1 /* 2 * BSS client mode implementation 3 * Copyright 2003-2008, Jouni Malinen <j@w1.fi> 4 * Copyright 2004, Instant802 Networks, Inc. 5 * Copyright 2005, Devicescape Software, Inc. 6 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 7 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 8 * 9 * This program is free software; you can redistribute it and/or modify 10 * it under the terms of the GNU General Public License version 2 as 11 * published by the Free Software Foundation. 12 */ 13 14 #include <linux/delay.h> 15 #include <linux/if_ether.h> 16 #include <linux/skbuff.h> 17 #include <linux/if_arp.h> 18 #include <linux/etherdevice.h> 19 #include <linux/moduleparam.h> 20 #include <linux/rtnetlink.h> 21 #include <linux/pm_qos.h> 22 #include <linux/crc32.h> 23 #include <linux/slab.h> 24 #include <linux/export.h> 25 #include <net/mac80211.h> 26 #include <asm/unaligned.h> 27 28 #include "ieee80211_i.h" 29 #include "driver-ops.h" 30 #include "rate.h" 31 #include "led.h" 32 33 #define IEEE80211_AUTH_TIMEOUT (HZ / 5) 34 #define IEEE80211_AUTH_TIMEOUT_LONG (HZ / 2) 35 #define IEEE80211_AUTH_TIMEOUT_SHORT (HZ / 10) 36 #define IEEE80211_AUTH_MAX_TRIES 3 37 #define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5) 38 #define IEEE80211_ASSOC_TIMEOUT (HZ / 5) 39 #define IEEE80211_ASSOC_TIMEOUT_LONG (HZ / 2) 40 #define IEEE80211_ASSOC_TIMEOUT_SHORT (HZ / 10) 41 #define IEEE80211_ASSOC_MAX_TRIES 3 42 43 static int max_nullfunc_tries = 2; 44 module_param(max_nullfunc_tries, int, 0644); 45 MODULE_PARM_DESC(max_nullfunc_tries, 46 "Maximum nullfunc tx tries before disconnecting (reason 4)."); 47 48 static int max_probe_tries = 5; 49 module_param(max_probe_tries, int, 0644); 50 MODULE_PARM_DESC(max_probe_tries, 51 "Maximum probe tries before disconnecting (reason 4)."); 52 53 /* 54 * Beacon loss timeout is calculated as N frames times the 55 * advertised beacon interval. This may need to be somewhat 56 * higher than what hardware might detect to account for 57 * delays in the host processing frames. But since we also 58 * probe on beacon miss before declaring the connection lost 59 * default to what we want. 60 */ 61 static int beacon_loss_count = 7; 62 module_param(beacon_loss_count, int, 0644); 63 MODULE_PARM_DESC(beacon_loss_count, 64 "Number of beacon intervals before we decide beacon was lost."); 65 66 /* 67 * Time the connection can be idle before we probe 68 * it to see if we can still talk to the AP. 69 */ 70 #define IEEE80211_CONNECTION_IDLE_TIME (30 * HZ) 71 /* 72 * Time we wait for a probe response after sending 73 * a probe request because of beacon loss or for 74 * checking the connection still works. 75 */ 76 static int probe_wait_ms = 500; 77 module_param(probe_wait_ms, int, 0644); 78 MODULE_PARM_DESC(probe_wait_ms, 79 "Maximum time(ms) to wait for probe response" 80 " before disconnecting (reason 4)."); 81 82 /* 83 * Weight given to the latest Beacon frame when calculating average signal 84 * strength for Beacon frames received in the current BSS. This must be 85 * between 1 and 15. 86 */ 87 #define IEEE80211_SIGNAL_AVE_WEIGHT 3 88 89 /* 90 * How many Beacon frames need to have been used in average signal strength 91 * before starting to indicate signal change events. 92 */ 93 #define IEEE80211_SIGNAL_AVE_MIN_COUNT 4 94 95 /* 96 * We can have multiple work items (and connection probing) 97 * scheduling this timer, but we need to take care to only 98 * reschedule it when it should fire _earlier_ than it was 99 * asked for before, or if it's not pending right now. This 100 * function ensures that. Note that it then is required to 101 * run this function for all timeouts after the first one 102 * has happened -- the work that runs from this timer will 103 * do that. 104 */ 105 static void run_again(struct ieee80211_sub_if_data *sdata, 106 unsigned long timeout) 107 { 108 sdata_assert_lock(sdata); 109 110 if (!timer_pending(&sdata->u.mgd.timer) || 111 time_before(timeout, sdata->u.mgd.timer.expires)) 112 mod_timer(&sdata->u.mgd.timer, timeout); 113 } 114 115 void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata) 116 { 117 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER) 118 return; 119 120 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 121 return; 122 123 mod_timer(&sdata->u.mgd.bcn_mon_timer, 124 round_jiffies_up(jiffies + sdata->u.mgd.beacon_timeout)); 125 } 126 127 void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata) 128 { 129 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 130 131 if (unlikely(!sdata->u.mgd.associated)) 132 return; 133 134 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 135 return; 136 137 mod_timer(&sdata->u.mgd.conn_mon_timer, 138 round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME)); 139 140 ifmgd->probe_send_count = 0; 141 } 142 143 static int ecw2cw(int ecw) 144 { 145 return (1 << ecw) - 1; 146 } 147 148 static u32 149 ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata, 150 struct ieee80211_supported_band *sband, 151 struct ieee80211_channel *channel, 152 const struct ieee80211_ht_operation *ht_oper, 153 const struct ieee80211_vht_operation *vht_oper, 154 struct cfg80211_chan_def *chandef, bool tracking) 155 { 156 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 157 struct cfg80211_chan_def vht_chandef; 158 u32 ht_cfreq, ret; 159 160 chandef->chan = channel; 161 chandef->width = NL80211_CHAN_WIDTH_20_NOHT; 162 chandef->center_freq1 = channel->center_freq; 163 chandef->center_freq2 = 0; 164 165 if (!ht_oper || !sband->ht_cap.ht_supported) { 166 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 167 goto out; 168 } 169 170 chandef->width = NL80211_CHAN_WIDTH_20; 171 172 ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan, 173 channel->band); 174 /* check that channel matches the right operating channel */ 175 if (!tracking && channel->center_freq != ht_cfreq) { 176 /* 177 * It's possible that some APs are confused here; 178 * Netgear WNDR3700 sometimes reports 4 higher than 179 * the actual channel in association responses, but 180 * since we look at probe response/beacon data here 181 * it should be OK. 182 */ 183 sdata_info(sdata, 184 "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n", 185 channel->center_freq, ht_cfreq, 186 ht_oper->primary_chan, channel->band); 187 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 188 goto out; 189 } 190 191 /* check 40 MHz support, if we have it */ 192 if (sband->ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) { 193 switch (ht_oper->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 194 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 195 chandef->width = NL80211_CHAN_WIDTH_40; 196 chandef->center_freq1 += 10; 197 break; 198 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 199 chandef->width = NL80211_CHAN_WIDTH_40; 200 chandef->center_freq1 -= 10; 201 break; 202 } 203 } else { 204 /* 40 MHz (and 80 MHz) must be supported for VHT */ 205 ret = IEEE80211_STA_DISABLE_VHT; 206 /* also mark 40 MHz disabled */ 207 ret |= IEEE80211_STA_DISABLE_40MHZ; 208 goto out; 209 } 210 211 if (!vht_oper || !sband->vht_cap.vht_supported) { 212 ret = IEEE80211_STA_DISABLE_VHT; 213 goto out; 214 } 215 216 vht_chandef.chan = channel; 217 vht_chandef.center_freq1 = 218 ieee80211_channel_to_frequency(vht_oper->center_freq_seg1_idx, 219 channel->band); 220 vht_chandef.center_freq2 = 0; 221 222 switch (vht_oper->chan_width) { 223 case IEEE80211_VHT_CHANWIDTH_USE_HT: 224 vht_chandef.width = chandef->width; 225 break; 226 case IEEE80211_VHT_CHANWIDTH_80MHZ: 227 vht_chandef.width = NL80211_CHAN_WIDTH_80; 228 break; 229 case IEEE80211_VHT_CHANWIDTH_160MHZ: 230 vht_chandef.width = NL80211_CHAN_WIDTH_160; 231 break; 232 case IEEE80211_VHT_CHANWIDTH_80P80MHZ: 233 vht_chandef.width = NL80211_CHAN_WIDTH_80P80; 234 vht_chandef.center_freq2 = 235 ieee80211_channel_to_frequency( 236 vht_oper->center_freq_seg2_idx, 237 channel->band); 238 break; 239 default: 240 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 241 sdata_info(sdata, 242 "AP VHT operation IE has invalid channel width (%d), disable VHT\n", 243 vht_oper->chan_width); 244 ret = IEEE80211_STA_DISABLE_VHT; 245 goto out; 246 } 247 248 if (!cfg80211_chandef_valid(&vht_chandef)) { 249 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 250 sdata_info(sdata, 251 "AP VHT information is invalid, disable VHT\n"); 252 ret = IEEE80211_STA_DISABLE_VHT; 253 goto out; 254 } 255 256 if (cfg80211_chandef_identical(chandef, &vht_chandef)) { 257 ret = 0; 258 goto out; 259 } 260 261 if (!cfg80211_chandef_compatible(chandef, &vht_chandef)) { 262 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 263 sdata_info(sdata, 264 "AP VHT information doesn't match HT, disable VHT\n"); 265 ret = IEEE80211_STA_DISABLE_VHT; 266 goto out; 267 } 268 269 *chandef = vht_chandef; 270 271 ret = 0; 272 273 out: 274 /* don't print the message below for VHT mismatch if VHT is disabled */ 275 if (ret & IEEE80211_STA_DISABLE_VHT) 276 vht_chandef = *chandef; 277 278 /* 279 * Ignore the DISABLED flag when we're already connected and only 280 * tracking the APs beacon for bandwidth changes - otherwise we 281 * might get disconnected here if we connect to an AP, update our 282 * regulatory information based on the AP's country IE and the 283 * information we have is wrong/outdated and disables the channel 284 * that we're actually using for the connection to the AP. 285 */ 286 while (!cfg80211_chandef_usable(sdata->local->hw.wiphy, chandef, 287 tracking ? 0 : 288 IEEE80211_CHAN_DISABLED)) { 289 if (WARN_ON(chandef->width == NL80211_CHAN_WIDTH_20_NOHT)) { 290 ret = IEEE80211_STA_DISABLE_HT | 291 IEEE80211_STA_DISABLE_VHT; 292 break; 293 } 294 295 ret |= ieee80211_chandef_downgrade(chandef); 296 } 297 298 if (chandef->width != vht_chandef.width && !tracking) 299 sdata_info(sdata, 300 "capabilities/regulatory prevented using AP HT/VHT configuration, downgraded\n"); 301 302 WARN_ON_ONCE(!cfg80211_chandef_valid(chandef)); 303 return ret; 304 } 305 306 static int ieee80211_config_bw(struct ieee80211_sub_if_data *sdata, 307 struct sta_info *sta, 308 const struct ieee80211_ht_operation *ht_oper, 309 const struct ieee80211_vht_operation *vht_oper, 310 const u8 *bssid, u32 *changed) 311 { 312 struct ieee80211_local *local = sdata->local; 313 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 314 struct ieee80211_supported_band *sband; 315 struct ieee80211_channel *chan; 316 struct cfg80211_chan_def chandef; 317 u16 ht_opmode; 318 u32 flags; 319 enum ieee80211_sta_rx_bandwidth new_sta_bw; 320 int ret; 321 322 /* if HT was/is disabled, don't track any bandwidth changes */ 323 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT || !ht_oper) 324 return 0; 325 326 /* don't check VHT if we associated as non-VHT station */ 327 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT) 328 vht_oper = NULL; 329 330 if (WARN_ON_ONCE(!sta)) 331 return -EINVAL; 332 333 /* 334 * if bss configuration changed store the new one - 335 * this may be applicable even if channel is identical 336 */ 337 ht_opmode = le16_to_cpu(ht_oper->operation_mode); 338 if (sdata->vif.bss_conf.ht_operation_mode != ht_opmode) { 339 *changed |= BSS_CHANGED_HT; 340 sdata->vif.bss_conf.ht_operation_mode = ht_opmode; 341 } 342 343 chan = sdata->vif.bss_conf.chandef.chan; 344 sband = local->hw.wiphy->bands[chan->band]; 345 346 /* calculate new channel (type) based on HT/VHT operation IEs */ 347 flags = ieee80211_determine_chantype(sdata, sband, chan, ht_oper, 348 vht_oper, &chandef, true); 349 350 /* 351 * Downgrade the new channel if we associated with restricted 352 * capabilities. For example, if we associated as a 20 MHz STA 353 * to a 40 MHz AP (due to regulatory, capabilities or config 354 * reasons) then switching to a 40 MHz channel now won't do us 355 * any good -- we couldn't use it with the AP. 356 */ 357 if (ifmgd->flags & IEEE80211_STA_DISABLE_80P80MHZ && 358 chandef.width == NL80211_CHAN_WIDTH_80P80) 359 flags |= ieee80211_chandef_downgrade(&chandef); 360 if (ifmgd->flags & IEEE80211_STA_DISABLE_160MHZ && 361 chandef.width == NL80211_CHAN_WIDTH_160) 362 flags |= ieee80211_chandef_downgrade(&chandef); 363 if (ifmgd->flags & IEEE80211_STA_DISABLE_40MHZ && 364 chandef.width > NL80211_CHAN_WIDTH_20) 365 flags |= ieee80211_chandef_downgrade(&chandef); 366 367 if (cfg80211_chandef_identical(&chandef, &sdata->vif.bss_conf.chandef)) 368 return 0; 369 370 sdata_info(sdata, 371 "AP %pM changed bandwidth, new config is %d MHz, width %d (%d/%d MHz)\n", 372 ifmgd->bssid, chandef.chan->center_freq, chandef.width, 373 chandef.center_freq1, chandef.center_freq2); 374 375 if (flags != (ifmgd->flags & (IEEE80211_STA_DISABLE_HT | 376 IEEE80211_STA_DISABLE_VHT | 377 IEEE80211_STA_DISABLE_40MHZ | 378 IEEE80211_STA_DISABLE_80P80MHZ | 379 IEEE80211_STA_DISABLE_160MHZ)) || 380 !cfg80211_chandef_valid(&chandef)) { 381 sdata_info(sdata, 382 "AP %pM changed bandwidth in a way we can't support - disconnect\n", 383 ifmgd->bssid); 384 return -EINVAL; 385 } 386 387 switch (chandef.width) { 388 case NL80211_CHAN_WIDTH_20_NOHT: 389 case NL80211_CHAN_WIDTH_20: 390 new_sta_bw = IEEE80211_STA_RX_BW_20; 391 break; 392 case NL80211_CHAN_WIDTH_40: 393 new_sta_bw = IEEE80211_STA_RX_BW_40; 394 break; 395 case NL80211_CHAN_WIDTH_80: 396 new_sta_bw = IEEE80211_STA_RX_BW_80; 397 break; 398 case NL80211_CHAN_WIDTH_80P80: 399 case NL80211_CHAN_WIDTH_160: 400 new_sta_bw = IEEE80211_STA_RX_BW_160; 401 break; 402 default: 403 return -EINVAL; 404 } 405 406 if (new_sta_bw > sta->cur_max_bandwidth) 407 new_sta_bw = sta->cur_max_bandwidth; 408 409 if (new_sta_bw < sta->sta.bandwidth) { 410 sta->sta.bandwidth = new_sta_bw; 411 rate_control_rate_update(local, sband, sta, 412 IEEE80211_RC_BW_CHANGED); 413 } 414 415 ret = ieee80211_vif_change_bandwidth(sdata, &chandef, changed); 416 if (ret) { 417 sdata_info(sdata, 418 "AP %pM changed bandwidth to incompatible one - disconnect\n", 419 ifmgd->bssid); 420 return ret; 421 } 422 423 if (new_sta_bw > sta->sta.bandwidth) { 424 sta->sta.bandwidth = new_sta_bw; 425 rate_control_rate_update(local, sband, sta, 426 IEEE80211_RC_BW_CHANGED); 427 } 428 429 return 0; 430 } 431 432 /* frame sending functions */ 433 434 static void ieee80211_add_ht_ie(struct ieee80211_sub_if_data *sdata, 435 struct sk_buff *skb, u8 ap_ht_param, 436 struct ieee80211_supported_band *sband, 437 struct ieee80211_channel *channel, 438 enum ieee80211_smps_mode smps) 439 { 440 u8 *pos; 441 u32 flags = channel->flags; 442 u16 cap; 443 struct ieee80211_sta_ht_cap ht_cap; 444 445 BUILD_BUG_ON(sizeof(ht_cap) != sizeof(sband->ht_cap)); 446 447 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap)); 448 ieee80211_apply_htcap_overrides(sdata, &ht_cap); 449 450 /* determine capability flags */ 451 cap = ht_cap.cap; 452 453 switch (ap_ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 454 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 455 if (flags & IEEE80211_CHAN_NO_HT40PLUS) { 456 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 457 cap &= ~IEEE80211_HT_CAP_SGI_40; 458 } 459 break; 460 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 461 if (flags & IEEE80211_CHAN_NO_HT40MINUS) { 462 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 463 cap &= ~IEEE80211_HT_CAP_SGI_40; 464 } 465 break; 466 } 467 468 /* 469 * If 40 MHz was disabled associate as though we weren't 470 * capable of 40 MHz -- some broken APs will never fall 471 * back to trying to transmit in 20 MHz. 472 */ 473 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_40MHZ) { 474 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 475 cap &= ~IEEE80211_HT_CAP_SGI_40; 476 } 477 478 /* set SM PS mode properly */ 479 cap &= ~IEEE80211_HT_CAP_SM_PS; 480 switch (smps) { 481 case IEEE80211_SMPS_AUTOMATIC: 482 case IEEE80211_SMPS_NUM_MODES: 483 WARN_ON(1); 484 case IEEE80211_SMPS_OFF: 485 cap |= WLAN_HT_CAP_SM_PS_DISABLED << 486 IEEE80211_HT_CAP_SM_PS_SHIFT; 487 break; 488 case IEEE80211_SMPS_STATIC: 489 cap |= WLAN_HT_CAP_SM_PS_STATIC << 490 IEEE80211_HT_CAP_SM_PS_SHIFT; 491 break; 492 case IEEE80211_SMPS_DYNAMIC: 493 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC << 494 IEEE80211_HT_CAP_SM_PS_SHIFT; 495 break; 496 } 497 498 /* reserve and fill IE */ 499 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2); 500 ieee80211_ie_build_ht_cap(pos, &ht_cap, cap); 501 } 502 503 static void ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata, 504 struct sk_buff *skb, 505 struct ieee80211_supported_band *sband, 506 struct ieee80211_vht_cap *ap_vht_cap) 507 { 508 u8 *pos; 509 u32 cap; 510 struct ieee80211_sta_vht_cap vht_cap; 511 512 BUILD_BUG_ON(sizeof(vht_cap) != sizeof(sband->vht_cap)); 513 514 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap)); 515 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap); 516 517 /* determine capability flags */ 518 cap = vht_cap.cap; 519 520 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_80P80MHZ) { 521 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ; 522 cap |= IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ; 523 } 524 525 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_160MHZ) { 526 cap &= ~IEEE80211_VHT_CAP_SHORT_GI_160; 527 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ; 528 } 529 530 /* 531 * Some APs apparently get confused if our capabilities are better 532 * than theirs, so restrict what we advertise in the assoc request. 533 */ 534 if (!(ap_vht_cap->vht_cap_info & 535 cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE))) 536 cap &= ~IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE; 537 538 /* reserve and fill IE */ 539 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2); 540 ieee80211_ie_build_vht_cap(pos, &vht_cap, cap); 541 } 542 543 static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata) 544 { 545 struct ieee80211_local *local = sdata->local; 546 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 547 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 548 struct sk_buff *skb; 549 struct ieee80211_mgmt *mgmt; 550 u8 *pos, qos_info; 551 size_t offset = 0, noffset; 552 int i, count, rates_len, supp_rates_len, shift; 553 u16 capab; 554 struct ieee80211_supported_band *sband; 555 struct ieee80211_chanctx_conf *chanctx_conf; 556 struct ieee80211_channel *chan; 557 u32 rate_flags, rates = 0; 558 559 sdata_assert_lock(sdata); 560 561 rcu_read_lock(); 562 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 563 if (WARN_ON(!chanctx_conf)) { 564 rcu_read_unlock(); 565 return; 566 } 567 chan = chanctx_conf->def.chan; 568 rate_flags = ieee80211_chandef_rate_flags(&chanctx_conf->def); 569 rcu_read_unlock(); 570 sband = local->hw.wiphy->bands[chan->band]; 571 shift = ieee80211_vif_get_shift(&sdata->vif); 572 573 if (assoc_data->supp_rates_len) { 574 /* 575 * Get all rates supported by the device and the AP as 576 * some APs don't like getting a superset of their rates 577 * in the association request (e.g. D-Link DAP 1353 in 578 * b-only mode)... 579 */ 580 rates_len = ieee80211_parse_bitrates(&chanctx_conf->def, sband, 581 assoc_data->supp_rates, 582 assoc_data->supp_rates_len, 583 &rates); 584 } else { 585 /* 586 * In case AP not provide any supported rates information 587 * before association, we send information element(s) with 588 * all rates that we support. 589 */ 590 rates_len = 0; 591 for (i = 0; i < sband->n_bitrates; i++) { 592 if ((rate_flags & sband->bitrates[i].flags) 593 != rate_flags) 594 continue; 595 rates |= BIT(i); 596 rates_len++; 597 } 598 } 599 600 skb = alloc_skb(local->hw.extra_tx_headroom + 601 sizeof(*mgmt) + /* bit too much but doesn't matter */ 602 2 + assoc_data->ssid_len + /* SSID */ 603 4 + rates_len + /* (extended) rates */ 604 4 + /* power capability */ 605 2 + 2 * sband->n_channels + /* supported channels */ 606 2 + sizeof(struct ieee80211_ht_cap) + /* HT */ 607 2 + sizeof(struct ieee80211_vht_cap) + /* VHT */ 608 assoc_data->ie_len + /* extra IEs */ 609 9, /* WMM */ 610 GFP_KERNEL); 611 if (!skb) 612 return; 613 614 skb_reserve(skb, local->hw.extra_tx_headroom); 615 616 capab = WLAN_CAPABILITY_ESS; 617 618 if (sband->band == IEEE80211_BAND_2GHZ) { 619 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE)) 620 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME; 621 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE)) 622 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE; 623 } 624 625 if (assoc_data->capability & WLAN_CAPABILITY_PRIVACY) 626 capab |= WLAN_CAPABILITY_PRIVACY; 627 628 if ((assoc_data->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) && 629 (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT)) 630 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT; 631 632 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24); 633 memset(mgmt, 0, 24); 634 memcpy(mgmt->da, assoc_data->bss->bssid, ETH_ALEN); 635 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 636 memcpy(mgmt->bssid, assoc_data->bss->bssid, ETH_ALEN); 637 638 if (!is_zero_ether_addr(assoc_data->prev_bssid)) { 639 skb_put(skb, 10); 640 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 641 IEEE80211_STYPE_REASSOC_REQ); 642 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab); 643 mgmt->u.reassoc_req.listen_interval = 644 cpu_to_le16(local->hw.conf.listen_interval); 645 memcpy(mgmt->u.reassoc_req.current_ap, assoc_data->prev_bssid, 646 ETH_ALEN); 647 } else { 648 skb_put(skb, 4); 649 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 650 IEEE80211_STYPE_ASSOC_REQ); 651 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab); 652 mgmt->u.assoc_req.listen_interval = 653 cpu_to_le16(local->hw.conf.listen_interval); 654 } 655 656 /* SSID */ 657 pos = skb_put(skb, 2 + assoc_data->ssid_len); 658 *pos++ = WLAN_EID_SSID; 659 *pos++ = assoc_data->ssid_len; 660 memcpy(pos, assoc_data->ssid, assoc_data->ssid_len); 661 662 /* add all rates which were marked to be used above */ 663 supp_rates_len = rates_len; 664 if (supp_rates_len > 8) 665 supp_rates_len = 8; 666 667 pos = skb_put(skb, supp_rates_len + 2); 668 *pos++ = WLAN_EID_SUPP_RATES; 669 *pos++ = supp_rates_len; 670 671 count = 0; 672 for (i = 0; i < sband->n_bitrates; i++) { 673 if (BIT(i) & rates) { 674 int rate = DIV_ROUND_UP(sband->bitrates[i].bitrate, 675 5 * (1 << shift)); 676 *pos++ = (u8) rate; 677 if (++count == 8) 678 break; 679 } 680 } 681 682 if (rates_len > count) { 683 pos = skb_put(skb, rates_len - count + 2); 684 *pos++ = WLAN_EID_EXT_SUPP_RATES; 685 *pos++ = rates_len - count; 686 687 for (i++; i < sband->n_bitrates; i++) { 688 if (BIT(i) & rates) { 689 int rate; 690 rate = DIV_ROUND_UP(sband->bitrates[i].bitrate, 691 5 * (1 << shift)); 692 *pos++ = (u8) rate; 693 } 694 } 695 } 696 697 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) { 698 /* 1. power capabilities */ 699 pos = skb_put(skb, 4); 700 *pos++ = WLAN_EID_PWR_CAPABILITY; 701 *pos++ = 2; 702 *pos++ = 0; /* min tx power */ 703 /* max tx power */ 704 *pos++ = ieee80211_chandef_max_power(&chanctx_conf->def); 705 706 /* 2. supported channels */ 707 /* TODO: get this in reg domain format */ 708 pos = skb_put(skb, 2 * sband->n_channels + 2); 709 *pos++ = WLAN_EID_SUPPORTED_CHANNELS; 710 *pos++ = 2 * sband->n_channels; 711 for (i = 0; i < sband->n_channels; i++) { 712 *pos++ = ieee80211_frequency_to_channel( 713 sband->channels[i].center_freq); 714 *pos++ = 1; /* one channel in the subband*/ 715 } 716 } 717 718 /* if present, add any custom IEs that go before HT */ 719 if (assoc_data->ie_len) { 720 static const u8 before_ht[] = { 721 WLAN_EID_SSID, 722 WLAN_EID_SUPP_RATES, 723 WLAN_EID_EXT_SUPP_RATES, 724 WLAN_EID_PWR_CAPABILITY, 725 WLAN_EID_SUPPORTED_CHANNELS, 726 WLAN_EID_RSN, 727 WLAN_EID_QOS_CAPA, 728 WLAN_EID_RRM_ENABLED_CAPABILITIES, 729 WLAN_EID_MOBILITY_DOMAIN, 730 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 731 }; 732 noffset = ieee80211_ie_split(assoc_data->ie, assoc_data->ie_len, 733 before_ht, ARRAY_SIZE(before_ht), 734 offset); 735 pos = skb_put(skb, noffset - offset); 736 memcpy(pos, assoc_data->ie + offset, noffset - offset); 737 offset = noffset; 738 } 739 740 if (WARN_ON_ONCE((ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 741 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))) 742 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 743 744 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) 745 ieee80211_add_ht_ie(sdata, skb, assoc_data->ap_ht_param, 746 sband, chan, sdata->smps_mode); 747 748 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 749 ieee80211_add_vht_ie(sdata, skb, sband, 750 &assoc_data->ap_vht_cap); 751 752 /* if present, add any custom non-vendor IEs that go after HT */ 753 if (assoc_data->ie_len) { 754 noffset = ieee80211_ie_split_vendor(assoc_data->ie, 755 assoc_data->ie_len, 756 offset); 757 pos = skb_put(skb, noffset - offset); 758 memcpy(pos, assoc_data->ie + offset, noffset - offset); 759 offset = noffset; 760 } 761 762 if (assoc_data->wmm) { 763 if (assoc_data->uapsd) { 764 qos_info = ifmgd->uapsd_queues; 765 qos_info |= (ifmgd->uapsd_max_sp_len << 766 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT); 767 } else { 768 qos_info = 0; 769 } 770 771 pos = skb_put(skb, 9); 772 *pos++ = WLAN_EID_VENDOR_SPECIFIC; 773 *pos++ = 7; /* len */ 774 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */ 775 *pos++ = 0x50; 776 *pos++ = 0xf2; 777 *pos++ = 2; /* WME */ 778 *pos++ = 0; /* WME info */ 779 *pos++ = 1; /* WME ver */ 780 *pos++ = qos_info; 781 } 782 783 /* add any remaining custom (i.e. vendor specific here) IEs */ 784 if (assoc_data->ie_len) { 785 noffset = assoc_data->ie_len; 786 pos = skb_put(skb, noffset - offset); 787 memcpy(pos, assoc_data->ie + offset, noffset - offset); 788 } 789 790 drv_mgd_prepare_tx(local, sdata); 791 792 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 793 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 794 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS | 795 IEEE80211_TX_INTFL_MLME_CONN_TX; 796 ieee80211_tx_skb(sdata, skb); 797 } 798 799 void ieee80211_send_pspoll(struct ieee80211_local *local, 800 struct ieee80211_sub_if_data *sdata) 801 { 802 struct ieee80211_pspoll *pspoll; 803 struct sk_buff *skb; 804 805 skb = ieee80211_pspoll_get(&local->hw, &sdata->vif); 806 if (!skb) 807 return; 808 809 pspoll = (struct ieee80211_pspoll *) skb->data; 810 pspoll->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM); 811 812 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 813 ieee80211_tx_skb(sdata, skb); 814 } 815 816 void ieee80211_send_nullfunc(struct ieee80211_local *local, 817 struct ieee80211_sub_if_data *sdata, 818 int powersave) 819 { 820 struct sk_buff *skb; 821 struct ieee80211_hdr_3addr *nullfunc; 822 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 823 824 skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif); 825 if (!skb) 826 return; 827 828 nullfunc = (struct ieee80211_hdr_3addr *) skb->data; 829 if (powersave) 830 nullfunc->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM); 831 832 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT | 833 IEEE80211_TX_INTFL_OFFCHAN_TX_OK; 834 835 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 836 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS; 837 838 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) 839 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE; 840 841 ieee80211_tx_skb(sdata, skb); 842 } 843 844 static void ieee80211_send_4addr_nullfunc(struct ieee80211_local *local, 845 struct ieee80211_sub_if_data *sdata) 846 { 847 struct sk_buff *skb; 848 struct ieee80211_hdr *nullfunc; 849 __le16 fc; 850 851 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 852 return; 853 854 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30); 855 if (!skb) 856 return; 857 858 skb_reserve(skb, local->hw.extra_tx_headroom); 859 860 nullfunc = (struct ieee80211_hdr *) skb_put(skb, 30); 861 memset(nullfunc, 0, 30); 862 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC | 863 IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS); 864 nullfunc->frame_control = fc; 865 memcpy(nullfunc->addr1, sdata->u.mgd.bssid, ETH_ALEN); 866 memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN); 867 memcpy(nullfunc->addr3, sdata->u.mgd.bssid, ETH_ALEN); 868 memcpy(nullfunc->addr4, sdata->vif.addr, ETH_ALEN); 869 870 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 871 ieee80211_tx_skb(sdata, skb); 872 } 873 874 /* spectrum management related things */ 875 static void ieee80211_chswitch_work(struct work_struct *work) 876 { 877 struct ieee80211_sub_if_data *sdata = 878 container_of(work, struct ieee80211_sub_if_data, u.mgd.chswitch_work); 879 struct ieee80211_local *local = sdata->local; 880 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 881 u32 changed = 0; 882 int ret; 883 884 if (!ieee80211_sdata_running(sdata)) 885 return; 886 887 sdata_lock(sdata); 888 if (!ifmgd->associated) 889 goto out; 890 891 ret = ieee80211_vif_change_channel(sdata, &changed); 892 if (ret) { 893 sdata_info(sdata, 894 "vif channel switch failed, disconnecting\n"); 895 ieee80211_queue_work(&sdata->local->hw, 896 &ifmgd->csa_connection_drop_work); 897 goto out; 898 } 899 900 if (!local->use_chanctx) { 901 local->_oper_chandef = sdata->csa_chandef; 902 /* Call "hw_config" only if doing sw channel switch. 903 * Otherwise update the channel directly 904 */ 905 if (!local->ops->channel_switch) 906 ieee80211_hw_config(local, 0); 907 else 908 local->hw.conf.chandef = local->_oper_chandef; 909 } 910 911 /* XXX: shouldn't really modify cfg80211-owned data! */ 912 ifmgd->associated->channel = sdata->csa_chandef.chan; 913 914 /* XXX: wait for a beacon first? */ 915 ieee80211_wake_queues_by_reason(&local->hw, 916 IEEE80211_MAX_QUEUE_MAP, 917 IEEE80211_QUEUE_STOP_REASON_CSA); 918 919 ieee80211_bss_info_change_notify(sdata, changed); 920 921 out: 922 sdata->vif.csa_active = false; 923 ifmgd->flags &= ~IEEE80211_STA_CSA_RECEIVED; 924 sdata_unlock(sdata); 925 } 926 927 void ieee80211_chswitch_done(struct ieee80211_vif *vif, bool success) 928 { 929 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 930 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 931 932 trace_api_chswitch_done(sdata, success); 933 if (!success) { 934 sdata_info(sdata, 935 "driver channel switch failed, disconnecting\n"); 936 ieee80211_queue_work(&sdata->local->hw, 937 &ifmgd->csa_connection_drop_work); 938 } else { 939 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work); 940 } 941 } 942 EXPORT_SYMBOL(ieee80211_chswitch_done); 943 944 static void ieee80211_chswitch_timer(unsigned long data) 945 { 946 struct ieee80211_sub_if_data *sdata = 947 (struct ieee80211_sub_if_data *) data; 948 949 ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.chswitch_work); 950 } 951 952 static void 953 ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata, 954 u64 timestamp, struct ieee802_11_elems *elems, 955 bool beacon) 956 { 957 struct ieee80211_local *local = sdata->local; 958 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 959 struct cfg80211_bss *cbss = ifmgd->associated; 960 struct ieee80211_chanctx *chanctx; 961 enum ieee80211_band current_band; 962 struct ieee80211_csa_ie csa_ie; 963 int res; 964 965 sdata_assert_lock(sdata); 966 967 if (!cbss) 968 return; 969 970 if (local->scanning) 971 return; 972 973 /* disregard subsequent announcements if we are already processing */ 974 if (ifmgd->flags & IEEE80211_STA_CSA_RECEIVED) 975 return; 976 977 current_band = cbss->channel->band; 978 memset(&csa_ie, 0, sizeof(csa_ie)); 979 res = ieee80211_parse_ch_switch_ie(sdata, elems, beacon, current_band, 980 ifmgd->flags, 981 ifmgd->associated->bssid, &csa_ie); 982 if (res < 0) 983 ieee80211_queue_work(&local->hw, 984 &ifmgd->csa_connection_drop_work); 985 if (res) 986 return; 987 988 if (!cfg80211_chandef_usable(local->hw.wiphy, &csa_ie.chandef, 989 IEEE80211_CHAN_DISABLED)) { 990 sdata_info(sdata, 991 "AP %pM switches to unsupported channel (%d MHz, width:%d, CF1/2: %d/%d MHz), disconnecting\n", 992 ifmgd->associated->bssid, 993 csa_ie.chandef.chan->center_freq, 994 csa_ie.chandef.width, csa_ie.chandef.center_freq1, 995 csa_ie.chandef.center_freq2); 996 ieee80211_queue_work(&local->hw, 997 &ifmgd->csa_connection_drop_work); 998 return; 999 } 1000 1001 ifmgd->flags |= IEEE80211_STA_CSA_RECEIVED; 1002 sdata->vif.csa_active = true; 1003 1004 mutex_lock(&local->chanctx_mtx); 1005 if (local->use_chanctx) { 1006 u32 num_chanctx = 0; 1007 list_for_each_entry(chanctx, &local->chanctx_list, list) 1008 num_chanctx++; 1009 1010 if (num_chanctx > 1 || 1011 !(local->hw.flags & IEEE80211_HW_CHANCTX_STA_CSA)) { 1012 sdata_info(sdata, 1013 "not handling chan-switch with channel contexts\n"); 1014 ieee80211_queue_work(&local->hw, 1015 &ifmgd->csa_connection_drop_work); 1016 mutex_unlock(&local->chanctx_mtx); 1017 return; 1018 } 1019 } 1020 1021 if (WARN_ON(!rcu_access_pointer(sdata->vif.chanctx_conf))) { 1022 ieee80211_queue_work(&local->hw, 1023 &ifmgd->csa_connection_drop_work); 1024 mutex_unlock(&local->chanctx_mtx); 1025 return; 1026 } 1027 chanctx = container_of(rcu_access_pointer(sdata->vif.chanctx_conf), 1028 struct ieee80211_chanctx, conf); 1029 if (chanctx->refcount > 1) { 1030 sdata_info(sdata, 1031 "channel switch with multiple interfaces on the same channel, disconnecting\n"); 1032 ieee80211_queue_work(&local->hw, 1033 &ifmgd->csa_connection_drop_work); 1034 mutex_unlock(&local->chanctx_mtx); 1035 return; 1036 } 1037 mutex_unlock(&local->chanctx_mtx); 1038 1039 sdata->csa_chandef = csa_ie.chandef; 1040 1041 if (csa_ie.mode) 1042 ieee80211_stop_queues_by_reason(&local->hw, 1043 IEEE80211_MAX_QUEUE_MAP, 1044 IEEE80211_QUEUE_STOP_REASON_CSA); 1045 1046 if (local->ops->channel_switch) { 1047 /* use driver's channel switch callback */ 1048 struct ieee80211_channel_switch ch_switch = { 1049 .timestamp = timestamp, 1050 .block_tx = csa_ie.mode, 1051 .chandef = csa_ie.chandef, 1052 .count = csa_ie.count, 1053 }; 1054 1055 drv_channel_switch(local, &ch_switch); 1056 return; 1057 } 1058 1059 /* channel switch handled in software */ 1060 if (csa_ie.count <= 1) 1061 ieee80211_queue_work(&local->hw, &ifmgd->chswitch_work); 1062 else 1063 mod_timer(&ifmgd->chswitch_timer, 1064 TU_TO_EXP_TIME(csa_ie.count * cbss->beacon_interval)); 1065 } 1066 1067 static u32 ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata, 1068 struct ieee80211_channel *channel, 1069 const u8 *country_ie, u8 country_ie_len, 1070 const u8 *pwr_constr_elem) 1071 { 1072 struct ieee80211_country_ie_triplet *triplet; 1073 int chan = ieee80211_frequency_to_channel(channel->center_freq); 1074 int i, chan_pwr, chan_increment, new_ap_level; 1075 bool have_chan_pwr = false; 1076 1077 /* Invalid IE */ 1078 if (country_ie_len % 2 || country_ie_len < IEEE80211_COUNTRY_IE_MIN_LEN) 1079 return 0; 1080 1081 triplet = (void *)(country_ie + 3); 1082 country_ie_len -= 3; 1083 1084 switch (channel->band) { 1085 default: 1086 WARN_ON_ONCE(1); 1087 /* fall through */ 1088 case IEEE80211_BAND_2GHZ: 1089 case IEEE80211_BAND_60GHZ: 1090 chan_increment = 1; 1091 break; 1092 case IEEE80211_BAND_5GHZ: 1093 chan_increment = 4; 1094 break; 1095 } 1096 1097 /* find channel */ 1098 while (country_ie_len >= 3) { 1099 u8 first_channel = triplet->chans.first_channel; 1100 1101 if (first_channel >= IEEE80211_COUNTRY_EXTENSION_ID) 1102 goto next; 1103 1104 for (i = 0; i < triplet->chans.num_channels; i++) { 1105 if (first_channel + i * chan_increment == chan) { 1106 have_chan_pwr = true; 1107 chan_pwr = triplet->chans.max_power; 1108 break; 1109 } 1110 } 1111 if (have_chan_pwr) 1112 break; 1113 1114 next: 1115 triplet++; 1116 country_ie_len -= 3; 1117 } 1118 1119 if (!have_chan_pwr) 1120 return 0; 1121 1122 new_ap_level = max_t(int, 0, chan_pwr - *pwr_constr_elem); 1123 1124 if (sdata->ap_power_level == new_ap_level) 1125 return 0; 1126 1127 sdata_info(sdata, 1128 "Limiting TX power to %d (%d - %d) dBm as advertised by %pM\n", 1129 new_ap_level, chan_pwr, *pwr_constr_elem, 1130 sdata->u.mgd.bssid); 1131 sdata->ap_power_level = new_ap_level; 1132 if (__ieee80211_recalc_txpower(sdata)) 1133 return BSS_CHANGED_TXPOWER; 1134 return 0; 1135 } 1136 1137 /* powersave */ 1138 static void ieee80211_enable_ps(struct ieee80211_local *local, 1139 struct ieee80211_sub_if_data *sdata) 1140 { 1141 struct ieee80211_conf *conf = &local->hw.conf; 1142 1143 /* 1144 * If we are scanning right now then the parameters will 1145 * take effect when scan finishes. 1146 */ 1147 if (local->scanning) 1148 return; 1149 1150 if (conf->dynamic_ps_timeout > 0 && 1151 !(local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)) { 1152 mod_timer(&local->dynamic_ps_timer, jiffies + 1153 msecs_to_jiffies(conf->dynamic_ps_timeout)); 1154 } else { 1155 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) 1156 ieee80211_send_nullfunc(local, sdata, 1); 1157 1158 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) && 1159 (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) 1160 return; 1161 1162 conf->flags |= IEEE80211_CONF_PS; 1163 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1164 } 1165 } 1166 1167 static void ieee80211_change_ps(struct ieee80211_local *local) 1168 { 1169 struct ieee80211_conf *conf = &local->hw.conf; 1170 1171 if (local->ps_sdata) { 1172 ieee80211_enable_ps(local, local->ps_sdata); 1173 } else if (conf->flags & IEEE80211_CONF_PS) { 1174 conf->flags &= ~IEEE80211_CONF_PS; 1175 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1176 del_timer_sync(&local->dynamic_ps_timer); 1177 cancel_work_sync(&local->dynamic_ps_enable_work); 1178 } 1179 } 1180 1181 static bool ieee80211_powersave_allowed(struct ieee80211_sub_if_data *sdata) 1182 { 1183 struct ieee80211_if_managed *mgd = &sdata->u.mgd; 1184 struct sta_info *sta = NULL; 1185 bool authorized = false; 1186 1187 if (!mgd->powersave) 1188 return false; 1189 1190 if (mgd->broken_ap) 1191 return false; 1192 1193 if (!mgd->associated) 1194 return false; 1195 1196 if (mgd->flags & IEEE80211_STA_CONNECTION_POLL) 1197 return false; 1198 1199 if (!mgd->have_beacon) 1200 return false; 1201 1202 rcu_read_lock(); 1203 sta = sta_info_get(sdata, mgd->bssid); 1204 if (sta) 1205 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED); 1206 rcu_read_unlock(); 1207 1208 return authorized; 1209 } 1210 1211 /* need to hold RTNL or interface lock */ 1212 void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency) 1213 { 1214 struct ieee80211_sub_if_data *sdata, *found = NULL; 1215 int count = 0; 1216 int timeout; 1217 1218 if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_PS)) { 1219 local->ps_sdata = NULL; 1220 return; 1221 } 1222 1223 list_for_each_entry(sdata, &local->interfaces, list) { 1224 if (!ieee80211_sdata_running(sdata)) 1225 continue; 1226 if (sdata->vif.type == NL80211_IFTYPE_AP) { 1227 /* If an AP vif is found, then disable PS 1228 * by setting the count to zero thereby setting 1229 * ps_sdata to NULL. 1230 */ 1231 count = 0; 1232 break; 1233 } 1234 if (sdata->vif.type != NL80211_IFTYPE_STATION) 1235 continue; 1236 found = sdata; 1237 count++; 1238 } 1239 1240 if (count == 1 && ieee80211_powersave_allowed(found)) { 1241 s32 beaconint_us; 1242 1243 if (latency < 0) 1244 latency = pm_qos_request(PM_QOS_NETWORK_LATENCY); 1245 1246 beaconint_us = ieee80211_tu_to_usec( 1247 found->vif.bss_conf.beacon_int); 1248 1249 timeout = local->dynamic_ps_forced_timeout; 1250 if (timeout < 0) { 1251 /* 1252 * Go to full PSM if the user configures a very low 1253 * latency requirement. 1254 * The 2000 second value is there for compatibility 1255 * until the PM_QOS_NETWORK_LATENCY is configured 1256 * with real values. 1257 */ 1258 if (latency > (1900 * USEC_PER_MSEC) && 1259 latency != (2000 * USEC_PER_SEC)) 1260 timeout = 0; 1261 else 1262 timeout = 100; 1263 } 1264 local->hw.conf.dynamic_ps_timeout = timeout; 1265 1266 if (beaconint_us > latency) { 1267 local->ps_sdata = NULL; 1268 } else { 1269 int maxslp = 1; 1270 u8 dtimper = found->u.mgd.dtim_period; 1271 1272 /* If the TIM IE is invalid, pretend the value is 1 */ 1273 if (!dtimper) 1274 dtimper = 1; 1275 else if (dtimper > 1) 1276 maxslp = min_t(int, dtimper, 1277 latency / beaconint_us); 1278 1279 local->hw.conf.max_sleep_period = maxslp; 1280 local->hw.conf.ps_dtim_period = dtimper; 1281 local->ps_sdata = found; 1282 } 1283 } else { 1284 local->ps_sdata = NULL; 1285 } 1286 1287 ieee80211_change_ps(local); 1288 } 1289 1290 void ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data *sdata) 1291 { 1292 bool ps_allowed = ieee80211_powersave_allowed(sdata); 1293 1294 if (sdata->vif.bss_conf.ps != ps_allowed) { 1295 sdata->vif.bss_conf.ps = ps_allowed; 1296 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_PS); 1297 } 1298 } 1299 1300 void ieee80211_dynamic_ps_disable_work(struct work_struct *work) 1301 { 1302 struct ieee80211_local *local = 1303 container_of(work, struct ieee80211_local, 1304 dynamic_ps_disable_work); 1305 1306 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 1307 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 1308 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1309 } 1310 1311 ieee80211_wake_queues_by_reason(&local->hw, 1312 IEEE80211_MAX_QUEUE_MAP, 1313 IEEE80211_QUEUE_STOP_REASON_PS); 1314 } 1315 1316 void ieee80211_dynamic_ps_enable_work(struct work_struct *work) 1317 { 1318 struct ieee80211_local *local = 1319 container_of(work, struct ieee80211_local, 1320 dynamic_ps_enable_work); 1321 struct ieee80211_sub_if_data *sdata = local->ps_sdata; 1322 struct ieee80211_if_managed *ifmgd; 1323 unsigned long flags; 1324 int q; 1325 1326 /* can only happen when PS was just disabled anyway */ 1327 if (!sdata) 1328 return; 1329 1330 ifmgd = &sdata->u.mgd; 1331 1332 if (local->hw.conf.flags & IEEE80211_CONF_PS) 1333 return; 1334 1335 if (local->hw.conf.dynamic_ps_timeout > 0) { 1336 /* don't enter PS if TX frames are pending */ 1337 if (drv_tx_frames_pending(local)) { 1338 mod_timer(&local->dynamic_ps_timer, jiffies + 1339 msecs_to_jiffies( 1340 local->hw.conf.dynamic_ps_timeout)); 1341 return; 1342 } 1343 1344 /* 1345 * transmission can be stopped by others which leads to 1346 * dynamic_ps_timer expiry. Postpone the ps timer if it 1347 * is not the actual idle state. 1348 */ 1349 spin_lock_irqsave(&local->queue_stop_reason_lock, flags); 1350 for (q = 0; q < local->hw.queues; q++) { 1351 if (local->queue_stop_reasons[q]) { 1352 spin_unlock_irqrestore(&local->queue_stop_reason_lock, 1353 flags); 1354 mod_timer(&local->dynamic_ps_timer, jiffies + 1355 msecs_to_jiffies( 1356 local->hw.conf.dynamic_ps_timeout)); 1357 return; 1358 } 1359 } 1360 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); 1361 } 1362 1363 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) && 1364 !(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) { 1365 if (drv_tx_frames_pending(local)) { 1366 mod_timer(&local->dynamic_ps_timer, jiffies + 1367 msecs_to_jiffies( 1368 local->hw.conf.dynamic_ps_timeout)); 1369 } else { 1370 ieee80211_send_nullfunc(local, sdata, 1); 1371 /* Flush to get the tx status of nullfunc frame */ 1372 ieee80211_flush_queues(local, sdata); 1373 } 1374 } 1375 1376 if (!((local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) && 1377 (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)) || 1378 (ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) { 1379 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED; 1380 local->hw.conf.flags |= IEEE80211_CONF_PS; 1381 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1382 } 1383 } 1384 1385 void ieee80211_dynamic_ps_timer(unsigned long data) 1386 { 1387 struct ieee80211_local *local = (void *) data; 1388 1389 if (local->quiescing || local->suspended) 1390 return; 1391 1392 ieee80211_queue_work(&local->hw, &local->dynamic_ps_enable_work); 1393 } 1394 1395 void ieee80211_dfs_cac_timer_work(struct work_struct *work) 1396 { 1397 struct delayed_work *delayed_work = 1398 container_of(work, struct delayed_work, work); 1399 struct ieee80211_sub_if_data *sdata = 1400 container_of(delayed_work, struct ieee80211_sub_if_data, 1401 dfs_cac_timer_work); 1402 struct cfg80211_chan_def chandef = sdata->vif.bss_conf.chandef; 1403 1404 ieee80211_vif_release_channel(sdata); 1405 cfg80211_cac_event(sdata->dev, &chandef, 1406 NL80211_RADAR_CAC_FINISHED, 1407 GFP_KERNEL); 1408 } 1409 1410 /* MLME */ 1411 static bool ieee80211_sta_wmm_params(struct ieee80211_local *local, 1412 struct ieee80211_sub_if_data *sdata, 1413 const u8 *wmm_param, size_t wmm_param_len) 1414 { 1415 struct ieee80211_tx_queue_params params; 1416 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1417 size_t left; 1418 int count; 1419 const u8 *pos; 1420 u8 uapsd_queues = 0; 1421 1422 if (!local->ops->conf_tx) 1423 return false; 1424 1425 if (local->hw.queues < IEEE80211_NUM_ACS) 1426 return false; 1427 1428 if (!wmm_param) 1429 return false; 1430 1431 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1) 1432 return false; 1433 1434 if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED) 1435 uapsd_queues = ifmgd->uapsd_queues; 1436 1437 count = wmm_param[6] & 0x0f; 1438 if (count == ifmgd->wmm_last_param_set) 1439 return false; 1440 ifmgd->wmm_last_param_set = count; 1441 1442 pos = wmm_param + 8; 1443 left = wmm_param_len - 8; 1444 1445 memset(¶ms, 0, sizeof(params)); 1446 1447 sdata->wmm_acm = 0; 1448 for (; left >= 4; left -= 4, pos += 4) { 1449 int aci = (pos[0] >> 5) & 0x03; 1450 int acm = (pos[0] >> 4) & 0x01; 1451 bool uapsd = false; 1452 int queue; 1453 1454 switch (aci) { 1455 case 1: /* AC_BK */ 1456 queue = 3; 1457 if (acm) 1458 sdata->wmm_acm |= BIT(1) | BIT(2); /* BK/- */ 1459 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK) 1460 uapsd = true; 1461 break; 1462 case 2: /* AC_VI */ 1463 queue = 1; 1464 if (acm) 1465 sdata->wmm_acm |= BIT(4) | BIT(5); /* CL/VI */ 1466 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI) 1467 uapsd = true; 1468 break; 1469 case 3: /* AC_VO */ 1470 queue = 0; 1471 if (acm) 1472 sdata->wmm_acm |= BIT(6) | BIT(7); /* VO/NC */ 1473 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO) 1474 uapsd = true; 1475 break; 1476 case 0: /* AC_BE */ 1477 default: 1478 queue = 2; 1479 if (acm) 1480 sdata->wmm_acm |= BIT(0) | BIT(3); /* BE/EE */ 1481 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE) 1482 uapsd = true; 1483 break; 1484 } 1485 1486 params.aifs = pos[0] & 0x0f; 1487 params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4); 1488 params.cw_min = ecw2cw(pos[1] & 0x0f); 1489 params.txop = get_unaligned_le16(pos + 2); 1490 params.acm = acm; 1491 params.uapsd = uapsd; 1492 1493 mlme_dbg(sdata, 1494 "WMM queue=%d aci=%d acm=%d aifs=%d cWmin=%d cWmax=%d txop=%d uapsd=%d\n", 1495 queue, aci, acm, 1496 params.aifs, params.cw_min, params.cw_max, 1497 params.txop, params.uapsd); 1498 sdata->tx_conf[queue] = params; 1499 if (drv_conf_tx(local, sdata, queue, ¶ms)) 1500 sdata_err(sdata, 1501 "failed to set TX queue parameters for queue %d\n", 1502 queue); 1503 } 1504 1505 /* enable WMM or activate new settings */ 1506 sdata->vif.bss_conf.qos = true; 1507 return true; 1508 } 1509 1510 static void __ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata) 1511 { 1512 lockdep_assert_held(&sdata->local->mtx); 1513 1514 sdata->u.mgd.flags &= ~IEEE80211_STA_CONNECTION_POLL; 1515 ieee80211_run_deferred_scan(sdata->local); 1516 } 1517 1518 static void ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata) 1519 { 1520 mutex_lock(&sdata->local->mtx); 1521 __ieee80211_stop_poll(sdata); 1522 mutex_unlock(&sdata->local->mtx); 1523 } 1524 1525 static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata, 1526 u16 capab, bool erp_valid, u8 erp) 1527 { 1528 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 1529 u32 changed = 0; 1530 bool use_protection; 1531 bool use_short_preamble; 1532 bool use_short_slot; 1533 1534 if (erp_valid) { 1535 use_protection = (erp & WLAN_ERP_USE_PROTECTION) != 0; 1536 use_short_preamble = (erp & WLAN_ERP_BARKER_PREAMBLE) == 0; 1537 } else { 1538 use_protection = false; 1539 use_short_preamble = !!(capab & WLAN_CAPABILITY_SHORT_PREAMBLE); 1540 } 1541 1542 use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME); 1543 if (ieee80211_get_sdata_band(sdata) == IEEE80211_BAND_5GHZ) 1544 use_short_slot = true; 1545 1546 if (use_protection != bss_conf->use_cts_prot) { 1547 bss_conf->use_cts_prot = use_protection; 1548 changed |= BSS_CHANGED_ERP_CTS_PROT; 1549 } 1550 1551 if (use_short_preamble != bss_conf->use_short_preamble) { 1552 bss_conf->use_short_preamble = use_short_preamble; 1553 changed |= BSS_CHANGED_ERP_PREAMBLE; 1554 } 1555 1556 if (use_short_slot != bss_conf->use_short_slot) { 1557 bss_conf->use_short_slot = use_short_slot; 1558 changed |= BSS_CHANGED_ERP_SLOT; 1559 } 1560 1561 return changed; 1562 } 1563 1564 static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata, 1565 struct cfg80211_bss *cbss, 1566 u32 bss_info_changed) 1567 { 1568 struct ieee80211_bss *bss = (void *)cbss->priv; 1569 struct ieee80211_local *local = sdata->local; 1570 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 1571 1572 bss_info_changed |= BSS_CHANGED_ASSOC; 1573 bss_info_changed |= ieee80211_handle_bss_capability(sdata, 1574 bss_conf->assoc_capability, bss->has_erp_value, bss->erp_value); 1575 1576 sdata->u.mgd.beacon_timeout = usecs_to_jiffies(ieee80211_tu_to_usec( 1577 beacon_loss_count * bss_conf->beacon_int)); 1578 1579 sdata->u.mgd.associated = cbss; 1580 memcpy(sdata->u.mgd.bssid, cbss->bssid, ETH_ALEN); 1581 1582 sdata->u.mgd.flags |= IEEE80211_STA_RESET_SIGNAL_AVE; 1583 1584 if (sdata->vif.p2p) { 1585 const struct cfg80211_bss_ies *ies; 1586 1587 rcu_read_lock(); 1588 ies = rcu_dereference(cbss->ies); 1589 if (ies) { 1590 int ret; 1591 1592 ret = cfg80211_get_p2p_attr( 1593 ies->data, ies->len, 1594 IEEE80211_P2P_ATTR_ABSENCE_NOTICE, 1595 (u8 *) &bss_conf->p2p_noa_attr, 1596 sizeof(bss_conf->p2p_noa_attr)); 1597 if (ret >= 2) { 1598 sdata->u.mgd.p2p_noa_index = 1599 bss_conf->p2p_noa_attr.index; 1600 bss_info_changed |= BSS_CHANGED_P2P_PS; 1601 } 1602 } 1603 rcu_read_unlock(); 1604 } 1605 1606 /* just to be sure */ 1607 ieee80211_stop_poll(sdata); 1608 1609 ieee80211_led_assoc(local, 1); 1610 1611 if (sdata->u.mgd.have_beacon) { 1612 /* 1613 * If the AP is buggy we may get here with no DTIM period 1614 * known, so assume it's 1 which is the only safe assumption 1615 * in that case, although if the TIM IE is broken powersave 1616 * probably just won't work at all. 1617 */ 1618 bss_conf->dtim_period = sdata->u.mgd.dtim_period ?: 1; 1619 bss_conf->beacon_rate = bss->beacon_rate; 1620 bss_info_changed |= BSS_CHANGED_BEACON_INFO; 1621 } else { 1622 bss_conf->beacon_rate = NULL; 1623 bss_conf->dtim_period = 0; 1624 } 1625 1626 bss_conf->assoc = 1; 1627 1628 /* Tell the driver to monitor connection quality (if supported) */ 1629 if (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI && 1630 bss_conf->cqm_rssi_thold) 1631 bss_info_changed |= BSS_CHANGED_CQM; 1632 1633 /* Enable ARP filtering */ 1634 if (bss_conf->arp_addr_cnt) 1635 bss_info_changed |= BSS_CHANGED_ARP_FILTER; 1636 1637 ieee80211_bss_info_change_notify(sdata, bss_info_changed); 1638 1639 mutex_lock(&local->iflist_mtx); 1640 ieee80211_recalc_ps(local, -1); 1641 mutex_unlock(&local->iflist_mtx); 1642 1643 ieee80211_recalc_smps(sdata); 1644 ieee80211_recalc_ps_vif(sdata); 1645 1646 netif_carrier_on(sdata->dev); 1647 } 1648 1649 static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata, 1650 u16 stype, u16 reason, bool tx, 1651 u8 *frame_buf) 1652 { 1653 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1654 struct ieee80211_local *local = sdata->local; 1655 u32 changed = 0; 1656 1657 sdata_assert_lock(sdata); 1658 1659 if (WARN_ON_ONCE(tx && !frame_buf)) 1660 return; 1661 1662 if (WARN_ON(!ifmgd->associated)) 1663 return; 1664 1665 ieee80211_stop_poll(sdata); 1666 1667 ifmgd->associated = NULL; 1668 netif_carrier_off(sdata->dev); 1669 1670 /* 1671 * if we want to get out of ps before disassoc (why?) we have 1672 * to do it before sending disassoc, as otherwise the null-packet 1673 * won't be valid. 1674 */ 1675 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 1676 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 1677 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1678 } 1679 local->ps_sdata = NULL; 1680 1681 /* disable per-vif ps */ 1682 ieee80211_recalc_ps_vif(sdata); 1683 1684 /* flush out any pending frame (e.g. DELBA) before deauth/disassoc */ 1685 if (tx) 1686 ieee80211_flush_queues(local, sdata); 1687 1688 /* deauthenticate/disassociate now */ 1689 if (tx || frame_buf) 1690 ieee80211_send_deauth_disassoc(sdata, ifmgd->bssid, stype, 1691 reason, tx, frame_buf); 1692 1693 /* flush out frame */ 1694 if (tx) 1695 ieee80211_flush_queues(local, sdata); 1696 1697 /* clear bssid only after building the needed mgmt frames */ 1698 memset(ifmgd->bssid, 0, ETH_ALEN); 1699 1700 /* remove AP and TDLS peers */ 1701 sta_info_flush_defer(sdata); 1702 1703 /* finally reset all BSS / config parameters */ 1704 changed |= ieee80211_reset_erp_info(sdata); 1705 1706 ieee80211_led_assoc(local, 0); 1707 changed |= BSS_CHANGED_ASSOC; 1708 sdata->vif.bss_conf.assoc = false; 1709 1710 ifmgd->p2p_noa_index = -1; 1711 memset(&sdata->vif.bss_conf.p2p_noa_attr, 0, 1712 sizeof(sdata->vif.bss_conf.p2p_noa_attr)); 1713 1714 /* on the next assoc, re-program HT/VHT parameters */ 1715 memset(&ifmgd->ht_capa, 0, sizeof(ifmgd->ht_capa)); 1716 memset(&ifmgd->ht_capa_mask, 0, sizeof(ifmgd->ht_capa_mask)); 1717 memset(&ifmgd->vht_capa, 0, sizeof(ifmgd->vht_capa)); 1718 memset(&ifmgd->vht_capa_mask, 0, sizeof(ifmgd->vht_capa_mask)); 1719 1720 sdata->ap_power_level = IEEE80211_UNSET_POWER_LEVEL; 1721 1722 del_timer_sync(&local->dynamic_ps_timer); 1723 cancel_work_sync(&local->dynamic_ps_enable_work); 1724 1725 /* Disable ARP filtering */ 1726 if (sdata->vif.bss_conf.arp_addr_cnt) 1727 changed |= BSS_CHANGED_ARP_FILTER; 1728 1729 sdata->vif.bss_conf.qos = false; 1730 changed |= BSS_CHANGED_QOS; 1731 1732 /* The BSSID (not really interesting) and HT changed */ 1733 changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT; 1734 ieee80211_bss_info_change_notify(sdata, changed); 1735 1736 /* disassociated - set to defaults now */ 1737 ieee80211_set_wmm_default(sdata, false); 1738 1739 del_timer_sync(&sdata->u.mgd.conn_mon_timer); 1740 del_timer_sync(&sdata->u.mgd.bcn_mon_timer); 1741 del_timer_sync(&sdata->u.mgd.timer); 1742 del_timer_sync(&sdata->u.mgd.chswitch_timer); 1743 1744 sdata->vif.bss_conf.dtim_period = 0; 1745 sdata->vif.bss_conf.beacon_rate = NULL; 1746 1747 ifmgd->have_beacon = false; 1748 1749 ifmgd->flags = 0; 1750 ieee80211_vif_release_channel(sdata); 1751 1752 sdata->encrypt_headroom = IEEE80211_ENCRYPT_HEADROOM; 1753 } 1754 1755 void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata, 1756 struct ieee80211_hdr *hdr) 1757 { 1758 /* 1759 * We can postpone the mgd.timer whenever receiving unicast frames 1760 * from AP because we know that the connection is working both ways 1761 * at that time. But multicast frames (and hence also beacons) must 1762 * be ignored here, because we need to trigger the timer during 1763 * data idle periods for sending the periodic probe request to the 1764 * AP we're connected to. 1765 */ 1766 if (is_multicast_ether_addr(hdr->addr1)) 1767 return; 1768 1769 ieee80211_sta_reset_conn_monitor(sdata); 1770 } 1771 1772 static void ieee80211_reset_ap_probe(struct ieee80211_sub_if_data *sdata) 1773 { 1774 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1775 struct ieee80211_local *local = sdata->local; 1776 1777 mutex_lock(&local->mtx); 1778 if (!(ifmgd->flags & IEEE80211_STA_CONNECTION_POLL)) 1779 goto out; 1780 1781 __ieee80211_stop_poll(sdata); 1782 1783 mutex_lock(&local->iflist_mtx); 1784 ieee80211_recalc_ps(local, -1); 1785 mutex_unlock(&local->iflist_mtx); 1786 1787 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 1788 goto out; 1789 1790 /* 1791 * We've received a probe response, but are not sure whether 1792 * we have or will be receiving any beacons or data, so let's 1793 * schedule the timers again, just in case. 1794 */ 1795 ieee80211_sta_reset_beacon_monitor(sdata); 1796 1797 mod_timer(&ifmgd->conn_mon_timer, 1798 round_jiffies_up(jiffies + 1799 IEEE80211_CONNECTION_IDLE_TIME)); 1800 out: 1801 mutex_unlock(&local->mtx); 1802 } 1803 1804 void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata, 1805 struct ieee80211_hdr *hdr, bool ack) 1806 { 1807 if (!ieee80211_is_data(hdr->frame_control)) 1808 return; 1809 1810 if (ieee80211_is_nullfunc(hdr->frame_control) && 1811 sdata->u.mgd.probe_send_count > 0) { 1812 if (ack) 1813 ieee80211_sta_reset_conn_monitor(sdata); 1814 else 1815 sdata->u.mgd.nullfunc_failed = true; 1816 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 1817 return; 1818 } 1819 1820 if (ack) 1821 ieee80211_sta_reset_conn_monitor(sdata); 1822 } 1823 1824 static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata) 1825 { 1826 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1827 const u8 *ssid; 1828 u8 *dst = ifmgd->associated->bssid; 1829 u8 unicast_limit = max(1, max_probe_tries - 3); 1830 1831 /* 1832 * Try sending broadcast probe requests for the last three 1833 * probe requests after the first ones failed since some 1834 * buggy APs only support broadcast probe requests. 1835 */ 1836 if (ifmgd->probe_send_count >= unicast_limit) 1837 dst = NULL; 1838 1839 /* 1840 * When the hardware reports an accurate Tx ACK status, it's 1841 * better to send a nullfunc frame instead of a probe request, 1842 * as it will kick us off the AP quickly if we aren't associated 1843 * anymore. The timeout will be reset if the frame is ACKed by 1844 * the AP. 1845 */ 1846 ifmgd->probe_send_count++; 1847 1848 if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) { 1849 ifmgd->nullfunc_failed = false; 1850 ieee80211_send_nullfunc(sdata->local, sdata, 0); 1851 } else { 1852 int ssid_len; 1853 1854 rcu_read_lock(); 1855 ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID); 1856 if (WARN_ON_ONCE(ssid == NULL)) 1857 ssid_len = 0; 1858 else 1859 ssid_len = ssid[1]; 1860 1861 ieee80211_send_probe_req(sdata, dst, ssid + 2, ssid_len, NULL, 1862 0, (u32) -1, true, 0, 1863 ifmgd->associated->channel, false); 1864 rcu_read_unlock(); 1865 } 1866 1867 ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms); 1868 run_again(sdata, ifmgd->probe_timeout); 1869 if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 1870 ieee80211_flush_queues(sdata->local, sdata); 1871 } 1872 1873 static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata, 1874 bool beacon) 1875 { 1876 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1877 bool already = false; 1878 1879 if (!ieee80211_sdata_running(sdata)) 1880 return; 1881 1882 sdata_lock(sdata); 1883 1884 if (!ifmgd->associated) 1885 goto out; 1886 1887 mutex_lock(&sdata->local->mtx); 1888 1889 if (sdata->local->tmp_channel || sdata->local->scanning) { 1890 mutex_unlock(&sdata->local->mtx); 1891 goto out; 1892 } 1893 1894 if (beacon) { 1895 mlme_dbg_ratelimited(sdata, 1896 "detected beacon loss from AP (missed %d beacons) - probing\n", 1897 beacon_loss_count); 1898 1899 ieee80211_cqm_rssi_notify(&sdata->vif, 1900 NL80211_CQM_RSSI_BEACON_LOSS_EVENT, 1901 GFP_KERNEL); 1902 } 1903 1904 /* 1905 * The driver/our work has already reported this event or the 1906 * connection monitoring has kicked in and we have already sent 1907 * a probe request. Or maybe the AP died and the driver keeps 1908 * reporting until we disassociate... 1909 * 1910 * In either case we have to ignore the current call to this 1911 * function (except for setting the correct probe reason bit) 1912 * because otherwise we would reset the timer every time and 1913 * never check whether we received a probe response! 1914 */ 1915 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) 1916 already = true; 1917 1918 ifmgd->flags |= IEEE80211_STA_CONNECTION_POLL; 1919 1920 mutex_unlock(&sdata->local->mtx); 1921 1922 if (already) 1923 goto out; 1924 1925 mutex_lock(&sdata->local->iflist_mtx); 1926 ieee80211_recalc_ps(sdata->local, -1); 1927 mutex_unlock(&sdata->local->iflist_mtx); 1928 1929 ifmgd->probe_send_count = 0; 1930 ieee80211_mgd_probe_ap_send(sdata); 1931 out: 1932 sdata_unlock(sdata); 1933 } 1934 1935 struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw, 1936 struct ieee80211_vif *vif) 1937 { 1938 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 1939 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1940 struct cfg80211_bss *cbss; 1941 struct sk_buff *skb; 1942 const u8 *ssid; 1943 int ssid_len; 1944 1945 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 1946 return NULL; 1947 1948 sdata_assert_lock(sdata); 1949 1950 if (ifmgd->associated) 1951 cbss = ifmgd->associated; 1952 else if (ifmgd->auth_data) 1953 cbss = ifmgd->auth_data->bss; 1954 else if (ifmgd->assoc_data) 1955 cbss = ifmgd->assoc_data->bss; 1956 else 1957 return NULL; 1958 1959 rcu_read_lock(); 1960 ssid = ieee80211_bss_get_ie(cbss, WLAN_EID_SSID); 1961 if (WARN_ON_ONCE(ssid == NULL)) 1962 ssid_len = 0; 1963 else 1964 ssid_len = ssid[1]; 1965 1966 skb = ieee80211_build_probe_req(sdata, cbss->bssid, 1967 (u32) -1, cbss->channel, 1968 ssid + 2, ssid_len, 1969 NULL, 0, true); 1970 rcu_read_unlock(); 1971 1972 return skb; 1973 } 1974 EXPORT_SYMBOL(ieee80211_ap_probereq_get); 1975 1976 static void __ieee80211_disconnect(struct ieee80211_sub_if_data *sdata) 1977 { 1978 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1979 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 1980 1981 sdata_lock(sdata); 1982 if (!ifmgd->associated) { 1983 sdata_unlock(sdata); 1984 return; 1985 } 1986 1987 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 1988 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, 1989 true, frame_buf); 1990 ifmgd->flags &= ~IEEE80211_STA_CSA_RECEIVED; 1991 sdata->vif.csa_active = false; 1992 ieee80211_wake_queues_by_reason(&sdata->local->hw, 1993 IEEE80211_MAX_QUEUE_MAP, 1994 IEEE80211_QUEUE_STOP_REASON_CSA); 1995 1996 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 1997 IEEE80211_DEAUTH_FRAME_LEN); 1998 sdata_unlock(sdata); 1999 } 2000 2001 static void ieee80211_beacon_connection_loss_work(struct work_struct *work) 2002 { 2003 struct ieee80211_sub_if_data *sdata = 2004 container_of(work, struct ieee80211_sub_if_data, 2005 u.mgd.beacon_connection_loss_work); 2006 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2007 struct sta_info *sta; 2008 2009 if (ifmgd->associated) { 2010 rcu_read_lock(); 2011 sta = sta_info_get(sdata, ifmgd->bssid); 2012 if (sta) 2013 sta->beacon_loss_count++; 2014 rcu_read_unlock(); 2015 } 2016 2017 if (ifmgd->connection_loss) { 2018 sdata_info(sdata, "Connection to AP %pM lost\n", 2019 ifmgd->bssid); 2020 __ieee80211_disconnect(sdata); 2021 } else { 2022 ieee80211_mgd_probe_ap(sdata, true); 2023 } 2024 } 2025 2026 static void ieee80211_csa_connection_drop_work(struct work_struct *work) 2027 { 2028 struct ieee80211_sub_if_data *sdata = 2029 container_of(work, struct ieee80211_sub_if_data, 2030 u.mgd.csa_connection_drop_work); 2031 2032 __ieee80211_disconnect(sdata); 2033 } 2034 2035 void ieee80211_beacon_loss(struct ieee80211_vif *vif) 2036 { 2037 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2038 struct ieee80211_hw *hw = &sdata->local->hw; 2039 2040 trace_api_beacon_loss(sdata); 2041 2042 sdata->u.mgd.connection_loss = false; 2043 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work); 2044 } 2045 EXPORT_SYMBOL(ieee80211_beacon_loss); 2046 2047 void ieee80211_connection_loss(struct ieee80211_vif *vif) 2048 { 2049 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2050 struct ieee80211_hw *hw = &sdata->local->hw; 2051 2052 trace_api_connection_loss(sdata); 2053 2054 sdata->u.mgd.connection_loss = true; 2055 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work); 2056 } 2057 EXPORT_SYMBOL(ieee80211_connection_loss); 2058 2059 2060 static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata, 2061 bool assoc) 2062 { 2063 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data; 2064 2065 sdata_assert_lock(sdata); 2066 2067 if (!assoc) { 2068 sta_info_destroy_addr(sdata, auth_data->bss->bssid); 2069 2070 memset(sdata->u.mgd.bssid, 0, ETH_ALEN); 2071 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 2072 sdata->u.mgd.flags = 0; 2073 ieee80211_vif_release_channel(sdata); 2074 } 2075 2076 cfg80211_put_bss(sdata->local->hw.wiphy, auth_data->bss); 2077 kfree(auth_data); 2078 sdata->u.mgd.auth_data = NULL; 2079 } 2080 2081 static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata, 2082 struct ieee80211_mgmt *mgmt, size_t len) 2083 { 2084 struct ieee80211_local *local = sdata->local; 2085 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data; 2086 u8 *pos; 2087 struct ieee802_11_elems elems; 2088 u32 tx_flags = 0; 2089 2090 pos = mgmt->u.auth.variable; 2091 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems); 2092 if (!elems.challenge) 2093 return; 2094 auth_data->expected_transaction = 4; 2095 drv_mgd_prepare_tx(sdata->local, sdata); 2096 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 2097 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS | 2098 IEEE80211_TX_INTFL_MLME_CONN_TX; 2099 ieee80211_send_auth(sdata, 3, auth_data->algorithm, 0, 2100 elems.challenge - 2, elems.challenge_len + 2, 2101 auth_data->bss->bssid, auth_data->bss->bssid, 2102 auth_data->key, auth_data->key_len, 2103 auth_data->key_idx, tx_flags); 2104 } 2105 2106 static void ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata, 2107 struct ieee80211_mgmt *mgmt, size_t len) 2108 { 2109 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2110 u8 bssid[ETH_ALEN]; 2111 u16 auth_alg, auth_transaction, status_code; 2112 struct sta_info *sta; 2113 2114 sdata_assert_lock(sdata); 2115 2116 if (len < 24 + 6) 2117 return; 2118 2119 if (!ifmgd->auth_data || ifmgd->auth_data->done) 2120 return; 2121 2122 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN); 2123 2124 if (!ether_addr_equal(bssid, mgmt->bssid)) 2125 return; 2126 2127 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg); 2128 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction); 2129 status_code = le16_to_cpu(mgmt->u.auth.status_code); 2130 2131 if (auth_alg != ifmgd->auth_data->algorithm || 2132 auth_transaction != ifmgd->auth_data->expected_transaction) { 2133 sdata_info(sdata, "%pM unexpected authentication state: alg %d (expected %d) transact %d (expected %d)\n", 2134 mgmt->sa, auth_alg, ifmgd->auth_data->algorithm, 2135 auth_transaction, 2136 ifmgd->auth_data->expected_transaction); 2137 return; 2138 } 2139 2140 if (status_code != WLAN_STATUS_SUCCESS) { 2141 sdata_info(sdata, "%pM denied authentication (status %d)\n", 2142 mgmt->sa, status_code); 2143 ieee80211_destroy_auth_data(sdata, false); 2144 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2145 return; 2146 } 2147 2148 switch (ifmgd->auth_data->algorithm) { 2149 case WLAN_AUTH_OPEN: 2150 case WLAN_AUTH_LEAP: 2151 case WLAN_AUTH_FT: 2152 case WLAN_AUTH_SAE: 2153 break; 2154 case WLAN_AUTH_SHARED_KEY: 2155 if (ifmgd->auth_data->expected_transaction != 4) { 2156 ieee80211_auth_challenge(sdata, mgmt, len); 2157 /* need another frame */ 2158 return; 2159 } 2160 break; 2161 default: 2162 WARN_ONCE(1, "invalid auth alg %d", 2163 ifmgd->auth_data->algorithm); 2164 return; 2165 } 2166 2167 sdata_info(sdata, "authenticated\n"); 2168 ifmgd->auth_data->done = true; 2169 ifmgd->auth_data->timeout = jiffies + IEEE80211_AUTH_WAIT_ASSOC; 2170 ifmgd->auth_data->timeout_started = true; 2171 run_again(sdata, ifmgd->auth_data->timeout); 2172 2173 if (ifmgd->auth_data->algorithm == WLAN_AUTH_SAE && 2174 ifmgd->auth_data->expected_transaction != 2) { 2175 /* 2176 * Report auth frame to user space for processing since another 2177 * round of Authentication frames is still needed. 2178 */ 2179 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2180 return; 2181 } 2182 2183 /* move station state to auth */ 2184 mutex_lock(&sdata->local->sta_mtx); 2185 sta = sta_info_get(sdata, bssid); 2186 if (!sta) { 2187 WARN_ONCE(1, "%s: STA %pM not found", sdata->name, bssid); 2188 goto out_err; 2189 } 2190 if (sta_info_move_state(sta, IEEE80211_STA_AUTH)) { 2191 sdata_info(sdata, "failed moving %pM to auth\n", bssid); 2192 goto out_err; 2193 } 2194 mutex_unlock(&sdata->local->sta_mtx); 2195 2196 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2197 return; 2198 out_err: 2199 mutex_unlock(&sdata->local->sta_mtx); 2200 /* ignore frame -- wait for timeout */ 2201 } 2202 2203 2204 static void ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata, 2205 struct ieee80211_mgmt *mgmt, size_t len) 2206 { 2207 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2208 const u8 *bssid = NULL; 2209 u16 reason_code; 2210 2211 sdata_assert_lock(sdata); 2212 2213 if (len < 24 + 2) 2214 return; 2215 2216 if (!ifmgd->associated || 2217 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2218 return; 2219 2220 bssid = ifmgd->associated->bssid; 2221 2222 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code); 2223 2224 sdata_info(sdata, "deauthenticated from %pM (Reason: %u)\n", 2225 bssid, reason_code); 2226 2227 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 2228 2229 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2230 } 2231 2232 2233 static void ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata, 2234 struct ieee80211_mgmt *mgmt, size_t len) 2235 { 2236 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2237 u16 reason_code; 2238 2239 sdata_assert_lock(sdata); 2240 2241 if (len < 24 + 2) 2242 return; 2243 2244 if (!ifmgd->associated || 2245 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2246 return; 2247 2248 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code); 2249 2250 sdata_info(sdata, "disassociated from %pM (Reason: %u)\n", 2251 mgmt->sa, reason_code); 2252 2253 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 2254 2255 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2256 } 2257 2258 static void ieee80211_get_rates(struct ieee80211_supported_band *sband, 2259 u8 *supp_rates, unsigned int supp_rates_len, 2260 u32 *rates, u32 *basic_rates, 2261 bool *have_higher_than_11mbit, 2262 int *min_rate, int *min_rate_index, 2263 int shift, u32 rate_flags) 2264 { 2265 int i, j; 2266 2267 for (i = 0; i < supp_rates_len; i++) { 2268 int rate = supp_rates[i] & 0x7f; 2269 bool is_basic = !!(supp_rates[i] & 0x80); 2270 2271 if ((rate * 5 * (1 << shift)) > 110) 2272 *have_higher_than_11mbit = true; 2273 2274 /* 2275 * BSS_MEMBERSHIP_SELECTOR_HT_PHY is defined in 802.11n-2009 2276 * 7.3.2.2 as a magic value instead of a rate. Hence, skip it. 2277 * 2278 * Note: Even through the membership selector and the basic 2279 * rate flag share the same bit, they are not exactly 2280 * the same. 2281 */ 2282 if (!!(supp_rates[i] & 0x80) && 2283 (supp_rates[i] & 0x7f) == BSS_MEMBERSHIP_SELECTOR_HT_PHY) 2284 continue; 2285 2286 for (j = 0; j < sband->n_bitrates; j++) { 2287 struct ieee80211_rate *br; 2288 int brate; 2289 2290 br = &sband->bitrates[j]; 2291 if ((rate_flags & br->flags) != rate_flags) 2292 continue; 2293 2294 brate = DIV_ROUND_UP(br->bitrate, (1 << shift) * 5); 2295 if (brate == rate) { 2296 *rates |= BIT(j); 2297 if (is_basic) 2298 *basic_rates |= BIT(j); 2299 if ((rate * 5) < *min_rate) { 2300 *min_rate = rate * 5; 2301 *min_rate_index = j; 2302 } 2303 break; 2304 } 2305 } 2306 } 2307 } 2308 2309 static void ieee80211_destroy_assoc_data(struct ieee80211_sub_if_data *sdata, 2310 bool assoc) 2311 { 2312 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data; 2313 2314 sdata_assert_lock(sdata); 2315 2316 if (!assoc) { 2317 sta_info_destroy_addr(sdata, assoc_data->bss->bssid); 2318 2319 memset(sdata->u.mgd.bssid, 0, ETH_ALEN); 2320 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 2321 sdata->u.mgd.flags = 0; 2322 ieee80211_vif_release_channel(sdata); 2323 } 2324 2325 kfree(assoc_data); 2326 sdata->u.mgd.assoc_data = NULL; 2327 } 2328 2329 static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata, 2330 struct cfg80211_bss *cbss, 2331 struct ieee80211_mgmt *mgmt, size_t len) 2332 { 2333 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2334 struct ieee80211_local *local = sdata->local; 2335 struct ieee80211_supported_band *sband; 2336 struct sta_info *sta; 2337 u8 *pos; 2338 u16 capab_info, aid; 2339 struct ieee802_11_elems elems; 2340 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 2341 const struct cfg80211_bss_ies *bss_ies = NULL; 2342 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 2343 u32 changed = 0; 2344 int err; 2345 bool ret; 2346 2347 /* AssocResp and ReassocResp have identical structure */ 2348 2349 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 2350 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 2351 2352 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14))) 2353 sdata_info(sdata, "invalid AID value 0x%x; bits 15:14 not set\n", 2354 aid); 2355 aid &= ~(BIT(15) | BIT(14)); 2356 2357 ifmgd->broken_ap = false; 2358 2359 if (aid == 0 || aid > IEEE80211_MAX_AID) { 2360 sdata_info(sdata, "invalid AID value %d (out of range), turn off PS\n", 2361 aid); 2362 aid = 0; 2363 ifmgd->broken_ap = true; 2364 } 2365 2366 pos = mgmt->u.assoc_resp.variable; 2367 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems); 2368 2369 if (!elems.supp_rates) { 2370 sdata_info(sdata, "no SuppRates element in AssocResp\n"); 2371 return false; 2372 } 2373 2374 ifmgd->aid = aid; 2375 2376 /* 2377 * Some APs are erroneously not including some information in their 2378 * (re)association response frames. Try to recover by using the data 2379 * from the beacon or probe response. This seems to afflict mobile 2380 * 2G/3G/4G wifi routers, reported models include the "Onda PN51T", 2381 * "Vodafone PocketWiFi 2", "ZTE MF60" and a similar T-Mobile device. 2382 */ 2383 if ((assoc_data->wmm && !elems.wmm_param) || 2384 (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 2385 (!elems.ht_cap_elem || !elems.ht_operation)) || 2386 (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && 2387 (!elems.vht_cap_elem || !elems.vht_operation))) { 2388 const struct cfg80211_bss_ies *ies; 2389 struct ieee802_11_elems bss_elems; 2390 2391 rcu_read_lock(); 2392 ies = rcu_dereference(cbss->ies); 2393 if (ies) 2394 bss_ies = kmemdup(ies, sizeof(*ies) + ies->len, 2395 GFP_ATOMIC); 2396 rcu_read_unlock(); 2397 if (!bss_ies) 2398 return false; 2399 2400 ieee802_11_parse_elems(bss_ies->data, bss_ies->len, 2401 false, &bss_elems); 2402 if (assoc_data->wmm && 2403 !elems.wmm_param && bss_elems.wmm_param) { 2404 elems.wmm_param = bss_elems.wmm_param; 2405 sdata_info(sdata, 2406 "AP bug: WMM param missing from AssocResp\n"); 2407 } 2408 2409 /* 2410 * Also check if we requested HT/VHT, otherwise the AP doesn't 2411 * have to include the IEs in the (re)association response. 2412 */ 2413 if (!elems.ht_cap_elem && bss_elems.ht_cap_elem && 2414 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) { 2415 elems.ht_cap_elem = bss_elems.ht_cap_elem; 2416 sdata_info(sdata, 2417 "AP bug: HT capability missing from AssocResp\n"); 2418 } 2419 if (!elems.ht_operation && bss_elems.ht_operation && 2420 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) { 2421 elems.ht_operation = bss_elems.ht_operation; 2422 sdata_info(sdata, 2423 "AP bug: HT operation missing from AssocResp\n"); 2424 } 2425 if (!elems.vht_cap_elem && bss_elems.vht_cap_elem && 2426 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) { 2427 elems.vht_cap_elem = bss_elems.vht_cap_elem; 2428 sdata_info(sdata, 2429 "AP bug: VHT capa missing from AssocResp\n"); 2430 } 2431 if (!elems.vht_operation && bss_elems.vht_operation && 2432 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) { 2433 elems.vht_operation = bss_elems.vht_operation; 2434 sdata_info(sdata, 2435 "AP bug: VHT operation missing from AssocResp\n"); 2436 } 2437 } 2438 2439 /* 2440 * We previously checked these in the beacon/probe response, so 2441 * they should be present here. This is just a safety net. 2442 */ 2443 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 2444 (!elems.wmm_param || !elems.ht_cap_elem || !elems.ht_operation)) { 2445 sdata_info(sdata, 2446 "HT AP is missing WMM params or HT capability/operation\n"); 2447 ret = false; 2448 goto out; 2449 } 2450 2451 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && 2452 (!elems.vht_cap_elem || !elems.vht_operation)) { 2453 sdata_info(sdata, 2454 "VHT AP is missing VHT capability/operation\n"); 2455 ret = false; 2456 goto out; 2457 } 2458 2459 mutex_lock(&sdata->local->sta_mtx); 2460 /* 2461 * station info was already allocated and inserted before 2462 * the association and should be available to us 2463 */ 2464 sta = sta_info_get(sdata, cbss->bssid); 2465 if (WARN_ON(!sta)) { 2466 mutex_unlock(&sdata->local->sta_mtx); 2467 ret = false; 2468 goto out; 2469 } 2470 2471 sband = local->hw.wiphy->bands[ieee80211_get_sdata_band(sdata)]; 2472 2473 /* Set up internal HT/VHT capabilities */ 2474 if (elems.ht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) 2475 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband, 2476 elems.ht_cap_elem, sta); 2477 2478 if (elems.vht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 2479 ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband, 2480 elems.vht_cap_elem, sta); 2481 2482 /* 2483 * Some APs, e.g. Netgear WNDR3700, report invalid HT operation data 2484 * in their association response, so ignore that data for our own 2485 * configuration. If it changed since the last beacon, we'll get the 2486 * next beacon and update then. 2487 */ 2488 2489 /* 2490 * If an operating mode notification IE is present, override the 2491 * NSS calculation (that would be done in rate_control_rate_init()) 2492 * and use the # of streams from that element. 2493 */ 2494 if (elems.opmode_notif && 2495 !(*elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_TYPE_BF)) { 2496 u8 nss; 2497 2498 nss = *elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_MASK; 2499 nss >>= IEEE80211_OPMODE_NOTIF_RX_NSS_SHIFT; 2500 nss += 1; 2501 sta->sta.rx_nss = nss; 2502 } 2503 2504 rate_control_rate_init(sta); 2505 2506 if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED) 2507 set_sta_flag(sta, WLAN_STA_MFP); 2508 2509 if (elems.wmm_param) 2510 set_sta_flag(sta, WLAN_STA_WME); 2511 2512 err = sta_info_move_state(sta, IEEE80211_STA_ASSOC); 2513 if (!err && !(ifmgd->flags & IEEE80211_STA_CONTROL_PORT)) 2514 err = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED); 2515 if (err) { 2516 sdata_info(sdata, 2517 "failed to move station %pM to desired state\n", 2518 sta->sta.addr); 2519 WARN_ON(__sta_info_destroy(sta)); 2520 mutex_unlock(&sdata->local->sta_mtx); 2521 ret = false; 2522 goto out; 2523 } 2524 2525 mutex_unlock(&sdata->local->sta_mtx); 2526 2527 /* 2528 * Always handle WMM once after association regardless 2529 * of the first value the AP uses. Setting -1 here has 2530 * that effect because the AP values is an unsigned 2531 * 4-bit value. 2532 */ 2533 ifmgd->wmm_last_param_set = -1; 2534 2535 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_WMM) && elems.wmm_param) 2536 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param, 2537 elems.wmm_param_len); 2538 else 2539 ieee80211_set_wmm_default(sdata, false); 2540 changed |= BSS_CHANGED_QOS; 2541 2542 /* set AID and assoc capability, 2543 * ieee80211_set_associated() will tell the driver */ 2544 bss_conf->aid = aid; 2545 bss_conf->assoc_capability = capab_info; 2546 ieee80211_set_associated(sdata, cbss, changed); 2547 2548 /* 2549 * If we're using 4-addr mode, let the AP know that we're 2550 * doing so, so that it can create the STA VLAN on its side 2551 */ 2552 if (ifmgd->use_4addr) 2553 ieee80211_send_4addr_nullfunc(local, sdata); 2554 2555 /* 2556 * Start timer to probe the connection to the AP now. 2557 * Also start the timer that will detect beacon loss. 2558 */ 2559 ieee80211_sta_rx_notify(sdata, (struct ieee80211_hdr *)mgmt); 2560 ieee80211_sta_reset_beacon_monitor(sdata); 2561 2562 ret = true; 2563 out: 2564 kfree(bss_ies); 2565 return ret; 2566 } 2567 2568 static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata, 2569 struct ieee80211_mgmt *mgmt, 2570 size_t len) 2571 { 2572 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2573 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 2574 u16 capab_info, status_code, aid; 2575 struct ieee802_11_elems elems; 2576 u8 *pos; 2577 bool reassoc; 2578 struct cfg80211_bss *bss; 2579 2580 sdata_assert_lock(sdata); 2581 2582 if (!assoc_data) 2583 return; 2584 if (!ether_addr_equal(assoc_data->bss->bssid, mgmt->bssid)) 2585 return; 2586 2587 /* 2588 * AssocResp and ReassocResp have identical structure, so process both 2589 * of them in this function. 2590 */ 2591 2592 if (len < 24 + 6) 2593 return; 2594 2595 reassoc = ieee80211_is_reassoc_req(mgmt->frame_control); 2596 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 2597 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code); 2598 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 2599 2600 sdata_info(sdata, 2601 "RX %sssocResp from %pM (capab=0x%x status=%d aid=%d)\n", 2602 reassoc ? "Rea" : "A", mgmt->sa, 2603 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14)))); 2604 2605 pos = mgmt->u.assoc_resp.variable; 2606 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems); 2607 2608 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY && 2609 elems.timeout_int && 2610 elems.timeout_int->type == WLAN_TIMEOUT_ASSOC_COMEBACK) { 2611 u32 tu, ms; 2612 tu = le32_to_cpu(elems.timeout_int->value); 2613 ms = tu * 1024 / 1000; 2614 sdata_info(sdata, 2615 "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n", 2616 mgmt->sa, tu, ms); 2617 assoc_data->timeout = jiffies + msecs_to_jiffies(ms); 2618 assoc_data->timeout_started = true; 2619 if (ms > IEEE80211_ASSOC_TIMEOUT) 2620 run_again(sdata, assoc_data->timeout); 2621 return; 2622 } 2623 2624 bss = assoc_data->bss; 2625 2626 if (status_code != WLAN_STATUS_SUCCESS) { 2627 sdata_info(sdata, "%pM denied association (code=%d)\n", 2628 mgmt->sa, status_code); 2629 ieee80211_destroy_assoc_data(sdata, false); 2630 } else { 2631 if (!ieee80211_assoc_success(sdata, bss, mgmt, len)) { 2632 /* oops -- internal error -- send timeout for now */ 2633 ieee80211_destroy_assoc_data(sdata, false); 2634 cfg80211_assoc_timeout(sdata->dev, bss); 2635 return; 2636 } 2637 sdata_info(sdata, "associated\n"); 2638 2639 /* 2640 * destroy assoc_data afterwards, as otherwise an idle 2641 * recalc after assoc_data is NULL but before associated 2642 * is set can cause the interface to go idle 2643 */ 2644 ieee80211_destroy_assoc_data(sdata, true); 2645 } 2646 2647 cfg80211_rx_assoc_resp(sdata->dev, bss, (u8 *)mgmt, len); 2648 } 2649 2650 static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata, 2651 struct ieee80211_mgmt *mgmt, size_t len, 2652 struct ieee80211_rx_status *rx_status, 2653 struct ieee802_11_elems *elems) 2654 { 2655 struct ieee80211_local *local = sdata->local; 2656 int freq; 2657 struct ieee80211_bss *bss; 2658 struct ieee80211_channel *channel; 2659 2660 sdata_assert_lock(sdata); 2661 2662 if (elems->ds_params) 2663 freq = ieee80211_channel_to_frequency(elems->ds_params[0], 2664 rx_status->band); 2665 else 2666 freq = rx_status->freq; 2667 2668 channel = ieee80211_get_channel(local->hw.wiphy, freq); 2669 2670 if (!channel || channel->flags & IEEE80211_CHAN_DISABLED) 2671 return; 2672 2673 bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, elems, 2674 channel); 2675 if (bss) { 2676 ieee80211_rx_bss_put(local, bss); 2677 sdata->vif.bss_conf.beacon_rate = bss->beacon_rate; 2678 } 2679 } 2680 2681 2682 static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata, 2683 struct sk_buff *skb) 2684 { 2685 struct ieee80211_mgmt *mgmt = (void *)skb->data; 2686 struct ieee80211_if_managed *ifmgd; 2687 struct ieee80211_rx_status *rx_status = (void *) skb->cb; 2688 size_t baselen, len = skb->len; 2689 struct ieee802_11_elems elems; 2690 2691 ifmgd = &sdata->u.mgd; 2692 2693 sdata_assert_lock(sdata); 2694 2695 if (!ether_addr_equal(mgmt->da, sdata->vif.addr)) 2696 return; /* ignore ProbeResp to foreign address */ 2697 2698 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt; 2699 if (baselen > len) 2700 return; 2701 2702 ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen, 2703 false, &elems); 2704 2705 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 2706 2707 if (ifmgd->associated && 2708 ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2709 ieee80211_reset_ap_probe(sdata); 2710 2711 if (ifmgd->auth_data && !ifmgd->auth_data->bss->proberesp_ies && 2712 ether_addr_equal(mgmt->bssid, ifmgd->auth_data->bss->bssid)) { 2713 /* got probe response, continue with auth */ 2714 sdata_info(sdata, "direct probe responded\n"); 2715 ifmgd->auth_data->tries = 0; 2716 ifmgd->auth_data->timeout = jiffies; 2717 ifmgd->auth_data->timeout_started = true; 2718 run_again(sdata, ifmgd->auth_data->timeout); 2719 } 2720 } 2721 2722 /* 2723 * This is the canonical list of information elements we care about, 2724 * the filter code also gives us all changes to the Microsoft OUI 2725 * (00:50:F2) vendor IE which is used for WMM which we need to track. 2726 * 2727 * We implement beacon filtering in software since that means we can 2728 * avoid processing the frame here and in cfg80211, and userspace 2729 * will not be able to tell whether the hardware supports it or not. 2730 * 2731 * XXX: This list needs to be dynamic -- userspace needs to be able to 2732 * add items it requires. It also needs to be able to tell us to 2733 * look out for other vendor IEs. 2734 */ 2735 static const u64 care_about_ies = 2736 (1ULL << WLAN_EID_COUNTRY) | 2737 (1ULL << WLAN_EID_ERP_INFO) | 2738 (1ULL << WLAN_EID_CHANNEL_SWITCH) | 2739 (1ULL << WLAN_EID_PWR_CONSTRAINT) | 2740 (1ULL << WLAN_EID_HT_CAPABILITY) | 2741 (1ULL << WLAN_EID_HT_OPERATION); 2742 2743 static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata, 2744 struct ieee80211_mgmt *mgmt, size_t len, 2745 struct ieee80211_rx_status *rx_status) 2746 { 2747 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2748 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 2749 size_t baselen; 2750 struct ieee802_11_elems elems; 2751 struct ieee80211_local *local = sdata->local; 2752 struct ieee80211_chanctx_conf *chanctx_conf; 2753 struct ieee80211_channel *chan; 2754 struct sta_info *sta; 2755 u32 changed = 0; 2756 bool erp_valid; 2757 u8 erp_value = 0; 2758 u32 ncrc; 2759 u8 *bssid; 2760 u8 deauth_buf[IEEE80211_DEAUTH_FRAME_LEN]; 2761 2762 sdata_assert_lock(sdata); 2763 2764 /* Process beacon from the current BSS */ 2765 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt; 2766 if (baselen > len) 2767 return; 2768 2769 rcu_read_lock(); 2770 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 2771 if (!chanctx_conf) { 2772 rcu_read_unlock(); 2773 return; 2774 } 2775 2776 if (rx_status->freq != chanctx_conf->def.chan->center_freq) { 2777 rcu_read_unlock(); 2778 return; 2779 } 2780 chan = chanctx_conf->def.chan; 2781 rcu_read_unlock(); 2782 2783 if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon && 2784 ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->bss->bssid)) { 2785 ieee802_11_parse_elems(mgmt->u.beacon.variable, 2786 len - baselen, false, &elems); 2787 2788 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 2789 if (elems.tim && !elems.parse_error) { 2790 const struct ieee80211_tim_ie *tim_ie = elems.tim; 2791 ifmgd->dtim_period = tim_ie->dtim_period; 2792 } 2793 ifmgd->have_beacon = true; 2794 ifmgd->assoc_data->need_beacon = false; 2795 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) { 2796 sdata->vif.bss_conf.sync_tsf = 2797 le64_to_cpu(mgmt->u.beacon.timestamp); 2798 sdata->vif.bss_conf.sync_device_ts = 2799 rx_status->device_timestamp; 2800 if (elems.tim) 2801 sdata->vif.bss_conf.sync_dtim_count = 2802 elems.tim->dtim_count; 2803 else 2804 sdata->vif.bss_conf.sync_dtim_count = 0; 2805 } 2806 /* continue assoc process */ 2807 ifmgd->assoc_data->timeout = jiffies; 2808 ifmgd->assoc_data->timeout_started = true; 2809 run_again(sdata, ifmgd->assoc_data->timeout); 2810 return; 2811 } 2812 2813 if (!ifmgd->associated || 2814 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2815 return; 2816 bssid = ifmgd->associated->bssid; 2817 2818 /* Track average RSSI from the Beacon frames of the current AP */ 2819 ifmgd->last_beacon_signal = rx_status->signal; 2820 if (ifmgd->flags & IEEE80211_STA_RESET_SIGNAL_AVE) { 2821 ifmgd->flags &= ~IEEE80211_STA_RESET_SIGNAL_AVE; 2822 ifmgd->ave_beacon_signal = rx_status->signal * 16; 2823 ifmgd->last_cqm_event_signal = 0; 2824 ifmgd->count_beacon_signal = 1; 2825 ifmgd->last_ave_beacon_signal = 0; 2826 } else { 2827 ifmgd->ave_beacon_signal = 2828 (IEEE80211_SIGNAL_AVE_WEIGHT * rx_status->signal * 16 + 2829 (16 - IEEE80211_SIGNAL_AVE_WEIGHT) * 2830 ifmgd->ave_beacon_signal) / 16; 2831 ifmgd->count_beacon_signal++; 2832 } 2833 2834 if (ifmgd->rssi_min_thold != ifmgd->rssi_max_thold && 2835 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) { 2836 int sig = ifmgd->ave_beacon_signal; 2837 int last_sig = ifmgd->last_ave_beacon_signal; 2838 2839 /* 2840 * if signal crosses either of the boundaries, invoke callback 2841 * with appropriate parameters 2842 */ 2843 if (sig > ifmgd->rssi_max_thold && 2844 (last_sig <= ifmgd->rssi_min_thold || last_sig == 0)) { 2845 ifmgd->last_ave_beacon_signal = sig; 2846 drv_rssi_callback(local, sdata, RSSI_EVENT_HIGH); 2847 } else if (sig < ifmgd->rssi_min_thold && 2848 (last_sig >= ifmgd->rssi_max_thold || 2849 last_sig == 0)) { 2850 ifmgd->last_ave_beacon_signal = sig; 2851 drv_rssi_callback(local, sdata, RSSI_EVENT_LOW); 2852 } 2853 } 2854 2855 if (bss_conf->cqm_rssi_thold && 2856 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT && 2857 !(sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI)) { 2858 int sig = ifmgd->ave_beacon_signal / 16; 2859 int last_event = ifmgd->last_cqm_event_signal; 2860 int thold = bss_conf->cqm_rssi_thold; 2861 int hyst = bss_conf->cqm_rssi_hyst; 2862 if (sig < thold && 2863 (last_event == 0 || sig < last_event - hyst)) { 2864 ifmgd->last_cqm_event_signal = sig; 2865 ieee80211_cqm_rssi_notify( 2866 &sdata->vif, 2867 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW, 2868 GFP_KERNEL); 2869 } else if (sig > thold && 2870 (last_event == 0 || sig > last_event + hyst)) { 2871 ifmgd->last_cqm_event_signal = sig; 2872 ieee80211_cqm_rssi_notify( 2873 &sdata->vif, 2874 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH, 2875 GFP_KERNEL); 2876 } 2877 } 2878 2879 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) { 2880 mlme_dbg_ratelimited(sdata, 2881 "cancelling AP probe due to a received beacon\n"); 2882 ieee80211_reset_ap_probe(sdata); 2883 } 2884 2885 /* 2886 * Push the beacon loss detection into the future since 2887 * we are processing a beacon from the AP just now. 2888 */ 2889 ieee80211_sta_reset_beacon_monitor(sdata); 2890 2891 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4); 2892 ncrc = ieee802_11_parse_elems_crc(mgmt->u.beacon.variable, 2893 len - baselen, false, &elems, 2894 care_about_ies, ncrc); 2895 2896 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) { 2897 bool directed_tim = ieee80211_check_tim(elems.tim, 2898 elems.tim_len, 2899 ifmgd->aid); 2900 if (directed_tim) { 2901 if (local->hw.conf.dynamic_ps_timeout > 0) { 2902 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 2903 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 2904 ieee80211_hw_config(local, 2905 IEEE80211_CONF_CHANGE_PS); 2906 } 2907 ieee80211_send_nullfunc(local, sdata, 0); 2908 } else if (!local->pspolling && sdata->u.mgd.powersave) { 2909 local->pspolling = true; 2910 2911 /* 2912 * Here is assumed that the driver will be 2913 * able to send ps-poll frame and receive a 2914 * response even though power save mode is 2915 * enabled, but some drivers might require 2916 * to disable power save here. This needs 2917 * to be investigated. 2918 */ 2919 ieee80211_send_pspoll(local, sdata); 2920 } 2921 } 2922 } 2923 2924 if (sdata->vif.p2p) { 2925 struct ieee80211_p2p_noa_attr noa = {}; 2926 int ret; 2927 2928 ret = cfg80211_get_p2p_attr(mgmt->u.beacon.variable, 2929 len - baselen, 2930 IEEE80211_P2P_ATTR_ABSENCE_NOTICE, 2931 (u8 *) &noa, sizeof(noa)); 2932 if (ret >= 2) { 2933 if (sdata->u.mgd.p2p_noa_index != noa.index) { 2934 /* valid noa_attr and index changed */ 2935 sdata->u.mgd.p2p_noa_index = noa.index; 2936 memcpy(&bss_conf->p2p_noa_attr, &noa, sizeof(noa)); 2937 changed |= BSS_CHANGED_P2P_PS; 2938 /* 2939 * make sure we update all information, the CRC 2940 * mechanism doesn't look at P2P attributes. 2941 */ 2942 ifmgd->beacon_crc_valid = false; 2943 } 2944 } else if (sdata->u.mgd.p2p_noa_index != -1) { 2945 /* noa_attr not found and we had valid noa_attr before */ 2946 sdata->u.mgd.p2p_noa_index = -1; 2947 memset(&bss_conf->p2p_noa_attr, 0, sizeof(bss_conf->p2p_noa_attr)); 2948 changed |= BSS_CHANGED_P2P_PS; 2949 ifmgd->beacon_crc_valid = false; 2950 } 2951 } 2952 2953 if (ncrc == ifmgd->beacon_crc && ifmgd->beacon_crc_valid) 2954 return; 2955 ifmgd->beacon_crc = ncrc; 2956 ifmgd->beacon_crc_valid = true; 2957 2958 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 2959 2960 ieee80211_sta_process_chanswitch(sdata, rx_status->mactime, 2961 &elems, true); 2962 2963 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_WMM) && 2964 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param, 2965 elems.wmm_param_len)) 2966 changed |= BSS_CHANGED_QOS; 2967 2968 /* 2969 * If we haven't had a beacon before, tell the driver about the 2970 * DTIM period (and beacon timing if desired) now. 2971 */ 2972 if (!ifmgd->have_beacon) { 2973 /* a few bogus AP send dtim_period = 0 or no TIM IE */ 2974 if (elems.tim) 2975 bss_conf->dtim_period = elems.tim->dtim_period ?: 1; 2976 else 2977 bss_conf->dtim_period = 1; 2978 2979 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) { 2980 sdata->vif.bss_conf.sync_tsf = 2981 le64_to_cpu(mgmt->u.beacon.timestamp); 2982 sdata->vif.bss_conf.sync_device_ts = 2983 rx_status->device_timestamp; 2984 if (elems.tim) 2985 sdata->vif.bss_conf.sync_dtim_count = 2986 elems.tim->dtim_count; 2987 else 2988 sdata->vif.bss_conf.sync_dtim_count = 0; 2989 } 2990 2991 changed |= BSS_CHANGED_BEACON_INFO; 2992 ifmgd->have_beacon = true; 2993 2994 mutex_lock(&local->iflist_mtx); 2995 ieee80211_recalc_ps(local, -1); 2996 mutex_unlock(&local->iflist_mtx); 2997 2998 ieee80211_recalc_ps_vif(sdata); 2999 } 3000 3001 if (elems.erp_info) { 3002 erp_valid = true; 3003 erp_value = elems.erp_info[0]; 3004 } else { 3005 erp_valid = false; 3006 } 3007 changed |= ieee80211_handle_bss_capability(sdata, 3008 le16_to_cpu(mgmt->u.beacon.capab_info), 3009 erp_valid, erp_value); 3010 3011 mutex_lock(&local->sta_mtx); 3012 sta = sta_info_get(sdata, bssid); 3013 3014 if (ieee80211_config_bw(sdata, sta, elems.ht_operation, 3015 elems.vht_operation, bssid, &changed)) { 3016 mutex_unlock(&local->sta_mtx); 3017 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 3018 WLAN_REASON_DEAUTH_LEAVING, 3019 true, deauth_buf); 3020 cfg80211_tx_mlme_mgmt(sdata->dev, deauth_buf, 3021 sizeof(deauth_buf)); 3022 return; 3023 } 3024 3025 if (sta && elems.opmode_notif) 3026 ieee80211_vht_handle_opmode(sdata, sta, *elems.opmode_notif, 3027 rx_status->band, true); 3028 mutex_unlock(&local->sta_mtx); 3029 3030 if (elems.country_elem && elems.pwr_constr_elem && 3031 mgmt->u.probe_resp.capab_info & 3032 cpu_to_le16(WLAN_CAPABILITY_SPECTRUM_MGMT)) 3033 changed |= ieee80211_handle_pwr_constr(sdata, chan, 3034 elems.country_elem, 3035 elems.country_elem_len, 3036 elems.pwr_constr_elem); 3037 3038 ieee80211_bss_info_change_notify(sdata, changed); 3039 } 3040 3041 void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata, 3042 struct sk_buff *skb) 3043 { 3044 struct ieee80211_rx_status *rx_status; 3045 struct ieee80211_mgmt *mgmt; 3046 u16 fc; 3047 struct ieee802_11_elems elems; 3048 int ies_len; 3049 3050 rx_status = (struct ieee80211_rx_status *) skb->cb; 3051 mgmt = (struct ieee80211_mgmt *) skb->data; 3052 fc = le16_to_cpu(mgmt->frame_control); 3053 3054 sdata_lock(sdata); 3055 3056 switch (fc & IEEE80211_FCTL_STYPE) { 3057 case IEEE80211_STYPE_BEACON: 3058 ieee80211_rx_mgmt_beacon(sdata, mgmt, skb->len, rx_status); 3059 break; 3060 case IEEE80211_STYPE_PROBE_RESP: 3061 ieee80211_rx_mgmt_probe_resp(sdata, skb); 3062 break; 3063 case IEEE80211_STYPE_AUTH: 3064 ieee80211_rx_mgmt_auth(sdata, mgmt, skb->len); 3065 break; 3066 case IEEE80211_STYPE_DEAUTH: 3067 ieee80211_rx_mgmt_deauth(sdata, mgmt, skb->len); 3068 break; 3069 case IEEE80211_STYPE_DISASSOC: 3070 ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len); 3071 break; 3072 case IEEE80211_STYPE_ASSOC_RESP: 3073 case IEEE80211_STYPE_REASSOC_RESP: 3074 ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len); 3075 break; 3076 case IEEE80211_STYPE_ACTION: 3077 if (mgmt->u.action.category == WLAN_CATEGORY_SPECTRUM_MGMT) { 3078 ies_len = skb->len - 3079 offsetof(struct ieee80211_mgmt, 3080 u.action.u.chan_switch.variable); 3081 3082 if (ies_len < 0) 3083 break; 3084 3085 ieee802_11_parse_elems( 3086 mgmt->u.action.u.chan_switch.variable, 3087 ies_len, true, &elems); 3088 3089 if (elems.parse_error) 3090 break; 3091 3092 ieee80211_sta_process_chanswitch(sdata, 3093 rx_status->mactime, 3094 &elems, false); 3095 } else if (mgmt->u.action.category == WLAN_CATEGORY_PUBLIC) { 3096 ies_len = skb->len - 3097 offsetof(struct ieee80211_mgmt, 3098 u.action.u.ext_chan_switch.variable); 3099 3100 if (ies_len < 0) 3101 break; 3102 3103 ieee802_11_parse_elems( 3104 mgmt->u.action.u.ext_chan_switch.variable, 3105 ies_len, true, &elems); 3106 3107 if (elems.parse_error) 3108 break; 3109 3110 /* for the handling code pretend this was also an IE */ 3111 elems.ext_chansw_ie = 3112 &mgmt->u.action.u.ext_chan_switch.data; 3113 3114 ieee80211_sta_process_chanswitch(sdata, 3115 rx_status->mactime, 3116 &elems, false); 3117 } 3118 break; 3119 } 3120 sdata_unlock(sdata); 3121 } 3122 3123 static void ieee80211_sta_timer(unsigned long data) 3124 { 3125 struct ieee80211_sub_if_data *sdata = 3126 (struct ieee80211_sub_if_data *) data; 3127 3128 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 3129 } 3130 3131 static void ieee80211_sta_connection_lost(struct ieee80211_sub_if_data *sdata, 3132 u8 *bssid, u8 reason, bool tx) 3133 { 3134 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 3135 3136 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, reason, 3137 tx, frame_buf); 3138 3139 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 3140 IEEE80211_DEAUTH_FRAME_LEN); 3141 } 3142 3143 static int ieee80211_probe_auth(struct ieee80211_sub_if_data *sdata) 3144 { 3145 struct ieee80211_local *local = sdata->local; 3146 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3147 struct ieee80211_mgd_auth_data *auth_data = ifmgd->auth_data; 3148 u32 tx_flags = 0; 3149 3150 sdata_assert_lock(sdata); 3151 3152 if (WARN_ON_ONCE(!auth_data)) 3153 return -EINVAL; 3154 3155 auth_data->tries++; 3156 3157 if (auth_data->tries > IEEE80211_AUTH_MAX_TRIES) { 3158 sdata_info(sdata, "authentication with %pM timed out\n", 3159 auth_data->bss->bssid); 3160 3161 /* 3162 * Most likely AP is not in the range so remove the 3163 * bss struct for that AP. 3164 */ 3165 cfg80211_unlink_bss(local->hw.wiphy, auth_data->bss); 3166 3167 return -ETIMEDOUT; 3168 } 3169 3170 drv_mgd_prepare_tx(local, sdata); 3171 3172 if (auth_data->bss->proberesp_ies) { 3173 u16 trans = 1; 3174 u16 status = 0; 3175 3176 sdata_info(sdata, "send auth to %pM (try %d/%d)\n", 3177 auth_data->bss->bssid, auth_data->tries, 3178 IEEE80211_AUTH_MAX_TRIES); 3179 3180 auth_data->expected_transaction = 2; 3181 3182 if (auth_data->algorithm == WLAN_AUTH_SAE) { 3183 trans = auth_data->sae_trans; 3184 status = auth_data->sae_status; 3185 auth_data->expected_transaction = trans; 3186 } 3187 3188 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 3189 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS | 3190 IEEE80211_TX_INTFL_MLME_CONN_TX; 3191 3192 ieee80211_send_auth(sdata, trans, auth_data->algorithm, status, 3193 auth_data->data, auth_data->data_len, 3194 auth_data->bss->bssid, 3195 auth_data->bss->bssid, NULL, 0, 0, 3196 tx_flags); 3197 } else { 3198 const u8 *ssidie; 3199 3200 sdata_info(sdata, "direct probe to %pM (try %d/%i)\n", 3201 auth_data->bss->bssid, auth_data->tries, 3202 IEEE80211_AUTH_MAX_TRIES); 3203 3204 rcu_read_lock(); 3205 ssidie = ieee80211_bss_get_ie(auth_data->bss, WLAN_EID_SSID); 3206 if (!ssidie) { 3207 rcu_read_unlock(); 3208 return -EINVAL; 3209 } 3210 /* 3211 * Direct probe is sent to broadcast address as some APs 3212 * will not answer to direct packet in unassociated state. 3213 */ 3214 ieee80211_send_probe_req(sdata, NULL, ssidie + 2, ssidie[1], 3215 NULL, 0, (u32) -1, true, 0, 3216 auth_data->bss->channel, false); 3217 rcu_read_unlock(); 3218 } 3219 3220 if (tx_flags == 0) { 3221 auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT; 3222 auth_data->timeout_started = true; 3223 run_again(sdata, auth_data->timeout); 3224 } else { 3225 auth_data->timeout = 3226 round_jiffies_up(jiffies + IEEE80211_AUTH_TIMEOUT_LONG); 3227 auth_data->timeout_started = true; 3228 run_again(sdata, auth_data->timeout); 3229 } 3230 3231 return 0; 3232 } 3233 3234 static int ieee80211_do_assoc(struct ieee80211_sub_if_data *sdata) 3235 { 3236 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data; 3237 struct ieee80211_local *local = sdata->local; 3238 3239 sdata_assert_lock(sdata); 3240 3241 assoc_data->tries++; 3242 if (assoc_data->tries > IEEE80211_ASSOC_MAX_TRIES) { 3243 sdata_info(sdata, "association with %pM timed out\n", 3244 assoc_data->bss->bssid); 3245 3246 /* 3247 * Most likely AP is not in the range so remove the 3248 * bss struct for that AP. 3249 */ 3250 cfg80211_unlink_bss(local->hw.wiphy, assoc_data->bss); 3251 3252 return -ETIMEDOUT; 3253 } 3254 3255 sdata_info(sdata, "associate with %pM (try %d/%d)\n", 3256 assoc_data->bss->bssid, assoc_data->tries, 3257 IEEE80211_ASSOC_MAX_TRIES); 3258 ieee80211_send_assoc(sdata); 3259 3260 if (!(local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) { 3261 assoc_data->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT; 3262 assoc_data->timeout_started = true; 3263 run_again(sdata, assoc_data->timeout); 3264 } else { 3265 assoc_data->timeout = 3266 round_jiffies_up(jiffies + 3267 IEEE80211_ASSOC_TIMEOUT_LONG); 3268 assoc_data->timeout_started = true; 3269 run_again(sdata, assoc_data->timeout); 3270 } 3271 3272 return 0; 3273 } 3274 3275 void ieee80211_mgd_conn_tx_status(struct ieee80211_sub_if_data *sdata, 3276 __le16 fc, bool acked) 3277 { 3278 struct ieee80211_local *local = sdata->local; 3279 3280 sdata->u.mgd.status_fc = fc; 3281 sdata->u.mgd.status_acked = acked; 3282 sdata->u.mgd.status_received = true; 3283 3284 ieee80211_queue_work(&local->hw, &sdata->work); 3285 } 3286 3287 void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata) 3288 { 3289 struct ieee80211_local *local = sdata->local; 3290 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3291 3292 sdata_lock(sdata); 3293 3294 if (ifmgd->status_received) { 3295 __le16 fc = ifmgd->status_fc; 3296 bool status_acked = ifmgd->status_acked; 3297 3298 ifmgd->status_received = false; 3299 if (ifmgd->auth_data && 3300 (ieee80211_is_probe_req(fc) || ieee80211_is_auth(fc))) { 3301 if (status_acked) { 3302 ifmgd->auth_data->timeout = 3303 jiffies + IEEE80211_AUTH_TIMEOUT_SHORT; 3304 run_again(sdata, ifmgd->auth_data->timeout); 3305 } else { 3306 ifmgd->auth_data->timeout = jiffies - 1; 3307 } 3308 ifmgd->auth_data->timeout_started = true; 3309 } else if (ifmgd->assoc_data && 3310 (ieee80211_is_assoc_req(fc) || 3311 ieee80211_is_reassoc_req(fc))) { 3312 if (status_acked) { 3313 ifmgd->assoc_data->timeout = 3314 jiffies + IEEE80211_ASSOC_TIMEOUT_SHORT; 3315 run_again(sdata, ifmgd->assoc_data->timeout); 3316 } else { 3317 ifmgd->assoc_data->timeout = jiffies - 1; 3318 } 3319 ifmgd->assoc_data->timeout_started = true; 3320 } 3321 } 3322 3323 if (ifmgd->auth_data && ifmgd->auth_data->timeout_started && 3324 time_after(jiffies, ifmgd->auth_data->timeout)) { 3325 if (ifmgd->auth_data->done) { 3326 /* 3327 * ok ... we waited for assoc but userspace didn't, 3328 * so let's just kill the auth data 3329 */ 3330 ieee80211_destroy_auth_data(sdata, false); 3331 } else if (ieee80211_probe_auth(sdata)) { 3332 u8 bssid[ETH_ALEN]; 3333 3334 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN); 3335 3336 ieee80211_destroy_auth_data(sdata, false); 3337 3338 cfg80211_auth_timeout(sdata->dev, bssid); 3339 } 3340 } else if (ifmgd->auth_data && ifmgd->auth_data->timeout_started) 3341 run_again(sdata, ifmgd->auth_data->timeout); 3342 3343 if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started && 3344 time_after(jiffies, ifmgd->assoc_data->timeout)) { 3345 if ((ifmgd->assoc_data->need_beacon && !ifmgd->have_beacon) || 3346 ieee80211_do_assoc(sdata)) { 3347 struct cfg80211_bss *bss = ifmgd->assoc_data->bss; 3348 3349 ieee80211_destroy_assoc_data(sdata, false); 3350 cfg80211_assoc_timeout(sdata->dev, bss); 3351 } 3352 } else if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started) 3353 run_again(sdata, ifmgd->assoc_data->timeout); 3354 3355 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL && 3356 ifmgd->associated) { 3357 u8 bssid[ETH_ALEN]; 3358 int max_tries; 3359 3360 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN); 3361 3362 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 3363 max_tries = max_nullfunc_tries; 3364 else 3365 max_tries = max_probe_tries; 3366 3367 /* ACK received for nullfunc probing frame */ 3368 if (!ifmgd->probe_send_count) 3369 ieee80211_reset_ap_probe(sdata); 3370 else if (ifmgd->nullfunc_failed) { 3371 if (ifmgd->probe_send_count < max_tries) { 3372 mlme_dbg(sdata, 3373 "No ack for nullfunc frame to AP %pM, try %d/%i\n", 3374 bssid, ifmgd->probe_send_count, 3375 max_tries); 3376 ieee80211_mgd_probe_ap_send(sdata); 3377 } else { 3378 mlme_dbg(sdata, 3379 "No ack for nullfunc frame to AP %pM, disconnecting.\n", 3380 bssid); 3381 ieee80211_sta_connection_lost(sdata, bssid, 3382 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, 3383 false); 3384 } 3385 } else if (time_is_after_jiffies(ifmgd->probe_timeout)) 3386 run_again(sdata, ifmgd->probe_timeout); 3387 else if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) { 3388 mlme_dbg(sdata, 3389 "Failed to send nullfunc to AP %pM after %dms, disconnecting\n", 3390 bssid, probe_wait_ms); 3391 ieee80211_sta_connection_lost(sdata, bssid, 3392 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false); 3393 } else if (ifmgd->probe_send_count < max_tries) { 3394 mlme_dbg(sdata, 3395 "No probe response from AP %pM after %dms, try %d/%i\n", 3396 bssid, probe_wait_ms, 3397 ifmgd->probe_send_count, max_tries); 3398 ieee80211_mgd_probe_ap_send(sdata); 3399 } else { 3400 /* 3401 * We actually lost the connection ... or did we? 3402 * Let's make sure! 3403 */ 3404 wiphy_debug(local->hw.wiphy, 3405 "%s: No probe response from AP %pM" 3406 " after %dms, disconnecting.\n", 3407 sdata->name, 3408 bssid, probe_wait_ms); 3409 3410 ieee80211_sta_connection_lost(sdata, bssid, 3411 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false); 3412 } 3413 } 3414 3415 sdata_unlock(sdata); 3416 } 3417 3418 static void ieee80211_sta_bcn_mon_timer(unsigned long data) 3419 { 3420 struct ieee80211_sub_if_data *sdata = 3421 (struct ieee80211_sub_if_data *) data; 3422 struct ieee80211_local *local = sdata->local; 3423 3424 if (local->quiescing) 3425 return; 3426 3427 sdata->u.mgd.connection_loss = false; 3428 ieee80211_queue_work(&sdata->local->hw, 3429 &sdata->u.mgd.beacon_connection_loss_work); 3430 } 3431 3432 static void ieee80211_sta_conn_mon_timer(unsigned long data) 3433 { 3434 struct ieee80211_sub_if_data *sdata = 3435 (struct ieee80211_sub_if_data *) data; 3436 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3437 struct ieee80211_local *local = sdata->local; 3438 3439 if (local->quiescing) 3440 return; 3441 3442 ieee80211_queue_work(&local->hw, &ifmgd->monitor_work); 3443 } 3444 3445 static void ieee80211_sta_monitor_work(struct work_struct *work) 3446 { 3447 struct ieee80211_sub_if_data *sdata = 3448 container_of(work, struct ieee80211_sub_if_data, 3449 u.mgd.monitor_work); 3450 3451 ieee80211_mgd_probe_ap(sdata, false); 3452 } 3453 3454 static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata) 3455 { 3456 u32 flags; 3457 3458 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 3459 __ieee80211_stop_poll(sdata); 3460 3461 /* let's probe the connection once */ 3462 flags = sdata->local->hw.flags; 3463 if (!(flags & IEEE80211_HW_CONNECTION_MONITOR)) 3464 ieee80211_queue_work(&sdata->local->hw, 3465 &sdata->u.mgd.monitor_work); 3466 /* and do all the other regular work too */ 3467 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 3468 } 3469 } 3470 3471 #ifdef CONFIG_PM 3472 void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata) 3473 { 3474 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3475 3476 sdata_lock(sdata); 3477 if (!ifmgd->associated) { 3478 sdata_unlock(sdata); 3479 return; 3480 } 3481 3482 if (sdata->flags & IEEE80211_SDATA_DISCONNECT_RESUME) { 3483 sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_RESUME; 3484 mlme_dbg(sdata, "driver requested disconnect after resume\n"); 3485 ieee80211_sta_connection_lost(sdata, 3486 ifmgd->associated->bssid, 3487 WLAN_REASON_UNSPECIFIED, 3488 true); 3489 sdata_unlock(sdata); 3490 return; 3491 } 3492 sdata_unlock(sdata); 3493 } 3494 #endif 3495 3496 /* interface setup */ 3497 void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata) 3498 { 3499 struct ieee80211_if_managed *ifmgd; 3500 3501 ifmgd = &sdata->u.mgd; 3502 INIT_WORK(&ifmgd->monitor_work, ieee80211_sta_monitor_work); 3503 INIT_WORK(&ifmgd->chswitch_work, ieee80211_chswitch_work); 3504 INIT_WORK(&ifmgd->beacon_connection_loss_work, 3505 ieee80211_beacon_connection_loss_work); 3506 INIT_WORK(&ifmgd->csa_connection_drop_work, 3507 ieee80211_csa_connection_drop_work); 3508 INIT_WORK(&ifmgd->request_smps_work, ieee80211_request_smps_mgd_work); 3509 setup_timer(&ifmgd->timer, ieee80211_sta_timer, 3510 (unsigned long) sdata); 3511 setup_timer(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer, 3512 (unsigned long) sdata); 3513 setup_timer(&ifmgd->conn_mon_timer, ieee80211_sta_conn_mon_timer, 3514 (unsigned long) sdata); 3515 setup_timer(&ifmgd->chswitch_timer, ieee80211_chswitch_timer, 3516 (unsigned long) sdata); 3517 3518 ifmgd->flags = 0; 3519 ifmgd->powersave = sdata->wdev.ps; 3520 ifmgd->uapsd_queues = sdata->local->hw.uapsd_queues; 3521 ifmgd->uapsd_max_sp_len = sdata->local->hw.uapsd_max_sp_len; 3522 ifmgd->p2p_noa_index = -1; 3523 3524 if (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_SMPS) 3525 ifmgd->req_smps = IEEE80211_SMPS_AUTOMATIC; 3526 else 3527 ifmgd->req_smps = IEEE80211_SMPS_OFF; 3528 } 3529 3530 /* scan finished notification */ 3531 void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local) 3532 { 3533 struct ieee80211_sub_if_data *sdata; 3534 3535 /* Restart STA timers */ 3536 rcu_read_lock(); 3537 list_for_each_entry_rcu(sdata, &local->interfaces, list) { 3538 if (ieee80211_sdata_running(sdata)) 3539 ieee80211_restart_sta_timer(sdata); 3540 } 3541 rcu_read_unlock(); 3542 } 3543 3544 int ieee80211_max_network_latency(struct notifier_block *nb, 3545 unsigned long data, void *dummy) 3546 { 3547 s32 latency_usec = (s32) data; 3548 struct ieee80211_local *local = 3549 container_of(nb, struct ieee80211_local, 3550 network_latency_notifier); 3551 3552 mutex_lock(&local->iflist_mtx); 3553 ieee80211_recalc_ps(local, latency_usec); 3554 mutex_unlock(&local->iflist_mtx); 3555 3556 return 0; 3557 } 3558 3559 static u8 ieee80211_ht_vht_rx_chains(struct ieee80211_sub_if_data *sdata, 3560 struct cfg80211_bss *cbss) 3561 { 3562 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3563 const u8 *ht_cap_ie, *vht_cap_ie; 3564 const struct ieee80211_ht_cap *ht_cap; 3565 const struct ieee80211_vht_cap *vht_cap; 3566 u8 chains = 1; 3567 3568 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT) 3569 return chains; 3570 3571 ht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY); 3572 if (ht_cap_ie && ht_cap_ie[1] >= sizeof(*ht_cap)) { 3573 ht_cap = (void *)(ht_cap_ie + 2); 3574 chains = ieee80211_mcs_to_chains(&ht_cap->mcs); 3575 /* 3576 * TODO: use "Tx Maximum Number Spatial Streams Supported" and 3577 * "Tx Unequal Modulation Supported" fields. 3578 */ 3579 } 3580 3581 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT) 3582 return chains; 3583 3584 vht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY); 3585 if (vht_cap_ie && vht_cap_ie[1] >= sizeof(*vht_cap)) { 3586 u8 nss; 3587 u16 tx_mcs_map; 3588 3589 vht_cap = (void *)(vht_cap_ie + 2); 3590 tx_mcs_map = le16_to_cpu(vht_cap->supp_mcs.tx_mcs_map); 3591 for (nss = 8; nss > 0; nss--) { 3592 if (((tx_mcs_map >> (2 * (nss - 1))) & 3) != 3593 IEEE80211_VHT_MCS_NOT_SUPPORTED) 3594 break; 3595 } 3596 /* TODO: use "Tx Highest Supported Long GI Data Rate" field? */ 3597 chains = max(chains, nss); 3598 } 3599 3600 return chains; 3601 } 3602 3603 static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata, 3604 struct cfg80211_bss *cbss) 3605 { 3606 struct ieee80211_local *local = sdata->local; 3607 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3608 const struct ieee80211_ht_operation *ht_oper = NULL; 3609 const struct ieee80211_vht_operation *vht_oper = NULL; 3610 struct ieee80211_supported_band *sband; 3611 struct cfg80211_chan_def chandef; 3612 int ret; 3613 3614 sband = local->hw.wiphy->bands[cbss->channel->band]; 3615 3616 ifmgd->flags &= ~(IEEE80211_STA_DISABLE_40MHZ | 3617 IEEE80211_STA_DISABLE_80P80MHZ | 3618 IEEE80211_STA_DISABLE_160MHZ); 3619 3620 rcu_read_lock(); 3621 3622 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 3623 sband->ht_cap.ht_supported) { 3624 const u8 *ht_oper_ie, *ht_cap; 3625 3626 ht_oper_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_OPERATION); 3627 if (ht_oper_ie && ht_oper_ie[1] >= sizeof(*ht_oper)) 3628 ht_oper = (void *)(ht_oper_ie + 2); 3629 3630 ht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY); 3631 if (!ht_cap || ht_cap[1] < sizeof(struct ieee80211_ht_cap)) { 3632 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 3633 ht_oper = NULL; 3634 } 3635 } 3636 3637 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && 3638 sband->vht_cap.vht_supported) { 3639 const u8 *vht_oper_ie, *vht_cap; 3640 3641 vht_oper_ie = ieee80211_bss_get_ie(cbss, 3642 WLAN_EID_VHT_OPERATION); 3643 if (vht_oper_ie && vht_oper_ie[1] >= sizeof(*vht_oper)) 3644 vht_oper = (void *)(vht_oper_ie + 2); 3645 if (vht_oper && !ht_oper) { 3646 vht_oper = NULL; 3647 sdata_info(sdata, 3648 "AP advertised VHT without HT, disabling both\n"); 3649 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 3650 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 3651 } 3652 3653 vht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY); 3654 if (!vht_cap || vht_cap[1] < sizeof(struct ieee80211_vht_cap)) { 3655 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 3656 vht_oper = NULL; 3657 } 3658 } 3659 3660 ifmgd->flags |= ieee80211_determine_chantype(sdata, sband, 3661 cbss->channel, 3662 ht_oper, vht_oper, 3663 &chandef, false); 3664 3665 sdata->needed_rx_chains = min(ieee80211_ht_vht_rx_chains(sdata, cbss), 3666 local->rx_chains); 3667 3668 rcu_read_unlock(); 3669 3670 /* will change later if needed */ 3671 sdata->smps_mode = IEEE80211_SMPS_OFF; 3672 3673 /* 3674 * If this fails (possibly due to channel context sharing 3675 * on incompatible channels, e.g. 80+80 and 160 sharing the 3676 * same control channel) try to use a smaller bandwidth. 3677 */ 3678 ret = ieee80211_vif_use_channel(sdata, &chandef, 3679 IEEE80211_CHANCTX_SHARED); 3680 3681 /* don't downgrade for 5 and 10 MHz channels, though. */ 3682 if (chandef.width == NL80211_CHAN_WIDTH_5 || 3683 chandef.width == NL80211_CHAN_WIDTH_10) 3684 return ret; 3685 3686 while (ret && chandef.width != NL80211_CHAN_WIDTH_20_NOHT) { 3687 ifmgd->flags |= ieee80211_chandef_downgrade(&chandef); 3688 ret = ieee80211_vif_use_channel(sdata, &chandef, 3689 IEEE80211_CHANCTX_SHARED); 3690 } 3691 return ret; 3692 } 3693 3694 static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata, 3695 struct cfg80211_bss *cbss, bool assoc) 3696 { 3697 struct ieee80211_local *local = sdata->local; 3698 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3699 struct ieee80211_bss *bss = (void *)cbss->priv; 3700 struct sta_info *new_sta = NULL; 3701 bool have_sta = false; 3702 int err; 3703 3704 if (WARN_ON(!ifmgd->auth_data && !ifmgd->assoc_data)) 3705 return -EINVAL; 3706 3707 if (assoc) { 3708 rcu_read_lock(); 3709 have_sta = sta_info_get(sdata, cbss->bssid); 3710 rcu_read_unlock(); 3711 } 3712 3713 if (!have_sta) { 3714 new_sta = sta_info_alloc(sdata, cbss->bssid, GFP_KERNEL); 3715 if (!new_sta) 3716 return -ENOMEM; 3717 } 3718 if (new_sta) { 3719 u32 rates = 0, basic_rates = 0; 3720 bool have_higher_than_11mbit; 3721 int min_rate = INT_MAX, min_rate_index = -1; 3722 struct ieee80211_chanctx_conf *chanctx_conf; 3723 struct ieee80211_supported_band *sband; 3724 const struct cfg80211_bss_ies *ies; 3725 int shift; 3726 u32 rate_flags; 3727 3728 sband = local->hw.wiphy->bands[cbss->channel->band]; 3729 3730 err = ieee80211_prep_channel(sdata, cbss); 3731 if (err) { 3732 sta_info_free(local, new_sta); 3733 return -EINVAL; 3734 } 3735 shift = ieee80211_vif_get_shift(&sdata->vif); 3736 3737 rcu_read_lock(); 3738 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 3739 if (WARN_ON(!chanctx_conf)) { 3740 rcu_read_unlock(); 3741 return -EINVAL; 3742 } 3743 rate_flags = ieee80211_chandef_rate_flags(&chanctx_conf->def); 3744 rcu_read_unlock(); 3745 3746 ieee80211_get_rates(sband, bss->supp_rates, 3747 bss->supp_rates_len, 3748 &rates, &basic_rates, 3749 &have_higher_than_11mbit, 3750 &min_rate, &min_rate_index, 3751 shift, rate_flags); 3752 3753 /* 3754 * This used to be a workaround for basic rates missing 3755 * in the association response frame. Now that we no 3756 * longer use the basic rates from there, it probably 3757 * doesn't happen any more, but keep the workaround so 3758 * in case some *other* APs are buggy in different ways 3759 * we can connect -- with a warning. 3760 */ 3761 if (!basic_rates && min_rate_index >= 0) { 3762 sdata_info(sdata, 3763 "No basic rates, using min rate instead\n"); 3764 basic_rates = BIT(min_rate_index); 3765 } 3766 3767 new_sta->sta.supp_rates[cbss->channel->band] = rates; 3768 sdata->vif.bss_conf.basic_rates = basic_rates; 3769 3770 /* cf. IEEE 802.11 9.2.12 */ 3771 if (cbss->channel->band == IEEE80211_BAND_2GHZ && 3772 have_higher_than_11mbit) 3773 sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE; 3774 else 3775 sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE; 3776 3777 memcpy(ifmgd->bssid, cbss->bssid, ETH_ALEN); 3778 3779 /* set timing information */ 3780 sdata->vif.bss_conf.beacon_int = cbss->beacon_interval; 3781 rcu_read_lock(); 3782 ies = rcu_dereference(cbss->beacon_ies); 3783 if (ies) { 3784 const u8 *tim_ie; 3785 3786 sdata->vif.bss_conf.sync_tsf = ies->tsf; 3787 sdata->vif.bss_conf.sync_device_ts = 3788 bss->device_ts_beacon; 3789 tim_ie = cfg80211_find_ie(WLAN_EID_TIM, 3790 ies->data, ies->len); 3791 if (tim_ie && tim_ie[1] >= 2) 3792 sdata->vif.bss_conf.sync_dtim_count = tim_ie[2]; 3793 else 3794 sdata->vif.bss_conf.sync_dtim_count = 0; 3795 } else if (!(local->hw.flags & 3796 IEEE80211_HW_TIMING_BEACON_ONLY)) { 3797 ies = rcu_dereference(cbss->proberesp_ies); 3798 /* must be non-NULL since beacon IEs were NULL */ 3799 sdata->vif.bss_conf.sync_tsf = ies->tsf; 3800 sdata->vif.bss_conf.sync_device_ts = 3801 bss->device_ts_presp; 3802 sdata->vif.bss_conf.sync_dtim_count = 0; 3803 } else { 3804 sdata->vif.bss_conf.sync_tsf = 0; 3805 sdata->vif.bss_conf.sync_device_ts = 0; 3806 sdata->vif.bss_conf.sync_dtim_count = 0; 3807 } 3808 rcu_read_unlock(); 3809 3810 /* tell driver about BSSID, basic rates and timing */ 3811 ieee80211_bss_info_change_notify(sdata, 3812 BSS_CHANGED_BSSID | BSS_CHANGED_BASIC_RATES | 3813 BSS_CHANGED_BEACON_INT); 3814 3815 if (assoc) 3816 sta_info_pre_move_state(new_sta, IEEE80211_STA_AUTH); 3817 3818 err = sta_info_insert(new_sta); 3819 new_sta = NULL; 3820 if (err) { 3821 sdata_info(sdata, 3822 "failed to insert STA entry for the AP (error %d)\n", 3823 err); 3824 return err; 3825 } 3826 } else 3827 WARN_ON_ONCE(!ether_addr_equal(ifmgd->bssid, cbss->bssid)); 3828 3829 return 0; 3830 } 3831 3832 /* config hooks */ 3833 int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata, 3834 struct cfg80211_auth_request *req) 3835 { 3836 struct ieee80211_local *local = sdata->local; 3837 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3838 struct ieee80211_mgd_auth_data *auth_data; 3839 u16 auth_alg; 3840 int err; 3841 3842 /* prepare auth data structure */ 3843 3844 switch (req->auth_type) { 3845 case NL80211_AUTHTYPE_OPEN_SYSTEM: 3846 auth_alg = WLAN_AUTH_OPEN; 3847 break; 3848 case NL80211_AUTHTYPE_SHARED_KEY: 3849 if (IS_ERR(local->wep_tx_tfm)) 3850 return -EOPNOTSUPP; 3851 auth_alg = WLAN_AUTH_SHARED_KEY; 3852 break; 3853 case NL80211_AUTHTYPE_FT: 3854 auth_alg = WLAN_AUTH_FT; 3855 break; 3856 case NL80211_AUTHTYPE_NETWORK_EAP: 3857 auth_alg = WLAN_AUTH_LEAP; 3858 break; 3859 case NL80211_AUTHTYPE_SAE: 3860 auth_alg = WLAN_AUTH_SAE; 3861 break; 3862 default: 3863 return -EOPNOTSUPP; 3864 } 3865 3866 auth_data = kzalloc(sizeof(*auth_data) + req->sae_data_len + 3867 req->ie_len, GFP_KERNEL); 3868 if (!auth_data) 3869 return -ENOMEM; 3870 3871 auth_data->bss = req->bss; 3872 3873 if (req->sae_data_len >= 4) { 3874 __le16 *pos = (__le16 *) req->sae_data; 3875 auth_data->sae_trans = le16_to_cpu(pos[0]); 3876 auth_data->sae_status = le16_to_cpu(pos[1]); 3877 memcpy(auth_data->data, req->sae_data + 4, 3878 req->sae_data_len - 4); 3879 auth_data->data_len += req->sae_data_len - 4; 3880 } 3881 3882 if (req->ie && req->ie_len) { 3883 memcpy(&auth_data->data[auth_data->data_len], 3884 req->ie, req->ie_len); 3885 auth_data->data_len += req->ie_len; 3886 } 3887 3888 if (req->key && req->key_len) { 3889 auth_data->key_len = req->key_len; 3890 auth_data->key_idx = req->key_idx; 3891 memcpy(auth_data->key, req->key, req->key_len); 3892 } 3893 3894 auth_data->algorithm = auth_alg; 3895 3896 /* try to authenticate/probe */ 3897 3898 if ((ifmgd->auth_data && !ifmgd->auth_data->done) || 3899 ifmgd->assoc_data) { 3900 err = -EBUSY; 3901 goto err_free; 3902 } 3903 3904 if (ifmgd->auth_data) 3905 ieee80211_destroy_auth_data(sdata, false); 3906 3907 /* prep auth_data so we don't go into idle on disassoc */ 3908 ifmgd->auth_data = auth_data; 3909 3910 if (ifmgd->associated) { 3911 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 3912 3913 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 3914 WLAN_REASON_UNSPECIFIED, 3915 false, frame_buf); 3916 3917 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 3918 sizeof(frame_buf)); 3919 } 3920 3921 sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid); 3922 3923 err = ieee80211_prep_connection(sdata, req->bss, false); 3924 if (err) 3925 goto err_clear; 3926 3927 err = ieee80211_probe_auth(sdata); 3928 if (err) { 3929 sta_info_destroy_addr(sdata, req->bss->bssid); 3930 goto err_clear; 3931 } 3932 3933 /* hold our own reference */ 3934 cfg80211_ref_bss(local->hw.wiphy, auth_data->bss); 3935 return 0; 3936 3937 err_clear: 3938 memset(ifmgd->bssid, 0, ETH_ALEN); 3939 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 3940 ifmgd->auth_data = NULL; 3941 err_free: 3942 kfree(auth_data); 3943 return err; 3944 } 3945 3946 static bool ieee80211_usable_wmm_params(struct ieee80211_sub_if_data *sdata, 3947 const u8 *wmm_param, int len) 3948 { 3949 const u8 *pos; 3950 size_t left; 3951 3952 if (len < 8) 3953 return false; 3954 3955 if (wmm_param[5] != 1 /* version */) 3956 return false; 3957 3958 pos = wmm_param + 8; 3959 left = len - 8; 3960 3961 for (; left >= 4; left -= 4, pos += 4) { 3962 u8 aifsn = pos[0] & 0x0f; 3963 u8 ecwmin = pos[1] & 0x0f; 3964 u8 ecwmax = (pos[1] & 0xf0) >> 4; 3965 int aci = (pos[0] >> 5) & 0x03; 3966 3967 if (aifsn < 2) { 3968 sdata_info(sdata, 3969 "AP has invalid WMM params (AIFSN=%d for ACI %d), disabling WMM\n", 3970 aifsn, aci); 3971 return false; 3972 } 3973 if (ecwmin > ecwmax) { 3974 sdata_info(sdata, 3975 "AP has invalid WMM params (ECWmin/max=%d/%d for ACI %d), disabling WMM\n", 3976 ecwmin, ecwmax, aci); 3977 return false; 3978 } 3979 } 3980 3981 return true; 3982 } 3983 3984 int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata, 3985 struct cfg80211_assoc_request *req) 3986 { 3987 struct ieee80211_local *local = sdata->local; 3988 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3989 struct ieee80211_bss *bss = (void *)req->bss->priv; 3990 struct ieee80211_mgd_assoc_data *assoc_data; 3991 const struct cfg80211_bss_ies *beacon_ies; 3992 struct ieee80211_supported_band *sband; 3993 const u8 *ssidie, *ht_ie, *vht_ie; 3994 int i, err; 3995 3996 assoc_data = kzalloc(sizeof(*assoc_data) + req->ie_len, GFP_KERNEL); 3997 if (!assoc_data) 3998 return -ENOMEM; 3999 4000 rcu_read_lock(); 4001 ssidie = ieee80211_bss_get_ie(req->bss, WLAN_EID_SSID); 4002 if (!ssidie) { 4003 rcu_read_unlock(); 4004 kfree(assoc_data); 4005 return -EINVAL; 4006 } 4007 memcpy(assoc_data->ssid, ssidie + 2, ssidie[1]); 4008 assoc_data->ssid_len = ssidie[1]; 4009 rcu_read_unlock(); 4010 4011 if (ifmgd->associated) { 4012 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4013 4014 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 4015 WLAN_REASON_UNSPECIFIED, 4016 false, frame_buf); 4017 4018 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 4019 sizeof(frame_buf)); 4020 } 4021 4022 if (ifmgd->auth_data && !ifmgd->auth_data->done) { 4023 err = -EBUSY; 4024 goto err_free; 4025 } 4026 4027 if (ifmgd->assoc_data) { 4028 err = -EBUSY; 4029 goto err_free; 4030 } 4031 4032 if (ifmgd->auth_data) { 4033 bool match; 4034 4035 /* keep sta info, bssid if matching */ 4036 match = ether_addr_equal(ifmgd->bssid, req->bss->bssid); 4037 ieee80211_destroy_auth_data(sdata, match); 4038 } 4039 4040 /* prepare assoc data */ 4041 4042 ifmgd->beacon_crc_valid = false; 4043 4044 assoc_data->wmm = bss->wmm_used && 4045 (local->hw.queues >= IEEE80211_NUM_ACS); 4046 if (assoc_data->wmm) { 4047 /* try to check validity of WMM params IE */ 4048 const struct cfg80211_bss_ies *ies; 4049 const u8 *wp, *start, *end; 4050 4051 rcu_read_lock(); 4052 ies = rcu_dereference(req->bss->ies); 4053 start = ies->data; 4054 end = start + ies->len; 4055 4056 while (true) { 4057 wp = cfg80211_find_vendor_ie( 4058 WLAN_OUI_MICROSOFT, 4059 WLAN_OUI_TYPE_MICROSOFT_WMM, 4060 start, end - start); 4061 if (!wp) 4062 break; 4063 start = wp + wp[1] + 2; 4064 /* if this IE is too short, try the next */ 4065 if (wp[1] <= 4) 4066 continue; 4067 /* if this IE is WMM params, we found what we wanted */ 4068 if (wp[6] == 1) 4069 break; 4070 } 4071 4072 if (!wp || !ieee80211_usable_wmm_params(sdata, wp + 2, 4073 wp[1] - 2)) { 4074 assoc_data->wmm = false; 4075 ifmgd->flags |= IEEE80211_STA_DISABLE_WMM; 4076 } 4077 rcu_read_unlock(); 4078 } 4079 4080 /* 4081 * IEEE802.11n does not allow TKIP/WEP as pairwise ciphers in HT mode. 4082 * We still associate in non-HT mode (11a/b/g) if any one of these 4083 * ciphers is configured as pairwise. 4084 * We can set this to true for non-11n hardware, that'll be checked 4085 * separately along with the peer capabilities. 4086 */ 4087 for (i = 0; i < req->crypto.n_ciphers_pairwise; i++) { 4088 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 || 4089 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP || 4090 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) { 4091 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4092 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4093 netdev_info(sdata->dev, 4094 "disabling HT/VHT due to WEP/TKIP use\n"); 4095 } 4096 } 4097 4098 if (req->flags & ASSOC_REQ_DISABLE_HT) { 4099 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4100 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4101 } 4102 4103 if (req->flags & ASSOC_REQ_DISABLE_VHT) 4104 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4105 4106 /* Also disable HT if we don't support it or the AP doesn't use WMM */ 4107 sband = local->hw.wiphy->bands[req->bss->channel->band]; 4108 if (!sband->ht_cap.ht_supported || 4109 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used || 4110 ifmgd->flags & IEEE80211_STA_DISABLE_WMM) { 4111 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4112 if (!bss->wmm_used && 4113 !(ifmgd->flags & IEEE80211_STA_DISABLE_WMM)) 4114 netdev_info(sdata->dev, 4115 "disabling HT as WMM/QoS is not supported by the AP\n"); 4116 } 4117 4118 /* disable VHT if we don't support it or the AP doesn't use WMM */ 4119 if (!sband->vht_cap.vht_supported || 4120 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used || 4121 ifmgd->flags & IEEE80211_STA_DISABLE_WMM) { 4122 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4123 if (!bss->wmm_used && 4124 !(ifmgd->flags & IEEE80211_STA_DISABLE_WMM)) 4125 netdev_info(sdata->dev, 4126 "disabling VHT as WMM/QoS is not supported by the AP\n"); 4127 } 4128 4129 memcpy(&ifmgd->ht_capa, &req->ht_capa, sizeof(ifmgd->ht_capa)); 4130 memcpy(&ifmgd->ht_capa_mask, &req->ht_capa_mask, 4131 sizeof(ifmgd->ht_capa_mask)); 4132 4133 memcpy(&ifmgd->vht_capa, &req->vht_capa, sizeof(ifmgd->vht_capa)); 4134 memcpy(&ifmgd->vht_capa_mask, &req->vht_capa_mask, 4135 sizeof(ifmgd->vht_capa_mask)); 4136 4137 if (req->ie && req->ie_len) { 4138 memcpy(assoc_data->ie, req->ie, req->ie_len); 4139 assoc_data->ie_len = req->ie_len; 4140 } 4141 4142 assoc_data->bss = req->bss; 4143 4144 if (ifmgd->req_smps == IEEE80211_SMPS_AUTOMATIC) { 4145 if (ifmgd->powersave) 4146 sdata->smps_mode = IEEE80211_SMPS_DYNAMIC; 4147 else 4148 sdata->smps_mode = IEEE80211_SMPS_OFF; 4149 } else 4150 sdata->smps_mode = ifmgd->req_smps; 4151 4152 assoc_data->capability = req->bss->capability; 4153 assoc_data->supp_rates = bss->supp_rates; 4154 assoc_data->supp_rates_len = bss->supp_rates_len; 4155 4156 rcu_read_lock(); 4157 ht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_HT_OPERATION); 4158 if (ht_ie && ht_ie[1] >= sizeof(struct ieee80211_ht_operation)) 4159 assoc_data->ap_ht_param = 4160 ((struct ieee80211_ht_operation *)(ht_ie + 2))->ht_param; 4161 else 4162 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4163 vht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_VHT_CAPABILITY); 4164 if (vht_ie && vht_ie[1] >= sizeof(struct ieee80211_vht_cap)) 4165 memcpy(&assoc_data->ap_vht_cap, vht_ie + 2, 4166 sizeof(struct ieee80211_vht_cap)); 4167 else 4168 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4169 rcu_read_unlock(); 4170 4171 if (bss->wmm_used && bss->uapsd_supported && 4172 (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD) && 4173 sdata->wmm_acm != 0xff) { 4174 assoc_data->uapsd = true; 4175 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED; 4176 } else { 4177 assoc_data->uapsd = false; 4178 ifmgd->flags &= ~IEEE80211_STA_UAPSD_ENABLED; 4179 } 4180 4181 if (req->prev_bssid) 4182 memcpy(assoc_data->prev_bssid, req->prev_bssid, ETH_ALEN); 4183 4184 if (req->use_mfp) { 4185 ifmgd->mfp = IEEE80211_MFP_REQUIRED; 4186 ifmgd->flags |= IEEE80211_STA_MFP_ENABLED; 4187 } else { 4188 ifmgd->mfp = IEEE80211_MFP_DISABLED; 4189 ifmgd->flags &= ~IEEE80211_STA_MFP_ENABLED; 4190 } 4191 4192 if (req->crypto.control_port) 4193 ifmgd->flags |= IEEE80211_STA_CONTROL_PORT; 4194 else 4195 ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT; 4196 4197 sdata->control_port_protocol = req->crypto.control_port_ethertype; 4198 sdata->control_port_no_encrypt = req->crypto.control_port_no_encrypt; 4199 sdata->encrypt_headroom = ieee80211_cs_headroom(local, &req->crypto, 4200 sdata->vif.type); 4201 4202 /* kick off associate process */ 4203 4204 ifmgd->assoc_data = assoc_data; 4205 ifmgd->dtim_period = 0; 4206 ifmgd->have_beacon = false; 4207 4208 err = ieee80211_prep_connection(sdata, req->bss, true); 4209 if (err) 4210 goto err_clear; 4211 4212 rcu_read_lock(); 4213 beacon_ies = rcu_dereference(req->bss->beacon_ies); 4214 4215 if (sdata->local->hw.flags & IEEE80211_HW_NEED_DTIM_BEFORE_ASSOC && 4216 !beacon_ies) { 4217 /* 4218 * Wait up to one beacon interval ... 4219 * should this be more if we miss one? 4220 */ 4221 sdata_info(sdata, "waiting for beacon from %pM\n", 4222 ifmgd->bssid); 4223 assoc_data->timeout = TU_TO_EXP_TIME(req->bss->beacon_interval); 4224 assoc_data->timeout_started = true; 4225 assoc_data->need_beacon = true; 4226 } else if (beacon_ies) { 4227 const u8 *tim_ie = cfg80211_find_ie(WLAN_EID_TIM, 4228 beacon_ies->data, 4229 beacon_ies->len); 4230 u8 dtim_count = 0; 4231 4232 if (tim_ie && tim_ie[1] >= sizeof(struct ieee80211_tim_ie)) { 4233 const struct ieee80211_tim_ie *tim; 4234 tim = (void *)(tim_ie + 2); 4235 ifmgd->dtim_period = tim->dtim_period; 4236 dtim_count = tim->dtim_count; 4237 } 4238 ifmgd->have_beacon = true; 4239 assoc_data->timeout = jiffies; 4240 assoc_data->timeout_started = true; 4241 4242 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) { 4243 sdata->vif.bss_conf.sync_tsf = beacon_ies->tsf; 4244 sdata->vif.bss_conf.sync_device_ts = 4245 bss->device_ts_beacon; 4246 sdata->vif.bss_conf.sync_dtim_count = dtim_count; 4247 } 4248 } else { 4249 assoc_data->timeout = jiffies; 4250 assoc_data->timeout_started = true; 4251 } 4252 rcu_read_unlock(); 4253 4254 run_again(sdata, assoc_data->timeout); 4255 4256 if (bss->corrupt_data) { 4257 char *corrupt_type = "data"; 4258 if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_BEACON) { 4259 if (bss->corrupt_data & 4260 IEEE80211_BSS_CORRUPT_PROBE_RESP) 4261 corrupt_type = "beacon and probe response"; 4262 else 4263 corrupt_type = "beacon"; 4264 } else if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP) 4265 corrupt_type = "probe response"; 4266 sdata_info(sdata, "associating with AP with corrupt %s\n", 4267 corrupt_type); 4268 } 4269 4270 return 0; 4271 err_clear: 4272 memset(ifmgd->bssid, 0, ETH_ALEN); 4273 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 4274 ifmgd->assoc_data = NULL; 4275 err_free: 4276 kfree(assoc_data); 4277 return err; 4278 } 4279 4280 int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata, 4281 struct cfg80211_deauth_request *req) 4282 { 4283 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4284 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4285 bool tx = !req->local_state_change; 4286 bool report_frame = false; 4287 4288 sdata_info(sdata, 4289 "deauthenticating from %pM by local choice (reason=%d)\n", 4290 req->bssid, req->reason_code); 4291 4292 if (ifmgd->auth_data) { 4293 drv_mgd_prepare_tx(sdata->local, sdata); 4294 ieee80211_send_deauth_disassoc(sdata, req->bssid, 4295 IEEE80211_STYPE_DEAUTH, 4296 req->reason_code, tx, 4297 frame_buf); 4298 ieee80211_destroy_auth_data(sdata, false); 4299 4300 report_frame = true; 4301 goto out; 4302 } 4303 4304 if (ifmgd->associated && 4305 ether_addr_equal(ifmgd->associated->bssid, req->bssid)) { 4306 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 4307 req->reason_code, tx, frame_buf); 4308 report_frame = true; 4309 } 4310 4311 out: 4312 if (report_frame) 4313 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 4314 IEEE80211_DEAUTH_FRAME_LEN); 4315 4316 return 0; 4317 } 4318 4319 int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata, 4320 struct cfg80211_disassoc_request *req) 4321 { 4322 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4323 u8 bssid[ETH_ALEN]; 4324 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4325 4326 /* 4327 * cfg80211 should catch this ... but it's racy since 4328 * we can receive a disassoc frame, process it, hand it 4329 * to cfg80211 while that's in a locked section already 4330 * trying to tell us that the user wants to disconnect. 4331 */ 4332 if (ifmgd->associated != req->bss) 4333 return -ENOLINK; 4334 4335 sdata_info(sdata, 4336 "disassociating from %pM by local choice (reason=%d)\n", 4337 req->bss->bssid, req->reason_code); 4338 4339 memcpy(bssid, req->bss->bssid, ETH_ALEN); 4340 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DISASSOC, 4341 req->reason_code, !req->local_state_change, 4342 frame_buf); 4343 4344 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 4345 IEEE80211_DEAUTH_FRAME_LEN); 4346 4347 return 0; 4348 } 4349 4350 void ieee80211_mgd_stop(struct ieee80211_sub_if_data *sdata) 4351 { 4352 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4353 4354 /* 4355 * Make sure some work items will not run after this, 4356 * they will not do anything but might not have been 4357 * cancelled when disconnecting. 4358 */ 4359 cancel_work_sync(&ifmgd->monitor_work); 4360 cancel_work_sync(&ifmgd->beacon_connection_loss_work); 4361 cancel_work_sync(&ifmgd->request_smps_work); 4362 cancel_work_sync(&ifmgd->csa_connection_drop_work); 4363 cancel_work_sync(&ifmgd->chswitch_work); 4364 4365 sdata_lock(sdata); 4366 if (ifmgd->assoc_data) { 4367 struct cfg80211_bss *bss = ifmgd->assoc_data->bss; 4368 ieee80211_destroy_assoc_data(sdata, false); 4369 cfg80211_assoc_timeout(sdata->dev, bss); 4370 } 4371 if (ifmgd->auth_data) 4372 ieee80211_destroy_auth_data(sdata, false); 4373 del_timer_sync(&ifmgd->timer); 4374 sdata_unlock(sdata); 4375 } 4376 4377 void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif, 4378 enum nl80211_cqm_rssi_threshold_event rssi_event, 4379 gfp_t gfp) 4380 { 4381 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 4382 4383 trace_api_cqm_rssi_notify(sdata, rssi_event); 4384 4385 cfg80211_cqm_rssi_notify(sdata->dev, rssi_event, gfp); 4386 } 4387 EXPORT_SYMBOL(ieee80211_cqm_rssi_notify); 4388