mac80211/ieee80211_iface.c |    4 -
+ net/mac80211/tx.c              |   63 ++++++++++------
+ 5 files changed, 204 insertions(+), 60 deletions(-)
+
+Index: mac80211/net/mac80211/cfg.c
+===================================================================
+--- mac80211.orig/net/mac80211/cfg.c   2007-11-11 15:17:12.837164411 +0100
++++ mac80211/net/mac80211/cfg.c        2007-11-11 15:18:36.853952256 +0100
+@@ -9,6 +9,7 @@
+ #include <linux/ieee80211.h>
+ #include <linux/nl80211.h>
+ #include <linux/rtnetlink.h>
++#include <linux/rcupdate.h>
+ #include <net/cfg80211.h>
+ #include "ieee80211_i.h"
+ #include "cfg.h"
+@@ -274,6 +275,158 @@
+       return 0;
+ }
+ 
++/*
++ * This handles both adding a beacon and setting new beacon info
++ */
++static int ieee80211_config_beacon(struct ieee80211_sub_if_data *sdata,
++                                 struct beacon_parameters *params)
++{
++      struct beacon_data *new, *old;
++      int new_head_len, new_tail_len;
++      int size;
++      int err = -EINVAL;
++
++      old = sdata->u.ap.beacon;
++
++      /* head must not be zero-length */
++      if (params->head && !params->head_len)
++              return -EINVAL;
++
++      /*
++       * This is a kludge. beacon interval should really be part
++       * of the beacon information.
++       */
++      if (params->interval) {
++              sdata->local->hw.conf.beacon_int = params->interval;
++              if (ieee80211_hw_config(sdata->local))
++                      return -EINVAL;
++              /*
++               * We updated some parameter so if below bails out
++               * it's not an error.
++               */
++              err = 0;
++      }
++
++      /* Need to have a beacon head if we don't have one yet */
++      if (!params->head && !old)
++              return err;
++
++      /* sorry, no way to start beaconing without dtim period */
++      if (!params->dtim_period && !old)
++              return err;
++
++      /* new or old head? */
++      if (params->head)
++              new_head_len = params->head_len;
++      else
++              new_head_len = old->head_len;
++
++      /* new or old tail? */
++      if (params->tail || !old)
++              /* params->tail_len will be zero for !params->tail */
++              new_tail_len = params->tail_len;
++      else
++              new_tail_len = old->tail_len;
++
++      size = sizeof(*new) + new_head_len + new_tail_len;
++
++      new = kzalloc(size, GFP_KERNEL);
++      if (!new)
++              return -ENOMEM;
++
++      /* start filling the new info now */
++
++      /* new or old dtim period? */
++      if (params->dtim_period)
++              new->dtim_period = params->dtim_period;
++      else
++              new->dtim_period = old->dtim_period;
++
++      /*
++       * pointers go into the block we allocated,
++       * memory is | beacon_data | head | tail |
++       */
++      new->head = ((u8 *) new) + sizeof(*new);
++      new->tail = new->head + new_head_len;
++      new->head_len = new_head_len;
++      new->tail_len = new_tail_len;
++
++      /* copy in head */
++      if (params->head)
++              memcpy(new->head, params->head, new_head_len);
++      else
++              memcpy(new->head, old->head, new_head_len);
++
++      /* copy in optional tail */
++      if (params->tail)
++              memcpy(new->tail, params->tail, new_tail_len);
++      else
++              if (old)
++                      memcpy(new->tail, old->tail, new_tail_len);
++
++      rcu_assign_pointer(sdata->u.ap.beacon, new);
++
++      synchronize_rcu();
++
++      kfree(old);
++
++      return ieee80211_if_config_beacon(sdata->dev);
++}
++
++static int ieee80211_add_beacon(struct wiphy *wiphy, struct net_device *dev,
++                              struct beacon_parameters *params)
++{
++      struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
++      struct beacon_data *old;
++
++      if (sdata->type != IEEE80211_IF_TYPE_AP)
++              return -EINVAL;
++
++      old = sdata->u.ap.beacon;
++
++      if (old)
++              return -EALREADY;
++
++      return ieee80211_config_beacon(sdata, params);
++}
++
++static int ieee80211_set_beacon(struct wiphy *wiphy, struct net_device *dev,
++                              struct beacon_parameters *params)
++{
++      struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
++      struct beacon_data *old;
++
++      if (sdata->type != IEEE80211_IF_TYPE_AP)
++              return -EINVAL;
++
++      old = sdata->u.ap.beacon;
++
++      if (!old)
++              return -ENOENT;
++
++      return ieee80211_config_beacon(sdata, params);
++}
++
++static int ieee80211_del_beacon(struct wiphy *wiphy, struct net_device *dev)
++{
++      struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
++      struct beacon_data *old;
++
++      if (sdata->type != IEEE80211_IF_TYPE_AP)
++              return -EINVAL;
++
++      old = sdata->u.ap.beacon;
++
++      if (!old)
++              return -ENOENT;
++
++      rcu_assign_pointer(sdata->u.ap.beacon, NULL);
++      synchronize_rcu();
++      kfree(old);
++
++      return ieee80211_if_config_beacon(dev);
++}
++
+ struct cfg80211_ops mac80211_config_ops = {
+       .add_virtual_intf = ieee80211_add_iface,
+       .del_virtual_intf = ieee80211_del_iface,
+@@ -282,4 +435,7 @@
+       .del_key = ieee80211_del_key,
+       .get_key = ieee80211_get_key,
+       .set_default_key = ieee80211_config_default_key,
++      .add_beacon = ieee80211_add_beacon,
++      .set_beacon = ieee80211_set_beacon,
++      .del_beacon = ieee80211_del_beacon,
+ };
+Index: mac80211/net/mac80211/debugfs_netdev.c
+===================================================================
+--- mac80211.orig/net/mac80211/debugfs_netdev.c        2007-10-14 00:42:30.054156000 +0200
++++ mac80211/net/mac80211/debugfs_netdev.c     2007-11-11 15:18:11.852527505 +0100
+@@ -124,7 +124,6 @@
+ 
+ /* AP attributes */
+ IEEE80211_IF_FILE(num_sta_ps, u.ap.num_sta_ps, ATOMIC);
+-IEEE80211_IF_FILE(dtim_period, u.ap.dtim_period, DEC);
+ IEEE80211_IF_FILE(dtim_count, u.ap.dtim_count, DEC);
+ IEEE80211_IF_FILE(num_beacons, u.ap.num_beacons, DEC);
+ IEEE80211_IF_FILE(force_unicast_rateidx, u.ap.force_unicast_rateidx, DEC);
+@@ -138,26 +137,6 @@
+ }
+ __IEEE80211_IF_FILE(num_buffered_multicast);
+ 
+-static ssize_t ieee80211_if_fmt_beacon_head_len(
+-      const struct ieee80211_sub_if_data *sdata, char *buf, int buflen)
+-{
+-      if (sdata->u.ap.beacon_head)
+-              return scnprintf(buf, buflen, "%d\n",
+-                               sdata->u.ap.beacon_head_len);
+-      return scnprintf(buf, buflen, "\n");
+-}
+-__IEEE80211_IF_FILE(beacon_head_len);
+-
+-static ssize_t ieee80211_if_fmt_beacon_tail_len(
+-      const struct ieee80211_sub_if_data *sdata, char *buf, int buflen)
+-{
+-      if (sdata->u.ap.beacon_tail)
+-              return scnprintf(buf, buflen, "%d\n",
+-                               sdata->u.ap.beacon_tail_len);
+-      return scnprintf(buf, buflen, "\n");
+-}
+-__IEEE80211_IF_FILE(beacon_tail_len);
+-
+ /* WDS attributes */
+ IEEE80211_IF_FILE(peer, u.wds.remote_addr, MAC);
+ 
+@@ -194,14 +173,11 @@
+       DEBUGFS_ADD(eapol, ap);
+       DEBUGFS_ADD(ieee8021_x, ap);
+       DEBUGFS_ADD(num_sta_ps, ap);
+-      DEBUGFS_ADD(dtim_period, ap);
+       DEBUGFS_ADD(dtim_count, ap);
+       DEBUGFS_ADD(num_beacons, ap);
+       DEBUGFS_ADD(force_unicast_rateidx, ap);
+       DEBUGFS_ADD(max_ratectrl_rateidx, ap);
+       DEBUGFS_ADD(num_buffered_multicast, ap);
+-      DEBUGFS_ADD(beacon_head_len, ap);
+-      DEBUGFS_ADD(beacon_tail_len, ap);
+ }
+ 
+ static void add_wds_files(struct ieee80211_sub_if_data *sdata)
+@@ -287,14 +263,11 @@
+       DEBUGFS_DEL(eapol, ap);
+       DEBUGFS_DEL(ieee8021_x, ap);
+       DEBUGFS_DEL(num_sta_ps, ap);
+-      DEBUGFS_DEL(dtim_period, ap);
+       DEBUGFS_DEL(dtim_count, ap);
+       DEBUGFS_DEL(num_beacons, ap);
+       DEBUGFS_DEL(force_unicast_rateidx, ap);
+       DEBUGFS_DEL(max_ratectrl_rateidx, ap);
+       DEBUGFS_DEL(num_buffered_multicast, ap);
+-      DEBUGFS_DEL(beacon_head_len, ap);
+-      DEBUGFS_DEL(beacon_tail_len, ap);
+ }
+ 
+ static void del_wds_files(struct ieee80211_sub_if_data *sdata)
+Index: mac80211/net/mac80211/ieee80211_i.h
+===================================================================
+--- mac80211.orig/net/mac80211/ieee80211_i.h   2007-11-11 15:15:53.792659922 +0100
++++ mac80211/net/mac80211/ieee80211_i.h        2007-11-11 15:18:11.864528190 +0100
+@@ -190,9 +190,14 @@
+ typedef ieee80211_txrx_result (*ieee80211_rx_handler)
+ (struct ieee80211_txrx_data *rx);
+ 
++struct beacon_data {
++      u8 *head, *tail;
++      int head_len, tail_len;
++      int dtim_period;
++};
++
+ struct ieee80211_if_ap {
+-      u8 *beacon_head, *beacon_tail;
+-      int beacon_head_len, beacon_tail_len;
++      struct beacon_data *beacon;
+ 
+       struct list_head vlans;
+ 
+@@ -205,7 +210,7 @@
+       u8 tim[sizeof(unsigned long) * BITS_TO_LONGS(IEEE80211_MAX_AID + 1)];
+       atomic_t num_sta_ps; /* number of stations in PS mode */
+       struct sk_buff_head ps_bc_buf;
+-      int dtim_period, dtim_count;
++      int dtim_count;
+       int force_unicast_rateidx; /* forced TX rateidx for unicast frames */
+       int max_ratectrl_rateidx; /* max TX rateidx for rate control */
+       int num_beacons; /* number of TXed beacon frames for this BSS */
+@@ -361,14 +366,11 @@
+                       struct dentry *eapol;
+                       struct dentry *ieee8021_x;
+                       struct dentry *num_sta_ps;
+-                      struct dentry *dtim_period;
+                       struct dentry *dtim_count;
+                       struct dentry *num_beacons;
+                       struct dentry *force_unicast_rateidx;
+                       struct dentry *max_ratectrl_rateidx;
+                       struct dentry *num_buffered_multicast;
+-                      struct dentry *beacon_head_len;
+-                      struct dentry *beacon_tail_len;
+               } ap;
+               struct {
+                       struct dentry *channel_use;
+Index: mac80211/net/mac80211/ieee80211_iface.c
+===================================================================
+--- mac80211.orig/net/mac80211/ieee80211_iface.c       2007-11-11 15:15:53.796660158 +0100
++++ mac80211/net/mac80211/ieee80211_iface.c    2007-11-11 15:18:11.868528415 +0100
+@@ -187,7 +187,6 @@
+               sdata->u.vlan.ap = NULL;
+               break;
+       case IEEE80211_IF_TYPE_AP:
+-              sdata->u.ap.dtim_period = 2;
+               sdata->u.ap.force_unicast_rateidx = -1;
+               sdata->u.ap.max_ratectrl_rateidx = -1;
+               skb_queue_head_init(&sdata->u.ap.ps_bc_buf);
+@@ -271,8 +270,7 @@
+                       }
+               }
+ 
+-              kfree(sdata->u.ap.beacon_head);
+-              kfree(sdata->u.ap.beacon_tail);
++              kfree(sdata->u.ap.beacon);
+ 
+               while ((skb = skb_dequeue(&sdata->u.ap.ps_bc_buf))) {
+                       local->total_ps_buffered--;
+Index: mac80211/net/mac80211/tx.c
+===================================================================
+--- mac80211.orig/net/mac80211/tx.c    2007-11-11 15:15:53.804660611 +0100
++++ mac80211/net/mac80211/tx.c 2007-11-11 15:18:11.868528415 +0100
+@@ -1656,7 +1656,8 @@
+ 
+ static void ieee80211_beacon_add_tim(struct ieee80211_local *local,
+                                    struct ieee80211_if_ap *bss,
+-                                   struct sk_buff *skb)
++                                   struct sk_buff *skb,
++                                   struct beacon_data *beacon)
+ {
+       u8 *pos, *tim;
+       int aid0 = 0;
+@@ -1672,7 +1673,7 @@
+                                         IEEE80211_MAX_AID+1);
+ 
+       if (bss->dtim_count == 0)
+-              bss->dtim_count = bss->dtim_period - 1;
++              bss->dtim_count = beacon->dtim_period - 1;
+       else
+               bss->dtim_count--;
+ 
+@@ -1680,7 +1681,7 @@
+       *pos++ = WLAN_EID_TIM;
+       *pos++ = 4;
+       *pos++ = bss->dtim_count;
+-      *pos++ = bss->dtim_period;
++      *pos++ = beacon->dtim_period;
+ 
+       if (bss->dtim_count == 0 && !skb_queue_empty(&bss->ps_bc_buf))
+               aid0 = 1;
+@@ -1728,8 +1729,9 @@
+       struct ieee80211_if_ap *ap = NULL;
+       struct ieee80211_rate *rate;
+       struct rate_control_extra extra;
+-      u8 *b_head, *b_tail;
+-      int bh_len, bt_len;
++      struct beacon_data *beacon;
++
++      rcu_read_lock();
+ 
+       bdev = dev_get_by_index(if_id);
+       if (bdev) {
+@@ -1738,37 +1740,35 @@
+               dev_put(bdev);
+       }
+ 
+-      if (!ap || sdata->type != IEEE80211_IF_TYPE_AP ||
+-          !ap->beacon_head) {
++      beacon = rcu_dereference(ap->beacon);
++
++      if (!ap || sdata->type != IEEE80211_IF_TYPE_AP || !beacon) {
+ #ifdef CONFIG_MAC80211_VERBOSE_DEBUG
+               if (net_ratelimit())
+                       printk(KERN_DEBUG "no beacon data avail for idx=%d "
+                              "(%s)\n", if_id, bdev ? bdev->name : "N/A");
+ #endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
+-              return NULL;
++              skb = NULL;
++              goto out;
+       }
+ 
+-      /* Assume we are generating the normal beacon locally */
+-      b_head = ap->beacon_head;
+-      b_tail = ap->beacon_tail;
+-      bh_len = ap->beacon_head_len;
+-      bt_len = ap->beacon_tail_len;
+-
+-      skb = dev_alloc_skb(local->tx_headroom +
+-              bh_len + bt_len + 256 /* maximum TIM len */);
++      /* headroom, head length, tail length and maximum TIM length */
++      skb = dev_alloc_skb(local->tx_headroom + beacon->head_len +
++                          beacon->tail_len + 256);
+       if (!skb)
+-              return NULL;
++              goto out;
+ 
+       skb_reserve(skb, local->tx_headroom);
+-      memcpy(skb_put(skb, bh_len), b_head, bh_len);
++      memcpy(skb_put(skb, beacon->head_len), beacon->head,
++             beacon->head_len);
+ 
+       ieee80211_include_sequence(sdata, (struct ieee80211_hdr *)skb->data);
+ 
+-      ieee80211_beacon_add_tim(local, ap, skb);
++      ieee80211_beacon_add_tim(local, ap, skb, beacon);
+ 
+-      if (b_tail) {
+-              memcpy(skb_put(skb, bt_len), b_tail, bt_len);
+-      }
++      if (beacon->tail)
++              memcpy(skb_put(skb, beacon->tail_len), beacon->tail,
++                     beacon->tail_len);
+ 
+       if (control) {
+               memset(&extra, 0, sizeof(extra));
+@@ -1781,7 +1781,8 @@
+                                      "found\n", wiphy_name(local->hw.wiphy));
+                       }
+                       dev_kfree_skb(skb);
+-                      return NULL;
++                      skb = NULL;
++                      goto out;
+               }
+ 
+               control->tx_rate =
+@@ -1796,6 +1797,9 @@
+       }
+ 
+       ap->num_beacons++;
++
++ out:
++      rcu_read_unlock();
+       return skb;
+ }
+ EXPORT_SYMBOL(ieee80211_beacon_get);
+@@ -1844,6 +1848,7 @@
+       struct net_device *bdev;
+       struct ieee80211_sub_if_data *sdata;
+       struct ieee80211_if_ap *bss = NULL;
++      struct beacon_data *beacon;
+ 
+       bdev = dev_get_by_index(if_id);
+       if (bdev) {
+@@ -1851,9 +1856,19 @@
+               bss = &sdata->u.ap;
+               dev_put(bdev);
+       }
+-      if (!bss || sdata->type != IEEE80211_IF_TYPE_AP || !bss->beacon_head)
++
++      if (!bss)
+               return NULL;
+ 
++      rcu_read_lock();
++      beacon = rcu_dereference(bss->beacon);
++
++      if (sdata->type != IEEE80211_IF_TYPE_AP || !beacon || !beacon->head) {
++              rcu_read_unlock();
++              return NULL;
++      }
++      rcu_read_unlock();
++
+       if (bss->dtim_count != 0)
+               return NULL; /* send buffered bc/mc only after DTIM beacon */
+       memset(control, 0, sizeof(*control));
 
--- /dev/null
+Subject: cfg80211/nl80211: station handling
+
+This patch adds station handling to cfg80211/nl80211.
+
+Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
+
+---
+ include/linux/nl80211.h |   68 +++++++++++++
+ include/net/cfg80211.h  |   54 ++++++++++
+ net/wireless/nl80211.c  |  236 ++++++++++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 358 insertions(+)
+
+--- everything.orig/include/linux/nl80211.h    2007-11-08 16:56:32.431522732 +0100
++++ everything/include/linux/nl80211.h 2007-11-08 17:15:15.961529840 +0100
+@@ -7,6 +7,18 @@
+  */
+ 
+ /**
++ * DOC: Station handling
++ *
++ * Stations are added per interface, but a special case exists with VLAN
++ * interfaces. When a station is bound to an AP interface, it may be moved
++ * into a VLAN identified by a VLAN interface index (%NL80211_ATTR_STA_VLAN).
++ * The station is still assumed to belong to the AP interface it was added
++ * to.
++ *
++ * TODO: need more info?
++ */
++
++/**
+  * enum nl80211_commands - supported nl80211 commands
+  *
+  * @NL80211_CMD_UNSPEC: unspecified command to catch errors
+@@ -56,6 +68,16 @@
+  *    parameters are like for %NL80211_CMD_SET_BEACON.
+  * @NL80211_CMD_DEL_BEACON: remove the beacon, stop sending it
+  *
++ * @NL80211_CMD_GET_STATION: Get station attributes for station identified by
++ *    %NL80211_ATTR_MAC on the interface identified by %NL80211_ATTR_IFINDEX.
++ * @NL80211_CMD_SET_STATION: Set station attributes for station identified by
++ *    %NL80211_ATTR_MAC on the interface identified by %NL80211_ATTR_IFINDEX.
++ * @NL80211_CMD_NEW_STATION: Add a station with given attributes to the
++ *    the interface identified by %NL80211_ATTR_IFINDEX.
++ * @NL80211_CMD_DEL_STATION: Remove a station identified by %NL80211_ATTR_MAC
++ *    or, if no MAC address given, all stations, on the interface identified
++ *    by %NL80211_ATTR_IFINDEX.
++ *
+  * @NL80211_CMD_MAX: highest used command number
+  * @__NL80211_CMD_AFTER_LAST: internal use
+  */
+@@ -83,6 +105,11 @@ enum nl80211_commands {
+       NL80211_CMD_NEW_BEACON,
+       NL80211_CMD_DEL_BEACON,
+ 
++      NL80211_CMD_GET_STATION,
++      NL80211_CMD_SET_STATION,
++      NL80211_CMD_NEW_STATION,
++      NL80211_CMD_DEL_STATION,
++
+       /* add commands here */
+ 
+       /* used to define NL80211_CMD_MAX below */
+@@ -120,6 +147,17 @@ enum nl80211_commands {
+  * @NL80211_ATTR_BEACON_HEAD: portion of the beacon before the TIM IE
+  * @NL80211_ATTR_BEACON_TAIL: portion of the beacon after the TIM IE
+  *
++ * @NL80211_ATTR_STA_AID: Association ID for the station (u16)
++ * @NL80211_ATTR_STA_FLAGS: flags, nested element with NLA_FLAG attributes of
++ *    &enum nl80211_sta_flags.
++ * @NL80211_ATTR_STA_LISTEN_INTERVAL: listen interval as defined by
++ *    IEEE 802.11 7.3.1.6 (u16).
++ * @NL80211_ATTR_STA_SUPPORTED_RATES: supported rates, array of supported
++ *    rates as defined by IEEE 802.11 7.3.2.2 but without the length
++ *    restriction (at most %NL80211_MAX_SUPP_RATES).
++ * @NL80211_ATTR_STA_VLAN: interface index of VLAN interface to move station
++ *    to, or the AP interface the station was originally added to to.
++ *
+  * @NL80211_ATTR_MAX: highest attribute number currently defined
+  * @__NL80211_ATTR_AFTER_LAST: internal use
+  */
+@@ -147,12 +185,20 @@ enum nl80211_attrs {
+       NL80211_ATTR_BEACON_HEAD,
+       NL80211_ATTR_BEACON_TAIL,
+ 
++      NL80211_ATTR_STA_AID,
++      NL80211_ATTR_STA_FLAGS,
++      NL80211_ATTR_STA_LISTEN_INTERVAL,
++      NL80211_ATTR_STA_SUPPORTED_RATES,
++      NL80211_ATTR_STA_VLAN,
++
+       /* add attributes here, update the policy in nl80211.c */
+ 
+       __NL80211_ATTR_AFTER_LAST,
+       NL80211_ATTR_MAX = __NL80211_ATTR_AFTER_LAST - 1
+ };
+ 
++#define NL80211_MAX_SUPP_RATES        32
++
+ /**
+  * enum nl80211_iftype - (virtual) interface types
+  *
+@@ -184,4 +230,26 @@ enum nl80211_iftype {
+       NL80211_IFTYPE_MAX = __NL80211_IFTYPE_AFTER_LAST - 1
+ };
+ 
++/**
++ * enum nl80211_sta_flags - station flags
++ *
++ * Station flags. When a station is added to an AP interface, it is
++ * assumed to be already associated (and hence authenticated.)
++ *
++ * @NL80211_STA_FLAG_AUTHORIZED: station is authorized (802.1X)
++ * @NL80211_STA_FLAG_SHORT_PREAMBLE: station is capable of receiving frames
++ *    with short barker preamble
++ * @NL80211_STA_FLAG_WME: station is WME/QoS capable
++ */
++enum nl80211_sta_flags {
++      __NL80211_STA_FLAG_INVALID,
++      NL80211_STA_FLAG_AUTHORIZED,
++      NL80211_STA_FLAG_SHORT_PREAMBLE,
++      NL80211_STA_FLAG_WME,
++
++      /* keep last */
++      __NL80211_STA_FLAG_AFTER_LAST,
++      NL80211_STA_FLAG_MAX = __NL80211_STA_FLAG_AFTER_LAST - 1
++};
++
+ #endif /* __LINUX_NL80211_H */
+--- everything.orig/include/net/cfg80211.h     2007-11-08 16:50:38.421522842 +0100
++++ everything/include/net/cfg80211.h  2007-11-08 17:15:15.971532444 +0100
+@@ -89,6 +89,47 @@ struct beacon_parameters {
+       int head_len, tail_len;
+ };
+ 
++/**
++ * enum station_flags - station flags
++ *
++ * Station capability flags. Note that these must be the bits
++ * according to the nl80211 flags.
++ *
++ * @STATION_FLAG_CHANGED: station flags were changed
++ * @STATION_FLAG_AUTHORIZED: station is authorized to send frames (802.1X)
++ * @STATION_FLAG_SHORT_PREAMBLE: station is capable of receiving frames
++ *    with short preambles
++ * @STATION_FLAG_WME: station is WME/QoS capable
++ */
++enum station_flags {
++      STATION_FLAG_CHANGED            = 1<<0,
++      STATION_FLAG_AUTHORIZED         = 1<<NL80211_STA_FLAG_AUTHORIZED,
++      STATION_FLAG_SHORT_PREAMBLE     = 1<<NL80211_STA_FLAG_SHORT_PREAMBLE,
++      STATION_FLAG_WME                = 1<<NL80211_STA_FLAG_WME,
++};
++
++/**
++ * struct station_parameters - station parameters
++ *
++ * Used to change and create a new station.
++ *
++ * @vlan: vlan interface station should belong to
++ * @supported_rates: supported rates in IEEE 802.11 format
++ *    (or NULL for no change)
++ * @supported_rates_len: number of supported rates
++ * @station_flags: station flags (see &enum station_flags)
++ * @listen_interval: listen interval or -1 for no change
++ * @aid: AID or zero for no change
++ */
++struct station_parameters {
++      u8 *supported_rates;
++      struct net_device *vlan;
++      u32 station_flags;
++      int listen_interval;
++      u16 aid;
++      u8 supported_rates_len;
++};
++
+ /* from net/wireless.h */
+ struct wiphy;
+ 
+@@ -130,6 +171,12 @@ struct wiphy;
+  *    interface. This should reject the call when no beacon has been
+  *    configured.
+  * @del_beacon: Remove beacon configuration and stop sending the beacon.
++ *
++ * @add_station: Add a new station.
++ *
++ * @del_station: Remove a station; @mac may be NULL to remove all stations.
++ *
++ * @change_station: Modify a given station.
+  */
+ struct cfg80211_ops {
+       int     (*add_virtual_intf)(struct wiphy *wiphy, char *name,
+@@ -155,6 +202,13 @@ struct cfg80211_ops {
+       int     (*set_beacon)(struct wiphy *wiphy, struct net_device *dev,
+                             struct beacon_parameters *info);
+       int     (*del_beacon)(struct wiphy *wiphy, struct net_device *dev);
++
++      int     (*add_station)(struct wiphy *wiphy, struct net_device *dev,
++                             u8 *mac, struct station_parameters *params);
++      int     (*del_station)(struct wiphy *wiphy, struct net_device *dev,
++                             u8 *mac);
++      int     (*change_station)(struct wiphy *wiphy, struct net_device *dev,
++                                u8 *mac, struct station_parameters *params);
+ };
+ 
+ #endif /* __NET_CFG80211_H */
+--- everything.orig/net/wireless/nl80211.c     2007-11-08 16:58:36.711524524 +0100
++++ everything/net/wireless/nl80211.c  2007-11-08 17:15:15.981533909 +0100
+@@ -76,6 +76,12 @@ static struct nla_policy nl80211_policy[
+                                      .len = IEEE80211_MAX_DATA_LEN },
+       [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
+                                      .len = IEEE80211_MAX_DATA_LEN },
++      [NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
++      [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
++      [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
++      [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
++                                             .len = NL80211_MAX_SUPP_RATES },
++      [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
+ };
+ 
+ /* message building helper */
+@@ -715,6 +721,211 @@ static int nl80211_del_beacon(struct sk_
+       return err;
+ }
+ 
++static
++struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] __read_mostly = {
++      [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
++      [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
++      [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
++};
++
++static int parse_station_flags(struct nlattr *nla, u32 *staflags)
++{
++      struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
++      int flag;
++
++      *staflags = 0;
++
++      if (!nla)
++              return 0;
++
++      if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX,
++                           nla, sta_flags_policy))
++              return -EINVAL;
++
++      *staflags = STATION_FLAG_CHANGED;
++
++      for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++)
++              if (flags[flag])
++                      *staflags |= (1<<flag);
++
++      return 0;
++}
++
++static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
++{
++      return -EOPNOTSUPP;
++}
++
++/*
++ * Get vlan interface making sure it is on the right wiphy.
++ */
++static int get_vlan(struct nlattr *vlanattr,
++                  struct cfg80211_registered_device *rdev,
++                  struct net_device **vlan)
++{
++      *vlan = NULL;
++
++      if (vlanattr) {
++              *vlan = dev_get_by_index(nla_get_u32(vlanattr));
++              if (!*vlan)
++                      return -ENODEV;
++              if (!(*vlan)->ieee80211_ptr)
++                      return -EINVAL;
++              if ((*vlan)->ieee80211_ptr->wiphy != &rdev->wiphy)
++                      return -EINVAL;
++      }
++      return 0;
++}
++
++static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
++{
++      struct cfg80211_registered_device *drv;
++      int err;
++      struct net_device *dev;
++      struct station_parameters params;
++      u8 *mac_addr = NULL;
++
++      memset(¶ms, 0, sizeof(params));
++
++      params.listen_interval = -1;
++
++      if (info->attrs[NL80211_ATTR_STA_AID])
++              return -EINVAL;
++
++      if (!info->attrs[NL80211_ATTR_MAC])
++              return -EINVAL;
++
++      mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
++
++      if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
++              params.supported_rates =
++                      nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
++              params.supported_rates_len =
++                      nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
++      }
++
++      if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
++              params.listen_interval =
++                  nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
++
++      if (parse_station_flags(info->attrs[NL80211_ATTR_STA_FLAGS],
++                              ¶ms.station_flags))
++              return -EINVAL;
++
++      err = get_drv_dev_by_info_ifindex(info, &drv, &dev);
++      if (err)
++              return err;
++
++      err = get_vlan(info->attrs[NL80211_ATTR_STA_VLAN], drv, ¶ms.vlan);
++      if (err)
++              goto out;
++
++      if (!drv->ops->change_station) {
++              err = -EOPNOTSUPP;
++              goto out;
++      }
++
++      rtnl_lock();
++      err = drv->ops->change_station(&drv->wiphy, dev, mac_addr, ¶ms);
++      rtnl_unlock();
++
++ out:
++      if (params.vlan)
++              dev_put(params.vlan);
++      cfg80211_put_dev(drv);
++      dev_put(dev);
++      return err;
++}
++
++static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
++{
++      struct cfg80211_registered_device *drv;
++      int err;
++      struct net_device *dev;
++      struct station_parameters params;
++      u8 *mac_addr = NULL;
++
++      memset(¶ms, 0, sizeof(params));
++
++      if (!info->attrs[NL80211_ATTR_MAC])
++              return -EINVAL;
++
++      if (!info->attrs[NL80211_ATTR_STA_AID])
++              return -EINVAL;
++
++      if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
++              return -EINVAL;
++
++      if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
++              return -EINVAL;
++
++      mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
++      params.supported_rates =
++              nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
++      params.supported_rates_len =
++              nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
++      params.listen_interval =
++              nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
++      params.listen_interval = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
++
++      if (parse_station_flags(info->attrs[NL80211_ATTR_STA_FLAGS],
++                              ¶ms.station_flags))
++              return -EINVAL;
++
++      err = get_drv_dev_by_info_ifindex(info, &drv, &dev);
++      if (err)
++              return err;
++
++      err = get_vlan(info->attrs[NL80211_ATTR_STA_VLAN], drv, ¶ms.vlan);
++      if (err)
++              goto out;
++
++      if (!drv->ops->add_station) {
++              err = -EOPNOTSUPP;
++              goto out;
++      }
++
++      rtnl_lock();
++      err = drv->ops->add_station(&drv->wiphy, dev, mac_addr, ¶ms);
++      rtnl_unlock();
++
++ out:
++      if (params.vlan)
++              dev_put(params.vlan);
++      cfg80211_put_dev(drv);
++      dev_put(dev);
++      return err;
++}
++
++static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
++{
++      struct cfg80211_registered_device *drv;
++      int err;
++      struct net_device *dev;
++      u8 *mac_addr = NULL;
++
++      if (info->attrs[NL80211_ATTR_MAC])
++              mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
++
++      err = get_drv_dev_by_info_ifindex(info, &drv, &dev);
++      if (err)
++              return err;
++
++      if (!drv->ops->del_station) {
++              err = -EOPNOTSUPP;
++              goto out;
++      }
++
++      rtnl_lock();
++      err = drv->ops->del_station(&drv->wiphy, dev, mac_addr);
++      rtnl_unlock();
++
++ out:
++      cfg80211_put_dev(drv);
++      dev_put(dev);
++      return err;
++}
++
+ static struct genl_ops nl80211_ops[] = {
+       {
+               .cmd = NL80211_CMD_GET_WIPHY,
+@@ -796,6 +1007,31 @@ static struct genl_ops nl80211_ops[] = {
+               .flags = GENL_ADMIN_PERM,
+               .doit = nl80211_del_beacon,
+       },
++      {
++              .cmd = NL80211_CMD_GET_STATION,
++              .doit = nl80211_get_station,
++              /* TODO: implement dumpit */
++              .policy = nl80211_policy,
++              .flags = GENL_ADMIN_PERM,
++      },
++      {
++              .cmd = NL80211_CMD_SET_STATION,
++              .doit = nl80211_set_station,
++              .policy = nl80211_policy,
++              .flags = GENL_ADMIN_PERM,
++      },
++      {
++              .cmd = NL80211_CMD_NEW_STATION,
++              .doit = nl80211_new_station,
++              .policy = nl80211_policy,
++              .flags = GENL_ADMIN_PERM,
++      },
++      {
++              .cmd = NL80211_CMD_DEL_STATION,
++              .doit = nl80211_del_station,
++              .policy = nl80211_policy,
++              .flags = GENL_ADMIN_PERM,
++      },
+ };
+ 
+ /* multicast groups */
 
--- /dev/null
+Subject: mac80211: implement cfg80211's station handling
+
+This implements station handling from userspace via cfg80211
+in mac80211.
+
+Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
+
+---
+ net/mac80211/cfg.c |  192 +++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 192 insertions(+)
+
+--- everything.orig/net/mac80211/cfg.c 2007-11-08 17:11:52.351521702 +0100
++++ everything/net/mac80211/cfg.c      2007-11-08 17:15:51.801523493 +0100
+@@ -14,6 +14,7 @@
+ #include <net/cfg80211.h>
+ #include "ieee80211_i.h"
+ #include "cfg.h"
++#include "ieee80211_rate.h"
+ 
+ static enum ieee80211_if_types
+ nl80211_type_to_mac80211_type(enum nl80211_iftype type)
+@@ -428,6 +429,194 @@ static int ieee80211_del_beacon(struct w
+       return ieee80211_if_config_beacon(dev);
+ }
+ 
++/* Layer 2 Update frame (802.2 Type 1 LLC XID Update response) */
++struct iapp_layer2_update {
++      u8 da[ETH_ALEN];        /* broadcast */
++      u8 sa[ETH_ALEN];        /* STA addr */
++      __be16 len;             /* 6 */
++      u8 dsap;                /* 0 */
++      u8 ssap;                /* 0 */
++      u8 control;
++      u8 xid_info[3];
++} __attribute__ ((packed));
++
++static void ieee80211_send_layer2_update(struct sta_info *sta)
++{
++      struct iapp_layer2_update *msg;
++      struct sk_buff *skb;
++
++      /* Send Level 2 Update Frame to update forwarding tables in layer 2
++       * bridge devices */
++
++      skb = dev_alloc_skb(sizeof(*msg));
++      if (!skb)
++              return;
++      msg = (struct iapp_layer2_update *)skb_put(skb, sizeof(*msg));
++
++      /* 802.2 Type 1 Logical Link Control (LLC) Exchange Identifier (XID)
++       * Update response frame; IEEE Std 802.2-1998, 5.4.1.2.1 */
++
++      memset(msg->da, 0xff, ETH_ALEN);
++      memcpy(msg->sa, sta->addr, ETH_ALEN);
++      msg->len = htons(6);
++      msg->dsap = 0;
++      msg->ssap = 0x01;       /* NULL LSAP, CR Bit: Response */
++      msg->control = 0xaf;    /* XID response lsb.1111F101.
++                               * F=0 (no poll command; unsolicited frame) */
++      msg->xid_info[0] = 0x81;        /* XID format identifier */
++      msg->xid_info[1] = 1;   /* LLC types/classes: Type 1 LLC */
++      msg->xid_info[2] = 0;   /* XID sender's receive window size (RW) */
++
++      skb->dev = sta->dev;
++      skb->protocol = eth_type_trans(skb, sta->dev);
++      memset(skb->cb, 0, sizeof(skb->cb));
++      netif_rx(skb);
++}
++
++static void sta_apply_parameters(struct ieee80211_local *local,
++                               struct sta_info *sta,
++                               struct station_parameters *params)
++{
++      u32 rates;
++      int i, j;
++      struct ieee80211_hw_mode *mode;
++
++      if (params->station_flags & STATION_FLAG_CHANGED) {
++              sta->flags &= ~WLAN_STA_AUTHORIZED;
++              if (params->station_flags & STATION_FLAG_AUTHORIZED)
++                      sta->flags |= WLAN_STA_AUTHORIZED;
++
++              sta->flags &= ~WLAN_STA_SHORT_PREAMBLE;
++              if (params->station_flags & STATION_FLAG_SHORT_PREAMBLE)
++                      sta->flags |= WLAN_STA_SHORT_PREAMBLE;
++
++              sta->flags &= ~WLAN_STA_WME;
++              if (params->station_flags & STATION_FLAG_WME)
++                      sta->flags |= WLAN_STA_WME;
++      }
++
++      if (params->aid) {
++              sta->aid = params->aid;
++              if (sta->aid > IEEE80211_MAX_AID)
++                      sta->aid = 0; /* XXX: should this be an error? */
++      }
++
++      if (params->listen_interval >= 0)
++              sta->listen_interval = params->listen_interval;
++
++      if (params->supported_rates) {
++              rates = 0;
++              mode = local->oper_hw_mode;
++              for (i = 0; i < params->supported_rates_len; i++) {
++                      int rate = (params->supported_rates[i] & 0x7f) * 5;
++                      for (j = 0; j < mode->num_rates; j++) {
++                              if (mode->rates[j].rate == rate)
++                                      rates |= BIT(j);
++                      }
++              }
++              sta->supp_rates = rates;
++      }
++}
++
++static int ieee80211_add_station(struct wiphy *wiphy, struct net_device *dev,
++                               u8 *mac, struct station_parameters *params)
++{
++      struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
++      struct sta_info *sta;
++      struct ieee80211_sub_if_data *sdata;
++
++      /* Prevent a race with changing the rate control algorithm */
++      if (!netif_running(dev))
++              return -ENETDOWN;
++
++      /* XXX: get sta belonging to dev */
++      sta = sta_info_get(local, mac);
++      if (sta) {
++              sta_info_put(sta);
++              return -EEXIST;
++      }
++
++      if (params->vlan) {
++              sdata = IEEE80211_DEV_TO_SUB_IF(params->vlan);
++
++              if (sdata->type != IEEE80211_IF_TYPE_VLAN ||
++                  sdata->type != IEEE80211_IF_TYPE_AP)
++                      return -EINVAL;
++      } else
++              sdata = IEEE80211_DEV_TO_SUB_IF(dev);
++
++      sta = sta_info_add(local, dev, mac, GFP_KERNEL);
++      if (!sta)
++              return -ENOMEM;
++
++      sta->dev = sdata->dev;
++      if (sdata->type == IEEE80211_IF_TYPE_VLAN ||
++          sdata->type == IEEE80211_IF_TYPE_AP)
++              ieee80211_send_layer2_update(sta);
++
++      sta->flags = WLAN_STA_AUTH | WLAN_STA_ASSOC;
++
++      sta_apply_parameters(local, sta, params);
++
++      rate_control_rate_init(sta, local);
++
++      sta_info_put(sta);
++
++      return 0;
++}
++
++static int ieee80211_del_station(struct wiphy *wiphy, struct net_device *dev,
++                               u8 *mac)
++{
++      struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
++      struct sta_info *sta;
++
++      if (mac) {
++              /* XXX: get sta belonging to dev */
++              sta = sta_info_get(local, mac);
++              if (!sta)
++                      return -ENOENT;
++
++              sta_info_free(sta);
++              sta_info_put(sta);
++      } else
++              sta_info_flush(local, dev);
++
++      return 0;
++}
++
++static int ieee80211_change_station(struct wiphy *wiphy,
++                                  struct net_device *dev,
++                                  u8 *mac,
++                                  struct station_parameters *params)
++{
++      struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
++      struct sta_info *sta;
++      struct ieee80211_sub_if_data *vlansdata;
++
++      /* XXX: get sta belonging to dev */
++      sta = sta_info_get(local, mac);
++      if (!sta)
++              return -ENOENT;
++
++      if (params->vlan && params->vlan != sta->dev) {
++              vlansdata = IEEE80211_DEV_TO_SUB_IF(params->vlan);
++
++              if (vlansdata->type != IEEE80211_IF_TYPE_VLAN ||
++                  vlansdata->type != IEEE80211_IF_TYPE_AP)
++                      return -EINVAL;
++
++              sta->dev = params->vlan;
++              ieee80211_send_layer2_update(sta);
++      }
++
++      sta_apply_parameters(local, sta, params);
++
++      sta_info_put(sta);
++
++      return 0;
++}
++
+ struct cfg80211_ops mac80211_config_ops = {
+       .add_virtual_intf = ieee80211_add_iface,
+       .del_virtual_intf = ieee80211_del_iface,
+@@ -439,4 +628,7 @@ struct cfg80211_ops mac80211_config_ops 
+       .add_beacon = ieee80211_add_beacon,
+       .set_beacon = ieee80211_set_beacon,
+       .del_beacon = ieee80211_del_beacon,
++      .add_station = ieee80211_add_station,
++      .del_station = ieee80211_del_station,
++      .change_station = ieee80211_change_station,
+ };
 
--- /dev/null
+Subject: cfg80211/nl80211: implement station attribute retrieval
+
+After a station is added to the kernel's structures, userspace
+has to be able to retrieve statistics about that station, especially
+whether the station was idle and how much bytes were transferred
+to and from it. This adds the necessary code to nl80211.
+
+Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
+
+---
+ include/linux/nl80211.h |   28 ++++++++++++++++
+ include/net/cfg80211.h  |   35 ++++++++++++++++++++
+ net/wireless/nl80211.c  |   82 +++++++++++++++++++++++++++++++++++++++++++++++-
+ 3 files changed, 144 insertions(+), 1 deletion(-)
+
+--- everything.orig/include/linux/nl80211.h    2007-11-08 17:15:15.961529840 +0100
++++ everything/include/linux/nl80211.h 2007-11-08 17:17:00.891547364 +0100
+@@ -157,6 +157,9 @@ enum nl80211_commands {
+  *    restriction (at most %NL80211_MAX_SUPP_RATES).
+  * @NL80211_ATTR_STA_VLAN: interface index of VLAN interface to move station
+  *    to, or the AP interface the station was originally added to to.
++ * @NL80211_ATTR_STA_STATS: statistics for a station, part of station info
++ *    given for %NL80211_CMD_GET_STATION, nested attribute containing
++ *    info as possible, see &enum nl80211_sta_stats.
+  *
+  * @NL80211_ATTR_MAX: highest attribute number currently defined
+  * @__NL80211_ATTR_AFTER_LAST: internal use
+@@ -190,6 +193,7 @@ enum nl80211_attrs {
+       NL80211_ATTR_STA_LISTEN_INTERVAL,
+       NL80211_ATTR_STA_SUPPORTED_RATES,
+       NL80211_ATTR_STA_VLAN,
++      NL80211_ATTR_STA_STATS,
+ 
+       /* add attributes here, update the policy in nl80211.c */
+ 
+@@ -252,4 +256,28 @@ enum nl80211_sta_flags {
+       NL80211_STA_FLAG_MAX = __NL80211_STA_FLAG_AFTER_LAST - 1
+ };
+ 
++/**
++ * enum nl80211_sta_stats - station statistics
++ *
++ * These attribute types are used with %NL80211_ATTR_STA_STATS
++ * when getting information about a station.
++ *
++ * @__NL80211_STA_STAT_INVALID: attribute number 0 is reserved
++ * @NL80211_STA_STAT_INACTIVE_TIME: time since last activity (u32, msecs)
++ * @NL80211_STA_STAT_RX_BYTES: total received bytes (u32, from this station)
++ * @NL80211_STA_STAT_TX_BYTES: total transmitted bytes (u32, to this station)
++ * @__NL80211_STA_STAT_AFTER_LAST: internal
++ * @NL80211_STA_STAT_MAX: highest possible station stats attribute
++ */
++enum nl80211_sta_stats {
++      __NL80211_STA_STAT_INVALID,
++      NL80211_STA_STAT_INACTIVE_TIME,
++      NL80211_STA_STAT_RX_BYTES,
++      NL80211_STA_STAT_TX_BYTES,
++
++      /* keep last */
++      __NL80211_STA_STAT_AFTER_LAST,
++      NL80211_STA_STAT_MAX = __NL80211_STA_STAT_AFTER_LAST - 1
++};
++
+ #endif /* __LINUX_NL80211_H */
+--- everything.orig/include/net/cfg80211.h     2007-11-08 17:15:15.971532444 +0100
++++ everything/include/net/cfg80211.h  2007-11-08 17:17:00.891547364 +0100
+@@ -130,6 +130,39 @@ struct station_parameters {
+       u8 supported_rates_len;
+ };
+ 
++/**
++ * enum station_stats_flags - station statistics flags
++ *
++ * Used by the driver to indicate which info in &struct station_stats
++ * it has filled in during get_station().
++ *
++ * @STATION_STAT_INACTIVE_TIME: @inactive_time filled
++ * @STATION_STAT_RX_BYTES: @rx_bytes filled
++ * @STATION_STAT_TX_BYTES: @tx_bytes filled
++ */
++enum station_stats_flags {
++      STATION_STAT_INACTIVE_TIME      = 1<<0,
++      STATION_STAT_RX_BYTES           = 1<<1,
++      STATION_STAT_TX_BYTES           = 1<<2,
++};
++
++/**
++ * struct station_stats - station statistics
++ *
++ * Station information filled by driver for get_station().
++ *
++ * @filled: bitflag of flags from &enum station_stats_flags
++ * @inactive_time: time since last station activity (tx/rx) in milliseconds
++ * @rx_bytes: bytes received from this station
++ * @tx_bytes: bytes transmitted to this station
++ */
++struct station_stats {
++      u32 filled;
++      u32 inactive_time;
++      u32 rx_bytes;
++      u32 tx_bytes;
++};
++
+ /* from net/wireless.h */
+ struct wiphy;
+ 
+@@ -209,6 +242,8 @@ struct cfg80211_ops {
+                              u8 *mac);
+       int     (*change_station)(struct wiphy *wiphy, struct net_device *dev,
+                                 u8 *mac, struct station_parameters *params);
++      int     (*get_station)(struct wiphy *wiphy, struct net_device *dev,
++                             u8 *mac, struct station_stats *stats);
+ };
+ 
+ #endif /* __NET_CFG80211_H */
+--- everything.orig/net/wireless/nl80211.c     2007-11-08 17:15:15.981533909 +0100
++++ everything/net/wireless/nl80211.c  2007-11-08 17:17:00.901534235 +0100
+@@ -751,9 +751,89 @@ static int parse_station_flags(struct nl
+       return 0;
+ }
+ 
++static int nl80211_send_station(struct sk_buff *msg, u32 pid, u32 seq,
++                              int flags, struct net_device *dev,
++                              u8 *mac_addr, struct station_stats *stats)
++{
++      void *hdr;
++      struct nlattr *statsattr;
++
++      hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION);
++      if (!hdr)
++              return -1;
++
++      NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
++      NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr);
++
++      statsattr = nla_nest_start(msg, NL80211_ATTR_STA_STATS);
++      if (!statsattr)
++              goto nla_put_failure;
++      if (stats->filled & STATION_STAT_INACTIVE_TIME)
++              NLA_PUT_U32(msg, NL80211_STA_STAT_INACTIVE_TIME,
++                          stats->inactive_time);
++      if (stats->filled & STATION_STAT_RX_BYTES)
++              NLA_PUT_U32(msg, NL80211_STA_STAT_RX_BYTES,
++                          stats->rx_bytes);
++      if (stats->filled & STATION_STAT_TX_BYTES)
++              NLA_PUT_U32(msg, NL80211_STA_STAT_TX_BYTES,
++                          stats->tx_bytes);
++
++      nla_nest_end(msg, statsattr);
++
++      return genlmsg_end(msg, hdr);
++
++ nla_put_failure:
++      return genlmsg_cancel(msg, hdr);
++}
++
++
+ static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
+ {
+-      return -EOPNOTSUPP;
++      struct cfg80211_registered_device *drv;
++      int err;
++      struct net_device *dev;
++      struct station_stats stats;
++      struct sk_buff *msg;
++      u8 *mac_addr = NULL;
++
++      memset(&stats, 0, sizeof(stats));
++
++      if (!info->attrs[NL80211_ATTR_MAC])
++              return -EINVAL;
++
++      mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
++
++      err = get_drv_dev_by_info_ifindex(info, &drv, &dev);
++      if (err)
++              return err;
++
++      if (!drv->ops->get_station) {
++              err = -EOPNOTSUPP;
++              goto out;
++      }
++
++      rtnl_lock();
++      err = drv->ops->get_station(&drv->wiphy, dev, mac_addr, &stats);
++      rtnl_unlock();
++
++      msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
++      if (!msg)
++              goto out;
++
++      if (nl80211_send_station(msg, info->snd_pid, info->snd_seq, 0,
++                               dev, mac_addr, &stats) < 0)
++              goto out_free;
++
++      err = genlmsg_unicast(msg, info->snd_pid);
++      goto out;
++
++ out_free:
++      nlmsg_free(msg);
++
++ out:
++      cfg80211_put_dev(drv);
++      dev_put(dev);
++      return err;
+ }
+ 
+ /*
 
--- /dev/null
+Subject: mac80211: implement station stats retrieval
+
+This implements the required cfg80211 callback in mac80211
+to allow userspace to get station statistics.
+
+Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
+
+---
+ net/mac80211/cfg.c |   26 ++++++++++++++++++++++++++
+ 1 file changed, 26 insertions(+)
+
+--- everything.orig/net/mac80211/cfg.c 2007-11-08 17:15:51.801523493 +0100
++++ everything/net/mac80211/cfg.c      2007-11-08 17:17:01.921529351 +0100
+@@ -617,6 +617,31 @@ static int ieee80211_change_station(stru
+       return 0;
+ }
+ 
++static int ieee80211_get_station(struct wiphy *wiphy, struct net_device *dev,
++                               u8 *mac, struct station_stats *stats)
++{
++      struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
++      struct sta_info *sta;
++
++      sta = sta_info_get(local, mac);
++      if (!sta)
++              return -ENOENT;
++
++      /* XXX: verify sta->dev == dev */
++
++      stats->filled = STATION_STAT_INACTIVE_TIME |
++                      STATION_STAT_RX_BYTES |
++                      STATION_STAT_TX_BYTES;
++
++      stats->inactive_time = jiffies_to_msecs(jiffies - sta->last_rx);
++      stats->rx_bytes = sta->rx_bytes;
++      stats->tx_bytes = sta->tx_bytes;
++
++      sta_info_put(sta);
++
++      return 0;
++}
++
+ struct cfg80211_ops mac80211_config_ops = {
+       .add_virtual_intf = ieee80211_add_iface,
+       .del_virtual_intf = ieee80211_del_iface,
+@@ -631,4 +656,5 @@ struct cfg80211_ops mac80211_config_ops 
+       .add_station = ieee80211_add_station,
+       .del_station = ieee80211_del_station,
+       .change_station = ieee80211_change_station,
++      .get_station = ieee80211_get_station,
+ };
 
+++ /dev/null
-config MAC80211
-       tristate "Generic IEEE 802.11 Networking Stack (mac80211)"
-       depends on EXPERIMENTAL
-       select CRYPTO
-       select CRYPTO_ECB
-       select CRYPTO_ARC4
-       select CRYPTO_AES
-       select CRC32
-       select WIRELESS_EXT
-       select CFG80211
-       select NET_SCH_FIFO
-       ---help---
-       This option enables the hardware independent IEEE 802.11
-       networking stack.
-
-config MAC80211_LEDS
-       bool "Enable LED triggers"
-       depends on MAC80211 && LEDS_TRIGGERS
-       ---help---
-       This option enables a few LED triggers for different
-       packet receive/transmit events.
-
-config MAC80211_DEBUGFS
-       bool "Export mac80211 internals in DebugFS"
-       depends on MAC80211 && DEBUG_FS
-       ---help---
-         Select this to see extensive information about
-         the internal state of mac80211 in debugfs.
-
-         Say N unless you know you need this.
-
-config MAC80211_DEBUG
-       bool "Enable debugging output"
-       depends on MAC80211
-       ---help---
-         This option will enable debug tracing output for the
-         ieee80211 network stack.
-
-         If you are not trying to debug or develop the ieee80211
-         subsystem, you most likely want to say N here.
-
-config MAC80211_VERBOSE_DEBUG
-       bool "Verbose debugging output"
-       depends on MAC80211_DEBUG
-
-config MAC80211_LOWTX_FRAME_DUMP
-       bool "Debug frame dumping"
-       depends on MAC80211_DEBUG
-       ---help---
-         Selecting this option will cause the stack to
-         print a message for each frame that is handed
-         to the lowlevel driver for transmission. This
-         message includes all MAC addresses and the
-         frame control field.
-
-         If unsure, say N and insert the debugging code
-         you require into the driver you are debugging.
-
-config TKIP_DEBUG
-       bool "TKIP debugging"
-       depends on MAC80211_DEBUG
-
-config MAC80211_DEBUG_COUNTERS
-       bool "Extra statistics for TX/RX debugging"
-       depends on MAC80211_DEBUG
-
-config MAC80211_IBSS_DEBUG
-       bool "Support for IBSS testing"
-       depends on MAC80211_DEBUG
-       ---help---
-         Say Y here if you intend to debug the IBSS code.
-
-config MAC80211_VERBOSE_PS_DEBUG
-       bool "Verbose powersave mode debugging"
-       depends on MAC80211_DEBUG
-       ---help---
-         Say Y here to print out verbose powersave
-         mode debug messages.
 
+++ /dev/null
-obj-$(CONFIG_MAC80211) += mac80211.o rc80211_simple.o
-
-mac80211-objs-$(CONFIG_MAC80211_LEDS) += ieee80211_led.o
-mac80211-objs-$(CONFIG_MAC80211_DEBUGFS) += debugfs.o debugfs_sta.o debugfs_netdev.o debugfs_key.o
-mac80211-objs-$(CONFIG_NET_SCHED) += wme.o
-
-mac80211-objs := \
-       ieee80211.o \
-       ieee80211_ioctl.o \
-       sta_info.o \
-       wep.o \
-       wpa.o \
-       ieee80211_sta.o \
-       ieee80211_iface.o \
-       ieee80211_rate.o \
-       michael.o \
-       regdomain.o \
-       tkip.o \
-       aes_ccm.o \
-       cfg.o \
-       rx.o \
-       tx.o \
-       key.o \
-       util.o \
-       event.o \
-       $(mac80211-objs-y)
 
+++ /dev/null
-/*
- * Copyright 2003-2004, Instant802 Networks, Inc.
- * Copyright 2005-2006, Devicescape Software, Inc.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-#include <linux/types.h>
-#include <linux/crypto.h>
-#include <linux/err.h>
-#include <asm/scatterlist.h>
-
-#include <net/mac80211.h>
-#include "ieee80211_key.h"
-#include "aes_ccm.h"
-
-
-static void ieee80211_aes_encrypt(struct crypto_cipher *tfm,
-                                 const u8 pt[16], u8 ct[16])
-{
-       crypto_cipher_encrypt_one(tfm, ct, pt);
-}
-
-
-static inline void aes_ccm_prepare(struct crypto_cipher *tfm, u8 *b_0, u8 *aad,
-                                  u8 *b, u8 *s_0, u8 *a)
-{
-       int i;
-
-       ieee80211_aes_encrypt(tfm, b_0, b);
-
-       /* Extra Authenticate-only data (always two AES blocks) */
-       for (i = 0; i < AES_BLOCK_LEN; i++)
-               aad[i] ^= b[i];
-       ieee80211_aes_encrypt(tfm, aad, b);
-
-       aad += AES_BLOCK_LEN;
-
-       for (i = 0; i < AES_BLOCK_LEN; i++)
-               aad[i] ^= b[i];
-       ieee80211_aes_encrypt(tfm, aad, a);
-
-       /* Mask out bits from auth-only-b_0 */
-       b_0[0] &= 0x07;
-
-       /* S_0 is used to encrypt T (= MIC) */
-       b_0[14] = 0;
-       b_0[15] = 0;
-       ieee80211_aes_encrypt(tfm, b_0, s_0);
-}
-
-
-void ieee80211_aes_ccm_encrypt(struct crypto_cipher *tfm, u8 *scratch,
-                              u8 *b_0, u8 *aad, u8 *data, size_t data_len,
-                              u8 *cdata, u8 *mic)
-{
-       int i, j, last_len, num_blocks;
-       u8 *pos, *cpos, *b, *s_0, *e;
-
-       b = scratch;
-       s_0 = scratch + AES_BLOCK_LEN;
-       e = scratch + 2 * AES_BLOCK_LEN;
-
-       num_blocks = (data_len + AES_BLOCK_LEN - 1) / AES_BLOCK_LEN;
-       last_len = data_len % AES_BLOCK_LEN;
-       aes_ccm_prepare(tfm, b_0, aad, b, s_0, b);
-
-       /* Process payload blocks */
-       pos = data;
-       cpos = cdata;
-       for (j = 1; j <= num_blocks; j++) {
-               int blen = (j == num_blocks && last_len) ?
-                       last_len : AES_BLOCK_LEN;
-
-               /* Authentication followed by encryption */
-               for (i = 0; i < blen; i++)
-                       b[i] ^= pos[i];
-               ieee80211_aes_encrypt(tfm, b, b);
-
-               b_0[14] = (j >> 8) & 0xff;
-               b_0[15] = j & 0xff;
-               ieee80211_aes_encrypt(tfm, b_0, e);
-               for (i = 0; i < blen; i++)
-                       *cpos++ = *pos++ ^ e[i];
-       }
-
-       for (i = 0; i < CCMP_MIC_LEN; i++)
-               mic[i] = b[i] ^ s_0[i];
-}
-
-
-int ieee80211_aes_ccm_decrypt(struct crypto_cipher *tfm, u8 *scratch,
-                             u8 *b_0, u8 *aad, u8 *cdata, size_t data_len,
-                             u8 *mic, u8 *data)
-{
-       int i, j, last_len, num_blocks;
-       u8 *pos, *cpos, *b, *s_0, *a;
-
-       b = scratch;
-       s_0 = scratch + AES_BLOCK_LEN;
-       a = scratch + 2 * AES_BLOCK_LEN;
-
-       num_blocks = (data_len + AES_BLOCK_LEN - 1) / AES_BLOCK_LEN;
-       last_len = data_len % AES_BLOCK_LEN;
-       aes_ccm_prepare(tfm, b_0, aad, b, s_0, a);
-
-       /* Process payload blocks */
-       cpos = cdata;
-       pos = data;
-       for (j = 1; j <= num_blocks; j++) {
-               int blen = (j == num_blocks && last_len) ?
-                       last_len : AES_BLOCK_LEN;
-
-               /* Decryption followed by authentication */
-               b_0[14] = (j >> 8) & 0xff;
-               b_0[15] = j & 0xff;
-               ieee80211_aes_encrypt(tfm, b_0, b);
-               for (i = 0; i < blen; i++) {
-                       *pos = *cpos++ ^ b[i];
-                       a[i] ^= *pos++;
-               }
-
-               ieee80211_aes_encrypt(tfm, a, a);
-       }
-
-       for (i = 0; i < CCMP_MIC_LEN; i++) {
-               if ((mic[i] ^ s_0[i]) != a[i])
-                       return -1;
-       }
-
-       return 0;
-}
-
-
-struct crypto_cipher * ieee80211_aes_key_setup_encrypt(const u8 key[])
-{
-       struct crypto_cipher *tfm;
-
-       tfm = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC);
-       if (IS_ERR(tfm))
-               return NULL;
-
-       crypto_cipher_setkey(tfm, key, ALG_CCMP_KEY_LEN);
-
-       return tfm;
-}
-
-
-void ieee80211_aes_key_free(struct crypto_cipher *tfm)
-{
-       if (tfm)
-               crypto_free_cipher(tfm);
-}
 
+++ /dev/null
-/*
- * Copyright 2003-2004, Instant802 Networks, Inc.
- * Copyright 2006, Devicescape Software, Inc.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-#ifndef AES_CCM_H
-#define AES_CCM_H
-
-#include <linux/crypto.h>
-
-#define AES_BLOCK_LEN 16
-
-struct crypto_cipher * ieee80211_aes_key_setup_encrypt(const u8 key[]);
-void ieee80211_aes_ccm_encrypt(struct crypto_cipher *tfm, u8 *scratch,
-                              u8 *b_0, u8 *aad, u8 *data, size_t data_len,
-                              u8 *cdata, u8 *mic);
-int ieee80211_aes_ccm_decrypt(struct crypto_cipher *tfm, u8 *scratch,
-                             u8 *b_0, u8 *aad, u8 *cdata, size_t data_len,
-                             u8 *mic, u8 *data);
-void ieee80211_aes_key_free(struct crypto_cipher *tfm);
-
-#endif /* AES_CCM_H */
 
+++ /dev/null
-/*
- * mac80211 configuration hooks for cfg80211
- *
- * Copyright 2006      Johannes Berg <johannes@sipsolutions.net>
- *
- * This file is GPLv2 as found in COPYING.
- */
-
-#include <linux/nl80211.h>
-#include <linux/rtnetlink.h>
-#include <net/cfg80211.h>
-#include "ieee80211_i.h"
-#include "cfg.h"
-
-static enum ieee80211_if_types
-nl80211_type_to_mac80211_type(enum nl80211_iftype type)
-{
-       switch (type) {
-       case NL80211_IFTYPE_UNSPECIFIED:
-               return IEEE80211_IF_TYPE_STA;
-       case NL80211_IFTYPE_ADHOC:
-               return IEEE80211_IF_TYPE_IBSS;
-       case NL80211_IFTYPE_STATION:
-               return IEEE80211_IF_TYPE_STA;
-       case NL80211_IFTYPE_MONITOR:
-               return IEEE80211_IF_TYPE_MNTR;
-       default:
-               return IEEE80211_IF_TYPE_INVALID;
-       }
-}
-
-static int ieee80211_add_iface(struct wiphy *wiphy, char *name,
-                              enum nl80211_iftype type)
-{
-       struct ieee80211_local *local = wiphy_priv(wiphy);
-       enum ieee80211_if_types itype;
-
-       if (unlikely(local->reg_state != IEEE80211_DEV_REGISTERED))
-               return -ENODEV;
-
-       itype = nl80211_type_to_mac80211_type(type);
-       if (itype == IEEE80211_IF_TYPE_INVALID)
-               return -EINVAL;
-
-       return ieee80211_if_add(local->mdev, name, NULL, itype);
-}
-
-static int ieee80211_del_iface(struct wiphy *wiphy, int ifindex)
-{
-       struct ieee80211_local *local = wiphy_priv(wiphy);
-       struct net_device *dev;
-       char *name;
-
-       if (unlikely(local->reg_state != IEEE80211_DEV_REGISTERED))
-               return -ENODEV;
-
-       /* we're under RTNL */
-       dev = __dev_get_by_index(ifindex);
-       if (!dev)
-               return 0;
-
-       name = dev->name;
-
-       return ieee80211_if_remove(local->mdev, name, -1);
-}
-
-static int ieee80211_change_iface(struct wiphy *wiphy, int ifindex,
-                                 enum nl80211_iftype type)
-{
-       struct ieee80211_local *local = wiphy_priv(wiphy);
-       struct net_device *dev;
-       enum ieee80211_if_types itype;
-       struct ieee80211_sub_if_data *sdata;
-
-       if (unlikely(local->reg_state != IEEE80211_DEV_REGISTERED))
-               return -ENODEV;
-
-       /* we're under RTNL */
-       dev = __dev_get_by_index(ifindex);
-       if (!dev)
-               return -ENODEV;
-
-       if (netif_running(dev))
-               return -EBUSY;
-
-       itype = nl80211_type_to_mac80211_type(type);
-       if (itype == IEEE80211_IF_TYPE_INVALID)
-               return -EINVAL;
-
-       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-
-        if (sdata->type == IEEE80211_IF_TYPE_VLAN)
-               return -EOPNOTSUPP;
-
-       ieee80211_if_reinit(dev);
-       ieee80211_if_set_type(dev, itype);
-
-       return 0;
-}
-
-struct cfg80211_ops mac80211_config_ops = {
-       .add_virtual_intf = ieee80211_add_iface,
-       .del_virtual_intf = ieee80211_del_iface,
-       .change_virtual_intf = ieee80211_change_iface,
-};
 
+++ /dev/null
-/*
- * mac80211 configuration hooks for cfg80211
- */
-#ifndef __CFG_H
-#define __CFG_H
-
-extern struct cfg80211_ops mac80211_config_ops;
-
-#endif /* __CFG_H */
 
+++ /dev/null
-/*
- * mac80211 debugfs for wireless PHYs
- *
- * Copyright 2007      Johannes Berg <johannes@sipsolutions.net>
- *
- * GPLv2
- *
- */
-
-#include <linux/debugfs.h>
-#include <linux/rtnetlink.h>
-#include "ieee80211_i.h"
-#include "ieee80211_rate.h"
-#include "debugfs.h"
-
-int mac80211_open_file_generic(struct inode *inode, struct file *file)
-{
-       file->private_data = inode->i_private;
-       return 0;
-}
-
-static const char *ieee80211_mode_str(int mode)
-{
-       switch (mode) {
-       case MODE_IEEE80211A:
-               return "IEEE 802.11a";
-       case MODE_IEEE80211B:
-               return "IEEE 802.11b";
-       case MODE_IEEE80211G:
-               return "IEEE 802.11g";
-       default:
-               return "UNKNOWN";
-       }
-}
-
-static ssize_t modes_read(struct file *file, char __user *userbuf,
-                         size_t count, loff_t *ppos)
-{
-       struct ieee80211_local *local = file->private_data;
-       struct ieee80211_hw_mode *mode;
-       char buf[150], *p = buf;
-
-       /* FIXME: locking! */
-       list_for_each_entry(mode, &local->modes_list, list) {
-               p += scnprintf(p, sizeof(buf)+buf-p,
-                              "%s\n", ieee80211_mode_str(mode->mode));
-       }
-
-       return simple_read_from_buffer(userbuf, count, ppos, buf, p-buf);
-}
-
-static const struct file_operations modes_ops = {
-       .read = modes_read,
-       .open = mac80211_open_file_generic,
-};
-
-#define DEBUGFS_READONLY_FILE(name, buflen, fmt, value...)             \
-static ssize_t name## _read(struct file *file, char __user *userbuf,   \
-                           size_t count, loff_t *ppos)                 \
-{                                                                      \
-       struct ieee80211_local *local = file->private_data;             \
-       char buf[buflen];                                               \
-       int res;                                                        \
-                                                                       \
-       res = scnprintf(buf, buflen, fmt "\n", ##value);                \
-       return simple_read_from_buffer(userbuf, count, ppos, buf, res); \
-}                                                                      \
-                                                                       \
-static const struct file_operations name## _ops = {                    \
-       .read = name## _read,                                           \
-       .open = mac80211_open_file_generic,                             \
-};
-
-#define DEBUGFS_ADD(name)                                              \
-       local->debugfs.name = debugfs_create_file(#name, 0444, phyd,    \
-                                                 local, &name## _ops);
-
-#define DEBUGFS_DEL(name)                                              \
-       debugfs_remove(local->debugfs.name);                            \
-       local->debugfs.name = NULL;
-
-
-DEBUGFS_READONLY_FILE(channel, 20, "%d",
-                     local->hw.conf.channel);
-DEBUGFS_READONLY_FILE(frequency, 20, "%d",
-                     local->hw.conf.freq);
-DEBUGFS_READONLY_FILE(antenna_sel_tx, 20, "%d",
-                     local->hw.conf.antenna_sel_tx);
-DEBUGFS_READONLY_FILE(antenna_sel_rx, 20, "%d",
-                     local->hw.conf.antenna_sel_rx);
-DEBUGFS_READONLY_FILE(bridge_packets, 20, "%d",
-                     local->bridge_packets);
-DEBUGFS_READONLY_FILE(rts_threshold, 20, "%d",
-                     local->rts_threshold);
-DEBUGFS_READONLY_FILE(fragmentation_threshold, 20, "%d",
-                     local->fragmentation_threshold);
-DEBUGFS_READONLY_FILE(short_retry_limit, 20, "%d",
-                     local->short_retry_limit);
-DEBUGFS_READONLY_FILE(long_retry_limit, 20, "%d",
-                     local->long_retry_limit);
-DEBUGFS_READONLY_FILE(total_ps_buffered, 20, "%d",
-                     local->total_ps_buffered);
-DEBUGFS_READONLY_FILE(mode, 20, "%s",
-                     ieee80211_mode_str(local->hw.conf.phymode));
-DEBUGFS_READONLY_FILE(wep_iv, 20, "%#06x",
-                     local->wep_iv & 0xffffff);
-DEBUGFS_READONLY_FILE(rate_ctrl_alg, 100, "%s",
-                     local->rate_ctrl ? local->rate_ctrl->ops->name : "<unset>");
-
-/* statistics stuff */
-
-static inline int rtnl_lock_local(struct ieee80211_local *local)
-{
-       rtnl_lock();
-       if (unlikely(local->reg_state != IEEE80211_DEV_REGISTERED)) {
-               rtnl_unlock();
-               return -ENODEV;
-       }
-       return 0;
-}
-
-#define DEBUGFS_STATS_FILE(name, buflen, fmt, value...)                        \
-       DEBUGFS_READONLY_FILE(stats_ ##name, buflen, fmt, ##value)
-
-static ssize_t format_devstat_counter(struct ieee80211_local *local,
-       char __user *userbuf,
-       size_t count, loff_t *ppos,
-       int (*printvalue)(struct ieee80211_low_level_stats *stats, char *buf,
-                         int buflen))
-{
-       struct ieee80211_low_level_stats stats;
-       char buf[20];
-       int res;
-
-       if (!local->ops->get_stats)
-               return -EOPNOTSUPP;
-
-       res = rtnl_lock_local(local);
-       if (res)
-               return res;
-
-       res = local->ops->get_stats(local_to_hw(local), &stats);
-       rtnl_unlock();
-       if (!res)
-               res = printvalue(&stats, buf, sizeof(buf));
-       return simple_read_from_buffer(userbuf, count, ppos, buf, res);
-}
-
-#define DEBUGFS_DEVSTATS_FILE(name)                                    \
-static int print_devstats_##name(struct ieee80211_low_level_stats *stats,\
-                                char *buf, int buflen)                 \
-{                                                                      \
-       return scnprintf(buf, buflen, "%u\n", stats->name);             \
-}                                                                      \
-static ssize_t stats_ ##name## _read(struct file *file,                        \
-                                    char __user *userbuf,              \
-                                    size_t count, loff_t *ppos)        \
-{                                                                      \
-       return format_devstat_counter(file->private_data,               \
-                                     userbuf,                          \
-                                     count,                            \
-                                     ppos,                             \
-                                     print_devstats_##name);           \
-}                                                                      \
-                                                                       \
-static const struct file_operations stats_ ##name## _ops = {           \
-       .read = stats_ ##name## _read,                                  \
-       .open = mac80211_open_file_generic,                             \
-};
-
-#define DEBUGFS_STATS_ADD(name)                                                \
-       local->debugfs.stats.name = debugfs_create_file(#name, 0444, statsd,\
-               local, &stats_ ##name## _ops);
-
-#define DEBUGFS_STATS_DEL(name)                                                \
-       debugfs_remove(local->debugfs.stats.name);                      \
-       local->debugfs.stats.name = NULL;
-
-DEBUGFS_STATS_FILE(transmitted_fragment_count, 20, "%u",
-                  local->dot11TransmittedFragmentCount);
-DEBUGFS_STATS_FILE(multicast_transmitted_frame_count, 20, "%u",
-                  local->dot11MulticastTransmittedFrameCount);
-DEBUGFS_STATS_FILE(failed_count, 20, "%u",
-                  local->dot11FailedCount);
-DEBUGFS_STATS_FILE(retry_count, 20, "%u",
-                  local->dot11RetryCount);
-DEBUGFS_STATS_FILE(multiple_retry_count, 20, "%u",
-                  local->dot11MultipleRetryCount);
-DEBUGFS_STATS_FILE(frame_duplicate_count, 20, "%u",
-                  local->dot11FrameDuplicateCount);
-DEBUGFS_STATS_FILE(received_fragment_count, 20, "%u",
-                  local->dot11ReceivedFragmentCount);
-DEBUGFS_STATS_FILE(multicast_received_frame_count, 20, "%u",
-                  local->dot11MulticastReceivedFrameCount);
-DEBUGFS_STATS_FILE(transmitted_frame_count, 20, "%u",
-                  local->dot11TransmittedFrameCount);
-DEBUGFS_STATS_FILE(wep_undecryptable_count, 20, "%u",
-                  local->dot11WEPUndecryptableCount);
-#ifdef CONFIG_MAC80211_DEBUG_COUNTERS
-DEBUGFS_STATS_FILE(tx_handlers_drop, 20, "%u",
-                  local->tx_handlers_drop);
-DEBUGFS_STATS_FILE(tx_handlers_queued, 20, "%u",
-                  local->tx_handlers_queued);
-DEBUGFS_STATS_FILE(tx_handlers_drop_unencrypted, 20, "%u",
-                  local->tx_handlers_drop_unencrypted);
-DEBUGFS_STATS_FILE(tx_handlers_drop_fragment, 20, "%u",
-                  local->tx_handlers_drop_fragment);
-DEBUGFS_STATS_FILE(tx_handlers_drop_wep, 20, "%u",
-                  local->tx_handlers_drop_wep);
-DEBUGFS_STATS_FILE(tx_handlers_drop_not_assoc, 20, "%u",
-                  local->tx_handlers_drop_not_assoc);
-DEBUGFS_STATS_FILE(tx_handlers_drop_unauth_port, 20, "%u",
-                  local->tx_handlers_drop_unauth_port);
-DEBUGFS_STATS_FILE(rx_handlers_drop, 20, "%u",
-                  local->rx_handlers_drop);
-DEBUGFS_STATS_FILE(rx_handlers_queued, 20, "%u",
-                  local->rx_handlers_queued);
-DEBUGFS_STATS_FILE(rx_handlers_drop_nullfunc, 20, "%u",
-                  local->rx_handlers_drop_nullfunc);
-DEBUGFS_STATS_FILE(rx_handlers_drop_defrag, 20, "%u",
-                  local->rx_handlers_drop_defrag);
-DEBUGFS_STATS_FILE(rx_handlers_drop_short, 20, "%u",
-                  local->rx_handlers_drop_short);
-DEBUGFS_STATS_FILE(rx_handlers_drop_passive_scan, 20, "%u",
-                  local->rx_handlers_drop_passive_scan);
-DEBUGFS_STATS_FILE(tx_expand_skb_head, 20, "%u",
-                  local->tx_expand_skb_head);
-DEBUGFS_STATS_FILE(tx_expand_skb_head_cloned, 20, "%u",
-                  local->tx_expand_skb_head_cloned);
-DEBUGFS_STATS_FILE(rx_expand_skb_head, 20, "%u",
-                  local->rx_expand_skb_head);
-DEBUGFS_STATS_FILE(rx_expand_skb_head2, 20, "%u",
-                  local->rx_expand_skb_head2);
-DEBUGFS_STATS_FILE(rx_handlers_fragments, 20, "%u",
-                  local->rx_handlers_fragments);
-DEBUGFS_STATS_FILE(tx_status_drop, 20, "%u",
-                  local->tx_status_drop);
-
-static ssize_t stats_wme_rx_queue_read(struct file *file,
-                                      char __user *userbuf,
-                                      size_t count, loff_t *ppos)
-{
-       struct ieee80211_local *local = file->private_data;
-       char buf[NUM_RX_DATA_QUEUES*15], *p = buf;
-       int i;
-
-       for (i = 0; i < NUM_RX_DATA_QUEUES; i++)
-               p += scnprintf(p, sizeof(buf)+buf-p,
-                              "%u\n", local->wme_rx_queue[i]);
-
-       return simple_read_from_buffer(userbuf, count, ppos, buf, p-buf);
-}
-
-static const struct file_operations stats_wme_rx_queue_ops = {
-       .read = stats_wme_rx_queue_read,
-       .open = mac80211_open_file_generic,
-};
-
-static ssize_t stats_wme_tx_queue_read(struct file *file,
-                                      char __user *userbuf,
-                                      size_t count, loff_t *ppos)
-{
-       struct ieee80211_local *local = file->private_data;
-       char buf[NUM_TX_DATA_QUEUES*15], *p = buf;
-       int i;
-
-       for (i = 0; i < NUM_TX_DATA_QUEUES; i++)
-               p += scnprintf(p, sizeof(buf)+buf-p,
-                              "%u\n", local->wme_tx_queue[i]);
-
-       return simple_read_from_buffer(userbuf, count, ppos, buf, p-buf);
-}
-
-static const struct file_operations stats_wme_tx_queue_ops = {
-       .read = stats_wme_tx_queue_read,
-       .open = mac80211_open_file_generic,
-};
-#endif
-
-DEBUGFS_DEVSTATS_FILE(dot11ACKFailureCount);
-DEBUGFS_DEVSTATS_FILE(dot11RTSFailureCount);
-DEBUGFS_DEVSTATS_FILE(dot11FCSErrorCount);
-DEBUGFS_DEVSTATS_FILE(dot11RTSSuccessCount);
-
-
-void debugfs_hw_add(struct ieee80211_local *local)
-{
-       struct dentry *phyd = local->hw.wiphy->debugfsdir;
-       struct dentry *statsd;
-
-       if (!phyd)
-               return;
-
-       local->debugfs.stations = debugfs_create_dir("stations", phyd);
-       local->debugfs.keys = debugfs_create_dir("keys", phyd);
-
-       DEBUGFS_ADD(channel);
-       DEBUGFS_ADD(frequency);
-       DEBUGFS_ADD(antenna_sel_tx);
-       DEBUGFS_ADD(antenna_sel_rx);
-       DEBUGFS_ADD(bridge_packets);
-       DEBUGFS_ADD(rts_threshold);
-       DEBUGFS_ADD(fragmentation_threshold);
-       DEBUGFS_ADD(short_retry_limit);
-       DEBUGFS_ADD(long_retry_limit);
-       DEBUGFS_ADD(total_ps_buffered);
-       DEBUGFS_ADD(mode);
-       DEBUGFS_ADD(wep_iv);
-       DEBUGFS_ADD(modes);
-
-       statsd = debugfs_create_dir("statistics", phyd);
-       local->debugfs.statistics = statsd;
-
-       /* if the dir failed, don't put all the other things into the root! */
-       if (!statsd)
-               return;
-
-       DEBUGFS_STATS_ADD(transmitted_fragment_count);
-       DEBUGFS_STATS_ADD(multicast_transmitted_frame_count);
-       DEBUGFS_STATS_ADD(failed_count);
-       DEBUGFS_STATS_ADD(retry_count);
-       DEBUGFS_STATS_ADD(multiple_retry_count);
-       DEBUGFS_STATS_ADD(frame_duplicate_count);
-       DEBUGFS_STATS_ADD(received_fragment_count);
-       DEBUGFS_STATS_ADD(multicast_received_frame_count);
-       DEBUGFS_STATS_ADD(transmitted_frame_count);
-       DEBUGFS_STATS_ADD(wep_undecryptable_count);
-#ifdef CONFIG_MAC80211_DEBUG_COUNTERS
-       DEBUGFS_STATS_ADD(tx_handlers_drop);
-       DEBUGFS_STATS_ADD(tx_handlers_queued);
-       DEBUGFS_STATS_ADD(tx_handlers_drop_unencrypted);
-       DEBUGFS_STATS_ADD(tx_handlers_drop_fragment);
-       DEBUGFS_STATS_ADD(tx_handlers_drop_wep);
-       DEBUGFS_STATS_ADD(tx_handlers_drop_not_assoc);
-       DEBUGFS_STATS_ADD(tx_handlers_drop_unauth_port);
-       DEBUGFS_STATS_ADD(rx_handlers_drop);
-       DEBUGFS_STATS_ADD(rx_handlers_queued);
-       DEBUGFS_STATS_ADD(rx_handlers_drop_nullfunc);
-       DEBUGFS_STATS_ADD(rx_handlers_drop_defrag);
-       DEBUGFS_STATS_ADD(rx_handlers_drop_short);
-       DEBUGFS_STATS_ADD(rx_handlers_drop_passive_scan);
-       DEBUGFS_STATS_ADD(tx_expand_skb_head);
-       DEBUGFS_STATS_ADD(tx_expand_skb_head_cloned);
-       DEBUGFS_STATS_ADD(rx_expand_skb_head);
-       DEBUGFS_STATS_ADD(rx_expand_skb_head2);
-       DEBUGFS_STATS_ADD(rx_handlers_fragments);
-       DEBUGFS_STATS_ADD(tx_status_drop);
-       DEBUGFS_STATS_ADD(wme_tx_queue);
-       DEBUGFS_STATS_ADD(wme_rx_queue);
-#endif
-       DEBUGFS_STATS_ADD(dot11ACKFailureCount);
-       DEBUGFS_STATS_ADD(dot11RTSFailureCount);
-       DEBUGFS_STATS_ADD(dot11FCSErrorCount);
-       DEBUGFS_STATS_ADD(dot11RTSSuccessCount);
-}
-
-void debugfs_hw_del(struct ieee80211_local *local)
-{
-       DEBUGFS_DEL(channel);
-       DEBUGFS_DEL(frequency);
-       DEBUGFS_DEL(antenna_sel_tx);
-       DEBUGFS_DEL(antenna_sel_rx);
-       DEBUGFS_DEL(bridge_packets);
-       DEBUGFS_DEL(rts_threshold);
-       DEBUGFS_DEL(fragmentation_threshold);
-       DEBUGFS_DEL(short_retry_limit);
-       DEBUGFS_DEL(long_retry_limit);
-       DEBUGFS_DEL(total_ps_buffered);
-       DEBUGFS_DEL(mode);
-       DEBUGFS_DEL(wep_iv);
-       DEBUGFS_DEL(modes);
-
-       DEBUGFS_STATS_DEL(transmitted_fragment_count);
-       DEBUGFS_STATS_DEL(multicast_transmitted_frame_count);
-       DEBUGFS_STATS_DEL(failed_count);
-       DEBUGFS_STATS_DEL(retry_count);
-       DEBUGFS_STATS_DEL(multiple_retry_count);
-       DEBUGFS_STATS_DEL(frame_duplicate_count);
-       DEBUGFS_STATS_DEL(received_fragment_count);
-       DEBUGFS_STATS_DEL(multicast_received_frame_count);
-       DEBUGFS_STATS_DEL(transmitted_frame_count);
-       DEBUGFS_STATS_DEL(wep_undecryptable_count);
-       DEBUGFS_STATS_DEL(num_scans);
-#ifdef CONFIG_MAC80211_DEBUG_COUNTERS
-       DEBUGFS_STATS_DEL(tx_handlers_drop);
-       DEBUGFS_STATS_DEL(tx_handlers_queued);
-       DEBUGFS_STATS_DEL(tx_handlers_drop_unencrypted);
-       DEBUGFS_STATS_DEL(tx_handlers_drop_fragment);
-       DEBUGFS_STATS_DEL(tx_handlers_drop_wep);
-       DEBUGFS_STATS_DEL(tx_handlers_drop_not_assoc);
-       DEBUGFS_STATS_DEL(tx_handlers_drop_unauth_port);
-       DEBUGFS_STATS_DEL(rx_handlers_drop);
-       DEBUGFS_STATS_DEL(rx_handlers_queued);
-       DEBUGFS_STATS_DEL(rx_handlers_drop_nullfunc);
-       DEBUGFS_STATS_DEL(rx_handlers_drop_defrag);
-       DEBUGFS_STATS_DEL(rx_handlers_drop_short);
-       DEBUGFS_STATS_DEL(rx_handlers_drop_passive_scan);
-       DEBUGFS_STATS_DEL(tx_expand_skb_head);
-       DEBUGFS_STATS_DEL(tx_expand_skb_head_cloned);
-       DEBUGFS_STATS_DEL(rx_expand_skb_head);
-       DEBUGFS_STATS_DEL(rx_expand_skb_head2);
-       DEBUGFS_STATS_DEL(rx_handlers_fragments);
-       DEBUGFS_STATS_DEL(tx_status_drop);
-       DEBUGFS_STATS_DEL(wme_tx_queue);
-       DEBUGFS_STATS_DEL(wme_rx_queue);
-#endif
-       DEBUGFS_STATS_DEL(dot11ACKFailureCount);
-       DEBUGFS_STATS_DEL(dot11RTSFailureCount);
-       DEBUGFS_STATS_DEL(dot11FCSErrorCount);
-       DEBUGFS_STATS_DEL(dot11RTSSuccessCount);
-
-       debugfs_remove(local->debugfs.statistics);
-       local->debugfs.statistics = NULL;
-       debugfs_remove(local->debugfs.stations);
-       local->debugfs.stations = NULL;
-       debugfs_remove(local->debugfs.keys);
-       local->debugfs.keys = NULL;
-}
 
+++ /dev/null
-#ifndef __MAC80211_DEBUGFS_H
-#define __MAC80211_DEBUGFS_H
-
-#ifdef CONFIG_MAC80211_DEBUGFS
-extern void debugfs_hw_add(struct ieee80211_local *local);
-extern void debugfs_hw_del(struct ieee80211_local *local);
-extern int mac80211_open_file_generic(struct inode *inode, struct file *file);
-#else
-static inline void debugfs_hw_add(struct ieee80211_local *local)
-{
-       return;
-}
-static inline void debugfs_hw_del(struct ieee80211_local *local) {}
-#endif
-
-#endif /* __MAC80211_DEBUGFS_H */
 
+++ /dev/null
-/*
- * Copyright 2003-2005 Devicescape Software, Inc.
- * Copyright (c) 2006  Jiri Benc <jbenc@suse.cz>
- * Copyright 2007      Johannes Berg <johannes@sipsolutions.net>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-#include <linux/kobject.h>
-#include "ieee80211_i.h"
-#include "ieee80211_key.h"
-#include "debugfs.h"
-#include "debugfs_key.h"
-
-#define KEY_READ(name, prop, buflen, format_string)                    \
-static ssize_t key_##name##_read(struct file *file,                    \
-                                char __user *userbuf,                  \
-                                size_t count, loff_t *ppos)            \
-{                                                                      \
-       char buf[buflen];                                               \
-       struct ieee80211_key *key = file->private_data;                 \
-       int res = scnprintf(buf, buflen, format_string, key->prop);     \
-       return simple_read_from_buffer(userbuf, count, ppos, buf, res); \
-}
-#define KEY_READ_D(name) KEY_READ(name, name, 20, "%d\n")
-#define KEY_READ_X(name) KEY_READ(name, name, 20, "0x%x\n")
-
-#define KEY_OPS(name)                                                  \
-static const struct file_operations key_ ##name## _ops = {             \
-       .read = key_##name##_read,                                      \
-       .open = mac80211_open_file_generic,                             \
-}
-
-#define KEY_FILE(name, format)                                         \
-                KEY_READ_##format(name)                                \
-                KEY_OPS(name)
-
-#define KEY_CONF_READ(name, buflen, format_string)                     \
-       KEY_READ(conf_##name, conf.name, buflen, format_string)
-#define KEY_CONF_READ_D(name) KEY_CONF_READ(name, 20, "%d\n")
-
-#define KEY_CONF_OPS(name)                                             \
-static const struct file_operations key_ ##name## _ops = {             \
-       .read = key_conf_##name##_read,                                 \
-       .open = mac80211_open_file_generic,                             \
-}
-
-#define KEY_CONF_FILE(name, format)                                    \
-                KEY_CONF_READ_##format(name)                           \
-                KEY_CONF_OPS(name)
-
-KEY_CONF_FILE(keylen, D);
-KEY_CONF_FILE(keyidx, D);
-KEY_CONF_FILE(hw_key_idx, D);
-KEY_FILE(flags, X);
-KEY_FILE(tx_rx_count, D);
-KEY_READ(ifindex, sdata->dev->ifindex, 20, "%d\n");
-KEY_OPS(ifindex);
-
-static ssize_t key_algorithm_read(struct file *file,
-                                 char __user *userbuf,
-                                 size_t count, loff_t *ppos)
-{
-       char *alg;
-       struct ieee80211_key *key = file->private_data;
-
-       switch (key->conf.alg) {
-       case ALG_WEP:
-               alg = "WEP\n";
-               break;
-       case ALG_TKIP:
-               alg = "TKIP\n";
-               break;
-       case ALG_CCMP:
-               alg = "CCMP\n";
-               break;
-       default:
-               return 0;
-       }
-       return simple_read_from_buffer(userbuf, count, ppos, alg, strlen(alg));
-}
-KEY_OPS(algorithm);
-
-static ssize_t key_tx_spec_read(struct file *file, char __user *userbuf,
-                               size_t count, loff_t *ppos)
-{
-       const u8 *tpn;
-       char buf[20];
-       int len;
-       struct ieee80211_key *key = file->private_data;
-
-       switch (key->conf.alg) {
-       case ALG_WEP:
-               len = scnprintf(buf, sizeof(buf), "\n");
-               break;
-       case ALG_TKIP:
-               len = scnprintf(buf, sizeof(buf), "%08x %04x\n",
-                               key->u.tkip.iv32,
-                               key->u.tkip.iv16);
-               break;
-       case ALG_CCMP:
-               tpn = key->u.ccmp.tx_pn;
-               len = scnprintf(buf, sizeof(buf), "%02x%02x%02x%02x%02x%02x\n",
-                               tpn[0], tpn[1], tpn[2], tpn[3], tpn[4], tpn[5]);
-               break;
-       default:
-               return 0;
-       }
-       return simple_read_from_buffer(userbuf, count, ppos, buf, len);
-}
-KEY_OPS(tx_spec);
-
-static ssize_t key_rx_spec_read(struct file *file, char __user *userbuf,
-                               size_t count, loff_t *ppos)
-{
-       struct ieee80211_key *key = file->private_data;
-       char buf[14*NUM_RX_DATA_QUEUES+1], *p = buf;
-       int i, len;
-       const u8 *rpn;
-
-       switch (key->conf.alg) {
-       case ALG_WEP:
-               len = scnprintf(buf, sizeof(buf), "\n");
-               break;
-       case ALG_TKIP:
-               for (i = 0; i < NUM_RX_DATA_QUEUES; i++)
-                       p += scnprintf(p, sizeof(buf)+buf-p,
-                                      "%08x %04x\n",
-                                      key->u.tkip.iv32_rx[i],
-                                      key->u.tkip.iv16_rx[i]);
-               len = p - buf;
-               break;
-       case ALG_CCMP:
-               for (i = 0; i < NUM_RX_DATA_QUEUES; i++) {
-                       rpn = key->u.ccmp.rx_pn[i];
-                       p += scnprintf(p, sizeof(buf)+buf-p,
-                                      "%02x%02x%02x%02x%02x%02x\n",
-                                      rpn[0], rpn[1], rpn[2],
-                                      rpn[3], rpn[4], rpn[5]);
-               }
-               len = p - buf;
-               break;
-       default:
-               return 0;
-       }
-       return simple_read_from_buffer(userbuf, count, ppos, buf, len);
-}
-KEY_OPS(rx_spec);
-
-static ssize_t key_replays_read(struct file *file, char __user *userbuf,
-                               size_t count, loff_t *ppos)
-{
-       struct ieee80211_key *key = file->private_data;
-       char buf[20];
-       int len;
-
-       if (key->conf.alg != ALG_CCMP)
-               return 0;
-       len = scnprintf(buf, sizeof(buf), "%u\n", key->u.ccmp.replays);
-       return simple_read_from_buffer(userbuf, count, ppos, buf, len);
-}
-KEY_OPS(replays);
-
-static ssize_t key_key_read(struct file *file, char __user *userbuf,
-                           size_t count, loff_t *ppos)
-{
-       struct ieee80211_key *key = file->private_data;
-       int i, res, bufsize = 2 * key->conf.keylen + 2;
-       char *buf = kmalloc(bufsize, GFP_KERNEL);
-       char *p = buf;
-
-       for (i = 0; i < key->conf.keylen; i++)
-               p += scnprintf(p, bufsize + buf - p, "%02x", key->conf.key[i]);
-       p += scnprintf(p, bufsize+buf-p, "\n");
-       res = simple_read_from_buffer(userbuf, count, ppos, buf, p - buf);
-       kfree(buf);
-       return res;
-}
-KEY_OPS(key);
-
-#define DEBUGFS_ADD(name) \
-       key->debugfs.name = debugfs_create_file(#name, 0400,\
-                               key->debugfs.dir, key, &key_##name##_ops);
-
-void ieee80211_debugfs_key_add(struct ieee80211_local *local,
-                              struct ieee80211_key *key)
-{
-       static int keycount;
-       char buf[20];
-
-       if (!local->debugfs.keys)
-               return;
-
-       sprintf(buf, "%d", keycount);
-       keycount++;
-       key->debugfs.dir = debugfs_create_dir(buf,
-                                       local->debugfs.keys);
-
-       if (!key->debugfs.dir)
-               return;
-
-       DEBUGFS_ADD(keylen);
-       DEBUGFS_ADD(flags);
-       DEBUGFS_ADD(keyidx);
-       DEBUGFS_ADD(hw_key_idx);
-       DEBUGFS_ADD(tx_rx_count);
-       DEBUGFS_ADD(algorithm);
-       DEBUGFS_ADD(tx_spec);
-       DEBUGFS_ADD(rx_spec);
-       DEBUGFS_ADD(replays);
-       DEBUGFS_ADD(key);
-       DEBUGFS_ADD(ifindex);
-};
-
-#define DEBUGFS_DEL(name) \
-       debugfs_remove(key->debugfs.name); key->debugfs.name = NULL;
-
-void ieee80211_debugfs_key_remove(struct ieee80211_key *key)
-{
-       if (!key)
-               return;
-
-       DEBUGFS_DEL(keylen);
-       DEBUGFS_DEL(flags);
-       DEBUGFS_DEL(keyidx);
-       DEBUGFS_DEL(hw_key_idx);
-       DEBUGFS_DEL(tx_rx_count);
-       DEBUGFS_DEL(algorithm);
-       DEBUGFS_DEL(tx_spec);
-       DEBUGFS_DEL(rx_spec);
-       DEBUGFS_DEL(replays);
-       DEBUGFS_DEL(key);
-       DEBUGFS_DEL(ifindex);
-
-       debugfs_remove(key->debugfs.stalink);
-       key->debugfs.stalink = NULL;
-       debugfs_remove(key->debugfs.dir);
-       key->debugfs.dir = NULL;
-}
-void ieee80211_debugfs_key_add_default(struct ieee80211_sub_if_data *sdata)
-{
-       char buf[50];
-
-       if (!sdata->debugfsdir)
-               return;
-
-       sprintf(buf, "../keys/%d", sdata->default_key->conf.keyidx);
-       sdata->debugfs.default_key =
-               debugfs_create_symlink("default_key", sdata->debugfsdir, buf);
-}
-void ieee80211_debugfs_key_remove_default(struct ieee80211_sub_if_data *sdata)
-{
-       if (!sdata)
-               return;
-
-       debugfs_remove(sdata->debugfs.default_key);
-       sdata->debugfs.default_key = NULL;
-}
-void ieee80211_debugfs_key_sta_link(struct ieee80211_key *key,
-                                   struct sta_info *sta)
-{
-       char buf[50];
-
-       if (!key->debugfs.dir)
-               return;
-
-       sprintf(buf, "../../stations/" MAC_FMT, MAC_ARG(sta->addr));
-       key->debugfs.stalink =
-               debugfs_create_symlink("station", key->debugfs.dir, buf);
-}
-
-void ieee80211_debugfs_key_sta_del(struct ieee80211_key *key,
-                                  struct sta_info *sta)
-{
-       debugfs_remove(key->debugfs.stalink);
-       key->debugfs.stalink = NULL;
-}
 
+++ /dev/null
-#ifndef __MAC80211_DEBUGFS_KEY_H
-#define __MAC80211_DEBUGFS_KEY_H
-
-#ifdef CONFIG_MAC80211_DEBUGFS
-void ieee80211_debugfs_key_add(struct ieee80211_local *local,
-                              struct ieee80211_key *key);
-void ieee80211_debugfs_key_remove(struct ieee80211_key *key);
-void ieee80211_debugfs_key_add_default(struct ieee80211_sub_if_data *sdata);
-void ieee80211_debugfs_key_remove_default(struct ieee80211_sub_if_data *sdata);
-void ieee80211_debugfs_key_sta_link(struct ieee80211_key *key,
-                                   struct sta_info *sta);
-void ieee80211_debugfs_key_sta_del(struct ieee80211_key *key,
-                                  struct sta_info *sta);
-#else
-static inline void ieee80211_debugfs_key_add(struct ieee80211_local *local,
-                                            struct ieee80211_key *key)
-{}
-static inline void ieee80211_debugfs_key_remove(struct ieee80211_key *key)
-{}
-static inline void ieee80211_debugfs_key_add_default(
-       struct ieee80211_sub_if_data *sdata)
-{}
-static inline void ieee80211_debugfs_key_remove_default(
-       struct ieee80211_sub_if_data *sdata)
-{}
-static inline void ieee80211_debugfs_key_sta_link(
-       struct ieee80211_key *key, struct sta_info *sta)
-{}
-static inline void ieee80211_debugfs_key_sta_del(struct ieee80211_key *key,
-                                                struct sta_info *sta)
-{}
-#endif
-
-#endif /* __MAC80211_DEBUGFS_KEY_H */
 
+++ /dev/null
-/*
- * Copyright (c) 2006  Jiri Benc <jbenc@suse.cz>
- * Copyright 2007      Johannes Berg <johannes@sipsolutions.net>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-#include <linux/kernel.h>
-#include <linux/device.h>
-#include <linux/if.h>
-#include <linux/interrupt.h>
-#include <linux/netdevice.h>
-#include <linux/rtnetlink.h>
-#include <linux/notifier.h>
-#include <net/mac80211.h>
-#include <net/cfg80211.h>
-#include "ieee80211_i.h"
-#include "ieee80211_rate.h"
-#include "debugfs.h"
-#include "debugfs_netdev.h"
-
-static ssize_t ieee80211_if_read(
-       struct ieee80211_sub_if_data *sdata,
-       char __user *userbuf,
-       size_t count, loff_t *ppos,
-       ssize_t (*format)(const struct ieee80211_sub_if_data *, char *, int))
-{
-       char buf[70];
-       ssize_t ret = -EINVAL;
-
-       read_lock(&dev_base_lock);
-       if (sdata->dev->reg_state == NETREG_REGISTERED) {
-               ret = (*format)(sdata, buf, sizeof(buf));
-               ret = simple_read_from_buffer(userbuf, count, ppos, buf, ret);
-       }
-       read_unlock(&dev_base_lock);
-       return ret;
-}
-
-#define IEEE80211_IF_FMT(name, field, format_string)                   \
-static ssize_t ieee80211_if_fmt_##name(                                        \
-       const struct ieee80211_sub_if_data *sdata, char *buf,           \
-       int buflen)                                                     \
-{                                                                      \
-       return scnprintf(buf, buflen, format_string, sdata->field);     \
-}
-#define IEEE80211_IF_FMT_DEC(name, field)                              \
-               IEEE80211_IF_FMT(name, field, "%d\n")
-#define IEEE80211_IF_FMT_HEX(name, field)                              \
-               IEEE80211_IF_FMT(name, field, "%#x\n")
-#define IEEE80211_IF_FMT_SIZE(name, field)                             \
-               IEEE80211_IF_FMT(name, field, "%zd\n")
-
-#define IEEE80211_IF_FMT_ATOMIC(name, field)                           \
-static ssize_t ieee80211_if_fmt_##name(                                        \
-       const struct ieee80211_sub_if_data *sdata,                      \
-       char *buf, int buflen)                                          \
-{                                                                      \
-       return scnprintf(buf, buflen, "%d\n", atomic_read(&sdata->field));\
-}
-
-#define IEEE80211_IF_FMT_MAC(name, field)                              \
-static ssize_t ieee80211_if_fmt_##name(                                        \
-       const struct ieee80211_sub_if_data *sdata, char *buf,           \
-       int buflen)                                                     \
-{                                                                      \
-       return scnprintf(buf, buflen, MAC_FMT "\n", MAC_ARG(sdata->field));\
-}
-
-#define __IEEE80211_IF_FILE(name)                                      \
-static ssize_t ieee80211_if_read_##name(struct file *file,             \
-                                       char __user *userbuf,           \
-                                       size_t count, loff_t *ppos)     \
-{                                                                      \
-       return ieee80211_if_read(file->private_data,                    \
-                                userbuf, count, ppos,                  \
-                                ieee80211_if_fmt_##name);              \
-}                                                                      \
-static const struct file_operations name##_ops = {                     \
-       .read = ieee80211_if_read_##name,                               \
-       .open = mac80211_open_file_generic,                             \
-}
-
-#define IEEE80211_IF_FILE(name, field, format)                         \
-               IEEE80211_IF_FMT_##format(name, field)                  \
-               __IEEE80211_IF_FILE(name)
-
-/* common attributes */
-IEEE80211_IF_FILE(channel_use, channel_use, DEC);
-IEEE80211_IF_FILE(drop_unencrypted, drop_unencrypted, DEC);
-IEEE80211_IF_FILE(eapol, eapol, DEC);
-IEEE80211_IF_FILE(ieee8021_x, ieee802_1x, DEC);
-
-/* STA/IBSS attributes */
-IEEE80211_IF_FILE(state, u.sta.state, DEC);
-IEEE80211_IF_FILE(bssid, u.sta.bssid, MAC);
-IEEE80211_IF_FILE(prev_bssid, u.sta.prev_bssid, MAC);
-IEEE80211_IF_FILE(ssid_len, u.sta.ssid_len, SIZE);
-IEEE80211_IF_FILE(aid, u.sta.aid, DEC);
-IEEE80211_IF_FILE(ap_capab, u.sta.ap_capab, HEX);
-IEEE80211_IF_FILE(capab, u.sta.capab, HEX);
-IEEE80211_IF_FILE(extra_ie_len, u.sta.extra_ie_len, SIZE);
-IEEE80211_IF_FILE(auth_tries, u.sta.auth_tries, DEC);
-IEEE80211_IF_FILE(assoc_tries, u.sta.assoc_tries, DEC);
-IEEE80211_IF_FILE(auth_algs, u.sta.auth_algs, HEX);
-IEEE80211_IF_FILE(auth_alg, u.sta.auth_alg, DEC);
-IEEE80211_IF_FILE(auth_transaction, u.sta.auth_transaction, DEC);
-
-static ssize_t ieee80211_if_fmt_flags(
-       const struct ieee80211_sub_if_data *sdata, char *buf, int buflen)
-{
-       return scnprintf(buf, buflen, "%s%s%s%s%s%s%s\n",
-                sdata->u.sta.flags & IEEE80211_STA_SSID_SET ? "SSID\n" : "",
-                sdata->u.sta.flags & IEEE80211_STA_BSSID_SET ? "BSSID\n" : "",
-                sdata->u.sta.flags & IEEE80211_STA_PREV_BSSID_SET ? "prev BSSID\n" : "",
-                sdata->u.sta.flags & IEEE80211_STA_AUTHENTICATED ? "AUTH\n" : "",
-                sdata->u.sta.flags & IEEE80211_STA_ASSOCIATED ? "ASSOC\n" : "",
-                sdata->u.sta.flags & IEEE80211_STA_PROBEREQ_POLL ? "PROBEREQ POLL\n" : "",
-                sdata->flags & IEEE80211_SDATA_USE_PROTECTION ? "CTS prot\n" : "");
-}
-__IEEE80211_IF_FILE(flags);
-
-/* AP attributes */
-IEEE80211_IF_FILE(num_sta_ps, u.ap.num_sta_ps, ATOMIC);
-IEEE80211_IF_FILE(dtim_period, u.ap.dtim_period, DEC);
-IEEE80211_IF_FILE(dtim_count, u.ap.dtim_count, DEC);
-IEEE80211_IF_FILE(num_beacons, u.ap.num_beacons, DEC);
-IEEE80211_IF_FILE(force_unicast_rateidx, u.ap.force_unicast_rateidx, DEC);
-IEEE80211_IF_FILE(max_ratectrl_rateidx, u.ap.max_ratectrl_rateidx, DEC);
-
-static ssize_t ieee80211_if_fmt_num_buffered_multicast(
-       const struct ieee80211_sub_if_data *sdata, char *buf, int buflen)
-{
-       return scnprintf(buf, buflen, "%u\n",
-                        skb_queue_len(&sdata->u.ap.ps_bc_buf));
-}
-__IEEE80211_IF_FILE(num_buffered_multicast);
-
-static ssize_t ieee80211_if_fmt_beacon_head_len(
-       const struct ieee80211_sub_if_data *sdata, char *buf, int buflen)
-{
-       if (sdata->u.ap.beacon_head)
-               return scnprintf(buf, buflen, "%d\n",
-                                sdata->u.ap.beacon_head_len);
-       return scnprintf(buf, buflen, "\n");
-}
-__IEEE80211_IF_FILE(beacon_head_len);
-
-static ssize_t ieee80211_if_fmt_beacon_tail_len(
-       const struct ieee80211_sub_if_data *sdata, char *buf, int buflen)
-{
-       if (sdata->u.ap.beacon_tail)
-               return scnprintf(buf, buflen, "%d\n",
-                                sdata->u.ap.beacon_tail_len);
-       return scnprintf(buf, buflen, "\n");
-}
-__IEEE80211_IF_FILE(beacon_tail_len);
-
-/* WDS attributes */
-IEEE80211_IF_FILE(peer, u.wds.remote_addr, MAC);
-
-#define DEBUGFS_ADD(name, type)\
-       sdata->debugfs.type.name = debugfs_create_file(#name, 0444,\
-               sdata->debugfsdir, sdata, &name##_ops);
-
-static void add_sta_files(struct ieee80211_sub_if_data *sdata)
-{
-       DEBUGFS_ADD(channel_use, sta);
-       DEBUGFS_ADD(drop_unencrypted, sta);
-       DEBUGFS_ADD(eapol, sta);
-       DEBUGFS_ADD(ieee8021_x, sta);
-       DEBUGFS_ADD(state, sta);
-       DEBUGFS_ADD(bssid, sta);
-       DEBUGFS_ADD(prev_bssid, sta);
-       DEBUGFS_ADD(ssid_len, sta);
-       DEBUGFS_ADD(aid, sta);
-       DEBUGFS_ADD(ap_capab, sta);
-       DEBUGFS_ADD(capab, sta);
-       DEBUGFS_ADD(extra_ie_len, sta);
-       DEBUGFS_ADD(auth_tries, sta);
-       DEBUGFS_ADD(assoc_tries, sta);
-       DEBUGFS_ADD(auth_algs, sta);
-       DEBUGFS_ADD(auth_alg, sta);
-       DEBUGFS_ADD(auth_transaction, sta);
-       DEBUGFS_ADD(flags, sta);
-}
-
-static void add_ap_files(struct ieee80211_sub_if_data *sdata)
-{
-       DEBUGFS_ADD(channel_use, ap);
-       DEBUGFS_ADD(drop_unencrypted, ap);
-       DEBUGFS_ADD(eapol, ap);
-       DEBUGFS_ADD(ieee8021_x, ap);
-       DEBUGFS_ADD(num_sta_ps, ap);
-       DEBUGFS_ADD(dtim_period, ap);
-       DEBUGFS_ADD(dtim_count, ap);
-       DEBUGFS_ADD(num_beacons, ap);
-       DEBUGFS_ADD(force_unicast_rateidx, ap);
-       DEBUGFS_ADD(max_ratectrl_rateidx, ap);
-       DEBUGFS_ADD(num_buffered_multicast, ap);
-       DEBUGFS_ADD(beacon_head_len, ap);
-       DEBUGFS_ADD(beacon_tail_len, ap);
-}
-
-static void add_wds_files(struct ieee80211_sub_if_data *sdata)
-{
-       DEBUGFS_ADD(channel_use, wds);
-       DEBUGFS_ADD(drop_unencrypted, wds);
-       DEBUGFS_ADD(eapol, wds);
-       DEBUGFS_ADD(ieee8021_x, wds);
-       DEBUGFS_ADD(peer, wds);
-}
-
-static void add_vlan_files(struct ieee80211_sub_if_data *sdata)
-{
-       DEBUGFS_ADD(channel_use, vlan);
-       DEBUGFS_ADD(drop_unencrypted, vlan);
-       DEBUGFS_ADD(eapol, vlan);
-       DEBUGFS_ADD(ieee8021_x, vlan);
-}
-
-static void add_monitor_files(struct ieee80211_sub_if_data *sdata)
-{
-}
-
-static void add_files(struct ieee80211_sub_if_data *sdata)
-{
-       if (!sdata->debugfsdir)
-               return;
-
-       switch (sdata->type) {
-       case IEEE80211_IF_TYPE_STA:
-       case IEEE80211_IF_TYPE_IBSS:
-               add_sta_files(sdata);
-               break;
-       case IEEE80211_IF_TYPE_AP:
-               add_ap_files(sdata);
-               break;
-       case IEEE80211_IF_TYPE_WDS:
-               add_wds_files(sdata);
-               break;
-       case IEEE80211_IF_TYPE_MNTR:
-               add_monitor_files(sdata);
-               break;
-       case IEEE80211_IF_TYPE_VLAN:
-               add_vlan_files(sdata);
-               break;
-       default:
-               break;
-       }
-}
-
-#define DEBUGFS_DEL(name, type)                                        \
-       do {                                                    \
-               debugfs_remove(sdata->debugfs.type.name);       \
-               sdata->debugfs.type.name = NULL;                \
-       } while (0)
-
-static void del_sta_files(struct ieee80211_sub_if_data *sdata)
-{
-       DEBUGFS_DEL(channel_use, sta);
-       DEBUGFS_DEL(drop_unencrypted, sta);
-       DEBUGFS_DEL(eapol, sta);
-       DEBUGFS_DEL(ieee8021_x, sta);
-       DEBUGFS_DEL(state, sta);
-       DEBUGFS_DEL(bssid, sta);
-       DEBUGFS_DEL(prev_bssid, sta);
-       DEBUGFS_DEL(ssid_len, sta);
-       DEBUGFS_DEL(aid, sta);
-       DEBUGFS_DEL(ap_capab, sta);
-       DEBUGFS_DEL(capab, sta);
-       DEBUGFS_DEL(extra_ie_len, sta);
-       DEBUGFS_DEL(auth_tries, sta);
-       DEBUGFS_DEL(assoc_tries, sta);
-       DEBUGFS_DEL(auth_algs, sta);
-       DEBUGFS_DEL(auth_alg, sta);
-       DEBUGFS_DEL(auth_transaction, sta);
-       DEBUGFS_DEL(flags, sta);
-}
-
-static void del_ap_files(struct ieee80211_sub_if_data *sdata)
-{
-       DEBUGFS_DEL(channel_use, ap);
-       DEBUGFS_DEL(drop_unencrypted, ap);
-       DEBUGFS_DEL(eapol, ap);
-       DEBUGFS_DEL(ieee8021_x, ap);
-       DEBUGFS_DEL(num_sta_ps, ap);
-       DEBUGFS_DEL(dtim_period, ap);
-       DEBUGFS_DEL(dtim_count, ap);
-       DEBUGFS_DEL(num_beacons, ap);
-       DEBUGFS_DEL(force_unicast_rateidx, ap);
-       DEBUGFS_DEL(max_ratectrl_rateidx, ap);
-       DEBUGFS_DEL(num_buffered_multicast, ap);
-       DEBUGFS_DEL(beacon_head_len, ap);
-       DEBUGFS_DEL(beacon_tail_len, ap);
-}
-
-static void del_wds_files(struct ieee80211_sub_if_data *sdata)
-{
-       DEBUGFS_DEL(channel_use, wds);
-       DEBUGFS_DEL(drop_unencrypted, wds);
-       DEBUGFS_DEL(eapol, wds);
-       DEBUGFS_DEL(ieee8021_x, wds);
-       DEBUGFS_DEL(peer, wds);
-}
-
-static void del_vlan_files(struct ieee80211_sub_if_data *sdata)
-{
-       DEBUGFS_DEL(channel_use, vlan);
-       DEBUGFS_DEL(drop_unencrypted, vlan);
-       DEBUGFS_DEL(eapol, vlan);
-       DEBUGFS_DEL(ieee8021_x, vlan);
-}
-
-static void del_monitor_files(struct ieee80211_sub_if_data *sdata)
-{
-}
-
-static void del_files(struct ieee80211_sub_if_data *sdata, int type)
-{
-       if (!sdata->debugfsdir)
-               return;
-
-       switch (type) {
-       case IEEE80211_IF_TYPE_STA:
-       case IEEE80211_IF_TYPE_IBSS:
-               del_sta_files(sdata);
-               break;
-       case IEEE80211_IF_TYPE_AP:
-               del_ap_files(sdata);
-               break;
-       case IEEE80211_IF_TYPE_WDS:
-               del_wds_files(sdata);
-               break;
-       case IEEE80211_IF_TYPE_MNTR:
-               del_monitor_files(sdata);
-               break;
-       case IEEE80211_IF_TYPE_VLAN:
-               del_vlan_files(sdata);
-               break;
-       default:
-               break;
-       }
-}
-
-static int notif_registered;
-
-void ieee80211_debugfs_add_netdev(struct ieee80211_sub_if_data *sdata)
-{
-       char buf[10+IFNAMSIZ];
-
-       if (!notif_registered)
-               return;
-
-       sprintf(buf, "netdev:%s", sdata->dev->name);
-       sdata->debugfsdir = debugfs_create_dir(buf,
-               sdata->local->hw.wiphy->debugfsdir);
-}
-
-void ieee80211_debugfs_remove_netdev(struct ieee80211_sub_if_data *sdata)
-{
-       del_files(sdata, sdata->type);
-       debugfs_remove(sdata->debugfsdir);
-       sdata->debugfsdir = NULL;
-}
-
-void ieee80211_debugfs_change_if_type(struct ieee80211_sub_if_data *sdata,
-                                     int oldtype)
-{
-       del_files(sdata, oldtype);
-       add_files(sdata);
-}
-
-static int netdev_notify(struct notifier_block * nb,
-                        unsigned long state,
-                        void *ndev)
-{
-       struct net_device *dev = ndev;
-       struct dentry *dir;
-       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-       char buf[10+IFNAMSIZ];
-
-       if (state != NETDEV_CHANGENAME)
-               return 0;
-
-       if (!dev->ieee80211_ptr || !dev->ieee80211_ptr->wiphy)
-               return 0;
-
-       if (dev->ieee80211_ptr->wiphy->privid != mac80211_wiphy_privid)
-               return 0;
-
-       sprintf(buf, "netdev:%s", dev->name);
-       dir = sdata->debugfsdir;
-       if (!debugfs_rename(dir->d_parent, dir, dir->d_parent, buf))
-               printk(KERN_ERR "mac80211: debugfs: failed to rename debugfs "
-                      "dir to %s\n", buf);
-
-       return 0;
-}
-
-static struct notifier_block mac80211_debugfs_netdev_notifier = {
-       .notifier_call = netdev_notify,
-};
-
-void ieee80211_debugfs_netdev_init(void)
-{
-       int err;
-
-       err = register_netdevice_notifier(&mac80211_debugfs_netdev_notifier);
-       if (err) {
-               printk(KERN_ERR
-                      "mac80211: failed to install netdev notifier,"
-                      " disabling per-netdev debugfs!\n");
-       } else
-               notif_registered = 1;
-}
-
-void ieee80211_debugfs_netdev_exit(void)
-{
-       unregister_netdevice_notifier(&mac80211_debugfs_netdev_notifier);
-       notif_registered = 0;
-}
 
+++ /dev/null
-/* routines exported for debugfs handling */
-
-#ifndef __IEEE80211_DEBUGFS_NETDEV_H
-#define __IEEE80211_DEBUGFS_NETDEV_H
-
-#ifdef CONFIG_MAC80211_DEBUGFS
-void ieee80211_debugfs_add_netdev(struct ieee80211_sub_if_data *sdata);
-void ieee80211_debugfs_remove_netdev(struct ieee80211_sub_if_data *sdata);
-void ieee80211_debugfs_change_if_type(struct ieee80211_sub_if_data *sdata,
-                                    int oldtype);
-void ieee80211_debugfs_netdev_init(void);
-void ieee80211_debugfs_netdev_exit(void);
-#else
-static inline void ieee80211_debugfs_add_netdev(
-       struct ieee80211_sub_if_data *sdata)
-{}
-static inline void ieee80211_debugfs_remove_netdev(
-       struct ieee80211_sub_if_data *sdata)
-{}
-static inline void ieee80211_debugfs_change_if_type(
-       struct ieee80211_sub_if_data *sdata, int oldtype)
-{}
-static inline void ieee80211_debugfs_netdev_init(void)
-{}
-
-static inline void ieee80211_debugfs_netdev_exit(void)
-{}
-#endif
-
-#endif /* __IEEE80211_DEBUGFS_NETDEV_H */
 
+++ /dev/null
-/*
- * Copyright 2003-2005 Devicescape Software, Inc.
- * Copyright (c) 2006  Jiri Benc <jbenc@suse.cz>
- * Copyright 2007      Johannes Berg <johannes@sipsolutions.net>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-#include <linux/debugfs.h>
-#include <linux/ieee80211.h>
-#include "ieee80211_i.h"
-#include "debugfs.h"
-#include "debugfs_sta.h"
-#include "sta_info.h"
-
-/* sta attributtes */
-
-#define STA_READ(name, buflen, field, format_string)                   \
-static ssize_t sta_ ##name## _read(struct file *file,                  \
-                                  char __user *userbuf,                \
-                                  size_t count, loff_t *ppos)          \
-{                                                                      \
-       int res;                                                        \
-       struct sta_info *sta = file->private_data;                      \
-       char buf[buflen];                                               \
-       res = scnprintf(buf, buflen, format_string, sta->field);        \
-       return simple_read_from_buffer(userbuf, count, ppos, buf, res); \
-}
-#define STA_READ_D(name, field) STA_READ(name, 20, field, "%d\n")
-#define STA_READ_U(name, field) STA_READ(name, 20, field, "%u\n")
-#define STA_READ_LU(name, field) STA_READ(name, 20, field, "%lu\n")
-#define STA_READ_S(name, field) STA_READ(name, 20, field, "%s\n")
-
-#define STA_READ_RATE(name, field)                                     \
-static ssize_t sta_##name##_read(struct file *file,                    \
-                                char __user *userbuf,                  \
-                                size_t count, loff_t *ppos)            \
-{                                                                      \
-       struct sta_info *sta = file->private_data;                      \
-       struct ieee80211_local *local = wdev_priv(sta->dev->ieee80211_ptr);\
-       struct ieee80211_hw_mode *mode = local->oper_hw_mode;           \
-       char buf[20];                                                   \
-       int res = scnprintf(buf, sizeof(buf), "%d\n",                   \
-                           (sta->field >= 0 &&                         \
-                           sta->field < mode->num_rates) ?             \
-                           mode->rates[sta->field].rate : -1);         \
-       return simple_read_from_buffer(userbuf, count, ppos, buf, res); \
-}
-
-#define STA_OPS(name)                                                  \
-static const struct file_operations sta_ ##name## _ops = {             \
-       .read = sta_##name##_read,                                      \
-       .open = mac80211_open_file_generic,                             \
-}
-
-#define STA_FILE(name, field, format)                                  \
-               STA_READ_##format(name, field)                          \
-               STA_OPS(name)
-
-STA_FILE(aid, aid, D);
-STA_FILE(dev, dev->name, S);
-STA_FILE(rx_packets, rx_packets, LU);
-STA_FILE(tx_packets, tx_packets, LU);
-STA_FILE(rx_bytes, rx_bytes, LU);
-STA_FILE(tx_bytes, tx_bytes, LU);
-STA_FILE(rx_duplicates, num_duplicates, LU);
-STA_FILE(rx_fragments, rx_fragments, LU);
-STA_FILE(rx_dropped, rx_dropped, LU);
-STA_FILE(tx_fragments, tx_fragments, LU);
-STA_FILE(tx_filtered, tx_filtered_count, LU);
-STA_FILE(txrate, txrate, RATE);
-STA_FILE(last_txrate, last_txrate, RATE);
-STA_FILE(tx_retry_failed, tx_retry_failed, LU);
-STA_FILE(tx_retry_count, tx_retry_count, LU);
-STA_FILE(last_rssi, last_rssi, D);
-STA_FILE(last_signal, last_signal, D);
-STA_FILE(last_noise, last_noise, D);
-STA_FILE(channel_use, channel_use, D);
-STA_FILE(wep_weak_iv_count, wep_weak_iv_count, D);
-
-static ssize_t sta_flags_read(struct file *file, char __user *userbuf,
-                             size_t count, loff_t *ppos)
-{
-       char buf[100];
-       struct sta_info *sta = file->private_data;
-       int res = scnprintf(buf, sizeof(buf), "%s%s%s%s%s%s%s%s%s",
-               sta->flags & WLAN_STA_AUTH ? "AUTH\n" : "",
-               sta->flags & WLAN_STA_ASSOC ? "ASSOC\n" : "",
-               sta->flags & WLAN_STA_PS ? "PS\n" : "",
-               sta->flags & WLAN_STA_TIM ? "TIM\n" : "",
-               sta->flags & WLAN_STA_PERM ? "PERM\n" : "",
-               sta->flags & WLAN_STA_AUTHORIZED ? "AUTHORIZED\n" : "",
-               sta->flags & WLAN_STA_SHORT_PREAMBLE ? "SHORT PREAMBLE\n" : "",
-               sta->flags & WLAN_STA_WME ? "WME\n" : "",
-               sta->flags & WLAN_STA_WDS ? "WDS\n" : "");
-       return simple_read_from_buffer(userbuf, count, ppos, buf, res);
-}
-STA_OPS(flags);
-
-static ssize_t sta_num_ps_buf_frames_read(struct file *file,
-                                         char __user *userbuf,
-                                         size_t count, loff_t *ppos)
-{
-       char buf[20];
-       struct sta_info *sta = file->private_data;
-       int res = scnprintf(buf, sizeof(buf), "%u\n",
-                           skb_queue_len(&sta->ps_tx_buf));
-       return simple_read_from_buffer(userbuf, count, ppos, buf, res);
-}
-STA_OPS(num_ps_buf_frames);
-
-static ssize_t sta_last_ack_rssi_read(struct file *file, char __user *userbuf,
-                                     size_t count, loff_t *ppos)
-{
-       char buf[100];
-       struct sta_info *sta = file->private_data;
-       int res = scnprintf(buf, sizeof(buf), "%d %d %d\n",
-                           sta->last_ack_rssi[0],
-                           sta->last_ack_rssi[1],
-                           sta->last_ack_rssi[2]);
-       return simple_read_from_buffer(userbuf, count, ppos, buf, res);
-}
-STA_OPS(last_ack_rssi);
-
-static ssize_t sta_last_ack_ms_read(struct file *file, char __user *userbuf,
-                                   size_t count, loff_t *ppos)
-{
-       char buf[20];
-       struct sta_info *sta = file->private_data;
-       int res = scnprintf(buf, sizeof(buf), "%d\n",
-                           sta->last_ack ?
-                           jiffies_to_msecs(jiffies - sta->last_ack) : -1);
-       return simple_read_from_buffer(userbuf, count, ppos, buf, res);
-}
-STA_OPS(last_ack_ms);
-
-static ssize_t sta_inactive_ms_read(struct file *file, char __user *userbuf,
-                                   size_t count, loff_t *ppos)
-{
-       char buf[20];
-       struct sta_info *sta = file->private_data;
-       int res = scnprintf(buf, sizeof(buf), "%d\n",
-                           jiffies_to_msecs(jiffies - sta->last_rx));
-       return simple_read_from_buffer(userbuf, count, ppos, buf, res);
-}
-STA_OPS(inactive_ms);
-
-static ssize_t sta_last_seq_ctrl_read(struct file *file, char __user *userbuf,
-                                     size_t count, loff_t *ppos)
-{
-       char buf[15*NUM_RX_DATA_QUEUES], *p = buf;
-       int i;
-       struct sta_info *sta = file->private_data;
-       for (i = 0; i < NUM_RX_DATA_QUEUES; i++)
-               p += scnprintf(p, sizeof(buf)+buf-p, "%x ",
-                              le16_to_cpu(sta->last_seq_ctrl[i]));
-       p += scnprintf(p, sizeof(buf)+buf-p, "\n");
-       return simple_read_from_buffer(userbuf, count, ppos, buf, p - buf);
-}
-STA_OPS(last_seq_ctrl);
-
-#ifdef CONFIG_MAC80211_DEBUG_COUNTERS
-static ssize_t sta_wme_rx_queue_read(struct file *file, char __user *userbuf,
-                                    size_t count, loff_t *ppos)
-{
-       char buf[15*NUM_RX_DATA_QUEUES], *p = buf;
-       int i;
-       struct sta_info *sta = file->private_data;
-       for (i = 0; i < NUM_RX_DATA_QUEUES; i++)
-               p += scnprintf(p, sizeof(buf)+buf-p, "%u ",
-                              sta->wme_rx_queue[i]);
-       p += scnprintf(p, sizeof(buf)+buf-p, "\n");
-       return simple_read_from_buffer(userbuf, count, ppos, buf, p - buf);
-}
-STA_OPS(wme_rx_queue);
-
-static ssize_t sta_wme_tx_queue_read(struct file *file, char __user *userbuf,
-                                    size_t count, loff_t *ppos)
-{
-       char buf[15*NUM_TX_DATA_QUEUES], *p = buf;
-       int i;
-       struct sta_info *sta = file->private_data;
-       for (i = 0; i < NUM_TX_DATA_QUEUES; i++)
-               p += scnprintf(p, sizeof(buf)+buf-p, "%u ",
-                              sta->wme_tx_queue[i]);
-       p += scnprintf(p, sizeof(buf)+buf-p, "\n");
-       return simple_read_from_buffer(userbuf, count, ppos, buf, p - buf);
-}
-STA_OPS(wme_tx_queue);
-#endif
-
-#define DEBUGFS_ADD(name) \
-       sta->debugfs.name = debugfs_create_file(#name, 0444, \
-               sta->debugfs.dir, sta, &sta_ ##name## _ops);
-
-#define DEBUGFS_DEL(name) \
-       debugfs_remove(sta->debugfs.name);\
-       sta->debugfs.name = NULL;
-
-
-void ieee80211_sta_debugfs_add(struct sta_info *sta)
-{
-       char buf[3*6];
-       struct dentry *stations_dir = sta->local->debugfs.stations;
-
-       if (!stations_dir)
-               return;
-
-       sprintf(buf, MAC_FMT, MAC_ARG(sta->addr));
-
-       sta->debugfs.dir = debugfs_create_dir(buf, stations_dir);
-       if (!sta->debugfs.dir)
-               return;
-
-       DEBUGFS_ADD(flags);
-       DEBUGFS_ADD(num_ps_buf_frames);
-       DEBUGFS_ADD(last_ack_rssi);
-       DEBUGFS_ADD(last_ack_ms);
-       DEBUGFS_ADD(inactive_ms);
-       DEBUGFS_ADD(last_seq_ctrl);
-#ifdef CONFIG_MAC80211_DEBUG_COUNTERS
-       DEBUGFS_ADD(wme_rx_queue);
-       DEBUGFS_ADD(wme_tx_queue);
-#endif
-}
-
-void ieee80211_sta_debugfs_remove(struct sta_info *sta)
-{
-       DEBUGFS_DEL(flags);
-       DEBUGFS_DEL(num_ps_buf_frames);
-       DEBUGFS_DEL(last_ack_rssi);
-       DEBUGFS_DEL(last_ack_ms);
-       DEBUGFS_DEL(inactive_ms);
-       DEBUGFS_DEL(last_seq_ctrl);
-#ifdef CONFIG_MAC80211_DEBUG_COUNTERS
-       DEBUGFS_DEL(wme_rx_queue);
-       DEBUGFS_DEL(wme_tx_queue);
-#endif
-
-       debugfs_remove(sta->debugfs.dir);
-       sta->debugfs.dir = NULL;
-}
 
+++ /dev/null
-#ifndef __MAC80211_DEBUGFS_STA_H
-#define __MAC80211_DEBUGFS_STA_H
-
-#ifdef CONFIG_MAC80211_DEBUGFS
-void ieee80211_sta_debugfs_add(struct sta_info *sta);
-void ieee80211_sta_debugfs_remove(struct sta_info *sta);
-#else
-static inline void ieee80211_sta_debugfs_add(struct sta_info *sta) {}
-static inline void ieee80211_sta_debugfs_remove(struct sta_info *sta) {}
-#endif
-
-#endif /* __MAC80211_DEBUGFS_STA_H */
 
+++ /dev/null
-/*
- * Copyright 2007      Johannes Berg <johannes@sipsolutions.net>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * mac80211 - events
- */
-
-#include <linux/netdevice.h>
-#include <net/iw_handler.h>
-#include "ieee80211_i.h"
-
-/*
- * indicate a failed Michael MIC to userspace; the passed packet
- * (in the variable hdr) must be long enough to extract the TKIP
- * fields like TSC
- */
-void mac80211_ev_michael_mic_failure(struct net_device *dev, int keyidx,
-                                    struct ieee80211_hdr *hdr)
-{
-       union iwreq_data wrqu;
-       char *buf = kmalloc(128, GFP_ATOMIC);
-
-       if (buf) {
-               /* TODO: needed parameters: count, key type, TSC */
-               sprintf(buf, "MLME-MICHAELMICFAILURE.indication("
-                       "keyid=%d %scast addr=" MAC_FMT ")",
-                       keyidx, hdr->addr1[0] & 0x01 ? "broad" : "uni",
-                       MAC_ARG(hdr->addr2));
-               memset(&wrqu, 0, sizeof(wrqu));
-               wrqu.data.length = strlen(buf);
-               wireless_send_event(dev, IWEVCUSTOM, &wrqu, buf);
-               kfree(buf);
-       }
-
-       /*
-        * TODO: re-add support for sending MIC failure indication
-        * with all info via nl80211
-        */
-}
 
+++ /dev/null
-/*
- * Copyright 2002-2005, Instant802 Networks, Inc.
- * Copyright 2005-2006, Devicescape Software, Inc.
- * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-#include <net/mac80211.h>
-#include <net/ieee80211_radiotap.h>
-#include <linux/module.h>
-#include <linux/init.h>
-#include <linux/netdevice.h>
-#include <linux/types.h>
-#include <linux/slab.h>
-#include <linux/skbuff.h>
-#include <linux/etherdevice.h>
-#include <linux/if_arp.h>
-#include <linux/wireless.h>
-#include <linux/rtnetlink.h>
-#include <linux/bitmap.h>
-#include <net/cfg80211.h>
-
-#include "ieee80211_i.h"
-#include "ieee80211_rate.h"
-#include "wep.h"
-#include "wme.h"
-#include "aes_ccm.h"
-#include "ieee80211_led.h"
-#include "cfg.h"
-#include "debugfs.h"
-#include "debugfs_netdev.h"
-
-/*
- * For seeing transmitted packets on monitor interfaces
- * we have a radiotap header too.
- */
-struct ieee80211_tx_status_rtap_hdr {
-       struct ieee80211_radiotap_header hdr;
-       __le16 tx_flags;
-       u8 data_retries;
-} __attribute__ ((packed));
-
-/* common interface routines */
-
-static int header_parse_80211(struct sk_buff *skb, unsigned char *haddr)
-{
-       memcpy(haddr, skb_mac_header(skb) + 10, ETH_ALEN); /* addr2 */
-       return ETH_ALEN;
-}
-
-/* must be called under mdev tx lock */
-static void ieee80211_configure_filter(struct ieee80211_local *local)
-{
-       unsigned int changed_flags;
-       unsigned int new_flags = 0;
-
-       if (atomic_read(&local->iff_promiscs))
-               new_flags |= FIF_PROMISC_IN_BSS;
-
-       if (atomic_read(&local->iff_allmultis))
-               new_flags |= FIF_ALLMULTI;
-
-       if (local->monitors)
-               new_flags |= FIF_CONTROL |
-                            FIF_OTHER_BSS |
-                            FIF_BCN_PRBRESP_PROMISC;
-
-       changed_flags = local->filter_flags ^ new_flags;
-
-       /* be a bit nasty */
-       new_flags |= (1<<31);
-
-       local->ops->configure_filter(local_to_hw(local),
-                                    changed_flags, &new_flags,
-                                    local->mdev->mc_count,
-                                    local->mdev->mc_list);
-
-       WARN_ON(new_flags & (1<<31));
-
-       local->filter_flags = new_flags & ~(1<<31);
-}
-
-/* master interface */
-
-static int ieee80211_master_open(struct net_device *dev)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct ieee80211_sub_if_data *sdata;
-       int res = -EOPNOTSUPP;
-
-       /* we hold the RTNL here so can safely walk the list */
-       list_for_each_entry(sdata, &local->interfaces, list) {
-               if (sdata->dev != dev && netif_running(sdata->dev)) {
-                       res = 0;
-                       break;
-               }
-       }
-       return res;
-}
-
-static int ieee80211_master_stop(struct net_device *dev)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct ieee80211_sub_if_data *sdata;
-
-       /* we hold the RTNL here so can safely walk the list */
-       list_for_each_entry(sdata, &local->interfaces, list)
-               if (sdata->dev != dev && netif_running(sdata->dev))
-                       dev_close(sdata->dev);
-
-       return 0;
-}
-
-static void ieee80211_master_set_multicast_list(struct net_device *dev)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-
-       ieee80211_configure_filter(local);
-}
-
-/* regular interfaces */
-
-static int ieee80211_change_mtu(struct net_device *dev, int new_mtu)
-{
-       /* FIX: what would be proper limits for MTU?
-        * This interface uses 802.3 frames. */
-       if (new_mtu < 256 || new_mtu > IEEE80211_MAX_DATA_LEN - 24 - 6) {
-               printk(KERN_WARNING "%s: invalid MTU %d\n",
-                      dev->name, new_mtu);
-               return -EINVAL;
-       }
-
-#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
-       printk(KERN_DEBUG "%s: setting MTU %d\n", dev->name, new_mtu);
-#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
-       dev->mtu = new_mtu;
-       return 0;
-}
-
-static inline int identical_mac_addr_allowed(int type1, int type2)
-{
-       return (type1 == IEEE80211_IF_TYPE_MNTR ||
-               type2 == IEEE80211_IF_TYPE_MNTR ||
-               (type1 == IEEE80211_IF_TYPE_AP &&
-                type2 == IEEE80211_IF_TYPE_WDS) ||
-               (type1 == IEEE80211_IF_TYPE_WDS &&
-                (type2 == IEEE80211_IF_TYPE_WDS ||
-                 type2 == IEEE80211_IF_TYPE_AP)) ||
-               (type1 == IEEE80211_IF_TYPE_AP &&
-                type2 == IEEE80211_IF_TYPE_VLAN) ||
-               (type1 == IEEE80211_IF_TYPE_VLAN &&
-                (type2 == IEEE80211_IF_TYPE_AP ||
-                 type2 == IEEE80211_IF_TYPE_VLAN)));
-}
-
-static int ieee80211_open(struct net_device *dev)
-{
-       struct ieee80211_sub_if_data *sdata, *nsdata;
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct ieee80211_if_init_conf conf;
-       int res;
-
-       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-
-       /* we hold the RTNL here so can safely walk the list */
-       list_for_each_entry(nsdata, &local->interfaces, list) {
-               struct net_device *ndev = nsdata->dev;
-
-               if (ndev != dev && ndev != local->mdev && netif_running(ndev) &&
-                   compare_ether_addr(dev->dev_addr, ndev->dev_addr) == 0) {
-                       /*
-                        * check whether it may have the same address
-                        */
-                       if (!identical_mac_addr_allowed(sdata->type,
-                                                       nsdata->type))
-                               return -ENOTUNIQ;
-
-                       /*
-                        * can only add VLANs to enabled APs
-                        */
-                       if (sdata->type == IEEE80211_IF_TYPE_VLAN &&
-                           nsdata->type == IEEE80211_IF_TYPE_AP &&
-                           netif_running(nsdata->dev))
-                               sdata->u.vlan.ap = nsdata;
-               }
-       }
-
-       switch (sdata->type) {
-       case IEEE80211_IF_TYPE_WDS:
-               if (is_zero_ether_addr(sdata->u.wds.remote_addr))
-                       return -ENOLINK;
-               break;
-       case IEEE80211_IF_TYPE_VLAN:
-               if (!sdata->u.vlan.ap)
-                       return -ENOLINK;
-               break;
-       case IEEE80211_IF_TYPE_AP:
-       case IEEE80211_IF_TYPE_STA:
-       case IEEE80211_IF_TYPE_MNTR:
-       case IEEE80211_IF_TYPE_IBSS:
-               /* no special treatment */
-               break;
-       case IEEE80211_IF_TYPE_INVALID:
-               /* cannot happen */
-               WARN_ON(1);
-               break;
-       }
-
-       if (local->open_count == 0) {
-               res = 0;
-               if (local->ops->start)
-                       res = local->ops->start(local_to_hw(local));
-               if (res)
-                       return res;
-       }
-
-       switch (sdata->type) {
-       case IEEE80211_IF_TYPE_VLAN:
-               list_add(&sdata->u.vlan.list, &sdata->u.vlan.ap->u.ap.vlans);
-               /* no need to tell driver */
-               break;
-       case IEEE80211_IF_TYPE_MNTR:
-               /* must be before the call to ieee80211_configure_filter */
-               local->monitors++;
-               if (local->monitors == 1) {
-                       netif_tx_lock_bh(local->mdev);
-                       ieee80211_configure_filter(local);
-                       netif_tx_unlock_bh(local->mdev);
-
-                       local->hw.conf.flags |= IEEE80211_CONF_RADIOTAP;
-                       ieee80211_hw_config(local);
-               }
-               break;
-       case IEEE80211_IF_TYPE_STA:
-       case IEEE80211_IF_TYPE_IBSS:
-               sdata->u.sta.flags &= ~IEEE80211_STA_PREV_BSSID_SET;
-               /* fall through */
-       default:
-               conf.if_id = dev->ifindex;
-               conf.type = sdata->type;
-               conf.mac_addr = dev->dev_addr;
-               res = local->ops->add_interface(local_to_hw(local), &conf);
-               if (res && !local->open_count && local->ops->stop)
-                       local->ops->stop(local_to_hw(local));
-               if (res)
-                       return res;
-
-               ieee80211_if_config(dev);
-               ieee80211_reset_erp_info(dev);
-               ieee80211_enable_keys(sdata);
-
-               if (sdata->type == IEEE80211_IF_TYPE_STA &&
-                   !(sdata->flags & IEEE80211_SDATA_USERSPACE_MLME))
-                       netif_carrier_off(dev);
-               else
-                       netif_carrier_on(dev);
-       }
-
-       if (local->open_count == 0) {
-               res = dev_open(local->mdev);
-               WARN_ON(res);
-               tasklet_enable(&local->tx_pending_tasklet);
-               tasklet_enable(&local->tasklet);
-       }
-
-       local->open_count++;
-
-       netif_start_queue(dev);
-
-       return 0;
-}
-
-static int ieee80211_stop(struct net_device *dev)
-{
-       struct ieee80211_sub_if_data *sdata;
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct ieee80211_if_init_conf conf;
-
-       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-
-       netif_stop_queue(dev);
-
-       dev_mc_unsync(local->mdev, dev);
-
-       /* down all dependent devices, that is VLANs */
-       if (sdata->type == IEEE80211_IF_TYPE_AP) {
-               struct ieee80211_sub_if_data *vlan, *tmp;
-
-               list_for_each_entry_safe(vlan, tmp, &sdata->u.ap.vlans,
-                                        u.vlan.list)
-                       dev_close(vlan->dev);
-               WARN_ON(!list_empty(&sdata->u.ap.vlans));
-       }
-
-       local->open_count--;
-
-       switch (sdata->type) {
-       case IEEE80211_IF_TYPE_VLAN:
-               list_del(&sdata->u.vlan.list);
-               sdata->u.vlan.ap = NULL;
-               /* no need to tell driver */
-               break;
-       case IEEE80211_IF_TYPE_MNTR:
-               local->monitors--;
-               if (local->monitors == 0) {
-                       netif_tx_lock_bh(local->mdev);
-                       ieee80211_configure_filter(local);
-                       netif_tx_unlock_bh(local->mdev);
-
-                       local->hw.conf.flags |= IEEE80211_CONF_RADIOTAP;
-                       ieee80211_hw_config(local);
-               }
-               break;
-       case IEEE80211_IF_TYPE_STA:
-       case IEEE80211_IF_TYPE_IBSS:
-               sdata->u.sta.state = IEEE80211_DISABLED;
-               del_timer_sync(&sdata->u.sta.timer);
-               /*
-                * When we get here, the interface is marked down.
-                * Call synchronize_rcu() to wait for the RX path
-                * should it be using the interface and enqueuing
-                * frames at this very time on another CPU.
-                */
-               synchronize_rcu();
-               skb_queue_purge(&sdata->u.sta.skb_queue);
-
-               if (!local->ops->hw_scan &&
-                   local->scan_dev == sdata->dev) {
-                       local->sta_scanning = 0;
-                       cancel_delayed_work(&local->scan_work);
-               }
-               flush_workqueue(local->hw.workqueue);
-               /* fall through */
-       default:
-               conf.if_id = dev->ifindex;
-               conf.type = sdata->type;
-               conf.mac_addr = dev->dev_addr;
-               /* disable all keys for as long as this netdev is down */
-               ieee80211_disable_keys(sdata);
-               local->ops->remove_interface(local_to_hw(local), &conf);
-       }
-
-       if (local->open_count == 0) {
-               if (netif_running(local->mdev))
-                       dev_close(local->mdev);
-
-               if (local->ops->stop)
-                       local->ops->stop(local_to_hw(local));
-
-               tasklet_disable(&local->tx_pending_tasklet);
-               tasklet_disable(&local->tasklet);
-       }
-
-       return 0;
-}
-
-static void ieee80211_set_multicast_list(struct net_device *dev)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-       int allmulti, promisc, sdata_allmulti, sdata_promisc;
-
-       allmulti = !!(dev->flags & IFF_ALLMULTI);
-       promisc = !!(dev->flags & IFF_PROMISC);
-       sdata_allmulti = sdata->flags & IEEE80211_SDATA_ALLMULTI;
-       sdata_promisc = sdata->flags & IEEE80211_SDATA_PROMISC;
-
-       if (allmulti != sdata_allmulti) {
-               if (dev->flags & IFF_ALLMULTI)
-                       atomic_inc(&local->iff_allmultis);
-               else
-                       atomic_dec(&local->iff_allmultis);
-               sdata->flags ^= IEEE80211_SDATA_ALLMULTI;
-       }
-
-       if (promisc != sdata_promisc) {
-               if (dev->flags & IFF_PROMISC)
-                       atomic_inc(&local->iff_promiscs);
-               else
-                       atomic_dec(&local->iff_promiscs);
-               sdata->flags ^= IEEE80211_SDATA_PROMISC;
-       }
-
-       dev_mc_sync(local->mdev, dev);
-}
-
-/* Must not be called for mdev */
-void ieee80211_if_setup(struct net_device *dev)
-{
-       ether_setup(dev);
-       dev->hard_start_xmit = ieee80211_subif_start_xmit;
-       dev->wireless_handlers = &ieee80211_iw_handler_def;
-       dev->set_multicast_list = ieee80211_set_multicast_list;
-       dev->change_mtu = ieee80211_change_mtu;
-       dev->open = ieee80211_open;
-       dev->stop = ieee80211_stop;
-       dev->destructor = ieee80211_if_free;
-}
-
-/* WDS specialties */
-
-int ieee80211_if_update_wds(struct net_device *dev, u8 *remote_addr)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-       struct sta_info *sta;
-
-       if (compare_ether_addr(remote_addr, sdata->u.wds.remote_addr) == 0)
-               return 0;
-
-       /* Create STA entry for the new peer */
-       sta = sta_info_add(local, dev, remote_addr, GFP_KERNEL);
-       if (!sta)
-               return -ENOMEM;
-       sta_info_put(sta);
-
-       /* Remove STA entry for the old peer */
-       sta = sta_info_get(local, sdata->u.wds.remote_addr);
-       if (sta) {
-               sta_info_free(sta);
-               sta_info_put(sta);
-       } else {
-               printk(KERN_DEBUG "%s: could not find STA entry for WDS link "
-                      "peer " MAC_FMT "\n",
-                      dev->name, MAC_ARG(sdata->u.wds.remote_addr));
-       }
-
-       /* Update WDS link data */
-       memcpy(&sdata->u.wds.remote_addr, remote_addr, ETH_ALEN);
-
-       return 0;
-}
-
-/* everything else */
-
-static int __ieee80211_if_config(struct net_device *dev,
-                                struct sk_buff *beacon,
-                                struct ieee80211_tx_control *control)
-{
-       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct ieee80211_if_conf conf;
-
-       if (!local->ops->config_interface || !netif_running(dev))
-               return 0;
-
-       memset(&conf, 0, sizeof(conf));
-       conf.type = sdata->type;
-       if (sdata->type == IEEE80211_IF_TYPE_STA ||
-           sdata->type == IEEE80211_IF_TYPE_IBSS) {
-               conf.bssid = sdata->u.sta.bssid;
-               conf.ssid = sdata->u.sta.ssid;
-               conf.ssid_len = sdata->u.sta.ssid_len;
-       } else if (sdata->type == IEEE80211_IF_TYPE_AP) {
-               conf.ssid = sdata->u.ap.ssid;
-               conf.ssid_len = sdata->u.ap.ssid_len;
-               conf.beacon = beacon;
-               conf.beacon_control = control;
-       }
-       return local->ops->config_interface(local_to_hw(local),
-                                          dev->ifindex, &conf);
-}
-
-int ieee80211_if_config(struct net_device *dev)
-{
-       return __ieee80211_if_config(dev, NULL, NULL);
-}
-
-int ieee80211_if_config_beacon(struct net_device *dev)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct ieee80211_tx_control control;
-       struct sk_buff *skb;
-
-       if (!(local->hw.flags & IEEE80211_HW_HOST_GEN_BEACON_TEMPLATE))
-               return 0;
-       skb = ieee80211_beacon_get(local_to_hw(local), dev->ifindex, &control);
-       if (!skb)
-               return -ENOMEM;
-       return __ieee80211_if_config(dev, skb, &control);
-}
-
-int ieee80211_hw_config(struct ieee80211_local *local)
-{
-       struct ieee80211_hw_mode *mode;
-       struct ieee80211_channel *chan;
-       int ret = 0;
-
-       if (local->sta_scanning) {
-               chan = local->scan_channel;
-               mode = local->scan_hw_mode;
-       } else {
-               chan = local->oper_channel;
-               mode = local->oper_hw_mode;
-       }
-
-       local->hw.conf.channel = chan->chan;
-       local->hw.conf.channel_val = chan->val;
-       if (!local->hw.conf.power_level) {
-               local->hw.conf.power_level = chan->power_level;
-       } else {
-               local->hw.conf.power_level = min(chan->power_level,
-                                                local->hw.conf.power_level);
-       }
-       local->hw.conf.freq = chan->freq;
-       local->hw.conf.phymode = mode->mode;
-       local->hw.conf.antenna_max = chan->antenna_max;
-       local->hw.conf.chan = chan;
-       local->hw.conf.mode = mode;
-
-#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
-       printk(KERN_DEBUG "HW CONFIG: channel=%d freq=%d "
-              "phymode=%d\n", local->hw.conf.channel, local->hw.conf.freq,
-              local->hw.conf.phymode);
-#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
-
-       if (local->open_count)
-               ret = local->ops->config(local_to_hw(local), &local->hw.conf);
-
-       return ret;
-}
-
-void ieee80211_erp_info_change_notify(struct net_device *dev, u8 changes)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-       if (local->ops->erp_ie_changed)
-               local->ops->erp_ie_changed(local_to_hw(local), changes,
-                       !!(sdata->flags & IEEE80211_SDATA_USE_PROTECTION),
-                       !(sdata->flags & IEEE80211_SDATA_SHORT_PREAMBLE));
-}
-
-void ieee80211_reset_erp_info(struct net_device *dev)
-{
-       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-
-       sdata->flags &= ~(IEEE80211_SDATA_USE_PROTECTION |
-                       IEEE80211_SDATA_SHORT_PREAMBLE);
-       ieee80211_erp_info_change_notify(dev,
-                                        IEEE80211_ERP_CHANGE_PROTECTION |
-                                        IEEE80211_ERP_CHANGE_PREAMBLE);
-}
-
-void ieee80211_tx_status_irqsafe(struct ieee80211_hw *hw,
-                                struct sk_buff *skb,
-                                struct ieee80211_tx_status *status)
-{
-       struct ieee80211_local *local = hw_to_local(hw);
-       struct ieee80211_tx_status *saved;
-       int tmp;
-
-       skb->dev = local->mdev;
-       saved = kmalloc(sizeof(struct ieee80211_tx_status), GFP_ATOMIC);
-       if (unlikely(!saved)) {
-               if (net_ratelimit())
-                       printk(KERN_WARNING "%s: Not enough memory, "
-                              "dropping tx status", skb->dev->name);
-               /* should be dev_kfree_skb_irq, but due to this function being
-                * named _irqsafe instead of just _irq we can't be sure that
-                * people won't call it from non-irq contexts */
-               dev_kfree_skb_any(skb);
-               return;
-       }
-       memcpy(saved, status, sizeof(struct ieee80211_tx_status));
-       /* copy pointer to saved status into skb->cb for use by tasklet */
-       memcpy(skb->cb, &saved, sizeof(saved));
-
-       skb->pkt_type = IEEE80211_TX_STATUS_MSG;
-       skb_queue_tail(status->control.flags & IEEE80211_TXCTL_REQ_TX_STATUS ?
-                      &local->skb_queue : &local->skb_queue_unreliable, skb);
-       tmp = skb_queue_len(&local->skb_queue) +
-               skb_queue_len(&local->skb_queue_unreliable);
-       while (tmp > IEEE80211_IRQSAFE_QUEUE_LIMIT &&
-              (skb = skb_dequeue(&local->skb_queue_unreliable))) {
-               memcpy(&saved, skb->cb, sizeof(saved));
-               kfree(saved);
-               dev_kfree_skb_irq(skb);
-               tmp--;
-               I802_DEBUG_INC(local->tx_status_drop);
-       }
-       tasklet_schedule(&local->tasklet);
-}
-EXPORT_SYMBOL(ieee80211_tx_status_irqsafe);
-
-static void ieee80211_tasklet_handler(unsigned long data)
-{
-       struct ieee80211_local *local = (struct ieee80211_local *) data;
-       struct sk_buff *skb;
-       struct ieee80211_rx_status rx_status;
-       struct ieee80211_tx_status *tx_status;
-
-       while ((skb = skb_dequeue(&local->skb_queue)) ||
-              (skb = skb_dequeue(&local->skb_queue_unreliable))) {
-               switch (skb->pkt_type) {
-               case IEEE80211_RX_MSG:
-                       /* status is in skb->cb */
-                       memcpy(&rx_status, skb->cb, sizeof(rx_status));
-                       /* Clear skb->type in order to not confuse kernel
-                        * netstack. */
-                       skb->pkt_type = 0;
-                       __ieee80211_rx(local_to_hw(local), skb, &rx_status);
-                       break;
-               case IEEE80211_TX_STATUS_MSG:
-                       /* get pointer to saved status out of skb->cb */
-                       memcpy(&tx_status, skb->cb, sizeof(tx_status));
-                       skb->pkt_type = 0;
-                       ieee80211_tx_status(local_to_hw(local),
-                                           skb, tx_status);
-                       kfree(tx_status);
-                       break;
-               default: /* should never get here! */
-                       printk(KERN_ERR "%s: Unknown message type (%d)\n",
-                              wiphy_name(local->hw.wiphy), skb->pkt_type);
-                       dev_kfree_skb(skb);
-                       break;
-               }
-       }
-}
-
-/* Remove added headers (e.g., QoS control), encryption header/MIC, etc. to
- * make a prepared TX frame (one that has been given to hw) to look like brand
- * new IEEE 802.11 frame that is ready to go through TX processing again.
- * Also, tx_packet_data in cb is restored from tx_control. */
-static void ieee80211_remove_tx_extra(struct ieee80211_local *local,
-                                     struct ieee80211_key *key,
-                                     struct sk_buff *skb,
-                                     struct ieee80211_tx_control *control)
-{
-       int hdrlen, iv_len, mic_len;
-       struct ieee80211_tx_packet_data *pkt_data;
-
-       pkt_data = (struct ieee80211_tx_packet_data *)skb->cb;
-       pkt_data->ifindex = control->ifindex;
-       pkt_data->flags = 0;
-       if (control->flags & IEEE80211_TXCTL_REQ_TX_STATUS)
-               pkt_data->flags |= IEEE80211_TXPD_REQ_TX_STATUS;
-       if (control->flags & IEEE80211_TXCTL_DO_NOT_ENCRYPT)
-               pkt_data->flags |= IEEE80211_TXPD_DO_NOT_ENCRYPT;
-       if (control->flags & IEEE80211_TXCTL_REQUEUE)
-               pkt_data->flags |= IEEE80211_TXPD_REQUEUE;
-       pkt_data->queue = control->queue;
-
-       hdrlen = ieee80211_get_hdrlen_from_skb(skb);
-
-       if (!key)
-               goto no_key;
-
-       switch (key->conf.alg) {
-       case ALG_WEP:
-               iv_len = WEP_IV_LEN;
-               mic_len = WEP_ICV_LEN;
-               break;
-       case ALG_TKIP:
-               iv_len = TKIP_IV_LEN;
-               mic_len = TKIP_ICV_LEN;
-               break;
-       case ALG_CCMP:
-               iv_len = CCMP_HDR_LEN;
-               mic_len = CCMP_MIC_LEN;
-               break;
-       default:
-               goto no_key;
-       }
-
-       if (skb->len >= mic_len &&
-           !(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
-               skb_trim(skb, skb->len - mic_len);
-       if (skb->len >= iv_len && skb->len > hdrlen) {
-               memmove(skb->data + iv_len, skb->data, hdrlen);
-               skb_pull(skb, iv_len);
-       }
-
-no_key:
-       {
-               struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
-               u16 fc = le16_to_cpu(hdr->frame_control);
-               if ((fc & 0x8C) == 0x88) /* QoS Control Field */ {
-                       fc &= ~IEEE80211_STYPE_QOS_DATA;
-                       hdr->frame_control = cpu_to_le16(fc);
-                       memmove(skb->data + 2, skb->data, hdrlen - 2);
-                       skb_pull(skb, 2);
-               }
-       }
-}
-
-void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb,
-                        struct ieee80211_tx_status *status)
-{
-       struct sk_buff *skb2;
-       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
-       struct ieee80211_local *local = hw_to_local(hw);
-       u16 frag, type;
-       struct ieee80211_tx_status_rtap_hdr *rthdr;
-       struct ieee80211_sub_if_data *sdata;
-       int monitors;
-
-       if (!status) {
-               printk(KERN_ERR
-                      "%s: ieee80211_tx_status called with NULL status\n",
-                      wiphy_name(local->hw.wiphy));
-               dev_kfree_skb(skb);
-               return;
-       }
-
-       if (status->excessive_retries) {
-               struct sta_info *sta;
-               sta = sta_info_get(local, hdr->addr1);
-               if (sta) {
-                       if (sta->flags & WLAN_STA_PS) {
-                               /* The STA is in power save mode, so assume
-                                * that this TX packet failed because of that.
-                                */
-                               status->excessive_retries = 0;
-                               status->flags |= IEEE80211_TX_STATUS_TX_FILTERED;
-                       }
-                       sta_info_put(sta);
-               }
-       }
-
-       if (status->flags & IEEE80211_TX_STATUS_TX_FILTERED) {
-               struct sta_info *sta;
-               sta = sta_info_get(local, hdr->addr1);
-               if (sta) {
-                       sta->tx_filtered_count++;
-
-                       /* Clear the TX filter mask for this STA when sending
-                        * the next packet. If the STA went to power save mode,
-                        * this will happen when it is waking up for the next
-                        * time. */
-                       sta->clear_dst_mask = 1;
-
-                       /* TODO: Is the WLAN_STA_PS flag always set here or is
-                        * the race between RX and TX status causing some
-                        * packets to be filtered out before 80211.o gets an
-                        * update for PS status? This seems to be the case, so
-                        * no changes are likely to be needed. */
-                       if (sta->flags & WLAN_STA_PS &&
-                           skb_queue_len(&sta->tx_filtered) <
-                           STA_MAX_TX_BUFFER) {
-                               ieee80211_remove_tx_extra(local, sta->key,
-                                                         skb,
-                                                         &status->control);
-                               skb_queue_tail(&sta->tx_filtered, skb);
-                       } else if (!(sta->flags & WLAN_STA_PS) &&
-                                  !(status->control.flags & IEEE80211_TXCTL_REQUEUE)) {
-                               /* Software retry the packet once */
-                               status->control.flags |= IEEE80211_TXCTL_REQUEUE;
-                               ieee80211_remove_tx_extra(local, sta->key,
-                                                         skb,
-                                                         &status->control);
-                               dev_queue_xmit(skb);
-                       } else {
-                               if (net_ratelimit()) {
-                                       printk(KERN_DEBUG "%s: dropped TX "
-                                              "filtered frame queue_len=%d "
-                                              "PS=%d @%lu\n",
-                                              wiphy_name(local->hw.wiphy),
-                                              skb_queue_len(
-                                                      &sta->tx_filtered),
-                                              !!(sta->flags & WLAN_STA_PS),
-                                              jiffies);
-                               }
-                               dev_kfree_skb(skb);
-                       }
-                       sta_info_put(sta);
-                       return;
-               }
-       } else {
-               /* FIXME: STUPID to call this with both local and local->mdev */
-               rate_control_tx_status(local, local->mdev, skb, status);
-       }
-
-       ieee80211_led_tx(local, 0);
-
-       /* SNMP counters
-        * Fragments are passed to low-level drivers as separate skbs, so these
-        * are actually fragments, not frames. Update frame counters only for
-        * the first fragment of the frame. */
-
-       frag = le16_to_cpu(hdr->seq_ctrl) & IEEE80211_SCTL_FRAG;
-       type = le16_to_cpu(hdr->frame_control) & IEEE80211_FCTL_FTYPE;
-
-       if (status->flags & IEEE80211_TX_STATUS_ACK) {
-               if (frag == 0) {
-                       local->dot11TransmittedFrameCount++;
-                       if (is_multicast_ether_addr(hdr->addr1))
-                               local->dot11MulticastTransmittedFrameCount++;
-                       if (status->retry_count > 0)
-                               local->dot11RetryCount++;
-                       if (status->retry_count > 1)
-                               local->dot11MultipleRetryCount++;
-               }
-
-               /* This counter shall be incremented for an acknowledged MPDU
-                * with an individual address in the address 1 field or an MPDU
-                * with a multicast address in the address 1 field of type Data
-                * or Management. */
-               if (!is_multicast_ether_addr(hdr->addr1) ||
-                   type == IEEE80211_FTYPE_DATA ||
-                   type == IEEE80211_FTYPE_MGMT)
-                       local->dot11TransmittedFragmentCount++;
-       } else {
-               if (frag == 0)
-                       local->dot11FailedCount++;
-       }
-
-       /* this was a transmitted frame, but now we want to reuse it */
-       skb_orphan(skb);
-
-       if (!local->monitors) {
-               dev_kfree_skb(skb);
-               return;
-       }
-
-       /* send frame to monitor interfaces now */
-
-       if (skb_headroom(skb) < sizeof(*rthdr)) {
-               printk(KERN_ERR "ieee80211_tx_status: headroom too small\n");
-               dev_kfree_skb(skb);
-               return;
-       }
-
-       rthdr = (struct ieee80211_tx_status_rtap_hdr*)
-                               skb_push(skb, sizeof(*rthdr));
-
-       memset(rthdr, 0, sizeof(*rthdr));
-       rthdr->hdr.it_len = cpu_to_le16(sizeof(*rthdr));
-       rthdr->hdr.it_present =
-               cpu_to_le32((1 << IEEE80211_RADIOTAP_TX_FLAGS) |
-                           (1 << IEEE80211_RADIOTAP_DATA_RETRIES));
-
-       if (!(status->flags & IEEE80211_TX_STATUS_ACK) &&
-           !is_multicast_ether_addr(hdr->addr1))
-               rthdr->tx_flags |= cpu_to_le16(IEEE80211_RADIOTAP_F_TX_FAIL);
-
-       if ((status->control.flags & IEEE80211_TXCTL_USE_RTS_CTS) &&
-           (status->control.flags & IEEE80211_TXCTL_USE_CTS_PROTECT))
-               rthdr->tx_flags |= cpu_to_le16(IEEE80211_RADIOTAP_F_TX_CTS);
-       else if (status->control.flags & IEEE80211_TXCTL_USE_RTS_CTS)
-               rthdr->tx_flags |= cpu_to_le16(IEEE80211_RADIOTAP_F_TX_RTS);
-
-       rthdr->data_retries = status->retry_count;
-
-       rcu_read_lock();
-       monitors = local->monitors;
-       list_for_each_entry_rcu(sdata, &local->interfaces, list) {
-               /*
-                * Using the monitors counter is possibly racy, but
-                * if the value is wrong we simply either clone the skb
-                * once too much or forget sending it to one monitor iface
-                * The latter case isn't nice but fixing the race is much
-                * more complicated.
-                */
-               if (!monitors || !skb)
-                       goto out;
-
-               if (sdata->type == IEEE80211_IF_TYPE_MNTR) {
-                       if (!netif_running(sdata->dev))
-                               continue;
-                       monitors--;
-                       if (monitors)
-                               skb2 = skb_clone(skb, GFP_ATOMIC);
-                       else
-                               skb2 = NULL;
-                       skb->dev = sdata->dev;
-                       /* XXX: is this sufficient for BPF? */
-                       skb_set_mac_header(skb, 0);
-                       skb->ip_summed = CHECKSUM_UNNECESSARY;
-                       skb->pkt_type = PACKET_OTHERHOST;
-                       skb->protocol = htons(ETH_P_802_2);
-                       memset(skb->cb, 0, sizeof(skb->cb));
-                       netif_rx(skb);
-                       skb = skb2;
-               }
-       }
- out:
-       rcu_read_unlock();
-       if (skb)
-               dev_kfree_skb(skb);
-}
-EXPORT_SYMBOL(ieee80211_tx_status);
-
-struct ieee80211_hw *ieee80211_alloc_hw(size_t priv_data_len,
-                                       const struct ieee80211_ops *ops)
-{
-       struct net_device *mdev;
-       struct ieee80211_local *local;
-       struct ieee80211_sub_if_data *sdata;
-       int priv_size;
-       struct wiphy *wiphy;
-
-       /* Ensure 32-byte alignment of our private data and hw private data.
-        * We use the wiphy priv data for both our ieee80211_local and for
-        * the driver's private data
-        *
-        * In memory it'll be like this:
-        *
-        * +-------------------------+
-        * | struct wiphy           |
-        * +-------------------------+
-        * | struct ieee80211_local  |
-        * +-------------------------+
-        * | driver's private data   |
-        * +-------------------------+
-        *
-        */
-       priv_size = ((sizeof(struct ieee80211_local) +
-                     NETDEV_ALIGN_CONST) & ~NETDEV_ALIGN_CONST) +
-                   priv_data_len;
-
-       wiphy = wiphy_new(&mac80211_config_ops, priv_size);
-
-       if (!wiphy)
-               return NULL;
-
-       wiphy->privid = mac80211_wiphy_privid;
-
-       local = wiphy_priv(wiphy);
-       local->hw.wiphy = wiphy;
-
-       local->hw.priv = (char *)local +
-                        ((sizeof(struct ieee80211_local) +
-                          NETDEV_ALIGN_CONST) & ~NETDEV_ALIGN_CONST);
-
-       BUG_ON(!ops->tx);
-       BUG_ON(!ops->start);
-       BUG_ON(!ops->stop);
-       BUG_ON(!ops->config);
-       BUG_ON(!ops->add_interface);
-       BUG_ON(!ops->remove_interface);
-       BUG_ON(!ops->configure_filter);
-       local->ops = ops;
-
-       /* for now, mdev needs sub_if_data :/ */
-       mdev = alloc_netdev(sizeof(struct ieee80211_sub_if_data),
-                           "wmaster%d", ether_setup);
-       if (!mdev) {
-               wiphy_free(wiphy);
-               return NULL;
-       }
-
-       sdata = IEEE80211_DEV_TO_SUB_IF(mdev);
-       mdev->ieee80211_ptr = &sdata->wdev;
-       sdata->wdev.wiphy = wiphy;
-
-       local->hw.queues = 1; /* default */
-
-       local->mdev = mdev;
-       local->rx_pre_handlers = ieee80211_rx_pre_handlers;
-       local->rx_handlers = ieee80211_rx_handlers;
-       local->tx_handlers = ieee80211_tx_handlers;
-
-       local->bridge_packets = 1;
-
-       local->rts_threshold = IEEE80211_MAX_RTS_THRESHOLD;
-       local->fragmentation_threshold = IEEE80211_MAX_FRAG_THRESHOLD;
-       local->short_retry_limit = 7;
-       local->long_retry_limit = 4;
-       local->hw.conf.radio_enabled = 1;
-
-       local->enabled_modes = ~0;
-
-       INIT_LIST_HEAD(&local->modes_list);
-
-       INIT_LIST_HEAD(&local->interfaces);
-
-       INIT_DELAYED_WORK(&local->scan_work, ieee80211_sta_scan_work);
-       ieee80211_rx_bss_list_init(mdev);
-
-       sta_info_init(local);
-
-       mdev->hard_start_xmit = ieee80211_master_start_xmit;
-       mdev->open = ieee80211_master_open;
-       mdev->stop = ieee80211_master_stop;
-       mdev->type = ARPHRD_IEEE80211;
-       mdev->hard_header_parse = header_parse_80211;
-       mdev->set_multicast_list = ieee80211_master_set_multicast_list;
-
-       sdata->type = IEEE80211_IF_TYPE_AP;
-       sdata->dev = mdev;
-       sdata->local = local;
-       sdata->u.ap.force_unicast_rateidx = -1;
-       sdata->u.ap.max_ratectrl_rateidx = -1;
-       ieee80211_if_sdata_init(sdata);
-       /* no RCU needed since we're still during init phase */
-       list_add_tail(&sdata->list, &local->interfaces);
-
-       tasklet_init(&local->tx_pending_tasklet, ieee80211_tx_pending,
-                    (unsigned long)local);
-       tasklet_disable(&local->tx_pending_tasklet);
-
-       tasklet_init(&local->tasklet,
-                    ieee80211_tasklet_handler,
-                    (unsigned long) local);
-       tasklet_disable(&local->tasklet);
-
-       skb_queue_head_init(&local->skb_queue);
-       skb_queue_head_init(&local->skb_queue_unreliable);
-
-       return local_to_hw(local);
-}
-EXPORT_SYMBOL(ieee80211_alloc_hw);
-
-int ieee80211_register_hw(struct ieee80211_hw *hw)
-{
-       struct ieee80211_local *local = hw_to_local(hw);
-       const char *name;
-       int result;
-
-       result = wiphy_register(local->hw.wiphy);
-       if (result < 0)
-               return result;
-
-       name = wiphy_dev(local->hw.wiphy)->driver->name;
-       local->hw.workqueue = create_singlethread_workqueue(name);
-       if (!local->hw.workqueue) {
-               result = -ENOMEM;
-               goto fail_workqueue;
-       }
-
-       /*
-        * The hardware needs headroom for sending the frame,
-        * and we need some headroom for passing the frame to monitor
-        * interfaces, but never both at the same time.
-        */
-       local->tx_headroom = max_t(unsigned int , local->hw.extra_tx_headroom,
-                                  sizeof(struct ieee80211_tx_status_rtap_hdr));
-
-       debugfs_hw_add(local);
-
-       local->hw.conf.beacon_int = 1000;
-
-       local->wstats_flags |= local->hw.max_rssi ?
-                              IW_QUAL_LEVEL_UPDATED : IW_QUAL_LEVEL_INVALID;
-       local->wstats_flags |= local->hw.max_signal ?
-                              IW_QUAL_QUAL_UPDATED : IW_QUAL_QUAL_INVALID;
-       local->wstats_flags |= local->hw.max_noise ?
-                              IW_QUAL_NOISE_UPDATED : IW_QUAL_NOISE_INVALID;
-       if (local->hw.max_rssi < 0 || local->hw.max_noise < 0)
-               local->wstats_flags |= IW_QUAL_DBM;
-
-       result = sta_info_start(local);
-       if (result < 0)
-               goto fail_sta_info;
-
-       rtnl_lock();
-       result = dev_alloc_name(local->mdev, local->mdev->name);
-       if (result < 0)
-               goto fail_dev;
-
-       memcpy(local->mdev->dev_addr, local->hw.wiphy->perm_addr, ETH_ALEN);
-       SET_NETDEV_DEV(local->mdev, wiphy_dev(local->hw.wiphy));
-
-       result = register_netdevice(local->mdev);
-       if (result < 0)
-               goto fail_dev;
-
-       ieee80211_debugfs_add_netdev(IEEE80211_DEV_TO_SUB_IF(local->mdev));
-       ieee80211_if_set_type(local->mdev, IEEE80211_IF_TYPE_AP);
-
-       result = ieee80211_init_rate_ctrl_alg(local, NULL);
-       if (result < 0) {
-               printk(KERN_DEBUG "%s: Failed to initialize rate control "
-                      "algorithm\n", wiphy_name(local->hw.wiphy));
-               goto fail_rate;
-       }
-
-       result = ieee80211_wep_init(local);
-
-       if (result < 0) {
-               printk(KERN_DEBUG "%s: Failed to initialize wep\n",
-                      wiphy_name(local->hw.wiphy));
-               goto fail_wep;
-       }
-
-       ieee80211_install_qdisc(local->mdev);
-
-       /* add one default STA interface */
-       result = ieee80211_if_add(local->mdev, "wlan%d", NULL,
-                                 IEEE80211_IF_TYPE_STA);
-       if (result)
-               printk(KERN_WARNING "%s: Failed to add default virtual iface\n",
-                      wiphy_name(local->hw.wiphy));
-
-       local->reg_state = IEEE80211_DEV_REGISTERED;
-       rtnl_unlock();
-
-       ieee80211_led_init(local);
-
-       return 0;
-
-fail_wep:
-       rate_control_deinitialize(local);
-fail_rate:
-       ieee80211_debugfs_remove_netdev(IEEE80211_DEV_TO_SUB_IF(local->mdev));
-       unregister_netdevice(local->mdev);
-fail_dev:
-       rtnl_unlock();
-       sta_info_stop(local);
-fail_sta_info:
-       debugfs_hw_del(local);
-       destroy_workqueue(local->hw.workqueue);
-fail_workqueue:
-       wiphy_unregister(local->hw.wiphy);
-       return result;
-}
-EXPORT_SYMBOL(ieee80211_register_hw);
-
-int ieee80211_register_hwmode(struct ieee80211_hw *hw,
-                             struct ieee80211_hw_mode *mode)
-{
-       struct ieee80211_local *local = hw_to_local(hw);
-       struct ieee80211_rate *rate;
-       int i;
-
-       INIT_LIST_HEAD(&mode->list);
-       list_add_tail(&mode->list, &local->modes_list);
-
-       local->hw_modes |= (1 << mode->mode);
-       for (i = 0; i < mode->num_rates; i++) {
-               rate = &(mode->rates[i]);
-               rate->rate_inv = CHAN_UTIL_RATE_LCM / rate->rate;
-       }
-       ieee80211_prepare_rates(local, mode);
-
-       if (!local->oper_hw_mode) {
-               /* Default to this mode */
-               local->hw.conf.phymode = mode->mode;
-               local->oper_hw_mode = local->scan_hw_mode = mode;
-               local->oper_channel = local->scan_channel = &mode->channels[0];
-               local->hw.conf.mode = local->oper_hw_mode;
-               local->hw.conf.chan = local->oper_channel;
-       }
-
-       if (!(hw->flags & IEEE80211_HW_DEFAULT_REG_DOMAIN_CONFIGURED))
-               ieee80211_set_default_regdomain(mode);
-
-       return 0;
-}
-EXPORT_SYMBOL(ieee80211_register_hwmode);
-
-void ieee80211_unregister_hw(struct ieee80211_hw *hw)
-{
-       struct ieee80211_local *local = hw_to_local(hw);
-       struct ieee80211_sub_if_data *sdata, *tmp;
-       int i;
-
-       tasklet_kill(&local->tx_pending_tasklet);
-       tasklet_kill(&local->tasklet);
-
-       rtnl_lock();
-
-       BUG_ON(local->reg_state != IEEE80211_DEV_REGISTERED);
-
-       local->reg_state = IEEE80211_DEV_UNREGISTERED;
-
-       /*
-        * At this point, interface list manipulations are fine
-        * because the driver cannot be handing us frames any
-        * more and the tasklet is killed.
-        */
-
-       /*
-        * First, we remove all non-master interfaces. Do this because they
-        * may have bss pointer dependency on the master, and when we free
-        * the master these would be freed as well, breaking our list
-        * iteration completely.
-        */
-       list_for_each_entry_safe(sdata, tmp, &local->interfaces, list) {
-               if (sdata->dev == local->mdev)
-                       continue;
-               list_del(&sdata->list);
-               __ieee80211_if_del(local, sdata);
-       }
-
-       /* then, finally, remove the master interface */
-       __ieee80211_if_del(local, IEEE80211_DEV_TO_SUB_IF(local->mdev));
-
-       rtnl_unlock();
-
-       ieee80211_rx_bss_list_deinit(local->mdev);
-       ieee80211_clear_tx_pending(local);
-       sta_info_stop(local);
-       rate_control_deinitialize(local);
-       debugfs_hw_del(local);
-
-       for (i = 0; i < NUM_IEEE80211_MODES; i++) {
-               kfree(local->supp_rates[i]);
-               kfree(local->basic_rates[i]);
-       }
-
-       if (skb_queue_len(&local->skb_queue)
-                       || skb_queue_len(&local->skb_queue_unreliable))
-               printk(KERN_WARNING "%s: skb_queue not empty\n",
-                      wiphy_name(local->hw.wiphy));
-       skb_queue_purge(&local->skb_queue);
-       skb_queue_purge(&local->skb_queue_unreliable);
-
-       destroy_workqueue(local->hw.workqueue);
-       wiphy_unregister(local->hw.wiphy);
-       ieee80211_wep_free(local);
-       ieee80211_led_exit(local);
-}
-EXPORT_SYMBOL(ieee80211_unregister_hw);
-
-void ieee80211_free_hw(struct ieee80211_hw *hw)
-{
-       struct ieee80211_local *local = hw_to_local(hw);
-
-       ieee80211_if_free(local->mdev);
-       wiphy_free(local->hw.wiphy);
-}
-EXPORT_SYMBOL(ieee80211_free_hw);
-
-static int __init ieee80211_init(void)
-{
-       struct sk_buff *skb;
-       int ret;
-
-       BUILD_BUG_ON(sizeof(struct ieee80211_tx_packet_data) > sizeof(skb->cb));
-
-       ret = ieee80211_wme_register();
-       if (ret) {
-               printk(KERN_DEBUG "ieee80211_init: failed to "
-                      "initialize WME (err=%d)\n", ret);
-               return ret;
-       }
-
-       ieee80211_debugfs_netdev_init();
-       ieee80211_regdomain_init();
-
-       return 0;
-}
-
-static void __exit ieee80211_exit(void)
-{
-       ieee80211_wme_unregister();
-       ieee80211_debugfs_netdev_exit();
-}
-
-
-subsys_initcall(ieee80211_init);
-module_exit(ieee80211_exit);
-
-MODULE_DESCRIPTION("IEEE 802.11 subsystem");
-MODULE_LICENSE("GPL");
 
+++ /dev/null
-/*
- * IEEE 802.11 driver (80211.o) -- hostapd interface
- * Copyright 2002-2004, Instant802 Networks, Inc.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-#ifndef IEEE80211_COMMON_H
-#define IEEE80211_COMMON_H
-
-#include <linux/types.h>
-
-/*
- * This is common header information with user space. It is used on all
- * frames sent to wlan#ap interface.
- */
-
-#define IEEE80211_FI_VERSION 0x80211001
-
-struct ieee80211_frame_info {
-       __be32 version;
-       __be32 length;
-       __be64 mactime;
-       __be64 hosttime;
-       __be32 phytype;
-       __be32 channel;
-       __be32 datarate;
-       __be32 antenna;
-       __be32 priority;
-       __be32 ssi_type;
-       __be32 ssi_signal;
-       __be32 ssi_noise;
-       __be32 preamble;
-       __be32 encoding;
-
-       /* Note: this structure is otherwise identical to capture format used
-        * in linux-wlan-ng, but this additional field is used to provide meta
-        * data about the frame to hostapd. This was the easiest method for
-        * providing this information, but this might change in the future. */
-       __be32 msg_type;
-} __attribute__ ((packed));
-
-
-enum ieee80211_msg_type {
-       ieee80211_msg_normal = 0,
-       ieee80211_msg_tx_callback_ack = 1,
-       ieee80211_msg_tx_callback_fail = 2,
-       /* hole at 3, was ieee80211_msg_passive_scan but unused */
-       /* hole at 4, was ieee80211_msg_wep_frame_unknown_key but now unused */
-       ieee80211_msg_michael_mic_failure = 5,
-       /* hole at 6, was monitor but never sent to userspace */
-       ieee80211_msg_sta_not_assoc = 7,
-       /* 8 was ieee80211_msg_set_aid_for_sta */
-       /* 9 was ieee80211_msg_key_threshold_notification */
-       /* 11 was ieee80211_msg_radar */
-};
-
-struct ieee80211_msg_key_notification {
-       int tx_rx_count;
-       char ifname[IFNAMSIZ];
-       u8 addr[ETH_ALEN]; /* ff:ff:ff:ff:ff:ff for broadcast keys */
-};
-
-
-enum ieee80211_phytype {
-       ieee80211_phytype_fhss_dot11_97  = 1,
-       ieee80211_phytype_dsss_dot11_97  = 2,
-       ieee80211_phytype_irbaseband     = 3,
-       ieee80211_phytype_dsss_dot11_b   = 4,
-       ieee80211_phytype_pbcc_dot11_b   = 5,
-       ieee80211_phytype_ofdm_dot11_g   = 6,
-       ieee80211_phytype_pbcc_dot11_g   = 7,
-       ieee80211_phytype_ofdm_dot11_a   = 8,
-};
-
-enum ieee80211_ssi_type {
-       ieee80211_ssi_none = 0,
-       ieee80211_ssi_norm = 1, /* normalized, 0-1000 */
-       ieee80211_ssi_dbm = 2,
-       ieee80211_ssi_raw = 3, /* raw SSI */
-};
-
-struct ieee80211_radar_info {
-               int channel;
-               int radar;
-               int radar_type;
-};
-
-#endif /* IEEE80211_COMMON_H */
 
+++ /dev/null
-/*
- * Copyright 2002-2005, Instant802 Networks, Inc.
- * Copyright 2005, Devicescape Software, Inc.
- * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-#ifndef IEEE80211_I_H
-#define IEEE80211_I_H
-
-#include <linux/kernel.h>
-#include <linux/device.h>
-#include <linux/if_ether.h>
-#include <linux/interrupt.h>
-#include <linux/list.h>
-#include <linux/netdevice.h>
-#include <linux/skbuff.h>
-#include <linux/workqueue.h>
-#include <linux/types.h>
-#include <linux/spinlock.h>
-#include <linux/etherdevice.h>
-#include <net/wireless.h>
-#include "ieee80211_key.h"
-#include "sta_info.h"
-
-/* ieee80211.o internal definitions, etc. These are not included into
- * low-level drivers. */
-
-#ifndef ETH_P_PAE
-#define ETH_P_PAE 0x888E /* Port Access Entity (IEEE 802.1X) */
-#endif /* ETH_P_PAE */
-
-#define WLAN_FC_DATA_PRESENT(fc) (((fc) & 0x4c) == 0x08)
-
-struct ieee80211_local;
-
-#define BIT(x) (1 << (x))
-
-#define IEEE80211_ALIGN32_PAD(a) ((4 - ((a) & 3)) & 3)
-
-/* Maximum number of broadcast/multicast frames to buffer when some of the
- * associated stations are using power saving. */
-#define AP_MAX_BC_BUFFER 128
-
-/* Maximum number of frames buffered to all STAs, including multicast frames.
- * Note: increasing this limit increases the potential memory requirement. Each
- * frame can be up to about 2 kB long. */
-#define TOTAL_MAX_TX_BUFFER 512
-
-/* Required encryption head and tailroom */
-#define IEEE80211_ENCRYPT_HEADROOM 8
-#define IEEE80211_ENCRYPT_TAILROOM 12
-
-/* IEEE 802.11 (Ch. 9.5 Defragmentation) requires support for concurrent
- * reception of at least three fragmented frames. This limit can be increased
- * by changing this define, at the cost of slower frame reassembly and
- * increased memory use (about 2 kB of RAM per entry). */
-#define IEEE80211_FRAGMENT_MAX 4
-
-struct ieee80211_fragment_entry {
-       unsigned long first_frag_time;
-       unsigned int seq;
-       unsigned int rx_queue;
-       unsigned int last_frag;
-       unsigned int extra_len;
-       struct sk_buff_head skb_list;
-       int ccmp; /* Whether fragments were encrypted with CCMP */
-       u8 last_pn[6]; /* PN of the last fragment if CCMP was used */
-};
-
-
-struct ieee80211_sta_bss {
-       struct list_head list;
-       struct ieee80211_sta_bss *hnext;
-       atomic_t users;
-
-       u8 bssid[ETH_ALEN];
-       u8 ssid[IEEE80211_MAX_SSID_LEN];
-       size_t ssid_len;
-       u16 capability; /* host byte order */
-       int hw_mode;
-       int channel;
-       int freq;
-       int rssi, signal, noise;
-       u8 *wpa_ie;
-       size_t wpa_ie_len;
-       u8 *rsn_ie;
-       size_t rsn_ie_len;
-       u8 *wmm_ie;
-       size_t wmm_ie_len;
-#define IEEE80211_MAX_SUPP_RATES 32
-       u8 supp_rates[IEEE80211_MAX_SUPP_RATES];
-       size_t supp_rates_len;
-       int beacon_int;
-       u64 timestamp;
-
-       int probe_resp;
-       unsigned long last_update;
-
-       /* during assocation, we save an ERP value from a probe response so
-        * that we can feed ERP info to the driver when handling the
-        * association completes. these fields probably won't be up-to-date
-        * otherwise, you probably don't want to use them. */
-       int has_erp_value;
-       u8 erp_value;
-};
-
-
-typedef enum {
-       TXRX_CONTINUE, TXRX_DROP, TXRX_QUEUED
-} ieee80211_txrx_result;
-
-/* flags used in struct ieee80211_txrx_data.flags */
-/* whether the MSDU was fragmented */
-#define IEEE80211_TXRXD_FRAGMENTED             BIT(0)
-#define IEEE80211_TXRXD_TXUNICAST              BIT(1)
-#define IEEE80211_TXRXD_TXPS_BUFFERED          BIT(2)
-#define IEEE80211_TXRXD_TXPROBE_LAST_FRAG      BIT(3)
-#define IEEE80211_TXRXD_RXIN_SCAN              BIT(4)
-/* frame is destined to interface currently processed (incl. multicast frames) */
-#define IEEE80211_TXRXD_RXRA_MATCH             BIT(5)
-#define IEEE80211_TXRXD_TX_INJECTED            BIT(6)
-struct ieee80211_txrx_data {
-       struct sk_buff *skb;
-       struct net_device *dev;
-       struct ieee80211_local *local;
-       struct ieee80211_sub_if_data *sdata;
-       struct sta_info *sta;
-       u16 fc, ethertype;
-       struct ieee80211_key *key;
-       unsigned int flags;
-       union {
-               struct {
-                       struct ieee80211_tx_control *control;
-                       struct ieee80211_hw_mode *mode;
-                       struct ieee80211_rate *rate;
-                       /* use this rate (if set) for last fragment; rate can
-                        * be set to lower rate for the first fragments, e.g.,
-                        * when using CTS protection with IEEE 802.11g. */
-                       struct ieee80211_rate *last_frag_rate;
-                       int last_frag_hwrate;
-
-                       /* Extra fragments (in addition to the first fragment
-                        * in skb) */
-                       int num_extra_frag;
-                       struct sk_buff **extra_frag;
-               } tx;
-               struct {
-                       struct ieee80211_rx_status *status;
-                       int sent_ps_buffered;
-                       int queue;
-                       int load;
-                       u32 tkip_iv32;
-                       u16 tkip_iv16;
-               } rx;
-       } u;
-};
-
-/* flags used in struct ieee80211_tx_packet_data.flags */
-#define IEEE80211_TXPD_REQ_TX_STATUS   BIT(0)
-#define IEEE80211_TXPD_DO_NOT_ENCRYPT  BIT(1)
-#define IEEE80211_TXPD_REQUEUE         BIT(2)
-/* Stored in sk_buff->cb */
-struct ieee80211_tx_packet_data {
-       int ifindex;
-       unsigned long jiffies;
-       unsigned int flags;
-       u8 queue;
-};
-
-struct ieee80211_tx_stored_packet {
-       struct ieee80211_tx_control control;
-       struct sk_buff *skb;
-       int num_extra_frag;
-       struct sk_buff **extra_frag;
-       int last_frag_rateidx;
-       int last_frag_hwrate;
-       struct ieee80211_rate *last_frag_rate;
-       unsigned int last_frag_rate_ctrl_probe;
-};
-
-typedef ieee80211_txrx_result (*ieee80211_tx_handler)
-(struct ieee80211_txrx_data *tx);
-
-typedef ieee80211_txrx_result (*ieee80211_rx_handler)
-(struct ieee80211_txrx_data *rx);
-
-struct ieee80211_if_ap {
-       u8 *beacon_head, *beacon_tail;
-       int beacon_head_len, beacon_tail_len;
-
-       struct list_head vlans;
-
-       u8 ssid[IEEE80211_MAX_SSID_LEN];
-       size_t ssid_len;
-
-       /* yes, this looks ugly, but guarantees that we can later use
-        * bitmap_empty :)
-        * NB: don't ever use set_bit, use bss_tim_set/bss_tim_clear! */
-       u8 tim[sizeof(unsigned long) * BITS_TO_LONGS(IEEE80211_MAX_AID + 1)];
-       atomic_t num_sta_ps; /* number of stations in PS mode */
-       struct sk_buff_head ps_bc_buf;
-       int dtim_period, dtim_count;
-       int force_unicast_rateidx; /* forced TX rateidx for unicast frames */
-       int max_ratectrl_rateidx; /* max TX rateidx for rate control */
-       int num_beacons; /* number of TXed beacon frames for this BSS */
-};
-
-struct ieee80211_if_wds {
-       u8 remote_addr[ETH_ALEN];
-       struct sta_info *sta;
-};
-
-struct ieee80211_if_vlan {
-       struct ieee80211_sub_if_data *ap;
-       struct list_head list;
-};
-
-/* flags used in struct ieee80211_if_sta.flags */
-#define IEEE80211_STA_SSID_SET         BIT(0)
-#define IEEE80211_STA_BSSID_SET                BIT(1)
-#define IEEE80211_STA_PREV_BSSID_SET   BIT(2)
-#define IEEE80211_STA_AUTHENTICATED    BIT(3)
-#define IEEE80211_STA_ASSOCIATED       BIT(4)
-#define IEEE80211_STA_PROBEREQ_POLL    BIT(5)
-#define IEEE80211_STA_CREATE_IBSS      BIT(6)
-#define IEEE80211_STA_MIXED_CELL       BIT(7)
-#define IEEE80211_STA_WMM_ENABLED      BIT(8)
-#define IEEE80211_STA_AUTO_SSID_SEL    BIT(10)
-#define IEEE80211_STA_AUTO_BSSID_SEL   BIT(11)
-#define IEEE80211_STA_AUTO_CHANNEL_SEL BIT(12)
-struct ieee80211_if_sta {
-       enum {
-               IEEE80211_DISABLED, IEEE80211_AUTHENTICATE,
-               IEEE80211_ASSOCIATE, IEEE80211_ASSOCIATED,
-               IEEE80211_IBSS_SEARCH, IEEE80211_IBSS_JOINED
-       } state;
-       struct timer_list timer;
-       struct work_struct work;
-       u8 bssid[ETH_ALEN], prev_bssid[ETH_ALEN];
-       u8 ssid[IEEE80211_MAX_SSID_LEN];
-       size_t ssid_len;
-       u16 aid;
-       u16 ap_capab, capab;
-       u8 *extra_ie; /* to be added to the end of AssocReq */
-       size_t extra_ie_len;
-
-       /* The last AssocReq/Resp IEs */
-       u8 *assocreq_ies, *assocresp_ies;
-       size_t assocreq_ies_len, assocresp_ies_len;
-
-       int auth_tries, assoc_tries;
-
-       unsigned int flags;
-#define IEEE80211_STA_REQ_SCAN 0
-#define IEEE80211_STA_REQ_AUTH 1
-#define IEEE80211_STA_REQ_RUN  2
-       unsigned long request;
-       struct sk_buff_head skb_queue;
-
-       int key_management_enabled;
-       unsigned long last_probe;
-
-#define IEEE80211_AUTH_ALG_OPEN BIT(0)
-#define IEEE80211_AUTH_ALG_SHARED_KEY BIT(1)
-#define IEEE80211_AUTH_ALG_LEAP BIT(2)
-       unsigned int auth_algs; /* bitfield of allowed auth algs */
-       int auth_alg; /* currently used IEEE 802.11 authentication algorithm */
-       int auth_transaction;
-
-       unsigned long ibss_join_req;
-       struct sk_buff *probe_resp; /* ProbeResp template for IBSS */
-       u32 supp_rates_bits;
-
-       int wmm_last_param_set;
-};
-
-
-/* flags used in struct ieee80211_sub_if_data.flags */
-#define IEEE80211_SDATA_ALLMULTI       BIT(0)
-#define IEEE80211_SDATA_PROMISC                BIT(1)
-#define IEEE80211_SDATA_USE_PROTECTION BIT(2) /* CTS protect ERP frames */
-/* use short preamble with IEEE 802.11b: this flag is set when the AP or beacon
- * generator reports that there are no present stations that cannot support short
- * preambles */
-#define IEEE80211_SDATA_SHORT_PREAMBLE BIT(3)
-#define IEEE80211_SDATA_USERSPACE_MLME BIT(4)
-struct ieee80211_sub_if_data {
-       struct list_head list;
-       enum ieee80211_if_types type;
-
-       struct wireless_dev wdev;
-
-       /* keys */
-       struct list_head key_list;
-
-       struct net_device *dev;
-       struct ieee80211_local *local;
-
-       unsigned int flags;
-
-       int drop_unencrypted;
-       int eapol; /* 0 = process EAPOL frames as normal data frames,
-                   * 1 = send EAPOL frames through wlan#ap to hostapd
-                   *     (default) */
-       int ieee802_1x; /* IEEE 802.1X PAE - drop packet to/from unauthorized
-                        * port */
-
-       u16 sequence;
-
-       /* Fragment table for host-based reassembly */
-       struct ieee80211_fragment_entry fragments[IEEE80211_FRAGMENT_MAX];
-       unsigned int fragment_next;
-
-#define NUM_DEFAULT_KEYS 4
-       struct ieee80211_key *keys[NUM_DEFAULT_KEYS];
-       struct ieee80211_key *default_key;
-
-       struct ieee80211_if_ap *bss; /* BSS that this device belongs to */
-
-       union {
-               struct ieee80211_if_ap ap;
-               struct ieee80211_if_wds wds;
-               struct ieee80211_if_vlan vlan;
-               struct ieee80211_if_sta sta;
-       } u;
-       int channel_use;
-       int channel_use_raw;
-
-#ifdef CONFIG_MAC80211_DEBUGFS
-       struct dentry *debugfsdir;
-       union {
-               struct {
-                       struct dentry *channel_use;
-                       struct dentry *drop_unencrypted;
-                       struct dentry *eapol;
-                       struct dentry *ieee8021_x;
-                       struct dentry *state;
-                       struct dentry *bssid;
-                       struct dentry *prev_bssid;
-                       struct dentry *ssid_len;
-                       struct dentry *aid;
-                       struct dentry *ap_capab;
-                       struct dentry *capab;
-                       struct dentry *extra_ie_len;
-                       struct dentry *auth_tries;
-                       struct dentry *assoc_tries;
-                       struct dentry *auth_algs;
-                       struct dentry *auth_alg;
-                       struct dentry *auth_transaction;
-                       struct dentry *flags;
-               } sta;
-               struct {
-                       struct dentry *channel_use;
-                       struct dentry *drop_unencrypted;
-                       struct dentry *eapol;
-                       struct dentry *ieee8021_x;
-                       struct dentry *num_sta_ps;
-                       struct dentry *dtim_period;
-                       struct dentry *dtim_count;
-                       struct dentry *num_beacons;
-                       struct dentry *force_unicast_rateidx;
-                       struct dentry *max_ratectrl_rateidx;
-                       struct dentry *num_buffered_multicast;
-                       struct dentry *beacon_head_len;
-                       struct dentry *beacon_tail_len;
-               } ap;
-               struct {
-                       struct dentry *channel_use;
-                       struct dentry *drop_unencrypted;
-                       struct dentry *eapol;
-                       struct dentry *ieee8021_x;
-                       struct dentry *peer;
-               } wds;
-               struct {
-                       struct dentry *channel_use;
-                       struct dentry *drop_unencrypted;
-                       struct dentry *eapol;
-                       struct dentry *ieee8021_x;
-               } vlan;
-               struct {
-                       struct dentry *mode;
-               } monitor;
-               struct dentry *default_key;
-       } debugfs;
-#endif
-};
-
-#define IEEE80211_DEV_TO_SUB_IF(dev) netdev_priv(dev)
-
-enum {
-       IEEE80211_RX_MSG        = 1,
-       IEEE80211_TX_STATUS_MSG = 2,
-};
-
-struct ieee80211_local {
-       /* embed the driver visible part.
-        * don't cast (use the static inlines below), but we keep
-        * it first anyway so they become a no-op */
-       struct ieee80211_hw hw;
-
-       const struct ieee80211_ops *ops;
-
-       /* List of registered struct ieee80211_hw_mode */
-       struct list_head modes_list;
-
-       struct net_device *mdev; /* wmaster# - "master" 802.11 device */
-       int open_count;
-       int monitors;
-       unsigned int filter_flags; /* FIF_* */
-       struct iw_statistics wstats;
-       u8 wstats_flags;
-       int tx_headroom; /* required headroom for hardware/radiotap */
-
-       enum {
-               IEEE80211_DEV_UNINITIALIZED = 0,
-               IEEE80211_DEV_REGISTERED,
-               IEEE80211_DEV_UNREGISTERED,
-       } reg_state;
-
-       /* Tasklet and skb queue to process calls from IRQ mode. All frames
-        * added to skb_queue will be processed, but frames in
-        * skb_queue_unreliable may be dropped if the total length of these
-        * queues increases over the limit. */
-#define IEEE80211_IRQSAFE_QUEUE_LIMIT 128
-       struct tasklet_struct tasklet;
-       struct sk_buff_head skb_queue;
-       struct sk_buff_head skb_queue_unreliable;
-
-       /* Station data structures */
-       rwlock_t sta_lock; /* protects STA data structures */
-       int num_sta; /* number of stations in sta_list */
-       struct list_head sta_list;
-       struct sta_info *sta_hash[STA_HASH_SIZE];
-       struct timer_list sta_cleanup;
-
-       unsigned long state[NUM_TX_DATA_QUEUES];
-       struct ieee80211_tx_stored_packet pending_packet[NUM_TX_DATA_QUEUES];
-       struct tasklet_struct tx_pending_tasklet;
-
-       /* number of interfaces with corresponding IFF_ flags */
-       atomic_t iff_allmultis, iff_promiscs;
-
-       struct rate_control_ref *rate_ctrl;
-
-       /* Supported and basic rate filters for different modes. These are
-        * pointers to -1 terminated lists and rates in 100 kbps units. */
-       int *supp_rates[NUM_IEEE80211_MODES];
-       int *basic_rates[NUM_IEEE80211_MODES];
-
-       int rts_threshold;
-       int fragmentation_threshold;
-       int short_retry_limit; /* dot11ShortRetryLimit */
-       int long_retry_limit; /* dot11LongRetryLimit */
-
-       struct crypto_blkcipher *wep_tx_tfm;
-       struct crypto_blkcipher *wep_rx_tfm;
-       u32 wep_iv;
-
-       int bridge_packets; /* bridge packets between associated stations and
-                            * deliver multicast frames both back to wireless
-                            * media and to the local net stack */
-
-       ieee80211_rx_handler *rx_pre_handlers;
-       ieee80211_rx_handler *rx_handlers;
-       ieee80211_tx_handler *tx_handlers;
-
-       struct list_head interfaces;
-
-       int sta_scanning;
-       int scan_channel_idx;
-       enum { SCAN_SET_CHANNEL, SCAN_SEND_PROBE } scan_state;
-       unsigned long last_scan_completed;
-       struct delayed_work scan_work;
-       struct net_device *scan_dev;
-       struct ieee80211_channel *oper_channel, *scan_channel;
-       struct ieee80211_hw_mode *oper_hw_mode, *scan_hw_mode;
-       u8 scan_ssid[IEEE80211_MAX_SSID_LEN];
-       size_t scan_ssid_len;
-       struct list_head sta_bss_list;
-       struct ieee80211_sta_bss *sta_bss_hash[STA_HASH_SIZE];
-       spinlock_t sta_bss_lock;
-#define IEEE80211_SCAN_MATCH_SSID BIT(0)
-#define IEEE80211_SCAN_WPA_ONLY BIT(1)
-#define IEEE80211_SCAN_EXTRA_INFO BIT(2)
-       int scan_flags;
-
-       /* SNMP counters */
-       /* dot11CountersTable */
-       u32 dot11TransmittedFragmentCount;
-       u32 dot11MulticastTransmittedFrameCount;
-       u32 dot11FailedCount;
-       u32 dot11RetryCount;
-       u32 dot11MultipleRetryCount;
-       u32 dot11FrameDuplicateCount;
-       u32 dot11ReceivedFragmentCount;
-       u32 dot11MulticastReceivedFrameCount;
-       u32 dot11TransmittedFrameCount;
-       u32 dot11WEPUndecryptableCount;
-
-#ifdef CONFIG_MAC80211_LEDS
-       int tx_led_counter, rx_led_counter;
-       struct led_trigger *tx_led, *rx_led, *assoc_led;
-       char tx_led_name[32], rx_led_name[32], assoc_led_name[32];
-#endif
-
-       u32 channel_use;
-       u32 channel_use_raw;
-
-#ifdef CONFIG_MAC80211_DEBUGFS
-       struct work_struct sta_debugfs_add;
-#endif
-
-#ifdef CONFIG_MAC80211_DEBUG_COUNTERS
-       /* TX/RX handler statistics */
-       unsigned int tx_handlers_drop;
-       unsigned int tx_handlers_queued;
-       unsigned int tx_handlers_drop_unencrypted;
-       unsigned int tx_handlers_drop_fragment;
-       unsigned int tx_handlers_drop_wep;
-       unsigned int tx_handlers_drop_not_assoc;
-       unsigned int tx_handlers_drop_unauth_port;
-       unsigned int rx_handlers_drop;
-       unsigned int rx_handlers_queued;
-       unsigned int rx_handlers_drop_nullfunc;
-       unsigned int rx_handlers_drop_defrag;
-       unsigned int rx_handlers_drop_short;
-       unsigned int rx_handlers_drop_passive_scan;
-       unsigned int tx_expand_skb_head;
-       unsigned int tx_expand_skb_head_cloned;
-       unsigned int rx_expand_skb_head;
-       unsigned int rx_expand_skb_head2;
-       unsigned int rx_handlers_fragments;
-       unsigned int tx_status_drop;
-       unsigned int wme_rx_queue[NUM_RX_DATA_QUEUES];
-       unsigned int wme_tx_queue[NUM_RX_DATA_QUEUES];
-#define I802_DEBUG_INC(c) (c)++
-#else /* CONFIG_MAC80211_DEBUG_COUNTERS */
-#define I802_DEBUG_INC(c) do { } while (0)
-#endif /* CONFIG_MAC80211_DEBUG_COUNTERS */
-
-
-       int total_ps_buffered; /* total number of all buffered unicast and
-                               * multicast packets for power saving stations
-                               */
-       int wifi_wme_noack_test;
-       unsigned int wmm_acm; /* bit field of ACM bits (BIT(802.1D tag)) */
-
-       unsigned int enabled_modes; /* bitfield of allowed modes;
-                                     * (1 << MODE_*) */
-       unsigned int hw_modes; /* bitfield of supported hardware modes;
-                               * (1 << MODE_*) */
-
-#ifdef CONFIG_MAC80211_DEBUGFS
-       struct local_debugfsdentries {
-               struct dentry *channel;
-               struct dentry *frequency;
-               struct dentry *antenna_sel_tx;
-               struct dentry *antenna_sel_rx;
-               struct dentry *bridge_packets;
-               struct dentry *rts_threshold;
-               struct dentry *fragmentation_threshold;
-               struct dentry *short_retry_limit;
-               struct dentry *long_retry_limit;
-               struct dentry *total_ps_buffered;
-               struct dentry *mode;
-               struct dentry *wep_iv;
-               struct dentry *modes;
-               struct dentry *statistics;
-               struct local_debugfsdentries_statsdentries {
-                       struct dentry *transmitted_fragment_count;
-                       struct dentry *multicast_transmitted_frame_count;
-                       struct dentry *failed_count;
-                       struct dentry *retry_count;
-                       struct dentry *multiple_retry_count;
-                       struct dentry *frame_duplicate_count;
-                       struct dentry *received_fragment_count;
-                       struct dentry *multicast_received_frame_count;
-                       struct dentry *transmitted_frame_count;
-                       struct dentry *wep_undecryptable_count;
-                       struct dentry *num_scans;
-#ifdef CONFIG_MAC80211_DEBUG_COUNTERS
-                       struct dentry *tx_handlers_drop;
-                       struct dentry *tx_handlers_queued;
-                       struct dentry *tx_handlers_drop_unencrypted;
-                       struct dentry *tx_handlers_drop_fragment;
-                       struct dentry *tx_handlers_drop_wep;
-                       struct dentry *tx_handlers_drop_not_assoc;
-                       struct dentry *tx_handlers_drop_unauth_port;
-                       struct dentry *rx_handlers_drop;
-                       struct dentry *rx_handlers_queued;
-                       struct dentry *rx_handlers_drop_nullfunc;
-                       struct dentry *rx_handlers_drop_defrag;
-                       struct dentry *rx_handlers_drop_short;
-                       struct dentry *rx_handlers_drop_passive_scan;
-                       struct dentry *tx_expand_skb_head;
-                       struct dentry *tx_expand_skb_head_cloned;
-                       struct dentry *rx_expand_skb_head;
-                       struct dentry *rx_expand_skb_head2;
-                       struct dentry *rx_handlers_fragments;
-                       struct dentry *tx_status_drop;
-                       struct dentry *wme_tx_queue;
-                       struct dentry *wme_rx_queue;
-#endif
-                       struct dentry *dot11ACKFailureCount;
-                       struct dentry *dot11RTSFailureCount;
-                       struct dentry *dot11FCSErrorCount;
-                       struct dentry *dot11RTSSuccessCount;
-               } stats;
-               struct dentry *stations;
-               struct dentry *keys;
-       } debugfs;
-#endif
-};
-
-static inline struct ieee80211_local *hw_to_local(
-       struct ieee80211_hw *hw)
-{
-       return container_of(hw, struct ieee80211_local, hw);
-}
-
-static inline struct ieee80211_hw *local_to_hw(
-       struct ieee80211_local *local)
-{
-       return &local->hw;
-}
-
-enum ieee80211_link_state_t {
-       IEEE80211_LINK_STATE_XOFF = 0,
-       IEEE80211_LINK_STATE_PENDING,
-};
-
-struct sta_attribute {
-       struct attribute attr;
-       ssize_t (*show)(const struct sta_info *, char *buf);
-       ssize_t (*store)(struct sta_info *, const char *buf, size_t count);
-};
-
-static inline void __bss_tim_set(struct ieee80211_if_ap *bss, u16 aid)
-{
-       /*
-        * This format has been mandated by the IEEE specifications,
-        * so this line may not be changed to use the __set_bit() format.
-        */
-       bss->tim[aid / 8] |= (1 << (aid % 8));
-}
-
-static inline void bss_tim_set(struct ieee80211_local *local,
-                              struct ieee80211_if_ap *bss, u16 aid)
-{
-       read_lock_bh(&local->sta_lock);
-       __bss_tim_set(bss, aid);
-       read_unlock_bh(&local->sta_lock);
-}
-
-static inline void __bss_tim_clear(struct ieee80211_if_ap *bss, u16 aid)
-{
-       /*
-        * This format has been mandated by the IEEE specifications,
-        * so this line may not be changed to use the __clear_bit() format.
-        */
-       bss->tim[aid / 8] &= ~(1 << (aid % 8));
-}
-
-static inline void bss_tim_clear(struct ieee80211_local *local,
-                                struct ieee80211_if_ap *bss, u16 aid)
-{
-       read_lock_bh(&local->sta_lock);
-       __bss_tim_clear(bss, aid);
-       read_unlock_bh(&local->sta_lock);
-}
-
-/**
- * ieee80211_is_erp_rate - Check if a rate is an ERP rate
- * @phymode: The PHY-mode for this rate (MODE_IEEE80211...)
- * @rate: Transmission rate to check, in 100 kbps
- *
- * Check if a given rate is an Extended Rate PHY (ERP) rate.
- */
-static inline int ieee80211_is_erp_rate(int phymode, int rate)
-{
-       if (phymode == MODE_IEEE80211G) {
-               if (rate != 10 && rate != 20 &&
-                   rate != 55 && rate != 110)
-                       return 1;
-       }
-       return 0;
-}
-
-static inline int ieee80211_bssid_match(const u8 *raddr, const u8 *addr)
-{
-       return compare_ether_addr(raddr, addr) == 0 ||
-              is_broadcast_ether_addr(raddr);
-}
-
-
-/* ieee80211.c */
-int ieee80211_hw_config(struct ieee80211_local *local);
-int ieee80211_if_config(struct net_device *dev);
-int ieee80211_if_config_beacon(struct net_device *dev);
-void ieee80211_prepare_rates(struct ieee80211_local *local,
-                            struct ieee80211_hw_mode *mode);
-void ieee80211_tx_set_iswep(struct ieee80211_txrx_data *tx);
-int ieee80211_if_update_wds(struct net_device *dev, u8 *remote_addr);
-void ieee80211_if_setup(struct net_device *dev);
-struct ieee80211_rate *ieee80211_get_rate(struct ieee80211_local *local,
-                                         int phymode, int hwrate);
-
-/* ieee80211_ioctl.c */
-extern const struct iw_handler_def ieee80211_iw_handler_def;
-
-
-/* Least common multiple of the used rates (in 100 kbps). This is used to
- * calculate rate_inv values for each rate so that only integers are needed. */
-#define CHAN_UTIL_RATE_LCM 95040
-/* 1 usec is 1/8 * (95040/10) = 1188 */
-#define CHAN_UTIL_PER_USEC 1188
-/* Amount of bits to shift the result right to scale the total utilization
- * to values that will not wrap around 32-bit integers. */
-#define CHAN_UTIL_SHIFT 9
-/* Theoretical maximum of channel utilization counter in 10 ms (stat_time=1):
- * (CHAN_UTIL_PER_USEC * 10000) >> CHAN_UTIL_SHIFT = 23203. So dividing the
- * raw value with about 23 should give utilization in 10th of a percentage
- * (1/1000). However, utilization is only estimated and not all intervals
- * between frames etc. are calculated. 18 seems to give numbers that are closer
- * to the real maximum. */
-#define CHAN_UTIL_PER_10MS 18
-#define CHAN_UTIL_HDR_LONG (202 * CHAN_UTIL_PER_USEC)
-#define CHAN_UTIL_HDR_SHORT (40 * CHAN_UTIL_PER_USEC)
-
-
-/* ieee80211_ioctl.c */
-int ieee80211_set_compression(struct ieee80211_local *local,
-                             struct net_device *dev, struct sta_info *sta);
-int ieee80211_set_channel(struct ieee80211_local *local, int channel, int freq);
-/* ieee80211_sta.c */
-void ieee80211_sta_timer(unsigned long data);
-void ieee80211_sta_work(struct work_struct *work);
-void ieee80211_sta_scan_work(struct work_struct *work);
-void ieee80211_sta_rx_mgmt(struct net_device *dev, struct sk_buff *skb,
-                          struct ieee80211_rx_status *rx_status);
-int ieee80211_sta_set_ssid(struct net_device *dev, char *ssid, size_t len);
-int ieee80211_sta_get_ssid(struct net_device *dev, char *ssid, size_t *len);
-int ieee80211_sta_set_bssid(struct net_device *dev, u8 *bssid);
-int ieee80211_sta_req_scan(struct net_device *dev, u8 *ssid, size_t ssid_len);
-void ieee80211_sta_req_auth(struct net_device *dev,
-                           struct ieee80211_if_sta *ifsta);
-int ieee80211_sta_scan_results(struct net_device *dev, char *buf, size_t len);
-void ieee80211_sta_rx_scan(struct net_device *dev, struct sk_buff *skb,
-                          struct ieee80211_rx_status *rx_status);
-void ieee80211_rx_bss_list_init(struct net_device *dev);
-void ieee80211_rx_bss_list_deinit(struct net_device *dev);
-int ieee80211_sta_set_extra_ie(struct net_device *dev, char *ie, size_t len);
-struct sta_info * ieee80211_ibss_add_sta(struct net_device *dev,
-                                        struct sk_buff *skb, u8 *bssid,
-                                        u8 *addr);
-int ieee80211_sta_deauthenticate(struct net_device *dev, u16 reason);
-int ieee80211_sta_disassociate(struct net_device *dev, u16 reason);
-void ieee80211_erp_info_change_notify(struct net_device *dev, u8 changes);
-void ieee80211_reset_erp_info(struct net_device *dev);
-
-/* ieee80211_iface.c */
-int ieee80211_if_add(struct net_device *dev, const char *name,
-                    struct net_device **new_dev, int type);
-void ieee80211_if_set_type(struct net_device *dev, int type);
-void ieee80211_if_reinit(struct net_device *dev);
-void __ieee80211_if_del(struct ieee80211_local *local,
-                       struct ieee80211_sub_if_data *sdata);
-int ieee80211_if_remove(struct net_device *dev, const char *name, int id);
-void ieee80211_if_free(struct net_device *dev);
-void ieee80211_if_sdata_init(struct ieee80211_sub_if_data *sdata);
-
-/* regdomain.c */
-void ieee80211_regdomain_init(void);
-void ieee80211_set_default_regdomain(struct ieee80211_hw_mode *mode);
-
-/* rx handling */
-extern ieee80211_rx_handler ieee80211_rx_pre_handlers[];
-extern ieee80211_rx_handler ieee80211_rx_handlers[];
-
-/* tx handling */
-extern ieee80211_tx_handler ieee80211_tx_handlers[];
-void ieee80211_clear_tx_pending(struct ieee80211_local *local);
-void ieee80211_tx_pending(unsigned long data);
-int ieee80211_master_start_xmit(struct sk_buff *skb, struct net_device *dev);
-int ieee80211_monitor_start_xmit(struct sk_buff *skb, struct net_device *dev);
-int ieee80211_subif_start_xmit(struct sk_buff *skb, struct net_device *dev);
-
-/* utility functions/constants */
-extern void *mac80211_wiphy_privid; /* for wiphy privid */
-extern const unsigned char rfc1042_header[6];
-extern const unsigned char bridge_tunnel_header[6];
-u8 *ieee80211_get_bssid(struct ieee80211_hdr *hdr, size_t len);
-int ieee80211_is_eapol(const struct sk_buff *skb);
-int ieee80211_frame_duration(struct ieee80211_local *local, size_t len,
-                            int rate, int erp, int short_preamble);
-void mac80211_ev_michael_mic_failure(struct net_device *dev, int keyidx,
-                                    struct ieee80211_hdr *hdr);
-
-#endif /* IEEE80211_I_H */
 
+++ /dev/null
-/*
- * Copyright 2002-2005, Instant802 Networks, Inc.
- * Copyright 2005-2006, Devicescape Software, Inc.
- * Copyright (c) 2006 Jiri Benc <jbenc@suse.cz>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-#include <linux/kernel.h>
-#include <linux/if_arp.h>
-#include <linux/netdevice.h>
-#include <linux/rtnetlink.h>
-#include <net/mac80211.h>
-#include "ieee80211_i.h"
-#include "sta_info.h"
-#include "debugfs_netdev.h"
-
-void ieee80211_if_sdata_init(struct ieee80211_sub_if_data *sdata)
-{
-       int i;
-
-       /* Default values for sub-interface parameters */
-       sdata->drop_unencrypted = 0;
-       sdata->eapol = 1;
-       for (i = 0; i < IEEE80211_FRAGMENT_MAX; i++)
-               skb_queue_head_init(&sdata->fragments[i].skb_list);
-
-       INIT_LIST_HEAD(&sdata->key_list);
-}
-
-static void ieee80211_if_sdata_deinit(struct ieee80211_sub_if_data *sdata)
-{
-       int i;
-
-       for (i = 0; i < IEEE80211_FRAGMENT_MAX; i++) {
-               __skb_queue_purge(&sdata->fragments[i].skb_list);
-       }
-}
-
-/* Must be called with rtnl lock held. */
-int ieee80211_if_add(struct net_device *dev, const char *name,
-                    struct net_device **new_dev, int type)
-{
-       struct net_device *ndev;
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct ieee80211_sub_if_data *sdata = NULL;
-       int ret;
-
-       ASSERT_RTNL();
-       ndev = alloc_netdev(sizeof(struct ieee80211_sub_if_data),
-                           name, ieee80211_if_setup);
-       if (!ndev)
-               return -ENOMEM;
-
-       ret = dev_alloc_name(ndev, ndev->name);
-       if (ret < 0)
-               goto fail;
-
-       memcpy(ndev->dev_addr, local->hw.wiphy->perm_addr, ETH_ALEN);
-       ndev->base_addr = dev->base_addr;
-       ndev->irq = dev->irq;
-       ndev->mem_start = dev->mem_start;
-       ndev->mem_end = dev->mem_end;
-       SET_NETDEV_DEV(ndev, wiphy_dev(local->hw.wiphy));
-
-       sdata = IEEE80211_DEV_TO_SUB_IF(ndev);
-       ndev->ieee80211_ptr = &sdata->wdev;
-       sdata->wdev.wiphy = local->hw.wiphy;
-       sdata->type = IEEE80211_IF_TYPE_AP;
-       sdata->dev = ndev;
-       sdata->local = local;
-       ieee80211_if_sdata_init(sdata);
-
-       ret = register_netdevice(ndev);
-       if (ret)
-               goto fail;
-
-       ieee80211_debugfs_add_netdev(sdata);
-       ieee80211_if_set_type(ndev, type);
-
-       /* we're under RTNL so all this is fine */
-       if (unlikely(local->reg_state == IEEE80211_DEV_UNREGISTERED)) {
-               __ieee80211_if_del(local, sdata);
-               return -ENODEV;
-       }
-       list_add_tail_rcu(&sdata->list, &local->interfaces);
-
-       if (new_dev)
-               *new_dev = ndev;
-
-       return 0;
-
-fail:
-       free_netdev(ndev);
-       return ret;
-}
-
-void ieee80211_if_set_type(struct net_device *dev, int type)
-{
-       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-       int oldtype = sdata->type;
-
-       /*
-        * We need to call this function on the master interface
-        * which already has a hard_start_xmit routine assigned
-        * which must not be changed.
-        */
-       if (dev != sdata->local->mdev)
-               dev->hard_start_xmit = ieee80211_subif_start_xmit;
-
-       /*
-        * Called even when register_netdevice fails, it would
-        * oops if assigned before initialising the rest.
-        */
-       dev->uninit = ieee80211_if_reinit;
-
-       /* most have no BSS pointer */
-       sdata->bss = NULL;
-       sdata->type = type;
-
-       switch (type) {
-       case IEEE80211_IF_TYPE_WDS:
-               /* nothing special */
-               break;
-       case IEEE80211_IF_TYPE_VLAN:
-               sdata->u.vlan.ap = NULL;
-               break;
-       case IEEE80211_IF_TYPE_AP:
-               sdata->u.ap.dtim_period = 2;
-               sdata->u.ap.force_unicast_rateidx = -1;
-               sdata->u.ap.max_ratectrl_rateidx = -1;
-               skb_queue_head_init(&sdata->u.ap.ps_bc_buf);
-               sdata->bss = &sdata->u.ap;
-               INIT_LIST_HEAD(&sdata->u.ap.vlans);
-               break;
-       case IEEE80211_IF_TYPE_STA:
-       case IEEE80211_IF_TYPE_IBSS: {
-               struct ieee80211_sub_if_data *msdata;
-               struct ieee80211_if_sta *ifsta;
-
-               ifsta = &sdata->u.sta;
-               INIT_WORK(&ifsta->work, ieee80211_sta_work);
-               setup_timer(&ifsta->timer, ieee80211_sta_timer,
-                           (unsigned long) sdata);
-               skb_queue_head_init(&ifsta->skb_queue);
-
-               ifsta->capab = WLAN_CAPABILITY_ESS;
-               ifsta->auth_algs = IEEE80211_AUTH_ALG_OPEN |
-                       IEEE80211_AUTH_ALG_SHARED_KEY;
-               ifsta->flags |= IEEE80211_STA_CREATE_IBSS |
-                       IEEE80211_STA_WMM_ENABLED |
-                       IEEE80211_STA_AUTO_BSSID_SEL |
-                       IEEE80211_STA_AUTO_CHANNEL_SEL;
-
-               msdata = IEEE80211_DEV_TO_SUB_IF(sdata->local->mdev);
-               sdata->bss = &msdata->u.ap;
-               break;
-       }
-       case IEEE80211_IF_TYPE_MNTR:
-               dev->type = ARPHRD_IEEE80211_RADIOTAP;
-               dev->hard_start_xmit = ieee80211_monitor_start_xmit;
-               break;
-       default:
-               printk(KERN_WARNING "%s: %s: Unknown interface type 0x%x",
-                      dev->name, __FUNCTION__, type);
-       }
-       ieee80211_debugfs_change_if_type(sdata, oldtype);
-}
-
-/* Must be called with rtnl lock held. */
-void ieee80211_if_reinit(struct net_device *dev)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-       struct sta_info *sta;
-       struct sk_buff *skb;
-
-       ASSERT_RTNL();
-
-       ieee80211_free_keys(sdata);
-
-       ieee80211_if_sdata_deinit(sdata);
-
-       switch (sdata->type) {
-       case IEEE80211_IF_TYPE_INVALID:
-               /* cannot happen */
-               WARN_ON(1);
-               break;
-       case IEEE80211_IF_TYPE_AP: {
-               /* Remove all virtual interfaces that use this BSS
-                * as their sdata->bss */
-               struct ieee80211_sub_if_data *tsdata, *n;
-
-               list_for_each_entry_safe(tsdata, n, &local->interfaces, list) {
-                       if (tsdata != sdata && tsdata->bss == &sdata->u.ap) {
-                               printk(KERN_DEBUG "%s: removing virtual "
-                                      "interface %s because its BSS interface"
-                                      " is being removed\n",
-                                      sdata->dev->name, tsdata->dev->name);
-                               list_del_rcu(&tsdata->list);
-                               /*
-                                * We have lots of time and can afford
-                                * to sync for each interface
-                                */
-                               synchronize_rcu();
-                               __ieee80211_if_del(local, tsdata);
-                       }
-               }
-
-               kfree(sdata->u.ap.beacon_head);
-               kfree(sdata->u.ap.beacon_tail);
-
-               while ((skb = skb_dequeue(&sdata->u.ap.ps_bc_buf))) {
-                       local->total_ps_buffered--;
-                       dev_kfree_skb(skb);
-               }
-
-               break;
-       }
-       case IEEE80211_IF_TYPE_WDS:
-               sta = sta_info_get(local, sdata->u.wds.remote_addr);
-               if (sta) {
-                       sta_info_free(sta);
-                       sta_info_put(sta);
-               } else {
-#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
-                       printk(KERN_DEBUG "%s: Someone had deleted my STA "
-                              "entry for the WDS link\n", dev->name);
-#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
-               }
-               break;
-       case IEEE80211_IF_TYPE_STA:
-       case IEEE80211_IF_TYPE_IBSS:
-               kfree(sdata->u.sta.extra_ie);
-               sdata->u.sta.extra_ie = NULL;
-               kfree(sdata->u.sta.assocreq_ies);
-               sdata->u.sta.assocreq_ies = NULL;
-               kfree(sdata->u.sta.assocresp_ies);
-               sdata->u.sta.assocresp_ies = NULL;
-               if (sdata->u.sta.probe_resp) {
-                       dev_kfree_skb(sdata->u.sta.probe_resp);
-                       sdata->u.sta.probe_resp = NULL;
-               }
-
-               break;
-       case IEEE80211_IF_TYPE_MNTR:
-               dev->type = ARPHRD_ETHER;
-               break;
-       case IEEE80211_IF_TYPE_VLAN:
-               sdata->u.vlan.ap = NULL;
-               break;
-       }
-
-       /* remove all STAs that are bound to this virtual interface */
-       sta_info_flush(local, dev);
-
-       memset(&sdata->u, 0, sizeof(sdata->u));
-       ieee80211_if_sdata_init(sdata);
-}
-
-/* Must be called with rtnl lock held. */
-void __ieee80211_if_del(struct ieee80211_local *local,
-                       struct ieee80211_sub_if_data *sdata)
-{
-       struct net_device *dev = sdata->dev;
-
-       ieee80211_debugfs_remove_netdev(sdata);
-       unregister_netdevice(dev);
-       /* Except master interface, the net_device will be freed by
-        * net_device->destructor (i. e. ieee80211_if_free). */
-}
-
-/* Must be called with rtnl lock held. */
-int ieee80211_if_remove(struct net_device *dev, const char *name, int id)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct ieee80211_sub_if_data *sdata, *n;
-
-       ASSERT_RTNL();
-
-       list_for_each_entry_safe(sdata, n, &local->interfaces, list) {
-               if ((sdata->type == id || id == -1) &&
-                   strcmp(name, sdata->dev->name) == 0 &&
-                   sdata->dev != local->mdev) {
-                       list_del_rcu(&sdata->list);
-                       synchronize_rcu();
-                       __ieee80211_if_del(local, sdata);
-                       return 0;
-               }
-       }
-       return -ENODEV;
-}
-
-void ieee80211_if_free(struct net_device *dev)
-{
-       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-
-       ieee80211_if_sdata_deinit(sdata);
-       free_netdev(dev);
-}
 
+++ /dev/null
-/*
- * Copyright 2002-2005, Instant802 Networks, Inc.
- * Copyright 2005-2006, Devicescape Software, Inc.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-#include <linux/module.h>
-#include <linux/init.h>
-#include <linux/netdevice.h>
-#include <linux/types.h>
-#include <linux/slab.h>
-#include <linux/skbuff.h>
-#include <linux/etherdevice.h>
-#include <linux/if_arp.h>
-#include <linux/wireless.h>
-#include <net/iw_handler.h>
-#include <asm/uaccess.h>
-
-#include <net/mac80211.h>
-#include "ieee80211_i.h"
-#include "ieee80211_rate.h"
-#include "wpa.h"
-#include "aes_ccm.h"
-
-
-static int ieee80211_set_encryption(struct net_device *dev, u8 *sta_addr,
-                                   int idx, int alg, int remove,
-                                   int set_tx_key, const u8 *_key,
-                                   size_t key_len)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       int ret = 0;
-       struct sta_info *sta;
-       struct ieee80211_key *key;
-       struct ieee80211_sub_if_data *sdata;
-
-       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-
-       if (idx < 0 || idx >= NUM_DEFAULT_KEYS) {
-               printk(KERN_DEBUG "%s: set_encrypt - invalid idx=%d\n",
-                      dev->name, idx);
-               return -EINVAL;
-       }
-
-       if (is_broadcast_ether_addr(sta_addr)) {
-               sta = NULL;
-               key = sdata->keys[idx];
-       } else {
-               set_tx_key = 0;
-               /*
-                * According to the standard, the key index of a pairwise
-                * key must be zero. However, some AP are broken when it
-                * comes to WEP key indices, so we work around this.
-                */
-               if (idx != 0 && alg != ALG_WEP) {
-                       printk(KERN_DEBUG "%s: set_encrypt - non-zero idx for "
-                              "individual key\n", dev->name);
-                       return -EINVAL;
-               }
-
-               sta = sta_info_get(local, sta_addr);
-               if (!sta) {
-#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
-                       printk(KERN_DEBUG "%s: set_encrypt - unknown addr "
-                              MAC_FMT "\n",
-                              dev->name, MAC_ARG(sta_addr));
-#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
-
-                       return -ENOENT;
-               }
-
-               key = sta->key;
-       }
-
-       if (remove) {
-               ieee80211_key_free(key);
-               key = NULL;
-       } else {
-               /*
-                * Automatically frees any old key if present.
-                */
-               key = ieee80211_key_alloc(sdata, sta, alg, idx, key_len, _key);
-               if (!key) {
-                       ret = -ENOMEM;
-                       goto err_out;
-               }
-       }
-
-       if (set_tx_key || (!sta && !sdata->default_key && key))
-               ieee80211_set_default_key(sdata, idx);
-
-       ret = 0;
- err_out:
-       if (sta)
-               sta_info_put(sta);
-       return ret;
-}
-
-static int ieee80211_ioctl_siwgenie(struct net_device *dev,
-                                   struct iw_request_info *info,
-                                   struct iw_point *data, char *extra)
-{
-       struct ieee80211_sub_if_data *sdata;
-
-       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-
-       if (sdata->flags & IEEE80211_SDATA_USERSPACE_MLME)
-               return -EOPNOTSUPP;
-
-       if (sdata->type == IEEE80211_IF_TYPE_STA ||
-           sdata->type == IEEE80211_IF_TYPE_IBSS) {
-               int ret = ieee80211_sta_set_extra_ie(dev, extra, data->length);
-               if (ret)
-                       return ret;
-               sdata->u.sta.flags &= ~IEEE80211_STA_AUTO_BSSID_SEL;
-               ieee80211_sta_req_auth(dev, &sdata->u.sta);
-               return 0;
-       }
-
-       return -EOPNOTSUPP;
-}
-
-static int ieee80211_ioctl_giwname(struct net_device *dev,
-                                  struct iw_request_info *info,
-                                  char *name, char *extra)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-
-       switch (local->hw.conf.phymode) {
-       case MODE_IEEE80211A:
-               strcpy(name, "IEEE 802.11a");
-               break;
-       case MODE_IEEE80211B:
-               strcpy(name, "IEEE 802.11b");
-               break;
-       case MODE_IEEE80211G:
-               strcpy(name, "IEEE 802.11g");
-               break;
-       default:
-               strcpy(name, "IEEE 802.11");
-               break;
-       }
-
-       return 0;
-}
-
-
-static int ieee80211_ioctl_giwrange(struct net_device *dev,
-                                struct iw_request_info *info,
-                                struct iw_point *data, char *extra)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct iw_range *range = (struct iw_range *) extra;
-       struct ieee80211_hw_mode *mode = NULL;
-       int c = 0;
-
-       data->length = sizeof(struct iw_range);
-       memset(range, 0, sizeof(struct iw_range));
-
-       range->we_version_compiled = WIRELESS_EXT;
-       range->we_version_source = 21;
-       range->retry_capa = IW_RETRY_LIMIT;
-       range->retry_flags = IW_RETRY_LIMIT;
-       range->min_retry = 0;
-       range->max_retry = 255;
-       range->min_rts = 0;
-       range->max_rts = 2347;
-       range->min_frag = 256;
-       range->max_frag = 2346;
-
-       range->encoding_size[0] = 5;
-       range->encoding_size[1] = 13;
-       range->num_encoding_sizes = 2;
-       range->max_encoding_tokens = NUM_DEFAULT_KEYS;
-
-       range->max_qual.qual = local->hw.max_signal;
-       range->max_qual.level = local->hw.max_rssi;
-       range->max_qual.noise = local->hw.max_noise;
-       range->max_qual.updated = local->wstats_flags;
-
-       range->avg_qual.qual = local->hw.max_signal/2;
-       range->avg_qual.level = 0;
-       range->avg_qual.noise = 0;
-       range->avg_qual.updated = local->wstats_flags;
-
-       range->enc_capa = IW_ENC_CAPA_WPA | IW_ENC_CAPA_WPA2 |
-                         IW_ENC_CAPA_CIPHER_TKIP | IW_ENC_CAPA_CIPHER_CCMP;
-
-       list_for_each_entry(mode, &local->modes_list, list) {
-               int i = 0;
-
-               if (!(local->enabled_modes & (1 << mode->mode)) ||
-                   (local->hw_modes & local->enabled_modes &
-                    (1 << MODE_IEEE80211G) && mode->mode == MODE_IEEE80211B))
-                       continue;
-
-               while (i < mode->num_channels && c < IW_MAX_FREQUENCIES) {
-                       struct ieee80211_channel *chan = &mode->channels[i];
-
-                       if (chan->flag & IEEE80211_CHAN_W_SCAN) {
-                               range->freq[c].i = chan->chan;
-                               range->freq[c].m = chan->freq * 100000;
-                               range->freq[c].e = 1;
-                               c++;
-                       }
-                       i++;
-               }
-       }
-       range->num_channels = c;
-       range->num_frequency = c;
-
-       IW_EVENT_CAPA_SET_KERNEL(range->event_capa);
-       IW_EVENT_CAPA_SET(range->event_capa, SIOCGIWTHRSPY);
-       IW_EVENT_CAPA_SET(range->event_capa, SIOCGIWAP);
-       IW_EVENT_CAPA_SET(range->event_capa, SIOCGIWSCAN);
-
-       return 0;
-}
-
-
-static int ieee80211_ioctl_siwmode(struct net_device *dev,
-                                  struct iw_request_info *info,
-                                  __u32 *mode, char *extra)
-{
-       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-       int type;
-
-       if (sdata->type == IEEE80211_IF_TYPE_VLAN)
-               return -EOPNOTSUPP;
-
-       switch (*mode) {
-       case IW_MODE_INFRA:
-               type = IEEE80211_IF_TYPE_STA;
-               break;
-       case IW_MODE_ADHOC:
-               type = IEEE80211_IF_TYPE_IBSS;
-               break;
-       case IW_MODE_MONITOR:
-               type = IEEE80211_IF_TYPE_MNTR;
-               break;
-       default:
-               return -EINVAL;
-       }
-
-       if (type == sdata->type)
-               return 0;
-       if (netif_running(dev))
-               return -EBUSY;
-
-       ieee80211_if_reinit(dev);
-       ieee80211_if_set_type(dev, type);
-
-       return 0;
-}
-
-
-static int ieee80211_ioctl_giwmode(struct net_device *dev,
-                                  struct iw_request_info *info,
-                                  __u32 *mode, char *extra)
-{
-       struct ieee80211_sub_if_data *sdata;
-
-       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-       switch (sdata->type) {
-       case IEEE80211_IF_TYPE_AP:
-               *mode = IW_MODE_MASTER;
-               break;
-       case IEEE80211_IF_TYPE_STA:
-               *mode = IW_MODE_INFRA;
-               break;
-       case IEEE80211_IF_TYPE_IBSS:
-               *mode = IW_MODE_ADHOC;
-               break;
-       case IEEE80211_IF_TYPE_MNTR:
-               *mode = IW_MODE_MONITOR;
-               break;
-       case IEEE80211_IF_TYPE_WDS:
-               *mode = IW_MODE_REPEAT;
-               break;
-       case IEEE80211_IF_TYPE_VLAN:
-               *mode = IW_MODE_SECOND;         /* FIXME */
-               break;
-       default:
-               *mode = IW_MODE_AUTO;
-               break;
-       }
-       return 0;
-}
-
-int ieee80211_set_channel(struct ieee80211_local *local, int channel, int freq)
-{
-       struct ieee80211_hw_mode *mode;
-       int c, set = 0;
-       int ret = -EINVAL;
-
-       list_for_each_entry(mode, &local->modes_list, list) {
-               if (!(local->enabled_modes & (1 << mode->mode)))
-                       continue;
-               for (c = 0; c < mode->num_channels; c++) {
-                       struct ieee80211_channel *chan = &mode->channels[c];
-                       if (chan->flag & IEEE80211_CHAN_W_SCAN &&
-                           ((chan->chan == channel) || (chan->freq == freq))) {
-                               local->oper_channel = chan;
-                               local->oper_hw_mode = mode;
-                               set++;
-                       }
-               }
-       }
-
-       if (set) {
-               if (local->sta_scanning)
-                       ret = 0;
-               else
-                       ret = ieee80211_hw_config(local);
-
-               rate_control_clear(local);
-       }
-
-       return ret;
-}
-
-static int ieee80211_ioctl_siwfreq(struct net_device *dev,
-                                  struct iw_request_info *info,
-                                  struct iw_freq *freq, char *extra)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-
-       if (sdata->type == IEEE80211_IF_TYPE_STA)
-               sdata->u.sta.flags &= ~IEEE80211_STA_AUTO_CHANNEL_SEL;
-
-       /* freq->e == 0: freq->m = channel; otherwise freq = m * 10^e */
-       if (freq->e == 0) {
-               if (freq->m < 0) {
-                       if (sdata->type == IEEE80211_IF_TYPE_STA)
-                               sdata->u.sta.flags |=
-                                       IEEE80211_STA_AUTO_CHANNEL_SEL;
-                       return 0;
-               } else
-                       return ieee80211_set_channel(local, freq->m, -1);
-       } else {
-               int i, div = 1000000;
-               for (i = 0; i < freq->e; i++)
-                       div /= 10;
-               if (div > 0)
-                       return ieee80211_set_channel(local, -1, freq->m / div);
-               else
-                       return -EINVAL;
-       }
-}
-
-
-static int ieee80211_ioctl_giwfreq(struct net_device *dev,
-                                  struct iw_request_info *info,
-                                  struct iw_freq *freq, char *extra)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-
-       /* TODO: in station mode (Managed/Ad-hoc) might need to poll low-level
-        * driver for the current channel with firmware-based management */
-
-       freq->m = local->hw.conf.freq;
-       freq->e = 6;
-
-       return 0;
-}
-
-
-static int ieee80211_ioctl_siwessid(struct net_device *dev,
-                                   struct iw_request_info *info,
-                                   struct iw_point *data, char *ssid)
-{
-       struct ieee80211_sub_if_data *sdata;
-       size_t len = data->length;
-
-       /* iwconfig uses nul termination in SSID.. */
-       if (len > 0 && ssid[len - 1] == '\0')
-               len--;
-
-       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-       if (sdata->type == IEEE80211_IF_TYPE_STA ||
-           sdata->type == IEEE80211_IF_TYPE_IBSS) {
-               int ret;
-               if (sdata->flags & IEEE80211_SDATA_USERSPACE_MLME) {
-                       if (len > IEEE80211_MAX_SSID_LEN)
-                               return -EINVAL;
-                       memcpy(sdata->u.sta.ssid, ssid, len);
-                       sdata->u.sta.ssid_len = len;
-                       return 0;
-               }
-               if (data->flags)
-                       sdata->u.sta.flags &= ~IEEE80211_STA_AUTO_SSID_SEL;
-               else
-                       sdata->u.sta.flags |= IEEE80211_STA_AUTO_SSID_SEL;
-               ret = ieee80211_sta_set_ssid(dev, ssid, len);
-               if (ret)
-                       return ret;
-               ieee80211_sta_req_auth(dev, &sdata->u.sta);
-               return 0;
-       }
-
-       if (sdata->type == IEEE80211_IF_TYPE_AP) {
-               memcpy(sdata->u.ap.ssid, ssid, len);
-               memset(sdata->u.ap.ssid + len, 0,
-                      IEEE80211_MAX_SSID_LEN - len);
-               sdata->u.ap.ssid_len = len;
-               return ieee80211_if_config(dev);
-       }
-       return -EOPNOTSUPP;
-}
-
-
-static int ieee80211_ioctl_giwessid(struct net_device *dev,
-                                   struct iw_request_info *info,
-                                   struct iw_point *data, char *ssid)
-{
-       size_t len;
-
-       struct ieee80211_sub_if_data *sdata;
-       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-       if (sdata->type == IEEE80211_IF_TYPE_STA ||
-           sdata->type == IEEE80211_IF_TYPE_IBSS) {
-               int res = ieee80211_sta_get_ssid(dev, ssid, &len);
-               if (res == 0) {
-                       data->length = len;
-                       data->flags = 1;
-               } else
-                       data->flags = 0;
-               return res;
-       }
-
-       if (sdata->type == IEEE80211_IF_TYPE_AP) {
-               len = sdata->u.ap.ssid_len;
-               if (len > IW_ESSID_MAX_SIZE)
-                       len = IW_ESSID_MAX_SIZE;
-               memcpy(ssid, sdata->u.ap.ssid, len);
-               data->length = len;
-               data->flags = 1;
-               return 0;
-       }
-       return -EOPNOTSUPP;
-}
-
-
-static int ieee80211_ioctl_siwap(struct net_device *dev,
-                                struct iw_request_info *info,
-                                struct sockaddr *ap_addr, char *extra)
-{
-       struct ieee80211_sub_if_data *sdata;
-
-       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-       if (sdata->type == IEEE80211_IF_TYPE_STA ||
-           sdata->type == IEEE80211_IF_TYPE_IBSS) {
-               int ret;
-               if (sdata->flags & IEEE80211_SDATA_USERSPACE_MLME) {
-                       memcpy(sdata->u.sta.bssid, (u8 *) &ap_addr->sa_data,
-                              ETH_ALEN);
-                       return 0;
-               }
-               if (is_zero_ether_addr((u8 *) &ap_addr->sa_data))
-                       sdata->u.sta.flags |= IEEE80211_STA_AUTO_BSSID_SEL |
-                               IEEE80211_STA_AUTO_CHANNEL_SEL;
-               else if (is_broadcast_ether_addr((u8 *) &ap_addr->sa_data))
-                       sdata->u.sta.flags |= IEEE80211_STA_AUTO_BSSID_SEL;
-               else
-                       sdata->u.sta.flags &= ~IEEE80211_STA_AUTO_BSSID_SEL;
-               ret = ieee80211_sta_set_bssid(dev, (u8 *) &ap_addr->sa_data);
-               if (ret)
-                       return ret;
-               ieee80211_sta_req_auth(dev, &sdata->u.sta);
-               return 0;
-       } else if (sdata->type == IEEE80211_IF_TYPE_WDS) {
-               if (memcmp(sdata->u.wds.remote_addr, (u8 *) &ap_addr->sa_data,
-                          ETH_ALEN) == 0)
-                       return 0;
-               return ieee80211_if_update_wds(dev, (u8 *) &ap_addr->sa_data);
-       }
-
-       return -EOPNOTSUPP;
-}
-
-
-static int ieee80211_ioctl_giwap(struct net_device *dev,
-                                struct iw_request_info *info,
-                                struct sockaddr *ap_addr, char *extra)
-{
-       struct ieee80211_sub_if_data *sdata;
-
-       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-       if (sdata->type == IEEE80211_IF_TYPE_STA ||
-           sdata->type == IEEE80211_IF_TYPE_IBSS) {
-               ap_addr->sa_family = ARPHRD_ETHER;
-               memcpy(&ap_addr->sa_data, sdata->u.sta.bssid, ETH_ALEN);
-               return 0;
-       } else if (sdata->type == IEEE80211_IF_TYPE_WDS) {
-               ap_addr->sa_family = ARPHRD_ETHER;
-               memcpy(&ap_addr->sa_data, sdata->u.wds.remote_addr, ETH_ALEN);
-               return 0;
-       }
-
-       return -EOPNOTSUPP;
-}
-
-
-static int ieee80211_ioctl_siwscan(struct net_device *dev,
-                                  struct iw_request_info *info,
-                                  struct iw_point *data, char *extra)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-       u8 *ssid = NULL;
-       size_t ssid_len = 0;
-
-       if (!netif_running(dev))
-               return -ENETDOWN;
-
-       switch (sdata->type) {
-       case IEEE80211_IF_TYPE_STA:
-       case IEEE80211_IF_TYPE_IBSS:
-               if (local->scan_flags & IEEE80211_SCAN_MATCH_SSID) {
-                       ssid = sdata->u.sta.ssid;
-                       ssid_len = sdata->u.sta.ssid_len;
-               }
-               break;
-       case IEEE80211_IF_TYPE_AP:
-               if (local->scan_flags & IEEE80211_SCAN_MATCH_SSID) {
-                       ssid = sdata->u.ap.ssid;
-                       ssid_len = sdata->u.ap.ssid_len;
-               }
-               break;
-       default:
-               return -EOPNOTSUPP;
-       }
-
-       return ieee80211_sta_req_scan(dev, ssid, ssid_len);
-}
-
-
-static int ieee80211_ioctl_giwscan(struct net_device *dev,
-                                  struct iw_request_info *info,
-                                  struct iw_point *data, char *extra)
-{
-       int res;
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       if (local->sta_scanning)
-               return -EAGAIN;
-       res = ieee80211_sta_scan_results(dev, extra, data->length);
-       if (res >= 0) {
-               data->length = res;
-               return 0;
-       }
-       data->length = 0;
-       return res;
-}
-
-
-static int ieee80211_ioctl_siwrate(struct net_device *dev,
-                                 struct iw_request_info *info,
-                                 struct iw_param *rate, char *extra)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct ieee80211_hw_mode *mode;
-       int i;
-       u32 target_rate = rate->value / 100000;
-       struct ieee80211_sub_if_data *sdata;
-
-       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-       if (!sdata->bss)
-               return -ENODEV;
-       mode = local->oper_hw_mode;
-       /* target_rate = -1, rate->fixed = 0 means auto only, so use all rates
-        * target_rate = X, rate->fixed = 1 means only rate X
-        * target_rate = X, rate->fixed = 0 means all rates <= X */
-       sdata->bss->max_ratectrl_rateidx = -1;
-       sdata->bss->force_unicast_rateidx = -1;
-       if (rate->value < 0)
-               return 0;
-       for (i=0; i< mode->num_rates; i++) {
-               struct ieee80211_rate *rates = &mode->rates[i];
-               int this_rate = rates->rate;
-
-               if (target_rate == this_rate) {
-                       sdata->bss->max_ratectrl_rateidx = i;
-                       if (rate->fixed)
-                               sdata->bss->force_unicast_rateidx = i;
-                       break;
-               }
-       }
-       return 0;
-}
-
-static int ieee80211_ioctl_giwrate(struct net_device *dev,
-                                 struct iw_request_info *info,
-                                 struct iw_param *rate, char *extra)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct sta_info *sta;
-       struct ieee80211_sub_if_data *sdata;
-
-       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-       if (sdata->type == IEEE80211_IF_TYPE_STA)
-               sta = sta_info_get(local, sdata->u.sta.bssid);
-       else
-               return -EOPNOTSUPP;
-       if (!sta)
-               return -ENODEV;
-       if (sta->txrate < local->oper_hw_mode->num_rates)
-               rate->value = local->oper_hw_mode->rates[sta->txrate].rate * 100000;
-       else
-               rate->value = 0;
-       sta_info_put(sta);
-       return 0;
-}
-
-static int ieee80211_ioctl_siwtxpower(struct net_device *dev,
-                                     struct iw_request_info *info,
-                                     union iwreq_data *data, char *extra)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       bool need_reconfig = 0;
-
-       if ((data->txpower.flags & IW_TXPOW_TYPE) != IW_TXPOW_DBM)
-               return -EINVAL;
-       if (data->txpower.flags & IW_TXPOW_RANGE)
-               return -EINVAL;
-       if (!data->txpower.fixed)
-               return -EINVAL;
-
-       if (local->hw.conf.power_level != data->txpower.value) {
-               local->hw.conf.power_level = data->txpower.value;
-               need_reconfig = 1;
-       }
-       if (local->hw.conf.radio_enabled != !(data->txpower.disabled)) {
-               local->hw.conf.radio_enabled = !(data->txpower.disabled);
-               need_reconfig = 1;
-       }
-       if (need_reconfig) {
-               ieee80211_hw_config(local);
-               /* The return value of hw_config is not of big interest here,
-                * as it doesn't say that it failed because of _this_ config
-                * change or something else. Ignore it. */
-       }
-
-       return 0;
-}
-
-static int ieee80211_ioctl_giwtxpower(struct net_device *dev,
-                                  struct iw_request_info *info,
-                                  union iwreq_data *data, char *extra)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-
-       data->txpower.fixed = 1;
-       data->txpower.disabled = !(local->hw.conf.radio_enabled);
-       data->txpower.value = local->hw.conf.power_level;
-       data->txpower.flags = IW_TXPOW_DBM;
-
-       return 0;
-}
-
-static int ieee80211_ioctl_siwrts(struct net_device *dev,
-                                 struct iw_request_info *info,
-                                 struct iw_param *rts, char *extra)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-
-       if (rts->disabled)
-               local->rts_threshold = IEEE80211_MAX_RTS_THRESHOLD;
-       else if (rts->value < 0 || rts->value > IEEE80211_MAX_RTS_THRESHOLD)
-               return -EINVAL;
-       else
-               local->rts_threshold = rts->value;
-
-       /* If the wlan card performs RTS/CTS in hardware/firmware,
-        * configure it here */
-
-       if (local->ops->set_rts_threshold)
-               local->ops->set_rts_threshold(local_to_hw(local),
-                                            local->rts_threshold);
-
-       return 0;
-}
-
-static int ieee80211_ioctl_giwrts(struct net_device *dev,
-                                 struct iw_request_info *info,
-                                 struct iw_param *rts, char *extra)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-
-       rts->value = local->rts_threshold;
-       rts->disabled = (rts->value >= IEEE80211_MAX_RTS_THRESHOLD);
-       rts->fixed = 1;
-
-       return 0;
-}
-
-
-static int ieee80211_ioctl_siwfrag(struct net_device *dev,
-                                  struct iw_request_info *info,
-                                  struct iw_param *frag, char *extra)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-
-       if (frag->disabled)
-               local->fragmentation_threshold = IEEE80211_MAX_FRAG_THRESHOLD;
-       else if (frag->value < 256 ||
-                frag->value > IEEE80211_MAX_FRAG_THRESHOLD)
-               return -EINVAL;
-       else {
-               /* Fragment length must be even, so strip LSB. */
-               local->fragmentation_threshold = frag->value & ~0x1;
-       }
-
-       /* If the wlan card performs fragmentation in hardware/firmware,
-        * configure it here */
-
-       if (local->ops->set_frag_threshold)
-               local->ops->set_frag_threshold(
-                       local_to_hw(local),
-                       local->fragmentation_threshold);
-
-       return 0;
-}
-
-static int ieee80211_ioctl_giwfrag(struct net_device *dev,
-                                  struct iw_request_info *info,
-                                  struct iw_param *frag, char *extra)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-
-       frag->value = local->fragmentation_threshold;
-       frag->disabled = (frag->value >= IEEE80211_MAX_RTS_THRESHOLD);
-       frag->fixed = 1;
-
-       return 0;
-}
-
-
-static int ieee80211_ioctl_siwretry(struct net_device *dev,
-                                   struct iw_request_info *info,
-                                   struct iw_param *retry, char *extra)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-
-       if (retry->disabled ||
-           (retry->flags & IW_RETRY_TYPE) != IW_RETRY_LIMIT)
-               return -EINVAL;
-
-       if (retry->flags & IW_RETRY_MAX)
-               local->long_retry_limit = retry->value;
-       else if (retry->flags & IW_RETRY_MIN)
-               local->short_retry_limit = retry->value;
-       else {
-               local->long_retry_limit = retry->value;
-               local->short_retry_limit = retry->value;
-       }
-
-       if (local->ops->set_retry_limit) {
-               return local->ops->set_retry_limit(
-                       local_to_hw(local),
-                       local->short_retry_limit,
-                       local->long_retry_limit);
-       }
-
-       return 0;
-}
-
-
-static int ieee80211_ioctl_giwretry(struct net_device *dev,
-                                   struct iw_request_info *info,
-                                   struct iw_param *retry, char *extra)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-
-       retry->disabled = 0;
-       if (retry->flags == 0 || retry->flags & IW_RETRY_MIN) {
-               /* first return min value, iwconfig will ask max value
-                * later if needed */
-               retry->flags |= IW_RETRY_LIMIT;
-               retry->value = local->short_retry_limit;
-               if (local->long_retry_limit != local->short_retry_limit)
-                       retry->flags |= IW_RETRY_MIN;
-               return 0;
-       }
-       if (retry->flags & IW_RETRY_MAX) {
-               retry->flags = IW_RETRY_LIMIT | IW_RETRY_MAX;
-               retry->value = local->long_retry_limit;
-       }
-
-       return 0;
-}
-
-static int ieee80211_ioctl_siwmlme(struct net_device *dev,
-                                  struct iw_request_info *info,
-                                  struct iw_point *data, char *extra)
-{
-       struct ieee80211_sub_if_data *sdata;
-       struct iw_mlme *mlme = (struct iw_mlme *) extra;
-
-       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-       if (sdata->type != IEEE80211_IF_TYPE_STA &&
-           sdata->type != IEEE80211_IF_TYPE_IBSS)
-               return -EINVAL;
-
-       switch (mlme->cmd) {
-       case IW_MLME_DEAUTH:
-               /* TODO: mlme->addr.sa_data */
-               return ieee80211_sta_deauthenticate(dev, mlme->reason_code);
-       case IW_MLME_DISASSOC:
-               /* TODO: mlme->addr.sa_data */
-               return ieee80211_sta_disassociate(dev, mlme->reason_code);
-       default:
-               return -EOPNOTSUPP;
-       }
-}
-
-
-static int ieee80211_ioctl_siwencode(struct net_device *dev,
-                                    struct iw_request_info *info,
-                                    struct iw_point *erq, char *keybuf)
-{
-       struct ieee80211_sub_if_data *sdata;
-       int idx, i, alg = ALG_WEP;
-       u8 bcaddr[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
-       int remove = 0;
-
-       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-
-       idx = erq->flags & IW_ENCODE_INDEX;
-       if (idx == 0) {
-               if (sdata->default_key)
-                       for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
-                               if (sdata->default_key == sdata->keys[i]) {
-                                       idx = i;
-                                       break;
-                               }
-                       }
-       } else if (idx < 1 || idx > 4)
-               return -EINVAL;
-       else
-               idx--;
-
-       if (erq->flags & IW_ENCODE_DISABLED)
-               remove = 1;
-       else if (erq->length == 0) {
-               /* No key data - just set the default TX key index */
-               ieee80211_set_default_key(sdata, idx);
-               return 0;
-       }
-
-       return ieee80211_set_encryption(
-               dev, bcaddr,
-               idx, alg, remove,
-               !sdata->default_key,
-               keybuf, erq->length);
-}
-
-
-static int ieee80211_ioctl_giwencode(struct net_device *dev,
-                                    struct iw_request_info *info,
-                                    struct iw_point *erq, char *key)
-{
-       struct ieee80211_sub_if_data *sdata;
-       int idx, i;
-
-       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-
-       idx = erq->flags & IW_ENCODE_INDEX;
-       if (idx < 1 || idx > 4) {
-               idx = -1;
-               if (!sdata->default_key)
-                       idx = 0;
-               else for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
-                       if (sdata->default_key == sdata->keys[i]) {
-                               idx = i;
-                               break;
-                       }
-               }
-               if (idx < 0)
-                       return -EINVAL;
-       } else
-               idx--;
-
-       erq->flags = idx + 1;
-
-       if (!sdata->keys[idx]) {
-               erq->length = 0;
-               erq->flags |= IW_ENCODE_DISABLED;
-               return 0;
-       }
-
-       memcpy(key, sdata->keys[idx]->conf.key,
-              min_t(int, erq->length, sdata->keys[idx]->conf.keylen));
-       erq->length = sdata->keys[idx]->conf.keylen;
-       erq->flags |= IW_ENCODE_ENABLED;
-
-       return 0;
-}
-
-static int ieee80211_ioctl_siwauth(struct net_device *dev,
-                                  struct iw_request_info *info,
-                                  struct iw_param *data, char *extra)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-       int ret = 0;
-
-       switch (data->flags & IW_AUTH_INDEX) {
-       case IW_AUTH_WPA_VERSION:
-       case IW_AUTH_CIPHER_PAIRWISE:
-       case IW_AUTH_CIPHER_GROUP:
-       case IW_AUTH_WPA_ENABLED:
-       case IW_AUTH_RX_UNENCRYPTED_EAPOL:
-               break;
-       case IW_AUTH_KEY_MGMT:
-               if (sdata->type != IEEE80211_IF_TYPE_STA)
-                       ret = -EINVAL;
-               else {
-                       /*
-                        * Key management was set by wpa_supplicant,
-                        * we only need this to associate to a network
-                        * that has privacy enabled regardless of not
-                        * having a key.
-                        */
-                       sdata->u.sta.key_management_enabled = !!data->value;
-               }
-               break;
-       case IW_AUTH_80211_AUTH_ALG:
-               if (sdata->type == IEEE80211_IF_TYPE_STA ||
-                   sdata->type == IEEE80211_IF_TYPE_IBSS)
-                       sdata->u.sta.auth_algs = data->value;
-               else
-                       ret = -EOPNOTSUPP;
-               break;
-       case IW_AUTH_PRIVACY_INVOKED:
-               if (local->ops->set_privacy_invoked)
-                       ret = local->ops->set_privacy_invoked(
-                                       local_to_hw(local), data->value);
-               break;
-       default:
-               ret = -EOPNOTSUPP;
-               break;
-       }
-       return ret;
-}
-
-/* Get wireless statistics.  Called by /proc/net/wireless and by SIOCGIWSTATS */
-static struct iw_statistics *ieee80211_get_wireless_stats(struct net_device *dev)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct iw_statistics *wstats = &local->wstats;
-       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-       struct sta_info *sta = NULL;
-
-       if (sdata->type == IEEE80211_IF_TYPE_STA ||
-           sdata->type == IEEE80211_IF_TYPE_IBSS)
-               sta = sta_info_get(local, sdata->u.sta.bssid);
-       if (!sta) {
-               wstats->discard.fragment = 0;
-               wstats->discard.misc = 0;
-               wstats->qual.qual = 0;
-               wstats->qual.level = 0;
-               wstats->qual.noise = 0;
-               wstats->qual.updated = IW_QUAL_ALL_INVALID;
-       } else {
-               wstats->qual.level = sta->last_rssi;
-               wstats->qual.qual = sta->last_signal;
-               wstats->qual.noise = sta->last_noise;
-               wstats->qual.updated = local->wstats_flags;
-               sta_info_put(sta);
-       }
-       return wstats;
-}
-
-static int ieee80211_ioctl_giwauth(struct net_device *dev,
-                                  struct iw_request_info *info,
-                                  struct iw_param *data, char *extra)
-{
-       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-       int ret = 0;
-
-       switch (data->flags & IW_AUTH_INDEX) {
-       case IW_AUTH_80211_AUTH_ALG:
-               if (sdata->type == IEEE80211_IF_TYPE_STA ||
-                   sdata->type == IEEE80211_IF_TYPE_IBSS)
-                       data->value = sdata->u.sta.auth_algs;
-               else
-                       ret = -EOPNOTSUPP;
-               break;
-       default:
-               ret = -EOPNOTSUPP;
-               break;
-       }
-       return ret;
-}
-
-
-static int ieee80211_ioctl_siwencodeext(struct net_device *dev,
-                                       struct iw_request_info *info,
-                                       struct iw_point *erq, char *extra)
-{
-       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-       struct iw_encode_ext *ext = (struct iw_encode_ext *) extra;
-       int uninitialized_var(alg), idx, i, remove = 0;
-
-       switch (ext->alg) {
-       case IW_ENCODE_ALG_NONE:
-               remove = 1;
-               break;
-       case IW_ENCODE_ALG_WEP:
-               alg = ALG_WEP;
-               break;
-       case IW_ENCODE_ALG_TKIP:
-               alg = ALG_TKIP;
-               break;
-       case IW_ENCODE_ALG_CCMP:
-               alg = ALG_CCMP;
-               break;
-       default:
-               return -EOPNOTSUPP;
-       }
-
-       if (erq->flags & IW_ENCODE_DISABLED)
-               remove = 1;
-
-       idx = erq->flags & IW_ENCODE_INDEX;
-       if (idx < 1 || idx > 4) {
-               idx = -1;
-               if (!sdata->default_key)
-                       idx = 0;
-               else for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
-                       if (sdata->default_key == sdata->keys[i]) {
-                               idx = i;
-                               break;
-                       }
-               }
-               if (idx < 0)
-                       return -EINVAL;
-       } else
-               idx--;
-
-       return ieee80211_set_encryption(dev, ext->addr.sa_data, idx, alg,
-                                       remove,
-                                       ext->ext_flags &
-                                       IW_ENCODE_EXT_SET_TX_KEY,
-                                       ext->key, ext->key_len);
-}
-
-
-/* Structures to export the Wireless Handlers */
-
-static const iw_handler ieee80211_handler[] =
-{
-       (iw_handler) NULL,                              /* SIOCSIWCOMMIT */
-       (iw_handler) ieee80211_ioctl_giwname,           /* SIOCGIWNAME */
-       (iw_handler) NULL,                              /* SIOCSIWNWID */
-       (iw_handler) NULL,                              /* SIOCGIWNWID */
-       (iw_handler) ieee80211_ioctl_siwfreq,           /* SIOCSIWFREQ */
-       (iw_handler) ieee80211_ioctl_giwfreq,           /* SIOCGIWFREQ */
-       (iw_handler) ieee80211_ioctl_siwmode,           /* SIOCSIWMODE */
-       (iw_handler) ieee80211_ioctl_giwmode,           /* SIOCGIWMODE */
-       (iw_handler) NULL,                              /* SIOCSIWSENS */
-       (iw_handler) NULL,                              /* SIOCGIWSENS */
-       (iw_handler) NULL /* not used */,               /* SIOCSIWRANGE */
-       (iw_handler) ieee80211_ioctl_giwrange,          /* SIOCGIWRANGE */
-       (iw_handler) NULL /* not used */,               /* SIOCSIWPRIV */
-       (iw_handler) NULL /* kernel code */,            /* SIOCGIWPRIV */
-       (iw_handler) NULL /* not used */,               /* SIOCSIWSTATS */
-       (iw_handler) NULL /* kernel code */,            /* SIOCGIWSTATS */
-       (iw_handler) NULL,                              /* SIOCSIWSPY */
-       (iw_handler) NULL,                              /* SIOCGIWSPY */
-       (iw_handler) NULL,                              /* SIOCSIWTHRSPY */
-       (iw_handler) NULL,                              /* SIOCGIWTHRSPY */
-       (iw_handler) ieee80211_ioctl_siwap,             /* SIOCSIWAP */
-       (iw_handler) ieee80211_ioctl_giwap,             /* SIOCGIWAP */
-       (iw_handler) ieee80211_ioctl_siwmlme,           /* SIOCSIWMLME */
-       (iw_handler) NULL,                              /* SIOCGIWAPLIST */
-       (iw_handler) ieee80211_ioctl_siwscan,           /* SIOCSIWSCAN */
-       (iw_handler) ieee80211_ioctl_giwscan,           /* SIOCGIWSCAN */
-       (iw_handler) ieee80211_ioctl_siwessid,          /* SIOCSIWESSID */
-       (iw_handler) ieee80211_ioctl_giwessid,          /* SIOCGIWESSID */
-       (iw_handler) NULL,                              /* SIOCSIWNICKN */
-       (iw_handler) NULL,                              /* SIOCGIWNICKN */
-       (iw_handler) NULL,                              /* -- hole -- */
-       (iw_handler) NULL,                              /* -- hole -- */
-       (iw_handler) ieee80211_ioctl_siwrate,           /* SIOCSIWRATE */
-       (iw_handler) ieee80211_ioctl_giwrate,           /* SIOCGIWRATE */
-       (iw_handler) ieee80211_ioctl_siwrts,            /* SIOCSIWRTS */
-       (iw_handler) ieee80211_ioctl_giwrts,            /* SIOCGIWRTS */
-       (iw_handler) ieee80211_ioctl_siwfrag,           /* SIOCSIWFRAG */
-       (iw_handler) ieee80211_ioctl_giwfrag,           /* SIOCGIWFRAG */
-       (iw_handler) ieee80211_ioctl_siwtxpower,        /* SIOCSIWTXPOW */
-       (iw_handler) ieee80211_ioctl_giwtxpower,        /* SIOCGIWTXPOW */
-       (iw_handler) ieee80211_ioctl_siwretry,          /* SIOCSIWRETRY */
-       (iw_handler) ieee80211_ioctl_giwretry,          /* SIOCGIWRETRY */
-       (iw_handler) ieee80211_ioctl_siwencode,         /* SIOCSIWENCODE */
-       (iw_handler) ieee80211_ioctl_giwencode,         /* SIOCGIWENCODE */
-       (iw_handler) NULL,                              /* SIOCSIWPOWER */
-       (iw_handler) NULL,                              /* SIOCGIWPOWER */
-       (iw_handler) NULL,                              /* -- hole -- */
-       (iw_handler) NULL,                              /* -- hole -- */
-       (iw_handler) ieee80211_ioctl_siwgenie,          /* SIOCSIWGENIE */
-       (iw_handler) NULL,                              /* SIOCGIWGENIE */
-       (iw_handler) ieee80211_ioctl_siwauth,           /* SIOCSIWAUTH */
-       (iw_handler) ieee80211_ioctl_giwauth,           /* SIOCGIWAUTH */
-       (iw_handler) ieee80211_ioctl_siwencodeext,      /* SIOCSIWENCODEEXT */
-       (iw_handler) NULL,                              /* SIOCGIWENCODEEXT */
-       (iw_handler) NULL,                              /* SIOCSIWPMKSA */
-       (iw_handler) NULL,                              /* -- hole -- */
-};
-
-const struct iw_handler_def ieee80211_iw_handler_def =
-{
-       .num_standard   = ARRAY_SIZE(ieee80211_handler),
-       .standard       = (iw_handler *) ieee80211_handler,
-       .get_wireless_stats = ieee80211_get_wireless_stats,
-};
 
+++ /dev/null
-/*
- * Copyright 2002-2004, Instant802 Networks, Inc.
- * Copyright 2005, Devicescape Software, Inc.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-#ifndef IEEE80211_KEY_H
-#define IEEE80211_KEY_H
-
-#include <linux/types.h>
-#include <linux/list.h>
-#include <linux/crypto.h>
-#include <net/mac80211.h>
-
-/* ALG_TKIP
- * struct ieee80211_key::key is encoded as a 256-bit (32 byte) data block:
- * Temporal Encryption Key (128 bits)
- * Temporal Authenticator Tx MIC Key (64 bits)
- * Temporal Authenticator Rx MIC Key (64 bits)
- */
-
-#define WEP_IV_LEN 4
-#define WEP_ICV_LEN 4
-
-#define ALG_TKIP_KEY_LEN 32
-/* Starting offsets for each key */
-#define ALG_TKIP_TEMP_ENCR_KEY 0
-#define ALG_TKIP_TEMP_AUTH_TX_MIC_KEY 16
-#define ALG_TKIP_TEMP_AUTH_RX_MIC_KEY 24
-#define TKIP_IV_LEN 8
-#define TKIP_ICV_LEN 4
-
-#define ALG_CCMP_KEY_LEN 16
-#define CCMP_HDR_LEN 8
-#define CCMP_MIC_LEN 8
-#define CCMP_TK_LEN 16
-#define CCMP_PN_LEN 6
-
-#define NUM_RX_DATA_QUEUES 17
-
-struct ieee80211_local;
-struct ieee80211_sub_if_data;
-struct sta_info;
-
-#define KEY_FLAG_UPLOADED_TO_HARDWARE  (1<<0)
-
-struct ieee80211_key {
-       struct ieee80211_local *local;
-       struct ieee80211_sub_if_data *sdata;
-       struct sta_info *sta;
-
-       struct list_head list;
-
-       unsigned int flags;
-
-       union {
-               struct {
-                       /* last used TSC */
-                       u32 iv32;
-                       u16 iv16;
-                       u16 p1k[5];
-                       int tx_initialized;
-
-                       /* last received RSC */
-                       u32 iv32_rx[NUM_RX_DATA_QUEUES];
-                       u16 iv16_rx[NUM_RX_DATA_QUEUES];
-                       u16 p1k_rx[NUM_RX_DATA_QUEUES][5];
-                       int rx_initialized[NUM_RX_DATA_QUEUES];
-               } tkip;
-               struct {
-                       u8 tx_pn[6];
-                       u8 rx_pn[NUM_RX_DATA_QUEUES][6];
-                       struct crypto_cipher *tfm;
-                       u32 replays; /* dot11RSNAStatsCCMPReplays */
-                       /* scratch buffers for virt_to_page() (crypto API) */
-#ifndef AES_BLOCK_LEN
-#define AES_BLOCK_LEN 16
-#endif
-                       u8 tx_crypto_buf[6 * AES_BLOCK_LEN];
-                       u8 rx_crypto_buf[6 * AES_BLOCK_LEN];
-               } ccmp;
-       } u;
-
-       /* number of times this key has been used */
-       int tx_rx_count;
-
-#ifdef CONFIG_MAC80211_DEBUGFS
-       struct {
-               struct dentry *stalink;
-               struct dentry *dir;
-               struct dentry *keylen;
-               struct dentry *flags;
-               struct dentry *keyidx;
-               struct dentry *hw_key_idx;
-               struct dentry *tx_rx_count;
-               struct dentry *algorithm;
-               struct dentry *tx_spec;
-               struct dentry *rx_spec;
-               struct dentry *replays;
-               struct dentry *key;
-               struct dentry *ifindex;
-       } debugfs;
-#endif
-
-       /*
-        * key config, must be last because it contains key
-        * material as variable length member
-        */
-       struct ieee80211_key_conf conf;
-};
-
-struct ieee80211_key *ieee80211_key_alloc(struct ieee80211_sub_if_data *sdata,
-                                         struct sta_info *sta,
-                                         enum ieee80211_key_alg alg,
-                                         int idx,
-                                         size_t key_len,
-                                         const u8 *key_data);
-void ieee80211_key_free(struct ieee80211_key *key);
-void ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, int idx);
-void ieee80211_free_keys(struct ieee80211_sub_if_data *sdata);
-void ieee80211_enable_keys(struct ieee80211_sub_if_data *sdata);
-void ieee80211_disable_keys(struct ieee80211_sub_if_data *sdata);
-
-#endif /* IEEE80211_KEY_H */
 
+++ /dev/null
-/*
- * Copyright 2006, Johannes Berg <johannes@sipsolutions.net>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-/* just for IFNAMSIZ */
-#include <linux/if.h>
-#include "ieee80211_led.h"
-
-void ieee80211_led_rx(struct ieee80211_local *local)
-{
-       if (unlikely(!local->rx_led))
-               return;
-       if (local->rx_led_counter++ % 2 == 0)
-               led_trigger_event(local->rx_led, LED_OFF);
-       else
-               led_trigger_event(local->rx_led, LED_FULL);
-}
-
-/* q is 1 if a packet was enqueued, 0 if it has been transmitted */
-void ieee80211_led_tx(struct ieee80211_local *local, int q)
-{
-       if (unlikely(!local->tx_led))
-               return;
-       /* not sure how this is supposed to work ... */
-       local->tx_led_counter += 2*q-1;
-       if (local->tx_led_counter % 2 == 0)
-               led_trigger_event(local->tx_led, LED_OFF);
-       else
-               led_trigger_event(local->tx_led, LED_FULL);
-}
-
-void ieee80211_led_assoc(struct ieee80211_local *local, bool associated)
-{
-       if (unlikely(!local->assoc_led))
-               return;
-       if (associated)
-               led_trigger_event(local->assoc_led, LED_FULL);
-       else
-               led_trigger_event(local->assoc_led, LED_OFF);
-}
-
-void ieee80211_led_init(struct ieee80211_local *local)
-{
-       local->rx_led = kzalloc(sizeof(struct led_trigger), GFP_KERNEL);
-       if (local->rx_led) {
-               snprintf(local->rx_led_name, sizeof(local->rx_led_name),
-                        "%srx", wiphy_name(local->hw.wiphy));
-               local->rx_led->name = local->rx_led_name;
-               if (led_trigger_register(local->rx_led)) {
-                       kfree(local->rx_led);
-                       local->rx_led = NULL;
-               }
-       }
-
-       local->tx_led = kzalloc(sizeof(struct led_trigger), GFP_KERNEL);
-       if (local->tx_led) {
-               snprintf(local->tx_led_name, sizeof(local->tx_led_name),
-                        "%stx", wiphy_name(local->hw.wiphy));
-               local->tx_led->name = local->tx_led_name;
-               if (led_trigger_register(local->tx_led)) {
-                       kfree(local->tx_led);
-                       local->tx_led = NULL;
-               }
-       }
-
-       local->assoc_led = kzalloc(sizeof(struct led_trigger), GFP_KERNEL);
-       if (local->assoc_led) {
-               snprintf(local->assoc_led_name, sizeof(local->assoc_led_name),
-                        "%sassoc", wiphy_name(local->hw.wiphy));
-               local->assoc_led->name = local->assoc_led_name;
-               if (led_trigger_register(local->assoc_led)) {
-                       kfree(local->assoc_led);
-                       local->assoc_led = NULL;
-               }
-       }
-}
-
-void ieee80211_led_exit(struct ieee80211_local *local)
-{
-       if (local->assoc_led) {
-               led_trigger_unregister(local->assoc_led);
-               kfree(local->assoc_led);
-       }
-       if (local->tx_led) {
-               led_trigger_unregister(local->tx_led);
-               kfree(local->tx_led);
-       }
-       if (local->rx_led) {
-               led_trigger_unregister(local->rx_led);
-               kfree(local->rx_led);
-       }
-}
-
-char *__ieee80211_get_assoc_led_name(struct ieee80211_hw *hw)
-{
-       struct ieee80211_local *local = hw_to_local(hw);
-
-       if (local->assoc_led)
-               return local->assoc_led_name;
-       return NULL;
-}
-EXPORT_SYMBOL(__ieee80211_get_assoc_led_name);
-
-char *__ieee80211_get_tx_led_name(struct ieee80211_hw *hw)
-{
-       struct ieee80211_local *local = hw_to_local(hw);
-
-       if (local->tx_led)
-               return local->tx_led_name;
-       return NULL;
-}
-EXPORT_SYMBOL(__ieee80211_get_tx_led_name);
-
-char *__ieee80211_get_rx_led_name(struct ieee80211_hw *hw)
-{
-       struct ieee80211_local *local = hw_to_local(hw);
-
-       if (local->rx_led)
-               return local->rx_led_name;
-       return NULL;
-}
-EXPORT_SYMBOL(__ieee80211_get_rx_led_name);
 
+++ /dev/null
-/*
- * Copyright 2006, Johannes Berg <johannes@sipsolutions.net>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-#include <linux/list.h>
-#include <linux/spinlock.h>
-#include <linux/leds.h>
-#include "ieee80211_i.h"
-
-#ifdef CONFIG_MAC80211_LEDS
-extern void ieee80211_led_rx(struct ieee80211_local *local);
-extern void ieee80211_led_tx(struct ieee80211_local *local, int q);
-extern void ieee80211_led_assoc(struct ieee80211_local *local,
-                               bool associated);
-extern void ieee80211_led_init(struct ieee80211_local *local);
-extern void ieee80211_led_exit(struct ieee80211_local *local);
-#else
-static inline void ieee80211_led_rx(struct ieee80211_local *local)
-{
-}
-static inline void ieee80211_led_tx(struct ieee80211_local *local, int q)
-{
-}
-static inline void ieee80211_led_assoc(struct ieee80211_local *local,
-                                      bool associated)
-{
-}
-static inline void ieee80211_led_init(struct ieee80211_local *local)
-{
-}
-static inline void ieee80211_led_exit(struct ieee80211_local *local)
-{
-}
-#endif
 
+++ /dev/null
-/*
- * Copyright 2002-2005, Instant802 Networks, Inc.
- * Copyright 2005-2006, Devicescape Software, Inc.
- * Copyright (c) 2006 Jiri Benc <jbenc@suse.cz>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-#include <linux/kernel.h>
-#include <linux/rtnetlink.h>
-#include "ieee80211_rate.h"
-#include "ieee80211_i.h"
-
-struct rate_control_alg {
-       struct list_head list;
-       struct rate_control_ops *ops;
-};
-
-static LIST_HEAD(rate_ctrl_algs);
-static DEFINE_MUTEX(rate_ctrl_mutex);
-
-int ieee80211_rate_control_register(struct rate_control_ops *ops)
-{
-       struct rate_control_alg *alg;
-
-       alg = kzalloc(sizeof(*alg), GFP_KERNEL);
-       if (alg == NULL) {
-               return -ENOMEM;
-       }
-       alg->ops = ops;
-
-       mutex_lock(&rate_ctrl_mutex);
-       list_add_tail(&alg->list, &rate_ctrl_algs);
-       mutex_unlock(&rate_ctrl_mutex);
-
-       return 0;
-}
-EXPORT_SYMBOL(ieee80211_rate_control_register);
-
-void ieee80211_rate_control_unregister(struct rate_control_ops *ops)
-{
-       struct rate_control_alg *alg;
-
-       mutex_lock(&rate_ctrl_mutex);
-       list_for_each_entry(alg, &rate_ctrl_algs, list) {
-               if (alg->ops == ops) {
-                       list_del(&alg->list);
-                       break;
-               }
-       }
-       mutex_unlock(&rate_ctrl_mutex);
-       kfree(alg);
-}
-EXPORT_SYMBOL(ieee80211_rate_control_unregister);
-
-static struct rate_control_ops *
-ieee80211_try_rate_control_ops_get(const char *name)
-{
-       struct rate_control_alg *alg;
-       struct rate_control_ops *ops = NULL;
-
-       mutex_lock(&rate_ctrl_mutex);
-       list_for_each_entry(alg, &rate_ctrl_algs, list) {
-               if (!name || !strcmp(alg->ops->name, name))
-                       if (try_module_get(alg->ops->module)) {
-                               ops = alg->ops;
-                               break;
-                       }
-       }
-       mutex_unlock(&rate_ctrl_mutex);
-       return ops;
-}
-
-/* Get the rate control algorithm. If `name' is NULL, get the first
- * available algorithm. */
-static struct rate_control_ops *
-ieee80211_rate_control_ops_get(const char *name)
-{
-       struct rate_control_ops *ops;
-
-       ops = ieee80211_try_rate_control_ops_get(name);
-       if (!ops) {
-               request_module("rc80211_%s", name ? name : "default");
-               ops = ieee80211_try_rate_control_ops_get(name);
-       }
-       return ops;
-}
-
-static void ieee80211_rate_control_ops_put(struct rate_control_ops *ops)
-{
-       module_put(ops->module);
-}
-
-struct rate_control_ref *rate_control_alloc(const char *name,
-                                           struct ieee80211_local *local)
-{
-       struct rate_control_ref *ref;
-
-       ref = kmalloc(sizeof(struct rate_control_ref), GFP_KERNEL);
-       if (!ref)
-               goto fail_ref;
-       kref_init(&ref->kref);
-       ref->ops = ieee80211_rate_control_ops_get(name);
-       if (!ref->ops)
-               goto fail_ops;
-       ref->priv = ref->ops->alloc(local);
-       if (!ref->priv)
-               goto fail_priv;
-       return ref;
-
-fail_priv:
-       ieee80211_rate_control_ops_put(ref->ops);
-fail_ops:
-       kfree(ref);
-fail_ref:
-       return NULL;
-}
-
-static void rate_control_release(struct kref *kref)
-{
-       struct rate_control_ref *ctrl_ref;
-
-       ctrl_ref = container_of(kref, struct rate_control_ref, kref);
-       ctrl_ref->ops->free(ctrl_ref->priv);
-       ieee80211_rate_control_ops_put(ctrl_ref->ops);
-       kfree(ctrl_ref);
-}
-
-struct rate_control_ref *rate_control_get(struct rate_control_ref *ref)
-{
-       kref_get(&ref->kref);
-       return ref;
-}
-
-void rate_control_put(struct rate_control_ref *ref)
-{
-       kref_put(&ref->kref, rate_control_release);
-}
-
-int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local,
-                                const char *name)
-{
-       struct rate_control_ref *ref, *old;
-
-       ASSERT_RTNL();
-       if (local->open_count || netif_running(local->mdev))
-               return -EBUSY;
-
-       ref = rate_control_alloc(name, local);
-       if (!ref) {
-               printk(KERN_WARNING "%s: Failed to select rate control "
-                      "algorithm\n", wiphy_name(local->hw.wiphy));
-               return -ENOENT;
-       }
-
-       old = local->rate_ctrl;
-       local->rate_ctrl = ref;
-       if (old) {
-               rate_control_put(old);
-               sta_info_flush(local, NULL);
-       }
-
-       printk(KERN_DEBUG "%s: Selected rate control "
-              "algorithm '%s'\n", wiphy_name(local->hw.wiphy),
-              ref->ops->name);
-
-
-       return 0;
-}
-
-void rate_control_deinitialize(struct ieee80211_local *local)
-{
-       struct rate_control_ref *ref;
-
-       ref = local->rate_ctrl;
-       local->rate_ctrl = NULL;
-       rate_control_put(ref);
-}
 
+++ /dev/null
-/*
- * Copyright 2002-2005, Instant802 Networks, Inc.
- * Copyright 2005, Devicescape Software, Inc.
- * Copyright (c) 2006 Jiri Benc <jbenc@suse.cz>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-#ifndef IEEE80211_RATE_H
-#define IEEE80211_RATE_H
-
-#include <linux/netdevice.h>
-#include <linux/skbuff.h>
-#include <linux/types.h>
-#include <net/mac80211.h>
-#include "ieee80211_i.h"
-#include "sta_info.h"
-
-#define RATE_CONTROL_NUM_DOWN 20
-#define RATE_CONTROL_NUM_UP   15
-
-
-struct rate_control_extra {
-       /* values from rate_control_get_rate() to the caller: */
-       struct ieee80211_rate *probe; /* probe with this rate, or NULL for no
-                                      * probing */
-       struct ieee80211_rate *nonerp;
-
-       /* parameters from the caller to rate_control_get_rate(): */
-       struct ieee80211_hw_mode *mode;
-       u16 ethertype;
-};
-
-
-struct rate_control_ops {
-       struct module *module;
-       const char *name;
-       void (*tx_status)(void *priv, struct net_device *dev,
-                         struct sk_buff *skb,
-                         struct ieee80211_tx_status *status);
-       struct ieee80211_rate *(*get_rate)(void *priv, struct net_device *dev,
-                                          struct sk_buff *skb,
-                                          struct rate_control_extra *extra);
-       void (*rate_init)(void *priv, void *priv_sta,
-                         struct ieee80211_local *local, struct sta_info *sta);
-       void (*clear)(void *priv);
-
-       void *(*alloc)(struct ieee80211_local *local);
-       void (*free)(void *priv);
-       void *(*alloc_sta)(void *priv, gfp_t gfp);
-       void (*free_sta)(void *priv, void *priv_sta);
-
-       int (*add_attrs)(void *priv, struct kobject *kobj);
-       void (*remove_attrs)(void *priv, struct kobject *kobj);
-       void (*add_sta_debugfs)(void *priv, void *priv_sta,
-                               struct dentry *dir);
-       void (*remove_sta_debugfs)(void *priv, void *priv_sta);
-};
-
-struct rate_control_ref {
-       struct rate_control_ops *ops;
-       void *priv;
-       struct kref kref;
-};
-
-int ieee80211_rate_control_register(struct rate_control_ops *ops);
-void ieee80211_rate_control_unregister(struct rate_control_ops *ops);
-
-/* Get a reference to the rate control algorithm. If `name' is NULL, get the
- * first available algorithm. */
-struct rate_control_ref *rate_control_alloc(const char *name,
-                                           struct ieee80211_local *local);
-struct rate_control_ref *rate_control_get(struct rate_control_ref *ref);
-void rate_control_put(struct rate_control_ref *ref);
-
-static inline void rate_control_tx_status(struct ieee80211_local *local,
-                                         struct net_device *dev,
-                                         struct sk_buff *skb,
-                                         struct ieee80211_tx_status *status)
-{
-       struct rate_control_ref *ref = local->rate_ctrl;
-       ref->ops->tx_status(ref->priv, dev, skb, status);
-}
-
-
-static inline struct ieee80211_rate *
-rate_control_get_rate(struct ieee80211_local *local, struct net_device *dev,
-                     struct sk_buff *skb, struct rate_control_extra *extra)
-{
-       struct rate_control_ref *ref = local->rate_ctrl;
-       return ref->ops->get_rate(ref->priv, dev, skb, extra);
-}
-
-
-static inline void rate_control_rate_init(struct sta_info *sta,
-                                         struct ieee80211_local *local)
-{
-       struct rate_control_ref *ref = sta->rate_ctrl;
-       ref->ops->rate_init(ref->priv, sta->rate_ctrl_priv, local, sta);
-}
-
-
-static inline void rate_control_clear(struct ieee80211_local *local)
-{
-       struct rate_control_ref *ref = local->rate_ctrl;
-       ref->ops->clear(ref->priv);
-}
-
-static inline void *rate_control_alloc_sta(struct rate_control_ref *ref,
-                                          gfp_t gfp)
-{
-       return ref->ops->alloc_sta(ref->priv, gfp);
-}
-
-static inline void rate_control_free_sta(struct rate_control_ref *ref,
-                                        void *priv)
-{
-       ref->ops->free_sta(ref->priv, priv);
-}
-
-static inline void rate_control_add_sta_debugfs(struct sta_info *sta)
-{
-#ifdef CONFIG_MAC80211_DEBUGFS
-       struct rate_control_ref *ref = sta->rate_ctrl;
-       if (sta->debugfs.dir && ref->ops->add_sta_debugfs)
-               ref->ops->add_sta_debugfs(ref->priv, sta->rate_ctrl_priv,
-                                         sta->debugfs.dir);
-#endif
-}
-
-static inline void rate_control_remove_sta_debugfs(struct sta_info *sta)
-{
-#ifdef CONFIG_MAC80211_DEBUGFS
-       struct rate_control_ref *ref = sta->rate_ctrl;
-       if (ref->ops->remove_sta_debugfs)
-               ref->ops->remove_sta_debugfs(ref->priv, sta->rate_ctrl_priv);
-#endif
-}
-
-
-/* functions for rate control related to a device */
-int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local,
-                                const char *name);
-void rate_control_deinitialize(struct ieee80211_local *local);
-
-#endif /* IEEE80211_RATE_H */
 
+++ /dev/null
-/*
- * BSS client mode implementation
- * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi>
- * Copyright 2004, Instant802 Networks, Inc.
- * Copyright 2005, Devicescape Software, Inc.
- * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
- * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-/* TODO:
- * BSS table: use <BSSID,SSID> as the key to support multi-SSID APs
- * order BSS list by RSSI(?) ("quality of AP")
- * scan result table filtering (by capability (privacy, IBSS/BSS, WPA/RSN IE,
- *    SSID)
- */
-#include <linux/delay.h>
-#include <linux/if_ether.h>
-#include <linux/skbuff.h>
-#include <linux/netdevice.h>
-#include <linux/if_arp.h>
-#include <linux/wireless.h>
-#include <linux/random.h>
-#include <linux/etherdevice.h>
-#include <net/iw_handler.h>
-#include <asm/types.h>
-
-#include <net/mac80211.h>
-#include "ieee80211_i.h"
-#include "ieee80211_rate.h"
-#include "ieee80211_led.h"
-
-#define IEEE80211_AUTH_TIMEOUT (HZ / 5)
-#define IEEE80211_AUTH_MAX_TRIES 3
-#define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
-#define IEEE80211_ASSOC_MAX_TRIES 3
-#define IEEE80211_MONITORING_INTERVAL (2 * HZ)
-#define IEEE80211_PROBE_INTERVAL (60 * HZ)
-#define IEEE80211_RETRY_AUTH_INTERVAL (1 * HZ)
-#define IEEE80211_SCAN_INTERVAL (2 * HZ)
-#define IEEE80211_SCAN_INTERVAL_SLOW (15 * HZ)
-#define IEEE80211_IBSS_JOIN_TIMEOUT (20 * HZ)
-
-#define IEEE80211_PROBE_DELAY (HZ / 33)
-#define IEEE80211_CHANNEL_TIME (HZ / 33)
-#define IEEE80211_PASSIVE_CHANNEL_TIME (HZ / 5)
-#define IEEE80211_SCAN_RESULT_EXPIRE (10 * HZ)
-#define IEEE80211_IBSS_MERGE_INTERVAL (30 * HZ)
-#define IEEE80211_IBSS_INACTIVITY_LIMIT (60 * HZ)
-
-#define IEEE80211_IBSS_MAX_STA_ENTRIES 128
-
-
-#define IEEE80211_FC(type, stype) cpu_to_le16(type | stype)
-
-#define ERP_INFO_USE_PROTECTION BIT(1)
-
-static void ieee80211_send_probe_req(struct net_device *dev, u8 *dst,
-                                    u8 *ssid, size_t ssid_len);
-static struct ieee80211_sta_bss *
-ieee80211_rx_bss_get(struct net_device *dev, u8 *bssid);
-static void ieee80211_rx_bss_put(struct net_device *dev,
-                                struct ieee80211_sta_bss *bss);
-static int ieee80211_sta_find_ibss(struct net_device *dev,
-                                  struct ieee80211_if_sta *ifsta);
-static int ieee80211_sta_wep_configured(struct net_device *dev);
-static int ieee80211_sta_start_scan(struct net_device *dev,
-                                   u8 *ssid, size_t ssid_len);
-static int ieee80211_sta_config_auth(struct net_device *dev,
-                                    struct ieee80211_if_sta *ifsta);
-
-
-/* Parsed Information Elements */
-struct ieee802_11_elems {
-       /* pointers to IEs */
-       u8 *ssid;
-       u8 *supp_rates;
-       u8 *fh_params;
-       u8 *ds_params;
-       u8 *cf_params;
-       u8 *tim;
-       u8 *ibss_params;
-       u8 *challenge;
-       u8 *wpa;
-       u8 *rsn;
-       u8 *erp_info;
-       u8 *ext_supp_rates;
-       u8 *wmm_info;
-       u8 *wmm_param;
-
-       /* length of them, respectively */
-       u8 ssid_len;
-       u8 supp_rates_len;
-       u8 fh_params_len;
-       u8 ds_params_len;
-       u8 cf_params_len;
-       u8 tim_len;
-       u8 ibss_params_len;
-       u8 challenge_len;
-       u8 wpa_len;
-       u8 rsn_len;
-       u8 erp_info_len;
-       u8 ext_supp_rates_len;
-       u8 wmm_info_len;
-       u8 wmm_param_len;
-};
-
-enum ParseRes { ParseOK = 0, ParseUnknown = 1, ParseFailed = -1 };
-
-static enum ParseRes ieee802_11_parse_elems(u8 *start, size_t len,
-                                           struct ieee802_11_elems *elems)
-{
-       size_t left = len;
-       u8 *pos = start;
-       int unknown = 0;
-
-       memset(elems, 0, sizeof(*elems));
-
-       while (left >= 2) {
-               u8 id, elen;
-
-               id = *pos++;
-               elen = *pos++;
-               left -= 2;
-
-               if (elen > left) {
-#if 0
-                       if (net_ratelimit())
-                               printk(KERN_DEBUG "IEEE 802.11 element parse "
-                                      "failed (id=%d elen=%d left=%d)\n",
-                                      id, elen, left);
-#endif
-                       return ParseFailed;
-               }
-
-               switch (id) {
-               case WLAN_EID_SSID:
-                       elems->ssid = pos;
-                       elems->ssid_len = elen;
-                       break;
-               case WLAN_EID_SUPP_RATES:
-                       elems->supp_rates = pos;
-                       elems->supp_rates_len = elen;
-                       break;
-               case WLAN_EID_FH_PARAMS:
-                       elems->fh_params = pos;
-                       elems->fh_params_len = elen;
-                       break;
-               case WLAN_EID_DS_PARAMS:
-                       elems->ds_params = pos;
-                       elems->ds_params_len = elen;
-                       break;
-               case WLAN_EID_CF_PARAMS:
-                       elems->cf_params = pos;
-                       elems->cf_params_len = elen;
-                       break;
-               case WLAN_EID_TIM:
-                       elems->tim = pos;
-                       elems->tim_len = elen;
-                       break;
-               case WLAN_EID_IBSS_PARAMS:
-                       elems->ibss_params = pos;
-                       elems->ibss_params_len = elen;
-                       break;
-               case WLAN_EID_CHALLENGE:
-                       elems->challenge = pos;
-                       elems->challenge_len = elen;
-                       break;
-               case WLAN_EID_WPA:
-                       if (elen >= 4 && pos[0] == 0x00 && pos[1] == 0x50 &&
-                           pos[2] == 0xf2) {
-                               /* Microsoft OUI (00:50:F2) */
-                               if (pos[3] == 1) {
-                                       /* OUI Type 1 - WPA IE */
-                                       elems->wpa = pos;
-                                       elems->wpa_len = elen;
-                               } else if (elen >= 5 && pos[3] == 2) {
-                                       if (pos[4] == 0) {
-                                               elems->wmm_info = pos;
-                                               elems->wmm_info_len = elen;
-                                       } else if (pos[4] == 1) {
-                                               elems->wmm_param = pos;
-                                               elems->wmm_param_len = elen;
-                                       }
-                               }
-                       }
-                       break;
-               case WLAN_EID_RSN:
-                       elems->rsn = pos;
-                       elems->rsn_len = elen;
-                       break;
-               case WLAN_EID_ERP_INFO:
-                       elems->erp_info = pos;
-                       elems->erp_info_len = elen;
-                       break;
-               case WLAN_EID_EXT_SUPP_RATES:
-                       elems->ext_supp_rates = pos;
-                       elems->ext_supp_rates_len = elen;
-                       break;
-               default:
-#if 0
-                       printk(KERN_DEBUG "IEEE 802.11 element parse ignored "
-                                     "unknown element (id=%d elen=%d)\n",
-                                     id, elen);
-#endif
-                       unknown++;
-                       break;
-               }
-
-               left -= elen;
-               pos += elen;
-       }
-
-       /* Do not trigger error if left == 1 as Apple Airport base stations
-        * send AssocResps that are one spurious byte too long. */
-
-       return unknown ? ParseUnknown : ParseOK;
-}
-
-
-
-
-static int ecw2cw(int ecw)
-{
-       int cw = 1;
-       while (ecw > 0) {
-               cw <<= 1;
-               ecw--;
-       }
-       return cw - 1;
-}
-
-static void ieee80211_sta_wmm_params(struct net_device *dev,
-                                    struct ieee80211_if_sta *ifsta,
-                                    u8 *wmm_param, size_t wmm_param_len)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct ieee80211_tx_queue_params params;
-       size_t left;
-       int count;
-       u8 *pos;
-
-       if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1)
-               return;
-       count = wmm_param[6] & 0x0f;
-       if (count == ifsta->wmm_last_param_set)
-               return;
-       ifsta->wmm_last_param_set = count;
-
-       pos = wmm_param + 8;
-       left = wmm_param_len - 8;
-
-       memset(¶ms, 0, sizeof(params));
-
-       if (!local->ops->conf_tx)
-               return;
-
-       local->wmm_acm = 0;
-       for (; left >= 4; left -= 4, pos += 4) {
-               int aci = (pos[0] >> 5) & 0x03;
-               int acm = (pos[0] >> 4) & 0x01;
-               int queue;
-
-               switch (aci) {
-               case 1:
-                       queue = IEEE80211_TX_QUEUE_DATA3;
-                       if (acm) {
-                               local->wmm_acm |= BIT(0) | BIT(3);
-                       }
-                       break;
-               case 2:
-                       queue = IEEE80211_TX_QUEUE_DATA1;
-                       if (acm) {
-                               local->wmm_acm |= BIT(4) | BIT(5);
-                       }
-                       break;
-               case 3:
-                       queue = IEEE80211_TX_QUEUE_DATA0;
-                       if (acm) {
-                               local->wmm_acm |= BIT(6) | BIT(7);
-                       }
-                       break;
-               case 0:
-               default:
-                       queue = IEEE80211_TX_QUEUE_DATA2;
-                       if (acm) {
-                               local->wmm_acm |= BIT(1) | BIT(2);
-                       }
-                       break;
-               }
-
-               params.aifs = pos[0] & 0x0f;
-               params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4);
-               params.cw_min = ecw2cw(pos[1] & 0x0f);
-               /* TXOP is in units of 32 usec; burst_time in 0.1 ms */
-               params.burst_time = (pos[2] | (pos[3] << 8)) * 32 / 100;
-               printk(KERN_DEBUG "%s: WMM queue=%d aci=%d acm=%d aifs=%d "
-                      "cWmin=%d cWmax=%d burst=%d\n",
-                      dev->name, queue, aci, acm, params.aifs, params.cw_min,
-                      params.cw_max, params.burst_time);
-               /* TODO: handle ACM (block TX, fallback to next lowest allowed
-                * AC for now) */
-               if (local->ops->conf_tx(local_to_hw(local), queue, ¶ms)) {
-                       printk(KERN_DEBUG "%s: failed to set TX queue "
-                              "parameters for queue %d\n", dev->name, queue);
-               }
-       }
-}
-
-
-static void ieee80211_handle_erp_ie(struct net_device *dev, u8 erp_value)
-{
-       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-       struct ieee80211_if_sta *ifsta = &sdata->u.sta;
-       int use_protection = (erp_value & WLAN_ERP_USE_PROTECTION) != 0;
-       int preamble_mode = (erp_value & WLAN_ERP_BARKER_PREAMBLE) != 0;
-       u8 changes = 0;
-
-       if (use_protection != !!(sdata->flags & IEEE80211_SDATA_USE_PROTECTION)) {
-               if (net_ratelimit()) {
-                       printk(KERN_DEBUG "%s: CTS protection %s (BSSID="
-                              MAC_FMT ")\n",
-                              dev->name,
-                              use_protection ? "enabled" : "disabled",
-                              MAC_ARG(ifsta->bssid));
-               }
-               if (use_protection)
-                       sdata->flags |= IEEE80211_SDATA_USE_PROTECTION;
-               else
-                       sdata->flags &= ~IEEE80211_SDATA_USE_PROTECTION;
-               changes |= IEEE80211_ERP_CHANGE_PROTECTION;
-       }
-
-       if (preamble_mode != !(sdata->flags & IEEE80211_SDATA_SHORT_PREAMBLE)) {
-               if (net_ratelimit()) {
-                       printk(KERN_DEBUG "%s: switched to %s barker preamble"
-                              " (BSSID=" MAC_FMT ")\n",
-                              dev->name,
-                              (preamble_mode == WLAN_ERP_PREAMBLE_SHORT) ?
-                                       "short" : "long",
-                              MAC_ARG(ifsta->bssid));
-               }
-               if (preamble_mode)
-                       sdata->flags &= ~IEEE80211_SDATA_SHORT_PREAMBLE;
-               else
-                       sdata->flags |= IEEE80211_SDATA_SHORT_PREAMBLE;
-               changes |= IEEE80211_ERP_CHANGE_PREAMBLE;
-       }
-
-       if (changes)
-               ieee80211_erp_info_change_notify(dev, changes);
-}
-
-
-static void ieee80211_sta_send_associnfo(struct net_device *dev,
-                                        struct ieee80211_if_sta *ifsta)
-{
-       char *buf;
-       size_t len;
-       int i;
-       union iwreq_data wrqu;
-
-       if (!ifsta->assocreq_ies && !ifsta->assocresp_ies)
-               return;
-
-       buf = kmalloc(50 + 2 * (ifsta->assocreq_ies_len +
-                               ifsta->assocresp_ies_len), GFP_KERNEL);
-       if (!buf)
-               return;
-
-       len = sprintf(buf, "ASSOCINFO(");
-       if (ifsta->assocreq_ies) {
-               len += sprintf(buf + len, "ReqIEs=");
-               for (i = 0; i < ifsta->assocreq_ies_len; i++) {
-                       len += sprintf(buf + len, "%02x",
-                                      ifsta->assocreq_ies[i]);
-               }
-       }
-       if (ifsta->assocresp_ies) {
-               if (ifsta->assocreq_ies)
-                       len += sprintf(buf + len, " ");
-               len += sprintf(buf + len, "RespIEs=");
-               for (i = 0; i < ifsta->assocresp_ies_len; i++) {
-                       len += sprintf(buf + len, "%02x",
-                                      ifsta->assocresp_ies[i]);
-               }
-       }
-       len += sprintf(buf + len, ")");
-
-       if (len > IW_CUSTOM_MAX) {
-               len = sprintf(buf, "ASSOCRESPIE=");
-               for (i = 0; i < ifsta->assocresp_ies_len; i++) {
-                       len += sprintf(buf + len, "%02x",
-                                      ifsta->assocresp_ies[i]);
-               }
-       }
-
-       memset(&wrqu, 0, sizeof(wrqu));
-       wrqu.data.length = len;
-       wireless_send_event(dev, IWEVCUSTOM, &wrqu, buf);
-
-       kfree(buf);
-}
-
-
-static void ieee80211_set_associated(struct net_device *dev,
-                                    struct ieee80211_if_sta *ifsta,
-                                    bool assoc)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       union iwreq_data wrqu;
-
-       if (!!(ifsta->flags & IEEE80211_STA_ASSOCIATED) == assoc)
-               return;
-
-       if (assoc) {
-               struct ieee80211_sub_if_data *sdata;
-               struct ieee80211_sta_bss *bss;
-
-               ifsta->flags |= IEEE80211_STA_ASSOCIATED;
-
-               sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-               if (sdata->type != IEEE80211_IF_TYPE_STA)
-                       return;
-
-               bss = ieee80211_rx_bss_get(dev, ifsta->bssid);
-               if (bss) {
-                       if (bss->has_erp_value)
-                               ieee80211_handle_erp_ie(dev, bss->erp_value);
-                       ieee80211_rx_bss_put(dev, bss);
-               }
-
-               netif_carrier_on(dev);
-               ifsta->flags |= IEEE80211_STA_PREV_BSSID_SET;
-               memcpy(ifsta->prev_bssid, sdata->u.sta.bssid, ETH_ALEN);
-               memcpy(wrqu.ap_addr.sa_data, sdata->u.sta.bssid, ETH_ALEN);
-               ieee80211_sta_send_associnfo(dev, ifsta);
-       } else {
-               ifsta->flags &= ~IEEE80211_STA_ASSOCIATED;
-
-               netif_carrier_off(dev);
-               ieee80211_reset_erp_info(dev);
-               memset(wrqu.ap_addr.sa_data, 0, ETH_ALEN);
-       }
-       wrqu.ap_addr.sa_family = ARPHRD_ETHER;
-       wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL);
-       ifsta->last_probe = jiffies;
-       ieee80211_led_assoc(local, assoc);
-}
-
-static void ieee80211_set_disassoc(struct net_device *dev,
-                                  struct ieee80211_if_sta *ifsta, int deauth)
-{
-       if (deauth)
-               ifsta->auth_tries = 0;
-       ifsta->assoc_tries = 0;
-       ieee80211_set_associated(dev, ifsta, 0);
-}
-
-static void ieee80211_sta_tx(struct net_device *dev, struct sk_buff *skb,
-                            int encrypt)
-{
-       struct ieee80211_sub_if_data *sdata;
-       struct ieee80211_tx_packet_data *pkt_data;
-
-       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-       skb->dev = sdata->local->mdev;
-       skb_set_mac_header(skb, 0);
-       skb_set_network_header(skb, 0);
-       skb_set_transport_header(skb, 0);
-
-       pkt_data = (struct ieee80211_tx_packet_data *) skb->cb;
-       memset(pkt_data, 0, sizeof(struct ieee80211_tx_packet_data));
-       pkt_data->ifindex = sdata->dev->ifindex;
-       if (!encrypt)
-               pkt_data->flags |= IEEE80211_TXPD_DO_NOT_ENCRYPT;
-
-       dev_queue_xmit(skb);
-}
-
-
-static void ieee80211_send_auth(struct net_device *dev,
-                               struct ieee80211_if_sta *ifsta,
-                               int transaction, u8 *extra, size_t extra_len,
-                               int encrypt)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct sk_buff *skb;
-       struct ieee80211_mgmt *mgmt;
-
-       skb = dev_alloc_skb(local->hw.extra_tx_headroom +
-                           sizeof(*mgmt) + 6 + extra_len);
-       if (!skb) {
-               printk(KERN_DEBUG "%s: failed to allocate buffer for auth "
-                      "frame\n", dev->name);
-               return;
-       }
-       skb_reserve(skb, local->hw.extra_tx_headroom);
-
-       mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24 + 6);
-       memset(mgmt, 0, 24 + 6);
-       mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
-                                          IEEE80211_STYPE_AUTH);
-       if (encrypt)
-               mgmt->frame_control |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
-       memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
-       memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
-       memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
-       mgmt->u.auth.auth_alg = cpu_to_le16(ifsta->auth_alg);
-       mgmt->u.auth.auth_transaction = cpu_to_le16(transaction);
-       ifsta->auth_transaction = transaction + 1;
-       mgmt->u.auth.status_code = cpu_to_le16(0);
-       if (extra)
-               memcpy(skb_put(skb, extra_len), extra, extra_len);
-
-       ieee80211_sta_tx(dev, skb, encrypt);
-}
-
-
-static void ieee80211_authenticate(struct net_device *dev,
-                                  struct ieee80211_if_sta *ifsta)
-{
-       ifsta->auth_tries++;
-       if (ifsta->auth_tries > IEEE80211_AUTH_MAX_TRIES) {
-               printk(KERN_DEBUG "%s: authentication with AP " MAC_FMT
-                      " timed out\n",
-                      dev->name, MAC_ARG(ifsta->bssid));
-               ifsta->state = IEEE80211_DISABLED;
-               return;
-       }
-
-       ifsta->state = IEEE80211_AUTHENTICATE;
-       printk(KERN_DEBUG "%s: authenticate with AP " MAC_FMT "\n",
-              dev->name, MAC_ARG(ifsta->bssid));
-
-       ieee80211_send_auth(dev, ifsta, 1, NULL, 0, 0);
-
-       mod_timer(&ifsta->timer, jiffies + IEEE80211_AUTH_TIMEOUT);
-}
-
-
-static void ieee80211_send_assoc(struct net_device *dev,
-                                struct ieee80211_if_sta *ifsta)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct ieee80211_hw_mode *mode;
-       struct sk_buff *skb;
-       struct ieee80211_mgmt *mgmt;
-       u8 *pos, *ies;
-       int i, len;
-       u16 capab;
-       struct ieee80211_sta_bss *bss;
-       int wmm = 0;
-
-       skb = dev_alloc_skb(local->hw.extra_tx_headroom +
-                           sizeof(*mgmt) + 200 + ifsta->extra_ie_len +
-                           ifsta->ssid_len);
-       if (!skb) {
-               printk(KERN_DEBUG "%s: failed to allocate buffer for assoc "
-                      "frame\n", dev->name);
-               return;
-       }
-       skb_reserve(skb, local->hw.extra_tx_headroom);
-
-       mode = local->oper_hw_mode;
-       capab = ifsta->capab;
-       if (mode->mode == MODE_IEEE80211G) {
-               capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME |
-                       WLAN_CAPABILITY_SHORT_PREAMBLE;
-       }
-       bss = ieee80211_rx_bss_get(dev, ifsta->bssid);
-       if (bss) {
-               if (bss->capability & WLAN_CAPABILITY_PRIVACY)
-                       capab |= WLAN_CAPABILITY_PRIVACY;
-               if (bss->wmm_ie) {
-                       wmm = 1;
-               }
-               ieee80211_rx_bss_put(dev, bss);
-       }
-
-       mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
-       memset(mgmt, 0, 24);
-       memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
-       memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
-       memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
-
-       if (ifsta->flags & IEEE80211_STA_PREV_BSSID_SET) {
-               skb_put(skb, 10);
-               mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
-                                                  IEEE80211_STYPE_REASSOC_REQ);
-               mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab);
-               mgmt->u.reassoc_req.listen_interval = cpu_to_le16(1);
-               memcpy(mgmt->u.reassoc_req.current_ap, ifsta->prev_bssid,
-                      ETH_ALEN);
-       } else {
-               skb_put(skb, 4);
-               mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
-                                                  IEEE80211_STYPE_ASSOC_REQ);
-               mgmt->u.assoc_req.capab_info = cpu_to_le16(capab);
-               mgmt->u.assoc_req.listen_interval = cpu_to_le16(1);
-       }
-
-       /* SSID */
-       ies = pos = skb_put(skb, 2 + ifsta->ssid_len);
-       *pos++ = WLAN_EID_SSID;
-       *pos++ = ifsta->ssid_len;
-       memcpy(pos, ifsta->ssid, ifsta->ssid_len);
-
-       len = mode->num_rates;
-       if (len > 8)
-               len = 8;
-       pos = skb_put(skb, len + 2);
-       *pos++ = WLAN_EID_SUPP_RATES;
-       *pos++ = len;
-       for (i = 0; i < len; i++) {
-               int rate = mode->rates[i].rate;
-               *pos++ = (u8) (rate / 5);
-       }
-
-       if (mode->num_rates > len) {
-               pos = skb_put(skb, mode->num_rates - len + 2);
-               *pos++ = WLAN_EID_EXT_SUPP_RATES;
-               *pos++ = mode->num_rates - len;
-               for (i = len; i < mode->num_rates; i++) {
-                       int rate = mode->rates[i].rate;
-                       *pos++ = (u8) (rate / 5);
-               }
-       }
-
-       if (ifsta->extra_ie) {
-               pos = skb_put(skb, ifsta->extra_ie_len);
-               memcpy(pos, ifsta->extra_ie, ifsta->extra_ie_len);
-       }
-
-       if (wmm && (ifsta->flags & IEEE80211_STA_WMM_ENABLED)) {
-               pos = skb_put(skb, 9);
-               *pos++ = WLAN_EID_VENDOR_SPECIFIC;
-               *pos++ = 7; /* len */
-               *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */
-               *pos++ = 0x50;
-               *pos++ = 0xf2;
-               *pos++ = 2; /* WME */
-               *pos++ = 0; /* WME info */
-               *pos++ = 1; /* WME ver */
-               *pos++ = 0;
-       }
-
-       kfree(ifsta->assocreq_ies);
-       ifsta->assocreq_ies_len = (skb->data + skb->len) - ies;
-       ifsta->assocreq_ies = kmalloc(ifsta->assocreq_ies_len, GFP_KERNEL);
-       if (ifsta->assocreq_ies)
-               memcpy(ifsta->assocreq_ies, ies, ifsta->assocreq_ies_len);
-
-       ieee80211_sta_tx(dev, skb, 0);
-}
-
-
-static void ieee80211_send_deauth(struct net_device *dev,
-                                 struct ieee80211_if_sta *ifsta, u16 reason)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct sk_buff *skb;
-       struct ieee80211_mgmt *mgmt;
-
-       skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt));
-       if (!skb) {
-               printk(KERN_DEBUG "%s: failed to allocate buffer for deauth "
-                      "frame\n", dev->name);
-               return;
-       }
-       skb_reserve(skb, local->hw.extra_tx_headroom);
-
-       mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
-       memset(mgmt, 0, 24);
-       memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
-       memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
-       memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
-       mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
-                                          IEEE80211_STYPE_DEAUTH);
-       skb_put(skb, 2);
-       mgmt->u.deauth.reason_code = cpu_to_le16(reason);
-
-       ieee80211_sta_tx(dev, skb, 0);
-}
-
-
-static void ieee80211_send_disassoc(struct net_device *dev,
-                                   struct ieee80211_if_sta *ifsta, u16 reason)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct sk_buff *skb;
-       struct ieee80211_mgmt *mgmt;
-
-       skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt));
-       if (!skb) {
-               printk(KERN_DEBUG "%s: failed to allocate buffer for disassoc "
-                      "frame\n", dev->name);
-               return;
-       }
-       skb_reserve(skb, local->hw.extra_tx_headroom);
-
-       mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
-       memset(mgmt, 0, 24);
-       memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
-       memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
-       memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
-       mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
-                                          IEEE80211_STYPE_DISASSOC);
-       skb_put(skb, 2);
-       mgmt->u.disassoc.reason_code = cpu_to_le16(reason);
-
-       ieee80211_sta_tx(dev, skb, 0);
-}
-
-
-static int ieee80211_privacy_mismatch(struct net_device *dev,
-                                     struct ieee80211_if_sta *ifsta)
-{
-       struct ieee80211_sta_bss *bss;
-       int res = 0;
-
-       if (!ifsta || (ifsta->flags & IEEE80211_STA_MIXED_CELL) ||
-           ifsta->key_management_enabled)
-               return 0;
-
-       bss = ieee80211_rx_bss_get(dev, ifsta->bssid);
-       if (!bss)
-               return 0;
-
-       if (ieee80211_sta_wep_configured(dev) !=
-           !!(bss->capability & WLAN_CAPABILITY_PRIVACY))
-               res = 1;
-
-       ieee80211_rx_bss_put(dev, bss);
-
-       return res;
-}
-
-
-static void ieee80211_associate(struct net_device *dev,
-                               struct ieee80211_if_sta *ifsta)
-{
-       ifsta->assoc_tries++;
-       if (ifsta->assoc_tries > IEEE80211_ASSOC_MAX_TRIES) {
-               printk(KERN_DEBUG "%s: association with AP " MAC_FMT
-                      " timed out\n",
-                      dev->name, MAC_ARG(ifsta->bssid));
-               ifsta->state = IEEE80211_DISABLED;
-               return;
-       }
-
-       ifsta->state = IEEE80211_ASSOCIATE;
-       printk(KERN_DEBUG "%s: associate with AP " MAC_FMT "\n",
-              dev->name, MAC_ARG(ifsta->bssid));
-       if (ieee80211_privacy_mismatch(dev, ifsta)) {
-               printk(KERN_DEBUG "%s: mismatch in privacy configuration and "
-                      "mixed-cell disabled - abort association\n", dev->name);
-               ifsta->state = IEEE80211_DISABLED;
-               return;
-       }
-
-       ieee80211_send_assoc(dev, ifsta);
-
-       mod_timer(&ifsta->timer, jiffies + IEEE80211_ASSOC_TIMEOUT);
-}
-
-
-static void ieee80211_associated(struct net_device *dev,
-                                struct ieee80211_if_sta *ifsta)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct sta_info *sta;
-       int disassoc;
-
-       /* TODO: start monitoring current AP signal quality and number of
-        * missed beacons. Scan other channels every now and then and search
-        * for better APs. */
-       /* TODO: remove expired BSSes */
-
-       ifsta->state = IEEE80211_ASSOCIATED;
-
-       sta = sta_info_get(local, ifsta->bssid);
-       if (!sta) {
-               printk(KERN_DEBUG "%s: No STA entry for own AP " MAC_FMT "\n",
-                      dev->name, MAC_ARG(ifsta->bssid));
-               disassoc = 1;
-       } else {
-               disassoc = 0;
-               if (time_after(jiffies,
-                              sta->last_rx + IEEE80211_MONITORING_INTERVAL)) {
-                       if (ifsta->flags & IEEE80211_STA_PROBEREQ_POLL) {
-                               printk(KERN_DEBUG "%s: No ProbeResp from "
-                                      "current AP " MAC_FMT " - assume out of "
-                                      "range\n",
-                                      dev->name, MAC_ARG(ifsta->bssid));
-                               disassoc = 1;
-                               sta_info_free(sta);
-                       } else
-                               ieee80211_send_probe_req(dev, ifsta->bssid,
-                                                        local->scan_ssid,
-                                                        local->scan_ssid_len);
-                       ifsta->flags ^= IEEE80211_STA_PROBEREQ_POLL;
-               } else {
-                       ifsta->flags &= ~IEEE80211_STA_PROBEREQ_POLL;
-                       if (time_after(jiffies, ifsta->last_probe +
-                                      IEEE80211_PROBE_INTERVAL)) {
-                               ifsta->last_probe = jiffies;
-                               ieee80211_send_probe_req(dev, ifsta->bssid,
-                                                        ifsta->ssid,
-                                                        ifsta->ssid_len);
-                       }
-               }
-               sta_info_put(sta);
-       }
-       if (disassoc) {
-               union iwreq_data wrqu;
-               memset(wrqu.ap_addr.sa_data, 0, ETH_ALEN);
-               wrqu.ap_addr.sa_family = ARPHRD_ETHER;
-               wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL);
-               mod_timer(&ifsta->timer, jiffies +
-                                     IEEE80211_MONITORING_INTERVAL + 30 * HZ);
-       } else {
-               mod_timer(&ifsta->timer, jiffies +
-                                     IEEE80211_MONITORING_INTERVAL);
-       }
-}
-
-
-static void ieee80211_send_probe_req(struct net_device *dev, u8 *dst,
-                                    u8 *ssid, size_t ssid_len)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct ieee80211_hw_mode *mode;
-       struct sk_buff *skb;
-       struct ieee80211_mgmt *mgmt;
-       u8 *pos, *supp_rates, *esupp_rates = NULL;
-       int i;
-
-       skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt) + 200);
-       if (!skb) {
-               printk(KERN_DEBUG "%s: failed to allocate buffer for probe "
-                      "request\n", dev->name);
-               return;
-       }
-       skb_reserve(skb, local->hw.extra_tx_headroom);
-
-       mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
-       memset(mgmt, 0, 24);
-       mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
-                                          IEEE80211_STYPE_PROBE_REQ);
-       memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
-       if (dst) {
-               memcpy(mgmt->da, dst, ETH_ALEN);
-               memcpy(mgmt->bssid, dst, ETH_ALEN);
-       } else {
-               memset(mgmt->da, 0xff, ETH_ALEN);
-               memset(mgmt->bssid, 0xff, ETH_ALEN);
-       }
-       pos = skb_put(skb, 2 + ssid_len);
-       *pos++ = WLAN_EID_SSID;
-       *pos++ = ssid_len;
-       memcpy(pos, ssid, ssid_len);
-
-       supp_rates = skb_put(skb, 2);
-       supp_rates[0] = WLAN_EID_SUPP_RATES;
-       supp_rates[1] = 0;
-       mode = local->oper_hw_mode;
-       for (i = 0; i < mode->num_rates; i++) {
-               struct ieee80211_rate *rate = &mode->rates[i];
-               if (!(rate->flags & IEEE80211_RATE_SUPPORTED))
-                       continue;
-               if (esupp_rates) {
-                       pos = skb_put(skb, 1);
-                       esupp_rates[1]++;
-               } else if (supp_rates[1] == 8) {
-                       esupp_rates = skb_put(skb, 3);
-                       esupp_rates[0] = WLAN_EID_EXT_SUPP_RATES;
-                       esupp_rates[1] = 1;
-                       pos = &esupp_rates[2];
-               } else {
-                       pos = skb_put(skb, 1);
-                       supp_rates[1]++;
-               }
-               *pos = rate->rate / 5;
-       }
-
-       ieee80211_sta_tx(dev, skb, 0);
-}
-
-
-static int ieee80211_sta_wep_configured(struct net_device *dev)
-{
-       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-       if (!sdata || !sdata->default_key ||
-           sdata->default_key->conf.alg != ALG_WEP)
-               return 0;
-       return 1;
-}
-
-
-static void ieee80211_auth_completed(struct net_device *dev,
-                                    struct ieee80211_if_sta *ifsta)
-{
-       printk(KERN_DEBUG "%s: authenticated\n", dev->name);
-       ifsta->flags |= IEEE80211_STA_AUTHENTICATED;
-       ieee80211_associate(dev, ifsta);
-}
-
-
-static void ieee80211_auth_challenge(struct net_device *dev,
-                                    struct ieee80211_if_sta *ifsta,
-                                    struct ieee80211_mgmt *mgmt,
-                                    size_t len)
-{
-       u8 *pos;
-       struct ieee802_11_elems elems;
-
-       printk(KERN_DEBUG "%s: replying to auth challenge\n", dev->name);
-       pos = mgmt->u.auth.variable;
-       if (ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems)
-           == ParseFailed) {
-               printk(KERN_DEBUG "%s: failed to parse Auth(challenge)\n",
-                      dev->name);
-               return;
-       }
-       if (!elems.challenge) {
-               printk(KERN_DEBUG "%s: no challenge IE in shared key auth "
-                      "frame\n", dev->name);
-               return;
-       }
-       ieee80211_send_auth(dev, ifsta, 3, elems.challenge - 2,
-                           elems.challenge_len + 2, 1);
-}
-
-
-static void ieee80211_rx_mgmt_auth(struct net_device *dev,
-                                  struct ieee80211_if_sta *ifsta,
-                                  struct ieee80211_mgmt *mgmt,
-                                  size_t len)
-{
-       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-       u16 auth_alg, auth_transaction, status_code;
-
-       if (ifsta->state != IEEE80211_AUTHENTICATE &&
-           sdata->type != IEEE80211_IF_TYPE_IBSS) {
-               printk(KERN_DEBUG "%s: authentication frame received from "
-                      MAC_FMT ", but not in authenticate state - ignored\n",
-                      dev->name, MAC_ARG(mgmt->sa));
-               return;
-       }
-
-       if (len < 24 + 6) {
-               printk(KERN_DEBUG "%s: too short (%zd) authentication frame "
-                      "received from " MAC_FMT " - ignored\n",
-                      dev->name, len, MAC_ARG(mgmt->sa));
-               return;
-       }
-
-       if (sdata->type != IEEE80211_IF_TYPE_IBSS &&
-           memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) {
-               printk(KERN_DEBUG "%s: authentication frame received from "
-                      "unknown AP (SA=" MAC_FMT " BSSID=" MAC_FMT ") - "
-                      "ignored\n", dev->name, MAC_ARG(mgmt->sa),
-                      MAC_ARG(mgmt->bssid));
-               return;
-       }
-
-       if (sdata->type != IEEE80211_IF_TYPE_IBSS &&
-           memcmp(ifsta->bssid, mgmt->bssid, ETH_ALEN) != 0) {
-               printk(KERN_DEBUG "%s: authentication frame received from "
-                      "unknown BSSID (SA=" MAC_FMT " BSSID=" MAC_FMT ") - "
-                      "ignored\n", dev->name, MAC_ARG(mgmt->sa),
-                      MAC_ARG(mgmt->bssid));
-               return;
-       }
-
-       auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
-       auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
-       status_code = le16_to_cpu(mgmt->u.auth.status_code);
-
-       printk(KERN_DEBUG "%s: RX authentication from " MAC_FMT " (alg=%d "
-              "transaction=%d status=%d)\n",
-              dev->name, MAC_ARG(mgmt->sa), auth_alg,
-              auth_transaction, status_code);
-
-       if (sdata->type == IEEE80211_IF_TYPE_IBSS) {
-               /* IEEE 802.11 standard does not require authentication in IBSS
-                * networks and most implementations do not seem to use it.
-                * However, try to reply to authentication attempts if someone
-                * has actually implemented this.
-                * TODO: Could implement shared key authentication. */
-               if (auth_alg != WLAN_AUTH_OPEN || auth_transaction != 1) {
-                       printk(KERN_DEBUG "%s: unexpected IBSS authentication "
-                              "frame (alg=%d transaction=%d)\n",
-                              dev->name, auth_alg, auth_transaction);
-                       return;
-               }
-               ieee80211_send_auth(dev, ifsta, 2, NULL, 0, 0);
-       }
-
-       if (auth_alg != ifsta->auth_alg ||
-           auth_transaction != ifsta->auth_transaction) {
-               printk(KERN_DEBUG "%s: unexpected authentication frame "
-                      "(alg=%d transaction=%d)\n",
-                      dev->name, auth_alg, auth_transaction);
-               return;
-       }
-
-       if (status_code != WLAN_STATUS_SUCCESS) {
-               printk(KERN_DEBUG "%s: AP denied authentication (auth_alg=%d "
-                      "code=%d)\n", dev->name, ifsta->auth_alg, status_code);
-               if (status_code == WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG) {
-                       u8 algs[3];
-                       const int num_algs = ARRAY_SIZE(algs);
-                       int i, pos;
-                       algs[0] = algs[1] = algs[2] = 0xff;
-                       if (ifsta->auth_algs & IEEE80211_AUTH_ALG_OPEN)
-                               algs[0] = WLAN_AUTH_OPEN;
-                       if (ifsta->auth_algs & IEEE80211_AUTH_ALG_SHARED_KEY)
-                               algs[1] = WLAN_AUTH_SHARED_KEY;
-                       if (ifsta->auth_algs & IEEE80211_AUTH_ALG_LEAP)
-                               algs[2] = WLAN_AUTH_LEAP;
-                       if (ifsta->auth_alg == WLAN_AUTH_OPEN)
-                               pos = 0;
-                       else if (ifsta->auth_alg == WLAN_AUTH_SHARED_KEY)
-                               pos = 1;
-                       else
-                               pos = 2;
-                       for (i = 0; i < num_algs; i++) {
-                               pos++;
-                               if (pos >= num_algs)
-                                       pos = 0;
-                               if (algs[pos] == ifsta->auth_alg ||
-                                   algs[pos] == 0xff)
-                                       continue;
-                               if (algs[pos] == WLAN_AUTH_SHARED_KEY &&
-                                   !ieee80211_sta_wep_configured(dev))
-                                       continue;
-                               ifsta->auth_alg = algs[pos];
-                               printk(KERN_DEBUG "%s: set auth_alg=%d for "
-                                      "next try\n",
-                                      dev->name, ifsta->auth_alg);
-                               break;
-                       }
-               }
-               return;
-       }
-
-       switch (ifsta->auth_alg) {
-       case WLAN_AUTH_OPEN:
-       case WLAN_AUTH_LEAP:
-               ieee80211_auth_completed(dev, ifsta);
-               break;
-       case WLAN_AUTH_SHARED_KEY:
-               if (ifsta->auth_transaction == 4)
-                       ieee80211_auth_completed(dev, ifsta);
-               else
-                       ieee80211_auth_challenge(dev, ifsta, mgmt, len);
-               break;
-       }
-}
-
-
-static void ieee80211_rx_mgmt_deauth(struct net_device *dev,
-                                    struct ieee80211_if_sta *ifsta,
-                                    struct ieee80211_mgmt *mgmt,
-                                    size_t len)
-{
-       u16 reason_code;
-
-       if (len < 24 + 2) {
-               printk(KERN_DEBUG "%s: too short (%zd) deauthentication frame "
-                      "received from " MAC_FMT " - ignored\n",
-                      dev->name, len, MAC_ARG(mgmt->sa));
-               return;
-       }
-
-       if (memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) {
-               printk(KERN_DEBUG "%s: deauthentication frame received from "
-                      "unknown AP (SA=" MAC_FMT " BSSID=" MAC_FMT ") - "
-                      "ignored\n", dev->name, MAC_ARG(mgmt->sa),
-                      MAC_ARG(mgmt->bssid));
-               return;
-       }
-
-       reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
-
-       printk(KERN_DEBUG "%s: RX deauthentication from " MAC_FMT
-              " (reason=%d)\n",
-              dev->name, MAC_ARG(mgmt->sa), reason_code);
-
-       if (ifsta->flags & IEEE80211_STA_AUTHENTICATED) {
-               printk(KERN_DEBUG "%s: deauthenticated\n", dev->name);
-       }
-
-       if (ifsta->state == IEEE80211_AUTHENTICATE ||
-           ifsta->state == IEEE80211_ASSOCIATE ||
-           ifsta->state == IEEE80211_ASSOCIATED) {
-               ifsta->state = IEEE80211_AUTHENTICATE;
-               mod_timer(&ifsta->timer, jiffies +
-                                     IEEE80211_RETRY_AUTH_INTERVAL);
-       }
-
-       ieee80211_set_disassoc(dev, ifsta, 1);
-       ifsta->flags &= ~IEEE80211_STA_AUTHENTICATED;
-}
-
-
-static void ieee80211_rx_mgmt_disassoc(struct net_device *dev,
-                                      struct ieee80211_if_sta *ifsta,
-                                      struct ieee80211_mgmt *mgmt,
-                                      size_t len)
-{
-       u16 reason_code;
-
-       if (len < 24 + 2) {
-               printk(KERN_DEBUG "%s: too short (%zd) disassociation frame "
-                      "received from " MAC_FMT " - ignored\n",
-                      dev->name, len, MAC_ARG(mgmt->sa));
-               return;
-       }
-
-       if (memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) {
-               printk(KERN_DEBUG "%s: disassociation frame received from "
-                      "unknown AP (SA=" MAC_FMT " BSSID=" MAC_FMT ") - "
-                      "ignored\n", dev->name, MAC_ARG(mgmt->sa),
-                      MAC_ARG(mgmt->bssid));
-               return;
-       }
-
-       reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
-
-       printk(KERN_DEBUG "%s: RX disassociation from " MAC_FMT
-              " (reason=%d)\n",
-              dev->name, MAC_ARG(mgmt->sa), reason_code);
-
-       if (ifsta->flags & IEEE80211_STA_ASSOCIATED)
-               printk(KERN_DEBUG "%s: disassociated\n", dev->name);
-
-       if (ifsta->state == IEEE80211_ASSOCIATED) {
-               ifsta->state = IEEE80211_ASSOCIATE;
-               mod_timer(&ifsta->timer, jiffies +
-                                     IEEE80211_RETRY_AUTH_INTERVAL);
-       }
-
-       ieee80211_set_disassoc(dev, ifsta, 0);
-}
-
-
-static void ieee80211_rx_mgmt_assoc_resp(struct net_device *dev,
-                                        struct ieee80211_if_sta *ifsta,
-                                        struct ieee80211_mgmt *mgmt,
-                                        size_t len,
-                                        int reassoc)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct ieee80211_hw_mode *mode;
-       struct sta_info *sta;
-       u32 rates;
-       u16 capab_info, status_code, aid;
-       struct ieee802_11_elems elems;
-       u8 *pos;
-       int i, j;
-
-       /* AssocResp and ReassocResp have identical structure, so process both
-        * of them in this function. */
-
-       if (ifsta->state != IEEE80211_ASSOCIATE) {
-               printk(KERN_DEBUG "%s: association frame received from "
-                      MAC_FMT ", but not in associate state - ignored\n",
-                      dev->name, MAC_ARG(mgmt->sa));
-               return;
-       }
-
-       if (len < 24 + 6) {
-               printk(KERN_DEBUG "%s: too short (%zd) association frame "
-                      "received from " MAC_FMT " - ignored\n",
-                      dev->name, len, MAC_ARG(mgmt->sa));
-               return;
-       }
-
-       if (memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) {
-               printk(KERN_DEBUG "%s: association frame received from "
-                      "unknown AP (SA=" MAC_FMT " BSSID=" MAC_FMT ") - "
-                      "ignored\n", dev->name, MAC_ARG(mgmt->sa),
-                      MAC_ARG(mgmt->bssid));
-               return;
-       }
-
-       capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
-       status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
-       aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
-       if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14)))
-               printk(KERN_DEBUG "%s: invalid aid value %d; bits 15:14 not "
-                      "set\n", dev->name, aid);
-       aid &= ~(BIT(15) | BIT(14));
-
-       printk(KERN_DEBUG "%s: RX %sssocResp from " MAC_FMT " (capab=0x%x "
-              "status=%d aid=%d)\n",
-              dev->name, reassoc ? "Rea" : "A", MAC_ARG(mgmt->sa),
-              capab_info, status_code, aid);
-
-       if (status_code != WLAN_STATUS_SUCCESS) {
-               printk(KERN_DEBUG "%s: AP denied association (code=%d)\n",
-                      dev->name, status_code);
-               /* if this was a reassociation, ensure we try a "full"
-                * association next time. This works around some broken APs
-                * which do not correctly reject reassociation requests. */
-               ifsta->flags &= ~IEEE80211_STA_PREV_BSSID_SET;
-               return;
-       }
-
-       pos = mgmt->u.assoc_resp.variable;
-       if (ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems)
-           == ParseFailed) {
-               printk(KERN_DEBUG "%s: failed to parse AssocResp\n",
-                      dev->name);
-               return;
-       }
-
-       if (!elems.supp_rates) {
-               printk(KERN_DEBUG "%s: no SuppRates element in AssocResp\n",
-                      dev->name);
-               return;
-       }
-
-       /* it probably doesn't, but if the frame includes an ERP value then
-        * update our stored copy */
-       if (elems.erp_info && elems.erp_info_len >= 1) {
-               struct ieee80211_sta_bss *bss
-                       = ieee80211_rx_bss_get(dev, ifsta->bssid);
-               if (bss) {
-                       bss->erp_value = elems.erp_info[0];
-                       bss->has_erp_value = 1;
-                       ieee80211_rx_bss_put(dev, bss);
-               }
-       }
-
-       printk(KERN_DEBUG "%s: associated\n", dev->name);
-       ifsta->aid = aid;
-       ifsta->ap_capab = capab_info;
-
-       kfree(ifsta->assocresp_ies);
-       ifsta->assocresp_ies_len = len - (pos - (u8 *) mgmt);
-       ifsta->assocresp_ies = kmalloc(ifsta->assocresp_ies_len, GFP_KERNEL);
-       if (ifsta->assocresp_ies)
-               memcpy(ifsta->assocresp_ies, pos, ifsta->assocresp_ies_len);
-
-       ieee80211_set_associated(dev, ifsta, 1);
-
-       /* Add STA entry for the AP */
-       sta = sta_info_get(local, ifsta->bssid);
-       if (!sta) {
-               struct ieee80211_sta_bss *bss;
-               sta = sta_info_add(local, dev, ifsta->bssid, GFP_KERNEL);
-               if (!sta) {
-                       printk(KERN_DEBUG "%s: failed to add STA entry for the"
-                              " AP\n", dev->name);
-                       return;
-               }
-               bss = ieee80211_rx_bss_get(dev, ifsta->bssid);
-               if (bss) {
-                       sta->last_rssi = bss->rssi;
-                       sta->last_signal = bss->signal;
-                       sta->last_noise = bss->noise;
-                       ieee80211_rx_bss_put(dev, bss);
-               }
-       }
-
-       sta->dev = dev;
-       sta->flags |= WLAN_STA_AUTH | WLAN_STA_ASSOC | WLAN_STA_ASSOC_AP;
-
-       rates = 0;
-       mode = local->oper_hw_mode;
-       for (i = 0; i < elems.supp_rates_len; i++) {
-               int rate = (elems.supp_rates[i] & 0x7f) * 5;
-               for (j = 0; j < mode->num_rates; j++)
-                       if (mode->rates[j].rate == rate)
-                               rates |= BIT(j);
-       }
-       for (i = 0; i < elems.ext_supp_rates_len; i++) {
-               int rate = (elems.ext_supp_rates[i] & 0x7f) * 5;
-               for (j = 0; j < mode->num_rates; j++)
-                       if (mode->rates[j].rate == rate)
-                               rates |= BIT(j);
-       }
-       sta->supp_rates = rates;
-
-       rate_control_rate_init(sta, local);
-
-       if (elems.wmm_param && (ifsta->flags & IEEE80211_STA_WMM_ENABLED)) {
-               sta->flags |= WLAN_STA_WME;
-               ieee80211_sta_wmm_params(dev, ifsta, elems.wmm_param,
-                                        elems.wmm_param_len);
-       }
-
-
-       sta_info_put(sta);
-
-       ieee80211_associated(dev, ifsta);
-}
-
-
-/* Caller must hold local->sta_bss_lock */
-static void __ieee80211_rx_bss_hash_add(struct net_device *dev,
-                                       struct ieee80211_sta_bss *bss)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       bss->hnext = local->sta_bss_hash[STA_HASH(bss->bssid)];
-       local->sta_bss_hash[STA_HASH(bss->bssid)] = bss;
-}
-
-
-/* Caller must hold local->sta_bss_lock */
-static void __ieee80211_rx_bss_hash_del(struct net_device *dev,
-                                       struct ieee80211_sta_bss *bss)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct ieee80211_sta_bss *b, *prev = NULL;
-       b = local->sta_bss_hash[STA_HASH(bss->bssid)];
-       while (b) {
-               if (b == bss) {
-                       if (!prev)
-                               local->sta_bss_hash[STA_HASH(bss->bssid)] =
-                                       bss->hnext;
-                       else
-                               prev->hnext = bss->hnext;
-                       break;
-               }
-               prev = b;
-               b = b->hnext;
-       }
-}
-
-
-static struct ieee80211_sta_bss *
-ieee80211_rx_bss_add(struct net_device *dev, u8 *bssid)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct ieee80211_sta_bss *bss;
-
-       bss = kzalloc(sizeof(*bss), GFP_ATOMIC);
-       if (!bss)
-               return NULL;
-       atomic_inc(&bss->users);
-       atomic_inc(&bss->users);
-       memcpy(bss->bssid, bssid, ETH_ALEN);
-
-       spin_lock_bh(&local->sta_bss_lock);
-       /* TODO: order by RSSI? */
-       list_add_tail(&bss->list, &local->sta_bss_list);
-       __ieee80211_rx_bss_hash_add(dev, bss);
-       spin_unlock_bh(&local->sta_bss_lock);
-       return bss;
-}
-
-
-static struct ieee80211_sta_bss *
-ieee80211_rx_bss_get(struct net_device *dev, u8 *bssid)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct ieee80211_sta_bss *bss;
-
-       spin_lock_bh(&local->sta_bss_lock);
-       bss = local->sta_bss_hash[STA_HASH(bssid)];
-       while (bss) {
-               if (memcmp(bss->bssid, bssid, ETH_ALEN) == 0) {
-                       atomic_inc(&bss->users);
-                       break;
-               }
-               bss = bss->hnext;
-       }
-       spin_unlock_bh(&local->sta_bss_lock);
-       return bss;
-}
-
-
-static void ieee80211_rx_bss_free(struct ieee80211_sta_bss *bss)
-{
-       kfree(bss->wpa_ie);
-       kfree(bss->rsn_ie);
-       kfree(bss->wmm_ie);
-       kfree(bss);
-}
-
-
-static void ieee80211_rx_bss_put(struct net_device *dev,
-                                struct ieee80211_sta_bss *bss)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       if (!atomic_dec_and_test(&bss->users))
-               return;
-
-       spin_lock_bh(&local->sta_bss_lock);
-       __ieee80211_rx_bss_hash_del(dev, bss);
-       list_del(&bss->list);
-       spin_unlock_bh(&local->sta_bss_lock);
-       ieee80211_rx_bss_free(bss);
-}
-
-
-void ieee80211_rx_bss_list_init(struct net_device *dev)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       spin_lock_init(&local->sta_bss_lock);
-       INIT_LIST_HEAD(&local->sta_bss_list);
-}
-
-
-void ieee80211_rx_bss_list_deinit(struct net_device *dev)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct ieee80211_sta_bss *bss, *tmp;
-
-       list_for_each_entry_safe(bss, tmp, &local->sta_bss_list, list)
-               ieee80211_rx_bss_put(dev, bss);
-}
-
-
-static void ieee80211_rx_bss_info(struct net_device *dev,
-                                 struct ieee80211_mgmt *mgmt,
-                                 size_t len,
-                                 struct ieee80211_rx_status *rx_status,
-                                 int beacon)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct ieee802_11_elems elems;
-       size_t baselen;
-       int channel, invalid = 0, clen;
-       struct ieee80211_sta_bss *bss;
-       struct sta_info *sta;
-       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-       u64 timestamp;
-
-       if (!beacon && memcmp(mgmt->da, dev->dev_addr, ETH_ALEN))
-               return; /* ignore ProbeResp to foreign address */
-
-#if 0
-       printk(KERN_DEBUG "%s: RX %s from " MAC_FMT " to " MAC_FMT "\n",
-              dev->name, beacon ? "Beacon" : "Probe Response",
-              MAC_ARG(mgmt->sa), MAC_ARG(mgmt->da));
-#endif
-
-       baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
-       if (baselen > len)
-               return;
-
-       timestamp = le64_to_cpu(mgmt->u.beacon.timestamp);
-
-       if (sdata->type == IEEE80211_IF_TYPE_IBSS && beacon &&
-           memcmp(mgmt->bssid, sdata->u.sta.bssid, ETH_ALEN) == 0) {
-#ifdef CONFIG_MAC80211_IBSS_DEBUG
-               static unsigned long last_tsf_debug = 0;
-               u64 tsf;
-               if (local->ops->get_tsf)
-                       tsf = local->ops->get_tsf(local_to_hw(local));
-               else
-                       tsf = -1LLU;
-               if (time_after(jiffies, last_tsf_debug + 5 * HZ)) {
-                       printk(KERN_DEBUG "RX beacon SA=" MAC_FMT " BSSID="
-                              MAC_FMT " TSF=0x%llx BCN=0x%llx diff=%lld "
-                              "@%lu\n",
-                              MAC_ARG(mgmt->sa), MAC_ARG(mgmt->bssid),
-                              (unsigned long long)tsf,
-                              (unsigned long long)timestamp,
-                              (unsigned long long)(tsf - timestamp),
-                              jiffies);
-                       last_tsf_debug = jiffies;
-               }
-#endif /* CONFIG_MAC80211_IBSS_DEBUG */
-       }
-
-       if (ieee802_11_parse_elems(mgmt->u.beacon.variable, len - baselen,
-                                  &elems) == ParseFailed)
-               invalid = 1;
-
-       if (sdata->type == IEEE80211_IF_TYPE_IBSS && elems.supp_rates &&
-           memcmp(mgmt->bssid, sdata->u.sta.bssid, ETH_ALEN) == 0 &&
-           (sta = sta_info_get(local, mgmt->sa))) {
-               struct ieee80211_hw_mode *mode;
-               struct ieee80211_rate *rates;
-               size_t num_rates;
-               u32 supp_rates, prev_rates;
-               int i, j;
-
-               mode = local->sta_scanning ?
-                      local->scan_hw_mode : local->oper_hw_mode;
-               rates = mode->rates;
-               num_rates = mode->num_rates;
-
-               supp_rates = 0;
-               for (i = 0; i < elems.supp_rates_len +
-                            elems.ext_supp_rates_len; i++) {
-                       u8 rate = 0;
-                       int own_rate;
-                       if (i < elems.supp_rates_len)
-                               rate = elems.supp_rates[i];
-                       else if (elems.ext_supp_rates)
-                               rate = elems.ext_supp_rates
-                                       [i - elems.supp_rates_len];
-                       own_rate = 5 * (rate & 0x7f);
-                       for (j = 0; j < num_rates; j++)
-                               if (rates[j].rate == own_rate)
-                                       supp_rates |= BIT(j);
-               }
-
-               prev_rates = sta->supp_rates;
-               sta->supp_rates &= supp_rates;
-               if (sta->supp_rates == 0) {
-                       /* No matching rates - this should not really happen.
-                        * Make sure that at least one rate is marked
-                        * supported to avoid issues with TX rate ctrl. */
-                       sta->supp_rates = sdata->u.sta.supp_rates_bits;
-               }
-               if (sta->supp_rates != prev_rates) {
-                       printk(KERN_DEBUG "%s: updated supp_rates set for "
-                              MAC_FMT " based on beacon info (0x%x & 0x%x -> "
-                              "0x%x)\n",
-                              dev->name, MAC_ARG(sta->addr), prev_rates,
-                              supp_rates, sta->supp_rates);
-               }
-               sta_info_put(sta);
-       }
-
-       if (!elems.ssid)
-               return;
-
-       if (elems.ds_params && elems.ds_params_len == 1)
-               channel = elems.ds_params[0];
-       else
-               channel = rx_status->channel;
-
-       bss = ieee80211_rx_bss_get(dev, mgmt->bssid);
-       if (!bss) {
-               bss = ieee80211_rx_bss_add(dev, mgmt->bssid);
-               if (!bss)
-                       return;
-       } else {
-#if 0
-               /* TODO: order by RSSI? */
-               spin_lock_bh(&local->sta_bss_lock);
-               list_move_tail(&bss->list, &local->sta_bss_list);
-               spin_unlock_bh(&local->sta_bss_lock);
-#endif
-       }
-
-       if (bss->probe_resp && beacon) {
-               /* Do not allow beacon to override data from Probe Response. */
-               ieee80211_rx_bss_put(dev, bss);
-               return;
-       }
-
-       /* save the ERP value so that it is available at association time */
-       if (elems.erp_info && elems.erp_info_len >= 1) {
-               bss->erp_value = elems.erp_info[0];
-               bss->has_erp_value = 1;
-       }
-
-       bss->beacon_int = le16_to_cpu(mgmt->u.beacon.beacon_int);
-       bss->capability = le16_to_cpu(mgmt->u.beacon.capab_info);
-       if (elems.ssid && elems.ssid_len <= IEEE80211_MAX_SSID_LEN) {
-               memcpy(bss->ssid, elems.ssid, elems.ssid_len);
-               bss->ssid_len = elems.ssid_len;
-       }
-
-       bss->supp_rates_len = 0;
-       if (elems.supp_rates) {
-               clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len;
-               if (clen > elems.supp_rates_len)
-                       clen = elems.supp_rates_len;
-               memcpy(&bss->supp_rates[bss->supp_rates_len], elems.supp_rates,
-                      clen);
-               bss->supp_rates_len += clen;
-       }
-       if (elems.ext_supp_rates) {
-               clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len;
-               if (clen > elems.ext_supp_rates_len)
-                       clen = elems.ext_supp_rates_len;
-               memcpy(&bss->supp_rates[bss->supp_rates_len],
-                      elems.ext_supp_rates, clen);
-               bss->supp_rates_len += clen;
-       }
-
-       if (elems.wpa &&
-           (!bss->wpa_ie || bss->wpa_ie_len != elems.wpa_len ||
-            memcmp(bss->wpa_ie, elems.wpa, elems.wpa_len))) {
-               kfree(bss->wpa_ie);
-               bss->wpa_ie = kmalloc(elems.wpa_len + 2, GFP_ATOMIC);
-               if (bss->wpa_ie) {
-                       memcpy(bss->wpa_ie, elems.wpa - 2, elems.wpa_len + 2);
-                       bss->wpa_ie_len = elems.wpa_len + 2;
-               } else
-                       bss->wpa_ie_len = 0;
-       } else if (!elems.wpa && bss->wpa_ie) {
-               kfree(bss->wpa_ie);
-               bss->wpa_ie = NULL;
-               bss->wpa_ie_len = 0;
-       }
-
-       if (elems.rsn &&
-           (!bss->rsn_ie || bss->rsn_ie_len != elems.rsn_len ||
-            memcmp(bss->rsn_ie, elems.rsn, elems.rsn_len))) {
-               kfree(bss->rsn_ie);
-               bss->rsn_ie = kmalloc(elems.rsn_len + 2, GFP_ATOMIC);
-               if (bss->rsn_ie) {
-                       memcpy(bss->rsn_ie, elems.rsn - 2, elems.rsn_len + 2);
-                       bss->rsn_ie_len = elems.rsn_len + 2;
-               } else
-                       bss->rsn_ie_len = 0;
-       } else if (!elems.rsn && bss->rsn_ie) {
-               kfree(bss->rsn_ie);
-               bss->rsn_ie = NULL;
-               bss->rsn_ie_len = 0;
-       }
-
-       if (elems.wmm_param &&
-           (!bss->wmm_ie || bss->wmm_ie_len != elems.wmm_param_len ||
-            memcmp(bss->wmm_ie, elems.wmm_param, elems.wmm_param_len))) {
-               kfree(bss->wmm_ie);
-               bss->wmm_ie = kmalloc(elems.wmm_param_len + 2, GFP_ATOMIC);
-               if (bss->wmm_ie) {
-                       memcpy(bss->wmm_ie, elems.wmm_param - 2,
-                              elems.wmm_param_len + 2);
-                       bss->wmm_ie_len = elems.wmm_param_len + 2;
-               } else
-                       bss->wmm_ie_len = 0;
-       } else if (!elems.wmm_param && bss->wmm_ie) {
-               kfree(bss->wmm_ie);
-               bss->wmm_ie = NULL;
-               bss->wmm_ie_len = 0;
-       }
-
-
-       bss->hw_mode = rx_status->phymode;
-       bss->channel = channel;
-       bss->freq = rx_status->freq;
-       if (channel != rx_status->channel &&
-           (bss->hw_mode == MODE_IEEE80211G ||
-            bss->hw_mode == MODE_IEEE80211B) &&
-           channel >= 1 && channel <= 14) {
-               static const int freq_list[] = {
-                       2412, 2417, 2422, 2427, 2432, 2437, 2442,
-                       2447, 2452, 2457, 2462, 2467, 2472, 2484
-               };
-               /* IEEE 802.11g/b mode can receive packets from neighboring
-                * channels, so map the channel into frequency. */
-               bss->freq = freq_list[channel - 1];
-       }
-       bss->timestamp = timestamp;
-       bss->last_update = jiffies;
-       bss->rssi = rx_status->ssi;
-       bss->signal = rx_status->signal;
-       bss->noise = rx_status->noise;
-       if (!beacon)
-               bss->probe_resp++;
-       ieee80211_rx_bss_put(dev, bss);
-}
-
-
-static void ieee80211_rx_mgmt_probe_resp(struct net_device *dev,
-                                        struct ieee80211_mgmt *mgmt,
-                                        size_t len,
-                                        struct ieee80211_rx_status *rx_status)
-{
-       ieee80211_rx_bss_info(dev, mgmt, len, rx_status, 0);
-}
-
-
-static void ieee80211_rx_mgmt_beacon(struct net_device *dev,
-                                    struct ieee80211_mgmt *mgmt,
-                                    size_t len,
-                                    struct ieee80211_rx_status *rx_status)
-{
-       struct ieee80211_sub_if_data *sdata;
-       struct ieee80211_if_sta *ifsta;
-       size_t baselen;
-       struct ieee802_11_elems elems;
-
-       ieee80211_rx_bss_info(dev, mgmt, len, rx_status, 1);
-
-       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-       if (sdata->type != IEEE80211_IF_TYPE_STA)
-               return;
-       ifsta = &sdata->u.sta;
-
-       if (!(ifsta->flags & IEEE80211_STA_ASSOCIATED) ||
-           memcmp(ifsta->bssid, mgmt->bssid, ETH_ALEN) != 0)
-               return;
-
-       /* Process beacon from the current BSS */
-       baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
-       if (baselen > len)
-               return;
-
-       if (ieee802_11_parse_elems(mgmt->u.beacon.variable, len - baselen,
-                                  &elems) == ParseFailed)
-               return;
-
-       if (elems.erp_info && elems.erp_info_len >= 1)
-               ieee80211_handle_erp_ie(dev, elems.erp_info[0]);
-
-       if (elems.wmm_param && (ifsta->flags & IEEE80211_STA_WMM_ENABLED)) {
-               ieee80211_sta_wmm_params(dev, ifsta, elems.wmm_param,
-                                        elems.wmm_param_len);
-       }
-}
-
-
-static void ieee80211_rx_mgmt_probe_req(struct net_device *dev,
-                                       struct ieee80211_if_sta *ifsta,
-                                       struct ieee80211_mgmt *mgmt,
-                                       size_t len,
-                                       struct ieee80211_rx_status *rx_status)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-       int tx_last_beacon;
-       struct sk_buff *skb;
-       struct ieee80211_mgmt *resp;
-       u8 *pos, *end;
-
-       if (sdata->type != IEEE80211_IF_TYPE_IBSS ||
-           ifsta->state != IEEE80211_IBSS_JOINED ||
-           len < 24 + 2 || !ifsta->probe_resp)
-               return;
-
-       if (local->ops->tx_last_beacon)
-               tx_last_beacon = local->ops->tx_last_beacon(local_to_hw(local));
-       else
-               tx_last_beacon = 1;
-
-#ifdef CONFIG_MAC80211_IBSS_DEBUG
-       printk(KERN_DEBUG "%s: RX ProbeReq SA=" MAC_FMT " DA=" MAC_FMT " BSSID="
-              MAC_FMT " (tx_last_beacon=%d)\n",
-              dev->name, MAC_ARG(mgmt->sa), MAC_ARG(mgmt->da),
-              MAC_ARG(mgmt->bssid), tx_last_beacon);
-#endif /* CONFIG_MAC80211_IBSS_DEBUG */
-
-       if (!tx_last_beacon)
-               return;
-
-       if (memcmp(mgmt->bssid, ifsta->bssid, ETH_ALEN) != 0 &&
-           memcmp(mgmt->bssid, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) != 0)
-               return;
-
-       end = ((u8 *) mgmt) + len;
-       pos = mgmt->u.probe_req.variable;
-       if (pos[0] != WLAN_EID_SSID ||
-           pos + 2 + pos[1] > end) {
-               if (net_ratelimit()) {
-                       printk(KERN_DEBUG "%s: Invalid SSID IE in ProbeReq "
-                              "from " MAC_FMT "\n",
-                              dev->name, MAC_ARG(mgmt->sa));
-               }
-               return;
-       }
-       if (pos[1] != 0 &&
-           (pos[1] != ifsta->ssid_len ||
-            memcmp(pos + 2, ifsta->ssid, ifsta->ssid_len) != 0)) {
-               /* Ignore ProbeReq for foreign SSID */
-               return;
-       }
-
-       /* Reply with ProbeResp */
-       skb = skb_copy(ifsta->probe_resp, GFP_KERNEL);
-       if (!skb)
-               return;
-
-       resp = (struct ieee80211_mgmt *) skb->data;
-       memcpy(resp->da, mgmt->sa, ETH_ALEN);
-#ifdef CONFIG_MAC80211_IBSS_DEBUG
-       printk(KERN_DEBUG "%s: Sending ProbeResp to " MAC_FMT "\n",
-              dev->name, MAC_ARG(resp->da));
-#endif /* CONFIG_MAC80211_IBSS_DEBUG */
-       ieee80211_sta_tx(dev, skb, 0);
-}
-
-
-void ieee80211_sta_rx_mgmt(struct net_device *dev, struct sk_buff *skb,
-                          struct ieee80211_rx_status *rx_status)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct ieee80211_sub_if_data *sdata;
-       struct ieee80211_if_sta *ifsta;
-       struct ieee80211_mgmt *mgmt;
-       u16 fc;
-
-       if (skb->len < 24)
-               goto fail;
-
-       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-       ifsta = &sdata->u.sta;
-
-       mgmt = (struct ieee80211_mgmt *) skb->data;
-       fc = le16_to_cpu(mgmt->frame_control);
-
-       switch (fc & IEEE80211_FCTL_STYPE) {
-       case IEEE80211_STYPE_PROBE_REQ:
-       case IEEE80211_STYPE_PROBE_RESP:
-       case IEEE80211_STYPE_BEACON:
-               memcpy(skb->cb, rx_status, sizeof(*rx_status));
-       case IEEE80211_STYPE_AUTH:
-       case IEEE80211_STYPE_ASSOC_RESP:
-       case IEEE80211_STYPE_REASSOC_RESP:
-       case IEEE80211_STYPE_DEAUTH:
-       case IEEE80211_STYPE_DISASSOC:
-               skb_queue_tail(&ifsta->skb_queue, skb);
-               queue_work(local->hw.workqueue, &ifsta->work);
-               return;
-       default:
-               printk(KERN_DEBUG "%s: received unknown management frame - "
-                      "stype=%d\n", dev->name,
-                      (fc & IEEE80211_FCTL_STYPE) >> 4);
-               break;
-       }
-
- fail:
-       kfree_skb(skb);
-}
-
-
-static void ieee80211_sta_rx_queued_mgmt(struct net_device *dev,
-                                        struct sk_buff *skb)
-{
-       struct ieee80211_rx_status *rx_status;
-       struct ieee80211_sub_if_data *sdata;
-       struct ieee80211_if_sta *ifsta;
-       struct ieee80211_mgmt *mgmt;
-       u16 fc;
-
-       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-       ifsta = &sdata->u.sta;
-
-       rx_status = (struct ieee80211_rx_status *) skb->cb;
-       mgmt = (struct ieee80211_mgmt *) skb->data;
-       fc = le16_to_cpu(mgmt->frame_control);
-
-       switch (fc & IEEE80211_FCTL_STYPE) {
-       case IEEE80211_STYPE_PROBE_REQ:
-               ieee80211_rx_mgmt_probe_req(dev, ifsta, mgmt, skb->len,
-                                           rx_status);
-               break;
-       case IEEE80211_STYPE_PROBE_RESP:
-               ieee80211_rx_mgmt_probe_resp(dev, mgmt, skb->len, rx_status);
-               break;
-       case IEEE80211_STYPE_BEACON:
-               ieee80211_rx_mgmt_beacon(dev, mgmt, skb->len, rx_status);
-               break;
-       case IEEE80211_STYPE_AUTH:
-               ieee80211_rx_mgmt_auth(dev, ifsta, mgmt, skb->len);
-               break;
-       case IEEE80211_STYPE_ASSOC_RESP:
-               ieee80211_rx_mgmt_assoc_resp(dev, ifsta, mgmt, skb->len, 0);
-               break;
-       case IEEE80211_STYPE_REASSOC_RESP:
-               ieee80211_rx_mgmt_assoc_resp(dev, ifsta, mgmt, skb->len, 1);
-               break;
-       case IEEE80211_STYPE_DEAUTH:
-               ieee80211_rx_mgmt_deauth(dev, ifsta, mgmt, skb->len);
-               break;
-       case IEEE80211_STYPE_DISASSOC:
-               ieee80211_rx_mgmt_disassoc(dev, ifsta, mgmt, skb->len);
-               break;
-       }
-
-       kfree_skb(skb);
-}
-
-
-void ieee80211_sta_rx_scan(struct net_device *dev, struct sk_buff *skb,
-                          struct ieee80211_rx_status *rx_status)
-{
-       struct ieee80211_mgmt *mgmt;
-       u16 fc;
-
-       if (skb->len < 24) {
-               dev_kfree_skb(skb);
-               return;
-       }
-
-       mgmt = (struct ieee80211_mgmt *) skb->data;
-       fc = le16_to_cpu(mgmt->frame_control);
-
-       if ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_MGMT) {
-               if ((fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_PROBE_RESP) {
-                       ieee80211_rx_mgmt_probe_resp(dev, mgmt,
-                                                    skb->len, rx_status);
-               } else if ((fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_BEACON) {
-                       ieee80211_rx_mgmt_beacon(dev, mgmt, skb->len,
-                                                rx_status);
-               }
-       }
-
-       dev_kfree_skb(skb);
-}
-
-
-static int ieee80211_sta_active_ibss(struct net_device *dev)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       int active = 0;
-       struct sta_info *sta;
-
-       read_lock_bh(&local->sta_lock);
-       list_for_each_entry(sta, &local->sta_list, list) {
-               if (sta->dev == dev &&
-                   time_after(sta->last_rx + IEEE80211_IBSS_MERGE_INTERVAL,
-                              jiffies)) {
-                       active++;
-                       break;
-               }
-       }
-       read_unlock_bh(&local->sta_lock);
-
-       return active;
-}
-
-
-static void ieee80211_sta_expire(struct net_device *dev)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct sta_info *sta, *tmp;
-       LIST_HEAD(tmp_list);
-
-       write_lock_bh(&local->sta_lock);
-       list_for_each_entry_safe(sta, tmp, &local->sta_list, list)
-               if (time_after(jiffies, sta->last_rx +
-                              IEEE80211_IBSS_INACTIVITY_LIMIT)) {
-                       printk(KERN_DEBUG "%s: expiring inactive STA " MAC_FMT
-                              "\n", dev->name, MAC_ARG(sta->addr));
-                       __sta_info_get(sta);
-                       sta_info_remove(sta);
-                       list_add(&sta->list, &tmp_list);
-               }
-       write_unlock_bh(&local->sta_lock);
-
-       list_for_each_entry_safe(sta, tmp, &tmp_list, list) {
-               sta_info_free(sta);
-               sta_info_put(sta);
-       }
-}
-
-
-static void ieee80211_sta_merge_ibss(struct net_device *dev,
-                                    struct ieee80211_if_sta *ifsta)
-{
-       mod_timer(&ifsta->timer, jiffies + IEEE80211_IBSS_MERGE_INTERVAL);
-
-       ieee80211_sta_expire(dev);
-       if (ieee80211_sta_active_ibss(dev))
-               return;
-
-       printk(KERN_DEBUG "%s: No active IBSS STAs - trying to scan for other "
-              "IBSS networks with same SSID (merge)\n", dev->name);
-       ieee80211_sta_req_scan(dev, ifsta->ssid, ifsta->ssid_len);
-}
-
-
-void ieee80211_sta_timer(unsigned long data)
-{
-       struct ieee80211_sub_if_data *sdata =
-               (struct ieee80211_sub_if_data *) data;
-       struct ieee80211_if_sta *ifsta = &sdata->u.sta;
-       struct ieee80211_local *local = wdev_priv(&sdata->wdev);
-
-       set_bit(IEEE80211_STA_REQ_RUN, &ifsta->request);
-       queue_work(local->hw.workqueue, &ifsta->work);
-}
-
-
-void ieee80211_sta_work(struct work_struct *work)
-{
-       struct ieee80211_sub_if_data *sdata =
-               container_of(work, struct ieee80211_sub_if_data, u.sta.work);
-       struct net_device *dev = sdata->dev;
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct ieee80211_if_sta *ifsta;
-       struct sk_buff *skb;
-
-       if (!netif_running(dev))
-               return;
-
-       if (local->sta_scanning)
-               return;
-
-       if (sdata->type != IEEE80211_IF_TYPE_STA &&
-           sdata->type != IEEE80211_IF_TYPE_IBSS) {
-               printk(KERN_DEBUG "%s: ieee80211_sta_work: non-STA interface "
-                      "(type=%d)\n", dev->name, sdata->type);
-               return;
-       }
-       ifsta = &sdata->u.sta;
-
-       while ((skb = skb_dequeue(&ifsta->skb_queue)))
-               ieee80211_sta_rx_queued_mgmt(dev, skb);
-
-       if (ifsta->state != IEEE80211_AUTHENTICATE &&
-           ifsta->state != IEEE80211_ASSOCIATE &&
-           test_and_clear_bit(IEEE80211_STA_REQ_SCAN, &ifsta->request)) {
-               ieee80211_sta_start_scan(dev, NULL, 0);
-               return;
-       }
-
-       if (test_and_clear_bit(IEEE80211_STA_REQ_AUTH, &ifsta->request)) {
-               if (ieee80211_sta_config_auth(dev, ifsta))
-                       return;
-               clear_bit(IEEE80211_STA_REQ_RUN, &ifsta->request);
-       } else if (!test_and_clear_bit(IEEE80211_STA_REQ_RUN, &ifsta->request))
-               return;
-
-       switch (ifsta->state) {
-       case IEEE80211_DISABLED:
-               break;
-       case IEEE80211_AUTHENTICATE:
-               ieee80211_authenticate(dev, ifsta);
-               break;
-       case IEEE80211_ASSOCIATE:
-               ieee80211_associate(dev, ifsta);
-               break;
-       case IEEE80211_ASSOCIATED:
-               ieee80211_associated(dev, ifsta);
-               break;
-       case IEEE80211_IBSS_SEARCH:
-               ieee80211_sta_find_ibss(dev, ifsta);
-               break;
-       case IEEE80211_IBSS_JOINED:
-               ieee80211_sta_merge_ibss(dev, ifsta);
-               break;
-       default:
-               printk(KERN_DEBUG "ieee80211_sta_work: Unknown state %d\n",
-                      ifsta->state);
-               break;
-       }
-
-       if (ieee80211_privacy_mismatch(dev, ifsta)) {
-               printk(KERN_DEBUG "%s: privacy configuration mismatch and "
-                      "mixed-cell disabled - disassociate\n", dev->name);
-
-               ieee80211_send_disassoc(dev, ifsta, WLAN_REASON_UNSPECIFIED);
-               ieee80211_set_disassoc(dev, ifsta, 0);
-       }
-}
-
-
-static void ieee80211_sta_reset_auth(struct net_device *dev,
-                                    struct ieee80211_if_sta *ifsta)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-
-       if (local->ops->reset_tsf) {
-               /* Reset own TSF to allow time synchronization work. */
-               local->ops->reset_tsf(local_to_hw(local));
-       }
-
-       ifsta->wmm_last_param_set = -1; /* allow any WMM update */
-
-
-       if (ifsta->auth_algs & IEEE80211_AUTH_ALG_OPEN)
-               ifsta->auth_alg = WLAN_AUTH_OPEN;
-       else if (ifsta->auth_algs & IEEE80211_AUTH_ALG_SHARED_KEY)
-               ifsta->auth_alg = WLAN_AUTH_SHARED_KEY;
-       else if (ifsta->auth_algs & IEEE80211_AUTH_ALG_LEAP)
-               ifsta->auth_alg = WLAN_AUTH_LEAP;
-       else
-               ifsta->auth_alg = WLAN_AUTH_OPEN;
-       printk(KERN_DEBUG "%s: Initial auth_alg=%d\n", dev->name,
-              ifsta->auth_alg);
-       ifsta->auth_transaction = -1;
-       ifsta->flags &= ~IEEE80211_STA_ASSOCIATED;
-       ifsta->auth_tries = ifsta->assoc_tries = 0;
-       netif_carrier_off(dev);
-}
-
-
-void ieee80211_sta_req_auth(struct net_device *dev,
-                           struct ieee80211_if_sta *ifsta)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-
-       if (sdata->type != IEEE80211_IF_TYPE_STA)
-               return;
-
-       if ((ifsta->flags & (IEEE80211_STA_BSSID_SET |
-                               IEEE80211_STA_AUTO_BSSID_SEL)) &&
-           (ifsta->flags & (IEEE80211_STA_SSID_SET |
-                               IEEE80211_STA_AUTO_SSID_SEL))) {
-               set_bit(IEEE80211_STA_REQ_AUTH, &ifsta->request);
-               queue_work(local->hw.workqueue, &ifsta->work);
-       }
-}
-
-static int ieee80211_sta_match_ssid(struct ieee80211_if_sta *ifsta,
-                                   const char *ssid, int ssid_len)
-{
-       int tmp, hidden_ssid;
-
-       if (!memcmp(ifsta->ssid, ssid, ssid_len))
-               return 1;
-
-       if (ifsta->flags & IEEE80211_STA_AUTO_BSSID_SEL)
-               return 0;
-
-       hidden_ssid = 1;
-       tmp = ssid_len;
-       while (tmp--) {
-               if (ssid[tmp] != '\0') {
-                       hidden_ssid = 0;
-                       break;
-               }
-       }
-
-       if (hidden_ssid && ifsta->ssid_len == ssid_len)
-               return 1;
-
-       if (ssid_len == 1 && ssid[0] == ' ')
-               return 1;
-
-       return 0;
-}
-
-static int ieee80211_sta_config_auth(struct net_device *dev,
-                                    struct ieee80211_if_sta *ifsta)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-       struct ieee80211_sta_bss *bss, *selected = NULL;
-       int top_rssi = 0, freq;
-
-       if (!(ifsta->flags & (IEEE80211_STA_AUTO_SSID_SEL |
-           IEEE80211_STA_AUTO_BSSID_SEL | IEEE80211_STA_AUTO_CHANNEL_SEL))) {
-               ifsta->state = IEEE80211_AUTHENTICATE;
-               ieee80211_sta_reset_auth(dev, ifsta);
-               return 0;
-       }
-
-       spin_lock_bh(&local->sta_bss_lock);
-       freq = local->oper_channel->freq;
-       list_for_each_entry(bss, &local->sta_bss_list, list) {
-               if (!(bss->capability & WLAN_CAPABILITY_ESS))
-                       continue;
-
-               if (!!(bss->capability & WLAN_CAPABILITY_PRIVACY) ^
-                   !!sdata->default_key)
-                       continue;
-
-               if (!(ifsta->flags & IEEE80211_STA_AUTO_CHANNEL_SEL) &&
-                   bss->freq != freq)
-                       continue;
-
-               if (!(ifsta->flags & IEEE80211_STA_AUTO_BSSID_SEL) &&
-                   memcmp(bss->bssid, ifsta->bssid, ETH_ALEN))
-                       continue;
-
-               if (!(ifsta->flags & IEEE80211_STA_AUTO_SSID_SEL) &&
-                   !ieee80211_sta_match_ssid(ifsta, bss->ssid, bss->ssid_len))
-                       continue;
-
-               if (!selected || top_rssi < bss->rssi) {
-                       selected = bss;
-                       top_rssi = bss->rssi;
-               }
-       }
-       if (selected)
-               atomic_inc(&selected->users);
-       spin_unlock_bh(&local->sta_bss_lock);
-
-       if (selected) {
-               ieee80211_set_channel(local, -1, selected->freq);
-               if (!(ifsta->flags & IEEE80211_STA_SSID_SET))
-                       ieee80211_sta_set_ssid(dev, selected->ssid,
-                                              selected->ssid_len);
-               ieee80211_sta_set_bssid(dev, selected->bssid);
-               ieee80211_rx_bss_put(dev, selected);
-               ifsta->state = IEEE80211_AUTHENTICATE;
-               ieee80211_sta_reset_auth(dev, ifsta);
-               return 0;
-       } else {
-               if (ifsta->state != IEEE80211_AUTHENTICATE) {
-                       if (ifsta->flags & IEEE80211_STA_AUTO_SSID_SEL)
-                               ieee80211_sta_start_scan(dev, NULL, 0);
-                       else
-                               ieee80211_sta_start_scan(dev, ifsta->ssid,
-                                                        ifsta->ssid_len);
-                       ifsta->state = IEEE80211_AUTHENTICATE;
-                       set_bit(IEEE80211_STA_REQ_AUTH, &ifsta->request);
-               } else
-                       ifsta->state = IEEE80211_DISABLED;
-       }
-       return -1;
-}
-
-static int ieee80211_sta_join_ibss(struct net_device *dev,
-                                  struct ieee80211_if_sta *ifsta,
-                                  struct ieee80211_sta_bss *bss)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       int res, rates, i, j;
-       struct sk_buff *skb;
-       struct ieee80211_mgmt *mgmt;
-       struct ieee80211_tx_control control;
-       struct ieee80211_rate *rate;
-       struct ieee80211_hw_mode *mode;
-       struct rate_control_extra extra;
-       u8 *pos;
-       struct ieee80211_sub_if_data *sdata;
-
-       /* Remove possible STA entries from other IBSS networks. */
-       sta_info_flush(local, NULL);
-
-       if (local->ops->reset_tsf) {
-               /* Reset own TSF to allow time synchronization work. */
-               local->ops->reset_tsf(local_to_hw(local));
-       }
-       memcpy(ifsta->bssid, bss->bssid, ETH_ALEN);
-       res = ieee80211_if_config(dev);
-       if (res)
-               return res;
-
-       local->hw.conf.beacon_int = bss->beacon_int >= 10 ? bss->beacon_int : 10;
-
-       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-       sdata->drop_unencrypted = bss->capability &
-               WLAN_CAPABILITY_PRIVACY ? 1 : 0;
-
-       res = ieee80211_set_channel(local, -1, bss->freq);
-
-       if (!(local->oper_channel->flag & IEEE80211_CHAN_W_IBSS)) {
-               printk(KERN_DEBUG "%s: IBSS not allowed on channel %d "
-                      "(%d MHz)\n", dev->name, local->hw.conf.channel,
-                      local->hw.conf.freq);
-               return -1;
-       }
-
-       /* Set beacon template based on scan results */
-       skb = dev_alloc_skb(local->hw.extra_tx_headroom + 400);
-       do {
-               if (!skb)
-                       break;
-
-               skb_reserve(skb, local->hw.extra_tx_headroom);
-
-               mgmt = (struct ieee80211_mgmt *)
-                       skb_put(skb, 24 + sizeof(mgmt->u.beacon));
-               memset(mgmt, 0, 24 + sizeof(mgmt->u.beacon));
-               mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
-                                                  IEEE80211_STYPE_BEACON);
-               memset(mgmt->da, 0xff, ETH_ALEN);
-               memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
-               memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
-               mgmt->u.beacon.beacon_int =
-                       cpu_to_le16(local->hw.conf.beacon_int);
-               mgmt->u.beacon.capab_info = cpu_to_le16(bss->capability);
-
-               pos = skb_put(skb, 2 + ifsta->ssid_len);
-               *pos++ = WLAN_EID_SSID;
-               *pos++ = ifsta->ssid_len;
-               memcpy(pos, ifsta->ssid, ifsta->ssid_len);
-
-               rates = bss->supp_rates_len;
-               if (rates > 8)
-                       rates = 8;
-               pos = skb_put(skb, 2 + rates);
-               *pos++ = WLAN_EID_SUPP_RATES;
-               *pos++ = rates;
-               memcpy(pos, bss->supp_rates, rates);
-
-               pos = skb_put(skb, 2 + 1);
-               *pos++ = WLAN_EID_DS_PARAMS;
-               *pos++ = 1;
-               *pos++ = bss->channel;
-
-               pos = skb_put(skb, 2 + 2);
-               *pos++ = WLAN_EID_IBSS_PARAMS;
-               *pos++ = 2;
-               /* FIX: set ATIM window based on scan results */
-               *pos++ = 0;
-               *pos++ = 0;
-
-               if (bss->supp_rates_len > 8) {
-                       rates = bss->supp_rates_len - 8;
-                       pos = skb_put(skb, 2 + rates);
-                       *pos++ = WLAN_EID_EXT_SUPP_RATES;
-                       *pos++ = rates;
-                       memcpy(pos, &bss->supp_rates[8], rates);
-               }
-
-               memset(&control, 0, sizeof(control));
-               memset(&extra, 0, sizeof(extra));
-               extra.mode = local->oper_hw_mode;
-               rate = rate_control_get_rate(local, dev, skb, &extra);
-               if (!rate) {
-                       printk(KERN_DEBUG "%s: Failed to determine TX rate "
-                              "for IBSS beacon\n", dev->name);
-                       break;
-               }
-               control.tx_rate =
-                       ((sdata->flags & IEEE80211_SDATA_SHORT_PREAMBLE) &&
-                       (rate->flags & IEEE80211_RATE_PREAMBLE2)) ?
-                       rate->val2 : rate->val;
-               control.antenna_sel_tx = local->hw.conf.antenna_sel_tx;
-               control.power_level = local->hw.conf.power_level;
-               control.flags |= IEEE80211_TXCTL_NO_ACK;
-               control.retry_limit = 1;
-
-               ifsta->probe_resp = skb_copy(skb, GFP_ATOMIC);
-               if (ifsta->probe_resp) {
-                       mgmt = (struct ieee80211_mgmt *)
-                               ifsta->probe_resp->data;
-                       mgmt->frame_control =
-                               IEEE80211_FC(IEEE80211_FTYPE_MGMT,
-                                            IEEE80211_STYPE_PROBE_RESP);
-               } else {
-                       printk(KERN_DEBUG "%s: Could not allocate ProbeResp "
-                              "template for IBSS\n", dev->name);
-               }
-
-               if (local->ops->beacon_update &&
-                   local->ops->beacon_update(local_to_hw(local),
-                                            skb, &control) == 0) {
-                       printk(KERN_DEBUG "%s: Configured IBSS beacon "
-                              "template based on scan results\n", dev->name);
-                       skb = NULL;
-               }
-
-               rates = 0;
-               mode = local->oper_hw_mode;
-               for (i = 0; i < bss->supp_rates_len; i++) {
-                       int bitrate = (bss->supp_rates[i] & 0x7f) * 5;
-                       for (j = 0; j < mode->num_rates; j++)
-                               if (mode->rates[j].rate == bitrate)
-                                       rates |= BIT(j);
-               }
-               ifsta->supp_rates_bits = rates;
-       } while (0);
-
-       if (skb) {
-               printk(KERN_DEBUG "%s: Failed to configure IBSS beacon "
-                      "template\n", dev->name);
-               dev_kfree_skb(skb);
-       }
-
-       ifsta->state = IEEE80211_IBSS_JOINED;
-       mod_timer(&ifsta->timer, jiffies + IEEE80211_IBSS_MERGE_INTERVAL);
-
-       ieee80211_rx_bss_put(dev, bss);
-
-       return res;
-}
-
-
-static int ieee80211_sta_create_ibss(struct net_device *dev,
-                                    struct ieee80211_if_sta *ifsta)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct ieee80211_sta_bss *bss;
-       struct ieee80211_sub_if_data *sdata;
-       struct ieee80211_hw_mode *mode;
-       u8 bssid[ETH_ALEN], *pos;
-       int i;
-
-#if 0
-       /* Easier testing, use fixed BSSID. */
-       memset(bssid, 0xfe, ETH_ALEN);
-#else
-       /* Generate random, not broadcast, locally administered BSSID. Mix in
-        * own MAC address to make sure that devices that do not have proper
-        * random number generator get different BSSID. */
-       get_random_bytes(bssid, ETH_ALEN);
-       for (i = 0; i < ETH_ALEN; i++)
-               bssid[i] ^= dev->dev_addr[i];
-       bssid[0] &= ~0x01;
-       bssid[0] |= 0x02;
-#endif
-
-       printk(KERN_DEBUG "%s: Creating new IBSS network, BSSID " MAC_FMT "\n",
-              dev->name, MAC_ARG(bssid));
-
-       bss = ieee80211_rx_bss_add(dev, bssid);
-       if (!bss)
-               return -ENOMEM;
-
-       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-       mode = local->oper_hw_mode;
-
-       if (local->hw.conf.beacon_int == 0)
-               local->hw.conf.beacon_int = 100;
-       bss->beacon_int = local->hw.conf.beacon_int;
-       bss->hw_mode = local->hw.conf.phymode;
-       bss->channel = local->hw.conf.channel;
-       bss->freq = local->hw.conf.freq;
-       bss->last_update = jiffies;
-       bss->capability = WLAN_CAPABILITY_IBSS;
-       if (sdata->default_key) {
-               bss->capability |= WLAN_CAPABILITY_PRIVACY;
-       } else
-               sdata->drop_unencrypted = 0;
-       bss->supp_rates_len = mode->num_rates;
-       pos = bss->supp_rates;
-       for (i = 0; i < mode->num_rates; i++) {
-               int rate = mode->rates[i].rate;
-               *pos++ = (u8) (rate / 5);
-       }
-
-       return ieee80211_sta_join_ibss(dev, ifsta, bss);
-}
-
-
-static int ieee80211_sta_find_ibss(struct net_device *dev,
-                                  struct ieee80211_if_sta *ifsta)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct ieee80211_sta_bss *bss;
-       int found = 0;
-       u8 bssid[ETH_ALEN];
-       int active_ibss;
-
-       if (ifsta->ssid_len == 0)
-               return -EINVAL;
-
-       active_ibss = ieee80211_sta_active_ibss(dev);
-#ifdef CONFIG_MAC80211_IBSS_DEBUG
-       printk(KERN_DEBUG "%s: sta_find_ibss (active_ibss=%d)\n",
-              dev->name, active_ibss);
-#endif /* CONFIG_MAC80211_IBSS_DEBUG */
-       spin_lock_bh(&local->sta_bss_lock);
-       list_for_each_entry(bss, &local->sta_bss_list, list) {
-               if (ifsta->ssid_len != bss->ssid_len ||
-                   memcmp(ifsta->ssid, bss->ssid, bss->ssid_len) != 0
-                   || !(bss->capability & WLAN_CAPABILITY_IBSS))
-                       continue;
-#ifdef CONFIG_MAC80211_IBSS_DEBUG
-               printk(KERN_DEBUG "   bssid=" MAC_FMT " found\n",
-                      MAC_ARG(bss->bssid));
-#endif /* CONFIG_MAC80211_IBSS_DEBUG */
-               memcpy(bssid, bss->bssid, ETH_ALEN);
-               found = 1;
-               if (active_ibss || memcmp(bssid, ifsta->bssid, ETH_ALEN) != 0)
-                       break;
-       }
-       spin_unlock_bh(&local->sta_bss_lock);
-
-#ifdef CONFIG_MAC80211_IBSS_DEBUG
-       printk(KERN_DEBUG "   sta_find_ibss: selected " MAC_FMT " current "
-              MAC_FMT "\n", MAC_ARG(bssid), MAC_ARG(ifsta->bssid));
-#endif /* CONFIG_MAC80211_IBSS_DEBUG */
-       if (found && memcmp(ifsta->bssid, bssid, ETH_ALEN) != 0 &&
-           (bss = ieee80211_rx_bss_get(dev, bssid))) {
-               printk(KERN_DEBUG "%s: Selected IBSS BSSID " MAC_FMT
-                      " based on configured SSID\n",
-                      dev->name, MAC_ARG(bssid));
-               return ieee80211_sta_join_ibss(dev, ifsta, bss);
-       }
-#ifdef CONFIG_MAC80211_IBSS_DEBUG
-       printk(KERN_DEBUG "   did not try to join ibss\n");
-#endif /* CONFIG_MAC80211_IBSS_DEBUG */
-
-       /* Selected IBSS not found in current scan results - try to scan */
-       if (ifsta->state == IEEE80211_IBSS_JOINED &&
-           !ieee80211_sta_active_ibss(dev)) {
-               mod_timer(&ifsta->timer, jiffies +
-                                     IEEE80211_IBSS_MERGE_INTERVAL);
-       } else if (time_after(jiffies, local->last_scan_completed +
-                             IEEE80211_SCAN_INTERVAL)) {
-               printk(KERN_DEBUG "%s: Trigger new scan to find an IBSS to "
-                      "join\n", dev->name);
-               return ieee80211_sta_req_scan(dev, ifsta->ssid,
-                                             ifsta->ssid_len);
-       } else if (ifsta->state != IEEE80211_IBSS_JOINED) {
-               int interval = IEEE80211_SCAN_INTERVAL;
-
-               if (time_after(jiffies, ifsta->ibss_join_req +
-                              IEEE80211_IBSS_JOIN_TIMEOUT)) {
-                       if ((ifsta->flags & IEEE80211_STA_CREATE_IBSS) &&
-                           local->oper_channel->flag & IEEE80211_CHAN_W_IBSS)
-                               return ieee80211_sta_create_ibss(dev, ifsta);
-                       if (ifsta->flags & IEEE80211_STA_CREATE_IBSS) {
-                               printk(KERN_DEBUG "%s: IBSS not allowed on the"
-                                      " configured channel %d (%d MHz)\n",
-                                      dev->name, local->hw.conf.channel,
-                                      local->hw.conf.freq);
-                       }
-
-                       /* No IBSS found - decrease scan interval and continue
-                        * scanning. */
-                       interval = IEEE80211_SCAN_INTERVAL_SLOW;
-               }
-
-               ifsta->state = IEEE80211_IBSS_SEARCH;
-               mod_timer(&ifsta->timer, jiffies + interval);
-               return 0;
-       }
-
-       return 0;
-}
-
-
-int ieee80211_sta_set_ssid(struct net_device *dev, char *ssid, size_t len)
-{
-       struct ieee80211_sub_if_data *sdata;
-       struct ieee80211_if_sta *ifsta;
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-
-       if (len > IEEE80211_MAX_SSID_LEN)
-               return -EINVAL;
-
-       /* TODO: This should always be done for IBSS, even if IEEE80211_QOS is
-        * not defined. */
-       if (local->ops->conf_tx) {
-               struct ieee80211_tx_queue_params qparam;
-               int i;
-
-               memset(&qparam, 0, sizeof(qparam));
-               /* TODO: are these ok defaults for all hw_modes? */
-               qparam.aifs = 2;
-               qparam.cw_min =
-                       local->hw.conf.phymode == MODE_IEEE80211B ? 31 : 15;
-               qparam.cw_max = 1023;
-               qparam.burst_time = 0;
-               for (i = IEEE80211_TX_QUEUE_DATA0; i < NUM_TX_DATA_QUEUES; i++)
-               {
-                       local->ops->conf_tx(local_to_hw(local),
-                                          i + IEEE80211_TX_QUEUE_DATA0,
-                                          &qparam);
-               }
-               /* IBSS uses different parameters for Beacon sending */
-               qparam.cw_min++;
-               qparam.cw_min *= 2;
-               qparam.cw_min--;
-               local->ops->conf_tx(local_to_hw(local),
-                                  IEEE80211_TX_QUEUE_BEACON, &qparam);
-       }
-
-       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-       ifsta = &sdata->u.sta;
-
-       if (ifsta->ssid_len != len || memcmp(ifsta->ssid, ssid, len) != 0)
-               ifsta->flags &= ~IEEE80211_STA_PREV_BSSID_SET;
-       memcpy(ifsta->ssid, ssid, len);
-       memset(ifsta->ssid + len, 0, IEEE80211_MAX_SSID_LEN - len);
-       ifsta->ssid_len = len;
-
-       if (len)
-               ifsta->flags |= IEEE80211_STA_SSID_SET;
-       else
-               ifsta->flags &= ~IEEE80211_STA_SSID_SET;
-       if (sdata->type == IEEE80211_IF_TYPE_IBSS &&
-           !(ifsta->flags & IEEE80211_STA_BSSID_SET)) {
-               ifsta->ibss_join_req = jiffies;
-               ifsta->state = IEEE80211_IBSS_SEARCH;
-               return ieee80211_sta_find_ibss(dev, ifsta);
-       }
-       return 0;
-}
-
-
-int ieee80211_sta_get_ssid(struct net_device *dev, char *ssid, size_t *len)
-{
-       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-       struct ieee80211_if_sta *ifsta = &sdata->u.sta;
-       memcpy(ssid, ifsta->ssid, ifsta->ssid_len);
-       *len = ifsta->ssid_len;
-       return 0;
-}
-
-
-int ieee80211_sta_set_bssid(struct net_device *dev, u8 *bssid)
-{
-       struct ieee80211_sub_if_data *sdata;
-       struct ieee80211_if_sta *ifsta;
-       int res;
-
-       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-       ifsta = &sdata->u.sta;
-
-       if (memcmp(ifsta->bssid, bssid, ETH_ALEN) != 0) {
-               memcpy(ifsta->bssid, bssid, ETH_ALEN);
-               res = ieee80211_if_config(dev);
-               if (res) {
-                       printk(KERN_DEBUG "%s: Failed to config new BSSID to "
-                              "the low-level driver\n", dev->name);
-                       return res;
-               }
-       }
-
-       if (is_valid_ether_addr(bssid))
-               ifsta->flags |= IEEE80211_STA_BSSID_SET;
-       else
-               ifsta->flags &= ~IEEE80211_STA_BSSID_SET;
-
-       return 0;
-}
-
-
-static void ieee80211_send_nullfunc(struct ieee80211_local *local,
-                                   struct ieee80211_sub_if_data *sdata,
-                                   int powersave)
-{
-       struct sk_buff *skb;
-       struct ieee80211_hdr *nullfunc;
-       u16 fc;
-
-       skb = dev_alloc_skb(local->hw.extra_tx_headroom + 24);
-       if (!skb) {
-               printk(KERN_DEBUG "%s: failed to allocate buffer for nullfunc "
-                      "frame\n", sdata->dev->name);
-               return;
-       }
-       skb_reserve(skb, local->hw.extra_tx_headroom);
-
-       nullfunc = (struct ieee80211_hdr *) skb_put(skb, 24);
-       memset(nullfunc, 0, 24);
-       fc = IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC |
-            IEEE80211_FCTL_TODS;
-       if (powersave)
-               fc |= IEEE80211_FCTL_PM;
-       nullfunc->frame_control = cpu_to_le16(fc);
-       memcpy(nullfunc->addr1, sdata->u.sta.bssid, ETH_ALEN);
-       memcpy(nullfunc->addr2, sdata->dev->dev_addr, ETH_ALEN);
-       memcpy(nullfunc->addr3, sdata->u.sta.bssid, ETH_ALEN);
-
-       ieee80211_sta_tx(sdata->dev, skb, 0);
-}
-
-
-void ieee80211_scan_completed(struct ieee80211_hw *hw)
-{
-       struct ieee80211_local *local = hw_to_local(hw);
-       struct net_device *dev = local->scan_dev;
-       struct ieee80211_sub_if_data *sdata;
-       union iwreq_data wrqu;
-
-       local->last_scan_completed = jiffies;
-       wmb();
-       local->sta_scanning = 0;
-
-       if (ieee80211_hw_config(local))
-               printk(KERN_DEBUG "%s: failed to restore operational"
-                      "channel after scan\n", dev->name);
-
-
-       netif_tx_lock_bh(local->mdev);
-       local->filter_flags &= ~FIF_BCN_PRBRESP_PROMISC;
-       local->ops->configure_filter(local_to_hw(local),
-                                    FIF_BCN_PRBRESP_PROMISC,
-                                    &local->filter_flags,
-                                    local->mdev->mc_count,
-                                    local->mdev->mc_list);
-
-       netif_tx_unlock_bh(local->mdev);
-
-       memset(&wrqu, 0, sizeof(wrqu));
-       wireless_send_event(dev, SIOCGIWSCAN, &wrqu, NULL);
-
-       rcu_read_lock();
-       list_for_each_entry_rcu(sdata, &local->interfaces, list) {
-
-               /* No need to wake the master device. */
-               if (sdata->dev == local->mdev)
-                       continue;
-
-               if (sdata->type == IEEE80211_IF_TYPE_STA) {
-                       if (sdata->u.sta.flags & IEEE80211_STA_ASSOCIATED)
-                               ieee80211_send_nullfunc(local, sdata, 0);
-                       ieee80211_sta_timer((unsigned long)sdata);
-               }
-
-               netif_wake_queue(sdata->dev);
-       }
-       rcu_read_unlock();
-
-       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-       if (sdata->type == IEEE80211_IF_TYPE_IBSS) {
-               struct ieee80211_if_sta *ifsta = &sdata->u.sta;
-               if (!(ifsta->flags & IEEE80211_STA_BSSID_SET) ||
-                   (!ifsta->state == IEEE80211_IBSS_JOINED &&
-                   !ieee80211_sta_active_ibss(dev)))
-                       ieee80211_sta_find_ibss(dev, ifsta);
-       }
-}
-EXPORT_SYMBOL(ieee80211_scan_completed);
-
-void ieee80211_sta_scan_work(struct work_struct *work)
-{
-       struct ieee80211_local *local =
-               container_of(work, struct ieee80211_local, scan_work.work);
-       struct net_device *dev = local->scan_dev;
-       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-       struct ieee80211_hw_mode *mode;
-       struct ieee80211_channel *chan;
-       int skip;
-       unsigned long next_delay = 0;
-
-       if (!local->sta_scanning)
-               return;
-
-       switch (local->scan_state) {
-       case SCAN_SET_CHANNEL:
-               mode = local->scan_hw_mode;
-               if (local->scan_hw_mode->list.next == &local->modes_list &&
-                   local->scan_channel_idx >= mode->num_channels) {
-                       ieee80211_scan_completed(local_to_hw(local));
-                       return;
-               }
-               skip = !(local->enabled_modes & (1 << mode->mode));
-               chan = &mode->channels[local->scan_channel_idx];
-               if (!(chan->flag & IEEE80211_CHAN_W_SCAN) ||
-                   (sdata->type == IEEE80211_IF_TYPE_IBSS &&
-                    !(chan->flag & IEEE80211_CHAN_W_IBSS)) ||
-                   (local->hw_modes & local->enabled_modes &
-                    (1 << MODE_IEEE80211G) && mode->mode == MODE_IEEE80211B))
-                       skip = 1;
-
-               if (!skip) {
-#if 0
-                       printk(KERN_DEBUG "%s: scan channel %d (%d MHz)\n",
-                              dev->name, chan->chan, chan->freq);
-#endif
-
-                       local->scan_channel = chan;
-                       if (ieee80211_hw_config(local)) {
-                               printk(KERN_DEBUG "%s: failed to set channel "
-                                      "%d (%d MHz) for scan\n", dev->name,
-                                      chan->chan, chan->freq);
-                               skip = 1;
-                       }
-               }
-
-               local->scan_channel_idx++;
-               if (local->scan_channel_idx >= local->scan_hw_mode->num_channels) {
-                       if (local->scan_hw_mode->list.next != &local->modes_list) {
-                               local->scan_hw_mode = list_entry(local->scan_hw_mode->list.next,
-                                                                struct ieee80211_hw_mode,
-                                                                list);
-                               local->scan_channel_idx = 0;
-                       }
-               }
-
-               if (skip)
-                       break;
-
-               next_delay = IEEE80211_PROBE_DELAY +
-                            usecs_to_jiffies(local->hw.channel_change_time);
-               local->scan_state = SCAN_SEND_PROBE;
-               break;
-       case SCAN_SEND_PROBE:
-               if (local->scan_channel->flag & IEEE80211_CHAN_W_ACTIVE_SCAN) {
-                       ieee80211_send_probe_req(dev, NULL, local->scan_ssid,
-                                                local->scan_ssid_len);
-                       next_delay = IEEE80211_CHANNEL_TIME;
-               } else
-                       next_delay = IEEE80211_PASSIVE_CHANNEL_TIME;
-               local->scan_state = SCAN_SET_CHANNEL;
-               break;
-       }
-
-       if (local->sta_scanning)
-               queue_delayed_work(local->hw.workqueue, &local->scan_work,
-                                  next_delay);
-}
-
-
-static int ieee80211_sta_start_scan(struct net_device *dev,
-                                   u8 *ssid, size_t ssid_len)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct ieee80211_sub_if_data *sdata;
-
-       if (ssid_len > IEEE80211_MAX_SSID_LEN)
-               return -EINVAL;
-
-       /* MLME-SCAN.request (page 118)  page 144 (11.1.3.1)
-        * BSSType: INFRASTRUCTURE, INDEPENDENT, ANY_BSS
-        * BSSID: MACAddress
-        * SSID
-        * ScanType: ACTIVE, PASSIVE
-        * ProbeDelay: delay (in microseconds) to be used prior to transmitting
-        *    a Probe frame during active scanning
-        * ChannelList
-        * MinChannelTime (>= ProbeDelay), in TU
-        * MaxChannelTime: (>= MinChannelTime), in TU
-        */
-
-        /* MLME-SCAN.confirm
-         * BSSDescriptionSet
-         * ResultCode: SUCCESS, INVALID_PARAMETERS
-        */
-
-       if (local->sta_scanning) {
-               if (local->scan_dev == dev)
-                       return 0;
-               return -EBUSY;
-       }
-
-       if (local->ops->hw_scan) {
-               int rc = local->ops->hw_scan(local_to_hw(local),
-                                           ssid, ssid_len);
-               if (!rc) {
-                       local->sta_scanning = 1;
-                       local->scan_dev = dev;
-               }
-               return rc;
-       }
-
-       local->sta_scanning = 1;
-
-       rcu_read_lock();
-       list_for_each_entry_rcu(sdata, &local->interfaces, list) {
-
-               /* Don't stop the master interface, otherwise we can't transmit
-                * probes! */
-               if (sdata->dev == local->mdev)
-                       continue;
-
-               netif_stop_queue(sdata->dev);
-               if (sdata->type == IEEE80211_IF_TYPE_STA &&
-                   (sdata->u.sta.flags & IEEE80211_STA_ASSOCIATED))
-                       ieee80211_send_nullfunc(local, sdata, 1);
-       }
-       rcu_read_unlock();
-
-       if (ssid) {
-               local->scan_ssid_len = ssid_len;
-               memcpy(local->scan_ssid, ssid, ssid_len);
-       } else
-               local->scan_ssid_len = 0;
-       local->scan_state = SCAN_SET_CHANNEL;
-       local->scan_hw_mode = list_entry(local->modes_list.next,
-                                        struct ieee80211_hw_mode,
-                                        list);
-       local->scan_channel_idx = 0;
-       local->scan_dev = dev;
-
-       netif_tx_lock_bh(local->mdev);
-       local->filter_flags |= FIF_BCN_PRBRESP_PROMISC;
-       local->ops->configure_filter(local_to_hw(local),
-                                    FIF_BCN_PRBRESP_PROMISC,
-                                    &local->filter_flags,
-                                    local->mdev->mc_count,
-                                    local->mdev->mc_list);
-       netif_tx_unlock_bh(local->mdev);
-
-       /* TODO: start scan as soon as all nullfunc frames are ACKed */
-       queue_delayed_work(local->hw.workqueue, &local->scan_work,
-                          IEEE80211_CHANNEL_TIME);
-
-       return 0;
-}
-
-
-int ieee80211_sta_req_scan(struct net_device *dev, u8 *ssid, size_t ssid_len)
-{
-       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-       struct ieee80211_if_sta *ifsta = &sdata->u.sta;
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-
-       if (sdata->type != IEEE80211_IF_TYPE_STA)
-               return ieee80211_sta_start_scan(dev, ssid, ssid_len);
-
-       if (local->sta_scanning) {
-               if (local->scan_dev == dev)
-                       return 0;
-               return -EBUSY;
-       }
-
-       set_bit(IEEE80211_STA_REQ_SCAN, &ifsta->request);
-       queue_work(local->hw.workqueue, &ifsta->work);
-       return 0;
-}
-
-static char *
-ieee80211_sta_scan_result(struct net_device *dev,
-                         struct ieee80211_sta_bss *bss,
-                         char *current_ev, char *end_buf)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct iw_event iwe;
-
-       if (time_after(jiffies,
-                      bss->last_update + IEEE80211_SCAN_RESULT_EXPIRE))
-               return current_ev;
-
-       if (!(local->enabled_modes & (1 << bss->hw_mode)))
-               return current_ev;
-
-       if (local->scan_flags & IEEE80211_SCAN_WPA_ONLY &&
-           !bss->wpa_ie && !bss->rsn_ie)
-               return current_ev;
-
-       if (local->scan_flags & IEEE80211_SCAN_MATCH_SSID &&
-           (local->scan_ssid_len != bss->ssid_len ||
-            memcmp(local->scan_ssid, bss->ssid, bss->ssid_len) != 0))
-               return current_ev;
-
-       memset(&iwe, 0, sizeof(iwe));
-       iwe.cmd = SIOCGIWAP;
-       iwe.u.ap_addr.sa_family = ARPHRD_ETHER;
-       memcpy(iwe.u.ap_addr.sa_data, bss->bssid, ETH_ALEN);
-       current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe,
-                                         IW_EV_ADDR_LEN);
-
-       memset(&iwe, 0, sizeof(iwe));
-       iwe.cmd = SIOCGIWESSID;
-       iwe.u.data.length = bss->ssid_len;
-       iwe.u.data.flags = 1;
-       current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe,
-                                         bss->ssid);
-
-       if (bss->capability & (WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_IBSS)) {
-               memset(&iwe, 0, sizeof(iwe));
-               iwe.cmd = SIOCGIWMODE;
-               if (bss->capability & WLAN_CAPABILITY_ESS)
-                       iwe.u.mode = IW_MODE_MASTER;
-               else
-                       iwe.u.mode = IW_MODE_ADHOC;
-               current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe,
-                                                 IW_EV_UINT_LEN);
-       }
-
-       memset(&iwe, 0, sizeof(iwe));
-       iwe.cmd = SIOCGIWFREQ;
-       iwe.u.freq.m = bss->channel;
-       iwe.u.freq.e = 0;
-       current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe,
-                                         IW_EV_FREQ_LEN);
-       iwe.u.freq.m = bss->freq * 100000;
-       iwe.u.freq.e = 1;
-       current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe,
-                                         IW_EV_FREQ_LEN);
-
-       memset(&iwe, 0, sizeof(iwe));
-       iwe.cmd = IWEVQUAL;
-       iwe.u.qual.qual = bss->signal;
-       iwe.u.qual.level = bss->rssi;
-       iwe.u.qual.noise = bss->noise;
-       iwe.u.qual.updated = local->wstats_flags;
-       current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe,
-                                         IW_EV_QUAL_LEN);
-
-       memset(&iwe, 0, sizeof(iwe));
-       iwe.cmd = SIOCGIWENCODE;
-       if (bss->capability & WLAN_CAPABILITY_PRIVACY)
-               iwe.u.data.flags = IW_ENCODE_ENABLED | IW_ENCODE_NOKEY;
-       else
-               iwe.u.data.flags = IW_ENCODE_DISABLED;
-       iwe.u.data.length = 0;
-       current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe, "");
-
-       if (bss && bss->wpa_ie) {
-               memset(&iwe, 0, sizeof(iwe));
-               iwe.cmd = IWEVGENIE;
-               iwe.u.data.length = bss->wpa_ie_len;
-               current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe,
-                                                 bss->wpa_ie);
-       }
-
-       if (bss && bss->rsn_ie) {
-               memset(&iwe, 0, sizeof(iwe));
-               iwe.cmd = IWEVGENIE;
-               iwe.u.data.length = bss->rsn_ie_len;
-               current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe,
-                                                 bss->rsn_ie);
-       }
-
-       if (bss && bss->supp_rates_len > 0) {
-               /* display all supported rates in readable format */
-               char *p = current_ev + IW_EV_LCP_LEN;
-               int i;
-
-               memset(&iwe, 0, sizeof(iwe));
-               iwe.cmd = SIOCGIWRATE;
-               /* Those two flags are ignored... */
-               iwe.u.bitrate.fixed = iwe.u.bitrate.disabled = 0;
-
-               for (i = 0; i < bss->supp_rates_len; i++) {
-                       iwe.u.bitrate.value = ((bss->supp_rates[i] &
-                                                       0x7f) * 500000);
-                       p = iwe_stream_add_value(current_ev, p,
-                                       end_buf, &iwe, IW_EV_PARAM_LEN);
-               }
-               current_ev = p;
-       }
-
-       if (bss) {
-               char *buf;
-               buf = kmalloc(30, GFP_ATOMIC);
-               if (buf) {
-                       memset(&iwe, 0, sizeof(iwe));
-                       iwe.cmd = IWEVCUSTOM;
-                       sprintf(buf, "tsf=%016llx", (unsigned long long)(bss->timestamp));
-                       iwe.u.data.length = strlen(buf);
-                       current_ev = iwe_stream_add_point(current_ev, end_buf,
-                                                         &iwe, buf);
-                       kfree(buf);
-               }
-       }
-
-       do {
-               char *buf;
-
-               if (!(local->scan_flags & IEEE80211_SCAN_EXTRA_INFO))
-                       break;
-
-               buf = kmalloc(100, GFP_ATOMIC);
-               if (!buf)
-                       break;
-
-               memset(&iwe, 0, sizeof(iwe));
-               iwe.cmd = IWEVCUSTOM;
-               sprintf(buf, "bcn_int=%d", bss->beacon_int);
-               iwe.u.data.length = strlen(buf);
-               current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe,
-                                                 buf);
-
-               memset(&iwe, 0, sizeof(iwe));
-               iwe.cmd = IWEVCUSTOM;
-               sprintf(buf, "capab=0x%04x", bss->capability);
-               iwe.u.data.length = strlen(buf);
-               current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe,
-                                                 buf);
-
-               kfree(buf);
-               break;
-       } while (0);
-
-       return current_ev;
-}
-
-
-int ieee80211_sta_scan_results(struct net_device *dev, char *buf, size_t len)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       char *current_ev = buf;
-       char *end_buf = buf + len;
-       struct ieee80211_sta_bss *bss;
-
-       spin_lock_bh(&local->sta_bss_lock);
-       list_for_each_entry(bss, &local->sta_bss_list, list) {
-               if (buf + len - current_ev <= IW_EV_ADDR_LEN) {
-                       spin_unlock_bh(&local->sta_bss_lock);
-                       return -E2BIG;
-               }
-               current_ev = ieee80211_sta_scan_result(dev, bss, current_ev,
-                                                      end_buf);
-       }
-       spin_unlock_bh(&local->sta_bss_lock);
-       return current_ev - buf;
-}
-
-
-int ieee80211_sta_set_extra_ie(struct net_device *dev, char *ie, size_t len)
-{
-       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-       struct ieee80211_if_sta *ifsta = &sdata->u.sta;
-       kfree(ifsta->extra_ie);
-       if (len == 0) {
-               ifsta->extra_ie = NULL;
-               ifsta->extra_ie_len = 0;
-               return 0;
-       }
-       ifsta->extra_ie = kmalloc(len, GFP_KERNEL);
-       if (!ifsta->extra_ie) {
-               ifsta->extra_ie_len = 0;
-               return -ENOMEM;
-       }
-       memcpy(ifsta->extra_ie, ie, len);
-       ifsta->extra_ie_len = len;
-       return 0;
-}
-
-
-struct sta_info * ieee80211_ibss_add_sta(struct net_device *dev,
-                                        struct sk_buff *skb, u8 *bssid,
-                                        u8 *addr)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct sta_info *sta;
-       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-
-       /* TODO: Could consider removing the least recently used entry and
-        * allow new one to be added. */
-       if (local->num_sta >= IEEE80211_IBSS_MAX_STA_ENTRIES) {
-               if (net_ratelimit()) {
-                       printk(KERN_DEBUG "%s: No room for a new IBSS STA "
-                              "entry " MAC_FMT "\n", dev->name, MAC_ARG(addr));
-               }
-               return NULL;
-       }
-
-       printk(KERN_DEBUG "%s: Adding new IBSS station " MAC_FMT " (dev=%s)\n",
-              wiphy_name(local->hw.wiphy), MAC_ARG(addr), dev->name);
-
-       sta = sta_info_add(local, dev, addr, GFP_ATOMIC);
-       if (!sta)
-               return NULL;
-
-       sta->supp_rates = sdata->u.sta.supp_rates_bits;
-
-       rate_control_rate_init(sta, local);
-
-       return sta; /* caller will call sta_info_put() */
-}
-
-
-int ieee80211_sta_deauthenticate(struct net_device *dev, u16 reason)
-{
-       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-       struct ieee80211_if_sta *ifsta = &sdata->u.sta;
-
-       printk(KERN_DEBUG "%s: deauthenticate(reason=%d)\n",
-              dev->name, reason);
-
-       if (sdata->type != IEEE80211_IF_TYPE_STA &&
-           sdata->type != IEEE80211_IF_TYPE_IBSS)
-               return -EINVAL;
-
-       ieee80211_send_deauth(dev, ifsta, reason);
-       ieee80211_set_disassoc(dev, ifsta, 1);
-       return 0;
-}
-
-
-int ieee80211_sta_disassociate(struct net_device *dev, u16 reason)
-{
-       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-       struct ieee80211_if_sta *ifsta = &sdata->u.sta;
-
-       printk(KERN_DEBUG "%s: disassociate(reason=%d)\n",
-              dev->name, reason);
-
-       if (sdata->type != IEEE80211_IF_TYPE_STA)
-               return -EINVAL;
-
-       if (!(ifsta->flags & IEEE80211_STA_ASSOCIATED))
-               return -1;
-
-       ieee80211_send_disassoc(dev, ifsta, reason);
-       ieee80211_set_disassoc(dev, ifsta, 0);
-       return 0;
-}
 
+++ /dev/null
-/*
- * Copyright 2002-2005, Instant802 Networks, Inc.
- * Copyright 2005-2006, Devicescape Software, Inc.
- * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
- * Copyright 2007      Johannes Berg <johannes@sipsolutions.net>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-#include <linux/if_ether.h>
-#include <linux/etherdevice.h>
-#include <linux/list.h>
-#include <linux/rcupdate.h>
-#include <net/mac80211.h>
-#include "ieee80211_i.h"
-#include "debugfs_key.h"
-#include "aes_ccm.h"
-
-
-/*
- * Key handling basics
- *
- * Key handling in mac80211 is done based on per-interface (sub_if_data)
- * keys and per-station keys. Since each station belongs to an interface,
- * each station key also belongs to that interface.
- *
- * Hardware acceleration is done on a best-effort basis, for each key
- * that is eligible the hardware is asked to enable that key but if
- * it cannot do that they key is simply kept for software encryption.
- * There is currently no way of knowing this except by looking into
- * debugfs.
- *
- * All operations here are called under RTNL so no extra locking is
- * required.
- */
-
-static const u8 bcast_addr[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
-static const u8 zero_addr[ETH_ALEN];
-
-static const u8 *get_mac_for_key(struct ieee80211_key *key)
-{
-       const u8 *addr = bcast_addr;
-
-       /*
-        * If we're an AP we won't ever receive frames with a non-WEP
-        * group key so we tell the driver that by using the zero MAC
-        * address to indicate a transmit-only key.
-        */
-       if (key->conf.alg != ALG_WEP &&
-           (key->sdata->type == IEEE80211_IF_TYPE_AP ||
-            key->sdata->type == IEEE80211_IF_TYPE_VLAN))
-               addr = zero_addr;
-
-       if (key->sta)
-               addr = key->sta->addr;
-
-       return addr;
-}
-
-static void ieee80211_key_enable_hw_accel(struct ieee80211_key *key)
-{
-       const u8 *addr;
-       int ret;
-
-       if (!key->local->ops->set_key)
-               return;
-
-       addr = get_mac_for_key(key);
-
-       ret = key->local->ops->set_key(local_to_hw(key->local), SET_KEY,
-                                      key->sdata->dev->dev_addr, addr,
-                                      &key->conf);
-
-       if (!ret)
-               key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE;
-
-       if (ret && ret != -ENOSPC && ret != -EOPNOTSUPP)
-               printk(KERN_ERR "mac80211-%s: failed to set key "
-                      "(%d, " MAC_FMT ") to hardware (%d)\n",
-                      wiphy_name(key->local->hw.wiphy),
-                      key->conf.keyidx, MAC_ARG(addr), ret);
-}
-
-static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key)
-{
-       const u8 *addr;
-       int ret;
-
-       if (!key->local->ops->set_key)
-               return;
-
-       if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
-               return;
-
-       addr = get_mac_for_key(key);
-
-       ret = key->local->ops->set_key(local_to_hw(key->local), DISABLE_KEY,
-                                      key->sdata->dev->dev_addr, addr,
-                                      &key->conf);
-
-       if (ret)
-               printk(KERN_ERR "mac80211-%s: failed to remove key "
-                      "(%d, " MAC_FMT ") from hardware (%d)\n",
-                      wiphy_name(key->local->hw.wiphy),
-                      key->conf.keyidx, MAC_ARG(addr), ret);
-
-       key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
-}
-
-struct ieee80211_key *ieee80211_key_alloc(struct ieee80211_sub_if_data *sdata,
-                                         struct sta_info *sta,
-                                         enum ieee80211_key_alg alg,
-                                         int idx,
-                                         size_t key_len,
-                                         const u8 *key_data)
-{
-       struct ieee80211_key *key;
-
-       BUG_ON(idx < 0 || idx >= NUM_DEFAULT_KEYS);
-
-       key = kzalloc(sizeof(struct ieee80211_key) + key_len, GFP_KERNEL);
-       if (!key)
-               return NULL;
-
-       /*
-        * Default to software encryption; we'll later upload the
-        * key to the hardware if possible.
-        */
-       key->conf.flags = 0;
-       key->flags = 0;
-
-       key->conf.alg = alg;
-       key->conf.keyidx = idx;
-       key->conf.keylen = key_len;
-       memcpy(key->conf.key, key_data, key_len);
-
-       key->local = sdata->local;
-       key->sdata = sdata;
-       key->sta = sta;
-
-       if (alg == ALG_CCMP) {
-               /*
-                * Initialize AES key state here as an optimization so that
-                * it does not need to be initialized for every packet.
-                */
-               key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(key_data);
-               if (!key->u.ccmp.tfm) {
-                       ieee80211_key_free(key);
-                       return NULL;
-               }
-       }
-
-       ieee80211_debugfs_key_add(key->local, key);
-
-       /* remove key first */
-       if (sta)
-               ieee80211_key_free(sta->key);
-       else
-               ieee80211_key_free(sdata->keys[idx]);
-
-       if (sta) {
-               ieee80211_debugfs_key_sta_link(key, sta);
-
-               /*
-                * some hardware cannot handle TKIP with QoS, so
-                * we indicate whether QoS could be in use.
-                */
-               if (sta->flags & WLAN_STA_WME)
-                       key->conf.flags |= IEEE80211_KEY_FLAG_WMM_STA;
-       } else {
-               if (sdata->type == IEEE80211_IF_TYPE_STA) {
-                       struct sta_info *ap;
-
-                       /* same here, the AP could be using QoS */
-                       ap = sta_info_get(key->local, key->sdata->u.sta.bssid);
-                       if (ap) {
-                               if (ap->flags & WLAN_STA_WME)
-                                       key->conf.flags |=
-                                               IEEE80211_KEY_FLAG_WMM_STA;
-                               sta_info_put(ap);
-                       }
-               }
-       }
-
-       /* enable hwaccel if appropriate */
-       if (netif_running(key->sdata->dev))
-               ieee80211_key_enable_hw_accel(key);
-
-       if (sta)
-               rcu_assign_pointer(sta->key, key);
-       else
-               rcu_assign_pointer(sdata->keys[idx], key);
-
-       list_add(&key->list, &sdata->key_list);
-
-       return key;
-}
-
-void ieee80211_key_free(struct ieee80211_key *key)
-{
-       if (!key)
-               return;
-
-       if (key->sta) {
-               rcu_assign_pointer(key->sta->key, NULL);
-       } else {
-               if (key->sdata->default_key == key)
-                       ieee80211_set_default_key(key->sdata, -1);
-               if (key->conf.keyidx >= 0 &&
-                   key->conf.keyidx < NUM_DEFAULT_KEYS)
-                       rcu_assign_pointer(key->sdata->keys[key->conf.keyidx],
-                                          NULL);
-               else
-                       WARN_ON(1);
-       }
-
-       /* wait for all key users to complete */
-       synchronize_rcu();
-
-       /* remove from hwaccel if appropriate */
-       ieee80211_key_disable_hw_accel(key);
-
-       if (key->conf.alg == ALG_CCMP)
-               ieee80211_aes_key_free(key->u.ccmp.tfm);
-       ieee80211_debugfs_key_remove(key);
-
-       list_del(&key->list);
-
-       kfree(key);
-}
-
-void ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, int idx)
-{
-       struct ieee80211_key *key = NULL;
-
-       if (idx >= 0 && idx < NUM_DEFAULT_KEYS)
-               key = sdata->keys[idx];
-
-       if (sdata->default_key != key) {
-               ieee80211_debugfs_key_remove_default(sdata);
-
-               rcu_assign_pointer(sdata->default_key, key);
-
-               if (sdata->default_key)
-                       ieee80211_debugfs_key_add_default(sdata);
-       }
-}
-
-void ieee80211_free_keys(struct ieee80211_sub_if_data *sdata)
-{
-       struct ieee80211_key *key, *tmp;
-
-       list_for_each_entry_safe(key, tmp, &sdata->key_list, list)
-               ieee80211_key_free(key);
-}
-
-void ieee80211_enable_keys(struct ieee80211_sub_if_data *sdata)
-{
-       struct ieee80211_key *key;
-
-       WARN_ON(!netif_running(sdata->dev));
-       if (!netif_running(sdata->dev))
-               return;
-
-       list_for_each_entry(key, &sdata->key_list, list)
-               ieee80211_key_enable_hw_accel(key);
-}
-
-void ieee80211_disable_keys(struct ieee80211_sub_if_data *sdata)
-{
-       struct ieee80211_key *key;
-
-       list_for_each_entry(key, &sdata->key_list, list)
-               ieee80211_key_disable_hw_accel(key);
-}
 
+++ /dev/null
-/*
- * Michael MIC implementation - optimized for TKIP MIC operations
- * Copyright 2002-2003, Instant802 Networks, Inc.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-#include <linux/types.h>
-
-#include "michael.h"
-
-static inline u32 rotr(u32 val, int bits)
-{
-       return (val >> bits) | (val << (32 - bits));
-}
-
-
-static inline u32 rotl(u32 val, int bits)
-{
-       return (val << bits) | (val >> (32 - bits));
-}
-
-
-static inline u32 xswap(u32 val)
-{
-       return ((val & 0xff00ff00) >> 8) | ((val & 0x00ff00ff) << 8);
-}
-
-
-#define michael_block(l, r) \
-do { \
-       r ^= rotl(l, 17); \
-       l += r; \
-       r ^= xswap(l); \
-       l += r; \
-       r ^= rotl(l, 3); \
-       l += r; \
-       r ^= rotr(l, 2); \
-       l += r; \
-} while (0)
-
-
-static inline u32 michael_get32(u8 *data)
-{
-       return data[0] | (data[1] << 8) | (data[2] << 16) | (data[3] << 24);
-}
-
-
-static inline void michael_put32(u32 val, u8 *data)
-{
-       data[0] = val & 0xff;
-       data[1] = (val >> 8) & 0xff;
-       data[2] = (val >> 16) & 0xff;
-       data[3] = (val >> 24) & 0xff;
-}
-
-
-void michael_mic(u8 *key, u8 *da, u8 *sa, u8 priority,
-                u8 *data, size_t data_len, u8 *mic)
-{
-       u32 l, r, val;
-       size_t block, blocks, left;
-
-       l = michael_get32(key);
-       r = michael_get32(key + 4);
-
-       /* A pseudo header (DA, SA, Priority, 0, 0, 0) is used in Michael MIC
-        * calculation, but it is _not_ transmitted */
-       l ^= michael_get32(da);
-       michael_block(l, r);
-       l ^= da[4] | (da[5] << 8) | (sa[0] << 16) | (sa[1] << 24);
-       michael_block(l, r);
-       l ^= michael_get32(&sa[2]);
-       michael_block(l, r);
-       l ^= priority;
-       michael_block(l, r);
-
-       /* Real data */
-       blocks = data_len / 4;
-       left = data_len % 4;
-
-       for (block = 0; block < blocks; block++) {
-               l ^= michael_get32(&data[block * 4]);
-               michael_block(l, r);
-       }
-
-       /* Partial block of 0..3 bytes and padding: 0x5a + 4..7 zeros to make
-        * total length a multiple of 4. */
-       val = 0x5a;
-       while (left > 0) {
-               val <<= 8;
-               left--;
-               val |= data[blocks * 4 + left];
-       }
-       l ^= val;
-       michael_block(l, r);
-       /* last block is zero, so l ^ 0 = l */
-       michael_block(l, r);
-
-       michael_put32(l, mic);
-       michael_put32(r, mic + 4);
-}
 
+++ /dev/null
-/*
- * Michael MIC implementation - optimized for TKIP MIC operations
- * Copyright 2002-2003, Instant802 Networks, Inc.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-#ifndef MICHAEL_H
-#define MICHAEL_H
-
-#include <linux/types.h>
-
-#define MICHAEL_MIC_LEN 8
-
-void michael_mic(u8 *key, u8 *da, u8 *sa, u8 priority,
-                u8 *data, size_t data_len, u8 *mic);
-
-#endif /* MICHAEL_H */
 
+++ /dev/null
-/*
- * Copyright 2002-2005, Instant802 Networks, Inc.
- * Copyright 2005, Devicescape Software, Inc.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-#include <linux/module.h>
-#include <linux/init.h>
-#include <linux/netdevice.h>
-#include <linux/types.h>
-#include <linux/slab.h>
-#include <linux/skbuff.h>
-#include <linux/compiler.h>
-
-#include <net/mac80211.h>
-#include "ieee80211_i.h"
-#include "ieee80211_rate.h"
-#include "debugfs.h"
-
-
-/* This is a minimal implementation of TX rate controlling that can be used
- * as the default when no improved mechanisms are available. */
-
-
-#define RATE_CONTROL_EMERG_DEC 2
-#define RATE_CONTROL_INTERVAL (HZ / 20)
-#define RATE_CONTROL_MIN_TX 10
-
-MODULE_ALIAS("rc80211_default");
-
-static void rate_control_rate_inc(struct ieee80211_local *local,
-                                 struct sta_info *sta)
-{
-       struct ieee80211_sub_if_data *sdata;
-       struct ieee80211_hw_mode *mode;
-       int i = sta->txrate;
-       int maxrate;
-
-       sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev);
-       if (sdata->bss && sdata->bss->force_unicast_rateidx > -1) {
-               /* forced unicast rate - do not change STA rate */
-               return;
-       }
-
-       mode = local->oper_hw_mode;
-       maxrate = sdata->bss ? sdata->bss->max_ratectrl_rateidx : -1;
-
-       if (i > mode->num_rates)
-               i = mode->num_rates - 2;
-
-       while (i + 1 < mode->num_rates) {
-               i++;
-               if (sta->supp_rates & BIT(i) &&
-                   mode->rates[i].flags & IEEE80211_RATE_SUPPORTED &&
-                   (maxrate < 0 || i <= maxrate)) {
-                       sta->txrate = i;
-                       break;
-               }
-       }
-}
-
-
-static void rate_control_rate_dec(struct ieee80211_local *local,
-                                 struct sta_info *sta)
-{
-       struct ieee80211_sub_if_data *sdata;
-       struct ieee80211_hw_mode *mode;
-       int i = sta->txrate;
-
-       sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev);
-       if (sdata->bss && sdata->bss->force_unicast_rateidx > -1) {
-               /* forced unicast rate - do not change STA rate */
-               return;
-       }
-
-       mode = local->oper_hw_mode;
-       if (i > mode->num_rates)
-               i = mode->num_rates;
-
-       while (i > 0) {
-               i--;
-               if (sta->supp_rates & BIT(i) &&
-                   mode->rates[i].flags & IEEE80211_RATE_SUPPORTED) {
-                       sta->txrate = i;
-                       break;
-               }
-       }
-}
-
-
-static struct ieee80211_rate *
-rate_control_lowest_rate(struct ieee80211_local *local,
-                        struct ieee80211_hw_mode *mode)
-{
-       int i;
-
-       for (i = 0; i < mode->num_rates; i++) {
-               struct ieee80211_rate *rate = &mode->rates[i];
-
-               if (rate->flags & IEEE80211_RATE_SUPPORTED)
-                       return rate;
-       }
-
-       printk(KERN_DEBUG "rate_control_lowest_rate - no supported rates "
-              "found\n");
-       return &mode->rates[0];
-}
-
-
-struct global_rate_control {
-       int dummy;
-};
-
-struct sta_rate_control {
-       unsigned long last_rate_change;
-       u32 tx_num_failures;
-       u32 tx_num_xmit;
-
-       unsigned long avg_rate_update;
-       u32 tx_avg_rate_sum;
-       u32 tx_avg_rate_num;
-
-#ifdef CONFIG_MAC80211_DEBUGFS
-       struct dentry *tx_avg_rate_sum_dentry;
-       struct dentry *tx_avg_rate_num_dentry;
-#endif
-};
-
-
-static void rate_control_simple_tx_status(void *priv, struct net_device *dev,
-                                         struct sk_buff *skb,
-                                         struct ieee80211_tx_status *status)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
-       struct sta_info *sta;
-       struct sta_rate_control *srctrl;
-
-       sta = sta_info_get(local, hdr->addr1);
-
-       if (!sta)
-           return;
-
-       srctrl = sta->rate_ctrl_priv;
-       srctrl->tx_num_xmit++;
-       if (status->excessive_retries) {
-               srctrl->tx_num_failures++;
-               sta->tx_retry_failed++;
-               sta->tx_num_consecutive_failures++;
-               sta->tx_num_mpdu_fail++;
-       } else {
-               sta->last_ack_rssi[0] = sta->last_ack_rssi[1];
-               sta->last_ack_rssi[1] = sta->last_ack_rssi[2];
-               sta->last_ack_rssi[2] = status->ack_signal;
-               sta->tx_num_consecutive_failures = 0;
-               sta->tx_num_mpdu_ok++;
-       }
-       sta->tx_retry_count += status->retry_count;
-       sta->tx_num_mpdu_fail += status->retry_count;
-
-       if (time_after(jiffies,
-                      srctrl->last_rate_change + RATE_CONTROL_INTERVAL) &&
-               srctrl->tx_num_xmit > RATE_CONTROL_MIN_TX) {
-               u32 per_failed;
-               srctrl->last_rate_change = jiffies;
-
-               per_failed = (100 * sta->tx_num_mpdu_fail) /
-                       (sta->tx_num_mpdu_fail + sta->tx_num_mpdu_ok);
-               /* TODO: calculate average per_failed to make adjusting
-                * parameters easier */
-#if 0
-               if (net_ratelimit()) {
-                       printk(KERN_DEBUG "MPDU fail=%d ok=%d per_failed=%d\n",
-                              sta->tx_num_mpdu_fail, sta->tx_num_mpdu_ok,
-                              per_failed);
-               }
-#endif
-
-               /*
-                * XXX: Make these configurable once we have an
-                * interface to the rate control algorithms
-                */
-               if (per_failed > RATE_CONTROL_NUM_DOWN) {
-                       rate_control_rate_dec(local, sta);
-               } else if (per_failed < RATE_CONTROL_NUM_UP) {
-                       rate_control_rate_inc(local, sta);
-               }
-               srctrl->tx_avg_rate_sum += status->control.rate->rate;
-               srctrl->tx_avg_rate_num++;
-               srctrl->tx_num_failures = 0;
-               srctrl->tx_num_xmit = 0;
-       } else if (sta->tx_num_consecutive_failures >=
-                  RATE_CONTROL_EMERG_DEC) {
-               rate_control_rate_dec(local, sta);
-       }
-
-       if (srctrl->avg_rate_update + 60 * HZ < jiffies) {
-               srctrl->avg_rate_update = jiffies;
-               if (srctrl->tx_avg_rate_num > 0) {
-#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
-                       printk(KERN_DEBUG "%s: STA " MAC_FMT " Average rate: "
-                              "%d (%d/%d)\n",
-                              dev->name, MAC_ARG(sta->addr),
-                              srctrl->tx_avg_rate_sum /
-                              srctrl->tx_avg_rate_num,
-                              srctrl->tx_avg_rate_sum,
-                              srctrl->tx_avg_rate_num);
-#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
-                       srctrl->tx_avg_rate_sum = 0;
-                       srctrl->tx_avg_rate_num = 0;
-               }
-       }
-
-       sta_info_put(sta);
-}
-
-
-static struct ieee80211_rate *
-rate_control_simple_get_rate(void *priv, struct net_device *dev,
-                            struct sk_buff *skb,
-                            struct rate_control_extra *extra)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct ieee80211_sub_if_data *sdata;
-       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
-       struct ieee80211_hw_mode *mode = extra->mode;
-       struct sta_info *sta;
-       int rateidx, nonerp_idx;
-       u16 fc;
-
-       memset(extra, 0, sizeof(*extra));
-
-       fc = le16_to_cpu(hdr->frame_control);
-       if ((fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA ||
-           (hdr->addr1[0] & 0x01)) {
-               /* Send management frames and broadcast/multicast data using
-                * lowest rate. */
-               /* TODO: this could probably be improved.. */
-               return rate_control_lowest_rate(local, mode);
-       }
-
-       sta = sta_info_get(local, hdr->addr1);
-
-       if (!sta)
-               return rate_control_lowest_rate(local, mode);
-
-       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-       if (sdata->bss && sdata->bss->force_unicast_rateidx > -1)
-               sta->txrate = sdata->bss->force_unicast_rateidx;
-
-       rateidx = sta->txrate;
-
-       if (rateidx >= mode->num_rates)
-               rateidx = mode->num_rates - 1;
-
-       sta->last_txrate = rateidx;
-       nonerp_idx = rateidx;
-       while (nonerp_idx > 0 &&
-              ((mode->rates[nonerp_idx].flags & IEEE80211_RATE_ERP) ||
-               !(mode->rates[nonerp_idx].flags & IEEE80211_RATE_SUPPORTED) ||
-               !(sta->supp_rates & BIT(nonerp_idx))))
-               nonerp_idx--;
-       extra->nonerp = &mode->rates[nonerp_idx];
-
-       sta_info_put(sta);
-
-       return &mode->rates[rateidx];
-}
-
-
-static void rate_control_simple_rate_init(void *priv, void *priv_sta,
-                                         struct ieee80211_local *local,
-                                         struct sta_info *sta)
-{
-       struct ieee80211_hw_mode *mode;
-       int i;
-       sta->txrate = 0;
-       mode = local->oper_hw_mode;
-       /* TODO: This routine should consider using RSSI from previous packets
-        * as we need to have IEEE 802.1X auth succeed immediately after assoc..
-        * Until that method is implemented, we will use the lowest supported rate
-        * as a workaround, */
-       for (i = 0; i < mode->num_rates; i++) {
-               if ((sta->supp_rates & BIT(i)) &&
-                   (mode->rates[i].flags & IEEE80211_RATE_SUPPORTED)) {
-                       sta->txrate = i;
-                       break;
-               }
-       }
-}
-
-
-static void * rate_control_simple_alloc(struct ieee80211_local *local)
-{
-       struct global_rate_control *rctrl;
-
-       rctrl = kzalloc(sizeof(*rctrl), GFP_ATOMIC);
-
-       return rctrl;
-}
-
-
-static void rate_control_simple_free(void *priv)
-{
-       struct global_rate_control *rctrl = priv;
-       kfree(rctrl);
-}
-
-
-static void rate_control_simple_clear(void *priv)
-{
-}
-
-
-static void * rate_control_simple_alloc_sta(void *priv, gfp_t gfp)
-{
-       struct sta_rate_control *rctrl;
-
-       rctrl = kzalloc(sizeof(*rctrl), gfp);
-
-       return rctrl;
-}
-
-
-static void rate_control_simple_free_sta(void *priv, void *priv_sta)
-{
-       struct sta_rate_control *rctrl = priv_sta;
-       kfree(rctrl);
-}
-
-#ifdef CONFIG_MAC80211_DEBUGFS
-
-static int open_file_generic(struct inode *inode, struct file *file)
-{
-       file->private_data = inode->i_private;
-       return 0;
-}
-
-static ssize_t sta_tx_avg_rate_sum_read(struct file *file,
-                                       char __user *userbuf,
-                                       size_t count, loff_t *ppos)
-{
-       struct sta_rate_control *srctrl = file->private_data;
-       char buf[20];
-
-       sprintf(buf, "%d\n", srctrl->tx_avg_rate_sum);
-       return simple_read_from_buffer(userbuf, count, ppos, buf, strlen(buf));
-}
-
-static const struct file_operations sta_tx_avg_rate_sum_ops = {
-       .read = sta_tx_avg_rate_sum_read,
-       .open = open_file_generic,
-};
-
-static ssize_t sta_tx_avg_rate_num_read(struct file *file,
-                                       char __user *userbuf,
-                                       size_t count, loff_t *ppos)
-{
-       struct sta_rate_control *srctrl = file->private_data;
-       char buf[20];
-
-       sprintf(buf, "%d\n", srctrl->tx_avg_rate_num);
-       return simple_read_from_buffer(userbuf, count, ppos, buf, strlen(buf));
-}
-
-static const struct file_operations sta_tx_avg_rate_num_ops = {
-       .read = sta_tx_avg_rate_num_read,
-       .open = open_file_generic,
-};
-
-static void rate_control_simple_add_sta_debugfs(void *priv, void *priv_sta,
-                                               struct dentry *dir)
-{
-       struct sta_rate_control *srctrl = priv_sta;
-
-       srctrl->tx_avg_rate_num_dentry =
-               debugfs_create_file("rc_simple_sta_tx_avg_rate_num", 0400,
-                                   dir, srctrl, &sta_tx_avg_rate_num_ops);
-       srctrl->tx_avg_rate_sum_dentry =
-               debugfs_create_file("rc_simple_sta_tx_avg_rate_sum", 0400,
-                                   dir, srctrl, &sta_tx_avg_rate_sum_ops);
-}
-
-static void rate_control_simple_remove_sta_debugfs(void *priv, void *priv_sta)
-{
-       struct sta_rate_control *srctrl = priv_sta;
-
-       debugfs_remove(srctrl->tx_avg_rate_sum_dentry);
-       debugfs_remove(srctrl->tx_avg_rate_num_dentry);
-}
-#endif
-
-static struct rate_control_ops rate_control_simple = {
-       .module = THIS_MODULE,
-       .name = "simple",
-       .tx_status = rate_control_simple_tx_status,
-       .get_rate = rate_control_simple_get_rate,
-       .rate_init = rate_control_simple_rate_init,
-       .clear = rate_control_simple_clear,
-       .alloc = rate_control_simple_alloc,
-       .free = rate_control_simple_free,
-       .alloc_sta = rate_control_simple_alloc_sta,
-       .free_sta = rate_control_simple_free_sta,
-#ifdef CONFIG_MAC80211_DEBUGFS
-       .add_sta_debugfs = rate_control_simple_add_sta_debugfs,
-       .remove_sta_debugfs = rate_control_simple_remove_sta_debugfs,
-#endif
-};
-
-
-static int __init rate_control_simple_init(void)
-{
-       return ieee80211_rate_control_register(&rate_control_simple);
-}
-
-
-static void __exit rate_control_simple_exit(void)
-{
-       ieee80211_rate_control_unregister(&rate_control_simple);
-}
-
-
-subsys_initcall(rate_control_simple_init);
-module_exit(rate_control_simple_exit);
-
-MODULE_DESCRIPTION("Simple rate control algorithm for ieee80211");
-MODULE_LICENSE("GPL");
 
+++ /dev/null
-/*
- * Copyright 2002-2005, Instant802 Networks, Inc.
- * Copyright 2005-2006, Devicescape Software, Inc.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-/*
- * This regulatory domain control implementation is known to be incomplete
- * and confusing. mac80211 regulatory domain control will be significantly
- * reworked in the not-too-distant future.
- *
- * For now, drivers wishing to control which channels are and aren't available
- * are advised as follows:
- *  - set the IEEE80211_HW_DEFAULT_REG_DOMAIN_CONFIGURED flag
- *  - continue to include *ALL* possible channels in the modes registered
- *    through ieee80211_register_hwmode()
- *  - for each allowable ieee80211_channel structure registered in the above
- *    call, set the flag member to some meaningful value such as
- *    IEEE80211_CHAN_W_SCAN | IEEE80211_CHAN_W_ACTIVE_SCAN |
- *    IEEE80211_CHAN_W_IBSS.
- *  - leave flag as 0 for non-allowable channels
- *
- * The usual implementation is for a driver to read a device EEPROM to
- * determine which regulatory domain it should be operating under, then
- * looking up the allowable channels in a driver-local table, then performing
- * the above.
- */
-
-#include <linux/module.h>
-#include <linux/netdevice.h>
-#include <net/mac80211.h>
-#include "ieee80211_i.h"
-
-static int ieee80211_regdom = 0x10; /* FCC */
-module_param(ieee80211_regdom, int, 0444);
-MODULE_PARM_DESC(ieee80211_regdom, "IEEE 802.11 regulatory domain; 64=MKK");
-
-/*
- * If firmware is upgraded by the vendor, additional channels can be used based
- * on the new Japanese regulatory rules. This is indicated by setting
- * ieee80211_japan_5ghz module parameter to one when loading the 80211 kernel
- * module.
- */
-static int ieee80211_japan_5ghz /* = 0 */;
-module_param(ieee80211_japan_5ghz, int, 0444);
-MODULE_PARM_DESC(ieee80211_japan_5ghz, "Vendor-updated firmware for 5 GHz");
-
-
-struct ieee80211_channel_range {
-       short start_freq;
-       short end_freq;
-       unsigned char power_level;
-       unsigned char antenna_max;
-};
-
-static const struct ieee80211_channel_range ieee80211_fcc_channels[] = {
-       { 2412, 2462, 27, 6 } /* IEEE 802.11b/g, channels 1..11 */,
-       { 5180, 5240, 17, 6 } /* IEEE 802.11a, channels 36..48 */,
-       { 5260, 5320, 23, 6 } /* IEEE 802.11a, channels 52..64 */,
-       { 5745, 5825, 30, 6 } /* IEEE 802.11a, channels 149..165, outdoor */,
-       { 0 }
-};
-
-static const struct ieee80211_channel_range ieee80211_mkk_channels[] = {
-       { 2412, 2472, 20, 6 } /* IEEE 802.11b/g, channels 1..13 */,
-       { 5170, 5240, 20, 6 } /* IEEE 802.11a, channels 34..48 */,
-       { 5260, 5320, 20, 6 } /* IEEE 802.11a, channels 52..64 */,
-       { 0 }
-};
-
-
-static const struct ieee80211_channel_range *channel_range =
-       ieee80211_fcc_channels;
-
-
-static void ieee80211_unmask_channel(int mode, struct ieee80211_channel *chan)
-{
-       int i;
-
-       chan->flag = 0;
-
-       for (i = 0; channel_range[i].start_freq; i++) {
-               const struct ieee80211_channel_range *r = &channel_range[i];
-               if (r->start_freq <= chan->freq && r->end_freq >= chan->freq) {
-                       if (ieee80211_regdom == 64 && !ieee80211_japan_5ghz &&
-                           chan->freq >= 5260 && chan->freq <= 5320) {
-                               /*
-                                * Skip new channels in Japan since the
-                                * firmware was not marked having been upgraded
-                                * by the vendor.
-                                */
-                               continue;
-                       }
-
-                       if (ieee80211_regdom == 0x10 &&
-                           (chan->freq == 5190 || chan->freq == 5210 ||
-                            chan->freq == 5230)) {
-                                   /* Skip MKK channels when in FCC domain. */
-                                   continue;
-                       }
-
-                       chan->flag |= IEEE80211_CHAN_W_SCAN |
-                               IEEE80211_CHAN_W_ACTIVE_SCAN |
-                               IEEE80211_CHAN_W_IBSS;
-                       chan->power_level = r->power_level;
-                       chan->antenna_max = r->antenna_max;
-
-                       if (ieee80211_regdom == 64 &&
-                           (chan->freq == 5170 || chan->freq == 5190 ||
-                            chan->freq == 5210 || chan->freq == 5230)) {
-                               /*
-                                * New regulatory rules in Japan have backwards
-                                * compatibility with old channels in 5.15-5.25
-                                * GHz band, but the station is not allowed to
-                                * use active scan on these old channels.
-                                */
-                               chan->flag &= ~IEEE80211_CHAN_W_ACTIVE_SCAN;
-                       }
-
-                       if (ieee80211_regdom == 64 &&
-                           (chan->freq == 5260 || chan->freq == 5280 ||
-                            chan->freq == 5300 || chan->freq == 5320)) {
-                               /*
-                                * IBSS is not allowed on 5.25-5.35 GHz band
-                                * due to radar detection requirements.
-                                */
-                               chan->flag &= ~IEEE80211_CHAN_W_IBSS;
-                       }
-
-                       break;
-               }
-       }
-}
-
-
-void ieee80211_set_default_regdomain(struct ieee80211_hw_mode *mode)
-{
-       int c;
-       for (c = 0; c < mode->num_channels; c++)
-               ieee80211_unmask_channel(mode->mode, &mode->channels[c]);
-}
-
-
-void ieee80211_regdomain_init(void)
-{
-       if (ieee80211_regdom == 0x40)
-               channel_range = ieee80211_mkk_channels;
-}
-
 
+++ /dev/null
-/*
- * Copyright 2002-2005, Instant802 Networks, Inc.
- * Copyright 2005-2006, Devicescape Software, Inc.
- * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
- * Copyright 2007      Johannes Berg <johannes@sipsolutions.net>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-#include <linux/kernel.h>
-#include <linux/skbuff.h>
-#include <linux/netdevice.h>
-#include <linux/etherdevice.h>
-#include <linux/rcupdate.h>
-#include <net/mac80211.h>
-#include <net/ieee80211_radiotap.h>
-
-#include "ieee80211_i.h"
-#include "ieee80211_led.h"
-#include "wep.h"
-#include "wpa.h"
-#include "tkip.h"
-#include "wme.h"
-
-/*
- * monitor mode reception
- *
- * This function cleans up the SKB, i.e. it removes all the stuff
- * only useful for monitoring.
- */
-static struct sk_buff *remove_monitor_info(struct ieee80211_local *local,
-                                          struct sk_buff *skb,
-                                          int rtap_len)
-{
-       skb_pull(skb, rtap_len);
-
-       if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS) {
-               if (likely(skb->len > FCS_LEN))
-                       skb_trim(skb, skb->len - FCS_LEN);
-               else {
-                       /* driver bug */
-                       WARN_ON(1);
-                       dev_kfree_skb(skb);
-                       skb = NULL;
-               }
-       }
-
-       return skb;
-}
-
-static inline int should_drop_frame(struct ieee80211_rx_status *status,
-                                   struct sk_buff *skb,
-                                   int present_fcs_len,
-                                   int radiotap_len)
-{
-       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
-
-       if (status->flag & (RX_FLAG_FAILED_FCS_CRC | RX_FLAG_FAILED_PLCP_CRC))
-               return 1;
-       if (unlikely(skb->len < 16 + present_fcs_len + radiotap_len))
-               return 1;
-       if ((hdr->frame_control & cpu_to_le16(IEEE80211_FCTL_FTYPE)) ==
-                       cpu_to_le16(IEEE80211_FTYPE_CTL))
-               return 1;
-       return 0;
-}
-
-/*
- * This function copies a received frame to all monitor interfaces and
- * returns a cleaned-up SKB that no longer includes the FCS nor the
- * radiotap header the driver might have added.
- */
-static struct sk_buff *
-ieee80211_rx_monitor(struct ieee80211_local *local, struct sk_buff *origskb,
-                    struct ieee80211_rx_status *status)
-{
-       struct ieee80211_sub_if_data *sdata;
-       struct ieee80211_rate *rate;
-       int needed_headroom = 0;
-       struct ieee80211_rtap_hdr {
-               struct ieee80211_radiotap_header hdr;
-               u8 flags;
-               u8 rate;
-               __le16 chan_freq;
-               __le16 chan_flags;
-               u8 antsignal;
-               u8 padding_for_rxflags;
-               __le16 rx_flags;
-       } __attribute__ ((packed)) *rthdr;
-       struct sk_buff *skb, *skb2;
-       struct net_device *prev_dev = NULL;
-       int present_fcs_len = 0;
-       int rtap_len = 0;
-
-       /*
-        * First, we may need to make a copy of the skb because
-        *  (1) we need to modify it for radiotap (if not present), and
-        *  (2) the other RX handlers will modify the skb we got.
-        *
-        * We don't need to, of course, if we aren't going to return
-        * the SKB because it has a bad FCS/PLCP checksum.
-        */
-       if (status->flag & RX_FLAG_RADIOTAP)
-               rtap_len = ieee80211_get_radiotap_len(origskb->data);
-       else
-               needed_headroom = sizeof(*rthdr);
-
-       if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS)
-               present_fcs_len = FCS_LEN;
-
-       if (!local->monitors) {
-               if (should_drop_frame(status, origskb, present_fcs_len,
-                                     rtap_len)) {
-                       dev_kfree_skb(origskb);
-                       return NULL;
-               }
-
-               return remove_monitor_info(local, origskb, rtap_len);
-       }
-
-       if (should_drop_frame(status, origskb, present_fcs_len, rtap_len)) {
-               /* only need to expand headroom if necessary */
-               skb = origskb;
-               origskb = NULL;
-
-               /*
-                * This shouldn't trigger often because most devices have an
-                * RX header they pull before we get here, and that should
-                * be big enough for our radiotap information. We should
-                * probably export the length to drivers so that we can have
-                * them allocate enough headroom to start with.
-                */
-               if (skb_headroom(skb) < needed_headroom &&
-                   pskb_expand_head(skb, sizeof(*rthdr), 0, GFP_ATOMIC)) {
-                       dev_kfree_skb(skb);
-                       return NULL;
-               }
-       } else {
-               /*
-                * Need to make a copy and possibly remove radiotap header
-                * and FCS from the original.
-                */
-               skb = skb_copy_expand(origskb, needed_headroom, 0, GFP_ATOMIC);
-
-               origskb = remove_monitor_info(local, origskb, rtap_len);
-
-               if (!skb)
-                       return origskb;
-       }
-
-       /* if necessary, prepend radiotap information */
-       if (!(status->flag & RX_FLAG_RADIOTAP)) {
-               rthdr = (void *) skb_push(skb, sizeof(*rthdr));
-               memset(rthdr, 0, sizeof(*rthdr));
-               rthdr->hdr.it_len = cpu_to_le16(sizeof(*rthdr));
-               rthdr->hdr.it_present =
-                       cpu_to_le32((1 << IEEE80211_RADIOTAP_FLAGS) |
-                                   (1 << IEEE80211_RADIOTAP_RATE) |
-                                   (1 << IEEE80211_RADIOTAP_CHANNEL) |
-                                   (1 << IEEE80211_RADIOTAP_DB_ANTSIGNAL) |
-                                   (1 << IEEE80211_RADIOTAP_RX_FLAGS));
-               rthdr->flags = local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS ?
-                              IEEE80211_RADIOTAP_F_FCS : 0;
-
-               /* FIXME: when radiotap gets a 'bad PLCP' flag use it here */
-               rthdr->rx_flags = 0;
-               if (status->flag &
-                   (RX_FLAG_FAILED_FCS_CRC | RX_FLAG_FAILED_PLCP_CRC))
-                       rthdr->rx_flags |=
-                               cpu_to_le16(IEEE80211_RADIOTAP_F_RX_BADFCS);
-
-               rate = ieee80211_get_rate(local, status->phymode,
-                                         status->rate);
-               if (rate)
-                       rthdr->rate = rate->rate / 5;
-
-               rthdr->chan_freq = cpu_to_le16(status->freq);
-
-               if (status->phymode == MODE_IEEE80211A)
-                       rthdr->chan_flags =
-                               cpu_to_le16(IEEE80211_CHAN_OFDM |
-                                           IEEE80211_CHAN_5GHZ);
-               else
-                       rthdr->chan_flags =
-                               cpu_to_le16(IEEE80211_CHAN_DYN |
-                                           IEEE80211_CHAN_2GHZ);
-
-               rthdr->antsignal = status->ssi;
-       }
-
-       skb_set_mac_header(skb, 0);
-       skb->ip_summed = CHECKSUM_UNNECESSARY;
-       skb->pkt_type = PACKET_OTHERHOST;
-       skb->protocol = htons(ETH_P_802_2);
-
-       list_for_each_entry_rcu(sdata, &local->interfaces, list) {
-               if (!netif_running(sdata->dev))
-                       continue;
-
-               if (sdata->type != IEEE80211_IF_TYPE_MNTR)
-                       continue;
-
-               if (prev_dev) {
-                       skb2 = skb_clone(skb, GFP_ATOMIC);
-                       if (skb2) {
-                               skb2->dev = prev_dev;
-                               netif_rx(skb2);
-                       }
-               }
-
-               prev_dev = sdata->dev;
-               sdata->dev->stats.rx_packets++;
-               sdata->dev->stats.rx_bytes += skb->len;
-       }
-
-       if (prev_dev) {
-               skb->dev = prev_dev;
-               netif_rx(skb);
-       } else
-               dev_kfree_skb(skb);
-
-       return origskb;
-}
-
-
-/* pre-rx handlers
- *
- * these don't have dev/sdata fields in the rx data
- * The sta value should also not be used because it may
- * be NULL even though a STA (in IBSS mode) will be added.
- */
-
-static ieee80211_txrx_result
-ieee80211_rx_h_parse_qos(struct ieee80211_txrx_data *rx)
-{
-       u8 *data = rx->skb->data;
-       int tid;
-
-       /* does the frame have a qos control field? */
-       if (WLAN_FC_IS_QOS_DATA(rx->fc)) {
-               u8 *qc = data + ieee80211_get_hdrlen(rx->fc) - QOS_CONTROL_LEN;
-               /* frame has qos control */
-               tid = qc[0] & QOS_CONTROL_TID_MASK;
-       } else {
-               if (unlikely((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_MGMT)) {
-                       /* Separate TID for management frames */
-                       tid = NUM_RX_DATA_QUEUES - 1;
-               } else {
-                       /* no qos control present */
-                       tid = 0; /* 802.1d - Best Effort */
-               }
-       }
-
-       I802_DEBUG_INC(rx->local->wme_rx_queue[tid]);
-       /* only a debug counter, sta might not be assigned properly yet */
-       if (rx->sta)
-               I802_DEBUG_INC(rx->sta->wme_rx_queue[tid]);
-
-       rx->u.rx.queue = tid;
-       /* Set skb->priority to 1d tag if highest order bit of TID is not set.
-        * For now, set skb->priority to 0 for other cases. */
-       rx->skb->priority = (tid > 7) ? 0 : tid;
-
-       return TXRX_CONTINUE;
-}
-
-static ieee80211_txrx_result
-ieee80211_rx_h_load_stats(struct ieee80211_txrx_data *rx)
-{
-       struct ieee80211_local *local = rx->local;
-       struct sk_buff *skb = rx->skb;
-       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
-       u32 load = 0, hdrtime;
-       struct ieee80211_rate *rate;
-       struct ieee80211_hw_mode *mode = local->hw.conf.mode;
-       int i;
-
-       /* Estimate total channel use caused by this frame */
-
-       if (unlikely(mode->num_rates < 0))
-               return TXRX_CONTINUE;
-
-       rate = &mode->rates[0];
-       for (i = 0; i < mode->num_rates; i++) {
-               if (mode->rates[i].val == rx->u.rx.status->rate) {
-                       rate = &mode->rates[i];
-                       break;
-               }
-       }
-
-       /* 1 bit at 1 Mbit/s takes 1 usec; in channel_use values,
-        * 1 usec = 1/8 * (1080 / 10) = 13.5 */
-
-       if (mode->mode == MODE_IEEE80211A ||
-           (mode->mode == MODE_IEEE80211G &&
-            rate->flags & IEEE80211_RATE_ERP))
-               hdrtime = CHAN_UTIL_HDR_SHORT;
-       else
-               hdrtime = CHAN_UTIL_HDR_LONG;
-
-       load = hdrtime;
-       if (!is_multicast_ether_addr(hdr->addr1))
-               load += hdrtime;
-
-       load += skb->len * rate->rate_inv;
-
-       /* Divide channel_use by 8 to avoid wrapping around the counter */
-       load >>= CHAN_UTIL_SHIFT;
-       local->channel_use_raw += load;
-       rx->u.rx.load = load;
-
-       return TXRX_CONTINUE;
-}
-
-ieee80211_rx_handler ieee80211_rx_pre_handlers[] =
-{
-       ieee80211_rx_h_parse_qos,
-       ieee80211_rx_h_load_stats,
-       NULL
-};
-
-/* rx handlers */
-
-static ieee80211_txrx_result
-ieee80211_rx_h_if_stats(struct ieee80211_txrx_data *rx)
-{
-       if (rx->sta)
-               rx->sta->channel_use_raw += rx->u.rx.load;
-       rx->sdata->channel_use_raw += rx->u.rx.load;
-       return TXRX_CONTINUE;
-}
-
-static ieee80211_txrx_result
-ieee80211_rx_h_passive_scan(struct ieee80211_txrx_data *rx)
-{
-       struct ieee80211_local *local = rx->local;
-       struct sk_buff *skb = rx->skb;
-
-       if (unlikely(local->sta_scanning != 0)) {
-               ieee80211_sta_rx_scan(rx->dev, skb, rx->u.rx.status);
-               return TXRX_QUEUED;
-       }
-
-       if (unlikely(rx->flags & IEEE80211_TXRXD_RXIN_SCAN)) {
-               /* scanning finished during invoking of handlers */
-               I802_DEBUG_INC(local->rx_handlers_drop_passive_scan);
-               return TXRX_DROP;
-       }
-
-       return TXRX_CONTINUE;
-}
-
-static ieee80211_txrx_result
-ieee80211_rx_h_check(struct ieee80211_txrx_data *rx)
-{
-       struct ieee80211_hdr *hdr;
-       hdr = (struct ieee80211_hdr *) rx->skb->data;
-
-       /* Drop duplicate 802.11 retransmissions (IEEE 802.11 Chap. 9.2.9) */
-       if (rx->sta && !is_multicast_ether_addr(hdr->addr1)) {
-               if (unlikely(rx->fc & IEEE80211_FCTL_RETRY &&
-                            rx->sta->last_seq_ctrl[rx->u.rx.queue] ==
-                            hdr->seq_ctrl)) {
-                       if (rx->flags & IEEE80211_TXRXD_RXRA_MATCH) {
-                               rx->local->dot11FrameDuplicateCount++;
-                               rx->sta->num_duplicates++;
-                       }
-                       return TXRX_DROP;
-               } else
-                       rx->sta->last_seq_ctrl[rx->u.rx.queue] = hdr->seq_ctrl;
-       }
-
-       if (unlikely(rx->skb->len < 16)) {
-               I802_DEBUG_INC(rx->local->rx_handlers_drop_short);
-               return TXRX_DROP;
-       }
-
-       if (!(rx->flags & IEEE80211_TXRXD_RXRA_MATCH))
-               rx->skb->pkt_type = PACKET_OTHERHOST;
-       else if (compare_ether_addr(rx->dev->dev_addr, hdr->addr1) == 0)
-               rx->skb->pkt_type = PACKET_HOST;
-       else if (is_multicast_ether_addr(hdr->addr1)) {
-               if (is_broadcast_ether_addr(hdr->addr1))
-                       rx->skb->pkt_type = PACKET_BROADCAST;
-               else
-                       rx->skb->pkt_type = PACKET_MULTICAST;
-       } else
-               rx->skb->pkt_type = PACKET_OTHERHOST;
-
-       /* Drop disallowed frame classes based on STA auth/assoc state;
-        * IEEE 802.11, Chap 5.5.
-        *
-        * 80211.o does filtering only based on association state, i.e., it
-        * drops Class 3 frames from not associated stations. hostapd sends
-        * deauth/disassoc frames when needed. In addition, hostapd is
-        * responsible for filtering on both auth and assoc states.
-        */
-       if (unlikely(((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA ||
-                     ((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_CTL &&
-                      (rx->fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_PSPOLL)) &&
-                    rx->sdata->type != IEEE80211_IF_TYPE_IBSS &&
-                    (!rx->sta || !(rx->sta->flags & WLAN_STA_ASSOC)))) {
-               if ((!(rx->fc & IEEE80211_FCTL_FROMDS) &&
-                    !(rx->fc & IEEE80211_FCTL_TODS) &&
-                    (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA)
-                   || !(rx->flags & IEEE80211_TXRXD_RXRA_MATCH)) {
-                       /* Drop IBSS frames and frames for other hosts
-                        * silently. */
-                       return TXRX_DROP;
-               }
-
-               return TXRX_DROP;
-       }
-
-       return TXRX_CONTINUE;
-}
-
-
-static ieee80211_txrx_result
-ieee80211_rx_h_decrypt(struct ieee80211_txrx_data *rx)
-{
-       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
-       int keyidx;
-       int hdrlen;
-       ieee80211_txrx_result result = TXRX_DROP;
-       struct ieee80211_key *stakey = NULL;
-
-       /*
-        * Key selection 101
-        *
-        * There are three types of keys:
-        *  - GTK (group keys)
-        *  - PTK (pairwise keys)
-        *  - STK (station-to-station pairwise keys)
-        *
-        * When selecting a key, we have to distinguish between multicast
-        * (including broadcast) and unicast frames, the latter can only
-        * use PTKs and STKs while the former always use GTKs. Unless, of
-        * course, actual WEP keys ("pre-RSNA") are used, then unicast
-        * frames can also use key indizes like GTKs. Hence, if we don't
-        * have a PTK/STK we check the key index for a WEP key.
-        *
-        * Note that in a regular BSS, multicast frames are sent by the
-        * AP only, associated stations unicast the frame to the AP first
-        * which then multicasts it on their behalf.
-        *
-        * There is also a slight problem in IBSS mode: GTKs are negotiated
-        * with each station, that is something we don't currently handle.
-        * The spec seems to expect that one negotiates the same key with
-        * every station but there's no such requirement; VLANs could be
-        * possible.
-        */
-
-       if (!(rx->fc & IEEE80211_FCTL_PROTECTED))
-               return TXRX_CONTINUE;
-
-       /*
-        * No point in finding a key and decrypting if the frame is neither
-        * addressed to us nor a multicast frame.
-        */
-       if (!(rx->flags & IEEE80211_TXRXD_RXRA_MATCH))
-               return TXRX_CONTINUE;
-
-       if (rx->sta)
-               stakey = rcu_dereference(rx->sta->key);
-
-       if (!is_multicast_ether_addr(hdr->addr1) && stakey) {
-               rx->key = stakey;
-       } else {
-               /*
-                * The device doesn't give us the IV so we won't be
-                * able to look up the key. That's ok though, we
-                * don't need to decrypt the frame, we just won't
-                * be able to keep statistics accurate.
-                * Except for key threshold notifications, should
-                * we somehow allow the driver to tell us which key
-                * the hardware used if this flag is set?
-                */
-               if ((rx->u.rx.status->flag & RX_FLAG_DECRYPTED) &&
-                   (rx->u.rx.status->flag & RX_FLAG_IV_STRIPPED))
-                       return TXRX_CONTINUE;
-
-               hdrlen = ieee80211_get_hdrlen(rx->fc);
-
-               if (rx->skb->len < 8 + hdrlen)
-                       return TXRX_DROP; /* TODO: count this? */
-
-               /*
-                * no need to call ieee80211_wep_get_keyidx,
-                * it verifies a bunch of things we've done already
-                */
-               keyidx = rx->skb->data[hdrlen + 3] >> 6;
-
-               rx->key = rcu_dereference(rx->sdata->keys[keyidx]);
-
-               /*
-                * RSNA-protected unicast frames should always be sent with
-                * pairwise or station-to-station keys, but for WEP we allow
-                * using a key index as well.
-                */
-               if (rx->key && rx->key->conf.alg != ALG_WEP &&
-                   !is_multicast_ether_addr(hdr->addr1))
-                       rx->key = NULL;
-       }
-
-       if (rx->key) {
-               rx->key->tx_rx_count++;
-               /* TODO: add threshold stuff again */
-       } else {
-               if (net_ratelimit())
-                       printk(KERN_DEBUG "%s: RX protected frame,"
-                              " but have no key\n", rx->dev->name);
-               return TXRX_DROP;
-       }
-
-       /* Check for weak IVs if possible */
-       if (rx->sta && rx->key->conf.alg == ALG_WEP &&
-           ((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA) &&
-           (!(rx->u.rx.status->flag & RX_FLAG_IV_STRIPPED) ||
-            !(rx->u.rx.status->flag & RX_FLAG_DECRYPTED)) &&
-           ieee80211_wep_is_weak_iv(rx->skb, rx->key))
-               rx->sta->wep_weak_iv_count++;
-
-       switch (rx->key->conf.alg) {
-       case ALG_WEP:
-               result = ieee80211_crypto_wep_decrypt(rx);
-               break;
-       case ALG_TKIP:
-               result = ieee80211_crypto_tkip_decrypt(rx);
-               break;
-       case ALG_CCMP:
-               result = ieee80211_crypto_ccmp_decrypt(rx);
-               break;
-       }
-
-       /* either the frame has been decrypted or will be dropped */
-       rx->u.rx.status->flag |= RX_FLAG_DECRYPTED;
-
-       return result;
-}
-
-static void ap_sta_ps_start(struct net_device *dev, struct sta_info *sta)
-{
-       struct ieee80211_sub_if_data *sdata;
-       sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev);
-
-       if (sdata->bss)
-               atomic_inc(&sdata->bss->num_sta_ps);
-       sta->flags |= WLAN_STA_PS;
-       sta->pspoll = 0;
-#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
-       printk(KERN_DEBUG "%s: STA " MAC_FMT " aid %d enters power "
-              "save mode\n", dev->name, MAC_ARG(sta->addr), sta->aid);
-#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
-}
-
-static int ap_sta_ps_end(struct net_device *dev, struct sta_info *sta)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct sk_buff *skb;
-       int sent = 0;
-       struct ieee80211_sub_if_data *sdata;
-       struct ieee80211_tx_packet_data *pkt_data;
-
-       sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev);
-       if (sdata->bss)
-               atomic_dec(&sdata->bss->num_sta_ps);
-       sta->flags &= ~(WLAN_STA_PS | WLAN_STA_TIM);
-       sta->pspoll = 0;
-       if (!skb_queue_empty(&sta->ps_tx_buf)) {
-               if (local->ops->set_tim)
-                       local->ops->set_tim(local_to_hw(local), sta->aid, 0);
-               if (sdata->bss)
-                       bss_tim_clear(local, sdata->bss, sta->aid);
-       }
-#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
-       printk(KERN_DEBUG "%s: STA " MAC_FMT " aid %d exits power "
-              "save mode\n", dev->name, MAC_ARG(sta->addr), sta->aid);
-#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
-       /* Send all buffered frames to the station */
-       while ((skb = skb_dequeue(&sta->tx_filtered)) != NULL) {
-               pkt_data = (struct ieee80211_tx_packet_data *) skb->cb;
-               sent++;
-               pkt_data->flags |= IEEE80211_TXPD_REQUEUE;
-               dev_queue_xmit(skb);
-       }
-       while ((skb = skb_dequeue(&sta->ps_tx_buf)) != NULL) {
-               pkt_data = (struct ieee80211_tx_packet_data *) skb->cb;
-               local->total_ps_buffered--;
-               sent++;
-#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
-               printk(KERN_DEBUG "%s: STA " MAC_FMT " aid %d send PS frame "
-                      "since STA not sleeping anymore\n", dev->name,
-                      MAC_ARG(sta->addr), sta->aid);
-#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
-               pkt_data->flags |= IEEE80211_TXPD_REQUEUE;
-               dev_queue_xmit(skb);
-       }
-
-       return sent;
-}
-
-static ieee80211_txrx_result
-ieee80211_rx_h_sta_process(struct ieee80211_txrx_data *rx)
-{
-       struct sta_info *sta = rx->sta;
-       struct net_device *dev = rx->dev;
-       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
-
-       if (!sta)
-               return TXRX_CONTINUE;
-
-       /* Update last_rx only for IBSS packets which are for the current
-        * BSSID to avoid keeping the current IBSS network alive in cases where
-        * other STAs are using different BSSID. */
-       if (rx->sdata->type == IEEE80211_IF_TYPE_IBSS) {
-               u8 *bssid = ieee80211_get_bssid(hdr, rx->skb->len);
-               if (compare_ether_addr(bssid, rx->sdata->u.sta.bssid) == 0)
-                       sta->last_rx = jiffies;
-       } else
-       if (!is_multicast_ether_addr(hdr->addr1) ||
-           rx->sdata->type == IEEE80211_IF_TYPE_STA) {
-               /* Update last_rx only for unicast frames in order to prevent
-                * the Probe Request frames (the only broadcast frames from a
-                * STA in infrastructure mode) from keeping a connection alive.
-                */
-               sta->last_rx = jiffies;
-       }
-
-       if (!(rx->flags & IEEE80211_TXRXD_RXRA_MATCH))
-               return TXRX_CONTINUE;
-
-       sta->rx_fragments++;
-       sta->rx_bytes += rx->skb->len;
-       sta->last_rssi = rx->u.rx.status->ssi;
-       sta->last_signal = rx->u.rx.status->signal;
-       sta->last_noise = rx->u.rx.status->noise;
-
-       if (!(rx->fc & IEEE80211_FCTL_MOREFRAGS)) {
-               /* Change STA power saving mode only in the end of a frame
-                * exchange sequence */
-               if ((sta->flags & WLAN_STA_PS) && !(rx->fc & IEEE80211_FCTL_PM))
-                       rx->u.rx.sent_ps_buffered += ap_sta_ps_end(dev, sta);
-               else if (!(sta->flags & WLAN_STA_PS) &&
-                        (rx->fc & IEEE80211_FCTL_PM))
-                       ap_sta_ps_start(dev, sta);
-       }
-
-       /* Drop data::nullfunc frames silently, since they are used only to
-        * control station power saving mode. */
-       if ((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
-           (rx->fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_NULLFUNC) {
-               I802_DEBUG_INC(rx->local->rx_handlers_drop_nullfunc);
-               /* Update counter and free packet here to avoid counting this
-                * as a dropped packed. */
-               sta->rx_packets++;
-               dev_kfree_skb(rx->skb);
-               return TXRX_QUEUED;
-       }
-
-       return TXRX_CONTINUE;
-} /* ieee80211_rx_h_sta_process */
-
-static inline struct ieee80211_fragment_entry *
-ieee80211_reassemble_add(struct ieee80211_sub_if_data *sdata,
-                        unsigned int frag, unsigned int seq, int rx_queue,
-                        struct sk_buff **skb)
-{
-       struct ieee80211_fragment_entry *entry;
-       int idx;
-
-       idx = sdata->fragment_next;
-       entry = &sdata->fragments[sdata->fragment_next++];
-       if (sdata->fragment_next >= IEEE80211_FRAGMENT_MAX)
-               sdata->fragment_next = 0;
-
-       if (!skb_queue_empty(&entry->skb_list)) {
-#ifdef CONFIG_MAC80211_DEBUG
-               struct ieee80211_hdr *hdr =
-                       (struct ieee80211_hdr *) entry->skb_list.next->data;
-               printk(KERN_DEBUG "%s: RX reassembly removed oldest "
-                      "fragment entry (idx=%d age=%lu seq=%d last_frag=%d "
-                      "addr1=" MAC_FMT " addr2=" MAC_FMT "\n",
-                      sdata->dev->name, idx,
-                      jiffies - entry->first_frag_time, entry->seq,
-                      entry->last_frag, MAC_ARG(hdr->addr1),
-                      MAC_ARG(hdr->addr2));
-#endif /* CONFIG_MAC80211_DEBUG */
-               __skb_queue_purge(&entry->skb_list);
-       }
-
-       __skb_queue_tail(&entry->skb_list, *skb); /* no need for locking */
-       *skb = NULL;
-       entry->first_frag_time = jiffies;
-       entry->seq = seq;
-       entry->rx_queue = rx_queue;
-       entry->last_frag = frag;
-       entry->ccmp = 0;
-       entry->extra_len = 0;
-
-       return entry;
-}
-
-static inline struct ieee80211_fragment_entry *
-ieee80211_reassemble_find(struct ieee80211_sub_if_data *sdata,
-                         u16 fc, unsigned int frag, unsigned int seq,
-                         int rx_queue, struct ieee80211_hdr *hdr)
-{
-       struct ieee80211_fragment_entry *entry;
-       int i, idx;
-
-       idx = sdata->fragment_next;
-       for (i = 0; i < IEEE80211_FRAGMENT_MAX; i++) {
-               struct ieee80211_hdr *f_hdr;
-               u16 f_fc;
-
-               idx--;
-               if (idx < 0)
-                       idx = IEEE80211_FRAGMENT_MAX - 1;
-
-               entry = &sdata->fragments[idx];
-               if (skb_queue_empty(&entry->skb_list) || entry->seq != seq ||
-                   entry->rx_queue != rx_queue ||
-                   entry->last_frag + 1 != frag)
-                       continue;
-
-               f_hdr = (struct ieee80211_hdr *) entry->skb_list.next->data;
-               f_fc = le16_to_cpu(f_hdr->frame_control);
-
-               if ((fc & IEEE80211_FCTL_FTYPE) != (f_fc & IEEE80211_FCTL_FTYPE) ||
-                   compare_ether_addr(hdr->addr1, f_hdr->addr1) != 0 ||
-                   compare_ether_addr(hdr->addr2, f_hdr->addr2) != 0)
-                       continue;
-
-               if (entry->first_frag_time + 2 * HZ < jiffies) {
-                       __skb_queue_purge(&entry->skb_list);
-                       continue;
-               }
-               return entry;
-       }
-
-       return NULL;
-}
-
-static ieee80211_txrx_result
-ieee80211_rx_h_defragment(struct ieee80211_txrx_data *rx)
-{
-       struct ieee80211_hdr *hdr;
-       u16 sc;
-       unsigned int frag, seq;
-       struct ieee80211_fragment_entry *entry;
-       struct sk_buff *skb;
-
-       hdr = (struct ieee80211_hdr *) rx->skb->data;
-       sc = le16_to_cpu(hdr->seq_ctrl);
-       frag = sc & IEEE80211_SCTL_FRAG;
-
-       if (likely((!(rx->fc & IEEE80211_FCTL_MOREFRAGS) && frag == 0) ||
-                  (rx->skb)->len < 24 ||
-                  is_multicast_ether_addr(hdr->addr1))) {
-               /* not fragmented */
-               goto out;
-       }
-       I802_DEBUG_INC(rx->local->rx_handlers_fragments);
-
-       seq = (sc & IEEE80211_SCTL_SEQ) >> 4;
-
-       if (frag == 0) {
-               /* This is the first fragment of a new frame. */
-               entry = ieee80211_reassemble_add(rx->sdata, frag, seq,
-                                                rx->u.rx.queue, &(rx->skb));
-               if (rx->key && rx->key->conf.alg == ALG_CCMP &&
-                   (rx->fc & IEEE80211_FCTL_PROTECTED)) {
-                       /* Store CCMP PN so that we can verify that the next
-                        * fragment has a sequential PN value. */
-                       entry->ccmp = 1;
-                       memcpy(entry->last_pn,
-                              rx->key->u.ccmp.rx_pn[rx->u.rx.queue],
-                              CCMP_PN_LEN);
-               }
-               return TXRX_QUEUED;
-       }
-
-       /* This is a fragment for a frame that should already be pending in
-        * fragment cache. Add this fragment to the end of the pending entry.
-        */
-       entry = ieee80211_reassemble_find(rx->sdata, rx->fc, frag, seq,
-                                         rx->u.rx.queue, hdr);
-       if (!entry) {
-               I802_DEBUG_INC(rx->local->rx_handlers_drop_defrag);
-               return TXRX_DROP;
-       }
-
-       /* Verify that MPDUs within one MSDU have sequential PN values.
-        * (IEEE 802.11i, 8.3.3.4.5) */
-       if (entry->ccmp) {
-               int i;
-               u8 pn[CCMP_PN_LEN], *rpn;
-               if (!rx->key || rx->key->conf.alg != ALG_CCMP)
-                       return TXRX_DROP;
-               memcpy(pn, entry->last_pn, CCMP_PN_LEN);
-               for (i = CCMP_PN_LEN - 1; i >= 0; i--) {
-                       pn[i]++;
-                       if (pn[i])
-                               break;
-               }
-               rpn = rx->key->u.ccmp.rx_pn[rx->u.rx.queue];
-               if (memcmp(pn, rpn, CCMP_PN_LEN) != 0) {
-                       if (net_ratelimit())
-                               printk(KERN_DEBUG "%s: defrag: CCMP PN not "
-                                      "sequential A2=" MAC_FMT
-                                      " PN=%02x%02x%02x%02x%02x%02x "
-                                      "(expected %02x%02x%02x%02x%02x%02x)\n",
-                                      rx->dev->name, MAC_ARG(hdr->addr2),
-                                      rpn[0], rpn[1], rpn[2], rpn[3], rpn[4],
-                                      rpn[5], pn[0], pn[1], pn[2], pn[3],
-                                      pn[4], pn[5]);
-                       return TXRX_DROP;
-               }
-               memcpy(entry->last_pn, pn, CCMP_PN_LEN);
-       }
-
-       skb_pull(rx->skb, ieee80211_get_hdrlen(rx->fc));
-       __skb_queue_tail(&entry->skb_list, rx->skb);
-       entry->last_frag = frag;
-       entry->extra_len += rx->skb->len;
-       if (rx->fc & IEEE80211_FCTL_MOREFRAGS) {
-               rx->skb = NULL;
-               return TXRX_QUEUED;
-       }
-
-       rx->skb = __skb_dequeue(&entry->skb_list);
-       if (skb_tailroom(rx->skb) < entry->extra_len) {
-               I802_DEBUG_INC(rx->local->rx_expand_skb_head2);
-               if (unlikely(pskb_expand_head(rx->skb, 0, entry->extra_len,
-                                             GFP_ATOMIC))) {
-                       I802_DEBUG_INC(rx->local->rx_handlers_drop_defrag);
-                       __skb_queue_purge(&entry->skb_list);
-                       return TXRX_DROP;
-               }
-       }
-       while ((skb = __skb_dequeue(&entry->skb_list))) {
-               memcpy(skb_put(rx->skb, skb->len), skb->data, skb->len);
-               dev_kfree_skb(skb);
-       }
-
-       /* Complete frame has been reassembled - process it now */
-       rx->flags |= IEEE80211_TXRXD_FRAGMENTED;
-
- out:
-       if (rx->sta)
-               rx->sta->rx_packets++;
-       if (is_multicast_ether_addr(hdr->addr1))
-               rx->local->dot11MulticastReceivedFrameCount++;
-       else
-               ieee80211_led_rx(rx->local);
-       return TXRX_CONTINUE;
-}
-
-static ieee80211_txrx_result
-ieee80211_rx_h_ps_poll(struct ieee80211_txrx_data *rx)
-{
-       struct sk_buff *skb;
-       int no_pending_pkts;
-
-       if (likely(!rx->sta ||
-                  (rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_CTL ||
-                  (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_PSPOLL ||
-                  !(rx->flags & IEEE80211_TXRXD_RXRA_MATCH)))
-               return TXRX_CONTINUE;
-
-       skb = skb_dequeue(&rx->sta->tx_filtered);
-       if (!skb) {
-               skb = skb_dequeue(&rx->sta->ps_tx_buf);
-               if (skb)
-                       rx->local->total_ps_buffered--;
-       }
-       no_pending_pkts = skb_queue_empty(&rx->sta->tx_filtered) &&
-               skb_queue_empty(&rx->sta->ps_tx_buf);
-
-       if (skb) {
-               struct ieee80211_hdr *hdr =
-                       (struct ieee80211_hdr *) skb->data;
-
-               /* tell TX path to send one frame even though the STA may
-                * still remain is PS mode after this frame exchange */
-               rx->sta->pspoll = 1;
-
-#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
-               printk(KERN_DEBUG "STA " MAC_FMT " aid %d: PS Poll (entries "
-                      "after %d)\n",
-                      MAC_ARG(rx->sta->addr), rx->sta->aid,
-                      skb_queue_len(&rx->sta->ps_tx_buf));
-#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
-
-               /* Use MoreData flag to indicate whether there are more
-                * buffered frames for this STA */
-               if (no_pending_pkts) {
-                       hdr->frame_control &= cpu_to_le16(~IEEE80211_FCTL_MOREDATA);
-                       rx->sta->flags &= ~WLAN_STA_TIM;
-               } else
-                       hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_MOREDATA);
-
-               dev_queue_xmit(skb);
-
-               if (no_pending_pkts) {
-                       if (rx->local->ops->set_tim)
-                               rx->local->ops->set_tim(local_to_hw(rx->local),
-                                                      rx->sta->aid, 0);
-                       if (rx->sdata->bss)
-                               bss_tim_clear(rx->local, rx->sdata->bss, rx->sta->aid);
-               }
-#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
-       } else if (!rx->u.rx.sent_ps_buffered) {
-               printk(KERN_DEBUG "%s: STA " MAC_FMT " sent PS Poll even "
-                      "though there is no buffered frames for it\n",
-                      rx->dev->name, MAC_ARG(rx->sta->addr));
-#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
-
-       }
-
-       /* Free PS Poll skb here instead of returning TXRX_DROP that would
-        * count as an dropped frame. */
-       dev_kfree_skb(rx->skb);
-
-       return TXRX_QUEUED;
-}
-
-static ieee80211_txrx_result
-ieee80211_rx_h_remove_qos_control(struct ieee80211_txrx_data *rx)
-{
-       u16 fc = rx->fc;
-       u8 *data = rx->skb->data;
-       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) data;
-
-       if (!WLAN_FC_IS_QOS_DATA(fc))
-               return TXRX_CONTINUE;
-
-       /* remove the qos control field, update frame type and meta-data */
-       memmove(data + 2, data, ieee80211_get_hdrlen(fc) - 2);
-       hdr = (struct ieee80211_hdr *) skb_pull(rx->skb, 2);
-       /* change frame type to non QOS */
-       rx->fc = fc &= ~IEEE80211_STYPE_QOS_DATA;
-       hdr->frame_control = cpu_to_le16(fc);
-
-       return TXRX_CONTINUE;
-}
-
-static ieee80211_txrx_result
-ieee80211_rx_h_802_1x_pae(struct ieee80211_txrx_data *rx)
-{
-       if (rx->sdata->eapol && ieee80211_is_eapol(rx->skb) &&
-           rx->sdata->type != IEEE80211_IF_TYPE_STA &&
-           (rx->flags & IEEE80211_TXRXD_RXRA_MATCH))
-               return TXRX_CONTINUE;
-
-       if (unlikely(rx->sdata->ieee802_1x &&
-                    (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
-                    (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_NULLFUNC &&
-                    (!rx->sta || !(rx->sta->flags & WLAN_STA_AUTHORIZED)) &&
-                    !ieee80211_is_eapol(rx->skb))) {
-#ifdef CONFIG_MAC80211_DEBUG
-               struct ieee80211_hdr *hdr =
-                       (struct ieee80211_hdr *) rx->skb->data;
-               printk(KERN_DEBUG "%s: dropped frame from " MAC_FMT
-                      " (unauthorized port)\n", rx->dev->name,
-                      MAC_ARG(hdr->addr2));
-#endif /* CONFIG_MAC80211_DEBUG */
-               return TXRX_DROP;
-       }
-
-       return TXRX_CONTINUE;
-}
-
-static ieee80211_txrx_result
-ieee80211_rx_h_drop_unencrypted(struct ieee80211_txrx_data *rx)
-{
-       /*
-        * Pass through unencrypted frames if the hardware has
-        * decrypted them already.
-        */
-       if (rx->u.rx.status->flag & RX_FLAG_DECRYPTED)
-               return TXRX_CONTINUE;
-
-       /* Drop unencrypted frames if key is set. */
-       if (unlikely(!(rx->fc & IEEE80211_FCTL_PROTECTED) &&
-                    (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
-                    (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_NULLFUNC &&
-                    rx->sdata->drop_unencrypted &&
-                    (rx->sdata->eapol == 0 || !ieee80211_is_eapol(rx->skb)))) {
-               if (net_ratelimit())
-                       printk(KERN_DEBUG "%s: RX non-WEP frame, but expected "
-                              "encryption\n", rx->dev->name);
-               return TXRX_DROP;
-       }
-       return TXRX_CONTINUE;
-}
-
-static ieee80211_txrx_result
-ieee80211_rx_h_data(struct ieee80211_txrx_data *rx)
-{
-       struct net_device *dev = rx->dev;
-       struct ieee80211_local *local = rx->local;
-       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
-       u16 fc, hdrlen, ethertype;
-       u8 *payload;
-       u8 dst[ETH_ALEN];
-       u8 src[ETH_ALEN];
-       struct sk_buff *skb = rx->skb, *skb2;
-       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-
-       fc = rx->fc;
-       if (unlikely((fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA))
-               return TXRX_CONTINUE;
-
-       if (unlikely(!WLAN_FC_DATA_PRESENT(fc)))
-               return TXRX_DROP;
-
-       hdrlen = ieee80211_get_hdrlen(fc);
-
-       /* convert IEEE 802.11 header + possible LLC headers into Ethernet
-        * header
-        * IEEE 802.11 address fields:
-        * ToDS FromDS Addr1 Addr2 Addr3 Addr4
-        *   0     0   DA    SA    BSSID n/a
-        *   0     1   DA    BSSID SA    n/a
-        *   1     0   BSSID SA    DA    n/a
-        *   1     1   RA    TA    DA    SA
-        */
-
-       switch (fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) {
-       case IEEE80211_FCTL_TODS:
-               /* BSSID SA DA */
-               memcpy(dst, hdr->addr3, ETH_ALEN);
-               memcpy(src, hdr->addr2, ETH_ALEN);
-
-               if (unlikely(sdata->type != IEEE80211_IF_TYPE_AP &&
-                            sdata->type != IEEE80211_IF_TYPE_VLAN)) {
-                       if (net_ratelimit())
-                               printk(KERN_DEBUG "%s: dropped ToDS frame "
-                                      "(BSSID=" MAC_FMT
-                                      " SA=" MAC_FMT
-                                      " DA=" MAC_FMT ")\n",
-                                      dev->name,
-                                      MAC_ARG(hdr->addr1),
-                                      MAC_ARG(hdr->addr2),
-                                      MAC_ARG(hdr->addr3));
-                       return TXRX_DROP;
-               }
-               break;
-       case (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS):
-               /* RA TA DA SA */
-               memcpy(dst, hdr->addr3, ETH_ALEN);
-               memcpy(src, hdr->addr4, ETH_ALEN);
-
-               if (unlikely(sdata->type != IEEE80211_IF_TYPE_WDS)) {
-                       if (net_ratelimit())
-                               printk(KERN_DEBUG "%s: dropped FromDS&ToDS "
-                                      "frame (RA=" MAC_FMT
-                                      " TA=" MAC_FMT " DA=" MAC_FMT
-                                      " SA=" MAC_FMT ")\n",
-                                      rx->dev->name,
-                                      MAC_ARG(hdr->addr1),
-                                      MAC_ARG(hdr->addr2),
-                                      MAC_ARG(hdr->addr3),
-                                      MAC_ARG(hdr->addr4));
-                       return TXRX_DROP;
-               }
-               break;
-       case IEEE80211_FCTL_FROMDS:
-               /* DA BSSID SA */
-               memcpy(dst, hdr->addr1, ETH_ALEN);
-               memcpy(src, hdr->addr3, ETH_ALEN);
-
-               if (sdata->type != IEEE80211_IF_TYPE_STA ||
-                   (is_multicast_ether_addr(dst) &&
-                    !compare_ether_addr(src, dev->dev_addr)))
-                       return TXRX_DROP;
-               break;
-       case 0:
-               /* DA SA BSSID */
-               memcpy(dst, hdr->addr1, ETH_ALEN);
-               memcpy(src, hdr->addr2, ETH_ALEN);
-
-               if (sdata->type != IEEE80211_IF_TYPE_IBSS) {
-                       if (net_ratelimit()) {
-                               printk(KERN_DEBUG "%s: dropped IBSS frame (DA="
-                                      MAC_FMT " SA=" MAC_FMT " BSSID=" MAC_FMT
-                                      ")\n",
-                                      dev->name, MAC_ARG(hdr->addr1),
-                                      MAC_ARG(hdr->addr2),
-                                      MAC_ARG(hdr->addr3));
-                       }
-                       return TXRX_DROP;
-               }
-               break;
-       }
-
-       payload = skb->data + hdrlen;
-
-       if (unlikely(skb->len - hdrlen < 8)) {
-               if (net_ratelimit()) {
-                       printk(KERN_DEBUG "%s: RX too short data frame "
-                              "payload\n", dev->name);
-               }
-               return TXRX_DROP;
-       }
-
-       ethertype = (payload[6] << 8) | payload[7];
-
-       if (likely((compare_ether_addr(payload, rfc1042_header) == 0 &&
-                   ethertype != ETH_P_AARP && ethertype != ETH_P_IPX) ||
-                  compare_ether_addr(payload, bridge_tunnel_header) == 0)) {
-               /* remove RFC1042 or Bridge-Tunnel encapsulation and
-                * replace EtherType */
-               skb_pull(skb, hdrlen + 6);
-               memcpy(skb_push(skb, ETH_ALEN), src, ETH_ALEN);
-               memcpy(skb_push(skb, ETH_ALEN), dst, ETH_ALEN);
-       } else {
-               struct ethhdr *ehdr;
-               __be16 len;
-               skb_pull(skb, hdrlen);
-               len = htons(skb->len);
-               ehdr = (struct ethhdr *) skb_push(skb, sizeof(struct ethhdr));
-               memcpy(ehdr->h_dest, dst, ETH_ALEN);
-               memcpy(ehdr->h_source, src, ETH_ALEN);
-               ehdr->h_proto = len;
-       }
-       skb->dev = dev;
-
-       skb2 = NULL;
-
-       dev->stats.rx_packets++;
-       dev->stats.rx_bytes += skb->len;
-
-       if (local->bridge_packets && (sdata->type == IEEE80211_IF_TYPE_AP
-           || sdata->type == IEEE80211_IF_TYPE_VLAN) &&
-           (rx->flags & IEEE80211_TXRXD_RXRA_MATCH)) {
-               if (is_multicast_ether_addr(skb->data)) {
-                       /* send multicast frames both to higher layers in
-                        * local net stack and back to the wireless media */
-                       skb2 = skb_copy(skb, GFP_ATOMIC);
-                       if (!skb2 && net_ratelimit())
-                               printk(KERN_DEBUG "%s: failed to clone "
-                                      "multicast frame\n", dev->name);
-               } else {
-                       struct sta_info *dsta;
-                       dsta = sta_info_get(local, skb->data);
-                       if (dsta && !dsta->dev) {
-                               if (net_ratelimit())
-                                       printk(KERN_DEBUG "Station with null "
-                                              "dev structure!\n");
-                       } else if (dsta && dsta->dev == dev) {
-                               /* Destination station is associated to this
-                                * AP, so send the frame directly to it and
-                                * do not pass the frame to local net stack.
-                                */
-                               skb2 = skb;
-                               skb = NULL;
-                       }
-                       if (dsta)
-                               sta_info_put(dsta);
-               }
-       }
-
-       if (skb) {
-               /* deliver to local stack */
-               skb->protocol = eth_type_trans(skb, dev);
-               memset(skb->cb, 0, sizeof(skb->cb));
-               netif_rx(skb);
-       }
-
-       if (skb2) {
-               /* send to wireless media */
-               skb2->protocol = __constant_htons(ETH_P_802_3);
-               skb_set_network_header(skb2, 0);
-               skb_set_mac_header(skb2, 0);
-               dev_queue_xmit(skb2);
-       }
-
-       return TXRX_QUEUED;
-}
-
-static ieee80211_txrx_result
-ieee80211_rx_h_mgmt(struct ieee80211_txrx_data *rx)
-{
-       struct ieee80211_sub_if_data *sdata;
-
-       if (!(rx->flags & IEEE80211_TXRXD_RXRA_MATCH))
-               return TXRX_DROP;
-
-       sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev);
-       if ((sdata->type == IEEE80211_IF_TYPE_STA ||
-            sdata->type == IEEE80211_IF_TYPE_IBSS) &&
-           !(sdata->flags & IEEE80211_SDATA_USERSPACE_MLME))
-               ieee80211_sta_rx_mgmt(rx->dev, rx->skb, rx->u.rx.status);
-       else
-               return TXRX_DROP;
-
-       return TXRX_QUEUED;
-}
-
-static inline ieee80211_txrx_result __ieee80211_invoke_rx_handlers(
-                               struct ieee80211_local *local,
-                               ieee80211_rx_handler *handlers,
-                               struct ieee80211_txrx_data *rx,
-                               struct sta_info *sta)
-{
-       ieee80211_rx_handler *handler;
-       ieee80211_txrx_result res = TXRX_DROP;
-
-       for (handler = handlers; *handler != NULL; handler++) {
-               res = (*handler)(rx);
-
-               switch (res) {
-               case TXRX_CONTINUE:
-                       continue;
-               case TXRX_DROP:
-                       I802_DEBUG_INC(local->rx_handlers_drop);
-                       if (sta)
-                               sta->rx_dropped++;
-                       break;
-               case TXRX_QUEUED:
-                       I802_DEBUG_INC(local->rx_handlers_queued);
-                       break;
-               }
-               break;
-       }
-
-       if (res == TXRX_DROP)
-               dev_kfree_skb(rx->skb);
-       return res;
-}
-
-static inline void ieee80211_invoke_rx_handlers(struct ieee80211_local *local,
-                                               ieee80211_rx_handler *handlers,
-                                               struct ieee80211_txrx_data *rx,
-                                               struct sta_info *sta)
-{
-       if (__ieee80211_invoke_rx_handlers(local, handlers, rx, sta) ==
-           TXRX_CONTINUE)
-               dev_kfree_skb(rx->skb);
-}
-
-static void ieee80211_rx_michael_mic_report(struct net_device *dev,
-                                           struct ieee80211_hdr *hdr,
-                                           struct sta_info *sta,
-                                           struct ieee80211_txrx_data *rx)
-{
-       int keyidx, hdrlen;
-
-       hdrlen = ieee80211_get_hdrlen_from_skb(rx->skb);
-       if (rx->skb->len >= hdrlen + 4)
-               keyidx = rx->skb->data[hdrlen + 3] >> 6;
-       else
-               keyidx = -1;
-
-       if (net_ratelimit())
-               printk(KERN_DEBUG "%s: TKIP hwaccel reported Michael MIC "
-                      "failure from " MAC_FMT " to " MAC_FMT " keyidx=%d\n",
-                      dev->name, MAC_ARG(hdr->addr2), MAC_ARG(hdr->addr1),
-                      keyidx);
-
-       if (!sta) {
-               /*
-                * Some hardware seem to generate incorrect Michael MIC
-                * reports; ignore them to avoid triggering countermeasures.
-                */
-               if (net_ratelimit())
-                       printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
-                              "error for unknown address " MAC_FMT "\n",
-                              dev->name, MAC_ARG(hdr->addr2));
-               goto ignore;
-       }
-
-       if (!(rx->fc & IEEE80211_FCTL_PROTECTED)) {
-               if (net_ratelimit())
-                       printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
-                              "error for a frame with no PROTECTED flag (src "
-                              MAC_FMT ")\n", dev->name, MAC_ARG(hdr->addr2));
-               goto ignore;
-       }
-
-       if (rx->sdata->type == IEEE80211_IF_TYPE_AP && keyidx) {
-               /*
-                * APs with pairwise keys should never receive Michael MIC
-                * errors for non-zero keyidx because these are reserved for
-                * group keys and only the AP is sending real multicast
-                * frames in the BSS.
-                */
-               if (net_ratelimit())
-                       printk(KERN_DEBUG "%s: ignored Michael MIC error for "
-                              "a frame with non-zero keyidx (%d)"
-                              " (src " MAC_FMT ")\n", dev->name, keyidx,
-                              MAC_ARG(hdr->addr2));
-               goto ignore;
-       }
-
-       if ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA &&
-           ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT ||
-            (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_AUTH)) {
-               if (net_ratelimit())
-                       printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
-                              "error for a frame that cannot be encrypted "
-                              "(fc=0x%04x) (src " MAC_FMT ")\n",
-                              dev->name, rx->fc, MAC_ARG(hdr->addr2));
-               goto ignore;
-       }
-
-       mac80211_ev_michael_mic_failure(rx->dev, keyidx, hdr);
- ignore:
-       dev_kfree_skb(rx->skb);
-       rx->skb = NULL;
-}
-
-ieee80211_rx_handler ieee80211_rx_handlers[] =
-{
-       ieee80211_rx_h_if_stats,
-       ieee80211_rx_h_passive_scan,
-       ieee80211_rx_h_check,
-       ieee80211_rx_h_decrypt,
-       ieee80211_rx_h_sta_process,
-       ieee80211_rx_h_defragment,
-       ieee80211_rx_h_ps_poll,
-       ieee80211_rx_h_michael_mic_verify,
-       /* this must be after decryption - so header is counted in MPDU mic
-        * must be before pae and data, so QOS_DATA format frames
-        * are not passed to user space by these functions
-        */
-       ieee80211_rx_h_remove_qos_control,
-       ieee80211_rx_h_802_1x_pae,
-       ieee80211_rx_h_drop_unencrypted,
-       ieee80211_rx_h_data,
-       ieee80211_rx_h_mgmt,
-       NULL
-};
-
-/* main receive path */
-
-static int prepare_for_handlers(struct ieee80211_sub_if_data *sdata,
-                               u8 *bssid, struct ieee80211_txrx_data *rx,
-                               struct ieee80211_hdr *hdr)
-{
-       int multicast = is_multicast_ether_addr(hdr->addr1);
-
-       switch (sdata->type) {
-       case IEEE80211_IF_TYPE_STA:
-               if (!bssid)
-                       return 0;
-               if (!ieee80211_bssid_match(bssid, sdata->u.sta.bssid)) {
-                       if (!(rx->flags & IEEE80211_TXRXD_RXIN_SCAN))
-                               return 0;
-                       rx->flags &= ~IEEE80211_TXRXD_RXRA_MATCH;
-               } else if (!multicast &&
-                          compare_ether_addr(sdata->dev->dev_addr,
-                                             hdr->addr1) != 0) {
-                       if (!(sdata->dev->flags & IFF_PROMISC))
-                               return 0;
-                       rx->flags &= ~IEEE80211_TXRXD_RXRA_MATCH;
-               }
-               break;
-       case IEEE80211_IF_TYPE_IBSS:
-               if (!bssid)
-                       return 0;
-               if (!ieee80211_bssid_match(bssid, sdata->u.sta.bssid)) {
-                       if (!(rx->flags & IEEE80211_TXRXD_RXIN_SCAN))
-                               return 0;
-                       rx->flags &= ~IEEE80211_TXRXD_RXRA_MATCH;
-               } else if (!multicast &&
-                          compare_ether_addr(sdata->dev->dev_addr,
-                                             hdr->addr1) != 0) {
-                       if (!(sdata->dev->flags & IFF_PROMISC))
-                               return 0;
-                       rx->flags &= ~IEEE80211_TXRXD_RXRA_MATCH;
-               } else if (!rx->sta)
-                       rx->sta = ieee80211_ibss_add_sta(sdata->dev, rx->skb,
-                                                        bssid, hdr->addr2);
-               break;
-       case IEEE80211_IF_TYPE_VLAN:
-       case IEEE80211_IF_TYPE_AP:
-               if (!bssid) {
-                       if (compare_ether_addr(sdata->dev->dev_addr,
-                                              hdr->addr1))
-                               return 0;
-               } else if (!ieee80211_bssid_match(bssid,
-                                       sdata->dev->dev_addr)) {
-                       if (!(rx->flags & IEEE80211_TXRXD_RXIN_SCAN))
-                               return 0;
-                       rx->flags &= ~IEEE80211_TXRXD_RXRA_MATCH;
-               }
-               if (sdata->dev == sdata->local->mdev &&
-                   !(rx->flags & IEEE80211_TXRXD_RXIN_SCAN))
-                       /* do not receive anything via
-                        * master device when not scanning */
-                       return 0;
-               break;
-       case IEEE80211_IF_TYPE_WDS:
-               if (bssid ||
-                   (rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA)
-                       return 0;
-               if (compare_ether_addr(sdata->u.wds.remote_addr, hdr->addr2))
-                       return 0;
-               break;
-       case IEEE80211_IF_TYPE_MNTR:
-               /* take everything */
-               break;
-       case IEEE80211_IF_TYPE_INVALID:
-               /* should never get here */
-               WARN_ON(1);
-               break;
-       }
-
-       return 1;
-}
-
-/*
- * This is the receive path handler. It is called by a low level driver when an
- * 802.11 MPDU is received from the hardware.
- */
-void __ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb,
-                   struct ieee80211_rx_status *status)
-{
-       struct ieee80211_local *local = hw_to_local(hw);
-       struct ieee80211_sub_if_data *sdata;
-       struct sta_info *sta;
-       struct ieee80211_hdr *hdr;
-       struct ieee80211_txrx_data rx;
-       u16 type;
-       int prepres;
-       struct ieee80211_sub_if_data *prev = NULL;
-       struct sk_buff *skb_new;
-       u8 *bssid;
-
-       /*
-        * key references and virtual interfaces are protected using RCU
-        * and this requires that we are in a read-side RCU section during
-        * receive processing
-        */
-       rcu_read_lock();
-
-       /*
-        * Frames with failed FCS/PLCP checksum are not returned,
-        * all other frames are returned without radiotap header
-        * if it was previously present.
-        * Also, frames with less than 16 bytes are dropped.
-        */
-       skb = ieee80211_rx_monitor(local, skb, status);
-       if (!skb) {
-               rcu_read_unlock();
-               return;
-       }
-
-       hdr = (struct ieee80211_hdr *) skb->data;
-       memset(&rx, 0, sizeof(rx));
-       rx.skb = skb;
-       rx.local = local;
-
-       rx.u.rx.status = status;
-       rx.fc = le16_to_cpu(hdr->frame_control);
-       type = rx.fc & IEEE80211_FCTL_FTYPE;
-
-       if (type == IEEE80211_FTYPE_DATA || type == IEEE80211_FTYPE_MGMT)
-               local->dot11ReceivedFragmentCount++;
-
-       sta = rx.sta = sta_info_get(local, hdr->addr2);
-       if (sta) {
-               rx.dev = rx.sta->dev;
-               rx.sdata = IEEE80211_DEV_TO_SUB_IF(rx.dev);
-       }
-
-       if ((status->flag & RX_FLAG_MMIC_ERROR)) {
-               ieee80211_rx_michael_mic_report(local->mdev, hdr, sta, &rx);
-               goto end;
-       }
-
-       if (unlikely(local->sta_scanning))
-               rx.flags |= IEEE80211_TXRXD_RXIN_SCAN;
-
-       if (__ieee80211_invoke_rx_handlers(local, local->rx_pre_handlers, &rx,
-                                          sta) != TXRX_CONTINUE)
-               goto end;
-       skb = rx.skb;
-
-       if (sta && !(sta->flags & (WLAN_STA_WDS | WLAN_STA_ASSOC_AP)) &&
-           !atomic_read(&local->iff_promiscs) &&
-           !is_multicast_ether_addr(hdr->addr1)) {
-               rx.flags |= IEEE80211_TXRXD_RXRA_MATCH;
-               ieee80211_invoke_rx_handlers(local, local->rx_handlers, &rx,
-                                            rx.sta);
-               sta_info_put(sta);
-               rcu_read_unlock();
-               return;
-       }
-
-       bssid = ieee80211_get_bssid(hdr, skb->len);
-
-       list_for_each_entry_rcu(sdata, &local->interfaces, list) {
-               if (!netif_running(sdata->dev))
-                       continue;
-
-               if (sdata->type == IEEE80211_IF_TYPE_MNTR)
-                       continue;
-
-               rx.flags |= IEEE80211_TXRXD_RXRA_MATCH;
-               prepres = prepare_for_handlers(sdata, bssid, &rx, hdr);
-               /* prepare_for_handlers can change sta */
-               sta = rx.sta;
-
-               if (!prepres)
-                       continue;
-
-               /*
-                * frame is destined for this interface, but if it's not
-                * also for the previous one we handle that after the
-                * loop to avoid copying the SKB once too much
-                */
-
-               if (!prev) {
-                       prev = sdata;
-                       continue;
-               }
-
-               /*
-                * frame was destined for the previous interface
-                * so invoke RX handlers for it
-                */
-
-               skb_new = skb_copy(skb, GFP_ATOMIC);
-               if (!skb_new) {
-                       if (net_ratelimit())
-                               printk(KERN_DEBUG "%s: failed to copy "
-                                      "multicast frame for %s",
-                                      wiphy_name(local->hw.wiphy),
-                                      prev->dev->name);
-                       continue;
-               }
-               rx.skb = skb_new;
-               rx.dev = prev->dev;
-               rx.sdata = prev;
-               ieee80211_invoke_rx_handlers(local, local->rx_handlers,
-                                            &rx, sta);
-               prev = sdata;
-       }
-       if (prev) {
-               rx.skb = skb;
-               rx.dev = prev->dev;
-               rx.sdata = prev;
-               ieee80211_invoke_rx_handlers(local, local->rx_handlers,
-                                            &rx, sta);
-       } else
-               dev_kfree_skb(skb);
-
- end:
-       rcu_read_unlock();
-
-       if (sta)
-               sta_info_put(sta);
-}
-EXPORT_SYMBOL(__ieee80211_rx);
-
-/* This is a version of the rx handler that can be called from hard irq
- * context. Post the skb on the queue and schedule the tasklet */
-void ieee80211_rx_irqsafe(struct ieee80211_hw *hw, struct sk_buff *skb,
-                         struct ieee80211_rx_status *status)
-{
-       struct ieee80211_local *local = hw_to_local(hw);
-
-       BUILD_BUG_ON(sizeof(struct ieee80211_rx_status) > sizeof(skb->cb));
-
-       skb->dev = local->mdev;
-       /* copy status into skb->cb for use by tasklet */
-       memcpy(skb->cb, status, sizeof(*status));
-       skb->pkt_type = IEEE80211_RX_MSG;
-       skb_queue_tail(&local->skb_queue, skb);
-       tasklet_schedule(&local->tasklet);
-}
-EXPORT_SYMBOL(ieee80211_rx_irqsafe);
 
+++ /dev/null
-/*
- * Copyright 2002-2005, Instant802 Networks, Inc.
- * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-#include <linux/module.h>
-#include <linux/init.h>
-#include <linux/netdevice.h>
-#include <linux/types.h>
-#include <linux/slab.h>
-#include <linux/skbuff.h>
-#include <linux/if_arp.h>
-
-#include <net/mac80211.h>
-#include "ieee80211_i.h"
-#include "ieee80211_rate.h"
-#include "sta_info.h"
-#include "debugfs_sta.h"
-
-/* Caller must hold local->sta_lock */
-static void sta_info_hash_add(struct ieee80211_local *local,
-                             struct sta_info *sta)
-{
-       sta->hnext = local->sta_hash[STA_HASH(sta->addr)];
-       local->sta_hash[STA_HASH(sta->addr)] = sta;
-}
-
-
-/* Caller must hold local->sta_lock */
-static int sta_info_hash_del(struct ieee80211_local *local,
-                            struct sta_info *sta)
-{
-       struct sta_info *s;
-
-       s = local->sta_hash[STA_HASH(sta->addr)];
-       if (!s)
-               return -ENOENT;
-       if (s == sta) {
-               local->sta_hash[STA_HASH(sta->addr)] = s->hnext;
-               return 0;
-       }
-
-       while (s->hnext && s->hnext != sta)
-               s = s->hnext;
-       if (s->hnext) {
-               s->hnext = sta->hnext;
-               return 0;
-       }
-
-       return -ENOENT;
-}
-
-struct sta_info *sta_info_get(struct ieee80211_local *local, u8 *addr)
-{
-       struct sta_info *sta;
-
-       read_lock_bh(&local->sta_lock);
-       sta = local->sta_hash[STA_HASH(addr)];
-       while (sta) {
-               if (memcmp(sta->addr, addr, ETH_ALEN) == 0) {
-                       __sta_info_get(sta);
-                       break;
-               }
-               sta = sta->hnext;
-       }
-       read_unlock_bh(&local->sta_lock);
-
-       return sta;
-}
-EXPORT_SYMBOL(sta_info_get);
-
-int sta_info_min_txrate_get(struct ieee80211_local *local)
-{
-       struct sta_info *sta;
-       struct ieee80211_hw_mode *mode;
-       int min_txrate = 9999999;
-       int i;
-
-       read_lock_bh(&local->sta_lock);
-       mode = local->oper_hw_mode;
-       for (i = 0; i < STA_HASH_SIZE; i++) {
-               sta = local->sta_hash[i];
-               while (sta) {
-                       if (sta->txrate < min_txrate)
-                               min_txrate = sta->txrate;
-                       sta = sta->hnext;
-               }
-       }
-       read_unlock_bh(&local->sta_lock);
-       if (min_txrate == 9999999)
-               min_txrate = 0;
-
-       return mode->rates[min_txrate].rate;
-}
-
-
-static void sta_info_release(struct kref *kref)
-{
-       struct sta_info *sta = container_of(kref, struct sta_info, kref);
-       struct ieee80211_local *local = sta->local;
-       struct sk_buff *skb;
-
-       /* free sta structure; it has already been removed from
-        * hash table etc. external structures. Make sure that all
-        * buffered frames are release (one might have been added
-        * after sta_info_free() was called). */
-       while ((skb = skb_dequeue(&sta->ps_tx_buf)) != NULL) {
-               local->total_ps_buffered--;
-               dev_kfree_skb_any(skb);
-       }
-       while ((skb = skb_dequeue(&sta->tx_filtered)) != NULL) {
-               dev_kfree_skb_any(skb);
-       }
-       rate_control_free_sta(sta->rate_ctrl, sta->rate_ctrl_priv);
-       rate_control_put(sta->rate_ctrl);
-       kfree(sta);
-}
-
-
-void sta_info_put(struct sta_info *sta)
-{
-       kref_put(&sta->kref, sta_info_release);
-}
-EXPORT_SYMBOL(sta_info_put);
-
-
-struct sta_info * sta_info_add(struct ieee80211_local *local,
-                              struct net_device *dev, u8 *addr, gfp_t gfp)
-{
-       struct sta_info *sta;
-
-       sta = kzalloc(sizeof(*sta), gfp);
-       if (!sta)
-               return NULL;
-
-       kref_init(&sta->kref);
-
-       sta->rate_ctrl = rate_control_get(local->rate_ctrl);
-       sta->rate_ctrl_priv = rate_control_alloc_sta(sta->rate_ctrl, gfp);
-       if (!sta->rate_ctrl_priv) {
-               rate_control_put(sta->rate_ctrl);
-               kfree(sta);
-               return NULL;
-       }
-
-       memcpy(sta->addr, addr, ETH_ALEN);
-       sta->local = local;
-       sta->dev = dev;
-       skb_queue_head_init(&sta->ps_tx_buf);
-       skb_queue_head_init(&sta->tx_filtered);
-       __sta_info_get(sta);    /* sta used by caller, decremented by
-                                * sta_info_put() */
-       write_lock_bh(&local->sta_lock);
-       list_add(&sta->list, &local->sta_list);
-       local->num_sta++;
-       sta_info_hash_add(local, sta);
-       if (local->ops->sta_notify)
-               local->ops->sta_notify(local_to_hw(local), dev->ifindex,
-                                       STA_NOTIFY_ADD, addr);
-       write_unlock_bh(&local->sta_lock);
-
-#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
-       printk(KERN_DEBUG "%s: Added STA " MAC_FMT "\n",
-              wiphy_name(local->hw.wiphy), MAC_ARG(addr));
-#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
-
-#ifdef CONFIG_MAC80211_DEBUGFS
-       /* debugfs entry adding might sleep, so schedule process
-        * context task for adding entry for STAs that do not yet
-        * have one. */
-       queue_work(local->hw.workqueue, &local->sta_debugfs_add);
-#endif
-
-       return sta;
-}
-
-/* Caller must hold local->sta_lock */
-void sta_info_remove(struct sta_info *sta)
-{
-       struct ieee80211_local *local = sta->local;
-       struct ieee80211_sub_if_data *sdata;
-
-       /* don't do anything if we've been removed already */
-       if (sta_info_hash_del(local, sta))
-               return;
-
-       list_del(&sta->list);
-       sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev);
-       if (sta->flags & WLAN_STA_PS) {
-               sta->flags &= ~WLAN_STA_PS;
-               if (sdata->bss)
-                       atomic_dec(&sdata->bss->num_sta_ps);
-       }
-       local->num_sta--;
-       sta_info_remove_aid_ptr(sta);
-
-}
-
-void sta_info_free(struct sta_info *sta)
-{
-       struct sk_buff *skb;
-       struct ieee80211_local *local = sta->local;
-
-       might_sleep();
-
-       write_lock_bh(&local->sta_lock);
-       sta_info_remove(sta);
-       write_unlock_bh(&local->sta_lock);
-
-       while ((skb = skb_dequeue(&sta->ps_tx_buf)) != NULL) {
-               local->total_ps_buffered--;
-               dev_kfree_skb(skb);
-       }
-       while ((skb = skb_dequeue(&sta->tx_filtered)) != NULL) {
-               dev_kfree_skb(skb);
-       }
-
-#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
-       printk(KERN_DEBUG "%s: Removed STA " MAC_FMT "\n",
-              wiphy_name(local->hw.wiphy), MAC_ARG(sta->addr));
-#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
-
-       ieee80211_key_free(sta->key);
-       sta->key = NULL;
-
-       if (local->ops->sta_notify)
-               local->ops->sta_notify(local_to_hw(local), sta->dev->ifindex,
-                                       STA_NOTIFY_REMOVE, sta->addr);
-
-       rate_control_remove_sta_debugfs(sta);
-       ieee80211_sta_debugfs_remove(sta);
-
-       sta_info_put(sta);
-}
-
-
-static inline int sta_info_buffer_expired(struct ieee80211_local *local,
-                                         struct sta_info *sta,
-                                         struct sk_buff *skb)
-{
-       struct ieee80211_tx_packet_data *pkt_data;
-       int timeout;
-
-       if (!skb)
-               return 0;
-
-       pkt_data = (struct ieee80211_tx_packet_data *) skb->cb;
-
-       /* Timeout: (2 * listen_interval * beacon_int * 1024 / 1000000) sec */
-       timeout = (sta->listen_interval * local->hw.conf.beacon_int * 32 /
-                  15625) * HZ;
-       if (timeout < STA_TX_BUFFER_EXPIRE)
-               timeout = STA_TX_BUFFER_EXPIRE;
-       return time_after(jiffies, pkt_data->jiffies + timeout);
-}
-
-
-static void sta_info_cleanup_expire_buffered(struct ieee80211_local *local,
-                                            struct sta_info *sta)
-{
-       unsigned long flags;
-       struct sk_buff *skb;
-
-       if (skb_queue_empty(&sta->ps_tx_buf))
-               return;
-
-       for (;;) {
-               spin_lock_irqsave(&sta->ps_tx_buf.lock, flags);
-               skb = skb_peek(&sta->ps_tx_buf);
-               if (sta_info_buffer_expired(local, sta, skb)) {
-                       skb = __skb_dequeue(&sta->ps_tx_buf);
-                       if (skb_queue_empty(&sta->ps_tx_buf))
-                               sta->flags &= ~WLAN_STA_TIM;
-               } else
-                       skb = NULL;
-               spin_unlock_irqrestore(&sta->ps_tx_buf.lock, flags);
-
-               if (skb) {
-                       local->total_ps_buffered--;
-                       printk(KERN_DEBUG "Buffered frame expired (STA "
-                              MAC_FMT ")\n", MAC_ARG(sta->addr));
-                       dev_kfree_skb(skb);
-               } else
-                       break;
-       }
-}
-
-
-static void sta_info_cleanup(unsigned long data)
-{
-       struct ieee80211_local *local = (struct ieee80211_local *) data;
-       struct sta_info *sta;
-
-       read_lock_bh(&local->sta_lock);
-       list_for_each_entry(sta, &local->sta_list, list) {
-               __sta_info_get(sta);
-               sta_info_cleanup_expire_buffered(local, sta);
-               sta_info_put(sta);
-       }
-       read_unlock_bh(&local->sta_lock);
-
-       local->sta_cleanup.expires = jiffies + STA_INFO_CLEANUP_INTERVAL;
-       add_timer(&local->sta_cleanup);
-}
-
-#ifdef CONFIG_MAC80211_DEBUGFS
-static void sta_info_debugfs_add_task(struct work_struct *work)
-{
-       struct ieee80211_local *local =
-               container_of(work, struct ieee80211_local, sta_debugfs_add);
-       struct sta_info *sta, *tmp;
-
-       while (1) {
-               sta = NULL;
-               read_lock_bh(&local->sta_lock);
-               list_for_each_entry(tmp, &local->sta_list, list) {
-                       if (!tmp->debugfs.dir) {
-                               sta = tmp;
-                               __sta_info_get(sta);
-                               break;
-                       }
-               }
-               read_unlock_bh(&local->sta_lock);
-
-               if (!sta)
-                       break;
-
-               ieee80211_sta_debugfs_add(sta);
-               rate_control_add_sta_debugfs(sta);
-               sta_info_put(sta);
-       }
-}
-#endif
-
-void sta_info_init(struct ieee80211_local *local)
-{
-       rwlock_init(&local->sta_lock);
-       INIT_LIST_HEAD(&local->sta_list);
-
-       init_timer(&local->sta_cleanup);
-       local->sta_cleanup.expires = jiffies + STA_INFO_CLEANUP_INTERVAL;
-       local->sta_cleanup.data = (unsigned long) local;
-       local->sta_cleanup.function = sta_info_cleanup;
-
-#ifdef CONFIG_MAC80211_DEBUGFS
-       INIT_WORK(&local->sta_debugfs_add, sta_info_debugfs_add_task);
-#endif
-}
-
-int sta_info_start(struct ieee80211_local *local)
-{
-       add_timer(&local->sta_cleanup);
-       return 0;
-}
-
-void sta_info_stop(struct ieee80211_local *local)
-{
-       del_timer(&local->sta_cleanup);
-       sta_info_flush(local, NULL);
-}
-
-void sta_info_remove_aid_ptr(struct sta_info *sta)
-{
-       struct ieee80211_sub_if_data *sdata;
-
-       if (sta->aid <= 0)
-               return;
-
-       sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev);
-
-       if (sdata->local->ops->set_tim)
-               sdata->local->ops->set_tim(local_to_hw(sdata->local),
-                                         sta->aid, 0);
-       if (sdata->bss)
-               __bss_tim_clear(sdata->bss, sta->aid);
-}
-
-
-/**
- * sta_info_flush - flush matching STA entries from the STA table
- * @local: local interface data
- * @dev: matching rule for the net device (sta->dev) or %NULL to match all STAs
- */
-void sta_info_flush(struct ieee80211_local *local, struct net_device *dev)
-{
-       struct sta_info *sta, *tmp;
-       LIST_HEAD(tmp_list);
-
-       write_lock_bh(&local->sta_lock);
-       list_for_each_entry_safe(sta, tmp, &local->sta_list, list)
-               if (!dev || dev == sta->dev) {
-                       __sta_info_get(sta);
-                       sta_info_remove(sta);
-                       list_add_tail(&sta->list, &tmp_list);
-               }
-       write_unlock_bh(&local->sta_lock);
-
-       list_for_each_entry_safe(sta, tmp, &tmp_list, list) {
-               sta_info_free(sta);
-               sta_info_put(sta);
-       }
-}
 
+++ /dev/null
-/*
- * Copyright 2002-2005, Devicescape Software, Inc.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-#ifndef STA_INFO_H
-#define STA_INFO_H
-
-#include <linux/list.h>
-#include <linux/types.h>
-#include <linux/if_ether.h>
-#include <linux/kref.h>
-#include "ieee80211_key.h"
-
-/* Stations flags (struct sta_info::flags) */
-#define WLAN_STA_AUTH BIT(0)
-#define WLAN_STA_ASSOC BIT(1)
-#define WLAN_STA_PS BIT(2)
-#define WLAN_STA_TIM BIT(3) /* TIM bit is on for PS stations */
-#define WLAN_STA_PERM BIT(4) /* permanent; do not remove entry on expiration */
-#define WLAN_STA_AUTHORIZED BIT(5) /* If 802.1X is used, this flag is
-                                   * controlling whether STA is authorized to
-                                   * send and receive non-IEEE 802.1X frames
-                                   */
-#define WLAN_STA_SHORT_PREAMBLE BIT(7)
-/* whether this is an AP that we are associated with as a client */
-#define WLAN_STA_ASSOC_AP BIT(8)
-#define WLAN_STA_WME BIT(9)
-#define WLAN_STA_WDS BIT(27)
-
-
-struct sta_info {
-       struct kref kref;
-       struct list_head list;
-       struct sta_info *hnext; /* next entry in hash table list */
-
-       struct ieee80211_local *local;
-
-       u8 addr[ETH_ALEN];
-       u16 aid; /* STA's unique AID (1..2007), 0 = not yet assigned */
-       u32 flags; /* WLAN_STA_ */
-
-       struct sk_buff_head ps_tx_buf; /* buffer of TX frames for station in
-                                       * power saving state */
-       int pspoll; /* whether STA has send a PS Poll frame */
-       struct sk_buff_head tx_filtered; /* buffer of TX frames that were
-                                         * already given to low-level driver,
-                                         * but were filtered */
-       int clear_dst_mask;
-
-       unsigned long rx_packets, tx_packets; /* number of RX/TX MSDUs */
-       unsigned long rx_bytes, tx_bytes;
-       unsigned long tx_retry_failed, tx_retry_count;
-       unsigned long tx_filtered_count;
-
-       unsigned int wep_weak_iv_count; /* number of RX frames with weak IV */
-
-       unsigned long last_rx;
-       u32 supp_rates; /* bitmap of supported rates in local->curr_rates */
-       int txrate; /* index in local->curr_rates */
-       int last_txrate; /* last rate used to send a frame to this STA */
-       int last_nonerp_idx;
-
-       struct net_device *dev; /* which net device is this station associated
-                                * to */
-
-       struct ieee80211_key *key;
-
-       u32 tx_num_consecutive_failures;
-       u32 tx_num_mpdu_ok;
-       u32 tx_num_mpdu_fail;
-
-       struct rate_control_ref *rate_ctrl;
-       void *rate_ctrl_priv;
-
-       /* last received seq/frag number from this STA (per RX queue) */
-       __le16 last_seq_ctrl[NUM_RX_DATA_QUEUES];
-       unsigned long num_duplicates; /* number of duplicate frames received
-                                      * from this STA */
-       unsigned long tx_fragments; /* number of transmitted MPDUs */
-       unsigned long rx_fragments; /* number of received MPDUs */
-       unsigned long rx_dropped; /* number of dropped MPDUs from this STA */
-
-       int last_rssi; /* RSSI of last received frame from this STA */
-       int last_signal; /* signal of last received frame from this STA */
-       int last_noise; /* noise of last received frame from this STA */
-       int last_ack_rssi[3]; /* RSSI of last received ACKs from this STA */
-       unsigned long last_ack;
-       int channel_use;
-       int channel_use_raw;
-
-#ifdef CONFIG_MAC80211_DEBUG_COUNTERS
-       unsigned int wme_rx_queue[NUM_RX_DATA_QUEUES];
-       unsigned int wme_tx_queue[NUM_RX_DATA_QUEUES];
-#endif /* CONFIG_MAC80211_DEBUG_COUNTERS */
-
-       u16 listen_interval;
-
-#ifdef CONFIG_MAC80211_DEBUGFS
-       struct sta_info_debugfsdentries {
-               struct dentry *dir;
-               struct dentry *flags;
-               struct dentry *num_ps_buf_frames;
-               struct dentry *last_ack_rssi;
-               struct dentry *last_ack_ms;
-               struct dentry *inactive_ms;
-               struct dentry *last_seq_ctrl;
-#ifdef CONFIG_MAC80211_DEBUG_COUNTERS
-               struct dentry *wme_rx_queue;
-               struct dentry *wme_tx_queue;
-#endif
-       } debugfs;
-#endif
-};
-
-
-/* Maximum number of concurrently registered stations */
-#define MAX_STA_COUNT 2007
-
-#define STA_HASH_SIZE 256
-#define STA_HASH(sta) (sta[5])
-
-
-/* Maximum number of frames to buffer per power saving station */
-#define STA_MAX_TX_BUFFER 128
-
-/* Minimum buffered frame expiry time. If STA uses listen interval that is
- * smaller than this value, the minimum value here is used instead. */
-#define STA_TX_BUFFER_EXPIRE (10 * HZ)
-
-/* How often station data is cleaned up (e.g., expiration of buffered frames)
- */
-#define STA_INFO_CLEANUP_INTERVAL (10 * HZ)
-
-static inline void __sta_info_get(struct sta_info *sta)
-{
-       kref_get(&sta->kref);
-}
-
-struct sta_info * sta_info_get(struct ieee80211_local *local, u8 *addr);
-int sta_info_min_txrate_get(struct ieee80211_local *local);
-void sta_info_put(struct sta_info *sta);
-struct sta_info * sta_info_add(struct ieee80211_local *local,
-                              struct net_device *dev, u8 *addr, gfp_t gfp);
-void sta_info_remove(struct sta_info *sta);
-void sta_info_free(struct sta_info *sta);
-void sta_info_init(struct ieee80211_local *local);
-int sta_info_start(struct ieee80211_local *local);
-void sta_info_stop(struct ieee80211_local *local);
-void sta_info_remove_aid_ptr(struct sta_info *sta);
-void sta_info_flush(struct ieee80211_local *local, struct net_device *dev);
-
-#endif /* STA_INFO_H */
 
+++ /dev/null
-/*
- * Copyright 2002-2004, Instant802 Networks, Inc.
- * Copyright 2005, Devicescape Software, Inc.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-#include <linux/kernel.h>
-#include <linux/types.h>
-#include <linux/netdevice.h>
-
-#include <net/mac80211.h>
-#include "ieee80211_key.h"
-#include "tkip.h"
-#include "wep.h"
-
-
-/* TKIP key mixing functions */
-
-
-#define PHASE1_LOOP_COUNT 8
-
-
-/* 2-byte by 2-byte subset of the full AES S-box table; second part of this
- * table is identical to first part but byte-swapped */
-static const u16 tkip_sbox[256] =
-{
-       0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
-       0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
-       0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
-       0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
-       0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
-       0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
-       0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
-       0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
-       0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
-       0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
-       0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
-       0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
-       0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
-       0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
-       0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
-       0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
-       0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
-       0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
-       0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
-       0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
-       0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
-       0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
-       0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
-       0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
-       0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
-       0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
-       0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
-       0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
-       0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
-       0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
-       0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
-       0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
-};
-
-
-static inline u16 Mk16(u8 x, u8 y)
-{
-       return ((u16) x << 8) | (u16) y;
-}
-
-
-static inline u8 Hi8(u16 v)
-{
-       return v >> 8;
-}
-
-
-static inline u8 Lo8(u16 v)
-{
-       return v & 0xff;
-}
-
-
-static inline u16 Hi16(u32 v)
-{
-       return v >> 16;
-}
-
-
-static inline u16 Lo16(u32 v)
-{
-       return v & 0xffff;
-}
-
-
-static inline u16 RotR1(u16 v)
-{
-       return (v >> 1) | ((v & 0x0001) << 15);
-}
-
-
-static inline u16 tkip_S(u16 val)
-{
-       u16 a = tkip_sbox[Hi8(val)];
-
-       return tkip_sbox[Lo8(val)] ^ Hi8(a) ^ (Lo8(a) << 8);
-}
-
-
-
-/* P1K := Phase1(TA, TK, TSC)
- * TA = transmitter address (48 bits)
- * TK = dot11DefaultKeyValue or dot11KeyMappingValue (128 bits)
- * TSC = TKIP sequence counter (48 bits, only 32 msb bits used)
- * P1K: 80 bits
- */
-static void tkip_mixing_phase1(const u8 *ta, const u8 *tk, u32 tsc_IV32,
-                              u16 *p1k)
-{
-       int i, j;
-
-       p1k[0] = Lo16(tsc_IV32);
-       p1k[1] = Hi16(tsc_IV32);
-       p1k[2] = Mk16(ta[1], ta[0]);
-       p1k[3] = Mk16(ta[3], ta[2]);
-       p1k[4] = Mk16(ta[5], ta[4]);
-
-       for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
-               j = 2 * (i & 1);
-               p1k[0] += tkip_S(p1k[4] ^ Mk16(tk[ 1 + j], tk[ 0 + j]));
-               p1k[1] += tkip_S(p1k[0] ^ Mk16(tk[ 5 + j], tk[ 4 + j]));
-               p1k[2] += tkip_S(p1k[1] ^ Mk16(tk[ 9 + j], tk[ 8 + j]));
-               p1k[3] += tkip_S(p1k[2] ^ Mk16(tk[13 + j], tk[12 + j]));
-               p1k[4] += tkip_S(p1k[3] ^ Mk16(tk[ 1 + j], tk[ 0 + j])) + i;
-       }
-}
-
-
-static void tkip_mixing_phase2(const u16 *p1k, const u8 *tk, u16 tsc_IV16,
-                              u8 *rc4key)
-{
-       u16 ppk[6];
-       int i;
-
-       ppk[0] = p1k[0];
-       ppk[1] = p1k[1];
-       ppk[2] = p1k[2];
-       ppk[3] = p1k[3];
-       ppk[4] = p1k[4];
-       ppk[5] = p1k[4] + tsc_IV16;
-
-       ppk[0] += tkip_S(ppk[5] ^ Mk16(tk[ 1], tk[ 0]));
-       ppk[1] += tkip_S(ppk[0] ^ Mk16(tk[ 3], tk[ 2]));
-       ppk[2] += tkip_S(ppk[1] ^ Mk16(tk[ 5], tk[ 4]));
-       ppk[3] += tkip_S(ppk[2] ^ Mk16(tk[ 7], tk[ 6]));
-       ppk[4] += tkip_S(ppk[3] ^ Mk16(tk[ 9], tk[ 8]));
-       ppk[5] += tkip_S(ppk[4] ^ Mk16(tk[11], tk[10]));
-       ppk[0] +=  RotR1(ppk[5] ^ Mk16(tk[13], tk[12]));
-       ppk[1] +=  RotR1(ppk[0] ^ Mk16(tk[15], tk[14]));
-       ppk[2] +=  RotR1(ppk[1]);
-       ppk[3] +=  RotR1(ppk[2]);
-       ppk[4] +=  RotR1(ppk[3]);
-       ppk[5] +=  RotR1(ppk[4]);
-
-       rc4key[0] = Hi8(tsc_IV16);
-       rc4key[1] = (Hi8(tsc_IV16) | 0x20) & 0x7f;
-       rc4key[2] = Lo8(tsc_IV16);
-       rc4key[3] = Lo8((ppk[5] ^ Mk16(tk[1], tk[0])) >> 1);
-
-       for (i = 0; i < 6; i++) {
-               rc4key[4 + 2 * i] = Lo8(ppk[i]);
-               rc4key[5 + 2 * i] = Hi8(ppk[i]);
-       }
-}
-
-
-/* Add TKIP IV and Ext. IV at @pos. @iv0, @iv1, and @iv2 are the first octets
- * of the IV. Returns pointer to the octet following IVs (i.e., beginning of
- * the packet payload). */
-u8 * ieee80211_tkip_add_iv(u8 *pos, struct ieee80211_key *key,
-                          u8 iv0, u8 iv1, u8 iv2)
-{
-       *pos++ = iv0;
-       *pos++ = iv1;
-       *pos++ = iv2;
-       *pos++ = (key->conf.keyidx << 6) | (1 << 5) /* Ext IV */;
-       *pos++ = key->u.tkip.iv32 & 0xff;
-       *pos++ = (key->u.tkip.iv32 >> 8) & 0xff;
-       *pos++ = (key->u.tkip.iv32 >> 16) & 0xff;
-       *pos++ = (key->u.tkip.iv32 >> 24) & 0xff;
-       return pos;
-}
-
-
-void ieee80211_tkip_gen_phase1key(struct ieee80211_key *key, u8 *ta,
-                                 u16 *phase1key)
-{
-       tkip_mixing_phase1(ta, &key->conf.key[ALG_TKIP_TEMP_ENCR_KEY],
-                          key->u.tkip.iv32, phase1key);
-}
-
-void ieee80211_tkip_gen_rc4key(struct ieee80211_key *key, u8 *ta,
-                              u8 *rc4key)
-{
-       /* Calculate per-packet key */
-       if (key->u.tkip.iv16 == 0 || !key->u.tkip.tx_initialized) {
-               /* IV16 wrapped around - perform TKIP phase 1 */
-               tkip_mixing_phase1(ta, &key->conf.key[ALG_TKIP_TEMP_ENCR_KEY],
-                                  key->u.tkip.iv32, key->u.tkip.p1k);
-               key->u.tkip.tx_initialized = 1;
-       }
-
-       tkip_mixing_phase2(key->u.tkip.p1k,
-                          &key->conf.key[ALG_TKIP_TEMP_ENCR_KEY],
-                          key->u.tkip.iv16, rc4key);
-}
-
-/* Encrypt packet payload with TKIP using @key. @pos is a pointer to the
- * beginning of the buffer containing payload. This payload must include
- * headroom of eight octets for IV and Ext. IV and taildroom of four octets
- * for ICV. @payload_len is the length of payload (_not_ including extra
- * headroom and tailroom). @ta is the transmitter addresses. */
-void ieee80211_tkip_encrypt_data(struct crypto_blkcipher *tfm,
-                                struct ieee80211_key *key,
-                                u8 *pos, size_t payload_len, u8 *ta)
-{
-       u8 rc4key[16];
-
-       ieee80211_tkip_gen_rc4key(key, ta, rc4key);
-       pos = ieee80211_tkip_add_iv(pos, key, rc4key[0], rc4key[1], rc4key[2]);
-       ieee80211_wep_encrypt_data(tfm, rc4key, 16, pos, payload_len);
-}
-
-
-/* Decrypt packet payload with TKIP using @key. @pos is a pointer to the
- * beginning of the buffer containing IEEE 802.11 header payload, i.e.,
- * including IV, Ext. IV, real data, Michael MIC, ICV. @payload_len is the
- * length of payload, including IV, Ext. IV, MIC, ICV.  */
-int ieee80211_tkip_decrypt_data(struct crypto_blkcipher *tfm,
-                               struct ieee80211_key *key,
-                               u8 *payload, size_t payload_len, u8 *ta,
-                               int only_iv, int queue,
-                               u32 *out_iv32, u16 *out_iv16)
-{
-       u32 iv32;
-       u32 iv16;
-       u8 rc4key[16], keyid, *pos = payload;
-       int res;
-
-       if (payload_len < 12)
-               return -1;
-
-       iv16 = (pos[0] << 8) | pos[2];
-       keyid = pos[3];
-       iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
-       pos += 8;
-#ifdef CONFIG_TKIP_DEBUG
-       {
-               int i;
-               printk(KERN_DEBUG "TKIP decrypt: data(len=%zd)", payload_len);
-               for (i = 0; i < payload_len; i++)
-                       printk(" %02x", payload[i]);
-               printk("\n");
-               printk(KERN_DEBUG "TKIP decrypt: iv16=%04x iv32=%08x\n",
-                      iv16, iv32);
-       }
-#endif /* CONFIG_TKIP_DEBUG */
-
-       if (!(keyid & (1 << 5)))
-               return TKIP_DECRYPT_NO_EXT_IV;
-
-       if ((keyid >> 6) != key->conf.keyidx)
-               return TKIP_DECRYPT_INVALID_KEYIDX;
-
-       if (key->u.tkip.rx_initialized[queue] &&
-           (iv32 < key->u.tkip.iv32_rx[queue] ||
-            (iv32 == key->u.tkip.iv32_rx[queue] &&
-             iv16 <= key->u.tkip.iv16_rx[queue]))) {
-#ifdef CONFIG_TKIP_DEBUG
-               printk(KERN_DEBUG "TKIP replay detected for RX frame from "
-                      MAC_FMT " (RX IV (%04x,%02x) <= prev. IV (%04x,%02x)\n",
-                      MAC_ARG(ta),
-                      iv32, iv16, key->u.tkip.iv32_rx[queue],
-                      key->u.tkip.iv16_rx[queue]);
-#endif /* CONFIG_TKIP_DEBUG */
-               return TKIP_DECRYPT_REPLAY;
-       }
-
-       if (only_iv) {
-               res = TKIP_DECRYPT_OK;
-               key->u.tkip.rx_initialized[queue] = 1;
-               goto done;
-       }
-
-       if (!key->u.tkip.rx_initialized[queue] ||
-           key->u.tkip.iv32_rx[queue] != iv32) {
-               key->u.tkip.rx_initialized[queue] = 1;
-               /* IV16 wrapped around - perform TKIP phase 1 */
-               tkip_mixing_phase1(ta, &key->conf.key[ALG_TKIP_TEMP_ENCR_KEY],
-                                  iv32, key->u.tkip.p1k_rx[queue]);
-#ifdef CONFIG_TKIP_DEBUG
-               {
-                       int i;
-                       printk(KERN_DEBUG "TKIP decrypt: Phase1 TA=" MAC_FMT
-                              " TK=", MAC_ARG(ta));
-                       for (i = 0; i < 16; i++)
-                               printk("%02x ",
-                                      key->conf.key[
-                                               ALG_TKIP_TEMP_ENCR_KEY + i]);
-                       printk("\n");
-                       printk(KERN_DEBUG "TKIP decrypt: P1K=");
-                       for (i = 0; i < 5; i++)
-                               printk("%04x ", key->u.tkip.p1k_rx[queue][i]);
-                       printk("\n");
-               }
-#endif /* CONFIG_TKIP_DEBUG */
-       }
-
-       tkip_mixing_phase2(key->u.tkip.p1k_rx[queue],
-                          &key->conf.key[ALG_TKIP_TEMP_ENCR_KEY],
-                          iv16, rc4key);
-#ifdef CONFIG_TKIP_DEBUG
-       {
-               int i;
-               printk(KERN_DEBUG "TKIP decrypt: Phase2 rc4key=");
-               for (i = 0; i < 16; i++)
-                       printk("%02x ", rc4key[i]);
-               printk("\n");
-       }
-#endif /* CONFIG_TKIP_DEBUG */
-
-       res = ieee80211_wep_decrypt_data(tfm, rc4key, 16, pos, payload_len - 12);
- done:
-       if (res == TKIP_DECRYPT_OK) {
-               /*
-                * Record previously received IV, will be copied into the
-                * key information after MIC verification. It is possible
-                * that we don't catch replays of fragments but that's ok
-                * because the Michael MIC verication will then fail.
-                */
-               *out_iv32 = iv32;
-               *out_iv16 = iv16;
-       }
-
-       return res;
-}
-
-
 
+++ /dev/null
-/*
- * Copyright 2002-2004, Instant802 Networks, Inc.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-#ifndef TKIP_H
-#define TKIP_H
-
-#include <linux/types.h>
-#include <linux/crypto.h>
-#include "ieee80211_key.h"
-
-u8 * ieee80211_tkip_add_iv(u8 *pos, struct ieee80211_key *key,
-                          u8 iv0, u8 iv1, u8 iv2);
-void ieee80211_tkip_gen_phase1key(struct ieee80211_key *key, u8 *ta,
-                                 u16 *phase1key);
-void ieee80211_tkip_gen_rc4key(struct ieee80211_key *key, u8 *ta,
-                              u8 *rc4key);
-void ieee80211_tkip_encrypt_data(struct crypto_blkcipher *tfm,
-                                struct ieee80211_key *key,
-                                u8 *pos, size_t payload_len, u8 *ta);
-enum {
-       TKIP_DECRYPT_OK = 0,
-       TKIP_DECRYPT_NO_EXT_IV = -1,
-       TKIP_DECRYPT_INVALID_KEYIDX = -2,
-       TKIP_DECRYPT_REPLAY = -3,
-};
-int ieee80211_tkip_decrypt_data(struct crypto_blkcipher *tfm,
-                               struct ieee80211_key *key,
-                               u8 *payload, size_t payload_len, u8 *ta,
-                               int only_iv, int queue,
-                               u32 *out_iv32, u16 *out_iv16);
-
-#endif /* TKIP_H */
 
+++ /dev/null
-/*
- * Copyright 2002-2005, Instant802 Networks, Inc.
- * Copyright 2005-2006, Devicescape Software, Inc.
- * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
- * Copyright 2007      Johannes Berg <johannes@sipsolutions.net>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- *
- * Transmit and frame generation functions.
- */
-
-#include <linux/kernel.h>
-#include <linux/slab.h>
-#include <linux/skbuff.h>
-#include <linux/etherdevice.h>
-#include <linux/bitmap.h>
-#include <linux/rcupdate.h>
-#include <net/ieee80211_radiotap.h>
-#include <net/cfg80211.h>
-#include <net/mac80211.h>
-#include <asm/unaligned.h>
-
-#include "ieee80211_i.h"
-#include "ieee80211_led.h"
-#include "wep.h"
-#include "wpa.h"
-#include "wme.h"
-#include "ieee80211_rate.h"
-
-#define IEEE80211_TX_OK                0
-#define IEEE80211_TX_AGAIN     1
-#define IEEE80211_TX_FRAG_AGAIN        2
-
-/* misc utils */
-
-static inline void ieee80211_include_sequence(struct ieee80211_sub_if_data *sdata,
-                                             struct ieee80211_hdr *hdr)
-{
-       /* Set the sequence number for this frame. */
-       hdr->seq_ctrl = cpu_to_le16(sdata->sequence);
-
-       /* Increase the sequence number. */
-       sdata->sequence = (sdata->sequence + 0x10) & IEEE80211_SCTL_SEQ;
-}
-
-#ifdef CONFIG_MAC80211_LOWTX_FRAME_DUMP
-static void ieee80211_dump_frame(const char *ifname, const char *title,
-                                const struct sk_buff *skb)
-{
-       const struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
-       u16 fc;
-       int hdrlen;
-
-       printk(KERN_DEBUG "%s: %s (len=%d)", ifname, title, skb->len);
-       if (skb->len < 4) {
-               printk("\n");
-               return;
-       }
-
-       fc = le16_to_cpu(hdr->frame_control);
-       hdrlen = ieee80211_get_hdrlen(fc);
-       if (hdrlen > skb->len)
-               hdrlen = skb->len;
-       if (hdrlen >= 4)
-               printk(" FC=0x%04x DUR=0x%04x",
-                      fc, le16_to_cpu(hdr->duration_id));
-       if (hdrlen >= 10)
-               printk(" A1=" MAC_FMT, MAC_ARG(hdr->addr1));
-       if (hdrlen >= 16)
-               printk(" A2=" MAC_FMT, MAC_ARG(hdr->addr2));
-       if (hdrlen >= 24)
-               printk(" A3=" MAC_FMT, MAC_ARG(hdr->addr3));
-       if (hdrlen >= 30)
-               printk(" A4=" MAC_FMT, MAC_ARG(hdr->addr4));
-       printk("\n");
-}
-#else /* CONFIG_MAC80211_LOWTX_FRAME_DUMP */
-static inline void ieee80211_dump_frame(const char *ifname, const char *title,
-                                       struct sk_buff *skb)
-{
-}
-#endif /* CONFIG_MAC80211_LOWTX_FRAME_DUMP */
-
-static u16 ieee80211_duration(struct ieee80211_txrx_data *tx, int group_addr,
-                             int next_frag_len)
-{
-       int rate, mrate, erp, dur, i;
-       struct ieee80211_rate *txrate = tx->u.tx.rate;
-       struct ieee80211_local *local = tx->local;
-       struct ieee80211_hw_mode *mode = tx->u.tx.mode;
-
-       erp = txrate->flags & IEEE80211_RATE_ERP;
-
-       /*
-        * data and mgmt (except PS Poll):
-        * - during CFP: 32768
-        * - during contention period:
-        *   if addr1 is group address: 0
-        *   if more fragments = 0 and addr1 is individual address: time to
-        *      transmit one ACK plus SIFS
-        *   if more fragments = 1 and addr1 is individual address: time to
-        *      transmit next fragment plus 2 x ACK plus 3 x SIFS
-        *
-        * IEEE 802.11, 9.6:
-        * - control response frame (CTS or ACK) shall be transmitted using the
-        *   same rate as the immediately previous frame in the frame exchange
-        *   sequence, if this rate belongs to the PHY mandatory rates, or else
-        *   at the highest possible rate belonging to the PHY rates in the
-        *   BSSBasicRateSet
-        */
-
-       if ((tx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_CTL) {
-               /* TODO: These control frames are not currently sent by
-                * 80211.o, but should they be implemented, this function
-                * needs to be updated to support duration field calculation.
-                *
-                * RTS: time needed to transmit pending data/mgmt frame plus
-                *    one CTS frame plus one ACK frame plus 3 x SIFS
-                * CTS: duration of immediately previous RTS minus time
-                *    required to transmit CTS and its SIFS
-                * ACK: 0 if immediately previous directed data/mgmt had
-                *    more=0, with more=1 duration in ACK frame is duration
-                *    from previous frame minus time needed to transmit ACK
-                *    and its SIFS
-                * PS Poll: BIT(15) | BIT(14) | aid
-                */
-               return 0;
-       }
-
-       /* data/mgmt */
-       if (0 /* FIX: data/mgmt during CFP */)
-               return 32768;
-
-       if (group_addr) /* Group address as the destination - no ACK */
-               return 0;
-
-       /* Individual destination address:
-        * IEEE 802.11, Ch. 9.6 (after IEEE 802.11g changes)
-        * CTS and ACK frames shall be transmitted using the highest rate in
-        * basic rate set that is less than or equal to the rate of the
-        * immediately previous frame and that is using the same modulation
-        * (CCK or OFDM). If no basic rate set matches with these requirements,
-        * the highest mandatory rate of the PHY that is less than or equal to
-        * the rate of the previous frame is used.
-        * Mandatory rates for IEEE 802.11g PHY: 1, 2, 5.5, 11, 6, 12, 24 Mbps
-        */
-       rate = -1;
-       mrate = 10; /* use 1 Mbps if everything fails */
-       for (i = 0; i < mode->num_rates; i++) {
-               struct ieee80211_rate *r = &mode->rates[i];
-               if (r->rate > txrate->rate)
-                       break;
-
-               if (IEEE80211_RATE_MODULATION(txrate->flags) !=
-                   IEEE80211_RATE_MODULATION(r->flags))
-                       continue;
-
-               if (r->flags & IEEE80211_RATE_BASIC)
-                       rate = r->rate;
-               else if (r->flags & IEEE80211_RATE_MANDATORY)
-                       mrate = r->rate;
-       }
-       if (rate == -1) {
-               /* No matching basic rate found; use highest suitable mandatory
-                * PHY rate */
-               rate = mrate;
-       }
-
-       /* Time needed to transmit ACK
-        * (10 bytes + 4-byte FCS = 112 bits) plus SIFS; rounded up
-        * to closest integer */
-
-       dur = ieee80211_frame_duration(local, 10, rate, erp,
-                      tx->sdata->flags & IEEE80211_SDATA_SHORT_PREAMBLE);
-
-       if (next_frag_len) {
-               /* Frame is fragmented: duration increases with time needed to
-                * transmit next fragment plus ACK and 2 x SIFS. */
-               dur *= 2; /* ACK + SIFS */
-               /* next fragment */
-               dur += ieee80211_frame_duration(local, next_frag_len,
-                               txrate->rate, erp,
-                               tx->sdata->flags &
-                                       IEEE80211_SDATA_SHORT_PREAMBLE);
-       }
-
-       return dur;
-}
-
-static inline int __ieee80211_queue_stopped(const struct ieee80211_local *local,
-                                           int queue)
-{
-       return test_bit(IEEE80211_LINK_STATE_XOFF, &local->state[queue]);
-}
-
-static inline int __ieee80211_queue_pending(const struct ieee80211_local *local,
-                                           int queue)
-{
-       return test_bit(IEEE80211_LINK_STATE_PENDING, &local->state[queue]);
-}
-
-static int inline is_ieee80211_device(struct net_device *dev,
-                                     struct net_device *master)
-{
-       return (wdev_priv(dev->ieee80211_ptr) ==
-               wdev_priv(master->ieee80211_ptr));
-}
-
-/* tx handlers */
-
-static ieee80211_txrx_result
-ieee80211_tx_h_check_assoc(struct ieee80211_txrx_data *tx)
-{
-#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
-       struct sk_buff *skb = tx->skb;
-       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
-#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
-       u32 sta_flags;
-
-       if (unlikely(tx->flags & IEEE80211_TXRXD_TX_INJECTED))
-               return TXRX_CONTINUE;
-
-       if (unlikely(tx->local->sta_scanning != 0) &&
-           ((tx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT ||
-            (tx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_PROBE_REQ))
-               return TXRX_DROP;
-
-       if (tx->flags & IEEE80211_TXRXD_TXPS_BUFFERED)
-               return TXRX_CONTINUE;
-
-       sta_flags = tx->sta ? tx->sta->flags : 0;
-
-       if (likely(tx->flags & IEEE80211_TXRXD_TXUNICAST)) {
-               if (unlikely(!(sta_flags & WLAN_STA_ASSOC) &&
-                            tx->sdata->type != IEEE80211_IF_TYPE_IBSS &&
-                            (tx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA)) {
-#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
-                       printk(KERN_DEBUG "%s: dropped data frame to not "
-                              "associated station " MAC_FMT "\n",
-                              tx->dev->name, MAC_ARG(hdr->addr1));
-#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
-                       I802_DEBUG_INC(tx->local->tx_handlers_drop_not_assoc);
-                       return TXRX_DROP;
-               }
-       } else {
-               if (unlikely((tx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
-                            tx->local->num_sta == 0 &&
-                            tx->sdata->type != IEEE80211_IF_TYPE_IBSS)) {
-                       /*
-                        * No associated STAs - no need to send multicast
-                        * frames.
-                        */
-                       return TXRX_DROP;
-               }
-               return TXRX_CONTINUE;
-       }
-
-       if (unlikely(/* !injected && */ tx->sdata->ieee802_1x &&
-                    !(sta_flags & WLAN_STA_AUTHORIZED))) {
-#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
-               printk(KERN_DEBUG "%s: dropped frame to " MAC_FMT
-                      " (unauthorized port)\n", tx->dev->name,
-                      MAC_ARG(hdr->addr1));
-#endif
-               I802_DEBUG_INC(tx->local->tx_handlers_drop_unauth_port);
-               return TXRX_DROP;
-       }
-
-       return TXRX_CONTINUE;
-}
-
-static ieee80211_txrx_result
-ieee80211_tx_h_sequence(struct ieee80211_txrx_data *tx)
-{
-       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
-
-       if (ieee80211_get_hdrlen(le16_to_cpu(hdr->frame_control)) >= 24)
-               ieee80211_include_sequence(tx->sdata, hdr);
-
-       return TXRX_CONTINUE;
-}
-
-/* This function is called whenever the AP is about to exceed the maximum limit
- * of buffered frames for power saving STAs. This situation should not really
- * happen often during normal operation, so dropping the oldest buffered packet
- * from each queue should be OK to make some room for new frames. */
-static void purge_old_ps_buffers(struct ieee80211_local *local)
-{
-       int total = 0, purged = 0;
-       struct sk_buff *skb;
-       struct ieee80211_sub_if_data *sdata;
-       struct sta_info *sta;
-
-       /*
-        * virtual interfaces are protected by RCU
-        */
-       rcu_read_lock();
-
-       list_for_each_entry_rcu(sdata, &local->interfaces, list) {
-               struct ieee80211_if_ap *ap;
-               if (sdata->dev == local->mdev ||
-                   sdata->type != IEEE80211_IF_TYPE_AP)
-                       continue;
-               ap = &sdata->u.ap;
-               skb = skb_dequeue(&ap->ps_bc_buf);
-               if (skb) {
-                       purged++;
-                       dev_kfree_skb(skb);
-               }
-               total += skb_queue_len(&ap->ps_bc_buf);
-       }
-       rcu_read_unlock();
-
-       read_lock_bh(&local->sta_lock);
-       list_for_each_entry(sta, &local->sta_list, list) {
-               skb = skb_dequeue(&sta->ps_tx_buf);
-               if (skb) {
-                       purged++;
-                       dev_kfree_skb(skb);
-               }
-               total += skb_queue_len(&sta->ps_tx_buf);
-       }
-       read_unlock_bh(&local->sta_lock);
-
-       local->total_ps_buffered = total;
-       printk(KERN_DEBUG "%s: PS buffers full - purged %d frames\n",
-              wiphy_name(local->hw.wiphy), purged);
-}
-
-static inline ieee80211_txrx_result
-ieee80211_tx_h_multicast_ps_buf(struct ieee80211_txrx_data *tx)
-{
-       /* broadcast/multicast frame */
-       /* If any of the associated stations is in power save mode,
-        * the frame is buffered to be sent after DTIM beacon frame */
-       if ((tx->local->hw.flags & IEEE80211_HW_HOST_BROADCAST_PS_BUFFERING) &&
-           tx->sdata->type != IEEE80211_IF_TYPE_WDS &&
-           tx->sdata->bss && atomic_read(&tx->sdata->bss->num_sta_ps) &&
-           !(tx->fc & IEEE80211_FCTL_ORDER)) {
-               if (tx->local->total_ps_buffered >= TOTAL_MAX_TX_BUFFER)
-                       purge_old_ps_buffers(tx->local);
-               if (skb_queue_len(&tx->sdata->bss->ps_bc_buf) >=
-                   AP_MAX_BC_BUFFER) {
-                       if (net_ratelimit()) {
-                               printk(KERN_DEBUG "%s: BC TX buffer full - "
-                                      "dropping the oldest frame\n",
-                                      tx->dev->name);
-                       }
-                       dev_kfree_skb(skb_dequeue(&tx->sdata->bss->ps_bc_buf));
-               } else
-                       tx->local->total_ps_buffered++;
-               skb_queue_tail(&tx->sdata->bss->ps_bc_buf, tx->skb);
-               return TXRX_QUEUED;
-       }
-
-       return TXRX_CONTINUE;
-}
-
-static inline ieee80211_txrx_result
-ieee80211_tx_h_unicast_ps_buf(struct ieee80211_txrx_data *tx)
-{
-       struct sta_info *sta = tx->sta;
-
-       if (unlikely(!sta ||
-                    ((tx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_MGMT &&
-                     (tx->fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_PROBE_RESP)))
-               return TXRX_CONTINUE;
-
-       if (unlikely((sta->flags & WLAN_STA_PS) && !sta->pspoll)) {
-               struct ieee80211_tx_packet_data *pkt_data;
-#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
-               printk(KERN_DEBUG "STA " MAC_FMT " aid %d: PS buffer (entries "
-                      "before %d)\n",
-                      MAC_ARG(sta->addr), sta->aid,
-                      skb_queue_len(&sta->ps_tx_buf));
-#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
-               sta->flags |= WLAN_STA_TIM;
-               if (tx->local->total_ps_buffered >= TOTAL_MAX_TX_BUFFER)
-                       purge_old_ps_buffers(tx->local);
-               if (skb_queue_len(&sta->ps_tx_buf) >= STA_MAX_TX_BUFFER) {
-                       struct sk_buff *old = skb_dequeue(&sta->ps_tx_buf);
-                       if (net_ratelimit()) {
-                               printk(KERN_DEBUG "%s: STA " MAC_FMT " TX "
-                                      "buffer full - dropping oldest frame\n",
-                                      tx->dev->name, MAC_ARG(sta->addr));
-                       }
-                       dev_kfree_skb(old);
-               } else
-                       tx->local->total_ps_buffered++;
-               /* Queue frame to be sent after STA sends an PS Poll frame */
-               if (skb_queue_empty(&sta->ps_tx_buf)) {
-                       if (tx->local->ops->set_tim)
-                               tx->local->ops->set_tim(local_to_hw(tx->local),
-                                                      sta->aid, 1);
-                       if (tx->sdata->bss)
-                               bss_tim_set(tx->local, tx->sdata->bss, sta->aid);
-               }
-               pkt_data = (struct ieee80211_tx_packet_data *)tx->skb->cb;
-               pkt_data->jiffies = jiffies;
-               skb_queue_tail(&sta->ps_tx_buf, tx->skb);
-               return TXRX_QUEUED;
-       }
-#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
-       else if (unlikely(sta->flags & WLAN_STA_PS)) {
-               printk(KERN_DEBUG "%s: STA " MAC_FMT " in PS mode, but pspoll "
-                      "set -> send frame\n", tx->dev->name,
-                      MAC_ARG(sta->addr));
-       }
-#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
-       sta->pspoll = 0;
-
-       return TXRX_CONTINUE;
-}
-
-
-static ieee80211_txrx_result
-ieee80211_tx_h_ps_buf(struct ieee80211_txrx_data *tx)
-{
-       if (unlikely(tx->flags & IEEE80211_TXRXD_TXPS_BUFFERED))
-               return TXRX_CONTINUE;
-
-       if (tx->flags & IEEE80211_TXRXD_TXUNICAST)
-               return ieee80211_tx_h_unicast_ps_buf(tx);
-       else
-               return ieee80211_tx_h_multicast_ps_buf(tx);
-}
-
-
-
-
-static ieee80211_txrx_result
-ieee80211_tx_h_select_key(struct ieee80211_txrx_data *tx)
-{
-       struct ieee80211_key *key;
-
-       if (unlikely(tx->u.tx.control->flags & IEEE80211_TXCTL_DO_NOT_ENCRYPT))
-               tx->key = NULL;
-       else if (tx->sta && (key = rcu_dereference(tx->sta->key)))
-               tx->key = key;
-       else if ((key = rcu_dereference(tx->sdata->default_key)))
-               tx->key = key;
-       else if (tx->sdata->drop_unencrypted &&
-                !(tx->sdata->eapol && ieee80211_is_eapol(tx->skb))) {
-               I802_DEBUG_INC(tx->local->tx_handlers_drop_unencrypted);
-               return TXRX_DROP;
-       } else {
-               tx->key = NULL;
-               tx->u.tx.control->flags |= IEEE80211_TXCTL_DO_NOT_ENCRYPT;
-       }
-
-       if (tx->key) {
-               tx->key->tx_rx_count++;
-               /* TODO: add threshold stuff again */
-       }
-
-       return TXRX_CONTINUE;
-}
-
-static ieee80211_txrx_result
-ieee80211_tx_h_fragment(struct ieee80211_txrx_data *tx)
-{
-       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) tx->skb->data;
-       size_t hdrlen, per_fragm, num_fragm, payload_len, left;
-       struct sk_buff **frags, *first, *frag;
-       int i;
-       u16 seq;
-       u8 *pos;
-       int frag_threshold = tx->local->fragmentation_threshold;
-
-       if (!(tx->flags & IEEE80211_TXRXD_FRAGMENTED))
-               return TXRX_CONTINUE;
-
-       first = tx->skb;
-
-       hdrlen = ieee80211_get_hdrlen(tx->fc);
-       payload_len = first->len - hdrlen;
-       per_fragm = frag_threshold - hdrlen - FCS_LEN;
-       num_fragm = (payload_len + per_fragm - 1) / per_fragm;
-
-       frags = kzalloc(num_fragm * sizeof(struct sk_buff *), GFP_ATOMIC);
-       if (!frags)
-               goto fail;
-
-       hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_MOREFRAGS);
-       seq = le16_to_cpu(hdr->seq_ctrl) & IEEE80211_SCTL_SEQ;
-       pos = first->data + hdrlen + per_fragm;
-       left = payload_len - per_fragm;
-       for (i = 0; i < num_fragm - 1; i++) {
-               struct ieee80211_hdr *fhdr;
-               size_t copylen;
-
-               if (left <= 0)
-                       goto fail;
-
-               /* reserve enough extra head and tail room for possible
-                * encryption */
-               frag = frags[i] =
-                       dev_alloc_skb(tx->local->tx_headroom +
-                                     frag_threshold +
-                                     IEEE80211_ENCRYPT_HEADROOM +
-                                     IEEE80211_ENCRYPT_TAILROOM);
-               if (!frag)
-                       goto fail;
-               /* Make sure that all fragments use the same priority so
-                * that they end up using the same TX queue */
-               frag->priority = first->priority;
-               skb_reserve(frag, tx->local->tx_headroom +
-                                 IEEE80211_ENCRYPT_HEADROOM);
-               fhdr = (struct ieee80211_hdr *) skb_put(frag, hdrlen);
-               memcpy(fhdr, first->data, hdrlen);
-               if (i == num_fragm - 2)
-                       fhdr->frame_control &= cpu_to_le16(~IEEE80211_FCTL_MOREFRAGS);
-               fhdr->seq_ctrl = cpu_to_le16(seq | ((i + 1) & IEEE80211_SCTL_FRAG));
-               copylen = left > per_fragm ? per_fragm : left;
-               memcpy(skb_put(frag, copylen), pos, copylen);
-
-               pos += copylen;
-               left -= copylen;
-       }
-       skb_trim(first, hdrlen + per_fragm);
-
-       tx->u.tx.num_extra_frag = num_fragm - 1;
-       tx->u.tx.extra_frag = frags;
-
-       return TXRX_CONTINUE;
-
- fail:
-       printk(KERN_DEBUG "%s: failed to fragment frame\n", tx->dev->name);
-       if (frags) {
-               for (i = 0; i < num_fragm - 1; i++)
-                       if (frags[i])
-                               dev_kfree_skb(frags[i]);
-               kfree(frags);
-       }
-       I802_DEBUG_INC(tx->local->tx_handlers_drop_fragment);
-       return TXRX_DROP;
-}
-
-static ieee80211_txrx_result
-ieee80211_tx_h_encrypt(struct ieee80211_txrx_data *tx)
-{
-       if (!tx->key)
-               return TXRX_CONTINUE;
-
-       switch (tx->key->conf.alg) {
-       case ALG_WEP:
-               return ieee80211_crypto_wep_encrypt(tx);
-       case ALG_TKIP:
-               return ieee80211_crypto_tkip_encrypt(tx);
-       case ALG_CCMP:
-               return ieee80211_crypto_ccmp_encrypt(tx);
-       }
-
-       /* not reached */
-       WARN_ON(1);
-       return TXRX_DROP;
-}
-
-static ieee80211_txrx_result
-ieee80211_tx_h_rate_ctrl(struct ieee80211_txrx_data *tx)
-{
-       struct rate_control_extra extra;
-
-       if (likely(!tx->u.tx.rate)) {
-               memset(&extra, 0, sizeof(extra));
-               extra.mode = tx->u.tx.mode;
-               extra.ethertype = tx->ethertype;
-
-               tx->u.tx.rate = rate_control_get_rate(tx->local, tx->dev,
-                                                     tx->skb, &extra);
-               if (unlikely(extra.probe != NULL)) {
-                       tx->u.tx.control->flags |=
-                               IEEE80211_TXCTL_RATE_CTRL_PROBE;
-                       tx->flags |= IEEE80211_TXRXD_TXPROBE_LAST_FRAG;
-                       tx->u.tx.control->alt_retry_rate = tx->u.tx.rate->val;
-                       tx->u.tx.rate = extra.probe;
-               } else
-                       tx->u.tx.control->alt_retry_rate = -1;
-
-               if (!tx->u.tx.rate)
-                       return TXRX_DROP;
-       } else
-               tx->u.tx.control->alt_retry_rate = -1;
-
-       if (tx->u.tx.mode->mode == MODE_IEEE80211G &&
-           (tx->sdata->flags & IEEE80211_SDATA_USE_PROTECTION) &&
-           (tx->flags & IEEE80211_TXRXD_FRAGMENTED) && extra.nonerp) {
-               tx->u.tx.last_frag_rate = tx->u.tx.rate;
-               if (extra.probe)
-                       tx->flags &= ~IEEE80211_TXRXD_TXPROBE_LAST_FRAG;
-               else
-                       tx->flags |= IEEE80211_TXRXD_TXPROBE_LAST_FRAG;
-               tx->u.tx.rate = extra.nonerp;
-               tx->u.tx.control->rate = extra.nonerp;
-               tx->u.tx.control->flags &= ~IEEE80211_TXCTL_RATE_CTRL_PROBE;
-       } else {
-               tx->u.tx.last_frag_rate = tx->u.tx.rate;
-               tx->u.tx.control->rate = tx->u.tx.rate;
-       }
-       tx->u.tx.control->tx_rate = tx->u.tx.rate->val;
-
-       return TXRX_CONTINUE;
-}
-
-static ieee80211_txrx_result
-ieee80211_tx_h_misc(struct ieee80211_txrx_data *tx)
-{
-       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) tx->skb->data;
-       u16 fc = le16_to_cpu(hdr->frame_control);
-       u16 dur;
-       struct ieee80211_tx_control *control = tx->u.tx.control;
-       struct ieee80211_hw_mode *mode = tx->u.tx.mode;
-
-       if (!control->retry_limit) {
-               if (!is_multicast_ether_addr(hdr->addr1)) {
-                       if (tx->skb->len + FCS_LEN > tx->local->rts_threshold
-                           && tx->local->rts_threshold <
-                                       IEEE80211_MAX_RTS_THRESHOLD) {
-                               control->flags |=
-                                       IEEE80211_TXCTL_USE_RTS_CTS;
-                               control->flags |=
-                                       IEEE80211_TXCTL_LONG_RETRY_LIMIT;
-                               control->retry_limit =
-                                       tx->local->long_retry_limit;
-                       } else {
-                               control->retry_limit =
-                                       tx->local->short_retry_limit;
-                       }
-               } else {
-                       control->retry_limit = 1;
-               }
-       }
-
-       if (tx->flags & IEEE80211_TXRXD_FRAGMENTED) {
-               /* Do not use multiple retry rates when sending fragmented
-                * frames.
-                * TODO: The last fragment could still use multiple retry
-                * rates. */
-               control->alt_retry_rate = -1;
-       }
-
-       /* Use CTS protection for unicast frames sent using extended rates if
-        * there are associated non-ERP stations and RTS/CTS is not configured
-        * for the frame. */
-       if (mode->mode == MODE_IEEE80211G &&
-           (tx->u.tx.rate->flags & IEEE80211_RATE_ERP) &&
-           (tx->flags & IEEE80211_TXRXD_TXUNICAST) &&
-           (tx->sdata->flags & IEEE80211_SDATA_USE_PROTECTION) &&
-           !(control->flags & IEEE80211_TXCTL_USE_RTS_CTS))
-               control->flags |= IEEE80211_TXCTL_USE_CTS_PROTECT;
-
-       /* Transmit data frames using short preambles if the driver supports
-        * short preambles at the selected rate and short preambles are
-        * available on the network at the current point in time. */
-       if (((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA) &&
-           (tx->u.tx.rate->flags & IEEE80211_RATE_PREAMBLE2) &&
-           (tx->sdata->flags & IEEE80211_SDATA_SHORT_PREAMBLE) &&
-           (!tx->sta || (tx->sta->flags & WLAN_STA_SHORT_PREAMBLE))) {
-               tx->u.tx.control->tx_rate = tx->u.tx.rate->val2;
-       }
-
-       /* Setup duration field for the first fragment of the frame. Duration
-        * for remaining fragments will be updated when they are being sent
-        * to low-level driver in ieee80211_tx(). */
-       dur = ieee80211_duration(tx, is_multicast_ether_addr(hdr->addr1),
-                                (tx->flags & IEEE80211_TXRXD_FRAGMENTED) ?
-                                tx->u.tx.extra_frag[0]->len : 0);
-       hdr->duration_id = cpu_to_le16(dur);
-
-       if ((control->flags & IEEE80211_TXCTL_USE_RTS_CTS) ||
-           (control->flags & IEEE80211_TXCTL_USE_CTS_PROTECT)) {
-               struct ieee80211_rate *rate;
-
-               /* Do not use multiple retry rates when using RTS/CTS */
-               control->alt_retry_rate = -1;
-
-               /* Use min(data rate, max base rate) as CTS/RTS rate */
-               rate = tx->u.tx.rate;
-               while (rate > mode->rates &&
-                      !(rate->flags & IEEE80211_RATE_BASIC))
-                       rate--;
-
-               control->rts_cts_rate = rate->val;
-               control->rts_rate = rate;
-       }
-
-       if (tx->sta) {
-               tx->sta->tx_packets++;
-               tx->sta->tx_fragments++;
-               tx->sta->tx_bytes += tx->skb->len;
-               if (tx->u.tx.extra_frag) {
-                       int i;
-                       tx->sta->tx_fragments += tx->u.tx.num_extra_frag;
-                       for (i = 0; i < tx->u.tx.num_extra_frag; i++) {
-                               tx->sta->tx_bytes +=
-                                       tx->u.tx.extra_frag[i]->len;
-                       }
-               }
-       }
-
-       /*
-        * Tell hardware to not encrypt when we had sw crypto.
-        * Because we use the same flag to internally indicate that
-        * no (software) encryption should be done, we have to set it
-        * after all crypto handlers.
-        */
-       if (tx->key && !(tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
-               tx->u.tx.control->flags |= IEEE80211_TXCTL_DO_NOT_ENCRYPT;
-
-       return TXRX_CONTINUE;
-}
-
-static ieee80211_txrx_result
-ieee80211_tx_h_load_stats(struct ieee80211_txrx_data *tx)
-{
-       struct ieee80211_local *local = tx->local;
-       struct ieee80211_hw_mode *mode = tx->u.tx.mode;
-       struct sk_buff *skb = tx->skb;
-       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
-       u32 load = 0, hdrtime;
-
-       /* TODO: this could be part of tx_status handling, so that the number
-        * of retries would be known; TX rate should in that case be stored
-        * somewhere with the packet */
-
-       /* Estimate total channel use caused by this frame */
-
-       /* 1 bit at 1 Mbit/s takes 1 usec; in channel_use values,
-        * 1 usec = 1/8 * (1080 / 10) = 13.5 */
-
-       if (mode->mode == MODE_IEEE80211A ||
-           (mode->mode == MODE_IEEE80211G &&
-            tx->u.tx.rate->flags & IEEE80211_RATE_ERP))
-               hdrtime = CHAN_UTIL_HDR_SHORT;
-       else
-               hdrtime = CHAN_UTIL_HDR_LONG;
-
-       load = hdrtime;
-       if (!is_multicast_ether_addr(hdr->addr1))
-               load += hdrtime;
-
-       if (tx->u.tx.control->flags & IEEE80211_TXCTL_USE_RTS_CTS)
-               load += 2 * hdrtime;
-       else if (tx->u.tx.control->flags & IEEE80211_TXCTL_USE_CTS_PROTECT)
-               load += hdrtime;
-
-       load += skb->len * tx->u.tx.rate->rate_inv;
-
-       if (tx->u.tx.extra_frag) {
-               int i;
-               for (i = 0; i < tx->u.tx.num_extra_frag; i++) {
-                       load += 2 * hdrtime;
-                       load += tx->u.tx.extra_frag[i]->len *
-                               tx->u.tx.rate->rate;
-               }
-       }
-
-       /* Divide channel_use by 8 to avoid wrapping around the counter */
-       load >>= CHAN_UTIL_SHIFT;
-       local->channel_use_raw += load;
-       if (tx->sta)
-               tx->sta->channel_use_raw += load;
-       tx->sdata->channel_use_raw += load;
-
-       return TXRX_CONTINUE;
-}
-
-/* TODO: implement register/unregister functions for adding TX/RX handlers
- * into ordered list */
-
-ieee80211_tx_handler ieee80211_tx_handlers[] =
-{
-       ieee80211_tx_h_check_assoc,
-       ieee80211_tx_h_sequence,
-       ieee80211_tx_h_ps_buf,
-       ieee80211_tx_h_select_key,
-       ieee80211_tx_h_michael_mic_add,
-       ieee80211_tx_h_fragment,
-       ieee80211_tx_h_encrypt,
-       ieee80211_tx_h_rate_ctrl,
-       ieee80211_tx_h_misc,
-       ieee80211_tx_h_load_stats,
-       NULL
-};
-
-/* actual transmit path */
-
-/*
- * deal with packet injection down monitor interface
- * with Radiotap Header -- only called for monitor mode interface
- */
-static ieee80211_txrx_result
-__ieee80211_parse_tx_radiotap(struct ieee80211_txrx_data *tx,
-                             struct sk_buff *skb)
-{
-       /*
-        * this is the moment to interpret and discard the radiotap header that
-        * must be at the start of the packet injected in Monitor mode
-        *
-        * Need to take some care with endian-ness since radiotap
-        * args are little-endian
-        */
-
-       struct ieee80211_radiotap_iterator iterator;
-       struct ieee80211_radiotap_header *rthdr =
-               (struct ieee80211_radiotap_header *) skb->data;
-       struct ieee80211_hw_mode *mode = tx->local->hw.conf.mode;
-       int ret = ieee80211_radiotap_iterator_init(&iterator, rthdr, skb->len);
-       struct ieee80211_tx_control *control = tx->u.tx.control;
-
-       control->flags |= IEEE80211_TXCTL_DO_NOT_ENCRYPT;
-       tx->flags |= IEEE80211_TXRXD_TX_INJECTED;
-       tx->flags &= ~IEEE80211_TXRXD_FRAGMENTED;
-
-       /*
-        * for every radiotap entry that is present
-        * (ieee80211_radiotap_iterator_next returns -ENOENT when no more
-        * entries present, or -EINVAL on error)
-        */
-
-       while (!ret) {
-               int i, target_rate;
-
-               ret = ieee80211_radiotap_iterator_next(&iterator);
-
-               if (ret)
-                       continue;
-
-               /* see if this argument is something we can use */
-               switch (iterator.this_arg_index) {
-               /*
-                * You must take care when dereferencing iterator.this_arg
-                * for multibyte types... the pointer is not aligned.  Use
-                * get_unaligned((type *)iterator.this_arg) to dereference
-                * iterator.this_arg for type "type" safely on all arches.
-               */
-               case IEEE80211_RADIOTAP_RATE:
-                       /*
-                        * radiotap rate u8 is in 500kbps units eg, 0x02=1Mbps
-                        * ieee80211 rate int is in 100kbps units eg, 0x0a=1Mbps
-                        */
-                       target_rate = (*iterator.this_arg) * 5;
-                       for (i = 0; i < mode->num_rates; i++) {
-                               struct ieee80211_rate *r = &mode->rates[i];
-
-                               if (r->rate == target_rate) {
-                                       tx->u.tx.rate = r;
-                                       break;
-                               }
-                       }
-                       break;
-
-               case IEEE80211_RADIOTAP_ANTENNA:
-                       /*
-                        * radiotap uses 0 for 1st ant, mac80211 is 1 for
-                        * 1st ant
-                        */
-                       control->antenna_sel_tx = (*iterator.this_arg) + 1;
-                       break;
-
-               case IEEE80211_RADIOTAP_DBM_TX_POWER:
-                       control->power_level = *iterator.this_arg;
-                       break;
-
-               case IEEE80211_RADIOTAP_FLAGS:
-                       if (*iterator.this_arg & IEEE80211_RADIOTAP_F_FCS) {
-                               /*
-                                * this indicates that the skb we have been
-                                * handed has the 32-bit FCS CRC at the end...
-                                * we should react to that by snipping it off
-                                * because it will be recomputed and added
-                                * on transmission
-                                */
-                               if (skb->len < (iterator.max_length + FCS_LEN))
-                                       return TXRX_DROP;
-
-                               skb_trim(skb, skb->len - FCS_LEN);
-                       }
-                       if (*iterator.this_arg & IEEE80211_RADIOTAP_F_WEP)
-                               control->flags &=
-                                       ~IEEE80211_TXCTL_DO_NOT_ENCRYPT;
-                       if (*iterator.this_arg & IEEE80211_RADIOTAP_F_FRAG)
-                               tx->flags |= IEEE80211_TXRXD_FRAGMENTED;
-                       break;
-
-               /*
-                * Please update the file
-                * Documentation/networking/mac80211-injection.txt
-                * when parsing new fields here.
-                */
-
-               default:
-                       break;
-               }
-       }
-
-       if (ret != -ENOENT) /* ie, if we didn't simply run out of fields */
-               return TXRX_DROP;
-
-       /*
-        * remove the radiotap header
-        * iterator->max_length was sanity-checked against
-        * skb->len by iterator init
-        */
-       skb_pull(skb, iterator.max_length);
-
-       return TXRX_CONTINUE;
-}
-
-/*
- * initialises @tx
- */
-static ieee80211_txrx_result
-__ieee80211_tx_prepare(struct ieee80211_txrx_data *tx,
-                      struct sk_buff *skb,
-                      struct net_device *dev,
-                      struct ieee80211_tx_control *control)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct ieee80211_hdr *hdr;
-       struct ieee80211_sub_if_data *sdata;
-       ieee80211_txrx_result res = TXRX_CONTINUE;
-
-       int hdrlen;
-
-       memset(tx, 0, sizeof(*tx));
-       tx->skb = skb;
-       tx->dev = dev; /* use original interface */
-       tx->local = local;
-       tx->sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-       tx->u.tx.control = control;
-       /*
-        * Set this flag (used below to indicate "automatic fragmentation"),
-        * it will be cleared/left by radiotap as desired.
-        */
-       tx->flags |= IEEE80211_TXRXD_FRAGMENTED;
-
-       /* process and remove the injection radiotap header */
-       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-       if (unlikely(sdata->type == IEEE80211_IF_TYPE_MNTR)) {
-               if (__ieee80211_parse_tx_radiotap(tx, skb) == TXRX_DROP)
-                       return TXRX_DROP;
-
-               /*
-                * __ieee80211_parse_tx_radiotap has now removed
-                * the radiotap header that was present and pre-filled
-                * 'tx' with tx control information.
-                */
-       }
-
-       hdr = (struct ieee80211_hdr *) skb->data;
-
-       tx->sta = sta_info_get(local, hdr->addr1);
-       tx->fc = le16_to_cpu(hdr->frame_control);
-
-       if (is_multicast_ether_addr(hdr->addr1)) {
-               tx->flags &= ~IEEE80211_TXRXD_TXUNICAST;
-               control->flags |= IEEE80211_TXCTL_NO_ACK;
-       } else {
-               tx->flags |= IEEE80211_TXRXD_TXUNICAST;
-               control->flags &= ~IEEE80211_TXCTL_NO_ACK;
-       }
-
-       if (tx->flags & IEEE80211_TXRXD_FRAGMENTED) {
-               if ((tx->flags & IEEE80211_TXRXD_TXUNICAST) &&
-                   skb->len + FCS_LEN > local->fragmentation_threshold &&
-                   !local->ops->set_frag_threshold)
-                       tx->flags |= IEEE80211_TXRXD_FRAGMENTED;
-               else
-                       tx->flags &= ~IEEE80211_TXRXD_FRAGMENTED;
-       }
-
-       if (!tx->sta)
-               control->flags |= IEEE80211_TXCTL_CLEAR_DST_MASK;
-       else if (tx->sta->clear_dst_mask) {
-               control->flags |= IEEE80211_TXCTL_CLEAR_DST_MASK;
-               tx->sta->clear_dst_mask = 0;
-       }
-
-       hdrlen = ieee80211_get_hdrlen(tx->fc);
-       if (skb->len > hdrlen + sizeof(rfc1042_header) + 2) {
-               u8 *pos = &skb->data[hdrlen + sizeof(rfc1042_header)];
-               tx->ethertype = (pos[0] << 8) | pos[1];
-       }
-       control->flags |= IEEE80211_TXCTL_FIRST_FRAGMENT;
-
-       return res;
-}
-
-/* Device in tx->dev has a reference added; use dev_put(tx->dev) when
- * finished with it.
- *
- * NB: @tx is uninitialised when passed in here
- */
-static int ieee80211_tx_prepare(struct ieee80211_txrx_data *tx,
-                               struct sk_buff *skb,
-                               struct net_device *mdev,
-                               struct ieee80211_tx_control *control)
-{
-       struct ieee80211_tx_packet_data *pkt_data;
-       struct net_device *dev;
-
-       pkt_data = (struct ieee80211_tx_packet_data *)skb->cb;
-       dev = dev_get_by_index(pkt_data->ifindex);
-       if (unlikely(dev && !is_ieee80211_device(dev, mdev))) {
-               dev_put(dev);
-               dev = NULL;
-       }
-       if (unlikely(!dev))
-               return -ENODEV;
-       /* initialises tx with control */
-       __ieee80211_tx_prepare(tx, skb, dev, control);
-       return 0;
-}
-
-static int __ieee80211_tx(struct ieee80211_local *local, struct sk_buff *skb,
-                         struct ieee80211_txrx_data *tx)
-{
-       struct ieee80211_tx_control *control = tx->u.tx.control;
-       int ret, i;
-
-       if (!ieee80211_qdisc_installed(local->mdev) &&
-           __ieee80211_queue_stopped(local, 0)) {
-               netif_stop_queue(local->mdev);
-               return IEEE80211_TX_AGAIN;
-       }
-       if (skb) {
-               ieee80211_dump_frame(wiphy_name(local->hw.wiphy),
-                                    "TX to low-level driver", skb);
-               ret = local->ops->tx(local_to_hw(local), skb, control);
-               if (ret)
-                       return IEEE80211_TX_AGAIN;
-               local->mdev->trans_start = jiffies;
-               ieee80211_led_tx(local, 1);
-       }
-       if (tx->u.tx.extra_frag) {
-               control->flags &= ~(IEEE80211_TXCTL_USE_RTS_CTS |
-                                   IEEE80211_TXCTL_USE_CTS_PROTECT |
-                                   IEEE80211_TXCTL_CLEAR_DST_MASK |
-                                   IEEE80211_TXCTL_FIRST_FRAGMENT);
-               for (i = 0; i < tx->u.tx.num_extra_frag; i++) {
-                       if (!tx->u.tx.extra_frag[i])
-                               continue;
-                       if (__ieee80211_queue_stopped(local, control->queue))
-                               return IEEE80211_TX_FRAG_AGAIN;
-                       if (i == tx->u.tx.num_extra_frag) {
-                               control->tx_rate = tx->u.tx.last_frag_hwrate;
-                               control->rate = tx->u.tx.last_frag_rate;
-                               if (tx->flags & IEEE80211_TXRXD_TXPROBE_LAST_FRAG)
-                                       control->flags |=
-                                               IEEE80211_TXCTL_RATE_CTRL_PROBE;
-                               else
-                                       control->flags &=
-                                               ~IEEE80211_TXCTL_RATE_CTRL_PROBE;
-                       }
-
-                       ieee80211_dump_frame(wiphy_name(local->hw.wiphy),
-                                            "TX to low-level driver",
-                                            tx->u.tx.extra_frag[i]);
-                       ret = local->ops->tx(local_to_hw(local),
-                                           tx->u.tx.extra_frag[i],
-                                           control);
-                       if (ret)
-                               return IEEE80211_TX_FRAG_AGAIN;
-                       local->mdev->trans_start = jiffies;
-                       ieee80211_led_tx(local, 1);
-                       tx->u.tx.extra_frag[i] = NULL;
-               }
-               kfree(tx->u.tx.extra_frag);
-               tx->u.tx.extra_frag = NULL;
-       }
-       return IEEE80211_TX_OK;
-}
-
-static int ieee80211_tx(struct net_device *dev, struct sk_buff *skb,
-                       struct ieee80211_tx_control *control)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct sta_info *sta;
-       ieee80211_tx_handler *handler;
-       struct ieee80211_txrx_data tx;
-       ieee80211_txrx_result res = TXRX_DROP, res_prepare;
-       int ret, i;
-
-       WARN_ON(__ieee80211_queue_pending(local, control->queue));
-
-       if (unlikely(skb->len < 10)) {
-               dev_kfree_skb(skb);
-               return 0;
-       }
-
-       /* initialises tx */
-       res_prepare = __ieee80211_tx_prepare(&tx, skb, dev, control);
-
-       if (res_prepare == TXRX_DROP) {
-               dev_kfree_skb(skb);
-               return 0;
-       }
-
-       /*
-        * key references are protected using RCU and this requires that
-        * we are in a read-site RCU section during receive processing
-        */
-       rcu_read_lock();
-
-       sta = tx.sta;
-       tx.u.tx.mode = local->hw.conf.mode;
-
-       for (handler = local->tx_handlers; *handler != NULL;
-            handler++) {
-               res = (*handler)(&tx);
-               if (res != TXRX_CONTINUE)
-                       break;
-       }
-
-       skb = tx.skb; /* handlers are allowed to change skb */
-
-       if (sta)
-               sta_info_put(sta);
-
-       if (unlikely(res == TXRX_DROP)) {
-               I802_DEBUG_INC(local->tx_handlers_drop);
-               goto drop;
-       }
-
-       if (unlikely(res == TXRX_QUEUED)) {
-               I802_DEBUG_INC(local->tx_handlers_queued);
-               rcu_read_unlock();
-               return 0;
-       }
-
-       if (tx.u.tx.extra_frag) {
-               for (i = 0; i < tx.u.tx.num_extra_frag; i++) {
-                       int next_len, dur;
-                       struct ieee80211_hdr *hdr =
-                               (struct ieee80211_hdr *)
-                               tx.u.tx.extra_frag[i]->data;
-
-                       if (i + 1 < tx.u.tx.num_extra_frag) {
-                               next_len = tx.u.tx.extra_frag[i + 1]->len;
-                       } else {
-                               next_len = 0;
-                               tx.u.tx.rate = tx.u.tx.last_frag_rate;
-                               tx.u.tx.last_frag_hwrate = tx.u.tx.rate->val;
-                       }
-                       dur = ieee80211_duration(&tx, 0, next_len);
-                       hdr->duration_id = cpu_to_le16(dur);
-               }
-       }
-
-retry:
-       ret = __ieee80211_tx(local, skb, &tx);
-       if (ret) {
-               struct ieee80211_tx_stored_packet *store =
-                       &local->pending_packet[control->queue];
-
-               if (ret == IEEE80211_TX_FRAG_AGAIN)
-                       skb = NULL;
-               set_bit(IEEE80211_LINK_STATE_PENDING,
-                       &local->state[control->queue]);
-               smp_mb();
-               /* When the driver gets out of buffers during sending of
-                * fragments and calls ieee80211_stop_queue, there is
-                * a small window between IEEE80211_LINK_STATE_XOFF and
-                * IEEE80211_LINK_STATE_PENDING flags are set. If a buffer
-                * gets available in that window (i.e. driver calls
-                * ieee80211_wake_queue), we would end up with ieee80211_tx
-                * called with IEEE80211_LINK_STATE_PENDING. Prevent this by
-                * continuing transmitting here when that situation is
-                * possible to have happened. */
-               if (!__ieee80211_queue_stopped(local, control->queue)) {
-                       clear_bit(IEEE80211_LINK_STATE_PENDING,
-                                 &local->state[control->queue]);
-                       goto retry;
-               }
-               memcpy(&store->control, control,
-                      sizeof(struct ieee80211_tx_control));
-               store->skb = skb;
-               store->extra_frag = tx.u.tx.extra_frag;
-               store->num_extra_frag = tx.u.tx.num_extra_frag;
-               store->last_frag_hwrate = tx.u.tx.last_frag_hwrate;
-               store->last_frag_rate = tx.u.tx.last_frag_rate;
-               store->last_frag_rate_ctrl_probe =
-                       !!(tx.flags & IEEE80211_TXRXD_TXPROBE_LAST_FRAG);
-       }
-       rcu_read_unlock();
-       return 0;
-
- drop:
-       if (skb)
-               dev_kfree_skb(skb);
-       for (i = 0; i < tx.u.tx.num_extra_frag; i++)
-               if (tx.u.tx.extra_frag[i])
-                       dev_kfree_skb(tx.u.tx.extra_frag[i]);
-       kfree(tx.u.tx.extra_frag);
-       rcu_read_unlock();
-       return 0;
-}
-
-/* device xmit handlers */
-
-int ieee80211_master_start_xmit(struct sk_buff *skb,
-                               struct net_device *dev)
-{
-       struct ieee80211_tx_control control;
-       struct ieee80211_tx_packet_data *pkt_data;
-       struct net_device *odev = NULL;
-       struct ieee80211_sub_if_data *osdata;
-       int headroom;
-       int ret;
-
-       /*
-        * copy control out of the skb so other people can use skb->cb
-        */
-       pkt_data = (struct ieee80211_tx_packet_data *)skb->cb;
-       memset(&control, 0, sizeof(struct ieee80211_tx_control));
-
-       if (pkt_data->ifindex)
-               odev = dev_get_by_index(pkt_data->ifindex);
-       if (unlikely(odev && !is_ieee80211_device(odev, dev))) {
-               dev_put(odev);
-               odev = NULL;
-       }
-       if (unlikely(!odev)) {
-#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
-               printk(KERN_DEBUG "%s: Discarded packet with nonexistent "
-                      "originating device\n", dev->name);
-#endif
-               dev_kfree_skb(skb);
-               return 0;
-       }
-       osdata = IEEE80211_DEV_TO_SUB_IF(odev);
-
-       headroom = osdata->local->tx_headroom + IEEE80211_ENCRYPT_HEADROOM;
-       if (skb_headroom(skb) < headroom) {
-               if (pskb_expand_head(skb, headroom, 0, GFP_ATOMIC)) {
-                       dev_kfree_skb(skb);
-                       dev_put(odev);
-                       return 0;
-               }
-       }
-
-       control.ifindex = odev->ifindex;
-       control.type = osdata->type;
-       if (pkt_data->flags & IEEE80211_TXPD_REQ_TX_STATUS)
-               control.flags |= IEEE80211_TXCTL_REQ_TX_STATUS;
-       if (pkt_data->flags & IEEE80211_TXPD_DO_NOT_ENCRYPT)
-               control.flags |= IEEE80211_TXCTL_DO_NOT_ENCRYPT;
-       if (pkt_data->flags & IEEE80211_TXPD_REQUEUE)
-               control.flags |= IEEE80211_TXCTL_REQUEUE;
-       control.queue = pkt_data->queue;
-
-       ret = ieee80211_tx(odev, skb, &control);
-       dev_put(odev);
-
-       return ret;
-}
-
-int ieee80211_monitor_start_xmit(struct sk_buff *skb,
-                                struct net_device *dev)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct ieee80211_tx_packet_data *pkt_data;
-       struct ieee80211_radiotap_header *prthdr =
-               (struct ieee80211_radiotap_header *)skb->data;
-       u16 len_rthdr;
-
-       /* check for not even having the fixed radiotap header part */
-       if (unlikely(skb->len < sizeof(struct ieee80211_radiotap_header)))
-               goto fail; /* too short to be possibly valid */
-
-       /* is it a header version we can trust to find length from? */
-       if (unlikely(prthdr->it_version))
-               goto fail; /* only version 0 is supported */
-
-       /* then there must be a radiotap header with a length we can use */
-       len_rthdr = ieee80211_get_radiotap_len(skb->data);
-
-       /* does the skb contain enough to deliver on the alleged length? */
-       if (unlikely(skb->len < len_rthdr))
-               goto fail; /* skb too short for claimed rt header extent */
-
-       skb->dev = local->mdev;
-
-       pkt_data = (struct ieee80211_tx_packet_data *)skb->cb;
-       memset(pkt_data, 0, sizeof(*pkt_data));
-       /* needed because we set skb device to master */
-       pkt_data->ifindex = dev->ifindex;
-
-       pkt_data->flags |= IEEE80211_TXPD_DO_NOT_ENCRYPT;
-
-       /*
-        * fix up the pointers accounting for the radiotap
-        * header still being in there.  We are being given
-        * a precooked IEEE80211 header so no need for
-        * normal processing
-        */
-       skb_set_mac_header(skb, len_rthdr);
-       /*
-        * these are just fixed to the end of the rt area since we
-        * don't have any better information and at this point, nobody cares
-        */
-       skb_set_network_header(skb, len_rthdr);
-       skb_set_transport_header(skb, len_rthdr);
-
-       /* pass the radiotap header up to the next stage intact */
-       dev_queue_xmit(skb);
-       return NETDEV_TX_OK;
-
-fail:
-       dev_kfree_skb(skb);
-       return NETDEV_TX_OK; /* meaning, we dealt with the skb */
-}
-
-/**
- * ieee80211_subif_start_xmit - netif start_xmit function for Ethernet-type
- * subinterfaces (wlan#, WDS, and VLAN interfaces)
- * @skb: packet to be sent
- * @dev: incoming interface
- *
- * Returns: 0 on success (and frees skb in this case) or 1 on failure (skb will
- * not be freed, and caller is responsible for either retrying later or freeing
- * skb).
- *
- * This function takes in an Ethernet header and encapsulates it with suitable
- * IEEE 802.11 header based on which interface the packet is coming in. The
- * encapsulated packet will then be passed to master interface, wlan#.11, for
- * transmission (through low-level driver).
- */
-int ieee80211_subif_start_xmit(struct sk_buff *skb,
-                              struct net_device *dev)
-{
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct ieee80211_tx_packet_data *pkt_data;
-       struct ieee80211_sub_if_data *sdata;
-       int ret = 1, head_need;
-       u16 ethertype, hdrlen, fc;
-       struct ieee80211_hdr hdr;
-       const u8 *encaps_data;
-       int encaps_len, skip_header_bytes;
-       int nh_pos, h_pos;
-       struct sta_info *sta;
-
-       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-       if (unlikely(skb->len < ETH_HLEN)) {
-               printk(KERN_DEBUG "%s: short skb (len=%d)\n",
-                      dev->name, skb->len);
-               ret = 0;
-               goto fail;
-       }
-
-       nh_pos = skb_network_header(skb) - skb->data;
-       h_pos = skb_transport_header(skb) - skb->data;
-
-       /* convert Ethernet header to proper 802.11 header (based on
-        * operation mode) */
-       ethertype = (skb->data[12] << 8) | skb->data[13];
-       /* TODO: handling for 802.1x authorized/unauthorized port */
-       fc = IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA;
-
-       switch (sdata->type) {
-       case IEEE80211_IF_TYPE_AP:
-       case IEEE80211_IF_TYPE_VLAN:
-               fc |= IEEE80211_FCTL_FROMDS;
-               /* DA BSSID SA */
-               memcpy(hdr.addr1, skb->data, ETH_ALEN);
-               memcpy(hdr.addr2, dev->dev_addr, ETH_ALEN);
-               memcpy(hdr.addr3, skb->data + ETH_ALEN, ETH_ALEN);
-               hdrlen = 24;
-               break;
-       case IEEE80211_IF_TYPE_WDS:
-               fc |= IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS;
-               /* RA TA DA SA */
-               memcpy(hdr.addr1, sdata->u.wds.remote_addr, ETH_ALEN);
-               memcpy(hdr.addr2, dev->dev_addr, ETH_ALEN);
-               memcpy(hdr.addr3, skb->data, ETH_ALEN);
-               memcpy(hdr.addr4, skb->data + ETH_ALEN, ETH_ALEN);
-               hdrlen = 30;
-               break;
-       case IEEE80211_IF_TYPE_STA:
-               fc |= IEEE80211_FCTL_TODS;
-               /* BSSID SA DA */
-               memcpy(hdr.addr1, sdata->u.sta.bssid, ETH_ALEN);
-               memcpy(hdr.addr2, skb->data + ETH_ALEN, ETH_ALEN);
-               memcpy(hdr.addr3, skb->data, ETH_ALEN);
-               hdrlen = 24;
-               break;
-       case IEEE80211_IF_TYPE_IBSS:
-               /* DA SA BSSID */
-               memcpy(hdr.addr1, skb->data, ETH_ALEN);
-               memcpy(hdr.addr2, skb->data + ETH_ALEN, ETH_ALEN);
-               memcpy(hdr.addr3, sdata->u.sta.bssid, ETH_ALEN);
-               hdrlen = 24;
-               break;
-       default:
-               ret = 0;
-               goto fail;
-       }
-
-       /* receiver is QoS enabled, use a QoS type frame */
-       sta = sta_info_get(local, hdr.addr1);
-       if (sta) {
-               if (sta->flags & WLAN_STA_WME) {
-                       fc |= IEEE80211_STYPE_QOS_DATA;
-                       hdrlen += 2;
-               }
-               sta_info_put(sta);
-       }
-
-       hdr.frame_control = cpu_to_le16(fc);
-       hdr.duration_id = 0;
-       hdr.seq_ctrl = 0;
-
-       skip_header_bytes = ETH_HLEN;
-       if (ethertype == ETH_P_AARP || ethertype == ETH_P_IPX) {
-               encaps_data = bridge_tunnel_header;
-               encaps_len = sizeof(bridge_tunnel_header);
-               skip_header_bytes -= 2;
-       } else if (ethertype >= 0x600) {
-               encaps_data = rfc1042_header;
-               encaps_len = sizeof(rfc1042_header);
-               skip_header_bytes -= 2;
-       } else {
-               encaps_data = NULL;
-               encaps_len = 0;
-       }
-
-       skb_pull(skb, skip_header_bytes);
-       nh_pos -= skip_header_bytes;
-       h_pos -= skip_header_bytes;
-
-       /* TODO: implement support for fragments so that there is no need to
-        * reallocate and copy payload; it might be enough to support one
-        * extra fragment that would be copied in the beginning of the frame
-        * data.. anyway, it would be nice to include this into skb structure
-        * somehow
-        *
-        * There are few options for this:
-        * use skb->cb as an extra space for 802.11 header
-        * allocate new buffer if not enough headroom
-        * make sure that there is enough headroom in every skb by increasing
-        * build in headroom in __dev_alloc_skb() (linux/skbuff.h) and
-        * alloc_skb() (net/core/skbuff.c)
-        */
-       head_need = hdrlen + encaps_len + local->tx_headroom;
-       head_need -= skb_headroom(skb);
-
-       /* We are going to modify skb data, so make a copy of it if happens to
-        * be cloned. This could happen, e.g., with Linux bridge code passing
-        * us broadcast frames. */
-
-       if (head_need > 0 || skb_cloned(skb)) {
-#if 0
-               printk(KERN_DEBUG "%s: need to reallocate buffer for %d bytes "
-                      "of headroom\n", dev->name, head_need);
-#endif
-
-               if (skb_cloned(skb))
-                       I802_DEBUG_INC(local->tx_expand_skb_head_cloned);
-               else
-                       I802_DEBUG_INC(local->tx_expand_skb_head);
-               /* Since we have to reallocate the buffer, make sure that there
-                * is enough room for possible WEP IV/ICV and TKIP (8 bytes
-                * before payload and 12 after). */
-               if (pskb_expand_head(skb, (head_need > 0 ? head_need + 8 : 8),
-                                    12, GFP_ATOMIC)) {
-                       printk(KERN_DEBUG "%s: failed to reallocate TX buffer"
-                              "\n", dev->name);
-                       goto fail;
-               }
-       }
-
-       if (encaps_data) {
-               memcpy(skb_push(skb, encaps_len), encaps_data, encaps_len);
-               nh_pos += encaps_len;
-               h_pos += encaps_len;
-       }
-
-       if (fc & IEEE80211_STYPE_QOS_DATA) {
-               __le16 *qos_control;
-
-               qos_control = (__le16*) skb_push(skb, 2);
-               memcpy(skb_push(skb, hdrlen - 2), &hdr, hdrlen - 2);
-               /*
-                * Maybe we could actually set some fields here, for now just
-                * initialise to zero to indicate no special operation.
-                */
-               *qos_control = 0;
-       } else
-               memcpy(skb_push(skb, hdrlen), &hdr, hdrlen);
-
-       nh_pos += hdrlen;
-       h_pos += hdrlen;
-
-       pkt_data = (struct ieee80211_tx_packet_data *)skb->cb;
-       memset(pkt_data, 0, sizeof(struct ieee80211_tx_packet_data));
-       pkt_data->ifindex = dev->ifindex;
-
-       skb->dev = local->mdev;
-       dev->stats.tx_packets++;
-       dev->stats.tx_bytes += skb->len;
-
-       /* Update skb pointers to various headers since this modified frame
-        * is going to go through Linux networking code that may potentially
-        * need things like pointer to IP header. */
-       skb_set_mac_header(skb, 0);
-       skb_set_network_header(skb, nh_pos);
-       skb_set_transport_header(skb, h_pos);
-
-       dev->trans_start = jiffies;
-       dev_queue_xmit(skb);
-
-       return 0;
-
- fail:
-       if (!ret)
-               dev_kfree_skb(skb);
-
-       return ret;
-}
-
-/*
- * This is the transmit routine for the 802.11 type interfaces
- * called by upper layers of the linux networking
- * stack when it has a frame to transmit
- */
-int ieee80211_mgmt_start_xmit(struct sk_buff *skb, struct net_device *dev)
-{
-       struct ieee80211_sub_if_data *sdata;
-       struct ieee80211_tx_packet_data *pkt_data;
-       struct ieee80211_hdr *hdr;
-       u16 fc;
-
-       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-
-       if (skb->len < 10) {
-               dev_kfree_skb(skb);
-               return 0;
-       }
-
-       if (skb_headroom(skb) < sdata->local->tx_headroom) {
-               if (pskb_expand_head(skb, sdata->local->tx_headroom,
-                                    0, GFP_ATOMIC)) {
-                       dev_kfree_skb(skb);
-                       return 0;
-               }
-       }
-
-       hdr = (struct ieee80211_hdr *) skb->data;
-       fc = le16_to_cpu(hdr->frame_control);
-
-       pkt_data = (struct ieee80211_tx_packet_data *) skb->cb;
-       memset(pkt_data, 0, sizeof(struct ieee80211_tx_packet_data));
-       pkt_data->ifindex = sdata->dev->ifindex;
-
-       skb->priority = 20; /* use hardcoded priority for mgmt TX queue */
-       skb->dev = sdata->local->mdev;
-
-       /*
-        * We're using the protocol field of the the frame control header
-        * to request TX callback for hostapd. BIT(1) is checked.
-        */
-       if ((fc & BIT(1)) == BIT(1)) {
-               pkt_data->flags |= IEEE80211_TXPD_REQ_TX_STATUS;
-               fc &= ~BIT(1);
-               hdr->frame_control = cpu_to_le16(fc);
-       }
-
-       if (!(fc & IEEE80211_FCTL_PROTECTED))
-               pkt_data->flags |= IEEE80211_TXPD_DO_NOT_ENCRYPT;
-
-       dev->stats.tx_packets++;
-       dev->stats.tx_bytes += skb->len;
-
-       dev_queue_xmit(skb);
-
-       return 0;
-}
-
-/* helper functions for pending packets for when queues are stopped */
-
-void ieee80211_clear_tx_pending(struct ieee80211_local *local)
-{
-       int i, j;
-       struct ieee80211_tx_stored_packet *store;
-
-       for (i = 0; i < local->hw.queues; i++) {
-               if (!__ieee80211_queue_pending(local, i))
-                       continue;
-               store = &local->pending_packet[i];
-               kfree_skb(store->skb);
-               for (j = 0; j < store->num_extra_frag; j++)
-                       kfree_skb(store->extra_frag[j]);
-               kfree(store->extra_frag);
-               clear_bit(IEEE80211_LINK_STATE_PENDING, &local->state[i]);
-       }
-}
-
-void ieee80211_tx_pending(unsigned long data)
-{
-       struct ieee80211_local *local = (struct ieee80211_local *)data;
-       struct net_device *dev = local->mdev;
-       struct ieee80211_tx_stored_packet *store;
-       struct ieee80211_txrx_data tx;
-       int i, ret, reschedule = 0;
-
-       netif_tx_lock_bh(dev);
-       for (i = 0; i < local->hw.queues; i++) {
-               if (__ieee80211_queue_stopped(local, i))
-                       continue;
-               if (!__ieee80211_queue_pending(local, i)) {
-                       reschedule = 1;
-                       continue;
-               }
-               store = &local->pending_packet[i];
-               tx.u.tx.control = &store->control;
-               tx.u.tx.extra_frag = store->extra_frag;
-               tx.u.tx.num_extra_frag = store->num_extra_frag;
-               tx.u.tx.last_frag_hwrate = store->last_frag_hwrate;
-               tx.u.tx.last_frag_rate = store->last_frag_rate;
-               tx.flags = 0;
-               if (store->last_frag_rate_ctrl_probe)
-                       tx.flags |= IEEE80211_TXRXD_TXPROBE_LAST_FRAG;
-               ret = __ieee80211_tx(local, store->skb, &tx);
-               if (ret) {
-                       if (ret == IEEE80211_TX_FRAG_AGAIN)
-                               store->skb = NULL;
-               } else {
-                       clear_bit(IEEE80211_LINK_STATE_PENDING,
-                                 &local->state[i]);
-                       reschedule = 1;
-               }
-       }
-       netif_tx_unlock_bh(dev);
-       if (reschedule) {
-               if (!ieee80211_qdisc_installed(dev)) {
-                       if (!__ieee80211_queue_stopped(local, 0))
-                               netif_wake_queue(dev);
-               } else
-                       netif_schedule(dev);
-       }
-}
-
-/* functions for drivers to get certain frames */
-
-static void ieee80211_beacon_add_tim(struct ieee80211_local *local,
-                                    struct ieee80211_if_ap *bss,
-                                    struct sk_buff *skb)
-{
-       u8 *pos, *tim;
-       int aid0 = 0;
-       int i, have_bits = 0, n1, n2;
-
-       /* Generate bitmap for TIM only if there are any STAs in power save
-        * mode. */
-       read_lock_bh(&local->sta_lock);
-       if (atomic_read(&bss->num_sta_ps) > 0)
-               /* in the hope that this is faster than
-                * checking byte-for-byte */
-               have_bits = !bitmap_empty((unsigned long*)bss->tim,
-                                         IEEE80211_MAX_AID+1);
-
-       if (bss->dtim_count == 0)
-               bss->dtim_count = bss->dtim_period - 1;
-       else
-               bss->dtim_count--;
-
-       tim = pos = (u8 *) skb_put(skb, 6);
-       *pos++ = WLAN_EID_TIM;
-       *pos++ = 4;
-       *pos++ = bss->dtim_count;
-       *pos++ = bss->dtim_period;
-
-       if (bss->dtim_count == 0 && !skb_queue_empty(&bss->ps_bc_buf))
-               aid0 = 1;
-
-       if (have_bits) {
-               /* Find largest even number N1 so that bits numbered 1 through
-                * (N1 x 8) - 1 in the bitmap are 0 and number N2 so that bits
-                * (N2 + 1) x 8 through 2007 are 0. */
-               n1 = 0;
-               for (i = 0; i < IEEE80211_MAX_TIM_LEN; i++) {
-                       if (bss->tim[i]) {
-                               n1 = i & 0xfe;
-                               break;
-                       }
-               }
-               n2 = n1;
-               for (i = IEEE80211_MAX_TIM_LEN - 1; i >= n1; i--) {
-                       if (bss->tim[i]) {
-                               n2 = i;
-                               break;
-                       }
-               }
-
-               /* Bitmap control */
-               *pos++ = n1 | aid0;
-               /* Part Virt Bitmap */
-               memcpy(pos, bss->tim + n1, n2 - n1 + 1);
-
-               tim[1] = n2 - n1 + 4;
-               skb_put(skb, n2 - n1);
-       } else {
-               *pos++ = aid0; /* Bitmap control */
-               *pos++ = 0; /* Part Virt Bitmap */
-       }
-       read_unlock_bh(&local->sta_lock);
-}
-
-struct sk_buff *ieee80211_beacon_get(struct ieee80211_hw *hw, int if_id,
-                                    struct ieee80211_tx_control *control)
-{
-       struct ieee80211_local *local = hw_to_local(hw);
-       struct sk_buff *skb;
-       struct net_device *bdev;
-       struct ieee80211_sub_if_data *sdata = NULL;
-       struct ieee80211_if_ap *ap = NULL;
-       struct ieee80211_rate *rate;
-       struct rate_control_extra extra;
-       u8 *b_head, *b_tail;
-       int bh_len, bt_len;
-
-       bdev = dev_get_by_index(if_id);
-       if (bdev) {
-               sdata = IEEE80211_DEV_TO_SUB_IF(bdev);
-               ap = &sdata->u.ap;
-               dev_put(bdev);
-       }
-
-       if (!ap || sdata->type != IEEE80211_IF_TYPE_AP ||
-           !ap->beacon_head) {
-#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
-               if (net_ratelimit())
-                       printk(KERN_DEBUG "no beacon data avail for idx=%d "
-                              "(%s)\n", if_id, bdev ? bdev->name : "N/A");
-#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
-               return NULL;
-       }
-
-       /* Assume we are generating the normal beacon locally */
-       b_head = ap->beacon_head;
-       b_tail = ap->beacon_tail;
-       bh_len = ap->beacon_head_len;
-       bt_len = ap->beacon_tail_len;
-
-       skb = dev_alloc_skb(local->tx_headroom +
-               bh_len + bt_len + 256 /* maximum TIM len */);
-       if (!skb)
-               return NULL;
-
-       skb_reserve(skb, local->tx_headroom);
-       memcpy(skb_put(skb, bh_len), b_head, bh_len);
-
-       ieee80211_include_sequence(sdata, (struct ieee80211_hdr *)skb->data);
-
-       ieee80211_beacon_add_tim(local, ap, skb);
-
-       if (b_tail) {
-               memcpy(skb_put(skb, bt_len), b_tail, bt_len);
-       }
-
-       if (control) {
-               memset(&extra, 0, sizeof(extra));
-               extra.mode = local->oper_hw_mode;
-
-               rate = rate_control_get_rate(local, local->mdev, skb, &extra);
-               if (!rate) {
-                       if (net_ratelimit()) {
-                               printk(KERN_DEBUG "%s: ieee80211_beacon_get: no rate "
-                                      "found\n", wiphy_name(local->hw.wiphy));
-                       }
-                       dev_kfree_skb(skb);
-                       return NULL;
-               }
-
-               control->tx_rate =
-                       ((sdata->flags & IEEE80211_SDATA_SHORT_PREAMBLE) &&
-                       (rate->flags & IEEE80211_RATE_PREAMBLE2)) ?
-                       rate->val2 : rate->val;
-               control->antenna_sel_tx = local->hw.conf.antenna_sel_tx;
-               control->power_level = local->hw.conf.power_level;
-               control->flags |= IEEE80211_TXCTL_NO_ACK;
-               control->retry_limit = 1;
-               control->flags |= IEEE80211_TXCTL_CLEAR_DST_MASK;
-       }
-
-       ap->num_beacons++;
-       return skb;
-}
-EXPORT_SYMBOL(ieee80211_beacon_get);
-
-void ieee80211_rts_get(struct ieee80211_hw *hw, int if_id,
-                      const void *frame, size_t frame_len,
-                      const struct ieee80211_tx_control *frame_txctl,
-                      struct ieee80211_rts *rts)
-{
-       const struct ieee80211_hdr *hdr = frame;
-       u16 fctl;
-
-       fctl = IEEE80211_FTYPE_CTL | IEEE80211_STYPE_RTS;
-       rts->frame_control = cpu_to_le16(fctl);
-       rts->duration = ieee80211_rts_duration(hw, if_id, frame_len, frame_txctl);
-       memcpy(rts->ra, hdr->addr1, sizeof(rts->ra));
-       memcpy(rts->ta, hdr->addr2, sizeof(rts->ta));
-}
-EXPORT_SYMBOL(ieee80211_rts_get);
-
-void ieee80211_ctstoself_get(struct ieee80211_hw *hw, int if_id,
-                            const void *frame, size_t frame_len,
-                            const struct ieee80211_tx_control *frame_txctl,
-                            struct ieee80211_cts *cts)
-{
-       const struct ieee80211_hdr *hdr = frame;
-       u16 fctl;
-
-       fctl = IEEE80211_FTYPE_CTL | IEEE80211_STYPE_CTS;
-       cts->frame_control = cpu_to_le16(fctl);
-       cts->duration = ieee80211_ctstoself_duration(hw, if_id, frame_len, frame_txctl);
-       memcpy(cts->ra, hdr->addr1, sizeof(cts->ra));
-}
-EXPORT_SYMBOL(ieee80211_ctstoself_get);
-
-struct sk_buff *
-ieee80211_get_buffered_bc(struct ieee80211_hw *hw, int if_id,
-                         struct ieee80211_tx_control *control)
-{
-       struct ieee80211_local *local = hw_to_local(hw);
-       struct sk_buff *skb;
-       struct sta_info *sta;
-       ieee80211_tx_handler *handler;
-       struct ieee80211_txrx_data tx;
-       ieee80211_txrx_result res = TXRX_DROP;
-       struct net_device *bdev;
-       struct ieee80211_sub_if_data *sdata;
-       struct ieee80211_if_ap *bss = NULL;
-
-       bdev = dev_get_by_index(if_id);
-       if (bdev) {
-               sdata = IEEE80211_DEV_TO_SUB_IF(bdev);
-               bss = &sdata->u.ap;
-               dev_put(bdev);
-       }
-       if (!bss || sdata->type != IEEE80211_IF_TYPE_AP || !bss->beacon_head)
-               return NULL;
-
-       if (bss->dtim_count != 0)
-               return NULL; /* send buffered bc/mc only after DTIM beacon */
-       memset(control, 0, sizeof(*control));
-       while (1) {
-               skb = skb_dequeue(&bss->ps_bc_buf);
-               if (!skb)
-                       return NULL;
-               local->total_ps_buffered--;
-
-               if (!skb_queue_empty(&bss->ps_bc_buf) && skb->len >= 2) {
-                       struct ieee80211_hdr *hdr =
-                               (struct ieee80211_hdr *) skb->data;
-                       /* more buffered multicast/broadcast frames ==> set
-                        * MoreData flag in IEEE 802.11 header to inform PS
-                        * STAs */
-                       hdr->frame_control |=
-                               cpu_to_le16(IEEE80211_FCTL_MOREDATA);
-               }
-
-               if (!ieee80211_tx_prepare(&tx, skb, local->mdev, control))
-                       break;
-               dev_kfree_skb_any(skb);
-       }
-       sta = tx.sta;
-       tx.flags |= IEEE80211_TXRXD_TXPS_BUFFERED;
-       tx.u.tx.mode = local->hw.conf.mode;
-
-       for (handler = local->tx_handlers; *handler != NULL; handler++) {
-               res = (*handler)(&tx);
-               if (res == TXRX_DROP || res == TXRX_QUEUED)
-                       break;
-       }
-       dev_put(tx.dev);
-       skb = tx.skb; /* handlers are allowed to change skb */
-
-       if (res == TXRX_DROP) {
-               I802_DEBUG_INC(local->tx_handlers_drop);
-               dev_kfree_skb(skb);
-               skb = NULL;
-       } else if (res == TXRX_QUEUED) {
-               I802_DEBUG_INC(local->tx_handlers_queued);
-               skb = NULL;
-       }
-
-       if (sta)
-               sta_info_put(sta);
-
-       return skb;
-}
-EXPORT_SYMBOL(ieee80211_get_buffered_bc);
 
+++ /dev/null
-/*
- * Copyright 2002-2005, Instant802 Networks, Inc.
- * Copyright 2005-2006, Devicescape Software, Inc.
- * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
- * Copyright 2007      Johannes Berg <johannes@sipsolutions.net>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * utilities for mac80211
- */
-
-#include <net/mac80211.h>
-#include <linux/netdevice.h>
-#include <linux/types.h>
-#include <linux/slab.h>
-#include <linux/skbuff.h>
-#include <linux/etherdevice.h>
-#include <linux/if_arp.h>
-#include <linux/wireless.h>
-#include <linux/bitmap.h>
-#include <net/cfg80211.h>
-
-#include "ieee80211_i.h"
-#include "ieee80211_rate.h"
-#include "wme.h"
-
-/* privid for wiphys to determine whether they belong to us or not */
-void *mac80211_wiphy_privid = &mac80211_wiphy_privid;
-
-/* See IEEE 802.1H for LLC/SNAP encapsulation/decapsulation */
-/* Ethernet-II snap header (RFC1042 for most EtherTypes) */
-const unsigned char rfc1042_header[] =
-       { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
-
-/* Bridge-Tunnel header (for EtherTypes ETH_P_AARP and ETH_P_IPX) */
-const unsigned char bridge_tunnel_header[] =
-       { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0xf8 };
-
-/* No encapsulation header if EtherType < 0x600 (=length) */
-static const unsigned char eapol_header[] =
-       { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00, 0x88, 0x8e };
-
-
-static int rate_list_match(const int *rate_list, int rate)
-{
-       int i;
-
-       if (!rate_list)
-               return 0;
-
-       for (i = 0; rate_list[i] >= 0; i++)
-               if (rate_list[i] == rate)
-                       return 1;
-
-       return 0;
-}
-
-void ieee80211_prepare_rates(struct ieee80211_local *local,
-                            struct ieee80211_hw_mode *mode)
-{
-       int i;
-
-       for (i = 0; i < mode->num_rates; i++) {
-               struct ieee80211_rate *rate = &mode->rates[i];
-
-               rate->flags &= ~(IEEE80211_RATE_SUPPORTED |
-                                IEEE80211_RATE_BASIC);
-
-               if (local->supp_rates[mode->mode]) {
-                       if (!rate_list_match(local->supp_rates[mode->mode],
-                                            rate->rate))
-                               continue;
-               }
-
-               rate->flags |= IEEE80211_RATE_SUPPORTED;
-
-               /* Use configured basic rate set if it is available. If not,
-                * use defaults that are sane for most cases. */
-               if (local->basic_rates[mode->mode]) {
-                       if (rate_list_match(local->basic_rates[mode->mode],
-                                           rate->rate))
-                               rate->flags |= IEEE80211_RATE_BASIC;
-               } else switch (mode->mode) {
-               case MODE_IEEE80211A:
-                       if (rate->rate == 60 || rate->rate == 120 ||
-                           rate->rate == 240)
-                               rate->flags |= IEEE80211_RATE_BASIC;
-                       break;
-               case MODE_IEEE80211B:
-                       if (rate->rate == 10 || rate->rate == 20)
-                               rate->flags |= IEEE80211_RATE_BASIC;
-                       break;
-               case MODE_IEEE80211G:
-                       if (rate->rate == 10 || rate->rate == 20 ||
-                           rate->rate == 55 || rate->rate == 110)
-                               rate->flags |= IEEE80211_RATE_BASIC;
-                       break;
-               case NUM_IEEE80211_MODES:
-                       /* not useful */
-                       break;
-               }
-
-               /* Set ERP and MANDATORY flags based on phymode */
-               switch (mode->mode) {
-               case MODE_IEEE80211A:
-                       if (rate->rate == 60 || rate->rate == 120 ||
-                           rate->rate == 240)
-                               rate->flags |= IEEE80211_RATE_MANDATORY;
-                       break;
-               case MODE_IEEE80211B:
-                       if (rate->rate == 10)
-                               rate->flags |= IEEE80211_RATE_MANDATORY;
-                       break;
-               case MODE_IEEE80211G:
-                       if (rate->rate == 10 || rate->rate == 20 ||
-                           rate->rate == 55 || rate->rate == 110 ||
-                           rate->rate == 60 || rate->rate == 120 ||
-                           rate->rate == 240)
-                               rate->flags |= IEEE80211_RATE_MANDATORY;
-                       break;
-               case NUM_IEEE80211_MODES:
-                       /* not useful */
-                       break;
-               }
-               if (ieee80211_is_erp_rate(mode->mode, rate->rate))
-                       rate->flags |= IEEE80211_RATE_ERP;
-       }
-}
-
-u8 *ieee80211_get_bssid(struct ieee80211_hdr *hdr, size_t len)
-{
-       u16 fc;
-
-       if (len < 24)
-               return NULL;
-
-       fc = le16_to_cpu(hdr->frame_control);
-
-       switch (fc & IEEE80211_FCTL_FTYPE) {
-       case IEEE80211_FTYPE_DATA:
-               switch (fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) {
-               case IEEE80211_FCTL_TODS:
-                       return hdr->addr1;
-               case (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS):
-                       return NULL;
-               case IEEE80211_FCTL_FROMDS:
-                       return hdr->addr2;
-               case 0:
-                       return hdr->addr3;
-               }
-               break;
-       case IEEE80211_FTYPE_MGMT:
-               return hdr->addr3;
-       case IEEE80211_FTYPE_CTL:
-               if ((fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_PSPOLL)
-                       return hdr->addr1;
-               else
-                       return NULL;
-       }
-
-       return NULL;
-}
-
-int ieee80211_get_hdrlen(u16 fc)
-{
-       int hdrlen = 24;
-
-       switch (fc & IEEE80211_FCTL_FTYPE) {
-       case IEEE80211_FTYPE_DATA:
-               if ((fc & IEEE80211_FCTL_FROMDS) && (fc & IEEE80211_FCTL_TODS))
-                       hdrlen = 30; /* Addr4 */
-               /*
-                * The QoS Control field is two bytes and its presence is
-                * indicated by the IEEE80211_STYPE_QOS_DATA bit. Add 2 to
-                * hdrlen if that bit is set.
-                * This works by masking out the bit and shifting it to
-                * bit position 1 so the result has the value 0 or 2.
-                */
-               hdrlen += (fc & IEEE80211_STYPE_QOS_DATA)
-                               >> (ilog2(IEEE80211_STYPE_QOS_DATA)-1);
-               break;
-       case IEEE80211_FTYPE_CTL:
-               /*
-                * ACK and CTS are 10 bytes, all others 16. To see how
-                * to get this condition consider
-                *   subtype mask:   0b0000000011110000 (0x00F0)
-                *   ACK subtype:    0b0000000011010000 (0x00D0)
-                *   CTS subtype:    0b0000000011000000 (0x00C0)
-                *   bits that matter:         ^^^      (0x00E0)
-                *   value of those: 0b0000000011000000 (0x00C0)
-                */
-               if ((fc & 0xE0) == 0xC0)
-                       hdrlen = 10;
-               else
-                       hdrlen = 16;
-               break;
-       }
-
-       return hdrlen;
-}
-EXPORT_SYMBOL(ieee80211_get_hdrlen);
-
-int ieee80211_get_hdrlen_from_skb(const struct sk_buff *skb)
-{
-       const struct ieee80211_hdr *hdr = (const struct ieee80211_hdr *) skb->data;
-       int hdrlen;
-
-       if (unlikely(skb->len < 10))
-               return 0;
-       hdrlen = ieee80211_get_hdrlen(le16_to_cpu(hdr->frame_control));
-       if (unlikely(hdrlen > skb->len))
-               return 0;
-       return hdrlen;
-}
-EXPORT_SYMBOL(ieee80211_get_hdrlen_from_skb);
-
-int ieee80211_is_eapol(const struct sk_buff *skb)
-{
-       const struct ieee80211_hdr *hdr;
-       u16 fc;
-       int hdrlen;
-
-       if (unlikely(skb->len < 10))
-               return 0;
-
-       hdr = (const struct ieee80211_hdr *) skb->data;
-       fc = le16_to_cpu(hdr->frame_control);
-
-       if (unlikely(!WLAN_FC_DATA_PRESENT(fc)))
-               return 0;
-
-       hdrlen = ieee80211_get_hdrlen(fc);
-
-       if (unlikely(skb->len >= hdrlen + sizeof(eapol_header) &&
-                    memcmp(skb->data + hdrlen, eapol_header,
-                           sizeof(eapol_header)) == 0))
-               return 1;
-
-       return 0;
-}
-
-void ieee80211_tx_set_iswep(struct ieee80211_txrx_data *tx)
-{
-       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) tx->skb->data;
-
-       hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
-       if (tx->u.tx.extra_frag) {
-               struct ieee80211_hdr *fhdr;
-               int i;
-               for (i = 0; i < tx->u.tx.num_extra_frag; i++) {
-                       fhdr = (struct ieee80211_hdr *)
-                               tx->u.tx.extra_frag[i]->data;
-                       fhdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
-               }
-       }
-}
-
-int ieee80211_frame_duration(struct ieee80211_local *local, size_t len,
-                            int rate, int erp, int short_preamble)
-{
-       int dur;
-
-       /* calculate duration (in microseconds, rounded up to next higher
-        * integer if it includes a fractional microsecond) to send frame of
-        * len bytes (does not include FCS) at the given rate. Duration will
-        * also include SIFS.
-        *
-        * rate is in 100 kbps, so divident is multiplied by 10 in the
-        * DIV_ROUND_UP() operations.
-        */
-
-       if (local->hw.conf.phymode == MODE_IEEE80211A || erp) {
-               /*
-                * OFDM:
-                *
-                * N_DBPS = DATARATE x 4
-                * N_SYM = Ceiling((16+8xLENGTH+6) / N_DBPS)
-                *      (16 = SIGNAL time, 6 = tail bits)
-                * TXTIME = T_PREAMBLE + T_SIGNAL + T_SYM x N_SYM + Signal Ext
-                *
-                * T_SYM = 4 usec
-                * 802.11a - 17.5.2: aSIFSTime = 16 usec
-                * 802.11g - 19.8.4: aSIFSTime = 10 usec +
-                *      signal ext = 6 usec
-                */
-               dur = 16; /* SIFS + signal ext */
-               dur += 16; /* 17.3.2.3: T_PREAMBLE = 16 usec */
-               dur += 4; /* 17.3.2.3: T_SIGNAL = 4 usec */
-               dur += 4 * DIV_ROUND_UP((16 + 8 * (len + 4) + 6) * 10,
-                                       4 * rate); /* T_SYM x N_SYM */
-       } else {
-               /*
-                * 802.11b or 802.11g with 802.11b compatibility:
-                * 18.3.4: TXTIME = PreambleLength + PLCPHeaderTime +
-                * Ceiling(((LENGTH+PBCC)x8)/DATARATE). PBCC=0.
-                *
-                * 802.11 (DS): 15.3.3, 802.11b: 18.3.4
-                * aSIFSTime = 10 usec
-                * aPreambleLength = 144 usec or 72 usec with short preamble
-                * aPLCPHeaderLength = 48 usec or 24 usec with short preamble
-                */
-               dur = 10; /* aSIFSTime = 10 usec */
-               dur += short_preamble ? (72 + 24) : (144 + 48);
-
-               dur += DIV_ROUND_UP(8 * (len + 4) * 10, rate);
-       }
-
-       return dur;
-}
-
-/* Exported duration function for driver use */
-__le16 ieee80211_generic_frame_duration(struct ieee80211_hw *hw, int if_id,
-                                       size_t frame_len, int rate)
-{
-       struct ieee80211_local *local = hw_to_local(hw);
-       struct net_device *bdev = dev_get_by_index(if_id);
-       struct ieee80211_sub_if_data *sdata;
-       u16 dur;
-       int erp;
-
-       if (unlikely(!bdev))
-               return 0;
-
-       sdata = IEEE80211_DEV_TO_SUB_IF(bdev);
-       erp = ieee80211_is_erp_rate(hw->conf.phymode, rate);
-       dur = ieee80211_frame_duration(local, frame_len, rate,
-                      erp, sdata->flags & IEEE80211_SDATA_SHORT_PREAMBLE);
-
-       dev_put(bdev);
-       return cpu_to_le16(dur);
-}
-EXPORT_SYMBOL(ieee80211_generic_frame_duration);
-
-__le16 ieee80211_rts_duration(struct ieee80211_hw *hw, int if_id,
-                             size_t frame_len,
-                             const struct ieee80211_tx_control *frame_txctl)
-{
-       struct ieee80211_local *local = hw_to_local(hw);
-       struct ieee80211_rate *rate;
-       struct net_device *bdev = dev_get_by_index(if_id);
-       struct ieee80211_sub_if_data *sdata;
-       int short_preamble;
-       int erp;
-       u16 dur;
-
-       if (unlikely(!bdev))
-               return 0;
-
-       sdata = IEEE80211_DEV_TO_SUB_IF(bdev);
-       short_preamble = sdata->flags & IEEE80211_SDATA_SHORT_PREAMBLE;
-
-       rate = frame_txctl->rts_rate;
-       erp = !!(rate->flags & IEEE80211_RATE_ERP);
-
-       /* CTS duration */
-       dur = ieee80211_frame_duration(local, 10, rate->rate,
-                                      erp, short_preamble);
-       /* Data frame duration */
-       dur += ieee80211_frame_duration(local, frame_len, rate->rate,
-                                       erp, short_preamble);
-       /* ACK duration */
-       dur += ieee80211_frame_duration(local, 10, rate->rate,
-                                       erp, short_preamble);
-
-       dev_put(bdev);
-       return cpu_to_le16(dur);
-}
-EXPORT_SYMBOL(ieee80211_rts_duration);
-
-__le16 ieee80211_ctstoself_duration(struct ieee80211_hw *hw, int if_id,
-                                   size_t frame_len,
-                                   const struct ieee80211_tx_control *frame_txctl)
-{
-       struct ieee80211_local *local = hw_to_local(hw);
-       struct ieee80211_rate *rate;
-       struct net_device *bdev = dev_get_by_index(if_id);
-       struct ieee80211_sub_if_data *sdata;
-       int short_preamble;
-       int erp;
-       u16 dur;
-
-       if (unlikely(!bdev))
-               return 0;
-
-       sdata = IEEE80211_DEV_TO_SUB_IF(bdev);
-       short_preamble = sdata->flags & IEEE80211_SDATA_SHORT_PREAMBLE;
-
-       rate = frame_txctl->rts_rate;
-       erp = !!(rate->flags & IEEE80211_RATE_ERP);
-
-       /* Data frame duration */
-       dur = ieee80211_frame_duration(local, frame_len, rate->rate,
-                                      erp, short_preamble);
-       if (!(frame_txctl->flags & IEEE80211_TXCTL_NO_ACK)) {
-               /* ACK duration */
-               dur += ieee80211_frame_duration(local, 10, rate->rate,
-                                               erp, short_preamble);
-       }
-
-       dev_put(bdev);
-       return cpu_to_le16(dur);
-}
-EXPORT_SYMBOL(ieee80211_ctstoself_duration);
-
-struct ieee80211_rate *
-ieee80211_get_rate(struct ieee80211_local *local, int phymode, int hw_rate)
-{
-       struct ieee80211_hw_mode *mode;
-       int r;
-
-       list_for_each_entry(mode, &local->modes_list, list) {
-               if (mode->mode != phymode)
-                       continue;
-               for (r = 0; r < mode->num_rates; r++) {
-                       struct ieee80211_rate *rate = &mode->rates[r];
-                       if (rate->val == hw_rate ||
-                           (rate->flags & IEEE80211_RATE_PREAMBLE2 &&
-                            rate->val2 == hw_rate))
-                               return rate;
-               }
-       }
-
-       return NULL;
-}
-
-void ieee80211_wake_queue(struct ieee80211_hw *hw, int queue)
-{
-       struct ieee80211_local *local = hw_to_local(hw);
-
-       if (test_and_clear_bit(IEEE80211_LINK_STATE_XOFF,
-                              &local->state[queue])) {
-               if (test_bit(IEEE80211_LINK_STATE_PENDING,
-                            &local->state[queue]))
-                       tasklet_schedule(&local->tx_pending_tasklet);
-               else
-                       if (!ieee80211_qdisc_installed(local->mdev)) {
-                               if (queue == 0)
-                                       netif_wake_queue(local->mdev);
-                       } else
-                               __netif_schedule(local->mdev);
-       }
-}
-EXPORT_SYMBOL(ieee80211_wake_queue);
-
-void ieee80211_stop_queue(struct ieee80211_hw *hw, int queue)
-{
-       struct ieee80211_local *local = hw_to_local(hw);
-
-       if (!ieee80211_qdisc_installed(local->mdev) && queue == 0)
-               netif_stop_queue(local->mdev);
-       set_bit(IEEE80211_LINK_STATE_XOFF, &local->state[queue]);
-}
-EXPORT_SYMBOL(ieee80211_stop_queue);
-
-void ieee80211_start_queues(struct ieee80211_hw *hw)
-{
-       struct ieee80211_local *local = hw_to_local(hw);
-       int i;
-
-       for (i = 0; i < local->hw.queues; i++)
-               clear_bit(IEEE80211_LINK_STATE_XOFF, &local->state[i]);
-       if (!ieee80211_qdisc_installed(local->mdev))
-               netif_start_queue(local->mdev);
-}
-EXPORT_SYMBOL(ieee80211_start_queues);
-
-void ieee80211_stop_queues(struct ieee80211_hw *hw)
-{
-       int i;
-
-       for (i = 0; i < hw->queues; i++)
-               ieee80211_stop_queue(hw, i);
-}
-EXPORT_SYMBOL(ieee80211_stop_queues);
-
-void ieee80211_wake_queues(struct ieee80211_hw *hw)
-{
-       int i;
-
-       for (i = 0; i < hw->queues; i++)
-               ieee80211_wake_queue(hw, i);
-}
-EXPORT_SYMBOL(ieee80211_wake_queues);
 
+++ /dev/null
-/*
- * Software WEP encryption implementation
- * Copyright 2002, Jouni Malinen <jkmaline@cc.hut.fi>
- * Copyright 2003, Instant802 Networks, Inc.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-#include <linux/netdevice.h>
-#include <linux/types.h>
-#include <linux/random.h>
-#include <linux/compiler.h>
-#include <linux/crc32.h>
-#include <linux/crypto.h>
-#include <linux/err.h>
-#include <linux/mm.h>
-#include <asm/scatterlist.h>
-
-#include <net/mac80211.h>
-#include "ieee80211_i.h"
-#include "wep.h"
-
-
-int ieee80211_wep_init(struct ieee80211_local *local)
-{
-       /* start WEP IV from a random value */
-       get_random_bytes(&local->wep_iv, WEP_IV_LEN);
-
-       local->wep_tx_tfm = crypto_alloc_blkcipher("ecb(arc4)", 0,
-                                               CRYPTO_ALG_ASYNC);
-       if (IS_ERR(local->wep_tx_tfm))
-               return -ENOMEM;
-
-       local->wep_rx_tfm = crypto_alloc_blkcipher("ecb(arc4)", 0,
-                                               CRYPTO_ALG_ASYNC);
-       if (IS_ERR(local->wep_rx_tfm)) {
-               crypto_free_blkcipher(local->wep_tx_tfm);
-               return -ENOMEM;
-       }
-
-       return 0;
-}
-
-void ieee80211_wep_free(struct ieee80211_local *local)
-{
-       crypto_free_blkcipher(local->wep_tx_tfm);
-       crypto_free_blkcipher(local->wep_rx_tfm);
-}
-
-static inline int ieee80211_wep_weak_iv(u32 iv, int keylen)
-{
-       /* Fluhrer, Mantin, and Shamir have reported weaknesses in the
-        * key scheduling algorithm of RC4. At least IVs (KeyByte + 3,
-        * 0xff, N) can be used to speedup attacks, so avoid using them. */
-       if ((iv & 0xff00) == 0xff00) {
-               u8 B = (iv >> 16) & 0xff;
-               if (B >= 3 && B < 3 + keylen)
-                       return 1;
-       }
-       return 0;
-}
-
-
-static void ieee80211_wep_get_iv(struct ieee80211_local *local,
-                                struct ieee80211_key *key, u8 *iv)
-{
-       local->wep_iv++;
-       if (ieee80211_wep_weak_iv(local->wep_iv, key->conf.keylen))
-               local->wep_iv += 0x0100;
-
-       if (!iv)
-               return;
-
-       *iv++ = (local->wep_iv >> 16) & 0xff;
-       *iv++ = (local->wep_iv >> 8) & 0xff;
-       *iv++ = local->wep_iv & 0xff;
-       *iv++ = key->conf.keyidx << 6;
-}
-
-
-static u8 *ieee80211_wep_add_iv(struct ieee80211_local *local,
-                               struct sk_buff *skb,
-                               struct ieee80211_key *key)
-{
-       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
-       u16 fc;
-       int hdrlen;
-       u8 *newhdr;
-
-       fc = le16_to_cpu(hdr->frame_control);
-       fc |= IEEE80211_FCTL_PROTECTED;
-       hdr->frame_control = cpu_to_le16(fc);
-
-       if ((skb_headroom(skb) < WEP_IV_LEN ||
-            skb_tailroom(skb) < WEP_ICV_LEN)) {
-               I802_DEBUG_INC(local->tx_expand_skb_head);
-               if (unlikely(pskb_expand_head(skb, WEP_IV_LEN, WEP_ICV_LEN,
-                                             GFP_ATOMIC)))
-                       return NULL;
-       }
-
-       hdrlen = ieee80211_get_hdrlen(fc);
-       newhdr = skb_push(skb, WEP_IV_LEN);
-       memmove(newhdr, newhdr + WEP_IV_LEN, hdrlen);
-       ieee80211_wep_get_iv(local, key, newhdr + hdrlen);
-       return newhdr + hdrlen;
-}
-
-
-static void ieee80211_wep_remove_iv(struct ieee80211_local *local,
-                                   struct sk_buff *skb,
-                                   struct ieee80211_key *key)
-{
-       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
-       u16 fc;
-       int hdrlen;
-
-       fc = le16_to_cpu(hdr->frame_control);
-       hdrlen = ieee80211_get_hdrlen(fc);
-       memmove(skb->data + WEP_IV_LEN, skb->data, hdrlen);
-       skb_pull(skb, WEP_IV_LEN);
-}
-
-
-/* Perform WEP encryption using given key. data buffer must have tailroom
- * for 4-byte ICV. data_len must not include this ICV. Note: this function
- * does _not_ add IV. data = RC4(data | CRC32(data)) */
-void ieee80211_wep_encrypt_data(struct crypto_blkcipher *tfm, u8 *rc4key,
-                               size_t klen, u8 *data, size_t data_len)
-{
-       struct blkcipher_desc desc = { .tfm = tfm };
-       struct scatterlist sg;
-       __le32 *icv;
-
-       icv = (__le32 *)(data + data_len);
-       *icv = cpu_to_le32(~crc32_le(~0, data, data_len));
-
-       crypto_blkcipher_setkey(tfm, rc4key, klen);
-       sg.page = virt_to_page(data);
-       sg.offset = offset_in_page(data);
-       sg.length = data_len + WEP_ICV_LEN;
-       crypto_blkcipher_encrypt(&desc, &sg, &sg, sg.length);
-}
-
-
-/* Perform WEP encryption on given skb. 4 bytes of extra space (IV) in the
- * beginning of the buffer 4 bytes of extra space (ICV) in the end of the
- * buffer will be added. Both IV and ICV will be transmitted, so the
- * payload length increases with 8 bytes.
- *
- * WEP frame payload: IV + TX key idx, RC4(data), ICV = RC4(CRC32(data))
- */
-int ieee80211_wep_encrypt(struct ieee80211_local *local, struct sk_buff *skb,
-                         struct ieee80211_key *key)
-{
-       u32 klen;
-       u8 *rc4key, *iv;
-       size_t len;
-
-       if (!key || key->conf.alg != ALG_WEP)
-               return -1;
-
-       klen = 3 + key->conf.keylen;
-       rc4key = kmalloc(klen, GFP_ATOMIC);
-       if (!rc4key)
-               return -1;
-
-       iv = ieee80211_wep_add_iv(local, skb, key);
-       if (!iv) {
-               kfree(rc4key);
-               return -1;
-       }
-
-       len = skb->len - (iv + WEP_IV_LEN - skb->data);
-
-       /* Prepend 24-bit IV to RC4 key */
-       memcpy(rc4key, iv, 3);
-
-       /* Copy rest of the WEP key (the secret part) */
-       memcpy(rc4key + 3, key->conf.key, key->conf.keylen);
-
-       /* Add room for ICV */
-       skb_put(skb, WEP_ICV_LEN);
-
-       ieee80211_wep_encrypt_data(local->wep_tx_tfm, rc4key, klen,
-                                  iv + WEP_IV_LEN, len);
-
-       kfree(rc4key);
-
-       return 0;
-}
-
-
-/* Perform WEP decryption using given key. data buffer includes encrypted
- * payload, including 4-byte ICV, but _not_ IV. data_len must not include ICV.
- * Return 0 on success and -1 on ICV mismatch. */
-int ieee80211_wep_decrypt_data(struct crypto_blkcipher *tfm, u8 *rc4key,
-                              size_t klen, u8 *data, size_t data_len)
-{
-       struct blkcipher_desc desc = { .tfm = tfm };
-       struct scatterlist sg;
-       __le32 crc;
-
-       crypto_blkcipher_setkey(tfm, rc4key, klen);
-       sg.page = virt_to_page(data);
-       sg.offset = offset_in_page(data);
-       sg.length = data_len + WEP_ICV_LEN;
-       crypto_blkcipher_decrypt(&desc, &sg, &sg, sg.length);
-
-       crc = cpu_to_le32(~crc32_le(~0, data, data_len));
-       if (memcmp(&crc, data + data_len, WEP_ICV_LEN) != 0)
-               /* ICV mismatch */
-               return -1;
-
-       return 0;
-}
-
-
-/* Perform WEP decryption on given skb. Buffer includes whole WEP part of
- * the frame: IV (4 bytes), encrypted payload (including SNAP header),
- * ICV (4 bytes). skb->len includes both IV and ICV.
- *
- * Returns 0 if frame was decrypted successfully and ICV was correct and -1 on
- * failure. If frame is OK, IV and ICV will be removed, i.e., decrypted payload
- * is moved to the beginning of the skb and skb length will be reduced.
- */
-int ieee80211_wep_decrypt(struct ieee80211_local *local, struct sk_buff *skb,
-                         struct ieee80211_key *key)
-{
-       u32 klen;
-       u8 *rc4key;
-       u8 keyidx;
-       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
-       u16 fc;
-       int hdrlen;
-       size_t len;
-       int ret = 0;
-
-       fc = le16_to_cpu(hdr->frame_control);
-       if (!(fc & IEEE80211_FCTL_PROTECTED))
-               return -1;
-
-       hdrlen = ieee80211_get_hdrlen(fc);
-
-       if (skb->len < 8 + hdrlen)
-               return -1;
-
-       len = skb->len - hdrlen - 8;
-
-       keyidx = skb->data[hdrlen + 3] >> 6;
-
-       if (!key || keyidx != key->conf.keyidx || key->conf.alg != ALG_WEP)
-               return -1;
-
-       klen = 3 + key->conf.keylen;
-
-       rc4key = kmalloc(klen, GFP_ATOMIC);
-       if (!rc4key)
-               return -1;
-
-       /* Prepend 24-bit IV to RC4 key */
-       memcpy(rc4key, skb->data + hdrlen, 3);
-
-       /* Copy rest of the WEP key (the secret part) */
-       memcpy(rc4key + 3, key->conf.key, key->conf.keylen);
-
-       if (ieee80211_wep_decrypt_data(local->wep_rx_tfm, rc4key, klen,
-                                      skb->data + hdrlen + WEP_IV_LEN,
-                                      len)) {
-               printk(KERN_DEBUG "WEP decrypt failed (ICV)\n");
-               ret = -1;
-       }
-
-       kfree(rc4key);
-
-       /* Trim ICV */
-       skb_trim(skb, skb->len - WEP_ICV_LEN);
-
-       /* Remove IV */
-       memmove(skb->data + WEP_IV_LEN, skb->data, hdrlen);
-       skb_pull(skb, WEP_IV_LEN);
-
-       return ret;
-}
-
-
-u8 * ieee80211_wep_is_weak_iv(struct sk_buff *skb, struct ieee80211_key *key)
-{
-       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
-       u16 fc;
-       int hdrlen;
-       u8 *ivpos;
-       u32 iv;
-
-       fc = le16_to_cpu(hdr->frame_control);
-       if (!(fc & IEEE80211_FCTL_PROTECTED))
-               return NULL;
-
-       hdrlen = ieee80211_get_hdrlen(fc);
-       ivpos = skb->data + hdrlen;
-       iv = (ivpos[0] << 16) | (ivpos[1] << 8) | ivpos[2];
-
-       if (ieee80211_wep_weak_iv(iv, key->conf.keylen))
-               return ivpos;
-
-       return NULL;
-}
-
-ieee80211_txrx_result
-ieee80211_crypto_wep_decrypt(struct ieee80211_txrx_data *rx)
-{
-       if ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA &&
-           ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT ||
-            (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_AUTH))
-               return TXRX_CONTINUE;
-
-       if (!(rx->u.rx.status->flag & RX_FLAG_DECRYPTED)) {
-               if (ieee80211_wep_decrypt(rx->local, rx->skb, rx->key)) {
-                       if (net_ratelimit())
-                               printk(KERN_DEBUG "%s: RX WEP frame, decrypt "
-                                      "failed\n", rx->dev->name);
-                       return TXRX_DROP;
-               }
-       } else if (!(rx->u.rx.status->flag & RX_FLAG_IV_STRIPPED)) {
-               ieee80211_wep_remove_iv(rx->local, rx->skb, rx->key);
-               /* remove ICV */
-               skb_trim(rx->skb, rx->skb->len - 4);
-       }
-
-       return TXRX_CONTINUE;
-}
-
-static int wep_encrypt_skb(struct ieee80211_txrx_data *tx, struct sk_buff *skb)
-{
-       if (!(tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)) {
-               if (ieee80211_wep_encrypt(tx->local, skb, tx->key))
-                       return -1;
-       } else {
-               tx->u.tx.control->key_idx = tx->key->conf.hw_key_idx;
-               if (tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV) {
-                       if (!ieee80211_wep_add_iv(tx->local, skb, tx->key))
-                               return -1;
-               }
-       }
-       return 0;
-}
-
-ieee80211_txrx_result
-ieee80211_crypto_wep_encrypt(struct ieee80211_txrx_data *tx)
-{
-       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) tx->skb->data;
-       u16 fc;
-
-       fc = le16_to_cpu(hdr->frame_control);
-
-       if (((fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA &&
-            ((fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT ||
-             (fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_AUTH)))
-               return TXRX_CONTINUE;
-
-       tx->u.tx.control->iv_len = WEP_IV_LEN;
-       tx->u.tx.control->icv_len = WEP_ICV_LEN;
-       ieee80211_tx_set_iswep(tx);
-
-       if (wep_encrypt_skb(tx, tx->skb) < 0) {
-               I802_DEBUG_INC(tx->local->tx_handlers_drop_wep);
-               return TXRX_DROP;
-       }
-
-       if (tx->u.tx.extra_frag) {
-               int i;
-               for (i = 0; i < tx->u.tx.num_extra_frag; i++) {
-                       if (wep_encrypt_skb(tx, tx->u.tx.extra_frag[i]) < 0) {
-                               I802_DEBUG_INC(tx->local->
-                                              tx_handlers_drop_wep);
-                               return TXRX_DROP;
-                       }
-               }
-       }
-
-       return TXRX_CONTINUE;
-}
 
+++ /dev/null
-/*
- * Software WEP encryption implementation
- * Copyright 2002, Jouni Malinen <jkmaline@cc.hut.fi>
- * Copyright 2003, Instant802 Networks, Inc.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-#ifndef WEP_H
-#define WEP_H
-
-#include <linux/skbuff.h>
-#include <linux/types.h>
-#include "ieee80211_i.h"
-#include "ieee80211_key.h"
-
-int ieee80211_wep_init(struct ieee80211_local *local);
-void ieee80211_wep_free(struct ieee80211_local *local);
-void ieee80211_wep_encrypt_data(struct crypto_blkcipher *tfm, u8 *rc4key,
-                               size_t klen, u8 *data, size_t data_len);
-int ieee80211_wep_decrypt_data(struct crypto_blkcipher *tfm, u8 *rc4key,
-                              size_t klen, u8 *data, size_t data_len);
-int ieee80211_wep_encrypt(struct ieee80211_local *local, struct sk_buff *skb,
-                         struct ieee80211_key *key);
-int ieee80211_wep_decrypt(struct ieee80211_local *local, struct sk_buff *skb,
-                         struct ieee80211_key *key);
-u8 * ieee80211_wep_is_weak_iv(struct sk_buff *skb, struct ieee80211_key *key);
-
-ieee80211_txrx_result
-ieee80211_crypto_wep_decrypt(struct ieee80211_txrx_data *rx);
-ieee80211_txrx_result
-ieee80211_crypto_wep_encrypt(struct ieee80211_txrx_data *tx);
-
-#endif /* WEP_H */
 
+++ /dev/null
-/*
- * Copyright 2004, Instant802 Networks, Inc.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-#include <linux/netdevice.h>
-#include <linux/skbuff.h>
-#include <linux/module.h>
-#include <linux/if_arp.h>
-#include <linux/types.h>
-#include <net/ip.h>
-#include <net/pkt_sched.h>
-
-#include <net/mac80211.h>
-#include "ieee80211_i.h"
-#include "wme.h"
-
-/* maximum number of hardware queues we support. */
-#define TC_80211_MAX_QUEUES 8
-
-struct ieee80211_sched_data
-{
-       struct tcf_proto *filter_list;
-       struct Qdisc *queues[TC_80211_MAX_QUEUES];
-       struct sk_buff_head requeued[TC_80211_MAX_QUEUES];
-};
-
-
-/* given a data frame determine the 802.1p/1d tag to use */
-static inline unsigned classify_1d(struct sk_buff *skb, struct Qdisc *qd)
-{
-       struct iphdr *ip;
-       int dscp;
-       int offset;
-
-       struct ieee80211_sched_data *q = qdisc_priv(qd);
-       struct tcf_result res = { -1, 0 };
-
-       /* if there is a user set filter list, call out to that */
-       if (q->filter_list) {
-               tc_classify(skb, q->filter_list, &res);
-               if (res.class != -1)
-                       return res.class;
-       }
-
-       /* skb->priority values from 256->263 are magic values to
-        * directly indicate a specific 802.1d priority.
-        * This is used to allow 802.1d priority to be passed directly in
-        * from VLAN tags, etc. */
-       if (skb->priority >= 256 && skb->priority <= 263)
-               return skb->priority - 256;
-
-       /* check there is a valid IP header present */
-       offset = ieee80211_get_hdrlen_from_skb(skb) + 8 /* LLC + proto */;
-       if (skb->protocol != __constant_htons(ETH_P_IP) ||
-           skb->len < offset + sizeof(*ip))
-               return 0;
-
-       ip = (struct iphdr *) (skb->data + offset);
-
-       dscp = ip->tos & 0xfc;
-       if (dscp & 0x1c)
-               return 0;
-       return dscp >> 5;
-}
-
-
-static inline int wme_downgrade_ac(struct sk_buff *skb)
-{
-       switch (skb->priority) {
-       case 6:
-       case 7:
-               skb->priority = 5; /* VO -> VI */
-               return 0;
-       case 4:
-       case 5:
-               skb->priority = 3; /* VI -> BE */
-               return 0;
-       case 0:
-       case 3:
-               skb->priority = 2; /* BE -> BK */
-               return 0;
-       default:
-               return -1;
-       }
-}
-
-
-/* positive return value indicates which queue to use
- * negative return value indicates to drop the frame */
-static inline int classify80211(struct sk_buff *skb, struct Qdisc *qd)
-{
-       struct ieee80211_local *local = wdev_priv(qd->dev->ieee80211_ptr);
-       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
-       unsigned short fc = le16_to_cpu(hdr->frame_control);
-       int qos;
-       const int ieee802_1d_to_ac[8] = { 2, 3, 3, 2, 1, 1, 0, 0 };
-
-       /* see if frame is data or non data frame */
-       if (unlikely((fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA)) {
-               /* management frames go on AC_VO queue, but are sent
-               * without QoS control fields */
-               return IEEE80211_TX_QUEUE_DATA0;
-       }
-
-       if (0 /* injected */) {
-               /* use AC from radiotap */
-       }
-
-       /* is this a QoS frame? */
-       qos = fc & IEEE80211_STYPE_QOS_DATA;
-
-       if (!qos) {
-               skb->priority = 0; /* required for correct WPA/11i MIC */
-               return ieee802_1d_to_ac[skb->priority];
-       }
-
-       /* use the data classifier to determine what 802.1d tag the
-        * data frame has */
-       skb->priority = classify_1d(skb, qd);
-
-       /* in case we are a client verify acm is not set for this ac */
-       while (unlikely(local->wmm_acm & BIT(skb->priority))) {
-               if (wme_downgrade_ac(skb)) {
-                       /* No AC with lower priority has acm=0, drop packet. */
-                       return -1;
-               }
-       }
-
-       /* look up which queue to use for frames with this 1d tag */
-       return ieee802_1d_to_ac[skb->priority];
-}
-
-
-static int wme_qdiscop_enqueue(struct sk_buff *skb, struct Qdisc* qd)
-{
-       struct ieee80211_local *local = wdev_priv(qd->dev->ieee80211_ptr);
-       struct ieee80211_sched_data *q = qdisc_priv(qd);
-       struct ieee80211_tx_packet_data *pkt_data =
-               (struct ieee80211_tx_packet_data *) skb->cb;
-       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
-       unsigned short fc = le16_to_cpu(hdr->frame_control);
-       struct Qdisc *qdisc;
-       int err, queue;
-
-       if (pkt_data->flags & IEEE80211_TXPD_REQUEUE) {
-               skb_queue_tail(&q->requeued[pkt_data->queue], skb);
-               qd->q.qlen++;
-               return 0;
-       }
-
-       queue = classify80211(skb, qd);
-
-       /* now we know the 1d priority, fill in the QoS header if there is one
-        */
-       if (WLAN_FC_IS_QOS_DATA(fc)) {
-               u8 *p = skb->data + ieee80211_get_hdrlen(fc) - 2;
-               u8 qos_hdr = skb->priority & QOS_CONTROL_TAG1D_MASK;
-               if (local->wifi_wme_noack_test)
-                       qos_hdr |= QOS_CONTROL_ACK_POLICY_NOACK <<
-                                       QOS_CONTROL_ACK_POLICY_SHIFT;
-               /* qos header is 2 bytes, second reserved */
-               *p = qos_hdr;
-               p++;
-               *p = 0;
-       }
-
-       if (unlikely(queue >= local->hw.queues)) {
-#if 0
-               if (net_ratelimit()) {
-                       printk(KERN_DEBUG "%s - queue=%d (hw does not "
-                              "support) -> %d\n",
-                              __func__, queue, local->hw.queues - 1);
-               }
-#endif
-               queue = local->hw.queues - 1;
-       }
-
-       if (unlikely(queue < 0)) {
-                       kfree_skb(skb);
-                       err = NET_XMIT_DROP;
-       } else {
-               pkt_data->queue = (unsigned int) queue;
-               qdisc = q->queues[queue];
-               err = qdisc->enqueue(skb, qdisc);
-               if (err == NET_XMIT_SUCCESS) {
-                       qd->q.qlen++;
-                       qd->bstats.bytes += skb->len;
-                       qd->bstats.packets++;
-                       return NET_XMIT_SUCCESS;
-               }
-       }
-       qd->qstats.drops++;
-       return err;
-}
-
-
-/* TODO: clean up the cases where master_hard_start_xmit
- * returns non 0 - it shouldn't ever do that. Once done we
- * can remove this function */
-static int wme_qdiscop_requeue(struct sk_buff *skb, struct Qdisc* qd)
-{
-       struct ieee80211_sched_data *q = qdisc_priv(qd);
-       struct ieee80211_tx_packet_data *pkt_data =
-               (struct ieee80211_tx_packet_data *) skb->cb;
-       struct Qdisc *qdisc;
-       int err;
-
-       /* we recorded which queue to use earlier! */
-       qdisc = q->queues[pkt_data->queue];
-
-       if ((err = qdisc->ops->requeue(skb, qdisc)) == 0) {
-               qd->q.qlen++;
-               return 0;
-       }
-       qd->qstats.drops++;
-       return err;
-}
-
-
-static struct sk_buff *wme_qdiscop_dequeue(struct Qdisc* qd)
-{
-       struct ieee80211_sched_data *q = qdisc_priv(qd);
-       struct net_device *dev = qd->dev;
-       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-       struct ieee80211_hw *hw = &local->hw;
-       struct sk_buff *skb;
-       struct Qdisc *qdisc;
-       int queue;
-
-       /* check all the h/w queues in numeric/priority order */
-       for (queue = 0; queue < hw->queues; queue++) {
-               /* see if there is room in this hardware queue */
-               if (test_bit(IEEE80211_LINK_STATE_XOFF,
-                            &local->state[queue]) ||
-                   test_bit(IEEE80211_LINK_STATE_PENDING,
-                            &local->state[queue]))
-                       continue;
-
-               /* there is space - try and get a frame */
-               skb = skb_dequeue(&q->requeued[queue]);
-               if (skb) {
-                       qd->q.qlen--;
-                       return skb;
-               }
-
-               qdisc = q->queues[queue];
-               skb = qdisc->dequeue(qdisc);
-               if (skb) {
-                       qd->q.qlen--;
-                       return skb;
-               }
-       }
-       /* returning a NULL here when all the h/w queues are full means we
-        * never need to call netif_stop_queue in the driver */
-       return NULL;
-}
-
-
-static void wme_qdiscop_reset(struct Qdisc* qd)
-{
-       struct ieee80211_sched_data *q = qdisc_priv(qd);
-       struct ieee80211_local *local = wdev_priv(qd->dev->ieee80211_ptr);
-       struct ieee80211_hw *hw = &local->hw;
-       int queue;
-
-       /* QUESTION: should we have some hardware flush functionality here? */
-
-       for (queue = 0; queue < hw->queues; queue++) {
-               skb_queue_purge(&q->requeued[queue]);
-               qdisc_reset(q->queues[queue]);
-       }
-       qd->q.qlen = 0;
-}
-
-
-static void wme_qdiscop_destroy(struct Qdisc* qd)
-{
-       struct ieee80211_sched_data *q = qdisc_priv(qd);
-       struct ieee80211_local *local = wdev_priv(qd->dev->ieee80211_ptr);
-       struct ieee80211_hw *hw = &local->hw;
-       int queue;
-
-       tcf_destroy_chain(q->filter_list);
-       q->filter_list = NULL;
-
-       for (queue=0; queue < hw->queues; queue++) {
-               skb_queue_purge(&q->requeued[queue]);
-               qdisc_destroy(q->queues[queue]);
-               q->queues[queue] = &noop_qdisc;
-       }
-}
-
-
-/* called whenever parameters are updated on existing qdisc */
-static int wme_qdiscop_tune(struct Qdisc *qd, struct rtattr *opt)
-{
-/*     struct ieee80211_sched_data *q = qdisc_priv(qd);
-*/
-       /* check our options block is the right size */
-       /* copy any options to our local structure */
-/*     Ignore options block for now - always use static mapping
-       struct tc_ieee80211_qopt *qopt = RTA_DATA(opt);
-
-       if (opt->rta_len < RTA_LENGTH(sizeof(*qopt)))
-               return -EINVAL;
-       memcpy(q->tag2queue, qopt->tag2queue, sizeof(qopt->tag2queue));
-*/
-       return 0;
-}
-
-
-/* called during initial creation of qdisc on device */
-static int wme_qdiscop_init(struct Qdisc *qd, struct rtattr *opt)
-{
-       struct ieee80211_sched_data *q = qdisc_priv(qd);
-       struct net_device *dev = qd->dev;
-       struct ieee80211_local *local;
-       int queues;
-       int err = 0, i;
-
-       /* check that device is a mac80211 device */
-       if (!dev->ieee80211_ptr ||
-           dev->ieee80211_ptr->wiphy->privid != mac80211_wiphy_privid)
-               return -EINVAL;
-
-       /* check this device is an ieee80211 master type device */
-       if (dev->type != ARPHRD_IEEE80211)
-               return -EINVAL;
-
-       /* check that there is no qdisc currently attached to device
-        * this ensures that we will be the root qdisc. (I can't find a better
-        * way to test this explicitly) */
-       if (dev->qdisc_sleeping != &noop_qdisc)
-               return -EINVAL;
-
-       if (qd->flags & TCQ_F_INGRESS)
-               return -EINVAL;
-
-       local = wdev_priv(dev->ieee80211_ptr);
-       queues = local->hw.queues;
-
-       /* if options were passed in, set them */
-       if (opt) {
-               err = wme_qdiscop_tune(qd, opt);
-       }
-
-       /* create child queues */
-       for (i = 0; i < queues; i++) {
-               skb_queue_head_init(&q->requeued[i]);
-               q->queues[i] = qdisc_create_dflt(qd->dev, &pfifo_qdisc_ops,
-                                                qd->handle);
-               if (!q->queues[i]) {
-                       q->queues[i] = &noop_qdisc;
-                       printk(KERN_ERR "%s child qdisc %i creation failed", dev->name, i);
-               }
-       }
-
-       return err;
-}
-
-static int wme_qdiscop_dump(struct Qdisc *qd, struct sk_buff *skb)
-{
-/*     struct ieee80211_sched_data *q = qdisc_priv(qd);
-       unsigned char *p = skb->tail;
-       struct tc_ieee80211_qopt opt;
-
-       memcpy(&opt.tag2queue, q->tag2queue, TC_80211_MAX_TAG + 1);
-       RTA_PUT(skb, TCA_OPTIONS, sizeof(opt), &opt);
-*/     return skb->len;
-/*
-rtattr_failure:
-       skb_trim(skb, p - skb->data);*/
-       return -1;
-}
-
-
-static int wme_classop_graft(struct Qdisc *qd, unsigned long arg,
-                            struct Qdisc *new, struct Qdisc **old)
-{
-       struct ieee80211_sched_data *q = qdisc_priv(qd);
-       struct ieee80211_local *local = wdev_priv(qd->dev->ieee80211_ptr);
-       struct ieee80211_hw *hw = &local->hw;
-       unsigned long queue = arg - 1;
-
-       if (queue >= hw->queues)
-               return -EINVAL;
-
-       if (!new)
-               new = &noop_qdisc;
-
-       sch_tree_lock(qd);
-       *old = q->queues[queue];
-       q->queues[queue] = new;
-       qdisc_reset(*old);
-       sch_tree_unlock(qd);
-
-       return 0;
-}
-
-
-static struct Qdisc *
-wme_classop_leaf(struct Qdisc *qd, unsigned long arg)
-{
-       struct ieee80211_sched_data *q = qdisc_priv(qd);
-       struct ieee80211_local *local = wdev_priv(qd->dev->ieee80211_ptr);
-       struct ieee80211_hw *hw = &local->hw;
-       unsigned long queue = arg - 1;
-
-       if (queue >= hw->queues)
-               return NULL;
-
-       return q->queues[queue];
-}
-
-
-static unsigned long wme_classop_get(struct Qdisc *qd, u32 classid)
-{
-       struct ieee80211_local *local = wdev_priv(qd->dev->ieee80211_ptr);
-       struct ieee80211_hw *hw = &local->hw;
-       unsigned long queue = TC_H_MIN(classid);
-
-       if (queue - 1 >= hw->queues)
-               return 0;
-
-       return queue;
-}
-
-
-static unsigned long wme_classop_bind(struct Qdisc *qd, unsigned long parent,
-                                     u32 classid)
-{
-       return wme_classop_get(qd, classid);
-}
-
-
-static void wme_classop_put(struct Qdisc *q, unsigned long cl)
-{
-}
-
-
-static int wme_classop_change(struct Qdisc *qd, u32 handle, u32 parent,
-                             struct rtattr **tca, unsigned long *arg)
-{
-       unsigned long cl = *arg;
-       struct ieee80211_local *local = wdev_priv(qd->dev->ieee80211_ptr);
-       struct ieee80211_hw *hw = &local->hw;
-
-       if (cl - 1 > hw->queues)
-               return -ENOENT;
-
-       /* TODO: put code to program hardware queue parameters here,
-        * to allow programming from tc command line */
-
-       return 0;
-}
-
-
-/* we don't support deleting hardware queues
- * when we add WMM-SA support - TSPECs may be deleted here */
-static int wme_classop_delete(struct Qdisc *qd, unsigned long cl)
-{
-       struct ieee80211_local *local = wdev_priv(qd->dev->ieee80211_ptr);
-       struct ieee80211_hw *hw = &local->hw;
-
-       if (cl - 1 > hw->queues)
-               return -ENOENT;
-       return 0;
-}
-
-
-static int wme_classop_dump_class(struct Qdisc *qd, unsigned long cl,
-                                 struct sk_buff *skb, struct tcmsg *tcm)
-{
-       struct ieee80211_sched_data *q = qdisc_priv(qd);
-       struct ieee80211_local *local = wdev_priv(qd->dev->ieee80211_ptr);
-       struct ieee80211_hw *hw = &local->hw;
-
-       if (cl - 1 > hw->queues)
-               return -ENOENT;
-       tcm->tcm_handle = TC_H_MIN(cl);
-       tcm->tcm_parent = qd->handle;
-       tcm->tcm_info = q->queues[cl-1]->handle; /* do we need this? */
-       return 0;
-}
-
-
-static void wme_classop_walk(struct Qdisc *qd, struct qdisc_walker *arg)
-{
-       struct ieee80211_local *local = wdev_priv(qd->dev->ieee80211_ptr);
-       struct ieee80211_hw *hw = &local->hw;
-       int queue;
-
-       if (arg->stop)
-               return;
-
-       for (queue = 0; queue < hw->queues; queue++) {
-               if (arg->count < arg->skip) {
-                       arg->count++;
-                       continue;
-               }
-               /* we should return classids for our internal queues here
-                * as well as the external ones */
-               if (arg->fn(qd, queue+1, arg) < 0) {
-                       arg->stop = 1;
-                       break;
-               }
-               arg->count++;
-       }
-}
-
-
-static struct tcf_proto ** wme_classop_find_tcf(struct Qdisc *qd,
-                                               unsigned long cl)
-{
-       struct ieee80211_sched_data *q = qdisc_priv(qd);
-
-       if (cl)
-               return NULL;
-
-       return &q->filter_list;
-}
-
-
-/* this qdisc is classful (i.e. has classes, some of which may have leaf qdiscs attached)
- * - these are the operations on the classes */
-static struct Qdisc_class_ops class_ops =
-{
-       .graft = wme_classop_graft,
-       .leaf = wme_classop_leaf,
-
-       .get = wme_classop_get,
-       .put = wme_classop_put,
-       .change = wme_classop_change,
-       .delete = wme_classop_delete,
-       .walk = wme_classop_walk,
-
-       .tcf_chain = wme_classop_find_tcf,
-       .bind_tcf = wme_classop_bind,
-       .unbind_tcf = wme_classop_put,
-
-       .dump = wme_classop_dump_class,
-};
-
-
-/* queueing discipline operations */
-static struct Qdisc_ops wme_qdisc_ops =
-{
-       .next = NULL,
-       .cl_ops = &class_ops,
-       .id = "ieee80211",
-       .priv_size = sizeof(struct ieee80211_sched_data),
-
-       .enqueue = wme_qdiscop_enqueue,
-       .dequeue = wme_qdiscop_dequeue,
-       .requeue = wme_qdiscop_requeue,
-       .drop = NULL, /* drop not needed since we are always the root qdisc */
-
-       .init = wme_qdiscop_init,
-       .reset = wme_qdiscop_reset,
-       .destroy = wme_qdiscop_destroy,
-       .change = wme_qdiscop_tune,
-
-       .dump = wme_qdiscop_dump,
-};
-
-
-void ieee80211_install_qdisc(struct net_device *dev)
-{
-       struct Qdisc *qdisc;
-
-       qdisc = qdisc_create_dflt(dev, &wme_qdisc_ops, TC_H_ROOT);
-       if (!qdisc) {
-               printk(KERN_ERR "%s: qdisc installation failed\n", dev->name);
-               return;
-       }
-
-       /* same handle as would be allocated by qdisc_alloc_handle() */
-       qdisc->handle = 0x80010000;
-
-       qdisc_lock_tree(dev);
-       list_add_tail(&qdisc->list, &dev->qdisc_list);
-       dev->qdisc_sleeping = qdisc;
-       qdisc_unlock_tree(dev);
-}
-
-
-int ieee80211_qdisc_installed(struct net_device *dev)
-{
-       return dev->qdisc_sleeping->ops == &wme_qdisc_ops;
-}
-
-
-int ieee80211_wme_register(void)
-{
-       return register_qdisc(&wme_qdisc_ops);
-}
-
-
-void ieee80211_wme_unregister(void)
-{
-       unregister_qdisc(&wme_qdisc_ops);
-}
 
+++ /dev/null
-/*
- * IEEE 802.11 driver (80211.o) - QoS datatypes
- * Copyright 2004, Instant802 Networks, Inc.
- * Copyright 2005, Devicescape Software, Inc.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-#ifndef _WME_H
-#define _WME_H
-
-#include <linux/netdevice.h>
-#include "ieee80211_i.h"
-
-#define QOS_CONTROL_LEN 2
-
-#define QOS_CONTROL_ACK_POLICY_NORMAL 0
-#define QOS_CONTROL_ACK_POLICY_NOACK 1
-
-#define QOS_CONTROL_TID_MASK 0x0f
-#define QOS_CONTROL_ACK_POLICY_SHIFT 5
-
-#define QOS_CONTROL_TAG1D_MASK 0x07
-
-static inline int WLAN_FC_IS_QOS_DATA(u16 fc)
-{
-       return (fc & 0x8C) == 0x88;
-}
-
-#ifdef CONFIG_NET_SCHED
-void ieee80211_install_qdisc(struct net_device *dev);
-int ieee80211_qdisc_installed(struct net_device *dev);
-
-int ieee80211_wme_register(void);
-void ieee80211_wme_unregister(void);
-#else
-static inline void ieee80211_install_qdisc(struct net_device *dev)
-{
-}
-static inline int ieee80211_qdisc_installed(struct net_device *dev)
-{
-       return 0;
-}
-
-static inline int ieee80211_wme_register(void)
-{
-       return 0;
-}
-static inline void ieee80211_wme_unregister(void)
-{
-}
-#endif /* CONFIG_NET_SCHED */
-
-#endif /* _WME_H */
 
+++ /dev/null
-/*
- * Copyright 2002-2004, Instant802 Networks, Inc.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-#include <linux/netdevice.h>
-#include <linux/types.h>
-#include <linux/slab.h>
-#include <linux/skbuff.h>
-#include <linux/compiler.h>
-#include <net/mac80211.h>
-
-#include "ieee80211_i.h"
-#include "michael.h"
-#include "tkip.h"
-#include "aes_ccm.h"
-#include "wpa.h"
-
-static int ieee80211_get_hdr_info(const struct sk_buff *skb, u8 **sa, u8 **da,
-                                 u8 *qos_tid, u8 **data, size_t *data_len)
-{
-       struct ieee80211_hdr *hdr;
-       size_t hdrlen;
-       u16 fc;
-       int a4_included;
-       u8 *pos;
-
-       hdr = (struct ieee80211_hdr *) skb->data;
-       fc = le16_to_cpu(hdr->frame_control);
-
-       hdrlen = 24;
-       if ((fc & (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) ==
-           (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
-               hdrlen += ETH_ALEN;
-               *sa = hdr->addr4;
-               *da = hdr->addr3;
-       } else if (fc & IEEE80211_FCTL_FROMDS) {
-               *sa = hdr->addr3;
-               *da = hdr->addr1;
-       } else if (fc & IEEE80211_FCTL_TODS) {
-               *sa = hdr->addr2;
-               *da = hdr->addr3;
-       } else {
-               *sa = hdr->addr2;
-               *da = hdr->addr1;
-       }
-
-       if (fc & 0x80)
-               hdrlen += 2;
-
-       *data = skb->data + hdrlen;
-       *data_len = skb->len - hdrlen;
-
-       a4_included = (fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) ==
-               (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS);
-       if ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
-           fc & IEEE80211_STYPE_QOS_DATA) {
-               pos = (u8 *) &hdr->addr4;
-               if (a4_included)
-                       pos += 6;
-               *qos_tid = pos[0] & 0x0f;
-               *qos_tid |= 0x80; /* qos_included flag */
-       } else
-               *qos_tid = 0;
-
-       return skb->len < hdrlen ? -1 : 0;
-}
-
-
-ieee80211_txrx_result
-ieee80211_tx_h_michael_mic_add(struct ieee80211_txrx_data *tx)
-{
-       u8 *data, *sa, *da, *key, *mic, qos_tid;
-       size_t data_len;
-       u16 fc;
-       struct sk_buff *skb = tx->skb;
-       int authenticator;
-       int wpa_test = 0;
-
-       fc = tx->fc;
-
-       if (!tx->key || tx->key->conf.alg != ALG_TKIP || skb->len < 24 ||
-           !WLAN_FC_DATA_PRESENT(fc))
-               return TXRX_CONTINUE;
-
-       if (ieee80211_get_hdr_info(skb, &sa, &da, &qos_tid, &data, &data_len))
-               return TXRX_DROP;
-
-       if ((tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) &&
-           !(tx->flags & IEEE80211_TXRXD_FRAGMENTED) &&
-           !(tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC) &&
-           !wpa_test) {
-               /* hwaccel - with no need for preallocated room for Michael MIC
-                */
-               return TXRX_CONTINUE;
-       }
-
-       if (skb_tailroom(skb) < MICHAEL_MIC_LEN) {
-               I802_DEBUG_INC(tx->local->tx_expand_skb_head);
-               if (unlikely(pskb_expand_head(skb, TKIP_IV_LEN,
-                                             MICHAEL_MIC_LEN + TKIP_ICV_LEN,
-                                             GFP_ATOMIC))) {
-                       printk(KERN_DEBUG "%s: failed to allocate more memory "
-                              "for Michael MIC\n", tx->dev->name);
-                       return TXRX_DROP;
-               }
-       }
-
-#if 0
-       authenticator = fc & IEEE80211_FCTL_FROMDS; /* FIX */
-#else
-       authenticator = 1;
-#endif
-       key = &tx->key->conf.key[authenticator ? ALG_TKIP_TEMP_AUTH_TX_MIC_KEY :
-                                ALG_TKIP_TEMP_AUTH_RX_MIC_KEY];
-       mic = skb_put(skb, MICHAEL_MIC_LEN);
-       michael_mic(key, da, sa, qos_tid & 0x0f, data, data_len, mic);
-
-       return TXRX_CONTINUE;
-}
-
-
-ieee80211_txrx_result
-ieee80211_rx_h_michael_mic_verify(struct ieee80211_txrx_data *rx)
-{
-       u8 *data, *sa, *da, *key = NULL, qos_tid;
-       size_t data_len;
-       u16 fc;
-       u8 mic[MICHAEL_MIC_LEN];
-       struct sk_buff *skb = rx->skb;
-       int authenticator = 1, wpa_test = 0;
-
-       fc = rx->fc;
-
-       /*
-        * No way to verify the MIC if the hardware stripped it
-        */
-       if (rx->u.rx.status->flag & RX_FLAG_MMIC_STRIPPED)
-               return TXRX_CONTINUE;
-
-       if (!rx->key || rx->key->conf.alg != ALG_TKIP ||
-           !(rx->fc & IEEE80211_FCTL_PROTECTED) || !WLAN_FC_DATA_PRESENT(fc))
-               return TXRX_CONTINUE;
-
-       if (ieee80211_get_hdr_info(skb, &sa, &da, &qos_tid, &data, &data_len)
-           || data_len < MICHAEL_MIC_LEN)
-               return TXRX_DROP;
-
-       data_len -= MICHAEL_MIC_LEN;
-
-#if 0
-       authenticator = fc & IEEE80211_FCTL_TODS; /* FIX */
-#else
-       authenticator = 1;
-#endif
-       key = &rx->key->conf.key[authenticator ? ALG_TKIP_TEMP_AUTH_RX_MIC_KEY :
-                                ALG_TKIP_TEMP_AUTH_TX_MIC_KEY];
-       michael_mic(key, da, sa, qos_tid & 0x0f, data, data_len, mic);
-       if (memcmp(mic, data + data_len, MICHAEL_MIC_LEN) != 0 || wpa_test) {
-               if (!(rx->flags & IEEE80211_TXRXD_RXRA_MATCH))
-                       return TXRX_DROP;
-
-               printk(KERN_DEBUG "%s: invalid Michael MIC in data frame from "
-                      MAC_FMT "\n", rx->dev->name, MAC_ARG(sa));
-
-               mac80211_ev_michael_mic_failure(rx->dev, rx->key->conf.keyidx,
-                                               (void *) skb->data);
-               return TXRX_DROP;
-       }
-
-       /* remove Michael MIC from payload */
-       skb_trim(skb, skb->len - MICHAEL_MIC_LEN);
-
-       /* update IV in key information to be able to detect replays */
-       rx->key->u.tkip.iv32_rx[rx->u.rx.queue] = rx->u.rx.tkip_iv32;
-       rx->key->u.tkip.iv16_rx[rx->u.rx.queue] = rx->u.rx.tkip_iv16;
-
-       return TXRX_CONTINUE;
-}
-
-
-static int tkip_encrypt_skb(struct ieee80211_txrx_data *tx,
-                           struct sk_buff *skb, int test)
-{
-       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
-       struct ieee80211_key *key = tx->key;
-       int hdrlen, len, tailneed;
-       u16 fc;
-       u8 *pos;
-
-       fc = le16_to_cpu(hdr->frame_control);
-       hdrlen = ieee80211_get_hdrlen(fc);
-       len = skb->len - hdrlen;
-
-       if (tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)
-               tailneed = 0;
-       else
-               tailneed = TKIP_ICV_LEN;
-
-       if ((skb_headroom(skb) < TKIP_IV_LEN ||
-            skb_tailroom(skb) < tailneed)) {
-               I802_DEBUG_INC(tx->local->tx_expand_skb_head);
-               if (unlikely(pskb_expand_head(skb, TKIP_IV_LEN, tailneed,
-                                             GFP_ATOMIC)))
-                       return -1;
-       }
-
-       pos = skb_push(skb, TKIP_IV_LEN);
-       memmove(pos, pos + TKIP_IV_LEN, hdrlen);
-       pos += hdrlen;
-
-       /* Increase IV for the frame */
-       key->u.tkip.iv16++;
-       if (key->u.tkip.iv16 == 0)
-               key->u.tkip.iv32++;
-
-       if (tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
-               hdr = (struct ieee80211_hdr *)skb->data;
-
-               /* hwaccel - with preallocated room for IV */
-               ieee80211_tkip_add_iv(pos, key,
-                                     (u8) (key->u.tkip.iv16 >> 8),
-                                     (u8) (((key->u.tkip.iv16 >> 8) | 0x20) &
-                                           0x7f),
-                                     (u8) key->u.tkip.iv16);
-
-               tx->u.tx.control->key_idx = tx->key->conf.hw_key_idx;
-               return 0;
-       }
-
-       /* Add room for ICV */
-       skb_put(skb, TKIP_ICV_LEN);
-
-       hdr = (struct ieee80211_hdr *) skb->data;
-       ieee80211_tkip_encrypt_data(tx->local->wep_tx_tfm,
-                                   key, pos, len, hdr->addr2);
-       return 0;
-}
-
-
-ieee80211_txrx_result
-ieee80211_crypto_tkip_encrypt(struct ieee80211_txrx_data *tx)
-{
-       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) tx->skb->data;
-       u16 fc;
-       struct sk_buff *skb = tx->skb;
-       int wpa_test = 0, test = 0;
-
-       fc = le16_to_cpu(hdr->frame_control);
-
-       if (!WLAN_FC_DATA_PRESENT(fc))
-               return TXRX_CONTINUE;
-
-       tx->u.tx.control->icv_len = TKIP_ICV_LEN;
-       tx->u.tx.control->iv_len = TKIP_IV_LEN;
-       ieee80211_tx_set_iswep(tx);
-
-       if ((tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) &&
-           !(tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV) &&
-           !wpa_test) {
-               /* hwaccel - with no need for preallocated room for IV/ICV */
-               tx->u.tx.control->key_idx = tx->key->conf.hw_key_idx;
-               return TXRX_CONTINUE;
-       }
-
-       if (tkip_encrypt_skb(tx, skb, test) < 0)
-               return TXRX_DROP;
-
-       if (tx->u.tx.extra_frag) {
-               int i;
-               for (i = 0; i < tx->u.tx.num_extra_frag; i++) {
-                       if (tkip_encrypt_skb(tx, tx->u.tx.extra_frag[i], test)
-                           < 0)
-                               return TXRX_DROP;
-               }
-       }
-
-       return TXRX_CONTINUE;
-}
-
-
-ieee80211_txrx_result
-ieee80211_crypto_tkip_decrypt(struct ieee80211_txrx_data *rx)
-{
-       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
-       u16 fc;
-       int hdrlen, res, hwaccel = 0, wpa_test = 0;
-       struct ieee80211_key *key = rx->key;
-       struct sk_buff *skb = rx->skb;
-
-       fc = le16_to_cpu(hdr->frame_control);
-       hdrlen = ieee80211_get_hdrlen(fc);
-
-       if ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA)
-               return TXRX_CONTINUE;
-
-       if (!rx->sta || skb->len - hdrlen < 12)
-               return TXRX_DROP;
-
-       if (rx->u.rx.status->flag & RX_FLAG_DECRYPTED) {
-               if (rx->u.rx.status->flag & RX_FLAG_IV_STRIPPED) {
-                       /*
-                        * Hardware took care of all processing, including
-                        * replay protection, and stripped the ICV/IV so
-                        * we cannot do any checks here.
-                        */
-                       return TXRX_CONTINUE;
-               }
-
-               /* let TKIP code verify IV, but skip decryption */
-               hwaccel = 1;
-       }
-
-       res = ieee80211_tkip_decrypt_data(rx->local->wep_rx_tfm,
-                                         key, skb->data + hdrlen,
-                                         skb->len - hdrlen, rx->sta->addr,
-                                         hwaccel, rx->u.rx.queue,
-                                         &rx->u.rx.tkip_iv32,
-                                         &rx->u.rx.tkip_iv16);
-       if (res != TKIP_DECRYPT_OK || wpa_test) {
-               printk(KERN_DEBUG "%s: TKIP decrypt failed for RX frame from "
-                      MAC_FMT " (res=%d)\n",
-                      rx->dev->name, MAC_ARG(rx->sta->addr), res);
-               return TXRX_DROP;
-       }
-
-       /* Trim ICV */
-       skb_trim(skb, skb->len - TKIP_ICV_LEN);
-
-       /* Remove IV */
-       memmove(skb->data + TKIP_IV_LEN, skb->data, hdrlen);
-       skb_pull(skb, TKIP_IV_LEN);
-
-       return TXRX_CONTINUE;
-}
-
-
-static void ccmp_special_blocks(struct sk_buff *skb, u8 *pn, u8 *b_0, u8 *aad,
-                               int encrypted)
-{
-       u16 fc;
-       int a4_included, qos_included;
-       u8 qos_tid, *fc_pos, *data, *sa, *da;
-       int len_a;
-       size_t data_len;
-       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
-
-       fc_pos = (u8 *) &hdr->frame_control;
-       fc = fc_pos[0] ^ (fc_pos[1] << 8);
-       a4_included = (fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) ==
-               (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS);
-
-       ieee80211_get_hdr_info(skb, &sa, &da, &qos_tid, &data, &data_len);
-       data_len -= CCMP_HDR_LEN + (encrypted ? CCMP_MIC_LEN : 0);
-       if (qos_tid & 0x80) {
-               qos_included = 1;
-               qos_tid &= 0x0f;
-       } else
-               qos_included = 0;
-       /* First block, b_0 */
-
-       b_0[0] = 0x59; /* flags: Adata: 1, M: 011, L: 001 */
-       /* Nonce: QoS Priority | A2 | PN */
-       b_0[1] = qos_tid;
-       memcpy(&b_0[2], hdr->addr2, 6);
-       memcpy(&b_0[8], pn, CCMP_PN_LEN);
-       /* l(m) */
-       b_0[14] = (data_len >> 8) & 0xff;
-       b_0[15] = data_len & 0xff;
-
-
-       /* AAD (extra authenticate-only data) / masked 802.11 header
-        * FC | A1 | A2 | A3 | SC | [A4] | [QC] */
-
-       len_a = a4_included ? 28 : 22;
-       if (qos_included)
-               len_a += 2;
-
-       aad[0] = 0; /* (len_a >> 8) & 0xff; */
-       aad[1] = len_a & 0xff;
-       /* Mask FC: zero subtype b4 b5 b6 */
-       aad[2] = fc_pos[0] & ~(BIT(4) | BIT(5) | BIT(6));
-       /* Retry, PwrMgt, MoreData; set Protected */
-       aad[3] = (fc_pos[1] & ~(BIT(3) | BIT(4) | BIT(5))) | BIT(6);
-       memcpy(&aad[4], &hdr->addr1, 18);
-
-       /* Mask Seq#, leave Frag# */
-       aad[22] = *((u8 *) &hdr->seq_ctrl) & 0x0f;
-       aad[23] = 0;
-       if (a4_included) {
-               memcpy(&aad[24], hdr->addr4, 6);
-               aad[30] = 0;
-               aad[31] = 0;
-       } else
-               memset(&aad[24], 0, 8);
-       if (qos_included) {
-               u8 *dpos = &aad[a4_included ? 30 : 24];
-
-               /* Mask QoS Control field */
-               dpos[0] = qos_tid;
-               dpos[1] = 0;
-       }
-}
-
-
-static inline void ccmp_pn2hdr(u8 *hdr, u8 *pn, int key_id)
-{
-       hdr[0] = pn[5];
-       hdr[1] = pn[4];
-       hdr[2] = 0;
-       hdr[3] = 0x20 | (key_id << 6);
-       hdr[4] = pn[3];
-       hdr[5] = pn[2];
-       hdr[6] = pn[1];
-       hdr[7] = pn[0];
-}
-
-
-static inline int ccmp_hdr2pn(u8 *pn, u8 *hdr)
-{
-       pn[0] = hdr[7];
-       pn[1] = hdr[6];
-       pn[2] = hdr[5];
-       pn[3] = hdr[4];
-       pn[4] = hdr[1];
-       pn[5] = hdr[0];
-       return (hdr[3] >> 6) & 0x03;
-}
-
-
-static int ccmp_encrypt_skb(struct ieee80211_txrx_data *tx,
-                           struct sk_buff *skb, int test)
-{
-       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
-       struct ieee80211_key *key = tx->key;
-       int hdrlen, len, tailneed;
-       u16 fc;
-       u8 *pos, *pn, *b_0, *aad, *scratch;
-       int i;
-
-       scratch = key->u.ccmp.tx_crypto_buf;
-       b_0 = scratch + 3 * AES_BLOCK_LEN;
-       aad = scratch + 4 * AES_BLOCK_LEN;
-
-       fc = le16_to_cpu(hdr->frame_control);
-       hdrlen = ieee80211_get_hdrlen(fc);
-       len = skb->len - hdrlen;
-
-       if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)
-               tailneed = 0;
-       else
-               tailneed = CCMP_MIC_LEN;
-
-       if ((skb_headroom(skb) < CCMP_HDR_LEN ||
-            skb_tailroom(skb) < tailneed)) {
-               I802_DEBUG_INC(tx->local->tx_expand_skb_head);
-               if (unlikely(pskb_expand_head(skb, CCMP_HDR_LEN, tailneed,
-                                             GFP_ATOMIC)))
-                       return -1;
-       }
-
-       pos = skb_push(skb, CCMP_HDR_LEN);
-       memmove(pos, pos + CCMP_HDR_LEN, hdrlen);
-       hdr = (struct ieee80211_hdr *) pos;
-       pos += hdrlen;
-
-       /* PN = PN + 1 */
-       pn = key->u.ccmp.tx_pn;
-
-       for (i = CCMP_PN_LEN - 1; i >= 0; i--) {
-               pn[i]++;
-               if (pn[i])
-                       break;
-       }
-
-       ccmp_pn2hdr(pos, pn, key->conf.keyidx);
-
-       if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
-               /* hwaccel - with preallocated room for CCMP header */
-               tx->u.tx.control->key_idx = key->conf.hw_key_idx;
-               return 0;
-       }
-
-       pos += CCMP_HDR_LEN;
-       ccmp_special_blocks(skb, pn, b_0, aad, 0);
-       ieee80211_aes_ccm_encrypt(key->u.ccmp.tfm, scratch, b_0, aad, pos, len,
-                                 pos, skb_put(skb, CCMP_MIC_LEN));
-
-       return 0;
-}
-
-
-ieee80211_txrx_result
-ieee80211_crypto_ccmp_encrypt(struct ieee80211_txrx_data *tx)
-{
-       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) tx->skb->data;
-       u16 fc;
-       struct sk_buff *skb = tx->skb;
-       int test = 0;
-
-       fc = le16_to_cpu(hdr->frame_control);
-
-       if (!WLAN_FC_DATA_PRESENT(fc))
-               return TXRX_CONTINUE;
-
-       tx->u.tx.control->icv_len = CCMP_MIC_LEN;
-       tx->u.tx.control->iv_len = CCMP_HDR_LEN;
-       ieee80211_tx_set_iswep(tx);
-
-       if ((tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) &&
-           !(tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV)) {
-               /* hwaccel - with no need for preallocated room for CCMP "
-                * header or MIC fields */
-               tx->u.tx.control->key_idx = tx->key->conf.hw_key_idx;
-               return TXRX_CONTINUE;
-       }
-
-       if (ccmp_encrypt_skb(tx, skb, test) < 0)
-               return TXRX_DROP;
-
-       if (tx->u.tx.extra_frag) {
-               int i;
-               for (i = 0; i < tx->u.tx.num_extra_frag; i++) {
-                       if (ccmp_encrypt_skb(tx, tx->u.tx.extra_frag[i], test)
-                           < 0)
-                               return TXRX_DROP;
-               }
-       }
-
-       return TXRX_CONTINUE;
-}
-
-
-ieee80211_txrx_result
-ieee80211_crypto_ccmp_decrypt(struct ieee80211_txrx_data *rx)
-{
-       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
-       u16 fc;
-       int hdrlen;
-       struct ieee80211_key *key = rx->key;
-       struct sk_buff *skb = rx->skb;
-       u8 pn[CCMP_PN_LEN];
-       int data_len;
-
-       fc = le16_to_cpu(hdr->frame_control);
-       hdrlen = ieee80211_get_hdrlen(fc);
-
-       if ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA)
-               return TXRX_CONTINUE;
-
-       data_len = skb->len - hdrlen - CCMP_HDR_LEN - CCMP_MIC_LEN;
-       if (!rx->sta || data_len < 0)
-               return TXRX_DROP;
-
-       if ((rx->u.rx.status->flag & RX_FLAG_DECRYPTED) &&
-           (rx->u.rx.status->flag & RX_FLAG_IV_STRIPPED))
-               return TXRX_CONTINUE;
-
-       (void) ccmp_hdr2pn(pn, skb->data + hdrlen);
-
-       if (memcmp(pn, key->u.ccmp.rx_pn[rx->u.rx.queue], CCMP_PN_LEN) <= 0) {
-#ifdef CONFIG_MAC80211_DEBUG
-               u8 *ppn = key->u.ccmp.rx_pn[rx->u.rx.queue];
-               printk(KERN_DEBUG "%s: CCMP replay detected for RX frame from "
-                      MAC_FMT " (RX PN %02x%02x%02x%02x%02x%02x <= prev. PN "
-                      "%02x%02x%02x%02x%02x%02x)\n", rx->dev->name,
-                      MAC_ARG(rx->sta->addr),
-                      pn[0], pn[1], pn[2], pn[3], pn[4], pn[5],
-                      ppn[0], ppn[1], ppn[2], ppn[3], ppn[4], ppn[5]);
-#endif /* CONFIG_MAC80211_DEBUG */
-               key->u.ccmp.replays++;
-               return TXRX_DROP;
-       }
-
-       if (!(rx->u.rx.status->flag & RX_FLAG_DECRYPTED)) {
-               /* hardware didn't decrypt/verify MIC */
-               u8 *scratch, *b_0, *aad;
-
-               scratch = key->u.ccmp.rx_crypto_buf;
-               b_0 = scratch + 3 * AES_BLOCK_LEN;
-               aad = scratch + 4 * AES_BLOCK_LEN;
-
-               ccmp_special_blocks(skb, pn, b_0, aad, 1);
-
-               if (ieee80211_aes_ccm_decrypt(
-                           key->u.ccmp.tfm, scratch, b_0, aad,
-                           skb->data + hdrlen + CCMP_HDR_LEN, data_len,
-                           skb->data + skb->len - CCMP_MIC_LEN,
-                           skb->data + hdrlen + CCMP_HDR_LEN)) {
-                       printk(KERN_DEBUG "%s: CCMP decrypt failed for RX "
-                              "frame from " MAC_FMT "\n", rx->dev->name,
-                              MAC_ARG(rx->sta->addr));
-                       return TXRX_DROP;
-               }
-       }
-
-       memcpy(key->u.ccmp.rx_pn[rx->u.rx.queue], pn, CCMP_PN_LEN);
-
-       /* Remove CCMP header and MIC */
-       skb_trim(skb, skb->len - CCMP_MIC_LEN);
-       memmove(skb->data + CCMP_HDR_LEN, skb->data, hdrlen);
-       skb_pull(skb, CCMP_HDR_LEN);
-
-       return TXRX_CONTINUE;
-}
-
 
+++ /dev/null
-/*
- * Copyright 2002-2004, Instant802 Networks, Inc.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-#ifndef WPA_H
-#define WPA_H
-
-#include <linux/skbuff.h>
-#include <linux/types.h>
-#include "ieee80211_i.h"
-
-ieee80211_txrx_result
-ieee80211_tx_h_michael_mic_add(struct ieee80211_txrx_data *tx);
-ieee80211_txrx_result
-ieee80211_rx_h_michael_mic_verify(struct ieee80211_txrx_data *rx);
-
-ieee80211_txrx_result
-ieee80211_crypto_tkip_encrypt(struct ieee80211_txrx_data *tx);
-ieee80211_txrx_result
-ieee80211_crypto_tkip_decrypt(struct ieee80211_txrx_data *rx);
-
-ieee80211_txrx_result
-ieee80211_crypto_ccmp_encrypt(struct ieee80211_txrx_data *tx);
-ieee80211_txrx_result
-ieee80211_crypto_ccmp_decrypt(struct ieee80211_txrx_data *rx);
-
-#endif /* WPA_H */
 
--- /dev/null
+config MAC80211
+       tristate "Generic IEEE 802.11 Networking Stack (mac80211)"
+       depends on EXPERIMENTAL
+       select CRYPTO
+       select CRYPTO_ECB
+       select CRYPTO_ARC4
+       select CRYPTO_AES
+       select CRC32
+       select WIRELESS_EXT
+       select CFG80211
+       select NET_SCH_FIFO
+       ---help---
+       This option enables the hardware independent IEEE 802.11
+       networking stack.
+
+config MAC80211_LEDS
+       bool "Enable LED triggers"
+       depends on MAC80211 && LEDS_TRIGGERS
+       ---help---
+       This option enables a few LED triggers for different
+       packet receive/transmit events.
+
+config MAC80211_DEBUGFS
+       bool "Export mac80211 internals in DebugFS"
+       depends on MAC80211 && DEBUG_FS
+       ---help---
+         Select this to see extensive information about
+         the internal state of mac80211 in debugfs.
+
+         Say N unless you know you need this.
+
+config MAC80211_DEBUG
+       bool "Enable debugging output"
+       depends on MAC80211
+       ---help---
+         This option will enable debug tracing output for the
+         ieee80211 network stack.
+
+         If you are not trying to debug or develop the ieee80211
+         subsystem, you most likely want to say N here.
+
+config MAC80211_VERBOSE_DEBUG
+       bool "Verbose debugging output"
+       depends on MAC80211_DEBUG
+
+config MAC80211_LOWTX_FRAME_DUMP
+       bool "Debug frame dumping"
+       depends on MAC80211_DEBUG
+       ---help---
+         Selecting this option will cause the stack to
+         print a message for each frame that is handed
+         to the lowlevel driver for transmission. This
+         message includes all MAC addresses and the
+         frame control field.
+
+         If unsure, say N and insert the debugging code
+         you require into the driver you are debugging.
+
+config TKIP_DEBUG
+       bool "TKIP debugging"
+       depends on MAC80211_DEBUG
+
+config MAC80211_DEBUG_COUNTERS
+       bool "Extra statistics for TX/RX debugging"
+       depends on MAC80211_DEBUG
+
+config MAC80211_IBSS_DEBUG
+       bool "Support for IBSS testing"
+       depends on MAC80211_DEBUG
+       ---help---
+         Say Y here if you intend to debug the IBSS code.
+
+config MAC80211_VERBOSE_PS_DEBUG
+       bool "Verbose powersave mode debugging"
+       depends on MAC80211_DEBUG
+       ---help---
+         Say Y here to print out verbose powersave
+         mode debug messages.
 
--- /dev/null
+obj-$(CONFIG_MAC80211) += mac80211.o rc80211_simple.o
+
+mac80211-objs-$(CONFIG_MAC80211_LEDS) += ieee80211_led.o
+mac80211-objs-$(CONFIG_MAC80211_DEBUGFS) += debugfs.o debugfs_sta.o debugfs_netdev.o debugfs_key.o
+mac80211-objs-$(CONFIG_NET_SCHED) += wme.o
+
+mac80211-objs := \
+       ieee80211.o \
+       ieee80211_ioctl.o \
+       sta_info.o \
+       wep.o \
+       wpa.o \
+       ieee80211_sta.o \
+       ieee80211_iface.o \
+       ieee80211_rate.o \
+       michael.o \
+       regdomain.o \
+       tkip.o \
+       aes_ccm.o \
+       cfg.o \
+       rx.o \
+       tx.o \
+       key.o \
+       util.o \
+       event.o \
+       $(mac80211-objs-y)
 
--- /dev/null
+/*
+ * Copyright 2003-2004, Instant802 Networks, Inc.
+ * Copyright 2005-2006, Devicescape Software, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#include <linux/types.h>
+#include <linux/crypto.h>
+#include <linux/err.h>
+#include <asm/scatterlist.h>
+
+#include <net/mac80211.h>
+#include "ieee80211_key.h"
+#include "aes_ccm.h"
+
+
+static void ieee80211_aes_encrypt(struct crypto_cipher *tfm,
+                                 const u8 pt[16], u8 ct[16])
+{
+       crypto_cipher_encrypt_one(tfm, ct, pt);
+}
+
+
+static inline void aes_ccm_prepare(struct crypto_cipher *tfm, u8 *b_0, u8 *aad,
+                                  u8 *b, u8 *s_0, u8 *a)
+{
+       int i;
+
+       ieee80211_aes_encrypt(tfm, b_0, b);
+
+       /* Extra Authenticate-only data (always two AES blocks) */
+       for (i = 0; i < AES_BLOCK_LEN; i++)
+               aad[i] ^= b[i];
+       ieee80211_aes_encrypt(tfm, aad, b);
+
+       aad += AES_BLOCK_LEN;
+
+       for (i = 0; i < AES_BLOCK_LEN; i++)
+               aad[i] ^= b[i];
+       ieee80211_aes_encrypt(tfm, aad, a);
+
+       /* Mask out bits from auth-only-b_0 */
+       b_0[0] &= 0x07;
+
+       /* S_0 is used to encrypt T (= MIC) */
+       b_0[14] = 0;
+       b_0[15] = 0;
+       ieee80211_aes_encrypt(tfm, b_0, s_0);
+}
+
+
+void ieee80211_aes_ccm_encrypt(struct crypto_cipher *tfm, u8 *scratch,
+                              u8 *b_0, u8 *aad, u8 *data, size_t data_len,
+                              u8 *cdata, u8 *mic)
+{
+       int i, j, last_len, num_blocks;
+       u8 *pos, *cpos, *b, *s_0, *e;
+
+       b = scratch;
+       s_0 = scratch + AES_BLOCK_LEN;
+       e = scratch + 2 * AES_BLOCK_LEN;
+
+       num_blocks = (data_len + AES_BLOCK_LEN - 1) / AES_BLOCK_LEN;
+       last_len = data_len % AES_BLOCK_LEN;
+       aes_ccm_prepare(tfm, b_0, aad, b, s_0, b);
+
+       /* Process payload blocks */
+       pos = data;
+       cpos = cdata;
+       for (j = 1; j <= num_blocks; j++) {
+               int blen = (j == num_blocks && last_len) ?
+                       last_len : AES_BLOCK_LEN;
+
+               /* Authentication followed by encryption */
+               for (i = 0; i < blen; i++)
+                       b[i] ^= pos[i];
+               ieee80211_aes_encrypt(tfm, b, b);
+
+               b_0[14] = (j >> 8) & 0xff;
+               b_0[15] = j & 0xff;
+               ieee80211_aes_encrypt(tfm, b_0, e);
+               for (i = 0; i < blen; i++)
+                       *cpos++ = *pos++ ^ e[i];
+       }
+
+       for (i = 0; i < CCMP_MIC_LEN; i++)
+               mic[i] = b[i] ^ s_0[i];
+}
+
+
+int ieee80211_aes_ccm_decrypt(struct crypto_cipher *tfm, u8 *scratch,
+                             u8 *b_0, u8 *aad, u8 *cdata, size_t data_len,
+                             u8 *mic, u8 *data)
+{
+       int i, j, last_len, num_blocks;
+       u8 *pos, *cpos, *b, *s_0, *a;
+
+       b = scratch;
+       s_0 = scratch + AES_BLOCK_LEN;
+       a = scratch + 2 * AES_BLOCK_LEN;
+
+       num_blocks = (data_len + AES_BLOCK_LEN - 1) / AES_BLOCK_LEN;
+       last_len = data_len % AES_BLOCK_LEN;
+       aes_ccm_prepare(tfm, b_0, aad, b, s_0, a);
+
+       /* Process payload blocks */
+       cpos = cdata;
+       pos = data;
+       for (j = 1; j <= num_blocks; j++) {
+               int blen = (j == num_blocks && last_len) ?
+                       last_len : AES_BLOCK_LEN;
+
+               /* Decryption followed by authentication */
+               b_0[14] = (j >> 8) & 0xff;
+               b_0[15] = j & 0xff;
+               ieee80211_aes_encrypt(tfm, b_0, b);
+               for (i = 0; i < blen; i++) {
+                       *pos = *cpos++ ^ b[i];
+                       a[i] ^= *pos++;
+               }
+
+               ieee80211_aes_encrypt(tfm, a, a);
+       }
+
+       for (i = 0; i < CCMP_MIC_LEN; i++) {
+               if ((mic[i] ^ s_0[i]) != a[i])
+                       return -1;
+       }
+
+       return 0;
+}
+
+
+struct crypto_cipher * ieee80211_aes_key_setup_encrypt(const u8 key[])
+{
+       struct crypto_cipher *tfm;
+
+       tfm = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC);
+       if (IS_ERR(tfm))
+               return NULL;
+
+       crypto_cipher_setkey(tfm, key, ALG_CCMP_KEY_LEN);
+
+       return tfm;
+}
+
+
+void ieee80211_aes_key_free(struct crypto_cipher *tfm)
+{
+       if (tfm)
+               crypto_free_cipher(tfm);
+}
 
--- /dev/null
+/*
+ * Copyright 2003-2004, Instant802 Networks, Inc.
+ * Copyright 2006, Devicescape Software, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#ifndef AES_CCM_H
+#define AES_CCM_H
+
+#include <linux/crypto.h>
+
+#define AES_BLOCK_LEN 16
+
+struct crypto_cipher * ieee80211_aes_key_setup_encrypt(const u8 key[]);
+void ieee80211_aes_ccm_encrypt(struct crypto_cipher *tfm, u8 *scratch,
+                              u8 *b_0, u8 *aad, u8 *data, size_t data_len,
+                              u8 *cdata, u8 *mic);
+int ieee80211_aes_ccm_decrypt(struct crypto_cipher *tfm, u8 *scratch,
+                             u8 *b_0, u8 *aad, u8 *cdata, size_t data_len,
+                             u8 *mic, u8 *data);
+void ieee80211_aes_key_free(struct crypto_cipher *tfm);
+
+#endif /* AES_CCM_H */
 
--- /dev/null
+/*
+ * mac80211 configuration hooks for cfg80211
+ *
+ * Copyright 2006      Johannes Berg <johannes@sipsolutions.net>
+ *
+ * This file is GPLv2 as found in COPYING.
+ */
+
+#include <linux/nl80211.h>
+#include <linux/rtnetlink.h>
+#include <net/cfg80211.h>
+#include "ieee80211_i.h"
+#include "cfg.h"
+
+static enum ieee80211_if_types
+nl80211_type_to_mac80211_type(enum nl80211_iftype type)
+{
+       switch (type) {
+       case NL80211_IFTYPE_UNSPECIFIED:
+               return IEEE80211_IF_TYPE_STA;
+       case NL80211_IFTYPE_ADHOC:
+               return IEEE80211_IF_TYPE_IBSS;
+       case NL80211_IFTYPE_STATION:
+               return IEEE80211_IF_TYPE_STA;
+       case NL80211_IFTYPE_MONITOR:
+               return IEEE80211_IF_TYPE_MNTR;
+       default:
+               return IEEE80211_IF_TYPE_INVALID;
+       }
+}
+
+static int ieee80211_add_iface(struct wiphy *wiphy, char *name,
+                              enum nl80211_iftype type)
+{
+       struct ieee80211_local *local = wiphy_priv(wiphy);
+       enum ieee80211_if_types itype;
+
+       if (unlikely(local->reg_state != IEEE80211_DEV_REGISTERED))
+               return -ENODEV;
+
+       itype = nl80211_type_to_mac80211_type(type);
+       if (itype == IEEE80211_IF_TYPE_INVALID)
+               return -EINVAL;
+
+       return ieee80211_if_add(local->mdev, name, NULL, itype);
+}
+
+static int ieee80211_del_iface(struct wiphy *wiphy, int ifindex)
+{
+       struct ieee80211_local *local = wiphy_priv(wiphy);
+       struct net_device *dev;
+       char *name;
+
+       if (unlikely(local->reg_state != IEEE80211_DEV_REGISTERED))
+               return -ENODEV;
+
+       /* we're under RTNL */
+       dev = __dev_get_by_index(ifindex);
+       if (!dev)
+               return 0;
+
+       name = dev->name;
+
+       return ieee80211_if_remove(local->mdev, name, -1);
+}
+
+static int ieee80211_change_iface(struct wiphy *wiphy, int ifindex,
+                                 enum nl80211_iftype type)
+{
+       struct ieee80211_local *local = wiphy_priv(wiphy);
+       struct net_device *dev;
+       enum ieee80211_if_types itype;
+       struct ieee80211_sub_if_data *sdata;
+
+       if (unlikely(local->reg_state != IEEE80211_DEV_REGISTERED))
+               return -ENODEV;
+
+       /* we're under RTNL */
+       dev = __dev_get_by_index(ifindex);
+       if (!dev)
+               return -ENODEV;
+
+       if (netif_running(dev))
+               return -EBUSY;
+
+       itype = nl80211_type_to_mac80211_type(type);
+       if (itype == IEEE80211_IF_TYPE_INVALID)
+               return -EINVAL;
+
+       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+
+        if (sdata->type == IEEE80211_IF_TYPE_VLAN)
+               return -EOPNOTSUPP;
+
+       ieee80211_if_reinit(dev);
+       ieee80211_if_set_type(dev, itype);
+
+       return 0;
+}
+
+struct cfg80211_ops mac80211_config_ops = {
+       .add_virtual_intf = ieee80211_add_iface,
+       .del_virtual_intf = ieee80211_del_iface,
+       .change_virtual_intf = ieee80211_change_iface,
+};
 
--- /dev/null
+/*
+ * mac80211 configuration hooks for cfg80211
+ */
+#ifndef __CFG_H
+#define __CFG_H
+
+extern struct cfg80211_ops mac80211_config_ops;
+
+#endif /* __CFG_H */
 
--- /dev/null
+/*
+ * mac80211 debugfs for wireless PHYs
+ *
+ * Copyright 2007      Johannes Berg <johannes@sipsolutions.net>
+ *
+ * GPLv2
+ *
+ */
+
+#include <linux/debugfs.h>
+#include <linux/rtnetlink.h>
+#include "ieee80211_i.h"
+#include "ieee80211_rate.h"
+#include "debugfs.h"
+
+int mac80211_open_file_generic(struct inode *inode, struct file *file)
+{
+       file->private_data = inode->i_private;
+       return 0;
+}
+
+static const char *ieee80211_mode_str(int mode)
+{
+       switch (mode) {
+       case MODE_IEEE80211A:
+               return "IEEE 802.11a";
+       case MODE_IEEE80211B:
+               return "IEEE 802.11b";
+       case MODE_IEEE80211G:
+               return "IEEE 802.11g";
+       default:
+               return "UNKNOWN";
+       }
+}
+
+static ssize_t modes_read(struct file *file, char __user *userbuf,
+                         size_t count, loff_t *ppos)
+{
+       struct ieee80211_local *local = file->private_data;
+       struct ieee80211_hw_mode *mode;
+       char buf[150], *p = buf;
+
+       /* FIXME: locking! */
+       list_for_each_entry(mode, &local->modes_list, list) {
+               p += scnprintf(p, sizeof(buf)+buf-p,
+                              "%s\n", ieee80211_mode_str(mode->mode));
+       }
+
+       return simple_read_from_buffer(userbuf, count, ppos, buf, p-buf);
+}
+
+static const struct file_operations modes_ops = {
+       .read = modes_read,
+       .open = mac80211_open_file_generic,
+};
+
+#define DEBUGFS_READONLY_FILE(name, buflen, fmt, value...)             \
+static ssize_t name## _read(struct file *file, char __user *userbuf,   \
+                           size_t count, loff_t *ppos)                 \
+{                                                                      \
+       struct ieee80211_local *local = file->private_data;             \
+       char buf[buflen];                                               \
+       int res;                                                        \
+                                                                       \
+       res = scnprintf(buf, buflen, fmt "\n", ##value);                \
+       return simple_read_from_buffer(userbuf, count, ppos, buf, res); \
+}                                                                      \
+                                                                       \
+static const struct file_operations name## _ops = {                    \
+       .read = name## _read,                                           \
+       .open = mac80211_open_file_generic,                             \
+};
+
+#define DEBUGFS_ADD(name)                                              \
+       local->debugfs.name = debugfs_create_file(#name, 0444, phyd,    \
+                                                 local, &name## _ops);
+
+#define DEBUGFS_DEL(name)                                              \
+       debugfs_remove(local->debugfs.name);                            \
+       local->debugfs.name = NULL;
+
+
+DEBUGFS_READONLY_FILE(channel, 20, "%d",
+                     local->hw.conf.channel);
+DEBUGFS_READONLY_FILE(frequency, 20, "%d",
+                     local->hw.conf.freq);
+DEBUGFS_READONLY_FILE(antenna_sel_tx, 20, "%d",
+                     local->hw.conf.antenna_sel_tx);
+DEBUGFS_READONLY_FILE(antenna_sel_rx, 20, "%d",
+                     local->hw.conf.antenna_sel_rx);
+DEBUGFS_READONLY_FILE(bridge_packets, 20, "%d",
+                     local->bridge_packets);
+DEBUGFS_READONLY_FILE(rts_threshold, 20, "%d",
+                     local->rts_threshold);
+DEBUGFS_READONLY_FILE(fragmentation_threshold, 20, "%d",
+                     local->fragmentation_threshold);
+DEBUGFS_READONLY_FILE(short_retry_limit, 20, "%d",
+                     local->short_retry_limit);
+DEBUGFS_READONLY_FILE(long_retry_limit, 20, "%d",
+                     local->long_retry_limit);
+DEBUGFS_READONLY_FILE(total_ps_buffered, 20, "%d",
+                     local->total_ps_buffered);
+DEBUGFS_READONLY_FILE(mode, 20, "%s",
+                     ieee80211_mode_str(local->hw.conf.phymode));
+DEBUGFS_READONLY_FILE(wep_iv, 20, "%#06x",
+                     local->wep_iv & 0xffffff);
+DEBUGFS_READONLY_FILE(rate_ctrl_alg, 100, "%s",
+                     local->rate_ctrl ? local->rate_ctrl->ops->name : "<unset>");
+
+/* statistics stuff */
+
+static inline int rtnl_lock_local(struct ieee80211_local *local)
+{
+       rtnl_lock();
+       if (unlikely(local->reg_state != IEEE80211_DEV_REGISTERED)) {
+               rtnl_unlock();
+               return -ENODEV;
+       }
+       return 0;
+}
+
+#define DEBUGFS_STATS_FILE(name, buflen, fmt, value...)                        \
+       DEBUGFS_READONLY_FILE(stats_ ##name, buflen, fmt, ##value)
+
+static ssize_t format_devstat_counter(struct ieee80211_local *local,
+       char __user *userbuf,
+       size_t count, loff_t *ppos,
+       int (*printvalue)(struct ieee80211_low_level_stats *stats, char *buf,
+                         int buflen))
+{
+       struct ieee80211_low_level_stats stats;
+       char buf[20];
+       int res;
+
+       if (!local->ops->get_stats)
+               return -EOPNOTSUPP;
+
+       res = rtnl_lock_local(local);
+       if (res)
+               return res;
+
+       res = local->ops->get_stats(local_to_hw(local), &stats);
+       rtnl_unlock();
+       if (!res)
+               res = printvalue(&stats, buf, sizeof(buf));
+       return simple_read_from_buffer(userbuf, count, ppos, buf, res);
+}
+
+#define DEBUGFS_DEVSTATS_FILE(name)                                    \
+static int print_devstats_##name(struct ieee80211_low_level_stats *stats,\
+                                char *buf, int buflen)                 \
+{                                                                      \
+       return scnprintf(buf, buflen, "%u\n", stats->name);             \
+}                                                                      \
+static ssize_t stats_ ##name## _read(struct file *file,                        \
+                                    char __user *userbuf,              \
+                                    size_t count, loff_t *ppos)        \
+{                                                                      \
+       return format_devstat_counter(file->private_data,               \
+                                     userbuf,                          \
+                                     count,                            \
+                                     ppos,                             \
+                                     print_devstats_##name);           \
+}                                                                      \
+                                                                       \
+static const struct file_operations stats_ ##name## _ops = {           \
+       .read = stats_ ##name## _read,                                  \
+       .open = mac80211_open_file_generic,                             \
+};
+
+#define DEBUGFS_STATS_ADD(name)                                                \
+       local->debugfs.stats.name = debugfs_create_file(#name, 0444, statsd,\
+               local, &stats_ ##name## _ops);
+
+#define DEBUGFS_STATS_DEL(name)                                                \
+       debugfs_remove(local->debugfs.stats.name);                      \
+       local->debugfs.stats.name = NULL;
+
+DEBUGFS_STATS_FILE(transmitted_fragment_count, 20, "%u",
+                  local->dot11TransmittedFragmentCount);
+DEBUGFS_STATS_FILE(multicast_transmitted_frame_count, 20, "%u",
+                  local->dot11MulticastTransmittedFrameCount);
+DEBUGFS_STATS_FILE(failed_count, 20, "%u",
+                  local->dot11FailedCount);
+DEBUGFS_STATS_FILE(retry_count, 20, "%u",
+                  local->dot11RetryCount);
+DEBUGFS_STATS_FILE(multiple_retry_count, 20, "%u",
+                  local->dot11MultipleRetryCount);
+DEBUGFS_STATS_FILE(frame_duplicate_count, 20, "%u",
+                  local->dot11FrameDuplicateCount);
+DEBUGFS_STATS_FILE(received_fragment_count, 20, "%u",
+                  local->dot11ReceivedFragmentCount);
+DEBUGFS_STATS_FILE(multicast_received_frame_count, 20, "%u",
+                  local->dot11MulticastReceivedFrameCount);
+DEBUGFS_STATS_FILE(transmitted_frame_count, 20, "%u",
+                  local->dot11TransmittedFrameCount);
+DEBUGFS_STATS_FILE(wep_undecryptable_count, 20, "%u",
+                  local->dot11WEPUndecryptableCount);
+#ifdef CONFIG_MAC80211_DEBUG_COUNTERS
+DEBUGFS_STATS_FILE(tx_handlers_drop, 20, "%u",
+                  local->tx_handlers_drop);
+DEBUGFS_STATS_FILE(tx_handlers_queued, 20, "%u",
+                  local->tx_handlers_queued);
+DEBUGFS_STATS_FILE(tx_handlers_drop_unencrypted, 20, "%u",
+                  local->tx_handlers_drop_unencrypted);
+DEBUGFS_STATS_FILE(tx_handlers_drop_fragment, 20, "%u",
+                  local->tx_handlers_drop_fragment);
+DEBUGFS_STATS_FILE(tx_handlers_drop_wep, 20, "%u",
+                  local->tx_handlers_drop_wep);
+DEBUGFS_STATS_FILE(tx_handlers_drop_not_assoc, 20, "%u",
+                  local->tx_handlers_drop_not_assoc);
+DEBUGFS_STATS_FILE(tx_handlers_drop_unauth_port, 20, "%u",
+                  local->tx_handlers_drop_unauth_port);
+DEBUGFS_STATS_FILE(rx_handlers_drop, 20, "%u",
+                  local->rx_handlers_drop);
+DEBUGFS_STATS_FILE(rx_handlers_queued, 20, "%u",
+                  local->rx_handlers_queued);
+DEBUGFS_STATS_FILE(rx_handlers_drop_nullfunc, 20, "%u",
+                  local->rx_handlers_drop_nullfunc);
+DEBUGFS_STATS_FILE(rx_handlers_drop_defrag, 20, "%u",
+                  local->rx_handlers_drop_defrag);
+DEBUGFS_STATS_FILE(rx_handlers_drop_short, 20, "%u",
+                  local->rx_handlers_drop_short);
+DEBUGFS_STATS_FILE(rx_handlers_drop_passive_scan, 20, "%u",
+                  local->rx_handlers_drop_passive_scan);
+DEBUGFS_STATS_FILE(tx_expand_skb_head, 20, "%u",
+                  local->tx_expand_skb_head);
+DEBUGFS_STATS_FILE(tx_expand_skb_head_cloned, 20, "%u",
+                  local->tx_expand_skb_head_cloned);
+DEBUGFS_STATS_FILE(rx_expand_skb_head, 20, "%u",
+                  local->rx_expand_skb_head);
+DEBUGFS_STATS_FILE(rx_expand_skb_head2, 20, "%u",
+                  local->rx_expand_skb_head2);
+DEBUGFS_STATS_FILE(rx_handlers_fragments, 20, "%u",
+                  local->rx_handlers_fragments);
+DEBUGFS_STATS_FILE(tx_status_drop, 20, "%u",
+                  local->tx_status_drop);
+
+static ssize_t stats_wme_rx_queue_read(struct file *file,
+                                      char __user *userbuf,
+                                      size_t count, loff_t *ppos)
+{
+       struct ieee80211_local *local = file->private_data;
+       char buf[NUM_RX_DATA_QUEUES*15], *p = buf;
+       int i;
+
+       for (i = 0; i < NUM_RX_DATA_QUEUES; i++)
+               p += scnprintf(p, sizeof(buf)+buf-p,
+                              "%u\n", local->wme_rx_queue[i]);
+
+       return simple_read_from_buffer(userbuf, count, ppos, buf, p-buf);
+}
+
+static const struct file_operations stats_wme_rx_queue_ops = {
+       .read = stats_wme_rx_queue_read,
+       .open = mac80211_open_file_generic,
+};
+
+static ssize_t stats_wme_tx_queue_read(struct file *file,
+                                      char __user *userbuf,
+                                      size_t count, loff_t *ppos)
+{
+       struct ieee80211_local *local = file->private_data;
+       char buf[NUM_TX_DATA_QUEUES*15], *p = buf;
+       int i;
+
+       for (i = 0; i < NUM_TX_DATA_QUEUES; i++)
+               p += scnprintf(p, sizeof(buf)+buf-p,
+                              "%u\n", local->wme_tx_queue[i]);
+
+       return simple_read_from_buffer(userbuf, count, ppos, buf, p-buf);
+}
+
+static const struct file_operations stats_wme_tx_queue_ops = {
+       .read = stats_wme_tx_queue_read,
+       .open = mac80211_open_file_generic,
+};
+#endif
+
+DEBUGFS_DEVSTATS_FILE(dot11ACKFailureCount);
+DEBUGFS_DEVSTATS_FILE(dot11RTSFailureCount);
+DEBUGFS_DEVSTATS_FILE(dot11FCSErrorCount);
+DEBUGFS_DEVSTATS_FILE(dot11RTSSuccessCount);
+
+
+void debugfs_hw_add(struct ieee80211_local *local)
+{
+       struct dentry *phyd = local->hw.wiphy->debugfsdir;
+       struct dentry *statsd;
+
+       if (!phyd)
+               return;
+
+       local->debugfs.stations = debugfs_create_dir("stations", phyd);
+       local->debugfs.keys = debugfs_create_dir("keys", phyd);
+
+       DEBUGFS_ADD(channel);
+       DEBUGFS_ADD(frequency);
+       DEBUGFS_ADD(antenna_sel_tx);
+       DEBUGFS_ADD(antenna_sel_rx);
+       DEBUGFS_ADD(bridge_packets);
+       DEBUGFS_ADD(rts_threshold);
+       DEBUGFS_ADD(fragmentation_threshold);
+       DEBUGFS_ADD(short_retry_limit);
+       DEBUGFS_ADD(long_retry_limit);
+       DEBUGFS_ADD(total_ps_buffered);
+       DEBUGFS_ADD(mode);
+       DEBUGFS_ADD(wep_iv);
+       DEBUGFS_ADD(modes);
+
+       statsd = debugfs_create_dir("statistics", phyd);
+       local->debugfs.statistics = statsd;
+
+       /* if the dir failed, don't put all the other things into the root! */
+       if (!statsd)
+               return;
+
+       DEBUGFS_STATS_ADD(transmitted_fragment_count);
+       DEBUGFS_STATS_ADD(multicast_transmitted_frame_count);
+       DEBUGFS_STATS_ADD(failed_count);
+       DEBUGFS_STATS_ADD(retry_count);
+       DEBUGFS_STATS_ADD(multiple_retry_count);
+       DEBUGFS_STATS_ADD(frame_duplicate_count);
+       DEBUGFS_STATS_ADD(received_fragment_count);
+       DEBUGFS_STATS_ADD(multicast_received_frame_count);
+       DEBUGFS_STATS_ADD(transmitted_frame_count);
+       DEBUGFS_STATS_ADD(wep_undecryptable_count);
+#ifdef CONFIG_MAC80211_DEBUG_COUNTERS
+       DEBUGFS_STATS_ADD(tx_handlers_drop);
+       DEBUGFS_STATS_ADD(tx_handlers_queued);
+       DEBUGFS_STATS_ADD(tx_handlers_drop_unencrypted);
+       DEBUGFS_STATS_ADD(tx_handlers_drop_fragment);
+       DEBUGFS_STATS_ADD(tx_handlers_drop_wep);
+       DEBUGFS_STATS_ADD(tx_handlers_drop_not_assoc);
+       DEBUGFS_STATS_ADD(tx_handlers_drop_unauth_port);
+       DEBUGFS_STATS_ADD(rx_handlers_drop);
+       DEBUGFS_STATS_ADD(rx_handlers_queued);
+       DEBUGFS_STATS_ADD(rx_handlers_drop_nullfunc);
+       DEBUGFS_STATS_ADD(rx_handlers_drop_defrag);
+       DEBUGFS_STATS_ADD(rx_handlers_drop_short);
+       DEBUGFS_STATS_ADD(rx_handlers_drop_passive_scan);
+       DEBUGFS_STATS_ADD(tx_expand_skb_head);
+       DEBUGFS_STATS_ADD(tx_expand_skb_head_cloned);
+       DEBUGFS_STATS_ADD(rx_expand_skb_head);
+       DEBUGFS_STATS_ADD(rx_expand_skb_head2);
+       DEBUGFS_STATS_ADD(rx_handlers_fragments);
+       DEBUGFS_STATS_ADD(tx_status_drop);
+       DEBUGFS_STATS_ADD(wme_tx_queue);
+       DEBUGFS_STATS_ADD(wme_rx_queue);
+#endif
+       DEBUGFS_STATS_ADD(dot11ACKFailureCount);
+       DEBUGFS_STATS_ADD(dot11RTSFailureCount);
+       DEBUGFS_STATS_ADD(dot11FCSErrorCount);
+       DEBUGFS_STATS_ADD(dot11RTSSuccessCount);
+}
+
+void debugfs_hw_del(struct ieee80211_local *local)
+{
+       DEBUGFS_DEL(channel);
+       DEBUGFS_DEL(frequency);
+       DEBUGFS_DEL(antenna_sel_tx);
+       DEBUGFS_DEL(antenna_sel_rx);
+       DEBUGFS_DEL(bridge_packets);
+       DEBUGFS_DEL(rts_threshold);
+       DEBUGFS_DEL(fragmentation_threshold);
+       DEBUGFS_DEL(short_retry_limit);
+       DEBUGFS_DEL(long_retry_limit);
+       DEBUGFS_DEL(total_ps_buffered);
+       DEBUGFS_DEL(mode);
+       DEBUGFS_DEL(wep_iv);
+       DEBUGFS_DEL(modes);
+
+       DEBUGFS_STATS_DEL(transmitted_fragment_count);
+       DEBUGFS_STATS_DEL(multicast_transmitted_frame_count);
+       DEBUGFS_STATS_DEL(failed_count);
+       DEBUGFS_STATS_DEL(retry_count);
+       DEBUGFS_STATS_DEL(multiple_retry_count);
+       DEBUGFS_STATS_DEL(frame_duplicate_count);
+       DEBUGFS_STATS_DEL(received_fragment_count);
+       DEBUGFS_STATS_DEL(multicast_received_frame_count);
+       DEBUGFS_STATS_DEL(transmitted_frame_count);
+       DEBUGFS_STATS_DEL(wep_undecryptable_count);
+       DEBUGFS_STATS_DEL(num_scans);
+#ifdef CONFIG_MAC80211_DEBUG_COUNTERS
+       DEBUGFS_STATS_DEL(tx_handlers_drop);
+       DEBUGFS_STATS_DEL(tx_handlers_queued);
+       DEBUGFS_STATS_DEL(tx_handlers_drop_unencrypted);
+       DEBUGFS_STATS_DEL(tx_handlers_drop_fragment);
+       DEBUGFS_STATS_DEL(tx_handlers_drop_wep);
+       DEBUGFS_STATS_DEL(tx_handlers_drop_not_assoc);
+       DEBUGFS_STATS_DEL(tx_handlers_drop_unauth_port);
+       DEBUGFS_STATS_DEL(rx_handlers_drop);
+       DEBUGFS_STATS_DEL(rx_handlers_queued);
+       DEBUGFS_STATS_DEL(rx_handlers_drop_nullfunc);
+       DEBUGFS_STATS_DEL(rx_handlers_drop_defrag);
+       DEBUGFS_STATS_DEL(rx_handlers_drop_short);
+       DEBUGFS_STATS_DEL(rx_handlers_drop_passive_scan);
+       DEBUGFS_STATS_DEL(tx_expand_skb_head);
+       DEBUGFS_STATS_DEL(tx_expand_skb_head_cloned);
+       DEBUGFS_STATS_DEL(rx_expand_skb_head);
+       DEBUGFS_STATS_DEL(rx_expand_skb_head2);
+       DEBUGFS_STATS_DEL(rx_handlers_fragments);
+       DEBUGFS_STATS_DEL(tx_status_drop);
+       DEBUGFS_STATS_DEL(wme_tx_queue);
+       DEBUGFS_STATS_DEL(wme_rx_queue);
+#endif
+       DEBUGFS_STATS_DEL(dot11ACKFailureCount);
+       DEBUGFS_STATS_DEL(dot11RTSFailureCount);
+       DEBUGFS_STATS_DEL(dot11FCSErrorCount);
+       DEBUGFS_STATS_DEL(dot11RTSSuccessCount);
+
+       debugfs_remove(local->debugfs.statistics);
+       local->debugfs.statistics = NULL;
+       debugfs_remove(local->debugfs.stations);
+       local->debugfs.stations = NULL;
+       debugfs_remove(local->debugfs.keys);
+       local->debugfs.keys = NULL;
+}
 
--- /dev/null
+#ifndef __MAC80211_DEBUGFS_H
+#define __MAC80211_DEBUGFS_H
+
+#ifdef CONFIG_MAC80211_DEBUGFS
+extern void debugfs_hw_add(struct ieee80211_local *local);
+extern void debugfs_hw_del(struct ieee80211_local *local);
+extern int mac80211_open_file_generic(struct inode *inode, struct file *file);
+#else
+static inline void debugfs_hw_add(struct ieee80211_local *local)
+{
+       return;
+}
+static inline void debugfs_hw_del(struct ieee80211_local *local) {}
+#endif
+
+#endif /* __MAC80211_DEBUGFS_H */
 
--- /dev/null
+/*
+ * Copyright 2003-2005 Devicescape Software, Inc.
+ * Copyright (c) 2006  Jiri Benc <jbenc@suse.cz>
+ * Copyright 2007      Johannes Berg <johannes@sipsolutions.net>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#include <linux/kobject.h>
+#include "ieee80211_i.h"
+#include "ieee80211_key.h"
+#include "debugfs.h"
+#include "debugfs_key.h"
+
+#define KEY_READ(name, prop, buflen, format_string)                    \
+static ssize_t key_##name##_read(struct file *file,                    \
+                                char __user *userbuf,                  \
+                                size_t count, loff_t *ppos)            \
+{                                                                      \
+       char buf[buflen];                                               \
+       struct ieee80211_key *key = file->private_data;                 \
+       int res = scnprintf(buf, buflen, format_string, key->prop);     \
+       return simple_read_from_buffer(userbuf, count, ppos, buf, res); \
+}
+#define KEY_READ_D(name) KEY_READ(name, name, 20, "%d\n")
+#define KEY_READ_X(name) KEY_READ(name, name, 20, "0x%x\n")
+
+#define KEY_OPS(name)                                                  \
+static const struct file_operations key_ ##name## _ops = {             \
+       .read = key_##name##_read,                                      \
+       .open = mac80211_open_file_generic,                             \
+}
+
+#define KEY_FILE(name, format)                                         \
+                KEY_READ_##format(name)                                \
+                KEY_OPS(name)
+
+#define KEY_CONF_READ(name, buflen, format_string)                     \
+       KEY_READ(conf_##name, conf.name, buflen, format_string)
+#define KEY_CONF_READ_D(name) KEY_CONF_READ(name, 20, "%d\n")
+
+#define KEY_CONF_OPS(name)                                             \
+static const struct file_operations key_ ##name## _ops = {             \
+       .read = key_conf_##name##_read,                                 \
+       .open = mac80211_open_file_generic,                             \
+}
+
+#define KEY_CONF_FILE(name, format)                                    \
+                KEY_CONF_READ_##format(name)                           \
+                KEY_CONF_OPS(name)
+
+KEY_CONF_FILE(keylen, D);
+KEY_CONF_FILE(keyidx, D);
+KEY_CONF_FILE(hw_key_idx, D);
+KEY_FILE(flags, X);
+KEY_FILE(tx_rx_count, D);
+KEY_READ(ifindex, sdata->dev->ifindex, 20, "%d\n");
+KEY_OPS(ifindex);
+
+static ssize_t key_algorithm_read(struct file *file,
+                                 char __user *userbuf,
+                                 size_t count, loff_t *ppos)
+{
+       char *alg;
+       struct ieee80211_key *key = file->private_data;
+
+       switch (key->conf.alg) {
+       case ALG_WEP:
+               alg = "WEP\n";
+               break;
+       case ALG_TKIP:
+               alg = "TKIP\n";
+               break;
+       case ALG_CCMP:
+               alg = "CCMP\n";
+               break;
+       default:
+               return 0;
+       }
+       return simple_read_from_buffer(userbuf, count, ppos, alg, strlen(alg));
+}
+KEY_OPS(algorithm);
+
+static ssize_t key_tx_spec_read(struct file *file, char __user *userbuf,
+                               size_t count, loff_t *ppos)
+{
+       const u8 *tpn;
+       char buf[20];
+       int len;
+       struct ieee80211_key *key = file->private_data;
+
+       switch (key->conf.alg) {
+       case ALG_WEP:
+               len = scnprintf(buf, sizeof(buf), "\n");
+               break;
+       case ALG_TKIP:
+               len = scnprintf(buf, sizeof(buf), "%08x %04x\n",
+                               key->u.tkip.iv32,
+                               key->u.tkip.iv16);
+               break;
+       case ALG_CCMP:
+               tpn = key->u.ccmp.tx_pn;
+               len = scnprintf(buf, sizeof(buf), "%02x%02x%02x%02x%02x%02x\n",
+                               tpn[0], tpn[1], tpn[2], tpn[3], tpn[4], tpn[5]);
+               break;
+       default:
+               return 0;
+       }
+       return simple_read_from_buffer(userbuf, count, ppos, buf, len);
+}
+KEY_OPS(tx_spec);
+
+static ssize_t key_rx_spec_read(struct file *file, char __user *userbuf,
+                               size_t count, loff_t *ppos)
+{
+       struct ieee80211_key *key = file->private_data;
+       char buf[14*NUM_RX_DATA_QUEUES+1], *p = buf;
+       int i, len;
+       const u8 *rpn;
+
+       switch (key->conf.alg) {
+       case ALG_WEP:
+               len = scnprintf(buf, sizeof(buf), "\n");
+               break;
+       case ALG_TKIP:
+               for (i = 0; i < NUM_RX_DATA_QUEUES; i++)
+                       p += scnprintf(p, sizeof(buf)+buf-p,
+                                      "%08x %04x\n",
+                                      key->u.tkip.iv32_rx[i],
+                                      key->u.tkip.iv16_rx[i]);
+               len = p - buf;
+               break;
+       case ALG_CCMP:
+               for (i = 0; i < NUM_RX_DATA_QUEUES; i++) {
+                       rpn = key->u.ccmp.rx_pn[i];
+                       p += scnprintf(p, sizeof(buf)+buf-p,
+                                      "%02x%02x%02x%02x%02x%02x\n",
+                                      rpn[0], rpn[1], rpn[2],
+                                      rpn[3], rpn[4], rpn[5]);
+               }
+               len = p - buf;
+               break;
+       default:
+               return 0;
+       }
+       return simple_read_from_buffer(userbuf, count, ppos, buf, len);
+}
+KEY_OPS(rx_spec);
+
+static ssize_t key_replays_read(struct file *file, char __user *userbuf,
+                               size_t count, loff_t *ppos)
+{
+       struct ieee80211_key *key = file->private_data;
+       char buf[20];
+       int len;
+
+       if (key->conf.alg != ALG_CCMP)
+               return 0;
+       len = scnprintf(buf, sizeof(buf), "%u\n", key->u.ccmp.replays);
+       return simple_read_from_buffer(userbuf, count, ppos, buf, len);
+}
+KEY_OPS(replays);
+
+static ssize_t key_key_read(struct file *file, char __user *userbuf,
+                           size_t count, loff_t *ppos)
+{
+       struct ieee80211_key *key = file->private_data;
+       int i, res, bufsize = 2 * key->conf.keylen + 2;
+       char *buf = kmalloc(bufsize, GFP_KERNEL);
+       char *p = buf;
+
+       for (i = 0; i < key->conf.keylen; i++)
+               p += scnprintf(p, bufsize + buf - p, "%02x", key->conf.key[i]);
+       p += scnprintf(p, bufsize+buf-p, "\n");
+       res = simple_read_from_buffer(userbuf, count, ppos, buf, p - buf);
+       kfree(buf);
+       return res;
+}
+KEY_OPS(key);
+
+#define DEBUGFS_ADD(name) \
+       key->debugfs.name = debugfs_create_file(#name, 0400,\
+                               key->debugfs.dir, key, &key_##name##_ops);
+
+void ieee80211_debugfs_key_add(struct ieee80211_local *local,
+                              struct ieee80211_key *key)
+{
+       static int keycount;
+       char buf[20];
+
+       if (!local->debugfs.keys)
+               return;
+
+       sprintf(buf, "%d", keycount);
+       keycount++;
+       key->debugfs.dir = debugfs_create_dir(buf,
+                                       local->debugfs.keys);
+
+       if (!key->debugfs.dir)
+               return;
+
+       DEBUGFS_ADD(keylen);
+       DEBUGFS_ADD(flags);
+       DEBUGFS_ADD(keyidx);
+       DEBUGFS_ADD(hw_key_idx);
+       DEBUGFS_ADD(tx_rx_count);
+       DEBUGFS_ADD(algorithm);
+       DEBUGFS_ADD(tx_spec);
+       DEBUGFS_ADD(rx_spec);
+       DEBUGFS_ADD(replays);
+       DEBUGFS_ADD(key);
+       DEBUGFS_ADD(ifindex);
+};
+
+#define DEBUGFS_DEL(name) \
+       debugfs_remove(key->debugfs.name); key->debugfs.name = NULL;
+
+void ieee80211_debugfs_key_remove(struct ieee80211_key *key)
+{
+       if (!key)
+               return;
+
+       DEBUGFS_DEL(keylen);
+       DEBUGFS_DEL(flags);
+       DEBUGFS_DEL(keyidx);
+       DEBUGFS_DEL(hw_key_idx);
+       DEBUGFS_DEL(tx_rx_count);
+       DEBUGFS_DEL(algorithm);
+       DEBUGFS_DEL(tx_spec);
+       DEBUGFS_DEL(rx_spec);
+       DEBUGFS_DEL(replays);
+       DEBUGFS_DEL(key);
+       DEBUGFS_DEL(ifindex);
+
+       debugfs_remove(key->debugfs.stalink);
+       key->debugfs.stalink = NULL;
+       debugfs_remove(key->debugfs.dir);
+       key->debugfs.dir = NULL;
+}
+void ieee80211_debugfs_key_add_default(struct ieee80211_sub_if_data *sdata)
+{
+       char buf[50];
+
+       if (!sdata->debugfsdir)
+               return;
+
+       sprintf(buf, "../keys/%d", sdata->default_key->conf.keyidx);
+       sdata->debugfs.default_key =
+               debugfs_create_symlink("default_key", sdata->debugfsdir, buf);
+}
+void ieee80211_debugfs_key_remove_default(struct ieee80211_sub_if_data *sdata)
+{
+       if (!sdata)
+               return;
+
+       debugfs_remove(sdata->debugfs.default_key);
+       sdata->debugfs.default_key = NULL;
+}
+void ieee80211_debugfs_key_sta_link(struct ieee80211_key *key,
+                                   struct sta_info *sta)
+{
+       char buf[50];
+
+       if (!key->debugfs.dir)
+               return;
+
+       sprintf(buf, "../../stations/" MAC_FMT, MAC_ARG(sta->addr));
+       key->debugfs.stalink =
+               debugfs_create_symlink("station", key->debugfs.dir, buf);
+}
+
+void ieee80211_debugfs_key_sta_del(struct ieee80211_key *key,
+                                  struct sta_info *sta)
+{
+       debugfs_remove(key->debugfs.stalink);
+       key->debugfs.stalink = NULL;
+}
 
--- /dev/null
+#ifndef __MAC80211_DEBUGFS_KEY_H
+#define __MAC80211_DEBUGFS_KEY_H
+
+#ifdef CONFIG_MAC80211_DEBUGFS
+void ieee80211_debugfs_key_add(struct ieee80211_local *local,
+                              struct ieee80211_key *key);
+void ieee80211_debugfs_key_remove(struct ieee80211_key *key);
+void ieee80211_debugfs_key_add_default(struct ieee80211_sub_if_data *sdata);
+void ieee80211_debugfs_key_remove_default(struct ieee80211_sub_if_data *sdata);
+void ieee80211_debugfs_key_sta_link(struct ieee80211_key *key,
+                                   struct sta_info *sta);
+void ieee80211_debugfs_key_sta_del(struct ieee80211_key *key,
+                                  struct sta_info *sta);
+#else
+static inline void ieee80211_debugfs_key_add(struct ieee80211_local *local,
+                                            struct ieee80211_key *key)
+{}
+static inline void ieee80211_debugfs_key_remove(struct ieee80211_key *key)
+{}
+static inline void ieee80211_debugfs_key_add_default(
+       struct ieee80211_sub_if_data *sdata)
+{}
+static inline void ieee80211_debugfs_key_remove_default(
+       struct ieee80211_sub_if_data *sdata)
+{}
+static inline void ieee80211_debugfs_key_sta_link(
+       struct ieee80211_key *key, struct sta_info *sta)
+{}
+static inline void ieee80211_debugfs_key_sta_del(struct ieee80211_key *key,
+                                                struct sta_info *sta)
+{}
+#endif
+
+#endif /* __MAC80211_DEBUGFS_KEY_H */
 
--- /dev/null
+/*
+ * Copyright (c) 2006  Jiri Benc <jbenc@suse.cz>
+ * Copyright 2007      Johannes Berg <johannes@sipsolutions.net>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#include <linux/kernel.h>
+#include <linux/device.h>
+#include <linux/if.h>
+#include <linux/interrupt.h>
+#include <linux/netdevice.h>
+#include <linux/rtnetlink.h>
+#include <linux/notifier.h>
+#include <net/mac80211.h>
+#include <net/cfg80211.h>
+#include "ieee80211_i.h"
+#include "ieee80211_rate.h"
+#include "debugfs.h"
+#include "debugfs_netdev.h"
+
+static ssize_t ieee80211_if_read(
+       struct ieee80211_sub_if_data *sdata,
+       char __user *userbuf,
+       size_t count, loff_t *ppos,
+       ssize_t (*format)(const struct ieee80211_sub_if_data *, char *, int))
+{
+       char buf[70];
+       ssize_t ret = -EINVAL;
+
+       read_lock(&dev_base_lock);
+       if (sdata->dev->reg_state == NETREG_REGISTERED) {
+               ret = (*format)(sdata, buf, sizeof(buf));
+               ret = simple_read_from_buffer(userbuf, count, ppos, buf, ret);
+       }
+       read_unlock(&dev_base_lock);
+       return ret;
+}
+
+#define IEEE80211_IF_FMT(name, field, format_string)                   \
+static ssize_t ieee80211_if_fmt_##name(                                        \
+       const struct ieee80211_sub_if_data *sdata, char *buf,           \
+       int buflen)                                                     \
+{                                                                      \
+       return scnprintf(buf, buflen, format_string, sdata->field);     \
+}
+#define IEEE80211_IF_FMT_DEC(name, field)                              \
+               IEEE80211_IF_FMT(name, field, "%d\n")
+#define IEEE80211_IF_FMT_HEX(name, field)                              \
+               IEEE80211_IF_FMT(name, field, "%#x\n")
+#define IEEE80211_IF_FMT_SIZE(name, field)                             \
+               IEEE80211_IF_FMT(name, field, "%zd\n")
+
+#define IEEE80211_IF_FMT_ATOMIC(name, field)                           \
+static ssize_t ieee80211_if_fmt_##name(                                        \
+       const struct ieee80211_sub_if_data *sdata,                      \
+       char *buf, int buflen)                                          \
+{                                                                      \
+       return scnprintf(buf, buflen, "%d\n", atomic_read(&sdata->field));\
+}
+
+#define IEEE80211_IF_FMT_MAC(name, field)                              \
+static ssize_t ieee80211_if_fmt_##name(                                        \
+       const struct ieee80211_sub_if_data *sdata, char *buf,           \
+       int buflen)                                                     \
+{                                                                      \
+       return scnprintf(buf, buflen, MAC_FMT "\n", MAC_ARG(sdata->field));\
+}
+
+#define __IEEE80211_IF_FILE(name)                                      \
+static ssize_t ieee80211_if_read_##name(struct file *file,             \
+                                       char __user *userbuf,           \
+                                       size_t count, loff_t *ppos)     \
+{                                                                      \
+       return ieee80211_if_read(file->private_data,                    \
+                                userbuf, count, ppos,                  \
+                                ieee80211_if_fmt_##name);              \
+}                                                                      \
+static const struct file_operations name##_ops = {                     \
+       .read = ieee80211_if_read_##name,                               \
+       .open = mac80211_open_file_generic,                             \
+}
+
+#define IEEE80211_IF_FILE(name, field, format)                         \
+               IEEE80211_IF_FMT_##format(name, field)                  \
+               __IEEE80211_IF_FILE(name)
+
+/* common attributes */
+IEEE80211_IF_FILE(channel_use, channel_use, DEC);
+IEEE80211_IF_FILE(drop_unencrypted, drop_unencrypted, DEC);
+IEEE80211_IF_FILE(eapol, eapol, DEC);
+IEEE80211_IF_FILE(ieee8021_x, ieee802_1x, DEC);
+
+/* STA/IBSS attributes */
+IEEE80211_IF_FILE(state, u.sta.state, DEC);
+IEEE80211_IF_FILE(bssid, u.sta.bssid, MAC);
+IEEE80211_IF_FILE(prev_bssid, u.sta.prev_bssid, MAC);
+IEEE80211_IF_FILE(ssid_len, u.sta.ssid_len, SIZE);
+IEEE80211_IF_FILE(aid, u.sta.aid, DEC);
+IEEE80211_IF_FILE(ap_capab, u.sta.ap_capab, HEX);
+IEEE80211_IF_FILE(capab, u.sta.capab, HEX);
+IEEE80211_IF_FILE(extra_ie_len, u.sta.extra_ie_len, SIZE);
+IEEE80211_IF_FILE(auth_tries, u.sta.auth_tries, DEC);
+IEEE80211_IF_FILE(assoc_tries, u.sta.assoc_tries, DEC);
+IEEE80211_IF_FILE(auth_algs, u.sta.auth_algs, HEX);
+IEEE80211_IF_FILE(auth_alg, u.sta.auth_alg, DEC);
+IEEE80211_IF_FILE(auth_transaction, u.sta.auth_transaction, DEC);
+
+static ssize_t ieee80211_if_fmt_flags(
+       const struct ieee80211_sub_if_data *sdata, char *buf, int buflen)
+{
+       return scnprintf(buf, buflen, "%s%s%s%s%s%s%s\n",
+                sdata->u.sta.flags & IEEE80211_STA_SSID_SET ? "SSID\n" : "",
+                sdata->u.sta.flags & IEEE80211_STA_BSSID_SET ? "BSSID\n" : "",
+                sdata->u.sta.flags & IEEE80211_STA_PREV_BSSID_SET ? "prev BSSID\n" : "",
+                sdata->u.sta.flags & IEEE80211_STA_AUTHENTICATED ? "AUTH\n" : "",
+                sdata->u.sta.flags & IEEE80211_STA_ASSOCIATED ? "ASSOC\n" : "",
+                sdata->u.sta.flags & IEEE80211_STA_PROBEREQ_POLL ? "PROBEREQ POLL\n" : "",
+                sdata->flags & IEEE80211_SDATA_USE_PROTECTION ? "CTS prot\n" : "");
+}
+__IEEE80211_IF_FILE(flags);
+
+/* AP attributes */
+IEEE80211_IF_FILE(num_sta_ps, u.ap.num_sta_ps, ATOMIC);
+IEEE80211_IF_FILE(dtim_period, u.ap.dtim_period, DEC);
+IEEE80211_IF_FILE(dtim_count, u.ap.dtim_count, DEC);
+IEEE80211_IF_FILE(num_beacons, u.ap.num_beacons, DEC);
+IEEE80211_IF_FILE(force_unicast_rateidx, u.ap.force_unicast_rateidx, DEC);
+IEEE80211_IF_FILE(max_ratectrl_rateidx, u.ap.max_ratectrl_rateidx, DEC);
+
+static ssize_t ieee80211_if_fmt_num_buffered_multicast(
+       const struct ieee80211_sub_if_data *sdata, char *buf, int buflen)
+{
+       return scnprintf(buf, buflen, "%u\n",
+                        skb_queue_len(&sdata->u.ap.ps_bc_buf));
+}
+__IEEE80211_IF_FILE(num_buffered_multicast);
+
+static ssize_t ieee80211_if_fmt_beacon_head_len(
+       const struct ieee80211_sub_if_data *sdata, char *buf, int buflen)
+{
+       if (sdata->u.ap.beacon_head)
+               return scnprintf(buf, buflen, "%d\n",
+                                sdata->u.ap.beacon_head_len);
+       return scnprintf(buf, buflen, "\n");
+}
+__IEEE80211_IF_FILE(beacon_head_len);
+
+static ssize_t ieee80211_if_fmt_beacon_tail_len(
+       const struct ieee80211_sub_if_data *sdata, char *buf, int buflen)
+{
+       if (sdata->u.ap.beacon_tail)
+               return scnprintf(buf, buflen, "%d\n",
+                                sdata->u.ap.beacon_tail_len);
+       return scnprintf(buf, buflen, "\n");
+}
+__IEEE80211_IF_FILE(beacon_tail_len);
+
+/* WDS attributes */
+IEEE80211_IF_FILE(peer, u.wds.remote_addr, MAC);
+
+#define DEBUGFS_ADD(name, type)\
+       sdata->debugfs.type.name = debugfs_create_file(#name, 0444,\
+               sdata->debugfsdir, sdata, &name##_ops);
+
+static void add_sta_files(struct ieee80211_sub_if_data *sdata)
+{
+       DEBUGFS_ADD(channel_use, sta);
+       DEBUGFS_ADD(drop_unencrypted, sta);
+       DEBUGFS_ADD(eapol, sta);
+       DEBUGFS_ADD(ieee8021_x, sta);
+       DEBUGFS_ADD(state, sta);
+       DEBUGFS_ADD(bssid, sta);
+       DEBUGFS_ADD(prev_bssid, sta);
+       DEBUGFS_ADD(ssid_len, sta);
+       DEBUGFS_ADD(aid, sta);
+       DEBUGFS_ADD(ap_capab, sta);
+       DEBUGFS_ADD(capab, sta);
+       DEBUGFS_ADD(extra_ie_len, sta);
+       DEBUGFS_ADD(auth_tries, sta);
+       DEBUGFS_ADD(assoc_tries, sta);
+       DEBUGFS_ADD(auth_algs, sta);
+       DEBUGFS_ADD(auth_alg, sta);
+       DEBUGFS_ADD(auth_transaction, sta);
+       DEBUGFS_ADD(flags, sta);
+}
+
+static void add_ap_files(struct ieee80211_sub_if_data *sdata)
+{
+       DEBUGFS_ADD(channel_use, ap);
+       DEBUGFS_ADD(drop_unencrypted, ap);
+       DEBUGFS_ADD(eapol, ap);
+       DEBUGFS_ADD(ieee8021_x, ap);
+       DEBUGFS_ADD(num_sta_ps, ap);
+       DEBUGFS_ADD(dtim_period, ap);
+       DEBUGFS_ADD(dtim_count, ap);
+       DEBUGFS_ADD(num_beacons, ap);
+       DEBUGFS_ADD(force_unicast_rateidx, ap);
+       DEBUGFS_ADD(max_ratectrl_rateidx, ap);
+       DEBUGFS_ADD(num_buffered_multicast, ap);
+       DEBUGFS_ADD(beacon_head_len, ap);
+       DEBUGFS_ADD(beacon_tail_len, ap);
+}
+
+static void add_wds_files(struct ieee80211_sub_if_data *sdata)
+{
+       DEBUGFS_ADD(channel_use, wds);
+       DEBUGFS_ADD(drop_unencrypted, wds);
+       DEBUGFS_ADD(eapol, wds);
+       DEBUGFS_ADD(ieee8021_x, wds);
+       DEBUGFS_ADD(peer, wds);
+}
+
+static void add_vlan_files(struct ieee80211_sub_if_data *sdata)
+{
+       DEBUGFS_ADD(channel_use, vlan);
+       DEBUGFS_ADD(drop_unencrypted, vlan);
+       DEBUGFS_ADD(eapol, vlan);
+       DEBUGFS_ADD(ieee8021_x, vlan);
+}
+
+static void add_monitor_files(struct ieee80211_sub_if_data *sdata)
+{
+}
+
+static void add_files(struct ieee80211_sub_if_data *sdata)
+{
+       if (!sdata->debugfsdir)
+               return;
+
+       switch (sdata->type) {
+       case IEEE80211_IF_TYPE_STA:
+       case IEEE80211_IF_TYPE_IBSS:
+               add_sta_files(sdata);
+               break;
+       case IEEE80211_IF_TYPE_AP:
+               add_ap_files(sdata);
+               break;
+       case IEEE80211_IF_TYPE_WDS:
+               add_wds_files(sdata);
+               break;
+       case IEEE80211_IF_TYPE_MNTR:
+               add_monitor_files(sdata);
+               break;
+       case IEEE80211_IF_TYPE_VLAN:
+               add_vlan_files(sdata);
+               break;
+       default:
+               break;
+       }
+}
+
+#define DEBUGFS_DEL(name, type)                                        \
+       do {                                                    \
+               debugfs_remove(sdata->debugfs.type.name);       \
+               sdata->debugfs.type.name = NULL;                \
+       } while (0)
+
+static void del_sta_files(struct ieee80211_sub_if_data *sdata)
+{
+       DEBUGFS_DEL(channel_use, sta);
+       DEBUGFS_DEL(drop_unencrypted, sta);
+       DEBUGFS_DEL(eapol, sta);
+       DEBUGFS_DEL(ieee8021_x, sta);
+       DEBUGFS_DEL(state, sta);
+       DEBUGFS_DEL(bssid, sta);
+       DEBUGFS_DEL(prev_bssid, sta);
+       DEBUGFS_DEL(ssid_len, sta);
+       DEBUGFS_DEL(aid, sta);
+       DEBUGFS_DEL(ap_capab, sta);
+       DEBUGFS_DEL(capab, sta);
+       DEBUGFS_DEL(extra_ie_len, sta);
+       DEBUGFS_DEL(auth_tries, sta);
+       DEBUGFS_DEL(assoc_tries, sta);
+       DEBUGFS_DEL(auth_algs, sta);
+       DEBUGFS_DEL(auth_alg, sta);
+       DEBUGFS_DEL(auth_transaction, sta);
+       DEBUGFS_DEL(flags, sta);
+}
+
+static void del_ap_files(struct ieee80211_sub_if_data *sdata)
+{
+       DEBUGFS_DEL(channel_use, ap);
+       DEBUGFS_DEL(drop_unencrypted, ap);
+       DEBUGFS_DEL(eapol, ap);
+       DEBUGFS_DEL(ieee8021_x, ap);
+       DEBUGFS_DEL(num_sta_ps, ap);
+       DEBUGFS_DEL(dtim_period, ap);
+       DEBUGFS_DEL(dtim_count, ap);
+       DEBUGFS_DEL(num_beacons, ap);
+       DEBUGFS_DEL(force_unicast_rateidx, ap);
+       DEBUGFS_DEL(max_ratectrl_rateidx, ap);
+       DEBUGFS_DEL(num_buffered_multicast, ap);
+       DEBUGFS_DEL(beacon_head_len, ap);
+       DEBUGFS_DEL(beacon_tail_len, ap);
+}
+
+static void del_wds_files(struct ieee80211_sub_if_data *sdata)
+{
+       DEBUGFS_DEL(channel_use, wds);
+       DEBUGFS_DEL(drop_unencrypted, wds);
+       DEBUGFS_DEL(eapol, wds);
+       DEBUGFS_DEL(ieee8021_x, wds);
+       DEBUGFS_DEL(peer, wds);
+}
+
+static void del_vlan_files(struct ieee80211_sub_if_data *sdata)
+{
+       DEBUGFS_DEL(channel_use, vlan);
+       DEBUGFS_DEL(drop_unencrypted, vlan);
+       DEBUGFS_DEL(eapol, vlan);
+       DEBUGFS_DEL(ieee8021_x, vlan);
+}
+
+static void del_monitor_files(struct ieee80211_sub_if_data *sdata)
+{
+}
+
+static void del_files(struct ieee80211_sub_if_data *sdata, int type)
+{
+       if (!sdata->debugfsdir)
+               return;
+
+       switch (type) {
+       case IEEE80211_IF_TYPE_STA:
+       case IEEE80211_IF_TYPE_IBSS:
+               del_sta_files(sdata);
+               break;
+       case IEEE80211_IF_TYPE_AP:
+               del_ap_files(sdata);
+               break;
+       case IEEE80211_IF_TYPE_WDS:
+               del_wds_files(sdata);
+               break;
+       case IEEE80211_IF_TYPE_MNTR:
+               del_monitor_files(sdata);
+               break;
+       case IEEE80211_IF_TYPE_VLAN:
+               del_vlan_files(sdata);
+               break;
+       default:
+               break;
+       }
+}
+
+static int notif_registered;
+
+void ieee80211_debugfs_add_netdev(struct ieee80211_sub_if_data *sdata)
+{
+       char buf[10+IFNAMSIZ];
+
+       if (!notif_registered)
+               return;
+
+       sprintf(buf, "netdev:%s", sdata->dev->name);
+       sdata->debugfsdir = debugfs_create_dir(buf,
+               sdata->local->hw.wiphy->debugfsdir);
+}
+
+void ieee80211_debugfs_remove_netdev(struct ieee80211_sub_if_data *sdata)
+{
+       del_files(sdata, sdata->type);
+       debugfs_remove(sdata->debugfsdir);
+       sdata->debugfsdir = NULL;
+}
+
+void ieee80211_debugfs_change_if_type(struct ieee80211_sub_if_data *sdata,
+                                     int oldtype)
+{
+       del_files(sdata, oldtype);
+       add_files(sdata);
+}
+
+static int netdev_notify(struct notifier_block * nb,
+                        unsigned long state,
+                        void *ndev)
+{
+       struct net_device *dev = ndev;
+       struct dentry *dir;
+       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       char buf[10+IFNAMSIZ];
+
+       if (state != NETDEV_CHANGENAME)
+               return 0;
+
+       if (!dev->ieee80211_ptr || !dev->ieee80211_ptr->wiphy)
+               return 0;
+
+       if (dev->ieee80211_ptr->wiphy->privid != mac80211_wiphy_privid)
+               return 0;
+
+       sprintf(buf, "netdev:%s", dev->name);
+       dir = sdata->debugfsdir;
+       if (!debugfs_rename(dir->d_parent, dir, dir->d_parent, buf))
+               printk(KERN_ERR "mac80211: debugfs: failed to rename debugfs "
+                      "dir to %s\n", buf);
+
+       return 0;
+}
+
+static struct notifier_block mac80211_debugfs_netdev_notifier = {
+       .notifier_call = netdev_notify,
+};
+
+void ieee80211_debugfs_netdev_init(void)
+{
+       int err;
+
+       err = register_netdevice_notifier(&mac80211_debugfs_netdev_notifier);
+       if (err) {
+               printk(KERN_ERR
+                      "mac80211: failed to install netdev notifier,"
+                      " disabling per-netdev debugfs!\n");
+       } else
+               notif_registered = 1;
+}
+
+void ieee80211_debugfs_netdev_exit(void)
+{
+       unregister_netdevice_notifier(&mac80211_debugfs_netdev_notifier);
+       notif_registered = 0;
+}
 
--- /dev/null
+/* routines exported for debugfs handling */
+
+#ifndef __IEEE80211_DEBUGFS_NETDEV_H
+#define __IEEE80211_DEBUGFS_NETDEV_H
+
+#ifdef CONFIG_MAC80211_DEBUGFS
+void ieee80211_debugfs_add_netdev(struct ieee80211_sub_if_data *sdata);
+void ieee80211_debugfs_remove_netdev(struct ieee80211_sub_if_data *sdata);
+void ieee80211_debugfs_change_if_type(struct ieee80211_sub_if_data *sdata,
+                                    int oldtype);
+void ieee80211_debugfs_netdev_init(void);
+void ieee80211_debugfs_netdev_exit(void);
+#else
+static inline void ieee80211_debugfs_add_netdev(
+       struct ieee80211_sub_if_data *sdata)
+{}
+static inline void ieee80211_debugfs_remove_netdev(
+       struct ieee80211_sub_if_data *sdata)
+{}
+static inline void ieee80211_debugfs_change_if_type(
+       struct ieee80211_sub_if_data *sdata, int oldtype)
+{}
+static inline void ieee80211_debugfs_netdev_init(void)
+{}
+
+static inline void ieee80211_debugfs_netdev_exit(void)
+{}
+#endif
+
+#endif /* __IEEE80211_DEBUGFS_NETDEV_H */
 
--- /dev/null
+/*
+ * Copyright 2003-2005 Devicescape Software, Inc.
+ * Copyright (c) 2006  Jiri Benc <jbenc@suse.cz>
+ * Copyright 2007      Johannes Berg <johannes@sipsolutions.net>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#include <linux/debugfs.h>
+#include <linux/ieee80211.h>
+#include "ieee80211_i.h"
+#include "debugfs.h"
+#include "debugfs_sta.h"
+#include "sta_info.h"
+
+/* sta attributtes */
+
+#define STA_READ(name, buflen, field, format_string)                   \
+static ssize_t sta_ ##name## _read(struct file *file,                  \
+                                  char __user *userbuf,                \
+                                  size_t count, loff_t *ppos)          \
+{                                                                      \
+       int res;                                                        \
+       struct sta_info *sta = file->private_data;                      \
+       char buf[buflen];                                               \
+       res = scnprintf(buf, buflen, format_string, sta->field);        \
+       return simple_read_from_buffer(userbuf, count, ppos, buf, res); \
+}
+#define STA_READ_D(name, field) STA_READ(name, 20, field, "%d\n")
+#define STA_READ_U(name, field) STA_READ(name, 20, field, "%u\n")
+#define STA_READ_LU(name, field) STA_READ(name, 20, field, "%lu\n")
+#define STA_READ_S(name, field) STA_READ(name, 20, field, "%s\n")
+
+#define STA_READ_RATE(name, field)                                     \
+static ssize_t sta_##name##_read(struct file *file,                    \
+                                char __user *userbuf,                  \
+                                size_t count, loff_t *ppos)            \
+{                                                                      \
+       struct sta_info *sta = file->private_data;                      \
+       struct ieee80211_local *local = wdev_priv(sta->dev->ieee80211_ptr);\
+       struct ieee80211_hw_mode *mode = local->oper_hw_mode;           \
+       char buf[20];                                                   \
+       int res = scnprintf(buf, sizeof(buf), "%d\n",                   \
+                           (sta->field >= 0 &&                         \
+                           sta->field < mode->num_rates) ?             \
+                           mode->rates[sta->field].rate : -1);         \
+       return simple_read_from_buffer(userbuf, count, ppos, buf, res); \
+}
+
+#define STA_OPS(name)                                                  \
+static const struct file_operations sta_ ##name## _ops = {             \
+       .read = sta_##name##_read,                                      \
+       .open = mac80211_open_file_generic,                             \
+}
+
+#define STA_FILE(name, field, format)                                  \
+               STA_READ_##format(name, field)                          \
+               STA_OPS(name)
+
+STA_FILE(aid, aid, D);
+STA_FILE(dev, dev->name, S);
+STA_FILE(rx_packets, rx_packets, LU);
+STA_FILE(tx_packets, tx_packets, LU);
+STA_FILE(rx_bytes, rx_bytes, LU);
+STA_FILE(tx_bytes, tx_bytes, LU);
+STA_FILE(rx_duplicates, num_duplicates, LU);
+STA_FILE(rx_fragments, rx_fragments, LU);
+STA_FILE(rx_dropped, rx_dropped, LU);
+STA_FILE(tx_fragments, tx_fragments, LU);
+STA_FILE(tx_filtered, tx_filtered_count, LU);
+STA_FILE(txrate, txrate, RATE);
+STA_FILE(last_txrate, last_txrate, RATE);
+STA_FILE(tx_retry_failed, tx_retry_failed, LU);
+STA_FILE(tx_retry_count, tx_retry_count, LU);
+STA_FILE(last_rssi, last_rssi, D);
+STA_FILE(last_signal, last_signal, D);
+STA_FILE(last_noise, last_noise, D);
+STA_FILE(channel_use, channel_use, D);
+STA_FILE(wep_weak_iv_count, wep_weak_iv_count, D);
+
+static ssize_t sta_flags_read(struct file *file, char __user *userbuf,
+                             size_t count, loff_t *ppos)
+{
+       char buf[100];
+       struct sta_info *sta = file->private_data;
+       int res = scnprintf(buf, sizeof(buf), "%s%s%s%s%s%s%s%s%s",
+               sta->flags & WLAN_STA_AUTH ? "AUTH\n" : "",
+               sta->flags & WLAN_STA_ASSOC ? "ASSOC\n" : "",
+               sta->flags & WLAN_STA_PS ? "PS\n" : "",
+               sta->flags & WLAN_STA_TIM ? "TIM\n" : "",
+               sta->flags & WLAN_STA_PERM ? "PERM\n" : "",
+               sta->flags & WLAN_STA_AUTHORIZED ? "AUTHORIZED\n" : "",
+               sta->flags & WLAN_STA_SHORT_PREAMBLE ? "SHORT PREAMBLE\n" : "",
+               sta->flags & WLAN_STA_WME ? "WME\n" : "",
+               sta->flags & WLAN_STA_WDS ? "WDS\n" : "");
+       return simple_read_from_buffer(userbuf, count, ppos, buf, res);
+}
+STA_OPS(flags);
+
+static ssize_t sta_num_ps_buf_frames_read(struct file *file,
+                                         char __user *userbuf,
+                                         size_t count, loff_t *ppos)
+{
+       char buf[20];
+       struct sta_info *sta = file->private_data;
+       int res = scnprintf(buf, sizeof(buf), "%u\n",
+                           skb_queue_len(&sta->ps_tx_buf));
+       return simple_read_from_buffer(userbuf, count, ppos, buf, res);
+}
+STA_OPS(num_ps_buf_frames);
+
+static ssize_t sta_last_ack_rssi_read(struct file *file, char __user *userbuf,
+                                     size_t count, loff_t *ppos)
+{
+       char buf[100];
+       struct sta_info *sta = file->private_data;
+       int res = scnprintf(buf, sizeof(buf), "%d %d %d\n",
+                           sta->last_ack_rssi[0],
+                           sta->last_ack_rssi[1],
+                           sta->last_ack_rssi[2]);
+       return simple_read_from_buffer(userbuf, count, ppos, buf, res);
+}
+STA_OPS(last_ack_rssi);
+
+static ssize_t sta_last_ack_ms_read(struct file *file, char __user *userbuf,
+                                   size_t count, loff_t *ppos)
+{
+       char buf[20];
+       struct sta_info *sta = file->private_data;
+       int res = scnprintf(buf, sizeof(buf), "%d\n",
+                           sta->last_ack ?
+                           jiffies_to_msecs(jiffies - sta->last_ack) : -1);
+       return simple_read_from_buffer(userbuf, count, ppos, buf, res);
+}
+STA_OPS(last_ack_ms);
+
+static ssize_t sta_inactive_ms_read(struct file *file, char __user *userbuf,
+                                   size_t count, loff_t *ppos)
+{
+       char buf[20];
+       struct sta_info *sta = file->private_data;
+       int res = scnprintf(buf, sizeof(buf), "%d\n",
+                           jiffies_to_msecs(jiffies - sta->last_rx));
+       return simple_read_from_buffer(userbuf, count, ppos, buf, res);
+}
+STA_OPS(inactive_ms);
+
+static ssize_t sta_last_seq_ctrl_read(struct file *file, char __user *userbuf,
+                                     size_t count, loff_t *ppos)
+{
+       char buf[15*NUM_RX_DATA_QUEUES], *p = buf;
+       int i;
+       struct sta_info *sta = file->private_data;
+       for (i = 0; i < NUM_RX_DATA_QUEUES; i++)
+               p += scnprintf(p, sizeof(buf)+buf-p, "%x ",
+                              le16_to_cpu(sta->last_seq_ctrl[i]));
+       p += scnprintf(p, sizeof(buf)+buf-p, "\n");
+       return simple_read_from_buffer(userbuf, count, ppos, buf, p - buf);
+}
+STA_OPS(last_seq_ctrl);
+
+#ifdef CONFIG_MAC80211_DEBUG_COUNTERS
+static ssize_t sta_wme_rx_queue_read(struct file *file, char __user *userbuf,
+                                    size_t count, loff_t *ppos)
+{
+       char buf[15*NUM_RX_DATA_QUEUES], *p = buf;
+       int i;
+       struct sta_info *sta = file->private_data;
+       for (i = 0; i < NUM_RX_DATA_QUEUES; i++)
+               p += scnprintf(p, sizeof(buf)+buf-p, "%u ",
+                              sta->wme_rx_queue[i]);
+       p += scnprintf(p, sizeof(buf)+buf-p, "\n");
+       return simple_read_from_buffer(userbuf, count, ppos, buf, p - buf);
+}
+STA_OPS(wme_rx_queue);
+
+static ssize_t sta_wme_tx_queue_read(struct file *file, char __user *userbuf,
+                                    size_t count, loff_t *ppos)
+{
+       char buf[15*NUM_TX_DATA_QUEUES], *p = buf;
+       int i;
+       struct sta_info *sta = file->private_data;
+       for (i = 0; i < NUM_TX_DATA_QUEUES; i++)
+               p += scnprintf(p, sizeof(buf)+buf-p, "%u ",
+                              sta->wme_tx_queue[i]);
+       p += scnprintf(p, sizeof(buf)+buf-p, "\n");
+       return simple_read_from_buffer(userbuf, count, ppos, buf, p - buf);
+}
+STA_OPS(wme_tx_queue);
+#endif
+
+#define DEBUGFS_ADD(name) \
+       sta->debugfs.name = debugfs_create_file(#name, 0444, \
+               sta->debugfs.dir, sta, &sta_ ##name## _ops);
+
+#define DEBUGFS_DEL(name) \
+       debugfs_remove(sta->debugfs.name);\
+       sta->debugfs.name = NULL;
+
+
+void ieee80211_sta_debugfs_add(struct sta_info *sta)
+{
+       char buf[3*6];
+       struct dentry *stations_dir = sta->local->debugfs.stations;
+
+       if (!stations_dir)
+               return;
+
+       sprintf(buf, MAC_FMT, MAC_ARG(sta->addr));
+
+       sta->debugfs.dir = debugfs_create_dir(buf, stations_dir);
+       if (!sta->debugfs.dir)
+               return;
+
+       DEBUGFS_ADD(flags);
+       DEBUGFS_ADD(num_ps_buf_frames);
+       DEBUGFS_ADD(last_ack_rssi);
+       DEBUGFS_ADD(last_ack_ms);
+       DEBUGFS_ADD(inactive_ms);
+       DEBUGFS_ADD(last_seq_ctrl);
+#ifdef CONFIG_MAC80211_DEBUG_COUNTERS
+       DEBUGFS_ADD(wme_rx_queue);
+       DEBUGFS_ADD(wme_tx_queue);
+#endif
+}
+
+void ieee80211_sta_debugfs_remove(struct sta_info *sta)
+{
+       DEBUGFS_DEL(flags);
+       DEBUGFS_DEL(num_ps_buf_frames);
+       DEBUGFS_DEL(last_ack_rssi);
+       DEBUGFS_DEL(last_ack_ms);
+       DEBUGFS_DEL(inactive_ms);
+       DEBUGFS_DEL(last_seq_ctrl);
+#ifdef CONFIG_MAC80211_DEBUG_COUNTERS
+       DEBUGFS_DEL(wme_rx_queue);
+       DEBUGFS_DEL(wme_tx_queue);
+#endif
+
+       debugfs_remove(sta->debugfs.dir);
+       sta->debugfs.dir = NULL;
+}
 
--- /dev/null
+#ifndef __MAC80211_DEBUGFS_STA_H
+#define __MAC80211_DEBUGFS_STA_H
+
+#ifdef CONFIG_MAC80211_DEBUGFS
+void ieee80211_sta_debugfs_add(struct sta_info *sta);
+void ieee80211_sta_debugfs_remove(struct sta_info *sta);
+#else
+static inline void ieee80211_sta_debugfs_add(struct sta_info *sta) {}
+static inline void ieee80211_sta_debugfs_remove(struct sta_info *sta) {}
+#endif
+
+#endif /* __MAC80211_DEBUGFS_STA_H */
 
--- /dev/null
+/*
+ * Copyright 2007      Johannes Berg <johannes@sipsolutions.net>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * mac80211 - events
+ */
+
+#include <linux/netdevice.h>
+#include <net/iw_handler.h>
+#include "ieee80211_i.h"
+
+/*
+ * indicate a failed Michael MIC to userspace; the passed packet
+ * (in the variable hdr) must be long enough to extract the TKIP
+ * fields like TSC
+ */
+void mac80211_ev_michael_mic_failure(struct net_device *dev, int keyidx,
+                                    struct ieee80211_hdr *hdr)
+{
+       union iwreq_data wrqu;
+       char *buf = kmalloc(128, GFP_ATOMIC);
+
+       if (buf) {
+               /* TODO: needed parameters: count, key type, TSC */
+               sprintf(buf, "MLME-MICHAELMICFAILURE.indication("
+                       "keyid=%d %scast addr=" MAC_FMT ")",
+                       keyidx, hdr->addr1[0] & 0x01 ? "broad" : "uni",
+                       MAC_ARG(hdr->addr2));
+               memset(&wrqu, 0, sizeof(wrqu));
+               wrqu.data.length = strlen(buf);
+               wireless_send_event(dev, IWEVCUSTOM, &wrqu, buf);
+               kfree(buf);
+       }
+
+       /*
+        * TODO: re-add support for sending MIC failure indication
+        * with all info via nl80211
+        */
+}
 
--- /dev/null
+/*
+ * Copyright 2002-2005, Instant802 Networks, Inc.
+ * Copyright 2005-2006, Devicescape Software, Inc.
+ * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#include <net/mac80211.h>
+#include <net/ieee80211_radiotap.h>
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/netdevice.h>
+#include <linux/types.h>
+#include <linux/slab.h>
+#include <linux/skbuff.h>
+#include <linux/etherdevice.h>
+#include <linux/if_arp.h>
+#include <linux/wireless.h>
+#include <linux/rtnetlink.h>
+#include <linux/bitmap.h>
+#include <net/cfg80211.h>
+
+#include "ieee80211_i.h"
+#include "ieee80211_rate.h"
+#include "wep.h"
+#include "wme.h"
+#include "aes_ccm.h"
+#include "ieee80211_led.h"
+#include "cfg.h"
+#include "debugfs.h"
+#include "debugfs_netdev.h"
+
+/*
+ * For seeing transmitted packets on monitor interfaces
+ * we have a radiotap header too.
+ */
+struct ieee80211_tx_status_rtap_hdr {
+       struct ieee80211_radiotap_header hdr;
+       __le16 tx_flags;
+       u8 data_retries;
+} __attribute__ ((packed));
+
+/* common interface routines */
+
+static int header_parse_80211(struct sk_buff *skb, unsigned char *haddr)
+{
+       memcpy(haddr, skb_mac_header(skb) + 10, ETH_ALEN); /* addr2 */
+       return ETH_ALEN;
+}
+
+/* must be called under mdev tx lock */
+static void ieee80211_configure_filter(struct ieee80211_local *local)
+{
+       unsigned int changed_flags;
+       unsigned int new_flags = 0;
+
+       if (atomic_read(&local->iff_promiscs))
+               new_flags |= FIF_PROMISC_IN_BSS;
+
+       if (atomic_read(&local->iff_allmultis))
+               new_flags |= FIF_ALLMULTI;
+
+       if (local->monitors)
+               new_flags |= FIF_CONTROL |
+                            FIF_OTHER_BSS |
+                            FIF_BCN_PRBRESP_PROMISC;
+
+       changed_flags = local->filter_flags ^ new_flags;
+
+       /* be a bit nasty */
+       new_flags |= (1<<31);
+
+       local->ops->configure_filter(local_to_hw(local),
+                                    changed_flags, &new_flags,
+                                    local->mdev->mc_count,
+                                    local->mdev->mc_list);
+
+       WARN_ON(new_flags & (1<<31));
+
+       local->filter_flags = new_flags & ~(1<<31);
+}
+
+/* master interface */
+
+static int ieee80211_master_open(struct net_device *dev)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_sub_if_data *sdata;
+       int res = -EOPNOTSUPP;
+
+       /* we hold the RTNL here so can safely walk the list */
+       list_for_each_entry(sdata, &local->interfaces, list) {
+               if (sdata->dev != dev && netif_running(sdata->dev)) {
+                       res = 0;
+                       break;
+               }
+       }
+       return res;
+}
+
+static int ieee80211_master_stop(struct net_device *dev)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_sub_if_data *sdata;
+
+       /* we hold the RTNL here so can safely walk the list */
+       list_for_each_entry(sdata, &local->interfaces, list)
+               if (sdata->dev != dev && netif_running(sdata->dev))
+                       dev_close(sdata->dev);
+
+       return 0;
+}
+
+static void ieee80211_master_set_multicast_list(struct net_device *dev)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+
+       ieee80211_configure_filter(local);
+}
+
+/* regular interfaces */
+
+static int ieee80211_change_mtu(struct net_device *dev, int new_mtu)
+{
+       /* FIX: what would be proper limits for MTU?
+        * This interface uses 802.3 frames. */
+       if (new_mtu < 256 || new_mtu > IEEE80211_MAX_DATA_LEN - 24 - 6) {
+               printk(KERN_WARNING "%s: invalid MTU %d\n",
+                      dev->name, new_mtu);
+               return -EINVAL;
+       }
+
+#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
+       printk(KERN_DEBUG "%s: setting MTU %d\n", dev->name, new_mtu);
+#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
+       dev->mtu = new_mtu;
+       return 0;
+}
+
+static inline int identical_mac_addr_allowed(int type1, int type2)
+{
+       return (type1 == IEEE80211_IF_TYPE_MNTR ||
+               type2 == IEEE80211_IF_TYPE_MNTR ||
+               (type1 == IEEE80211_IF_TYPE_AP &&
+                type2 == IEEE80211_IF_TYPE_WDS) ||
+               (type1 == IEEE80211_IF_TYPE_WDS &&
+                (type2 == IEEE80211_IF_TYPE_WDS ||
+                 type2 == IEEE80211_IF_TYPE_AP)) ||
+               (type1 == IEEE80211_IF_TYPE_AP &&
+                type2 == IEEE80211_IF_TYPE_VLAN) ||
+               (type1 == IEEE80211_IF_TYPE_VLAN &&
+                (type2 == IEEE80211_IF_TYPE_AP ||
+                 type2 == IEEE80211_IF_TYPE_VLAN)));
+}
+
+static int ieee80211_open(struct net_device *dev)
+{
+       struct ieee80211_sub_if_data *sdata, *nsdata;
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_if_init_conf conf;
+       int res;
+
+       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+
+       /* we hold the RTNL here so can safely walk the list */
+       list_for_each_entry(nsdata, &local->interfaces, list) {
+               struct net_device *ndev = nsdata->dev;
+
+               if (ndev != dev && ndev != local->mdev && netif_running(ndev) &&
+                   compare_ether_addr(dev->dev_addr, ndev->dev_addr) == 0) {
+                       /*
+                        * check whether it may have the same address
+                        */
+                       if (!identical_mac_addr_allowed(sdata->type,
+                                                       nsdata->type))
+                               return -ENOTUNIQ;
+
+                       /*
+                        * can only add VLANs to enabled APs
+                        */
+                       if (sdata->type == IEEE80211_IF_TYPE_VLAN &&
+                           nsdata->type == IEEE80211_IF_TYPE_AP &&
+                           netif_running(nsdata->dev))
+                               sdata->u.vlan.ap = nsdata;
+               }
+       }
+
+       switch (sdata->type) {
+       case IEEE80211_IF_TYPE_WDS:
+               if (is_zero_ether_addr(sdata->u.wds.remote_addr))
+                       return -ENOLINK;
+               break;
+       case IEEE80211_IF_TYPE_VLAN:
+               if (!sdata->u.vlan.ap)
+                       return -ENOLINK;
+               break;
+       case IEEE80211_IF_TYPE_AP:
+       case IEEE80211_IF_TYPE_STA:
+       case IEEE80211_IF_TYPE_MNTR:
+       case IEEE80211_IF_TYPE_IBSS:
+               /* no special treatment */
+               break;
+       case IEEE80211_IF_TYPE_INVALID:
+               /* cannot happen */
+               WARN_ON(1);
+               break;
+       }
+
+       if (local->open_count == 0) {
+               res = 0;
+               if (local->ops->start)
+                       res = local->ops->start(local_to_hw(local));
+               if (res)
+                       return res;
+       }
+
+       switch (sdata->type) {
+       case IEEE80211_IF_TYPE_VLAN:
+               list_add(&sdata->u.vlan.list, &sdata->u.vlan.ap->u.ap.vlans);
+               /* no need to tell driver */
+               break;
+       case IEEE80211_IF_TYPE_MNTR:
+               /* must be before the call to ieee80211_configure_filter */
+               local->monitors++;
+               if (local->monitors == 1) {
+                       netif_tx_lock_bh(local->mdev);
+                       ieee80211_configure_filter(local);
+                       netif_tx_unlock_bh(local->mdev);
+
+                       local->hw.conf.flags |= IEEE80211_CONF_RADIOTAP;
+                       ieee80211_hw_config(local);
+               }
+               break;
+       case IEEE80211_IF_TYPE_STA:
+       case IEEE80211_IF_TYPE_IBSS:
+               sdata->u.sta.flags &= ~IEEE80211_STA_PREV_BSSID_SET;
+               /* fall through */
+       default:
+               conf.if_id = dev->ifindex;
+               conf.type = sdata->type;
+               conf.mac_addr = dev->dev_addr;
+               res = local->ops->add_interface(local_to_hw(local), &conf);
+               if (res && !local->open_count && local->ops->stop)
+                       local->ops->stop(local_to_hw(local));
+               if (res)
+                       return res;
+
+               ieee80211_if_config(dev);
+               ieee80211_reset_erp_info(dev);
+               ieee80211_enable_keys(sdata);
+
+               if (sdata->type == IEEE80211_IF_TYPE_STA &&
+                   !(sdata->flags & IEEE80211_SDATA_USERSPACE_MLME))
+                       netif_carrier_off(dev);
+               else
+                       netif_carrier_on(dev);
+       }
+
+       if (local->open_count == 0) {
+               res = dev_open(local->mdev);
+               WARN_ON(res);
+               tasklet_enable(&local->tx_pending_tasklet);
+               tasklet_enable(&local->tasklet);
+       }
+
+       local->open_count++;
+
+       netif_start_queue(dev);
+
+       return 0;
+}
+
+static int ieee80211_stop(struct net_device *dev)
+{
+       struct ieee80211_sub_if_data *sdata;
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_if_init_conf conf;
+
+       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+
+       netif_stop_queue(dev);
+
+       dev_mc_unsync(local->mdev, dev);
+
+       /* down all dependent devices, that is VLANs */
+       if (sdata->type == IEEE80211_IF_TYPE_AP) {
+               struct ieee80211_sub_if_data *vlan, *tmp;
+
+               list_for_each_entry_safe(vlan, tmp, &sdata->u.ap.vlans,
+                                        u.vlan.list)
+                       dev_close(vlan->dev);
+               WARN_ON(!list_empty(&sdata->u.ap.vlans));
+       }
+
+       local->open_count--;
+
+       switch (sdata->type) {
+       case IEEE80211_IF_TYPE_VLAN:
+               list_del(&sdata->u.vlan.list);
+               sdata->u.vlan.ap = NULL;
+               /* no need to tell driver */
+               break;
+       case IEEE80211_IF_TYPE_MNTR:
+               local->monitors--;
+               if (local->monitors == 0) {
+                       netif_tx_lock_bh(local->mdev);
+                       ieee80211_configure_filter(local);
+                       netif_tx_unlock_bh(local->mdev);
+
+                       local->hw.conf.flags |= IEEE80211_CONF_RADIOTAP;
+                       ieee80211_hw_config(local);
+               }
+               break;
+       case IEEE80211_IF_TYPE_STA:
+       case IEEE80211_IF_TYPE_IBSS:
+               sdata->u.sta.state = IEEE80211_DISABLED;
+               del_timer_sync(&sdata->u.sta.timer);
+               /*
+                * When we get here, the interface is marked down.
+                * Call synchronize_rcu() to wait for the RX path
+                * should it be using the interface and enqueuing
+                * frames at this very time on another CPU.
+                */
+               synchronize_rcu();
+               skb_queue_purge(&sdata->u.sta.skb_queue);
+
+               if (!local->ops->hw_scan &&
+                   local->scan_dev == sdata->dev) {
+                       local->sta_scanning = 0;
+                       cancel_delayed_work(&local->scan_work);
+               }
+               flush_workqueue(local->hw.workqueue);
+               /* fall through */
+       default:
+               conf.if_id = dev->ifindex;
+               conf.type = sdata->type;
+               conf.mac_addr = dev->dev_addr;
+               /* disable all keys for as long as this netdev is down */
+               ieee80211_disable_keys(sdata);
+               local->ops->remove_interface(local_to_hw(local), &conf);
+       }
+
+       if (local->open_count == 0) {
+               if (netif_running(local->mdev))
+                       dev_close(local->mdev);
+
+               if (local->ops->stop)
+                       local->ops->stop(local_to_hw(local));
+
+               tasklet_disable(&local->tx_pending_tasklet);
+               tasklet_disable(&local->tasklet);
+       }
+
+       return 0;
+}
+
+static void ieee80211_set_multicast_list(struct net_device *dev)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       int allmulti, promisc, sdata_allmulti, sdata_promisc;
+
+       allmulti = !!(dev->flags & IFF_ALLMULTI);
+       promisc = !!(dev->flags & IFF_PROMISC);
+       sdata_allmulti = sdata->flags & IEEE80211_SDATA_ALLMULTI;
+       sdata_promisc = sdata->flags & IEEE80211_SDATA_PROMISC;
+
+       if (allmulti != sdata_allmulti) {
+               if (dev->flags & IFF_ALLMULTI)
+                       atomic_inc(&local->iff_allmultis);
+               else
+                       atomic_dec(&local->iff_allmultis);
+               sdata->flags ^= IEEE80211_SDATA_ALLMULTI;
+       }
+
+       if (promisc != sdata_promisc) {
+               if (dev->flags & IFF_PROMISC)
+                       atomic_inc(&local->iff_promiscs);
+               else
+                       atomic_dec(&local->iff_promiscs);
+               sdata->flags ^= IEEE80211_SDATA_PROMISC;
+       }
+
+       dev_mc_sync(local->mdev, dev);
+}
+
+/* Must not be called for mdev */
+void ieee80211_if_setup(struct net_device *dev)
+{
+       ether_setup(dev);
+       dev->hard_start_xmit = ieee80211_subif_start_xmit;
+       dev->wireless_handlers = &ieee80211_iw_handler_def;
+       dev->set_multicast_list = ieee80211_set_multicast_list;
+       dev->change_mtu = ieee80211_change_mtu;
+       dev->open = ieee80211_open;
+       dev->stop = ieee80211_stop;
+       dev->destructor = ieee80211_if_free;
+}
+
+/* WDS specialties */
+
+int ieee80211_if_update_wds(struct net_device *dev, u8 *remote_addr)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       struct sta_info *sta;
+
+       if (compare_ether_addr(remote_addr, sdata->u.wds.remote_addr) == 0)
+               return 0;
+
+       /* Create STA entry for the new peer */
+       sta = sta_info_add(local, dev, remote_addr, GFP_KERNEL);
+       if (!sta)
+               return -ENOMEM;
+       sta_info_put(sta);
+
+       /* Remove STA entry for the old peer */
+       sta = sta_info_get(local, sdata->u.wds.remote_addr);
+       if (sta) {
+               sta_info_free(sta);
+               sta_info_put(sta);
+       } else {
+               printk(KERN_DEBUG "%s: could not find STA entry for WDS link "
+                      "peer " MAC_FMT "\n",
+                      dev->name, MAC_ARG(sdata->u.wds.remote_addr));
+       }
+
+       /* Update WDS link data */
+       memcpy(&sdata->u.wds.remote_addr, remote_addr, ETH_ALEN);
+
+       return 0;
+}
+
+/* everything else */
+
+static int __ieee80211_if_config(struct net_device *dev,
+                                struct sk_buff *beacon,
+                                struct ieee80211_tx_control *control)
+{
+       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_if_conf conf;
+
+       if (!local->ops->config_interface || !netif_running(dev))
+               return 0;
+
+       memset(&conf, 0, sizeof(conf));
+       conf.type = sdata->type;
+       if (sdata->type == IEEE80211_IF_TYPE_STA ||
+           sdata->type == IEEE80211_IF_TYPE_IBSS) {
+               conf.bssid = sdata->u.sta.bssid;
+               conf.ssid = sdata->u.sta.ssid;
+               conf.ssid_len = sdata->u.sta.ssid_len;
+       } else if (sdata->type == IEEE80211_IF_TYPE_AP) {
+               conf.ssid = sdata->u.ap.ssid;
+               conf.ssid_len = sdata->u.ap.ssid_len;
+               conf.beacon = beacon;
+               conf.beacon_control = control;
+       }
+       return local->ops->config_interface(local_to_hw(local),
+                                          dev->ifindex, &conf);
+}
+
+int ieee80211_if_config(struct net_device *dev)
+{
+       return __ieee80211_if_config(dev, NULL, NULL);
+}
+
+int ieee80211_if_config_beacon(struct net_device *dev)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_tx_control control;
+       struct sk_buff *skb;
+
+       if (!(local->hw.flags & IEEE80211_HW_HOST_GEN_BEACON_TEMPLATE))
+               return 0;
+       skb = ieee80211_beacon_get(local_to_hw(local), dev->ifindex, &control);
+       if (!skb)
+               return -ENOMEM;
+       return __ieee80211_if_config(dev, skb, &control);
+}
+
+int ieee80211_hw_config(struct ieee80211_local *local)
+{
+       struct ieee80211_hw_mode *mode;
+       struct ieee80211_channel *chan;
+       int ret = 0;
+
+       if (local->sta_scanning) {
+               chan = local->scan_channel;
+               mode = local->scan_hw_mode;
+       } else {
+               chan = local->oper_channel;
+               mode = local->oper_hw_mode;
+       }
+
+       local->hw.conf.channel = chan->chan;
+       local->hw.conf.channel_val = chan->val;
+       if (!local->hw.conf.power_level) {
+               local->hw.conf.power_level = chan->power_level;
+       } else {
+               local->hw.conf.power_level = min(chan->power_level,
+                                                local->hw.conf.power_level);
+       }
+       local->hw.conf.freq = chan->freq;
+       local->hw.conf.phymode = mode->mode;
+       local->hw.conf.antenna_max = chan->antenna_max;
+       local->hw.conf.chan = chan;
+       local->hw.conf.mode = mode;
+
+#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
+       printk(KERN_DEBUG "HW CONFIG: channel=%d freq=%d "
+              "phymode=%d\n", local->hw.conf.channel, local->hw.conf.freq,
+              local->hw.conf.phymode);
+#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
+
+       if (local->open_count)
+               ret = local->ops->config(local_to_hw(local), &local->hw.conf);
+
+       return ret;
+}
+
+void ieee80211_erp_info_change_notify(struct net_device *dev, u8 changes)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       if (local->ops->erp_ie_changed)
+               local->ops->erp_ie_changed(local_to_hw(local), changes,
+                       !!(sdata->flags & IEEE80211_SDATA_USE_PROTECTION),
+                       !(sdata->flags & IEEE80211_SDATA_SHORT_PREAMBLE));
+}
+
+void ieee80211_reset_erp_info(struct net_device *dev)
+{
+       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+
+       sdata->flags &= ~(IEEE80211_SDATA_USE_PROTECTION |
+                       IEEE80211_SDATA_SHORT_PREAMBLE);
+       ieee80211_erp_info_change_notify(dev,
+                                        IEEE80211_ERP_CHANGE_PROTECTION |
+                                        IEEE80211_ERP_CHANGE_PREAMBLE);
+}
+
+void ieee80211_tx_status_irqsafe(struct ieee80211_hw *hw,
+                                struct sk_buff *skb,
+                                struct ieee80211_tx_status *status)
+{
+       struct ieee80211_local *local = hw_to_local(hw);
+       struct ieee80211_tx_status *saved;
+       int tmp;
+
+       skb->dev = local->mdev;
+       saved = kmalloc(sizeof(struct ieee80211_tx_status), GFP_ATOMIC);
+       if (unlikely(!saved)) {
+               if (net_ratelimit())
+                       printk(KERN_WARNING "%s: Not enough memory, "
+                              "dropping tx status", skb->dev->name);
+               /* should be dev_kfree_skb_irq, but due to this function being
+                * named _irqsafe instead of just _irq we can't be sure that
+                * people won't call it from non-irq contexts */
+               dev_kfree_skb_any(skb);
+               return;
+       }
+       memcpy(saved, status, sizeof(struct ieee80211_tx_status));
+       /* copy pointer to saved status into skb->cb for use by tasklet */
+       memcpy(skb->cb, &saved, sizeof(saved));
+
+       skb->pkt_type = IEEE80211_TX_STATUS_MSG;
+       skb_queue_tail(status->control.flags & IEEE80211_TXCTL_REQ_TX_STATUS ?
+                      &local->skb_queue : &local->skb_queue_unreliable, skb);
+       tmp = skb_queue_len(&local->skb_queue) +
+               skb_queue_len(&local->skb_queue_unreliable);
+       while (tmp > IEEE80211_IRQSAFE_QUEUE_LIMIT &&
+              (skb = skb_dequeue(&local->skb_queue_unreliable))) {
+               memcpy(&saved, skb->cb, sizeof(saved));
+               kfree(saved);
+               dev_kfree_skb_irq(skb);
+               tmp--;
+               I802_DEBUG_INC(local->tx_status_drop);
+       }
+       tasklet_schedule(&local->tasklet);
+}
+EXPORT_SYMBOL(ieee80211_tx_status_irqsafe);
+
+static void ieee80211_tasklet_handler(unsigned long data)
+{
+       struct ieee80211_local *local = (struct ieee80211_local *) data;
+       struct sk_buff *skb;
+       struct ieee80211_rx_status rx_status;
+       struct ieee80211_tx_status *tx_status;
+
+       while ((skb = skb_dequeue(&local->skb_queue)) ||
+              (skb = skb_dequeue(&local->skb_queue_unreliable))) {
+               switch (skb->pkt_type) {
+               case IEEE80211_RX_MSG:
+                       /* status is in skb->cb */
+                       memcpy(&rx_status, skb->cb, sizeof(rx_status));
+                       /* Clear skb->type in order to not confuse kernel
+                        * netstack. */
+                       skb->pkt_type = 0;
+                       __ieee80211_rx(local_to_hw(local), skb, &rx_status);
+                       break;
+               case IEEE80211_TX_STATUS_MSG:
+                       /* get pointer to saved status out of skb->cb */
+                       memcpy(&tx_status, skb->cb, sizeof(tx_status));
+                       skb->pkt_type = 0;
+                       ieee80211_tx_status(local_to_hw(local),
+                                           skb, tx_status);
+                       kfree(tx_status);
+                       break;
+               default: /* should never get here! */
+                       printk(KERN_ERR "%s: Unknown message type (%d)\n",
+                              wiphy_name(local->hw.wiphy), skb->pkt_type);
+                       dev_kfree_skb(skb);
+                       break;
+               }
+       }
+}
+
+/* Remove added headers (e.g., QoS control), encryption header/MIC, etc. to
+ * make a prepared TX frame (one that has been given to hw) to look like brand
+ * new IEEE 802.11 frame that is ready to go through TX processing again.
+ * Also, tx_packet_data in cb is restored from tx_control. */
+static void ieee80211_remove_tx_extra(struct ieee80211_local *local,
+                                     struct ieee80211_key *key,
+                                     struct sk_buff *skb,
+                                     struct ieee80211_tx_control *control)
+{
+       int hdrlen, iv_len, mic_len;
+       struct ieee80211_tx_packet_data *pkt_data;
+
+       pkt_data = (struct ieee80211_tx_packet_data *)skb->cb;
+       pkt_data->ifindex = control->ifindex;
+       pkt_data->flags = 0;
+       if (control->flags & IEEE80211_TXCTL_REQ_TX_STATUS)
+               pkt_data->flags |= IEEE80211_TXPD_REQ_TX_STATUS;
+       if (control->flags & IEEE80211_TXCTL_DO_NOT_ENCRYPT)
+               pkt_data->flags |= IEEE80211_TXPD_DO_NOT_ENCRYPT;
+       if (control->flags & IEEE80211_TXCTL_REQUEUE)
+               pkt_data->flags |= IEEE80211_TXPD_REQUEUE;
+       pkt_data->queue = control->queue;
+
+       hdrlen = ieee80211_get_hdrlen_from_skb(skb);
+
+       if (!key)
+               goto no_key;
+
+       switch (key->conf.alg) {
+       case ALG_WEP:
+               iv_len = WEP_IV_LEN;
+               mic_len = WEP_ICV_LEN;
+               break;
+       case ALG_TKIP:
+               iv_len = TKIP_IV_LEN;
+               mic_len = TKIP_ICV_LEN;
+               break;
+       case ALG_CCMP:
+               iv_len = CCMP_HDR_LEN;
+               mic_len = CCMP_MIC_LEN;
+               break;
+       default:
+               goto no_key;
+       }
+
+       if (skb->len >= mic_len &&
+           !(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
+               skb_trim(skb, skb->len - mic_len);
+       if (skb->len >= iv_len && skb->len > hdrlen) {
+               memmove(skb->data + iv_len, skb->data, hdrlen);
+               skb_pull(skb, iv_len);
+       }
+
+no_key:
+       {
+               struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
+               u16 fc = le16_to_cpu(hdr->frame_control);
+               if ((fc & 0x8C) == 0x88) /* QoS Control Field */ {
+                       fc &= ~IEEE80211_STYPE_QOS_DATA;
+                       hdr->frame_control = cpu_to_le16(fc);
+                       memmove(skb->data + 2, skb->data, hdrlen - 2);
+                       skb_pull(skb, 2);
+               }
+       }
+}
+
+void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb,
+                        struct ieee80211_tx_status *status)
+{
+       struct sk_buff *skb2;
+       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
+       struct ieee80211_local *local = hw_to_local(hw);
+       u16 frag, type;
+       struct ieee80211_tx_status_rtap_hdr *rthdr;
+       struct ieee80211_sub_if_data *sdata;
+       int monitors;
+
+       if (!status) {
+               printk(KERN_ERR
+                      "%s: ieee80211_tx_status called with NULL status\n",
+                      wiphy_name(local->hw.wiphy));
+               dev_kfree_skb(skb);
+               return;
+       }
+
+       if (status->excessive_retries) {
+               struct sta_info *sta;
+               sta = sta_info_get(local, hdr->addr1);
+               if (sta) {
+                       if (sta->flags & WLAN_STA_PS) {
+                               /* The STA is in power save mode, so assume
+                                * that this TX packet failed because of that.
+                                */
+                               status->excessive_retries = 0;
+                               status->flags |= IEEE80211_TX_STATUS_TX_FILTERED;
+                       }
+                       sta_info_put(sta);
+               }
+       }
+
+       if (status->flags & IEEE80211_TX_STATUS_TX_FILTERED) {
+               struct sta_info *sta;
+               sta = sta_info_get(local, hdr->addr1);
+               if (sta) {
+                       sta->tx_filtered_count++;
+
+                       /* Clear the TX filter mask for this STA when sending
+                        * the next packet. If the STA went to power save mode,
+                        * this will happen when it is waking up for the next
+                        * time. */
+                       sta->clear_dst_mask = 1;
+
+                       /* TODO: Is the WLAN_STA_PS flag always set here or is
+                        * the race between RX and TX status causing some
+                        * packets to be filtered out before 80211.o gets an
+                        * update for PS status? This seems to be the case, so
+                        * no changes are likely to be needed. */
+                       if (sta->flags & WLAN_STA_PS &&
+                           skb_queue_len(&sta->tx_filtered) <
+                           STA_MAX_TX_BUFFER) {
+                               ieee80211_remove_tx_extra(local, sta->key,
+                                                         skb,
+                                                         &status->control);
+                               skb_queue_tail(&sta->tx_filtered, skb);
+                       } else if (!(sta->flags & WLAN_STA_PS) &&
+                                  !(status->control.flags & IEEE80211_TXCTL_REQUEUE)) {
+                               /* Software retry the packet once */
+                               status->control.flags |= IEEE80211_TXCTL_REQUEUE;
+                               ieee80211_remove_tx_extra(local, sta->key,
+                                                         skb,
+                                                         &status->control);
+                               dev_queue_xmit(skb);
+                       } else {
+                               if (net_ratelimit()) {
+                                       printk(KERN_DEBUG "%s: dropped TX "
+                                              "filtered frame queue_len=%d "
+                                              "PS=%d @%lu\n",
+                                              wiphy_name(local->hw.wiphy),
+                                              skb_queue_len(
+                                                      &sta->tx_filtered),
+                                              !!(sta->flags & WLAN_STA_PS),
+                                              jiffies);
+                               }
+                               dev_kfree_skb(skb);
+                       }
+                       sta_info_put(sta);
+                       return;
+               }
+       } else {
+               /* FIXME: STUPID to call this with both local and local->mdev */
+               rate_control_tx_status(local, local->mdev, skb, status);
+       }
+
+       ieee80211_led_tx(local, 0);
+
+       /* SNMP counters
+        * Fragments are passed to low-level drivers as separate skbs, so these
+        * are actually fragments, not frames. Update frame counters only for
+        * the first fragment of the frame. */
+
+       frag = le16_to_cpu(hdr->seq_ctrl) & IEEE80211_SCTL_FRAG;
+       type = le16_to_cpu(hdr->frame_control) & IEEE80211_FCTL_FTYPE;
+
+       if (status->flags & IEEE80211_TX_STATUS_ACK) {
+               if (frag == 0) {
+                       local->dot11TransmittedFrameCount++;
+                       if (is_multicast_ether_addr(hdr->addr1))
+                               local->dot11MulticastTransmittedFrameCount++;
+                       if (status->retry_count > 0)
+                               local->dot11RetryCount++;
+                       if (status->retry_count > 1)
+                               local->dot11MultipleRetryCount++;
+               }
+
+               /* This counter shall be incremented for an acknowledged MPDU
+                * with an individual address in the address 1 field or an MPDU
+                * with a multicast address in the address 1 field of type Data
+                * or Management. */
+               if (!is_multicast_ether_addr(hdr->addr1) ||
+                   type == IEEE80211_FTYPE_DATA ||
+                   type == IEEE80211_FTYPE_MGMT)
+                       local->dot11TransmittedFragmentCount++;
+       } else {
+               if (frag == 0)
+                       local->dot11FailedCount++;
+       }
+
+       /* this was a transmitted frame, but now we want to reuse it */
+       skb_orphan(skb);
+
+       if (!local->monitors) {
+               dev_kfree_skb(skb);
+               return;
+       }
+
+       /* send frame to monitor interfaces now */
+
+       if (skb_headroom(skb) < sizeof(*rthdr)) {
+               printk(KERN_ERR "ieee80211_tx_status: headroom too small\n");
+               dev_kfree_skb(skb);
+               return;
+       }
+
+       rthdr = (struct ieee80211_tx_status_rtap_hdr*)
+                               skb_push(skb, sizeof(*rthdr));
+
+       memset(rthdr, 0, sizeof(*rthdr));
+       rthdr->hdr.it_len = cpu_to_le16(sizeof(*rthdr));
+       rthdr->hdr.it_present =
+               cpu_to_le32((1 << IEEE80211_RADIOTAP_TX_FLAGS) |
+                           (1 << IEEE80211_RADIOTAP_DATA_RETRIES));
+
+       if (!(status->flags & IEEE80211_TX_STATUS_ACK) &&
+           !is_multicast_ether_addr(hdr->addr1))
+               rthdr->tx_flags |= cpu_to_le16(IEEE80211_RADIOTAP_F_TX_FAIL);
+
+       if ((status->control.flags & IEEE80211_TXCTL_USE_RTS_CTS) &&
+           (status->control.flags & IEEE80211_TXCTL_USE_CTS_PROTECT))
+               rthdr->tx_flags |= cpu_to_le16(IEEE80211_RADIOTAP_F_TX_CTS);
+       else if (status->control.flags & IEEE80211_TXCTL_USE_RTS_CTS)
+               rthdr->tx_flags |= cpu_to_le16(IEEE80211_RADIOTAP_F_TX_RTS);
+
+       rthdr->data_retries = status->retry_count;
+
+       rcu_read_lock();
+       monitors = local->monitors;
+       list_for_each_entry_rcu(sdata, &local->interfaces, list) {
+               /*
+                * Using the monitors counter is possibly racy, but
+                * if the value is wrong we simply either clone the skb
+                * once too much or forget sending it to one monitor iface
+                * The latter case isn't nice but fixing the race is much
+                * more complicated.
+                */
+               if (!monitors || !skb)
+                       goto out;
+
+               if (sdata->type == IEEE80211_IF_TYPE_MNTR) {
+                       if (!netif_running(sdata->dev))
+                               continue;
+                       monitors--;
+                       if (monitors)
+                               skb2 = skb_clone(skb, GFP_ATOMIC);
+                       else
+                               skb2 = NULL;
+                       skb->dev = sdata->dev;
+                       /* XXX: is this sufficient for BPF? */
+                       skb_set_mac_header(skb, 0);
+                       skb->ip_summed = CHECKSUM_UNNECESSARY;
+                       skb->pkt_type = PACKET_OTHERHOST;
+                       skb->protocol = htons(ETH_P_802_2);
+                       memset(skb->cb, 0, sizeof(skb->cb));
+                       netif_rx(skb);
+                       skb = skb2;
+               }
+       }
+ out:
+       rcu_read_unlock();
+       if (skb)
+               dev_kfree_skb(skb);
+}
+EXPORT_SYMBOL(ieee80211_tx_status);
+
+struct ieee80211_hw *ieee80211_alloc_hw(size_t priv_data_len,
+                                       const struct ieee80211_ops *ops)
+{
+       struct net_device *mdev;
+       struct ieee80211_local *local;
+       struct ieee80211_sub_if_data *sdata;
+       int priv_size;
+       struct wiphy *wiphy;
+
+       /* Ensure 32-byte alignment of our private data and hw private data.
+        * We use the wiphy priv data for both our ieee80211_local and for
+        * the driver's private data
+        *
+        * In memory it'll be like this:
+        *
+        * +-------------------------+
+        * | struct wiphy           |
+        * +-------------------------+
+        * | struct ieee80211_local  |
+        * +-------------------------+
+        * | driver's private data   |
+        * +-------------------------+
+        *
+        */
+       priv_size = ((sizeof(struct ieee80211_local) +
+                     NETDEV_ALIGN_CONST) & ~NETDEV_ALIGN_CONST) +
+                   priv_data_len;
+
+       wiphy = wiphy_new(&mac80211_config_ops, priv_size);
+
+       if (!wiphy)
+               return NULL;
+
+       wiphy->privid = mac80211_wiphy_privid;
+
+       local = wiphy_priv(wiphy);
+       local->hw.wiphy = wiphy;
+
+       local->hw.priv = (char *)local +
+                        ((sizeof(struct ieee80211_local) +
+                          NETDEV_ALIGN_CONST) & ~NETDEV_ALIGN_CONST);
+
+       BUG_ON(!ops->tx);
+       BUG_ON(!ops->start);
+       BUG_ON(!ops->stop);
+       BUG_ON(!ops->config);
+       BUG_ON(!ops->add_interface);
+       BUG_ON(!ops->remove_interface);
+       BUG_ON(!ops->configure_filter);
+       local->ops = ops;
+
+       /* for now, mdev needs sub_if_data :/ */
+       mdev = alloc_netdev(sizeof(struct ieee80211_sub_if_data),
+                           "wmaster%d", ether_setup);
+       if (!mdev) {
+               wiphy_free(wiphy);
+               return NULL;
+       }
+
+       sdata = IEEE80211_DEV_TO_SUB_IF(mdev);
+       mdev->ieee80211_ptr = &sdata->wdev;
+       sdata->wdev.wiphy = wiphy;
+
+       local->hw.queues = 1; /* default */
+
+       local->mdev = mdev;
+       local->rx_pre_handlers = ieee80211_rx_pre_handlers;
+       local->rx_handlers = ieee80211_rx_handlers;
+       local->tx_handlers = ieee80211_tx_handlers;
+
+       local->bridge_packets = 1;
+
+       local->rts_threshold = IEEE80211_MAX_RTS_THRESHOLD;
+       local->fragmentation_threshold = IEEE80211_MAX_FRAG_THRESHOLD;
+       local->short_retry_limit = 7;
+       local->long_retry_limit = 4;
+       local->hw.conf.radio_enabled = 1;
+
+       local->enabled_modes = ~0;
+
+       INIT_LIST_HEAD(&local->modes_list);
+
+       INIT_LIST_HEAD(&local->interfaces);
+
+       INIT_DELAYED_WORK(&local->scan_work, ieee80211_sta_scan_work);
+       ieee80211_rx_bss_list_init(mdev);
+
+       sta_info_init(local);
+
+       mdev->hard_start_xmit = ieee80211_master_start_xmit;
+       mdev->open = ieee80211_master_open;
+       mdev->stop = ieee80211_master_stop;
+       mdev->type = ARPHRD_IEEE80211;
+       mdev->hard_header_parse = header_parse_80211;
+       mdev->set_multicast_list = ieee80211_master_set_multicast_list;
+
+       sdata->type = IEEE80211_IF_TYPE_AP;
+       sdata->dev = mdev;
+       sdata->local = local;
+       sdata->u.ap.force_unicast_rateidx = -1;
+       sdata->u.ap.max_ratectrl_rateidx = -1;
+       ieee80211_if_sdata_init(sdata);
+       /* no RCU needed since we're still during init phase */
+       list_add_tail(&sdata->list, &local->interfaces);
+
+       tasklet_init(&local->tx_pending_tasklet, ieee80211_tx_pending,
+                    (unsigned long)local);
+       tasklet_disable(&local->tx_pending_tasklet);
+
+       tasklet_init(&local->tasklet,
+                    ieee80211_tasklet_handler,
+                    (unsigned long) local);
+       tasklet_disable(&local->tasklet);
+
+       skb_queue_head_init(&local->skb_queue);
+       skb_queue_head_init(&local->skb_queue_unreliable);
+
+       return local_to_hw(local);
+}
+EXPORT_SYMBOL(ieee80211_alloc_hw);
+
+int ieee80211_register_hw(struct ieee80211_hw *hw)
+{
+       struct ieee80211_local *local = hw_to_local(hw);
+       const char *name;
+       int result;
+
+       result = wiphy_register(local->hw.wiphy);
+       if (result < 0)
+               return result;
+
+       name = wiphy_dev(local->hw.wiphy)->driver->name;
+       local->hw.workqueue = create_singlethread_workqueue(name);
+       if (!local->hw.workqueue) {
+               result = -ENOMEM;
+               goto fail_workqueue;
+       }
+
+       /*
+        * The hardware needs headroom for sending the frame,
+        * and we need some headroom for passing the frame to monitor
+        * interfaces, but never both at the same time.
+        */
+       local->tx_headroom = max_t(unsigned int , local->hw.extra_tx_headroom,
+                                  sizeof(struct ieee80211_tx_status_rtap_hdr));
+
+       debugfs_hw_add(local);
+
+       local->hw.conf.beacon_int = 1000;
+
+       local->wstats_flags |= local->hw.max_rssi ?
+                              IW_QUAL_LEVEL_UPDATED : IW_QUAL_LEVEL_INVALID;
+       local->wstats_flags |= local->hw.max_signal ?
+                              IW_QUAL_QUAL_UPDATED : IW_QUAL_QUAL_INVALID;
+       local->wstats_flags |= local->hw.max_noise ?
+                              IW_QUAL_NOISE_UPDATED : IW_QUAL_NOISE_INVALID;
+       if (local->hw.max_rssi < 0 || local->hw.max_noise < 0)
+               local->wstats_flags |= IW_QUAL_DBM;
+
+       result = sta_info_start(local);
+       if (result < 0)
+               goto fail_sta_info;
+
+       rtnl_lock();
+       result = dev_alloc_name(local->mdev, local->mdev->name);
+       if (result < 0)
+               goto fail_dev;
+
+       memcpy(local->mdev->dev_addr, local->hw.wiphy->perm_addr, ETH_ALEN);
+       SET_NETDEV_DEV(local->mdev, wiphy_dev(local->hw.wiphy));
+
+       result = register_netdevice(local->mdev);
+       if (result < 0)
+               goto fail_dev;
+
+       ieee80211_debugfs_add_netdev(IEEE80211_DEV_TO_SUB_IF(local->mdev));
+       ieee80211_if_set_type(local->mdev, IEEE80211_IF_TYPE_AP);
+
+       result = ieee80211_init_rate_ctrl_alg(local, NULL);
+       if (result < 0) {
+               printk(KERN_DEBUG "%s: Failed to initialize rate control "
+                      "algorithm\n", wiphy_name(local->hw.wiphy));
+               goto fail_rate;
+       }
+
+       result = ieee80211_wep_init(local);
+
+       if (result < 0) {
+               printk(KERN_DEBUG "%s: Failed to initialize wep\n",
+                      wiphy_name(local->hw.wiphy));
+               goto fail_wep;
+       }
+
+       ieee80211_install_qdisc(local->mdev);
+
+       /* add one default STA interface */
+       result = ieee80211_if_add(local->mdev, "wlan%d", NULL,
+                                 IEEE80211_IF_TYPE_STA);
+       if (result)
+               printk(KERN_WARNING "%s: Failed to add default virtual iface\n",
+                      wiphy_name(local->hw.wiphy));
+
+       local->reg_state = IEEE80211_DEV_REGISTERED;
+       rtnl_unlock();
+
+       ieee80211_led_init(local);
+
+       return 0;
+
+fail_wep:
+       rate_control_deinitialize(local);
+fail_rate:
+       ieee80211_debugfs_remove_netdev(IEEE80211_DEV_TO_SUB_IF(local->mdev));
+       unregister_netdevice(local->mdev);
+fail_dev:
+       rtnl_unlock();
+       sta_info_stop(local);
+fail_sta_info:
+       debugfs_hw_del(local);
+       destroy_workqueue(local->hw.workqueue);
+fail_workqueue:
+       wiphy_unregister(local->hw.wiphy);
+       return result;
+}
+EXPORT_SYMBOL(ieee80211_register_hw);
+
+int ieee80211_register_hwmode(struct ieee80211_hw *hw,
+                             struct ieee80211_hw_mode *mode)
+{
+       struct ieee80211_local *local = hw_to_local(hw);
+       struct ieee80211_rate *rate;
+       int i;
+
+       INIT_LIST_HEAD(&mode->list);
+       list_add_tail(&mode->list, &local->modes_list);
+
+       local->hw_modes |= (1 << mode->mode);
+       for (i = 0; i < mode->num_rates; i++) {
+               rate = &(mode->rates[i]);
+               rate->rate_inv = CHAN_UTIL_RATE_LCM / rate->rate;
+       }
+       ieee80211_prepare_rates(local, mode);
+
+       if (!local->oper_hw_mode) {
+               /* Default to this mode */
+               local->hw.conf.phymode = mode->mode;
+               local->oper_hw_mode = local->scan_hw_mode = mode;
+               local->oper_channel = local->scan_channel = &mode->channels[0];
+               local->hw.conf.mode = local->oper_hw_mode;
+               local->hw.conf.chan = local->oper_channel;
+       }
+
+       if (!(hw->flags & IEEE80211_HW_DEFAULT_REG_DOMAIN_CONFIGURED))
+               ieee80211_set_default_regdomain(mode);
+
+       return 0;
+}
+EXPORT_SYMBOL(ieee80211_register_hwmode);
+
+void ieee80211_unregister_hw(struct ieee80211_hw *hw)
+{
+       struct ieee80211_local *local = hw_to_local(hw);
+       struct ieee80211_sub_if_data *sdata, *tmp;
+       int i;
+
+       tasklet_kill(&local->tx_pending_tasklet);
+       tasklet_kill(&local->tasklet);
+
+       rtnl_lock();
+
+       BUG_ON(local->reg_state != IEEE80211_DEV_REGISTERED);
+
+       local->reg_state = IEEE80211_DEV_UNREGISTERED;
+
+       /*
+        * At this point, interface list manipulations are fine
+        * because the driver cannot be handing us frames any
+        * more and the tasklet is killed.
+        */
+
+       /*
+        * First, we remove all non-master interfaces. Do this because they
+        * may have bss pointer dependency on the master, and when we free
+        * the master these would be freed as well, breaking our list
+        * iteration completely.
+        */
+       list_for_each_entry_safe(sdata, tmp, &local->interfaces, list) {
+               if (sdata->dev == local->mdev)
+                       continue;
+               list_del(&sdata->list);
+               __ieee80211_if_del(local, sdata);
+       }
+
+       /* then, finally, remove the master interface */
+       __ieee80211_if_del(local, IEEE80211_DEV_TO_SUB_IF(local->mdev));
+
+       rtnl_unlock();
+
+       ieee80211_rx_bss_list_deinit(local->mdev);
+       ieee80211_clear_tx_pending(local);
+       sta_info_stop(local);
+       rate_control_deinitialize(local);
+       debugfs_hw_del(local);
+
+       for (i = 0; i < NUM_IEEE80211_MODES; i++) {
+               kfree(local->supp_rates[i]);
+               kfree(local->basic_rates[i]);
+       }
+
+       if (skb_queue_len(&local->skb_queue)
+                       || skb_queue_len(&local->skb_queue_unreliable))
+               printk(KERN_WARNING "%s: skb_queue not empty\n",
+                      wiphy_name(local->hw.wiphy));
+       skb_queue_purge(&local->skb_queue);
+       skb_queue_purge(&local->skb_queue_unreliable);
+
+       destroy_workqueue(local->hw.workqueue);
+       wiphy_unregister(local->hw.wiphy);
+       ieee80211_wep_free(local);
+       ieee80211_led_exit(local);
+}
+EXPORT_SYMBOL(ieee80211_unregister_hw);
+
+void ieee80211_free_hw(struct ieee80211_hw *hw)
+{
+       struct ieee80211_local *local = hw_to_local(hw);
+
+       ieee80211_if_free(local->mdev);
+       wiphy_free(local->hw.wiphy);
+}
+EXPORT_SYMBOL(ieee80211_free_hw);
+
+static int __init ieee80211_init(void)
+{
+       struct sk_buff *skb;
+       int ret;
+
+       BUILD_BUG_ON(sizeof(struct ieee80211_tx_packet_data) > sizeof(skb->cb));
+
+       ret = ieee80211_wme_register();
+       if (ret) {
+               printk(KERN_DEBUG "ieee80211_init: failed to "
+                      "initialize WME (err=%d)\n", ret);
+               return ret;
+       }
+
+       ieee80211_debugfs_netdev_init();
+       ieee80211_regdomain_init();
+
+       return 0;
+}
+
+static void __exit ieee80211_exit(void)
+{
+       ieee80211_wme_unregister();
+       ieee80211_debugfs_netdev_exit();
+}
+
+
+subsys_initcall(ieee80211_init);
+module_exit(ieee80211_exit);
+
+MODULE_DESCRIPTION("IEEE 802.11 subsystem");
+MODULE_LICENSE("GPL");
 
--- /dev/null
+/*
+ * IEEE 802.11 driver (80211.o) -- hostapd interface
+ * Copyright 2002-2004, Instant802 Networks, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#ifndef IEEE80211_COMMON_H
+#define IEEE80211_COMMON_H
+
+#include <linux/types.h>
+
+/*
+ * This is common header information with user space. It is used on all
+ * frames sent to wlan#ap interface.
+ */
+
+#define IEEE80211_FI_VERSION 0x80211001
+
+struct ieee80211_frame_info {
+       __be32 version;
+       __be32 length;
+       __be64 mactime;
+       __be64 hosttime;
+       __be32 phytype;
+       __be32 channel;
+       __be32 datarate;
+       __be32 antenna;
+       __be32 priority;
+       __be32 ssi_type;
+       __be32 ssi_signal;
+       __be32 ssi_noise;
+       __be32 preamble;
+       __be32 encoding;
+
+       /* Note: this structure is otherwise identical to capture format used
+        * in linux-wlan-ng, but this additional field is used to provide meta
+        * data about the frame to hostapd. This was the easiest method for
+        * providing this information, but this might change in the future. */
+       __be32 msg_type;
+} __attribute__ ((packed));
+
+
+enum ieee80211_msg_type {
+       ieee80211_msg_normal = 0,
+       ieee80211_msg_tx_callback_ack = 1,
+       ieee80211_msg_tx_callback_fail = 2,
+       /* hole at 3, was ieee80211_msg_passive_scan but unused */
+       /* hole at 4, was ieee80211_msg_wep_frame_unknown_key but now unused */
+       ieee80211_msg_michael_mic_failure = 5,
+       /* hole at 6, was monitor but never sent to userspace */
+       ieee80211_msg_sta_not_assoc = 7,
+       /* 8 was ieee80211_msg_set_aid_for_sta */
+       /* 9 was ieee80211_msg_key_threshold_notification */
+       /* 11 was ieee80211_msg_radar */
+};
+
+struct ieee80211_msg_key_notification {
+       int tx_rx_count;
+       char ifname[IFNAMSIZ];
+       u8 addr[ETH_ALEN]; /* ff:ff:ff:ff:ff:ff for broadcast keys */
+};
+
+
+enum ieee80211_phytype {
+       ieee80211_phytype_fhss_dot11_97  = 1,
+       ieee80211_phytype_dsss_dot11_97  = 2,
+       ieee80211_phytype_irbaseband     = 3,
+       ieee80211_phytype_dsss_dot11_b   = 4,
+       ieee80211_phytype_pbcc_dot11_b   = 5,
+       ieee80211_phytype_ofdm_dot11_g   = 6,
+       ieee80211_phytype_pbcc_dot11_g   = 7,
+       ieee80211_phytype_ofdm_dot11_a   = 8,
+};
+
+enum ieee80211_ssi_type {
+       ieee80211_ssi_none = 0,
+       ieee80211_ssi_norm = 1, /* normalized, 0-1000 */
+       ieee80211_ssi_dbm = 2,
+       ieee80211_ssi_raw = 3, /* raw SSI */
+};
+
+struct ieee80211_radar_info {
+               int channel;
+               int radar;
+               int radar_type;
+};
+
+#endif /* IEEE80211_COMMON_H */
 
--- /dev/null
+/*
+ * Copyright 2002-2005, Instant802 Networks, Inc.
+ * Copyright 2005, Devicescape Software, Inc.
+ * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#ifndef IEEE80211_I_H
+#define IEEE80211_I_H
+
+#include <linux/kernel.h>
+#include <linux/device.h>
+#include <linux/if_ether.h>
+#include <linux/interrupt.h>
+#include <linux/list.h>
+#include <linux/netdevice.h>
+#include <linux/skbuff.h>
+#include <linux/workqueue.h>
+#include <linux/types.h>
+#include <linux/spinlock.h>
+#include <linux/etherdevice.h>
+#include <net/wireless.h>
+#include "ieee80211_key.h"
+#include "sta_info.h"
+
+/* ieee80211.o internal definitions, etc. These are not included into
+ * low-level drivers. */
+
+#ifndef ETH_P_PAE
+#define ETH_P_PAE 0x888E /* Port Access Entity (IEEE 802.1X) */
+#endif /* ETH_P_PAE */
+
+#define WLAN_FC_DATA_PRESENT(fc) (((fc) & 0x4c) == 0x08)
+
+struct ieee80211_local;
+
+#define BIT(x) (1 << (x))
+
+#define IEEE80211_ALIGN32_PAD(a) ((4 - ((a) & 3)) & 3)
+
+/* Maximum number of broadcast/multicast frames to buffer when some of the
+ * associated stations are using power saving. */
+#define AP_MAX_BC_BUFFER 128
+
+/* Maximum number of frames buffered to all STAs, including multicast frames.
+ * Note: increasing this limit increases the potential memory requirement. Each
+ * frame can be up to about 2 kB long. */
+#define TOTAL_MAX_TX_BUFFER 512
+
+/* Required encryption head and tailroom */
+#define IEEE80211_ENCRYPT_HEADROOM 8
+#define IEEE80211_ENCRYPT_TAILROOM 12
+
+/* IEEE 802.11 (Ch. 9.5 Defragmentation) requires support for concurrent
+ * reception of at least three fragmented frames. This limit can be increased
+ * by changing this define, at the cost of slower frame reassembly and
+ * increased memory use (about 2 kB of RAM per entry). */
+#define IEEE80211_FRAGMENT_MAX 4
+
+struct ieee80211_fragment_entry {
+       unsigned long first_frag_time;
+       unsigned int seq;
+       unsigned int rx_queue;
+       unsigned int last_frag;
+       unsigned int extra_len;
+       struct sk_buff_head skb_list;
+       int ccmp; /* Whether fragments were encrypted with CCMP */
+       u8 last_pn[6]; /* PN of the last fragment if CCMP was used */
+};
+
+
+struct ieee80211_sta_bss {
+       struct list_head list;
+       struct ieee80211_sta_bss *hnext;
+       atomic_t users;
+
+       u8 bssid[ETH_ALEN];
+       u8 ssid[IEEE80211_MAX_SSID_LEN];
+       size_t ssid_len;
+       u16 capability; /* host byte order */
+       int hw_mode;
+       int channel;
+       int freq;
+       int rssi, signal, noise;
+       u8 *wpa_ie;
+       size_t wpa_ie_len;
+       u8 *rsn_ie;
+       size_t rsn_ie_len;
+       u8 *wmm_ie;
+       size_t wmm_ie_len;
+#define IEEE80211_MAX_SUPP_RATES 32
+       u8 supp_rates[IEEE80211_MAX_SUPP_RATES];
+       size_t supp_rates_len;
+       int beacon_int;
+       u64 timestamp;
+
+       int probe_resp;
+       unsigned long last_update;
+
+       /* during assocation, we save an ERP value from a probe response so
+        * that we can feed ERP info to the driver when handling the
+        * association completes. these fields probably won't be up-to-date
+        * otherwise, you probably don't want to use them. */
+       int has_erp_value;
+       u8 erp_value;
+};
+
+
+typedef enum {
+       TXRX_CONTINUE, TXRX_DROP, TXRX_QUEUED
+} ieee80211_txrx_result;
+
+/* flags used in struct ieee80211_txrx_data.flags */
+/* whether the MSDU was fragmented */
+#define IEEE80211_TXRXD_FRAGMENTED             BIT(0)
+#define IEEE80211_TXRXD_TXUNICAST              BIT(1)
+#define IEEE80211_TXRXD_TXPS_BUFFERED          BIT(2)
+#define IEEE80211_TXRXD_TXPROBE_LAST_FRAG      BIT(3)
+#define IEEE80211_TXRXD_RXIN_SCAN              BIT(4)
+/* frame is destined to interface currently processed (incl. multicast frames) */
+#define IEEE80211_TXRXD_RXRA_MATCH             BIT(5)
+#define IEEE80211_TXRXD_TX_INJECTED            BIT(6)
+struct ieee80211_txrx_data {
+       struct sk_buff *skb;
+       struct net_device *dev;
+       struct ieee80211_local *local;
+       struct ieee80211_sub_if_data *sdata;
+       struct sta_info *sta;
+       u16 fc, ethertype;
+       struct ieee80211_key *key;
+       unsigned int flags;
+       union {
+               struct {
+                       struct ieee80211_tx_control *control;
+                       struct ieee80211_hw_mode *mode;
+                       struct ieee80211_rate *rate;
+                       /* use this rate (if set) for last fragment; rate can
+                        * be set to lower rate for the first fragments, e.g.,
+                        * when using CTS protection with IEEE 802.11g. */
+                       struct ieee80211_rate *last_frag_rate;
+                       int last_frag_hwrate;
+
+                       /* Extra fragments (in addition to the first fragment
+                        * in skb) */
+                       int num_extra_frag;
+                       struct sk_buff **extra_frag;
+               } tx;
+               struct {
+                       struct ieee80211_rx_status *status;
+                       int sent_ps_buffered;
+                       int queue;
+                       int load;
+                       u32 tkip_iv32;
+                       u16 tkip_iv16;
+               } rx;
+       } u;
+};
+
+/* flags used in struct ieee80211_tx_packet_data.flags */
+#define IEEE80211_TXPD_REQ_TX_STATUS   BIT(0)
+#define IEEE80211_TXPD_DO_NOT_ENCRYPT  BIT(1)
+#define IEEE80211_TXPD_REQUEUE         BIT(2)
+/* Stored in sk_buff->cb */
+struct ieee80211_tx_packet_data {
+       int ifindex;
+       unsigned long jiffies;
+       unsigned int flags;
+       u8 queue;
+};
+
+struct ieee80211_tx_stored_packet {
+       struct ieee80211_tx_control control;
+       struct sk_buff *skb;
+       int num_extra_frag;
+       struct sk_buff **extra_frag;
+       int last_frag_rateidx;
+       int last_frag_hwrate;
+       struct ieee80211_rate *last_frag_rate;
+       unsigned int last_frag_rate_ctrl_probe;
+};
+
+typedef ieee80211_txrx_result (*ieee80211_tx_handler)
+(struct ieee80211_txrx_data *tx);
+
+typedef ieee80211_txrx_result (*ieee80211_rx_handler)
+(struct ieee80211_txrx_data *rx);
+
+struct ieee80211_if_ap {
+       u8 *beacon_head, *beacon_tail;
+       int beacon_head_len, beacon_tail_len;
+
+       struct list_head vlans;
+
+       u8 ssid[IEEE80211_MAX_SSID_LEN];
+       size_t ssid_len;
+
+       /* yes, this looks ugly, but guarantees that we can later use
+        * bitmap_empty :)
+        * NB: don't ever use set_bit, use bss_tim_set/bss_tim_clear! */
+       u8 tim[sizeof(unsigned long) * BITS_TO_LONGS(IEEE80211_MAX_AID + 1)];
+       atomic_t num_sta_ps; /* number of stations in PS mode */
+       struct sk_buff_head ps_bc_buf;
+       int dtim_period, dtim_count;
+       int force_unicast_rateidx; /* forced TX rateidx for unicast frames */
+       int max_ratectrl_rateidx; /* max TX rateidx for rate control */
+       int num_beacons; /* number of TXed beacon frames for this BSS */
+};
+
+struct ieee80211_if_wds {
+       u8 remote_addr[ETH_ALEN];
+       struct sta_info *sta;
+};
+
+struct ieee80211_if_vlan {
+       struct ieee80211_sub_if_data *ap;
+       struct list_head list;
+};
+
+/* flags used in struct ieee80211_if_sta.flags */
+#define IEEE80211_STA_SSID_SET         BIT(0)
+#define IEEE80211_STA_BSSID_SET                BIT(1)
+#define IEEE80211_STA_PREV_BSSID_SET   BIT(2)
+#define IEEE80211_STA_AUTHENTICATED    BIT(3)
+#define IEEE80211_STA_ASSOCIATED       BIT(4)
+#define IEEE80211_STA_PROBEREQ_POLL    BIT(5)
+#define IEEE80211_STA_CREATE_IBSS      BIT(6)
+#define IEEE80211_STA_MIXED_CELL       BIT(7)
+#define IEEE80211_STA_WMM_ENABLED      BIT(8)
+#define IEEE80211_STA_AUTO_SSID_SEL    BIT(10)
+#define IEEE80211_STA_AUTO_BSSID_SEL   BIT(11)
+#define IEEE80211_STA_AUTO_CHANNEL_SEL BIT(12)
+struct ieee80211_if_sta {
+       enum {
+               IEEE80211_DISABLED, IEEE80211_AUTHENTICATE,
+               IEEE80211_ASSOCIATE, IEEE80211_ASSOCIATED,
+               IEEE80211_IBSS_SEARCH, IEEE80211_IBSS_JOINED
+       } state;
+       struct timer_list timer;
+       struct work_struct work;
+       u8 bssid[ETH_ALEN], prev_bssid[ETH_ALEN];
+       u8 ssid[IEEE80211_MAX_SSID_LEN];
+       size_t ssid_len;
+       u16 aid;
+       u16 ap_capab, capab;
+       u8 *extra_ie; /* to be added to the end of AssocReq */
+       size_t extra_ie_len;
+
+       /* The last AssocReq/Resp IEs */
+       u8 *assocreq_ies, *assocresp_ies;
+       size_t assocreq_ies_len, assocresp_ies_len;
+
+       int auth_tries, assoc_tries;
+
+       unsigned int flags;
+#define IEEE80211_STA_REQ_SCAN 0
+#define IEEE80211_STA_REQ_AUTH 1
+#define IEEE80211_STA_REQ_RUN  2
+       unsigned long request;
+       struct sk_buff_head skb_queue;
+
+       int key_management_enabled;
+       unsigned long last_probe;
+
+#define IEEE80211_AUTH_ALG_OPEN BIT(0)
+#define IEEE80211_AUTH_ALG_SHARED_KEY BIT(1)
+#define IEEE80211_AUTH_ALG_LEAP BIT(2)
+       unsigned int auth_algs; /* bitfield of allowed auth algs */
+       int auth_alg; /* currently used IEEE 802.11 authentication algorithm */
+       int auth_transaction;
+
+       unsigned long ibss_join_req;
+       struct sk_buff *probe_resp; /* ProbeResp template for IBSS */
+       u32 supp_rates_bits;
+
+       int wmm_last_param_set;
+};
+
+
+/* flags used in struct ieee80211_sub_if_data.flags */
+#define IEEE80211_SDATA_ALLMULTI       BIT(0)
+#define IEEE80211_SDATA_PROMISC                BIT(1)
+#define IEEE80211_SDATA_USE_PROTECTION BIT(2) /* CTS protect ERP frames */
+/* use short preamble with IEEE 802.11b: this flag is set when the AP or beacon
+ * generator reports that there are no present stations that cannot support short
+ * preambles */
+#define IEEE80211_SDATA_SHORT_PREAMBLE BIT(3)
+#define IEEE80211_SDATA_USERSPACE_MLME BIT(4)
+struct ieee80211_sub_if_data {
+       struct list_head list;
+       enum ieee80211_if_types type;
+
+       struct wireless_dev wdev;
+
+       /* keys */
+       struct list_head key_list;
+
+       struct net_device *dev;
+       struct ieee80211_local *local;
+
+       unsigned int flags;
+
+       int drop_unencrypted;
+       int eapol; /* 0 = process EAPOL frames as normal data frames,
+                   * 1 = send EAPOL frames through wlan#ap to hostapd
+                   *     (default) */
+       int ieee802_1x; /* IEEE 802.1X PAE - drop packet to/from unauthorized
+                        * port */
+
+       u16 sequence;
+
+       /* Fragment table for host-based reassembly */
+       struct ieee80211_fragment_entry fragments[IEEE80211_FRAGMENT_MAX];
+       unsigned int fragment_next;
+
+#define NUM_DEFAULT_KEYS 4
+       struct ieee80211_key *keys[NUM_DEFAULT_KEYS];
+       struct ieee80211_key *default_key;
+
+       struct ieee80211_if_ap *bss; /* BSS that this device belongs to */
+
+       union {
+               struct ieee80211_if_ap ap;
+               struct ieee80211_if_wds wds;
+               struct ieee80211_if_vlan vlan;
+               struct ieee80211_if_sta sta;
+       } u;
+       int channel_use;
+       int channel_use_raw;
+
+#ifdef CONFIG_MAC80211_DEBUGFS
+       struct dentry *debugfsdir;
+       union {
+               struct {
+                       struct dentry *channel_use;
+                       struct dentry *drop_unencrypted;
+                       struct dentry *eapol;
+                       struct dentry *ieee8021_x;
+                       struct dentry *state;
+                       struct dentry *bssid;
+                       struct dentry *prev_bssid;
+                       struct dentry *ssid_len;
+                       struct dentry *aid;
+                       struct dentry *ap_capab;
+                       struct dentry *capab;
+                       struct dentry *extra_ie_len;
+                       struct dentry *auth_tries;
+                       struct dentry *assoc_tries;
+                       struct dentry *auth_algs;
+                       struct dentry *auth_alg;
+                       struct dentry *auth_transaction;
+                       struct dentry *flags;
+               } sta;
+               struct {
+                       struct dentry *channel_use;
+                       struct dentry *drop_unencrypted;
+                       struct dentry *eapol;
+                       struct dentry *ieee8021_x;
+                       struct dentry *num_sta_ps;
+                       struct dentry *dtim_period;
+                       struct dentry *dtim_count;
+                       struct dentry *num_beacons;
+                       struct dentry *force_unicast_rateidx;
+                       struct dentry *max_ratectrl_rateidx;
+                       struct dentry *num_buffered_multicast;
+                       struct dentry *beacon_head_len;
+                       struct dentry *beacon_tail_len;
+               } ap;
+               struct {
+                       struct dentry *channel_use;
+                       struct dentry *drop_unencrypted;
+                       struct dentry *eapol;
+                       struct dentry *ieee8021_x;
+                       struct dentry *peer;
+               } wds;
+               struct {
+                       struct dentry *channel_use;
+                       struct dentry *drop_unencrypted;
+                       struct dentry *eapol;
+                       struct dentry *ieee8021_x;
+               } vlan;
+               struct {
+                       struct dentry *mode;
+               } monitor;
+               struct dentry *default_key;
+       } debugfs;
+#endif
+};
+
+#define IEEE80211_DEV_TO_SUB_IF(dev) netdev_priv(dev)
+
+enum {
+       IEEE80211_RX_MSG        = 1,
+       IEEE80211_TX_STATUS_MSG = 2,
+};
+
+struct ieee80211_local {
+       /* embed the driver visible part.
+        * don't cast (use the static inlines below), but we keep
+        * it first anyway so they become a no-op */
+       struct ieee80211_hw hw;
+
+       const struct ieee80211_ops *ops;
+
+       /* List of registered struct ieee80211_hw_mode */
+       struct list_head modes_list;
+
+       struct net_device *mdev; /* wmaster# - "master" 802.11 device */
+       int open_count;
+       int monitors;
+       unsigned int filter_flags; /* FIF_* */
+       struct iw_statistics wstats;
+       u8 wstats_flags;
+       int tx_headroom; /* required headroom for hardware/radiotap */
+
+       enum {
+               IEEE80211_DEV_UNINITIALIZED = 0,
+               IEEE80211_DEV_REGISTERED,
+               IEEE80211_DEV_UNREGISTERED,
+       } reg_state;
+
+       /* Tasklet and skb queue to process calls from IRQ mode. All frames
+        * added to skb_queue will be processed, but frames in
+        * skb_queue_unreliable may be dropped if the total length of these
+        * queues increases over the limit. */
+#define IEEE80211_IRQSAFE_QUEUE_LIMIT 128
+       struct tasklet_struct tasklet;
+       struct sk_buff_head skb_queue;
+       struct sk_buff_head skb_queue_unreliable;
+
+       /* Station data structures */
+       rwlock_t sta_lock; /* protects STA data structures */
+       int num_sta; /* number of stations in sta_list */
+       struct list_head sta_list;
+       struct sta_info *sta_hash[STA_HASH_SIZE];
+       struct timer_list sta_cleanup;
+
+       unsigned long state[NUM_TX_DATA_QUEUES];
+       struct ieee80211_tx_stored_packet pending_packet[NUM_TX_DATA_QUEUES];
+       struct tasklet_struct tx_pending_tasklet;
+
+       /* number of interfaces with corresponding IFF_ flags */
+       atomic_t iff_allmultis, iff_promiscs;
+
+       struct rate_control_ref *rate_ctrl;
+
+       /* Supported and basic rate filters for different modes. These are
+        * pointers to -1 terminated lists and rates in 100 kbps units. */
+       int *supp_rates[NUM_IEEE80211_MODES];
+       int *basic_rates[NUM_IEEE80211_MODES];
+
+       int rts_threshold;
+       int fragmentation_threshold;
+       int short_retry_limit; /* dot11ShortRetryLimit */
+       int long_retry_limit; /* dot11LongRetryLimit */
+
+       struct crypto_blkcipher *wep_tx_tfm;
+       struct crypto_blkcipher *wep_rx_tfm;
+       u32 wep_iv;
+
+       int bridge_packets; /* bridge packets between associated stations and
+                            * deliver multicast frames both back to wireless
+                            * media and to the local net stack */
+
+       ieee80211_rx_handler *rx_pre_handlers;
+       ieee80211_rx_handler *rx_handlers;
+       ieee80211_tx_handler *tx_handlers;
+
+       struct list_head interfaces;
+
+       int sta_scanning;
+       int scan_channel_idx;
+       enum { SCAN_SET_CHANNEL, SCAN_SEND_PROBE } scan_state;
+       unsigned long last_scan_completed;
+       struct delayed_work scan_work;
+       struct net_device *scan_dev;
+       struct ieee80211_channel *oper_channel, *scan_channel;
+       struct ieee80211_hw_mode *oper_hw_mode, *scan_hw_mode;
+       u8 scan_ssid[IEEE80211_MAX_SSID_LEN];
+       size_t scan_ssid_len;
+       struct list_head sta_bss_list;
+       struct ieee80211_sta_bss *sta_bss_hash[STA_HASH_SIZE];
+       spinlock_t sta_bss_lock;
+#define IEEE80211_SCAN_MATCH_SSID BIT(0)
+#define IEEE80211_SCAN_WPA_ONLY BIT(1)
+#define IEEE80211_SCAN_EXTRA_INFO BIT(2)
+       int scan_flags;
+
+       /* SNMP counters */
+       /* dot11CountersTable */
+       u32 dot11TransmittedFragmentCount;
+       u32 dot11MulticastTransmittedFrameCount;
+       u32 dot11FailedCount;
+       u32 dot11RetryCount;
+       u32 dot11MultipleRetryCount;
+       u32 dot11FrameDuplicateCount;
+       u32 dot11ReceivedFragmentCount;
+       u32 dot11MulticastReceivedFrameCount;
+       u32 dot11TransmittedFrameCount;
+       u32 dot11WEPUndecryptableCount;
+
+#ifdef CONFIG_MAC80211_LEDS
+       int tx_led_counter, rx_led_counter;
+       struct led_trigger *tx_led, *rx_led, *assoc_led;
+       char tx_led_name[32], rx_led_name[32], assoc_led_name[32];
+#endif
+
+       u32 channel_use;
+       u32 channel_use_raw;
+
+#ifdef CONFIG_MAC80211_DEBUGFS
+       struct work_struct sta_debugfs_add;
+#endif
+
+#ifdef CONFIG_MAC80211_DEBUG_COUNTERS
+       /* TX/RX handler statistics */
+       unsigned int tx_handlers_drop;
+       unsigned int tx_handlers_queued;
+       unsigned int tx_handlers_drop_unencrypted;
+       unsigned int tx_handlers_drop_fragment;
+       unsigned int tx_handlers_drop_wep;
+       unsigned int tx_handlers_drop_not_assoc;
+       unsigned int tx_handlers_drop_unauth_port;
+       unsigned int rx_handlers_drop;
+       unsigned int rx_handlers_queued;
+       unsigned int rx_handlers_drop_nullfunc;
+       unsigned int rx_handlers_drop_defrag;
+       unsigned int rx_handlers_drop_short;
+       unsigned int rx_handlers_drop_passive_scan;
+       unsigned int tx_expand_skb_head;
+       unsigned int tx_expand_skb_head_cloned;
+       unsigned int rx_expand_skb_head;
+       unsigned int rx_expand_skb_head2;
+       unsigned int rx_handlers_fragments;
+       unsigned int tx_status_drop;
+       unsigned int wme_rx_queue[NUM_RX_DATA_QUEUES];
+       unsigned int wme_tx_queue[NUM_RX_DATA_QUEUES];
+#define I802_DEBUG_INC(c) (c)++
+#else /* CONFIG_MAC80211_DEBUG_COUNTERS */
+#define I802_DEBUG_INC(c) do { } while (0)
+#endif /* CONFIG_MAC80211_DEBUG_COUNTERS */
+
+
+       int total_ps_buffered; /* total number of all buffered unicast and
+                               * multicast packets for power saving stations
+                               */
+       int wifi_wme_noack_test;
+       unsigned int wmm_acm; /* bit field of ACM bits (BIT(802.1D tag)) */
+
+       unsigned int enabled_modes; /* bitfield of allowed modes;
+                                     * (1 << MODE_*) */
+       unsigned int hw_modes; /* bitfield of supported hardware modes;
+                               * (1 << MODE_*) */
+
+#ifdef CONFIG_MAC80211_DEBUGFS
+       struct local_debugfsdentries {
+               struct dentry *channel;
+               struct dentry *frequency;
+               struct dentry *antenna_sel_tx;
+               struct dentry *antenna_sel_rx;
+               struct dentry *bridge_packets;
+               struct dentry *rts_threshold;
+               struct dentry *fragmentation_threshold;
+               struct dentry *short_retry_limit;
+               struct dentry *long_retry_limit;
+               struct dentry *total_ps_buffered;
+               struct dentry *mode;
+               struct dentry *wep_iv;
+               struct dentry *modes;
+               struct dentry *statistics;
+               struct local_debugfsdentries_statsdentries {
+                       struct dentry *transmitted_fragment_count;
+                       struct dentry *multicast_transmitted_frame_count;
+                       struct dentry *failed_count;
+                       struct dentry *retry_count;
+                       struct dentry *multiple_retry_count;
+                       struct dentry *frame_duplicate_count;
+                       struct dentry *received_fragment_count;
+                       struct dentry *multicast_received_frame_count;
+                       struct dentry *transmitted_frame_count;
+                       struct dentry *wep_undecryptable_count;
+                       struct dentry *num_scans;
+#ifdef CONFIG_MAC80211_DEBUG_COUNTERS
+                       struct dentry *tx_handlers_drop;
+                       struct dentry *tx_handlers_queued;
+                       struct dentry *tx_handlers_drop_unencrypted;
+                       struct dentry *tx_handlers_drop_fragment;
+                       struct dentry *tx_handlers_drop_wep;
+                       struct dentry *tx_handlers_drop_not_assoc;
+                       struct dentry *tx_handlers_drop_unauth_port;
+                       struct dentry *rx_handlers_drop;
+                       struct dentry *rx_handlers_queued;
+                       struct dentry *rx_handlers_drop_nullfunc;
+                       struct dentry *rx_handlers_drop_defrag;
+                       struct dentry *rx_handlers_drop_short;
+                       struct dentry *rx_handlers_drop_passive_scan;
+                       struct dentry *tx_expand_skb_head;
+                       struct dentry *tx_expand_skb_head_cloned;
+                       struct dentry *rx_expand_skb_head;
+                       struct dentry *rx_expand_skb_head2;
+                       struct dentry *rx_handlers_fragments;
+                       struct dentry *tx_status_drop;
+                       struct dentry *wme_tx_queue;
+                       struct dentry *wme_rx_queue;
+#endif
+                       struct dentry *dot11ACKFailureCount;
+                       struct dentry *dot11RTSFailureCount;
+                       struct dentry *dot11FCSErrorCount;
+                       struct dentry *dot11RTSSuccessCount;
+               } stats;
+               struct dentry *stations;
+               struct dentry *keys;
+       } debugfs;
+#endif
+};
+
+static inline struct ieee80211_local *hw_to_local(
+       struct ieee80211_hw *hw)
+{
+       return container_of(hw, struct ieee80211_local, hw);
+}
+
+static inline struct ieee80211_hw *local_to_hw(
+       struct ieee80211_local *local)
+{
+       return &local->hw;
+}
+
+enum ieee80211_link_state_t {
+       IEEE80211_LINK_STATE_XOFF = 0,
+       IEEE80211_LINK_STATE_PENDING,
+};
+
+struct sta_attribute {
+       struct attribute attr;
+       ssize_t (*show)(const struct sta_info *, char *buf);
+       ssize_t (*store)(struct sta_info *, const char *buf, size_t count);
+};
+
+static inline void __bss_tim_set(struct ieee80211_if_ap *bss, u16 aid)
+{
+       /*
+        * This format has been mandated by the IEEE specifications,
+        * so this line may not be changed to use the __set_bit() format.
+        */
+       bss->tim[aid / 8] |= (1 << (aid % 8));
+}
+
+static inline void bss_tim_set(struct ieee80211_local *local,
+                              struct ieee80211_if_ap *bss, u16 aid)
+{
+       read_lock_bh(&local->sta_lock);
+       __bss_tim_set(bss, aid);
+       read_unlock_bh(&local->sta_lock);
+}
+
+static inline void __bss_tim_clear(struct ieee80211_if_ap *bss, u16 aid)
+{
+       /*
+        * This format has been mandated by the IEEE specifications,
+        * so this line may not be changed to use the __clear_bit() format.
+        */
+       bss->tim[aid / 8] &= ~(1 << (aid % 8));
+}
+
+static inline void bss_tim_clear(struct ieee80211_local *local,
+                                struct ieee80211_if_ap *bss, u16 aid)
+{
+       read_lock_bh(&local->sta_lock);
+       __bss_tim_clear(bss, aid);
+       read_unlock_bh(&local->sta_lock);
+}
+
+/**
+ * ieee80211_is_erp_rate - Check if a rate is an ERP rate
+ * @phymode: The PHY-mode for this rate (MODE_IEEE80211...)
+ * @rate: Transmission rate to check, in 100 kbps
+ *
+ * Check if a given rate is an Extended Rate PHY (ERP) rate.
+ */
+static inline int ieee80211_is_erp_rate(int phymode, int rate)
+{
+       if (phymode == MODE_IEEE80211G) {
+               if (rate != 10 && rate != 20 &&
+                   rate != 55 && rate != 110)
+                       return 1;
+       }
+       return 0;
+}
+
+static inline int ieee80211_bssid_match(const u8 *raddr, const u8 *addr)
+{
+       return compare_ether_addr(raddr, addr) == 0 ||
+              is_broadcast_ether_addr(raddr);
+}
+
+
+/* ieee80211.c */
+int ieee80211_hw_config(struct ieee80211_local *local);
+int ieee80211_if_config(struct net_device *dev);
+int ieee80211_if_config_beacon(struct net_device *dev);
+void ieee80211_prepare_rates(struct ieee80211_local *local,
+                            struct ieee80211_hw_mode *mode);
+void ieee80211_tx_set_iswep(struct ieee80211_txrx_data *tx);
+int ieee80211_if_update_wds(struct net_device *dev, u8 *remote_addr);
+void ieee80211_if_setup(struct net_device *dev);
+struct ieee80211_rate *ieee80211_get_rate(struct ieee80211_local *local,
+                                         int phymode, int hwrate);
+
+/* ieee80211_ioctl.c */
+extern const struct iw_handler_def ieee80211_iw_handler_def;
+
+
+/* Least common multiple of the used rates (in 100 kbps). This is used to
+ * calculate rate_inv values for each rate so that only integers are needed. */
+#define CHAN_UTIL_RATE_LCM 95040
+/* 1 usec is 1/8 * (95040/10) = 1188 */
+#define CHAN_UTIL_PER_USEC 1188
+/* Amount of bits to shift the result right to scale the total utilization
+ * to values that will not wrap around 32-bit integers. */
+#define CHAN_UTIL_SHIFT 9
+/* Theoretical maximum of channel utilization counter in 10 ms (stat_time=1):
+ * (CHAN_UTIL_PER_USEC * 10000) >> CHAN_UTIL_SHIFT = 23203. So dividing the
+ * raw value with about 23 should give utilization in 10th of a percentage
+ * (1/1000). However, utilization is only estimated and not all intervals
+ * between frames etc. are calculated. 18 seems to give numbers that are closer
+ * to the real maximum. */
+#define CHAN_UTIL_PER_10MS 18
+#define CHAN_UTIL_HDR_LONG (202 * CHAN_UTIL_PER_USEC)
+#define CHAN_UTIL_HDR_SHORT (40 * CHAN_UTIL_PER_USEC)
+
+
+/* ieee80211_ioctl.c */
+int ieee80211_set_compression(struct ieee80211_local *local,
+                             struct net_device *dev, struct sta_info *sta);
+int ieee80211_set_channel(struct ieee80211_local *local, int channel, int freq);
+/* ieee80211_sta.c */
+void ieee80211_sta_timer(unsigned long data);
+void ieee80211_sta_work(struct work_struct *work);
+void ieee80211_sta_scan_work(struct work_struct *work);
+void ieee80211_sta_rx_mgmt(struct net_device *dev, struct sk_buff *skb,
+                          struct ieee80211_rx_status *rx_status);
+int ieee80211_sta_set_ssid(struct net_device *dev, char *ssid, size_t len);
+int ieee80211_sta_get_ssid(struct net_device *dev, char *ssid, size_t *len);
+int ieee80211_sta_set_bssid(struct net_device *dev, u8 *bssid);
+int ieee80211_sta_req_scan(struct net_device *dev, u8 *ssid, size_t ssid_len);
+void ieee80211_sta_req_auth(struct net_device *dev,
+                           struct ieee80211_if_sta *ifsta);
+int ieee80211_sta_scan_results(struct net_device *dev, char *buf, size_t len);
+void ieee80211_sta_rx_scan(struct net_device *dev, struct sk_buff *skb,
+                          struct ieee80211_rx_status *rx_status);
+void ieee80211_rx_bss_list_init(struct net_device *dev);
+void ieee80211_rx_bss_list_deinit(struct net_device *dev);
+int ieee80211_sta_set_extra_ie(struct net_device *dev, char *ie, size_t len);
+struct sta_info * ieee80211_ibss_add_sta(struct net_device *dev,
+                                        struct sk_buff *skb, u8 *bssid,
+                                        u8 *addr);
+int ieee80211_sta_deauthenticate(struct net_device *dev, u16 reason);
+int ieee80211_sta_disassociate(struct net_device *dev, u16 reason);
+void ieee80211_erp_info_change_notify(struct net_device *dev, u8 changes);
+void ieee80211_reset_erp_info(struct net_device *dev);
+
+/* ieee80211_iface.c */
+int ieee80211_if_add(struct net_device *dev, const char *name,
+                    struct net_device **new_dev, int type);
+void ieee80211_if_set_type(struct net_device *dev, int type);
+void ieee80211_if_reinit(struct net_device *dev);
+void __ieee80211_if_del(struct ieee80211_local *local,
+                       struct ieee80211_sub_if_data *sdata);
+int ieee80211_if_remove(struct net_device *dev, const char *name, int id);
+void ieee80211_if_free(struct net_device *dev);
+void ieee80211_if_sdata_init(struct ieee80211_sub_if_data *sdata);
+
+/* regdomain.c */
+void ieee80211_regdomain_init(void);
+void ieee80211_set_default_regdomain(struct ieee80211_hw_mode *mode);
+
+/* rx handling */
+extern ieee80211_rx_handler ieee80211_rx_pre_handlers[];
+extern ieee80211_rx_handler ieee80211_rx_handlers[];
+
+/* tx handling */
+extern ieee80211_tx_handler ieee80211_tx_handlers[];
+void ieee80211_clear_tx_pending(struct ieee80211_local *local);
+void ieee80211_tx_pending(unsigned long data);
+int ieee80211_master_start_xmit(struct sk_buff *skb, struct net_device *dev);
+int ieee80211_monitor_start_xmit(struct sk_buff *skb, struct net_device *dev);
+int ieee80211_subif_start_xmit(struct sk_buff *skb, struct net_device *dev);
+
+/* utility functions/constants */
+extern void *mac80211_wiphy_privid; /* for wiphy privid */
+extern const unsigned char rfc1042_header[6];
+extern const unsigned char bridge_tunnel_header[6];
+u8 *ieee80211_get_bssid(struct ieee80211_hdr *hdr, size_t len);
+int ieee80211_is_eapol(const struct sk_buff *skb);
+int ieee80211_frame_duration(struct ieee80211_local *local, size_t len,
+                            int rate, int erp, int short_preamble);
+void mac80211_ev_michael_mic_failure(struct net_device *dev, int keyidx,
+                                    struct ieee80211_hdr *hdr);
+
+#endif /* IEEE80211_I_H */
 
--- /dev/null
+/*
+ * Copyright 2002-2005, Instant802 Networks, Inc.
+ * Copyright 2005-2006, Devicescape Software, Inc.
+ * Copyright (c) 2006 Jiri Benc <jbenc@suse.cz>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+#include <linux/kernel.h>
+#include <linux/if_arp.h>
+#include <linux/netdevice.h>
+#include <linux/rtnetlink.h>
+#include <net/mac80211.h>
+#include "ieee80211_i.h"
+#include "sta_info.h"
+#include "debugfs_netdev.h"
+
+void ieee80211_if_sdata_init(struct ieee80211_sub_if_data *sdata)
+{
+       int i;
+
+       /* Default values for sub-interface parameters */
+       sdata->drop_unencrypted = 0;
+       sdata->eapol = 1;
+       for (i = 0; i < IEEE80211_FRAGMENT_MAX; i++)
+               skb_queue_head_init(&sdata->fragments[i].skb_list);
+
+       INIT_LIST_HEAD(&sdata->key_list);
+}
+
+static void ieee80211_if_sdata_deinit(struct ieee80211_sub_if_data *sdata)
+{
+       int i;
+
+       for (i = 0; i < IEEE80211_FRAGMENT_MAX; i++) {
+               __skb_queue_purge(&sdata->fragments[i].skb_list);
+       }
+}
+
+/* Must be called with rtnl lock held. */
+int ieee80211_if_add(struct net_device *dev, const char *name,
+                    struct net_device **new_dev, int type)
+{
+       struct net_device *ndev;
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_sub_if_data *sdata = NULL;
+       int ret;
+
+       ASSERT_RTNL();
+       ndev = alloc_netdev(sizeof(struct ieee80211_sub_if_data),
+                           name, ieee80211_if_setup);
+       if (!ndev)
+               return -ENOMEM;
+
+       ret = dev_alloc_name(ndev, ndev->name);
+       if (ret < 0)
+               goto fail;
+
+       memcpy(ndev->dev_addr, local->hw.wiphy->perm_addr, ETH_ALEN);
+       ndev->base_addr = dev->base_addr;
+       ndev->irq = dev->irq;
+       ndev->mem_start = dev->mem_start;
+       ndev->mem_end = dev->mem_end;
+       SET_NETDEV_DEV(ndev, wiphy_dev(local->hw.wiphy));
+
+       sdata = IEEE80211_DEV_TO_SUB_IF(ndev);
+       ndev->ieee80211_ptr = &sdata->wdev;
+       sdata->wdev.wiphy = local->hw.wiphy;
+       sdata->type = IEEE80211_IF_TYPE_AP;
+       sdata->dev = ndev;
+       sdata->local = local;
+       ieee80211_if_sdata_init(sdata);
+
+       ret = register_netdevice(ndev);
+       if (ret)
+               goto fail;
+
+       ieee80211_debugfs_add_netdev(sdata);
+       ieee80211_if_set_type(ndev, type);
+
+       /* we're under RTNL so all this is fine */
+       if (unlikely(local->reg_state == IEEE80211_DEV_UNREGISTERED)) {
+               __ieee80211_if_del(local, sdata);
+               return -ENODEV;
+       }
+       list_add_tail_rcu(&sdata->list, &local->interfaces);
+
+       if (new_dev)
+               *new_dev = ndev;
+
+       return 0;
+
+fail:
+       free_netdev(ndev);
+       return ret;
+}
+
+void ieee80211_if_set_type(struct net_device *dev, int type)
+{
+       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       int oldtype = sdata->type;
+
+       /*
+        * We need to call this function on the master interface
+        * which already has a hard_start_xmit routine assigned
+        * which must not be changed.
+        */
+       if (dev != sdata->local->mdev)
+               dev->hard_start_xmit = ieee80211_subif_start_xmit;
+
+       /*
+        * Called even when register_netdevice fails, it would
+        * oops if assigned before initialising the rest.
+        */
+       dev->uninit = ieee80211_if_reinit;
+
+       /* most have no BSS pointer */
+       sdata->bss = NULL;
+       sdata->type = type;
+
+       switch (type) {
+       case IEEE80211_IF_TYPE_WDS:
+               /* nothing special */
+               break;
+       case IEEE80211_IF_TYPE_VLAN:
+               sdata->u.vlan.ap = NULL;
+               break;
+       case IEEE80211_IF_TYPE_AP:
+               sdata->u.ap.dtim_period = 2;
+               sdata->u.ap.force_unicast_rateidx = -1;
+               sdata->u.ap.max_ratectrl_rateidx = -1;
+               skb_queue_head_init(&sdata->u.ap.ps_bc_buf);
+               sdata->bss = &sdata->u.ap;
+               INIT_LIST_HEAD(&sdata->u.ap.vlans);
+               break;
+       case IEEE80211_IF_TYPE_STA:
+       case IEEE80211_IF_TYPE_IBSS: {
+               struct ieee80211_sub_if_data *msdata;
+               struct ieee80211_if_sta *ifsta;
+
+               ifsta = &sdata->u.sta;
+               INIT_WORK(&ifsta->work, ieee80211_sta_work);
+               setup_timer(&ifsta->timer, ieee80211_sta_timer,
+                           (unsigned long) sdata);
+               skb_queue_head_init(&ifsta->skb_queue);
+
+               ifsta->capab = WLAN_CAPABILITY_ESS;
+               ifsta->auth_algs = IEEE80211_AUTH_ALG_OPEN |
+                       IEEE80211_AUTH_ALG_SHARED_KEY;
+               ifsta->flags |= IEEE80211_STA_CREATE_IBSS |
+                       IEEE80211_STA_WMM_ENABLED |
+                       IEEE80211_STA_AUTO_BSSID_SEL |
+                       IEEE80211_STA_AUTO_CHANNEL_SEL;
+
+               msdata = IEEE80211_DEV_TO_SUB_IF(sdata->local->mdev);
+               sdata->bss = &msdata->u.ap;
+               break;
+       }
+       case IEEE80211_IF_TYPE_MNTR:
+               dev->type = ARPHRD_IEEE80211_RADIOTAP;
+               dev->hard_start_xmit = ieee80211_monitor_start_xmit;
+               break;
+       default:
+               printk(KERN_WARNING "%s: %s: Unknown interface type 0x%x",
+                      dev->name, __FUNCTION__, type);
+       }
+       ieee80211_debugfs_change_if_type(sdata, oldtype);
+}
+
+/* Must be called with rtnl lock held. */
+void ieee80211_if_reinit(struct net_device *dev)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       struct sta_info *sta;
+       struct sk_buff *skb;
+
+       ASSERT_RTNL();
+
+       ieee80211_free_keys(sdata);
+
+       ieee80211_if_sdata_deinit(sdata);
+
+       switch (sdata->type) {
+       case IEEE80211_IF_TYPE_INVALID:
+               /* cannot happen */
+               WARN_ON(1);
+               break;
+       case IEEE80211_IF_TYPE_AP: {
+               /* Remove all virtual interfaces that use this BSS
+                * as their sdata->bss */
+               struct ieee80211_sub_if_data *tsdata, *n;
+
+               list_for_each_entry_safe(tsdata, n, &local->interfaces, list) {
+                       if (tsdata != sdata && tsdata->bss == &sdata->u.ap) {
+                               printk(KERN_DEBUG "%s: removing virtual "
+                                      "interface %s because its BSS interface"
+                                      " is being removed\n",
+                                      sdata->dev->name, tsdata->dev->name);
+                               list_del_rcu(&tsdata->list);
+                               /*
+                                * We have lots of time and can afford
+                                * to sync for each interface
+                                */
+                               synchronize_rcu();
+                               __ieee80211_if_del(local, tsdata);
+                       }
+               }
+
+               kfree(sdata->u.ap.beacon_head);
+               kfree(sdata->u.ap.beacon_tail);
+
+               while ((skb = skb_dequeue(&sdata->u.ap.ps_bc_buf))) {
+                       local->total_ps_buffered--;
+                       dev_kfree_skb(skb);
+               }
+
+               break;
+       }
+       case IEEE80211_IF_TYPE_WDS:
+               sta = sta_info_get(local, sdata->u.wds.remote_addr);
+               if (sta) {
+                       sta_info_free(sta);
+                       sta_info_put(sta);
+               } else {
+#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
+                       printk(KERN_DEBUG "%s: Someone had deleted my STA "
+                              "entry for the WDS link\n", dev->name);
+#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
+               }
+               break;
+       case IEEE80211_IF_TYPE_STA:
+       case IEEE80211_IF_TYPE_IBSS:
+               kfree(sdata->u.sta.extra_ie);
+               sdata->u.sta.extra_ie = NULL;
+               kfree(sdata->u.sta.assocreq_ies);
+               sdata->u.sta.assocreq_ies = NULL;
+               kfree(sdata->u.sta.assocresp_ies);
+               sdata->u.sta.assocresp_ies = NULL;
+               if (sdata->u.sta.probe_resp) {
+                       dev_kfree_skb(sdata->u.sta.probe_resp);
+                       sdata->u.sta.probe_resp = NULL;
+               }
+
+               break;
+       case IEEE80211_IF_TYPE_MNTR:
+               dev->type = ARPHRD_ETHER;
+               break;
+       case IEEE80211_IF_TYPE_VLAN:
+               sdata->u.vlan.ap = NULL;
+               break;
+       }
+
+       /* remove all STAs that are bound to this virtual interface */
+       sta_info_flush(local, dev);
+
+       memset(&sdata->u, 0, sizeof(sdata->u));
+       ieee80211_if_sdata_init(sdata);
+}
+
+/* Must be called with rtnl lock held. */
+void __ieee80211_if_del(struct ieee80211_local *local,
+                       struct ieee80211_sub_if_data *sdata)
+{
+       struct net_device *dev = sdata->dev;
+
+       ieee80211_debugfs_remove_netdev(sdata);
+       unregister_netdevice(dev);
+       /* Except master interface, the net_device will be freed by
+        * net_device->destructor (i. e. ieee80211_if_free). */
+}
+
+/* Must be called with rtnl lock held. */
+int ieee80211_if_remove(struct net_device *dev, const char *name, int id)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_sub_if_data *sdata, *n;
+
+       ASSERT_RTNL();
+
+       list_for_each_entry_safe(sdata, n, &local->interfaces, list) {
+               if ((sdata->type == id || id == -1) &&
+                   strcmp(name, sdata->dev->name) == 0 &&
+                   sdata->dev != local->mdev) {
+                       list_del_rcu(&sdata->list);
+                       synchronize_rcu();
+                       __ieee80211_if_del(local, sdata);
+                       return 0;
+               }
+       }
+       return -ENODEV;
+}
+
+void ieee80211_if_free(struct net_device *dev)
+{
+       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+
+       ieee80211_if_sdata_deinit(sdata);
+       free_netdev(dev);
+}
 
--- /dev/null
+/*
+ * Copyright 2002-2005, Instant802 Networks, Inc.
+ * Copyright 2005-2006, Devicescape Software, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/netdevice.h>
+#include <linux/types.h>
+#include <linux/slab.h>
+#include <linux/skbuff.h>
+#include <linux/etherdevice.h>
+#include <linux/if_arp.h>
+#include <linux/wireless.h>
+#include <net/iw_handler.h>
+#include <asm/uaccess.h>
+
+#include <net/mac80211.h>
+#include "ieee80211_i.h"
+#include "ieee80211_rate.h"
+#include "wpa.h"
+#include "aes_ccm.h"
+
+
+static int ieee80211_set_encryption(struct net_device *dev, u8 *sta_addr,
+                                   int idx, int alg, int remove,
+                                   int set_tx_key, const u8 *_key,
+                                   size_t key_len)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       int ret = 0;
+       struct sta_info *sta;
+       struct ieee80211_key *key;
+       struct ieee80211_sub_if_data *sdata;
+
+       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+
+       if (idx < 0 || idx >= NUM_DEFAULT_KEYS) {
+               printk(KERN_DEBUG "%s: set_encrypt - invalid idx=%d\n",
+                      dev->name, idx);
+               return -EINVAL;
+       }
+
+       if (is_broadcast_ether_addr(sta_addr)) {
+               sta = NULL;
+               key = sdata->keys[idx];
+       } else {
+               set_tx_key = 0;
+               /*
+                * According to the standard, the key index of a pairwise
+                * key must be zero. However, some AP are broken when it
+                * comes to WEP key indices, so we work around this.
+                */
+               if (idx != 0 && alg != ALG_WEP) {
+                       printk(KERN_DEBUG "%s: set_encrypt - non-zero idx for "
+                              "individual key\n", dev->name);
+                       return -EINVAL;
+               }
+
+               sta = sta_info_get(local, sta_addr);
+               if (!sta) {
+#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
+                       printk(KERN_DEBUG "%s: set_encrypt - unknown addr "
+                              MAC_FMT "\n",
+                              dev->name, MAC_ARG(sta_addr));
+#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
+
+                       return -ENOENT;
+               }
+
+               key = sta->key;
+       }
+
+       if (remove) {
+               ieee80211_key_free(key);
+               key = NULL;
+       } else {
+               /*
+                * Automatically frees any old key if present.
+                */
+               key = ieee80211_key_alloc(sdata, sta, alg, idx, key_len, _key);
+               if (!key) {
+                       ret = -ENOMEM;
+                       goto err_out;
+               }
+       }
+
+       if (set_tx_key || (!sta && !sdata->default_key && key))
+               ieee80211_set_default_key(sdata, idx);
+
+       ret = 0;
+ err_out:
+       if (sta)
+               sta_info_put(sta);
+       return ret;
+}
+
+static int ieee80211_ioctl_siwgenie(struct net_device *dev,
+                                   struct iw_request_info *info,
+                                   struct iw_point *data, char *extra)
+{
+       struct ieee80211_sub_if_data *sdata;
+
+       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+
+       if (sdata->flags & IEEE80211_SDATA_USERSPACE_MLME)
+               return -EOPNOTSUPP;
+
+       if (sdata->type == IEEE80211_IF_TYPE_STA ||
+           sdata->type == IEEE80211_IF_TYPE_IBSS) {
+               int ret = ieee80211_sta_set_extra_ie(dev, extra, data->length);
+               if (ret)
+                       return ret;
+               sdata->u.sta.flags &= ~IEEE80211_STA_AUTO_BSSID_SEL;
+               ieee80211_sta_req_auth(dev, &sdata->u.sta);
+               return 0;
+       }
+
+       return -EOPNOTSUPP;
+}
+
+static int ieee80211_ioctl_giwname(struct net_device *dev,
+                                  struct iw_request_info *info,
+                                  char *name, char *extra)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+
+       switch (local->hw.conf.phymode) {
+       case MODE_IEEE80211A:
+               strcpy(name, "IEEE 802.11a");
+               break;
+       case MODE_IEEE80211B:
+               strcpy(name, "IEEE 802.11b");
+               break;
+       case MODE_IEEE80211G:
+               strcpy(name, "IEEE 802.11g");
+               break;
+       default:
+               strcpy(name, "IEEE 802.11");
+               break;
+       }
+
+       return 0;
+}
+
+
+static int ieee80211_ioctl_giwrange(struct net_device *dev,
+                                struct iw_request_info *info,
+                                struct iw_point *data, char *extra)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct iw_range *range = (struct iw_range *) extra;
+       struct ieee80211_hw_mode *mode = NULL;
+       int c = 0;
+
+       data->length = sizeof(struct iw_range);
+       memset(range, 0, sizeof(struct iw_range));
+
+       range->we_version_compiled = WIRELESS_EXT;
+       range->we_version_source = 21;
+       range->retry_capa = IW_RETRY_LIMIT;
+       range->retry_flags = IW_RETRY_LIMIT;
+       range->min_retry = 0;
+       range->max_retry = 255;
+       range->min_rts = 0;
+       range->max_rts = 2347;
+       range->min_frag = 256;
+       range->max_frag = 2346;
+
+       range->encoding_size[0] = 5;
+       range->encoding_size[1] = 13;
+       range->num_encoding_sizes = 2;
+       range->max_encoding_tokens = NUM_DEFAULT_KEYS;
+
+       range->max_qual.qual = local->hw.max_signal;
+       range->max_qual.level = local->hw.max_rssi;
+       range->max_qual.noise = local->hw.max_noise;
+       range->max_qual.updated = local->wstats_flags;
+
+       range->avg_qual.qual = local->hw.max_signal/2;
+       range->avg_qual.level = 0;
+       range->avg_qual.noise = 0;
+       range->avg_qual.updated = local->wstats_flags;
+
+       range->enc_capa = IW_ENC_CAPA_WPA | IW_ENC_CAPA_WPA2 |
+                         IW_ENC_CAPA_CIPHER_TKIP | IW_ENC_CAPA_CIPHER_CCMP;
+
+       list_for_each_entry(mode, &local->modes_list, list) {
+               int i = 0;
+
+               if (!(local->enabled_modes & (1 << mode->mode)) ||
+                   (local->hw_modes & local->enabled_modes &
+                    (1 << MODE_IEEE80211G) && mode->mode == MODE_IEEE80211B))
+                       continue;
+
+               while (i < mode->num_channels && c < IW_MAX_FREQUENCIES) {
+                       struct ieee80211_channel *chan = &mode->channels[i];
+
+                       if (chan->flag & IEEE80211_CHAN_W_SCAN) {
+                               range->freq[c].i = chan->chan;
+                               range->freq[c].m = chan->freq * 100000;
+                               range->freq[c].e = 1;
+                               c++;
+                       }
+                       i++;
+               }
+       }
+       range->num_channels = c;
+       range->num_frequency = c;
+
+       IW_EVENT_CAPA_SET_KERNEL(range->event_capa);
+       IW_EVENT_CAPA_SET(range->event_capa, SIOCGIWTHRSPY);
+       IW_EVENT_CAPA_SET(range->event_capa, SIOCGIWAP);
+       IW_EVENT_CAPA_SET(range->event_capa, SIOCGIWSCAN);
+
+       return 0;
+}
+
+
+static int ieee80211_ioctl_siwmode(struct net_device *dev,
+                                  struct iw_request_info *info,
+                                  __u32 *mode, char *extra)
+{
+       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       int type;
+
+       if (sdata->type == IEEE80211_IF_TYPE_VLAN)
+               return -EOPNOTSUPP;
+
+       switch (*mode) {
+       case IW_MODE_INFRA:
+               type = IEEE80211_IF_TYPE_STA;
+               break;
+       case IW_MODE_ADHOC:
+               type = IEEE80211_IF_TYPE_IBSS;
+               break;
+       case IW_MODE_MONITOR:
+               type = IEEE80211_IF_TYPE_MNTR;
+               break;
+       default:
+               return -EINVAL;
+       }
+
+       if (type == sdata->type)
+               return 0;
+       if (netif_running(dev))
+               return -EBUSY;
+
+       ieee80211_if_reinit(dev);
+       ieee80211_if_set_type(dev, type);
+
+       return 0;
+}
+
+
+static int ieee80211_ioctl_giwmode(struct net_device *dev,
+                                  struct iw_request_info *info,
+                                  __u32 *mode, char *extra)
+{
+       struct ieee80211_sub_if_data *sdata;
+
+       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       switch (sdata->type) {
+       case IEEE80211_IF_TYPE_AP:
+               *mode = IW_MODE_MASTER;
+               break;
+       case IEEE80211_IF_TYPE_STA:
+               *mode = IW_MODE_INFRA;
+               break;
+       case IEEE80211_IF_TYPE_IBSS:
+               *mode = IW_MODE_ADHOC;
+               break;
+       case IEEE80211_IF_TYPE_MNTR:
+               *mode = IW_MODE_MONITOR;
+               break;
+       case IEEE80211_IF_TYPE_WDS:
+               *mode = IW_MODE_REPEAT;
+               break;
+       case IEEE80211_IF_TYPE_VLAN:
+               *mode = IW_MODE_SECOND;         /* FIXME */
+               break;
+       default:
+               *mode = IW_MODE_AUTO;
+               break;
+       }
+       return 0;
+}
+
+int ieee80211_set_channel(struct ieee80211_local *local, int channel, int freq)
+{
+       struct ieee80211_hw_mode *mode;
+       int c, set = 0;
+       int ret = -EINVAL;
+
+       list_for_each_entry(mode, &local->modes_list, list) {
+               if (!(local->enabled_modes & (1 << mode->mode)))
+                       continue;
+               for (c = 0; c < mode->num_channels; c++) {
+                       struct ieee80211_channel *chan = &mode->channels[c];
+                       if (chan->flag & IEEE80211_CHAN_W_SCAN &&
+                           ((chan->chan == channel) || (chan->freq == freq))) {
+                               local->oper_channel = chan;
+                               local->oper_hw_mode = mode;
+                               set++;
+                       }
+               }
+       }
+
+       if (set) {
+               if (local->sta_scanning)
+                       ret = 0;
+               else
+                       ret = ieee80211_hw_config(local);
+
+               rate_control_clear(local);
+       }
+
+       return ret;
+}
+
+static int ieee80211_ioctl_siwfreq(struct net_device *dev,
+                                  struct iw_request_info *info,
+                                  struct iw_freq *freq, char *extra)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+
+       if (sdata->type == IEEE80211_IF_TYPE_STA)
+               sdata->u.sta.flags &= ~IEEE80211_STA_AUTO_CHANNEL_SEL;
+
+       /* freq->e == 0: freq->m = channel; otherwise freq = m * 10^e */
+       if (freq->e == 0) {
+               if (freq->m < 0) {
+                       if (sdata->type == IEEE80211_IF_TYPE_STA)
+                               sdata->u.sta.flags |=
+                                       IEEE80211_STA_AUTO_CHANNEL_SEL;
+                       return 0;
+               } else
+                       return ieee80211_set_channel(local, freq->m, -1);
+       } else {
+               int i, div = 1000000;
+               for (i = 0; i < freq->e; i++)
+                       div /= 10;
+               if (div > 0)
+                       return ieee80211_set_channel(local, -1, freq->m / div);
+               else
+                       return -EINVAL;
+       }
+}
+
+
+static int ieee80211_ioctl_giwfreq(struct net_device *dev,
+                                  struct iw_request_info *info,
+                                  struct iw_freq *freq, char *extra)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+
+       /* TODO: in station mode (Managed/Ad-hoc) might need to poll low-level
+        * driver for the current channel with firmware-based management */
+
+       freq->m = local->hw.conf.freq;
+       freq->e = 6;
+
+       return 0;
+}
+
+
+static int ieee80211_ioctl_siwessid(struct net_device *dev,
+                                   struct iw_request_info *info,
+                                   struct iw_point *data, char *ssid)
+{
+       struct ieee80211_sub_if_data *sdata;
+       size_t len = data->length;
+
+       /* iwconfig uses nul termination in SSID.. */
+       if (len > 0 && ssid[len - 1] == '\0')
+               len--;
+
+       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       if (sdata->type == IEEE80211_IF_TYPE_STA ||
+           sdata->type == IEEE80211_IF_TYPE_IBSS) {
+               int ret;
+               if (sdata->flags & IEEE80211_SDATA_USERSPACE_MLME) {
+                       if (len > IEEE80211_MAX_SSID_LEN)
+                               return -EINVAL;
+                       memcpy(sdata->u.sta.ssid, ssid, len);
+                       sdata->u.sta.ssid_len = len;
+                       return 0;
+               }
+               if (data->flags)
+                       sdata->u.sta.flags &= ~IEEE80211_STA_AUTO_SSID_SEL;
+               else
+                       sdata->u.sta.flags |= IEEE80211_STA_AUTO_SSID_SEL;
+               ret = ieee80211_sta_set_ssid(dev, ssid, len);
+               if (ret)
+                       return ret;
+               ieee80211_sta_req_auth(dev, &sdata->u.sta);
+               return 0;
+       }
+
+       if (sdata->type == IEEE80211_IF_TYPE_AP) {
+               memcpy(sdata->u.ap.ssid, ssid, len);
+               memset(sdata->u.ap.ssid + len, 0,
+                      IEEE80211_MAX_SSID_LEN - len);
+               sdata->u.ap.ssid_len = len;
+               return ieee80211_if_config(dev);
+       }
+       return -EOPNOTSUPP;
+}
+
+
+static int ieee80211_ioctl_giwessid(struct net_device *dev,
+                                   struct iw_request_info *info,
+                                   struct iw_point *data, char *ssid)
+{
+       size_t len;
+
+       struct ieee80211_sub_if_data *sdata;
+       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       if (sdata->type == IEEE80211_IF_TYPE_STA ||
+           sdata->type == IEEE80211_IF_TYPE_IBSS) {
+               int res = ieee80211_sta_get_ssid(dev, ssid, &len);
+               if (res == 0) {
+                       data->length = len;
+                       data->flags = 1;
+               } else
+                       data->flags = 0;
+               return res;
+       }
+
+       if (sdata->type == IEEE80211_IF_TYPE_AP) {
+               len = sdata->u.ap.ssid_len;
+               if (len > IW_ESSID_MAX_SIZE)
+                       len = IW_ESSID_MAX_SIZE;
+               memcpy(ssid, sdata->u.ap.ssid, len);
+               data->length = len;
+               data->flags = 1;
+               return 0;
+       }
+       return -EOPNOTSUPP;
+}
+
+
+static int ieee80211_ioctl_siwap(struct net_device *dev,
+                                struct iw_request_info *info,
+                                struct sockaddr *ap_addr, char *extra)
+{
+       struct ieee80211_sub_if_data *sdata;
+
+       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       if (sdata->type == IEEE80211_IF_TYPE_STA ||
+           sdata->type == IEEE80211_IF_TYPE_IBSS) {
+               int ret;
+               if (sdata->flags & IEEE80211_SDATA_USERSPACE_MLME) {
+                       memcpy(sdata->u.sta.bssid, (u8 *) &ap_addr->sa_data,
+                              ETH_ALEN);
+                       return 0;
+               }
+               if (is_zero_ether_addr((u8 *) &ap_addr->sa_data))
+                       sdata->u.sta.flags |= IEEE80211_STA_AUTO_BSSID_SEL |
+                               IEEE80211_STA_AUTO_CHANNEL_SEL;
+               else if (is_broadcast_ether_addr((u8 *) &ap_addr->sa_data))
+                       sdata->u.sta.flags |= IEEE80211_STA_AUTO_BSSID_SEL;
+               else
+                       sdata->u.sta.flags &= ~IEEE80211_STA_AUTO_BSSID_SEL;
+               ret = ieee80211_sta_set_bssid(dev, (u8 *) &ap_addr->sa_data);
+               if (ret)
+                       return ret;
+               ieee80211_sta_req_auth(dev, &sdata->u.sta);
+               return 0;
+       } else if (sdata->type == IEEE80211_IF_TYPE_WDS) {
+               if (memcmp(sdata->u.wds.remote_addr, (u8 *) &ap_addr->sa_data,
+                          ETH_ALEN) == 0)
+                       return 0;
+               return ieee80211_if_update_wds(dev, (u8 *) &ap_addr->sa_data);
+       }
+
+       return -EOPNOTSUPP;
+}
+
+
+static int ieee80211_ioctl_giwap(struct net_device *dev,
+                                struct iw_request_info *info,
+                                struct sockaddr *ap_addr, char *extra)
+{
+       struct ieee80211_sub_if_data *sdata;
+
+       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       if (sdata->type == IEEE80211_IF_TYPE_STA ||
+           sdata->type == IEEE80211_IF_TYPE_IBSS) {
+               ap_addr->sa_family = ARPHRD_ETHER;
+               memcpy(&ap_addr->sa_data, sdata->u.sta.bssid, ETH_ALEN);
+               return 0;
+       } else if (sdata->type == IEEE80211_IF_TYPE_WDS) {
+               ap_addr->sa_family = ARPHRD_ETHER;
+               memcpy(&ap_addr->sa_data, sdata->u.wds.remote_addr, ETH_ALEN);
+               return 0;
+       }
+
+       return -EOPNOTSUPP;
+}
+
+
+static int ieee80211_ioctl_siwscan(struct net_device *dev,
+                                  struct iw_request_info *info,
+                                  struct iw_point *data, char *extra)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       u8 *ssid = NULL;
+       size_t ssid_len = 0;
+
+       if (!netif_running(dev))
+               return -ENETDOWN;
+
+       switch (sdata->type) {
+       case IEEE80211_IF_TYPE_STA:
+       case IEEE80211_IF_TYPE_IBSS:
+               if (local->scan_flags & IEEE80211_SCAN_MATCH_SSID) {
+                       ssid = sdata->u.sta.ssid;
+                       ssid_len = sdata->u.sta.ssid_len;
+               }
+               break;
+       case IEEE80211_IF_TYPE_AP:
+               if (local->scan_flags & IEEE80211_SCAN_MATCH_SSID) {
+                       ssid = sdata->u.ap.ssid;
+                       ssid_len = sdata->u.ap.ssid_len;
+               }
+               break;
+       default:
+               return -EOPNOTSUPP;
+       }
+
+       return ieee80211_sta_req_scan(dev, ssid, ssid_len);
+}
+
+
+static int ieee80211_ioctl_giwscan(struct net_device *dev,
+                                  struct iw_request_info *info,
+                                  struct iw_point *data, char *extra)
+{
+       int res;
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       if (local->sta_scanning)
+               return -EAGAIN;
+       res = ieee80211_sta_scan_results(dev, extra, data->length);
+       if (res >= 0) {
+               data->length = res;
+               return 0;
+       }
+       data->length = 0;
+       return res;
+}
+
+
+static int ieee80211_ioctl_siwrate(struct net_device *dev,
+                                 struct iw_request_info *info,
+                                 struct iw_param *rate, char *extra)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_hw_mode *mode;
+       int i;
+       u32 target_rate = rate->value / 100000;
+       struct ieee80211_sub_if_data *sdata;
+
+       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       if (!sdata->bss)
+               return -ENODEV;
+       mode = local->oper_hw_mode;
+       /* target_rate = -1, rate->fixed = 0 means auto only, so use all rates
+        * target_rate = X, rate->fixed = 1 means only rate X
+        * target_rate = X, rate->fixed = 0 means all rates <= X */
+       sdata->bss->max_ratectrl_rateidx = -1;
+       sdata->bss->force_unicast_rateidx = -1;
+       if (rate->value < 0)
+               return 0;
+       for (i=0; i< mode->num_rates; i++) {
+               struct ieee80211_rate *rates = &mode->rates[i];
+               int this_rate = rates->rate;
+
+               if (target_rate == this_rate) {
+                       sdata->bss->max_ratectrl_rateidx = i;
+                       if (rate->fixed)
+                               sdata->bss->force_unicast_rateidx = i;
+                       break;
+               }
+       }
+       return 0;
+}
+
+static int ieee80211_ioctl_giwrate(struct net_device *dev,
+                                 struct iw_request_info *info,
+                                 struct iw_param *rate, char *extra)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct sta_info *sta;
+       struct ieee80211_sub_if_data *sdata;
+
+       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       if (sdata->type == IEEE80211_IF_TYPE_STA)
+               sta = sta_info_get(local, sdata->u.sta.bssid);
+       else
+               return -EOPNOTSUPP;
+       if (!sta)
+               return -ENODEV;
+       if (sta->txrate < local->oper_hw_mode->num_rates)
+               rate->value = local->oper_hw_mode->rates[sta->txrate].rate * 100000;
+       else
+               rate->value = 0;
+       sta_info_put(sta);
+       return 0;
+}
+
+static int ieee80211_ioctl_siwtxpower(struct net_device *dev,
+                                     struct iw_request_info *info,
+                                     union iwreq_data *data, char *extra)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       bool need_reconfig = 0;
+
+       if ((data->txpower.flags & IW_TXPOW_TYPE) != IW_TXPOW_DBM)
+               return -EINVAL;
+       if (data->txpower.flags & IW_TXPOW_RANGE)
+               return -EINVAL;
+       if (!data->txpower.fixed)
+               return -EINVAL;
+
+       if (local->hw.conf.power_level != data->txpower.value) {
+               local->hw.conf.power_level = data->txpower.value;
+               need_reconfig = 1;
+       }
+       if (local->hw.conf.radio_enabled != !(data->txpower.disabled)) {
+               local->hw.conf.radio_enabled = !(data->txpower.disabled);
+               need_reconfig = 1;
+       }
+       if (need_reconfig) {
+               ieee80211_hw_config(local);
+               /* The return value of hw_config is not of big interest here,
+                * as it doesn't say that it failed because of _this_ config
+                * change or something else. Ignore it. */
+       }
+
+       return 0;
+}
+
+static int ieee80211_ioctl_giwtxpower(struct net_device *dev,
+                                  struct iw_request_info *info,
+                                  union iwreq_data *data, char *extra)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+
+       data->txpower.fixed = 1;
+       data->txpower.disabled = !(local->hw.conf.radio_enabled);
+       data->txpower.value = local->hw.conf.power_level;
+       data->txpower.flags = IW_TXPOW_DBM;
+
+       return 0;
+}
+
+static int ieee80211_ioctl_siwrts(struct net_device *dev,
+                                 struct iw_request_info *info,
+                                 struct iw_param *rts, char *extra)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+
+       if (rts->disabled)
+               local->rts_threshold = IEEE80211_MAX_RTS_THRESHOLD;
+       else if (rts->value < 0 || rts->value > IEEE80211_MAX_RTS_THRESHOLD)
+               return -EINVAL;
+       else
+               local->rts_threshold = rts->value;
+
+       /* If the wlan card performs RTS/CTS in hardware/firmware,
+        * configure it here */
+
+       if (local->ops->set_rts_threshold)
+               local->ops->set_rts_threshold(local_to_hw(local),
+                                            local->rts_threshold);
+
+       return 0;
+}
+
+static int ieee80211_ioctl_giwrts(struct net_device *dev,
+                                 struct iw_request_info *info,
+                                 struct iw_param *rts, char *extra)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+
+       rts->value = local->rts_threshold;
+       rts->disabled = (rts->value >= IEEE80211_MAX_RTS_THRESHOLD);
+       rts->fixed = 1;
+
+       return 0;
+}
+
+
+static int ieee80211_ioctl_siwfrag(struct net_device *dev,
+                                  struct iw_request_info *info,
+                                  struct iw_param *frag, char *extra)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+
+       if (frag->disabled)
+               local->fragmentation_threshold = IEEE80211_MAX_FRAG_THRESHOLD;
+       else if (frag->value < 256 ||
+                frag->value > IEEE80211_MAX_FRAG_THRESHOLD)
+               return -EINVAL;
+       else {
+               /* Fragment length must be even, so strip LSB. */
+               local->fragmentation_threshold = frag->value & ~0x1;
+       }
+
+       /* If the wlan card performs fragmentation in hardware/firmware,
+        * configure it here */
+
+       if (local->ops->set_frag_threshold)
+               local->ops->set_frag_threshold(
+                       local_to_hw(local),
+                       local->fragmentation_threshold);
+
+       return 0;
+}
+
+static int ieee80211_ioctl_giwfrag(struct net_device *dev,
+                                  struct iw_request_info *info,
+                                  struct iw_param *frag, char *extra)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+
+       frag->value = local->fragmentation_threshold;
+       frag->disabled = (frag->value >= IEEE80211_MAX_RTS_THRESHOLD);
+       frag->fixed = 1;
+
+       return 0;
+}
+
+
+static int ieee80211_ioctl_siwretry(struct net_device *dev,
+                                   struct iw_request_info *info,
+                                   struct iw_param *retry, char *extra)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+
+       if (retry->disabled ||
+           (retry->flags & IW_RETRY_TYPE) != IW_RETRY_LIMIT)
+               return -EINVAL;
+
+       if (retry->flags & IW_RETRY_MAX)
+               local->long_retry_limit = retry->value;
+       else if (retry->flags & IW_RETRY_MIN)
+               local->short_retry_limit = retry->value;
+       else {
+               local->long_retry_limit = retry->value;
+               local->short_retry_limit = retry->value;
+       }
+
+       if (local->ops->set_retry_limit) {
+               return local->ops->set_retry_limit(
+                       local_to_hw(local),
+                       local->short_retry_limit,
+                       local->long_retry_limit);
+       }
+
+       return 0;
+}
+
+
+static int ieee80211_ioctl_giwretry(struct net_device *dev,
+                                   struct iw_request_info *info,
+                                   struct iw_param *retry, char *extra)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+
+       retry->disabled = 0;
+       if (retry->flags == 0 || retry->flags & IW_RETRY_MIN) {
+               /* first return min value, iwconfig will ask max value
+                * later if needed */
+               retry->flags |= IW_RETRY_LIMIT;
+               retry->value = local->short_retry_limit;
+               if (local->long_retry_limit != local->short_retry_limit)
+                       retry->flags |= IW_RETRY_MIN;
+               return 0;
+       }
+       if (retry->flags & IW_RETRY_MAX) {
+               retry->flags = IW_RETRY_LIMIT | IW_RETRY_MAX;
+               retry->value = local->long_retry_limit;
+       }
+
+       return 0;
+}
+
+static int ieee80211_ioctl_siwmlme(struct net_device *dev,
+                                  struct iw_request_info *info,
+                                  struct iw_point *data, char *extra)
+{
+       struct ieee80211_sub_if_data *sdata;
+       struct iw_mlme *mlme = (struct iw_mlme *) extra;
+
+       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       if (sdata->type != IEEE80211_IF_TYPE_STA &&
+           sdata->type != IEEE80211_IF_TYPE_IBSS)
+               return -EINVAL;
+
+       switch (mlme->cmd) {
+       case IW_MLME_DEAUTH:
+               /* TODO: mlme->addr.sa_data */
+               return ieee80211_sta_deauthenticate(dev, mlme->reason_code);
+       case IW_MLME_DISASSOC:
+               /* TODO: mlme->addr.sa_data */
+               return ieee80211_sta_disassociate(dev, mlme->reason_code);
+       default:
+               return -EOPNOTSUPP;
+       }
+}
+
+
+static int ieee80211_ioctl_siwencode(struct net_device *dev,
+                                    struct iw_request_info *info,
+                                    struct iw_point *erq, char *keybuf)
+{
+       struct ieee80211_sub_if_data *sdata;
+       int idx, i, alg = ALG_WEP;
+       u8 bcaddr[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
+       int remove = 0;
+
+       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+
+       idx = erq->flags & IW_ENCODE_INDEX;
+       if (idx == 0) {
+               if (sdata->default_key)
+                       for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
+                               if (sdata->default_key == sdata->keys[i]) {
+                                       idx = i;
+                                       break;
+                               }
+                       }
+       } else if (idx < 1 || idx > 4)
+               return -EINVAL;
+       else
+               idx--;
+
+       if (erq->flags & IW_ENCODE_DISABLED)
+               remove = 1;
+       else if (erq->length == 0) {
+               /* No key data - just set the default TX key index */
+               ieee80211_set_default_key(sdata, idx);
+               return 0;
+       }
+
+       return ieee80211_set_encryption(
+               dev, bcaddr,
+               idx, alg, remove,
+               !sdata->default_key,
+               keybuf, erq->length);
+}
+
+
+static int ieee80211_ioctl_giwencode(struct net_device *dev,
+                                    struct iw_request_info *info,
+                                    struct iw_point *erq, char *key)
+{
+       struct ieee80211_sub_if_data *sdata;
+       int idx, i;
+
+       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+
+       idx = erq->flags & IW_ENCODE_INDEX;
+       if (idx < 1 || idx > 4) {
+               idx = -1;
+               if (!sdata->default_key)
+                       idx = 0;
+               else for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
+                       if (sdata->default_key == sdata->keys[i]) {
+                               idx = i;
+                               break;
+                       }
+               }
+               if (idx < 0)
+                       return -EINVAL;
+       } else
+               idx--;
+
+       erq->flags = idx + 1;
+
+       if (!sdata->keys[idx]) {
+               erq->length = 0;
+               erq->flags |= IW_ENCODE_DISABLED;
+               return 0;
+       }
+
+       memcpy(key, sdata->keys[idx]->conf.key,
+              min_t(int, erq->length, sdata->keys[idx]->conf.keylen));
+       erq->length = sdata->keys[idx]->conf.keylen;
+       erq->flags |= IW_ENCODE_ENABLED;
+
+       return 0;
+}
+
+static int ieee80211_ioctl_siwauth(struct net_device *dev,
+                                  struct iw_request_info *info,
+                                  struct iw_param *data, char *extra)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       int ret = 0;
+
+       switch (data->flags & IW_AUTH_INDEX) {
+       case IW_AUTH_WPA_VERSION:
+       case IW_AUTH_CIPHER_PAIRWISE:
+       case IW_AUTH_CIPHER_GROUP:
+       case IW_AUTH_WPA_ENABLED:
+       case IW_AUTH_RX_UNENCRYPTED_EAPOL:
+               break;
+       case IW_AUTH_KEY_MGMT:
+               if (sdata->type != IEEE80211_IF_TYPE_STA)
+                       ret = -EINVAL;
+               else {
+                       /*
+                        * Key management was set by wpa_supplicant,
+                        * we only need this to associate to a network
+                        * that has privacy enabled regardless of not
+                        * having a key.
+                        */
+                       sdata->u.sta.key_management_enabled = !!data->value;
+               }
+               break;
+       case IW_AUTH_80211_AUTH_ALG:
+               if (sdata->type == IEEE80211_IF_TYPE_STA ||
+                   sdata->type == IEEE80211_IF_TYPE_IBSS)
+                       sdata->u.sta.auth_algs = data->value;
+               else
+                       ret = -EOPNOTSUPP;
+               break;
+       case IW_AUTH_PRIVACY_INVOKED:
+               if (local->ops->set_privacy_invoked)
+                       ret = local->ops->set_privacy_invoked(
+                                       local_to_hw(local), data->value);
+               break;
+       default:
+               ret = -EOPNOTSUPP;
+               break;
+       }
+       return ret;
+}
+
+/* Get wireless statistics.  Called by /proc/net/wireless and by SIOCGIWSTATS */
+static struct iw_statistics *ieee80211_get_wireless_stats(struct net_device *dev)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct iw_statistics *wstats = &local->wstats;
+       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       struct sta_info *sta = NULL;
+
+       if (sdata->type == IEEE80211_IF_TYPE_STA ||
+           sdata->type == IEEE80211_IF_TYPE_IBSS)
+               sta = sta_info_get(local, sdata->u.sta.bssid);
+       if (!sta) {
+               wstats->discard.fragment = 0;
+               wstats->discard.misc = 0;
+               wstats->qual.qual = 0;
+               wstats->qual.level = 0;
+               wstats->qual.noise = 0;
+               wstats->qual.updated = IW_QUAL_ALL_INVALID;
+       } else {
+               wstats->qual.level = sta->last_rssi;
+               wstats->qual.qual = sta->last_signal;
+               wstats->qual.noise = sta->last_noise;
+               wstats->qual.updated = local->wstats_flags;
+               sta_info_put(sta);
+       }
+       return wstats;
+}
+
+static int ieee80211_ioctl_giwauth(struct net_device *dev,
+                                  struct iw_request_info *info,
+                                  struct iw_param *data, char *extra)
+{
+       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       int ret = 0;
+
+       switch (data->flags & IW_AUTH_INDEX) {
+       case IW_AUTH_80211_AUTH_ALG:
+               if (sdata->type == IEEE80211_IF_TYPE_STA ||
+                   sdata->type == IEEE80211_IF_TYPE_IBSS)
+                       data->value = sdata->u.sta.auth_algs;
+               else
+                       ret = -EOPNOTSUPP;
+               break;
+       default:
+               ret = -EOPNOTSUPP;
+               break;
+       }
+       return ret;
+}
+
+
+static int ieee80211_ioctl_siwencodeext(struct net_device *dev,
+                                       struct iw_request_info *info,
+                                       struct iw_point *erq, char *extra)
+{
+       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       struct iw_encode_ext *ext = (struct iw_encode_ext *) extra;
+       int uninitialized_var(alg), idx, i, remove = 0;
+
+       switch (ext->alg) {
+       case IW_ENCODE_ALG_NONE:
+               remove = 1;
+               break;
+       case IW_ENCODE_ALG_WEP:
+               alg = ALG_WEP;
+               break;
+       case IW_ENCODE_ALG_TKIP:
+               alg = ALG_TKIP;
+               break;
+       case IW_ENCODE_ALG_CCMP:
+               alg = ALG_CCMP;
+               break;
+       default:
+               return -EOPNOTSUPP;
+       }
+
+       if (erq->flags & IW_ENCODE_DISABLED)
+               remove = 1;
+
+       idx = erq->flags & IW_ENCODE_INDEX;
+       if (idx < 1 || idx > 4) {
+               idx = -1;
+               if (!sdata->default_key)
+                       idx = 0;
+               else for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
+                       if (sdata->default_key == sdata->keys[i]) {
+                               idx = i;
+                               break;
+                       }
+               }
+               if (idx < 0)
+                       return -EINVAL;
+       } else
+               idx--;
+
+       return ieee80211_set_encryption(dev, ext->addr.sa_data, idx, alg,
+                                       remove,
+                                       ext->ext_flags &
+                                       IW_ENCODE_EXT_SET_TX_KEY,
+                                       ext->key, ext->key_len);
+}
+
+
+/* Structures to export the Wireless Handlers */
+
+static const iw_handler ieee80211_handler[] =
+{
+       (iw_handler) NULL,                              /* SIOCSIWCOMMIT */
+       (iw_handler) ieee80211_ioctl_giwname,           /* SIOCGIWNAME */
+       (iw_handler) NULL,                              /* SIOCSIWNWID */
+       (iw_handler) NULL,                              /* SIOCGIWNWID */
+       (iw_handler) ieee80211_ioctl_siwfreq,           /* SIOCSIWFREQ */
+       (iw_handler) ieee80211_ioctl_giwfreq,           /* SIOCGIWFREQ */
+       (iw_handler) ieee80211_ioctl_siwmode,           /* SIOCSIWMODE */
+       (iw_handler) ieee80211_ioctl_giwmode,           /* SIOCGIWMODE */
+       (iw_handler) NULL,                              /* SIOCSIWSENS */
+       (iw_handler) NULL,                              /* SIOCGIWSENS */
+       (iw_handler) NULL /* not used */,               /* SIOCSIWRANGE */
+       (iw_handler) ieee80211_ioctl_giwrange,          /* SIOCGIWRANGE */
+       (iw_handler) NULL /* not used */,               /* SIOCSIWPRIV */
+       (iw_handler) NULL /* kernel code */,            /* SIOCGIWPRIV */
+       (iw_handler) NULL /* not used */,               /* SIOCSIWSTATS */
+       (iw_handler) NULL /* kernel code */,            /* SIOCGIWSTATS */
+       (iw_handler) NULL,                              /* SIOCSIWSPY */
+       (iw_handler) NULL,                              /* SIOCGIWSPY */
+       (iw_handler) NULL,                              /* SIOCSIWTHRSPY */
+       (iw_handler) NULL,                              /* SIOCGIWTHRSPY */
+       (iw_handler) ieee80211_ioctl_siwap,             /* SIOCSIWAP */
+       (iw_handler) ieee80211_ioctl_giwap,             /* SIOCGIWAP */
+       (iw_handler) ieee80211_ioctl_siwmlme,           /* SIOCSIWMLME */
+       (iw_handler) NULL,                              /* SIOCGIWAPLIST */
+       (iw_handler) ieee80211_ioctl_siwscan,           /* SIOCSIWSCAN */
+       (iw_handler) ieee80211_ioctl_giwscan,           /* SIOCGIWSCAN */
+       (iw_handler) ieee80211_ioctl_siwessid,          /* SIOCSIWESSID */
+       (iw_handler) ieee80211_ioctl_giwessid,          /* SIOCGIWESSID */
+       (iw_handler) NULL,                              /* SIOCSIWNICKN */
+       (iw_handler) NULL,                              /* SIOCGIWNICKN */
+       (iw_handler) NULL,                              /* -- hole -- */
+       (iw_handler) NULL,                              /* -- hole -- */
+       (iw_handler) ieee80211_ioctl_siwrate,           /* SIOCSIWRATE */
+       (iw_handler) ieee80211_ioctl_giwrate,           /* SIOCGIWRATE */
+       (iw_handler) ieee80211_ioctl_siwrts,            /* SIOCSIWRTS */
+       (iw_handler) ieee80211_ioctl_giwrts,            /* SIOCGIWRTS */
+       (iw_handler) ieee80211_ioctl_siwfrag,           /* SIOCSIWFRAG */
+       (iw_handler) ieee80211_ioctl_giwfrag,           /* SIOCGIWFRAG */
+       (iw_handler) ieee80211_ioctl_siwtxpower,        /* SIOCSIWTXPOW */
+       (iw_handler) ieee80211_ioctl_giwtxpower,        /* SIOCGIWTXPOW */
+       (iw_handler) ieee80211_ioctl_siwretry,          /* SIOCSIWRETRY */
+       (iw_handler) ieee80211_ioctl_giwretry,          /* SIOCGIWRETRY */
+       (iw_handler) ieee80211_ioctl_siwencode,         /* SIOCSIWENCODE */
+       (iw_handler) ieee80211_ioctl_giwencode,         /* SIOCGIWENCODE */
+       (iw_handler) NULL,                              /* SIOCSIWPOWER */
+       (iw_handler) NULL,                              /* SIOCGIWPOWER */
+       (iw_handler) NULL,                              /* -- hole -- */
+       (iw_handler) NULL,                              /* -- hole -- */
+       (iw_handler) ieee80211_ioctl_siwgenie,          /* SIOCSIWGENIE */
+       (iw_handler) NULL,                              /* SIOCGIWGENIE */
+       (iw_handler) ieee80211_ioctl_siwauth,           /* SIOCSIWAUTH */
+       (iw_handler) ieee80211_ioctl_giwauth,           /* SIOCGIWAUTH */
+       (iw_handler) ieee80211_ioctl_siwencodeext,      /* SIOCSIWENCODEEXT */
+       (iw_handler) NULL,                              /* SIOCGIWENCODEEXT */
+       (iw_handler) NULL,                              /* SIOCSIWPMKSA */
+       (iw_handler) NULL,                              /* -- hole -- */
+};
+
+const struct iw_handler_def ieee80211_iw_handler_def =
+{
+       .num_standard   = ARRAY_SIZE(ieee80211_handler),
+       .standard       = (iw_handler *) ieee80211_handler,
+       .get_wireless_stats = ieee80211_get_wireless_stats,
+};
 
--- /dev/null
+/*
+ * Copyright 2002-2004, Instant802 Networks, Inc.
+ * Copyright 2005, Devicescape Software, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#ifndef IEEE80211_KEY_H
+#define IEEE80211_KEY_H
+
+#include <linux/types.h>
+#include <linux/list.h>
+#include <linux/crypto.h>
+#include <net/mac80211.h>
+
+/* ALG_TKIP
+ * struct ieee80211_key::key is encoded as a 256-bit (32 byte) data block:
+ * Temporal Encryption Key (128 bits)
+ * Temporal Authenticator Tx MIC Key (64 bits)
+ * Temporal Authenticator Rx MIC Key (64 bits)
+ */
+
+#define WEP_IV_LEN 4
+#define WEP_ICV_LEN 4
+
+#define ALG_TKIP_KEY_LEN 32
+/* Starting offsets for each key */
+#define ALG_TKIP_TEMP_ENCR_KEY 0
+#define ALG_TKIP_TEMP_AUTH_TX_MIC_KEY 16
+#define ALG_TKIP_TEMP_AUTH_RX_MIC_KEY 24
+#define TKIP_IV_LEN 8
+#define TKIP_ICV_LEN 4
+
+#define ALG_CCMP_KEY_LEN 16
+#define CCMP_HDR_LEN 8
+#define CCMP_MIC_LEN 8
+#define CCMP_TK_LEN 16
+#define CCMP_PN_LEN 6
+
+#define NUM_RX_DATA_QUEUES 17
+
+struct ieee80211_local;
+struct ieee80211_sub_if_data;
+struct sta_info;
+
+#define KEY_FLAG_UPLOADED_TO_HARDWARE  (1<<0)
+
+struct ieee80211_key {
+       struct ieee80211_local *local;
+       struct ieee80211_sub_if_data *sdata;
+       struct sta_info *sta;
+
+       struct list_head list;
+
+       unsigned int flags;
+
+       union {
+               struct {
+                       /* last used TSC */
+                       u32 iv32;
+                       u16 iv16;
+                       u16 p1k[5];
+                       int tx_initialized;
+
+                       /* last received RSC */
+                       u32 iv32_rx[NUM_RX_DATA_QUEUES];
+                       u16 iv16_rx[NUM_RX_DATA_QUEUES];
+                       u16 p1k_rx[NUM_RX_DATA_QUEUES][5];
+                       int rx_initialized[NUM_RX_DATA_QUEUES];
+               } tkip;
+               struct {
+                       u8 tx_pn[6];
+                       u8 rx_pn[NUM_RX_DATA_QUEUES][6];
+                       struct crypto_cipher *tfm;
+                       u32 replays; /* dot11RSNAStatsCCMPReplays */
+                       /* scratch buffers for virt_to_page() (crypto API) */
+#ifndef AES_BLOCK_LEN
+#define AES_BLOCK_LEN 16
+#endif
+                       u8 tx_crypto_buf[6 * AES_BLOCK_LEN];
+                       u8 rx_crypto_buf[6 * AES_BLOCK_LEN];
+               } ccmp;
+       } u;
+
+       /* number of times this key has been used */
+       int tx_rx_count;
+
+#ifdef CONFIG_MAC80211_DEBUGFS
+       struct {
+               struct dentry *stalink;
+               struct dentry *dir;
+               struct dentry *keylen;
+               struct dentry *flags;
+               struct dentry *keyidx;
+               struct dentry *hw_key_idx;
+               struct dentry *tx_rx_count;
+               struct dentry *algorithm;
+               struct dentry *tx_spec;
+               struct dentry *rx_spec;
+               struct dentry *replays;
+               struct dentry *key;
+               struct dentry *ifindex;
+       } debugfs;
+#endif
+
+       /*
+        * key config, must be last because it contains key
+        * material as variable length member
+        */
+       struct ieee80211_key_conf conf;
+};
+
+struct ieee80211_key *ieee80211_key_alloc(struct ieee80211_sub_if_data *sdata,
+                                         struct sta_info *sta,
+                                         enum ieee80211_key_alg alg,
+                                         int idx,
+                                         size_t key_len,
+                                         const u8 *key_data);
+void ieee80211_key_free(struct ieee80211_key *key);
+void ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, int idx);
+void ieee80211_free_keys(struct ieee80211_sub_if_data *sdata);
+void ieee80211_enable_keys(struct ieee80211_sub_if_data *sdata);
+void ieee80211_disable_keys(struct ieee80211_sub_if_data *sdata);
+
+#endif /* IEEE80211_KEY_H */
 
--- /dev/null
+/*
+ * Copyright 2006, Johannes Berg <johannes@sipsolutions.net>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+/* just for IFNAMSIZ */
+#include <linux/if.h>
+#include "ieee80211_led.h"
+
+void ieee80211_led_rx(struct ieee80211_local *local)
+{
+       if (unlikely(!local->rx_led))
+               return;
+       if (local->rx_led_counter++ % 2 == 0)
+               led_trigger_event(local->rx_led, LED_OFF);
+       else
+               led_trigger_event(local->rx_led, LED_FULL);
+}
+
+/* q is 1 if a packet was enqueued, 0 if it has been transmitted */
+void ieee80211_led_tx(struct ieee80211_local *local, int q)
+{
+       if (unlikely(!local->tx_led))
+               return;
+       /* not sure how this is supposed to work ... */
+       local->tx_led_counter += 2*q-1;
+       if (local->tx_led_counter % 2 == 0)
+               led_trigger_event(local->tx_led, LED_OFF);
+       else
+               led_trigger_event(local->tx_led, LED_FULL);
+}
+
+void ieee80211_led_assoc(struct ieee80211_local *local, bool associated)
+{
+       if (unlikely(!local->assoc_led))
+               return;
+       if (associated)
+               led_trigger_event(local->assoc_led, LED_FULL);
+       else
+               led_trigger_event(local->assoc_led, LED_OFF);
+}
+
+void ieee80211_led_init(struct ieee80211_local *local)
+{
+       local->rx_led = kzalloc(sizeof(struct led_trigger), GFP_KERNEL);
+       if (local->rx_led) {
+               snprintf(local->rx_led_name, sizeof(local->rx_led_name),
+                        "%srx", wiphy_name(local->hw.wiphy));
+               local->rx_led->name = local->rx_led_name;
+               if (led_trigger_register(local->rx_led)) {
+                       kfree(local->rx_led);
+                       local->rx_led = NULL;
+               }
+       }
+
+       local->tx_led = kzalloc(sizeof(struct led_trigger), GFP_KERNEL);
+       if (local->tx_led) {
+               snprintf(local->tx_led_name, sizeof(local->tx_led_name),
+                        "%stx", wiphy_name(local->hw.wiphy));
+               local->tx_led->name = local->tx_led_name;
+               if (led_trigger_register(local->tx_led)) {
+                       kfree(local->tx_led);
+                       local->tx_led = NULL;
+               }
+       }
+
+       local->assoc_led = kzalloc(sizeof(struct led_trigger), GFP_KERNEL);
+       if (local->assoc_led) {
+               snprintf(local->assoc_led_name, sizeof(local->assoc_led_name),
+                        "%sassoc", wiphy_name(local->hw.wiphy));
+               local->assoc_led->name = local->assoc_led_name;
+               if (led_trigger_register(local->assoc_led)) {
+                       kfree(local->assoc_led);
+                       local->assoc_led = NULL;
+               }
+       }
+}
+
+void ieee80211_led_exit(struct ieee80211_local *local)
+{
+       if (local->assoc_led) {
+               led_trigger_unregister(local->assoc_led);
+               kfree(local->assoc_led);
+       }
+       if (local->tx_led) {
+               led_trigger_unregister(local->tx_led);
+               kfree(local->tx_led);
+       }
+       if (local->rx_led) {
+               led_trigger_unregister(local->rx_led);
+               kfree(local->rx_led);
+       }
+}
+
+char *__ieee80211_get_assoc_led_name(struct ieee80211_hw *hw)
+{
+       struct ieee80211_local *local = hw_to_local(hw);
+
+       if (local->assoc_led)
+               return local->assoc_led_name;
+       return NULL;
+}
+EXPORT_SYMBOL(__ieee80211_get_assoc_led_name);
+
+char *__ieee80211_get_tx_led_name(struct ieee80211_hw *hw)
+{
+       struct ieee80211_local *local = hw_to_local(hw);
+
+       if (local->tx_led)
+               return local->tx_led_name;
+       return NULL;
+}
+EXPORT_SYMBOL(__ieee80211_get_tx_led_name);
+
+char *__ieee80211_get_rx_led_name(struct ieee80211_hw *hw)
+{
+       struct ieee80211_local *local = hw_to_local(hw);
+
+       if (local->rx_led)
+               return local->rx_led_name;
+       return NULL;
+}
+EXPORT_SYMBOL(__ieee80211_get_rx_led_name);
 
--- /dev/null
+/*
+ * Copyright 2006, Johannes Berg <johannes@sipsolutions.net>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#include <linux/list.h>
+#include <linux/spinlock.h>
+#include <linux/leds.h>
+#include "ieee80211_i.h"
+
+#ifdef CONFIG_MAC80211_LEDS
+extern void ieee80211_led_rx(struct ieee80211_local *local);
+extern void ieee80211_led_tx(struct ieee80211_local *local, int q);
+extern void ieee80211_led_assoc(struct ieee80211_local *local,
+                               bool associated);
+extern void ieee80211_led_init(struct ieee80211_local *local);
+extern void ieee80211_led_exit(struct ieee80211_local *local);
+#else
+static inline void ieee80211_led_rx(struct ieee80211_local *local)
+{
+}
+static inline void ieee80211_led_tx(struct ieee80211_local *local, int q)
+{
+}
+static inline void ieee80211_led_assoc(struct ieee80211_local *local,
+                                      bool associated)
+{
+}
+static inline void ieee80211_led_init(struct ieee80211_local *local)
+{
+}
+static inline void ieee80211_led_exit(struct ieee80211_local *local)
+{
+}
+#endif
 
--- /dev/null
+/*
+ * Copyright 2002-2005, Instant802 Networks, Inc.
+ * Copyright 2005-2006, Devicescape Software, Inc.
+ * Copyright (c) 2006 Jiri Benc <jbenc@suse.cz>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#include <linux/kernel.h>
+#include <linux/rtnetlink.h>
+#include "ieee80211_rate.h"
+#include "ieee80211_i.h"
+
+struct rate_control_alg {
+       struct list_head list;
+       struct rate_control_ops *ops;
+};
+
+static LIST_HEAD(rate_ctrl_algs);
+static DEFINE_MUTEX(rate_ctrl_mutex);
+
+int ieee80211_rate_control_register(struct rate_control_ops *ops)
+{
+       struct rate_control_alg *alg;
+
+       alg = kzalloc(sizeof(*alg), GFP_KERNEL);
+       if (alg == NULL) {
+               return -ENOMEM;
+       }
+       alg->ops = ops;
+
+       mutex_lock(&rate_ctrl_mutex);
+       list_add_tail(&alg->list, &rate_ctrl_algs);
+       mutex_unlock(&rate_ctrl_mutex);
+
+       return 0;
+}
+EXPORT_SYMBOL(ieee80211_rate_control_register);
+
+void ieee80211_rate_control_unregister(struct rate_control_ops *ops)
+{
+       struct rate_control_alg *alg;
+
+       mutex_lock(&rate_ctrl_mutex);
+       list_for_each_entry(alg, &rate_ctrl_algs, list) {
+               if (alg->ops == ops) {
+                       list_del(&alg->list);
+                       break;
+               }
+       }
+       mutex_unlock(&rate_ctrl_mutex);
+       kfree(alg);
+}
+EXPORT_SYMBOL(ieee80211_rate_control_unregister);
+
+static struct rate_control_ops *
+ieee80211_try_rate_control_ops_get(const char *name)
+{
+       struct rate_control_alg *alg;
+       struct rate_control_ops *ops = NULL;
+
+       mutex_lock(&rate_ctrl_mutex);
+       list_for_each_entry(alg, &rate_ctrl_algs, list) {
+               if (!name || !strcmp(alg->ops->name, name))
+                       if (try_module_get(alg->ops->module)) {
+                               ops = alg->ops;
+                               break;
+                       }
+       }
+       mutex_unlock(&rate_ctrl_mutex);
+       return ops;
+}
+
+/* Get the rate control algorithm. If `name' is NULL, get the first
+ * available algorithm. */
+static struct rate_control_ops *
+ieee80211_rate_control_ops_get(const char *name)
+{
+       struct rate_control_ops *ops;
+
+       ops = ieee80211_try_rate_control_ops_get(name);
+       if (!ops) {
+               request_module("rc80211_%s", name ? name : "default");
+               ops = ieee80211_try_rate_control_ops_get(name);
+       }
+       return ops;
+}
+
+static void ieee80211_rate_control_ops_put(struct rate_control_ops *ops)
+{
+       module_put(ops->module);
+}
+
+struct rate_control_ref *rate_control_alloc(const char *name,
+                                           struct ieee80211_local *local)
+{
+       struct rate_control_ref *ref;
+
+       ref = kmalloc(sizeof(struct rate_control_ref), GFP_KERNEL);
+       if (!ref)
+               goto fail_ref;
+       kref_init(&ref->kref);
+       ref->ops = ieee80211_rate_control_ops_get(name);
+       if (!ref->ops)
+               goto fail_ops;
+       ref->priv = ref->ops->alloc(local);
+       if (!ref->priv)
+               goto fail_priv;
+       return ref;
+
+fail_priv:
+       ieee80211_rate_control_ops_put(ref->ops);
+fail_ops:
+       kfree(ref);
+fail_ref:
+       return NULL;
+}
+
+static void rate_control_release(struct kref *kref)
+{
+       struct rate_control_ref *ctrl_ref;
+
+       ctrl_ref = container_of(kref, struct rate_control_ref, kref);
+       ctrl_ref->ops->free(ctrl_ref->priv);
+       ieee80211_rate_control_ops_put(ctrl_ref->ops);
+       kfree(ctrl_ref);
+}
+
+struct rate_control_ref *rate_control_get(struct rate_control_ref *ref)
+{
+       kref_get(&ref->kref);
+       return ref;
+}
+
+void rate_control_put(struct rate_control_ref *ref)
+{
+       kref_put(&ref->kref, rate_control_release);
+}
+
+int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local,
+                                const char *name)
+{
+       struct rate_control_ref *ref, *old;
+
+       ASSERT_RTNL();
+       if (local->open_count || netif_running(local->mdev))
+               return -EBUSY;
+
+       ref = rate_control_alloc(name, local);
+       if (!ref) {
+               printk(KERN_WARNING "%s: Failed to select rate control "
+                      "algorithm\n", wiphy_name(local->hw.wiphy));
+               return -ENOENT;
+       }
+
+       old = local->rate_ctrl;
+       local->rate_ctrl = ref;
+       if (old) {
+               rate_control_put(old);
+               sta_info_flush(local, NULL);
+       }
+
+       printk(KERN_DEBUG "%s: Selected rate control "
+              "algorithm '%s'\n", wiphy_name(local->hw.wiphy),
+              ref->ops->name);
+
+
+       return 0;
+}
+
+void rate_control_deinitialize(struct ieee80211_local *local)
+{
+       struct rate_control_ref *ref;
+
+       ref = local->rate_ctrl;
+       local->rate_ctrl = NULL;
+       rate_control_put(ref);
+}
 
--- /dev/null
+/*
+ * Copyright 2002-2005, Instant802 Networks, Inc.
+ * Copyright 2005, Devicescape Software, Inc.
+ * Copyright (c) 2006 Jiri Benc <jbenc@suse.cz>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#ifndef IEEE80211_RATE_H
+#define IEEE80211_RATE_H
+
+#include <linux/netdevice.h>
+#include <linux/skbuff.h>
+#include <linux/types.h>
+#include <net/mac80211.h>
+#include "ieee80211_i.h"
+#include "sta_info.h"
+
+#define RATE_CONTROL_NUM_DOWN 20
+#define RATE_CONTROL_NUM_UP   15
+
+
+struct rate_control_extra {
+       /* values from rate_control_get_rate() to the caller: */
+       struct ieee80211_rate *probe; /* probe with this rate, or NULL for no
+                                      * probing */
+       struct ieee80211_rate *nonerp;
+
+       /* parameters from the caller to rate_control_get_rate(): */
+       struct ieee80211_hw_mode *mode;
+       u16 ethertype;
+};
+
+
+struct rate_control_ops {
+       struct module *module;
+       const char *name;
+       void (*tx_status)(void *priv, struct net_device *dev,
+                         struct sk_buff *skb,
+                         struct ieee80211_tx_status *status);
+       struct ieee80211_rate *(*get_rate)(void *priv, struct net_device *dev,
+                                          struct sk_buff *skb,
+                                          struct rate_control_extra *extra);
+       void (*rate_init)(void *priv, void *priv_sta,
+                         struct ieee80211_local *local, struct sta_info *sta);
+       void (*clear)(void *priv);
+
+       void *(*alloc)(struct ieee80211_local *local);
+       void (*free)(void *priv);
+       void *(*alloc_sta)(void *priv, gfp_t gfp);
+       void (*free_sta)(void *priv, void *priv_sta);
+
+       int (*add_attrs)(void *priv, struct kobject *kobj);
+       void (*remove_attrs)(void *priv, struct kobject *kobj);
+       void (*add_sta_debugfs)(void *priv, void *priv_sta,
+                               struct dentry *dir);
+       void (*remove_sta_debugfs)(void *priv, void *priv_sta);
+};
+
+struct rate_control_ref {
+       struct rate_control_ops *ops;
+       void *priv;
+       struct kref kref;
+};
+
+int ieee80211_rate_control_register(struct rate_control_ops *ops);
+void ieee80211_rate_control_unregister(struct rate_control_ops *ops);
+
+/* Get a reference to the rate control algorithm. If `name' is NULL, get the
+ * first available algorithm. */
+struct rate_control_ref *rate_control_alloc(const char *name,
+                                           struct ieee80211_local *local);
+struct rate_control_ref *rate_control_get(struct rate_control_ref *ref);
+void rate_control_put(struct rate_control_ref *ref);
+
+static inline void rate_control_tx_status(struct ieee80211_local *local,
+                                         struct net_device *dev,
+                                         struct sk_buff *skb,
+                                         struct ieee80211_tx_status *status)
+{
+       struct rate_control_ref *ref = local->rate_ctrl;
+       ref->ops->tx_status(ref->priv, dev, skb, status);
+}
+
+
+static inline struct ieee80211_rate *
+rate_control_get_rate(struct ieee80211_local *local, struct net_device *dev,
+                     struct sk_buff *skb, struct rate_control_extra *extra)
+{
+       struct rate_control_ref *ref = local->rate_ctrl;
+       return ref->ops->get_rate(ref->priv, dev, skb, extra);
+}
+
+
+static inline void rate_control_rate_init(struct sta_info *sta,
+                                         struct ieee80211_local *local)
+{
+       struct rate_control_ref *ref = sta->rate_ctrl;
+       ref->ops->rate_init(ref->priv, sta->rate_ctrl_priv, local, sta);
+}
+
+
+static inline void rate_control_clear(struct ieee80211_local *local)
+{
+       struct rate_control_ref *ref = local->rate_ctrl;
+       ref->ops->clear(ref->priv);
+}
+
+static inline void *rate_control_alloc_sta(struct rate_control_ref *ref,
+                                          gfp_t gfp)
+{
+       return ref->ops->alloc_sta(ref->priv, gfp);
+}
+
+static inline void rate_control_free_sta(struct rate_control_ref *ref,
+                                        void *priv)
+{
+       ref->ops->free_sta(ref->priv, priv);
+}
+
+static inline void rate_control_add_sta_debugfs(struct sta_info *sta)
+{
+#ifdef CONFIG_MAC80211_DEBUGFS
+       struct rate_control_ref *ref = sta->rate_ctrl;
+       if (sta->debugfs.dir && ref->ops->add_sta_debugfs)
+               ref->ops->add_sta_debugfs(ref->priv, sta->rate_ctrl_priv,
+                                         sta->debugfs.dir);
+#endif
+}
+
+static inline void rate_control_remove_sta_debugfs(struct sta_info *sta)
+{
+#ifdef CONFIG_MAC80211_DEBUGFS
+       struct rate_control_ref *ref = sta->rate_ctrl;
+       if (ref->ops->remove_sta_debugfs)
+               ref->ops->remove_sta_debugfs(ref->priv, sta->rate_ctrl_priv);
+#endif
+}
+
+
+/* functions for rate control related to a device */
+int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local,
+                                const char *name);
+void rate_control_deinitialize(struct ieee80211_local *local);
+
+#endif /* IEEE80211_RATE_H */
 
--- /dev/null
+/*
+ * BSS client mode implementation
+ * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi>
+ * Copyright 2004, Instant802 Networks, Inc.
+ * Copyright 2005, Devicescape Software, Inc.
+ * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
+ * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+/* TODO:
+ * BSS table: use <BSSID,SSID> as the key to support multi-SSID APs
+ * order BSS list by RSSI(?) ("quality of AP")
+ * scan result table filtering (by capability (privacy, IBSS/BSS, WPA/RSN IE,
+ *    SSID)
+ */
+#include <linux/delay.h>
+#include <linux/if_ether.h>
+#include <linux/skbuff.h>
+#include <linux/netdevice.h>
+#include <linux/if_arp.h>
+#include <linux/wireless.h>
+#include <linux/random.h>
+#include <linux/etherdevice.h>
+#include <net/iw_handler.h>
+#include <asm/types.h>
+
+#include <net/mac80211.h>
+#include "ieee80211_i.h"
+#include "ieee80211_rate.h"
+#include "ieee80211_led.h"
+
+#define IEEE80211_AUTH_TIMEOUT (HZ / 5)
+#define IEEE80211_AUTH_MAX_TRIES 3
+#define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
+#define IEEE80211_ASSOC_MAX_TRIES 3
+#define IEEE80211_MONITORING_INTERVAL (2 * HZ)
+#define IEEE80211_PROBE_INTERVAL (60 * HZ)
+#define IEEE80211_RETRY_AUTH_INTERVAL (1 * HZ)
+#define IEEE80211_SCAN_INTERVAL (2 * HZ)
+#define IEEE80211_SCAN_INTERVAL_SLOW (15 * HZ)
+#define IEEE80211_IBSS_JOIN_TIMEOUT (20 * HZ)
+
+#define IEEE80211_PROBE_DELAY (HZ / 33)
+#define IEEE80211_CHANNEL_TIME (HZ / 33)
+#define IEEE80211_PASSIVE_CHANNEL_TIME (HZ / 5)
+#define IEEE80211_SCAN_RESULT_EXPIRE (10 * HZ)
+#define IEEE80211_IBSS_MERGE_INTERVAL (30 * HZ)
+#define IEEE80211_IBSS_INACTIVITY_LIMIT (60 * HZ)
+
+#define IEEE80211_IBSS_MAX_STA_ENTRIES 128
+
+
+#define IEEE80211_FC(type, stype) cpu_to_le16(type | stype)
+
+#define ERP_INFO_USE_PROTECTION BIT(1)
+
+static void ieee80211_send_probe_req(struct net_device *dev, u8 *dst,
+                                    u8 *ssid, size_t ssid_len);
+static struct ieee80211_sta_bss *
+ieee80211_rx_bss_get(struct net_device *dev, u8 *bssid);
+static void ieee80211_rx_bss_put(struct net_device *dev,
+                                struct ieee80211_sta_bss *bss);
+static int ieee80211_sta_find_ibss(struct net_device *dev,
+                                  struct ieee80211_if_sta *ifsta);
+static int ieee80211_sta_wep_configured(struct net_device *dev);
+static int ieee80211_sta_start_scan(struct net_device *dev,
+                                   u8 *ssid, size_t ssid_len);
+static int ieee80211_sta_config_auth(struct net_device *dev,
+                                    struct ieee80211_if_sta *ifsta);
+
+
+/* Parsed Information Elements */
+struct ieee802_11_elems {
+       /* pointers to IEs */
+       u8 *ssid;
+       u8 *supp_rates;
+       u8 *fh_params;
+       u8 *ds_params;
+       u8 *cf_params;
+       u8 *tim;
+       u8 *ibss_params;
+       u8 *challenge;
+       u8 *wpa;
+       u8 *rsn;
+       u8 *erp_info;
+       u8 *ext_supp_rates;
+       u8 *wmm_info;
+       u8 *wmm_param;
+
+       /* length of them, respectively */
+       u8 ssid_len;
+       u8 supp_rates_len;
+       u8 fh_params_len;
+       u8 ds_params_len;
+       u8 cf_params_len;
+       u8 tim_len;
+       u8 ibss_params_len;
+       u8 challenge_len;
+       u8 wpa_len;
+       u8 rsn_len;
+       u8 erp_info_len;
+       u8 ext_supp_rates_len;
+       u8 wmm_info_len;
+       u8 wmm_param_len;
+};
+
+enum ParseRes { ParseOK = 0, ParseUnknown = 1, ParseFailed = -1 };
+
+static enum ParseRes ieee802_11_parse_elems(u8 *start, size_t len,
+                                           struct ieee802_11_elems *elems)
+{
+       size_t left = len;
+       u8 *pos = start;
+       int unknown = 0;
+
+       memset(elems, 0, sizeof(*elems));
+
+       while (left >= 2) {
+               u8 id, elen;
+
+               id = *pos++;
+               elen = *pos++;
+               left -= 2;
+
+               if (elen > left) {
+#if 0
+                       if (net_ratelimit())
+                               printk(KERN_DEBUG "IEEE 802.11 element parse "
+                                      "failed (id=%d elen=%d left=%d)\n",
+                                      id, elen, left);
+#endif
+                       return ParseFailed;
+               }
+
+               switch (id) {
+               case WLAN_EID_SSID:
+                       elems->ssid = pos;
+                       elems->ssid_len = elen;
+                       break;
+               case WLAN_EID_SUPP_RATES:
+                       elems->supp_rates = pos;
+                       elems->supp_rates_len = elen;
+                       break;
+               case WLAN_EID_FH_PARAMS:
+                       elems->fh_params = pos;
+                       elems->fh_params_len = elen;
+                       break;
+               case WLAN_EID_DS_PARAMS:
+                       elems->ds_params = pos;
+                       elems->ds_params_len = elen;
+                       break;
+               case WLAN_EID_CF_PARAMS:
+                       elems->cf_params = pos;
+                       elems->cf_params_len = elen;
+                       break;
+               case WLAN_EID_TIM:
+                       elems->tim = pos;
+                       elems->tim_len = elen;
+                       break;
+               case WLAN_EID_IBSS_PARAMS:
+                       elems->ibss_params = pos;
+                       elems->ibss_params_len = elen;
+                       break;
+               case WLAN_EID_CHALLENGE:
+                       elems->challenge = pos;
+                       elems->challenge_len = elen;
+                       break;
+               case WLAN_EID_WPA:
+                       if (elen >= 4 && pos[0] == 0x00 && pos[1] == 0x50 &&
+                           pos[2] == 0xf2) {
+                               /* Microsoft OUI (00:50:F2) */
+                               if (pos[3] == 1) {
+                                       /* OUI Type 1 - WPA IE */
+                                       elems->wpa = pos;
+                                       elems->wpa_len = elen;
+                               } else if (elen >= 5 && pos[3] == 2) {
+                                       if (pos[4] == 0) {
+                                               elems->wmm_info = pos;
+                                               elems->wmm_info_len = elen;
+                                       } else if (pos[4] == 1) {
+                                               elems->wmm_param = pos;
+                                               elems->wmm_param_len = elen;
+                                       }
+                               }
+                       }
+                       break;
+               case WLAN_EID_RSN:
+                       elems->rsn = pos;
+                       elems->rsn_len = elen;
+                       break;
+               case WLAN_EID_ERP_INFO:
+                       elems->erp_info = pos;
+                       elems->erp_info_len = elen;
+                       break;
+               case WLAN_EID_EXT_SUPP_RATES:
+                       elems->ext_supp_rates = pos;
+                       elems->ext_supp_rates_len = elen;
+                       break;
+               default:
+#if 0
+                       printk(KERN_DEBUG "IEEE 802.11 element parse ignored "
+                                     "unknown element (id=%d elen=%d)\n",
+                                     id, elen);
+#endif
+                       unknown++;
+                       break;
+               }
+
+               left -= elen;
+               pos += elen;
+       }
+
+       /* Do not trigger error if left == 1 as Apple Airport base stations
+        * send AssocResps that are one spurious byte too long. */
+
+       return unknown ? ParseUnknown : ParseOK;
+}
+
+
+
+
+static int ecw2cw(int ecw)
+{
+       int cw = 1;
+       while (ecw > 0) {
+               cw <<= 1;
+               ecw--;
+       }
+       return cw - 1;
+}
+
+static void ieee80211_sta_wmm_params(struct net_device *dev,
+                                    struct ieee80211_if_sta *ifsta,
+                                    u8 *wmm_param, size_t wmm_param_len)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_tx_queue_params params;
+       size_t left;
+       int count;
+       u8 *pos;
+
+       if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1)
+               return;
+       count = wmm_param[6] & 0x0f;
+       if (count == ifsta->wmm_last_param_set)
+               return;
+       ifsta->wmm_last_param_set = count;
+
+       pos = wmm_param + 8;
+       left = wmm_param_len - 8;
+
+       memset(¶ms, 0, sizeof(params));
+
+       if (!local->ops->conf_tx)
+               return;
+
+       local->wmm_acm = 0;
+       for (; left >= 4; left -= 4, pos += 4) {
+               int aci = (pos[0] >> 5) & 0x03;
+               int acm = (pos[0] >> 4) & 0x01;
+               int queue;
+
+               switch (aci) {
+               case 1:
+                       queue = IEEE80211_TX_QUEUE_DATA3;
+                       if (acm) {
+                               local->wmm_acm |= BIT(0) | BIT(3);
+                       }
+                       break;
+               case 2:
+                       queue = IEEE80211_TX_QUEUE_DATA1;
+                       if (acm) {
+                               local->wmm_acm |= BIT(4) | BIT(5);
+                       }
+                       break;
+               case 3:
+                       queue = IEEE80211_TX_QUEUE_DATA0;
+                       if (acm) {
+                               local->wmm_acm |= BIT(6) | BIT(7);
+                       }
+                       break;
+               case 0:
+               default:
+                       queue = IEEE80211_TX_QUEUE_DATA2;
+                       if (acm) {
+                               local->wmm_acm |= BIT(1) | BIT(2);
+                       }
+                       break;
+               }
+
+               params.aifs = pos[0] & 0x0f;
+               params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4);
+               params.cw_min = ecw2cw(pos[1] & 0x0f);
+               /* TXOP is in units of 32 usec; burst_time in 0.1 ms */
+               params.burst_time = (pos[2] | (pos[3] << 8)) * 32 / 100;
+               printk(KERN_DEBUG "%s: WMM queue=%d aci=%d acm=%d aifs=%d "
+                      "cWmin=%d cWmax=%d burst=%d\n",
+                      dev->name, queue, aci, acm, params.aifs, params.cw_min,
+                      params.cw_max, params.burst_time);
+               /* TODO: handle ACM (block TX, fallback to next lowest allowed
+                * AC for now) */
+               if (local->ops->conf_tx(local_to_hw(local), queue, ¶ms)) {
+                       printk(KERN_DEBUG "%s: failed to set TX queue "
+                              "parameters for queue %d\n", dev->name, queue);
+               }
+       }
+}
+
+
+static void ieee80211_handle_erp_ie(struct net_device *dev, u8 erp_value)
+{
+       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       struct ieee80211_if_sta *ifsta = &sdata->u.sta;
+       int use_protection = (erp_value & WLAN_ERP_USE_PROTECTION) != 0;
+       int preamble_mode = (erp_value & WLAN_ERP_BARKER_PREAMBLE) != 0;
+       u8 changes = 0;
+
+       if (use_protection != !!(sdata->flags & IEEE80211_SDATA_USE_PROTECTION)) {
+               if (net_ratelimit()) {
+                       printk(KERN_DEBUG "%s: CTS protection %s (BSSID="
+                              MAC_FMT ")\n",
+                              dev->name,
+                              use_protection ? "enabled" : "disabled",
+                              MAC_ARG(ifsta->bssid));
+               }
+               if (use_protection)
+                       sdata->flags |= IEEE80211_SDATA_USE_PROTECTION;
+               else
+                       sdata->flags &= ~IEEE80211_SDATA_USE_PROTECTION;
+               changes |= IEEE80211_ERP_CHANGE_PROTECTION;
+       }
+
+       if (preamble_mode != !(sdata->flags & IEEE80211_SDATA_SHORT_PREAMBLE)) {
+               if (net_ratelimit()) {
+                       printk(KERN_DEBUG "%s: switched to %s barker preamble"
+                              " (BSSID=" MAC_FMT ")\n",
+                              dev->name,
+                              (preamble_mode == WLAN_ERP_PREAMBLE_SHORT) ?
+                                       "short" : "long",
+                              MAC_ARG(ifsta->bssid));
+               }
+               if (preamble_mode)
+                       sdata->flags &= ~IEEE80211_SDATA_SHORT_PREAMBLE;
+               else
+                       sdata->flags |= IEEE80211_SDATA_SHORT_PREAMBLE;
+               changes |= IEEE80211_ERP_CHANGE_PREAMBLE;
+       }
+
+       if (changes)
+               ieee80211_erp_info_change_notify(dev, changes);
+}
+
+
+static void ieee80211_sta_send_associnfo(struct net_device *dev,
+                                        struct ieee80211_if_sta *ifsta)
+{
+       char *buf;
+       size_t len;
+       int i;
+       union iwreq_data wrqu;
+
+       if (!ifsta->assocreq_ies && !ifsta->assocresp_ies)
+               return;
+
+       buf = kmalloc(50 + 2 * (ifsta->assocreq_ies_len +
+                               ifsta->assocresp_ies_len), GFP_KERNEL);
+       if (!buf)
+               return;
+
+       len = sprintf(buf, "ASSOCINFO(");
+       if (ifsta->assocreq_ies) {
+               len += sprintf(buf + len, "ReqIEs=");
+               for (i = 0; i < ifsta->assocreq_ies_len; i++) {
+                       len += sprintf(buf + len, "%02x",
+                                      ifsta->assocreq_ies[i]);
+               }
+       }
+       if (ifsta->assocresp_ies) {
+               if (ifsta->assocreq_ies)
+                       len += sprintf(buf + len, " ");
+               len += sprintf(buf + len, "RespIEs=");
+               for (i = 0; i < ifsta->assocresp_ies_len; i++) {
+                       len += sprintf(buf + len, "%02x",
+                                      ifsta->assocresp_ies[i]);
+               }
+       }
+       len += sprintf(buf + len, ")");
+
+       if (len > IW_CUSTOM_MAX) {
+               len = sprintf(buf, "ASSOCRESPIE=");
+               for (i = 0; i < ifsta->assocresp_ies_len; i++) {
+                       len += sprintf(buf + len, "%02x",
+                                      ifsta->assocresp_ies[i]);
+               }
+       }
+
+       memset(&wrqu, 0, sizeof(wrqu));
+       wrqu.data.length = len;
+       wireless_send_event(dev, IWEVCUSTOM, &wrqu, buf);
+
+       kfree(buf);
+}
+
+
+static void ieee80211_set_associated(struct net_device *dev,
+                                    struct ieee80211_if_sta *ifsta,
+                                    bool assoc)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       union iwreq_data wrqu;
+
+       if (!!(ifsta->flags & IEEE80211_STA_ASSOCIATED) == assoc)
+               return;
+
+       if (assoc) {
+               struct ieee80211_sub_if_data *sdata;
+               struct ieee80211_sta_bss *bss;
+
+               ifsta->flags |= IEEE80211_STA_ASSOCIATED;
+
+               sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+               if (sdata->type != IEEE80211_IF_TYPE_STA)
+                       return;
+
+               bss = ieee80211_rx_bss_get(dev, ifsta->bssid);
+               if (bss) {
+                       if (bss->has_erp_value)
+                               ieee80211_handle_erp_ie(dev, bss->erp_value);
+                       ieee80211_rx_bss_put(dev, bss);
+               }
+
+               netif_carrier_on(dev);
+               ifsta->flags |= IEEE80211_STA_PREV_BSSID_SET;
+               memcpy(ifsta->prev_bssid, sdata->u.sta.bssid, ETH_ALEN);
+               memcpy(wrqu.ap_addr.sa_data, sdata->u.sta.bssid, ETH_ALEN);
+               ieee80211_sta_send_associnfo(dev, ifsta);
+       } else {
+               ifsta->flags &= ~IEEE80211_STA_ASSOCIATED;
+
+               netif_carrier_off(dev);
+               ieee80211_reset_erp_info(dev);
+               memset(wrqu.ap_addr.sa_data, 0, ETH_ALEN);
+       }
+       wrqu.ap_addr.sa_family = ARPHRD_ETHER;
+       wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL);
+       ifsta->last_probe = jiffies;
+       ieee80211_led_assoc(local, assoc);
+}
+
+static void ieee80211_set_disassoc(struct net_device *dev,
+                                  struct ieee80211_if_sta *ifsta, int deauth)
+{
+       if (deauth)
+               ifsta->auth_tries = 0;
+       ifsta->assoc_tries = 0;
+       ieee80211_set_associated(dev, ifsta, 0);
+}
+
+static void ieee80211_sta_tx(struct net_device *dev, struct sk_buff *skb,
+                            int encrypt)
+{
+       struct ieee80211_sub_if_data *sdata;
+       struct ieee80211_tx_packet_data *pkt_data;
+
+       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       skb->dev = sdata->local->mdev;
+       skb_set_mac_header(skb, 0);
+       skb_set_network_header(skb, 0);
+       skb_set_transport_header(skb, 0);
+
+       pkt_data = (struct ieee80211_tx_packet_data *) skb->cb;
+       memset(pkt_data, 0, sizeof(struct ieee80211_tx_packet_data));
+       pkt_data->ifindex = sdata->dev->ifindex;
+       if (!encrypt)
+               pkt_data->flags |= IEEE80211_TXPD_DO_NOT_ENCRYPT;
+
+       dev_queue_xmit(skb);
+}
+
+
+static void ieee80211_send_auth(struct net_device *dev,
+                               struct ieee80211_if_sta *ifsta,
+                               int transaction, u8 *extra, size_t extra_len,
+                               int encrypt)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct sk_buff *skb;
+       struct ieee80211_mgmt *mgmt;
+
+       skb = dev_alloc_skb(local->hw.extra_tx_headroom +
+                           sizeof(*mgmt) + 6 + extra_len);
+       if (!skb) {
+               printk(KERN_DEBUG "%s: failed to allocate buffer for auth "
+                      "frame\n", dev->name);
+               return;
+       }
+       skb_reserve(skb, local->hw.extra_tx_headroom);
+
+       mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24 + 6);
+       memset(mgmt, 0, 24 + 6);
+       mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
+                                          IEEE80211_STYPE_AUTH);
+       if (encrypt)
+               mgmt->frame_control |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
+       memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
+       memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
+       memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
+       mgmt->u.auth.auth_alg = cpu_to_le16(ifsta->auth_alg);
+       mgmt->u.auth.auth_transaction = cpu_to_le16(transaction);
+       ifsta->auth_transaction = transaction + 1;
+       mgmt->u.auth.status_code = cpu_to_le16(0);
+       if (extra)
+               memcpy(skb_put(skb, extra_len), extra, extra_len);
+
+       ieee80211_sta_tx(dev, skb, encrypt);
+}
+
+
+static void ieee80211_authenticate(struct net_device *dev,
+                                  struct ieee80211_if_sta *ifsta)
+{
+       ifsta->auth_tries++;
+       if (ifsta->auth_tries > IEEE80211_AUTH_MAX_TRIES) {
+               printk(KERN_DEBUG "%s: authentication with AP " MAC_FMT
+                      " timed out\n",
+                      dev->name, MAC_ARG(ifsta->bssid));
+               ifsta->state = IEEE80211_DISABLED;
+               return;
+       }
+
+       ifsta->state = IEEE80211_AUTHENTICATE;
+       printk(KERN_DEBUG "%s: authenticate with AP " MAC_FMT "\n",
+              dev->name, MAC_ARG(ifsta->bssid));
+
+       ieee80211_send_auth(dev, ifsta, 1, NULL, 0, 0);
+
+       mod_timer(&ifsta->timer, jiffies + IEEE80211_AUTH_TIMEOUT);
+}
+
+
+static void ieee80211_send_assoc(struct net_device *dev,
+                                struct ieee80211_if_sta *ifsta)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_hw_mode *mode;
+       struct sk_buff *skb;
+       struct ieee80211_mgmt *mgmt;
+       u8 *pos, *ies;
+       int i, len;
+       u16 capab;
+       struct ieee80211_sta_bss *bss;
+       int wmm = 0;
+
+       skb = dev_alloc_skb(local->hw.extra_tx_headroom +
+                           sizeof(*mgmt) + 200 + ifsta->extra_ie_len +
+                           ifsta->ssid_len);
+       if (!skb) {
+               printk(KERN_DEBUG "%s: failed to allocate buffer for assoc "
+                      "frame\n", dev->name);
+               return;
+       }
+       skb_reserve(skb, local->hw.extra_tx_headroom);
+
+       mode = local->oper_hw_mode;
+       capab = ifsta->capab;
+       if (mode->mode == MODE_IEEE80211G) {
+               capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME |
+                       WLAN_CAPABILITY_SHORT_PREAMBLE;
+       }
+       bss = ieee80211_rx_bss_get(dev, ifsta->bssid);
+       if (bss) {
+               if (bss->capability & WLAN_CAPABILITY_PRIVACY)
+                       capab |= WLAN_CAPABILITY_PRIVACY;
+               if (bss->wmm_ie) {
+                       wmm = 1;
+               }
+               ieee80211_rx_bss_put(dev, bss);
+       }
+
+       mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
+       memset(mgmt, 0, 24);
+       memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
+       memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
+       memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
+
+       if (ifsta->flags & IEEE80211_STA_PREV_BSSID_SET) {
+               skb_put(skb, 10);
+               mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
+                                                  IEEE80211_STYPE_REASSOC_REQ);
+               mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab);
+               mgmt->u.reassoc_req.listen_interval = cpu_to_le16(1);
+               memcpy(mgmt->u.reassoc_req.current_ap, ifsta->prev_bssid,
+                      ETH_ALEN);
+       } else {
+               skb_put(skb, 4);
+               mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
+                                                  IEEE80211_STYPE_ASSOC_REQ);
+               mgmt->u.assoc_req.capab_info = cpu_to_le16(capab);
+               mgmt->u.assoc_req.listen_interval = cpu_to_le16(1);
+       }
+
+       /* SSID */
+       ies = pos = skb_put(skb, 2 + ifsta->ssid_len);
+       *pos++ = WLAN_EID_SSID;
+       *pos++ = ifsta->ssid_len;
+       memcpy(pos, ifsta->ssid, ifsta->ssid_len);
+
+       len = mode->num_rates;
+       if (len > 8)
+               len = 8;
+       pos = skb_put(skb, len + 2);
+       *pos++ = WLAN_EID_SUPP_RATES;
+       *pos++ = len;
+       for (i = 0; i < len; i++) {
+               int rate = mode->rates[i].rate;
+               *pos++ = (u8) (rate / 5);
+       }
+
+       if (mode->num_rates > len) {
+               pos = skb_put(skb, mode->num_rates - len + 2);
+               *pos++ = WLAN_EID_EXT_SUPP_RATES;
+               *pos++ = mode->num_rates - len;
+               for (i = len; i < mode->num_rates; i++) {
+                       int rate = mode->rates[i].rate;
+                       *pos++ = (u8) (rate / 5);
+               }
+       }
+
+       if (ifsta->extra_ie) {
+               pos = skb_put(skb, ifsta->extra_ie_len);
+               memcpy(pos, ifsta->extra_ie, ifsta->extra_ie_len);
+       }
+
+       if (wmm && (ifsta->flags & IEEE80211_STA_WMM_ENABLED)) {
+               pos = skb_put(skb, 9);
+               *pos++ = WLAN_EID_VENDOR_SPECIFIC;
+               *pos++ = 7; /* len */
+               *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */
+               *pos++ = 0x50;
+               *pos++ = 0xf2;
+               *pos++ = 2; /* WME */
+               *pos++ = 0; /* WME info */
+               *pos++ = 1; /* WME ver */
+               *pos++ = 0;
+       }
+
+       kfree(ifsta->assocreq_ies);
+       ifsta->assocreq_ies_len = (skb->data + skb->len) - ies;
+       ifsta->assocreq_ies = kmalloc(ifsta->assocreq_ies_len, GFP_KERNEL);
+       if (ifsta->assocreq_ies)
+               memcpy(ifsta->assocreq_ies, ies, ifsta->assocreq_ies_len);
+
+       ieee80211_sta_tx(dev, skb, 0);
+}
+
+
+static void ieee80211_send_deauth(struct net_device *dev,
+                                 struct ieee80211_if_sta *ifsta, u16 reason)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct sk_buff *skb;
+       struct ieee80211_mgmt *mgmt;
+
+       skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt));
+       if (!skb) {
+               printk(KERN_DEBUG "%s: failed to allocate buffer for deauth "
+                      "frame\n", dev->name);
+               return;
+       }
+       skb_reserve(skb, local->hw.extra_tx_headroom);
+
+       mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
+       memset(mgmt, 0, 24);
+       memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
+       memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
+       memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
+       mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
+                                          IEEE80211_STYPE_DEAUTH);
+       skb_put(skb, 2);
+       mgmt->u.deauth.reason_code = cpu_to_le16(reason);
+
+       ieee80211_sta_tx(dev, skb, 0);
+}
+
+
+static void ieee80211_send_disassoc(struct net_device *dev,
+                                   struct ieee80211_if_sta *ifsta, u16 reason)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct sk_buff *skb;
+       struct ieee80211_mgmt *mgmt;
+
+       skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt));
+       if (!skb) {
+               printk(KERN_DEBUG "%s: failed to allocate buffer for disassoc "
+                      "frame\n", dev->name);
+               return;
+       }
+       skb_reserve(skb, local->hw.extra_tx_headroom);
+
+       mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
+       memset(mgmt, 0, 24);
+       memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
+       memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
+       memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
+       mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
+                                          IEEE80211_STYPE_DISASSOC);
+       skb_put(skb, 2);
+       mgmt->u.disassoc.reason_code = cpu_to_le16(reason);
+
+       ieee80211_sta_tx(dev, skb, 0);
+}
+
+
+static int ieee80211_privacy_mismatch(struct net_device *dev,
+                                     struct ieee80211_if_sta *ifsta)
+{
+       struct ieee80211_sta_bss *bss;
+       int res = 0;
+
+       if (!ifsta || (ifsta->flags & IEEE80211_STA_MIXED_CELL) ||
+           ifsta->key_management_enabled)
+               return 0;
+
+       bss = ieee80211_rx_bss_get(dev, ifsta->bssid);
+       if (!bss)
+               return 0;
+
+       if (ieee80211_sta_wep_configured(dev) !=
+           !!(bss->capability & WLAN_CAPABILITY_PRIVACY))
+               res = 1;
+
+       ieee80211_rx_bss_put(dev, bss);
+
+       return res;
+}
+
+
+static void ieee80211_associate(struct net_device *dev,
+                               struct ieee80211_if_sta *ifsta)
+{
+       ifsta->assoc_tries++;
+       if (ifsta->assoc_tries > IEEE80211_ASSOC_MAX_TRIES) {
+               printk(KERN_DEBUG "%s: association with AP " MAC_FMT
+                      " timed out\n",
+                      dev->name, MAC_ARG(ifsta->bssid));
+               ifsta->state = IEEE80211_DISABLED;
+               return;
+       }
+
+       ifsta->state = IEEE80211_ASSOCIATE;
+       printk(KERN_DEBUG "%s: associate with AP " MAC_FMT "\n",
+              dev->name, MAC_ARG(ifsta->bssid));
+       if (ieee80211_privacy_mismatch(dev, ifsta)) {
+               printk(KERN_DEBUG "%s: mismatch in privacy configuration and "
+                      "mixed-cell disabled - abort association\n", dev->name);
+               ifsta->state = IEEE80211_DISABLED;
+               return;
+       }
+
+       ieee80211_send_assoc(dev, ifsta);
+
+       mod_timer(&ifsta->timer, jiffies + IEEE80211_ASSOC_TIMEOUT);
+}
+
+
+static void ieee80211_associated(struct net_device *dev,
+                                struct ieee80211_if_sta *ifsta)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct sta_info *sta;
+       int disassoc;
+
+       /* TODO: start monitoring current AP signal quality and number of
+        * missed beacons. Scan other channels every now and then and search
+        * for better APs. */
+       /* TODO: remove expired BSSes */
+
+       ifsta->state = IEEE80211_ASSOCIATED;
+
+       sta = sta_info_get(local, ifsta->bssid);
+       if (!sta) {
+               printk(KERN_DEBUG "%s: No STA entry for own AP " MAC_FMT "\n",
+                      dev->name, MAC_ARG(ifsta->bssid));
+               disassoc = 1;
+       } else {
+               disassoc = 0;
+               if (time_after(jiffies,
+                              sta->last_rx + IEEE80211_MONITORING_INTERVAL)) {
+                       if (ifsta->flags & IEEE80211_STA_PROBEREQ_POLL) {
+                               printk(KERN_DEBUG "%s: No ProbeResp from "
+                                      "current AP " MAC_FMT " - assume out of "
+                                      "range\n",
+                                      dev->name, MAC_ARG(ifsta->bssid));
+                               disassoc = 1;
+                               sta_info_free(sta);
+                       } else
+                               ieee80211_send_probe_req(dev, ifsta->bssid,
+                                                        local->scan_ssid,
+                                                        local->scan_ssid_len);
+                       ifsta->flags ^= IEEE80211_STA_PROBEREQ_POLL;
+               } else {
+                       ifsta->flags &= ~IEEE80211_STA_PROBEREQ_POLL;
+                       if (time_after(jiffies, ifsta->last_probe +
+                                      IEEE80211_PROBE_INTERVAL)) {
+                               ifsta->last_probe = jiffies;
+                               ieee80211_send_probe_req(dev, ifsta->bssid,
+                                                        ifsta->ssid,
+                                                        ifsta->ssid_len);
+                       }
+               }
+               sta_info_put(sta);
+       }
+       if (disassoc) {
+               union iwreq_data wrqu;
+               memset(wrqu.ap_addr.sa_data, 0, ETH_ALEN);
+               wrqu.ap_addr.sa_family = ARPHRD_ETHER;
+               wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL);
+               mod_timer(&ifsta->timer, jiffies +
+                                     IEEE80211_MONITORING_INTERVAL + 30 * HZ);
+       } else {
+               mod_timer(&ifsta->timer, jiffies +
+                                     IEEE80211_MONITORING_INTERVAL);
+       }
+}
+
+
+static void ieee80211_send_probe_req(struct net_device *dev, u8 *dst,
+                                    u8 *ssid, size_t ssid_len)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_hw_mode *mode;
+       struct sk_buff *skb;
+       struct ieee80211_mgmt *mgmt;
+       u8 *pos, *supp_rates, *esupp_rates = NULL;
+       int i;
+
+       skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt) + 200);
+       if (!skb) {
+               printk(KERN_DEBUG "%s: failed to allocate buffer for probe "
+                      "request\n", dev->name);
+               return;
+       }
+       skb_reserve(skb, local->hw.extra_tx_headroom);
+
+       mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
+       memset(mgmt, 0, 24);
+       mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
+                                          IEEE80211_STYPE_PROBE_REQ);
+       memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
+       if (dst) {
+               memcpy(mgmt->da, dst, ETH_ALEN);
+               memcpy(mgmt->bssid, dst, ETH_ALEN);
+       } else {
+               memset(mgmt->da, 0xff, ETH_ALEN);
+               memset(mgmt->bssid, 0xff, ETH_ALEN);
+       }
+       pos = skb_put(skb, 2 + ssid_len);
+       *pos++ = WLAN_EID_SSID;
+       *pos++ = ssid_len;
+       memcpy(pos, ssid, ssid_len);
+
+       supp_rates = skb_put(skb, 2);
+       supp_rates[0] = WLAN_EID_SUPP_RATES;
+       supp_rates[1] = 0;
+       mode = local->oper_hw_mode;
+       for (i = 0; i < mode->num_rates; i++) {
+               struct ieee80211_rate *rate = &mode->rates[i];
+               if (!(rate->flags & IEEE80211_RATE_SUPPORTED))
+                       continue;
+               if (esupp_rates) {
+                       pos = skb_put(skb, 1);
+                       esupp_rates[1]++;
+               } else if (supp_rates[1] == 8) {
+                       esupp_rates = skb_put(skb, 3);
+                       esupp_rates[0] = WLAN_EID_EXT_SUPP_RATES;
+                       esupp_rates[1] = 1;
+                       pos = &esupp_rates[2];
+               } else {
+                       pos = skb_put(skb, 1);
+                       supp_rates[1]++;
+               }
+               *pos = rate->rate / 5;
+       }
+
+       ieee80211_sta_tx(dev, skb, 0);
+}
+
+
+static int ieee80211_sta_wep_configured(struct net_device *dev)
+{
+       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       if (!sdata || !sdata->default_key ||
+           sdata->default_key->conf.alg != ALG_WEP)
+               return 0;
+       return 1;
+}
+
+
+static void ieee80211_auth_completed(struct net_device *dev,
+                                    struct ieee80211_if_sta *ifsta)
+{
+       printk(KERN_DEBUG "%s: authenticated\n", dev->name);
+       ifsta->flags |= IEEE80211_STA_AUTHENTICATED;
+       ieee80211_associate(dev, ifsta);
+}
+
+
+static void ieee80211_auth_challenge(struct net_device *dev,
+                                    struct ieee80211_if_sta *ifsta,
+                                    struct ieee80211_mgmt *mgmt,
+                                    size_t len)
+{
+       u8 *pos;
+       struct ieee802_11_elems elems;
+
+       printk(KERN_DEBUG "%s: replying to auth challenge\n", dev->name);
+       pos = mgmt->u.auth.variable;
+       if (ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems)
+           == ParseFailed) {
+               printk(KERN_DEBUG "%s: failed to parse Auth(challenge)\n",
+                      dev->name);
+               return;
+       }
+       if (!elems.challenge) {
+               printk(KERN_DEBUG "%s: no challenge IE in shared key auth "
+                      "frame\n", dev->name);
+               return;
+       }
+       ieee80211_send_auth(dev, ifsta, 3, elems.challenge - 2,
+                           elems.challenge_len + 2, 1);
+}
+
+
+static void ieee80211_rx_mgmt_auth(struct net_device *dev,
+                                  struct ieee80211_if_sta *ifsta,
+                                  struct ieee80211_mgmt *mgmt,
+                                  size_t len)
+{
+       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       u16 auth_alg, auth_transaction, status_code;
+
+       if (ifsta->state != IEEE80211_AUTHENTICATE &&
+           sdata->type != IEEE80211_IF_TYPE_IBSS) {
+               printk(KERN_DEBUG "%s: authentication frame received from "
+                      MAC_FMT ", but not in authenticate state - ignored\n",
+                      dev->name, MAC_ARG(mgmt->sa));
+               return;
+       }
+
+       if (len < 24 + 6) {
+               printk(KERN_DEBUG "%s: too short (%zd) authentication frame "
+                      "received from " MAC_FMT " - ignored\n",
+                      dev->name, len, MAC_ARG(mgmt->sa));
+               return;
+       }
+
+       if (sdata->type != IEEE80211_IF_TYPE_IBSS &&
+           memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) {
+               printk(KERN_DEBUG "%s: authentication frame received from "
+                      "unknown AP (SA=" MAC_FMT " BSSID=" MAC_FMT ") - "
+                      "ignored\n", dev->name, MAC_ARG(mgmt->sa),
+                      MAC_ARG(mgmt->bssid));
+               return;
+       }
+
+       if (sdata->type != IEEE80211_IF_TYPE_IBSS &&
+           memcmp(ifsta->bssid, mgmt->bssid, ETH_ALEN) != 0) {
+               printk(KERN_DEBUG "%s: authentication frame received from "
+                      "unknown BSSID (SA=" MAC_FMT " BSSID=" MAC_FMT ") - "
+                      "ignored\n", dev->name, MAC_ARG(mgmt->sa),
+                      MAC_ARG(mgmt->bssid));
+               return;
+       }
+
+       auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
+       auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
+       status_code = le16_to_cpu(mgmt->u.auth.status_code);
+
+       printk(KERN_DEBUG "%s: RX authentication from " MAC_FMT " (alg=%d "
+              "transaction=%d status=%d)\n",
+              dev->name, MAC_ARG(mgmt->sa), auth_alg,
+              auth_transaction, status_code);
+
+       if (sdata->type == IEEE80211_IF_TYPE_IBSS) {
+               /* IEEE 802.11 standard does not require authentication in IBSS
+                * networks and most implementations do not seem to use it.
+                * However, try to reply to authentication attempts if someone
+                * has actually implemented this.
+                * TODO: Could implement shared key authentication. */
+               if (auth_alg != WLAN_AUTH_OPEN || auth_transaction != 1) {
+                       printk(KERN_DEBUG "%s: unexpected IBSS authentication "
+                              "frame (alg=%d transaction=%d)\n",
+                              dev->name, auth_alg, auth_transaction);
+                       return;
+               }
+               ieee80211_send_auth(dev, ifsta, 2, NULL, 0, 0);
+       }
+
+       if (auth_alg != ifsta->auth_alg ||
+           auth_transaction != ifsta->auth_transaction) {
+               printk(KERN_DEBUG "%s: unexpected authentication frame "
+                      "(alg=%d transaction=%d)\n",
+                      dev->name, auth_alg, auth_transaction);
+               return;
+       }
+
+       if (status_code != WLAN_STATUS_SUCCESS) {
+               printk(KERN_DEBUG "%s: AP denied authentication (auth_alg=%d "
+                      "code=%d)\n", dev->name, ifsta->auth_alg, status_code);
+               if (status_code == WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG) {
+                       u8 algs[3];
+                       const int num_algs = ARRAY_SIZE(algs);
+                       int i, pos;
+                       algs[0] = algs[1] = algs[2] = 0xff;
+                       if (ifsta->auth_algs & IEEE80211_AUTH_ALG_OPEN)
+                               algs[0] = WLAN_AUTH_OPEN;
+                       if (ifsta->auth_algs & IEEE80211_AUTH_ALG_SHARED_KEY)
+                               algs[1] = WLAN_AUTH_SHARED_KEY;
+                       if (ifsta->auth_algs & IEEE80211_AUTH_ALG_LEAP)
+                               algs[2] = WLAN_AUTH_LEAP;
+                       if (ifsta->auth_alg == WLAN_AUTH_OPEN)
+                               pos = 0;
+                       else if (ifsta->auth_alg == WLAN_AUTH_SHARED_KEY)
+                               pos = 1;
+                       else
+                               pos = 2;
+                       for (i = 0; i < num_algs; i++) {
+                               pos++;
+                               if (pos >= num_algs)
+                                       pos = 0;
+                               if (algs[pos] == ifsta->auth_alg ||
+                                   algs[pos] == 0xff)
+                                       continue;
+                               if (algs[pos] == WLAN_AUTH_SHARED_KEY &&
+                                   !ieee80211_sta_wep_configured(dev))
+                                       continue;
+                               ifsta->auth_alg = algs[pos];
+                               printk(KERN_DEBUG "%s: set auth_alg=%d for "
+                                      "next try\n",
+                                      dev->name, ifsta->auth_alg);
+                               break;
+                       }
+               }
+               return;
+       }
+
+       switch (ifsta->auth_alg) {
+       case WLAN_AUTH_OPEN:
+       case WLAN_AUTH_LEAP:
+               ieee80211_auth_completed(dev, ifsta);
+               break;
+       case WLAN_AUTH_SHARED_KEY:
+               if (ifsta->auth_transaction == 4)
+                       ieee80211_auth_completed(dev, ifsta);
+               else
+                       ieee80211_auth_challenge(dev, ifsta, mgmt, len);
+               break;
+       }
+}
+
+
+static void ieee80211_rx_mgmt_deauth(struct net_device *dev,
+                                    struct ieee80211_if_sta *ifsta,
+                                    struct ieee80211_mgmt *mgmt,
+                                    size_t len)
+{
+       u16 reason_code;
+
+       if (len < 24 + 2) {
+               printk(KERN_DEBUG "%s: too short (%zd) deauthentication frame "
+                      "received from " MAC_FMT " - ignored\n",
+                      dev->name, len, MAC_ARG(mgmt->sa));
+               return;
+       }
+
+       if (memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) {
+               printk(KERN_DEBUG "%s: deauthentication frame received from "
+                      "unknown AP (SA=" MAC_FMT " BSSID=" MAC_FMT ") - "
+                      "ignored\n", dev->name, MAC_ARG(mgmt->sa),
+                      MAC_ARG(mgmt->bssid));
+               return;
+       }
+
+       reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
+
+       printk(KERN_DEBUG "%s: RX deauthentication from " MAC_FMT
+              " (reason=%d)\n",
+              dev->name, MAC_ARG(mgmt->sa), reason_code);
+
+       if (ifsta->flags & IEEE80211_STA_AUTHENTICATED) {
+               printk(KERN_DEBUG "%s: deauthenticated\n", dev->name);
+       }
+
+       if (ifsta->state == IEEE80211_AUTHENTICATE ||
+           ifsta->state == IEEE80211_ASSOCIATE ||
+           ifsta->state == IEEE80211_ASSOCIATED) {
+               ifsta->state = IEEE80211_AUTHENTICATE;
+               mod_timer(&ifsta->timer, jiffies +
+                                     IEEE80211_RETRY_AUTH_INTERVAL);
+       }
+
+       ieee80211_set_disassoc(dev, ifsta, 1);
+       ifsta->flags &= ~IEEE80211_STA_AUTHENTICATED;
+}
+
+
+static void ieee80211_rx_mgmt_disassoc(struct net_device *dev,
+                                      struct ieee80211_if_sta *ifsta,
+                                      struct ieee80211_mgmt *mgmt,
+                                      size_t len)
+{
+       u16 reason_code;
+
+       if (len < 24 + 2) {
+               printk(KERN_DEBUG "%s: too short (%zd) disassociation frame "
+                      "received from " MAC_FMT " - ignored\n",
+                      dev->name, len, MAC_ARG(mgmt->sa));
+               return;
+       }
+
+       if (memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) {
+               printk(KERN_DEBUG "%s: disassociation frame received from "
+                      "unknown AP (SA=" MAC_FMT " BSSID=" MAC_FMT ") - "
+                      "ignored\n", dev->name, MAC_ARG(mgmt->sa),
+                      MAC_ARG(mgmt->bssid));
+               return;
+       }
+
+       reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
+
+       printk(KERN_DEBUG "%s: RX disassociation from " MAC_FMT
+              " (reason=%d)\n",
+              dev->name, MAC_ARG(mgmt->sa), reason_code);
+
+       if (ifsta->flags & IEEE80211_STA_ASSOCIATED)
+               printk(KERN_DEBUG "%s: disassociated\n", dev->name);
+
+       if (ifsta->state == IEEE80211_ASSOCIATED) {
+               ifsta->state = IEEE80211_ASSOCIATE;
+               mod_timer(&ifsta->timer, jiffies +
+                                     IEEE80211_RETRY_AUTH_INTERVAL);
+       }
+
+       ieee80211_set_disassoc(dev, ifsta, 0);
+}
+
+
+static void ieee80211_rx_mgmt_assoc_resp(struct net_device *dev,
+                                        struct ieee80211_if_sta *ifsta,
+                                        struct ieee80211_mgmt *mgmt,
+                                        size_t len,
+                                        int reassoc)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_hw_mode *mode;
+       struct sta_info *sta;
+       u32 rates;
+       u16 capab_info, status_code, aid;
+       struct ieee802_11_elems elems;
+       u8 *pos;
+       int i, j;
+
+       /* AssocResp and ReassocResp have identical structure, so process both
+        * of them in this function. */
+
+       if (ifsta->state != IEEE80211_ASSOCIATE) {
+               printk(KERN_DEBUG "%s: association frame received from "
+                      MAC_FMT ", but not in associate state - ignored\n",
+                      dev->name, MAC_ARG(mgmt->sa));
+               return;
+       }
+
+       if (len < 24 + 6) {
+               printk(KERN_DEBUG "%s: too short (%zd) association frame "
+                      "received from " MAC_FMT " - ignored\n",
+                      dev->name, len, MAC_ARG(mgmt->sa));
+               return;
+       }
+
+       if (memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) {
+               printk(KERN_DEBUG "%s: association frame received from "
+                      "unknown AP (SA=" MAC_FMT " BSSID=" MAC_FMT ") - "
+                      "ignored\n", dev->name, MAC_ARG(mgmt->sa),
+                      MAC_ARG(mgmt->bssid));
+               return;
+       }
+
+       capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
+       status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
+       aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
+       if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14)))
+               printk(KERN_DEBUG "%s: invalid aid value %d; bits 15:14 not "
+                      "set\n", dev->name, aid);
+       aid &= ~(BIT(15) | BIT(14));
+
+       printk(KERN_DEBUG "%s: RX %sssocResp from " MAC_FMT " (capab=0x%x "
+              "status=%d aid=%d)\n",
+              dev->name, reassoc ? "Rea" : "A", MAC_ARG(mgmt->sa),
+              capab_info, status_code, aid);
+
+       if (status_code != WLAN_STATUS_SUCCESS) {
+               printk(KERN_DEBUG "%s: AP denied association (code=%d)\n",
+                      dev->name, status_code);
+               /* if this was a reassociation, ensure we try a "full"
+                * association next time. This works around some broken APs
+                * which do not correctly reject reassociation requests. */
+               ifsta->flags &= ~IEEE80211_STA_PREV_BSSID_SET;
+               return;
+       }
+
+       pos = mgmt->u.assoc_resp.variable;
+       if (ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems)
+           == ParseFailed) {
+               printk(KERN_DEBUG "%s: failed to parse AssocResp\n",
+                      dev->name);
+               return;
+       }
+
+       if (!elems.supp_rates) {
+               printk(KERN_DEBUG "%s: no SuppRates element in AssocResp\n",
+                      dev->name);
+               return;
+       }
+
+       /* it probably doesn't, but if the frame includes an ERP value then
+        * update our stored copy */
+       if (elems.erp_info && elems.erp_info_len >= 1) {
+               struct ieee80211_sta_bss *bss
+                       = ieee80211_rx_bss_get(dev, ifsta->bssid);
+               if (bss) {
+                       bss->erp_value = elems.erp_info[0];
+                       bss->has_erp_value = 1;
+                       ieee80211_rx_bss_put(dev, bss);
+               }
+       }
+
+       printk(KERN_DEBUG "%s: associated\n", dev->name);
+       ifsta->aid = aid;
+       ifsta->ap_capab = capab_info;
+
+       kfree(ifsta->assocresp_ies);
+       ifsta->assocresp_ies_len = len - (pos - (u8 *) mgmt);
+       ifsta->assocresp_ies = kmalloc(ifsta->assocresp_ies_len, GFP_KERNEL);
+       if (ifsta->assocresp_ies)
+               memcpy(ifsta->assocresp_ies, pos, ifsta->assocresp_ies_len);
+
+       ieee80211_set_associated(dev, ifsta, 1);
+
+       /* Add STA entry for the AP */
+       sta = sta_info_get(local, ifsta->bssid);
+       if (!sta) {
+               struct ieee80211_sta_bss *bss;
+               sta = sta_info_add(local, dev, ifsta->bssid, GFP_KERNEL);
+               if (!sta) {
+                       printk(KERN_DEBUG "%s: failed to add STA entry for the"
+                              " AP\n", dev->name);
+                       return;
+               }
+               bss = ieee80211_rx_bss_get(dev, ifsta->bssid);
+               if (bss) {
+                       sta->last_rssi = bss->rssi;
+                       sta->last_signal = bss->signal;
+                       sta->last_noise = bss->noise;
+                       ieee80211_rx_bss_put(dev, bss);
+               }
+       }
+
+       sta->dev = dev;
+       sta->flags |= WLAN_STA_AUTH | WLAN_STA_ASSOC | WLAN_STA_ASSOC_AP;
+
+       rates = 0;
+       mode = local->oper_hw_mode;
+       for (i = 0; i < elems.supp_rates_len; i++) {
+               int rate = (elems.supp_rates[i] & 0x7f) * 5;
+               for (j = 0; j < mode->num_rates; j++)
+                       if (mode->rates[j].rate == rate)
+                               rates |= BIT(j);
+       }
+       for (i = 0; i < elems.ext_supp_rates_len; i++) {
+               int rate = (elems.ext_supp_rates[i] & 0x7f) * 5;
+               for (j = 0; j < mode->num_rates; j++)
+                       if (mode->rates[j].rate == rate)
+                               rates |= BIT(j);
+       }
+       sta->supp_rates = rates;
+
+       rate_control_rate_init(sta, local);
+
+       if (elems.wmm_param && (ifsta->flags & IEEE80211_STA_WMM_ENABLED)) {
+               sta->flags |= WLAN_STA_WME;
+               ieee80211_sta_wmm_params(dev, ifsta, elems.wmm_param,
+                                        elems.wmm_param_len);
+       }
+
+
+       sta_info_put(sta);
+
+       ieee80211_associated(dev, ifsta);
+}
+
+
+/* Caller must hold local->sta_bss_lock */
+static void __ieee80211_rx_bss_hash_add(struct net_device *dev,
+                                       struct ieee80211_sta_bss *bss)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       bss->hnext = local->sta_bss_hash[STA_HASH(bss->bssid)];
+       local->sta_bss_hash[STA_HASH(bss->bssid)] = bss;
+}
+
+
+/* Caller must hold local->sta_bss_lock */
+static void __ieee80211_rx_bss_hash_del(struct net_device *dev,
+                                       struct ieee80211_sta_bss *bss)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_sta_bss *b, *prev = NULL;
+       b = local->sta_bss_hash[STA_HASH(bss->bssid)];
+       while (b) {
+               if (b == bss) {
+                       if (!prev)
+                               local->sta_bss_hash[STA_HASH(bss->bssid)] =
+                                       bss->hnext;
+                       else
+                               prev->hnext = bss->hnext;
+                       break;
+               }
+               prev = b;
+               b = b->hnext;
+       }
+}
+
+
+static struct ieee80211_sta_bss *
+ieee80211_rx_bss_add(struct net_device *dev, u8 *bssid)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_sta_bss *bss;
+
+       bss = kzalloc(sizeof(*bss), GFP_ATOMIC);
+       if (!bss)
+               return NULL;
+       atomic_inc(&bss->users);
+       atomic_inc(&bss->users);
+       memcpy(bss->bssid, bssid, ETH_ALEN);
+
+       spin_lock_bh(&local->sta_bss_lock);
+       /* TODO: order by RSSI? */
+       list_add_tail(&bss->list, &local->sta_bss_list);
+       __ieee80211_rx_bss_hash_add(dev, bss);
+       spin_unlock_bh(&local->sta_bss_lock);
+       return bss;
+}
+
+
+static struct ieee80211_sta_bss *
+ieee80211_rx_bss_get(struct net_device *dev, u8 *bssid)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_sta_bss *bss;
+
+       spin_lock_bh(&local->sta_bss_lock);
+       bss = local->sta_bss_hash[STA_HASH(bssid)];
+       while (bss) {
+               if (memcmp(bss->bssid, bssid, ETH_ALEN) == 0) {
+                       atomic_inc(&bss->users);
+                       break;
+               }
+               bss = bss->hnext;
+       }
+       spin_unlock_bh(&local->sta_bss_lock);
+       return bss;
+}
+
+
+static void ieee80211_rx_bss_free(struct ieee80211_sta_bss *bss)
+{
+       kfree(bss->wpa_ie);
+       kfree(bss->rsn_ie);
+       kfree(bss->wmm_ie);
+       kfree(bss);
+}
+
+
+static void ieee80211_rx_bss_put(struct net_device *dev,
+                                struct ieee80211_sta_bss *bss)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       if (!atomic_dec_and_test(&bss->users))
+               return;
+
+       spin_lock_bh(&local->sta_bss_lock);
+       __ieee80211_rx_bss_hash_del(dev, bss);
+       list_del(&bss->list);
+       spin_unlock_bh(&local->sta_bss_lock);
+       ieee80211_rx_bss_free(bss);
+}
+
+
+void ieee80211_rx_bss_list_init(struct net_device *dev)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       spin_lock_init(&local->sta_bss_lock);
+       INIT_LIST_HEAD(&local->sta_bss_list);
+}
+
+
+void ieee80211_rx_bss_list_deinit(struct net_device *dev)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_sta_bss *bss, *tmp;
+
+       list_for_each_entry_safe(bss, tmp, &local->sta_bss_list, list)
+               ieee80211_rx_bss_put(dev, bss);
+}
+
+
+static void ieee80211_rx_bss_info(struct net_device *dev,
+                                 struct ieee80211_mgmt *mgmt,
+                                 size_t len,
+                                 struct ieee80211_rx_status *rx_status,
+                                 int beacon)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee802_11_elems elems;
+       size_t baselen;
+       int channel, invalid = 0, clen;
+       struct ieee80211_sta_bss *bss;
+       struct sta_info *sta;
+       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       u64 timestamp;
+
+       if (!beacon && memcmp(mgmt->da, dev->dev_addr, ETH_ALEN))
+               return; /* ignore ProbeResp to foreign address */
+
+#if 0
+       printk(KERN_DEBUG "%s: RX %s from " MAC_FMT " to " MAC_FMT "\n",
+              dev->name, beacon ? "Beacon" : "Probe Response",
+              MAC_ARG(mgmt->sa), MAC_ARG(mgmt->da));
+#endif
+
+       baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
+       if (baselen > len)
+               return;
+
+       timestamp = le64_to_cpu(mgmt->u.beacon.timestamp);
+
+       if (sdata->type == IEEE80211_IF_TYPE_IBSS && beacon &&
+           memcmp(mgmt->bssid, sdata->u.sta.bssid, ETH_ALEN) == 0) {
+#ifdef CONFIG_MAC80211_IBSS_DEBUG
+               static unsigned long last_tsf_debug = 0;
+               u64 tsf;
+               if (local->ops->get_tsf)
+                       tsf = local->ops->get_tsf(local_to_hw(local));
+               else
+                       tsf = -1LLU;
+               if (time_after(jiffies, last_tsf_debug + 5 * HZ)) {
+                       printk(KERN_DEBUG "RX beacon SA=" MAC_FMT " BSSID="
+                              MAC_FMT " TSF=0x%llx BCN=0x%llx diff=%lld "
+                              "@%lu\n",
+                              MAC_ARG(mgmt->sa), MAC_ARG(mgmt->bssid),
+                              (unsigned long long)tsf,
+                              (unsigned long long)timestamp,
+                              (unsigned long long)(tsf - timestamp),
+                              jiffies);
+                       last_tsf_debug = jiffies;
+               }
+#endif /* CONFIG_MAC80211_IBSS_DEBUG */
+       }
+
+       if (ieee802_11_parse_elems(mgmt->u.beacon.variable, len - baselen,
+                                  &elems) == ParseFailed)
+               invalid = 1;
+
+       if (sdata->type == IEEE80211_IF_TYPE_IBSS && elems.supp_rates &&
+           memcmp(mgmt->bssid, sdata->u.sta.bssid, ETH_ALEN) == 0 &&
+           (sta = sta_info_get(local, mgmt->sa))) {
+               struct ieee80211_hw_mode *mode;
+               struct ieee80211_rate *rates;
+               size_t num_rates;
+               u32 supp_rates, prev_rates;
+               int i, j;
+
+               mode = local->sta_scanning ?
+                      local->scan_hw_mode : local->oper_hw_mode;
+               rates = mode->rates;
+               num_rates = mode->num_rates;
+
+               supp_rates = 0;
+               for (i = 0; i < elems.supp_rates_len +
+                            elems.ext_supp_rates_len; i++) {
+                       u8 rate = 0;
+                       int own_rate;
+                       if (i < elems.supp_rates_len)
+                               rate = elems.supp_rates[i];
+                       else if (elems.ext_supp_rates)
+                               rate = elems.ext_supp_rates
+                                       [i - elems.supp_rates_len];
+                       own_rate = 5 * (rate & 0x7f);
+                       for (j = 0; j < num_rates; j++)
+                               if (rates[j].rate == own_rate)
+                                       supp_rates |= BIT(j);
+               }
+
+               prev_rates = sta->supp_rates;
+               sta->supp_rates &= supp_rates;
+               if (sta->supp_rates == 0) {
+                       /* No matching rates - this should not really happen.
+                        * Make sure that at least one rate is marked
+                        * supported to avoid issues with TX rate ctrl. */
+                       sta->supp_rates = sdata->u.sta.supp_rates_bits;
+               }
+               if (sta->supp_rates != prev_rates) {
+                       printk(KERN_DEBUG "%s: updated supp_rates set for "
+                              MAC_FMT " based on beacon info (0x%x & 0x%x -> "
+                              "0x%x)\n",
+                              dev->name, MAC_ARG(sta->addr), prev_rates,
+                              supp_rates, sta->supp_rates);
+               }
+               sta_info_put(sta);
+       }
+
+       if (!elems.ssid)
+               return;
+
+       if (elems.ds_params && elems.ds_params_len == 1)
+               channel = elems.ds_params[0];
+       else
+               channel = rx_status->channel;
+
+       bss = ieee80211_rx_bss_get(dev, mgmt->bssid);
+       if (!bss) {
+               bss = ieee80211_rx_bss_add(dev, mgmt->bssid);
+               if (!bss)
+                       return;
+       } else {
+#if 0
+               /* TODO: order by RSSI? */
+               spin_lock_bh(&local->sta_bss_lock);
+               list_move_tail(&bss->list, &local->sta_bss_list);
+               spin_unlock_bh(&local->sta_bss_lock);
+#endif
+       }
+
+       if (bss->probe_resp && beacon) {
+               /* Do not allow beacon to override data from Probe Response. */
+               ieee80211_rx_bss_put(dev, bss);
+               return;
+       }
+
+       /* save the ERP value so that it is available at association time */
+       if (elems.erp_info && elems.erp_info_len >= 1) {
+               bss->erp_value = elems.erp_info[0];
+               bss->has_erp_value = 1;
+       }
+
+       bss->beacon_int = le16_to_cpu(mgmt->u.beacon.beacon_int);
+       bss->capability = le16_to_cpu(mgmt->u.beacon.capab_info);
+       if (elems.ssid && elems.ssid_len <= IEEE80211_MAX_SSID_LEN) {
+               memcpy(bss->ssid, elems.ssid, elems.ssid_len);
+               bss->ssid_len = elems.ssid_len;
+       }
+
+       bss->supp_rates_len = 0;
+       if (elems.supp_rates) {
+               clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len;
+               if (clen > elems.supp_rates_len)
+                       clen = elems.supp_rates_len;
+               memcpy(&bss->supp_rates[bss->supp_rates_len], elems.supp_rates,
+                      clen);
+               bss->supp_rates_len += clen;
+       }
+       if (elems.ext_supp_rates) {
+               clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len;
+               if (clen > elems.ext_supp_rates_len)
+                       clen = elems.ext_supp_rates_len;
+               memcpy(&bss->supp_rates[bss->supp_rates_len],
+                      elems.ext_supp_rates, clen);
+               bss->supp_rates_len += clen;
+       }
+
+       if (elems.wpa &&
+           (!bss->wpa_ie || bss->wpa_ie_len != elems.wpa_len ||
+            memcmp(bss->wpa_ie, elems.wpa, elems.wpa_len))) {
+               kfree(bss->wpa_ie);
+               bss->wpa_ie = kmalloc(elems.wpa_len + 2, GFP_ATOMIC);
+               if (bss->wpa_ie) {
+                       memcpy(bss->wpa_ie, elems.wpa - 2, elems.wpa_len + 2);
+                       bss->wpa_ie_len = elems.wpa_len + 2;
+               } else
+                       bss->wpa_ie_len = 0;
+       } else if (!elems.wpa && bss->wpa_ie) {
+               kfree(bss->wpa_ie);
+               bss->wpa_ie = NULL;
+               bss->wpa_ie_len = 0;
+       }
+
+       if (elems.rsn &&
+           (!bss->rsn_ie || bss->rsn_ie_len != elems.rsn_len ||
+            memcmp(bss->rsn_ie, elems.rsn, elems.rsn_len))) {
+               kfree(bss->rsn_ie);
+               bss->rsn_ie = kmalloc(elems.rsn_len + 2, GFP_ATOMIC);
+               if (bss->rsn_ie) {
+                       memcpy(bss->rsn_ie, elems.rsn - 2, elems.rsn_len + 2);
+                       bss->rsn_ie_len = elems.rsn_len + 2;
+               } else
+                       bss->rsn_ie_len = 0;
+       } else if (!elems.rsn && bss->rsn_ie) {
+               kfree(bss->rsn_ie);
+               bss->rsn_ie = NULL;
+               bss->rsn_ie_len = 0;
+       }
+
+       if (elems.wmm_param &&
+           (!bss->wmm_ie || bss->wmm_ie_len != elems.wmm_param_len ||
+            memcmp(bss->wmm_ie, elems.wmm_param, elems.wmm_param_len))) {
+               kfree(bss->wmm_ie);
+               bss->wmm_ie = kmalloc(elems.wmm_param_len + 2, GFP_ATOMIC);
+               if (bss->wmm_ie) {
+                       memcpy(bss->wmm_ie, elems.wmm_param - 2,
+                              elems.wmm_param_len + 2);
+                       bss->wmm_ie_len = elems.wmm_param_len + 2;
+               } else
+                       bss->wmm_ie_len = 0;
+       } else if (!elems.wmm_param && bss->wmm_ie) {
+               kfree(bss->wmm_ie);
+               bss->wmm_ie = NULL;
+               bss->wmm_ie_len = 0;
+       }
+
+
+       bss->hw_mode = rx_status->phymode;
+       bss->channel = channel;
+       bss->freq = rx_status->freq;
+       if (channel != rx_status->channel &&
+           (bss->hw_mode == MODE_IEEE80211G ||
+            bss->hw_mode == MODE_IEEE80211B) &&
+           channel >= 1 && channel <= 14) {
+               static const int freq_list[] = {
+                       2412, 2417, 2422, 2427, 2432, 2437, 2442,
+                       2447, 2452, 2457, 2462, 2467, 2472, 2484
+               };
+               /* IEEE 802.11g/b mode can receive packets from neighboring
+                * channels, so map the channel into frequency. */
+               bss->freq = freq_list[channel - 1];
+       }
+       bss->timestamp = timestamp;
+       bss->last_update = jiffies;
+       bss->rssi = rx_status->ssi;
+       bss->signal = rx_status->signal;
+       bss->noise = rx_status->noise;
+       if (!beacon)
+               bss->probe_resp++;
+       ieee80211_rx_bss_put(dev, bss);
+}
+
+
+static void ieee80211_rx_mgmt_probe_resp(struct net_device *dev,
+                                        struct ieee80211_mgmt *mgmt,
+                                        size_t len,
+                                        struct ieee80211_rx_status *rx_status)
+{
+       ieee80211_rx_bss_info(dev, mgmt, len, rx_status, 0);
+}
+
+
+static void ieee80211_rx_mgmt_beacon(struct net_device *dev,
+                                    struct ieee80211_mgmt *mgmt,
+                                    size_t len,
+                                    struct ieee80211_rx_status *rx_status)
+{
+       struct ieee80211_sub_if_data *sdata;
+       struct ieee80211_if_sta *ifsta;
+       size_t baselen;
+       struct ieee802_11_elems elems;
+
+       ieee80211_rx_bss_info(dev, mgmt, len, rx_status, 1);
+
+       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       if (sdata->type != IEEE80211_IF_TYPE_STA)
+               return;
+       ifsta = &sdata->u.sta;
+
+       if (!(ifsta->flags & IEEE80211_STA_ASSOCIATED) ||
+           memcmp(ifsta->bssid, mgmt->bssid, ETH_ALEN) != 0)
+               return;
+
+       /* Process beacon from the current BSS */
+       baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
+       if (baselen > len)
+               return;
+
+       if (ieee802_11_parse_elems(mgmt->u.beacon.variable, len - baselen,
+                                  &elems) == ParseFailed)
+               return;
+
+       if (elems.erp_info && elems.erp_info_len >= 1)
+               ieee80211_handle_erp_ie(dev, elems.erp_info[0]);
+
+       if (elems.wmm_param && (ifsta->flags & IEEE80211_STA_WMM_ENABLED)) {
+               ieee80211_sta_wmm_params(dev, ifsta, elems.wmm_param,
+                                        elems.wmm_param_len);
+       }
+}
+
+
+static void ieee80211_rx_mgmt_probe_req(struct net_device *dev,
+                                       struct ieee80211_if_sta *ifsta,
+                                       struct ieee80211_mgmt *mgmt,
+                                       size_t len,
+                                       struct ieee80211_rx_status *rx_status)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       int tx_last_beacon;
+       struct sk_buff *skb;
+       struct ieee80211_mgmt *resp;
+       u8 *pos, *end;
+
+       if (sdata->type != IEEE80211_IF_TYPE_IBSS ||
+           ifsta->state != IEEE80211_IBSS_JOINED ||
+           len < 24 + 2 || !ifsta->probe_resp)
+               return;
+
+       if (local->ops->tx_last_beacon)
+               tx_last_beacon = local->ops->tx_last_beacon(local_to_hw(local));
+       else
+               tx_last_beacon = 1;
+
+#ifdef CONFIG_MAC80211_IBSS_DEBUG
+       printk(KERN_DEBUG "%s: RX ProbeReq SA=" MAC_FMT " DA=" MAC_FMT " BSSID="
+              MAC_FMT " (tx_last_beacon=%d)\n",
+              dev->name, MAC_ARG(mgmt->sa), MAC_ARG(mgmt->da),
+              MAC_ARG(mgmt->bssid), tx_last_beacon);
+#endif /* CONFIG_MAC80211_IBSS_DEBUG */
+
+       if (!tx_last_beacon)
+               return;
+
+       if (memcmp(mgmt->bssid, ifsta->bssid, ETH_ALEN) != 0 &&
+           memcmp(mgmt->bssid, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) != 0)
+               return;
+
+       end = ((u8 *) mgmt) + len;
+       pos = mgmt->u.probe_req.variable;
+       if (pos[0] != WLAN_EID_SSID ||
+           pos + 2 + pos[1] > end) {
+               if (net_ratelimit()) {
+                       printk(KERN_DEBUG "%s: Invalid SSID IE in ProbeReq "
+                              "from " MAC_FMT "\n",
+                              dev->name, MAC_ARG(mgmt->sa));
+               }
+               return;
+       }
+       if (pos[1] != 0 &&
+           (pos[1] != ifsta->ssid_len ||
+            memcmp(pos + 2, ifsta->ssid, ifsta->ssid_len) != 0)) {
+               /* Ignore ProbeReq for foreign SSID */
+               return;
+       }
+
+       /* Reply with ProbeResp */
+       skb = skb_copy(ifsta->probe_resp, GFP_KERNEL);
+       if (!skb)
+               return;
+
+       resp = (struct ieee80211_mgmt *) skb->data;
+       memcpy(resp->da, mgmt->sa, ETH_ALEN);
+#ifdef CONFIG_MAC80211_IBSS_DEBUG
+       printk(KERN_DEBUG "%s: Sending ProbeResp to " MAC_FMT "\n",
+              dev->name, MAC_ARG(resp->da));
+#endif /* CONFIG_MAC80211_IBSS_DEBUG */
+       ieee80211_sta_tx(dev, skb, 0);
+}
+
+
+void ieee80211_sta_rx_mgmt(struct net_device *dev, struct sk_buff *skb,
+                          struct ieee80211_rx_status *rx_status)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_sub_if_data *sdata;
+       struct ieee80211_if_sta *ifsta;
+       struct ieee80211_mgmt *mgmt;
+       u16 fc;
+
+       if (skb->len < 24)
+               goto fail;
+
+       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       ifsta = &sdata->u.sta;
+
+       mgmt = (struct ieee80211_mgmt *) skb->data;
+       fc = le16_to_cpu(mgmt->frame_control);
+
+       switch (fc & IEEE80211_FCTL_STYPE) {
+       case IEEE80211_STYPE_PROBE_REQ:
+       case IEEE80211_STYPE_PROBE_RESP:
+       case IEEE80211_STYPE_BEACON:
+               memcpy(skb->cb, rx_status, sizeof(*rx_status));
+       case IEEE80211_STYPE_AUTH:
+       case IEEE80211_STYPE_ASSOC_RESP:
+       case IEEE80211_STYPE_REASSOC_RESP:
+       case IEEE80211_STYPE_DEAUTH:
+       case IEEE80211_STYPE_DISASSOC:
+               skb_queue_tail(&ifsta->skb_queue, skb);
+               queue_work(local->hw.workqueue, &ifsta->work);
+               return;
+       default:
+               printk(KERN_DEBUG "%s: received unknown management frame - "
+                      "stype=%d\n", dev->name,
+                      (fc & IEEE80211_FCTL_STYPE) >> 4);
+               break;
+       }
+
+ fail:
+       kfree_skb(skb);
+}
+
+
+static void ieee80211_sta_rx_queued_mgmt(struct net_device *dev,
+                                        struct sk_buff *skb)
+{
+       struct ieee80211_rx_status *rx_status;
+       struct ieee80211_sub_if_data *sdata;
+       struct ieee80211_if_sta *ifsta;
+       struct ieee80211_mgmt *mgmt;
+       u16 fc;
+
+       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       ifsta = &sdata->u.sta;
+
+       rx_status = (struct ieee80211_rx_status *) skb->cb;
+       mgmt = (struct ieee80211_mgmt *) skb->data;
+       fc = le16_to_cpu(mgmt->frame_control);
+
+       switch (fc & IEEE80211_FCTL_STYPE) {
+       case IEEE80211_STYPE_PROBE_REQ:
+               ieee80211_rx_mgmt_probe_req(dev, ifsta, mgmt, skb->len,
+                                           rx_status);
+               break;
+       case IEEE80211_STYPE_PROBE_RESP:
+               ieee80211_rx_mgmt_probe_resp(dev, mgmt, skb->len, rx_status);
+               break;
+       case IEEE80211_STYPE_BEACON:
+               ieee80211_rx_mgmt_beacon(dev, mgmt, skb->len, rx_status);
+               break;
+       case IEEE80211_STYPE_AUTH:
+               ieee80211_rx_mgmt_auth(dev, ifsta, mgmt, skb->len);
+               break;
+       case IEEE80211_STYPE_ASSOC_RESP:
+               ieee80211_rx_mgmt_assoc_resp(dev, ifsta, mgmt, skb->len, 0);
+               break;
+       case IEEE80211_STYPE_REASSOC_RESP:
+               ieee80211_rx_mgmt_assoc_resp(dev, ifsta, mgmt, skb->len, 1);
+               break;
+       case IEEE80211_STYPE_DEAUTH:
+               ieee80211_rx_mgmt_deauth(dev, ifsta, mgmt, skb->len);
+               break;
+       case IEEE80211_STYPE_DISASSOC:
+               ieee80211_rx_mgmt_disassoc(dev, ifsta, mgmt, skb->len);
+               break;
+       }
+
+       kfree_skb(skb);
+}
+
+
+void ieee80211_sta_rx_scan(struct net_device *dev, struct sk_buff *skb,
+                          struct ieee80211_rx_status *rx_status)
+{
+       struct ieee80211_mgmt *mgmt;
+       u16 fc;
+
+       if (skb->len < 24) {
+               dev_kfree_skb(skb);
+               return;
+       }
+
+       mgmt = (struct ieee80211_mgmt *) skb->data;
+       fc = le16_to_cpu(mgmt->frame_control);
+
+       if ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_MGMT) {
+               if ((fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_PROBE_RESP) {
+                       ieee80211_rx_mgmt_probe_resp(dev, mgmt,
+                                                    skb->len, rx_status);
+               } else if ((fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_BEACON) {
+                       ieee80211_rx_mgmt_beacon(dev, mgmt, skb->len,
+                                                rx_status);
+               }
+       }
+
+       dev_kfree_skb(skb);
+}
+
+
+static int ieee80211_sta_active_ibss(struct net_device *dev)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       int active = 0;
+       struct sta_info *sta;
+
+       read_lock_bh(&local->sta_lock);
+       list_for_each_entry(sta, &local->sta_list, list) {
+               if (sta->dev == dev &&
+                   time_after(sta->last_rx + IEEE80211_IBSS_MERGE_INTERVAL,
+                              jiffies)) {
+                       active++;
+                       break;
+               }
+       }
+       read_unlock_bh(&local->sta_lock);
+
+       return active;
+}
+
+
+static void ieee80211_sta_expire(struct net_device *dev)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct sta_info *sta, *tmp;
+       LIST_HEAD(tmp_list);
+
+       write_lock_bh(&local->sta_lock);
+       list_for_each_entry_safe(sta, tmp, &local->sta_list, list)
+               if (time_after(jiffies, sta->last_rx +
+                              IEEE80211_IBSS_INACTIVITY_LIMIT)) {
+                       printk(KERN_DEBUG "%s: expiring inactive STA " MAC_FMT
+                              "\n", dev->name, MAC_ARG(sta->addr));
+                       __sta_info_get(sta);
+                       sta_info_remove(sta);
+                       list_add(&sta->list, &tmp_list);
+               }
+       write_unlock_bh(&local->sta_lock);
+
+       list_for_each_entry_safe(sta, tmp, &tmp_list, list) {
+               sta_info_free(sta);
+               sta_info_put(sta);
+       }
+}
+
+
+static void ieee80211_sta_merge_ibss(struct net_device *dev,
+                                    struct ieee80211_if_sta *ifsta)
+{
+       mod_timer(&ifsta->timer, jiffies + IEEE80211_IBSS_MERGE_INTERVAL);
+
+       ieee80211_sta_expire(dev);
+       if (ieee80211_sta_active_ibss(dev))
+               return;
+
+       printk(KERN_DEBUG "%s: No active IBSS STAs - trying to scan for other "
+              "IBSS networks with same SSID (merge)\n", dev->name);
+       ieee80211_sta_req_scan(dev, ifsta->ssid, ifsta->ssid_len);
+}
+
+
+void ieee80211_sta_timer(unsigned long data)
+{
+       struct ieee80211_sub_if_data *sdata =
+               (struct ieee80211_sub_if_data *) data;
+       struct ieee80211_if_sta *ifsta = &sdata->u.sta;
+       struct ieee80211_local *local = wdev_priv(&sdata->wdev);
+
+       set_bit(IEEE80211_STA_REQ_RUN, &ifsta->request);
+       queue_work(local->hw.workqueue, &ifsta->work);
+}
+
+
+void ieee80211_sta_work(struct work_struct *work)
+{
+       struct ieee80211_sub_if_data *sdata =
+               container_of(work, struct ieee80211_sub_if_data, u.sta.work);
+       struct net_device *dev = sdata->dev;
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_if_sta *ifsta;
+       struct sk_buff *skb;
+
+       if (!netif_running(dev))
+               return;
+
+       if (local->sta_scanning)
+               return;
+
+       if (sdata->type != IEEE80211_IF_TYPE_STA &&
+           sdata->type != IEEE80211_IF_TYPE_IBSS) {
+               printk(KERN_DEBUG "%s: ieee80211_sta_work: non-STA interface "
+                      "(type=%d)\n", dev->name, sdata->type);
+               return;
+       }
+       ifsta = &sdata->u.sta;
+
+       while ((skb = skb_dequeue(&ifsta->skb_queue)))
+               ieee80211_sta_rx_queued_mgmt(dev, skb);
+
+       if (ifsta->state != IEEE80211_AUTHENTICATE &&
+           ifsta->state != IEEE80211_ASSOCIATE &&
+           test_and_clear_bit(IEEE80211_STA_REQ_SCAN, &ifsta->request)) {
+               ieee80211_sta_start_scan(dev, NULL, 0);
+               return;
+       }
+
+       if (test_and_clear_bit(IEEE80211_STA_REQ_AUTH, &ifsta->request)) {
+               if (ieee80211_sta_config_auth(dev, ifsta))
+                       return;
+               clear_bit(IEEE80211_STA_REQ_RUN, &ifsta->request);
+       } else if (!test_and_clear_bit(IEEE80211_STA_REQ_RUN, &ifsta->request))
+               return;
+
+       switch (ifsta->state) {
+       case IEEE80211_DISABLED:
+               break;
+       case IEEE80211_AUTHENTICATE:
+               ieee80211_authenticate(dev, ifsta);
+               break;
+       case IEEE80211_ASSOCIATE:
+               ieee80211_associate(dev, ifsta);
+               break;
+       case IEEE80211_ASSOCIATED:
+               ieee80211_associated(dev, ifsta);
+               break;
+       case IEEE80211_IBSS_SEARCH:
+               ieee80211_sta_find_ibss(dev, ifsta);
+               break;
+       case IEEE80211_IBSS_JOINED:
+               ieee80211_sta_merge_ibss(dev, ifsta);
+               break;
+       default:
+               printk(KERN_DEBUG "ieee80211_sta_work: Unknown state %d\n",
+                      ifsta->state);
+               break;
+       }
+
+       if (ieee80211_privacy_mismatch(dev, ifsta)) {
+               printk(KERN_DEBUG "%s: privacy configuration mismatch and "
+                      "mixed-cell disabled - disassociate\n", dev->name);
+
+               ieee80211_send_disassoc(dev, ifsta, WLAN_REASON_UNSPECIFIED);
+               ieee80211_set_disassoc(dev, ifsta, 0);
+       }
+}
+
+
+static void ieee80211_sta_reset_auth(struct net_device *dev,
+                                    struct ieee80211_if_sta *ifsta)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+
+       if (local->ops->reset_tsf) {
+               /* Reset own TSF to allow time synchronization work. */
+               local->ops->reset_tsf(local_to_hw(local));
+       }
+
+       ifsta->wmm_last_param_set = -1; /* allow any WMM update */
+
+
+       if (ifsta->auth_algs & IEEE80211_AUTH_ALG_OPEN)
+               ifsta->auth_alg = WLAN_AUTH_OPEN;
+       else if (ifsta->auth_algs & IEEE80211_AUTH_ALG_SHARED_KEY)
+               ifsta->auth_alg = WLAN_AUTH_SHARED_KEY;
+       else if (ifsta->auth_algs & IEEE80211_AUTH_ALG_LEAP)
+               ifsta->auth_alg = WLAN_AUTH_LEAP;
+       else
+               ifsta->auth_alg = WLAN_AUTH_OPEN;
+       printk(KERN_DEBUG "%s: Initial auth_alg=%d\n", dev->name,
+              ifsta->auth_alg);
+       ifsta->auth_transaction = -1;
+       ifsta->flags &= ~IEEE80211_STA_ASSOCIATED;
+       ifsta->auth_tries = ifsta->assoc_tries = 0;
+       netif_carrier_off(dev);
+}
+
+
+void ieee80211_sta_req_auth(struct net_device *dev,
+                           struct ieee80211_if_sta *ifsta)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+
+       if (sdata->type != IEEE80211_IF_TYPE_STA)
+               return;
+
+       if ((ifsta->flags & (IEEE80211_STA_BSSID_SET |
+                               IEEE80211_STA_AUTO_BSSID_SEL)) &&
+           (ifsta->flags & (IEEE80211_STA_SSID_SET |
+                               IEEE80211_STA_AUTO_SSID_SEL))) {
+               set_bit(IEEE80211_STA_REQ_AUTH, &ifsta->request);
+               queue_work(local->hw.workqueue, &ifsta->work);
+       }
+}
+
+static int ieee80211_sta_match_ssid(struct ieee80211_if_sta *ifsta,
+                                   const char *ssid, int ssid_len)
+{
+       int tmp, hidden_ssid;
+
+       if (!memcmp(ifsta->ssid, ssid, ssid_len))
+               return 1;
+
+       if (ifsta->flags & IEEE80211_STA_AUTO_BSSID_SEL)
+               return 0;
+
+       hidden_ssid = 1;
+       tmp = ssid_len;
+       while (tmp--) {
+               if (ssid[tmp] != '\0') {
+                       hidden_ssid = 0;
+                       break;
+               }
+       }
+
+       if (hidden_ssid && ifsta->ssid_len == ssid_len)
+               return 1;
+
+       if (ssid_len == 1 && ssid[0] == ' ')
+               return 1;
+
+       return 0;
+}
+
+static int ieee80211_sta_config_auth(struct net_device *dev,
+                                    struct ieee80211_if_sta *ifsta)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       struct ieee80211_sta_bss *bss, *selected = NULL;
+       int top_rssi = 0, freq;
+
+       if (!(ifsta->flags & (IEEE80211_STA_AUTO_SSID_SEL |
+           IEEE80211_STA_AUTO_BSSID_SEL | IEEE80211_STA_AUTO_CHANNEL_SEL))) {
+               ifsta->state = IEEE80211_AUTHENTICATE;
+               ieee80211_sta_reset_auth(dev, ifsta);
+               return 0;
+       }
+
+       spin_lock_bh(&local->sta_bss_lock);
+       freq = local->oper_channel->freq;
+       list_for_each_entry(bss, &local->sta_bss_list, list) {
+               if (!(bss->capability & WLAN_CAPABILITY_ESS))
+                       continue;
+
+               if (!!(bss->capability & WLAN_CAPABILITY_PRIVACY) ^
+                   !!sdata->default_key)
+                       continue;
+
+               if (!(ifsta->flags & IEEE80211_STA_AUTO_CHANNEL_SEL) &&
+                   bss->freq != freq)
+                       continue;
+
+               if (!(ifsta->flags & IEEE80211_STA_AUTO_BSSID_SEL) &&
+                   memcmp(bss->bssid, ifsta->bssid, ETH_ALEN))
+                       continue;
+
+               if (!(ifsta->flags & IEEE80211_STA_AUTO_SSID_SEL) &&
+                   !ieee80211_sta_match_ssid(ifsta, bss->ssid, bss->ssid_len))
+                       continue;
+
+               if (!selected || top_rssi < bss->rssi) {
+                       selected = bss;
+                       top_rssi = bss->rssi;
+               }
+       }
+       if (selected)
+               atomic_inc(&selected->users);
+       spin_unlock_bh(&local->sta_bss_lock);
+
+       if (selected) {
+               ieee80211_set_channel(local, -1, selected->freq);
+               if (!(ifsta->flags & IEEE80211_STA_SSID_SET))
+                       ieee80211_sta_set_ssid(dev, selected->ssid,
+                                              selected->ssid_len);
+               ieee80211_sta_set_bssid(dev, selected->bssid);
+               ieee80211_rx_bss_put(dev, selected);
+               ifsta->state = IEEE80211_AUTHENTICATE;
+               ieee80211_sta_reset_auth(dev, ifsta);
+               return 0;
+       } else {
+               if (ifsta->state != IEEE80211_AUTHENTICATE) {
+                       if (ifsta->flags & IEEE80211_STA_AUTO_SSID_SEL)
+                               ieee80211_sta_start_scan(dev, NULL, 0);
+                       else
+                               ieee80211_sta_start_scan(dev, ifsta->ssid,
+                                                        ifsta->ssid_len);
+                       ifsta->state = IEEE80211_AUTHENTICATE;
+                       set_bit(IEEE80211_STA_REQ_AUTH, &ifsta->request);
+               } else
+                       ifsta->state = IEEE80211_DISABLED;
+       }
+       return -1;
+}
+
+static int ieee80211_sta_join_ibss(struct net_device *dev,
+                                  struct ieee80211_if_sta *ifsta,
+                                  struct ieee80211_sta_bss *bss)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       int res, rates, i, j;
+       struct sk_buff *skb;
+       struct ieee80211_mgmt *mgmt;
+       struct ieee80211_tx_control control;
+       struct ieee80211_rate *rate;
+       struct ieee80211_hw_mode *mode;
+       struct rate_control_extra extra;
+       u8 *pos;
+       struct ieee80211_sub_if_data *sdata;
+
+       /* Remove possible STA entries from other IBSS networks. */
+       sta_info_flush(local, NULL);
+
+       if (local->ops->reset_tsf) {
+               /* Reset own TSF to allow time synchronization work. */
+               local->ops->reset_tsf(local_to_hw(local));
+       }
+       memcpy(ifsta->bssid, bss->bssid, ETH_ALEN);
+       res = ieee80211_if_config(dev);
+       if (res)
+               return res;
+
+       local->hw.conf.beacon_int = bss->beacon_int >= 10 ? bss->beacon_int : 10;
+
+       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       sdata->drop_unencrypted = bss->capability &
+               WLAN_CAPABILITY_PRIVACY ? 1 : 0;
+
+       res = ieee80211_set_channel(local, -1, bss->freq);
+
+       if (!(local->oper_channel->flag & IEEE80211_CHAN_W_IBSS)) {
+               printk(KERN_DEBUG "%s: IBSS not allowed on channel %d "
+                      "(%d MHz)\n", dev->name, local->hw.conf.channel,
+                      local->hw.conf.freq);
+               return -1;
+       }
+
+       /* Set beacon template based on scan results */
+       skb = dev_alloc_skb(local->hw.extra_tx_headroom + 400);
+       do {
+               if (!skb)
+                       break;
+
+               skb_reserve(skb, local->hw.extra_tx_headroom);
+
+               mgmt = (struct ieee80211_mgmt *)
+                       skb_put(skb, 24 + sizeof(mgmt->u.beacon));
+               memset(mgmt, 0, 24 + sizeof(mgmt->u.beacon));
+               mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
+                                                  IEEE80211_STYPE_BEACON);
+               memset(mgmt->da, 0xff, ETH_ALEN);
+               memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
+               memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
+               mgmt->u.beacon.beacon_int =
+                       cpu_to_le16(local->hw.conf.beacon_int);
+               mgmt->u.beacon.capab_info = cpu_to_le16(bss->capability);
+
+               pos = skb_put(skb, 2 + ifsta->ssid_len);
+               *pos++ = WLAN_EID_SSID;
+               *pos++ = ifsta->ssid_len;
+               memcpy(pos, ifsta->ssid, ifsta->ssid_len);
+
+               rates = bss->supp_rates_len;
+               if (rates > 8)
+                       rates = 8;
+               pos = skb_put(skb, 2 + rates);
+               *pos++ = WLAN_EID_SUPP_RATES;
+               *pos++ = rates;
+               memcpy(pos, bss->supp_rates, rates);
+
+               pos = skb_put(skb, 2 + 1);
+               *pos++ = WLAN_EID_DS_PARAMS;
+               *pos++ = 1;
+               *pos++ = bss->channel;
+
+               pos = skb_put(skb, 2 + 2);
+               *pos++ = WLAN_EID_IBSS_PARAMS;
+               *pos++ = 2;
+               /* FIX: set ATIM window based on scan results */
+               *pos++ = 0;
+               *pos++ = 0;
+
+               if (bss->supp_rates_len > 8) {
+                       rates = bss->supp_rates_len - 8;
+                       pos = skb_put(skb, 2 + rates);
+                       *pos++ = WLAN_EID_EXT_SUPP_RATES;
+                       *pos++ = rates;
+                       memcpy(pos, &bss->supp_rates[8], rates);
+               }
+
+               memset(&control, 0, sizeof(control));
+               memset(&extra, 0, sizeof(extra));
+               extra.mode = local->oper_hw_mode;
+               rate = rate_control_get_rate(local, dev, skb, &extra);
+               if (!rate) {
+                       printk(KERN_DEBUG "%s: Failed to determine TX rate "
+                              "for IBSS beacon\n", dev->name);
+                       break;
+               }
+               control.tx_rate =
+                       ((sdata->flags & IEEE80211_SDATA_SHORT_PREAMBLE) &&
+                       (rate->flags & IEEE80211_RATE_PREAMBLE2)) ?
+                       rate->val2 : rate->val;
+               control.antenna_sel_tx = local->hw.conf.antenna_sel_tx;
+               control.power_level = local->hw.conf.power_level;
+               control.flags |= IEEE80211_TXCTL_NO_ACK;
+               control.retry_limit = 1;
+
+               ifsta->probe_resp = skb_copy(skb, GFP_ATOMIC);
+               if (ifsta->probe_resp) {
+                       mgmt = (struct ieee80211_mgmt *)
+                               ifsta->probe_resp->data;
+                       mgmt->frame_control =
+                               IEEE80211_FC(IEEE80211_FTYPE_MGMT,
+                                            IEEE80211_STYPE_PROBE_RESP);
+               } else {
+                       printk(KERN_DEBUG "%s: Could not allocate ProbeResp "
+                              "template for IBSS\n", dev->name);
+               }
+
+               if (local->ops->beacon_update &&
+                   local->ops->beacon_update(local_to_hw(local),
+                                            skb, &control) == 0) {
+                       printk(KERN_DEBUG "%s: Configured IBSS beacon "
+                              "template based on scan results\n", dev->name);
+                       skb = NULL;
+               }
+
+               rates = 0;
+               mode = local->oper_hw_mode;
+               for (i = 0; i < bss->supp_rates_len; i++) {
+                       int bitrate = (bss->supp_rates[i] & 0x7f) * 5;
+                       for (j = 0; j < mode->num_rates; j++)
+                               if (mode->rates[j].rate == bitrate)
+                                       rates |= BIT(j);
+               }
+               ifsta->supp_rates_bits = rates;
+       } while (0);
+
+       if (skb) {
+               printk(KERN_DEBUG "%s: Failed to configure IBSS beacon "
+                      "template\n", dev->name);
+               dev_kfree_skb(skb);
+       }
+
+       ifsta->state = IEEE80211_IBSS_JOINED;
+       mod_timer(&ifsta->timer, jiffies + IEEE80211_IBSS_MERGE_INTERVAL);
+
+       ieee80211_rx_bss_put(dev, bss);
+
+       return res;
+}
+
+
+static int ieee80211_sta_create_ibss(struct net_device *dev,
+                                    struct ieee80211_if_sta *ifsta)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_sta_bss *bss;
+       struct ieee80211_sub_if_data *sdata;
+       struct ieee80211_hw_mode *mode;
+       u8 bssid[ETH_ALEN], *pos;
+       int i;
+
+#if 0
+       /* Easier testing, use fixed BSSID. */
+       memset(bssid, 0xfe, ETH_ALEN);
+#else
+       /* Generate random, not broadcast, locally administered BSSID. Mix in
+        * own MAC address to make sure that devices that do not have proper
+        * random number generator get different BSSID. */
+       get_random_bytes(bssid, ETH_ALEN);
+       for (i = 0; i < ETH_ALEN; i++)
+               bssid[i] ^= dev->dev_addr[i];
+       bssid[0] &= ~0x01;
+       bssid[0] |= 0x02;
+#endif
+
+       printk(KERN_DEBUG "%s: Creating new IBSS network, BSSID " MAC_FMT "\n",
+              dev->name, MAC_ARG(bssid));
+
+       bss = ieee80211_rx_bss_add(dev, bssid);
+       if (!bss)
+               return -ENOMEM;
+
+       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       mode = local->oper_hw_mode;
+
+       if (local->hw.conf.beacon_int == 0)
+               local->hw.conf.beacon_int = 100;
+       bss->beacon_int = local->hw.conf.beacon_int;
+       bss->hw_mode = local->hw.conf.phymode;
+       bss->channel = local->hw.conf.channel;
+       bss->freq = local->hw.conf.freq;
+       bss->last_update = jiffies;
+       bss->capability = WLAN_CAPABILITY_IBSS;
+       if (sdata->default_key) {
+               bss->capability |= WLAN_CAPABILITY_PRIVACY;
+       } else
+               sdata->drop_unencrypted = 0;
+       bss->supp_rates_len = mode->num_rates;
+       pos = bss->supp_rates;
+       for (i = 0; i < mode->num_rates; i++) {
+               int rate = mode->rates[i].rate;
+               *pos++ = (u8) (rate / 5);
+       }
+
+       return ieee80211_sta_join_ibss(dev, ifsta, bss);
+}
+
+
+static int ieee80211_sta_find_ibss(struct net_device *dev,
+                                  struct ieee80211_if_sta *ifsta)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_sta_bss *bss;
+       int found = 0;
+       u8 bssid[ETH_ALEN];
+       int active_ibss;
+
+       if (ifsta->ssid_len == 0)
+               return -EINVAL;
+
+       active_ibss = ieee80211_sta_active_ibss(dev);
+#ifdef CONFIG_MAC80211_IBSS_DEBUG
+       printk(KERN_DEBUG "%s: sta_find_ibss (active_ibss=%d)\n",
+              dev->name, active_ibss);
+#endif /* CONFIG_MAC80211_IBSS_DEBUG */
+       spin_lock_bh(&local->sta_bss_lock);
+       list_for_each_entry(bss, &local->sta_bss_list, list) {
+               if (ifsta->ssid_len != bss->ssid_len ||
+                   memcmp(ifsta->ssid, bss->ssid, bss->ssid_len) != 0
+                   || !(bss->capability & WLAN_CAPABILITY_IBSS))
+                       continue;
+#ifdef CONFIG_MAC80211_IBSS_DEBUG
+               printk(KERN_DEBUG "   bssid=" MAC_FMT " found\n",
+                      MAC_ARG(bss->bssid));
+#endif /* CONFIG_MAC80211_IBSS_DEBUG */
+               memcpy(bssid, bss->bssid, ETH_ALEN);
+               found = 1;
+               if (active_ibss || memcmp(bssid, ifsta->bssid, ETH_ALEN) != 0)
+                       break;
+       }
+       spin_unlock_bh(&local->sta_bss_lock);
+
+#ifdef CONFIG_MAC80211_IBSS_DEBUG
+       printk(KERN_DEBUG "   sta_find_ibss: selected " MAC_FMT " current "
+              MAC_FMT "\n", MAC_ARG(bssid), MAC_ARG(ifsta->bssid));
+#endif /* CONFIG_MAC80211_IBSS_DEBUG */
+       if (found && memcmp(ifsta->bssid, bssid, ETH_ALEN) != 0 &&
+           (bss = ieee80211_rx_bss_get(dev, bssid))) {
+               printk(KERN_DEBUG "%s: Selected IBSS BSSID " MAC_FMT
+                      " based on configured SSID\n",
+                      dev->name, MAC_ARG(bssid));
+               return ieee80211_sta_join_ibss(dev, ifsta, bss);
+       }
+#ifdef CONFIG_MAC80211_IBSS_DEBUG
+       printk(KERN_DEBUG "   did not try to join ibss\n");
+#endif /* CONFIG_MAC80211_IBSS_DEBUG */
+
+       /* Selected IBSS not found in current scan results - try to scan */
+       if (ifsta->state == IEEE80211_IBSS_JOINED &&
+           !ieee80211_sta_active_ibss(dev)) {
+               mod_timer(&ifsta->timer, jiffies +
+                                     IEEE80211_IBSS_MERGE_INTERVAL);
+       } else if (time_after(jiffies, local->last_scan_completed +
+                             IEEE80211_SCAN_INTERVAL)) {
+               printk(KERN_DEBUG "%s: Trigger new scan to find an IBSS to "
+                      "join\n", dev->name);
+               return ieee80211_sta_req_scan(dev, ifsta->ssid,
+                                             ifsta->ssid_len);
+       } else if (ifsta->state != IEEE80211_IBSS_JOINED) {
+               int interval = IEEE80211_SCAN_INTERVAL;
+
+               if (time_after(jiffies, ifsta->ibss_join_req +
+                              IEEE80211_IBSS_JOIN_TIMEOUT)) {
+                       if ((ifsta->flags & IEEE80211_STA_CREATE_IBSS) &&
+                           local->oper_channel->flag & IEEE80211_CHAN_W_IBSS)
+                               return ieee80211_sta_create_ibss(dev, ifsta);
+                       if (ifsta->flags & IEEE80211_STA_CREATE_IBSS) {
+                               printk(KERN_DEBUG "%s: IBSS not allowed on the"
+                                      " configured channel %d (%d MHz)\n",
+                                      dev->name, local->hw.conf.channel,
+                                      local->hw.conf.freq);
+                       }
+
+                       /* No IBSS found - decrease scan interval and continue
+                        * scanning. */
+                       interval = IEEE80211_SCAN_INTERVAL_SLOW;
+               }
+
+               ifsta->state = IEEE80211_IBSS_SEARCH;
+               mod_timer(&ifsta->timer, jiffies + interval);
+               return 0;
+       }
+
+       return 0;
+}
+
+
+int ieee80211_sta_set_ssid(struct net_device *dev, char *ssid, size_t len)
+{
+       struct ieee80211_sub_if_data *sdata;
+       struct ieee80211_if_sta *ifsta;
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+
+       if (len > IEEE80211_MAX_SSID_LEN)
+               return -EINVAL;
+
+       /* TODO: This should always be done for IBSS, even if IEEE80211_QOS is
+        * not defined. */
+       if (local->ops->conf_tx) {
+               struct ieee80211_tx_queue_params qparam;
+               int i;
+
+               memset(&qparam, 0, sizeof(qparam));
+               /* TODO: are these ok defaults for all hw_modes? */
+               qparam.aifs = 2;
+               qparam.cw_min =
+                       local->hw.conf.phymode == MODE_IEEE80211B ? 31 : 15;
+               qparam.cw_max = 1023;
+               qparam.burst_time = 0;
+               for (i = IEEE80211_TX_QUEUE_DATA0; i < NUM_TX_DATA_QUEUES; i++)
+               {
+                       local->ops->conf_tx(local_to_hw(local),
+                                          i + IEEE80211_TX_QUEUE_DATA0,
+                                          &qparam);
+               }
+               /* IBSS uses different parameters for Beacon sending */
+               qparam.cw_min++;
+               qparam.cw_min *= 2;
+               qparam.cw_min--;
+               local->ops->conf_tx(local_to_hw(local),
+                                  IEEE80211_TX_QUEUE_BEACON, &qparam);
+       }
+
+       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       ifsta = &sdata->u.sta;
+
+       if (ifsta->ssid_len != len || memcmp(ifsta->ssid, ssid, len) != 0)
+               ifsta->flags &= ~IEEE80211_STA_PREV_BSSID_SET;
+       memcpy(ifsta->ssid, ssid, len);
+       memset(ifsta->ssid + len, 0, IEEE80211_MAX_SSID_LEN - len);
+       ifsta->ssid_len = len;
+
+       if (len)
+               ifsta->flags |= IEEE80211_STA_SSID_SET;
+       else
+               ifsta->flags &= ~IEEE80211_STA_SSID_SET;
+       if (sdata->type == IEEE80211_IF_TYPE_IBSS &&
+           !(ifsta->flags & IEEE80211_STA_BSSID_SET)) {
+               ifsta->ibss_join_req = jiffies;
+               ifsta->state = IEEE80211_IBSS_SEARCH;
+               return ieee80211_sta_find_ibss(dev, ifsta);
+       }
+       return 0;
+}
+
+
+int ieee80211_sta_get_ssid(struct net_device *dev, char *ssid, size_t *len)
+{
+       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       struct ieee80211_if_sta *ifsta = &sdata->u.sta;
+       memcpy(ssid, ifsta->ssid, ifsta->ssid_len);
+       *len = ifsta->ssid_len;
+       return 0;
+}
+
+
+int ieee80211_sta_set_bssid(struct net_device *dev, u8 *bssid)
+{
+       struct ieee80211_sub_if_data *sdata;
+       struct ieee80211_if_sta *ifsta;
+       int res;
+
+       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       ifsta = &sdata->u.sta;
+
+       if (memcmp(ifsta->bssid, bssid, ETH_ALEN) != 0) {
+               memcpy(ifsta->bssid, bssid, ETH_ALEN);
+               res = ieee80211_if_config(dev);
+               if (res) {
+                       printk(KERN_DEBUG "%s: Failed to config new BSSID to "
+                              "the low-level driver\n", dev->name);
+                       return res;
+               }
+       }
+
+       if (is_valid_ether_addr(bssid))
+               ifsta->flags |= IEEE80211_STA_BSSID_SET;
+       else
+               ifsta->flags &= ~IEEE80211_STA_BSSID_SET;
+
+       return 0;
+}
+
+
+static void ieee80211_send_nullfunc(struct ieee80211_local *local,
+                                   struct ieee80211_sub_if_data *sdata,
+                                   int powersave)
+{
+       struct sk_buff *skb;
+       struct ieee80211_hdr *nullfunc;
+       u16 fc;
+
+       skb = dev_alloc_skb(local->hw.extra_tx_headroom + 24);
+       if (!skb) {
+               printk(KERN_DEBUG "%s: failed to allocate buffer for nullfunc "
+                      "frame\n", sdata->dev->name);
+               return;
+       }
+       skb_reserve(skb, local->hw.extra_tx_headroom);
+
+       nullfunc = (struct ieee80211_hdr *) skb_put(skb, 24);
+       memset(nullfunc, 0, 24);
+       fc = IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC |
+            IEEE80211_FCTL_TODS;
+       if (powersave)
+               fc |= IEEE80211_FCTL_PM;
+       nullfunc->frame_control = cpu_to_le16(fc);
+       memcpy(nullfunc->addr1, sdata->u.sta.bssid, ETH_ALEN);
+       memcpy(nullfunc->addr2, sdata->dev->dev_addr, ETH_ALEN);
+       memcpy(nullfunc->addr3, sdata->u.sta.bssid, ETH_ALEN);
+
+       ieee80211_sta_tx(sdata->dev, skb, 0);
+}
+
+
+void ieee80211_scan_completed(struct ieee80211_hw *hw)
+{
+       struct ieee80211_local *local = hw_to_local(hw);
+       struct net_device *dev = local->scan_dev;
+       struct ieee80211_sub_if_data *sdata;
+       union iwreq_data wrqu;
+
+       local->last_scan_completed = jiffies;
+       wmb();
+       local->sta_scanning = 0;
+
+       if (ieee80211_hw_config(local))
+               printk(KERN_DEBUG "%s: failed to restore operational"
+                      "channel after scan\n", dev->name);
+
+
+       netif_tx_lock_bh(local->mdev);
+       local->filter_flags &= ~FIF_BCN_PRBRESP_PROMISC;
+       local->ops->configure_filter(local_to_hw(local),
+                                    FIF_BCN_PRBRESP_PROMISC,
+                                    &local->filter_flags,
+                                    local->mdev->mc_count,
+                                    local->mdev->mc_list);
+
+       netif_tx_unlock_bh(local->mdev);
+
+       memset(&wrqu, 0, sizeof(wrqu));
+       wireless_send_event(dev, SIOCGIWSCAN, &wrqu, NULL);
+
+       rcu_read_lock();
+       list_for_each_entry_rcu(sdata, &local->interfaces, list) {
+
+               /* No need to wake the master device. */
+               if (sdata->dev == local->mdev)
+                       continue;
+
+               if (sdata->type == IEEE80211_IF_TYPE_STA) {
+                       if (sdata->u.sta.flags & IEEE80211_STA_ASSOCIATED)
+                               ieee80211_send_nullfunc(local, sdata, 0);
+                       ieee80211_sta_timer((unsigned long)sdata);
+               }
+
+               netif_wake_queue(sdata->dev);
+       }
+       rcu_read_unlock();
+
+       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       if (sdata->type == IEEE80211_IF_TYPE_IBSS) {
+               struct ieee80211_if_sta *ifsta = &sdata->u.sta;
+               if (!(ifsta->flags & IEEE80211_STA_BSSID_SET) ||
+                   (!ifsta->state == IEEE80211_IBSS_JOINED &&
+                   !ieee80211_sta_active_ibss(dev)))
+                       ieee80211_sta_find_ibss(dev, ifsta);
+       }
+}
+EXPORT_SYMBOL(ieee80211_scan_completed);
+
+void ieee80211_sta_scan_work(struct work_struct *work)
+{
+       struct ieee80211_local *local =
+               container_of(work, struct ieee80211_local, scan_work.work);
+       struct net_device *dev = local->scan_dev;
+       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       struct ieee80211_hw_mode *mode;
+       struct ieee80211_channel *chan;
+       int skip;
+       unsigned long next_delay = 0;
+
+       if (!local->sta_scanning)
+               return;
+
+       switch (local->scan_state) {
+       case SCAN_SET_CHANNEL:
+               mode = local->scan_hw_mode;
+               if (local->scan_hw_mode->list.next == &local->modes_list &&
+                   local->scan_channel_idx >= mode->num_channels) {
+                       ieee80211_scan_completed(local_to_hw(local));
+                       return;
+               }
+               skip = !(local->enabled_modes & (1 << mode->mode));
+               chan = &mode->channels[local->scan_channel_idx];
+               if (!(chan->flag & IEEE80211_CHAN_W_SCAN) ||
+                   (sdata->type == IEEE80211_IF_TYPE_IBSS &&
+                    !(chan->flag & IEEE80211_CHAN_W_IBSS)) ||
+                   (local->hw_modes & local->enabled_modes &
+                    (1 << MODE_IEEE80211G) && mode->mode == MODE_IEEE80211B))
+                       skip = 1;
+
+               if (!skip) {
+#if 0
+                       printk(KERN_DEBUG "%s: scan channel %d (%d MHz)\n",
+                              dev->name, chan->chan, chan->freq);
+#endif
+
+                       local->scan_channel = chan;
+                       if (ieee80211_hw_config(local)) {
+                               printk(KERN_DEBUG "%s: failed to set channel "
+                                      "%d (%d MHz) for scan\n", dev->name,
+                                      chan->chan, chan->freq);
+                               skip = 1;
+                       }
+               }
+
+               local->scan_channel_idx++;
+               if (local->scan_channel_idx >= local->scan_hw_mode->num_channels) {
+                       if (local->scan_hw_mode->list.next != &local->modes_list) {
+                               local->scan_hw_mode = list_entry(local->scan_hw_mode->list.next,
+                                                                struct ieee80211_hw_mode,
+                                                                list);
+                               local->scan_channel_idx = 0;
+                       }
+               }
+
+               if (skip)
+                       break;
+
+               next_delay = IEEE80211_PROBE_DELAY +
+                            usecs_to_jiffies(local->hw.channel_change_time);
+               local->scan_state = SCAN_SEND_PROBE;
+               break;
+       case SCAN_SEND_PROBE:
+               if (local->scan_channel->flag & IEEE80211_CHAN_W_ACTIVE_SCAN) {
+                       ieee80211_send_probe_req(dev, NULL, local->scan_ssid,
+                                                local->scan_ssid_len);
+                       next_delay = IEEE80211_CHANNEL_TIME;
+               } else
+                       next_delay = IEEE80211_PASSIVE_CHANNEL_TIME;
+               local->scan_state = SCAN_SET_CHANNEL;
+               break;
+       }
+
+       if (local->sta_scanning)
+               queue_delayed_work(local->hw.workqueue, &local->scan_work,
+                                  next_delay);
+}
+
+
+static int ieee80211_sta_start_scan(struct net_device *dev,
+                                   u8 *ssid, size_t ssid_len)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_sub_if_data *sdata;
+
+       if (ssid_len > IEEE80211_MAX_SSID_LEN)
+               return -EINVAL;
+
+       /* MLME-SCAN.request (page 118)  page 144 (11.1.3.1)
+        * BSSType: INFRASTRUCTURE, INDEPENDENT, ANY_BSS
+        * BSSID: MACAddress
+        * SSID
+        * ScanType: ACTIVE, PASSIVE
+        * ProbeDelay: delay (in microseconds) to be used prior to transmitting
+        *    a Probe frame during active scanning
+        * ChannelList
+        * MinChannelTime (>= ProbeDelay), in TU
+        * MaxChannelTime: (>= MinChannelTime), in TU
+        */
+
+        /* MLME-SCAN.confirm
+         * BSSDescriptionSet
+         * ResultCode: SUCCESS, INVALID_PARAMETERS
+        */
+
+       if (local->sta_scanning) {
+               if (local->scan_dev == dev)
+                       return 0;
+               return -EBUSY;
+       }
+
+       if (local->ops->hw_scan) {
+               int rc = local->ops->hw_scan(local_to_hw(local),
+                                           ssid, ssid_len);
+               if (!rc) {
+                       local->sta_scanning = 1;
+                       local->scan_dev = dev;
+               }
+               return rc;
+       }
+
+       local->sta_scanning = 1;
+
+       rcu_read_lock();
+       list_for_each_entry_rcu(sdata, &local->interfaces, list) {
+
+               /* Don't stop the master interface, otherwise we can't transmit
+                * probes! */
+               if (sdata->dev == local->mdev)
+                       continue;
+
+               netif_stop_queue(sdata->dev);
+               if (sdata->type == IEEE80211_IF_TYPE_STA &&
+                   (sdata->u.sta.flags & IEEE80211_STA_ASSOCIATED))
+                       ieee80211_send_nullfunc(local, sdata, 1);
+       }
+       rcu_read_unlock();
+
+       if (ssid) {
+               local->scan_ssid_len = ssid_len;
+               memcpy(local->scan_ssid, ssid, ssid_len);
+       } else
+               local->scan_ssid_len = 0;
+       local->scan_state = SCAN_SET_CHANNEL;
+       local->scan_hw_mode = list_entry(local->modes_list.next,
+                                        struct ieee80211_hw_mode,
+                                        list);
+       local->scan_channel_idx = 0;
+       local->scan_dev = dev;
+
+       netif_tx_lock_bh(local->mdev);
+       local->filter_flags |= FIF_BCN_PRBRESP_PROMISC;
+       local->ops->configure_filter(local_to_hw(local),
+                                    FIF_BCN_PRBRESP_PROMISC,
+                                    &local->filter_flags,
+                                    local->mdev->mc_count,
+                                    local->mdev->mc_list);
+       netif_tx_unlock_bh(local->mdev);
+
+       /* TODO: start scan as soon as all nullfunc frames are ACKed */
+       queue_delayed_work(local->hw.workqueue, &local->scan_work,
+                          IEEE80211_CHANNEL_TIME);
+
+       return 0;
+}
+
+
+int ieee80211_sta_req_scan(struct net_device *dev, u8 *ssid, size_t ssid_len)
+{
+       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       struct ieee80211_if_sta *ifsta = &sdata->u.sta;
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+
+       if (sdata->type != IEEE80211_IF_TYPE_STA)
+               return ieee80211_sta_start_scan(dev, ssid, ssid_len);
+
+       if (local->sta_scanning) {
+               if (local->scan_dev == dev)
+                       return 0;
+               return -EBUSY;
+       }
+
+       set_bit(IEEE80211_STA_REQ_SCAN, &ifsta->request);
+       queue_work(local->hw.workqueue, &ifsta->work);
+       return 0;
+}
+
+static char *
+ieee80211_sta_scan_result(struct net_device *dev,
+                         struct ieee80211_sta_bss *bss,
+                         char *current_ev, char *end_buf)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct iw_event iwe;
+
+       if (time_after(jiffies,
+                      bss->last_update + IEEE80211_SCAN_RESULT_EXPIRE))
+               return current_ev;
+
+       if (!(local->enabled_modes & (1 << bss->hw_mode)))
+               return current_ev;
+
+       if (local->scan_flags & IEEE80211_SCAN_WPA_ONLY &&
+           !bss->wpa_ie && !bss->rsn_ie)
+               return current_ev;
+
+       if (local->scan_flags & IEEE80211_SCAN_MATCH_SSID &&
+           (local->scan_ssid_len != bss->ssid_len ||
+            memcmp(local->scan_ssid, bss->ssid, bss->ssid_len) != 0))
+               return current_ev;
+
+       memset(&iwe, 0, sizeof(iwe));
+       iwe.cmd = SIOCGIWAP;
+       iwe.u.ap_addr.sa_family = ARPHRD_ETHER;
+       memcpy(iwe.u.ap_addr.sa_data, bss->bssid, ETH_ALEN);
+       current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe,
+                                         IW_EV_ADDR_LEN);
+
+       memset(&iwe, 0, sizeof(iwe));
+       iwe.cmd = SIOCGIWESSID;
+       iwe.u.data.length = bss->ssid_len;
+       iwe.u.data.flags = 1;
+       current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe,
+                                         bss->ssid);
+
+       if (bss->capability & (WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_IBSS)) {
+               memset(&iwe, 0, sizeof(iwe));
+               iwe.cmd = SIOCGIWMODE;
+               if (bss->capability & WLAN_CAPABILITY_ESS)
+                       iwe.u.mode = IW_MODE_MASTER;
+               else
+                       iwe.u.mode = IW_MODE_ADHOC;
+               current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe,
+                                                 IW_EV_UINT_LEN);
+       }
+
+       memset(&iwe, 0, sizeof(iwe));
+       iwe.cmd = SIOCGIWFREQ;
+       iwe.u.freq.m = bss->channel;
+       iwe.u.freq.e = 0;
+       current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe,
+                                         IW_EV_FREQ_LEN);
+       iwe.u.freq.m = bss->freq * 100000;
+       iwe.u.freq.e = 1;
+       current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe,
+                                         IW_EV_FREQ_LEN);
+
+       memset(&iwe, 0, sizeof(iwe));
+       iwe.cmd = IWEVQUAL;
+       iwe.u.qual.qual = bss->signal;
+       iwe.u.qual.level = bss->rssi;
+       iwe.u.qual.noise = bss->noise;
+       iwe.u.qual.updated = local->wstats_flags;
+       current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe,
+                                         IW_EV_QUAL_LEN);
+
+       memset(&iwe, 0, sizeof(iwe));
+       iwe.cmd = SIOCGIWENCODE;
+       if (bss->capability & WLAN_CAPABILITY_PRIVACY)
+               iwe.u.data.flags = IW_ENCODE_ENABLED | IW_ENCODE_NOKEY;
+       else
+               iwe.u.data.flags = IW_ENCODE_DISABLED;
+       iwe.u.data.length = 0;
+       current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe, "");
+
+       if (bss && bss->wpa_ie) {
+               memset(&iwe, 0, sizeof(iwe));
+               iwe.cmd = IWEVGENIE;
+               iwe.u.data.length = bss->wpa_ie_len;
+               current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe,
+                                                 bss->wpa_ie);
+       }
+
+       if (bss && bss->rsn_ie) {
+               memset(&iwe, 0, sizeof(iwe));
+               iwe.cmd = IWEVGENIE;
+               iwe.u.data.length = bss->rsn_ie_len;
+               current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe,
+                                                 bss->rsn_ie);
+       }
+
+       if (bss && bss->supp_rates_len > 0) {
+               /* display all supported rates in readable format */
+               char *p = current_ev + IW_EV_LCP_LEN;
+               int i;
+
+               memset(&iwe, 0, sizeof(iwe));
+               iwe.cmd = SIOCGIWRATE;
+               /* Those two flags are ignored... */
+               iwe.u.bitrate.fixed = iwe.u.bitrate.disabled = 0;
+
+               for (i = 0; i < bss->supp_rates_len; i++) {
+                       iwe.u.bitrate.value = ((bss->supp_rates[i] &
+                                                       0x7f) * 500000);
+                       p = iwe_stream_add_value(current_ev, p,
+                                       end_buf, &iwe, IW_EV_PARAM_LEN);
+               }
+               current_ev = p;
+       }
+
+       if (bss) {
+               char *buf;
+               buf = kmalloc(30, GFP_ATOMIC);
+               if (buf) {
+                       memset(&iwe, 0, sizeof(iwe));
+                       iwe.cmd = IWEVCUSTOM;
+                       sprintf(buf, "tsf=%016llx", (unsigned long long)(bss->timestamp));
+                       iwe.u.data.length = strlen(buf);
+                       current_ev = iwe_stream_add_point(current_ev, end_buf,
+                                                         &iwe, buf);
+                       kfree(buf);
+               }
+       }
+
+       do {
+               char *buf;
+
+               if (!(local->scan_flags & IEEE80211_SCAN_EXTRA_INFO))
+                       break;
+
+               buf = kmalloc(100, GFP_ATOMIC);
+               if (!buf)
+                       break;
+
+               memset(&iwe, 0, sizeof(iwe));
+               iwe.cmd = IWEVCUSTOM;
+               sprintf(buf, "bcn_int=%d", bss->beacon_int);
+               iwe.u.data.length = strlen(buf);
+               current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe,
+                                                 buf);
+
+               memset(&iwe, 0, sizeof(iwe));
+               iwe.cmd = IWEVCUSTOM;
+               sprintf(buf, "capab=0x%04x", bss->capability);
+               iwe.u.data.length = strlen(buf);
+               current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe,
+                                                 buf);
+
+               kfree(buf);
+               break;
+       } while (0);
+
+       return current_ev;
+}
+
+
+int ieee80211_sta_scan_results(struct net_device *dev, char *buf, size_t len)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       char *current_ev = buf;
+       char *end_buf = buf + len;
+       struct ieee80211_sta_bss *bss;
+
+       spin_lock_bh(&local->sta_bss_lock);
+       list_for_each_entry(bss, &local->sta_bss_list, list) {
+               if (buf + len - current_ev <= IW_EV_ADDR_LEN) {
+                       spin_unlock_bh(&local->sta_bss_lock);
+                       return -E2BIG;
+               }
+               current_ev = ieee80211_sta_scan_result(dev, bss, current_ev,
+                                                      end_buf);
+       }
+       spin_unlock_bh(&local->sta_bss_lock);
+       return current_ev - buf;
+}
+
+
+int ieee80211_sta_set_extra_ie(struct net_device *dev, char *ie, size_t len)
+{
+       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       struct ieee80211_if_sta *ifsta = &sdata->u.sta;
+       kfree(ifsta->extra_ie);
+       if (len == 0) {
+               ifsta->extra_ie = NULL;
+               ifsta->extra_ie_len = 0;
+               return 0;
+       }
+       ifsta->extra_ie = kmalloc(len, GFP_KERNEL);
+       if (!ifsta->extra_ie) {
+               ifsta->extra_ie_len = 0;
+               return -ENOMEM;
+       }
+       memcpy(ifsta->extra_ie, ie, len);
+       ifsta->extra_ie_len = len;
+       return 0;
+}
+
+
+struct sta_info * ieee80211_ibss_add_sta(struct net_device *dev,
+                                        struct sk_buff *skb, u8 *bssid,
+                                        u8 *addr)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct sta_info *sta;
+       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+
+       /* TODO: Could consider removing the least recently used entry and
+        * allow new one to be added. */
+       if (local->num_sta >= IEEE80211_IBSS_MAX_STA_ENTRIES) {
+               if (net_ratelimit()) {
+                       printk(KERN_DEBUG "%s: No room for a new IBSS STA "
+                              "entry " MAC_FMT "\n", dev->name, MAC_ARG(addr));
+               }
+               return NULL;
+       }
+
+       printk(KERN_DEBUG "%s: Adding new IBSS station " MAC_FMT " (dev=%s)\n",
+              wiphy_name(local->hw.wiphy), MAC_ARG(addr), dev->name);
+
+       sta = sta_info_add(local, dev, addr, GFP_ATOMIC);
+       if (!sta)
+               return NULL;
+
+       sta->supp_rates = sdata->u.sta.supp_rates_bits;
+
+       rate_control_rate_init(sta, local);
+
+       return sta; /* caller will call sta_info_put() */
+}
+
+
+int ieee80211_sta_deauthenticate(struct net_device *dev, u16 reason)
+{
+       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       struct ieee80211_if_sta *ifsta = &sdata->u.sta;
+
+       printk(KERN_DEBUG "%s: deauthenticate(reason=%d)\n",
+              dev->name, reason);
+
+       if (sdata->type != IEEE80211_IF_TYPE_STA &&
+           sdata->type != IEEE80211_IF_TYPE_IBSS)
+               return -EINVAL;
+
+       ieee80211_send_deauth(dev, ifsta, reason);
+       ieee80211_set_disassoc(dev, ifsta, 1);
+       return 0;
+}
+
+
+int ieee80211_sta_disassociate(struct net_device *dev, u16 reason)
+{
+       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       struct ieee80211_if_sta *ifsta = &sdata->u.sta;
+
+       printk(KERN_DEBUG "%s: disassociate(reason=%d)\n",
+              dev->name, reason);
+
+       if (sdata->type != IEEE80211_IF_TYPE_STA)
+               return -EINVAL;
+
+       if (!(ifsta->flags & IEEE80211_STA_ASSOCIATED))
+               return -1;
+
+       ieee80211_send_disassoc(dev, ifsta, reason);
+       ieee80211_set_disassoc(dev, ifsta, 0);
+       return 0;
+}
 
--- /dev/null
+/*
+ * Copyright 2002-2005, Instant802 Networks, Inc.
+ * Copyright 2005-2006, Devicescape Software, Inc.
+ * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
+ * Copyright 2007      Johannes Berg <johannes@sipsolutions.net>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#include <linux/if_ether.h>
+#include <linux/etherdevice.h>
+#include <linux/list.h>
+#include <linux/rcupdate.h>
+#include <net/mac80211.h>
+#include "ieee80211_i.h"
+#include "debugfs_key.h"
+#include "aes_ccm.h"
+
+
+/*
+ * Key handling basics
+ *
+ * Key handling in mac80211 is done based on per-interface (sub_if_data)
+ * keys and per-station keys. Since each station belongs to an interface,
+ * each station key also belongs to that interface.
+ *
+ * Hardware acceleration is done on a best-effort basis, for each key
+ * that is eligible the hardware is asked to enable that key but if
+ * it cannot do that they key is simply kept for software encryption.
+ * There is currently no way of knowing this except by looking into
+ * debugfs.
+ *
+ * All operations here are called under RTNL so no extra locking is
+ * required.
+ */
+
+static const u8 bcast_addr[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
+static const u8 zero_addr[ETH_ALEN];
+
+static const u8 *get_mac_for_key(struct ieee80211_key *key)
+{
+       const u8 *addr = bcast_addr;
+
+       /*
+        * If we're an AP we won't ever receive frames with a non-WEP
+        * group key so we tell the driver that by using the zero MAC
+        * address to indicate a transmit-only key.
+        */
+       if (key->conf.alg != ALG_WEP &&
+           (key->sdata->type == IEEE80211_IF_TYPE_AP ||
+            key->sdata->type == IEEE80211_IF_TYPE_VLAN))
+               addr = zero_addr;
+
+       if (key->sta)
+               addr = key->sta->addr;
+
+       return addr;
+}
+
+static void ieee80211_key_enable_hw_accel(struct ieee80211_key *key)
+{
+       const u8 *addr;
+       int ret;
+
+       if (!key->local->ops->set_key)
+               return;
+
+       addr = get_mac_for_key(key);
+
+       ret = key->local->ops->set_key(local_to_hw(key->local), SET_KEY,
+                                      key->sdata->dev->dev_addr, addr,
+                                      &key->conf);
+
+       if (!ret)
+               key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE;
+
+       if (ret && ret != -ENOSPC && ret != -EOPNOTSUPP)
+               printk(KERN_ERR "mac80211-%s: failed to set key "
+                      "(%d, " MAC_FMT ") to hardware (%d)\n",
+                      wiphy_name(key->local->hw.wiphy),
+                      key->conf.keyidx, MAC_ARG(addr), ret);
+}
+
+static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key)
+{
+       const u8 *addr;
+       int ret;
+
+       if (!key->local->ops->set_key)
+               return;
+
+       if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
+               return;
+
+       addr = get_mac_for_key(key);
+
+       ret = key->local->ops->set_key(local_to_hw(key->local), DISABLE_KEY,
+                                      key->sdata->dev->dev_addr, addr,
+                                      &key->conf);
+
+       if (ret)
+               printk(KERN_ERR "mac80211-%s: failed to remove key "
+                      "(%d, " MAC_FMT ") from hardware (%d)\n",
+                      wiphy_name(key->local->hw.wiphy),
+                      key->conf.keyidx, MAC_ARG(addr), ret);
+
+       key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
+}
+
+struct ieee80211_key *ieee80211_key_alloc(struct ieee80211_sub_if_data *sdata,
+                                         struct sta_info *sta,
+                                         enum ieee80211_key_alg alg,
+                                         int idx,
+                                         size_t key_len,
+                                         const u8 *key_data)
+{
+       struct ieee80211_key *key;
+
+       BUG_ON(idx < 0 || idx >= NUM_DEFAULT_KEYS);
+
+       key = kzalloc(sizeof(struct ieee80211_key) + key_len, GFP_KERNEL);
+       if (!key)
+               return NULL;
+
+       /*
+        * Default to software encryption; we'll later upload the
+        * key to the hardware if possible.
+        */
+       key->conf.flags = 0;
+       key->flags = 0;
+
+       key->conf.alg = alg;
+       key->conf.keyidx = idx;
+       key->conf.keylen = key_len;
+       memcpy(key->conf.key, key_data, key_len);
+
+       key->local = sdata->local;
+       key->sdata = sdata;
+       key->sta = sta;
+
+       if (alg == ALG_CCMP) {
+               /*
+                * Initialize AES key state here as an optimization so that
+                * it does not need to be initialized for every packet.
+                */
+               key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(key_data);
+               if (!key->u.ccmp.tfm) {
+                       ieee80211_key_free(key);
+                       return NULL;
+               }
+       }
+
+       ieee80211_debugfs_key_add(key->local, key);
+
+       /* remove key first */
+       if (sta)
+               ieee80211_key_free(sta->key);
+       else
+               ieee80211_key_free(sdata->keys[idx]);
+
+       if (sta) {
+               ieee80211_debugfs_key_sta_link(key, sta);
+
+               /*
+                * some hardware cannot handle TKIP with QoS, so
+                * we indicate whether QoS could be in use.
+                */
+               if (sta->flags & WLAN_STA_WME)
+                       key->conf.flags |= IEEE80211_KEY_FLAG_WMM_STA;
+       } else {
+               if (sdata->type == IEEE80211_IF_TYPE_STA) {
+                       struct sta_info *ap;
+
+                       /* same here, the AP could be using QoS */
+                       ap = sta_info_get(key->local, key->sdata->u.sta.bssid);
+                       if (ap) {
+                               if (ap->flags & WLAN_STA_WME)
+                                       key->conf.flags |=
+                                               IEEE80211_KEY_FLAG_WMM_STA;
+                               sta_info_put(ap);
+                       }
+               }
+       }
+
+       /* enable hwaccel if appropriate */
+       if (netif_running(key->sdata->dev))
+               ieee80211_key_enable_hw_accel(key);
+
+       if (sta)
+               rcu_assign_pointer(sta->key, key);
+       else
+               rcu_assign_pointer(sdata->keys[idx], key);
+
+       list_add(&key->list, &sdata->key_list);
+
+       return key;
+}
+
+void ieee80211_key_free(struct ieee80211_key *key)
+{
+       if (!key)
+               return;
+
+       if (key->sta) {
+               rcu_assign_pointer(key->sta->key, NULL);
+       } else {
+               if (key->sdata->default_key == key)
+                       ieee80211_set_default_key(key->sdata, -1);
+               if (key->conf.keyidx >= 0 &&
+                   key->conf.keyidx < NUM_DEFAULT_KEYS)
+                       rcu_assign_pointer(key->sdata->keys[key->conf.keyidx],
+                                          NULL);
+               else
+                       WARN_ON(1);
+       }
+
+       /* wait for all key users to complete */
+       synchronize_rcu();
+
+       /* remove from hwaccel if appropriate */
+       ieee80211_key_disable_hw_accel(key);
+
+       if (key->conf.alg == ALG_CCMP)
+               ieee80211_aes_key_free(key->u.ccmp.tfm);
+       ieee80211_debugfs_key_remove(key);
+
+       list_del(&key->list);
+
+       kfree(key);
+}
+
+void ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, int idx)
+{
+       struct ieee80211_key *key = NULL;
+
+       if (idx >= 0 && idx < NUM_DEFAULT_KEYS)
+               key = sdata->keys[idx];
+
+       if (sdata->default_key != key) {
+               ieee80211_debugfs_key_remove_default(sdata);
+
+               rcu_assign_pointer(sdata->default_key, key);
+
+               if (sdata->default_key)
+                       ieee80211_debugfs_key_add_default(sdata);
+       }
+}
+
+void ieee80211_free_keys(struct ieee80211_sub_if_data *sdata)
+{
+       struct ieee80211_key *key, *tmp;
+
+       list_for_each_entry_safe(key, tmp, &sdata->key_list, list)
+               ieee80211_key_free(key);
+}
+
+void ieee80211_enable_keys(struct ieee80211_sub_if_data *sdata)
+{
+       struct ieee80211_key *key;
+
+       WARN_ON(!netif_running(sdata->dev));
+       if (!netif_running(sdata->dev))
+               return;
+
+       list_for_each_entry(key, &sdata->key_list, list)
+               ieee80211_key_enable_hw_accel(key);
+}
+
+void ieee80211_disable_keys(struct ieee80211_sub_if_data *sdata)
+{
+       struct ieee80211_key *key;
+
+       list_for_each_entry(key, &sdata->key_list, list)
+               ieee80211_key_disable_hw_accel(key);
+}
 
--- /dev/null
+/*
+ * Michael MIC implementation - optimized for TKIP MIC operations
+ * Copyright 2002-2003, Instant802 Networks, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#include <linux/types.h>
+
+#include "michael.h"
+
+static inline u32 rotr(u32 val, int bits)
+{
+       return (val >> bits) | (val << (32 - bits));
+}
+
+
+static inline u32 rotl(u32 val, int bits)
+{
+       return (val << bits) | (val >> (32 - bits));
+}
+
+
+static inline u32 xswap(u32 val)
+{
+       return ((val & 0xff00ff00) >> 8) | ((val & 0x00ff00ff) << 8);
+}
+
+
+#define michael_block(l, r) \
+do { \
+       r ^= rotl(l, 17); \
+       l += r; \
+       r ^= xswap(l); \
+       l += r; \
+       r ^= rotl(l, 3); \
+       l += r; \
+       r ^= rotr(l, 2); \
+       l += r; \
+} while (0)
+
+
+static inline u32 michael_get32(u8 *data)
+{
+       return data[0] | (data[1] << 8) | (data[2] << 16) | (data[3] << 24);
+}
+
+
+static inline void michael_put32(u32 val, u8 *data)
+{
+       data[0] = val & 0xff;
+       data[1] = (val >> 8) & 0xff;
+       data[2] = (val >> 16) & 0xff;
+       data[3] = (val >> 24) & 0xff;
+}
+
+
+void michael_mic(u8 *key, u8 *da, u8 *sa, u8 priority,
+                u8 *data, size_t data_len, u8 *mic)
+{
+       u32 l, r, val;
+       size_t block, blocks, left;
+
+       l = michael_get32(key);
+       r = michael_get32(key + 4);
+
+       /* A pseudo header (DA, SA, Priority, 0, 0, 0) is used in Michael MIC
+        * calculation, but it is _not_ transmitted */
+       l ^= michael_get32(da);
+       michael_block(l, r);
+       l ^= da[4] | (da[5] << 8) | (sa[0] << 16) | (sa[1] << 24);
+       michael_block(l, r);
+       l ^= michael_get32(&sa[2]);
+       michael_block(l, r);
+       l ^= priority;
+       michael_block(l, r);
+
+       /* Real data */
+       blocks = data_len / 4;
+       left = data_len % 4;
+
+       for (block = 0; block < blocks; block++) {
+               l ^= michael_get32(&data[block * 4]);
+               michael_block(l, r);
+       }
+
+       /* Partial block of 0..3 bytes and padding: 0x5a + 4..7 zeros to make
+        * total length a multiple of 4. */
+       val = 0x5a;
+       while (left > 0) {
+               val <<= 8;
+               left--;
+               val |= data[blocks * 4 + left];
+       }
+       l ^= val;
+       michael_block(l, r);
+       /* last block is zero, so l ^ 0 = l */
+       michael_block(l, r);
+
+       michael_put32(l, mic);
+       michael_put32(r, mic + 4);
+}
 
--- /dev/null
+/*
+ * Michael MIC implementation - optimized for TKIP MIC operations
+ * Copyright 2002-2003, Instant802 Networks, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#ifndef MICHAEL_H
+#define MICHAEL_H
+
+#include <linux/types.h>
+
+#define MICHAEL_MIC_LEN 8
+
+void michael_mic(u8 *key, u8 *da, u8 *sa, u8 priority,
+                u8 *data, size_t data_len, u8 *mic);
+
+#endif /* MICHAEL_H */
 
--- /dev/null
+/*
+ * Copyright 2002-2005, Instant802 Networks, Inc.
+ * Copyright 2005, Devicescape Software, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/netdevice.h>
+#include <linux/types.h>
+#include <linux/slab.h>
+#include <linux/skbuff.h>
+#include <linux/compiler.h>
+
+#include <net/mac80211.h>
+#include "ieee80211_i.h"
+#include "ieee80211_rate.h"
+#include "debugfs.h"
+
+
+/* This is a minimal implementation of TX rate controlling that can be used
+ * as the default when no improved mechanisms are available. */
+
+
+#define RATE_CONTROL_EMERG_DEC 2
+#define RATE_CONTROL_INTERVAL (HZ / 20)
+#define RATE_CONTROL_MIN_TX 10
+
+MODULE_ALIAS("rc80211_default");
+
+static void rate_control_rate_inc(struct ieee80211_local *local,
+                                 struct sta_info *sta)
+{
+       struct ieee80211_sub_if_data *sdata;
+       struct ieee80211_hw_mode *mode;
+       int i = sta->txrate;
+       int maxrate;
+
+       sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev);
+       if (sdata->bss && sdata->bss->force_unicast_rateidx > -1) {
+               /* forced unicast rate - do not change STA rate */
+               return;
+       }
+
+       mode = local->oper_hw_mode;
+       maxrate = sdata->bss ? sdata->bss->max_ratectrl_rateidx : -1;
+
+       if (i > mode->num_rates)
+               i = mode->num_rates - 2;
+
+       while (i + 1 < mode->num_rates) {
+               i++;
+               if (sta->supp_rates & BIT(i) &&
+                   mode->rates[i].flags & IEEE80211_RATE_SUPPORTED &&
+                   (maxrate < 0 || i <= maxrate)) {
+                       sta->txrate = i;
+                       break;
+               }
+       }
+}
+
+
+static void rate_control_rate_dec(struct ieee80211_local *local,
+                                 struct sta_info *sta)
+{
+       struct ieee80211_sub_if_data *sdata;
+       struct ieee80211_hw_mode *mode;
+       int i = sta->txrate;
+
+       sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev);
+       if (sdata->bss && sdata->bss->force_unicast_rateidx > -1) {
+               /* forced unicast rate - do not change STA rate */
+               return;
+       }
+
+       mode = local->oper_hw_mode;
+       if (i > mode->num_rates)
+               i = mode->num_rates;
+
+       while (i > 0) {
+               i--;
+               if (sta->supp_rates & BIT(i) &&
+                   mode->rates[i].flags & IEEE80211_RATE_SUPPORTED) {
+                       sta->txrate = i;
+                       break;
+               }
+       }
+}
+
+
+static struct ieee80211_rate *
+rate_control_lowest_rate(struct ieee80211_local *local,
+                        struct ieee80211_hw_mode *mode)
+{
+       int i;
+
+       for (i = 0; i < mode->num_rates; i++) {
+               struct ieee80211_rate *rate = &mode->rates[i];
+
+               if (rate->flags & IEEE80211_RATE_SUPPORTED)
+                       return rate;
+       }
+
+       printk(KERN_DEBUG "rate_control_lowest_rate - no supported rates "
+              "found\n");
+       return &mode->rates[0];
+}
+
+
+struct global_rate_control {
+       int dummy;
+};
+
+struct sta_rate_control {
+       unsigned long last_rate_change;
+       u32 tx_num_failures;
+       u32 tx_num_xmit;
+
+       unsigned long avg_rate_update;
+       u32 tx_avg_rate_sum;
+       u32 tx_avg_rate_num;
+
+#ifdef CONFIG_MAC80211_DEBUGFS
+       struct dentry *tx_avg_rate_sum_dentry;
+       struct dentry *tx_avg_rate_num_dentry;
+#endif
+};
+
+
+static void rate_control_simple_tx_status(void *priv, struct net_device *dev,
+                                         struct sk_buff *skb,
+                                         struct ieee80211_tx_status *status)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
+       struct sta_info *sta;
+       struct sta_rate_control *srctrl;
+
+       sta = sta_info_get(local, hdr->addr1);
+
+       if (!sta)
+           return;
+
+       srctrl = sta->rate_ctrl_priv;
+       srctrl->tx_num_xmit++;
+       if (status->excessive_retries) {
+               srctrl->tx_num_failures++;
+               sta->tx_retry_failed++;
+               sta->tx_num_consecutive_failures++;
+               sta->tx_num_mpdu_fail++;
+       } else {
+               sta->last_ack_rssi[0] = sta->last_ack_rssi[1];
+               sta->last_ack_rssi[1] = sta->last_ack_rssi[2];
+               sta->last_ack_rssi[2] = status->ack_signal;
+               sta->tx_num_consecutive_failures = 0;
+               sta->tx_num_mpdu_ok++;
+       }
+       sta->tx_retry_count += status->retry_count;
+       sta->tx_num_mpdu_fail += status->retry_count;
+
+       if (time_after(jiffies,
+                      srctrl->last_rate_change + RATE_CONTROL_INTERVAL) &&
+               srctrl->tx_num_xmit > RATE_CONTROL_MIN_TX) {
+               u32 per_failed;
+               srctrl->last_rate_change = jiffies;
+
+               per_failed = (100 * sta->tx_num_mpdu_fail) /
+                       (sta->tx_num_mpdu_fail + sta->tx_num_mpdu_ok);
+               /* TODO: calculate average per_failed to make adjusting
+                * parameters easier */
+#if 0
+               if (net_ratelimit()) {
+                       printk(KERN_DEBUG "MPDU fail=%d ok=%d per_failed=%d\n",
+                              sta->tx_num_mpdu_fail, sta->tx_num_mpdu_ok,
+                              per_failed);
+               }
+#endif
+
+               /*
+                * XXX: Make these configurable once we have an
+                * interface to the rate control algorithms
+                */
+               if (per_failed > RATE_CONTROL_NUM_DOWN) {
+                       rate_control_rate_dec(local, sta);
+               } else if (per_failed < RATE_CONTROL_NUM_UP) {
+                       rate_control_rate_inc(local, sta);
+               }
+               srctrl->tx_avg_rate_sum += status->control.rate->rate;
+               srctrl->tx_avg_rate_num++;
+               srctrl->tx_num_failures = 0;
+               srctrl->tx_num_xmit = 0;
+       } else if (sta->tx_num_consecutive_failures >=
+                  RATE_CONTROL_EMERG_DEC) {
+               rate_control_rate_dec(local, sta);
+       }
+
+       if (srctrl->avg_rate_update + 60 * HZ < jiffies) {
+               srctrl->avg_rate_update = jiffies;
+               if (srctrl->tx_avg_rate_num > 0) {
+#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
+                       printk(KERN_DEBUG "%s: STA " MAC_FMT " Average rate: "
+                              "%d (%d/%d)\n",
+                              dev->name, MAC_ARG(sta->addr),
+                              srctrl->tx_avg_rate_sum /
+                              srctrl->tx_avg_rate_num,
+                              srctrl->tx_avg_rate_sum,
+                              srctrl->tx_avg_rate_num);
+#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
+                       srctrl->tx_avg_rate_sum = 0;
+                       srctrl->tx_avg_rate_num = 0;
+               }
+       }
+
+       sta_info_put(sta);
+}
+
+
+static struct ieee80211_rate *
+rate_control_simple_get_rate(void *priv, struct net_device *dev,
+                            struct sk_buff *skb,
+                            struct rate_control_extra *extra)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_sub_if_data *sdata;
+       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
+       struct ieee80211_hw_mode *mode = extra->mode;
+       struct sta_info *sta;
+       int rateidx, nonerp_idx;
+       u16 fc;
+
+       memset(extra, 0, sizeof(*extra));
+
+       fc = le16_to_cpu(hdr->frame_control);
+       if ((fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA ||
+           (hdr->addr1[0] & 0x01)) {
+               /* Send management frames and broadcast/multicast data using
+                * lowest rate. */
+               /* TODO: this could probably be improved.. */
+               return rate_control_lowest_rate(local, mode);
+       }
+
+       sta = sta_info_get(local, hdr->addr1);
+
+       if (!sta)
+               return rate_control_lowest_rate(local, mode);
+
+       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       if (sdata->bss && sdata->bss->force_unicast_rateidx > -1)
+               sta->txrate = sdata->bss->force_unicast_rateidx;
+
+       rateidx = sta->txrate;
+
+       if (rateidx >= mode->num_rates)
+               rateidx = mode->num_rates - 1;
+
+       sta->last_txrate = rateidx;
+       nonerp_idx = rateidx;
+       while (nonerp_idx > 0 &&
+              ((mode->rates[nonerp_idx].flags & IEEE80211_RATE_ERP) ||
+               !(mode->rates[nonerp_idx].flags & IEEE80211_RATE_SUPPORTED) ||
+               !(sta->supp_rates & BIT(nonerp_idx))))
+               nonerp_idx--;
+       extra->nonerp = &mode->rates[nonerp_idx];
+
+       sta_info_put(sta);
+
+       return &mode->rates[rateidx];
+}
+
+
+static void rate_control_simple_rate_init(void *priv, void *priv_sta,
+                                         struct ieee80211_local *local,
+                                         struct sta_info *sta)
+{
+       struct ieee80211_hw_mode *mode;
+       int i;
+       sta->txrate = 0;
+       mode = local->oper_hw_mode;
+       /* TODO: This routine should consider using RSSI from previous packets
+        * as we need to have IEEE 802.1X auth succeed immediately after assoc..
+        * Until that method is implemented, we will use the lowest supported rate
+        * as a workaround, */
+       for (i = 0; i < mode->num_rates; i++) {
+               if ((sta->supp_rates & BIT(i)) &&
+                   (mode->rates[i].flags & IEEE80211_RATE_SUPPORTED)) {
+                       sta->txrate = i;
+                       break;
+               }
+       }
+}
+
+
+static void * rate_control_simple_alloc(struct ieee80211_local *local)
+{
+       struct global_rate_control *rctrl;
+
+       rctrl = kzalloc(sizeof(*rctrl), GFP_ATOMIC);
+
+       return rctrl;
+}
+
+
+static void rate_control_simple_free(void *priv)
+{
+       struct global_rate_control *rctrl = priv;
+       kfree(rctrl);
+}
+
+
+static void rate_control_simple_clear(void *priv)
+{
+}
+
+
+static void * rate_control_simple_alloc_sta(void *priv, gfp_t gfp)
+{
+       struct sta_rate_control *rctrl;
+
+       rctrl = kzalloc(sizeof(*rctrl), gfp);
+
+       return rctrl;
+}
+
+
+static void rate_control_simple_free_sta(void *priv, void *priv_sta)
+{
+       struct sta_rate_control *rctrl = priv_sta;
+       kfree(rctrl);
+}
+
+#ifdef CONFIG_MAC80211_DEBUGFS
+
+static int open_file_generic(struct inode *inode, struct file *file)
+{
+       file->private_data = inode->i_private;
+       return 0;
+}
+
+static ssize_t sta_tx_avg_rate_sum_read(struct file *file,
+                                       char __user *userbuf,
+                                       size_t count, loff_t *ppos)
+{
+       struct sta_rate_control *srctrl = file->private_data;
+       char buf[20];
+
+       sprintf(buf, "%d\n", srctrl->tx_avg_rate_sum);
+       return simple_read_from_buffer(userbuf, count, ppos, buf, strlen(buf));
+}
+
+static const struct file_operations sta_tx_avg_rate_sum_ops = {
+       .read = sta_tx_avg_rate_sum_read,
+       .open = open_file_generic,
+};
+
+static ssize_t sta_tx_avg_rate_num_read(struct file *file,
+                                       char __user *userbuf,
+                                       size_t count, loff_t *ppos)
+{
+       struct sta_rate_control *srctrl = file->private_data;
+       char buf[20];
+
+       sprintf(buf, "%d\n", srctrl->tx_avg_rate_num);
+       return simple_read_from_buffer(userbuf, count, ppos, buf, strlen(buf));
+}
+
+static const struct file_operations sta_tx_avg_rate_num_ops = {
+       .read = sta_tx_avg_rate_num_read,
+       .open = open_file_generic,
+};
+
+static void rate_control_simple_add_sta_debugfs(void *priv, void *priv_sta,
+                                               struct dentry *dir)
+{
+       struct sta_rate_control *srctrl = priv_sta;
+
+       srctrl->tx_avg_rate_num_dentry =
+               debugfs_create_file("rc_simple_sta_tx_avg_rate_num", 0400,
+                                   dir, srctrl, &sta_tx_avg_rate_num_ops);
+       srctrl->tx_avg_rate_sum_dentry =
+               debugfs_create_file("rc_simple_sta_tx_avg_rate_sum", 0400,
+                                   dir, srctrl, &sta_tx_avg_rate_sum_ops);
+}
+
+static void rate_control_simple_remove_sta_debugfs(void *priv, void *priv_sta)
+{
+       struct sta_rate_control *srctrl = priv_sta;
+
+       debugfs_remove(srctrl->tx_avg_rate_sum_dentry);
+       debugfs_remove(srctrl->tx_avg_rate_num_dentry);
+}
+#endif
+
+static struct rate_control_ops rate_control_simple = {
+       .module = THIS_MODULE,
+       .name = "simple",
+       .tx_status = rate_control_simple_tx_status,
+       .get_rate = rate_control_simple_get_rate,
+       .rate_init = rate_control_simple_rate_init,
+       .clear = rate_control_simple_clear,
+       .alloc = rate_control_simple_alloc,
+       .free = rate_control_simple_free,
+       .alloc_sta = rate_control_simple_alloc_sta,
+       .free_sta = rate_control_simple_free_sta,
+#ifdef CONFIG_MAC80211_DEBUGFS
+       .add_sta_debugfs = rate_control_simple_add_sta_debugfs,
+       .remove_sta_debugfs = rate_control_simple_remove_sta_debugfs,
+#endif
+};
+
+
+static int __init rate_control_simple_init(void)
+{
+       return ieee80211_rate_control_register(&rate_control_simple);
+}
+
+
+static void __exit rate_control_simple_exit(void)
+{
+       ieee80211_rate_control_unregister(&rate_control_simple);
+}
+
+
+subsys_initcall(rate_control_simple_init);
+module_exit(rate_control_simple_exit);
+
+MODULE_DESCRIPTION("Simple rate control algorithm for ieee80211");
+MODULE_LICENSE("GPL");
 
--- /dev/null
+/*
+ * Copyright 2002-2005, Instant802 Networks, Inc.
+ * Copyright 2005-2006, Devicescape Software, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+/*
+ * This regulatory domain control implementation is known to be incomplete
+ * and confusing. mac80211 regulatory domain control will be significantly
+ * reworked in the not-too-distant future.
+ *
+ * For now, drivers wishing to control which channels are and aren't available
+ * are advised as follows:
+ *  - set the IEEE80211_HW_DEFAULT_REG_DOMAIN_CONFIGURED flag
+ *  - continue to include *ALL* possible channels in the modes registered
+ *    through ieee80211_register_hwmode()
+ *  - for each allowable ieee80211_channel structure registered in the above
+ *    call, set the flag member to some meaningful value such as
+ *    IEEE80211_CHAN_W_SCAN | IEEE80211_CHAN_W_ACTIVE_SCAN |
+ *    IEEE80211_CHAN_W_IBSS.
+ *  - leave flag as 0 for non-allowable channels
+ *
+ * The usual implementation is for a driver to read a device EEPROM to
+ * determine which regulatory domain it should be operating under, then
+ * looking up the allowable channels in a driver-local table, then performing
+ * the above.
+ */
+
+#include <linux/module.h>
+#include <linux/netdevice.h>
+#include <net/mac80211.h>
+#include "ieee80211_i.h"
+
+static int ieee80211_regdom = 0x10; /* FCC */
+module_param(ieee80211_regdom, int, 0444);
+MODULE_PARM_DESC(ieee80211_regdom, "IEEE 802.11 regulatory domain; 64=MKK");
+
+/*
+ * If firmware is upgraded by the vendor, additional channels can be used based
+ * on the new Japanese regulatory rules. This is indicated by setting
+ * ieee80211_japan_5ghz module parameter to one when loading the 80211 kernel
+ * module.
+ */
+static int ieee80211_japan_5ghz /* = 0 */;
+module_param(ieee80211_japan_5ghz, int, 0444);
+MODULE_PARM_DESC(ieee80211_japan_5ghz, "Vendor-updated firmware for 5 GHz");
+
+
+struct ieee80211_channel_range {
+       short start_freq;
+       short end_freq;
+       unsigned char power_level;
+       unsigned char antenna_max;
+};
+
+static const struct ieee80211_channel_range ieee80211_fcc_channels[] = {
+       { 2412, 2462, 27, 6 } /* IEEE 802.11b/g, channels 1..11 */,
+       { 5180, 5240, 17, 6 } /* IEEE 802.11a, channels 36..48 */,
+       { 5260, 5320, 23, 6 } /* IEEE 802.11a, channels 52..64 */,
+       { 5745, 5825, 30, 6 } /* IEEE 802.11a, channels 149..165, outdoor */,
+       { 0 }
+};
+
+static const struct ieee80211_channel_range ieee80211_mkk_channels[] = {
+       { 2412, 2472, 20, 6 } /* IEEE 802.11b/g, channels 1..13 */,
+       { 5170, 5240, 20, 6 } /* IEEE 802.11a, channels 34..48 */,
+       { 5260, 5320, 20, 6 } /* IEEE 802.11a, channels 52..64 */,
+       { 0 }
+};
+
+
+static const struct ieee80211_channel_range *channel_range =
+       ieee80211_fcc_channels;
+
+
+static void ieee80211_unmask_channel(int mode, struct ieee80211_channel *chan)
+{
+       int i;
+
+       chan->flag = 0;
+
+       for (i = 0; channel_range[i].start_freq; i++) {
+               const struct ieee80211_channel_range *r = &channel_range[i];
+               if (r->start_freq <= chan->freq && r->end_freq >= chan->freq) {
+                       if (ieee80211_regdom == 64 && !ieee80211_japan_5ghz &&
+                           chan->freq >= 5260 && chan->freq <= 5320) {
+                               /*
+                                * Skip new channels in Japan since the
+                                * firmware was not marked having been upgraded
+                                * by the vendor.
+                                */
+                               continue;
+                       }
+
+                       if (ieee80211_regdom == 0x10 &&
+                           (chan->freq == 5190 || chan->freq == 5210 ||
+                            chan->freq == 5230)) {
+                                   /* Skip MKK channels when in FCC domain. */
+                                   continue;
+                       }
+
+                       chan->flag |= IEEE80211_CHAN_W_SCAN |
+                               IEEE80211_CHAN_W_ACTIVE_SCAN |
+                               IEEE80211_CHAN_W_IBSS;
+                       chan->power_level = r->power_level;
+                       chan->antenna_max = r->antenna_max;
+
+                       if (ieee80211_regdom == 64 &&
+                           (chan->freq == 5170 || chan->freq == 5190 ||
+                            chan->freq == 5210 || chan->freq == 5230)) {
+                               /*
+                                * New regulatory rules in Japan have backwards
+                                * compatibility with old channels in 5.15-5.25
+                                * GHz band, but the station is not allowed to
+                                * use active scan on these old channels.
+                                */
+                               chan->flag &= ~IEEE80211_CHAN_W_ACTIVE_SCAN;
+                       }
+
+                       if (ieee80211_regdom == 64 &&
+                           (chan->freq == 5260 || chan->freq == 5280 ||
+                            chan->freq == 5300 || chan->freq == 5320)) {
+                               /*
+                                * IBSS is not allowed on 5.25-5.35 GHz band
+                                * due to radar detection requirements.
+                                */
+                               chan->flag &= ~IEEE80211_CHAN_W_IBSS;
+                       }
+
+                       break;
+               }
+       }
+}
+
+
+void ieee80211_set_default_regdomain(struct ieee80211_hw_mode *mode)
+{
+       int c;
+       for (c = 0; c < mode->num_channels; c++)
+               ieee80211_unmask_channel(mode->mode, &mode->channels[c]);
+}
+
+
+void ieee80211_regdomain_init(void)
+{
+       if (ieee80211_regdom == 0x40)
+               channel_range = ieee80211_mkk_channels;
+}
+
 
--- /dev/null
+/*
+ * Copyright 2002-2005, Instant802 Networks, Inc.
+ * Copyright 2005-2006, Devicescape Software, Inc.
+ * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
+ * Copyright 2007      Johannes Berg <johannes@sipsolutions.net>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#include <linux/kernel.h>
+#include <linux/skbuff.h>
+#include <linux/netdevice.h>
+#include <linux/etherdevice.h>
+#include <linux/rcupdate.h>
+#include <net/mac80211.h>
+#include <net/ieee80211_radiotap.h>
+
+#include "ieee80211_i.h"
+#include "ieee80211_led.h"
+#include "wep.h"
+#include "wpa.h"
+#include "tkip.h"
+#include "wme.h"
+
+/*
+ * monitor mode reception
+ *
+ * This function cleans up the SKB, i.e. it removes all the stuff
+ * only useful for monitoring.
+ */
+static struct sk_buff *remove_monitor_info(struct ieee80211_local *local,
+                                          struct sk_buff *skb,
+                                          int rtap_len)
+{
+       skb_pull(skb, rtap_len);
+
+       if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS) {
+               if (likely(skb->len > FCS_LEN))
+                       skb_trim(skb, skb->len - FCS_LEN);
+               else {
+                       /* driver bug */
+                       WARN_ON(1);
+                       dev_kfree_skb(skb);
+                       skb = NULL;
+               }
+       }
+
+       return skb;
+}
+
+static inline int should_drop_frame(struct ieee80211_rx_status *status,
+                                   struct sk_buff *skb,
+                                   int present_fcs_len,
+                                   int radiotap_len)
+{
+       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
+
+       if (status->flag & (RX_FLAG_FAILED_FCS_CRC | RX_FLAG_FAILED_PLCP_CRC))
+               return 1;
+       if (unlikely(skb->len < 16 + present_fcs_len + radiotap_len))
+               return 1;
+       if ((hdr->frame_control & cpu_to_le16(IEEE80211_FCTL_FTYPE)) ==
+                       cpu_to_le16(IEEE80211_FTYPE_CTL))
+               return 1;
+       return 0;
+}
+
+/*
+ * This function copies a received frame to all monitor interfaces and
+ * returns a cleaned-up SKB that no longer includes the FCS nor the
+ * radiotap header the driver might have added.
+ */
+static struct sk_buff *
+ieee80211_rx_monitor(struct ieee80211_local *local, struct sk_buff *origskb,
+                    struct ieee80211_rx_status *status)
+{
+       struct ieee80211_sub_if_data *sdata;
+       struct ieee80211_rate *rate;
+       int needed_headroom = 0;
+       struct ieee80211_rtap_hdr {
+               struct ieee80211_radiotap_header hdr;
+               u8 flags;
+               u8 rate;
+               __le16 chan_freq;
+               __le16 chan_flags;
+               u8 antsignal;
+               u8 padding_for_rxflags;
+               __le16 rx_flags;
+       } __attribute__ ((packed)) *rthdr;
+       struct sk_buff *skb, *skb2;
+       struct net_device *prev_dev = NULL;
+       int present_fcs_len = 0;
+       int rtap_len = 0;
+
+       /*
+        * First, we may need to make a copy of the skb because
+        *  (1) we need to modify it for radiotap (if not present), and
+        *  (2) the other RX handlers will modify the skb we got.
+        *
+        * We don't need to, of course, if we aren't going to return
+        * the SKB because it has a bad FCS/PLCP checksum.
+        */
+       if (status->flag & RX_FLAG_RADIOTAP)
+               rtap_len = ieee80211_get_radiotap_len(origskb->data);
+       else
+               needed_headroom = sizeof(*rthdr);
+
+       if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS)
+               present_fcs_len = FCS_LEN;
+
+       if (!local->monitors) {
+               if (should_drop_frame(status, origskb, present_fcs_len,
+                                     rtap_len)) {
+                       dev_kfree_skb(origskb);
+                       return NULL;
+               }
+
+               return remove_monitor_info(local, origskb, rtap_len);
+       }
+
+       if (should_drop_frame(status, origskb, present_fcs_len, rtap_len)) {
+               /* only need to expand headroom if necessary */
+               skb = origskb;
+               origskb = NULL;
+
+               /*
+                * This shouldn't trigger often because most devices have an
+                * RX header they pull before we get here, and that should
+                * be big enough for our radiotap information. We should
+                * probably export the length to drivers so that we can have
+                * them allocate enough headroom to start with.
+                */
+               if (skb_headroom(skb) < needed_headroom &&
+                   pskb_expand_head(skb, sizeof(*rthdr), 0, GFP_ATOMIC)) {
+                       dev_kfree_skb(skb);
+                       return NULL;
+               }
+       } else {
+               /*
+                * Need to make a copy and possibly remove radiotap header
+                * and FCS from the original.
+                */
+               skb = skb_copy_expand(origskb, needed_headroom, 0, GFP_ATOMIC);
+
+               origskb = remove_monitor_info(local, origskb, rtap_len);
+
+               if (!skb)
+                       return origskb;
+       }
+
+       /* if necessary, prepend radiotap information */
+       if (!(status->flag & RX_FLAG_RADIOTAP)) {
+               rthdr = (void *) skb_push(skb, sizeof(*rthdr));
+               memset(rthdr, 0, sizeof(*rthdr));
+               rthdr->hdr.it_len = cpu_to_le16(sizeof(*rthdr));
+               rthdr->hdr.it_present =
+                       cpu_to_le32((1 << IEEE80211_RADIOTAP_FLAGS) |
+                                   (1 << IEEE80211_RADIOTAP_RATE) |
+                                   (1 << IEEE80211_RADIOTAP_CHANNEL) |
+                                   (1 << IEEE80211_RADIOTAP_DB_ANTSIGNAL) |
+                                   (1 << IEEE80211_RADIOTAP_RX_FLAGS));
+               rthdr->flags = local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS ?
+                              IEEE80211_RADIOTAP_F_FCS : 0;
+
+               /* FIXME: when radiotap gets a 'bad PLCP' flag use it here */
+               rthdr->rx_flags = 0;
+               if (status->flag &
+                   (RX_FLAG_FAILED_FCS_CRC | RX_FLAG_FAILED_PLCP_CRC))
+                       rthdr->rx_flags |=
+                               cpu_to_le16(IEEE80211_RADIOTAP_F_RX_BADFCS);
+
+               rate = ieee80211_get_rate(local, status->phymode,
+                                         status->rate);
+               if (rate)
+                       rthdr->rate = rate->rate / 5;
+
+               rthdr->chan_freq = cpu_to_le16(status->freq);
+
+               if (status->phymode == MODE_IEEE80211A)
+                       rthdr->chan_flags =
+                               cpu_to_le16(IEEE80211_CHAN_OFDM |
+                                           IEEE80211_CHAN_5GHZ);
+               else
+                       rthdr->chan_flags =
+                               cpu_to_le16(IEEE80211_CHAN_DYN |
+                                           IEEE80211_CHAN_2GHZ);
+
+               rthdr->antsignal = status->ssi;
+       }
+
+       skb_set_mac_header(skb, 0);
+       skb->ip_summed = CHECKSUM_UNNECESSARY;
+       skb->pkt_type = PACKET_OTHERHOST;
+       skb->protocol = htons(ETH_P_802_2);
+
+       list_for_each_entry_rcu(sdata, &local->interfaces, list) {
+               if (!netif_running(sdata->dev))
+                       continue;
+
+               if (sdata->type != IEEE80211_IF_TYPE_MNTR)
+                       continue;
+
+               if (prev_dev) {
+                       skb2 = skb_clone(skb, GFP_ATOMIC);
+                       if (skb2) {
+                               skb2->dev = prev_dev;
+                               netif_rx(skb2);
+                       }
+               }
+
+               prev_dev = sdata->dev;
+               sdata->dev->stats.rx_packets++;
+               sdata->dev->stats.rx_bytes += skb->len;
+       }
+
+       if (prev_dev) {
+               skb->dev = prev_dev;
+               netif_rx(skb);
+       } else
+               dev_kfree_skb(skb);
+
+       return origskb;
+}
+
+
+/* pre-rx handlers
+ *
+ * these don't have dev/sdata fields in the rx data
+ * The sta value should also not be used because it may
+ * be NULL even though a STA (in IBSS mode) will be added.
+ */
+
+static ieee80211_txrx_result
+ieee80211_rx_h_parse_qos(struct ieee80211_txrx_data *rx)
+{
+       u8 *data = rx->skb->data;
+       int tid;
+
+       /* does the frame have a qos control field? */
+       if (WLAN_FC_IS_QOS_DATA(rx->fc)) {
+               u8 *qc = data + ieee80211_get_hdrlen(rx->fc) - QOS_CONTROL_LEN;
+               /* frame has qos control */
+               tid = qc[0] & QOS_CONTROL_TID_MASK;
+       } else {
+               if (unlikely((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_MGMT)) {
+                       /* Separate TID for management frames */
+                       tid = NUM_RX_DATA_QUEUES - 1;
+               } else {
+                       /* no qos control present */
+                       tid = 0; /* 802.1d - Best Effort */
+               }
+       }
+
+       I802_DEBUG_INC(rx->local->wme_rx_queue[tid]);
+       /* only a debug counter, sta might not be assigned properly yet */
+       if (rx->sta)
+               I802_DEBUG_INC(rx->sta->wme_rx_queue[tid]);
+
+       rx->u.rx.queue = tid;
+       /* Set skb->priority to 1d tag if highest order bit of TID is not set.
+        * For now, set skb->priority to 0 for other cases. */
+       rx->skb->priority = (tid > 7) ? 0 : tid;
+
+       return TXRX_CONTINUE;
+}
+
+static ieee80211_txrx_result
+ieee80211_rx_h_load_stats(struct ieee80211_txrx_data *rx)
+{
+       struct ieee80211_local *local = rx->local;
+       struct sk_buff *skb = rx->skb;
+       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
+       u32 load = 0, hdrtime;
+       struct ieee80211_rate *rate;
+       struct ieee80211_hw_mode *mode = local->hw.conf.mode;
+       int i;
+
+       /* Estimate total channel use caused by this frame */
+
+       if (unlikely(mode->num_rates < 0))
+               return TXRX_CONTINUE;
+
+       rate = &mode->rates[0];
+       for (i = 0; i < mode->num_rates; i++) {
+               if (mode->rates[i].val == rx->u.rx.status->rate) {
+                       rate = &mode->rates[i];
+                       break;
+               }
+       }
+
+       /* 1 bit at 1 Mbit/s takes 1 usec; in channel_use values,
+        * 1 usec = 1/8 * (1080 / 10) = 13.5 */
+
+       if (mode->mode == MODE_IEEE80211A ||
+           (mode->mode == MODE_IEEE80211G &&
+            rate->flags & IEEE80211_RATE_ERP))
+               hdrtime = CHAN_UTIL_HDR_SHORT;
+       else
+               hdrtime = CHAN_UTIL_HDR_LONG;
+
+       load = hdrtime;
+       if (!is_multicast_ether_addr(hdr->addr1))
+               load += hdrtime;
+
+       load += skb->len * rate->rate_inv;
+
+       /* Divide channel_use by 8 to avoid wrapping around the counter */
+       load >>= CHAN_UTIL_SHIFT;
+       local->channel_use_raw += load;
+       rx->u.rx.load = load;
+
+       return TXRX_CONTINUE;
+}
+
+ieee80211_rx_handler ieee80211_rx_pre_handlers[] =
+{
+       ieee80211_rx_h_parse_qos,
+       ieee80211_rx_h_load_stats,
+       NULL
+};
+
+/* rx handlers */
+
+static ieee80211_txrx_result
+ieee80211_rx_h_if_stats(struct ieee80211_txrx_data *rx)
+{
+       if (rx->sta)
+               rx->sta->channel_use_raw += rx->u.rx.load;
+       rx->sdata->channel_use_raw += rx->u.rx.load;
+       return TXRX_CONTINUE;
+}
+
+static ieee80211_txrx_result
+ieee80211_rx_h_passive_scan(struct ieee80211_txrx_data *rx)
+{
+       struct ieee80211_local *local = rx->local;
+       struct sk_buff *skb = rx->skb;
+
+       if (unlikely(local->sta_scanning != 0)) {
+               ieee80211_sta_rx_scan(rx->dev, skb, rx->u.rx.status);
+               return TXRX_QUEUED;
+       }
+
+       if (unlikely(rx->flags & IEEE80211_TXRXD_RXIN_SCAN)) {
+               /* scanning finished during invoking of handlers */
+               I802_DEBUG_INC(local->rx_handlers_drop_passive_scan);
+               return TXRX_DROP;
+       }
+
+       return TXRX_CONTINUE;
+}
+
+static ieee80211_txrx_result
+ieee80211_rx_h_check(struct ieee80211_txrx_data *rx)
+{
+       struct ieee80211_hdr *hdr;
+       hdr = (struct ieee80211_hdr *) rx->skb->data;
+
+       /* Drop duplicate 802.11 retransmissions (IEEE 802.11 Chap. 9.2.9) */
+       if (rx->sta && !is_multicast_ether_addr(hdr->addr1)) {
+               if (unlikely(rx->fc & IEEE80211_FCTL_RETRY &&
+                            rx->sta->last_seq_ctrl[rx->u.rx.queue] ==
+                            hdr->seq_ctrl)) {
+                       if (rx->flags & IEEE80211_TXRXD_RXRA_MATCH) {
+                               rx->local->dot11FrameDuplicateCount++;
+                               rx->sta->num_duplicates++;
+                       }
+                       return TXRX_DROP;
+               } else
+                       rx->sta->last_seq_ctrl[rx->u.rx.queue] = hdr->seq_ctrl;
+       }
+
+       if (unlikely(rx->skb->len < 16)) {
+               I802_DEBUG_INC(rx->local->rx_handlers_drop_short);
+               return TXRX_DROP;
+       }
+
+       if (!(rx->flags & IEEE80211_TXRXD_RXRA_MATCH))
+               rx->skb->pkt_type = PACKET_OTHERHOST;
+       else if (compare_ether_addr(rx->dev->dev_addr, hdr->addr1) == 0)
+               rx->skb->pkt_type = PACKET_HOST;
+       else if (is_multicast_ether_addr(hdr->addr1)) {
+               if (is_broadcast_ether_addr(hdr->addr1))
+                       rx->skb->pkt_type = PACKET_BROADCAST;
+               else
+                       rx->skb->pkt_type = PACKET_MULTICAST;
+       } else
+               rx->skb->pkt_type = PACKET_OTHERHOST;
+
+       /* Drop disallowed frame classes based on STA auth/assoc state;
+        * IEEE 802.11, Chap 5.5.
+        *
+        * 80211.o does filtering only based on association state, i.e., it
+        * drops Class 3 frames from not associated stations. hostapd sends
+        * deauth/disassoc frames when needed. In addition, hostapd is
+        * responsible for filtering on both auth and assoc states.
+        */
+       if (unlikely(((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA ||
+                     ((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_CTL &&
+                      (rx->fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_PSPOLL)) &&
+                    rx->sdata->type != IEEE80211_IF_TYPE_IBSS &&
+                    (!rx->sta || !(rx->sta->flags & WLAN_STA_ASSOC)))) {
+               if ((!(rx->fc & IEEE80211_FCTL_FROMDS) &&
+                    !(rx->fc & IEEE80211_FCTL_TODS) &&
+                    (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA)
+                   || !(rx->flags & IEEE80211_TXRXD_RXRA_MATCH)) {
+                       /* Drop IBSS frames and frames for other hosts
+                        * silently. */
+                       return TXRX_DROP;
+               }
+
+               return TXRX_DROP;
+       }
+
+       return TXRX_CONTINUE;
+}
+
+
+static ieee80211_txrx_result
+ieee80211_rx_h_decrypt(struct ieee80211_txrx_data *rx)
+{
+       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
+       int keyidx;
+       int hdrlen;
+       ieee80211_txrx_result result = TXRX_DROP;
+       struct ieee80211_key *stakey = NULL;
+
+       /*
+        * Key selection 101
+        *
+        * There are three types of keys:
+        *  - GTK (group keys)
+        *  - PTK (pairwise keys)
+        *  - STK (station-to-station pairwise keys)
+        *
+        * When selecting a key, we have to distinguish between multicast
+        * (including broadcast) and unicast frames, the latter can only
+        * use PTKs and STKs while the former always use GTKs. Unless, of
+        * course, actual WEP keys ("pre-RSNA") are used, then unicast
+        * frames can also use key indizes like GTKs. Hence, if we don't
+        * have a PTK/STK we check the key index for a WEP key.
+        *
+        * Note that in a regular BSS, multicast frames are sent by the
+        * AP only, associated stations unicast the frame to the AP first
+        * which then multicasts it on their behalf.
+        *
+        * There is also a slight problem in IBSS mode: GTKs are negotiated
+        * with each station, that is something we don't currently handle.
+        * The spec seems to expect that one negotiates the same key with
+        * every station but there's no such requirement; VLANs could be
+        * possible.
+        */
+
+       if (!(rx->fc & IEEE80211_FCTL_PROTECTED))
+               return TXRX_CONTINUE;
+
+       /*
+        * No point in finding a key and decrypting if the frame is neither
+        * addressed to us nor a multicast frame.
+        */
+       if (!(rx->flags & IEEE80211_TXRXD_RXRA_MATCH))
+               return TXRX_CONTINUE;
+
+       if (rx->sta)
+               stakey = rcu_dereference(rx->sta->key);
+
+       if (!is_multicast_ether_addr(hdr->addr1) && stakey) {
+               rx->key = stakey;
+       } else {
+               /*
+                * The device doesn't give us the IV so we won't be
+                * able to look up the key. That's ok though, we
+                * don't need to decrypt the frame, we just won't
+                * be able to keep statistics accurate.
+                * Except for key threshold notifications, should
+                * we somehow allow the driver to tell us which key
+                * the hardware used if this flag is set?
+                */
+               if ((rx->u.rx.status->flag & RX_FLAG_DECRYPTED) &&
+                   (rx->u.rx.status->flag & RX_FLAG_IV_STRIPPED))
+                       return TXRX_CONTINUE;
+
+               hdrlen = ieee80211_get_hdrlen(rx->fc);
+
+               if (rx->skb->len < 8 + hdrlen)
+                       return TXRX_DROP; /* TODO: count this? */
+
+               /*
+                * no need to call ieee80211_wep_get_keyidx,
+                * it verifies a bunch of things we've done already
+                */
+               keyidx = rx->skb->data[hdrlen + 3] >> 6;
+
+               rx->key = rcu_dereference(rx->sdata->keys[keyidx]);
+
+               /*
+                * RSNA-protected unicast frames should always be sent with
+                * pairwise or station-to-station keys, but for WEP we allow
+                * using a key index as well.
+                */
+               if (rx->key && rx->key->conf.alg != ALG_WEP &&
+                   !is_multicast_ether_addr(hdr->addr1))
+                       rx->key = NULL;
+       }
+
+       if (rx->key) {
+               rx->key->tx_rx_count++;
+               /* TODO: add threshold stuff again */
+       } else {
+               if (net_ratelimit())
+                       printk(KERN_DEBUG "%s: RX protected frame,"
+                              " but have no key\n", rx->dev->name);
+               return TXRX_DROP;
+       }
+
+       /* Check for weak IVs if possible */
+       if (rx->sta && rx->key->conf.alg == ALG_WEP &&
+           ((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA) &&
+           (!(rx->u.rx.status->flag & RX_FLAG_IV_STRIPPED) ||
+            !(rx->u.rx.status->flag & RX_FLAG_DECRYPTED)) &&
+           ieee80211_wep_is_weak_iv(rx->skb, rx->key))
+               rx->sta->wep_weak_iv_count++;
+
+       switch (rx->key->conf.alg) {
+       case ALG_WEP:
+               result = ieee80211_crypto_wep_decrypt(rx);
+               break;
+       case ALG_TKIP:
+               result = ieee80211_crypto_tkip_decrypt(rx);
+               break;
+       case ALG_CCMP:
+               result = ieee80211_crypto_ccmp_decrypt(rx);
+               break;
+       }
+
+       /* either the frame has been decrypted or will be dropped */
+       rx->u.rx.status->flag |= RX_FLAG_DECRYPTED;
+
+       return result;
+}
+
+static void ap_sta_ps_start(struct net_device *dev, struct sta_info *sta)
+{
+       struct ieee80211_sub_if_data *sdata;
+       sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev);
+
+       if (sdata->bss)
+               atomic_inc(&sdata->bss->num_sta_ps);
+       sta->flags |= WLAN_STA_PS;
+       sta->pspoll = 0;
+#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
+       printk(KERN_DEBUG "%s: STA " MAC_FMT " aid %d enters power "
+              "save mode\n", dev->name, MAC_ARG(sta->addr), sta->aid);
+#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
+}
+
+static int ap_sta_ps_end(struct net_device *dev, struct sta_info *sta)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct sk_buff *skb;
+       int sent = 0;
+       struct ieee80211_sub_if_data *sdata;
+       struct ieee80211_tx_packet_data *pkt_data;
+
+       sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev);
+       if (sdata->bss)
+               atomic_dec(&sdata->bss->num_sta_ps);
+       sta->flags &= ~(WLAN_STA_PS | WLAN_STA_TIM);
+       sta->pspoll = 0;
+       if (!skb_queue_empty(&sta->ps_tx_buf)) {
+               if (local->ops->set_tim)
+                       local->ops->set_tim(local_to_hw(local), sta->aid, 0);
+               if (sdata->bss)
+                       bss_tim_clear(local, sdata->bss, sta->aid);
+       }
+#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
+       printk(KERN_DEBUG "%s: STA " MAC_FMT " aid %d exits power "
+              "save mode\n", dev->name, MAC_ARG(sta->addr), sta->aid);
+#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
+       /* Send all buffered frames to the station */
+       while ((skb = skb_dequeue(&sta->tx_filtered)) != NULL) {
+               pkt_data = (struct ieee80211_tx_packet_data *) skb->cb;
+               sent++;
+               pkt_data->flags |= IEEE80211_TXPD_REQUEUE;
+               dev_queue_xmit(skb);
+       }
+       while ((skb = skb_dequeue(&sta->ps_tx_buf)) != NULL) {
+               pkt_data = (struct ieee80211_tx_packet_data *) skb->cb;
+               local->total_ps_buffered--;
+               sent++;
+#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
+               printk(KERN_DEBUG "%s: STA " MAC_FMT " aid %d send PS frame "
+                      "since STA not sleeping anymore\n", dev->name,
+                      MAC_ARG(sta->addr), sta->aid);
+#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
+               pkt_data->flags |= IEEE80211_TXPD_REQUEUE;
+               dev_queue_xmit(skb);
+       }
+
+       return sent;
+}
+
+static ieee80211_txrx_result
+ieee80211_rx_h_sta_process(struct ieee80211_txrx_data *rx)
+{
+       struct sta_info *sta = rx->sta;
+       struct net_device *dev = rx->dev;
+       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
+
+       if (!sta)
+               return TXRX_CONTINUE;
+
+       /* Update last_rx only for IBSS packets which are for the current
+        * BSSID to avoid keeping the current IBSS network alive in cases where
+        * other STAs are using different BSSID. */
+       if (rx->sdata->type == IEEE80211_IF_TYPE_IBSS) {
+               u8 *bssid = ieee80211_get_bssid(hdr, rx->skb->len);
+               if (compare_ether_addr(bssid, rx->sdata->u.sta.bssid) == 0)
+                       sta->last_rx = jiffies;
+       } else
+       if (!is_multicast_ether_addr(hdr->addr1) ||
+           rx->sdata->type == IEEE80211_IF_TYPE_STA) {
+               /* Update last_rx only for unicast frames in order to prevent
+                * the Probe Request frames (the only broadcast frames from a
+                * STA in infrastructure mode) from keeping a connection alive.
+                */
+               sta->last_rx = jiffies;
+       }
+
+       if (!(rx->flags & IEEE80211_TXRXD_RXRA_MATCH))
+               return TXRX_CONTINUE;
+
+       sta->rx_fragments++;
+       sta->rx_bytes += rx->skb->len;
+       sta->last_rssi = rx->u.rx.status->ssi;
+       sta->last_signal = rx->u.rx.status->signal;
+       sta->last_noise = rx->u.rx.status->noise;
+
+       if (!(rx->fc & IEEE80211_FCTL_MOREFRAGS)) {
+               /* Change STA power saving mode only in the end of a frame
+                * exchange sequence */
+               if ((sta->flags & WLAN_STA_PS) && !(rx->fc & IEEE80211_FCTL_PM))
+                       rx->u.rx.sent_ps_buffered += ap_sta_ps_end(dev, sta);
+               else if (!(sta->flags & WLAN_STA_PS) &&
+                        (rx->fc & IEEE80211_FCTL_PM))
+                       ap_sta_ps_start(dev, sta);
+       }
+
+       /* Drop data::nullfunc frames silently, since they are used only to
+        * control station power saving mode. */
+       if ((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
+           (rx->fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_NULLFUNC) {
+               I802_DEBUG_INC(rx->local->rx_handlers_drop_nullfunc);
+               /* Update counter and free packet here to avoid counting this
+                * as a dropped packed. */
+               sta->rx_packets++;
+               dev_kfree_skb(rx->skb);
+               return TXRX_QUEUED;
+       }
+
+       return TXRX_CONTINUE;
+} /* ieee80211_rx_h_sta_process */
+
+static inline struct ieee80211_fragment_entry *
+ieee80211_reassemble_add(struct ieee80211_sub_if_data *sdata,
+                        unsigned int frag, unsigned int seq, int rx_queue,
+                        struct sk_buff **skb)
+{
+       struct ieee80211_fragment_entry *entry;
+       int idx;
+
+       idx = sdata->fragment_next;
+       entry = &sdata->fragments[sdata->fragment_next++];
+       if (sdata->fragment_next >= IEEE80211_FRAGMENT_MAX)
+               sdata->fragment_next = 0;
+
+       if (!skb_queue_empty(&entry->skb_list)) {
+#ifdef CONFIG_MAC80211_DEBUG
+               struct ieee80211_hdr *hdr =
+                       (struct ieee80211_hdr *) entry->skb_list.next->data;
+               printk(KERN_DEBUG "%s: RX reassembly removed oldest "
+                      "fragment entry (idx=%d age=%lu seq=%d last_frag=%d "
+                      "addr1=" MAC_FMT " addr2=" MAC_FMT "\n",
+                      sdata->dev->name, idx,
+                      jiffies - entry->first_frag_time, entry->seq,
+                      entry->last_frag, MAC_ARG(hdr->addr1),
+                      MAC_ARG(hdr->addr2));
+#endif /* CONFIG_MAC80211_DEBUG */
+               __skb_queue_purge(&entry->skb_list);
+       }
+
+       __skb_queue_tail(&entry->skb_list, *skb); /* no need for locking */
+       *skb = NULL;
+       entry->first_frag_time = jiffies;
+       entry->seq = seq;
+       entry->rx_queue = rx_queue;
+       entry->last_frag = frag;
+       entry->ccmp = 0;
+       entry->extra_len = 0;
+
+       return entry;
+}
+
+static inline struct ieee80211_fragment_entry *
+ieee80211_reassemble_find(struct ieee80211_sub_if_data *sdata,
+                         u16 fc, unsigned int frag, unsigned int seq,
+                         int rx_queue, struct ieee80211_hdr *hdr)
+{
+       struct ieee80211_fragment_entry *entry;
+       int i, idx;
+
+       idx = sdata->fragment_next;
+       for (i = 0; i < IEEE80211_FRAGMENT_MAX; i++) {
+               struct ieee80211_hdr *f_hdr;
+               u16 f_fc;
+
+               idx--;
+               if (idx < 0)
+                       idx = IEEE80211_FRAGMENT_MAX - 1;
+
+               entry = &sdata->fragments[idx];
+               if (skb_queue_empty(&entry->skb_list) || entry->seq != seq ||
+                   entry->rx_queue != rx_queue ||
+                   entry->last_frag + 1 != frag)
+                       continue;
+
+               f_hdr = (struct ieee80211_hdr *) entry->skb_list.next->data;
+               f_fc = le16_to_cpu(f_hdr->frame_control);
+
+               if ((fc & IEEE80211_FCTL_FTYPE) != (f_fc & IEEE80211_FCTL_FTYPE) ||
+                   compare_ether_addr(hdr->addr1, f_hdr->addr1) != 0 ||
+                   compare_ether_addr(hdr->addr2, f_hdr->addr2) != 0)
+                       continue;
+
+               if (entry->first_frag_time + 2 * HZ < jiffies) {
+                       __skb_queue_purge(&entry->skb_list);
+                       continue;
+               }
+               return entry;
+       }
+
+       return NULL;
+}
+
+static ieee80211_txrx_result
+ieee80211_rx_h_defragment(struct ieee80211_txrx_data *rx)
+{
+       struct ieee80211_hdr *hdr;
+       u16 sc;
+       unsigned int frag, seq;
+       struct ieee80211_fragment_entry *entry;
+       struct sk_buff *skb;
+
+       hdr = (struct ieee80211_hdr *) rx->skb->data;
+       sc = le16_to_cpu(hdr->seq_ctrl);
+       frag = sc & IEEE80211_SCTL_FRAG;
+
+       if (likely((!(rx->fc & IEEE80211_FCTL_MOREFRAGS) && frag == 0) ||
+                  (rx->skb)->len < 24 ||
+                  is_multicast_ether_addr(hdr->addr1))) {
+               /* not fragmented */
+               goto out;
+       }
+       I802_DEBUG_INC(rx->local->rx_handlers_fragments);
+
+       seq = (sc & IEEE80211_SCTL_SEQ) >> 4;
+
+       if (frag == 0) {
+               /* This is the first fragment of a new frame. */
+               entry = ieee80211_reassemble_add(rx->sdata, frag, seq,
+                                                rx->u.rx.queue, &(rx->skb));
+               if (rx->key && rx->key->conf.alg == ALG_CCMP &&
+                   (rx->fc & IEEE80211_FCTL_PROTECTED)) {
+                       /* Store CCMP PN so that we can verify that the next
+                        * fragment has a sequential PN value. */
+                       entry->ccmp = 1;
+                       memcpy(entry->last_pn,
+                              rx->key->u.ccmp.rx_pn[rx->u.rx.queue],
+                              CCMP_PN_LEN);
+               }
+               return TXRX_QUEUED;
+       }
+
+       /* This is a fragment for a frame that should already be pending in
+        * fragment cache. Add this fragment to the end of the pending entry.
+        */
+       entry = ieee80211_reassemble_find(rx->sdata, rx->fc, frag, seq,
+                                         rx->u.rx.queue, hdr);
+       if (!entry) {
+               I802_DEBUG_INC(rx->local->rx_handlers_drop_defrag);
+               return TXRX_DROP;
+       }
+
+       /* Verify that MPDUs within one MSDU have sequential PN values.
+        * (IEEE 802.11i, 8.3.3.4.5) */
+       if (entry->ccmp) {
+               int i;
+               u8 pn[CCMP_PN_LEN], *rpn;
+               if (!rx->key || rx->key->conf.alg != ALG_CCMP)
+                       return TXRX_DROP;
+               memcpy(pn, entry->last_pn, CCMP_PN_LEN);
+               for (i = CCMP_PN_LEN - 1; i >= 0; i--) {
+                       pn[i]++;
+                       if (pn[i])
+                               break;
+               }
+               rpn = rx->key->u.ccmp.rx_pn[rx->u.rx.queue];
+               if (memcmp(pn, rpn, CCMP_PN_LEN) != 0) {
+                       if (net_ratelimit())
+                               printk(KERN_DEBUG "%s: defrag: CCMP PN not "
+                                      "sequential A2=" MAC_FMT
+                                      " PN=%02x%02x%02x%02x%02x%02x "
+                                      "(expected %02x%02x%02x%02x%02x%02x)\n",
+                                      rx->dev->name, MAC_ARG(hdr->addr2),
+                                      rpn[0], rpn[1], rpn[2], rpn[3], rpn[4],
+                                      rpn[5], pn[0], pn[1], pn[2], pn[3],
+                                      pn[4], pn[5]);
+                       return TXRX_DROP;
+               }
+               memcpy(entry->last_pn, pn, CCMP_PN_LEN);
+       }
+
+       skb_pull(rx->skb, ieee80211_get_hdrlen(rx->fc));
+       __skb_queue_tail(&entry->skb_list, rx->skb);
+       entry->last_frag = frag;
+       entry->extra_len += rx->skb->len;
+       if (rx->fc & IEEE80211_FCTL_MOREFRAGS) {
+               rx->skb = NULL;
+               return TXRX_QUEUED;
+       }
+
+       rx->skb = __skb_dequeue(&entry->skb_list);
+       if (skb_tailroom(rx->skb) < entry->extra_len) {
+               I802_DEBUG_INC(rx->local->rx_expand_skb_head2);
+               if (unlikely(pskb_expand_head(rx->skb, 0, entry->extra_len,
+                                             GFP_ATOMIC))) {
+                       I802_DEBUG_INC(rx->local->rx_handlers_drop_defrag);
+                       __skb_queue_purge(&entry->skb_list);
+                       return TXRX_DROP;
+               }
+       }
+       while ((skb = __skb_dequeue(&entry->skb_list))) {
+               memcpy(skb_put(rx->skb, skb->len), skb->data, skb->len);
+               dev_kfree_skb(skb);
+       }
+
+       /* Complete frame has been reassembled - process it now */
+       rx->flags |= IEEE80211_TXRXD_FRAGMENTED;
+
+ out:
+       if (rx->sta)
+               rx->sta->rx_packets++;
+       if (is_multicast_ether_addr(hdr->addr1))
+               rx->local->dot11MulticastReceivedFrameCount++;
+       else
+               ieee80211_led_rx(rx->local);
+       return TXRX_CONTINUE;
+}
+
+static ieee80211_txrx_result
+ieee80211_rx_h_ps_poll(struct ieee80211_txrx_data *rx)
+{
+       struct sk_buff *skb;
+       int no_pending_pkts;
+
+       if (likely(!rx->sta ||
+                  (rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_CTL ||
+                  (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_PSPOLL ||
+                  !(rx->flags & IEEE80211_TXRXD_RXRA_MATCH)))
+               return TXRX_CONTINUE;
+
+       skb = skb_dequeue(&rx->sta->tx_filtered);
+       if (!skb) {
+               skb = skb_dequeue(&rx->sta->ps_tx_buf);
+               if (skb)
+                       rx->local->total_ps_buffered--;
+       }
+       no_pending_pkts = skb_queue_empty(&rx->sta->tx_filtered) &&
+               skb_queue_empty(&rx->sta->ps_tx_buf);
+
+       if (skb) {
+               struct ieee80211_hdr *hdr =
+                       (struct ieee80211_hdr *) skb->data;
+
+               /* tell TX path to send one frame even though the STA may
+                * still remain is PS mode after this frame exchange */
+               rx->sta->pspoll = 1;
+
+#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
+               printk(KERN_DEBUG "STA " MAC_FMT " aid %d: PS Poll (entries "
+                      "after %d)\n",
+                      MAC_ARG(rx->sta->addr), rx->sta->aid,
+                      skb_queue_len(&rx->sta->ps_tx_buf));
+#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
+
+               /* Use MoreData flag to indicate whether there are more
+                * buffered frames for this STA */
+               if (no_pending_pkts) {
+                       hdr->frame_control &= cpu_to_le16(~IEEE80211_FCTL_MOREDATA);
+                       rx->sta->flags &= ~WLAN_STA_TIM;
+               } else
+                       hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_MOREDATA);
+
+               dev_queue_xmit(skb);
+
+               if (no_pending_pkts) {
+                       if (rx->local->ops->set_tim)
+                               rx->local->ops->set_tim(local_to_hw(rx->local),
+                                                      rx->sta->aid, 0);
+                       if (rx->sdata->bss)
+                               bss_tim_clear(rx->local, rx->sdata->bss, rx->sta->aid);
+               }
+#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
+       } else if (!rx->u.rx.sent_ps_buffered) {
+               printk(KERN_DEBUG "%s: STA " MAC_FMT " sent PS Poll even "
+                      "though there is no buffered frames for it\n",
+                      rx->dev->name, MAC_ARG(rx->sta->addr));
+#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
+
+       }
+
+       /* Free PS Poll skb here instead of returning TXRX_DROP that would
+        * count as an dropped frame. */
+       dev_kfree_skb(rx->skb);
+
+       return TXRX_QUEUED;
+}
+
+static ieee80211_txrx_result
+ieee80211_rx_h_remove_qos_control(struct ieee80211_txrx_data *rx)
+{
+       u16 fc = rx->fc;
+       u8 *data = rx->skb->data;
+       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) data;
+
+       if (!WLAN_FC_IS_QOS_DATA(fc))
+               return TXRX_CONTINUE;
+
+       /* remove the qos control field, update frame type and meta-data */
+       memmove(data + 2, data, ieee80211_get_hdrlen(fc) - 2);
+       hdr = (struct ieee80211_hdr *) skb_pull(rx->skb, 2);
+       /* change frame type to non QOS */
+       rx->fc = fc &= ~IEEE80211_STYPE_QOS_DATA;
+       hdr->frame_control = cpu_to_le16(fc);
+
+       return TXRX_CONTINUE;
+}
+
+static ieee80211_txrx_result
+ieee80211_rx_h_802_1x_pae(struct ieee80211_txrx_data *rx)
+{
+       if (rx->sdata->eapol && ieee80211_is_eapol(rx->skb) &&
+           rx->sdata->type != IEEE80211_IF_TYPE_STA &&
+           (rx->flags & IEEE80211_TXRXD_RXRA_MATCH))
+               return TXRX_CONTINUE;
+
+       if (unlikely(rx->sdata->ieee802_1x &&
+                    (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
+                    (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_NULLFUNC &&
+                    (!rx->sta || !(rx->sta->flags & WLAN_STA_AUTHORIZED)) &&
+                    !ieee80211_is_eapol(rx->skb))) {
+#ifdef CONFIG_MAC80211_DEBUG
+               struct ieee80211_hdr *hdr =
+                       (struct ieee80211_hdr *) rx->skb->data;
+               printk(KERN_DEBUG "%s: dropped frame from " MAC_FMT
+                      " (unauthorized port)\n", rx->dev->name,
+                      MAC_ARG(hdr->addr2));
+#endif /* CONFIG_MAC80211_DEBUG */
+               return TXRX_DROP;
+       }
+
+       return TXRX_CONTINUE;
+}
+
+static ieee80211_txrx_result
+ieee80211_rx_h_drop_unencrypted(struct ieee80211_txrx_data *rx)
+{
+       /*
+        * Pass through unencrypted frames if the hardware has
+        * decrypted them already.
+        */
+       if (rx->u.rx.status->flag & RX_FLAG_DECRYPTED)
+               return TXRX_CONTINUE;
+
+       /* Drop unencrypted frames if key is set. */
+       if (unlikely(!(rx->fc & IEEE80211_FCTL_PROTECTED) &&
+                    (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
+                    (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_NULLFUNC &&
+                    rx->sdata->drop_unencrypted &&
+                    (rx->sdata->eapol == 0 || !ieee80211_is_eapol(rx->skb)))) {
+               if (net_ratelimit())
+                       printk(KERN_DEBUG "%s: RX non-WEP frame, but expected "
+                              "encryption\n", rx->dev->name);
+               return TXRX_DROP;
+       }
+       return TXRX_CONTINUE;
+}
+
+static ieee80211_txrx_result
+ieee80211_rx_h_data(struct ieee80211_txrx_data *rx)
+{
+       struct net_device *dev = rx->dev;
+       struct ieee80211_local *local = rx->local;
+       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
+       u16 fc, hdrlen, ethertype;
+       u8 *payload;
+       u8 dst[ETH_ALEN];
+       u8 src[ETH_ALEN];
+       struct sk_buff *skb = rx->skb, *skb2;
+       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+
+       fc = rx->fc;
+       if (unlikely((fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA))
+               return TXRX_CONTINUE;
+
+       if (unlikely(!WLAN_FC_DATA_PRESENT(fc)))
+               return TXRX_DROP;
+
+       hdrlen = ieee80211_get_hdrlen(fc);
+
+       /* convert IEEE 802.11 header + possible LLC headers into Ethernet
+        * header
+        * IEEE 802.11 address fields:
+        * ToDS FromDS Addr1 Addr2 Addr3 Addr4
+        *   0     0   DA    SA    BSSID n/a
+        *   0     1   DA    BSSID SA    n/a
+        *   1     0   BSSID SA    DA    n/a
+        *   1     1   RA    TA    DA    SA
+        */
+
+       switch (fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) {
+       case IEEE80211_FCTL_TODS:
+               /* BSSID SA DA */
+               memcpy(dst, hdr->addr3, ETH_ALEN);
+               memcpy(src, hdr->addr2, ETH_ALEN);
+
+               if (unlikely(sdata->type != IEEE80211_IF_TYPE_AP &&
+                            sdata->type != IEEE80211_IF_TYPE_VLAN)) {
+                       if (net_ratelimit())
+                               printk(KERN_DEBUG "%s: dropped ToDS frame "
+                                      "(BSSID=" MAC_FMT
+                                      " SA=" MAC_FMT
+                                      " DA=" MAC_FMT ")\n",
+                                      dev->name,
+                                      MAC_ARG(hdr->addr1),
+                                      MAC_ARG(hdr->addr2),
+                                      MAC_ARG(hdr->addr3));
+                       return TXRX_DROP;
+               }
+               break;
+       case (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS):
+               /* RA TA DA SA */
+               memcpy(dst, hdr->addr3, ETH_ALEN);
+               memcpy(src, hdr->addr4, ETH_ALEN);
+
+               if (unlikely(sdata->type != IEEE80211_IF_TYPE_WDS)) {
+                       if (net_ratelimit())
+                               printk(KERN_DEBUG "%s: dropped FromDS&ToDS "
+                                      "frame (RA=" MAC_FMT
+                                      " TA=" MAC_FMT " DA=" MAC_FMT
+                                      " SA=" MAC_FMT ")\n",
+                                      rx->dev->name,
+                                      MAC_ARG(hdr->addr1),
+                                      MAC_ARG(hdr->addr2),
+                                      MAC_ARG(hdr->addr3),
+                                      MAC_ARG(hdr->addr4));
+                       return TXRX_DROP;
+               }
+               break;
+       case IEEE80211_FCTL_FROMDS:
+               /* DA BSSID SA */
+               memcpy(dst, hdr->addr1, ETH_ALEN);
+               memcpy(src, hdr->addr3, ETH_ALEN);
+
+               if (sdata->type != IEEE80211_IF_TYPE_STA ||
+                   (is_multicast_ether_addr(dst) &&
+                    !compare_ether_addr(src, dev->dev_addr)))
+                       return TXRX_DROP;
+               break;
+       case 0:
+               /* DA SA BSSID */
+               memcpy(dst, hdr->addr1, ETH_ALEN);
+               memcpy(src, hdr->addr2, ETH_ALEN);
+
+               if (sdata->type != IEEE80211_IF_TYPE_IBSS) {
+                       if (net_ratelimit()) {
+                               printk(KERN_DEBUG "%s: dropped IBSS frame (DA="
+                                      MAC_FMT " SA=" MAC_FMT " BSSID=" MAC_FMT
+                                      ")\n",
+                                      dev->name, MAC_ARG(hdr->addr1),
+                                      MAC_ARG(hdr->addr2),
+                                      MAC_ARG(hdr->addr3));
+                       }
+                       return TXRX_DROP;
+               }
+               break;
+       }
+
+       payload = skb->data + hdrlen;
+
+       if (unlikely(skb->len - hdrlen < 8)) {
+               if (net_ratelimit()) {
+                       printk(KERN_DEBUG "%s: RX too short data frame "
+                              "payload\n", dev->name);
+               }
+               return TXRX_DROP;
+       }
+
+       ethertype = (payload[6] << 8) | payload[7];
+
+       if (likely((compare_ether_addr(payload, rfc1042_header) == 0 &&
+                   ethertype != ETH_P_AARP && ethertype != ETH_P_IPX) ||
+                  compare_ether_addr(payload, bridge_tunnel_header) == 0)) {
+               /* remove RFC1042 or Bridge-Tunnel encapsulation and
+                * replace EtherType */
+               skb_pull(skb, hdrlen + 6);
+               memcpy(skb_push(skb, ETH_ALEN), src, ETH_ALEN);
+               memcpy(skb_push(skb, ETH_ALEN), dst, ETH_ALEN);
+       } else {
+               struct ethhdr *ehdr;
+               __be16 len;
+               skb_pull(skb, hdrlen);
+               len = htons(skb->len);
+               ehdr = (struct ethhdr *) skb_push(skb, sizeof(struct ethhdr));
+               memcpy(ehdr->h_dest, dst, ETH_ALEN);
+               memcpy(ehdr->h_source, src, ETH_ALEN);
+               ehdr->h_proto = len;
+       }
+       skb->dev = dev;
+
+       skb2 = NULL;
+
+       dev->stats.rx_packets++;
+       dev->stats.rx_bytes += skb->len;
+
+       if (local->bridge_packets && (sdata->type == IEEE80211_IF_TYPE_AP
+           || sdata->type == IEEE80211_IF_TYPE_VLAN) &&
+           (rx->flags & IEEE80211_TXRXD_RXRA_MATCH)) {
+               if (is_multicast_ether_addr(skb->data)) {
+                       /* send multicast frames both to higher layers in
+                        * local net stack and back to the wireless media */
+                       skb2 = skb_copy(skb, GFP_ATOMIC);
+                       if (!skb2 && net_ratelimit())
+                               printk(KERN_DEBUG "%s: failed to clone "
+                                      "multicast frame\n", dev->name);
+               } else {
+                       struct sta_info *dsta;
+                       dsta = sta_info_get(local, skb->data);
+                       if (dsta && !dsta->dev) {
+                               if (net_ratelimit())
+                                       printk(KERN_DEBUG "Station with null "
+                                              "dev structure!\n");
+                       } else if (dsta && dsta->dev == dev) {
+                               /* Destination station is associated to this
+                                * AP, so send the frame directly to it and
+                                * do not pass the frame to local net stack.
+                                */
+                               skb2 = skb;
+                               skb = NULL;
+                       }
+                       if (dsta)
+                               sta_info_put(dsta);
+               }
+       }
+
+       if (skb) {
+               /* deliver to local stack */
+               skb->protocol = eth_type_trans(skb, dev);
+               memset(skb->cb, 0, sizeof(skb->cb));
+               netif_rx(skb);
+       }
+
+       if (skb2) {
+               /* send to wireless media */
+               skb2->protocol = __constant_htons(ETH_P_802_3);
+               skb_set_network_header(skb2, 0);
+               skb_set_mac_header(skb2, 0);
+               dev_queue_xmit(skb2);
+       }
+
+       return TXRX_QUEUED;
+}
+
+static ieee80211_txrx_result
+ieee80211_rx_h_mgmt(struct ieee80211_txrx_data *rx)
+{
+       struct ieee80211_sub_if_data *sdata;
+
+       if (!(rx->flags & IEEE80211_TXRXD_RXRA_MATCH))
+               return TXRX_DROP;
+
+       sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev);
+       if ((sdata->type == IEEE80211_IF_TYPE_STA ||
+            sdata->type == IEEE80211_IF_TYPE_IBSS) &&
+           !(sdata->flags & IEEE80211_SDATA_USERSPACE_MLME))
+               ieee80211_sta_rx_mgmt(rx->dev, rx->skb, rx->u.rx.status);
+       else
+               return TXRX_DROP;
+
+       return TXRX_QUEUED;
+}
+
+static inline ieee80211_txrx_result __ieee80211_invoke_rx_handlers(
+                               struct ieee80211_local *local,
+                               ieee80211_rx_handler *handlers,
+                               struct ieee80211_txrx_data *rx,
+                               struct sta_info *sta)
+{
+       ieee80211_rx_handler *handler;
+       ieee80211_txrx_result res = TXRX_DROP;
+
+       for (handler = handlers; *handler != NULL; handler++) {
+               res = (*handler)(rx);
+
+               switch (res) {
+               case TXRX_CONTINUE:
+                       continue;
+               case TXRX_DROP:
+                       I802_DEBUG_INC(local->rx_handlers_drop);
+                       if (sta)
+                               sta->rx_dropped++;
+                       break;
+               case TXRX_QUEUED:
+                       I802_DEBUG_INC(local->rx_handlers_queued);
+                       break;
+               }
+               break;
+       }
+
+       if (res == TXRX_DROP)
+               dev_kfree_skb(rx->skb);
+       return res;
+}
+
+static inline void ieee80211_invoke_rx_handlers(struct ieee80211_local *local,
+                                               ieee80211_rx_handler *handlers,
+                                               struct ieee80211_txrx_data *rx,
+                                               struct sta_info *sta)
+{
+       if (__ieee80211_invoke_rx_handlers(local, handlers, rx, sta) ==
+           TXRX_CONTINUE)
+               dev_kfree_skb(rx->skb);
+}
+
+static void ieee80211_rx_michael_mic_report(struct net_device *dev,
+                                           struct ieee80211_hdr *hdr,
+                                           struct sta_info *sta,
+                                           struct ieee80211_txrx_data *rx)
+{
+       int keyidx, hdrlen;
+
+       hdrlen = ieee80211_get_hdrlen_from_skb(rx->skb);
+       if (rx->skb->len >= hdrlen + 4)
+               keyidx = rx->skb->data[hdrlen + 3] >> 6;
+       else
+               keyidx = -1;
+
+       if (net_ratelimit())
+               printk(KERN_DEBUG "%s: TKIP hwaccel reported Michael MIC "
+                      "failure from " MAC_FMT " to " MAC_FMT " keyidx=%d\n",
+                      dev->name, MAC_ARG(hdr->addr2), MAC_ARG(hdr->addr1),
+                      keyidx);
+
+       if (!sta) {
+               /*
+                * Some hardware seem to generate incorrect Michael MIC
+                * reports; ignore them to avoid triggering countermeasures.
+                */
+               if (net_ratelimit())
+                       printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
+                              "error for unknown address " MAC_FMT "\n",
+                              dev->name, MAC_ARG(hdr->addr2));
+               goto ignore;
+       }
+
+       if (!(rx->fc & IEEE80211_FCTL_PROTECTED)) {
+               if (net_ratelimit())
+                       printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
+                              "error for a frame with no PROTECTED flag (src "
+                              MAC_FMT ")\n", dev->name, MAC_ARG(hdr->addr2));
+               goto ignore;
+       }
+
+       if (rx->sdata->type == IEEE80211_IF_TYPE_AP && keyidx) {
+               /*
+                * APs with pairwise keys should never receive Michael MIC
+                * errors for non-zero keyidx because these are reserved for
+                * group keys and only the AP is sending real multicast
+                * frames in the BSS.
+                */
+               if (net_ratelimit())
+                       printk(KERN_DEBUG "%s: ignored Michael MIC error for "
+                              "a frame with non-zero keyidx (%d)"
+                              " (src " MAC_FMT ")\n", dev->name, keyidx,
+                              MAC_ARG(hdr->addr2));
+               goto ignore;
+       }
+
+       if ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA &&
+           ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT ||
+            (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_AUTH)) {
+               if (net_ratelimit())
+                       printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
+                              "error for a frame that cannot be encrypted "
+                              "(fc=0x%04x) (src " MAC_FMT ")\n",
+                              dev->name, rx->fc, MAC_ARG(hdr->addr2));
+               goto ignore;
+       }
+
+       mac80211_ev_michael_mic_failure(rx->dev, keyidx, hdr);
+ ignore:
+       dev_kfree_skb(rx->skb);
+       rx->skb = NULL;
+}
+
+ieee80211_rx_handler ieee80211_rx_handlers[] =
+{
+       ieee80211_rx_h_if_stats,
+       ieee80211_rx_h_passive_scan,
+       ieee80211_rx_h_check,
+       ieee80211_rx_h_decrypt,
+       ieee80211_rx_h_sta_process,
+       ieee80211_rx_h_defragment,
+       ieee80211_rx_h_ps_poll,
+       ieee80211_rx_h_michael_mic_verify,
+       /* this must be after decryption - so header is counted in MPDU mic
+        * must be before pae and data, so QOS_DATA format frames
+        * are not passed to user space by these functions
+        */
+       ieee80211_rx_h_remove_qos_control,
+       ieee80211_rx_h_802_1x_pae,
+       ieee80211_rx_h_drop_unencrypted,
+       ieee80211_rx_h_data,
+       ieee80211_rx_h_mgmt,
+       NULL
+};
+
+/* main receive path */
+
+static int prepare_for_handlers(struct ieee80211_sub_if_data *sdata,
+                               u8 *bssid, struct ieee80211_txrx_data *rx,
+                               struct ieee80211_hdr *hdr)
+{
+       int multicast = is_multicast_ether_addr(hdr->addr1);
+
+       switch (sdata->type) {
+       case IEEE80211_IF_TYPE_STA:
+               if (!bssid)
+                       return 0;
+               if (!ieee80211_bssid_match(bssid, sdata->u.sta.bssid)) {
+                       if (!(rx->flags & IEEE80211_TXRXD_RXIN_SCAN))
+                               return 0;
+                       rx->flags &= ~IEEE80211_TXRXD_RXRA_MATCH;
+               } else if (!multicast &&
+                          compare_ether_addr(sdata->dev->dev_addr,
+                                             hdr->addr1) != 0) {
+                       if (!(sdata->dev->flags & IFF_PROMISC))
+                               return 0;
+                       rx->flags &= ~IEEE80211_TXRXD_RXRA_MATCH;
+               }
+               break;
+       case IEEE80211_IF_TYPE_IBSS:
+               if (!bssid)
+                       return 0;
+               if (!ieee80211_bssid_match(bssid, sdata->u.sta.bssid)) {
+                       if (!(rx->flags & IEEE80211_TXRXD_RXIN_SCAN))
+                               return 0;
+                       rx->flags &= ~IEEE80211_TXRXD_RXRA_MATCH;
+               } else if (!multicast &&
+                          compare_ether_addr(sdata->dev->dev_addr,
+                                             hdr->addr1) != 0) {
+                       if (!(sdata->dev->flags & IFF_PROMISC))
+                               return 0;
+                       rx->flags &= ~IEEE80211_TXRXD_RXRA_MATCH;
+               } else if (!rx->sta)
+                       rx->sta = ieee80211_ibss_add_sta(sdata->dev, rx->skb,
+                                                        bssid, hdr->addr2);
+               break;
+       case IEEE80211_IF_TYPE_VLAN:
+       case IEEE80211_IF_TYPE_AP:
+               if (!bssid) {
+                       if (compare_ether_addr(sdata->dev->dev_addr,
+                                              hdr->addr1))
+                               return 0;
+               } else if (!ieee80211_bssid_match(bssid,
+                                       sdata->dev->dev_addr)) {
+                       if (!(rx->flags & IEEE80211_TXRXD_RXIN_SCAN))
+                               return 0;
+                       rx->flags &= ~IEEE80211_TXRXD_RXRA_MATCH;
+               }
+               if (sdata->dev == sdata->local->mdev &&
+                   !(rx->flags & IEEE80211_TXRXD_RXIN_SCAN))
+                       /* do not receive anything via
+                        * master device when not scanning */
+                       return 0;
+               break;
+       case IEEE80211_IF_TYPE_WDS:
+               if (bssid ||
+                   (rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA)
+                       return 0;
+               if (compare_ether_addr(sdata->u.wds.remote_addr, hdr->addr2))
+                       return 0;
+               break;
+       case IEEE80211_IF_TYPE_MNTR:
+               /* take everything */
+               break;
+       case IEEE80211_IF_TYPE_INVALID:
+               /* should never get here */
+               WARN_ON(1);
+               break;
+       }
+
+       return 1;
+}
+
+/*
+ * This is the receive path handler. It is called by a low level driver when an
+ * 802.11 MPDU is received from the hardware.
+ */
+void __ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb,
+                   struct ieee80211_rx_status *status)
+{
+       struct ieee80211_local *local = hw_to_local(hw);
+       struct ieee80211_sub_if_data *sdata;
+       struct sta_info *sta;
+       struct ieee80211_hdr *hdr;
+       struct ieee80211_txrx_data rx;
+       u16 type;
+       int prepres;
+       struct ieee80211_sub_if_data *prev = NULL;
+       struct sk_buff *skb_new;
+       u8 *bssid;
+
+       /*
+        * key references and virtual interfaces are protected using RCU
+        * and this requires that we are in a read-side RCU section during
+        * receive processing
+        */
+       rcu_read_lock();
+
+       /*
+        * Frames with failed FCS/PLCP checksum are not returned,
+        * all other frames are returned without radiotap header
+        * if it was previously present.
+        * Also, frames with less than 16 bytes are dropped.
+        */
+       skb = ieee80211_rx_monitor(local, skb, status);
+       if (!skb) {
+               rcu_read_unlock();
+               return;
+       }
+
+       hdr = (struct ieee80211_hdr *) skb->data;
+       memset(&rx, 0, sizeof(rx));
+       rx.skb = skb;
+       rx.local = local;
+
+       rx.u.rx.status = status;
+       rx.fc = le16_to_cpu(hdr->frame_control);
+       type = rx.fc & IEEE80211_FCTL_FTYPE;
+
+       if (type == IEEE80211_FTYPE_DATA || type == IEEE80211_FTYPE_MGMT)
+               local->dot11ReceivedFragmentCount++;
+
+       sta = rx.sta = sta_info_get(local, hdr->addr2);
+       if (sta) {
+               rx.dev = rx.sta->dev;
+               rx.sdata = IEEE80211_DEV_TO_SUB_IF(rx.dev);
+       }
+
+       if ((status->flag & RX_FLAG_MMIC_ERROR)) {
+               ieee80211_rx_michael_mic_report(local->mdev, hdr, sta, &rx);
+               goto end;
+       }
+
+       if (unlikely(local->sta_scanning))
+               rx.flags |= IEEE80211_TXRXD_RXIN_SCAN;
+
+       if (__ieee80211_invoke_rx_handlers(local, local->rx_pre_handlers, &rx,
+                                          sta) != TXRX_CONTINUE)
+               goto end;
+       skb = rx.skb;
+
+       if (sta && !(sta->flags & (WLAN_STA_WDS | WLAN_STA_ASSOC_AP)) &&
+           !atomic_read(&local->iff_promiscs) &&
+           !is_multicast_ether_addr(hdr->addr1)) {
+               rx.flags |= IEEE80211_TXRXD_RXRA_MATCH;
+               ieee80211_invoke_rx_handlers(local, local->rx_handlers, &rx,
+                                            rx.sta);
+               sta_info_put(sta);
+               rcu_read_unlock();
+               return;
+       }
+
+       bssid = ieee80211_get_bssid(hdr, skb->len);
+
+       list_for_each_entry_rcu(sdata, &local->interfaces, list) {
+               if (!netif_running(sdata->dev))
+                       continue;
+
+               if (sdata->type == IEEE80211_IF_TYPE_MNTR)
+                       continue;
+
+               rx.flags |= IEEE80211_TXRXD_RXRA_MATCH;
+               prepres = prepare_for_handlers(sdata, bssid, &rx, hdr);
+               /* prepare_for_handlers can change sta */
+               sta = rx.sta;
+
+               if (!prepres)
+                       continue;
+
+               /*
+                * frame is destined for this interface, but if it's not
+                * also for the previous one we handle that after the
+                * loop to avoid copying the SKB once too much
+                */
+
+               if (!prev) {
+                       prev = sdata;
+                       continue;
+               }
+
+               /*
+                * frame was destined for the previous interface
+                * so invoke RX handlers for it
+                */
+
+               skb_new = skb_copy(skb, GFP_ATOMIC);
+               if (!skb_new) {
+                       if (net_ratelimit())
+                               printk(KERN_DEBUG "%s: failed to copy "
+                                      "multicast frame for %s",
+                                      wiphy_name(local->hw.wiphy),
+                                      prev->dev->name);
+                       continue;
+               }
+               rx.skb = skb_new;
+               rx.dev = prev->dev;
+               rx.sdata = prev;
+               ieee80211_invoke_rx_handlers(local, local->rx_handlers,
+                                            &rx, sta);
+               prev = sdata;
+       }
+       if (prev) {
+               rx.skb = skb;
+               rx.dev = prev->dev;
+               rx.sdata = prev;
+               ieee80211_invoke_rx_handlers(local, local->rx_handlers,
+                                            &rx, sta);
+       } else
+               dev_kfree_skb(skb);
+
+ end:
+       rcu_read_unlock();
+
+       if (sta)
+               sta_info_put(sta);
+}
+EXPORT_SYMBOL(__ieee80211_rx);
+
+/* This is a version of the rx handler that can be called from hard irq
+ * context. Post the skb on the queue and schedule the tasklet */
+void ieee80211_rx_irqsafe(struct ieee80211_hw *hw, struct sk_buff *skb,
+                         struct ieee80211_rx_status *status)
+{
+       struct ieee80211_local *local = hw_to_local(hw);
+
+       BUILD_BUG_ON(sizeof(struct ieee80211_rx_status) > sizeof(skb->cb));
+
+       skb->dev = local->mdev;
+       /* copy status into skb->cb for use by tasklet */
+       memcpy(skb->cb, status, sizeof(*status));
+       skb->pkt_type = IEEE80211_RX_MSG;
+       skb_queue_tail(&local->skb_queue, skb);
+       tasklet_schedule(&local->tasklet);
+}
+EXPORT_SYMBOL(ieee80211_rx_irqsafe);
 
--- /dev/null
+/*
+ * Copyright 2002-2005, Instant802 Networks, Inc.
+ * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/netdevice.h>
+#include <linux/types.h>
+#include <linux/slab.h>
+#include <linux/skbuff.h>
+#include <linux/if_arp.h>
+
+#include <net/mac80211.h>
+#include "ieee80211_i.h"
+#include "ieee80211_rate.h"
+#include "sta_info.h"
+#include "debugfs_sta.h"
+
+/* Caller must hold local->sta_lock */
+static void sta_info_hash_add(struct ieee80211_local *local,
+                             struct sta_info *sta)
+{
+       sta->hnext = local->sta_hash[STA_HASH(sta->addr)];
+       local->sta_hash[STA_HASH(sta->addr)] = sta;
+}
+
+
+/* Caller must hold local->sta_lock */
+static int sta_info_hash_del(struct ieee80211_local *local,
+                            struct sta_info *sta)
+{
+       struct sta_info *s;
+
+       s = local->sta_hash[STA_HASH(sta->addr)];
+       if (!s)
+               return -ENOENT;
+       if (s == sta) {
+               local->sta_hash[STA_HASH(sta->addr)] = s->hnext;
+               return 0;
+       }
+
+       while (s->hnext && s->hnext != sta)
+               s = s->hnext;
+       if (s->hnext) {
+               s->hnext = sta->hnext;
+               return 0;
+       }
+
+       return -ENOENT;
+}
+
+struct sta_info *sta_info_get(struct ieee80211_local *local, u8 *addr)
+{
+       struct sta_info *sta;
+
+       read_lock_bh(&local->sta_lock);
+       sta = local->sta_hash[STA_HASH(addr)];
+       while (sta) {
+               if (memcmp(sta->addr, addr, ETH_ALEN) == 0) {
+                       __sta_info_get(sta);
+                       break;
+               }
+               sta = sta->hnext;
+       }
+       read_unlock_bh(&local->sta_lock);
+
+       return sta;
+}
+EXPORT_SYMBOL(sta_info_get);
+
+int sta_info_min_txrate_get(struct ieee80211_local *local)
+{
+       struct sta_info *sta;
+       struct ieee80211_hw_mode *mode;
+       int min_txrate = 9999999;
+       int i;
+
+       read_lock_bh(&local->sta_lock);
+       mode = local->oper_hw_mode;
+       for (i = 0; i < STA_HASH_SIZE; i++) {
+               sta = local->sta_hash[i];
+               while (sta) {
+                       if (sta->txrate < min_txrate)
+                               min_txrate = sta->txrate;
+                       sta = sta->hnext;
+               }
+       }
+       read_unlock_bh(&local->sta_lock);
+       if (min_txrate == 9999999)
+               min_txrate = 0;
+
+       return mode->rates[min_txrate].rate;
+}
+
+
+static void sta_info_release(struct kref *kref)
+{
+       struct sta_info *sta = container_of(kref, struct sta_info, kref);
+       struct ieee80211_local *local = sta->local;
+       struct sk_buff *skb;
+
+       /* free sta structure; it has already been removed from
+        * hash table etc. external structures. Make sure that all
+        * buffered frames are release (one might have been added
+        * after sta_info_free() was called). */
+       while ((skb = skb_dequeue(&sta->ps_tx_buf)) != NULL) {
+               local->total_ps_buffered--;
+               dev_kfree_skb_any(skb);
+       }
+       while ((skb = skb_dequeue(&sta->tx_filtered)) != NULL) {
+               dev_kfree_skb_any(skb);
+       }
+       rate_control_free_sta(sta->rate_ctrl, sta->rate_ctrl_priv);
+       rate_control_put(sta->rate_ctrl);
+       kfree(sta);
+}
+
+
+void sta_info_put(struct sta_info *sta)
+{
+       kref_put(&sta->kref, sta_info_release);
+}
+EXPORT_SYMBOL(sta_info_put);
+
+
+struct sta_info * sta_info_add(struct ieee80211_local *local,
+                              struct net_device *dev, u8 *addr, gfp_t gfp)
+{
+       struct sta_info *sta;
+
+       sta = kzalloc(sizeof(*sta), gfp);
+       if (!sta)
+               return NULL;
+
+       kref_init(&sta->kref);
+
+       sta->rate_ctrl = rate_control_get(local->rate_ctrl);
+       sta->rate_ctrl_priv = rate_control_alloc_sta(sta->rate_ctrl, gfp);
+       if (!sta->rate_ctrl_priv) {
+               rate_control_put(sta->rate_ctrl);
+               kfree(sta);
+               return NULL;
+       }
+
+       memcpy(sta->addr, addr, ETH_ALEN);
+       sta->local = local;
+       sta->dev = dev;
+       skb_queue_head_init(&sta->ps_tx_buf);
+       skb_queue_head_init(&sta->tx_filtered);
+       __sta_info_get(sta);    /* sta used by caller, decremented by
+                                * sta_info_put() */
+       write_lock_bh(&local->sta_lock);
+       list_add(&sta->list, &local->sta_list);
+       local->num_sta++;
+       sta_info_hash_add(local, sta);
+       if (local->ops->sta_notify)
+               local->ops->sta_notify(local_to_hw(local), dev->ifindex,
+                                       STA_NOTIFY_ADD, addr);
+       write_unlock_bh(&local->sta_lock);
+
+#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
+       printk(KERN_DEBUG "%s: Added STA " MAC_FMT "\n",
+              wiphy_name(local->hw.wiphy), MAC_ARG(addr));
+#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
+
+#ifdef CONFIG_MAC80211_DEBUGFS
+       /* debugfs entry adding might sleep, so schedule process
+        * context task for adding entry for STAs that do not yet
+        * have one. */
+       queue_work(local->hw.workqueue, &local->sta_debugfs_add);
+#endif
+
+       return sta;
+}
+
+/* Caller must hold local->sta_lock */
+void sta_info_remove(struct sta_info *sta)
+{
+       struct ieee80211_local *local = sta->local;
+       struct ieee80211_sub_if_data *sdata;
+
+       /* don't do anything if we've been removed already */
+       if (sta_info_hash_del(local, sta))
+               return;
+
+       list_del(&sta->list);
+       sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev);
+       if (sta->flags & WLAN_STA_PS) {
+               sta->flags &= ~WLAN_STA_PS;
+               if (sdata->bss)
+                       atomic_dec(&sdata->bss->num_sta_ps);
+       }
+       local->num_sta--;
+       sta_info_remove_aid_ptr(sta);
+
+}
+
+void sta_info_free(struct sta_info *sta)
+{
+       struct sk_buff *skb;
+       struct ieee80211_local *local = sta->local;
+
+       might_sleep();
+
+       write_lock_bh(&local->sta_lock);
+       sta_info_remove(sta);
+       write_unlock_bh(&local->sta_lock);
+
+       while ((skb = skb_dequeue(&sta->ps_tx_buf)) != NULL) {
+               local->total_ps_buffered--;
+               dev_kfree_skb(skb);
+       }
+       while ((skb = skb_dequeue(&sta->tx_filtered)) != NULL) {
+               dev_kfree_skb(skb);
+       }
+
+#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
+       printk(KERN_DEBUG "%s: Removed STA " MAC_FMT "\n",
+              wiphy_name(local->hw.wiphy), MAC_ARG(sta->addr));
+#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
+
+       ieee80211_key_free(sta->key);
+       sta->key = NULL;
+
+       if (local->ops->sta_notify)
+               local->ops->sta_notify(local_to_hw(local), sta->dev->ifindex,
+                                       STA_NOTIFY_REMOVE, sta->addr);
+
+       rate_control_remove_sta_debugfs(sta);
+       ieee80211_sta_debugfs_remove(sta);
+
+       sta_info_put(sta);
+}
+
+
+static inline int sta_info_buffer_expired(struct ieee80211_local *local,
+                                         struct sta_info *sta,
+                                         struct sk_buff *skb)
+{
+       struct ieee80211_tx_packet_data *pkt_data;
+       int timeout;
+
+       if (!skb)
+               return 0;
+
+       pkt_data = (struct ieee80211_tx_packet_data *) skb->cb;
+
+       /* Timeout: (2 * listen_interval * beacon_int * 1024 / 1000000) sec */
+       timeout = (sta->listen_interval * local->hw.conf.beacon_int * 32 /
+                  15625) * HZ;
+       if (timeout < STA_TX_BUFFER_EXPIRE)
+               timeout = STA_TX_BUFFER_EXPIRE;
+       return time_after(jiffies, pkt_data->jiffies + timeout);
+}
+
+
+static void sta_info_cleanup_expire_buffered(struct ieee80211_local *local,
+                                            struct sta_info *sta)
+{
+       unsigned long flags;
+       struct sk_buff *skb;
+
+       if (skb_queue_empty(&sta->ps_tx_buf))
+               return;
+
+       for (;;) {
+               spin_lock_irqsave(&sta->ps_tx_buf.lock, flags);
+               skb = skb_peek(&sta->ps_tx_buf);
+               if (sta_info_buffer_expired(local, sta, skb)) {
+                       skb = __skb_dequeue(&sta->ps_tx_buf);
+                       if (skb_queue_empty(&sta->ps_tx_buf))
+                               sta->flags &= ~WLAN_STA_TIM;
+               } else
+                       skb = NULL;
+               spin_unlock_irqrestore(&sta->ps_tx_buf.lock, flags);
+
+               if (skb) {
+                       local->total_ps_buffered--;
+                       printk(KERN_DEBUG "Buffered frame expired (STA "
+                              MAC_FMT ")\n", MAC_ARG(sta->addr));
+                       dev_kfree_skb(skb);
+               } else
+                       break;
+       }
+}
+
+
+static void sta_info_cleanup(unsigned long data)
+{
+       struct ieee80211_local *local = (struct ieee80211_local *) data;
+       struct sta_info *sta;
+
+       read_lock_bh(&local->sta_lock);
+       list_for_each_entry(sta, &local->sta_list, list) {
+               __sta_info_get(sta);
+               sta_info_cleanup_expire_buffered(local, sta);
+               sta_info_put(sta);
+       }
+       read_unlock_bh(&local->sta_lock);
+
+       local->sta_cleanup.expires = jiffies + STA_INFO_CLEANUP_INTERVAL;
+       add_timer(&local->sta_cleanup);
+}
+
+#ifdef CONFIG_MAC80211_DEBUGFS
+static void sta_info_debugfs_add_task(struct work_struct *work)
+{
+       struct ieee80211_local *local =
+               container_of(work, struct ieee80211_local, sta_debugfs_add);
+       struct sta_info *sta, *tmp;
+
+       while (1) {
+               sta = NULL;
+               read_lock_bh(&local->sta_lock);
+               list_for_each_entry(tmp, &local->sta_list, list) {
+                       if (!tmp->debugfs.dir) {
+                               sta = tmp;
+                               __sta_info_get(sta);
+                               break;
+                       }
+               }
+               read_unlock_bh(&local->sta_lock);
+
+               if (!sta)
+                       break;
+
+               ieee80211_sta_debugfs_add(sta);
+               rate_control_add_sta_debugfs(sta);
+               sta_info_put(sta);
+       }
+}
+#endif
+
+void sta_info_init(struct ieee80211_local *local)
+{
+       rwlock_init(&local->sta_lock);
+       INIT_LIST_HEAD(&local->sta_list);
+
+       init_timer(&local->sta_cleanup);
+       local->sta_cleanup.expires = jiffies + STA_INFO_CLEANUP_INTERVAL;
+       local->sta_cleanup.data = (unsigned long) local;
+       local->sta_cleanup.function = sta_info_cleanup;
+
+#ifdef CONFIG_MAC80211_DEBUGFS
+       INIT_WORK(&local->sta_debugfs_add, sta_info_debugfs_add_task);
+#endif
+}
+
+int sta_info_start(struct ieee80211_local *local)
+{
+       add_timer(&local->sta_cleanup);
+       return 0;
+}
+
+void sta_info_stop(struct ieee80211_local *local)
+{
+       del_timer(&local->sta_cleanup);
+       sta_info_flush(local, NULL);
+}
+
+void sta_info_remove_aid_ptr(struct sta_info *sta)
+{
+       struct ieee80211_sub_if_data *sdata;
+
+       if (sta->aid <= 0)
+               return;
+
+       sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev);
+
+       if (sdata->local->ops->set_tim)
+               sdata->local->ops->set_tim(local_to_hw(sdata->local),
+                                         sta->aid, 0);
+       if (sdata->bss)
+               __bss_tim_clear(sdata->bss, sta->aid);
+}
+
+
+/**
+ * sta_info_flush - flush matching STA entries from the STA table
+ * @local: local interface data
+ * @dev: matching rule for the net device (sta->dev) or %NULL to match all STAs
+ */
+void sta_info_flush(struct ieee80211_local *local, struct net_device *dev)
+{
+       struct sta_info *sta, *tmp;
+       LIST_HEAD(tmp_list);
+
+       write_lock_bh(&local->sta_lock);
+       list_for_each_entry_safe(sta, tmp, &local->sta_list, list)
+               if (!dev || dev == sta->dev) {
+                       __sta_info_get(sta);
+                       sta_info_remove(sta);
+                       list_add_tail(&sta->list, &tmp_list);
+               }
+       write_unlock_bh(&local->sta_lock);
+
+       list_for_each_entry_safe(sta, tmp, &tmp_list, list) {
+               sta_info_free(sta);
+               sta_info_put(sta);
+       }
+}
 
--- /dev/null
+/*
+ * Copyright 2002-2005, Devicescape Software, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#ifndef STA_INFO_H
+#define STA_INFO_H
+
+#include <linux/list.h>
+#include <linux/types.h>
+#include <linux/if_ether.h>
+#include <linux/kref.h>
+#include "ieee80211_key.h"
+
+/* Stations flags (struct sta_info::flags) */
+#define WLAN_STA_AUTH BIT(0)
+#define WLAN_STA_ASSOC BIT(1)
+#define WLAN_STA_PS BIT(2)
+#define WLAN_STA_TIM BIT(3) /* TIM bit is on for PS stations */
+#define WLAN_STA_PERM BIT(4) /* permanent; do not remove entry on expiration */
+#define WLAN_STA_AUTHORIZED BIT(5) /* If 802.1X is used, this flag is
+                                   * controlling whether STA is authorized to
+                                   * send and receive non-IEEE 802.1X frames
+                                   */
+#define WLAN_STA_SHORT_PREAMBLE BIT(7)
+/* whether this is an AP that we are associated with as a client */
+#define WLAN_STA_ASSOC_AP BIT(8)
+#define WLAN_STA_WME BIT(9)
+#define WLAN_STA_WDS BIT(27)
+
+
+struct sta_info {
+       struct kref kref;
+       struct list_head list;
+       struct sta_info *hnext; /* next entry in hash table list */
+
+       struct ieee80211_local *local;
+
+       u8 addr[ETH_ALEN];
+       u16 aid; /* STA's unique AID (1..2007), 0 = not yet assigned */
+       u32 flags; /* WLAN_STA_ */
+
+       struct sk_buff_head ps_tx_buf; /* buffer of TX frames for station in
+                                       * power saving state */
+       int pspoll; /* whether STA has send a PS Poll frame */
+       struct sk_buff_head tx_filtered; /* buffer of TX frames that were
+                                         * already given to low-level driver,
+                                         * but were filtered */
+       int clear_dst_mask;
+
+       unsigned long rx_packets, tx_packets; /* number of RX/TX MSDUs */
+       unsigned long rx_bytes, tx_bytes;
+       unsigned long tx_retry_failed, tx_retry_count;
+       unsigned long tx_filtered_count;
+
+       unsigned int wep_weak_iv_count; /* number of RX frames with weak IV */
+
+       unsigned long last_rx;
+       u32 supp_rates; /* bitmap of supported rates in local->curr_rates */
+       int txrate; /* index in local->curr_rates */
+       int last_txrate; /* last rate used to send a frame to this STA */
+       int last_nonerp_idx;
+
+       struct net_device *dev; /* which net device is this station associated
+                                * to */
+
+       struct ieee80211_key *key;
+
+       u32 tx_num_consecutive_failures;
+       u32 tx_num_mpdu_ok;
+       u32 tx_num_mpdu_fail;
+
+       struct rate_control_ref *rate_ctrl;
+       void *rate_ctrl_priv;
+
+       /* last received seq/frag number from this STA (per RX queue) */
+       __le16 last_seq_ctrl[NUM_RX_DATA_QUEUES];
+       unsigned long num_duplicates; /* number of duplicate frames received
+                                      * from this STA */
+       unsigned long tx_fragments; /* number of transmitted MPDUs */
+       unsigned long rx_fragments; /* number of received MPDUs */
+       unsigned long rx_dropped; /* number of dropped MPDUs from this STA */
+
+       int last_rssi; /* RSSI of last received frame from this STA */
+       int last_signal; /* signal of last received frame from this STA */
+       int last_noise; /* noise of last received frame from this STA */
+       int last_ack_rssi[3]; /* RSSI of last received ACKs from this STA */
+       unsigned long last_ack;
+       int channel_use;
+       int channel_use_raw;
+
+#ifdef CONFIG_MAC80211_DEBUG_COUNTERS
+       unsigned int wme_rx_queue[NUM_RX_DATA_QUEUES];
+       unsigned int wme_tx_queue[NUM_RX_DATA_QUEUES];
+#endif /* CONFIG_MAC80211_DEBUG_COUNTERS */
+
+       u16 listen_interval;
+
+#ifdef CONFIG_MAC80211_DEBUGFS
+       struct sta_info_debugfsdentries {
+               struct dentry *dir;
+               struct dentry *flags;
+               struct dentry *num_ps_buf_frames;
+               struct dentry *last_ack_rssi;
+               struct dentry *last_ack_ms;
+               struct dentry *inactive_ms;
+               struct dentry *last_seq_ctrl;
+#ifdef CONFIG_MAC80211_DEBUG_COUNTERS
+               struct dentry *wme_rx_queue;
+               struct dentry *wme_tx_queue;
+#endif
+       } debugfs;
+#endif
+};
+
+
+/* Maximum number of concurrently registered stations */
+#define MAX_STA_COUNT 2007
+
+#define STA_HASH_SIZE 256
+#define STA_HASH(sta) (sta[5])
+
+
+/* Maximum number of frames to buffer per power saving station */
+#define STA_MAX_TX_BUFFER 128
+
+/* Minimum buffered frame expiry time. If STA uses listen interval that is
+ * smaller than this value, the minimum value here is used instead. */
+#define STA_TX_BUFFER_EXPIRE (10 * HZ)
+
+/* How often station data is cleaned up (e.g., expiration of buffered frames)
+ */
+#define STA_INFO_CLEANUP_INTERVAL (10 * HZ)
+
+static inline void __sta_info_get(struct sta_info *sta)
+{
+       kref_get(&sta->kref);
+}
+
+struct sta_info * sta_info_get(struct ieee80211_local *local, u8 *addr);
+int sta_info_min_txrate_get(struct ieee80211_local *local);
+void sta_info_put(struct sta_info *sta);
+struct sta_info * sta_info_add(struct ieee80211_local *local,
+                              struct net_device *dev, u8 *addr, gfp_t gfp);
+void sta_info_remove(struct sta_info *sta);
+void sta_info_free(struct sta_info *sta);
+void sta_info_init(struct ieee80211_local *local);
+int sta_info_start(struct ieee80211_local *local);
+void sta_info_stop(struct ieee80211_local *local);
+void sta_info_remove_aid_ptr(struct sta_info *sta);
+void sta_info_flush(struct ieee80211_local *local, struct net_device *dev);
+
+#endif /* STA_INFO_H */
 
--- /dev/null
+/*
+ * Copyright 2002-2004, Instant802 Networks, Inc.
+ * Copyright 2005, Devicescape Software, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#include <linux/kernel.h>
+#include <linux/types.h>
+#include <linux/netdevice.h>
+
+#include <net/mac80211.h>
+#include "ieee80211_key.h"
+#include "tkip.h"
+#include "wep.h"
+
+
+/* TKIP key mixing functions */
+
+
+#define PHASE1_LOOP_COUNT 8
+
+
+/* 2-byte by 2-byte subset of the full AES S-box table; second part of this
+ * table is identical to first part but byte-swapped */
+static const u16 tkip_sbox[256] =
+{
+       0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
+       0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
+       0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
+       0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
+       0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
+       0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
+       0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
+       0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
+       0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
+       0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
+       0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
+       0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
+       0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
+       0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
+       0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
+       0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
+       0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
+       0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
+       0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
+       0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
+       0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
+       0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
+       0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
+       0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
+       0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
+       0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
+       0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
+       0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
+       0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
+       0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
+       0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
+       0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
+};
+
+
+static inline u16 Mk16(u8 x, u8 y)
+{
+       return ((u16) x << 8) | (u16) y;
+}
+
+
+static inline u8 Hi8(u16 v)
+{
+       return v >> 8;
+}
+
+
+static inline u8 Lo8(u16 v)
+{
+       return v & 0xff;
+}
+
+
+static inline u16 Hi16(u32 v)
+{
+       return v >> 16;
+}
+
+
+static inline u16 Lo16(u32 v)
+{
+       return v & 0xffff;
+}
+
+
+static inline u16 RotR1(u16 v)
+{
+       return (v >> 1) | ((v & 0x0001) << 15);
+}
+
+
+static inline u16 tkip_S(u16 val)
+{
+       u16 a = tkip_sbox[Hi8(val)];
+
+       return tkip_sbox[Lo8(val)] ^ Hi8(a) ^ (Lo8(a) << 8);
+}
+
+
+
+/* P1K := Phase1(TA, TK, TSC)
+ * TA = transmitter address (48 bits)
+ * TK = dot11DefaultKeyValue or dot11KeyMappingValue (128 bits)
+ * TSC = TKIP sequence counter (48 bits, only 32 msb bits used)
+ * P1K: 80 bits
+ */
+static void tkip_mixing_phase1(const u8 *ta, const u8 *tk, u32 tsc_IV32,
+                              u16 *p1k)
+{
+       int i, j;
+
+       p1k[0] = Lo16(tsc_IV32);
+       p1k[1] = Hi16(tsc_IV32);
+       p1k[2] = Mk16(ta[1], ta[0]);
+       p1k[3] = Mk16(ta[3], ta[2]);
+       p1k[4] = Mk16(ta[5], ta[4]);
+
+       for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
+               j = 2 * (i & 1);
+               p1k[0] += tkip_S(p1k[4] ^ Mk16(tk[ 1 + j], tk[ 0 + j]));
+               p1k[1] += tkip_S(p1k[0] ^ Mk16(tk[ 5 + j], tk[ 4 + j]));
+               p1k[2] += tkip_S(p1k[1] ^ Mk16(tk[ 9 + j], tk[ 8 + j]));
+               p1k[3] += tkip_S(p1k[2] ^ Mk16(tk[13 + j], tk[12 + j]));
+               p1k[4] += tkip_S(p1k[3] ^ Mk16(tk[ 1 + j], tk[ 0 + j])) + i;
+       }
+}
+
+
+static void tkip_mixing_phase2(const u16 *p1k, const u8 *tk, u16 tsc_IV16,
+                              u8 *rc4key)
+{
+       u16 ppk[6];
+       int i;
+
+       ppk[0] = p1k[0];
+       ppk[1] = p1k[1];
+       ppk[2] = p1k[2];
+       ppk[3] = p1k[3];
+       ppk[4] = p1k[4];
+       ppk[5] = p1k[4] + tsc_IV16;
+
+       ppk[0] += tkip_S(ppk[5] ^ Mk16(tk[ 1], tk[ 0]));
+       ppk[1] += tkip_S(ppk[0] ^ Mk16(tk[ 3], tk[ 2]));
+       ppk[2] += tkip_S(ppk[1] ^ Mk16(tk[ 5], tk[ 4]));
+       ppk[3] += tkip_S(ppk[2] ^ Mk16(tk[ 7], tk[ 6]));
+       ppk[4] += tkip_S(ppk[3] ^ Mk16(tk[ 9], tk[ 8]));
+       ppk[5] += tkip_S(ppk[4] ^ Mk16(tk[11], tk[10]));
+       ppk[0] +=  RotR1(ppk[5] ^ Mk16(tk[13], tk[12]));
+       ppk[1] +=  RotR1(ppk[0] ^ Mk16(tk[15], tk[14]));
+       ppk[2] +=  RotR1(ppk[1]);
+       ppk[3] +=  RotR1(ppk[2]);
+       ppk[4] +=  RotR1(ppk[3]);
+       ppk[5] +=  RotR1(ppk[4]);
+
+       rc4key[0] = Hi8(tsc_IV16);
+       rc4key[1] = (Hi8(tsc_IV16) | 0x20) & 0x7f;
+       rc4key[2] = Lo8(tsc_IV16);
+       rc4key[3] = Lo8((ppk[5] ^ Mk16(tk[1], tk[0])) >> 1);
+
+       for (i = 0; i < 6; i++) {
+               rc4key[4 + 2 * i] = Lo8(ppk[i]);
+               rc4key[5 + 2 * i] = Hi8(ppk[i]);
+       }
+}
+
+
+/* Add TKIP IV and Ext. IV at @pos. @iv0, @iv1, and @iv2 are the first octets
+ * of the IV. Returns pointer to the octet following IVs (i.e., beginning of
+ * the packet payload). */
+u8 * ieee80211_tkip_add_iv(u8 *pos, struct ieee80211_key *key,
+                          u8 iv0, u8 iv1, u8 iv2)
+{
+       *pos++ = iv0;
+       *pos++ = iv1;
+       *pos++ = iv2;
+       *pos++ = (key->conf.keyidx << 6) | (1 << 5) /* Ext IV */;
+       *pos++ = key->u.tkip.iv32 & 0xff;
+       *pos++ = (key->u.tkip.iv32 >> 8) & 0xff;
+       *pos++ = (key->u.tkip.iv32 >> 16) & 0xff;
+       *pos++ = (key->u.tkip.iv32 >> 24) & 0xff;
+       return pos;
+}
+
+
+void ieee80211_tkip_gen_phase1key(struct ieee80211_key *key, u8 *ta,
+                                 u16 *phase1key)
+{
+       tkip_mixing_phase1(ta, &key->conf.key[ALG_TKIP_TEMP_ENCR_KEY],
+                          key->u.tkip.iv32, phase1key);
+}
+
+void ieee80211_tkip_gen_rc4key(struct ieee80211_key *key, u8 *ta,
+                              u8 *rc4key)
+{
+       /* Calculate per-packet key */
+       if (key->u.tkip.iv16 == 0 || !key->u.tkip.tx_initialized) {
+               /* IV16 wrapped around - perform TKIP phase 1 */
+               tkip_mixing_phase1(ta, &key->conf.key[ALG_TKIP_TEMP_ENCR_KEY],
+                                  key->u.tkip.iv32, key->u.tkip.p1k);
+               key->u.tkip.tx_initialized = 1;
+       }
+
+       tkip_mixing_phase2(key->u.tkip.p1k,
+                          &key->conf.key[ALG_TKIP_TEMP_ENCR_KEY],
+                          key->u.tkip.iv16, rc4key);
+}
+
+/* Encrypt packet payload with TKIP using @key. @pos is a pointer to the
+ * beginning of the buffer containing payload. This payload must include
+ * headroom of eight octets for IV and Ext. IV and taildroom of four octets
+ * for ICV. @payload_len is the length of payload (_not_ including extra
+ * headroom and tailroom). @ta is the transmitter addresses. */
+void ieee80211_tkip_encrypt_data(struct crypto_blkcipher *tfm,
+                                struct ieee80211_key *key,
+                                u8 *pos, size_t payload_len, u8 *ta)
+{
+       u8 rc4key[16];
+
+       ieee80211_tkip_gen_rc4key(key, ta, rc4key);
+       pos = ieee80211_tkip_add_iv(pos, key, rc4key[0], rc4key[1], rc4key[2]);
+       ieee80211_wep_encrypt_data(tfm, rc4key, 16, pos, payload_len);
+}
+
+
+/* Decrypt packet payload with TKIP using @key. @pos is a pointer to the
+ * beginning of the buffer containing IEEE 802.11 header payload, i.e.,
+ * including IV, Ext. IV, real data, Michael MIC, ICV. @payload_len is the
+ * length of payload, including IV, Ext. IV, MIC, ICV.  */
+int ieee80211_tkip_decrypt_data(struct crypto_blkcipher *tfm,
+                               struct ieee80211_key *key,
+                               u8 *payload, size_t payload_len, u8 *ta,
+                               int only_iv, int queue,
+                               u32 *out_iv32, u16 *out_iv16)
+{
+       u32 iv32;
+       u32 iv16;
+       u8 rc4key[16], keyid, *pos = payload;
+       int res;
+
+       if (payload_len < 12)
+               return -1;
+
+       iv16 = (pos[0] << 8) | pos[2];
+       keyid = pos[3];
+       iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
+       pos += 8;
+#ifdef CONFIG_TKIP_DEBUG
+       {
+               int i;
+               printk(KERN_DEBUG "TKIP decrypt: data(len=%zd)", payload_len);
+               for (i = 0; i < payload_len; i++)
+                       printk(" %02x", payload[i]);
+               printk("\n");
+               printk(KERN_DEBUG "TKIP decrypt: iv16=%04x iv32=%08x\n",
+                      iv16, iv32);
+       }
+#endif /* CONFIG_TKIP_DEBUG */
+
+       if (!(keyid & (1 << 5)))
+               return TKIP_DECRYPT_NO_EXT_IV;
+
+       if ((keyid >> 6) != key->conf.keyidx)
+               return TKIP_DECRYPT_INVALID_KEYIDX;
+
+       if (key->u.tkip.rx_initialized[queue] &&
+           (iv32 < key->u.tkip.iv32_rx[queue] ||
+            (iv32 == key->u.tkip.iv32_rx[queue] &&
+             iv16 <= key->u.tkip.iv16_rx[queue]))) {
+#ifdef CONFIG_TKIP_DEBUG
+               printk(KERN_DEBUG "TKIP replay detected for RX frame from "
+                      MAC_FMT " (RX IV (%04x,%02x) <= prev. IV (%04x,%02x)\n",
+                      MAC_ARG(ta),
+                      iv32, iv16, key->u.tkip.iv32_rx[queue],
+                      key->u.tkip.iv16_rx[queue]);
+#endif /* CONFIG_TKIP_DEBUG */
+               return TKIP_DECRYPT_REPLAY;
+       }
+
+       if (only_iv) {
+               res = TKIP_DECRYPT_OK;
+               key->u.tkip.rx_initialized[queue] = 1;
+               goto done;
+       }
+
+       if (!key->u.tkip.rx_initialized[queue] ||
+           key->u.tkip.iv32_rx[queue] != iv32) {
+               key->u.tkip.rx_initialized[queue] = 1;
+               /* IV16 wrapped around - perform TKIP phase 1 */
+               tkip_mixing_phase1(ta, &key->conf.key[ALG_TKIP_TEMP_ENCR_KEY],
+                                  iv32, key->u.tkip.p1k_rx[queue]);
+#ifdef CONFIG_TKIP_DEBUG
+               {
+                       int i;
+                       printk(KERN_DEBUG "TKIP decrypt: Phase1 TA=" MAC_FMT
+                              " TK=", MAC_ARG(ta));
+                       for (i = 0; i < 16; i++)
+                               printk("%02x ",
+                                      key->conf.key[
+                                               ALG_TKIP_TEMP_ENCR_KEY + i]);
+                       printk("\n");
+                       printk(KERN_DEBUG "TKIP decrypt: P1K=");
+                       for (i = 0; i < 5; i++)
+                               printk("%04x ", key->u.tkip.p1k_rx[queue][i]);
+                       printk("\n");
+               }
+#endif /* CONFIG_TKIP_DEBUG */
+       }
+
+       tkip_mixing_phase2(key->u.tkip.p1k_rx[queue],
+                          &key->conf.key[ALG_TKIP_TEMP_ENCR_KEY],
+                          iv16, rc4key);
+#ifdef CONFIG_TKIP_DEBUG
+       {
+               int i;
+               printk(KERN_DEBUG "TKIP decrypt: Phase2 rc4key=");
+               for (i = 0; i < 16; i++)
+                       printk("%02x ", rc4key[i]);
+               printk("\n");
+       }
+#endif /* CONFIG_TKIP_DEBUG */
+
+       res = ieee80211_wep_decrypt_data(tfm, rc4key, 16, pos, payload_len - 12);
+ done:
+       if (res == TKIP_DECRYPT_OK) {
+               /*
+                * Record previously received IV, will be copied into the
+                * key information after MIC verification. It is possible
+                * that we don't catch replays of fragments but that's ok
+                * because the Michael MIC verication will then fail.
+                */
+               *out_iv32 = iv32;
+               *out_iv16 = iv16;
+       }
+
+       return res;
+}
+
+
 
--- /dev/null
+/*
+ * Copyright 2002-2004, Instant802 Networks, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#ifndef TKIP_H
+#define TKIP_H
+
+#include <linux/types.h>
+#include <linux/crypto.h>
+#include "ieee80211_key.h"
+
+u8 * ieee80211_tkip_add_iv(u8 *pos, struct ieee80211_key *key,
+                          u8 iv0, u8 iv1, u8 iv2);
+void ieee80211_tkip_gen_phase1key(struct ieee80211_key *key, u8 *ta,
+                                 u16 *phase1key);
+void ieee80211_tkip_gen_rc4key(struct ieee80211_key *key, u8 *ta,
+                              u8 *rc4key);
+void ieee80211_tkip_encrypt_data(struct crypto_blkcipher *tfm,
+                                struct ieee80211_key *key,
+                                u8 *pos, size_t payload_len, u8 *ta);
+enum {
+       TKIP_DECRYPT_OK = 0,
+       TKIP_DECRYPT_NO_EXT_IV = -1,
+       TKIP_DECRYPT_INVALID_KEYIDX = -2,
+       TKIP_DECRYPT_REPLAY = -3,
+};
+int ieee80211_tkip_decrypt_data(struct crypto_blkcipher *tfm,
+                               struct ieee80211_key *key,
+                               u8 *payload, size_t payload_len, u8 *ta,
+                               int only_iv, int queue,
+                               u32 *out_iv32, u16 *out_iv16);
+
+#endif /* TKIP_H */
 
--- /dev/null
+/*
+ * Copyright 2002-2005, Instant802 Networks, Inc.
+ * Copyright 2005-2006, Devicescape Software, Inc.
+ * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
+ * Copyright 2007      Johannes Berg <johannes@sipsolutions.net>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ *
+ * Transmit and frame generation functions.
+ */
+
+#include <linux/kernel.h>
+#include <linux/slab.h>
+#include <linux/skbuff.h>
+#include <linux/etherdevice.h>
+#include <linux/bitmap.h>
+#include <linux/rcupdate.h>
+#include <net/ieee80211_radiotap.h>
+#include <net/cfg80211.h>
+#include <net/mac80211.h>
+#include <asm/unaligned.h>
+
+#include "ieee80211_i.h"
+#include "ieee80211_led.h"
+#include "wep.h"
+#include "wpa.h"
+#include "wme.h"
+#include "ieee80211_rate.h"
+
+#define IEEE80211_TX_OK                0
+#define IEEE80211_TX_AGAIN     1
+#define IEEE80211_TX_FRAG_AGAIN        2
+
+/* misc utils */
+
+static inline void ieee80211_include_sequence(struct ieee80211_sub_if_data *sdata,
+                                             struct ieee80211_hdr *hdr)
+{
+       /* Set the sequence number for this frame. */
+       hdr->seq_ctrl = cpu_to_le16(sdata->sequence);
+
+       /* Increase the sequence number. */
+       sdata->sequence = (sdata->sequence + 0x10) & IEEE80211_SCTL_SEQ;
+}
+
+#ifdef CONFIG_MAC80211_LOWTX_FRAME_DUMP
+static void ieee80211_dump_frame(const char *ifname, const char *title,
+                                const struct sk_buff *skb)
+{
+       const struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
+       u16 fc;
+       int hdrlen;
+
+       printk(KERN_DEBUG "%s: %s (len=%d)", ifname, title, skb->len);
+       if (skb->len < 4) {
+               printk("\n");
+               return;
+       }
+
+       fc = le16_to_cpu(hdr->frame_control);
+       hdrlen = ieee80211_get_hdrlen(fc);
+       if (hdrlen > skb->len)
+               hdrlen = skb->len;
+       if (hdrlen >= 4)
+               printk(" FC=0x%04x DUR=0x%04x",
+                      fc, le16_to_cpu(hdr->duration_id));
+       if (hdrlen >= 10)
+               printk(" A1=" MAC_FMT, MAC_ARG(hdr->addr1));
+       if (hdrlen >= 16)
+               printk(" A2=" MAC_FMT, MAC_ARG(hdr->addr2));
+       if (hdrlen >= 24)
+               printk(" A3=" MAC_FMT, MAC_ARG(hdr->addr3));
+       if (hdrlen >= 30)
+               printk(" A4=" MAC_FMT, MAC_ARG(hdr->addr4));
+       printk("\n");
+}
+#else /* CONFIG_MAC80211_LOWTX_FRAME_DUMP */
+static inline void ieee80211_dump_frame(const char *ifname, const char *title,
+                                       struct sk_buff *skb)
+{
+}
+#endif /* CONFIG_MAC80211_LOWTX_FRAME_DUMP */
+
+static u16 ieee80211_duration(struct ieee80211_txrx_data *tx, int group_addr,
+                             int next_frag_len)
+{
+       int rate, mrate, erp, dur, i;
+       struct ieee80211_rate *txrate = tx->u.tx.rate;
+       struct ieee80211_local *local = tx->local;
+       struct ieee80211_hw_mode *mode = tx->u.tx.mode;
+
+       erp = txrate->flags & IEEE80211_RATE_ERP;
+
+       /*
+        * data and mgmt (except PS Poll):
+        * - during CFP: 32768
+        * - during contention period:
+        *   if addr1 is group address: 0
+        *   if more fragments = 0 and addr1 is individual address: time to
+        *      transmit one ACK plus SIFS
+        *   if more fragments = 1 and addr1 is individual address: time to
+        *      transmit next fragment plus 2 x ACK plus 3 x SIFS
+        *
+        * IEEE 802.11, 9.6:
+        * - control response frame (CTS or ACK) shall be transmitted using the
+        *   same rate as the immediately previous frame in the frame exchange
+        *   sequence, if this rate belongs to the PHY mandatory rates, or else
+        *   at the highest possible rate belonging to the PHY rates in the
+        *   BSSBasicRateSet
+        */
+
+       if ((tx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_CTL) {
+               /* TODO: These control frames are not currently sent by
+                * 80211.o, but should they be implemented, this function
+                * needs to be updated to support duration field calculation.
+                *
+                * RTS: time needed to transmit pending data/mgmt frame plus
+                *    one CTS frame plus one ACK frame plus 3 x SIFS
+                * CTS: duration of immediately previous RTS minus time
+                *    required to transmit CTS and its SIFS
+                * ACK: 0 if immediately previous directed data/mgmt had
+                *    more=0, with more=1 duration in ACK frame is duration
+                *    from previous frame minus time needed to transmit ACK
+                *    and its SIFS
+                * PS Poll: BIT(15) | BIT(14) | aid
+                */
+               return 0;
+       }
+
+       /* data/mgmt */
+       if (0 /* FIX: data/mgmt during CFP */)
+               return 32768;
+
+       if (group_addr) /* Group address as the destination - no ACK */
+               return 0;
+
+       /* Individual destination address:
+        * IEEE 802.11, Ch. 9.6 (after IEEE 802.11g changes)
+        * CTS and ACK frames shall be transmitted using the highest rate in
+        * basic rate set that is less than or equal to the rate of the
+        * immediately previous frame and that is using the same modulation
+        * (CCK or OFDM). If no basic rate set matches with these requirements,
+        * the highest mandatory rate of the PHY that is less than or equal to
+        * the rate of the previous frame is used.
+        * Mandatory rates for IEEE 802.11g PHY: 1, 2, 5.5, 11, 6, 12, 24 Mbps
+        */
+       rate = -1;
+       mrate = 10; /* use 1 Mbps if everything fails */
+       for (i = 0; i < mode->num_rates; i++) {
+               struct ieee80211_rate *r = &mode->rates[i];
+               if (r->rate > txrate->rate)
+                       break;
+
+               if (IEEE80211_RATE_MODULATION(txrate->flags) !=
+                   IEEE80211_RATE_MODULATION(r->flags))
+                       continue;
+
+               if (r->flags & IEEE80211_RATE_BASIC)
+                       rate = r->rate;
+               else if (r->flags & IEEE80211_RATE_MANDATORY)
+                       mrate = r->rate;
+       }
+       if (rate == -1) {
+               /* No matching basic rate found; use highest suitable mandatory
+                * PHY rate */
+               rate = mrate;
+       }
+
+       /* Time needed to transmit ACK
+        * (10 bytes + 4-byte FCS = 112 bits) plus SIFS; rounded up
+        * to closest integer */
+
+       dur = ieee80211_frame_duration(local, 10, rate, erp,
+                      tx->sdata->flags & IEEE80211_SDATA_SHORT_PREAMBLE);
+
+       if (next_frag_len) {
+               /* Frame is fragmented: duration increases with time needed to
+                * transmit next fragment plus ACK and 2 x SIFS. */
+               dur *= 2; /* ACK + SIFS */
+               /* next fragment */
+               dur += ieee80211_frame_duration(local, next_frag_len,
+                               txrate->rate, erp,
+                               tx->sdata->flags &
+                                       IEEE80211_SDATA_SHORT_PREAMBLE);
+       }
+
+       return dur;
+}
+
+static inline int __ieee80211_queue_stopped(const struct ieee80211_local *local,
+                                           int queue)
+{
+       return test_bit(IEEE80211_LINK_STATE_XOFF, &local->state[queue]);
+}
+
+static inline int __ieee80211_queue_pending(const struct ieee80211_local *local,
+                                           int queue)
+{
+       return test_bit(IEEE80211_LINK_STATE_PENDING, &local->state[queue]);
+}
+
+static int inline is_ieee80211_device(struct net_device *dev,
+                                     struct net_device *master)
+{
+       return (wdev_priv(dev->ieee80211_ptr) ==
+               wdev_priv(master->ieee80211_ptr));
+}
+
+/* tx handlers */
+
+static ieee80211_txrx_result
+ieee80211_tx_h_check_assoc(struct ieee80211_txrx_data *tx)
+{
+#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
+       struct sk_buff *skb = tx->skb;
+       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
+#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
+       u32 sta_flags;
+
+       if (unlikely(tx->flags & IEEE80211_TXRXD_TX_INJECTED))
+               return TXRX_CONTINUE;
+
+       if (unlikely(tx->local->sta_scanning != 0) &&
+           ((tx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT ||
+            (tx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_PROBE_REQ))
+               return TXRX_DROP;
+
+       if (tx->flags & IEEE80211_TXRXD_TXPS_BUFFERED)
+               return TXRX_CONTINUE;
+
+       sta_flags = tx->sta ? tx->sta->flags : 0;
+
+       if (likely(tx->flags & IEEE80211_TXRXD_TXUNICAST)) {
+               if (unlikely(!(sta_flags & WLAN_STA_ASSOC) &&
+                            tx->sdata->type != IEEE80211_IF_TYPE_IBSS &&
+                            (tx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA)) {
+#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
+                       printk(KERN_DEBUG "%s: dropped data frame to not "
+                              "associated station " MAC_FMT "\n",
+                              tx->dev->name, MAC_ARG(hdr->addr1));
+#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
+                       I802_DEBUG_INC(tx->local->tx_handlers_drop_not_assoc);
+                       return TXRX_DROP;
+               }
+       } else {
+               if (unlikely((tx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
+                            tx->local->num_sta == 0 &&
+                            tx->sdata->type != IEEE80211_IF_TYPE_IBSS)) {
+                       /*
+                        * No associated STAs - no need to send multicast
+                        * frames.
+                        */
+                       return TXRX_DROP;
+               }
+               return TXRX_CONTINUE;
+       }
+
+       if (unlikely(/* !injected && */ tx->sdata->ieee802_1x &&
+                    !(sta_flags & WLAN_STA_AUTHORIZED))) {
+#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
+               printk(KERN_DEBUG "%s: dropped frame to " MAC_FMT
+                      " (unauthorized port)\n", tx->dev->name,
+                      MAC_ARG(hdr->addr1));
+#endif
+               I802_DEBUG_INC(tx->local->tx_handlers_drop_unauth_port);
+               return TXRX_DROP;
+       }
+
+       return TXRX_CONTINUE;
+}
+
+static ieee80211_txrx_result
+ieee80211_tx_h_sequence(struct ieee80211_txrx_data *tx)
+{
+       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
+
+       if (ieee80211_get_hdrlen(le16_to_cpu(hdr->frame_control)) >= 24)
+               ieee80211_include_sequence(tx->sdata, hdr);
+
+       return TXRX_CONTINUE;
+}
+
+/* This function is called whenever the AP is about to exceed the maximum limit
+ * of buffered frames for power saving STAs. This situation should not really
+ * happen often during normal operation, so dropping the oldest buffered packet
+ * from each queue should be OK to make some room for new frames. */
+static void purge_old_ps_buffers(struct ieee80211_local *local)
+{
+       int total = 0, purged = 0;
+       struct sk_buff *skb;
+       struct ieee80211_sub_if_data *sdata;
+       struct sta_info *sta;
+
+       /*
+        * virtual interfaces are protected by RCU
+        */
+       rcu_read_lock();
+
+       list_for_each_entry_rcu(sdata, &local->interfaces, list) {
+               struct ieee80211_if_ap *ap;
+               if (sdata->dev == local->mdev ||
+                   sdata->type != IEEE80211_IF_TYPE_AP)
+                       continue;
+               ap = &sdata->u.ap;
+               skb = skb_dequeue(&ap->ps_bc_buf);
+               if (skb) {
+                       purged++;
+                       dev_kfree_skb(skb);
+               }
+               total += skb_queue_len(&ap->ps_bc_buf);
+       }
+       rcu_read_unlock();
+
+       read_lock_bh(&local->sta_lock);
+       list_for_each_entry(sta, &local->sta_list, list) {
+               skb = skb_dequeue(&sta->ps_tx_buf);
+               if (skb) {
+                       purged++;
+                       dev_kfree_skb(skb);
+               }
+               total += skb_queue_len(&sta->ps_tx_buf);
+       }
+       read_unlock_bh(&local->sta_lock);
+
+       local->total_ps_buffered = total;
+       printk(KERN_DEBUG "%s: PS buffers full - purged %d frames\n",
+              wiphy_name(local->hw.wiphy), purged);
+}
+
+static inline ieee80211_txrx_result
+ieee80211_tx_h_multicast_ps_buf(struct ieee80211_txrx_data *tx)
+{
+       /* broadcast/multicast frame */
+       /* If any of the associated stations is in power save mode,
+        * the frame is buffered to be sent after DTIM beacon frame */
+       if ((tx->local->hw.flags & IEEE80211_HW_HOST_BROADCAST_PS_BUFFERING) &&
+           tx->sdata->type != IEEE80211_IF_TYPE_WDS &&
+           tx->sdata->bss && atomic_read(&tx->sdata->bss->num_sta_ps) &&
+           !(tx->fc & IEEE80211_FCTL_ORDER)) {
+               if (tx->local->total_ps_buffered >= TOTAL_MAX_TX_BUFFER)
+                       purge_old_ps_buffers(tx->local);
+               if (skb_queue_len(&tx->sdata->bss->ps_bc_buf) >=
+                   AP_MAX_BC_BUFFER) {
+                       if (net_ratelimit()) {
+                               printk(KERN_DEBUG "%s: BC TX buffer full - "
+                                      "dropping the oldest frame\n",
+                                      tx->dev->name);
+                       }
+                       dev_kfree_skb(skb_dequeue(&tx->sdata->bss->ps_bc_buf));
+               } else
+                       tx->local->total_ps_buffered++;
+               skb_queue_tail(&tx->sdata->bss->ps_bc_buf, tx->skb);
+               return TXRX_QUEUED;
+       }
+
+       return TXRX_CONTINUE;
+}
+
+static inline ieee80211_txrx_result
+ieee80211_tx_h_unicast_ps_buf(struct ieee80211_txrx_data *tx)
+{
+       struct sta_info *sta = tx->sta;
+
+       if (unlikely(!sta ||
+                    ((tx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_MGMT &&
+                     (tx->fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_PROBE_RESP)))
+               return TXRX_CONTINUE;
+
+       if (unlikely((sta->flags & WLAN_STA_PS) && !sta->pspoll)) {
+               struct ieee80211_tx_packet_data *pkt_data;
+#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
+               printk(KERN_DEBUG "STA " MAC_FMT " aid %d: PS buffer (entries "
+                      "before %d)\n",
+                      MAC_ARG(sta->addr), sta->aid,
+                      skb_queue_len(&sta->ps_tx_buf));
+#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
+               sta->flags |= WLAN_STA_TIM;
+               if (tx->local->total_ps_buffered >= TOTAL_MAX_TX_BUFFER)
+                       purge_old_ps_buffers(tx->local);
+               if (skb_queue_len(&sta->ps_tx_buf) >= STA_MAX_TX_BUFFER) {
+                       struct sk_buff *old = skb_dequeue(&sta->ps_tx_buf);
+                       if (net_ratelimit()) {
+                               printk(KERN_DEBUG "%s: STA " MAC_FMT " TX "
+                                      "buffer full - dropping oldest frame\n",
+                                      tx->dev->name, MAC_ARG(sta->addr));
+                       }
+                       dev_kfree_skb(old);
+               } else
+                       tx->local->total_ps_buffered++;
+               /* Queue frame to be sent after STA sends an PS Poll frame */
+               if (skb_queue_empty(&sta->ps_tx_buf)) {
+                       if (tx->local->ops->set_tim)
+                               tx->local->ops->set_tim(local_to_hw(tx->local),
+                                                      sta->aid, 1);
+                       if (tx->sdata->bss)
+                               bss_tim_set(tx->local, tx->sdata->bss, sta->aid);
+               }
+               pkt_data = (struct ieee80211_tx_packet_data *)tx->skb->cb;
+               pkt_data->jiffies = jiffies;
+               skb_queue_tail(&sta->ps_tx_buf, tx->skb);
+               return TXRX_QUEUED;
+       }
+#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
+       else if (unlikely(sta->flags & WLAN_STA_PS)) {
+               printk(KERN_DEBUG "%s: STA " MAC_FMT " in PS mode, but pspoll "
+                      "set -> send frame\n", tx->dev->name,
+                      MAC_ARG(sta->addr));
+       }
+#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
+       sta->pspoll = 0;
+
+       return TXRX_CONTINUE;
+}
+
+
+static ieee80211_txrx_result
+ieee80211_tx_h_ps_buf(struct ieee80211_txrx_data *tx)
+{
+       if (unlikely(tx->flags & IEEE80211_TXRXD_TXPS_BUFFERED))
+               return TXRX_CONTINUE;
+
+       if (tx->flags & IEEE80211_TXRXD_TXUNICAST)
+               return ieee80211_tx_h_unicast_ps_buf(tx);
+       else
+               return ieee80211_tx_h_multicast_ps_buf(tx);
+}
+
+
+
+
+static ieee80211_txrx_result
+ieee80211_tx_h_select_key(struct ieee80211_txrx_data *tx)
+{
+       struct ieee80211_key *key;
+
+       if (unlikely(tx->u.tx.control->flags & IEEE80211_TXCTL_DO_NOT_ENCRYPT))
+               tx->key = NULL;
+       else if (tx->sta && (key = rcu_dereference(tx->sta->key)))
+               tx->key = key;
+       else if ((key = rcu_dereference(tx->sdata->default_key)))
+               tx->key = key;
+       else if (tx->sdata->drop_unencrypted &&
+                !(tx->sdata->eapol && ieee80211_is_eapol(tx->skb))) {
+               I802_DEBUG_INC(tx->local->tx_handlers_drop_unencrypted);
+               return TXRX_DROP;
+       } else {
+               tx->key = NULL;
+               tx->u.tx.control->flags |= IEEE80211_TXCTL_DO_NOT_ENCRYPT;
+       }
+
+       if (tx->key) {
+               tx->key->tx_rx_count++;
+               /* TODO: add threshold stuff again */
+       }
+
+       return TXRX_CONTINUE;
+}
+
+static ieee80211_txrx_result
+ieee80211_tx_h_fragment(struct ieee80211_txrx_data *tx)
+{
+       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) tx->skb->data;
+       size_t hdrlen, per_fragm, num_fragm, payload_len, left;
+       struct sk_buff **frags, *first, *frag;
+       int i;
+       u16 seq;
+       u8 *pos;
+       int frag_threshold = tx->local->fragmentation_threshold;
+
+       if (!(tx->flags & IEEE80211_TXRXD_FRAGMENTED))
+               return TXRX_CONTINUE;
+
+       first = tx->skb;
+
+       hdrlen = ieee80211_get_hdrlen(tx->fc);
+       payload_len = first->len - hdrlen;
+       per_fragm = frag_threshold - hdrlen - FCS_LEN;
+       num_fragm = (payload_len + per_fragm - 1) / per_fragm;
+
+       frags = kzalloc(num_fragm * sizeof(struct sk_buff *), GFP_ATOMIC);
+       if (!frags)
+               goto fail;
+
+       hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_MOREFRAGS);
+       seq = le16_to_cpu(hdr->seq_ctrl) & IEEE80211_SCTL_SEQ;
+       pos = first->data + hdrlen + per_fragm;
+       left = payload_len - per_fragm;
+       for (i = 0; i < num_fragm - 1; i++) {
+               struct ieee80211_hdr *fhdr;
+               size_t copylen;
+
+               if (left <= 0)
+                       goto fail;
+
+               /* reserve enough extra head and tail room for possible
+                * encryption */
+               frag = frags[i] =
+                       dev_alloc_skb(tx->local->tx_headroom +
+                                     frag_threshold +
+                                     IEEE80211_ENCRYPT_HEADROOM +
+                                     IEEE80211_ENCRYPT_TAILROOM);
+               if (!frag)
+                       goto fail;
+               /* Make sure that all fragments use the same priority so
+                * that they end up using the same TX queue */
+               frag->priority = first->priority;
+               skb_reserve(frag, tx->local->tx_headroom +
+                                 IEEE80211_ENCRYPT_HEADROOM);
+               fhdr = (struct ieee80211_hdr *) skb_put(frag, hdrlen);
+               memcpy(fhdr, first->data, hdrlen);
+               if (i == num_fragm - 2)
+                       fhdr->frame_control &= cpu_to_le16(~IEEE80211_FCTL_MOREFRAGS);
+               fhdr->seq_ctrl = cpu_to_le16(seq | ((i + 1) & IEEE80211_SCTL_FRAG));
+               copylen = left > per_fragm ? per_fragm : left;
+               memcpy(skb_put(frag, copylen), pos, copylen);
+
+               pos += copylen;
+               left -= copylen;
+       }
+       skb_trim(first, hdrlen + per_fragm);
+
+       tx->u.tx.num_extra_frag = num_fragm - 1;
+       tx->u.tx.extra_frag = frags;
+
+       return TXRX_CONTINUE;
+
+ fail:
+       printk(KERN_DEBUG "%s: failed to fragment frame\n", tx->dev->name);
+       if (frags) {
+               for (i = 0; i < num_fragm - 1; i++)
+                       if (frags[i])
+                               dev_kfree_skb(frags[i]);
+               kfree(frags);
+       }
+       I802_DEBUG_INC(tx->local->tx_handlers_drop_fragment);
+       return TXRX_DROP;
+}
+
+static ieee80211_txrx_result
+ieee80211_tx_h_encrypt(struct ieee80211_txrx_data *tx)
+{
+       if (!tx->key)
+               return TXRX_CONTINUE;
+
+       switch (tx->key->conf.alg) {
+       case ALG_WEP:
+               return ieee80211_crypto_wep_encrypt(tx);
+       case ALG_TKIP:
+               return ieee80211_crypto_tkip_encrypt(tx);
+       case ALG_CCMP:
+               return ieee80211_crypto_ccmp_encrypt(tx);
+       }
+
+       /* not reached */
+       WARN_ON(1);
+       return TXRX_DROP;
+}
+
+static ieee80211_txrx_result
+ieee80211_tx_h_rate_ctrl(struct ieee80211_txrx_data *tx)
+{
+       struct rate_control_extra extra;
+
+       if (likely(!tx->u.tx.rate)) {
+               memset(&extra, 0, sizeof(extra));
+               extra.mode = tx->u.tx.mode;
+               extra.ethertype = tx->ethertype;
+
+               tx->u.tx.rate = rate_control_get_rate(tx->local, tx->dev,
+                                                     tx->skb, &extra);
+               if (unlikely(extra.probe != NULL)) {
+                       tx->u.tx.control->flags |=
+                               IEEE80211_TXCTL_RATE_CTRL_PROBE;
+                       tx->flags |= IEEE80211_TXRXD_TXPROBE_LAST_FRAG;
+                       tx->u.tx.control->alt_retry_rate = tx->u.tx.rate->val;
+                       tx->u.tx.rate = extra.probe;
+               } else
+                       tx->u.tx.control->alt_retry_rate = -1;
+
+               if (!tx->u.tx.rate)
+                       return TXRX_DROP;
+       } else
+               tx->u.tx.control->alt_retry_rate = -1;
+
+       if (tx->u.tx.mode->mode == MODE_IEEE80211G &&
+           (tx->sdata->flags & IEEE80211_SDATA_USE_PROTECTION) &&
+           (tx->flags & IEEE80211_TXRXD_FRAGMENTED) && extra.nonerp) {
+               tx->u.tx.last_frag_rate = tx->u.tx.rate;
+               if (extra.probe)
+                       tx->flags &= ~IEEE80211_TXRXD_TXPROBE_LAST_FRAG;
+               else
+                       tx->flags |= IEEE80211_TXRXD_TXPROBE_LAST_FRAG;
+               tx->u.tx.rate = extra.nonerp;
+               tx->u.tx.control->rate = extra.nonerp;
+               tx->u.tx.control->flags &= ~IEEE80211_TXCTL_RATE_CTRL_PROBE;
+       } else {
+               tx->u.tx.last_frag_rate = tx->u.tx.rate;
+               tx->u.tx.control->rate = tx->u.tx.rate;
+       }
+       tx->u.tx.control->tx_rate = tx->u.tx.rate->val;
+
+       return TXRX_CONTINUE;
+}
+
+static ieee80211_txrx_result
+ieee80211_tx_h_misc(struct ieee80211_txrx_data *tx)
+{
+       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) tx->skb->data;
+       u16 fc = le16_to_cpu(hdr->frame_control);
+       u16 dur;
+       struct ieee80211_tx_control *control = tx->u.tx.control;
+       struct ieee80211_hw_mode *mode = tx->u.tx.mode;
+
+       if (!control->retry_limit) {
+               if (!is_multicast_ether_addr(hdr->addr1)) {
+                       if (tx->skb->len + FCS_LEN > tx->local->rts_threshold
+                           && tx->local->rts_threshold <
+                                       IEEE80211_MAX_RTS_THRESHOLD) {
+                               control->flags |=
+                                       IEEE80211_TXCTL_USE_RTS_CTS;
+                               control->flags |=
+                                       IEEE80211_TXCTL_LONG_RETRY_LIMIT;
+                               control->retry_limit =
+                                       tx->local->long_retry_limit;
+                       } else {
+                               control->retry_limit =
+                                       tx->local->short_retry_limit;
+                       }
+               } else {
+                       control->retry_limit = 1;
+               }
+       }
+
+       if (tx->flags & IEEE80211_TXRXD_FRAGMENTED) {
+               /* Do not use multiple retry rates when sending fragmented
+                * frames.
+                * TODO: The last fragment could still use multiple retry
+                * rates. */
+               control->alt_retry_rate = -1;
+       }
+
+       /* Use CTS protection for unicast frames sent using extended rates if
+        * there are associated non-ERP stations and RTS/CTS is not configured
+        * for the frame. */
+       if (mode->mode == MODE_IEEE80211G &&
+           (tx->u.tx.rate->flags & IEEE80211_RATE_ERP) &&
+           (tx->flags & IEEE80211_TXRXD_TXUNICAST) &&
+           (tx->sdata->flags & IEEE80211_SDATA_USE_PROTECTION) &&
+           !(control->flags & IEEE80211_TXCTL_USE_RTS_CTS))
+               control->flags |= IEEE80211_TXCTL_USE_CTS_PROTECT;
+
+       /* Transmit data frames using short preambles if the driver supports
+        * short preambles at the selected rate and short preambles are
+        * available on the network at the current point in time. */
+       if (((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA) &&
+           (tx->u.tx.rate->flags & IEEE80211_RATE_PREAMBLE2) &&
+           (tx->sdata->flags & IEEE80211_SDATA_SHORT_PREAMBLE) &&
+           (!tx->sta || (tx->sta->flags & WLAN_STA_SHORT_PREAMBLE))) {
+               tx->u.tx.control->tx_rate = tx->u.tx.rate->val2;
+       }
+
+       /* Setup duration field for the first fragment of the frame. Duration
+        * for remaining fragments will be updated when they are being sent
+        * to low-level driver in ieee80211_tx(). */
+       dur = ieee80211_duration(tx, is_multicast_ether_addr(hdr->addr1),
+                                (tx->flags & IEEE80211_TXRXD_FRAGMENTED) ?
+                                tx->u.tx.extra_frag[0]->len : 0);
+       hdr->duration_id = cpu_to_le16(dur);
+
+       if ((control->flags & IEEE80211_TXCTL_USE_RTS_CTS) ||
+           (control->flags & IEEE80211_TXCTL_USE_CTS_PROTECT)) {
+               struct ieee80211_rate *rate;
+
+               /* Do not use multiple retry rates when using RTS/CTS */
+               control->alt_retry_rate = -1;
+
+               /* Use min(data rate, max base rate) as CTS/RTS rate */
+               rate = tx->u.tx.rate;
+               while (rate > mode->rates &&
+                      !(rate->flags & IEEE80211_RATE_BASIC))
+                       rate--;
+
+               control->rts_cts_rate = rate->val;
+               control->rts_rate = rate;
+       }
+
+       if (tx->sta) {
+               tx->sta->tx_packets++;
+               tx->sta->tx_fragments++;
+               tx->sta->tx_bytes += tx->skb->len;
+               if (tx->u.tx.extra_frag) {
+                       int i;
+                       tx->sta->tx_fragments += tx->u.tx.num_extra_frag;
+                       for (i = 0; i < tx->u.tx.num_extra_frag; i++) {
+                               tx->sta->tx_bytes +=
+                                       tx->u.tx.extra_frag[i]->len;
+                       }
+               }
+       }
+
+       /*
+        * Tell hardware to not encrypt when we had sw crypto.
+        * Because we use the same flag to internally indicate that
+        * no (software) encryption should be done, we have to set it
+        * after all crypto handlers.
+        */
+       if (tx->key && !(tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
+               tx->u.tx.control->flags |= IEEE80211_TXCTL_DO_NOT_ENCRYPT;
+
+       return TXRX_CONTINUE;
+}
+
+static ieee80211_txrx_result
+ieee80211_tx_h_load_stats(struct ieee80211_txrx_data *tx)
+{
+       struct ieee80211_local *local = tx->local;
+       struct ieee80211_hw_mode *mode = tx->u.tx.mode;
+       struct sk_buff *skb = tx->skb;
+       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
+       u32 load = 0, hdrtime;
+
+       /* TODO: this could be part of tx_status handling, so that the number
+        * of retries would be known; TX rate should in that case be stored
+        * somewhere with the packet */
+
+       /* Estimate total channel use caused by this frame */
+
+       /* 1 bit at 1 Mbit/s takes 1 usec; in channel_use values,
+        * 1 usec = 1/8 * (1080 / 10) = 13.5 */
+
+       if (mode->mode == MODE_IEEE80211A ||
+           (mode->mode == MODE_IEEE80211G &&
+            tx->u.tx.rate->flags & IEEE80211_RATE_ERP))
+               hdrtime = CHAN_UTIL_HDR_SHORT;
+       else
+               hdrtime = CHAN_UTIL_HDR_LONG;
+
+       load = hdrtime;
+       if (!is_multicast_ether_addr(hdr->addr1))
+               load += hdrtime;
+
+       if (tx->u.tx.control->flags & IEEE80211_TXCTL_USE_RTS_CTS)
+               load += 2 * hdrtime;
+       else if (tx->u.tx.control->flags & IEEE80211_TXCTL_USE_CTS_PROTECT)
+               load += hdrtime;
+
+       load += skb->len * tx->u.tx.rate->rate_inv;
+
+       if (tx->u.tx.extra_frag) {
+               int i;
+               for (i = 0; i < tx->u.tx.num_extra_frag; i++) {
+                       load += 2 * hdrtime;
+                       load += tx->u.tx.extra_frag[i]->len *
+                               tx->u.tx.rate->rate;
+               }
+       }
+
+       /* Divide channel_use by 8 to avoid wrapping around the counter */
+       load >>= CHAN_UTIL_SHIFT;
+       local->channel_use_raw += load;
+       if (tx->sta)
+               tx->sta->channel_use_raw += load;
+       tx->sdata->channel_use_raw += load;
+
+       return TXRX_CONTINUE;
+}
+
+/* TODO: implement register/unregister functions for adding TX/RX handlers
+ * into ordered list */
+
+ieee80211_tx_handler ieee80211_tx_handlers[] =
+{
+       ieee80211_tx_h_check_assoc,
+       ieee80211_tx_h_sequence,
+       ieee80211_tx_h_ps_buf,
+       ieee80211_tx_h_select_key,
+       ieee80211_tx_h_michael_mic_add,
+       ieee80211_tx_h_fragment,
+       ieee80211_tx_h_encrypt,
+       ieee80211_tx_h_rate_ctrl,
+       ieee80211_tx_h_misc,
+       ieee80211_tx_h_load_stats,
+       NULL
+};
+
+/* actual transmit path */
+
+/*
+ * deal with packet injection down monitor interface
+ * with Radiotap Header -- only called for monitor mode interface
+ */
+static ieee80211_txrx_result
+__ieee80211_parse_tx_radiotap(struct ieee80211_txrx_data *tx,
+                             struct sk_buff *skb)
+{
+       /*
+        * this is the moment to interpret and discard the radiotap header that
+        * must be at the start of the packet injected in Monitor mode
+        *
+        * Need to take some care with endian-ness since radiotap
+        * args are little-endian
+        */
+
+       struct ieee80211_radiotap_iterator iterator;
+       struct ieee80211_radiotap_header *rthdr =
+               (struct ieee80211_radiotap_header *) skb->data;
+       struct ieee80211_hw_mode *mode = tx->local->hw.conf.mode;
+       int ret = ieee80211_radiotap_iterator_init(&iterator, rthdr, skb->len);
+       struct ieee80211_tx_control *control = tx->u.tx.control;
+
+       control->flags |= IEEE80211_TXCTL_DO_NOT_ENCRYPT;
+       tx->flags |= IEEE80211_TXRXD_TX_INJECTED;
+       tx->flags &= ~IEEE80211_TXRXD_FRAGMENTED;
+
+       /*
+        * for every radiotap entry that is present
+        * (ieee80211_radiotap_iterator_next returns -ENOENT when no more
+        * entries present, or -EINVAL on error)
+        */
+
+       while (!ret) {
+               int i, target_rate;
+
+               ret = ieee80211_radiotap_iterator_next(&iterator);
+
+               if (ret)
+                       continue;
+
+               /* see if this argument is something we can use */
+               switch (iterator.this_arg_index) {
+               /*
+                * You must take care when dereferencing iterator.this_arg
+                * for multibyte types... the pointer is not aligned.  Use
+                * get_unaligned((type *)iterator.this_arg) to dereference
+                * iterator.this_arg for type "type" safely on all arches.
+               */
+               case IEEE80211_RADIOTAP_RATE:
+                       /*
+                        * radiotap rate u8 is in 500kbps units eg, 0x02=1Mbps
+                        * ieee80211 rate int is in 100kbps units eg, 0x0a=1Mbps
+                        */
+                       target_rate = (*iterator.this_arg) * 5;
+                       for (i = 0; i < mode->num_rates; i++) {
+                               struct ieee80211_rate *r = &mode->rates[i];
+
+                               if (r->rate == target_rate) {
+                                       tx->u.tx.rate = r;
+                                       break;
+                               }
+                       }
+                       break;
+
+               case IEEE80211_RADIOTAP_ANTENNA:
+                       /*
+                        * radiotap uses 0 for 1st ant, mac80211 is 1 for
+                        * 1st ant
+                        */
+                       control->antenna_sel_tx = (*iterator.this_arg) + 1;
+                       break;
+
+               case IEEE80211_RADIOTAP_DBM_TX_POWER:
+                       control->power_level = *iterator.this_arg;
+                       break;
+
+               case IEEE80211_RADIOTAP_FLAGS:
+                       if (*iterator.this_arg & IEEE80211_RADIOTAP_F_FCS) {
+                               /*
+                                * this indicates that the skb we have been
+                                * handed has the 32-bit FCS CRC at the end...
+                                * we should react to that by snipping it off
+                                * because it will be recomputed and added
+                                * on transmission
+                                */
+                               if (skb->len < (iterator.max_length + FCS_LEN))
+                                       return TXRX_DROP;
+
+                               skb_trim(skb, skb->len - FCS_LEN);
+                       }
+                       if (*iterator.this_arg & IEEE80211_RADIOTAP_F_WEP)
+                               control->flags &=
+                                       ~IEEE80211_TXCTL_DO_NOT_ENCRYPT;
+                       if (*iterator.this_arg & IEEE80211_RADIOTAP_F_FRAG)
+                               tx->flags |= IEEE80211_TXRXD_FRAGMENTED;
+                       break;
+
+               /*
+                * Please update the file
+                * Documentation/networking/mac80211-injection.txt
+                * when parsing new fields here.
+                */
+
+               default:
+                       break;
+               }
+       }
+
+       if (ret != -ENOENT) /* ie, if we didn't simply run out of fields */
+               return TXRX_DROP;
+
+       /*
+        * remove the radiotap header
+        * iterator->max_length was sanity-checked against
+        * skb->len by iterator init
+        */
+       skb_pull(skb, iterator.max_length);
+
+       return TXRX_CONTINUE;
+}
+
+/*
+ * initialises @tx
+ */
+static ieee80211_txrx_result
+__ieee80211_tx_prepare(struct ieee80211_txrx_data *tx,
+                      struct sk_buff *skb,
+                      struct net_device *dev,
+                      struct ieee80211_tx_control *control)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_hdr *hdr;
+       struct ieee80211_sub_if_data *sdata;
+       ieee80211_txrx_result res = TXRX_CONTINUE;
+
+       int hdrlen;
+
+       memset(tx, 0, sizeof(*tx));
+       tx->skb = skb;
+       tx->dev = dev; /* use original interface */
+       tx->local = local;
+       tx->sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       tx->u.tx.control = control;
+       /*
+        * Set this flag (used below to indicate "automatic fragmentation"),
+        * it will be cleared/left by radiotap as desired.
+        */
+       tx->flags |= IEEE80211_TXRXD_FRAGMENTED;
+
+       /* process and remove the injection radiotap header */
+       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       if (unlikely(sdata->type == IEEE80211_IF_TYPE_MNTR)) {
+               if (__ieee80211_parse_tx_radiotap(tx, skb) == TXRX_DROP)
+                       return TXRX_DROP;
+
+               /*
+                * __ieee80211_parse_tx_radiotap has now removed
+                * the radiotap header that was present and pre-filled
+                * 'tx' with tx control information.
+                */
+       }
+
+       hdr = (struct ieee80211_hdr *) skb->data;
+
+       tx->sta = sta_info_get(local, hdr->addr1);
+       tx->fc = le16_to_cpu(hdr->frame_control);
+
+       if (is_multicast_ether_addr(hdr->addr1)) {
+               tx->flags &= ~IEEE80211_TXRXD_TXUNICAST;
+               control->flags |= IEEE80211_TXCTL_NO_ACK;
+       } else {
+               tx->flags |= IEEE80211_TXRXD_TXUNICAST;
+               control->flags &= ~IEEE80211_TXCTL_NO_ACK;
+       }
+
+       if (tx->flags & IEEE80211_TXRXD_FRAGMENTED) {
+               if ((tx->flags & IEEE80211_TXRXD_TXUNICAST) &&
+                   skb->len + FCS_LEN > local->fragmentation_threshold &&
+                   !local->ops->set_frag_threshold)
+                       tx->flags |= IEEE80211_TXRXD_FRAGMENTED;
+               else
+                       tx->flags &= ~IEEE80211_TXRXD_FRAGMENTED;
+       }
+
+       if (!tx->sta)
+               control->flags |= IEEE80211_TXCTL_CLEAR_DST_MASK;
+       else if (tx->sta->clear_dst_mask) {
+               control->flags |= IEEE80211_TXCTL_CLEAR_DST_MASK;
+               tx->sta->clear_dst_mask = 0;
+       }
+
+       hdrlen = ieee80211_get_hdrlen(tx->fc);
+       if (skb->len > hdrlen + sizeof(rfc1042_header) + 2) {
+               u8 *pos = &skb->data[hdrlen + sizeof(rfc1042_header)];
+               tx->ethertype = (pos[0] << 8) | pos[1];
+       }
+       control->flags |= IEEE80211_TXCTL_FIRST_FRAGMENT;
+
+       return res;
+}
+
+/* Device in tx->dev has a reference added; use dev_put(tx->dev) when
+ * finished with it.
+ *
+ * NB: @tx is uninitialised when passed in here
+ */
+static int ieee80211_tx_prepare(struct ieee80211_txrx_data *tx,
+                               struct sk_buff *skb,
+                               struct net_device *mdev,
+                               struct ieee80211_tx_control *control)
+{
+       struct ieee80211_tx_packet_data *pkt_data;
+       struct net_device *dev;
+
+       pkt_data = (struct ieee80211_tx_packet_data *)skb->cb;
+       dev = dev_get_by_index(pkt_data->ifindex);
+       if (unlikely(dev && !is_ieee80211_device(dev, mdev))) {
+               dev_put(dev);
+               dev = NULL;
+       }
+       if (unlikely(!dev))
+               return -ENODEV;
+       /* initialises tx with control */
+       __ieee80211_tx_prepare(tx, skb, dev, control);
+       return 0;
+}
+
+static int __ieee80211_tx(struct ieee80211_local *local, struct sk_buff *skb,
+                         struct ieee80211_txrx_data *tx)
+{
+       struct ieee80211_tx_control *control = tx->u.tx.control;
+       int ret, i;
+
+       if (!ieee80211_qdisc_installed(local->mdev) &&
+           __ieee80211_queue_stopped(local, 0)) {
+               netif_stop_queue(local->mdev);
+               return IEEE80211_TX_AGAIN;
+       }
+       if (skb) {
+               ieee80211_dump_frame(wiphy_name(local->hw.wiphy),
+                                    "TX to low-level driver", skb);
+               ret = local->ops->tx(local_to_hw(local), skb, control);
+               if (ret)
+                       return IEEE80211_TX_AGAIN;
+               local->mdev->trans_start = jiffies;
+               ieee80211_led_tx(local, 1);
+       }
+       if (tx->u.tx.extra_frag) {
+               control->flags &= ~(IEEE80211_TXCTL_USE_RTS_CTS |
+                                   IEEE80211_TXCTL_USE_CTS_PROTECT |
+                                   IEEE80211_TXCTL_CLEAR_DST_MASK |
+                                   IEEE80211_TXCTL_FIRST_FRAGMENT);
+               for (i = 0; i < tx->u.tx.num_extra_frag; i++) {
+                       if (!tx->u.tx.extra_frag[i])
+                               continue;
+                       if (__ieee80211_queue_stopped(local, control->queue))
+                               return IEEE80211_TX_FRAG_AGAIN;
+                       if (i == tx->u.tx.num_extra_frag) {
+                               control->tx_rate = tx->u.tx.last_frag_hwrate;
+                               control->rate = tx->u.tx.last_frag_rate;
+                               if (tx->flags & IEEE80211_TXRXD_TXPROBE_LAST_FRAG)
+                                       control->flags |=
+                                               IEEE80211_TXCTL_RATE_CTRL_PROBE;
+                               else
+                                       control->flags &=
+                                               ~IEEE80211_TXCTL_RATE_CTRL_PROBE;
+                       }
+
+                       ieee80211_dump_frame(wiphy_name(local->hw.wiphy),
+                                            "TX to low-level driver",
+                                            tx->u.tx.extra_frag[i]);
+                       ret = local->ops->tx(local_to_hw(local),
+                                           tx->u.tx.extra_frag[i],
+                                           control);
+                       if (ret)
+                               return IEEE80211_TX_FRAG_AGAIN;
+                       local->mdev->trans_start = jiffies;
+                       ieee80211_led_tx(local, 1);
+                       tx->u.tx.extra_frag[i] = NULL;
+               }
+               kfree(tx->u.tx.extra_frag);
+               tx->u.tx.extra_frag = NULL;
+       }
+       return IEEE80211_TX_OK;
+}
+
+static int ieee80211_tx(struct net_device *dev, struct sk_buff *skb,
+                       struct ieee80211_tx_control *control)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct sta_info *sta;
+       ieee80211_tx_handler *handler;
+       struct ieee80211_txrx_data tx;
+       ieee80211_txrx_result res = TXRX_DROP, res_prepare;
+       int ret, i;
+
+       WARN_ON(__ieee80211_queue_pending(local, control->queue));
+
+       if (unlikely(skb->len < 10)) {
+               dev_kfree_skb(skb);
+               return 0;
+       }
+
+       /* initialises tx */
+       res_prepare = __ieee80211_tx_prepare(&tx, skb, dev, control);
+
+       if (res_prepare == TXRX_DROP) {
+               dev_kfree_skb(skb);
+               return 0;
+       }
+
+       /*
+        * key references are protected using RCU and this requires that
+        * we are in a read-site RCU section during receive processing
+        */
+       rcu_read_lock();
+
+       sta = tx.sta;
+       tx.u.tx.mode = local->hw.conf.mode;
+
+       for (handler = local->tx_handlers; *handler != NULL;
+            handler++) {
+               res = (*handler)(&tx);
+               if (res != TXRX_CONTINUE)
+                       break;
+       }
+
+       skb = tx.skb; /* handlers are allowed to change skb */
+
+       if (sta)
+               sta_info_put(sta);
+
+       if (unlikely(res == TXRX_DROP)) {
+               I802_DEBUG_INC(local->tx_handlers_drop);
+               goto drop;
+       }
+
+       if (unlikely(res == TXRX_QUEUED)) {
+               I802_DEBUG_INC(local->tx_handlers_queued);
+               rcu_read_unlock();
+               return 0;
+       }
+
+       if (tx.u.tx.extra_frag) {
+               for (i = 0; i < tx.u.tx.num_extra_frag; i++) {
+                       int next_len, dur;
+                       struct ieee80211_hdr *hdr =
+                               (struct ieee80211_hdr *)
+                               tx.u.tx.extra_frag[i]->data;
+
+                       if (i + 1 < tx.u.tx.num_extra_frag) {
+                               next_len = tx.u.tx.extra_frag[i + 1]->len;
+                       } else {
+                               next_len = 0;
+                               tx.u.tx.rate = tx.u.tx.last_frag_rate;
+                               tx.u.tx.last_frag_hwrate = tx.u.tx.rate->val;
+                       }
+                       dur = ieee80211_duration(&tx, 0, next_len);
+                       hdr->duration_id = cpu_to_le16(dur);
+               }
+       }
+
+retry:
+       ret = __ieee80211_tx(local, skb, &tx);
+       if (ret) {
+               struct ieee80211_tx_stored_packet *store =
+                       &local->pending_packet[control->queue];
+
+               if (ret == IEEE80211_TX_FRAG_AGAIN)
+                       skb = NULL;
+               set_bit(IEEE80211_LINK_STATE_PENDING,
+                       &local->state[control->queue]);
+               smp_mb();
+               /* When the driver gets out of buffers during sending of
+                * fragments and calls ieee80211_stop_queue, there is
+                * a small window between IEEE80211_LINK_STATE_XOFF and
+                * IEEE80211_LINK_STATE_PENDING flags are set. If a buffer
+                * gets available in that window (i.e. driver calls
+                * ieee80211_wake_queue), we would end up with ieee80211_tx
+                * called with IEEE80211_LINK_STATE_PENDING. Prevent this by
+                * continuing transmitting here when that situation is
+                * possible to have happened. */
+               if (!__ieee80211_queue_stopped(local, control->queue)) {
+                       clear_bit(IEEE80211_LINK_STATE_PENDING,
+                                 &local->state[control->queue]);
+                       goto retry;
+               }
+               memcpy(&store->control, control,
+                      sizeof(struct ieee80211_tx_control));
+               store->skb = skb;
+               store->extra_frag = tx.u.tx.extra_frag;
+               store->num_extra_frag = tx.u.tx.num_extra_frag;
+               store->last_frag_hwrate = tx.u.tx.last_frag_hwrate;
+               store->last_frag_rate = tx.u.tx.last_frag_rate;
+               store->last_frag_rate_ctrl_probe =
+                       !!(tx.flags & IEEE80211_TXRXD_TXPROBE_LAST_FRAG);
+       }
+       rcu_read_unlock();
+       return 0;
+
+ drop:
+       if (skb)
+               dev_kfree_skb(skb);
+       for (i = 0; i < tx.u.tx.num_extra_frag; i++)
+               if (tx.u.tx.extra_frag[i])
+                       dev_kfree_skb(tx.u.tx.extra_frag[i]);
+       kfree(tx.u.tx.extra_frag);
+       rcu_read_unlock();
+       return 0;
+}
+
+/* device xmit handlers */
+
+int ieee80211_master_start_xmit(struct sk_buff *skb,
+                               struct net_device *dev)
+{
+       struct ieee80211_tx_control control;
+       struct ieee80211_tx_packet_data *pkt_data;
+       struct net_device *odev = NULL;
+       struct ieee80211_sub_if_data *osdata;
+       int headroom;
+       int ret;
+
+       /*
+        * copy control out of the skb so other people can use skb->cb
+        */
+       pkt_data = (struct ieee80211_tx_packet_data *)skb->cb;
+       memset(&control, 0, sizeof(struct ieee80211_tx_control));
+
+       if (pkt_data->ifindex)
+               odev = dev_get_by_index(pkt_data->ifindex);
+       if (unlikely(odev && !is_ieee80211_device(odev, dev))) {
+               dev_put(odev);
+               odev = NULL;
+       }
+       if (unlikely(!odev)) {
+#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
+               printk(KERN_DEBUG "%s: Discarded packet with nonexistent "
+                      "originating device\n", dev->name);
+#endif
+               dev_kfree_skb(skb);
+               return 0;
+       }
+       osdata = IEEE80211_DEV_TO_SUB_IF(odev);
+
+       headroom = osdata->local->tx_headroom + IEEE80211_ENCRYPT_HEADROOM;
+       if (skb_headroom(skb) < headroom) {
+               if (pskb_expand_head(skb, headroom, 0, GFP_ATOMIC)) {
+                       dev_kfree_skb(skb);
+                       dev_put(odev);
+                       return 0;
+               }
+       }
+
+       control.ifindex = odev->ifindex;
+       control.type = osdata->type;
+       if (pkt_data->flags & IEEE80211_TXPD_REQ_TX_STATUS)
+               control.flags |= IEEE80211_TXCTL_REQ_TX_STATUS;
+       if (pkt_data->flags & IEEE80211_TXPD_DO_NOT_ENCRYPT)
+               control.flags |= IEEE80211_TXCTL_DO_NOT_ENCRYPT;
+       if (pkt_data->flags & IEEE80211_TXPD_REQUEUE)
+               control.flags |= IEEE80211_TXCTL_REQUEUE;
+       control.queue = pkt_data->queue;
+
+       ret = ieee80211_tx(odev, skb, &control);
+       dev_put(odev);
+
+       return ret;
+}
+
+int ieee80211_monitor_start_xmit(struct sk_buff *skb,
+                                struct net_device *dev)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_tx_packet_data *pkt_data;
+       struct ieee80211_radiotap_header *prthdr =
+               (struct ieee80211_radiotap_header *)skb->data;
+       u16 len_rthdr;
+
+       /* check for not even having the fixed radiotap header part */
+       if (unlikely(skb->len < sizeof(struct ieee80211_radiotap_header)))
+               goto fail; /* too short to be possibly valid */
+
+       /* is it a header version we can trust to find length from? */
+       if (unlikely(prthdr->it_version))
+               goto fail; /* only version 0 is supported */
+
+       /* then there must be a radiotap header with a length we can use */
+       len_rthdr = ieee80211_get_radiotap_len(skb->data);
+
+       /* does the skb contain enough to deliver on the alleged length? */
+       if (unlikely(skb->len < len_rthdr))
+               goto fail; /* skb too short for claimed rt header extent */
+
+       skb->dev = local->mdev;
+
+       pkt_data = (struct ieee80211_tx_packet_data *)skb->cb;
+       memset(pkt_data, 0, sizeof(*pkt_data));
+       /* needed because we set skb device to master */
+       pkt_data->ifindex = dev->ifindex;
+
+       pkt_data->flags |= IEEE80211_TXPD_DO_NOT_ENCRYPT;
+
+       /*
+        * fix up the pointers accounting for the radiotap
+        * header still being in there.  We are being given
+        * a precooked IEEE80211 header so no need for
+        * normal processing
+        */
+       skb_set_mac_header(skb, len_rthdr);
+       /*
+        * these are just fixed to the end of the rt area since we
+        * don't have any better information and at this point, nobody cares
+        */
+       skb_set_network_header(skb, len_rthdr);
+       skb_set_transport_header(skb, len_rthdr);
+
+       /* pass the radiotap header up to the next stage intact */
+       dev_queue_xmit(skb);
+       return NETDEV_TX_OK;
+
+fail:
+       dev_kfree_skb(skb);
+       return NETDEV_TX_OK; /* meaning, we dealt with the skb */
+}
+
+/**
+ * ieee80211_subif_start_xmit - netif start_xmit function for Ethernet-type
+ * subinterfaces (wlan#, WDS, and VLAN interfaces)
+ * @skb: packet to be sent
+ * @dev: incoming interface
+ *
+ * Returns: 0 on success (and frees skb in this case) or 1 on failure (skb will
+ * not be freed, and caller is responsible for either retrying later or freeing
+ * skb).
+ *
+ * This function takes in an Ethernet header and encapsulates it with suitable
+ * IEEE 802.11 header based on which interface the packet is coming in. The
+ * encapsulated packet will then be passed to master interface, wlan#.11, for
+ * transmission (through low-level driver).
+ */
+int ieee80211_subif_start_xmit(struct sk_buff *skb,
+                              struct net_device *dev)
+{
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_tx_packet_data *pkt_data;
+       struct ieee80211_sub_if_data *sdata;
+       int ret = 1, head_need;
+       u16 ethertype, hdrlen, fc;
+       struct ieee80211_hdr hdr;
+       const u8 *encaps_data;
+       int encaps_len, skip_header_bytes;
+       int nh_pos, h_pos;
+       struct sta_info *sta;
+
+       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       if (unlikely(skb->len < ETH_HLEN)) {
+               printk(KERN_DEBUG "%s: short skb (len=%d)\n",
+                      dev->name, skb->len);
+               ret = 0;
+               goto fail;
+       }
+
+       nh_pos = skb_network_header(skb) - skb->data;
+       h_pos = skb_transport_header(skb) - skb->data;
+
+       /* convert Ethernet header to proper 802.11 header (based on
+        * operation mode) */
+       ethertype = (skb->data[12] << 8) | skb->data[13];
+       /* TODO: handling for 802.1x authorized/unauthorized port */
+       fc = IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA;
+
+       switch (sdata->type) {
+       case IEEE80211_IF_TYPE_AP:
+       case IEEE80211_IF_TYPE_VLAN:
+               fc |= IEEE80211_FCTL_FROMDS;
+               /* DA BSSID SA */
+               memcpy(hdr.addr1, skb->data, ETH_ALEN);
+               memcpy(hdr.addr2, dev->dev_addr, ETH_ALEN);
+               memcpy(hdr.addr3, skb->data + ETH_ALEN, ETH_ALEN);
+               hdrlen = 24;
+               break;
+       case IEEE80211_IF_TYPE_WDS:
+               fc |= IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS;
+               /* RA TA DA SA */
+               memcpy(hdr.addr1, sdata->u.wds.remote_addr, ETH_ALEN);
+               memcpy(hdr.addr2, dev->dev_addr, ETH_ALEN);
+               memcpy(hdr.addr3, skb->data, ETH_ALEN);
+               memcpy(hdr.addr4, skb->data + ETH_ALEN, ETH_ALEN);
+               hdrlen = 30;
+               break;
+       case IEEE80211_IF_TYPE_STA:
+               fc |= IEEE80211_FCTL_TODS;
+               /* BSSID SA DA */
+               memcpy(hdr.addr1, sdata->u.sta.bssid, ETH_ALEN);
+               memcpy(hdr.addr2, skb->data + ETH_ALEN, ETH_ALEN);
+               memcpy(hdr.addr3, skb->data, ETH_ALEN);
+               hdrlen = 24;
+               break;
+       case IEEE80211_IF_TYPE_IBSS:
+               /* DA SA BSSID */
+               memcpy(hdr.addr1, skb->data, ETH_ALEN);
+               memcpy(hdr.addr2, skb->data + ETH_ALEN, ETH_ALEN);
+               memcpy(hdr.addr3, sdata->u.sta.bssid, ETH_ALEN);
+               hdrlen = 24;
+               break;
+       default:
+               ret = 0;
+               goto fail;
+       }
+
+       /* receiver is QoS enabled, use a QoS type frame */
+       sta = sta_info_get(local, hdr.addr1);
+       if (sta) {
+               if (sta->flags & WLAN_STA_WME) {
+                       fc |= IEEE80211_STYPE_QOS_DATA;
+                       hdrlen += 2;
+               }
+               sta_info_put(sta);
+       }
+
+       hdr.frame_control = cpu_to_le16(fc);
+       hdr.duration_id = 0;
+       hdr.seq_ctrl = 0;
+
+       skip_header_bytes = ETH_HLEN;
+       if (ethertype == ETH_P_AARP || ethertype == ETH_P_IPX) {
+               encaps_data = bridge_tunnel_header;
+               encaps_len = sizeof(bridge_tunnel_header);
+               skip_header_bytes -= 2;
+       } else if (ethertype >= 0x600) {
+               encaps_data = rfc1042_header;
+               encaps_len = sizeof(rfc1042_header);
+               skip_header_bytes -= 2;
+       } else {
+               encaps_data = NULL;
+               encaps_len = 0;
+       }
+
+       skb_pull(skb, skip_header_bytes);
+       nh_pos -= skip_header_bytes;
+       h_pos -= skip_header_bytes;
+
+       /* TODO: implement support for fragments so that there is no need to
+        * reallocate and copy payload; it might be enough to support one
+        * extra fragment that would be copied in the beginning of the frame
+        * data.. anyway, it would be nice to include this into skb structure
+        * somehow
+        *
+        * There are few options for this:
+        * use skb->cb as an extra space for 802.11 header
+        * allocate new buffer if not enough headroom
+        * make sure that there is enough headroom in every skb by increasing
+        * build in headroom in __dev_alloc_skb() (linux/skbuff.h) and
+        * alloc_skb() (net/core/skbuff.c)
+        */
+       head_need = hdrlen + encaps_len + local->tx_headroom;
+       head_need -= skb_headroom(skb);
+
+       /* We are going to modify skb data, so make a copy of it if happens to
+        * be cloned. This could happen, e.g., with Linux bridge code passing
+        * us broadcast frames. */
+
+       if (head_need > 0 || skb_cloned(skb)) {
+#if 0
+               printk(KERN_DEBUG "%s: need to reallocate buffer for %d bytes "
+                      "of headroom\n", dev->name, head_need);
+#endif
+
+               if (skb_cloned(skb))
+                       I802_DEBUG_INC(local->tx_expand_skb_head_cloned);
+               else
+                       I802_DEBUG_INC(local->tx_expand_skb_head);
+               /* Since we have to reallocate the buffer, make sure that there
+                * is enough room for possible WEP IV/ICV and TKIP (8 bytes
+                * before payload and 12 after). */
+               if (pskb_expand_head(skb, (head_need > 0 ? head_need + 8 : 8),
+                                    12, GFP_ATOMIC)) {
+                       printk(KERN_DEBUG "%s: failed to reallocate TX buffer"
+                              "\n", dev->name);
+                       goto fail;
+               }
+       }
+
+       if (encaps_data) {
+               memcpy(skb_push(skb, encaps_len), encaps_data, encaps_len);
+               nh_pos += encaps_len;
+               h_pos += encaps_len;
+       }
+
+       if (fc & IEEE80211_STYPE_QOS_DATA) {
+               __le16 *qos_control;
+
+               qos_control = (__le16*) skb_push(skb, 2);
+               memcpy(skb_push(skb, hdrlen - 2), &hdr, hdrlen - 2);
+               /*
+                * Maybe we could actually set some fields here, for now just
+                * initialise to zero to indicate no special operation.
+                */
+               *qos_control = 0;
+       } else
+               memcpy(skb_push(skb, hdrlen), &hdr, hdrlen);
+
+       nh_pos += hdrlen;
+       h_pos += hdrlen;
+
+       pkt_data = (struct ieee80211_tx_packet_data *)skb->cb;
+       memset(pkt_data, 0, sizeof(struct ieee80211_tx_packet_data));
+       pkt_data->ifindex = dev->ifindex;
+
+       skb->dev = local->mdev;
+       dev->stats.tx_packets++;
+       dev->stats.tx_bytes += skb->len;
+
+       /* Update skb pointers to various headers since this modified frame
+        * is going to go through Linux networking code that may potentially
+        * need things like pointer to IP header. */
+       skb_set_mac_header(skb, 0);
+       skb_set_network_header(skb, nh_pos);
+       skb_set_transport_header(skb, h_pos);
+
+       dev->trans_start = jiffies;
+       dev_queue_xmit(skb);
+
+       return 0;
+
+ fail:
+       if (!ret)
+               dev_kfree_skb(skb);
+
+       return ret;
+}
+
+/*
+ * This is the transmit routine for the 802.11 type interfaces
+ * called by upper layers of the linux networking
+ * stack when it has a frame to transmit
+ */
+int ieee80211_mgmt_start_xmit(struct sk_buff *skb, struct net_device *dev)
+{
+       struct ieee80211_sub_if_data *sdata;
+       struct ieee80211_tx_packet_data *pkt_data;
+       struct ieee80211_hdr *hdr;
+       u16 fc;
+
+       sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+
+       if (skb->len < 10) {
+               dev_kfree_skb(skb);
+               return 0;
+       }
+
+       if (skb_headroom(skb) < sdata->local->tx_headroom) {
+               if (pskb_expand_head(skb, sdata->local->tx_headroom,
+                                    0, GFP_ATOMIC)) {
+                       dev_kfree_skb(skb);
+                       return 0;
+               }
+       }
+
+       hdr = (struct ieee80211_hdr *) skb->data;
+       fc = le16_to_cpu(hdr->frame_control);
+
+       pkt_data = (struct ieee80211_tx_packet_data *) skb->cb;
+       memset(pkt_data, 0, sizeof(struct ieee80211_tx_packet_data));
+       pkt_data->ifindex = sdata->dev->ifindex;
+
+       skb->priority = 20; /* use hardcoded priority for mgmt TX queue */
+       skb->dev = sdata->local->mdev;
+
+       /*
+        * We're using the protocol field of the the frame control header
+        * to request TX callback for hostapd. BIT(1) is checked.
+        */
+       if ((fc & BIT(1)) == BIT(1)) {
+               pkt_data->flags |= IEEE80211_TXPD_REQ_TX_STATUS;
+               fc &= ~BIT(1);
+               hdr->frame_control = cpu_to_le16(fc);
+       }
+
+       if (!(fc & IEEE80211_FCTL_PROTECTED))
+               pkt_data->flags |= IEEE80211_TXPD_DO_NOT_ENCRYPT;
+
+       dev->stats.tx_packets++;
+       dev->stats.tx_bytes += skb->len;
+
+       dev_queue_xmit(skb);
+
+       return 0;
+}
+
+/* helper functions for pending packets for when queues are stopped */
+
+void ieee80211_clear_tx_pending(struct ieee80211_local *local)
+{
+       int i, j;
+       struct ieee80211_tx_stored_packet *store;
+
+       for (i = 0; i < local->hw.queues; i++) {
+               if (!__ieee80211_queue_pending(local, i))
+                       continue;
+               store = &local->pending_packet[i];
+               kfree_skb(store->skb);
+               for (j = 0; j < store->num_extra_frag; j++)
+                       kfree_skb(store->extra_frag[j]);
+               kfree(store->extra_frag);
+               clear_bit(IEEE80211_LINK_STATE_PENDING, &local->state[i]);
+       }
+}
+
+void ieee80211_tx_pending(unsigned long data)
+{
+       struct ieee80211_local *local = (struct ieee80211_local *)data;
+       struct net_device *dev = local->mdev;
+       struct ieee80211_tx_stored_packet *store;
+       struct ieee80211_txrx_data tx;
+       int i, ret, reschedule = 0;
+
+       netif_tx_lock_bh(dev);
+       for (i = 0; i < local->hw.queues; i++) {
+               if (__ieee80211_queue_stopped(local, i))
+                       continue;
+               if (!__ieee80211_queue_pending(local, i)) {
+                       reschedule = 1;
+                       continue;
+               }
+               store = &local->pending_packet[i];
+               tx.u.tx.control = &store->control;
+               tx.u.tx.extra_frag = store->extra_frag;
+               tx.u.tx.num_extra_frag = store->num_extra_frag;
+               tx.u.tx.last_frag_hwrate = store->last_frag_hwrate;
+               tx.u.tx.last_frag_rate = store->last_frag_rate;
+               tx.flags = 0;
+               if (store->last_frag_rate_ctrl_probe)
+                       tx.flags |= IEEE80211_TXRXD_TXPROBE_LAST_FRAG;
+               ret = __ieee80211_tx(local, store->skb, &tx);
+               if (ret) {
+                       if (ret == IEEE80211_TX_FRAG_AGAIN)
+                               store->skb = NULL;
+               } else {
+                       clear_bit(IEEE80211_LINK_STATE_PENDING,
+                                 &local->state[i]);
+                       reschedule = 1;
+               }
+       }
+       netif_tx_unlock_bh(dev);
+       if (reschedule) {
+               if (!ieee80211_qdisc_installed(dev)) {
+                       if (!__ieee80211_queue_stopped(local, 0))
+                               netif_wake_queue(dev);
+               } else
+                       netif_schedule(dev);
+       }
+}
+
+/* functions for drivers to get certain frames */
+
+static void ieee80211_beacon_add_tim(struct ieee80211_local *local,
+                                    struct ieee80211_if_ap *bss,
+                                    struct sk_buff *skb)
+{
+       u8 *pos, *tim;
+       int aid0 = 0;
+       int i, have_bits = 0, n1, n2;
+
+       /* Generate bitmap for TIM only if there are any STAs in power save
+        * mode. */
+       read_lock_bh(&local->sta_lock);
+       if (atomic_read(&bss->num_sta_ps) > 0)
+               /* in the hope that this is faster than
+                * checking byte-for-byte */
+               have_bits = !bitmap_empty((unsigned long*)bss->tim,
+                                         IEEE80211_MAX_AID+1);
+
+       if (bss->dtim_count == 0)
+               bss->dtim_count = bss->dtim_period - 1;
+       else
+               bss->dtim_count--;
+
+       tim = pos = (u8 *) skb_put(skb, 6);
+       *pos++ = WLAN_EID_TIM;
+       *pos++ = 4;
+       *pos++ = bss->dtim_count;
+       *pos++ = bss->dtim_period;
+
+       if (bss->dtim_count == 0 && !skb_queue_empty(&bss->ps_bc_buf))
+               aid0 = 1;
+
+       if (have_bits) {
+               /* Find largest even number N1 so that bits numbered 1 through
+                * (N1 x 8) - 1 in the bitmap are 0 and number N2 so that bits
+                * (N2 + 1) x 8 through 2007 are 0. */
+               n1 = 0;
+               for (i = 0; i < IEEE80211_MAX_TIM_LEN; i++) {
+                       if (bss->tim[i]) {
+                               n1 = i & 0xfe;
+                               break;
+                       }
+               }
+               n2 = n1;
+               for (i = IEEE80211_MAX_TIM_LEN - 1; i >= n1; i--) {
+                       if (bss->tim[i]) {
+                               n2 = i;
+                               break;
+                       }
+               }
+
+               /* Bitmap control */
+               *pos++ = n1 | aid0;
+               /* Part Virt Bitmap */
+               memcpy(pos, bss->tim + n1, n2 - n1 + 1);
+
+               tim[1] = n2 - n1 + 4;
+               skb_put(skb, n2 - n1);
+       } else {
+               *pos++ = aid0; /* Bitmap control */
+               *pos++ = 0; /* Part Virt Bitmap */
+       }
+       read_unlock_bh(&local->sta_lock);
+}
+
+struct sk_buff *ieee80211_beacon_get(struct ieee80211_hw *hw, int if_id,
+                                    struct ieee80211_tx_control *control)
+{
+       struct ieee80211_local *local = hw_to_local(hw);
+       struct sk_buff *skb;
+       struct net_device *bdev;
+       struct ieee80211_sub_if_data *sdata = NULL;
+       struct ieee80211_if_ap *ap = NULL;
+       struct ieee80211_rate *rate;
+       struct rate_control_extra extra;
+       u8 *b_head, *b_tail;
+       int bh_len, bt_len;
+
+       bdev = dev_get_by_index(if_id);
+       if (bdev) {
+               sdata = IEEE80211_DEV_TO_SUB_IF(bdev);
+               ap = &sdata->u.ap;
+               dev_put(bdev);
+       }
+
+       if (!ap || sdata->type != IEEE80211_IF_TYPE_AP ||
+           !ap->beacon_head) {
+#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
+               if (net_ratelimit())
+                       printk(KERN_DEBUG "no beacon data avail for idx=%d "
+                              "(%s)\n", if_id, bdev ? bdev->name : "N/A");
+#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
+               return NULL;
+       }
+
+       /* Assume we are generating the normal beacon locally */
+       b_head = ap->beacon_head;
+       b_tail = ap->beacon_tail;
+       bh_len = ap->beacon_head_len;
+       bt_len = ap->beacon_tail_len;
+
+       skb = dev_alloc_skb(local->tx_headroom +
+               bh_len + bt_len + 256 /* maximum TIM len */);
+       if (!skb)
+               return NULL;
+
+       skb_reserve(skb, local->tx_headroom);
+       memcpy(skb_put(skb, bh_len), b_head, bh_len);
+
+       ieee80211_include_sequence(sdata, (struct ieee80211_hdr *)skb->data);
+
+       ieee80211_beacon_add_tim(local, ap, skb);
+
+       if (b_tail) {
+               memcpy(skb_put(skb, bt_len), b_tail, bt_len);
+       }
+
+       if (control) {
+               memset(&extra, 0, sizeof(extra));
+               extra.mode = local->oper_hw_mode;
+
+               rate = rate_control_get_rate(local, local->mdev, skb, &extra);
+               if (!rate) {
+                       if (net_ratelimit()) {
+                               printk(KERN_DEBUG "%s: ieee80211_beacon_get: no rate "
+                                      "found\n", wiphy_name(local->hw.wiphy));
+                       }
+                       dev_kfree_skb(skb);
+                       return NULL;
+               }
+
+               control->tx_rate =
+                       ((sdata->flags & IEEE80211_SDATA_SHORT_PREAMBLE) &&
+                       (rate->flags & IEEE80211_RATE_PREAMBLE2)) ?
+                       rate->val2 : rate->val;
+               control->antenna_sel_tx = local->hw.conf.antenna_sel_tx;
+               control->power_level = local->hw.conf.power_level;
+               control->flags |= IEEE80211_TXCTL_NO_ACK;
+               control->retry_limit = 1;
+               control->flags |= IEEE80211_TXCTL_CLEAR_DST_MASK;
+       }
+
+       ap->num_beacons++;
+       return skb;
+}
+EXPORT_SYMBOL(ieee80211_beacon_get);
+
+void ieee80211_rts_get(struct ieee80211_hw *hw, int if_id,
+                      const void *frame, size_t frame_len,
+                      const struct ieee80211_tx_control *frame_txctl,
+                      struct ieee80211_rts *rts)
+{
+       const struct ieee80211_hdr *hdr = frame;
+       u16 fctl;
+
+       fctl = IEEE80211_FTYPE_CTL | IEEE80211_STYPE_RTS;
+       rts->frame_control = cpu_to_le16(fctl);
+       rts->duration = ieee80211_rts_duration(hw, if_id, frame_len, frame_txctl);
+       memcpy(rts->ra, hdr->addr1, sizeof(rts->ra));
+       memcpy(rts->ta, hdr->addr2, sizeof(rts->ta));
+}
+EXPORT_SYMBOL(ieee80211_rts_get);
+
+void ieee80211_ctstoself_get(struct ieee80211_hw *hw, int if_id,
+                            const void *frame, size_t frame_len,
+                            const struct ieee80211_tx_control *frame_txctl,
+                            struct ieee80211_cts *cts)
+{
+       const struct ieee80211_hdr *hdr = frame;
+       u16 fctl;
+
+       fctl = IEEE80211_FTYPE_CTL | IEEE80211_STYPE_CTS;
+       cts->frame_control = cpu_to_le16(fctl);
+       cts->duration = ieee80211_ctstoself_duration(hw, if_id, frame_len, frame_txctl);
+       memcpy(cts->ra, hdr->addr1, sizeof(cts->ra));
+}
+EXPORT_SYMBOL(ieee80211_ctstoself_get);
+
+struct sk_buff *
+ieee80211_get_buffered_bc(struct ieee80211_hw *hw, int if_id,
+                         struct ieee80211_tx_control *control)
+{
+       struct ieee80211_local *local = hw_to_local(hw);
+       struct sk_buff *skb;
+       struct sta_info *sta;
+       ieee80211_tx_handler *handler;
+       struct ieee80211_txrx_data tx;
+       ieee80211_txrx_result res = TXRX_DROP;
+       struct net_device *bdev;
+       struct ieee80211_sub_if_data *sdata;
+       struct ieee80211_if_ap *bss = NULL;
+
+       bdev = dev_get_by_index(if_id);
+       if (bdev) {
+               sdata = IEEE80211_DEV_TO_SUB_IF(bdev);
+               bss = &sdata->u.ap;
+               dev_put(bdev);
+       }
+       if (!bss || sdata->type != IEEE80211_IF_TYPE_AP || !bss->beacon_head)
+               return NULL;
+
+       if (bss->dtim_count != 0)
+               return NULL; /* send buffered bc/mc only after DTIM beacon */
+       memset(control, 0, sizeof(*control));
+       while (1) {
+               skb = skb_dequeue(&bss->ps_bc_buf);
+               if (!skb)
+                       return NULL;
+               local->total_ps_buffered--;
+
+               if (!skb_queue_empty(&bss->ps_bc_buf) && skb->len >= 2) {
+                       struct ieee80211_hdr *hdr =
+                               (struct ieee80211_hdr *) skb->data;
+                       /* more buffered multicast/broadcast frames ==> set
+                        * MoreData flag in IEEE 802.11 header to inform PS
+                        * STAs */
+                       hdr->frame_control |=
+                               cpu_to_le16(IEEE80211_FCTL_MOREDATA);
+               }
+
+               if (!ieee80211_tx_prepare(&tx, skb, local->mdev, control))
+                       break;
+               dev_kfree_skb_any(skb);
+       }
+       sta = tx.sta;
+       tx.flags |= IEEE80211_TXRXD_TXPS_BUFFERED;
+       tx.u.tx.mode = local->hw.conf.mode;
+
+       for (handler = local->tx_handlers; *handler != NULL; handler++) {
+               res = (*handler)(&tx);
+               if (res == TXRX_DROP || res == TXRX_QUEUED)
+                       break;
+       }
+       dev_put(tx.dev);
+       skb = tx.skb; /* handlers are allowed to change skb */
+
+       if (res == TXRX_DROP) {
+               I802_DEBUG_INC(local->tx_handlers_drop);
+               dev_kfree_skb(skb);
+               skb = NULL;
+       } else if (res == TXRX_QUEUED) {
+               I802_DEBUG_INC(local->tx_handlers_queued);
+               skb = NULL;
+       }
+
+       if (sta)
+               sta_info_put(sta);
+
+       return skb;
+}
+EXPORT_SYMBOL(ieee80211_get_buffered_bc);
 
--- /dev/null
+/*
+ * Copyright 2002-2005, Instant802 Networks, Inc.
+ * Copyright 2005-2006, Devicescape Software, Inc.
+ * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
+ * Copyright 2007      Johannes Berg <johannes@sipsolutions.net>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * utilities for mac80211
+ */
+
+#include <net/mac80211.h>
+#include <linux/netdevice.h>
+#include <linux/types.h>
+#include <linux/slab.h>
+#include <linux/skbuff.h>
+#include <linux/etherdevice.h>
+#include <linux/if_arp.h>
+#include <linux/wireless.h>
+#include <linux/bitmap.h>
+#include <net/cfg80211.h>
+
+#include "ieee80211_i.h"
+#include "ieee80211_rate.h"
+#include "wme.h"
+
+/* privid for wiphys to determine whether they belong to us or not */
+void *mac80211_wiphy_privid = &mac80211_wiphy_privid;
+
+/* See IEEE 802.1H for LLC/SNAP encapsulation/decapsulation */
+/* Ethernet-II snap header (RFC1042 for most EtherTypes) */
+const unsigned char rfc1042_header[] =
+       { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
+
+/* Bridge-Tunnel header (for EtherTypes ETH_P_AARP and ETH_P_IPX) */
+const unsigned char bridge_tunnel_header[] =
+       { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0xf8 };
+
+/* No encapsulation header if EtherType < 0x600 (=length) */
+static const unsigned char eapol_header[] =
+       { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00, 0x88, 0x8e };
+
+
+static int rate_list_match(const int *rate_list, int rate)
+{
+       int i;
+
+       if (!rate_list)
+               return 0;
+
+       for (i = 0; rate_list[i] >= 0; i++)
+               if (rate_list[i] == rate)
+                       return 1;
+
+       return 0;
+}
+
+void ieee80211_prepare_rates(struct ieee80211_local *local,
+                            struct ieee80211_hw_mode *mode)
+{
+       int i;
+
+       for (i = 0; i < mode->num_rates; i++) {
+               struct ieee80211_rate *rate = &mode->rates[i];
+
+               rate->flags &= ~(IEEE80211_RATE_SUPPORTED |
+                                IEEE80211_RATE_BASIC);
+
+               if (local->supp_rates[mode->mode]) {
+                       if (!rate_list_match(local->supp_rates[mode->mode],
+                                            rate->rate))
+                               continue;
+               }
+
+               rate->flags |= IEEE80211_RATE_SUPPORTED;
+
+               /* Use configured basic rate set if it is available. If not,
+                * use defaults that are sane for most cases. */
+               if (local->basic_rates[mode->mode]) {
+                       if (rate_list_match(local->basic_rates[mode->mode],
+                                           rate->rate))
+                               rate->flags |= IEEE80211_RATE_BASIC;
+               } else switch (mode->mode) {
+               case MODE_IEEE80211A:
+                       if (rate->rate == 60 || rate->rate == 120 ||
+                           rate->rate == 240)
+                               rate->flags |= IEEE80211_RATE_BASIC;
+                       break;
+               case MODE_IEEE80211B:
+                       if (rate->rate == 10 || rate->rate == 20)
+                               rate->flags |= IEEE80211_RATE_BASIC;
+                       break;
+               case MODE_IEEE80211G:
+                       if (rate->rate == 10 || rate->rate == 20 ||
+                           rate->rate == 55 || rate->rate == 110)
+                               rate->flags |= IEEE80211_RATE_BASIC;
+                       break;
+               case NUM_IEEE80211_MODES:
+                       /* not useful */
+                       break;
+               }
+
+               /* Set ERP and MANDATORY flags based on phymode */
+               switch (mode->mode) {
+               case MODE_IEEE80211A:
+                       if (rate->rate == 60 || rate->rate == 120 ||
+                           rate->rate == 240)
+                               rate->flags |= IEEE80211_RATE_MANDATORY;
+                       break;
+               case MODE_IEEE80211B:
+                       if (rate->rate == 10)
+                               rate->flags |= IEEE80211_RATE_MANDATORY;
+                       break;
+               case MODE_IEEE80211G:
+                       if (rate->rate == 10 || rate->rate == 20 ||
+                           rate->rate == 55 || rate->rate == 110 ||
+                           rate->rate == 60 || rate->rate == 120 ||
+                           rate->rate == 240)
+                               rate->flags |= IEEE80211_RATE_MANDATORY;
+                       break;
+               case NUM_IEEE80211_MODES:
+                       /* not useful */
+                       break;
+               }
+               if (ieee80211_is_erp_rate(mode->mode, rate->rate))
+                       rate->flags |= IEEE80211_RATE_ERP;
+       }
+}
+
+u8 *ieee80211_get_bssid(struct ieee80211_hdr *hdr, size_t len)
+{
+       u16 fc;
+
+       if (len < 24)
+               return NULL;
+
+       fc = le16_to_cpu(hdr->frame_control);
+
+       switch (fc & IEEE80211_FCTL_FTYPE) {
+       case IEEE80211_FTYPE_DATA:
+               switch (fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) {
+               case IEEE80211_FCTL_TODS:
+                       return hdr->addr1;
+               case (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS):
+                       return NULL;
+               case IEEE80211_FCTL_FROMDS:
+                       return hdr->addr2;
+               case 0:
+                       return hdr->addr3;
+               }
+               break;
+       case IEEE80211_FTYPE_MGMT:
+               return hdr->addr3;
+       case IEEE80211_FTYPE_CTL:
+               if ((fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_PSPOLL)
+                       return hdr->addr1;
+               else
+                       return NULL;
+       }
+
+       return NULL;
+}
+
+int ieee80211_get_hdrlen(u16 fc)
+{
+       int hdrlen = 24;
+
+       switch (fc & IEEE80211_FCTL_FTYPE) {
+       case IEEE80211_FTYPE_DATA:
+               if ((fc & IEEE80211_FCTL_FROMDS) && (fc & IEEE80211_FCTL_TODS))
+                       hdrlen = 30; /* Addr4 */
+               /*
+                * The QoS Control field is two bytes and its presence is
+                * indicated by the IEEE80211_STYPE_QOS_DATA bit. Add 2 to
+                * hdrlen if that bit is set.
+                * This works by masking out the bit and shifting it to
+                * bit position 1 so the result has the value 0 or 2.
+                */
+               hdrlen += (fc & IEEE80211_STYPE_QOS_DATA)
+                               >> (ilog2(IEEE80211_STYPE_QOS_DATA)-1);
+               break;
+       case IEEE80211_FTYPE_CTL:
+               /*
+                * ACK and CTS are 10 bytes, all others 16. To see how
+                * to get this condition consider
+                *   subtype mask:   0b0000000011110000 (0x00F0)
+                *   ACK subtype:    0b0000000011010000 (0x00D0)
+                *   CTS subtype:    0b0000000011000000 (0x00C0)
+                *   bits that matter:         ^^^      (0x00E0)
+                *   value of those: 0b0000000011000000 (0x00C0)
+                */
+               if ((fc & 0xE0) == 0xC0)
+                       hdrlen = 10;
+               else
+                       hdrlen = 16;
+               break;
+       }
+
+       return hdrlen;
+}
+EXPORT_SYMBOL(ieee80211_get_hdrlen);
+
+int ieee80211_get_hdrlen_from_skb(const struct sk_buff *skb)
+{
+       const struct ieee80211_hdr *hdr = (const struct ieee80211_hdr *) skb->data;
+       int hdrlen;
+
+       if (unlikely(skb->len < 10))
+               return 0;
+       hdrlen = ieee80211_get_hdrlen(le16_to_cpu(hdr->frame_control));
+       if (unlikely(hdrlen > skb->len))
+               return 0;
+       return hdrlen;
+}
+EXPORT_SYMBOL(ieee80211_get_hdrlen_from_skb);
+
+int ieee80211_is_eapol(const struct sk_buff *skb)
+{
+       const struct ieee80211_hdr *hdr;
+       u16 fc;
+       int hdrlen;
+
+       if (unlikely(skb->len < 10))
+               return 0;
+
+       hdr = (const struct ieee80211_hdr *) skb->data;
+       fc = le16_to_cpu(hdr->frame_control);
+
+       if (unlikely(!WLAN_FC_DATA_PRESENT(fc)))
+               return 0;
+
+       hdrlen = ieee80211_get_hdrlen(fc);
+
+       if (unlikely(skb->len >= hdrlen + sizeof(eapol_header) &&
+                    memcmp(skb->data + hdrlen, eapol_header,
+                           sizeof(eapol_header)) == 0))
+               return 1;
+
+       return 0;
+}
+
+void ieee80211_tx_set_iswep(struct ieee80211_txrx_data *tx)
+{
+       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) tx->skb->data;
+
+       hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
+       if (tx->u.tx.extra_frag) {
+               struct ieee80211_hdr *fhdr;
+               int i;
+               for (i = 0; i < tx->u.tx.num_extra_frag; i++) {
+                       fhdr = (struct ieee80211_hdr *)
+                               tx->u.tx.extra_frag[i]->data;
+                       fhdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
+               }
+       }
+}
+
+int ieee80211_frame_duration(struct ieee80211_local *local, size_t len,
+                            int rate, int erp, int short_preamble)
+{
+       int dur;
+
+       /* calculate duration (in microseconds, rounded up to next higher
+        * integer if it includes a fractional microsecond) to send frame of
+        * len bytes (does not include FCS) at the given rate. Duration will
+        * also include SIFS.
+        *
+        * rate is in 100 kbps, so divident is multiplied by 10 in the
+        * DIV_ROUND_UP() operations.
+        */
+
+       if (local->hw.conf.phymode == MODE_IEEE80211A || erp) {
+               /*
+                * OFDM:
+                *
+                * N_DBPS = DATARATE x 4
+                * N_SYM = Ceiling((16+8xLENGTH+6) / N_DBPS)
+                *      (16 = SIGNAL time, 6 = tail bits)
+                * TXTIME = T_PREAMBLE + T_SIGNAL + T_SYM x N_SYM + Signal Ext
+                *
+                * T_SYM = 4 usec
+                * 802.11a - 17.5.2: aSIFSTime = 16 usec
+                * 802.11g - 19.8.4: aSIFSTime = 10 usec +
+                *      signal ext = 6 usec
+                */
+               dur = 16; /* SIFS + signal ext */
+               dur += 16; /* 17.3.2.3: T_PREAMBLE = 16 usec */
+               dur += 4; /* 17.3.2.3: T_SIGNAL = 4 usec */
+               dur += 4 * DIV_ROUND_UP((16 + 8 * (len + 4) + 6) * 10,
+                                       4 * rate); /* T_SYM x N_SYM */
+       } else {
+               /*
+                * 802.11b or 802.11g with 802.11b compatibility:
+                * 18.3.4: TXTIME = PreambleLength + PLCPHeaderTime +
+                * Ceiling(((LENGTH+PBCC)x8)/DATARATE). PBCC=0.
+                *
+                * 802.11 (DS): 15.3.3, 802.11b: 18.3.4
+                * aSIFSTime = 10 usec
+                * aPreambleLength = 144 usec or 72 usec with short preamble
+                * aPLCPHeaderLength = 48 usec or 24 usec with short preamble
+                */
+               dur = 10; /* aSIFSTime = 10 usec */
+               dur += short_preamble ? (72 + 24) : (144 + 48);
+
+               dur += DIV_ROUND_UP(8 * (len + 4) * 10, rate);
+       }
+
+       return dur;
+}
+
+/* Exported duration function for driver use */
+__le16 ieee80211_generic_frame_duration(struct ieee80211_hw *hw, int if_id,
+                                       size_t frame_len, int rate)
+{
+       struct ieee80211_local *local = hw_to_local(hw);
+       struct net_device *bdev = dev_get_by_index(if_id);
+       struct ieee80211_sub_if_data *sdata;
+       u16 dur;
+       int erp;
+
+       if (unlikely(!bdev))
+               return 0;
+
+       sdata = IEEE80211_DEV_TO_SUB_IF(bdev);
+       erp = ieee80211_is_erp_rate(hw->conf.phymode, rate);
+       dur = ieee80211_frame_duration(local, frame_len, rate,
+                      erp, sdata->flags & IEEE80211_SDATA_SHORT_PREAMBLE);
+
+       dev_put(bdev);
+       return cpu_to_le16(dur);
+}
+EXPORT_SYMBOL(ieee80211_generic_frame_duration);
+
+__le16 ieee80211_rts_duration(struct ieee80211_hw *hw, int if_id,
+                             size_t frame_len,
+                             const struct ieee80211_tx_control *frame_txctl)
+{
+       struct ieee80211_local *local = hw_to_local(hw);
+       struct ieee80211_rate *rate;
+       struct net_device *bdev = dev_get_by_index(if_id);
+       struct ieee80211_sub_if_data *sdata;
+       int short_preamble;
+       int erp;
+       u16 dur;
+
+       if (unlikely(!bdev))
+               return 0;
+
+       sdata = IEEE80211_DEV_TO_SUB_IF(bdev);
+       short_preamble = sdata->flags & IEEE80211_SDATA_SHORT_PREAMBLE;
+
+       rate = frame_txctl->rts_rate;
+       erp = !!(rate->flags & IEEE80211_RATE_ERP);
+
+       /* CTS duration */
+       dur = ieee80211_frame_duration(local, 10, rate->rate,
+                                      erp, short_preamble);
+       /* Data frame duration */
+       dur += ieee80211_frame_duration(local, frame_len, rate->rate,
+                                       erp, short_preamble);
+       /* ACK duration */
+       dur += ieee80211_frame_duration(local, 10, rate->rate,
+                                       erp, short_preamble);
+
+       dev_put(bdev);
+       return cpu_to_le16(dur);
+}
+EXPORT_SYMBOL(ieee80211_rts_duration);
+
+__le16 ieee80211_ctstoself_duration(struct ieee80211_hw *hw, int if_id,
+                                   size_t frame_len,
+                                   const struct ieee80211_tx_control *frame_txctl)
+{
+       struct ieee80211_local *local = hw_to_local(hw);
+       struct ieee80211_rate *rate;
+       struct net_device *bdev = dev_get_by_index(if_id);
+       struct ieee80211_sub_if_data *sdata;
+       int short_preamble;
+       int erp;
+       u16 dur;
+
+       if (unlikely(!bdev))
+               return 0;
+
+       sdata = IEEE80211_DEV_TO_SUB_IF(bdev);
+       short_preamble = sdata->flags & IEEE80211_SDATA_SHORT_PREAMBLE;
+
+       rate = frame_txctl->rts_rate;
+       erp = !!(rate->flags & IEEE80211_RATE_ERP);
+
+       /* Data frame duration */
+       dur = ieee80211_frame_duration(local, frame_len, rate->rate,
+                                      erp, short_preamble);
+       if (!(frame_txctl->flags & IEEE80211_TXCTL_NO_ACK)) {
+               /* ACK duration */
+               dur += ieee80211_frame_duration(local, 10, rate->rate,
+                                               erp, short_preamble);
+       }
+
+       dev_put(bdev);
+       return cpu_to_le16(dur);
+}
+EXPORT_SYMBOL(ieee80211_ctstoself_duration);
+
+struct ieee80211_rate *
+ieee80211_get_rate(struct ieee80211_local *local, int phymode, int hw_rate)
+{
+       struct ieee80211_hw_mode *mode;
+       int r;
+
+       list_for_each_entry(mode, &local->modes_list, list) {
+               if (mode->mode != phymode)
+                       continue;
+               for (r = 0; r < mode->num_rates; r++) {
+                       struct ieee80211_rate *rate = &mode->rates[r];
+                       if (rate->val == hw_rate ||
+                           (rate->flags & IEEE80211_RATE_PREAMBLE2 &&
+                            rate->val2 == hw_rate))
+                               return rate;
+               }
+       }
+
+       return NULL;
+}
+
+void ieee80211_wake_queue(struct ieee80211_hw *hw, int queue)
+{
+       struct ieee80211_local *local = hw_to_local(hw);
+
+       if (test_and_clear_bit(IEEE80211_LINK_STATE_XOFF,
+                              &local->state[queue])) {
+               if (test_bit(IEEE80211_LINK_STATE_PENDING,
+                            &local->state[queue]))
+                       tasklet_schedule(&local->tx_pending_tasklet);
+               else
+                       if (!ieee80211_qdisc_installed(local->mdev)) {
+                               if (queue == 0)
+                                       netif_wake_queue(local->mdev);
+                       } else
+                               __netif_schedule(local->mdev);
+       }
+}
+EXPORT_SYMBOL(ieee80211_wake_queue);
+
+void ieee80211_stop_queue(struct ieee80211_hw *hw, int queue)
+{
+       struct ieee80211_local *local = hw_to_local(hw);
+
+       if (!ieee80211_qdisc_installed(local->mdev) && queue == 0)
+               netif_stop_queue(local->mdev);
+       set_bit(IEEE80211_LINK_STATE_XOFF, &local->state[queue]);
+}
+EXPORT_SYMBOL(ieee80211_stop_queue);
+
+void ieee80211_start_queues(struct ieee80211_hw *hw)
+{
+       struct ieee80211_local *local = hw_to_local(hw);
+       int i;
+
+       for (i = 0; i < local->hw.queues; i++)
+               clear_bit(IEEE80211_LINK_STATE_XOFF, &local->state[i]);
+       if (!ieee80211_qdisc_installed(local->mdev))
+               netif_start_queue(local->mdev);
+}
+EXPORT_SYMBOL(ieee80211_start_queues);
+
+void ieee80211_stop_queues(struct ieee80211_hw *hw)
+{
+       int i;
+
+       for (i = 0; i < hw->queues; i++)
+               ieee80211_stop_queue(hw, i);
+}
+EXPORT_SYMBOL(ieee80211_stop_queues);
+
+void ieee80211_wake_queues(struct ieee80211_hw *hw)
+{
+       int i;
+
+       for (i = 0; i < hw->queues; i++)
+               ieee80211_wake_queue(hw, i);
+}
+EXPORT_SYMBOL(ieee80211_wake_queues);
 
--- /dev/null
+/*
+ * Software WEP encryption implementation
+ * Copyright 2002, Jouni Malinen <jkmaline@cc.hut.fi>
+ * Copyright 2003, Instant802 Networks, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#include <linux/netdevice.h>
+#include <linux/types.h>
+#include <linux/random.h>
+#include <linux/compiler.h>
+#include <linux/crc32.h>
+#include <linux/crypto.h>
+#include <linux/err.h>
+#include <linux/mm.h>
+#include <asm/scatterlist.h>
+
+#include <net/mac80211.h>
+#include "ieee80211_i.h"
+#include "wep.h"
+
+
+int ieee80211_wep_init(struct ieee80211_local *local)
+{
+       /* start WEP IV from a random value */
+       get_random_bytes(&local->wep_iv, WEP_IV_LEN);
+
+       local->wep_tx_tfm = crypto_alloc_blkcipher("ecb(arc4)", 0,
+                                               CRYPTO_ALG_ASYNC);
+       if (IS_ERR(local->wep_tx_tfm))
+               return -ENOMEM;
+
+       local->wep_rx_tfm = crypto_alloc_blkcipher("ecb(arc4)", 0,
+                                               CRYPTO_ALG_ASYNC);
+       if (IS_ERR(local->wep_rx_tfm)) {
+               crypto_free_blkcipher(local->wep_tx_tfm);
+               return -ENOMEM;
+       }
+
+       return 0;
+}
+
+void ieee80211_wep_free(struct ieee80211_local *local)
+{
+       crypto_free_blkcipher(local->wep_tx_tfm);
+       crypto_free_blkcipher(local->wep_rx_tfm);
+}
+
+static inline int ieee80211_wep_weak_iv(u32 iv, int keylen)
+{
+       /* Fluhrer, Mantin, and Shamir have reported weaknesses in the
+        * key scheduling algorithm of RC4. At least IVs (KeyByte + 3,
+        * 0xff, N) can be used to speedup attacks, so avoid using them. */
+       if ((iv & 0xff00) == 0xff00) {
+               u8 B = (iv >> 16) & 0xff;
+               if (B >= 3 && B < 3 + keylen)
+                       return 1;
+       }
+       return 0;
+}
+
+
+static void ieee80211_wep_get_iv(struct ieee80211_local *local,
+                                struct ieee80211_key *key, u8 *iv)
+{
+       local->wep_iv++;
+       if (ieee80211_wep_weak_iv(local->wep_iv, key->conf.keylen))
+               local->wep_iv += 0x0100;
+
+       if (!iv)
+               return;
+
+       *iv++ = (local->wep_iv >> 16) & 0xff;
+       *iv++ = (local->wep_iv >> 8) & 0xff;
+       *iv++ = local->wep_iv & 0xff;
+       *iv++ = key->conf.keyidx << 6;
+}
+
+
+static u8 *ieee80211_wep_add_iv(struct ieee80211_local *local,
+                               struct sk_buff *skb,
+                               struct ieee80211_key *key)
+{
+       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
+       u16 fc;
+       int hdrlen;
+       u8 *newhdr;
+
+       fc = le16_to_cpu(hdr->frame_control);
+       fc |= IEEE80211_FCTL_PROTECTED;
+       hdr->frame_control = cpu_to_le16(fc);
+
+       if ((skb_headroom(skb) < WEP_IV_LEN ||
+            skb_tailroom(skb) < WEP_ICV_LEN)) {
+               I802_DEBUG_INC(local->tx_expand_skb_head);
+               if (unlikely(pskb_expand_head(skb, WEP_IV_LEN, WEP_ICV_LEN,
+                                             GFP_ATOMIC)))
+                       return NULL;
+       }
+
+       hdrlen = ieee80211_get_hdrlen(fc);
+       newhdr = skb_push(skb, WEP_IV_LEN);
+       memmove(newhdr, newhdr + WEP_IV_LEN, hdrlen);
+       ieee80211_wep_get_iv(local, key, newhdr + hdrlen);
+       return newhdr + hdrlen;
+}
+
+
+static void ieee80211_wep_remove_iv(struct ieee80211_local *local,
+                                   struct sk_buff *skb,
+                                   struct ieee80211_key *key)
+{
+       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
+       u16 fc;
+       int hdrlen;
+
+       fc = le16_to_cpu(hdr->frame_control);
+       hdrlen = ieee80211_get_hdrlen(fc);
+       memmove(skb->data + WEP_IV_LEN, skb->data, hdrlen);
+       skb_pull(skb, WEP_IV_LEN);
+}
+
+
+/* Perform WEP encryption using given key. data buffer must have tailroom
+ * for 4-byte ICV. data_len must not include this ICV. Note: this function
+ * does _not_ add IV. data = RC4(data | CRC32(data)) */
+void ieee80211_wep_encrypt_data(struct crypto_blkcipher *tfm, u8 *rc4key,
+                               size_t klen, u8 *data, size_t data_len)
+{
+       struct blkcipher_desc desc = { .tfm = tfm };
+       struct scatterlist sg;
+       __le32 *icv;
+
+       icv = (__le32 *)(data + data_len);
+       *icv = cpu_to_le32(~crc32_le(~0, data, data_len));
+
+       crypto_blkcipher_setkey(tfm, rc4key, klen);
+       sg.page = virt_to_page(data);
+       sg.offset = offset_in_page(data);
+       sg.length = data_len + WEP_ICV_LEN;
+       crypto_blkcipher_encrypt(&desc, &sg, &sg, sg.length);
+}
+
+
+/* Perform WEP encryption on given skb. 4 bytes of extra space (IV) in the
+ * beginning of the buffer 4 bytes of extra space (ICV) in the end of the
+ * buffer will be added. Both IV and ICV will be transmitted, so the
+ * payload length increases with 8 bytes.
+ *
+ * WEP frame payload: IV + TX key idx, RC4(data), ICV = RC4(CRC32(data))
+ */
+int ieee80211_wep_encrypt(struct ieee80211_local *local, struct sk_buff *skb,
+                         struct ieee80211_key *key)
+{
+       u32 klen;
+       u8 *rc4key, *iv;
+       size_t len;
+
+       if (!key || key->conf.alg != ALG_WEP)
+               return -1;
+
+       klen = 3 + key->conf.keylen;
+       rc4key = kmalloc(klen, GFP_ATOMIC);
+       if (!rc4key)
+               return -1;
+
+       iv = ieee80211_wep_add_iv(local, skb, key);
+       if (!iv) {
+               kfree(rc4key);
+               return -1;
+       }
+
+       len = skb->len - (iv + WEP_IV_LEN - skb->data);
+
+       /* Prepend 24-bit IV to RC4 key */
+       memcpy(rc4key, iv, 3);
+
+       /* Copy rest of the WEP key (the secret part) */
+       memcpy(rc4key + 3, key->conf.key, key->conf.keylen);
+
+       /* Add room for ICV */
+       skb_put(skb, WEP_ICV_LEN);
+
+       ieee80211_wep_encrypt_data(local->wep_tx_tfm, rc4key, klen,
+                                  iv + WEP_IV_LEN, len);
+
+       kfree(rc4key);
+
+       return 0;
+}
+
+
+/* Perform WEP decryption using given key. data buffer includes encrypted
+ * payload, including 4-byte ICV, but _not_ IV. data_len must not include ICV.
+ * Return 0 on success and -1 on ICV mismatch. */
+int ieee80211_wep_decrypt_data(struct crypto_blkcipher *tfm, u8 *rc4key,
+                              size_t klen, u8 *data, size_t data_len)
+{
+       struct blkcipher_desc desc = { .tfm = tfm };
+       struct scatterlist sg;
+       __le32 crc;
+
+       crypto_blkcipher_setkey(tfm, rc4key, klen);
+       sg.page = virt_to_page(data);
+       sg.offset = offset_in_page(data);
+       sg.length = data_len + WEP_ICV_LEN;
+       crypto_blkcipher_decrypt(&desc, &sg, &sg, sg.length);
+
+       crc = cpu_to_le32(~crc32_le(~0, data, data_len));
+       if (memcmp(&crc, data + data_len, WEP_ICV_LEN) != 0)
+               /* ICV mismatch */
+               return -1;
+
+       return 0;
+}
+
+
+/* Perform WEP decryption on given skb. Buffer includes whole WEP part of
+ * the frame: IV (4 bytes), encrypted payload (including SNAP header),
+ * ICV (4 bytes). skb->len includes both IV and ICV.
+ *
+ * Returns 0 if frame was decrypted successfully and ICV was correct and -1 on
+ * failure. If frame is OK, IV and ICV will be removed, i.e., decrypted payload
+ * is moved to the beginning of the skb and skb length will be reduced.
+ */
+int ieee80211_wep_decrypt(struct ieee80211_local *local, struct sk_buff *skb,
+                         struct ieee80211_key *key)
+{
+       u32 klen;
+       u8 *rc4key;
+       u8 keyidx;
+       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
+       u16 fc;
+       int hdrlen;
+       size_t len;
+       int ret = 0;
+
+       fc = le16_to_cpu(hdr->frame_control);
+       if (!(fc & IEEE80211_FCTL_PROTECTED))
+               return -1;
+
+       hdrlen = ieee80211_get_hdrlen(fc);
+
+       if (skb->len < 8 + hdrlen)
+               return -1;
+
+       len = skb->len - hdrlen - 8;
+
+       keyidx = skb->data[hdrlen + 3] >> 6;
+
+       if (!key || keyidx != key->conf.keyidx || key->conf.alg != ALG_WEP)
+               return -1;
+
+       klen = 3 + key->conf.keylen;
+
+       rc4key = kmalloc(klen, GFP_ATOMIC);
+       if (!rc4key)
+               return -1;
+
+       /* Prepend 24-bit IV to RC4 key */
+       memcpy(rc4key, skb->data + hdrlen, 3);
+
+       /* Copy rest of the WEP key (the secret part) */
+       memcpy(rc4key + 3, key->conf.key, key->conf.keylen);
+
+       if (ieee80211_wep_decrypt_data(local->wep_rx_tfm, rc4key, klen,
+                                      skb->data + hdrlen + WEP_IV_LEN,
+                                      len)) {
+               printk(KERN_DEBUG "WEP decrypt failed (ICV)\n");
+               ret = -1;
+       }
+
+       kfree(rc4key);
+
+       /* Trim ICV */
+       skb_trim(skb, skb->len - WEP_ICV_LEN);
+
+       /* Remove IV */
+       memmove(skb->data + WEP_IV_LEN, skb->data, hdrlen);
+       skb_pull(skb, WEP_IV_LEN);
+
+       return ret;
+}
+
+
+u8 * ieee80211_wep_is_weak_iv(struct sk_buff *skb, struct ieee80211_key *key)
+{
+       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
+       u16 fc;
+       int hdrlen;
+       u8 *ivpos;
+       u32 iv;
+
+       fc = le16_to_cpu(hdr->frame_control);
+       if (!(fc & IEEE80211_FCTL_PROTECTED))
+               return NULL;
+
+       hdrlen = ieee80211_get_hdrlen(fc);
+       ivpos = skb->data + hdrlen;
+       iv = (ivpos[0] << 16) | (ivpos[1] << 8) | ivpos[2];
+
+       if (ieee80211_wep_weak_iv(iv, key->conf.keylen))
+               return ivpos;
+
+       return NULL;
+}
+
+ieee80211_txrx_result
+ieee80211_crypto_wep_decrypt(struct ieee80211_txrx_data *rx)
+{
+       if ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA &&
+           ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT ||
+            (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_AUTH))
+               return TXRX_CONTINUE;
+
+       if (!(rx->u.rx.status->flag & RX_FLAG_DECRYPTED)) {
+               if (ieee80211_wep_decrypt(rx->local, rx->skb, rx->key)) {
+                       if (net_ratelimit())
+                               printk(KERN_DEBUG "%s: RX WEP frame, decrypt "
+                                      "failed\n", rx->dev->name);
+                       return TXRX_DROP;
+               }
+       } else if (!(rx->u.rx.status->flag & RX_FLAG_IV_STRIPPED)) {
+               ieee80211_wep_remove_iv(rx->local, rx->skb, rx->key);
+               /* remove ICV */
+               skb_trim(rx->skb, rx->skb->len - 4);
+       }
+
+       return TXRX_CONTINUE;
+}
+
+static int wep_encrypt_skb(struct ieee80211_txrx_data *tx, struct sk_buff *skb)
+{
+       if (!(tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)) {
+               if (ieee80211_wep_encrypt(tx->local, skb, tx->key))
+                       return -1;
+       } else {
+               tx->u.tx.control->key_idx = tx->key->conf.hw_key_idx;
+               if (tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV) {
+                       if (!ieee80211_wep_add_iv(tx->local, skb, tx->key))
+                               return -1;
+               }
+       }
+       return 0;
+}
+
+ieee80211_txrx_result
+ieee80211_crypto_wep_encrypt(struct ieee80211_txrx_data *tx)
+{
+       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) tx->skb->data;
+       u16 fc;
+
+       fc = le16_to_cpu(hdr->frame_control);
+
+       if (((fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA &&
+            ((fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT ||
+             (fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_AUTH)))
+               return TXRX_CONTINUE;
+
+       tx->u.tx.control->iv_len = WEP_IV_LEN;
+       tx->u.tx.control->icv_len = WEP_ICV_LEN;
+       ieee80211_tx_set_iswep(tx);
+
+       if (wep_encrypt_skb(tx, tx->skb) < 0) {
+               I802_DEBUG_INC(tx->local->tx_handlers_drop_wep);
+               return TXRX_DROP;
+       }
+
+       if (tx->u.tx.extra_frag) {
+               int i;
+               for (i = 0; i < tx->u.tx.num_extra_frag; i++) {
+                       if (wep_encrypt_skb(tx, tx->u.tx.extra_frag[i]) < 0) {
+                               I802_DEBUG_INC(tx->local->
+                                              tx_handlers_drop_wep);
+                               return TXRX_DROP;
+                       }
+               }
+       }
+
+       return TXRX_CONTINUE;
+}
 
--- /dev/null
+/*
+ * Software WEP encryption implementation
+ * Copyright 2002, Jouni Malinen <jkmaline@cc.hut.fi>
+ * Copyright 2003, Instant802 Networks, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#ifndef WEP_H
+#define WEP_H
+
+#include <linux/skbuff.h>
+#include <linux/types.h>
+#include "ieee80211_i.h"
+#include "ieee80211_key.h"
+
+int ieee80211_wep_init(struct ieee80211_local *local);
+void ieee80211_wep_free(struct ieee80211_local *local);
+void ieee80211_wep_encrypt_data(struct crypto_blkcipher *tfm, u8 *rc4key,
+                               size_t klen, u8 *data, size_t data_len);
+int ieee80211_wep_decrypt_data(struct crypto_blkcipher *tfm, u8 *rc4key,
+                              size_t klen, u8 *data, size_t data_len);
+int ieee80211_wep_encrypt(struct ieee80211_local *local, struct sk_buff *skb,
+                         struct ieee80211_key *key);
+int ieee80211_wep_decrypt(struct ieee80211_local *local, struct sk_buff *skb,
+                         struct ieee80211_key *key);
+u8 * ieee80211_wep_is_weak_iv(struct sk_buff *skb, struct ieee80211_key *key);
+
+ieee80211_txrx_result
+ieee80211_crypto_wep_decrypt(struct ieee80211_txrx_data *rx);
+ieee80211_txrx_result
+ieee80211_crypto_wep_encrypt(struct ieee80211_txrx_data *tx);
+
+#endif /* WEP_H */
 
--- /dev/null
+/*
+ * Copyright 2004, Instant802 Networks, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#include <linux/netdevice.h>
+#include <linux/skbuff.h>
+#include <linux/module.h>
+#include <linux/if_arp.h>
+#include <linux/types.h>
+#include <net/ip.h>
+#include <net/pkt_sched.h>
+
+#include <net/mac80211.h>
+#include "ieee80211_i.h"
+#include "wme.h"
+
+/* maximum number of hardware queues we support. */
+#define TC_80211_MAX_QUEUES 8
+
+struct ieee80211_sched_data
+{
+       struct tcf_proto *filter_list;
+       struct Qdisc *queues[TC_80211_MAX_QUEUES];
+       struct sk_buff_head requeued[TC_80211_MAX_QUEUES];
+};
+
+
+/* given a data frame determine the 802.1p/1d tag to use */
+static inline unsigned classify_1d(struct sk_buff *skb, struct Qdisc *qd)
+{
+       struct iphdr *ip;
+       int dscp;
+       int offset;
+
+       struct ieee80211_sched_data *q = qdisc_priv(qd);
+       struct tcf_result res = { -1, 0 };
+
+       /* if there is a user set filter list, call out to that */
+       if (q->filter_list) {
+               tc_classify(skb, q->filter_list, &res);
+               if (res.class != -1)
+                       return res.class;
+       }
+
+       /* skb->priority values from 256->263 are magic values to
+        * directly indicate a specific 802.1d priority.
+        * This is used to allow 802.1d priority to be passed directly in
+        * from VLAN tags, etc. */
+       if (skb->priority >= 256 && skb->priority <= 263)
+               return skb->priority - 256;
+
+       /* check there is a valid IP header present */
+       offset = ieee80211_get_hdrlen_from_skb(skb) + 8 /* LLC + proto */;
+       if (skb->protocol != __constant_htons(ETH_P_IP) ||
+           skb->len < offset + sizeof(*ip))
+               return 0;
+
+       ip = (struct iphdr *) (skb->data + offset);
+
+       dscp = ip->tos & 0xfc;
+       if (dscp & 0x1c)
+               return 0;
+       return dscp >> 5;
+}
+
+
+static inline int wme_downgrade_ac(struct sk_buff *skb)
+{
+       switch (skb->priority) {
+       case 6:
+       case 7:
+               skb->priority = 5; /* VO -> VI */
+               return 0;
+       case 4:
+       case 5:
+               skb->priority = 3; /* VI -> BE */
+               return 0;
+       case 0:
+       case 3:
+               skb->priority = 2; /* BE -> BK */
+               return 0;
+       default:
+               return -1;
+       }
+}
+
+
+/* positive return value indicates which queue to use
+ * negative return value indicates to drop the frame */
+static inline int classify80211(struct sk_buff *skb, struct Qdisc *qd)
+{
+       struct ieee80211_local *local = wdev_priv(qd->dev->ieee80211_ptr);
+       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
+       unsigned short fc = le16_to_cpu(hdr->frame_control);
+       int qos;
+       const int ieee802_1d_to_ac[8] = { 2, 3, 3, 2, 1, 1, 0, 0 };
+
+       /* see if frame is data or non data frame */
+       if (unlikely((fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA)) {
+               /* management frames go on AC_VO queue, but are sent
+               * without QoS control fields */
+               return IEEE80211_TX_QUEUE_DATA0;
+       }
+
+       if (0 /* injected */) {
+               /* use AC from radiotap */
+       }
+
+       /* is this a QoS frame? */
+       qos = fc & IEEE80211_STYPE_QOS_DATA;
+
+       if (!qos) {
+               skb->priority = 0; /* required for correct WPA/11i MIC */
+               return ieee802_1d_to_ac[skb->priority];
+       }
+
+       /* use the data classifier to determine what 802.1d tag the
+        * data frame has */
+       skb->priority = classify_1d(skb, qd);
+
+       /* in case we are a client verify acm is not set for this ac */
+       while (unlikely(local->wmm_acm & BIT(skb->priority))) {
+               if (wme_downgrade_ac(skb)) {
+                       /* No AC with lower priority has acm=0, drop packet. */
+                       return -1;
+               }
+       }
+
+       /* look up which queue to use for frames with this 1d tag */
+       return ieee802_1d_to_ac[skb->priority];
+}
+
+
+static int wme_qdiscop_enqueue(struct sk_buff *skb, struct Qdisc* qd)
+{
+       struct ieee80211_local *local = wdev_priv(qd->dev->ieee80211_ptr);
+       struct ieee80211_sched_data *q = qdisc_priv(qd);
+       struct ieee80211_tx_packet_data *pkt_data =
+               (struct ieee80211_tx_packet_data *) skb->cb;
+       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
+       unsigned short fc = le16_to_cpu(hdr->frame_control);
+       struct Qdisc *qdisc;
+       int err, queue;
+
+       if (pkt_data->flags & IEEE80211_TXPD_REQUEUE) {
+               skb_queue_tail(&q->requeued[pkt_data->queue], skb);
+               qd->q.qlen++;
+               return 0;
+       }
+
+       queue = classify80211(skb, qd);
+
+       /* now we know the 1d priority, fill in the QoS header if there is one
+        */
+       if (WLAN_FC_IS_QOS_DATA(fc)) {
+               u8 *p = skb->data + ieee80211_get_hdrlen(fc) - 2;
+               u8 qos_hdr = skb->priority & QOS_CONTROL_TAG1D_MASK;
+               if (local->wifi_wme_noack_test)
+                       qos_hdr |= QOS_CONTROL_ACK_POLICY_NOACK <<
+                                       QOS_CONTROL_ACK_POLICY_SHIFT;
+               /* qos header is 2 bytes, second reserved */
+               *p = qos_hdr;
+               p++;
+               *p = 0;
+       }
+
+       if (unlikely(queue >= local->hw.queues)) {
+#if 0
+               if (net_ratelimit()) {
+                       printk(KERN_DEBUG "%s - queue=%d (hw does not "
+                              "support) -> %d\n",
+                              __func__, queue, local->hw.queues - 1);
+               }
+#endif
+               queue = local->hw.queues - 1;
+       }
+
+       if (unlikely(queue < 0)) {
+                       kfree_skb(skb);
+                       err = NET_XMIT_DROP;
+       } else {
+               pkt_data->queue = (unsigned int) queue;
+               qdisc = q->queues[queue];
+               err = qdisc->enqueue(skb, qdisc);
+               if (err == NET_XMIT_SUCCESS) {
+                       qd->q.qlen++;
+                       qd->bstats.bytes += skb->len;
+                       qd->bstats.packets++;
+                       return NET_XMIT_SUCCESS;
+               }
+       }
+       qd->qstats.drops++;
+       return err;
+}
+
+
+/* TODO: clean up the cases where master_hard_start_xmit
+ * returns non 0 - it shouldn't ever do that. Once done we
+ * can remove this function */
+static int wme_qdiscop_requeue(struct sk_buff *skb, struct Qdisc* qd)
+{
+       struct ieee80211_sched_data *q = qdisc_priv(qd);
+       struct ieee80211_tx_packet_data *pkt_data =
+               (struct ieee80211_tx_packet_data *) skb->cb;
+       struct Qdisc *qdisc;
+       int err;
+
+       /* we recorded which queue to use earlier! */
+       qdisc = q->queues[pkt_data->queue];
+
+       if ((err = qdisc->ops->requeue(skb, qdisc)) == 0) {
+               qd->q.qlen++;
+               return 0;
+       }
+       qd->qstats.drops++;
+       return err;
+}
+
+
+static struct sk_buff *wme_qdiscop_dequeue(struct Qdisc* qd)
+{
+       struct ieee80211_sched_data *q = qdisc_priv(qd);
+       struct net_device *dev = qd->dev;
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_hw *hw = &local->hw;
+       struct sk_buff *skb;
+       struct Qdisc *qdisc;
+       int queue;
+
+       /* check all the h/w queues in numeric/priority order */
+       for (queue = 0; queue < hw->queues; queue++) {
+               /* see if there is room in this hardware queue */
+               if (test_bit(IEEE80211_LINK_STATE_XOFF,
+                            &local->state[queue]) ||
+                   test_bit(IEEE80211_LINK_STATE_PENDING,
+                            &local->state[queue]))
+                       continue;
+
+               /* there is space - try and get a frame */
+               skb = skb_dequeue(&q->requeued[queue]);
+               if (skb) {
+                       qd->q.qlen--;
+                       return skb;
+               }
+
+               qdisc = q->queues[queue];
+               skb = qdisc->dequeue(qdisc);
+               if (skb) {
+                       qd->q.qlen--;
+                       return skb;
+               }
+       }
+       /* returning a NULL here when all the h/w queues are full means we
+        * never need to call netif_stop_queue in the driver */
+       return NULL;
+}
+
+
+static void wme_qdiscop_reset(struct Qdisc* qd)
+{
+       struct ieee80211_sched_data *q = qdisc_priv(qd);
+       struct ieee80211_local *local = wdev_priv(qd->dev->ieee80211_ptr);
+       struct ieee80211_hw *hw = &local->hw;
+       int queue;
+
+       /* QUESTION: should we have some hardware flush functionality here? */
+
+       for (queue = 0; queue < hw->queues; queue++) {
+               skb_queue_purge(&q->requeued[queue]);
+               qdisc_reset(q->queues[queue]);
+       }
+       qd->q.qlen = 0;
+}
+
+
+static void wme_qdiscop_destroy(struct Qdisc* qd)
+{
+       struct ieee80211_sched_data *q = qdisc_priv(qd);
+       struct ieee80211_local *local = wdev_priv(qd->dev->ieee80211_ptr);
+       struct ieee80211_hw *hw = &local->hw;
+       int queue;
+
+       tcf_destroy_chain(q->filter_list);
+       q->filter_list = NULL;
+
+       for (queue=0; queue < hw->queues; queue++) {
+               skb_queue_purge(&q->requeued[queue]);
+               qdisc_destroy(q->queues[queue]);
+               q->queues[queue] = &noop_qdisc;
+       }
+}
+
+
+/* called whenever parameters are updated on existing qdisc */
+static int wme_qdiscop_tune(struct Qdisc *qd, struct rtattr *opt)
+{
+/*     struct ieee80211_sched_data *q = qdisc_priv(qd);
+*/
+       /* check our options block is the right size */
+       /* copy any options to our local structure */
+/*     Ignore options block for now - always use static mapping
+       struct tc_ieee80211_qopt *qopt = RTA_DATA(opt);
+
+       if (opt->rta_len < RTA_LENGTH(sizeof(*qopt)))
+               return -EINVAL;
+       memcpy(q->tag2queue, qopt->tag2queue, sizeof(qopt->tag2queue));
+*/
+       return 0;
+}
+
+
+/* called during initial creation of qdisc on device */
+static int wme_qdiscop_init(struct Qdisc *qd, struct rtattr *opt)
+{
+       struct ieee80211_sched_data *q = qdisc_priv(qd);
+       struct net_device *dev = qd->dev;
+       struct ieee80211_local *local;
+       int queues;
+       int err = 0, i;
+
+       /* check that device is a mac80211 device */
+       if (!dev->ieee80211_ptr ||
+           dev->ieee80211_ptr->wiphy->privid != mac80211_wiphy_privid)
+               return -EINVAL;
+
+       /* check this device is an ieee80211 master type device */
+       if (dev->type != ARPHRD_IEEE80211)
+               return -EINVAL;
+
+       /* check that there is no qdisc currently attached to device
+        * this ensures that we will be the root qdisc. (I can't find a better
+        * way to test this explicitly) */
+       if (dev->qdisc_sleeping != &noop_qdisc)
+               return -EINVAL;
+
+       if (qd->flags & TCQ_F_INGRESS)
+               return -EINVAL;
+
+       local = wdev_priv(dev->ieee80211_ptr);
+       queues = local->hw.queues;
+
+       /* if options were passed in, set them */
+       if (opt) {
+               err = wme_qdiscop_tune(qd, opt);
+       }
+
+       /* create child queues */
+       for (i = 0; i < queues; i++) {
+               skb_queue_head_init(&q->requeued[i]);
+               q->queues[i] = qdisc_create_dflt(qd->dev, &pfifo_qdisc_ops,
+                                                qd->handle);
+               if (!q->queues[i]) {
+                       q->queues[i] = &noop_qdisc;
+                       printk(KERN_ERR "%s child qdisc %i creation failed", dev->name, i);
+               }
+       }
+
+       return err;
+}
+
+static int wme_qdiscop_dump(struct Qdisc *qd, struct sk_buff *skb)
+{
+/*     struct ieee80211_sched_data *q = qdisc_priv(qd);
+       unsigned char *p = skb->tail;
+       struct tc_ieee80211_qopt opt;
+
+       memcpy(&opt.tag2queue, q->tag2queue, TC_80211_MAX_TAG + 1);
+       RTA_PUT(skb, TCA_OPTIONS, sizeof(opt), &opt);
+*/     return skb->len;
+/*
+rtattr_failure:
+       skb_trim(skb, p - skb->data);*/
+       return -1;
+}
+
+
+static int wme_classop_graft(struct Qdisc *qd, unsigned long arg,
+                            struct Qdisc *new, struct Qdisc **old)
+{
+       struct ieee80211_sched_data *q = qdisc_priv(qd);
+       struct ieee80211_local *local = wdev_priv(qd->dev->ieee80211_ptr);
+       struct ieee80211_hw *hw = &local->hw;
+       unsigned long queue = arg - 1;
+
+       if (queue >= hw->queues)
+               return -EINVAL;
+
+       if (!new)
+               new = &noop_qdisc;
+
+       sch_tree_lock(qd);
+       *old = q->queues[queue];
+       q->queues[queue] = new;
+       qdisc_reset(*old);
+       sch_tree_unlock(qd);
+
+       return 0;
+}
+
+
+static struct Qdisc *
+wme_classop_leaf(struct Qdisc *qd, unsigned long arg)
+{
+       struct ieee80211_sched_data *q = qdisc_priv(qd);
+       struct ieee80211_local *local = wdev_priv(qd->dev->ieee80211_ptr);
+       struct ieee80211_hw *hw = &local->hw;
+       unsigned long queue = arg - 1;
+
+       if (queue >= hw->queues)
+               return NULL;
+
+       return q->queues[queue];
+}
+
+
+static unsigned long wme_classop_get(struct Qdisc *qd, u32 classid)
+{
+       struct ieee80211_local *local = wdev_priv(qd->dev->ieee80211_ptr);
+       struct ieee80211_hw *hw = &local->hw;
+       unsigned long queue = TC_H_MIN(classid);
+
+       if (queue - 1 >= hw->queues)
+               return 0;
+
+       return queue;
+}
+
+
+static unsigned long wme_classop_bind(struct Qdisc *qd, unsigned long parent,
+                                     u32 classid)
+{
+       return wme_classop_get(qd, classid);
+}
+
+
+static void wme_classop_put(struct Qdisc *q, unsigned long cl)
+{
+}
+
+
+static int wme_classop_change(struct Qdisc *qd, u32 handle, u32 parent,
+                             struct rtattr **tca, unsigned long *arg)
+{
+       unsigned long cl = *arg;
+       struct ieee80211_local *local = wdev_priv(qd->dev->ieee80211_ptr);
+       struct ieee80211_hw *hw = &local->hw;
+
+       if (cl - 1 > hw->queues)
+               return -ENOENT;
+
+       /* TODO: put code to program hardware queue parameters here,
+        * to allow programming from tc command line */
+
+       return 0;
+}
+
+
+/* we don't support deleting hardware queues
+ * when we add WMM-SA support - TSPECs may be deleted here */
+static int wme_classop_delete(struct Qdisc *qd, unsigned long cl)
+{
+       struct ieee80211_local *local = wdev_priv(qd->dev->ieee80211_ptr);
+       struct ieee80211_hw *hw = &local->hw;
+
+       if (cl - 1 > hw->queues)
+               return -ENOENT;
+       return 0;
+}
+
+
+static int wme_classop_dump_class(struct Qdisc *qd, unsigned long cl,
+                                 struct sk_buff *skb, struct tcmsg *tcm)
+{
+       struct ieee80211_sched_data *q = qdisc_priv(qd);
+       struct ieee80211_local *local = wdev_priv(qd->dev->ieee80211_ptr);
+       struct ieee80211_hw *hw = &local->hw;
+
+       if (cl - 1 > hw->queues)
+               return -ENOENT;
+       tcm->tcm_handle = TC_H_MIN(cl);
+       tcm->tcm_parent = qd->handle;
+       tcm->tcm_info = q->queues[cl-1]->handle; /* do we need this? */
+       return 0;
+}
+
+
+static void wme_classop_walk(struct Qdisc *qd, struct qdisc_walker *arg)
+{
+       struct ieee80211_local *local = wdev_priv(qd->dev->ieee80211_ptr);
+       struct ieee80211_hw *hw = &local->hw;
+       int queue;
+
+       if (arg->stop)
+               return;
+
+       for (queue = 0; queue < hw->queues; queue++) {
+               if (arg->count < arg->skip) {
+                       arg->count++;
+                       continue;
+               }
+               /* we should return classids for our internal queues here
+                * as well as the external ones */
+               if (arg->fn(qd, queue+1, arg) < 0) {
+                       arg->stop = 1;
+                       break;
+               }
+               arg->count++;
+       }
+}
+
+
+static struct tcf_proto ** wme_classop_find_tcf(struct Qdisc *qd,
+                                               unsigned long cl)
+{
+       struct ieee80211_sched_data *q = qdisc_priv(qd);
+
+       if (cl)
+               return NULL;
+
+       return &q->filter_list;
+}
+
+
+/* this qdisc is classful (i.e. has classes, some of which may have leaf qdiscs attached)
+ * - these are the operations on the classes */
+static struct Qdisc_class_ops class_ops =
+{
+       .graft = wme_classop_graft,
+       .leaf = wme_classop_leaf,
+
+       .get = wme_classop_get,
+       .put = wme_classop_put,
+       .change = wme_classop_change,
+       .delete = wme_classop_delete,
+       .walk = wme_classop_walk,
+
+       .tcf_chain = wme_classop_find_tcf,
+       .bind_tcf = wme_classop_bind,
+       .unbind_tcf = wme_classop_put,
+
+       .dump = wme_classop_dump_class,
+};
+
+
+/* queueing discipline operations */
+static struct Qdisc_ops wme_qdisc_ops =
+{
+       .next = NULL,
+       .cl_ops = &class_ops,
+       .id = "ieee80211",
+       .priv_size = sizeof(struct ieee80211_sched_data),
+
+       .enqueue = wme_qdiscop_enqueue,
+       .dequeue = wme_qdiscop_dequeue,
+       .requeue = wme_qdiscop_requeue,
+       .drop = NULL, /* drop not needed since we are always the root qdisc */
+
+       .init = wme_qdiscop_init,
+       .reset = wme_qdiscop_reset,
+       .destroy = wme_qdiscop_destroy,
+       .change = wme_qdiscop_tune,
+
+       .dump = wme_qdiscop_dump,
+};
+
+
+void ieee80211_install_qdisc(struct net_device *dev)
+{
+       struct Qdisc *qdisc;
+
+       qdisc = qdisc_create_dflt(dev, &wme_qdisc_ops, TC_H_ROOT);
+       if (!qdisc) {
+               printk(KERN_ERR "%s: qdisc installation failed\n", dev->name);
+               return;
+       }
+
+       /* same handle as would be allocated by qdisc_alloc_handle() */
+       qdisc->handle = 0x80010000;
+
+       qdisc_lock_tree(dev);
+       list_add_tail(&qdisc->list, &dev->qdisc_list);
+       dev->qdisc_sleeping = qdisc;
+       qdisc_unlock_tree(dev);
+}
+
+
+int ieee80211_qdisc_installed(struct net_device *dev)
+{
+       return dev->qdisc_sleeping->ops == &wme_qdisc_ops;
+}
+
+
+int ieee80211_wme_register(void)
+{
+       return register_qdisc(&wme_qdisc_ops);
+}
+
+
+void ieee80211_wme_unregister(void)
+{
+       unregister_qdisc(&wme_qdisc_ops);
+}
 
--- /dev/null
+/*
+ * IEEE 802.11 driver (80211.o) - QoS datatypes
+ * Copyright 2004, Instant802 Networks, Inc.
+ * Copyright 2005, Devicescape Software, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#ifndef _WME_H
+#define _WME_H
+
+#include <linux/netdevice.h>
+#include "ieee80211_i.h"
+
+#define QOS_CONTROL_LEN 2
+
+#define QOS_CONTROL_ACK_POLICY_NORMAL 0
+#define QOS_CONTROL_ACK_POLICY_NOACK 1
+
+#define QOS_CONTROL_TID_MASK 0x0f
+#define QOS_CONTROL_ACK_POLICY_SHIFT 5
+
+#define QOS_CONTROL_TAG1D_MASK 0x07
+
+static inline int WLAN_FC_IS_QOS_DATA(u16 fc)
+{
+       return (fc & 0x8C) == 0x88;
+}
+
+#ifdef CONFIG_NET_SCHED
+void ieee80211_install_qdisc(struct net_device *dev);
+int ieee80211_qdisc_installed(struct net_device *dev);
+
+int ieee80211_wme_register(void);
+void ieee80211_wme_unregister(void);
+#else
+static inline void ieee80211_install_qdisc(struct net_device *dev)
+{
+}
+static inline int ieee80211_qdisc_installed(struct net_device *dev)
+{
+       return 0;
+}
+
+static inline int ieee80211_wme_register(void)
+{
+       return 0;
+}
+static inline void ieee80211_wme_unregister(void)
+{
+}
+#endif /* CONFIG_NET_SCHED */
+
+#endif /* _WME_H */
 
--- /dev/null
+/*
+ * Copyright 2002-2004, Instant802 Networks, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#include <linux/netdevice.h>
+#include <linux/types.h>
+#include <linux/slab.h>
+#include <linux/skbuff.h>
+#include <linux/compiler.h>
+#include <net/mac80211.h>
+
+#include "ieee80211_i.h"
+#include "michael.h"
+#include "tkip.h"
+#include "aes_ccm.h"
+#include "wpa.h"
+
+static int ieee80211_get_hdr_info(const struct sk_buff *skb, u8 **sa, u8 **da,
+                                 u8 *qos_tid, u8 **data, size_t *data_len)
+{
+       struct ieee80211_hdr *hdr;
+       size_t hdrlen;
+       u16 fc;
+       int a4_included;
+       u8 *pos;
+
+       hdr = (struct ieee80211_hdr *) skb->data;
+       fc = le16_to_cpu(hdr->frame_control);
+
+       hdrlen = 24;
+       if ((fc & (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) ==
+           (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
+               hdrlen += ETH_ALEN;
+               *sa = hdr->addr4;
+               *da = hdr->addr3;
+       } else if (fc & IEEE80211_FCTL_FROMDS) {
+               *sa = hdr->addr3;
+               *da = hdr->addr1;
+       } else if (fc & IEEE80211_FCTL_TODS) {
+               *sa = hdr->addr2;
+               *da = hdr->addr3;
+       } else {
+               *sa = hdr->addr2;
+               *da = hdr->addr1;
+       }
+
+       if (fc & 0x80)
+               hdrlen += 2;
+
+       *data = skb->data + hdrlen;
+       *data_len = skb->len - hdrlen;
+
+       a4_included = (fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) ==
+               (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS);
+       if ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
+           fc & IEEE80211_STYPE_QOS_DATA) {
+               pos = (u8 *) &hdr->addr4;
+               if (a4_included)
+                       pos += 6;
+               *qos_tid = pos[0] & 0x0f;
+               *qos_tid |= 0x80; /* qos_included flag */
+       } else
+               *qos_tid = 0;
+
+       return skb->len < hdrlen ? -1 : 0;
+}
+
+
+ieee80211_txrx_result
+ieee80211_tx_h_michael_mic_add(struct ieee80211_txrx_data *tx)
+{
+       u8 *data, *sa, *da, *key, *mic, qos_tid;
+       size_t data_len;
+       u16 fc;
+       struct sk_buff *skb = tx->skb;
+       int authenticator;
+       int wpa_test = 0;
+
+       fc = tx->fc;
+
+       if (!tx->key || tx->key->conf.alg != ALG_TKIP || skb->len < 24 ||
+           !WLAN_FC_DATA_PRESENT(fc))
+               return TXRX_CONTINUE;
+
+       if (ieee80211_get_hdr_info(skb, &sa, &da, &qos_tid, &data, &data_len))
+               return TXRX_DROP;
+
+       if ((tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) &&
+           !(tx->flags & IEEE80211_TXRXD_FRAGMENTED) &&
+           !(tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC) &&
+           !wpa_test) {
+               /* hwaccel - with no need for preallocated room for Michael MIC
+                */
+               return TXRX_CONTINUE;
+       }
+
+       if (skb_tailroom(skb) < MICHAEL_MIC_LEN) {
+               I802_DEBUG_INC(tx->local->tx_expand_skb_head);
+               if (unlikely(pskb_expand_head(skb, TKIP_IV_LEN,
+                                             MICHAEL_MIC_LEN + TKIP_ICV_LEN,
+                                             GFP_ATOMIC))) {
+                       printk(KERN_DEBUG "%s: failed to allocate more memory "
+                              "for Michael MIC\n", tx->dev->name);
+                       return TXRX_DROP;
+               }
+       }
+
+#if 0
+       authenticator = fc & IEEE80211_FCTL_FROMDS; /* FIX */
+#else
+       authenticator = 1;
+#endif
+       key = &tx->key->conf.key[authenticator ? ALG_TKIP_TEMP_AUTH_TX_MIC_KEY :
+                                ALG_TKIP_TEMP_AUTH_RX_MIC_KEY];
+       mic = skb_put(skb, MICHAEL_MIC_LEN);
+       michael_mic(key, da, sa, qos_tid & 0x0f, data, data_len, mic);
+
+       return TXRX_CONTINUE;
+}
+
+
+ieee80211_txrx_result
+ieee80211_rx_h_michael_mic_verify(struct ieee80211_txrx_data *rx)
+{
+       u8 *data, *sa, *da, *key = NULL, qos_tid;
+       size_t data_len;
+       u16 fc;
+       u8 mic[MICHAEL_MIC_LEN];
+       struct sk_buff *skb = rx->skb;
+       int authenticator = 1, wpa_test = 0;
+
+       fc = rx->fc;
+
+       /*
+        * No way to verify the MIC if the hardware stripped it
+        */
+       if (rx->u.rx.status->flag & RX_FLAG_MMIC_STRIPPED)
+               return TXRX_CONTINUE;
+
+       if (!rx->key || rx->key->conf.alg != ALG_TKIP ||
+           !(rx->fc & IEEE80211_FCTL_PROTECTED) || !WLAN_FC_DATA_PRESENT(fc))
+               return TXRX_CONTINUE;
+
+       if (ieee80211_get_hdr_info(skb, &sa, &da, &qos_tid, &data, &data_len)
+           || data_len < MICHAEL_MIC_LEN)
+               return TXRX_DROP;
+
+       data_len -= MICHAEL_MIC_LEN;
+
+#if 0
+       authenticator = fc & IEEE80211_FCTL_TODS; /* FIX */
+#else
+       authenticator = 1;
+#endif
+       key = &rx->key->conf.key[authenticator ? ALG_TKIP_TEMP_AUTH_RX_MIC_KEY :
+                                ALG_TKIP_TEMP_AUTH_TX_MIC_KEY];
+       michael_mic(key, da, sa, qos_tid & 0x0f, data, data_len, mic);
+       if (memcmp(mic, data + data_len, MICHAEL_MIC_LEN) != 0 || wpa_test) {
+               if (!(rx->flags & IEEE80211_TXRXD_RXRA_MATCH))
+                       return TXRX_DROP;
+
+               printk(KERN_DEBUG "%s: invalid Michael MIC in data frame from "
+                      MAC_FMT "\n", rx->dev->name, MAC_ARG(sa));
+
+               mac80211_ev_michael_mic_failure(rx->dev, rx->key->conf.keyidx,
+                                               (void *) skb->data);
+               return TXRX_DROP;
+       }
+
+       /* remove Michael MIC from payload */
+       skb_trim(skb, skb->len - MICHAEL_MIC_LEN);
+
+       /* update IV in key information to be able to detect replays */
+       rx->key->u.tkip.iv32_rx[rx->u.rx.queue] = rx->u.rx.tkip_iv32;
+       rx->key->u.tkip.iv16_rx[rx->u.rx.queue] = rx->u.rx.tkip_iv16;
+
+       return TXRX_CONTINUE;
+}
+
+
+static int tkip_encrypt_skb(struct ieee80211_txrx_data *tx,
+                           struct sk_buff *skb, int test)
+{
+       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
+       struct ieee80211_key *key = tx->key;
+       int hdrlen, len, tailneed;
+       u16 fc;
+       u8 *pos;
+
+       fc = le16_to_cpu(hdr->frame_control);
+       hdrlen = ieee80211_get_hdrlen(fc);
+       len = skb->len - hdrlen;
+
+       if (tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)
+               tailneed = 0;
+       else
+               tailneed = TKIP_ICV_LEN;
+
+       if ((skb_headroom(skb) < TKIP_IV_LEN ||
+            skb_tailroom(skb) < tailneed)) {
+               I802_DEBUG_INC(tx->local->tx_expand_skb_head);
+               if (unlikely(pskb_expand_head(skb, TKIP_IV_LEN, tailneed,
+                                             GFP_ATOMIC)))
+                       return -1;
+       }
+
+       pos = skb_push(skb, TKIP_IV_LEN);
+       memmove(pos, pos + TKIP_IV_LEN, hdrlen);
+       pos += hdrlen;
+
+       /* Increase IV for the frame */
+       key->u.tkip.iv16++;
+       if (key->u.tkip.iv16 == 0)
+               key->u.tkip.iv32++;
+
+       if (tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
+               hdr = (struct ieee80211_hdr *)skb->data;
+
+               /* hwaccel - with preallocated room for IV */
+               ieee80211_tkip_add_iv(pos, key,
+                                     (u8) (key->u.tkip.iv16 >> 8),
+                                     (u8) (((key->u.tkip.iv16 >> 8) | 0x20) &
+                                           0x7f),
+                                     (u8) key->u.tkip.iv16);
+
+               tx->u.tx.control->key_idx = tx->key->conf.hw_key_idx;
+               return 0;
+       }
+
+       /* Add room for ICV */
+       skb_put(skb, TKIP_ICV_LEN);
+
+       hdr = (struct ieee80211_hdr *) skb->data;
+       ieee80211_tkip_encrypt_data(tx->local->wep_tx_tfm,
+                                   key, pos, len, hdr->addr2);
+       return 0;
+}
+
+
+ieee80211_txrx_result
+ieee80211_crypto_tkip_encrypt(struct ieee80211_txrx_data *tx)
+{
+       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) tx->skb->data;
+       u16 fc;
+       struct sk_buff *skb = tx->skb;
+       int wpa_test = 0, test = 0;
+
+       fc = le16_to_cpu(hdr->frame_control);
+
+       if (!WLAN_FC_DATA_PRESENT(fc))
+               return TXRX_CONTINUE;
+
+       tx->u.tx.control->icv_len = TKIP_ICV_LEN;
+       tx->u.tx.control->iv_len = TKIP_IV_LEN;
+       ieee80211_tx_set_iswep(tx);
+
+       if ((tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) &&
+           !(tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV) &&
+           !wpa_test) {
+               /* hwaccel - with no need for preallocated room for IV/ICV */
+               tx->u.tx.control->key_idx = tx->key->conf.hw_key_idx;
+               return TXRX_CONTINUE;
+       }
+
+       if (tkip_encrypt_skb(tx, skb, test) < 0)
+               return TXRX_DROP;
+
+       if (tx->u.tx.extra_frag) {
+               int i;
+               for (i = 0; i < tx->u.tx.num_extra_frag; i++) {
+                       if (tkip_encrypt_skb(tx, tx->u.tx.extra_frag[i], test)
+                           < 0)
+                               return TXRX_DROP;
+               }
+       }
+
+       return TXRX_CONTINUE;
+}
+
+
+ieee80211_txrx_result
+ieee80211_crypto_tkip_decrypt(struct ieee80211_txrx_data *rx)
+{
+       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
+       u16 fc;
+       int hdrlen, res, hwaccel = 0, wpa_test = 0;
+       struct ieee80211_key *key = rx->key;
+       struct sk_buff *skb = rx->skb;
+
+       fc = le16_to_cpu(hdr->frame_control);
+       hdrlen = ieee80211_get_hdrlen(fc);
+
+       if ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA)
+               return TXRX_CONTINUE;
+
+       if (!rx->sta || skb->len - hdrlen < 12)
+               return TXRX_DROP;
+
+       if (rx->u.rx.status->flag & RX_FLAG_DECRYPTED) {
+               if (rx->u.rx.status->flag & RX_FLAG_IV_STRIPPED) {
+                       /*
+                        * Hardware took care of all processing, including
+                        * replay protection, and stripped the ICV/IV so
+                        * we cannot do any checks here.
+                        */
+                       return TXRX_CONTINUE;
+               }
+
+               /* let TKIP code verify IV, but skip decryption */
+               hwaccel = 1;
+       }
+
+       res = ieee80211_tkip_decrypt_data(rx->local->wep_rx_tfm,
+                                         key, skb->data + hdrlen,
+                                         skb->len - hdrlen, rx->sta->addr,
+                                         hwaccel, rx->u.rx.queue,
+                                         &rx->u.rx.tkip_iv32,
+                                         &rx->u.rx.tkip_iv16);
+       if (res != TKIP_DECRYPT_OK || wpa_test) {
+               printk(KERN_DEBUG "%s: TKIP decrypt failed for RX frame from "
+                      MAC_FMT " (res=%d)\n",
+                      rx->dev->name, MAC_ARG(rx->sta->addr), res);
+               return TXRX_DROP;
+       }
+
+       /* Trim ICV */
+       skb_trim(skb, skb->len - TKIP_ICV_LEN);
+
+       /* Remove IV */
+       memmove(skb->data + TKIP_IV_LEN, skb->data, hdrlen);
+       skb_pull(skb, TKIP_IV_LEN);
+
+       return TXRX_CONTINUE;
+}
+
+
+static void ccmp_special_blocks(struct sk_buff *skb, u8 *pn, u8 *b_0, u8 *aad,
+                               int encrypted)
+{
+       u16 fc;
+       int a4_included, qos_included;
+       u8 qos_tid, *fc_pos, *data, *sa, *da;
+       int len_a;
+       size_t data_len;
+       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
+
+       fc_pos = (u8 *) &hdr->frame_control;
+       fc = fc_pos[0] ^ (fc_pos[1] << 8);
+       a4_included = (fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) ==
+               (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS);
+
+       ieee80211_get_hdr_info(skb, &sa, &da, &qos_tid, &data, &data_len);
+       data_len -= CCMP_HDR_LEN + (encrypted ? CCMP_MIC_LEN : 0);
+       if (qos_tid & 0x80) {
+               qos_included = 1;
+               qos_tid &= 0x0f;
+       } else
+               qos_included = 0;
+       /* First block, b_0 */
+
+       b_0[0] = 0x59; /* flags: Adata: 1, M: 011, L: 001 */
+       /* Nonce: QoS Priority | A2 | PN */
+       b_0[1] = qos_tid;
+       memcpy(&b_0[2], hdr->addr2, 6);
+       memcpy(&b_0[8], pn, CCMP_PN_LEN);
+       /* l(m) */
+       b_0[14] = (data_len >> 8) & 0xff;
+       b_0[15] = data_len & 0xff;
+
+
+       /* AAD (extra authenticate-only data) / masked 802.11 header
+        * FC | A1 | A2 | A3 | SC | [A4] | [QC] */
+
+       len_a = a4_included ? 28 : 22;
+       if (qos_included)
+               len_a += 2;
+
+       aad[0] = 0; /* (len_a >> 8) & 0xff; */
+       aad[1] = len_a & 0xff;
+       /* Mask FC: zero subtype b4 b5 b6 */
+       aad[2] = fc_pos[0] & ~(BIT(4) | BIT(5) | BIT(6));
+       /* Retry, PwrMgt, MoreData; set Protected */
+       aad[3] = (fc_pos[1] & ~(BIT(3) | BIT(4) | BIT(5))) | BIT(6);
+       memcpy(&aad[4], &hdr->addr1, 18);
+
+       /* Mask Seq#, leave Frag# */
+       aad[22] = *((u8 *) &hdr->seq_ctrl) & 0x0f;
+       aad[23] = 0;
+       if (a4_included) {
+               memcpy(&aad[24], hdr->addr4, 6);
+               aad[30] = 0;
+               aad[31] = 0;
+       } else
+               memset(&aad[24], 0, 8);
+       if (qos_included) {
+               u8 *dpos = &aad[a4_included ? 30 : 24];
+
+               /* Mask QoS Control field */
+               dpos[0] = qos_tid;
+               dpos[1] = 0;
+       }
+}
+
+
+static inline void ccmp_pn2hdr(u8 *hdr, u8 *pn, int key_id)
+{
+       hdr[0] = pn[5];
+       hdr[1] = pn[4];
+       hdr[2] = 0;
+       hdr[3] = 0x20 | (key_id << 6);
+       hdr[4] = pn[3];
+       hdr[5] = pn[2];
+       hdr[6] = pn[1];
+       hdr[7] = pn[0];
+}
+
+
+static inline int ccmp_hdr2pn(u8 *pn, u8 *hdr)
+{
+       pn[0] = hdr[7];
+       pn[1] = hdr[6];
+       pn[2] = hdr[5];
+       pn[3] = hdr[4];
+       pn[4] = hdr[1];
+       pn[5] = hdr[0];
+       return (hdr[3] >> 6) & 0x03;
+}
+
+
+static int ccmp_encrypt_skb(struct ieee80211_txrx_data *tx,
+                           struct sk_buff *skb, int test)
+{
+       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
+       struct ieee80211_key *key = tx->key;
+       int hdrlen, len, tailneed;
+       u16 fc;
+       u8 *pos, *pn, *b_0, *aad, *scratch;
+       int i;
+
+       scratch = key->u.ccmp.tx_crypto_buf;
+       b_0 = scratch + 3 * AES_BLOCK_LEN;
+       aad = scratch + 4 * AES_BLOCK_LEN;
+
+       fc = le16_to_cpu(hdr->frame_control);
+       hdrlen = ieee80211_get_hdrlen(fc);
+       len = skb->len - hdrlen;
+
+       if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)
+               tailneed = 0;
+       else
+               tailneed = CCMP_MIC_LEN;
+
+       if ((skb_headroom(skb) < CCMP_HDR_LEN ||
+            skb_tailroom(skb) < tailneed)) {
+               I802_DEBUG_INC(tx->local->tx_expand_skb_head);
+               if (unlikely(pskb_expand_head(skb, CCMP_HDR_LEN, tailneed,
+                                             GFP_ATOMIC)))
+                       return -1;
+       }
+
+       pos = skb_push(skb, CCMP_HDR_LEN);
+       memmove(pos, pos + CCMP_HDR_LEN, hdrlen);
+       hdr = (struct ieee80211_hdr *) pos;
+       pos += hdrlen;
+
+       /* PN = PN + 1 */
+       pn = key->u.ccmp.tx_pn;
+
+       for (i = CCMP_PN_LEN - 1; i >= 0; i--) {
+               pn[i]++;
+               if (pn[i])
+                       break;
+       }
+
+       ccmp_pn2hdr(pos, pn, key->conf.keyidx);
+
+       if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
+               /* hwaccel - with preallocated room for CCMP header */
+               tx->u.tx.control->key_idx = key->conf.hw_key_idx;
+               return 0;
+       }
+
+       pos += CCMP_HDR_LEN;
+       ccmp_special_blocks(skb, pn, b_0, aad, 0);
+       ieee80211_aes_ccm_encrypt(key->u.ccmp.tfm, scratch, b_0, aad, pos, len,
+                                 pos, skb_put(skb, CCMP_MIC_LEN));
+
+       return 0;
+}
+
+
+ieee80211_txrx_result
+ieee80211_crypto_ccmp_encrypt(struct ieee80211_txrx_data *tx)
+{
+       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) tx->skb->data;
+       u16 fc;
+       struct sk_buff *skb = tx->skb;
+       int test = 0;
+
+       fc = le16_to_cpu(hdr->frame_control);
+
+       if (!WLAN_FC_DATA_PRESENT(fc))
+               return TXRX_CONTINUE;
+
+       tx->u.tx.control->icv_len = CCMP_MIC_LEN;
+       tx->u.tx.control->iv_len = CCMP_HDR_LEN;
+       ieee80211_tx_set_iswep(tx);
+
+       if ((tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) &&
+           !(tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV)) {
+               /* hwaccel - with no need for preallocated room for CCMP "
+                * header or MIC fields */
+               tx->u.tx.control->key_idx = tx->key->conf.hw_key_idx;
+               return TXRX_CONTINUE;
+       }
+
+       if (ccmp_encrypt_skb(tx, skb, test) < 0)
+               return TXRX_DROP;
+
+       if (tx->u.tx.extra_frag) {
+               int i;
+               for (i = 0; i < tx->u.tx.num_extra_frag; i++) {
+                       if (ccmp_encrypt_skb(tx, tx->u.tx.extra_frag[i], test)
+                           < 0)
+                               return TXRX_DROP;
+               }
+       }
+
+       return TXRX_CONTINUE;
+}
+
+
+ieee80211_txrx_result
+ieee80211_crypto_ccmp_decrypt(struct ieee80211_txrx_data *rx)
+{
+       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
+       u16 fc;
+       int hdrlen;
+       struct ieee80211_key *key = rx->key;
+       struct sk_buff *skb = rx->skb;
+       u8 pn[CCMP_PN_LEN];
+       int data_len;
+
+       fc = le16_to_cpu(hdr->frame_control);
+       hdrlen = ieee80211_get_hdrlen(fc);
+
+       if ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA)
+               return TXRX_CONTINUE;
+
+       data_len = skb->len - hdrlen - CCMP_HDR_LEN - CCMP_MIC_LEN;
+       if (!rx->sta || data_len < 0)
+               return TXRX_DROP;
+
+       if ((rx->u.rx.status->flag & RX_FLAG_DECRYPTED) &&
+           (rx->u.rx.status->flag & RX_FLAG_IV_STRIPPED))
+               return TXRX_CONTINUE;
+
+       (void) ccmp_hdr2pn(pn, skb->data + hdrlen);
+
+       if (memcmp(pn, key->u.ccmp.rx_pn[rx->u.rx.queue], CCMP_PN_LEN) <= 0) {
+#ifdef CONFIG_MAC80211_DEBUG
+               u8 *ppn = key->u.ccmp.rx_pn[rx->u.rx.queue];
+               printk(KERN_DEBUG "%s: CCMP replay detected for RX frame from "
+                      MAC_FMT " (RX PN %02x%02x%02x%02x%02x%02x <= prev. PN "
+                      "%02x%02x%02x%02x%02x%02x)\n", rx->dev->name,
+                      MAC_ARG(rx->sta->addr),
+                      pn[0], pn[1], pn[2], pn[3], pn[4], pn[5],
+                      ppn[0], ppn[1], ppn[2], ppn[3], ppn[4], ppn[5]);
+#endif /* CONFIG_MAC80211_DEBUG */
+               key->u.ccmp.replays++;
+               return TXRX_DROP;
+       }
+
+       if (!(rx->u.rx.status->flag & RX_FLAG_DECRYPTED)) {
+               /* hardware didn't decrypt/verify MIC */
+               u8 *scratch, *b_0, *aad;
+
+               scratch = key->u.ccmp.rx_crypto_buf;
+               b_0 = scratch + 3 * AES_BLOCK_LEN;
+               aad = scratch + 4 * AES_BLOCK_LEN;
+
+               ccmp_special_blocks(skb, pn, b_0, aad, 1);
+
+               if (ieee80211_aes_ccm_decrypt(
+                           key->u.ccmp.tfm, scratch, b_0, aad,
+                           skb->data + hdrlen + CCMP_HDR_LEN, data_len,
+                           skb->data + skb->len - CCMP_MIC_LEN,
+                           skb->data + hdrlen + CCMP_HDR_LEN)) {
+                       printk(KERN_DEBUG "%s: CCMP decrypt failed for RX "
+                              "frame from " MAC_FMT "\n", rx->dev->name,
+                              MAC_ARG(rx->sta->addr));
+                       return TXRX_DROP;
+               }
+       }
+
+       memcpy(key->u.ccmp.rx_pn[rx->u.rx.queue], pn, CCMP_PN_LEN);
+
+       /* Remove CCMP header and MIC */
+       skb_trim(skb, skb->len - CCMP_MIC_LEN);
+       memmove(skb->data + CCMP_HDR_LEN, skb->data, hdrlen);
+       skb_pull(skb, CCMP_HDR_LEN);
+
+       return TXRX_CONTINUE;
+}
+
 
--- /dev/null
+/*
+ * Copyright 2002-2004, Instant802 Networks, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#ifndef WPA_H
+#define WPA_H
+
+#include <linux/skbuff.h>
+#include <linux/types.h>
+#include "ieee80211_i.h"
+
+ieee80211_txrx_result
+ieee80211_tx_h_michael_mic_add(struct ieee80211_txrx_data *tx);
+ieee80211_txrx_result
+ieee80211_rx_h_michael_mic_verify(struct ieee80211_txrx_data *rx);
+
+ieee80211_txrx_result
+ieee80211_crypto_tkip_encrypt(struct ieee80211_txrx_data *tx);
+ieee80211_txrx_result
+ieee80211_crypto_tkip_decrypt(struct ieee80211_txrx_data *rx);
+
+ieee80211_txrx_result
+ieee80211_crypto_ccmp_encrypt(struct ieee80211_txrx_data *tx);
+ieee80211_txrx_result
+ieee80211_crypto_ccmp_decrypt(struct ieee80211_txrx_data *rx);
+
+#endif /* WPA_H */
 
--- /dev/null
+config CFG80211
+        tristate "Improved wireless configuration API"
+
+config NL80211
+       bool "nl80211 new netlink interface support"
+       depends CFG80211
+       default y
+       ---help---
+         This option turns on the new netlink interface
+         (nl80211) support in cfg80211.
+
+         If =n, drivers using mac80211 will be configured via
+         wireless extension support provided by that subsystem.
+
+         If unsure, say Y.
+
+config WIRELESS_EXT
+       bool "Wireless extensions"
+       default n
+       ---help---
+         This option enables the legacy wireless extensions
+         (wireless network interface configuration via ioctls.)
+
+         Wireless extensions will be replaced by cfg80211 and
+         will be required only by legacy drivers that implement
+         wireless extension handlers. This option does not
+         affect the wireless-extension backward compatibility
+         code in cfg80211.
+
+         Say N (if you can) unless you know you need wireless
+         extensions for external modules.
 
--- /dev/null
+obj-$(CONFIG_CFG80211) += cfg80211.o
+
+cfg80211-y += core.o sysfs.o radiotap.o
+cfg80211-$(CONFIG_NL80211) += nl80211.o
 
--- /dev/null
+/*
+ * This is the linux wireless configuration interface.
+ *
+ * Copyright 2006, 2007                Johannes Berg <johannes@sipsolutions.net>
+ */
+
+#include <linux/if.h>
+#include <linux/module.h>
+#include <linux/err.h>
+#include <linux/mutex.h>
+#include <linux/list.h>
+#include <linux/nl80211.h>
+#include <linux/debugfs.h>
+#include <linux/notifier.h>
+#include <linux/device.h>
+#include <net/genetlink.h>
+#include <net/cfg80211.h>
+#include <net/wireless.h>
+#include "nl80211.h"
+#include "core.h"
+#include "sysfs.h"
+
+/* name for sysfs, %d is appended */
+#define PHY_NAME "phy"
+
+MODULE_AUTHOR("Johannes Berg");
+MODULE_LICENSE("GPL");
+MODULE_DESCRIPTION("wireless configuration support");
+
+/* RCU might be appropriate here since we usually
+ * only read the list, and that can happen quite
+ * often because we need to do it for each command */
+LIST_HEAD(cfg80211_drv_list);
+DEFINE_MUTEX(cfg80211_drv_mutex);
+static int wiphy_counter;
+
+/* for debugfs */
+static struct dentry *ieee80211_debugfs_dir;
+
+/* requires cfg80211_drv_mutex to be held! */
+static struct cfg80211_registered_device *cfg80211_drv_by_wiphy(int wiphy)
+{
+       struct cfg80211_registered_device *result = NULL, *drv;
+
+       list_for_each_entry(drv, &cfg80211_drv_list, list) {
+               if (drv->idx == wiphy) {
+                       result = drv;
+                       break;
+               }
+       }
+
+       return result;
+}
+
+/* requires cfg80211_drv_mutex to be held! */
+static struct cfg80211_registered_device *
+__cfg80211_drv_from_info(struct genl_info *info)
+{
+       int ifindex;
+       struct cfg80211_registered_device *bywiphy = NULL, *byifidx = NULL;
+       struct net_device *dev;
+       int err = -EINVAL;
+
+       if (info->attrs[NL80211_ATTR_WIPHY]) {
+               bywiphy = cfg80211_drv_by_wiphy(
+                               nla_get_u32(info->attrs[NL80211_ATTR_WIPHY]));
+               err = -ENODEV;
+       }
+
+       if (info->attrs[NL80211_ATTR_IFINDEX]) {
+               ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
+               dev = dev_get_by_index(ifindex);
+               if (dev) {
+                       if (dev->ieee80211_ptr)
+                               byifidx =
+                                       wiphy_to_dev(dev->ieee80211_ptr->wiphy);
+                       dev_put(dev);
+               }
+               err = -ENODEV;
+       }
+
+       if (bywiphy && byifidx) {
+               if (bywiphy != byifidx)
+                       return ERR_PTR(-EINVAL);
+               else
+                       return bywiphy; /* == byifidx */
+       }
+       if (bywiphy)
+               return bywiphy;
+
+       if (byifidx)
+               return byifidx;
+
+       return ERR_PTR(err);
+}
+
+struct cfg80211_registered_device *
+cfg80211_get_dev_from_info(struct genl_info *info)
+{
+       struct cfg80211_registered_device *drv;
+
+       mutex_lock(&cfg80211_drv_mutex);
+       drv = __cfg80211_drv_from_info(info);
+
+       /* if it is not an error we grab the lock on
+        * it to assure it won't be going away while
+        * we operate on it */
+       if (!IS_ERR(drv))
+               mutex_lock(&drv->mtx);
+
+       mutex_unlock(&cfg80211_drv_mutex);
+
+       return drv;
+}
+
+struct cfg80211_registered_device *
+cfg80211_get_dev_from_ifindex(int ifindex)
+{
+       struct cfg80211_registered_device *drv = ERR_PTR(-ENODEV);
+       struct net_device *dev;
+
+       mutex_lock(&cfg80211_drv_mutex);
+       dev = dev_get_by_index(ifindex);
+       if (!dev)
+               goto out;
+       if (dev->ieee80211_ptr) {
+               drv = wiphy_to_dev(dev->ieee80211_ptr->wiphy);
+               mutex_lock(&drv->mtx);
+       } else
+               drv = ERR_PTR(-ENODEV);
+       dev_put(dev);
+ out:
+       mutex_unlock(&cfg80211_drv_mutex);
+       return drv;
+}
+
+void cfg80211_put_dev(struct cfg80211_registered_device *drv)
+{
+       BUG_ON(IS_ERR(drv));
+       mutex_unlock(&drv->mtx);
+}
+
+int cfg80211_dev_rename(struct cfg80211_registered_device *rdev,
+                       char *newname)
+{
+       int idx, taken = -1, result, digits;
+
+       /* prohibit calling the thing phy%d when %d is not its number */
+       sscanf(newname, PHY_NAME "%d%n", &idx, &taken);
+       if (taken == strlen(newname) && idx != rdev->idx) {
+               /* count number of places needed to print idx */
+               digits = 1;
+               while (idx /= 10)
+                       digits++;
+               /*
+                * deny the name if it is phy<idx> where <idx> is printed
+                * without leading zeroes. taken == strlen(newname) here
+                */
+               if (taken == strlen(PHY_NAME) + digits)
+                       return -EINVAL;
+       }
+
+       /* this will check for collisions */
+       result = device_rename(&rdev->wiphy.dev, newname);
+       if (result)
+               return result;
+
+       if (!debugfs_rename(rdev->wiphy.debugfsdir->d_parent,
+                           rdev->wiphy.debugfsdir,
+                           rdev->wiphy.debugfsdir->d_parent,
+                           newname))
+               printk(KERN_ERR "cfg80211: failed to rename debugfs dir to %s!\n",
+                      newname);
+
+       nl80211_notify_dev_rename(rdev);
+
+       return 0;
+}
+
+/* exported functions */
+
+struct wiphy *wiphy_new(struct cfg80211_ops *ops, int sizeof_priv)
+{
+       struct cfg80211_registered_device *drv;
+       int alloc_size;
+
+       alloc_size = sizeof(*drv) + sizeof_priv;
+
+       drv = kzalloc(alloc_size, GFP_KERNEL);
+       if (!drv)
+               return NULL;
+
+       drv->ops = ops;
+
+       mutex_lock(&cfg80211_drv_mutex);
+
+       drv->idx = wiphy_counter;
+
+       /* now increase counter for the next device unless
+        * it has wrapped previously */
+       if (wiphy_counter >= 0)
+               wiphy_counter++;
+
+       mutex_unlock(&cfg80211_drv_mutex);
+
+       if (unlikely(drv->idx < 0)) {
+               /* ugh, wrapped! */
+               kfree(drv);
+               return NULL;
+       }
+
+       /* give it a proper name */
+       snprintf(drv->wiphy.dev.bus_id, BUS_ID_SIZE,
+                PHY_NAME "%d", drv->idx);
+
+       mutex_init(&drv->mtx);
+       mutex_init(&drv->devlist_mtx);
+       INIT_LIST_HEAD(&drv->netdev_list);
+
+       device_initialize(&drv->wiphy.dev);
+       drv->wiphy.dev.class = &ieee80211_class;
+       drv->wiphy.dev.platform_data = drv;
+
+       return &drv->wiphy;
+}
+EXPORT_SYMBOL(wiphy_new);
+
+int wiphy_register(struct wiphy *wiphy)
+{
+       struct cfg80211_registered_device *drv = wiphy_to_dev(wiphy);
+       int res;
+
+       mutex_lock(&cfg80211_drv_mutex);
+
+       res = device_add(&drv->wiphy.dev);
+       if (res)
+               goto out_unlock;
+
+       list_add(&drv->list, &cfg80211_drv_list);
+
+       /* add to debugfs */
+       drv->wiphy.debugfsdir =
+               debugfs_create_dir(wiphy_name(&drv->wiphy),
+                                  ieee80211_debugfs_dir);
+
+       res = 0;
+out_unlock:
+       mutex_unlock(&cfg80211_drv_mutex);
+       return res;
+}
+EXPORT_SYMBOL(wiphy_register);
+
+void wiphy_unregister(struct wiphy *wiphy)
+{
+       struct cfg80211_registered_device *drv = wiphy_to_dev(wiphy);
+
+       /* protect the device list */
+       mutex_lock(&cfg80211_drv_mutex);
+
+       BUG_ON(!list_empty(&drv->netdev_list));
+
+       /*
+        * Try to grab drv->mtx. If a command is still in progress,
+        * hopefully the driver will refuse it since it's tearing
+        * down the device already. We wait for this command to complete
+        * before unlinking the item from the list.
+        * Note: as codified by the BUG_ON above we cannot get here if
+        * a virtual interface is still associated. Hence, we can only
+        * get to lock contention here if userspace issues a command
+        * that identified the hardware by wiphy index.
+        */
+       mutex_lock(&drv->mtx);
+       /* unlock again before freeing */
+       mutex_unlock(&drv->mtx);
+
+       list_del(&drv->list);
+       device_del(&drv->wiphy.dev);
+       debugfs_remove(drv->wiphy.debugfsdir);
+
+       mutex_unlock(&cfg80211_drv_mutex);
+}
+EXPORT_SYMBOL(wiphy_unregister);
+
+void cfg80211_dev_free(struct cfg80211_registered_device *drv)
+{
+       mutex_destroy(&drv->mtx);
+       mutex_destroy(&drv->devlist_mtx);
+       kfree(drv);
+}
+
+void wiphy_free(struct wiphy *wiphy)
+{
+       put_device(&wiphy->dev);
+}
+EXPORT_SYMBOL(wiphy_free);
+
+static int cfg80211_netdev_notifier_call(struct notifier_block * nb,
+                                        unsigned long state,
+                                        void *ndev)
+{
+       struct net_device *dev = ndev;
+       struct cfg80211_registered_device *rdev;
+
+       if (!dev->ieee80211_ptr)
+               return 0;
+
+       rdev = wiphy_to_dev(dev->ieee80211_ptr->wiphy);
+
+       switch (state) {
+       case NETDEV_REGISTER:
+               mutex_lock(&rdev->devlist_mtx);
+               list_add(&dev->ieee80211_ptr->list, &rdev->netdev_list);
+               if (sysfs_create_link(&dev->dev.kobj, &rdev->wiphy.dev.kobj,
+                                     "phy80211")) {
+                       printk(KERN_ERR "wireless: failed to add phy80211 "
+                               "symlink to netdev!\n");
+               }
+               dev->ieee80211_ptr->netdev = dev;
+               mutex_unlock(&rdev->devlist_mtx);
+               break;
+       case NETDEV_UNREGISTER:
+               mutex_lock(&rdev->devlist_mtx);
+               if (!list_empty(&dev->ieee80211_ptr->list)) {
+                       sysfs_remove_link(&dev->dev.kobj, "phy80211");
+                       list_del_init(&dev->ieee80211_ptr->list);
+               }
+               mutex_unlock(&rdev->devlist_mtx);
+               break;
+       }
+
+       return 0;
+}
+
+static struct notifier_block cfg80211_netdev_notifier = {
+       .notifier_call = cfg80211_netdev_notifier_call,
+};
+
+static int cfg80211_init(void)
+{
+       int err = wiphy_sysfs_init();
+       if (err)
+               goto out_fail_sysfs;
+
+       err = register_netdevice_notifier(&cfg80211_netdev_notifier);
+       if (err)
+               goto out_fail_notifier;
+
+       err = nl80211_init();
+       if (err)
+               goto out_fail_nl80211;
+
+       ieee80211_debugfs_dir = debugfs_create_dir("ieee80211", NULL);
+
+       return 0;
+
+out_fail_nl80211:
+       unregister_netdevice_notifier(&cfg80211_netdev_notifier);
+out_fail_notifier:
+       wiphy_sysfs_exit();
+out_fail_sysfs:
+       return err;
+}
+subsys_initcall(cfg80211_init);
+
+static void cfg80211_exit(void)
+{
+       debugfs_remove(ieee80211_debugfs_dir);
+       nl80211_exit();
+       unregister_netdevice_notifier(&cfg80211_netdev_notifier);
+       wiphy_sysfs_exit();
+}
+module_exit(cfg80211_exit);
 
--- /dev/null
+/*
+ * Wireless configuration interface internals.
+ *
+ * Copyright 2006, 2007 Johannes Berg <johannes@sipsolutions.net>
+ */
+#ifndef __NET_WIRELESS_CORE_H
+#define __NET_WIRELESS_CORE_H
+#include <linux/mutex.h>
+#include <linux/list.h>
+#include <linux/netdevice.h>
+#include <net/genetlink.h>
+#include <net/wireless.h>
+#include <net/cfg80211.h>
+
+struct cfg80211_registered_device {
+       struct cfg80211_ops *ops;
+       struct list_head list;
+       /* we hold this mutex during any call so that
+        * we cannot do multiple calls at once, and also
+        * to avoid the deregister call to proceed while
+        * any call is in progress */
+       struct mutex mtx;
+
+       /* wiphy index, internal only */
+       int idx;
+
+       /* associate netdev list */
+       struct mutex devlist_mtx;
+       struct list_head netdev_list;
+
+       /* must be last because of the way we do wiphy_priv(),
+        * and it should at least be aligned to NETDEV_ALIGN */
+       struct wiphy wiphy __attribute__((__aligned__(NETDEV_ALIGN)));
+};
+
+static inline
+struct cfg80211_registered_device *wiphy_to_dev(struct wiphy *wiphy)
+{
+       BUG_ON(!wiphy);
+       return container_of(wiphy, struct cfg80211_registered_device, wiphy);
+}
+
+extern struct mutex cfg80211_drv_mutex;
+extern struct list_head cfg80211_drv_list;
+
+/*
+ * This function returns a pointer to the driver
+ * that the genl_info item that is passed refers to.
+ * If successful, it returns non-NULL and also locks
+ * the driver's mutex!
+ *
+ * This means that you need to call cfg80211_put_dev()
+ * before being allowed to acquire &cfg80211_drv_mutex!
+ *
+ * This is necessary because we need to lock the global
+ * mutex to get an item off the list safely, and then
+ * we lock the drv mutex so it doesn't go away under us.
+ *
+ * We don't want to keep cfg80211_drv_mutex locked
+ * for all the time in order to allow requests on
+ * other interfaces to go through at the same time.
+ *
+ * The result of this can be a PTR_ERR and hence must
+ * be checked with IS_ERR() for errors.
+ */
+extern struct cfg80211_registered_device *
+cfg80211_get_dev_from_info(struct genl_info *info);
+
+/* identical to cfg80211_get_dev_from_info but only operate on ifindex */
+extern struct cfg80211_registered_device *
+cfg80211_get_dev_from_ifindex(int ifindex);
+
+extern void cfg80211_put_dev(struct cfg80211_registered_device *drv);
+
+/* free object */
+extern void cfg80211_dev_free(struct cfg80211_registered_device *drv);
+
+extern int cfg80211_dev_rename(struct cfg80211_registered_device *drv,
+                              char *newname);
+
+#endif /* __NET_WIRELESS_CORE_H */
 
--- /dev/null
+/*
+ * This is the new netlink-based wireless configuration interface.
+ *
+ * Copyright 2006, 2007        Johannes Berg <johannes@sipsolutions.net>
+ */
+
+#include <linux/if.h>
+#include <linux/module.h>
+#include <linux/err.h>
+#include <linux/mutex.h>
+#include <linux/list.h>
+#include <linux/if_ether.h>
+#include <linux/ieee80211.h>
+#include <linux/nl80211.h>
+#include <linux/rtnetlink.h>
+#include <linux/netlink.h>
+#include <net/genetlink.h>
+#include <net/cfg80211.h>
+#include "core.h"
+#include "nl80211.h"
+
+/* the netlink family */
+static struct genl_family nl80211_fam = {
+       .id = GENL_ID_GENERATE, /* don't bother with a hardcoded ID */
+       .name = "nl80211",      /* have users key off the name instead */
+       .hdrsize = 0,           /* no private header */
+       .version = 1,           /* no particular meaning now */
+       .maxattr = NL80211_ATTR_MAX,
+};
+
+/* internal helper: get drv and dev */
+static int get_drv_dev_by_info_ifindex(struct genl_info *info,
+                                      struct cfg80211_registered_device **drv,
+                                      struct net_device **dev)
+{
+       int ifindex;
+
+       if (!info->attrs[NL80211_ATTR_IFINDEX])
+               return -EINVAL;
+
+       ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
+       *dev = dev_get_by_index(ifindex);
+       if (!*dev)
+               return -ENODEV;
+
+       *drv = cfg80211_get_dev_from_ifindex(ifindex);
+       if (IS_ERR(*drv)) {
+               dev_put(*dev);
+               return PTR_ERR(*drv);
+       }
+
+       return 0;
+}
+
+/* policy for the attributes */
+static struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] __read_mostly = {
+       [NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
+       [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
+                                     .len = BUS_ID_SIZE-1 },
+
+       [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
+       [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
+       [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
+};
+
+/* message building helper */
+static inline void *nl80211hdr_put(struct sk_buff *skb, u32 pid, u32 seq,
+                                  int flags, u8 cmd)
+{
+       /* since there is no private header just add the generic one */
+       return genlmsg_put(skb, pid, seq, &nl80211_fam, flags, cmd);
+}
+
+/* netlink command implementations */
+
+static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags,
+                             struct cfg80211_registered_device *dev)
+{
+       void *hdr;
+
+       hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_WIPHY);
+       if (!hdr)
+               return -1;
+
+       NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, dev->idx);
+       NLA_PUT_STRING(msg, NL80211_ATTR_WIPHY_NAME, wiphy_name(&dev->wiphy));
+       return genlmsg_end(msg, hdr);
+
+ nla_put_failure:
+       return genlmsg_cancel(msg, hdr);
+}
+
+static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
+{
+       int idx = 0;
+       int start = cb->args[0];
+       struct cfg80211_registered_device *dev;
+
+       mutex_lock(&cfg80211_drv_mutex);
+       list_for_each_entry(dev, &cfg80211_drv_list, list) {
+               if (++idx < start)
+                       continue;
+               if (nl80211_send_wiphy(skb, NETLINK_CB(cb->skb).pid,
+                                      cb->nlh->nlmsg_seq, NLM_F_MULTI,
+                                      dev) < 0)
+                       break;
+       }
+       mutex_unlock(&cfg80211_drv_mutex);
+
+       cb->args[0] = idx;
+
+       return skb->len;
+}
+
+static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
+{
+       struct sk_buff *msg;
+       struct cfg80211_registered_device *dev;
+
+       dev = cfg80211_get_dev_from_info(info);
+       if (IS_ERR(dev))
+               return PTR_ERR(dev);
+
+       msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
+       if (!msg)
+               goto out_err;
+
+       if (nl80211_send_wiphy(msg, info->snd_pid, info->snd_seq, 0, dev) < 0)
+               goto out_free;
+
+       cfg80211_put_dev(dev);
+
+       return genlmsg_unicast(msg, info->snd_pid);
+
+ out_free:
+       nlmsg_free(msg);
+ out_err:
+       cfg80211_put_dev(dev);
+       return -ENOBUFS;
+}
+
+static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
+{
+       struct cfg80211_registered_device *rdev;
+       int result;
+
+       if (!info->attrs[NL80211_ATTR_WIPHY_NAME])
+               return -EINVAL;
+
+       rdev = cfg80211_get_dev_from_info(info);
+       if (IS_ERR(rdev))
+               return PTR_ERR(rdev);
+
+       result = cfg80211_dev_rename(rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
+
+       cfg80211_put_dev(rdev);
+       return result;
+}
+
+
+static int nl80211_send_iface(struct sk_buff *msg, u32 pid, u32 seq, int flags,
+                             struct net_device *dev)
+{
+       void *hdr;
+
+       hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_INTERFACE);
+       if (!hdr)
+               return -1;
+
+       NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
+       NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, dev->name);
+       /* TODO: interface type */
+       return genlmsg_end(msg, hdr);
+
+ nla_put_failure:
+       return genlmsg_cancel(msg, hdr);
+}
+
+static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
+{
+       int wp_idx = 0;
+       int if_idx = 0;
+       int wp_start = cb->args[0];
+       int if_start = cb->args[1];
+       struct cfg80211_registered_device *dev;
+       struct wireless_dev *wdev;
+
+       mutex_lock(&cfg80211_drv_mutex);
+       list_for_each_entry(dev, &cfg80211_drv_list, list) {
+               if (++wp_idx < wp_start)
+                       continue;
+               if_idx = 0;
+
+               mutex_lock(&dev->devlist_mtx);
+               list_for_each_entry(wdev, &dev->netdev_list, list) {
+                       if (++if_idx < if_start)
+                               continue;
+                       if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).pid,
+                                              cb->nlh->nlmsg_seq, NLM_F_MULTI,
+                                              wdev->netdev) < 0)
+                               break;
+               }
+               mutex_unlock(&dev->devlist_mtx);
+       }
+       mutex_unlock(&cfg80211_drv_mutex);
+
+       cb->args[0] = wp_idx;
+       cb->args[1] = if_idx;
+
+       return skb->len;
+}
+
+static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
+{
+       struct sk_buff *msg;
+       struct cfg80211_registered_device *dev;
+       struct net_device *netdev;
+       int err;
+
+       err = get_drv_dev_by_info_ifindex(info, &dev, &netdev);
+       if (err)
+               return err;
+
+       msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
+       if (!msg)
+               goto out_err;
+
+       if (nl80211_send_iface(msg, info->snd_pid, info->snd_seq, 0, netdev) < 0)
+               goto out_free;
+
+       dev_put(netdev);
+       cfg80211_put_dev(dev);
+
+       return genlmsg_unicast(msg, info->snd_pid);
+
+ out_free:
+       nlmsg_free(msg);
+ out_err:
+       dev_put(netdev);
+       cfg80211_put_dev(dev);
+       return -ENOBUFS;
+}
+
+static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
+{
+       struct cfg80211_registered_device *drv;
+       int err, ifindex;
+       enum nl80211_iftype type;
+       struct net_device *dev;
+
+       if (info->attrs[NL80211_ATTR_IFTYPE]) {
+               type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
+               if (type > NL80211_IFTYPE_MAX)
+                       return -EINVAL;
+       } else
+               return -EINVAL;
+
+       err = get_drv_dev_by_info_ifindex(info, &drv, &dev);
+       if (err)
+               return err;
+       ifindex = dev->ifindex;
+       dev_put(dev);
+
+       if (!drv->ops->change_virtual_intf) {
+               err = -EOPNOTSUPP;
+               goto unlock;
+       }
+
+       rtnl_lock();
+       err = drv->ops->change_virtual_intf(&drv->wiphy, ifindex, type);
+       rtnl_unlock();
+
+ unlock:
+       cfg80211_put_dev(drv);
+       return err;
+}
+
+static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
+{
+       struct cfg80211_registered_device *drv;
+       int err;
+       enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
+
+       if (!info->attrs[NL80211_ATTR_IFNAME])
+               return -EINVAL;
+
+       if (info->attrs[NL80211_ATTR_IFTYPE]) {
+               type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
+               if (type > NL80211_IFTYPE_MAX)
+                       return -EINVAL;
+       }
+
+       drv = cfg80211_get_dev_from_info(info);
+       if (IS_ERR(drv))
+               return PTR_ERR(drv);
+
+       if (!drv->ops->add_virtual_intf) {
+               err = -EOPNOTSUPP;
+               goto unlock;
+       }
+
+       rtnl_lock();
+       err = drv->ops->add_virtual_intf(&drv->wiphy,
+               nla_data(info->attrs[NL80211_ATTR_IFNAME]), type);
+       rtnl_unlock();
+
+ unlock:
+       cfg80211_put_dev(drv);
+       return err;
+}
+
+static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
+{
+       struct cfg80211_registered_device *drv;
+       int ifindex, err;
+       struct net_device *dev;
+
+       err = get_drv_dev_by_info_ifindex(info, &drv, &dev);
+       if (err)
+               return err;
+       ifindex = dev->ifindex;
+       dev_put(dev);
+
+       if (!drv->ops->del_virtual_intf) {
+               err = -EOPNOTSUPP;
+               goto out;
+       }
+
+       rtnl_lock();
+       err = drv->ops->del_virtual_intf(&drv->wiphy, ifindex);
+       rtnl_unlock();
+
+ out:
+       cfg80211_put_dev(drv);
+       return err;
+}
+
+static struct genl_ops nl80211_ops[] = {
+       {
+               .cmd = NL80211_CMD_GET_WIPHY,
+               .doit = nl80211_get_wiphy,
+               .dumpit = nl80211_dump_wiphy,
+               .policy = nl80211_policy,
+               /* can be retrieved by unprivileged users */
+       },
+       {
+               .cmd = NL80211_CMD_SET_WIPHY,
+               .doit = nl80211_set_wiphy,
+               .policy = nl80211_policy,
+               .flags = GENL_ADMIN_PERM,
+       },
+       {
+               .cmd = NL80211_CMD_GET_INTERFACE,
+               .doit = nl80211_get_interface,
+               .dumpit = nl80211_dump_interface,
+               .policy = nl80211_policy,
+               /* can be retrieved by unprivileged users */
+       },
+       {
+               .cmd = NL80211_CMD_SET_INTERFACE,
+               .doit = nl80211_set_interface,
+               .policy = nl80211_policy,
+               .flags = GENL_ADMIN_PERM,
+       },
+       {
+               .cmd = NL80211_CMD_NEW_INTERFACE,
+               .doit = nl80211_new_interface,
+               .policy = nl80211_policy,
+               .flags = GENL_ADMIN_PERM,
+       },
+       {
+               .cmd = NL80211_CMD_DEL_INTERFACE,
+               .doit = nl80211_del_interface,
+               .policy = nl80211_policy,
+               .flags = GENL_ADMIN_PERM,
+       },
+};
+
+/* multicast groups */
+static struct genl_multicast_group nl80211_config_mcgrp = {
+       .name = "config",
+};
+
+/* notification functions */
+
+void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev)
+{
+       struct sk_buff *msg;
+
+       msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
+       if (!msg)
+               return;
+
+       if (nl80211_send_wiphy(msg, 0, 0, 0, rdev) < 0) {
+               nlmsg_free(msg);
+               return;
+       }
+
+       genlmsg_multicast(msg, 0, nl80211_config_mcgrp.id, GFP_KERNEL);
+}
+
+/* initialisation/exit functions */
+
+int nl80211_init(void)
+{
+       int err, i;
+
+       err = genl_register_family(&nl80211_fam);
+       if (err)
+               return err;
+
+       for (i = 0; i < ARRAY_SIZE(nl80211_ops); i++) {
+               err = genl_register_ops(&nl80211_fam, &nl80211_ops[i]);
+               if (err)
+                       goto err_out;
+       }
+
+       err = genl_register_mc_group(&nl80211_fam, &nl80211_config_mcgrp);
+       if (err)
+               goto err_out;
+
+       return 0;
+ err_out:
+       genl_unregister_family(&nl80211_fam);
+       return err;
+}
+
+void nl80211_exit(void)
+{
+       genl_unregister_family(&nl80211_fam);
+}
 
--- /dev/null
+#ifndef __NET_WIRELESS_NL80211_H
+#define __NET_WIRELESS_NL80211_H
+
+#include "core.h"
+
+#ifdef CONFIG_NL80211
+extern int nl80211_init(void);
+extern void nl80211_exit(void);
+extern void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev);
+#else
+static inline int nl80211_init(void)
+{
+       return 0;
+}
+static inline void nl80211_exit(void)
+{
+}
+static inline void nl80211_notify_dev_rename(
+       struct cfg80211_registered_device *rdev)
+{
+}
+#endif /* CONFIG_NL80211 */
+
+#endif /* __NET_WIRELESS_NL80211_H */
 
--- /dev/null
+/*
+ * Radiotap parser
+ *
+ * Copyright 2007              Andy Green <andy@warmcat.com>
+ */
+
+#include <net/cfg80211.h>
+#include <net/ieee80211_radiotap.h>
+#include <asm/unaligned.h>
+
+/* function prototypes and related defs are in include/net/cfg80211.h */
+
+/**
+ * ieee80211_radiotap_iterator_init - radiotap parser iterator initialization
+ * @iterator: radiotap_iterator to initialize
+ * @radiotap_header: radiotap header to parse
+ * @max_length: total length we can parse into (eg, whole packet length)
+ *
+ * Returns: 0 or a negative error code if there is a problem.
+ *
+ * This function initializes an opaque iterator struct which can then
+ * be passed to ieee80211_radiotap_iterator_next() to visit every radiotap
+ * argument which is present in the header.  It knows about extended
+ * present headers and handles them.
+ *
+ * How to use:
+ * call __ieee80211_radiotap_iterator_init() to init a semi-opaque iterator
+ * struct ieee80211_radiotap_iterator (no need to init the struct beforehand)
+ * checking for a good 0 return code.  Then loop calling
+ * __ieee80211_radiotap_iterator_next()... it returns either 0,
+ * -ENOENT if there are no more args to parse, or -EINVAL if there is a problem.
+ * The iterator's @this_arg member points to the start of the argument
+ * associated with the current argument index that is present, which can be
+ * found in the iterator's @this_arg_index member.  This arg index corresponds
+ * to the IEEE80211_RADIOTAP_... defines.
+ *
+ * Radiotap header length:
+ * You can find the CPU-endian total radiotap header length in
+ * iterator->max_length after executing ieee80211_radiotap_iterator_init()
+ * successfully.
+ *
+ * Alignment Gotcha:
+ * You must take care when dereferencing iterator.this_arg
+ * for multibyte types... the pointer is not aligned.  Use
+ * get_unaligned((type *)iterator.this_arg) to dereference
+ * iterator.this_arg for type "type" safely on all arches.
+ *
+ * Example code:
+ * See Documentation/networking/radiotap-headers.txt
+ */
+
+int ieee80211_radiotap_iterator_init(
+    struct ieee80211_radiotap_iterator *iterator,
+    struct ieee80211_radiotap_header *radiotap_header,
+    int max_length)
+{
+       /* Linux only supports version 0 radiotap format */
+       if (radiotap_header->it_version)
+               return -EINVAL;
+
+       /* sanity check for allowed length and radiotap length field */
+       if (max_length < le16_to_cpu(get_unaligned(&radiotap_header->it_len)))
+               return -EINVAL;
+
+       iterator->rtheader = radiotap_header;
+       iterator->max_length = le16_to_cpu(get_unaligned(
+                                               &radiotap_header->it_len));
+       iterator->arg_index = 0;
+       iterator->bitmap_shifter = le32_to_cpu(get_unaligned(
+                                               &radiotap_header->it_present));
+       iterator->arg = (u8 *)radiotap_header + sizeof(*radiotap_header);
+       iterator->this_arg = NULL;
+
+       /* find payload start allowing for extended bitmap(s) */
+
+       if (unlikely(iterator->bitmap_shifter & (1<<IEEE80211_RADIOTAP_EXT))) {
+               while (le32_to_cpu(get_unaligned((__le32 *)iterator->arg)) &
+                                  (1<<IEEE80211_RADIOTAP_EXT)) {
+                       iterator->arg += sizeof(u32);
+
+                       /*
+                        * check for insanity where the present bitmaps
+                        * keep claiming to extend up to or even beyond the
+                        * stated radiotap header length
+                        */
+
+                       if (((ulong)iterator->arg -
+                            (ulong)iterator->rtheader) > iterator->max_length)
+                               return -EINVAL;
+               }
+
+               iterator->arg += sizeof(u32);
+
+               /*
+                * no need to check again for blowing past stated radiotap
+                * header length, because ieee80211_radiotap_iterator_next
+                * checks it before it is dereferenced
+                */
+       }
+
+       /* we are all initialized happily */
+
+       return 0;
+}
+EXPORT_SYMBOL(ieee80211_radiotap_iterator_init);
+
+
+/**
+ * ieee80211_radiotap_iterator_next - return next radiotap parser iterator arg
+ * @iterator: radiotap_iterator to move to next arg (if any)
+ *
+ * Returns: 0 if there is an argument to handle,
+ * -ENOENT if there are no more args or -EINVAL
+ * if there is something else wrong.
+ *
+ * This function provides the next radiotap arg index (IEEE80211_RADIOTAP_*)
+ * in @this_arg_index and sets @this_arg to point to the
+ * payload for the field.  It takes care of alignment handling and extended
+ * present fields.  @this_arg can be changed by the caller (eg,
+ * incremented to move inside a compound argument like
+ * IEEE80211_RADIOTAP_CHANNEL).  The args pointed to are in
+ * little-endian format whatever the endianess of your CPU.
+ *
+ * Alignment Gotcha:
+ * You must take care when dereferencing iterator.this_arg
+ * for multibyte types... the pointer is not aligned.  Use
+ * get_unaligned((type *)iterator.this_arg) to dereference
+ * iterator.this_arg for type "type" safely on all arches.
+ */
+
+int ieee80211_radiotap_iterator_next(
+    struct ieee80211_radiotap_iterator *iterator)
+{
+
+       /*
+        * small length lookup table for all radiotap types we heard of
+        * starting from b0 in the bitmap, so we can walk the payload
+        * area of the radiotap header
+        *
+        * There is a requirement to pad args, so that args
+        * of a given length must begin at a boundary of that length
+        * -- but note that compound args are allowed (eg, 2 x u16
+        * for IEEE80211_RADIOTAP_CHANNEL) so total arg length is not
+        * a reliable indicator of alignment requirement.
+        *
+        * upper nybble: content alignment for arg
+        * lower nybble: content length for arg
+        */
+
+       static const u8 rt_sizes[] = {
+               [IEEE80211_RADIOTAP_TSFT] = 0x88,
+               [IEEE80211_RADIOTAP_FLAGS] = 0x11,
+               [IEEE80211_RADIOTAP_RATE] = 0x11,
+               [IEEE80211_RADIOTAP_CHANNEL] = 0x24,
+               [IEEE80211_RADIOTAP_FHSS] = 0x22,
+               [IEEE80211_RADIOTAP_DBM_ANTSIGNAL] = 0x11,
+               [IEEE80211_RADIOTAP_DBM_ANTNOISE] = 0x11,
+               [IEEE80211_RADIOTAP_LOCK_QUALITY] = 0x22,
+               [IEEE80211_RADIOTAP_TX_ATTENUATION] = 0x22,
+               [IEEE80211_RADIOTAP_DB_TX_ATTENUATION] = 0x22,
+               [IEEE80211_RADIOTAP_DBM_TX_POWER] = 0x11,
+               [IEEE80211_RADIOTAP_ANTENNA] = 0x11,
+               [IEEE80211_RADIOTAP_DB_ANTSIGNAL] = 0x11,
+               [IEEE80211_RADIOTAP_DB_ANTNOISE] = 0x11,
+               [IEEE80211_RADIOTAP_RX_FLAGS] = 0x22,
+               [IEEE80211_RADIOTAP_TX_FLAGS] = 0x22,
+               [IEEE80211_RADIOTAP_RTS_RETRIES] = 0x11,
+               [IEEE80211_RADIOTAP_DATA_RETRIES] = 0x11,
+               /*
+                * add more here as they are defined in
+                * include/net/ieee80211_radiotap.h
+                */
+       };
+
+       /*
+        * for every radiotap entry we can at
+        * least skip (by knowing the length)...
+        */
+
+       while (iterator->arg_index < sizeof(rt_sizes)) {
+               int hit = 0;
+               int pad;
+
+               if (!(iterator->bitmap_shifter & 1))
+                       goto next_entry; /* arg not present */
+
+               /*
+                * arg is present, account for alignment padding
+                *  8-bit args can be at any alignment
+                * 16-bit args must start on 16-bit boundary
+                * 32-bit args must start on 32-bit boundary
+                * 64-bit args must start on 64-bit boundary
+                *
+                * note that total arg size can differ from alignment of
+                * elements inside arg, so we use upper nybble of length
+                * table to base alignment on
+                *
+                * also note: these alignments are ** relative to the
+                * start of the radiotap header **.  There is no guarantee
+                * that the radiotap header itself is aligned on any
+                * kind of boundary.
+                *
+                * the above is why get_unaligned() is used to dereference
+                * multibyte elements from the radiotap area
+                */
+
+               pad = (((ulong)iterator->arg) -
+                       ((ulong)iterator->rtheader)) &
+                       ((rt_sizes[iterator->arg_index] >> 4) - 1);
+
+               if (pad)
+                       iterator->arg +=
+                               (rt_sizes[iterator->arg_index] >> 4) - pad;
+
+               /*
+                * this is what we will return to user, but we need to
+                * move on first so next call has something fresh to test
+                */
+               iterator->this_arg_index = iterator->arg_index;
+               iterator->this_arg = iterator->arg;
+               hit = 1;
+
+               /* internally move on the size of this arg */
+               iterator->arg += rt_sizes[iterator->arg_index] & 0x0f;
+
+               /*
+                * check for insanity where we are given a bitmap that
+                * claims to have more arg content than the length of the
+                * radiotap section.  We will normally end up equalling this
+                * max_length on the last arg, never exceeding it.
+                */
+
+               if (((ulong)iterator->arg - (ulong)iterator->rtheader) >
+                   iterator->max_length)
+                       return -EINVAL;
+
+       next_entry:
+               iterator->arg_index++;
+               if (unlikely((iterator->arg_index & 31) == 0)) {
+                       /* completed current u32 bitmap */
+                       if (iterator->bitmap_shifter & 1) {
+                               /* b31 was set, there is more */
+                               /* move to next u32 bitmap */
+                               iterator->bitmap_shifter = le32_to_cpu(
+                                       get_unaligned(iterator->next_bitmap));
+                               iterator->next_bitmap++;
+                       } else
+                               /* no more bitmaps: end */
+                               iterator->arg_index = sizeof(rt_sizes);
+               } else /* just try the next bit */
+                       iterator->bitmap_shifter >>= 1;
+
+               /* if we found a valid arg earlier, return it now */
+               if (hit)
+                       return 0;
+       }
+
+       /* we don't know how to handle any more args, we're done */
+       return -ENOENT;
+}
+EXPORT_SYMBOL(ieee80211_radiotap_iterator_next);
 
--- /dev/null
+/*
+ * This file provides /sys/class/ieee80211/<wiphy name>/
+ * and some default attributes.
+ *
+ * Copyright 2005-2006 Jiri Benc <jbenc@suse.cz>
+ * Copyright 2006      Johannes Berg <johannes@sipsolutions.net>
+ *
+ * This file is GPLv2 as found in COPYING.
+ */
+
+#include <linux/device.h>
+#include <linux/module.h>
+#include <linux/netdevice.h>
+#include <linux/nl80211.h>
+#include <linux/rtnetlink.h>
+#include <net/cfg80211.h>
+#include "sysfs.h"
+#include "core.h"
+
+static inline struct cfg80211_registered_device *dev_to_rdev(
+       struct device *dev)
+{
+       return container_of(dev, struct cfg80211_registered_device, wiphy.dev);
+}
+
+static ssize_t _show_index(struct device *dev, struct device_attribute *attr,
+                          char *buf)
+{
+       return sprintf(buf, "%d\n", dev_to_rdev(dev)->idx);
+}
+
+static ssize_t _show_permaddr(struct device *dev,
+                             struct device_attribute *attr,
+                             char *buf)
+{
+       unsigned char *addr = dev_to_rdev(dev)->wiphy.perm_addr;
+
+       return sprintf(buf, "%.2x:%.2x:%.2x:%.2x:%.2x:%.2x\n",
+                      addr[0], addr[1], addr[2], addr[3], addr[4], addr[5]);
+}
+
+static struct device_attribute ieee80211_dev_attrs[] = {
+       __ATTR(index, S_IRUGO, _show_index, NULL),
+       __ATTR(macaddress, S_IRUGO, _show_permaddr, NULL),
+       {}
+};
+
+static void wiphy_dev_release(struct device *dev)
+{
+       struct cfg80211_registered_device *rdev = dev_to_rdev(dev);
+
+       cfg80211_dev_free(rdev);
+}
+
+#ifdef CONFIG_HOTPLUG
+static int wiphy_uevent(struct device *dev, char **envp,
+                       int num_envp, char *buf, int size)
+{
+       /* TODO, we probably need stuff here */
+       return 0;
+}
+#endif
+
+struct class ieee80211_class = {
+       .name = "ieee80211",
+       .owner = THIS_MODULE,
+       .dev_release = wiphy_dev_release,
+       .dev_attrs = ieee80211_dev_attrs,
+#ifdef CONFIG_HOTPLUG
+       .dev_uevent = wiphy_uevent,
+#endif
+};
+
+int wiphy_sysfs_init(void)
+{
+       return class_register(&ieee80211_class);
+}
+
+void wiphy_sysfs_exit(void)
+{
+       class_unregister(&ieee80211_class);
+}
 
--- /dev/null
+#ifndef __WIRELESS_SYSFS_H
+#define __WIRELESS_SYSFS_H
+
+extern int wiphy_sysfs_init(void);
+extern void wiphy_sysfs_exit(void);
+
+extern struct class ieee80211_class;
+
+#endif /* __WIRELESS_SYSFS_H */
 
+++ /dev/null
-config CFG80211
-        tristate "Improved wireless configuration API"
-
-config NL80211
-       bool "nl80211 new netlink interface support"
-       depends CFG80211
-       default y
-       ---help---
-         This option turns on the new netlink interface
-         (nl80211) support in cfg80211.
-
-         If =n, drivers using mac80211 will be configured via
-         wireless extension support provided by that subsystem.
-
-         If unsure, say Y.
-
-config WIRELESS_EXT
-       bool "Wireless extensions"
-       default n
-       ---help---
-         This option enables the legacy wireless extensions
-         (wireless network interface configuration via ioctls.)
-
-         Wireless extensions will be replaced by cfg80211 and
-         will be required only by legacy drivers that implement
-         wireless extension handlers. This option does not
-         affect the wireless-extension backward compatibility
-         code in cfg80211.
-
-         Say N (if you can) unless you know you need wireless
-         extensions for external modules.
 
+++ /dev/null
-obj-$(CONFIG_CFG80211) += cfg80211.o
-
-cfg80211-y += core.o sysfs.o radiotap.o
-cfg80211-$(CONFIG_NL80211) += nl80211.o
 
+++ /dev/null
-/*
- * This is the linux wireless configuration interface.
- *
- * Copyright 2006, 2007                Johannes Berg <johannes@sipsolutions.net>
- */
-
-#include <linux/if.h>
-#include <linux/module.h>
-#include <linux/err.h>
-#include <linux/mutex.h>
-#include <linux/list.h>
-#include <linux/nl80211.h>
-#include <linux/debugfs.h>
-#include <linux/notifier.h>
-#include <linux/device.h>
-#include <net/genetlink.h>
-#include <net/cfg80211.h>
-#include <net/wireless.h>
-#include "nl80211.h"
-#include "core.h"
-#include "sysfs.h"
-
-/* name for sysfs, %d is appended */
-#define PHY_NAME "phy"
-
-MODULE_AUTHOR("Johannes Berg");
-MODULE_LICENSE("GPL");
-MODULE_DESCRIPTION("wireless configuration support");
-
-/* RCU might be appropriate here since we usually
- * only read the list, and that can happen quite
- * often because we need to do it for each command */
-LIST_HEAD(cfg80211_drv_list);
-DEFINE_MUTEX(cfg80211_drv_mutex);
-static int wiphy_counter;
-
-/* for debugfs */
-static struct dentry *ieee80211_debugfs_dir;
-
-/* requires cfg80211_drv_mutex to be held! */
-static struct cfg80211_registered_device *cfg80211_drv_by_wiphy(int wiphy)
-{
-       struct cfg80211_registered_device *result = NULL, *drv;
-
-       list_for_each_entry(drv, &cfg80211_drv_list, list) {
-               if (drv->idx == wiphy) {
-                       result = drv;
-                       break;
-               }
-       }
-
-       return result;
-}
-
-/* requires cfg80211_drv_mutex to be held! */
-static struct cfg80211_registered_device *
-__cfg80211_drv_from_info(struct genl_info *info)
-{
-       int ifindex;
-       struct cfg80211_registered_device *bywiphy = NULL, *byifidx = NULL;
-       struct net_device *dev;
-       int err = -EINVAL;
-
-       if (info->attrs[NL80211_ATTR_WIPHY]) {
-               bywiphy = cfg80211_drv_by_wiphy(
-                               nla_get_u32(info->attrs[NL80211_ATTR_WIPHY]));
-               err = -ENODEV;
-       }
-
-       if (info->attrs[NL80211_ATTR_IFINDEX]) {
-               ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
-               dev = dev_get_by_index(ifindex);
-               if (dev) {
-                       if (dev->ieee80211_ptr)
-                               byifidx =
-                                       wiphy_to_dev(dev->ieee80211_ptr->wiphy);
-                       dev_put(dev);
-               }
-               err = -ENODEV;
-       }
-
-       if (bywiphy && byifidx) {
-               if (bywiphy != byifidx)
-                       return ERR_PTR(-EINVAL);
-               else
-                       return bywiphy; /* == byifidx */
-       }
-       if (bywiphy)
-               return bywiphy;
-
-       if (byifidx)
-               return byifidx;
-
-       return ERR_PTR(err);
-}
-
-struct cfg80211_registered_device *
-cfg80211_get_dev_from_info(struct genl_info *info)
-{
-       struct cfg80211_registered_device *drv;
-
-       mutex_lock(&cfg80211_drv_mutex);
-       drv = __cfg80211_drv_from_info(info);
-
-       /* if it is not an error we grab the lock on
-        * it to assure it won't be going away while
-        * we operate on it */
-       if (!IS_ERR(drv))
-               mutex_lock(&drv->mtx);
-
-       mutex_unlock(&cfg80211_drv_mutex);
-
-       return drv;
-}
-
-struct cfg80211_registered_device *
-cfg80211_get_dev_from_ifindex(int ifindex)
-{
-       struct cfg80211_registered_device *drv = ERR_PTR(-ENODEV);
-       struct net_device *dev;
-
-       mutex_lock(&cfg80211_drv_mutex);
-       dev = dev_get_by_index(ifindex);
-       if (!dev)
-               goto out;
-       if (dev->ieee80211_ptr) {
-               drv = wiphy_to_dev(dev->ieee80211_ptr->wiphy);
-               mutex_lock(&drv->mtx);
-       } else
-               drv = ERR_PTR(-ENODEV);
-       dev_put(dev);
- out:
-       mutex_unlock(&cfg80211_drv_mutex);
-       return drv;
-}
-
-void cfg80211_put_dev(struct cfg80211_registered_device *drv)
-{
-       BUG_ON(IS_ERR(drv));
-       mutex_unlock(&drv->mtx);
-}
-
-int cfg80211_dev_rename(struct cfg80211_registered_device *rdev,
-                       char *newname)
-{
-       int idx, taken = -1, result, digits;
-
-       /* prohibit calling the thing phy%d when %d is not its number */
-       sscanf(newname, PHY_NAME "%d%n", &idx, &taken);
-       if (taken == strlen(newname) && idx != rdev->idx) {
-               /* count number of places needed to print idx */
-               digits = 1;
-               while (idx /= 10)
-                       digits++;
-               /*
-                * deny the name if it is phy<idx> where <idx> is printed
-                * without leading zeroes. taken == strlen(newname) here
-                */
-               if (taken == strlen(PHY_NAME) + digits)
-                       return -EINVAL;
-       }
-
-       /* this will check for collisions */
-       result = device_rename(&rdev->wiphy.dev, newname);
-       if (result)
-               return result;
-
-       if (!debugfs_rename(rdev->wiphy.debugfsdir->d_parent,
-                           rdev->wiphy.debugfsdir,
-                           rdev->wiphy.debugfsdir->d_parent,
-                           newname))
-               printk(KERN_ERR "cfg80211: failed to rename debugfs dir to %s!\n",
-                      newname);
-
-       nl80211_notify_dev_rename(rdev);
-
-       return 0;
-}
-
-/* exported functions */
-
-struct wiphy *wiphy_new(struct cfg80211_ops *ops, int sizeof_priv)
-{
-       struct cfg80211_registered_device *drv;
-       int alloc_size;
-
-       alloc_size = sizeof(*drv) + sizeof_priv;
-
-       drv = kzalloc(alloc_size, GFP_KERNEL);
-       if (!drv)
-               return NULL;
-
-       drv->ops = ops;
-
-       mutex_lock(&cfg80211_drv_mutex);
-
-       drv->idx = wiphy_counter;
-
-       /* now increase counter for the next device unless
-        * it has wrapped previously */
-       if (wiphy_counter >= 0)
-               wiphy_counter++;
-
-       mutex_unlock(&cfg80211_drv_mutex);
-
-       if (unlikely(drv->idx < 0)) {
-               /* ugh, wrapped! */
-               kfree(drv);
-               return NULL;
-       }
-
-       /* give it a proper name */
-       snprintf(drv->wiphy.dev.bus_id, BUS_ID_SIZE,
-                PHY_NAME "%d", drv->idx);
-
-       mutex_init(&drv->mtx);
-       mutex_init(&drv->devlist_mtx);
-       INIT_LIST_HEAD(&drv->netdev_list);
-
-       device_initialize(&drv->wiphy.dev);
-       drv->wiphy.dev.class = &ieee80211_class;
-       drv->wiphy.dev.platform_data = drv;
-
-       return &drv->wiphy;
-}
-EXPORT_SYMBOL(wiphy_new);
-
-int wiphy_register(struct wiphy *wiphy)
-{
-       struct cfg80211_registered_device *drv = wiphy_to_dev(wiphy);
-       int res;
-
-       mutex_lock(&cfg80211_drv_mutex);
-
-       res = device_add(&drv->wiphy.dev);
-       if (res)
-               goto out_unlock;
-
-       list_add(&drv->list, &cfg80211_drv_list);
-
-       /* add to debugfs */
-       drv->wiphy.debugfsdir =
-               debugfs_create_dir(wiphy_name(&drv->wiphy),
-                                  ieee80211_debugfs_dir);
-
-       res = 0;
-out_unlock:
-       mutex_unlock(&cfg80211_drv_mutex);
-       return res;
-}
-EXPORT_SYMBOL(wiphy_register);
-
-void wiphy_unregister(struct wiphy *wiphy)
-{
-       struct cfg80211_registered_device *drv = wiphy_to_dev(wiphy);
-
-       /* protect the device list */
-       mutex_lock(&cfg80211_drv_mutex);
-
-       BUG_ON(!list_empty(&drv->netdev_list));
-
-       /*
-        * Try to grab drv->mtx. If a command is still in progress,
-        * hopefully the driver will refuse it since it's tearing
-        * down the device already. We wait for this command to complete
-        * before unlinking the item from the list.
-        * Note: as codified by the BUG_ON above we cannot get here if
-        * a virtual interface is still associated. Hence, we can only
-        * get to lock contention here if userspace issues a command
-        * that identified the hardware by wiphy index.
-        */
-       mutex_lock(&drv->mtx);
-       /* unlock again before freeing */
-       mutex_unlock(&drv->mtx);
-
-       list_del(&drv->list);
-       device_del(&drv->wiphy.dev);
-       debugfs_remove(drv->wiphy.debugfsdir);
-
-       mutex_unlock(&cfg80211_drv_mutex);
-}
-EXPORT_SYMBOL(wiphy_unregister);
-
-void cfg80211_dev_free(struct cfg80211_registered_device *drv)
-{
-       mutex_destroy(&drv->mtx);
-       mutex_destroy(&drv->devlist_mtx);
-       kfree(drv);
-}
-
-void wiphy_free(struct wiphy *wiphy)
-{
-       put_device(&wiphy->dev);
-}
-EXPORT_SYMBOL(wiphy_free);
-
-static int cfg80211_netdev_notifier_call(struct notifier_block * nb,
-                                        unsigned long state,
-                                        void *ndev)
-{
-       struct net_device *dev = ndev;
-       struct cfg80211_registered_device *rdev;
-
-       if (!dev->ieee80211_ptr)
-               return 0;
-
-       rdev = wiphy_to_dev(dev->ieee80211_ptr->wiphy);
-
-       switch (state) {
-       case NETDEV_REGISTER:
-               mutex_lock(&rdev->devlist_mtx);
-               list_add(&dev->ieee80211_ptr->list, &rdev->netdev_list);
-               if (sysfs_create_link(&dev->dev.kobj, &rdev->wiphy.dev.kobj,
-                                     "phy80211")) {
-                       printk(KERN_ERR "wireless: failed to add phy80211 "
-                               "symlink to netdev!\n");
-               }
-               dev->ieee80211_ptr->netdev = dev;
-               mutex_unlock(&rdev->devlist_mtx);
-               break;
-       case NETDEV_UNREGISTER:
-               mutex_lock(&rdev->devlist_mtx);
-               if (!list_empty(&dev->ieee80211_ptr->list)) {
-                       sysfs_remove_link(&dev->dev.kobj, "phy80211");
-                       list_del_init(&dev->ieee80211_ptr->list);
-               }
-               mutex_unlock(&rdev->devlist_mtx);
-               break;
-       }
-
-       return 0;
-}
-
-static struct notifier_block cfg80211_netdev_notifier = {
-       .notifier_call = cfg80211_netdev_notifier_call,
-};
-
-static int cfg80211_init(void)
-{
-       int err = wiphy_sysfs_init();
-       if (err)
-               goto out_fail_sysfs;
-
-       err = register_netdevice_notifier(&cfg80211_netdev_notifier);
-       if (err)
-               goto out_fail_notifier;
-
-       err = nl80211_init();
-       if (err)
-               goto out_fail_nl80211;
-
-       ieee80211_debugfs_dir = debugfs_create_dir("ieee80211", NULL);
-
-       return 0;
-
-out_fail_nl80211:
-       unregister_netdevice_notifier(&cfg80211_netdev_notifier);
-out_fail_notifier:
-       wiphy_sysfs_exit();
-out_fail_sysfs:
-       return err;
-}
-subsys_initcall(cfg80211_init);
-
-static void cfg80211_exit(void)
-{
-       debugfs_remove(ieee80211_debugfs_dir);
-       nl80211_exit();
-       unregister_netdevice_notifier(&cfg80211_netdev_notifier);
-       wiphy_sysfs_exit();
-}
-module_exit(cfg80211_exit);
 
+++ /dev/null
-/*
- * Wireless configuration interface internals.
- *
- * Copyright 2006, 2007 Johannes Berg <johannes@sipsolutions.net>
- */
-#ifndef __NET_WIRELESS_CORE_H
-#define __NET_WIRELESS_CORE_H
-#include <linux/mutex.h>
-#include <linux/list.h>
-#include <linux/netdevice.h>
-#include <net/genetlink.h>
-#include <net/wireless.h>
-#include <net/cfg80211.h>
-
-struct cfg80211_registered_device {
-       struct cfg80211_ops *ops;
-       struct list_head list;
-       /* we hold this mutex during any call so that
-        * we cannot do multiple calls at once, and also
-        * to avoid the deregister call to proceed while
-        * any call is in progress */
-       struct mutex mtx;
-
-       /* wiphy index, internal only */
-       int idx;
-
-       /* associate netdev list */
-       struct mutex devlist_mtx;
-       struct list_head netdev_list;
-
-       /* must be last because of the way we do wiphy_priv(),
-        * and it should at least be aligned to NETDEV_ALIGN */
-       struct wiphy wiphy __attribute__((__aligned__(NETDEV_ALIGN)));
-};
-
-static inline
-struct cfg80211_registered_device *wiphy_to_dev(struct wiphy *wiphy)
-{
-       BUG_ON(!wiphy);
-       return container_of(wiphy, struct cfg80211_registered_device, wiphy);
-}
-
-extern struct mutex cfg80211_drv_mutex;
-extern struct list_head cfg80211_drv_list;
-
-/*
- * This function returns a pointer to the driver
- * that the genl_info item that is passed refers to.
- * If successful, it returns non-NULL and also locks
- * the driver's mutex!
- *
- * This means that you need to call cfg80211_put_dev()
- * before being allowed to acquire &cfg80211_drv_mutex!
- *
- * This is necessary because we need to lock the global
- * mutex to get an item off the list safely, and then
- * we lock the drv mutex so it doesn't go away under us.
- *
- * We don't want to keep cfg80211_drv_mutex locked
- * for all the time in order to allow requests on
- * other interfaces to go through at the same time.
- *
- * The result of this can be a PTR_ERR and hence must
- * be checked with IS_ERR() for errors.
- */
-extern struct cfg80211_registered_device *
-cfg80211_get_dev_from_info(struct genl_info *info);
-
-/* identical to cfg80211_get_dev_from_info but only operate on ifindex */
-extern struct cfg80211_registered_device *
-cfg80211_get_dev_from_ifindex(int ifindex);
-
-extern void cfg80211_put_dev(struct cfg80211_registered_device *drv);
-
-/* free object */
-extern void cfg80211_dev_free(struct cfg80211_registered_device *drv);
-
-extern int cfg80211_dev_rename(struct cfg80211_registered_device *drv,
-                              char *newname);
-
-#endif /* __NET_WIRELESS_CORE_H */
 
+++ /dev/null
-/*
- * This is the new netlink-based wireless configuration interface.
- *
- * Copyright 2006, 2007        Johannes Berg <johannes@sipsolutions.net>
- */
-
-#include <linux/if.h>
-#include <linux/module.h>
-#include <linux/err.h>
-#include <linux/mutex.h>
-#include <linux/list.h>
-#include <linux/if_ether.h>
-#include <linux/ieee80211.h>
-#include <linux/nl80211.h>
-#include <linux/rtnetlink.h>
-#include <linux/netlink.h>
-#include <net/genetlink.h>
-#include <net/cfg80211.h>
-#include "core.h"
-#include "nl80211.h"
-
-/* the netlink family */
-static struct genl_family nl80211_fam = {
-       .id = GENL_ID_GENERATE, /* don't bother with a hardcoded ID */
-       .name = "nl80211",      /* have users key off the name instead */
-       .hdrsize = 0,           /* no private header */
-       .version = 1,           /* no particular meaning now */
-       .maxattr = NL80211_ATTR_MAX,
-};
-
-/* internal helper: get drv and dev */
-static int get_drv_dev_by_info_ifindex(struct genl_info *info,
-                                      struct cfg80211_registered_device **drv,
-                                      struct net_device **dev)
-{
-       int ifindex;
-
-       if (!info->attrs[NL80211_ATTR_IFINDEX])
-               return -EINVAL;
-
-       ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
-       *dev = dev_get_by_index(ifindex);
-       if (!*dev)
-               return -ENODEV;
-
-       *drv = cfg80211_get_dev_from_ifindex(ifindex);
-       if (IS_ERR(*drv)) {
-               dev_put(*dev);
-               return PTR_ERR(*drv);
-       }
-
-       return 0;
-}
-
-/* policy for the attributes */
-static struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] __read_mostly = {
-       [NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
-       [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
-                                     .len = BUS_ID_SIZE-1 },
-
-       [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
-       [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
-       [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
-};
-
-/* message building helper */
-static inline void *nl80211hdr_put(struct sk_buff *skb, u32 pid, u32 seq,
-                                  int flags, u8 cmd)
-{
-       /* since there is no private header just add the generic one */
-       return genlmsg_put(skb, pid, seq, &nl80211_fam, flags, cmd);
-}
-
-/* netlink command implementations */
-
-static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags,
-                             struct cfg80211_registered_device *dev)
-{
-       void *hdr;
-
-       hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_WIPHY);
-       if (!hdr)
-               return -1;
-
-       NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, dev->idx);
-       NLA_PUT_STRING(msg, NL80211_ATTR_WIPHY_NAME, wiphy_name(&dev->wiphy));
-       return genlmsg_end(msg, hdr);
-
- nla_put_failure:
-       return genlmsg_cancel(msg, hdr);
-}
-
-static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
-{
-       int idx = 0;
-       int start = cb->args[0];
-       struct cfg80211_registered_device *dev;
-
-       mutex_lock(&cfg80211_drv_mutex);
-       list_for_each_entry(dev, &cfg80211_drv_list, list) {
-               if (++idx < start)
-                       continue;
-               if (nl80211_send_wiphy(skb, NETLINK_CB(cb->skb).pid,
-                                      cb->nlh->nlmsg_seq, NLM_F_MULTI,
-                                      dev) < 0)
-                       break;
-       }
-       mutex_unlock(&cfg80211_drv_mutex);
-
-       cb->args[0] = idx;
-
-       return skb->len;
-}
-
-static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
-{
-       struct sk_buff *msg;
-       struct cfg80211_registered_device *dev;
-
-       dev = cfg80211_get_dev_from_info(info);
-       if (IS_ERR(dev))
-               return PTR_ERR(dev);
-
-       msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
-       if (!msg)
-               goto out_err;
-
-       if (nl80211_send_wiphy(msg, info->snd_pid, info->snd_seq, 0, dev) < 0)
-               goto out_free;
-
-       cfg80211_put_dev(dev);
-
-       return genlmsg_unicast(msg, info->snd_pid);
-
- out_free:
-       nlmsg_free(msg);
- out_err:
-       cfg80211_put_dev(dev);
-       return -ENOBUFS;
-}
-
-static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
-{
-       struct cfg80211_registered_device *rdev;
-       int result;
-
-       if (!info->attrs[NL80211_ATTR_WIPHY_NAME])
-               return -EINVAL;
-
-       rdev = cfg80211_get_dev_from_info(info);
-       if (IS_ERR(rdev))
-               return PTR_ERR(rdev);
-
-       result = cfg80211_dev_rename(rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
-
-       cfg80211_put_dev(rdev);
-       return result;
-}
-
-
-static int nl80211_send_iface(struct sk_buff *msg, u32 pid, u32 seq, int flags,
-                             struct net_device *dev)
-{
-       void *hdr;
-
-       hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_INTERFACE);
-       if (!hdr)
-               return -1;
-
-       NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
-       NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, dev->name);
-       /* TODO: interface type */
-       return genlmsg_end(msg, hdr);
-
- nla_put_failure:
-       return genlmsg_cancel(msg, hdr);
-}
-
-static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
-{
-       int wp_idx = 0;
-       int if_idx = 0;
-       int wp_start = cb->args[0];
-       int if_start = cb->args[1];
-       struct cfg80211_registered_device *dev;
-       struct wireless_dev *wdev;
-
-       mutex_lock(&cfg80211_drv_mutex);
-       list_for_each_entry(dev, &cfg80211_drv_list, list) {
-               if (++wp_idx < wp_start)
-                       continue;
-               if_idx = 0;
-
-               mutex_lock(&dev->devlist_mtx);
-               list_for_each_entry(wdev, &dev->netdev_list, list) {
-                       if (++if_idx < if_start)
-                               continue;
-                       if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).pid,
-                                              cb->nlh->nlmsg_seq, NLM_F_MULTI,
-                                              wdev->netdev) < 0)
-                               break;
-               }
-               mutex_unlock(&dev->devlist_mtx);
-       }
-       mutex_unlock(&cfg80211_drv_mutex);
-
-       cb->args[0] = wp_idx;
-       cb->args[1] = if_idx;
-
-       return skb->len;
-}
-
-static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
-{
-       struct sk_buff *msg;
-       struct cfg80211_registered_device *dev;
-       struct net_device *netdev;
-       int err;
-
-       err = get_drv_dev_by_info_ifindex(info, &dev, &netdev);
-       if (err)
-               return err;
-
-       msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
-       if (!msg)
-               goto out_err;
-
-       if (nl80211_send_iface(msg, info->snd_pid, info->snd_seq, 0, netdev) < 0)
-               goto out_free;
-
-       dev_put(netdev);
-       cfg80211_put_dev(dev);
-
-       return genlmsg_unicast(msg, info->snd_pid);
-
- out_free:
-       nlmsg_free(msg);
- out_err:
-       dev_put(netdev);
-       cfg80211_put_dev(dev);
-       return -ENOBUFS;
-}
-
-static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
-{
-       struct cfg80211_registered_device *drv;
-       int err, ifindex;
-       enum nl80211_iftype type;
-       struct net_device *dev;
-
-       if (info->attrs[NL80211_ATTR_IFTYPE]) {
-               type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
-               if (type > NL80211_IFTYPE_MAX)
-                       return -EINVAL;
-       } else
-               return -EINVAL;
-
-       err = get_drv_dev_by_info_ifindex(info, &drv, &dev);
-       if (err)
-               return err;
-       ifindex = dev->ifindex;
-       dev_put(dev);
-
-       if (!drv->ops->change_virtual_intf) {
-               err = -EOPNOTSUPP;
-               goto unlock;
-       }
-
-       rtnl_lock();
-       err = drv->ops->change_virtual_intf(&drv->wiphy, ifindex, type);
-       rtnl_unlock();
-
- unlock:
-       cfg80211_put_dev(drv);
-       return err;
-}
-
-static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
-{
-       struct cfg80211_registered_device *drv;
-       int err;
-       enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
-
-       if (!info->attrs[NL80211_ATTR_IFNAME])
-               return -EINVAL;
-
-       if (info->attrs[NL80211_ATTR_IFTYPE]) {
-               type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
-               if (type > NL80211_IFTYPE_MAX)
-                       return -EINVAL;
-       }
-
-       drv = cfg80211_get_dev_from_info(info);
-       if (IS_ERR(drv))
-               return PTR_ERR(drv);
-
-       if (!drv->ops->add_virtual_intf) {
-               err = -EOPNOTSUPP;
-               goto unlock;
-       }
-
-       rtnl_lock();
-       err = drv->ops->add_virtual_intf(&drv->wiphy,
-               nla_data(info->attrs[NL80211_ATTR_IFNAME]), type);
-       rtnl_unlock();
-
- unlock:
-       cfg80211_put_dev(drv);
-       return err;
-}
-
-static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
-{
-       struct cfg80211_registered_device *drv;
-       int ifindex, err;
-       struct net_device *dev;
-
-       err = get_drv_dev_by_info_ifindex(info, &drv, &dev);
-       if (err)
-               return err;
-       ifindex = dev->ifindex;
-       dev_put(dev);
-
-       if (!drv->ops->del_virtual_intf) {
-               err = -EOPNOTSUPP;
-               goto out;
-       }
-
-       rtnl_lock();
-       err = drv->ops->del_virtual_intf(&drv->wiphy, ifindex);
-       rtnl_unlock();
-
- out:
-       cfg80211_put_dev(drv);
-       return err;
-}
-
-static struct genl_ops nl80211_ops[] = {
-       {
-               .cmd = NL80211_CMD_GET_WIPHY,
-               .doit = nl80211_get_wiphy,
-               .dumpit = nl80211_dump_wiphy,
-               .policy = nl80211_policy,
-               /* can be retrieved by unprivileged users */
-       },
-       {
-               .cmd = NL80211_CMD_SET_WIPHY,
-               .doit = nl80211_set_wiphy,
-               .policy = nl80211_policy,
-               .flags = GENL_ADMIN_PERM,
-       },
-       {
-               .cmd = NL80211_CMD_GET_INTERFACE,
-               .doit = nl80211_get_interface,
-               .dumpit = nl80211_dump_interface,
-               .policy = nl80211_policy,
-               /* can be retrieved by unprivileged users */
-       },
-       {
-               .cmd = NL80211_CMD_SET_INTERFACE,
-               .doit = nl80211_set_interface,
-               .policy = nl80211_policy,
-               .flags = GENL_ADMIN_PERM,
-       },
-       {
-               .cmd = NL80211_CMD_NEW_INTERFACE,
-               .doit = nl80211_new_interface,
-               .policy = nl80211_policy,
-               .flags = GENL_ADMIN_PERM,
-       },
-       {
-               .cmd = NL80211_CMD_DEL_INTERFACE,
-               .doit = nl80211_del_interface,
-               .policy = nl80211_policy,
-               .flags = GENL_ADMIN_PERM,
-       },
-};
-
-/* multicast groups */
-static struct genl_multicast_group nl80211_config_mcgrp = {
-       .name = "config",
-};
-
-/* notification functions */
-
-void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev)
-{
-       struct sk_buff *msg;
-
-       msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
-       if (!msg)
-               return;
-
-       if (nl80211_send_wiphy(msg, 0, 0, 0, rdev) < 0) {
-               nlmsg_free(msg);
-               return;
-       }
-
-       genlmsg_multicast(msg, 0, nl80211_config_mcgrp.id, GFP_KERNEL);
-}
-
-/* initialisation/exit functions */
-
-int nl80211_init(void)
-{
-       int err, i;
-
-       err = genl_register_family(&nl80211_fam);
-       if (err)
-               return err;
-
-       for (i = 0; i < ARRAY_SIZE(nl80211_ops); i++) {
-               err = genl_register_ops(&nl80211_fam, &nl80211_ops[i]);
-               if (err)
-                       goto err_out;
-       }
-
-       err = genl_register_mc_group(&nl80211_fam, &nl80211_config_mcgrp);
-       if (err)
-               goto err_out;
-
-       return 0;
- err_out:
-       genl_unregister_family(&nl80211_fam);
-       return err;
-}
-
-void nl80211_exit(void)
-{
-       genl_unregister_family(&nl80211_fam);
-}
 
+++ /dev/null
-#ifndef __NET_WIRELESS_NL80211_H
-#define __NET_WIRELESS_NL80211_H
-
-#include "core.h"
-
-#ifdef CONFIG_NL80211
-extern int nl80211_init(void);
-extern void nl80211_exit(void);
-extern void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev);
-#else
-static inline int nl80211_init(void)
-{
-       return 0;
-}
-static inline void nl80211_exit(void)
-{
-}
-static inline void nl80211_notify_dev_rename(
-       struct cfg80211_registered_device *rdev)
-{
-}
-#endif /* CONFIG_NL80211 */
-
-#endif /* __NET_WIRELESS_NL80211_H */
 
+++ /dev/null
-/*
- * Radiotap parser
- *
- * Copyright 2007              Andy Green <andy@warmcat.com>
- */
-
-#include <net/cfg80211.h>
-#include <net/ieee80211_radiotap.h>
-#include <asm/unaligned.h>
-
-/* function prototypes and related defs are in include/net/cfg80211.h */
-
-/**
- * ieee80211_radiotap_iterator_init - radiotap parser iterator initialization
- * @iterator: radiotap_iterator to initialize
- * @radiotap_header: radiotap header to parse
- * @max_length: total length we can parse into (eg, whole packet length)
- *
- * Returns: 0 or a negative error code if there is a problem.
- *
- * This function initializes an opaque iterator struct which can then
- * be passed to ieee80211_radiotap_iterator_next() to visit every radiotap
- * argument which is present in the header.  It knows about extended
- * present headers and handles them.
- *
- * How to use:
- * call __ieee80211_radiotap_iterator_init() to init a semi-opaque iterator
- * struct ieee80211_radiotap_iterator (no need to init the struct beforehand)
- * checking for a good 0 return code.  Then loop calling
- * __ieee80211_radiotap_iterator_next()... it returns either 0,
- * -ENOENT if there are no more args to parse, or -EINVAL if there is a problem.
- * The iterator's @this_arg member points to the start of the argument
- * associated with the current argument index that is present, which can be
- * found in the iterator's @this_arg_index member.  This arg index corresponds
- * to the IEEE80211_RADIOTAP_... defines.
- *
- * Radiotap header length:
- * You can find the CPU-endian total radiotap header length in
- * iterator->max_length after executing ieee80211_radiotap_iterator_init()
- * successfully.
- *
- * Alignment Gotcha:
- * You must take care when dereferencing iterator.this_arg
- * for multibyte types... the pointer is not aligned.  Use
- * get_unaligned((type *)iterator.this_arg) to dereference
- * iterator.this_arg for type "type" safely on all arches.
- *
- * Example code:
- * See Documentation/networking/radiotap-headers.txt
- */
-
-int ieee80211_radiotap_iterator_init(
-    struct ieee80211_radiotap_iterator *iterator,
-    struct ieee80211_radiotap_header *radiotap_header,
-    int max_length)
-{
-       /* Linux only supports version 0 radiotap format */
-       if (radiotap_header->it_version)
-               return -EINVAL;
-
-       /* sanity check for allowed length and radiotap length field */
-       if (max_length < le16_to_cpu(get_unaligned(&radiotap_header->it_len)))
-               return -EINVAL;
-
-       iterator->rtheader = radiotap_header;
-       iterator->max_length = le16_to_cpu(get_unaligned(
-                                               &radiotap_header->it_len));
-       iterator->arg_index = 0;
-       iterator->bitmap_shifter = le32_to_cpu(get_unaligned(
-                                               &radiotap_header->it_present));
-       iterator->arg = (u8 *)radiotap_header + sizeof(*radiotap_header);
-       iterator->this_arg = NULL;
-
-       /* find payload start allowing for extended bitmap(s) */
-
-       if (unlikely(iterator->bitmap_shifter & (1<<IEEE80211_RADIOTAP_EXT))) {
-               while (le32_to_cpu(get_unaligned((__le32 *)iterator->arg)) &
-                                  (1<<IEEE80211_RADIOTAP_EXT)) {
-                       iterator->arg += sizeof(u32);
-
-                       /*
-                        * check for insanity where the present bitmaps
-                        * keep claiming to extend up to or even beyond the
-                        * stated radiotap header length
-                        */
-
-                       if (((ulong)iterator->arg -
-                            (ulong)iterator->rtheader) > iterator->max_length)
-                               return -EINVAL;
-               }
-
-               iterator->arg += sizeof(u32);
-
-               /*
-                * no need to check again for blowing past stated radiotap
-                * header length, because ieee80211_radiotap_iterator_next
-                * checks it before it is dereferenced
-                */
-       }
-
-       /* we are all initialized happily */
-
-       return 0;
-}
-EXPORT_SYMBOL(ieee80211_radiotap_iterator_init);
-
-
-/**
- * ieee80211_radiotap_iterator_next - return next radiotap parser iterator arg
- * @iterator: radiotap_iterator to move to next arg (if any)
- *
- * Returns: 0 if there is an argument to handle,
- * -ENOENT if there are no more args or -EINVAL
- * if there is something else wrong.
- *
- * This function provides the next radiotap arg index (IEEE80211_RADIOTAP_*)
- * in @this_arg_index and sets @this_arg to point to the
- * payload for the field.  It takes care of alignment handling and extended
- * present fields.  @this_arg can be changed by the caller (eg,
- * incremented to move inside a compound argument like
- * IEEE80211_RADIOTAP_CHANNEL).  The args pointed to are in
- * little-endian format whatever the endianess of your CPU.
- *
- * Alignment Gotcha:
- * You must take care when dereferencing iterator.this_arg
- * for multibyte types... the pointer is not aligned.  Use
- * get_unaligned((type *)iterator.this_arg) to dereference
- * iterator.this_arg for type "type" safely on all arches.
- */
-
-int ieee80211_radiotap_iterator_next(
-    struct ieee80211_radiotap_iterator *iterator)
-{
-
-       /*
-        * small length lookup table for all radiotap types we heard of
-        * starting from b0 in the bitmap, so we can walk the payload
-        * area of the radiotap header
-        *
-        * There is a requirement to pad args, so that args
-        * of a given length must begin at a boundary of that length
-        * -- but note that compound args are allowed (eg, 2 x u16
-        * for IEEE80211_RADIOTAP_CHANNEL) so total arg length is not
-        * a reliable indicator of alignment requirement.
-        *
-        * upper nybble: content alignment for arg
-        * lower nybble: content length for arg
-        */
-
-       static const u8 rt_sizes[] = {
-               [IEEE80211_RADIOTAP_TSFT] = 0x88,
-               [IEEE80211_RADIOTAP_FLAGS] = 0x11,
-               [IEEE80211_RADIOTAP_RATE] = 0x11,
-               [IEEE80211_RADIOTAP_CHANNEL] = 0x24,
-               [IEEE80211_RADIOTAP_FHSS] = 0x22,
-               [IEEE80211_RADIOTAP_DBM_ANTSIGNAL] = 0x11,
-               [IEEE80211_RADIOTAP_DBM_ANTNOISE] = 0x11,
-               [IEEE80211_RADIOTAP_LOCK_QUALITY] = 0x22,
-               [IEEE80211_RADIOTAP_TX_ATTENUATION] = 0x22,
-               [IEEE80211_RADIOTAP_DB_TX_ATTENUATION] = 0x22,
-               [IEEE80211_RADIOTAP_DBM_TX_POWER] = 0x11,
-               [IEEE80211_RADIOTAP_ANTENNA] = 0x11,
-               [IEEE80211_RADIOTAP_DB_ANTSIGNAL] = 0x11,
-               [IEEE80211_RADIOTAP_DB_ANTNOISE] = 0x11,
-               [IEEE80211_RADIOTAP_RX_FLAGS] = 0x22,
-               [IEEE80211_RADIOTAP_TX_FLAGS] = 0x22,
-               [IEEE80211_RADIOTAP_RTS_RETRIES] = 0x11,
-               [IEEE80211_RADIOTAP_DATA_RETRIES] = 0x11,
-               /*
-                * add more here as they are defined in
-                * include/net/ieee80211_radiotap.h
-                */
-       };
-
-       /*
-        * for every radiotap entry we can at
-        * least skip (by knowing the length)...
-        */
-
-       while (iterator->arg_index < sizeof(rt_sizes)) {
-               int hit = 0;
-               int pad;
-
-               if (!(iterator->bitmap_shifter & 1))
-                       goto next_entry; /* arg not present */
-
-               /*
-                * arg is present, account for alignment padding
-                *  8-bit args can be at any alignment
-                * 16-bit args must start on 16-bit boundary
-                * 32-bit args must start on 32-bit boundary
-                * 64-bit args must start on 64-bit boundary
-                *
-                * note that total arg size can differ from alignment of
-                * elements inside arg, so we use upper nybble of length
-                * table to base alignment on
-                *
-                * also note: these alignments are ** relative to the
-                * start of the radiotap header **.  There is no guarantee
-                * that the radiotap header itself is aligned on any
-                * kind of boundary.
-                *
-                * the above is why get_unaligned() is used to dereference
-                * multibyte elements from the radiotap area
-                */
-
-               pad = (((ulong)iterator->arg) -
-                       ((ulong)iterator->rtheader)) &
-                       ((rt_sizes[iterator->arg_index] >> 4) - 1);
-
-               if (pad)
-                       iterator->arg +=
-                               (rt_sizes[iterator->arg_index] >> 4) - pad;
-
-               /*
-                * this is what we will return to user, but we need to
-                * move on first so next call has something fresh to test
-                */
-               iterator->this_arg_index = iterator->arg_index;
-               iterator->this_arg = iterator->arg;
-               hit = 1;
-
-               /* internally move on the size of this arg */
-               iterator->arg += rt_sizes[iterator->arg_index] & 0x0f;
-
-               /*
-                * check for insanity where we are given a bitmap that
-                * claims to have more arg content than the length of the
-                * radiotap section.  We will normally end up equalling this
-                * max_length on the last arg, never exceeding it.
-                */
-
-               if (((ulong)iterator->arg - (ulong)iterator->rtheader) >
-                   iterator->max_length)
-                       return -EINVAL;
-
-       next_entry:
-               iterator->arg_index++;
-               if (unlikely((iterator->arg_index & 31) == 0)) {
-                       /* completed current u32 bitmap */
-                       if (iterator->bitmap_shifter & 1) {
-                               /* b31 was set, there is more */
-                               /* move to next u32 bitmap */
-                               iterator->bitmap_shifter = le32_to_cpu(
-                                       get_unaligned(iterator->next_bitmap));
-                               iterator->next_bitmap++;
-                       } else
-                               /* no more bitmaps: end */
-                               iterator->arg_index = sizeof(rt_sizes);
-               } else /* just try the next bit */
-                       iterator->bitmap_shifter >>= 1;
-
-               /* if we found a valid arg earlier, return it now */
-               if (hit)
-                       return 0;
-       }
-
-       /* we don't know how to handle any more args, we're done */
-       return -ENOENT;
-}
-EXPORT_SYMBOL(ieee80211_radiotap_iterator_next);
 
+++ /dev/null
-/*
- * This file provides /sys/class/ieee80211/<wiphy name>/
- * and some default attributes.
- *
- * Copyright 2005-2006 Jiri Benc <jbenc@suse.cz>
- * Copyright 2006      Johannes Berg <johannes@sipsolutions.net>
- *
- * This file is GPLv2 as found in COPYING.
- */
-
-#include <linux/device.h>
-#include <linux/module.h>
-#include <linux/netdevice.h>
-#include <linux/nl80211.h>
-#include <linux/rtnetlink.h>
-#include <net/cfg80211.h>
-#include "sysfs.h"
-#include "core.h"
-
-static inline struct cfg80211_registered_device *dev_to_rdev(
-       struct device *dev)
-{
-       return container_of(dev, struct cfg80211_registered_device, wiphy.dev);
-}
-
-static ssize_t _show_index(struct device *dev, struct device_attribute *attr,
-                          char *buf)
-{
-       return sprintf(buf, "%d\n", dev_to_rdev(dev)->idx);
-}
-
-static ssize_t _show_permaddr(struct device *dev,
-                             struct device_attribute *attr,
-                             char *buf)
-{
-       unsigned char *addr = dev_to_rdev(dev)->wiphy.perm_addr;
-
-       return sprintf(buf, "%.2x:%.2x:%.2x:%.2x:%.2x:%.2x\n",
-                      addr[0], addr[1], addr[2], addr[3], addr[4], addr[5]);
-}
-
-static struct device_attribute ieee80211_dev_attrs[] = {
-       __ATTR(index, S_IRUGO, _show_index, NULL),
-       __ATTR(macaddress, S_IRUGO, _show_permaddr, NULL),
-       {}
-};
-
-static void wiphy_dev_release(struct device *dev)
-{
-       struct cfg80211_registered_device *rdev = dev_to_rdev(dev);
-
-       cfg80211_dev_free(rdev);
-}
-
-#ifdef CONFIG_HOTPLUG
-static int wiphy_uevent(struct device *dev, char **envp,
-                       int num_envp, char *buf, int size)
-{
-       /* TODO, we probably need stuff here */
-       return 0;
-}
-#endif
-
-struct class ieee80211_class = {
-       .name = "ieee80211",
-       .owner = THIS_MODULE,
-       .dev_release = wiphy_dev_release,
-       .dev_attrs = ieee80211_dev_attrs,
-#ifdef CONFIG_HOTPLUG
-       .dev_uevent = wiphy_uevent,
-#endif
-};
-
-int wiphy_sysfs_init(void)
-{
-       return class_register(&ieee80211_class);
-}
-
-void wiphy_sysfs_exit(void)
-{
-       class_unregister(&ieee80211_class);
-}
 
+++ /dev/null
-#ifndef __WIRELESS_SYSFS_H
-#define __WIRELESS_SYSFS_H
-
-extern int wiphy_sysfs_init(void);
-extern void wiphy_sysfs_exit(void);
-
-extern struct class ieee80211_class;
-
-#endif /* __WIRELESS_SYSFS_H */