1 /* 2 * mac80211 TDLS handling code 3 * 4 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net> 5 * Copyright 2014, Intel Corporation 6 * Copyright 2014 Intel Mobile Communications GmbH 7 * Copyright 2015 - 2016 Intel Deutschland GmbH 8 * 9 * This file is GPLv2 as found in COPYING. 10 */ 11 12 #include <linux/ieee80211.h> 13 #include <linux/log2.h> 14 #include <net/cfg80211.h> 15 #include <linux/rtnetlink.h> 16 #include "ieee80211_i.h" 17 #include "driver-ops.h" 18 #include "rate.h" 19 20 /* give usermode some time for retries in setting up the TDLS session */ 21 #define TDLS_PEER_SETUP_TIMEOUT (15 * HZ) 22 23 void ieee80211_tdls_peer_del_work(struct work_struct *wk) 24 { 25 struct ieee80211_sub_if_data *sdata; 26 struct ieee80211_local *local; 27 28 sdata = container_of(wk, struct ieee80211_sub_if_data, 29 u.mgd.tdls_peer_del_work.work); 30 local = sdata->local; 31 32 mutex_lock(&local->mtx); 33 if (!is_zero_ether_addr(sdata->u.mgd.tdls_peer)) { 34 tdls_dbg(sdata, "TDLS del peer %pM\n", sdata->u.mgd.tdls_peer); 35 sta_info_destroy_addr(sdata, sdata->u.mgd.tdls_peer); 36 eth_zero_addr(sdata->u.mgd.tdls_peer); 37 } 38 mutex_unlock(&local->mtx); 39 } 40 41 static void ieee80211_tdls_add_ext_capab(struct ieee80211_sub_if_data *sdata, 42 struct sk_buff *skb) 43 { 44 struct ieee80211_local *local = sdata->local; 45 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 46 bool chan_switch = local->hw.wiphy->features & 47 NL80211_FEATURE_TDLS_CHANNEL_SWITCH; 48 bool wider_band = ieee80211_hw_check(&local->hw, TDLS_WIDER_BW) && 49 !ifmgd->tdls_wider_bw_prohibited; 50 struct ieee80211_supported_band *sband = ieee80211_get_sband(sdata); 51 bool vht = sband && sband->vht_cap.vht_supported; 52 u8 *pos = skb_put(skb, 10); 53 54 *pos++ = WLAN_EID_EXT_CAPABILITY; 55 *pos++ = 8; /* len */ 56 *pos++ = 0x0; 57 *pos++ = 0x0; 58 *pos++ = 0x0; 59 *pos++ = chan_switch ? WLAN_EXT_CAPA4_TDLS_CHAN_SWITCH : 0; 60 *pos++ = WLAN_EXT_CAPA5_TDLS_ENABLED; 61 *pos++ = 0; 62 *pos++ = 0; 63 *pos++ = (vht && wider_band) ? WLAN_EXT_CAPA8_TDLS_WIDE_BW_ENABLED : 0; 64 } 65 66 static u8 67 ieee80211_tdls_add_subband(struct ieee80211_sub_if_data *sdata, 68 struct sk_buff *skb, u16 start, u16 end, 69 u16 spacing) 70 { 71 u8 subband_cnt = 0, ch_cnt = 0; 72 struct ieee80211_channel *ch; 73 struct cfg80211_chan_def chandef; 74 int i, subband_start; 75 struct wiphy *wiphy = sdata->local->hw.wiphy; 76 77 for (i = start; i <= end; i += spacing) { 78 if (!ch_cnt) 79 subband_start = i; 80 81 ch = ieee80211_get_channel(sdata->local->hw.wiphy, i); 82 if (ch) { 83 /* we will be active on the channel */ 84 cfg80211_chandef_create(&chandef, ch, 85 NL80211_CHAN_NO_HT); 86 if (cfg80211_reg_can_beacon_relax(wiphy, &chandef, 87 sdata->wdev.iftype)) { 88 ch_cnt++; 89 /* 90 * check if the next channel is also part of 91 * this allowed range 92 */ 93 continue; 94 } 95 } 96 97 /* 98 * we've reached the end of a range, with allowed channels 99 * found 100 */ 101 if (ch_cnt) { 102 u8 *pos = skb_put(skb, 2); 103 *pos++ = ieee80211_frequency_to_channel(subband_start); 104 *pos++ = ch_cnt; 105 106 subband_cnt++; 107 ch_cnt = 0; 108 } 109 } 110 111 /* all channels in the requested range are allowed - add them here */ 112 if (ch_cnt) { 113 u8 *pos = skb_put(skb, 2); 114 *pos++ = ieee80211_frequency_to_channel(subband_start); 115 *pos++ = ch_cnt; 116 117 subband_cnt++; 118 } 119 120 return subband_cnt; 121 } 122 123 static void 124 ieee80211_tdls_add_supp_channels(struct ieee80211_sub_if_data *sdata, 125 struct sk_buff *skb) 126 { 127 /* 128 * Add possible channels for TDLS. These are channels that are allowed 129 * to be active. 130 */ 131 u8 subband_cnt; 132 u8 *pos = skb_put(skb, 2); 133 134 *pos++ = WLAN_EID_SUPPORTED_CHANNELS; 135 136 /* 137 * 5GHz and 2GHz channels numbers can overlap. Ignore this for now, as 138 * this doesn't happen in real world scenarios. 139 */ 140 141 /* 2GHz, with 5MHz spacing */ 142 subband_cnt = ieee80211_tdls_add_subband(sdata, skb, 2412, 2472, 5); 143 144 /* 5GHz, with 20MHz spacing */ 145 subband_cnt += ieee80211_tdls_add_subband(sdata, skb, 5000, 5825, 20); 146 147 /* length */ 148 *pos = 2 * subband_cnt; 149 } 150 151 static void ieee80211_tdls_add_oper_classes(struct ieee80211_sub_if_data *sdata, 152 struct sk_buff *skb) 153 { 154 u8 *pos; 155 u8 op_class; 156 157 if (!ieee80211_chandef_to_operating_class(&sdata->vif.bss_conf.chandef, 158 &op_class)) 159 return; 160 161 pos = skb_put(skb, 4); 162 *pos++ = WLAN_EID_SUPPORTED_REGULATORY_CLASSES; 163 *pos++ = 2; /* len */ 164 165 *pos++ = op_class; 166 *pos++ = op_class; /* give current operating class as alternate too */ 167 } 168 169 static void ieee80211_tdls_add_bss_coex_ie(struct sk_buff *skb) 170 { 171 u8 *pos = skb_put(skb, 3); 172 173 *pos++ = WLAN_EID_BSS_COEX_2040; 174 *pos++ = 1; /* len */ 175 176 *pos++ = WLAN_BSS_COEX_INFORMATION_REQUEST; 177 } 178 179 static u16 ieee80211_get_tdls_sta_capab(struct ieee80211_sub_if_data *sdata, 180 u16 status_code) 181 { 182 struct ieee80211_supported_band *sband; 183 184 /* The capability will be 0 when sending a failure code */ 185 if (status_code != 0) 186 return 0; 187 188 sband = ieee80211_get_sband(sdata); 189 if (sband && sband->band == NL80211_BAND_2GHZ) { 190 return WLAN_CAPABILITY_SHORT_SLOT_TIME | 191 WLAN_CAPABILITY_SHORT_PREAMBLE; 192 } 193 194 return 0; 195 } 196 197 static void ieee80211_tdls_add_link_ie(struct ieee80211_sub_if_data *sdata, 198 struct sk_buff *skb, const u8 *peer, 199 bool initiator) 200 { 201 struct ieee80211_tdls_lnkie *lnkid; 202 const u8 *init_addr, *rsp_addr; 203 204 if (initiator) { 205 init_addr = sdata->vif.addr; 206 rsp_addr = peer; 207 } else { 208 init_addr = peer; 209 rsp_addr = sdata->vif.addr; 210 } 211 212 lnkid = skb_put(skb, sizeof(struct ieee80211_tdls_lnkie)); 213 214 lnkid->ie_type = WLAN_EID_LINK_ID; 215 lnkid->ie_len = sizeof(struct ieee80211_tdls_lnkie) - 2; 216 217 memcpy(lnkid->bssid, sdata->u.mgd.bssid, ETH_ALEN); 218 memcpy(lnkid->init_sta, init_addr, ETH_ALEN); 219 memcpy(lnkid->resp_sta, rsp_addr, ETH_ALEN); 220 } 221 222 static void 223 ieee80211_tdls_add_aid(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb) 224 { 225 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 226 u8 *pos = skb_put(skb, 4); 227 228 *pos++ = WLAN_EID_AID; 229 *pos++ = 2; /* len */ 230 put_unaligned_le16(ifmgd->aid, pos); 231 } 232 233 /* translate numbering in the WMM parameter IE to the mac80211 notation */ 234 static enum ieee80211_ac_numbers ieee80211_ac_from_wmm(int ac) 235 { 236 switch (ac) { 237 default: 238 WARN_ON_ONCE(1); 239 case 0: 240 return IEEE80211_AC_BE; 241 case 1: 242 return IEEE80211_AC_BK; 243 case 2: 244 return IEEE80211_AC_VI; 245 case 3: 246 return IEEE80211_AC_VO; 247 } 248 } 249 250 static u8 ieee80211_wmm_aci_aifsn(int aifsn, bool acm, int aci) 251 { 252 u8 ret; 253 254 ret = aifsn & 0x0f; 255 if (acm) 256 ret |= 0x10; 257 ret |= (aci << 5) & 0x60; 258 return ret; 259 } 260 261 static u8 ieee80211_wmm_ecw(u16 cw_min, u16 cw_max) 262 { 263 return ((ilog2(cw_min + 1) << 0x0) & 0x0f) | 264 ((ilog2(cw_max + 1) << 0x4) & 0xf0); 265 } 266 267 static void ieee80211_tdls_add_wmm_param_ie(struct ieee80211_sub_if_data *sdata, 268 struct sk_buff *skb) 269 { 270 struct ieee80211_wmm_param_ie *wmm; 271 struct ieee80211_tx_queue_params *txq; 272 int i; 273 274 wmm = skb_put_zero(skb, sizeof(*wmm)); 275 276 wmm->element_id = WLAN_EID_VENDOR_SPECIFIC; 277 wmm->len = sizeof(*wmm) - 2; 278 279 wmm->oui[0] = 0x00; /* Microsoft OUI 00:50:F2 */ 280 wmm->oui[1] = 0x50; 281 wmm->oui[2] = 0xf2; 282 wmm->oui_type = 2; /* WME */ 283 wmm->oui_subtype = 1; /* WME param */ 284 wmm->version = 1; /* WME ver */ 285 wmm->qos_info = 0; /* U-APSD not in use */ 286 287 /* 288 * Use the EDCA parameters defined for the BSS, or default if the AP 289 * doesn't support it, as mandated by 802.11-2012 section 10.22.4 290 */ 291 for (i = 0; i < IEEE80211_NUM_ACS; i++) { 292 txq = &sdata->tx_conf[ieee80211_ac_from_wmm(i)]; 293 wmm->ac[i].aci_aifsn = ieee80211_wmm_aci_aifsn(txq->aifs, 294 txq->acm, i); 295 wmm->ac[i].cw = ieee80211_wmm_ecw(txq->cw_min, txq->cw_max); 296 wmm->ac[i].txop_limit = cpu_to_le16(txq->txop); 297 } 298 } 299 300 static void 301 ieee80211_tdls_chandef_vht_upgrade(struct ieee80211_sub_if_data *sdata, 302 struct sta_info *sta) 303 { 304 /* IEEE802.11ac-2013 Table E-4 */ 305 u16 centers_80mhz[] = { 5210, 5290, 5530, 5610, 5690, 5775 }; 306 struct cfg80211_chan_def uc = sta->tdls_chandef; 307 enum nl80211_chan_width max_width = ieee80211_sta_cap_chan_bw(sta); 308 int i; 309 310 /* only support upgrading non-narrow channels up to 80Mhz */ 311 if (max_width == NL80211_CHAN_WIDTH_5 || 312 max_width == NL80211_CHAN_WIDTH_10) 313 return; 314 315 if (max_width > NL80211_CHAN_WIDTH_80) 316 max_width = NL80211_CHAN_WIDTH_80; 317 318 if (uc.width >= max_width) 319 return; 320 /* 321 * Channel usage constrains in the IEEE802.11ac-2013 specification only 322 * allow expanding a 20MHz channel to 80MHz in a single way. In 323 * addition, there are no 40MHz allowed channels that are not part of 324 * the allowed 80MHz range in the 5GHz spectrum (the relevant one here). 325 */ 326 for (i = 0; i < ARRAY_SIZE(centers_80mhz); i++) 327 if (abs(uc.chan->center_freq - centers_80mhz[i]) <= 30) { 328 uc.center_freq1 = centers_80mhz[i]; 329 uc.center_freq2 = 0; 330 uc.width = NL80211_CHAN_WIDTH_80; 331 break; 332 } 333 334 if (!uc.center_freq1) 335 return; 336 337 /* proceed to downgrade the chandef until usable or the same as AP BW */ 338 while (uc.width > max_width || 339 (uc.width > sta->tdls_chandef.width && 340 !cfg80211_reg_can_beacon_relax(sdata->local->hw.wiphy, &uc, 341 sdata->wdev.iftype))) 342 ieee80211_chandef_downgrade(&uc); 343 344 if (!cfg80211_chandef_identical(&uc, &sta->tdls_chandef)) { 345 tdls_dbg(sdata, "TDLS ch width upgraded %d -> %d\n", 346 sta->tdls_chandef.width, uc.width); 347 348 /* 349 * the station is not yet authorized when BW upgrade is done, 350 * locking is not required 351 */ 352 sta->tdls_chandef = uc; 353 } 354 } 355 356 static void 357 ieee80211_tdls_add_setup_start_ies(struct ieee80211_sub_if_data *sdata, 358 struct sk_buff *skb, const u8 *peer, 359 u8 action_code, bool initiator, 360 const u8 *extra_ies, size_t extra_ies_len) 361 { 362 struct ieee80211_supported_band *sband; 363 struct ieee80211_local *local = sdata->local; 364 struct ieee80211_sta_ht_cap ht_cap; 365 struct ieee80211_sta_vht_cap vht_cap; 366 struct sta_info *sta = NULL; 367 size_t offset = 0, noffset; 368 u8 *pos; 369 370 sband = ieee80211_get_sband(sdata); 371 if (!sband) 372 return; 373 374 ieee80211_add_srates_ie(sdata, skb, false, sband->band); 375 ieee80211_add_ext_srates_ie(sdata, skb, false, sband->band); 376 ieee80211_tdls_add_supp_channels(sdata, skb); 377 378 /* add any custom IEs that go before Extended Capabilities */ 379 if (extra_ies_len) { 380 static const u8 before_ext_cap[] = { 381 WLAN_EID_SUPP_RATES, 382 WLAN_EID_COUNTRY, 383 WLAN_EID_EXT_SUPP_RATES, 384 WLAN_EID_SUPPORTED_CHANNELS, 385 WLAN_EID_RSN, 386 }; 387 noffset = ieee80211_ie_split(extra_ies, extra_ies_len, 388 before_ext_cap, 389 ARRAY_SIZE(before_ext_cap), 390 offset); 391 skb_put_data(skb, extra_ies + offset, noffset - offset); 392 offset = noffset; 393 } 394 395 ieee80211_tdls_add_ext_capab(sdata, skb); 396 397 /* add the QoS element if we support it */ 398 if (local->hw.queues >= IEEE80211_NUM_ACS && 399 action_code != WLAN_PUB_ACTION_TDLS_DISCOVER_RES) 400 ieee80211_add_wmm_info_ie(skb_put(skb, 9), 0); /* no U-APSD */ 401 402 /* add any custom IEs that go before HT capabilities */ 403 if (extra_ies_len) { 404 static const u8 before_ht_cap[] = { 405 WLAN_EID_SUPP_RATES, 406 WLAN_EID_COUNTRY, 407 WLAN_EID_EXT_SUPP_RATES, 408 WLAN_EID_SUPPORTED_CHANNELS, 409 WLAN_EID_RSN, 410 WLAN_EID_EXT_CAPABILITY, 411 WLAN_EID_QOS_CAPA, 412 WLAN_EID_FAST_BSS_TRANSITION, 413 WLAN_EID_TIMEOUT_INTERVAL, 414 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 415 }; 416 noffset = ieee80211_ie_split(extra_ies, extra_ies_len, 417 before_ht_cap, 418 ARRAY_SIZE(before_ht_cap), 419 offset); 420 skb_put_data(skb, extra_ies + offset, noffset - offset); 421 offset = noffset; 422 } 423 424 mutex_lock(&local->sta_mtx); 425 426 /* we should have the peer STA if we're already responding */ 427 if (action_code == WLAN_TDLS_SETUP_RESPONSE) { 428 sta = sta_info_get(sdata, peer); 429 if (WARN_ON_ONCE(!sta)) { 430 mutex_unlock(&local->sta_mtx); 431 return; 432 } 433 434 sta->tdls_chandef = sdata->vif.bss_conf.chandef; 435 } 436 437 ieee80211_tdls_add_oper_classes(sdata, skb); 438 439 /* 440 * with TDLS we can switch channels, and HT-caps are not necessarily 441 * the same on all bands. The specification limits the setup to a 442 * single HT-cap, so use the current band for now. 443 */ 444 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap)); 445 446 if ((action_code == WLAN_TDLS_SETUP_REQUEST || 447 action_code == WLAN_PUB_ACTION_TDLS_DISCOVER_RES) && 448 ht_cap.ht_supported) { 449 ieee80211_apply_htcap_overrides(sdata, &ht_cap); 450 451 /* disable SMPS in TDLS initiator */ 452 ht_cap.cap |= WLAN_HT_CAP_SM_PS_DISABLED 453 << IEEE80211_HT_CAP_SM_PS_SHIFT; 454 455 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2); 456 ieee80211_ie_build_ht_cap(pos, &ht_cap, ht_cap.cap); 457 } else if (action_code == WLAN_TDLS_SETUP_RESPONSE && 458 ht_cap.ht_supported && sta->sta.ht_cap.ht_supported) { 459 /* the peer caps are already intersected with our own */ 460 memcpy(&ht_cap, &sta->sta.ht_cap, sizeof(ht_cap)); 461 462 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2); 463 ieee80211_ie_build_ht_cap(pos, &ht_cap, ht_cap.cap); 464 } 465 466 if (ht_cap.ht_supported && 467 (ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40)) 468 ieee80211_tdls_add_bss_coex_ie(skb); 469 470 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator); 471 472 /* add any custom IEs that go before VHT capabilities */ 473 if (extra_ies_len) { 474 static const u8 before_vht_cap[] = { 475 WLAN_EID_SUPP_RATES, 476 WLAN_EID_COUNTRY, 477 WLAN_EID_EXT_SUPP_RATES, 478 WLAN_EID_SUPPORTED_CHANNELS, 479 WLAN_EID_RSN, 480 WLAN_EID_EXT_CAPABILITY, 481 WLAN_EID_QOS_CAPA, 482 WLAN_EID_FAST_BSS_TRANSITION, 483 WLAN_EID_TIMEOUT_INTERVAL, 484 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 485 WLAN_EID_MULTI_BAND, 486 }; 487 noffset = ieee80211_ie_split(extra_ies, extra_ies_len, 488 before_vht_cap, 489 ARRAY_SIZE(before_vht_cap), 490 offset); 491 skb_put_data(skb, extra_ies + offset, noffset - offset); 492 offset = noffset; 493 } 494 495 /* build the VHT-cap similarly to the HT-cap */ 496 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap)); 497 if ((action_code == WLAN_TDLS_SETUP_REQUEST || 498 action_code == WLAN_PUB_ACTION_TDLS_DISCOVER_RES) && 499 vht_cap.vht_supported) { 500 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap); 501 502 /* the AID is present only when VHT is implemented */ 503 if (action_code == WLAN_TDLS_SETUP_REQUEST) 504 ieee80211_tdls_add_aid(sdata, skb); 505 506 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2); 507 ieee80211_ie_build_vht_cap(pos, &vht_cap, vht_cap.cap); 508 } else if (action_code == WLAN_TDLS_SETUP_RESPONSE && 509 vht_cap.vht_supported && sta->sta.vht_cap.vht_supported) { 510 /* the peer caps are already intersected with our own */ 511 memcpy(&vht_cap, &sta->sta.vht_cap, sizeof(vht_cap)); 512 513 /* the AID is present only when VHT is implemented */ 514 ieee80211_tdls_add_aid(sdata, skb); 515 516 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2); 517 ieee80211_ie_build_vht_cap(pos, &vht_cap, vht_cap.cap); 518 519 /* 520 * if both peers support WIDER_BW, we can expand the chandef to 521 * a wider compatible one, up to 80MHz 522 */ 523 if (test_sta_flag(sta, WLAN_STA_TDLS_WIDER_BW)) 524 ieee80211_tdls_chandef_vht_upgrade(sdata, sta); 525 } 526 527 mutex_unlock(&local->sta_mtx); 528 529 /* add any remaining IEs */ 530 if (extra_ies_len) { 531 noffset = extra_ies_len; 532 skb_put_data(skb, extra_ies + offset, noffset - offset); 533 } 534 535 } 536 537 static void 538 ieee80211_tdls_add_setup_cfm_ies(struct ieee80211_sub_if_data *sdata, 539 struct sk_buff *skb, const u8 *peer, 540 bool initiator, const u8 *extra_ies, 541 size_t extra_ies_len) 542 { 543 struct ieee80211_local *local = sdata->local; 544 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 545 size_t offset = 0, noffset; 546 struct sta_info *sta, *ap_sta; 547 struct ieee80211_supported_band *sband; 548 u8 *pos; 549 550 sband = ieee80211_get_sband(sdata); 551 if (!sband) 552 return; 553 554 mutex_lock(&local->sta_mtx); 555 556 sta = sta_info_get(sdata, peer); 557 ap_sta = sta_info_get(sdata, ifmgd->bssid); 558 if (WARN_ON_ONCE(!sta || !ap_sta)) { 559 mutex_unlock(&local->sta_mtx); 560 return; 561 } 562 563 sta->tdls_chandef = sdata->vif.bss_conf.chandef; 564 565 /* add any custom IEs that go before the QoS IE */ 566 if (extra_ies_len) { 567 static const u8 before_qos[] = { 568 WLAN_EID_RSN, 569 }; 570 noffset = ieee80211_ie_split(extra_ies, extra_ies_len, 571 before_qos, 572 ARRAY_SIZE(before_qos), 573 offset); 574 skb_put_data(skb, extra_ies + offset, noffset - offset); 575 offset = noffset; 576 } 577 578 /* add the QoS param IE if both the peer and we support it */ 579 if (local->hw.queues >= IEEE80211_NUM_ACS && sta->sta.wme) 580 ieee80211_tdls_add_wmm_param_ie(sdata, skb); 581 582 /* add any custom IEs that go before HT operation */ 583 if (extra_ies_len) { 584 static const u8 before_ht_op[] = { 585 WLAN_EID_RSN, 586 WLAN_EID_QOS_CAPA, 587 WLAN_EID_FAST_BSS_TRANSITION, 588 WLAN_EID_TIMEOUT_INTERVAL, 589 }; 590 noffset = ieee80211_ie_split(extra_ies, extra_ies_len, 591 before_ht_op, 592 ARRAY_SIZE(before_ht_op), 593 offset); 594 skb_put_data(skb, extra_ies + offset, noffset - offset); 595 offset = noffset; 596 } 597 598 /* 599 * if HT support is only added in TDLS, we need an HT-operation IE. 600 * add the IE as required by IEEE802.11-2012 9.23.3.2. 601 */ 602 if (!ap_sta->sta.ht_cap.ht_supported && sta->sta.ht_cap.ht_supported) { 603 u16 prot = IEEE80211_HT_OP_MODE_PROTECTION_NONHT_MIXED | 604 IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT | 605 IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT; 606 607 pos = skb_put(skb, 2 + sizeof(struct ieee80211_ht_operation)); 608 ieee80211_ie_build_ht_oper(pos, &sta->sta.ht_cap, 609 &sdata->vif.bss_conf.chandef, prot, 610 true); 611 } 612 613 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator); 614 615 /* only include VHT-operation if not on the 2.4GHz band */ 616 if (sband->band != NL80211_BAND_2GHZ && 617 sta->sta.vht_cap.vht_supported) { 618 /* 619 * if both peers support WIDER_BW, we can expand the chandef to 620 * a wider compatible one, up to 80MHz 621 */ 622 if (test_sta_flag(sta, WLAN_STA_TDLS_WIDER_BW)) 623 ieee80211_tdls_chandef_vht_upgrade(sdata, sta); 624 625 pos = skb_put(skb, 2 + sizeof(struct ieee80211_vht_operation)); 626 ieee80211_ie_build_vht_oper(pos, &sta->sta.vht_cap, 627 &sta->tdls_chandef); 628 } 629 630 mutex_unlock(&local->sta_mtx); 631 632 /* add any remaining IEs */ 633 if (extra_ies_len) { 634 noffset = extra_ies_len; 635 skb_put_data(skb, extra_ies + offset, noffset - offset); 636 } 637 } 638 639 static void 640 ieee80211_tdls_add_chan_switch_req_ies(struct ieee80211_sub_if_data *sdata, 641 struct sk_buff *skb, const u8 *peer, 642 bool initiator, const u8 *extra_ies, 643 size_t extra_ies_len, u8 oper_class, 644 struct cfg80211_chan_def *chandef) 645 { 646 struct ieee80211_tdls_data *tf; 647 size_t offset = 0, noffset; 648 649 if (WARN_ON_ONCE(!chandef)) 650 return; 651 652 tf = (void *)skb->data; 653 tf->u.chan_switch_req.target_channel = 654 ieee80211_frequency_to_channel(chandef->chan->center_freq); 655 tf->u.chan_switch_req.oper_class = oper_class; 656 657 if (extra_ies_len) { 658 static const u8 before_lnkie[] = { 659 WLAN_EID_SECONDARY_CHANNEL_OFFSET, 660 }; 661 noffset = ieee80211_ie_split(extra_ies, extra_ies_len, 662 before_lnkie, 663 ARRAY_SIZE(before_lnkie), 664 offset); 665 skb_put_data(skb, extra_ies + offset, noffset - offset); 666 offset = noffset; 667 } 668 669 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator); 670 671 /* add any remaining IEs */ 672 if (extra_ies_len) { 673 noffset = extra_ies_len; 674 skb_put_data(skb, extra_ies + offset, noffset - offset); 675 } 676 } 677 678 static void 679 ieee80211_tdls_add_chan_switch_resp_ies(struct ieee80211_sub_if_data *sdata, 680 struct sk_buff *skb, const u8 *peer, 681 u16 status_code, bool initiator, 682 const u8 *extra_ies, 683 size_t extra_ies_len) 684 { 685 if (status_code == 0) 686 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator); 687 688 if (extra_ies_len) 689 skb_put_data(skb, extra_ies, extra_ies_len); 690 } 691 692 static void ieee80211_tdls_add_ies(struct ieee80211_sub_if_data *sdata, 693 struct sk_buff *skb, const u8 *peer, 694 u8 action_code, u16 status_code, 695 bool initiator, const u8 *extra_ies, 696 size_t extra_ies_len, u8 oper_class, 697 struct cfg80211_chan_def *chandef) 698 { 699 switch (action_code) { 700 case WLAN_TDLS_SETUP_REQUEST: 701 case WLAN_TDLS_SETUP_RESPONSE: 702 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES: 703 if (status_code == 0) 704 ieee80211_tdls_add_setup_start_ies(sdata, skb, peer, 705 action_code, 706 initiator, 707 extra_ies, 708 extra_ies_len); 709 break; 710 case WLAN_TDLS_SETUP_CONFIRM: 711 if (status_code == 0) 712 ieee80211_tdls_add_setup_cfm_ies(sdata, skb, peer, 713 initiator, extra_ies, 714 extra_ies_len); 715 break; 716 case WLAN_TDLS_TEARDOWN: 717 case WLAN_TDLS_DISCOVERY_REQUEST: 718 if (extra_ies_len) 719 skb_put_data(skb, extra_ies, extra_ies_len); 720 if (status_code == 0 || action_code == WLAN_TDLS_TEARDOWN) 721 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator); 722 break; 723 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST: 724 ieee80211_tdls_add_chan_switch_req_ies(sdata, skb, peer, 725 initiator, extra_ies, 726 extra_ies_len, 727 oper_class, chandef); 728 break; 729 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE: 730 ieee80211_tdls_add_chan_switch_resp_ies(sdata, skb, peer, 731 status_code, 732 initiator, extra_ies, 733 extra_ies_len); 734 break; 735 } 736 737 } 738 739 static int 740 ieee80211_prep_tdls_encap_data(struct wiphy *wiphy, struct net_device *dev, 741 const u8 *peer, u8 action_code, u8 dialog_token, 742 u16 status_code, struct sk_buff *skb) 743 { 744 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 745 struct ieee80211_tdls_data *tf; 746 747 tf = skb_put(skb, offsetof(struct ieee80211_tdls_data, u)); 748 749 memcpy(tf->da, peer, ETH_ALEN); 750 memcpy(tf->sa, sdata->vif.addr, ETH_ALEN); 751 tf->ether_type = cpu_to_be16(ETH_P_TDLS); 752 tf->payload_type = WLAN_TDLS_SNAP_RFTYPE; 753 754 /* network header is after the ethernet header */ 755 skb_set_network_header(skb, ETH_HLEN); 756 757 switch (action_code) { 758 case WLAN_TDLS_SETUP_REQUEST: 759 tf->category = WLAN_CATEGORY_TDLS; 760 tf->action_code = WLAN_TDLS_SETUP_REQUEST; 761 762 skb_put(skb, sizeof(tf->u.setup_req)); 763 tf->u.setup_req.dialog_token = dialog_token; 764 tf->u.setup_req.capability = 765 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata, 766 status_code)); 767 break; 768 case WLAN_TDLS_SETUP_RESPONSE: 769 tf->category = WLAN_CATEGORY_TDLS; 770 tf->action_code = WLAN_TDLS_SETUP_RESPONSE; 771 772 skb_put(skb, sizeof(tf->u.setup_resp)); 773 tf->u.setup_resp.status_code = cpu_to_le16(status_code); 774 tf->u.setup_resp.dialog_token = dialog_token; 775 tf->u.setup_resp.capability = 776 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata, 777 status_code)); 778 break; 779 case WLAN_TDLS_SETUP_CONFIRM: 780 tf->category = WLAN_CATEGORY_TDLS; 781 tf->action_code = WLAN_TDLS_SETUP_CONFIRM; 782 783 skb_put(skb, sizeof(tf->u.setup_cfm)); 784 tf->u.setup_cfm.status_code = cpu_to_le16(status_code); 785 tf->u.setup_cfm.dialog_token = dialog_token; 786 break; 787 case WLAN_TDLS_TEARDOWN: 788 tf->category = WLAN_CATEGORY_TDLS; 789 tf->action_code = WLAN_TDLS_TEARDOWN; 790 791 skb_put(skb, sizeof(tf->u.teardown)); 792 tf->u.teardown.reason_code = cpu_to_le16(status_code); 793 break; 794 case WLAN_TDLS_DISCOVERY_REQUEST: 795 tf->category = WLAN_CATEGORY_TDLS; 796 tf->action_code = WLAN_TDLS_DISCOVERY_REQUEST; 797 798 skb_put(skb, sizeof(tf->u.discover_req)); 799 tf->u.discover_req.dialog_token = dialog_token; 800 break; 801 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST: 802 tf->category = WLAN_CATEGORY_TDLS; 803 tf->action_code = WLAN_TDLS_CHANNEL_SWITCH_REQUEST; 804 805 skb_put(skb, sizeof(tf->u.chan_switch_req)); 806 break; 807 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE: 808 tf->category = WLAN_CATEGORY_TDLS; 809 tf->action_code = WLAN_TDLS_CHANNEL_SWITCH_RESPONSE; 810 811 skb_put(skb, sizeof(tf->u.chan_switch_resp)); 812 tf->u.chan_switch_resp.status_code = cpu_to_le16(status_code); 813 break; 814 default: 815 return -EINVAL; 816 } 817 818 return 0; 819 } 820 821 static int 822 ieee80211_prep_tdls_direct(struct wiphy *wiphy, struct net_device *dev, 823 const u8 *peer, u8 action_code, u8 dialog_token, 824 u16 status_code, struct sk_buff *skb) 825 { 826 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 827 struct ieee80211_mgmt *mgmt; 828 829 mgmt = skb_put_zero(skb, 24); 830 memcpy(mgmt->da, peer, ETH_ALEN); 831 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 832 memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN); 833 834 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 835 IEEE80211_STYPE_ACTION); 836 837 switch (action_code) { 838 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES: 839 skb_put(skb, 1 + sizeof(mgmt->u.action.u.tdls_discover_resp)); 840 mgmt->u.action.category = WLAN_CATEGORY_PUBLIC; 841 mgmt->u.action.u.tdls_discover_resp.action_code = 842 WLAN_PUB_ACTION_TDLS_DISCOVER_RES; 843 mgmt->u.action.u.tdls_discover_resp.dialog_token = 844 dialog_token; 845 mgmt->u.action.u.tdls_discover_resp.capability = 846 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata, 847 status_code)); 848 break; 849 default: 850 return -EINVAL; 851 } 852 853 return 0; 854 } 855 856 static struct sk_buff * 857 ieee80211_tdls_build_mgmt_packet_data(struct ieee80211_sub_if_data *sdata, 858 const u8 *peer, u8 action_code, 859 u8 dialog_token, u16 status_code, 860 bool initiator, const u8 *extra_ies, 861 size_t extra_ies_len, u8 oper_class, 862 struct cfg80211_chan_def *chandef) 863 { 864 struct ieee80211_local *local = sdata->local; 865 struct sk_buff *skb; 866 int ret; 867 868 skb = netdev_alloc_skb(sdata->dev, 869 local->hw.extra_tx_headroom + 870 max(sizeof(struct ieee80211_mgmt), 871 sizeof(struct ieee80211_tdls_data)) + 872 50 + /* supported rates */ 873 10 + /* ext capab */ 874 26 + /* max(WMM-info, WMM-param) */ 875 2 + max(sizeof(struct ieee80211_ht_cap), 876 sizeof(struct ieee80211_ht_operation)) + 877 2 + max(sizeof(struct ieee80211_vht_cap), 878 sizeof(struct ieee80211_vht_operation)) + 879 50 + /* supported channels */ 880 3 + /* 40/20 BSS coex */ 881 4 + /* AID */ 882 4 + /* oper classes */ 883 extra_ies_len + 884 sizeof(struct ieee80211_tdls_lnkie)); 885 if (!skb) 886 return NULL; 887 888 skb_reserve(skb, local->hw.extra_tx_headroom); 889 890 switch (action_code) { 891 case WLAN_TDLS_SETUP_REQUEST: 892 case WLAN_TDLS_SETUP_RESPONSE: 893 case WLAN_TDLS_SETUP_CONFIRM: 894 case WLAN_TDLS_TEARDOWN: 895 case WLAN_TDLS_DISCOVERY_REQUEST: 896 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST: 897 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE: 898 ret = ieee80211_prep_tdls_encap_data(local->hw.wiphy, 899 sdata->dev, peer, 900 action_code, dialog_token, 901 status_code, skb); 902 break; 903 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES: 904 ret = ieee80211_prep_tdls_direct(local->hw.wiphy, sdata->dev, 905 peer, action_code, 906 dialog_token, status_code, 907 skb); 908 break; 909 default: 910 ret = -ENOTSUPP; 911 break; 912 } 913 914 if (ret < 0) 915 goto fail; 916 917 ieee80211_tdls_add_ies(sdata, skb, peer, action_code, status_code, 918 initiator, extra_ies, extra_ies_len, oper_class, 919 chandef); 920 return skb; 921 922 fail: 923 dev_kfree_skb(skb); 924 return NULL; 925 } 926 927 static int 928 ieee80211_tdls_prep_mgmt_packet(struct wiphy *wiphy, struct net_device *dev, 929 const u8 *peer, u8 action_code, u8 dialog_token, 930 u16 status_code, u32 peer_capability, 931 bool initiator, const u8 *extra_ies, 932 size_t extra_ies_len, u8 oper_class, 933 struct cfg80211_chan_def *chandef) 934 { 935 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 936 struct sk_buff *skb = NULL; 937 struct sta_info *sta; 938 u32 flags = 0; 939 int ret = 0; 940 941 rcu_read_lock(); 942 sta = sta_info_get(sdata, peer); 943 944 /* infer the initiator if we can, to support old userspace */ 945 switch (action_code) { 946 case WLAN_TDLS_SETUP_REQUEST: 947 if (sta) { 948 set_sta_flag(sta, WLAN_STA_TDLS_INITIATOR); 949 sta->sta.tdls_initiator = false; 950 } 951 /* fall-through */ 952 case WLAN_TDLS_SETUP_CONFIRM: 953 case WLAN_TDLS_DISCOVERY_REQUEST: 954 initiator = true; 955 break; 956 case WLAN_TDLS_SETUP_RESPONSE: 957 /* 958 * In some testing scenarios, we send a request and response. 959 * Make the last packet sent take effect for the initiator 960 * value. 961 */ 962 if (sta) { 963 clear_sta_flag(sta, WLAN_STA_TDLS_INITIATOR); 964 sta->sta.tdls_initiator = true; 965 } 966 /* fall-through */ 967 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES: 968 initiator = false; 969 break; 970 case WLAN_TDLS_TEARDOWN: 971 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST: 972 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE: 973 /* any value is ok */ 974 break; 975 default: 976 ret = -ENOTSUPP; 977 break; 978 } 979 980 if (sta && test_sta_flag(sta, WLAN_STA_TDLS_INITIATOR)) 981 initiator = true; 982 983 rcu_read_unlock(); 984 if (ret < 0) 985 goto fail; 986 987 skb = ieee80211_tdls_build_mgmt_packet_data(sdata, peer, action_code, 988 dialog_token, status_code, 989 initiator, extra_ies, 990 extra_ies_len, oper_class, 991 chandef); 992 if (!skb) { 993 ret = -EINVAL; 994 goto fail; 995 } 996 997 if (action_code == WLAN_PUB_ACTION_TDLS_DISCOVER_RES) { 998 ieee80211_tx_skb(sdata, skb); 999 return 0; 1000 } 1001 1002 /* 1003 * According to 802.11z: Setup req/resp are sent in AC_BK, otherwise 1004 * we should default to AC_VI. 1005 */ 1006 switch (action_code) { 1007 case WLAN_TDLS_SETUP_REQUEST: 1008 case WLAN_TDLS_SETUP_RESPONSE: 1009 skb_set_queue_mapping(skb, IEEE80211_AC_BK); 1010 skb->priority = 2; 1011 break; 1012 default: 1013 skb_set_queue_mapping(skb, IEEE80211_AC_VI); 1014 skb->priority = 5; 1015 break; 1016 } 1017 1018 /* 1019 * Set the WLAN_TDLS_TEARDOWN flag to indicate a teardown in progress. 1020 * Later, if no ACK is returned from peer, we will re-send the teardown 1021 * packet through the AP. 1022 */ 1023 if ((action_code == WLAN_TDLS_TEARDOWN) && 1024 ieee80211_hw_check(&sdata->local->hw, REPORTS_TX_ACK_STATUS)) { 1025 bool try_resend; /* Should we keep skb for possible resend */ 1026 1027 /* If not sending directly to peer - no point in keeping skb */ 1028 rcu_read_lock(); 1029 sta = sta_info_get(sdata, peer); 1030 try_resend = sta && test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH); 1031 rcu_read_unlock(); 1032 1033 spin_lock_bh(&sdata->u.mgd.teardown_lock); 1034 if (try_resend && !sdata->u.mgd.teardown_skb) { 1035 /* Mark it as requiring TX status callback */ 1036 flags |= IEEE80211_TX_CTL_REQ_TX_STATUS | 1037 IEEE80211_TX_INTFL_MLME_CONN_TX; 1038 1039 /* 1040 * skb is copied since mac80211 will later set 1041 * properties that might not be the same as the AP, 1042 * such as encryption, QoS, addresses, etc. 1043 * 1044 * No problem if skb_copy() fails, so no need to check. 1045 */ 1046 sdata->u.mgd.teardown_skb = skb_copy(skb, GFP_ATOMIC); 1047 sdata->u.mgd.orig_teardown_skb = skb; 1048 } 1049 spin_unlock_bh(&sdata->u.mgd.teardown_lock); 1050 } 1051 1052 /* disable bottom halves when entering the Tx path */ 1053 local_bh_disable(); 1054 __ieee80211_subif_start_xmit(skb, dev, flags); 1055 local_bh_enable(); 1056 1057 return ret; 1058 1059 fail: 1060 dev_kfree_skb(skb); 1061 return ret; 1062 } 1063 1064 static int 1065 ieee80211_tdls_mgmt_setup(struct wiphy *wiphy, struct net_device *dev, 1066 const u8 *peer, u8 action_code, u8 dialog_token, 1067 u16 status_code, u32 peer_capability, bool initiator, 1068 const u8 *extra_ies, size_t extra_ies_len) 1069 { 1070 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1071 struct ieee80211_local *local = sdata->local; 1072 enum ieee80211_smps_mode smps_mode = sdata->u.mgd.driver_smps_mode; 1073 int ret; 1074 1075 /* don't support setup with forced SMPS mode that's not off */ 1076 if (smps_mode != IEEE80211_SMPS_AUTOMATIC && 1077 smps_mode != IEEE80211_SMPS_OFF) { 1078 tdls_dbg(sdata, "Aborting TDLS setup due to SMPS mode %d\n", 1079 smps_mode); 1080 return -ENOTSUPP; 1081 } 1082 1083 mutex_lock(&local->mtx); 1084 1085 /* we don't support concurrent TDLS peer setups */ 1086 if (!is_zero_ether_addr(sdata->u.mgd.tdls_peer) && 1087 !ether_addr_equal(sdata->u.mgd.tdls_peer, peer)) { 1088 ret = -EBUSY; 1089 goto out_unlock; 1090 } 1091 1092 /* 1093 * make sure we have a STA representing the peer so we drop or buffer 1094 * non-TDLS-setup frames to the peer. We can't send other packets 1095 * during setup through the AP path. 1096 * Allow error packets to be sent - sometimes we don't even add a STA 1097 * before failing the setup. 1098 */ 1099 if (status_code == 0) { 1100 rcu_read_lock(); 1101 if (!sta_info_get(sdata, peer)) { 1102 rcu_read_unlock(); 1103 ret = -ENOLINK; 1104 goto out_unlock; 1105 } 1106 rcu_read_unlock(); 1107 } 1108 1109 ieee80211_flush_queues(local, sdata, false); 1110 memcpy(sdata->u.mgd.tdls_peer, peer, ETH_ALEN); 1111 mutex_unlock(&local->mtx); 1112 1113 /* we cannot take the mutex while preparing the setup packet */ 1114 ret = ieee80211_tdls_prep_mgmt_packet(wiphy, dev, peer, action_code, 1115 dialog_token, status_code, 1116 peer_capability, initiator, 1117 extra_ies, extra_ies_len, 0, 1118 NULL); 1119 if (ret < 0) { 1120 mutex_lock(&local->mtx); 1121 eth_zero_addr(sdata->u.mgd.tdls_peer); 1122 mutex_unlock(&local->mtx); 1123 return ret; 1124 } 1125 1126 ieee80211_queue_delayed_work(&sdata->local->hw, 1127 &sdata->u.mgd.tdls_peer_del_work, 1128 TDLS_PEER_SETUP_TIMEOUT); 1129 return 0; 1130 1131 out_unlock: 1132 mutex_unlock(&local->mtx); 1133 return ret; 1134 } 1135 1136 static int 1137 ieee80211_tdls_mgmt_teardown(struct wiphy *wiphy, struct net_device *dev, 1138 const u8 *peer, u8 action_code, u8 dialog_token, 1139 u16 status_code, u32 peer_capability, 1140 bool initiator, const u8 *extra_ies, 1141 size_t extra_ies_len) 1142 { 1143 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1144 struct ieee80211_local *local = sdata->local; 1145 struct sta_info *sta; 1146 int ret; 1147 1148 /* 1149 * No packets can be transmitted to the peer via the AP during setup - 1150 * the STA is set as a TDLS peer, but is not authorized. 1151 * During teardown, we prevent direct transmissions by stopping the 1152 * queues and flushing all direct packets. 1153 */ 1154 ieee80211_stop_vif_queues(local, sdata, 1155 IEEE80211_QUEUE_STOP_REASON_TDLS_TEARDOWN); 1156 ieee80211_flush_queues(local, sdata, false); 1157 1158 ret = ieee80211_tdls_prep_mgmt_packet(wiphy, dev, peer, action_code, 1159 dialog_token, status_code, 1160 peer_capability, initiator, 1161 extra_ies, extra_ies_len, 0, 1162 NULL); 1163 if (ret < 0) 1164 sdata_err(sdata, "Failed sending TDLS teardown packet %d\n", 1165 ret); 1166 1167 /* 1168 * Remove the STA AUTH flag to force further traffic through the AP. If 1169 * the STA was unreachable, it was already removed. 1170 */ 1171 rcu_read_lock(); 1172 sta = sta_info_get(sdata, peer); 1173 if (sta) 1174 clear_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH); 1175 rcu_read_unlock(); 1176 1177 ieee80211_wake_vif_queues(local, sdata, 1178 IEEE80211_QUEUE_STOP_REASON_TDLS_TEARDOWN); 1179 1180 return 0; 1181 } 1182 1183 int ieee80211_tdls_mgmt(struct wiphy *wiphy, struct net_device *dev, 1184 const u8 *peer, u8 action_code, u8 dialog_token, 1185 u16 status_code, u32 peer_capability, 1186 bool initiator, const u8 *extra_ies, 1187 size_t extra_ies_len) 1188 { 1189 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1190 int ret; 1191 1192 if (!(wiphy->flags & WIPHY_FLAG_SUPPORTS_TDLS)) 1193 return -ENOTSUPP; 1194 1195 /* make sure we are in managed mode, and associated */ 1196 if (sdata->vif.type != NL80211_IFTYPE_STATION || 1197 !sdata->u.mgd.associated) 1198 return -EINVAL; 1199 1200 switch (action_code) { 1201 case WLAN_TDLS_SETUP_REQUEST: 1202 case WLAN_TDLS_SETUP_RESPONSE: 1203 ret = ieee80211_tdls_mgmt_setup(wiphy, dev, peer, action_code, 1204 dialog_token, status_code, 1205 peer_capability, initiator, 1206 extra_ies, extra_ies_len); 1207 break; 1208 case WLAN_TDLS_TEARDOWN: 1209 ret = ieee80211_tdls_mgmt_teardown(wiphy, dev, peer, 1210 action_code, dialog_token, 1211 status_code, 1212 peer_capability, initiator, 1213 extra_ies, extra_ies_len); 1214 break; 1215 case WLAN_TDLS_DISCOVERY_REQUEST: 1216 /* 1217 * Protect the discovery so we can hear the TDLS discovery 1218 * response frame. It is transmitted directly and not buffered 1219 * by the AP. 1220 */ 1221 drv_mgd_protect_tdls_discover(sdata->local, sdata); 1222 /* fall-through */ 1223 case WLAN_TDLS_SETUP_CONFIRM: 1224 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES: 1225 /* no special handling */ 1226 ret = ieee80211_tdls_prep_mgmt_packet(wiphy, dev, peer, 1227 action_code, 1228 dialog_token, 1229 status_code, 1230 peer_capability, 1231 initiator, extra_ies, 1232 extra_ies_len, 0, NULL); 1233 break; 1234 default: 1235 ret = -EOPNOTSUPP; 1236 break; 1237 } 1238 1239 tdls_dbg(sdata, "TDLS mgmt action %d peer %pM status %d\n", 1240 action_code, peer, ret); 1241 return ret; 1242 } 1243 1244 static void iee80211_tdls_recalc_chanctx(struct ieee80211_sub_if_data *sdata, 1245 struct sta_info *sta) 1246 { 1247 struct ieee80211_local *local = sdata->local; 1248 struct ieee80211_chanctx_conf *conf; 1249 struct ieee80211_chanctx *ctx; 1250 enum nl80211_chan_width width; 1251 struct ieee80211_supported_band *sband; 1252 1253 mutex_lock(&local->chanctx_mtx); 1254 conf = rcu_dereference_protected(sdata->vif.chanctx_conf, 1255 lockdep_is_held(&local->chanctx_mtx)); 1256 if (conf) { 1257 width = conf->def.width; 1258 sband = local->hw.wiphy->bands[conf->def.chan->band]; 1259 ctx = container_of(conf, struct ieee80211_chanctx, conf); 1260 ieee80211_recalc_chanctx_chantype(local, ctx); 1261 1262 /* if width changed and a peer is given, update its BW */ 1263 if (width != conf->def.width && sta && 1264 test_sta_flag(sta, WLAN_STA_TDLS_WIDER_BW)) { 1265 enum ieee80211_sta_rx_bandwidth bw; 1266 1267 bw = ieee80211_chan_width_to_rx_bw(conf->def.width); 1268 bw = min(bw, ieee80211_sta_cap_rx_bw(sta)); 1269 if (bw != sta->sta.bandwidth) { 1270 sta->sta.bandwidth = bw; 1271 rate_control_rate_update(local, sband, sta, 1272 IEEE80211_RC_BW_CHANGED); 1273 /* 1274 * if a TDLS peer BW was updated, we need to 1275 * recalc the chandef width again, to get the 1276 * correct chanctx min_def 1277 */ 1278 ieee80211_recalc_chanctx_chantype(local, ctx); 1279 } 1280 } 1281 1282 } 1283 mutex_unlock(&local->chanctx_mtx); 1284 } 1285 1286 static int iee80211_tdls_have_ht_peers(struct ieee80211_sub_if_data *sdata) 1287 { 1288 struct sta_info *sta; 1289 bool result = false; 1290 1291 rcu_read_lock(); 1292 list_for_each_entry_rcu(sta, &sdata->local->sta_list, list) { 1293 if (!sta->sta.tdls || sta->sdata != sdata || !sta->uploaded || 1294 !test_sta_flag(sta, WLAN_STA_AUTHORIZED) || 1295 !test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH) || 1296 !sta->sta.ht_cap.ht_supported) 1297 continue; 1298 result = true; 1299 break; 1300 } 1301 rcu_read_unlock(); 1302 1303 return result; 1304 } 1305 1306 static void 1307 iee80211_tdls_recalc_ht_protection(struct ieee80211_sub_if_data *sdata, 1308 struct sta_info *sta) 1309 { 1310 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1311 bool tdls_ht; 1312 u16 protection = IEEE80211_HT_OP_MODE_PROTECTION_NONHT_MIXED | 1313 IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT | 1314 IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT; 1315 u16 opmode; 1316 1317 /* Nothing to do if the BSS connection uses HT */ 1318 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) 1319 return; 1320 1321 tdls_ht = (sta && sta->sta.ht_cap.ht_supported) || 1322 iee80211_tdls_have_ht_peers(sdata); 1323 1324 opmode = sdata->vif.bss_conf.ht_operation_mode; 1325 1326 if (tdls_ht) 1327 opmode |= protection; 1328 else 1329 opmode &= ~protection; 1330 1331 if (opmode == sdata->vif.bss_conf.ht_operation_mode) 1332 return; 1333 1334 sdata->vif.bss_conf.ht_operation_mode = opmode; 1335 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_HT); 1336 } 1337 1338 int ieee80211_tdls_oper(struct wiphy *wiphy, struct net_device *dev, 1339 const u8 *peer, enum nl80211_tdls_operation oper) 1340 { 1341 struct sta_info *sta; 1342 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1343 struct ieee80211_local *local = sdata->local; 1344 int ret; 1345 1346 if (!(wiphy->flags & WIPHY_FLAG_SUPPORTS_TDLS)) 1347 return -ENOTSUPP; 1348 1349 if (sdata->vif.type != NL80211_IFTYPE_STATION) 1350 return -EINVAL; 1351 1352 switch (oper) { 1353 case NL80211_TDLS_ENABLE_LINK: 1354 case NL80211_TDLS_DISABLE_LINK: 1355 break; 1356 case NL80211_TDLS_TEARDOWN: 1357 case NL80211_TDLS_SETUP: 1358 case NL80211_TDLS_DISCOVERY_REQ: 1359 /* We don't support in-driver setup/teardown/discovery */ 1360 return -ENOTSUPP; 1361 } 1362 1363 /* protect possible bss_conf changes and avoid concurrency in 1364 * ieee80211_bss_info_change_notify() 1365 */ 1366 sdata_lock(sdata); 1367 mutex_lock(&local->mtx); 1368 tdls_dbg(sdata, "TDLS oper %d peer %pM\n", oper, peer); 1369 1370 switch (oper) { 1371 case NL80211_TDLS_ENABLE_LINK: 1372 if (sdata->vif.csa_active) { 1373 tdls_dbg(sdata, "TDLS: disallow link during CSA\n"); 1374 ret = -EBUSY; 1375 break; 1376 } 1377 1378 mutex_lock(&local->sta_mtx); 1379 sta = sta_info_get(sdata, peer); 1380 if (!sta) { 1381 mutex_unlock(&local->sta_mtx); 1382 ret = -ENOLINK; 1383 break; 1384 } 1385 1386 iee80211_tdls_recalc_chanctx(sdata, sta); 1387 iee80211_tdls_recalc_ht_protection(sdata, sta); 1388 1389 set_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH); 1390 mutex_unlock(&local->sta_mtx); 1391 1392 WARN_ON_ONCE(is_zero_ether_addr(sdata->u.mgd.tdls_peer) || 1393 !ether_addr_equal(sdata->u.mgd.tdls_peer, peer)); 1394 ret = 0; 1395 break; 1396 case NL80211_TDLS_DISABLE_LINK: 1397 /* 1398 * The teardown message in ieee80211_tdls_mgmt_teardown() was 1399 * created while the queues were stopped, so it might still be 1400 * pending. Before flushing the queues we need to be sure the 1401 * message is handled by the tasklet handling pending messages, 1402 * otherwise we might start destroying the station before 1403 * sending the teardown packet. 1404 * Note that this only forces the tasklet to flush pendings - 1405 * not to stop the tasklet from rescheduling itself. 1406 */ 1407 tasklet_kill(&local->tx_pending_tasklet); 1408 /* flush a potentially queued teardown packet */ 1409 ieee80211_flush_queues(local, sdata, false); 1410 1411 ret = sta_info_destroy_addr(sdata, peer); 1412 1413 mutex_lock(&local->sta_mtx); 1414 iee80211_tdls_recalc_ht_protection(sdata, NULL); 1415 mutex_unlock(&local->sta_mtx); 1416 1417 iee80211_tdls_recalc_chanctx(sdata, NULL); 1418 break; 1419 default: 1420 ret = -ENOTSUPP; 1421 break; 1422 } 1423 1424 if (ret == 0 && ether_addr_equal(sdata->u.mgd.tdls_peer, peer)) { 1425 cancel_delayed_work(&sdata->u.mgd.tdls_peer_del_work); 1426 eth_zero_addr(sdata->u.mgd.tdls_peer); 1427 } 1428 1429 if (ret == 0) 1430 ieee80211_queue_work(&sdata->local->hw, 1431 &sdata->u.mgd.request_smps_work); 1432 1433 mutex_unlock(&local->mtx); 1434 sdata_unlock(sdata); 1435 return ret; 1436 } 1437 1438 void ieee80211_tdls_oper_request(struct ieee80211_vif *vif, const u8 *peer, 1439 enum nl80211_tdls_operation oper, 1440 u16 reason_code, gfp_t gfp) 1441 { 1442 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 1443 1444 if (vif->type != NL80211_IFTYPE_STATION || !vif->bss_conf.assoc) { 1445 sdata_err(sdata, "Discarding TDLS oper %d - not STA or disconnected\n", 1446 oper); 1447 return; 1448 } 1449 1450 cfg80211_tdls_oper_request(sdata->dev, peer, oper, reason_code, gfp); 1451 } 1452 EXPORT_SYMBOL(ieee80211_tdls_oper_request); 1453 1454 static void 1455 iee80211_tdls_add_ch_switch_timing(u8 *buf, u16 switch_time, u16 switch_timeout) 1456 { 1457 struct ieee80211_ch_switch_timing *ch_sw; 1458 1459 *buf++ = WLAN_EID_CHAN_SWITCH_TIMING; 1460 *buf++ = sizeof(struct ieee80211_ch_switch_timing); 1461 1462 ch_sw = (void *)buf; 1463 ch_sw->switch_time = cpu_to_le16(switch_time); 1464 ch_sw->switch_timeout = cpu_to_le16(switch_timeout); 1465 } 1466 1467 /* find switch timing IE in SKB ready for Tx */ 1468 static const u8 *ieee80211_tdls_find_sw_timing_ie(struct sk_buff *skb) 1469 { 1470 struct ieee80211_tdls_data *tf; 1471 const u8 *ie_start; 1472 1473 /* 1474 * Get the offset for the new location of the switch timing IE. 1475 * The SKB network header will now point to the "payload_type" 1476 * element of the TDLS data frame struct. 1477 */ 1478 tf = container_of(skb->data + skb_network_offset(skb), 1479 struct ieee80211_tdls_data, payload_type); 1480 ie_start = tf->u.chan_switch_req.variable; 1481 return cfg80211_find_ie(WLAN_EID_CHAN_SWITCH_TIMING, ie_start, 1482 skb->len - (ie_start - skb->data)); 1483 } 1484 1485 static struct sk_buff * 1486 ieee80211_tdls_ch_sw_tmpl_get(struct sta_info *sta, u8 oper_class, 1487 struct cfg80211_chan_def *chandef, 1488 u32 *ch_sw_tm_ie_offset) 1489 { 1490 struct ieee80211_sub_if_data *sdata = sta->sdata; 1491 u8 extra_ies[2 + sizeof(struct ieee80211_sec_chan_offs_ie) + 1492 2 + sizeof(struct ieee80211_ch_switch_timing)]; 1493 int extra_ies_len = 2 + sizeof(struct ieee80211_ch_switch_timing); 1494 u8 *pos = extra_ies; 1495 struct sk_buff *skb; 1496 1497 /* 1498 * if chandef points to a wide channel add a Secondary-Channel 1499 * Offset information element 1500 */ 1501 if (chandef->width == NL80211_CHAN_WIDTH_40) { 1502 struct ieee80211_sec_chan_offs_ie *sec_chan_ie; 1503 bool ht40plus; 1504 1505 *pos++ = WLAN_EID_SECONDARY_CHANNEL_OFFSET; 1506 *pos++ = sizeof(*sec_chan_ie); 1507 sec_chan_ie = (void *)pos; 1508 1509 ht40plus = cfg80211_get_chandef_type(chandef) == 1510 NL80211_CHAN_HT40PLUS; 1511 sec_chan_ie->sec_chan_offs = ht40plus ? 1512 IEEE80211_HT_PARAM_CHA_SEC_ABOVE : 1513 IEEE80211_HT_PARAM_CHA_SEC_BELOW; 1514 pos += sizeof(*sec_chan_ie); 1515 1516 extra_ies_len += 2 + sizeof(struct ieee80211_sec_chan_offs_ie); 1517 } 1518 1519 /* just set the values to 0, this is a template */ 1520 iee80211_tdls_add_ch_switch_timing(pos, 0, 0); 1521 1522 skb = ieee80211_tdls_build_mgmt_packet_data(sdata, sta->sta.addr, 1523 WLAN_TDLS_CHANNEL_SWITCH_REQUEST, 1524 0, 0, !sta->sta.tdls_initiator, 1525 extra_ies, extra_ies_len, 1526 oper_class, chandef); 1527 if (!skb) 1528 return NULL; 1529 1530 skb = ieee80211_build_data_template(sdata, skb, 0); 1531 if (IS_ERR(skb)) { 1532 tdls_dbg(sdata, "Failed building TDLS channel switch frame\n"); 1533 return NULL; 1534 } 1535 1536 if (ch_sw_tm_ie_offset) { 1537 const u8 *tm_ie = ieee80211_tdls_find_sw_timing_ie(skb); 1538 1539 if (!tm_ie) { 1540 tdls_dbg(sdata, "No switch timing IE in TDLS switch\n"); 1541 dev_kfree_skb_any(skb); 1542 return NULL; 1543 } 1544 1545 *ch_sw_tm_ie_offset = tm_ie - skb->data; 1546 } 1547 1548 tdls_dbg(sdata, 1549 "TDLS channel switch request template for %pM ch %d width %d\n", 1550 sta->sta.addr, chandef->chan->center_freq, chandef->width); 1551 return skb; 1552 } 1553 1554 int 1555 ieee80211_tdls_channel_switch(struct wiphy *wiphy, struct net_device *dev, 1556 const u8 *addr, u8 oper_class, 1557 struct cfg80211_chan_def *chandef) 1558 { 1559 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1560 struct ieee80211_local *local = sdata->local; 1561 struct sta_info *sta; 1562 struct sk_buff *skb = NULL; 1563 u32 ch_sw_tm_ie; 1564 int ret; 1565 1566 mutex_lock(&local->sta_mtx); 1567 sta = sta_info_get(sdata, addr); 1568 if (!sta) { 1569 tdls_dbg(sdata, 1570 "Invalid TDLS peer %pM for channel switch request\n", 1571 addr); 1572 ret = -ENOENT; 1573 goto out; 1574 } 1575 1576 if (!test_sta_flag(sta, WLAN_STA_TDLS_CHAN_SWITCH)) { 1577 tdls_dbg(sdata, "TDLS channel switch unsupported by %pM\n", 1578 addr); 1579 ret = -ENOTSUPP; 1580 goto out; 1581 } 1582 1583 skb = ieee80211_tdls_ch_sw_tmpl_get(sta, oper_class, chandef, 1584 &ch_sw_tm_ie); 1585 if (!skb) { 1586 ret = -ENOENT; 1587 goto out; 1588 } 1589 1590 ret = drv_tdls_channel_switch(local, sdata, &sta->sta, oper_class, 1591 chandef, skb, ch_sw_tm_ie); 1592 if (!ret) 1593 set_sta_flag(sta, WLAN_STA_TDLS_OFF_CHANNEL); 1594 1595 out: 1596 mutex_unlock(&local->sta_mtx); 1597 dev_kfree_skb_any(skb); 1598 return ret; 1599 } 1600 1601 void 1602 ieee80211_tdls_cancel_channel_switch(struct wiphy *wiphy, 1603 struct net_device *dev, 1604 const u8 *addr) 1605 { 1606 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1607 struct ieee80211_local *local = sdata->local; 1608 struct sta_info *sta; 1609 1610 mutex_lock(&local->sta_mtx); 1611 sta = sta_info_get(sdata, addr); 1612 if (!sta) { 1613 tdls_dbg(sdata, 1614 "Invalid TDLS peer %pM for channel switch cancel\n", 1615 addr); 1616 goto out; 1617 } 1618 1619 if (!test_sta_flag(sta, WLAN_STA_TDLS_OFF_CHANNEL)) { 1620 tdls_dbg(sdata, "TDLS channel switch not initiated by %pM\n", 1621 addr); 1622 goto out; 1623 } 1624 1625 drv_tdls_cancel_channel_switch(local, sdata, &sta->sta); 1626 clear_sta_flag(sta, WLAN_STA_TDLS_OFF_CHANNEL); 1627 1628 out: 1629 mutex_unlock(&local->sta_mtx); 1630 } 1631 1632 static struct sk_buff * 1633 ieee80211_tdls_ch_sw_resp_tmpl_get(struct sta_info *sta, 1634 u32 *ch_sw_tm_ie_offset) 1635 { 1636 struct ieee80211_sub_if_data *sdata = sta->sdata; 1637 struct sk_buff *skb; 1638 u8 extra_ies[2 + sizeof(struct ieee80211_ch_switch_timing)]; 1639 1640 /* initial timing are always zero in the template */ 1641 iee80211_tdls_add_ch_switch_timing(extra_ies, 0, 0); 1642 1643 skb = ieee80211_tdls_build_mgmt_packet_data(sdata, sta->sta.addr, 1644 WLAN_TDLS_CHANNEL_SWITCH_RESPONSE, 1645 0, 0, !sta->sta.tdls_initiator, 1646 extra_ies, sizeof(extra_ies), 0, NULL); 1647 if (!skb) 1648 return NULL; 1649 1650 skb = ieee80211_build_data_template(sdata, skb, 0); 1651 if (IS_ERR(skb)) { 1652 tdls_dbg(sdata, 1653 "Failed building TDLS channel switch resp frame\n"); 1654 return NULL; 1655 } 1656 1657 if (ch_sw_tm_ie_offset) { 1658 const u8 *tm_ie = ieee80211_tdls_find_sw_timing_ie(skb); 1659 1660 if (!tm_ie) { 1661 tdls_dbg(sdata, 1662 "No switch timing IE in TDLS switch resp\n"); 1663 dev_kfree_skb_any(skb); 1664 return NULL; 1665 } 1666 1667 *ch_sw_tm_ie_offset = tm_ie - skb->data; 1668 } 1669 1670 tdls_dbg(sdata, "TDLS get channel switch response template for %pM\n", 1671 sta->sta.addr); 1672 return skb; 1673 } 1674 1675 static int 1676 ieee80211_process_tdls_channel_switch_resp(struct ieee80211_sub_if_data *sdata, 1677 struct sk_buff *skb) 1678 { 1679 struct ieee80211_local *local = sdata->local; 1680 struct ieee802_11_elems elems; 1681 struct sta_info *sta; 1682 struct ieee80211_tdls_data *tf = (void *)skb->data; 1683 bool local_initiator; 1684 struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb); 1685 int baselen = offsetof(typeof(*tf), u.chan_switch_resp.variable); 1686 struct ieee80211_tdls_ch_sw_params params = {}; 1687 int ret; 1688 1689 params.action_code = WLAN_TDLS_CHANNEL_SWITCH_RESPONSE; 1690 params.timestamp = rx_status->device_timestamp; 1691 1692 if (skb->len < baselen) { 1693 tdls_dbg(sdata, "TDLS channel switch resp too short: %d\n", 1694 skb->len); 1695 return -EINVAL; 1696 } 1697 1698 mutex_lock(&local->sta_mtx); 1699 sta = sta_info_get(sdata, tf->sa); 1700 if (!sta || !test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH)) { 1701 tdls_dbg(sdata, "TDLS chan switch from non-peer sta %pM\n", 1702 tf->sa); 1703 ret = -EINVAL; 1704 goto out; 1705 } 1706 1707 params.sta = &sta->sta; 1708 params.status = le16_to_cpu(tf->u.chan_switch_resp.status_code); 1709 if (params.status != 0) { 1710 ret = 0; 1711 goto call_drv; 1712 } 1713 1714 ieee802_11_parse_elems(tf->u.chan_switch_resp.variable, 1715 skb->len - baselen, false, &elems); 1716 if (elems.parse_error) { 1717 tdls_dbg(sdata, "Invalid IEs in TDLS channel switch resp\n"); 1718 ret = -EINVAL; 1719 goto out; 1720 } 1721 1722 if (!elems.ch_sw_timing || !elems.lnk_id) { 1723 tdls_dbg(sdata, "TDLS channel switch resp - missing IEs\n"); 1724 ret = -EINVAL; 1725 goto out; 1726 } 1727 1728 /* validate the initiator is set correctly */ 1729 local_initiator = 1730 !memcmp(elems.lnk_id->init_sta, sdata->vif.addr, ETH_ALEN); 1731 if (local_initiator == sta->sta.tdls_initiator) { 1732 tdls_dbg(sdata, "TDLS chan switch invalid lnk-id initiator\n"); 1733 ret = -EINVAL; 1734 goto out; 1735 } 1736 1737 params.switch_time = le16_to_cpu(elems.ch_sw_timing->switch_time); 1738 params.switch_timeout = le16_to_cpu(elems.ch_sw_timing->switch_timeout); 1739 1740 params.tmpl_skb = 1741 ieee80211_tdls_ch_sw_resp_tmpl_get(sta, ¶ms.ch_sw_tm_ie); 1742 if (!params.tmpl_skb) { 1743 ret = -ENOENT; 1744 goto out; 1745 } 1746 1747 ret = 0; 1748 call_drv: 1749 drv_tdls_recv_channel_switch(sdata->local, sdata, ¶ms); 1750 1751 tdls_dbg(sdata, 1752 "TDLS channel switch response received from %pM status %d\n", 1753 tf->sa, params.status); 1754 1755 out: 1756 mutex_unlock(&local->sta_mtx); 1757 dev_kfree_skb_any(params.tmpl_skb); 1758 return ret; 1759 } 1760 1761 static int 1762 ieee80211_process_tdls_channel_switch_req(struct ieee80211_sub_if_data *sdata, 1763 struct sk_buff *skb) 1764 { 1765 struct ieee80211_local *local = sdata->local; 1766 struct ieee802_11_elems elems; 1767 struct cfg80211_chan_def chandef; 1768 struct ieee80211_channel *chan; 1769 enum nl80211_channel_type chan_type; 1770 int freq; 1771 u8 target_channel, oper_class; 1772 bool local_initiator; 1773 struct sta_info *sta; 1774 enum nl80211_band band; 1775 struct ieee80211_tdls_data *tf = (void *)skb->data; 1776 struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb); 1777 int baselen = offsetof(typeof(*tf), u.chan_switch_req.variable); 1778 struct ieee80211_tdls_ch_sw_params params = {}; 1779 int ret = 0; 1780 1781 params.action_code = WLAN_TDLS_CHANNEL_SWITCH_REQUEST; 1782 params.timestamp = rx_status->device_timestamp; 1783 1784 if (skb->len < baselen) { 1785 tdls_dbg(sdata, "TDLS channel switch req too short: %d\n", 1786 skb->len); 1787 return -EINVAL; 1788 } 1789 1790 target_channel = tf->u.chan_switch_req.target_channel; 1791 oper_class = tf->u.chan_switch_req.oper_class; 1792 1793 /* 1794 * We can't easily infer the channel band. The operating class is 1795 * ambiguous - there are multiple tables (US/Europe/JP/Global). The 1796 * solution here is to treat channels with number >14 as 5GHz ones, 1797 * and specifically check for the (oper_class, channel) combinations 1798 * where this doesn't hold. These are thankfully unique according to 1799 * IEEE802.11-2012. 1800 * We consider only the 2GHz and 5GHz bands and 20MHz+ channels as 1801 * valid here. 1802 */ 1803 if ((oper_class == 112 || oper_class == 2 || oper_class == 3 || 1804 oper_class == 4 || oper_class == 5 || oper_class == 6) && 1805 target_channel < 14) 1806 band = NL80211_BAND_5GHZ; 1807 else 1808 band = target_channel < 14 ? NL80211_BAND_2GHZ : 1809 NL80211_BAND_5GHZ; 1810 1811 freq = ieee80211_channel_to_frequency(target_channel, band); 1812 if (freq == 0) { 1813 tdls_dbg(sdata, "Invalid channel in TDLS chan switch: %d\n", 1814 target_channel); 1815 return -EINVAL; 1816 } 1817 1818 chan = ieee80211_get_channel(sdata->local->hw.wiphy, freq); 1819 if (!chan) { 1820 tdls_dbg(sdata, 1821 "Unsupported channel for TDLS chan switch: %d\n", 1822 target_channel); 1823 return -EINVAL; 1824 } 1825 1826 ieee802_11_parse_elems(tf->u.chan_switch_req.variable, 1827 skb->len - baselen, false, &elems); 1828 if (elems.parse_error) { 1829 tdls_dbg(sdata, "Invalid IEs in TDLS channel switch req\n"); 1830 return -EINVAL; 1831 } 1832 1833 if (!elems.ch_sw_timing || !elems.lnk_id) { 1834 tdls_dbg(sdata, "TDLS channel switch req - missing IEs\n"); 1835 return -EINVAL; 1836 } 1837 1838 if (!elems.sec_chan_offs) { 1839 chan_type = NL80211_CHAN_HT20; 1840 } else { 1841 switch (elems.sec_chan_offs->sec_chan_offs) { 1842 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 1843 chan_type = NL80211_CHAN_HT40PLUS; 1844 break; 1845 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 1846 chan_type = NL80211_CHAN_HT40MINUS; 1847 break; 1848 default: 1849 chan_type = NL80211_CHAN_HT20; 1850 break; 1851 } 1852 } 1853 1854 cfg80211_chandef_create(&chandef, chan, chan_type); 1855 1856 /* we will be active on the TDLS link */ 1857 if (!cfg80211_reg_can_beacon_relax(sdata->local->hw.wiphy, &chandef, 1858 sdata->wdev.iftype)) { 1859 tdls_dbg(sdata, "TDLS chan switch to forbidden channel\n"); 1860 return -EINVAL; 1861 } 1862 1863 mutex_lock(&local->sta_mtx); 1864 sta = sta_info_get(sdata, tf->sa); 1865 if (!sta || !test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH)) { 1866 tdls_dbg(sdata, "TDLS chan switch from non-peer sta %pM\n", 1867 tf->sa); 1868 ret = -EINVAL; 1869 goto out; 1870 } 1871 1872 params.sta = &sta->sta; 1873 1874 /* validate the initiator is set correctly */ 1875 local_initiator = 1876 !memcmp(elems.lnk_id->init_sta, sdata->vif.addr, ETH_ALEN); 1877 if (local_initiator == sta->sta.tdls_initiator) { 1878 tdls_dbg(sdata, "TDLS chan switch invalid lnk-id initiator\n"); 1879 ret = -EINVAL; 1880 goto out; 1881 } 1882 1883 /* peer should have known better */ 1884 if (!sta->sta.ht_cap.ht_supported && elems.sec_chan_offs && 1885 elems.sec_chan_offs->sec_chan_offs) { 1886 tdls_dbg(sdata, "TDLS chan switch - wide chan unsupported\n"); 1887 ret = -ENOTSUPP; 1888 goto out; 1889 } 1890 1891 params.chandef = &chandef; 1892 params.switch_time = le16_to_cpu(elems.ch_sw_timing->switch_time); 1893 params.switch_timeout = le16_to_cpu(elems.ch_sw_timing->switch_timeout); 1894 1895 params.tmpl_skb = 1896 ieee80211_tdls_ch_sw_resp_tmpl_get(sta, 1897 ¶ms.ch_sw_tm_ie); 1898 if (!params.tmpl_skb) { 1899 ret = -ENOENT; 1900 goto out; 1901 } 1902 1903 drv_tdls_recv_channel_switch(sdata->local, sdata, ¶ms); 1904 1905 tdls_dbg(sdata, 1906 "TDLS ch switch request received from %pM ch %d width %d\n", 1907 tf->sa, params.chandef->chan->center_freq, 1908 params.chandef->width); 1909 out: 1910 mutex_unlock(&local->sta_mtx); 1911 dev_kfree_skb_any(params.tmpl_skb); 1912 return ret; 1913 } 1914 1915 static void 1916 ieee80211_process_tdls_channel_switch(struct ieee80211_sub_if_data *sdata, 1917 struct sk_buff *skb) 1918 { 1919 struct ieee80211_tdls_data *tf = (void *)skb->data; 1920 struct wiphy *wiphy = sdata->local->hw.wiphy; 1921 1922 ASSERT_RTNL(); 1923 1924 /* make sure the driver supports it */ 1925 if (!(wiphy->features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH)) 1926 return; 1927 1928 /* we want to access the entire packet */ 1929 if (skb_linearize(skb)) 1930 return; 1931 /* 1932 * The packet/size was already validated by mac80211 Rx path, only look 1933 * at the action type. 1934 */ 1935 switch (tf->action_code) { 1936 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST: 1937 ieee80211_process_tdls_channel_switch_req(sdata, skb); 1938 break; 1939 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE: 1940 ieee80211_process_tdls_channel_switch_resp(sdata, skb); 1941 break; 1942 default: 1943 WARN_ON_ONCE(1); 1944 return; 1945 } 1946 } 1947 1948 void ieee80211_teardown_tdls_peers(struct ieee80211_sub_if_data *sdata) 1949 { 1950 struct sta_info *sta; 1951 u16 reason = WLAN_REASON_TDLS_TEARDOWN_UNSPECIFIED; 1952 1953 rcu_read_lock(); 1954 list_for_each_entry_rcu(sta, &sdata->local->sta_list, list) { 1955 if (!sta->sta.tdls || sta->sdata != sdata || !sta->uploaded || 1956 !test_sta_flag(sta, WLAN_STA_AUTHORIZED)) 1957 continue; 1958 1959 ieee80211_tdls_oper_request(&sdata->vif, sta->sta.addr, 1960 NL80211_TDLS_TEARDOWN, reason, 1961 GFP_ATOMIC); 1962 } 1963 rcu_read_unlock(); 1964 } 1965 1966 void ieee80211_tdls_chsw_work(struct work_struct *wk) 1967 { 1968 struct ieee80211_local *local = 1969 container_of(wk, struct ieee80211_local, tdls_chsw_work); 1970 struct ieee80211_sub_if_data *sdata; 1971 struct sk_buff *skb; 1972 struct ieee80211_tdls_data *tf; 1973 1974 rtnl_lock(); 1975 while ((skb = skb_dequeue(&local->skb_queue_tdls_chsw))) { 1976 tf = (struct ieee80211_tdls_data *)skb->data; 1977 list_for_each_entry(sdata, &local->interfaces, list) { 1978 if (!ieee80211_sdata_running(sdata) || 1979 sdata->vif.type != NL80211_IFTYPE_STATION || 1980 !ether_addr_equal(tf->da, sdata->vif.addr)) 1981 continue; 1982 1983 ieee80211_process_tdls_channel_switch(sdata, skb); 1984 break; 1985 } 1986 1987 kfree_skb(skb); 1988 } 1989 rtnl_unlock(); 1990 } 1991