1 /* 2 * SME code for cfg80211's connect emulation. 3 * 4 * Copyright 2009 Johannes Berg <johannes@sipsolutions.net> 5 * Copyright (C) 2009 Intel Corporation. All rights reserved. 6 */ 7 8 #include <linux/etherdevice.h> 9 #include <linux/if_arp.h> 10 #include <linux/workqueue.h> 11 #include <linux/wireless.h> 12 #include <net/iw_handler.h> 13 #include <net/cfg80211.h> 14 #include <net/rtnetlink.h> 15 #include "nl80211.h" 16 #include "reg.h" 17 18 struct cfg80211_conn { 19 struct cfg80211_connect_params params; 20 /* these are sub-states of the _CONNECTING sme_state */ 21 enum { 22 CFG80211_CONN_IDLE, 23 CFG80211_CONN_SCANNING, 24 CFG80211_CONN_SCAN_AGAIN, 25 CFG80211_CONN_AUTHENTICATE_NEXT, 26 CFG80211_CONN_AUTHENTICATING, 27 CFG80211_CONN_ASSOCIATE_NEXT, 28 CFG80211_CONN_ASSOCIATING, 29 CFG80211_CONN_DEAUTH_ASSOC_FAIL, 30 } state; 31 u8 bssid[ETH_ALEN], prev_bssid[ETH_ALEN]; 32 u8 *ie; 33 size_t ie_len; 34 bool auto_auth, prev_bssid_valid; 35 }; 36 37 38 static int cfg80211_conn_scan(struct wireless_dev *wdev) 39 { 40 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 41 struct cfg80211_scan_request *request; 42 int n_channels, err; 43 44 ASSERT_RTNL(); 45 ASSERT_RDEV_LOCK(rdev); 46 ASSERT_WDEV_LOCK(wdev); 47 48 if (rdev->scan_req) 49 return -EBUSY; 50 51 if (wdev->conn->params.channel) { 52 n_channels = 1; 53 } else { 54 enum ieee80211_band band; 55 n_channels = 0; 56 57 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 58 if (!wdev->wiphy->bands[band]) 59 continue; 60 n_channels += wdev->wiphy->bands[band]->n_channels; 61 } 62 } 63 request = kzalloc(sizeof(*request) + sizeof(request->ssids[0]) + 64 sizeof(request->channels[0]) * n_channels, 65 GFP_KERNEL); 66 if (!request) 67 return -ENOMEM; 68 69 if (wdev->conn->params.channel) 70 request->channels[0] = wdev->conn->params.channel; 71 else { 72 int i = 0, j; 73 enum ieee80211_band band; 74 75 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 76 if (!wdev->wiphy->bands[band]) 77 continue; 78 for (j = 0; j < wdev->wiphy->bands[band]->n_channels; 79 i++, j++) 80 request->channels[i] = 81 &wdev->wiphy->bands[band]->channels[j]; 82 } 83 } 84 request->n_channels = n_channels; 85 request->ssids = (void *)&request->channels[n_channels]; 86 request->n_ssids = 1; 87 88 memcpy(request->ssids[0].ssid, wdev->conn->params.ssid, 89 wdev->conn->params.ssid_len); 90 request->ssids[0].ssid_len = wdev->conn->params.ssid_len; 91 92 request->dev = wdev->netdev; 93 request->wiphy = &rdev->wiphy; 94 95 rdev->scan_req = request; 96 97 err = rdev->ops->scan(wdev->wiphy, wdev->netdev, request); 98 if (!err) { 99 wdev->conn->state = CFG80211_CONN_SCANNING; 100 nl80211_send_scan_start(rdev, wdev->netdev); 101 dev_hold(wdev->netdev); 102 } else { 103 rdev->scan_req = NULL; 104 kfree(request); 105 } 106 return err; 107 } 108 109 static int cfg80211_conn_do_work(struct wireless_dev *wdev) 110 { 111 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 112 struct cfg80211_connect_params *params; 113 const u8 *prev_bssid = NULL; 114 int err; 115 116 ASSERT_WDEV_LOCK(wdev); 117 118 if (!wdev->conn) 119 return 0; 120 121 params = &wdev->conn->params; 122 123 switch (wdev->conn->state) { 124 case CFG80211_CONN_SCAN_AGAIN: 125 return cfg80211_conn_scan(wdev); 126 case CFG80211_CONN_AUTHENTICATE_NEXT: 127 BUG_ON(!rdev->ops->auth); 128 wdev->conn->state = CFG80211_CONN_AUTHENTICATING; 129 return __cfg80211_mlme_auth(rdev, wdev->netdev, 130 params->channel, params->auth_type, 131 params->bssid, 132 params->ssid, params->ssid_len, 133 NULL, 0, 134 params->key, params->key_len, 135 params->key_idx); 136 case CFG80211_CONN_ASSOCIATE_NEXT: 137 BUG_ON(!rdev->ops->assoc); 138 wdev->conn->state = CFG80211_CONN_ASSOCIATING; 139 if (wdev->conn->prev_bssid_valid) 140 prev_bssid = wdev->conn->prev_bssid; 141 err = __cfg80211_mlme_assoc(rdev, wdev->netdev, 142 params->channel, params->bssid, 143 prev_bssid, 144 params->ssid, params->ssid_len, 145 params->ie, params->ie_len, 146 false, ¶ms->crypto); 147 if (err) 148 __cfg80211_mlme_deauth(rdev, wdev->netdev, params->bssid, 149 NULL, 0, 150 WLAN_REASON_DEAUTH_LEAVING); 151 return err; 152 case CFG80211_CONN_DEAUTH_ASSOC_FAIL: 153 __cfg80211_mlme_deauth(rdev, wdev->netdev, params->bssid, 154 NULL, 0, 155 WLAN_REASON_DEAUTH_LEAVING); 156 /* return an error so that we call __cfg80211_connect_result() */ 157 return -EINVAL; 158 default: 159 return 0; 160 } 161 } 162 163 void cfg80211_conn_work(struct work_struct *work) 164 { 165 struct cfg80211_registered_device *rdev = 166 container_of(work, struct cfg80211_registered_device, conn_work); 167 struct wireless_dev *wdev; 168 u8 bssid_buf[ETH_ALEN], *bssid = NULL; 169 170 rtnl_lock(); 171 cfg80211_lock_rdev(rdev); 172 mutex_lock(&rdev->devlist_mtx); 173 174 list_for_each_entry(wdev, &rdev->netdev_list, list) { 175 wdev_lock(wdev); 176 if (!netif_running(wdev->netdev)) { 177 wdev_unlock(wdev); 178 continue; 179 } 180 if (wdev->sme_state != CFG80211_SME_CONNECTING) { 181 wdev_unlock(wdev); 182 continue; 183 } 184 if (wdev->conn->params.bssid) { 185 memcpy(bssid_buf, wdev->conn->params.bssid, ETH_ALEN); 186 bssid = bssid_buf; 187 } 188 if (cfg80211_conn_do_work(wdev)) 189 __cfg80211_connect_result( 190 wdev->netdev, bssid, 191 NULL, 0, NULL, 0, 192 WLAN_STATUS_UNSPECIFIED_FAILURE, 193 false, NULL); 194 wdev_unlock(wdev); 195 } 196 197 mutex_unlock(&rdev->devlist_mtx); 198 cfg80211_unlock_rdev(rdev); 199 rtnl_unlock(); 200 } 201 202 static struct cfg80211_bss *cfg80211_get_conn_bss(struct wireless_dev *wdev) 203 { 204 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 205 struct cfg80211_bss *bss; 206 u16 capa = WLAN_CAPABILITY_ESS; 207 208 ASSERT_WDEV_LOCK(wdev); 209 210 if (wdev->conn->params.privacy) 211 capa |= WLAN_CAPABILITY_PRIVACY; 212 213 bss = cfg80211_get_bss(wdev->wiphy, NULL, wdev->conn->params.bssid, 214 wdev->conn->params.ssid, 215 wdev->conn->params.ssid_len, 216 WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_PRIVACY, 217 capa); 218 if (!bss) 219 return NULL; 220 221 memcpy(wdev->conn->bssid, bss->bssid, ETH_ALEN); 222 wdev->conn->params.bssid = wdev->conn->bssid; 223 wdev->conn->params.channel = bss->channel; 224 wdev->conn->state = CFG80211_CONN_AUTHENTICATE_NEXT; 225 schedule_work(&rdev->conn_work); 226 227 return bss; 228 } 229 230 static void __cfg80211_sme_scan_done(struct net_device *dev) 231 { 232 struct wireless_dev *wdev = dev->ieee80211_ptr; 233 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 234 struct cfg80211_bss *bss; 235 236 ASSERT_WDEV_LOCK(wdev); 237 238 if (wdev->sme_state != CFG80211_SME_CONNECTING) 239 return; 240 241 if (!wdev->conn) 242 return; 243 244 if (wdev->conn->state != CFG80211_CONN_SCANNING && 245 wdev->conn->state != CFG80211_CONN_SCAN_AGAIN) 246 return; 247 248 bss = cfg80211_get_conn_bss(wdev); 249 if (bss) { 250 cfg80211_put_bss(bss); 251 } else { 252 /* not found */ 253 if (wdev->conn->state == CFG80211_CONN_SCAN_AGAIN) 254 schedule_work(&rdev->conn_work); 255 else 256 __cfg80211_connect_result( 257 wdev->netdev, 258 wdev->conn->params.bssid, 259 NULL, 0, NULL, 0, 260 WLAN_STATUS_UNSPECIFIED_FAILURE, 261 false, NULL); 262 } 263 } 264 265 void cfg80211_sme_scan_done(struct net_device *dev) 266 { 267 struct wireless_dev *wdev = dev->ieee80211_ptr; 268 269 mutex_lock(&wiphy_to_dev(wdev->wiphy)->devlist_mtx); 270 wdev_lock(wdev); 271 __cfg80211_sme_scan_done(dev); 272 wdev_unlock(wdev); 273 mutex_unlock(&wiphy_to_dev(wdev->wiphy)->devlist_mtx); 274 } 275 276 void cfg80211_sme_rx_auth(struct net_device *dev, 277 const u8 *buf, size_t len) 278 { 279 struct wireless_dev *wdev = dev->ieee80211_ptr; 280 struct wiphy *wiphy = wdev->wiphy; 281 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 282 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf; 283 u16 status_code = le16_to_cpu(mgmt->u.auth.status_code); 284 285 ASSERT_WDEV_LOCK(wdev); 286 287 /* should only RX auth frames when connecting */ 288 if (wdev->sme_state != CFG80211_SME_CONNECTING) 289 return; 290 291 if (WARN_ON(!wdev->conn)) 292 return; 293 294 if (status_code == WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG && 295 wdev->conn->auto_auth && 296 wdev->conn->params.auth_type != NL80211_AUTHTYPE_NETWORK_EAP) { 297 /* select automatically between only open, shared, leap */ 298 switch (wdev->conn->params.auth_type) { 299 case NL80211_AUTHTYPE_OPEN_SYSTEM: 300 if (wdev->connect_keys) 301 wdev->conn->params.auth_type = 302 NL80211_AUTHTYPE_SHARED_KEY; 303 else 304 wdev->conn->params.auth_type = 305 NL80211_AUTHTYPE_NETWORK_EAP; 306 break; 307 case NL80211_AUTHTYPE_SHARED_KEY: 308 wdev->conn->params.auth_type = 309 NL80211_AUTHTYPE_NETWORK_EAP; 310 break; 311 default: 312 /* huh? */ 313 wdev->conn->params.auth_type = 314 NL80211_AUTHTYPE_OPEN_SYSTEM; 315 break; 316 } 317 wdev->conn->state = CFG80211_CONN_AUTHENTICATE_NEXT; 318 schedule_work(&rdev->conn_work); 319 } else if (status_code != WLAN_STATUS_SUCCESS) { 320 __cfg80211_connect_result(dev, mgmt->bssid, NULL, 0, NULL, 0, 321 status_code, false, NULL); 322 } else if (wdev->sme_state == CFG80211_SME_CONNECTING && 323 wdev->conn->state == CFG80211_CONN_AUTHENTICATING) { 324 wdev->conn->state = CFG80211_CONN_ASSOCIATE_NEXT; 325 schedule_work(&rdev->conn_work); 326 } 327 } 328 329 bool cfg80211_sme_failed_reassoc(struct wireless_dev *wdev) 330 { 331 struct wiphy *wiphy = wdev->wiphy; 332 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 333 334 if (WARN_ON(!wdev->conn)) 335 return false; 336 337 if (!wdev->conn->prev_bssid_valid) 338 return false; 339 340 /* 341 * Some stupid APs don't accept reassoc, so we 342 * need to fall back to trying regular assoc. 343 */ 344 wdev->conn->prev_bssid_valid = false; 345 wdev->conn->state = CFG80211_CONN_ASSOCIATE_NEXT; 346 schedule_work(&rdev->conn_work); 347 348 return true; 349 } 350 351 void cfg80211_sme_failed_assoc(struct wireless_dev *wdev) 352 { 353 struct wiphy *wiphy = wdev->wiphy; 354 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 355 356 wdev->conn->state = CFG80211_CONN_DEAUTH_ASSOC_FAIL; 357 schedule_work(&rdev->conn_work); 358 } 359 360 void __cfg80211_connect_result(struct net_device *dev, const u8 *bssid, 361 const u8 *req_ie, size_t req_ie_len, 362 const u8 *resp_ie, size_t resp_ie_len, 363 u16 status, bool wextev, 364 struct cfg80211_bss *bss) 365 { 366 struct wireless_dev *wdev = dev->ieee80211_ptr; 367 u8 *country_ie; 368 #ifdef CONFIG_CFG80211_WEXT 369 union iwreq_data wrqu; 370 #endif 371 372 ASSERT_WDEV_LOCK(wdev); 373 374 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION)) 375 return; 376 377 if (wdev->sme_state != CFG80211_SME_CONNECTING) 378 return; 379 380 nl80211_send_connect_result(wiphy_to_dev(wdev->wiphy), dev, 381 bssid, req_ie, req_ie_len, 382 resp_ie, resp_ie_len, 383 status, GFP_KERNEL); 384 385 #ifdef CONFIG_CFG80211_WEXT 386 if (wextev) { 387 if (req_ie && status == WLAN_STATUS_SUCCESS) { 388 memset(&wrqu, 0, sizeof(wrqu)); 389 wrqu.data.length = req_ie_len; 390 wireless_send_event(dev, IWEVASSOCREQIE, &wrqu, req_ie); 391 } 392 393 if (resp_ie && status == WLAN_STATUS_SUCCESS) { 394 memset(&wrqu, 0, sizeof(wrqu)); 395 wrqu.data.length = resp_ie_len; 396 wireless_send_event(dev, IWEVASSOCRESPIE, &wrqu, resp_ie); 397 } 398 399 memset(&wrqu, 0, sizeof(wrqu)); 400 wrqu.ap_addr.sa_family = ARPHRD_ETHER; 401 if (bssid && status == WLAN_STATUS_SUCCESS) { 402 memcpy(wrqu.ap_addr.sa_data, bssid, ETH_ALEN); 403 memcpy(wdev->wext.prev_bssid, bssid, ETH_ALEN); 404 wdev->wext.prev_bssid_valid = true; 405 } 406 wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL); 407 } 408 #endif 409 410 if (wdev->current_bss) { 411 cfg80211_unhold_bss(wdev->current_bss); 412 cfg80211_put_bss(&wdev->current_bss->pub); 413 wdev->current_bss = NULL; 414 } 415 416 if (wdev->conn) 417 wdev->conn->state = CFG80211_CONN_IDLE; 418 419 if (status != WLAN_STATUS_SUCCESS) { 420 wdev->sme_state = CFG80211_SME_IDLE; 421 if (wdev->conn) 422 kfree(wdev->conn->ie); 423 kfree(wdev->conn); 424 wdev->conn = NULL; 425 kfree(wdev->connect_keys); 426 wdev->connect_keys = NULL; 427 wdev->ssid_len = 0; 428 return; 429 } 430 431 if (!bss) 432 bss = cfg80211_get_bss(wdev->wiphy, NULL, bssid, 433 wdev->ssid, wdev->ssid_len, 434 WLAN_CAPABILITY_ESS, 435 WLAN_CAPABILITY_ESS); 436 437 if (WARN_ON(!bss)) 438 return; 439 440 cfg80211_hold_bss(bss_from_pub(bss)); 441 wdev->current_bss = bss_from_pub(bss); 442 443 wdev->sme_state = CFG80211_SME_CONNECTED; 444 cfg80211_upload_connect_keys(wdev); 445 446 country_ie = (u8 *) ieee80211_bss_get_ie(bss, WLAN_EID_COUNTRY); 447 448 if (!country_ie) 449 return; 450 451 /* 452 * ieee80211_bss_get_ie() ensures we can access: 453 * - country_ie + 2, the start of the country ie data, and 454 * - and country_ie[1] which is the IE length 455 */ 456 regulatory_hint_11d(wdev->wiphy, 457 country_ie + 2, 458 country_ie[1]); 459 } 460 461 void cfg80211_connect_result(struct net_device *dev, const u8 *bssid, 462 const u8 *req_ie, size_t req_ie_len, 463 const u8 *resp_ie, size_t resp_ie_len, 464 u16 status, gfp_t gfp) 465 { 466 struct wireless_dev *wdev = dev->ieee80211_ptr; 467 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 468 struct cfg80211_event *ev; 469 unsigned long flags; 470 471 CFG80211_DEV_WARN_ON(wdev->sme_state != CFG80211_SME_CONNECTING); 472 473 ev = kzalloc(sizeof(*ev) + req_ie_len + resp_ie_len, gfp); 474 if (!ev) 475 return; 476 477 ev->type = EVENT_CONNECT_RESULT; 478 if (bssid) 479 memcpy(ev->cr.bssid, bssid, ETH_ALEN); 480 ev->cr.req_ie = ((u8 *)ev) + sizeof(*ev); 481 ev->cr.req_ie_len = req_ie_len; 482 memcpy((void *)ev->cr.req_ie, req_ie, req_ie_len); 483 ev->cr.resp_ie = ((u8 *)ev) + sizeof(*ev) + req_ie_len; 484 ev->cr.resp_ie_len = resp_ie_len; 485 memcpy((void *)ev->cr.resp_ie, resp_ie, resp_ie_len); 486 ev->cr.status = status; 487 488 spin_lock_irqsave(&wdev->event_lock, flags); 489 list_add_tail(&ev->list, &wdev->event_list); 490 spin_unlock_irqrestore(&wdev->event_lock, flags); 491 queue_work(cfg80211_wq, &rdev->event_work); 492 } 493 EXPORT_SYMBOL(cfg80211_connect_result); 494 495 void __cfg80211_roamed(struct wireless_dev *wdev, const u8 *bssid, 496 const u8 *req_ie, size_t req_ie_len, 497 const u8 *resp_ie, size_t resp_ie_len) 498 { 499 struct cfg80211_bss *bss; 500 #ifdef CONFIG_CFG80211_WEXT 501 union iwreq_data wrqu; 502 #endif 503 504 ASSERT_WDEV_LOCK(wdev); 505 506 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION)) 507 return; 508 509 if (wdev->sme_state != CFG80211_SME_CONNECTED) 510 return; 511 512 /* internal error -- how did we get to CONNECTED w/o BSS? */ 513 if (WARN_ON(!wdev->current_bss)) { 514 return; 515 } 516 517 cfg80211_unhold_bss(wdev->current_bss); 518 cfg80211_put_bss(&wdev->current_bss->pub); 519 wdev->current_bss = NULL; 520 521 bss = cfg80211_get_bss(wdev->wiphy, NULL, bssid, 522 wdev->ssid, wdev->ssid_len, 523 WLAN_CAPABILITY_ESS, WLAN_CAPABILITY_ESS); 524 525 if (WARN_ON(!bss)) 526 return; 527 528 cfg80211_hold_bss(bss_from_pub(bss)); 529 wdev->current_bss = bss_from_pub(bss); 530 531 nl80211_send_roamed(wiphy_to_dev(wdev->wiphy), wdev->netdev, bssid, 532 req_ie, req_ie_len, resp_ie, resp_ie_len, 533 GFP_KERNEL); 534 535 #ifdef CONFIG_CFG80211_WEXT 536 if (req_ie) { 537 memset(&wrqu, 0, sizeof(wrqu)); 538 wrqu.data.length = req_ie_len; 539 wireless_send_event(wdev->netdev, IWEVASSOCREQIE, 540 &wrqu, req_ie); 541 } 542 543 if (resp_ie) { 544 memset(&wrqu, 0, sizeof(wrqu)); 545 wrqu.data.length = resp_ie_len; 546 wireless_send_event(wdev->netdev, IWEVASSOCRESPIE, 547 &wrqu, resp_ie); 548 } 549 550 memset(&wrqu, 0, sizeof(wrqu)); 551 wrqu.ap_addr.sa_family = ARPHRD_ETHER; 552 memcpy(wrqu.ap_addr.sa_data, bssid, ETH_ALEN); 553 memcpy(wdev->wext.prev_bssid, bssid, ETH_ALEN); 554 wdev->wext.prev_bssid_valid = true; 555 wireless_send_event(wdev->netdev, SIOCGIWAP, &wrqu, NULL); 556 #endif 557 } 558 559 void cfg80211_roamed(struct net_device *dev, const u8 *bssid, 560 const u8 *req_ie, size_t req_ie_len, 561 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp) 562 { 563 struct wireless_dev *wdev = dev->ieee80211_ptr; 564 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 565 struct cfg80211_event *ev; 566 unsigned long flags; 567 568 CFG80211_DEV_WARN_ON(wdev->sme_state != CFG80211_SME_CONNECTED); 569 570 ev = kzalloc(sizeof(*ev) + req_ie_len + resp_ie_len, gfp); 571 if (!ev) 572 return; 573 574 ev->type = EVENT_ROAMED; 575 memcpy(ev->rm.bssid, bssid, ETH_ALEN); 576 ev->rm.req_ie = ((u8 *)ev) + sizeof(*ev); 577 ev->rm.req_ie_len = req_ie_len; 578 memcpy((void *)ev->rm.req_ie, req_ie, req_ie_len); 579 ev->rm.resp_ie = ((u8 *)ev) + sizeof(*ev) + req_ie_len; 580 ev->rm.resp_ie_len = resp_ie_len; 581 memcpy((void *)ev->rm.resp_ie, resp_ie, resp_ie_len); 582 583 spin_lock_irqsave(&wdev->event_lock, flags); 584 list_add_tail(&ev->list, &wdev->event_list); 585 spin_unlock_irqrestore(&wdev->event_lock, flags); 586 queue_work(cfg80211_wq, &rdev->event_work); 587 } 588 EXPORT_SYMBOL(cfg80211_roamed); 589 590 void __cfg80211_disconnected(struct net_device *dev, const u8 *ie, 591 size_t ie_len, u16 reason, bool from_ap) 592 { 593 struct wireless_dev *wdev = dev->ieee80211_ptr; 594 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 595 int i; 596 #ifdef CONFIG_CFG80211_WEXT 597 union iwreq_data wrqu; 598 #endif 599 600 ASSERT_WDEV_LOCK(wdev); 601 602 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION)) 603 return; 604 605 if (wdev->sme_state != CFG80211_SME_CONNECTED) 606 return; 607 608 if (wdev->current_bss) { 609 cfg80211_unhold_bss(wdev->current_bss); 610 cfg80211_put_bss(&wdev->current_bss->pub); 611 } 612 613 wdev->current_bss = NULL; 614 wdev->sme_state = CFG80211_SME_IDLE; 615 wdev->ssid_len = 0; 616 617 if (wdev->conn) { 618 const u8 *bssid; 619 int ret; 620 621 kfree(wdev->conn->ie); 622 wdev->conn->ie = NULL; 623 kfree(wdev->conn); 624 wdev->conn = NULL; 625 626 /* 627 * If this disconnect was due to a disassoc, we 628 * we might still have an auth BSS around. For 629 * the userspace SME that's currently expected, 630 * but for the kernel SME (nl80211 CONNECT or 631 * wireless extensions) we want to clear up all 632 * state. 633 */ 634 for (i = 0; i < MAX_AUTH_BSSES; i++) { 635 if (!wdev->auth_bsses[i]) 636 continue; 637 bssid = wdev->auth_bsses[i]->pub.bssid; 638 ret = __cfg80211_mlme_deauth(rdev, dev, bssid, NULL, 0, 639 WLAN_REASON_DEAUTH_LEAVING); 640 WARN(ret, "deauth failed: %d\n", ret); 641 } 642 } 643 644 nl80211_send_disconnected(rdev, dev, reason, ie, ie_len, from_ap); 645 646 /* 647 * Delete all the keys ... pairwise keys can't really 648 * exist any more anyway, but default keys might. 649 */ 650 if (rdev->ops->del_key) 651 for (i = 0; i < 6; i++) 652 rdev->ops->del_key(wdev->wiphy, dev, i, NULL); 653 654 #ifdef CONFIG_CFG80211_WEXT 655 memset(&wrqu, 0, sizeof(wrqu)); 656 wrqu.ap_addr.sa_family = ARPHRD_ETHER; 657 wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL); 658 wdev->wext.connect.ssid_len = 0; 659 #endif 660 } 661 662 void cfg80211_disconnected(struct net_device *dev, u16 reason, 663 u8 *ie, size_t ie_len, gfp_t gfp) 664 { 665 struct wireless_dev *wdev = dev->ieee80211_ptr; 666 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 667 struct cfg80211_event *ev; 668 unsigned long flags; 669 670 CFG80211_DEV_WARN_ON(wdev->sme_state != CFG80211_SME_CONNECTED); 671 672 ev = kzalloc(sizeof(*ev) + ie_len, gfp); 673 if (!ev) 674 return; 675 676 ev->type = EVENT_DISCONNECTED; 677 ev->dc.ie = ((u8 *)ev) + sizeof(*ev); 678 ev->dc.ie_len = ie_len; 679 memcpy((void *)ev->dc.ie, ie, ie_len); 680 ev->dc.reason = reason; 681 682 spin_lock_irqsave(&wdev->event_lock, flags); 683 list_add_tail(&ev->list, &wdev->event_list); 684 spin_unlock_irqrestore(&wdev->event_lock, flags); 685 queue_work(cfg80211_wq, &rdev->event_work); 686 } 687 EXPORT_SYMBOL(cfg80211_disconnected); 688 689 int __cfg80211_connect(struct cfg80211_registered_device *rdev, 690 struct net_device *dev, 691 struct cfg80211_connect_params *connect, 692 struct cfg80211_cached_keys *connkeys, 693 const u8 *prev_bssid) 694 { 695 struct wireless_dev *wdev = dev->ieee80211_ptr; 696 struct ieee80211_channel *chan; 697 struct cfg80211_bss *bss = NULL; 698 int err; 699 700 ASSERT_WDEV_LOCK(wdev); 701 702 if (wdev->sme_state != CFG80211_SME_IDLE) 703 return -EALREADY; 704 705 chan = rdev_fixed_channel(rdev, wdev); 706 if (chan && chan != connect->channel) 707 return -EBUSY; 708 709 if (WARN_ON(wdev->connect_keys)) { 710 kfree(wdev->connect_keys); 711 wdev->connect_keys = NULL; 712 } 713 714 if (connkeys && connkeys->def >= 0) { 715 int idx; 716 u32 cipher; 717 718 idx = connkeys->def; 719 cipher = connkeys->params[idx].cipher; 720 /* If given a WEP key we may need it for shared key auth */ 721 if (cipher == WLAN_CIPHER_SUITE_WEP40 || 722 cipher == WLAN_CIPHER_SUITE_WEP104) { 723 connect->key_idx = idx; 724 connect->key = connkeys->params[idx].key; 725 connect->key_len = connkeys->params[idx].key_len; 726 727 /* 728 * If ciphers are not set (e.g. when going through 729 * iwconfig), we have to set them appropriately here. 730 */ 731 if (connect->crypto.cipher_group == 0) 732 connect->crypto.cipher_group = cipher; 733 734 if (connect->crypto.n_ciphers_pairwise == 0) { 735 connect->crypto.n_ciphers_pairwise = 1; 736 connect->crypto.ciphers_pairwise[0] = cipher; 737 } 738 } 739 } 740 741 if (!rdev->ops->connect) { 742 if (!rdev->ops->auth || !rdev->ops->assoc) 743 return -EOPNOTSUPP; 744 745 if (WARN_ON(wdev->conn)) 746 return -EINPROGRESS; 747 748 wdev->conn = kzalloc(sizeof(*wdev->conn), GFP_KERNEL); 749 if (!wdev->conn) 750 return -ENOMEM; 751 752 /* 753 * Copy all parameters, and treat explicitly IEs, BSSID, SSID. 754 */ 755 memcpy(&wdev->conn->params, connect, sizeof(*connect)); 756 if (connect->bssid) { 757 wdev->conn->params.bssid = wdev->conn->bssid; 758 memcpy(wdev->conn->bssid, connect->bssid, ETH_ALEN); 759 } 760 761 if (connect->ie) { 762 wdev->conn->ie = kmemdup(connect->ie, connect->ie_len, 763 GFP_KERNEL); 764 wdev->conn->params.ie = wdev->conn->ie; 765 if (!wdev->conn->ie) { 766 kfree(wdev->conn); 767 wdev->conn = NULL; 768 return -ENOMEM; 769 } 770 } 771 772 if (connect->auth_type == NL80211_AUTHTYPE_AUTOMATIC) { 773 wdev->conn->auto_auth = true; 774 /* start with open system ... should mostly work */ 775 wdev->conn->params.auth_type = 776 NL80211_AUTHTYPE_OPEN_SYSTEM; 777 } else { 778 wdev->conn->auto_auth = false; 779 } 780 781 memcpy(wdev->ssid, connect->ssid, connect->ssid_len); 782 wdev->ssid_len = connect->ssid_len; 783 wdev->conn->params.ssid = wdev->ssid; 784 wdev->conn->params.ssid_len = connect->ssid_len; 785 786 /* see if we have the bss already */ 787 bss = cfg80211_get_conn_bss(wdev); 788 789 wdev->sme_state = CFG80211_SME_CONNECTING; 790 wdev->connect_keys = connkeys; 791 792 if (prev_bssid) { 793 memcpy(wdev->conn->prev_bssid, prev_bssid, ETH_ALEN); 794 wdev->conn->prev_bssid_valid = true; 795 } 796 797 /* we're good if we have a matching bss struct */ 798 if (bss) { 799 wdev->conn->state = CFG80211_CONN_AUTHENTICATE_NEXT; 800 err = cfg80211_conn_do_work(wdev); 801 cfg80211_put_bss(bss); 802 } else { 803 /* otherwise we'll need to scan for the AP first */ 804 err = cfg80211_conn_scan(wdev); 805 /* 806 * If we can't scan right now, then we need to scan again 807 * after the current scan finished, since the parameters 808 * changed (unless we find a good AP anyway). 809 */ 810 if (err == -EBUSY) { 811 err = 0; 812 wdev->conn->state = CFG80211_CONN_SCAN_AGAIN; 813 } 814 } 815 if (err) { 816 kfree(wdev->conn->ie); 817 kfree(wdev->conn); 818 wdev->conn = NULL; 819 wdev->sme_state = CFG80211_SME_IDLE; 820 wdev->connect_keys = NULL; 821 wdev->ssid_len = 0; 822 } 823 824 return err; 825 } else { 826 wdev->sme_state = CFG80211_SME_CONNECTING; 827 wdev->connect_keys = connkeys; 828 err = rdev->ops->connect(&rdev->wiphy, dev, connect); 829 if (err) { 830 wdev->connect_keys = NULL; 831 wdev->sme_state = CFG80211_SME_IDLE; 832 return err; 833 } 834 835 memcpy(wdev->ssid, connect->ssid, connect->ssid_len); 836 wdev->ssid_len = connect->ssid_len; 837 838 return 0; 839 } 840 } 841 842 int cfg80211_connect(struct cfg80211_registered_device *rdev, 843 struct net_device *dev, 844 struct cfg80211_connect_params *connect, 845 struct cfg80211_cached_keys *connkeys) 846 { 847 int err; 848 849 mutex_lock(&rdev->devlist_mtx); 850 wdev_lock(dev->ieee80211_ptr); 851 err = __cfg80211_connect(rdev, dev, connect, connkeys, NULL); 852 wdev_unlock(dev->ieee80211_ptr); 853 mutex_unlock(&rdev->devlist_mtx); 854 855 return err; 856 } 857 858 int __cfg80211_disconnect(struct cfg80211_registered_device *rdev, 859 struct net_device *dev, u16 reason, bool wextev) 860 { 861 struct wireless_dev *wdev = dev->ieee80211_ptr; 862 int err; 863 864 ASSERT_WDEV_LOCK(wdev); 865 866 if (wdev->sme_state == CFG80211_SME_IDLE) 867 return -EINVAL; 868 869 kfree(wdev->connect_keys); 870 wdev->connect_keys = NULL; 871 872 if (!rdev->ops->disconnect) { 873 if (!rdev->ops->deauth) 874 return -EOPNOTSUPP; 875 876 /* was it connected by userspace SME? */ 877 if (!wdev->conn) { 878 cfg80211_mlme_down(rdev, dev); 879 return 0; 880 } 881 882 if (wdev->sme_state == CFG80211_SME_CONNECTING && 883 (wdev->conn->state == CFG80211_CONN_SCANNING || 884 wdev->conn->state == CFG80211_CONN_SCAN_AGAIN)) { 885 wdev->sme_state = CFG80211_SME_IDLE; 886 kfree(wdev->conn->ie); 887 kfree(wdev->conn); 888 wdev->conn = NULL; 889 wdev->ssid_len = 0; 890 return 0; 891 } 892 893 /* wdev->conn->params.bssid must be set if > SCANNING */ 894 err = __cfg80211_mlme_deauth(rdev, dev, 895 wdev->conn->params.bssid, 896 NULL, 0, reason); 897 if (err) 898 return err; 899 } else { 900 err = rdev->ops->disconnect(&rdev->wiphy, dev, reason); 901 if (err) 902 return err; 903 } 904 905 if (wdev->sme_state == CFG80211_SME_CONNECTED) 906 __cfg80211_disconnected(dev, NULL, 0, 0, false); 907 else if (wdev->sme_state == CFG80211_SME_CONNECTING) 908 __cfg80211_connect_result(dev, NULL, NULL, 0, NULL, 0, 909 WLAN_STATUS_UNSPECIFIED_FAILURE, 910 wextev, NULL); 911 912 return 0; 913 } 914 915 int cfg80211_disconnect(struct cfg80211_registered_device *rdev, 916 struct net_device *dev, 917 u16 reason, bool wextev) 918 { 919 int err; 920 921 wdev_lock(dev->ieee80211_ptr); 922 err = __cfg80211_disconnect(rdev, dev, reason, wextev); 923 wdev_unlock(dev->ieee80211_ptr); 924 925 return err; 926 } 927 928 void cfg80211_sme_disassoc(struct net_device *dev, int idx) 929 { 930 struct wireless_dev *wdev = dev->ieee80211_ptr; 931 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 932 u8 bssid[ETH_ALEN]; 933 934 ASSERT_WDEV_LOCK(wdev); 935 936 if (!wdev->conn) 937 return; 938 939 if (wdev->conn->state == CFG80211_CONN_IDLE) 940 return; 941 942 /* 943 * Ok, so the association was made by this SME -- we don't 944 * want it any more so deauthenticate too. 945 */ 946 947 if (!wdev->auth_bsses[idx]) 948 return; 949 950 memcpy(bssid, wdev->auth_bsses[idx]->pub.bssid, ETH_ALEN); 951 if (__cfg80211_mlme_deauth(rdev, dev, bssid, 952 NULL, 0, WLAN_REASON_DEAUTH_LEAVING)) { 953 /* whatever -- assume gone anyway */ 954 cfg80211_unhold_bss(wdev->auth_bsses[idx]); 955 cfg80211_put_bss(&wdev->auth_bsses[idx]->pub); 956 wdev->auth_bsses[idx] = NULL; 957 } 958 } 959