1 /* 2 * mac80211 TDLS handling code 3 * 4 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net> 5 * Copyright 2014, Intel Corporation 6 * Copyright 2014 Intel Mobile Communications GmbH 7 * 8 * This file is GPLv2 as found in COPYING. 9 */ 10 11 #include <linux/ieee80211.h> 12 #include <linux/log2.h> 13 #include <net/cfg80211.h> 14 #include "ieee80211_i.h" 15 #include "driver-ops.h" 16 17 /* give usermode some time for retries in setting up the TDLS session */ 18 #define TDLS_PEER_SETUP_TIMEOUT (15 * HZ) 19 20 void ieee80211_tdls_peer_del_work(struct work_struct *wk) 21 { 22 struct ieee80211_sub_if_data *sdata; 23 struct ieee80211_local *local; 24 25 sdata = container_of(wk, struct ieee80211_sub_if_data, 26 u.mgd.tdls_peer_del_work.work); 27 local = sdata->local; 28 29 mutex_lock(&local->mtx); 30 if (!is_zero_ether_addr(sdata->u.mgd.tdls_peer)) { 31 tdls_dbg(sdata, "TDLS del peer %pM\n", sdata->u.mgd.tdls_peer); 32 sta_info_destroy_addr(sdata, sdata->u.mgd.tdls_peer); 33 eth_zero_addr(sdata->u.mgd.tdls_peer); 34 } 35 mutex_unlock(&local->mtx); 36 } 37 38 static void ieee80211_tdls_add_ext_capab(struct ieee80211_local *local, 39 struct sk_buff *skb) 40 { 41 u8 *pos = (void *)skb_put(skb, 7); 42 bool chan_switch = local->hw.wiphy->features & 43 NL80211_FEATURE_TDLS_CHANNEL_SWITCH; 44 45 *pos++ = WLAN_EID_EXT_CAPABILITY; 46 *pos++ = 5; /* len */ 47 *pos++ = 0x0; 48 *pos++ = 0x0; 49 *pos++ = 0x0; 50 *pos++ = chan_switch ? WLAN_EXT_CAPA4_TDLS_CHAN_SWITCH : 0; 51 *pos++ = WLAN_EXT_CAPA5_TDLS_ENABLED; 52 } 53 54 static u8 55 ieee80211_tdls_add_subband(struct ieee80211_sub_if_data *sdata, 56 struct sk_buff *skb, u16 start, u16 end, 57 u16 spacing) 58 { 59 u8 subband_cnt = 0, ch_cnt = 0; 60 struct ieee80211_channel *ch; 61 struct cfg80211_chan_def chandef; 62 int i, subband_start; 63 64 for (i = start; i <= end; i += spacing) { 65 if (!ch_cnt) 66 subband_start = i; 67 68 ch = ieee80211_get_channel(sdata->local->hw.wiphy, i); 69 if (ch) { 70 /* we will be active on the channel */ 71 u32 flags = IEEE80211_CHAN_DISABLED | 72 IEEE80211_CHAN_NO_IR; 73 cfg80211_chandef_create(&chandef, ch, 74 NL80211_CHAN_HT20); 75 if (cfg80211_chandef_usable(sdata->local->hw.wiphy, 76 &chandef, flags)) { 77 ch_cnt++; 78 continue; 79 } 80 } 81 82 if (ch_cnt) { 83 u8 *pos = skb_put(skb, 2); 84 *pos++ = ieee80211_frequency_to_channel(subband_start); 85 *pos++ = ch_cnt; 86 87 subband_cnt++; 88 ch_cnt = 0; 89 } 90 } 91 92 return subband_cnt; 93 } 94 95 static void 96 ieee80211_tdls_add_supp_channels(struct ieee80211_sub_if_data *sdata, 97 struct sk_buff *skb) 98 { 99 /* 100 * Add possible channels for TDLS. These are channels that are allowed 101 * to be active. 102 */ 103 u8 subband_cnt; 104 u8 *pos = skb_put(skb, 2); 105 106 *pos++ = WLAN_EID_SUPPORTED_CHANNELS; 107 108 /* 109 * 5GHz and 2GHz channels numbers can overlap. Ignore this for now, as 110 * this doesn't happen in real world scenarios. 111 */ 112 113 /* 2GHz, with 5MHz spacing */ 114 subband_cnt = ieee80211_tdls_add_subband(sdata, skb, 2412, 2472, 5); 115 116 /* 5GHz, with 20MHz spacing */ 117 subband_cnt += ieee80211_tdls_add_subband(sdata, skb, 5000, 5825, 20); 118 119 /* length */ 120 *pos = 2 * subband_cnt; 121 } 122 123 static void ieee80211_tdls_add_bss_coex_ie(struct sk_buff *skb) 124 { 125 u8 *pos = (void *)skb_put(skb, 3); 126 127 *pos++ = WLAN_EID_BSS_COEX_2040; 128 *pos++ = 1; /* len */ 129 130 *pos++ = WLAN_BSS_COEX_INFORMATION_REQUEST; 131 } 132 133 static u16 ieee80211_get_tdls_sta_capab(struct ieee80211_sub_if_data *sdata, 134 u16 status_code) 135 { 136 struct ieee80211_local *local = sdata->local; 137 u16 capab; 138 139 /* The capability will be 0 when sending a failure code */ 140 if (status_code != 0) 141 return 0; 142 143 capab = 0; 144 if (ieee80211_get_sdata_band(sdata) != IEEE80211_BAND_2GHZ) 145 return capab; 146 147 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE)) 148 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME; 149 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE)) 150 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE; 151 152 return capab; 153 } 154 155 static void ieee80211_tdls_add_link_ie(struct ieee80211_sub_if_data *sdata, 156 struct sk_buff *skb, const u8 *peer, 157 bool initiator) 158 { 159 struct ieee80211_tdls_lnkie *lnkid; 160 const u8 *init_addr, *rsp_addr; 161 162 if (initiator) { 163 init_addr = sdata->vif.addr; 164 rsp_addr = peer; 165 } else { 166 init_addr = peer; 167 rsp_addr = sdata->vif.addr; 168 } 169 170 lnkid = (void *)skb_put(skb, sizeof(struct ieee80211_tdls_lnkie)); 171 172 lnkid->ie_type = WLAN_EID_LINK_ID; 173 lnkid->ie_len = sizeof(struct ieee80211_tdls_lnkie) - 2; 174 175 memcpy(lnkid->bssid, sdata->u.mgd.bssid, ETH_ALEN); 176 memcpy(lnkid->init_sta, init_addr, ETH_ALEN); 177 memcpy(lnkid->resp_sta, rsp_addr, ETH_ALEN); 178 } 179 180 /* translate numbering in the WMM parameter IE to the mac80211 notation */ 181 static enum ieee80211_ac_numbers ieee80211_ac_from_wmm(int ac) 182 { 183 switch (ac) { 184 default: 185 WARN_ON_ONCE(1); 186 case 0: 187 return IEEE80211_AC_BE; 188 case 1: 189 return IEEE80211_AC_BK; 190 case 2: 191 return IEEE80211_AC_VI; 192 case 3: 193 return IEEE80211_AC_VO; 194 } 195 } 196 197 static u8 ieee80211_wmm_aci_aifsn(int aifsn, bool acm, int aci) 198 { 199 u8 ret; 200 201 ret = aifsn & 0x0f; 202 if (acm) 203 ret |= 0x10; 204 ret |= (aci << 5) & 0x60; 205 return ret; 206 } 207 208 static u8 ieee80211_wmm_ecw(u16 cw_min, u16 cw_max) 209 { 210 return ((ilog2(cw_min + 1) << 0x0) & 0x0f) | 211 ((ilog2(cw_max + 1) << 0x4) & 0xf0); 212 } 213 214 static void ieee80211_tdls_add_wmm_param_ie(struct ieee80211_sub_if_data *sdata, 215 struct sk_buff *skb) 216 { 217 struct ieee80211_wmm_param_ie *wmm; 218 struct ieee80211_tx_queue_params *txq; 219 int i; 220 221 wmm = (void *)skb_put(skb, sizeof(*wmm)); 222 memset(wmm, 0, sizeof(*wmm)); 223 224 wmm->element_id = WLAN_EID_VENDOR_SPECIFIC; 225 wmm->len = sizeof(*wmm) - 2; 226 227 wmm->oui[0] = 0x00; /* Microsoft OUI 00:50:F2 */ 228 wmm->oui[1] = 0x50; 229 wmm->oui[2] = 0xf2; 230 wmm->oui_type = 2; /* WME */ 231 wmm->oui_subtype = 1; /* WME param */ 232 wmm->version = 1; /* WME ver */ 233 wmm->qos_info = 0; /* U-APSD not in use */ 234 235 /* 236 * Use the EDCA parameters defined for the BSS, or default if the AP 237 * doesn't support it, as mandated by 802.11-2012 section 10.22.4 238 */ 239 for (i = 0; i < IEEE80211_NUM_ACS; i++) { 240 txq = &sdata->tx_conf[ieee80211_ac_from_wmm(i)]; 241 wmm->ac[i].aci_aifsn = ieee80211_wmm_aci_aifsn(txq->aifs, 242 txq->acm, i); 243 wmm->ac[i].cw = ieee80211_wmm_ecw(txq->cw_min, txq->cw_max); 244 wmm->ac[i].txop_limit = cpu_to_le16(txq->txop); 245 } 246 } 247 248 static void 249 ieee80211_tdls_add_setup_start_ies(struct ieee80211_sub_if_data *sdata, 250 struct sk_buff *skb, const u8 *peer, 251 u8 action_code, bool initiator, 252 const u8 *extra_ies, size_t extra_ies_len) 253 { 254 enum ieee80211_band band = ieee80211_get_sdata_band(sdata); 255 struct ieee80211_local *local = sdata->local; 256 struct ieee80211_supported_band *sband; 257 struct ieee80211_sta_ht_cap ht_cap; 258 struct sta_info *sta = NULL; 259 size_t offset = 0, noffset; 260 u8 *pos; 261 262 rcu_read_lock(); 263 264 /* we should have the peer STA if we're already responding */ 265 if (action_code == WLAN_TDLS_SETUP_RESPONSE) { 266 sta = sta_info_get(sdata, peer); 267 if (WARN_ON_ONCE(!sta)) { 268 rcu_read_unlock(); 269 return; 270 } 271 } 272 273 ieee80211_add_srates_ie(sdata, skb, false, band); 274 ieee80211_add_ext_srates_ie(sdata, skb, false, band); 275 ieee80211_tdls_add_supp_channels(sdata, skb); 276 277 /* add any custom IEs that go before Extended Capabilities */ 278 if (extra_ies_len) { 279 static const u8 before_ext_cap[] = { 280 WLAN_EID_SUPP_RATES, 281 WLAN_EID_COUNTRY, 282 WLAN_EID_EXT_SUPP_RATES, 283 WLAN_EID_SUPPORTED_CHANNELS, 284 WLAN_EID_RSN, 285 }; 286 noffset = ieee80211_ie_split(extra_ies, extra_ies_len, 287 before_ext_cap, 288 ARRAY_SIZE(before_ext_cap), 289 offset); 290 pos = skb_put(skb, noffset - offset); 291 memcpy(pos, extra_ies + offset, noffset - offset); 292 offset = noffset; 293 } 294 295 ieee80211_tdls_add_ext_capab(local, skb); 296 297 /* add the QoS element if we support it */ 298 if (local->hw.queues >= IEEE80211_NUM_ACS && 299 action_code != WLAN_PUB_ACTION_TDLS_DISCOVER_RES) 300 ieee80211_add_wmm_info_ie(skb_put(skb, 9), 0); /* no U-APSD */ 301 302 /* add any custom IEs that go before HT capabilities */ 303 if (extra_ies_len) { 304 static const u8 before_ht_cap[] = { 305 WLAN_EID_SUPP_RATES, 306 WLAN_EID_COUNTRY, 307 WLAN_EID_EXT_SUPP_RATES, 308 WLAN_EID_SUPPORTED_CHANNELS, 309 WLAN_EID_RSN, 310 WLAN_EID_EXT_CAPABILITY, 311 WLAN_EID_QOS_CAPA, 312 WLAN_EID_FAST_BSS_TRANSITION, 313 WLAN_EID_TIMEOUT_INTERVAL, 314 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 315 }; 316 noffset = ieee80211_ie_split(extra_ies, extra_ies_len, 317 before_ht_cap, 318 ARRAY_SIZE(before_ht_cap), 319 offset); 320 pos = skb_put(skb, noffset - offset); 321 memcpy(pos, extra_ies + offset, noffset - offset); 322 offset = noffset; 323 } 324 325 /* 326 * with TDLS we can switch channels, and HT-caps are not necessarily 327 * the same on all bands. The specification limits the setup to a 328 * single HT-cap, so use the current band for now. 329 */ 330 sband = local->hw.wiphy->bands[band]; 331 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap)); 332 if ((action_code == WLAN_TDLS_SETUP_REQUEST || 333 action_code == WLAN_TDLS_SETUP_RESPONSE) && 334 ht_cap.ht_supported && (!sta || sta->sta.ht_cap.ht_supported)) { 335 if (action_code == WLAN_TDLS_SETUP_REQUEST) { 336 ieee80211_apply_htcap_overrides(sdata, &ht_cap); 337 338 /* disable SMPS in TDLS initiator */ 339 ht_cap.cap |= (WLAN_HT_CAP_SM_PS_DISABLED 340 << IEEE80211_HT_CAP_SM_PS_SHIFT); 341 } else { 342 /* disable SMPS in TDLS responder */ 343 sta->sta.ht_cap.cap |= 344 (WLAN_HT_CAP_SM_PS_DISABLED 345 << IEEE80211_HT_CAP_SM_PS_SHIFT); 346 347 /* the peer caps are already intersected with our own */ 348 memcpy(&ht_cap, &sta->sta.ht_cap, sizeof(ht_cap)); 349 } 350 351 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2); 352 ieee80211_ie_build_ht_cap(pos, &ht_cap, ht_cap.cap); 353 } 354 355 rcu_read_unlock(); 356 357 if (ht_cap.ht_supported && 358 (ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40)) 359 ieee80211_tdls_add_bss_coex_ie(skb); 360 361 /* add any remaining IEs */ 362 if (extra_ies_len) { 363 noffset = extra_ies_len; 364 pos = skb_put(skb, noffset - offset); 365 memcpy(pos, extra_ies + offset, noffset - offset); 366 } 367 368 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator); 369 } 370 371 static void 372 ieee80211_tdls_add_setup_cfm_ies(struct ieee80211_sub_if_data *sdata, 373 struct sk_buff *skb, const u8 *peer, 374 bool initiator, const u8 *extra_ies, 375 size_t extra_ies_len) 376 { 377 struct ieee80211_local *local = sdata->local; 378 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 379 size_t offset = 0, noffset; 380 struct sta_info *sta, *ap_sta; 381 u8 *pos; 382 383 rcu_read_lock(); 384 385 sta = sta_info_get(sdata, peer); 386 ap_sta = sta_info_get(sdata, ifmgd->bssid); 387 if (WARN_ON_ONCE(!sta || !ap_sta)) { 388 rcu_read_unlock(); 389 return; 390 } 391 392 /* add any custom IEs that go before the QoS IE */ 393 if (extra_ies_len) { 394 static const u8 before_qos[] = { 395 WLAN_EID_RSN, 396 }; 397 noffset = ieee80211_ie_split(extra_ies, extra_ies_len, 398 before_qos, 399 ARRAY_SIZE(before_qos), 400 offset); 401 pos = skb_put(skb, noffset - offset); 402 memcpy(pos, extra_ies + offset, noffset - offset); 403 offset = noffset; 404 } 405 406 /* add the QoS param IE if both the peer and we support it */ 407 if (local->hw.queues >= IEEE80211_NUM_ACS && sta->sta.wme) 408 ieee80211_tdls_add_wmm_param_ie(sdata, skb); 409 410 /* add any custom IEs that go before HT operation */ 411 if (extra_ies_len) { 412 static const u8 before_ht_op[] = { 413 WLAN_EID_RSN, 414 WLAN_EID_QOS_CAPA, 415 WLAN_EID_FAST_BSS_TRANSITION, 416 WLAN_EID_TIMEOUT_INTERVAL, 417 }; 418 noffset = ieee80211_ie_split(extra_ies, extra_ies_len, 419 before_ht_op, 420 ARRAY_SIZE(before_ht_op), 421 offset); 422 pos = skb_put(skb, noffset - offset); 423 memcpy(pos, extra_ies + offset, noffset - offset); 424 offset = noffset; 425 } 426 427 /* if HT support is only added in TDLS, we need an HT-operation IE */ 428 if (!ap_sta->sta.ht_cap.ht_supported && sta->sta.ht_cap.ht_supported) { 429 struct ieee80211_chanctx_conf *chanctx_conf = 430 rcu_dereference(sdata->vif.chanctx_conf); 431 if (!WARN_ON(!chanctx_conf)) { 432 pos = skb_put(skb, 2 + 433 sizeof(struct ieee80211_ht_operation)); 434 /* send an empty HT operation IE */ 435 ieee80211_ie_build_ht_oper(pos, &sta->sta.ht_cap, 436 &chanctx_conf->def, 0); 437 } 438 } 439 440 rcu_read_unlock(); 441 442 /* add any remaining IEs */ 443 if (extra_ies_len) { 444 noffset = extra_ies_len; 445 pos = skb_put(skb, noffset - offset); 446 memcpy(pos, extra_ies + offset, noffset - offset); 447 } 448 449 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator); 450 } 451 452 static void 453 ieee80211_tdls_add_chan_switch_req_ies(struct ieee80211_sub_if_data *sdata, 454 struct sk_buff *skb, const u8 *peer, 455 bool initiator, const u8 *extra_ies, 456 size_t extra_ies_len, u8 oper_class, 457 struct cfg80211_chan_def *chandef) 458 { 459 struct ieee80211_tdls_data *tf; 460 size_t offset = 0, noffset; 461 u8 *pos; 462 463 if (WARN_ON_ONCE(!chandef)) 464 return; 465 466 tf = (void *)skb->data; 467 tf->u.chan_switch_req.target_channel = 468 ieee80211_frequency_to_channel(chandef->chan->center_freq); 469 tf->u.chan_switch_req.oper_class = oper_class; 470 471 if (extra_ies_len) { 472 static const u8 before_lnkie[] = { 473 WLAN_EID_SECONDARY_CHANNEL_OFFSET, 474 }; 475 noffset = ieee80211_ie_split(extra_ies, extra_ies_len, 476 before_lnkie, 477 ARRAY_SIZE(before_lnkie), 478 offset); 479 pos = skb_put(skb, noffset - offset); 480 memcpy(pos, extra_ies + offset, noffset - offset); 481 offset = noffset; 482 } 483 484 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator); 485 486 /* add any remaining IEs */ 487 if (extra_ies_len) { 488 noffset = extra_ies_len; 489 pos = skb_put(skb, noffset - offset); 490 memcpy(pos, extra_ies + offset, noffset - offset); 491 } 492 } 493 494 static void 495 ieee80211_tdls_add_chan_switch_resp_ies(struct ieee80211_sub_if_data *sdata, 496 struct sk_buff *skb, const u8 *peer, 497 u16 status_code, bool initiator, 498 const u8 *extra_ies, 499 size_t extra_ies_len) 500 { 501 if (status_code == 0) 502 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator); 503 504 if (extra_ies_len) 505 memcpy(skb_put(skb, extra_ies_len), extra_ies, extra_ies_len); 506 } 507 508 static void ieee80211_tdls_add_ies(struct ieee80211_sub_if_data *sdata, 509 struct sk_buff *skb, const u8 *peer, 510 u8 action_code, u16 status_code, 511 bool initiator, const u8 *extra_ies, 512 size_t extra_ies_len, u8 oper_class, 513 struct cfg80211_chan_def *chandef) 514 { 515 switch (action_code) { 516 case WLAN_TDLS_SETUP_REQUEST: 517 case WLAN_TDLS_SETUP_RESPONSE: 518 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES: 519 if (status_code == 0) 520 ieee80211_tdls_add_setup_start_ies(sdata, skb, peer, 521 action_code, 522 initiator, 523 extra_ies, 524 extra_ies_len); 525 break; 526 case WLAN_TDLS_SETUP_CONFIRM: 527 if (status_code == 0) 528 ieee80211_tdls_add_setup_cfm_ies(sdata, skb, peer, 529 initiator, extra_ies, 530 extra_ies_len); 531 break; 532 case WLAN_TDLS_TEARDOWN: 533 case WLAN_TDLS_DISCOVERY_REQUEST: 534 if (extra_ies_len) 535 memcpy(skb_put(skb, extra_ies_len), extra_ies, 536 extra_ies_len); 537 if (status_code == 0 || action_code == WLAN_TDLS_TEARDOWN) 538 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator); 539 break; 540 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST: 541 ieee80211_tdls_add_chan_switch_req_ies(sdata, skb, peer, 542 initiator, extra_ies, 543 extra_ies_len, 544 oper_class, chandef); 545 break; 546 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE: 547 ieee80211_tdls_add_chan_switch_resp_ies(sdata, skb, peer, 548 status_code, 549 initiator, extra_ies, 550 extra_ies_len); 551 break; 552 } 553 554 } 555 556 static int 557 ieee80211_prep_tdls_encap_data(struct wiphy *wiphy, struct net_device *dev, 558 const u8 *peer, u8 action_code, u8 dialog_token, 559 u16 status_code, struct sk_buff *skb) 560 { 561 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 562 struct ieee80211_tdls_data *tf; 563 564 tf = (void *)skb_put(skb, offsetof(struct ieee80211_tdls_data, u)); 565 566 memcpy(tf->da, peer, ETH_ALEN); 567 memcpy(tf->sa, sdata->vif.addr, ETH_ALEN); 568 tf->ether_type = cpu_to_be16(ETH_P_TDLS); 569 tf->payload_type = WLAN_TDLS_SNAP_RFTYPE; 570 571 /* network header is after the ethernet header */ 572 skb_set_network_header(skb, ETH_HLEN); 573 574 switch (action_code) { 575 case WLAN_TDLS_SETUP_REQUEST: 576 tf->category = WLAN_CATEGORY_TDLS; 577 tf->action_code = WLAN_TDLS_SETUP_REQUEST; 578 579 skb_put(skb, sizeof(tf->u.setup_req)); 580 tf->u.setup_req.dialog_token = dialog_token; 581 tf->u.setup_req.capability = 582 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata, 583 status_code)); 584 break; 585 case WLAN_TDLS_SETUP_RESPONSE: 586 tf->category = WLAN_CATEGORY_TDLS; 587 tf->action_code = WLAN_TDLS_SETUP_RESPONSE; 588 589 skb_put(skb, sizeof(tf->u.setup_resp)); 590 tf->u.setup_resp.status_code = cpu_to_le16(status_code); 591 tf->u.setup_resp.dialog_token = dialog_token; 592 tf->u.setup_resp.capability = 593 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata, 594 status_code)); 595 break; 596 case WLAN_TDLS_SETUP_CONFIRM: 597 tf->category = WLAN_CATEGORY_TDLS; 598 tf->action_code = WLAN_TDLS_SETUP_CONFIRM; 599 600 skb_put(skb, sizeof(tf->u.setup_cfm)); 601 tf->u.setup_cfm.status_code = cpu_to_le16(status_code); 602 tf->u.setup_cfm.dialog_token = dialog_token; 603 break; 604 case WLAN_TDLS_TEARDOWN: 605 tf->category = WLAN_CATEGORY_TDLS; 606 tf->action_code = WLAN_TDLS_TEARDOWN; 607 608 skb_put(skb, sizeof(tf->u.teardown)); 609 tf->u.teardown.reason_code = cpu_to_le16(status_code); 610 break; 611 case WLAN_TDLS_DISCOVERY_REQUEST: 612 tf->category = WLAN_CATEGORY_TDLS; 613 tf->action_code = WLAN_TDLS_DISCOVERY_REQUEST; 614 615 skb_put(skb, sizeof(tf->u.discover_req)); 616 tf->u.discover_req.dialog_token = dialog_token; 617 break; 618 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST: 619 tf->category = WLAN_CATEGORY_TDLS; 620 tf->action_code = WLAN_TDLS_CHANNEL_SWITCH_REQUEST; 621 622 skb_put(skb, sizeof(tf->u.chan_switch_req)); 623 break; 624 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE: 625 tf->category = WLAN_CATEGORY_TDLS; 626 tf->action_code = WLAN_TDLS_CHANNEL_SWITCH_RESPONSE; 627 628 skb_put(skb, sizeof(tf->u.chan_switch_resp)); 629 tf->u.chan_switch_resp.status_code = cpu_to_le16(status_code); 630 break; 631 default: 632 return -EINVAL; 633 } 634 635 return 0; 636 } 637 638 static int 639 ieee80211_prep_tdls_direct(struct wiphy *wiphy, struct net_device *dev, 640 const u8 *peer, u8 action_code, u8 dialog_token, 641 u16 status_code, struct sk_buff *skb) 642 { 643 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 644 struct ieee80211_mgmt *mgmt; 645 646 mgmt = (void *)skb_put(skb, 24); 647 memset(mgmt, 0, 24); 648 memcpy(mgmt->da, peer, ETH_ALEN); 649 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 650 memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN); 651 652 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 653 IEEE80211_STYPE_ACTION); 654 655 switch (action_code) { 656 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES: 657 skb_put(skb, 1 + sizeof(mgmt->u.action.u.tdls_discover_resp)); 658 mgmt->u.action.category = WLAN_CATEGORY_PUBLIC; 659 mgmt->u.action.u.tdls_discover_resp.action_code = 660 WLAN_PUB_ACTION_TDLS_DISCOVER_RES; 661 mgmt->u.action.u.tdls_discover_resp.dialog_token = 662 dialog_token; 663 mgmt->u.action.u.tdls_discover_resp.capability = 664 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata, 665 status_code)); 666 break; 667 default: 668 return -EINVAL; 669 } 670 671 return 0; 672 } 673 674 static struct sk_buff * 675 ieee80211_tdls_build_mgmt_packet_data(struct ieee80211_sub_if_data *sdata, 676 const u8 *peer, u8 action_code, 677 u8 dialog_token, u16 status_code, 678 bool initiator, const u8 *extra_ies, 679 size_t extra_ies_len, u8 oper_class, 680 struct cfg80211_chan_def *chandef) 681 { 682 struct ieee80211_local *local = sdata->local; 683 struct sk_buff *skb; 684 int ret; 685 686 skb = netdev_alloc_skb(sdata->dev, 687 local->hw.extra_tx_headroom + 688 max(sizeof(struct ieee80211_mgmt), 689 sizeof(struct ieee80211_tdls_data)) + 690 50 + /* supported rates */ 691 7 + /* ext capab */ 692 26 + /* max(WMM-info, WMM-param) */ 693 2 + max(sizeof(struct ieee80211_ht_cap), 694 sizeof(struct ieee80211_ht_operation)) + 695 50 + /* supported channels */ 696 3 + /* 40/20 BSS coex */ 697 extra_ies_len + 698 sizeof(struct ieee80211_tdls_lnkie)); 699 if (!skb) 700 return NULL; 701 702 skb_reserve(skb, local->hw.extra_tx_headroom); 703 704 switch (action_code) { 705 case WLAN_TDLS_SETUP_REQUEST: 706 case WLAN_TDLS_SETUP_RESPONSE: 707 case WLAN_TDLS_SETUP_CONFIRM: 708 case WLAN_TDLS_TEARDOWN: 709 case WLAN_TDLS_DISCOVERY_REQUEST: 710 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST: 711 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE: 712 ret = ieee80211_prep_tdls_encap_data(local->hw.wiphy, 713 sdata->dev, peer, 714 action_code, dialog_token, 715 status_code, skb); 716 break; 717 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES: 718 ret = ieee80211_prep_tdls_direct(local->hw.wiphy, sdata->dev, 719 peer, action_code, 720 dialog_token, status_code, 721 skb); 722 break; 723 default: 724 ret = -ENOTSUPP; 725 break; 726 } 727 728 if (ret < 0) 729 goto fail; 730 731 ieee80211_tdls_add_ies(sdata, skb, peer, action_code, status_code, 732 initiator, extra_ies, extra_ies_len, oper_class, 733 chandef); 734 return skb; 735 736 fail: 737 dev_kfree_skb(skb); 738 return NULL; 739 } 740 741 static int 742 ieee80211_tdls_prep_mgmt_packet(struct wiphy *wiphy, struct net_device *dev, 743 const u8 *peer, u8 action_code, u8 dialog_token, 744 u16 status_code, u32 peer_capability, 745 bool initiator, const u8 *extra_ies, 746 size_t extra_ies_len, u8 oper_class, 747 struct cfg80211_chan_def *chandef) 748 { 749 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 750 struct sk_buff *skb = NULL; 751 struct sta_info *sta; 752 u32 flags = 0; 753 int ret = 0; 754 755 rcu_read_lock(); 756 sta = sta_info_get(sdata, peer); 757 758 /* infer the initiator if we can, to support old userspace */ 759 switch (action_code) { 760 case WLAN_TDLS_SETUP_REQUEST: 761 if (sta) { 762 set_sta_flag(sta, WLAN_STA_TDLS_INITIATOR); 763 sta->sta.tdls_initiator = false; 764 } 765 /* fall-through */ 766 case WLAN_TDLS_SETUP_CONFIRM: 767 case WLAN_TDLS_DISCOVERY_REQUEST: 768 initiator = true; 769 break; 770 case WLAN_TDLS_SETUP_RESPONSE: 771 /* 772 * In some testing scenarios, we send a request and response. 773 * Make the last packet sent take effect for the initiator 774 * value. 775 */ 776 if (sta) { 777 clear_sta_flag(sta, WLAN_STA_TDLS_INITIATOR); 778 sta->sta.tdls_initiator = true; 779 } 780 /* fall-through */ 781 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES: 782 initiator = false; 783 break; 784 case WLAN_TDLS_TEARDOWN: 785 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST: 786 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE: 787 /* any value is ok */ 788 break; 789 default: 790 ret = -ENOTSUPP; 791 break; 792 } 793 794 if (sta && test_sta_flag(sta, WLAN_STA_TDLS_INITIATOR)) 795 initiator = true; 796 797 rcu_read_unlock(); 798 if (ret < 0) 799 goto fail; 800 801 skb = ieee80211_tdls_build_mgmt_packet_data(sdata, peer, action_code, 802 dialog_token, status_code, 803 initiator, extra_ies, 804 extra_ies_len, oper_class, 805 chandef); 806 if (!skb) { 807 ret = -EINVAL; 808 goto fail; 809 } 810 811 if (action_code == WLAN_PUB_ACTION_TDLS_DISCOVER_RES) { 812 ieee80211_tx_skb(sdata, skb); 813 return 0; 814 } 815 816 /* 817 * According to 802.11z: Setup req/resp are sent in AC_BK, otherwise 818 * we should default to AC_VI. 819 */ 820 switch (action_code) { 821 case WLAN_TDLS_SETUP_REQUEST: 822 case WLAN_TDLS_SETUP_RESPONSE: 823 skb_set_queue_mapping(skb, IEEE80211_AC_BK); 824 skb->priority = 2; 825 break; 826 default: 827 skb_set_queue_mapping(skb, IEEE80211_AC_VI); 828 skb->priority = 5; 829 break; 830 } 831 832 /* 833 * Set the WLAN_TDLS_TEARDOWN flag to indicate a teardown in progress. 834 * Later, if no ACK is returned from peer, we will re-send the teardown 835 * packet through the AP. 836 */ 837 if ((action_code == WLAN_TDLS_TEARDOWN) && 838 (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) { 839 struct sta_info *sta = NULL; 840 bool try_resend; /* Should we keep skb for possible resend */ 841 842 /* If not sending directly to peer - no point in keeping skb */ 843 rcu_read_lock(); 844 sta = sta_info_get(sdata, peer); 845 try_resend = sta && test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH); 846 rcu_read_unlock(); 847 848 spin_lock_bh(&sdata->u.mgd.teardown_lock); 849 if (try_resend && !sdata->u.mgd.teardown_skb) { 850 /* Mark it as requiring TX status callback */ 851 flags |= IEEE80211_TX_CTL_REQ_TX_STATUS | 852 IEEE80211_TX_INTFL_MLME_CONN_TX; 853 854 /* 855 * skb is copied since mac80211 will later set 856 * properties that might not be the same as the AP, 857 * such as encryption, QoS, addresses, etc. 858 * 859 * No problem if skb_copy() fails, so no need to check. 860 */ 861 sdata->u.mgd.teardown_skb = skb_copy(skb, GFP_ATOMIC); 862 sdata->u.mgd.orig_teardown_skb = skb; 863 } 864 spin_unlock_bh(&sdata->u.mgd.teardown_lock); 865 } 866 867 /* disable bottom halves when entering the Tx path */ 868 local_bh_disable(); 869 __ieee80211_subif_start_xmit(skb, dev, flags); 870 local_bh_enable(); 871 872 return ret; 873 874 fail: 875 dev_kfree_skb(skb); 876 return ret; 877 } 878 879 static int 880 ieee80211_tdls_mgmt_setup(struct wiphy *wiphy, struct net_device *dev, 881 const u8 *peer, u8 action_code, u8 dialog_token, 882 u16 status_code, u32 peer_capability, bool initiator, 883 const u8 *extra_ies, size_t extra_ies_len) 884 { 885 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 886 struct ieee80211_local *local = sdata->local; 887 int ret; 888 889 mutex_lock(&local->mtx); 890 891 /* we don't support concurrent TDLS peer setups */ 892 if (!is_zero_ether_addr(sdata->u.mgd.tdls_peer) && 893 !ether_addr_equal(sdata->u.mgd.tdls_peer, peer)) { 894 ret = -EBUSY; 895 goto exit; 896 } 897 898 /* 899 * make sure we have a STA representing the peer so we drop or buffer 900 * non-TDLS-setup frames to the peer. We can't send other packets 901 * during setup through the AP path. 902 * Allow error packets to be sent - sometimes we don't even add a STA 903 * before failing the setup. 904 */ 905 if (status_code == 0) { 906 rcu_read_lock(); 907 if (!sta_info_get(sdata, peer)) { 908 rcu_read_unlock(); 909 ret = -ENOLINK; 910 goto exit; 911 } 912 rcu_read_unlock(); 913 } 914 915 ieee80211_flush_queues(local, sdata); 916 917 ret = ieee80211_tdls_prep_mgmt_packet(wiphy, dev, peer, action_code, 918 dialog_token, status_code, 919 peer_capability, initiator, 920 extra_ies, extra_ies_len, 0, 921 NULL); 922 if (ret < 0) 923 goto exit; 924 925 memcpy(sdata->u.mgd.tdls_peer, peer, ETH_ALEN); 926 ieee80211_queue_delayed_work(&sdata->local->hw, 927 &sdata->u.mgd.tdls_peer_del_work, 928 TDLS_PEER_SETUP_TIMEOUT); 929 930 exit: 931 mutex_unlock(&local->mtx); 932 return ret; 933 } 934 935 static int 936 ieee80211_tdls_mgmt_teardown(struct wiphy *wiphy, struct net_device *dev, 937 const u8 *peer, u8 action_code, u8 dialog_token, 938 u16 status_code, u32 peer_capability, 939 bool initiator, const u8 *extra_ies, 940 size_t extra_ies_len) 941 { 942 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 943 struct ieee80211_local *local = sdata->local; 944 struct sta_info *sta; 945 int ret; 946 947 /* 948 * No packets can be transmitted to the peer via the AP during setup - 949 * the STA is set as a TDLS peer, but is not authorized. 950 * During teardown, we prevent direct transmissions by stopping the 951 * queues and flushing all direct packets. 952 */ 953 ieee80211_stop_vif_queues(local, sdata, 954 IEEE80211_QUEUE_STOP_REASON_TDLS_TEARDOWN); 955 ieee80211_flush_queues(local, sdata); 956 957 ret = ieee80211_tdls_prep_mgmt_packet(wiphy, dev, peer, action_code, 958 dialog_token, status_code, 959 peer_capability, initiator, 960 extra_ies, extra_ies_len, 0, 961 NULL); 962 if (ret < 0) 963 sdata_err(sdata, "Failed sending TDLS teardown packet %d\n", 964 ret); 965 966 /* 967 * Remove the STA AUTH flag to force further traffic through the AP. If 968 * the STA was unreachable, it was already removed. 969 */ 970 rcu_read_lock(); 971 sta = sta_info_get(sdata, peer); 972 if (sta) 973 clear_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH); 974 rcu_read_unlock(); 975 976 ieee80211_wake_vif_queues(local, sdata, 977 IEEE80211_QUEUE_STOP_REASON_TDLS_TEARDOWN); 978 979 return 0; 980 } 981 982 int ieee80211_tdls_mgmt(struct wiphy *wiphy, struct net_device *dev, 983 const u8 *peer, u8 action_code, u8 dialog_token, 984 u16 status_code, u32 peer_capability, 985 bool initiator, const u8 *extra_ies, 986 size_t extra_ies_len) 987 { 988 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 989 int ret; 990 991 if (!(wiphy->flags & WIPHY_FLAG_SUPPORTS_TDLS)) 992 return -ENOTSUPP; 993 994 /* make sure we are in managed mode, and associated */ 995 if (sdata->vif.type != NL80211_IFTYPE_STATION || 996 !sdata->u.mgd.associated) 997 return -EINVAL; 998 999 switch (action_code) { 1000 case WLAN_TDLS_SETUP_REQUEST: 1001 case WLAN_TDLS_SETUP_RESPONSE: 1002 ret = ieee80211_tdls_mgmt_setup(wiphy, dev, peer, action_code, 1003 dialog_token, status_code, 1004 peer_capability, initiator, 1005 extra_ies, extra_ies_len); 1006 break; 1007 case WLAN_TDLS_TEARDOWN: 1008 ret = ieee80211_tdls_mgmt_teardown(wiphy, dev, peer, 1009 action_code, dialog_token, 1010 status_code, 1011 peer_capability, initiator, 1012 extra_ies, extra_ies_len); 1013 break; 1014 case WLAN_TDLS_DISCOVERY_REQUEST: 1015 /* 1016 * Protect the discovery so we can hear the TDLS discovery 1017 * response frame. It is transmitted directly and not buffered 1018 * by the AP. 1019 */ 1020 drv_mgd_protect_tdls_discover(sdata->local, sdata); 1021 /* fall-through */ 1022 case WLAN_TDLS_SETUP_CONFIRM: 1023 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES: 1024 /* no special handling */ 1025 ret = ieee80211_tdls_prep_mgmt_packet(wiphy, dev, peer, 1026 action_code, 1027 dialog_token, 1028 status_code, 1029 peer_capability, 1030 initiator, extra_ies, 1031 extra_ies_len, 0, NULL); 1032 break; 1033 default: 1034 ret = -EOPNOTSUPP; 1035 break; 1036 } 1037 1038 tdls_dbg(sdata, "TDLS mgmt action %d peer %pM status %d\n", 1039 action_code, peer, ret); 1040 return ret; 1041 } 1042 1043 int ieee80211_tdls_oper(struct wiphy *wiphy, struct net_device *dev, 1044 const u8 *peer, enum nl80211_tdls_operation oper) 1045 { 1046 struct sta_info *sta; 1047 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1048 struct ieee80211_local *local = sdata->local; 1049 int ret; 1050 1051 if (!(wiphy->flags & WIPHY_FLAG_SUPPORTS_TDLS)) 1052 return -ENOTSUPP; 1053 1054 if (sdata->vif.type != NL80211_IFTYPE_STATION) 1055 return -EINVAL; 1056 1057 switch (oper) { 1058 case NL80211_TDLS_ENABLE_LINK: 1059 case NL80211_TDLS_DISABLE_LINK: 1060 break; 1061 case NL80211_TDLS_TEARDOWN: 1062 case NL80211_TDLS_SETUP: 1063 case NL80211_TDLS_DISCOVERY_REQ: 1064 /* We don't support in-driver setup/teardown/discovery */ 1065 return -ENOTSUPP; 1066 } 1067 1068 mutex_lock(&local->mtx); 1069 tdls_dbg(sdata, "TDLS oper %d peer %pM\n", oper, peer); 1070 1071 switch (oper) { 1072 case NL80211_TDLS_ENABLE_LINK: 1073 rcu_read_lock(); 1074 sta = sta_info_get(sdata, peer); 1075 if (!sta) { 1076 rcu_read_unlock(); 1077 ret = -ENOLINK; 1078 break; 1079 } 1080 1081 set_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH); 1082 rcu_read_unlock(); 1083 1084 WARN_ON_ONCE(is_zero_ether_addr(sdata->u.mgd.tdls_peer) || 1085 !ether_addr_equal(sdata->u.mgd.tdls_peer, peer)); 1086 ret = 0; 1087 break; 1088 case NL80211_TDLS_DISABLE_LINK: 1089 /* 1090 * The teardown message in ieee80211_tdls_mgmt_teardown() was 1091 * created while the queues were stopped, so it might still be 1092 * pending. Before flushing the queues we need to be sure the 1093 * message is handled by the tasklet handling pending messages, 1094 * otherwise we might start destroying the station before 1095 * sending the teardown packet. 1096 * Note that this only forces the tasklet to flush pendings - 1097 * not to stop the tasklet from rescheduling itself. 1098 */ 1099 tasklet_kill(&local->tx_pending_tasklet); 1100 /* flush a potentially queued teardown packet */ 1101 ieee80211_flush_queues(local, sdata); 1102 1103 ret = sta_info_destroy_addr(sdata, peer); 1104 break; 1105 default: 1106 ret = -ENOTSUPP; 1107 break; 1108 } 1109 1110 if (ret == 0 && ether_addr_equal(sdata->u.mgd.tdls_peer, peer)) { 1111 cancel_delayed_work(&sdata->u.mgd.tdls_peer_del_work); 1112 eth_zero_addr(sdata->u.mgd.tdls_peer); 1113 } 1114 1115 mutex_unlock(&local->mtx); 1116 return ret; 1117 } 1118 1119 void ieee80211_tdls_oper_request(struct ieee80211_vif *vif, const u8 *peer, 1120 enum nl80211_tdls_operation oper, 1121 u16 reason_code, gfp_t gfp) 1122 { 1123 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 1124 1125 if (vif->type != NL80211_IFTYPE_STATION || !vif->bss_conf.assoc) { 1126 sdata_err(sdata, "Discarding TDLS oper %d - not STA or disconnected\n", 1127 oper); 1128 return; 1129 } 1130 1131 cfg80211_tdls_oper_request(sdata->dev, peer, oper, reason_code, gfp); 1132 } 1133 EXPORT_SYMBOL(ieee80211_tdls_oper_request); 1134 1135 static void 1136 iee80211_tdls_add_ch_switch_timing(u8 *buf, u16 switch_time, u16 switch_timeout) 1137 { 1138 struct ieee80211_ch_switch_timing *ch_sw; 1139 1140 *buf++ = WLAN_EID_CHAN_SWITCH_TIMING; 1141 *buf++ = sizeof(struct ieee80211_ch_switch_timing); 1142 1143 ch_sw = (void *)buf; 1144 ch_sw->switch_time = cpu_to_le16(switch_time); 1145 ch_sw->switch_timeout = cpu_to_le16(switch_timeout); 1146 } 1147 1148 /* find switch timing IE in SKB ready for Tx */ 1149 static const u8 *ieee80211_tdls_find_sw_timing_ie(struct sk_buff *skb) 1150 { 1151 struct ieee80211_tdls_data *tf; 1152 const u8 *ie_start; 1153 1154 /* 1155 * Get the offset for the new location of the switch timing IE. 1156 * The SKB network header will now point to the "payload_type" 1157 * element of the TDLS data frame struct. 1158 */ 1159 tf = container_of(skb->data + skb_network_offset(skb), 1160 struct ieee80211_tdls_data, payload_type); 1161 ie_start = tf->u.chan_switch_req.variable; 1162 return cfg80211_find_ie(WLAN_EID_CHAN_SWITCH_TIMING, ie_start, 1163 skb->len - (ie_start - skb->data)); 1164 } 1165 1166 static struct sk_buff * 1167 ieee80211_tdls_ch_sw_tmpl_get(struct sta_info *sta, u8 oper_class, 1168 struct cfg80211_chan_def *chandef, 1169 u32 *ch_sw_tm_ie_offset) 1170 { 1171 struct ieee80211_sub_if_data *sdata = sta->sdata; 1172 u8 extra_ies[2 + sizeof(struct ieee80211_sec_chan_offs_ie) + 1173 2 + sizeof(struct ieee80211_ch_switch_timing)]; 1174 int extra_ies_len = 2 + sizeof(struct ieee80211_ch_switch_timing); 1175 u8 *pos = extra_ies; 1176 struct sk_buff *skb; 1177 1178 /* 1179 * if chandef points to a wide channel add a Secondary-Channel 1180 * Offset information element 1181 */ 1182 if (chandef->width == NL80211_CHAN_WIDTH_40) { 1183 struct ieee80211_sec_chan_offs_ie *sec_chan_ie; 1184 bool ht40plus; 1185 1186 *pos++ = WLAN_EID_SECONDARY_CHANNEL_OFFSET; 1187 *pos++ = sizeof(*sec_chan_ie); 1188 sec_chan_ie = (void *)pos; 1189 1190 ht40plus = cfg80211_get_chandef_type(chandef) == 1191 NL80211_CHAN_HT40PLUS; 1192 sec_chan_ie->sec_chan_offs = ht40plus ? 1193 IEEE80211_HT_PARAM_CHA_SEC_ABOVE : 1194 IEEE80211_HT_PARAM_CHA_SEC_BELOW; 1195 pos += sizeof(*sec_chan_ie); 1196 1197 extra_ies_len += 2 + sizeof(struct ieee80211_sec_chan_offs_ie); 1198 } 1199 1200 /* just set the values to 0, this is a template */ 1201 iee80211_tdls_add_ch_switch_timing(pos, 0, 0); 1202 1203 skb = ieee80211_tdls_build_mgmt_packet_data(sdata, sta->sta.addr, 1204 WLAN_TDLS_CHANNEL_SWITCH_REQUEST, 1205 0, 0, !sta->sta.tdls_initiator, 1206 extra_ies, extra_ies_len, 1207 oper_class, chandef); 1208 if (!skb) 1209 return NULL; 1210 1211 skb = ieee80211_build_data_template(sdata, skb, 0); 1212 if (IS_ERR(skb)) { 1213 tdls_dbg(sdata, "Failed building TDLS channel switch frame\n"); 1214 return NULL; 1215 } 1216 1217 if (ch_sw_tm_ie_offset) { 1218 const u8 *tm_ie = ieee80211_tdls_find_sw_timing_ie(skb); 1219 1220 if (!tm_ie) { 1221 tdls_dbg(sdata, "No switch timing IE in TDLS switch\n"); 1222 dev_kfree_skb_any(skb); 1223 return NULL; 1224 } 1225 1226 *ch_sw_tm_ie_offset = tm_ie - skb->data; 1227 } 1228 1229 tdls_dbg(sdata, 1230 "TDLS channel switch request template for %pM ch %d width %d\n", 1231 sta->sta.addr, chandef->chan->center_freq, chandef->width); 1232 return skb; 1233 } 1234 1235 int 1236 ieee80211_tdls_channel_switch(struct wiphy *wiphy, struct net_device *dev, 1237 const u8 *addr, u8 oper_class, 1238 struct cfg80211_chan_def *chandef) 1239 { 1240 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1241 struct ieee80211_local *local = sdata->local; 1242 struct sta_info *sta; 1243 struct sk_buff *skb = NULL; 1244 u32 ch_sw_tm_ie; 1245 int ret; 1246 1247 mutex_lock(&local->sta_mtx); 1248 sta = sta_info_get(sdata, addr); 1249 if (!sta) { 1250 tdls_dbg(sdata, 1251 "Invalid TDLS peer %pM for channel switch request\n", 1252 addr); 1253 ret = -ENOENT; 1254 goto out; 1255 } 1256 1257 if (!test_sta_flag(sta, WLAN_STA_TDLS_CHAN_SWITCH)) { 1258 tdls_dbg(sdata, "TDLS channel switch unsupported by %pM\n", 1259 addr); 1260 ret = -ENOTSUPP; 1261 goto out; 1262 } 1263 1264 skb = ieee80211_tdls_ch_sw_tmpl_get(sta, oper_class, chandef, 1265 &ch_sw_tm_ie); 1266 if (!skb) { 1267 ret = -ENOENT; 1268 goto out; 1269 } 1270 1271 ret = drv_tdls_channel_switch(local, sdata, &sta->sta, oper_class, 1272 chandef, skb, ch_sw_tm_ie); 1273 if (!ret) 1274 set_sta_flag(sta, WLAN_STA_TDLS_OFF_CHANNEL); 1275 1276 out: 1277 mutex_unlock(&local->sta_mtx); 1278 dev_kfree_skb_any(skb); 1279 return ret; 1280 } 1281 1282 void 1283 ieee80211_tdls_cancel_channel_switch(struct wiphy *wiphy, 1284 struct net_device *dev, 1285 const u8 *addr) 1286 { 1287 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1288 struct ieee80211_local *local = sdata->local; 1289 struct sta_info *sta; 1290 1291 mutex_lock(&local->sta_mtx); 1292 sta = sta_info_get(sdata, addr); 1293 if (!sta) { 1294 tdls_dbg(sdata, 1295 "Invalid TDLS peer %pM for channel switch cancel\n", 1296 addr); 1297 goto out; 1298 } 1299 1300 if (!test_sta_flag(sta, WLAN_STA_TDLS_OFF_CHANNEL)) { 1301 tdls_dbg(sdata, "TDLS channel switch not initiated by %pM\n", 1302 addr); 1303 goto out; 1304 } 1305 1306 drv_tdls_cancel_channel_switch(local, sdata, &sta->sta); 1307 clear_sta_flag(sta, WLAN_STA_TDLS_OFF_CHANNEL); 1308 1309 out: 1310 mutex_unlock(&local->sta_mtx); 1311 } 1312 1313 static struct sk_buff * 1314 ieee80211_tdls_ch_sw_resp_tmpl_get(struct sta_info *sta, 1315 u32 *ch_sw_tm_ie_offset) 1316 { 1317 struct ieee80211_sub_if_data *sdata = sta->sdata; 1318 struct sk_buff *skb; 1319 u8 extra_ies[2 + sizeof(struct ieee80211_ch_switch_timing)]; 1320 1321 /* initial timing are always zero in the template */ 1322 iee80211_tdls_add_ch_switch_timing(extra_ies, 0, 0); 1323 1324 skb = ieee80211_tdls_build_mgmt_packet_data(sdata, sta->sta.addr, 1325 WLAN_TDLS_CHANNEL_SWITCH_RESPONSE, 1326 0, 0, !sta->sta.tdls_initiator, 1327 extra_ies, sizeof(extra_ies), 0, NULL); 1328 if (!skb) 1329 return NULL; 1330 1331 skb = ieee80211_build_data_template(sdata, skb, 0); 1332 if (IS_ERR(skb)) { 1333 tdls_dbg(sdata, 1334 "Failed building TDLS channel switch resp frame\n"); 1335 return NULL; 1336 } 1337 1338 if (ch_sw_tm_ie_offset) { 1339 const u8 *tm_ie = ieee80211_tdls_find_sw_timing_ie(skb); 1340 1341 if (!tm_ie) { 1342 tdls_dbg(sdata, 1343 "No switch timing IE in TDLS switch resp\n"); 1344 dev_kfree_skb_any(skb); 1345 return NULL; 1346 } 1347 1348 *ch_sw_tm_ie_offset = tm_ie - skb->data; 1349 } 1350 1351 tdls_dbg(sdata, "TDLS get channel switch response template for %pM\n", 1352 sta->sta.addr); 1353 return skb; 1354 } 1355 1356 static int 1357 ieee80211_process_tdls_channel_switch_resp(struct ieee80211_sub_if_data *sdata, 1358 struct sk_buff *skb) 1359 { 1360 struct ieee80211_local *local = sdata->local; 1361 struct ieee802_11_elems elems; 1362 struct sta_info *sta; 1363 struct ieee80211_tdls_data *tf = (void *)skb->data; 1364 bool local_initiator; 1365 struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb); 1366 int baselen = offsetof(typeof(*tf), u.chan_switch_resp.variable); 1367 struct ieee80211_tdls_ch_sw_params params = {}; 1368 int ret; 1369 1370 params.action_code = WLAN_TDLS_CHANNEL_SWITCH_RESPONSE; 1371 params.timestamp = rx_status->device_timestamp; 1372 1373 if (skb->len < baselen) { 1374 tdls_dbg(sdata, "TDLS channel switch resp too short: %d\n", 1375 skb->len); 1376 return -EINVAL; 1377 } 1378 1379 mutex_lock(&local->sta_mtx); 1380 sta = sta_info_get(sdata, tf->sa); 1381 if (!sta || !test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH)) { 1382 tdls_dbg(sdata, "TDLS chan switch from non-peer sta %pM\n", 1383 tf->sa); 1384 ret = -EINVAL; 1385 goto out; 1386 } 1387 1388 params.sta = &sta->sta; 1389 params.status = le16_to_cpu(tf->u.chan_switch_resp.status_code); 1390 if (params.status != 0) { 1391 ret = 0; 1392 goto call_drv; 1393 } 1394 1395 ieee802_11_parse_elems(tf->u.chan_switch_resp.variable, 1396 skb->len - baselen, false, &elems); 1397 if (elems.parse_error) { 1398 tdls_dbg(sdata, "Invalid IEs in TDLS channel switch resp\n"); 1399 ret = -EINVAL; 1400 goto out; 1401 } 1402 1403 if (!elems.ch_sw_timing || !elems.lnk_id) { 1404 tdls_dbg(sdata, "TDLS channel switch resp - missing IEs\n"); 1405 ret = -EINVAL; 1406 goto out; 1407 } 1408 1409 /* validate the initiator is set correctly */ 1410 local_initiator = 1411 !memcmp(elems.lnk_id->init_sta, sdata->vif.addr, ETH_ALEN); 1412 if (local_initiator == sta->sta.tdls_initiator) { 1413 tdls_dbg(sdata, "TDLS chan switch invalid lnk-id initiator\n"); 1414 ret = -EINVAL; 1415 goto out; 1416 } 1417 1418 params.switch_time = le16_to_cpu(elems.ch_sw_timing->switch_time); 1419 params.switch_timeout = le16_to_cpu(elems.ch_sw_timing->switch_timeout); 1420 1421 params.tmpl_skb = 1422 ieee80211_tdls_ch_sw_resp_tmpl_get(sta, ¶ms.ch_sw_tm_ie); 1423 if (!params.tmpl_skb) { 1424 ret = -ENOENT; 1425 goto out; 1426 } 1427 1428 call_drv: 1429 drv_tdls_recv_channel_switch(sdata->local, sdata, ¶ms); 1430 1431 tdls_dbg(sdata, 1432 "TDLS channel switch response received from %pM status %d\n", 1433 tf->sa, params.status); 1434 1435 out: 1436 mutex_unlock(&local->sta_mtx); 1437 dev_kfree_skb_any(params.tmpl_skb); 1438 return ret; 1439 } 1440 1441 static int 1442 ieee80211_process_tdls_channel_switch_req(struct ieee80211_sub_if_data *sdata, 1443 struct sk_buff *skb) 1444 { 1445 struct ieee80211_local *local = sdata->local; 1446 struct ieee802_11_elems elems; 1447 struct cfg80211_chan_def chandef; 1448 struct ieee80211_channel *chan; 1449 enum nl80211_channel_type chan_type; 1450 int freq; 1451 u8 target_channel, oper_class; 1452 bool local_initiator; 1453 struct sta_info *sta; 1454 enum ieee80211_band band; 1455 struct ieee80211_tdls_data *tf = (void *)skb->data; 1456 struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb); 1457 int baselen = offsetof(typeof(*tf), u.chan_switch_req.variable); 1458 struct ieee80211_tdls_ch_sw_params params = {}; 1459 int ret = 0; 1460 1461 params.action_code = WLAN_TDLS_CHANNEL_SWITCH_REQUEST; 1462 params.timestamp = rx_status->device_timestamp; 1463 1464 if (skb->len < baselen) { 1465 tdls_dbg(sdata, "TDLS channel switch req too short: %d\n", 1466 skb->len); 1467 return -EINVAL; 1468 } 1469 1470 target_channel = tf->u.chan_switch_req.target_channel; 1471 oper_class = tf->u.chan_switch_req.oper_class; 1472 1473 /* 1474 * We can't easily infer the channel band. The operating class is 1475 * ambiguous - there are multiple tables (US/Europe/JP/Global). The 1476 * solution here is to treat channels with number >14 as 5GHz ones, 1477 * and specifically check for the (oper_class, channel) combinations 1478 * where this doesn't hold. These are thankfully unique according to 1479 * IEEE802.11-2012. 1480 * We consider only the 2GHz and 5GHz bands and 20MHz+ channels as 1481 * valid here. 1482 */ 1483 if ((oper_class == 112 || oper_class == 2 || oper_class == 3 || 1484 oper_class == 4 || oper_class == 5 || oper_class == 6) && 1485 target_channel < 14) 1486 band = IEEE80211_BAND_5GHZ; 1487 else 1488 band = target_channel < 14 ? IEEE80211_BAND_2GHZ : 1489 IEEE80211_BAND_5GHZ; 1490 1491 freq = ieee80211_channel_to_frequency(target_channel, band); 1492 if (freq == 0) { 1493 tdls_dbg(sdata, "Invalid channel in TDLS chan switch: %d\n", 1494 target_channel); 1495 return -EINVAL; 1496 } 1497 1498 chan = ieee80211_get_channel(sdata->local->hw.wiphy, freq); 1499 if (!chan) { 1500 tdls_dbg(sdata, 1501 "Unsupported channel for TDLS chan switch: %d\n", 1502 target_channel); 1503 return -EINVAL; 1504 } 1505 1506 ieee802_11_parse_elems(tf->u.chan_switch_req.variable, 1507 skb->len - baselen, false, &elems); 1508 if (elems.parse_error) { 1509 tdls_dbg(sdata, "Invalid IEs in TDLS channel switch req\n"); 1510 return -EINVAL; 1511 } 1512 1513 if (!elems.ch_sw_timing || !elems.lnk_id) { 1514 tdls_dbg(sdata, "TDLS channel switch req - missing IEs\n"); 1515 return -EINVAL; 1516 } 1517 1518 mutex_lock(&local->sta_mtx); 1519 sta = sta_info_get(sdata, tf->sa); 1520 if (!sta || !test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH)) { 1521 tdls_dbg(sdata, "TDLS chan switch from non-peer sta %pM\n", 1522 tf->sa); 1523 ret = -EINVAL; 1524 goto out; 1525 } 1526 1527 params.sta = &sta->sta; 1528 1529 /* validate the initiator is set correctly */ 1530 local_initiator = 1531 !memcmp(elems.lnk_id->init_sta, sdata->vif.addr, ETH_ALEN); 1532 if (local_initiator == sta->sta.tdls_initiator) { 1533 tdls_dbg(sdata, "TDLS chan switch invalid lnk-id initiator\n"); 1534 ret = -EINVAL; 1535 goto out; 1536 } 1537 1538 if (!sta->sta.ht_cap.ht_supported) { 1539 chan_type = NL80211_CHAN_NO_HT; 1540 } else if (!elems.sec_chan_offs) { 1541 chan_type = NL80211_CHAN_HT20; 1542 } else { 1543 switch (elems.sec_chan_offs->sec_chan_offs) { 1544 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 1545 chan_type = NL80211_CHAN_HT40PLUS; 1546 break; 1547 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 1548 chan_type = NL80211_CHAN_HT40MINUS; 1549 break; 1550 default: 1551 chan_type = NL80211_CHAN_HT20; 1552 break; 1553 } 1554 } 1555 1556 cfg80211_chandef_create(&chandef, chan, chan_type); 1557 params.chandef = &chandef; 1558 1559 params.switch_time = le16_to_cpu(elems.ch_sw_timing->switch_time); 1560 params.switch_timeout = le16_to_cpu(elems.ch_sw_timing->switch_timeout); 1561 1562 params.tmpl_skb = 1563 ieee80211_tdls_ch_sw_resp_tmpl_get(sta, 1564 ¶ms.ch_sw_tm_ie); 1565 if (!params.tmpl_skb) { 1566 ret = -ENOENT; 1567 goto out; 1568 } 1569 1570 drv_tdls_recv_channel_switch(sdata->local, sdata, ¶ms); 1571 1572 tdls_dbg(sdata, 1573 "TDLS ch switch request received from %pM ch %d width %d\n", 1574 tf->sa, params.chandef->chan->center_freq, 1575 params.chandef->width); 1576 out: 1577 mutex_unlock(&local->sta_mtx); 1578 dev_kfree_skb_any(params.tmpl_skb); 1579 return ret; 1580 } 1581 1582 void ieee80211_process_tdls_channel_switch(struct ieee80211_sub_if_data *sdata, 1583 struct sk_buff *skb) 1584 { 1585 struct ieee80211_tdls_data *tf = (void *)skb->data; 1586 struct wiphy *wiphy = sdata->local->hw.wiphy; 1587 1588 /* make sure the driver supports it */ 1589 if (!(wiphy->features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH)) 1590 return; 1591 1592 /* we want to access the entire packet */ 1593 if (skb_linearize(skb)) 1594 return; 1595 /* 1596 * The packet/size was already validated by mac80211 Rx path, only look 1597 * at the action type. 1598 */ 1599 switch (tf->action_code) { 1600 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST: 1601 ieee80211_process_tdls_channel_switch_req(sdata, skb); 1602 break; 1603 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE: 1604 ieee80211_process_tdls_channel_switch_resp(sdata, skb); 1605 break; 1606 default: 1607 WARN_ON_ONCE(1); 1608 return; 1609 } 1610 } 1611