1 /* 2 * Copyright (c) 2008, 2009 open80211s Ltd. 3 * Author: Luis Carlos Cobo <luisca@cozybit.com> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 */ 9 #include <linux/gfp.h> 10 #include <linux/kernel.h> 11 #include <linux/random.h> 12 #include "ieee80211_i.h" 13 #include "rate.h" 14 #include "mesh.h" 15 16 #define PLINK_CNF_AID(mgmt) ((mgmt)->u.action.u.self_prot.variable + 2) 17 #define PLINK_GET_LLID(p) (p + 2) 18 #define PLINK_GET_PLID(p) (p + 4) 19 20 #define mod_plink_timer(s, t) (mod_timer(&s->mesh->plink_timer, \ 21 jiffies + msecs_to_jiffies(t))) 22 23 enum plink_event { 24 PLINK_UNDEFINED, 25 OPN_ACPT, 26 OPN_RJCT, 27 OPN_IGNR, 28 CNF_ACPT, 29 CNF_RJCT, 30 CNF_IGNR, 31 CLS_ACPT, 32 CLS_IGNR 33 }; 34 35 static const char * const mplstates[] = { 36 [NL80211_PLINK_LISTEN] = "LISTEN", 37 [NL80211_PLINK_OPN_SNT] = "OPN-SNT", 38 [NL80211_PLINK_OPN_RCVD] = "OPN-RCVD", 39 [NL80211_PLINK_CNF_RCVD] = "CNF_RCVD", 40 [NL80211_PLINK_ESTAB] = "ESTAB", 41 [NL80211_PLINK_HOLDING] = "HOLDING", 42 [NL80211_PLINK_BLOCKED] = "BLOCKED" 43 }; 44 45 static const char * const mplevents[] = { 46 [PLINK_UNDEFINED] = "NONE", 47 [OPN_ACPT] = "OPN_ACPT", 48 [OPN_RJCT] = "OPN_RJCT", 49 [OPN_IGNR] = "OPN_IGNR", 50 [CNF_ACPT] = "CNF_ACPT", 51 [CNF_RJCT] = "CNF_RJCT", 52 [CNF_IGNR] = "CNF_IGNR", 53 [CLS_ACPT] = "CLS_ACPT", 54 [CLS_IGNR] = "CLS_IGNR" 55 }; 56 57 /* We only need a valid sta if user configured a minimum rssi_threshold. */ 58 static bool rssi_threshold_check(struct ieee80211_sub_if_data *sdata, 59 struct sta_info *sta) 60 { 61 s32 rssi_threshold = sdata->u.mesh.mshcfg.rssi_threshold; 62 return rssi_threshold == 0 || 63 (sta && 64 (s8)-ewma_signal_read(&sta->rx_stats_avg.signal) > 65 rssi_threshold); 66 } 67 68 /** 69 * mesh_plink_fsm_restart - restart a mesh peer link finite state machine 70 * 71 * @sta: mesh peer link to restart 72 * 73 * Locking: this function must be called holding sta->mesh->plink_lock 74 */ 75 static inline void mesh_plink_fsm_restart(struct sta_info *sta) 76 { 77 lockdep_assert_held(&sta->mesh->plink_lock); 78 sta->mesh->plink_state = NL80211_PLINK_LISTEN; 79 sta->mesh->llid = sta->mesh->plid = sta->mesh->reason = 0; 80 sta->mesh->plink_retries = 0; 81 } 82 83 /* 84 * mesh_set_short_slot_time - enable / disable ERP short slot time. 85 * 86 * The standard indirectly mandates mesh STAs to turn off short slot time by 87 * disallowing advertising this (802.11-2012 8.4.1.4), but that doesn't mean we 88 * can't be sneaky about it. Enable short slot time if all mesh STAs in the 89 * MBSS support ERP rates. 90 * 91 * Returns BSS_CHANGED_ERP_SLOT or 0 for no change. 92 */ 93 static u32 mesh_set_short_slot_time(struct ieee80211_sub_if_data *sdata) 94 { 95 struct ieee80211_local *local = sdata->local; 96 enum nl80211_band band = ieee80211_get_sdata_band(sdata); 97 struct ieee80211_supported_band *sband = local->hw.wiphy->bands[band]; 98 struct sta_info *sta; 99 u32 erp_rates = 0, changed = 0; 100 int i; 101 bool short_slot = false; 102 103 if (band == NL80211_BAND_5GHZ) { 104 /* (IEEE 802.11-2012 19.4.5) */ 105 short_slot = true; 106 goto out; 107 } else if (band != NL80211_BAND_2GHZ) 108 goto out; 109 110 for (i = 0; i < sband->n_bitrates; i++) 111 if (sband->bitrates[i].flags & IEEE80211_RATE_ERP_G) 112 erp_rates |= BIT(i); 113 114 if (!erp_rates) 115 goto out; 116 117 rcu_read_lock(); 118 list_for_each_entry_rcu(sta, &local->sta_list, list) { 119 if (sdata != sta->sdata || 120 sta->mesh->plink_state != NL80211_PLINK_ESTAB) 121 continue; 122 123 short_slot = false; 124 if (erp_rates & sta->sta.supp_rates[band]) 125 short_slot = true; 126 else 127 break; 128 } 129 rcu_read_unlock(); 130 131 out: 132 if (sdata->vif.bss_conf.use_short_slot != short_slot) { 133 sdata->vif.bss_conf.use_short_slot = short_slot; 134 changed = BSS_CHANGED_ERP_SLOT; 135 mpl_dbg(sdata, "mesh_plink %pM: ERP short slot time %d\n", 136 sdata->vif.addr, short_slot); 137 } 138 return changed; 139 } 140 141 /** 142 * mesh_set_ht_prot_mode - set correct HT protection mode 143 * 144 * Section 9.23.3.5 of IEEE 80211-2012 describes the protection rules for HT 145 * mesh STA in a MBSS. Three HT protection modes are supported for now, non-HT 146 * mixed mode, 20MHz-protection and no-protection mode. non-HT mixed mode is 147 * selected if any non-HT peers are present in our MBSS. 20MHz-protection mode 148 * is selected if all peers in our 20/40MHz MBSS support HT and atleast one 149 * HT20 peer is present. Otherwise no-protection mode is selected. 150 */ 151 static u32 mesh_set_ht_prot_mode(struct ieee80211_sub_if_data *sdata) 152 { 153 struct ieee80211_local *local = sdata->local; 154 struct sta_info *sta; 155 u16 ht_opmode; 156 bool non_ht_sta = false, ht20_sta = false; 157 158 switch (sdata->vif.bss_conf.chandef.width) { 159 case NL80211_CHAN_WIDTH_20_NOHT: 160 case NL80211_CHAN_WIDTH_5: 161 case NL80211_CHAN_WIDTH_10: 162 return 0; 163 default: 164 break; 165 } 166 167 rcu_read_lock(); 168 list_for_each_entry_rcu(sta, &local->sta_list, list) { 169 if (sdata != sta->sdata || 170 sta->mesh->plink_state != NL80211_PLINK_ESTAB) 171 continue; 172 173 if (sta->sta.bandwidth > IEEE80211_STA_RX_BW_20) 174 continue; 175 176 if (!sta->sta.ht_cap.ht_supported) { 177 mpl_dbg(sdata, "nonHT sta (%pM) is present\n", 178 sta->sta.addr); 179 non_ht_sta = true; 180 break; 181 } 182 183 mpl_dbg(sdata, "HT20 sta (%pM) is present\n", sta->sta.addr); 184 ht20_sta = true; 185 } 186 rcu_read_unlock(); 187 188 if (non_ht_sta) 189 ht_opmode = IEEE80211_HT_OP_MODE_PROTECTION_NONHT_MIXED; 190 else if (ht20_sta && 191 sdata->vif.bss_conf.chandef.width > NL80211_CHAN_WIDTH_20) 192 ht_opmode = IEEE80211_HT_OP_MODE_PROTECTION_20MHZ; 193 else 194 ht_opmode = IEEE80211_HT_OP_MODE_PROTECTION_NONE; 195 196 if (sdata->vif.bss_conf.ht_operation_mode == ht_opmode) 197 return 0; 198 199 sdata->vif.bss_conf.ht_operation_mode = ht_opmode; 200 sdata->u.mesh.mshcfg.ht_opmode = ht_opmode; 201 mpl_dbg(sdata, "selected new HT protection mode %d\n", ht_opmode); 202 return BSS_CHANGED_HT; 203 } 204 205 static int mesh_plink_frame_tx(struct ieee80211_sub_if_data *sdata, 206 struct sta_info *sta, 207 enum ieee80211_self_protected_actioncode action, 208 u8 *da, u16 llid, u16 plid, u16 reason) 209 { 210 struct ieee80211_local *local = sdata->local; 211 struct sk_buff *skb; 212 struct ieee80211_tx_info *info; 213 struct ieee80211_mgmt *mgmt; 214 bool include_plid = false; 215 u16 peering_proto = 0; 216 u8 *pos, ie_len = 4; 217 int hdr_len = offsetof(struct ieee80211_mgmt, u.action.u.self_prot) + 218 sizeof(mgmt->u.action.u.self_prot); 219 int err = -ENOMEM; 220 221 skb = dev_alloc_skb(local->tx_headroom + 222 hdr_len + 223 2 + /* capability info */ 224 2 + /* AID */ 225 2 + 8 + /* supported rates */ 226 2 + (IEEE80211_MAX_SUPP_RATES - 8) + 227 2 + sdata->u.mesh.mesh_id_len + 228 2 + sizeof(struct ieee80211_meshconf_ie) + 229 2 + sizeof(struct ieee80211_ht_cap) + 230 2 + sizeof(struct ieee80211_ht_operation) + 231 2 + sizeof(struct ieee80211_vht_cap) + 232 2 + sizeof(struct ieee80211_vht_operation) + 233 2 + 8 + /* peering IE */ 234 sdata->u.mesh.ie_len); 235 if (!skb) 236 return err; 237 info = IEEE80211_SKB_CB(skb); 238 skb_reserve(skb, local->tx_headroom); 239 mgmt = (struct ieee80211_mgmt *) skb_put(skb, hdr_len); 240 memset(mgmt, 0, hdr_len); 241 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 242 IEEE80211_STYPE_ACTION); 243 memcpy(mgmt->da, da, ETH_ALEN); 244 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 245 memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN); 246 mgmt->u.action.category = WLAN_CATEGORY_SELF_PROTECTED; 247 mgmt->u.action.u.self_prot.action_code = action; 248 249 if (action != WLAN_SP_MESH_PEERING_CLOSE) { 250 enum nl80211_band band = ieee80211_get_sdata_band(sdata); 251 252 /* capability info */ 253 pos = skb_put(skb, 2); 254 memset(pos, 0, 2); 255 if (action == WLAN_SP_MESH_PEERING_CONFIRM) { 256 /* AID */ 257 pos = skb_put(skb, 2); 258 put_unaligned_le16(sta->sta.aid, pos); 259 } 260 if (ieee80211_add_srates_ie(sdata, skb, true, band) || 261 ieee80211_add_ext_srates_ie(sdata, skb, true, band) || 262 mesh_add_rsn_ie(sdata, skb) || 263 mesh_add_meshid_ie(sdata, skb) || 264 mesh_add_meshconf_ie(sdata, skb)) 265 goto free; 266 } else { /* WLAN_SP_MESH_PEERING_CLOSE */ 267 info->flags |= IEEE80211_TX_CTL_NO_ACK; 268 if (mesh_add_meshid_ie(sdata, skb)) 269 goto free; 270 } 271 272 /* Add Mesh Peering Management element */ 273 switch (action) { 274 case WLAN_SP_MESH_PEERING_OPEN: 275 break; 276 case WLAN_SP_MESH_PEERING_CONFIRM: 277 ie_len += 2; 278 include_plid = true; 279 break; 280 case WLAN_SP_MESH_PEERING_CLOSE: 281 if (plid) { 282 ie_len += 2; 283 include_plid = true; 284 } 285 ie_len += 2; /* reason code */ 286 break; 287 default: 288 err = -EINVAL; 289 goto free; 290 } 291 292 if (WARN_ON(skb_tailroom(skb) < 2 + ie_len)) 293 goto free; 294 295 pos = skb_put(skb, 2 + ie_len); 296 *pos++ = WLAN_EID_PEER_MGMT; 297 *pos++ = ie_len; 298 memcpy(pos, &peering_proto, 2); 299 pos += 2; 300 put_unaligned_le16(llid, pos); 301 pos += 2; 302 if (include_plid) { 303 put_unaligned_le16(plid, pos); 304 pos += 2; 305 } 306 if (action == WLAN_SP_MESH_PEERING_CLOSE) { 307 put_unaligned_le16(reason, pos); 308 pos += 2; 309 } 310 311 if (action != WLAN_SP_MESH_PEERING_CLOSE) { 312 if (mesh_add_ht_cap_ie(sdata, skb) || 313 mesh_add_ht_oper_ie(sdata, skb) || 314 mesh_add_vht_cap_ie(sdata, skb) || 315 mesh_add_vht_oper_ie(sdata, skb)) 316 goto free; 317 } 318 319 if (mesh_add_vendor_ies(sdata, skb)) 320 goto free; 321 322 ieee80211_tx_skb(sdata, skb); 323 return 0; 324 free: 325 kfree_skb(skb); 326 return err; 327 } 328 329 /** 330 * __mesh_plink_deactivate - deactivate mesh peer link 331 * 332 * @sta: mesh peer link to deactivate 333 * 334 * Mesh paths with this peer as next hop should be flushed 335 * by the caller outside of plink_lock. 336 * 337 * Returns beacon changed flag if the beacon content changed. 338 * 339 * Locking: the caller must hold sta->mesh->plink_lock 340 */ 341 static u32 __mesh_plink_deactivate(struct sta_info *sta) 342 { 343 struct ieee80211_sub_if_data *sdata = sta->sdata; 344 u32 changed = 0; 345 346 lockdep_assert_held(&sta->mesh->plink_lock); 347 348 if (sta->mesh->plink_state == NL80211_PLINK_ESTAB) 349 changed = mesh_plink_dec_estab_count(sdata); 350 sta->mesh->plink_state = NL80211_PLINK_BLOCKED; 351 352 ieee80211_mps_sta_status_update(sta); 353 changed |= ieee80211_mps_set_sta_local_pm(sta, 354 NL80211_MESH_POWER_UNKNOWN); 355 356 return changed; 357 } 358 359 /** 360 * mesh_plink_deactivate - deactivate mesh peer link 361 * 362 * @sta: mesh peer link to deactivate 363 * 364 * All mesh paths with this peer as next hop will be flushed 365 */ 366 u32 mesh_plink_deactivate(struct sta_info *sta) 367 { 368 struct ieee80211_sub_if_data *sdata = sta->sdata; 369 u32 changed; 370 371 spin_lock_bh(&sta->mesh->plink_lock); 372 changed = __mesh_plink_deactivate(sta); 373 374 if (!sdata->u.mesh.user_mpm) { 375 sta->mesh->reason = WLAN_REASON_MESH_PEER_CANCELED; 376 mesh_plink_frame_tx(sdata, sta, WLAN_SP_MESH_PEERING_CLOSE, 377 sta->sta.addr, sta->mesh->llid, 378 sta->mesh->plid, sta->mesh->reason); 379 } 380 spin_unlock_bh(&sta->mesh->plink_lock); 381 if (!sdata->u.mesh.user_mpm) 382 del_timer_sync(&sta->mesh->plink_timer); 383 mesh_path_flush_by_nexthop(sta); 384 385 /* make sure no readers can access nexthop sta from here on */ 386 synchronize_net(); 387 388 return changed; 389 } 390 391 static void mesh_sta_info_init(struct ieee80211_sub_if_data *sdata, 392 struct sta_info *sta, 393 struct ieee802_11_elems *elems, bool insert) 394 { 395 struct ieee80211_local *local = sdata->local; 396 enum nl80211_band band = ieee80211_get_sdata_band(sdata); 397 struct ieee80211_supported_band *sband; 398 u32 rates, basic_rates = 0, changed = 0; 399 enum ieee80211_sta_rx_bandwidth bw = sta->sta.bandwidth; 400 401 sband = local->hw.wiphy->bands[band]; 402 rates = ieee80211_sta_get_rates(sdata, elems, band, &basic_rates); 403 404 spin_lock_bh(&sta->mesh->plink_lock); 405 sta->rx_stats.last_rx = jiffies; 406 407 /* rates and capabilities don't change during peering */ 408 if (sta->mesh->plink_state == NL80211_PLINK_ESTAB && 409 sta->mesh->processed_beacon) 410 goto out; 411 sta->mesh->processed_beacon = true; 412 413 if (sta->sta.supp_rates[band] != rates) 414 changed |= IEEE80211_RC_SUPP_RATES_CHANGED; 415 sta->sta.supp_rates[band] = rates; 416 417 if (ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband, 418 elems->ht_cap_elem, sta)) 419 changed |= IEEE80211_RC_BW_CHANGED; 420 421 ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband, 422 elems->vht_cap_elem, sta); 423 424 if (bw != sta->sta.bandwidth) 425 changed |= IEEE80211_RC_BW_CHANGED; 426 427 /* HT peer is operating 20MHz-only */ 428 if (elems->ht_operation && 429 !(elems->ht_operation->ht_param & 430 IEEE80211_HT_PARAM_CHAN_WIDTH_ANY)) { 431 if (sta->sta.bandwidth != IEEE80211_STA_RX_BW_20) 432 changed |= IEEE80211_RC_BW_CHANGED; 433 sta->sta.bandwidth = IEEE80211_STA_RX_BW_20; 434 } 435 436 if (insert) 437 rate_control_rate_init(sta); 438 else 439 rate_control_rate_update(local, sband, sta, changed); 440 out: 441 spin_unlock_bh(&sta->mesh->plink_lock); 442 } 443 444 static int mesh_allocate_aid(struct ieee80211_sub_if_data *sdata) 445 { 446 struct sta_info *sta; 447 unsigned long *aid_map; 448 int aid; 449 450 aid_map = kcalloc(BITS_TO_LONGS(IEEE80211_MAX_AID + 1), 451 sizeof(*aid_map), GFP_KERNEL); 452 if (!aid_map) 453 return -ENOMEM; 454 455 /* reserve aid 0 for mcast indication */ 456 __set_bit(0, aid_map); 457 458 rcu_read_lock(); 459 list_for_each_entry_rcu(sta, &sdata->local->sta_list, list) 460 __set_bit(sta->sta.aid, aid_map); 461 rcu_read_unlock(); 462 463 aid = find_first_zero_bit(aid_map, IEEE80211_MAX_AID + 1); 464 kfree(aid_map); 465 466 if (aid > IEEE80211_MAX_AID) 467 return -ENOBUFS; 468 469 return aid; 470 } 471 472 static struct sta_info * 473 __mesh_sta_info_alloc(struct ieee80211_sub_if_data *sdata, u8 *hw_addr) 474 { 475 struct sta_info *sta; 476 int aid; 477 478 if (sdata->local->num_sta >= MESH_MAX_PLINKS) 479 return NULL; 480 481 aid = mesh_allocate_aid(sdata); 482 if (aid < 0) 483 return NULL; 484 485 sta = sta_info_alloc(sdata, hw_addr, GFP_KERNEL); 486 if (!sta) 487 return NULL; 488 489 sta->mesh->plink_state = NL80211_PLINK_LISTEN; 490 sta->sta.wme = true; 491 sta->sta.aid = aid; 492 493 sta_info_pre_move_state(sta, IEEE80211_STA_AUTH); 494 sta_info_pre_move_state(sta, IEEE80211_STA_ASSOC); 495 sta_info_pre_move_state(sta, IEEE80211_STA_AUTHORIZED); 496 497 return sta; 498 } 499 500 static struct sta_info * 501 mesh_sta_info_alloc(struct ieee80211_sub_if_data *sdata, u8 *addr, 502 struct ieee802_11_elems *elems) 503 { 504 struct sta_info *sta = NULL; 505 506 /* Userspace handles station allocation */ 507 if (sdata->u.mesh.user_mpm || 508 sdata->u.mesh.security & IEEE80211_MESH_SEC_AUTHED) 509 cfg80211_notify_new_peer_candidate(sdata->dev, addr, 510 elems->ie_start, 511 elems->total_len, 512 GFP_KERNEL); 513 else 514 sta = __mesh_sta_info_alloc(sdata, addr); 515 516 return sta; 517 } 518 519 /* 520 * mesh_sta_info_get - return mesh sta info entry for @addr. 521 * 522 * @sdata: local meshif 523 * @addr: peer's address 524 * @elems: IEs from beacon or mesh peering frame. 525 * 526 * Return existing or newly allocated sta_info under RCU read lock. 527 * (re)initialize with given IEs. 528 */ 529 static struct sta_info * 530 mesh_sta_info_get(struct ieee80211_sub_if_data *sdata, 531 u8 *addr, struct ieee802_11_elems *elems) __acquires(RCU) 532 { 533 struct sta_info *sta = NULL; 534 535 rcu_read_lock(); 536 sta = sta_info_get(sdata, addr); 537 if (sta) { 538 mesh_sta_info_init(sdata, sta, elems, false); 539 } else { 540 rcu_read_unlock(); 541 /* can't run atomic */ 542 sta = mesh_sta_info_alloc(sdata, addr, elems); 543 if (!sta) { 544 rcu_read_lock(); 545 return NULL; 546 } 547 548 mesh_sta_info_init(sdata, sta, elems, true); 549 550 if (sta_info_insert_rcu(sta)) 551 return NULL; 552 } 553 554 return sta; 555 } 556 557 /* 558 * mesh_neighbour_update - update or initialize new mesh neighbor. 559 * 560 * @sdata: local meshif 561 * @addr: peer's address 562 * @elems: IEs from beacon or mesh peering frame 563 * 564 * Initiates peering if appropriate. 565 */ 566 void mesh_neighbour_update(struct ieee80211_sub_if_data *sdata, 567 u8 *hw_addr, 568 struct ieee802_11_elems *elems) 569 { 570 struct sta_info *sta; 571 u32 changed = 0; 572 573 sta = mesh_sta_info_get(sdata, hw_addr, elems); 574 if (!sta) 575 goto out; 576 577 if (mesh_peer_accepts_plinks(elems) && 578 sta->mesh->plink_state == NL80211_PLINK_LISTEN && 579 sdata->u.mesh.accepting_plinks && 580 sdata->u.mesh.mshcfg.auto_open_plinks && 581 rssi_threshold_check(sdata, sta)) 582 changed = mesh_plink_open(sta); 583 584 ieee80211_mps_frame_release(sta, elems); 585 out: 586 rcu_read_unlock(); 587 ieee80211_mbss_info_change_notify(sdata, changed); 588 } 589 590 static void mesh_plink_timer(unsigned long data) 591 { 592 struct sta_info *sta; 593 u16 reason = 0; 594 struct ieee80211_sub_if_data *sdata; 595 struct mesh_config *mshcfg; 596 enum ieee80211_self_protected_actioncode action = 0; 597 598 /* 599 * This STA is valid because sta_info_destroy() will 600 * del_timer_sync() this timer after having made sure 601 * it cannot be readded (by deleting the plink.) 602 */ 603 sta = (struct sta_info *) data; 604 605 if (sta->sdata->local->quiescing) 606 return; 607 608 spin_lock_bh(&sta->mesh->plink_lock); 609 610 /* If a timer fires just before a state transition on another CPU, 611 * we may have already extended the timeout and changed state by the 612 * time we've acquired the lock and arrived here. In that case, 613 * skip this timer and wait for the new one. 614 */ 615 if (time_before(jiffies, sta->mesh->plink_timer.expires)) { 616 mpl_dbg(sta->sdata, 617 "Ignoring timer for %pM in state %s (timer adjusted)", 618 sta->sta.addr, mplstates[sta->mesh->plink_state]); 619 spin_unlock_bh(&sta->mesh->plink_lock); 620 return; 621 } 622 623 /* del_timer() and handler may race when entering these states */ 624 if (sta->mesh->plink_state == NL80211_PLINK_LISTEN || 625 sta->mesh->plink_state == NL80211_PLINK_ESTAB) { 626 mpl_dbg(sta->sdata, 627 "Ignoring timer for %pM in state %s (timer deleted)", 628 sta->sta.addr, mplstates[sta->mesh->plink_state]); 629 spin_unlock_bh(&sta->mesh->plink_lock); 630 return; 631 } 632 633 mpl_dbg(sta->sdata, 634 "Mesh plink timer for %pM fired on state %s\n", 635 sta->sta.addr, mplstates[sta->mesh->plink_state]); 636 sdata = sta->sdata; 637 mshcfg = &sdata->u.mesh.mshcfg; 638 639 switch (sta->mesh->plink_state) { 640 case NL80211_PLINK_OPN_RCVD: 641 case NL80211_PLINK_OPN_SNT: 642 /* retry timer */ 643 if (sta->mesh->plink_retries < mshcfg->dot11MeshMaxRetries) { 644 u32 rand; 645 mpl_dbg(sta->sdata, 646 "Mesh plink for %pM (retry, timeout): %d %d\n", 647 sta->sta.addr, sta->mesh->plink_retries, 648 sta->mesh->plink_timeout); 649 get_random_bytes(&rand, sizeof(u32)); 650 sta->mesh->plink_timeout = sta->mesh->plink_timeout + 651 rand % sta->mesh->plink_timeout; 652 ++sta->mesh->plink_retries; 653 mod_plink_timer(sta, sta->mesh->plink_timeout); 654 action = WLAN_SP_MESH_PEERING_OPEN; 655 break; 656 } 657 reason = WLAN_REASON_MESH_MAX_RETRIES; 658 /* fall through on else */ 659 case NL80211_PLINK_CNF_RCVD: 660 /* confirm timer */ 661 if (!reason) 662 reason = WLAN_REASON_MESH_CONFIRM_TIMEOUT; 663 sta->mesh->plink_state = NL80211_PLINK_HOLDING; 664 mod_plink_timer(sta, mshcfg->dot11MeshHoldingTimeout); 665 action = WLAN_SP_MESH_PEERING_CLOSE; 666 break; 667 case NL80211_PLINK_HOLDING: 668 /* holding timer */ 669 del_timer(&sta->mesh->plink_timer); 670 mesh_plink_fsm_restart(sta); 671 break; 672 default: 673 break; 674 } 675 spin_unlock_bh(&sta->mesh->plink_lock); 676 if (action) 677 mesh_plink_frame_tx(sdata, sta, action, sta->sta.addr, 678 sta->mesh->llid, sta->mesh->plid, reason); 679 } 680 681 static inline void mesh_plink_timer_set(struct sta_info *sta, u32 timeout) 682 { 683 sta->mesh->plink_timer.expires = jiffies + msecs_to_jiffies(timeout); 684 sta->mesh->plink_timer.data = (unsigned long) sta; 685 sta->mesh->plink_timer.function = mesh_plink_timer; 686 sta->mesh->plink_timeout = timeout; 687 add_timer(&sta->mesh->plink_timer); 688 } 689 690 static bool llid_in_use(struct ieee80211_sub_if_data *sdata, 691 u16 llid) 692 { 693 struct ieee80211_local *local = sdata->local; 694 bool in_use = false; 695 struct sta_info *sta; 696 697 rcu_read_lock(); 698 list_for_each_entry_rcu(sta, &local->sta_list, list) { 699 if (sdata != sta->sdata) 700 continue; 701 702 if (!memcmp(&sta->mesh->llid, &llid, sizeof(llid))) { 703 in_use = true; 704 break; 705 } 706 } 707 rcu_read_unlock(); 708 709 return in_use; 710 } 711 712 static u16 mesh_get_new_llid(struct ieee80211_sub_if_data *sdata) 713 { 714 u16 llid; 715 716 do { 717 get_random_bytes(&llid, sizeof(llid)); 718 } while (llid_in_use(sdata, llid)); 719 720 return llid; 721 } 722 723 u32 mesh_plink_open(struct sta_info *sta) 724 { 725 struct ieee80211_sub_if_data *sdata = sta->sdata; 726 u32 changed; 727 728 if (!test_sta_flag(sta, WLAN_STA_AUTH)) 729 return 0; 730 731 spin_lock_bh(&sta->mesh->plink_lock); 732 sta->mesh->llid = mesh_get_new_llid(sdata); 733 if (sta->mesh->plink_state != NL80211_PLINK_LISTEN && 734 sta->mesh->plink_state != NL80211_PLINK_BLOCKED) { 735 spin_unlock_bh(&sta->mesh->plink_lock); 736 return 0; 737 } 738 sta->mesh->plink_state = NL80211_PLINK_OPN_SNT; 739 mesh_plink_timer_set(sta, sdata->u.mesh.mshcfg.dot11MeshRetryTimeout); 740 spin_unlock_bh(&sta->mesh->plink_lock); 741 mpl_dbg(sdata, 742 "Mesh plink: starting establishment with %pM\n", 743 sta->sta.addr); 744 745 /* set the non-peer mode to active during peering */ 746 changed = ieee80211_mps_local_status_update(sdata); 747 748 mesh_plink_frame_tx(sdata, sta, WLAN_SP_MESH_PEERING_OPEN, 749 sta->sta.addr, sta->mesh->llid, 0, 0); 750 return changed; 751 } 752 753 u32 mesh_plink_block(struct sta_info *sta) 754 { 755 u32 changed; 756 757 spin_lock_bh(&sta->mesh->plink_lock); 758 changed = __mesh_plink_deactivate(sta); 759 sta->mesh->plink_state = NL80211_PLINK_BLOCKED; 760 spin_unlock_bh(&sta->mesh->plink_lock); 761 mesh_path_flush_by_nexthop(sta); 762 763 return changed; 764 } 765 766 static void mesh_plink_close(struct ieee80211_sub_if_data *sdata, 767 struct sta_info *sta, 768 enum plink_event event) 769 { 770 struct mesh_config *mshcfg = &sdata->u.mesh.mshcfg; 771 u16 reason = (event == CLS_ACPT) ? 772 WLAN_REASON_MESH_CLOSE : WLAN_REASON_MESH_CONFIG; 773 774 sta->mesh->reason = reason; 775 sta->mesh->plink_state = NL80211_PLINK_HOLDING; 776 mod_plink_timer(sta, mshcfg->dot11MeshHoldingTimeout); 777 } 778 779 static u32 mesh_plink_establish(struct ieee80211_sub_if_data *sdata, 780 struct sta_info *sta) 781 { 782 struct mesh_config *mshcfg = &sdata->u.mesh.mshcfg; 783 u32 changed = 0; 784 785 del_timer(&sta->mesh->plink_timer); 786 sta->mesh->plink_state = NL80211_PLINK_ESTAB; 787 changed |= mesh_plink_inc_estab_count(sdata); 788 changed |= mesh_set_ht_prot_mode(sdata); 789 changed |= mesh_set_short_slot_time(sdata); 790 mpl_dbg(sdata, "Mesh plink with %pM ESTABLISHED\n", sta->sta.addr); 791 ieee80211_mps_sta_status_update(sta); 792 changed |= ieee80211_mps_set_sta_local_pm(sta, mshcfg->power_mode); 793 return changed; 794 } 795 796 /** 797 * mesh_plink_fsm - step @sta MPM based on @event 798 * 799 * @sdata: interface 800 * @sta: mesh neighbor 801 * @event: peering event 802 * 803 * Return: changed MBSS flags 804 */ 805 static u32 mesh_plink_fsm(struct ieee80211_sub_if_data *sdata, 806 struct sta_info *sta, enum plink_event event) 807 { 808 struct mesh_config *mshcfg = &sdata->u.mesh.mshcfg; 809 enum ieee80211_self_protected_actioncode action = 0; 810 u32 changed = 0; 811 bool flush = false; 812 813 mpl_dbg(sdata, "peer %pM in state %s got event %s\n", sta->sta.addr, 814 mplstates[sta->mesh->plink_state], mplevents[event]); 815 816 spin_lock_bh(&sta->mesh->plink_lock); 817 switch (sta->mesh->plink_state) { 818 case NL80211_PLINK_LISTEN: 819 switch (event) { 820 case CLS_ACPT: 821 mesh_plink_fsm_restart(sta); 822 break; 823 case OPN_ACPT: 824 sta->mesh->plink_state = NL80211_PLINK_OPN_RCVD; 825 sta->mesh->llid = mesh_get_new_llid(sdata); 826 mesh_plink_timer_set(sta, 827 mshcfg->dot11MeshRetryTimeout); 828 829 /* set the non-peer mode to active during peering */ 830 changed |= ieee80211_mps_local_status_update(sdata); 831 action = WLAN_SP_MESH_PEERING_OPEN; 832 break; 833 default: 834 break; 835 } 836 break; 837 case NL80211_PLINK_OPN_SNT: 838 switch (event) { 839 case OPN_RJCT: 840 case CNF_RJCT: 841 case CLS_ACPT: 842 mesh_plink_close(sdata, sta, event); 843 action = WLAN_SP_MESH_PEERING_CLOSE; 844 break; 845 case OPN_ACPT: 846 /* retry timer is left untouched */ 847 sta->mesh->plink_state = NL80211_PLINK_OPN_RCVD; 848 action = WLAN_SP_MESH_PEERING_CONFIRM; 849 break; 850 case CNF_ACPT: 851 sta->mesh->plink_state = NL80211_PLINK_CNF_RCVD; 852 mod_plink_timer(sta, mshcfg->dot11MeshConfirmTimeout); 853 break; 854 default: 855 break; 856 } 857 break; 858 case NL80211_PLINK_OPN_RCVD: 859 switch (event) { 860 case OPN_RJCT: 861 case CNF_RJCT: 862 case CLS_ACPT: 863 mesh_plink_close(sdata, sta, event); 864 action = WLAN_SP_MESH_PEERING_CLOSE; 865 break; 866 case OPN_ACPT: 867 action = WLAN_SP_MESH_PEERING_CONFIRM; 868 break; 869 case CNF_ACPT: 870 changed |= mesh_plink_establish(sdata, sta); 871 break; 872 default: 873 break; 874 } 875 break; 876 case NL80211_PLINK_CNF_RCVD: 877 switch (event) { 878 case OPN_RJCT: 879 case CNF_RJCT: 880 case CLS_ACPT: 881 mesh_plink_close(sdata, sta, event); 882 action = WLAN_SP_MESH_PEERING_CLOSE; 883 break; 884 case OPN_ACPT: 885 changed |= mesh_plink_establish(sdata, sta); 886 action = WLAN_SP_MESH_PEERING_CONFIRM; 887 break; 888 default: 889 break; 890 } 891 break; 892 case NL80211_PLINK_ESTAB: 893 switch (event) { 894 case CLS_ACPT: 895 changed |= __mesh_plink_deactivate(sta); 896 changed |= mesh_set_ht_prot_mode(sdata); 897 changed |= mesh_set_short_slot_time(sdata); 898 mesh_plink_close(sdata, sta, event); 899 action = WLAN_SP_MESH_PEERING_CLOSE; 900 flush = true; 901 break; 902 case OPN_ACPT: 903 action = WLAN_SP_MESH_PEERING_CONFIRM; 904 break; 905 default: 906 break; 907 } 908 break; 909 case NL80211_PLINK_HOLDING: 910 switch (event) { 911 case CLS_ACPT: 912 del_timer(&sta->mesh->plink_timer); 913 mesh_plink_fsm_restart(sta); 914 break; 915 case OPN_ACPT: 916 case CNF_ACPT: 917 case OPN_RJCT: 918 case CNF_RJCT: 919 action = WLAN_SP_MESH_PEERING_CLOSE; 920 break; 921 default: 922 break; 923 } 924 break; 925 default: 926 /* should not get here, PLINK_BLOCKED is dealt with at the 927 * beginning of the function 928 */ 929 break; 930 } 931 spin_unlock_bh(&sta->mesh->plink_lock); 932 if (flush) 933 mesh_path_flush_by_nexthop(sta); 934 if (action) { 935 mesh_plink_frame_tx(sdata, sta, action, sta->sta.addr, 936 sta->mesh->llid, sta->mesh->plid, 937 sta->mesh->reason); 938 939 /* also send confirm in open case */ 940 if (action == WLAN_SP_MESH_PEERING_OPEN) { 941 mesh_plink_frame_tx(sdata, sta, 942 WLAN_SP_MESH_PEERING_CONFIRM, 943 sta->sta.addr, sta->mesh->llid, 944 sta->mesh->plid, 0); 945 } 946 } 947 948 return changed; 949 } 950 951 /* 952 * mesh_plink_get_event - get correct MPM event 953 * 954 * @sdata: interface 955 * @sta: peer, leave NULL if processing a frame from a new suitable peer 956 * @elems: peering management IEs 957 * @ftype: frame type 958 * @llid: peer's peer link ID 959 * @plid: peer's local link ID 960 * 961 * Return: new peering event for @sta, but PLINK_UNDEFINED should be treated as 962 * an error. 963 */ 964 static enum plink_event 965 mesh_plink_get_event(struct ieee80211_sub_if_data *sdata, 966 struct sta_info *sta, 967 struct ieee802_11_elems *elems, 968 enum ieee80211_self_protected_actioncode ftype, 969 u16 llid, u16 plid) 970 { 971 enum plink_event event = PLINK_UNDEFINED; 972 u8 ie_len = elems->peering_len; 973 bool matches_local; 974 975 matches_local = (ftype == WLAN_SP_MESH_PEERING_CLOSE || 976 mesh_matches_local(sdata, elems)); 977 978 /* deny open request from non-matching peer */ 979 if (!matches_local && !sta) { 980 event = OPN_RJCT; 981 goto out; 982 } 983 984 if (!sta) { 985 if (ftype != WLAN_SP_MESH_PEERING_OPEN) { 986 mpl_dbg(sdata, "Mesh plink: cls or cnf from unknown peer\n"); 987 goto out; 988 } 989 /* ftype == WLAN_SP_MESH_PEERING_OPEN */ 990 if (!mesh_plink_free_count(sdata)) { 991 mpl_dbg(sdata, "Mesh plink error: no more free plinks\n"); 992 goto out; 993 } 994 995 /* new matching peer */ 996 event = OPN_ACPT; 997 goto out; 998 } else { 999 if (!test_sta_flag(sta, WLAN_STA_AUTH)) { 1000 mpl_dbg(sdata, "Mesh plink: Action frame from non-authed peer\n"); 1001 goto out; 1002 } 1003 if (sta->mesh->plink_state == NL80211_PLINK_BLOCKED) 1004 goto out; 1005 } 1006 1007 switch (ftype) { 1008 case WLAN_SP_MESH_PEERING_OPEN: 1009 if (!matches_local) 1010 event = OPN_RJCT; 1011 if (!mesh_plink_free_count(sdata) || 1012 (sta->mesh->plid && sta->mesh->plid != plid)) 1013 event = OPN_IGNR; 1014 else 1015 event = OPN_ACPT; 1016 break; 1017 case WLAN_SP_MESH_PEERING_CONFIRM: 1018 if (!matches_local) 1019 event = CNF_RJCT; 1020 if (!mesh_plink_free_count(sdata) || 1021 sta->mesh->llid != llid || 1022 (sta->mesh->plid && sta->mesh->plid != plid)) 1023 event = CNF_IGNR; 1024 else 1025 event = CNF_ACPT; 1026 break; 1027 case WLAN_SP_MESH_PEERING_CLOSE: 1028 if (sta->mesh->plink_state == NL80211_PLINK_ESTAB) 1029 /* Do not check for llid or plid. This does not 1030 * follow the standard but since multiple plinks 1031 * per sta are not supported, it is necessary in 1032 * order to avoid a livelock when MP A sees an 1033 * establish peer link to MP B but MP B does not 1034 * see it. This can be caused by a timeout in 1035 * B's peer link establishment or B beign 1036 * restarted. 1037 */ 1038 event = CLS_ACPT; 1039 else if (sta->mesh->plid != plid) 1040 event = CLS_IGNR; 1041 else if (ie_len == 8 && sta->mesh->llid != llid) 1042 event = CLS_IGNR; 1043 else 1044 event = CLS_ACPT; 1045 break; 1046 default: 1047 mpl_dbg(sdata, "Mesh plink: unknown frame subtype\n"); 1048 break; 1049 } 1050 1051 out: 1052 return event; 1053 } 1054 1055 static void 1056 mesh_process_plink_frame(struct ieee80211_sub_if_data *sdata, 1057 struct ieee80211_mgmt *mgmt, 1058 struct ieee802_11_elems *elems) 1059 { 1060 1061 struct sta_info *sta; 1062 enum plink_event event; 1063 enum ieee80211_self_protected_actioncode ftype; 1064 u32 changed = 0; 1065 u8 ie_len = elems->peering_len; 1066 u16 plid, llid = 0; 1067 1068 if (!elems->peering) { 1069 mpl_dbg(sdata, 1070 "Mesh plink: missing necessary peer link ie\n"); 1071 return; 1072 } 1073 1074 if (elems->rsn_len && 1075 sdata->u.mesh.security == IEEE80211_MESH_SEC_NONE) { 1076 mpl_dbg(sdata, 1077 "Mesh plink: can't establish link with secure peer\n"); 1078 return; 1079 } 1080 1081 ftype = mgmt->u.action.u.self_prot.action_code; 1082 if ((ftype == WLAN_SP_MESH_PEERING_OPEN && ie_len != 4) || 1083 (ftype == WLAN_SP_MESH_PEERING_CONFIRM && ie_len != 6) || 1084 (ftype == WLAN_SP_MESH_PEERING_CLOSE && ie_len != 6 1085 && ie_len != 8)) { 1086 mpl_dbg(sdata, 1087 "Mesh plink: incorrect plink ie length %d %d\n", 1088 ftype, ie_len); 1089 return; 1090 } 1091 1092 if (ftype != WLAN_SP_MESH_PEERING_CLOSE && 1093 (!elems->mesh_id || !elems->mesh_config)) { 1094 mpl_dbg(sdata, "Mesh plink: missing necessary ie\n"); 1095 return; 1096 } 1097 /* Note the lines below are correct, the llid in the frame is the plid 1098 * from the point of view of this host. 1099 */ 1100 plid = get_unaligned_le16(PLINK_GET_LLID(elems->peering)); 1101 if (ftype == WLAN_SP_MESH_PEERING_CONFIRM || 1102 (ftype == WLAN_SP_MESH_PEERING_CLOSE && ie_len == 8)) 1103 llid = get_unaligned_le16(PLINK_GET_PLID(elems->peering)); 1104 1105 /* WARNING: Only for sta pointer, is dropped & re-acquired */ 1106 rcu_read_lock(); 1107 1108 sta = sta_info_get(sdata, mgmt->sa); 1109 1110 if (ftype == WLAN_SP_MESH_PEERING_OPEN && 1111 !rssi_threshold_check(sdata, sta)) { 1112 mpl_dbg(sdata, "Mesh plink: %pM does not meet rssi threshold\n", 1113 mgmt->sa); 1114 goto unlock_rcu; 1115 } 1116 1117 /* Now we will figure out the appropriate event... */ 1118 event = mesh_plink_get_event(sdata, sta, elems, ftype, llid, plid); 1119 1120 if (event == OPN_ACPT) { 1121 rcu_read_unlock(); 1122 /* allocate sta entry if necessary and update info */ 1123 sta = mesh_sta_info_get(sdata, mgmt->sa, elems); 1124 if (!sta) { 1125 mpl_dbg(sdata, "Mesh plink: failed to init peer!\n"); 1126 goto unlock_rcu; 1127 } 1128 sta->mesh->plid = plid; 1129 } else if (!sta && event == OPN_RJCT) { 1130 mesh_plink_frame_tx(sdata, NULL, WLAN_SP_MESH_PEERING_CLOSE, 1131 mgmt->sa, 0, plid, 1132 WLAN_REASON_MESH_CONFIG); 1133 goto unlock_rcu; 1134 } else if (!sta || event == PLINK_UNDEFINED) { 1135 /* something went wrong */ 1136 goto unlock_rcu; 1137 } 1138 1139 if (event == CNF_ACPT) { 1140 /* 802.11-2012 13.3.7.2 - update plid on CNF if not set */ 1141 if (!sta->mesh->plid) 1142 sta->mesh->plid = plid; 1143 1144 sta->mesh->aid = get_unaligned_le16(PLINK_CNF_AID(mgmt)); 1145 } 1146 1147 changed |= mesh_plink_fsm(sdata, sta, event); 1148 1149 unlock_rcu: 1150 rcu_read_unlock(); 1151 1152 if (changed) 1153 ieee80211_mbss_info_change_notify(sdata, changed); 1154 } 1155 1156 void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, 1157 struct ieee80211_mgmt *mgmt, size_t len, 1158 struct ieee80211_rx_status *rx_status) 1159 { 1160 struct ieee802_11_elems elems; 1161 size_t baselen; 1162 u8 *baseaddr; 1163 1164 /* need action_code, aux */ 1165 if (len < IEEE80211_MIN_ACTION_SIZE + 3) 1166 return; 1167 1168 if (sdata->u.mesh.user_mpm) 1169 /* userspace must register for these */ 1170 return; 1171 1172 if (is_multicast_ether_addr(mgmt->da)) { 1173 mpl_dbg(sdata, 1174 "Mesh plink: ignore frame from multicast address\n"); 1175 return; 1176 } 1177 1178 baseaddr = mgmt->u.action.u.self_prot.variable; 1179 baselen = (u8 *) mgmt->u.action.u.self_prot.variable - (u8 *) mgmt; 1180 if (mgmt->u.action.u.self_prot.action_code == 1181 WLAN_SP_MESH_PEERING_CONFIRM) { 1182 baseaddr += 4; 1183 baselen += 4; 1184 1185 if (baselen > len) 1186 return; 1187 } 1188 ieee802_11_parse_elems(baseaddr, len - baselen, true, &elems); 1189 mesh_process_plink_frame(sdata, mgmt, &elems); 1190 } 1191