1 /* 2 * BSS client mode implementation 3 * Copyright 2003-2008, Jouni Malinen <j@w1.fi> 4 * Copyright 2004, Instant802 Networks, Inc. 5 * Copyright 2005, Devicescape Software, Inc. 6 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 7 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 8 * 9 * This program is free software; you can redistribute it and/or modify 10 * it under the terms of the GNU General Public License version 2 as 11 * published by the Free Software Foundation. 12 */ 13 14 #include <linux/delay.h> 15 #include <linux/if_ether.h> 16 #include <linux/skbuff.h> 17 #include <linux/if_arp.h> 18 #include <linux/etherdevice.h> 19 #include <linux/rtnetlink.h> 20 #include <linux/pm_qos_params.h> 21 #include <linux/crc32.h> 22 #include <net/mac80211.h> 23 #include <asm/unaligned.h> 24 25 #include "ieee80211_i.h" 26 #include "driver-ops.h" 27 #include "rate.h" 28 #include "led.h" 29 30 #define IEEE80211_AUTH_TIMEOUT (HZ / 5) 31 #define IEEE80211_AUTH_MAX_TRIES 3 32 #define IEEE80211_ASSOC_TIMEOUT (HZ / 5) 33 #define IEEE80211_ASSOC_MAX_TRIES 3 34 #define IEEE80211_MAX_PROBE_TRIES 5 35 36 /* 37 * beacon loss detection timeout 38 * XXX: should depend on beacon interval 39 */ 40 #define IEEE80211_BEACON_LOSS_TIME (2 * HZ) 41 /* 42 * Time the connection can be idle before we probe 43 * it to see if we can still talk to the AP. 44 */ 45 #define IEEE80211_CONNECTION_IDLE_TIME (30 * HZ) 46 /* 47 * Time we wait for a probe response after sending 48 * a probe request because of beacon loss or for 49 * checking the connection still works. 50 */ 51 #define IEEE80211_PROBE_WAIT (HZ / 2) 52 53 #define TMR_RUNNING_TIMER 0 54 #define TMR_RUNNING_CHANSW 1 55 56 /* 57 * All cfg80211 functions have to be called outside a locked 58 * section so that they can acquire a lock themselves... This 59 * is much simpler than queuing up things in cfg80211, but we 60 * do need some indirection for that here. 61 */ 62 enum rx_mgmt_action { 63 /* no action required */ 64 RX_MGMT_NONE, 65 66 /* caller must call cfg80211_send_rx_auth() */ 67 RX_MGMT_CFG80211_AUTH, 68 69 /* caller must call cfg80211_send_rx_assoc() */ 70 RX_MGMT_CFG80211_ASSOC, 71 72 /* caller must call cfg80211_send_deauth() */ 73 RX_MGMT_CFG80211_DEAUTH, 74 75 /* caller must call cfg80211_send_disassoc() */ 76 RX_MGMT_CFG80211_DISASSOC, 77 78 /* caller must call cfg80211_auth_timeout() & free work */ 79 RX_MGMT_CFG80211_AUTH_TO, 80 81 /* caller must call cfg80211_assoc_timeout() & free work */ 82 RX_MGMT_CFG80211_ASSOC_TO, 83 }; 84 85 /* utils */ 86 static inline void ASSERT_MGD_MTX(struct ieee80211_if_managed *ifmgd) 87 { 88 WARN_ON(!mutex_is_locked(&ifmgd->mtx)); 89 } 90 91 /* 92 * We can have multiple work items (and connection probing) 93 * scheduling this timer, but we need to take care to only 94 * reschedule it when it should fire _earlier_ than it was 95 * asked for before, or if it's not pending right now. This 96 * function ensures that. Note that it then is required to 97 * run this function for all timeouts after the first one 98 * has happened -- the work that runs from this timer will 99 * do that. 100 */ 101 static void run_again(struct ieee80211_if_managed *ifmgd, 102 unsigned long timeout) 103 { 104 ASSERT_MGD_MTX(ifmgd); 105 106 if (!timer_pending(&ifmgd->timer) || 107 time_before(timeout, ifmgd->timer.expires)) 108 mod_timer(&ifmgd->timer, timeout); 109 } 110 111 static void mod_beacon_timer(struct ieee80211_sub_if_data *sdata) 112 { 113 if (sdata->local->hw.flags & IEEE80211_HW_BEACON_FILTER) 114 return; 115 116 mod_timer(&sdata->u.mgd.bcn_mon_timer, 117 round_jiffies_up(jiffies + IEEE80211_BEACON_LOSS_TIME)); 118 } 119 120 static int ecw2cw(int ecw) 121 { 122 return (1 << ecw) - 1; 123 } 124 125 static int ieee80211_compatible_rates(struct ieee80211_bss *bss, 126 struct ieee80211_supported_band *sband, 127 u32 *rates) 128 { 129 int i, j, count; 130 *rates = 0; 131 count = 0; 132 for (i = 0; i < bss->supp_rates_len; i++) { 133 int rate = (bss->supp_rates[i] & 0x7F) * 5; 134 135 for (j = 0; j < sband->n_bitrates; j++) 136 if (sband->bitrates[j].bitrate == rate) { 137 *rates |= BIT(j); 138 count++; 139 break; 140 } 141 } 142 143 return count; 144 } 145 146 /* 147 * ieee80211_enable_ht should be called only after the operating band 148 * has been determined as ht configuration depends on the hw's 149 * HT abilities for a specific band. 150 */ 151 static u32 ieee80211_enable_ht(struct ieee80211_sub_if_data *sdata, 152 struct ieee80211_ht_info *hti, 153 const u8 *bssid, u16 ap_ht_cap_flags) 154 { 155 struct ieee80211_local *local = sdata->local; 156 struct ieee80211_supported_band *sband; 157 struct sta_info *sta; 158 u32 changed = 0; 159 u16 ht_opmode; 160 bool enable_ht = true, ht_changed; 161 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT; 162 163 sband = local->hw.wiphy->bands[local->hw.conf.channel->band]; 164 165 /* HT is not supported */ 166 if (!sband->ht_cap.ht_supported) 167 enable_ht = false; 168 169 /* check that channel matches the right operating channel */ 170 if (local->hw.conf.channel->center_freq != 171 ieee80211_channel_to_frequency(hti->control_chan)) 172 enable_ht = false; 173 174 if (enable_ht) { 175 channel_type = NL80211_CHAN_HT20; 176 177 if (!(ap_ht_cap_flags & IEEE80211_HT_CAP_40MHZ_INTOLERANT) && 178 (sband->ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) && 179 (hti->ht_param & IEEE80211_HT_PARAM_CHAN_WIDTH_ANY)) { 180 switch(hti->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 181 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 182 if (!(local->hw.conf.channel->flags & 183 IEEE80211_CHAN_NO_HT40PLUS)) 184 channel_type = NL80211_CHAN_HT40PLUS; 185 break; 186 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 187 if (!(local->hw.conf.channel->flags & 188 IEEE80211_CHAN_NO_HT40MINUS)) 189 channel_type = NL80211_CHAN_HT40MINUS; 190 break; 191 } 192 } 193 } 194 195 ht_changed = conf_is_ht(&local->hw.conf) != enable_ht || 196 channel_type != local->hw.conf.channel_type; 197 198 local->oper_channel_type = channel_type; 199 200 if (ht_changed) { 201 /* channel_type change automatically detected */ 202 ieee80211_hw_config(local, 0); 203 204 rcu_read_lock(); 205 sta = sta_info_get(local, bssid); 206 if (sta) 207 rate_control_rate_update(local, sband, sta, 208 IEEE80211_RC_HT_CHANGED); 209 rcu_read_unlock(); 210 } 211 212 /* disable HT */ 213 if (!enable_ht) 214 return 0; 215 216 ht_opmode = le16_to_cpu(hti->operation_mode); 217 218 /* if bss configuration changed store the new one */ 219 if (!sdata->ht_opmode_valid || 220 sdata->vif.bss_conf.ht_operation_mode != ht_opmode) { 221 changed |= BSS_CHANGED_HT; 222 sdata->vif.bss_conf.ht_operation_mode = ht_opmode; 223 sdata->ht_opmode_valid = true; 224 } 225 226 return changed; 227 } 228 229 /* frame sending functions */ 230 231 static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata, 232 struct ieee80211_mgd_work *wk) 233 { 234 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 235 struct ieee80211_local *local = sdata->local; 236 struct sk_buff *skb; 237 struct ieee80211_mgmt *mgmt; 238 u8 *pos; 239 const u8 *ies, *ht_ie; 240 int i, len, count, rates_len, supp_rates_len; 241 u16 capab; 242 int wmm = 0; 243 struct ieee80211_supported_band *sband; 244 u32 rates = 0; 245 246 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 247 sizeof(*mgmt) + 200 + wk->ie_len + 248 wk->ssid_len); 249 if (!skb) { 250 printk(KERN_DEBUG "%s: failed to allocate buffer for assoc " 251 "frame\n", sdata->dev->name); 252 return; 253 } 254 skb_reserve(skb, local->hw.extra_tx_headroom); 255 256 sband = local->hw.wiphy->bands[local->hw.conf.channel->band]; 257 258 capab = ifmgd->capab; 259 260 if (local->hw.conf.channel->band == IEEE80211_BAND_2GHZ) { 261 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE)) 262 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME; 263 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE)) 264 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE; 265 } 266 267 if (wk->bss->cbss.capability & WLAN_CAPABILITY_PRIVACY) 268 capab |= WLAN_CAPABILITY_PRIVACY; 269 if (wk->bss->wmm_used) 270 wmm = 1; 271 272 /* get all rates supported by the device and the AP as 273 * some APs don't like getting a superset of their rates 274 * in the association request (e.g. D-Link DAP 1353 in 275 * b-only mode) */ 276 rates_len = ieee80211_compatible_rates(wk->bss, sband, &rates); 277 278 if ((wk->bss->cbss.capability & WLAN_CAPABILITY_SPECTRUM_MGMT) && 279 (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT)) 280 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT; 281 282 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24); 283 memset(mgmt, 0, 24); 284 memcpy(mgmt->da, wk->bss->cbss.bssid, ETH_ALEN); 285 memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN); 286 memcpy(mgmt->bssid, wk->bss->cbss.bssid, ETH_ALEN); 287 288 if (!is_zero_ether_addr(wk->prev_bssid)) { 289 skb_put(skb, 10); 290 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 291 IEEE80211_STYPE_REASSOC_REQ); 292 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab); 293 mgmt->u.reassoc_req.listen_interval = 294 cpu_to_le16(local->hw.conf.listen_interval); 295 memcpy(mgmt->u.reassoc_req.current_ap, wk->prev_bssid, 296 ETH_ALEN); 297 } else { 298 skb_put(skb, 4); 299 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 300 IEEE80211_STYPE_ASSOC_REQ); 301 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab); 302 mgmt->u.assoc_req.listen_interval = 303 cpu_to_le16(local->hw.conf.listen_interval); 304 } 305 306 /* SSID */ 307 ies = pos = skb_put(skb, 2 + wk->ssid_len); 308 *pos++ = WLAN_EID_SSID; 309 *pos++ = wk->ssid_len; 310 memcpy(pos, wk->ssid, wk->ssid_len); 311 312 /* add all rates which were marked to be used above */ 313 supp_rates_len = rates_len; 314 if (supp_rates_len > 8) 315 supp_rates_len = 8; 316 317 len = sband->n_bitrates; 318 pos = skb_put(skb, supp_rates_len + 2); 319 *pos++ = WLAN_EID_SUPP_RATES; 320 *pos++ = supp_rates_len; 321 322 count = 0; 323 for (i = 0; i < sband->n_bitrates; i++) { 324 if (BIT(i) & rates) { 325 int rate = sband->bitrates[i].bitrate; 326 *pos++ = (u8) (rate / 5); 327 if (++count == 8) 328 break; 329 } 330 } 331 332 if (rates_len > count) { 333 pos = skb_put(skb, rates_len - count + 2); 334 *pos++ = WLAN_EID_EXT_SUPP_RATES; 335 *pos++ = rates_len - count; 336 337 for (i++; i < sband->n_bitrates; i++) { 338 if (BIT(i) & rates) { 339 int rate = sband->bitrates[i].bitrate; 340 *pos++ = (u8) (rate / 5); 341 } 342 } 343 } 344 345 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) { 346 /* 1. power capabilities */ 347 pos = skb_put(skb, 4); 348 *pos++ = WLAN_EID_PWR_CAPABILITY; 349 *pos++ = 2; 350 *pos++ = 0; /* min tx power */ 351 *pos++ = local->hw.conf.channel->max_power; /* max tx power */ 352 353 /* 2. supported channels */ 354 /* TODO: get this in reg domain format */ 355 pos = skb_put(skb, 2 * sband->n_channels + 2); 356 *pos++ = WLAN_EID_SUPPORTED_CHANNELS; 357 *pos++ = 2 * sband->n_channels; 358 for (i = 0; i < sband->n_channels; i++) { 359 *pos++ = ieee80211_frequency_to_channel( 360 sband->channels[i].center_freq); 361 *pos++ = 1; /* one channel in the subband*/ 362 } 363 } 364 365 if (wk->ie_len && wk->ie) { 366 pos = skb_put(skb, wk->ie_len); 367 memcpy(pos, wk->ie, wk->ie_len); 368 } 369 370 if (wmm && (ifmgd->flags & IEEE80211_STA_WMM_ENABLED)) { 371 pos = skb_put(skb, 9); 372 *pos++ = WLAN_EID_VENDOR_SPECIFIC; 373 *pos++ = 7; /* len */ 374 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */ 375 *pos++ = 0x50; 376 *pos++ = 0xf2; 377 *pos++ = 2; /* WME */ 378 *pos++ = 0; /* WME info */ 379 *pos++ = 1; /* WME ver */ 380 *pos++ = 0; 381 } 382 383 /* wmm support is a must to HT */ 384 /* 385 * IEEE802.11n does not allow TKIP/WEP as pairwise 386 * ciphers in HT mode. We still associate in non-ht 387 * mode (11a/b/g) if any one of these ciphers is 388 * configured as pairwise. 389 */ 390 if (wmm && (ifmgd->flags & IEEE80211_STA_WMM_ENABLED) && 391 sband->ht_cap.ht_supported && 392 (ht_ie = ieee80211_bss_get_ie(&wk->bss->cbss, WLAN_EID_HT_INFORMATION)) && 393 ht_ie[1] >= sizeof(struct ieee80211_ht_info) && 394 (!(ifmgd->flags & IEEE80211_STA_DISABLE_11N))) { 395 struct ieee80211_ht_info *ht_info = 396 (struct ieee80211_ht_info *)(ht_ie + 2); 397 u16 cap = sband->ht_cap.cap; 398 __le16 tmp; 399 u32 flags = local->hw.conf.channel->flags; 400 401 switch (ht_info->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 402 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 403 if (flags & IEEE80211_CHAN_NO_HT40PLUS) { 404 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 405 cap &= ~IEEE80211_HT_CAP_SGI_40; 406 } 407 break; 408 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 409 if (flags & IEEE80211_CHAN_NO_HT40MINUS) { 410 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 411 cap &= ~IEEE80211_HT_CAP_SGI_40; 412 } 413 break; 414 } 415 416 tmp = cpu_to_le16(cap); 417 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap)+2); 418 *pos++ = WLAN_EID_HT_CAPABILITY; 419 *pos++ = sizeof(struct ieee80211_ht_cap); 420 memset(pos, 0, sizeof(struct ieee80211_ht_cap)); 421 memcpy(pos, &tmp, sizeof(u16)); 422 pos += sizeof(u16); 423 /* TODO: needs a define here for << 2 */ 424 *pos++ = sband->ht_cap.ampdu_factor | 425 (sband->ht_cap.ampdu_density << 2); 426 memcpy(pos, &sband->ht_cap.mcs, sizeof(sband->ht_cap.mcs)); 427 } 428 429 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 430 ieee80211_tx_skb(sdata, skb); 431 } 432 433 434 static void ieee80211_send_deauth_disassoc(struct ieee80211_sub_if_data *sdata, 435 const u8 *bssid, u16 stype, u16 reason, 436 void *cookie) 437 { 438 struct ieee80211_local *local = sdata->local; 439 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 440 struct sk_buff *skb; 441 struct ieee80211_mgmt *mgmt; 442 443 skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt)); 444 if (!skb) { 445 printk(KERN_DEBUG "%s: failed to allocate buffer for " 446 "deauth/disassoc frame\n", sdata->dev->name); 447 return; 448 } 449 skb_reserve(skb, local->hw.extra_tx_headroom); 450 451 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24); 452 memset(mgmt, 0, 24); 453 memcpy(mgmt->da, bssid, ETH_ALEN); 454 memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN); 455 memcpy(mgmt->bssid, bssid, ETH_ALEN); 456 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | stype); 457 skb_put(skb, 2); 458 /* u.deauth.reason_code == u.disassoc.reason_code */ 459 mgmt->u.deauth.reason_code = cpu_to_le16(reason); 460 461 if (stype == IEEE80211_STYPE_DEAUTH) 462 if (cookie) 463 __cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len); 464 else 465 cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len); 466 else 467 if (cookie) 468 __cfg80211_send_disassoc(sdata->dev, (u8 *)mgmt, skb->len); 469 else 470 cfg80211_send_disassoc(sdata->dev, (u8 *)mgmt, skb->len); 471 if (!(ifmgd->flags & IEEE80211_STA_MFP_ENABLED)) 472 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 473 ieee80211_tx_skb(sdata, skb); 474 } 475 476 void ieee80211_send_pspoll(struct ieee80211_local *local, 477 struct ieee80211_sub_if_data *sdata) 478 { 479 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 480 struct ieee80211_pspoll *pspoll; 481 struct sk_buff *skb; 482 u16 fc; 483 484 skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*pspoll)); 485 if (!skb) { 486 printk(KERN_DEBUG "%s: failed to allocate buffer for " 487 "pspoll frame\n", sdata->dev->name); 488 return; 489 } 490 skb_reserve(skb, local->hw.extra_tx_headroom); 491 492 pspoll = (struct ieee80211_pspoll *) skb_put(skb, sizeof(*pspoll)); 493 memset(pspoll, 0, sizeof(*pspoll)); 494 fc = IEEE80211_FTYPE_CTL | IEEE80211_STYPE_PSPOLL | IEEE80211_FCTL_PM; 495 pspoll->frame_control = cpu_to_le16(fc); 496 pspoll->aid = cpu_to_le16(ifmgd->aid); 497 498 /* aid in PS-Poll has its two MSBs each set to 1 */ 499 pspoll->aid |= cpu_to_le16(1 << 15 | 1 << 14); 500 501 memcpy(pspoll->bssid, ifmgd->bssid, ETH_ALEN); 502 memcpy(pspoll->ta, sdata->dev->dev_addr, ETH_ALEN); 503 504 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 505 ieee80211_tx_skb(sdata, skb); 506 } 507 508 void ieee80211_send_nullfunc(struct ieee80211_local *local, 509 struct ieee80211_sub_if_data *sdata, 510 int powersave) 511 { 512 struct sk_buff *skb; 513 struct ieee80211_hdr *nullfunc; 514 __le16 fc; 515 516 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 517 return; 518 519 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 24); 520 if (!skb) { 521 printk(KERN_DEBUG "%s: failed to allocate buffer for nullfunc " 522 "frame\n", sdata->dev->name); 523 return; 524 } 525 skb_reserve(skb, local->hw.extra_tx_headroom); 526 527 nullfunc = (struct ieee80211_hdr *) skb_put(skb, 24); 528 memset(nullfunc, 0, 24); 529 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC | 530 IEEE80211_FCTL_TODS); 531 if (powersave) 532 fc |= cpu_to_le16(IEEE80211_FCTL_PM); 533 nullfunc->frame_control = fc; 534 memcpy(nullfunc->addr1, sdata->u.mgd.bssid, ETH_ALEN); 535 memcpy(nullfunc->addr2, sdata->dev->dev_addr, ETH_ALEN); 536 memcpy(nullfunc->addr3, sdata->u.mgd.bssid, ETH_ALEN); 537 538 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 539 ieee80211_tx_skb(sdata, skb); 540 } 541 542 /* spectrum management related things */ 543 static void ieee80211_chswitch_work(struct work_struct *work) 544 { 545 struct ieee80211_sub_if_data *sdata = 546 container_of(work, struct ieee80211_sub_if_data, u.mgd.chswitch_work); 547 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 548 549 if (!netif_running(sdata->dev)) 550 return; 551 552 mutex_lock(&ifmgd->mtx); 553 if (!ifmgd->associated) 554 goto out; 555 556 sdata->local->oper_channel = sdata->local->csa_channel; 557 ieee80211_hw_config(sdata->local, IEEE80211_CONF_CHANGE_CHANNEL); 558 559 /* XXX: shouldn't really modify cfg80211-owned data! */ 560 ifmgd->associated->cbss.channel = sdata->local->oper_channel; 561 562 ieee80211_wake_queues_by_reason(&sdata->local->hw, 563 IEEE80211_QUEUE_STOP_REASON_CSA); 564 out: 565 ifmgd->flags &= ~IEEE80211_STA_CSA_RECEIVED; 566 mutex_unlock(&ifmgd->mtx); 567 } 568 569 static void ieee80211_chswitch_timer(unsigned long data) 570 { 571 struct ieee80211_sub_if_data *sdata = 572 (struct ieee80211_sub_if_data *) data; 573 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 574 575 if (sdata->local->quiescing) { 576 set_bit(TMR_RUNNING_CHANSW, &ifmgd->timers_running); 577 return; 578 } 579 580 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work); 581 } 582 583 void ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata, 584 struct ieee80211_channel_sw_ie *sw_elem, 585 struct ieee80211_bss *bss) 586 { 587 struct ieee80211_channel *new_ch; 588 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 589 int new_freq = ieee80211_channel_to_frequency(sw_elem->new_ch_num); 590 591 ASSERT_MGD_MTX(ifmgd); 592 593 if (!ifmgd->associated) 594 return; 595 596 if (sdata->local->scanning) 597 return; 598 599 /* Disregard subsequent beacons if we are already running a timer 600 processing a CSA */ 601 602 if (ifmgd->flags & IEEE80211_STA_CSA_RECEIVED) 603 return; 604 605 new_ch = ieee80211_get_channel(sdata->local->hw.wiphy, new_freq); 606 if (!new_ch || new_ch->flags & IEEE80211_CHAN_DISABLED) 607 return; 608 609 sdata->local->csa_channel = new_ch; 610 611 if (sw_elem->count <= 1) { 612 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work); 613 } else { 614 ieee80211_stop_queues_by_reason(&sdata->local->hw, 615 IEEE80211_QUEUE_STOP_REASON_CSA); 616 ifmgd->flags |= IEEE80211_STA_CSA_RECEIVED; 617 mod_timer(&ifmgd->chswitch_timer, 618 jiffies + 619 msecs_to_jiffies(sw_elem->count * 620 bss->cbss.beacon_interval)); 621 } 622 } 623 624 static void ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata, 625 u16 capab_info, u8 *pwr_constr_elem, 626 u8 pwr_constr_elem_len) 627 { 628 struct ieee80211_conf *conf = &sdata->local->hw.conf; 629 630 if (!(capab_info & WLAN_CAPABILITY_SPECTRUM_MGMT)) 631 return; 632 633 /* Power constraint IE length should be 1 octet */ 634 if (pwr_constr_elem_len != 1) 635 return; 636 637 if ((*pwr_constr_elem <= conf->channel->max_power) && 638 (*pwr_constr_elem != sdata->local->power_constr_level)) { 639 sdata->local->power_constr_level = *pwr_constr_elem; 640 ieee80211_hw_config(sdata->local, 0); 641 } 642 } 643 644 /* powersave */ 645 static void ieee80211_enable_ps(struct ieee80211_local *local, 646 struct ieee80211_sub_if_data *sdata) 647 { 648 struct ieee80211_conf *conf = &local->hw.conf; 649 650 /* 651 * If we are scanning right now then the parameters will 652 * take effect when scan finishes. 653 */ 654 if (local->scanning) 655 return; 656 657 if (conf->dynamic_ps_timeout > 0 && 658 !(local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)) { 659 mod_timer(&local->dynamic_ps_timer, jiffies + 660 msecs_to_jiffies(conf->dynamic_ps_timeout)); 661 } else { 662 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) 663 ieee80211_send_nullfunc(local, sdata, 1); 664 conf->flags |= IEEE80211_CONF_PS; 665 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 666 } 667 } 668 669 static void ieee80211_change_ps(struct ieee80211_local *local) 670 { 671 struct ieee80211_conf *conf = &local->hw.conf; 672 673 if (local->ps_sdata) { 674 ieee80211_enable_ps(local, local->ps_sdata); 675 } else if (conf->flags & IEEE80211_CONF_PS) { 676 conf->flags &= ~IEEE80211_CONF_PS; 677 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 678 del_timer_sync(&local->dynamic_ps_timer); 679 cancel_work_sync(&local->dynamic_ps_enable_work); 680 } 681 } 682 683 /* need to hold RTNL or interface lock */ 684 void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency) 685 { 686 struct ieee80211_sub_if_data *sdata, *found = NULL; 687 int count = 0; 688 689 if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_PS)) { 690 local->ps_sdata = NULL; 691 return; 692 } 693 694 list_for_each_entry(sdata, &local->interfaces, list) { 695 if (!netif_running(sdata->dev)) 696 continue; 697 if (sdata->vif.type != NL80211_IFTYPE_STATION) 698 continue; 699 found = sdata; 700 count++; 701 } 702 703 if (count == 1 && found->u.mgd.powersave && 704 found->u.mgd.associated && list_empty(&found->u.mgd.work_list) && 705 !(found->u.mgd.flags & (IEEE80211_STA_BEACON_POLL | 706 IEEE80211_STA_CONNECTION_POLL))) { 707 s32 beaconint_us; 708 709 if (latency < 0) 710 latency = pm_qos_requirement(PM_QOS_NETWORK_LATENCY); 711 712 beaconint_us = ieee80211_tu_to_usec( 713 found->vif.bss_conf.beacon_int); 714 715 if (beaconint_us > latency) { 716 local->ps_sdata = NULL; 717 } else { 718 u8 dtimper = found->vif.bss_conf.dtim_period; 719 int maxslp = 1; 720 721 if (dtimper > 1) 722 maxslp = min_t(int, dtimper, 723 latency / beaconint_us); 724 725 local->hw.conf.max_sleep_period = maxslp; 726 local->ps_sdata = found; 727 } 728 } else { 729 local->ps_sdata = NULL; 730 } 731 732 ieee80211_change_ps(local); 733 } 734 735 void ieee80211_dynamic_ps_disable_work(struct work_struct *work) 736 { 737 struct ieee80211_local *local = 738 container_of(work, struct ieee80211_local, 739 dynamic_ps_disable_work); 740 741 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 742 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 743 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 744 } 745 746 ieee80211_wake_queues_by_reason(&local->hw, 747 IEEE80211_QUEUE_STOP_REASON_PS); 748 } 749 750 void ieee80211_dynamic_ps_enable_work(struct work_struct *work) 751 { 752 struct ieee80211_local *local = 753 container_of(work, struct ieee80211_local, 754 dynamic_ps_enable_work); 755 struct ieee80211_sub_if_data *sdata = local->ps_sdata; 756 757 /* can only happen when PS was just disabled anyway */ 758 if (!sdata) 759 return; 760 761 if (local->hw.conf.flags & IEEE80211_CONF_PS) 762 return; 763 764 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) 765 ieee80211_send_nullfunc(local, sdata, 1); 766 767 local->hw.conf.flags |= IEEE80211_CONF_PS; 768 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 769 } 770 771 void ieee80211_dynamic_ps_timer(unsigned long data) 772 { 773 struct ieee80211_local *local = (void *) data; 774 775 if (local->quiescing || local->suspended) 776 return; 777 778 ieee80211_queue_work(&local->hw, &local->dynamic_ps_enable_work); 779 } 780 781 /* MLME */ 782 static void ieee80211_sta_wmm_params(struct ieee80211_local *local, 783 struct ieee80211_if_managed *ifmgd, 784 u8 *wmm_param, size_t wmm_param_len) 785 { 786 struct ieee80211_tx_queue_params params; 787 size_t left; 788 int count; 789 u8 *pos; 790 791 if (!(ifmgd->flags & IEEE80211_STA_WMM_ENABLED)) 792 return; 793 794 if (!wmm_param) 795 return; 796 797 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1) 798 return; 799 count = wmm_param[6] & 0x0f; 800 if (count == ifmgd->wmm_last_param_set) 801 return; 802 ifmgd->wmm_last_param_set = count; 803 804 pos = wmm_param + 8; 805 left = wmm_param_len - 8; 806 807 memset(¶ms, 0, sizeof(params)); 808 809 local->wmm_acm = 0; 810 for (; left >= 4; left -= 4, pos += 4) { 811 int aci = (pos[0] >> 5) & 0x03; 812 int acm = (pos[0] >> 4) & 0x01; 813 int queue; 814 815 switch (aci) { 816 case 1: /* AC_BK */ 817 queue = 3; 818 if (acm) 819 local->wmm_acm |= BIT(1) | BIT(2); /* BK/- */ 820 break; 821 case 2: /* AC_VI */ 822 queue = 1; 823 if (acm) 824 local->wmm_acm |= BIT(4) | BIT(5); /* CL/VI */ 825 break; 826 case 3: /* AC_VO */ 827 queue = 0; 828 if (acm) 829 local->wmm_acm |= BIT(6) | BIT(7); /* VO/NC */ 830 break; 831 case 0: /* AC_BE */ 832 default: 833 queue = 2; 834 if (acm) 835 local->wmm_acm |= BIT(0) | BIT(3); /* BE/EE */ 836 break; 837 } 838 839 params.aifs = pos[0] & 0x0f; 840 params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4); 841 params.cw_min = ecw2cw(pos[1] & 0x0f); 842 params.txop = get_unaligned_le16(pos + 2); 843 #ifdef CONFIG_MAC80211_VERBOSE_DEBUG 844 printk(KERN_DEBUG "%s: WMM queue=%d aci=%d acm=%d aifs=%d " 845 "cWmin=%d cWmax=%d txop=%d\n", 846 wiphy_name(local->hw.wiphy), queue, aci, acm, 847 params.aifs, params.cw_min, params.cw_max, params.txop); 848 #endif 849 if (drv_conf_tx(local, queue, ¶ms) && local->ops->conf_tx) 850 printk(KERN_DEBUG "%s: failed to set TX queue " 851 "parameters for queue %d\n", 852 wiphy_name(local->hw.wiphy), queue); 853 } 854 } 855 856 static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata, 857 u16 capab, bool erp_valid, u8 erp) 858 { 859 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 860 u32 changed = 0; 861 bool use_protection; 862 bool use_short_preamble; 863 bool use_short_slot; 864 865 if (erp_valid) { 866 use_protection = (erp & WLAN_ERP_USE_PROTECTION) != 0; 867 use_short_preamble = (erp & WLAN_ERP_BARKER_PREAMBLE) == 0; 868 } else { 869 use_protection = false; 870 use_short_preamble = !!(capab & WLAN_CAPABILITY_SHORT_PREAMBLE); 871 } 872 873 use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME); 874 875 if (use_protection != bss_conf->use_cts_prot) { 876 bss_conf->use_cts_prot = use_protection; 877 changed |= BSS_CHANGED_ERP_CTS_PROT; 878 } 879 880 if (use_short_preamble != bss_conf->use_short_preamble) { 881 bss_conf->use_short_preamble = use_short_preamble; 882 changed |= BSS_CHANGED_ERP_PREAMBLE; 883 } 884 885 if (use_short_slot != bss_conf->use_short_slot) { 886 bss_conf->use_short_slot = use_short_slot; 887 changed |= BSS_CHANGED_ERP_SLOT; 888 } 889 890 return changed; 891 } 892 893 static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata, 894 struct ieee80211_mgd_work *wk, 895 u32 bss_info_changed) 896 { 897 struct ieee80211_local *local = sdata->local; 898 struct ieee80211_bss *bss = wk->bss; 899 900 bss_info_changed |= BSS_CHANGED_ASSOC; 901 /* set timing information */ 902 sdata->vif.bss_conf.beacon_int = bss->cbss.beacon_interval; 903 sdata->vif.bss_conf.timestamp = bss->cbss.tsf; 904 sdata->vif.bss_conf.dtim_period = bss->dtim_period; 905 906 bss_info_changed |= BSS_CHANGED_BEACON_INT; 907 bss_info_changed |= ieee80211_handle_bss_capability(sdata, 908 bss->cbss.capability, bss->has_erp_value, bss->erp_value); 909 910 sdata->u.mgd.associated = bss; 911 sdata->u.mgd.old_associate_work = wk; 912 memcpy(sdata->u.mgd.bssid, bss->cbss.bssid, ETH_ALEN); 913 914 /* just to be sure */ 915 sdata->u.mgd.flags &= ~(IEEE80211_STA_CONNECTION_POLL | 916 IEEE80211_STA_BEACON_POLL); 917 918 ieee80211_led_assoc(local, 1); 919 920 sdata->vif.bss_conf.assoc = 1; 921 /* 922 * For now just always ask the driver to update the basic rateset 923 * when we have associated, we aren't checking whether it actually 924 * changed or not. 925 */ 926 bss_info_changed |= BSS_CHANGED_BASIC_RATES; 927 928 /* And the BSSID changed - we're associated now */ 929 bss_info_changed |= BSS_CHANGED_BSSID; 930 931 ieee80211_bss_info_change_notify(sdata, bss_info_changed); 932 933 mutex_lock(&local->iflist_mtx); 934 ieee80211_recalc_ps(local, -1); 935 mutex_unlock(&local->iflist_mtx); 936 937 netif_start_queue(sdata->dev); 938 netif_carrier_on(sdata->dev); 939 } 940 941 static enum rx_mgmt_action __must_check 942 ieee80211_direct_probe(struct ieee80211_sub_if_data *sdata, 943 struct ieee80211_mgd_work *wk) 944 { 945 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 946 struct ieee80211_local *local = sdata->local; 947 948 wk->tries++; 949 if (wk->tries > IEEE80211_AUTH_MAX_TRIES) { 950 printk(KERN_DEBUG "%s: direct probe to AP %pM timed out\n", 951 sdata->dev->name, wk->bss->cbss.bssid); 952 953 /* 954 * Most likely AP is not in the range so remove the 955 * bss struct for that AP. 956 */ 957 cfg80211_unlink_bss(local->hw.wiphy, &wk->bss->cbss); 958 959 /* 960 * We might have a pending scan which had no chance to run yet 961 * due to work needing to be done. Hence, queue the STAs work 962 * again for that. 963 */ 964 ieee80211_queue_work(&local->hw, &ifmgd->work); 965 return RX_MGMT_CFG80211_AUTH_TO; 966 } 967 968 printk(KERN_DEBUG "%s: direct probe to AP %pM (try %d)\n", 969 sdata->dev->name, wk->bss->cbss.bssid, 970 wk->tries); 971 972 /* 973 * Direct probe is sent to broadcast address as some APs 974 * will not answer to direct packet in unassociated state. 975 */ 976 ieee80211_send_probe_req(sdata, NULL, wk->ssid, wk->ssid_len, NULL, 0); 977 978 wk->timeout = jiffies + IEEE80211_AUTH_TIMEOUT; 979 run_again(ifmgd, wk->timeout); 980 981 return RX_MGMT_NONE; 982 } 983 984 985 static enum rx_mgmt_action __must_check 986 ieee80211_authenticate(struct ieee80211_sub_if_data *sdata, 987 struct ieee80211_mgd_work *wk) 988 { 989 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 990 struct ieee80211_local *local = sdata->local; 991 992 wk->tries++; 993 if (wk->tries > IEEE80211_AUTH_MAX_TRIES) { 994 printk(KERN_DEBUG "%s: authentication with AP %pM" 995 " timed out\n", 996 sdata->dev->name, wk->bss->cbss.bssid); 997 998 /* 999 * Most likely AP is not in the range so remove the 1000 * bss struct for that AP. 1001 */ 1002 cfg80211_unlink_bss(local->hw.wiphy, &wk->bss->cbss); 1003 1004 /* 1005 * We might have a pending scan which had no chance to run yet 1006 * due to work needing to be done. Hence, queue the STAs work 1007 * again for that. 1008 */ 1009 ieee80211_queue_work(&local->hw, &ifmgd->work); 1010 return RX_MGMT_CFG80211_AUTH_TO; 1011 } 1012 1013 printk(KERN_DEBUG "%s: authenticate with AP %pM (try %d)\n", 1014 sdata->dev->name, wk->bss->cbss.bssid, wk->tries); 1015 1016 ieee80211_send_auth(sdata, 1, wk->auth_alg, wk->ie, wk->ie_len, 1017 wk->bss->cbss.bssid, NULL, 0, 0); 1018 wk->auth_transaction = 2; 1019 1020 wk->timeout = jiffies + IEEE80211_AUTH_TIMEOUT; 1021 run_again(ifmgd, wk->timeout); 1022 1023 return RX_MGMT_NONE; 1024 } 1025 1026 static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata, 1027 bool deauth) 1028 { 1029 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1030 struct ieee80211_local *local = sdata->local; 1031 struct sta_info *sta; 1032 u32 changed = 0, config_changed = 0; 1033 u8 bssid[ETH_ALEN]; 1034 1035 ASSERT_MGD_MTX(ifmgd); 1036 1037 if (WARN_ON(!ifmgd->associated)) 1038 return; 1039 1040 memcpy(bssid, ifmgd->associated->cbss.bssid, ETH_ALEN); 1041 1042 ifmgd->associated = NULL; 1043 memset(ifmgd->bssid, 0, ETH_ALEN); 1044 1045 if (deauth) { 1046 kfree(ifmgd->old_associate_work); 1047 ifmgd->old_associate_work = NULL; 1048 } else { 1049 struct ieee80211_mgd_work *wk = ifmgd->old_associate_work; 1050 1051 wk->state = IEEE80211_MGD_STATE_IDLE; 1052 list_add(&wk->list, &ifmgd->work_list); 1053 } 1054 1055 /* 1056 * we need to commit the associated = NULL change because the 1057 * scan code uses that to determine whether this iface should 1058 * go to/wake up from powersave or not -- and could otherwise 1059 * wake the queues erroneously. 1060 */ 1061 smp_mb(); 1062 1063 /* 1064 * Thus, we can only afterwards stop the queues -- to account 1065 * for the case where another CPU is finishing a scan at this 1066 * time -- we don't want the scan code to enable queues. 1067 */ 1068 1069 netif_stop_queue(sdata->dev); 1070 netif_carrier_off(sdata->dev); 1071 1072 rcu_read_lock(); 1073 sta = sta_info_get(local, bssid); 1074 if (sta) 1075 ieee80211_sta_tear_down_BA_sessions(sta); 1076 rcu_read_unlock(); 1077 1078 changed |= ieee80211_reset_erp_info(sdata); 1079 1080 ieee80211_led_assoc(local, 0); 1081 changed |= BSS_CHANGED_ASSOC; 1082 sdata->vif.bss_conf.assoc = false; 1083 1084 ieee80211_set_wmm_default(sdata); 1085 1086 /* channel(_type) changes are handled by ieee80211_hw_config */ 1087 local->oper_channel_type = NL80211_CHAN_NO_HT; 1088 1089 /* on the next assoc, re-program HT parameters */ 1090 sdata->ht_opmode_valid = false; 1091 1092 local->power_constr_level = 0; 1093 1094 del_timer_sync(&local->dynamic_ps_timer); 1095 cancel_work_sync(&local->dynamic_ps_enable_work); 1096 1097 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 1098 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 1099 config_changed |= IEEE80211_CONF_CHANGE_PS; 1100 } 1101 1102 ieee80211_hw_config(local, config_changed); 1103 1104 /* And the BSSID changed -- not very interesting here */ 1105 changed |= BSS_CHANGED_BSSID; 1106 ieee80211_bss_info_change_notify(sdata, changed); 1107 1108 rcu_read_lock(); 1109 1110 sta = sta_info_get(local, bssid); 1111 if (!sta) { 1112 rcu_read_unlock(); 1113 return; 1114 } 1115 1116 sta_info_unlink(&sta); 1117 1118 rcu_read_unlock(); 1119 1120 sta_info_destroy(sta); 1121 } 1122 1123 static enum rx_mgmt_action __must_check 1124 ieee80211_associate(struct ieee80211_sub_if_data *sdata, 1125 struct ieee80211_mgd_work *wk) 1126 { 1127 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1128 struct ieee80211_local *local = sdata->local; 1129 1130 wk->tries++; 1131 if (wk->tries > IEEE80211_ASSOC_MAX_TRIES) { 1132 printk(KERN_DEBUG "%s: association with AP %pM" 1133 " timed out\n", 1134 sdata->dev->name, wk->bss->cbss.bssid); 1135 1136 /* 1137 * Most likely AP is not in the range so remove the 1138 * bss struct for that AP. 1139 */ 1140 cfg80211_unlink_bss(local->hw.wiphy, &wk->bss->cbss); 1141 1142 /* 1143 * We might have a pending scan which had no chance to run yet 1144 * due to work needing to be done. Hence, queue the STAs work 1145 * again for that. 1146 */ 1147 ieee80211_queue_work(&local->hw, &ifmgd->work); 1148 return RX_MGMT_CFG80211_ASSOC_TO; 1149 } 1150 1151 printk(KERN_DEBUG "%s: associate with AP %pM (try %d)\n", 1152 sdata->dev->name, wk->bss->cbss.bssid, wk->tries); 1153 ieee80211_send_assoc(sdata, wk); 1154 1155 wk->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT; 1156 run_again(ifmgd, wk->timeout); 1157 1158 return RX_MGMT_NONE; 1159 } 1160 1161 void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata, 1162 struct ieee80211_hdr *hdr) 1163 { 1164 /* 1165 * We can postpone the mgd.timer whenever receiving unicast frames 1166 * from AP because we know that the connection is working both ways 1167 * at that time. But multicast frames (and hence also beacons) must 1168 * be ignored here, because we need to trigger the timer during 1169 * data idle periods for sending the periodic probe request to the 1170 * AP we're connected to. 1171 */ 1172 if (is_multicast_ether_addr(hdr->addr1)) 1173 return; 1174 1175 mod_timer(&sdata->u.mgd.conn_mon_timer, 1176 round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME)); 1177 } 1178 1179 static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata) 1180 { 1181 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1182 const u8 *ssid; 1183 1184 ssid = ieee80211_bss_get_ie(&ifmgd->associated->cbss, WLAN_EID_SSID); 1185 ieee80211_send_probe_req(sdata, ifmgd->associated->cbss.bssid, 1186 ssid + 2, ssid[1], NULL, 0); 1187 1188 ifmgd->probe_send_count++; 1189 ifmgd->probe_timeout = jiffies + IEEE80211_PROBE_WAIT; 1190 run_again(ifmgd, ifmgd->probe_timeout); 1191 } 1192 1193 static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata, 1194 bool beacon) 1195 { 1196 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1197 bool already = false; 1198 1199 if (!netif_running(sdata->dev)) 1200 return; 1201 1202 if (sdata->local->scanning) 1203 return; 1204 1205 mutex_lock(&ifmgd->mtx); 1206 1207 if (!ifmgd->associated) 1208 goto out; 1209 1210 #ifdef CONFIG_MAC80211_VERBOSE_DEBUG 1211 if (beacon && net_ratelimit()) 1212 printk(KERN_DEBUG "%s: detected beacon loss from AP " 1213 "- sending probe request\n", sdata->dev->name); 1214 #endif 1215 1216 /* 1217 * The driver/our work has already reported this event or the 1218 * connection monitoring has kicked in and we have already sent 1219 * a probe request. Or maybe the AP died and the driver keeps 1220 * reporting until we disassociate... 1221 * 1222 * In either case we have to ignore the current call to this 1223 * function (except for setting the correct probe reason bit) 1224 * because otherwise we would reset the timer every time and 1225 * never check whether we received a probe response! 1226 */ 1227 if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 1228 IEEE80211_STA_CONNECTION_POLL)) 1229 already = true; 1230 1231 if (beacon) 1232 ifmgd->flags |= IEEE80211_STA_BEACON_POLL; 1233 else 1234 ifmgd->flags |= IEEE80211_STA_CONNECTION_POLL; 1235 1236 if (already) 1237 goto out; 1238 1239 mutex_lock(&sdata->local->iflist_mtx); 1240 ieee80211_recalc_ps(sdata->local, -1); 1241 mutex_unlock(&sdata->local->iflist_mtx); 1242 1243 ifmgd->probe_send_count = 0; 1244 ieee80211_mgd_probe_ap_send(sdata); 1245 out: 1246 mutex_unlock(&ifmgd->mtx); 1247 } 1248 1249 void ieee80211_beacon_loss_work(struct work_struct *work) 1250 { 1251 struct ieee80211_sub_if_data *sdata = 1252 container_of(work, struct ieee80211_sub_if_data, 1253 u.mgd.beacon_loss_work); 1254 1255 ieee80211_mgd_probe_ap(sdata, true); 1256 } 1257 1258 void ieee80211_beacon_loss(struct ieee80211_vif *vif) 1259 { 1260 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 1261 1262 ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.beacon_loss_work); 1263 } 1264 EXPORT_SYMBOL(ieee80211_beacon_loss); 1265 1266 static void ieee80211_auth_completed(struct ieee80211_sub_if_data *sdata, 1267 struct ieee80211_mgd_work *wk) 1268 { 1269 wk->state = IEEE80211_MGD_STATE_IDLE; 1270 printk(KERN_DEBUG "%s: authenticated\n", sdata->dev->name); 1271 } 1272 1273 1274 static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata, 1275 struct ieee80211_mgd_work *wk, 1276 struct ieee80211_mgmt *mgmt, 1277 size_t len) 1278 { 1279 u8 *pos; 1280 struct ieee802_11_elems elems; 1281 1282 pos = mgmt->u.auth.variable; 1283 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems); 1284 if (!elems.challenge) 1285 return; 1286 ieee80211_send_auth(sdata, 3, wk->auth_alg, 1287 elems.challenge - 2, elems.challenge_len + 2, 1288 wk->bss->cbss.bssid, 1289 wk->key, wk->key_len, wk->key_idx); 1290 wk->auth_transaction = 4; 1291 } 1292 1293 static enum rx_mgmt_action __must_check 1294 ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata, 1295 struct ieee80211_mgd_work *wk, 1296 struct ieee80211_mgmt *mgmt, size_t len) 1297 { 1298 u16 auth_alg, auth_transaction, status_code; 1299 1300 if (wk->state != IEEE80211_MGD_STATE_AUTH) 1301 return RX_MGMT_NONE; 1302 1303 if (len < 24 + 6) 1304 return RX_MGMT_NONE; 1305 1306 if (memcmp(wk->bss->cbss.bssid, mgmt->sa, ETH_ALEN) != 0) 1307 return RX_MGMT_NONE; 1308 1309 if (memcmp(wk->bss->cbss.bssid, mgmt->bssid, ETH_ALEN) != 0) 1310 return RX_MGMT_NONE; 1311 1312 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg); 1313 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction); 1314 status_code = le16_to_cpu(mgmt->u.auth.status_code); 1315 1316 if (auth_alg != wk->auth_alg || 1317 auth_transaction != wk->auth_transaction) 1318 return RX_MGMT_NONE; 1319 1320 if (status_code != WLAN_STATUS_SUCCESS) { 1321 list_del(&wk->list); 1322 kfree(wk); 1323 return RX_MGMT_CFG80211_AUTH; 1324 } 1325 1326 switch (wk->auth_alg) { 1327 case WLAN_AUTH_OPEN: 1328 case WLAN_AUTH_LEAP: 1329 case WLAN_AUTH_FT: 1330 ieee80211_auth_completed(sdata, wk); 1331 return RX_MGMT_CFG80211_AUTH; 1332 case WLAN_AUTH_SHARED_KEY: 1333 if (wk->auth_transaction == 4) { 1334 ieee80211_auth_completed(sdata, wk); 1335 return RX_MGMT_CFG80211_AUTH; 1336 } else 1337 ieee80211_auth_challenge(sdata, wk, mgmt, len); 1338 break; 1339 } 1340 1341 return RX_MGMT_NONE; 1342 } 1343 1344 1345 static enum rx_mgmt_action __must_check 1346 ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata, 1347 struct ieee80211_mgd_work *wk, 1348 struct ieee80211_mgmt *mgmt, size_t len) 1349 { 1350 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1351 const u8 *bssid = NULL; 1352 u16 reason_code; 1353 1354 if (len < 24 + 2) 1355 return RX_MGMT_NONE; 1356 1357 ASSERT_MGD_MTX(ifmgd); 1358 1359 if (wk) 1360 bssid = wk->bss->cbss.bssid; 1361 else 1362 bssid = ifmgd->associated->cbss.bssid; 1363 1364 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code); 1365 1366 printk(KERN_DEBUG "%s: deauthenticated from %pM (Reason: %u)\n", 1367 sdata->dev->name, bssid, reason_code); 1368 1369 if (!wk) { 1370 ieee80211_set_disassoc(sdata, true); 1371 ieee80211_recalc_idle(sdata->local); 1372 } else { 1373 list_del(&wk->list); 1374 kfree(wk); 1375 } 1376 1377 return RX_MGMT_CFG80211_DEAUTH; 1378 } 1379 1380 1381 static enum rx_mgmt_action __must_check 1382 ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata, 1383 struct ieee80211_mgmt *mgmt, size_t len) 1384 { 1385 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1386 u16 reason_code; 1387 1388 if (len < 24 + 2) 1389 return RX_MGMT_NONE; 1390 1391 ASSERT_MGD_MTX(ifmgd); 1392 1393 if (WARN_ON(!ifmgd->associated)) 1394 return RX_MGMT_NONE; 1395 1396 if (WARN_ON(memcmp(ifmgd->associated->cbss.bssid, mgmt->sa, ETH_ALEN))) 1397 return RX_MGMT_NONE; 1398 1399 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code); 1400 1401 printk(KERN_DEBUG "%s: disassociated from %pM (Reason: %u)\n", 1402 sdata->dev->name, mgmt->sa, reason_code); 1403 1404 ieee80211_set_disassoc(sdata, false); 1405 ieee80211_recalc_idle(sdata->local); 1406 return RX_MGMT_CFG80211_DISASSOC; 1407 } 1408 1409 1410 static enum rx_mgmt_action __must_check 1411 ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata, 1412 struct ieee80211_mgd_work *wk, 1413 struct ieee80211_mgmt *mgmt, size_t len, 1414 bool reassoc) 1415 { 1416 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1417 struct ieee80211_local *local = sdata->local; 1418 struct ieee80211_supported_band *sband; 1419 struct sta_info *sta; 1420 u32 rates, basic_rates; 1421 u16 capab_info, status_code, aid; 1422 struct ieee802_11_elems elems; 1423 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 1424 u8 *pos; 1425 u32 changed = 0; 1426 int i, j; 1427 bool have_higher_than_11mbit = false, newsta = false; 1428 u16 ap_ht_cap_flags; 1429 1430 /* 1431 * AssocResp and ReassocResp have identical structure, so process both 1432 * of them in this function. 1433 */ 1434 1435 if (len < 24 + 6) 1436 return RX_MGMT_NONE; 1437 1438 if (memcmp(wk->bss->cbss.bssid, mgmt->sa, ETH_ALEN) != 0) 1439 return RX_MGMT_NONE; 1440 1441 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 1442 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code); 1443 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 1444 1445 printk(KERN_DEBUG "%s: RX %sssocResp from %pM (capab=0x%x " 1446 "status=%d aid=%d)\n", 1447 sdata->dev->name, reassoc ? "Rea" : "A", mgmt->sa, 1448 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14)))); 1449 1450 pos = mgmt->u.assoc_resp.variable; 1451 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems); 1452 1453 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY && 1454 elems.timeout_int && elems.timeout_int_len == 5 && 1455 elems.timeout_int[0] == WLAN_TIMEOUT_ASSOC_COMEBACK) { 1456 u32 tu, ms; 1457 tu = get_unaligned_le32(elems.timeout_int + 1); 1458 ms = tu * 1024 / 1000; 1459 printk(KERN_DEBUG "%s: AP rejected association temporarily; " 1460 "comeback duration %u TU (%u ms)\n", 1461 sdata->dev->name, tu, ms); 1462 wk->timeout = jiffies + msecs_to_jiffies(ms); 1463 if (ms > IEEE80211_ASSOC_TIMEOUT) 1464 run_again(ifmgd, jiffies + msecs_to_jiffies(ms)); 1465 return RX_MGMT_NONE; 1466 } 1467 1468 if (status_code != WLAN_STATUS_SUCCESS) { 1469 printk(KERN_DEBUG "%s: AP denied association (code=%d)\n", 1470 sdata->dev->name, status_code); 1471 wk->state = IEEE80211_MGD_STATE_IDLE; 1472 return RX_MGMT_CFG80211_ASSOC; 1473 } 1474 1475 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14))) 1476 printk(KERN_DEBUG "%s: invalid aid value %d; bits 15:14 not " 1477 "set\n", sdata->dev->name, aid); 1478 aid &= ~(BIT(15) | BIT(14)); 1479 1480 if (!elems.supp_rates) { 1481 printk(KERN_DEBUG "%s: no SuppRates element in AssocResp\n", 1482 sdata->dev->name); 1483 return RX_MGMT_NONE; 1484 } 1485 1486 printk(KERN_DEBUG "%s: associated\n", sdata->dev->name); 1487 ifmgd->aid = aid; 1488 1489 rcu_read_lock(); 1490 1491 /* Add STA entry for the AP */ 1492 sta = sta_info_get(local, wk->bss->cbss.bssid); 1493 if (!sta) { 1494 newsta = true; 1495 1496 rcu_read_unlock(); 1497 1498 sta = sta_info_alloc(sdata, wk->bss->cbss.bssid, GFP_KERNEL); 1499 if (!sta) { 1500 printk(KERN_DEBUG "%s: failed to alloc STA entry for" 1501 " the AP\n", sdata->dev->name); 1502 return RX_MGMT_NONE; 1503 } 1504 1505 set_sta_flags(sta, WLAN_STA_AUTH | WLAN_STA_ASSOC | 1506 WLAN_STA_ASSOC_AP); 1507 if (!(ifmgd->flags & IEEE80211_STA_CONTROL_PORT)) 1508 set_sta_flags(sta, WLAN_STA_AUTHORIZED); 1509 1510 rcu_read_lock(); 1511 } 1512 1513 rates = 0; 1514 basic_rates = 0; 1515 sband = local->hw.wiphy->bands[local->hw.conf.channel->band]; 1516 1517 for (i = 0; i < elems.supp_rates_len; i++) { 1518 int rate = (elems.supp_rates[i] & 0x7f) * 5; 1519 bool is_basic = !!(elems.supp_rates[i] & 0x80); 1520 1521 if (rate > 110) 1522 have_higher_than_11mbit = true; 1523 1524 for (j = 0; j < sband->n_bitrates; j++) { 1525 if (sband->bitrates[j].bitrate == rate) { 1526 rates |= BIT(j); 1527 if (is_basic) 1528 basic_rates |= BIT(j); 1529 break; 1530 } 1531 } 1532 } 1533 1534 for (i = 0; i < elems.ext_supp_rates_len; i++) { 1535 int rate = (elems.ext_supp_rates[i] & 0x7f) * 5; 1536 bool is_basic = !!(elems.ext_supp_rates[i] & 0x80); 1537 1538 if (rate > 110) 1539 have_higher_than_11mbit = true; 1540 1541 for (j = 0; j < sband->n_bitrates; j++) { 1542 if (sband->bitrates[j].bitrate == rate) { 1543 rates |= BIT(j); 1544 if (is_basic) 1545 basic_rates |= BIT(j); 1546 break; 1547 } 1548 } 1549 } 1550 1551 sta->sta.supp_rates[local->hw.conf.channel->band] = rates; 1552 sdata->vif.bss_conf.basic_rates = basic_rates; 1553 1554 /* cf. IEEE 802.11 9.2.12 */ 1555 if (local->hw.conf.channel->band == IEEE80211_BAND_2GHZ && 1556 have_higher_than_11mbit) 1557 sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE; 1558 else 1559 sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE; 1560 1561 if (elems.ht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_11N)) 1562 ieee80211_ht_cap_ie_to_sta_ht_cap(sband, 1563 elems.ht_cap_elem, &sta->sta.ht_cap); 1564 1565 ap_ht_cap_flags = sta->sta.ht_cap.cap; 1566 1567 rate_control_rate_init(sta); 1568 1569 if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED) 1570 set_sta_flags(sta, WLAN_STA_MFP); 1571 1572 if (elems.wmm_param) 1573 set_sta_flags(sta, WLAN_STA_WME); 1574 1575 if (newsta) { 1576 int err = sta_info_insert(sta); 1577 if (err) { 1578 printk(KERN_DEBUG "%s: failed to insert STA entry for" 1579 " the AP (error %d)\n", sdata->dev->name, err); 1580 rcu_read_unlock(); 1581 return RX_MGMT_NONE; 1582 } 1583 } 1584 1585 rcu_read_unlock(); 1586 1587 if (elems.wmm_param) 1588 ieee80211_sta_wmm_params(local, ifmgd, elems.wmm_param, 1589 elems.wmm_param_len); 1590 else 1591 ieee80211_set_wmm_default(sdata); 1592 1593 if (elems.ht_info_elem && elems.wmm_param && 1594 (ifmgd->flags & IEEE80211_STA_WMM_ENABLED) && 1595 !(ifmgd->flags & IEEE80211_STA_DISABLE_11N)) 1596 changed |= ieee80211_enable_ht(sdata, elems.ht_info_elem, 1597 wk->bss->cbss.bssid, 1598 ap_ht_cap_flags); 1599 1600 /* delete work item -- must be before set_associated for PS */ 1601 list_del(&wk->list); 1602 1603 /* set AID and assoc capability, 1604 * ieee80211_set_associated() will tell the driver */ 1605 bss_conf->aid = aid; 1606 bss_conf->assoc_capability = capab_info; 1607 /* this will take ownership of wk */ 1608 ieee80211_set_associated(sdata, wk, changed); 1609 1610 /* 1611 * Start timer to probe the connection to the AP now. 1612 * Also start the timer that will detect beacon loss. 1613 */ 1614 ieee80211_sta_rx_notify(sdata, (struct ieee80211_hdr *)mgmt); 1615 mod_beacon_timer(sdata); 1616 1617 return RX_MGMT_CFG80211_ASSOC; 1618 } 1619 1620 1621 static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata, 1622 struct ieee80211_mgmt *mgmt, 1623 size_t len, 1624 struct ieee80211_rx_status *rx_status, 1625 struct ieee802_11_elems *elems, 1626 bool beacon) 1627 { 1628 struct ieee80211_local *local = sdata->local; 1629 int freq; 1630 struct ieee80211_bss *bss; 1631 struct ieee80211_channel *channel; 1632 1633 if (elems->ds_params && elems->ds_params_len == 1) 1634 freq = ieee80211_channel_to_frequency(elems->ds_params[0]); 1635 else 1636 freq = rx_status->freq; 1637 1638 channel = ieee80211_get_channel(local->hw.wiphy, freq); 1639 1640 if (!channel || channel->flags & IEEE80211_CHAN_DISABLED) 1641 return; 1642 1643 bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, elems, 1644 channel, beacon); 1645 if (bss) 1646 ieee80211_rx_bss_put(local, bss); 1647 1648 if (!sdata->u.mgd.associated) 1649 return; 1650 1651 if (elems->ch_switch_elem && (elems->ch_switch_elem_len == 3) && 1652 (memcmp(mgmt->bssid, sdata->u.mgd.associated->cbss.bssid, 1653 ETH_ALEN) == 0)) { 1654 struct ieee80211_channel_sw_ie *sw_elem = 1655 (struct ieee80211_channel_sw_ie *)elems->ch_switch_elem; 1656 ieee80211_sta_process_chanswitch(sdata, sw_elem, bss); 1657 } 1658 } 1659 1660 1661 static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata, 1662 struct ieee80211_mgd_work *wk, 1663 struct ieee80211_mgmt *mgmt, size_t len, 1664 struct ieee80211_rx_status *rx_status) 1665 { 1666 struct ieee80211_if_managed *ifmgd; 1667 size_t baselen; 1668 struct ieee802_11_elems elems; 1669 1670 ifmgd = &sdata->u.mgd; 1671 1672 ASSERT_MGD_MTX(ifmgd); 1673 1674 if (memcmp(mgmt->da, sdata->dev->dev_addr, ETH_ALEN)) 1675 return; /* ignore ProbeResp to foreign address */ 1676 1677 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt; 1678 if (baselen > len) 1679 return; 1680 1681 ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen, 1682 &elems); 1683 1684 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems, false); 1685 1686 /* direct probe may be part of the association flow */ 1687 if (wk && wk->state == IEEE80211_MGD_STATE_PROBE) { 1688 printk(KERN_DEBUG "%s: direct probe responded\n", 1689 sdata->dev->name); 1690 wk->tries = 0; 1691 wk->state = IEEE80211_MGD_STATE_AUTH; 1692 WARN_ON(ieee80211_authenticate(sdata, wk) != RX_MGMT_NONE); 1693 } 1694 1695 if (ifmgd->associated && 1696 memcmp(mgmt->bssid, ifmgd->associated->cbss.bssid, ETH_ALEN) == 0 && 1697 ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 1698 IEEE80211_STA_CONNECTION_POLL)) { 1699 ifmgd->flags &= ~(IEEE80211_STA_CONNECTION_POLL | 1700 IEEE80211_STA_BEACON_POLL); 1701 mutex_lock(&sdata->local->iflist_mtx); 1702 ieee80211_recalc_ps(sdata->local, -1); 1703 mutex_unlock(&sdata->local->iflist_mtx); 1704 /* 1705 * We've received a probe response, but are not sure whether 1706 * we have or will be receiving any beacons or data, so let's 1707 * schedule the timers again, just in case. 1708 */ 1709 mod_beacon_timer(sdata); 1710 mod_timer(&ifmgd->conn_mon_timer, 1711 round_jiffies_up(jiffies + 1712 IEEE80211_CONNECTION_IDLE_TIME)); 1713 } 1714 } 1715 1716 /* 1717 * This is the canonical list of information elements we care about, 1718 * the filter code also gives us all changes to the Microsoft OUI 1719 * (00:50:F2) vendor IE which is used for WMM which we need to track. 1720 * 1721 * We implement beacon filtering in software since that means we can 1722 * avoid processing the frame here and in cfg80211, and userspace 1723 * will not be able to tell whether the hardware supports it or not. 1724 * 1725 * XXX: This list needs to be dynamic -- userspace needs to be able to 1726 * add items it requires. It also needs to be able to tell us to 1727 * look out for other vendor IEs. 1728 */ 1729 static const u64 care_about_ies = 1730 (1ULL << WLAN_EID_COUNTRY) | 1731 (1ULL << WLAN_EID_ERP_INFO) | 1732 (1ULL << WLAN_EID_CHANNEL_SWITCH) | 1733 (1ULL << WLAN_EID_PWR_CONSTRAINT) | 1734 (1ULL << WLAN_EID_HT_CAPABILITY) | 1735 (1ULL << WLAN_EID_HT_INFORMATION); 1736 1737 static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata, 1738 struct ieee80211_mgmt *mgmt, 1739 size_t len, 1740 struct ieee80211_rx_status *rx_status) 1741 { 1742 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1743 size_t baselen; 1744 struct ieee802_11_elems elems; 1745 struct ieee80211_local *local = sdata->local; 1746 u32 changed = 0; 1747 bool erp_valid, directed_tim = false; 1748 u8 erp_value = 0; 1749 u32 ncrc; 1750 u8 *bssid; 1751 1752 ASSERT_MGD_MTX(ifmgd); 1753 1754 /* Process beacon from the current BSS */ 1755 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt; 1756 if (baselen > len) 1757 return; 1758 1759 if (rx_status->freq != local->hw.conf.channel->center_freq) 1760 return; 1761 1762 /* 1763 * We might have received a number of frames, among them a 1764 * disassoc frame and a beacon... 1765 */ 1766 if (!ifmgd->associated) 1767 return; 1768 1769 bssid = ifmgd->associated->cbss.bssid; 1770 1771 /* 1772 * And in theory even frames from a different AP we were just 1773 * associated to a split-second ago! 1774 */ 1775 if (memcmp(bssid, mgmt->bssid, ETH_ALEN) != 0) 1776 return; 1777 1778 if (ifmgd->flags & IEEE80211_STA_BEACON_POLL) { 1779 #ifdef CONFIG_MAC80211_VERBOSE_DEBUG 1780 if (net_ratelimit()) { 1781 printk(KERN_DEBUG "%s: cancelling probereq poll due " 1782 "to a received beacon\n", sdata->dev->name); 1783 } 1784 #endif 1785 ifmgd->flags &= ~IEEE80211_STA_BEACON_POLL; 1786 mutex_lock(&local->iflist_mtx); 1787 ieee80211_recalc_ps(local, -1); 1788 mutex_unlock(&local->iflist_mtx); 1789 } 1790 1791 /* 1792 * Push the beacon loss detection into the future since 1793 * we are processing a beacon from the AP just now. 1794 */ 1795 mod_beacon_timer(sdata); 1796 1797 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4); 1798 ncrc = ieee802_11_parse_elems_crc(mgmt->u.beacon.variable, 1799 len - baselen, &elems, 1800 care_about_ies, ncrc); 1801 1802 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) 1803 directed_tim = ieee80211_check_tim(elems.tim, elems.tim_len, 1804 ifmgd->aid); 1805 1806 if (ncrc != ifmgd->beacon_crc) { 1807 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems, 1808 true); 1809 1810 ieee80211_sta_wmm_params(local, ifmgd, elems.wmm_param, 1811 elems.wmm_param_len); 1812 } 1813 1814 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) { 1815 if (directed_tim) { 1816 if (local->hw.conf.dynamic_ps_timeout > 0) { 1817 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 1818 ieee80211_hw_config(local, 1819 IEEE80211_CONF_CHANGE_PS); 1820 ieee80211_send_nullfunc(local, sdata, 0); 1821 } else { 1822 local->pspolling = true; 1823 1824 /* 1825 * Here is assumed that the driver will be 1826 * able to send ps-poll frame and receive a 1827 * response even though power save mode is 1828 * enabled, but some drivers might require 1829 * to disable power save here. This needs 1830 * to be investigated. 1831 */ 1832 ieee80211_send_pspoll(local, sdata); 1833 } 1834 } 1835 } 1836 1837 if (ncrc == ifmgd->beacon_crc) 1838 return; 1839 ifmgd->beacon_crc = ncrc; 1840 1841 if (elems.erp_info && elems.erp_info_len >= 1) { 1842 erp_valid = true; 1843 erp_value = elems.erp_info[0]; 1844 } else { 1845 erp_valid = false; 1846 } 1847 changed |= ieee80211_handle_bss_capability(sdata, 1848 le16_to_cpu(mgmt->u.beacon.capab_info), 1849 erp_valid, erp_value); 1850 1851 1852 if (elems.ht_cap_elem && elems.ht_info_elem && elems.wmm_param && 1853 !(ifmgd->flags & IEEE80211_STA_DISABLE_11N)) { 1854 struct sta_info *sta; 1855 struct ieee80211_supported_band *sband; 1856 u16 ap_ht_cap_flags; 1857 1858 rcu_read_lock(); 1859 1860 sta = sta_info_get(local, bssid); 1861 if (WARN_ON(!sta)) { 1862 rcu_read_unlock(); 1863 return; 1864 } 1865 1866 sband = local->hw.wiphy->bands[local->hw.conf.channel->band]; 1867 1868 ieee80211_ht_cap_ie_to_sta_ht_cap(sband, 1869 elems.ht_cap_elem, &sta->sta.ht_cap); 1870 1871 ap_ht_cap_flags = sta->sta.ht_cap.cap; 1872 1873 rcu_read_unlock(); 1874 1875 changed |= ieee80211_enable_ht(sdata, elems.ht_info_elem, 1876 bssid, ap_ht_cap_flags); 1877 } 1878 1879 /* Note: country IE parsing is done for us by cfg80211 */ 1880 if (elems.country_elem) { 1881 /* TODO: IBSS also needs this */ 1882 if (elems.pwr_constr_elem) 1883 ieee80211_handle_pwr_constr(sdata, 1884 le16_to_cpu(mgmt->u.probe_resp.capab_info), 1885 elems.pwr_constr_elem, 1886 elems.pwr_constr_elem_len); 1887 } 1888 1889 ieee80211_bss_info_change_notify(sdata, changed); 1890 } 1891 1892 ieee80211_rx_result ieee80211_sta_rx_mgmt(struct ieee80211_sub_if_data *sdata, 1893 struct sk_buff *skb) 1894 { 1895 struct ieee80211_local *local = sdata->local; 1896 struct ieee80211_mgmt *mgmt; 1897 u16 fc; 1898 1899 if (skb->len < 24) 1900 return RX_DROP_MONITOR; 1901 1902 mgmt = (struct ieee80211_mgmt *) skb->data; 1903 fc = le16_to_cpu(mgmt->frame_control); 1904 1905 switch (fc & IEEE80211_FCTL_STYPE) { 1906 case IEEE80211_STYPE_PROBE_RESP: 1907 case IEEE80211_STYPE_BEACON: 1908 case IEEE80211_STYPE_AUTH: 1909 case IEEE80211_STYPE_ASSOC_RESP: 1910 case IEEE80211_STYPE_REASSOC_RESP: 1911 case IEEE80211_STYPE_DEAUTH: 1912 case IEEE80211_STYPE_DISASSOC: 1913 case IEEE80211_STYPE_ACTION: 1914 skb_queue_tail(&sdata->u.mgd.skb_queue, skb); 1915 ieee80211_queue_work(&local->hw, &sdata->u.mgd.work); 1916 return RX_QUEUED; 1917 } 1918 1919 return RX_DROP_MONITOR; 1920 } 1921 1922 static void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata, 1923 struct sk_buff *skb) 1924 { 1925 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1926 struct ieee80211_rx_status *rx_status; 1927 struct ieee80211_mgmt *mgmt; 1928 struct ieee80211_mgd_work *wk; 1929 enum rx_mgmt_action rma = RX_MGMT_NONE; 1930 u16 fc; 1931 1932 rx_status = (struct ieee80211_rx_status *) skb->cb; 1933 mgmt = (struct ieee80211_mgmt *) skb->data; 1934 fc = le16_to_cpu(mgmt->frame_control); 1935 1936 mutex_lock(&ifmgd->mtx); 1937 1938 if (ifmgd->associated && 1939 memcmp(ifmgd->associated->cbss.bssid, mgmt->bssid, 1940 ETH_ALEN) == 0) { 1941 switch (fc & IEEE80211_FCTL_STYPE) { 1942 case IEEE80211_STYPE_BEACON: 1943 ieee80211_rx_mgmt_beacon(sdata, mgmt, skb->len, 1944 rx_status); 1945 break; 1946 case IEEE80211_STYPE_PROBE_RESP: 1947 ieee80211_rx_mgmt_probe_resp(sdata, NULL, mgmt, 1948 skb->len, rx_status); 1949 break; 1950 case IEEE80211_STYPE_DEAUTH: 1951 rma = ieee80211_rx_mgmt_deauth(sdata, NULL, 1952 mgmt, skb->len); 1953 break; 1954 case IEEE80211_STYPE_DISASSOC: 1955 rma = ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len); 1956 break; 1957 case IEEE80211_STYPE_ACTION: 1958 /* XXX: differentiate, can only happen for CSA now! */ 1959 ieee80211_sta_process_chanswitch(sdata, 1960 &mgmt->u.action.u.chan_switch.sw_elem, 1961 ifmgd->associated); 1962 break; 1963 } 1964 mutex_unlock(&ifmgd->mtx); 1965 1966 switch (rma) { 1967 case RX_MGMT_NONE: 1968 /* no action */ 1969 break; 1970 case RX_MGMT_CFG80211_DEAUTH: 1971 cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len); 1972 break; 1973 case RX_MGMT_CFG80211_DISASSOC: 1974 cfg80211_send_disassoc(sdata->dev, (u8 *)mgmt, skb->len); 1975 break; 1976 default: 1977 WARN(1, "unexpected: %d", rma); 1978 } 1979 goto out; 1980 } 1981 1982 list_for_each_entry(wk, &ifmgd->work_list, list) { 1983 if (memcmp(wk->bss->cbss.bssid, mgmt->bssid, ETH_ALEN) != 0) 1984 continue; 1985 1986 switch (fc & IEEE80211_FCTL_STYPE) { 1987 case IEEE80211_STYPE_PROBE_RESP: 1988 ieee80211_rx_mgmt_probe_resp(sdata, wk, mgmt, skb->len, 1989 rx_status); 1990 break; 1991 case IEEE80211_STYPE_AUTH: 1992 rma = ieee80211_rx_mgmt_auth(sdata, wk, mgmt, skb->len); 1993 break; 1994 case IEEE80211_STYPE_ASSOC_RESP: 1995 rma = ieee80211_rx_mgmt_assoc_resp(sdata, wk, mgmt, 1996 skb->len, false); 1997 break; 1998 case IEEE80211_STYPE_REASSOC_RESP: 1999 rma = ieee80211_rx_mgmt_assoc_resp(sdata, wk, mgmt, 2000 skb->len, true); 2001 break; 2002 case IEEE80211_STYPE_DEAUTH: 2003 rma = ieee80211_rx_mgmt_deauth(sdata, wk, mgmt, 2004 skb->len); 2005 break; 2006 } 2007 /* 2008 * We've processed this frame for that work, so it can't 2009 * belong to another work struct. 2010 * NB: this is also required for correctness because the 2011 * called functions can free 'wk', and for 'rma'! 2012 */ 2013 break; 2014 } 2015 2016 mutex_unlock(&ifmgd->mtx); 2017 2018 switch (rma) { 2019 case RX_MGMT_NONE: 2020 /* no action */ 2021 break; 2022 case RX_MGMT_CFG80211_AUTH: 2023 cfg80211_send_rx_auth(sdata->dev, (u8 *) mgmt, skb->len); 2024 break; 2025 case RX_MGMT_CFG80211_ASSOC: 2026 cfg80211_send_rx_assoc(sdata->dev, (u8 *) mgmt, skb->len); 2027 break; 2028 case RX_MGMT_CFG80211_DEAUTH: 2029 cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len); 2030 break; 2031 default: 2032 WARN(1, "unexpected: %d", rma); 2033 } 2034 2035 out: 2036 kfree_skb(skb); 2037 } 2038 2039 static void ieee80211_sta_timer(unsigned long data) 2040 { 2041 struct ieee80211_sub_if_data *sdata = 2042 (struct ieee80211_sub_if_data *) data; 2043 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2044 struct ieee80211_local *local = sdata->local; 2045 2046 if (local->quiescing) { 2047 set_bit(TMR_RUNNING_TIMER, &ifmgd->timers_running); 2048 return; 2049 } 2050 2051 ieee80211_queue_work(&local->hw, &ifmgd->work); 2052 } 2053 2054 static void ieee80211_sta_work(struct work_struct *work) 2055 { 2056 struct ieee80211_sub_if_data *sdata = 2057 container_of(work, struct ieee80211_sub_if_data, u.mgd.work); 2058 struct ieee80211_local *local = sdata->local; 2059 struct ieee80211_if_managed *ifmgd; 2060 struct sk_buff *skb; 2061 struct ieee80211_mgd_work *wk, *tmp; 2062 LIST_HEAD(free_work); 2063 enum rx_mgmt_action rma; 2064 bool anybusy = false; 2065 2066 if (!netif_running(sdata->dev)) 2067 return; 2068 2069 if (local->scanning) 2070 return; 2071 2072 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 2073 return; 2074 2075 /* 2076 * ieee80211_queue_work() should have picked up most cases, 2077 * here we'll pick the the rest. 2078 */ 2079 if (WARN(local->suspended, "STA MLME work scheduled while " 2080 "going to suspend\n")) 2081 return; 2082 2083 ifmgd = &sdata->u.mgd; 2084 2085 /* first process frames to avoid timing out while a frame is pending */ 2086 while ((skb = skb_dequeue(&ifmgd->skb_queue))) 2087 ieee80211_sta_rx_queued_mgmt(sdata, skb); 2088 2089 /* then process the rest of the work */ 2090 mutex_lock(&ifmgd->mtx); 2091 2092 if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 2093 IEEE80211_STA_CONNECTION_POLL) && 2094 ifmgd->associated) { 2095 u8 bssid[ETH_ALEN]; 2096 2097 memcpy(bssid, ifmgd->associated->cbss.bssid, ETH_ALEN); 2098 if (time_is_after_jiffies(ifmgd->probe_timeout)) 2099 run_again(ifmgd, ifmgd->probe_timeout); 2100 2101 else if (ifmgd->probe_send_count < IEEE80211_MAX_PROBE_TRIES) { 2102 #ifdef CONFIG_MAC80211_VERBOSE_DEBUG 2103 printk(KERN_DEBUG "No probe response from AP %pM" 2104 " after %dms, try %d\n", bssid, 2105 (1000 * IEEE80211_PROBE_WAIT)/HZ, 2106 ifmgd->probe_send_count); 2107 #endif 2108 ieee80211_mgd_probe_ap_send(sdata); 2109 } else { 2110 /* 2111 * We actually lost the connection ... or did we? 2112 * Let's make sure! 2113 */ 2114 ifmgd->flags &= ~(IEEE80211_STA_CONNECTION_POLL | 2115 IEEE80211_STA_BEACON_POLL); 2116 printk(KERN_DEBUG "No probe response from AP %pM" 2117 " after %dms, disconnecting.\n", 2118 bssid, (1000 * IEEE80211_PROBE_WAIT)/HZ); 2119 ieee80211_set_disassoc(sdata, true); 2120 ieee80211_recalc_idle(local); 2121 mutex_unlock(&ifmgd->mtx); 2122 /* 2123 * must be outside lock due to cfg80211, 2124 * but that's not a problem. 2125 */ 2126 ieee80211_send_deauth_disassoc(sdata, bssid, 2127 IEEE80211_STYPE_DEAUTH, 2128 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, 2129 NULL); 2130 mutex_lock(&ifmgd->mtx); 2131 } 2132 } 2133 2134 2135 ieee80211_recalc_idle(local); 2136 2137 list_for_each_entry_safe(wk, tmp, &ifmgd->work_list, list) { 2138 if (time_is_after_jiffies(wk->timeout)) { 2139 /* 2140 * This work item isn't supposed to be worked on 2141 * right now, but take care to adjust the timer 2142 * properly. 2143 */ 2144 run_again(ifmgd, wk->timeout); 2145 continue; 2146 } 2147 2148 switch (wk->state) { 2149 default: 2150 WARN_ON(1); 2151 /* fall through */ 2152 case IEEE80211_MGD_STATE_IDLE: 2153 /* nothing */ 2154 rma = RX_MGMT_NONE; 2155 break; 2156 case IEEE80211_MGD_STATE_PROBE: 2157 rma = ieee80211_direct_probe(sdata, wk); 2158 break; 2159 case IEEE80211_MGD_STATE_AUTH: 2160 rma = ieee80211_authenticate(sdata, wk); 2161 break; 2162 case IEEE80211_MGD_STATE_ASSOC: 2163 rma = ieee80211_associate(sdata, wk); 2164 break; 2165 } 2166 2167 switch (rma) { 2168 case RX_MGMT_NONE: 2169 /* no action required */ 2170 break; 2171 case RX_MGMT_CFG80211_AUTH_TO: 2172 case RX_MGMT_CFG80211_ASSOC_TO: 2173 list_del(&wk->list); 2174 list_add(&wk->list, &free_work); 2175 wk->tries = rma; /* small abuse but only local */ 2176 break; 2177 default: 2178 WARN(1, "unexpected: %d", rma); 2179 } 2180 } 2181 2182 list_for_each_entry(wk, &ifmgd->work_list, list) { 2183 if (wk->state != IEEE80211_MGD_STATE_IDLE) { 2184 anybusy = true; 2185 break; 2186 } 2187 } 2188 if (!anybusy && 2189 test_and_clear_bit(IEEE80211_STA_REQ_SCAN, &ifmgd->request)) 2190 ieee80211_queue_delayed_work(&local->hw, 2191 &local->scan_work, 2192 round_jiffies_relative(0)); 2193 2194 mutex_unlock(&ifmgd->mtx); 2195 2196 list_for_each_entry_safe(wk, tmp, &free_work, list) { 2197 switch (wk->tries) { 2198 case RX_MGMT_CFG80211_AUTH_TO: 2199 cfg80211_send_auth_timeout(sdata->dev, 2200 wk->bss->cbss.bssid); 2201 break; 2202 case RX_MGMT_CFG80211_ASSOC_TO: 2203 cfg80211_send_assoc_timeout(sdata->dev, 2204 wk->bss->cbss.bssid); 2205 break; 2206 default: 2207 WARN(1, "unexpected: %d", wk->tries); 2208 } 2209 2210 list_del(&wk->list); 2211 kfree(wk); 2212 } 2213 2214 ieee80211_recalc_idle(local); 2215 } 2216 2217 static void ieee80211_sta_bcn_mon_timer(unsigned long data) 2218 { 2219 struct ieee80211_sub_if_data *sdata = 2220 (struct ieee80211_sub_if_data *) data; 2221 struct ieee80211_local *local = sdata->local; 2222 2223 if (local->quiescing) 2224 return; 2225 2226 ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.beacon_loss_work); 2227 } 2228 2229 static void ieee80211_sta_conn_mon_timer(unsigned long data) 2230 { 2231 struct ieee80211_sub_if_data *sdata = 2232 (struct ieee80211_sub_if_data *) data; 2233 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2234 struct ieee80211_local *local = sdata->local; 2235 2236 if (local->quiescing) 2237 return; 2238 2239 ieee80211_queue_work(&local->hw, &ifmgd->monitor_work); 2240 } 2241 2242 static void ieee80211_sta_monitor_work(struct work_struct *work) 2243 { 2244 struct ieee80211_sub_if_data *sdata = 2245 container_of(work, struct ieee80211_sub_if_data, 2246 u.mgd.monitor_work); 2247 2248 ieee80211_mgd_probe_ap(sdata, false); 2249 } 2250 2251 static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata) 2252 { 2253 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 2254 sdata->u.mgd.flags &= ~(IEEE80211_STA_BEACON_POLL | 2255 IEEE80211_STA_CONNECTION_POLL); 2256 2257 /* let's probe the connection once */ 2258 ieee80211_queue_work(&sdata->local->hw, 2259 &sdata->u.mgd.monitor_work); 2260 /* and do all the other regular work too */ 2261 ieee80211_queue_work(&sdata->local->hw, 2262 &sdata->u.mgd.work); 2263 } 2264 } 2265 2266 #ifdef CONFIG_PM 2267 void ieee80211_sta_quiesce(struct ieee80211_sub_if_data *sdata) 2268 { 2269 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2270 2271 /* 2272 * we need to use atomic bitops for the running bits 2273 * only because both timers might fire at the same 2274 * time -- the code here is properly synchronised. 2275 */ 2276 2277 cancel_work_sync(&ifmgd->work); 2278 cancel_work_sync(&ifmgd->beacon_loss_work); 2279 if (del_timer_sync(&ifmgd->timer)) 2280 set_bit(TMR_RUNNING_TIMER, &ifmgd->timers_running); 2281 2282 cancel_work_sync(&ifmgd->chswitch_work); 2283 if (del_timer_sync(&ifmgd->chswitch_timer)) 2284 set_bit(TMR_RUNNING_CHANSW, &ifmgd->timers_running); 2285 2286 cancel_work_sync(&ifmgd->monitor_work); 2287 /* these will just be re-established on connection */ 2288 del_timer_sync(&ifmgd->conn_mon_timer); 2289 del_timer_sync(&ifmgd->bcn_mon_timer); 2290 } 2291 2292 void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata) 2293 { 2294 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2295 2296 if (test_and_clear_bit(TMR_RUNNING_TIMER, &ifmgd->timers_running)) 2297 add_timer(&ifmgd->timer); 2298 if (test_and_clear_bit(TMR_RUNNING_CHANSW, &ifmgd->timers_running)) 2299 add_timer(&ifmgd->chswitch_timer); 2300 } 2301 #endif 2302 2303 /* interface setup */ 2304 void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata) 2305 { 2306 struct ieee80211_if_managed *ifmgd; 2307 2308 ifmgd = &sdata->u.mgd; 2309 INIT_WORK(&ifmgd->work, ieee80211_sta_work); 2310 INIT_WORK(&ifmgd->monitor_work, ieee80211_sta_monitor_work); 2311 INIT_WORK(&ifmgd->chswitch_work, ieee80211_chswitch_work); 2312 INIT_WORK(&ifmgd->beacon_loss_work, ieee80211_beacon_loss_work); 2313 setup_timer(&ifmgd->timer, ieee80211_sta_timer, 2314 (unsigned long) sdata); 2315 setup_timer(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer, 2316 (unsigned long) sdata); 2317 setup_timer(&ifmgd->conn_mon_timer, ieee80211_sta_conn_mon_timer, 2318 (unsigned long) sdata); 2319 setup_timer(&ifmgd->chswitch_timer, ieee80211_chswitch_timer, 2320 (unsigned long) sdata); 2321 skb_queue_head_init(&ifmgd->skb_queue); 2322 2323 INIT_LIST_HEAD(&ifmgd->work_list); 2324 2325 ifmgd->capab = WLAN_CAPABILITY_ESS; 2326 ifmgd->flags = 0; 2327 if (sdata->local->hw.queues >= 4) 2328 ifmgd->flags |= IEEE80211_STA_WMM_ENABLED; 2329 2330 mutex_init(&ifmgd->mtx); 2331 } 2332 2333 /* scan finished notification */ 2334 void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local) 2335 { 2336 struct ieee80211_sub_if_data *sdata = local->scan_sdata; 2337 2338 /* Restart STA timers */ 2339 rcu_read_lock(); 2340 list_for_each_entry_rcu(sdata, &local->interfaces, list) 2341 ieee80211_restart_sta_timer(sdata); 2342 rcu_read_unlock(); 2343 } 2344 2345 int ieee80211_max_network_latency(struct notifier_block *nb, 2346 unsigned long data, void *dummy) 2347 { 2348 s32 latency_usec = (s32) data; 2349 struct ieee80211_local *local = 2350 container_of(nb, struct ieee80211_local, 2351 network_latency_notifier); 2352 2353 mutex_lock(&local->iflist_mtx); 2354 ieee80211_recalc_ps(local, latency_usec); 2355 mutex_unlock(&local->iflist_mtx); 2356 2357 return 0; 2358 } 2359 2360 /* config hooks */ 2361 int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata, 2362 struct cfg80211_auth_request *req) 2363 { 2364 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2365 const u8 *ssid; 2366 struct ieee80211_mgd_work *wk; 2367 u16 auth_alg; 2368 2369 switch (req->auth_type) { 2370 case NL80211_AUTHTYPE_OPEN_SYSTEM: 2371 auth_alg = WLAN_AUTH_OPEN; 2372 break; 2373 case NL80211_AUTHTYPE_SHARED_KEY: 2374 auth_alg = WLAN_AUTH_SHARED_KEY; 2375 break; 2376 case NL80211_AUTHTYPE_FT: 2377 auth_alg = WLAN_AUTH_FT; 2378 break; 2379 case NL80211_AUTHTYPE_NETWORK_EAP: 2380 auth_alg = WLAN_AUTH_LEAP; 2381 break; 2382 default: 2383 return -EOPNOTSUPP; 2384 } 2385 2386 wk = kzalloc(sizeof(*wk) + req->ie_len, GFP_KERNEL); 2387 if (!wk) 2388 return -ENOMEM; 2389 2390 wk->bss = (void *)req->bss; 2391 2392 if (req->ie && req->ie_len) { 2393 memcpy(wk->ie, req->ie, req->ie_len); 2394 wk->ie_len = req->ie_len; 2395 } 2396 2397 if (req->key && req->key_len) { 2398 wk->key_len = req->key_len; 2399 wk->key_idx = req->key_idx; 2400 memcpy(wk->key, req->key, req->key_len); 2401 } 2402 2403 ssid = ieee80211_bss_get_ie(req->bss, WLAN_EID_SSID); 2404 memcpy(wk->ssid, ssid + 2, ssid[1]); 2405 wk->ssid_len = ssid[1]; 2406 2407 wk->state = IEEE80211_MGD_STATE_PROBE; 2408 wk->auth_alg = auth_alg; 2409 wk->timeout = jiffies; /* run right away */ 2410 2411 /* 2412 * XXX: if still associated need to tell AP that we're going 2413 * to sleep and then change channel etc. 2414 */ 2415 sdata->local->oper_channel = req->bss->channel; 2416 ieee80211_hw_config(sdata->local, 0); 2417 2418 mutex_lock(&ifmgd->mtx); 2419 list_add(&wk->list, &sdata->u.mgd.work_list); 2420 mutex_unlock(&ifmgd->mtx); 2421 2422 ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.work); 2423 return 0; 2424 } 2425 2426 int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata, 2427 struct cfg80211_assoc_request *req) 2428 { 2429 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2430 struct ieee80211_mgd_work *wk, *found = NULL; 2431 int i, err; 2432 2433 mutex_lock(&ifmgd->mtx); 2434 2435 list_for_each_entry(wk, &ifmgd->work_list, list) { 2436 if (&wk->bss->cbss == req->bss && 2437 wk->state == IEEE80211_MGD_STATE_IDLE) { 2438 found = wk; 2439 break; 2440 } 2441 } 2442 2443 if (!found) { 2444 err = -ENOLINK; 2445 goto out; 2446 } 2447 2448 list_del(&found->list); 2449 2450 wk = krealloc(found, sizeof(*wk) + req->ie_len, GFP_KERNEL); 2451 if (!wk) { 2452 list_add(&found->list, &ifmgd->work_list); 2453 err = -ENOMEM; 2454 goto out; 2455 } 2456 2457 list_add(&wk->list, &ifmgd->work_list); 2458 2459 ifmgd->flags &= ~IEEE80211_STA_DISABLE_11N; 2460 2461 for (i = 0; i < req->crypto.n_ciphers_pairwise; i++) 2462 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 || 2463 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP || 2464 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) 2465 ifmgd->flags |= IEEE80211_STA_DISABLE_11N; 2466 2467 sdata->local->oper_channel = req->bss->channel; 2468 ieee80211_hw_config(sdata->local, 0); 2469 2470 if (req->ie && req->ie_len) { 2471 memcpy(wk->ie, req->ie, req->ie_len); 2472 wk->ie_len = req->ie_len; 2473 } else 2474 wk->ie_len = 0; 2475 2476 if (req->prev_bssid) 2477 memcpy(wk->prev_bssid, req->prev_bssid, ETH_ALEN); 2478 2479 wk->state = IEEE80211_MGD_STATE_ASSOC; 2480 wk->tries = 0; 2481 wk->timeout = jiffies; /* run right away */ 2482 2483 if (req->use_mfp) { 2484 ifmgd->mfp = IEEE80211_MFP_REQUIRED; 2485 ifmgd->flags |= IEEE80211_STA_MFP_ENABLED; 2486 } else { 2487 ifmgd->mfp = IEEE80211_MFP_DISABLED; 2488 ifmgd->flags &= ~IEEE80211_STA_MFP_ENABLED; 2489 } 2490 2491 if (req->crypto.control_port) 2492 ifmgd->flags |= IEEE80211_STA_CONTROL_PORT; 2493 else 2494 ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT; 2495 2496 ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.work); 2497 2498 err = 0; 2499 2500 out: 2501 mutex_unlock(&ifmgd->mtx); 2502 return err; 2503 } 2504 2505 int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata, 2506 struct cfg80211_deauth_request *req, 2507 void *cookie) 2508 { 2509 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2510 struct ieee80211_mgd_work *wk; 2511 const u8 *bssid = NULL; 2512 bool not_auth_yet = false; 2513 2514 mutex_lock(&ifmgd->mtx); 2515 2516 if (ifmgd->associated && &ifmgd->associated->cbss == req->bss) { 2517 bssid = req->bss->bssid; 2518 ieee80211_set_disassoc(sdata, true); 2519 } else list_for_each_entry(wk, &ifmgd->work_list, list) { 2520 if (&wk->bss->cbss == req->bss) { 2521 bssid = req->bss->bssid; 2522 if (wk->state == IEEE80211_MGD_STATE_PROBE) 2523 not_auth_yet = true; 2524 list_del(&wk->list); 2525 kfree(wk); 2526 break; 2527 } 2528 } 2529 2530 /* 2531 * If somebody requests authentication and we haven't 2532 * sent out an auth frame yet there's no need to send 2533 * out a deauth frame either. If the state was PROBE, 2534 * then this is the case. If it's AUTH we have sent a 2535 * frame, and if it's IDLE we have completed the auth 2536 * process already. 2537 */ 2538 if (not_auth_yet) { 2539 mutex_unlock(&ifmgd->mtx); 2540 __cfg80211_auth_canceled(sdata->dev, bssid); 2541 return 0; 2542 } 2543 2544 /* 2545 * cfg80211 should catch this ... but it's racy since 2546 * we can receive a deauth frame, process it, hand it 2547 * to cfg80211 while that's in a locked section already 2548 * trying to tell us that the user wants to disconnect. 2549 */ 2550 if (!bssid) { 2551 mutex_unlock(&ifmgd->mtx); 2552 return -ENOLINK; 2553 } 2554 2555 mutex_unlock(&ifmgd->mtx); 2556 2557 printk(KERN_DEBUG "%s: deauthenticating from %pM by local choice (reason=%d)\n", 2558 sdata->dev->name, bssid, req->reason_code); 2559 2560 ieee80211_send_deauth_disassoc(sdata, bssid, 2561 IEEE80211_STYPE_DEAUTH, req->reason_code, 2562 cookie); 2563 2564 ieee80211_recalc_idle(sdata->local); 2565 2566 return 0; 2567 } 2568 2569 int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata, 2570 struct cfg80211_disassoc_request *req, 2571 void *cookie) 2572 { 2573 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2574 2575 mutex_lock(&ifmgd->mtx); 2576 2577 /* 2578 * cfg80211 should catch this ... but it's racy since 2579 * we can receive a disassoc frame, process it, hand it 2580 * to cfg80211 while that's in a locked section already 2581 * trying to tell us that the user wants to disconnect. 2582 */ 2583 if (&ifmgd->associated->cbss != req->bss) { 2584 mutex_unlock(&ifmgd->mtx); 2585 return -ENOLINK; 2586 } 2587 2588 printk(KERN_DEBUG "%s: disassociating from %pM by local choice (reason=%d)\n", 2589 sdata->dev->name, req->bss->bssid, req->reason_code); 2590 2591 ieee80211_set_disassoc(sdata, false); 2592 2593 mutex_unlock(&ifmgd->mtx); 2594 2595 ieee80211_send_deauth_disassoc(sdata, req->bss->bssid, 2596 IEEE80211_STYPE_DISASSOC, req->reason_code, 2597 cookie); 2598 2599 ieee80211_recalc_idle(sdata->local); 2600 2601 return 0; 2602 } 2603