1 /* 2 * cfg80211 MLME SAP interface 3 * 4 * Copyright (c) 2009, Jouni Malinen <j@w1.fi> 5 */ 6 7 #include <linux/kernel.h> 8 #include <linux/module.h> 9 #include <linux/netdevice.h> 10 #include <linux/nl80211.h> 11 #include <linux/slab.h> 12 #include <linux/wireless.h> 13 #include <net/cfg80211.h> 14 #include <net/iw_handler.h> 15 #include "core.h" 16 #include "nl80211.h" 17 18 void cfg80211_send_rx_auth(struct net_device *dev, const u8 *buf, size_t len) 19 { 20 struct wireless_dev *wdev = dev->ieee80211_ptr; 21 struct wiphy *wiphy = wdev->wiphy; 22 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 23 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf; 24 u8 *bssid = mgmt->bssid; 25 int i; 26 u16 status = le16_to_cpu(mgmt->u.auth.status_code); 27 bool done = false; 28 29 wdev_lock(wdev); 30 31 for (i = 0; i < MAX_AUTH_BSSES; i++) { 32 if (wdev->authtry_bsses[i] && 33 memcmp(wdev->authtry_bsses[i]->pub.bssid, bssid, 34 ETH_ALEN) == 0) { 35 if (status == WLAN_STATUS_SUCCESS) { 36 wdev->auth_bsses[i] = wdev->authtry_bsses[i]; 37 } else { 38 cfg80211_unhold_bss(wdev->authtry_bsses[i]); 39 cfg80211_put_bss(&wdev->authtry_bsses[i]->pub); 40 } 41 wdev->authtry_bsses[i] = NULL; 42 done = true; 43 break; 44 } 45 } 46 47 if (done) { 48 nl80211_send_rx_auth(rdev, dev, buf, len, GFP_KERNEL); 49 cfg80211_sme_rx_auth(dev, buf, len); 50 } 51 52 wdev_unlock(wdev); 53 } 54 EXPORT_SYMBOL(cfg80211_send_rx_auth); 55 56 void cfg80211_send_rx_assoc(struct net_device *dev, const u8 *buf, size_t len) 57 { 58 u16 status_code; 59 struct wireless_dev *wdev = dev->ieee80211_ptr; 60 struct wiphy *wiphy = wdev->wiphy; 61 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 62 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf; 63 u8 *ie = mgmt->u.assoc_resp.variable; 64 int i, ieoffs = offsetof(struct ieee80211_mgmt, u.assoc_resp.variable); 65 struct cfg80211_internal_bss *bss = NULL; 66 67 wdev_lock(wdev); 68 69 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code); 70 71 /* 72 * This is a bit of a hack, we don't notify userspace of 73 * a (re-)association reply if we tried to send a reassoc 74 * and got a reject -- we only try again with an assoc 75 * frame instead of reassoc. 76 */ 77 if (status_code != WLAN_STATUS_SUCCESS && wdev->conn && 78 cfg80211_sme_failed_reassoc(wdev)) 79 goto out; 80 81 nl80211_send_rx_assoc(rdev, dev, buf, len, GFP_KERNEL); 82 83 if (status_code == WLAN_STATUS_SUCCESS) { 84 for (i = 0; i < MAX_AUTH_BSSES; i++) { 85 if (!wdev->auth_bsses[i]) 86 continue; 87 if (memcmp(wdev->auth_bsses[i]->pub.bssid, mgmt->bssid, 88 ETH_ALEN) == 0) { 89 bss = wdev->auth_bsses[i]; 90 wdev->auth_bsses[i] = NULL; 91 /* additional reference to drop hold */ 92 cfg80211_ref_bss(bss); 93 break; 94 } 95 } 96 97 /* 98 * We might be coming here because the driver reported 99 * a successful association at the same time as the 100 * user requested a deauth. In that case, we will have 101 * removed the BSS from the auth_bsses list due to the 102 * deauth request when the assoc response makes it. If 103 * the two code paths acquire the lock the other way 104 * around, that's just the standard situation of a 105 * deauth being requested while connected. 106 */ 107 if (!bss) 108 goto out; 109 } else if (wdev->conn) { 110 cfg80211_sme_failed_assoc(wdev); 111 /* 112 * do not call connect_result() now because the 113 * sme will schedule work that does it later. 114 */ 115 goto out; 116 } 117 118 if (!wdev->conn && wdev->sme_state == CFG80211_SME_IDLE) { 119 /* 120 * This is for the userspace SME, the CONNECTING 121 * state will be changed to CONNECTED by 122 * __cfg80211_connect_result() below. 123 */ 124 wdev->sme_state = CFG80211_SME_CONNECTING; 125 } 126 127 /* this consumes one bss reference (unless bss is NULL) */ 128 __cfg80211_connect_result(dev, mgmt->bssid, NULL, 0, ie, len - ieoffs, 129 status_code, 130 status_code == WLAN_STATUS_SUCCESS, 131 bss ? &bss->pub : NULL); 132 /* drop hold now, and also reference acquired above */ 133 if (bss) { 134 cfg80211_unhold_bss(bss); 135 cfg80211_put_bss(&bss->pub); 136 } 137 138 out: 139 wdev_unlock(wdev); 140 } 141 EXPORT_SYMBOL(cfg80211_send_rx_assoc); 142 143 void __cfg80211_send_deauth(struct net_device *dev, 144 const u8 *buf, size_t len) 145 { 146 struct wireless_dev *wdev = dev->ieee80211_ptr; 147 struct wiphy *wiphy = wdev->wiphy; 148 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 149 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf; 150 const u8 *bssid = mgmt->bssid; 151 int i; 152 bool found = false, was_current = false; 153 154 ASSERT_WDEV_LOCK(wdev); 155 156 if (wdev->current_bss && 157 memcmp(wdev->current_bss->pub.bssid, bssid, ETH_ALEN) == 0) { 158 cfg80211_unhold_bss(wdev->current_bss); 159 cfg80211_put_bss(&wdev->current_bss->pub); 160 wdev->current_bss = NULL; 161 found = true; 162 was_current = true; 163 } else for (i = 0; i < MAX_AUTH_BSSES; i++) { 164 if (wdev->auth_bsses[i] && 165 memcmp(wdev->auth_bsses[i]->pub.bssid, bssid, ETH_ALEN) == 0) { 166 cfg80211_unhold_bss(wdev->auth_bsses[i]); 167 cfg80211_put_bss(&wdev->auth_bsses[i]->pub); 168 wdev->auth_bsses[i] = NULL; 169 found = true; 170 break; 171 } 172 if (wdev->authtry_bsses[i] && 173 memcmp(wdev->authtry_bsses[i]->pub.bssid, bssid, 174 ETH_ALEN) == 0 && 175 memcmp(mgmt->sa, dev->dev_addr, ETH_ALEN) == 0) { 176 cfg80211_unhold_bss(wdev->authtry_bsses[i]); 177 cfg80211_put_bss(&wdev->authtry_bsses[i]->pub); 178 wdev->authtry_bsses[i] = NULL; 179 found = true; 180 break; 181 } 182 } 183 184 if (!found) 185 return; 186 187 nl80211_send_deauth(rdev, dev, buf, len, GFP_KERNEL); 188 189 if (wdev->sme_state == CFG80211_SME_CONNECTED && was_current) { 190 u16 reason_code; 191 bool from_ap; 192 193 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code); 194 195 from_ap = memcmp(mgmt->sa, dev->dev_addr, ETH_ALEN) != 0; 196 __cfg80211_disconnected(dev, NULL, 0, reason_code, from_ap); 197 } else if (wdev->sme_state == CFG80211_SME_CONNECTING) { 198 __cfg80211_connect_result(dev, mgmt->bssid, NULL, 0, NULL, 0, 199 WLAN_STATUS_UNSPECIFIED_FAILURE, 200 false, NULL); 201 } 202 } 203 EXPORT_SYMBOL(__cfg80211_send_deauth); 204 205 void cfg80211_send_deauth(struct net_device *dev, const u8 *buf, size_t len) 206 { 207 struct wireless_dev *wdev = dev->ieee80211_ptr; 208 209 wdev_lock(wdev); 210 __cfg80211_send_deauth(dev, buf, len); 211 wdev_unlock(wdev); 212 } 213 EXPORT_SYMBOL(cfg80211_send_deauth); 214 215 void __cfg80211_send_disassoc(struct net_device *dev, 216 const u8 *buf, size_t len) 217 { 218 struct wireless_dev *wdev = dev->ieee80211_ptr; 219 struct wiphy *wiphy = wdev->wiphy; 220 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 221 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf; 222 const u8 *bssid = mgmt->bssid; 223 int i; 224 u16 reason_code; 225 bool from_ap; 226 bool done = false; 227 228 ASSERT_WDEV_LOCK(wdev); 229 230 nl80211_send_disassoc(rdev, dev, buf, len, GFP_KERNEL); 231 232 if (wdev->sme_state != CFG80211_SME_CONNECTED) 233 return; 234 235 if (wdev->current_bss && 236 memcmp(wdev->current_bss->pub.bssid, bssid, ETH_ALEN) == 0) { 237 for (i = 0; i < MAX_AUTH_BSSES; i++) { 238 if (wdev->authtry_bsses[i] || wdev->auth_bsses[i]) 239 continue; 240 wdev->auth_bsses[i] = wdev->current_bss; 241 wdev->current_bss = NULL; 242 done = true; 243 cfg80211_sme_disassoc(dev, i); 244 break; 245 } 246 WARN_ON(!done); 247 } else 248 WARN_ON(1); 249 250 251 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code); 252 253 from_ap = memcmp(mgmt->sa, dev->dev_addr, ETH_ALEN) != 0; 254 __cfg80211_disconnected(dev, NULL, 0, reason_code, from_ap); 255 } 256 EXPORT_SYMBOL(__cfg80211_send_disassoc); 257 258 void cfg80211_send_disassoc(struct net_device *dev, const u8 *buf, size_t len) 259 { 260 struct wireless_dev *wdev = dev->ieee80211_ptr; 261 262 wdev_lock(wdev); 263 __cfg80211_send_disassoc(dev, buf, len); 264 wdev_unlock(wdev); 265 } 266 EXPORT_SYMBOL(cfg80211_send_disassoc); 267 268 void cfg80211_send_unprot_deauth(struct net_device *dev, const u8 *buf, 269 size_t len) 270 { 271 struct wireless_dev *wdev = dev->ieee80211_ptr; 272 struct wiphy *wiphy = wdev->wiphy; 273 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 274 275 nl80211_send_unprot_deauth(rdev, dev, buf, len, GFP_ATOMIC); 276 } 277 EXPORT_SYMBOL(cfg80211_send_unprot_deauth); 278 279 void cfg80211_send_unprot_disassoc(struct net_device *dev, const u8 *buf, 280 size_t len) 281 { 282 struct wireless_dev *wdev = dev->ieee80211_ptr; 283 struct wiphy *wiphy = wdev->wiphy; 284 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 285 286 nl80211_send_unprot_disassoc(rdev, dev, buf, len, GFP_ATOMIC); 287 } 288 EXPORT_SYMBOL(cfg80211_send_unprot_disassoc); 289 290 static void __cfg80211_auth_remove(struct wireless_dev *wdev, const u8 *addr) 291 { 292 int i; 293 bool done = false; 294 295 ASSERT_WDEV_LOCK(wdev); 296 297 for (i = 0; addr && i < MAX_AUTH_BSSES; i++) { 298 if (wdev->authtry_bsses[i] && 299 memcmp(wdev->authtry_bsses[i]->pub.bssid, 300 addr, ETH_ALEN) == 0) { 301 cfg80211_unhold_bss(wdev->authtry_bsses[i]); 302 cfg80211_put_bss(&wdev->authtry_bsses[i]->pub); 303 wdev->authtry_bsses[i] = NULL; 304 done = true; 305 break; 306 } 307 } 308 309 WARN_ON(!done); 310 } 311 312 void __cfg80211_auth_canceled(struct net_device *dev, const u8 *addr) 313 { 314 __cfg80211_auth_remove(dev->ieee80211_ptr, addr); 315 } 316 EXPORT_SYMBOL(__cfg80211_auth_canceled); 317 318 void cfg80211_send_auth_timeout(struct net_device *dev, const u8 *addr) 319 { 320 struct wireless_dev *wdev = dev->ieee80211_ptr; 321 struct wiphy *wiphy = wdev->wiphy; 322 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 323 324 wdev_lock(wdev); 325 326 nl80211_send_auth_timeout(rdev, dev, addr, GFP_KERNEL); 327 if (wdev->sme_state == CFG80211_SME_CONNECTING) 328 __cfg80211_connect_result(dev, addr, NULL, 0, NULL, 0, 329 WLAN_STATUS_UNSPECIFIED_FAILURE, 330 false, NULL); 331 332 __cfg80211_auth_remove(wdev, addr); 333 334 wdev_unlock(wdev); 335 } 336 EXPORT_SYMBOL(cfg80211_send_auth_timeout); 337 338 void cfg80211_send_assoc_timeout(struct net_device *dev, const u8 *addr) 339 { 340 struct wireless_dev *wdev = dev->ieee80211_ptr; 341 struct wiphy *wiphy = wdev->wiphy; 342 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 343 int i; 344 bool done = false; 345 346 wdev_lock(wdev); 347 348 nl80211_send_assoc_timeout(rdev, dev, addr, GFP_KERNEL); 349 if (wdev->sme_state == CFG80211_SME_CONNECTING) 350 __cfg80211_connect_result(dev, addr, NULL, 0, NULL, 0, 351 WLAN_STATUS_UNSPECIFIED_FAILURE, 352 false, NULL); 353 354 for (i = 0; addr && i < MAX_AUTH_BSSES; i++) { 355 if (wdev->auth_bsses[i] && 356 memcmp(wdev->auth_bsses[i]->pub.bssid, 357 addr, ETH_ALEN) == 0) { 358 cfg80211_unhold_bss(wdev->auth_bsses[i]); 359 cfg80211_put_bss(&wdev->auth_bsses[i]->pub); 360 wdev->auth_bsses[i] = NULL; 361 done = true; 362 break; 363 } 364 } 365 366 WARN_ON(!done); 367 368 wdev_unlock(wdev); 369 } 370 EXPORT_SYMBOL(cfg80211_send_assoc_timeout); 371 372 void cfg80211_michael_mic_failure(struct net_device *dev, const u8 *addr, 373 enum nl80211_key_type key_type, int key_id, 374 const u8 *tsc, gfp_t gfp) 375 { 376 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy; 377 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 378 #ifdef CONFIG_CFG80211_WEXT 379 union iwreq_data wrqu; 380 char *buf = kmalloc(128, gfp); 381 382 if (buf) { 383 sprintf(buf, "MLME-MICHAELMICFAILURE.indication(" 384 "keyid=%d %scast addr=%pM)", key_id, 385 key_type == NL80211_KEYTYPE_GROUP ? "broad" : "uni", 386 addr); 387 memset(&wrqu, 0, sizeof(wrqu)); 388 wrqu.data.length = strlen(buf); 389 wireless_send_event(dev, IWEVCUSTOM, &wrqu, buf); 390 kfree(buf); 391 } 392 #endif 393 394 nl80211_michael_mic_failure(rdev, dev, addr, key_type, key_id, tsc, gfp); 395 } 396 EXPORT_SYMBOL(cfg80211_michael_mic_failure); 397 398 /* some MLME handling for userspace SME */ 399 int __cfg80211_mlme_auth(struct cfg80211_registered_device *rdev, 400 struct net_device *dev, 401 struct ieee80211_channel *chan, 402 enum nl80211_auth_type auth_type, 403 const u8 *bssid, 404 const u8 *ssid, int ssid_len, 405 const u8 *ie, int ie_len, 406 const u8 *key, int key_len, int key_idx, 407 bool local_state_change) 408 { 409 struct wireless_dev *wdev = dev->ieee80211_ptr; 410 struct cfg80211_auth_request req; 411 struct cfg80211_internal_bss *bss; 412 int i, err, slot = -1, nfree = 0; 413 414 ASSERT_WDEV_LOCK(wdev); 415 416 if (auth_type == NL80211_AUTHTYPE_SHARED_KEY) 417 if (!key || !key_len || key_idx < 0 || key_idx > 4) 418 return -EINVAL; 419 420 if (wdev->current_bss && 421 memcmp(bssid, wdev->current_bss->pub.bssid, ETH_ALEN) == 0) 422 return -EALREADY; 423 424 for (i = 0; i < MAX_AUTH_BSSES; i++) { 425 if (wdev->authtry_bsses[i] && 426 memcmp(bssid, wdev->authtry_bsses[i]->pub.bssid, 427 ETH_ALEN) == 0) 428 return -EALREADY; 429 if (wdev->auth_bsses[i] && 430 memcmp(bssid, wdev->auth_bsses[i]->pub.bssid, 431 ETH_ALEN) == 0) 432 return -EALREADY; 433 } 434 435 memset(&req, 0, sizeof(req)); 436 437 req.local_state_change = local_state_change; 438 req.ie = ie; 439 req.ie_len = ie_len; 440 req.auth_type = auth_type; 441 req.bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len, 442 WLAN_CAPABILITY_ESS, WLAN_CAPABILITY_ESS); 443 req.key = key; 444 req.key_len = key_len; 445 req.key_idx = key_idx; 446 if (!req.bss) 447 return -ENOENT; 448 449 bss = bss_from_pub(req.bss); 450 451 for (i = 0; i < MAX_AUTH_BSSES; i++) { 452 if (!wdev->auth_bsses[i] && !wdev->authtry_bsses[i]) { 453 slot = i; 454 nfree++; 455 } 456 } 457 458 /* we need one free slot for disassoc and one for this auth */ 459 if (nfree < 2) { 460 err = -ENOSPC; 461 goto out; 462 } 463 464 if (local_state_change) 465 wdev->auth_bsses[slot] = bss; 466 else 467 wdev->authtry_bsses[slot] = bss; 468 cfg80211_hold_bss(bss); 469 470 err = rdev->ops->auth(&rdev->wiphy, dev, &req); 471 if (err) { 472 if (local_state_change) 473 wdev->auth_bsses[slot] = NULL; 474 else 475 wdev->authtry_bsses[slot] = NULL; 476 cfg80211_unhold_bss(bss); 477 } 478 479 out: 480 if (err) 481 cfg80211_put_bss(req.bss); 482 return err; 483 } 484 485 int cfg80211_mlme_auth(struct cfg80211_registered_device *rdev, 486 struct net_device *dev, struct ieee80211_channel *chan, 487 enum nl80211_auth_type auth_type, const u8 *bssid, 488 const u8 *ssid, int ssid_len, 489 const u8 *ie, int ie_len, 490 const u8 *key, int key_len, int key_idx, 491 bool local_state_change) 492 { 493 int err; 494 495 wdev_lock(dev->ieee80211_ptr); 496 err = __cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid, 497 ssid, ssid_len, ie, ie_len, 498 key, key_len, key_idx, local_state_change); 499 wdev_unlock(dev->ieee80211_ptr); 500 501 return err; 502 } 503 504 /* Do a logical ht_capa &= ht_capa_mask. */ 505 void cfg80211_oper_and_ht_capa(struct ieee80211_ht_cap *ht_capa, 506 const struct ieee80211_ht_cap *ht_capa_mask) 507 { 508 int i; 509 u8 *p1, *p2; 510 if (!ht_capa_mask) { 511 memset(ht_capa, 0, sizeof(*ht_capa)); 512 return; 513 } 514 515 p1 = (u8*)(ht_capa); 516 p2 = (u8*)(ht_capa_mask); 517 for (i = 0; i<sizeof(*ht_capa); i++) 518 p1[i] &= p2[i]; 519 } 520 521 int __cfg80211_mlme_assoc(struct cfg80211_registered_device *rdev, 522 struct net_device *dev, 523 struct ieee80211_channel *chan, 524 const u8 *bssid, const u8 *prev_bssid, 525 const u8 *ssid, int ssid_len, 526 const u8 *ie, int ie_len, bool use_mfp, 527 struct cfg80211_crypto_settings *crypt, 528 u32 assoc_flags, struct ieee80211_ht_cap *ht_capa, 529 struct ieee80211_ht_cap *ht_capa_mask) 530 { 531 struct wireless_dev *wdev = dev->ieee80211_ptr; 532 struct cfg80211_assoc_request req; 533 struct cfg80211_internal_bss *bss; 534 int i, err, slot = -1; 535 bool was_connected = false; 536 537 ASSERT_WDEV_LOCK(wdev); 538 539 memset(&req, 0, sizeof(req)); 540 541 if (wdev->current_bss && prev_bssid && 542 memcmp(wdev->current_bss->pub.bssid, prev_bssid, ETH_ALEN) == 0) { 543 /* 544 * Trying to reassociate: Allow this to proceed and let the old 545 * association to be dropped when the new one is completed. 546 */ 547 if (wdev->sme_state == CFG80211_SME_CONNECTED) { 548 was_connected = true; 549 wdev->sme_state = CFG80211_SME_CONNECTING; 550 } 551 } else if (wdev->current_bss) 552 return -EALREADY; 553 554 req.ie = ie; 555 req.ie_len = ie_len; 556 memcpy(&req.crypto, crypt, sizeof(req.crypto)); 557 req.use_mfp = use_mfp; 558 req.prev_bssid = prev_bssid; 559 req.flags = assoc_flags; 560 if (ht_capa) 561 memcpy(&req.ht_capa, ht_capa, sizeof(req.ht_capa)); 562 if (ht_capa_mask) 563 memcpy(&req.ht_capa_mask, ht_capa_mask, 564 sizeof(req.ht_capa_mask)); 565 cfg80211_oper_and_ht_capa(&req.ht_capa_mask, 566 rdev->wiphy.ht_capa_mod_mask); 567 568 req.bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len, 569 WLAN_CAPABILITY_ESS, WLAN_CAPABILITY_ESS); 570 if (!req.bss) { 571 if (was_connected) 572 wdev->sme_state = CFG80211_SME_CONNECTED; 573 return -ENOENT; 574 } 575 576 bss = bss_from_pub(req.bss); 577 578 for (i = 0; i < MAX_AUTH_BSSES; i++) { 579 if (bss == wdev->auth_bsses[i]) { 580 slot = i; 581 break; 582 } 583 } 584 585 if (slot < 0) { 586 err = -ENOTCONN; 587 goto out; 588 } 589 590 err = rdev->ops->assoc(&rdev->wiphy, dev, &req); 591 out: 592 if (err && was_connected) 593 wdev->sme_state = CFG80211_SME_CONNECTED; 594 /* still a reference in wdev->auth_bsses[slot] */ 595 cfg80211_put_bss(req.bss); 596 return err; 597 } 598 599 int cfg80211_mlme_assoc(struct cfg80211_registered_device *rdev, 600 struct net_device *dev, 601 struct ieee80211_channel *chan, 602 const u8 *bssid, const u8 *prev_bssid, 603 const u8 *ssid, int ssid_len, 604 const u8 *ie, int ie_len, bool use_mfp, 605 struct cfg80211_crypto_settings *crypt, 606 u32 assoc_flags, struct ieee80211_ht_cap *ht_capa, 607 struct ieee80211_ht_cap *ht_capa_mask) 608 { 609 struct wireless_dev *wdev = dev->ieee80211_ptr; 610 int err; 611 612 wdev_lock(wdev); 613 err = __cfg80211_mlme_assoc(rdev, dev, chan, bssid, prev_bssid, 614 ssid, ssid_len, ie, ie_len, use_mfp, crypt, 615 assoc_flags, ht_capa, ht_capa_mask); 616 wdev_unlock(wdev); 617 618 return err; 619 } 620 621 int __cfg80211_mlme_deauth(struct cfg80211_registered_device *rdev, 622 struct net_device *dev, const u8 *bssid, 623 const u8 *ie, int ie_len, u16 reason, 624 bool local_state_change) 625 { 626 struct wireless_dev *wdev = dev->ieee80211_ptr; 627 struct cfg80211_deauth_request req; 628 int i; 629 630 ASSERT_WDEV_LOCK(wdev); 631 632 memset(&req, 0, sizeof(req)); 633 req.reason_code = reason; 634 req.local_state_change = local_state_change; 635 req.ie = ie; 636 req.ie_len = ie_len; 637 if (wdev->current_bss && 638 memcmp(wdev->current_bss->pub.bssid, bssid, ETH_ALEN) == 0) { 639 req.bss = &wdev->current_bss->pub; 640 } else for (i = 0; i < MAX_AUTH_BSSES; i++) { 641 if (wdev->auth_bsses[i] && 642 memcmp(bssid, wdev->auth_bsses[i]->pub.bssid, ETH_ALEN) == 0) { 643 req.bss = &wdev->auth_bsses[i]->pub; 644 break; 645 } 646 if (wdev->authtry_bsses[i] && 647 memcmp(bssid, wdev->authtry_bsses[i]->pub.bssid, ETH_ALEN) == 0) { 648 req.bss = &wdev->authtry_bsses[i]->pub; 649 break; 650 } 651 } 652 653 if (!req.bss) 654 return -ENOTCONN; 655 656 return rdev->ops->deauth(&rdev->wiphy, dev, &req, wdev); 657 } 658 659 int cfg80211_mlme_deauth(struct cfg80211_registered_device *rdev, 660 struct net_device *dev, const u8 *bssid, 661 const u8 *ie, int ie_len, u16 reason, 662 bool local_state_change) 663 { 664 struct wireless_dev *wdev = dev->ieee80211_ptr; 665 int err; 666 667 wdev_lock(wdev); 668 err = __cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason, 669 local_state_change); 670 wdev_unlock(wdev); 671 672 return err; 673 } 674 675 static int __cfg80211_mlme_disassoc(struct cfg80211_registered_device *rdev, 676 struct net_device *dev, const u8 *bssid, 677 const u8 *ie, int ie_len, u16 reason, 678 bool local_state_change) 679 { 680 struct wireless_dev *wdev = dev->ieee80211_ptr; 681 struct cfg80211_disassoc_request req; 682 683 ASSERT_WDEV_LOCK(wdev); 684 685 if (wdev->sme_state != CFG80211_SME_CONNECTED) 686 return -ENOTCONN; 687 688 if (WARN_ON(!wdev->current_bss)) 689 return -ENOTCONN; 690 691 memset(&req, 0, sizeof(req)); 692 req.reason_code = reason; 693 req.local_state_change = local_state_change; 694 req.ie = ie; 695 req.ie_len = ie_len; 696 if (memcmp(wdev->current_bss->pub.bssid, bssid, ETH_ALEN) == 0) 697 req.bss = &wdev->current_bss->pub; 698 else 699 return -ENOTCONN; 700 701 return rdev->ops->disassoc(&rdev->wiphy, dev, &req, wdev); 702 } 703 704 int cfg80211_mlme_disassoc(struct cfg80211_registered_device *rdev, 705 struct net_device *dev, const u8 *bssid, 706 const u8 *ie, int ie_len, u16 reason, 707 bool local_state_change) 708 { 709 struct wireless_dev *wdev = dev->ieee80211_ptr; 710 int err; 711 712 wdev_lock(wdev); 713 err = __cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason, 714 local_state_change); 715 wdev_unlock(wdev); 716 717 return err; 718 } 719 720 void cfg80211_mlme_down(struct cfg80211_registered_device *rdev, 721 struct net_device *dev) 722 { 723 struct wireless_dev *wdev = dev->ieee80211_ptr; 724 struct cfg80211_deauth_request req; 725 int i; 726 727 ASSERT_WDEV_LOCK(wdev); 728 729 if (!rdev->ops->deauth) 730 return; 731 732 memset(&req, 0, sizeof(req)); 733 req.reason_code = WLAN_REASON_DEAUTH_LEAVING; 734 req.ie = NULL; 735 req.ie_len = 0; 736 737 if (wdev->current_bss) { 738 req.bss = &wdev->current_bss->pub; 739 rdev->ops->deauth(&rdev->wiphy, dev, &req, wdev); 740 if (wdev->current_bss) { 741 cfg80211_unhold_bss(wdev->current_bss); 742 cfg80211_put_bss(&wdev->current_bss->pub); 743 wdev->current_bss = NULL; 744 } 745 } 746 747 for (i = 0; i < MAX_AUTH_BSSES; i++) { 748 if (wdev->auth_bsses[i]) { 749 req.bss = &wdev->auth_bsses[i]->pub; 750 rdev->ops->deauth(&rdev->wiphy, dev, &req, wdev); 751 if (wdev->auth_bsses[i]) { 752 cfg80211_unhold_bss(wdev->auth_bsses[i]); 753 cfg80211_put_bss(&wdev->auth_bsses[i]->pub); 754 wdev->auth_bsses[i] = NULL; 755 } 756 } 757 if (wdev->authtry_bsses[i]) { 758 req.bss = &wdev->authtry_bsses[i]->pub; 759 rdev->ops->deauth(&rdev->wiphy, dev, &req, wdev); 760 if (wdev->authtry_bsses[i]) { 761 cfg80211_unhold_bss(wdev->authtry_bsses[i]); 762 cfg80211_put_bss(&wdev->authtry_bsses[i]->pub); 763 wdev->authtry_bsses[i] = NULL; 764 } 765 } 766 } 767 } 768 769 void cfg80211_ready_on_channel(struct net_device *dev, u64 cookie, 770 struct ieee80211_channel *chan, 771 enum nl80211_channel_type channel_type, 772 unsigned int duration, gfp_t gfp) 773 { 774 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy; 775 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 776 777 nl80211_send_remain_on_channel(rdev, dev, cookie, chan, channel_type, 778 duration, gfp); 779 } 780 EXPORT_SYMBOL(cfg80211_ready_on_channel); 781 782 void cfg80211_remain_on_channel_expired(struct net_device *dev, 783 u64 cookie, 784 struct ieee80211_channel *chan, 785 enum nl80211_channel_type channel_type, 786 gfp_t gfp) 787 { 788 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy; 789 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 790 791 nl80211_send_remain_on_channel_cancel(rdev, dev, cookie, chan, 792 channel_type, gfp); 793 } 794 EXPORT_SYMBOL(cfg80211_remain_on_channel_expired); 795 796 void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr, 797 struct station_info *sinfo, gfp_t gfp) 798 { 799 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy; 800 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 801 802 nl80211_send_sta_event(rdev, dev, mac_addr, sinfo, gfp); 803 } 804 EXPORT_SYMBOL(cfg80211_new_sta); 805 806 void cfg80211_del_sta(struct net_device *dev, const u8 *mac_addr, gfp_t gfp) 807 { 808 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy; 809 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 810 811 nl80211_send_sta_del_event(rdev, dev, mac_addr, gfp); 812 } 813 EXPORT_SYMBOL(cfg80211_del_sta); 814 815 struct cfg80211_mgmt_registration { 816 struct list_head list; 817 818 u32 nlpid; 819 820 int match_len; 821 822 __le16 frame_type; 823 824 u8 match[]; 825 }; 826 827 int cfg80211_mlme_register_mgmt(struct wireless_dev *wdev, u32 snd_pid, 828 u16 frame_type, const u8 *match_data, 829 int match_len) 830 { 831 struct wiphy *wiphy = wdev->wiphy; 832 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 833 struct cfg80211_mgmt_registration *reg, *nreg; 834 int err = 0; 835 u16 mgmt_type; 836 837 if (!wdev->wiphy->mgmt_stypes) 838 return -EOPNOTSUPP; 839 840 if ((frame_type & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT) 841 return -EINVAL; 842 843 if (frame_type & ~(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) 844 return -EINVAL; 845 846 mgmt_type = (frame_type & IEEE80211_FCTL_STYPE) >> 4; 847 if (!(wdev->wiphy->mgmt_stypes[wdev->iftype].rx & BIT(mgmt_type))) 848 return -EINVAL; 849 850 nreg = kzalloc(sizeof(*reg) + match_len, GFP_KERNEL); 851 if (!nreg) 852 return -ENOMEM; 853 854 spin_lock_bh(&wdev->mgmt_registrations_lock); 855 856 list_for_each_entry(reg, &wdev->mgmt_registrations, list) { 857 int mlen = min(match_len, reg->match_len); 858 859 if (frame_type != le16_to_cpu(reg->frame_type)) 860 continue; 861 862 if (memcmp(reg->match, match_data, mlen) == 0) { 863 err = -EALREADY; 864 break; 865 } 866 } 867 868 if (err) { 869 kfree(nreg); 870 goto out; 871 } 872 873 memcpy(nreg->match, match_data, match_len); 874 nreg->match_len = match_len; 875 nreg->nlpid = snd_pid; 876 nreg->frame_type = cpu_to_le16(frame_type); 877 list_add(&nreg->list, &wdev->mgmt_registrations); 878 879 if (rdev->ops->mgmt_frame_register) 880 rdev->ops->mgmt_frame_register(wiphy, wdev->netdev, 881 frame_type, true); 882 883 out: 884 spin_unlock_bh(&wdev->mgmt_registrations_lock); 885 886 return err; 887 } 888 889 void cfg80211_mlme_unregister_socket(struct wireless_dev *wdev, u32 nlpid) 890 { 891 struct wiphy *wiphy = wdev->wiphy; 892 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 893 struct cfg80211_mgmt_registration *reg, *tmp; 894 895 spin_lock_bh(&wdev->mgmt_registrations_lock); 896 897 list_for_each_entry_safe(reg, tmp, &wdev->mgmt_registrations, list) { 898 if (reg->nlpid != nlpid) 899 continue; 900 901 if (rdev->ops->mgmt_frame_register) { 902 u16 frame_type = le16_to_cpu(reg->frame_type); 903 904 rdev->ops->mgmt_frame_register(wiphy, wdev->netdev, 905 frame_type, false); 906 } 907 908 list_del(®->list); 909 kfree(reg); 910 } 911 912 spin_unlock_bh(&wdev->mgmt_registrations_lock); 913 914 if (nlpid == wdev->ap_unexpected_nlpid) 915 wdev->ap_unexpected_nlpid = 0; 916 } 917 918 void cfg80211_mlme_purge_registrations(struct wireless_dev *wdev) 919 { 920 struct cfg80211_mgmt_registration *reg, *tmp; 921 922 spin_lock_bh(&wdev->mgmt_registrations_lock); 923 924 list_for_each_entry_safe(reg, tmp, &wdev->mgmt_registrations, list) { 925 list_del(®->list); 926 kfree(reg); 927 } 928 929 spin_unlock_bh(&wdev->mgmt_registrations_lock); 930 } 931 932 int cfg80211_mlme_mgmt_tx(struct cfg80211_registered_device *rdev, 933 struct net_device *dev, 934 struct ieee80211_channel *chan, bool offchan, 935 enum nl80211_channel_type channel_type, 936 bool channel_type_valid, unsigned int wait, 937 const u8 *buf, size_t len, bool no_cck, 938 bool dont_wait_for_ack, u64 *cookie) 939 { 940 struct wireless_dev *wdev = dev->ieee80211_ptr; 941 const struct ieee80211_mgmt *mgmt; 942 u16 stype; 943 944 if (!wdev->wiphy->mgmt_stypes) 945 return -EOPNOTSUPP; 946 947 if (!rdev->ops->mgmt_tx) 948 return -EOPNOTSUPP; 949 950 if (len < 24 + 1) 951 return -EINVAL; 952 953 mgmt = (const struct ieee80211_mgmt *) buf; 954 955 if (!ieee80211_is_mgmt(mgmt->frame_control)) 956 return -EINVAL; 957 958 stype = le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE; 959 if (!(wdev->wiphy->mgmt_stypes[wdev->iftype].tx & BIT(stype >> 4))) 960 return -EINVAL; 961 962 if (ieee80211_is_action(mgmt->frame_control) && 963 mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) { 964 int err = 0; 965 966 wdev_lock(wdev); 967 968 switch (wdev->iftype) { 969 case NL80211_IFTYPE_ADHOC: 970 case NL80211_IFTYPE_STATION: 971 case NL80211_IFTYPE_P2P_CLIENT: 972 if (!wdev->current_bss) { 973 err = -ENOTCONN; 974 break; 975 } 976 977 if (memcmp(wdev->current_bss->pub.bssid, 978 mgmt->bssid, ETH_ALEN)) { 979 err = -ENOTCONN; 980 break; 981 } 982 983 /* 984 * check for IBSS DA must be done by driver as 985 * cfg80211 doesn't track the stations 986 */ 987 if (wdev->iftype == NL80211_IFTYPE_ADHOC) 988 break; 989 990 /* for station, check that DA is the AP */ 991 if (memcmp(wdev->current_bss->pub.bssid, 992 mgmt->da, ETH_ALEN)) { 993 err = -ENOTCONN; 994 break; 995 } 996 break; 997 case NL80211_IFTYPE_AP: 998 case NL80211_IFTYPE_P2P_GO: 999 case NL80211_IFTYPE_AP_VLAN: 1000 if (memcmp(mgmt->bssid, dev->dev_addr, ETH_ALEN)) 1001 err = -EINVAL; 1002 break; 1003 case NL80211_IFTYPE_MESH_POINT: 1004 if (memcmp(mgmt->sa, mgmt->bssid, ETH_ALEN)) { 1005 err = -EINVAL; 1006 break; 1007 } 1008 /* 1009 * check for mesh DA must be done by driver as 1010 * cfg80211 doesn't track the stations 1011 */ 1012 break; 1013 default: 1014 err = -EOPNOTSUPP; 1015 break; 1016 } 1017 wdev_unlock(wdev); 1018 1019 if (err) 1020 return err; 1021 } 1022 1023 if (memcmp(mgmt->sa, dev->dev_addr, ETH_ALEN) != 0) 1024 return -EINVAL; 1025 1026 /* Transmit the Action frame as requested by user space */ 1027 return rdev->ops->mgmt_tx(&rdev->wiphy, dev, chan, offchan, 1028 channel_type, channel_type_valid, 1029 wait, buf, len, no_cck, dont_wait_for_ack, 1030 cookie); 1031 } 1032 1033 bool cfg80211_rx_mgmt(struct net_device *dev, int freq, const u8 *buf, 1034 size_t len, gfp_t gfp) 1035 { 1036 struct wireless_dev *wdev = dev->ieee80211_ptr; 1037 struct wiphy *wiphy = wdev->wiphy; 1038 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 1039 struct cfg80211_mgmt_registration *reg; 1040 const struct ieee80211_txrx_stypes *stypes = 1041 &wiphy->mgmt_stypes[wdev->iftype]; 1042 struct ieee80211_mgmt *mgmt = (void *)buf; 1043 const u8 *data; 1044 int data_len; 1045 bool result = false; 1046 __le16 ftype = mgmt->frame_control & 1047 cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE); 1048 u16 stype; 1049 1050 stype = (le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE) >> 4; 1051 1052 if (!(stypes->rx & BIT(stype))) 1053 return false; 1054 1055 data = buf + ieee80211_hdrlen(mgmt->frame_control); 1056 data_len = len - ieee80211_hdrlen(mgmt->frame_control); 1057 1058 spin_lock_bh(&wdev->mgmt_registrations_lock); 1059 1060 list_for_each_entry(reg, &wdev->mgmt_registrations, list) { 1061 if (reg->frame_type != ftype) 1062 continue; 1063 1064 if (reg->match_len > data_len) 1065 continue; 1066 1067 if (memcmp(reg->match, data, reg->match_len)) 1068 continue; 1069 1070 /* found match! */ 1071 1072 /* Indicate the received Action frame to user space */ 1073 if (nl80211_send_mgmt(rdev, dev, reg->nlpid, freq, 1074 buf, len, gfp)) 1075 continue; 1076 1077 result = true; 1078 break; 1079 } 1080 1081 spin_unlock_bh(&wdev->mgmt_registrations_lock); 1082 1083 return result; 1084 } 1085 EXPORT_SYMBOL(cfg80211_rx_mgmt); 1086 1087 void cfg80211_mgmt_tx_status(struct net_device *dev, u64 cookie, 1088 const u8 *buf, size_t len, bool ack, gfp_t gfp) 1089 { 1090 struct wireless_dev *wdev = dev->ieee80211_ptr; 1091 struct wiphy *wiphy = wdev->wiphy; 1092 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 1093 1094 /* Indicate TX status of the Action frame to user space */ 1095 nl80211_send_mgmt_tx_status(rdev, dev, cookie, buf, len, ack, gfp); 1096 } 1097 EXPORT_SYMBOL(cfg80211_mgmt_tx_status); 1098 1099 void cfg80211_cqm_rssi_notify(struct net_device *dev, 1100 enum nl80211_cqm_rssi_threshold_event rssi_event, 1101 gfp_t gfp) 1102 { 1103 struct wireless_dev *wdev = dev->ieee80211_ptr; 1104 struct wiphy *wiphy = wdev->wiphy; 1105 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 1106 1107 /* Indicate roaming trigger event to user space */ 1108 nl80211_send_cqm_rssi_notify(rdev, dev, rssi_event, gfp); 1109 } 1110 EXPORT_SYMBOL(cfg80211_cqm_rssi_notify); 1111 1112 void cfg80211_cqm_pktloss_notify(struct net_device *dev, 1113 const u8 *peer, u32 num_packets, gfp_t gfp) 1114 { 1115 struct wireless_dev *wdev = dev->ieee80211_ptr; 1116 struct wiphy *wiphy = wdev->wiphy; 1117 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 1118 1119 /* Indicate roaming trigger event to user space */ 1120 nl80211_send_cqm_pktloss_notify(rdev, dev, peer, num_packets, gfp); 1121 } 1122 EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify); 1123 1124 void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid, 1125 const u8 *replay_ctr, gfp_t gfp) 1126 { 1127 struct wireless_dev *wdev = dev->ieee80211_ptr; 1128 struct wiphy *wiphy = wdev->wiphy; 1129 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 1130 1131 nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp); 1132 } 1133 EXPORT_SYMBOL(cfg80211_gtk_rekey_notify); 1134 1135 void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index, 1136 const u8 *bssid, bool preauth, gfp_t gfp) 1137 { 1138 struct wireless_dev *wdev = dev->ieee80211_ptr; 1139 struct wiphy *wiphy = wdev->wiphy; 1140 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 1141 1142 nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp); 1143 } 1144 EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify); 1145 1146 bool cfg80211_rx_spurious_frame(struct net_device *dev, 1147 const u8 *addr, gfp_t gfp) 1148 { 1149 struct wireless_dev *wdev = dev->ieee80211_ptr; 1150 1151 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP && 1152 wdev->iftype != NL80211_IFTYPE_P2P_GO)) 1153 return false; 1154 1155 return nl80211_unexpected_frame(dev, addr, gfp); 1156 } 1157 EXPORT_SYMBOL(cfg80211_rx_spurious_frame); 1158 1159 bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev, 1160 const u8 *addr, gfp_t gfp) 1161 { 1162 struct wireless_dev *wdev = dev->ieee80211_ptr; 1163 1164 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP && 1165 wdev->iftype != NL80211_IFTYPE_P2P_GO && 1166 wdev->iftype != NL80211_IFTYPE_AP_VLAN)) 1167 return false; 1168 1169 return nl80211_unexpected_4addr_frame(dev, addr, gfp); 1170 } 1171 EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame); 1172