1 /* 2 * Copyright (c) 2008, 2009 open80211s Ltd. 3 * Author: Luis Carlos Cobo <luisca@cozybit.com> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 */ 9 #include <linux/gfp.h> 10 #include <linux/kernel.h> 11 #include <linux/random.h> 12 #include "ieee80211_i.h" 13 #include "rate.h" 14 #include "mesh.h" 15 16 #define PLINK_CNF_AID(mgmt) ((mgmt)->u.action.u.self_prot.variable + 2) 17 #define PLINK_GET_LLID(p) (p + 2) 18 #define PLINK_GET_PLID(p) (p + 4) 19 20 #define mod_plink_timer(s, t) (mod_timer(&s->mesh->plink_timer, \ 21 jiffies + msecs_to_jiffies(t))) 22 23 enum plink_event { 24 PLINK_UNDEFINED, 25 OPN_ACPT, 26 OPN_RJCT, 27 OPN_IGNR, 28 CNF_ACPT, 29 CNF_RJCT, 30 CNF_IGNR, 31 CLS_ACPT, 32 CLS_IGNR 33 }; 34 35 static const char * const mplstates[] = { 36 [NL80211_PLINK_LISTEN] = "LISTEN", 37 [NL80211_PLINK_OPN_SNT] = "OPN-SNT", 38 [NL80211_PLINK_OPN_RCVD] = "OPN-RCVD", 39 [NL80211_PLINK_CNF_RCVD] = "CNF_RCVD", 40 [NL80211_PLINK_ESTAB] = "ESTAB", 41 [NL80211_PLINK_HOLDING] = "HOLDING", 42 [NL80211_PLINK_BLOCKED] = "BLOCKED" 43 }; 44 45 static const char * const mplevents[] = { 46 [PLINK_UNDEFINED] = "NONE", 47 [OPN_ACPT] = "OPN_ACPT", 48 [OPN_RJCT] = "OPN_RJCT", 49 [OPN_IGNR] = "OPN_IGNR", 50 [CNF_ACPT] = "CNF_ACPT", 51 [CNF_RJCT] = "CNF_RJCT", 52 [CNF_IGNR] = "CNF_IGNR", 53 [CLS_ACPT] = "CLS_ACPT", 54 [CLS_IGNR] = "CLS_IGNR" 55 }; 56 57 /* We only need a valid sta if user configured a minimum rssi_threshold. */ 58 static bool rssi_threshold_check(struct ieee80211_sub_if_data *sdata, 59 struct sta_info *sta) 60 { 61 s32 rssi_threshold = sdata->u.mesh.mshcfg.rssi_threshold; 62 return rssi_threshold == 0 || 63 (sta && 64 (s8)-ewma_signal_read(&sta->rx_stats_avg.signal) > 65 rssi_threshold); 66 } 67 68 /** 69 * mesh_plink_fsm_restart - restart a mesh peer link finite state machine 70 * 71 * @sta: mesh peer link to restart 72 * 73 * Locking: this function must be called holding sta->mesh->plink_lock 74 */ 75 static inline void mesh_plink_fsm_restart(struct sta_info *sta) 76 { 77 lockdep_assert_held(&sta->mesh->plink_lock); 78 sta->mesh->plink_state = NL80211_PLINK_LISTEN; 79 sta->mesh->llid = sta->mesh->plid = sta->mesh->reason = 0; 80 sta->mesh->plink_retries = 0; 81 } 82 83 /* 84 * mesh_set_short_slot_time - enable / disable ERP short slot time. 85 * 86 * The standard indirectly mandates mesh STAs to turn off short slot time by 87 * disallowing advertising this (802.11-2012 8.4.1.4), but that doesn't mean we 88 * can't be sneaky about it. Enable short slot time if all mesh STAs in the 89 * MBSS support ERP rates. 90 * 91 * Returns BSS_CHANGED_ERP_SLOT or 0 for no change. 92 */ 93 static u32 mesh_set_short_slot_time(struct ieee80211_sub_if_data *sdata) 94 { 95 struct ieee80211_local *local = sdata->local; 96 enum nl80211_band band = ieee80211_get_sdata_band(sdata); 97 struct ieee80211_supported_band *sband = local->hw.wiphy->bands[band]; 98 struct sta_info *sta; 99 u32 erp_rates = 0, changed = 0; 100 int i; 101 bool short_slot = false; 102 103 if (band == NL80211_BAND_5GHZ) { 104 /* (IEEE 802.11-2012 19.4.5) */ 105 short_slot = true; 106 goto out; 107 } else if (band != NL80211_BAND_2GHZ) 108 goto out; 109 110 for (i = 0; i < sband->n_bitrates; i++) 111 if (sband->bitrates[i].flags & IEEE80211_RATE_ERP_G) 112 erp_rates |= BIT(i); 113 114 if (!erp_rates) 115 goto out; 116 117 rcu_read_lock(); 118 list_for_each_entry_rcu(sta, &local->sta_list, list) { 119 if (sdata != sta->sdata || 120 sta->mesh->plink_state != NL80211_PLINK_ESTAB) 121 continue; 122 123 short_slot = false; 124 if (erp_rates & sta->sta.supp_rates[band]) 125 short_slot = true; 126 else 127 break; 128 } 129 rcu_read_unlock(); 130 131 out: 132 if (sdata->vif.bss_conf.use_short_slot != short_slot) { 133 sdata->vif.bss_conf.use_short_slot = short_slot; 134 changed = BSS_CHANGED_ERP_SLOT; 135 mpl_dbg(sdata, "mesh_plink %pM: ERP short slot time %d\n", 136 sdata->vif.addr, short_slot); 137 } 138 return changed; 139 } 140 141 /** 142 * mesh_set_ht_prot_mode - set correct HT protection mode 143 * 144 * Section 9.23.3.5 of IEEE 80211-2012 describes the protection rules for HT 145 * mesh STA in a MBSS. Three HT protection modes are supported for now, non-HT 146 * mixed mode, 20MHz-protection and no-protection mode. non-HT mixed mode is 147 * selected if any non-HT peers are present in our MBSS. 20MHz-protection mode 148 * is selected if all peers in our 20/40MHz MBSS support HT and atleast one 149 * HT20 peer is present. Otherwise no-protection mode is selected. 150 */ 151 static u32 mesh_set_ht_prot_mode(struct ieee80211_sub_if_data *sdata) 152 { 153 struct ieee80211_local *local = sdata->local; 154 struct sta_info *sta; 155 u16 ht_opmode; 156 bool non_ht_sta = false, ht20_sta = false; 157 158 switch (sdata->vif.bss_conf.chandef.width) { 159 case NL80211_CHAN_WIDTH_20_NOHT: 160 case NL80211_CHAN_WIDTH_5: 161 case NL80211_CHAN_WIDTH_10: 162 return 0; 163 default: 164 break; 165 } 166 167 rcu_read_lock(); 168 list_for_each_entry_rcu(sta, &local->sta_list, list) { 169 if (sdata != sta->sdata || 170 sta->mesh->plink_state != NL80211_PLINK_ESTAB) 171 continue; 172 173 if (sta->sta.bandwidth > IEEE80211_STA_RX_BW_20) 174 continue; 175 176 if (!sta->sta.ht_cap.ht_supported) { 177 mpl_dbg(sdata, "nonHT sta (%pM) is present\n", 178 sta->sta.addr); 179 non_ht_sta = true; 180 break; 181 } 182 183 mpl_dbg(sdata, "HT20 sta (%pM) is present\n", sta->sta.addr); 184 ht20_sta = true; 185 } 186 rcu_read_unlock(); 187 188 if (non_ht_sta) 189 ht_opmode = IEEE80211_HT_OP_MODE_PROTECTION_NONHT_MIXED; 190 else if (ht20_sta && 191 sdata->vif.bss_conf.chandef.width > NL80211_CHAN_WIDTH_20) 192 ht_opmode = IEEE80211_HT_OP_MODE_PROTECTION_20MHZ; 193 else 194 ht_opmode = IEEE80211_HT_OP_MODE_PROTECTION_NONE; 195 196 if (sdata->vif.bss_conf.ht_operation_mode == ht_opmode) 197 return 0; 198 199 sdata->vif.bss_conf.ht_operation_mode = ht_opmode; 200 sdata->u.mesh.mshcfg.ht_opmode = ht_opmode; 201 mpl_dbg(sdata, "selected new HT protection mode %d\n", ht_opmode); 202 return BSS_CHANGED_HT; 203 } 204 205 static int mesh_plink_frame_tx(struct ieee80211_sub_if_data *sdata, 206 struct sta_info *sta, 207 enum ieee80211_self_protected_actioncode action, 208 u8 *da, u16 llid, u16 plid, u16 reason) 209 { 210 struct ieee80211_local *local = sdata->local; 211 struct sk_buff *skb; 212 struct ieee80211_tx_info *info; 213 struct ieee80211_mgmt *mgmt; 214 bool include_plid = false; 215 u16 peering_proto = 0; 216 u8 *pos, ie_len = 4; 217 int hdr_len = offsetof(struct ieee80211_mgmt, u.action.u.self_prot) + 218 sizeof(mgmt->u.action.u.self_prot); 219 int err = -ENOMEM; 220 221 skb = dev_alloc_skb(local->tx_headroom + 222 hdr_len + 223 2 + /* capability info */ 224 2 + /* AID */ 225 2 + 8 + /* supported rates */ 226 2 + (IEEE80211_MAX_SUPP_RATES - 8) + 227 2 + sdata->u.mesh.mesh_id_len + 228 2 + sizeof(struct ieee80211_meshconf_ie) + 229 2 + sizeof(struct ieee80211_ht_cap) + 230 2 + sizeof(struct ieee80211_ht_operation) + 231 2 + sizeof(struct ieee80211_vht_cap) + 232 2 + sizeof(struct ieee80211_vht_operation) + 233 2 + 8 + /* peering IE */ 234 sdata->u.mesh.ie_len); 235 if (!skb) 236 return err; 237 info = IEEE80211_SKB_CB(skb); 238 skb_reserve(skb, local->tx_headroom); 239 mgmt = (struct ieee80211_mgmt *) skb_put(skb, hdr_len); 240 memset(mgmt, 0, hdr_len); 241 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 242 IEEE80211_STYPE_ACTION); 243 memcpy(mgmt->da, da, ETH_ALEN); 244 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 245 memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN); 246 mgmt->u.action.category = WLAN_CATEGORY_SELF_PROTECTED; 247 mgmt->u.action.u.self_prot.action_code = action; 248 249 if (action != WLAN_SP_MESH_PEERING_CLOSE) { 250 enum nl80211_band band = ieee80211_get_sdata_band(sdata); 251 252 /* capability info */ 253 pos = skb_put(skb, 2); 254 memset(pos, 0, 2); 255 if (action == WLAN_SP_MESH_PEERING_CONFIRM) { 256 /* AID */ 257 pos = skb_put(skb, 2); 258 put_unaligned_le16(sta->sta.aid, pos); 259 } 260 if (ieee80211_add_srates_ie(sdata, skb, true, band) || 261 ieee80211_add_ext_srates_ie(sdata, skb, true, band) || 262 mesh_add_rsn_ie(sdata, skb) || 263 mesh_add_meshid_ie(sdata, skb) || 264 mesh_add_meshconf_ie(sdata, skb)) 265 goto free; 266 } else { /* WLAN_SP_MESH_PEERING_CLOSE */ 267 info->flags |= IEEE80211_TX_CTL_NO_ACK; 268 if (mesh_add_meshid_ie(sdata, skb)) 269 goto free; 270 } 271 272 /* Add Mesh Peering Management element */ 273 switch (action) { 274 case WLAN_SP_MESH_PEERING_OPEN: 275 break; 276 case WLAN_SP_MESH_PEERING_CONFIRM: 277 ie_len += 2; 278 include_plid = true; 279 break; 280 case WLAN_SP_MESH_PEERING_CLOSE: 281 if (plid) { 282 ie_len += 2; 283 include_plid = true; 284 } 285 ie_len += 2; /* reason code */ 286 break; 287 default: 288 err = -EINVAL; 289 goto free; 290 } 291 292 if (WARN_ON(skb_tailroom(skb) < 2 + ie_len)) 293 goto free; 294 295 pos = skb_put(skb, 2 + ie_len); 296 *pos++ = WLAN_EID_PEER_MGMT; 297 *pos++ = ie_len; 298 memcpy(pos, &peering_proto, 2); 299 pos += 2; 300 put_unaligned_le16(llid, pos); 301 pos += 2; 302 if (include_plid) { 303 put_unaligned_le16(plid, pos); 304 pos += 2; 305 } 306 if (action == WLAN_SP_MESH_PEERING_CLOSE) { 307 put_unaligned_le16(reason, pos); 308 pos += 2; 309 } 310 311 if (action != WLAN_SP_MESH_PEERING_CLOSE) { 312 if (mesh_add_ht_cap_ie(sdata, skb) || 313 mesh_add_ht_oper_ie(sdata, skb) || 314 mesh_add_vht_cap_ie(sdata, skb) || 315 mesh_add_vht_oper_ie(sdata, skb)) 316 goto free; 317 } 318 319 if (mesh_add_vendor_ies(sdata, skb)) 320 goto free; 321 322 ieee80211_tx_skb(sdata, skb); 323 return 0; 324 free: 325 kfree_skb(skb); 326 return err; 327 } 328 329 /** 330 * __mesh_plink_deactivate - deactivate mesh peer link 331 * 332 * @sta: mesh peer link to deactivate 333 * 334 * Mesh paths with this peer as next hop should be flushed 335 * by the caller outside of plink_lock. 336 * 337 * Returns beacon changed flag if the beacon content changed. 338 * 339 * Locking: the caller must hold sta->mesh->plink_lock 340 */ 341 static u32 __mesh_plink_deactivate(struct sta_info *sta) 342 { 343 struct ieee80211_sub_if_data *sdata = sta->sdata; 344 u32 changed = 0; 345 346 lockdep_assert_held(&sta->mesh->plink_lock); 347 348 if (sta->mesh->plink_state == NL80211_PLINK_ESTAB) 349 changed = mesh_plink_dec_estab_count(sdata); 350 sta->mesh->plink_state = NL80211_PLINK_BLOCKED; 351 352 ieee80211_mps_sta_status_update(sta); 353 changed |= ieee80211_mps_set_sta_local_pm(sta, 354 NL80211_MESH_POWER_UNKNOWN); 355 356 return changed; 357 } 358 359 /** 360 * mesh_plink_deactivate - deactivate mesh peer link 361 * 362 * @sta: mesh peer link to deactivate 363 * 364 * All mesh paths with this peer as next hop will be flushed 365 */ 366 u32 mesh_plink_deactivate(struct sta_info *sta) 367 { 368 struct ieee80211_sub_if_data *sdata = sta->sdata; 369 u32 changed; 370 371 spin_lock_bh(&sta->mesh->plink_lock); 372 changed = __mesh_plink_deactivate(sta); 373 sta->mesh->reason = WLAN_REASON_MESH_PEER_CANCELED; 374 mesh_plink_frame_tx(sdata, sta, WLAN_SP_MESH_PEERING_CLOSE, 375 sta->sta.addr, sta->mesh->llid, sta->mesh->plid, 376 sta->mesh->reason); 377 spin_unlock_bh(&sta->mesh->plink_lock); 378 mesh_path_flush_by_nexthop(sta); 379 380 return changed; 381 } 382 383 static void mesh_sta_info_init(struct ieee80211_sub_if_data *sdata, 384 struct sta_info *sta, 385 struct ieee802_11_elems *elems, bool insert) 386 { 387 struct ieee80211_local *local = sdata->local; 388 enum nl80211_band band = ieee80211_get_sdata_band(sdata); 389 struct ieee80211_supported_band *sband; 390 u32 rates, basic_rates = 0, changed = 0; 391 enum ieee80211_sta_rx_bandwidth bw = sta->sta.bandwidth; 392 393 sband = local->hw.wiphy->bands[band]; 394 rates = ieee80211_sta_get_rates(sdata, elems, band, &basic_rates); 395 396 spin_lock_bh(&sta->mesh->plink_lock); 397 sta->rx_stats.last_rx = jiffies; 398 399 /* rates and capabilities don't change during peering */ 400 if (sta->mesh->plink_state == NL80211_PLINK_ESTAB && 401 sta->mesh->processed_beacon) 402 goto out; 403 sta->mesh->processed_beacon = true; 404 405 if (sta->sta.supp_rates[band] != rates) 406 changed |= IEEE80211_RC_SUPP_RATES_CHANGED; 407 sta->sta.supp_rates[band] = rates; 408 409 if (ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband, 410 elems->ht_cap_elem, sta)) 411 changed |= IEEE80211_RC_BW_CHANGED; 412 413 ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband, 414 elems->vht_cap_elem, sta); 415 416 if (bw != sta->sta.bandwidth) 417 changed |= IEEE80211_RC_BW_CHANGED; 418 419 /* HT peer is operating 20MHz-only */ 420 if (elems->ht_operation && 421 !(elems->ht_operation->ht_param & 422 IEEE80211_HT_PARAM_CHAN_WIDTH_ANY)) { 423 if (sta->sta.bandwidth != IEEE80211_STA_RX_BW_20) 424 changed |= IEEE80211_RC_BW_CHANGED; 425 sta->sta.bandwidth = IEEE80211_STA_RX_BW_20; 426 } 427 428 if (insert) 429 rate_control_rate_init(sta); 430 else 431 rate_control_rate_update(local, sband, sta, changed); 432 out: 433 spin_unlock_bh(&sta->mesh->plink_lock); 434 } 435 436 static int mesh_allocate_aid(struct ieee80211_sub_if_data *sdata) 437 { 438 struct sta_info *sta; 439 unsigned long *aid_map; 440 int aid; 441 442 aid_map = kcalloc(BITS_TO_LONGS(IEEE80211_MAX_AID + 1), 443 sizeof(*aid_map), GFP_KERNEL); 444 if (!aid_map) 445 return -ENOMEM; 446 447 /* reserve aid 0 for mcast indication */ 448 __set_bit(0, aid_map); 449 450 rcu_read_lock(); 451 list_for_each_entry_rcu(sta, &sdata->local->sta_list, list) 452 __set_bit(sta->sta.aid, aid_map); 453 rcu_read_unlock(); 454 455 aid = find_first_zero_bit(aid_map, IEEE80211_MAX_AID + 1); 456 kfree(aid_map); 457 458 if (aid > IEEE80211_MAX_AID) 459 return -ENOBUFS; 460 461 return aid; 462 } 463 464 static struct sta_info * 465 __mesh_sta_info_alloc(struct ieee80211_sub_if_data *sdata, u8 *hw_addr) 466 { 467 struct sta_info *sta; 468 int aid; 469 470 if (sdata->local->num_sta >= MESH_MAX_PLINKS) 471 return NULL; 472 473 aid = mesh_allocate_aid(sdata); 474 if (aid < 0) 475 return NULL; 476 477 sta = sta_info_alloc(sdata, hw_addr, GFP_KERNEL); 478 if (!sta) 479 return NULL; 480 481 sta->mesh->plink_state = NL80211_PLINK_LISTEN; 482 sta->sta.wme = true; 483 sta->sta.aid = aid; 484 485 sta_info_pre_move_state(sta, IEEE80211_STA_AUTH); 486 sta_info_pre_move_state(sta, IEEE80211_STA_ASSOC); 487 sta_info_pre_move_state(sta, IEEE80211_STA_AUTHORIZED); 488 489 return sta; 490 } 491 492 static struct sta_info * 493 mesh_sta_info_alloc(struct ieee80211_sub_if_data *sdata, u8 *addr, 494 struct ieee802_11_elems *elems) 495 { 496 struct sta_info *sta = NULL; 497 498 /* Userspace handles station allocation */ 499 if (sdata->u.mesh.user_mpm || 500 sdata->u.mesh.security & IEEE80211_MESH_SEC_AUTHED) 501 cfg80211_notify_new_peer_candidate(sdata->dev, addr, 502 elems->ie_start, 503 elems->total_len, 504 GFP_KERNEL); 505 else 506 sta = __mesh_sta_info_alloc(sdata, addr); 507 508 return sta; 509 } 510 511 /* 512 * mesh_sta_info_get - return mesh sta info entry for @addr. 513 * 514 * @sdata: local meshif 515 * @addr: peer's address 516 * @elems: IEs from beacon or mesh peering frame. 517 * 518 * Return existing or newly allocated sta_info under RCU read lock. 519 * (re)initialize with given IEs. 520 */ 521 static struct sta_info * 522 mesh_sta_info_get(struct ieee80211_sub_if_data *sdata, 523 u8 *addr, struct ieee802_11_elems *elems) __acquires(RCU) 524 { 525 struct sta_info *sta = NULL; 526 527 rcu_read_lock(); 528 sta = sta_info_get(sdata, addr); 529 if (sta) { 530 mesh_sta_info_init(sdata, sta, elems, false); 531 } else { 532 rcu_read_unlock(); 533 /* can't run atomic */ 534 sta = mesh_sta_info_alloc(sdata, addr, elems); 535 if (!sta) { 536 rcu_read_lock(); 537 return NULL; 538 } 539 540 mesh_sta_info_init(sdata, sta, elems, true); 541 542 if (sta_info_insert_rcu(sta)) 543 return NULL; 544 } 545 546 return sta; 547 } 548 549 /* 550 * mesh_neighbour_update - update or initialize new mesh neighbor. 551 * 552 * @sdata: local meshif 553 * @addr: peer's address 554 * @elems: IEs from beacon or mesh peering frame 555 * 556 * Initiates peering if appropriate. 557 */ 558 void mesh_neighbour_update(struct ieee80211_sub_if_data *sdata, 559 u8 *hw_addr, 560 struct ieee802_11_elems *elems) 561 { 562 struct sta_info *sta; 563 u32 changed = 0; 564 565 sta = mesh_sta_info_get(sdata, hw_addr, elems); 566 if (!sta) 567 goto out; 568 569 if (mesh_peer_accepts_plinks(elems) && 570 sta->mesh->plink_state == NL80211_PLINK_LISTEN && 571 sdata->u.mesh.accepting_plinks && 572 sdata->u.mesh.mshcfg.auto_open_plinks && 573 rssi_threshold_check(sdata, sta)) 574 changed = mesh_plink_open(sta); 575 576 ieee80211_mps_frame_release(sta, elems); 577 out: 578 rcu_read_unlock(); 579 ieee80211_mbss_info_change_notify(sdata, changed); 580 } 581 582 static void mesh_plink_timer(unsigned long data) 583 { 584 struct sta_info *sta; 585 u16 reason = 0; 586 struct ieee80211_sub_if_data *sdata; 587 struct mesh_config *mshcfg; 588 enum ieee80211_self_protected_actioncode action = 0; 589 590 /* 591 * This STA is valid because sta_info_destroy() will 592 * del_timer_sync() this timer after having made sure 593 * it cannot be readded (by deleting the plink.) 594 */ 595 sta = (struct sta_info *) data; 596 597 if (sta->sdata->local->quiescing) 598 return; 599 600 spin_lock_bh(&sta->mesh->plink_lock); 601 602 /* If a timer fires just before a state transition on another CPU, 603 * we may have already extended the timeout and changed state by the 604 * time we've acquired the lock and arrived here. In that case, 605 * skip this timer and wait for the new one. 606 */ 607 if (time_before(jiffies, sta->mesh->plink_timer.expires)) { 608 mpl_dbg(sta->sdata, 609 "Ignoring timer for %pM in state %s (timer adjusted)", 610 sta->sta.addr, mplstates[sta->mesh->plink_state]); 611 spin_unlock_bh(&sta->mesh->plink_lock); 612 return; 613 } 614 615 /* del_timer() and handler may race when entering these states */ 616 if (sta->mesh->plink_state == NL80211_PLINK_LISTEN || 617 sta->mesh->plink_state == NL80211_PLINK_ESTAB) { 618 mpl_dbg(sta->sdata, 619 "Ignoring timer for %pM in state %s (timer deleted)", 620 sta->sta.addr, mplstates[sta->mesh->plink_state]); 621 spin_unlock_bh(&sta->mesh->plink_lock); 622 return; 623 } 624 625 mpl_dbg(sta->sdata, 626 "Mesh plink timer for %pM fired on state %s\n", 627 sta->sta.addr, mplstates[sta->mesh->plink_state]); 628 sdata = sta->sdata; 629 mshcfg = &sdata->u.mesh.mshcfg; 630 631 switch (sta->mesh->plink_state) { 632 case NL80211_PLINK_OPN_RCVD: 633 case NL80211_PLINK_OPN_SNT: 634 /* retry timer */ 635 if (sta->mesh->plink_retries < mshcfg->dot11MeshMaxRetries) { 636 u32 rand; 637 mpl_dbg(sta->sdata, 638 "Mesh plink for %pM (retry, timeout): %d %d\n", 639 sta->sta.addr, sta->mesh->plink_retries, 640 sta->mesh->plink_timeout); 641 get_random_bytes(&rand, sizeof(u32)); 642 sta->mesh->plink_timeout = sta->mesh->plink_timeout + 643 rand % sta->mesh->plink_timeout; 644 ++sta->mesh->plink_retries; 645 mod_plink_timer(sta, sta->mesh->plink_timeout); 646 action = WLAN_SP_MESH_PEERING_OPEN; 647 break; 648 } 649 reason = WLAN_REASON_MESH_MAX_RETRIES; 650 /* fall through on else */ 651 case NL80211_PLINK_CNF_RCVD: 652 /* confirm timer */ 653 if (!reason) 654 reason = WLAN_REASON_MESH_CONFIRM_TIMEOUT; 655 sta->mesh->plink_state = NL80211_PLINK_HOLDING; 656 mod_plink_timer(sta, mshcfg->dot11MeshHoldingTimeout); 657 action = WLAN_SP_MESH_PEERING_CLOSE; 658 break; 659 case NL80211_PLINK_HOLDING: 660 /* holding timer */ 661 del_timer(&sta->mesh->plink_timer); 662 mesh_plink_fsm_restart(sta); 663 break; 664 default: 665 break; 666 } 667 spin_unlock_bh(&sta->mesh->plink_lock); 668 if (action) 669 mesh_plink_frame_tx(sdata, sta, action, sta->sta.addr, 670 sta->mesh->llid, sta->mesh->plid, reason); 671 } 672 673 static inline void mesh_plink_timer_set(struct sta_info *sta, u32 timeout) 674 { 675 sta->mesh->plink_timer.expires = jiffies + msecs_to_jiffies(timeout); 676 sta->mesh->plink_timer.data = (unsigned long) sta; 677 sta->mesh->plink_timer.function = mesh_plink_timer; 678 sta->mesh->plink_timeout = timeout; 679 add_timer(&sta->mesh->plink_timer); 680 } 681 682 static bool llid_in_use(struct ieee80211_sub_if_data *sdata, 683 u16 llid) 684 { 685 struct ieee80211_local *local = sdata->local; 686 bool in_use = false; 687 struct sta_info *sta; 688 689 rcu_read_lock(); 690 list_for_each_entry_rcu(sta, &local->sta_list, list) { 691 if (sdata != sta->sdata) 692 continue; 693 694 if (!memcmp(&sta->mesh->llid, &llid, sizeof(llid))) { 695 in_use = true; 696 break; 697 } 698 } 699 rcu_read_unlock(); 700 701 return in_use; 702 } 703 704 static u16 mesh_get_new_llid(struct ieee80211_sub_if_data *sdata) 705 { 706 u16 llid; 707 708 do { 709 get_random_bytes(&llid, sizeof(llid)); 710 } while (llid_in_use(sdata, llid)); 711 712 return llid; 713 } 714 715 u32 mesh_plink_open(struct sta_info *sta) 716 { 717 struct ieee80211_sub_if_data *sdata = sta->sdata; 718 u32 changed; 719 720 if (!test_sta_flag(sta, WLAN_STA_AUTH)) 721 return 0; 722 723 spin_lock_bh(&sta->mesh->plink_lock); 724 sta->mesh->llid = mesh_get_new_llid(sdata); 725 if (sta->mesh->plink_state != NL80211_PLINK_LISTEN && 726 sta->mesh->plink_state != NL80211_PLINK_BLOCKED) { 727 spin_unlock_bh(&sta->mesh->plink_lock); 728 return 0; 729 } 730 sta->mesh->plink_state = NL80211_PLINK_OPN_SNT; 731 mesh_plink_timer_set(sta, sdata->u.mesh.mshcfg.dot11MeshRetryTimeout); 732 spin_unlock_bh(&sta->mesh->plink_lock); 733 mpl_dbg(sdata, 734 "Mesh plink: starting establishment with %pM\n", 735 sta->sta.addr); 736 737 /* set the non-peer mode to active during peering */ 738 changed = ieee80211_mps_local_status_update(sdata); 739 740 mesh_plink_frame_tx(sdata, sta, WLAN_SP_MESH_PEERING_OPEN, 741 sta->sta.addr, sta->mesh->llid, 0, 0); 742 return changed; 743 } 744 745 u32 mesh_plink_block(struct sta_info *sta) 746 { 747 u32 changed; 748 749 spin_lock_bh(&sta->mesh->plink_lock); 750 changed = __mesh_plink_deactivate(sta); 751 sta->mesh->plink_state = NL80211_PLINK_BLOCKED; 752 spin_unlock_bh(&sta->mesh->plink_lock); 753 mesh_path_flush_by_nexthop(sta); 754 755 return changed; 756 } 757 758 static void mesh_plink_close(struct ieee80211_sub_if_data *sdata, 759 struct sta_info *sta, 760 enum plink_event event) 761 { 762 struct mesh_config *mshcfg = &sdata->u.mesh.mshcfg; 763 u16 reason = (event == CLS_ACPT) ? 764 WLAN_REASON_MESH_CLOSE : WLAN_REASON_MESH_CONFIG; 765 766 sta->mesh->reason = reason; 767 sta->mesh->plink_state = NL80211_PLINK_HOLDING; 768 mod_plink_timer(sta, mshcfg->dot11MeshHoldingTimeout); 769 } 770 771 static u32 mesh_plink_establish(struct ieee80211_sub_if_data *sdata, 772 struct sta_info *sta) 773 { 774 struct mesh_config *mshcfg = &sdata->u.mesh.mshcfg; 775 u32 changed = 0; 776 777 del_timer(&sta->mesh->plink_timer); 778 sta->mesh->plink_state = NL80211_PLINK_ESTAB; 779 changed |= mesh_plink_inc_estab_count(sdata); 780 changed |= mesh_set_ht_prot_mode(sdata); 781 changed |= mesh_set_short_slot_time(sdata); 782 mpl_dbg(sdata, "Mesh plink with %pM ESTABLISHED\n", sta->sta.addr); 783 ieee80211_mps_sta_status_update(sta); 784 changed |= ieee80211_mps_set_sta_local_pm(sta, mshcfg->power_mode); 785 return changed; 786 } 787 788 /** 789 * mesh_plink_fsm - step @sta MPM based on @event 790 * 791 * @sdata: interface 792 * @sta: mesh neighbor 793 * @event: peering event 794 * 795 * Return: changed MBSS flags 796 */ 797 static u32 mesh_plink_fsm(struct ieee80211_sub_if_data *sdata, 798 struct sta_info *sta, enum plink_event event) 799 { 800 struct mesh_config *mshcfg = &sdata->u.mesh.mshcfg; 801 enum ieee80211_self_protected_actioncode action = 0; 802 u32 changed = 0; 803 bool flush = false; 804 805 mpl_dbg(sdata, "peer %pM in state %s got event %s\n", sta->sta.addr, 806 mplstates[sta->mesh->plink_state], mplevents[event]); 807 808 spin_lock_bh(&sta->mesh->plink_lock); 809 switch (sta->mesh->plink_state) { 810 case NL80211_PLINK_LISTEN: 811 switch (event) { 812 case CLS_ACPT: 813 mesh_plink_fsm_restart(sta); 814 break; 815 case OPN_ACPT: 816 sta->mesh->plink_state = NL80211_PLINK_OPN_RCVD; 817 sta->mesh->llid = mesh_get_new_llid(sdata); 818 mesh_plink_timer_set(sta, 819 mshcfg->dot11MeshRetryTimeout); 820 821 /* set the non-peer mode to active during peering */ 822 changed |= ieee80211_mps_local_status_update(sdata); 823 action = WLAN_SP_MESH_PEERING_OPEN; 824 break; 825 default: 826 break; 827 } 828 break; 829 case NL80211_PLINK_OPN_SNT: 830 switch (event) { 831 case OPN_RJCT: 832 case CNF_RJCT: 833 case CLS_ACPT: 834 mesh_plink_close(sdata, sta, event); 835 action = WLAN_SP_MESH_PEERING_CLOSE; 836 break; 837 case OPN_ACPT: 838 /* retry timer is left untouched */ 839 sta->mesh->plink_state = NL80211_PLINK_OPN_RCVD; 840 action = WLAN_SP_MESH_PEERING_CONFIRM; 841 break; 842 case CNF_ACPT: 843 sta->mesh->plink_state = NL80211_PLINK_CNF_RCVD; 844 mod_plink_timer(sta, mshcfg->dot11MeshConfirmTimeout); 845 break; 846 default: 847 break; 848 } 849 break; 850 case NL80211_PLINK_OPN_RCVD: 851 switch (event) { 852 case OPN_RJCT: 853 case CNF_RJCT: 854 case CLS_ACPT: 855 mesh_plink_close(sdata, sta, event); 856 action = WLAN_SP_MESH_PEERING_CLOSE; 857 break; 858 case OPN_ACPT: 859 action = WLAN_SP_MESH_PEERING_CONFIRM; 860 break; 861 case CNF_ACPT: 862 changed |= mesh_plink_establish(sdata, sta); 863 break; 864 default: 865 break; 866 } 867 break; 868 case NL80211_PLINK_CNF_RCVD: 869 switch (event) { 870 case OPN_RJCT: 871 case CNF_RJCT: 872 case CLS_ACPT: 873 mesh_plink_close(sdata, sta, event); 874 action = WLAN_SP_MESH_PEERING_CLOSE; 875 break; 876 case OPN_ACPT: 877 changed |= mesh_plink_establish(sdata, sta); 878 action = WLAN_SP_MESH_PEERING_CONFIRM; 879 break; 880 default: 881 break; 882 } 883 break; 884 case NL80211_PLINK_ESTAB: 885 switch (event) { 886 case CLS_ACPT: 887 changed |= __mesh_plink_deactivate(sta); 888 changed |= mesh_set_ht_prot_mode(sdata); 889 changed |= mesh_set_short_slot_time(sdata); 890 mesh_plink_close(sdata, sta, event); 891 action = WLAN_SP_MESH_PEERING_CLOSE; 892 flush = true; 893 break; 894 case OPN_ACPT: 895 action = WLAN_SP_MESH_PEERING_CONFIRM; 896 break; 897 default: 898 break; 899 } 900 break; 901 case NL80211_PLINK_HOLDING: 902 switch (event) { 903 case CLS_ACPT: 904 del_timer(&sta->mesh->plink_timer); 905 mesh_plink_fsm_restart(sta); 906 break; 907 case OPN_ACPT: 908 case CNF_ACPT: 909 case OPN_RJCT: 910 case CNF_RJCT: 911 action = WLAN_SP_MESH_PEERING_CLOSE; 912 break; 913 default: 914 break; 915 } 916 break; 917 default: 918 /* should not get here, PLINK_BLOCKED is dealt with at the 919 * beginning of the function 920 */ 921 break; 922 } 923 spin_unlock_bh(&sta->mesh->plink_lock); 924 if (flush) 925 mesh_path_flush_by_nexthop(sta); 926 if (action) { 927 mesh_plink_frame_tx(sdata, sta, action, sta->sta.addr, 928 sta->mesh->llid, sta->mesh->plid, 929 sta->mesh->reason); 930 931 /* also send confirm in open case */ 932 if (action == WLAN_SP_MESH_PEERING_OPEN) { 933 mesh_plink_frame_tx(sdata, sta, 934 WLAN_SP_MESH_PEERING_CONFIRM, 935 sta->sta.addr, sta->mesh->llid, 936 sta->mesh->plid, 0); 937 } 938 } 939 940 return changed; 941 } 942 943 /* 944 * mesh_plink_get_event - get correct MPM event 945 * 946 * @sdata: interface 947 * @sta: peer, leave NULL if processing a frame from a new suitable peer 948 * @elems: peering management IEs 949 * @ftype: frame type 950 * @llid: peer's peer link ID 951 * @plid: peer's local link ID 952 * 953 * Return: new peering event for @sta, but PLINK_UNDEFINED should be treated as 954 * an error. 955 */ 956 static enum plink_event 957 mesh_plink_get_event(struct ieee80211_sub_if_data *sdata, 958 struct sta_info *sta, 959 struct ieee802_11_elems *elems, 960 enum ieee80211_self_protected_actioncode ftype, 961 u16 llid, u16 plid) 962 { 963 enum plink_event event = PLINK_UNDEFINED; 964 u8 ie_len = elems->peering_len; 965 bool matches_local; 966 967 matches_local = (ftype == WLAN_SP_MESH_PEERING_CLOSE || 968 mesh_matches_local(sdata, elems)); 969 970 /* deny open request from non-matching peer */ 971 if (!matches_local && !sta) { 972 event = OPN_RJCT; 973 goto out; 974 } 975 976 if (!sta) { 977 if (ftype != WLAN_SP_MESH_PEERING_OPEN) { 978 mpl_dbg(sdata, "Mesh plink: cls or cnf from unknown peer\n"); 979 goto out; 980 } 981 /* ftype == WLAN_SP_MESH_PEERING_OPEN */ 982 if (!mesh_plink_free_count(sdata)) { 983 mpl_dbg(sdata, "Mesh plink error: no more free plinks\n"); 984 goto out; 985 } 986 987 /* new matching peer */ 988 event = OPN_ACPT; 989 goto out; 990 } else { 991 if (!test_sta_flag(sta, WLAN_STA_AUTH)) { 992 mpl_dbg(sdata, "Mesh plink: Action frame from non-authed peer\n"); 993 goto out; 994 } 995 if (sta->mesh->plink_state == NL80211_PLINK_BLOCKED) 996 goto out; 997 } 998 999 switch (ftype) { 1000 case WLAN_SP_MESH_PEERING_OPEN: 1001 if (!matches_local) 1002 event = OPN_RJCT; 1003 if (!mesh_plink_free_count(sdata) || 1004 (sta->mesh->plid && sta->mesh->plid != plid)) 1005 event = OPN_IGNR; 1006 else 1007 event = OPN_ACPT; 1008 break; 1009 case WLAN_SP_MESH_PEERING_CONFIRM: 1010 if (!matches_local) 1011 event = CNF_RJCT; 1012 if (!mesh_plink_free_count(sdata) || 1013 sta->mesh->llid != llid || 1014 (sta->mesh->plid && sta->mesh->plid != plid)) 1015 event = CNF_IGNR; 1016 else 1017 event = CNF_ACPT; 1018 break; 1019 case WLAN_SP_MESH_PEERING_CLOSE: 1020 if (sta->mesh->plink_state == NL80211_PLINK_ESTAB) 1021 /* Do not check for llid or plid. This does not 1022 * follow the standard but since multiple plinks 1023 * per sta are not supported, it is necessary in 1024 * order to avoid a livelock when MP A sees an 1025 * establish peer link to MP B but MP B does not 1026 * see it. This can be caused by a timeout in 1027 * B's peer link establishment or B beign 1028 * restarted. 1029 */ 1030 event = CLS_ACPT; 1031 else if (sta->mesh->plid != plid) 1032 event = CLS_IGNR; 1033 else if (ie_len == 8 && sta->mesh->llid != llid) 1034 event = CLS_IGNR; 1035 else 1036 event = CLS_ACPT; 1037 break; 1038 default: 1039 mpl_dbg(sdata, "Mesh plink: unknown frame subtype\n"); 1040 break; 1041 } 1042 1043 out: 1044 return event; 1045 } 1046 1047 static void 1048 mesh_process_plink_frame(struct ieee80211_sub_if_data *sdata, 1049 struct ieee80211_mgmt *mgmt, 1050 struct ieee802_11_elems *elems) 1051 { 1052 1053 struct sta_info *sta; 1054 enum plink_event event; 1055 enum ieee80211_self_protected_actioncode ftype; 1056 u32 changed = 0; 1057 u8 ie_len = elems->peering_len; 1058 u16 plid, llid = 0; 1059 1060 if (!elems->peering) { 1061 mpl_dbg(sdata, 1062 "Mesh plink: missing necessary peer link ie\n"); 1063 return; 1064 } 1065 1066 if (elems->rsn_len && 1067 sdata->u.mesh.security == IEEE80211_MESH_SEC_NONE) { 1068 mpl_dbg(sdata, 1069 "Mesh plink: can't establish link with secure peer\n"); 1070 return; 1071 } 1072 1073 ftype = mgmt->u.action.u.self_prot.action_code; 1074 if ((ftype == WLAN_SP_MESH_PEERING_OPEN && ie_len != 4) || 1075 (ftype == WLAN_SP_MESH_PEERING_CONFIRM && ie_len != 6) || 1076 (ftype == WLAN_SP_MESH_PEERING_CLOSE && ie_len != 6 1077 && ie_len != 8)) { 1078 mpl_dbg(sdata, 1079 "Mesh plink: incorrect plink ie length %d %d\n", 1080 ftype, ie_len); 1081 return; 1082 } 1083 1084 if (ftype != WLAN_SP_MESH_PEERING_CLOSE && 1085 (!elems->mesh_id || !elems->mesh_config)) { 1086 mpl_dbg(sdata, "Mesh plink: missing necessary ie\n"); 1087 return; 1088 } 1089 /* Note the lines below are correct, the llid in the frame is the plid 1090 * from the point of view of this host. 1091 */ 1092 plid = get_unaligned_le16(PLINK_GET_LLID(elems->peering)); 1093 if (ftype == WLAN_SP_MESH_PEERING_CONFIRM || 1094 (ftype == WLAN_SP_MESH_PEERING_CLOSE && ie_len == 8)) 1095 llid = get_unaligned_le16(PLINK_GET_PLID(elems->peering)); 1096 1097 /* WARNING: Only for sta pointer, is dropped & re-acquired */ 1098 rcu_read_lock(); 1099 1100 sta = sta_info_get(sdata, mgmt->sa); 1101 1102 if (ftype == WLAN_SP_MESH_PEERING_OPEN && 1103 !rssi_threshold_check(sdata, sta)) { 1104 mpl_dbg(sdata, "Mesh plink: %pM does not meet rssi threshold\n", 1105 mgmt->sa); 1106 goto unlock_rcu; 1107 } 1108 1109 /* Now we will figure out the appropriate event... */ 1110 event = mesh_plink_get_event(sdata, sta, elems, ftype, llid, plid); 1111 1112 if (event == OPN_ACPT) { 1113 rcu_read_unlock(); 1114 /* allocate sta entry if necessary and update info */ 1115 sta = mesh_sta_info_get(sdata, mgmt->sa, elems); 1116 if (!sta) { 1117 mpl_dbg(sdata, "Mesh plink: failed to init peer!\n"); 1118 goto unlock_rcu; 1119 } 1120 sta->mesh->plid = plid; 1121 } else if (!sta && event == OPN_RJCT) { 1122 mesh_plink_frame_tx(sdata, NULL, WLAN_SP_MESH_PEERING_CLOSE, 1123 mgmt->sa, 0, plid, 1124 WLAN_REASON_MESH_CONFIG); 1125 goto unlock_rcu; 1126 } else if (!sta || event == PLINK_UNDEFINED) { 1127 /* something went wrong */ 1128 goto unlock_rcu; 1129 } 1130 1131 if (event == CNF_ACPT) { 1132 /* 802.11-2012 13.3.7.2 - update plid on CNF if not set */ 1133 if (!sta->mesh->plid) 1134 sta->mesh->plid = plid; 1135 1136 sta->mesh->aid = get_unaligned_le16(PLINK_CNF_AID(mgmt)); 1137 } 1138 1139 changed |= mesh_plink_fsm(sdata, sta, event); 1140 1141 unlock_rcu: 1142 rcu_read_unlock(); 1143 1144 if (changed) 1145 ieee80211_mbss_info_change_notify(sdata, changed); 1146 } 1147 1148 void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, 1149 struct ieee80211_mgmt *mgmt, size_t len, 1150 struct ieee80211_rx_status *rx_status) 1151 { 1152 struct ieee802_11_elems elems; 1153 size_t baselen; 1154 u8 *baseaddr; 1155 1156 /* need action_code, aux */ 1157 if (len < IEEE80211_MIN_ACTION_SIZE + 3) 1158 return; 1159 1160 if (sdata->u.mesh.user_mpm) 1161 /* userspace must register for these */ 1162 return; 1163 1164 if (is_multicast_ether_addr(mgmt->da)) { 1165 mpl_dbg(sdata, 1166 "Mesh plink: ignore frame from multicast address\n"); 1167 return; 1168 } 1169 1170 baseaddr = mgmt->u.action.u.self_prot.variable; 1171 baselen = (u8 *) mgmt->u.action.u.self_prot.variable - (u8 *) mgmt; 1172 if (mgmt->u.action.u.self_prot.action_code == 1173 WLAN_SP_MESH_PEERING_CONFIRM) { 1174 baseaddr += 4; 1175 baselen += 4; 1176 1177 if (baselen > len) 1178 return; 1179 } 1180 ieee802_11_parse_elems(baseaddr, len - baselen, true, &elems); 1181 mesh_process_plink_frame(sdata, mgmt, &elems); 1182 } 1183