1 /* 2 * mac80211 TDLS handling code 3 * 4 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net> 5 * Copyright 2014, Intel Corporation 6 * Copyright 2014 Intel Mobile Communications GmbH 7 * 8 * This file is GPLv2 as found in COPYING. 9 */ 10 11 #include <linux/ieee80211.h> 12 #include <linux/log2.h> 13 #include <net/cfg80211.h> 14 #include "ieee80211_i.h" 15 #include "driver-ops.h" 16 17 /* give usermode some time for retries in setting up the TDLS session */ 18 #define TDLS_PEER_SETUP_TIMEOUT (15 * HZ) 19 20 void ieee80211_tdls_peer_del_work(struct work_struct *wk) 21 { 22 struct ieee80211_sub_if_data *sdata; 23 struct ieee80211_local *local; 24 25 sdata = container_of(wk, struct ieee80211_sub_if_data, 26 u.mgd.tdls_peer_del_work.work); 27 local = sdata->local; 28 29 mutex_lock(&local->mtx); 30 if (!is_zero_ether_addr(sdata->u.mgd.tdls_peer)) { 31 tdls_dbg(sdata, "TDLS del peer %pM\n", sdata->u.mgd.tdls_peer); 32 sta_info_destroy_addr(sdata, sdata->u.mgd.tdls_peer); 33 eth_zero_addr(sdata->u.mgd.tdls_peer); 34 } 35 mutex_unlock(&local->mtx); 36 } 37 38 static void ieee80211_tdls_add_ext_capab(struct sk_buff *skb) 39 { 40 u8 *pos = (void *)skb_put(skb, 7); 41 42 *pos++ = WLAN_EID_EXT_CAPABILITY; 43 *pos++ = 5; /* len */ 44 *pos++ = 0x0; 45 *pos++ = 0x0; 46 *pos++ = 0x0; 47 *pos++ = 0x0; 48 *pos++ = WLAN_EXT_CAPA5_TDLS_ENABLED; 49 } 50 51 static u16 ieee80211_get_tdls_sta_capab(struct ieee80211_sub_if_data *sdata, 52 u16 status_code) 53 { 54 struct ieee80211_local *local = sdata->local; 55 u16 capab; 56 57 /* The capability will be 0 when sending a failure code */ 58 if (status_code != 0) 59 return 0; 60 61 capab = 0; 62 if (ieee80211_get_sdata_band(sdata) != IEEE80211_BAND_2GHZ) 63 return capab; 64 65 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE)) 66 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME; 67 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE)) 68 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE; 69 70 return capab; 71 } 72 73 static void ieee80211_tdls_add_link_ie(struct ieee80211_sub_if_data *sdata, 74 struct sk_buff *skb, const u8 *peer, 75 bool initiator) 76 { 77 struct ieee80211_tdls_lnkie *lnkid; 78 const u8 *init_addr, *rsp_addr; 79 80 if (initiator) { 81 init_addr = sdata->vif.addr; 82 rsp_addr = peer; 83 } else { 84 init_addr = peer; 85 rsp_addr = sdata->vif.addr; 86 } 87 88 lnkid = (void *)skb_put(skb, sizeof(struct ieee80211_tdls_lnkie)); 89 90 lnkid->ie_type = WLAN_EID_LINK_ID; 91 lnkid->ie_len = sizeof(struct ieee80211_tdls_lnkie) - 2; 92 93 memcpy(lnkid->bssid, sdata->u.mgd.bssid, ETH_ALEN); 94 memcpy(lnkid->init_sta, init_addr, ETH_ALEN); 95 memcpy(lnkid->resp_sta, rsp_addr, ETH_ALEN); 96 } 97 98 /* translate numbering in the WMM parameter IE to the mac80211 notation */ 99 static enum ieee80211_ac_numbers ieee80211_ac_from_wmm(int ac) 100 { 101 switch (ac) { 102 default: 103 WARN_ON_ONCE(1); 104 case 0: 105 return IEEE80211_AC_BE; 106 case 1: 107 return IEEE80211_AC_BK; 108 case 2: 109 return IEEE80211_AC_VI; 110 case 3: 111 return IEEE80211_AC_VO; 112 } 113 } 114 115 static u8 ieee80211_wmm_aci_aifsn(int aifsn, bool acm, int aci) 116 { 117 u8 ret; 118 119 ret = aifsn & 0x0f; 120 if (acm) 121 ret |= 0x10; 122 ret |= (aci << 5) & 0x60; 123 return ret; 124 } 125 126 static u8 ieee80211_wmm_ecw(u16 cw_min, u16 cw_max) 127 { 128 return ((ilog2(cw_min + 1) << 0x0) & 0x0f) | 129 ((ilog2(cw_max + 1) << 0x4) & 0xf0); 130 } 131 132 static void ieee80211_tdls_add_wmm_param_ie(struct ieee80211_sub_if_data *sdata, 133 struct sk_buff *skb) 134 { 135 struct ieee80211_wmm_param_ie *wmm; 136 struct ieee80211_tx_queue_params *txq; 137 int i; 138 139 wmm = (void *)skb_put(skb, sizeof(*wmm)); 140 memset(wmm, 0, sizeof(*wmm)); 141 142 wmm->element_id = WLAN_EID_VENDOR_SPECIFIC; 143 wmm->len = sizeof(*wmm) - 2; 144 145 wmm->oui[0] = 0x00; /* Microsoft OUI 00:50:F2 */ 146 wmm->oui[1] = 0x50; 147 wmm->oui[2] = 0xf2; 148 wmm->oui_type = 2; /* WME */ 149 wmm->oui_subtype = 1; /* WME param */ 150 wmm->version = 1; /* WME ver */ 151 wmm->qos_info = 0; /* U-APSD not in use */ 152 153 /* 154 * Use the EDCA parameters defined for the BSS, or default if the AP 155 * doesn't support it, as mandated by 802.11-2012 section 10.22.4 156 */ 157 for (i = 0; i < IEEE80211_NUM_ACS; i++) { 158 txq = &sdata->tx_conf[ieee80211_ac_from_wmm(i)]; 159 wmm->ac[i].aci_aifsn = ieee80211_wmm_aci_aifsn(txq->aifs, 160 txq->acm, i); 161 wmm->ac[i].cw = ieee80211_wmm_ecw(txq->cw_min, txq->cw_max); 162 wmm->ac[i].txop_limit = cpu_to_le16(txq->txop); 163 } 164 } 165 166 static void 167 ieee80211_tdls_add_setup_start_ies(struct ieee80211_sub_if_data *sdata, 168 struct sk_buff *skb, const u8 *peer, 169 u8 action_code, bool initiator, 170 const u8 *extra_ies, size_t extra_ies_len) 171 { 172 enum ieee80211_band band = ieee80211_get_sdata_band(sdata); 173 struct ieee80211_local *local = sdata->local; 174 struct ieee80211_supported_band *sband; 175 struct ieee80211_sta_ht_cap ht_cap; 176 struct sta_info *sta = NULL; 177 size_t offset = 0, noffset; 178 u8 *pos; 179 180 rcu_read_lock(); 181 182 /* we should have the peer STA if we're already responding */ 183 if (action_code == WLAN_TDLS_SETUP_RESPONSE) { 184 sta = sta_info_get(sdata, peer); 185 if (WARN_ON_ONCE(!sta)) { 186 rcu_read_unlock(); 187 return; 188 } 189 } 190 191 ieee80211_add_srates_ie(sdata, skb, false, band); 192 ieee80211_add_ext_srates_ie(sdata, skb, false, band); 193 194 /* add any custom IEs that go before Extended Capabilities */ 195 if (extra_ies_len) { 196 static const u8 before_ext_cap[] = { 197 WLAN_EID_SUPP_RATES, 198 WLAN_EID_COUNTRY, 199 WLAN_EID_EXT_SUPP_RATES, 200 WLAN_EID_SUPPORTED_CHANNELS, 201 WLAN_EID_RSN, 202 }; 203 noffset = ieee80211_ie_split(extra_ies, extra_ies_len, 204 before_ext_cap, 205 ARRAY_SIZE(before_ext_cap), 206 offset); 207 pos = skb_put(skb, noffset - offset); 208 memcpy(pos, extra_ies + offset, noffset - offset); 209 offset = noffset; 210 } 211 212 ieee80211_tdls_add_ext_capab(skb); 213 214 /* add the QoS element if we support it */ 215 if (local->hw.queues >= IEEE80211_NUM_ACS && 216 action_code != WLAN_PUB_ACTION_TDLS_DISCOVER_RES) 217 ieee80211_add_wmm_info_ie(skb_put(skb, 9), 0); /* no U-APSD */ 218 219 /* add any custom IEs that go before HT capabilities */ 220 if (extra_ies_len) { 221 static const u8 before_ht_cap[] = { 222 WLAN_EID_SUPP_RATES, 223 WLAN_EID_COUNTRY, 224 WLAN_EID_EXT_SUPP_RATES, 225 WLAN_EID_SUPPORTED_CHANNELS, 226 WLAN_EID_RSN, 227 WLAN_EID_EXT_CAPABILITY, 228 WLAN_EID_QOS_CAPA, 229 WLAN_EID_FAST_BSS_TRANSITION, 230 WLAN_EID_TIMEOUT_INTERVAL, 231 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 232 }; 233 noffset = ieee80211_ie_split(extra_ies, extra_ies_len, 234 before_ht_cap, 235 ARRAY_SIZE(before_ht_cap), 236 offset); 237 pos = skb_put(skb, noffset - offset); 238 memcpy(pos, extra_ies + offset, noffset - offset); 239 offset = noffset; 240 } 241 242 /* 243 * with TDLS we can switch channels, and HT-caps are not necessarily 244 * the same on all bands. The specification limits the setup to a 245 * single HT-cap, so use the current band for now. 246 */ 247 sband = local->hw.wiphy->bands[band]; 248 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap)); 249 if ((action_code == WLAN_TDLS_SETUP_REQUEST || 250 action_code == WLAN_TDLS_SETUP_RESPONSE) && 251 ht_cap.ht_supported && (!sta || sta->sta.ht_cap.ht_supported)) { 252 if (action_code == WLAN_TDLS_SETUP_REQUEST) { 253 ieee80211_apply_htcap_overrides(sdata, &ht_cap); 254 255 /* disable SMPS in TDLS initiator */ 256 ht_cap.cap |= (WLAN_HT_CAP_SM_PS_DISABLED 257 << IEEE80211_HT_CAP_SM_PS_SHIFT); 258 } else { 259 /* disable SMPS in TDLS responder */ 260 sta->sta.ht_cap.cap |= 261 (WLAN_HT_CAP_SM_PS_DISABLED 262 << IEEE80211_HT_CAP_SM_PS_SHIFT); 263 264 /* the peer caps are already intersected with our own */ 265 memcpy(&ht_cap, &sta->sta.ht_cap, sizeof(ht_cap)); 266 } 267 268 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2); 269 ieee80211_ie_build_ht_cap(pos, &ht_cap, ht_cap.cap); 270 } 271 272 rcu_read_unlock(); 273 274 /* add any remaining IEs */ 275 if (extra_ies_len) { 276 noffset = extra_ies_len; 277 pos = skb_put(skb, noffset - offset); 278 memcpy(pos, extra_ies + offset, noffset - offset); 279 } 280 281 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator); 282 } 283 284 static void 285 ieee80211_tdls_add_setup_cfm_ies(struct ieee80211_sub_if_data *sdata, 286 struct sk_buff *skb, const u8 *peer, 287 bool initiator, const u8 *extra_ies, 288 size_t extra_ies_len) 289 { 290 struct ieee80211_local *local = sdata->local; 291 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 292 size_t offset = 0, noffset; 293 struct sta_info *sta, *ap_sta; 294 u8 *pos; 295 296 rcu_read_lock(); 297 298 sta = sta_info_get(sdata, peer); 299 ap_sta = sta_info_get(sdata, ifmgd->bssid); 300 if (WARN_ON_ONCE(!sta || !ap_sta)) { 301 rcu_read_unlock(); 302 return; 303 } 304 305 /* add any custom IEs that go before the QoS IE */ 306 if (extra_ies_len) { 307 static const u8 before_qos[] = { 308 WLAN_EID_RSN, 309 }; 310 noffset = ieee80211_ie_split(extra_ies, extra_ies_len, 311 before_qos, 312 ARRAY_SIZE(before_qos), 313 offset); 314 pos = skb_put(skb, noffset - offset); 315 memcpy(pos, extra_ies + offset, noffset - offset); 316 offset = noffset; 317 } 318 319 /* add the QoS param IE if both the peer and we support it */ 320 if (local->hw.queues >= IEEE80211_NUM_ACS && sta->sta.wme) 321 ieee80211_tdls_add_wmm_param_ie(sdata, skb); 322 323 /* add any custom IEs that go before HT operation */ 324 if (extra_ies_len) { 325 static const u8 before_ht_op[] = { 326 WLAN_EID_RSN, 327 WLAN_EID_QOS_CAPA, 328 WLAN_EID_FAST_BSS_TRANSITION, 329 WLAN_EID_TIMEOUT_INTERVAL, 330 }; 331 noffset = ieee80211_ie_split(extra_ies, extra_ies_len, 332 before_ht_op, 333 ARRAY_SIZE(before_ht_op), 334 offset); 335 pos = skb_put(skb, noffset - offset); 336 memcpy(pos, extra_ies + offset, noffset - offset); 337 offset = noffset; 338 } 339 340 /* if HT support is only added in TDLS, we need an HT-operation IE */ 341 if (!ap_sta->sta.ht_cap.ht_supported && sta->sta.ht_cap.ht_supported) { 342 struct ieee80211_chanctx_conf *chanctx_conf = 343 rcu_dereference(sdata->vif.chanctx_conf); 344 if (!WARN_ON(!chanctx_conf)) { 345 pos = skb_put(skb, 2 + 346 sizeof(struct ieee80211_ht_operation)); 347 /* send an empty HT operation IE */ 348 ieee80211_ie_build_ht_oper(pos, &sta->sta.ht_cap, 349 &chanctx_conf->def, 0); 350 } 351 } 352 353 rcu_read_unlock(); 354 355 /* add any remaining IEs */ 356 if (extra_ies_len) { 357 noffset = extra_ies_len; 358 pos = skb_put(skb, noffset - offset); 359 memcpy(pos, extra_ies + offset, noffset - offset); 360 } 361 362 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator); 363 } 364 365 static void ieee80211_tdls_add_ies(struct ieee80211_sub_if_data *sdata, 366 struct sk_buff *skb, const u8 *peer, 367 u8 action_code, u16 status_code, 368 bool initiator, const u8 *extra_ies, 369 size_t extra_ies_len) 370 { 371 switch (action_code) { 372 case WLAN_TDLS_SETUP_REQUEST: 373 case WLAN_TDLS_SETUP_RESPONSE: 374 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES: 375 if (status_code == 0) 376 ieee80211_tdls_add_setup_start_ies(sdata, skb, peer, 377 action_code, 378 initiator, 379 extra_ies, 380 extra_ies_len); 381 break; 382 case WLAN_TDLS_SETUP_CONFIRM: 383 if (status_code == 0) 384 ieee80211_tdls_add_setup_cfm_ies(sdata, skb, peer, 385 initiator, extra_ies, 386 extra_ies_len); 387 break; 388 case WLAN_TDLS_TEARDOWN: 389 case WLAN_TDLS_DISCOVERY_REQUEST: 390 if (extra_ies_len) 391 memcpy(skb_put(skb, extra_ies_len), extra_ies, 392 extra_ies_len); 393 if (status_code == 0 || action_code == WLAN_TDLS_TEARDOWN) 394 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator); 395 break; 396 } 397 398 } 399 400 static int 401 ieee80211_prep_tdls_encap_data(struct wiphy *wiphy, struct net_device *dev, 402 const u8 *peer, u8 action_code, u8 dialog_token, 403 u16 status_code, struct sk_buff *skb) 404 { 405 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 406 struct ieee80211_tdls_data *tf; 407 408 tf = (void *)skb_put(skb, offsetof(struct ieee80211_tdls_data, u)); 409 410 memcpy(tf->da, peer, ETH_ALEN); 411 memcpy(tf->sa, sdata->vif.addr, ETH_ALEN); 412 tf->ether_type = cpu_to_be16(ETH_P_TDLS); 413 tf->payload_type = WLAN_TDLS_SNAP_RFTYPE; 414 415 /* network header is after the ethernet header */ 416 skb_set_network_header(skb, ETH_HLEN); 417 418 switch (action_code) { 419 case WLAN_TDLS_SETUP_REQUEST: 420 tf->category = WLAN_CATEGORY_TDLS; 421 tf->action_code = WLAN_TDLS_SETUP_REQUEST; 422 423 skb_put(skb, sizeof(tf->u.setup_req)); 424 tf->u.setup_req.dialog_token = dialog_token; 425 tf->u.setup_req.capability = 426 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata, 427 status_code)); 428 break; 429 case WLAN_TDLS_SETUP_RESPONSE: 430 tf->category = WLAN_CATEGORY_TDLS; 431 tf->action_code = WLAN_TDLS_SETUP_RESPONSE; 432 433 skb_put(skb, sizeof(tf->u.setup_resp)); 434 tf->u.setup_resp.status_code = cpu_to_le16(status_code); 435 tf->u.setup_resp.dialog_token = dialog_token; 436 tf->u.setup_resp.capability = 437 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata, 438 status_code)); 439 break; 440 case WLAN_TDLS_SETUP_CONFIRM: 441 tf->category = WLAN_CATEGORY_TDLS; 442 tf->action_code = WLAN_TDLS_SETUP_CONFIRM; 443 444 skb_put(skb, sizeof(tf->u.setup_cfm)); 445 tf->u.setup_cfm.status_code = cpu_to_le16(status_code); 446 tf->u.setup_cfm.dialog_token = dialog_token; 447 break; 448 case WLAN_TDLS_TEARDOWN: 449 tf->category = WLAN_CATEGORY_TDLS; 450 tf->action_code = WLAN_TDLS_TEARDOWN; 451 452 skb_put(skb, sizeof(tf->u.teardown)); 453 tf->u.teardown.reason_code = cpu_to_le16(status_code); 454 break; 455 case WLAN_TDLS_DISCOVERY_REQUEST: 456 tf->category = WLAN_CATEGORY_TDLS; 457 tf->action_code = WLAN_TDLS_DISCOVERY_REQUEST; 458 459 skb_put(skb, sizeof(tf->u.discover_req)); 460 tf->u.discover_req.dialog_token = dialog_token; 461 break; 462 default: 463 return -EINVAL; 464 } 465 466 return 0; 467 } 468 469 static int 470 ieee80211_prep_tdls_direct(struct wiphy *wiphy, struct net_device *dev, 471 const u8 *peer, u8 action_code, u8 dialog_token, 472 u16 status_code, struct sk_buff *skb) 473 { 474 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 475 struct ieee80211_mgmt *mgmt; 476 477 mgmt = (void *)skb_put(skb, 24); 478 memset(mgmt, 0, 24); 479 memcpy(mgmt->da, peer, ETH_ALEN); 480 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 481 memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN); 482 483 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 484 IEEE80211_STYPE_ACTION); 485 486 switch (action_code) { 487 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES: 488 skb_put(skb, 1 + sizeof(mgmt->u.action.u.tdls_discover_resp)); 489 mgmt->u.action.category = WLAN_CATEGORY_PUBLIC; 490 mgmt->u.action.u.tdls_discover_resp.action_code = 491 WLAN_PUB_ACTION_TDLS_DISCOVER_RES; 492 mgmt->u.action.u.tdls_discover_resp.dialog_token = 493 dialog_token; 494 mgmt->u.action.u.tdls_discover_resp.capability = 495 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata, 496 status_code)); 497 break; 498 default: 499 return -EINVAL; 500 } 501 502 return 0; 503 } 504 505 static int 506 ieee80211_tdls_prep_mgmt_packet(struct wiphy *wiphy, struct net_device *dev, 507 const u8 *peer, u8 action_code, 508 u8 dialog_token, u16 status_code, 509 u32 peer_capability, bool initiator, 510 const u8 *extra_ies, size_t extra_ies_len) 511 { 512 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 513 struct ieee80211_local *local = sdata->local; 514 struct sk_buff *skb = NULL; 515 bool send_direct; 516 struct sta_info *sta; 517 int ret; 518 519 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 520 max(sizeof(struct ieee80211_mgmt), 521 sizeof(struct ieee80211_tdls_data)) + 522 50 + /* supported rates */ 523 7 + /* ext capab */ 524 26 + /* max(WMM-info, WMM-param) */ 525 2 + max(sizeof(struct ieee80211_ht_cap), 526 sizeof(struct ieee80211_ht_operation)) + 527 extra_ies_len + 528 sizeof(struct ieee80211_tdls_lnkie)); 529 if (!skb) 530 return -ENOMEM; 531 532 skb_reserve(skb, local->hw.extra_tx_headroom); 533 534 switch (action_code) { 535 case WLAN_TDLS_SETUP_REQUEST: 536 case WLAN_TDLS_SETUP_RESPONSE: 537 case WLAN_TDLS_SETUP_CONFIRM: 538 case WLAN_TDLS_TEARDOWN: 539 case WLAN_TDLS_DISCOVERY_REQUEST: 540 ret = ieee80211_prep_tdls_encap_data(wiphy, dev, peer, 541 action_code, dialog_token, 542 status_code, skb); 543 send_direct = false; 544 break; 545 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES: 546 ret = ieee80211_prep_tdls_direct(wiphy, dev, peer, action_code, 547 dialog_token, status_code, 548 skb); 549 send_direct = true; 550 break; 551 default: 552 ret = -ENOTSUPP; 553 break; 554 } 555 556 if (ret < 0) 557 goto fail; 558 559 rcu_read_lock(); 560 sta = sta_info_get(sdata, peer); 561 562 /* infer the initiator if we can, to support old userspace */ 563 switch (action_code) { 564 case WLAN_TDLS_SETUP_REQUEST: 565 if (sta) 566 set_sta_flag(sta, WLAN_STA_TDLS_INITIATOR); 567 /* fall-through */ 568 case WLAN_TDLS_SETUP_CONFIRM: 569 case WLAN_TDLS_DISCOVERY_REQUEST: 570 initiator = true; 571 break; 572 case WLAN_TDLS_SETUP_RESPONSE: 573 /* 574 * In some testing scenarios, we send a request and response. 575 * Make the last packet sent take effect for the initiator 576 * value. 577 */ 578 if (sta) 579 clear_sta_flag(sta, WLAN_STA_TDLS_INITIATOR); 580 /* fall-through */ 581 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES: 582 initiator = false; 583 break; 584 case WLAN_TDLS_TEARDOWN: 585 /* any value is ok */ 586 break; 587 default: 588 ret = -ENOTSUPP; 589 break; 590 } 591 592 if (sta && test_sta_flag(sta, WLAN_STA_TDLS_INITIATOR)) 593 initiator = true; 594 595 rcu_read_unlock(); 596 if (ret < 0) 597 goto fail; 598 599 ieee80211_tdls_add_ies(sdata, skb, peer, action_code, status_code, 600 initiator, extra_ies, extra_ies_len); 601 if (send_direct) { 602 ieee80211_tx_skb(sdata, skb); 603 return 0; 604 } 605 606 /* 607 * According to 802.11z: Setup req/resp are sent in AC_BK, otherwise 608 * we should default to AC_VI. 609 */ 610 switch (action_code) { 611 case WLAN_TDLS_SETUP_REQUEST: 612 case WLAN_TDLS_SETUP_RESPONSE: 613 skb_set_queue_mapping(skb, IEEE80211_AC_BK); 614 skb->priority = 2; 615 break; 616 default: 617 skb_set_queue_mapping(skb, IEEE80211_AC_VI); 618 skb->priority = 5; 619 break; 620 } 621 622 /* disable bottom halves when entering the Tx path */ 623 local_bh_disable(); 624 ret = ieee80211_subif_start_xmit(skb, dev); 625 local_bh_enable(); 626 627 return ret; 628 629 fail: 630 dev_kfree_skb(skb); 631 return ret; 632 } 633 634 static int 635 ieee80211_tdls_mgmt_setup(struct wiphy *wiphy, struct net_device *dev, 636 const u8 *peer, u8 action_code, u8 dialog_token, 637 u16 status_code, u32 peer_capability, bool initiator, 638 const u8 *extra_ies, size_t extra_ies_len) 639 { 640 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 641 struct ieee80211_local *local = sdata->local; 642 int ret; 643 644 mutex_lock(&local->mtx); 645 646 /* we don't support concurrent TDLS peer setups */ 647 if (!is_zero_ether_addr(sdata->u.mgd.tdls_peer) && 648 !ether_addr_equal(sdata->u.mgd.tdls_peer, peer)) { 649 ret = -EBUSY; 650 goto exit; 651 } 652 653 /* 654 * make sure we have a STA representing the peer so we drop or buffer 655 * non-TDLS-setup frames to the peer. We can't send other packets 656 * during setup through the AP path. 657 * Allow error packets to be sent - sometimes we don't even add a STA 658 * before failing the setup. 659 */ 660 if (status_code == 0) { 661 rcu_read_lock(); 662 if (!sta_info_get(sdata, peer)) { 663 rcu_read_unlock(); 664 ret = -ENOLINK; 665 goto exit; 666 } 667 rcu_read_unlock(); 668 } 669 670 ieee80211_flush_queues(local, sdata); 671 672 ret = ieee80211_tdls_prep_mgmt_packet(wiphy, dev, peer, action_code, 673 dialog_token, status_code, 674 peer_capability, initiator, 675 extra_ies, extra_ies_len); 676 if (ret < 0) 677 goto exit; 678 679 memcpy(sdata->u.mgd.tdls_peer, peer, ETH_ALEN); 680 ieee80211_queue_delayed_work(&sdata->local->hw, 681 &sdata->u.mgd.tdls_peer_del_work, 682 TDLS_PEER_SETUP_TIMEOUT); 683 684 exit: 685 mutex_unlock(&local->mtx); 686 return ret; 687 } 688 689 static int 690 ieee80211_tdls_mgmt_teardown(struct wiphy *wiphy, struct net_device *dev, 691 const u8 *peer, u8 action_code, u8 dialog_token, 692 u16 status_code, u32 peer_capability, 693 bool initiator, const u8 *extra_ies, 694 size_t extra_ies_len) 695 { 696 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 697 struct ieee80211_local *local = sdata->local; 698 struct sta_info *sta; 699 int ret; 700 701 /* 702 * No packets can be transmitted to the peer via the AP during setup - 703 * the STA is set as a TDLS peer, but is not authorized. 704 * During teardown, we prevent direct transmissions by stopping the 705 * queues and flushing all direct packets. 706 */ 707 ieee80211_stop_vif_queues(local, sdata, 708 IEEE80211_QUEUE_STOP_REASON_TDLS_TEARDOWN); 709 ieee80211_flush_queues(local, sdata); 710 711 ret = ieee80211_tdls_prep_mgmt_packet(wiphy, dev, peer, action_code, 712 dialog_token, status_code, 713 peer_capability, initiator, 714 extra_ies, extra_ies_len); 715 if (ret < 0) 716 sdata_err(sdata, "Failed sending TDLS teardown packet %d\n", 717 ret); 718 719 /* 720 * Remove the STA AUTH flag to force further traffic through the AP. If 721 * the STA was unreachable, it was already removed. 722 */ 723 rcu_read_lock(); 724 sta = sta_info_get(sdata, peer); 725 if (sta) 726 clear_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH); 727 rcu_read_unlock(); 728 729 ieee80211_wake_vif_queues(local, sdata, 730 IEEE80211_QUEUE_STOP_REASON_TDLS_TEARDOWN); 731 732 return 0; 733 } 734 735 int ieee80211_tdls_mgmt(struct wiphy *wiphy, struct net_device *dev, 736 const u8 *peer, u8 action_code, u8 dialog_token, 737 u16 status_code, u32 peer_capability, 738 bool initiator, const u8 *extra_ies, 739 size_t extra_ies_len) 740 { 741 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 742 int ret; 743 744 if (!(wiphy->flags & WIPHY_FLAG_SUPPORTS_TDLS)) 745 return -ENOTSUPP; 746 747 /* make sure we are in managed mode, and associated */ 748 if (sdata->vif.type != NL80211_IFTYPE_STATION || 749 !sdata->u.mgd.associated) 750 return -EINVAL; 751 752 switch (action_code) { 753 case WLAN_TDLS_SETUP_REQUEST: 754 case WLAN_TDLS_SETUP_RESPONSE: 755 ret = ieee80211_tdls_mgmt_setup(wiphy, dev, peer, action_code, 756 dialog_token, status_code, 757 peer_capability, initiator, 758 extra_ies, extra_ies_len); 759 break; 760 case WLAN_TDLS_TEARDOWN: 761 ret = ieee80211_tdls_mgmt_teardown(wiphy, dev, peer, 762 action_code, dialog_token, 763 status_code, 764 peer_capability, initiator, 765 extra_ies, extra_ies_len); 766 break; 767 case WLAN_TDLS_DISCOVERY_REQUEST: 768 /* 769 * Protect the discovery so we can hear the TDLS discovery 770 * response frame. It is transmitted directly and not buffered 771 * by the AP. 772 */ 773 drv_mgd_protect_tdls_discover(sdata->local, sdata); 774 /* fall-through */ 775 case WLAN_TDLS_SETUP_CONFIRM: 776 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES: 777 /* no special handling */ 778 ret = ieee80211_tdls_prep_mgmt_packet(wiphy, dev, peer, 779 action_code, 780 dialog_token, 781 status_code, 782 peer_capability, 783 initiator, extra_ies, 784 extra_ies_len); 785 break; 786 default: 787 ret = -EOPNOTSUPP; 788 break; 789 } 790 791 tdls_dbg(sdata, "TDLS mgmt action %d peer %pM status %d\n", 792 action_code, peer, ret); 793 return ret; 794 } 795 796 int ieee80211_tdls_oper(struct wiphy *wiphy, struct net_device *dev, 797 const u8 *peer, enum nl80211_tdls_operation oper) 798 { 799 struct sta_info *sta; 800 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 801 struct ieee80211_local *local = sdata->local; 802 int ret; 803 804 if (!(wiphy->flags & WIPHY_FLAG_SUPPORTS_TDLS)) 805 return -ENOTSUPP; 806 807 if (sdata->vif.type != NL80211_IFTYPE_STATION) 808 return -EINVAL; 809 810 switch (oper) { 811 case NL80211_TDLS_ENABLE_LINK: 812 case NL80211_TDLS_DISABLE_LINK: 813 break; 814 case NL80211_TDLS_TEARDOWN: 815 case NL80211_TDLS_SETUP: 816 case NL80211_TDLS_DISCOVERY_REQ: 817 /* We don't support in-driver setup/teardown/discovery */ 818 return -ENOTSUPP; 819 } 820 821 mutex_lock(&local->mtx); 822 tdls_dbg(sdata, "TDLS oper %d peer %pM\n", oper, peer); 823 824 switch (oper) { 825 case NL80211_TDLS_ENABLE_LINK: 826 rcu_read_lock(); 827 sta = sta_info_get(sdata, peer); 828 if (!sta) { 829 rcu_read_unlock(); 830 ret = -ENOLINK; 831 break; 832 } 833 834 set_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH); 835 rcu_read_unlock(); 836 837 WARN_ON_ONCE(is_zero_ether_addr(sdata->u.mgd.tdls_peer) || 838 !ether_addr_equal(sdata->u.mgd.tdls_peer, peer)); 839 ret = 0; 840 break; 841 case NL80211_TDLS_DISABLE_LINK: 842 /* 843 * The teardown message in ieee80211_tdls_mgmt_teardown() was 844 * created while the queues were stopped, so it might still be 845 * pending. Before flushing the queues we need to be sure the 846 * message is handled by the tasklet handling pending messages, 847 * otherwise we might start destroying the station before 848 * sending the teardown packet. 849 * Note that this only forces the tasklet to flush pendings - 850 * not to stop the tasklet from rescheduling itself. 851 */ 852 tasklet_kill(&local->tx_pending_tasklet); 853 /* flush a potentially queued teardown packet */ 854 ieee80211_flush_queues(local, sdata); 855 856 ret = sta_info_destroy_addr(sdata, peer); 857 break; 858 default: 859 ret = -ENOTSUPP; 860 break; 861 } 862 863 if (ret == 0 && ether_addr_equal(sdata->u.mgd.tdls_peer, peer)) { 864 cancel_delayed_work(&sdata->u.mgd.tdls_peer_del_work); 865 eth_zero_addr(sdata->u.mgd.tdls_peer); 866 } 867 868 mutex_unlock(&local->mtx); 869 return ret; 870 } 871 872 void ieee80211_tdls_oper_request(struct ieee80211_vif *vif, const u8 *peer, 873 enum nl80211_tdls_operation oper, 874 u16 reason_code, gfp_t gfp) 875 { 876 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 877 878 if (vif->type != NL80211_IFTYPE_STATION || !vif->bss_conf.assoc) { 879 sdata_err(sdata, "Discarding TDLS oper %d - not STA or disconnected\n", 880 oper); 881 return; 882 } 883 884 cfg80211_tdls_oper_request(sdata->dev, peer, oper, reason_code, gfp); 885 } 886 EXPORT_SYMBOL(ieee80211_tdls_oper_request); 887