1 /* 2 * cfg80211 MLME SAP interface 3 * 4 * Copyright (c) 2009, Jouni Malinen <j@w1.fi> 5 */ 6 7 #include <linux/kernel.h> 8 #include <linux/module.h> 9 #include <linux/etherdevice.h> 10 #include <linux/netdevice.h> 11 #include <linux/nl80211.h> 12 #include <linux/slab.h> 13 #include <linux/wireless.h> 14 #include <net/cfg80211.h> 15 #include <net/iw_handler.h> 16 #include "core.h" 17 #include "nl80211.h" 18 19 void cfg80211_send_rx_auth(struct net_device *dev, const u8 *buf, size_t len) 20 { 21 struct wireless_dev *wdev = dev->ieee80211_ptr; 22 struct wiphy *wiphy = wdev->wiphy; 23 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 24 25 wdev_lock(wdev); 26 27 nl80211_send_rx_auth(rdev, dev, buf, len, GFP_KERNEL); 28 cfg80211_sme_rx_auth(dev, buf, len); 29 30 wdev_unlock(wdev); 31 } 32 EXPORT_SYMBOL(cfg80211_send_rx_auth); 33 34 void cfg80211_send_rx_assoc(struct net_device *dev, struct cfg80211_bss *bss, 35 const u8 *buf, size_t len) 36 { 37 u16 status_code; 38 struct wireless_dev *wdev = dev->ieee80211_ptr; 39 struct wiphy *wiphy = wdev->wiphy; 40 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 41 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf; 42 u8 *ie = mgmt->u.assoc_resp.variable; 43 int ieoffs = offsetof(struct ieee80211_mgmt, u.assoc_resp.variable); 44 45 wdev_lock(wdev); 46 47 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code); 48 49 /* 50 * This is a bit of a hack, we don't notify userspace of 51 * a (re-)association reply if we tried to send a reassoc 52 * and got a reject -- we only try again with an assoc 53 * frame instead of reassoc. 54 */ 55 if (status_code != WLAN_STATUS_SUCCESS && wdev->conn && 56 cfg80211_sme_failed_reassoc(wdev)) { 57 cfg80211_put_bss(bss); 58 goto out; 59 } 60 61 nl80211_send_rx_assoc(rdev, dev, buf, len, GFP_KERNEL); 62 63 if (status_code != WLAN_STATUS_SUCCESS && wdev->conn) { 64 cfg80211_sme_failed_assoc(wdev); 65 /* 66 * do not call connect_result() now because the 67 * sme will schedule work that does it later. 68 */ 69 cfg80211_put_bss(bss); 70 goto out; 71 } 72 73 if (!wdev->conn && wdev->sme_state == CFG80211_SME_IDLE) { 74 /* 75 * This is for the userspace SME, the CONNECTING 76 * state will be changed to CONNECTED by 77 * __cfg80211_connect_result() below. 78 */ 79 wdev->sme_state = CFG80211_SME_CONNECTING; 80 } 81 82 /* this consumes the bss reference */ 83 __cfg80211_connect_result(dev, mgmt->bssid, NULL, 0, ie, len - ieoffs, 84 status_code, 85 status_code == WLAN_STATUS_SUCCESS, bss); 86 out: 87 wdev_unlock(wdev); 88 } 89 EXPORT_SYMBOL(cfg80211_send_rx_assoc); 90 91 void __cfg80211_send_deauth(struct net_device *dev, 92 const u8 *buf, size_t len) 93 { 94 struct wireless_dev *wdev = dev->ieee80211_ptr; 95 struct wiphy *wiphy = wdev->wiphy; 96 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 97 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf; 98 const u8 *bssid = mgmt->bssid; 99 bool was_current = false; 100 101 ASSERT_WDEV_LOCK(wdev); 102 103 if (wdev->current_bss && 104 ether_addr_equal(wdev->current_bss->pub.bssid, bssid)) { 105 cfg80211_unhold_bss(wdev->current_bss); 106 cfg80211_put_bss(&wdev->current_bss->pub); 107 wdev->current_bss = NULL; 108 was_current = true; 109 } 110 111 nl80211_send_deauth(rdev, dev, buf, len, GFP_KERNEL); 112 113 if (wdev->sme_state == CFG80211_SME_CONNECTED && was_current) { 114 u16 reason_code; 115 bool from_ap; 116 117 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code); 118 119 from_ap = !ether_addr_equal(mgmt->sa, dev->dev_addr); 120 __cfg80211_disconnected(dev, NULL, 0, reason_code, from_ap); 121 } else if (wdev->sme_state == CFG80211_SME_CONNECTING) { 122 __cfg80211_connect_result(dev, mgmt->bssid, NULL, 0, NULL, 0, 123 WLAN_STATUS_UNSPECIFIED_FAILURE, 124 false, NULL); 125 } 126 } 127 EXPORT_SYMBOL(__cfg80211_send_deauth); 128 129 void cfg80211_send_deauth(struct net_device *dev, const u8 *buf, size_t len) 130 { 131 struct wireless_dev *wdev = dev->ieee80211_ptr; 132 133 wdev_lock(wdev); 134 __cfg80211_send_deauth(dev, buf, len); 135 wdev_unlock(wdev); 136 } 137 EXPORT_SYMBOL(cfg80211_send_deauth); 138 139 void __cfg80211_send_disassoc(struct net_device *dev, 140 const u8 *buf, size_t len) 141 { 142 struct wireless_dev *wdev = dev->ieee80211_ptr; 143 struct wiphy *wiphy = wdev->wiphy; 144 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 145 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf; 146 const u8 *bssid = mgmt->bssid; 147 u16 reason_code; 148 bool from_ap; 149 150 ASSERT_WDEV_LOCK(wdev); 151 152 nl80211_send_disassoc(rdev, dev, buf, len, GFP_KERNEL); 153 154 if (wdev->sme_state != CFG80211_SME_CONNECTED) 155 return; 156 157 if (wdev->current_bss && 158 ether_addr_equal(wdev->current_bss->pub.bssid, bssid)) { 159 cfg80211_sme_disassoc(dev, wdev->current_bss); 160 cfg80211_unhold_bss(wdev->current_bss); 161 cfg80211_put_bss(&wdev->current_bss->pub); 162 wdev->current_bss = NULL; 163 } else 164 WARN_ON(1); 165 166 167 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code); 168 169 from_ap = !ether_addr_equal(mgmt->sa, dev->dev_addr); 170 __cfg80211_disconnected(dev, NULL, 0, reason_code, from_ap); 171 } 172 EXPORT_SYMBOL(__cfg80211_send_disassoc); 173 174 void cfg80211_send_disassoc(struct net_device *dev, const u8 *buf, size_t len) 175 { 176 struct wireless_dev *wdev = dev->ieee80211_ptr; 177 178 wdev_lock(wdev); 179 __cfg80211_send_disassoc(dev, buf, len); 180 wdev_unlock(wdev); 181 } 182 EXPORT_SYMBOL(cfg80211_send_disassoc); 183 184 void cfg80211_send_unprot_deauth(struct net_device *dev, const u8 *buf, 185 size_t len) 186 { 187 struct wireless_dev *wdev = dev->ieee80211_ptr; 188 struct wiphy *wiphy = wdev->wiphy; 189 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 190 191 nl80211_send_unprot_deauth(rdev, dev, buf, len, GFP_ATOMIC); 192 } 193 EXPORT_SYMBOL(cfg80211_send_unprot_deauth); 194 195 void cfg80211_send_unprot_disassoc(struct net_device *dev, const u8 *buf, 196 size_t len) 197 { 198 struct wireless_dev *wdev = dev->ieee80211_ptr; 199 struct wiphy *wiphy = wdev->wiphy; 200 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 201 202 nl80211_send_unprot_disassoc(rdev, dev, buf, len, GFP_ATOMIC); 203 } 204 EXPORT_SYMBOL(cfg80211_send_unprot_disassoc); 205 206 void cfg80211_send_auth_timeout(struct net_device *dev, const u8 *addr) 207 { 208 struct wireless_dev *wdev = dev->ieee80211_ptr; 209 struct wiphy *wiphy = wdev->wiphy; 210 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 211 212 wdev_lock(wdev); 213 214 nl80211_send_auth_timeout(rdev, dev, addr, GFP_KERNEL); 215 if (wdev->sme_state == CFG80211_SME_CONNECTING) 216 __cfg80211_connect_result(dev, addr, NULL, 0, NULL, 0, 217 WLAN_STATUS_UNSPECIFIED_FAILURE, 218 false, NULL); 219 220 wdev_unlock(wdev); 221 } 222 EXPORT_SYMBOL(cfg80211_send_auth_timeout); 223 224 void cfg80211_send_assoc_timeout(struct net_device *dev, const u8 *addr) 225 { 226 struct wireless_dev *wdev = dev->ieee80211_ptr; 227 struct wiphy *wiphy = wdev->wiphy; 228 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 229 230 wdev_lock(wdev); 231 232 nl80211_send_assoc_timeout(rdev, dev, addr, GFP_KERNEL); 233 if (wdev->sme_state == CFG80211_SME_CONNECTING) 234 __cfg80211_connect_result(dev, addr, NULL, 0, NULL, 0, 235 WLAN_STATUS_UNSPECIFIED_FAILURE, 236 false, NULL); 237 238 wdev_unlock(wdev); 239 } 240 EXPORT_SYMBOL(cfg80211_send_assoc_timeout); 241 242 void cfg80211_michael_mic_failure(struct net_device *dev, const u8 *addr, 243 enum nl80211_key_type key_type, int key_id, 244 const u8 *tsc, gfp_t gfp) 245 { 246 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy; 247 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 248 #ifdef CONFIG_CFG80211_WEXT 249 union iwreq_data wrqu; 250 char *buf = kmalloc(128, gfp); 251 252 if (buf) { 253 sprintf(buf, "MLME-MICHAELMICFAILURE.indication(" 254 "keyid=%d %scast addr=%pM)", key_id, 255 key_type == NL80211_KEYTYPE_GROUP ? "broad" : "uni", 256 addr); 257 memset(&wrqu, 0, sizeof(wrqu)); 258 wrqu.data.length = strlen(buf); 259 wireless_send_event(dev, IWEVCUSTOM, &wrqu, buf); 260 kfree(buf); 261 } 262 #endif 263 264 nl80211_michael_mic_failure(rdev, dev, addr, key_type, key_id, tsc, gfp); 265 } 266 EXPORT_SYMBOL(cfg80211_michael_mic_failure); 267 268 /* some MLME handling for userspace SME */ 269 int __cfg80211_mlme_auth(struct cfg80211_registered_device *rdev, 270 struct net_device *dev, 271 struct ieee80211_channel *chan, 272 enum nl80211_auth_type auth_type, 273 const u8 *bssid, 274 const u8 *ssid, int ssid_len, 275 const u8 *ie, int ie_len, 276 const u8 *key, int key_len, int key_idx) 277 { 278 struct wireless_dev *wdev = dev->ieee80211_ptr; 279 struct cfg80211_auth_request req; 280 int err; 281 282 ASSERT_WDEV_LOCK(wdev); 283 284 if (auth_type == NL80211_AUTHTYPE_SHARED_KEY) 285 if (!key || !key_len || key_idx < 0 || key_idx > 4) 286 return -EINVAL; 287 288 if (wdev->current_bss && 289 ether_addr_equal(bssid, wdev->current_bss->pub.bssid)) 290 return -EALREADY; 291 292 memset(&req, 0, sizeof(req)); 293 294 req.ie = ie; 295 req.ie_len = ie_len; 296 req.auth_type = auth_type; 297 req.bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len, 298 WLAN_CAPABILITY_ESS, WLAN_CAPABILITY_ESS); 299 req.key = key; 300 req.key_len = key_len; 301 req.key_idx = key_idx; 302 if (!req.bss) 303 return -ENOENT; 304 305 err = rdev->ops->auth(&rdev->wiphy, dev, &req); 306 307 cfg80211_put_bss(req.bss); 308 return err; 309 } 310 311 int cfg80211_mlme_auth(struct cfg80211_registered_device *rdev, 312 struct net_device *dev, struct ieee80211_channel *chan, 313 enum nl80211_auth_type auth_type, const u8 *bssid, 314 const u8 *ssid, int ssid_len, 315 const u8 *ie, int ie_len, 316 const u8 *key, int key_len, int key_idx) 317 { 318 int err; 319 320 wdev_lock(dev->ieee80211_ptr); 321 err = __cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid, 322 ssid, ssid_len, ie, ie_len, 323 key, key_len, key_idx); 324 wdev_unlock(dev->ieee80211_ptr); 325 326 return err; 327 } 328 329 /* Do a logical ht_capa &= ht_capa_mask. */ 330 void cfg80211_oper_and_ht_capa(struct ieee80211_ht_cap *ht_capa, 331 const struct ieee80211_ht_cap *ht_capa_mask) 332 { 333 int i; 334 u8 *p1, *p2; 335 if (!ht_capa_mask) { 336 memset(ht_capa, 0, sizeof(*ht_capa)); 337 return; 338 } 339 340 p1 = (u8*)(ht_capa); 341 p2 = (u8*)(ht_capa_mask); 342 for (i = 0; i<sizeof(*ht_capa); i++) 343 p1[i] &= p2[i]; 344 } 345 346 int __cfg80211_mlme_assoc(struct cfg80211_registered_device *rdev, 347 struct net_device *dev, 348 struct ieee80211_channel *chan, 349 const u8 *bssid, const u8 *prev_bssid, 350 const u8 *ssid, int ssid_len, 351 const u8 *ie, int ie_len, bool use_mfp, 352 struct cfg80211_crypto_settings *crypt, 353 u32 assoc_flags, struct ieee80211_ht_cap *ht_capa, 354 struct ieee80211_ht_cap *ht_capa_mask) 355 { 356 struct wireless_dev *wdev = dev->ieee80211_ptr; 357 struct cfg80211_assoc_request req; 358 int err; 359 bool was_connected = false; 360 361 ASSERT_WDEV_LOCK(wdev); 362 363 memset(&req, 0, sizeof(req)); 364 365 if (wdev->current_bss && prev_bssid && 366 ether_addr_equal(wdev->current_bss->pub.bssid, prev_bssid)) { 367 /* 368 * Trying to reassociate: Allow this to proceed and let the old 369 * association to be dropped when the new one is completed. 370 */ 371 if (wdev->sme_state == CFG80211_SME_CONNECTED) { 372 was_connected = true; 373 wdev->sme_state = CFG80211_SME_CONNECTING; 374 } 375 } else if (wdev->current_bss) 376 return -EALREADY; 377 378 req.ie = ie; 379 req.ie_len = ie_len; 380 memcpy(&req.crypto, crypt, sizeof(req.crypto)); 381 req.use_mfp = use_mfp; 382 req.prev_bssid = prev_bssid; 383 req.flags = assoc_flags; 384 if (ht_capa) 385 memcpy(&req.ht_capa, ht_capa, sizeof(req.ht_capa)); 386 if (ht_capa_mask) 387 memcpy(&req.ht_capa_mask, ht_capa_mask, 388 sizeof(req.ht_capa_mask)); 389 cfg80211_oper_and_ht_capa(&req.ht_capa_mask, 390 rdev->wiphy.ht_capa_mod_mask); 391 392 req.bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len, 393 WLAN_CAPABILITY_ESS, WLAN_CAPABILITY_ESS); 394 if (!req.bss) { 395 if (was_connected) 396 wdev->sme_state = CFG80211_SME_CONNECTED; 397 return -ENOENT; 398 } 399 400 err = rdev->ops->assoc(&rdev->wiphy, dev, &req); 401 402 if (err) { 403 if (was_connected) 404 wdev->sme_state = CFG80211_SME_CONNECTED; 405 cfg80211_put_bss(req.bss); 406 } 407 408 return err; 409 } 410 411 int cfg80211_mlme_assoc(struct cfg80211_registered_device *rdev, 412 struct net_device *dev, 413 struct ieee80211_channel *chan, 414 const u8 *bssid, const u8 *prev_bssid, 415 const u8 *ssid, int ssid_len, 416 const u8 *ie, int ie_len, bool use_mfp, 417 struct cfg80211_crypto_settings *crypt, 418 u32 assoc_flags, struct ieee80211_ht_cap *ht_capa, 419 struct ieee80211_ht_cap *ht_capa_mask) 420 { 421 struct wireless_dev *wdev = dev->ieee80211_ptr; 422 int err; 423 424 wdev_lock(wdev); 425 err = __cfg80211_mlme_assoc(rdev, dev, chan, bssid, prev_bssid, 426 ssid, ssid_len, ie, ie_len, use_mfp, crypt, 427 assoc_flags, ht_capa, ht_capa_mask); 428 wdev_unlock(wdev); 429 430 return err; 431 } 432 433 int __cfg80211_mlme_deauth(struct cfg80211_registered_device *rdev, 434 struct net_device *dev, const u8 *bssid, 435 const u8 *ie, int ie_len, u16 reason, 436 bool local_state_change) 437 { 438 struct wireless_dev *wdev = dev->ieee80211_ptr; 439 struct cfg80211_deauth_request req = { 440 .bssid = bssid, 441 .reason_code = reason, 442 .ie = ie, 443 .ie_len = ie_len, 444 }; 445 446 ASSERT_WDEV_LOCK(wdev); 447 448 if (local_state_change) { 449 if (wdev->current_bss && 450 ether_addr_equal(wdev->current_bss->pub.bssid, bssid)) { 451 cfg80211_unhold_bss(wdev->current_bss); 452 cfg80211_put_bss(&wdev->current_bss->pub); 453 wdev->current_bss = NULL; 454 } 455 456 return 0; 457 } 458 459 return rdev->ops->deauth(&rdev->wiphy, dev, &req); 460 } 461 462 int cfg80211_mlme_deauth(struct cfg80211_registered_device *rdev, 463 struct net_device *dev, const u8 *bssid, 464 const u8 *ie, int ie_len, u16 reason, 465 bool local_state_change) 466 { 467 struct wireless_dev *wdev = dev->ieee80211_ptr; 468 int err; 469 470 wdev_lock(wdev); 471 err = __cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason, 472 local_state_change); 473 wdev_unlock(wdev); 474 475 return err; 476 } 477 478 static int __cfg80211_mlme_disassoc(struct cfg80211_registered_device *rdev, 479 struct net_device *dev, const u8 *bssid, 480 const u8 *ie, int ie_len, u16 reason, 481 bool local_state_change) 482 { 483 struct wireless_dev *wdev = dev->ieee80211_ptr; 484 struct cfg80211_disassoc_request req; 485 486 ASSERT_WDEV_LOCK(wdev); 487 488 if (wdev->sme_state != CFG80211_SME_CONNECTED) 489 return -ENOTCONN; 490 491 if (WARN_ON(!wdev->current_bss)) 492 return -ENOTCONN; 493 494 memset(&req, 0, sizeof(req)); 495 req.reason_code = reason; 496 req.local_state_change = local_state_change; 497 req.ie = ie; 498 req.ie_len = ie_len; 499 if (ether_addr_equal(wdev->current_bss->pub.bssid, bssid)) 500 req.bss = &wdev->current_bss->pub; 501 else 502 return -ENOTCONN; 503 504 return rdev->ops->disassoc(&rdev->wiphy, dev, &req); 505 } 506 507 int cfg80211_mlme_disassoc(struct cfg80211_registered_device *rdev, 508 struct net_device *dev, const u8 *bssid, 509 const u8 *ie, int ie_len, u16 reason, 510 bool local_state_change) 511 { 512 struct wireless_dev *wdev = dev->ieee80211_ptr; 513 int err; 514 515 wdev_lock(wdev); 516 err = __cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason, 517 local_state_change); 518 wdev_unlock(wdev); 519 520 return err; 521 } 522 523 void cfg80211_mlme_down(struct cfg80211_registered_device *rdev, 524 struct net_device *dev) 525 { 526 struct wireless_dev *wdev = dev->ieee80211_ptr; 527 struct cfg80211_deauth_request req; 528 u8 bssid[ETH_ALEN]; 529 530 ASSERT_WDEV_LOCK(wdev); 531 532 if (!rdev->ops->deauth) 533 return; 534 535 memset(&req, 0, sizeof(req)); 536 req.reason_code = WLAN_REASON_DEAUTH_LEAVING; 537 req.ie = NULL; 538 req.ie_len = 0; 539 540 if (!wdev->current_bss) 541 return; 542 543 memcpy(bssid, wdev->current_bss->pub.bssid, ETH_ALEN); 544 req.bssid = bssid; 545 rdev->ops->deauth(&rdev->wiphy, dev, &req); 546 547 if (wdev->current_bss) { 548 cfg80211_unhold_bss(wdev->current_bss); 549 cfg80211_put_bss(&wdev->current_bss->pub); 550 wdev->current_bss = NULL; 551 } 552 } 553 554 void cfg80211_ready_on_channel(struct net_device *dev, u64 cookie, 555 struct ieee80211_channel *chan, 556 enum nl80211_channel_type channel_type, 557 unsigned int duration, gfp_t gfp) 558 { 559 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy; 560 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 561 562 nl80211_send_remain_on_channel(rdev, dev, cookie, chan, channel_type, 563 duration, gfp); 564 } 565 EXPORT_SYMBOL(cfg80211_ready_on_channel); 566 567 void cfg80211_remain_on_channel_expired(struct net_device *dev, 568 u64 cookie, 569 struct ieee80211_channel *chan, 570 enum nl80211_channel_type channel_type, 571 gfp_t gfp) 572 { 573 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy; 574 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 575 576 nl80211_send_remain_on_channel_cancel(rdev, dev, cookie, chan, 577 channel_type, gfp); 578 } 579 EXPORT_SYMBOL(cfg80211_remain_on_channel_expired); 580 581 void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr, 582 struct station_info *sinfo, gfp_t gfp) 583 { 584 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy; 585 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 586 587 nl80211_send_sta_event(rdev, dev, mac_addr, sinfo, gfp); 588 } 589 EXPORT_SYMBOL(cfg80211_new_sta); 590 591 void cfg80211_del_sta(struct net_device *dev, const u8 *mac_addr, gfp_t gfp) 592 { 593 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy; 594 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 595 596 nl80211_send_sta_del_event(rdev, dev, mac_addr, gfp); 597 } 598 EXPORT_SYMBOL(cfg80211_del_sta); 599 600 struct cfg80211_mgmt_registration { 601 struct list_head list; 602 603 u32 nlpid; 604 605 int match_len; 606 607 __le16 frame_type; 608 609 u8 match[]; 610 }; 611 612 int cfg80211_mlme_register_mgmt(struct wireless_dev *wdev, u32 snd_pid, 613 u16 frame_type, const u8 *match_data, 614 int match_len) 615 { 616 struct wiphy *wiphy = wdev->wiphy; 617 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 618 struct cfg80211_mgmt_registration *reg, *nreg; 619 int err = 0; 620 u16 mgmt_type; 621 622 if (!wdev->wiphy->mgmt_stypes) 623 return -EOPNOTSUPP; 624 625 if ((frame_type & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT) 626 return -EINVAL; 627 628 if (frame_type & ~(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) 629 return -EINVAL; 630 631 mgmt_type = (frame_type & IEEE80211_FCTL_STYPE) >> 4; 632 if (!(wdev->wiphy->mgmt_stypes[wdev->iftype].rx & BIT(mgmt_type))) 633 return -EINVAL; 634 635 nreg = kzalloc(sizeof(*reg) + match_len, GFP_KERNEL); 636 if (!nreg) 637 return -ENOMEM; 638 639 spin_lock_bh(&wdev->mgmt_registrations_lock); 640 641 list_for_each_entry(reg, &wdev->mgmt_registrations, list) { 642 int mlen = min(match_len, reg->match_len); 643 644 if (frame_type != le16_to_cpu(reg->frame_type)) 645 continue; 646 647 if (memcmp(reg->match, match_data, mlen) == 0) { 648 err = -EALREADY; 649 break; 650 } 651 } 652 653 if (err) { 654 kfree(nreg); 655 goto out; 656 } 657 658 memcpy(nreg->match, match_data, match_len); 659 nreg->match_len = match_len; 660 nreg->nlpid = snd_pid; 661 nreg->frame_type = cpu_to_le16(frame_type); 662 list_add(&nreg->list, &wdev->mgmt_registrations); 663 664 if (rdev->ops->mgmt_frame_register) 665 rdev->ops->mgmt_frame_register(wiphy, wdev->netdev, 666 frame_type, true); 667 668 out: 669 spin_unlock_bh(&wdev->mgmt_registrations_lock); 670 671 return err; 672 } 673 674 void cfg80211_mlme_unregister_socket(struct wireless_dev *wdev, u32 nlpid) 675 { 676 struct wiphy *wiphy = wdev->wiphy; 677 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 678 struct cfg80211_mgmt_registration *reg, *tmp; 679 680 spin_lock_bh(&wdev->mgmt_registrations_lock); 681 682 list_for_each_entry_safe(reg, tmp, &wdev->mgmt_registrations, list) { 683 if (reg->nlpid != nlpid) 684 continue; 685 686 if (rdev->ops->mgmt_frame_register) { 687 u16 frame_type = le16_to_cpu(reg->frame_type); 688 689 rdev->ops->mgmt_frame_register(wiphy, wdev->netdev, 690 frame_type, false); 691 } 692 693 list_del(®->list); 694 kfree(reg); 695 } 696 697 spin_unlock_bh(&wdev->mgmt_registrations_lock); 698 699 if (nlpid == wdev->ap_unexpected_nlpid) 700 wdev->ap_unexpected_nlpid = 0; 701 } 702 703 void cfg80211_mlme_purge_registrations(struct wireless_dev *wdev) 704 { 705 struct cfg80211_mgmt_registration *reg, *tmp; 706 707 spin_lock_bh(&wdev->mgmt_registrations_lock); 708 709 list_for_each_entry_safe(reg, tmp, &wdev->mgmt_registrations, list) { 710 list_del(®->list); 711 kfree(reg); 712 } 713 714 spin_unlock_bh(&wdev->mgmt_registrations_lock); 715 } 716 717 int cfg80211_mlme_mgmt_tx(struct cfg80211_registered_device *rdev, 718 struct net_device *dev, 719 struct ieee80211_channel *chan, bool offchan, 720 enum nl80211_channel_type channel_type, 721 bool channel_type_valid, unsigned int wait, 722 const u8 *buf, size_t len, bool no_cck, 723 bool dont_wait_for_ack, u64 *cookie) 724 { 725 struct wireless_dev *wdev = dev->ieee80211_ptr; 726 const struct ieee80211_mgmt *mgmt; 727 u16 stype; 728 729 if (!wdev->wiphy->mgmt_stypes) 730 return -EOPNOTSUPP; 731 732 if (!rdev->ops->mgmt_tx) 733 return -EOPNOTSUPP; 734 735 if (len < 24 + 1) 736 return -EINVAL; 737 738 mgmt = (const struct ieee80211_mgmt *) buf; 739 740 if (!ieee80211_is_mgmt(mgmt->frame_control)) 741 return -EINVAL; 742 743 stype = le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE; 744 if (!(wdev->wiphy->mgmt_stypes[wdev->iftype].tx & BIT(stype >> 4))) 745 return -EINVAL; 746 747 if (ieee80211_is_action(mgmt->frame_control) && 748 mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) { 749 int err = 0; 750 751 wdev_lock(wdev); 752 753 switch (wdev->iftype) { 754 case NL80211_IFTYPE_ADHOC: 755 case NL80211_IFTYPE_STATION: 756 case NL80211_IFTYPE_P2P_CLIENT: 757 if (!wdev->current_bss) { 758 err = -ENOTCONN; 759 break; 760 } 761 762 if (!ether_addr_equal(wdev->current_bss->pub.bssid, 763 mgmt->bssid)) { 764 err = -ENOTCONN; 765 break; 766 } 767 768 /* 769 * check for IBSS DA must be done by driver as 770 * cfg80211 doesn't track the stations 771 */ 772 if (wdev->iftype == NL80211_IFTYPE_ADHOC) 773 break; 774 775 /* for station, check that DA is the AP */ 776 if (!ether_addr_equal(wdev->current_bss->pub.bssid, 777 mgmt->da)) { 778 err = -ENOTCONN; 779 break; 780 } 781 break; 782 case NL80211_IFTYPE_AP: 783 case NL80211_IFTYPE_P2P_GO: 784 case NL80211_IFTYPE_AP_VLAN: 785 if (!ether_addr_equal(mgmt->bssid, dev->dev_addr)) 786 err = -EINVAL; 787 break; 788 case NL80211_IFTYPE_MESH_POINT: 789 if (!ether_addr_equal(mgmt->sa, mgmt->bssid)) { 790 err = -EINVAL; 791 break; 792 } 793 /* 794 * check for mesh DA must be done by driver as 795 * cfg80211 doesn't track the stations 796 */ 797 break; 798 default: 799 err = -EOPNOTSUPP; 800 break; 801 } 802 wdev_unlock(wdev); 803 804 if (err) 805 return err; 806 } 807 808 if (!ether_addr_equal(mgmt->sa, dev->dev_addr)) 809 return -EINVAL; 810 811 /* Transmit the Action frame as requested by user space */ 812 return rdev->ops->mgmt_tx(&rdev->wiphy, dev, chan, offchan, 813 channel_type, channel_type_valid, 814 wait, buf, len, no_cck, dont_wait_for_ack, 815 cookie); 816 } 817 818 bool cfg80211_rx_mgmt(struct net_device *dev, int freq, int sig_mbm, 819 const u8 *buf, size_t len, gfp_t gfp) 820 { 821 struct wireless_dev *wdev = dev->ieee80211_ptr; 822 struct wiphy *wiphy = wdev->wiphy; 823 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 824 struct cfg80211_mgmt_registration *reg; 825 const struct ieee80211_txrx_stypes *stypes = 826 &wiphy->mgmt_stypes[wdev->iftype]; 827 struct ieee80211_mgmt *mgmt = (void *)buf; 828 const u8 *data; 829 int data_len; 830 bool result = false; 831 __le16 ftype = mgmt->frame_control & 832 cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE); 833 u16 stype; 834 835 stype = (le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE) >> 4; 836 837 if (!(stypes->rx & BIT(stype))) 838 return false; 839 840 data = buf + ieee80211_hdrlen(mgmt->frame_control); 841 data_len = len - ieee80211_hdrlen(mgmt->frame_control); 842 843 spin_lock_bh(&wdev->mgmt_registrations_lock); 844 845 list_for_each_entry(reg, &wdev->mgmt_registrations, list) { 846 if (reg->frame_type != ftype) 847 continue; 848 849 if (reg->match_len > data_len) 850 continue; 851 852 if (memcmp(reg->match, data, reg->match_len)) 853 continue; 854 855 /* found match! */ 856 857 /* Indicate the received Action frame to user space */ 858 if (nl80211_send_mgmt(rdev, dev, reg->nlpid, 859 freq, sig_mbm, 860 buf, len, gfp)) 861 continue; 862 863 result = true; 864 break; 865 } 866 867 spin_unlock_bh(&wdev->mgmt_registrations_lock); 868 869 return result; 870 } 871 EXPORT_SYMBOL(cfg80211_rx_mgmt); 872 873 void cfg80211_mgmt_tx_status(struct net_device *dev, u64 cookie, 874 const u8 *buf, size_t len, bool ack, gfp_t gfp) 875 { 876 struct wireless_dev *wdev = dev->ieee80211_ptr; 877 struct wiphy *wiphy = wdev->wiphy; 878 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 879 880 /* Indicate TX status of the Action frame to user space */ 881 nl80211_send_mgmt_tx_status(rdev, dev, cookie, buf, len, ack, gfp); 882 } 883 EXPORT_SYMBOL(cfg80211_mgmt_tx_status); 884 885 void cfg80211_cqm_rssi_notify(struct net_device *dev, 886 enum nl80211_cqm_rssi_threshold_event rssi_event, 887 gfp_t gfp) 888 { 889 struct wireless_dev *wdev = dev->ieee80211_ptr; 890 struct wiphy *wiphy = wdev->wiphy; 891 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 892 893 /* Indicate roaming trigger event to user space */ 894 nl80211_send_cqm_rssi_notify(rdev, dev, rssi_event, gfp); 895 } 896 EXPORT_SYMBOL(cfg80211_cqm_rssi_notify); 897 898 void cfg80211_cqm_pktloss_notify(struct net_device *dev, 899 const u8 *peer, u32 num_packets, gfp_t gfp) 900 { 901 struct wireless_dev *wdev = dev->ieee80211_ptr; 902 struct wiphy *wiphy = wdev->wiphy; 903 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 904 905 /* Indicate roaming trigger event to user space */ 906 nl80211_send_cqm_pktloss_notify(rdev, dev, peer, num_packets, gfp); 907 } 908 EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify); 909 910 void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid, 911 const u8 *replay_ctr, gfp_t gfp) 912 { 913 struct wireless_dev *wdev = dev->ieee80211_ptr; 914 struct wiphy *wiphy = wdev->wiphy; 915 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 916 917 nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp); 918 } 919 EXPORT_SYMBOL(cfg80211_gtk_rekey_notify); 920 921 void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index, 922 const u8 *bssid, bool preauth, gfp_t gfp) 923 { 924 struct wireless_dev *wdev = dev->ieee80211_ptr; 925 struct wiphy *wiphy = wdev->wiphy; 926 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 927 928 nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp); 929 } 930 EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify); 931 932 void cfg80211_ch_switch_notify(struct net_device *dev, int freq, 933 enum nl80211_channel_type type) 934 { 935 struct wireless_dev *wdev = dev->ieee80211_ptr; 936 struct wiphy *wiphy = wdev->wiphy; 937 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 938 struct ieee80211_channel *chan; 939 940 wdev_lock(wdev); 941 942 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP && 943 wdev->iftype != NL80211_IFTYPE_P2P_GO)) 944 goto out; 945 946 chan = rdev_freq_to_chan(rdev, freq, type); 947 if (WARN_ON(!chan)) 948 goto out; 949 950 wdev->channel = chan; 951 952 nl80211_ch_switch_notify(rdev, dev, freq, type, GFP_KERNEL); 953 out: 954 wdev_unlock(wdev); 955 return; 956 } 957 EXPORT_SYMBOL(cfg80211_ch_switch_notify); 958 959 bool cfg80211_rx_spurious_frame(struct net_device *dev, 960 const u8 *addr, gfp_t gfp) 961 { 962 struct wireless_dev *wdev = dev->ieee80211_ptr; 963 964 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP && 965 wdev->iftype != NL80211_IFTYPE_P2P_GO)) 966 return false; 967 968 return nl80211_unexpected_frame(dev, addr, gfp); 969 } 970 EXPORT_SYMBOL(cfg80211_rx_spurious_frame); 971 972 bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev, 973 const u8 *addr, gfp_t gfp) 974 { 975 struct wireless_dev *wdev = dev->ieee80211_ptr; 976 977 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP && 978 wdev->iftype != NL80211_IFTYPE_P2P_GO && 979 wdev->iftype != NL80211_IFTYPE_AP_VLAN)) 980 return false; 981 982 return nl80211_unexpected_4addr_frame(dev, addr, gfp); 983 } 984 EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame); 985