1 /* 2 * mac80211 TDLS handling code 3 * 4 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net> 5 * Copyright 2014, Intel Corporation 6 * Copyright 2014 Intel Mobile Communications GmbH 7 * 8 * This file is GPLv2 as found in COPYING. 9 */ 10 11 #include <linux/ieee80211.h> 12 #include <linux/log2.h> 13 #include <net/cfg80211.h> 14 #include "ieee80211_i.h" 15 #include "driver-ops.h" 16 17 /* give usermode some time for retries in setting up the TDLS session */ 18 #define TDLS_PEER_SETUP_TIMEOUT (15 * HZ) 19 20 void ieee80211_tdls_peer_del_work(struct work_struct *wk) 21 { 22 struct ieee80211_sub_if_data *sdata; 23 struct ieee80211_local *local; 24 25 sdata = container_of(wk, struct ieee80211_sub_if_data, 26 u.mgd.tdls_peer_del_work.work); 27 local = sdata->local; 28 29 mutex_lock(&local->mtx); 30 if (!is_zero_ether_addr(sdata->u.mgd.tdls_peer)) { 31 tdls_dbg(sdata, "TDLS del peer %pM\n", sdata->u.mgd.tdls_peer); 32 sta_info_destroy_addr(sdata, sdata->u.mgd.tdls_peer); 33 eth_zero_addr(sdata->u.mgd.tdls_peer); 34 } 35 mutex_unlock(&local->mtx); 36 } 37 38 static void ieee80211_tdls_add_ext_capab(struct ieee80211_local *local, 39 struct sk_buff *skb) 40 { 41 u8 *pos = (void *)skb_put(skb, 7); 42 bool chan_switch = local->hw.wiphy->features & 43 NL80211_FEATURE_TDLS_CHANNEL_SWITCH; 44 45 *pos++ = WLAN_EID_EXT_CAPABILITY; 46 *pos++ = 5; /* len */ 47 *pos++ = 0x0; 48 *pos++ = 0x0; 49 *pos++ = 0x0; 50 *pos++ = chan_switch ? WLAN_EXT_CAPA4_TDLS_CHAN_SWITCH : 0; 51 *pos++ = WLAN_EXT_CAPA5_TDLS_ENABLED; 52 } 53 54 static u8 55 ieee80211_tdls_add_subband(struct ieee80211_sub_if_data *sdata, 56 struct sk_buff *skb, u16 start, u16 end, 57 u16 spacing) 58 { 59 u8 subband_cnt = 0, ch_cnt = 0; 60 struct ieee80211_channel *ch; 61 struct cfg80211_chan_def chandef; 62 int i, subband_start; 63 64 for (i = start; i <= end; i += spacing) { 65 if (!ch_cnt) 66 subband_start = i; 67 68 ch = ieee80211_get_channel(sdata->local->hw.wiphy, i); 69 if (ch) { 70 /* we will be active on the channel */ 71 cfg80211_chandef_create(&chandef, ch, 72 NL80211_CHAN_NO_HT); 73 if (cfg80211_reg_can_beacon(sdata->local->hw.wiphy, 74 &chandef, 75 sdata->wdev.iftype)) { 76 ch_cnt++; 77 /* 78 * check if the next channel is also part of 79 * this allowed range 80 */ 81 continue; 82 } 83 } 84 85 /* 86 * we've reached the end of a range, with allowed channels 87 * found 88 */ 89 if (ch_cnt) { 90 u8 *pos = skb_put(skb, 2); 91 *pos++ = ieee80211_frequency_to_channel(subband_start); 92 *pos++ = ch_cnt; 93 94 subband_cnt++; 95 ch_cnt = 0; 96 } 97 } 98 99 /* all channels in the requested range are allowed - add them here */ 100 if (ch_cnt) { 101 u8 *pos = skb_put(skb, 2); 102 *pos++ = ieee80211_frequency_to_channel(subband_start); 103 *pos++ = ch_cnt; 104 105 subband_cnt++; 106 } 107 108 return subband_cnt; 109 } 110 111 static void 112 ieee80211_tdls_add_supp_channels(struct ieee80211_sub_if_data *sdata, 113 struct sk_buff *skb) 114 { 115 /* 116 * Add possible channels for TDLS. These are channels that are allowed 117 * to be active. 118 */ 119 u8 subband_cnt; 120 u8 *pos = skb_put(skb, 2); 121 122 *pos++ = WLAN_EID_SUPPORTED_CHANNELS; 123 124 /* 125 * 5GHz and 2GHz channels numbers can overlap. Ignore this for now, as 126 * this doesn't happen in real world scenarios. 127 */ 128 129 /* 2GHz, with 5MHz spacing */ 130 subband_cnt = ieee80211_tdls_add_subband(sdata, skb, 2412, 2472, 5); 131 132 /* 5GHz, with 20MHz spacing */ 133 subband_cnt += ieee80211_tdls_add_subband(sdata, skb, 5000, 5825, 20); 134 135 /* length */ 136 *pos = 2 * subband_cnt; 137 } 138 139 static void ieee80211_tdls_add_oper_classes(struct ieee80211_sub_if_data *sdata, 140 struct sk_buff *skb) 141 { 142 u8 *pos; 143 u8 op_class; 144 145 if (!ieee80211_chandef_to_operating_class(&sdata->vif.bss_conf.chandef, 146 &op_class)) 147 return; 148 149 pos = skb_put(skb, 4); 150 *pos++ = WLAN_EID_SUPPORTED_REGULATORY_CLASSES; 151 *pos++ = 2; /* len */ 152 153 *pos++ = op_class; 154 *pos++ = op_class; /* give current operating class as alternate too */ 155 } 156 157 static void ieee80211_tdls_add_bss_coex_ie(struct sk_buff *skb) 158 { 159 u8 *pos = (void *)skb_put(skb, 3); 160 161 *pos++ = WLAN_EID_BSS_COEX_2040; 162 *pos++ = 1; /* len */ 163 164 *pos++ = WLAN_BSS_COEX_INFORMATION_REQUEST; 165 } 166 167 static u16 ieee80211_get_tdls_sta_capab(struct ieee80211_sub_if_data *sdata, 168 u16 status_code) 169 { 170 struct ieee80211_local *local = sdata->local; 171 u16 capab; 172 173 /* The capability will be 0 when sending a failure code */ 174 if (status_code != 0) 175 return 0; 176 177 capab = 0; 178 if (ieee80211_get_sdata_band(sdata) != IEEE80211_BAND_2GHZ) 179 return capab; 180 181 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE)) 182 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME; 183 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE)) 184 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE; 185 186 return capab; 187 } 188 189 static void ieee80211_tdls_add_link_ie(struct ieee80211_sub_if_data *sdata, 190 struct sk_buff *skb, const u8 *peer, 191 bool initiator) 192 { 193 struct ieee80211_tdls_lnkie *lnkid; 194 const u8 *init_addr, *rsp_addr; 195 196 if (initiator) { 197 init_addr = sdata->vif.addr; 198 rsp_addr = peer; 199 } else { 200 init_addr = peer; 201 rsp_addr = sdata->vif.addr; 202 } 203 204 lnkid = (void *)skb_put(skb, sizeof(struct ieee80211_tdls_lnkie)); 205 206 lnkid->ie_type = WLAN_EID_LINK_ID; 207 lnkid->ie_len = sizeof(struct ieee80211_tdls_lnkie) - 2; 208 209 memcpy(lnkid->bssid, sdata->u.mgd.bssid, ETH_ALEN); 210 memcpy(lnkid->init_sta, init_addr, ETH_ALEN); 211 memcpy(lnkid->resp_sta, rsp_addr, ETH_ALEN); 212 } 213 214 static void 215 ieee80211_tdls_add_aid(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb) 216 { 217 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 218 u8 *pos = (void *)skb_put(skb, 4); 219 220 *pos++ = WLAN_EID_AID; 221 *pos++ = 2; /* len */ 222 put_unaligned_le16(ifmgd->aid, pos); 223 } 224 225 /* translate numbering in the WMM parameter IE to the mac80211 notation */ 226 static enum ieee80211_ac_numbers ieee80211_ac_from_wmm(int ac) 227 { 228 switch (ac) { 229 default: 230 WARN_ON_ONCE(1); 231 case 0: 232 return IEEE80211_AC_BE; 233 case 1: 234 return IEEE80211_AC_BK; 235 case 2: 236 return IEEE80211_AC_VI; 237 case 3: 238 return IEEE80211_AC_VO; 239 } 240 } 241 242 static u8 ieee80211_wmm_aci_aifsn(int aifsn, bool acm, int aci) 243 { 244 u8 ret; 245 246 ret = aifsn & 0x0f; 247 if (acm) 248 ret |= 0x10; 249 ret |= (aci << 5) & 0x60; 250 return ret; 251 } 252 253 static u8 ieee80211_wmm_ecw(u16 cw_min, u16 cw_max) 254 { 255 return ((ilog2(cw_min + 1) << 0x0) & 0x0f) | 256 ((ilog2(cw_max + 1) << 0x4) & 0xf0); 257 } 258 259 static void ieee80211_tdls_add_wmm_param_ie(struct ieee80211_sub_if_data *sdata, 260 struct sk_buff *skb) 261 { 262 struct ieee80211_wmm_param_ie *wmm; 263 struct ieee80211_tx_queue_params *txq; 264 int i; 265 266 wmm = (void *)skb_put(skb, sizeof(*wmm)); 267 memset(wmm, 0, sizeof(*wmm)); 268 269 wmm->element_id = WLAN_EID_VENDOR_SPECIFIC; 270 wmm->len = sizeof(*wmm) - 2; 271 272 wmm->oui[0] = 0x00; /* Microsoft OUI 00:50:F2 */ 273 wmm->oui[1] = 0x50; 274 wmm->oui[2] = 0xf2; 275 wmm->oui_type = 2; /* WME */ 276 wmm->oui_subtype = 1; /* WME param */ 277 wmm->version = 1; /* WME ver */ 278 wmm->qos_info = 0; /* U-APSD not in use */ 279 280 /* 281 * Use the EDCA parameters defined for the BSS, or default if the AP 282 * doesn't support it, as mandated by 802.11-2012 section 10.22.4 283 */ 284 for (i = 0; i < IEEE80211_NUM_ACS; i++) { 285 txq = &sdata->tx_conf[ieee80211_ac_from_wmm(i)]; 286 wmm->ac[i].aci_aifsn = ieee80211_wmm_aci_aifsn(txq->aifs, 287 txq->acm, i); 288 wmm->ac[i].cw = ieee80211_wmm_ecw(txq->cw_min, txq->cw_max); 289 wmm->ac[i].txop_limit = cpu_to_le16(txq->txop); 290 } 291 } 292 293 static void 294 ieee80211_tdls_add_setup_start_ies(struct ieee80211_sub_if_data *sdata, 295 struct sk_buff *skb, const u8 *peer, 296 u8 action_code, bool initiator, 297 const u8 *extra_ies, size_t extra_ies_len) 298 { 299 enum ieee80211_band band = ieee80211_get_sdata_band(sdata); 300 struct ieee80211_local *local = sdata->local; 301 struct ieee80211_supported_band *sband; 302 struct ieee80211_sta_ht_cap ht_cap; 303 struct ieee80211_sta_vht_cap vht_cap; 304 struct sta_info *sta = NULL; 305 size_t offset = 0, noffset; 306 u8 *pos; 307 308 ieee80211_add_srates_ie(sdata, skb, false, band); 309 ieee80211_add_ext_srates_ie(sdata, skb, false, band); 310 ieee80211_tdls_add_supp_channels(sdata, skb); 311 312 /* add any custom IEs that go before Extended Capabilities */ 313 if (extra_ies_len) { 314 static const u8 before_ext_cap[] = { 315 WLAN_EID_SUPP_RATES, 316 WLAN_EID_COUNTRY, 317 WLAN_EID_EXT_SUPP_RATES, 318 WLAN_EID_SUPPORTED_CHANNELS, 319 WLAN_EID_RSN, 320 }; 321 noffset = ieee80211_ie_split(extra_ies, extra_ies_len, 322 before_ext_cap, 323 ARRAY_SIZE(before_ext_cap), 324 offset); 325 pos = skb_put(skb, noffset - offset); 326 memcpy(pos, extra_ies + offset, noffset - offset); 327 offset = noffset; 328 } 329 330 ieee80211_tdls_add_ext_capab(local, skb); 331 332 /* add the QoS element if we support it */ 333 if (local->hw.queues >= IEEE80211_NUM_ACS && 334 action_code != WLAN_PUB_ACTION_TDLS_DISCOVER_RES) 335 ieee80211_add_wmm_info_ie(skb_put(skb, 9), 0); /* no U-APSD */ 336 337 /* add any custom IEs that go before HT capabilities */ 338 if (extra_ies_len) { 339 static const u8 before_ht_cap[] = { 340 WLAN_EID_SUPP_RATES, 341 WLAN_EID_COUNTRY, 342 WLAN_EID_EXT_SUPP_RATES, 343 WLAN_EID_SUPPORTED_CHANNELS, 344 WLAN_EID_RSN, 345 WLAN_EID_EXT_CAPABILITY, 346 WLAN_EID_QOS_CAPA, 347 WLAN_EID_FAST_BSS_TRANSITION, 348 WLAN_EID_TIMEOUT_INTERVAL, 349 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 350 }; 351 noffset = ieee80211_ie_split(extra_ies, extra_ies_len, 352 before_ht_cap, 353 ARRAY_SIZE(before_ht_cap), 354 offset); 355 pos = skb_put(skb, noffset - offset); 356 memcpy(pos, extra_ies + offset, noffset - offset); 357 offset = noffset; 358 } 359 360 rcu_read_lock(); 361 362 /* we should have the peer STA if we're already responding */ 363 if (action_code == WLAN_TDLS_SETUP_RESPONSE) { 364 sta = sta_info_get(sdata, peer); 365 if (WARN_ON_ONCE(!sta)) { 366 rcu_read_unlock(); 367 return; 368 } 369 } 370 371 ieee80211_tdls_add_oper_classes(sdata, skb); 372 373 /* 374 * with TDLS we can switch channels, and HT-caps are not necessarily 375 * the same on all bands. The specification limits the setup to a 376 * single HT-cap, so use the current band for now. 377 */ 378 sband = local->hw.wiphy->bands[band]; 379 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap)); 380 381 if ((action_code == WLAN_TDLS_SETUP_REQUEST || 382 action_code == WLAN_PUB_ACTION_TDLS_DISCOVER_RES) && 383 ht_cap.ht_supported) { 384 ieee80211_apply_htcap_overrides(sdata, &ht_cap); 385 386 /* disable SMPS in TDLS initiator */ 387 ht_cap.cap |= WLAN_HT_CAP_SM_PS_DISABLED 388 << IEEE80211_HT_CAP_SM_PS_SHIFT; 389 390 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2); 391 ieee80211_ie_build_ht_cap(pos, &ht_cap, ht_cap.cap); 392 } else if (action_code == WLAN_TDLS_SETUP_RESPONSE && 393 ht_cap.ht_supported && sta->sta.ht_cap.ht_supported) { 394 /* disable SMPS in TDLS responder */ 395 sta->sta.ht_cap.cap |= WLAN_HT_CAP_SM_PS_DISABLED 396 << IEEE80211_HT_CAP_SM_PS_SHIFT; 397 398 /* the peer caps are already intersected with our own */ 399 memcpy(&ht_cap, &sta->sta.ht_cap, sizeof(ht_cap)); 400 401 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2); 402 ieee80211_ie_build_ht_cap(pos, &ht_cap, ht_cap.cap); 403 } 404 405 if (ht_cap.ht_supported && 406 (ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40)) 407 ieee80211_tdls_add_bss_coex_ie(skb); 408 409 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator); 410 411 /* add any custom IEs that go before VHT capabilities */ 412 if (extra_ies_len) { 413 static const u8 before_vht_cap[] = { 414 WLAN_EID_SUPP_RATES, 415 WLAN_EID_COUNTRY, 416 WLAN_EID_EXT_SUPP_RATES, 417 WLAN_EID_SUPPORTED_CHANNELS, 418 WLAN_EID_RSN, 419 WLAN_EID_EXT_CAPABILITY, 420 WLAN_EID_QOS_CAPA, 421 WLAN_EID_FAST_BSS_TRANSITION, 422 WLAN_EID_TIMEOUT_INTERVAL, 423 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 424 WLAN_EID_MULTI_BAND, 425 }; 426 noffset = ieee80211_ie_split(extra_ies, extra_ies_len, 427 before_vht_cap, 428 ARRAY_SIZE(before_vht_cap), 429 offset); 430 pos = skb_put(skb, noffset - offset); 431 memcpy(pos, extra_ies + offset, noffset - offset); 432 offset = noffset; 433 } 434 435 /* build the VHT-cap similarly to the HT-cap */ 436 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap)); 437 if ((action_code == WLAN_TDLS_SETUP_REQUEST || 438 action_code == WLAN_PUB_ACTION_TDLS_DISCOVER_RES) && 439 vht_cap.vht_supported) { 440 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap); 441 442 /* the AID is present only when VHT is implemented */ 443 if (action_code == WLAN_TDLS_SETUP_REQUEST) 444 ieee80211_tdls_add_aid(sdata, skb); 445 446 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2); 447 ieee80211_ie_build_vht_cap(pos, &vht_cap, vht_cap.cap); 448 } else if (action_code == WLAN_TDLS_SETUP_RESPONSE && 449 vht_cap.vht_supported && sta->sta.vht_cap.vht_supported) { 450 /* the peer caps are already intersected with our own */ 451 memcpy(&vht_cap, &sta->sta.vht_cap, sizeof(vht_cap)); 452 453 /* the AID is present only when VHT is implemented */ 454 ieee80211_tdls_add_aid(sdata, skb); 455 456 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2); 457 ieee80211_ie_build_vht_cap(pos, &vht_cap, vht_cap.cap); 458 } 459 460 rcu_read_unlock(); 461 462 /* add any remaining IEs */ 463 if (extra_ies_len) { 464 noffset = extra_ies_len; 465 pos = skb_put(skb, noffset - offset); 466 memcpy(pos, extra_ies + offset, noffset - offset); 467 } 468 469 } 470 471 static void 472 ieee80211_tdls_add_setup_cfm_ies(struct ieee80211_sub_if_data *sdata, 473 struct sk_buff *skb, const u8 *peer, 474 bool initiator, const u8 *extra_ies, 475 size_t extra_ies_len) 476 { 477 struct ieee80211_local *local = sdata->local; 478 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 479 size_t offset = 0, noffset; 480 struct sta_info *sta, *ap_sta; 481 enum ieee80211_band band = ieee80211_get_sdata_band(sdata); 482 u8 *pos; 483 484 rcu_read_lock(); 485 486 sta = sta_info_get(sdata, peer); 487 ap_sta = sta_info_get(sdata, ifmgd->bssid); 488 if (WARN_ON_ONCE(!sta || !ap_sta)) { 489 rcu_read_unlock(); 490 return; 491 } 492 493 /* add any custom IEs that go before the QoS IE */ 494 if (extra_ies_len) { 495 static const u8 before_qos[] = { 496 WLAN_EID_RSN, 497 }; 498 noffset = ieee80211_ie_split(extra_ies, extra_ies_len, 499 before_qos, 500 ARRAY_SIZE(before_qos), 501 offset); 502 pos = skb_put(skb, noffset - offset); 503 memcpy(pos, extra_ies + offset, noffset - offset); 504 offset = noffset; 505 } 506 507 /* add the QoS param IE if both the peer and we support it */ 508 if (local->hw.queues >= IEEE80211_NUM_ACS && sta->sta.wme) 509 ieee80211_tdls_add_wmm_param_ie(sdata, skb); 510 511 /* add any custom IEs that go before HT operation */ 512 if (extra_ies_len) { 513 static const u8 before_ht_op[] = { 514 WLAN_EID_RSN, 515 WLAN_EID_QOS_CAPA, 516 WLAN_EID_FAST_BSS_TRANSITION, 517 WLAN_EID_TIMEOUT_INTERVAL, 518 }; 519 noffset = ieee80211_ie_split(extra_ies, extra_ies_len, 520 before_ht_op, 521 ARRAY_SIZE(before_ht_op), 522 offset); 523 pos = skb_put(skb, noffset - offset); 524 memcpy(pos, extra_ies + offset, noffset - offset); 525 offset = noffset; 526 } 527 528 /* if HT support is only added in TDLS, we need an HT-operation IE */ 529 if (!ap_sta->sta.ht_cap.ht_supported && sta->sta.ht_cap.ht_supported) { 530 struct ieee80211_chanctx_conf *chanctx_conf = 531 rcu_dereference(sdata->vif.chanctx_conf); 532 if (!WARN_ON(!chanctx_conf)) { 533 pos = skb_put(skb, 2 + 534 sizeof(struct ieee80211_ht_operation)); 535 /* send an empty HT operation IE */ 536 ieee80211_ie_build_ht_oper(pos, &sta->sta.ht_cap, 537 &chanctx_conf->def, 0); 538 } 539 } 540 541 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator); 542 543 /* only include VHT-operation if not on the 2.4GHz band */ 544 if (band != IEEE80211_BAND_2GHZ && !ap_sta->sta.vht_cap.vht_supported && 545 sta->sta.vht_cap.vht_supported) { 546 struct ieee80211_chanctx_conf *chanctx_conf = 547 rcu_dereference(sdata->vif.chanctx_conf); 548 if (!WARN_ON(!chanctx_conf)) { 549 pos = skb_put(skb, 2 + 550 sizeof(struct ieee80211_vht_operation)); 551 ieee80211_ie_build_vht_oper(pos, &sta->sta.vht_cap, 552 &chanctx_conf->def); 553 } 554 } 555 556 rcu_read_unlock(); 557 558 /* add any remaining IEs */ 559 if (extra_ies_len) { 560 noffset = extra_ies_len; 561 pos = skb_put(skb, noffset - offset); 562 memcpy(pos, extra_ies + offset, noffset - offset); 563 } 564 } 565 566 static void 567 ieee80211_tdls_add_chan_switch_req_ies(struct ieee80211_sub_if_data *sdata, 568 struct sk_buff *skb, const u8 *peer, 569 bool initiator, const u8 *extra_ies, 570 size_t extra_ies_len, u8 oper_class, 571 struct cfg80211_chan_def *chandef) 572 { 573 struct ieee80211_tdls_data *tf; 574 size_t offset = 0, noffset; 575 u8 *pos; 576 577 if (WARN_ON_ONCE(!chandef)) 578 return; 579 580 tf = (void *)skb->data; 581 tf->u.chan_switch_req.target_channel = 582 ieee80211_frequency_to_channel(chandef->chan->center_freq); 583 tf->u.chan_switch_req.oper_class = oper_class; 584 585 if (extra_ies_len) { 586 static const u8 before_lnkie[] = { 587 WLAN_EID_SECONDARY_CHANNEL_OFFSET, 588 }; 589 noffset = ieee80211_ie_split(extra_ies, extra_ies_len, 590 before_lnkie, 591 ARRAY_SIZE(before_lnkie), 592 offset); 593 pos = skb_put(skb, noffset - offset); 594 memcpy(pos, extra_ies + offset, noffset - offset); 595 offset = noffset; 596 } 597 598 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator); 599 600 /* add any remaining IEs */ 601 if (extra_ies_len) { 602 noffset = extra_ies_len; 603 pos = skb_put(skb, noffset - offset); 604 memcpy(pos, extra_ies + offset, noffset - offset); 605 } 606 } 607 608 static void 609 ieee80211_tdls_add_chan_switch_resp_ies(struct ieee80211_sub_if_data *sdata, 610 struct sk_buff *skb, const u8 *peer, 611 u16 status_code, bool initiator, 612 const u8 *extra_ies, 613 size_t extra_ies_len) 614 { 615 if (status_code == 0) 616 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator); 617 618 if (extra_ies_len) 619 memcpy(skb_put(skb, extra_ies_len), extra_ies, extra_ies_len); 620 } 621 622 static void ieee80211_tdls_add_ies(struct ieee80211_sub_if_data *sdata, 623 struct sk_buff *skb, const u8 *peer, 624 u8 action_code, u16 status_code, 625 bool initiator, const u8 *extra_ies, 626 size_t extra_ies_len, u8 oper_class, 627 struct cfg80211_chan_def *chandef) 628 { 629 switch (action_code) { 630 case WLAN_TDLS_SETUP_REQUEST: 631 case WLAN_TDLS_SETUP_RESPONSE: 632 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES: 633 if (status_code == 0) 634 ieee80211_tdls_add_setup_start_ies(sdata, skb, peer, 635 action_code, 636 initiator, 637 extra_ies, 638 extra_ies_len); 639 break; 640 case WLAN_TDLS_SETUP_CONFIRM: 641 if (status_code == 0) 642 ieee80211_tdls_add_setup_cfm_ies(sdata, skb, peer, 643 initiator, extra_ies, 644 extra_ies_len); 645 break; 646 case WLAN_TDLS_TEARDOWN: 647 case WLAN_TDLS_DISCOVERY_REQUEST: 648 if (extra_ies_len) 649 memcpy(skb_put(skb, extra_ies_len), extra_ies, 650 extra_ies_len); 651 if (status_code == 0 || action_code == WLAN_TDLS_TEARDOWN) 652 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator); 653 break; 654 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST: 655 ieee80211_tdls_add_chan_switch_req_ies(sdata, skb, peer, 656 initiator, extra_ies, 657 extra_ies_len, 658 oper_class, chandef); 659 break; 660 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE: 661 ieee80211_tdls_add_chan_switch_resp_ies(sdata, skb, peer, 662 status_code, 663 initiator, extra_ies, 664 extra_ies_len); 665 break; 666 } 667 668 } 669 670 static int 671 ieee80211_prep_tdls_encap_data(struct wiphy *wiphy, struct net_device *dev, 672 const u8 *peer, u8 action_code, u8 dialog_token, 673 u16 status_code, struct sk_buff *skb) 674 { 675 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 676 struct ieee80211_tdls_data *tf; 677 678 tf = (void *)skb_put(skb, offsetof(struct ieee80211_tdls_data, u)); 679 680 memcpy(tf->da, peer, ETH_ALEN); 681 memcpy(tf->sa, sdata->vif.addr, ETH_ALEN); 682 tf->ether_type = cpu_to_be16(ETH_P_TDLS); 683 tf->payload_type = WLAN_TDLS_SNAP_RFTYPE; 684 685 /* network header is after the ethernet header */ 686 skb_set_network_header(skb, ETH_HLEN); 687 688 switch (action_code) { 689 case WLAN_TDLS_SETUP_REQUEST: 690 tf->category = WLAN_CATEGORY_TDLS; 691 tf->action_code = WLAN_TDLS_SETUP_REQUEST; 692 693 skb_put(skb, sizeof(tf->u.setup_req)); 694 tf->u.setup_req.dialog_token = dialog_token; 695 tf->u.setup_req.capability = 696 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata, 697 status_code)); 698 break; 699 case WLAN_TDLS_SETUP_RESPONSE: 700 tf->category = WLAN_CATEGORY_TDLS; 701 tf->action_code = WLAN_TDLS_SETUP_RESPONSE; 702 703 skb_put(skb, sizeof(tf->u.setup_resp)); 704 tf->u.setup_resp.status_code = cpu_to_le16(status_code); 705 tf->u.setup_resp.dialog_token = dialog_token; 706 tf->u.setup_resp.capability = 707 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata, 708 status_code)); 709 break; 710 case WLAN_TDLS_SETUP_CONFIRM: 711 tf->category = WLAN_CATEGORY_TDLS; 712 tf->action_code = WLAN_TDLS_SETUP_CONFIRM; 713 714 skb_put(skb, sizeof(tf->u.setup_cfm)); 715 tf->u.setup_cfm.status_code = cpu_to_le16(status_code); 716 tf->u.setup_cfm.dialog_token = dialog_token; 717 break; 718 case WLAN_TDLS_TEARDOWN: 719 tf->category = WLAN_CATEGORY_TDLS; 720 tf->action_code = WLAN_TDLS_TEARDOWN; 721 722 skb_put(skb, sizeof(tf->u.teardown)); 723 tf->u.teardown.reason_code = cpu_to_le16(status_code); 724 break; 725 case WLAN_TDLS_DISCOVERY_REQUEST: 726 tf->category = WLAN_CATEGORY_TDLS; 727 tf->action_code = WLAN_TDLS_DISCOVERY_REQUEST; 728 729 skb_put(skb, sizeof(tf->u.discover_req)); 730 tf->u.discover_req.dialog_token = dialog_token; 731 break; 732 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST: 733 tf->category = WLAN_CATEGORY_TDLS; 734 tf->action_code = WLAN_TDLS_CHANNEL_SWITCH_REQUEST; 735 736 skb_put(skb, sizeof(tf->u.chan_switch_req)); 737 break; 738 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE: 739 tf->category = WLAN_CATEGORY_TDLS; 740 tf->action_code = WLAN_TDLS_CHANNEL_SWITCH_RESPONSE; 741 742 skb_put(skb, sizeof(tf->u.chan_switch_resp)); 743 tf->u.chan_switch_resp.status_code = cpu_to_le16(status_code); 744 break; 745 default: 746 return -EINVAL; 747 } 748 749 return 0; 750 } 751 752 static int 753 ieee80211_prep_tdls_direct(struct wiphy *wiphy, struct net_device *dev, 754 const u8 *peer, u8 action_code, u8 dialog_token, 755 u16 status_code, struct sk_buff *skb) 756 { 757 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 758 struct ieee80211_mgmt *mgmt; 759 760 mgmt = (void *)skb_put(skb, 24); 761 memset(mgmt, 0, 24); 762 memcpy(mgmt->da, peer, ETH_ALEN); 763 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 764 memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN); 765 766 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 767 IEEE80211_STYPE_ACTION); 768 769 switch (action_code) { 770 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES: 771 skb_put(skb, 1 + sizeof(mgmt->u.action.u.tdls_discover_resp)); 772 mgmt->u.action.category = WLAN_CATEGORY_PUBLIC; 773 mgmt->u.action.u.tdls_discover_resp.action_code = 774 WLAN_PUB_ACTION_TDLS_DISCOVER_RES; 775 mgmt->u.action.u.tdls_discover_resp.dialog_token = 776 dialog_token; 777 mgmt->u.action.u.tdls_discover_resp.capability = 778 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata, 779 status_code)); 780 break; 781 default: 782 return -EINVAL; 783 } 784 785 return 0; 786 } 787 788 static struct sk_buff * 789 ieee80211_tdls_build_mgmt_packet_data(struct ieee80211_sub_if_data *sdata, 790 const u8 *peer, u8 action_code, 791 u8 dialog_token, u16 status_code, 792 bool initiator, const u8 *extra_ies, 793 size_t extra_ies_len, u8 oper_class, 794 struct cfg80211_chan_def *chandef) 795 { 796 struct ieee80211_local *local = sdata->local; 797 struct sk_buff *skb; 798 int ret; 799 800 skb = netdev_alloc_skb(sdata->dev, 801 local->hw.extra_tx_headroom + 802 max(sizeof(struct ieee80211_mgmt), 803 sizeof(struct ieee80211_tdls_data)) + 804 50 + /* supported rates */ 805 7 + /* ext capab */ 806 26 + /* max(WMM-info, WMM-param) */ 807 2 + max(sizeof(struct ieee80211_ht_cap), 808 sizeof(struct ieee80211_ht_operation)) + 809 2 + max(sizeof(struct ieee80211_vht_cap), 810 sizeof(struct ieee80211_vht_operation)) + 811 50 + /* supported channels */ 812 3 + /* 40/20 BSS coex */ 813 4 + /* AID */ 814 4 + /* oper classes */ 815 extra_ies_len + 816 sizeof(struct ieee80211_tdls_lnkie)); 817 if (!skb) 818 return NULL; 819 820 skb_reserve(skb, local->hw.extra_tx_headroom); 821 822 switch (action_code) { 823 case WLAN_TDLS_SETUP_REQUEST: 824 case WLAN_TDLS_SETUP_RESPONSE: 825 case WLAN_TDLS_SETUP_CONFIRM: 826 case WLAN_TDLS_TEARDOWN: 827 case WLAN_TDLS_DISCOVERY_REQUEST: 828 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST: 829 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE: 830 ret = ieee80211_prep_tdls_encap_data(local->hw.wiphy, 831 sdata->dev, peer, 832 action_code, dialog_token, 833 status_code, skb); 834 break; 835 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES: 836 ret = ieee80211_prep_tdls_direct(local->hw.wiphy, sdata->dev, 837 peer, action_code, 838 dialog_token, status_code, 839 skb); 840 break; 841 default: 842 ret = -ENOTSUPP; 843 break; 844 } 845 846 if (ret < 0) 847 goto fail; 848 849 ieee80211_tdls_add_ies(sdata, skb, peer, action_code, status_code, 850 initiator, extra_ies, extra_ies_len, oper_class, 851 chandef); 852 return skb; 853 854 fail: 855 dev_kfree_skb(skb); 856 return NULL; 857 } 858 859 static int 860 ieee80211_tdls_prep_mgmt_packet(struct wiphy *wiphy, struct net_device *dev, 861 const u8 *peer, u8 action_code, u8 dialog_token, 862 u16 status_code, u32 peer_capability, 863 bool initiator, const u8 *extra_ies, 864 size_t extra_ies_len, u8 oper_class, 865 struct cfg80211_chan_def *chandef) 866 { 867 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 868 struct sk_buff *skb = NULL; 869 struct sta_info *sta; 870 u32 flags = 0; 871 int ret = 0; 872 873 rcu_read_lock(); 874 sta = sta_info_get(sdata, peer); 875 876 /* infer the initiator if we can, to support old userspace */ 877 switch (action_code) { 878 case WLAN_TDLS_SETUP_REQUEST: 879 if (sta) { 880 set_sta_flag(sta, WLAN_STA_TDLS_INITIATOR); 881 sta->sta.tdls_initiator = false; 882 } 883 /* fall-through */ 884 case WLAN_TDLS_SETUP_CONFIRM: 885 case WLAN_TDLS_DISCOVERY_REQUEST: 886 initiator = true; 887 break; 888 case WLAN_TDLS_SETUP_RESPONSE: 889 /* 890 * In some testing scenarios, we send a request and response. 891 * Make the last packet sent take effect for the initiator 892 * value. 893 */ 894 if (sta) { 895 clear_sta_flag(sta, WLAN_STA_TDLS_INITIATOR); 896 sta->sta.tdls_initiator = true; 897 } 898 /* fall-through */ 899 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES: 900 initiator = false; 901 break; 902 case WLAN_TDLS_TEARDOWN: 903 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST: 904 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE: 905 /* any value is ok */ 906 break; 907 default: 908 ret = -ENOTSUPP; 909 break; 910 } 911 912 if (sta && test_sta_flag(sta, WLAN_STA_TDLS_INITIATOR)) 913 initiator = true; 914 915 rcu_read_unlock(); 916 if (ret < 0) 917 goto fail; 918 919 skb = ieee80211_tdls_build_mgmt_packet_data(sdata, peer, action_code, 920 dialog_token, status_code, 921 initiator, extra_ies, 922 extra_ies_len, oper_class, 923 chandef); 924 if (!skb) { 925 ret = -EINVAL; 926 goto fail; 927 } 928 929 if (action_code == WLAN_PUB_ACTION_TDLS_DISCOVER_RES) { 930 ieee80211_tx_skb(sdata, skb); 931 return 0; 932 } 933 934 /* 935 * According to 802.11z: Setup req/resp are sent in AC_BK, otherwise 936 * we should default to AC_VI. 937 */ 938 switch (action_code) { 939 case WLAN_TDLS_SETUP_REQUEST: 940 case WLAN_TDLS_SETUP_RESPONSE: 941 skb_set_queue_mapping(skb, IEEE80211_AC_BK); 942 skb->priority = 2; 943 break; 944 default: 945 skb_set_queue_mapping(skb, IEEE80211_AC_VI); 946 skb->priority = 5; 947 break; 948 } 949 950 /* 951 * Set the WLAN_TDLS_TEARDOWN flag to indicate a teardown in progress. 952 * Later, if no ACK is returned from peer, we will re-send the teardown 953 * packet through the AP. 954 */ 955 if ((action_code == WLAN_TDLS_TEARDOWN) && 956 (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) { 957 bool try_resend; /* Should we keep skb for possible resend */ 958 959 /* If not sending directly to peer - no point in keeping skb */ 960 rcu_read_lock(); 961 sta = sta_info_get(sdata, peer); 962 try_resend = sta && test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH); 963 rcu_read_unlock(); 964 965 spin_lock_bh(&sdata->u.mgd.teardown_lock); 966 if (try_resend && !sdata->u.mgd.teardown_skb) { 967 /* Mark it as requiring TX status callback */ 968 flags |= IEEE80211_TX_CTL_REQ_TX_STATUS | 969 IEEE80211_TX_INTFL_MLME_CONN_TX; 970 971 /* 972 * skb is copied since mac80211 will later set 973 * properties that might not be the same as the AP, 974 * such as encryption, QoS, addresses, etc. 975 * 976 * No problem if skb_copy() fails, so no need to check. 977 */ 978 sdata->u.mgd.teardown_skb = skb_copy(skb, GFP_ATOMIC); 979 sdata->u.mgd.orig_teardown_skb = skb; 980 } 981 spin_unlock_bh(&sdata->u.mgd.teardown_lock); 982 } 983 984 /* disable bottom halves when entering the Tx path */ 985 local_bh_disable(); 986 __ieee80211_subif_start_xmit(skb, dev, flags); 987 local_bh_enable(); 988 989 return ret; 990 991 fail: 992 dev_kfree_skb(skb); 993 return ret; 994 } 995 996 static int 997 ieee80211_tdls_mgmt_setup(struct wiphy *wiphy, struct net_device *dev, 998 const u8 *peer, u8 action_code, u8 dialog_token, 999 u16 status_code, u32 peer_capability, bool initiator, 1000 const u8 *extra_ies, size_t extra_ies_len) 1001 { 1002 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1003 struct ieee80211_local *local = sdata->local; 1004 int ret; 1005 1006 mutex_lock(&local->mtx); 1007 1008 /* we don't support concurrent TDLS peer setups */ 1009 if (!is_zero_ether_addr(sdata->u.mgd.tdls_peer) && 1010 !ether_addr_equal(sdata->u.mgd.tdls_peer, peer)) { 1011 ret = -EBUSY; 1012 goto out_unlock; 1013 } 1014 1015 /* 1016 * make sure we have a STA representing the peer so we drop or buffer 1017 * non-TDLS-setup frames to the peer. We can't send other packets 1018 * during setup through the AP path. 1019 * Allow error packets to be sent - sometimes we don't even add a STA 1020 * before failing the setup. 1021 */ 1022 if (status_code == 0) { 1023 rcu_read_lock(); 1024 if (!sta_info_get(sdata, peer)) { 1025 rcu_read_unlock(); 1026 ret = -ENOLINK; 1027 goto out_unlock; 1028 } 1029 rcu_read_unlock(); 1030 } 1031 1032 ieee80211_flush_queues(local, sdata, false); 1033 memcpy(sdata->u.mgd.tdls_peer, peer, ETH_ALEN); 1034 mutex_unlock(&local->mtx); 1035 1036 /* we cannot take the mutex while preparing the setup packet */ 1037 ret = ieee80211_tdls_prep_mgmt_packet(wiphy, dev, peer, action_code, 1038 dialog_token, status_code, 1039 peer_capability, initiator, 1040 extra_ies, extra_ies_len, 0, 1041 NULL); 1042 if (ret < 0) { 1043 mutex_lock(&local->mtx); 1044 eth_zero_addr(sdata->u.mgd.tdls_peer); 1045 mutex_unlock(&local->mtx); 1046 return ret; 1047 } 1048 1049 ieee80211_queue_delayed_work(&sdata->local->hw, 1050 &sdata->u.mgd.tdls_peer_del_work, 1051 TDLS_PEER_SETUP_TIMEOUT); 1052 return 0; 1053 1054 out_unlock: 1055 mutex_unlock(&local->mtx); 1056 return ret; 1057 } 1058 1059 static int 1060 ieee80211_tdls_mgmt_teardown(struct wiphy *wiphy, struct net_device *dev, 1061 const u8 *peer, u8 action_code, u8 dialog_token, 1062 u16 status_code, u32 peer_capability, 1063 bool initiator, const u8 *extra_ies, 1064 size_t extra_ies_len) 1065 { 1066 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1067 struct ieee80211_local *local = sdata->local; 1068 struct sta_info *sta; 1069 int ret; 1070 1071 /* 1072 * No packets can be transmitted to the peer via the AP during setup - 1073 * the STA is set as a TDLS peer, but is not authorized. 1074 * During teardown, we prevent direct transmissions by stopping the 1075 * queues and flushing all direct packets. 1076 */ 1077 ieee80211_stop_vif_queues(local, sdata, 1078 IEEE80211_QUEUE_STOP_REASON_TDLS_TEARDOWN); 1079 ieee80211_flush_queues(local, sdata, false); 1080 1081 ret = ieee80211_tdls_prep_mgmt_packet(wiphy, dev, peer, action_code, 1082 dialog_token, status_code, 1083 peer_capability, initiator, 1084 extra_ies, extra_ies_len, 0, 1085 NULL); 1086 if (ret < 0) 1087 sdata_err(sdata, "Failed sending TDLS teardown packet %d\n", 1088 ret); 1089 1090 /* 1091 * Remove the STA AUTH flag to force further traffic through the AP. If 1092 * the STA was unreachable, it was already removed. 1093 */ 1094 rcu_read_lock(); 1095 sta = sta_info_get(sdata, peer); 1096 if (sta) 1097 clear_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH); 1098 rcu_read_unlock(); 1099 1100 ieee80211_wake_vif_queues(local, sdata, 1101 IEEE80211_QUEUE_STOP_REASON_TDLS_TEARDOWN); 1102 1103 return 0; 1104 } 1105 1106 int ieee80211_tdls_mgmt(struct wiphy *wiphy, struct net_device *dev, 1107 const u8 *peer, u8 action_code, u8 dialog_token, 1108 u16 status_code, u32 peer_capability, 1109 bool initiator, const u8 *extra_ies, 1110 size_t extra_ies_len) 1111 { 1112 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1113 int ret; 1114 1115 if (!(wiphy->flags & WIPHY_FLAG_SUPPORTS_TDLS)) 1116 return -ENOTSUPP; 1117 1118 /* make sure we are in managed mode, and associated */ 1119 if (sdata->vif.type != NL80211_IFTYPE_STATION || 1120 !sdata->u.mgd.associated) 1121 return -EINVAL; 1122 1123 switch (action_code) { 1124 case WLAN_TDLS_SETUP_REQUEST: 1125 case WLAN_TDLS_SETUP_RESPONSE: 1126 ret = ieee80211_tdls_mgmt_setup(wiphy, dev, peer, action_code, 1127 dialog_token, status_code, 1128 peer_capability, initiator, 1129 extra_ies, extra_ies_len); 1130 break; 1131 case WLAN_TDLS_TEARDOWN: 1132 ret = ieee80211_tdls_mgmt_teardown(wiphy, dev, peer, 1133 action_code, dialog_token, 1134 status_code, 1135 peer_capability, initiator, 1136 extra_ies, extra_ies_len); 1137 break; 1138 case WLAN_TDLS_DISCOVERY_REQUEST: 1139 /* 1140 * Protect the discovery so we can hear the TDLS discovery 1141 * response frame. It is transmitted directly and not buffered 1142 * by the AP. 1143 */ 1144 drv_mgd_protect_tdls_discover(sdata->local, sdata); 1145 /* fall-through */ 1146 case WLAN_TDLS_SETUP_CONFIRM: 1147 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES: 1148 /* no special handling */ 1149 ret = ieee80211_tdls_prep_mgmt_packet(wiphy, dev, peer, 1150 action_code, 1151 dialog_token, 1152 status_code, 1153 peer_capability, 1154 initiator, extra_ies, 1155 extra_ies_len, 0, NULL); 1156 break; 1157 default: 1158 ret = -EOPNOTSUPP; 1159 break; 1160 } 1161 1162 tdls_dbg(sdata, "TDLS mgmt action %d peer %pM status %d\n", 1163 action_code, peer, ret); 1164 return ret; 1165 } 1166 1167 int ieee80211_tdls_oper(struct wiphy *wiphy, struct net_device *dev, 1168 const u8 *peer, enum nl80211_tdls_operation oper) 1169 { 1170 struct sta_info *sta; 1171 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1172 struct ieee80211_local *local = sdata->local; 1173 int ret; 1174 1175 if (!(wiphy->flags & WIPHY_FLAG_SUPPORTS_TDLS)) 1176 return -ENOTSUPP; 1177 1178 if (sdata->vif.type != NL80211_IFTYPE_STATION) 1179 return -EINVAL; 1180 1181 switch (oper) { 1182 case NL80211_TDLS_ENABLE_LINK: 1183 case NL80211_TDLS_DISABLE_LINK: 1184 break; 1185 case NL80211_TDLS_TEARDOWN: 1186 case NL80211_TDLS_SETUP: 1187 case NL80211_TDLS_DISCOVERY_REQ: 1188 /* We don't support in-driver setup/teardown/discovery */ 1189 return -ENOTSUPP; 1190 } 1191 1192 mutex_lock(&local->mtx); 1193 tdls_dbg(sdata, "TDLS oper %d peer %pM\n", oper, peer); 1194 1195 switch (oper) { 1196 case NL80211_TDLS_ENABLE_LINK: 1197 rcu_read_lock(); 1198 sta = sta_info_get(sdata, peer); 1199 if (!sta) { 1200 rcu_read_unlock(); 1201 ret = -ENOLINK; 1202 break; 1203 } 1204 1205 set_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH); 1206 rcu_read_unlock(); 1207 1208 WARN_ON_ONCE(is_zero_ether_addr(sdata->u.mgd.tdls_peer) || 1209 !ether_addr_equal(sdata->u.mgd.tdls_peer, peer)); 1210 ret = 0; 1211 break; 1212 case NL80211_TDLS_DISABLE_LINK: 1213 /* 1214 * The teardown message in ieee80211_tdls_mgmt_teardown() was 1215 * created while the queues were stopped, so it might still be 1216 * pending. Before flushing the queues we need to be sure the 1217 * message is handled by the tasklet handling pending messages, 1218 * otherwise we might start destroying the station before 1219 * sending the teardown packet. 1220 * Note that this only forces the tasklet to flush pendings - 1221 * not to stop the tasklet from rescheduling itself. 1222 */ 1223 tasklet_kill(&local->tx_pending_tasklet); 1224 /* flush a potentially queued teardown packet */ 1225 ieee80211_flush_queues(local, sdata, false); 1226 1227 ret = sta_info_destroy_addr(sdata, peer); 1228 break; 1229 default: 1230 ret = -ENOTSUPP; 1231 break; 1232 } 1233 1234 if (ret == 0 && ether_addr_equal(sdata->u.mgd.tdls_peer, peer)) { 1235 cancel_delayed_work(&sdata->u.mgd.tdls_peer_del_work); 1236 eth_zero_addr(sdata->u.mgd.tdls_peer); 1237 } 1238 1239 mutex_unlock(&local->mtx); 1240 return ret; 1241 } 1242 1243 void ieee80211_tdls_oper_request(struct ieee80211_vif *vif, const u8 *peer, 1244 enum nl80211_tdls_operation oper, 1245 u16 reason_code, gfp_t gfp) 1246 { 1247 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 1248 1249 if (vif->type != NL80211_IFTYPE_STATION || !vif->bss_conf.assoc) { 1250 sdata_err(sdata, "Discarding TDLS oper %d - not STA or disconnected\n", 1251 oper); 1252 return; 1253 } 1254 1255 cfg80211_tdls_oper_request(sdata->dev, peer, oper, reason_code, gfp); 1256 } 1257 EXPORT_SYMBOL(ieee80211_tdls_oper_request); 1258 1259 static void 1260 iee80211_tdls_add_ch_switch_timing(u8 *buf, u16 switch_time, u16 switch_timeout) 1261 { 1262 struct ieee80211_ch_switch_timing *ch_sw; 1263 1264 *buf++ = WLAN_EID_CHAN_SWITCH_TIMING; 1265 *buf++ = sizeof(struct ieee80211_ch_switch_timing); 1266 1267 ch_sw = (void *)buf; 1268 ch_sw->switch_time = cpu_to_le16(switch_time); 1269 ch_sw->switch_timeout = cpu_to_le16(switch_timeout); 1270 } 1271 1272 /* find switch timing IE in SKB ready for Tx */ 1273 static const u8 *ieee80211_tdls_find_sw_timing_ie(struct sk_buff *skb) 1274 { 1275 struct ieee80211_tdls_data *tf; 1276 const u8 *ie_start; 1277 1278 /* 1279 * Get the offset for the new location of the switch timing IE. 1280 * The SKB network header will now point to the "payload_type" 1281 * element of the TDLS data frame struct. 1282 */ 1283 tf = container_of(skb->data + skb_network_offset(skb), 1284 struct ieee80211_tdls_data, payload_type); 1285 ie_start = tf->u.chan_switch_req.variable; 1286 return cfg80211_find_ie(WLAN_EID_CHAN_SWITCH_TIMING, ie_start, 1287 skb->len - (ie_start - skb->data)); 1288 } 1289 1290 static struct sk_buff * 1291 ieee80211_tdls_ch_sw_tmpl_get(struct sta_info *sta, u8 oper_class, 1292 struct cfg80211_chan_def *chandef, 1293 u32 *ch_sw_tm_ie_offset) 1294 { 1295 struct ieee80211_sub_if_data *sdata = sta->sdata; 1296 u8 extra_ies[2 + sizeof(struct ieee80211_sec_chan_offs_ie) + 1297 2 + sizeof(struct ieee80211_ch_switch_timing)]; 1298 int extra_ies_len = 2 + sizeof(struct ieee80211_ch_switch_timing); 1299 u8 *pos = extra_ies; 1300 struct sk_buff *skb; 1301 1302 /* 1303 * if chandef points to a wide channel add a Secondary-Channel 1304 * Offset information element 1305 */ 1306 if (chandef->width == NL80211_CHAN_WIDTH_40) { 1307 struct ieee80211_sec_chan_offs_ie *sec_chan_ie; 1308 bool ht40plus; 1309 1310 *pos++ = WLAN_EID_SECONDARY_CHANNEL_OFFSET; 1311 *pos++ = sizeof(*sec_chan_ie); 1312 sec_chan_ie = (void *)pos; 1313 1314 ht40plus = cfg80211_get_chandef_type(chandef) == 1315 NL80211_CHAN_HT40PLUS; 1316 sec_chan_ie->sec_chan_offs = ht40plus ? 1317 IEEE80211_HT_PARAM_CHA_SEC_ABOVE : 1318 IEEE80211_HT_PARAM_CHA_SEC_BELOW; 1319 pos += sizeof(*sec_chan_ie); 1320 1321 extra_ies_len += 2 + sizeof(struct ieee80211_sec_chan_offs_ie); 1322 } 1323 1324 /* just set the values to 0, this is a template */ 1325 iee80211_tdls_add_ch_switch_timing(pos, 0, 0); 1326 1327 skb = ieee80211_tdls_build_mgmt_packet_data(sdata, sta->sta.addr, 1328 WLAN_TDLS_CHANNEL_SWITCH_REQUEST, 1329 0, 0, !sta->sta.tdls_initiator, 1330 extra_ies, extra_ies_len, 1331 oper_class, chandef); 1332 if (!skb) 1333 return NULL; 1334 1335 skb = ieee80211_build_data_template(sdata, skb, 0); 1336 if (IS_ERR(skb)) { 1337 tdls_dbg(sdata, "Failed building TDLS channel switch frame\n"); 1338 return NULL; 1339 } 1340 1341 if (ch_sw_tm_ie_offset) { 1342 const u8 *tm_ie = ieee80211_tdls_find_sw_timing_ie(skb); 1343 1344 if (!tm_ie) { 1345 tdls_dbg(sdata, "No switch timing IE in TDLS switch\n"); 1346 dev_kfree_skb_any(skb); 1347 return NULL; 1348 } 1349 1350 *ch_sw_tm_ie_offset = tm_ie - skb->data; 1351 } 1352 1353 tdls_dbg(sdata, 1354 "TDLS channel switch request template for %pM ch %d width %d\n", 1355 sta->sta.addr, chandef->chan->center_freq, chandef->width); 1356 return skb; 1357 } 1358 1359 int 1360 ieee80211_tdls_channel_switch(struct wiphy *wiphy, struct net_device *dev, 1361 const u8 *addr, u8 oper_class, 1362 struct cfg80211_chan_def *chandef) 1363 { 1364 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1365 struct ieee80211_local *local = sdata->local; 1366 struct sta_info *sta; 1367 struct sk_buff *skb = NULL; 1368 u32 ch_sw_tm_ie; 1369 int ret; 1370 1371 mutex_lock(&local->sta_mtx); 1372 sta = sta_info_get(sdata, addr); 1373 if (!sta) { 1374 tdls_dbg(sdata, 1375 "Invalid TDLS peer %pM for channel switch request\n", 1376 addr); 1377 ret = -ENOENT; 1378 goto out; 1379 } 1380 1381 if (!test_sta_flag(sta, WLAN_STA_TDLS_CHAN_SWITCH)) { 1382 tdls_dbg(sdata, "TDLS channel switch unsupported by %pM\n", 1383 addr); 1384 ret = -ENOTSUPP; 1385 goto out; 1386 } 1387 1388 skb = ieee80211_tdls_ch_sw_tmpl_get(sta, oper_class, chandef, 1389 &ch_sw_tm_ie); 1390 if (!skb) { 1391 ret = -ENOENT; 1392 goto out; 1393 } 1394 1395 ret = drv_tdls_channel_switch(local, sdata, &sta->sta, oper_class, 1396 chandef, skb, ch_sw_tm_ie); 1397 if (!ret) 1398 set_sta_flag(sta, WLAN_STA_TDLS_OFF_CHANNEL); 1399 1400 out: 1401 mutex_unlock(&local->sta_mtx); 1402 dev_kfree_skb_any(skb); 1403 return ret; 1404 } 1405 1406 void 1407 ieee80211_tdls_cancel_channel_switch(struct wiphy *wiphy, 1408 struct net_device *dev, 1409 const u8 *addr) 1410 { 1411 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1412 struct ieee80211_local *local = sdata->local; 1413 struct sta_info *sta; 1414 1415 mutex_lock(&local->sta_mtx); 1416 sta = sta_info_get(sdata, addr); 1417 if (!sta) { 1418 tdls_dbg(sdata, 1419 "Invalid TDLS peer %pM for channel switch cancel\n", 1420 addr); 1421 goto out; 1422 } 1423 1424 if (!test_sta_flag(sta, WLAN_STA_TDLS_OFF_CHANNEL)) { 1425 tdls_dbg(sdata, "TDLS channel switch not initiated by %pM\n", 1426 addr); 1427 goto out; 1428 } 1429 1430 drv_tdls_cancel_channel_switch(local, sdata, &sta->sta); 1431 clear_sta_flag(sta, WLAN_STA_TDLS_OFF_CHANNEL); 1432 1433 out: 1434 mutex_unlock(&local->sta_mtx); 1435 } 1436 1437 static struct sk_buff * 1438 ieee80211_tdls_ch_sw_resp_tmpl_get(struct sta_info *sta, 1439 u32 *ch_sw_tm_ie_offset) 1440 { 1441 struct ieee80211_sub_if_data *sdata = sta->sdata; 1442 struct sk_buff *skb; 1443 u8 extra_ies[2 + sizeof(struct ieee80211_ch_switch_timing)]; 1444 1445 /* initial timing are always zero in the template */ 1446 iee80211_tdls_add_ch_switch_timing(extra_ies, 0, 0); 1447 1448 skb = ieee80211_tdls_build_mgmt_packet_data(sdata, sta->sta.addr, 1449 WLAN_TDLS_CHANNEL_SWITCH_RESPONSE, 1450 0, 0, !sta->sta.tdls_initiator, 1451 extra_ies, sizeof(extra_ies), 0, NULL); 1452 if (!skb) 1453 return NULL; 1454 1455 skb = ieee80211_build_data_template(sdata, skb, 0); 1456 if (IS_ERR(skb)) { 1457 tdls_dbg(sdata, 1458 "Failed building TDLS channel switch resp frame\n"); 1459 return NULL; 1460 } 1461 1462 if (ch_sw_tm_ie_offset) { 1463 const u8 *tm_ie = ieee80211_tdls_find_sw_timing_ie(skb); 1464 1465 if (!tm_ie) { 1466 tdls_dbg(sdata, 1467 "No switch timing IE in TDLS switch resp\n"); 1468 dev_kfree_skb_any(skb); 1469 return NULL; 1470 } 1471 1472 *ch_sw_tm_ie_offset = tm_ie - skb->data; 1473 } 1474 1475 tdls_dbg(sdata, "TDLS get channel switch response template for %pM\n", 1476 sta->sta.addr); 1477 return skb; 1478 } 1479 1480 static int 1481 ieee80211_process_tdls_channel_switch_resp(struct ieee80211_sub_if_data *sdata, 1482 struct sk_buff *skb) 1483 { 1484 struct ieee80211_local *local = sdata->local; 1485 struct ieee802_11_elems elems; 1486 struct sta_info *sta; 1487 struct ieee80211_tdls_data *tf = (void *)skb->data; 1488 bool local_initiator; 1489 struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb); 1490 int baselen = offsetof(typeof(*tf), u.chan_switch_resp.variable); 1491 struct ieee80211_tdls_ch_sw_params params = {}; 1492 int ret; 1493 1494 params.action_code = WLAN_TDLS_CHANNEL_SWITCH_RESPONSE; 1495 params.timestamp = rx_status->device_timestamp; 1496 1497 if (skb->len < baselen) { 1498 tdls_dbg(sdata, "TDLS channel switch resp too short: %d\n", 1499 skb->len); 1500 return -EINVAL; 1501 } 1502 1503 mutex_lock(&local->sta_mtx); 1504 sta = sta_info_get(sdata, tf->sa); 1505 if (!sta || !test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH)) { 1506 tdls_dbg(sdata, "TDLS chan switch from non-peer sta %pM\n", 1507 tf->sa); 1508 ret = -EINVAL; 1509 goto out; 1510 } 1511 1512 params.sta = &sta->sta; 1513 params.status = le16_to_cpu(tf->u.chan_switch_resp.status_code); 1514 if (params.status != 0) { 1515 ret = 0; 1516 goto call_drv; 1517 } 1518 1519 ieee802_11_parse_elems(tf->u.chan_switch_resp.variable, 1520 skb->len - baselen, false, &elems); 1521 if (elems.parse_error) { 1522 tdls_dbg(sdata, "Invalid IEs in TDLS channel switch resp\n"); 1523 ret = -EINVAL; 1524 goto out; 1525 } 1526 1527 if (!elems.ch_sw_timing || !elems.lnk_id) { 1528 tdls_dbg(sdata, "TDLS channel switch resp - missing IEs\n"); 1529 ret = -EINVAL; 1530 goto out; 1531 } 1532 1533 /* validate the initiator is set correctly */ 1534 local_initiator = 1535 !memcmp(elems.lnk_id->init_sta, sdata->vif.addr, ETH_ALEN); 1536 if (local_initiator == sta->sta.tdls_initiator) { 1537 tdls_dbg(sdata, "TDLS chan switch invalid lnk-id initiator\n"); 1538 ret = -EINVAL; 1539 goto out; 1540 } 1541 1542 params.switch_time = le16_to_cpu(elems.ch_sw_timing->switch_time); 1543 params.switch_timeout = le16_to_cpu(elems.ch_sw_timing->switch_timeout); 1544 1545 params.tmpl_skb = 1546 ieee80211_tdls_ch_sw_resp_tmpl_get(sta, ¶ms.ch_sw_tm_ie); 1547 if (!params.tmpl_skb) { 1548 ret = -ENOENT; 1549 goto out; 1550 } 1551 1552 call_drv: 1553 drv_tdls_recv_channel_switch(sdata->local, sdata, ¶ms); 1554 1555 tdls_dbg(sdata, 1556 "TDLS channel switch response received from %pM status %d\n", 1557 tf->sa, params.status); 1558 1559 out: 1560 mutex_unlock(&local->sta_mtx); 1561 dev_kfree_skb_any(params.tmpl_skb); 1562 return ret; 1563 } 1564 1565 static int 1566 ieee80211_process_tdls_channel_switch_req(struct ieee80211_sub_if_data *sdata, 1567 struct sk_buff *skb) 1568 { 1569 struct ieee80211_local *local = sdata->local; 1570 struct ieee802_11_elems elems; 1571 struct cfg80211_chan_def chandef; 1572 struct ieee80211_channel *chan; 1573 enum nl80211_channel_type chan_type; 1574 int freq; 1575 u8 target_channel, oper_class; 1576 bool local_initiator; 1577 struct sta_info *sta; 1578 enum ieee80211_band band; 1579 struct ieee80211_tdls_data *tf = (void *)skb->data; 1580 struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb); 1581 int baselen = offsetof(typeof(*tf), u.chan_switch_req.variable); 1582 struct ieee80211_tdls_ch_sw_params params = {}; 1583 int ret = 0; 1584 1585 params.action_code = WLAN_TDLS_CHANNEL_SWITCH_REQUEST; 1586 params.timestamp = rx_status->device_timestamp; 1587 1588 if (skb->len < baselen) { 1589 tdls_dbg(sdata, "TDLS channel switch req too short: %d\n", 1590 skb->len); 1591 return -EINVAL; 1592 } 1593 1594 target_channel = tf->u.chan_switch_req.target_channel; 1595 oper_class = tf->u.chan_switch_req.oper_class; 1596 1597 /* 1598 * We can't easily infer the channel band. The operating class is 1599 * ambiguous - there are multiple tables (US/Europe/JP/Global). The 1600 * solution here is to treat channels with number >14 as 5GHz ones, 1601 * and specifically check for the (oper_class, channel) combinations 1602 * where this doesn't hold. These are thankfully unique according to 1603 * IEEE802.11-2012. 1604 * We consider only the 2GHz and 5GHz bands and 20MHz+ channels as 1605 * valid here. 1606 */ 1607 if ((oper_class == 112 || oper_class == 2 || oper_class == 3 || 1608 oper_class == 4 || oper_class == 5 || oper_class == 6) && 1609 target_channel < 14) 1610 band = IEEE80211_BAND_5GHZ; 1611 else 1612 band = target_channel < 14 ? IEEE80211_BAND_2GHZ : 1613 IEEE80211_BAND_5GHZ; 1614 1615 freq = ieee80211_channel_to_frequency(target_channel, band); 1616 if (freq == 0) { 1617 tdls_dbg(sdata, "Invalid channel in TDLS chan switch: %d\n", 1618 target_channel); 1619 return -EINVAL; 1620 } 1621 1622 chan = ieee80211_get_channel(sdata->local->hw.wiphy, freq); 1623 if (!chan) { 1624 tdls_dbg(sdata, 1625 "Unsupported channel for TDLS chan switch: %d\n", 1626 target_channel); 1627 return -EINVAL; 1628 } 1629 1630 ieee802_11_parse_elems(tf->u.chan_switch_req.variable, 1631 skb->len - baselen, false, &elems); 1632 if (elems.parse_error) { 1633 tdls_dbg(sdata, "Invalid IEs in TDLS channel switch req\n"); 1634 return -EINVAL; 1635 } 1636 1637 if (!elems.ch_sw_timing || !elems.lnk_id) { 1638 tdls_dbg(sdata, "TDLS channel switch req - missing IEs\n"); 1639 return -EINVAL; 1640 } 1641 1642 mutex_lock(&local->sta_mtx); 1643 sta = sta_info_get(sdata, tf->sa); 1644 if (!sta || !test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH)) { 1645 tdls_dbg(sdata, "TDLS chan switch from non-peer sta %pM\n", 1646 tf->sa); 1647 ret = -EINVAL; 1648 goto out; 1649 } 1650 1651 params.sta = &sta->sta; 1652 1653 /* validate the initiator is set correctly */ 1654 local_initiator = 1655 !memcmp(elems.lnk_id->init_sta, sdata->vif.addr, ETH_ALEN); 1656 if (local_initiator == sta->sta.tdls_initiator) { 1657 tdls_dbg(sdata, "TDLS chan switch invalid lnk-id initiator\n"); 1658 ret = -EINVAL; 1659 goto out; 1660 } 1661 1662 if (!sta->sta.ht_cap.ht_supported) { 1663 chan_type = NL80211_CHAN_NO_HT; 1664 } else if (!elems.sec_chan_offs) { 1665 chan_type = NL80211_CHAN_HT20; 1666 } else { 1667 switch (elems.sec_chan_offs->sec_chan_offs) { 1668 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 1669 chan_type = NL80211_CHAN_HT40PLUS; 1670 break; 1671 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 1672 chan_type = NL80211_CHAN_HT40MINUS; 1673 break; 1674 default: 1675 chan_type = NL80211_CHAN_HT20; 1676 break; 1677 } 1678 } 1679 1680 cfg80211_chandef_create(&chandef, chan, chan_type); 1681 params.chandef = &chandef; 1682 1683 params.switch_time = le16_to_cpu(elems.ch_sw_timing->switch_time); 1684 params.switch_timeout = le16_to_cpu(elems.ch_sw_timing->switch_timeout); 1685 1686 params.tmpl_skb = 1687 ieee80211_tdls_ch_sw_resp_tmpl_get(sta, 1688 ¶ms.ch_sw_tm_ie); 1689 if (!params.tmpl_skb) { 1690 ret = -ENOENT; 1691 goto out; 1692 } 1693 1694 drv_tdls_recv_channel_switch(sdata->local, sdata, ¶ms); 1695 1696 tdls_dbg(sdata, 1697 "TDLS ch switch request received from %pM ch %d width %d\n", 1698 tf->sa, params.chandef->chan->center_freq, 1699 params.chandef->width); 1700 out: 1701 mutex_unlock(&local->sta_mtx); 1702 dev_kfree_skb_any(params.tmpl_skb); 1703 return ret; 1704 } 1705 1706 void ieee80211_process_tdls_channel_switch(struct ieee80211_sub_if_data *sdata, 1707 struct sk_buff *skb) 1708 { 1709 struct ieee80211_tdls_data *tf = (void *)skb->data; 1710 struct wiphy *wiphy = sdata->local->hw.wiphy; 1711 1712 /* make sure the driver supports it */ 1713 if (!(wiphy->features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH)) 1714 return; 1715 1716 /* we want to access the entire packet */ 1717 if (skb_linearize(skb)) 1718 return; 1719 /* 1720 * The packet/size was already validated by mac80211 Rx path, only look 1721 * at the action type. 1722 */ 1723 switch (tf->action_code) { 1724 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST: 1725 ieee80211_process_tdls_channel_switch_req(sdata, skb); 1726 break; 1727 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE: 1728 ieee80211_process_tdls_channel_switch_resp(sdata, skb); 1729 break; 1730 default: 1731 WARN_ON_ONCE(1); 1732 return; 1733 } 1734 } 1735