1 /* 2 * Copyright (c) 2008, 2009 open80211s Ltd. 3 * Author: Luis Carlos Cobo <luisca@cozybit.com> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 */ 9 #include <linux/gfp.h> 10 #include <linux/kernel.h> 11 #include <linux/random.h> 12 #include "ieee80211_i.h" 13 #include "rate.h" 14 #include "mesh.h" 15 16 #ifdef CONFIG_MAC80211_VERBOSE_MPL_DEBUG 17 #define mpl_dbg(fmt, args...) printk(KERN_DEBUG fmt, ##args) 18 #else 19 #define mpl_dbg(fmt, args...) do { (void)(0); } while (0) 20 #endif 21 22 #define PLINK_GET_LLID(p) (p + 2) 23 #define PLINK_GET_PLID(p) (p + 4) 24 25 #define mod_plink_timer(s, t) (mod_timer(&s->plink_timer, \ 26 jiffies + HZ * t / 1000)) 27 28 #define dot11MeshMaxRetries(s) (s->u.mesh.mshcfg.dot11MeshMaxRetries) 29 #define dot11MeshRetryTimeout(s) (s->u.mesh.mshcfg.dot11MeshRetryTimeout) 30 #define dot11MeshConfirmTimeout(s) (s->u.mesh.mshcfg.dot11MeshConfirmTimeout) 31 #define dot11MeshHoldingTimeout(s) (s->u.mesh.mshcfg.dot11MeshHoldingTimeout) 32 #define dot11MeshMaxPeerLinks(s) (s->u.mesh.mshcfg.dot11MeshMaxPeerLinks) 33 34 /* We only need a valid sta if user configured a minimum rssi_threshold. */ 35 #define rssi_threshold_check(sta, sdata) \ 36 (sdata->u.mesh.mshcfg.rssi_threshold == 0 ||\ 37 (sta && (s8) -ewma_read(&sta->avg_signal) > \ 38 sdata->u.mesh.mshcfg.rssi_threshold)) 39 40 enum plink_event { 41 PLINK_UNDEFINED, 42 OPN_ACPT, 43 OPN_RJCT, 44 OPN_IGNR, 45 CNF_ACPT, 46 CNF_RJCT, 47 CNF_IGNR, 48 CLS_ACPT, 49 CLS_IGNR 50 }; 51 52 static int mesh_plink_frame_tx(struct ieee80211_sub_if_data *sdata, 53 enum ieee80211_self_protected_actioncode action, 54 u8 *da, __le16 llid, __le16 plid, __le16 reason); 55 56 static inline 57 void mesh_plink_inc_estab_count(struct ieee80211_sub_if_data *sdata) 58 { 59 atomic_inc(&sdata->u.mesh.mshstats.estab_plinks); 60 mesh_accept_plinks_update(sdata); 61 } 62 63 static inline 64 void mesh_plink_dec_estab_count(struct ieee80211_sub_if_data *sdata) 65 { 66 atomic_dec(&sdata->u.mesh.mshstats.estab_plinks); 67 mesh_accept_plinks_update(sdata); 68 } 69 70 /** 71 * mesh_plink_fsm_restart - restart a mesh peer link finite state machine 72 * 73 * @sta: mesh peer link to restart 74 * 75 * Locking: this function must be called holding sta->lock 76 */ 77 static inline void mesh_plink_fsm_restart(struct sta_info *sta) 78 { 79 sta->plink_state = NL80211_PLINK_LISTEN; 80 sta->llid = sta->plid = sta->reason = 0; 81 sta->plink_retries = 0; 82 } 83 84 /* 85 * NOTE: This is just an alias for sta_info_alloc(), see notes 86 * on it in the lifecycle management section! 87 */ 88 static struct sta_info *mesh_plink_alloc(struct ieee80211_sub_if_data *sdata, 89 u8 *hw_addr, u32 rates, 90 struct ieee802_11_elems *elems) 91 { 92 struct ieee80211_local *local = sdata->local; 93 struct ieee80211_supported_band *sband; 94 struct sta_info *sta; 95 96 sband = local->hw.wiphy->bands[local->oper_channel->band]; 97 98 if (local->num_sta >= MESH_MAX_PLINKS) 99 return NULL; 100 101 sta = sta_info_alloc(sdata, hw_addr, GFP_KERNEL); 102 if (!sta) 103 return NULL; 104 105 sta_info_pre_move_state(sta, IEEE80211_STA_AUTH); 106 sta_info_pre_move_state(sta, IEEE80211_STA_ASSOC); 107 sta_info_pre_move_state(sta, IEEE80211_STA_AUTHORIZED); 108 109 set_sta_flag(sta, WLAN_STA_WME); 110 111 sta->sta.supp_rates[local->hw.conf.channel->band] = rates; 112 if (elems->ht_cap_elem) 113 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband, 114 elems->ht_cap_elem, 115 &sta->sta.ht_cap); 116 rate_control_rate_init(sta); 117 118 return sta; 119 } 120 121 /** 122 * __mesh_plink_deactivate - deactivate mesh peer link 123 * 124 * @sta: mesh peer link to deactivate 125 * 126 * All mesh paths with this peer as next hop will be flushed 127 * 128 * Locking: the caller must hold sta->lock 129 */ 130 static bool __mesh_plink_deactivate(struct sta_info *sta) 131 { 132 struct ieee80211_sub_if_data *sdata = sta->sdata; 133 bool deactivated = false; 134 135 if (sta->plink_state == NL80211_PLINK_ESTAB) { 136 mesh_plink_dec_estab_count(sdata); 137 deactivated = true; 138 } 139 sta->plink_state = NL80211_PLINK_BLOCKED; 140 mesh_path_flush_by_nexthop(sta); 141 142 return deactivated; 143 } 144 145 /** 146 * mesh_plink_deactivate - deactivate mesh peer link 147 * 148 * @sta: mesh peer link to deactivate 149 * 150 * All mesh paths with this peer as next hop will be flushed 151 */ 152 void mesh_plink_deactivate(struct sta_info *sta) 153 { 154 struct ieee80211_sub_if_data *sdata = sta->sdata; 155 bool deactivated; 156 157 spin_lock_bh(&sta->lock); 158 deactivated = __mesh_plink_deactivate(sta); 159 sta->reason = cpu_to_le16(WLAN_REASON_MESH_PEER_CANCELED); 160 mesh_plink_frame_tx(sdata, WLAN_SP_MESH_PEERING_CLOSE, 161 sta->sta.addr, sta->llid, sta->plid, 162 sta->reason); 163 spin_unlock_bh(&sta->lock); 164 165 if (deactivated) 166 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON); 167 } 168 169 static int mesh_plink_frame_tx(struct ieee80211_sub_if_data *sdata, 170 enum ieee80211_self_protected_actioncode action, 171 u8 *da, __le16 llid, __le16 plid, __le16 reason) { 172 struct ieee80211_local *local = sdata->local; 173 struct sk_buff *skb; 174 struct ieee80211_mgmt *mgmt; 175 bool include_plid = false; 176 u16 peering_proto = 0; 177 u8 *pos, ie_len = 4; 178 int hdr_len = offsetof(struct ieee80211_mgmt, u.action.u.self_prot) + 179 sizeof(mgmt->u.action.u.self_prot); 180 181 skb = dev_alloc_skb(local->tx_headroom + 182 hdr_len + 183 2 + /* capability info */ 184 2 + /* AID */ 185 2 + 8 + /* supported rates */ 186 2 + (IEEE80211_MAX_SUPP_RATES - 8) + 187 2 + sdata->u.mesh.mesh_id_len + 188 2 + sizeof(struct ieee80211_meshconf_ie) + 189 2 + sizeof(struct ieee80211_ht_cap) + 190 2 + sizeof(struct ieee80211_ht_info) + 191 2 + 8 + /* peering IE */ 192 sdata->u.mesh.ie_len); 193 if (!skb) 194 return -1; 195 skb_reserve(skb, local->tx_headroom); 196 mgmt = (struct ieee80211_mgmt *) skb_put(skb, hdr_len); 197 memset(mgmt, 0, hdr_len); 198 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 199 IEEE80211_STYPE_ACTION); 200 memcpy(mgmt->da, da, ETH_ALEN); 201 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 202 memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN); 203 mgmt->u.action.category = WLAN_CATEGORY_SELF_PROTECTED; 204 mgmt->u.action.u.self_prot.action_code = action; 205 206 if (action != WLAN_SP_MESH_PEERING_CLOSE) { 207 /* capability info */ 208 pos = skb_put(skb, 2); 209 memset(pos, 0, 2); 210 if (action == WLAN_SP_MESH_PEERING_CONFIRM) { 211 /* AID */ 212 pos = skb_put(skb, 2); 213 memcpy(pos + 2, &plid, 2); 214 } 215 if (ieee80211_add_srates_ie(&sdata->vif, skb) || 216 ieee80211_add_ext_srates_ie(&sdata->vif, skb) || 217 mesh_add_rsn_ie(skb, sdata) || 218 mesh_add_meshid_ie(skb, sdata) || 219 mesh_add_meshconf_ie(skb, sdata)) 220 return -1; 221 } else { /* WLAN_SP_MESH_PEERING_CLOSE */ 222 if (mesh_add_meshid_ie(skb, sdata)) 223 return -1; 224 } 225 226 /* Add Mesh Peering Management element */ 227 switch (action) { 228 case WLAN_SP_MESH_PEERING_OPEN: 229 break; 230 case WLAN_SP_MESH_PEERING_CONFIRM: 231 ie_len += 2; 232 include_plid = true; 233 break; 234 case WLAN_SP_MESH_PEERING_CLOSE: 235 if (plid) { 236 ie_len += 2; 237 include_plid = true; 238 } 239 ie_len += 2; /* reason code */ 240 break; 241 default: 242 return -EINVAL; 243 } 244 245 if (WARN_ON(skb_tailroom(skb) < 2 + ie_len)) 246 return -ENOMEM; 247 248 pos = skb_put(skb, 2 + ie_len); 249 *pos++ = WLAN_EID_PEER_MGMT; 250 *pos++ = ie_len; 251 memcpy(pos, &peering_proto, 2); 252 pos += 2; 253 memcpy(pos, &llid, 2); 254 pos += 2; 255 if (include_plid) { 256 memcpy(pos, &plid, 2); 257 pos += 2; 258 } 259 if (action == WLAN_SP_MESH_PEERING_CLOSE) { 260 memcpy(pos, &reason, 2); 261 pos += 2; 262 } 263 264 if (action != WLAN_SP_MESH_PEERING_CLOSE) { 265 if (mesh_add_ht_cap_ie(skb, sdata) || 266 mesh_add_ht_info_ie(skb, sdata)) 267 return -1; 268 } 269 270 if (mesh_add_vendor_ies(skb, sdata)) 271 return -1; 272 273 ieee80211_tx_skb(sdata, skb); 274 return 0; 275 } 276 277 void mesh_neighbour_update(u8 *hw_addr, u32 rates, 278 struct ieee80211_sub_if_data *sdata, 279 struct ieee802_11_elems *elems) 280 { 281 struct ieee80211_local *local = sdata->local; 282 struct sta_info *sta; 283 284 rcu_read_lock(); 285 286 sta = sta_info_get(sdata, hw_addr); 287 if (!sta) { 288 rcu_read_unlock(); 289 /* Userspace handles peer allocation when security is enabled 290 * */ 291 if (sdata->u.mesh.security & IEEE80211_MESH_SEC_AUTHED) 292 cfg80211_notify_new_peer_candidate(sdata->dev, hw_addr, 293 elems->ie_start, elems->total_len, 294 GFP_KERNEL); 295 else 296 sta = mesh_plink_alloc(sdata, hw_addr, rates, elems); 297 if (!sta) 298 return; 299 if (sta_info_insert_rcu(sta)) { 300 rcu_read_unlock(); 301 return; 302 } 303 } 304 305 sta->last_rx = jiffies; 306 sta->sta.supp_rates[local->hw.conf.channel->band] = rates; 307 if (mesh_peer_accepts_plinks(elems) && 308 sta->plink_state == NL80211_PLINK_LISTEN && 309 sdata->u.mesh.accepting_plinks && 310 sdata->u.mesh.mshcfg.auto_open_plinks && 311 rssi_threshold_check(sta, sdata)) 312 mesh_plink_open(sta); 313 314 rcu_read_unlock(); 315 } 316 317 static void mesh_plink_timer(unsigned long data) 318 { 319 struct sta_info *sta; 320 __le16 llid, plid, reason; 321 struct ieee80211_sub_if_data *sdata; 322 323 /* 324 * This STA is valid because sta_info_destroy() will 325 * del_timer_sync() this timer after having made sure 326 * it cannot be readded (by deleting the plink.) 327 */ 328 sta = (struct sta_info *) data; 329 330 if (sta->sdata->local->quiescing) { 331 sta->plink_timer_was_running = true; 332 return; 333 } 334 335 spin_lock_bh(&sta->lock); 336 if (sta->ignore_plink_timer) { 337 sta->ignore_plink_timer = false; 338 spin_unlock_bh(&sta->lock); 339 return; 340 } 341 mpl_dbg("Mesh plink timer for %pM fired on state %d\n", 342 sta->sta.addr, sta->plink_state); 343 reason = 0; 344 llid = sta->llid; 345 plid = sta->plid; 346 sdata = sta->sdata; 347 348 switch (sta->plink_state) { 349 case NL80211_PLINK_OPN_RCVD: 350 case NL80211_PLINK_OPN_SNT: 351 /* retry timer */ 352 if (sta->plink_retries < dot11MeshMaxRetries(sdata)) { 353 u32 rand; 354 mpl_dbg("Mesh plink for %pM (retry, timeout): %d %d\n", 355 sta->sta.addr, sta->plink_retries, 356 sta->plink_timeout); 357 get_random_bytes(&rand, sizeof(u32)); 358 sta->plink_timeout = sta->plink_timeout + 359 rand % sta->plink_timeout; 360 ++sta->plink_retries; 361 mod_plink_timer(sta, sta->plink_timeout); 362 spin_unlock_bh(&sta->lock); 363 mesh_plink_frame_tx(sdata, WLAN_SP_MESH_PEERING_OPEN, 364 sta->sta.addr, llid, 0, 0); 365 break; 366 } 367 reason = cpu_to_le16(WLAN_REASON_MESH_MAX_RETRIES); 368 /* fall through on else */ 369 case NL80211_PLINK_CNF_RCVD: 370 /* confirm timer */ 371 if (!reason) 372 reason = cpu_to_le16(WLAN_REASON_MESH_CONFIRM_TIMEOUT); 373 sta->plink_state = NL80211_PLINK_HOLDING; 374 mod_plink_timer(sta, dot11MeshHoldingTimeout(sdata)); 375 spin_unlock_bh(&sta->lock); 376 mesh_plink_frame_tx(sdata, WLAN_SP_MESH_PEERING_CLOSE, 377 sta->sta.addr, llid, plid, reason); 378 break; 379 case NL80211_PLINK_HOLDING: 380 /* holding timer */ 381 del_timer(&sta->plink_timer); 382 mesh_plink_fsm_restart(sta); 383 spin_unlock_bh(&sta->lock); 384 break; 385 default: 386 spin_unlock_bh(&sta->lock); 387 break; 388 } 389 } 390 391 #ifdef CONFIG_PM 392 void mesh_plink_quiesce(struct sta_info *sta) 393 { 394 if (del_timer_sync(&sta->plink_timer)) 395 sta->plink_timer_was_running = true; 396 } 397 398 void mesh_plink_restart(struct sta_info *sta) 399 { 400 if (sta->plink_timer_was_running) { 401 add_timer(&sta->plink_timer); 402 sta->plink_timer_was_running = false; 403 } 404 } 405 #endif 406 407 static inline void mesh_plink_timer_set(struct sta_info *sta, int timeout) 408 { 409 sta->plink_timer.expires = jiffies + (HZ * timeout / 1000); 410 sta->plink_timer.data = (unsigned long) sta; 411 sta->plink_timer.function = mesh_plink_timer; 412 sta->plink_timeout = timeout; 413 add_timer(&sta->plink_timer); 414 } 415 416 int mesh_plink_open(struct sta_info *sta) 417 { 418 __le16 llid; 419 struct ieee80211_sub_if_data *sdata = sta->sdata; 420 421 if (!test_sta_flag(sta, WLAN_STA_AUTH)) 422 return -EPERM; 423 424 spin_lock_bh(&sta->lock); 425 get_random_bytes(&llid, 2); 426 sta->llid = llid; 427 if (sta->plink_state != NL80211_PLINK_LISTEN) { 428 spin_unlock_bh(&sta->lock); 429 return -EBUSY; 430 } 431 sta->plink_state = NL80211_PLINK_OPN_SNT; 432 mesh_plink_timer_set(sta, dot11MeshRetryTimeout(sdata)); 433 spin_unlock_bh(&sta->lock); 434 mpl_dbg("Mesh plink: starting establishment with %pM\n", 435 sta->sta.addr); 436 437 return mesh_plink_frame_tx(sdata, WLAN_SP_MESH_PEERING_OPEN, 438 sta->sta.addr, llid, 0, 0); 439 } 440 441 void mesh_plink_block(struct sta_info *sta) 442 { 443 struct ieee80211_sub_if_data *sdata = sta->sdata; 444 bool deactivated; 445 446 spin_lock_bh(&sta->lock); 447 deactivated = __mesh_plink_deactivate(sta); 448 sta->plink_state = NL80211_PLINK_BLOCKED; 449 spin_unlock_bh(&sta->lock); 450 451 if (deactivated) 452 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON); 453 } 454 455 456 void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_mgmt *mgmt, 457 size_t len, struct ieee80211_rx_status *rx_status) 458 { 459 struct ieee80211_local *local = sdata->local; 460 struct ieee802_11_elems elems; 461 struct sta_info *sta; 462 enum plink_event event; 463 enum ieee80211_self_protected_actioncode ftype; 464 size_t baselen; 465 bool deactivated, matches_local = true; 466 u8 ie_len; 467 u8 *baseaddr; 468 __le16 plid, llid, reason; 469 #ifdef CONFIG_MAC80211_VERBOSE_MPL_DEBUG 470 static const char *mplstates[] = { 471 [NL80211_PLINK_LISTEN] = "LISTEN", 472 [NL80211_PLINK_OPN_SNT] = "OPN-SNT", 473 [NL80211_PLINK_OPN_RCVD] = "OPN-RCVD", 474 [NL80211_PLINK_CNF_RCVD] = "CNF_RCVD", 475 [NL80211_PLINK_ESTAB] = "ESTAB", 476 [NL80211_PLINK_HOLDING] = "HOLDING", 477 [NL80211_PLINK_BLOCKED] = "BLOCKED" 478 }; 479 #endif 480 481 /* need action_code, aux */ 482 if (len < IEEE80211_MIN_ACTION_SIZE + 3) 483 return; 484 485 if (is_multicast_ether_addr(mgmt->da)) { 486 mpl_dbg("Mesh plink: ignore frame from multicast address"); 487 return; 488 } 489 490 baseaddr = mgmt->u.action.u.self_prot.variable; 491 baselen = (u8 *) mgmt->u.action.u.self_prot.variable - (u8 *) mgmt; 492 if (mgmt->u.action.u.self_prot.action_code == 493 WLAN_SP_MESH_PEERING_CONFIRM) { 494 baseaddr += 4; 495 baselen += 4; 496 } 497 ieee802_11_parse_elems(baseaddr, len - baselen, &elems); 498 if (!elems.peering) { 499 mpl_dbg("Mesh plink: missing necessary peer link ie\n"); 500 return; 501 } 502 if (elems.rsn_len && 503 sdata->u.mesh.security == IEEE80211_MESH_SEC_NONE) { 504 mpl_dbg("Mesh plink: can't establish link with secure peer\n"); 505 return; 506 } 507 508 ftype = mgmt->u.action.u.self_prot.action_code; 509 ie_len = elems.peering_len; 510 if ((ftype == WLAN_SP_MESH_PEERING_OPEN && ie_len != 4) || 511 (ftype == WLAN_SP_MESH_PEERING_CONFIRM && ie_len != 6) || 512 (ftype == WLAN_SP_MESH_PEERING_CLOSE && ie_len != 6 513 && ie_len != 8)) { 514 mpl_dbg("Mesh plink: incorrect plink ie length %d %d\n", 515 ftype, ie_len); 516 return; 517 } 518 519 if (ftype != WLAN_SP_MESH_PEERING_CLOSE && 520 (!elems.mesh_id || !elems.mesh_config)) { 521 mpl_dbg("Mesh plink: missing necessary ie\n"); 522 return; 523 } 524 /* Note the lines below are correct, the llid in the frame is the plid 525 * from the point of view of this host. 526 */ 527 memcpy(&plid, PLINK_GET_LLID(elems.peering), 2); 528 if (ftype == WLAN_SP_MESH_PEERING_CONFIRM || 529 (ftype == WLAN_SP_MESH_PEERING_CLOSE && ie_len == 8)) 530 memcpy(&llid, PLINK_GET_PLID(elems.peering), 2); 531 532 rcu_read_lock(); 533 534 sta = sta_info_get(sdata, mgmt->sa); 535 if (!sta && ftype != WLAN_SP_MESH_PEERING_OPEN) { 536 mpl_dbg("Mesh plink: cls or cnf from unknown peer\n"); 537 rcu_read_unlock(); 538 return; 539 } 540 541 if (ftype == WLAN_SP_MESH_PEERING_OPEN && 542 !rssi_threshold_check(sta, sdata)) { 543 mpl_dbg("Mesh plink: %pM does not meet rssi threshold\n", 544 mgmt->sa); 545 rcu_read_unlock(); 546 return; 547 } 548 549 if (sta && !test_sta_flag(sta, WLAN_STA_AUTH)) { 550 mpl_dbg("Mesh plink: Action frame from non-authed peer\n"); 551 rcu_read_unlock(); 552 return; 553 } 554 555 if (sta && sta->plink_state == NL80211_PLINK_BLOCKED) { 556 rcu_read_unlock(); 557 return; 558 } 559 560 /* Now we will figure out the appropriate event... */ 561 event = PLINK_UNDEFINED; 562 if (ftype != WLAN_SP_MESH_PEERING_CLOSE && 563 (!mesh_matches_local(&elems, sdata))) { 564 matches_local = false; 565 switch (ftype) { 566 case WLAN_SP_MESH_PEERING_OPEN: 567 event = OPN_RJCT; 568 break; 569 case WLAN_SP_MESH_PEERING_CONFIRM: 570 event = CNF_RJCT; 571 break; 572 default: 573 break; 574 } 575 } 576 577 if (!sta && !matches_local) { 578 rcu_read_unlock(); 579 reason = cpu_to_le16(WLAN_REASON_MESH_CONFIG); 580 llid = 0; 581 mesh_plink_frame_tx(sdata, WLAN_SP_MESH_PEERING_CLOSE, 582 mgmt->sa, llid, plid, reason); 583 return; 584 } else if (!sta) { 585 /* ftype == WLAN_SP_MESH_PEERING_OPEN */ 586 u32 rates; 587 588 rcu_read_unlock(); 589 590 if (!mesh_plink_free_count(sdata)) { 591 mpl_dbg("Mesh plink error: no more free plinks\n"); 592 return; 593 } 594 595 rates = ieee80211_sta_get_rates(local, &elems, rx_status->band); 596 sta = mesh_plink_alloc(sdata, mgmt->sa, rates, &elems); 597 if (!sta) { 598 mpl_dbg("Mesh plink error: plink table full\n"); 599 return; 600 } 601 if (sta_info_insert_rcu(sta)) { 602 rcu_read_unlock(); 603 return; 604 } 605 event = OPN_ACPT; 606 spin_lock_bh(&sta->lock); 607 } else if (matches_local) { 608 spin_lock_bh(&sta->lock); 609 switch (ftype) { 610 case WLAN_SP_MESH_PEERING_OPEN: 611 if (!mesh_plink_free_count(sdata) || 612 (sta->plid && sta->plid != plid)) 613 event = OPN_IGNR; 614 else 615 event = OPN_ACPT; 616 break; 617 case WLAN_SP_MESH_PEERING_CONFIRM: 618 if (!mesh_plink_free_count(sdata) || 619 (sta->llid != llid || sta->plid != plid)) 620 event = CNF_IGNR; 621 else 622 event = CNF_ACPT; 623 break; 624 case WLAN_SP_MESH_PEERING_CLOSE: 625 if (sta->plink_state == NL80211_PLINK_ESTAB) 626 /* Do not check for llid or plid. This does not 627 * follow the standard but since multiple plinks 628 * per sta are not supported, it is necessary in 629 * order to avoid a livelock when MP A sees an 630 * establish peer link to MP B but MP B does not 631 * see it. This can be caused by a timeout in 632 * B's peer link establishment or B beign 633 * restarted. 634 */ 635 event = CLS_ACPT; 636 else if (sta->plid != plid) 637 event = CLS_IGNR; 638 else if (ie_len == 7 && sta->llid != llid) 639 event = CLS_IGNR; 640 else 641 event = CLS_ACPT; 642 break; 643 default: 644 mpl_dbg("Mesh plink: unknown frame subtype\n"); 645 spin_unlock_bh(&sta->lock); 646 rcu_read_unlock(); 647 return; 648 } 649 } else { 650 spin_lock_bh(&sta->lock); 651 } 652 653 mpl_dbg("Mesh plink (peer, state, llid, plid, event): %pM %s %d %d %d\n", 654 mgmt->sa, mplstates[sta->plink_state], 655 le16_to_cpu(sta->llid), le16_to_cpu(sta->plid), 656 event); 657 reason = 0; 658 switch (sta->plink_state) { 659 /* spin_unlock as soon as state is updated at each case */ 660 case NL80211_PLINK_LISTEN: 661 switch (event) { 662 case CLS_ACPT: 663 mesh_plink_fsm_restart(sta); 664 spin_unlock_bh(&sta->lock); 665 break; 666 case OPN_ACPT: 667 sta->plink_state = NL80211_PLINK_OPN_RCVD; 668 sta->plid = plid; 669 get_random_bytes(&llid, 2); 670 sta->llid = llid; 671 mesh_plink_timer_set(sta, dot11MeshRetryTimeout(sdata)); 672 spin_unlock_bh(&sta->lock); 673 mesh_plink_frame_tx(sdata, 674 WLAN_SP_MESH_PEERING_OPEN, 675 sta->sta.addr, llid, 0, 0); 676 mesh_plink_frame_tx(sdata, 677 WLAN_SP_MESH_PEERING_CONFIRM, 678 sta->sta.addr, llid, plid, 0); 679 break; 680 default: 681 spin_unlock_bh(&sta->lock); 682 break; 683 } 684 break; 685 686 case NL80211_PLINK_OPN_SNT: 687 switch (event) { 688 case OPN_RJCT: 689 case CNF_RJCT: 690 reason = cpu_to_le16(WLAN_REASON_MESH_CONFIG); 691 case CLS_ACPT: 692 if (!reason) 693 reason = cpu_to_le16(WLAN_REASON_MESH_CLOSE); 694 sta->reason = reason; 695 sta->plink_state = NL80211_PLINK_HOLDING; 696 if (!mod_plink_timer(sta, 697 dot11MeshHoldingTimeout(sdata))) 698 sta->ignore_plink_timer = true; 699 700 llid = sta->llid; 701 spin_unlock_bh(&sta->lock); 702 mesh_plink_frame_tx(sdata, 703 WLAN_SP_MESH_PEERING_CLOSE, 704 sta->sta.addr, llid, plid, reason); 705 break; 706 case OPN_ACPT: 707 /* retry timer is left untouched */ 708 sta->plink_state = NL80211_PLINK_OPN_RCVD; 709 sta->plid = plid; 710 llid = sta->llid; 711 spin_unlock_bh(&sta->lock); 712 mesh_plink_frame_tx(sdata, 713 WLAN_SP_MESH_PEERING_CONFIRM, 714 sta->sta.addr, llid, plid, 0); 715 break; 716 case CNF_ACPT: 717 sta->plink_state = NL80211_PLINK_CNF_RCVD; 718 if (!mod_plink_timer(sta, 719 dot11MeshConfirmTimeout(sdata))) 720 sta->ignore_plink_timer = true; 721 722 spin_unlock_bh(&sta->lock); 723 break; 724 default: 725 spin_unlock_bh(&sta->lock); 726 break; 727 } 728 break; 729 730 case NL80211_PLINK_OPN_RCVD: 731 switch (event) { 732 case OPN_RJCT: 733 case CNF_RJCT: 734 reason = cpu_to_le16(WLAN_REASON_MESH_CONFIG); 735 case CLS_ACPT: 736 if (!reason) 737 reason = cpu_to_le16(WLAN_REASON_MESH_CLOSE); 738 sta->reason = reason; 739 sta->plink_state = NL80211_PLINK_HOLDING; 740 if (!mod_plink_timer(sta, 741 dot11MeshHoldingTimeout(sdata))) 742 sta->ignore_plink_timer = true; 743 744 llid = sta->llid; 745 spin_unlock_bh(&sta->lock); 746 mesh_plink_frame_tx(sdata, WLAN_SP_MESH_PEERING_CLOSE, 747 sta->sta.addr, llid, plid, reason); 748 break; 749 case OPN_ACPT: 750 llid = sta->llid; 751 spin_unlock_bh(&sta->lock); 752 mesh_plink_frame_tx(sdata, 753 WLAN_SP_MESH_PEERING_CONFIRM, 754 sta->sta.addr, llid, plid, 0); 755 break; 756 case CNF_ACPT: 757 del_timer(&sta->plink_timer); 758 sta->plink_state = NL80211_PLINK_ESTAB; 759 spin_unlock_bh(&sta->lock); 760 mesh_plink_inc_estab_count(sdata); 761 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON); 762 mpl_dbg("Mesh plink with %pM ESTABLISHED\n", 763 sta->sta.addr); 764 break; 765 default: 766 spin_unlock_bh(&sta->lock); 767 break; 768 } 769 break; 770 771 case NL80211_PLINK_CNF_RCVD: 772 switch (event) { 773 case OPN_RJCT: 774 case CNF_RJCT: 775 reason = cpu_to_le16(WLAN_REASON_MESH_CONFIG); 776 case CLS_ACPT: 777 if (!reason) 778 reason = cpu_to_le16(WLAN_REASON_MESH_CLOSE); 779 sta->reason = reason; 780 sta->plink_state = NL80211_PLINK_HOLDING; 781 if (!mod_plink_timer(sta, 782 dot11MeshHoldingTimeout(sdata))) 783 sta->ignore_plink_timer = true; 784 785 llid = sta->llid; 786 spin_unlock_bh(&sta->lock); 787 mesh_plink_frame_tx(sdata, 788 WLAN_SP_MESH_PEERING_CLOSE, 789 sta->sta.addr, llid, plid, reason); 790 break; 791 case OPN_ACPT: 792 del_timer(&sta->plink_timer); 793 sta->plink_state = NL80211_PLINK_ESTAB; 794 spin_unlock_bh(&sta->lock); 795 mesh_plink_inc_estab_count(sdata); 796 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON); 797 mpl_dbg("Mesh plink with %pM ESTABLISHED\n", 798 sta->sta.addr); 799 mesh_plink_frame_tx(sdata, 800 WLAN_SP_MESH_PEERING_CONFIRM, 801 sta->sta.addr, llid, plid, 0); 802 break; 803 default: 804 spin_unlock_bh(&sta->lock); 805 break; 806 } 807 break; 808 809 case NL80211_PLINK_ESTAB: 810 switch (event) { 811 case CLS_ACPT: 812 reason = cpu_to_le16(WLAN_REASON_MESH_CLOSE); 813 sta->reason = reason; 814 deactivated = __mesh_plink_deactivate(sta); 815 sta->plink_state = NL80211_PLINK_HOLDING; 816 llid = sta->llid; 817 mod_plink_timer(sta, dot11MeshHoldingTimeout(sdata)); 818 spin_unlock_bh(&sta->lock); 819 if (deactivated) 820 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON); 821 mesh_plink_frame_tx(sdata, WLAN_SP_MESH_PEERING_CLOSE, 822 sta->sta.addr, llid, plid, reason); 823 break; 824 case OPN_ACPT: 825 llid = sta->llid; 826 spin_unlock_bh(&sta->lock); 827 mesh_plink_frame_tx(sdata, 828 WLAN_SP_MESH_PEERING_CONFIRM, 829 sta->sta.addr, llid, plid, 0); 830 break; 831 default: 832 spin_unlock_bh(&sta->lock); 833 break; 834 } 835 break; 836 case NL80211_PLINK_HOLDING: 837 switch (event) { 838 case CLS_ACPT: 839 if (del_timer(&sta->plink_timer)) 840 sta->ignore_plink_timer = 1; 841 mesh_plink_fsm_restart(sta); 842 spin_unlock_bh(&sta->lock); 843 break; 844 case OPN_ACPT: 845 case CNF_ACPT: 846 case OPN_RJCT: 847 case CNF_RJCT: 848 llid = sta->llid; 849 reason = sta->reason; 850 spin_unlock_bh(&sta->lock); 851 mesh_plink_frame_tx(sdata, WLAN_SP_MESH_PEERING_CLOSE, 852 sta->sta.addr, llid, plid, reason); 853 break; 854 default: 855 spin_unlock_bh(&sta->lock); 856 } 857 break; 858 default: 859 /* should not get here, PLINK_BLOCKED is dealt with at the 860 * beginning of the function 861 */ 862 spin_unlock_bh(&sta->lock); 863 break; 864 } 865 866 rcu_read_unlock(); 867 } 868