1 /* 2 * BSS client mode implementation 3 * Copyright 2003-2008, Jouni Malinen <j@w1.fi> 4 * Copyright 2004, Instant802 Networks, Inc. 5 * Copyright 2005, Devicescape Software, Inc. 6 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 7 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 8 * 9 * This program is free software; you can redistribute it and/or modify 10 * it under the terms of the GNU General Public License version 2 as 11 * published by the Free Software Foundation. 12 */ 13 14 #include <linux/delay.h> 15 #include <linux/if_ether.h> 16 #include <linux/skbuff.h> 17 #include <linux/if_arp.h> 18 #include <linux/etherdevice.h> 19 #include <linux/rtnetlink.h> 20 #include <linux/pm_qos_params.h> 21 #include <linux/crc32.h> 22 #include <linux/slab.h> 23 #include <net/mac80211.h> 24 #include <asm/unaligned.h> 25 26 #include "ieee80211_i.h" 27 #include "driver-ops.h" 28 #include "rate.h" 29 #include "led.h" 30 31 #define IEEE80211_MAX_PROBE_TRIES 5 32 33 /* 34 * beacon loss detection timeout 35 * XXX: should depend on beacon interval 36 */ 37 #define IEEE80211_BEACON_LOSS_TIME (2 * HZ) 38 /* 39 * Time the connection can be idle before we probe 40 * it to see if we can still talk to the AP. 41 */ 42 #define IEEE80211_CONNECTION_IDLE_TIME (30 * HZ) 43 /* 44 * Time we wait for a probe response after sending 45 * a probe request because of beacon loss or for 46 * checking the connection still works. 47 */ 48 #define IEEE80211_PROBE_WAIT (HZ / 2) 49 50 #define TMR_RUNNING_TIMER 0 51 #define TMR_RUNNING_CHANSW 1 52 53 /* 54 * All cfg80211 functions have to be called outside a locked 55 * section so that they can acquire a lock themselves... This 56 * is much simpler than queuing up things in cfg80211, but we 57 * do need some indirection for that here. 58 */ 59 enum rx_mgmt_action { 60 /* no action required */ 61 RX_MGMT_NONE, 62 63 /* caller must call cfg80211_send_rx_auth() */ 64 RX_MGMT_CFG80211_AUTH, 65 66 /* caller must call cfg80211_send_rx_assoc() */ 67 RX_MGMT_CFG80211_ASSOC, 68 69 /* caller must call cfg80211_send_deauth() */ 70 RX_MGMT_CFG80211_DEAUTH, 71 72 /* caller must call cfg80211_send_disassoc() */ 73 RX_MGMT_CFG80211_DISASSOC, 74 75 /* caller must tell cfg80211 about internal error */ 76 RX_MGMT_CFG80211_ASSOC_ERROR, 77 }; 78 79 /* utils */ 80 static inline void ASSERT_MGD_MTX(struct ieee80211_if_managed *ifmgd) 81 { 82 WARN_ON(!mutex_is_locked(&ifmgd->mtx)); 83 } 84 85 /* 86 * We can have multiple work items (and connection probing) 87 * scheduling this timer, but we need to take care to only 88 * reschedule it when it should fire _earlier_ than it was 89 * asked for before, or if it's not pending right now. This 90 * function ensures that. Note that it then is required to 91 * run this function for all timeouts after the first one 92 * has happened -- the work that runs from this timer will 93 * do that. 94 */ 95 static void run_again(struct ieee80211_if_managed *ifmgd, 96 unsigned long timeout) 97 { 98 ASSERT_MGD_MTX(ifmgd); 99 100 if (!timer_pending(&ifmgd->timer) || 101 time_before(timeout, ifmgd->timer.expires)) 102 mod_timer(&ifmgd->timer, timeout); 103 } 104 105 static void mod_beacon_timer(struct ieee80211_sub_if_data *sdata) 106 { 107 if (sdata->local->hw.flags & IEEE80211_HW_BEACON_FILTER) 108 return; 109 110 mod_timer(&sdata->u.mgd.bcn_mon_timer, 111 round_jiffies_up(jiffies + IEEE80211_BEACON_LOSS_TIME)); 112 } 113 114 static int ecw2cw(int ecw) 115 { 116 return (1 << ecw) - 1; 117 } 118 119 /* 120 * ieee80211_enable_ht should be called only after the operating band 121 * has been determined as ht configuration depends on the hw's 122 * HT abilities for a specific band. 123 */ 124 static u32 ieee80211_enable_ht(struct ieee80211_sub_if_data *sdata, 125 struct ieee80211_ht_info *hti, 126 const u8 *bssid, u16 ap_ht_cap_flags) 127 { 128 struct ieee80211_local *local = sdata->local; 129 struct ieee80211_supported_band *sband; 130 struct sta_info *sta; 131 u32 changed = 0; 132 u16 ht_opmode; 133 bool enable_ht = true, ht_changed; 134 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT; 135 136 sband = local->hw.wiphy->bands[local->hw.conf.channel->band]; 137 138 /* HT is not supported */ 139 if (!sband->ht_cap.ht_supported) 140 enable_ht = false; 141 142 /* check that channel matches the right operating channel */ 143 if (local->hw.conf.channel->center_freq != 144 ieee80211_channel_to_frequency(hti->control_chan)) 145 enable_ht = false; 146 147 if (enable_ht) { 148 channel_type = NL80211_CHAN_HT20; 149 150 if (!(ap_ht_cap_flags & IEEE80211_HT_CAP_40MHZ_INTOLERANT) && 151 (sband->ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) && 152 (hti->ht_param & IEEE80211_HT_PARAM_CHAN_WIDTH_ANY)) { 153 switch(hti->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 154 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 155 if (!(local->hw.conf.channel->flags & 156 IEEE80211_CHAN_NO_HT40PLUS)) 157 channel_type = NL80211_CHAN_HT40PLUS; 158 break; 159 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 160 if (!(local->hw.conf.channel->flags & 161 IEEE80211_CHAN_NO_HT40MINUS)) 162 channel_type = NL80211_CHAN_HT40MINUS; 163 break; 164 } 165 } 166 } 167 168 ht_changed = conf_is_ht(&local->hw.conf) != enable_ht || 169 channel_type != local->hw.conf.channel_type; 170 171 if (local->tmp_channel) 172 local->tmp_channel_type = channel_type; 173 local->oper_channel_type = channel_type; 174 175 if (ht_changed) { 176 /* channel_type change automatically detected */ 177 ieee80211_hw_config(local, 0); 178 179 rcu_read_lock(); 180 sta = sta_info_get(sdata, bssid); 181 if (sta) 182 rate_control_rate_update(local, sband, sta, 183 IEEE80211_RC_HT_CHANGED, 184 local->oper_channel_type); 185 rcu_read_unlock(); 186 } 187 188 /* disable HT */ 189 if (!enable_ht) 190 return 0; 191 192 ht_opmode = le16_to_cpu(hti->operation_mode); 193 194 /* if bss configuration changed store the new one */ 195 if (!sdata->ht_opmode_valid || 196 sdata->vif.bss_conf.ht_operation_mode != ht_opmode) { 197 changed |= BSS_CHANGED_HT; 198 sdata->vif.bss_conf.ht_operation_mode = ht_opmode; 199 sdata->ht_opmode_valid = true; 200 } 201 202 return changed; 203 } 204 205 /* frame sending functions */ 206 207 static void ieee80211_send_deauth_disassoc(struct ieee80211_sub_if_data *sdata, 208 const u8 *bssid, u16 stype, u16 reason, 209 void *cookie) 210 { 211 struct ieee80211_local *local = sdata->local; 212 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 213 struct sk_buff *skb; 214 struct ieee80211_mgmt *mgmt; 215 216 skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt)); 217 if (!skb) { 218 printk(KERN_DEBUG "%s: failed to allocate buffer for " 219 "deauth/disassoc frame\n", sdata->name); 220 return; 221 } 222 skb_reserve(skb, local->hw.extra_tx_headroom); 223 224 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24); 225 memset(mgmt, 0, 24); 226 memcpy(mgmt->da, bssid, ETH_ALEN); 227 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 228 memcpy(mgmt->bssid, bssid, ETH_ALEN); 229 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | stype); 230 skb_put(skb, 2); 231 /* u.deauth.reason_code == u.disassoc.reason_code */ 232 mgmt->u.deauth.reason_code = cpu_to_le16(reason); 233 234 if (stype == IEEE80211_STYPE_DEAUTH) 235 if (cookie) 236 __cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len); 237 else 238 cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len); 239 else 240 if (cookie) 241 __cfg80211_send_disassoc(sdata->dev, (u8 *)mgmt, skb->len); 242 else 243 cfg80211_send_disassoc(sdata->dev, (u8 *)mgmt, skb->len); 244 if (!(ifmgd->flags & IEEE80211_STA_MFP_ENABLED)) 245 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 246 ieee80211_tx_skb(sdata, skb); 247 } 248 249 void ieee80211_send_pspoll(struct ieee80211_local *local, 250 struct ieee80211_sub_if_data *sdata) 251 { 252 struct ieee80211_pspoll *pspoll; 253 struct sk_buff *skb; 254 255 skb = ieee80211_pspoll_get(&local->hw, &sdata->vif); 256 if (!skb) 257 return; 258 259 pspoll = (struct ieee80211_pspoll *) skb->data; 260 pspoll->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM); 261 262 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 263 ieee80211_tx_skb(sdata, skb); 264 } 265 266 void ieee80211_send_nullfunc(struct ieee80211_local *local, 267 struct ieee80211_sub_if_data *sdata, 268 int powersave) 269 { 270 struct sk_buff *skb; 271 struct ieee80211_hdr_3addr *nullfunc; 272 273 skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif); 274 if (!skb) 275 return; 276 277 nullfunc = (struct ieee80211_hdr_3addr *) skb->data; 278 if (powersave) 279 nullfunc->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM); 280 281 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 282 ieee80211_tx_skb(sdata, skb); 283 } 284 285 static void ieee80211_send_4addr_nullfunc(struct ieee80211_local *local, 286 struct ieee80211_sub_if_data *sdata) 287 { 288 struct sk_buff *skb; 289 struct ieee80211_hdr *nullfunc; 290 __le16 fc; 291 292 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 293 return; 294 295 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30); 296 if (!skb) { 297 printk(KERN_DEBUG "%s: failed to allocate buffer for 4addr " 298 "nullfunc frame\n", sdata->name); 299 return; 300 } 301 skb_reserve(skb, local->hw.extra_tx_headroom); 302 303 nullfunc = (struct ieee80211_hdr *) skb_put(skb, 30); 304 memset(nullfunc, 0, 30); 305 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC | 306 IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS); 307 nullfunc->frame_control = fc; 308 memcpy(nullfunc->addr1, sdata->u.mgd.bssid, ETH_ALEN); 309 memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN); 310 memcpy(nullfunc->addr3, sdata->u.mgd.bssid, ETH_ALEN); 311 memcpy(nullfunc->addr4, sdata->vif.addr, ETH_ALEN); 312 313 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 314 ieee80211_tx_skb(sdata, skb); 315 } 316 317 /* spectrum management related things */ 318 static void ieee80211_chswitch_work(struct work_struct *work) 319 { 320 struct ieee80211_sub_if_data *sdata = 321 container_of(work, struct ieee80211_sub_if_data, u.mgd.chswitch_work); 322 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 323 324 if (!ieee80211_sdata_running(sdata)) 325 return; 326 327 mutex_lock(&ifmgd->mtx); 328 if (!ifmgd->associated) 329 goto out; 330 331 sdata->local->oper_channel = sdata->local->csa_channel; 332 ieee80211_hw_config(sdata->local, IEEE80211_CONF_CHANGE_CHANNEL); 333 334 /* XXX: shouldn't really modify cfg80211-owned data! */ 335 ifmgd->associated->channel = sdata->local->oper_channel; 336 337 ieee80211_wake_queues_by_reason(&sdata->local->hw, 338 IEEE80211_QUEUE_STOP_REASON_CSA); 339 out: 340 ifmgd->flags &= ~IEEE80211_STA_CSA_RECEIVED; 341 mutex_unlock(&ifmgd->mtx); 342 } 343 344 static void ieee80211_chswitch_timer(unsigned long data) 345 { 346 struct ieee80211_sub_if_data *sdata = 347 (struct ieee80211_sub_if_data *) data; 348 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 349 350 if (sdata->local->quiescing) { 351 set_bit(TMR_RUNNING_CHANSW, &ifmgd->timers_running); 352 return; 353 } 354 355 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work); 356 } 357 358 void ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata, 359 struct ieee80211_channel_sw_ie *sw_elem, 360 struct ieee80211_bss *bss) 361 { 362 struct cfg80211_bss *cbss = 363 container_of((void *)bss, struct cfg80211_bss, priv); 364 struct ieee80211_channel *new_ch; 365 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 366 int new_freq = ieee80211_channel_to_frequency(sw_elem->new_ch_num); 367 368 ASSERT_MGD_MTX(ifmgd); 369 370 if (!ifmgd->associated) 371 return; 372 373 if (sdata->local->scanning) 374 return; 375 376 /* Disregard subsequent beacons if we are already running a timer 377 processing a CSA */ 378 379 if (ifmgd->flags & IEEE80211_STA_CSA_RECEIVED) 380 return; 381 382 new_ch = ieee80211_get_channel(sdata->local->hw.wiphy, new_freq); 383 if (!new_ch || new_ch->flags & IEEE80211_CHAN_DISABLED) 384 return; 385 386 sdata->local->csa_channel = new_ch; 387 388 if (sw_elem->count <= 1) { 389 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work); 390 } else { 391 ieee80211_stop_queues_by_reason(&sdata->local->hw, 392 IEEE80211_QUEUE_STOP_REASON_CSA); 393 ifmgd->flags |= IEEE80211_STA_CSA_RECEIVED; 394 mod_timer(&ifmgd->chswitch_timer, 395 jiffies + 396 msecs_to_jiffies(sw_elem->count * 397 cbss->beacon_interval)); 398 } 399 } 400 401 static void ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata, 402 u16 capab_info, u8 *pwr_constr_elem, 403 u8 pwr_constr_elem_len) 404 { 405 struct ieee80211_conf *conf = &sdata->local->hw.conf; 406 407 if (!(capab_info & WLAN_CAPABILITY_SPECTRUM_MGMT)) 408 return; 409 410 /* Power constraint IE length should be 1 octet */ 411 if (pwr_constr_elem_len != 1) 412 return; 413 414 if ((*pwr_constr_elem <= conf->channel->max_power) && 415 (*pwr_constr_elem != sdata->local->power_constr_level)) { 416 sdata->local->power_constr_level = *pwr_constr_elem; 417 ieee80211_hw_config(sdata->local, 0); 418 } 419 } 420 421 /* powersave */ 422 static void ieee80211_enable_ps(struct ieee80211_local *local, 423 struct ieee80211_sub_if_data *sdata) 424 { 425 struct ieee80211_conf *conf = &local->hw.conf; 426 427 /* 428 * If we are scanning right now then the parameters will 429 * take effect when scan finishes. 430 */ 431 if (local->scanning) 432 return; 433 434 if (conf->dynamic_ps_timeout > 0 && 435 !(local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)) { 436 mod_timer(&local->dynamic_ps_timer, jiffies + 437 msecs_to_jiffies(conf->dynamic_ps_timeout)); 438 } else { 439 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) 440 ieee80211_send_nullfunc(local, sdata, 1); 441 442 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) && 443 (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) 444 return; 445 446 conf->flags |= IEEE80211_CONF_PS; 447 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 448 } 449 } 450 451 static void ieee80211_change_ps(struct ieee80211_local *local) 452 { 453 struct ieee80211_conf *conf = &local->hw.conf; 454 455 if (local->ps_sdata) { 456 ieee80211_enable_ps(local, local->ps_sdata); 457 } else if (conf->flags & IEEE80211_CONF_PS) { 458 conf->flags &= ~IEEE80211_CONF_PS; 459 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 460 del_timer_sync(&local->dynamic_ps_timer); 461 cancel_work_sync(&local->dynamic_ps_enable_work); 462 } 463 } 464 465 /* need to hold RTNL or interface lock */ 466 void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency) 467 { 468 struct ieee80211_sub_if_data *sdata, *found = NULL; 469 int count = 0; 470 471 if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_PS)) { 472 local->ps_sdata = NULL; 473 return; 474 } 475 476 if (!list_empty(&local->work_list)) { 477 local->ps_sdata = NULL; 478 goto change; 479 } 480 481 list_for_each_entry(sdata, &local->interfaces, list) { 482 if (!ieee80211_sdata_running(sdata)) 483 continue; 484 if (sdata->vif.type != NL80211_IFTYPE_STATION) 485 continue; 486 found = sdata; 487 count++; 488 } 489 490 if (count == 1 && found->u.mgd.powersave && 491 found->u.mgd.associated && 492 found->u.mgd.associated->beacon_ies && 493 !(found->u.mgd.flags & (IEEE80211_STA_BEACON_POLL | 494 IEEE80211_STA_CONNECTION_POLL))) { 495 s32 beaconint_us; 496 497 if (latency < 0) 498 latency = pm_qos_requirement(PM_QOS_NETWORK_LATENCY); 499 500 beaconint_us = ieee80211_tu_to_usec( 501 found->vif.bss_conf.beacon_int); 502 503 if (beaconint_us > latency) { 504 local->ps_sdata = NULL; 505 } else { 506 struct ieee80211_bss *bss; 507 int maxslp = 1; 508 u8 dtimper; 509 510 bss = (void *)found->u.mgd.associated->priv; 511 dtimper = bss->dtim_period; 512 513 /* If the TIM IE is invalid, pretend the value is 1 */ 514 if (!dtimper) 515 dtimper = 1; 516 else if (dtimper > 1) 517 maxslp = min_t(int, dtimper, 518 latency / beaconint_us); 519 520 local->hw.conf.max_sleep_period = maxslp; 521 local->hw.conf.ps_dtim_period = dtimper; 522 local->ps_sdata = found; 523 } 524 } else { 525 local->ps_sdata = NULL; 526 } 527 528 change: 529 ieee80211_change_ps(local); 530 } 531 532 void ieee80211_dynamic_ps_disable_work(struct work_struct *work) 533 { 534 struct ieee80211_local *local = 535 container_of(work, struct ieee80211_local, 536 dynamic_ps_disable_work); 537 538 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 539 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 540 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 541 } 542 543 ieee80211_wake_queues_by_reason(&local->hw, 544 IEEE80211_QUEUE_STOP_REASON_PS); 545 } 546 547 void ieee80211_dynamic_ps_enable_work(struct work_struct *work) 548 { 549 struct ieee80211_local *local = 550 container_of(work, struct ieee80211_local, 551 dynamic_ps_enable_work); 552 struct ieee80211_sub_if_data *sdata = local->ps_sdata; 553 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 554 555 /* can only happen when PS was just disabled anyway */ 556 if (!sdata) 557 return; 558 559 if (local->hw.conf.flags & IEEE80211_CONF_PS) 560 return; 561 562 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) && 563 (!(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED))) 564 ieee80211_send_nullfunc(local, sdata, 1); 565 566 if (!((local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) && 567 (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)) || 568 (ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) { 569 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED; 570 local->hw.conf.flags |= IEEE80211_CONF_PS; 571 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 572 } 573 } 574 575 void ieee80211_dynamic_ps_timer(unsigned long data) 576 { 577 struct ieee80211_local *local = (void *) data; 578 579 if (local->quiescing || local->suspended) 580 return; 581 582 ieee80211_queue_work(&local->hw, &local->dynamic_ps_enable_work); 583 } 584 585 /* MLME */ 586 static void ieee80211_sta_wmm_params(struct ieee80211_local *local, 587 struct ieee80211_if_managed *ifmgd, 588 u8 *wmm_param, size_t wmm_param_len) 589 { 590 struct ieee80211_tx_queue_params params; 591 size_t left; 592 int count; 593 u8 *pos, uapsd_queues = 0; 594 595 if (local->hw.queues < 4) 596 return; 597 598 if (!wmm_param) 599 return; 600 601 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1) 602 return; 603 604 if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED) 605 uapsd_queues = local->uapsd_queues; 606 607 count = wmm_param[6] & 0x0f; 608 if (count == ifmgd->wmm_last_param_set) 609 return; 610 ifmgd->wmm_last_param_set = count; 611 612 pos = wmm_param + 8; 613 left = wmm_param_len - 8; 614 615 memset(¶ms, 0, sizeof(params)); 616 617 local->wmm_acm = 0; 618 for (; left >= 4; left -= 4, pos += 4) { 619 int aci = (pos[0] >> 5) & 0x03; 620 int acm = (pos[0] >> 4) & 0x01; 621 bool uapsd = false; 622 int queue; 623 624 switch (aci) { 625 case 1: /* AC_BK */ 626 queue = 3; 627 if (acm) 628 local->wmm_acm |= BIT(1) | BIT(2); /* BK/- */ 629 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK) 630 uapsd = true; 631 break; 632 case 2: /* AC_VI */ 633 queue = 1; 634 if (acm) 635 local->wmm_acm |= BIT(4) | BIT(5); /* CL/VI */ 636 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI) 637 uapsd = true; 638 break; 639 case 3: /* AC_VO */ 640 queue = 0; 641 if (acm) 642 local->wmm_acm |= BIT(6) | BIT(7); /* VO/NC */ 643 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO) 644 uapsd = true; 645 break; 646 case 0: /* AC_BE */ 647 default: 648 queue = 2; 649 if (acm) 650 local->wmm_acm |= BIT(0) | BIT(3); /* BE/EE */ 651 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE) 652 uapsd = true; 653 break; 654 } 655 656 params.aifs = pos[0] & 0x0f; 657 params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4); 658 params.cw_min = ecw2cw(pos[1] & 0x0f); 659 params.txop = get_unaligned_le16(pos + 2); 660 params.uapsd = uapsd; 661 662 #ifdef CONFIG_MAC80211_VERBOSE_DEBUG 663 printk(KERN_DEBUG "%s: WMM queue=%d aci=%d acm=%d aifs=%d " 664 "cWmin=%d cWmax=%d txop=%d uapsd=%d\n", 665 wiphy_name(local->hw.wiphy), queue, aci, acm, 666 params.aifs, params.cw_min, params.cw_max, params.txop, 667 params.uapsd); 668 #endif 669 if (drv_conf_tx(local, queue, ¶ms) && local->ops->conf_tx) 670 printk(KERN_DEBUG "%s: failed to set TX queue " 671 "parameters for queue %d\n", 672 wiphy_name(local->hw.wiphy), queue); 673 } 674 } 675 676 static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata, 677 u16 capab, bool erp_valid, u8 erp) 678 { 679 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 680 u32 changed = 0; 681 bool use_protection; 682 bool use_short_preamble; 683 bool use_short_slot; 684 685 if (erp_valid) { 686 use_protection = (erp & WLAN_ERP_USE_PROTECTION) != 0; 687 use_short_preamble = (erp & WLAN_ERP_BARKER_PREAMBLE) == 0; 688 } else { 689 use_protection = false; 690 use_short_preamble = !!(capab & WLAN_CAPABILITY_SHORT_PREAMBLE); 691 } 692 693 use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME); 694 if (sdata->local->hw.conf.channel->band == IEEE80211_BAND_5GHZ) 695 use_short_slot = true; 696 697 if (use_protection != bss_conf->use_cts_prot) { 698 bss_conf->use_cts_prot = use_protection; 699 changed |= BSS_CHANGED_ERP_CTS_PROT; 700 } 701 702 if (use_short_preamble != bss_conf->use_short_preamble) { 703 bss_conf->use_short_preamble = use_short_preamble; 704 changed |= BSS_CHANGED_ERP_PREAMBLE; 705 } 706 707 if (use_short_slot != bss_conf->use_short_slot) { 708 bss_conf->use_short_slot = use_short_slot; 709 changed |= BSS_CHANGED_ERP_SLOT; 710 } 711 712 return changed; 713 } 714 715 static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata, 716 struct cfg80211_bss *cbss, 717 u32 bss_info_changed) 718 { 719 struct ieee80211_bss *bss = (void *)cbss->priv; 720 struct ieee80211_local *local = sdata->local; 721 722 bss_info_changed |= BSS_CHANGED_ASSOC; 723 /* set timing information */ 724 sdata->vif.bss_conf.beacon_int = cbss->beacon_interval; 725 sdata->vif.bss_conf.timestamp = cbss->tsf; 726 727 bss_info_changed |= BSS_CHANGED_BEACON_INT; 728 bss_info_changed |= ieee80211_handle_bss_capability(sdata, 729 cbss->capability, bss->has_erp_value, bss->erp_value); 730 731 sdata->u.mgd.associated = cbss; 732 memcpy(sdata->u.mgd.bssid, cbss->bssid, ETH_ALEN); 733 734 /* just to be sure */ 735 sdata->u.mgd.flags &= ~(IEEE80211_STA_CONNECTION_POLL | 736 IEEE80211_STA_BEACON_POLL); 737 738 /* 739 * Always handle WMM once after association regardless 740 * of the first value the AP uses. Setting -1 here has 741 * that effect because the AP values is an unsigned 742 * 4-bit value. 743 */ 744 sdata->u.mgd.wmm_last_param_set = -1; 745 746 ieee80211_led_assoc(local, 1); 747 748 sdata->vif.bss_conf.assoc = 1; 749 /* 750 * For now just always ask the driver to update the basic rateset 751 * when we have associated, we aren't checking whether it actually 752 * changed or not. 753 */ 754 bss_info_changed |= BSS_CHANGED_BASIC_RATES; 755 756 /* And the BSSID changed - we're associated now */ 757 bss_info_changed |= BSS_CHANGED_BSSID; 758 759 ieee80211_bss_info_change_notify(sdata, bss_info_changed); 760 761 mutex_lock(&local->iflist_mtx); 762 ieee80211_recalc_ps(local, -1); 763 ieee80211_recalc_smps(local, sdata); 764 mutex_unlock(&local->iflist_mtx); 765 766 netif_tx_start_all_queues(sdata->dev); 767 netif_carrier_on(sdata->dev); 768 } 769 770 static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata) 771 { 772 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 773 struct ieee80211_local *local = sdata->local; 774 struct sta_info *sta; 775 u32 changed = 0, config_changed = 0; 776 u8 bssid[ETH_ALEN]; 777 778 ASSERT_MGD_MTX(ifmgd); 779 780 if (WARN_ON(!ifmgd->associated)) 781 return; 782 783 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN); 784 785 ifmgd->associated = NULL; 786 memset(ifmgd->bssid, 0, ETH_ALEN); 787 788 /* 789 * we need to commit the associated = NULL change because the 790 * scan code uses that to determine whether this iface should 791 * go to/wake up from powersave or not -- and could otherwise 792 * wake the queues erroneously. 793 */ 794 smp_mb(); 795 796 /* 797 * Thus, we can only afterwards stop the queues -- to account 798 * for the case where another CPU is finishing a scan at this 799 * time -- we don't want the scan code to enable queues. 800 */ 801 802 netif_tx_stop_all_queues(sdata->dev); 803 netif_carrier_off(sdata->dev); 804 805 rcu_read_lock(); 806 sta = sta_info_get(sdata, bssid); 807 if (sta) { 808 set_sta_flags(sta, WLAN_STA_DISASSOC); 809 ieee80211_sta_tear_down_BA_sessions(sta); 810 } 811 rcu_read_unlock(); 812 813 changed |= ieee80211_reset_erp_info(sdata); 814 815 ieee80211_led_assoc(local, 0); 816 changed |= BSS_CHANGED_ASSOC; 817 sdata->vif.bss_conf.assoc = false; 818 819 ieee80211_set_wmm_default(sdata); 820 821 /* channel(_type) changes are handled by ieee80211_hw_config */ 822 local->oper_channel_type = NL80211_CHAN_NO_HT; 823 824 /* on the next assoc, re-program HT parameters */ 825 sdata->ht_opmode_valid = false; 826 827 local->power_constr_level = 0; 828 829 del_timer_sync(&local->dynamic_ps_timer); 830 cancel_work_sync(&local->dynamic_ps_enable_work); 831 832 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 833 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 834 config_changed |= IEEE80211_CONF_CHANGE_PS; 835 } 836 837 ieee80211_hw_config(local, config_changed); 838 839 /* And the BSSID changed -- not very interesting here */ 840 changed |= BSS_CHANGED_BSSID; 841 ieee80211_bss_info_change_notify(sdata, changed); 842 843 sta_info_destroy_addr(sdata, bssid); 844 } 845 846 void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata, 847 struct ieee80211_hdr *hdr) 848 { 849 /* 850 * We can postpone the mgd.timer whenever receiving unicast frames 851 * from AP because we know that the connection is working both ways 852 * at that time. But multicast frames (and hence also beacons) must 853 * be ignored here, because we need to trigger the timer during 854 * data idle periods for sending the periodic probe request to the 855 * AP we're connected to. 856 */ 857 if (is_multicast_ether_addr(hdr->addr1)) 858 return; 859 860 mod_timer(&sdata->u.mgd.conn_mon_timer, 861 round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME)); 862 } 863 864 static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata) 865 { 866 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 867 const u8 *ssid; 868 869 ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID); 870 ieee80211_send_probe_req(sdata, ifmgd->associated->bssid, 871 ssid + 2, ssid[1], NULL, 0); 872 873 ifmgd->probe_send_count++; 874 ifmgd->probe_timeout = jiffies + IEEE80211_PROBE_WAIT; 875 run_again(ifmgd, ifmgd->probe_timeout); 876 } 877 878 static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata, 879 bool beacon) 880 { 881 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 882 bool already = false; 883 884 if (!ieee80211_sdata_running(sdata)) 885 return; 886 887 if (sdata->local->scanning) 888 return; 889 890 if (sdata->local->tmp_channel) 891 return; 892 893 mutex_lock(&ifmgd->mtx); 894 895 if (!ifmgd->associated) 896 goto out; 897 898 #ifdef CONFIG_MAC80211_VERBOSE_DEBUG 899 if (beacon && net_ratelimit()) 900 printk(KERN_DEBUG "%s: detected beacon loss from AP " 901 "- sending probe request\n", sdata->name); 902 #endif 903 904 /* 905 * The driver/our work has already reported this event or the 906 * connection monitoring has kicked in and we have already sent 907 * a probe request. Or maybe the AP died and the driver keeps 908 * reporting until we disassociate... 909 * 910 * In either case we have to ignore the current call to this 911 * function (except for setting the correct probe reason bit) 912 * because otherwise we would reset the timer every time and 913 * never check whether we received a probe response! 914 */ 915 if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 916 IEEE80211_STA_CONNECTION_POLL)) 917 already = true; 918 919 if (beacon) 920 ifmgd->flags |= IEEE80211_STA_BEACON_POLL; 921 else 922 ifmgd->flags |= IEEE80211_STA_CONNECTION_POLL; 923 924 if (already) 925 goto out; 926 927 mutex_lock(&sdata->local->iflist_mtx); 928 ieee80211_recalc_ps(sdata->local, -1); 929 mutex_unlock(&sdata->local->iflist_mtx); 930 931 ifmgd->probe_send_count = 0; 932 ieee80211_mgd_probe_ap_send(sdata); 933 out: 934 mutex_unlock(&ifmgd->mtx); 935 } 936 937 void ieee80211_beacon_loss_work(struct work_struct *work) 938 { 939 struct ieee80211_sub_if_data *sdata = 940 container_of(work, struct ieee80211_sub_if_data, 941 u.mgd.beacon_loss_work); 942 943 ieee80211_mgd_probe_ap(sdata, true); 944 } 945 946 void ieee80211_beacon_loss(struct ieee80211_vif *vif) 947 { 948 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 949 950 ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.beacon_loss_work); 951 } 952 EXPORT_SYMBOL(ieee80211_beacon_loss); 953 954 static enum rx_mgmt_action __must_check 955 ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata, 956 struct ieee80211_mgmt *mgmt, size_t len) 957 { 958 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 959 const u8 *bssid = NULL; 960 u16 reason_code; 961 962 if (len < 24 + 2) 963 return RX_MGMT_NONE; 964 965 ASSERT_MGD_MTX(ifmgd); 966 967 bssid = ifmgd->associated->bssid; 968 969 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code); 970 971 printk(KERN_DEBUG "%s: deauthenticated from %pM (Reason: %u)\n", 972 sdata->name, bssid, reason_code); 973 974 ieee80211_set_disassoc(sdata); 975 ieee80211_recalc_idle(sdata->local); 976 977 return RX_MGMT_CFG80211_DEAUTH; 978 } 979 980 981 static enum rx_mgmt_action __must_check 982 ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata, 983 struct ieee80211_mgmt *mgmt, size_t len) 984 { 985 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 986 u16 reason_code; 987 988 if (len < 24 + 2) 989 return RX_MGMT_NONE; 990 991 ASSERT_MGD_MTX(ifmgd); 992 993 if (WARN_ON(!ifmgd->associated)) 994 return RX_MGMT_NONE; 995 996 if (WARN_ON(memcmp(ifmgd->associated->bssid, mgmt->sa, ETH_ALEN))) 997 return RX_MGMT_NONE; 998 999 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code); 1000 1001 printk(KERN_DEBUG "%s: disassociated from %pM (Reason: %u)\n", 1002 sdata->name, mgmt->sa, reason_code); 1003 1004 ieee80211_set_disassoc(sdata); 1005 ieee80211_recalc_idle(sdata->local); 1006 return RX_MGMT_CFG80211_DISASSOC; 1007 } 1008 1009 1010 static bool ieee80211_assoc_success(struct ieee80211_work *wk, 1011 struct ieee80211_mgmt *mgmt, size_t len) 1012 { 1013 struct ieee80211_sub_if_data *sdata = wk->sdata; 1014 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1015 struct ieee80211_local *local = sdata->local; 1016 struct ieee80211_supported_band *sband; 1017 struct sta_info *sta; 1018 struct cfg80211_bss *cbss = wk->assoc.bss; 1019 u8 *pos; 1020 u32 rates, basic_rates; 1021 u16 capab_info, aid; 1022 struct ieee802_11_elems elems; 1023 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 1024 u32 changed = 0; 1025 int i, j, err; 1026 bool have_higher_than_11mbit = false; 1027 u16 ap_ht_cap_flags; 1028 1029 /* AssocResp and ReassocResp have identical structure */ 1030 1031 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 1032 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 1033 1034 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14))) 1035 printk(KERN_DEBUG "%s: invalid aid value %d; bits 15:14 not " 1036 "set\n", sdata->name, aid); 1037 aid &= ~(BIT(15) | BIT(14)); 1038 1039 pos = mgmt->u.assoc_resp.variable; 1040 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems); 1041 1042 if (!elems.supp_rates) { 1043 printk(KERN_DEBUG "%s: no SuppRates element in AssocResp\n", 1044 sdata->name); 1045 return false; 1046 } 1047 1048 ifmgd->aid = aid; 1049 1050 sta = sta_info_alloc(sdata, cbss->bssid, GFP_KERNEL); 1051 if (!sta) { 1052 printk(KERN_DEBUG "%s: failed to alloc STA entry for" 1053 " the AP\n", sdata->name); 1054 return false; 1055 } 1056 1057 set_sta_flags(sta, WLAN_STA_AUTH | WLAN_STA_ASSOC | 1058 WLAN_STA_ASSOC_AP); 1059 if (!(ifmgd->flags & IEEE80211_STA_CONTROL_PORT)) 1060 set_sta_flags(sta, WLAN_STA_AUTHORIZED); 1061 1062 rates = 0; 1063 basic_rates = 0; 1064 sband = local->hw.wiphy->bands[local->hw.conf.channel->band]; 1065 1066 for (i = 0; i < elems.supp_rates_len; i++) { 1067 int rate = (elems.supp_rates[i] & 0x7f) * 5; 1068 bool is_basic = !!(elems.supp_rates[i] & 0x80); 1069 1070 if (rate > 110) 1071 have_higher_than_11mbit = true; 1072 1073 for (j = 0; j < sband->n_bitrates; j++) { 1074 if (sband->bitrates[j].bitrate == rate) { 1075 rates |= BIT(j); 1076 if (is_basic) 1077 basic_rates |= BIT(j); 1078 break; 1079 } 1080 } 1081 } 1082 1083 for (i = 0; i < elems.ext_supp_rates_len; i++) { 1084 int rate = (elems.ext_supp_rates[i] & 0x7f) * 5; 1085 bool is_basic = !!(elems.ext_supp_rates[i] & 0x80); 1086 1087 if (rate > 110) 1088 have_higher_than_11mbit = true; 1089 1090 for (j = 0; j < sband->n_bitrates; j++) { 1091 if (sband->bitrates[j].bitrate == rate) { 1092 rates |= BIT(j); 1093 if (is_basic) 1094 basic_rates |= BIT(j); 1095 break; 1096 } 1097 } 1098 } 1099 1100 sta->sta.supp_rates[local->hw.conf.channel->band] = rates; 1101 sdata->vif.bss_conf.basic_rates = basic_rates; 1102 1103 /* cf. IEEE 802.11 9.2.12 */ 1104 if (local->hw.conf.channel->band == IEEE80211_BAND_2GHZ && 1105 have_higher_than_11mbit) 1106 sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE; 1107 else 1108 sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE; 1109 1110 if (elems.ht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_11N)) 1111 ieee80211_ht_cap_ie_to_sta_ht_cap(sband, 1112 elems.ht_cap_elem, &sta->sta.ht_cap); 1113 1114 ap_ht_cap_flags = sta->sta.ht_cap.cap; 1115 1116 rate_control_rate_init(sta); 1117 1118 if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED) 1119 set_sta_flags(sta, WLAN_STA_MFP); 1120 1121 if (elems.wmm_param) 1122 set_sta_flags(sta, WLAN_STA_WME); 1123 1124 err = sta_info_insert(sta); 1125 sta = NULL; 1126 if (err) { 1127 printk(KERN_DEBUG "%s: failed to insert STA entry for" 1128 " the AP (error %d)\n", sdata->name, err); 1129 return false; 1130 } 1131 1132 if (elems.wmm_param) 1133 ieee80211_sta_wmm_params(local, ifmgd, elems.wmm_param, 1134 elems.wmm_param_len); 1135 else 1136 ieee80211_set_wmm_default(sdata); 1137 1138 local->oper_channel = wk->chan; 1139 1140 if (elems.ht_info_elem && elems.wmm_param && 1141 (sdata->local->hw.queues >= 4) && 1142 !(ifmgd->flags & IEEE80211_STA_DISABLE_11N)) 1143 changed |= ieee80211_enable_ht(sdata, elems.ht_info_elem, 1144 cbss->bssid, ap_ht_cap_flags); 1145 1146 /* set AID and assoc capability, 1147 * ieee80211_set_associated() will tell the driver */ 1148 bss_conf->aid = aid; 1149 bss_conf->assoc_capability = capab_info; 1150 ieee80211_set_associated(sdata, cbss, changed); 1151 1152 /* 1153 * If we're using 4-addr mode, let the AP know that we're 1154 * doing so, so that it can create the STA VLAN on its side 1155 */ 1156 if (ifmgd->use_4addr) 1157 ieee80211_send_4addr_nullfunc(local, sdata); 1158 1159 /* 1160 * Start timer to probe the connection to the AP now. 1161 * Also start the timer that will detect beacon loss. 1162 */ 1163 ieee80211_sta_rx_notify(sdata, (struct ieee80211_hdr *)mgmt); 1164 mod_beacon_timer(sdata); 1165 1166 return true; 1167 } 1168 1169 1170 static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata, 1171 struct ieee80211_mgmt *mgmt, 1172 size_t len, 1173 struct ieee80211_rx_status *rx_status, 1174 struct ieee802_11_elems *elems, 1175 bool beacon) 1176 { 1177 struct ieee80211_local *local = sdata->local; 1178 int freq; 1179 struct ieee80211_bss *bss; 1180 struct ieee80211_channel *channel; 1181 bool need_ps = false; 1182 1183 if (sdata->u.mgd.associated) { 1184 bss = (void *)sdata->u.mgd.associated->priv; 1185 /* not previously set so we may need to recalc */ 1186 need_ps = !bss->dtim_period; 1187 } 1188 1189 if (elems->ds_params && elems->ds_params_len == 1) 1190 freq = ieee80211_channel_to_frequency(elems->ds_params[0]); 1191 else 1192 freq = rx_status->freq; 1193 1194 channel = ieee80211_get_channel(local->hw.wiphy, freq); 1195 1196 if (!channel || channel->flags & IEEE80211_CHAN_DISABLED) 1197 return; 1198 1199 bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, elems, 1200 channel, beacon); 1201 if (bss) 1202 ieee80211_rx_bss_put(local, bss); 1203 1204 if (!sdata->u.mgd.associated) 1205 return; 1206 1207 if (need_ps) { 1208 mutex_lock(&local->iflist_mtx); 1209 ieee80211_recalc_ps(local, -1); 1210 mutex_unlock(&local->iflist_mtx); 1211 } 1212 1213 if (elems->ch_switch_elem && (elems->ch_switch_elem_len == 3) && 1214 (memcmp(mgmt->bssid, sdata->u.mgd.associated->bssid, 1215 ETH_ALEN) == 0)) { 1216 struct ieee80211_channel_sw_ie *sw_elem = 1217 (struct ieee80211_channel_sw_ie *)elems->ch_switch_elem; 1218 ieee80211_sta_process_chanswitch(sdata, sw_elem, bss); 1219 } 1220 } 1221 1222 1223 static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata, 1224 struct sk_buff *skb) 1225 { 1226 struct ieee80211_mgmt *mgmt = (void *)skb->data; 1227 struct ieee80211_if_managed *ifmgd; 1228 struct ieee80211_rx_status *rx_status = (void *) skb->cb; 1229 size_t baselen, len = skb->len; 1230 struct ieee802_11_elems elems; 1231 1232 ifmgd = &sdata->u.mgd; 1233 1234 ASSERT_MGD_MTX(ifmgd); 1235 1236 if (memcmp(mgmt->da, sdata->vif.addr, ETH_ALEN)) 1237 return; /* ignore ProbeResp to foreign address */ 1238 1239 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt; 1240 if (baselen > len) 1241 return; 1242 1243 ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen, 1244 &elems); 1245 1246 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems, false); 1247 1248 if (ifmgd->associated && 1249 memcmp(mgmt->bssid, ifmgd->associated->bssid, ETH_ALEN) == 0 && 1250 ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 1251 IEEE80211_STA_CONNECTION_POLL)) { 1252 ifmgd->flags &= ~(IEEE80211_STA_CONNECTION_POLL | 1253 IEEE80211_STA_BEACON_POLL); 1254 mutex_lock(&sdata->local->iflist_mtx); 1255 ieee80211_recalc_ps(sdata->local, -1); 1256 mutex_unlock(&sdata->local->iflist_mtx); 1257 /* 1258 * We've received a probe response, but are not sure whether 1259 * we have or will be receiving any beacons or data, so let's 1260 * schedule the timers again, just in case. 1261 */ 1262 mod_beacon_timer(sdata); 1263 mod_timer(&ifmgd->conn_mon_timer, 1264 round_jiffies_up(jiffies + 1265 IEEE80211_CONNECTION_IDLE_TIME)); 1266 } 1267 } 1268 1269 /* 1270 * This is the canonical list of information elements we care about, 1271 * the filter code also gives us all changes to the Microsoft OUI 1272 * (00:50:F2) vendor IE which is used for WMM which we need to track. 1273 * 1274 * We implement beacon filtering in software since that means we can 1275 * avoid processing the frame here and in cfg80211, and userspace 1276 * will not be able to tell whether the hardware supports it or not. 1277 * 1278 * XXX: This list needs to be dynamic -- userspace needs to be able to 1279 * add items it requires. It also needs to be able to tell us to 1280 * look out for other vendor IEs. 1281 */ 1282 static const u64 care_about_ies = 1283 (1ULL << WLAN_EID_COUNTRY) | 1284 (1ULL << WLAN_EID_ERP_INFO) | 1285 (1ULL << WLAN_EID_CHANNEL_SWITCH) | 1286 (1ULL << WLAN_EID_PWR_CONSTRAINT) | 1287 (1ULL << WLAN_EID_HT_CAPABILITY) | 1288 (1ULL << WLAN_EID_HT_INFORMATION); 1289 1290 static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata, 1291 struct ieee80211_mgmt *mgmt, 1292 size_t len, 1293 struct ieee80211_rx_status *rx_status) 1294 { 1295 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1296 size_t baselen; 1297 struct ieee802_11_elems elems; 1298 struct ieee80211_local *local = sdata->local; 1299 u32 changed = 0; 1300 bool erp_valid, directed_tim = false; 1301 u8 erp_value = 0; 1302 u32 ncrc; 1303 u8 *bssid; 1304 1305 ASSERT_MGD_MTX(ifmgd); 1306 1307 /* Process beacon from the current BSS */ 1308 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt; 1309 if (baselen > len) 1310 return; 1311 1312 if (rx_status->freq != local->hw.conf.channel->center_freq) 1313 return; 1314 1315 /* 1316 * We might have received a number of frames, among them a 1317 * disassoc frame and a beacon... 1318 */ 1319 if (!ifmgd->associated) 1320 return; 1321 1322 bssid = ifmgd->associated->bssid; 1323 1324 /* 1325 * And in theory even frames from a different AP we were just 1326 * associated to a split-second ago! 1327 */ 1328 if (memcmp(bssid, mgmt->bssid, ETH_ALEN) != 0) 1329 return; 1330 1331 if (ifmgd->flags & IEEE80211_STA_BEACON_POLL) { 1332 #ifdef CONFIG_MAC80211_VERBOSE_DEBUG 1333 if (net_ratelimit()) { 1334 printk(KERN_DEBUG "%s: cancelling probereq poll due " 1335 "to a received beacon\n", sdata->name); 1336 } 1337 #endif 1338 ifmgd->flags &= ~IEEE80211_STA_BEACON_POLL; 1339 mutex_lock(&local->iflist_mtx); 1340 ieee80211_recalc_ps(local, -1); 1341 mutex_unlock(&local->iflist_mtx); 1342 } 1343 1344 /* 1345 * Push the beacon loss detection into the future since 1346 * we are processing a beacon from the AP just now. 1347 */ 1348 mod_beacon_timer(sdata); 1349 1350 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4); 1351 ncrc = ieee802_11_parse_elems_crc(mgmt->u.beacon.variable, 1352 len - baselen, &elems, 1353 care_about_ies, ncrc); 1354 1355 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) 1356 directed_tim = ieee80211_check_tim(elems.tim, elems.tim_len, 1357 ifmgd->aid); 1358 1359 if (ncrc != ifmgd->beacon_crc) { 1360 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems, 1361 true); 1362 1363 ieee80211_sta_wmm_params(local, ifmgd, elems.wmm_param, 1364 elems.wmm_param_len); 1365 } 1366 1367 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) { 1368 if (directed_tim) { 1369 if (local->hw.conf.dynamic_ps_timeout > 0) { 1370 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 1371 ieee80211_hw_config(local, 1372 IEEE80211_CONF_CHANGE_PS); 1373 ieee80211_send_nullfunc(local, sdata, 0); 1374 } else { 1375 local->pspolling = true; 1376 1377 /* 1378 * Here is assumed that the driver will be 1379 * able to send ps-poll frame and receive a 1380 * response even though power save mode is 1381 * enabled, but some drivers might require 1382 * to disable power save here. This needs 1383 * to be investigated. 1384 */ 1385 ieee80211_send_pspoll(local, sdata); 1386 } 1387 } 1388 } 1389 1390 if (ncrc == ifmgd->beacon_crc) 1391 return; 1392 ifmgd->beacon_crc = ncrc; 1393 1394 if (elems.erp_info && elems.erp_info_len >= 1) { 1395 erp_valid = true; 1396 erp_value = elems.erp_info[0]; 1397 } else { 1398 erp_valid = false; 1399 } 1400 changed |= ieee80211_handle_bss_capability(sdata, 1401 le16_to_cpu(mgmt->u.beacon.capab_info), 1402 erp_valid, erp_value); 1403 1404 1405 if (elems.ht_cap_elem && elems.ht_info_elem && elems.wmm_param && 1406 !(ifmgd->flags & IEEE80211_STA_DISABLE_11N)) { 1407 struct sta_info *sta; 1408 struct ieee80211_supported_band *sband; 1409 u16 ap_ht_cap_flags; 1410 1411 rcu_read_lock(); 1412 1413 sta = sta_info_get(sdata, bssid); 1414 if (WARN_ON(!sta)) { 1415 rcu_read_unlock(); 1416 return; 1417 } 1418 1419 sband = local->hw.wiphy->bands[local->hw.conf.channel->band]; 1420 1421 ieee80211_ht_cap_ie_to_sta_ht_cap(sband, 1422 elems.ht_cap_elem, &sta->sta.ht_cap); 1423 1424 ap_ht_cap_flags = sta->sta.ht_cap.cap; 1425 1426 rcu_read_unlock(); 1427 1428 changed |= ieee80211_enable_ht(sdata, elems.ht_info_elem, 1429 bssid, ap_ht_cap_flags); 1430 } 1431 1432 /* Note: country IE parsing is done for us by cfg80211 */ 1433 if (elems.country_elem) { 1434 /* TODO: IBSS also needs this */ 1435 if (elems.pwr_constr_elem) 1436 ieee80211_handle_pwr_constr(sdata, 1437 le16_to_cpu(mgmt->u.probe_resp.capab_info), 1438 elems.pwr_constr_elem, 1439 elems.pwr_constr_elem_len); 1440 } 1441 1442 ieee80211_bss_info_change_notify(sdata, changed); 1443 } 1444 1445 ieee80211_rx_result ieee80211_sta_rx_mgmt(struct ieee80211_sub_if_data *sdata, 1446 struct sk_buff *skb) 1447 { 1448 struct ieee80211_local *local = sdata->local; 1449 struct ieee80211_mgmt *mgmt; 1450 u16 fc; 1451 1452 if (skb->len < 24) 1453 return RX_DROP_MONITOR; 1454 1455 mgmt = (struct ieee80211_mgmt *) skb->data; 1456 fc = le16_to_cpu(mgmt->frame_control); 1457 1458 switch (fc & IEEE80211_FCTL_STYPE) { 1459 case IEEE80211_STYPE_PROBE_RESP: 1460 case IEEE80211_STYPE_BEACON: 1461 case IEEE80211_STYPE_DEAUTH: 1462 case IEEE80211_STYPE_DISASSOC: 1463 case IEEE80211_STYPE_ACTION: 1464 skb_queue_tail(&sdata->u.mgd.skb_queue, skb); 1465 ieee80211_queue_work(&local->hw, &sdata->u.mgd.work); 1466 return RX_QUEUED; 1467 } 1468 1469 return RX_DROP_MONITOR; 1470 } 1471 1472 static void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata, 1473 struct sk_buff *skb) 1474 { 1475 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1476 struct ieee80211_rx_status *rx_status; 1477 struct ieee80211_mgmt *mgmt; 1478 enum rx_mgmt_action rma = RX_MGMT_NONE; 1479 u16 fc; 1480 1481 rx_status = (struct ieee80211_rx_status *) skb->cb; 1482 mgmt = (struct ieee80211_mgmt *) skb->data; 1483 fc = le16_to_cpu(mgmt->frame_control); 1484 1485 mutex_lock(&ifmgd->mtx); 1486 1487 if (ifmgd->associated && 1488 memcmp(ifmgd->associated->bssid, mgmt->bssid, ETH_ALEN) == 0) { 1489 switch (fc & IEEE80211_FCTL_STYPE) { 1490 case IEEE80211_STYPE_BEACON: 1491 ieee80211_rx_mgmt_beacon(sdata, mgmt, skb->len, 1492 rx_status); 1493 break; 1494 case IEEE80211_STYPE_PROBE_RESP: 1495 ieee80211_rx_mgmt_probe_resp(sdata, skb); 1496 break; 1497 case IEEE80211_STYPE_DEAUTH: 1498 rma = ieee80211_rx_mgmt_deauth(sdata, mgmt, skb->len); 1499 break; 1500 case IEEE80211_STYPE_DISASSOC: 1501 rma = ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len); 1502 break; 1503 case IEEE80211_STYPE_ACTION: 1504 if (mgmt->u.action.category != WLAN_CATEGORY_SPECTRUM_MGMT) 1505 break; 1506 1507 ieee80211_sta_process_chanswitch(sdata, 1508 &mgmt->u.action.u.chan_switch.sw_elem, 1509 (void *)ifmgd->associated->priv); 1510 break; 1511 } 1512 mutex_unlock(&ifmgd->mtx); 1513 1514 switch (rma) { 1515 case RX_MGMT_NONE: 1516 /* no action */ 1517 break; 1518 case RX_MGMT_CFG80211_DEAUTH: 1519 cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len); 1520 break; 1521 case RX_MGMT_CFG80211_DISASSOC: 1522 cfg80211_send_disassoc(sdata->dev, (u8 *)mgmt, skb->len); 1523 break; 1524 default: 1525 WARN(1, "unexpected: %d", rma); 1526 } 1527 goto out; 1528 } 1529 1530 mutex_unlock(&ifmgd->mtx); 1531 1532 if (skb->len >= 24 + 2 /* mgmt + deauth reason */ && 1533 (fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_DEAUTH) 1534 cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len); 1535 1536 out: 1537 kfree_skb(skb); 1538 } 1539 1540 static void ieee80211_sta_timer(unsigned long data) 1541 { 1542 struct ieee80211_sub_if_data *sdata = 1543 (struct ieee80211_sub_if_data *) data; 1544 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1545 struct ieee80211_local *local = sdata->local; 1546 1547 if (local->quiescing) { 1548 set_bit(TMR_RUNNING_TIMER, &ifmgd->timers_running); 1549 return; 1550 } 1551 1552 ieee80211_queue_work(&local->hw, &ifmgd->work); 1553 } 1554 1555 static void ieee80211_sta_work(struct work_struct *work) 1556 { 1557 struct ieee80211_sub_if_data *sdata = 1558 container_of(work, struct ieee80211_sub_if_data, u.mgd.work); 1559 struct ieee80211_local *local = sdata->local; 1560 struct ieee80211_if_managed *ifmgd; 1561 struct sk_buff *skb; 1562 1563 if (!ieee80211_sdata_running(sdata)) 1564 return; 1565 1566 if (local->scanning) 1567 return; 1568 1569 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 1570 return; 1571 1572 /* 1573 * ieee80211_queue_work() should have picked up most cases, 1574 * here we'll pick the the rest. 1575 */ 1576 if (WARN(local->suspended, "STA MLME work scheduled while " 1577 "going to suspend\n")) 1578 return; 1579 1580 ifmgd = &sdata->u.mgd; 1581 1582 /* first process frames to avoid timing out while a frame is pending */ 1583 while ((skb = skb_dequeue(&ifmgd->skb_queue))) 1584 ieee80211_sta_rx_queued_mgmt(sdata, skb); 1585 1586 /* then process the rest of the work */ 1587 mutex_lock(&ifmgd->mtx); 1588 1589 if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 1590 IEEE80211_STA_CONNECTION_POLL) && 1591 ifmgd->associated) { 1592 u8 bssid[ETH_ALEN]; 1593 1594 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN); 1595 if (time_is_after_jiffies(ifmgd->probe_timeout)) 1596 run_again(ifmgd, ifmgd->probe_timeout); 1597 1598 else if (ifmgd->probe_send_count < IEEE80211_MAX_PROBE_TRIES) { 1599 #ifdef CONFIG_MAC80211_VERBOSE_DEBUG 1600 printk(KERN_DEBUG "No probe response from AP %pM" 1601 " after %dms, try %d\n", bssid, 1602 (1000 * IEEE80211_PROBE_WAIT)/HZ, 1603 ifmgd->probe_send_count); 1604 #endif 1605 ieee80211_mgd_probe_ap_send(sdata); 1606 } else { 1607 /* 1608 * We actually lost the connection ... or did we? 1609 * Let's make sure! 1610 */ 1611 ifmgd->flags &= ~(IEEE80211_STA_CONNECTION_POLL | 1612 IEEE80211_STA_BEACON_POLL); 1613 printk(KERN_DEBUG "No probe response from AP %pM" 1614 " after %dms, disconnecting.\n", 1615 bssid, (1000 * IEEE80211_PROBE_WAIT)/HZ); 1616 ieee80211_set_disassoc(sdata); 1617 ieee80211_recalc_idle(local); 1618 mutex_unlock(&ifmgd->mtx); 1619 /* 1620 * must be outside lock due to cfg80211, 1621 * but that's not a problem. 1622 */ 1623 ieee80211_send_deauth_disassoc(sdata, bssid, 1624 IEEE80211_STYPE_DEAUTH, 1625 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, 1626 NULL); 1627 mutex_lock(&ifmgd->mtx); 1628 } 1629 } 1630 1631 mutex_unlock(&ifmgd->mtx); 1632 } 1633 1634 static void ieee80211_sta_bcn_mon_timer(unsigned long data) 1635 { 1636 struct ieee80211_sub_if_data *sdata = 1637 (struct ieee80211_sub_if_data *) data; 1638 struct ieee80211_local *local = sdata->local; 1639 1640 if (local->quiescing) 1641 return; 1642 1643 ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.beacon_loss_work); 1644 } 1645 1646 static void ieee80211_sta_conn_mon_timer(unsigned long data) 1647 { 1648 struct ieee80211_sub_if_data *sdata = 1649 (struct ieee80211_sub_if_data *) data; 1650 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1651 struct ieee80211_local *local = sdata->local; 1652 1653 if (local->quiescing) 1654 return; 1655 1656 ieee80211_queue_work(&local->hw, &ifmgd->monitor_work); 1657 } 1658 1659 static void ieee80211_sta_monitor_work(struct work_struct *work) 1660 { 1661 struct ieee80211_sub_if_data *sdata = 1662 container_of(work, struct ieee80211_sub_if_data, 1663 u.mgd.monitor_work); 1664 1665 ieee80211_mgd_probe_ap(sdata, false); 1666 } 1667 1668 static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata) 1669 { 1670 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 1671 sdata->u.mgd.flags &= ~(IEEE80211_STA_BEACON_POLL | 1672 IEEE80211_STA_CONNECTION_POLL); 1673 1674 /* let's probe the connection once */ 1675 ieee80211_queue_work(&sdata->local->hw, 1676 &sdata->u.mgd.monitor_work); 1677 /* and do all the other regular work too */ 1678 ieee80211_queue_work(&sdata->local->hw, 1679 &sdata->u.mgd.work); 1680 } 1681 } 1682 1683 #ifdef CONFIG_PM 1684 void ieee80211_sta_quiesce(struct ieee80211_sub_if_data *sdata) 1685 { 1686 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1687 1688 /* 1689 * we need to use atomic bitops for the running bits 1690 * only because both timers might fire at the same 1691 * time -- the code here is properly synchronised. 1692 */ 1693 1694 cancel_work_sync(&ifmgd->work); 1695 cancel_work_sync(&ifmgd->beacon_loss_work); 1696 if (del_timer_sync(&ifmgd->timer)) 1697 set_bit(TMR_RUNNING_TIMER, &ifmgd->timers_running); 1698 1699 cancel_work_sync(&ifmgd->chswitch_work); 1700 if (del_timer_sync(&ifmgd->chswitch_timer)) 1701 set_bit(TMR_RUNNING_CHANSW, &ifmgd->timers_running); 1702 1703 cancel_work_sync(&ifmgd->monitor_work); 1704 /* these will just be re-established on connection */ 1705 del_timer_sync(&ifmgd->conn_mon_timer); 1706 del_timer_sync(&ifmgd->bcn_mon_timer); 1707 } 1708 1709 void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata) 1710 { 1711 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1712 1713 if (test_and_clear_bit(TMR_RUNNING_TIMER, &ifmgd->timers_running)) 1714 add_timer(&ifmgd->timer); 1715 if (test_and_clear_bit(TMR_RUNNING_CHANSW, &ifmgd->timers_running)) 1716 add_timer(&ifmgd->chswitch_timer); 1717 } 1718 #endif 1719 1720 /* interface setup */ 1721 void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata) 1722 { 1723 struct ieee80211_if_managed *ifmgd; 1724 1725 ifmgd = &sdata->u.mgd; 1726 INIT_WORK(&ifmgd->work, ieee80211_sta_work); 1727 INIT_WORK(&ifmgd->monitor_work, ieee80211_sta_monitor_work); 1728 INIT_WORK(&ifmgd->chswitch_work, ieee80211_chswitch_work); 1729 INIT_WORK(&ifmgd->beacon_loss_work, ieee80211_beacon_loss_work); 1730 setup_timer(&ifmgd->timer, ieee80211_sta_timer, 1731 (unsigned long) sdata); 1732 setup_timer(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer, 1733 (unsigned long) sdata); 1734 setup_timer(&ifmgd->conn_mon_timer, ieee80211_sta_conn_mon_timer, 1735 (unsigned long) sdata); 1736 setup_timer(&ifmgd->chswitch_timer, ieee80211_chswitch_timer, 1737 (unsigned long) sdata); 1738 skb_queue_head_init(&ifmgd->skb_queue); 1739 1740 ifmgd->flags = 0; 1741 1742 mutex_init(&ifmgd->mtx); 1743 1744 if (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_SMPS) 1745 ifmgd->req_smps = IEEE80211_SMPS_AUTOMATIC; 1746 else 1747 ifmgd->req_smps = IEEE80211_SMPS_OFF; 1748 } 1749 1750 /* scan finished notification */ 1751 void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local) 1752 { 1753 struct ieee80211_sub_if_data *sdata = local->scan_sdata; 1754 1755 /* Restart STA timers */ 1756 rcu_read_lock(); 1757 list_for_each_entry_rcu(sdata, &local->interfaces, list) 1758 ieee80211_restart_sta_timer(sdata); 1759 rcu_read_unlock(); 1760 } 1761 1762 int ieee80211_max_network_latency(struct notifier_block *nb, 1763 unsigned long data, void *dummy) 1764 { 1765 s32 latency_usec = (s32) data; 1766 struct ieee80211_local *local = 1767 container_of(nb, struct ieee80211_local, 1768 network_latency_notifier); 1769 1770 mutex_lock(&local->iflist_mtx); 1771 ieee80211_recalc_ps(local, latency_usec); 1772 mutex_unlock(&local->iflist_mtx); 1773 1774 return 0; 1775 } 1776 1777 /* config hooks */ 1778 static enum work_done_result 1779 ieee80211_probe_auth_done(struct ieee80211_work *wk, 1780 struct sk_buff *skb) 1781 { 1782 if (!skb) { 1783 cfg80211_send_auth_timeout(wk->sdata->dev, wk->filter_ta); 1784 return WORK_DONE_DESTROY; 1785 } 1786 1787 if (wk->type == IEEE80211_WORK_AUTH) { 1788 cfg80211_send_rx_auth(wk->sdata->dev, skb->data, skb->len); 1789 return WORK_DONE_DESTROY; 1790 } 1791 1792 mutex_lock(&wk->sdata->u.mgd.mtx); 1793 ieee80211_rx_mgmt_probe_resp(wk->sdata, skb); 1794 mutex_unlock(&wk->sdata->u.mgd.mtx); 1795 1796 wk->type = IEEE80211_WORK_AUTH; 1797 wk->probe_auth.tries = 0; 1798 return WORK_DONE_REQUEUE; 1799 } 1800 1801 int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata, 1802 struct cfg80211_auth_request *req) 1803 { 1804 const u8 *ssid; 1805 struct ieee80211_work *wk; 1806 u16 auth_alg; 1807 1808 switch (req->auth_type) { 1809 case NL80211_AUTHTYPE_OPEN_SYSTEM: 1810 auth_alg = WLAN_AUTH_OPEN; 1811 break; 1812 case NL80211_AUTHTYPE_SHARED_KEY: 1813 auth_alg = WLAN_AUTH_SHARED_KEY; 1814 break; 1815 case NL80211_AUTHTYPE_FT: 1816 auth_alg = WLAN_AUTH_FT; 1817 break; 1818 case NL80211_AUTHTYPE_NETWORK_EAP: 1819 auth_alg = WLAN_AUTH_LEAP; 1820 break; 1821 default: 1822 return -EOPNOTSUPP; 1823 } 1824 1825 wk = kzalloc(sizeof(*wk) + req->ie_len, GFP_KERNEL); 1826 if (!wk) 1827 return -ENOMEM; 1828 1829 memcpy(wk->filter_ta, req->bss->bssid, ETH_ALEN); 1830 1831 if (req->ie && req->ie_len) { 1832 memcpy(wk->ie, req->ie, req->ie_len); 1833 wk->ie_len = req->ie_len; 1834 } 1835 1836 if (req->key && req->key_len) { 1837 wk->probe_auth.key_len = req->key_len; 1838 wk->probe_auth.key_idx = req->key_idx; 1839 memcpy(wk->probe_auth.key, req->key, req->key_len); 1840 } 1841 1842 ssid = ieee80211_bss_get_ie(req->bss, WLAN_EID_SSID); 1843 memcpy(wk->probe_auth.ssid, ssid + 2, ssid[1]); 1844 wk->probe_auth.ssid_len = ssid[1]; 1845 1846 wk->probe_auth.algorithm = auth_alg; 1847 wk->probe_auth.privacy = req->bss->capability & WLAN_CAPABILITY_PRIVACY; 1848 1849 /* if we already have a probe, don't probe again */ 1850 if (req->bss->proberesp_ies) 1851 wk->type = IEEE80211_WORK_AUTH; 1852 else 1853 wk->type = IEEE80211_WORK_DIRECT_PROBE; 1854 wk->chan = req->bss->channel; 1855 wk->sdata = sdata; 1856 wk->done = ieee80211_probe_auth_done; 1857 1858 ieee80211_add_work(wk); 1859 return 0; 1860 } 1861 1862 static enum work_done_result ieee80211_assoc_done(struct ieee80211_work *wk, 1863 struct sk_buff *skb) 1864 { 1865 struct ieee80211_mgmt *mgmt; 1866 u16 status; 1867 1868 if (!skb) { 1869 cfg80211_send_assoc_timeout(wk->sdata->dev, wk->filter_ta); 1870 return WORK_DONE_DESTROY; 1871 } 1872 1873 mgmt = (void *)skb->data; 1874 status = le16_to_cpu(mgmt->u.assoc_resp.status_code); 1875 1876 if (status == WLAN_STATUS_SUCCESS) { 1877 mutex_lock(&wk->sdata->u.mgd.mtx); 1878 if (!ieee80211_assoc_success(wk, mgmt, skb->len)) { 1879 mutex_unlock(&wk->sdata->u.mgd.mtx); 1880 /* oops -- internal error -- send timeout for now */ 1881 cfg80211_send_assoc_timeout(wk->sdata->dev, 1882 wk->filter_ta); 1883 return WORK_DONE_DESTROY; 1884 } 1885 mutex_unlock(&wk->sdata->u.mgd.mtx); 1886 } 1887 1888 cfg80211_send_rx_assoc(wk->sdata->dev, skb->data, skb->len); 1889 return WORK_DONE_DESTROY; 1890 } 1891 1892 int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata, 1893 struct cfg80211_assoc_request *req) 1894 { 1895 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1896 struct ieee80211_bss *bss = (void *)req->bss->priv; 1897 struct ieee80211_work *wk; 1898 const u8 *ssid; 1899 int i; 1900 1901 mutex_lock(&ifmgd->mtx); 1902 if (ifmgd->associated) { 1903 if (!req->prev_bssid || 1904 memcmp(req->prev_bssid, ifmgd->associated->bssid, 1905 ETH_ALEN)) { 1906 /* 1907 * We are already associated and the request was not a 1908 * reassociation request from the current BSS, so 1909 * reject it. 1910 */ 1911 mutex_unlock(&ifmgd->mtx); 1912 return -EALREADY; 1913 } 1914 1915 /* Trying to reassociate - clear previous association state */ 1916 ieee80211_set_disassoc(sdata); 1917 } 1918 mutex_unlock(&ifmgd->mtx); 1919 1920 wk = kzalloc(sizeof(*wk) + req->ie_len, GFP_KERNEL); 1921 if (!wk) 1922 return -ENOMEM; 1923 1924 ifmgd->flags &= ~IEEE80211_STA_DISABLE_11N; 1925 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED; 1926 1927 for (i = 0; i < req->crypto.n_ciphers_pairwise; i++) 1928 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 || 1929 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP || 1930 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) 1931 ifmgd->flags |= IEEE80211_STA_DISABLE_11N; 1932 1933 1934 if (req->ie && req->ie_len) { 1935 memcpy(wk->ie, req->ie, req->ie_len); 1936 wk->ie_len = req->ie_len; 1937 } else 1938 wk->ie_len = 0; 1939 1940 wk->assoc.bss = req->bss; 1941 1942 memcpy(wk->filter_ta, req->bss->bssid, ETH_ALEN); 1943 1944 /* new association always uses requested smps mode */ 1945 if (ifmgd->req_smps == IEEE80211_SMPS_AUTOMATIC) { 1946 if (ifmgd->powersave) 1947 ifmgd->ap_smps = IEEE80211_SMPS_DYNAMIC; 1948 else 1949 ifmgd->ap_smps = IEEE80211_SMPS_OFF; 1950 } else 1951 ifmgd->ap_smps = ifmgd->req_smps; 1952 1953 wk->assoc.smps = ifmgd->ap_smps; 1954 /* 1955 * IEEE802.11n does not allow TKIP/WEP as pairwise ciphers in HT mode. 1956 * We still associate in non-HT mode (11a/b/g) if any one of these 1957 * ciphers is configured as pairwise. 1958 * We can set this to true for non-11n hardware, that'll be checked 1959 * separately along with the peer capabilities. 1960 */ 1961 wk->assoc.use_11n = !(ifmgd->flags & IEEE80211_STA_DISABLE_11N); 1962 wk->assoc.capability = req->bss->capability; 1963 wk->assoc.wmm_used = bss->wmm_used; 1964 wk->assoc.supp_rates = bss->supp_rates; 1965 wk->assoc.supp_rates_len = bss->supp_rates_len; 1966 wk->assoc.ht_information_ie = 1967 ieee80211_bss_get_ie(req->bss, WLAN_EID_HT_INFORMATION); 1968 1969 if (bss->wmm_used && bss->uapsd_supported && 1970 (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD)) { 1971 wk->assoc.uapsd_used = true; 1972 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED; 1973 } else { 1974 wk->assoc.uapsd_used = false; 1975 ifmgd->flags &= ~IEEE80211_STA_UAPSD_ENABLED; 1976 } 1977 1978 ssid = ieee80211_bss_get_ie(req->bss, WLAN_EID_SSID); 1979 memcpy(wk->assoc.ssid, ssid + 2, ssid[1]); 1980 wk->assoc.ssid_len = ssid[1]; 1981 1982 if (req->prev_bssid) 1983 memcpy(wk->assoc.prev_bssid, req->prev_bssid, ETH_ALEN); 1984 1985 wk->type = IEEE80211_WORK_ASSOC; 1986 wk->chan = req->bss->channel; 1987 wk->sdata = sdata; 1988 wk->done = ieee80211_assoc_done; 1989 1990 if (req->use_mfp) { 1991 ifmgd->mfp = IEEE80211_MFP_REQUIRED; 1992 ifmgd->flags |= IEEE80211_STA_MFP_ENABLED; 1993 } else { 1994 ifmgd->mfp = IEEE80211_MFP_DISABLED; 1995 ifmgd->flags &= ~IEEE80211_STA_MFP_ENABLED; 1996 } 1997 1998 if (req->crypto.control_port) 1999 ifmgd->flags |= IEEE80211_STA_CONTROL_PORT; 2000 else 2001 ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT; 2002 2003 ieee80211_add_work(wk); 2004 return 0; 2005 } 2006 2007 int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata, 2008 struct cfg80211_deauth_request *req, 2009 void *cookie) 2010 { 2011 struct ieee80211_local *local = sdata->local; 2012 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2013 struct ieee80211_work *wk; 2014 const u8 *bssid = req->bss->bssid; 2015 2016 mutex_lock(&ifmgd->mtx); 2017 2018 if (ifmgd->associated == req->bss) { 2019 bssid = req->bss->bssid; 2020 ieee80211_set_disassoc(sdata); 2021 mutex_unlock(&ifmgd->mtx); 2022 } else { 2023 bool not_auth_yet = false; 2024 2025 mutex_unlock(&ifmgd->mtx); 2026 2027 mutex_lock(&local->work_mtx); 2028 list_for_each_entry(wk, &local->work_list, list) { 2029 if (wk->sdata != sdata) 2030 continue; 2031 2032 if (wk->type != IEEE80211_WORK_DIRECT_PROBE && 2033 wk->type != IEEE80211_WORK_AUTH && 2034 wk->type != IEEE80211_WORK_ASSOC) 2035 continue; 2036 2037 if (memcmp(req->bss->bssid, wk->filter_ta, ETH_ALEN)) 2038 continue; 2039 2040 not_auth_yet = wk->type == IEEE80211_WORK_DIRECT_PROBE; 2041 list_del_rcu(&wk->list); 2042 free_work(wk); 2043 break; 2044 } 2045 mutex_unlock(&local->work_mtx); 2046 2047 /* 2048 * If somebody requests authentication and we haven't 2049 * sent out an auth frame yet there's no need to send 2050 * out a deauth frame either. If the state was PROBE, 2051 * then this is the case. If it's AUTH we have sent a 2052 * frame, and if it's IDLE we have completed the auth 2053 * process already. 2054 */ 2055 if (not_auth_yet) { 2056 __cfg80211_auth_canceled(sdata->dev, bssid); 2057 return 0; 2058 } 2059 } 2060 2061 printk(KERN_DEBUG "%s: deauthenticating from %pM by local choice (reason=%d)\n", 2062 sdata->name, bssid, req->reason_code); 2063 2064 ieee80211_send_deauth_disassoc(sdata, bssid, 2065 IEEE80211_STYPE_DEAUTH, req->reason_code, 2066 cookie); 2067 2068 ieee80211_recalc_idle(sdata->local); 2069 2070 return 0; 2071 } 2072 2073 int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata, 2074 struct cfg80211_disassoc_request *req, 2075 void *cookie) 2076 { 2077 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2078 2079 mutex_lock(&ifmgd->mtx); 2080 2081 /* 2082 * cfg80211 should catch this ... but it's racy since 2083 * we can receive a disassoc frame, process it, hand it 2084 * to cfg80211 while that's in a locked section already 2085 * trying to tell us that the user wants to disconnect. 2086 */ 2087 if (ifmgd->associated != req->bss) { 2088 mutex_unlock(&ifmgd->mtx); 2089 return -ENOLINK; 2090 } 2091 2092 printk(KERN_DEBUG "%s: disassociating from %pM by local choice (reason=%d)\n", 2093 sdata->name, req->bss->bssid, req->reason_code); 2094 2095 ieee80211_set_disassoc(sdata); 2096 2097 mutex_unlock(&ifmgd->mtx); 2098 2099 ieee80211_send_deauth_disassoc(sdata, req->bss->bssid, 2100 IEEE80211_STYPE_DISASSOC, req->reason_code, 2101 cookie); 2102 2103 ieee80211_recalc_idle(sdata->local); 2104 2105 return 0; 2106 } 2107 2108 int ieee80211_mgd_action(struct ieee80211_sub_if_data *sdata, 2109 struct ieee80211_channel *chan, 2110 enum nl80211_channel_type channel_type, 2111 const u8 *buf, size_t len, u64 *cookie) 2112 { 2113 struct ieee80211_local *local = sdata->local; 2114 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2115 struct sk_buff *skb; 2116 2117 /* Check that we are on the requested channel for transmission */ 2118 if ((chan != local->tmp_channel || 2119 channel_type != local->tmp_channel_type) && 2120 (chan != local->oper_channel || 2121 channel_type != local->oper_channel_type)) 2122 return -EBUSY; 2123 2124 skb = dev_alloc_skb(local->hw.extra_tx_headroom + len); 2125 if (!skb) 2126 return -ENOMEM; 2127 skb_reserve(skb, local->hw.extra_tx_headroom); 2128 2129 memcpy(skb_put(skb, len), buf, len); 2130 2131 if (!(ifmgd->flags & IEEE80211_STA_MFP_ENABLED)) 2132 IEEE80211_SKB_CB(skb)->flags |= 2133 IEEE80211_TX_INTFL_DONT_ENCRYPT; 2134 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_NL80211_FRAME_TX | 2135 IEEE80211_TX_CTL_REQ_TX_STATUS; 2136 skb->dev = sdata->dev; 2137 ieee80211_tx_skb(sdata, skb); 2138 2139 *cookie = (unsigned long) skb; 2140 return 0; 2141 } 2142