1 /* 2 * Copyright (c) 2008, 2009 open80211s Ltd. 3 * Author: Luis Carlos Cobo <luisca@cozybit.com> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 */ 9 #include <linux/gfp.h> 10 #include <linux/kernel.h> 11 #include <linux/random.h> 12 #include "ieee80211_i.h" 13 #include "rate.h" 14 #include "mesh.h" 15 16 #define PLINK_GET_LLID(p) (p + 2) 17 #define PLINK_GET_PLID(p) (p + 4) 18 19 #define mod_plink_timer(s, t) (mod_timer(&s->plink_timer, \ 20 jiffies + msecs_to_jiffies(t))) 21 22 enum plink_event { 23 PLINK_UNDEFINED, 24 OPN_ACPT, 25 OPN_RJCT, 26 OPN_IGNR, 27 CNF_ACPT, 28 CNF_RJCT, 29 CNF_IGNR, 30 CLS_ACPT, 31 CLS_IGNR 32 }; 33 34 static const char * const mplstates[] = { 35 [NL80211_PLINK_LISTEN] = "LISTEN", 36 [NL80211_PLINK_OPN_SNT] = "OPN-SNT", 37 [NL80211_PLINK_OPN_RCVD] = "OPN-RCVD", 38 [NL80211_PLINK_CNF_RCVD] = "CNF_RCVD", 39 [NL80211_PLINK_ESTAB] = "ESTAB", 40 [NL80211_PLINK_HOLDING] = "HOLDING", 41 [NL80211_PLINK_BLOCKED] = "BLOCKED" 42 }; 43 44 static const char * const mplevents[] = { 45 [PLINK_UNDEFINED] = "NONE", 46 [OPN_ACPT] = "OPN_ACPT", 47 [OPN_RJCT] = "OPN_RJCT", 48 [OPN_IGNR] = "OPN_IGNR", 49 [CNF_ACPT] = "CNF_ACPT", 50 [CNF_RJCT] = "CNF_RJCT", 51 [CNF_IGNR] = "CNF_IGNR", 52 [CLS_ACPT] = "CLS_ACPT", 53 [CLS_IGNR] = "CLS_IGNR" 54 }; 55 56 static int mesh_plink_frame_tx(struct ieee80211_sub_if_data *sdata, 57 enum ieee80211_self_protected_actioncode action, 58 u8 *da, u16 llid, u16 plid, u16 reason); 59 60 61 /* We only need a valid sta if user configured a minimum rssi_threshold. */ 62 static bool rssi_threshold_check(struct ieee80211_sub_if_data *sdata, 63 struct sta_info *sta) 64 { 65 s32 rssi_threshold = sdata->u.mesh.mshcfg.rssi_threshold; 66 return rssi_threshold == 0 || 67 (sta && (s8) -ewma_read(&sta->avg_signal) > rssi_threshold); 68 } 69 70 /** 71 * mesh_plink_fsm_restart - restart a mesh peer link finite state machine 72 * 73 * @sta: mesh peer link to restart 74 * 75 * Locking: this function must be called holding sta->plink_lock 76 */ 77 static inline void mesh_plink_fsm_restart(struct sta_info *sta) 78 { 79 lockdep_assert_held(&sta->plink_lock); 80 sta->plink_state = NL80211_PLINK_LISTEN; 81 sta->llid = sta->plid = sta->reason = 0; 82 sta->plink_retries = 0; 83 } 84 85 /* 86 * mesh_set_short_slot_time - enable / disable ERP short slot time. 87 * 88 * The standard indirectly mandates mesh STAs to turn off short slot time by 89 * disallowing advertising this (802.11-2012 8.4.1.4), but that doesn't mean we 90 * can't be sneaky about it. Enable short slot time if all mesh STAs in the 91 * MBSS support ERP rates. 92 * 93 * Returns BSS_CHANGED_ERP_SLOT or 0 for no change. 94 */ 95 static u32 mesh_set_short_slot_time(struct ieee80211_sub_if_data *sdata) 96 { 97 struct ieee80211_local *local = sdata->local; 98 enum ieee80211_band band = ieee80211_get_sdata_band(sdata); 99 struct ieee80211_supported_band *sband = local->hw.wiphy->bands[band]; 100 struct sta_info *sta; 101 u32 erp_rates = 0, changed = 0; 102 int i; 103 bool short_slot = false; 104 105 if (band == IEEE80211_BAND_5GHZ) { 106 /* (IEEE 802.11-2012 19.4.5) */ 107 short_slot = true; 108 goto out; 109 } else if (band != IEEE80211_BAND_2GHZ) 110 goto out; 111 112 for (i = 0; i < sband->n_bitrates; i++) 113 if (sband->bitrates[i].flags & IEEE80211_RATE_ERP_G) 114 erp_rates |= BIT(i); 115 116 if (!erp_rates) 117 goto out; 118 119 rcu_read_lock(); 120 list_for_each_entry_rcu(sta, &local->sta_list, list) { 121 if (sdata != sta->sdata || 122 sta->plink_state != NL80211_PLINK_ESTAB) 123 continue; 124 125 short_slot = false; 126 if (erp_rates & sta->sta.supp_rates[band]) 127 short_slot = true; 128 else 129 break; 130 } 131 rcu_read_unlock(); 132 133 out: 134 if (sdata->vif.bss_conf.use_short_slot != short_slot) { 135 sdata->vif.bss_conf.use_short_slot = short_slot; 136 changed = BSS_CHANGED_ERP_SLOT; 137 mpl_dbg(sdata, "mesh_plink %pM: ERP short slot time %d\n", 138 sdata->vif.addr, short_slot); 139 } 140 return changed; 141 } 142 143 /** 144 * mesh_set_ht_prot_mode - set correct HT protection mode 145 * 146 * Section 9.23.3.5 of IEEE 80211-2012 describes the protection rules for HT 147 * mesh STA in a MBSS. Three HT protection modes are supported for now, non-HT 148 * mixed mode, 20MHz-protection and no-protection mode. non-HT mixed mode is 149 * selected if any non-HT peers are present in our MBSS. 20MHz-protection mode 150 * is selected if all peers in our 20/40MHz MBSS support HT and atleast one 151 * HT20 peer is present. Otherwise no-protection mode is selected. 152 */ 153 static u32 mesh_set_ht_prot_mode(struct ieee80211_sub_if_data *sdata) 154 { 155 struct ieee80211_local *local = sdata->local; 156 struct sta_info *sta; 157 u16 ht_opmode; 158 bool non_ht_sta = false, ht20_sta = false; 159 160 switch (sdata->vif.bss_conf.chandef.width) { 161 case NL80211_CHAN_WIDTH_20_NOHT: 162 case NL80211_CHAN_WIDTH_5: 163 case NL80211_CHAN_WIDTH_10: 164 return 0; 165 default: 166 break; 167 } 168 169 rcu_read_lock(); 170 list_for_each_entry_rcu(sta, &local->sta_list, list) { 171 if (sdata != sta->sdata || 172 sta->plink_state != NL80211_PLINK_ESTAB) 173 continue; 174 175 if (sta->sta.bandwidth > IEEE80211_STA_RX_BW_20) 176 continue; 177 178 if (!sta->sta.ht_cap.ht_supported) { 179 mpl_dbg(sdata, "nonHT sta (%pM) is present\n", 180 sta->sta.addr); 181 non_ht_sta = true; 182 break; 183 } 184 185 mpl_dbg(sdata, "HT20 sta (%pM) is present\n", sta->sta.addr); 186 ht20_sta = true; 187 } 188 rcu_read_unlock(); 189 190 if (non_ht_sta) 191 ht_opmode = IEEE80211_HT_OP_MODE_PROTECTION_NONHT_MIXED; 192 else if (ht20_sta && 193 sdata->vif.bss_conf.chandef.width > NL80211_CHAN_WIDTH_20) 194 ht_opmode = IEEE80211_HT_OP_MODE_PROTECTION_20MHZ; 195 else 196 ht_opmode = IEEE80211_HT_OP_MODE_PROTECTION_NONE; 197 198 if (sdata->vif.bss_conf.ht_operation_mode == ht_opmode) 199 return 0; 200 201 sdata->vif.bss_conf.ht_operation_mode = ht_opmode; 202 sdata->u.mesh.mshcfg.ht_opmode = ht_opmode; 203 mpl_dbg(sdata, "selected new HT protection mode %d\n", ht_opmode); 204 return BSS_CHANGED_HT; 205 } 206 207 /** 208 * __mesh_plink_deactivate - deactivate mesh peer link 209 * 210 * @sta: mesh peer link to deactivate 211 * 212 * All mesh paths with this peer as next hop will be flushed 213 * Returns beacon changed flag if the beacon content changed. 214 * 215 * Locking: the caller must hold sta->plink_lock 216 */ 217 static u32 __mesh_plink_deactivate(struct sta_info *sta) 218 { 219 struct ieee80211_sub_if_data *sdata = sta->sdata; 220 u32 changed = 0; 221 222 lockdep_assert_held(&sta->plink_lock); 223 224 if (sta->plink_state == NL80211_PLINK_ESTAB) 225 changed = mesh_plink_dec_estab_count(sdata); 226 sta->plink_state = NL80211_PLINK_BLOCKED; 227 mesh_path_flush_by_nexthop(sta); 228 229 ieee80211_mps_sta_status_update(sta); 230 changed |= ieee80211_mps_set_sta_local_pm(sta, 231 NL80211_MESH_POWER_UNKNOWN); 232 233 return changed; 234 } 235 236 /** 237 * mesh_plink_deactivate - deactivate mesh peer link 238 * 239 * @sta: mesh peer link to deactivate 240 * 241 * All mesh paths with this peer as next hop will be flushed 242 */ 243 u32 mesh_plink_deactivate(struct sta_info *sta) 244 { 245 struct ieee80211_sub_if_data *sdata = sta->sdata; 246 u32 changed; 247 248 spin_lock_bh(&sta->plink_lock); 249 changed = __mesh_plink_deactivate(sta); 250 sta->reason = WLAN_REASON_MESH_PEER_CANCELED; 251 mesh_plink_frame_tx(sdata, WLAN_SP_MESH_PEERING_CLOSE, 252 sta->sta.addr, sta->llid, sta->plid, 253 sta->reason); 254 spin_unlock_bh(&sta->plink_lock); 255 256 return changed; 257 } 258 259 static int mesh_plink_frame_tx(struct ieee80211_sub_if_data *sdata, 260 enum ieee80211_self_protected_actioncode action, 261 u8 *da, u16 llid, u16 plid, u16 reason) 262 { 263 struct ieee80211_local *local = sdata->local; 264 struct sk_buff *skb; 265 struct ieee80211_tx_info *info; 266 struct ieee80211_mgmt *mgmt; 267 bool include_plid = false; 268 u16 peering_proto = 0; 269 u8 *pos, ie_len = 4; 270 int hdr_len = offsetof(struct ieee80211_mgmt, u.action.u.self_prot) + 271 sizeof(mgmt->u.action.u.self_prot); 272 int err = -ENOMEM; 273 274 skb = dev_alloc_skb(local->tx_headroom + 275 hdr_len + 276 2 + /* capability info */ 277 2 + /* AID */ 278 2 + 8 + /* supported rates */ 279 2 + (IEEE80211_MAX_SUPP_RATES - 8) + 280 2 + sdata->u.mesh.mesh_id_len + 281 2 + sizeof(struct ieee80211_meshconf_ie) + 282 2 + sizeof(struct ieee80211_ht_cap) + 283 2 + sizeof(struct ieee80211_ht_operation) + 284 2 + 8 + /* peering IE */ 285 sdata->u.mesh.ie_len); 286 if (!skb) 287 return err; 288 info = IEEE80211_SKB_CB(skb); 289 skb_reserve(skb, local->tx_headroom); 290 mgmt = (struct ieee80211_mgmt *) skb_put(skb, hdr_len); 291 memset(mgmt, 0, hdr_len); 292 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 293 IEEE80211_STYPE_ACTION); 294 memcpy(mgmt->da, da, ETH_ALEN); 295 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 296 memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN); 297 mgmt->u.action.category = WLAN_CATEGORY_SELF_PROTECTED; 298 mgmt->u.action.u.self_prot.action_code = action; 299 300 if (action != WLAN_SP_MESH_PEERING_CLOSE) { 301 enum ieee80211_band band = ieee80211_get_sdata_band(sdata); 302 303 /* capability info */ 304 pos = skb_put(skb, 2); 305 memset(pos, 0, 2); 306 if (action == WLAN_SP_MESH_PEERING_CONFIRM) { 307 /* AID */ 308 pos = skb_put(skb, 2); 309 put_unaligned_le16(plid, pos); 310 } 311 if (ieee80211_add_srates_ie(sdata, skb, true, band) || 312 ieee80211_add_ext_srates_ie(sdata, skb, true, band) || 313 mesh_add_rsn_ie(sdata, skb) || 314 mesh_add_meshid_ie(sdata, skb) || 315 mesh_add_meshconf_ie(sdata, skb)) 316 goto free; 317 } else { /* WLAN_SP_MESH_PEERING_CLOSE */ 318 info->flags |= IEEE80211_TX_CTL_NO_ACK; 319 if (mesh_add_meshid_ie(sdata, skb)) 320 goto free; 321 } 322 323 /* Add Mesh Peering Management element */ 324 switch (action) { 325 case WLAN_SP_MESH_PEERING_OPEN: 326 break; 327 case WLAN_SP_MESH_PEERING_CONFIRM: 328 ie_len += 2; 329 include_plid = true; 330 break; 331 case WLAN_SP_MESH_PEERING_CLOSE: 332 if (plid) { 333 ie_len += 2; 334 include_plid = true; 335 } 336 ie_len += 2; /* reason code */ 337 break; 338 default: 339 err = -EINVAL; 340 goto free; 341 } 342 343 if (WARN_ON(skb_tailroom(skb) < 2 + ie_len)) 344 goto free; 345 346 pos = skb_put(skb, 2 + ie_len); 347 *pos++ = WLAN_EID_PEER_MGMT; 348 *pos++ = ie_len; 349 memcpy(pos, &peering_proto, 2); 350 pos += 2; 351 put_unaligned_le16(llid, pos); 352 pos += 2; 353 if (include_plid) { 354 put_unaligned_le16(plid, pos); 355 pos += 2; 356 } 357 if (action == WLAN_SP_MESH_PEERING_CLOSE) { 358 put_unaligned_le16(reason, pos); 359 pos += 2; 360 } 361 362 if (action != WLAN_SP_MESH_PEERING_CLOSE) { 363 if (mesh_add_ht_cap_ie(sdata, skb) || 364 mesh_add_ht_oper_ie(sdata, skb)) 365 goto free; 366 } 367 368 if (mesh_add_vendor_ies(sdata, skb)) 369 goto free; 370 371 ieee80211_tx_skb(sdata, skb); 372 return 0; 373 free: 374 kfree_skb(skb); 375 return err; 376 } 377 378 static void mesh_sta_info_init(struct ieee80211_sub_if_data *sdata, 379 struct sta_info *sta, 380 struct ieee802_11_elems *elems, bool insert) 381 { 382 struct ieee80211_local *local = sdata->local; 383 enum ieee80211_band band = ieee80211_get_sdata_band(sdata); 384 struct ieee80211_supported_band *sband; 385 u32 rates, basic_rates = 0, changed = 0; 386 enum ieee80211_sta_rx_bandwidth bw = sta->sta.bandwidth; 387 388 sband = local->hw.wiphy->bands[band]; 389 rates = ieee80211_sta_get_rates(sdata, elems, band, &basic_rates); 390 391 spin_lock_bh(&sta->plink_lock); 392 sta->last_rx = jiffies; 393 394 /* rates and capabilities don't change during peering */ 395 if (sta->plink_state == NL80211_PLINK_ESTAB && sta->processed_beacon) 396 goto out; 397 sta->processed_beacon = true; 398 399 if (sta->sta.supp_rates[band] != rates) 400 changed |= IEEE80211_RC_SUPP_RATES_CHANGED; 401 sta->sta.supp_rates[band] = rates; 402 403 if (ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband, 404 elems->ht_cap_elem, sta)) 405 changed |= IEEE80211_RC_BW_CHANGED; 406 407 if (bw != sta->sta.bandwidth) 408 changed |= IEEE80211_RC_BW_CHANGED; 409 410 /* HT peer is operating 20MHz-only */ 411 if (elems->ht_operation && 412 !(elems->ht_operation->ht_param & 413 IEEE80211_HT_PARAM_CHAN_WIDTH_ANY)) { 414 if (sta->sta.bandwidth != IEEE80211_STA_RX_BW_20) 415 changed |= IEEE80211_RC_BW_CHANGED; 416 sta->sta.bandwidth = IEEE80211_STA_RX_BW_20; 417 } 418 419 if (insert) 420 rate_control_rate_init(sta); 421 else 422 rate_control_rate_update(local, sband, sta, changed); 423 out: 424 spin_unlock_bh(&sta->plink_lock); 425 } 426 427 static struct sta_info * 428 __mesh_sta_info_alloc(struct ieee80211_sub_if_data *sdata, u8 *hw_addr) 429 { 430 struct sta_info *sta; 431 432 if (sdata->local->num_sta >= MESH_MAX_PLINKS) 433 return NULL; 434 435 sta = sta_info_alloc(sdata, hw_addr, GFP_KERNEL); 436 if (!sta) 437 return NULL; 438 439 sta->plink_state = NL80211_PLINK_LISTEN; 440 sta->sta.wme = true; 441 442 sta_info_pre_move_state(sta, IEEE80211_STA_AUTH); 443 sta_info_pre_move_state(sta, IEEE80211_STA_ASSOC); 444 sta_info_pre_move_state(sta, IEEE80211_STA_AUTHORIZED); 445 446 return sta; 447 } 448 449 static struct sta_info * 450 mesh_sta_info_alloc(struct ieee80211_sub_if_data *sdata, u8 *addr, 451 struct ieee802_11_elems *elems) 452 { 453 struct sta_info *sta = NULL; 454 455 /* Userspace handles station allocation */ 456 if (sdata->u.mesh.user_mpm || 457 sdata->u.mesh.security & IEEE80211_MESH_SEC_AUTHED) 458 cfg80211_notify_new_peer_candidate(sdata->dev, addr, 459 elems->ie_start, 460 elems->total_len, 461 GFP_KERNEL); 462 else 463 sta = __mesh_sta_info_alloc(sdata, addr); 464 465 return sta; 466 } 467 468 /* 469 * mesh_sta_info_get - return mesh sta info entry for @addr. 470 * 471 * @sdata: local meshif 472 * @addr: peer's address 473 * @elems: IEs from beacon or mesh peering frame. 474 * 475 * Return existing or newly allocated sta_info under RCU read lock. 476 * (re)initialize with given IEs. 477 */ 478 static struct sta_info * 479 mesh_sta_info_get(struct ieee80211_sub_if_data *sdata, 480 u8 *addr, struct ieee802_11_elems *elems) __acquires(RCU) 481 { 482 struct sta_info *sta = NULL; 483 484 rcu_read_lock(); 485 sta = sta_info_get(sdata, addr); 486 if (sta) { 487 mesh_sta_info_init(sdata, sta, elems, false); 488 } else { 489 rcu_read_unlock(); 490 /* can't run atomic */ 491 sta = mesh_sta_info_alloc(sdata, addr, elems); 492 if (!sta) { 493 rcu_read_lock(); 494 return NULL; 495 } 496 497 mesh_sta_info_init(sdata, sta, elems, true); 498 499 if (sta_info_insert_rcu(sta)) 500 return NULL; 501 } 502 503 return sta; 504 } 505 506 /* 507 * mesh_neighbour_update - update or initialize new mesh neighbor. 508 * 509 * @sdata: local meshif 510 * @addr: peer's address 511 * @elems: IEs from beacon or mesh peering frame 512 * 513 * Initiates peering if appropriate. 514 */ 515 void mesh_neighbour_update(struct ieee80211_sub_if_data *sdata, 516 u8 *hw_addr, 517 struct ieee802_11_elems *elems) 518 { 519 struct sta_info *sta; 520 u32 changed = 0; 521 522 sta = mesh_sta_info_get(sdata, hw_addr, elems); 523 if (!sta) 524 goto out; 525 526 if (mesh_peer_accepts_plinks(elems) && 527 sta->plink_state == NL80211_PLINK_LISTEN && 528 sdata->u.mesh.accepting_plinks && 529 sdata->u.mesh.mshcfg.auto_open_plinks && 530 rssi_threshold_check(sdata, sta)) 531 changed = mesh_plink_open(sta); 532 533 ieee80211_mps_frame_release(sta, elems); 534 out: 535 rcu_read_unlock(); 536 ieee80211_mbss_info_change_notify(sdata, changed); 537 } 538 539 static void mesh_plink_timer(unsigned long data) 540 { 541 struct sta_info *sta; 542 u16 reason = 0; 543 struct ieee80211_sub_if_data *sdata; 544 struct mesh_config *mshcfg; 545 enum ieee80211_self_protected_actioncode action = 0; 546 547 /* 548 * This STA is valid because sta_info_destroy() will 549 * del_timer_sync() this timer after having made sure 550 * it cannot be readded (by deleting the plink.) 551 */ 552 sta = (struct sta_info *) data; 553 554 if (sta->sdata->local->quiescing) 555 return; 556 557 spin_lock_bh(&sta->plink_lock); 558 559 /* If a timer fires just before a state transition on another CPU, 560 * we may have already extended the timeout and changed state by the 561 * time we've acquired the lock and arrived here. In that case, 562 * skip this timer and wait for the new one. 563 */ 564 if (time_before(jiffies, sta->plink_timer.expires)) { 565 mpl_dbg(sta->sdata, 566 "Ignoring timer for %pM in state %s (timer adjusted)", 567 sta->sta.addr, mplstates[sta->plink_state]); 568 spin_unlock_bh(&sta->plink_lock); 569 return; 570 } 571 572 /* del_timer() and handler may race when entering these states */ 573 if (sta->plink_state == NL80211_PLINK_LISTEN || 574 sta->plink_state == NL80211_PLINK_ESTAB) { 575 mpl_dbg(sta->sdata, 576 "Ignoring timer for %pM in state %s (timer deleted)", 577 sta->sta.addr, mplstates[sta->plink_state]); 578 spin_unlock_bh(&sta->plink_lock); 579 return; 580 } 581 582 mpl_dbg(sta->sdata, 583 "Mesh plink timer for %pM fired on state %s\n", 584 sta->sta.addr, mplstates[sta->plink_state]); 585 sdata = sta->sdata; 586 mshcfg = &sdata->u.mesh.mshcfg; 587 588 switch (sta->plink_state) { 589 case NL80211_PLINK_OPN_RCVD: 590 case NL80211_PLINK_OPN_SNT: 591 /* retry timer */ 592 if (sta->plink_retries < mshcfg->dot11MeshMaxRetries) { 593 u32 rand; 594 mpl_dbg(sta->sdata, 595 "Mesh plink for %pM (retry, timeout): %d %d\n", 596 sta->sta.addr, sta->plink_retries, 597 sta->plink_timeout); 598 get_random_bytes(&rand, sizeof(u32)); 599 sta->plink_timeout = sta->plink_timeout + 600 rand % sta->plink_timeout; 601 ++sta->plink_retries; 602 mod_plink_timer(sta, sta->plink_timeout); 603 action = WLAN_SP_MESH_PEERING_OPEN; 604 break; 605 } 606 reason = WLAN_REASON_MESH_MAX_RETRIES; 607 /* fall through on else */ 608 case NL80211_PLINK_CNF_RCVD: 609 /* confirm timer */ 610 if (!reason) 611 reason = WLAN_REASON_MESH_CONFIRM_TIMEOUT; 612 sta->plink_state = NL80211_PLINK_HOLDING; 613 mod_plink_timer(sta, mshcfg->dot11MeshHoldingTimeout); 614 action = WLAN_SP_MESH_PEERING_CLOSE; 615 break; 616 case NL80211_PLINK_HOLDING: 617 /* holding timer */ 618 del_timer(&sta->plink_timer); 619 mesh_plink_fsm_restart(sta); 620 break; 621 default: 622 break; 623 } 624 spin_unlock_bh(&sta->plink_lock); 625 if (action) 626 mesh_plink_frame_tx(sdata, action, sta->sta.addr, 627 sta->llid, sta->plid, reason); 628 } 629 630 static inline void mesh_plink_timer_set(struct sta_info *sta, u32 timeout) 631 { 632 sta->plink_timer.expires = jiffies + msecs_to_jiffies(timeout); 633 sta->plink_timer.data = (unsigned long) sta; 634 sta->plink_timer.function = mesh_plink_timer; 635 sta->plink_timeout = timeout; 636 add_timer(&sta->plink_timer); 637 } 638 639 static bool llid_in_use(struct ieee80211_sub_if_data *sdata, 640 u16 llid) 641 { 642 struct ieee80211_local *local = sdata->local; 643 bool in_use = false; 644 struct sta_info *sta; 645 646 rcu_read_lock(); 647 list_for_each_entry_rcu(sta, &local->sta_list, list) { 648 if (!memcmp(&sta->llid, &llid, sizeof(llid))) { 649 in_use = true; 650 break; 651 } 652 } 653 rcu_read_unlock(); 654 655 return in_use; 656 } 657 658 static u16 mesh_get_new_llid(struct ieee80211_sub_if_data *sdata) 659 { 660 u16 llid; 661 662 do { 663 get_random_bytes(&llid, sizeof(llid)); 664 /* for mesh PS we still only have the AID range for TIM bits */ 665 llid = (llid % IEEE80211_MAX_AID) + 1; 666 } while (llid_in_use(sdata, llid)); 667 668 return llid; 669 } 670 671 u32 mesh_plink_open(struct sta_info *sta) 672 { 673 struct ieee80211_sub_if_data *sdata = sta->sdata; 674 u32 changed; 675 676 if (!test_sta_flag(sta, WLAN_STA_AUTH)) 677 return 0; 678 679 spin_lock_bh(&sta->plink_lock); 680 sta->llid = mesh_get_new_llid(sdata); 681 if (sta->plink_state != NL80211_PLINK_LISTEN && 682 sta->plink_state != NL80211_PLINK_BLOCKED) { 683 spin_unlock_bh(&sta->plink_lock); 684 return 0; 685 } 686 sta->plink_state = NL80211_PLINK_OPN_SNT; 687 mesh_plink_timer_set(sta, sdata->u.mesh.mshcfg.dot11MeshRetryTimeout); 688 spin_unlock_bh(&sta->plink_lock); 689 mpl_dbg(sdata, 690 "Mesh plink: starting establishment with %pM\n", 691 sta->sta.addr); 692 693 /* set the non-peer mode to active during peering */ 694 changed = ieee80211_mps_local_status_update(sdata); 695 696 mesh_plink_frame_tx(sdata, WLAN_SP_MESH_PEERING_OPEN, 697 sta->sta.addr, sta->llid, 0, 0); 698 return changed; 699 } 700 701 u32 mesh_plink_block(struct sta_info *sta) 702 { 703 u32 changed; 704 705 spin_lock_bh(&sta->plink_lock); 706 changed = __mesh_plink_deactivate(sta); 707 sta->plink_state = NL80211_PLINK_BLOCKED; 708 spin_unlock_bh(&sta->plink_lock); 709 710 return changed; 711 } 712 713 static void mesh_plink_close(struct ieee80211_sub_if_data *sdata, 714 struct sta_info *sta, 715 enum plink_event event) 716 { 717 struct mesh_config *mshcfg = &sdata->u.mesh.mshcfg; 718 719 u16 reason = (event == CLS_ACPT) ? 720 WLAN_REASON_MESH_CLOSE : WLAN_REASON_MESH_CONFIG; 721 722 sta->reason = reason; 723 sta->plink_state = NL80211_PLINK_HOLDING; 724 mod_plink_timer(sta, mshcfg->dot11MeshHoldingTimeout); 725 } 726 727 static u32 mesh_plink_establish(struct ieee80211_sub_if_data *sdata, 728 struct sta_info *sta) 729 { 730 struct mesh_config *mshcfg = &sdata->u.mesh.mshcfg; 731 u32 changed = 0; 732 733 del_timer(&sta->plink_timer); 734 sta->plink_state = NL80211_PLINK_ESTAB; 735 changed |= mesh_plink_inc_estab_count(sdata); 736 changed |= mesh_set_ht_prot_mode(sdata); 737 changed |= mesh_set_short_slot_time(sdata); 738 mpl_dbg(sdata, "Mesh plink with %pM ESTABLISHED\n", sta->sta.addr); 739 ieee80211_mps_sta_status_update(sta); 740 changed |= ieee80211_mps_set_sta_local_pm(sta, mshcfg->power_mode); 741 return changed; 742 } 743 744 /** 745 * mesh_plink_fsm - step @sta MPM based on @event 746 * 747 * @sdata: interface 748 * @sta: mesh neighbor 749 * @event: peering event 750 * 751 * Return: changed MBSS flags 752 */ 753 static u32 mesh_plink_fsm(struct ieee80211_sub_if_data *sdata, 754 struct sta_info *sta, enum plink_event event) 755 { 756 struct mesh_config *mshcfg = &sdata->u.mesh.mshcfg; 757 enum ieee80211_self_protected_actioncode action = 0; 758 u32 changed = 0; 759 760 mpl_dbg(sdata, "peer %pM in state %s got event %s\n", sta->sta.addr, 761 mplstates[sta->plink_state], mplevents[event]); 762 763 spin_lock_bh(&sta->plink_lock); 764 switch (sta->plink_state) { 765 case NL80211_PLINK_LISTEN: 766 switch (event) { 767 case CLS_ACPT: 768 mesh_plink_fsm_restart(sta); 769 break; 770 case OPN_ACPT: 771 sta->plink_state = NL80211_PLINK_OPN_RCVD; 772 sta->llid = mesh_get_new_llid(sdata); 773 mesh_plink_timer_set(sta, 774 mshcfg->dot11MeshRetryTimeout); 775 776 /* set the non-peer mode to active during peering */ 777 changed |= ieee80211_mps_local_status_update(sdata); 778 action = WLAN_SP_MESH_PEERING_OPEN; 779 break; 780 default: 781 break; 782 } 783 break; 784 case NL80211_PLINK_OPN_SNT: 785 switch (event) { 786 case OPN_RJCT: 787 case CNF_RJCT: 788 case CLS_ACPT: 789 mesh_plink_close(sdata, sta, event); 790 action = WLAN_SP_MESH_PEERING_CLOSE; 791 break; 792 case OPN_ACPT: 793 /* retry timer is left untouched */ 794 sta->plink_state = NL80211_PLINK_OPN_RCVD; 795 action = WLAN_SP_MESH_PEERING_CONFIRM; 796 break; 797 case CNF_ACPT: 798 sta->plink_state = NL80211_PLINK_CNF_RCVD; 799 mod_plink_timer(sta, mshcfg->dot11MeshConfirmTimeout); 800 break; 801 default: 802 break; 803 } 804 break; 805 case NL80211_PLINK_OPN_RCVD: 806 switch (event) { 807 case OPN_RJCT: 808 case CNF_RJCT: 809 case CLS_ACPT: 810 mesh_plink_close(sdata, sta, event); 811 action = WLAN_SP_MESH_PEERING_CLOSE; 812 break; 813 case OPN_ACPT: 814 action = WLAN_SP_MESH_PEERING_CONFIRM; 815 break; 816 case CNF_ACPT: 817 changed |= mesh_plink_establish(sdata, sta); 818 break; 819 default: 820 break; 821 } 822 break; 823 case NL80211_PLINK_CNF_RCVD: 824 switch (event) { 825 case OPN_RJCT: 826 case CNF_RJCT: 827 case CLS_ACPT: 828 mesh_plink_close(sdata, sta, event); 829 action = WLAN_SP_MESH_PEERING_CLOSE; 830 break; 831 case OPN_ACPT: 832 changed |= mesh_plink_establish(sdata, sta); 833 action = WLAN_SP_MESH_PEERING_CONFIRM; 834 break; 835 default: 836 break; 837 } 838 break; 839 case NL80211_PLINK_ESTAB: 840 switch (event) { 841 case CLS_ACPT: 842 changed |= __mesh_plink_deactivate(sta); 843 changed |= mesh_set_ht_prot_mode(sdata); 844 changed |= mesh_set_short_slot_time(sdata); 845 mesh_plink_close(sdata, sta, event); 846 action = WLAN_SP_MESH_PEERING_CLOSE; 847 break; 848 case OPN_ACPT: 849 action = WLAN_SP_MESH_PEERING_CONFIRM; 850 break; 851 default: 852 break; 853 } 854 break; 855 case NL80211_PLINK_HOLDING: 856 switch (event) { 857 case CLS_ACPT: 858 del_timer(&sta->plink_timer); 859 mesh_plink_fsm_restart(sta); 860 break; 861 case OPN_ACPT: 862 case CNF_ACPT: 863 case OPN_RJCT: 864 case CNF_RJCT: 865 action = WLAN_SP_MESH_PEERING_CLOSE; 866 break; 867 default: 868 break; 869 } 870 break; 871 default: 872 /* should not get here, PLINK_BLOCKED is dealt with at the 873 * beginning of the function 874 */ 875 break; 876 } 877 spin_unlock_bh(&sta->plink_lock); 878 if (action) { 879 mesh_plink_frame_tx(sdata, action, sta->sta.addr, 880 sta->llid, sta->plid, sta->reason); 881 882 /* also send confirm in open case */ 883 if (action == WLAN_SP_MESH_PEERING_OPEN) { 884 mesh_plink_frame_tx(sdata, 885 WLAN_SP_MESH_PEERING_CONFIRM, 886 sta->sta.addr, sta->llid, 887 sta->plid, 0); 888 } 889 } 890 891 return changed; 892 } 893 894 /* 895 * mesh_plink_get_event - get correct MPM event 896 * 897 * @sdata: interface 898 * @sta: peer, leave NULL if processing a frame from a new suitable peer 899 * @elems: peering management IEs 900 * @ftype: frame type 901 * @llid: peer's peer link ID 902 * @plid: peer's local link ID 903 * 904 * Return: new peering event for @sta, but PLINK_UNDEFINED should be treated as 905 * an error. 906 */ 907 static enum plink_event 908 mesh_plink_get_event(struct ieee80211_sub_if_data *sdata, 909 struct sta_info *sta, 910 struct ieee802_11_elems *elems, 911 enum ieee80211_self_protected_actioncode ftype, 912 u16 llid, u16 plid) 913 { 914 enum plink_event event = PLINK_UNDEFINED; 915 u8 ie_len = elems->peering_len; 916 bool matches_local; 917 918 matches_local = (ftype == WLAN_SP_MESH_PEERING_CLOSE || 919 mesh_matches_local(sdata, elems)); 920 921 /* deny open request from non-matching peer */ 922 if (!matches_local && !sta) { 923 event = OPN_RJCT; 924 goto out; 925 } 926 927 if (!sta) { 928 if (ftype != WLAN_SP_MESH_PEERING_OPEN) { 929 mpl_dbg(sdata, "Mesh plink: cls or cnf from unknown peer\n"); 930 goto out; 931 } 932 /* ftype == WLAN_SP_MESH_PEERING_OPEN */ 933 if (!mesh_plink_free_count(sdata)) { 934 mpl_dbg(sdata, "Mesh plink error: no more free plinks\n"); 935 goto out; 936 } 937 } else { 938 if (!test_sta_flag(sta, WLAN_STA_AUTH)) { 939 mpl_dbg(sdata, "Mesh plink: Action frame from non-authed peer\n"); 940 goto out; 941 } 942 if (sta->plink_state == NL80211_PLINK_BLOCKED) 943 goto out; 944 } 945 946 /* new matching peer */ 947 if (!sta) { 948 event = OPN_ACPT; 949 goto out; 950 } 951 952 switch (ftype) { 953 case WLAN_SP_MESH_PEERING_OPEN: 954 if (!matches_local) 955 event = OPN_RJCT; 956 if (!mesh_plink_free_count(sdata) || 957 (sta->plid && sta->plid != plid)) 958 event = OPN_IGNR; 959 else 960 event = OPN_ACPT; 961 break; 962 case WLAN_SP_MESH_PEERING_CONFIRM: 963 if (!matches_local) 964 event = CNF_RJCT; 965 if (!mesh_plink_free_count(sdata) || 966 sta->llid != llid || 967 (sta->plid && sta->plid != plid)) 968 event = CNF_IGNR; 969 else 970 event = CNF_ACPT; 971 break; 972 case WLAN_SP_MESH_PEERING_CLOSE: 973 if (sta->plink_state == NL80211_PLINK_ESTAB) 974 /* Do not check for llid or plid. This does not 975 * follow the standard but since multiple plinks 976 * per sta are not supported, it is necessary in 977 * order to avoid a livelock when MP A sees an 978 * establish peer link to MP B but MP B does not 979 * see it. This can be caused by a timeout in 980 * B's peer link establishment or B beign 981 * restarted. 982 */ 983 event = CLS_ACPT; 984 else if (sta->plid != plid) 985 event = CLS_IGNR; 986 else if (ie_len == 8 && sta->llid != llid) 987 event = CLS_IGNR; 988 else 989 event = CLS_ACPT; 990 break; 991 default: 992 mpl_dbg(sdata, "Mesh plink: unknown frame subtype\n"); 993 break; 994 } 995 996 out: 997 return event; 998 } 999 1000 static void 1001 mesh_process_plink_frame(struct ieee80211_sub_if_data *sdata, 1002 struct ieee80211_mgmt *mgmt, 1003 struct ieee802_11_elems *elems) 1004 { 1005 1006 struct sta_info *sta; 1007 enum plink_event event; 1008 enum ieee80211_self_protected_actioncode ftype; 1009 u32 changed = 0; 1010 u8 ie_len = elems->peering_len; 1011 u16 plid, llid = 0; 1012 1013 if (!elems->peering) { 1014 mpl_dbg(sdata, 1015 "Mesh plink: missing necessary peer link ie\n"); 1016 return; 1017 } 1018 1019 if (elems->rsn_len && 1020 sdata->u.mesh.security == IEEE80211_MESH_SEC_NONE) { 1021 mpl_dbg(sdata, 1022 "Mesh plink: can't establish link with secure peer\n"); 1023 return; 1024 } 1025 1026 ftype = mgmt->u.action.u.self_prot.action_code; 1027 if ((ftype == WLAN_SP_MESH_PEERING_OPEN && ie_len != 4) || 1028 (ftype == WLAN_SP_MESH_PEERING_CONFIRM && ie_len != 6) || 1029 (ftype == WLAN_SP_MESH_PEERING_CLOSE && ie_len != 6 1030 && ie_len != 8)) { 1031 mpl_dbg(sdata, 1032 "Mesh plink: incorrect plink ie length %d %d\n", 1033 ftype, ie_len); 1034 return; 1035 } 1036 1037 if (ftype != WLAN_SP_MESH_PEERING_CLOSE && 1038 (!elems->mesh_id || !elems->mesh_config)) { 1039 mpl_dbg(sdata, "Mesh plink: missing necessary ie\n"); 1040 return; 1041 } 1042 /* Note the lines below are correct, the llid in the frame is the plid 1043 * from the point of view of this host. 1044 */ 1045 plid = get_unaligned_le16(PLINK_GET_LLID(elems->peering)); 1046 if (ftype == WLAN_SP_MESH_PEERING_CONFIRM || 1047 (ftype == WLAN_SP_MESH_PEERING_CLOSE && ie_len == 8)) 1048 llid = get_unaligned_le16(PLINK_GET_PLID(elems->peering)); 1049 1050 /* WARNING: Only for sta pointer, is dropped & re-acquired */ 1051 rcu_read_lock(); 1052 1053 sta = sta_info_get(sdata, mgmt->sa); 1054 1055 if (ftype == WLAN_SP_MESH_PEERING_OPEN && 1056 !rssi_threshold_check(sdata, sta)) { 1057 mpl_dbg(sdata, "Mesh plink: %pM does not meet rssi threshold\n", 1058 mgmt->sa); 1059 goto unlock_rcu; 1060 } 1061 1062 /* Now we will figure out the appropriate event... */ 1063 event = mesh_plink_get_event(sdata, sta, elems, ftype, llid, plid); 1064 1065 if (event == OPN_ACPT) { 1066 rcu_read_unlock(); 1067 /* allocate sta entry if necessary and update info */ 1068 sta = mesh_sta_info_get(sdata, mgmt->sa, elems); 1069 if (!sta) { 1070 mpl_dbg(sdata, "Mesh plink: failed to init peer!\n"); 1071 goto unlock_rcu; 1072 } 1073 sta->plid = plid; 1074 } else if (!sta && event == OPN_RJCT) { 1075 mesh_plink_frame_tx(sdata, WLAN_SP_MESH_PEERING_CLOSE, 1076 mgmt->sa, 0, plid, 1077 WLAN_REASON_MESH_CONFIG); 1078 goto unlock_rcu; 1079 } else if (!sta || event == PLINK_UNDEFINED) { 1080 /* something went wrong */ 1081 goto unlock_rcu; 1082 } 1083 1084 /* 802.11-2012 13.3.7.2 - update plid on CNF if not set */ 1085 if (!sta->plid && event == CNF_ACPT) 1086 sta->plid = plid; 1087 1088 changed |= mesh_plink_fsm(sdata, sta, event); 1089 1090 unlock_rcu: 1091 rcu_read_unlock(); 1092 1093 if (changed) 1094 ieee80211_mbss_info_change_notify(sdata, changed); 1095 } 1096 1097 void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, 1098 struct ieee80211_mgmt *mgmt, size_t len, 1099 struct ieee80211_rx_status *rx_status) 1100 { 1101 struct ieee802_11_elems elems; 1102 size_t baselen; 1103 u8 *baseaddr; 1104 1105 /* need action_code, aux */ 1106 if (len < IEEE80211_MIN_ACTION_SIZE + 3) 1107 return; 1108 1109 if (sdata->u.mesh.user_mpm) 1110 /* userspace must register for these */ 1111 return; 1112 1113 if (is_multicast_ether_addr(mgmt->da)) { 1114 mpl_dbg(sdata, 1115 "Mesh plink: ignore frame from multicast address\n"); 1116 return; 1117 } 1118 1119 baseaddr = mgmt->u.action.u.self_prot.variable; 1120 baselen = (u8 *) mgmt->u.action.u.self_prot.variable - (u8 *) mgmt; 1121 if (mgmt->u.action.u.self_prot.action_code == 1122 WLAN_SP_MESH_PEERING_CONFIRM) { 1123 baseaddr += 4; 1124 baselen += 4; 1125 1126 if (baselen > len) 1127 return; 1128 } 1129 ieee802_11_parse_elems(baseaddr, len - baselen, true, &elems); 1130 mesh_process_plink_frame(sdata, mgmt, &elems); 1131 } 1132