1 /* 2 * mac80211 TDLS handling code 3 * 4 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net> 5 * Copyright 2014, Intel Corporation 6 * Copyright 2014 Intel Mobile Communications GmbH 7 * 8 * This file is GPLv2 as found in COPYING. 9 */ 10 11 #include <linux/ieee80211.h> 12 #include <linux/log2.h> 13 #include <net/cfg80211.h> 14 #include "ieee80211_i.h" 15 #include "driver-ops.h" 16 17 /* give usermode some time for retries in setting up the TDLS session */ 18 #define TDLS_PEER_SETUP_TIMEOUT (15 * HZ) 19 20 void ieee80211_tdls_peer_del_work(struct work_struct *wk) 21 { 22 struct ieee80211_sub_if_data *sdata; 23 struct ieee80211_local *local; 24 25 sdata = container_of(wk, struct ieee80211_sub_if_data, 26 u.mgd.tdls_peer_del_work.work); 27 local = sdata->local; 28 29 mutex_lock(&local->mtx); 30 if (!is_zero_ether_addr(sdata->u.mgd.tdls_peer)) { 31 tdls_dbg(sdata, "TDLS del peer %pM\n", sdata->u.mgd.tdls_peer); 32 sta_info_destroy_addr(sdata, sdata->u.mgd.tdls_peer); 33 eth_zero_addr(sdata->u.mgd.tdls_peer); 34 } 35 mutex_unlock(&local->mtx); 36 } 37 38 static void ieee80211_tdls_add_ext_capab(struct ieee80211_local *local, 39 struct sk_buff *skb) 40 { 41 u8 *pos = (void *)skb_put(skb, 7); 42 bool chan_switch = local->hw.wiphy->features & 43 NL80211_FEATURE_TDLS_CHANNEL_SWITCH; 44 45 *pos++ = WLAN_EID_EXT_CAPABILITY; 46 *pos++ = 5; /* len */ 47 *pos++ = 0x0; 48 *pos++ = 0x0; 49 *pos++ = 0x0; 50 *pos++ = chan_switch ? WLAN_EXT_CAPA4_TDLS_CHAN_SWITCH : 0; 51 *pos++ = WLAN_EXT_CAPA5_TDLS_ENABLED; 52 } 53 54 static u8 55 ieee80211_tdls_add_subband(struct ieee80211_sub_if_data *sdata, 56 struct sk_buff *skb, u16 start, u16 end, 57 u16 spacing) 58 { 59 u8 subband_cnt = 0, ch_cnt = 0; 60 struct ieee80211_channel *ch; 61 struct cfg80211_chan_def chandef; 62 int i, subband_start; 63 64 for (i = start; i <= end; i += spacing) { 65 if (!ch_cnt) 66 subband_start = i; 67 68 ch = ieee80211_get_channel(sdata->local->hw.wiphy, i); 69 if (ch) { 70 /* we will be active on the channel */ 71 cfg80211_chandef_create(&chandef, ch, 72 NL80211_CHAN_NO_HT); 73 if (cfg80211_reg_can_beacon(sdata->local->hw.wiphy, 74 &chandef, 75 sdata->wdev.iftype)) { 76 ch_cnt++; 77 /* 78 * check if the next channel is also part of 79 * this allowed range 80 */ 81 continue; 82 } 83 } 84 85 /* 86 * we've reached the end of a range, with allowed channels 87 * found 88 */ 89 if (ch_cnt) { 90 u8 *pos = skb_put(skb, 2); 91 *pos++ = ieee80211_frequency_to_channel(subband_start); 92 *pos++ = ch_cnt; 93 94 subband_cnt++; 95 ch_cnt = 0; 96 } 97 } 98 99 /* all channels in the requested range are allowed - add them here */ 100 if (ch_cnt) { 101 u8 *pos = skb_put(skb, 2); 102 *pos++ = ieee80211_frequency_to_channel(subband_start); 103 *pos++ = ch_cnt; 104 105 subband_cnt++; 106 } 107 108 return subband_cnt; 109 } 110 111 static void 112 ieee80211_tdls_add_supp_channels(struct ieee80211_sub_if_data *sdata, 113 struct sk_buff *skb) 114 { 115 /* 116 * Add possible channels for TDLS. These are channels that are allowed 117 * to be active. 118 */ 119 u8 subband_cnt; 120 u8 *pos = skb_put(skb, 2); 121 122 *pos++ = WLAN_EID_SUPPORTED_CHANNELS; 123 124 /* 125 * 5GHz and 2GHz channels numbers can overlap. Ignore this for now, as 126 * this doesn't happen in real world scenarios. 127 */ 128 129 /* 2GHz, with 5MHz spacing */ 130 subband_cnt = ieee80211_tdls_add_subband(sdata, skb, 2412, 2472, 5); 131 132 /* 5GHz, with 20MHz spacing */ 133 subband_cnt += ieee80211_tdls_add_subband(sdata, skb, 5000, 5825, 20); 134 135 /* length */ 136 *pos = 2 * subband_cnt; 137 } 138 139 static void ieee80211_tdls_add_bss_coex_ie(struct sk_buff *skb) 140 { 141 u8 *pos = (void *)skb_put(skb, 3); 142 143 *pos++ = WLAN_EID_BSS_COEX_2040; 144 *pos++ = 1; /* len */ 145 146 *pos++ = WLAN_BSS_COEX_INFORMATION_REQUEST; 147 } 148 149 static u16 ieee80211_get_tdls_sta_capab(struct ieee80211_sub_if_data *sdata, 150 u16 status_code) 151 { 152 struct ieee80211_local *local = sdata->local; 153 u16 capab; 154 155 /* The capability will be 0 when sending a failure code */ 156 if (status_code != 0) 157 return 0; 158 159 capab = 0; 160 if (ieee80211_get_sdata_band(sdata) != IEEE80211_BAND_2GHZ) 161 return capab; 162 163 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE)) 164 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME; 165 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE)) 166 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE; 167 168 return capab; 169 } 170 171 static void ieee80211_tdls_add_link_ie(struct ieee80211_sub_if_data *sdata, 172 struct sk_buff *skb, const u8 *peer, 173 bool initiator) 174 { 175 struct ieee80211_tdls_lnkie *lnkid; 176 const u8 *init_addr, *rsp_addr; 177 178 if (initiator) { 179 init_addr = sdata->vif.addr; 180 rsp_addr = peer; 181 } else { 182 init_addr = peer; 183 rsp_addr = sdata->vif.addr; 184 } 185 186 lnkid = (void *)skb_put(skb, sizeof(struct ieee80211_tdls_lnkie)); 187 188 lnkid->ie_type = WLAN_EID_LINK_ID; 189 lnkid->ie_len = sizeof(struct ieee80211_tdls_lnkie) - 2; 190 191 memcpy(lnkid->bssid, sdata->u.mgd.bssid, ETH_ALEN); 192 memcpy(lnkid->init_sta, init_addr, ETH_ALEN); 193 memcpy(lnkid->resp_sta, rsp_addr, ETH_ALEN); 194 } 195 196 /* translate numbering in the WMM parameter IE to the mac80211 notation */ 197 static enum ieee80211_ac_numbers ieee80211_ac_from_wmm(int ac) 198 { 199 switch (ac) { 200 default: 201 WARN_ON_ONCE(1); 202 case 0: 203 return IEEE80211_AC_BE; 204 case 1: 205 return IEEE80211_AC_BK; 206 case 2: 207 return IEEE80211_AC_VI; 208 case 3: 209 return IEEE80211_AC_VO; 210 } 211 } 212 213 static u8 ieee80211_wmm_aci_aifsn(int aifsn, bool acm, int aci) 214 { 215 u8 ret; 216 217 ret = aifsn & 0x0f; 218 if (acm) 219 ret |= 0x10; 220 ret |= (aci << 5) & 0x60; 221 return ret; 222 } 223 224 static u8 ieee80211_wmm_ecw(u16 cw_min, u16 cw_max) 225 { 226 return ((ilog2(cw_min + 1) << 0x0) & 0x0f) | 227 ((ilog2(cw_max + 1) << 0x4) & 0xf0); 228 } 229 230 static void ieee80211_tdls_add_wmm_param_ie(struct ieee80211_sub_if_data *sdata, 231 struct sk_buff *skb) 232 { 233 struct ieee80211_wmm_param_ie *wmm; 234 struct ieee80211_tx_queue_params *txq; 235 int i; 236 237 wmm = (void *)skb_put(skb, sizeof(*wmm)); 238 memset(wmm, 0, sizeof(*wmm)); 239 240 wmm->element_id = WLAN_EID_VENDOR_SPECIFIC; 241 wmm->len = sizeof(*wmm) - 2; 242 243 wmm->oui[0] = 0x00; /* Microsoft OUI 00:50:F2 */ 244 wmm->oui[1] = 0x50; 245 wmm->oui[2] = 0xf2; 246 wmm->oui_type = 2; /* WME */ 247 wmm->oui_subtype = 1; /* WME param */ 248 wmm->version = 1; /* WME ver */ 249 wmm->qos_info = 0; /* U-APSD not in use */ 250 251 /* 252 * Use the EDCA parameters defined for the BSS, or default if the AP 253 * doesn't support it, as mandated by 802.11-2012 section 10.22.4 254 */ 255 for (i = 0; i < IEEE80211_NUM_ACS; i++) { 256 txq = &sdata->tx_conf[ieee80211_ac_from_wmm(i)]; 257 wmm->ac[i].aci_aifsn = ieee80211_wmm_aci_aifsn(txq->aifs, 258 txq->acm, i); 259 wmm->ac[i].cw = ieee80211_wmm_ecw(txq->cw_min, txq->cw_max); 260 wmm->ac[i].txop_limit = cpu_to_le16(txq->txop); 261 } 262 } 263 264 static void 265 ieee80211_tdls_add_setup_start_ies(struct ieee80211_sub_if_data *sdata, 266 struct sk_buff *skb, const u8 *peer, 267 u8 action_code, bool initiator, 268 const u8 *extra_ies, size_t extra_ies_len) 269 { 270 enum ieee80211_band band = ieee80211_get_sdata_band(sdata); 271 struct ieee80211_local *local = sdata->local; 272 struct ieee80211_supported_band *sband; 273 struct ieee80211_sta_ht_cap ht_cap; 274 struct sta_info *sta = NULL; 275 size_t offset = 0, noffset; 276 u8 *pos; 277 278 rcu_read_lock(); 279 280 /* we should have the peer STA if we're already responding */ 281 if (action_code == WLAN_TDLS_SETUP_RESPONSE) { 282 sta = sta_info_get(sdata, peer); 283 if (WARN_ON_ONCE(!sta)) { 284 rcu_read_unlock(); 285 return; 286 } 287 } 288 289 ieee80211_add_srates_ie(sdata, skb, false, band); 290 ieee80211_add_ext_srates_ie(sdata, skb, false, band); 291 ieee80211_tdls_add_supp_channels(sdata, skb); 292 293 /* add any custom IEs that go before Extended Capabilities */ 294 if (extra_ies_len) { 295 static const u8 before_ext_cap[] = { 296 WLAN_EID_SUPP_RATES, 297 WLAN_EID_COUNTRY, 298 WLAN_EID_EXT_SUPP_RATES, 299 WLAN_EID_SUPPORTED_CHANNELS, 300 WLAN_EID_RSN, 301 }; 302 noffset = ieee80211_ie_split(extra_ies, extra_ies_len, 303 before_ext_cap, 304 ARRAY_SIZE(before_ext_cap), 305 offset); 306 pos = skb_put(skb, noffset - offset); 307 memcpy(pos, extra_ies + offset, noffset - offset); 308 offset = noffset; 309 } 310 311 ieee80211_tdls_add_ext_capab(local, skb); 312 313 /* add the QoS element if we support it */ 314 if (local->hw.queues >= IEEE80211_NUM_ACS && 315 action_code != WLAN_PUB_ACTION_TDLS_DISCOVER_RES) 316 ieee80211_add_wmm_info_ie(skb_put(skb, 9), 0); /* no U-APSD */ 317 318 /* add any custom IEs that go before HT capabilities */ 319 if (extra_ies_len) { 320 static const u8 before_ht_cap[] = { 321 WLAN_EID_SUPP_RATES, 322 WLAN_EID_COUNTRY, 323 WLAN_EID_EXT_SUPP_RATES, 324 WLAN_EID_SUPPORTED_CHANNELS, 325 WLAN_EID_RSN, 326 WLAN_EID_EXT_CAPABILITY, 327 WLAN_EID_QOS_CAPA, 328 WLAN_EID_FAST_BSS_TRANSITION, 329 WLAN_EID_TIMEOUT_INTERVAL, 330 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 331 }; 332 noffset = ieee80211_ie_split(extra_ies, extra_ies_len, 333 before_ht_cap, 334 ARRAY_SIZE(before_ht_cap), 335 offset); 336 pos = skb_put(skb, noffset - offset); 337 memcpy(pos, extra_ies + offset, noffset - offset); 338 offset = noffset; 339 } 340 341 /* 342 * with TDLS we can switch channels, and HT-caps are not necessarily 343 * the same on all bands. The specification limits the setup to a 344 * single HT-cap, so use the current band for now. 345 */ 346 sband = local->hw.wiphy->bands[band]; 347 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap)); 348 349 if (action_code == WLAN_TDLS_SETUP_REQUEST && ht_cap.ht_supported) { 350 ieee80211_apply_htcap_overrides(sdata, &ht_cap); 351 352 /* disable SMPS in TDLS initiator */ 353 ht_cap.cap |= WLAN_HT_CAP_SM_PS_DISABLED 354 << IEEE80211_HT_CAP_SM_PS_SHIFT; 355 356 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2); 357 ieee80211_ie_build_ht_cap(pos, &ht_cap, ht_cap.cap); 358 } else if (action_code == WLAN_TDLS_SETUP_RESPONSE && 359 ht_cap.ht_supported && sta->sta.ht_cap.ht_supported) { 360 /* disable SMPS in TDLS responder */ 361 sta->sta.ht_cap.cap |= WLAN_HT_CAP_SM_PS_DISABLED 362 << IEEE80211_HT_CAP_SM_PS_SHIFT; 363 364 /* the peer caps are already intersected with our own */ 365 memcpy(&ht_cap, &sta->sta.ht_cap, sizeof(ht_cap)); 366 367 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2); 368 ieee80211_ie_build_ht_cap(pos, &ht_cap, ht_cap.cap); 369 } 370 371 rcu_read_unlock(); 372 373 if (ht_cap.ht_supported && 374 (ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40)) 375 ieee80211_tdls_add_bss_coex_ie(skb); 376 377 /* add any remaining IEs */ 378 if (extra_ies_len) { 379 noffset = extra_ies_len; 380 pos = skb_put(skb, noffset - offset); 381 memcpy(pos, extra_ies + offset, noffset - offset); 382 } 383 384 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator); 385 } 386 387 static void 388 ieee80211_tdls_add_setup_cfm_ies(struct ieee80211_sub_if_data *sdata, 389 struct sk_buff *skb, const u8 *peer, 390 bool initiator, const u8 *extra_ies, 391 size_t extra_ies_len) 392 { 393 struct ieee80211_local *local = sdata->local; 394 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 395 size_t offset = 0, noffset; 396 struct sta_info *sta, *ap_sta; 397 u8 *pos; 398 399 rcu_read_lock(); 400 401 sta = sta_info_get(sdata, peer); 402 ap_sta = sta_info_get(sdata, ifmgd->bssid); 403 if (WARN_ON_ONCE(!sta || !ap_sta)) { 404 rcu_read_unlock(); 405 return; 406 } 407 408 /* add any custom IEs that go before the QoS IE */ 409 if (extra_ies_len) { 410 static const u8 before_qos[] = { 411 WLAN_EID_RSN, 412 }; 413 noffset = ieee80211_ie_split(extra_ies, extra_ies_len, 414 before_qos, 415 ARRAY_SIZE(before_qos), 416 offset); 417 pos = skb_put(skb, noffset - offset); 418 memcpy(pos, extra_ies + offset, noffset - offset); 419 offset = noffset; 420 } 421 422 /* add the QoS param IE if both the peer and we support it */ 423 if (local->hw.queues >= IEEE80211_NUM_ACS && sta->sta.wme) 424 ieee80211_tdls_add_wmm_param_ie(sdata, skb); 425 426 /* add any custom IEs that go before HT operation */ 427 if (extra_ies_len) { 428 static const u8 before_ht_op[] = { 429 WLAN_EID_RSN, 430 WLAN_EID_QOS_CAPA, 431 WLAN_EID_FAST_BSS_TRANSITION, 432 WLAN_EID_TIMEOUT_INTERVAL, 433 }; 434 noffset = ieee80211_ie_split(extra_ies, extra_ies_len, 435 before_ht_op, 436 ARRAY_SIZE(before_ht_op), 437 offset); 438 pos = skb_put(skb, noffset - offset); 439 memcpy(pos, extra_ies + offset, noffset - offset); 440 offset = noffset; 441 } 442 443 /* if HT support is only added in TDLS, we need an HT-operation IE */ 444 if (!ap_sta->sta.ht_cap.ht_supported && sta->sta.ht_cap.ht_supported) { 445 struct ieee80211_chanctx_conf *chanctx_conf = 446 rcu_dereference(sdata->vif.chanctx_conf); 447 if (!WARN_ON(!chanctx_conf)) { 448 pos = skb_put(skb, 2 + 449 sizeof(struct ieee80211_ht_operation)); 450 /* send an empty HT operation IE */ 451 ieee80211_ie_build_ht_oper(pos, &sta->sta.ht_cap, 452 &chanctx_conf->def, 0); 453 } 454 } 455 456 rcu_read_unlock(); 457 458 /* add any remaining IEs */ 459 if (extra_ies_len) { 460 noffset = extra_ies_len; 461 pos = skb_put(skb, noffset - offset); 462 memcpy(pos, extra_ies + offset, noffset - offset); 463 } 464 465 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator); 466 } 467 468 static void 469 ieee80211_tdls_add_chan_switch_req_ies(struct ieee80211_sub_if_data *sdata, 470 struct sk_buff *skb, const u8 *peer, 471 bool initiator, const u8 *extra_ies, 472 size_t extra_ies_len, u8 oper_class, 473 struct cfg80211_chan_def *chandef) 474 { 475 struct ieee80211_tdls_data *tf; 476 size_t offset = 0, noffset; 477 u8 *pos; 478 479 if (WARN_ON_ONCE(!chandef)) 480 return; 481 482 tf = (void *)skb->data; 483 tf->u.chan_switch_req.target_channel = 484 ieee80211_frequency_to_channel(chandef->chan->center_freq); 485 tf->u.chan_switch_req.oper_class = oper_class; 486 487 if (extra_ies_len) { 488 static const u8 before_lnkie[] = { 489 WLAN_EID_SECONDARY_CHANNEL_OFFSET, 490 }; 491 noffset = ieee80211_ie_split(extra_ies, extra_ies_len, 492 before_lnkie, 493 ARRAY_SIZE(before_lnkie), 494 offset); 495 pos = skb_put(skb, noffset - offset); 496 memcpy(pos, extra_ies + offset, noffset - offset); 497 offset = noffset; 498 } 499 500 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator); 501 502 /* add any remaining IEs */ 503 if (extra_ies_len) { 504 noffset = extra_ies_len; 505 pos = skb_put(skb, noffset - offset); 506 memcpy(pos, extra_ies + offset, noffset - offset); 507 } 508 } 509 510 static void 511 ieee80211_tdls_add_chan_switch_resp_ies(struct ieee80211_sub_if_data *sdata, 512 struct sk_buff *skb, const u8 *peer, 513 u16 status_code, bool initiator, 514 const u8 *extra_ies, 515 size_t extra_ies_len) 516 { 517 if (status_code == 0) 518 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator); 519 520 if (extra_ies_len) 521 memcpy(skb_put(skb, extra_ies_len), extra_ies, extra_ies_len); 522 } 523 524 static void ieee80211_tdls_add_ies(struct ieee80211_sub_if_data *sdata, 525 struct sk_buff *skb, const u8 *peer, 526 u8 action_code, u16 status_code, 527 bool initiator, const u8 *extra_ies, 528 size_t extra_ies_len, u8 oper_class, 529 struct cfg80211_chan_def *chandef) 530 { 531 switch (action_code) { 532 case WLAN_TDLS_SETUP_REQUEST: 533 case WLAN_TDLS_SETUP_RESPONSE: 534 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES: 535 if (status_code == 0) 536 ieee80211_tdls_add_setup_start_ies(sdata, skb, peer, 537 action_code, 538 initiator, 539 extra_ies, 540 extra_ies_len); 541 break; 542 case WLAN_TDLS_SETUP_CONFIRM: 543 if (status_code == 0) 544 ieee80211_tdls_add_setup_cfm_ies(sdata, skb, peer, 545 initiator, extra_ies, 546 extra_ies_len); 547 break; 548 case WLAN_TDLS_TEARDOWN: 549 case WLAN_TDLS_DISCOVERY_REQUEST: 550 if (extra_ies_len) 551 memcpy(skb_put(skb, extra_ies_len), extra_ies, 552 extra_ies_len); 553 if (status_code == 0 || action_code == WLAN_TDLS_TEARDOWN) 554 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator); 555 break; 556 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST: 557 ieee80211_tdls_add_chan_switch_req_ies(sdata, skb, peer, 558 initiator, extra_ies, 559 extra_ies_len, 560 oper_class, chandef); 561 break; 562 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE: 563 ieee80211_tdls_add_chan_switch_resp_ies(sdata, skb, peer, 564 status_code, 565 initiator, extra_ies, 566 extra_ies_len); 567 break; 568 } 569 570 } 571 572 static int 573 ieee80211_prep_tdls_encap_data(struct wiphy *wiphy, struct net_device *dev, 574 const u8 *peer, u8 action_code, u8 dialog_token, 575 u16 status_code, struct sk_buff *skb) 576 { 577 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 578 struct ieee80211_tdls_data *tf; 579 580 tf = (void *)skb_put(skb, offsetof(struct ieee80211_tdls_data, u)); 581 582 memcpy(tf->da, peer, ETH_ALEN); 583 memcpy(tf->sa, sdata->vif.addr, ETH_ALEN); 584 tf->ether_type = cpu_to_be16(ETH_P_TDLS); 585 tf->payload_type = WLAN_TDLS_SNAP_RFTYPE; 586 587 /* network header is after the ethernet header */ 588 skb_set_network_header(skb, ETH_HLEN); 589 590 switch (action_code) { 591 case WLAN_TDLS_SETUP_REQUEST: 592 tf->category = WLAN_CATEGORY_TDLS; 593 tf->action_code = WLAN_TDLS_SETUP_REQUEST; 594 595 skb_put(skb, sizeof(tf->u.setup_req)); 596 tf->u.setup_req.dialog_token = dialog_token; 597 tf->u.setup_req.capability = 598 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata, 599 status_code)); 600 break; 601 case WLAN_TDLS_SETUP_RESPONSE: 602 tf->category = WLAN_CATEGORY_TDLS; 603 tf->action_code = WLAN_TDLS_SETUP_RESPONSE; 604 605 skb_put(skb, sizeof(tf->u.setup_resp)); 606 tf->u.setup_resp.status_code = cpu_to_le16(status_code); 607 tf->u.setup_resp.dialog_token = dialog_token; 608 tf->u.setup_resp.capability = 609 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata, 610 status_code)); 611 break; 612 case WLAN_TDLS_SETUP_CONFIRM: 613 tf->category = WLAN_CATEGORY_TDLS; 614 tf->action_code = WLAN_TDLS_SETUP_CONFIRM; 615 616 skb_put(skb, sizeof(tf->u.setup_cfm)); 617 tf->u.setup_cfm.status_code = cpu_to_le16(status_code); 618 tf->u.setup_cfm.dialog_token = dialog_token; 619 break; 620 case WLAN_TDLS_TEARDOWN: 621 tf->category = WLAN_CATEGORY_TDLS; 622 tf->action_code = WLAN_TDLS_TEARDOWN; 623 624 skb_put(skb, sizeof(tf->u.teardown)); 625 tf->u.teardown.reason_code = cpu_to_le16(status_code); 626 break; 627 case WLAN_TDLS_DISCOVERY_REQUEST: 628 tf->category = WLAN_CATEGORY_TDLS; 629 tf->action_code = WLAN_TDLS_DISCOVERY_REQUEST; 630 631 skb_put(skb, sizeof(tf->u.discover_req)); 632 tf->u.discover_req.dialog_token = dialog_token; 633 break; 634 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST: 635 tf->category = WLAN_CATEGORY_TDLS; 636 tf->action_code = WLAN_TDLS_CHANNEL_SWITCH_REQUEST; 637 638 skb_put(skb, sizeof(tf->u.chan_switch_req)); 639 break; 640 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE: 641 tf->category = WLAN_CATEGORY_TDLS; 642 tf->action_code = WLAN_TDLS_CHANNEL_SWITCH_RESPONSE; 643 644 skb_put(skb, sizeof(tf->u.chan_switch_resp)); 645 tf->u.chan_switch_resp.status_code = cpu_to_le16(status_code); 646 break; 647 default: 648 return -EINVAL; 649 } 650 651 return 0; 652 } 653 654 static int 655 ieee80211_prep_tdls_direct(struct wiphy *wiphy, struct net_device *dev, 656 const u8 *peer, u8 action_code, u8 dialog_token, 657 u16 status_code, struct sk_buff *skb) 658 { 659 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 660 struct ieee80211_mgmt *mgmt; 661 662 mgmt = (void *)skb_put(skb, 24); 663 memset(mgmt, 0, 24); 664 memcpy(mgmt->da, peer, ETH_ALEN); 665 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 666 memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN); 667 668 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 669 IEEE80211_STYPE_ACTION); 670 671 switch (action_code) { 672 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES: 673 skb_put(skb, 1 + sizeof(mgmt->u.action.u.tdls_discover_resp)); 674 mgmt->u.action.category = WLAN_CATEGORY_PUBLIC; 675 mgmt->u.action.u.tdls_discover_resp.action_code = 676 WLAN_PUB_ACTION_TDLS_DISCOVER_RES; 677 mgmt->u.action.u.tdls_discover_resp.dialog_token = 678 dialog_token; 679 mgmt->u.action.u.tdls_discover_resp.capability = 680 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata, 681 status_code)); 682 break; 683 default: 684 return -EINVAL; 685 } 686 687 return 0; 688 } 689 690 static struct sk_buff * 691 ieee80211_tdls_build_mgmt_packet_data(struct ieee80211_sub_if_data *sdata, 692 const u8 *peer, u8 action_code, 693 u8 dialog_token, u16 status_code, 694 bool initiator, const u8 *extra_ies, 695 size_t extra_ies_len, u8 oper_class, 696 struct cfg80211_chan_def *chandef) 697 { 698 struct ieee80211_local *local = sdata->local; 699 struct sk_buff *skb; 700 int ret; 701 702 skb = netdev_alloc_skb(sdata->dev, 703 local->hw.extra_tx_headroom + 704 max(sizeof(struct ieee80211_mgmt), 705 sizeof(struct ieee80211_tdls_data)) + 706 50 + /* supported rates */ 707 7 + /* ext capab */ 708 26 + /* max(WMM-info, WMM-param) */ 709 2 + max(sizeof(struct ieee80211_ht_cap), 710 sizeof(struct ieee80211_ht_operation)) + 711 50 + /* supported channels */ 712 3 + /* 40/20 BSS coex */ 713 extra_ies_len + 714 sizeof(struct ieee80211_tdls_lnkie)); 715 if (!skb) 716 return NULL; 717 718 skb_reserve(skb, local->hw.extra_tx_headroom); 719 720 switch (action_code) { 721 case WLAN_TDLS_SETUP_REQUEST: 722 case WLAN_TDLS_SETUP_RESPONSE: 723 case WLAN_TDLS_SETUP_CONFIRM: 724 case WLAN_TDLS_TEARDOWN: 725 case WLAN_TDLS_DISCOVERY_REQUEST: 726 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST: 727 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE: 728 ret = ieee80211_prep_tdls_encap_data(local->hw.wiphy, 729 sdata->dev, peer, 730 action_code, dialog_token, 731 status_code, skb); 732 break; 733 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES: 734 ret = ieee80211_prep_tdls_direct(local->hw.wiphy, sdata->dev, 735 peer, action_code, 736 dialog_token, status_code, 737 skb); 738 break; 739 default: 740 ret = -ENOTSUPP; 741 break; 742 } 743 744 if (ret < 0) 745 goto fail; 746 747 ieee80211_tdls_add_ies(sdata, skb, peer, action_code, status_code, 748 initiator, extra_ies, extra_ies_len, oper_class, 749 chandef); 750 return skb; 751 752 fail: 753 dev_kfree_skb(skb); 754 return NULL; 755 } 756 757 static int 758 ieee80211_tdls_prep_mgmt_packet(struct wiphy *wiphy, struct net_device *dev, 759 const u8 *peer, u8 action_code, u8 dialog_token, 760 u16 status_code, u32 peer_capability, 761 bool initiator, const u8 *extra_ies, 762 size_t extra_ies_len, u8 oper_class, 763 struct cfg80211_chan_def *chandef) 764 { 765 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 766 struct sk_buff *skb = NULL; 767 struct sta_info *sta; 768 u32 flags = 0; 769 int ret = 0; 770 771 rcu_read_lock(); 772 sta = sta_info_get(sdata, peer); 773 774 /* infer the initiator if we can, to support old userspace */ 775 switch (action_code) { 776 case WLAN_TDLS_SETUP_REQUEST: 777 if (sta) { 778 set_sta_flag(sta, WLAN_STA_TDLS_INITIATOR); 779 sta->sta.tdls_initiator = false; 780 } 781 /* fall-through */ 782 case WLAN_TDLS_SETUP_CONFIRM: 783 case WLAN_TDLS_DISCOVERY_REQUEST: 784 initiator = true; 785 break; 786 case WLAN_TDLS_SETUP_RESPONSE: 787 /* 788 * In some testing scenarios, we send a request and response. 789 * Make the last packet sent take effect for the initiator 790 * value. 791 */ 792 if (sta) { 793 clear_sta_flag(sta, WLAN_STA_TDLS_INITIATOR); 794 sta->sta.tdls_initiator = true; 795 } 796 /* fall-through */ 797 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES: 798 initiator = false; 799 break; 800 case WLAN_TDLS_TEARDOWN: 801 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST: 802 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE: 803 /* any value is ok */ 804 break; 805 default: 806 ret = -ENOTSUPP; 807 break; 808 } 809 810 if (sta && test_sta_flag(sta, WLAN_STA_TDLS_INITIATOR)) 811 initiator = true; 812 813 rcu_read_unlock(); 814 if (ret < 0) 815 goto fail; 816 817 skb = ieee80211_tdls_build_mgmt_packet_data(sdata, peer, action_code, 818 dialog_token, status_code, 819 initiator, extra_ies, 820 extra_ies_len, oper_class, 821 chandef); 822 if (!skb) { 823 ret = -EINVAL; 824 goto fail; 825 } 826 827 if (action_code == WLAN_PUB_ACTION_TDLS_DISCOVER_RES) { 828 ieee80211_tx_skb(sdata, skb); 829 return 0; 830 } 831 832 /* 833 * According to 802.11z: Setup req/resp are sent in AC_BK, otherwise 834 * we should default to AC_VI. 835 */ 836 switch (action_code) { 837 case WLAN_TDLS_SETUP_REQUEST: 838 case WLAN_TDLS_SETUP_RESPONSE: 839 skb_set_queue_mapping(skb, IEEE80211_AC_BK); 840 skb->priority = 2; 841 break; 842 default: 843 skb_set_queue_mapping(skb, IEEE80211_AC_VI); 844 skb->priority = 5; 845 break; 846 } 847 848 /* 849 * Set the WLAN_TDLS_TEARDOWN flag to indicate a teardown in progress. 850 * Later, if no ACK is returned from peer, we will re-send the teardown 851 * packet through the AP. 852 */ 853 if ((action_code == WLAN_TDLS_TEARDOWN) && 854 (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) { 855 bool try_resend; /* Should we keep skb for possible resend */ 856 857 /* If not sending directly to peer - no point in keeping skb */ 858 rcu_read_lock(); 859 sta = sta_info_get(sdata, peer); 860 try_resend = sta && test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH); 861 rcu_read_unlock(); 862 863 spin_lock_bh(&sdata->u.mgd.teardown_lock); 864 if (try_resend && !sdata->u.mgd.teardown_skb) { 865 /* Mark it as requiring TX status callback */ 866 flags |= IEEE80211_TX_CTL_REQ_TX_STATUS | 867 IEEE80211_TX_INTFL_MLME_CONN_TX; 868 869 /* 870 * skb is copied since mac80211 will later set 871 * properties that might not be the same as the AP, 872 * such as encryption, QoS, addresses, etc. 873 * 874 * No problem if skb_copy() fails, so no need to check. 875 */ 876 sdata->u.mgd.teardown_skb = skb_copy(skb, GFP_ATOMIC); 877 sdata->u.mgd.orig_teardown_skb = skb; 878 } 879 spin_unlock_bh(&sdata->u.mgd.teardown_lock); 880 } 881 882 /* disable bottom halves when entering the Tx path */ 883 local_bh_disable(); 884 __ieee80211_subif_start_xmit(skb, dev, flags); 885 local_bh_enable(); 886 887 return ret; 888 889 fail: 890 dev_kfree_skb(skb); 891 return ret; 892 } 893 894 static int 895 ieee80211_tdls_mgmt_setup(struct wiphy *wiphy, struct net_device *dev, 896 const u8 *peer, u8 action_code, u8 dialog_token, 897 u16 status_code, u32 peer_capability, bool initiator, 898 const u8 *extra_ies, size_t extra_ies_len) 899 { 900 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 901 struct ieee80211_local *local = sdata->local; 902 int ret; 903 904 mutex_lock(&local->mtx); 905 906 /* we don't support concurrent TDLS peer setups */ 907 if (!is_zero_ether_addr(sdata->u.mgd.tdls_peer) && 908 !ether_addr_equal(sdata->u.mgd.tdls_peer, peer)) { 909 ret = -EBUSY; 910 goto exit; 911 } 912 913 /* 914 * make sure we have a STA representing the peer so we drop or buffer 915 * non-TDLS-setup frames to the peer. We can't send other packets 916 * during setup through the AP path. 917 * Allow error packets to be sent - sometimes we don't even add a STA 918 * before failing the setup. 919 */ 920 if (status_code == 0) { 921 rcu_read_lock(); 922 if (!sta_info_get(sdata, peer)) { 923 rcu_read_unlock(); 924 ret = -ENOLINK; 925 goto exit; 926 } 927 rcu_read_unlock(); 928 } 929 930 ieee80211_flush_queues(local, sdata, false); 931 932 ret = ieee80211_tdls_prep_mgmt_packet(wiphy, dev, peer, action_code, 933 dialog_token, status_code, 934 peer_capability, initiator, 935 extra_ies, extra_ies_len, 0, 936 NULL); 937 if (ret < 0) 938 goto exit; 939 940 memcpy(sdata->u.mgd.tdls_peer, peer, ETH_ALEN); 941 ieee80211_queue_delayed_work(&sdata->local->hw, 942 &sdata->u.mgd.tdls_peer_del_work, 943 TDLS_PEER_SETUP_TIMEOUT); 944 945 exit: 946 mutex_unlock(&local->mtx); 947 return ret; 948 } 949 950 static int 951 ieee80211_tdls_mgmt_teardown(struct wiphy *wiphy, struct net_device *dev, 952 const u8 *peer, u8 action_code, u8 dialog_token, 953 u16 status_code, u32 peer_capability, 954 bool initiator, const u8 *extra_ies, 955 size_t extra_ies_len) 956 { 957 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 958 struct ieee80211_local *local = sdata->local; 959 struct sta_info *sta; 960 int ret; 961 962 /* 963 * No packets can be transmitted to the peer via the AP during setup - 964 * the STA is set as a TDLS peer, but is not authorized. 965 * During teardown, we prevent direct transmissions by stopping the 966 * queues and flushing all direct packets. 967 */ 968 ieee80211_stop_vif_queues(local, sdata, 969 IEEE80211_QUEUE_STOP_REASON_TDLS_TEARDOWN); 970 ieee80211_flush_queues(local, sdata, false); 971 972 ret = ieee80211_tdls_prep_mgmt_packet(wiphy, dev, peer, action_code, 973 dialog_token, status_code, 974 peer_capability, initiator, 975 extra_ies, extra_ies_len, 0, 976 NULL); 977 if (ret < 0) 978 sdata_err(sdata, "Failed sending TDLS teardown packet %d\n", 979 ret); 980 981 /* 982 * Remove the STA AUTH flag to force further traffic through the AP. If 983 * the STA was unreachable, it was already removed. 984 */ 985 rcu_read_lock(); 986 sta = sta_info_get(sdata, peer); 987 if (sta) 988 clear_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH); 989 rcu_read_unlock(); 990 991 ieee80211_wake_vif_queues(local, sdata, 992 IEEE80211_QUEUE_STOP_REASON_TDLS_TEARDOWN); 993 994 return 0; 995 } 996 997 int ieee80211_tdls_mgmt(struct wiphy *wiphy, struct net_device *dev, 998 const u8 *peer, u8 action_code, u8 dialog_token, 999 u16 status_code, u32 peer_capability, 1000 bool initiator, const u8 *extra_ies, 1001 size_t extra_ies_len) 1002 { 1003 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1004 int ret; 1005 1006 if (!(wiphy->flags & WIPHY_FLAG_SUPPORTS_TDLS)) 1007 return -ENOTSUPP; 1008 1009 /* make sure we are in managed mode, and associated */ 1010 if (sdata->vif.type != NL80211_IFTYPE_STATION || 1011 !sdata->u.mgd.associated) 1012 return -EINVAL; 1013 1014 switch (action_code) { 1015 case WLAN_TDLS_SETUP_REQUEST: 1016 case WLAN_TDLS_SETUP_RESPONSE: 1017 ret = ieee80211_tdls_mgmt_setup(wiphy, dev, peer, action_code, 1018 dialog_token, status_code, 1019 peer_capability, initiator, 1020 extra_ies, extra_ies_len); 1021 break; 1022 case WLAN_TDLS_TEARDOWN: 1023 ret = ieee80211_tdls_mgmt_teardown(wiphy, dev, peer, 1024 action_code, dialog_token, 1025 status_code, 1026 peer_capability, initiator, 1027 extra_ies, extra_ies_len); 1028 break; 1029 case WLAN_TDLS_DISCOVERY_REQUEST: 1030 /* 1031 * Protect the discovery so we can hear the TDLS discovery 1032 * response frame. It is transmitted directly and not buffered 1033 * by the AP. 1034 */ 1035 drv_mgd_protect_tdls_discover(sdata->local, sdata); 1036 /* fall-through */ 1037 case WLAN_TDLS_SETUP_CONFIRM: 1038 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES: 1039 /* no special handling */ 1040 ret = ieee80211_tdls_prep_mgmt_packet(wiphy, dev, peer, 1041 action_code, 1042 dialog_token, 1043 status_code, 1044 peer_capability, 1045 initiator, extra_ies, 1046 extra_ies_len, 0, NULL); 1047 break; 1048 default: 1049 ret = -EOPNOTSUPP; 1050 break; 1051 } 1052 1053 tdls_dbg(sdata, "TDLS mgmt action %d peer %pM status %d\n", 1054 action_code, peer, ret); 1055 return ret; 1056 } 1057 1058 int ieee80211_tdls_oper(struct wiphy *wiphy, struct net_device *dev, 1059 const u8 *peer, enum nl80211_tdls_operation oper) 1060 { 1061 struct sta_info *sta; 1062 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1063 struct ieee80211_local *local = sdata->local; 1064 int ret; 1065 1066 if (!(wiphy->flags & WIPHY_FLAG_SUPPORTS_TDLS)) 1067 return -ENOTSUPP; 1068 1069 if (sdata->vif.type != NL80211_IFTYPE_STATION) 1070 return -EINVAL; 1071 1072 switch (oper) { 1073 case NL80211_TDLS_ENABLE_LINK: 1074 case NL80211_TDLS_DISABLE_LINK: 1075 break; 1076 case NL80211_TDLS_TEARDOWN: 1077 case NL80211_TDLS_SETUP: 1078 case NL80211_TDLS_DISCOVERY_REQ: 1079 /* We don't support in-driver setup/teardown/discovery */ 1080 return -ENOTSUPP; 1081 } 1082 1083 mutex_lock(&local->mtx); 1084 tdls_dbg(sdata, "TDLS oper %d peer %pM\n", oper, peer); 1085 1086 switch (oper) { 1087 case NL80211_TDLS_ENABLE_LINK: 1088 rcu_read_lock(); 1089 sta = sta_info_get(sdata, peer); 1090 if (!sta) { 1091 rcu_read_unlock(); 1092 ret = -ENOLINK; 1093 break; 1094 } 1095 1096 set_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH); 1097 rcu_read_unlock(); 1098 1099 WARN_ON_ONCE(is_zero_ether_addr(sdata->u.mgd.tdls_peer) || 1100 !ether_addr_equal(sdata->u.mgd.tdls_peer, peer)); 1101 ret = 0; 1102 break; 1103 case NL80211_TDLS_DISABLE_LINK: 1104 /* 1105 * The teardown message in ieee80211_tdls_mgmt_teardown() was 1106 * created while the queues were stopped, so it might still be 1107 * pending. Before flushing the queues we need to be sure the 1108 * message is handled by the tasklet handling pending messages, 1109 * otherwise we might start destroying the station before 1110 * sending the teardown packet. 1111 * Note that this only forces the tasklet to flush pendings - 1112 * not to stop the tasklet from rescheduling itself. 1113 */ 1114 tasklet_kill(&local->tx_pending_tasklet); 1115 /* flush a potentially queued teardown packet */ 1116 ieee80211_flush_queues(local, sdata, false); 1117 1118 ret = sta_info_destroy_addr(sdata, peer); 1119 break; 1120 default: 1121 ret = -ENOTSUPP; 1122 break; 1123 } 1124 1125 if (ret == 0 && ether_addr_equal(sdata->u.mgd.tdls_peer, peer)) { 1126 cancel_delayed_work(&sdata->u.mgd.tdls_peer_del_work); 1127 eth_zero_addr(sdata->u.mgd.tdls_peer); 1128 } 1129 1130 mutex_unlock(&local->mtx); 1131 return ret; 1132 } 1133 1134 void ieee80211_tdls_oper_request(struct ieee80211_vif *vif, const u8 *peer, 1135 enum nl80211_tdls_operation oper, 1136 u16 reason_code, gfp_t gfp) 1137 { 1138 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 1139 1140 if (vif->type != NL80211_IFTYPE_STATION || !vif->bss_conf.assoc) { 1141 sdata_err(sdata, "Discarding TDLS oper %d - not STA or disconnected\n", 1142 oper); 1143 return; 1144 } 1145 1146 cfg80211_tdls_oper_request(sdata->dev, peer, oper, reason_code, gfp); 1147 } 1148 EXPORT_SYMBOL(ieee80211_tdls_oper_request); 1149 1150 static void 1151 iee80211_tdls_add_ch_switch_timing(u8 *buf, u16 switch_time, u16 switch_timeout) 1152 { 1153 struct ieee80211_ch_switch_timing *ch_sw; 1154 1155 *buf++ = WLAN_EID_CHAN_SWITCH_TIMING; 1156 *buf++ = sizeof(struct ieee80211_ch_switch_timing); 1157 1158 ch_sw = (void *)buf; 1159 ch_sw->switch_time = cpu_to_le16(switch_time); 1160 ch_sw->switch_timeout = cpu_to_le16(switch_timeout); 1161 } 1162 1163 /* find switch timing IE in SKB ready for Tx */ 1164 static const u8 *ieee80211_tdls_find_sw_timing_ie(struct sk_buff *skb) 1165 { 1166 struct ieee80211_tdls_data *tf; 1167 const u8 *ie_start; 1168 1169 /* 1170 * Get the offset for the new location of the switch timing IE. 1171 * The SKB network header will now point to the "payload_type" 1172 * element of the TDLS data frame struct. 1173 */ 1174 tf = container_of(skb->data + skb_network_offset(skb), 1175 struct ieee80211_tdls_data, payload_type); 1176 ie_start = tf->u.chan_switch_req.variable; 1177 return cfg80211_find_ie(WLAN_EID_CHAN_SWITCH_TIMING, ie_start, 1178 skb->len - (ie_start - skb->data)); 1179 } 1180 1181 static struct sk_buff * 1182 ieee80211_tdls_ch_sw_tmpl_get(struct sta_info *sta, u8 oper_class, 1183 struct cfg80211_chan_def *chandef, 1184 u32 *ch_sw_tm_ie_offset) 1185 { 1186 struct ieee80211_sub_if_data *sdata = sta->sdata; 1187 u8 extra_ies[2 + sizeof(struct ieee80211_sec_chan_offs_ie) + 1188 2 + sizeof(struct ieee80211_ch_switch_timing)]; 1189 int extra_ies_len = 2 + sizeof(struct ieee80211_ch_switch_timing); 1190 u8 *pos = extra_ies; 1191 struct sk_buff *skb; 1192 1193 /* 1194 * if chandef points to a wide channel add a Secondary-Channel 1195 * Offset information element 1196 */ 1197 if (chandef->width == NL80211_CHAN_WIDTH_40) { 1198 struct ieee80211_sec_chan_offs_ie *sec_chan_ie; 1199 bool ht40plus; 1200 1201 *pos++ = WLAN_EID_SECONDARY_CHANNEL_OFFSET; 1202 *pos++ = sizeof(*sec_chan_ie); 1203 sec_chan_ie = (void *)pos; 1204 1205 ht40plus = cfg80211_get_chandef_type(chandef) == 1206 NL80211_CHAN_HT40PLUS; 1207 sec_chan_ie->sec_chan_offs = ht40plus ? 1208 IEEE80211_HT_PARAM_CHA_SEC_ABOVE : 1209 IEEE80211_HT_PARAM_CHA_SEC_BELOW; 1210 pos += sizeof(*sec_chan_ie); 1211 1212 extra_ies_len += 2 + sizeof(struct ieee80211_sec_chan_offs_ie); 1213 } 1214 1215 /* just set the values to 0, this is a template */ 1216 iee80211_tdls_add_ch_switch_timing(pos, 0, 0); 1217 1218 skb = ieee80211_tdls_build_mgmt_packet_data(sdata, sta->sta.addr, 1219 WLAN_TDLS_CHANNEL_SWITCH_REQUEST, 1220 0, 0, !sta->sta.tdls_initiator, 1221 extra_ies, extra_ies_len, 1222 oper_class, chandef); 1223 if (!skb) 1224 return NULL; 1225 1226 skb = ieee80211_build_data_template(sdata, skb, 0); 1227 if (IS_ERR(skb)) { 1228 tdls_dbg(sdata, "Failed building TDLS channel switch frame\n"); 1229 return NULL; 1230 } 1231 1232 if (ch_sw_tm_ie_offset) { 1233 const u8 *tm_ie = ieee80211_tdls_find_sw_timing_ie(skb); 1234 1235 if (!tm_ie) { 1236 tdls_dbg(sdata, "No switch timing IE in TDLS switch\n"); 1237 dev_kfree_skb_any(skb); 1238 return NULL; 1239 } 1240 1241 *ch_sw_tm_ie_offset = tm_ie - skb->data; 1242 } 1243 1244 tdls_dbg(sdata, 1245 "TDLS channel switch request template for %pM ch %d width %d\n", 1246 sta->sta.addr, chandef->chan->center_freq, chandef->width); 1247 return skb; 1248 } 1249 1250 int 1251 ieee80211_tdls_channel_switch(struct wiphy *wiphy, struct net_device *dev, 1252 const u8 *addr, u8 oper_class, 1253 struct cfg80211_chan_def *chandef) 1254 { 1255 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1256 struct ieee80211_local *local = sdata->local; 1257 struct sta_info *sta; 1258 struct sk_buff *skb = NULL; 1259 u32 ch_sw_tm_ie; 1260 int ret; 1261 1262 mutex_lock(&local->sta_mtx); 1263 sta = sta_info_get(sdata, addr); 1264 if (!sta) { 1265 tdls_dbg(sdata, 1266 "Invalid TDLS peer %pM for channel switch request\n", 1267 addr); 1268 ret = -ENOENT; 1269 goto out; 1270 } 1271 1272 if (!test_sta_flag(sta, WLAN_STA_TDLS_CHAN_SWITCH)) { 1273 tdls_dbg(sdata, "TDLS channel switch unsupported by %pM\n", 1274 addr); 1275 ret = -ENOTSUPP; 1276 goto out; 1277 } 1278 1279 skb = ieee80211_tdls_ch_sw_tmpl_get(sta, oper_class, chandef, 1280 &ch_sw_tm_ie); 1281 if (!skb) { 1282 ret = -ENOENT; 1283 goto out; 1284 } 1285 1286 ret = drv_tdls_channel_switch(local, sdata, &sta->sta, oper_class, 1287 chandef, skb, ch_sw_tm_ie); 1288 if (!ret) 1289 set_sta_flag(sta, WLAN_STA_TDLS_OFF_CHANNEL); 1290 1291 out: 1292 mutex_unlock(&local->sta_mtx); 1293 dev_kfree_skb_any(skb); 1294 return ret; 1295 } 1296 1297 void 1298 ieee80211_tdls_cancel_channel_switch(struct wiphy *wiphy, 1299 struct net_device *dev, 1300 const u8 *addr) 1301 { 1302 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1303 struct ieee80211_local *local = sdata->local; 1304 struct sta_info *sta; 1305 1306 mutex_lock(&local->sta_mtx); 1307 sta = sta_info_get(sdata, addr); 1308 if (!sta) { 1309 tdls_dbg(sdata, 1310 "Invalid TDLS peer %pM for channel switch cancel\n", 1311 addr); 1312 goto out; 1313 } 1314 1315 if (!test_sta_flag(sta, WLAN_STA_TDLS_OFF_CHANNEL)) { 1316 tdls_dbg(sdata, "TDLS channel switch not initiated by %pM\n", 1317 addr); 1318 goto out; 1319 } 1320 1321 drv_tdls_cancel_channel_switch(local, sdata, &sta->sta); 1322 clear_sta_flag(sta, WLAN_STA_TDLS_OFF_CHANNEL); 1323 1324 out: 1325 mutex_unlock(&local->sta_mtx); 1326 } 1327 1328 static struct sk_buff * 1329 ieee80211_tdls_ch_sw_resp_tmpl_get(struct sta_info *sta, 1330 u32 *ch_sw_tm_ie_offset) 1331 { 1332 struct ieee80211_sub_if_data *sdata = sta->sdata; 1333 struct sk_buff *skb; 1334 u8 extra_ies[2 + sizeof(struct ieee80211_ch_switch_timing)]; 1335 1336 /* initial timing are always zero in the template */ 1337 iee80211_tdls_add_ch_switch_timing(extra_ies, 0, 0); 1338 1339 skb = ieee80211_tdls_build_mgmt_packet_data(sdata, sta->sta.addr, 1340 WLAN_TDLS_CHANNEL_SWITCH_RESPONSE, 1341 0, 0, !sta->sta.tdls_initiator, 1342 extra_ies, sizeof(extra_ies), 0, NULL); 1343 if (!skb) 1344 return NULL; 1345 1346 skb = ieee80211_build_data_template(sdata, skb, 0); 1347 if (IS_ERR(skb)) { 1348 tdls_dbg(sdata, 1349 "Failed building TDLS channel switch resp frame\n"); 1350 return NULL; 1351 } 1352 1353 if (ch_sw_tm_ie_offset) { 1354 const u8 *tm_ie = ieee80211_tdls_find_sw_timing_ie(skb); 1355 1356 if (!tm_ie) { 1357 tdls_dbg(sdata, 1358 "No switch timing IE in TDLS switch resp\n"); 1359 dev_kfree_skb_any(skb); 1360 return NULL; 1361 } 1362 1363 *ch_sw_tm_ie_offset = tm_ie - skb->data; 1364 } 1365 1366 tdls_dbg(sdata, "TDLS get channel switch response template for %pM\n", 1367 sta->sta.addr); 1368 return skb; 1369 } 1370 1371 static int 1372 ieee80211_process_tdls_channel_switch_resp(struct ieee80211_sub_if_data *sdata, 1373 struct sk_buff *skb) 1374 { 1375 struct ieee80211_local *local = sdata->local; 1376 struct ieee802_11_elems elems; 1377 struct sta_info *sta; 1378 struct ieee80211_tdls_data *tf = (void *)skb->data; 1379 bool local_initiator; 1380 struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb); 1381 int baselen = offsetof(typeof(*tf), u.chan_switch_resp.variable); 1382 struct ieee80211_tdls_ch_sw_params params = {}; 1383 int ret; 1384 1385 params.action_code = WLAN_TDLS_CHANNEL_SWITCH_RESPONSE; 1386 params.timestamp = rx_status->device_timestamp; 1387 1388 if (skb->len < baselen) { 1389 tdls_dbg(sdata, "TDLS channel switch resp too short: %d\n", 1390 skb->len); 1391 return -EINVAL; 1392 } 1393 1394 mutex_lock(&local->sta_mtx); 1395 sta = sta_info_get(sdata, tf->sa); 1396 if (!sta || !test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH)) { 1397 tdls_dbg(sdata, "TDLS chan switch from non-peer sta %pM\n", 1398 tf->sa); 1399 ret = -EINVAL; 1400 goto out; 1401 } 1402 1403 params.sta = &sta->sta; 1404 params.status = le16_to_cpu(tf->u.chan_switch_resp.status_code); 1405 if (params.status != 0) { 1406 ret = 0; 1407 goto call_drv; 1408 } 1409 1410 ieee802_11_parse_elems(tf->u.chan_switch_resp.variable, 1411 skb->len - baselen, false, &elems); 1412 if (elems.parse_error) { 1413 tdls_dbg(sdata, "Invalid IEs in TDLS channel switch resp\n"); 1414 ret = -EINVAL; 1415 goto out; 1416 } 1417 1418 if (!elems.ch_sw_timing || !elems.lnk_id) { 1419 tdls_dbg(sdata, "TDLS channel switch resp - missing IEs\n"); 1420 ret = -EINVAL; 1421 goto out; 1422 } 1423 1424 /* validate the initiator is set correctly */ 1425 local_initiator = 1426 !memcmp(elems.lnk_id->init_sta, sdata->vif.addr, ETH_ALEN); 1427 if (local_initiator == sta->sta.tdls_initiator) { 1428 tdls_dbg(sdata, "TDLS chan switch invalid lnk-id initiator\n"); 1429 ret = -EINVAL; 1430 goto out; 1431 } 1432 1433 params.switch_time = le16_to_cpu(elems.ch_sw_timing->switch_time); 1434 params.switch_timeout = le16_to_cpu(elems.ch_sw_timing->switch_timeout); 1435 1436 params.tmpl_skb = 1437 ieee80211_tdls_ch_sw_resp_tmpl_get(sta, ¶ms.ch_sw_tm_ie); 1438 if (!params.tmpl_skb) { 1439 ret = -ENOENT; 1440 goto out; 1441 } 1442 1443 call_drv: 1444 drv_tdls_recv_channel_switch(sdata->local, sdata, ¶ms); 1445 1446 tdls_dbg(sdata, 1447 "TDLS channel switch response received from %pM status %d\n", 1448 tf->sa, params.status); 1449 1450 out: 1451 mutex_unlock(&local->sta_mtx); 1452 dev_kfree_skb_any(params.tmpl_skb); 1453 return ret; 1454 } 1455 1456 static int 1457 ieee80211_process_tdls_channel_switch_req(struct ieee80211_sub_if_data *sdata, 1458 struct sk_buff *skb) 1459 { 1460 struct ieee80211_local *local = sdata->local; 1461 struct ieee802_11_elems elems; 1462 struct cfg80211_chan_def chandef; 1463 struct ieee80211_channel *chan; 1464 enum nl80211_channel_type chan_type; 1465 int freq; 1466 u8 target_channel, oper_class; 1467 bool local_initiator; 1468 struct sta_info *sta; 1469 enum ieee80211_band band; 1470 struct ieee80211_tdls_data *tf = (void *)skb->data; 1471 struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb); 1472 int baselen = offsetof(typeof(*tf), u.chan_switch_req.variable); 1473 struct ieee80211_tdls_ch_sw_params params = {}; 1474 int ret = 0; 1475 1476 params.action_code = WLAN_TDLS_CHANNEL_SWITCH_REQUEST; 1477 params.timestamp = rx_status->device_timestamp; 1478 1479 if (skb->len < baselen) { 1480 tdls_dbg(sdata, "TDLS channel switch req too short: %d\n", 1481 skb->len); 1482 return -EINVAL; 1483 } 1484 1485 target_channel = tf->u.chan_switch_req.target_channel; 1486 oper_class = tf->u.chan_switch_req.oper_class; 1487 1488 /* 1489 * We can't easily infer the channel band. The operating class is 1490 * ambiguous - there are multiple tables (US/Europe/JP/Global). The 1491 * solution here is to treat channels with number >14 as 5GHz ones, 1492 * and specifically check for the (oper_class, channel) combinations 1493 * where this doesn't hold. These are thankfully unique according to 1494 * IEEE802.11-2012. 1495 * We consider only the 2GHz and 5GHz bands and 20MHz+ channels as 1496 * valid here. 1497 */ 1498 if ((oper_class == 112 || oper_class == 2 || oper_class == 3 || 1499 oper_class == 4 || oper_class == 5 || oper_class == 6) && 1500 target_channel < 14) 1501 band = IEEE80211_BAND_5GHZ; 1502 else 1503 band = target_channel < 14 ? IEEE80211_BAND_2GHZ : 1504 IEEE80211_BAND_5GHZ; 1505 1506 freq = ieee80211_channel_to_frequency(target_channel, band); 1507 if (freq == 0) { 1508 tdls_dbg(sdata, "Invalid channel in TDLS chan switch: %d\n", 1509 target_channel); 1510 return -EINVAL; 1511 } 1512 1513 chan = ieee80211_get_channel(sdata->local->hw.wiphy, freq); 1514 if (!chan) { 1515 tdls_dbg(sdata, 1516 "Unsupported channel for TDLS chan switch: %d\n", 1517 target_channel); 1518 return -EINVAL; 1519 } 1520 1521 ieee802_11_parse_elems(tf->u.chan_switch_req.variable, 1522 skb->len - baselen, false, &elems); 1523 if (elems.parse_error) { 1524 tdls_dbg(sdata, "Invalid IEs in TDLS channel switch req\n"); 1525 return -EINVAL; 1526 } 1527 1528 if (!elems.ch_sw_timing || !elems.lnk_id) { 1529 tdls_dbg(sdata, "TDLS channel switch req - missing IEs\n"); 1530 return -EINVAL; 1531 } 1532 1533 mutex_lock(&local->sta_mtx); 1534 sta = sta_info_get(sdata, tf->sa); 1535 if (!sta || !test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH)) { 1536 tdls_dbg(sdata, "TDLS chan switch from non-peer sta %pM\n", 1537 tf->sa); 1538 ret = -EINVAL; 1539 goto out; 1540 } 1541 1542 params.sta = &sta->sta; 1543 1544 /* validate the initiator is set correctly */ 1545 local_initiator = 1546 !memcmp(elems.lnk_id->init_sta, sdata->vif.addr, ETH_ALEN); 1547 if (local_initiator == sta->sta.tdls_initiator) { 1548 tdls_dbg(sdata, "TDLS chan switch invalid lnk-id initiator\n"); 1549 ret = -EINVAL; 1550 goto out; 1551 } 1552 1553 if (!sta->sta.ht_cap.ht_supported) { 1554 chan_type = NL80211_CHAN_NO_HT; 1555 } else if (!elems.sec_chan_offs) { 1556 chan_type = NL80211_CHAN_HT20; 1557 } else { 1558 switch (elems.sec_chan_offs->sec_chan_offs) { 1559 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 1560 chan_type = NL80211_CHAN_HT40PLUS; 1561 break; 1562 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 1563 chan_type = NL80211_CHAN_HT40MINUS; 1564 break; 1565 default: 1566 chan_type = NL80211_CHAN_HT20; 1567 break; 1568 } 1569 } 1570 1571 cfg80211_chandef_create(&chandef, chan, chan_type); 1572 params.chandef = &chandef; 1573 1574 params.switch_time = le16_to_cpu(elems.ch_sw_timing->switch_time); 1575 params.switch_timeout = le16_to_cpu(elems.ch_sw_timing->switch_timeout); 1576 1577 params.tmpl_skb = 1578 ieee80211_tdls_ch_sw_resp_tmpl_get(sta, 1579 ¶ms.ch_sw_tm_ie); 1580 if (!params.tmpl_skb) { 1581 ret = -ENOENT; 1582 goto out; 1583 } 1584 1585 drv_tdls_recv_channel_switch(sdata->local, sdata, ¶ms); 1586 1587 tdls_dbg(sdata, 1588 "TDLS ch switch request received from %pM ch %d width %d\n", 1589 tf->sa, params.chandef->chan->center_freq, 1590 params.chandef->width); 1591 out: 1592 mutex_unlock(&local->sta_mtx); 1593 dev_kfree_skb_any(params.tmpl_skb); 1594 return ret; 1595 } 1596 1597 void ieee80211_process_tdls_channel_switch(struct ieee80211_sub_if_data *sdata, 1598 struct sk_buff *skb) 1599 { 1600 struct ieee80211_tdls_data *tf = (void *)skb->data; 1601 struct wiphy *wiphy = sdata->local->hw.wiphy; 1602 1603 /* make sure the driver supports it */ 1604 if (!(wiphy->features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH)) 1605 return; 1606 1607 /* we want to access the entire packet */ 1608 if (skb_linearize(skb)) 1609 return; 1610 /* 1611 * The packet/size was already validated by mac80211 Rx path, only look 1612 * at the action type. 1613 */ 1614 switch (tf->action_code) { 1615 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST: 1616 ieee80211_process_tdls_channel_switch_req(sdata, skb); 1617 break; 1618 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE: 1619 ieee80211_process_tdls_channel_switch_resp(sdata, skb); 1620 break; 1621 default: 1622 WARN_ON_ONCE(1); 1623 return; 1624 } 1625 } 1626