1 /* 2 * BSS client mode implementation 3 * Copyright 2003-2008, Jouni Malinen <j@w1.fi> 4 * Copyright 2004, Instant802 Networks, Inc. 5 * Copyright 2005, Devicescape Software, Inc. 6 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 7 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 8 * 9 * This program is free software; you can redistribute it and/or modify 10 * it under the terms of the GNU General Public License version 2 as 11 * published by the Free Software Foundation. 12 */ 13 14 #include <linux/delay.h> 15 #include <linux/if_ether.h> 16 #include <linux/skbuff.h> 17 #include <linux/if_arp.h> 18 #include <linux/etherdevice.h> 19 #include <linux/moduleparam.h> 20 #include <linux/rtnetlink.h> 21 #include <linux/pm_qos.h> 22 #include <linux/crc32.h> 23 #include <linux/slab.h> 24 #include <linux/export.h> 25 #include <net/mac80211.h> 26 #include <asm/unaligned.h> 27 28 #include "ieee80211_i.h" 29 #include "driver-ops.h" 30 #include "rate.h" 31 #include "led.h" 32 33 #define IEEE80211_AUTH_TIMEOUT (HZ / 5) 34 #define IEEE80211_AUTH_MAX_TRIES 3 35 #define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5) 36 #define IEEE80211_ASSOC_TIMEOUT (HZ / 5) 37 #define IEEE80211_ASSOC_MAX_TRIES 3 38 39 static int max_nullfunc_tries = 2; 40 module_param(max_nullfunc_tries, int, 0644); 41 MODULE_PARM_DESC(max_nullfunc_tries, 42 "Maximum nullfunc tx tries before disconnecting (reason 4)."); 43 44 static int max_probe_tries = 5; 45 module_param(max_probe_tries, int, 0644); 46 MODULE_PARM_DESC(max_probe_tries, 47 "Maximum probe tries before disconnecting (reason 4)."); 48 49 /* 50 * Beacon loss timeout is calculated as N frames times the 51 * advertised beacon interval. This may need to be somewhat 52 * higher than what hardware might detect to account for 53 * delays in the host processing frames. But since we also 54 * probe on beacon miss before declaring the connection lost 55 * default to what we want. 56 */ 57 #define IEEE80211_BEACON_LOSS_COUNT 7 58 59 /* 60 * Time the connection can be idle before we probe 61 * it to see if we can still talk to the AP. 62 */ 63 #define IEEE80211_CONNECTION_IDLE_TIME (30 * HZ) 64 /* 65 * Time we wait for a probe response after sending 66 * a probe request because of beacon loss or for 67 * checking the connection still works. 68 */ 69 static int probe_wait_ms = 500; 70 module_param(probe_wait_ms, int, 0644); 71 MODULE_PARM_DESC(probe_wait_ms, 72 "Maximum time(ms) to wait for probe response" 73 " before disconnecting (reason 4)."); 74 75 /* 76 * Weight given to the latest Beacon frame when calculating average signal 77 * strength for Beacon frames received in the current BSS. This must be 78 * between 1 and 15. 79 */ 80 #define IEEE80211_SIGNAL_AVE_WEIGHT 3 81 82 /* 83 * How many Beacon frames need to have been used in average signal strength 84 * before starting to indicate signal change events. 85 */ 86 #define IEEE80211_SIGNAL_AVE_MIN_COUNT 4 87 88 #define TMR_RUNNING_TIMER 0 89 #define TMR_RUNNING_CHANSW 1 90 91 #define DEAUTH_DISASSOC_LEN (24 /* hdr */ + 2 /* reason */) 92 93 /* 94 * All cfg80211 functions have to be called outside a locked 95 * section so that they can acquire a lock themselves... This 96 * is much simpler than queuing up things in cfg80211, but we 97 * do need some indirection for that here. 98 */ 99 enum rx_mgmt_action { 100 /* no action required */ 101 RX_MGMT_NONE, 102 103 /* caller must call cfg80211_send_deauth() */ 104 RX_MGMT_CFG80211_DEAUTH, 105 106 /* caller must call cfg80211_send_disassoc() */ 107 RX_MGMT_CFG80211_DISASSOC, 108 109 /* caller must call cfg80211_send_rx_auth() */ 110 RX_MGMT_CFG80211_RX_AUTH, 111 112 /* caller must call cfg80211_send_rx_assoc() */ 113 RX_MGMT_CFG80211_RX_ASSOC, 114 115 /* caller must call cfg80211_send_assoc_timeout() */ 116 RX_MGMT_CFG80211_ASSOC_TIMEOUT, 117 }; 118 119 /* utils */ 120 static inline void ASSERT_MGD_MTX(struct ieee80211_if_managed *ifmgd) 121 { 122 lockdep_assert_held(&ifmgd->mtx); 123 } 124 125 /* 126 * We can have multiple work items (and connection probing) 127 * scheduling this timer, but we need to take care to only 128 * reschedule it when it should fire _earlier_ than it was 129 * asked for before, or if it's not pending right now. This 130 * function ensures that. Note that it then is required to 131 * run this function for all timeouts after the first one 132 * has happened -- the work that runs from this timer will 133 * do that. 134 */ 135 static void run_again(struct ieee80211_if_managed *ifmgd, unsigned long timeout) 136 { 137 ASSERT_MGD_MTX(ifmgd); 138 139 if (!timer_pending(&ifmgd->timer) || 140 time_before(timeout, ifmgd->timer.expires)) 141 mod_timer(&ifmgd->timer, timeout); 142 } 143 144 void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata) 145 { 146 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER) 147 return; 148 149 mod_timer(&sdata->u.mgd.bcn_mon_timer, 150 round_jiffies_up(jiffies + sdata->u.mgd.beacon_timeout)); 151 } 152 153 void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata) 154 { 155 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 156 157 if (unlikely(!sdata->u.mgd.associated)) 158 return; 159 160 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 161 return; 162 163 mod_timer(&sdata->u.mgd.conn_mon_timer, 164 round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME)); 165 166 ifmgd->probe_send_count = 0; 167 } 168 169 static int ecw2cw(int ecw) 170 { 171 return (1 << ecw) - 1; 172 } 173 174 static u32 ieee80211_config_ht_tx(struct ieee80211_sub_if_data *sdata, 175 struct ieee80211_ht_operation *ht_oper, 176 const u8 *bssid, bool reconfig) 177 { 178 struct ieee80211_local *local = sdata->local; 179 struct ieee80211_supported_band *sband; 180 struct sta_info *sta; 181 u32 changed = 0; 182 u16 ht_opmode; 183 bool disable_40 = false; 184 185 sband = local->hw.wiphy->bands[local->hw.conf.channel->band]; 186 187 switch (sdata->vif.bss_conf.channel_type) { 188 case NL80211_CHAN_HT40PLUS: 189 if (local->hw.conf.channel->flags & IEEE80211_CHAN_NO_HT40PLUS) 190 disable_40 = true; 191 break; 192 case NL80211_CHAN_HT40MINUS: 193 if (local->hw.conf.channel->flags & IEEE80211_CHAN_NO_HT40MINUS) 194 disable_40 = true; 195 break; 196 default: 197 break; 198 } 199 200 /* This can change during the lifetime of the BSS */ 201 if (!(ht_oper->ht_param & IEEE80211_HT_PARAM_CHAN_WIDTH_ANY)) 202 disable_40 = true; 203 204 mutex_lock(&local->sta_mtx); 205 sta = sta_info_get(sdata, bssid); 206 207 WARN_ON_ONCE(!sta); 208 209 if (sta && !sta->supports_40mhz) 210 disable_40 = true; 211 212 if (sta && (!reconfig || 213 (disable_40 != !(sta->sta.ht_cap.cap & 214 IEEE80211_HT_CAP_SUP_WIDTH_20_40)))) { 215 216 if (disable_40) 217 sta->sta.ht_cap.cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 218 else 219 sta->sta.ht_cap.cap |= IEEE80211_HT_CAP_SUP_WIDTH_20_40; 220 221 rate_control_rate_update(local, sband, sta, 222 IEEE80211_RC_BW_CHANGED); 223 } 224 mutex_unlock(&local->sta_mtx); 225 226 ht_opmode = le16_to_cpu(ht_oper->operation_mode); 227 228 /* if bss configuration changed store the new one */ 229 if (!reconfig || (sdata->vif.bss_conf.ht_operation_mode != ht_opmode)) { 230 changed |= BSS_CHANGED_HT; 231 sdata->vif.bss_conf.ht_operation_mode = ht_opmode; 232 } 233 234 return changed; 235 } 236 237 /* frame sending functions */ 238 239 static int ieee80211_compatible_rates(const u8 *supp_rates, int supp_rates_len, 240 struct ieee80211_supported_band *sband, 241 u32 *rates) 242 { 243 int i, j, count; 244 *rates = 0; 245 count = 0; 246 for (i = 0; i < supp_rates_len; i++) { 247 int rate = (supp_rates[i] & 0x7F) * 5; 248 249 for (j = 0; j < sband->n_bitrates; j++) 250 if (sband->bitrates[j].bitrate == rate) { 251 *rates |= BIT(j); 252 count++; 253 break; 254 } 255 } 256 257 return count; 258 } 259 260 static void ieee80211_add_ht_ie(struct ieee80211_sub_if_data *sdata, 261 struct sk_buff *skb, u8 ap_ht_param, 262 struct ieee80211_supported_band *sband, 263 struct ieee80211_channel *channel, 264 enum ieee80211_smps_mode smps) 265 { 266 u8 *pos; 267 u32 flags = channel->flags; 268 u16 cap; 269 struct ieee80211_sta_ht_cap ht_cap; 270 271 BUILD_BUG_ON(sizeof(ht_cap) != sizeof(sband->ht_cap)); 272 273 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap)); 274 ieee80211_apply_htcap_overrides(sdata, &ht_cap); 275 276 /* determine capability flags */ 277 cap = ht_cap.cap; 278 279 switch (ap_ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 280 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 281 if (flags & IEEE80211_CHAN_NO_HT40PLUS) { 282 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 283 cap &= ~IEEE80211_HT_CAP_SGI_40; 284 } 285 break; 286 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 287 if (flags & IEEE80211_CHAN_NO_HT40MINUS) { 288 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 289 cap &= ~IEEE80211_HT_CAP_SGI_40; 290 } 291 break; 292 } 293 294 /* 295 * If 40 MHz was disabled associate as though we weren't 296 * capable of 40 MHz -- some broken APs will never fall 297 * back to trying to transmit in 20 MHz. 298 */ 299 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_40MHZ) { 300 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 301 cap &= ~IEEE80211_HT_CAP_SGI_40; 302 } 303 304 /* set SM PS mode properly */ 305 cap &= ~IEEE80211_HT_CAP_SM_PS; 306 switch (smps) { 307 case IEEE80211_SMPS_AUTOMATIC: 308 case IEEE80211_SMPS_NUM_MODES: 309 WARN_ON(1); 310 case IEEE80211_SMPS_OFF: 311 cap |= WLAN_HT_CAP_SM_PS_DISABLED << 312 IEEE80211_HT_CAP_SM_PS_SHIFT; 313 break; 314 case IEEE80211_SMPS_STATIC: 315 cap |= WLAN_HT_CAP_SM_PS_STATIC << 316 IEEE80211_HT_CAP_SM_PS_SHIFT; 317 break; 318 case IEEE80211_SMPS_DYNAMIC: 319 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC << 320 IEEE80211_HT_CAP_SM_PS_SHIFT; 321 break; 322 } 323 324 /* reserve and fill IE */ 325 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2); 326 ieee80211_ie_build_ht_cap(pos, &ht_cap, cap); 327 } 328 329 static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata) 330 { 331 struct ieee80211_local *local = sdata->local; 332 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 333 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 334 struct sk_buff *skb; 335 struct ieee80211_mgmt *mgmt; 336 u8 *pos, qos_info; 337 size_t offset = 0, noffset; 338 int i, count, rates_len, supp_rates_len; 339 u16 capab; 340 struct ieee80211_supported_band *sband; 341 u32 rates = 0; 342 343 lockdep_assert_held(&ifmgd->mtx); 344 345 sband = local->hw.wiphy->bands[local->oper_channel->band]; 346 347 if (assoc_data->supp_rates_len) { 348 /* 349 * Get all rates supported by the device and the AP as 350 * some APs don't like getting a superset of their rates 351 * in the association request (e.g. D-Link DAP 1353 in 352 * b-only mode)... 353 */ 354 rates_len = ieee80211_compatible_rates(assoc_data->supp_rates, 355 assoc_data->supp_rates_len, 356 sband, &rates); 357 } else { 358 /* 359 * In case AP not provide any supported rates information 360 * before association, we send information element(s) with 361 * all rates that we support. 362 */ 363 rates = ~0; 364 rates_len = sband->n_bitrates; 365 } 366 367 skb = alloc_skb(local->hw.extra_tx_headroom + 368 sizeof(*mgmt) + /* bit too much but doesn't matter */ 369 2 + assoc_data->ssid_len + /* SSID */ 370 4 + rates_len + /* (extended) rates */ 371 4 + /* power capability */ 372 2 + 2 * sband->n_channels + /* supported channels */ 373 2 + sizeof(struct ieee80211_ht_cap) + /* HT */ 374 assoc_data->ie_len + /* extra IEs */ 375 9, /* WMM */ 376 GFP_KERNEL); 377 if (!skb) 378 return; 379 380 skb_reserve(skb, local->hw.extra_tx_headroom); 381 382 capab = WLAN_CAPABILITY_ESS; 383 384 if (sband->band == IEEE80211_BAND_2GHZ) { 385 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE)) 386 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME; 387 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE)) 388 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE; 389 } 390 391 if (assoc_data->capability & WLAN_CAPABILITY_PRIVACY) 392 capab |= WLAN_CAPABILITY_PRIVACY; 393 394 if ((assoc_data->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) && 395 (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT)) 396 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT; 397 398 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24); 399 memset(mgmt, 0, 24); 400 memcpy(mgmt->da, assoc_data->bss->bssid, ETH_ALEN); 401 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 402 memcpy(mgmt->bssid, assoc_data->bss->bssid, ETH_ALEN); 403 404 if (!is_zero_ether_addr(assoc_data->prev_bssid)) { 405 skb_put(skb, 10); 406 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 407 IEEE80211_STYPE_REASSOC_REQ); 408 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab); 409 mgmt->u.reassoc_req.listen_interval = 410 cpu_to_le16(local->hw.conf.listen_interval); 411 memcpy(mgmt->u.reassoc_req.current_ap, assoc_data->prev_bssid, 412 ETH_ALEN); 413 } else { 414 skb_put(skb, 4); 415 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 416 IEEE80211_STYPE_ASSOC_REQ); 417 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab); 418 mgmt->u.assoc_req.listen_interval = 419 cpu_to_le16(local->hw.conf.listen_interval); 420 } 421 422 /* SSID */ 423 pos = skb_put(skb, 2 + assoc_data->ssid_len); 424 *pos++ = WLAN_EID_SSID; 425 *pos++ = assoc_data->ssid_len; 426 memcpy(pos, assoc_data->ssid, assoc_data->ssid_len); 427 428 /* add all rates which were marked to be used above */ 429 supp_rates_len = rates_len; 430 if (supp_rates_len > 8) 431 supp_rates_len = 8; 432 433 pos = skb_put(skb, supp_rates_len + 2); 434 *pos++ = WLAN_EID_SUPP_RATES; 435 *pos++ = supp_rates_len; 436 437 count = 0; 438 for (i = 0; i < sband->n_bitrates; i++) { 439 if (BIT(i) & rates) { 440 int rate = sband->bitrates[i].bitrate; 441 *pos++ = (u8) (rate / 5); 442 if (++count == 8) 443 break; 444 } 445 } 446 447 if (rates_len > count) { 448 pos = skb_put(skb, rates_len - count + 2); 449 *pos++ = WLAN_EID_EXT_SUPP_RATES; 450 *pos++ = rates_len - count; 451 452 for (i++; i < sband->n_bitrates; i++) { 453 if (BIT(i) & rates) { 454 int rate = sband->bitrates[i].bitrate; 455 *pos++ = (u8) (rate / 5); 456 } 457 } 458 } 459 460 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) { 461 /* 1. power capabilities */ 462 pos = skb_put(skb, 4); 463 *pos++ = WLAN_EID_PWR_CAPABILITY; 464 *pos++ = 2; 465 *pos++ = 0; /* min tx power */ 466 *pos++ = local->oper_channel->max_power; /* max tx power */ 467 468 /* 2. supported channels */ 469 /* TODO: get this in reg domain format */ 470 pos = skb_put(skb, 2 * sband->n_channels + 2); 471 *pos++ = WLAN_EID_SUPPORTED_CHANNELS; 472 *pos++ = 2 * sband->n_channels; 473 for (i = 0; i < sband->n_channels; i++) { 474 *pos++ = ieee80211_frequency_to_channel( 475 sband->channels[i].center_freq); 476 *pos++ = 1; /* one channel in the subband*/ 477 } 478 } 479 480 /* if present, add any custom IEs that go before HT */ 481 if (assoc_data->ie_len && assoc_data->ie) { 482 static const u8 before_ht[] = { 483 WLAN_EID_SSID, 484 WLAN_EID_SUPP_RATES, 485 WLAN_EID_EXT_SUPP_RATES, 486 WLAN_EID_PWR_CAPABILITY, 487 WLAN_EID_SUPPORTED_CHANNELS, 488 WLAN_EID_RSN, 489 WLAN_EID_QOS_CAPA, 490 WLAN_EID_RRM_ENABLED_CAPABILITIES, 491 WLAN_EID_MOBILITY_DOMAIN, 492 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 493 }; 494 noffset = ieee80211_ie_split(assoc_data->ie, assoc_data->ie_len, 495 before_ht, ARRAY_SIZE(before_ht), 496 offset); 497 pos = skb_put(skb, noffset - offset); 498 memcpy(pos, assoc_data->ie + offset, noffset - offset); 499 offset = noffset; 500 } 501 502 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_11N)) 503 ieee80211_add_ht_ie(sdata, skb, assoc_data->ap_ht_param, 504 sband, local->oper_channel, ifmgd->ap_smps); 505 506 /* if present, add any custom non-vendor IEs that go after HT */ 507 if (assoc_data->ie_len && assoc_data->ie) { 508 noffset = ieee80211_ie_split_vendor(assoc_data->ie, 509 assoc_data->ie_len, 510 offset); 511 pos = skb_put(skb, noffset - offset); 512 memcpy(pos, assoc_data->ie + offset, noffset - offset); 513 offset = noffset; 514 } 515 516 if (assoc_data->wmm) { 517 if (assoc_data->uapsd) { 518 qos_info = ifmgd->uapsd_queues; 519 qos_info |= (ifmgd->uapsd_max_sp_len << 520 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT); 521 } else { 522 qos_info = 0; 523 } 524 525 pos = skb_put(skb, 9); 526 *pos++ = WLAN_EID_VENDOR_SPECIFIC; 527 *pos++ = 7; /* len */ 528 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */ 529 *pos++ = 0x50; 530 *pos++ = 0xf2; 531 *pos++ = 2; /* WME */ 532 *pos++ = 0; /* WME info */ 533 *pos++ = 1; /* WME ver */ 534 *pos++ = qos_info; 535 } 536 537 /* add any remaining custom (i.e. vendor specific here) IEs */ 538 if (assoc_data->ie_len && assoc_data->ie) { 539 noffset = assoc_data->ie_len; 540 pos = skb_put(skb, noffset - offset); 541 memcpy(pos, assoc_data->ie + offset, noffset - offset); 542 } 543 544 drv_mgd_prepare_tx(local, sdata); 545 546 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 547 ieee80211_tx_skb(sdata, skb); 548 } 549 550 static void ieee80211_send_deauth_disassoc(struct ieee80211_sub_if_data *sdata, 551 const u8 *bssid, u16 stype, 552 u16 reason, bool send_frame, 553 u8 *frame_buf) 554 { 555 struct ieee80211_local *local = sdata->local; 556 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 557 struct sk_buff *skb; 558 struct ieee80211_mgmt *mgmt = (void *)frame_buf; 559 560 /* build frame */ 561 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | stype); 562 mgmt->duration = 0; /* initialize only */ 563 mgmt->seq_ctrl = 0; /* initialize only */ 564 memcpy(mgmt->da, bssid, ETH_ALEN); 565 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 566 memcpy(mgmt->bssid, bssid, ETH_ALEN); 567 /* u.deauth.reason_code == u.disassoc.reason_code */ 568 mgmt->u.deauth.reason_code = cpu_to_le16(reason); 569 570 if (send_frame) { 571 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 572 DEAUTH_DISASSOC_LEN); 573 if (!skb) 574 return; 575 576 skb_reserve(skb, local->hw.extra_tx_headroom); 577 578 /* copy in frame */ 579 memcpy(skb_put(skb, DEAUTH_DISASSOC_LEN), 580 mgmt, DEAUTH_DISASSOC_LEN); 581 582 if (!(ifmgd->flags & IEEE80211_STA_MFP_ENABLED)) 583 IEEE80211_SKB_CB(skb)->flags |= 584 IEEE80211_TX_INTFL_DONT_ENCRYPT; 585 586 drv_mgd_prepare_tx(local, sdata); 587 588 ieee80211_tx_skb(sdata, skb); 589 } 590 } 591 592 void ieee80211_send_pspoll(struct ieee80211_local *local, 593 struct ieee80211_sub_if_data *sdata) 594 { 595 struct ieee80211_pspoll *pspoll; 596 struct sk_buff *skb; 597 598 skb = ieee80211_pspoll_get(&local->hw, &sdata->vif); 599 if (!skb) 600 return; 601 602 pspoll = (struct ieee80211_pspoll *) skb->data; 603 pspoll->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM); 604 605 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 606 ieee80211_tx_skb(sdata, skb); 607 } 608 609 void ieee80211_send_nullfunc(struct ieee80211_local *local, 610 struct ieee80211_sub_if_data *sdata, 611 int powersave) 612 { 613 struct sk_buff *skb; 614 struct ieee80211_hdr_3addr *nullfunc; 615 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 616 617 skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif); 618 if (!skb) 619 return; 620 621 nullfunc = (struct ieee80211_hdr_3addr *) skb->data; 622 if (powersave) 623 nullfunc->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM); 624 625 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 626 if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 627 IEEE80211_STA_CONNECTION_POLL)) 628 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE; 629 630 ieee80211_tx_skb(sdata, skb); 631 } 632 633 static void ieee80211_send_4addr_nullfunc(struct ieee80211_local *local, 634 struct ieee80211_sub_if_data *sdata) 635 { 636 struct sk_buff *skb; 637 struct ieee80211_hdr *nullfunc; 638 __le16 fc; 639 640 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 641 return; 642 643 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30); 644 if (!skb) 645 return; 646 647 skb_reserve(skb, local->hw.extra_tx_headroom); 648 649 nullfunc = (struct ieee80211_hdr *) skb_put(skb, 30); 650 memset(nullfunc, 0, 30); 651 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC | 652 IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS); 653 nullfunc->frame_control = fc; 654 memcpy(nullfunc->addr1, sdata->u.mgd.bssid, ETH_ALEN); 655 memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN); 656 memcpy(nullfunc->addr3, sdata->u.mgd.bssid, ETH_ALEN); 657 memcpy(nullfunc->addr4, sdata->vif.addr, ETH_ALEN); 658 659 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 660 ieee80211_tx_skb(sdata, skb); 661 } 662 663 /* spectrum management related things */ 664 static void ieee80211_chswitch_work(struct work_struct *work) 665 { 666 struct ieee80211_sub_if_data *sdata = 667 container_of(work, struct ieee80211_sub_if_data, u.mgd.chswitch_work); 668 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 669 670 if (!ieee80211_sdata_running(sdata)) 671 return; 672 673 mutex_lock(&ifmgd->mtx); 674 if (!ifmgd->associated) 675 goto out; 676 677 sdata->local->oper_channel = sdata->local->csa_channel; 678 if (!sdata->local->ops->channel_switch) { 679 /* call "hw_config" only if doing sw channel switch */ 680 ieee80211_hw_config(sdata->local, 681 IEEE80211_CONF_CHANGE_CHANNEL); 682 } else { 683 /* update the device channel directly */ 684 sdata->local->hw.conf.channel = sdata->local->oper_channel; 685 } 686 687 /* XXX: shouldn't really modify cfg80211-owned data! */ 688 ifmgd->associated->channel = sdata->local->oper_channel; 689 690 ieee80211_wake_queues_by_reason(&sdata->local->hw, 691 IEEE80211_QUEUE_STOP_REASON_CSA); 692 out: 693 ifmgd->flags &= ~IEEE80211_STA_CSA_RECEIVED; 694 mutex_unlock(&ifmgd->mtx); 695 } 696 697 void ieee80211_chswitch_done(struct ieee80211_vif *vif, bool success) 698 { 699 struct ieee80211_sub_if_data *sdata; 700 struct ieee80211_if_managed *ifmgd; 701 702 sdata = vif_to_sdata(vif); 703 ifmgd = &sdata->u.mgd; 704 705 trace_api_chswitch_done(sdata, success); 706 if (!success) { 707 /* 708 * If the channel switch was not successful, stay 709 * around on the old channel. We currently lack 710 * good handling of this situation, possibly we 711 * should just drop the association. 712 */ 713 sdata->local->csa_channel = sdata->local->oper_channel; 714 } 715 716 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work); 717 } 718 EXPORT_SYMBOL(ieee80211_chswitch_done); 719 720 static void ieee80211_chswitch_timer(unsigned long data) 721 { 722 struct ieee80211_sub_if_data *sdata = 723 (struct ieee80211_sub_if_data *) data; 724 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 725 726 if (sdata->local->quiescing) { 727 set_bit(TMR_RUNNING_CHANSW, &ifmgd->timers_running); 728 return; 729 } 730 731 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work); 732 } 733 734 void ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata, 735 struct ieee80211_channel_sw_ie *sw_elem, 736 struct ieee80211_bss *bss, 737 u64 timestamp) 738 { 739 struct cfg80211_bss *cbss = 740 container_of((void *)bss, struct cfg80211_bss, priv); 741 struct ieee80211_channel *new_ch; 742 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 743 int new_freq = ieee80211_channel_to_frequency(sw_elem->new_ch_num, 744 cbss->channel->band); 745 746 ASSERT_MGD_MTX(ifmgd); 747 748 if (!ifmgd->associated) 749 return; 750 751 if (sdata->local->scanning) 752 return; 753 754 /* Disregard subsequent beacons if we are already running a timer 755 processing a CSA */ 756 757 if (ifmgd->flags & IEEE80211_STA_CSA_RECEIVED) 758 return; 759 760 new_ch = ieee80211_get_channel(sdata->local->hw.wiphy, new_freq); 761 if (!new_ch || new_ch->flags & IEEE80211_CHAN_DISABLED) 762 return; 763 764 sdata->local->csa_channel = new_ch; 765 766 if (sdata->local->ops->channel_switch) { 767 /* use driver's channel switch callback */ 768 struct ieee80211_channel_switch ch_switch; 769 memset(&ch_switch, 0, sizeof(ch_switch)); 770 ch_switch.timestamp = timestamp; 771 if (sw_elem->mode) { 772 ch_switch.block_tx = true; 773 ieee80211_stop_queues_by_reason(&sdata->local->hw, 774 IEEE80211_QUEUE_STOP_REASON_CSA); 775 } 776 ch_switch.channel = new_ch; 777 ch_switch.count = sw_elem->count; 778 ifmgd->flags |= IEEE80211_STA_CSA_RECEIVED; 779 drv_channel_switch(sdata->local, &ch_switch); 780 return; 781 } 782 783 /* channel switch handled in software */ 784 if (sw_elem->count <= 1) { 785 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work); 786 } else { 787 if (sw_elem->mode) 788 ieee80211_stop_queues_by_reason(&sdata->local->hw, 789 IEEE80211_QUEUE_STOP_REASON_CSA); 790 ifmgd->flags |= IEEE80211_STA_CSA_RECEIVED; 791 mod_timer(&ifmgd->chswitch_timer, 792 jiffies + 793 msecs_to_jiffies(sw_elem->count * 794 cbss->beacon_interval)); 795 } 796 } 797 798 static void ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata, 799 u16 capab_info, u8 *pwr_constr_elem, 800 u8 pwr_constr_elem_len) 801 { 802 struct ieee80211_conf *conf = &sdata->local->hw.conf; 803 804 if (!(capab_info & WLAN_CAPABILITY_SPECTRUM_MGMT)) 805 return; 806 807 /* Power constraint IE length should be 1 octet */ 808 if (pwr_constr_elem_len != 1) 809 return; 810 811 if ((*pwr_constr_elem <= conf->channel->max_reg_power) && 812 (*pwr_constr_elem != sdata->local->power_constr_level)) { 813 sdata->local->power_constr_level = *pwr_constr_elem; 814 ieee80211_hw_config(sdata->local, 0); 815 } 816 } 817 818 void ieee80211_enable_dyn_ps(struct ieee80211_vif *vif) 819 { 820 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 821 struct ieee80211_local *local = sdata->local; 822 struct ieee80211_conf *conf = &local->hw.conf; 823 824 WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION || 825 !(local->hw.flags & IEEE80211_HW_SUPPORTS_PS) || 826 (local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)); 827 828 local->disable_dynamic_ps = false; 829 conf->dynamic_ps_timeout = local->dynamic_ps_user_timeout; 830 } 831 EXPORT_SYMBOL(ieee80211_enable_dyn_ps); 832 833 void ieee80211_disable_dyn_ps(struct ieee80211_vif *vif) 834 { 835 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 836 struct ieee80211_local *local = sdata->local; 837 struct ieee80211_conf *conf = &local->hw.conf; 838 839 WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION || 840 !(local->hw.flags & IEEE80211_HW_SUPPORTS_PS) || 841 (local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)); 842 843 local->disable_dynamic_ps = true; 844 conf->dynamic_ps_timeout = 0; 845 del_timer_sync(&local->dynamic_ps_timer); 846 ieee80211_queue_work(&local->hw, 847 &local->dynamic_ps_enable_work); 848 } 849 EXPORT_SYMBOL(ieee80211_disable_dyn_ps); 850 851 /* powersave */ 852 static void ieee80211_enable_ps(struct ieee80211_local *local, 853 struct ieee80211_sub_if_data *sdata) 854 { 855 struct ieee80211_conf *conf = &local->hw.conf; 856 857 /* 858 * If we are scanning right now then the parameters will 859 * take effect when scan finishes. 860 */ 861 if (local->scanning) 862 return; 863 864 if (conf->dynamic_ps_timeout > 0 && 865 !(local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)) { 866 mod_timer(&local->dynamic_ps_timer, jiffies + 867 msecs_to_jiffies(conf->dynamic_ps_timeout)); 868 } else { 869 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) 870 ieee80211_send_nullfunc(local, sdata, 1); 871 872 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) && 873 (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) 874 return; 875 876 conf->flags |= IEEE80211_CONF_PS; 877 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 878 } 879 } 880 881 static void ieee80211_change_ps(struct ieee80211_local *local) 882 { 883 struct ieee80211_conf *conf = &local->hw.conf; 884 885 if (local->ps_sdata) { 886 ieee80211_enable_ps(local, local->ps_sdata); 887 } else if (conf->flags & IEEE80211_CONF_PS) { 888 conf->flags &= ~IEEE80211_CONF_PS; 889 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 890 del_timer_sync(&local->dynamic_ps_timer); 891 cancel_work_sync(&local->dynamic_ps_enable_work); 892 } 893 } 894 895 static bool ieee80211_powersave_allowed(struct ieee80211_sub_if_data *sdata) 896 { 897 struct ieee80211_if_managed *mgd = &sdata->u.mgd; 898 struct sta_info *sta = NULL; 899 bool authorized = false; 900 901 if (!mgd->powersave) 902 return false; 903 904 if (mgd->broken_ap) 905 return false; 906 907 if (!mgd->associated) 908 return false; 909 910 if (mgd->flags & (IEEE80211_STA_BEACON_POLL | 911 IEEE80211_STA_CONNECTION_POLL)) 912 return false; 913 914 rcu_read_lock(); 915 sta = sta_info_get(sdata, mgd->bssid); 916 if (sta) 917 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED); 918 rcu_read_unlock(); 919 920 return authorized; 921 } 922 923 /* need to hold RTNL or interface lock */ 924 void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency) 925 { 926 struct ieee80211_sub_if_data *sdata, *found = NULL; 927 int count = 0; 928 int timeout; 929 930 if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_PS)) { 931 local->ps_sdata = NULL; 932 return; 933 } 934 935 list_for_each_entry(sdata, &local->interfaces, list) { 936 if (!ieee80211_sdata_running(sdata)) 937 continue; 938 if (sdata->vif.type == NL80211_IFTYPE_AP) { 939 /* If an AP vif is found, then disable PS 940 * by setting the count to zero thereby setting 941 * ps_sdata to NULL. 942 */ 943 count = 0; 944 break; 945 } 946 if (sdata->vif.type != NL80211_IFTYPE_STATION) 947 continue; 948 found = sdata; 949 count++; 950 } 951 952 if (count == 1 && ieee80211_powersave_allowed(found)) { 953 struct ieee80211_conf *conf = &local->hw.conf; 954 s32 beaconint_us; 955 956 if (latency < 0) 957 latency = pm_qos_request(PM_QOS_NETWORK_LATENCY); 958 959 beaconint_us = ieee80211_tu_to_usec( 960 found->vif.bss_conf.beacon_int); 961 962 timeout = local->dynamic_ps_forced_timeout; 963 if (timeout < 0) { 964 /* 965 * Go to full PSM if the user configures a very low 966 * latency requirement. 967 * The 2000 second value is there for compatibility 968 * until the PM_QOS_NETWORK_LATENCY is configured 969 * with real values. 970 */ 971 if (latency > (1900 * USEC_PER_MSEC) && 972 latency != (2000 * USEC_PER_SEC)) 973 timeout = 0; 974 else 975 timeout = 100; 976 } 977 local->dynamic_ps_user_timeout = timeout; 978 if (!local->disable_dynamic_ps) 979 conf->dynamic_ps_timeout = 980 local->dynamic_ps_user_timeout; 981 982 if (beaconint_us > latency) { 983 local->ps_sdata = NULL; 984 } else { 985 struct ieee80211_bss *bss; 986 int maxslp = 1; 987 u8 dtimper; 988 989 bss = (void *)found->u.mgd.associated->priv; 990 dtimper = bss->dtim_period; 991 992 /* If the TIM IE is invalid, pretend the value is 1 */ 993 if (!dtimper) 994 dtimper = 1; 995 else if (dtimper > 1) 996 maxslp = min_t(int, dtimper, 997 latency / beaconint_us); 998 999 local->hw.conf.max_sleep_period = maxslp; 1000 local->hw.conf.ps_dtim_period = dtimper; 1001 local->ps_sdata = found; 1002 } 1003 } else { 1004 local->ps_sdata = NULL; 1005 } 1006 1007 ieee80211_change_ps(local); 1008 } 1009 1010 void ieee80211_dynamic_ps_disable_work(struct work_struct *work) 1011 { 1012 struct ieee80211_local *local = 1013 container_of(work, struct ieee80211_local, 1014 dynamic_ps_disable_work); 1015 1016 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 1017 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 1018 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1019 } 1020 1021 ieee80211_wake_queues_by_reason(&local->hw, 1022 IEEE80211_QUEUE_STOP_REASON_PS); 1023 } 1024 1025 void ieee80211_dynamic_ps_enable_work(struct work_struct *work) 1026 { 1027 struct ieee80211_local *local = 1028 container_of(work, struct ieee80211_local, 1029 dynamic_ps_enable_work); 1030 struct ieee80211_sub_if_data *sdata = local->ps_sdata; 1031 struct ieee80211_if_managed *ifmgd; 1032 unsigned long flags; 1033 int q; 1034 1035 /* can only happen when PS was just disabled anyway */ 1036 if (!sdata) 1037 return; 1038 1039 ifmgd = &sdata->u.mgd; 1040 1041 if (local->hw.conf.flags & IEEE80211_CONF_PS) 1042 return; 1043 1044 if (!local->disable_dynamic_ps && 1045 local->hw.conf.dynamic_ps_timeout > 0) { 1046 /* don't enter PS if TX frames are pending */ 1047 if (drv_tx_frames_pending(local)) { 1048 mod_timer(&local->dynamic_ps_timer, jiffies + 1049 msecs_to_jiffies( 1050 local->hw.conf.dynamic_ps_timeout)); 1051 return; 1052 } 1053 1054 /* 1055 * transmission can be stopped by others which leads to 1056 * dynamic_ps_timer expiry. Postpone the ps timer if it 1057 * is not the actual idle state. 1058 */ 1059 spin_lock_irqsave(&local->queue_stop_reason_lock, flags); 1060 for (q = 0; q < local->hw.queues; q++) { 1061 if (local->queue_stop_reasons[q]) { 1062 spin_unlock_irqrestore(&local->queue_stop_reason_lock, 1063 flags); 1064 mod_timer(&local->dynamic_ps_timer, jiffies + 1065 msecs_to_jiffies( 1066 local->hw.conf.dynamic_ps_timeout)); 1067 return; 1068 } 1069 } 1070 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); 1071 } 1072 1073 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) && 1074 !(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) { 1075 netif_tx_stop_all_queues(sdata->dev); 1076 1077 if (drv_tx_frames_pending(local)) 1078 mod_timer(&local->dynamic_ps_timer, jiffies + 1079 msecs_to_jiffies( 1080 local->hw.conf.dynamic_ps_timeout)); 1081 else { 1082 ieee80211_send_nullfunc(local, sdata, 1); 1083 /* Flush to get the tx status of nullfunc frame */ 1084 drv_flush(local, false); 1085 } 1086 } 1087 1088 if (!((local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) && 1089 (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)) || 1090 (ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) { 1091 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED; 1092 local->hw.conf.flags |= IEEE80211_CONF_PS; 1093 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1094 } 1095 1096 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) 1097 netif_tx_wake_all_queues(sdata->dev); 1098 } 1099 1100 void ieee80211_dynamic_ps_timer(unsigned long data) 1101 { 1102 struct ieee80211_local *local = (void *) data; 1103 1104 if (local->quiescing || local->suspended) 1105 return; 1106 1107 ieee80211_queue_work(&local->hw, &local->dynamic_ps_enable_work); 1108 } 1109 1110 /* MLME */ 1111 static void ieee80211_sta_wmm_params(struct ieee80211_local *local, 1112 struct ieee80211_sub_if_data *sdata, 1113 u8 *wmm_param, size_t wmm_param_len) 1114 { 1115 struct ieee80211_tx_queue_params params; 1116 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1117 size_t left; 1118 int count; 1119 u8 *pos, uapsd_queues = 0; 1120 1121 if (!local->ops->conf_tx) 1122 return; 1123 1124 if (local->hw.queues < IEEE80211_NUM_ACS) 1125 return; 1126 1127 if (!wmm_param) 1128 return; 1129 1130 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1) 1131 return; 1132 1133 if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED) 1134 uapsd_queues = ifmgd->uapsd_queues; 1135 1136 count = wmm_param[6] & 0x0f; 1137 if (count == ifmgd->wmm_last_param_set) 1138 return; 1139 ifmgd->wmm_last_param_set = count; 1140 1141 pos = wmm_param + 8; 1142 left = wmm_param_len - 8; 1143 1144 memset(¶ms, 0, sizeof(params)); 1145 1146 sdata->wmm_acm = 0; 1147 for (; left >= 4; left -= 4, pos += 4) { 1148 int aci = (pos[0] >> 5) & 0x03; 1149 int acm = (pos[0] >> 4) & 0x01; 1150 bool uapsd = false; 1151 int queue; 1152 1153 switch (aci) { 1154 case 1: /* AC_BK */ 1155 queue = 3; 1156 if (acm) 1157 sdata->wmm_acm |= BIT(1) | BIT(2); /* BK/- */ 1158 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK) 1159 uapsd = true; 1160 break; 1161 case 2: /* AC_VI */ 1162 queue = 1; 1163 if (acm) 1164 sdata->wmm_acm |= BIT(4) | BIT(5); /* CL/VI */ 1165 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI) 1166 uapsd = true; 1167 break; 1168 case 3: /* AC_VO */ 1169 queue = 0; 1170 if (acm) 1171 sdata->wmm_acm |= BIT(6) | BIT(7); /* VO/NC */ 1172 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO) 1173 uapsd = true; 1174 break; 1175 case 0: /* AC_BE */ 1176 default: 1177 queue = 2; 1178 if (acm) 1179 sdata->wmm_acm |= BIT(0) | BIT(3); /* BE/EE */ 1180 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE) 1181 uapsd = true; 1182 break; 1183 } 1184 1185 params.aifs = pos[0] & 0x0f; 1186 params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4); 1187 params.cw_min = ecw2cw(pos[1] & 0x0f); 1188 params.txop = get_unaligned_le16(pos + 2); 1189 params.uapsd = uapsd; 1190 1191 mlme_dbg(sdata, 1192 "WMM queue=%d aci=%d acm=%d aifs=%d cWmin=%d cWmax=%d txop=%d uapsd=%d\n", 1193 queue, aci, acm, 1194 params.aifs, params.cw_min, params.cw_max, 1195 params.txop, params.uapsd); 1196 sdata->tx_conf[queue] = params; 1197 if (drv_conf_tx(local, sdata, queue, ¶ms)) 1198 sdata_err(sdata, 1199 "failed to set TX queue parameters for queue %d\n", 1200 queue); 1201 } 1202 1203 /* enable WMM or activate new settings */ 1204 sdata->vif.bss_conf.qos = true; 1205 } 1206 1207 static void __ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata) 1208 { 1209 lockdep_assert_held(&sdata->local->mtx); 1210 1211 sdata->u.mgd.flags &= ~(IEEE80211_STA_CONNECTION_POLL | 1212 IEEE80211_STA_BEACON_POLL); 1213 ieee80211_run_deferred_scan(sdata->local); 1214 } 1215 1216 static void ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata) 1217 { 1218 mutex_lock(&sdata->local->mtx); 1219 __ieee80211_stop_poll(sdata); 1220 mutex_unlock(&sdata->local->mtx); 1221 } 1222 1223 static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata, 1224 u16 capab, bool erp_valid, u8 erp) 1225 { 1226 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 1227 u32 changed = 0; 1228 bool use_protection; 1229 bool use_short_preamble; 1230 bool use_short_slot; 1231 1232 if (erp_valid) { 1233 use_protection = (erp & WLAN_ERP_USE_PROTECTION) != 0; 1234 use_short_preamble = (erp & WLAN_ERP_BARKER_PREAMBLE) == 0; 1235 } else { 1236 use_protection = false; 1237 use_short_preamble = !!(capab & WLAN_CAPABILITY_SHORT_PREAMBLE); 1238 } 1239 1240 use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME); 1241 if (sdata->local->hw.conf.channel->band == IEEE80211_BAND_5GHZ) 1242 use_short_slot = true; 1243 1244 if (use_protection != bss_conf->use_cts_prot) { 1245 bss_conf->use_cts_prot = use_protection; 1246 changed |= BSS_CHANGED_ERP_CTS_PROT; 1247 } 1248 1249 if (use_short_preamble != bss_conf->use_short_preamble) { 1250 bss_conf->use_short_preamble = use_short_preamble; 1251 changed |= BSS_CHANGED_ERP_PREAMBLE; 1252 } 1253 1254 if (use_short_slot != bss_conf->use_short_slot) { 1255 bss_conf->use_short_slot = use_short_slot; 1256 changed |= BSS_CHANGED_ERP_SLOT; 1257 } 1258 1259 return changed; 1260 } 1261 1262 static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata, 1263 struct cfg80211_bss *cbss, 1264 u32 bss_info_changed) 1265 { 1266 struct ieee80211_bss *bss = (void *)cbss->priv; 1267 struct ieee80211_local *local = sdata->local; 1268 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 1269 1270 bss_info_changed |= BSS_CHANGED_ASSOC; 1271 /* set timing information */ 1272 bss_conf->beacon_int = cbss->beacon_interval; 1273 bss_conf->last_tsf = cbss->tsf; 1274 1275 bss_info_changed |= BSS_CHANGED_BEACON_INT; 1276 bss_info_changed |= ieee80211_handle_bss_capability(sdata, 1277 bss_conf->assoc_capability, bss->has_erp_value, bss->erp_value); 1278 1279 sdata->u.mgd.beacon_timeout = usecs_to_jiffies(ieee80211_tu_to_usec( 1280 IEEE80211_BEACON_LOSS_COUNT * bss_conf->beacon_int)); 1281 1282 sdata->u.mgd.associated = cbss; 1283 memcpy(sdata->u.mgd.bssid, cbss->bssid, ETH_ALEN); 1284 1285 sdata->u.mgd.flags |= IEEE80211_STA_RESET_SIGNAL_AVE; 1286 1287 /* just to be sure */ 1288 ieee80211_stop_poll(sdata); 1289 1290 ieee80211_led_assoc(local, 1); 1291 1292 if (local->hw.flags & IEEE80211_HW_NEED_DTIM_PERIOD) 1293 bss_conf->dtim_period = bss->dtim_period; 1294 else 1295 bss_conf->dtim_period = 0; 1296 1297 bss_conf->assoc = 1; 1298 1299 /* Tell the driver to monitor connection quality (if supported) */ 1300 if (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI && 1301 bss_conf->cqm_rssi_thold) 1302 bss_info_changed |= BSS_CHANGED_CQM; 1303 1304 /* Enable ARP filtering */ 1305 if (bss_conf->arp_filter_enabled != sdata->arp_filter_state) { 1306 bss_conf->arp_filter_enabled = sdata->arp_filter_state; 1307 bss_info_changed |= BSS_CHANGED_ARP_FILTER; 1308 } 1309 1310 ieee80211_bss_info_change_notify(sdata, bss_info_changed); 1311 1312 mutex_lock(&local->iflist_mtx); 1313 ieee80211_recalc_ps(local, -1); 1314 ieee80211_recalc_smps(local); 1315 mutex_unlock(&local->iflist_mtx); 1316 1317 netif_tx_start_all_queues(sdata->dev); 1318 netif_carrier_on(sdata->dev); 1319 } 1320 1321 static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata, 1322 u16 stype, u16 reason, bool tx, 1323 u8 *frame_buf) 1324 { 1325 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1326 struct ieee80211_local *local = sdata->local; 1327 struct sta_info *sta; 1328 u32 changed = 0; 1329 1330 ASSERT_MGD_MTX(ifmgd); 1331 1332 if (WARN_ON_ONCE(tx && !frame_buf)) 1333 return; 1334 1335 if (WARN_ON(!ifmgd->associated)) 1336 return; 1337 1338 ieee80211_stop_poll(sdata); 1339 1340 ifmgd->associated = NULL; 1341 1342 /* 1343 * we need to commit the associated = NULL change because the 1344 * scan code uses that to determine whether this iface should 1345 * go to/wake up from powersave or not -- and could otherwise 1346 * wake the queues erroneously. 1347 */ 1348 smp_mb(); 1349 1350 /* 1351 * Thus, we can only afterwards stop the queues -- to account 1352 * for the case where another CPU is finishing a scan at this 1353 * time -- we don't want the scan code to enable queues. 1354 */ 1355 1356 netif_tx_stop_all_queues(sdata->dev); 1357 netif_carrier_off(sdata->dev); 1358 1359 mutex_lock(&local->sta_mtx); 1360 sta = sta_info_get(sdata, ifmgd->bssid); 1361 if (sta) { 1362 set_sta_flag(sta, WLAN_STA_BLOCK_BA); 1363 ieee80211_sta_tear_down_BA_sessions(sta, tx); 1364 } 1365 mutex_unlock(&local->sta_mtx); 1366 1367 /* flush out any pending frame (e.g. DELBA) before deauth/disassoc */ 1368 if (tx) 1369 drv_flush(local, false); 1370 1371 /* deauthenticate/disassociate now */ 1372 if (tx || frame_buf) 1373 ieee80211_send_deauth_disassoc(sdata, ifmgd->bssid, stype, 1374 reason, tx, frame_buf); 1375 1376 /* flush out frame */ 1377 if (tx) 1378 drv_flush(local, false); 1379 1380 /* clear bssid only after building the needed mgmt frames */ 1381 memset(ifmgd->bssid, 0, ETH_ALEN); 1382 1383 /* remove AP and TDLS peers */ 1384 sta_info_flush(local, sdata); 1385 1386 /* finally reset all BSS / config parameters */ 1387 changed |= ieee80211_reset_erp_info(sdata); 1388 1389 ieee80211_led_assoc(local, 0); 1390 changed |= BSS_CHANGED_ASSOC; 1391 sdata->vif.bss_conf.assoc = false; 1392 1393 /* on the next assoc, re-program HT parameters */ 1394 memset(&ifmgd->ht_capa, 0, sizeof(ifmgd->ht_capa)); 1395 memset(&ifmgd->ht_capa_mask, 0, sizeof(ifmgd->ht_capa_mask)); 1396 1397 local->power_constr_level = 0; 1398 1399 del_timer_sync(&local->dynamic_ps_timer); 1400 cancel_work_sync(&local->dynamic_ps_enable_work); 1401 1402 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 1403 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 1404 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1405 } 1406 local->ps_sdata = NULL; 1407 1408 /* Disable ARP filtering */ 1409 if (sdata->vif.bss_conf.arp_filter_enabled) { 1410 sdata->vif.bss_conf.arp_filter_enabled = false; 1411 changed |= BSS_CHANGED_ARP_FILTER; 1412 } 1413 1414 sdata->vif.bss_conf.qos = false; 1415 changed |= BSS_CHANGED_QOS; 1416 1417 /* The BSSID (not really interesting) and HT changed */ 1418 changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT; 1419 ieee80211_bss_info_change_notify(sdata, changed); 1420 1421 /* channel(_type) changes are handled by ieee80211_hw_config */ 1422 WARN_ON(!ieee80211_set_channel_type(local, sdata, NL80211_CHAN_NO_HT)); 1423 ieee80211_hw_config(local, 0); 1424 1425 /* disassociated - set to defaults now */ 1426 ieee80211_set_wmm_default(sdata, false); 1427 1428 del_timer_sync(&sdata->u.mgd.conn_mon_timer); 1429 del_timer_sync(&sdata->u.mgd.bcn_mon_timer); 1430 del_timer_sync(&sdata->u.mgd.timer); 1431 del_timer_sync(&sdata->u.mgd.chswitch_timer); 1432 } 1433 1434 void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata, 1435 struct ieee80211_hdr *hdr) 1436 { 1437 /* 1438 * We can postpone the mgd.timer whenever receiving unicast frames 1439 * from AP because we know that the connection is working both ways 1440 * at that time. But multicast frames (and hence also beacons) must 1441 * be ignored here, because we need to trigger the timer during 1442 * data idle periods for sending the periodic probe request to the 1443 * AP we're connected to. 1444 */ 1445 if (is_multicast_ether_addr(hdr->addr1)) 1446 return; 1447 1448 ieee80211_sta_reset_conn_monitor(sdata); 1449 } 1450 1451 static void ieee80211_reset_ap_probe(struct ieee80211_sub_if_data *sdata) 1452 { 1453 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1454 struct ieee80211_local *local = sdata->local; 1455 1456 mutex_lock(&local->mtx); 1457 if (!(ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 1458 IEEE80211_STA_CONNECTION_POLL))) { 1459 mutex_unlock(&local->mtx); 1460 return; 1461 } 1462 1463 __ieee80211_stop_poll(sdata); 1464 1465 mutex_lock(&local->iflist_mtx); 1466 ieee80211_recalc_ps(local, -1); 1467 mutex_unlock(&local->iflist_mtx); 1468 1469 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 1470 goto out; 1471 1472 /* 1473 * We've received a probe response, but are not sure whether 1474 * we have or will be receiving any beacons or data, so let's 1475 * schedule the timers again, just in case. 1476 */ 1477 ieee80211_sta_reset_beacon_monitor(sdata); 1478 1479 mod_timer(&ifmgd->conn_mon_timer, 1480 round_jiffies_up(jiffies + 1481 IEEE80211_CONNECTION_IDLE_TIME)); 1482 out: 1483 mutex_unlock(&local->mtx); 1484 } 1485 1486 void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata, 1487 struct ieee80211_hdr *hdr, bool ack) 1488 { 1489 if (!ieee80211_is_data(hdr->frame_control)) 1490 return; 1491 1492 if (ack) 1493 ieee80211_sta_reset_conn_monitor(sdata); 1494 1495 if (ieee80211_is_nullfunc(hdr->frame_control) && 1496 sdata->u.mgd.probe_send_count > 0) { 1497 if (ack) 1498 sdata->u.mgd.probe_send_count = 0; 1499 else 1500 sdata->u.mgd.nullfunc_failed = true; 1501 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 1502 } 1503 } 1504 1505 static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata) 1506 { 1507 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1508 const u8 *ssid; 1509 u8 *dst = ifmgd->associated->bssid; 1510 u8 unicast_limit = max(1, max_probe_tries - 3); 1511 1512 /* 1513 * Try sending broadcast probe requests for the last three 1514 * probe requests after the first ones failed since some 1515 * buggy APs only support broadcast probe requests. 1516 */ 1517 if (ifmgd->probe_send_count >= unicast_limit) 1518 dst = NULL; 1519 1520 /* 1521 * When the hardware reports an accurate Tx ACK status, it's 1522 * better to send a nullfunc frame instead of a probe request, 1523 * as it will kick us off the AP quickly if we aren't associated 1524 * anymore. The timeout will be reset if the frame is ACKed by 1525 * the AP. 1526 */ 1527 ifmgd->probe_send_count++; 1528 1529 if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) { 1530 ifmgd->nullfunc_failed = false; 1531 ieee80211_send_nullfunc(sdata->local, sdata, 0); 1532 } else { 1533 int ssid_len; 1534 1535 ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID); 1536 if (WARN_ON_ONCE(ssid == NULL)) 1537 ssid_len = 0; 1538 else 1539 ssid_len = ssid[1]; 1540 1541 ieee80211_send_probe_req(sdata, dst, ssid + 2, ssid_len, NULL, 1542 0, (u32) -1, true, false); 1543 } 1544 1545 ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms); 1546 run_again(ifmgd, ifmgd->probe_timeout); 1547 if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 1548 drv_flush(sdata->local, false); 1549 } 1550 1551 static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata, 1552 bool beacon) 1553 { 1554 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1555 bool already = false; 1556 1557 if (!ieee80211_sdata_running(sdata)) 1558 return; 1559 1560 mutex_lock(&ifmgd->mtx); 1561 1562 if (!ifmgd->associated) 1563 goto out; 1564 1565 mutex_lock(&sdata->local->mtx); 1566 1567 if (sdata->local->tmp_channel || sdata->local->scanning) { 1568 mutex_unlock(&sdata->local->mtx); 1569 goto out; 1570 } 1571 1572 if (beacon) 1573 mlme_dbg_ratelimited(sdata, 1574 "detected beacon loss from AP - sending probe request\n"); 1575 1576 ieee80211_cqm_rssi_notify(&sdata->vif, 1577 NL80211_CQM_RSSI_BEACON_LOSS_EVENT, GFP_KERNEL); 1578 1579 /* 1580 * The driver/our work has already reported this event or the 1581 * connection monitoring has kicked in and we have already sent 1582 * a probe request. Or maybe the AP died and the driver keeps 1583 * reporting until we disassociate... 1584 * 1585 * In either case we have to ignore the current call to this 1586 * function (except for setting the correct probe reason bit) 1587 * because otherwise we would reset the timer every time and 1588 * never check whether we received a probe response! 1589 */ 1590 if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 1591 IEEE80211_STA_CONNECTION_POLL)) 1592 already = true; 1593 1594 if (beacon) 1595 ifmgd->flags |= IEEE80211_STA_BEACON_POLL; 1596 else 1597 ifmgd->flags |= IEEE80211_STA_CONNECTION_POLL; 1598 1599 mutex_unlock(&sdata->local->mtx); 1600 1601 if (already) 1602 goto out; 1603 1604 mutex_lock(&sdata->local->iflist_mtx); 1605 ieee80211_recalc_ps(sdata->local, -1); 1606 mutex_unlock(&sdata->local->iflist_mtx); 1607 1608 ifmgd->probe_send_count = 0; 1609 ieee80211_mgd_probe_ap_send(sdata); 1610 out: 1611 mutex_unlock(&ifmgd->mtx); 1612 } 1613 1614 struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw, 1615 struct ieee80211_vif *vif) 1616 { 1617 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 1618 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1619 struct cfg80211_bss *cbss; 1620 struct sk_buff *skb; 1621 const u8 *ssid; 1622 int ssid_len; 1623 1624 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 1625 return NULL; 1626 1627 ASSERT_MGD_MTX(ifmgd); 1628 1629 if (ifmgd->associated) 1630 cbss = ifmgd->associated; 1631 else if (ifmgd->auth_data) 1632 cbss = ifmgd->auth_data->bss; 1633 else if (ifmgd->assoc_data) 1634 cbss = ifmgd->assoc_data->bss; 1635 else 1636 return NULL; 1637 1638 ssid = ieee80211_bss_get_ie(cbss, WLAN_EID_SSID); 1639 if (WARN_ON_ONCE(ssid == NULL)) 1640 ssid_len = 0; 1641 else 1642 ssid_len = ssid[1]; 1643 1644 skb = ieee80211_build_probe_req(sdata, cbss->bssid, 1645 (u32) -1, ssid + 2, ssid_len, 1646 NULL, 0, true); 1647 1648 return skb; 1649 } 1650 EXPORT_SYMBOL(ieee80211_ap_probereq_get); 1651 1652 static void __ieee80211_connection_loss(struct ieee80211_sub_if_data *sdata) 1653 { 1654 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1655 struct ieee80211_local *local = sdata->local; 1656 u8 bssid[ETH_ALEN]; 1657 u8 frame_buf[DEAUTH_DISASSOC_LEN]; 1658 1659 mutex_lock(&ifmgd->mtx); 1660 if (!ifmgd->associated) { 1661 mutex_unlock(&ifmgd->mtx); 1662 return; 1663 } 1664 1665 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN); 1666 1667 sdata_info(sdata, "Connection to AP %pM lost\n", bssid); 1668 1669 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 1670 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, 1671 false, frame_buf); 1672 mutex_unlock(&ifmgd->mtx); 1673 1674 /* 1675 * must be outside lock due to cfg80211, 1676 * but that's not a problem. 1677 */ 1678 cfg80211_send_deauth(sdata->dev, frame_buf, DEAUTH_DISASSOC_LEN); 1679 1680 mutex_lock(&local->mtx); 1681 ieee80211_recalc_idle(local); 1682 mutex_unlock(&local->mtx); 1683 } 1684 1685 void ieee80211_beacon_connection_loss_work(struct work_struct *work) 1686 { 1687 struct ieee80211_sub_if_data *sdata = 1688 container_of(work, struct ieee80211_sub_if_data, 1689 u.mgd.beacon_connection_loss_work); 1690 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1691 struct sta_info *sta; 1692 1693 if (ifmgd->associated) { 1694 rcu_read_lock(); 1695 sta = sta_info_get(sdata, ifmgd->bssid); 1696 if (sta) 1697 sta->beacon_loss_count++; 1698 rcu_read_unlock(); 1699 } 1700 1701 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 1702 __ieee80211_connection_loss(sdata); 1703 else 1704 ieee80211_mgd_probe_ap(sdata, true); 1705 } 1706 1707 void ieee80211_beacon_loss(struct ieee80211_vif *vif) 1708 { 1709 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 1710 struct ieee80211_hw *hw = &sdata->local->hw; 1711 1712 trace_api_beacon_loss(sdata); 1713 1714 WARN_ON(hw->flags & IEEE80211_HW_CONNECTION_MONITOR); 1715 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work); 1716 } 1717 EXPORT_SYMBOL(ieee80211_beacon_loss); 1718 1719 void ieee80211_connection_loss(struct ieee80211_vif *vif) 1720 { 1721 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 1722 struct ieee80211_hw *hw = &sdata->local->hw; 1723 1724 trace_api_connection_loss(sdata); 1725 1726 WARN_ON(!(hw->flags & IEEE80211_HW_CONNECTION_MONITOR)); 1727 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work); 1728 } 1729 EXPORT_SYMBOL(ieee80211_connection_loss); 1730 1731 1732 static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata, 1733 bool assoc) 1734 { 1735 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data; 1736 1737 lockdep_assert_held(&sdata->u.mgd.mtx); 1738 1739 if (!assoc) { 1740 sta_info_destroy_addr(sdata, auth_data->bss->bssid); 1741 1742 memset(sdata->u.mgd.bssid, 0, ETH_ALEN); 1743 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 1744 } 1745 1746 cfg80211_put_bss(auth_data->bss); 1747 kfree(auth_data); 1748 sdata->u.mgd.auth_data = NULL; 1749 } 1750 1751 static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata, 1752 struct ieee80211_mgmt *mgmt, size_t len) 1753 { 1754 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data; 1755 u8 *pos; 1756 struct ieee802_11_elems elems; 1757 1758 pos = mgmt->u.auth.variable; 1759 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems); 1760 if (!elems.challenge) 1761 return; 1762 auth_data->expected_transaction = 4; 1763 drv_mgd_prepare_tx(sdata->local, sdata); 1764 ieee80211_send_auth(sdata, 3, auth_data->algorithm, 1765 elems.challenge - 2, elems.challenge_len + 2, 1766 auth_data->bss->bssid, auth_data->bss->bssid, 1767 auth_data->key, auth_data->key_len, 1768 auth_data->key_idx); 1769 } 1770 1771 static enum rx_mgmt_action __must_check 1772 ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata, 1773 struct ieee80211_mgmt *mgmt, size_t len) 1774 { 1775 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1776 u8 bssid[ETH_ALEN]; 1777 u16 auth_alg, auth_transaction, status_code; 1778 struct sta_info *sta; 1779 1780 lockdep_assert_held(&ifmgd->mtx); 1781 1782 if (len < 24 + 6) 1783 return RX_MGMT_NONE; 1784 1785 if (!ifmgd->auth_data || ifmgd->auth_data->done) 1786 return RX_MGMT_NONE; 1787 1788 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN); 1789 1790 if (!ether_addr_equal(bssid, mgmt->bssid)) 1791 return RX_MGMT_NONE; 1792 1793 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg); 1794 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction); 1795 status_code = le16_to_cpu(mgmt->u.auth.status_code); 1796 1797 if (auth_alg != ifmgd->auth_data->algorithm || 1798 auth_transaction != ifmgd->auth_data->expected_transaction) 1799 return RX_MGMT_NONE; 1800 1801 if (status_code != WLAN_STATUS_SUCCESS) { 1802 sdata_info(sdata, "%pM denied authentication (status %d)\n", 1803 mgmt->sa, status_code); 1804 ieee80211_destroy_auth_data(sdata, false); 1805 return RX_MGMT_CFG80211_RX_AUTH; 1806 } 1807 1808 switch (ifmgd->auth_data->algorithm) { 1809 case WLAN_AUTH_OPEN: 1810 case WLAN_AUTH_LEAP: 1811 case WLAN_AUTH_FT: 1812 break; 1813 case WLAN_AUTH_SHARED_KEY: 1814 if (ifmgd->auth_data->expected_transaction != 4) { 1815 ieee80211_auth_challenge(sdata, mgmt, len); 1816 /* need another frame */ 1817 return RX_MGMT_NONE; 1818 } 1819 break; 1820 default: 1821 WARN_ONCE(1, "invalid auth alg %d", 1822 ifmgd->auth_data->algorithm); 1823 return RX_MGMT_NONE; 1824 } 1825 1826 sdata_info(sdata, "authenticated\n"); 1827 ifmgd->auth_data->done = true; 1828 ifmgd->auth_data->timeout = jiffies + IEEE80211_AUTH_WAIT_ASSOC; 1829 run_again(ifmgd, ifmgd->auth_data->timeout); 1830 1831 /* move station state to auth */ 1832 mutex_lock(&sdata->local->sta_mtx); 1833 sta = sta_info_get(sdata, bssid); 1834 if (!sta) { 1835 WARN_ONCE(1, "%s: STA %pM not found", sdata->name, bssid); 1836 goto out_err; 1837 } 1838 if (sta_info_move_state(sta, IEEE80211_STA_AUTH)) { 1839 sdata_info(sdata, "failed moving %pM to auth\n", bssid); 1840 goto out_err; 1841 } 1842 mutex_unlock(&sdata->local->sta_mtx); 1843 1844 return RX_MGMT_CFG80211_RX_AUTH; 1845 out_err: 1846 mutex_unlock(&sdata->local->sta_mtx); 1847 /* ignore frame -- wait for timeout */ 1848 return RX_MGMT_NONE; 1849 } 1850 1851 1852 static enum rx_mgmt_action __must_check 1853 ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata, 1854 struct ieee80211_mgmt *mgmt, size_t len) 1855 { 1856 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1857 const u8 *bssid = NULL; 1858 u16 reason_code; 1859 1860 lockdep_assert_held(&ifmgd->mtx); 1861 1862 if (len < 24 + 2) 1863 return RX_MGMT_NONE; 1864 1865 if (!ifmgd->associated || 1866 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 1867 return RX_MGMT_NONE; 1868 1869 bssid = ifmgd->associated->bssid; 1870 1871 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code); 1872 1873 sdata_info(sdata, "deauthenticated from %pM (Reason: %u)\n", 1874 bssid, reason_code); 1875 1876 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 1877 1878 mutex_lock(&sdata->local->mtx); 1879 ieee80211_recalc_idle(sdata->local); 1880 mutex_unlock(&sdata->local->mtx); 1881 1882 return RX_MGMT_CFG80211_DEAUTH; 1883 } 1884 1885 1886 static enum rx_mgmt_action __must_check 1887 ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata, 1888 struct ieee80211_mgmt *mgmt, size_t len) 1889 { 1890 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1891 u16 reason_code; 1892 1893 lockdep_assert_held(&ifmgd->mtx); 1894 1895 if (len < 24 + 2) 1896 return RX_MGMT_NONE; 1897 1898 if (!ifmgd->associated || 1899 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 1900 return RX_MGMT_NONE; 1901 1902 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code); 1903 1904 sdata_info(sdata, "disassociated from %pM (Reason: %u)\n", 1905 mgmt->sa, reason_code); 1906 1907 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 1908 1909 mutex_lock(&sdata->local->mtx); 1910 ieee80211_recalc_idle(sdata->local); 1911 mutex_unlock(&sdata->local->mtx); 1912 1913 return RX_MGMT_CFG80211_DISASSOC; 1914 } 1915 1916 static void ieee80211_get_rates(struct ieee80211_supported_band *sband, 1917 u8 *supp_rates, unsigned int supp_rates_len, 1918 u32 *rates, u32 *basic_rates, 1919 bool *have_higher_than_11mbit, 1920 int *min_rate, int *min_rate_index) 1921 { 1922 int i, j; 1923 1924 for (i = 0; i < supp_rates_len; i++) { 1925 int rate = (supp_rates[i] & 0x7f) * 5; 1926 bool is_basic = !!(supp_rates[i] & 0x80); 1927 1928 if (rate > 110) 1929 *have_higher_than_11mbit = true; 1930 1931 /* 1932 * BSS_MEMBERSHIP_SELECTOR_HT_PHY is defined in 802.11n-2009 1933 * 7.3.2.2 as a magic value instead of a rate. Hence, skip it. 1934 * 1935 * Note: Even through the membership selector and the basic 1936 * rate flag share the same bit, they are not exactly 1937 * the same. 1938 */ 1939 if (!!(supp_rates[i] & 0x80) && 1940 (supp_rates[i] & 0x7f) == BSS_MEMBERSHIP_SELECTOR_HT_PHY) 1941 continue; 1942 1943 for (j = 0; j < sband->n_bitrates; j++) { 1944 if (sband->bitrates[j].bitrate == rate) { 1945 *rates |= BIT(j); 1946 if (is_basic) 1947 *basic_rates |= BIT(j); 1948 if (rate < *min_rate) { 1949 *min_rate = rate; 1950 *min_rate_index = j; 1951 } 1952 break; 1953 } 1954 } 1955 } 1956 } 1957 1958 static void ieee80211_destroy_assoc_data(struct ieee80211_sub_if_data *sdata, 1959 bool assoc) 1960 { 1961 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data; 1962 1963 lockdep_assert_held(&sdata->u.mgd.mtx); 1964 1965 if (!assoc) { 1966 sta_info_destroy_addr(sdata, assoc_data->bss->bssid); 1967 1968 memset(sdata->u.mgd.bssid, 0, ETH_ALEN); 1969 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 1970 } 1971 1972 kfree(assoc_data); 1973 sdata->u.mgd.assoc_data = NULL; 1974 } 1975 1976 static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata, 1977 struct cfg80211_bss *cbss, 1978 struct ieee80211_mgmt *mgmt, size_t len) 1979 { 1980 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1981 struct ieee80211_local *local = sdata->local; 1982 struct ieee80211_supported_band *sband; 1983 struct sta_info *sta; 1984 u8 *pos; 1985 u16 capab_info, aid; 1986 struct ieee802_11_elems elems; 1987 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 1988 u32 changed = 0; 1989 int err; 1990 1991 /* AssocResp and ReassocResp have identical structure */ 1992 1993 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 1994 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 1995 1996 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14))) 1997 sdata_info(sdata, "invalid AID value 0x%x; bits 15:14 not set\n", 1998 aid); 1999 aid &= ~(BIT(15) | BIT(14)); 2000 2001 ifmgd->broken_ap = false; 2002 2003 if (aid == 0 || aid > IEEE80211_MAX_AID) { 2004 sdata_info(sdata, "invalid AID value %d (out of range), turn off PS\n", 2005 aid); 2006 aid = 0; 2007 ifmgd->broken_ap = true; 2008 } 2009 2010 pos = mgmt->u.assoc_resp.variable; 2011 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems); 2012 2013 if (!elems.supp_rates) { 2014 sdata_info(sdata, "no SuppRates element in AssocResp\n"); 2015 return false; 2016 } 2017 2018 ifmgd->aid = aid; 2019 2020 mutex_lock(&sdata->local->sta_mtx); 2021 /* 2022 * station info was already allocated and inserted before 2023 * the association and should be available to us 2024 */ 2025 sta = sta_info_get(sdata, cbss->bssid); 2026 if (WARN_ON(!sta)) { 2027 mutex_unlock(&sdata->local->sta_mtx); 2028 return false; 2029 } 2030 2031 sband = local->hw.wiphy->bands[local->oper_channel->band]; 2032 2033 if (elems.ht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_11N)) 2034 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband, 2035 elems.ht_cap_elem, &sta->sta.ht_cap); 2036 2037 sta->supports_40mhz = 2038 sta->sta.ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40; 2039 2040 rate_control_rate_init(sta); 2041 2042 if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED) 2043 set_sta_flag(sta, WLAN_STA_MFP); 2044 2045 if (elems.wmm_param) 2046 set_sta_flag(sta, WLAN_STA_WME); 2047 2048 err = sta_info_move_state(sta, IEEE80211_STA_AUTH); 2049 if (!err) 2050 err = sta_info_move_state(sta, IEEE80211_STA_ASSOC); 2051 if (!err && !(ifmgd->flags & IEEE80211_STA_CONTROL_PORT)) 2052 err = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED); 2053 if (err) { 2054 sdata_info(sdata, 2055 "failed to move station %pM to desired state\n", 2056 sta->sta.addr); 2057 WARN_ON(__sta_info_destroy(sta)); 2058 mutex_unlock(&sdata->local->sta_mtx); 2059 return false; 2060 } 2061 2062 mutex_unlock(&sdata->local->sta_mtx); 2063 2064 /* 2065 * Always handle WMM once after association regardless 2066 * of the first value the AP uses. Setting -1 here has 2067 * that effect because the AP values is an unsigned 2068 * 4-bit value. 2069 */ 2070 ifmgd->wmm_last_param_set = -1; 2071 2072 if (elems.wmm_param) 2073 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param, 2074 elems.wmm_param_len); 2075 else 2076 ieee80211_set_wmm_default(sdata, false); 2077 changed |= BSS_CHANGED_QOS; 2078 2079 if (elems.ht_operation && elems.wmm_param && 2080 !(ifmgd->flags & IEEE80211_STA_DISABLE_11N)) 2081 changed |= ieee80211_config_ht_tx(sdata, elems.ht_operation, 2082 cbss->bssid, false); 2083 2084 /* set AID and assoc capability, 2085 * ieee80211_set_associated() will tell the driver */ 2086 bss_conf->aid = aid; 2087 bss_conf->assoc_capability = capab_info; 2088 ieee80211_set_associated(sdata, cbss, changed); 2089 2090 /* 2091 * If we're using 4-addr mode, let the AP know that we're 2092 * doing so, so that it can create the STA VLAN on its side 2093 */ 2094 if (ifmgd->use_4addr) 2095 ieee80211_send_4addr_nullfunc(local, sdata); 2096 2097 /* 2098 * Start timer to probe the connection to the AP now. 2099 * Also start the timer that will detect beacon loss. 2100 */ 2101 ieee80211_sta_rx_notify(sdata, (struct ieee80211_hdr *)mgmt); 2102 ieee80211_sta_reset_beacon_monitor(sdata); 2103 2104 return true; 2105 } 2106 2107 static enum rx_mgmt_action __must_check 2108 ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata, 2109 struct ieee80211_mgmt *mgmt, size_t len, 2110 struct cfg80211_bss **bss) 2111 { 2112 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2113 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 2114 u16 capab_info, status_code, aid; 2115 struct ieee802_11_elems elems; 2116 u8 *pos; 2117 bool reassoc; 2118 2119 lockdep_assert_held(&ifmgd->mtx); 2120 2121 if (!assoc_data) 2122 return RX_MGMT_NONE; 2123 if (!ether_addr_equal(assoc_data->bss->bssid, mgmt->bssid)) 2124 return RX_MGMT_NONE; 2125 2126 /* 2127 * AssocResp and ReassocResp have identical structure, so process both 2128 * of them in this function. 2129 */ 2130 2131 if (len < 24 + 6) 2132 return RX_MGMT_NONE; 2133 2134 reassoc = ieee80211_is_reassoc_req(mgmt->frame_control); 2135 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 2136 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code); 2137 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 2138 2139 sdata_info(sdata, 2140 "RX %sssocResp from %pM (capab=0x%x status=%d aid=%d)\n", 2141 reassoc ? "Rea" : "A", mgmt->sa, 2142 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14)))); 2143 2144 pos = mgmt->u.assoc_resp.variable; 2145 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems); 2146 2147 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY && 2148 elems.timeout_int && elems.timeout_int_len == 5 && 2149 elems.timeout_int[0] == WLAN_TIMEOUT_ASSOC_COMEBACK) { 2150 u32 tu, ms; 2151 tu = get_unaligned_le32(elems.timeout_int + 1); 2152 ms = tu * 1024 / 1000; 2153 sdata_info(sdata, 2154 "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n", 2155 mgmt->sa, tu, ms); 2156 assoc_data->timeout = jiffies + msecs_to_jiffies(ms); 2157 if (ms > IEEE80211_ASSOC_TIMEOUT) 2158 run_again(ifmgd, assoc_data->timeout); 2159 return RX_MGMT_NONE; 2160 } 2161 2162 *bss = assoc_data->bss; 2163 2164 if (status_code != WLAN_STATUS_SUCCESS) { 2165 sdata_info(sdata, "%pM denied association (code=%d)\n", 2166 mgmt->sa, status_code); 2167 ieee80211_destroy_assoc_data(sdata, false); 2168 } else { 2169 if (!ieee80211_assoc_success(sdata, *bss, mgmt, len)) { 2170 /* oops -- internal error -- send timeout for now */ 2171 ieee80211_destroy_assoc_data(sdata, false); 2172 cfg80211_put_bss(*bss); 2173 return RX_MGMT_CFG80211_ASSOC_TIMEOUT; 2174 } 2175 sdata_info(sdata, "associated\n"); 2176 2177 /* 2178 * destroy assoc_data afterwards, as otherwise an idle 2179 * recalc after assoc_data is NULL but before associated 2180 * is set can cause the interface to go idle 2181 */ 2182 ieee80211_destroy_assoc_data(sdata, true); 2183 } 2184 2185 return RX_MGMT_CFG80211_RX_ASSOC; 2186 } 2187 static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata, 2188 struct ieee80211_mgmt *mgmt, 2189 size_t len, 2190 struct ieee80211_rx_status *rx_status, 2191 struct ieee802_11_elems *elems, 2192 bool beacon) 2193 { 2194 struct ieee80211_local *local = sdata->local; 2195 int freq; 2196 struct ieee80211_bss *bss; 2197 struct ieee80211_channel *channel; 2198 bool need_ps = false; 2199 2200 if (sdata->u.mgd.associated && 2201 ether_addr_equal(mgmt->bssid, sdata->u.mgd.associated->bssid)) { 2202 bss = (void *)sdata->u.mgd.associated->priv; 2203 /* not previously set so we may need to recalc */ 2204 need_ps = !bss->dtim_period; 2205 } 2206 2207 if (elems->ds_params && elems->ds_params_len == 1) 2208 freq = ieee80211_channel_to_frequency(elems->ds_params[0], 2209 rx_status->band); 2210 else 2211 freq = rx_status->freq; 2212 2213 channel = ieee80211_get_channel(local->hw.wiphy, freq); 2214 2215 if (!channel || channel->flags & IEEE80211_CHAN_DISABLED) 2216 return; 2217 2218 bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, elems, 2219 channel, beacon); 2220 if (bss) 2221 ieee80211_rx_bss_put(local, bss); 2222 2223 if (!sdata->u.mgd.associated) 2224 return; 2225 2226 if (need_ps) { 2227 mutex_lock(&local->iflist_mtx); 2228 ieee80211_recalc_ps(local, -1); 2229 mutex_unlock(&local->iflist_mtx); 2230 } 2231 2232 if (elems->ch_switch_elem && (elems->ch_switch_elem_len == 3) && 2233 (memcmp(mgmt->bssid, sdata->u.mgd.associated->bssid, 2234 ETH_ALEN) == 0)) { 2235 struct ieee80211_channel_sw_ie *sw_elem = 2236 (struct ieee80211_channel_sw_ie *)elems->ch_switch_elem; 2237 ieee80211_sta_process_chanswitch(sdata, sw_elem, 2238 bss, rx_status->mactime); 2239 } 2240 } 2241 2242 2243 static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata, 2244 struct sk_buff *skb) 2245 { 2246 struct ieee80211_mgmt *mgmt = (void *)skb->data; 2247 struct ieee80211_if_managed *ifmgd; 2248 struct ieee80211_rx_status *rx_status = (void *) skb->cb; 2249 size_t baselen, len = skb->len; 2250 struct ieee802_11_elems elems; 2251 2252 ifmgd = &sdata->u.mgd; 2253 2254 ASSERT_MGD_MTX(ifmgd); 2255 2256 if (!ether_addr_equal(mgmt->da, sdata->vif.addr)) 2257 return; /* ignore ProbeResp to foreign address */ 2258 2259 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt; 2260 if (baselen > len) 2261 return; 2262 2263 ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen, 2264 &elems); 2265 2266 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems, false); 2267 2268 if (ifmgd->associated && 2269 ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2270 ieee80211_reset_ap_probe(sdata); 2271 2272 if (ifmgd->auth_data && !ifmgd->auth_data->bss->proberesp_ies && 2273 ether_addr_equal(mgmt->bssid, ifmgd->auth_data->bss->bssid)) { 2274 /* got probe response, continue with auth */ 2275 sdata_info(sdata, "direct probe responded\n"); 2276 ifmgd->auth_data->tries = 0; 2277 ifmgd->auth_data->timeout = jiffies; 2278 run_again(ifmgd, ifmgd->auth_data->timeout); 2279 } 2280 } 2281 2282 /* 2283 * This is the canonical list of information elements we care about, 2284 * the filter code also gives us all changes to the Microsoft OUI 2285 * (00:50:F2) vendor IE which is used for WMM which we need to track. 2286 * 2287 * We implement beacon filtering in software since that means we can 2288 * avoid processing the frame here and in cfg80211, and userspace 2289 * will not be able to tell whether the hardware supports it or not. 2290 * 2291 * XXX: This list needs to be dynamic -- userspace needs to be able to 2292 * add items it requires. It also needs to be able to tell us to 2293 * look out for other vendor IEs. 2294 */ 2295 static const u64 care_about_ies = 2296 (1ULL << WLAN_EID_COUNTRY) | 2297 (1ULL << WLAN_EID_ERP_INFO) | 2298 (1ULL << WLAN_EID_CHANNEL_SWITCH) | 2299 (1ULL << WLAN_EID_PWR_CONSTRAINT) | 2300 (1ULL << WLAN_EID_HT_CAPABILITY) | 2301 (1ULL << WLAN_EID_HT_OPERATION); 2302 2303 static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata, 2304 struct ieee80211_mgmt *mgmt, 2305 size_t len, 2306 struct ieee80211_rx_status *rx_status) 2307 { 2308 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2309 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 2310 size_t baselen; 2311 struct ieee802_11_elems elems; 2312 struct ieee80211_local *local = sdata->local; 2313 u32 changed = 0; 2314 bool erp_valid, directed_tim = false; 2315 u8 erp_value = 0; 2316 u32 ncrc; 2317 u8 *bssid; 2318 2319 lockdep_assert_held(&ifmgd->mtx); 2320 2321 /* Process beacon from the current BSS */ 2322 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt; 2323 if (baselen > len) 2324 return; 2325 2326 if (rx_status->freq != local->hw.conf.channel->center_freq) 2327 return; 2328 2329 if (ifmgd->assoc_data && !ifmgd->assoc_data->have_beacon && 2330 ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->bss->bssid)) { 2331 ieee802_11_parse_elems(mgmt->u.beacon.variable, 2332 len - baselen, &elems); 2333 2334 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems, 2335 false); 2336 ifmgd->assoc_data->have_beacon = true; 2337 ifmgd->assoc_data->sent_assoc = false; 2338 /* continue assoc process */ 2339 ifmgd->assoc_data->timeout = jiffies; 2340 run_again(ifmgd, ifmgd->assoc_data->timeout); 2341 return; 2342 } 2343 2344 if (!ifmgd->associated || 2345 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2346 return; 2347 bssid = ifmgd->associated->bssid; 2348 2349 /* Track average RSSI from the Beacon frames of the current AP */ 2350 ifmgd->last_beacon_signal = rx_status->signal; 2351 if (ifmgd->flags & IEEE80211_STA_RESET_SIGNAL_AVE) { 2352 ifmgd->flags &= ~IEEE80211_STA_RESET_SIGNAL_AVE; 2353 ifmgd->ave_beacon_signal = rx_status->signal * 16; 2354 ifmgd->last_cqm_event_signal = 0; 2355 ifmgd->count_beacon_signal = 1; 2356 ifmgd->last_ave_beacon_signal = 0; 2357 } else { 2358 ifmgd->ave_beacon_signal = 2359 (IEEE80211_SIGNAL_AVE_WEIGHT * rx_status->signal * 16 + 2360 (16 - IEEE80211_SIGNAL_AVE_WEIGHT) * 2361 ifmgd->ave_beacon_signal) / 16; 2362 ifmgd->count_beacon_signal++; 2363 } 2364 2365 if (ifmgd->rssi_min_thold != ifmgd->rssi_max_thold && 2366 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) { 2367 int sig = ifmgd->ave_beacon_signal; 2368 int last_sig = ifmgd->last_ave_beacon_signal; 2369 2370 /* 2371 * if signal crosses either of the boundaries, invoke callback 2372 * with appropriate parameters 2373 */ 2374 if (sig > ifmgd->rssi_max_thold && 2375 (last_sig <= ifmgd->rssi_min_thold || last_sig == 0)) { 2376 ifmgd->last_ave_beacon_signal = sig; 2377 drv_rssi_callback(local, RSSI_EVENT_HIGH); 2378 } else if (sig < ifmgd->rssi_min_thold && 2379 (last_sig >= ifmgd->rssi_max_thold || 2380 last_sig == 0)) { 2381 ifmgd->last_ave_beacon_signal = sig; 2382 drv_rssi_callback(local, RSSI_EVENT_LOW); 2383 } 2384 } 2385 2386 if (bss_conf->cqm_rssi_thold && 2387 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT && 2388 !(sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI)) { 2389 int sig = ifmgd->ave_beacon_signal / 16; 2390 int last_event = ifmgd->last_cqm_event_signal; 2391 int thold = bss_conf->cqm_rssi_thold; 2392 int hyst = bss_conf->cqm_rssi_hyst; 2393 if (sig < thold && 2394 (last_event == 0 || sig < last_event - hyst)) { 2395 ifmgd->last_cqm_event_signal = sig; 2396 ieee80211_cqm_rssi_notify( 2397 &sdata->vif, 2398 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW, 2399 GFP_KERNEL); 2400 } else if (sig > thold && 2401 (last_event == 0 || sig > last_event + hyst)) { 2402 ifmgd->last_cqm_event_signal = sig; 2403 ieee80211_cqm_rssi_notify( 2404 &sdata->vif, 2405 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH, 2406 GFP_KERNEL); 2407 } 2408 } 2409 2410 if (ifmgd->flags & IEEE80211_STA_BEACON_POLL) { 2411 mlme_dbg_ratelimited(sdata, 2412 "cancelling probereq poll due to a received beacon\n"); 2413 mutex_lock(&local->mtx); 2414 ifmgd->flags &= ~IEEE80211_STA_BEACON_POLL; 2415 ieee80211_run_deferred_scan(local); 2416 mutex_unlock(&local->mtx); 2417 2418 mutex_lock(&local->iflist_mtx); 2419 ieee80211_recalc_ps(local, -1); 2420 mutex_unlock(&local->iflist_mtx); 2421 } 2422 2423 /* 2424 * Push the beacon loss detection into the future since 2425 * we are processing a beacon from the AP just now. 2426 */ 2427 ieee80211_sta_reset_beacon_monitor(sdata); 2428 2429 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4); 2430 ncrc = ieee802_11_parse_elems_crc(mgmt->u.beacon.variable, 2431 len - baselen, &elems, 2432 care_about_ies, ncrc); 2433 2434 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) 2435 directed_tim = ieee80211_check_tim(elems.tim, elems.tim_len, 2436 ifmgd->aid); 2437 2438 if (ncrc != ifmgd->beacon_crc || !ifmgd->beacon_crc_valid) { 2439 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems, 2440 true); 2441 2442 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param, 2443 elems.wmm_param_len); 2444 } 2445 2446 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) { 2447 if (directed_tim) { 2448 if (local->hw.conf.dynamic_ps_timeout > 0) { 2449 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 2450 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 2451 ieee80211_hw_config(local, 2452 IEEE80211_CONF_CHANGE_PS); 2453 } 2454 ieee80211_send_nullfunc(local, sdata, 0); 2455 } else if (!local->pspolling && sdata->u.mgd.powersave) { 2456 local->pspolling = true; 2457 2458 /* 2459 * Here is assumed that the driver will be 2460 * able to send ps-poll frame and receive a 2461 * response even though power save mode is 2462 * enabled, but some drivers might require 2463 * to disable power save here. This needs 2464 * to be investigated. 2465 */ 2466 ieee80211_send_pspoll(local, sdata); 2467 } 2468 } 2469 } 2470 2471 if (ncrc == ifmgd->beacon_crc && ifmgd->beacon_crc_valid) 2472 return; 2473 ifmgd->beacon_crc = ncrc; 2474 ifmgd->beacon_crc_valid = true; 2475 2476 if (elems.erp_info && elems.erp_info_len >= 1) { 2477 erp_valid = true; 2478 erp_value = elems.erp_info[0]; 2479 } else { 2480 erp_valid = false; 2481 } 2482 changed |= ieee80211_handle_bss_capability(sdata, 2483 le16_to_cpu(mgmt->u.beacon.capab_info), 2484 erp_valid, erp_value); 2485 2486 2487 if (elems.ht_cap_elem && elems.ht_operation && elems.wmm_param && 2488 !(ifmgd->flags & IEEE80211_STA_DISABLE_11N)) { 2489 struct ieee80211_supported_band *sband; 2490 2491 sband = local->hw.wiphy->bands[local->hw.conf.channel->band]; 2492 2493 changed |= ieee80211_config_ht_tx(sdata, elems.ht_operation, 2494 bssid, true); 2495 } 2496 2497 /* Note: country IE parsing is done for us by cfg80211 */ 2498 if (elems.country_elem) { 2499 /* TODO: IBSS also needs this */ 2500 if (elems.pwr_constr_elem) 2501 ieee80211_handle_pwr_constr(sdata, 2502 le16_to_cpu(mgmt->u.probe_resp.capab_info), 2503 elems.pwr_constr_elem, 2504 elems.pwr_constr_elem_len); 2505 } 2506 2507 ieee80211_bss_info_change_notify(sdata, changed); 2508 } 2509 2510 void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata, 2511 struct sk_buff *skb) 2512 { 2513 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2514 struct ieee80211_rx_status *rx_status; 2515 struct ieee80211_mgmt *mgmt; 2516 struct cfg80211_bss *bss = NULL; 2517 enum rx_mgmt_action rma = RX_MGMT_NONE; 2518 u16 fc; 2519 2520 rx_status = (struct ieee80211_rx_status *) skb->cb; 2521 mgmt = (struct ieee80211_mgmt *) skb->data; 2522 fc = le16_to_cpu(mgmt->frame_control); 2523 2524 mutex_lock(&ifmgd->mtx); 2525 2526 switch (fc & IEEE80211_FCTL_STYPE) { 2527 case IEEE80211_STYPE_BEACON: 2528 ieee80211_rx_mgmt_beacon(sdata, mgmt, skb->len, rx_status); 2529 break; 2530 case IEEE80211_STYPE_PROBE_RESP: 2531 ieee80211_rx_mgmt_probe_resp(sdata, skb); 2532 break; 2533 case IEEE80211_STYPE_AUTH: 2534 rma = ieee80211_rx_mgmt_auth(sdata, mgmt, skb->len); 2535 break; 2536 case IEEE80211_STYPE_DEAUTH: 2537 rma = ieee80211_rx_mgmt_deauth(sdata, mgmt, skb->len); 2538 break; 2539 case IEEE80211_STYPE_DISASSOC: 2540 rma = ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len); 2541 break; 2542 case IEEE80211_STYPE_ASSOC_RESP: 2543 case IEEE80211_STYPE_REASSOC_RESP: 2544 rma = ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len, &bss); 2545 break; 2546 case IEEE80211_STYPE_ACTION: 2547 switch (mgmt->u.action.category) { 2548 case WLAN_CATEGORY_SPECTRUM_MGMT: 2549 ieee80211_sta_process_chanswitch(sdata, 2550 &mgmt->u.action.u.chan_switch.sw_elem, 2551 (void *)ifmgd->associated->priv, 2552 rx_status->mactime); 2553 break; 2554 } 2555 } 2556 mutex_unlock(&ifmgd->mtx); 2557 2558 switch (rma) { 2559 case RX_MGMT_NONE: 2560 /* no action */ 2561 break; 2562 case RX_MGMT_CFG80211_DEAUTH: 2563 cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len); 2564 break; 2565 case RX_MGMT_CFG80211_DISASSOC: 2566 cfg80211_send_disassoc(sdata->dev, (u8 *)mgmt, skb->len); 2567 break; 2568 case RX_MGMT_CFG80211_RX_AUTH: 2569 cfg80211_send_rx_auth(sdata->dev, (u8 *)mgmt, skb->len); 2570 break; 2571 case RX_MGMT_CFG80211_RX_ASSOC: 2572 cfg80211_send_rx_assoc(sdata->dev, bss, (u8 *)mgmt, skb->len); 2573 break; 2574 case RX_MGMT_CFG80211_ASSOC_TIMEOUT: 2575 cfg80211_send_assoc_timeout(sdata->dev, mgmt->bssid); 2576 break; 2577 default: 2578 WARN(1, "unexpected: %d", rma); 2579 } 2580 } 2581 2582 static void ieee80211_sta_timer(unsigned long data) 2583 { 2584 struct ieee80211_sub_if_data *sdata = 2585 (struct ieee80211_sub_if_data *) data; 2586 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2587 struct ieee80211_local *local = sdata->local; 2588 2589 if (local->quiescing) { 2590 set_bit(TMR_RUNNING_TIMER, &ifmgd->timers_running); 2591 return; 2592 } 2593 2594 ieee80211_queue_work(&local->hw, &sdata->work); 2595 } 2596 2597 static void ieee80211_sta_connection_lost(struct ieee80211_sub_if_data *sdata, 2598 u8 *bssid, u8 reason) 2599 { 2600 struct ieee80211_local *local = sdata->local; 2601 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2602 u8 frame_buf[DEAUTH_DISASSOC_LEN]; 2603 2604 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, reason, 2605 false, frame_buf); 2606 mutex_unlock(&ifmgd->mtx); 2607 2608 /* 2609 * must be outside lock due to cfg80211, 2610 * but that's not a problem. 2611 */ 2612 cfg80211_send_deauth(sdata->dev, frame_buf, DEAUTH_DISASSOC_LEN); 2613 2614 mutex_lock(&local->mtx); 2615 ieee80211_recalc_idle(local); 2616 mutex_unlock(&local->mtx); 2617 2618 mutex_lock(&ifmgd->mtx); 2619 } 2620 2621 static int ieee80211_probe_auth(struct ieee80211_sub_if_data *sdata) 2622 { 2623 struct ieee80211_local *local = sdata->local; 2624 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2625 struct ieee80211_mgd_auth_data *auth_data = ifmgd->auth_data; 2626 2627 lockdep_assert_held(&ifmgd->mtx); 2628 2629 if (WARN_ON_ONCE(!auth_data)) 2630 return -EINVAL; 2631 2632 auth_data->tries++; 2633 2634 if (auth_data->tries > IEEE80211_AUTH_MAX_TRIES) { 2635 sdata_info(sdata, "authentication with %pM timed out\n", 2636 auth_data->bss->bssid); 2637 2638 /* 2639 * Most likely AP is not in the range so remove the 2640 * bss struct for that AP. 2641 */ 2642 cfg80211_unlink_bss(local->hw.wiphy, auth_data->bss); 2643 2644 return -ETIMEDOUT; 2645 } 2646 2647 drv_mgd_prepare_tx(local, sdata); 2648 2649 if (auth_data->bss->proberesp_ies) { 2650 sdata_info(sdata, "send auth to %pM (try %d/%d)\n", 2651 auth_data->bss->bssid, auth_data->tries, 2652 IEEE80211_AUTH_MAX_TRIES); 2653 2654 auth_data->expected_transaction = 2; 2655 ieee80211_send_auth(sdata, 1, auth_data->algorithm, 2656 auth_data->ie, auth_data->ie_len, 2657 auth_data->bss->bssid, 2658 auth_data->bss->bssid, NULL, 0, 0); 2659 } else { 2660 const u8 *ssidie; 2661 2662 sdata_info(sdata, "direct probe to %pM (try %d/%i)\n", 2663 auth_data->bss->bssid, auth_data->tries, 2664 IEEE80211_AUTH_MAX_TRIES); 2665 2666 ssidie = ieee80211_bss_get_ie(auth_data->bss, WLAN_EID_SSID); 2667 if (!ssidie) 2668 return -EINVAL; 2669 /* 2670 * Direct probe is sent to broadcast address as some APs 2671 * will not answer to direct packet in unassociated state. 2672 */ 2673 ieee80211_send_probe_req(sdata, NULL, ssidie + 2, ssidie[1], 2674 NULL, 0, (u32) -1, true, false); 2675 } 2676 2677 auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT; 2678 run_again(ifmgd, auth_data->timeout); 2679 2680 return 0; 2681 } 2682 2683 static int ieee80211_do_assoc(struct ieee80211_sub_if_data *sdata) 2684 { 2685 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data; 2686 struct ieee80211_local *local = sdata->local; 2687 2688 lockdep_assert_held(&sdata->u.mgd.mtx); 2689 2690 assoc_data->tries++; 2691 if (assoc_data->tries > IEEE80211_ASSOC_MAX_TRIES) { 2692 sdata_info(sdata, "association with %pM timed out\n", 2693 assoc_data->bss->bssid); 2694 2695 /* 2696 * Most likely AP is not in the range so remove the 2697 * bss struct for that AP. 2698 */ 2699 cfg80211_unlink_bss(local->hw.wiphy, assoc_data->bss); 2700 2701 return -ETIMEDOUT; 2702 } 2703 2704 sdata_info(sdata, "associate with %pM (try %d/%d)\n", 2705 assoc_data->bss->bssid, assoc_data->tries, 2706 IEEE80211_ASSOC_MAX_TRIES); 2707 ieee80211_send_assoc(sdata); 2708 2709 assoc_data->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT; 2710 run_again(&sdata->u.mgd, assoc_data->timeout); 2711 2712 return 0; 2713 } 2714 2715 void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata) 2716 { 2717 struct ieee80211_local *local = sdata->local; 2718 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2719 2720 mutex_lock(&ifmgd->mtx); 2721 2722 if (ifmgd->auth_data && 2723 time_after(jiffies, ifmgd->auth_data->timeout)) { 2724 if (ifmgd->auth_data->done) { 2725 /* 2726 * ok ... we waited for assoc but userspace didn't, 2727 * so let's just kill the auth data 2728 */ 2729 ieee80211_destroy_auth_data(sdata, false); 2730 } else if (ieee80211_probe_auth(sdata)) { 2731 u8 bssid[ETH_ALEN]; 2732 2733 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN); 2734 2735 ieee80211_destroy_auth_data(sdata, false); 2736 2737 mutex_unlock(&ifmgd->mtx); 2738 cfg80211_send_auth_timeout(sdata->dev, bssid); 2739 mutex_lock(&ifmgd->mtx); 2740 } 2741 } else if (ifmgd->auth_data) 2742 run_again(ifmgd, ifmgd->auth_data->timeout); 2743 2744 if (ifmgd->assoc_data && 2745 time_after(jiffies, ifmgd->assoc_data->timeout)) { 2746 if (!ifmgd->assoc_data->have_beacon || 2747 ieee80211_do_assoc(sdata)) { 2748 u8 bssid[ETH_ALEN]; 2749 2750 memcpy(bssid, ifmgd->assoc_data->bss->bssid, ETH_ALEN); 2751 2752 ieee80211_destroy_assoc_data(sdata, false); 2753 2754 mutex_unlock(&ifmgd->mtx); 2755 cfg80211_send_assoc_timeout(sdata->dev, bssid); 2756 mutex_lock(&ifmgd->mtx); 2757 } 2758 } else if (ifmgd->assoc_data) 2759 run_again(ifmgd, ifmgd->assoc_data->timeout); 2760 2761 if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 2762 IEEE80211_STA_CONNECTION_POLL) && 2763 ifmgd->associated) { 2764 u8 bssid[ETH_ALEN]; 2765 int max_tries; 2766 2767 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN); 2768 2769 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 2770 max_tries = max_nullfunc_tries; 2771 else 2772 max_tries = max_probe_tries; 2773 2774 /* ACK received for nullfunc probing frame */ 2775 if (!ifmgd->probe_send_count) 2776 ieee80211_reset_ap_probe(sdata); 2777 else if (ifmgd->nullfunc_failed) { 2778 if (ifmgd->probe_send_count < max_tries) { 2779 mlme_dbg(sdata, 2780 "No ack for nullfunc frame to AP %pM, try %d/%i\n", 2781 bssid, ifmgd->probe_send_count, 2782 max_tries); 2783 ieee80211_mgd_probe_ap_send(sdata); 2784 } else { 2785 mlme_dbg(sdata, 2786 "No ack for nullfunc frame to AP %pM, disconnecting.\n", 2787 bssid); 2788 ieee80211_sta_connection_lost(sdata, bssid, 2789 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY); 2790 } 2791 } else if (time_is_after_jiffies(ifmgd->probe_timeout)) 2792 run_again(ifmgd, ifmgd->probe_timeout); 2793 else if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) { 2794 mlme_dbg(sdata, 2795 "Failed to send nullfunc to AP %pM after %dms, disconnecting\n", 2796 bssid, probe_wait_ms); 2797 ieee80211_sta_connection_lost(sdata, bssid, 2798 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY); 2799 } else if (ifmgd->probe_send_count < max_tries) { 2800 mlme_dbg(sdata, 2801 "No probe response from AP %pM after %dms, try %d/%i\n", 2802 bssid, probe_wait_ms, 2803 ifmgd->probe_send_count, max_tries); 2804 ieee80211_mgd_probe_ap_send(sdata); 2805 } else { 2806 /* 2807 * We actually lost the connection ... or did we? 2808 * Let's make sure! 2809 */ 2810 wiphy_debug(local->hw.wiphy, 2811 "%s: No probe response from AP %pM" 2812 " after %dms, disconnecting.\n", 2813 sdata->name, 2814 bssid, probe_wait_ms); 2815 2816 ieee80211_sta_connection_lost(sdata, bssid, 2817 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY); 2818 } 2819 } 2820 2821 mutex_unlock(&ifmgd->mtx); 2822 2823 mutex_lock(&local->mtx); 2824 ieee80211_recalc_idle(local); 2825 mutex_unlock(&local->mtx); 2826 } 2827 2828 static void ieee80211_sta_bcn_mon_timer(unsigned long data) 2829 { 2830 struct ieee80211_sub_if_data *sdata = 2831 (struct ieee80211_sub_if_data *) data; 2832 struct ieee80211_local *local = sdata->local; 2833 2834 if (local->quiescing) 2835 return; 2836 2837 ieee80211_queue_work(&sdata->local->hw, 2838 &sdata->u.mgd.beacon_connection_loss_work); 2839 } 2840 2841 static void ieee80211_sta_conn_mon_timer(unsigned long data) 2842 { 2843 struct ieee80211_sub_if_data *sdata = 2844 (struct ieee80211_sub_if_data *) data; 2845 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2846 struct ieee80211_local *local = sdata->local; 2847 2848 if (local->quiescing) 2849 return; 2850 2851 ieee80211_queue_work(&local->hw, &ifmgd->monitor_work); 2852 } 2853 2854 static void ieee80211_sta_monitor_work(struct work_struct *work) 2855 { 2856 struct ieee80211_sub_if_data *sdata = 2857 container_of(work, struct ieee80211_sub_if_data, 2858 u.mgd.monitor_work); 2859 2860 ieee80211_mgd_probe_ap(sdata, false); 2861 } 2862 2863 static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata) 2864 { 2865 u32 flags; 2866 2867 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 2868 __ieee80211_stop_poll(sdata); 2869 2870 /* let's probe the connection once */ 2871 flags = sdata->local->hw.flags; 2872 if (!(flags & IEEE80211_HW_CONNECTION_MONITOR)) 2873 ieee80211_queue_work(&sdata->local->hw, 2874 &sdata->u.mgd.monitor_work); 2875 /* and do all the other regular work too */ 2876 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 2877 } 2878 } 2879 2880 #ifdef CONFIG_PM 2881 void ieee80211_sta_quiesce(struct ieee80211_sub_if_data *sdata) 2882 { 2883 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2884 2885 /* 2886 * we need to use atomic bitops for the running bits 2887 * only because both timers might fire at the same 2888 * time -- the code here is properly synchronised. 2889 */ 2890 2891 cancel_work_sync(&ifmgd->request_smps_work); 2892 2893 cancel_work_sync(&ifmgd->monitor_work); 2894 cancel_work_sync(&ifmgd->beacon_connection_loss_work); 2895 if (del_timer_sync(&ifmgd->timer)) 2896 set_bit(TMR_RUNNING_TIMER, &ifmgd->timers_running); 2897 2898 cancel_work_sync(&ifmgd->chswitch_work); 2899 if (del_timer_sync(&ifmgd->chswitch_timer)) 2900 set_bit(TMR_RUNNING_CHANSW, &ifmgd->timers_running); 2901 2902 /* these will just be re-established on connection */ 2903 del_timer_sync(&ifmgd->conn_mon_timer); 2904 del_timer_sync(&ifmgd->bcn_mon_timer); 2905 } 2906 2907 void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata) 2908 { 2909 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2910 2911 if (!ifmgd->associated) 2912 return; 2913 2914 if (sdata->flags & IEEE80211_SDATA_DISCONNECT_RESUME) { 2915 sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_RESUME; 2916 mutex_lock(&ifmgd->mtx); 2917 if (ifmgd->associated) { 2918 mlme_dbg(sdata, 2919 "driver requested disconnect after resume\n"); 2920 ieee80211_sta_connection_lost(sdata, 2921 ifmgd->associated->bssid, 2922 WLAN_REASON_UNSPECIFIED); 2923 mutex_unlock(&ifmgd->mtx); 2924 return; 2925 } 2926 mutex_unlock(&ifmgd->mtx); 2927 } 2928 2929 if (test_and_clear_bit(TMR_RUNNING_TIMER, &ifmgd->timers_running)) 2930 add_timer(&ifmgd->timer); 2931 if (test_and_clear_bit(TMR_RUNNING_CHANSW, &ifmgd->timers_running)) 2932 add_timer(&ifmgd->chswitch_timer); 2933 ieee80211_sta_reset_beacon_monitor(sdata); 2934 2935 mutex_lock(&sdata->local->mtx); 2936 ieee80211_restart_sta_timer(sdata); 2937 mutex_unlock(&sdata->local->mtx); 2938 } 2939 #endif 2940 2941 /* interface setup */ 2942 void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata) 2943 { 2944 struct ieee80211_if_managed *ifmgd; 2945 2946 ifmgd = &sdata->u.mgd; 2947 INIT_WORK(&ifmgd->monitor_work, ieee80211_sta_monitor_work); 2948 INIT_WORK(&ifmgd->chswitch_work, ieee80211_chswitch_work); 2949 INIT_WORK(&ifmgd->beacon_connection_loss_work, 2950 ieee80211_beacon_connection_loss_work); 2951 INIT_WORK(&ifmgd->request_smps_work, ieee80211_request_smps_work); 2952 setup_timer(&ifmgd->timer, ieee80211_sta_timer, 2953 (unsigned long) sdata); 2954 setup_timer(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer, 2955 (unsigned long) sdata); 2956 setup_timer(&ifmgd->conn_mon_timer, ieee80211_sta_conn_mon_timer, 2957 (unsigned long) sdata); 2958 setup_timer(&ifmgd->chswitch_timer, ieee80211_chswitch_timer, 2959 (unsigned long) sdata); 2960 2961 ifmgd->flags = 0; 2962 ifmgd->powersave = sdata->wdev.ps; 2963 ifmgd->uapsd_queues = IEEE80211_DEFAULT_UAPSD_QUEUES; 2964 ifmgd->uapsd_max_sp_len = IEEE80211_DEFAULT_MAX_SP_LEN; 2965 2966 mutex_init(&ifmgd->mtx); 2967 2968 if (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_SMPS) 2969 ifmgd->req_smps = IEEE80211_SMPS_AUTOMATIC; 2970 else 2971 ifmgd->req_smps = IEEE80211_SMPS_OFF; 2972 } 2973 2974 /* scan finished notification */ 2975 void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local) 2976 { 2977 struct ieee80211_sub_if_data *sdata = local->scan_sdata; 2978 2979 /* Restart STA timers */ 2980 rcu_read_lock(); 2981 list_for_each_entry_rcu(sdata, &local->interfaces, list) 2982 ieee80211_restart_sta_timer(sdata); 2983 rcu_read_unlock(); 2984 } 2985 2986 int ieee80211_max_network_latency(struct notifier_block *nb, 2987 unsigned long data, void *dummy) 2988 { 2989 s32 latency_usec = (s32) data; 2990 struct ieee80211_local *local = 2991 container_of(nb, struct ieee80211_local, 2992 network_latency_notifier); 2993 2994 mutex_lock(&local->iflist_mtx); 2995 ieee80211_recalc_ps(local, latency_usec); 2996 mutex_unlock(&local->iflist_mtx); 2997 2998 return 0; 2999 } 3000 3001 static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata, 3002 struct cfg80211_bss *cbss, bool assoc) 3003 { 3004 struct ieee80211_local *local = sdata->local; 3005 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3006 struct ieee80211_bss *bss = (void *)cbss->priv; 3007 struct sta_info *sta = NULL; 3008 bool have_sta = false; 3009 int err; 3010 int ht_cfreq; 3011 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT; 3012 const u8 *ht_oper_ie; 3013 const struct ieee80211_ht_operation *ht_oper = NULL; 3014 struct ieee80211_supported_band *sband; 3015 3016 if (WARN_ON(!ifmgd->auth_data && !ifmgd->assoc_data)) 3017 return -EINVAL; 3018 3019 if (assoc) { 3020 rcu_read_lock(); 3021 have_sta = sta_info_get(sdata, cbss->bssid); 3022 rcu_read_unlock(); 3023 } 3024 3025 if (!have_sta) { 3026 sta = sta_info_alloc(sdata, cbss->bssid, GFP_KERNEL); 3027 if (!sta) 3028 return -ENOMEM; 3029 } 3030 3031 mutex_lock(&local->mtx); 3032 ieee80211_recalc_idle(sdata->local); 3033 mutex_unlock(&local->mtx); 3034 3035 /* switch to the right channel */ 3036 sband = local->hw.wiphy->bands[cbss->channel->band]; 3037 3038 ifmgd->flags &= ~IEEE80211_STA_DISABLE_40MHZ; 3039 3040 if (sband->ht_cap.ht_supported) { 3041 ht_oper_ie = cfg80211_find_ie(WLAN_EID_HT_OPERATION, 3042 cbss->information_elements, 3043 cbss->len_information_elements); 3044 if (ht_oper_ie && ht_oper_ie[1] >= sizeof(*ht_oper)) 3045 ht_oper = (void *)(ht_oper_ie + 2); 3046 } 3047 3048 if (ht_oper) { 3049 ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan, 3050 cbss->channel->band); 3051 /* check that channel matches the right operating channel */ 3052 if (cbss->channel->center_freq != ht_cfreq) { 3053 /* 3054 * It's possible that some APs are confused here; 3055 * Netgear WNDR3700 sometimes reports 4 higher than 3056 * the actual channel in association responses, but 3057 * since we look at probe response/beacon data here 3058 * it should be OK. 3059 */ 3060 sdata_info(sdata, 3061 "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n", 3062 cbss->channel->center_freq, 3063 ht_cfreq, ht_oper->primary_chan, 3064 cbss->channel->band); 3065 ht_oper = NULL; 3066 } 3067 } 3068 3069 if (ht_oper) { 3070 channel_type = NL80211_CHAN_HT20; 3071 3072 if (sband->ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) { 3073 switch (ht_oper->ht_param & 3074 IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 3075 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 3076 channel_type = NL80211_CHAN_HT40PLUS; 3077 break; 3078 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 3079 channel_type = NL80211_CHAN_HT40MINUS; 3080 break; 3081 } 3082 } 3083 } 3084 3085 if (!ieee80211_set_channel_type(local, sdata, channel_type)) { 3086 /* can only fail due to HT40+/- mismatch */ 3087 channel_type = NL80211_CHAN_HT20; 3088 sdata_info(sdata, 3089 "disabling 40 MHz due to multi-vif mismatch\n"); 3090 ifmgd->flags |= IEEE80211_STA_DISABLE_40MHZ; 3091 WARN_ON(!ieee80211_set_channel_type(local, sdata, 3092 channel_type)); 3093 } 3094 3095 local->oper_channel = cbss->channel; 3096 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL); 3097 3098 if (sta) { 3099 u32 rates = 0, basic_rates = 0; 3100 bool have_higher_than_11mbit; 3101 int min_rate = INT_MAX, min_rate_index = -1; 3102 3103 ieee80211_get_rates(sband, bss->supp_rates, 3104 bss->supp_rates_len, 3105 &rates, &basic_rates, 3106 &have_higher_than_11mbit, 3107 &min_rate, &min_rate_index); 3108 3109 /* 3110 * This used to be a workaround for basic rates missing 3111 * in the association response frame. Now that we no 3112 * longer use the basic rates from there, it probably 3113 * doesn't happen any more, but keep the workaround so 3114 * in case some *other* APs are buggy in different ways 3115 * we can connect -- with a warning. 3116 */ 3117 if (!basic_rates && min_rate_index >= 0) { 3118 sdata_info(sdata, 3119 "No basic rates, using min rate instead\n"); 3120 basic_rates = BIT(min_rate_index); 3121 } 3122 3123 sta->sta.supp_rates[cbss->channel->band] = rates; 3124 sdata->vif.bss_conf.basic_rates = basic_rates; 3125 3126 /* cf. IEEE 802.11 9.2.12 */ 3127 if (local->oper_channel->band == IEEE80211_BAND_2GHZ && 3128 have_higher_than_11mbit) 3129 sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE; 3130 else 3131 sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE; 3132 3133 memcpy(ifmgd->bssid, cbss->bssid, ETH_ALEN); 3134 3135 /* tell driver about BSSID and basic rates */ 3136 ieee80211_bss_info_change_notify(sdata, 3137 BSS_CHANGED_BSSID | BSS_CHANGED_BASIC_RATES); 3138 3139 if (assoc) 3140 sta_info_pre_move_state(sta, IEEE80211_STA_AUTH); 3141 3142 err = sta_info_insert(sta); 3143 sta = NULL; 3144 if (err) { 3145 sdata_info(sdata, 3146 "failed to insert STA entry for the AP (error %d)\n", 3147 err); 3148 return err; 3149 } 3150 } else 3151 WARN_ON_ONCE(!ether_addr_equal(ifmgd->bssid, cbss->bssid)); 3152 3153 return 0; 3154 } 3155 3156 /* config hooks */ 3157 int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata, 3158 struct cfg80211_auth_request *req) 3159 { 3160 struct ieee80211_local *local = sdata->local; 3161 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3162 struct ieee80211_mgd_auth_data *auth_data; 3163 u16 auth_alg; 3164 int err; 3165 3166 /* prepare auth data structure */ 3167 3168 switch (req->auth_type) { 3169 case NL80211_AUTHTYPE_OPEN_SYSTEM: 3170 auth_alg = WLAN_AUTH_OPEN; 3171 break; 3172 case NL80211_AUTHTYPE_SHARED_KEY: 3173 if (IS_ERR(local->wep_tx_tfm)) 3174 return -EOPNOTSUPP; 3175 auth_alg = WLAN_AUTH_SHARED_KEY; 3176 break; 3177 case NL80211_AUTHTYPE_FT: 3178 auth_alg = WLAN_AUTH_FT; 3179 break; 3180 case NL80211_AUTHTYPE_NETWORK_EAP: 3181 auth_alg = WLAN_AUTH_LEAP; 3182 break; 3183 default: 3184 return -EOPNOTSUPP; 3185 } 3186 3187 auth_data = kzalloc(sizeof(*auth_data) + req->ie_len, GFP_KERNEL); 3188 if (!auth_data) 3189 return -ENOMEM; 3190 3191 auth_data->bss = req->bss; 3192 3193 if (req->ie && req->ie_len) { 3194 memcpy(auth_data->ie, req->ie, req->ie_len); 3195 auth_data->ie_len = req->ie_len; 3196 } 3197 3198 if (req->key && req->key_len) { 3199 auth_data->key_len = req->key_len; 3200 auth_data->key_idx = req->key_idx; 3201 memcpy(auth_data->key, req->key, req->key_len); 3202 } 3203 3204 auth_data->algorithm = auth_alg; 3205 3206 /* try to authenticate/probe */ 3207 3208 mutex_lock(&ifmgd->mtx); 3209 3210 if ((ifmgd->auth_data && !ifmgd->auth_data->done) || 3211 ifmgd->assoc_data) { 3212 err = -EBUSY; 3213 goto err_free; 3214 } 3215 3216 if (ifmgd->auth_data) 3217 ieee80211_destroy_auth_data(sdata, false); 3218 3219 /* prep auth_data so we don't go into idle on disassoc */ 3220 ifmgd->auth_data = auth_data; 3221 3222 if (ifmgd->associated) 3223 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 3224 3225 sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid); 3226 3227 err = ieee80211_prep_connection(sdata, req->bss, false); 3228 if (err) 3229 goto err_clear; 3230 3231 err = ieee80211_probe_auth(sdata); 3232 if (err) { 3233 sta_info_destroy_addr(sdata, req->bss->bssid); 3234 goto err_clear; 3235 } 3236 3237 /* hold our own reference */ 3238 cfg80211_ref_bss(auth_data->bss); 3239 err = 0; 3240 goto out_unlock; 3241 3242 err_clear: 3243 ifmgd->auth_data = NULL; 3244 err_free: 3245 kfree(auth_data); 3246 out_unlock: 3247 mutex_unlock(&ifmgd->mtx); 3248 3249 return err; 3250 } 3251 3252 int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata, 3253 struct cfg80211_assoc_request *req) 3254 { 3255 struct ieee80211_local *local = sdata->local; 3256 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3257 struct ieee80211_bss *bss = (void *)req->bss->priv; 3258 struct ieee80211_mgd_assoc_data *assoc_data; 3259 struct ieee80211_supported_band *sband; 3260 const u8 *ssidie, *ht_ie; 3261 int i, err; 3262 3263 ssidie = ieee80211_bss_get_ie(req->bss, WLAN_EID_SSID); 3264 if (!ssidie) 3265 return -EINVAL; 3266 3267 assoc_data = kzalloc(sizeof(*assoc_data) + req->ie_len, GFP_KERNEL); 3268 if (!assoc_data) 3269 return -ENOMEM; 3270 3271 mutex_lock(&ifmgd->mtx); 3272 3273 if (ifmgd->associated) 3274 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 3275 3276 if (ifmgd->auth_data && !ifmgd->auth_data->done) { 3277 err = -EBUSY; 3278 goto err_free; 3279 } 3280 3281 if (ifmgd->assoc_data) { 3282 err = -EBUSY; 3283 goto err_free; 3284 } 3285 3286 if (ifmgd->auth_data) { 3287 bool match; 3288 3289 /* keep sta info, bssid if matching */ 3290 match = ether_addr_equal(ifmgd->bssid, req->bss->bssid); 3291 ieee80211_destroy_auth_data(sdata, match); 3292 } 3293 3294 /* prepare assoc data */ 3295 3296 ifmgd->flags &= ~IEEE80211_STA_DISABLE_11N; 3297 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED; 3298 3299 ifmgd->beacon_crc_valid = false; 3300 3301 /* 3302 * IEEE802.11n does not allow TKIP/WEP as pairwise ciphers in HT mode. 3303 * We still associate in non-HT mode (11a/b/g) if any one of these 3304 * ciphers is configured as pairwise. 3305 * We can set this to true for non-11n hardware, that'll be checked 3306 * separately along with the peer capabilities. 3307 */ 3308 for (i = 0; i < req->crypto.n_ciphers_pairwise; i++) { 3309 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 || 3310 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP || 3311 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) { 3312 ifmgd->flags |= IEEE80211_STA_DISABLE_11N; 3313 netdev_info(sdata->dev, 3314 "disabling HT due to WEP/TKIP use\n"); 3315 } 3316 } 3317 3318 if (req->flags & ASSOC_REQ_DISABLE_HT) 3319 ifmgd->flags |= IEEE80211_STA_DISABLE_11N; 3320 3321 /* Also disable HT if we don't support it or the AP doesn't use WMM */ 3322 sband = local->hw.wiphy->bands[req->bss->channel->band]; 3323 if (!sband->ht_cap.ht_supported || 3324 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used) { 3325 ifmgd->flags |= IEEE80211_STA_DISABLE_11N; 3326 netdev_info(sdata->dev, 3327 "disabling HT as WMM/QoS is not supported\n"); 3328 } 3329 3330 memcpy(&ifmgd->ht_capa, &req->ht_capa, sizeof(ifmgd->ht_capa)); 3331 memcpy(&ifmgd->ht_capa_mask, &req->ht_capa_mask, 3332 sizeof(ifmgd->ht_capa_mask)); 3333 3334 if (req->ie && req->ie_len) { 3335 memcpy(assoc_data->ie, req->ie, req->ie_len); 3336 assoc_data->ie_len = req->ie_len; 3337 } 3338 3339 assoc_data->bss = req->bss; 3340 3341 if (ifmgd->req_smps == IEEE80211_SMPS_AUTOMATIC) { 3342 if (ifmgd->powersave) 3343 ifmgd->ap_smps = IEEE80211_SMPS_DYNAMIC; 3344 else 3345 ifmgd->ap_smps = IEEE80211_SMPS_OFF; 3346 } else 3347 ifmgd->ap_smps = ifmgd->req_smps; 3348 3349 assoc_data->capability = req->bss->capability; 3350 assoc_data->wmm = bss->wmm_used && 3351 (local->hw.queues >= IEEE80211_NUM_ACS); 3352 assoc_data->supp_rates = bss->supp_rates; 3353 assoc_data->supp_rates_len = bss->supp_rates_len; 3354 3355 ht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_HT_OPERATION); 3356 if (ht_ie && ht_ie[1] >= sizeof(struct ieee80211_ht_operation)) 3357 assoc_data->ap_ht_param = 3358 ((struct ieee80211_ht_operation *)(ht_ie + 2))->ht_param; 3359 else 3360 ifmgd->flags |= IEEE80211_STA_DISABLE_11N; 3361 3362 if (bss->wmm_used && bss->uapsd_supported && 3363 (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD)) { 3364 assoc_data->uapsd = true; 3365 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED; 3366 } else { 3367 assoc_data->uapsd = false; 3368 ifmgd->flags &= ~IEEE80211_STA_UAPSD_ENABLED; 3369 } 3370 3371 memcpy(assoc_data->ssid, ssidie + 2, ssidie[1]); 3372 assoc_data->ssid_len = ssidie[1]; 3373 3374 if (req->prev_bssid) 3375 memcpy(assoc_data->prev_bssid, req->prev_bssid, ETH_ALEN); 3376 3377 if (req->use_mfp) { 3378 ifmgd->mfp = IEEE80211_MFP_REQUIRED; 3379 ifmgd->flags |= IEEE80211_STA_MFP_ENABLED; 3380 } else { 3381 ifmgd->mfp = IEEE80211_MFP_DISABLED; 3382 ifmgd->flags &= ~IEEE80211_STA_MFP_ENABLED; 3383 } 3384 3385 if (req->crypto.control_port) 3386 ifmgd->flags |= IEEE80211_STA_CONTROL_PORT; 3387 else 3388 ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT; 3389 3390 sdata->control_port_protocol = req->crypto.control_port_ethertype; 3391 sdata->control_port_no_encrypt = req->crypto.control_port_no_encrypt; 3392 3393 /* kick off associate process */ 3394 3395 ifmgd->assoc_data = assoc_data; 3396 3397 err = ieee80211_prep_connection(sdata, req->bss, true); 3398 if (err) 3399 goto err_clear; 3400 3401 if (!bss->dtim_period && 3402 sdata->local->hw.flags & IEEE80211_HW_NEED_DTIM_PERIOD) { 3403 /* 3404 * Wait up to one beacon interval ... 3405 * should this be more if we miss one? 3406 */ 3407 sdata_info(sdata, "waiting for beacon from %pM\n", 3408 ifmgd->bssid); 3409 assoc_data->timeout = TU_TO_EXP_TIME(req->bss->beacon_interval); 3410 } else { 3411 assoc_data->have_beacon = true; 3412 assoc_data->sent_assoc = false; 3413 assoc_data->timeout = jiffies; 3414 } 3415 run_again(ifmgd, assoc_data->timeout); 3416 3417 if (bss->corrupt_data) { 3418 char *corrupt_type = "data"; 3419 if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_BEACON) { 3420 if (bss->corrupt_data & 3421 IEEE80211_BSS_CORRUPT_PROBE_RESP) 3422 corrupt_type = "beacon and probe response"; 3423 else 3424 corrupt_type = "beacon"; 3425 } else if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP) 3426 corrupt_type = "probe response"; 3427 sdata_info(sdata, "associating with AP with corrupt %s\n", 3428 corrupt_type); 3429 } 3430 3431 err = 0; 3432 goto out; 3433 err_clear: 3434 ifmgd->assoc_data = NULL; 3435 err_free: 3436 kfree(assoc_data); 3437 out: 3438 mutex_unlock(&ifmgd->mtx); 3439 3440 return err; 3441 } 3442 3443 int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata, 3444 struct cfg80211_deauth_request *req) 3445 { 3446 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3447 u8 frame_buf[DEAUTH_DISASSOC_LEN]; 3448 3449 mutex_lock(&ifmgd->mtx); 3450 3451 if (ifmgd->auth_data) { 3452 ieee80211_destroy_auth_data(sdata, false); 3453 mutex_unlock(&ifmgd->mtx); 3454 return 0; 3455 } 3456 3457 sdata_info(sdata, 3458 "deauthenticating from %pM by local choice (reason=%d)\n", 3459 req->bssid, req->reason_code); 3460 3461 if (ifmgd->associated && 3462 ether_addr_equal(ifmgd->associated->bssid, req->bssid)) 3463 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 3464 req->reason_code, true, frame_buf); 3465 else 3466 ieee80211_send_deauth_disassoc(sdata, req->bssid, 3467 IEEE80211_STYPE_DEAUTH, 3468 req->reason_code, true, 3469 frame_buf); 3470 mutex_unlock(&ifmgd->mtx); 3471 3472 __cfg80211_send_deauth(sdata->dev, frame_buf, DEAUTH_DISASSOC_LEN); 3473 3474 mutex_lock(&sdata->local->mtx); 3475 ieee80211_recalc_idle(sdata->local); 3476 mutex_unlock(&sdata->local->mtx); 3477 3478 return 0; 3479 } 3480 3481 int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata, 3482 struct cfg80211_disassoc_request *req) 3483 { 3484 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3485 u8 bssid[ETH_ALEN]; 3486 u8 frame_buf[DEAUTH_DISASSOC_LEN]; 3487 3488 mutex_lock(&ifmgd->mtx); 3489 3490 /* 3491 * cfg80211 should catch this ... but it's racy since 3492 * we can receive a disassoc frame, process it, hand it 3493 * to cfg80211 while that's in a locked section already 3494 * trying to tell us that the user wants to disconnect. 3495 */ 3496 if (ifmgd->associated != req->bss) { 3497 mutex_unlock(&ifmgd->mtx); 3498 return -ENOLINK; 3499 } 3500 3501 sdata_info(sdata, 3502 "disassociating from %pM by local choice (reason=%d)\n", 3503 req->bss->bssid, req->reason_code); 3504 3505 memcpy(bssid, req->bss->bssid, ETH_ALEN); 3506 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DISASSOC, 3507 req->reason_code, !req->local_state_change, 3508 frame_buf); 3509 mutex_unlock(&ifmgd->mtx); 3510 3511 __cfg80211_send_disassoc(sdata->dev, frame_buf, DEAUTH_DISASSOC_LEN); 3512 3513 mutex_lock(&sdata->local->mtx); 3514 ieee80211_recalc_idle(sdata->local); 3515 mutex_unlock(&sdata->local->mtx); 3516 3517 return 0; 3518 } 3519 3520 void ieee80211_mgd_stop(struct ieee80211_sub_if_data *sdata) 3521 { 3522 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3523 3524 mutex_lock(&ifmgd->mtx); 3525 if (ifmgd->assoc_data) 3526 ieee80211_destroy_assoc_data(sdata, false); 3527 if (ifmgd->auth_data) 3528 ieee80211_destroy_auth_data(sdata, false); 3529 del_timer_sync(&ifmgd->timer); 3530 mutex_unlock(&ifmgd->mtx); 3531 } 3532 3533 void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif, 3534 enum nl80211_cqm_rssi_threshold_event rssi_event, 3535 gfp_t gfp) 3536 { 3537 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 3538 3539 trace_api_cqm_rssi_notify(sdata, rssi_event); 3540 3541 cfg80211_cqm_rssi_notify(sdata->dev, rssi_event, gfp); 3542 } 3543 EXPORT_SYMBOL(ieee80211_cqm_rssi_notify); 3544