1 /* 2 * BSS client mode implementation 3 * Copyright 2003-2008, Jouni Malinen <j@w1.fi> 4 * Copyright 2004, Instant802 Networks, Inc. 5 * Copyright 2005, Devicescape Software, Inc. 6 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 7 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 8 * 9 * This program is free software; you can redistribute it and/or modify 10 * it under the terms of the GNU General Public License version 2 as 11 * published by the Free Software Foundation. 12 */ 13 14 #include <linux/delay.h> 15 #include <linux/if_ether.h> 16 #include <linux/skbuff.h> 17 #include <linux/if_arp.h> 18 #include <linux/etherdevice.h> 19 #include <linux/rtnetlink.h> 20 #include <linux/pm_qos_params.h> 21 #include <linux/crc32.h> 22 #include <net/mac80211.h> 23 #include <asm/unaligned.h> 24 25 #include "ieee80211_i.h" 26 #include "driver-ops.h" 27 #include "rate.h" 28 #include "led.h" 29 30 #define IEEE80211_AUTH_TIMEOUT (HZ / 5) 31 #define IEEE80211_AUTH_MAX_TRIES 3 32 #define IEEE80211_ASSOC_TIMEOUT (HZ / 5) 33 #define IEEE80211_ASSOC_MAX_TRIES 3 34 #define IEEE80211_MAX_PROBE_TRIES 5 35 36 /* 37 * beacon loss detection timeout 38 * XXX: should depend on beacon interval 39 */ 40 #define IEEE80211_BEACON_LOSS_TIME (2 * HZ) 41 /* 42 * Time the connection can be idle before we probe 43 * it to see if we can still talk to the AP. 44 */ 45 #define IEEE80211_CONNECTION_IDLE_TIME (30 * HZ) 46 /* 47 * Time we wait for a probe response after sending 48 * a probe request because of beacon loss or for 49 * checking the connection still works. 50 */ 51 #define IEEE80211_PROBE_WAIT (HZ / 2) 52 53 #define TMR_RUNNING_TIMER 0 54 #define TMR_RUNNING_CHANSW 1 55 56 /* 57 * All cfg80211 functions have to be called outside a locked 58 * section so that they can acquire a lock themselves... This 59 * is much simpler than queuing up things in cfg80211, but we 60 * do need some indirection for that here. 61 */ 62 enum rx_mgmt_action { 63 /* no action required */ 64 RX_MGMT_NONE, 65 66 /* caller must call cfg80211_send_rx_auth() */ 67 RX_MGMT_CFG80211_AUTH, 68 69 /* caller must call cfg80211_send_rx_assoc() */ 70 RX_MGMT_CFG80211_ASSOC, 71 72 /* caller must call cfg80211_send_deauth() */ 73 RX_MGMT_CFG80211_DEAUTH, 74 75 /* caller must call cfg80211_send_disassoc() */ 76 RX_MGMT_CFG80211_DISASSOC, 77 78 /* caller must call cfg80211_auth_timeout() & free work */ 79 RX_MGMT_CFG80211_AUTH_TO, 80 81 /* caller must call cfg80211_assoc_timeout() & free work */ 82 RX_MGMT_CFG80211_ASSOC_TO, 83 }; 84 85 /* utils */ 86 static inline void ASSERT_MGD_MTX(struct ieee80211_if_managed *ifmgd) 87 { 88 WARN_ON(!mutex_is_locked(&ifmgd->mtx)); 89 } 90 91 /* 92 * We can have multiple work items (and connection probing) 93 * scheduling this timer, but we need to take care to only 94 * reschedule it when it should fire _earlier_ than it was 95 * asked for before, or if it's not pending right now. This 96 * function ensures that. Note that it then is required to 97 * run this function for all timeouts after the first one 98 * has happened -- the work that runs from this timer will 99 * do that. 100 */ 101 static void run_again(struct ieee80211_if_managed *ifmgd, 102 unsigned long timeout) 103 { 104 ASSERT_MGD_MTX(ifmgd); 105 106 if (!timer_pending(&ifmgd->timer) || 107 time_before(timeout, ifmgd->timer.expires)) 108 mod_timer(&ifmgd->timer, timeout); 109 } 110 111 static void mod_beacon_timer(struct ieee80211_sub_if_data *sdata) 112 { 113 if (sdata->local->hw.flags & IEEE80211_HW_BEACON_FILTER) 114 return; 115 116 mod_timer(&sdata->u.mgd.bcn_mon_timer, 117 round_jiffies_up(jiffies + IEEE80211_BEACON_LOSS_TIME)); 118 } 119 120 static int ecw2cw(int ecw) 121 { 122 return (1 << ecw) - 1; 123 } 124 125 static int ieee80211_compatible_rates(struct ieee80211_bss *bss, 126 struct ieee80211_supported_band *sband, 127 u32 *rates) 128 { 129 int i, j, count; 130 *rates = 0; 131 count = 0; 132 for (i = 0; i < bss->supp_rates_len; i++) { 133 int rate = (bss->supp_rates[i] & 0x7F) * 5; 134 135 for (j = 0; j < sband->n_bitrates; j++) 136 if (sband->bitrates[j].bitrate == rate) { 137 *rates |= BIT(j); 138 count++; 139 break; 140 } 141 } 142 143 return count; 144 } 145 146 /* 147 * ieee80211_enable_ht should be called only after the operating band 148 * has been determined as ht configuration depends on the hw's 149 * HT abilities for a specific band. 150 */ 151 static u32 ieee80211_enable_ht(struct ieee80211_sub_if_data *sdata, 152 struct ieee80211_ht_info *hti, 153 const u8 *bssid, u16 ap_ht_cap_flags) 154 { 155 struct ieee80211_local *local = sdata->local; 156 struct ieee80211_supported_band *sband; 157 struct sta_info *sta; 158 u32 changed = 0; 159 u16 ht_opmode; 160 bool enable_ht = true, ht_changed; 161 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT; 162 163 sband = local->hw.wiphy->bands[local->hw.conf.channel->band]; 164 165 /* HT is not supported */ 166 if (!sband->ht_cap.ht_supported) 167 enable_ht = false; 168 169 /* check that channel matches the right operating channel */ 170 if (local->hw.conf.channel->center_freq != 171 ieee80211_channel_to_frequency(hti->control_chan)) 172 enable_ht = false; 173 174 if (enable_ht) { 175 channel_type = NL80211_CHAN_HT20; 176 177 if (!(ap_ht_cap_flags & IEEE80211_HT_CAP_40MHZ_INTOLERANT) && 178 (sband->ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) && 179 (hti->ht_param & IEEE80211_HT_PARAM_CHAN_WIDTH_ANY)) { 180 switch(hti->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 181 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 182 if (!(local->hw.conf.channel->flags & 183 IEEE80211_CHAN_NO_HT40PLUS)) 184 channel_type = NL80211_CHAN_HT40PLUS; 185 break; 186 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 187 if (!(local->hw.conf.channel->flags & 188 IEEE80211_CHAN_NO_HT40MINUS)) 189 channel_type = NL80211_CHAN_HT40MINUS; 190 break; 191 } 192 } 193 } 194 195 ht_changed = conf_is_ht(&local->hw.conf) != enable_ht || 196 channel_type != local->hw.conf.channel_type; 197 198 local->oper_channel_type = channel_type; 199 200 if (ht_changed) { 201 /* channel_type change automatically detected */ 202 ieee80211_hw_config(local, 0); 203 204 rcu_read_lock(); 205 sta = sta_info_get(local, bssid); 206 if (sta) 207 rate_control_rate_update(local, sband, sta, 208 IEEE80211_RC_HT_CHANGED); 209 rcu_read_unlock(); 210 } 211 212 /* disable HT */ 213 if (!enable_ht) 214 return 0; 215 216 ht_opmode = le16_to_cpu(hti->operation_mode); 217 218 /* if bss configuration changed store the new one */ 219 if (!sdata->ht_opmode_valid || 220 sdata->vif.bss_conf.ht_operation_mode != ht_opmode) { 221 changed |= BSS_CHANGED_HT; 222 sdata->vif.bss_conf.ht_operation_mode = ht_opmode; 223 sdata->ht_opmode_valid = true; 224 } 225 226 return changed; 227 } 228 229 /* frame sending functions */ 230 231 static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata, 232 struct ieee80211_mgd_work *wk) 233 { 234 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 235 struct ieee80211_local *local = sdata->local; 236 struct sk_buff *skb; 237 struct ieee80211_mgmt *mgmt; 238 u8 *pos; 239 const u8 *ies, *ht_ie; 240 int i, len, count, rates_len, supp_rates_len; 241 u16 capab; 242 int wmm = 0; 243 struct ieee80211_supported_band *sband; 244 u32 rates = 0; 245 246 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 247 sizeof(*mgmt) + 200 + wk->ie_len + 248 wk->ssid_len); 249 if (!skb) { 250 printk(KERN_DEBUG "%s: failed to allocate buffer for assoc " 251 "frame\n", sdata->dev->name); 252 return; 253 } 254 skb_reserve(skb, local->hw.extra_tx_headroom); 255 256 sband = local->hw.wiphy->bands[local->hw.conf.channel->band]; 257 258 capab = ifmgd->capab; 259 260 if (local->hw.conf.channel->band == IEEE80211_BAND_2GHZ) { 261 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE)) 262 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME; 263 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE)) 264 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE; 265 } 266 267 if (wk->bss->cbss.capability & WLAN_CAPABILITY_PRIVACY) 268 capab |= WLAN_CAPABILITY_PRIVACY; 269 if (wk->bss->wmm_used) 270 wmm = 1; 271 272 /* get all rates supported by the device and the AP as 273 * some APs don't like getting a superset of their rates 274 * in the association request (e.g. D-Link DAP 1353 in 275 * b-only mode) */ 276 rates_len = ieee80211_compatible_rates(wk->bss, sband, &rates); 277 278 if ((wk->bss->cbss.capability & WLAN_CAPABILITY_SPECTRUM_MGMT) && 279 (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT)) 280 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT; 281 282 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24); 283 memset(mgmt, 0, 24); 284 memcpy(mgmt->da, wk->bss->cbss.bssid, ETH_ALEN); 285 memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN); 286 memcpy(mgmt->bssid, wk->bss->cbss.bssid, ETH_ALEN); 287 288 if (!is_zero_ether_addr(wk->prev_bssid)) { 289 skb_put(skb, 10); 290 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 291 IEEE80211_STYPE_REASSOC_REQ); 292 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab); 293 mgmt->u.reassoc_req.listen_interval = 294 cpu_to_le16(local->hw.conf.listen_interval); 295 memcpy(mgmt->u.reassoc_req.current_ap, wk->prev_bssid, 296 ETH_ALEN); 297 } else { 298 skb_put(skb, 4); 299 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 300 IEEE80211_STYPE_ASSOC_REQ); 301 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab); 302 mgmt->u.assoc_req.listen_interval = 303 cpu_to_le16(local->hw.conf.listen_interval); 304 } 305 306 /* SSID */ 307 ies = pos = skb_put(skb, 2 + wk->ssid_len); 308 *pos++ = WLAN_EID_SSID; 309 *pos++ = wk->ssid_len; 310 memcpy(pos, wk->ssid, wk->ssid_len); 311 312 /* add all rates which were marked to be used above */ 313 supp_rates_len = rates_len; 314 if (supp_rates_len > 8) 315 supp_rates_len = 8; 316 317 len = sband->n_bitrates; 318 pos = skb_put(skb, supp_rates_len + 2); 319 *pos++ = WLAN_EID_SUPP_RATES; 320 *pos++ = supp_rates_len; 321 322 count = 0; 323 for (i = 0; i < sband->n_bitrates; i++) { 324 if (BIT(i) & rates) { 325 int rate = sband->bitrates[i].bitrate; 326 *pos++ = (u8) (rate / 5); 327 if (++count == 8) 328 break; 329 } 330 } 331 332 if (rates_len > count) { 333 pos = skb_put(skb, rates_len - count + 2); 334 *pos++ = WLAN_EID_EXT_SUPP_RATES; 335 *pos++ = rates_len - count; 336 337 for (i++; i < sband->n_bitrates; i++) { 338 if (BIT(i) & rates) { 339 int rate = sband->bitrates[i].bitrate; 340 *pos++ = (u8) (rate / 5); 341 } 342 } 343 } 344 345 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) { 346 /* 1. power capabilities */ 347 pos = skb_put(skb, 4); 348 *pos++ = WLAN_EID_PWR_CAPABILITY; 349 *pos++ = 2; 350 *pos++ = 0; /* min tx power */ 351 *pos++ = local->hw.conf.channel->max_power; /* max tx power */ 352 353 /* 2. supported channels */ 354 /* TODO: get this in reg domain format */ 355 pos = skb_put(skb, 2 * sband->n_channels + 2); 356 *pos++ = WLAN_EID_SUPPORTED_CHANNELS; 357 *pos++ = 2 * sband->n_channels; 358 for (i = 0; i < sband->n_channels; i++) { 359 *pos++ = ieee80211_frequency_to_channel( 360 sband->channels[i].center_freq); 361 *pos++ = 1; /* one channel in the subband*/ 362 } 363 } 364 365 if (wk->ie_len && wk->ie) { 366 pos = skb_put(skb, wk->ie_len); 367 memcpy(pos, wk->ie, wk->ie_len); 368 } 369 370 if (wmm && (ifmgd->flags & IEEE80211_STA_WMM_ENABLED)) { 371 pos = skb_put(skb, 9); 372 *pos++ = WLAN_EID_VENDOR_SPECIFIC; 373 *pos++ = 7; /* len */ 374 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */ 375 *pos++ = 0x50; 376 *pos++ = 0xf2; 377 *pos++ = 2; /* WME */ 378 *pos++ = 0; /* WME info */ 379 *pos++ = 1; /* WME ver */ 380 *pos++ = 0; 381 } 382 383 /* wmm support is a must to HT */ 384 /* 385 * IEEE802.11n does not allow TKIP/WEP as pairwise 386 * ciphers in HT mode. We still associate in non-ht 387 * mode (11a/b/g) if any one of these ciphers is 388 * configured as pairwise. 389 */ 390 if (wmm && (ifmgd->flags & IEEE80211_STA_WMM_ENABLED) && 391 sband->ht_cap.ht_supported && 392 (ht_ie = ieee80211_bss_get_ie(&wk->bss->cbss, WLAN_EID_HT_INFORMATION)) && 393 ht_ie[1] >= sizeof(struct ieee80211_ht_info) && 394 (!(ifmgd->flags & IEEE80211_STA_DISABLE_11N))) { 395 struct ieee80211_ht_info *ht_info = 396 (struct ieee80211_ht_info *)(ht_ie + 2); 397 u16 cap = sband->ht_cap.cap; 398 __le16 tmp; 399 u32 flags = local->hw.conf.channel->flags; 400 401 switch (ht_info->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 402 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 403 if (flags & IEEE80211_CHAN_NO_HT40PLUS) { 404 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 405 cap &= ~IEEE80211_HT_CAP_SGI_40; 406 } 407 break; 408 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 409 if (flags & IEEE80211_CHAN_NO_HT40MINUS) { 410 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 411 cap &= ~IEEE80211_HT_CAP_SGI_40; 412 } 413 break; 414 } 415 416 tmp = cpu_to_le16(cap); 417 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap)+2); 418 *pos++ = WLAN_EID_HT_CAPABILITY; 419 *pos++ = sizeof(struct ieee80211_ht_cap); 420 memset(pos, 0, sizeof(struct ieee80211_ht_cap)); 421 memcpy(pos, &tmp, sizeof(u16)); 422 pos += sizeof(u16); 423 /* TODO: needs a define here for << 2 */ 424 *pos++ = sband->ht_cap.ampdu_factor | 425 (sband->ht_cap.ampdu_density << 2); 426 memcpy(pos, &sband->ht_cap.mcs, sizeof(sband->ht_cap.mcs)); 427 } 428 429 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 430 ieee80211_tx_skb(sdata, skb); 431 } 432 433 434 static void ieee80211_send_deauth_disassoc(struct ieee80211_sub_if_data *sdata, 435 const u8 *bssid, u16 stype, u16 reason, 436 void *cookie) 437 { 438 struct ieee80211_local *local = sdata->local; 439 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 440 struct sk_buff *skb; 441 struct ieee80211_mgmt *mgmt; 442 443 skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt)); 444 if (!skb) { 445 printk(KERN_DEBUG "%s: failed to allocate buffer for " 446 "deauth/disassoc frame\n", sdata->dev->name); 447 return; 448 } 449 skb_reserve(skb, local->hw.extra_tx_headroom); 450 451 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24); 452 memset(mgmt, 0, 24); 453 memcpy(mgmt->da, bssid, ETH_ALEN); 454 memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN); 455 memcpy(mgmt->bssid, bssid, ETH_ALEN); 456 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | stype); 457 skb_put(skb, 2); 458 /* u.deauth.reason_code == u.disassoc.reason_code */ 459 mgmt->u.deauth.reason_code = cpu_to_le16(reason); 460 461 if (stype == IEEE80211_STYPE_DEAUTH) 462 if (cookie) 463 __cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len); 464 else 465 cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len); 466 else 467 if (cookie) 468 __cfg80211_send_disassoc(sdata->dev, (u8 *)mgmt, skb->len); 469 else 470 cfg80211_send_disassoc(sdata->dev, (u8 *)mgmt, skb->len); 471 if (!(ifmgd->flags & IEEE80211_STA_MFP_ENABLED)) 472 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 473 ieee80211_tx_skb(sdata, skb); 474 } 475 476 void ieee80211_send_pspoll(struct ieee80211_local *local, 477 struct ieee80211_sub_if_data *sdata) 478 { 479 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 480 struct ieee80211_pspoll *pspoll; 481 struct sk_buff *skb; 482 u16 fc; 483 484 skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*pspoll)); 485 if (!skb) { 486 printk(KERN_DEBUG "%s: failed to allocate buffer for " 487 "pspoll frame\n", sdata->dev->name); 488 return; 489 } 490 skb_reserve(skb, local->hw.extra_tx_headroom); 491 492 pspoll = (struct ieee80211_pspoll *) skb_put(skb, sizeof(*pspoll)); 493 memset(pspoll, 0, sizeof(*pspoll)); 494 fc = IEEE80211_FTYPE_CTL | IEEE80211_STYPE_PSPOLL | IEEE80211_FCTL_PM; 495 pspoll->frame_control = cpu_to_le16(fc); 496 pspoll->aid = cpu_to_le16(ifmgd->aid); 497 498 /* aid in PS-Poll has its two MSBs each set to 1 */ 499 pspoll->aid |= cpu_to_le16(1 << 15 | 1 << 14); 500 501 memcpy(pspoll->bssid, ifmgd->bssid, ETH_ALEN); 502 memcpy(pspoll->ta, sdata->dev->dev_addr, ETH_ALEN); 503 504 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 505 ieee80211_tx_skb(sdata, skb); 506 } 507 508 void ieee80211_send_nullfunc(struct ieee80211_local *local, 509 struct ieee80211_sub_if_data *sdata, 510 int powersave) 511 { 512 struct sk_buff *skb; 513 struct ieee80211_hdr *nullfunc; 514 __le16 fc; 515 516 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 517 return; 518 519 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 24); 520 if (!skb) { 521 printk(KERN_DEBUG "%s: failed to allocate buffer for nullfunc " 522 "frame\n", sdata->dev->name); 523 return; 524 } 525 skb_reserve(skb, local->hw.extra_tx_headroom); 526 527 nullfunc = (struct ieee80211_hdr *) skb_put(skb, 24); 528 memset(nullfunc, 0, 24); 529 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC | 530 IEEE80211_FCTL_TODS); 531 if (powersave) 532 fc |= cpu_to_le16(IEEE80211_FCTL_PM); 533 nullfunc->frame_control = fc; 534 memcpy(nullfunc->addr1, sdata->u.mgd.bssid, ETH_ALEN); 535 memcpy(nullfunc->addr2, sdata->dev->dev_addr, ETH_ALEN); 536 memcpy(nullfunc->addr3, sdata->u.mgd.bssid, ETH_ALEN); 537 538 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 539 ieee80211_tx_skb(sdata, skb); 540 } 541 542 /* spectrum management related things */ 543 static void ieee80211_chswitch_work(struct work_struct *work) 544 { 545 struct ieee80211_sub_if_data *sdata = 546 container_of(work, struct ieee80211_sub_if_data, u.mgd.chswitch_work); 547 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 548 549 if (!netif_running(sdata->dev)) 550 return; 551 552 mutex_lock(&ifmgd->mtx); 553 if (!ifmgd->associated) 554 goto out; 555 556 sdata->local->oper_channel = sdata->local->csa_channel; 557 ieee80211_hw_config(sdata->local, IEEE80211_CONF_CHANGE_CHANNEL); 558 559 /* XXX: shouldn't really modify cfg80211-owned data! */ 560 ifmgd->associated->cbss.channel = sdata->local->oper_channel; 561 562 ieee80211_wake_queues_by_reason(&sdata->local->hw, 563 IEEE80211_QUEUE_STOP_REASON_CSA); 564 out: 565 ifmgd->flags &= ~IEEE80211_STA_CSA_RECEIVED; 566 mutex_unlock(&ifmgd->mtx); 567 } 568 569 static void ieee80211_chswitch_timer(unsigned long data) 570 { 571 struct ieee80211_sub_if_data *sdata = 572 (struct ieee80211_sub_if_data *) data; 573 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 574 575 if (sdata->local->quiescing) { 576 set_bit(TMR_RUNNING_CHANSW, &ifmgd->timers_running); 577 return; 578 } 579 580 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work); 581 } 582 583 void ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata, 584 struct ieee80211_channel_sw_ie *sw_elem, 585 struct ieee80211_bss *bss) 586 { 587 struct ieee80211_channel *new_ch; 588 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 589 int new_freq = ieee80211_channel_to_frequency(sw_elem->new_ch_num); 590 591 ASSERT_MGD_MTX(ifmgd); 592 593 if (!ifmgd->associated) 594 return; 595 596 if (sdata->local->scanning) 597 return; 598 599 /* Disregard subsequent beacons if we are already running a timer 600 processing a CSA */ 601 602 if (ifmgd->flags & IEEE80211_STA_CSA_RECEIVED) 603 return; 604 605 new_ch = ieee80211_get_channel(sdata->local->hw.wiphy, new_freq); 606 if (!new_ch || new_ch->flags & IEEE80211_CHAN_DISABLED) 607 return; 608 609 sdata->local->csa_channel = new_ch; 610 611 if (sw_elem->count <= 1) { 612 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work); 613 } else { 614 ieee80211_stop_queues_by_reason(&sdata->local->hw, 615 IEEE80211_QUEUE_STOP_REASON_CSA); 616 ifmgd->flags |= IEEE80211_STA_CSA_RECEIVED; 617 mod_timer(&ifmgd->chswitch_timer, 618 jiffies + 619 msecs_to_jiffies(sw_elem->count * 620 bss->cbss.beacon_interval)); 621 } 622 } 623 624 static void ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata, 625 u16 capab_info, u8 *pwr_constr_elem, 626 u8 pwr_constr_elem_len) 627 { 628 struct ieee80211_conf *conf = &sdata->local->hw.conf; 629 630 if (!(capab_info & WLAN_CAPABILITY_SPECTRUM_MGMT)) 631 return; 632 633 /* Power constraint IE length should be 1 octet */ 634 if (pwr_constr_elem_len != 1) 635 return; 636 637 if ((*pwr_constr_elem <= conf->channel->max_power) && 638 (*pwr_constr_elem != sdata->local->power_constr_level)) { 639 sdata->local->power_constr_level = *pwr_constr_elem; 640 ieee80211_hw_config(sdata->local, 0); 641 } 642 } 643 644 /* powersave */ 645 static void ieee80211_enable_ps(struct ieee80211_local *local, 646 struct ieee80211_sub_if_data *sdata) 647 { 648 struct ieee80211_conf *conf = &local->hw.conf; 649 650 /* 651 * If we are scanning right now then the parameters will 652 * take effect when scan finishes. 653 */ 654 if (local->scanning) 655 return; 656 657 if (conf->dynamic_ps_timeout > 0 && 658 !(local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)) { 659 mod_timer(&local->dynamic_ps_timer, jiffies + 660 msecs_to_jiffies(conf->dynamic_ps_timeout)); 661 } else { 662 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) 663 ieee80211_send_nullfunc(local, sdata, 1); 664 conf->flags |= IEEE80211_CONF_PS; 665 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 666 } 667 } 668 669 static void ieee80211_change_ps(struct ieee80211_local *local) 670 { 671 struct ieee80211_conf *conf = &local->hw.conf; 672 673 if (local->ps_sdata) { 674 ieee80211_enable_ps(local, local->ps_sdata); 675 } else if (conf->flags & IEEE80211_CONF_PS) { 676 conf->flags &= ~IEEE80211_CONF_PS; 677 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 678 del_timer_sync(&local->dynamic_ps_timer); 679 cancel_work_sync(&local->dynamic_ps_enable_work); 680 } 681 } 682 683 /* need to hold RTNL or interface lock */ 684 void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency) 685 { 686 struct ieee80211_sub_if_data *sdata, *found = NULL; 687 int count = 0; 688 689 if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_PS)) { 690 local->ps_sdata = NULL; 691 return; 692 } 693 694 list_for_each_entry(sdata, &local->interfaces, list) { 695 if (!netif_running(sdata->dev)) 696 continue; 697 if (sdata->vif.type != NL80211_IFTYPE_STATION) 698 continue; 699 found = sdata; 700 count++; 701 } 702 703 if (count == 1 && found->u.mgd.powersave && 704 found->u.mgd.associated && list_empty(&found->u.mgd.work_list) && 705 !(found->u.mgd.flags & (IEEE80211_STA_BEACON_POLL | 706 IEEE80211_STA_CONNECTION_POLL))) { 707 s32 beaconint_us; 708 709 if (latency < 0) 710 latency = pm_qos_requirement(PM_QOS_NETWORK_LATENCY); 711 712 beaconint_us = ieee80211_tu_to_usec( 713 found->vif.bss_conf.beacon_int); 714 715 if (beaconint_us > latency) { 716 local->ps_sdata = NULL; 717 } else { 718 u8 dtimper = found->vif.bss_conf.dtim_period; 719 int maxslp = 1; 720 721 if (dtimper > 1) 722 maxslp = min_t(int, dtimper, 723 latency / beaconint_us); 724 725 local->hw.conf.max_sleep_period = maxslp; 726 local->ps_sdata = found; 727 } 728 } else { 729 local->ps_sdata = NULL; 730 } 731 732 ieee80211_change_ps(local); 733 } 734 735 void ieee80211_dynamic_ps_disable_work(struct work_struct *work) 736 { 737 struct ieee80211_local *local = 738 container_of(work, struct ieee80211_local, 739 dynamic_ps_disable_work); 740 741 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 742 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 743 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 744 } 745 746 ieee80211_wake_queues_by_reason(&local->hw, 747 IEEE80211_QUEUE_STOP_REASON_PS); 748 } 749 750 void ieee80211_dynamic_ps_enable_work(struct work_struct *work) 751 { 752 struct ieee80211_local *local = 753 container_of(work, struct ieee80211_local, 754 dynamic_ps_enable_work); 755 struct ieee80211_sub_if_data *sdata = local->ps_sdata; 756 757 /* can only happen when PS was just disabled anyway */ 758 if (!sdata) 759 return; 760 761 if (local->hw.conf.flags & IEEE80211_CONF_PS) 762 return; 763 764 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) 765 ieee80211_send_nullfunc(local, sdata, 1); 766 767 local->hw.conf.flags |= IEEE80211_CONF_PS; 768 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 769 } 770 771 void ieee80211_dynamic_ps_timer(unsigned long data) 772 { 773 struct ieee80211_local *local = (void *) data; 774 775 if (local->quiescing || local->suspended) 776 return; 777 778 ieee80211_queue_work(&local->hw, &local->dynamic_ps_enable_work); 779 } 780 781 /* MLME */ 782 static void ieee80211_sta_wmm_params(struct ieee80211_local *local, 783 struct ieee80211_if_managed *ifmgd, 784 u8 *wmm_param, size_t wmm_param_len) 785 { 786 struct ieee80211_tx_queue_params params; 787 size_t left; 788 int count; 789 u8 *pos; 790 791 if (!(ifmgd->flags & IEEE80211_STA_WMM_ENABLED)) 792 return; 793 794 if (!wmm_param) 795 return; 796 797 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1) 798 return; 799 count = wmm_param[6] & 0x0f; 800 if (count == ifmgd->wmm_last_param_set) 801 return; 802 ifmgd->wmm_last_param_set = count; 803 804 pos = wmm_param + 8; 805 left = wmm_param_len - 8; 806 807 memset(¶ms, 0, sizeof(params)); 808 809 local->wmm_acm = 0; 810 for (; left >= 4; left -= 4, pos += 4) { 811 int aci = (pos[0] >> 5) & 0x03; 812 int acm = (pos[0] >> 4) & 0x01; 813 int queue; 814 815 switch (aci) { 816 case 1: /* AC_BK */ 817 queue = 3; 818 if (acm) 819 local->wmm_acm |= BIT(1) | BIT(2); /* BK/- */ 820 break; 821 case 2: /* AC_VI */ 822 queue = 1; 823 if (acm) 824 local->wmm_acm |= BIT(4) | BIT(5); /* CL/VI */ 825 break; 826 case 3: /* AC_VO */ 827 queue = 0; 828 if (acm) 829 local->wmm_acm |= BIT(6) | BIT(7); /* VO/NC */ 830 break; 831 case 0: /* AC_BE */ 832 default: 833 queue = 2; 834 if (acm) 835 local->wmm_acm |= BIT(0) | BIT(3); /* BE/EE */ 836 break; 837 } 838 839 params.aifs = pos[0] & 0x0f; 840 params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4); 841 params.cw_min = ecw2cw(pos[1] & 0x0f); 842 params.txop = get_unaligned_le16(pos + 2); 843 #ifdef CONFIG_MAC80211_VERBOSE_DEBUG 844 printk(KERN_DEBUG "%s: WMM queue=%d aci=%d acm=%d aifs=%d " 845 "cWmin=%d cWmax=%d txop=%d\n", 846 wiphy_name(local->hw.wiphy), queue, aci, acm, 847 params.aifs, params.cw_min, params.cw_max, params.txop); 848 #endif 849 if (drv_conf_tx(local, queue, ¶ms) && local->ops->conf_tx) 850 printk(KERN_DEBUG "%s: failed to set TX queue " 851 "parameters for queue %d\n", 852 wiphy_name(local->hw.wiphy), queue); 853 } 854 } 855 856 static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata, 857 u16 capab, bool erp_valid, u8 erp) 858 { 859 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 860 u32 changed = 0; 861 bool use_protection; 862 bool use_short_preamble; 863 bool use_short_slot; 864 865 if (erp_valid) { 866 use_protection = (erp & WLAN_ERP_USE_PROTECTION) != 0; 867 use_short_preamble = (erp & WLAN_ERP_BARKER_PREAMBLE) == 0; 868 } else { 869 use_protection = false; 870 use_short_preamble = !!(capab & WLAN_CAPABILITY_SHORT_PREAMBLE); 871 } 872 873 use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME); 874 875 if (use_protection != bss_conf->use_cts_prot) { 876 bss_conf->use_cts_prot = use_protection; 877 changed |= BSS_CHANGED_ERP_CTS_PROT; 878 } 879 880 if (use_short_preamble != bss_conf->use_short_preamble) { 881 bss_conf->use_short_preamble = use_short_preamble; 882 changed |= BSS_CHANGED_ERP_PREAMBLE; 883 } 884 885 if (use_short_slot != bss_conf->use_short_slot) { 886 bss_conf->use_short_slot = use_short_slot; 887 changed |= BSS_CHANGED_ERP_SLOT; 888 } 889 890 return changed; 891 } 892 893 static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata, 894 struct ieee80211_mgd_work *wk, 895 u32 bss_info_changed) 896 { 897 struct ieee80211_local *local = sdata->local; 898 struct ieee80211_bss *bss = wk->bss; 899 900 bss_info_changed |= BSS_CHANGED_ASSOC; 901 /* set timing information */ 902 sdata->vif.bss_conf.beacon_int = bss->cbss.beacon_interval; 903 sdata->vif.bss_conf.timestamp = bss->cbss.tsf; 904 sdata->vif.bss_conf.dtim_period = bss->dtim_period; 905 906 bss_info_changed |= BSS_CHANGED_BEACON_INT; 907 bss_info_changed |= ieee80211_handle_bss_capability(sdata, 908 bss->cbss.capability, bss->has_erp_value, bss->erp_value); 909 910 sdata->u.mgd.associated = bss; 911 sdata->u.mgd.old_associate_work = wk; 912 memcpy(sdata->u.mgd.bssid, bss->cbss.bssid, ETH_ALEN); 913 914 /* just to be sure */ 915 sdata->u.mgd.flags &= ~(IEEE80211_STA_CONNECTION_POLL | 916 IEEE80211_STA_BEACON_POLL); 917 918 /* 919 * Always handle WMM once after association regardless 920 * of the first value the AP uses. Setting -1 here has 921 * that effect because the AP values is an unsigned 922 * 4-bit value. 923 */ 924 sdata->u.mgd.wmm_last_param_set = -1; 925 926 ieee80211_led_assoc(local, 1); 927 928 sdata->vif.bss_conf.assoc = 1; 929 /* 930 * For now just always ask the driver to update the basic rateset 931 * when we have associated, we aren't checking whether it actually 932 * changed or not. 933 */ 934 bss_info_changed |= BSS_CHANGED_BASIC_RATES; 935 936 /* And the BSSID changed - we're associated now */ 937 bss_info_changed |= BSS_CHANGED_BSSID; 938 939 ieee80211_bss_info_change_notify(sdata, bss_info_changed); 940 941 mutex_lock(&local->iflist_mtx); 942 ieee80211_recalc_ps(local, -1); 943 mutex_unlock(&local->iflist_mtx); 944 945 netif_tx_start_all_queues(sdata->dev); 946 netif_carrier_on(sdata->dev); 947 } 948 949 static enum rx_mgmt_action __must_check 950 ieee80211_direct_probe(struct ieee80211_sub_if_data *sdata, 951 struct ieee80211_mgd_work *wk) 952 { 953 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 954 struct ieee80211_local *local = sdata->local; 955 956 wk->tries++; 957 if (wk->tries > IEEE80211_AUTH_MAX_TRIES) { 958 printk(KERN_DEBUG "%s: direct probe to AP %pM timed out\n", 959 sdata->dev->name, wk->bss->cbss.bssid); 960 961 /* 962 * Most likely AP is not in the range so remove the 963 * bss struct for that AP. 964 */ 965 cfg80211_unlink_bss(local->hw.wiphy, &wk->bss->cbss); 966 967 /* 968 * We might have a pending scan which had no chance to run yet 969 * due to work needing to be done. Hence, queue the STAs work 970 * again for that. 971 */ 972 ieee80211_queue_work(&local->hw, &ifmgd->work); 973 return RX_MGMT_CFG80211_AUTH_TO; 974 } 975 976 printk(KERN_DEBUG "%s: direct probe to AP %pM (try %d)\n", 977 sdata->dev->name, wk->bss->cbss.bssid, 978 wk->tries); 979 980 /* 981 * Direct probe is sent to broadcast address as some APs 982 * will not answer to direct packet in unassociated state. 983 */ 984 ieee80211_send_probe_req(sdata, NULL, wk->ssid, wk->ssid_len, NULL, 0); 985 986 wk->timeout = jiffies + IEEE80211_AUTH_TIMEOUT; 987 run_again(ifmgd, wk->timeout); 988 989 return RX_MGMT_NONE; 990 } 991 992 993 static enum rx_mgmt_action __must_check 994 ieee80211_authenticate(struct ieee80211_sub_if_data *sdata, 995 struct ieee80211_mgd_work *wk) 996 { 997 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 998 struct ieee80211_local *local = sdata->local; 999 1000 wk->tries++; 1001 if (wk->tries > IEEE80211_AUTH_MAX_TRIES) { 1002 printk(KERN_DEBUG "%s: authentication with AP %pM" 1003 " timed out\n", 1004 sdata->dev->name, wk->bss->cbss.bssid); 1005 1006 /* 1007 * Most likely AP is not in the range so remove the 1008 * bss struct for that AP. 1009 */ 1010 cfg80211_unlink_bss(local->hw.wiphy, &wk->bss->cbss); 1011 1012 /* 1013 * We might have a pending scan which had no chance to run yet 1014 * due to work needing to be done. Hence, queue the STAs work 1015 * again for that. 1016 */ 1017 ieee80211_queue_work(&local->hw, &ifmgd->work); 1018 return RX_MGMT_CFG80211_AUTH_TO; 1019 } 1020 1021 printk(KERN_DEBUG "%s: authenticate with AP %pM (try %d)\n", 1022 sdata->dev->name, wk->bss->cbss.bssid, wk->tries); 1023 1024 ieee80211_send_auth(sdata, 1, wk->auth_alg, wk->ie, wk->ie_len, 1025 wk->bss->cbss.bssid, NULL, 0, 0); 1026 wk->auth_transaction = 2; 1027 1028 wk->timeout = jiffies + IEEE80211_AUTH_TIMEOUT; 1029 run_again(ifmgd, wk->timeout); 1030 1031 return RX_MGMT_NONE; 1032 } 1033 1034 static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata, 1035 bool deauth) 1036 { 1037 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1038 struct ieee80211_local *local = sdata->local; 1039 struct sta_info *sta; 1040 u32 changed = 0, config_changed = 0; 1041 u8 bssid[ETH_ALEN]; 1042 1043 ASSERT_MGD_MTX(ifmgd); 1044 1045 if (WARN_ON(!ifmgd->associated)) 1046 return; 1047 1048 memcpy(bssid, ifmgd->associated->cbss.bssid, ETH_ALEN); 1049 1050 ifmgd->associated = NULL; 1051 memset(ifmgd->bssid, 0, ETH_ALEN); 1052 1053 if (deauth) { 1054 kfree(ifmgd->old_associate_work); 1055 ifmgd->old_associate_work = NULL; 1056 } else { 1057 struct ieee80211_mgd_work *wk = ifmgd->old_associate_work; 1058 1059 wk->state = IEEE80211_MGD_STATE_IDLE; 1060 list_add(&wk->list, &ifmgd->work_list); 1061 } 1062 1063 /* 1064 * we need to commit the associated = NULL change because the 1065 * scan code uses that to determine whether this iface should 1066 * go to/wake up from powersave or not -- and could otherwise 1067 * wake the queues erroneously. 1068 */ 1069 smp_mb(); 1070 1071 /* 1072 * Thus, we can only afterwards stop the queues -- to account 1073 * for the case where another CPU is finishing a scan at this 1074 * time -- we don't want the scan code to enable queues. 1075 */ 1076 1077 netif_tx_stop_all_queues(sdata->dev); 1078 netif_carrier_off(sdata->dev); 1079 1080 rcu_read_lock(); 1081 sta = sta_info_get(local, bssid); 1082 if (sta) 1083 ieee80211_sta_tear_down_BA_sessions(sta); 1084 rcu_read_unlock(); 1085 1086 changed |= ieee80211_reset_erp_info(sdata); 1087 1088 ieee80211_led_assoc(local, 0); 1089 changed |= BSS_CHANGED_ASSOC; 1090 sdata->vif.bss_conf.assoc = false; 1091 1092 ieee80211_set_wmm_default(sdata); 1093 1094 /* channel(_type) changes are handled by ieee80211_hw_config */ 1095 local->oper_channel_type = NL80211_CHAN_NO_HT; 1096 1097 /* on the next assoc, re-program HT parameters */ 1098 sdata->ht_opmode_valid = false; 1099 1100 local->power_constr_level = 0; 1101 1102 del_timer_sync(&local->dynamic_ps_timer); 1103 cancel_work_sync(&local->dynamic_ps_enable_work); 1104 1105 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 1106 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 1107 config_changed |= IEEE80211_CONF_CHANGE_PS; 1108 } 1109 1110 ieee80211_hw_config(local, config_changed); 1111 1112 /* And the BSSID changed -- not very interesting here */ 1113 changed |= BSS_CHANGED_BSSID; 1114 ieee80211_bss_info_change_notify(sdata, changed); 1115 1116 rcu_read_lock(); 1117 1118 sta = sta_info_get(local, bssid); 1119 if (!sta) { 1120 rcu_read_unlock(); 1121 return; 1122 } 1123 1124 sta_info_unlink(&sta); 1125 1126 rcu_read_unlock(); 1127 1128 sta_info_destroy(sta); 1129 } 1130 1131 static enum rx_mgmt_action __must_check 1132 ieee80211_associate(struct ieee80211_sub_if_data *sdata, 1133 struct ieee80211_mgd_work *wk) 1134 { 1135 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1136 struct ieee80211_local *local = sdata->local; 1137 1138 wk->tries++; 1139 if (wk->tries > IEEE80211_ASSOC_MAX_TRIES) { 1140 printk(KERN_DEBUG "%s: association with AP %pM" 1141 " timed out\n", 1142 sdata->dev->name, wk->bss->cbss.bssid); 1143 1144 /* 1145 * Most likely AP is not in the range so remove the 1146 * bss struct for that AP. 1147 */ 1148 cfg80211_unlink_bss(local->hw.wiphy, &wk->bss->cbss); 1149 1150 /* 1151 * We might have a pending scan which had no chance to run yet 1152 * due to work needing to be done. Hence, queue the STAs work 1153 * again for that. 1154 */ 1155 ieee80211_queue_work(&local->hw, &ifmgd->work); 1156 return RX_MGMT_CFG80211_ASSOC_TO; 1157 } 1158 1159 printk(KERN_DEBUG "%s: associate with AP %pM (try %d)\n", 1160 sdata->dev->name, wk->bss->cbss.bssid, wk->tries); 1161 ieee80211_send_assoc(sdata, wk); 1162 1163 wk->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT; 1164 run_again(ifmgd, wk->timeout); 1165 1166 return RX_MGMT_NONE; 1167 } 1168 1169 void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata, 1170 struct ieee80211_hdr *hdr) 1171 { 1172 /* 1173 * We can postpone the mgd.timer whenever receiving unicast frames 1174 * from AP because we know that the connection is working both ways 1175 * at that time. But multicast frames (and hence also beacons) must 1176 * be ignored here, because we need to trigger the timer during 1177 * data idle periods for sending the periodic probe request to the 1178 * AP we're connected to. 1179 */ 1180 if (is_multicast_ether_addr(hdr->addr1)) 1181 return; 1182 1183 mod_timer(&sdata->u.mgd.conn_mon_timer, 1184 round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME)); 1185 } 1186 1187 static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata) 1188 { 1189 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1190 const u8 *ssid; 1191 1192 ssid = ieee80211_bss_get_ie(&ifmgd->associated->cbss, WLAN_EID_SSID); 1193 ieee80211_send_probe_req(sdata, ifmgd->associated->cbss.bssid, 1194 ssid + 2, ssid[1], NULL, 0); 1195 1196 ifmgd->probe_send_count++; 1197 ifmgd->probe_timeout = jiffies + IEEE80211_PROBE_WAIT; 1198 run_again(ifmgd, ifmgd->probe_timeout); 1199 } 1200 1201 static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata, 1202 bool beacon) 1203 { 1204 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1205 bool already = false; 1206 1207 if (!netif_running(sdata->dev)) 1208 return; 1209 1210 if (sdata->local->scanning) 1211 return; 1212 1213 mutex_lock(&ifmgd->mtx); 1214 1215 if (!ifmgd->associated) 1216 goto out; 1217 1218 #ifdef CONFIG_MAC80211_VERBOSE_DEBUG 1219 if (beacon && net_ratelimit()) 1220 printk(KERN_DEBUG "%s: detected beacon loss from AP " 1221 "- sending probe request\n", sdata->dev->name); 1222 #endif 1223 1224 /* 1225 * The driver/our work has already reported this event or the 1226 * connection monitoring has kicked in and we have already sent 1227 * a probe request. Or maybe the AP died and the driver keeps 1228 * reporting until we disassociate... 1229 * 1230 * In either case we have to ignore the current call to this 1231 * function (except for setting the correct probe reason bit) 1232 * because otherwise we would reset the timer every time and 1233 * never check whether we received a probe response! 1234 */ 1235 if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 1236 IEEE80211_STA_CONNECTION_POLL)) 1237 already = true; 1238 1239 if (beacon) 1240 ifmgd->flags |= IEEE80211_STA_BEACON_POLL; 1241 else 1242 ifmgd->flags |= IEEE80211_STA_CONNECTION_POLL; 1243 1244 if (already) 1245 goto out; 1246 1247 mutex_lock(&sdata->local->iflist_mtx); 1248 ieee80211_recalc_ps(sdata->local, -1); 1249 mutex_unlock(&sdata->local->iflist_mtx); 1250 1251 ifmgd->probe_send_count = 0; 1252 ieee80211_mgd_probe_ap_send(sdata); 1253 out: 1254 mutex_unlock(&ifmgd->mtx); 1255 } 1256 1257 void ieee80211_beacon_loss_work(struct work_struct *work) 1258 { 1259 struct ieee80211_sub_if_data *sdata = 1260 container_of(work, struct ieee80211_sub_if_data, 1261 u.mgd.beacon_loss_work); 1262 1263 ieee80211_mgd_probe_ap(sdata, true); 1264 } 1265 1266 void ieee80211_beacon_loss(struct ieee80211_vif *vif) 1267 { 1268 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 1269 1270 ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.beacon_loss_work); 1271 } 1272 EXPORT_SYMBOL(ieee80211_beacon_loss); 1273 1274 static void ieee80211_auth_completed(struct ieee80211_sub_if_data *sdata, 1275 struct ieee80211_mgd_work *wk) 1276 { 1277 wk->state = IEEE80211_MGD_STATE_IDLE; 1278 printk(KERN_DEBUG "%s: authenticated\n", sdata->dev->name); 1279 } 1280 1281 1282 static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata, 1283 struct ieee80211_mgd_work *wk, 1284 struct ieee80211_mgmt *mgmt, 1285 size_t len) 1286 { 1287 u8 *pos; 1288 struct ieee802_11_elems elems; 1289 1290 pos = mgmt->u.auth.variable; 1291 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems); 1292 if (!elems.challenge) 1293 return; 1294 ieee80211_send_auth(sdata, 3, wk->auth_alg, 1295 elems.challenge - 2, elems.challenge_len + 2, 1296 wk->bss->cbss.bssid, 1297 wk->key, wk->key_len, wk->key_idx); 1298 wk->auth_transaction = 4; 1299 } 1300 1301 static enum rx_mgmt_action __must_check 1302 ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata, 1303 struct ieee80211_mgd_work *wk, 1304 struct ieee80211_mgmt *mgmt, size_t len) 1305 { 1306 u16 auth_alg, auth_transaction, status_code; 1307 1308 if (wk->state != IEEE80211_MGD_STATE_AUTH) 1309 return RX_MGMT_NONE; 1310 1311 if (len < 24 + 6) 1312 return RX_MGMT_NONE; 1313 1314 if (memcmp(wk->bss->cbss.bssid, mgmt->sa, ETH_ALEN) != 0) 1315 return RX_MGMT_NONE; 1316 1317 if (memcmp(wk->bss->cbss.bssid, mgmt->bssid, ETH_ALEN) != 0) 1318 return RX_MGMT_NONE; 1319 1320 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg); 1321 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction); 1322 status_code = le16_to_cpu(mgmt->u.auth.status_code); 1323 1324 if (auth_alg != wk->auth_alg || 1325 auth_transaction != wk->auth_transaction) 1326 return RX_MGMT_NONE; 1327 1328 if (status_code != WLAN_STATUS_SUCCESS) { 1329 list_del(&wk->list); 1330 kfree(wk); 1331 return RX_MGMT_CFG80211_AUTH; 1332 } 1333 1334 switch (wk->auth_alg) { 1335 case WLAN_AUTH_OPEN: 1336 case WLAN_AUTH_LEAP: 1337 case WLAN_AUTH_FT: 1338 ieee80211_auth_completed(sdata, wk); 1339 return RX_MGMT_CFG80211_AUTH; 1340 case WLAN_AUTH_SHARED_KEY: 1341 if (wk->auth_transaction == 4) { 1342 ieee80211_auth_completed(sdata, wk); 1343 return RX_MGMT_CFG80211_AUTH; 1344 } else 1345 ieee80211_auth_challenge(sdata, wk, mgmt, len); 1346 break; 1347 } 1348 1349 return RX_MGMT_NONE; 1350 } 1351 1352 1353 static enum rx_mgmt_action __must_check 1354 ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata, 1355 struct ieee80211_mgd_work *wk, 1356 struct ieee80211_mgmt *mgmt, size_t len) 1357 { 1358 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1359 const u8 *bssid = NULL; 1360 u16 reason_code; 1361 1362 if (len < 24 + 2) 1363 return RX_MGMT_NONE; 1364 1365 ASSERT_MGD_MTX(ifmgd); 1366 1367 if (wk) 1368 bssid = wk->bss->cbss.bssid; 1369 else 1370 bssid = ifmgd->associated->cbss.bssid; 1371 1372 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code); 1373 1374 printk(KERN_DEBUG "%s: deauthenticated from %pM (Reason: %u)\n", 1375 sdata->dev->name, bssid, reason_code); 1376 1377 if (!wk) { 1378 ieee80211_set_disassoc(sdata, true); 1379 ieee80211_recalc_idle(sdata->local); 1380 } else { 1381 list_del(&wk->list); 1382 kfree(wk); 1383 } 1384 1385 return RX_MGMT_CFG80211_DEAUTH; 1386 } 1387 1388 1389 static enum rx_mgmt_action __must_check 1390 ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata, 1391 struct ieee80211_mgmt *mgmt, size_t len) 1392 { 1393 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1394 u16 reason_code; 1395 1396 if (len < 24 + 2) 1397 return RX_MGMT_NONE; 1398 1399 ASSERT_MGD_MTX(ifmgd); 1400 1401 if (WARN_ON(!ifmgd->associated)) 1402 return RX_MGMT_NONE; 1403 1404 if (WARN_ON(memcmp(ifmgd->associated->cbss.bssid, mgmt->sa, ETH_ALEN))) 1405 return RX_MGMT_NONE; 1406 1407 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code); 1408 1409 printk(KERN_DEBUG "%s: disassociated from %pM (Reason: %u)\n", 1410 sdata->dev->name, mgmt->sa, reason_code); 1411 1412 ieee80211_set_disassoc(sdata, false); 1413 ieee80211_recalc_idle(sdata->local); 1414 return RX_MGMT_CFG80211_DISASSOC; 1415 } 1416 1417 1418 static enum rx_mgmt_action __must_check 1419 ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata, 1420 struct ieee80211_mgd_work *wk, 1421 struct ieee80211_mgmt *mgmt, size_t len, 1422 bool reassoc) 1423 { 1424 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1425 struct ieee80211_local *local = sdata->local; 1426 struct ieee80211_supported_band *sband; 1427 struct sta_info *sta; 1428 u32 rates, basic_rates; 1429 u16 capab_info, status_code, aid; 1430 struct ieee802_11_elems elems; 1431 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 1432 u8 *pos; 1433 u32 changed = 0; 1434 int i, j; 1435 bool have_higher_than_11mbit = false, newsta = false; 1436 u16 ap_ht_cap_flags; 1437 1438 /* 1439 * AssocResp and ReassocResp have identical structure, so process both 1440 * of them in this function. 1441 */ 1442 1443 if (len < 24 + 6) 1444 return RX_MGMT_NONE; 1445 1446 if (memcmp(wk->bss->cbss.bssid, mgmt->sa, ETH_ALEN) != 0) 1447 return RX_MGMT_NONE; 1448 1449 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 1450 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code); 1451 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 1452 1453 printk(KERN_DEBUG "%s: RX %sssocResp from %pM (capab=0x%x " 1454 "status=%d aid=%d)\n", 1455 sdata->dev->name, reassoc ? "Rea" : "A", mgmt->sa, 1456 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14)))); 1457 1458 pos = mgmt->u.assoc_resp.variable; 1459 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems); 1460 1461 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY && 1462 elems.timeout_int && elems.timeout_int_len == 5 && 1463 elems.timeout_int[0] == WLAN_TIMEOUT_ASSOC_COMEBACK) { 1464 u32 tu, ms; 1465 tu = get_unaligned_le32(elems.timeout_int + 1); 1466 ms = tu * 1024 / 1000; 1467 printk(KERN_DEBUG "%s: AP rejected association temporarily; " 1468 "comeback duration %u TU (%u ms)\n", 1469 sdata->dev->name, tu, ms); 1470 wk->timeout = jiffies + msecs_to_jiffies(ms); 1471 if (ms > IEEE80211_ASSOC_TIMEOUT) 1472 run_again(ifmgd, jiffies + msecs_to_jiffies(ms)); 1473 return RX_MGMT_NONE; 1474 } 1475 1476 if (status_code != WLAN_STATUS_SUCCESS) { 1477 printk(KERN_DEBUG "%s: AP denied association (code=%d)\n", 1478 sdata->dev->name, status_code); 1479 wk->state = IEEE80211_MGD_STATE_IDLE; 1480 return RX_MGMT_CFG80211_ASSOC; 1481 } 1482 1483 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14))) 1484 printk(KERN_DEBUG "%s: invalid aid value %d; bits 15:14 not " 1485 "set\n", sdata->dev->name, aid); 1486 aid &= ~(BIT(15) | BIT(14)); 1487 1488 if (!elems.supp_rates) { 1489 printk(KERN_DEBUG "%s: no SuppRates element in AssocResp\n", 1490 sdata->dev->name); 1491 return RX_MGMT_NONE; 1492 } 1493 1494 printk(KERN_DEBUG "%s: associated\n", sdata->dev->name); 1495 ifmgd->aid = aid; 1496 1497 rcu_read_lock(); 1498 1499 /* Add STA entry for the AP */ 1500 sta = sta_info_get(local, wk->bss->cbss.bssid); 1501 if (!sta) { 1502 newsta = true; 1503 1504 rcu_read_unlock(); 1505 1506 sta = sta_info_alloc(sdata, wk->bss->cbss.bssid, GFP_KERNEL); 1507 if (!sta) { 1508 printk(KERN_DEBUG "%s: failed to alloc STA entry for" 1509 " the AP\n", sdata->dev->name); 1510 return RX_MGMT_NONE; 1511 } 1512 1513 set_sta_flags(sta, WLAN_STA_AUTH | WLAN_STA_ASSOC | 1514 WLAN_STA_ASSOC_AP); 1515 if (!(ifmgd->flags & IEEE80211_STA_CONTROL_PORT)) 1516 set_sta_flags(sta, WLAN_STA_AUTHORIZED); 1517 1518 rcu_read_lock(); 1519 } 1520 1521 rates = 0; 1522 basic_rates = 0; 1523 sband = local->hw.wiphy->bands[local->hw.conf.channel->band]; 1524 1525 for (i = 0; i < elems.supp_rates_len; i++) { 1526 int rate = (elems.supp_rates[i] & 0x7f) * 5; 1527 bool is_basic = !!(elems.supp_rates[i] & 0x80); 1528 1529 if (rate > 110) 1530 have_higher_than_11mbit = true; 1531 1532 for (j = 0; j < sband->n_bitrates; j++) { 1533 if (sband->bitrates[j].bitrate == rate) { 1534 rates |= BIT(j); 1535 if (is_basic) 1536 basic_rates |= BIT(j); 1537 break; 1538 } 1539 } 1540 } 1541 1542 for (i = 0; i < elems.ext_supp_rates_len; i++) { 1543 int rate = (elems.ext_supp_rates[i] & 0x7f) * 5; 1544 bool is_basic = !!(elems.ext_supp_rates[i] & 0x80); 1545 1546 if (rate > 110) 1547 have_higher_than_11mbit = true; 1548 1549 for (j = 0; j < sband->n_bitrates; j++) { 1550 if (sband->bitrates[j].bitrate == rate) { 1551 rates |= BIT(j); 1552 if (is_basic) 1553 basic_rates |= BIT(j); 1554 break; 1555 } 1556 } 1557 } 1558 1559 sta->sta.supp_rates[local->hw.conf.channel->band] = rates; 1560 sdata->vif.bss_conf.basic_rates = basic_rates; 1561 1562 /* cf. IEEE 802.11 9.2.12 */ 1563 if (local->hw.conf.channel->band == IEEE80211_BAND_2GHZ && 1564 have_higher_than_11mbit) 1565 sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE; 1566 else 1567 sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE; 1568 1569 if (elems.ht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_11N)) 1570 ieee80211_ht_cap_ie_to_sta_ht_cap(sband, 1571 elems.ht_cap_elem, &sta->sta.ht_cap); 1572 1573 ap_ht_cap_flags = sta->sta.ht_cap.cap; 1574 1575 rate_control_rate_init(sta); 1576 1577 if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED) 1578 set_sta_flags(sta, WLAN_STA_MFP); 1579 1580 if (elems.wmm_param) 1581 set_sta_flags(sta, WLAN_STA_WME); 1582 1583 if (newsta) { 1584 int err = sta_info_insert(sta); 1585 if (err) { 1586 printk(KERN_DEBUG "%s: failed to insert STA entry for" 1587 " the AP (error %d)\n", sdata->dev->name, err); 1588 rcu_read_unlock(); 1589 return RX_MGMT_NONE; 1590 } 1591 } 1592 1593 rcu_read_unlock(); 1594 1595 if (elems.wmm_param) 1596 ieee80211_sta_wmm_params(local, ifmgd, elems.wmm_param, 1597 elems.wmm_param_len); 1598 else 1599 ieee80211_set_wmm_default(sdata); 1600 1601 if (elems.ht_info_elem && elems.wmm_param && 1602 (ifmgd->flags & IEEE80211_STA_WMM_ENABLED) && 1603 !(ifmgd->flags & IEEE80211_STA_DISABLE_11N)) 1604 changed |= ieee80211_enable_ht(sdata, elems.ht_info_elem, 1605 wk->bss->cbss.bssid, 1606 ap_ht_cap_flags); 1607 1608 /* delete work item -- must be before set_associated for PS */ 1609 list_del(&wk->list); 1610 1611 /* set AID and assoc capability, 1612 * ieee80211_set_associated() will tell the driver */ 1613 bss_conf->aid = aid; 1614 bss_conf->assoc_capability = capab_info; 1615 /* this will take ownership of wk */ 1616 ieee80211_set_associated(sdata, wk, changed); 1617 1618 /* 1619 * Start timer to probe the connection to the AP now. 1620 * Also start the timer that will detect beacon loss. 1621 */ 1622 ieee80211_sta_rx_notify(sdata, (struct ieee80211_hdr *)mgmt); 1623 mod_beacon_timer(sdata); 1624 1625 return RX_MGMT_CFG80211_ASSOC; 1626 } 1627 1628 1629 static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata, 1630 struct ieee80211_mgmt *mgmt, 1631 size_t len, 1632 struct ieee80211_rx_status *rx_status, 1633 struct ieee802_11_elems *elems, 1634 bool beacon) 1635 { 1636 struct ieee80211_local *local = sdata->local; 1637 int freq; 1638 struct ieee80211_bss *bss; 1639 struct ieee80211_channel *channel; 1640 1641 if (elems->ds_params && elems->ds_params_len == 1) 1642 freq = ieee80211_channel_to_frequency(elems->ds_params[0]); 1643 else 1644 freq = rx_status->freq; 1645 1646 channel = ieee80211_get_channel(local->hw.wiphy, freq); 1647 1648 if (!channel || channel->flags & IEEE80211_CHAN_DISABLED) 1649 return; 1650 1651 bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, elems, 1652 channel, beacon); 1653 if (bss) 1654 ieee80211_rx_bss_put(local, bss); 1655 1656 if (!sdata->u.mgd.associated) 1657 return; 1658 1659 if (elems->ch_switch_elem && (elems->ch_switch_elem_len == 3) && 1660 (memcmp(mgmt->bssid, sdata->u.mgd.associated->cbss.bssid, 1661 ETH_ALEN) == 0)) { 1662 struct ieee80211_channel_sw_ie *sw_elem = 1663 (struct ieee80211_channel_sw_ie *)elems->ch_switch_elem; 1664 ieee80211_sta_process_chanswitch(sdata, sw_elem, bss); 1665 } 1666 } 1667 1668 1669 static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata, 1670 struct ieee80211_mgd_work *wk, 1671 struct ieee80211_mgmt *mgmt, size_t len, 1672 struct ieee80211_rx_status *rx_status) 1673 { 1674 struct ieee80211_if_managed *ifmgd; 1675 size_t baselen; 1676 struct ieee802_11_elems elems; 1677 1678 ifmgd = &sdata->u.mgd; 1679 1680 ASSERT_MGD_MTX(ifmgd); 1681 1682 if (memcmp(mgmt->da, sdata->dev->dev_addr, ETH_ALEN)) 1683 return; /* ignore ProbeResp to foreign address */ 1684 1685 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt; 1686 if (baselen > len) 1687 return; 1688 1689 ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen, 1690 &elems); 1691 1692 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems, false); 1693 1694 /* direct probe may be part of the association flow */ 1695 if (wk && wk->state == IEEE80211_MGD_STATE_PROBE) { 1696 printk(KERN_DEBUG "%s: direct probe responded\n", 1697 sdata->dev->name); 1698 wk->tries = 0; 1699 wk->state = IEEE80211_MGD_STATE_AUTH; 1700 WARN_ON(ieee80211_authenticate(sdata, wk) != RX_MGMT_NONE); 1701 } 1702 1703 if (ifmgd->associated && 1704 memcmp(mgmt->bssid, ifmgd->associated->cbss.bssid, ETH_ALEN) == 0 && 1705 ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 1706 IEEE80211_STA_CONNECTION_POLL)) { 1707 ifmgd->flags &= ~(IEEE80211_STA_CONNECTION_POLL | 1708 IEEE80211_STA_BEACON_POLL); 1709 mutex_lock(&sdata->local->iflist_mtx); 1710 ieee80211_recalc_ps(sdata->local, -1); 1711 mutex_unlock(&sdata->local->iflist_mtx); 1712 /* 1713 * We've received a probe response, but are not sure whether 1714 * we have or will be receiving any beacons or data, so let's 1715 * schedule the timers again, just in case. 1716 */ 1717 mod_beacon_timer(sdata); 1718 mod_timer(&ifmgd->conn_mon_timer, 1719 round_jiffies_up(jiffies + 1720 IEEE80211_CONNECTION_IDLE_TIME)); 1721 } 1722 } 1723 1724 /* 1725 * This is the canonical list of information elements we care about, 1726 * the filter code also gives us all changes to the Microsoft OUI 1727 * (00:50:F2) vendor IE which is used for WMM which we need to track. 1728 * 1729 * We implement beacon filtering in software since that means we can 1730 * avoid processing the frame here and in cfg80211, and userspace 1731 * will not be able to tell whether the hardware supports it or not. 1732 * 1733 * XXX: This list needs to be dynamic -- userspace needs to be able to 1734 * add items it requires. It also needs to be able to tell us to 1735 * look out for other vendor IEs. 1736 */ 1737 static const u64 care_about_ies = 1738 (1ULL << WLAN_EID_COUNTRY) | 1739 (1ULL << WLAN_EID_ERP_INFO) | 1740 (1ULL << WLAN_EID_CHANNEL_SWITCH) | 1741 (1ULL << WLAN_EID_PWR_CONSTRAINT) | 1742 (1ULL << WLAN_EID_HT_CAPABILITY) | 1743 (1ULL << WLAN_EID_HT_INFORMATION); 1744 1745 static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata, 1746 struct ieee80211_mgmt *mgmt, 1747 size_t len, 1748 struct ieee80211_rx_status *rx_status) 1749 { 1750 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1751 size_t baselen; 1752 struct ieee802_11_elems elems; 1753 struct ieee80211_local *local = sdata->local; 1754 u32 changed = 0; 1755 bool erp_valid, directed_tim = false; 1756 u8 erp_value = 0; 1757 u32 ncrc; 1758 u8 *bssid; 1759 1760 ASSERT_MGD_MTX(ifmgd); 1761 1762 /* Process beacon from the current BSS */ 1763 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt; 1764 if (baselen > len) 1765 return; 1766 1767 if (rx_status->freq != local->hw.conf.channel->center_freq) 1768 return; 1769 1770 /* 1771 * We might have received a number of frames, among them a 1772 * disassoc frame and a beacon... 1773 */ 1774 if (!ifmgd->associated) 1775 return; 1776 1777 bssid = ifmgd->associated->cbss.bssid; 1778 1779 /* 1780 * And in theory even frames from a different AP we were just 1781 * associated to a split-second ago! 1782 */ 1783 if (memcmp(bssid, mgmt->bssid, ETH_ALEN) != 0) 1784 return; 1785 1786 if (ifmgd->flags & IEEE80211_STA_BEACON_POLL) { 1787 #ifdef CONFIG_MAC80211_VERBOSE_DEBUG 1788 if (net_ratelimit()) { 1789 printk(KERN_DEBUG "%s: cancelling probereq poll due " 1790 "to a received beacon\n", sdata->dev->name); 1791 } 1792 #endif 1793 ifmgd->flags &= ~IEEE80211_STA_BEACON_POLL; 1794 mutex_lock(&local->iflist_mtx); 1795 ieee80211_recalc_ps(local, -1); 1796 mutex_unlock(&local->iflist_mtx); 1797 } 1798 1799 /* 1800 * Push the beacon loss detection into the future since 1801 * we are processing a beacon from the AP just now. 1802 */ 1803 mod_beacon_timer(sdata); 1804 1805 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4); 1806 ncrc = ieee802_11_parse_elems_crc(mgmt->u.beacon.variable, 1807 len - baselen, &elems, 1808 care_about_ies, ncrc); 1809 1810 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) 1811 directed_tim = ieee80211_check_tim(elems.tim, elems.tim_len, 1812 ifmgd->aid); 1813 1814 if (ncrc != ifmgd->beacon_crc) { 1815 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems, 1816 true); 1817 1818 ieee80211_sta_wmm_params(local, ifmgd, elems.wmm_param, 1819 elems.wmm_param_len); 1820 } 1821 1822 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) { 1823 if (directed_tim) { 1824 if (local->hw.conf.dynamic_ps_timeout > 0) { 1825 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 1826 ieee80211_hw_config(local, 1827 IEEE80211_CONF_CHANGE_PS); 1828 ieee80211_send_nullfunc(local, sdata, 0); 1829 } else { 1830 local->pspolling = true; 1831 1832 /* 1833 * Here is assumed that the driver will be 1834 * able to send ps-poll frame and receive a 1835 * response even though power save mode is 1836 * enabled, but some drivers might require 1837 * to disable power save here. This needs 1838 * to be investigated. 1839 */ 1840 ieee80211_send_pspoll(local, sdata); 1841 } 1842 } 1843 } 1844 1845 if (ncrc == ifmgd->beacon_crc) 1846 return; 1847 ifmgd->beacon_crc = ncrc; 1848 1849 if (elems.erp_info && elems.erp_info_len >= 1) { 1850 erp_valid = true; 1851 erp_value = elems.erp_info[0]; 1852 } else { 1853 erp_valid = false; 1854 } 1855 changed |= ieee80211_handle_bss_capability(sdata, 1856 le16_to_cpu(mgmt->u.beacon.capab_info), 1857 erp_valid, erp_value); 1858 1859 1860 if (elems.ht_cap_elem && elems.ht_info_elem && elems.wmm_param && 1861 !(ifmgd->flags & IEEE80211_STA_DISABLE_11N)) { 1862 struct sta_info *sta; 1863 struct ieee80211_supported_band *sband; 1864 u16 ap_ht_cap_flags; 1865 1866 rcu_read_lock(); 1867 1868 sta = sta_info_get(local, bssid); 1869 if (WARN_ON(!sta)) { 1870 rcu_read_unlock(); 1871 return; 1872 } 1873 1874 sband = local->hw.wiphy->bands[local->hw.conf.channel->band]; 1875 1876 ieee80211_ht_cap_ie_to_sta_ht_cap(sband, 1877 elems.ht_cap_elem, &sta->sta.ht_cap); 1878 1879 ap_ht_cap_flags = sta->sta.ht_cap.cap; 1880 1881 rcu_read_unlock(); 1882 1883 changed |= ieee80211_enable_ht(sdata, elems.ht_info_elem, 1884 bssid, ap_ht_cap_flags); 1885 } 1886 1887 /* Note: country IE parsing is done for us by cfg80211 */ 1888 if (elems.country_elem) { 1889 /* TODO: IBSS also needs this */ 1890 if (elems.pwr_constr_elem) 1891 ieee80211_handle_pwr_constr(sdata, 1892 le16_to_cpu(mgmt->u.probe_resp.capab_info), 1893 elems.pwr_constr_elem, 1894 elems.pwr_constr_elem_len); 1895 } 1896 1897 ieee80211_bss_info_change_notify(sdata, changed); 1898 } 1899 1900 ieee80211_rx_result ieee80211_sta_rx_mgmt(struct ieee80211_sub_if_data *sdata, 1901 struct sk_buff *skb) 1902 { 1903 struct ieee80211_local *local = sdata->local; 1904 struct ieee80211_mgmt *mgmt; 1905 u16 fc; 1906 1907 if (skb->len < 24) 1908 return RX_DROP_MONITOR; 1909 1910 mgmt = (struct ieee80211_mgmt *) skb->data; 1911 fc = le16_to_cpu(mgmt->frame_control); 1912 1913 switch (fc & IEEE80211_FCTL_STYPE) { 1914 case IEEE80211_STYPE_PROBE_RESP: 1915 case IEEE80211_STYPE_BEACON: 1916 case IEEE80211_STYPE_AUTH: 1917 case IEEE80211_STYPE_ASSOC_RESP: 1918 case IEEE80211_STYPE_REASSOC_RESP: 1919 case IEEE80211_STYPE_DEAUTH: 1920 case IEEE80211_STYPE_DISASSOC: 1921 case IEEE80211_STYPE_ACTION: 1922 skb_queue_tail(&sdata->u.mgd.skb_queue, skb); 1923 ieee80211_queue_work(&local->hw, &sdata->u.mgd.work); 1924 return RX_QUEUED; 1925 } 1926 1927 return RX_DROP_MONITOR; 1928 } 1929 1930 static void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata, 1931 struct sk_buff *skb) 1932 { 1933 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1934 struct ieee80211_rx_status *rx_status; 1935 struct ieee80211_mgmt *mgmt; 1936 struct ieee80211_mgd_work *wk; 1937 enum rx_mgmt_action rma = RX_MGMT_NONE; 1938 u16 fc; 1939 1940 rx_status = (struct ieee80211_rx_status *) skb->cb; 1941 mgmt = (struct ieee80211_mgmt *) skb->data; 1942 fc = le16_to_cpu(mgmt->frame_control); 1943 1944 mutex_lock(&ifmgd->mtx); 1945 1946 if (ifmgd->associated && 1947 memcmp(ifmgd->associated->cbss.bssid, mgmt->bssid, 1948 ETH_ALEN) == 0) { 1949 switch (fc & IEEE80211_FCTL_STYPE) { 1950 case IEEE80211_STYPE_BEACON: 1951 ieee80211_rx_mgmt_beacon(sdata, mgmt, skb->len, 1952 rx_status); 1953 break; 1954 case IEEE80211_STYPE_PROBE_RESP: 1955 ieee80211_rx_mgmt_probe_resp(sdata, NULL, mgmt, 1956 skb->len, rx_status); 1957 break; 1958 case IEEE80211_STYPE_DEAUTH: 1959 rma = ieee80211_rx_mgmt_deauth(sdata, NULL, 1960 mgmt, skb->len); 1961 break; 1962 case IEEE80211_STYPE_DISASSOC: 1963 rma = ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len); 1964 break; 1965 case IEEE80211_STYPE_ACTION: 1966 if (mgmt->u.action.category != WLAN_CATEGORY_SPECTRUM_MGMT) 1967 break; 1968 1969 ieee80211_sta_process_chanswitch(sdata, 1970 &mgmt->u.action.u.chan_switch.sw_elem, 1971 ifmgd->associated); 1972 break; 1973 } 1974 mutex_unlock(&ifmgd->mtx); 1975 1976 switch (rma) { 1977 case RX_MGMT_NONE: 1978 /* no action */ 1979 break; 1980 case RX_MGMT_CFG80211_DEAUTH: 1981 cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len); 1982 break; 1983 case RX_MGMT_CFG80211_DISASSOC: 1984 cfg80211_send_disassoc(sdata->dev, (u8 *)mgmt, skb->len); 1985 break; 1986 default: 1987 WARN(1, "unexpected: %d", rma); 1988 } 1989 goto out; 1990 } 1991 1992 list_for_each_entry(wk, &ifmgd->work_list, list) { 1993 if (memcmp(wk->bss->cbss.bssid, mgmt->bssid, ETH_ALEN) != 0) 1994 continue; 1995 1996 switch (fc & IEEE80211_FCTL_STYPE) { 1997 case IEEE80211_STYPE_PROBE_RESP: 1998 ieee80211_rx_mgmt_probe_resp(sdata, wk, mgmt, skb->len, 1999 rx_status); 2000 break; 2001 case IEEE80211_STYPE_AUTH: 2002 rma = ieee80211_rx_mgmt_auth(sdata, wk, mgmt, skb->len); 2003 break; 2004 case IEEE80211_STYPE_ASSOC_RESP: 2005 rma = ieee80211_rx_mgmt_assoc_resp(sdata, wk, mgmt, 2006 skb->len, false); 2007 break; 2008 case IEEE80211_STYPE_REASSOC_RESP: 2009 rma = ieee80211_rx_mgmt_assoc_resp(sdata, wk, mgmt, 2010 skb->len, true); 2011 break; 2012 case IEEE80211_STYPE_DEAUTH: 2013 rma = ieee80211_rx_mgmt_deauth(sdata, wk, mgmt, 2014 skb->len); 2015 break; 2016 } 2017 /* 2018 * We've processed this frame for that work, so it can't 2019 * belong to another work struct. 2020 * NB: this is also required for correctness because the 2021 * called functions can free 'wk', and for 'rma'! 2022 */ 2023 break; 2024 } 2025 2026 mutex_unlock(&ifmgd->mtx); 2027 2028 switch (rma) { 2029 case RX_MGMT_NONE: 2030 /* no action */ 2031 break; 2032 case RX_MGMT_CFG80211_AUTH: 2033 cfg80211_send_rx_auth(sdata->dev, (u8 *) mgmt, skb->len); 2034 break; 2035 case RX_MGMT_CFG80211_ASSOC: 2036 cfg80211_send_rx_assoc(sdata->dev, (u8 *) mgmt, skb->len); 2037 break; 2038 case RX_MGMT_CFG80211_DEAUTH: 2039 cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len); 2040 break; 2041 default: 2042 WARN(1, "unexpected: %d", rma); 2043 } 2044 2045 out: 2046 kfree_skb(skb); 2047 } 2048 2049 static void ieee80211_sta_timer(unsigned long data) 2050 { 2051 struct ieee80211_sub_if_data *sdata = 2052 (struct ieee80211_sub_if_data *) data; 2053 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2054 struct ieee80211_local *local = sdata->local; 2055 2056 if (local->quiescing) { 2057 set_bit(TMR_RUNNING_TIMER, &ifmgd->timers_running); 2058 return; 2059 } 2060 2061 ieee80211_queue_work(&local->hw, &ifmgd->work); 2062 } 2063 2064 static void ieee80211_sta_work(struct work_struct *work) 2065 { 2066 struct ieee80211_sub_if_data *sdata = 2067 container_of(work, struct ieee80211_sub_if_data, u.mgd.work); 2068 struct ieee80211_local *local = sdata->local; 2069 struct ieee80211_if_managed *ifmgd; 2070 struct sk_buff *skb; 2071 struct ieee80211_mgd_work *wk, *tmp; 2072 LIST_HEAD(free_work); 2073 enum rx_mgmt_action rma; 2074 bool anybusy = false; 2075 2076 if (!netif_running(sdata->dev)) 2077 return; 2078 2079 if (local->scanning) 2080 return; 2081 2082 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 2083 return; 2084 2085 /* 2086 * ieee80211_queue_work() should have picked up most cases, 2087 * here we'll pick the the rest. 2088 */ 2089 if (WARN(local->suspended, "STA MLME work scheduled while " 2090 "going to suspend\n")) 2091 return; 2092 2093 ifmgd = &sdata->u.mgd; 2094 2095 /* first process frames to avoid timing out while a frame is pending */ 2096 while ((skb = skb_dequeue(&ifmgd->skb_queue))) 2097 ieee80211_sta_rx_queued_mgmt(sdata, skb); 2098 2099 /* then process the rest of the work */ 2100 mutex_lock(&ifmgd->mtx); 2101 2102 if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 2103 IEEE80211_STA_CONNECTION_POLL) && 2104 ifmgd->associated) { 2105 u8 bssid[ETH_ALEN]; 2106 2107 memcpy(bssid, ifmgd->associated->cbss.bssid, ETH_ALEN); 2108 if (time_is_after_jiffies(ifmgd->probe_timeout)) 2109 run_again(ifmgd, ifmgd->probe_timeout); 2110 2111 else if (ifmgd->probe_send_count < IEEE80211_MAX_PROBE_TRIES) { 2112 #ifdef CONFIG_MAC80211_VERBOSE_DEBUG 2113 printk(KERN_DEBUG "No probe response from AP %pM" 2114 " after %dms, try %d\n", bssid, 2115 (1000 * IEEE80211_PROBE_WAIT)/HZ, 2116 ifmgd->probe_send_count); 2117 #endif 2118 ieee80211_mgd_probe_ap_send(sdata); 2119 } else { 2120 /* 2121 * We actually lost the connection ... or did we? 2122 * Let's make sure! 2123 */ 2124 ifmgd->flags &= ~(IEEE80211_STA_CONNECTION_POLL | 2125 IEEE80211_STA_BEACON_POLL); 2126 printk(KERN_DEBUG "No probe response from AP %pM" 2127 " after %dms, disconnecting.\n", 2128 bssid, (1000 * IEEE80211_PROBE_WAIT)/HZ); 2129 ieee80211_set_disassoc(sdata, true); 2130 ieee80211_recalc_idle(local); 2131 mutex_unlock(&ifmgd->mtx); 2132 /* 2133 * must be outside lock due to cfg80211, 2134 * but that's not a problem. 2135 */ 2136 ieee80211_send_deauth_disassoc(sdata, bssid, 2137 IEEE80211_STYPE_DEAUTH, 2138 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, 2139 NULL); 2140 mutex_lock(&ifmgd->mtx); 2141 } 2142 } 2143 2144 2145 ieee80211_recalc_idle(local); 2146 2147 list_for_each_entry_safe(wk, tmp, &ifmgd->work_list, list) { 2148 if (time_is_after_jiffies(wk->timeout)) { 2149 /* 2150 * This work item isn't supposed to be worked on 2151 * right now, but take care to adjust the timer 2152 * properly. 2153 */ 2154 run_again(ifmgd, wk->timeout); 2155 continue; 2156 } 2157 2158 switch (wk->state) { 2159 default: 2160 WARN_ON(1); 2161 /* fall through */ 2162 case IEEE80211_MGD_STATE_IDLE: 2163 /* nothing */ 2164 rma = RX_MGMT_NONE; 2165 break; 2166 case IEEE80211_MGD_STATE_PROBE: 2167 rma = ieee80211_direct_probe(sdata, wk); 2168 break; 2169 case IEEE80211_MGD_STATE_AUTH: 2170 rma = ieee80211_authenticate(sdata, wk); 2171 break; 2172 case IEEE80211_MGD_STATE_ASSOC: 2173 rma = ieee80211_associate(sdata, wk); 2174 break; 2175 } 2176 2177 switch (rma) { 2178 case RX_MGMT_NONE: 2179 /* no action required */ 2180 break; 2181 case RX_MGMT_CFG80211_AUTH_TO: 2182 case RX_MGMT_CFG80211_ASSOC_TO: 2183 list_del(&wk->list); 2184 list_add(&wk->list, &free_work); 2185 wk->tries = rma; /* small abuse but only local */ 2186 break; 2187 default: 2188 WARN(1, "unexpected: %d", rma); 2189 } 2190 } 2191 2192 list_for_each_entry(wk, &ifmgd->work_list, list) { 2193 if (wk->state != IEEE80211_MGD_STATE_IDLE) { 2194 anybusy = true; 2195 break; 2196 } 2197 } 2198 if (!anybusy && 2199 test_and_clear_bit(IEEE80211_STA_REQ_SCAN, &ifmgd->request)) 2200 ieee80211_queue_delayed_work(&local->hw, 2201 &local->scan_work, 2202 round_jiffies_relative(0)); 2203 2204 mutex_unlock(&ifmgd->mtx); 2205 2206 list_for_each_entry_safe(wk, tmp, &free_work, list) { 2207 switch (wk->tries) { 2208 case RX_MGMT_CFG80211_AUTH_TO: 2209 cfg80211_send_auth_timeout(sdata->dev, 2210 wk->bss->cbss.bssid); 2211 break; 2212 case RX_MGMT_CFG80211_ASSOC_TO: 2213 cfg80211_send_assoc_timeout(sdata->dev, 2214 wk->bss->cbss.bssid); 2215 break; 2216 default: 2217 WARN(1, "unexpected: %d", wk->tries); 2218 } 2219 2220 list_del(&wk->list); 2221 kfree(wk); 2222 } 2223 2224 ieee80211_recalc_idle(local); 2225 } 2226 2227 static void ieee80211_sta_bcn_mon_timer(unsigned long data) 2228 { 2229 struct ieee80211_sub_if_data *sdata = 2230 (struct ieee80211_sub_if_data *) data; 2231 struct ieee80211_local *local = sdata->local; 2232 2233 if (local->quiescing) 2234 return; 2235 2236 ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.beacon_loss_work); 2237 } 2238 2239 static void ieee80211_sta_conn_mon_timer(unsigned long data) 2240 { 2241 struct ieee80211_sub_if_data *sdata = 2242 (struct ieee80211_sub_if_data *) data; 2243 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2244 struct ieee80211_local *local = sdata->local; 2245 2246 if (local->quiescing) 2247 return; 2248 2249 ieee80211_queue_work(&local->hw, &ifmgd->monitor_work); 2250 } 2251 2252 static void ieee80211_sta_monitor_work(struct work_struct *work) 2253 { 2254 struct ieee80211_sub_if_data *sdata = 2255 container_of(work, struct ieee80211_sub_if_data, 2256 u.mgd.monitor_work); 2257 2258 ieee80211_mgd_probe_ap(sdata, false); 2259 } 2260 2261 static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata) 2262 { 2263 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 2264 sdata->u.mgd.flags &= ~(IEEE80211_STA_BEACON_POLL | 2265 IEEE80211_STA_CONNECTION_POLL); 2266 2267 /* let's probe the connection once */ 2268 ieee80211_queue_work(&sdata->local->hw, 2269 &sdata->u.mgd.monitor_work); 2270 /* and do all the other regular work too */ 2271 ieee80211_queue_work(&sdata->local->hw, 2272 &sdata->u.mgd.work); 2273 } 2274 } 2275 2276 #ifdef CONFIG_PM 2277 void ieee80211_sta_quiesce(struct ieee80211_sub_if_data *sdata) 2278 { 2279 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2280 2281 /* 2282 * we need to use atomic bitops for the running bits 2283 * only because both timers might fire at the same 2284 * time -- the code here is properly synchronised. 2285 */ 2286 2287 cancel_work_sync(&ifmgd->work); 2288 cancel_work_sync(&ifmgd->beacon_loss_work); 2289 if (del_timer_sync(&ifmgd->timer)) 2290 set_bit(TMR_RUNNING_TIMER, &ifmgd->timers_running); 2291 2292 cancel_work_sync(&ifmgd->chswitch_work); 2293 if (del_timer_sync(&ifmgd->chswitch_timer)) 2294 set_bit(TMR_RUNNING_CHANSW, &ifmgd->timers_running); 2295 2296 cancel_work_sync(&ifmgd->monitor_work); 2297 /* these will just be re-established on connection */ 2298 del_timer_sync(&ifmgd->conn_mon_timer); 2299 del_timer_sync(&ifmgd->bcn_mon_timer); 2300 } 2301 2302 void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata) 2303 { 2304 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2305 2306 if (test_and_clear_bit(TMR_RUNNING_TIMER, &ifmgd->timers_running)) 2307 add_timer(&ifmgd->timer); 2308 if (test_and_clear_bit(TMR_RUNNING_CHANSW, &ifmgd->timers_running)) 2309 add_timer(&ifmgd->chswitch_timer); 2310 } 2311 #endif 2312 2313 /* interface setup */ 2314 void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata) 2315 { 2316 struct ieee80211_if_managed *ifmgd; 2317 2318 ifmgd = &sdata->u.mgd; 2319 INIT_WORK(&ifmgd->work, ieee80211_sta_work); 2320 INIT_WORK(&ifmgd->monitor_work, ieee80211_sta_monitor_work); 2321 INIT_WORK(&ifmgd->chswitch_work, ieee80211_chswitch_work); 2322 INIT_WORK(&ifmgd->beacon_loss_work, ieee80211_beacon_loss_work); 2323 setup_timer(&ifmgd->timer, ieee80211_sta_timer, 2324 (unsigned long) sdata); 2325 setup_timer(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer, 2326 (unsigned long) sdata); 2327 setup_timer(&ifmgd->conn_mon_timer, ieee80211_sta_conn_mon_timer, 2328 (unsigned long) sdata); 2329 setup_timer(&ifmgd->chswitch_timer, ieee80211_chswitch_timer, 2330 (unsigned long) sdata); 2331 skb_queue_head_init(&ifmgd->skb_queue); 2332 2333 INIT_LIST_HEAD(&ifmgd->work_list); 2334 2335 ifmgd->capab = WLAN_CAPABILITY_ESS; 2336 ifmgd->flags = 0; 2337 if (sdata->local->hw.queues >= 4) 2338 ifmgd->flags |= IEEE80211_STA_WMM_ENABLED; 2339 2340 mutex_init(&ifmgd->mtx); 2341 } 2342 2343 /* scan finished notification */ 2344 void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local) 2345 { 2346 struct ieee80211_sub_if_data *sdata = local->scan_sdata; 2347 2348 /* Restart STA timers */ 2349 rcu_read_lock(); 2350 list_for_each_entry_rcu(sdata, &local->interfaces, list) 2351 ieee80211_restart_sta_timer(sdata); 2352 rcu_read_unlock(); 2353 } 2354 2355 int ieee80211_max_network_latency(struct notifier_block *nb, 2356 unsigned long data, void *dummy) 2357 { 2358 s32 latency_usec = (s32) data; 2359 struct ieee80211_local *local = 2360 container_of(nb, struct ieee80211_local, 2361 network_latency_notifier); 2362 2363 mutex_lock(&local->iflist_mtx); 2364 ieee80211_recalc_ps(local, latency_usec); 2365 mutex_unlock(&local->iflist_mtx); 2366 2367 return 0; 2368 } 2369 2370 /* config hooks */ 2371 int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata, 2372 struct cfg80211_auth_request *req) 2373 { 2374 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2375 const u8 *ssid; 2376 struct ieee80211_mgd_work *wk; 2377 u16 auth_alg; 2378 2379 switch (req->auth_type) { 2380 case NL80211_AUTHTYPE_OPEN_SYSTEM: 2381 auth_alg = WLAN_AUTH_OPEN; 2382 break; 2383 case NL80211_AUTHTYPE_SHARED_KEY: 2384 auth_alg = WLAN_AUTH_SHARED_KEY; 2385 break; 2386 case NL80211_AUTHTYPE_FT: 2387 auth_alg = WLAN_AUTH_FT; 2388 break; 2389 case NL80211_AUTHTYPE_NETWORK_EAP: 2390 auth_alg = WLAN_AUTH_LEAP; 2391 break; 2392 default: 2393 return -EOPNOTSUPP; 2394 } 2395 2396 wk = kzalloc(sizeof(*wk) + req->ie_len, GFP_KERNEL); 2397 if (!wk) 2398 return -ENOMEM; 2399 2400 wk->bss = (void *)req->bss; 2401 2402 if (req->ie && req->ie_len) { 2403 memcpy(wk->ie, req->ie, req->ie_len); 2404 wk->ie_len = req->ie_len; 2405 } 2406 2407 if (req->key && req->key_len) { 2408 wk->key_len = req->key_len; 2409 wk->key_idx = req->key_idx; 2410 memcpy(wk->key, req->key, req->key_len); 2411 } 2412 2413 ssid = ieee80211_bss_get_ie(req->bss, WLAN_EID_SSID); 2414 memcpy(wk->ssid, ssid + 2, ssid[1]); 2415 wk->ssid_len = ssid[1]; 2416 2417 wk->state = IEEE80211_MGD_STATE_PROBE; 2418 wk->auth_alg = auth_alg; 2419 wk->timeout = jiffies; /* run right away */ 2420 2421 /* 2422 * XXX: if still associated need to tell AP that we're going 2423 * to sleep and then change channel etc. 2424 */ 2425 sdata->local->oper_channel = req->bss->channel; 2426 ieee80211_hw_config(sdata->local, 0); 2427 2428 mutex_lock(&ifmgd->mtx); 2429 list_add(&wk->list, &sdata->u.mgd.work_list); 2430 mutex_unlock(&ifmgd->mtx); 2431 2432 ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.work); 2433 return 0; 2434 } 2435 2436 int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata, 2437 struct cfg80211_assoc_request *req) 2438 { 2439 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2440 struct ieee80211_mgd_work *wk, *found = NULL; 2441 int i, err; 2442 2443 mutex_lock(&ifmgd->mtx); 2444 2445 list_for_each_entry(wk, &ifmgd->work_list, list) { 2446 if (&wk->bss->cbss == req->bss && 2447 wk->state == IEEE80211_MGD_STATE_IDLE) { 2448 found = wk; 2449 break; 2450 } 2451 } 2452 2453 if (!found) { 2454 err = -ENOLINK; 2455 goto out; 2456 } 2457 2458 list_del(&found->list); 2459 2460 wk = krealloc(found, sizeof(*wk) + req->ie_len, GFP_KERNEL); 2461 if (!wk) { 2462 list_add(&found->list, &ifmgd->work_list); 2463 err = -ENOMEM; 2464 goto out; 2465 } 2466 2467 list_add(&wk->list, &ifmgd->work_list); 2468 2469 ifmgd->flags &= ~IEEE80211_STA_DISABLE_11N; 2470 2471 for (i = 0; i < req->crypto.n_ciphers_pairwise; i++) 2472 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 || 2473 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP || 2474 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) 2475 ifmgd->flags |= IEEE80211_STA_DISABLE_11N; 2476 2477 sdata->local->oper_channel = req->bss->channel; 2478 ieee80211_hw_config(sdata->local, 0); 2479 2480 if (req->ie && req->ie_len) { 2481 memcpy(wk->ie, req->ie, req->ie_len); 2482 wk->ie_len = req->ie_len; 2483 } else 2484 wk->ie_len = 0; 2485 2486 if (req->prev_bssid) 2487 memcpy(wk->prev_bssid, req->prev_bssid, ETH_ALEN); 2488 2489 wk->state = IEEE80211_MGD_STATE_ASSOC; 2490 wk->tries = 0; 2491 wk->timeout = jiffies; /* run right away */ 2492 2493 if (req->use_mfp) { 2494 ifmgd->mfp = IEEE80211_MFP_REQUIRED; 2495 ifmgd->flags |= IEEE80211_STA_MFP_ENABLED; 2496 } else { 2497 ifmgd->mfp = IEEE80211_MFP_DISABLED; 2498 ifmgd->flags &= ~IEEE80211_STA_MFP_ENABLED; 2499 } 2500 2501 if (req->crypto.control_port) 2502 ifmgd->flags |= IEEE80211_STA_CONTROL_PORT; 2503 else 2504 ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT; 2505 2506 ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.work); 2507 2508 err = 0; 2509 2510 out: 2511 mutex_unlock(&ifmgd->mtx); 2512 return err; 2513 } 2514 2515 int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata, 2516 struct cfg80211_deauth_request *req, 2517 void *cookie) 2518 { 2519 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2520 struct ieee80211_mgd_work *wk; 2521 const u8 *bssid = NULL; 2522 bool not_auth_yet = false; 2523 2524 mutex_lock(&ifmgd->mtx); 2525 2526 if (ifmgd->associated && &ifmgd->associated->cbss == req->bss) { 2527 bssid = req->bss->bssid; 2528 ieee80211_set_disassoc(sdata, true); 2529 } else list_for_each_entry(wk, &ifmgd->work_list, list) { 2530 if (&wk->bss->cbss == req->bss) { 2531 bssid = req->bss->bssid; 2532 if (wk->state == IEEE80211_MGD_STATE_PROBE) 2533 not_auth_yet = true; 2534 list_del(&wk->list); 2535 kfree(wk); 2536 break; 2537 } 2538 } 2539 2540 /* 2541 * If somebody requests authentication and we haven't 2542 * sent out an auth frame yet there's no need to send 2543 * out a deauth frame either. If the state was PROBE, 2544 * then this is the case. If it's AUTH we have sent a 2545 * frame, and if it's IDLE we have completed the auth 2546 * process already. 2547 */ 2548 if (not_auth_yet) { 2549 mutex_unlock(&ifmgd->mtx); 2550 __cfg80211_auth_canceled(sdata->dev, bssid); 2551 return 0; 2552 } 2553 2554 /* 2555 * cfg80211 should catch this ... but it's racy since 2556 * we can receive a deauth frame, process it, hand it 2557 * to cfg80211 while that's in a locked section already 2558 * trying to tell us that the user wants to disconnect. 2559 */ 2560 if (!bssid) { 2561 mutex_unlock(&ifmgd->mtx); 2562 return -ENOLINK; 2563 } 2564 2565 mutex_unlock(&ifmgd->mtx); 2566 2567 printk(KERN_DEBUG "%s: deauthenticating from %pM by local choice (reason=%d)\n", 2568 sdata->dev->name, bssid, req->reason_code); 2569 2570 ieee80211_send_deauth_disassoc(sdata, bssid, 2571 IEEE80211_STYPE_DEAUTH, req->reason_code, 2572 cookie); 2573 2574 ieee80211_recalc_idle(sdata->local); 2575 2576 return 0; 2577 } 2578 2579 int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata, 2580 struct cfg80211_disassoc_request *req, 2581 void *cookie) 2582 { 2583 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2584 2585 mutex_lock(&ifmgd->mtx); 2586 2587 /* 2588 * cfg80211 should catch this ... but it's racy since 2589 * we can receive a disassoc frame, process it, hand it 2590 * to cfg80211 while that's in a locked section already 2591 * trying to tell us that the user wants to disconnect. 2592 */ 2593 if (&ifmgd->associated->cbss != req->bss) { 2594 mutex_unlock(&ifmgd->mtx); 2595 return -ENOLINK; 2596 } 2597 2598 printk(KERN_DEBUG "%s: disassociating from %pM by local choice (reason=%d)\n", 2599 sdata->dev->name, req->bss->bssid, req->reason_code); 2600 2601 ieee80211_set_disassoc(sdata, false); 2602 2603 mutex_unlock(&ifmgd->mtx); 2604 2605 ieee80211_send_deauth_disassoc(sdata, req->bss->bssid, 2606 IEEE80211_STYPE_DISASSOC, req->reason_code, 2607 cookie); 2608 2609 ieee80211_recalc_idle(sdata->local); 2610 2611 return 0; 2612 } 2613