1 /* 2 * SME code for cfg80211's connect emulation. 3 * 4 * Copyright 2009 Johannes Berg <johannes@sipsolutions.net> 5 * Copyright (C) 2009 Intel Corporation. All rights reserved. 6 */ 7 8 #include <linux/etherdevice.h> 9 #include <linux/if_arp.h> 10 #include <linux/slab.h> 11 #include <linux/workqueue.h> 12 #include <linux/wireless.h> 13 #include <net/iw_handler.h> 14 #include <net/cfg80211.h> 15 #include <net/rtnetlink.h> 16 #include "nl80211.h" 17 #include "reg.h" 18 19 struct cfg80211_conn { 20 struct cfg80211_connect_params params; 21 /* these are sub-states of the _CONNECTING sme_state */ 22 enum { 23 CFG80211_CONN_IDLE, 24 CFG80211_CONN_SCANNING, 25 CFG80211_CONN_SCAN_AGAIN, 26 CFG80211_CONN_AUTHENTICATE_NEXT, 27 CFG80211_CONN_AUTHENTICATING, 28 CFG80211_CONN_ASSOCIATE_NEXT, 29 CFG80211_CONN_ASSOCIATING, 30 CFG80211_CONN_DEAUTH_ASSOC_FAIL, 31 } state; 32 u8 bssid[ETH_ALEN], prev_bssid[ETH_ALEN]; 33 u8 *ie; 34 size_t ie_len; 35 bool auto_auth, prev_bssid_valid; 36 }; 37 38 static bool cfg80211_is_all_idle(void) 39 { 40 struct cfg80211_registered_device *rdev; 41 struct wireless_dev *wdev; 42 bool is_all_idle = true; 43 44 mutex_lock(&cfg80211_mutex); 45 46 /* 47 * All devices must be idle as otherwise if you are actively 48 * scanning some new beacon hints could be learned and would 49 * count as new regulatory hints. 50 */ 51 list_for_each_entry(rdev, &cfg80211_rdev_list, list) { 52 cfg80211_lock_rdev(rdev); 53 list_for_each_entry(wdev, &rdev->netdev_list, list) { 54 wdev_lock(wdev); 55 if (wdev->sme_state != CFG80211_SME_IDLE) 56 is_all_idle = false; 57 wdev_unlock(wdev); 58 } 59 cfg80211_unlock_rdev(rdev); 60 } 61 62 mutex_unlock(&cfg80211_mutex); 63 64 return is_all_idle; 65 } 66 67 static void disconnect_work(struct work_struct *work) 68 { 69 if (!cfg80211_is_all_idle()) 70 return; 71 72 regulatory_hint_disconnect(); 73 } 74 75 static DECLARE_WORK(cfg80211_disconnect_work, disconnect_work); 76 77 static int cfg80211_conn_scan(struct wireless_dev *wdev) 78 { 79 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 80 struct cfg80211_scan_request *request; 81 int n_channels, err; 82 83 ASSERT_RTNL(); 84 ASSERT_RDEV_LOCK(rdev); 85 ASSERT_WDEV_LOCK(wdev); 86 87 if (rdev->scan_req) 88 return -EBUSY; 89 90 if (wdev->conn->params.channel) { 91 n_channels = 1; 92 } else { 93 enum ieee80211_band band; 94 n_channels = 0; 95 96 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 97 if (!wdev->wiphy->bands[band]) 98 continue; 99 n_channels += wdev->wiphy->bands[band]->n_channels; 100 } 101 } 102 request = kzalloc(sizeof(*request) + sizeof(request->ssids[0]) + 103 sizeof(request->channels[0]) * n_channels, 104 GFP_KERNEL); 105 if (!request) 106 return -ENOMEM; 107 108 if (wdev->conn->params.channel) 109 request->channels[0] = wdev->conn->params.channel; 110 else { 111 int i = 0, j; 112 enum ieee80211_band band; 113 114 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 115 if (!wdev->wiphy->bands[band]) 116 continue; 117 for (j = 0; j < wdev->wiphy->bands[band]->n_channels; 118 i++, j++) 119 request->channels[i] = 120 &wdev->wiphy->bands[band]->channels[j]; 121 request->rates[band] = 122 (1 << wdev->wiphy->bands[band]->n_bitrates) - 1; 123 } 124 } 125 request->n_channels = n_channels; 126 request->ssids = (void *)&request->channels[n_channels]; 127 request->n_ssids = 1; 128 129 memcpy(request->ssids[0].ssid, wdev->conn->params.ssid, 130 wdev->conn->params.ssid_len); 131 request->ssids[0].ssid_len = wdev->conn->params.ssid_len; 132 133 request->dev = wdev->netdev; 134 request->wiphy = &rdev->wiphy; 135 136 rdev->scan_req = request; 137 138 err = rdev->ops->scan(wdev->wiphy, wdev->netdev, request); 139 if (!err) { 140 wdev->conn->state = CFG80211_CONN_SCANNING; 141 nl80211_send_scan_start(rdev, wdev->netdev); 142 dev_hold(wdev->netdev); 143 } else { 144 rdev->scan_req = NULL; 145 kfree(request); 146 } 147 return err; 148 } 149 150 static int cfg80211_conn_do_work(struct wireless_dev *wdev) 151 { 152 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 153 struct cfg80211_connect_params *params; 154 const u8 *prev_bssid = NULL; 155 int err; 156 157 ASSERT_WDEV_LOCK(wdev); 158 159 if (!wdev->conn) 160 return 0; 161 162 params = &wdev->conn->params; 163 164 switch (wdev->conn->state) { 165 case CFG80211_CONN_SCAN_AGAIN: 166 return cfg80211_conn_scan(wdev); 167 case CFG80211_CONN_AUTHENTICATE_NEXT: 168 BUG_ON(!rdev->ops->auth); 169 wdev->conn->state = CFG80211_CONN_AUTHENTICATING; 170 return __cfg80211_mlme_auth(rdev, wdev->netdev, 171 params->channel, params->auth_type, 172 params->bssid, 173 params->ssid, params->ssid_len, 174 NULL, 0, 175 params->key, params->key_len, 176 params->key_idx, false); 177 case CFG80211_CONN_ASSOCIATE_NEXT: 178 BUG_ON(!rdev->ops->assoc); 179 wdev->conn->state = CFG80211_CONN_ASSOCIATING; 180 if (wdev->conn->prev_bssid_valid) 181 prev_bssid = wdev->conn->prev_bssid; 182 err = __cfg80211_mlme_assoc(rdev, wdev->netdev, 183 params->channel, params->bssid, 184 prev_bssid, 185 params->ssid, params->ssid_len, 186 params->ie, params->ie_len, 187 false, ¶ms->crypto); 188 if (err) 189 __cfg80211_mlme_deauth(rdev, wdev->netdev, params->bssid, 190 NULL, 0, 191 WLAN_REASON_DEAUTH_LEAVING, 192 false); 193 return err; 194 case CFG80211_CONN_DEAUTH_ASSOC_FAIL: 195 __cfg80211_mlme_deauth(rdev, wdev->netdev, params->bssid, 196 NULL, 0, 197 WLAN_REASON_DEAUTH_LEAVING, false); 198 /* return an error so that we call __cfg80211_connect_result() */ 199 return -EINVAL; 200 default: 201 return 0; 202 } 203 } 204 205 void cfg80211_conn_work(struct work_struct *work) 206 { 207 struct cfg80211_registered_device *rdev = 208 container_of(work, struct cfg80211_registered_device, conn_work); 209 struct wireless_dev *wdev; 210 u8 bssid_buf[ETH_ALEN], *bssid = NULL; 211 212 rtnl_lock(); 213 cfg80211_lock_rdev(rdev); 214 mutex_lock(&rdev->devlist_mtx); 215 216 list_for_each_entry(wdev, &rdev->netdev_list, list) { 217 wdev_lock(wdev); 218 if (!netif_running(wdev->netdev)) { 219 wdev_unlock(wdev); 220 continue; 221 } 222 if (wdev->sme_state != CFG80211_SME_CONNECTING) { 223 wdev_unlock(wdev); 224 continue; 225 } 226 if (wdev->conn->params.bssid) { 227 memcpy(bssid_buf, wdev->conn->params.bssid, ETH_ALEN); 228 bssid = bssid_buf; 229 } 230 if (cfg80211_conn_do_work(wdev)) 231 __cfg80211_connect_result( 232 wdev->netdev, bssid, 233 NULL, 0, NULL, 0, 234 WLAN_STATUS_UNSPECIFIED_FAILURE, 235 false, NULL); 236 wdev_unlock(wdev); 237 } 238 239 mutex_unlock(&rdev->devlist_mtx); 240 cfg80211_unlock_rdev(rdev); 241 rtnl_unlock(); 242 } 243 244 static struct cfg80211_bss *cfg80211_get_conn_bss(struct wireless_dev *wdev) 245 { 246 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 247 struct cfg80211_bss *bss; 248 u16 capa = WLAN_CAPABILITY_ESS; 249 250 ASSERT_WDEV_LOCK(wdev); 251 252 if (wdev->conn->params.privacy) 253 capa |= WLAN_CAPABILITY_PRIVACY; 254 255 bss = cfg80211_get_bss(wdev->wiphy, wdev->conn->params.channel, 256 wdev->conn->params.bssid, 257 wdev->conn->params.ssid, 258 wdev->conn->params.ssid_len, 259 WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_PRIVACY, 260 capa); 261 if (!bss) 262 return NULL; 263 264 memcpy(wdev->conn->bssid, bss->bssid, ETH_ALEN); 265 wdev->conn->params.bssid = wdev->conn->bssid; 266 wdev->conn->params.channel = bss->channel; 267 wdev->conn->state = CFG80211_CONN_AUTHENTICATE_NEXT; 268 schedule_work(&rdev->conn_work); 269 270 return bss; 271 } 272 273 static void __cfg80211_sme_scan_done(struct net_device *dev) 274 { 275 struct wireless_dev *wdev = dev->ieee80211_ptr; 276 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 277 struct cfg80211_bss *bss; 278 279 ASSERT_WDEV_LOCK(wdev); 280 281 if (wdev->sme_state != CFG80211_SME_CONNECTING) 282 return; 283 284 if (!wdev->conn) 285 return; 286 287 if (wdev->conn->state != CFG80211_CONN_SCANNING && 288 wdev->conn->state != CFG80211_CONN_SCAN_AGAIN) 289 return; 290 291 bss = cfg80211_get_conn_bss(wdev); 292 if (bss) { 293 cfg80211_put_bss(bss); 294 } else { 295 /* not found */ 296 if (wdev->conn->state == CFG80211_CONN_SCAN_AGAIN) 297 schedule_work(&rdev->conn_work); 298 else 299 __cfg80211_connect_result( 300 wdev->netdev, 301 wdev->conn->params.bssid, 302 NULL, 0, NULL, 0, 303 WLAN_STATUS_UNSPECIFIED_FAILURE, 304 false, NULL); 305 } 306 } 307 308 void cfg80211_sme_scan_done(struct net_device *dev) 309 { 310 struct wireless_dev *wdev = dev->ieee80211_ptr; 311 312 mutex_lock(&wiphy_to_dev(wdev->wiphy)->devlist_mtx); 313 wdev_lock(wdev); 314 __cfg80211_sme_scan_done(dev); 315 wdev_unlock(wdev); 316 mutex_unlock(&wiphy_to_dev(wdev->wiphy)->devlist_mtx); 317 } 318 319 void cfg80211_sme_rx_auth(struct net_device *dev, 320 const u8 *buf, size_t len) 321 { 322 struct wireless_dev *wdev = dev->ieee80211_ptr; 323 struct wiphy *wiphy = wdev->wiphy; 324 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 325 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf; 326 u16 status_code = le16_to_cpu(mgmt->u.auth.status_code); 327 328 ASSERT_WDEV_LOCK(wdev); 329 330 /* should only RX auth frames when connecting */ 331 if (wdev->sme_state != CFG80211_SME_CONNECTING) 332 return; 333 334 if (WARN_ON(!wdev->conn)) 335 return; 336 337 if (status_code == WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG && 338 wdev->conn->auto_auth && 339 wdev->conn->params.auth_type != NL80211_AUTHTYPE_NETWORK_EAP) { 340 /* select automatically between only open, shared, leap */ 341 switch (wdev->conn->params.auth_type) { 342 case NL80211_AUTHTYPE_OPEN_SYSTEM: 343 if (wdev->connect_keys) 344 wdev->conn->params.auth_type = 345 NL80211_AUTHTYPE_SHARED_KEY; 346 else 347 wdev->conn->params.auth_type = 348 NL80211_AUTHTYPE_NETWORK_EAP; 349 break; 350 case NL80211_AUTHTYPE_SHARED_KEY: 351 wdev->conn->params.auth_type = 352 NL80211_AUTHTYPE_NETWORK_EAP; 353 break; 354 default: 355 /* huh? */ 356 wdev->conn->params.auth_type = 357 NL80211_AUTHTYPE_OPEN_SYSTEM; 358 break; 359 } 360 wdev->conn->state = CFG80211_CONN_AUTHENTICATE_NEXT; 361 schedule_work(&rdev->conn_work); 362 } else if (status_code != WLAN_STATUS_SUCCESS) { 363 __cfg80211_connect_result(dev, mgmt->bssid, NULL, 0, NULL, 0, 364 status_code, false, NULL); 365 } else if (wdev->sme_state == CFG80211_SME_CONNECTING && 366 wdev->conn->state == CFG80211_CONN_AUTHENTICATING) { 367 wdev->conn->state = CFG80211_CONN_ASSOCIATE_NEXT; 368 schedule_work(&rdev->conn_work); 369 } 370 } 371 372 bool cfg80211_sme_failed_reassoc(struct wireless_dev *wdev) 373 { 374 struct wiphy *wiphy = wdev->wiphy; 375 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 376 377 if (WARN_ON(!wdev->conn)) 378 return false; 379 380 if (!wdev->conn->prev_bssid_valid) 381 return false; 382 383 /* 384 * Some stupid APs don't accept reassoc, so we 385 * need to fall back to trying regular assoc. 386 */ 387 wdev->conn->prev_bssid_valid = false; 388 wdev->conn->state = CFG80211_CONN_ASSOCIATE_NEXT; 389 schedule_work(&rdev->conn_work); 390 391 return true; 392 } 393 394 void cfg80211_sme_failed_assoc(struct wireless_dev *wdev) 395 { 396 struct wiphy *wiphy = wdev->wiphy; 397 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 398 399 wdev->conn->state = CFG80211_CONN_DEAUTH_ASSOC_FAIL; 400 schedule_work(&rdev->conn_work); 401 } 402 403 void __cfg80211_connect_result(struct net_device *dev, const u8 *bssid, 404 const u8 *req_ie, size_t req_ie_len, 405 const u8 *resp_ie, size_t resp_ie_len, 406 u16 status, bool wextev, 407 struct cfg80211_bss *bss) 408 { 409 struct wireless_dev *wdev = dev->ieee80211_ptr; 410 u8 *country_ie; 411 #ifdef CONFIG_CFG80211_WEXT 412 union iwreq_data wrqu; 413 #endif 414 415 ASSERT_WDEV_LOCK(wdev); 416 417 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION && 418 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)) 419 return; 420 421 if (wdev->sme_state != CFG80211_SME_CONNECTING) 422 return; 423 424 nl80211_send_connect_result(wiphy_to_dev(wdev->wiphy), dev, 425 bssid, req_ie, req_ie_len, 426 resp_ie, resp_ie_len, 427 status, GFP_KERNEL); 428 429 #ifdef CONFIG_CFG80211_WEXT 430 if (wextev) { 431 if (req_ie && status == WLAN_STATUS_SUCCESS) { 432 memset(&wrqu, 0, sizeof(wrqu)); 433 wrqu.data.length = req_ie_len; 434 wireless_send_event(dev, IWEVASSOCREQIE, &wrqu, req_ie); 435 } 436 437 if (resp_ie && status == WLAN_STATUS_SUCCESS) { 438 memset(&wrqu, 0, sizeof(wrqu)); 439 wrqu.data.length = resp_ie_len; 440 wireless_send_event(dev, IWEVASSOCRESPIE, &wrqu, resp_ie); 441 } 442 443 memset(&wrqu, 0, sizeof(wrqu)); 444 wrqu.ap_addr.sa_family = ARPHRD_ETHER; 445 if (bssid && status == WLAN_STATUS_SUCCESS) { 446 memcpy(wrqu.ap_addr.sa_data, bssid, ETH_ALEN); 447 memcpy(wdev->wext.prev_bssid, bssid, ETH_ALEN); 448 wdev->wext.prev_bssid_valid = true; 449 } 450 wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL); 451 } 452 #endif 453 454 if (wdev->current_bss) { 455 cfg80211_unhold_bss(wdev->current_bss); 456 cfg80211_put_bss(&wdev->current_bss->pub); 457 wdev->current_bss = NULL; 458 } 459 460 if (wdev->conn) 461 wdev->conn->state = CFG80211_CONN_IDLE; 462 463 if (status != WLAN_STATUS_SUCCESS) { 464 wdev->sme_state = CFG80211_SME_IDLE; 465 if (wdev->conn) 466 kfree(wdev->conn->ie); 467 kfree(wdev->conn); 468 wdev->conn = NULL; 469 kfree(wdev->connect_keys); 470 wdev->connect_keys = NULL; 471 wdev->ssid_len = 0; 472 return; 473 } 474 475 if (!bss) 476 bss = cfg80211_get_bss(wdev->wiphy, 477 wdev->conn ? wdev->conn->params.channel : 478 NULL, 479 bssid, 480 wdev->ssid, wdev->ssid_len, 481 WLAN_CAPABILITY_ESS, 482 WLAN_CAPABILITY_ESS); 483 484 if (WARN_ON(!bss)) 485 return; 486 487 cfg80211_hold_bss(bss_from_pub(bss)); 488 wdev->current_bss = bss_from_pub(bss); 489 490 wdev->sme_state = CFG80211_SME_CONNECTED; 491 cfg80211_upload_connect_keys(wdev); 492 493 country_ie = (u8 *) ieee80211_bss_get_ie(bss, WLAN_EID_COUNTRY); 494 495 if (!country_ie) 496 return; 497 498 /* 499 * ieee80211_bss_get_ie() ensures we can access: 500 * - country_ie + 2, the start of the country ie data, and 501 * - and country_ie[1] which is the IE length 502 */ 503 regulatory_hint_11d(wdev->wiphy, 504 bss->channel->band, 505 country_ie + 2, 506 country_ie[1]); 507 } 508 509 void cfg80211_connect_result(struct net_device *dev, const u8 *bssid, 510 const u8 *req_ie, size_t req_ie_len, 511 const u8 *resp_ie, size_t resp_ie_len, 512 u16 status, gfp_t gfp) 513 { 514 struct wireless_dev *wdev = dev->ieee80211_ptr; 515 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 516 struct cfg80211_event *ev; 517 unsigned long flags; 518 519 CFG80211_DEV_WARN_ON(wdev->sme_state != CFG80211_SME_CONNECTING); 520 521 ev = kzalloc(sizeof(*ev) + req_ie_len + resp_ie_len, gfp); 522 if (!ev) 523 return; 524 525 ev->type = EVENT_CONNECT_RESULT; 526 if (bssid) 527 memcpy(ev->cr.bssid, bssid, ETH_ALEN); 528 if (req_ie_len) { 529 ev->cr.req_ie = ((u8 *)ev) + sizeof(*ev); 530 ev->cr.req_ie_len = req_ie_len; 531 memcpy((void *)ev->cr.req_ie, req_ie, req_ie_len); 532 } 533 if (resp_ie_len) { 534 ev->cr.resp_ie = ((u8 *)ev) + sizeof(*ev) + req_ie_len; 535 ev->cr.resp_ie_len = resp_ie_len; 536 memcpy((void *)ev->cr.resp_ie, resp_ie, resp_ie_len); 537 } 538 ev->cr.status = status; 539 540 spin_lock_irqsave(&wdev->event_lock, flags); 541 list_add_tail(&ev->list, &wdev->event_list); 542 spin_unlock_irqrestore(&wdev->event_lock, flags); 543 queue_work(cfg80211_wq, &rdev->event_work); 544 } 545 EXPORT_SYMBOL(cfg80211_connect_result); 546 547 void __cfg80211_roamed(struct wireless_dev *wdev, 548 struct ieee80211_channel *channel, 549 const u8 *bssid, 550 const u8 *req_ie, size_t req_ie_len, 551 const u8 *resp_ie, size_t resp_ie_len) 552 { 553 struct cfg80211_bss *bss; 554 #ifdef CONFIG_CFG80211_WEXT 555 union iwreq_data wrqu; 556 #endif 557 558 ASSERT_WDEV_LOCK(wdev); 559 560 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION && 561 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)) 562 return; 563 564 if (wdev->sme_state != CFG80211_SME_CONNECTED) 565 return; 566 567 /* internal error -- how did we get to CONNECTED w/o BSS? */ 568 if (WARN_ON(!wdev->current_bss)) { 569 return; 570 } 571 572 cfg80211_unhold_bss(wdev->current_bss); 573 cfg80211_put_bss(&wdev->current_bss->pub); 574 wdev->current_bss = NULL; 575 576 bss = cfg80211_get_bss(wdev->wiphy, channel, bssid, 577 wdev->ssid, wdev->ssid_len, 578 WLAN_CAPABILITY_ESS, WLAN_CAPABILITY_ESS); 579 580 if (WARN_ON(!bss)) 581 return; 582 583 cfg80211_hold_bss(bss_from_pub(bss)); 584 wdev->current_bss = bss_from_pub(bss); 585 586 nl80211_send_roamed(wiphy_to_dev(wdev->wiphy), wdev->netdev, bssid, 587 req_ie, req_ie_len, resp_ie, resp_ie_len, 588 GFP_KERNEL); 589 590 #ifdef CONFIG_CFG80211_WEXT 591 if (req_ie) { 592 memset(&wrqu, 0, sizeof(wrqu)); 593 wrqu.data.length = req_ie_len; 594 wireless_send_event(wdev->netdev, IWEVASSOCREQIE, 595 &wrqu, req_ie); 596 } 597 598 if (resp_ie) { 599 memset(&wrqu, 0, sizeof(wrqu)); 600 wrqu.data.length = resp_ie_len; 601 wireless_send_event(wdev->netdev, IWEVASSOCRESPIE, 602 &wrqu, resp_ie); 603 } 604 605 memset(&wrqu, 0, sizeof(wrqu)); 606 wrqu.ap_addr.sa_family = ARPHRD_ETHER; 607 memcpy(wrqu.ap_addr.sa_data, bssid, ETH_ALEN); 608 memcpy(wdev->wext.prev_bssid, bssid, ETH_ALEN); 609 wdev->wext.prev_bssid_valid = true; 610 wireless_send_event(wdev->netdev, SIOCGIWAP, &wrqu, NULL); 611 #endif 612 } 613 614 void cfg80211_roamed(struct net_device *dev, 615 struct ieee80211_channel *channel, 616 const u8 *bssid, 617 const u8 *req_ie, size_t req_ie_len, 618 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp) 619 { 620 struct wireless_dev *wdev = dev->ieee80211_ptr; 621 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 622 struct cfg80211_event *ev; 623 unsigned long flags; 624 625 CFG80211_DEV_WARN_ON(wdev->sme_state != CFG80211_SME_CONNECTED); 626 627 ev = kzalloc(sizeof(*ev) + req_ie_len + resp_ie_len, gfp); 628 if (!ev) 629 return; 630 631 ev->type = EVENT_ROAMED; 632 ev->rm.channel = channel; 633 memcpy(ev->rm.bssid, bssid, ETH_ALEN); 634 ev->rm.req_ie = ((u8 *)ev) + sizeof(*ev); 635 ev->rm.req_ie_len = req_ie_len; 636 memcpy((void *)ev->rm.req_ie, req_ie, req_ie_len); 637 ev->rm.resp_ie = ((u8 *)ev) + sizeof(*ev) + req_ie_len; 638 ev->rm.resp_ie_len = resp_ie_len; 639 memcpy((void *)ev->rm.resp_ie, resp_ie, resp_ie_len); 640 641 spin_lock_irqsave(&wdev->event_lock, flags); 642 list_add_tail(&ev->list, &wdev->event_list); 643 spin_unlock_irqrestore(&wdev->event_lock, flags); 644 queue_work(cfg80211_wq, &rdev->event_work); 645 } 646 EXPORT_SYMBOL(cfg80211_roamed); 647 648 void __cfg80211_disconnected(struct net_device *dev, const u8 *ie, 649 size_t ie_len, u16 reason, bool from_ap) 650 { 651 struct wireless_dev *wdev = dev->ieee80211_ptr; 652 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 653 int i; 654 #ifdef CONFIG_CFG80211_WEXT 655 union iwreq_data wrqu; 656 #endif 657 658 ASSERT_WDEV_LOCK(wdev); 659 660 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION && 661 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)) 662 return; 663 664 if (wdev->sme_state != CFG80211_SME_CONNECTED) 665 return; 666 667 if (wdev->current_bss) { 668 cfg80211_unhold_bss(wdev->current_bss); 669 cfg80211_put_bss(&wdev->current_bss->pub); 670 } 671 672 wdev->current_bss = NULL; 673 wdev->sme_state = CFG80211_SME_IDLE; 674 wdev->ssid_len = 0; 675 676 if (wdev->conn) { 677 const u8 *bssid; 678 int ret; 679 680 kfree(wdev->conn->ie); 681 wdev->conn->ie = NULL; 682 kfree(wdev->conn); 683 wdev->conn = NULL; 684 685 /* 686 * If this disconnect was due to a disassoc, we 687 * we might still have an auth BSS around. For 688 * the userspace SME that's currently expected, 689 * but for the kernel SME (nl80211 CONNECT or 690 * wireless extensions) we want to clear up all 691 * state. 692 */ 693 for (i = 0; i < MAX_AUTH_BSSES; i++) { 694 if (!wdev->auth_bsses[i]) 695 continue; 696 bssid = wdev->auth_bsses[i]->pub.bssid; 697 ret = __cfg80211_mlme_deauth(rdev, dev, bssid, NULL, 0, 698 WLAN_REASON_DEAUTH_LEAVING, 699 false); 700 WARN(ret, "deauth failed: %d\n", ret); 701 } 702 } 703 704 nl80211_send_disconnected(rdev, dev, reason, ie, ie_len, from_ap); 705 706 /* 707 * Delete all the keys ... pairwise keys can't really 708 * exist any more anyway, but default keys might. 709 */ 710 if (rdev->ops->del_key) 711 for (i = 0; i < 6; i++) 712 rdev->ops->del_key(wdev->wiphy, dev, i, false, NULL); 713 714 #ifdef CONFIG_CFG80211_WEXT 715 memset(&wrqu, 0, sizeof(wrqu)); 716 wrqu.ap_addr.sa_family = ARPHRD_ETHER; 717 wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL); 718 wdev->wext.connect.ssid_len = 0; 719 #endif 720 721 schedule_work(&cfg80211_disconnect_work); 722 } 723 724 void cfg80211_disconnected(struct net_device *dev, u16 reason, 725 u8 *ie, size_t ie_len, gfp_t gfp) 726 { 727 struct wireless_dev *wdev = dev->ieee80211_ptr; 728 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 729 struct cfg80211_event *ev; 730 unsigned long flags; 731 732 CFG80211_DEV_WARN_ON(wdev->sme_state != CFG80211_SME_CONNECTED); 733 734 ev = kzalloc(sizeof(*ev) + ie_len, gfp); 735 if (!ev) 736 return; 737 738 ev->type = EVENT_DISCONNECTED; 739 ev->dc.ie = ((u8 *)ev) + sizeof(*ev); 740 ev->dc.ie_len = ie_len; 741 memcpy((void *)ev->dc.ie, ie, ie_len); 742 ev->dc.reason = reason; 743 744 spin_lock_irqsave(&wdev->event_lock, flags); 745 list_add_tail(&ev->list, &wdev->event_list); 746 spin_unlock_irqrestore(&wdev->event_lock, flags); 747 queue_work(cfg80211_wq, &rdev->event_work); 748 } 749 EXPORT_SYMBOL(cfg80211_disconnected); 750 751 int __cfg80211_connect(struct cfg80211_registered_device *rdev, 752 struct net_device *dev, 753 struct cfg80211_connect_params *connect, 754 struct cfg80211_cached_keys *connkeys, 755 const u8 *prev_bssid) 756 { 757 struct wireless_dev *wdev = dev->ieee80211_ptr; 758 struct cfg80211_bss *bss = NULL; 759 int err; 760 761 ASSERT_WDEV_LOCK(wdev); 762 763 if (wdev->sme_state != CFG80211_SME_IDLE) 764 return -EALREADY; 765 766 if (WARN_ON(wdev->connect_keys)) { 767 kfree(wdev->connect_keys); 768 wdev->connect_keys = NULL; 769 } 770 771 if (connkeys && connkeys->def >= 0) { 772 int idx; 773 u32 cipher; 774 775 idx = connkeys->def; 776 cipher = connkeys->params[idx].cipher; 777 /* If given a WEP key we may need it for shared key auth */ 778 if (cipher == WLAN_CIPHER_SUITE_WEP40 || 779 cipher == WLAN_CIPHER_SUITE_WEP104) { 780 connect->key_idx = idx; 781 connect->key = connkeys->params[idx].key; 782 connect->key_len = connkeys->params[idx].key_len; 783 784 /* 785 * If ciphers are not set (e.g. when going through 786 * iwconfig), we have to set them appropriately here. 787 */ 788 if (connect->crypto.cipher_group == 0) 789 connect->crypto.cipher_group = cipher; 790 791 if (connect->crypto.n_ciphers_pairwise == 0) { 792 connect->crypto.n_ciphers_pairwise = 1; 793 connect->crypto.ciphers_pairwise[0] = cipher; 794 } 795 } 796 } 797 798 if (!rdev->ops->connect) { 799 if (!rdev->ops->auth || !rdev->ops->assoc) 800 return -EOPNOTSUPP; 801 802 if (WARN_ON(wdev->conn)) 803 return -EINPROGRESS; 804 805 wdev->conn = kzalloc(sizeof(*wdev->conn), GFP_KERNEL); 806 if (!wdev->conn) 807 return -ENOMEM; 808 809 /* 810 * Copy all parameters, and treat explicitly IEs, BSSID, SSID. 811 */ 812 memcpy(&wdev->conn->params, connect, sizeof(*connect)); 813 if (connect->bssid) { 814 wdev->conn->params.bssid = wdev->conn->bssid; 815 memcpy(wdev->conn->bssid, connect->bssid, ETH_ALEN); 816 } 817 818 if (connect->ie) { 819 wdev->conn->ie = kmemdup(connect->ie, connect->ie_len, 820 GFP_KERNEL); 821 wdev->conn->params.ie = wdev->conn->ie; 822 if (!wdev->conn->ie) { 823 kfree(wdev->conn); 824 wdev->conn = NULL; 825 return -ENOMEM; 826 } 827 } 828 829 if (connect->auth_type == NL80211_AUTHTYPE_AUTOMATIC) { 830 wdev->conn->auto_auth = true; 831 /* start with open system ... should mostly work */ 832 wdev->conn->params.auth_type = 833 NL80211_AUTHTYPE_OPEN_SYSTEM; 834 } else { 835 wdev->conn->auto_auth = false; 836 } 837 838 memcpy(wdev->ssid, connect->ssid, connect->ssid_len); 839 wdev->ssid_len = connect->ssid_len; 840 wdev->conn->params.ssid = wdev->ssid; 841 wdev->conn->params.ssid_len = connect->ssid_len; 842 843 /* see if we have the bss already */ 844 bss = cfg80211_get_conn_bss(wdev); 845 846 wdev->sme_state = CFG80211_SME_CONNECTING; 847 wdev->connect_keys = connkeys; 848 849 if (prev_bssid) { 850 memcpy(wdev->conn->prev_bssid, prev_bssid, ETH_ALEN); 851 wdev->conn->prev_bssid_valid = true; 852 } 853 854 /* we're good if we have a matching bss struct */ 855 if (bss) { 856 wdev->conn->state = CFG80211_CONN_AUTHENTICATE_NEXT; 857 err = cfg80211_conn_do_work(wdev); 858 cfg80211_put_bss(bss); 859 } else { 860 /* otherwise we'll need to scan for the AP first */ 861 err = cfg80211_conn_scan(wdev); 862 /* 863 * If we can't scan right now, then we need to scan again 864 * after the current scan finished, since the parameters 865 * changed (unless we find a good AP anyway). 866 */ 867 if (err == -EBUSY) { 868 err = 0; 869 wdev->conn->state = CFG80211_CONN_SCAN_AGAIN; 870 } 871 } 872 if (err) { 873 kfree(wdev->conn->ie); 874 kfree(wdev->conn); 875 wdev->conn = NULL; 876 wdev->sme_state = CFG80211_SME_IDLE; 877 wdev->connect_keys = NULL; 878 wdev->ssid_len = 0; 879 } 880 881 return err; 882 } else { 883 wdev->sme_state = CFG80211_SME_CONNECTING; 884 wdev->connect_keys = connkeys; 885 err = rdev->ops->connect(&rdev->wiphy, dev, connect); 886 if (err) { 887 wdev->connect_keys = NULL; 888 wdev->sme_state = CFG80211_SME_IDLE; 889 return err; 890 } 891 892 memcpy(wdev->ssid, connect->ssid, connect->ssid_len); 893 wdev->ssid_len = connect->ssid_len; 894 895 return 0; 896 } 897 } 898 899 int cfg80211_connect(struct cfg80211_registered_device *rdev, 900 struct net_device *dev, 901 struct cfg80211_connect_params *connect, 902 struct cfg80211_cached_keys *connkeys) 903 { 904 int err; 905 906 mutex_lock(&rdev->devlist_mtx); 907 wdev_lock(dev->ieee80211_ptr); 908 err = __cfg80211_connect(rdev, dev, connect, connkeys, NULL); 909 wdev_unlock(dev->ieee80211_ptr); 910 mutex_unlock(&rdev->devlist_mtx); 911 912 return err; 913 } 914 915 int __cfg80211_disconnect(struct cfg80211_registered_device *rdev, 916 struct net_device *dev, u16 reason, bool wextev) 917 { 918 struct wireless_dev *wdev = dev->ieee80211_ptr; 919 int err; 920 921 ASSERT_WDEV_LOCK(wdev); 922 923 if (wdev->sme_state == CFG80211_SME_IDLE) 924 return -EINVAL; 925 926 kfree(wdev->connect_keys); 927 wdev->connect_keys = NULL; 928 929 if (!rdev->ops->disconnect) { 930 if (!rdev->ops->deauth) 931 return -EOPNOTSUPP; 932 933 /* was it connected by userspace SME? */ 934 if (!wdev->conn) { 935 cfg80211_mlme_down(rdev, dev); 936 return 0; 937 } 938 939 if (wdev->sme_state == CFG80211_SME_CONNECTING && 940 (wdev->conn->state == CFG80211_CONN_SCANNING || 941 wdev->conn->state == CFG80211_CONN_SCAN_AGAIN)) { 942 wdev->sme_state = CFG80211_SME_IDLE; 943 kfree(wdev->conn->ie); 944 kfree(wdev->conn); 945 wdev->conn = NULL; 946 wdev->ssid_len = 0; 947 return 0; 948 } 949 950 /* wdev->conn->params.bssid must be set if > SCANNING */ 951 err = __cfg80211_mlme_deauth(rdev, dev, 952 wdev->conn->params.bssid, 953 NULL, 0, reason, false); 954 if (err) 955 return err; 956 } else { 957 err = rdev->ops->disconnect(&rdev->wiphy, dev, reason); 958 if (err) 959 return err; 960 } 961 962 if (wdev->sme_state == CFG80211_SME_CONNECTED) 963 __cfg80211_disconnected(dev, NULL, 0, 0, false); 964 else if (wdev->sme_state == CFG80211_SME_CONNECTING) 965 __cfg80211_connect_result(dev, NULL, NULL, 0, NULL, 0, 966 WLAN_STATUS_UNSPECIFIED_FAILURE, 967 wextev, NULL); 968 969 return 0; 970 } 971 972 int cfg80211_disconnect(struct cfg80211_registered_device *rdev, 973 struct net_device *dev, 974 u16 reason, bool wextev) 975 { 976 int err; 977 978 wdev_lock(dev->ieee80211_ptr); 979 err = __cfg80211_disconnect(rdev, dev, reason, wextev); 980 wdev_unlock(dev->ieee80211_ptr); 981 982 return err; 983 } 984 985 void cfg80211_sme_disassoc(struct net_device *dev, int idx) 986 { 987 struct wireless_dev *wdev = dev->ieee80211_ptr; 988 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 989 u8 bssid[ETH_ALEN]; 990 991 ASSERT_WDEV_LOCK(wdev); 992 993 if (!wdev->conn) 994 return; 995 996 if (wdev->conn->state == CFG80211_CONN_IDLE) 997 return; 998 999 /* 1000 * Ok, so the association was made by this SME -- we don't 1001 * want it any more so deauthenticate too. 1002 */ 1003 1004 if (!wdev->auth_bsses[idx]) 1005 return; 1006 1007 memcpy(bssid, wdev->auth_bsses[idx]->pub.bssid, ETH_ALEN); 1008 if (__cfg80211_mlme_deauth(rdev, dev, bssid, 1009 NULL, 0, WLAN_REASON_DEAUTH_LEAVING, 1010 false)) { 1011 /* whatever -- assume gone anyway */ 1012 cfg80211_unhold_bss(wdev->auth_bsses[idx]); 1013 cfg80211_put_bss(&wdev->auth_bsses[idx]->pub); 1014 wdev->auth_bsses[idx] = NULL; 1015 } 1016 } 1017