1 /* 2 * mac80211 TDLS handling code 3 * 4 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net> 5 * Copyright 2014, Intel Corporation 6 * Copyright 2014 Intel Mobile Communications GmbH 7 * Copyright 2015 - 2016 Intel Deutschland GmbH 8 * 9 * This file is GPLv2 as found in COPYING. 10 */ 11 12 #include <linux/ieee80211.h> 13 #include <linux/log2.h> 14 #include <net/cfg80211.h> 15 #include <linux/rtnetlink.h> 16 #include "ieee80211_i.h" 17 #include "driver-ops.h" 18 #include "rate.h" 19 20 /* give usermode some time for retries in setting up the TDLS session */ 21 #define TDLS_PEER_SETUP_TIMEOUT (15 * HZ) 22 23 void ieee80211_tdls_peer_del_work(struct work_struct *wk) 24 { 25 struct ieee80211_sub_if_data *sdata; 26 struct ieee80211_local *local; 27 28 sdata = container_of(wk, struct ieee80211_sub_if_data, 29 u.mgd.tdls_peer_del_work.work); 30 local = sdata->local; 31 32 mutex_lock(&local->mtx); 33 if (!is_zero_ether_addr(sdata->u.mgd.tdls_peer)) { 34 tdls_dbg(sdata, "TDLS del peer %pM\n", sdata->u.mgd.tdls_peer); 35 sta_info_destroy_addr(sdata, sdata->u.mgd.tdls_peer); 36 eth_zero_addr(sdata->u.mgd.tdls_peer); 37 } 38 mutex_unlock(&local->mtx); 39 } 40 41 static void ieee80211_tdls_add_ext_capab(struct ieee80211_sub_if_data *sdata, 42 struct sk_buff *skb) 43 { 44 struct ieee80211_local *local = sdata->local; 45 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 46 bool chan_switch = local->hw.wiphy->features & 47 NL80211_FEATURE_TDLS_CHANNEL_SWITCH; 48 bool wider_band = ieee80211_hw_check(&local->hw, TDLS_WIDER_BW) && 49 !ifmgd->tdls_wider_bw_prohibited; 50 struct ieee80211_supported_band *sband = ieee80211_get_sband(sdata); 51 bool vht = sband && sband->vht_cap.vht_supported; 52 u8 *pos = (void *)skb_put(skb, 10); 53 54 *pos++ = WLAN_EID_EXT_CAPABILITY; 55 *pos++ = 8; /* len */ 56 *pos++ = 0x0; 57 *pos++ = 0x0; 58 *pos++ = 0x0; 59 *pos++ = chan_switch ? WLAN_EXT_CAPA4_TDLS_CHAN_SWITCH : 0; 60 *pos++ = WLAN_EXT_CAPA5_TDLS_ENABLED; 61 *pos++ = 0; 62 *pos++ = 0; 63 *pos++ = (vht && wider_band) ? WLAN_EXT_CAPA8_TDLS_WIDE_BW_ENABLED : 0; 64 } 65 66 static u8 67 ieee80211_tdls_add_subband(struct ieee80211_sub_if_data *sdata, 68 struct sk_buff *skb, u16 start, u16 end, 69 u16 spacing) 70 { 71 u8 subband_cnt = 0, ch_cnt = 0; 72 struct ieee80211_channel *ch; 73 struct cfg80211_chan_def chandef; 74 int i, subband_start; 75 struct wiphy *wiphy = sdata->local->hw.wiphy; 76 77 for (i = start; i <= end; i += spacing) { 78 if (!ch_cnt) 79 subband_start = i; 80 81 ch = ieee80211_get_channel(sdata->local->hw.wiphy, i); 82 if (ch) { 83 /* we will be active on the channel */ 84 cfg80211_chandef_create(&chandef, ch, 85 NL80211_CHAN_NO_HT); 86 if (cfg80211_reg_can_beacon_relax(wiphy, &chandef, 87 sdata->wdev.iftype)) { 88 ch_cnt++; 89 /* 90 * check if the next channel is also part of 91 * this allowed range 92 */ 93 continue; 94 } 95 } 96 97 /* 98 * we've reached the end of a range, with allowed channels 99 * found 100 */ 101 if (ch_cnt) { 102 u8 *pos = skb_put(skb, 2); 103 *pos++ = ieee80211_frequency_to_channel(subband_start); 104 *pos++ = ch_cnt; 105 106 subband_cnt++; 107 ch_cnt = 0; 108 } 109 } 110 111 /* all channels in the requested range are allowed - add them here */ 112 if (ch_cnt) { 113 u8 *pos = skb_put(skb, 2); 114 *pos++ = ieee80211_frequency_to_channel(subband_start); 115 *pos++ = ch_cnt; 116 117 subband_cnt++; 118 } 119 120 return subband_cnt; 121 } 122 123 static void 124 ieee80211_tdls_add_supp_channels(struct ieee80211_sub_if_data *sdata, 125 struct sk_buff *skb) 126 { 127 /* 128 * Add possible channels for TDLS. These are channels that are allowed 129 * to be active. 130 */ 131 u8 subband_cnt; 132 u8 *pos = skb_put(skb, 2); 133 134 *pos++ = WLAN_EID_SUPPORTED_CHANNELS; 135 136 /* 137 * 5GHz and 2GHz channels numbers can overlap. Ignore this for now, as 138 * this doesn't happen in real world scenarios. 139 */ 140 141 /* 2GHz, with 5MHz spacing */ 142 subband_cnt = ieee80211_tdls_add_subband(sdata, skb, 2412, 2472, 5); 143 144 /* 5GHz, with 20MHz spacing */ 145 subband_cnt += ieee80211_tdls_add_subband(sdata, skb, 5000, 5825, 20); 146 147 /* length */ 148 *pos = 2 * subband_cnt; 149 } 150 151 static void ieee80211_tdls_add_oper_classes(struct ieee80211_sub_if_data *sdata, 152 struct sk_buff *skb) 153 { 154 u8 *pos; 155 u8 op_class; 156 157 if (!ieee80211_chandef_to_operating_class(&sdata->vif.bss_conf.chandef, 158 &op_class)) 159 return; 160 161 pos = skb_put(skb, 4); 162 *pos++ = WLAN_EID_SUPPORTED_REGULATORY_CLASSES; 163 *pos++ = 2; /* len */ 164 165 *pos++ = op_class; 166 *pos++ = op_class; /* give current operating class as alternate too */ 167 } 168 169 static void ieee80211_tdls_add_bss_coex_ie(struct sk_buff *skb) 170 { 171 u8 *pos = (void *)skb_put(skb, 3); 172 173 *pos++ = WLAN_EID_BSS_COEX_2040; 174 *pos++ = 1; /* len */ 175 176 *pos++ = WLAN_BSS_COEX_INFORMATION_REQUEST; 177 } 178 179 static u16 ieee80211_get_tdls_sta_capab(struct ieee80211_sub_if_data *sdata, 180 u16 status_code) 181 { 182 struct ieee80211_supported_band *sband; 183 184 /* The capability will be 0 when sending a failure code */ 185 if (status_code != 0) 186 return 0; 187 188 sband = ieee80211_get_sband(sdata); 189 if (sband && sband->band == NL80211_BAND_2GHZ) { 190 return WLAN_CAPABILITY_SHORT_SLOT_TIME | 191 WLAN_CAPABILITY_SHORT_PREAMBLE; 192 } 193 194 return 0; 195 } 196 197 static void ieee80211_tdls_add_link_ie(struct ieee80211_sub_if_data *sdata, 198 struct sk_buff *skb, const u8 *peer, 199 bool initiator) 200 { 201 struct ieee80211_tdls_lnkie *lnkid; 202 const u8 *init_addr, *rsp_addr; 203 204 if (initiator) { 205 init_addr = sdata->vif.addr; 206 rsp_addr = peer; 207 } else { 208 init_addr = peer; 209 rsp_addr = sdata->vif.addr; 210 } 211 212 lnkid = (void *)skb_put(skb, sizeof(struct ieee80211_tdls_lnkie)); 213 214 lnkid->ie_type = WLAN_EID_LINK_ID; 215 lnkid->ie_len = sizeof(struct ieee80211_tdls_lnkie) - 2; 216 217 memcpy(lnkid->bssid, sdata->u.mgd.bssid, ETH_ALEN); 218 memcpy(lnkid->init_sta, init_addr, ETH_ALEN); 219 memcpy(lnkid->resp_sta, rsp_addr, ETH_ALEN); 220 } 221 222 static void 223 ieee80211_tdls_add_aid(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb) 224 { 225 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 226 u8 *pos = (void *)skb_put(skb, 4); 227 228 *pos++ = WLAN_EID_AID; 229 *pos++ = 2; /* len */ 230 put_unaligned_le16(ifmgd->aid, pos); 231 } 232 233 /* translate numbering in the WMM parameter IE to the mac80211 notation */ 234 static enum ieee80211_ac_numbers ieee80211_ac_from_wmm(int ac) 235 { 236 switch (ac) { 237 default: 238 WARN_ON_ONCE(1); 239 case 0: 240 return IEEE80211_AC_BE; 241 case 1: 242 return IEEE80211_AC_BK; 243 case 2: 244 return IEEE80211_AC_VI; 245 case 3: 246 return IEEE80211_AC_VO; 247 } 248 } 249 250 static u8 ieee80211_wmm_aci_aifsn(int aifsn, bool acm, int aci) 251 { 252 u8 ret; 253 254 ret = aifsn & 0x0f; 255 if (acm) 256 ret |= 0x10; 257 ret |= (aci << 5) & 0x60; 258 return ret; 259 } 260 261 static u8 ieee80211_wmm_ecw(u16 cw_min, u16 cw_max) 262 { 263 return ((ilog2(cw_min + 1) << 0x0) & 0x0f) | 264 ((ilog2(cw_max + 1) << 0x4) & 0xf0); 265 } 266 267 static void ieee80211_tdls_add_wmm_param_ie(struct ieee80211_sub_if_data *sdata, 268 struct sk_buff *skb) 269 { 270 struct ieee80211_wmm_param_ie *wmm; 271 struct ieee80211_tx_queue_params *txq; 272 int i; 273 274 wmm = (void *)skb_put(skb, sizeof(*wmm)); 275 memset(wmm, 0, sizeof(*wmm)); 276 277 wmm->element_id = WLAN_EID_VENDOR_SPECIFIC; 278 wmm->len = sizeof(*wmm) - 2; 279 280 wmm->oui[0] = 0x00; /* Microsoft OUI 00:50:F2 */ 281 wmm->oui[1] = 0x50; 282 wmm->oui[2] = 0xf2; 283 wmm->oui_type = 2; /* WME */ 284 wmm->oui_subtype = 1; /* WME param */ 285 wmm->version = 1; /* WME ver */ 286 wmm->qos_info = 0; /* U-APSD not in use */ 287 288 /* 289 * Use the EDCA parameters defined for the BSS, or default if the AP 290 * doesn't support it, as mandated by 802.11-2012 section 10.22.4 291 */ 292 for (i = 0; i < IEEE80211_NUM_ACS; i++) { 293 txq = &sdata->tx_conf[ieee80211_ac_from_wmm(i)]; 294 wmm->ac[i].aci_aifsn = ieee80211_wmm_aci_aifsn(txq->aifs, 295 txq->acm, i); 296 wmm->ac[i].cw = ieee80211_wmm_ecw(txq->cw_min, txq->cw_max); 297 wmm->ac[i].txop_limit = cpu_to_le16(txq->txop); 298 } 299 } 300 301 static void 302 ieee80211_tdls_chandef_vht_upgrade(struct ieee80211_sub_if_data *sdata, 303 struct sta_info *sta) 304 { 305 /* IEEE802.11ac-2013 Table E-4 */ 306 u16 centers_80mhz[] = { 5210, 5290, 5530, 5610, 5690, 5775 }; 307 struct cfg80211_chan_def uc = sta->tdls_chandef; 308 enum nl80211_chan_width max_width = ieee80211_sta_cap_chan_bw(sta); 309 int i; 310 311 /* only support upgrading non-narrow channels up to 80Mhz */ 312 if (max_width == NL80211_CHAN_WIDTH_5 || 313 max_width == NL80211_CHAN_WIDTH_10) 314 return; 315 316 if (max_width > NL80211_CHAN_WIDTH_80) 317 max_width = NL80211_CHAN_WIDTH_80; 318 319 if (uc.width >= max_width) 320 return; 321 /* 322 * Channel usage constrains in the IEEE802.11ac-2013 specification only 323 * allow expanding a 20MHz channel to 80MHz in a single way. In 324 * addition, there are no 40MHz allowed channels that are not part of 325 * the allowed 80MHz range in the 5GHz spectrum (the relevant one here). 326 */ 327 for (i = 0; i < ARRAY_SIZE(centers_80mhz); i++) 328 if (abs(uc.chan->center_freq - centers_80mhz[i]) <= 30) { 329 uc.center_freq1 = centers_80mhz[i]; 330 uc.center_freq2 = 0; 331 uc.width = NL80211_CHAN_WIDTH_80; 332 break; 333 } 334 335 if (!uc.center_freq1) 336 return; 337 338 /* proceed to downgrade the chandef until usable or the same as AP BW */ 339 while (uc.width > max_width || 340 (uc.width > sta->tdls_chandef.width && 341 !cfg80211_reg_can_beacon_relax(sdata->local->hw.wiphy, &uc, 342 sdata->wdev.iftype))) 343 ieee80211_chandef_downgrade(&uc); 344 345 if (!cfg80211_chandef_identical(&uc, &sta->tdls_chandef)) { 346 tdls_dbg(sdata, "TDLS ch width upgraded %d -> %d\n", 347 sta->tdls_chandef.width, uc.width); 348 349 /* 350 * the station is not yet authorized when BW upgrade is done, 351 * locking is not required 352 */ 353 sta->tdls_chandef = uc; 354 } 355 } 356 357 static void 358 ieee80211_tdls_add_setup_start_ies(struct ieee80211_sub_if_data *sdata, 359 struct sk_buff *skb, const u8 *peer, 360 u8 action_code, bool initiator, 361 const u8 *extra_ies, size_t extra_ies_len) 362 { 363 struct ieee80211_supported_band *sband; 364 struct ieee80211_local *local = sdata->local; 365 struct ieee80211_sta_ht_cap ht_cap; 366 struct ieee80211_sta_vht_cap vht_cap; 367 struct sta_info *sta = NULL; 368 size_t offset = 0, noffset; 369 u8 *pos; 370 371 sband = ieee80211_get_sband(sdata); 372 if (!sband) 373 return; 374 375 ieee80211_add_srates_ie(sdata, skb, false, sband->band); 376 ieee80211_add_ext_srates_ie(sdata, skb, false, sband->band); 377 ieee80211_tdls_add_supp_channels(sdata, skb); 378 379 /* add any custom IEs that go before Extended Capabilities */ 380 if (extra_ies_len) { 381 static const u8 before_ext_cap[] = { 382 WLAN_EID_SUPP_RATES, 383 WLAN_EID_COUNTRY, 384 WLAN_EID_EXT_SUPP_RATES, 385 WLAN_EID_SUPPORTED_CHANNELS, 386 WLAN_EID_RSN, 387 }; 388 noffset = ieee80211_ie_split(extra_ies, extra_ies_len, 389 before_ext_cap, 390 ARRAY_SIZE(before_ext_cap), 391 offset); 392 pos = skb_put(skb, noffset - offset); 393 memcpy(pos, extra_ies + offset, noffset - offset); 394 offset = noffset; 395 } 396 397 ieee80211_tdls_add_ext_capab(sdata, skb); 398 399 /* add the QoS element if we support it */ 400 if (local->hw.queues >= IEEE80211_NUM_ACS && 401 action_code != WLAN_PUB_ACTION_TDLS_DISCOVER_RES) 402 ieee80211_add_wmm_info_ie(skb_put(skb, 9), 0); /* no U-APSD */ 403 404 /* add any custom IEs that go before HT capabilities */ 405 if (extra_ies_len) { 406 static const u8 before_ht_cap[] = { 407 WLAN_EID_SUPP_RATES, 408 WLAN_EID_COUNTRY, 409 WLAN_EID_EXT_SUPP_RATES, 410 WLAN_EID_SUPPORTED_CHANNELS, 411 WLAN_EID_RSN, 412 WLAN_EID_EXT_CAPABILITY, 413 WLAN_EID_QOS_CAPA, 414 WLAN_EID_FAST_BSS_TRANSITION, 415 WLAN_EID_TIMEOUT_INTERVAL, 416 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 417 }; 418 noffset = ieee80211_ie_split(extra_ies, extra_ies_len, 419 before_ht_cap, 420 ARRAY_SIZE(before_ht_cap), 421 offset); 422 pos = skb_put(skb, noffset - offset); 423 memcpy(pos, extra_ies + offset, noffset - offset); 424 offset = noffset; 425 } 426 427 mutex_lock(&local->sta_mtx); 428 429 /* we should have the peer STA if we're already responding */ 430 if (action_code == WLAN_TDLS_SETUP_RESPONSE) { 431 sta = sta_info_get(sdata, peer); 432 if (WARN_ON_ONCE(!sta)) { 433 mutex_unlock(&local->sta_mtx); 434 return; 435 } 436 437 sta->tdls_chandef = sdata->vif.bss_conf.chandef; 438 } 439 440 ieee80211_tdls_add_oper_classes(sdata, skb); 441 442 /* 443 * with TDLS we can switch channels, and HT-caps are not necessarily 444 * the same on all bands. The specification limits the setup to a 445 * single HT-cap, so use the current band for now. 446 */ 447 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap)); 448 449 if ((action_code == WLAN_TDLS_SETUP_REQUEST || 450 action_code == WLAN_PUB_ACTION_TDLS_DISCOVER_RES) && 451 ht_cap.ht_supported) { 452 ieee80211_apply_htcap_overrides(sdata, &ht_cap); 453 454 /* disable SMPS in TDLS initiator */ 455 ht_cap.cap |= WLAN_HT_CAP_SM_PS_DISABLED 456 << IEEE80211_HT_CAP_SM_PS_SHIFT; 457 458 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2); 459 ieee80211_ie_build_ht_cap(pos, &ht_cap, ht_cap.cap); 460 } else if (action_code == WLAN_TDLS_SETUP_RESPONSE && 461 ht_cap.ht_supported && sta->sta.ht_cap.ht_supported) { 462 /* the peer caps are already intersected with our own */ 463 memcpy(&ht_cap, &sta->sta.ht_cap, sizeof(ht_cap)); 464 465 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2); 466 ieee80211_ie_build_ht_cap(pos, &ht_cap, ht_cap.cap); 467 } 468 469 if (ht_cap.ht_supported && 470 (ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40)) 471 ieee80211_tdls_add_bss_coex_ie(skb); 472 473 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator); 474 475 /* add any custom IEs that go before VHT capabilities */ 476 if (extra_ies_len) { 477 static const u8 before_vht_cap[] = { 478 WLAN_EID_SUPP_RATES, 479 WLAN_EID_COUNTRY, 480 WLAN_EID_EXT_SUPP_RATES, 481 WLAN_EID_SUPPORTED_CHANNELS, 482 WLAN_EID_RSN, 483 WLAN_EID_EXT_CAPABILITY, 484 WLAN_EID_QOS_CAPA, 485 WLAN_EID_FAST_BSS_TRANSITION, 486 WLAN_EID_TIMEOUT_INTERVAL, 487 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 488 WLAN_EID_MULTI_BAND, 489 }; 490 noffset = ieee80211_ie_split(extra_ies, extra_ies_len, 491 before_vht_cap, 492 ARRAY_SIZE(before_vht_cap), 493 offset); 494 pos = skb_put(skb, noffset - offset); 495 memcpy(pos, extra_ies + offset, noffset - offset); 496 offset = noffset; 497 } 498 499 /* build the VHT-cap similarly to the HT-cap */ 500 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap)); 501 if ((action_code == WLAN_TDLS_SETUP_REQUEST || 502 action_code == WLAN_PUB_ACTION_TDLS_DISCOVER_RES) && 503 vht_cap.vht_supported) { 504 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap); 505 506 /* the AID is present only when VHT is implemented */ 507 if (action_code == WLAN_TDLS_SETUP_REQUEST) 508 ieee80211_tdls_add_aid(sdata, skb); 509 510 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2); 511 ieee80211_ie_build_vht_cap(pos, &vht_cap, vht_cap.cap); 512 } else if (action_code == WLAN_TDLS_SETUP_RESPONSE && 513 vht_cap.vht_supported && sta->sta.vht_cap.vht_supported) { 514 /* the peer caps are already intersected with our own */ 515 memcpy(&vht_cap, &sta->sta.vht_cap, sizeof(vht_cap)); 516 517 /* the AID is present only when VHT is implemented */ 518 ieee80211_tdls_add_aid(sdata, skb); 519 520 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2); 521 ieee80211_ie_build_vht_cap(pos, &vht_cap, vht_cap.cap); 522 523 /* 524 * if both peers support WIDER_BW, we can expand the chandef to 525 * a wider compatible one, up to 80MHz 526 */ 527 if (test_sta_flag(sta, WLAN_STA_TDLS_WIDER_BW)) 528 ieee80211_tdls_chandef_vht_upgrade(sdata, sta); 529 } 530 531 mutex_unlock(&local->sta_mtx); 532 533 /* add any remaining IEs */ 534 if (extra_ies_len) { 535 noffset = extra_ies_len; 536 pos = skb_put(skb, noffset - offset); 537 memcpy(pos, extra_ies + offset, noffset - offset); 538 } 539 540 } 541 542 static void 543 ieee80211_tdls_add_setup_cfm_ies(struct ieee80211_sub_if_data *sdata, 544 struct sk_buff *skb, const u8 *peer, 545 bool initiator, const u8 *extra_ies, 546 size_t extra_ies_len) 547 { 548 struct ieee80211_local *local = sdata->local; 549 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 550 size_t offset = 0, noffset; 551 struct sta_info *sta, *ap_sta; 552 struct ieee80211_supported_band *sband; 553 u8 *pos; 554 555 sband = ieee80211_get_sband(sdata); 556 if (!sband) 557 return; 558 559 mutex_lock(&local->sta_mtx); 560 561 sta = sta_info_get(sdata, peer); 562 ap_sta = sta_info_get(sdata, ifmgd->bssid); 563 if (WARN_ON_ONCE(!sta || !ap_sta)) { 564 mutex_unlock(&local->sta_mtx); 565 return; 566 } 567 568 sta->tdls_chandef = sdata->vif.bss_conf.chandef; 569 570 /* add any custom IEs that go before the QoS IE */ 571 if (extra_ies_len) { 572 static const u8 before_qos[] = { 573 WLAN_EID_RSN, 574 }; 575 noffset = ieee80211_ie_split(extra_ies, extra_ies_len, 576 before_qos, 577 ARRAY_SIZE(before_qos), 578 offset); 579 pos = skb_put(skb, noffset - offset); 580 memcpy(pos, extra_ies + offset, noffset - offset); 581 offset = noffset; 582 } 583 584 /* add the QoS param IE if both the peer and we support it */ 585 if (local->hw.queues >= IEEE80211_NUM_ACS && sta->sta.wme) 586 ieee80211_tdls_add_wmm_param_ie(sdata, skb); 587 588 /* add any custom IEs that go before HT operation */ 589 if (extra_ies_len) { 590 static const u8 before_ht_op[] = { 591 WLAN_EID_RSN, 592 WLAN_EID_QOS_CAPA, 593 WLAN_EID_FAST_BSS_TRANSITION, 594 WLAN_EID_TIMEOUT_INTERVAL, 595 }; 596 noffset = ieee80211_ie_split(extra_ies, extra_ies_len, 597 before_ht_op, 598 ARRAY_SIZE(before_ht_op), 599 offset); 600 pos = skb_put(skb, noffset - offset); 601 memcpy(pos, extra_ies + offset, noffset - offset); 602 offset = noffset; 603 } 604 605 /* 606 * if HT support is only added in TDLS, we need an HT-operation IE. 607 * add the IE as required by IEEE802.11-2012 9.23.3.2. 608 */ 609 if (!ap_sta->sta.ht_cap.ht_supported && sta->sta.ht_cap.ht_supported) { 610 u16 prot = IEEE80211_HT_OP_MODE_PROTECTION_NONHT_MIXED | 611 IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT | 612 IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT; 613 614 pos = skb_put(skb, 2 + sizeof(struct ieee80211_ht_operation)); 615 ieee80211_ie_build_ht_oper(pos, &sta->sta.ht_cap, 616 &sdata->vif.bss_conf.chandef, prot, 617 true); 618 } 619 620 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator); 621 622 /* only include VHT-operation if not on the 2.4GHz band */ 623 if (sband->band != NL80211_BAND_2GHZ && 624 sta->sta.vht_cap.vht_supported) { 625 /* 626 * if both peers support WIDER_BW, we can expand the chandef to 627 * a wider compatible one, up to 80MHz 628 */ 629 if (test_sta_flag(sta, WLAN_STA_TDLS_WIDER_BW)) 630 ieee80211_tdls_chandef_vht_upgrade(sdata, sta); 631 632 pos = skb_put(skb, 2 + sizeof(struct ieee80211_vht_operation)); 633 ieee80211_ie_build_vht_oper(pos, &sta->sta.vht_cap, 634 &sta->tdls_chandef); 635 } 636 637 mutex_unlock(&local->sta_mtx); 638 639 /* add any remaining IEs */ 640 if (extra_ies_len) { 641 noffset = extra_ies_len; 642 pos = skb_put(skb, noffset - offset); 643 memcpy(pos, extra_ies + offset, noffset - offset); 644 } 645 } 646 647 static void 648 ieee80211_tdls_add_chan_switch_req_ies(struct ieee80211_sub_if_data *sdata, 649 struct sk_buff *skb, const u8 *peer, 650 bool initiator, const u8 *extra_ies, 651 size_t extra_ies_len, u8 oper_class, 652 struct cfg80211_chan_def *chandef) 653 { 654 struct ieee80211_tdls_data *tf; 655 size_t offset = 0, noffset; 656 u8 *pos; 657 658 if (WARN_ON_ONCE(!chandef)) 659 return; 660 661 tf = (void *)skb->data; 662 tf->u.chan_switch_req.target_channel = 663 ieee80211_frequency_to_channel(chandef->chan->center_freq); 664 tf->u.chan_switch_req.oper_class = oper_class; 665 666 if (extra_ies_len) { 667 static const u8 before_lnkie[] = { 668 WLAN_EID_SECONDARY_CHANNEL_OFFSET, 669 }; 670 noffset = ieee80211_ie_split(extra_ies, extra_ies_len, 671 before_lnkie, 672 ARRAY_SIZE(before_lnkie), 673 offset); 674 pos = skb_put(skb, noffset - offset); 675 memcpy(pos, extra_ies + offset, noffset - offset); 676 offset = noffset; 677 } 678 679 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator); 680 681 /* add any remaining IEs */ 682 if (extra_ies_len) { 683 noffset = extra_ies_len; 684 pos = skb_put(skb, noffset - offset); 685 memcpy(pos, extra_ies + offset, noffset - offset); 686 } 687 } 688 689 static void 690 ieee80211_tdls_add_chan_switch_resp_ies(struct ieee80211_sub_if_data *sdata, 691 struct sk_buff *skb, const u8 *peer, 692 u16 status_code, bool initiator, 693 const u8 *extra_ies, 694 size_t extra_ies_len) 695 { 696 if (status_code == 0) 697 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator); 698 699 if (extra_ies_len) 700 memcpy(skb_put(skb, extra_ies_len), extra_ies, extra_ies_len); 701 } 702 703 static void ieee80211_tdls_add_ies(struct ieee80211_sub_if_data *sdata, 704 struct sk_buff *skb, const u8 *peer, 705 u8 action_code, u16 status_code, 706 bool initiator, const u8 *extra_ies, 707 size_t extra_ies_len, u8 oper_class, 708 struct cfg80211_chan_def *chandef) 709 { 710 switch (action_code) { 711 case WLAN_TDLS_SETUP_REQUEST: 712 case WLAN_TDLS_SETUP_RESPONSE: 713 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES: 714 if (status_code == 0) 715 ieee80211_tdls_add_setup_start_ies(sdata, skb, peer, 716 action_code, 717 initiator, 718 extra_ies, 719 extra_ies_len); 720 break; 721 case WLAN_TDLS_SETUP_CONFIRM: 722 if (status_code == 0) 723 ieee80211_tdls_add_setup_cfm_ies(sdata, skb, peer, 724 initiator, extra_ies, 725 extra_ies_len); 726 break; 727 case WLAN_TDLS_TEARDOWN: 728 case WLAN_TDLS_DISCOVERY_REQUEST: 729 if (extra_ies_len) 730 memcpy(skb_put(skb, extra_ies_len), extra_ies, 731 extra_ies_len); 732 if (status_code == 0 || action_code == WLAN_TDLS_TEARDOWN) 733 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator); 734 break; 735 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST: 736 ieee80211_tdls_add_chan_switch_req_ies(sdata, skb, peer, 737 initiator, extra_ies, 738 extra_ies_len, 739 oper_class, chandef); 740 break; 741 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE: 742 ieee80211_tdls_add_chan_switch_resp_ies(sdata, skb, peer, 743 status_code, 744 initiator, extra_ies, 745 extra_ies_len); 746 break; 747 } 748 749 } 750 751 static int 752 ieee80211_prep_tdls_encap_data(struct wiphy *wiphy, struct net_device *dev, 753 const u8 *peer, u8 action_code, u8 dialog_token, 754 u16 status_code, struct sk_buff *skb) 755 { 756 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 757 struct ieee80211_tdls_data *tf; 758 759 tf = (void *)skb_put(skb, offsetof(struct ieee80211_tdls_data, u)); 760 761 memcpy(tf->da, peer, ETH_ALEN); 762 memcpy(tf->sa, sdata->vif.addr, ETH_ALEN); 763 tf->ether_type = cpu_to_be16(ETH_P_TDLS); 764 tf->payload_type = WLAN_TDLS_SNAP_RFTYPE; 765 766 /* network header is after the ethernet header */ 767 skb_set_network_header(skb, ETH_HLEN); 768 769 switch (action_code) { 770 case WLAN_TDLS_SETUP_REQUEST: 771 tf->category = WLAN_CATEGORY_TDLS; 772 tf->action_code = WLAN_TDLS_SETUP_REQUEST; 773 774 skb_put(skb, sizeof(tf->u.setup_req)); 775 tf->u.setup_req.dialog_token = dialog_token; 776 tf->u.setup_req.capability = 777 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata, 778 status_code)); 779 break; 780 case WLAN_TDLS_SETUP_RESPONSE: 781 tf->category = WLAN_CATEGORY_TDLS; 782 tf->action_code = WLAN_TDLS_SETUP_RESPONSE; 783 784 skb_put(skb, sizeof(tf->u.setup_resp)); 785 tf->u.setup_resp.status_code = cpu_to_le16(status_code); 786 tf->u.setup_resp.dialog_token = dialog_token; 787 tf->u.setup_resp.capability = 788 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata, 789 status_code)); 790 break; 791 case WLAN_TDLS_SETUP_CONFIRM: 792 tf->category = WLAN_CATEGORY_TDLS; 793 tf->action_code = WLAN_TDLS_SETUP_CONFIRM; 794 795 skb_put(skb, sizeof(tf->u.setup_cfm)); 796 tf->u.setup_cfm.status_code = cpu_to_le16(status_code); 797 tf->u.setup_cfm.dialog_token = dialog_token; 798 break; 799 case WLAN_TDLS_TEARDOWN: 800 tf->category = WLAN_CATEGORY_TDLS; 801 tf->action_code = WLAN_TDLS_TEARDOWN; 802 803 skb_put(skb, sizeof(tf->u.teardown)); 804 tf->u.teardown.reason_code = cpu_to_le16(status_code); 805 break; 806 case WLAN_TDLS_DISCOVERY_REQUEST: 807 tf->category = WLAN_CATEGORY_TDLS; 808 tf->action_code = WLAN_TDLS_DISCOVERY_REQUEST; 809 810 skb_put(skb, sizeof(tf->u.discover_req)); 811 tf->u.discover_req.dialog_token = dialog_token; 812 break; 813 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST: 814 tf->category = WLAN_CATEGORY_TDLS; 815 tf->action_code = WLAN_TDLS_CHANNEL_SWITCH_REQUEST; 816 817 skb_put(skb, sizeof(tf->u.chan_switch_req)); 818 break; 819 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE: 820 tf->category = WLAN_CATEGORY_TDLS; 821 tf->action_code = WLAN_TDLS_CHANNEL_SWITCH_RESPONSE; 822 823 skb_put(skb, sizeof(tf->u.chan_switch_resp)); 824 tf->u.chan_switch_resp.status_code = cpu_to_le16(status_code); 825 break; 826 default: 827 return -EINVAL; 828 } 829 830 return 0; 831 } 832 833 static int 834 ieee80211_prep_tdls_direct(struct wiphy *wiphy, struct net_device *dev, 835 const u8 *peer, u8 action_code, u8 dialog_token, 836 u16 status_code, struct sk_buff *skb) 837 { 838 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 839 struct ieee80211_mgmt *mgmt; 840 841 mgmt = (void *)skb_put(skb, 24); 842 memset(mgmt, 0, 24); 843 memcpy(mgmt->da, peer, ETH_ALEN); 844 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 845 memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN); 846 847 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 848 IEEE80211_STYPE_ACTION); 849 850 switch (action_code) { 851 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES: 852 skb_put(skb, 1 + sizeof(mgmt->u.action.u.tdls_discover_resp)); 853 mgmt->u.action.category = WLAN_CATEGORY_PUBLIC; 854 mgmt->u.action.u.tdls_discover_resp.action_code = 855 WLAN_PUB_ACTION_TDLS_DISCOVER_RES; 856 mgmt->u.action.u.tdls_discover_resp.dialog_token = 857 dialog_token; 858 mgmt->u.action.u.tdls_discover_resp.capability = 859 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata, 860 status_code)); 861 break; 862 default: 863 return -EINVAL; 864 } 865 866 return 0; 867 } 868 869 static struct sk_buff * 870 ieee80211_tdls_build_mgmt_packet_data(struct ieee80211_sub_if_data *sdata, 871 const u8 *peer, u8 action_code, 872 u8 dialog_token, u16 status_code, 873 bool initiator, const u8 *extra_ies, 874 size_t extra_ies_len, u8 oper_class, 875 struct cfg80211_chan_def *chandef) 876 { 877 struct ieee80211_local *local = sdata->local; 878 struct sk_buff *skb; 879 int ret; 880 881 skb = netdev_alloc_skb(sdata->dev, 882 local->hw.extra_tx_headroom + 883 max(sizeof(struct ieee80211_mgmt), 884 sizeof(struct ieee80211_tdls_data)) + 885 50 + /* supported rates */ 886 10 + /* ext capab */ 887 26 + /* max(WMM-info, WMM-param) */ 888 2 + max(sizeof(struct ieee80211_ht_cap), 889 sizeof(struct ieee80211_ht_operation)) + 890 2 + max(sizeof(struct ieee80211_vht_cap), 891 sizeof(struct ieee80211_vht_operation)) + 892 50 + /* supported channels */ 893 3 + /* 40/20 BSS coex */ 894 4 + /* AID */ 895 4 + /* oper classes */ 896 extra_ies_len + 897 sizeof(struct ieee80211_tdls_lnkie)); 898 if (!skb) 899 return NULL; 900 901 skb_reserve(skb, local->hw.extra_tx_headroom); 902 903 switch (action_code) { 904 case WLAN_TDLS_SETUP_REQUEST: 905 case WLAN_TDLS_SETUP_RESPONSE: 906 case WLAN_TDLS_SETUP_CONFIRM: 907 case WLAN_TDLS_TEARDOWN: 908 case WLAN_TDLS_DISCOVERY_REQUEST: 909 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST: 910 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE: 911 ret = ieee80211_prep_tdls_encap_data(local->hw.wiphy, 912 sdata->dev, peer, 913 action_code, dialog_token, 914 status_code, skb); 915 break; 916 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES: 917 ret = ieee80211_prep_tdls_direct(local->hw.wiphy, sdata->dev, 918 peer, action_code, 919 dialog_token, status_code, 920 skb); 921 break; 922 default: 923 ret = -ENOTSUPP; 924 break; 925 } 926 927 if (ret < 0) 928 goto fail; 929 930 ieee80211_tdls_add_ies(sdata, skb, peer, action_code, status_code, 931 initiator, extra_ies, extra_ies_len, oper_class, 932 chandef); 933 return skb; 934 935 fail: 936 dev_kfree_skb(skb); 937 return NULL; 938 } 939 940 static int 941 ieee80211_tdls_prep_mgmt_packet(struct wiphy *wiphy, struct net_device *dev, 942 const u8 *peer, u8 action_code, u8 dialog_token, 943 u16 status_code, u32 peer_capability, 944 bool initiator, const u8 *extra_ies, 945 size_t extra_ies_len, u8 oper_class, 946 struct cfg80211_chan_def *chandef) 947 { 948 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 949 struct sk_buff *skb = NULL; 950 struct sta_info *sta; 951 u32 flags = 0; 952 int ret = 0; 953 954 rcu_read_lock(); 955 sta = sta_info_get(sdata, peer); 956 957 /* infer the initiator if we can, to support old userspace */ 958 switch (action_code) { 959 case WLAN_TDLS_SETUP_REQUEST: 960 if (sta) { 961 set_sta_flag(sta, WLAN_STA_TDLS_INITIATOR); 962 sta->sta.tdls_initiator = false; 963 } 964 /* fall-through */ 965 case WLAN_TDLS_SETUP_CONFIRM: 966 case WLAN_TDLS_DISCOVERY_REQUEST: 967 initiator = true; 968 break; 969 case WLAN_TDLS_SETUP_RESPONSE: 970 /* 971 * In some testing scenarios, we send a request and response. 972 * Make the last packet sent take effect for the initiator 973 * value. 974 */ 975 if (sta) { 976 clear_sta_flag(sta, WLAN_STA_TDLS_INITIATOR); 977 sta->sta.tdls_initiator = true; 978 } 979 /* fall-through */ 980 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES: 981 initiator = false; 982 break; 983 case WLAN_TDLS_TEARDOWN: 984 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST: 985 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE: 986 /* any value is ok */ 987 break; 988 default: 989 ret = -ENOTSUPP; 990 break; 991 } 992 993 if (sta && test_sta_flag(sta, WLAN_STA_TDLS_INITIATOR)) 994 initiator = true; 995 996 rcu_read_unlock(); 997 if (ret < 0) 998 goto fail; 999 1000 skb = ieee80211_tdls_build_mgmt_packet_data(sdata, peer, action_code, 1001 dialog_token, status_code, 1002 initiator, extra_ies, 1003 extra_ies_len, oper_class, 1004 chandef); 1005 if (!skb) { 1006 ret = -EINVAL; 1007 goto fail; 1008 } 1009 1010 if (action_code == WLAN_PUB_ACTION_TDLS_DISCOVER_RES) { 1011 ieee80211_tx_skb(sdata, skb); 1012 return 0; 1013 } 1014 1015 /* 1016 * According to 802.11z: Setup req/resp are sent in AC_BK, otherwise 1017 * we should default to AC_VI. 1018 */ 1019 switch (action_code) { 1020 case WLAN_TDLS_SETUP_REQUEST: 1021 case WLAN_TDLS_SETUP_RESPONSE: 1022 skb_set_queue_mapping(skb, IEEE80211_AC_BK); 1023 skb->priority = 2; 1024 break; 1025 default: 1026 skb_set_queue_mapping(skb, IEEE80211_AC_VI); 1027 skb->priority = 5; 1028 break; 1029 } 1030 1031 /* 1032 * Set the WLAN_TDLS_TEARDOWN flag to indicate a teardown in progress. 1033 * Later, if no ACK is returned from peer, we will re-send the teardown 1034 * packet through the AP. 1035 */ 1036 if ((action_code == WLAN_TDLS_TEARDOWN) && 1037 ieee80211_hw_check(&sdata->local->hw, REPORTS_TX_ACK_STATUS)) { 1038 bool try_resend; /* Should we keep skb for possible resend */ 1039 1040 /* If not sending directly to peer - no point in keeping skb */ 1041 rcu_read_lock(); 1042 sta = sta_info_get(sdata, peer); 1043 try_resend = sta && test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH); 1044 rcu_read_unlock(); 1045 1046 spin_lock_bh(&sdata->u.mgd.teardown_lock); 1047 if (try_resend && !sdata->u.mgd.teardown_skb) { 1048 /* Mark it as requiring TX status callback */ 1049 flags |= IEEE80211_TX_CTL_REQ_TX_STATUS | 1050 IEEE80211_TX_INTFL_MLME_CONN_TX; 1051 1052 /* 1053 * skb is copied since mac80211 will later set 1054 * properties that might not be the same as the AP, 1055 * such as encryption, QoS, addresses, etc. 1056 * 1057 * No problem if skb_copy() fails, so no need to check. 1058 */ 1059 sdata->u.mgd.teardown_skb = skb_copy(skb, GFP_ATOMIC); 1060 sdata->u.mgd.orig_teardown_skb = skb; 1061 } 1062 spin_unlock_bh(&sdata->u.mgd.teardown_lock); 1063 } 1064 1065 /* disable bottom halves when entering the Tx path */ 1066 local_bh_disable(); 1067 __ieee80211_subif_start_xmit(skb, dev, flags); 1068 local_bh_enable(); 1069 1070 return ret; 1071 1072 fail: 1073 dev_kfree_skb(skb); 1074 return ret; 1075 } 1076 1077 static int 1078 ieee80211_tdls_mgmt_setup(struct wiphy *wiphy, struct net_device *dev, 1079 const u8 *peer, u8 action_code, u8 dialog_token, 1080 u16 status_code, u32 peer_capability, bool initiator, 1081 const u8 *extra_ies, size_t extra_ies_len) 1082 { 1083 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1084 struct ieee80211_local *local = sdata->local; 1085 enum ieee80211_smps_mode smps_mode = sdata->u.mgd.driver_smps_mode; 1086 int ret; 1087 1088 /* don't support setup with forced SMPS mode that's not off */ 1089 if (smps_mode != IEEE80211_SMPS_AUTOMATIC && 1090 smps_mode != IEEE80211_SMPS_OFF) { 1091 tdls_dbg(sdata, "Aborting TDLS setup due to SMPS mode %d\n", 1092 smps_mode); 1093 return -ENOTSUPP; 1094 } 1095 1096 mutex_lock(&local->mtx); 1097 1098 /* we don't support concurrent TDLS peer setups */ 1099 if (!is_zero_ether_addr(sdata->u.mgd.tdls_peer) && 1100 !ether_addr_equal(sdata->u.mgd.tdls_peer, peer)) { 1101 ret = -EBUSY; 1102 goto out_unlock; 1103 } 1104 1105 /* 1106 * make sure we have a STA representing the peer so we drop or buffer 1107 * non-TDLS-setup frames to the peer. We can't send other packets 1108 * during setup through the AP path. 1109 * Allow error packets to be sent - sometimes we don't even add a STA 1110 * before failing the setup. 1111 */ 1112 if (status_code == 0) { 1113 rcu_read_lock(); 1114 if (!sta_info_get(sdata, peer)) { 1115 rcu_read_unlock(); 1116 ret = -ENOLINK; 1117 goto out_unlock; 1118 } 1119 rcu_read_unlock(); 1120 } 1121 1122 ieee80211_flush_queues(local, sdata, false); 1123 memcpy(sdata->u.mgd.tdls_peer, peer, ETH_ALEN); 1124 mutex_unlock(&local->mtx); 1125 1126 /* we cannot take the mutex while preparing the setup packet */ 1127 ret = ieee80211_tdls_prep_mgmt_packet(wiphy, dev, peer, action_code, 1128 dialog_token, status_code, 1129 peer_capability, initiator, 1130 extra_ies, extra_ies_len, 0, 1131 NULL); 1132 if (ret < 0) { 1133 mutex_lock(&local->mtx); 1134 eth_zero_addr(sdata->u.mgd.tdls_peer); 1135 mutex_unlock(&local->mtx); 1136 return ret; 1137 } 1138 1139 ieee80211_queue_delayed_work(&sdata->local->hw, 1140 &sdata->u.mgd.tdls_peer_del_work, 1141 TDLS_PEER_SETUP_TIMEOUT); 1142 return 0; 1143 1144 out_unlock: 1145 mutex_unlock(&local->mtx); 1146 return ret; 1147 } 1148 1149 static int 1150 ieee80211_tdls_mgmt_teardown(struct wiphy *wiphy, struct net_device *dev, 1151 const u8 *peer, u8 action_code, u8 dialog_token, 1152 u16 status_code, u32 peer_capability, 1153 bool initiator, const u8 *extra_ies, 1154 size_t extra_ies_len) 1155 { 1156 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1157 struct ieee80211_local *local = sdata->local; 1158 struct sta_info *sta; 1159 int ret; 1160 1161 /* 1162 * No packets can be transmitted to the peer via the AP during setup - 1163 * the STA is set as a TDLS peer, but is not authorized. 1164 * During teardown, we prevent direct transmissions by stopping the 1165 * queues and flushing all direct packets. 1166 */ 1167 ieee80211_stop_vif_queues(local, sdata, 1168 IEEE80211_QUEUE_STOP_REASON_TDLS_TEARDOWN); 1169 ieee80211_flush_queues(local, sdata, false); 1170 1171 ret = ieee80211_tdls_prep_mgmt_packet(wiphy, dev, peer, action_code, 1172 dialog_token, status_code, 1173 peer_capability, initiator, 1174 extra_ies, extra_ies_len, 0, 1175 NULL); 1176 if (ret < 0) 1177 sdata_err(sdata, "Failed sending TDLS teardown packet %d\n", 1178 ret); 1179 1180 /* 1181 * Remove the STA AUTH flag to force further traffic through the AP. If 1182 * the STA was unreachable, it was already removed. 1183 */ 1184 rcu_read_lock(); 1185 sta = sta_info_get(sdata, peer); 1186 if (sta) 1187 clear_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH); 1188 rcu_read_unlock(); 1189 1190 ieee80211_wake_vif_queues(local, sdata, 1191 IEEE80211_QUEUE_STOP_REASON_TDLS_TEARDOWN); 1192 1193 return 0; 1194 } 1195 1196 int ieee80211_tdls_mgmt(struct wiphy *wiphy, struct net_device *dev, 1197 const u8 *peer, u8 action_code, u8 dialog_token, 1198 u16 status_code, u32 peer_capability, 1199 bool initiator, const u8 *extra_ies, 1200 size_t extra_ies_len) 1201 { 1202 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1203 int ret; 1204 1205 if (!(wiphy->flags & WIPHY_FLAG_SUPPORTS_TDLS)) 1206 return -ENOTSUPP; 1207 1208 /* make sure we are in managed mode, and associated */ 1209 if (sdata->vif.type != NL80211_IFTYPE_STATION || 1210 !sdata->u.mgd.associated) 1211 return -EINVAL; 1212 1213 switch (action_code) { 1214 case WLAN_TDLS_SETUP_REQUEST: 1215 case WLAN_TDLS_SETUP_RESPONSE: 1216 ret = ieee80211_tdls_mgmt_setup(wiphy, dev, peer, action_code, 1217 dialog_token, status_code, 1218 peer_capability, initiator, 1219 extra_ies, extra_ies_len); 1220 break; 1221 case WLAN_TDLS_TEARDOWN: 1222 ret = ieee80211_tdls_mgmt_teardown(wiphy, dev, peer, 1223 action_code, dialog_token, 1224 status_code, 1225 peer_capability, initiator, 1226 extra_ies, extra_ies_len); 1227 break; 1228 case WLAN_TDLS_DISCOVERY_REQUEST: 1229 /* 1230 * Protect the discovery so we can hear the TDLS discovery 1231 * response frame. It is transmitted directly and not buffered 1232 * by the AP. 1233 */ 1234 drv_mgd_protect_tdls_discover(sdata->local, sdata); 1235 /* fall-through */ 1236 case WLAN_TDLS_SETUP_CONFIRM: 1237 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES: 1238 /* no special handling */ 1239 ret = ieee80211_tdls_prep_mgmt_packet(wiphy, dev, peer, 1240 action_code, 1241 dialog_token, 1242 status_code, 1243 peer_capability, 1244 initiator, extra_ies, 1245 extra_ies_len, 0, NULL); 1246 break; 1247 default: 1248 ret = -EOPNOTSUPP; 1249 break; 1250 } 1251 1252 tdls_dbg(sdata, "TDLS mgmt action %d peer %pM status %d\n", 1253 action_code, peer, ret); 1254 return ret; 1255 } 1256 1257 static void iee80211_tdls_recalc_chanctx(struct ieee80211_sub_if_data *sdata, 1258 struct sta_info *sta) 1259 { 1260 struct ieee80211_local *local = sdata->local; 1261 struct ieee80211_chanctx_conf *conf; 1262 struct ieee80211_chanctx *ctx; 1263 enum nl80211_chan_width width; 1264 struct ieee80211_supported_band *sband; 1265 1266 mutex_lock(&local->chanctx_mtx); 1267 conf = rcu_dereference_protected(sdata->vif.chanctx_conf, 1268 lockdep_is_held(&local->chanctx_mtx)); 1269 if (conf) { 1270 width = conf->def.width; 1271 sband = local->hw.wiphy->bands[conf->def.chan->band]; 1272 ctx = container_of(conf, struct ieee80211_chanctx, conf); 1273 ieee80211_recalc_chanctx_chantype(local, ctx); 1274 1275 /* if width changed and a peer is given, update its BW */ 1276 if (width != conf->def.width && sta && 1277 test_sta_flag(sta, WLAN_STA_TDLS_WIDER_BW)) { 1278 enum ieee80211_sta_rx_bandwidth bw; 1279 1280 bw = ieee80211_chan_width_to_rx_bw(conf->def.width); 1281 bw = min(bw, ieee80211_sta_cap_rx_bw(sta)); 1282 if (bw != sta->sta.bandwidth) { 1283 sta->sta.bandwidth = bw; 1284 rate_control_rate_update(local, sband, sta, 1285 IEEE80211_RC_BW_CHANGED); 1286 /* 1287 * if a TDLS peer BW was updated, we need to 1288 * recalc the chandef width again, to get the 1289 * correct chanctx min_def 1290 */ 1291 ieee80211_recalc_chanctx_chantype(local, ctx); 1292 } 1293 } 1294 1295 } 1296 mutex_unlock(&local->chanctx_mtx); 1297 } 1298 1299 static int iee80211_tdls_have_ht_peers(struct ieee80211_sub_if_data *sdata) 1300 { 1301 struct sta_info *sta; 1302 bool result = false; 1303 1304 rcu_read_lock(); 1305 list_for_each_entry_rcu(sta, &sdata->local->sta_list, list) { 1306 if (!sta->sta.tdls || sta->sdata != sdata || !sta->uploaded || 1307 !test_sta_flag(sta, WLAN_STA_AUTHORIZED) || 1308 !test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH) || 1309 !sta->sta.ht_cap.ht_supported) 1310 continue; 1311 result = true; 1312 break; 1313 } 1314 rcu_read_unlock(); 1315 1316 return result; 1317 } 1318 1319 static void 1320 iee80211_tdls_recalc_ht_protection(struct ieee80211_sub_if_data *sdata, 1321 struct sta_info *sta) 1322 { 1323 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1324 bool tdls_ht; 1325 u16 protection = IEEE80211_HT_OP_MODE_PROTECTION_NONHT_MIXED | 1326 IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT | 1327 IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT; 1328 u16 opmode; 1329 1330 /* Nothing to do if the BSS connection uses HT */ 1331 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) 1332 return; 1333 1334 tdls_ht = (sta && sta->sta.ht_cap.ht_supported) || 1335 iee80211_tdls_have_ht_peers(sdata); 1336 1337 opmode = sdata->vif.bss_conf.ht_operation_mode; 1338 1339 if (tdls_ht) 1340 opmode |= protection; 1341 else 1342 opmode &= ~protection; 1343 1344 if (opmode == sdata->vif.bss_conf.ht_operation_mode) 1345 return; 1346 1347 sdata->vif.bss_conf.ht_operation_mode = opmode; 1348 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_HT); 1349 } 1350 1351 int ieee80211_tdls_oper(struct wiphy *wiphy, struct net_device *dev, 1352 const u8 *peer, enum nl80211_tdls_operation oper) 1353 { 1354 struct sta_info *sta; 1355 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1356 struct ieee80211_local *local = sdata->local; 1357 int ret; 1358 1359 if (!(wiphy->flags & WIPHY_FLAG_SUPPORTS_TDLS)) 1360 return -ENOTSUPP; 1361 1362 if (sdata->vif.type != NL80211_IFTYPE_STATION) 1363 return -EINVAL; 1364 1365 switch (oper) { 1366 case NL80211_TDLS_ENABLE_LINK: 1367 case NL80211_TDLS_DISABLE_LINK: 1368 break; 1369 case NL80211_TDLS_TEARDOWN: 1370 case NL80211_TDLS_SETUP: 1371 case NL80211_TDLS_DISCOVERY_REQ: 1372 /* We don't support in-driver setup/teardown/discovery */ 1373 return -ENOTSUPP; 1374 } 1375 1376 /* protect possible bss_conf changes and avoid concurrency in 1377 * ieee80211_bss_info_change_notify() 1378 */ 1379 sdata_lock(sdata); 1380 mutex_lock(&local->mtx); 1381 tdls_dbg(sdata, "TDLS oper %d peer %pM\n", oper, peer); 1382 1383 switch (oper) { 1384 case NL80211_TDLS_ENABLE_LINK: 1385 if (sdata->vif.csa_active) { 1386 tdls_dbg(sdata, "TDLS: disallow link during CSA\n"); 1387 ret = -EBUSY; 1388 break; 1389 } 1390 1391 mutex_lock(&local->sta_mtx); 1392 sta = sta_info_get(sdata, peer); 1393 if (!sta) { 1394 mutex_unlock(&local->sta_mtx); 1395 ret = -ENOLINK; 1396 break; 1397 } 1398 1399 iee80211_tdls_recalc_chanctx(sdata, sta); 1400 iee80211_tdls_recalc_ht_protection(sdata, sta); 1401 1402 set_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH); 1403 mutex_unlock(&local->sta_mtx); 1404 1405 WARN_ON_ONCE(is_zero_ether_addr(sdata->u.mgd.tdls_peer) || 1406 !ether_addr_equal(sdata->u.mgd.tdls_peer, peer)); 1407 ret = 0; 1408 break; 1409 case NL80211_TDLS_DISABLE_LINK: 1410 /* 1411 * The teardown message in ieee80211_tdls_mgmt_teardown() was 1412 * created while the queues were stopped, so it might still be 1413 * pending. Before flushing the queues we need to be sure the 1414 * message is handled by the tasklet handling pending messages, 1415 * otherwise we might start destroying the station before 1416 * sending the teardown packet. 1417 * Note that this only forces the tasklet to flush pendings - 1418 * not to stop the tasklet from rescheduling itself. 1419 */ 1420 tasklet_kill(&local->tx_pending_tasklet); 1421 /* flush a potentially queued teardown packet */ 1422 ieee80211_flush_queues(local, sdata, false); 1423 1424 ret = sta_info_destroy_addr(sdata, peer); 1425 1426 mutex_lock(&local->sta_mtx); 1427 iee80211_tdls_recalc_ht_protection(sdata, NULL); 1428 mutex_unlock(&local->sta_mtx); 1429 1430 iee80211_tdls_recalc_chanctx(sdata, NULL); 1431 break; 1432 default: 1433 ret = -ENOTSUPP; 1434 break; 1435 } 1436 1437 if (ret == 0 && ether_addr_equal(sdata->u.mgd.tdls_peer, peer)) { 1438 cancel_delayed_work(&sdata->u.mgd.tdls_peer_del_work); 1439 eth_zero_addr(sdata->u.mgd.tdls_peer); 1440 } 1441 1442 if (ret == 0) 1443 ieee80211_queue_work(&sdata->local->hw, 1444 &sdata->u.mgd.request_smps_work); 1445 1446 mutex_unlock(&local->mtx); 1447 sdata_unlock(sdata); 1448 return ret; 1449 } 1450 1451 void ieee80211_tdls_oper_request(struct ieee80211_vif *vif, const u8 *peer, 1452 enum nl80211_tdls_operation oper, 1453 u16 reason_code, gfp_t gfp) 1454 { 1455 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 1456 1457 if (vif->type != NL80211_IFTYPE_STATION || !vif->bss_conf.assoc) { 1458 sdata_err(sdata, "Discarding TDLS oper %d - not STA or disconnected\n", 1459 oper); 1460 return; 1461 } 1462 1463 cfg80211_tdls_oper_request(sdata->dev, peer, oper, reason_code, gfp); 1464 } 1465 EXPORT_SYMBOL(ieee80211_tdls_oper_request); 1466 1467 static void 1468 iee80211_tdls_add_ch_switch_timing(u8 *buf, u16 switch_time, u16 switch_timeout) 1469 { 1470 struct ieee80211_ch_switch_timing *ch_sw; 1471 1472 *buf++ = WLAN_EID_CHAN_SWITCH_TIMING; 1473 *buf++ = sizeof(struct ieee80211_ch_switch_timing); 1474 1475 ch_sw = (void *)buf; 1476 ch_sw->switch_time = cpu_to_le16(switch_time); 1477 ch_sw->switch_timeout = cpu_to_le16(switch_timeout); 1478 } 1479 1480 /* find switch timing IE in SKB ready for Tx */ 1481 static const u8 *ieee80211_tdls_find_sw_timing_ie(struct sk_buff *skb) 1482 { 1483 struct ieee80211_tdls_data *tf; 1484 const u8 *ie_start; 1485 1486 /* 1487 * Get the offset for the new location of the switch timing IE. 1488 * The SKB network header will now point to the "payload_type" 1489 * element of the TDLS data frame struct. 1490 */ 1491 tf = container_of(skb->data + skb_network_offset(skb), 1492 struct ieee80211_tdls_data, payload_type); 1493 ie_start = tf->u.chan_switch_req.variable; 1494 return cfg80211_find_ie(WLAN_EID_CHAN_SWITCH_TIMING, ie_start, 1495 skb->len - (ie_start - skb->data)); 1496 } 1497 1498 static struct sk_buff * 1499 ieee80211_tdls_ch_sw_tmpl_get(struct sta_info *sta, u8 oper_class, 1500 struct cfg80211_chan_def *chandef, 1501 u32 *ch_sw_tm_ie_offset) 1502 { 1503 struct ieee80211_sub_if_data *sdata = sta->sdata; 1504 u8 extra_ies[2 + sizeof(struct ieee80211_sec_chan_offs_ie) + 1505 2 + sizeof(struct ieee80211_ch_switch_timing)]; 1506 int extra_ies_len = 2 + sizeof(struct ieee80211_ch_switch_timing); 1507 u8 *pos = extra_ies; 1508 struct sk_buff *skb; 1509 1510 /* 1511 * if chandef points to a wide channel add a Secondary-Channel 1512 * Offset information element 1513 */ 1514 if (chandef->width == NL80211_CHAN_WIDTH_40) { 1515 struct ieee80211_sec_chan_offs_ie *sec_chan_ie; 1516 bool ht40plus; 1517 1518 *pos++ = WLAN_EID_SECONDARY_CHANNEL_OFFSET; 1519 *pos++ = sizeof(*sec_chan_ie); 1520 sec_chan_ie = (void *)pos; 1521 1522 ht40plus = cfg80211_get_chandef_type(chandef) == 1523 NL80211_CHAN_HT40PLUS; 1524 sec_chan_ie->sec_chan_offs = ht40plus ? 1525 IEEE80211_HT_PARAM_CHA_SEC_ABOVE : 1526 IEEE80211_HT_PARAM_CHA_SEC_BELOW; 1527 pos += sizeof(*sec_chan_ie); 1528 1529 extra_ies_len += 2 + sizeof(struct ieee80211_sec_chan_offs_ie); 1530 } 1531 1532 /* just set the values to 0, this is a template */ 1533 iee80211_tdls_add_ch_switch_timing(pos, 0, 0); 1534 1535 skb = ieee80211_tdls_build_mgmt_packet_data(sdata, sta->sta.addr, 1536 WLAN_TDLS_CHANNEL_SWITCH_REQUEST, 1537 0, 0, !sta->sta.tdls_initiator, 1538 extra_ies, extra_ies_len, 1539 oper_class, chandef); 1540 if (!skb) 1541 return NULL; 1542 1543 skb = ieee80211_build_data_template(sdata, skb, 0); 1544 if (IS_ERR(skb)) { 1545 tdls_dbg(sdata, "Failed building TDLS channel switch frame\n"); 1546 return NULL; 1547 } 1548 1549 if (ch_sw_tm_ie_offset) { 1550 const u8 *tm_ie = ieee80211_tdls_find_sw_timing_ie(skb); 1551 1552 if (!tm_ie) { 1553 tdls_dbg(sdata, "No switch timing IE in TDLS switch\n"); 1554 dev_kfree_skb_any(skb); 1555 return NULL; 1556 } 1557 1558 *ch_sw_tm_ie_offset = tm_ie - skb->data; 1559 } 1560 1561 tdls_dbg(sdata, 1562 "TDLS channel switch request template for %pM ch %d width %d\n", 1563 sta->sta.addr, chandef->chan->center_freq, chandef->width); 1564 return skb; 1565 } 1566 1567 int 1568 ieee80211_tdls_channel_switch(struct wiphy *wiphy, struct net_device *dev, 1569 const u8 *addr, u8 oper_class, 1570 struct cfg80211_chan_def *chandef) 1571 { 1572 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1573 struct ieee80211_local *local = sdata->local; 1574 struct sta_info *sta; 1575 struct sk_buff *skb = NULL; 1576 u32 ch_sw_tm_ie; 1577 int ret; 1578 1579 mutex_lock(&local->sta_mtx); 1580 sta = sta_info_get(sdata, addr); 1581 if (!sta) { 1582 tdls_dbg(sdata, 1583 "Invalid TDLS peer %pM for channel switch request\n", 1584 addr); 1585 ret = -ENOENT; 1586 goto out; 1587 } 1588 1589 if (!test_sta_flag(sta, WLAN_STA_TDLS_CHAN_SWITCH)) { 1590 tdls_dbg(sdata, "TDLS channel switch unsupported by %pM\n", 1591 addr); 1592 ret = -ENOTSUPP; 1593 goto out; 1594 } 1595 1596 skb = ieee80211_tdls_ch_sw_tmpl_get(sta, oper_class, chandef, 1597 &ch_sw_tm_ie); 1598 if (!skb) { 1599 ret = -ENOENT; 1600 goto out; 1601 } 1602 1603 ret = drv_tdls_channel_switch(local, sdata, &sta->sta, oper_class, 1604 chandef, skb, ch_sw_tm_ie); 1605 if (!ret) 1606 set_sta_flag(sta, WLAN_STA_TDLS_OFF_CHANNEL); 1607 1608 out: 1609 mutex_unlock(&local->sta_mtx); 1610 dev_kfree_skb_any(skb); 1611 return ret; 1612 } 1613 1614 void 1615 ieee80211_tdls_cancel_channel_switch(struct wiphy *wiphy, 1616 struct net_device *dev, 1617 const u8 *addr) 1618 { 1619 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1620 struct ieee80211_local *local = sdata->local; 1621 struct sta_info *sta; 1622 1623 mutex_lock(&local->sta_mtx); 1624 sta = sta_info_get(sdata, addr); 1625 if (!sta) { 1626 tdls_dbg(sdata, 1627 "Invalid TDLS peer %pM for channel switch cancel\n", 1628 addr); 1629 goto out; 1630 } 1631 1632 if (!test_sta_flag(sta, WLAN_STA_TDLS_OFF_CHANNEL)) { 1633 tdls_dbg(sdata, "TDLS channel switch not initiated by %pM\n", 1634 addr); 1635 goto out; 1636 } 1637 1638 drv_tdls_cancel_channel_switch(local, sdata, &sta->sta); 1639 clear_sta_flag(sta, WLAN_STA_TDLS_OFF_CHANNEL); 1640 1641 out: 1642 mutex_unlock(&local->sta_mtx); 1643 } 1644 1645 static struct sk_buff * 1646 ieee80211_tdls_ch_sw_resp_tmpl_get(struct sta_info *sta, 1647 u32 *ch_sw_tm_ie_offset) 1648 { 1649 struct ieee80211_sub_if_data *sdata = sta->sdata; 1650 struct sk_buff *skb; 1651 u8 extra_ies[2 + sizeof(struct ieee80211_ch_switch_timing)]; 1652 1653 /* initial timing are always zero in the template */ 1654 iee80211_tdls_add_ch_switch_timing(extra_ies, 0, 0); 1655 1656 skb = ieee80211_tdls_build_mgmt_packet_data(sdata, sta->sta.addr, 1657 WLAN_TDLS_CHANNEL_SWITCH_RESPONSE, 1658 0, 0, !sta->sta.tdls_initiator, 1659 extra_ies, sizeof(extra_ies), 0, NULL); 1660 if (!skb) 1661 return NULL; 1662 1663 skb = ieee80211_build_data_template(sdata, skb, 0); 1664 if (IS_ERR(skb)) { 1665 tdls_dbg(sdata, 1666 "Failed building TDLS channel switch resp frame\n"); 1667 return NULL; 1668 } 1669 1670 if (ch_sw_tm_ie_offset) { 1671 const u8 *tm_ie = ieee80211_tdls_find_sw_timing_ie(skb); 1672 1673 if (!tm_ie) { 1674 tdls_dbg(sdata, 1675 "No switch timing IE in TDLS switch resp\n"); 1676 dev_kfree_skb_any(skb); 1677 return NULL; 1678 } 1679 1680 *ch_sw_tm_ie_offset = tm_ie - skb->data; 1681 } 1682 1683 tdls_dbg(sdata, "TDLS get channel switch response template for %pM\n", 1684 sta->sta.addr); 1685 return skb; 1686 } 1687 1688 static int 1689 ieee80211_process_tdls_channel_switch_resp(struct ieee80211_sub_if_data *sdata, 1690 struct sk_buff *skb) 1691 { 1692 struct ieee80211_local *local = sdata->local; 1693 struct ieee802_11_elems elems; 1694 struct sta_info *sta; 1695 struct ieee80211_tdls_data *tf = (void *)skb->data; 1696 bool local_initiator; 1697 struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb); 1698 int baselen = offsetof(typeof(*tf), u.chan_switch_resp.variable); 1699 struct ieee80211_tdls_ch_sw_params params = {}; 1700 int ret; 1701 1702 params.action_code = WLAN_TDLS_CHANNEL_SWITCH_RESPONSE; 1703 params.timestamp = rx_status->device_timestamp; 1704 1705 if (skb->len < baselen) { 1706 tdls_dbg(sdata, "TDLS channel switch resp too short: %d\n", 1707 skb->len); 1708 return -EINVAL; 1709 } 1710 1711 mutex_lock(&local->sta_mtx); 1712 sta = sta_info_get(sdata, tf->sa); 1713 if (!sta || !test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH)) { 1714 tdls_dbg(sdata, "TDLS chan switch from non-peer sta %pM\n", 1715 tf->sa); 1716 ret = -EINVAL; 1717 goto out; 1718 } 1719 1720 params.sta = &sta->sta; 1721 params.status = le16_to_cpu(tf->u.chan_switch_resp.status_code); 1722 if (params.status != 0) { 1723 ret = 0; 1724 goto call_drv; 1725 } 1726 1727 ieee802_11_parse_elems(tf->u.chan_switch_resp.variable, 1728 skb->len - baselen, false, &elems); 1729 if (elems.parse_error) { 1730 tdls_dbg(sdata, "Invalid IEs in TDLS channel switch resp\n"); 1731 ret = -EINVAL; 1732 goto out; 1733 } 1734 1735 if (!elems.ch_sw_timing || !elems.lnk_id) { 1736 tdls_dbg(sdata, "TDLS channel switch resp - missing IEs\n"); 1737 ret = -EINVAL; 1738 goto out; 1739 } 1740 1741 /* validate the initiator is set correctly */ 1742 local_initiator = 1743 !memcmp(elems.lnk_id->init_sta, sdata->vif.addr, ETH_ALEN); 1744 if (local_initiator == sta->sta.tdls_initiator) { 1745 tdls_dbg(sdata, "TDLS chan switch invalid lnk-id initiator\n"); 1746 ret = -EINVAL; 1747 goto out; 1748 } 1749 1750 params.switch_time = le16_to_cpu(elems.ch_sw_timing->switch_time); 1751 params.switch_timeout = le16_to_cpu(elems.ch_sw_timing->switch_timeout); 1752 1753 params.tmpl_skb = 1754 ieee80211_tdls_ch_sw_resp_tmpl_get(sta, ¶ms.ch_sw_tm_ie); 1755 if (!params.tmpl_skb) { 1756 ret = -ENOENT; 1757 goto out; 1758 } 1759 1760 ret = 0; 1761 call_drv: 1762 drv_tdls_recv_channel_switch(sdata->local, sdata, ¶ms); 1763 1764 tdls_dbg(sdata, 1765 "TDLS channel switch response received from %pM status %d\n", 1766 tf->sa, params.status); 1767 1768 out: 1769 mutex_unlock(&local->sta_mtx); 1770 dev_kfree_skb_any(params.tmpl_skb); 1771 return ret; 1772 } 1773 1774 static int 1775 ieee80211_process_tdls_channel_switch_req(struct ieee80211_sub_if_data *sdata, 1776 struct sk_buff *skb) 1777 { 1778 struct ieee80211_local *local = sdata->local; 1779 struct ieee802_11_elems elems; 1780 struct cfg80211_chan_def chandef; 1781 struct ieee80211_channel *chan; 1782 enum nl80211_channel_type chan_type; 1783 int freq; 1784 u8 target_channel, oper_class; 1785 bool local_initiator; 1786 struct sta_info *sta; 1787 enum nl80211_band band; 1788 struct ieee80211_tdls_data *tf = (void *)skb->data; 1789 struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb); 1790 int baselen = offsetof(typeof(*tf), u.chan_switch_req.variable); 1791 struct ieee80211_tdls_ch_sw_params params = {}; 1792 int ret = 0; 1793 1794 params.action_code = WLAN_TDLS_CHANNEL_SWITCH_REQUEST; 1795 params.timestamp = rx_status->device_timestamp; 1796 1797 if (skb->len < baselen) { 1798 tdls_dbg(sdata, "TDLS channel switch req too short: %d\n", 1799 skb->len); 1800 return -EINVAL; 1801 } 1802 1803 target_channel = tf->u.chan_switch_req.target_channel; 1804 oper_class = tf->u.chan_switch_req.oper_class; 1805 1806 /* 1807 * We can't easily infer the channel band. The operating class is 1808 * ambiguous - there are multiple tables (US/Europe/JP/Global). The 1809 * solution here is to treat channels with number >14 as 5GHz ones, 1810 * and specifically check for the (oper_class, channel) combinations 1811 * where this doesn't hold. These are thankfully unique according to 1812 * IEEE802.11-2012. 1813 * We consider only the 2GHz and 5GHz bands and 20MHz+ channels as 1814 * valid here. 1815 */ 1816 if ((oper_class == 112 || oper_class == 2 || oper_class == 3 || 1817 oper_class == 4 || oper_class == 5 || oper_class == 6) && 1818 target_channel < 14) 1819 band = NL80211_BAND_5GHZ; 1820 else 1821 band = target_channel < 14 ? NL80211_BAND_2GHZ : 1822 NL80211_BAND_5GHZ; 1823 1824 freq = ieee80211_channel_to_frequency(target_channel, band); 1825 if (freq == 0) { 1826 tdls_dbg(sdata, "Invalid channel in TDLS chan switch: %d\n", 1827 target_channel); 1828 return -EINVAL; 1829 } 1830 1831 chan = ieee80211_get_channel(sdata->local->hw.wiphy, freq); 1832 if (!chan) { 1833 tdls_dbg(sdata, 1834 "Unsupported channel for TDLS chan switch: %d\n", 1835 target_channel); 1836 return -EINVAL; 1837 } 1838 1839 ieee802_11_parse_elems(tf->u.chan_switch_req.variable, 1840 skb->len - baselen, false, &elems); 1841 if (elems.parse_error) { 1842 tdls_dbg(sdata, "Invalid IEs in TDLS channel switch req\n"); 1843 return -EINVAL; 1844 } 1845 1846 if (!elems.ch_sw_timing || !elems.lnk_id) { 1847 tdls_dbg(sdata, "TDLS channel switch req - missing IEs\n"); 1848 return -EINVAL; 1849 } 1850 1851 if (!elems.sec_chan_offs) { 1852 chan_type = NL80211_CHAN_HT20; 1853 } else { 1854 switch (elems.sec_chan_offs->sec_chan_offs) { 1855 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 1856 chan_type = NL80211_CHAN_HT40PLUS; 1857 break; 1858 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 1859 chan_type = NL80211_CHAN_HT40MINUS; 1860 break; 1861 default: 1862 chan_type = NL80211_CHAN_HT20; 1863 break; 1864 } 1865 } 1866 1867 cfg80211_chandef_create(&chandef, chan, chan_type); 1868 1869 /* we will be active on the TDLS link */ 1870 if (!cfg80211_reg_can_beacon_relax(sdata->local->hw.wiphy, &chandef, 1871 sdata->wdev.iftype)) { 1872 tdls_dbg(sdata, "TDLS chan switch to forbidden channel\n"); 1873 return -EINVAL; 1874 } 1875 1876 mutex_lock(&local->sta_mtx); 1877 sta = sta_info_get(sdata, tf->sa); 1878 if (!sta || !test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH)) { 1879 tdls_dbg(sdata, "TDLS chan switch from non-peer sta %pM\n", 1880 tf->sa); 1881 ret = -EINVAL; 1882 goto out; 1883 } 1884 1885 params.sta = &sta->sta; 1886 1887 /* validate the initiator is set correctly */ 1888 local_initiator = 1889 !memcmp(elems.lnk_id->init_sta, sdata->vif.addr, ETH_ALEN); 1890 if (local_initiator == sta->sta.tdls_initiator) { 1891 tdls_dbg(sdata, "TDLS chan switch invalid lnk-id initiator\n"); 1892 ret = -EINVAL; 1893 goto out; 1894 } 1895 1896 /* peer should have known better */ 1897 if (!sta->sta.ht_cap.ht_supported && elems.sec_chan_offs && 1898 elems.sec_chan_offs->sec_chan_offs) { 1899 tdls_dbg(sdata, "TDLS chan switch - wide chan unsupported\n"); 1900 ret = -ENOTSUPP; 1901 goto out; 1902 } 1903 1904 params.chandef = &chandef; 1905 params.switch_time = le16_to_cpu(elems.ch_sw_timing->switch_time); 1906 params.switch_timeout = le16_to_cpu(elems.ch_sw_timing->switch_timeout); 1907 1908 params.tmpl_skb = 1909 ieee80211_tdls_ch_sw_resp_tmpl_get(sta, 1910 ¶ms.ch_sw_tm_ie); 1911 if (!params.tmpl_skb) { 1912 ret = -ENOENT; 1913 goto out; 1914 } 1915 1916 drv_tdls_recv_channel_switch(sdata->local, sdata, ¶ms); 1917 1918 tdls_dbg(sdata, 1919 "TDLS ch switch request received from %pM ch %d width %d\n", 1920 tf->sa, params.chandef->chan->center_freq, 1921 params.chandef->width); 1922 out: 1923 mutex_unlock(&local->sta_mtx); 1924 dev_kfree_skb_any(params.tmpl_skb); 1925 return ret; 1926 } 1927 1928 static void 1929 ieee80211_process_tdls_channel_switch(struct ieee80211_sub_if_data *sdata, 1930 struct sk_buff *skb) 1931 { 1932 struct ieee80211_tdls_data *tf = (void *)skb->data; 1933 struct wiphy *wiphy = sdata->local->hw.wiphy; 1934 1935 ASSERT_RTNL(); 1936 1937 /* make sure the driver supports it */ 1938 if (!(wiphy->features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH)) 1939 return; 1940 1941 /* we want to access the entire packet */ 1942 if (skb_linearize(skb)) 1943 return; 1944 /* 1945 * The packet/size was already validated by mac80211 Rx path, only look 1946 * at the action type. 1947 */ 1948 switch (tf->action_code) { 1949 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST: 1950 ieee80211_process_tdls_channel_switch_req(sdata, skb); 1951 break; 1952 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE: 1953 ieee80211_process_tdls_channel_switch_resp(sdata, skb); 1954 break; 1955 default: 1956 WARN_ON_ONCE(1); 1957 return; 1958 } 1959 } 1960 1961 void ieee80211_teardown_tdls_peers(struct ieee80211_sub_if_data *sdata) 1962 { 1963 struct sta_info *sta; 1964 u16 reason = WLAN_REASON_TDLS_TEARDOWN_UNSPECIFIED; 1965 1966 rcu_read_lock(); 1967 list_for_each_entry_rcu(sta, &sdata->local->sta_list, list) { 1968 if (!sta->sta.tdls || sta->sdata != sdata || !sta->uploaded || 1969 !test_sta_flag(sta, WLAN_STA_AUTHORIZED)) 1970 continue; 1971 1972 ieee80211_tdls_oper_request(&sdata->vif, sta->sta.addr, 1973 NL80211_TDLS_TEARDOWN, reason, 1974 GFP_ATOMIC); 1975 } 1976 rcu_read_unlock(); 1977 } 1978 1979 void ieee80211_tdls_chsw_work(struct work_struct *wk) 1980 { 1981 struct ieee80211_local *local = 1982 container_of(wk, struct ieee80211_local, tdls_chsw_work); 1983 struct ieee80211_sub_if_data *sdata; 1984 struct sk_buff *skb; 1985 struct ieee80211_tdls_data *tf; 1986 1987 rtnl_lock(); 1988 while ((skb = skb_dequeue(&local->skb_queue_tdls_chsw))) { 1989 tf = (struct ieee80211_tdls_data *)skb->data; 1990 list_for_each_entry(sdata, &local->interfaces, list) { 1991 if (!ieee80211_sdata_running(sdata) || 1992 sdata->vif.type != NL80211_IFTYPE_STATION || 1993 !ether_addr_equal(tf->da, sdata->vif.addr)) 1994 continue; 1995 1996 ieee80211_process_tdls_channel_switch(sdata, skb); 1997 break; 1998 } 1999 2000 kfree_skb(skb); 2001 } 2002 rtnl_unlock(); 2003 } 2004