1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (c) 2008, 2009 open80211s Ltd. 4 * Copyright (C) 2018 - 2019 Intel Corporation 5 * Authors: Luis Carlos Cobo <luisca@cozybit.com> 6 * Javier Cardona <javier@cozybit.com> 7 */ 8 9 #include <linux/slab.h> 10 #include <asm/unaligned.h> 11 #include "ieee80211_i.h" 12 #include "mesh.h" 13 #include "driver-ops.h" 14 15 static int mesh_allocated; 16 static struct kmem_cache *rm_cache; 17 18 bool mesh_action_is_path_sel(struct ieee80211_mgmt *mgmt) 19 { 20 return (mgmt->u.action.u.mesh_action.action_code == 21 WLAN_MESH_ACTION_HWMP_PATH_SELECTION); 22 } 23 24 void ieee80211s_init(void) 25 { 26 mesh_allocated = 1; 27 rm_cache = kmem_cache_create("mesh_rmc", sizeof(struct rmc_entry), 28 0, 0, NULL); 29 } 30 31 void ieee80211s_stop(void) 32 { 33 if (!mesh_allocated) 34 return; 35 kmem_cache_destroy(rm_cache); 36 } 37 38 static void ieee80211_mesh_housekeeping_timer(struct timer_list *t) 39 { 40 struct ieee80211_sub_if_data *sdata = 41 from_timer(sdata, t, u.mesh.housekeeping_timer); 42 struct ieee80211_local *local = sdata->local; 43 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; 44 45 set_bit(MESH_WORK_HOUSEKEEPING, &ifmsh->wrkq_flags); 46 47 ieee80211_queue_work(&local->hw, &sdata->work); 48 } 49 50 /** 51 * mesh_matches_local - check if the config of a mesh point matches ours 52 * 53 * @sdata: local mesh subif 54 * @ie: information elements of a management frame from the mesh peer 55 * 56 * This function checks if the mesh configuration of a mesh point matches the 57 * local mesh configuration, i.e. if both nodes belong to the same mesh network. 58 */ 59 bool mesh_matches_local(struct ieee80211_sub_if_data *sdata, 60 struct ieee802_11_elems *ie) 61 { 62 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; 63 u32 basic_rates = 0; 64 struct cfg80211_chan_def sta_chan_def; 65 struct ieee80211_supported_band *sband; 66 67 /* 68 * As support for each feature is added, check for matching 69 * - On mesh config capabilities 70 * - Power Save Support En 71 * - Sync support enabled 72 * - Sync support active 73 * - Sync support required from peer 74 * - MDA enabled 75 * - Power management control on fc 76 */ 77 if (!(ifmsh->mesh_id_len == ie->mesh_id_len && 78 memcmp(ifmsh->mesh_id, ie->mesh_id, ie->mesh_id_len) == 0 && 79 (ifmsh->mesh_pp_id == ie->mesh_config->meshconf_psel) && 80 (ifmsh->mesh_pm_id == ie->mesh_config->meshconf_pmetric) && 81 (ifmsh->mesh_cc_id == ie->mesh_config->meshconf_congest) && 82 (ifmsh->mesh_sp_id == ie->mesh_config->meshconf_synch) && 83 (ifmsh->mesh_auth_id == ie->mesh_config->meshconf_auth))) 84 return false; 85 86 sband = ieee80211_get_sband(sdata); 87 if (!sband) 88 return false; 89 90 ieee80211_sta_get_rates(sdata, ie, sband->band, 91 &basic_rates); 92 93 if (sdata->vif.bss_conf.basic_rates != basic_rates) 94 return false; 95 96 cfg80211_chandef_create(&sta_chan_def, sdata->vif.bss_conf.chandef.chan, 97 NL80211_CHAN_NO_HT); 98 ieee80211_chandef_ht_oper(ie->ht_operation, &sta_chan_def); 99 ieee80211_chandef_vht_oper(&sdata->local->hw, 100 ie->vht_operation, ie->ht_operation, 101 &sta_chan_def); 102 103 if (!cfg80211_chandef_compatible(&sdata->vif.bss_conf.chandef, 104 &sta_chan_def)) 105 return false; 106 107 return true; 108 } 109 110 /** 111 * mesh_peer_accepts_plinks - check if an mp is willing to establish peer links 112 * 113 * @ie: information elements of a management frame from the mesh peer 114 */ 115 bool mesh_peer_accepts_plinks(struct ieee802_11_elems *ie) 116 { 117 return (ie->mesh_config->meshconf_cap & 118 IEEE80211_MESHCONF_CAPAB_ACCEPT_PLINKS) != 0; 119 } 120 121 /** 122 * mesh_accept_plinks_update - update accepting_plink in local mesh beacons 123 * 124 * @sdata: mesh interface in which mesh beacons are going to be updated 125 * 126 * Returns: beacon changed flag if the beacon content changed. 127 */ 128 u32 mesh_accept_plinks_update(struct ieee80211_sub_if_data *sdata) 129 { 130 bool free_plinks; 131 u32 changed = 0; 132 133 /* In case mesh_plink_free_count > 0 and mesh_plinktbl_capacity == 0, 134 * the mesh interface might be able to establish plinks with peers that 135 * are already on the table but are not on PLINK_ESTAB state. However, 136 * in general the mesh interface is not accepting peer link requests 137 * from new peers, and that must be reflected in the beacon 138 */ 139 free_plinks = mesh_plink_availables(sdata); 140 141 if (free_plinks != sdata->u.mesh.accepting_plinks) { 142 sdata->u.mesh.accepting_plinks = free_plinks; 143 changed = BSS_CHANGED_BEACON; 144 } 145 146 return changed; 147 } 148 149 /* 150 * mesh_sta_cleanup - clean up any mesh sta state 151 * 152 * @sta: mesh sta to clean up. 153 */ 154 void mesh_sta_cleanup(struct sta_info *sta) 155 { 156 struct ieee80211_sub_if_data *sdata = sta->sdata; 157 u32 changed = mesh_plink_deactivate(sta); 158 159 if (changed) 160 ieee80211_mbss_info_change_notify(sdata, changed); 161 } 162 163 int mesh_rmc_init(struct ieee80211_sub_if_data *sdata) 164 { 165 int i; 166 167 sdata->u.mesh.rmc = kmalloc(sizeof(struct mesh_rmc), GFP_KERNEL); 168 if (!sdata->u.mesh.rmc) 169 return -ENOMEM; 170 sdata->u.mesh.rmc->idx_mask = RMC_BUCKETS - 1; 171 for (i = 0; i < RMC_BUCKETS; i++) 172 INIT_HLIST_HEAD(&sdata->u.mesh.rmc->bucket[i]); 173 return 0; 174 } 175 176 void mesh_rmc_free(struct ieee80211_sub_if_data *sdata) 177 { 178 struct mesh_rmc *rmc = sdata->u.mesh.rmc; 179 struct rmc_entry *p; 180 struct hlist_node *n; 181 int i; 182 183 if (!sdata->u.mesh.rmc) 184 return; 185 186 for (i = 0; i < RMC_BUCKETS; i++) { 187 hlist_for_each_entry_safe(p, n, &rmc->bucket[i], list) { 188 hlist_del(&p->list); 189 kmem_cache_free(rm_cache, p); 190 } 191 } 192 193 kfree(rmc); 194 sdata->u.mesh.rmc = NULL; 195 } 196 197 /** 198 * mesh_rmc_check - Check frame in recent multicast cache and add if absent. 199 * 200 * @sdata: interface 201 * @sa: source address 202 * @mesh_hdr: mesh_header 203 * 204 * Returns: 0 if the frame is not in the cache, nonzero otherwise. 205 * 206 * Checks using the source address and the mesh sequence number if we have 207 * received this frame lately. If the frame is not in the cache, it is added to 208 * it. 209 */ 210 int mesh_rmc_check(struct ieee80211_sub_if_data *sdata, 211 const u8 *sa, struct ieee80211s_hdr *mesh_hdr) 212 { 213 struct mesh_rmc *rmc = sdata->u.mesh.rmc; 214 u32 seqnum = 0; 215 int entries = 0; 216 u8 idx; 217 struct rmc_entry *p; 218 struct hlist_node *n; 219 220 if (!rmc) 221 return -1; 222 223 /* Don't care about endianness since only match matters */ 224 memcpy(&seqnum, &mesh_hdr->seqnum, sizeof(mesh_hdr->seqnum)); 225 idx = le32_to_cpu(mesh_hdr->seqnum) & rmc->idx_mask; 226 hlist_for_each_entry_safe(p, n, &rmc->bucket[idx], list) { 227 ++entries; 228 if (time_after(jiffies, p->exp_time) || 229 entries == RMC_QUEUE_MAX_LEN) { 230 hlist_del(&p->list); 231 kmem_cache_free(rm_cache, p); 232 --entries; 233 } else if ((seqnum == p->seqnum) && ether_addr_equal(sa, p->sa)) 234 return -1; 235 } 236 237 p = kmem_cache_alloc(rm_cache, GFP_ATOMIC); 238 if (!p) 239 return 0; 240 241 p->seqnum = seqnum; 242 p->exp_time = jiffies + RMC_TIMEOUT; 243 memcpy(p->sa, sa, ETH_ALEN); 244 hlist_add_head(&p->list, &rmc->bucket[idx]); 245 return 0; 246 } 247 248 int mesh_add_meshconf_ie(struct ieee80211_sub_if_data *sdata, 249 struct sk_buff *skb) 250 { 251 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; 252 u8 *pos, neighbors; 253 u8 meshconf_len = sizeof(struct ieee80211_meshconf_ie); 254 bool is_connected_to_gate = ifmsh->num_gates > 0 || 255 ifmsh->mshcfg.dot11MeshGateAnnouncementProtocol || 256 ifmsh->mshcfg.dot11MeshConnectedToMeshGate; 257 258 if (skb_tailroom(skb) < 2 + meshconf_len) 259 return -ENOMEM; 260 261 pos = skb_put(skb, 2 + meshconf_len); 262 *pos++ = WLAN_EID_MESH_CONFIG; 263 *pos++ = meshconf_len; 264 265 /* save a pointer for quick updates in pre-tbtt */ 266 ifmsh->meshconf_offset = pos - skb->data; 267 268 /* Active path selection protocol ID */ 269 *pos++ = ifmsh->mesh_pp_id; 270 /* Active path selection metric ID */ 271 *pos++ = ifmsh->mesh_pm_id; 272 /* Congestion control mode identifier */ 273 *pos++ = ifmsh->mesh_cc_id; 274 /* Synchronization protocol identifier */ 275 *pos++ = ifmsh->mesh_sp_id; 276 /* Authentication Protocol identifier */ 277 *pos++ = ifmsh->mesh_auth_id; 278 /* Mesh Formation Info - number of neighbors */ 279 neighbors = atomic_read(&ifmsh->estab_plinks); 280 neighbors = min_t(int, neighbors, IEEE80211_MAX_MESH_PEERINGS); 281 *pos++ = (neighbors << 1) | is_connected_to_gate; 282 /* Mesh capability */ 283 *pos = 0x00; 284 *pos |= ifmsh->mshcfg.dot11MeshForwarding ? 285 IEEE80211_MESHCONF_CAPAB_FORWARDING : 0x00; 286 *pos |= ifmsh->accepting_plinks ? 287 IEEE80211_MESHCONF_CAPAB_ACCEPT_PLINKS : 0x00; 288 /* Mesh PS mode. See IEEE802.11-2012 8.4.2.100.8 */ 289 *pos |= ifmsh->ps_peers_deep_sleep ? 290 IEEE80211_MESHCONF_CAPAB_POWER_SAVE_LEVEL : 0x00; 291 return 0; 292 } 293 294 int mesh_add_meshid_ie(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb) 295 { 296 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; 297 u8 *pos; 298 299 if (skb_tailroom(skb) < 2 + ifmsh->mesh_id_len) 300 return -ENOMEM; 301 302 pos = skb_put(skb, 2 + ifmsh->mesh_id_len); 303 *pos++ = WLAN_EID_MESH_ID; 304 *pos++ = ifmsh->mesh_id_len; 305 if (ifmsh->mesh_id_len) 306 memcpy(pos, ifmsh->mesh_id, ifmsh->mesh_id_len); 307 308 return 0; 309 } 310 311 static int mesh_add_awake_window_ie(struct ieee80211_sub_if_data *sdata, 312 struct sk_buff *skb) 313 { 314 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; 315 u8 *pos; 316 317 /* see IEEE802.11-2012 13.14.6 */ 318 if (ifmsh->ps_peers_light_sleep == 0 && 319 ifmsh->ps_peers_deep_sleep == 0 && 320 ifmsh->nonpeer_pm == NL80211_MESH_POWER_ACTIVE) 321 return 0; 322 323 if (skb_tailroom(skb) < 4) 324 return -ENOMEM; 325 326 pos = skb_put(skb, 2 + 2); 327 *pos++ = WLAN_EID_MESH_AWAKE_WINDOW; 328 *pos++ = 2; 329 put_unaligned_le16(ifmsh->mshcfg.dot11MeshAwakeWindowDuration, pos); 330 331 return 0; 332 } 333 334 int mesh_add_vendor_ies(struct ieee80211_sub_if_data *sdata, 335 struct sk_buff *skb) 336 { 337 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; 338 u8 offset, len; 339 const u8 *data; 340 341 if (!ifmsh->ie || !ifmsh->ie_len) 342 return 0; 343 344 /* fast-forward to vendor IEs */ 345 offset = ieee80211_ie_split_vendor(ifmsh->ie, ifmsh->ie_len, 0); 346 347 if (offset < ifmsh->ie_len) { 348 len = ifmsh->ie_len - offset; 349 data = ifmsh->ie + offset; 350 if (skb_tailroom(skb) < len) 351 return -ENOMEM; 352 skb_put_data(skb, data, len); 353 } 354 355 return 0; 356 } 357 358 int mesh_add_rsn_ie(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb) 359 { 360 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; 361 u8 len = 0; 362 const u8 *data; 363 364 if (!ifmsh->ie || !ifmsh->ie_len) 365 return 0; 366 367 /* find RSN IE */ 368 data = cfg80211_find_ie(WLAN_EID_RSN, ifmsh->ie, ifmsh->ie_len); 369 if (!data) 370 return 0; 371 372 len = data[1] + 2; 373 374 if (skb_tailroom(skb) < len) 375 return -ENOMEM; 376 skb_put_data(skb, data, len); 377 378 return 0; 379 } 380 381 static int mesh_add_ds_params_ie(struct ieee80211_sub_if_data *sdata, 382 struct sk_buff *skb) 383 { 384 struct ieee80211_chanctx_conf *chanctx_conf; 385 struct ieee80211_channel *chan; 386 u8 *pos; 387 388 if (skb_tailroom(skb) < 3) 389 return -ENOMEM; 390 391 rcu_read_lock(); 392 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 393 if (WARN_ON(!chanctx_conf)) { 394 rcu_read_unlock(); 395 return -EINVAL; 396 } 397 chan = chanctx_conf->def.chan; 398 rcu_read_unlock(); 399 400 pos = skb_put(skb, 2 + 1); 401 *pos++ = WLAN_EID_DS_PARAMS; 402 *pos++ = 1; 403 *pos++ = ieee80211_frequency_to_channel(chan->center_freq); 404 405 return 0; 406 } 407 408 int mesh_add_ht_cap_ie(struct ieee80211_sub_if_data *sdata, 409 struct sk_buff *skb) 410 { 411 struct ieee80211_supported_band *sband; 412 u8 *pos; 413 414 sband = ieee80211_get_sband(sdata); 415 if (!sband) 416 return -EINVAL; 417 418 if (!sband->ht_cap.ht_supported || 419 sdata->vif.bss_conf.chandef.width == NL80211_CHAN_WIDTH_20_NOHT || 420 sdata->vif.bss_conf.chandef.width == NL80211_CHAN_WIDTH_5 || 421 sdata->vif.bss_conf.chandef.width == NL80211_CHAN_WIDTH_10) 422 return 0; 423 424 if (skb_tailroom(skb) < 2 + sizeof(struct ieee80211_ht_cap)) 425 return -ENOMEM; 426 427 pos = skb_put(skb, 2 + sizeof(struct ieee80211_ht_cap)); 428 ieee80211_ie_build_ht_cap(pos, &sband->ht_cap, sband->ht_cap.cap); 429 430 return 0; 431 } 432 433 int mesh_add_ht_oper_ie(struct ieee80211_sub_if_data *sdata, 434 struct sk_buff *skb) 435 { 436 struct ieee80211_local *local = sdata->local; 437 struct ieee80211_chanctx_conf *chanctx_conf; 438 struct ieee80211_channel *channel; 439 struct ieee80211_supported_band *sband; 440 struct ieee80211_sta_ht_cap *ht_cap; 441 u8 *pos; 442 443 rcu_read_lock(); 444 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 445 if (WARN_ON(!chanctx_conf)) { 446 rcu_read_unlock(); 447 return -EINVAL; 448 } 449 channel = chanctx_conf->def.chan; 450 rcu_read_unlock(); 451 452 sband = local->hw.wiphy->bands[channel->band]; 453 ht_cap = &sband->ht_cap; 454 455 if (!ht_cap->ht_supported || 456 sdata->vif.bss_conf.chandef.width == NL80211_CHAN_WIDTH_20_NOHT || 457 sdata->vif.bss_conf.chandef.width == NL80211_CHAN_WIDTH_5 || 458 sdata->vif.bss_conf.chandef.width == NL80211_CHAN_WIDTH_10) 459 return 0; 460 461 if (skb_tailroom(skb) < 2 + sizeof(struct ieee80211_ht_operation)) 462 return -ENOMEM; 463 464 pos = skb_put(skb, 2 + sizeof(struct ieee80211_ht_operation)); 465 ieee80211_ie_build_ht_oper(pos, ht_cap, &sdata->vif.bss_conf.chandef, 466 sdata->vif.bss_conf.ht_operation_mode, 467 false); 468 469 return 0; 470 } 471 472 int mesh_add_vht_cap_ie(struct ieee80211_sub_if_data *sdata, 473 struct sk_buff *skb) 474 { 475 struct ieee80211_supported_band *sband; 476 u8 *pos; 477 478 sband = ieee80211_get_sband(sdata); 479 if (!sband) 480 return -EINVAL; 481 482 if (!sband->vht_cap.vht_supported || 483 sdata->vif.bss_conf.chandef.width == NL80211_CHAN_WIDTH_20_NOHT || 484 sdata->vif.bss_conf.chandef.width == NL80211_CHAN_WIDTH_5 || 485 sdata->vif.bss_conf.chandef.width == NL80211_CHAN_WIDTH_10) 486 return 0; 487 488 if (skb_tailroom(skb) < 2 + sizeof(struct ieee80211_vht_cap)) 489 return -ENOMEM; 490 491 pos = skb_put(skb, 2 + sizeof(struct ieee80211_vht_cap)); 492 ieee80211_ie_build_vht_cap(pos, &sband->vht_cap, sband->vht_cap.cap); 493 494 return 0; 495 } 496 497 int mesh_add_vht_oper_ie(struct ieee80211_sub_if_data *sdata, 498 struct sk_buff *skb) 499 { 500 struct ieee80211_local *local = sdata->local; 501 struct ieee80211_chanctx_conf *chanctx_conf; 502 struct ieee80211_channel *channel; 503 struct ieee80211_supported_band *sband; 504 struct ieee80211_sta_vht_cap *vht_cap; 505 u8 *pos; 506 507 rcu_read_lock(); 508 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 509 if (WARN_ON(!chanctx_conf)) { 510 rcu_read_unlock(); 511 return -EINVAL; 512 } 513 channel = chanctx_conf->def.chan; 514 rcu_read_unlock(); 515 516 sband = local->hw.wiphy->bands[channel->band]; 517 vht_cap = &sband->vht_cap; 518 519 if (!vht_cap->vht_supported || 520 sdata->vif.bss_conf.chandef.width == NL80211_CHAN_WIDTH_20_NOHT || 521 sdata->vif.bss_conf.chandef.width == NL80211_CHAN_WIDTH_5 || 522 sdata->vif.bss_conf.chandef.width == NL80211_CHAN_WIDTH_10) 523 return 0; 524 525 if (skb_tailroom(skb) < 2 + sizeof(struct ieee80211_vht_operation)) 526 return -ENOMEM; 527 528 pos = skb_put(skb, 2 + sizeof(struct ieee80211_vht_operation)); 529 ieee80211_ie_build_vht_oper(pos, vht_cap, 530 &sdata->vif.bss_conf.chandef); 531 532 return 0; 533 } 534 535 int mesh_add_he_cap_ie(struct ieee80211_sub_if_data *sdata, 536 struct sk_buff *skb, u8 ie_len) 537 { 538 const struct ieee80211_sta_he_cap *he_cap; 539 struct ieee80211_supported_band *sband; 540 u8 *pos; 541 542 sband = ieee80211_get_sband(sdata); 543 if (!sband) 544 return -EINVAL; 545 546 he_cap = ieee80211_get_he_iftype_cap(sband, NL80211_IFTYPE_MESH_POINT); 547 548 if (!he_cap || 549 sdata->vif.bss_conf.chandef.width == NL80211_CHAN_WIDTH_20_NOHT || 550 sdata->vif.bss_conf.chandef.width == NL80211_CHAN_WIDTH_5 || 551 sdata->vif.bss_conf.chandef.width == NL80211_CHAN_WIDTH_10) 552 return 0; 553 554 if (skb_tailroom(skb) < ie_len) 555 return -ENOMEM; 556 557 pos = skb_put(skb, ie_len); 558 ieee80211_ie_build_he_cap(pos, he_cap, pos + ie_len); 559 560 return 0; 561 } 562 563 int mesh_add_he_oper_ie(struct ieee80211_sub_if_data *sdata, 564 struct sk_buff *skb) 565 { 566 const struct ieee80211_sta_he_cap *he_cap; 567 struct ieee80211_supported_band *sband; 568 u8 *pos; 569 570 sband = ieee80211_get_sband(sdata); 571 if (!sband) 572 return -EINVAL; 573 574 he_cap = ieee80211_get_he_iftype_cap(sband, NL80211_IFTYPE_MESH_POINT); 575 if (!he_cap || 576 sdata->vif.bss_conf.chandef.width == NL80211_CHAN_WIDTH_20_NOHT || 577 sdata->vif.bss_conf.chandef.width == NL80211_CHAN_WIDTH_5 || 578 sdata->vif.bss_conf.chandef.width == NL80211_CHAN_WIDTH_10) 579 return 0; 580 581 if (skb_tailroom(skb) < 2 + 1 + sizeof(struct ieee80211_he_operation)) 582 return -ENOMEM; 583 584 pos = skb_put(skb, 2 + 1 + sizeof(struct ieee80211_he_operation)); 585 ieee80211_ie_build_he_oper(pos); 586 587 return 0; 588 } 589 590 static void ieee80211_mesh_path_timer(struct timer_list *t) 591 { 592 struct ieee80211_sub_if_data *sdata = 593 from_timer(sdata, t, u.mesh.mesh_path_timer); 594 595 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 596 } 597 598 static void ieee80211_mesh_path_root_timer(struct timer_list *t) 599 { 600 struct ieee80211_sub_if_data *sdata = 601 from_timer(sdata, t, u.mesh.mesh_path_root_timer); 602 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; 603 604 set_bit(MESH_WORK_ROOT, &ifmsh->wrkq_flags); 605 606 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 607 } 608 609 void ieee80211_mesh_root_setup(struct ieee80211_if_mesh *ifmsh) 610 { 611 if (ifmsh->mshcfg.dot11MeshHWMPRootMode > IEEE80211_ROOTMODE_ROOT) 612 set_bit(MESH_WORK_ROOT, &ifmsh->wrkq_flags); 613 else { 614 clear_bit(MESH_WORK_ROOT, &ifmsh->wrkq_flags); 615 /* stop running timer */ 616 del_timer_sync(&ifmsh->mesh_path_root_timer); 617 } 618 } 619 620 /** 621 * ieee80211_fill_mesh_addresses - fill addresses of a locally originated mesh frame 622 * @hdr: 802.11 frame header 623 * @fc: frame control field 624 * @meshda: destination address in the mesh 625 * @meshsa: source address address in the mesh. Same as TA, as frame is 626 * locally originated. 627 * 628 * Return the length of the 802.11 (does not include a mesh control header) 629 */ 630 int ieee80211_fill_mesh_addresses(struct ieee80211_hdr *hdr, __le16 *fc, 631 const u8 *meshda, const u8 *meshsa) 632 { 633 if (is_multicast_ether_addr(meshda)) { 634 *fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS); 635 /* DA TA SA */ 636 memcpy(hdr->addr1, meshda, ETH_ALEN); 637 memcpy(hdr->addr2, meshsa, ETH_ALEN); 638 memcpy(hdr->addr3, meshsa, ETH_ALEN); 639 return 24; 640 } else { 641 *fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS); 642 /* RA TA DA SA */ 643 eth_zero_addr(hdr->addr1); /* RA is resolved later */ 644 memcpy(hdr->addr2, meshsa, ETH_ALEN); 645 memcpy(hdr->addr3, meshda, ETH_ALEN); 646 memcpy(hdr->addr4, meshsa, ETH_ALEN); 647 return 30; 648 } 649 } 650 651 /** 652 * ieee80211_new_mesh_header - create a new mesh header 653 * @sdata: mesh interface to be used 654 * @meshhdr: uninitialized mesh header 655 * @addr4or5: 1st address in the ae header, which may correspond to address 4 656 * (if addr6 is NULL) or address 5 (if addr6 is present). It may 657 * be NULL. 658 * @addr6: 2nd address in the ae header, which corresponds to addr6 of the 659 * mesh frame 660 * 661 * Return the header length. 662 */ 663 unsigned int ieee80211_new_mesh_header(struct ieee80211_sub_if_data *sdata, 664 struct ieee80211s_hdr *meshhdr, 665 const char *addr4or5, const char *addr6) 666 { 667 if (WARN_ON(!addr4or5 && addr6)) 668 return 0; 669 670 memset(meshhdr, 0, sizeof(*meshhdr)); 671 672 meshhdr->ttl = sdata->u.mesh.mshcfg.dot11MeshTTL; 673 674 /* FIXME: racy -- TX on multiple queues can be concurrent */ 675 put_unaligned(cpu_to_le32(sdata->u.mesh.mesh_seqnum), &meshhdr->seqnum); 676 sdata->u.mesh.mesh_seqnum++; 677 678 if (addr4or5 && !addr6) { 679 meshhdr->flags |= MESH_FLAGS_AE_A4; 680 memcpy(meshhdr->eaddr1, addr4or5, ETH_ALEN); 681 return 2 * ETH_ALEN; 682 } else if (addr4or5 && addr6) { 683 meshhdr->flags |= MESH_FLAGS_AE_A5_A6; 684 memcpy(meshhdr->eaddr1, addr4or5, ETH_ALEN); 685 memcpy(meshhdr->eaddr2, addr6, ETH_ALEN); 686 return 3 * ETH_ALEN; 687 } 688 689 return ETH_ALEN; 690 } 691 692 static void ieee80211_mesh_housekeeping(struct ieee80211_sub_if_data *sdata) 693 { 694 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; 695 u32 changed; 696 697 if (ifmsh->mshcfg.plink_timeout > 0) 698 ieee80211_sta_expire(sdata, ifmsh->mshcfg.plink_timeout * HZ); 699 mesh_path_expire(sdata); 700 701 changed = mesh_accept_plinks_update(sdata); 702 ieee80211_mbss_info_change_notify(sdata, changed); 703 704 mod_timer(&ifmsh->housekeeping_timer, 705 round_jiffies(jiffies + 706 IEEE80211_MESH_HOUSEKEEPING_INTERVAL)); 707 } 708 709 static void ieee80211_mesh_rootpath(struct ieee80211_sub_if_data *sdata) 710 { 711 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; 712 u32 interval; 713 714 mesh_path_tx_root_frame(sdata); 715 716 if (ifmsh->mshcfg.dot11MeshHWMPRootMode == IEEE80211_PROACTIVE_RANN) 717 interval = ifmsh->mshcfg.dot11MeshHWMPRannInterval; 718 else 719 interval = ifmsh->mshcfg.dot11MeshHWMProotInterval; 720 721 mod_timer(&ifmsh->mesh_path_root_timer, 722 round_jiffies(TU_TO_EXP_TIME(interval))); 723 } 724 725 static int 726 ieee80211_mesh_build_beacon(struct ieee80211_if_mesh *ifmsh) 727 { 728 struct beacon_data *bcn; 729 int head_len, tail_len; 730 struct sk_buff *skb; 731 struct ieee80211_mgmt *mgmt; 732 struct ieee80211_chanctx_conf *chanctx_conf; 733 struct mesh_csa_settings *csa; 734 enum nl80211_band band; 735 u8 ie_len_he_cap; 736 u8 *pos; 737 struct ieee80211_sub_if_data *sdata; 738 int hdr_len = offsetofend(struct ieee80211_mgmt, u.beacon); 739 740 sdata = container_of(ifmsh, struct ieee80211_sub_if_data, u.mesh); 741 rcu_read_lock(); 742 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 743 band = chanctx_conf->def.chan->band; 744 rcu_read_unlock(); 745 746 ie_len_he_cap = ieee80211_ie_len_he_cap(sdata, 747 NL80211_IFTYPE_MESH_POINT); 748 head_len = hdr_len + 749 2 + /* NULL SSID */ 750 /* Channel Switch Announcement */ 751 2 + sizeof(struct ieee80211_channel_sw_ie) + 752 /* Mesh Channel Switch Parameters */ 753 2 + sizeof(struct ieee80211_mesh_chansw_params_ie) + 754 /* Channel Switch Wrapper + Wide Bandwidth CSA IE */ 755 2 + 2 + sizeof(struct ieee80211_wide_bw_chansw_ie) + 756 2 + sizeof(struct ieee80211_sec_chan_offs_ie) + 757 2 + 8 + /* supported rates */ 758 2 + 3; /* DS params */ 759 tail_len = 2 + (IEEE80211_MAX_SUPP_RATES - 8) + 760 2 + sizeof(struct ieee80211_ht_cap) + 761 2 + sizeof(struct ieee80211_ht_operation) + 762 2 + ifmsh->mesh_id_len + 763 2 + sizeof(struct ieee80211_meshconf_ie) + 764 2 + sizeof(__le16) + /* awake window */ 765 2 + sizeof(struct ieee80211_vht_cap) + 766 2 + sizeof(struct ieee80211_vht_operation) + 767 ie_len_he_cap + 768 2 + 1 + sizeof(struct ieee80211_he_operation) + 769 ifmsh->ie_len; 770 771 bcn = kzalloc(sizeof(*bcn) + head_len + tail_len, GFP_KERNEL); 772 /* need an skb for IE builders to operate on */ 773 skb = dev_alloc_skb(max(head_len, tail_len)); 774 775 if (!bcn || !skb) 776 goto out_free; 777 778 /* 779 * pointers go into the block we allocated, 780 * memory is | beacon_data | head | tail | 781 */ 782 bcn->head = ((u8 *) bcn) + sizeof(*bcn); 783 784 /* fill in the head */ 785 mgmt = skb_put_zero(skb, hdr_len); 786 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 787 IEEE80211_STYPE_BEACON); 788 eth_broadcast_addr(mgmt->da); 789 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 790 memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN); 791 ieee80211_mps_set_frame_flags(sdata, NULL, (void *) mgmt); 792 mgmt->u.beacon.beacon_int = 793 cpu_to_le16(sdata->vif.bss_conf.beacon_int); 794 mgmt->u.beacon.capab_info |= cpu_to_le16( 795 sdata->u.mesh.security ? WLAN_CAPABILITY_PRIVACY : 0); 796 797 pos = skb_put(skb, 2); 798 *pos++ = WLAN_EID_SSID; 799 *pos++ = 0x0; 800 801 rcu_read_lock(); 802 csa = rcu_dereference(ifmsh->csa); 803 if (csa) { 804 enum nl80211_channel_type ct; 805 struct cfg80211_chan_def *chandef; 806 int ie_len = 2 + sizeof(struct ieee80211_channel_sw_ie) + 807 2 + sizeof(struct ieee80211_mesh_chansw_params_ie); 808 809 pos = skb_put_zero(skb, ie_len); 810 *pos++ = WLAN_EID_CHANNEL_SWITCH; 811 *pos++ = 3; 812 *pos++ = 0x0; 813 *pos++ = ieee80211_frequency_to_channel( 814 csa->settings.chandef.chan->center_freq); 815 bcn->csa_current_counter = csa->settings.count; 816 bcn->csa_counter_offsets[0] = hdr_len + 6; 817 *pos++ = csa->settings.count; 818 *pos++ = WLAN_EID_CHAN_SWITCH_PARAM; 819 *pos++ = 6; 820 if (ifmsh->csa_role == IEEE80211_MESH_CSA_ROLE_INIT) { 821 *pos++ = ifmsh->mshcfg.dot11MeshTTL; 822 *pos |= WLAN_EID_CHAN_SWITCH_PARAM_INITIATOR; 823 } else { 824 *pos++ = ifmsh->chsw_ttl; 825 } 826 *pos++ |= csa->settings.block_tx ? 827 WLAN_EID_CHAN_SWITCH_PARAM_TX_RESTRICT : 0x00; 828 put_unaligned_le16(WLAN_REASON_MESH_CHAN, pos); 829 pos += 2; 830 put_unaligned_le16(ifmsh->pre_value, pos); 831 pos += 2; 832 833 switch (csa->settings.chandef.width) { 834 case NL80211_CHAN_WIDTH_40: 835 ie_len = 2 + sizeof(struct ieee80211_sec_chan_offs_ie); 836 pos = skb_put_zero(skb, ie_len); 837 838 *pos++ = WLAN_EID_SECONDARY_CHANNEL_OFFSET; /* EID */ 839 *pos++ = 1; /* len */ 840 ct = cfg80211_get_chandef_type(&csa->settings.chandef); 841 if (ct == NL80211_CHAN_HT40PLUS) 842 *pos++ = IEEE80211_HT_PARAM_CHA_SEC_ABOVE; 843 else 844 *pos++ = IEEE80211_HT_PARAM_CHA_SEC_BELOW; 845 break; 846 case NL80211_CHAN_WIDTH_80: 847 case NL80211_CHAN_WIDTH_80P80: 848 case NL80211_CHAN_WIDTH_160: 849 /* Channel Switch Wrapper + Wide Bandwidth CSA IE */ 850 ie_len = 2 + 2 + 851 sizeof(struct ieee80211_wide_bw_chansw_ie); 852 pos = skb_put_zero(skb, ie_len); 853 854 *pos++ = WLAN_EID_CHANNEL_SWITCH_WRAPPER; /* EID */ 855 *pos++ = 5; /* len */ 856 /* put sub IE */ 857 chandef = &csa->settings.chandef; 858 ieee80211_ie_build_wide_bw_cs(pos, chandef); 859 break; 860 default: 861 break; 862 } 863 } 864 rcu_read_unlock(); 865 866 if (ieee80211_add_srates_ie(sdata, skb, true, band) || 867 mesh_add_ds_params_ie(sdata, skb)) 868 goto out_free; 869 870 bcn->head_len = skb->len; 871 memcpy(bcn->head, skb->data, bcn->head_len); 872 873 /* now the tail */ 874 skb_trim(skb, 0); 875 bcn->tail = bcn->head + bcn->head_len; 876 877 if (ieee80211_add_ext_srates_ie(sdata, skb, true, band) || 878 mesh_add_rsn_ie(sdata, skb) || 879 mesh_add_ht_cap_ie(sdata, skb) || 880 mesh_add_ht_oper_ie(sdata, skb) || 881 mesh_add_meshid_ie(sdata, skb) || 882 mesh_add_meshconf_ie(sdata, skb) || 883 mesh_add_awake_window_ie(sdata, skb) || 884 mesh_add_vht_cap_ie(sdata, skb) || 885 mesh_add_vht_oper_ie(sdata, skb) || 886 mesh_add_he_cap_ie(sdata, skb, ie_len_he_cap) || 887 mesh_add_he_oper_ie(sdata, skb) || 888 mesh_add_vendor_ies(sdata, skb)) 889 goto out_free; 890 891 bcn->tail_len = skb->len; 892 memcpy(bcn->tail, skb->data, bcn->tail_len); 893 bcn->meshconf = (struct ieee80211_meshconf_ie *) 894 (bcn->tail + ifmsh->meshconf_offset); 895 896 dev_kfree_skb(skb); 897 rcu_assign_pointer(ifmsh->beacon, bcn); 898 return 0; 899 out_free: 900 kfree(bcn); 901 dev_kfree_skb(skb); 902 return -ENOMEM; 903 } 904 905 static int 906 ieee80211_mesh_rebuild_beacon(struct ieee80211_sub_if_data *sdata) 907 { 908 struct beacon_data *old_bcn; 909 int ret; 910 911 old_bcn = rcu_dereference_protected(sdata->u.mesh.beacon, 912 lockdep_is_held(&sdata->wdev.mtx)); 913 ret = ieee80211_mesh_build_beacon(&sdata->u.mesh); 914 if (ret) 915 /* just reuse old beacon */ 916 return ret; 917 918 if (old_bcn) 919 kfree_rcu(old_bcn, rcu_head); 920 return 0; 921 } 922 923 void ieee80211_mbss_info_change_notify(struct ieee80211_sub_if_data *sdata, 924 u32 changed) 925 { 926 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; 927 unsigned long bits = changed; 928 u32 bit; 929 930 if (!bits) 931 return; 932 933 /* if we race with running work, worst case this work becomes a noop */ 934 for_each_set_bit(bit, &bits, sizeof(changed) * BITS_PER_BYTE) 935 set_bit(bit, &ifmsh->mbss_changed); 936 set_bit(MESH_WORK_MBSS_CHANGED, &ifmsh->wrkq_flags); 937 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 938 } 939 940 int ieee80211_start_mesh(struct ieee80211_sub_if_data *sdata) 941 { 942 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; 943 struct ieee80211_local *local = sdata->local; 944 u32 changed = BSS_CHANGED_BEACON | 945 BSS_CHANGED_BEACON_ENABLED | 946 BSS_CHANGED_HT | 947 BSS_CHANGED_BASIC_RATES | 948 BSS_CHANGED_BEACON_INT | 949 BSS_CHANGED_MCAST_RATE; 950 951 local->fif_other_bss++; 952 /* mesh ifaces must set allmulti to forward mcast traffic */ 953 atomic_inc(&local->iff_allmultis); 954 ieee80211_configure_filter(local); 955 956 ifmsh->mesh_cc_id = 0; /* Disabled */ 957 /* register sync ops from extensible synchronization framework */ 958 ifmsh->sync_ops = ieee80211_mesh_sync_ops_get(ifmsh->mesh_sp_id); 959 ifmsh->sync_offset_clockdrift_max = 0; 960 set_bit(MESH_WORK_HOUSEKEEPING, &ifmsh->wrkq_flags); 961 ieee80211_mesh_root_setup(ifmsh); 962 ieee80211_queue_work(&local->hw, &sdata->work); 963 sdata->vif.bss_conf.ht_operation_mode = 964 ifmsh->mshcfg.ht_opmode; 965 sdata->vif.bss_conf.enable_beacon = true; 966 967 changed |= ieee80211_mps_local_status_update(sdata); 968 969 if (ieee80211_mesh_build_beacon(ifmsh)) { 970 ieee80211_stop_mesh(sdata); 971 return -ENOMEM; 972 } 973 974 ieee80211_recalc_dtim(local, sdata); 975 ieee80211_bss_info_change_notify(sdata, changed); 976 977 netif_carrier_on(sdata->dev); 978 return 0; 979 } 980 981 void ieee80211_stop_mesh(struct ieee80211_sub_if_data *sdata) 982 { 983 struct ieee80211_local *local = sdata->local; 984 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; 985 struct beacon_data *bcn; 986 987 netif_carrier_off(sdata->dev); 988 989 /* flush STAs and mpaths on this iface */ 990 sta_info_flush(sdata); 991 ieee80211_free_keys(sdata, true); 992 mesh_path_flush_by_iface(sdata); 993 994 /* stop the beacon */ 995 ifmsh->mesh_id_len = 0; 996 sdata->vif.bss_conf.enable_beacon = false; 997 clear_bit(SDATA_STATE_OFFCHANNEL_BEACON_STOPPED, &sdata->state); 998 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON_ENABLED); 999 1000 /* remove beacon */ 1001 bcn = rcu_dereference_protected(ifmsh->beacon, 1002 lockdep_is_held(&sdata->wdev.mtx)); 1003 RCU_INIT_POINTER(ifmsh->beacon, NULL); 1004 kfree_rcu(bcn, rcu_head); 1005 1006 /* free all potentially still buffered group-addressed frames */ 1007 local->total_ps_buffered -= skb_queue_len(&ifmsh->ps.bc_buf); 1008 skb_queue_purge(&ifmsh->ps.bc_buf); 1009 1010 del_timer_sync(&sdata->u.mesh.housekeeping_timer); 1011 del_timer_sync(&sdata->u.mesh.mesh_path_root_timer); 1012 del_timer_sync(&sdata->u.mesh.mesh_path_timer); 1013 1014 /* clear any mesh work (for next join) we may have accrued */ 1015 ifmsh->wrkq_flags = 0; 1016 ifmsh->mbss_changed = 0; 1017 1018 local->fif_other_bss--; 1019 atomic_dec(&local->iff_allmultis); 1020 ieee80211_configure_filter(local); 1021 } 1022 1023 static void ieee80211_mesh_csa_mark_radar(struct ieee80211_sub_if_data *sdata) 1024 { 1025 int err; 1026 1027 /* if the current channel is a DFS channel, mark the channel as 1028 * unavailable. 1029 */ 1030 err = cfg80211_chandef_dfs_required(sdata->local->hw.wiphy, 1031 &sdata->vif.bss_conf.chandef, 1032 NL80211_IFTYPE_MESH_POINT); 1033 if (err > 0) 1034 cfg80211_radar_event(sdata->local->hw.wiphy, 1035 &sdata->vif.bss_conf.chandef, GFP_ATOMIC); 1036 } 1037 1038 static bool 1039 ieee80211_mesh_process_chnswitch(struct ieee80211_sub_if_data *sdata, 1040 struct ieee802_11_elems *elems, bool beacon) 1041 { 1042 struct cfg80211_csa_settings params; 1043 struct ieee80211_csa_ie csa_ie; 1044 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; 1045 struct ieee80211_supported_band *sband; 1046 int err; 1047 u32 sta_flags; 1048 1049 sdata_assert_lock(sdata); 1050 1051 sband = ieee80211_get_sband(sdata); 1052 if (!sband) 1053 return false; 1054 1055 sta_flags = 0; 1056 switch (sdata->vif.bss_conf.chandef.width) { 1057 case NL80211_CHAN_WIDTH_20_NOHT: 1058 sta_flags |= IEEE80211_STA_DISABLE_HT; 1059 /* fall through */ 1060 case NL80211_CHAN_WIDTH_20: 1061 sta_flags |= IEEE80211_STA_DISABLE_40MHZ; 1062 /* fall through */ 1063 case NL80211_CHAN_WIDTH_40: 1064 sta_flags |= IEEE80211_STA_DISABLE_VHT; 1065 break; 1066 default: 1067 break; 1068 } 1069 1070 memset(¶ms, 0, sizeof(params)); 1071 err = ieee80211_parse_ch_switch_ie(sdata, elems, sband->band, 1072 sta_flags, sdata->vif.addr, 1073 &csa_ie); 1074 if (err < 0) 1075 return false; 1076 if (err) 1077 return false; 1078 1079 /* Mark the channel unavailable if the reason for the switch is 1080 * regulatory. 1081 */ 1082 if (csa_ie.reason_code == WLAN_REASON_MESH_CHAN_REGULATORY) 1083 ieee80211_mesh_csa_mark_radar(sdata); 1084 1085 params.chandef = csa_ie.chandef; 1086 params.count = csa_ie.count; 1087 1088 if (!cfg80211_chandef_usable(sdata->local->hw.wiphy, ¶ms.chandef, 1089 IEEE80211_CHAN_DISABLED) || 1090 !cfg80211_reg_can_beacon(sdata->local->hw.wiphy, ¶ms.chandef, 1091 NL80211_IFTYPE_MESH_POINT)) { 1092 sdata_info(sdata, 1093 "mesh STA %pM switches to unsupported channel (%d MHz, width:%d, CF1/2: %d/%d MHz), aborting\n", 1094 sdata->vif.addr, 1095 params.chandef.chan->center_freq, 1096 params.chandef.width, 1097 params.chandef.center_freq1, 1098 params.chandef.center_freq2); 1099 return false; 1100 } 1101 1102 err = cfg80211_chandef_dfs_required(sdata->local->hw.wiphy, 1103 ¶ms.chandef, 1104 NL80211_IFTYPE_MESH_POINT); 1105 if (err < 0) 1106 return false; 1107 if (err > 0 && !ifmsh->userspace_handles_dfs) { 1108 sdata_info(sdata, 1109 "mesh STA %pM switches to channel requiring DFS (%d MHz, width:%d, CF1/2: %d/%d MHz), aborting\n", 1110 sdata->vif.addr, 1111 params.chandef.chan->center_freq, 1112 params.chandef.width, 1113 params.chandef.center_freq1, 1114 params.chandef.center_freq2); 1115 return false; 1116 } 1117 1118 params.radar_required = err; 1119 1120 if (cfg80211_chandef_identical(¶ms.chandef, 1121 &sdata->vif.bss_conf.chandef)) { 1122 mcsa_dbg(sdata, 1123 "received csa with an identical chandef, ignoring\n"); 1124 return true; 1125 } 1126 1127 mcsa_dbg(sdata, 1128 "received channel switch announcement to go to channel %d MHz\n", 1129 params.chandef.chan->center_freq); 1130 1131 params.block_tx = csa_ie.mode & WLAN_EID_CHAN_SWITCH_PARAM_TX_RESTRICT; 1132 if (beacon) { 1133 ifmsh->chsw_ttl = csa_ie.ttl - 1; 1134 if (ifmsh->pre_value >= csa_ie.pre_value) 1135 return false; 1136 ifmsh->pre_value = csa_ie.pre_value; 1137 } 1138 1139 if (ifmsh->chsw_ttl >= ifmsh->mshcfg.dot11MeshTTL) 1140 return false; 1141 1142 ifmsh->csa_role = IEEE80211_MESH_CSA_ROLE_REPEATER; 1143 1144 if (ieee80211_channel_switch(sdata->local->hw.wiphy, sdata->dev, 1145 ¶ms) < 0) 1146 return false; 1147 1148 return true; 1149 } 1150 1151 static void 1152 ieee80211_mesh_rx_probe_req(struct ieee80211_sub_if_data *sdata, 1153 struct ieee80211_mgmt *mgmt, size_t len) 1154 { 1155 struct ieee80211_local *local = sdata->local; 1156 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; 1157 struct sk_buff *presp; 1158 struct beacon_data *bcn; 1159 struct ieee80211_mgmt *hdr; 1160 struct ieee802_11_elems elems; 1161 size_t baselen; 1162 u8 *pos; 1163 1164 pos = mgmt->u.probe_req.variable; 1165 baselen = (u8 *) pos - (u8 *) mgmt; 1166 if (baselen > len) 1167 return; 1168 1169 ieee802_11_parse_elems(pos, len - baselen, false, &elems, mgmt->bssid, 1170 NULL); 1171 1172 if (!elems.mesh_id) 1173 return; 1174 1175 /* 802.11-2012 10.1.4.3.2 */ 1176 if ((!ether_addr_equal(mgmt->da, sdata->vif.addr) && 1177 !is_broadcast_ether_addr(mgmt->da)) || 1178 elems.ssid_len != 0) 1179 return; 1180 1181 if (elems.mesh_id_len != 0 && 1182 (elems.mesh_id_len != ifmsh->mesh_id_len || 1183 memcmp(elems.mesh_id, ifmsh->mesh_id, ifmsh->mesh_id_len))) 1184 return; 1185 1186 rcu_read_lock(); 1187 bcn = rcu_dereference(ifmsh->beacon); 1188 1189 if (!bcn) 1190 goto out; 1191 1192 presp = dev_alloc_skb(local->tx_headroom + 1193 bcn->head_len + bcn->tail_len); 1194 if (!presp) 1195 goto out; 1196 1197 skb_reserve(presp, local->tx_headroom); 1198 skb_put_data(presp, bcn->head, bcn->head_len); 1199 skb_put_data(presp, bcn->tail, bcn->tail_len); 1200 hdr = (struct ieee80211_mgmt *) presp->data; 1201 hdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 1202 IEEE80211_STYPE_PROBE_RESP); 1203 memcpy(hdr->da, mgmt->sa, ETH_ALEN); 1204 IEEE80211_SKB_CB(presp)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 1205 ieee80211_tx_skb(sdata, presp); 1206 out: 1207 rcu_read_unlock(); 1208 } 1209 1210 static void ieee80211_mesh_rx_bcn_presp(struct ieee80211_sub_if_data *sdata, 1211 u16 stype, 1212 struct ieee80211_mgmt *mgmt, 1213 size_t len, 1214 struct ieee80211_rx_status *rx_status) 1215 { 1216 struct ieee80211_local *local = sdata->local; 1217 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; 1218 struct ieee802_11_elems elems; 1219 struct ieee80211_channel *channel; 1220 size_t baselen; 1221 int freq; 1222 enum nl80211_band band = rx_status->band; 1223 1224 /* ignore ProbeResp to foreign address */ 1225 if (stype == IEEE80211_STYPE_PROBE_RESP && 1226 !ether_addr_equal(mgmt->da, sdata->vif.addr)) 1227 return; 1228 1229 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt; 1230 if (baselen > len) 1231 return; 1232 1233 ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen, 1234 false, &elems, mgmt->bssid, NULL); 1235 1236 /* ignore non-mesh or secure / unsecure mismatch */ 1237 if ((!elems.mesh_id || !elems.mesh_config) || 1238 (elems.rsn && sdata->u.mesh.security == IEEE80211_MESH_SEC_NONE) || 1239 (!elems.rsn && sdata->u.mesh.security != IEEE80211_MESH_SEC_NONE)) 1240 return; 1241 1242 if (elems.ds_params) 1243 freq = ieee80211_channel_to_frequency(elems.ds_params[0], band); 1244 else 1245 freq = rx_status->freq; 1246 1247 channel = ieee80211_get_channel(local->hw.wiphy, freq); 1248 1249 if (!channel || channel->flags & IEEE80211_CHAN_DISABLED) 1250 return; 1251 1252 if (mesh_matches_local(sdata, &elems)) { 1253 mpl_dbg(sdata, "rssi_threshold=%d,rx_status->signal=%d\n", 1254 sdata->u.mesh.mshcfg.rssi_threshold, rx_status->signal); 1255 if (!sdata->u.mesh.user_mpm || 1256 sdata->u.mesh.mshcfg.rssi_threshold == 0 || 1257 sdata->u.mesh.mshcfg.rssi_threshold < rx_status->signal) 1258 mesh_neighbour_update(sdata, mgmt->sa, &elems, 1259 rx_status); 1260 1261 if (ifmsh->csa_role != IEEE80211_MESH_CSA_ROLE_INIT && 1262 !sdata->vif.csa_active) 1263 ieee80211_mesh_process_chnswitch(sdata, &elems, true); 1264 } 1265 1266 if (ifmsh->sync_ops) 1267 ifmsh->sync_ops->rx_bcn_presp(sdata, 1268 stype, mgmt, &elems, rx_status); 1269 } 1270 1271 int ieee80211_mesh_finish_csa(struct ieee80211_sub_if_data *sdata) 1272 { 1273 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; 1274 struct mesh_csa_settings *tmp_csa_settings; 1275 int ret = 0; 1276 int changed = 0; 1277 1278 /* Reset the TTL value and Initiator flag */ 1279 ifmsh->csa_role = IEEE80211_MESH_CSA_ROLE_NONE; 1280 ifmsh->chsw_ttl = 0; 1281 1282 /* Remove the CSA and MCSP elements from the beacon */ 1283 tmp_csa_settings = rcu_dereference_protected(ifmsh->csa, 1284 lockdep_is_held(&sdata->wdev.mtx)); 1285 RCU_INIT_POINTER(ifmsh->csa, NULL); 1286 if (tmp_csa_settings) 1287 kfree_rcu(tmp_csa_settings, rcu_head); 1288 ret = ieee80211_mesh_rebuild_beacon(sdata); 1289 if (ret) 1290 return -EINVAL; 1291 1292 changed |= BSS_CHANGED_BEACON; 1293 1294 mcsa_dbg(sdata, "complete switching to center freq %d MHz", 1295 sdata->vif.bss_conf.chandef.chan->center_freq); 1296 return changed; 1297 } 1298 1299 int ieee80211_mesh_csa_beacon(struct ieee80211_sub_if_data *sdata, 1300 struct cfg80211_csa_settings *csa_settings) 1301 { 1302 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; 1303 struct mesh_csa_settings *tmp_csa_settings; 1304 int ret = 0; 1305 1306 lockdep_assert_held(&sdata->wdev.mtx); 1307 1308 tmp_csa_settings = kmalloc(sizeof(*tmp_csa_settings), 1309 GFP_ATOMIC); 1310 if (!tmp_csa_settings) 1311 return -ENOMEM; 1312 1313 memcpy(&tmp_csa_settings->settings, csa_settings, 1314 sizeof(struct cfg80211_csa_settings)); 1315 1316 rcu_assign_pointer(ifmsh->csa, tmp_csa_settings); 1317 1318 ret = ieee80211_mesh_rebuild_beacon(sdata); 1319 if (ret) { 1320 tmp_csa_settings = rcu_dereference(ifmsh->csa); 1321 RCU_INIT_POINTER(ifmsh->csa, NULL); 1322 kfree_rcu(tmp_csa_settings, rcu_head); 1323 return ret; 1324 } 1325 1326 return BSS_CHANGED_BEACON; 1327 } 1328 1329 static int mesh_fwd_csa_frame(struct ieee80211_sub_if_data *sdata, 1330 struct ieee80211_mgmt *mgmt, size_t len, 1331 struct ieee802_11_elems *elems) 1332 { 1333 struct ieee80211_mgmt *mgmt_fwd; 1334 struct sk_buff *skb; 1335 struct ieee80211_local *local = sdata->local; 1336 1337 skb = dev_alloc_skb(local->tx_headroom + len); 1338 if (!skb) 1339 return -ENOMEM; 1340 skb_reserve(skb, local->tx_headroom); 1341 mgmt_fwd = skb_put(skb, len); 1342 1343 elems->mesh_chansw_params_ie->mesh_ttl--; 1344 elems->mesh_chansw_params_ie->mesh_flags &= 1345 ~WLAN_EID_CHAN_SWITCH_PARAM_INITIATOR; 1346 1347 memcpy(mgmt_fwd, mgmt, len); 1348 eth_broadcast_addr(mgmt_fwd->da); 1349 memcpy(mgmt_fwd->sa, sdata->vif.addr, ETH_ALEN); 1350 memcpy(mgmt_fwd->bssid, sdata->vif.addr, ETH_ALEN); 1351 1352 ieee80211_tx_skb(sdata, skb); 1353 return 0; 1354 } 1355 1356 static void mesh_rx_csa_frame(struct ieee80211_sub_if_data *sdata, 1357 struct ieee80211_mgmt *mgmt, size_t len) 1358 { 1359 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; 1360 struct ieee802_11_elems elems; 1361 u16 pre_value; 1362 bool fwd_csa = true; 1363 size_t baselen; 1364 u8 *pos; 1365 1366 if (mgmt->u.action.u.measurement.action_code != 1367 WLAN_ACTION_SPCT_CHL_SWITCH) 1368 return; 1369 1370 pos = mgmt->u.action.u.chan_switch.variable; 1371 baselen = offsetof(struct ieee80211_mgmt, 1372 u.action.u.chan_switch.variable); 1373 ieee802_11_parse_elems(pos, len - baselen, true, &elems, 1374 mgmt->bssid, NULL); 1375 1376 if (!mesh_matches_local(sdata, &elems)) 1377 return; 1378 1379 ifmsh->chsw_ttl = elems.mesh_chansw_params_ie->mesh_ttl; 1380 if (!--ifmsh->chsw_ttl) 1381 fwd_csa = false; 1382 1383 pre_value = le16_to_cpu(elems.mesh_chansw_params_ie->mesh_pre_value); 1384 if (ifmsh->pre_value >= pre_value) 1385 return; 1386 1387 ifmsh->pre_value = pre_value; 1388 1389 if (!sdata->vif.csa_active && 1390 !ieee80211_mesh_process_chnswitch(sdata, &elems, false)) { 1391 mcsa_dbg(sdata, "Failed to process CSA action frame"); 1392 return; 1393 } 1394 1395 /* forward or re-broadcast the CSA frame */ 1396 if (fwd_csa) { 1397 if (mesh_fwd_csa_frame(sdata, mgmt, len, &elems) < 0) 1398 mcsa_dbg(sdata, "Failed to forward the CSA frame"); 1399 } 1400 } 1401 1402 static void ieee80211_mesh_rx_mgmt_action(struct ieee80211_sub_if_data *sdata, 1403 struct ieee80211_mgmt *mgmt, 1404 size_t len, 1405 struct ieee80211_rx_status *rx_status) 1406 { 1407 switch (mgmt->u.action.category) { 1408 case WLAN_CATEGORY_SELF_PROTECTED: 1409 switch (mgmt->u.action.u.self_prot.action_code) { 1410 case WLAN_SP_MESH_PEERING_OPEN: 1411 case WLAN_SP_MESH_PEERING_CLOSE: 1412 case WLAN_SP_MESH_PEERING_CONFIRM: 1413 mesh_rx_plink_frame(sdata, mgmt, len, rx_status); 1414 break; 1415 } 1416 break; 1417 case WLAN_CATEGORY_MESH_ACTION: 1418 if (mesh_action_is_path_sel(mgmt)) 1419 mesh_rx_path_sel_frame(sdata, mgmt, len); 1420 break; 1421 case WLAN_CATEGORY_SPECTRUM_MGMT: 1422 mesh_rx_csa_frame(sdata, mgmt, len); 1423 break; 1424 } 1425 } 1426 1427 void ieee80211_mesh_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata, 1428 struct sk_buff *skb) 1429 { 1430 struct ieee80211_rx_status *rx_status; 1431 struct ieee80211_mgmt *mgmt; 1432 u16 stype; 1433 1434 sdata_lock(sdata); 1435 1436 /* mesh already went down */ 1437 if (!sdata->u.mesh.mesh_id_len) 1438 goto out; 1439 1440 rx_status = IEEE80211_SKB_RXCB(skb); 1441 mgmt = (struct ieee80211_mgmt *) skb->data; 1442 stype = le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE; 1443 1444 switch (stype) { 1445 case IEEE80211_STYPE_PROBE_RESP: 1446 case IEEE80211_STYPE_BEACON: 1447 ieee80211_mesh_rx_bcn_presp(sdata, stype, mgmt, skb->len, 1448 rx_status); 1449 break; 1450 case IEEE80211_STYPE_PROBE_REQ: 1451 ieee80211_mesh_rx_probe_req(sdata, mgmt, skb->len); 1452 break; 1453 case IEEE80211_STYPE_ACTION: 1454 ieee80211_mesh_rx_mgmt_action(sdata, mgmt, skb->len, rx_status); 1455 break; 1456 } 1457 out: 1458 sdata_unlock(sdata); 1459 } 1460 1461 static void mesh_bss_info_changed(struct ieee80211_sub_if_data *sdata) 1462 { 1463 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; 1464 u32 bit, changed = 0; 1465 1466 for_each_set_bit(bit, &ifmsh->mbss_changed, 1467 sizeof(changed) * BITS_PER_BYTE) { 1468 clear_bit(bit, &ifmsh->mbss_changed); 1469 changed |= BIT(bit); 1470 } 1471 1472 if (sdata->vif.bss_conf.enable_beacon && 1473 (changed & (BSS_CHANGED_BEACON | 1474 BSS_CHANGED_HT | 1475 BSS_CHANGED_BASIC_RATES | 1476 BSS_CHANGED_BEACON_INT))) 1477 if (ieee80211_mesh_rebuild_beacon(sdata)) 1478 return; 1479 1480 ieee80211_bss_info_change_notify(sdata, changed); 1481 } 1482 1483 void ieee80211_mesh_work(struct ieee80211_sub_if_data *sdata) 1484 { 1485 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; 1486 1487 sdata_lock(sdata); 1488 1489 /* mesh already went down */ 1490 if (!sdata->u.mesh.mesh_id_len) 1491 goto out; 1492 1493 if (ifmsh->preq_queue_len && 1494 time_after(jiffies, 1495 ifmsh->last_preq + msecs_to_jiffies(ifmsh->mshcfg.dot11MeshHWMPpreqMinInterval))) 1496 mesh_path_start_discovery(sdata); 1497 1498 if (test_and_clear_bit(MESH_WORK_HOUSEKEEPING, &ifmsh->wrkq_flags)) 1499 ieee80211_mesh_housekeeping(sdata); 1500 1501 if (test_and_clear_bit(MESH_WORK_ROOT, &ifmsh->wrkq_flags)) 1502 ieee80211_mesh_rootpath(sdata); 1503 1504 if (test_and_clear_bit(MESH_WORK_DRIFT_ADJUST, &ifmsh->wrkq_flags)) 1505 mesh_sync_adjust_tsf(sdata); 1506 1507 if (test_and_clear_bit(MESH_WORK_MBSS_CHANGED, &ifmsh->wrkq_flags)) 1508 mesh_bss_info_changed(sdata); 1509 out: 1510 sdata_unlock(sdata); 1511 } 1512 1513 1514 void ieee80211_mesh_init_sdata(struct ieee80211_sub_if_data *sdata) 1515 { 1516 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; 1517 static u8 zero_addr[ETH_ALEN] = {}; 1518 1519 timer_setup(&ifmsh->housekeeping_timer, 1520 ieee80211_mesh_housekeeping_timer, 0); 1521 1522 ifmsh->accepting_plinks = true; 1523 atomic_set(&ifmsh->mpaths, 0); 1524 mesh_rmc_init(sdata); 1525 ifmsh->last_preq = jiffies; 1526 ifmsh->next_perr = jiffies; 1527 ifmsh->csa_role = IEEE80211_MESH_CSA_ROLE_NONE; 1528 /* Allocate all mesh structures when creating the first mesh interface. */ 1529 if (!mesh_allocated) 1530 ieee80211s_init(); 1531 1532 mesh_pathtbl_init(sdata); 1533 1534 timer_setup(&ifmsh->mesh_path_timer, ieee80211_mesh_path_timer, 0); 1535 timer_setup(&ifmsh->mesh_path_root_timer, 1536 ieee80211_mesh_path_root_timer, 0); 1537 INIT_LIST_HEAD(&ifmsh->preq_queue.list); 1538 skb_queue_head_init(&ifmsh->ps.bc_buf); 1539 spin_lock_init(&ifmsh->mesh_preq_queue_lock); 1540 spin_lock_init(&ifmsh->sync_offset_lock); 1541 RCU_INIT_POINTER(ifmsh->beacon, NULL); 1542 1543 sdata->vif.bss_conf.bssid = zero_addr; 1544 } 1545 1546 void ieee80211_mesh_teardown_sdata(struct ieee80211_sub_if_data *sdata) 1547 { 1548 mesh_rmc_free(sdata); 1549 mesh_pathtbl_unregister(sdata); 1550 } 1551