1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (c) 2008, 2009 open80211s Ltd. 4 * Copyright (C) 2019 Intel Corporation 5 * Author: Luis Carlos Cobo <luisca@cozybit.com> 6 */ 7 #include <linux/gfp.h> 8 #include <linux/kernel.h> 9 #include <linux/random.h> 10 #include <linux/rculist.h> 11 12 #include "ieee80211_i.h" 13 #include "rate.h" 14 #include "mesh.h" 15 16 #define PLINK_CNF_AID(mgmt) ((mgmt)->u.action.u.self_prot.variable + 2) 17 #define PLINK_GET_LLID(p) (p + 2) 18 #define PLINK_GET_PLID(p) (p + 4) 19 20 #define mod_plink_timer(s, t) (mod_timer(&s->mesh->plink_timer, \ 21 jiffies + msecs_to_jiffies(t))) 22 23 enum plink_event { 24 PLINK_UNDEFINED, 25 OPN_ACPT, 26 OPN_RJCT, 27 OPN_IGNR, 28 CNF_ACPT, 29 CNF_RJCT, 30 CNF_IGNR, 31 CLS_ACPT, 32 CLS_IGNR 33 }; 34 35 static const char * const mplstates[] = { 36 [NL80211_PLINK_LISTEN] = "LISTEN", 37 [NL80211_PLINK_OPN_SNT] = "OPN-SNT", 38 [NL80211_PLINK_OPN_RCVD] = "OPN-RCVD", 39 [NL80211_PLINK_CNF_RCVD] = "CNF_RCVD", 40 [NL80211_PLINK_ESTAB] = "ESTAB", 41 [NL80211_PLINK_HOLDING] = "HOLDING", 42 [NL80211_PLINK_BLOCKED] = "BLOCKED" 43 }; 44 45 static const char * const mplevents[] = { 46 [PLINK_UNDEFINED] = "NONE", 47 [OPN_ACPT] = "OPN_ACPT", 48 [OPN_RJCT] = "OPN_RJCT", 49 [OPN_IGNR] = "OPN_IGNR", 50 [CNF_ACPT] = "CNF_ACPT", 51 [CNF_RJCT] = "CNF_RJCT", 52 [CNF_IGNR] = "CNF_IGNR", 53 [CLS_ACPT] = "CLS_ACPT", 54 [CLS_IGNR] = "CLS_IGNR" 55 }; 56 57 /* We only need a valid sta if user configured a minimum rssi_threshold. */ 58 static bool rssi_threshold_check(struct ieee80211_sub_if_data *sdata, 59 struct sta_info *sta) 60 { 61 s32 rssi_threshold = sdata->u.mesh.mshcfg.rssi_threshold; 62 return rssi_threshold == 0 || 63 (sta && 64 (s8)-ewma_signal_read(&sta->rx_stats_avg.signal) > 65 rssi_threshold); 66 } 67 68 /** 69 * mesh_plink_fsm_restart - restart a mesh peer link finite state machine 70 * 71 * @sta: mesh peer link to restart 72 * 73 * Locking: this function must be called holding sta->mesh->plink_lock 74 */ 75 static inline void mesh_plink_fsm_restart(struct sta_info *sta) 76 { 77 lockdep_assert_held(&sta->mesh->plink_lock); 78 sta->mesh->plink_state = NL80211_PLINK_LISTEN; 79 sta->mesh->llid = sta->mesh->plid = sta->mesh->reason = 0; 80 sta->mesh->plink_retries = 0; 81 } 82 83 /* 84 * mesh_set_short_slot_time - enable / disable ERP short slot time. 85 * 86 * The standard indirectly mandates mesh STAs to turn off short slot time by 87 * disallowing advertising this (802.11-2012 8.4.1.4), but that doesn't mean we 88 * can't be sneaky about it. Enable short slot time if all mesh STAs in the 89 * MBSS support ERP rates. 90 * 91 * Returns BSS_CHANGED_ERP_SLOT or 0 for no change. 92 */ 93 static u32 mesh_set_short_slot_time(struct ieee80211_sub_if_data *sdata) 94 { 95 struct ieee80211_local *local = sdata->local; 96 struct ieee80211_supported_band *sband; 97 struct sta_info *sta; 98 u32 erp_rates = 0, changed = 0; 99 int i; 100 bool short_slot = false; 101 102 sband = ieee80211_get_sband(sdata); 103 if (!sband) 104 return changed; 105 106 if (sband->band == NL80211_BAND_5GHZ) { 107 /* (IEEE 802.11-2012 19.4.5) */ 108 short_slot = true; 109 goto out; 110 } else if (sband->band != NL80211_BAND_2GHZ) { 111 goto out; 112 } 113 114 for (i = 0; i < sband->n_bitrates; i++) 115 if (sband->bitrates[i].flags & IEEE80211_RATE_ERP_G) 116 erp_rates |= BIT(i); 117 118 if (!erp_rates) 119 goto out; 120 121 rcu_read_lock(); 122 list_for_each_entry_rcu(sta, &local->sta_list, list) { 123 if (sdata != sta->sdata || 124 sta->mesh->plink_state != NL80211_PLINK_ESTAB) 125 continue; 126 127 short_slot = false; 128 if (erp_rates & sta->sta.supp_rates[sband->band]) 129 short_slot = true; 130 else 131 break; 132 } 133 rcu_read_unlock(); 134 135 out: 136 if (sdata->vif.bss_conf.use_short_slot != short_slot) { 137 sdata->vif.bss_conf.use_short_slot = short_slot; 138 changed = BSS_CHANGED_ERP_SLOT; 139 mpl_dbg(sdata, "mesh_plink %pM: ERP short slot time %d\n", 140 sdata->vif.addr, short_slot); 141 } 142 return changed; 143 } 144 145 /** 146 * mesh_set_ht_prot_mode - set correct HT protection mode 147 * 148 * Section 9.23.3.5 of IEEE 80211-2012 describes the protection rules for HT 149 * mesh STA in a MBSS. Three HT protection modes are supported for now, non-HT 150 * mixed mode, 20MHz-protection and no-protection mode. non-HT mixed mode is 151 * selected if any non-HT peers are present in our MBSS. 20MHz-protection mode 152 * is selected if all peers in our 20/40MHz MBSS support HT and atleast one 153 * HT20 peer is present. Otherwise no-protection mode is selected. 154 */ 155 static u32 mesh_set_ht_prot_mode(struct ieee80211_sub_if_data *sdata) 156 { 157 struct ieee80211_local *local = sdata->local; 158 struct sta_info *sta; 159 u16 ht_opmode; 160 bool non_ht_sta = false, ht20_sta = false; 161 162 switch (sdata->vif.bss_conf.chandef.width) { 163 case NL80211_CHAN_WIDTH_20_NOHT: 164 case NL80211_CHAN_WIDTH_5: 165 case NL80211_CHAN_WIDTH_10: 166 return 0; 167 default: 168 break; 169 } 170 171 rcu_read_lock(); 172 list_for_each_entry_rcu(sta, &local->sta_list, list) { 173 if (sdata != sta->sdata || 174 sta->mesh->plink_state != NL80211_PLINK_ESTAB) 175 continue; 176 177 if (sta->sta.bandwidth > IEEE80211_STA_RX_BW_20) 178 continue; 179 180 if (!sta->sta.ht_cap.ht_supported) { 181 mpl_dbg(sdata, "nonHT sta (%pM) is present\n", 182 sta->sta.addr); 183 non_ht_sta = true; 184 break; 185 } 186 187 mpl_dbg(sdata, "HT20 sta (%pM) is present\n", sta->sta.addr); 188 ht20_sta = true; 189 } 190 rcu_read_unlock(); 191 192 if (non_ht_sta) 193 ht_opmode = IEEE80211_HT_OP_MODE_PROTECTION_NONHT_MIXED; 194 else if (ht20_sta && 195 sdata->vif.bss_conf.chandef.width > NL80211_CHAN_WIDTH_20) 196 ht_opmode = IEEE80211_HT_OP_MODE_PROTECTION_20MHZ; 197 else 198 ht_opmode = IEEE80211_HT_OP_MODE_PROTECTION_NONE; 199 200 if (sdata->vif.bss_conf.ht_operation_mode == ht_opmode) 201 return 0; 202 203 sdata->vif.bss_conf.ht_operation_mode = ht_opmode; 204 sdata->u.mesh.mshcfg.ht_opmode = ht_opmode; 205 mpl_dbg(sdata, "selected new HT protection mode %d\n", ht_opmode); 206 return BSS_CHANGED_HT; 207 } 208 209 static int mesh_plink_frame_tx(struct ieee80211_sub_if_data *sdata, 210 struct sta_info *sta, 211 enum ieee80211_self_protected_actioncode action, 212 u8 *da, u16 llid, u16 plid, u16 reason) 213 { 214 struct ieee80211_local *local = sdata->local; 215 struct sk_buff *skb; 216 struct ieee80211_tx_info *info; 217 struct ieee80211_mgmt *mgmt; 218 bool include_plid = false; 219 u16 peering_proto = 0; 220 u8 *pos, ie_len = 4; 221 u8 ie_len_he_cap; 222 int hdr_len = offsetofend(struct ieee80211_mgmt, u.action.u.self_prot); 223 int err = -ENOMEM; 224 225 ie_len_he_cap = ieee80211_ie_len_he_cap(sdata, 226 NL80211_IFTYPE_MESH_POINT); 227 skb = dev_alloc_skb(local->tx_headroom + 228 hdr_len + 229 2 + /* capability info */ 230 2 + /* AID */ 231 2 + 8 + /* supported rates */ 232 2 + (IEEE80211_MAX_SUPP_RATES - 8) + 233 2 + sdata->u.mesh.mesh_id_len + 234 2 + sizeof(struct ieee80211_meshconf_ie) + 235 2 + sizeof(struct ieee80211_ht_cap) + 236 2 + sizeof(struct ieee80211_ht_operation) + 237 2 + sizeof(struct ieee80211_vht_cap) + 238 2 + sizeof(struct ieee80211_vht_operation) + 239 ie_len_he_cap + 240 2 + 1 + sizeof(struct ieee80211_he_operation) + 241 2 + 8 + /* peering IE */ 242 sdata->u.mesh.ie_len); 243 if (!skb) 244 return err; 245 info = IEEE80211_SKB_CB(skb); 246 skb_reserve(skb, local->tx_headroom); 247 mgmt = skb_put_zero(skb, hdr_len); 248 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 249 IEEE80211_STYPE_ACTION); 250 memcpy(mgmt->da, da, ETH_ALEN); 251 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 252 memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN); 253 mgmt->u.action.category = WLAN_CATEGORY_SELF_PROTECTED; 254 mgmt->u.action.u.self_prot.action_code = action; 255 256 if (action != WLAN_SP_MESH_PEERING_CLOSE) { 257 struct ieee80211_supported_band *sband; 258 enum nl80211_band band; 259 260 sband = ieee80211_get_sband(sdata); 261 if (!sband) { 262 err = -EINVAL; 263 goto free; 264 } 265 band = sband->band; 266 267 /* capability info */ 268 pos = skb_put_zero(skb, 2); 269 if (action == WLAN_SP_MESH_PEERING_CONFIRM) { 270 /* AID */ 271 pos = skb_put(skb, 2); 272 put_unaligned_le16(sta->sta.aid, pos); 273 } 274 if (ieee80211_add_srates_ie(sdata, skb, true, band) || 275 ieee80211_add_ext_srates_ie(sdata, skb, true, band) || 276 mesh_add_rsn_ie(sdata, skb) || 277 mesh_add_meshid_ie(sdata, skb) || 278 mesh_add_meshconf_ie(sdata, skb)) 279 goto free; 280 } else { /* WLAN_SP_MESH_PEERING_CLOSE */ 281 info->flags |= IEEE80211_TX_CTL_NO_ACK; 282 if (mesh_add_meshid_ie(sdata, skb)) 283 goto free; 284 } 285 286 /* Add Mesh Peering Management element */ 287 switch (action) { 288 case WLAN_SP_MESH_PEERING_OPEN: 289 break; 290 case WLAN_SP_MESH_PEERING_CONFIRM: 291 ie_len += 2; 292 include_plid = true; 293 break; 294 case WLAN_SP_MESH_PEERING_CLOSE: 295 if (plid) { 296 ie_len += 2; 297 include_plid = true; 298 } 299 ie_len += 2; /* reason code */ 300 break; 301 default: 302 err = -EINVAL; 303 goto free; 304 } 305 306 if (WARN_ON(skb_tailroom(skb) < 2 + ie_len)) 307 goto free; 308 309 pos = skb_put(skb, 2 + ie_len); 310 *pos++ = WLAN_EID_PEER_MGMT; 311 *pos++ = ie_len; 312 memcpy(pos, &peering_proto, 2); 313 pos += 2; 314 put_unaligned_le16(llid, pos); 315 pos += 2; 316 if (include_plid) { 317 put_unaligned_le16(plid, pos); 318 pos += 2; 319 } 320 if (action == WLAN_SP_MESH_PEERING_CLOSE) { 321 put_unaligned_le16(reason, pos); 322 pos += 2; 323 } 324 325 if (action != WLAN_SP_MESH_PEERING_CLOSE) { 326 if (mesh_add_ht_cap_ie(sdata, skb) || 327 mesh_add_ht_oper_ie(sdata, skb) || 328 mesh_add_vht_cap_ie(sdata, skb) || 329 mesh_add_vht_oper_ie(sdata, skb) || 330 mesh_add_he_cap_ie(sdata, skb, ie_len_he_cap) || 331 mesh_add_he_oper_ie(sdata, skb)) 332 goto free; 333 } 334 335 if (mesh_add_vendor_ies(sdata, skb)) 336 goto free; 337 338 ieee80211_tx_skb(sdata, skb); 339 return 0; 340 free: 341 kfree_skb(skb); 342 return err; 343 } 344 345 /** 346 * __mesh_plink_deactivate - deactivate mesh peer link 347 * 348 * @sta: mesh peer link to deactivate 349 * 350 * Mesh paths with this peer as next hop should be flushed 351 * by the caller outside of plink_lock. 352 * 353 * Returns beacon changed flag if the beacon content changed. 354 * 355 * Locking: the caller must hold sta->mesh->plink_lock 356 */ 357 static u32 __mesh_plink_deactivate(struct sta_info *sta) 358 { 359 struct ieee80211_sub_if_data *sdata = sta->sdata; 360 u32 changed = 0; 361 362 lockdep_assert_held(&sta->mesh->plink_lock); 363 364 if (sta->mesh->plink_state == NL80211_PLINK_ESTAB) 365 changed = mesh_plink_dec_estab_count(sdata); 366 sta->mesh->plink_state = NL80211_PLINK_BLOCKED; 367 368 ieee80211_mps_sta_status_update(sta); 369 changed |= ieee80211_mps_set_sta_local_pm(sta, 370 NL80211_MESH_POWER_UNKNOWN); 371 372 return changed; 373 } 374 375 /** 376 * mesh_plink_deactivate - deactivate mesh peer link 377 * 378 * @sta: mesh peer link to deactivate 379 * 380 * All mesh paths with this peer as next hop will be flushed 381 */ 382 u32 mesh_plink_deactivate(struct sta_info *sta) 383 { 384 struct ieee80211_sub_if_data *sdata = sta->sdata; 385 u32 changed; 386 387 spin_lock_bh(&sta->mesh->plink_lock); 388 changed = __mesh_plink_deactivate(sta); 389 390 if (!sdata->u.mesh.user_mpm) { 391 sta->mesh->reason = WLAN_REASON_MESH_PEER_CANCELED; 392 mesh_plink_frame_tx(sdata, sta, WLAN_SP_MESH_PEERING_CLOSE, 393 sta->sta.addr, sta->mesh->llid, 394 sta->mesh->plid, sta->mesh->reason); 395 } 396 spin_unlock_bh(&sta->mesh->plink_lock); 397 if (!sdata->u.mesh.user_mpm) 398 del_timer_sync(&sta->mesh->plink_timer); 399 mesh_path_flush_by_nexthop(sta); 400 401 /* make sure no readers can access nexthop sta from here on */ 402 synchronize_net(); 403 404 return changed; 405 } 406 407 static void mesh_sta_info_init(struct ieee80211_sub_if_data *sdata, 408 struct sta_info *sta, 409 struct ieee802_11_elems *elems) 410 { 411 struct ieee80211_local *local = sdata->local; 412 struct ieee80211_supported_band *sband; 413 u32 rates, basic_rates = 0, changed = 0; 414 enum ieee80211_sta_rx_bandwidth bw = sta->sta.bandwidth; 415 416 sband = ieee80211_get_sband(sdata); 417 if (!sband) 418 return; 419 420 rates = ieee80211_sta_get_rates(sdata, elems, sband->band, 421 &basic_rates); 422 423 spin_lock_bh(&sta->mesh->plink_lock); 424 sta->rx_stats.last_rx = jiffies; 425 426 /* rates and capabilities don't change during peering */ 427 if (sta->mesh->plink_state == NL80211_PLINK_ESTAB && 428 sta->mesh->processed_beacon) 429 goto out; 430 sta->mesh->processed_beacon = true; 431 432 if (sta->sta.supp_rates[sband->band] != rates) 433 changed |= IEEE80211_RC_SUPP_RATES_CHANGED; 434 sta->sta.supp_rates[sband->band] = rates; 435 436 if (ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband, 437 elems->ht_cap_elem, sta)) 438 changed |= IEEE80211_RC_BW_CHANGED; 439 440 ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband, 441 elems->vht_cap_elem, sta); 442 443 ieee80211_he_cap_ie_to_sta_he_cap(sdata, sband, elems->he_cap, 444 elems->he_cap_len, sta); 445 446 if (bw != sta->sta.bandwidth) 447 changed |= IEEE80211_RC_BW_CHANGED; 448 449 /* HT peer is operating 20MHz-only */ 450 if (elems->ht_operation && 451 !(elems->ht_operation->ht_param & 452 IEEE80211_HT_PARAM_CHAN_WIDTH_ANY)) { 453 if (sta->sta.bandwidth != IEEE80211_STA_RX_BW_20) 454 changed |= IEEE80211_RC_BW_CHANGED; 455 sta->sta.bandwidth = IEEE80211_STA_RX_BW_20; 456 } 457 458 if (!test_sta_flag(sta, WLAN_STA_RATE_CONTROL)) 459 rate_control_rate_init(sta); 460 else 461 rate_control_rate_update(local, sband, sta, changed); 462 out: 463 spin_unlock_bh(&sta->mesh->plink_lock); 464 } 465 466 static int mesh_allocate_aid(struct ieee80211_sub_if_data *sdata) 467 { 468 struct sta_info *sta; 469 unsigned long *aid_map; 470 int aid; 471 472 aid_map = kcalloc(BITS_TO_LONGS(IEEE80211_MAX_AID + 1), 473 sizeof(*aid_map), GFP_KERNEL); 474 if (!aid_map) 475 return -ENOMEM; 476 477 /* reserve aid 0 for mcast indication */ 478 __set_bit(0, aid_map); 479 480 rcu_read_lock(); 481 list_for_each_entry_rcu(sta, &sdata->local->sta_list, list) 482 __set_bit(sta->sta.aid, aid_map); 483 rcu_read_unlock(); 484 485 aid = find_first_zero_bit(aid_map, IEEE80211_MAX_AID + 1); 486 kfree(aid_map); 487 488 if (aid > IEEE80211_MAX_AID) 489 return -ENOBUFS; 490 491 return aid; 492 } 493 494 static struct sta_info * 495 __mesh_sta_info_alloc(struct ieee80211_sub_if_data *sdata, u8 *hw_addr) 496 { 497 struct sta_info *sta; 498 int aid; 499 500 if (sdata->local->num_sta >= MESH_MAX_PLINKS) 501 return NULL; 502 503 aid = mesh_allocate_aid(sdata); 504 if (aid < 0) 505 return NULL; 506 507 sta = sta_info_alloc(sdata, hw_addr, GFP_KERNEL); 508 if (!sta) 509 return NULL; 510 511 sta->mesh->plink_state = NL80211_PLINK_LISTEN; 512 sta->sta.wme = true; 513 sta->sta.aid = aid; 514 515 sta_info_pre_move_state(sta, IEEE80211_STA_AUTH); 516 sta_info_pre_move_state(sta, IEEE80211_STA_ASSOC); 517 sta_info_pre_move_state(sta, IEEE80211_STA_AUTHORIZED); 518 519 return sta; 520 } 521 522 static struct sta_info * 523 mesh_sta_info_alloc(struct ieee80211_sub_if_data *sdata, u8 *addr, 524 struct ieee802_11_elems *elems, 525 struct ieee80211_rx_status *rx_status) 526 { 527 struct sta_info *sta = NULL; 528 529 /* Userspace handles station allocation */ 530 if (sdata->u.mesh.user_mpm || 531 sdata->u.mesh.security & IEEE80211_MESH_SEC_AUTHED) { 532 if (mesh_peer_accepts_plinks(elems) && 533 mesh_plink_availables(sdata)) { 534 int sig = 0; 535 536 if (ieee80211_hw_check(&sdata->local->hw, SIGNAL_DBM)) 537 sig = rx_status->signal; 538 539 cfg80211_notify_new_peer_candidate(sdata->dev, addr, 540 elems->ie_start, 541 elems->total_len, 542 sig, GFP_KERNEL); 543 } 544 } else 545 sta = __mesh_sta_info_alloc(sdata, addr); 546 547 return sta; 548 } 549 550 /* 551 * mesh_sta_info_get - return mesh sta info entry for @addr. 552 * 553 * @sdata: local meshif 554 * @addr: peer's address 555 * @elems: IEs from beacon or mesh peering frame. 556 * @rx_status: rx status for the frame for signal reporting 557 * 558 * Return existing or newly allocated sta_info under RCU read lock. 559 * (re)initialize with given IEs. 560 */ 561 static struct sta_info * 562 mesh_sta_info_get(struct ieee80211_sub_if_data *sdata, 563 u8 *addr, struct ieee802_11_elems *elems, 564 struct ieee80211_rx_status *rx_status) __acquires(RCU) 565 { 566 struct sta_info *sta = NULL; 567 568 rcu_read_lock(); 569 sta = sta_info_get(sdata, addr); 570 if (sta) { 571 mesh_sta_info_init(sdata, sta, elems); 572 } else { 573 rcu_read_unlock(); 574 /* can't run atomic */ 575 sta = mesh_sta_info_alloc(sdata, addr, elems, rx_status); 576 if (!sta) { 577 rcu_read_lock(); 578 return NULL; 579 } 580 581 mesh_sta_info_init(sdata, sta, elems); 582 583 if (sta_info_insert_rcu(sta)) 584 return NULL; 585 } 586 587 return sta; 588 } 589 590 /* 591 * mesh_neighbour_update - update or initialize new mesh neighbor. 592 * 593 * @sdata: local meshif 594 * @addr: peer's address 595 * @elems: IEs from beacon or mesh peering frame 596 * @rx_status: rx status for the frame for signal reporting 597 * 598 * Initiates peering if appropriate. 599 */ 600 void mesh_neighbour_update(struct ieee80211_sub_if_data *sdata, 601 u8 *hw_addr, 602 struct ieee802_11_elems *elems, 603 struct ieee80211_rx_status *rx_status) 604 { 605 struct sta_info *sta; 606 u32 changed = 0; 607 608 sta = mesh_sta_info_get(sdata, hw_addr, elems, rx_status); 609 if (!sta) 610 goto out; 611 612 sta->mesh->connected_to_gate = elems->mesh_config->meshconf_form & 613 IEEE80211_MESHCONF_FORM_CONNECTED_TO_GATE; 614 615 if (mesh_peer_accepts_plinks(elems) && 616 sta->mesh->plink_state == NL80211_PLINK_LISTEN && 617 sdata->u.mesh.accepting_plinks && 618 sdata->u.mesh.mshcfg.auto_open_plinks && 619 rssi_threshold_check(sdata, sta)) 620 changed = mesh_plink_open(sta); 621 622 ieee80211_mps_frame_release(sta, elems); 623 out: 624 rcu_read_unlock(); 625 ieee80211_mbss_info_change_notify(sdata, changed); 626 } 627 628 void mesh_plink_timer(struct timer_list *t) 629 { 630 struct mesh_sta *mesh = from_timer(mesh, t, plink_timer); 631 struct sta_info *sta; 632 u16 reason = 0; 633 struct ieee80211_sub_if_data *sdata; 634 struct mesh_config *mshcfg; 635 enum ieee80211_self_protected_actioncode action = 0; 636 637 /* 638 * This STA is valid because sta_info_destroy() will 639 * del_timer_sync() this timer after having made sure 640 * it cannot be readded (by deleting the plink.) 641 */ 642 sta = mesh->plink_sta; 643 644 if (sta->sdata->local->quiescing) 645 return; 646 647 spin_lock_bh(&sta->mesh->plink_lock); 648 649 /* If a timer fires just before a state transition on another CPU, 650 * we may have already extended the timeout and changed state by the 651 * time we've acquired the lock and arrived here. In that case, 652 * skip this timer and wait for the new one. 653 */ 654 if (time_before(jiffies, sta->mesh->plink_timer.expires)) { 655 mpl_dbg(sta->sdata, 656 "Ignoring timer for %pM in state %s (timer adjusted)", 657 sta->sta.addr, mplstates[sta->mesh->plink_state]); 658 spin_unlock_bh(&sta->mesh->plink_lock); 659 return; 660 } 661 662 /* del_timer() and handler may race when entering these states */ 663 if (sta->mesh->plink_state == NL80211_PLINK_LISTEN || 664 sta->mesh->plink_state == NL80211_PLINK_ESTAB) { 665 mpl_dbg(sta->sdata, 666 "Ignoring timer for %pM in state %s (timer deleted)", 667 sta->sta.addr, mplstates[sta->mesh->plink_state]); 668 spin_unlock_bh(&sta->mesh->plink_lock); 669 return; 670 } 671 672 mpl_dbg(sta->sdata, 673 "Mesh plink timer for %pM fired on state %s\n", 674 sta->sta.addr, mplstates[sta->mesh->plink_state]); 675 sdata = sta->sdata; 676 mshcfg = &sdata->u.mesh.mshcfg; 677 678 switch (sta->mesh->plink_state) { 679 case NL80211_PLINK_OPN_RCVD: 680 case NL80211_PLINK_OPN_SNT: 681 /* retry timer */ 682 if (sta->mesh->plink_retries < mshcfg->dot11MeshMaxRetries) { 683 u32 rand; 684 mpl_dbg(sta->sdata, 685 "Mesh plink for %pM (retry, timeout): %d %d\n", 686 sta->sta.addr, sta->mesh->plink_retries, 687 sta->mesh->plink_timeout); 688 get_random_bytes(&rand, sizeof(u32)); 689 sta->mesh->plink_timeout = sta->mesh->plink_timeout + 690 rand % sta->mesh->plink_timeout; 691 ++sta->mesh->plink_retries; 692 mod_plink_timer(sta, sta->mesh->plink_timeout); 693 action = WLAN_SP_MESH_PEERING_OPEN; 694 break; 695 } 696 reason = WLAN_REASON_MESH_MAX_RETRIES; 697 /* fall through */ 698 case NL80211_PLINK_CNF_RCVD: 699 /* confirm timer */ 700 if (!reason) 701 reason = WLAN_REASON_MESH_CONFIRM_TIMEOUT; 702 sta->mesh->plink_state = NL80211_PLINK_HOLDING; 703 mod_plink_timer(sta, mshcfg->dot11MeshHoldingTimeout); 704 action = WLAN_SP_MESH_PEERING_CLOSE; 705 break; 706 case NL80211_PLINK_HOLDING: 707 /* holding timer */ 708 del_timer(&sta->mesh->plink_timer); 709 mesh_plink_fsm_restart(sta); 710 break; 711 default: 712 break; 713 } 714 spin_unlock_bh(&sta->mesh->plink_lock); 715 if (action) 716 mesh_plink_frame_tx(sdata, sta, action, sta->sta.addr, 717 sta->mesh->llid, sta->mesh->plid, reason); 718 } 719 720 static inline void mesh_plink_timer_set(struct sta_info *sta, u32 timeout) 721 { 722 sta->mesh->plink_timeout = timeout; 723 mod_timer(&sta->mesh->plink_timer, jiffies + msecs_to_jiffies(timeout)); 724 } 725 726 static bool llid_in_use(struct ieee80211_sub_if_data *sdata, 727 u16 llid) 728 { 729 struct ieee80211_local *local = sdata->local; 730 bool in_use = false; 731 struct sta_info *sta; 732 733 rcu_read_lock(); 734 list_for_each_entry_rcu(sta, &local->sta_list, list) { 735 if (sdata != sta->sdata) 736 continue; 737 738 if (!memcmp(&sta->mesh->llid, &llid, sizeof(llid))) { 739 in_use = true; 740 break; 741 } 742 } 743 rcu_read_unlock(); 744 745 return in_use; 746 } 747 748 static u16 mesh_get_new_llid(struct ieee80211_sub_if_data *sdata) 749 { 750 u16 llid; 751 752 do { 753 get_random_bytes(&llid, sizeof(llid)); 754 } while (llid_in_use(sdata, llid)); 755 756 return llid; 757 } 758 759 u32 mesh_plink_open(struct sta_info *sta) 760 { 761 struct ieee80211_sub_if_data *sdata = sta->sdata; 762 u32 changed; 763 764 if (!test_sta_flag(sta, WLAN_STA_AUTH)) 765 return 0; 766 767 spin_lock_bh(&sta->mesh->plink_lock); 768 sta->mesh->llid = mesh_get_new_llid(sdata); 769 if (sta->mesh->plink_state != NL80211_PLINK_LISTEN && 770 sta->mesh->plink_state != NL80211_PLINK_BLOCKED) { 771 spin_unlock_bh(&sta->mesh->plink_lock); 772 return 0; 773 } 774 sta->mesh->plink_state = NL80211_PLINK_OPN_SNT; 775 mesh_plink_timer_set(sta, sdata->u.mesh.mshcfg.dot11MeshRetryTimeout); 776 spin_unlock_bh(&sta->mesh->plink_lock); 777 mpl_dbg(sdata, 778 "Mesh plink: starting establishment with %pM\n", 779 sta->sta.addr); 780 781 /* set the non-peer mode to active during peering */ 782 changed = ieee80211_mps_local_status_update(sdata); 783 784 mesh_plink_frame_tx(sdata, sta, WLAN_SP_MESH_PEERING_OPEN, 785 sta->sta.addr, sta->mesh->llid, 0, 0); 786 return changed; 787 } 788 789 u32 mesh_plink_block(struct sta_info *sta) 790 { 791 u32 changed; 792 793 spin_lock_bh(&sta->mesh->plink_lock); 794 changed = __mesh_plink_deactivate(sta); 795 sta->mesh->plink_state = NL80211_PLINK_BLOCKED; 796 spin_unlock_bh(&sta->mesh->plink_lock); 797 mesh_path_flush_by_nexthop(sta); 798 799 return changed; 800 } 801 802 static void mesh_plink_close(struct ieee80211_sub_if_data *sdata, 803 struct sta_info *sta, 804 enum plink_event event) 805 { 806 struct mesh_config *mshcfg = &sdata->u.mesh.mshcfg; 807 u16 reason = (event == CLS_ACPT) ? 808 WLAN_REASON_MESH_CLOSE : WLAN_REASON_MESH_CONFIG; 809 810 sta->mesh->reason = reason; 811 sta->mesh->plink_state = NL80211_PLINK_HOLDING; 812 mod_plink_timer(sta, mshcfg->dot11MeshHoldingTimeout); 813 } 814 815 static u32 mesh_plink_establish(struct ieee80211_sub_if_data *sdata, 816 struct sta_info *sta) 817 { 818 struct mesh_config *mshcfg = &sdata->u.mesh.mshcfg; 819 u32 changed = 0; 820 821 del_timer(&sta->mesh->plink_timer); 822 sta->mesh->plink_state = NL80211_PLINK_ESTAB; 823 changed |= mesh_plink_inc_estab_count(sdata); 824 changed |= mesh_set_ht_prot_mode(sdata); 825 changed |= mesh_set_short_slot_time(sdata); 826 mpl_dbg(sdata, "Mesh plink with %pM ESTABLISHED\n", sta->sta.addr); 827 ieee80211_mps_sta_status_update(sta); 828 changed |= ieee80211_mps_set_sta_local_pm(sta, mshcfg->power_mode); 829 return changed; 830 } 831 832 /** 833 * mesh_plink_fsm - step @sta MPM based on @event 834 * 835 * @sdata: interface 836 * @sta: mesh neighbor 837 * @event: peering event 838 * 839 * Return: changed MBSS flags 840 */ 841 static u32 mesh_plink_fsm(struct ieee80211_sub_if_data *sdata, 842 struct sta_info *sta, enum plink_event event) 843 { 844 struct mesh_config *mshcfg = &sdata->u.mesh.mshcfg; 845 enum ieee80211_self_protected_actioncode action = 0; 846 u32 changed = 0; 847 bool flush = false; 848 849 mpl_dbg(sdata, "peer %pM in state %s got event %s\n", sta->sta.addr, 850 mplstates[sta->mesh->plink_state], mplevents[event]); 851 852 spin_lock_bh(&sta->mesh->plink_lock); 853 switch (sta->mesh->plink_state) { 854 case NL80211_PLINK_LISTEN: 855 switch (event) { 856 case CLS_ACPT: 857 mesh_plink_fsm_restart(sta); 858 break; 859 case OPN_ACPT: 860 sta->mesh->plink_state = NL80211_PLINK_OPN_RCVD; 861 sta->mesh->llid = mesh_get_new_llid(sdata); 862 mesh_plink_timer_set(sta, 863 mshcfg->dot11MeshRetryTimeout); 864 865 /* set the non-peer mode to active during peering */ 866 changed |= ieee80211_mps_local_status_update(sdata); 867 action = WLAN_SP_MESH_PEERING_OPEN; 868 break; 869 default: 870 break; 871 } 872 break; 873 case NL80211_PLINK_OPN_SNT: 874 switch (event) { 875 case OPN_RJCT: 876 case CNF_RJCT: 877 case CLS_ACPT: 878 mesh_plink_close(sdata, sta, event); 879 action = WLAN_SP_MESH_PEERING_CLOSE; 880 break; 881 case OPN_ACPT: 882 /* retry timer is left untouched */ 883 sta->mesh->plink_state = NL80211_PLINK_OPN_RCVD; 884 action = WLAN_SP_MESH_PEERING_CONFIRM; 885 break; 886 case CNF_ACPT: 887 sta->mesh->plink_state = NL80211_PLINK_CNF_RCVD; 888 mod_plink_timer(sta, mshcfg->dot11MeshConfirmTimeout); 889 break; 890 default: 891 break; 892 } 893 break; 894 case NL80211_PLINK_OPN_RCVD: 895 switch (event) { 896 case OPN_RJCT: 897 case CNF_RJCT: 898 case CLS_ACPT: 899 mesh_plink_close(sdata, sta, event); 900 action = WLAN_SP_MESH_PEERING_CLOSE; 901 break; 902 case OPN_ACPT: 903 action = WLAN_SP_MESH_PEERING_CONFIRM; 904 break; 905 case CNF_ACPT: 906 changed |= mesh_plink_establish(sdata, sta); 907 break; 908 default: 909 break; 910 } 911 break; 912 case NL80211_PLINK_CNF_RCVD: 913 switch (event) { 914 case OPN_RJCT: 915 case CNF_RJCT: 916 case CLS_ACPT: 917 mesh_plink_close(sdata, sta, event); 918 action = WLAN_SP_MESH_PEERING_CLOSE; 919 break; 920 case OPN_ACPT: 921 changed |= mesh_plink_establish(sdata, sta); 922 action = WLAN_SP_MESH_PEERING_CONFIRM; 923 break; 924 default: 925 break; 926 } 927 break; 928 case NL80211_PLINK_ESTAB: 929 switch (event) { 930 case CLS_ACPT: 931 changed |= __mesh_plink_deactivate(sta); 932 changed |= mesh_set_ht_prot_mode(sdata); 933 changed |= mesh_set_short_slot_time(sdata); 934 mesh_plink_close(sdata, sta, event); 935 action = WLAN_SP_MESH_PEERING_CLOSE; 936 flush = true; 937 break; 938 case OPN_ACPT: 939 action = WLAN_SP_MESH_PEERING_CONFIRM; 940 break; 941 default: 942 break; 943 } 944 break; 945 case NL80211_PLINK_HOLDING: 946 switch (event) { 947 case CLS_ACPT: 948 del_timer(&sta->mesh->plink_timer); 949 mesh_plink_fsm_restart(sta); 950 break; 951 case OPN_ACPT: 952 case CNF_ACPT: 953 case OPN_RJCT: 954 case CNF_RJCT: 955 action = WLAN_SP_MESH_PEERING_CLOSE; 956 break; 957 default: 958 break; 959 } 960 break; 961 default: 962 /* should not get here, PLINK_BLOCKED is dealt with at the 963 * beginning of the function 964 */ 965 break; 966 } 967 spin_unlock_bh(&sta->mesh->plink_lock); 968 if (flush) 969 mesh_path_flush_by_nexthop(sta); 970 if (action) { 971 mesh_plink_frame_tx(sdata, sta, action, sta->sta.addr, 972 sta->mesh->llid, sta->mesh->plid, 973 sta->mesh->reason); 974 975 /* also send confirm in open case */ 976 if (action == WLAN_SP_MESH_PEERING_OPEN) { 977 mesh_plink_frame_tx(sdata, sta, 978 WLAN_SP_MESH_PEERING_CONFIRM, 979 sta->sta.addr, sta->mesh->llid, 980 sta->mesh->plid, 0); 981 } 982 } 983 984 return changed; 985 } 986 987 /* 988 * mesh_plink_get_event - get correct MPM event 989 * 990 * @sdata: interface 991 * @sta: peer, leave NULL if processing a frame from a new suitable peer 992 * @elems: peering management IEs 993 * @ftype: frame type 994 * @llid: peer's peer link ID 995 * @plid: peer's local link ID 996 * 997 * Return: new peering event for @sta, but PLINK_UNDEFINED should be treated as 998 * an error. 999 */ 1000 static enum plink_event 1001 mesh_plink_get_event(struct ieee80211_sub_if_data *sdata, 1002 struct sta_info *sta, 1003 struct ieee802_11_elems *elems, 1004 enum ieee80211_self_protected_actioncode ftype, 1005 u16 llid, u16 plid) 1006 { 1007 enum plink_event event = PLINK_UNDEFINED; 1008 u8 ie_len = elems->peering_len; 1009 bool matches_local; 1010 1011 matches_local = (ftype == WLAN_SP_MESH_PEERING_CLOSE || 1012 mesh_matches_local(sdata, elems)); 1013 1014 /* deny open request from non-matching peer */ 1015 if (!matches_local && !sta) { 1016 event = OPN_RJCT; 1017 goto out; 1018 } 1019 1020 if (!sta) { 1021 if (ftype != WLAN_SP_MESH_PEERING_OPEN) { 1022 mpl_dbg(sdata, "Mesh plink: cls or cnf from unknown peer\n"); 1023 goto out; 1024 } 1025 /* ftype == WLAN_SP_MESH_PEERING_OPEN */ 1026 if (!mesh_plink_free_count(sdata)) { 1027 mpl_dbg(sdata, "Mesh plink error: no more free plinks\n"); 1028 goto out; 1029 } 1030 1031 /* new matching peer */ 1032 event = OPN_ACPT; 1033 goto out; 1034 } else { 1035 if (!test_sta_flag(sta, WLAN_STA_AUTH)) { 1036 mpl_dbg(sdata, "Mesh plink: Action frame from non-authed peer\n"); 1037 goto out; 1038 } 1039 if (sta->mesh->plink_state == NL80211_PLINK_BLOCKED) 1040 goto out; 1041 } 1042 1043 switch (ftype) { 1044 case WLAN_SP_MESH_PEERING_OPEN: 1045 if (!matches_local) 1046 event = OPN_RJCT; 1047 if (!mesh_plink_free_count(sdata) || 1048 (sta->mesh->plid && sta->mesh->plid != plid)) 1049 event = OPN_IGNR; 1050 else 1051 event = OPN_ACPT; 1052 break; 1053 case WLAN_SP_MESH_PEERING_CONFIRM: 1054 if (!matches_local) 1055 event = CNF_RJCT; 1056 if (!mesh_plink_free_count(sdata) || 1057 sta->mesh->llid != llid || 1058 (sta->mesh->plid && sta->mesh->plid != plid)) 1059 event = CNF_IGNR; 1060 else 1061 event = CNF_ACPT; 1062 break; 1063 case WLAN_SP_MESH_PEERING_CLOSE: 1064 if (sta->mesh->plink_state == NL80211_PLINK_ESTAB) 1065 /* Do not check for llid or plid. This does not 1066 * follow the standard but since multiple plinks 1067 * per sta are not supported, it is necessary in 1068 * order to avoid a livelock when MP A sees an 1069 * establish peer link to MP B but MP B does not 1070 * see it. This can be caused by a timeout in 1071 * B's peer link establishment or B beign 1072 * restarted. 1073 */ 1074 event = CLS_ACPT; 1075 else if (sta->mesh->plid != plid) 1076 event = CLS_IGNR; 1077 else if (ie_len == 8 && sta->mesh->llid != llid) 1078 event = CLS_IGNR; 1079 else 1080 event = CLS_ACPT; 1081 break; 1082 default: 1083 mpl_dbg(sdata, "Mesh plink: unknown frame subtype\n"); 1084 break; 1085 } 1086 1087 out: 1088 return event; 1089 } 1090 1091 static void 1092 mesh_process_plink_frame(struct ieee80211_sub_if_data *sdata, 1093 struct ieee80211_mgmt *mgmt, 1094 struct ieee802_11_elems *elems, 1095 struct ieee80211_rx_status *rx_status) 1096 { 1097 1098 struct sta_info *sta; 1099 enum plink_event event; 1100 enum ieee80211_self_protected_actioncode ftype; 1101 u32 changed = 0; 1102 u8 ie_len = elems->peering_len; 1103 u16 plid, llid = 0; 1104 1105 if (!elems->peering) { 1106 mpl_dbg(sdata, 1107 "Mesh plink: missing necessary peer link ie\n"); 1108 return; 1109 } 1110 1111 if (elems->rsn_len && 1112 sdata->u.mesh.security == IEEE80211_MESH_SEC_NONE) { 1113 mpl_dbg(sdata, 1114 "Mesh plink: can't establish link with secure peer\n"); 1115 return; 1116 } 1117 1118 ftype = mgmt->u.action.u.self_prot.action_code; 1119 if ((ftype == WLAN_SP_MESH_PEERING_OPEN && ie_len != 4) || 1120 (ftype == WLAN_SP_MESH_PEERING_CONFIRM && ie_len != 6) || 1121 (ftype == WLAN_SP_MESH_PEERING_CLOSE && ie_len != 6 1122 && ie_len != 8)) { 1123 mpl_dbg(sdata, 1124 "Mesh plink: incorrect plink ie length %d %d\n", 1125 ftype, ie_len); 1126 return; 1127 } 1128 1129 if (ftype != WLAN_SP_MESH_PEERING_CLOSE && 1130 (!elems->mesh_id || !elems->mesh_config)) { 1131 mpl_dbg(sdata, "Mesh plink: missing necessary ie\n"); 1132 return; 1133 } 1134 /* Note the lines below are correct, the llid in the frame is the plid 1135 * from the point of view of this host. 1136 */ 1137 plid = get_unaligned_le16(PLINK_GET_LLID(elems->peering)); 1138 if (ftype == WLAN_SP_MESH_PEERING_CONFIRM || 1139 (ftype == WLAN_SP_MESH_PEERING_CLOSE && ie_len == 8)) 1140 llid = get_unaligned_le16(PLINK_GET_PLID(elems->peering)); 1141 1142 /* WARNING: Only for sta pointer, is dropped & re-acquired */ 1143 rcu_read_lock(); 1144 1145 sta = sta_info_get(sdata, mgmt->sa); 1146 1147 if (ftype == WLAN_SP_MESH_PEERING_OPEN && 1148 !rssi_threshold_check(sdata, sta)) { 1149 mpl_dbg(sdata, "Mesh plink: %pM does not meet rssi threshold\n", 1150 mgmt->sa); 1151 goto unlock_rcu; 1152 } 1153 1154 /* Now we will figure out the appropriate event... */ 1155 event = mesh_plink_get_event(sdata, sta, elems, ftype, llid, plid); 1156 1157 if (event == OPN_ACPT) { 1158 rcu_read_unlock(); 1159 /* allocate sta entry if necessary and update info */ 1160 sta = mesh_sta_info_get(sdata, mgmt->sa, elems, rx_status); 1161 if (!sta) { 1162 mpl_dbg(sdata, "Mesh plink: failed to init peer!\n"); 1163 goto unlock_rcu; 1164 } 1165 sta->mesh->plid = plid; 1166 } else if (!sta && event == OPN_RJCT) { 1167 mesh_plink_frame_tx(sdata, NULL, WLAN_SP_MESH_PEERING_CLOSE, 1168 mgmt->sa, 0, plid, 1169 WLAN_REASON_MESH_CONFIG); 1170 goto unlock_rcu; 1171 } else if (!sta || event == PLINK_UNDEFINED) { 1172 /* something went wrong */ 1173 goto unlock_rcu; 1174 } 1175 1176 if (event == CNF_ACPT) { 1177 /* 802.11-2012 13.3.7.2 - update plid on CNF if not set */ 1178 if (!sta->mesh->plid) 1179 sta->mesh->plid = plid; 1180 1181 sta->mesh->aid = get_unaligned_le16(PLINK_CNF_AID(mgmt)); 1182 } 1183 1184 changed |= mesh_plink_fsm(sdata, sta, event); 1185 1186 unlock_rcu: 1187 rcu_read_unlock(); 1188 1189 if (changed) 1190 ieee80211_mbss_info_change_notify(sdata, changed); 1191 } 1192 1193 void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, 1194 struct ieee80211_mgmt *mgmt, size_t len, 1195 struct ieee80211_rx_status *rx_status) 1196 { 1197 struct ieee802_11_elems elems; 1198 size_t baselen; 1199 u8 *baseaddr; 1200 1201 /* need action_code, aux */ 1202 if (len < IEEE80211_MIN_ACTION_SIZE + 3) 1203 return; 1204 1205 if (sdata->u.mesh.user_mpm) 1206 /* userspace must register for these */ 1207 return; 1208 1209 if (is_multicast_ether_addr(mgmt->da)) { 1210 mpl_dbg(sdata, 1211 "Mesh plink: ignore frame from multicast address\n"); 1212 return; 1213 } 1214 1215 baseaddr = mgmt->u.action.u.self_prot.variable; 1216 baselen = (u8 *) mgmt->u.action.u.self_prot.variable - (u8 *) mgmt; 1217 if (mgmt->u.action.u.self_prot.action_code == 1218 WLAN_SP_MESH_PEERING_CONFIRM) { 1219 baseaddr += 4; 1220 baselen += 4; 1221 1222 if (baselen > len) 1223 return; 1224 } 1225 ieee802_11_parse_elems(baseaddr, len - baselen, true, &elems, 1226 mgmt->bssid, NULL); 1227 mesh_process_plink_frame(sdata, mgmt, &elems, rx_status); 1228 } 1229