1 /* 2 * BSS client mode implementation 3 * Copyright 2003-2008, Jouni Malinen <j@w1.fi> 4 * Copyright 2004, Instant802 Networks, Inc. 5 * Copyright 2005, Devicescape Software, Inc. 6 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 7 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 8 * 9 * This program is free software; you can redistribute it and/or modify 10 * it under the terms of the GNU General Public License version 2 as 11 * published by the Free Software Foundation. 12 */ 13 14 #include <linux/delay.h> 15 #include <linux/if_ether.h> 16 #include <linux/skbuff.h> 17 #include <linux/if_arp.h> 18 #include <linux/etherdevice.h> 19 #include <linux/moduleparam.h> 20 #include <linux/rtnetlink.h> 21 #include <linux/pm_qos.h> 22 #include <linux/crc32.h> 23 #include <linux/slab.h> 24 #include <linux/export.h> 25 #include <net/mac80211.h> 26 #include <asm/unaligned.h> 27 28 #include "ieee80211_i.h" 29 #include "driver-ops.h" 30 #include "rate.h" 31 #include "led.h" 32 33 #define IEEE80211_AUTH_TIMEOUT (HZ / 5) 34 #define IEEE80211_AUTH_MAX_TRIES 3 35 #define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5) 36 #define IEEE80211_ASSOC_TIMEOUT (HZ / 5) 37 #define IEEE80211_ASSOC_MAX_TRIES 3 38 39 static int max_nullfunc_tries = 2; 40 module_param(max_nullfunc_tries, int, 0644); 41 MODULE_PARM_DESC(max_nullfunc_tries, 42 "Maximum nullfunc tx tries before disconnecting (reason 4)."); 43 44 static int max_probe_tries = 5; 45 module_param(max_probe_tries, int, 0644); 46 MODULE_PARM_DESC(max_probe_tries, 47 "Maximum probe tries before disconnecting (reason 4)."); 48 49 /* 50 * Beacon loss timeout is calculated as N frames times the 51 * advertised beacon interval. This may need to be somewhat 52 * higher than what hardware might detect to account for 53 * delays in the host processing frames. But since we also 54 * probe on beacon miss before declaring the connection lost 55 * default to what we want. 56 */ 57 #define IEEE80211_BEACON_LOSS_COUNT 7 58 59 /* 60 * Time the connection can be idle before we probe 61 * it to see if we can still talk to the AP. 62 */ 63 #define IEEE80211_CONNECTION_IDLE_TIME (30 * HZ) 64 /* 65 * Time we wait for a probe response after sending 66 * a probe request because of beacon loss or for 67 * checking the connection still works. 68 */ 69 static int probe_wait_ms = 500; 70 module_param(probe_wait_ms, int, 0644); 71 MODULE_PARM_DESC(probe_wait_ms, 72 "Maximum time(ms) to wait for probe response" 73 " before disconnecting (reason 4)."); 74 75 /* 76 * Weight given to the latest Beacon frame when calculating average signal 77 * strength for Beacon frames received in the current BSS. This must be 78 * between 1 and 15. 79 */ 80 #define IEEE80211_SIGNAL_AVE_WEIGHT 3 81 82 /* 83 * How many Beacon frames need to have been used in average signal strength 84 * before starting to indicate signal change events. 85 */ 86 #define IEEE80211_SIGNAL_AVE_MIN_COUNT 4 87 88 #define TMR_RUNNING_TIMER 0 89 #define TMR_RUNNING_CHANSW 1 90 91 /* 92 * All cfg80211 functions have to be called outside a locked 93 * section so that they can acquire a lock themselves... This 94 * is much simpler than queuing up things in cfg80211, but we 95 * do need some indirection for that here. 96 */ 97 enum rx_mgmt_action { 98 /* no action required */ 99 RX_MGMT_NONE, 100 101 /* caller must call cfg80211_send_deauth() */ 102 RX_MGMT_CFG80211_DEAUTH, 103 104 /* caller must call cfg80211_send_disassoc() */ 105 RX_MGMT_CFG80211_DISASSOC, 106 107 /* caller must call cfg80211_send_rx_auth() */ 108 RX_MGMT_CFG80211_RX_AUTH, 109 110 /* caller must call cfg80211_send_rx_assoc() */ 111 RX_MGMT_CFG80211_RX_ASSOC, 112 113 /* caller must call cfg80211_send_assoc_timeout() */ 114 RX_MGMT_CFG80211_ASSOC_TIMEOUT, 115 }; 116 117 /* utils */ 118 static inline void ASSERT_MGD_MTX(struct ieee80211_if_managed *ifmgd) 119 { 120 lockdep_assert_held(&ifmgd->mtx); 121 } 122 123 /* 124 * We can have multiple work items (and connection probing) 125 * scheduling this timer, but we need to take care to only 126 * reschedule it when it should fire _earlier_ than it was 127 * asked for before, or if it's not pending right now. This 128 * function ensures that. Note that it then is required to 129 * run this function for all timeouts after the first one 130 * has happened -- the work that runs from this timer will 131 * do that. 132 */ 133 static void run_again(struct ieee80211_if_managed *ifmgd, unsigned long timeout) 134 { 135 ASSERT_MGD_MTX(ifmgd); 136 137 if (!timer_pending(&ifmgd->timer) || 138 time_before(timeout, ifmgd->timer.expires)) 139 mod_timer(&ifmgd->timer, timeout); 140 } 141 142 void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata) 143 { 144 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER) 145 return; 146 147 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 148 return; 149 150 mod_timer(&sdata->u.mgd.bcn_mon_timer, 151 round_jiffies_up(jiffies + sdata->u.mgd.beacon_timeout)); 152 } 153 154 void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata) 155 { 156 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 157 158 if (unlikely(!sdata->u.mgd.associated)) 159 return; 160 161 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 162 return; 163 164 mod_timer(&sdata->u.mgd.conn_mon_timer, 165 round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME)); 166 167 ifmgd->probe_send_count = 0; 168 } 169 170 static int ecw2cw(int ecw) 171 { 172 return (1 << ecw) - 1; 173 } 174 175 static u32 ieee80211_config_ht_tx(struct ieee80211_sub_if_data *sdata, 176 struct ieee80211_ht_operation *ht_oper, 177 const u8 *bssid, bool reconfig) 178 { 179 struct ieee80211_local *local = sdata->local; 180 struct ieee80211_supported_band *sband; 181 struct sta_info *sta; 182 u32 changed = 0; 183 u16 ht_opmode; 184 bool disable_40 = false; 185 186 sband = local->hw.wiphy->bands[local->oper_channel->band]; 187 188 switch (sdata->vif.bss_conf.channel_type) { 189 case NL80211_CHAN_HT40PLUS: 190 if (local->oper_channel->flags & IEEE80211_CHAN_NO_HT40PLUS) 191 disable_40 = true; 192 break; 193 case NL80211_CHAN_HT40MINUS: 194 if (local->oper_channel->flags & IEEE80211_CHAN_NO_HT40MINUS) 195 disable_40 = true; 196 break; 197 default: 198 break; 199 } 200 201 /* This can change during the lifetime of the BSS */ 202 if (!(ht_oper->ht_param & IEEE80211_HT_PARAM_CHAN_WIDTH_ANY)) 203 disable_40 = true; 204 205 mutex_lock(&local->sta_mtx); 206 sta = sta_info_get(sdata, bssid); 207 208 WARN_ON_ONCE(!sta); 209 210 if (sta && !sta->supports_40mhz) 211 disable_40 = true; 212 213 if (sta && (!reconfig || 214 (disable_40 != !(sta->sta.ht_cap.cap & 215 IEEE80211_HT_CAP_SUP_WIDTH_20_40)))) { 216 217 if (disable_40) 218 sta->sta.ht_cap.cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 219 else 220 sta->sta.ht_cap.cap |= IEEE80211_HT_CAP_SUP_WIDTH_20_40; 221 222 rate_control_rate_update(local, sband, sta, 223 IEEE80211_RC_BW_CHANGED); 224 } 225 mutex_unlock(&local->sta_mtx); 226 227 ht_opmode = le16_to_cpu(ht_oper->operation_mode); 228 229 /* if bss configuration changed store the new one */ 230 if (!reconfig || (sdata->vif.bss_conf.ht_operation_mode != ht_opmode)) { 231 changed |= BSS_CHANGED_HT; 232 sdata->vif.bss_conf.ht_operation_mode = ht_opmode; 233 } 234 235 return changed; 236 } 237 238 /* frame sending functions */ 239 240 static int ieee80211_compatible_rates(const u8 *supp_rates, int supp_rates_len, 241 struct ieee80211_supported_band *sband, 242 u32 *rates) 243 { 244 int i, j, count; 245 *rates = 0; 246 count = 0; 247 for (i = 0; i < supp_rates_len; i++) { 248 int rate = (supp_rates[i] & 0x7F) * 5; 249 250 for (j = 0; j < sband->n_bitrates; j++) 251 if (sband->bitrates[j].bitrate == rate) { 252 *rates |= BIT(j); 253 count++; 254 break; 255 } 256 } 257 258 return count; 259 } 260 261 static void ieee80211_add_ht_ie(struct ieee80211_sub_if_data *sdata, 262 struct sk_buff *skb, u8 ap_ht_param, 263 struct ieee80211_supported_band *sband, 264 struct ieee80211_channel *channel, 265 enum ieee80211_smps_mode smps) 266 { 267 u8 *pos; 268 u32 flags = channel->flags; 269 u16 cap; 270 struct ieee80211_sta_ht_cap ht_cap; 271 272 BUILD_BUG_ON(sizeof(ht_cap) != sizeof(sband->ht_cap)); 273 274 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap)); 275 ieee80211_apply_htcap_overrides(sdata, &ht_cap); 276 277 /* determine capability flags */ 278 cap = ht_cap.cap; 279 280 switch (ap_ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 281 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 282 if (flags & IEEE80211_CHAN_NO_HT40PLUS) { 283 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 284 cap &= ~IEEE80211_HT_CAP_SGI_40; 285 } 286 break; 287 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 288 if (flags & IEEE80211_CHAN_NO_HT40MINUS) { 289 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 290 cap &= ~IEEE80211_HT_CAP_SGI_40; 291 } 292 break; 293 } 294 295 /* 296 * If 40 MHz was disabled associate as though we weren't 297 * capable of 40 MHz -- some broken APs will never fall 298 * back to trying to transmit in 20 MHz. 299 */ 300 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_40MHZ) { 301 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 302 cap &= ~IEEE80211_HT_CAP_SGI_40; 303 } 304 305 /* set SM PS mode properly */ 306 cap &= ~IEEE80211_HT_CAP_SM_PS; 307 switch (smps) { 308 case IEEE80211_SMPS_AUTOMATIC: 309 case IEEE80211_SMPS_NUM_MODES: 310 WARN_ON(1); 311 case IEEE80211_SMPS_OFF: 312 cap |= WLAN_HT_CAP_SM_PS_DISABLED << 313 IEEE80211_HT_CAP_SM_PS_SHIFT; 314 break; 315 case IEEE80211_SMPS_STATIC: 316 cap |= WLAN_HT_CAP_SM_PS_STATIC << 317 IEEE80211_HT_CAP_SM_PS_SHIFT; 318 break; 319 case IEEE80211_SMPS_DYNAMIC: 320 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC << 321 IEEE80211_HT_CAP_SM_PS_SHIFT; 322 break; 323 } 324 325 /* reserve and fill IE */ 326 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2); 327 ieee80211_ie_build_ht_cap(pos, &ht_cap, cap); 328 } 329 330 static void ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata, 331 struct sk_buff *skb, 332 struct ieee80211_supported_band *sband) 333 { 334 u8 *pos; 335 u32 cap; 336 struct ieee80211_sta_vht_cap vht_cap; 337 338 BUILD_BUG_ON(sizeof(vht_cap) != sizeof(sband->vht_cap)); 339 340 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap)); 341 342 /* determine capability flags */ 343 cap = vht_cap.cap; 344 345 /* reserve and fill IE */ 346 pos = skb_put(skb, sizeof(struct ieee80211_vht_capabilities) + 2); 347 ieee80211_ie_build_vht_cap(pos, &vht_cap, cap); 348 } 349 350 static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata) 351 { 352 struct ieee80211_local *local = sdata->local; 353 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 354 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 355 struct sk_buff *skb; 356 struct ieee80211_mgmt *mgmt; 357 u8 *pos, qos_info; 358 size_t offset = 0, noffset; 359 int i, count, rates_len, supp_rates_len; 360 u16 capab; 361 struct ieee80211_supported_band *sband; 362 u32 rates = 0; 363 364 lockdep_assert_held(&ifmgd->mtx); 365 366 sband = local->hw.wiphy->bands[local->oper_channel->band]; 367 368 if (assoc_data->supp_rates_len) { 369 /* 370 * Get all rates supported by the device and the AP as 371 * some APs don't like getting a superset of their rates 372 * in the association request (e.g. D-Link DAP 1353 in 373 * b-only mode)... 374 */ 375 rates_len = ieee80211_compatible_rates(assoc_data->supp_rates, 376 assoc_data->supp_rates_len, 377 sband, &rates); 378 } else { 379 /* 380 * In case AP not provide any supported rates information 381 * before association, we send information element(s) with 382 * all rates that we support. 383 */ 384 rates = ~0; 385 rates_len = sband->n_bitrates; 386 } 387 388 skb = alloc_skb(local->hw.extra_tx_headroom + 389 sizeof(*mgmt) + /* bit too much but doesn't matter */ 390 2 + assoc_data->ssid_len + /* SSID */ 391 4 + rates_len + /* (extended) rates */ 392 4 + /* power capability */ 393 2 + 2 * sband->n_channels + /* supported channels */ 394 2 + sizeof(struct ieee80211_ht_cap) + /* HT */ 395 2 + sizeof(struct ieee80211_vht_capabilities) + /* VHT */ 396 assoc_data->ie_len + /* extra IEs */ 397 9, /* WMM */ 398 GFP_KERNEL); 399 if (!skb) 400 return; 401 402 skb_reserve(skb, local->hw.extra_tx_headroom); 403 404 capab = WLAN_CAPABILITY_ESS; 405 406 if (sband->band == IEEE80211_BAND_2GHZ) { 407 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE)) 408 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME; 409 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE)) 410 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE; 411 } 412 413 if (assoc_data->capability & WLAN_CAPABILITY_PRIVACY) 414 capab |= WLAN_CAPABILITY_PRIVACY; 415 416 if ((assoc_data->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) && 417 (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT)) 418 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT; 419 420 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24); 421 memset(mgmt, 0, 24); 422 memcpy(mgmt->da, assoc_data->bss->bssid, ETH_ALEN); 423 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 424 memcpy(mgmt->bssid, assoc_data->bss->bssid, ETH_ALEN); 425 426 if (!is_zero_ether_addr(assoc_data->prev_bssid)) { 427 skb_put(skb, 10); 428 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 429 IEEE80211_STYPE_REASSOC_REQ); 430 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab); 431 mgmt->u.reassoc_req.listen_interval = 432 cpu_to_le16(local->hw.conf.listen_interval); 433 memcpy(mgmt->u.reassoc_req.current_ap, assoc_data->prev_bssid, 434 ETH_ALEN); 435 } else { 436 skb_put(skb, 4); 437 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 438 IEEE80211_STYPE_ASSOC_REQ); 439 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab); 440 mgmt->u.assoc_req.listen_interval = 441 cpu_to_le16(local->hw.conf.listen_interval); 442 } 443 444 /* SSID */ 445 pos = skb_put(skb, 2 + assoc_data->ssid_len); 446 *pos++ = WLAN_EID_SSID; 447 *pos++ = assoc_data->ssid_len; 448 memcpy(pos, assoc_data->ssid, assoc_data->ssid_len); 449 450 /* add all rates which were marked to be used above */ 451 supp_rates_len = rates_len; 452 if (supp_rates_len > 8) 453 supp_rates_len = 8; 454 455 pos = skb_put(skb, supp_rates_len + 2); 456 *pos++ = WLAN_EID_SUPP_RATES; 457 *pos++ = supp_rates_len; 458 459 count = 0; 460 for (i = 0; i < sband->n_bitrates; i++) { 461 if (BIT(i) & rates) { 462 int rate = sband->bitrates[i].bitrate; 463 *pos++ = (u8) (rate / 5); 464 if (++count == 8) 465 break; 466 } 467 } 468 469 if (rates_len > count) { 470 pos = skb_put(skb, rates_len - count + 2); 471 *pos++ = WLAN_EID_EXT_SUPP_RATES; 472 *pos++ = rates_len - count; 473 474 for (i++; i < sband->n_bitrates; i++) { 475 if (BIT(i) & rates) { 476 int rate = sband->bitrates[i].bitrate; 477 *pos++ = (u8) (rate / 5); 478 } 479 } 480 } 481 482 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) { 483 /* 1. power capabilities */ 484 pos = skb_put(skb, 4); 485 *pos++ = WLAN_EID_PWR_CAPABILITY; 486 *pos++ = 2; 487 *pos++ = 0; /* min tx power */ 488 *pos++ = local->oper_channel->max_power; /* max tx power */ 489 490 /* 2. supported channels */ 491 /* TODO: get this in reg domain format */ 492 pos = skb_put(skb, 2 * sband->n_channels + 2); 493 *pos++ = WLAN_EID_SUPPORTED_CHANNELS; 494 *pos++ = 2 * sband->n_channels; 495 for (i = 0; i < sband->n_channels; i++) { 496 *pos++ = ieee80211_frequency_to_channel( 497 sband->channels[i].center_freq); 498 *pos++ = 1; /* one channel in the subband*/ 499 } 500 } 501 502 /* if present, add any custom IEs that go before HT */ 503 if (assoc_data->ie_len && assoc_data->ie) { 504 static const u8 before_ht[] = { 505 WLAN_EID_SSID, 506 WLAN_EID_SUPP_RATES, 507 WLAN_EID_EXT_SUPP_RATES, 508 WLAN_EID_PWR_CAPABILITY, 509 WLAN_EID_SUPPORTED_CHANNELS, 510 WLAN_EID_RSN, 511 WLAN_EID_QOS_CAPA, 512 WLAN_EID_RRM_ENABLED_CAPABILITIES, 513 WLAN_EID_MOBILITY_DOMAIN, 514 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 515 }; 516 noffset = ieee80211_ie_split(assoc_data->ie, assoc_data->ie_len, 517 before_ht, ARRAY_SIZE(before_ht), 518 offset); 519 pos = skb_put(skb, noffset - offset); 520 memcpy(pos, assoc_data->ie + offset, noffset - offset); 521 offset = noffset; 522 } 523 524 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_11N)) 525 ieee80211_add_ht_ie(sdata, skb, assoc_data->ap_ht_param, 526 sband, local->oper_channel, ifmgd->ap_smps); 527 528 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 529 ieee80211_add_vht_ie(sdata, skb, sband); 530 531 /* if present, add any custom non-vendor IEs that go after HT */ 532 if (assoc_data->ie_len && assoc_data->ie) { 533 noffset = ieee80211_ie_split_vendor(assoc_data->ie, 534 assoc_data->ie_len, 535 offset); 536 pos = skb_put(skb, noffset - offset); 537 memcpy(pos, assoc_data->ie + offset, noffset - offset); 538 offset = noffset; 539 } 540 541 if (assoc_data->wmm) { 542 if (assoc_data->uapsd) { 543 qos_info = ifmgd->uapsd_queues; 544 qos_info |= (ifmgd->uapsd_max_sp_len << 545 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT); 546 } else { 547 qos_info = 0; 548 } 549 550 pos = skb_put(skb, 9); 551 *pos++ = WLAN_EID_VENDOR_SPECIFIC; 552 *pos++ = 7; /* len */ 553 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */ 554 *pos++ = 0x50; 555 *pos++ = 0xf2; 556 *pos++ = 2; /* WME */ 557 *pos++ = 0; /* WME info */ 558 *pos++ = 1; /* WME ver */ 559 *pos++ = qos_info; 560 } 561 562 /* add any remaining custom (i.e. vendor specific here) IEs */ 563 if (assoc_data->ie_len && assoc_data->ie) { 564 noffset = assoc_data->ie_len; 565 pos = skb_put(skb, noffset - offset); 566 memcpy(pos, assoc_data->ie + offset, noffset - offset); 567 } 568 569 drv_mgd_prepare_tx(local, sdata); 570 571 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 572 ieee80211_tx_skb(sdata, skb); 573 } 574 575 void ieee80211_send_pspoll(struct ieee80211_local *local, 576 struct ieee80211_sub_if_data *sdata) 577 { 578 struct ieee80211_pspoll *pspoll; 579 struct sk_buff *skb; 580 581 skb = ieee80211_pspoll_get(&local->hw, &sdata->vif); 582 if (!skb) 583 return; 584 585 pspoll = (struct ieee80211_pspoll *) skb->data; 586 pspoll->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM); 587 588 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 589 ieee80211_tx_skb(sdata, skb); 590 } 591 592 void ieee80211_send_nullfunc(struct ieee80211_local *local, 593 struct ieee80211_sub_if_data *sdata, 594 int powersave) 595 { 596 struct sk_buff *skb; 597 struct ieee80211_hdr_3addr *nullfunc; 598 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 599 600 skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif); 601 if (!skb) 602 return; 603 604 nullfunc = (struct ieee80211_hdr_3addr *) skb->data; 605 if (powersave) 606 nullfunc->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM); 607 608 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 609 if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 610 IEEE80211_STA_CONNECTION_POLL)) 611 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE; 612 613 ieee80211_tx_skb(sdata, skb); 614 } 615 616 static void ieee80211_send_4addr_nullfunc(struct ieee80211_local *local, 617 struct ieee80211_sub_if_data *sdata) 618 { 619 struct sk_buff *skb; 620 struct ieee80211_hdr *nullfunc; 621 __le16 fc; 622 623 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 624 return; 625 626 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30); 627 if (!skb) 628 return; 629 630 skb_reserve(skb, local->hw.extra_tx_headroom); 631 632 nullfunc = (struct ieee80211_hdr *) skb_put(skb, 30); 633 memset(nullfunc, 0, 30); 634 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC | 635 IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS); 636 nullfunc->frame_control = fc; 637 memcpy(nullfunc->addr1, sdata->u.mgd.bssid, ETH_ALEN); 638 memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN); 639 memcpy(nullfunc->addr3, sdata->u.mgd.bssid, ETH_ALEN); 640 memcpy(nullfunc->addr4, sdata->vif.addr, ETH_ALEN); 641 642 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 643 ieee80211_tx_skb(sdata, skb); 644 } 645 646 /* spectrum management related things */ 647 static void ieee80211_chswitch_work(struct work_struct *work) 648 { 649 struct ieee80211_sub_if_data *sdata = 650 container_of(work, struct ieee80211_sub_if_data, u.mgd.chswitch_work); 651 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 652 653 if (!ieee80211_sdata_running(sdata)) 654 return; 655 656 mutex_lock(&ifmgd->mtx); 657 if (!ifmgd->associated) 658 goto out; 659 660 sdata->local->oper_channel = sdata->local->csa_channel; 661 if (!sdata->local->ops->channel_switch) { 662 /* call "hw_config" only if doing sw channel switch */ 663 ieee80211_hw_config(sdata->local, 664 IEEE80211_CONF_CHANGE_CHANNEL); 665 } else { 666 /* update the device channel directly */ 667 sdata->local->hw.conf.channel = sdata->local->oper_channel; 668 } 669 670 /* XXX: shouldn't really modify cfg80211-owned data! */ 671 ifmgd->associated->channel = sdata->local->oper_channel; 672 673 /* XXX: wait for a beacon first? */ 674 ieee80211_wake_queues_by_reason(&sdata->local->hw, 675 IEEE80211_QUEUE_STOP_REASON_CSA); 676 out: 677 ifmgd->flags &= ~IEEE80211_STA_CSA_RECEIVED; 678 mutex_unlock(&ifmgd->mtx); 679 } 680 681 void ieee80211_chswitch_done(struct ieee80211_vif *vif, bool success) 682 { 683 struct ieee80211_sub_if_data *sdata; 684 struct ieee80211_if_managed *ifmgd; 685 686 sdata = vif_to_sdata(vif); 687 ifmgd = &sdata->u.mgd; 688 689 trace_api_chswitch_done(sdata, success); 690 if (!success) { 691 sdata_info(sdata, 692 "driver channel switch failed, disconnecting\n"); 693 ieee80211_queue_work(&sdata->local->hw, 694 &ifmgd->csa_connection_drop_work); 695 } else { 696 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work); 697 } 698 } 699 EXPORT_SYMBOL(ieee80211_chswitch_done); 700 701 static void ieee80211_chswitch_timer(unsigned long data) 702 { 703 struct ieee80211_sub_if_data *sdata = 704 (struct ieee80211_sub_if_data *) data; 705 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 706 707 if (sdata->local->quiescing) { 708 set_bit(TMR_RUNNING_CHANSW, &ifmgd->timers_running); 709 return; 710 } 711 712 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work); 713 } 714 715 void ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata, 716 struct ieee80211_channel_sw_ie *sw_elem, 717 struct ieee80211_bss *bss, 718 u64 timestamp) 719 { 720 struct cfg80211_bss *cbss = 721 container_of((void *)bss, struct cfg80211_bss, priv); 722 struct ieee80211_channel *new_ch; 723 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 724 int new_freq = ieee80211_channel_to_frequency(sw_elem->new_ch_num, 725 cbss->channel->band); 726 727 ASSERT_MGD_MTX(ifmgd); 728 729 if (!ifmgd->associated) 730 return; 731 732 if (sdata->local->scanning) 733 return; 734 735 /* Disregard subsequent beacons if we are already running a timer 736 processing a CSA */ 737 738 if (ifmgd->flags & IEEE80211_STA_CSA_RECEIVED) 739 return; 740 741 new_ch = ieee80211_get_channel(sdata->local->hw.wiphy, new_freq); 742 if (!new_ch || new_ch->flags & IEEE80211_CHAN_DISABLED) { 743 sdata_info(sdata, 744 "AP %pM switches to unsupported channel (%d MHz), disconnecting\n", 745 ifmgd->associated->bssid, new_freq); 746 ieee80211_queue_work(&sdata->local->hw, 747 &ifmgd->csa_connection_drop_work); 748 return; 749 } 750 751 sdata->local->csa_channel = new_ch; 752 753 ifmgd->flags |= IEEE80211_STA_CSA_RECEIVED; 754 755 if (sw_elem->mode) 756 ieee80211_stop_queues_by_reason(&sdata->local->hw, 757 IEEE80211_QUEUE_STOP_REASON_CSA); 758 759 if (sdata->local->ops->channel_switch) { 760 /* use driver's channel switch callback */ 761 struct ieee80211_channel_switch ch_switch = { 762 .timestamp = timestamp, 763 .block_tx = sw_elem->mode, 764 .channel = new_ch, 765 .count = sw_elem->count, 766 }; 767 768 drv_channel_switch(sdata->local, &ch_switch); 769 return; 770 } 771 772 /* channel switch handled in software */ 773 if (sw_elem->count <= 1) 774 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work); 775 else 776 mod_timer(&ifmgd->chswitch_timer, 777 TU_TO_EXP_TIME(sw_elem->count * 778 cbss->beacon_interval)); 779 } 780 781 static void ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata, 782 struct ieee80211_channel *channel, 783 const u8 *country_ie, u8 country_ie_len, 784 const u8 *pwr_constr_elem) 785 { 786 struct ieee80211_country_ie_triplet *triplet; 787 int chan = ieee80211_frequency_to_channel(channel->center_freq); 788 int i, chan_pwr, chan_increment, new_ap_level; 789 bool have_chan_pwr = false; 790 791 /* Invalid IE */ 792 if (country_ie_len % 2 || country_ie_len < IEEE80211_COUNTRY_IE_MIN_LEN) 793 return; 794 795 triplet = (void *)(country_ie + 3); 796 country_ie_len -= 3; 797 798 switch (channel->band) { 799 default: 800 WARN_ON_ONCE(1); 801 /* fall through */ 802 case IEEE80211_BAND_2GHZ: 803 case IEEE80211_BAND_60GHZ: 804 chan_increment = 1; 805 break; 806 case IEEE80211_BAND_5GHZ: 807 chan_increment = 4; 808 break; 809 } 810 811 /* find channel */ 812 while (country_ie_len >= 3) { 813 u8 first_channel = triplet->chans.first_channel; 814 815 if (first_channel >= IEEE80211_COUNTRY_EXTENSION_ID) 816 goto next; 817 818 for (i = 0; i < triplet->chans.num_channels; i++) { 819 if (first_channel + i * chan_increment == chan) { 820 have_chan_pwr = true; 821 chan_pwr = triplet->chans.max_power; 822 break; 823 } 824 } 825 if (have_chan_pwr) 826 break; 827 828 next: 829 triplet++; 830 country_ie_len -= 3; 831 } 832 833 if (!have_chan_pwr) 834 return; 835 836 new_ap_level = max_t(int, 0, chan_pwr - *pwr_constr_elem); 837 838 if (sdata->local->ap_power_level == new_ap_level) 839 return; 840 841 sdata_info(sdata, 842 "Limiting TX power to %d (%d - %d) dBm as advertised by %pM\n", 843 new_ap_level, chan_pwr, *pwr_constr_elem, 844 sdata->u.mgd.bssid); 845 sdata->local->ap_power_level = new_ap_level; 846 ieee80211_hw_config(sdata->local, 0); 847 } 848 849 void ieee80211_enable_dyn_ps(struct ieee80211_vif *vif) 850 { 851 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 852 struct ieee80211_local *local = sdata->local; 853 struct ieee80211_conf *conf = &local->hw.conf; 854 855 WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION || 856 !(local->hw.flags & IEEE80211_HW_SUPPORTS_PS) || 857 (local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)); 858 859 local->disable_dynamic_ps = false; 860 conf->dynamic_ps_timeout = local->dynamic_ps_user_timeout; 861 } 862 EXPORT_SYMBOL(ieee80211_enable_dyn_ps); 863 864 void ieee80211_disable_dyn_ps(struct ieee80211_vif *vif) 865 { 866 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 867 struct ieee80211_local *local = sdata->local; 868 struct ieee80211_conf *conf = &local->hw.conf; 869 870 WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION || 871 !(local->hw.flags & IEEE80211_HW_SUPPORTS_PS) || 872 (local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)); 873 874 local->disable_dynamic_ps = true; 875 conf->dynamic_ps_timeout = 0; 876 del_timer_sync(&local->dynamic_ps_timer); 877 ieee80211_queue_work(&local->hw, 878 &local->dynamic_ps_enable_work); 879 } 880 EXPORT_SYMBOL(ieee80211_disable_dyn_ps); 881 882 /* powersave */ 883 static void ieee80211_enable_ps(struct ieee80211_local *local, 884 struct ieee80211_sub_if_data *sdata) 885 { 886 struct ieee80211_conf *conf = &local->hw.conf; 887 888 /* 889 * If we are scanning right now then the parameters will 890 * take effect when scan finishes. 891 */ 892 if (local->scanning) 893 return; 894 895 if (conf->dynamic_ps_timeout > 0 && 896 !(local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)) { 897 mod_timer(&local->dynamic_ps_timer, jiffies + 898 msecs_to_jiffies(conf->dynamic_ps_timeout)); 899 } else { 900 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) 901 ieee80211_send_nullfunc(local, sdata, 1); 902 903 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) && 904 (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) 905 return; 906 907 conf->flags |= IEEE80211_CONF_PS; 908 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 909 } 910 } 911 912 static void ieee80211_change_ps(struct ieee80211_local *local) 913 { 914 struct ieee80211_conf *conf = &local->hw.conf; 915 916 if (local->ps_sdata) { 917 ieee80211_enable_ps(local, local->ps_sdata); 918 } else if (conf->flags & IEEE80211_CONF_PS) { 919 conf->flags &= ~IEEE80211_CONF_PS; 920 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 921 del_timer_sync(&local->dynamic_ps_timer); 922 cancel_work_sync(&local->dynamic_ps_enable_work); 923 } 924 } 925 926 static bool ieee80211_powersave_allowed(struct ieee80211_sub_if_data *sdata) 927 { 928 struct ieee80211_if_managed *mgd = &sdata->u.mgd; 929 struct sta_info *sta = NULL; 930 bool authorized = false; 931 932 if (!mgd->powersave) 933 return false; 934 935 if (mgd->broken_ap) 936 return false; 937 938 if (!mgd->associated) 939 return false; 940 941 if (mgd->flags & (IEEE80211_STA_BEACON_POLL | 942 IEEE80211_STA_CONNECTION_POLL)) 943 return false; 944 945 rcu_read_lock(); 946 sta = sta_info_get(sdata, mgd->bssid); 947 if (sta) 948 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED); 949 rcu_read_unlock(); 950 951 return authorized; 952 } 953 954 /* need to hold RTNL or interface lock */ 955 void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency) 956 { 957 struct ieee80211_sub_if_data *sdata, *found = NULL; 958 int count = 0; 959 int timeout; 960 961 if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_PS)) { 962 local->ps_sdata = NULL; 963 return; 964 } 965 966 list_for_each_entry(sdata, &local->interfaces, list) { 967 if (!ieee80211_sdata_running(sdata)) 968 continue; 969 if (sdata->vif.type == NL80211_IFTYPE_AP) { 970 /* If an AP vif is found, then disable PS 971 * by setting the count to zero thereby setting 972 * ps_sdata to NULL. 973 */ 974 count = 0; 975 break; 976 } 977 if (sdata->vif.type != NL80211_IFTYPE_STATION) 978 continue; 979 found = sdata; 980 count++; 981 } 982 983 if (count == 1 && ieee80211_powersave_allowed(found)) { 984 struct ieee80211_conf *conf = &local->hw.conf; 985 s32 beaconint_us; 986 987 if (latency < 0) 988 latency = pm_qos_request(PM_QOS_NETWORK_LATENCY); 989 990 beaconint_us = ieee80211_tu_to_usec( 991 found->vif.bss_conf.beacon_int); 992 993 timeout = local->dynamic_ps_forced_timeout; 994 if (timeout < 0) { 995 /* 996 * Go to full PSM if the user configures a very low 997 * latency requirement. 998 * The 2000 second value is there for compatibility 999 * until the PM_QOS_NETWORK_LATENCY is configured 1000 * with real values. 1001 */ 1002 if (latency > (1900 * USEC_PER_MSEC) && 1003 latency != (2000 * USEC_PER_SEC)) 1004 timeout = 0; 1005 else 1006 timeout = 100; 1007 } 1008 local->dynamic_ps_user_timeout = timeout; 1009 if (!local->disable_dynamic_ps) 1010 conf->dynamic_ps_timeout = 1011 local->dynamic_ps_user_timeout; 1012 1013 if (beaconint_us > latency) { 1014 local->ps_sdata = NULL; 1015 } else { 1016 struct ieee80211_bss *bss; 1017 int maxslp = 1; 1018 u8 dtimper; 1019 1020 bss = (void *)found->u.mgd.associated->priv; 1021 dtimper = bss->dtim_period; 1022 1023 /* If the TIM IE is invalid, pretend the value is 1 */ 1024 if (!dtimper) 1025 dtimper = 1; 1026 else if (dtimper > 1) 1027 maxslp = min_t(int, dtimper, 1028 latency / beaconint_us); 1029 1030 local->hw.conf.max_sleep_period = maxslp; 1031 local->hw.conf.ps_dtim_period = dtimper; 1032 local->ps_sdata = found; 1033 } 1034 } else { 1035 local->ps_sdata = NULL; 1036 } 1037 1038 ieee80211_change_ps(local); 1039 } 1040 1041 void ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data *sdata) 1042 { 1043 bool ps_allowed = ieee80211_powersave_allowed(sdata); 1044 1045 if (sdata->vif.bss_conf.ps != ps_allowed) { 1046 sdata->vif.bss_conf.ps = ps_allowed; 1047 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_PS); 1048 } 1049 } 1050 1051 void ieee80211_dynamic_ps_disable_work(struct work_struct *work) 1052 { 1053 struct ieee80211_local *local = 1054 container_of(work, struct ieee80211_local, 1055 dynamic_ps_disable_work); 1056 1057 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 1058 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 1059 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1060 } 1061 1062 ieee80211_wake_queues_by_reason(&local->hw, 1063 IEEE80211_QUEUE_STOP_REASON_PS); 1064 } 1065 1066 void ieee80211_dynamic_ps_enable_work(struct work_struct *work) 1067 { 1068 struct ieee80211_local *local = 1069 container_of(work, struct ieee80211_local, 1070 dynamic_ps_enable_work); 1071 struct ieee80211_sub_if_data *sdata = local->ps_sdata; 1072 struct ieee80211_if_managed *ifmgd; 1073 unsigned long flags; 1074 int q; 1075 1076 /* can only happen when PS was just disabled anyway */ 1077 if (!sdata) 1078 return; 1079 1080 ifmgd = &sdata->u.mgd; 1081 1082 if (local->hw.conf.flags & IEEE80211_CONF_PS) 1083 return; 1084 1085 if (!local->disable_dynamic_ps && 1086 local->hw.conf.dynamic_ps_timeout > 0) { 1087 /* don't enter PS if TX frames are pending */ 1088 if (drv_tx_frames_pending(local)) { 1089 mod_timer(&local->dynamic_ps_timer, jiffies + 1090 msecs_to_jiffies( 1091 local->hw.conf.dynamic_ps_timeout)); 1092 return; 1093 } 1094 1095 /* 1096 * transmission can be stopped by others which leads to 1097 * dynamic_ps_timer expiry. Postpone the ps timer if it 1098 * is not the actual idle state. 1099 */ 1100 spin_lock_irqsave(&local->queue_stop_reason_lock, flags); 1101 for (q = 0; q < local->hw.queues; q++) { 1102 if (local->queue_stop_reasons[q]) { 1103 spin_unlock_irqrestore(&local->queue_stop_reason_lock, 1104 flags); 1105 mod_timer(&local->dynamic_ps_timer, jiffies + 1106 msecs_to_jiffies( 1107 local->hw.conf.dynamic_ps_timeout)); 1108 return; 1109 } 1110 } 1111 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); 1112 } 1113 1114 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) && 1115 !(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) { 1116 netif_tx_stop_all_queues(sdata->dev); 1117 1118 if (drv_tx_frames_pending(local)) 1119 mod_timer(&local->dynamic_ps_timer, jiffies + 1120 msecs_to_jiffies( 1121 local->hw.conf.dynamic_ps_timeout)); 1122 else { 1123 ieee80211_send_nullfunc(local, sdata, 1); 1124 /* Flush to get the tx status of nullfunc frame */ 1125 drv_flush(local, false); 1126 } 1127 } 1128 1129 if (!((local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) && 1130 (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)) || 1131 (ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) { 1132 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED; 1133 local->hw.conf.flags |= IEEE80211_CONF_PS; 1134 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1135 } 1136 1137 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) 1138 netif_tx_wake_all_queues(sdata->dev); 1139 } 1140 1141 void ieee80211_dynamic_ps_timer(unsigned long data) 1142 { 1143 struct ieee80211_local *local = (void *) data; 1144 1145 if (local->quiescing || local->suspended) 1146 return; 1147 1148 ieee80211_queue_work(&local->hw, &local->dynamic_ps_enable_work); 1149 } 1150 1151 /* MLME */ 1152 static bool ieee80211_sta_wmm_params(struct ieee80211_local *local, 1153 struct ieee80211_sub_if_data *sdata, 1154 u8 *wmm_param, size_t wmm_param_len) 1155 { 1156 struct ieee80211_tx_queue_params params; 1157 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1158 size_t left; 1159 int count; 1160 u8 *pos, uapsd_queues = 0; 1161 1162 if (!local->ops->conf_tx) 1163 return false; 1164 1165 if (local->hw.queues < IEEE80211_NUM_ACS) 1166 return false; 1167 1168 if (!wmm_param) 1169 return false; 1170 1171 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1) 1172 return false; 1173 1174 if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED) 1175 uapsd_queues = ifmgd->uapsd_queues; 1176 1177 count = wmm_param[6] & 0x0f; 1178 if (count == ifmgd->wmm_last_param_set) 1179 return false; 1180 ifmgd->wmm_last_param_set = count; 1181 1182 pos = wmm_param + 8; 1183 left = wmm_param_len - 8; 1184 1185 memset(¶ms, 0, sizeof(params)); 1186 1187 sdata->wmm_acm = 0; 1188 for (; left >= 4; left -= 4, pos += 4) { 1189 int aci = (pos[0] >> 5) & 0x03; 1190 int acm = (pos[0] >> 4) & 0x01; 1191 bool uapsd = false; 1192 int queue; 1193 1194 switch (aci) { 1195 case 1: /* AC_BK */ 1196 queue = 3; 1197 if (acm) 1198 sdata->wmm_acm |= BIT(1) | BIT(2); /* BK/- */ 1199 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK) 1200 uapsd = true; 1201 break; 1202 case 2: /* AC_VI */ 1203 queue = 1; 1204 if (acm) 1205 sdata->wmm_acm |= BIT(4) | BIT(5); /* CL/VI */ 1206 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI) 1207 uapsd = true; 1208 break; 1209 case 3: /* AC_VO */ 1210 queue = 0; 1211 if (acm) 1212 sdata->wmm_acm |= BIT(6) | BIT(7); /* VO/NC */ 1213 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO) 1214 uapsd = true; 1215 break; 1216 case 0: /* AC_BE */ 1217 default: 1218 queue = 2; 1219 if (acm) 1220 sdata->wmm_acm |= BIT(0) | BIT(3); /* BE/EE */ 1221 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE) 1222 uapsd = true; 1223 break; 1224 } 1225 1226 params.aifs = pos[0] & 0x0f; 1227 params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4); 1228 params.cw_min = ecw2cw(pos[1] & 0x0f); 1229 params.txop = get_unaligned_le16(pos + 2); 1230 params.uapsd = uapsd; 1231 1232 mlme_dbg(sdata, 1233 "WMM queue=%d aci=%d acm=%d aifs=%d cWmin=%d cWmax=%d txop=%d uapsd=%d\n", 1234 queue, aci, acm, 1235 params.aifs, params.cw_min, params.cw_max, 1236 params.txop, params.uapsd); 1237 sdata->tx_conf[queue] = params; 1238 if (drv_conf_tx(local, sdata, queue, ¶ms)) 1239 sdata_err(sdata, 1240 "failed to set TX queue parameters for queue %d\n", 1241 queue); 1242 } 1243 1244 /* enable WMM or activate new settings */ 1245 sdata->vif.bss_conf.qos = true; 1246 return true; 1247 } 1248 1249 static void __ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata) 1250 { 1251 lockdep_assert_held(&sdata->local->mtx); 1252 1253 sdata->u.mgd.flags &= ~(IEEE80211_STA_CONNECTION_POLL | 1254 IEEE80211_STA_BEACON_POLL); 1255 ieee80211_run_deferred_scan(sdata->local); 1256 } 1257 1258 static void ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata) 1259 { 1260 mutex_lock(&sdata->local->mtx); 1261 __ieee80211_stop_poll(sdata); 1262 mutex_unlock(&sdata->local->mtx); 1263 } 1264 1265 static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata, 1266 u16 capab, bool erp_valid, u8 erp) 1267 { 1268 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 1269 u32 changed = 0; 1270 bool use_protection; 1271 bool use_short_preamble; 1272 bool use_short_slot; 1273 1274 if (erp_valid) { 1275 use_protection = (erp & WLAN_ERP_USE_PROTECTION) != 0; 1276 use_short_preamble = (erp & WLAN_ERP_BARKER_PREAMBLE) == 0; 1277 } else { 1278 use_protection = false; 1279 use_short_preamble = !!(capab & WLAN_CAPABILITY_SHORT_PREAMBLE); 1280 } 1281 1282 use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME); 1283 if (sdata->local->oper_channel->band == IEEE80211_BAND_5GHZ) 1284 use_short_slot = true; 1285 1286 if (use_protection != bss_conf->use_cts_prot) { 1287 bss_conf->use_cts_prot = use_protection; 1288 changed |= BSS_CHANGED_ERP_CTS_PROT; 1289 } 1290 1291 if (use_short_preamble != bss_conf->use_short_preamble) { 1292 bss_conf->use_short_preamble = use_short_preamble; 1293 changed |= BSS_CHANGED_ERP_PREAMBLE; 1294 } 1295 1296 if (use_short_slot != bss_conf->use_short_slot) { 1297 bss_conf->use_short_slot = use_short_slot; 1298 changed |= BSS_CHANGED_ERP_SLOT; 1299 } 1300 1301 return changed; 1302 } 1303 1304 static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata, 1305 struct cfg80211_bss *cbss, 1306 u32 bss_info_changed) 1307 { 1308 struct ieee80211_bss *bss = (void *)cbss->priv; 1309 struct ieee80211_local *local = sdata->local; 1310 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 1311 1312 bss_info_changed |= BSS_CHANGED_ASSOC; 1313 bss_info_changed |= ieee80211_handle_bss_capability(sdata, 1314 bss_conf->assoc_capability, bss->has_erp_value, bss->erp_value); 1315 1316 sdata->u.mgd.beacon_timeout = usecs_to_jiffies(ieee80211_tu_to_usec( 1317 IEEE80211_BEACON_LOSS_COUNT * bss_conf->beacon_int)); 1318 1319 sdata->u.mgd.associated = cbss; 1320 memcpy(sdata->u.mgd.bssid, cbss->bssid, ETH_ALEN); 1321 1322 sdata->u.mgd.flags |= IEEE80211_STA_RESET_SIGNAL_AVE; 1323 1324 /* just to be sure */ 1325 ieee80211_stop_poll(sdata); 1326 1327 ieee80211_led_assoc(local, 1); 1328 1329 if (local->hw.flags & IEEE80211_HW_NEED_DTIM_PERIOD) 1330 bss_conf->dtim_period = bss->dtim_period; 1331 else 1332 bss_conf->dtim_period = 0; 1333 1334 bss_conf->assoc = 1; 1335 1336 /* Tell the driver to monitor connection quality (if supported) */ 1337 if (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI && 1338 bss_conf->cqm_rssi_thold) 1339 bss_info_changed |= BSS_CHANGED_CQM; 1340 1341 /* Enable ARP filtering */ 1342 if (bss_conf->arp_filter_enabled != sdata->arp_filter_state) { 1343 bss_conf->arp_filter_enabled = sdata->arp_filter_state; 1344 bss_info_changed |= BSS_CHANGED_ARP_FILTER; 1345 } 1346 1347 ieee80211_bss_info_change_notify(sdata, bss_info_changed); 1348 1349 mutex_lock(&local->iflist_mtx); 1350 ieee80211_recalc_ps(local, -1); 1351 mutex_unlock(&local->iflist_mtx); 1352 1353 ieee80211_recalc_smps(local); 1354 ieee80211_recalc_ps_vif(sdata); 1355 1356 netif_tx_start_all_queues(sdata->dev); 1357 netif_carrier_on(sdata->dev); 1358 } 1359 1360 static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata, 1361 u16 stype, u16 reason, bool tx, 1362 u8 *frame_buf) 1363 { 1364 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1365 struct ieee80211_local *local = sdata->local; 1366 struct sta_info *sta; 1367 u32 changed = 0; 1368 1369 ASSERT_MGD_MTX(ifmgd); 1370 1371 if (WARN_ON_ONCE(tx && !frame_buf)) 1372 return; 1373 1374 if (WARN_ON(!ifmgd->associated)) 1375 return; 1376 1377 ieee80211_stop_poll(sdata); 1378 1379 ifmgd->associated = NULL; 1380 1381 /* 1382 * we need to commit the associated = NULL change because the 1383 * scan code uses that to determine whether this iface should 1384 * go to/wake up from powersave or not -- and could otherwise 1385 * wake the queues erroneously. 1386 */ 1387 smp_mb(); 1388 1389 /* 1390 * Thus, we can only afterwards stop the queues -- to account 1391 * for the case where another CPU is finishing a scan at this 1392 * time -- we don't want the scan code to enable queues. 1393 */ 1394 1395 netif_tx_stop_all_queues(sdata->dev); 1396 netif_carrier_off(sdata->dev); 1397 1398 mutex_lock(&local->sta_mtx); 1399 sta = sta_info_get(sdata, ifmgd->bssid); 1400 if (sta) { 1401 set_sta_flag(sta, WLAN_STA_BLOCK_BA); 1402 ieee80211_sta_tear_down_BA_sessions(sta, false); 1403 } 1404 mutex_unlock(&local->sta_mtx); 1405 1406 /* 1407 * if we want to get out of ps before disassoc (why?) we have 1408 * to do it before sending disassoc, as otherwise the null-packet 1409 * won't be valid. 1410 */ 1411 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 1412 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 1413 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1414 } 1415 local->ps_sdata = NULL; 1416 1417 /* disable per-vif ps */ 1418 ieee80211_recalc_ps_vif(sdata); 1419 1420 /* flush out any pending frame (e.g. DELBA) before deauth/disassoc */ 1421 if (tx) 1422 drv_flush(local, false); 1423 1424 /* deauthenticate/disassociate now */ 1425 if (tx || frame_buf) 1426 ieee80211_send_deauth_disassoc(sdata, ifmgd->bssid, stype, 1427 reason, tx, frame_buf); 1428 1429 /* flush out frame */ 1430 if (tx) 1431 drv_flush(local, false); 1432 1433 /* clear bssid only after building the needed mgmt frames */ 1434 memset(ifmgd->bssid, 0, ETH_ALEN); 1435 1436 /* remove AP and TDLS peers */ 1437 sta_info_flush(local, sdata); 1438 1439 /* finally reset all BSS / config parameters */ 1440 changed |= ieee80211_reset_erp_info(sdata); 1441 1442 ieee80211_led_assoc(local, 0); 1443 changed |= BSS_CHANGED_ASSOC; 1444 sdata->vif.bss_conf.assoc = false; 1445 1446 /* on the next assoc, re-program HT parameters */ 1447 memset(&ifmgd->ht_capa, 0, sizeof(ifmgd->ht_capa)); 1448 memset(&ifmgd->ht_capa_mask, 0, sizeof(ifmgd->ht_capa_mask)); 1449 1450 local->ap_power_level = 0; 1451 1452 del_timer_sync(&local->dynamic_ps_timer); 1453 cancel_work_sync(&local->dynamic_ps_enable_work); 1454 1455 /* Disable ARP filtering */ 1456 if (sdata->vif.bss_conf.arp_filter_enabled) { 1457 sdata->vif.bss_conf.arp_filter_enabled = false; 1458 changed |= BSS_CHANGED_ARP_FILTER; 1459 } 1460 1461 sdata->vif.bss_conf.qos = false; 1462 changed |= BSS_CHANGED_QOS; 1463 1464 /* The BSSID (not really interesting) and HT changed */ 1465 changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT; 1466 ieee80211_bss_info_change_notify(sdata, changed); 1467 1468 /* channel(_type) changes are handled by ieee80211_hw_config */ 1469 WARN_ON(!ieee80211_set_channel_type(local, sdata, NL80211_CHAN_NO_HT)); 1470 ieee80211_hw_config(local, 0); 1471 1472 /* disassociated - set to defaults now */ 1473 ieee80211_set_wmm_default(sdata, false); 1474 1475 del_timer_sync(&sdata->u.mgd.conn_mon_timer); 1476 del_timer_sync(&sdata->u.mgd.bcn_mon_timer); 1477 del_timer_sync(&sdata->u.mgd.timer); 1478 del_timer_sync(&sdata->u.mgd.chswitch_timer); 1479 1480 sdata->u.mgd.timers_running = 0; 1481 } 1482 1483 void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata, 1484 struct ieee80211_hdr *hdr) 1485 { 1486 /* 1487 * We can postpone the mgd.timer whenever receiving unicast frames 1488 * from AP because we know that the connection is working both ways 1489 * at that time. But multicast frames (and hence also beacons) must 1490 * be ignored here, because we need to trigger the timer during 1491 * data idle periods for sending the periodic probe request to the 1492 * AP we're connected to. 1493 */ 1494 if (is_multicast_ether_addr(hdr->addr1)) 1495 return; 1496 1497 ieee80211_sta_reset_conn_monitor(sdata); 1498 } 1499 1500 static void ieee80211_reset_ap_probe(struct ieee80211_sub_if_data *sdata) 1501 { 1502 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1503 struct ieee80211_local *local = sdata->local; 1504 1505 mutex_lock(&local->mtx); 1506 if (!(ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 1507 IEEE80211_STA_CONNECTION_POLL))) { 1508 mutex_unlock(&local->mtx); 1509 return; 1510 } 1511 1512 __ieee80211_stop_poll(sdata); 1513 1514 mutex_lock(&local->iflist_mtx); 1515 ieee80211_recalc_ps(local, -1); 1516 mutex_unlock(&local->iflist_mtx); 1517 1518 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 1519 goto out; 1520 1521 /* 1522 * We've received a probe response, but are not sure whether 1523 * we have or will be receiving any beacons or data, so let's 1524 * schedule the timers again, just in case. 1525 */ 1526 ieee80211_sta_reset_beacon_monitor(sdata); 1527 1528 mod_timer(&ifmgd->conn_mon_timer, 1529 round_jiffies_up(jiffies + 1530 IEEE80211_CONNECTION_IDLE_TIME)); 1531 out: 1532 mutex_unlock(&local->mtx); 1533 } 1534 1535 void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata, 1536 struct ieee80211_hdr *hdr, bool ack) 1537 { 1538 if (!ieee80211_is_data(hdr->frame_control)) 1539 return; 1540 1541 if (ack) 1542 ieee80211_sta_reset_conn_monitor(sdata); 1543 1544 if (ieee80211_is_nullfunc(hdr->frame_control) && 1545 sdata->u.mgd.probe_send_count > 0) { 1546 if (ack) 1547 sdata->u.mgd.probe_send_count = 0; 1548 else 1549 sdata->u.mgd.nullfunc_failed = true; 1550 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 1551 } 1552 } 1553 1554 static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata) 1555 { 1556 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1557 const u8 *ssid; 1558 u8 *dst = ifmgd->associated->bssid; 1559 u8 unicast_limit = max(1, max_probe_tries - 3); 1560 1561 /* 1562 * Try sending broadcast probe requests for the last three 1563 * probe requests after the first ones failed since some 1564 * buggy APs only support broadcast probe requests. 1565 */ 1566 if (ifmgd->probe_send_count >= unicast_limit) 1567 dst = NULL; 1568 1569 /* 1570 * When the hardware reports an accurate Tx ACK status, it's 1571 * better to send a nullfunc frame instead of a probe request, 1572 * as it will kick us off the AP quickly if we aren't associated 1573 * anymore. The timeout will be reset if the frame is ACKed by 1574 * the AP. 1575 */ 1576 ifmgd->probe_send_count++; 1577 1578 if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) { 1579 ifmgd->nullfunc_failed = false; 1580 ieee80211_send_nullfunc(sdata->local, sdata, 0); 1581 } else { 1582 int ssid_len; 1583 1584 ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID); 1585 if (WARN_ON_ONCE(ssid == NULL)) 1586 ssid_len = 0; 1587 else 1588 ssid_len = ssid[1]; 1589 1590 ieee80211_send_probe_req(sdata, dst, ssid + 2, ssid_len, NULL, 1591 0, (u32) -1, true, false, 1592 ifmgd->associated->channel); 1593 } 1594 1595 ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms); 1596 run_again(ifmgd, ifmgd->probe_timeout); 1597 if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 1598 drv_flush(sdata->local, false); 1599 } 1600 1601 static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata, 1602 bool beacon) 1603 { 1604 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1605 bool already = false; 1606 1607 if (!ieee80211_sdata_running(sdata)) 1608 return; 1609 1610 mutex_lock(&ifmgd->mtx); 1611 1612 if (!ifmgd->associated) 1613 goto out; 1614 1615 mutex_lock(&sdata->local->mtx); 1616 1617 if (sdata->local->tmp_channel || sdata->local->scanning) { 1618 mutex_unlock(&sdata->local->mtx); 1619 goto out; 1620 } 1621 1622 if (beacon) 1623 mlme_dbg_ratelimited(sdata, 1624 "detected beacon loss from AP - sending probe request\n"); 1625 1626 ieee80211_cqm_rssi_notify(&sdata->vif, 1627 NL80211_CQM_RSSI_BEACON_LOSS_EVENT, GFP_KERNEL); 1628 1629 /* 1630 * The driver/our work has already reported this event or the 1631 * connection monitoring has kicked in and we have already sent 1632 * a probe request. Or maybe the AP died and the driver keeps 1633 * reporting until we disassociate... 1634 * 1635 * In either case we have to ignore the current call to this 1636 * function (except for setting the correct probe reason bit) 1637 * because otherwise we would reset the timer every time and 1638 * never check whether we received a probe response! 1639 */ 1640 if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 1641 IEEE80211_STA_CONNECTION_POLL)) 1642 already = true; 1643 1644 if (beacon) 1645 ifmgd->flags |= IEEE80211_STA_BEACON_POLL; 1646 else 1647 ifmgd->flags |= IEEE80211_STA_CONNECTION_POLL; 1648 1649 mutex_unlock(&sdata->local->mtx); 1650 1651 if (already) 1652 goto out; 1653 1654 mutex_lock(&sdata->local->iflist_mtx); 1655 ieee80211_recalc_ps(sdata->local, -1); 1656 mutex_unlock(&sdata->local->iflist_mtx); 1657 1658 ifmgd->probe_send_count = 0; 1659 ieee80211_mgd_probe_ap_send(sdata); 1660 out: 1661 mutex_unlock(&ifmgd->mtx); 1662 } 1663 1664 struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw, 1665 struct ieee80211_vif *vif) 1666 { 1667 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 1668 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1669 struct cfg80211_bss *cbss; 1670 struct sk_buff *skb; 1671 const u8 *ssid; 1672 int ssid_len; 1673 1674 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 1675 return NULL; 1676 1677 ASSERT_MGD_MTX(ifmgd); 1678 1679 if (ifmgd->associated) 1680 cbss = ifmgd->associated; 1681 else if (ifmgd->auth_data) 1682 cbss = ifmgd->auth_data->bss; 1683 else if (ifmgd->assoc_data) 1684 cbss = ifmgd->assoc_data->bss; 1685 else 1686 return NULL; 1687 1688 ssid = ieee80211_bss_get_ie(cbss, WLAN_EID_SSID); 1689 if (WARN_ON_ONCE(ssid == NULL)) 1690 ssid_len = 0; 1691 else 1692 ssid_len = ssid[1]; 1693 1694 skb = ieee80211_build_probe_req(sdata, cbss->bssid, 1695 (u32) -1, 1696 sdata->local->oper_channel, 1697 ssid + 2, ssid_len, 1698 NULL, 0, true); 1699 1700 return skb; 1701 } 1702 EXPORT_SYMBOL(ieee80211_ap_probereq_get); 1703 1704 static void __ieee80211_disconnect(struct ieee80211_sub_if_data *sdata, 1705 bool transmit_frame) 1706 { 1707 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1708 struct ieee80211_local *local = sdata->local; 1709 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 1710 1711 mutex_lock(&ifmgd->mtx); 1712 if (!ifmgd->associated) { 1713 mutex_unlock(&ifmgd->mtx); 1714 return; 1715 } 1716 1717 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 1718 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, 1719 transmit_frame, frame_buf); 1720 ifmgd->flags &= ~IEEE80211_STA_CSA_RECEIVED; 1721 mutex_unlock(&ifmgd->mtx); 1722 1723 /* 1724 * must be outside lock due to cfg80211, 1725 * but that's not a problem. 1726 */ 1727 cfg80211_send_deauth(sdata->dev, frame_buf, IEEE80211_DEAUTH_FRAME_LEN); 1728 1729 mutex_lock(&local->mtx); 1730 ieee80211_recalc_idle(local); 1731 mutex_unlock(&local->mtx); 1732 } 1733 1734 static void ieee80211_beacon_connection_loss_work(struct work_struct *work) 1735 { 1736 struct ieee80211_sub_if_data *sdata = 1737 container_of(work, struct ieee80211_sub_if_data, 1738 u.mgd.beacon_connection_loss_work); 1739 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1740 struct sta_info *sta; 1741 1742 if (ifmgd->associated) { 1743 rcu_read_lock(); 1744 sta = sta_info_get(sdata, ifmgd->bssid); 1745 if (sta) 1746 sta->beacon_loss_count++; 1747 rcu_read_unlock(); 1748 } 1749 1750 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) { 1751 sdata_info(sdata, "Connection to AP %pM lost\n", 1752 ifmgd->bssid); 1753 __ieee80211_disconnect(sdata, false); 1754 } else { 1755 ieee80211_mgd_probe_ap(sdata, true); 1756 } 1757 } 1758 1759 static void ieee80211_csa_connection_drop_work(struct work_struct *work) 1760 { 1761 struct ieee80211_sub_if_data *sdata = 1762 container_of(work, struct ieee80211_sub_if_data, 1763 u.mgd.csa_connection_drop_work); 1764 1765 ieee80211_wake_queues_by_reason(&sdata->local->hw, 1766 IEEE80211_QUEUE_STOP_REASON_CSA); 1767 __ieee80211_disconnect(sdata, true); 1768 } 1769 1770 void ieee80211_beacon_loss(struct ieee80211_vif *vif) 1771 { 1772 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 1773 struct ieee80211_hw *hw = &sdata->local->hw; 1774 1775 trace_api_beacon_loss(sdata); 1776 1777 WARN_ON(hw->flags & IEEE80211_HW_CONNECTION_MONITOR); 1778 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work); 1779 } 1780 EXPORT_SYMBOL(ieee80211_beacon_loss); 1781 1782 void ieee80211_connection_loss(struct ieee80211_vif *vif) 1783 { 1784 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 1785 struct ieee80211_hw *hw = &sdata->local->hw; 1786 1787 trace_api_connection_loss(sdata); 1788 1789 WARN_ON(!(hw->flags & IEEE80211_HW_CONNECTION_MONITOR)); 1790 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work); 1791 } 1792 EXPORT_SYMBOL(ieee80211_connection_loss); 1793 1794 1795 static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata, 1796 bool assoc) 1797 { 1798 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data; 1799 1800 lockdep_assert_held(&sdata->u.mgd.mtx); 1801 1802 if (!assoc) { 1803 sta_info_destroy_addr(sdata, auth_data->bss->bssid); 1804 1805 memset(sdata->u.mgd.bssid, 0, ETH_ALEN); 1806 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 1807 } 1808 1809 cfg80211_put_bss(auth_data->bss); 1810 kfree(auth_data); 1811 sdata->u.mgd.auth_data = NULL; 1812 } 1813 1814 static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata, 1815 struct ieee80211_mgmt *mgmt, size_t len) 1816 { 1817 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data; 1818 u8 *pos; 1819 struct ieee802_11_elems elems; 1820 1821 pos = mgmt->u.auth.variable; 1822 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems); 1823 if (!elems.challenge) 1824 return; 1825 auth_data->expected_transaction = 4; 1826 drv_mgd_prepare_tx(sdata->local, sdata); 1827 ieee80211_send_auth(sdata, 3, auth_data->algorithm, 1828 elems.challenge - 2, elems.challenge_len + 2, 1829 auth_data->bss->bssid, auth_data->bss->bssid, 1830 auth_data->key, auth_data->key_len, 1831 auth_data->key_idx); 1832 } 1833 1834 static enum rx_mgmt_action __must_check 1835 ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata, 1836 struct ieee80211_mgmt *mgmt, size_t len) 1837 { 1838 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1839 u8 bssid[ETH_ALEN]; 1840 u16 auth_alg, auth_transaction, status_code; 1841 struct sta_info *sta; 1842 1843 lockdep_assert_held(&ifmgd->mtx); 1844 1845 if (len < 24 + 6) 1846 return RX_MGMT_NONE; 1847 1848 if (!ifmgd->auth_data || ifmgd->auth_data->done) 1849 return RX_MGMT_NONE; 1850 1851 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN); 1852 1853 if (!ether_addr_equal(bssid, mgmt->bssid)) 1854 return RX_MGMT_NONE; 1855 1856 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg); 1857 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction); 1858 status_code = le16_to_cpu(mgmt->u.auth.status_code); 1859 1860 if (auth_alg != ifmgd->auth_data->algorithm || 1861 auth_transaction != ifmgd->auth_data->expected_transaction) 1862 return RX_MGMT_NONE; 1863 1864 if (status_code != WLAN_STATUS_SUCCESS) { 1865 sdata_info(sdata, "%pM denied authentication (status %d)\n", 1866 mgmt->sa, status_code); 1867 ieee80211_destroy_auth_data(sdata, false); 1868 return RX_MGMT_CFG80211_RX_AUTH; 1869 } 1870 1871 switch (ifmgd->auth_data->algorithm) { 1872 case WLAN_AUTH_OPEN: 1873 case WLAN_AUTH_LEAP: 1874 case WLAN_AUTH_FT: 1875 break; 1876 case WLAN_AUTH_SHARED_KEY: 1877 if (ifmgd->auth_data->expected_transaction != 4) { 1878 ieee80211_auth_challenge(sdata, mgmt, len); 1879 /* need another frame */ 1880 return RX_MGMT_NONE; 1881 } 1882 break; 1883 default: 1884 WARN_ONCE(1, "invalid auth alg %d", 1885 ifmgd->auth_data->algorithm); 1886 return RX_MGMT_NONE; 1887 } 1888 1889 sdata_info(sdata, "authenticated\n"); 1890 ifmgd->auth_data->done = true; 1891 ifmgd->auth_data->timeout = jiffies + IEEE80211_AUTH_WAIT_ASSOC; 1892 run_again(ifmgd, ifmgd->auth_data->timeout); 1893 1894 /* move station state to auth */ 1895 mutex_lock(&sdata->local->sta_mtx); 1896 sta = sta_info_get(sdata, bssid); 1897 if (!sta) { 1898 WARN_ONCE(1, "%s: STA %pM not found", sdata->name, bssid); 1899 goto out_err; 1900 } 1901 if (sta_info_move_state(sta, IEEE80211_STA_AUTH)) { 1902 sdata_info(sdata, "failed moving %pM to auth\n", bssid); 1903 goto out_err; 1904 } 1905 mutex_unlock(&sdata->local->sta_mtx); 1906 1907 return RX_MGMT_CFG80211_RX_AUTH; 1908 out_err: 1909 mutex_unlock(&sdata->local->sta_mtx); 1910 /* ignore frame -- wait for timeout */ 1911 return RX_MGMT_NONE; 1912 } 1913 1914 1915 static enum rx_mgmt_action __must_check 1916 ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata, 1917 struct ieee80211_mgmt *mgmt, size_t len) 1918 { 1919 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1920 const u8 *bssid = NULL; 1921 u16 reason_code; 1922 1923 lockdep_assert_held(&ifmgd->mtx); 1924 1925 if (len < 24 + 2) 1926 return RX_MGMT_NONE; 1927 1928 if (!ifmgd->associated || 1929 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 1930 return RX_MGMT_NONE; 1931 1932 bssid = ifmgd->associated->bssid; 1933 1934 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code); 1935 1936 sdata_info(sdata, "deauthenticated from %pM (Reason: %u)\n", 1937 bssid, reason_code); 1938 1939 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 1940 1941 mutex_lock(&sdata->local->mtx); 1942 ieee80211_recalc_idle(sdata->local); 1943 mutex_unlock(&sdata->local->mtx); 1944 1945 return RX_MGMT_CFG80211_DEAUTH; 1946 } 1947 1948 1949 static enum rx_mgmt_action __must_check 1950 ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata, 1951 struct ieee80211_mgmt *mgmt, size_t len) 1952 { 1953 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1954 u16 reason_code; 1955 1956 lockdep_assert_held(&ifmgd->mtx); 1957 1958 if (len < 24 + 2) 1959 return RX_MGMT_NONE; 1960 1961 if (!ifmgd->associated || 1962 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 1963 return RX_MGMT_NONE; 1964 1965 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code); 1966 1967 sdata_info(sdata, "disassociated from %pM (Reason: %u)\n", 1968 mgmt->sa, reason_code); 1969 1970 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 1971 1972 mutex_lock(&sdata->local->mtx); 1973 ieee80211_recalc_idle(sdata->local); 1974 mutex_unlock(&sdata->local->mtx); 1975 1976 return RX_MGMT_CFG80211_DISASSOC; 1977 } 1978 1979 static void ieee80211_get_rates(struct ieee80211_supported_band *sband, 1980 u8 *supp_rates, unsigned int supp_rates_len, 1981 u32 *rates, u32 *basic_rates, 1982 bool *have_higher_than_11mbit, 1983 int *min_rate, int *min_rate_index) 1984 { 1985 int i, j; 1986 1987 for (i = 0; i < supp_rates_len; i++) { 1988 int rate = (supp_rates[i] & 0x7f) * 5; 1989 bool is_basic = !!(supp_rates[i] & 0x80); 1990 1991 if (rate > 110) 1992 *have_higher_than_11mbit = true; 1993 1994 /* 1995 * BSS_MEMBERSHIP_SELECTOR_HT_PHY is defined in 802.11n-2009 1996 * 7.3.2.2 as a magic value instead of a rate. Hence, skip it. 1997 * 1998 * Note: Even through the membership selector and the basic 1999 * rate flag share the same bit, they are not exactly 2000 * the same. 2001 */ 2002 if (!!(supp_rates[i] & 0x80) && 2003 (supp_rates[i] & 0x7f) == BSS_MEMBERSHIP_SELECTOR_HT_PHY) 2004 continue; 2005 2006 for (j = 0; j < sband->n_bitrates; j++) { 2007 if (sband->bitrates[j].bitrate == rate) { 2008 *rates |= BIT(j); 2009 if (is_basic) 2010 *basic_rates |= BIT(j); 2011 if (rate < *min_rate) { 2012 *min_rate = rate; 2013 *min_rate_index = j; 2014 } 2015 break; 2016 } 2017 } 2018 } 2019 } 2020 2021 static void ieee80211_destroy_assoc_data(struct ieee80211_sub_if_data *sdata, 2022 bool assoc) 2023 { 2024 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data; 2025 2026 lockdep_assert_held(&sdata->u.mgd.mtx); 2027 2028 if (!assoc) { 2029 sta_info_destroy_addr(sdata, assoc_data->bss->bssid); 2030 2031 memset(sdata->u.mgd.bssid, 0, ETH_ALEN); 2032 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 2033 } 2034 2035 kfree(assoc_data); 2036 sdata->u.mgd.assoc_data = NULL; 2037 } 2038 2039 static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata, 2040 struct cfg80211_bss *cbss, 2041 struct ieee80211_mgmt *mgmt, size_t len) 2042 { 2043 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2044 struct ieee80211_local *local = sdata->local; 2045 struct ieee80211_supported_band *sband; 2046 struct sta_info *sta; 2047 u8 *pos; 2048 u16 capab_info, aid; 2049 struct ieee802_11_elems elems; 2050 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 2051 u32 changed = 0; 2052 int err; 2053 2054 /* AssocResp and ReassocResp have identical structure */ 2055 2056 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 2057 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 2058 2059 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14))) 2060 sdata_info(sdata, "invalid AID value 0x%x; bits 15:14 not set\n", 2061 aid); 2062 aid &= ~(BIT(15) | BIT(14)); 2063 2064 ifmgd->broken_ap = false; 2065 2066 if (aid == 0 || aid > IEEE80211_MAX_AID) { 2067 sdata_info(sdata, "invalid AID value %d (out of range), turn off PS\n", 2068 aid); 2069 aid = 0; 2070 ifmgd->broken_ap = true; 2071 } 2072 2073 pos = mgmt->u.assoc_resp.variable; 2074 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems); 2075 2076 if (!elems.supp_rates) { 2077 sdata_info(sdata, "no SuppRates element in AssocResp\n"); 2078 return false; 2079 } 2080 2081 ifmgd->aid = aid; 2082 2083 mutex_lock(&sdata->local->sta_mtx); 2084 /* 2085 * station info was already allocated and inserted before 2086 * the association and should be available to us 2087 */ 2088 sta = sta_info_get(sdata, cbss->bssid); 2089 if (WARN_ON(!sta)) { 2090 mutex_unlock(&sdata->local->sta_mtx); 2091 return false; 2092 } 2093 2094 sband = local->hw.wiphy->bands[local->oper_channel->band]; 2095 2096 if (elems.ht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_11N)) 2097 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband, 2098 elems.ht_cap_elem, &sta->sta.ht_cap); 2099 2100 sta->supports_40mhz = 2101 sta->sta.ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40; 2102 2103 rate_control_rate_init(sta); 2104 2105 if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED) 2106 set_sta_flag(sta, WLAN_STA_MFP); 2107 2108 if (elems.wmm_param) 2109 set_sta_flag(sta, WLAN_STA_WME); 2110 2111 err = sta_info_move_state(sta, IEEE80211_STA_AUTH); 2112 if (!err) 2113 err = sta_info_move_state(sta, IEEE80211_STA_ASSOC); 2114 if (!err && !(ifmgd->flags & IEEE80211_STA_CONTROL_PORT)) 2115 err = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED); 2116 if (err) { 2117 sdata_info(sdata, 2118 "failed to move station %pM to desired state\n", 2119 sta->sta.addr); 2120 WARN_ON(__sta_info_destroy(sta)); 2121 mutex_unlock(&sdata->local->sta_mtx); 2122 return false; 2123 } 2124 2125 mutex_unlock(&sdata->local->sta_mtx); 2126 2127 /* 2128 * Always handle WMM once after association regardless 2129 * of the first value the AP uses. Setting -1 here has 2130 * that effect because the AP values is an unsigned 2131 * 4-bit value. 2132 */ 2133 ifmgd->wmm_last_param_set = -1; 2134 2135 if (elems.wmm_param) 2136 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param, 2137 elems.wmm_param_len); 2138 else 2139 ieee80211_set_wmm_default(sdata, false); 2140 changed |= BSS_CHANGED_QOS; 2141 2142 if (elems.ht_operation && elems.wmm_param && 2143 !(ifmgd->flags & IEEE80211_STA_DISABLE_11N)) 2144 changed |= ieee80211_config_ht_tx(sdata, elems.ht_operation, 2145 cbss->bssid, false); 2146 2147 /* set AID and assoc capability, 2148 * ieee80211_set_associated() will tell the driver */ 2149 bss_conf->aid = aid; 2150 bss_conf->assoc_capability = capab_info; 2151 ieee80211_set_associated(sdata, cbss, changed); 2152 2153 /* 2154 * If we're using 4-addr mode, let the AP know that we're 2155 * doing so, so that it can create the STA VLAN on its side 2156 */ 2157 if (ifmgd->use_4addr) 2158 ieee80211_send_4addr_nullfunc(local, sdata); 2159 2160 /* 2161 * Start timer to probe the connection to the AP now. 2162 * Also start the timer that will detect beacon loss. 2163 */ 2164 ieee80211_sta_rx_notify(sdata, (struct ieee80211_hdr *)mgmt); 2165 ieee80211_sta_reset_beacon_monitor(sdata); 2166 2167 return true; 2168 } 2169 2170 static enum rx_mgmt_action __must_check 2171 ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata, 2172 struct ieee80211_mgmt *mgmt, size_t len, 2173 struct cfg80211_bss **bss) 2174 { 2175 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2176 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 2177 u16 capab_info, status_code, aid; 2178 struct ieee802_11_elems elems; 2179 u8 *pos; 2180 bool reassoc; 2181 2182 lockdep_assert_held(&ifmgd->mtx); 2183 2184 if (!assoc_data) 2185 return RX_MGMT_NONE; 2186 if (!ether_addr_equal(assoc_data->bss->bssid, mgmt->bssid)) 2187 return RX_MGMT_NONE; 2188 2189 /* 2190 * AssocResp and ReassocResp have identical structure, so process both 2191 * of them in this function. 2192 */ 2193 2194 if (len < 24 + 6) 2195 return RX_MGMT_NONE; 2196 2197 reassoc = ieee80211_is_reassoc_req(mgmt->frame_control); 2198 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 2199 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code); 2200 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 2201 2202 sdata_info(sdata, 2203 "RX %sssocResp from %pM (capab=0x%x status=%d aid=%d)\n", 2204 reassoc ? "Rea" : "A", mgmt->sa, 2205 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14)))); 2206 2207 pos = mgmt->u.assoc_resp.variable; 2208 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems); 2209 2210 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY && 2211 elems.timeout_int && elems.timeout_int_len == 5 && 2212 elems.timeout_int[0] == WLAN_TIMEOUT_ASSOC_COMEBACK) { 2213 u32 tu, ms; 2214 tu = get_unaligned_le32(elems.timeout_int + 1); 2215 ms = tu * 1024 / 1000; 2216 sdata_info(sdata, 2217 "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n", 2218 mgmt->sa, tu, ms); 2219 assoc_data->timeout = jiffies + msecs_to_jiffies(ms); 2220 if (ms > IEEE80211_ASSOC_TIMEOUT) 2221 run_again(ifmgd, assoc_data->timeout); 2222 return RX_MGMT_NONE; 2223 } 2224 2225 *bss = assoc_data->bss; 2226 2227 if (status_code != WLAN_STATUS_SUCCESS) { 2228 sdata_info(sdata, "%pM denied association (code=%d)\n", 2229 mgmt->sa, status_code); 2230 ieee80211_destroy_assoc_data(sdata, false); 2231 } else { 2232 if (!ieee80211_assoc_success(sdata, *bss, mgmt, len)) { 2233 /* oops -- internal error -- send timeout for now */ 2234 ieee80211_destroy_assoc_data(sdata, false); 2235 cfg80211_put_bss(*bss); 2236 return RX_MGMT_CFG80211_ASSOC_TIMEOUT; 2237 } 2238 sdata_info(sdata, "associated\n"); 2239 2240 /* 2241 * destroy assoc_data afterwards, as otherwise an idle 2242 * recalc after assoc_data is NULL but before associated 2243 * is set can cause the interface to go idle 2244 */ 2245 ieee80211_destroy_assoc_data(sdata, true); 2246 } 2247 2248 return RX_MGMT_CFG80211_RX_ASSOC; 2249 } 2250 static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata, 2251 struct ieee80211_mgmt *mgmt, 2252 size_t len, 2253 struct ieee80211_rx_status *rx_status, 2254 struct ieee802_11_elems *elems, 2255 bool beacon) 2256 { 2257 struct ieee80211_local *local = sdata->local; 2258 int freq; 2259 struct ieee80211_bss *bss; 2260 struct ieee80211_channel *channel; 2261 bool need_ps = false; 2262 2263 if (sdata->u.mgd.associated && 2264 ether_addr_equal(mgmt->bssid, sdata->u.mgd.associated->bssid)) { 2265 bss = (void *)sdata->u.mgd.associated->priv; 2266 /* not previously set so we may need to recalc */ 2267 need_ps = !bss->dtim_period; 2268 } 2269 2270 if (elems->ds_params && elems->ds_params_len == 1) 2271 freq = ieee80211_channel_to_frequency(elems->ds_params[0], 2272 rx_status->band); 2273 else 2274 freq = rx_status->freq; 2275 2276 channel = ieee80211_get_channel(local->hw.wiphy, freq); 2277 2278 if (!channel || channel->flags & IEEE80211_CHAN_DISABLED) 2279 return; 2280 2281 bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, elems, 2282 channel, beacon); 2283 if (bss) 2284 ieee80211_rx_bss_put(local, bss); 2285 2286 if (!sdata->u.mgd.associated) 2287 return; 2288 2289 if (need_ps) { 2290 mutex_lock(&local->iflist_mtx); 2291 ieee80211_recalc_ps(local, -1); 2292 mutex_unlock(&local->iflist_mtx); 2293 } 2294 2295 if (elems->ch_switch_ie && 2296 memcmp(mgmt->bssid, sdata->u.mgd.associated->bssid, ETH_ALEN) == 0) 2297 ieee80211_sta_process_chanswitch(sdata, elems->ch_switch_ie, 2298 bss, rx_status->mactime); 2299 } 2300 2301 2302 static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata, 2303 struct sk_buff *skb) 2304 { 2305 struct ieee80211_mgmt *mgmt = (void *)skb->data; 2306 struct ieee80211_if_managed *ifmgd; 2307 struct ieee80211_rx_status *rx_status = (void *) skb->cb; 2308 size_t baselen, len = skb->len; 2309 struct ieee802_11_elems elems; 2310 2311 ifmgd = &sdata->u.mgd; 2312 2313 ASSERT_MGD_MTX(ifmgd); 2314 2315 if (!ether_addr_equal(mgmt->da, sdata->vif.addr)) 2316 return; /* ignore ProbeResp to foreign address */ 2317 2318 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt; 2319 if (baselen > len) 2320 return; 2321 2322 ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen, 2323 &elems); 2324 2325 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems, false); 2326 2327 if (ifmgd->associated && 2328 ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2329 ieee80211_reset_ap_probe(sdata); 2330 2331 if (ifmgd->auth_data && !ifmgd->auth_data->bss->proberesp_ies && 2332 ether_addr_equal(mgmt->bssid, ifmgd->auth_data->bss->bssid)) { 2333 /* got probe response, continue with auth */ 2334 sdata_info(sdata, "direct probe responded\n"); 2335 ifmgd->auth_data->tries = 0; 2336 ifmgd->auth_data->timeout = jiffies; 2337 run_again(ifmgd, ifmgd->auth_data->timeout); 2338 } 2339 } 2340 2341 /* 2342 * This is the canonical list of information elements we care about, 2343 * the filter code also gives us all changes to the Microsoft OUI 2344 * (00:50:F2) vendor IE which is used for WMM which we need to track. 2345 * 2346 * We implement beacon filtering in software since that means we can 2347 * avoid processing the frame here and in cfg80211, and userspace 2348 * will not be able to tell whether the hardware supports it or not. 2349 * 2350 * XXX: This list needs to be dynamic -- userspace needs to be able to 2351 * add items it requires. It also needs to be able to tell us to 2352 * look out for other vendor IEs. 2353 */ 2354 static const u64 care_about_ies = 2355 (1ULL << WLAN_EID_COUNTRY) | 2356 (1ULL << WLAN_EID_ERP_INFO) | 2357 (1ULL << WLAN_EID_CHANNEL_SWITCH) | 2358 (1ULL << WLAN_EID_PWR_CONSTRAINT) | 2359 (1ULL << WLAN_EID_HT_CAPABILITY) | 2360 (1ULL << WLAN_EID_HT_OPERATION); 2361 2362 static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata, 2363 struct ieee80211_mgmt *mgmt, 2364 size_t len, 2365 struct ieee80211_rx_status *rx_status) 2366 { 2367 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2368 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 2369 size_t baselen; 2370 struct ieee802_11_elems elems; 2371 struct ieee80211_local *local = sdata->local; 2372 u32 changed = 0; 2373 bool erp_valid, directed_tim = false; 2374 u8 erp_value = 0; 2375 u32 ncrc; 2376 u8 *bssid; 2377 2378 lockdep_assert_held(&ifmgd->mtx); 2379 2380 /* Process beacon from the current BSS */ 2381 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt; 2382 if (baselen > len) 2383 return; 2384 2385 if (rx_status->freq != local->oper_channel->center_freq) 2386 return; 2387 2388 if (ifmgd->assoc_data && !ifmgd->assoc_data->have_beacon && 2389 ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->bss->bssid)) { 2390 ieee802_11_parse_elems(mgmt->u.beacon.variable, 2391 len - baselen, &elems); 2392 2393 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems, 2394 false); 2395 ifmgd->assoc_data->have_beacon = true; 2396 ifmgd->assoc_data->sent_assoc = false; 2397 /* continue assoc process */ 2398 ifmgd->assoc_data->timeout = jiffies; 2399 run_again(ifmgd, ifmgd->assoc_data->timeout); 2400 return; 2401 } 2402 2403 if (!ifmgd->associated || 2404 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2405 return; 2406 bssid = ifmgd->associated->bssid; 2407 2408 /* Track average RSSI from the Beacon frames of the current AP */ 2409 ifmgd->last_beacon_signal = rx_status->signal; 2410 if (ifmgd->flags & IEEE80211_STA_RESET_SIGNAL_AVE) { 2411 ifmgd->flags &= ~IEEE80211_STA_RESET_SIGNAL_AVE; 2412 ifmgd->ave_beacon_signal = rx_status->signal * 16; 2413 ifmgd->last_cqm_event_signal = 0; 2414 ifmgd->count_beacon_signal = 1; 2415 ifmgd->last_ave_beacon_signal = 0; 2416 } else { 2417 ifmgd->ave_beacon_signal = 2418 (IEEE80211_SIGNAL_AVE_WEIGHT * rx_status->signal * 16 + 2419 (16 - IEEE80211_SIGNAL_AVE_WEIGHT) * 2420 ifmgd->ave_beacon_signal) / 16; 2421 ifmgd->count_beacon_signal++; 2422 } 2423 2424 if (ifmgd->rssi_min_thold != ifmgd->rssi_max_thold && 2425 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) { 2426 int sig = ifmgd->ave_beacon_signal; 2427 int last_sig = ifmgd->last_ave_beacon_signal; 2428 2429 /* 2430 * if signal crosses either of the boundaries, invoke callback 2431 * with appropriate parameters 2432 */ 2433 if (sig > ifmgd->rssi_max_thold && 2434 (last_sig <= ifmgd->rssi_min_thold || last_sig == 0)) { 2435 ifmgd->last_ave_beacon_signal = sig; 2436 drv_rssi_callback(local, RSSI_EVENT_HIGH); 2437 } else if (sig < ifmgd->rssi_min_thold && 2438 (last_sig >= ifmgd->rssi_max_thold || 2439 last_sig == 0)) { 2440 ifmgd->last_ave_beacon_signal = sig; 2441 drv_rssi_callback(local, RSSI_EVENT_LOW); 2442 } 2443 } 2444 2445 if (bss_conf->cqm_rssi_thold && 2446 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT && 2447 !(sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI)) { 2448 int sig = ifmgd->ave_beacon_signal / 16; 2449 int last_event = ifmgd->last_cqm_event_signal; 2450 int thold = bss_conf->cqm_rssi_thold; 2451 int hyst = bss_conf->cqm_rssi_hyst; 2452 if (sig < thold && 2453 (last_event == 0 || sig < last_event - hyst)) { 2454 ifmgd->last_cqm_event_signal = sig; 2455 ieee80211_cqm_rssi_notify( 2456 &sdata->vif, 2457 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW, 2458 GFP_KERNEL); 2459 } else if (sig > thold && 2460 (last_event == 0 || sig > last_event + hyst)) { 2461 ifmgd->last_cqm_event_signal = sig; 2462 ieee80211_cqm_rssi_notify( 2463 &sdata->vif, 2464 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH, 2465 GFP_KERNEL); 2466 } 2467 } 2468 2469 if (ifmgd->flags & IEEE80211_STA_BEACON_POLL) { 2470 mlme_dbg_ratelimited(sdata, 2471 "cancelling probereq poll due to a received beacon\n"); 2472 mutex_lock(&local->mtx); 2473 ifmgd->flags &= ~IEEE80211_STA_BEACON_POLL; 2474 ieee80211_run_deferred_scan(local); 2475 mutex_unlock(&local->mtx); 2476 2477 mutex_lock(&local->iflist_mtx); 2478 ieee80211_recalc_ps(local, -1); 2479 mutex_unlock(&local->iflist_mtx); 2480 } 2481 2482 /* 2483 * Push the beacon loss detection into the future since 2484 * we are processing a beacon from the AP just now. 2485 */ 2486 ieee80211_sta_reset_beacon_monitor(sdata); 2487 2488 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4); 2489 ncrc = ieee802_11_parse_elems_crc(mgmt->u.beacon.variable, 2490 len - baselen, &elems, 2491 care_about_ies, ncrc); 2492 2493 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) 2494 directed_tim = ieee80211_check_tim(elems.tim, elems.tim_len, 2495 ifmgd->aid); 2496 2497 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) { 2498 if (directed_tim) { 2499 if (local->hw.conf.dynamic_ps_timeout > 0) { 2500 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 2501 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 2502 ieee80211_hw_config(local, 2503 IEEE80211_CONF_CHANGE_PS); 2504 } 2505 ieee80211_send_nullfunc(local, sdata, 0); 2506 } else if (!local->pspolling && sdata->u.mgd.powersave) { 2507 local->pspolling = true; 2508 2509 /* 2510 * Here is assumed that the driver will be 2511 * able to send ps-poll frame and receive a 2512 * response even though power save mode is 2513 * enabled, but some drivers might require 2514 * to disable power save here. This needs 2515 * to be investigated. 2516 */ 2517 ieee80211_send_pspoll(local, sdata); 2518 } 2519 } 2520 } 2521 2522 if (ncrc == ifmgd->beacon_crc && ifmgd->beacon_crc_valid) 2523 return; 2524 ifmgd->beacon_crc = ncrc; 2525 ifmgd->beacon_crc_valid = true; 2526 2527 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems, 2528 true); 2529 2530 if (ieee80211_sta_wmm_params(local, sdata, elems.wmm_param, 2531 elems.wmm_param_len)) 2532 changed |= BSS_CHANGED_QOS; 2533 2534 if (elems.erp_info && elems.erp_info_len >= 1) { 2535 erp_valid = true; 2536 erp_value = elems.erp_info[0]; 2537 } else { 2538 erp_valid = false; 2539 } 2540 changed |= ieee80211_handle_bss_capability(sdata, 2541 le16_to_cpu(mgmt->u.beacon.capab_info), 2542 erp_valid, erp_value); 2543 2544 2545 if (elems.ht_cap_elem && elems.ht_operation && elems.wmm_param && 2546 !(ifmgd->flags & IEEE80211_STA_DISABLE_11N)) { 2547 struct ieee80211_supported_band *sband; 2548 2549 sband = local->hw.wiphy->bands[local->oper_channel->band]; 2550 2551 changed |= ieee80211_config_ht_tx(sdata, elems.ht_operation, 2552 bssid, true); 2553 } 2554 2555 if (elems.country_elem && elems.pwr_constr_elem && 2556 mgmt->u.probe_resp.capab_info & 2557 cpu_to_le16(WLAN_CAPABILITY_SPECTRUM_MGMT)) 2558 ieee80211_handle_pwr_constr(sdata, local->oper_channel, 2559 elems.country_elem, 2560 elems.country_elem_len, 2561 elems.pwr_constr_elem); 2562 2563 ieee80211_bss_info_change_notify(sdata, changed); 2564 } 2565 2566 void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata, 2567 struct sk_buff *skb) 2568 { 2569 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2570 struct ieee80211_rx_status *rx_status; 2571 struct ieee80211_mgmt *mgmt; 2572 struct cfg80211_bss *bss = NULL; 2573 enum rx_mgmt_action rma = RX_MGMT_NONE; 2574 u16 fc; 2575 2576 rx_status = (struct ieee80211_rx_status *) skb->cb; 2577 mgmt = (struct ieee80211_mgmt *) skb->data; 2578 fc = le16_to_cpu(mgmt->frame_control); 2579 2580 mutex_lock(&ifmgd->mtx); 2581 2582 switch (fc & IEEE80211_FCTL_STYPE) { 2583 case IEEE80211_STYPE_BEACON: 2584 ieee80211_rx_mgmt_beacon(sdata, mgmt, skb->len, rx_status); 2585 break; 2586 case IEEE80211_STYPE_PROBE_RESP: 2587 ieee80211_rx_mgmt_probe_resp(sdata, skb); 2588 break; 2589 case IEEE80211_STYPE_AUTH: 2590 rma = ieee80211_rx_mgmt_auth(sdata, mgmt, skb->len); 2591 break; 2592 case IEEE80211_STYPE_DEAUTH: 2593 rma = ieee80211_rx_mgmt_deauth(sdata, mgmt, skb->len); 2594 break; 2595 case IEEE80211_STYPE_DISASSOC: 2596 rma = ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len); 2597 break; 2598 case IEEE80211_STYPE_ASSOC_RESP: 2599 case IEEE80211_STYPE_REASSOC_RESP: 2600 rma = ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len, &bss); 2601 break; 2602 case IEEE80211_STYPE_ACTION: 2603 switch (mgmt->u.action.category) { 2604 case WLAN_CATEGORY_SPECTRUM_MGMT: 2605 ieee80211_sta_process_chanswitch(sdata, 2606 &mgmt->u.action.u.chan_switch.sw_elem, 2607 (void *)ifmgd->associated->priv, 2608 rx_status->mactime); 2609 break; 2610 } 2611 } 2612 mutex_unlock(&ifmgd->mtx); 2613 2614 switch (rma) { 2615 case RX_MGMT_NONE: 2616 /* no action */ 2617 break; 2618 case RX_MGMT_CFG80211_DEAUTH: 2619 cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len); 2620 break; 2621 case RX_MGMT_CFG80211_DISASSOC: 2622 cfg80211_send_disassoc(sdata->dev, (u8 *)mgmt, skb->len); 2623 break; 2624 case RX_MGMT_CFG80211_RX_AUTH: 2625 cfg80211_send_rx_auth(sdata->dev, (u8 *)mgmt, skb->len); 2626 break; 2627 case RX_MGMT_CFG80211_RX_ASSOC: 2628 cfg80211_send_rx_assoc(sdata->dev, bss, (u8 *)mgmt, skb->len); 2629 break; 2630 case RX_MGMT_CFG80211_ASSOC_TIMEOUT: 2631 cfg80211_send_assoc_timeout(sdata->dev, mgmt->bssid); 2632 break; 2633 default: 2634 WARN(1, "unexpected: %d", rma); 2635 } 2636 } 2637 2638 static void ieee80211_sta_timer(unsigned long data) 2639 { 2640 struct ieee80211_sub_if_data *sdata = 2641 (struct ieee80211_sub_if_data *) data; 2642 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2643 struct ieee80211_local *local = sdata->local; 2644 2645 if (local->quiescing) { 2646 set_bit(TMR_RUNNING_TIMER, &ifmgd->timers_running); 2647 return; 2648 } 2649 2650 ieee80211_queue_work(&local->hw, &sdata->work); 2651 } 2652 2653 static void ieee80211_sta_connection_lost(struct ieee80211_sub_if_data *sdata, 2654 u8 *bssid, u8 reason) 2655 { 2656 struct ieee80211_local *local = sdata->local; 2657 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2658 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 2659 2660 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, reason, 2661 false, frame_buf); 2662 mutex_unlock(&ifmgd->mtx); 2663 2664 /* 2665 * must be outside lock due to cfg80211, 2666 * but that's not a problem. 2667 */ 2668 cfg80211_send_deauth(sdata->dev, frame_buf, IEEE80211_DEAUTH_FRAME_LEN); 2669 2670 mutex_lock(&local->mtx); 2671 ieee80211_recalc_idle(local); 2672 mutex_unlock(&local->mtx); 2673 2674 mutex_lock(&ifmgd->mtx); 2675 } 2676 2677 static int ieee80211_probe_auth(struct ieee80211_sub_if_data *sdata) 2678 { 2679 struct ieee80211_local *local = sdata->local; 2680 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2681 struct ieee80211_mgd_auth_data *auth_data = ifmgd->auth_data; 2682 2683 lockdep_assert_held(&ifmgd->mtx); 2684 2685 if (WARN_ON_ONCE(!auth_data)) 2686 return -EINVAL; 2687 2688 auth_data->tries++; 2689 2690 if (auth_data->tries > IEEE80211_AUTH_MAX_TRIES) { 2691 sdata_info(sdata, "authentication with %pM timed out\n", 2692 auth_data->bss->bssid); 2693 2694 /* 2695 * Most likely AP is not in the range so remove the 2696 * bss struct for that AP. 2697 */ 2698 cfg80211_unlink_bss(local->hw.wiphy, auth_data->bss); 2699 2700 return -ETIMEDOUT; 2701 } 2702 2703 drv_mgd_prepare_tx(local, sdata); 2704 2705 if (auth_data->bss->proberesp_ies) { 2706 sdata_info(sdata, "send auth to %pM (try %d/%d)\n", 2707 auth_data->bss->bssid, auth_data->tries, 2708 IEEE80211_AUTH_MAX_TRIES); 2709 2710 auth_data->expected_transaction = 2; 2711 ieee80211_send_auth(sdata, 1, auth_data->algorithm, 2712 auth_data->ie, auth_data->ie_len, 2713 auth_data->bss->bssid, 2714 auth_data->bss->bssid, NULL, 0, 0); 2715 } else { 2716 const u8 *ssidie; 2717 2718 sdata_info(sdata, "direct probe to %pM (try %d/%i)\n", 2719 auth_data->bss->bssid, auth_data->tries, 2720 IEEE80211_AUTH_MAX_TRIES); 2721 2722 ssidie = ieee80211_bss_get_ie(auth_data->bss, WLAN_EID_SSID); 2723 if (!ssidie) 2724 return -EINVAL; 2725 /* 2726 * Direct probe is sent to broadcast address as some APs 2727 * will not answer to direct packet in unassociated state. 2728 */ 2729 ieee80211_send_probe_req(sdata, NULL, ssidie + 2, ssidie[1], 2730 NULL, 0, (u32) -1, true, false, 2731 auth_data->bss->channel); 2732 } 2733 2734 auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT; 2735 run_again(ifmgd, auth_data->timeout); 2736 2737 return 0; 2738 } 2739 2740 static int ieee80211_do_assoc(struct ieee80211_sub_if_data *sdata) 2741 { 2742 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data; 2743 struct ieee80211_local *local = sdata->local; 2744 2745 lockdep_assert_held(&sdata->u.mgd.mtx); 2746 2747 assoc_data->tries++; 2748 if (assoc_data->tries > IEEE80211_ASSOC_MAX_TRIES) { 2749 sdata_info(sdata, "association with %pM timed out\n", 2750 assoc_data->bss->bssid); 2751 2752 /* 2753 * Most likely AP is not in the range so remove the 2754 * bss struct for that AP. 2755 */ 2756 cfg80211_unlink_bss(local->hw.wiphy, assoc_data->bss); 2757 2758 return -ETIMEDOUT; 2759 } 2760 2761 sdata_info(sdata, "associate with %pM (try %d/%d)\n", 2762 assoc_data->bss->bssid, assoc_data->tries, 2763 IEEE80211_ASSOC_MAX_TRIES); 2764 ieee80211_send_assoc(sdata); 2765 2766 assoc_data->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT; 2767 run_again(&sdata->u.mgd, assoc_data->timeout); 2768 2769 return 0; 2770 } 2771 2772 void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata) 2773 { 2774 struct ieee80211_local *local = sdata->local; 2775 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2776 2777 mutex_lock(&ifmgd->mtx); 2778 2779 if (ifmgd->auth_data && 2780 time_after(jiffies, ifmgd->auth_data->timeout)) { 2781 if (ifmgd->auth_data->done) { 2782 /* 2783 * ok ... we waited for assoc but userspace didn't, 2784 * so let's just kill the auth data 2785 */ 2786 ieee80211_destroy_auth_data(sdata, false); 2787 } else if (ieee80211_probe_auth(sdata)) { 2788 u8 bssid[ETH_ALEN]; 2789 2790 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN); 2791 2792 ieee80211_destroy_auth_data(sdata, false); 2793 2794 mutex_unlock(&ifmgd->mtx); 2795 cfg80211_send_auth_timeout(sdata->dev, bssid); 2796 mutex_lock(&ifmgd->mtx); 2797 } 2798 } else if (ifmgd->auth_data) 2799 run_again(ifmgd, ifmgd->auth_data->timeout); 2800 2801 if (ifmgd->assoc_data && 2802 time_after(jiffies, ifmgd->assoc_data->timeout)) { 2803 if (!ifmgd->assoc_data->have_beacon || 2804 ieee80211_do_assoc(sdata)) { 2805 u8 bssid[ETH_ALEN]; 2806 2807 memcpy(bssid, ifmgd->assoc_data->bss->bssid, ETH_ALEN); 2808 2809 ieee80211_destroy_assoc_data(sdata, false); 2810 2811 mutex_unlock(&ifmgd->mtx); 2812 cfg80211_send_assoc_timeout(sdata->dev, bssid); 2813 mutex_lock(&ifmgd->mtx); 2814 } 2815 } else if (ifmgd->assoc_data) 2816 run_again(ifmgd, ifmgd->assoc_data->timeout); 2817 2818 if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 2819 IEEE80211_STA_CONNECTION_POLL) && 2820 ifmgd->associated) { 2821 u8 bssid[ETH_ALEN]; 2822 int max_tries; 2823 2824 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN); 2825 2826 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 2827 max_tries = max_nullfunc_tries; 2828 else 2829 max_tries = max_probe_tries; 2830 2831 /* ACK received for nullfunc probing frame */ 2832 if (!ifmgd->probe_send_count) 2833 ieee80211_reset_ap_probe(sdata); 2834 else if (ifmgd->nullfunc_failed) { 2835 if (ifmgd->probe_send_count < max_tries) { 2836 mlme_dbg(sdata, 2837 "No ack for nullfunc frame to AP %pM, try %d/%i\n", 2838 bssid, ifmgd->probe_send_count, 2839 max_tries); 2840 ieee80211_mgd_probe_ap_send(sdata); 2841 } else { 2842 mlme_dbg(sdata, 2843 "No ack for nullfunc frame to AP %pM, disconnecting.\n", 2844 bssid); 2845 ieee80211_sta_connection_lost(sdata, bssid, 2846 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY); 2847 } 2848 } else if (time_is_after_jiffies(ifmgd->probe_timeout)) 2849 run_again(ifmgd, ifmgd->probe_timeout); 2850 else if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) { 2851 mlme_dbg(sdata, 2852 "Failed to send nullfunc to AP %pM after %dms, disconnecting\n", 2853 bssid, probe_wait_ms); 2854 ieee80211_sta_connection_lost(sdata, bssid, 2855 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY); 2856 } else if (ifmgd->probe_send_count < max_tries) { 2857 mlme_dbg(sdata, 2858 "No probe response from AP %pM after %dms, try %d/%i\n", 2859 bssid, probe_wait_ms, 2860 ifmgd->probe_send_count, max_tries); 2861 ieee80211_mgd_probe_ap_send(sdata); 2862 } else { 2863 /* 2864 * We actually lost the connection ... or did we? 2865 * Let's make sure! 2866 */ 2867 wiphy_debug(local->hw.wiphy, 2868 "%s: No probe response from AP %pM" 2869 " after %dms, disconnecting.\n", 2870 sdata->name, 2871 bssid, probe_wait_ms); 2872 2873 ieee80211_sta_connection_lost(sdata, bssid, 2874 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY); 2875 } 2876 } 2877 2878 mutex_unlock(&ifmgd->mtx); 2879 2880 mutex_lock(&local->mtx); 2881 ieee80211_recalc_idle(local); 2882 mutex_unlock(&local->mtx); 2883 } 2884 2885 static void ieee80211_sta_bcn_mon_timer(unsigned long data) 2886 { 2887 struct ieee80211_sub_if_data *sdata = 2888 (struct ieee80211_sub_if_data *) data; 2889 struct ieee80211_local *local = sdata->local; 2890 2891 if (local->quiescing) 2892 return; 2893 2894 ieee80211_queue_work(&sdata->local->hw, 2895 &sdata->u.mgd.beacon_connection_loss_work); 2896 } 2897 2898 static void ieee80211_sta_conn_mon_timer(unsigned long data) 2899 { 2900 struct ieee80211_sub_if_data *sdata = 2901 (struct ieee80211_sub_if_data *) data; 2902 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2903 struct ieee80211_local *local = sdata->local; 2904 2905 if (local->quiescing) 2906 return; 2907 2908 ieee80211_queue_work(&local->hw, &ifmgd->monitor_work); 2909 } 2910 2911 static void ieee80211_sta_monitor_work(struct work_struct *work) 2912 { 2913 struct ieee80211_sub_if_data *sdata = 2914 container_of(work, struct ieee80211_sub_if_data, 2915 u.mgd.monitor_work); 2916 2917 ieee80211_mgd_probe_ap(sdata, false); 2918 } 2919 2920 static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata) 2921 { 2922 u32 flags; 2923 2924 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 2925 __ieee80211_stop_poll(sdata); 2926 2927 /* let's probe the connection once */ 2928 flags = sdata->local->hw.flags; 2929 if (!(flags & IEEE80211_HW_CONNECTION_MONITOR)) 2930 ieee80211_queue_work(&sdata->local->hw, 2931 &sdata->u.mgd.monitor_work); 2932 /* and do all the other regular work too */ 2933 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 2934 } 2935 } 2936 2937 #ifdef CONFIG_PM 2938 void ieee80211_sta_quiesce(struct ieee80211_sub_if_data *sdata) 2939 { 2940 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2941 2942 /* 2943 * we need to use atomic bitops for the running bits 2944 * only because both timers might fire at the same 2945 * time -- the code here is properly synchronised. 2946 */ 2947 2948 cancel_work_sync(&ifmgd->request_smps_work); 2949 2950 cancel_work_sync(&ifmgd->monitor_work); 2951 cancel_work_sync(&ifmgd->beacon_connection_loss_work); 2952 cancel_work_sync(&ifmgd->csa_connection_drop_work); 2953 if (del_timer_sync(&ifmgd->timer)) 2954 set_bit(TMR_RUNNING_TIMER, &ifmgd->timers_running); 2955 2956 cancel_work_sync(&ifmgd->chswitch_work); 2957 if (del_timer_sync(&ifmgd->chswitch_timer)) 2958 set_bit(TMR_RUNNING_CHANSW, &ifmgd->timers_running); 2959 2960 /* these will just be re-established on connection */ 2961 del_timer_sync(&ifmgd->conn_mon_timer); 2962 del_timer_sync(&ifmgd->bcn_mon_timer); 2963 } 2964 2965 void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata) 2966 { 2967 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2968 2969 if (!ifmgd->associated) 2970 return; 2971 2972 if (sdata->flags & IEEE80211_SDATA_DISCONNECT_RESUME) { 2973 sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_RESUME; 2974 mutex_lock(&ifmgd->mtx); 2975 if (ifmgd->associated) { 2976 mlme_dbg(sdata, 2977 "driver requested disconnect after resume\n"); 2978 ieee80211_sta_connection_lost(sdata, 2979 ifmgd->associated->bssid, 2980 WLAN_REASON_UNSPECIFIED); 2981 mutex_unlock(&ifmgd->mtx); 2982 return; 2983 } 2984 mutex_unlock(&ifmgd->mtx); 2985 } 2986 2987 if (test_and_clear_bit(TMR_RUNNING_TIMER, &ifmgd->timers_running)) 2988 add_timer(&ifmgd->timer); 2989 if (test_and_clear_bit(TMR_RUNNING_CHANSW, &ifmgd->timers_running)) 2990 add_timer(&ifmgd->chswitch_timer); 2991 ieee80211_sta_reset_beacon_monitor(sdata); 2992 2993 mutex_lock(&sdata->local->mtx); 2994 ieee80211_restart_sta_timer(sdata); 2995 mutex_unlock(&sdata->local->mtx); 2996 } 2997 #endif 2998 2999 /* interface setup */ 3000 void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata) 3001 { 3002 struct ieee80211_if_managed *ifmgd; 3003 3004 ifmgd = &sdata->u.mgd; 3005 INIT_WORK(&ifmgd->monitor_work, ieee80211_sta_monitor_work); 3006 INIT_WORK(&ifmgd->chswitch_work, ieee80211_chswitch_work); 3007 INIT_WORK(&ifmgd->beacon_connection_loss_work, 3008 ieee80211_beacon_connection_loss_work); 3009 INIT_WORK(&ifmgd->csa_connection_drop_work, 3010 ieee80211_csa_connection_drop_work); 3011 INIT_WORK(&ifmgd->request_smps_work, ieee80211_request_smps_work); 3012 setup_timer(&ifmgd->timer, ieee80211_sta_timer, 3013 (unsigned long) sdata); 3014 setup_timer(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer, 3015 (unsigned long) sdata); 3016 setup_timer(&ifmgd->conn_mon_timer, ieee80211_sta_conn_mon_timer, 3017 (unsigned long) sdata); 3018 setup_timer(&ifmgd->chswitch_timer, ieee80211_chswitch_timer, 3019 (unsigned long) sdata); 3020 3021 ifmgd->flags = 0; 3022 ifmgd->powersave = sdata->wdev.ps; 3023 ifmgd->uapsd_queues = IEEE80211_DEFAULT_UAPSD_QUEUES; 3024 ifmgd->uapsd_max_sp_len = IEEE80211_DEFAULT_MAX_SP_LEN; 3025 3026 mutex_init(&ifmgd->mtx); 3027 3028 if (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_SMPS) 3029 ifmgd->req_smps = IEEE80211_SMPS_AUTOMATIC; 3030 else 3031 ifmgd->req_smps = IEEE80211_SMPS_OFF; 3032 } 3033 3034 /* scan finished notification */ 3035 void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local) 3036 { 3037 struct ieee80211_sub_if_data *sdata; 3038 3039 /* Restart STA timers */ 3040 rcu_read_lock(); 3041 list_for_each_entry_rcu(sdata, &local->interfaces, list) 3042 ieee80211_restart_sta_timer(sdata); 3043 rcu_read_unlock(); 3044 } 3045 3046 int ieee80211_max_network_latency(struct notifier_block *nb, 3047 unsigned long data, void *dummy) 3048 { 3049 s32 latency_usec = (s32) data; 3050 struct ieee80211_local *local = 3051 container_of(nb, struct ieee80211_local, 3052 network_latency_notifier); 3053 3054 mutex_lock(&local->iflist_mtx); 3055 ieee80211_recalc_ps(local, latency_usec); 3056 mutex_unlock(&local->iflist_mtx); 3057 3058 return 0; 3059 } 3060 3061 static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata, 3062 struct cfg80211_bss *cbss) 3063 { 3064 struct ieee80211_local *local = sdata->local; 3065 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3066 int ht_cfreq; 3067 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT; 3068 const u8 *ht_oper_ie; 3069 const struct ieee80211_ht_operation *ht_oper = NULL; 3070 struct ieee80211_supported_band *sband; 3071 3072 sband = local->hw.wiphy->bands[cbss->channel->band]; 3073 3074 ifmgd->flags &= ~IEEE80211_STA_DISABLE_40MHZ; 3075 3076 if (sband->ht_cap.ht_supported) { 3077 ht_oper_ie = cfg80211_find_ie(WLAN_EID_HT_OPERATION, 3078 cbss->information_elements, 3079 cbss->len_information_elements); 3080 if (ht_oper_ie && ht_oper_ie[1] >= sizeof(*ht_oper)) 3081 ht_oper = (void *)(ht_oper_ie + 2); 3082 } 3083 3084 if (ht_oper) { 3085 ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan, 3086 cbss->channel->band); 3087 /* check that channel matches the right operating channel */ 3088 if (cbss->channel->center_freq != ht_cfreq) { 3089 /* 3090 * It's possible that some APs are confused here; 3091 * Netgear WNDR3700 sometimes reports 4 higher than 3092 * the actual channel in association responses, but 3093 * since we look at probe response/beacon data here 3094 * it should be OK. 3095 */ 3096 sdata_info(sdata, 3097 "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n", 3098 cbss->channel->center_freq, 3099 ht_cfreq, ht_oper->primary_chan, 3100 cbss->channel->band); 3101 ht_oper = NULL; 3102 } else { 3103 channel_type = NL80211_CHAN_HT20; 3104 } 3105 } 3106 3107 if (ht_oper && sband->ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) { 3108 /* 3109 * cfg80211 already verified that the channel itself can 3110 * be used, but it didn't check that we can do the right 3111 * HT type, so do that here as well. If HT40 isn't allowed 3112 * on this channel, disable 40 MHz operation. 3113 */ 3114 3115 switch (ht_oper->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 3116 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 3117 if (cbss->channel->flags & IEEE80211_CHAN_NO_HT40PLUS) 3118 ifmgd->flags |= IEEE80211_STA_DISABLE_40MHZ; 3119 else 3120 channel_type = NL80211_CHAN_HT40PLUS; 3121 break; 3122 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 3123 if (cbss->channel->flags & IEEE80211_CHAN_NO_HT40MINUS) 3124 ifmgd->flags |= IEEE80211_STA_DISABLE_40MHZ; 3125 else 3126 channel_type = NL80211_CHAN_HT40MINUS; 3127 break; 3128 } 3129 } 3130 3131 if (!ieee80211_set_channel_type(local, sdata, channel_type)) { 3132 /* can only fail due to HT40+/- mismatch */ 3133 channel_type = NL80211_CHAN_HT20; 3134 sdata_info(sdata, 3135 "disabling 40 MHz due to multi-vif mismatch\n"); 3136 ifmgd->flags |= IEEE80211_STA_DISABLE_40MHZ; 3137 WARN_ON(!ieee80211_set_channel_type(local, sdata, 3138 channel_type)); 3139 } 3140 3141 local->oper_channel = cbss->channel; 3142 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL); 3143 3144 return 0; 3145 } 3146 3147 static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata, 3148 struct cfg80211_bss *cbss, bool assoc) 3149 { 3150 struct ieee80211_local *local = sdata->local; 3151 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3152 struct ieee80211_bss *bss = (void *)cbss->priv; 3153 struct sta_info *new_sta = NULL; 3154 bool have_sta = false; 3155 int err; 3156 3157 if (WARN_ON(!ifmgd->auth_data && !ifmgd->assoc_data)) 3158 return -EINVAL; 3159 3160 if (assoc) { 3161 rcu_read_lock(); 3162 have_sta = sta_info_get(sdata, cbss->bssid); 3163 rcu_read_unlock(); 3164 } 3165 3166 if (!have_sta) { 3167 new_sta = sta_info_alloc(sdata, cbss->bssid, GFP_KERNEL); 3168 if (!new_sta) 3169 return -ENOMEM; 3170 } 3171 3172 mutex_lock(&local->mtx); 3173 ieee80211_recalc_idle(sdata->local); 3174 mutex_unlock(&local->mtx); 3175 3176 if (new_sta) { 3177 u32 rates = 0, basic_rates = 0; 3178 bool have_higher_than_11mbit; 3179 int min_rate = INT_MAX, min_rate_index = -1; 3180 struct ieee80211_supported_band *sband; 3181 3182 sband = local->hw.wiphy->bands[cbss->channel->band]; 3183 3184 err = ieee80211_prep_channel(sdata, cbss); 3185 if (err) { 3186 sta_info_free(local, new_sta); 3187 return err; 3188 } 3189 3190 ieee80211_get_rates(sband, bss->supp_rates, 3191 bss->supp_rates_len, 3192 &rates, &basic_rates, 3193 &have_higher_than_11mbit, 3194 &min_rate, &min_rate_index); 3195 3196 /* 3197 * This used to be a workaround for basic rates missing 3198 * in the association response frame. Now that we no 3199 * longer use the basic rates from there, it probably 3200 * doesn't happen any more, but keep the workaround so 3201 * in case some *other* APs are buggy in different ways 3202 * we can connect -- with a warning. 3203 */ 3204 if (!basic_rates && min_rate_index >= 0) { 3205 sdata_info(sdata, 3206 "No basic rates, using min rate instead\n"); 3207 basic_rates = BIT(min_rate_index); 3208 } 3209 3210 new_sta->sta.supp_rates[cbss->channel->band] = rates; 3211 sdata->vif.bss_conf.basic_rates = basic_rates; 3212 3213 /* cf. IEEE 802.11 9.2.12 */ 3214 if (local->oper_channel->band == IEEE80211_BAND_2GHZ && 3215 have_higher_than_11mbit) 3216 sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE; 3217 else 3218 sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE; 3219 3220 memcpy(ifmgd->bssid, cbss->bssid, ETH_ALEN); 3221 3222 /* set timing information */ 3223 sdata->vif.bss_conf.beacon_int = cbss->beacon_interval; 3224 sdata->vif.bss_conf.sync_tsf = cbss->tsf; 3225 sdata->vif.bss_conf.sync_device_ts = bss->device_ts; 3226 3227 /* tell driver about BSSID, basic rates and timing */ 3228 ieee80211_bss_info_change_notify(sdata, 3229 BSS_CHANGED_BSSID | BSS_CHANGED_BASIC_RATES | 3230 BSS_CHANGED_BEACON_INT); 3231 3232 if (assoc) 3233 sta_info_pre_move_state(new_sta, IEEE80211_STA_AUTH); 3234 3235 err = sta_info_insert(new_sta); 3236 new_sta = NULL; 3237 if (err) { 3238 sdata_info(sdata, 3239 "failed to insert STA entry for the AP (error %d)\n", 3240 err); 3241 return err; 3242 } 3243 } else 3244 WARN_ON_ONCE(!ether_addr_equal(ifmgd->bssid, cbss->bssid)); 3245 3246 return 0; 3247 } 3248 3249 /* config hooks */ 3250 int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata, 3251 struct cfg80211_auth_request *req) 3252 { 3253 struct ieee80211_local *local = sdata->local; 3254 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3255 struct ieee80211_mgd_auth_data *auth_data; 3256 u16 auth_alg; 3257 int err; 3258 3259 /* prepare auth data structure */ 3260 3261 switch (req->auth_type) { 3262 case NL80211_AUTHTYPE_OPEN_SYSTEM: 3263 auth_alg = WLAN_AUTH_OPEN; 3264 break; 3265 case NL80211_AUTHTYPE_SHARED_KEY: 3266 if (IS_ERR(local->wep_tx_tfm)) 3267 return -EOPNOTSUPP; 3268 auth_alg = WLAN_AUTH_SHARED_KEY; 3269 break; 3270 case NL80211_AUTHTYPE_FT: 3271 auth_alg = WLAN_AUTH_FT; 3272 break; 3273 case NL80211_AUTHTYPE_NETWORK_EAP: 3274 auth_alg = WLAN_AUTH_LEAP; 3275 break; 3276 default: 3277 return -EOPNOTSUPP; 3278 } 3279 3280 auth_data = kzalloc(sizeof(*auth_data) + req->ie_len, GFP_KERNEL); 3281 if (!auth_data) 3282 return -ENOMEM; 3283 3284 auth_data->bss = req->bss; 3285 3286 if (req->ie && req->ie_len) { 3287 memcpy(auth_data->ie, req->ie, req->ie_len); 3288 auth_data->ie_len = req->ie_len; 3289 } 3290 3291 if (req->key && req->key_len) { 3292 auth_data->key_len = req->key_len; 3293 auth_data->key_idx = req->key_idx; 3294 memcpy(auth_data->key, req->key, req->key_len); 3295 } 3296 3297 auth_data->algorithm = auth_alg; 3298 3299 /* try to authenticate/probe */ 3300 3301 mutex_lock(&ifmgd->mtx); 3302 3303 if ((ifmgd->auth_data && !ifmgd->auth_data->done) || 3304 ifmgd->assoc_data) { 3305 err = -EBUSY; 3306 goto err_free; 3307 } 3308 3309 if (ifmgd->auth_data) 3310 ieee80211_destroy_auth_data(sdata, false); 3311 3312 /* prep auth_data so we don't go into idle on disassoc */ 3313 ifmgd->auth_data = auth_data; 3314 3315 if (ifmgd->associated) 3316 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 3317 3318 sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid); 3319 3320 err = ieee80211_prep_connection(sdata, req->bss, false); 3321 if (err) 3322 goto err_clear; 3323 3324 err = ieee80211_probe_auth(sdata); 3325 if (err) { 3326 sta_info_destroy_addr(sdata, req->bss->bssid); 3327 goto err_clear; 3328 } 3329 3330 /* hold our own reference */ 3331 cfg80211_ref_bss(auth_data->bss); 3332 err = 0; 3333 goto out_unlock; 3334 3335 err_clear: 3336 memset(ifmgd->bssid, 0, ETH_ALEN); 3337 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 3338 ifmgd->auth_data = NULL; 3339 err_free: 3340 kfree(auth_data); 3341 out_unlock: 3342 mutex_unlock(&ifmgd->mtx); 3343 3344 return err; 3345 } 3346 3347 int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata, 3348 struct cfg80211_assoc_request *req) 3349 { 3350 struct ieee80211_local *local = sdata->local; 3351 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3352 struct ieee80211_bss *bss = (void *)req->bss->priv; 3353 struct ieee80211_mgd_assoc_data *assoc_data; 3354 struct ieee80211_supported_band *sband; 3355 const u8 *ssidie, *ht_ie; 3356 int i, err; 3357 3358 ssidie = ieee80211_bss_get_ie(req->bss, WLAN_EID_SSID); 3359 if (!ssidie) 3360 return -EINVAL; 3361 3362 assoc_data = kzalloc(sizeof(*assoc_data) + req->ie_len, GFP_KERNEL); 3363 if (!assoc_data) 3364 return -ENOMEM; 3365 3366 mutex_lock(&ifmgd->mtx); 3367 3368 if (ifmgd->associated) 3369 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 3370 3371 if (ifmgd->auth_data && !ifmgd->auth_data->done) { 3372 err = -EBUSY; 3373 goto err_free; 3374 } 3375 3376 if (ifmgd->assoc_data) { 3377 err = -EBUSY; 3378 goto err_free; 3379 } 3380 3381 if (ifmgd->auth_data) { 3382 bool match; 3383 3384 /* keep sta info, bssid if matching */ 3385 match = ether_addr_equal(ifmgd->bssid, req->bss->bssid); 3386 ieee80211_destroy_auth_data(sdata, match); 3387 } 3388 3389 /* prepare assoc data */ 3390 3391 /* 3392 * keep only the 40 MHz disable bit set as it might have 3393 * been set during authentication already, all other bits 3394 * should be reset for a new connection 3395 */ 3396 ifmgd->flags &= IEEE80211_STA_DISABLE_40MHZ; 3397 3398 ifmgd->beacon_crc_valid = false; 3399 3400 /* 3401 * IEEE802.11n does not allow TKIP/WEP as pairwise ciphers in HT mode. 3402 * We still associate in non-HT mode (11a/b/g) if any one of these 3403 * ciphers is configured as pairwise. 3404 * We can set this to true for non-11n hardware, that'll be checked 3405 * separately along with the peer capabilities. 3406 */ 3407 for (i = 0; i < req->crypto.n_ciphers_pairwise; i++) { 3408 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 || 3409 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP || 3410 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) { 3411 ifmgd->flags |= IEEE80211_STA_DISABLE_11N; 3412 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 3413 netdev_info(sdata->dev, 3414 "disabling HT/VHT due to WEP/TKIP use\n"); 3415 } 3416 } 3417 3418 if (req->flags & ASSOC_REQ_DISABLE_HT) { 3419 ifmgd->flags |= IEEE80211_STA_DISABLE_11N; 3420 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 3421 } 3422 3423 /* Also disable HT if we don't support it or the AP doesn't use WMM */ 3424 sband = local->hw.wiphy->bands[req->bss->channel->band]; 3425 if (!sband->ht_cap.ht_supported || 3426 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used) { 3427 ifmgd->flags |= IEEE80211_STA_DISABLE_11N; 3428 if (!bss->wmm_used) 3429 netdev_info(sdata->dev, 3430 "disabling HT as WMM/QoS is not supported by the AP\n"); 3431 } 3432 3433 /* disable VHT if we don't support it or the AP doesn't use WMM */ 3434 if (!sband->vht_cap.vht_supported || 3435 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used) { 3436 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 3437 if (!bss->wmm_used) 3438 netdev_info(sdata->dev, 3439 "disabling VHT as WMM/QoS is not supported by the AP\n"); 3440 } 3441 3442 memcpy(&ifmgd->ht_capa, &req->ht_capa, sizeof(ifmgd->ht_capa)); 3443 memcpy(&ifmgd->ht_capa_mask, &req->ht_capa_mask, 3444 sizeof(ifmgd->ht_capa_mask)); 3445 3446 if (req->ie && req->ie_len) { 3447 memcpy(assoc_data->ie, req->ie, req->ie_len); 3448 assoc_data->ie_len = req->ie_len; 3449 } 3450 3451 assoc_data->bss = req->bss; 3452 3453 if (ifmgd->req_smps == IEEE80211_SMPS_AUTOMATIC) { 3454 if (ifmgd->powersave) 3455 ifmgd->ap_smps = IEEE80211_SMPS_DYNAMIC; 3456 else 3457 ifmgd->ap_smps = IEEE80211_SMPS_OFF; 3458 } else 3459 ifmgd->ap_smps = ifmgd->req_smps; 3460 3461 assoc_data->capability = req->bss->capability; 3462 assoc_data->wmm = bss->wmm_used && 3463 (local->hw.queues >= IEEE80211_NUM_ACS); 3464 assoc_data->supp_rates = bss->supp_rates; 3465 assoc_data->supp_rates_len = bss->supp_rates_len; 3466 3467 ht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_HT_OPERATION); 3468 if (ht_ie && ht_ie[1] >= sizeof(struct ieee80211_ht_operation)) 3469 assoc_data->ap_ht_param = 3470 ((struct ieee80211_ht_operation *)(ht_ie + 2))->ht_param; 3471 else 3472 ifmgd->flags |= IEEE80211_STA_DISABLE_11N; 3473 3474 if (bss->wmm_used && bss->uapsd_supported && 3475 (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD)) { 3476 assoc_data->uapsd = true; 3477 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED; 3478 } else { 3479 assoc_data->uapsd = false; 3480 ifmgd->flags &= ~IEEE80211_STA_UAPSD_ENABLED; 3481 } 3482 3483 memcpy(assoc_data->ssid, ssidie + 2, ssidie[1]); 3484 assoc_data->ssid_len = ssidie[1]; 3485 3486 if (req->prev_bssid) 3487 memcpy(assoc_data->prev_bssid, req->prev_bssid, ETH_ALEN); 3488 3489 if (req->use_mfp) { 3490 ifmgd->mfp = IEEE80211_MFP_REQUIRED; 3491 ifmgd->flags |= IEEE80211_STA_MFP_ENABLED; 3492 } else { 3493 ifmgd->mfp = IEEE80211_MFP_DISABLED; 3494 ifmgd->flags &= ~IEEE80211_STA_MFP_ENABLED; 3495 } 3496 3497 if (req->crypto.control_port) 3498 ifmgd->flags |= IEEE80211_STA_CONTROL_PORT; 3499 else 3500 ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT; 3501 3502 sdata->control_port_protocol = req->crypto.control_port_ethertype; 3503 sdata->control_port_no_encrypt = req->crypto.control_port_no_encrypt; 3504 3505 /* kick off associate process */ 3506 3507 ifmgd->assoc_data = assoc_data; 3508 3509 err = ieee80211_prep_connection(sdata, req->bss, true); 3510 if (err) 3511 goto err_clear; 3512 3513 if (!bss->dtim_period && 3514 sdata->local->hw.flags & IEEE80211_HW_NEED_DTIM_PERIOD) { 3515 /* 3516 * Wait up to one beacon interval ... 3517 * should this be more if we miss one? 3518 */ 3519 sdata_info(sdata, "waiting for beacon from %pM\n", 3520 ifmgd->bssid); 3521 assoc_data->timeout = TU_TO_EXP_TIME(req->bss->beacon_interval); 3522 } else { 3523 assoc_data->have_beacon = true; 3524 assoc_data->sent_assoc = false; 3525 assoc_data->timeout = jiffies; 3526 } 3527 run_again(ifmgd, assoc_data->timeout); 3528 3529 if (bss->corrupt_data) { 3530 char *corrupt_type = "data"; 3531 if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_BEACON) { 3532 if (bss->corrupt_data & 3533 IEEE80211_BSS_CORRUPT_PROBE_RESP) 3534 corrupt_type = "beacon and probe response"; 3535 else 3536 corrupt_type = "beacon"; 3537 } else if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP) 3538 corrupt_type = "probe response"; 3539 sdata_info(sdata, "associating with AP with corrupt %s\n", 3540 corrupt_type); 3541 } 3542 3543 err = 0; 3544 goto out; 3545 err_clear: 3546 memset(ifmgd->bssid, 0, ETH_ALEN); 3547 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 3548 ifmgd->assoc_data = NULL; 3549 err_free: 3550 kfree(assoc_data); 3551 out: 3552 mutex_unlock(&ifmgd->mtx); 3553 3554 return err; 3555 } 3556 3557 int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata, 3558 struct cfg80211_deauth_request *req) 3559 { 3560 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3561 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 3562 bool tx = !req->local_state_change; 3563 3564 mutex_lock(&ifmgd->mtx); 3565 3566 if (ifmgd->auth_data) { 3567 ieee80211_destroy_auth_data(sdata, false); 3568 mutex_unlock(&ifmgd->mtx); 3569 return 0; 3570 } 3571 3572 sdata_info(sdata, 3573 "deauthenticating from %pM by local choice (reason=%d)\n", 3574 req->bssid, req->reason_code); 3575 3576 if (ifmgd->associated && 3577 ether_addr_equal(ifmgd->associated->bssid, req->bssid)) { 3578 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 3579 req->reason_code, tx, frame_buf); 3580 } else { 3581 drv_mgd_prepare_tx(sdata->local, sdata); 3582 ieee80211_send_deauth_disassoc(sdata, req->bssid, 3583 IEEE80211_STYPE_DEAUTH, 3584 req->reason_code, tx, 3585 frame_buf); 3586 } 3587 3588 mutex_unlock(&ifmgd->mtx); 3589 3590 __cfg80211_send_deauth(sdata->dev, frame_buf, 3591 IEEE80211_DEAUTH_FRAME_LEN); 3592 3593 mutex_lock(&sdata->local->mtx); 3594 ieee80211_recalc_idle(sdata->local); 3595 mutex_unlock(&sdata->local->mtx); 3596 3597 return 0; 3598 } 3599 3600 int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata, 3601 struct cfg80211_disassoc_request *req) 3602 { 3603 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3604 u8 bssid[ETH_ALEN]; 3605 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 3606 3607 mutex_lock(&ifmgd->mtx); 3608 3609 /* 3610 * cfg80211 should catch this ... but it's racy since 3611 * we can receive a disassoc frame, process it, hand it 3612 * to cfg80211 while that's in a locked section already 3613 * trying to tell us that the user wants to disconnect. 3614 */ 3615 if (ifmgd->associated != req->bss) { 3616 mutex_unlock(&ifmgd->mtx); 3617 return -ENOLINK; 3618 } 3619 3620 sdata_info(sdata, 3621 "disassociating from %pM by local choice (reason=%d)\n", 3622 req->bss->bssid, req->reason_code); 3623 3624 memcpy(bssid, req->bss->bssid, ETH_ALEN); 3625 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DISASSOC, 3626 req->reason_code, !req->local_state_change, 3627 frame_buf); 3628 mutex_unlock(&ifmgd->mtx); 3629 3630 __cfg80211_send_disassoc(sdata->dev, frame_buf, 3631 IEEE80211_DEAUTH_FRAME_LEN); 3632 3633 mutex_lock(&sdata->local->mtx); 3634 ieee80211_recalc_idle(sdata->local); 3635 mutex_unlock(&sdata->local->mtx); 3636 3637 return 0; 3638 } 3639 3640 void ieee80211_mgd_stop(struct ieee80211_sub_if_data *sdata) 3641 { 3642 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3643 3644 mutex_lock(&ifmgd->mtx); 3645 if (ifmgd->assoc_data) 3646 ieee80211_destroy_assoc_data(sdata, false); 3647 if (ifmgd->auth_data) 3648 ieee80211_destroy_auth_data(sdata, false); 3649 del_timer_sync(&ifmgd->timer); 3650 mutex_unlock(&ifmgd->mtx); 3651 } 3652 3653 void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif, 3654 enum nl80211_cqm_rssi_threshold_event rssi_event, 3655 gfp_t gfp) 3656 { 3657 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 3658 3659 trace_api_cqm_rssi_notify(sdata, rssi_event); 3660 3661 cfg80211_cqm_rssi_notify(sdata->dev, rssi_event, gfp); 3662 } 3663 EXPORT_SYMBOL(ieee80211_cqm_rssi_notify); 3664