Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
mlme.c
Go to the documentation of this file.
1 /*
2  * BSS client mode implementation
3  * Copyright 2003-2008, Jouni Malinen <[email protected]>
4  * Copyright 2004, Instant802 Networks, Inc.
5  * Copyright 2005, Devicescape Software, Inc.
6  * Copyright 2006-2007 Jiri Benc <[email protected]>
7  * Copyright 2007, Michael Wu <[email protected]>
8  *
9  * This program is free software; you can redistribute it and/or modify
10  * it under the terms of the GNU General Public License version 2 as
11  * published by the Free Software Foundation.
12  */
13 
14 #include <linux/delay.h>
15 #include <linux/if_ether.h>
16 #include <linux/skbuff.h>
17 #include <linux/if_arp.h>
18 #include <linux/etherdevice.h>
19 #include <linux/moduleparam.h>
20 #include <linux/rtnetlink.h>
21 #include <linux/pm_qos.h>
22 #include <linux/crc32.h>
23 #include <linux/slab.h>
24 #include <linux/export.h>
25 #include <net/mac80211.h>
26 #include <asm/unaligned.h>
27 
28 #include "ieee80211_i.h"
29 #include "driver-ops.h"
30 #include "rate.h"
31 #include "led.h"
32 
33 #define IEEE80211_AUTH_TIMEOUT (HZ / 5)
34 #define IEEE80211_AUTH_MAX_TRIES 3
35 #define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5)
36 #define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
37 #define IEEE80211_ASSOC_MAX_TRIES 3
38 
39 static int max_nullfunc_tries = 2;
40 module_param(max_nullfunc_tries, int, 0644);
41 MODULE_PARM_DESC(max_nullfunc_tries,
42  "Maximum nullfunc tx tries before disconnecting (reason 4).");
43 
44 static int max_probe_tries = 5;
45 module_param(max_probe_tries, int, 0644);
46 MODULE_PARM_DESC(max_probe_tries,
47  "Maximum probe tries before disconnecting (reason 4).");
48 
49 /*
50  * Beacon loss timeout is calculated as N frames times the
51  * advertised beacon interval. This may need to be somewhat
52  * higher than what hardware might detect to account for
53  * delays in the host processing frames. But since we also
54  * probe on beacon miss before declaring the connection lost
55  * default to what we want.
56  */
57 #define IEEE80211_BEACON_LOSS_COUNT 7
58 
59 /*
60  * Time the connection can be idle before we probe
61  * it to see if we can still talk to the AP.
62  */
63 #define IEEE80211_CONNECTION_IDLE_TIME (30 * HZ)
64 /*
65  * Time we wait for a probe response after sending
66  * a probe request because of beacon loss or for
67  * checking the connection still works.
68  */
69 static int probe_wait_ms = 500;
70 module_param(probe_wait_ms, int, 0644);
71 MODULE_PARM_DESC(probe_wait_ms,
72  "Maximum time(ms) to wait for probe response"
73  " before disconnecting (reason 4).");
74 
75 /*
76  * Weight given to the latest Beacon frame when calculating average signal
77  * strength for Beacon frames received in the current BSS. This must be
78  * between 1 and 15.
79  */
80 #define IEEE80211_SIGNAL_AVE_WEIGHT 3
81 
82 /*
83  * How many Beacon frames need to have been used in average signal strength
84  * before starting to indicate signal change events.
85  */
86 #define IEEE80211_SIGNAL_AVE_MIN_COUNT 4
87 
88 #define TMR_RUNNING_TIMER 0
89 #define TMR_RUNNING_CHANSW 1
90 
91 /*
92  * All cfg80211 functions have to be called outside a locked
93  * section so that they can acquire a lock themselves... This
94  * is much simpler than queuing up things in cfg80211, but we
95  * do need some indirection for that here.
96  */
97 enum rx_mgmt_action {
98  /* no action required */
99  RX_MGMT_NONE,
100 
101  /* caller must call cfg80211_send_deauth() */
102  RX_MGMT_CFG80211_DEAUTH,
103 
104  /* caller must call cfg80211_send_disassoc() */
105  RX_MGMT_CFG80211_DISASSOC,
106 
107  /* caller must call cfg80211_send_rx_auth() */
108  RX_MGMT_CFG80211_RX_AUTH,
109 
110  /* caller must call cfg80211_send_rx_assoc() */
111  RX_MGMT_CFG80211_RX_ASSOC,
112 
113  /* caller must call cfg80211_send_assoc_timeout() */
114  RX_MGMT_CFG80211_ASSOC_TIMEOUT,
115 };
116 
117 /* utils */
118 static inline void ASSERT_MGD_MTX(struct ieee80211_if_managed *ifmgd)
119 {
120  lockdep_assert_held(&ifmgd->mtx);
121 }
122 
123 /*
124  * We can have multiple work items (and connection probing)
125  * scheduling this timer, but we need to take care to only
126  * reschedule it when it should fire _earlier_ than it was
127  * asked for before, or if it's not pending right now. This
128  * function ensures that. Note that it then is required to
129  * run this function for all timeouts after the first one
130  * has happened -- the work that runs from this timer will
131  * do that.
132  */
133 static void run_again(struct ieee80211_if_managed *ifmgd, unsigned long timeout)
134 {
135  ASSERT_MGD_MTX(ifmgd);
136 
137  if (!timer_pending(&ifmgd->timer) ||
138  time_before(timeout, ifmgd->timer.expires))
139  mod_timer(&ifmgd->timer, timeout);
140 }
141 
142 void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata)
143 {
144  if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER)
145  return;
146 
147  if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR)
148  return;
149 
150  mod_timer(&sdata->u.mgd.bcn_mon_timer,
151  round_jiffies_up(jiffies + sdata->u.mgd.beacon_timeout));
152 }
153 
154 void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata)
155 {
156  struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
157 
158  if (unlikely(!sdata->u.mgd.associated))
159  return;
160 
161  if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR)
162  return;
163 
164  mod_timer(&sdata->u.mgd.conn_mon_timer,
165  round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME));
166 
167  ifmgd->probe_send_count = 0;
168 }
169 
170 static int ecw2cw(int ecw)
171 {
172  return (1 << ecw) - 1;
173 }
174 
175 static u32 ieee80211_config_ht_tx(struct ieee80211_sub_if_data *sdata,
176  struct ieee80211_ht_operation *ht_oper,
177  const u8 *bssid, bool reconfig)
178 {
179  struct ieee80211_local *local = sdata->local;
180  struct ieee80211_supported_band *sband;
181  struct sta_info *sta;
182  u32 changed = 0;
183  u16 ht_opmode;
184  bool disable_40 = false;
185 
186  sband = local->hw.wiphy->bands[local->oper_channel->band];
187 
188  switch (sdata->vif.bss_conf.channel_type) {
189  case NL80211_CHAN_HT40PLUS:
190  if (local->oper_channel->flags & IEEE80211_CHAN_NO_HT40PLUS)
191  disable_40 = true;
192  break;
193  case NL80211_CHAN_HT40MINUS:
194  if (local->oper_channel->flags & IEEE80211_CHAN_NO_HT40MINUS)
195  disable_40 = true;
196  break;
197  default:
198  break;
199  }
200 
201  /* This can change during the lifetime of the BSS */
202  if (!(ht_oper->ht_param & IEEE80211_HT_PARAM_CHAN_WIDTH_ANY))
203  disable_40 = true;
204 
205  mutex_lock(&local->sta_mtx);
206  sta = sta_info_get(sdata, bssid);
207 
208  WARN_ON_ONCE(!sta);
209 
210  if (sta && !sta->supports_40mhz)
211  disable_40 = true;
212 
213  if (sta && (!reconfig ||
214  (disable_40 != !(sta->sta.ht_cap.cap &
215  IEEE80211_HT_CAP_SUP_WIDTH_20_40)))) {
216 
217  if (disable_40)
218  sta->sta.ht_cap.cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
219  else
220  sta->sta.ht_cap.cap |= IEEE80211_HT_CAP_SUP_WIDTH_20_40;
221 
222  rate_control_rate_update(local, sband, sta,
223  IEEE80211_RC_BW_CHANGED);
224  }
225  mutex_unlock(&local->sta_mtx);
226 
227  ht_opmode = le16_to_cpu(ht_oper->operation_mode);
228 
229  /* if bss configuration changed store the new one */
230  if (!reconfig || (sdata->vif.bss_conf.ht_operation_mode != ht_opmode)) {
231  changed |= BSS_CHANGED_HT;
232  sdata->vif.bss_conf.ht_operation_mode = ht_opmode;
233  }
234 
235  return changed;
236 }
237 
238 /* frame sending functions */
239 
240 static int ieee80211_compatible_rates(const u8 *supp_rates, int supp_rates_len,
241  struct ieee80211_supported_band *sband,
242  u32 *rates)
243 {
244  int i, j, count;
245  *rates = 0;
246  count = 0;
247  for (i = 0; i < supp_rates_len; i++) {
248  int rate = (supp_rates[i] & 0x7F) * 5;
249 
250  for (j = 0; j < sband->n_bitrates; j++)
251  if (sband->bitrates[j].bitrate == rate) {
252  *rates |= BIT(j);
253  count++;
254  break;
255  }
256  }
257 
258  return count;
259 }
260 
261 static void ieee80211_add_ht_ie(struct ieee80211_sub_if_data *sdata,
262  struct sk_buff *skb, u8 ap_ht_param,
263  struct ieee80211_supported_band *sband,
264  struct ieee80211_channel *channel,
265  enum ieee80211_smps_mode smps)
266 {
267  u8 *pos;
268  u32 flags = channel->flags;
269  u16 cap;
270  struct ieee80211_sta_ht_cap ht_cap;
271 
272  BUILD_BUG_ON(sizeof(ht_cap) != sizeof(sband->ht_cap));
273 
274  memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap));
275  ieee80211_apply_htcap_overrides(sdata, &ht_cap);
276 
277  /* determine capability flags */
278  cap = ht_cap.cap;
279 
280  switch (ap_ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
281  case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
282  if (flags & IEEE80211_CHAN_NO_HT40PLUS) {
283  cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
284  cap &= ~IEEE80211_HT_CAP_SGI_40;
285  }
286  break;
287  case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
288  if (flags & IEEE80211_CHAN_NO_HT40MINUS) {
289  cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
290  cap &= ~IEEE80211_HT_CAP_SGI_40;
291  }
292  break;
293  }
294 
295  /*
296  * If 40 MHz was disabled associate as though we weren't
297  * capable of 40 MHz -- some broken APs will never fall
298  * back to trying to transmit in 20 MHz.
299  */
300  if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_40MHZ) {
301  cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
302  cap &= ~IEEE80211_HT_CAP_SGI_40;
303  }
304 
305  /* set SM PS mode properly */
306  cap &= ~IEEE80211_HT_CAP_SM_PS;
307  switch (smps) {
308  case IEEE80211_SMPS_AUTOMATIC:
309  case IEEE80211_SMPS_NUM_MODES:
310  WARN_ON(1);
311  case IEEE80211_SMPS_OFF:
312  cap |= WLAN_HT_CAP_SM_PS_DISABLED <<
313  IEEE80211_HT_CAP_SM_PS_SHIFT;
314  break;
315  case IEEE80211_SMPS_STATIC:
316  cap |= WLAN_HT_CAP_SM_PS_STATIC <<
317  IEEE80211_HT_CAP_SM_PS_SHIFT;
318  break;
319  case IEEE80211_SMPS_DYNAMIC:
320  cap |= WLAN_HT_CAP_SM_PS_DYNAMIC <<
321  IEEE80211_HT_CAP_SM_PS_SHIFT;
322  break;
323  }
324 
325  /* reserve and fill IE */
326  pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2);
327  ieee80211_ie_build_ht_cap(pos, &ht_cap, cap);
328 }
329 
330 static void ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata,
331  struct sk_buff *skb,
332  struct ieee80211_supported_band *sband)
333 {
334  u8 *pos;
335  u32 cap;
336  struct ieee80211_sta_vht_cap vht_cap;
337 
338  BUILD_BUG_ON(sizeof(vht_cap) != sizeof(sband->vht_cap));
339 
340  memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap));
341 
342  /* determine capability flags */
343  cap = vht_cap.cap;
344 
345  /* reserve and fill IE */
346  pos = skb_put(skb, sizeof(struct ieee80211_vht_capabilities) + 2);
347  ieee80211_ie_build_vht_cap(pos, &vht_cap, cap);
348 }
349 
350 static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata)
351 {
352  struct ieee80211_local *local = sdata->local;
353  struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
354  struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
355  struct sk_buff *skb;
356  struct ieee80211_mgmt *mgmt;
357  u8 *pos, qos_info;
358  size_t offset = 0, noffset;
359  int i, count, rates_len, supp_rates_len;
360  u16 capab;
361  struct ieee80211_supported_band *sband;
362  u32 rates = 0;
363 
364  lockdep_assert_held(&ifmgd->mtx);
365 
366  sband = local->hw.wiphy->bands[local->oper_channel->band];
367 
368  if (assoc_data->supp_rates_len) {
369  /*
370  * Get all rates supported by the device and the AP as
371  * some APs don't like getting a superset of their rates
372  * in the association request (e.g. D-Link DAP 1353 in
373  * b-only mode)...
374  */
375  rates_len = ieee80211_compatible_rates(assoc_data->supp_rates,
376  assoc_data->supp_rates_len,
377  sband, &rates);
378  } else {
379  /*
380  * In case AP not provide any supported rates information
381  * before association, we send information element(s) with
382  * all rates that we support.
383  */
384  rates = ~0;
385  rates_len = sband->n_bitrates;
386  }
387 
388  skb = alloc_skb(local->hw.extra_tx_headroom +
389  sizeof(*mgmt) + /* bit too much but doesn't matter */
390  2 + assoc_data->ssid_len + /* SSID */
391  4 + rates_len + /* (extended) rates */
392  4 + /* power capability */
393  2 + 2 * sband->n_channels + /* supported channels */
394  2 + sizeof(struct ieee80211_ht_cap) + /* HT */
395  2 + sizeof(struct ieee80211_vht_capabilities) + /* VHT */
396  assoc_data->ie_len + /* extra IEs */
397  9, /* WMM */
398  GFP_KERNEL);
399  if (!skb)
400  return;
401 
402  skb_reserve(skb, local->hw.extra_tx_headroom);
403 
404  capab = WLAN_CAPABILITY_ESS;
405 
406  if (sband->band == IEEE80211_BAND_2GHZ) {
407  if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE))
408  capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
409  if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE))
410  capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
411  }
412 
413  if (assoc_data->capability & WLAN_CAPABILITY_PRIVACY)
414  capab |= WLAN_CAPABILITY_PRIVACY;
415 
416  if ((assoc_data->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) &&
417  (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT))
418  capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;
419 
420  mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
421  memset(mgmt, 0, 24);
422  memcpy(mgmt->da, assoc_data->bss->bssid, ETH_ALEN);
423  memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
424  memcpy(mgmt->bssid, assoc_data->bss->bssid, ETH_ALEN);
425 
426  if (!is_zero_ether_addr(assoc_data->prev_bssid)) {
427  skb_put(skb, 10);
428  mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
429  IEEE80211_STYPE_REASSOC_REQ);
430  mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab);
431  mgmt->u.reassoc_req.listen_interval =
432  cpu_to_le16(local->hw.conf.listen_interval);
433  memcpy(mgmt->u.reassoc_req.current_ap, assoc_data->prev_bssid,
434  ETH_ALEN);
435  } else {
436  skb_put(skb, 4);
437  mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
438  IEEE80211_STYPE_ASSOC_REQ);
439  mgmt->u.assoc_req.capab_info = cpu_to_le16(capab);
440  mgmt->u.assoc_req.listen_interval =
441  cpu_to_le16(local->hw.conf.listen_interval);
442  }
443 
444  /* SSID */
445  pos = skb_put(skb, 2 + assoc_data->ssid_len);
446  *pos++ = WLAN_EID_SSID;
447  *pos++ = assoc_data->ssid_len;
448  memcpy(pos, assoc_data->ssid, assoc_data->ssid_len);
449 
450  /* add all rates which were marked to be used above */
451  supp_rates_len = rates_len;
452  if (supp_rates_len > 8)
453  supp_rates_len = 8;
454 
455  pos = skb_put(skb, supp_rates_len + 2);
456  *pos++ = WLAN_EID_SUPP_RATES;
457  *pos++ = supp_rates_len;
458 
459  count = 0;
460  for (i = 0; i < sband->n_bitrates; i++) {
461  if (BIT(i) & rates) {
462  int rate = sband->bitrates[i].bitrate;
463  *pos++ = (u8) (rate / 5);
464  if (++count == 8)
465  break;
466  }
467  }
468 
469  if (rates_len > count) {
470  pos = skb_put(skb, rates_len - count + 2);
471  *pos++ = WLAN_EID_EXT_SUPP_RATES;
472  *pos++ = rates_len - count;
473 
474  for (i++; i < sband->n_bitrates; i++) {
475  if (BIT(i) & rates) {
476  int rate = sband->bitrates[i].bitrate;
477  *pos++ = (u8) (rate / 5);
478  }
479  }
480  }
481 
482  if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) {
483  /* 1. power capabilities */
484  pos = skb_put(skb, 4);
485  *pos++ = WLAN_EID_PWR_CAPABILITY;
486  *pos++ = 2;
487  *pos++ = 0; /* min tx power */
488  *pos++ = local->oper_channel->max_power; /* max tx power */
489 
490  /* 2. supported channels */
491  /* TODO: get this in reg domain format */
492  pos = skb_put(skb, 2 * sband->n_channels + 2);
493  *pos++ = WLAN_EID_SUPPORTED_CHANNELS;
494  *pos++ = 2 * sband->n_channels;
495  for (i = 0; i < sband->n_channels; i++) {
496  *pos++ = ieee80211_frequency_to_channel(
497  sband->channels[i].center_freq);
498  *pos++ = 1; /* one channel in the subband*/
499  }
500  }
501 
502  /* if present, add any custom IEs that go before HT */
503  if (assoc_data->ie_len && assoc_data->ie) {
504  static const u8 before_ht[] = {
505  WLAN_EID_SSID,
506  WLAN_EID_SUPP_RATES,
507  WLAN_EID_EXT_SUPP_RATES,
508  WLAN_EID_PWR_CAPABILITY,
509  WLAN_EID_SUPPORTED_CHANNELS,
510  WLAN_EID_RSN,
511  WLAN_EID_QOS_CAPA,
512  WLAN_EID_RRM_ENABLED_CAPABILITIES,
513  WLAN_EID_MOBILITY_DOMAIN,
514  WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
515  };
516  noffset = ieee80211_ie_split(assoc_data->ie, assoc_data->ie_len,
517  before_ht, ARRAY_SIZE(before_ht),
518  offset);
519  pos = skb_put(skb, noffset - offset);
520  memcpy(pos, assoc_data->ie + offset, noffset - offset);
521  offset = noffset;
522  }
523 
524  if (!(ifmgd->flags & IEEE80211_STA_DISABLE_11N))
525  ieee80211_add_ht_ie(sdata, skb, assoc_data->ap_ht_param,
526  sband, local->oper_channel, ifmgd->ap_smps);
527 
528  if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
529  ieee80211_add_vht_ie(sdata, skb, sband);
530 
531  /* if present, add any custom non-vendor IEs that go after HT */
532  if (assoc_data->ie_len && assoc_data->ie) {
533  noffset = ieee80211_ie_split_vendor(assoc_data->ie,
534  assoc_data->ie_len,
535  offset);
536  pos = skb_put(skb, noffset - offset);
537  memcpy(pos, assoc_data->ie + offset, noffset - offset);
538  offset = noffset;
539  }
540 
541  if (assoc_data->wmm) {
542  if (assoc_data->uapsd) {
543  qos_info = ifmgd->uapsd_queues;
544  qos_info |= (ifmgd->uapsd_max_sp_len <<
545  IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT);
546  } else {
547  qos_info = 0;
548  }
549 
550  pos = skb_put(skb, 9);
551  *pos++ = WLAN_EID_VENDOR_SPECIFIC;
552  *pos++ = 7; /* len */
553  *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */
554  *pos++ = 0x50;
555  *pos++ = 0xf2;
556  *pos++ = 2; /* WME */
557  *pos++ = 0; /* WME info */
558  *pos++ = 1; /* WME ver */
559  *pos++ = qos_info;
560  }
561 
562  /* add any remaining custom (i.e. vendor specific here) IEs */
563  if (assoc_data->ie_len && assoc_data->ie) {
564  noffset = assoc_data->ie_len;
565  pos = skb_put(skb, noffset - offset);
566  memcpy(pos, assoc_data->ie + offset, noffset - offset);
567  }
568 
569  drv_mgd_prepare_tx(local, sdata);
570 
571  IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
572  ieee80211_tx_skb(sdata, skb);
573 }
574 
575 void ieee80211_send_pspoll(struct ieee80211_local *local,
576  struct ieee80211_sub_if_data *sdata)
577 {
578  struct ieee80211_pspoll *pspoll;
579  struct sk_buff *skb;
580 
581  skb = ieee80211_pspoll_get(&local->hw, &sdata->vif);
582  if (!skb)
583  return;
584 
585  pspoll = (struct ieee80211_pspoll *) skb->data;
586  pspoll->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
587 
588  IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
589  ieee80211_tx_skb(sdata, skb);
590 }
591 
592 void ieee80211_send_nullfunc(struct ieee80211_local *local,
593  struct ieee80211_sub_if_data *sdata,
594  int powersave)
595 {
596  struct sk_buff *skb;
597  struct ieee80211_hdr_3addr *nullfunc;
598  struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
599 
600  skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif);
601  if (!skb)
602  return;
603 
604  nullfunc = (struct ieee80211_hdr_3addr *) skb->data;
605  if (powersave)
606  nullfunc->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
607 
608  IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
609  if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL |
610  IEEE80211_STA_CONNECTION_POLL))
611  IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE;
612 
613  ieee80211_tx_skb(sdata, skb);
614 }
615 
616 static void ieee80211_send_4addr_nullfunc(struct ieee80211_local *local,
617  struct ieee80211_sub_if_data *sdata)
618 {
619  struct sk_buff *skb;
620  struct ieee80211_hdr *nullfunc;
621  __le16 fc;
622 
623  if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
624  return;
625 
626  skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30);
627  if (!skb)
628  return;
629 
630  skb_reserve(skb, local->hw.extra_tx_headroom);
631 
632  nullfunc = (struct ieee80211_hdr *) skb_put(skb, 30);
633  memset(nullfunc, 0, 30);
634  fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC |
635  IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
636  nullfunc->frame_control = fc;
637  memcpy(nullfunc->addr1, sdata->u.mgd.bssid, ETH_ALEN);
638  memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN);
639  memcpy(nullfunc->addr3, sdata->u.mgd.bssid, ETH_ALEN);
640  memcpy(nullfunc->addr4, sdata->vif.addr, ETH_ALEN);
641 
642  IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
643  ieee80211_tx_skb(sdata, skb);
644 }
645 
646 /* spectrum management related things */
647 static void ieee80211_chswitch_work(struct work_struct *work)
648 {
649  struct ieee80211_sub_if_data *sdata =
650  container_of(work, struct ieee80211_sub_if_data, u.mgd.chswitch_work);
651  struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
652 
653  if (!ieee80211_sdata_running(sdata))
654  return;
655 
656  mutex_lock(&ifmgd->mtx);
657  if (!ifmgd->associated)
658  goto out;
659 
660  sdata->local->oper_channel = sdata->local->csa_channel;
661  if (!sdata->local->ops->channel_switch) {
662  /* call "hw_config" only if doing sw channel switch */
663  ieee80211_hw_config(sdata->local,
664  IEEE80211_CONF_CHANGE_CHANNEL);
665  } else {
666  /* update the device channel directly */
667  sdata->local->hw.conf.channel = sdata->local->oper_channel;
668  }
669 
670  /* XXX: shouldn't really modify cfg80211-owned data! */
671  ifmgd->associated->channel = sdata->local->oper_channel;
672 
673  /* XXX: wait for a beacon first? */
674  ieee80211_wake_queues_by_reason(&sdata->local->hw,
675  IEEE80211_QUEUE_STOP_REASON_CSA);
676  out:
677  ifmgd->flags &= ~IEEE80211_STA_CSA_RECEIVED;
678  mutex_unlock(&ifmgd->mtx);
679 }
680 
681 void ieee80211_chswitch_done(struct ieee80211_vif *vif, bool success)
682 {
683  struct ieee80211_sub_if_data *sdata;
684  struct ieee80211_if_managed *ifmgd;
685 
686  sdata = vif_to_sdata(vif);
687  ifmgd = &sdata->u.mgd;
688 
689  trace_api_chswitch_done(sdata, success);
690  if (!success) {
691  sdata_info(sdata,
692  "driver channel switch failed, disconnecting\n");
693  ieee80211_queue_work(&sdata->local->hw,
694  &ifmgd->csa_connection_drop_work);
695  } else {
696  ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work);
697  }
698 }
699 EXPORT_SYMBOL(ieee80211_chswitch_done);
700 
701 static void ieee80211_chswitch_timer(unsigned long data)
702 {
703  struct ieee80211_sub_if_data *sdata =
704  (struct ieee80211_sub_if_data *) data;
705  struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
706 
707  if (sdata->local->quiescing) {
708  set_bit(TMR_RUNNING_CHANSW, &ifmgd->timers_running);
709  return;
710  }
711 
712  ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work);
713 }
714 
715 void ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata,
716  struct ieee80211_channel_sw_ie *sw_elem,
717  struct ieee80211_bss *bss,
718  u64 timestamp)
719 {
720  struct cfg80211_bss *cbss =
721  container_of((void *)bss, struct cfg80211_bss, priv);
722  struct ieee80211_channel *new_ch;
723  struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
724  int new_freq = ieee80211_channel_to_frequency(sw_elem->new_ch_num,
725  cbss->channel->band);
726 
727  ASSERT_MGD_MTX(ifmgd);
728 
729  if (!ifmgd->associated)
730  return;
731 
732  if (sdata->local->scanning)
733  return;
734 
735  /* Disregard subsequent beacons if we are already running a timer
736  processing a CSA */
737 
738  if (ifmgd->flags & IEEE80211_STA_CSA_RECEIVED)
739  return;
740 
741  new_ch = ieee80211_get_channel(sdata->local->hw.wiphy, new_freq);
742  if (!new_ch || new_ch->flags & IEEE80211_CHAN_DISABLED) {
743  sdata_info(sdata,
744  "AP %pM switches to unsupported channel (%d MHz), disconnecting\n",
745  ifmgd->associated->bssid, new_freq);
746  ieee80211_queue_work(&sdata->local->hw,
747  &ifmgd->csa_connection_drop_work);
748  return;
749  }
750 
751  sdata->local->csa_channel = new_ch;
752 
753  ifmgd->flags |= IEEE80211_STA_CSA_RECEIVED;
754 
755  if (sw_elem->mode)
756  ieee80211_stop_queues_by_reason(&sdata->local->hw,
757  IEEE80211_QUEUE_STOP_REASON_CSA);
758 
759  if (sdata->local->ops->channel_switch) {
760  /* use driver's channel switch callback */
761  struct ieee80211_channel_switch ch_switch = {
762  .timestamp = timestamp,
763  .block_tx = sw_elem->mode,
764  .channel = new_ch,
765  .count = sw_elem->count,
766  };
767 
768  drv_channel_switch(sdata->local, &ch_switch);
769  return;
770  }
771 
772  /* channel switch handled in software */
773  if (sw_elem->count <= 1)
774  ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work);
775  else
776  mod_timer(&ifmgd->chswitch_timer,
777  TU_TO_EXP_TIME(sw_elem->count *
778  cbss->beacon_interval));
779 }
780 
781 static void ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata,
782  struct ieee80211_channel *channel,
783  const u8 *country_ie, u8 country_ie_len,
784  const u8 *pwr_constr_elem)
785 {
786  struct ieee80211_country_ie_triplet *triplet;
787  int chan = ieee80211_frequency_to_channel(channel->center_freq);
788  int i, chan_pwr, chan_increment, new_ap_level;
789  bool have_chan_pwr = false;
790 
791  /* Invalid IE */
792  if (country_ie_len % 2 || country_ie_len < IEEE80211_COUNTRY_IE_MIN_LEN)
793  return;
794 
795  triplet = (void *)(country_ie + 3);
796  country_ie_len -= 3;
797 
798  switch (channel->band) {
799  default:
800  WARN_ON_ONCE(1);
801  /* fall through */
802  case IEEE80211_BAND_2GHZ:
803  case IEEE80211_BAND_60GHZ:
804  chan_increment = 1;
805  break;
806  case IEEE80211_BAND_5GHZ:
807  chan_increment = 4;
808  break;
809  }
810 
811  /* find channel */
812  while (country_ie_len >= 3) {
813  u8 first_channel = triplet->chans.first_channel;
814 
815  if (first_channel >= IEEE80211_COUNTRY_EXTENSION_ID)
816  goto next;
817 
818  for (i = 0; i < triplet->chans.num_channels; i++) {
819  if (first_channel + i * chan_increment == chan) {
820  have_chan_pwr = true;
821  chan_pwr = triplet->chans.max_power;
822  break;
823  }
824  }
825  if (have_chan_pwr)
826  break;
827 
828  next:
829  triplet++;
830  country_ie_len -= 3;
831  }
832 
833  if (!have_chan_pwr)
834  return;
835 
836  new_ap_level = max_t(int, 0, chan_pwr - *pwr_constr_elem);
837 
838  if (sdata->local->ap_power_level == new_ap_level)
839  return;
840 
841  sdata_info(sdata,
842  "Limiting TX power to %d (%d - %d) dBm as advertised by %pM\n",
843  new_ap_level, chan_pwr, *pwr_constr_elem,
844  sdata->u.mgd.bssid);
845  sdata->local->ap_power_level = new_ap_level;
846  ieee80211_hw_config(sdata->local, 0);
847 }
848 
849 void ieee80211_enable_dyn_ps(struct ieee80211_vif *vif)
850 {
851  struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
852  struct ieee80211_local *local = sdata->local;
853  struct ieee80211_conf *conf = &local->hw.conf;
854 
855  WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION ||
856  !(local->hw.flags & IEEE80211_HW_SUPPORTS_PS) ||
857  (local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS));
858 
859  local->disable_dynamic_ps = false;
860  conf->dynamic_ps_timeout = local->dynamic_ps_user_timeout;
861 }
862 EXPORT_SYMBOL(ieee80211_enable_dyn_ps);
863 
864 void ieee80211_disable_dyn_ps(struct ieee80211_vif *vif)
865 {
866  struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
867  struct ieee80211_local *local = sdata->local;
868  struct ieee80211_conf *conf = &local->hw.conf;
869 
870  WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION ||
871  !(local->hw.flags & IEEE80211_HW_SUPPORTS_PS) ||
872  (local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS));
873 
874  local->disable_dynamic_ps = true;
875  conf->dynamic_ps_timeout = 0;
876  del_timer_sync(&local->dynamic_ps_timer);
877  ieee80211_queue_work(&local->hw,
878  &local->dynamic_ps_enable_work);
879 }
880 EXPORT_SYMBOL(ieee80211_disable_dyn_ps);
881 
882 /* powersave */
883 static void ieee80211_enable_ps(struct ieee80211_local *local,
884  struct ieee80211_sub_if_data *sdata)
885 {
886  struct ieee80211_conf *conf = &local->hw.conf;
887 
888  /*
889  * If we are scanning right now then the parameters will
890  * take effect when scan finishes.
891  */
892  if (local->scanning)
893  return;
894 
895  if (conf->dynamic_ps_timeout > 0 &&
896  !(local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)) {
897  mod_timer(&local->dynamic_ps_timer, jiffies +
898  msecs_to_jiffies(conf->dynamic_ps_timeout));
899  } else {
900  if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)
901  ieee80211_send_nullfunc(local, sdata, 1);
902 
903  if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) &&
904  (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS))
905  return;
906 
907  conf->flags |= IEEE80211_CONF_PS;
908  ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
909  }
910 }
911 
912 static void ieee80211_change_ps(struct ieee80211_local *local)
913 {
914  struct ieee80211_conf *conf = &local->hw.conf;
915 
916  if (local->ps_sdata) {
917  ieee80211_enable_ps(local, local->ps_sdata);
918  } else if (conf->flags & IEEE80211_CONF_PS) {
919  conf->flags &= ~IEEE80211_CONF_PS;
920  ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
921  del_timer_sync(&local->dynamic_ps_timer);
922  cancel_work_sync(&local->dynamic_ps_enable_work);
923  }
924 }
925 
926 static bool ieee80211_powersave_allowed(struct ieee80211_sub_if_data *sdata)
927 {
928  struct ieee80211_if_managed *mgd = &sdata->u.mgd;
929  struct sta_info *sta = NULL;
930  bool authorized = false;
931 
932  if (!mgd->powersave)
933  return false;
934 
935  if (mgd->broken_ap)
936  return false;
937 
938  if (!mgd->associated)
939  return false;
940 
941  if (mgd->flags & (IEEE80211_STA_BEACON_POLL |
942  IEEE80211_STA_CONNECTION_POLL))
943  return false;
944 
945  rcu_read_lock();
946  sta = sta_info_get(sdata, mgd->bssid);
947  if (sta)
948  authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED);
949  rcu_read_unlock();
950 
951  return authorized;
952 }
953 
954 /* need to hold RTNL or interface lock */
955 void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency)
956 {
957  struct ieee80211_sub_if_data *sdata, *found = NULL;
958  int count = 0;
959  int timeout;
960 
961  if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_PS)) {
962  local->ps_sdata = NULL;
963  return;
964  }
965 
966  list_for_each_entry(sdata, &local->interfaces, list) {
967  if (!ieee80211_sdata_running(sdata))
968  continue;
969  if (sdata->vif.type == NL80211_IFTYPE_AP) {
970  /* If an AP vif is found, then disable PS
971  * by setting the count to zero thereby setting
972  * ps_sdata to NULL.
973  */
974  count = 0;
975  break;
976  }
977  if (sdata->vif.type != NL80211_IFTYPE_STATION)
978  continue;
979  found = sdata;
980  count++;
981  }
982 
983  if (count == 1 && ieee80211_powersave_allowed(found)) {
984  struct ieee80211_conf *conf = &local->hw.conf;
985  s32 beaconint_us;
986 
987  if (latency < 0)
988  latency = pm_qos_request(PM_QOS_NETWORK_LATENCY);
989 
990  beaconint_us = ieee80211_tu_to_usec(
991  found->vif.bss_conf.beacon_int);
992 
993  timeout = local->dynamic_ps_forced_timeout;
994  if (timeout < 0) {
995  /*
996  * Go to full PSM if the user configures a very low
997  * latency requirement.
998  * The 2000 second value is there for compatibility
999  * until the PM_QOS_NETWORK_LATENCY is configured
1000  * with real values.
1001  */
1002  if (latency > (1900 * USEC_PER_MSEC) &&
1003  latency != (2000 * USEC_PER_SEC))
1004  timeout = 0;
1005  else
1006  timeout = 100;
1007  }
1008  local->dynamic_ps_user_timeout = timeout;
1009  if (!local->disable_dynamic_ps)
1010  conf->dynamic_ps_timeout =
1011  local->dynamic_ps_user_timeout;
1012 
1013  if (beaconint_us > latency) {
1014  local->ps_sdata = NULL;
1015  } else {
1016  struct ieee80211_bss *bss;
1017  int maxslp = 1;
1018  u8 dtimper;
1019 
1020  bss = (void *)found->u.mgd.associated->priv;
1021  dtimper = bss->dtim_period;
1022 
1023  /* If the TIM IE is invalid, pretend the value is 1 */
1024  if (!dtimper)
1025  dtimper = 1;
1026  else if (dtimper > 1)
1027  maxslp = min_t(int, dtimper,
1028  latency / beaconint_us);
1029 
1030  local->hw.conf.max_sleep_period = maxslp;
1031  local->hw.conf.ps_dtim_period = dtimper;
1032  local->ps_sdata = found;
1033  }
1034  } else {
1035  local->ps_sdata = NULL;
1036  }
1037 
1038  ieee80211_change_ps(local);
1039 }
1040 
1041 void ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data *sdata)
1042 {
1043  bool ps_allowed = ieee80211_powersave_allowed(sdata);
1044 
1045  if (sdata->vif.bss_conf.ps != ps_allowed) {
1046  sdata->vif.bss_conf.ps = ps_allowed;
1047  ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_PS);
1048  }
1049 }
1050 
1051 void ieee80211_dynamic_ps_disable_work(struct work_struct *work)
1052 {
1053  struct ieee80211_local *local =
1054  container_of(work, struct ieee80211_local,
1055  dynamic_ps_disable_work);
1056 
1057  if (local->hw.conf.flags & IEEE80211_CONF_PS) {
1058  local->hw.conf.flags &= ~IEEE80211_CONF_PS;
1059  ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1060  }
1061 
1062  ieee80211_wake_queues_by_reason(&local->hw,
1063  IEEE80211_QUEUE_STOP_REASON_PS);
1064 }
1065 
1066 void ieee80211_dynamic_ps_enable_work(struct work_struct *work)
1067 {
1068  struct ieee80211_local *local =
1069  container_of(work, struct ieee80211_local,
1070  dynamic_ps_enable_work);
1071  struct ieee80211_sub_if_data *sdata = local->ps_sdata;
1072  struct ieee80211_if_managed *ifmgd;
1073  unsigned long flags;
1074  int q;
1075 
1076  /* can only happen when PS was just disabled anyway */
1077  if (!sdata)
1078  return;
1079 
1080  ifmgd = &sdata->u.mgd;
1081 
1082  if (local->hw.conf.flags & IEEE80211_CONF_PS)
1083  return;
1084 
1085  if (!local->disable_dynamic_ps &&
1086  local->hw.conf.dynamic_ps_timeout > 0) {
1087  /* don't enter PS if TX frames are pending */
1088  if (drv_tx_frames_pending(local)) {
1089  mod_timer(&local->dynamic_ps_timer, jiffies +
1090  msecs_to_jiffies(
1091  local->hw.conf.dynamic_ps_timeout));
1092  return;
1093  }
1094 
1095  /*
1096  * transmission can be stopped by others which leads to
1097  * dynamic_ps_timer expiry. Postpone the ps timer if it
1098  * is not the actual idle state.
1099  */
1100  spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
1101  for (q = 0; q < local->hw.queues; q++) {
1102  if (local->queue_stop_reasons[q]) {
1103  spin_unlock_irqrestore(&local->queue_stop_reason_lock,
1104  flags);
1105  mod_timer(&local->dynamic_ps_timer, jiffies +
1106  msecs_to_jiffies(
1107  local->hw.conf.dynamic_ps_timeout));
1108  return;
1109  }
1110  }
1111  spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
1112  }
1113 
1114  if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) &&
1115  !(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) {
1116  netif_tx_stop_all_queues(sdata->dev);
1117 
1118  if (drv_tx_frames_pending(local))
1119  mod_timer(&local->dynamic_ps_timer, jiffies +
1120  msecs_to_jiffies(
1121  local->hw.conf.dynamic_ps_timeout));
1122  else {
1123  ieee80211_send_nullfunc(local, sdata, 1);
1124  /* Flush to get the tx status of nullfunc frame */
1125  drv_flush(local, false);
1126  }
1127  }
1128 
1129  if (!((local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) &&
1130  (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)) ||
1131  (ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) {
1132  ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED;
1133  local->hw.conf.flags |= IEEE80211_CONF_PS;
1134  ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1135  }
1136 
1137  if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)
1138  netif_tx_wake_all_queues(sdata->dev);
1139 }
1140 
1141 void ieee80211_dynamic_ps_timer(unsigned long data)
1142 {
1143  struct ieee80211_local *local = (void *) data;
1144 
1145  if (local->quiescing || local->suspended)
1146  return;
1147 
1148  ieee80211_queue_work(&local->hw, &local->dynamic_ps_enable_work);
1149 }
1150 
1151 /* MLME */
1152 static bool ieee80211_sta_wmm_params(struct ieee80211_local *local,
1153  struct ieee80211_sub_if_data *sdata,
1154  u8 *wmm_param, size_t wmm_param_len)
1155 {
1156  struct ieee80211_tx_queue_params params;
1157  struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1158  size_t left;
1159  int count;
1160  u8 *pos, uapsd_queues = 0;
1161 
1162  if (!local->ops->conf_tx)
1163  return false;
1164 
1165  if (local->hw.queues < IEEE80211_NUM_ACS)
1166  return false;
1167 
1168  if (!wmm_param)
1169  return false;
1170 
1171  if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1)
1172  return false;
1173 
1174  if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED)
1175  uapsd_queues = ifmgd->uapsd_queues;
1176 
1177  count = wmm_param[6] & 0x0f;
1178  if (count == ifmgd->wmm_last_param_set)
1179  return false;
1180  ifmgd->wmm_last_param_set = count;
1181 
1182  pos = wmm_param + 8;
1183  left = wmm_param_len - 8;
1184 
1185  memset(&params, 0, sizeof(params));
1186 
1187  sdata->wmm_acm = 0;
1188  for (; left >= 4; left -= 4, pos += 4) {
1189  int aci = (pos[0] >> 5) & 0x03;
1190  int acm = (pos[0] >> 4) & 0x01;
1191  bool uapsd = false;
1192  int queue;
1193 
1194  switch (aci) {
1195  case 1: /* AC_BK */
1196  queue = 3;
1197  if (acm)
1198  sdata->wmm_acm |= BIT(1) | BIT(2); /* BK/- */
1199  if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK)
1200  uapsd = true;
1201  break;
1202  case 2: /* AC_VI */
1203  queue = 1;
1204  if (acm)
1205  sdata->wmm_acm |= BIT(4) | BIT(5); /* CL/VI */
1206  if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI)
1207  uapsd = true;
1208  break;
1209  case 3: /* AC_VO */
1210  queue = 0;
1211  if (acm)
1212  sdata->wmm_acm |= BIT(6) | BIT(7); /* VO/NC */
1213  if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO)
1214  uapsd = true;
1215  break;
1216  case 0: /* AC_BE */
1217  default:
1218  queue = 2;
1219  if (acm)
1220  sdata->wmm_acm |= BIT(0) | BIT(3); /* BE/EE */
1221  if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE)
1222  uapsd = true;
1223  break;
1224  }
1225 
1226  params.aifs = pos[0] & 0x0f;
1227  params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4);
1228  params.cw_min = ecw2cw(pos[1] & 0x0f);
1229  params.txop = get_unaligned_le16(pos + 2);
1230  params.uapsd = uapsd;
1231 
1232  mlme_dbg(sdata,
1233  "WMM queue=%d aci=%d acm=%d aifs=%d cWmin=%d cWmax=%d txop=%d uapsd=%d\n",
1234  queue, aci, acm,
1235  params.aifs, params.cw_min, params.cw_max,
1236  params.txop, params.uapsd);
1237  sdata->tx_conf[queue] = params;
1238  if (drv_conf_tx(local, sdata, queue, &params))
1239  sdata_err(sdata,
1240  "failed to set TX queue parameters for queue %d\n",
1241  queue);
1242  }
1243 
1244  /* enable WMM or activate new settings */
1245  sdata->vif.bss_conf.qos = true;
1246  return true;
1247 }
1248 
1249 static void __ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata)
1250 {
1251  lockdep_assert_held(&sdata->local->mtx);
1252 
1253  sdata->u.mgd.flags &= ~(IEEE80211_STA_CONNECTION_POLL |
1254  IEEE80211_STA_BEACON_POLL);
1255  ieee80211_run_deferred_scan(sdata->local);
1256 }
1257 
1258 static void ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata)
1259 {
1260  mutex_lock(&sdata->local->mtx);
1261  __ieee80211_stop_poll(sdata);
1262  mutex_unlock(&sdata->local->mtx);
1263 }
1264 
1265 static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata,
1266  u16 capab, bool erp_valid, u8 erp)
1267 {
1268  struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
1269  u32 changed = 0;
1270  bool use_protection;
1271  bool use_short_preamble;
1272  bool use_short_slot;
1273 
1274  if (erp_valid) {
1275  use_protection = (erp & WLAN_ERP_USE_PROTECTION) != 0;
1276  use_short_preamble = (erp & WLAN_ERP_BARKER_PREAMBLE) == 0;
1277  } else {
1278  use_protection = false;
1279  use_short_preamble = !!(capab & WLAN_CAPABILITY_SHORT_PREAMBLE);
1280  }
1281 
1282  use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME);
1283  if (sdata->local->oper_channel->band == IEEE80211_BAND_5GHZ)
1284  use_short_slot = true;
1285 
1286  if (use_protection != bss_conf->use_cts_prot) {
1287  bss_conf->use_cts_prot = use_protection;
1288  changed |= BSS_CHANGED_ERP_CTS_PROT;
1289  }
1290 
1291  if (use_short_preamble != bss_conf->use_short_preamble) {
1292  bss_conf->use_short_preamble = use_short_preamble;
1293  changed |= BSS_CHANGED_ERP_PREAMBLE;
1294  }
1295 
1296  if (use_short_slot != bss_conf->use_short_slot) {
1297  bss_conf->use_short_slot = use_short_slot;
1298  changed |= BSS_CHANGED_ERP_SLOT;
1299  }
1300 
1301  return changed;
1302 }
1303 
1304 static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
1305  struct cfg80211_bss *cbss,
1306  u32 bss_info_changed)
1307 {
1308  struct ieee80211_bss *bss = (void *)cbss->priv;
1309  struct ieee80211_local *local = sdata->local;
1310  struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
1311 
1312  bss_info_changed |= BSS_CHANGED_ASSOC;
1313  bss_info_changed |= ieee80211_handle_bss_capability(sdata,
1314  bss_conf->assoc_capability, bss->has_erp_value, bss->erp_value);
1315 
1316  sdata->u.mgd.beacon_timeout = usecs_to_jiffies(ieee80211_tu_to_usec(
1317  IEEE80211_BEACON_LOSS_COUNT * bss_conf->beacon_int));
1318 
1319  sdata->u.mgd.associated = cbss;
1320  memcpy(sdata->u.mgd.bssid, cbss->bssid, ETH_ALEN);
1321 
1322  sdata->u.mgd.flags |= IEEE80211_STA_RESET_SIGNAL_AVE;
1323 
1324  /* just to be sure */
1325  ieee80211_stop_poll(sdata);
1326 
1327  ieee80211_led_assoc(local, 1);
1328 
1329  if (local->hw.flags & IEEE80211_HW_NEED_DTIM_PERIOD)
1330  bss_conf->dtim_period = bss->dtim_period;
1331  else
1332  bss_conf->dtim_period = 0;
1333 
1334  bss_conf->assoc = 1;
1335 
1336  /* Tell the driver to monitor connection quality (if supported) */
1337  if (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI &&
1338  bss_conf->cqm_rssi_thold)
1339  bss_info_changed |= BSS_CHANGED_CQM;
1340 
1341  /* Enable ARP filtering */
1342  if (bss_conf->arp_filter_enabled != sdata->arp_filter_state) {
1343  bss_conf->arp_filter_enabled = sdata->arp_filter_state;
1344  bss_info_changed |= BSS_CHANGED_ARP_FILTER;
1345  }
1346 
1347  ieee80211_bss_info_change_notify(sdata, bss_info_changed);
1348 
1349  mutex_lock(&local->iflist_mtx);
1350  ieee80211_recalc_ps(local, -1);
1351  mutex_unlock(&local->iflist_mtx);
1352 
1353  ieee80211_recalc_smps(local);
1354  ieee80211_recalc_ps_vif(sdata);
1355 
1356  netif_tx_start_all_queues(sdata->dev);
1357  netif_carrier_on(sdata->dev);
1358 }
1359 
1360 static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
1361  u16 stype, u16 reason, bool tx,
1362  u8 *frame_buf)
1363 {
1364  struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1365  struct ieee80211_local *local = sdata->local;
1366  struct sta_info *sta;
1367  u32 changed = 0;
1368 
1369  ASSERT_MGD_MTX(ifmgd);
1370 
1371  if (WARN_ON_ONCE(tx && !frame_buf))
1372  return;
1373 
1374  if (WARN_ON(!ifmgd->associated))
1375  return;
1376 
1377  ieee80211_stop_poll(sdata);
1378 
1379  ifmgd->associated = NULL;
1380 
1381  /*
1382  * we need to commit the associated = NULL change because the
1383  * scan code uses that to determine whether this iface should
1384  * go to/wake up from powersave or not -- and could otherwise
1385  * wake the queues erroneously.
1386  */
1387  smp_mb();
1388 
1389  /*
1390  * Thus, we can only afterwards stop the queues -- to account
1391  * for the case where another CPU is finishing a scan at this
1392  * time -- we don't want the scan code to enable queues.
1393  */
1394 
1395  netif_tx_stop_all_queues(sdata->dev);
1396  netif_carrier_off(sdata->dev);
1397 
1398  mutex_lock(&local->sta_mtx);
1399  sta = sta_info_get(sdata, ifmgd->bssid);
1400  if (sta) {
1401  set_sta_flag(sta, WLAN_STA_BLOCK_BA);
1402  ieee80211_sta_tear_down_BA_sessions(sta, false);
1403  }
1404  mutex_unlock(&local->sta_mtx);
1405 
1406  /*
1407  * if we want to get out of ps before disassoc (why?) we have
1408  * to do it before sending disassoc, as otherwise the null-packet
1409  * won't be valid.
1410  */
1411  if (local->hw.conf.flags & IEEE80211_CONF_PS) {
1412  local->hw.conf.flags &= ~IEEE80211_CONF_PS;
1413  ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1414  }
1415  local->ps_sdata = NULL;
1416 
1417  /* disable per-vif ps */
1418  ieee80211_recalc_ps_vif(sdata);
1419 
1420  /* flush out any pending frame (e.g. DELBA) before deauth/disassoc */
1421  if (tx)
1422  drv_flush(local, false);
1423 
1424  /* deauthenticate/disassociate now */
1425  if (tx || frame_buf)
1426  ieee80211_send_deauth_disassoc(sdata, ifmgd->bssid, stype,
1427  reason, tx, frame_buf);
1428 
1429  /* flush out frame */
1430  if (tx)
1431  drv_flush(local, false);
1432 
1433  /* clear bssid only after building the needed mgmt frames */
1434  memset(ifmgd->bssid, 0, ETH_ALEN);
1435 
1436  /* remove AP and TDLS peers */
1437  sta_info_flush(local, sdata);
1438 
1439  /* finally reset all BSS / config parameters */
1440  changed |= ieee80211_reset_erp_info(sdata);
1441 
1442  ieee80211_led_assoc(local, 0);
1443  changed |= BSS_CHANGED_ASSOC;
1444  sdata->vif.bss_conf.assoc = false;
1445 
1446  /* on the next assoc, re-program HT parameters */
1447  memset(&ifmgd->ht_capa, 0, sizeof(ifmgd->ht_capa));
1448  memset(&ifmgd->ht_capa_mask, 0, sizeof(ifmgd->ht_capa_mask));
1449 
1450  local->ap_power_level = 0;
1451 
1452  del_timer_sync(&local->dynamic_ps_timer);
1453  cancel_work_sync(&local->dynamic_ps_enable_work);
1454 
1455  /* Disable ARP filtering */
1456  if (sdata->vif.bss_conf.arp_filter_enabled) {
1457  sdata->vif.bss_conf.arp_filter_enabled = false;
1458  changed |= BSS_CHANGED_ARP_FILTER;
1459  }
1460 
1461  sdata->vif.bss_conf.qos = false;
1462  changed |= BSS_CHANGED_QOS;
1463 
1464  /* The BSSID (not really interesting) and HT changed */
1465  changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT;
1466  ieee80211_bss_info_change_notify(sdata, changed);
1467 
1468  /* channel(_type) changes are handled by ieee80211_hw_config */
1469  WARN_ON(!ieee80211_set_channel_type(local, sdata, NL80211_CHAN_NO_HT));
1470  ieee80211_hw_config(local, 0);
1471 
1472  /* disassociated - set to defaults now */
1473  ieee80211_set_wmm_default(sdata, false);
1474 
1475  del_timer_sync(&sdata->u.mgd.conn_mon_timer);
1476  del_timer_sync(&sdata->u.mgd.bcn_mon_timer);
1477  del_timer_sync(&sdata->u.mgd.timer);
1478  del_timer_sync(&sdata->u.mgd.chswitch_timer);
1479 
1480  sdata->u.mgd.timers_running = 0;
1481 }
1482 
1483 void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata,
1484  struct ieee80211_hdr *hdr)
1485 {
1486  /*
1487  * We can postpone the mgd.timer whenever receiving unicast frames
1488  * from AP because we know that the connection is working both ways
1489  * at that time. But multicast frames (and hence also beacons) must
1490  * be ignored here, because we need to trigger the timer during
1491  * data idle periods for sending the periodic probe request to the
1492  * AP we're connected to.
1493  */
1494  if (is_multicast_ether_addr(hdr->addr1))
1495  return;
1496 
1497  ieee80211_sta_reset_conn_monitor(sdata);
1498 }
1499 
1500 static void ieee80211_reset_ap_probe(struct ieee80211_sub_if_data *sdata)
1501 {
1502  struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1503  struct ieee80211_local *local = sdata->local;
1504 
1505  mutex_lock(&local->mtx);
1506  if (!(ifmgd->flags & (IEEE80211_STA_BEACON_POLL |
1507  IEEE80211_STA_CONNECTION_POLL))) {
1508  mutex_unlock(&local->mtx);
1509  return;
1510  }
1511 
1512  __ieee80211_stop_poll(sdata);
1513 
1514  mutex_lock(&local->iflist_mtx);
1515  ieee80211_recalc_ps(local, -1);
1516  mutex_unlock(&local->iflist_mtx);
1517 
1518  if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR)
1519  goto out;
1520 
1521  /*
1522  * We've received a probe response, but are not sure whether
1523  * we have or will be receiving any beacons or data, so let's
1524  * schedule the timers again, just in case.
1525  */
1526  ieee80211_sta_reset_beacon_monitor(sdata);
1527 
1528  mod_timer(&ifmgd->conn_mon_timer,
1529  round_jiffies_up(jiffies +
1530  IEEE80211_CONNECTION_IDLE_TIME));
1531 out:
1532  mutex_unlock(&local->mtx);
1533 }
1534 
1535 void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata,
1536  struct ieee80211_hdr *hdr, bool ack)
1537 {
1538  if (!ieee80211_is_data(hdr->frame_control))
1539  return;
1540 
1541  if (ack)
1542  ieee80211_sta_reset_conn_monitor(sdata);
1543 
1544  if (ieee80211_is_nullfunc(hdr->frame_control) &&
1545  sdata->u.mgd.probe_send_count > 0) {
1546  if (ack)
1547  sdata->u.mgd.probe_send_count = 0;
1548  else
1549  sdata->u.mgd.nullfunc_failed = true;
1550  ieee80211_queue_work(&sdata->local->hw, &sdata->work);
1551  }
1552 }
1553 
1554 static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata)
1555 {
1556  struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1557  const u8 *ssid;
1558  u8 *dst = ifmgd->associated->bssid;
1559  u8 unicast_limit = max(1, max_probe_tries - 3);
1560 
1561  /*
1562  * Try sending broadcast probe requests for the last three
1563  * probe requests after the first ones failed since some
1564  * buggy APs only support broadcast probe requests.
1565  */
1566  if (ifmgd->probe_send_count >= unicast_limit)
1567  dst = NULL;
1568 
1569  /*
1570  * When the hardware reports an accurate Tx ACK status, it's
1571  * better to send a nullfunc frame instead of a probe request,
1572  * as it will kick us off the AP quickly if we aren't associated
1573  * anymore. The timeout will be reset if the frame is ACKed by
1574  * the AP.
1575  */
1576  ifmgd->probe_send_count++;
1577 
1578  if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) {
1579  ifmgd->nullfunc_failed = false;
1580  ieee80211_send_nullfunc(sdata->local, sdata, 0);
1581  } else {
1582  int ssid_len;
1583 
1584  ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID);
1585  if (WARN_ON_ONCE(ssid == NULL))
1586  ssid_len = 0;
1587  else
1588  ssid_len = ssid[1];
1589 
1590  ieee80211_send_probe_req(sdata, dst, ssid + 2, ssid_len, NULL,
1591  0, (u32) -1, true, false,
1592  ifmgd->associated->channel);
1593  }
1594 
1595  ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms);
1596  run_again(ifmgd, ifmgd->probe_timeout);
1597  if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
1598  drv_flush(sdata->local, false);
1599 }
1600 
1601 static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata,
1602  bool beacon)
1603 {
1604  struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1605  bool already = false;
1606 
1607  if (!ieee80211_sdata_running(sdata))
1608  return;
1609 
1610  mutex_lock(&ifmgd->mtx);
1611 
1612  if (!ifmgd->associated)
1613  goto out;
1614 
1615  mutex_lock(&sdata->local->mtx);
1616 
1617  if (sdata->local->tmp_channel || sdata->local->scanning) {
1618  mutex_unlock(&sdata->local->mtx);
1619  goto out;
1620  }
1621 
1622  if (beacon)
1623  mlme_dbg_ratelimited(sdata,
1624  "detected beacon loss from AP - sending probe request\n");
1625 
1626  ieee80211_cqm_rssi_notify(&sdata->vif,
1627  NL80211_CQM_RSSI_BEACON_LOSS_EVENT, GFP_KERNEL);
1628 
1629  /*
1630  * The driver/our work has already reported this event or the
1631  * connection monitoring has kicked in and we have already sent
1632  * a probe request. Or maybe the AP died and the driver keeps
1633  * reporting until we disassociate...
1634  *
1635  * In either case we have to ignore the current call to this
1636  * function (except for setting the correct probe reason bit)
1637  * because otherwise we would reset the timer every time and
1638  * never check whether we received a probe response!
1639  */
1640  if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL |
1641  IEEE80211_STA_CONNECTION_POLL))
1642  already = true;
1643 
1644  if (beacon)
1645  ifmgd->flags |= IEEE80211_STA_BEACON_POLL;
1646  else
1647  ifmgd->flags |= IEEE80211_STA_CONNECTION_POLL;
1648 
1649  mutex_unlock(&sdata->local->mtx);
1650 
1651  if (already)
1652  goto out;
1653 
1654  mutex_lock(&sdata->local->iflist_mtx);
1655  ieee80211_recalc_ps(sdata->local, -1);
1656  mutex_unlock(&sdata->local->iflist_mtx);
1657 
1658  ifmgd->probe_send_count = 0;
1659  ieee80211_mgd_probe_ap_send(sdata);
1660  out:
1661  mutex_unlock(&ifmgd->mtx);
1662 }
1663 
1664 struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw,
1665  struct ieee80211_vif *vif)
1666 {
1667  struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1668  struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1669  struct cfg80211_bss *cbss;
1670  struct sk_buff *skb;
1671  const u8 *ssid;
1672  int ssid_len;
1673 
1674  if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
1675  return NULL;
1676 
1677  ASSERT_MGD_MTX(ifmgd);
1678 
1679  if (ifmgd->associated)
1680  cbss = ifmgd->associated;
1681  else if (ifmgd->auth_data)
1682  cbss = ifmgd->auth_data->bss;
1683  else if (ifmgd->assoc_data)
1684  cbss = ifmgd->assoc_data->bss;
1685  else
1686  return NULL;
1687 
1688  ssid = ieee80211_bss_get_ie(cbss, WLAN_EID_SSID);
1689  if (WARN_ON_ONCE(ssid == NULL))
1690  ssid_len = 0;
1691  else
1692  ssid_len = ssid[1];
1693 
1694  skb = ieee80211_build_probe_req(sdata, cbss->bssid,
1695  (u32) -1,
1696  sdata->local->oper_channel,
1697  ssid + 2, ssid_len,
1698  NULL, 0, true);
1699 
1700  return skb;
1701 }
1702 EXPORT_SYMBOL(ieee80211_ap_probereq_get);
1703 
1704 static void __ieee80211_disconnect(struct ieee80211_sub_if_data *sdata,
1705  bool transmit_frame)
1706 {
1707  struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1708  struct ieee80211_local *local = sdata->local;
1709  u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
1710 
1711  mutex_lock(&ifmgd->mtx);
1712  if (!ifmgd->associated) {
1713  mutex_unlock(&ifmgd->mtx);
1714  return;
1715  }
1716 
1717  ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
1718  WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
1719  transmit_frame, frame_buf);
1720  ifmgd->flags &= ~IEEE80211_STA_CSA_RECEIVED;
1721  mutex_unlock(&ifmgd->mtx);
1722 
1723  /*
1724  * must be outside lock due to cfg80211,
1725  * but that's not a problem.
1726  */
1727  cfg80211_send_deauth(sdata->dev, frame_buf, IEEE80211_DEAUTH_FRAME_LEN);
1728 
1729  mutex_lock(&local->mtx);
1730  ieee80211_recalc_idle(local);
1731  mutex_unlock(&local->mtx);
1732 }
1733 
1734 static void ieee80211_beacon_connection_loss_work(struct work_struct *work)
1735 {
1736  struct ieee80211_sub_if_data *sdata =
1737  container_of(work, struct ieee80211_sub_if_data,
1738  u.mgd.beacon_connection_loss_work);
1739  struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1740  struct sta_info *sta;
1741 
1742  if (ifmgd->associated) {
1743  rcu_read_lock();
1744  sta = sta_info_get(sdata, ifmgd->bssid);
1745  if (sta)
1746  sta->beacon_loss_count++;
1747  rcu_read_unlock();
1748  }
1749 
1750  if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) {
1751  sdata_info(sdata, "Connection to AP %pM lost\n",
1752  ifmgd->bssid);
1753  __ieee80211_disconnect(sdata, false);
1754  } else {
1755  ieee80211_mgd_probe_ap(sdata, true);
1756  }
1757 }
1758 
1759 static void ieee80211_csa_connection_drop_work(struct work_struct *work)
1760 {
1761  struct ieee80211_sub_if_data *sdata =
1762  container_of(work, struct ieee80211_sub_if_data,
1763  u.mgd.csa_connection_drop_work);
1764 
1765  ieee80211_wake_queues_by_reason(&sdata->local->hw,
1766  IEEE80211_QUEUE_STOP_REASON_CSA);
1767  __ieee80211_disconnect(sdata, true);
1768 }
1769 
1770 void ieee80211_beacon_loss(struct ieee80211_vif *vif)
1771 {
1772  struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1773  struct ieee80211_hw *hw = &sdata->local->hw;
1774 
1775  trace_api_beacon_loss(sdata);
1776 
1777  WARN_ON(hw->flags & IEEE80211_HW_CONNECTION_MONITOR);
1778  ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work);
1779 }
1780 EXPORT_SYMBOL(ieee80211_beacon_loss);
1781 
1782 void ieee80211_connection_loss(struct ieee80211_vif *vif)
1783 {
1784  struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1785  struct ieee80211_hw *hw = &sdata->local->hw;
1786 
1787  trace_api_connection_loss(sdata);
1788 
1789  WARN_ON(!(hw->flags & IEEE80211_HW_CONNECTION_MONITOR));
1790  ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work);
1791 }
1792 EXPORT_SYMBOL(ieee80211_connection_loss);
1793 
1794 
1795 static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata,
1796  bool assoc)
1797 {
1798  struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data;
1799 
1800  lockdep_assert_held(&sdata->u.mgd.mtx);
1801 
1802  if (!assoc) {
1803  sta_info_destroy_addr(sdata, auth_data->bss->bssid);
1804 
1805  memset(sdata->u.mgd.bssid, 0, ETH_ALEN);
1806  ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
1807  }
1808 
1809  cfg80211_put_bss(auth_data->bss);
1810  kfree(auth_data);
1811  sdata->u.mgd.auth_data = NULL;
1812 }
1813 
1814 static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata,
1815  struct ieee80211_mgmt *mgmt, size_t len)
1816 {
1817  struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data;
1818  u8 *pos;
1819  struct ieee802_11_elems elems;
1820 
1821  pos = mgmt->u.auth.variable;
1822  ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
1823  if (!elems.challenge)
1824  return;
1825  auth_data->expected_transaction = 4;
1826  drv_mgd_prepare_tx(sdata->local, sdata);
1827  ieee80211_send_auth(sdata, 3, auth_data->algorithm,
1828  elems.challenge - 2, elems.challenge_len + 2,
1829  auth_data->bss->bssid, auth_data->bss->bssid,
1830  auth_data->key, auth_data->key_len,
1831  auth_data->key_idx);
1832 }
1833 
1834 static enum rx_mgmt_action __must_check
1835 ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata,
1836  struct ieee80211_mgmt *mgmt, size_t len)
1837 {
1838  struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1839  u8 bssid[ETH_ALEN];
1840  u16 auth_alg, auth_transaction, status_code;
1841  struct sta_info *sta;
1842 
1843  lockdep_assert_held(&ifmgd->mtx);
1844 
1845  if (len < 24 + 6)
1846  return RX_MGMT_NONE;
1847 
1848  if (!ifmgd->auth_data || ifmgd->auth_data->done)
1849  return RX_MGMT_NONE;
1850 
1851  memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN);
1852 
1853  if (!ether_addr_equal(bssid, mgmt->bssid))
1854  return RX_MGMT_NONE;
1855 
1856  auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
1857  auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
1858  status_code = le16_to_cpu(mgmt->u.auth.status_code);
1859 
1860  if (auth_alg != ifmgd->auth_data->algorithm ||
1861  auth_transaction != ifmgd->auth_data->expected_transaction)
1862  return RX_MGMT_NONE;
1863 
1864  if (status_code != WLAN_STATUS_SUCCESS) {
1865  sdata_info(sdata, "%pM denied authentication (status %d)\n",
1866  mgmt->sa, status_code);
1867  ieee80211_destroy_auth_data(sdata, false);
1868  return RX_MGMT_CFG80211_RX_AUTH;
1869  }
1870 
1871  switch (ifmgd->auth_data->algorithm) {
1872  case WLAN_AUTH_OPEN:
1873  case WLAN_AUTH_LEAP:
1874  case WLAN_AUTH_FT:
1875  break;
1876  case WLAN_AUTH_SHARED_KEY:
1877  if (ifmgd->auth_data->expected_transaction != 4) {
1878  ieee80211_auth_challenge(sdata, mgmt, len);
1879  /* need another frame */
1880  return RX_MGMT_NONE;
1881  }
1882  break;
1883  default:
1884  WARN_ONCE(1, "invalid auth alg %d",
1885  ifmgd->auth_data->algorithm);
1886  return RX_MGMT_NONE;
1887  }
1888 
1889  sdata_info(sdata, "authenticated\n");
1890  ifmgd->auth_data->done = true;
1891  ifmgd->auth_data->timeout = jiffies + IEEE80211_AUTH_WAIT_ASSOC;
1892  run_again(ifmgd, ifmgd->auth_data->timeout);
1893 
1894  /* move station state to auth */
1895  mutex_lock(&sdata->local->sta_mtx);
1896  sta = sta_info_get(sdata, bssid);
1897  if (!sta) {
1898  WARN_ONCE(1, "%s: STA %pM not found", sdata->name, bssid);
1899  goto out_err;
1900  }
1901  if (sta_info_move_state(sta, IEEE80211_STA_AUTH)) {
1902  sdata_info(sdata, "failed moving %pM to auth\n", bssid);
1903  goto out_err;
1904  }
1905  mutex_unlock(&sdata->local->sta_mtx);
1906 
1907  return RX_MGMT_CFG80211_RX_AUTH;
1908  out_err:
1909  mutex_unlock(&sdata->local->sta_mtx);
1910  /* ignore frame -- wait for timeout */
1911  return RX_MGMT_NONE;
1912 }
1913 
1914 
1915 static enum rx_mgmt_action __must_check
1916 ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata,
1917  struct ieee80211_mgmt *mgmt, size_t len)
1918 {
1919  struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1920  const u8 *bssid = NULL;
1921  u16 reason_code;
1922 
1923  lockdep_assert_held(&ifmgd->mtx);
1924 
1925  if (len < 24 + 2)
1926  return RX_MGMT_NONE;
1927 
1928  if (!ifmgd->associated ||
1929  !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid))
1930  return RX_MGMT_NONE;
1931 
1932  bssid = ifmgd->associated->bssid;
1933 
1934  reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
1935 
1936  sdata_info(sdata, "deauthenticated from %pM (Reason: %u)\n",
1937  bssid, reason_code);
1938 
1939  ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
1940 
1941  mutex_lock(&sdata->local->mtx);
1942  ieee80211_recalc_idle(sdata->local);
1943  mutex_unlock(&sdata->local->mtx);
1944 
1945  return RX_MGMT_CFG80211_DEAUTH;
1946 }
1947 
1948 
1949 static enum rx_mgmt_action __must_check
1950 ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata,
1951  struct ieee80211_mgmt *mgmt, size_t len)
1952 {
1953  struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1954  u16 reason_code;
1955 
1956  lockdep_assert_held(&ifmgd->mtx);
1957 
1958  if (len < 24 + 2)
1959  return RX_MGMT_NONE;
1960 
1961  if (!ifmgd->associated ||
1962  !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid))
1963  return RX_MGMT_NONE;
1964 
1965  reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
1966 
1967  sdata_info(sdata, "disassociated from %pM (Reason: %u)\n",
1968  mgmt->sa, reason_code);
1969 
1970  ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
1971 
1972  mutex_lock(&sdata->local->mtx);
1973  ieee80211_recalc_idle(sdata->local);
1974  mutex_unlock(&sdata->local->mtx);
1975 
1976  return RX_MGMT_CFG80211_DISASSOC;
1977 }
1978 
1979 static void ieee80211_get_rates(struct ieee80211_supported_band *sband,
1980  u8 *supp_rates, unsigned int supp_rates_len,
1981  u32 *rates, u32 *basic_rates,
1982  bool *have_higher_than_11mbit,
1983  int *min_rate, int *min_rate_index)
1984 {
1985  int i, j;
1986 
1987  for (i = 0; i < supp_rates_len; i++) {
1988  int rate = (supp_rates[i] & 0x7f) * 5;
1989  bool is_basic = !!(supp_rates[i] & 0x80);
1990 
1991  if (rate > 110)
1992  *have_higher_than_11mbit = true;
1993 
1994  /*
1995  * BSS_MEMBERSHIP_SELECTOR_HT_PHY is defined in 802.11n-2009
1996  * 7.3.2.2 as a magic value instead of a rate. Hence, skip it.
1997  *
1998  * Note: Even through the membership selector and the basic
1999  * rate flag share the same bit, they are not exactly
2000  * the same.
2001  */
2002  if (!!(supp_rates[i] & 0x80) &&
2003  (supp_rates[i] & 0x7f) == BSS_MEMBERSHIP_SELECTOR_HT_PHY)
2004  continue;
2005 
2006  for (j = 0; j < sband->n_bitrates; j++) {
2007  if (sband->bitrates[j].bitrate == rate) {
2008  *rates |= BIT(j);
2009  if (is_basic)
2010  *basic_rates |= BIT(j);
2011  if (rate < *min_rate) {
2012  *min_rate = rate;
2013  *min_rate_index = j;
2014  }
2015  break;
2016  }
2017  }
2018  }
2019 }
2020 
2021 static void ieee80211_destroy_assoc_data(struct ieee80211_sub_if_data *sdata,
2022  bool assoc)
2023 {
2024  struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data;
2025 
2026  lockdep_assert_held(&sdata->u.mgd.mtx);
2027 
2028  if (!assoc) {
2029  sta_info_destroy_addr(sdata, assoc_data->bss->bssid);
2030 
2031  memset(sdata->u.mgd.bssid, 0, ETH_ALEN);
2032  ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
2033  }
2034 
2035  kfree(assoc_data);
2036  sdata->u.mgd.assoc_data = NULL;
2037 }
2038 
2039 static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata,
2040  struct cfg80211_bss *cbss,
2041  struct ieee80211_mgmt *mgmt, size_t len)
2042 {
2043  struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2044  struct ieee80211_local *local = sdata->local;
2045  struct ieee80211_supported_band *sband;
2046  struct sta_info *sta;
2047  u8 *pos;
2048  u16 capab_info, aid;
2049  struct ieee802_11_elems elems;
2050  struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
2051  u32 changed = 0;
2052  int err;
2053 
2054  /* AssocResp and ReassocResp have identical structure */
2055 
2056  aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
2057  capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
2058 
2059  if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14)))
2060  sdata_info(sdata, "invalid AID value 0x%x; bits 15:14 not set\n",
2061  aid);
2062  aid &= ~(BIT(15) | BIT(14));
2063 
2064  ifmgd->broken_ap = false;
2065 
2066  if (aid == 0 || aid > IEEE80211_MAX_AID) {
2067  sdata_info(sdata, "invalid AID value %d (out of range), turn off PS\n",
2068  aid);
2069  aid = 0;
2070  ifmgd->broken_ap = true;
2071  }
2072 
2073  pos = mgmt->u.assoc_resp.variable;
2074  ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
2075 
2076  if (!elems.supp_rates) {
2077  sdata_info(sdata, "no SuppRates element in AssocResp\n");
2078  return false;
2079  }
2080 
2081  ifmgd->aid = aid;
2082 
2083  mutex_lock(&sdata->local->sta_mtx);
2084  /*
2085  * station info was already allocated and inserted before
2086  * the association and should be available to us
2087  */
2088  sta = sta_info_get(sdata, cbss->bssid);
2089  if (WARN_ON(!sta)) {
2090  mutex_unlock(&sdata->local->sta_mtx);
2091  return false;
2092  }
2093 
2094  sband = local->hw.wiphy->bands[local->oper_channel->band];
2095 
2096  if (elems.ht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_11N))
2097  ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband,
2098  elems.ht_cap_elem, &sta->sta.ht_cap);
2099 
2100  sta->supports_40mhz =
2101  sta->sta.ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40;
2102 
2103  rate_control_rate_init(sta);
2104 
2105  if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED)
2106  set_sta_flag(sta, WLAN_STA_MFP);
2107 
2108  if (elems.wmm_param)
2109  set_sta_flag(sta, WLAN_STA_WME);
2110 
2111  err = sta_info_move_state(sta, IEEE80211_STA_AUTH);
2112  if (!err)
2113  err = sta_info_move_state(sta, IEEE80211_STA_ASSOC);
2114  if (!err && !(ifmgd->flags & IEEE80211_STA_CONTROL_PORT))
2115  err = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED);
2116  if (err) {
2117  sdata_info(sdata,
2118  "failed to move station %pM to desired state\n",
2119  sta->sta.addr);
2120  WARN_ON(__sta_info_destroy(sta));
2121  mutex_unlock(&sdata->local->sta_mtx);
2122  return false;
2123  }
2124 
2125  mutex_unlock(&sdata->local->sta_mtx);
2126 
2127  /*
2128  * Always handle WMM once after association regardless
2129  * of the first value the AP uses. Setting -1 here has
2130  * that effect because the AP values is an unsigned
2131  * 4-bit value.
2132  */
2133  ifmgd->wmm_last_param_set = -1;
2134 
2135  if (elems.wmm_param)
2136  ieee80211_sta_wmm_params(local, sdata, elems.wmm_param,
2137  elems.wmm_param_len);
2138  else
2139  ieee80211_set_wmm_default(sdata, false);
2140  changed |= BSS_CHANGED_QOS;
2141 
2142  if (elems.ht_operation && elems.wmm_param &&
2143  !(ifmgd->flags & IEEE80211_STA_DISABLE_11N))
2144  changed |= ieee80211_config_ht_tx(sdata, elems.ht_operation,
2145  cbss->bssid, false);
2146 
2147  /* set AID and assoc capability,
2148  * ieee80211_set_associated() will tell the driver */
2149  bss_conf->aid = aid;
2150  bss_conf->assoc_capability = capab_info;
2151  ieee80211_set_associated(sdata, cbss, changed);
2152 
2153  /*
2154  * If we're using 4-addr mode, let the AP know that we're
2155  * doing so, so that it can create the STA VLAN on its side
2156  */
2157  if (ifmgd->use_4addr)
2158  ieee80211_send_4addr_nullfunc(local, sdata);
2159 
2160  /*
2161  * Start timer to probe the connection to the AP now.
2162  * Also start the timer that will detect beacon loss.
2163  */
2164  ieee80211_sta_rx_notify(sdata, (struct ieee80211_hdr *)mgmt);
2165  ieee80211_sta_reset_beacon_monitor(sdata);
2166 
2167  return true;
2168 }
2169 
2170 static enum rx_mgmt_action __must_check
2171 ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
2172  struct ieee80211_mgmt *mgmt, size_t len,
2173  struct cfg80211_bss **bss)
2174 {
2175  struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2176  struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
2177  u16 capab_info, status_code, aid;
2178  struct ieee802_11_elems elems;
2179  u8 *pos;
2180  bool reassoc;
2181 
2182  lockdep_assert_held(&ifmgd->mtx);
2183 
2184  if (!assoc_data)
2185  return RX_MGMT_NONE;
2186  if (!ether_addr_equal(assoc_data->bss->bssid, mgmt->bssid))
2187  return RX_MGMT_NONE;
2188 
2189  /*
2190  * AssocResp and ReassocResp have identical structure, so process both
2191  * of them in this function.
2192  */
2193 
2194  if (len < 24 + 6)
2195  return RX_MGMT_NONE;
2196 
2197  reassoc = ieee80211_is_reassoc_req(mgmt->frame_control);
2198  capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
2199  status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
2200  aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
2201 
2202  sdata_info(sdata,
2203  "RX %sssocResp from %pM (capab=0x%x status=%d aid=%d)\n",
2204  reassoc ? "Rea" : "A", mgmt->sa,
2205  capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14))));
2206 
2207  pos = mgmt->u.assoc_resp.variable;
2208  ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
2209 
2210  if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY &&
2211  elems.timeout_int && elems.timeout_int_len == 5 &&
2212  elems.timeout_int[0] == WLAN_TIMEOUT_ASSOC_COMEBACK) {
2213  u32 tu, ms;
2214  tu = get_unaligned_le32(elems.timeout_int + 1);
2215  ms = tu * 1024 / 1000;
2216  sdata_info(sdata,
2217  "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n",
2218  mgmt->sa, tu, ms);
2219  assoc_data->timeout = jiffies + msecs_to_jiffies(ms);
2220  if (ms > IEEE80211_ASSOC_TIMEOUT)
2221  run_again(ifmgd, assoc_data->timeout);
2222  return RX_MGMT_NONE;
2223  }
2224 
2225  *bss = assoc_data->bss;
2226 
2227  if (status_code != WLAN_STATUS_SUCCESS) {
2228  sdata_info(sdata, "%pM denied association (code=%d)\n",
2229  mgmt->sa, status_code);
2230  ieee80211_destroy_assoc_data(sdata, false);
2231  } else {
2232  if (!ieee80211_assoc_success(sdata, *bss, mgmt, len)) {
2233  /* oops -- internal error -- send timeout for now */
2234  ieee80211_destroy_assoc_data(sdata, false);
2235  cfg80211_put_bss(*bss);
2236  return RX_MGMT_CFG80211_ASSOC_TIMEOUT;
2237  }
2238  sdata_info(sdata, "associated\n");
2239 
2240  /*
2241  * destroy assoc_data afterwards, as otherwise an idle
2242  * recalc after assoc_data is NULL but before associated
2243  * is set can cause the interface to go idle
2244  */
2245  ieee80211_destroy_assoc_data(sdata, true);
2246  }
2247 
2248  return RX_MGMT_CFG80211_RX_ASSOC;
2249 }
2250 static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
2251  struct ieee80211_mgmt *mgmt,
2252  size_t len,
2253  struct ieee80211_rx_status *rx_status,
2254  struct ieee802_11_elems *elems,
2255  bool beacon)
2256 {
2257  struct ieee80211_local *local = sdata->local;
2258  int freq;
2259  struct ieee80211_bss *bss;
2260  struct ieee80211_channel *channel;
2261  bool need_ps = false;
2262 
2263  if (sdata->u.mgd.associated &&
2264  ether_addr_equal(mgmt->bssid, sdata->u.mgd.associated->bssid)) {
2265  bss = (void *)sdata->u.mgd.associated->priv;
2266  /* not previously set so we may need to recalc */
2267  need_ps = !bss->dtim_period;
2268  }
2269 
2270  if (elems->ds_params && elems->ds_params_len == 1)
2271  freq = ieee80211_channel_to_frequency(elems->ds_params[0],
2272  rx_status->band);
2273  else
2274  freq = rx_status->freq;
2275 
2276  channel = ieee80211_get_channel(local->hw.wiphy, freq);
2277 
2278  if (!channel || channel->flags & IEEE80211_CHAN_DISABLED)
2279  return;
2280 
2281  bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, elems,
2282  channel, beacon);
2283  if (bss)
2284  ieee80211_rx_bss_put(local, bss);
2285 
2286  if (!sdata->u.mgd.associated)
2287  return;
2288 
2289  if (need_ps) {
2290  mutex_lock(&local->iflist_mtx);
2291  ieee80211_recalc_ps(local, -1);
2292  mutex_unlock(&local->iflist_mtx);
2293  }
2294 
2295  if (elems->ch_switch_ie &&
2296  memcmp(mgmt->bssid, sdata->u.mgd.associated->bssid, ETH_ALEN) == 0)
2297  ieee80211_sta_process_chanswitch(sdata, elems->ch_switch_ie,
2298  bss, rx_status->mactime);
2299 }
2300 
2301 
2302 static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata,
2303  struct sk_buff *skb)
2304 {
2305  struct ieee80211_mgmt *mgmt = (void *)skb->data;
2306  struct ieee80211_if_managed *ifmgd;
2307  struct ieee80211_rx_status *rx_status = (void *) skb->cb;
2308  size_t baselen, len = skb->len;
2309  struct ieee802_11_elems elems;
2310 
2311  ifmgd = &sdata->u.mgd;
2312 
2313  ASSERT_MGD_MTX(ifmgd);
2314 
2315  if (!ether_addr_equal(mgmt->da, sdata->vif.addr))
2316  return; /* ignore ProbeResp to foreign address */
2317 
2318  baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt;
2319  if (baselen > len)
2320  return;
2321 
2322  ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen,
2323  &elems);
2324 
2325  ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems, false);
2326 
2327  if (ifmgd->associated &&
2328  ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid))
2329  ieee80211_reset_ap_probe(sdata);
2330 
2331  if (ifmgd->auth_data && !ifmgd->auth_data->bss->proberesp_ies &&
2332  ether_addr_equal(mgmt->bssid, ifmgd->auth_data->bss->bssid)) {
2333  /* got probe response, continue with auth */
2334  sdata_info(sdata, "direct probe responded\n");
2335  ifmgd->auth_data->tries = 0;
2336  ifmgd->auth_data->timeout = jiffies;
2337  run_again(ifmgd, ifmgd->auth_data->timeout);
2338  }
2339 }
2340 
2341 /*
2342  * This is the canonical list of information elements we care about,
2343  * the filter code also gives us all changes to the Microsoft OUI
2344  * (00:50:F2) vendor IE which is used for WMM which we need to track.
2345  *
2346  * We implement beacon filtering in software since that means we can
2347  * avoid processing the frame here and in cfg80211, and userspace
2348  * will not be able to tell whether the hardware supports it or not.
2349  *
2350  * XXX: This list needs to be dynamic -- userspace needs to be able to
2351  * add items it requires. It also needs to be able to tell us to
2352  * look out for other vendor IEs.
2353  */
2354 static const u64 care_about_ies =
2355  (1ULL << WLAN_EID_COUNTRY) |
2356  (1ULL << WLAN_EID_ERP_INFO) |
2357  (1ULL << WLAN_EID_CHANNEL_SWITCH) |
2358  (1ULL << WLAN_EID_PWR_CONSTRAINT) |
2359  (1ULL << WLAN_EID_HT_CAPABILITY) |
2360  (1ULL << WLAN_EID_HT_OPERATION);
2361 
2362 static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
2363  struct ieee80211_mgmt *mgmt,
2364  size_t len,
2365  struct ieee80211_rx_status *rx_status)
2366 {
2367  struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2368  struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
2369  size_t baselen;
2370  struct ieee802_11_elems elems;
2371  struct ieee80211_local *local = sdata->local;
2372  u32 changed = 0;
2373  bool erp_valid, directed_tim = false;
2374  u8 erp_value = 0;
2375  u32 ncrc;
2376  u8 *bssid;
2377 
2378  lockdep_assert_held(&ifmgd->mtx);
2379 
2380  /* Process beacon from the current BSS */
2381  baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
2382  if (baselen > len)
2383  return;
2384 
2385  if (rx_status->freq != local->oper_channel->center_freq)
2386  return;
2387 
2388  if (ifmgd->assoc_data && !ifmgd->assoc_data->have_beacon &&
2389  ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->bss->bssid)) {
2390  ieee802_11_parse_elems(mgmt->u.beacon.variable,
2391  len - baselen, &elems);
2392 
2393  ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems,
2394  false);
2395  ifmgd->assoc_data->have_beacon = true;
2396  ifmgd->assoc_data->sent_assoc = false;
2397  /* continue assoc process */
2398  ifmgd->assoc_data->timeout = jiffies;
2399  run_again(ifmgd, ifmgd->assoc_data->timeout);
2400  return;
2401  }
2402 
2403  if (!ifmgd->associated ||
2404  !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid))
2405  return;
2406  bssid = ifmgd->associated->bssid;
2407 
2408  /* Track average RSSI from the Beacon frames of the current AP */
2409  ifmgd->last_beacon_signal = rx_status->signal;
2410  if (ifmgd->flags & IEEE80211_STA_RESET_SIGNAL_AVE) {
2411  ifmgd->flags &= ~IEEE80211_STA_RESET_SIGNAL_AVE;
2412  ifmgd->ave_beacon_signal = rx_status->signal * 16;
2413  ifmgd->last_cqm_event_signal = 0;
2414  ifmgd->count_beacon_signal = 1;
2415  ifmgd->last_ave_beacon_signal = 0;
2416  } else {
2417  ifmgd->ave_beacon_signal =
2418  (IEEE80211_SIGNAL_AVE_WEIGHT * rx_status->signal * 16 +
2419  (16 - IEEE80211_SIGNAL_AVE_WEIGHT) *
2420  ifmgd->ave_beacon_signal) / 16;
2421  ifmgd->count_beacon_signal++;
2422  }
2423 
2424  if (ifmgd->rssi_min_thold != ifmgd->rssi_max_thold &&
2425  ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) {
2426  int sig = ifmgd->ave_beacon_signal;
2427  int last_sig = ifmgd->last_ave_beacon_signal;
2428 
2429  /*
2430  * if signal crosses either of the boundaries, invoke callback
2431  * with appropriate parameters
2432  */
2433  if (sig > ifmgd->rssi_max_thold &&
2434  (last_sig <= ifmgd->rssi_min_thold || last_sig == 0)) {
2435  ifmgd->last_ave_beacon_signal = sig;
2436  drv_rssi_callback(local, RSSI_EVENT_HIGH);
2437  } else if (sig < ifmgd->rssi_min_thold &&
2438  (last_sig >= ifmgd->rssi_max_thold ||
2439  last_sig == 0)) {
2440  ifmgd->last_ave_beacon_signal = sig;
2441  drv_rssi_callback(local, RSSI_EVENT_LOW);
2442  }
2443  }
2444 
2445  if (bss_conf->cqm_rssi_thold &&
2446  ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT &&
2447  !(sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI)) {
2448  int sig = ifmgd->ave_beacon_signal / 16;
2449  int last_event = ifmgd->last_cqm_event_signal;
2450  int thold = bss_conf->cqm_rssi_thold;
2451  int hyst = bss_conf->cqm_rssi_hyst;
2452  if (sig < thold &&
2453  (last_event == 0 || sig < last_event - hyst)) {
2454  ifmgd->last_cqm_event_signal = sig;
2455  ieee80211_cqm_rssi_notify(
2456  &sdata->vif,
2457  NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW,
2458  GFP_KERNEL);
2459  } else if (sig > thold &&
2460  (last_event == 0 || sig > last_event + hyst)) {
2461  ifmgd->last_cqm_event_signal = sig;
2462  ieee80211_cqm_rssi_notify(
2463  &sdata->vif,
2464  NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH,
2465  GFP_KERNEL);
2466  }
2467  }
2468 
2469  if (ifmgd->flags & IEEE80211_STA_BEACON_POLL) {
2470  mlme_dbg_ratelimited(sdata,
2471  "cancelling probereq poll due to a received beacon\n");
2472  mutex_lock(&local->mtx);
2473  ifmgd->flags &= ~IEEE80211_STA_BEACON_POLL;
2474  ieee80211_run_deferred_scan(local);
2475  mutex_unlock(&local->mtx);
2476 
2477  mutex_lock(&local->iflist_mtx);
2478  ieee80211_recalc_ps(local, -1);
2479  mutex_unlock(&local->iflist_mtx);
2480  }
2481 
2482  /*
2483  * Push the beacon loss detection into the future since
2484  * we are processing a beacon from the AP just now.
2485  */
2486  ieee80211_sta_reset_beacon_monitor(sdata);
2487 
2488  ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4);
2489  ncrc = ieee802_11_parse_elems_crc(mgmt->u.beacon.variable,
2490  len - baselen, &elems,
2491  care_about_ies, ncrc);
2492 
2493  if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)
2494  directed_tim = ieee80211_check_tim(elems.tim, elems.tim_len,
2495  ifmgd->aid);
2496 
2497  if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) {
2498  if (directed_tim) {
2499  if (local->hw.conf.dynamic_ps_timeout > 0) {
2500  if (local->hw.conf.flags & IEEE80211_CONF_PS) {
2501  local->hw.conf.flags &= ~IEEE80211_CONF_PS;
2502  ieee80211_hw_config(local,
2503  IEEE80211_CONF_CHANGE_PS);
2504  }
2505  ieee80211_send_nullfunc(local, sdata, 0);
2506  } else if (!local->pspolling && sdata->u.mgd.powersave) {
2507  local->pspolling = true;
2508 
2509  /*
2510  * Here is assumed that the driver will be
2511  * able to send ps-poll frame and receive a
2512  * response even though power save mode is
2513  * enabled, but some drivers might require
2514  * to disable power save here. This needs
2515  * to be investigated.
2516  */
2517  ieee80211_send_pspoll(local, sdata);
2518  }
2519  }
2520  }
2521 
2522  if (ncrc == ifmgd->beacon_crc && ifmgd->beacon_crc_valid)
2523  return;
2524  ifmgd->beacon_crc = ncrc;
2525  ifmgd->beacon_crc_valid = true;
2526 
2527  ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems,
2528  true);
2529 
2530  if (ieee80211_sta_wmm_params(local, sdata, elems.wmm_param,
2531  elems.wmm_param_len))
2532  changed |= BSS_CHANGED_QOS;
2533 
2534  if (elems.erp_info && elems.erp_info_len >= 1) {
2535  erp_valid = true;
2536  erp_value = elems.erp_info[0];
2537  } else {
2538  erp_valid = false;
2539  }
2540  changed |= ieee80211_handle_bss_capability(sdata,
2541  le16_to_cpu(mgmt->u.beacon.capab_info),
2542  erp_valid, erp_value);
2543 
2544 
2545  if (elems.ht_cap_elem && elems.ht_operation && elems.wmm_param &&
2546  !(ifmgd->flags & IEEE80211_STA_DISABLE_11N)) {
2547  struct ieee80211_supported_band *sband;
2548 
2549  sband = local->hw.wiphy->bands[local->oper_channel->band];
2550 
2551  changed |= ieee80211_config_ht_tx(sdata, elems.ht_operation,
2552  bssid, true);
2553  }
2554 
2555  if (elems.country_elem && elems.pwr_constr_elem &&
2556  mgmt->u.probe_resp.capab_info &
2557  cpu_to_le16(WLAN_CAPABILITY_SPECTRUM_MGMT))
2558  ieee80211_handle_pwr_constr(sdata, local->oper_channel,
2559  elems.country_elem,
2560  elems.country_elem_len,
2561  elems.pwr_constr_elem);
2562 
2563  ieee80211_bss_info_change_notify(sdata, changed);
2564 }
2565 
2566 void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
2567  struct sk_buff *skb)
2568 {
2569  struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2570  struct ieee80211_rx_status *rx_status;
2571  struct ieee80211_mgmt *mgmt;
2572  struct cfg80211_bss *bss = NULL;
2573  enum rx_mgmt_action rma = RX_MGMT_NONE;
2574  u16 fc;
2575 
2576  rx_status = (struct ieee80211_rx_status *) skb->cb;
2577  mgmt = (struct ieee80211_mgmt *) skb->data;
2578  fc = le16_to_cpu(mgmt->frame_control);
2579 
2580  mutex_lock(&ifmgd->mtx);
2581 
2582  switch (fc & IEEE80211_FCTL_STYPE) {
2583  case IEEE80211_STYPE_BEACON:
2584  ieee80211_rx_mgmt_beacon(sdata, mgmt, skb->len, rx_status);
2585  break;
2586  case IEEE80211_STYPE_PROBE_RESP:
2587  ieee80211_rx_mgmt_probe_resp(sdata, skb);
2588  break;
2589  case IEEE80211_STYPE_AUTH:
2590  rma = ieee80211_rx_mgmt_auth(sdata, mgmt, skb->len);
2591  break;
2592  case IEEE80211_STYPE_DEAUTH:
2593  rma = ieee80211_rx_mgmt_deauth(sdata, mgmt, skb->len);
2594  break;
2595  case IEEE80211_STYPE_DISASSOC:
2596  rma = ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len);
2597  break;
2598  case IEEE80211_STYPE_ASSOC_RESP:
2599  case IEEE80211_STYPE_REASSOC_RESP:
2600  rma = ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len, &bss);
2601  break;
2602  case IEEE80211_STYPE_ACTION:
2603  switch (mgmt->u.action.category) {
2604  case WLAN_CATEGORY_SPECTRUM_MGMT:
2605  ieee80211_sta_process_chanswitch(sdata,
2606  &mgmt->u.action.u.chan_switch.sw_elem,
2607  (void *)ifmgd->associated->priv,
2608  rx_status->mactime);
2609  break;
2610  }
2611  }
2612  mutex_unlock(&ifmgd->mtx);
2613 
2614  switch (rma) {
2615  case RX_MGMT_NONE:
2616  /* no action */
2617  break;
2618  case RX_MGMT_CFG80211_DEAUTH:
2619  cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len);
2620  break;
2621  case RX_MGMT_CFG80211_DISASSOC:
2622  cfg80211_send_disassoc(sdata->dev, (u8 *)mgmt, skb->len);
2623  break;
2624  case RX_MGMT_CFG80211_RX_AUTH:
2625  cfg80211_send_rx_auth(sdata->dev, (u8 *)mgmt, skb->len);
2626  break;
2627  case RX_MGMT_CFG80211_RX_ASSOC:
2628  cfg80211_send_rx_assoc(sdata->dev, bss, (u8 *)mgmt, skb->len);
2629  break;
2630  case RX_MGMT_CFG80211_ASSOC_TIMEOUT:
2631  cfg80211_send_assoc_timeout(sdata->dev, mgmt->bssid);
2632  break;
2633  default:
2634  WARN(1, "unexpected: %d", rma);
2635  }
2636 }
2637 
2638 static void ieee80211_sta_timer(unsigned long data)
2639 {
2640  struct ieee80211_sub_if_data *sdata =
2641  (struct ieee80211_sub_if_data *) data;
2642  struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2643  struct ieee80211_local *local = sdata->local;
2644 
2645  if (local->quiescing) {
2646  set_bit(TMR_RUNNING_TIMER, &ifmgd->timers_running);
2647  return;
2648  }
2649 
2650  ieee80211_queue_work(&local->hw, &sdata->work);
2651 }
2652 
2653 static void ieee80211_sta_connection_lost(struct ieee80211_sub_if_data *sdata,
2654  u8 *bssid, u8 reason)
2655 {
2656  struct ieee80211_local *local = sdata->local;
2657  struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2658  u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
2659 
2660  ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, reason,
2661  false, frame_buf);
2662  mutex_unlock(&ifmgd->mtx);
2663 
2664  /*
2665  * must be outside lock due to cfg80211,
2666  * but that's not a problem.
2667  */
2668  cfg80211_send_deauth(sdata->dev, frame_buf, IEEE80211_DEAUTH_FRAME_LEN);
2669 
2670  mutex_lock(&local->mtx);
2671  ieee80211_recalc_idle(local);
2672  mutex_unlock(&local->mtx);
2673 
2674  mutex_lock(&ifmgd->mtx);
2675 }
2676 
2677 static int ieee80211_probe_auth(struct ieee80211_sub_if_data *sdata)
2678 {
2679  struct ieee80211_local *local = sdata->local;
2680  struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2681  struct ieee80211_mgd_auth_data *auth_data = ifmgd->auth_data;
2682 
2683  lockdep_assert_held(&ifmgd->mtx);
2684 
2685  if (WARN_ON_ONCE(!auth_data))
2686  return -EINVAL;
2687 
2688  auth_data->tries++;
2689 
2690  if (auth_data->tries > IEEE80211_AUTH_MAX_TRIES) {
2691  sdata_info(sdata, "authentication with %pM timed out\n",
2692  auth_data->bss->bssid);
2693 
2694  /*
2695  * Most likely AP is not in the range so remove the
2696  * bss struct for that AP.
2697  */
2698  cfg80211_unlink_bss(local->hw.wiphy, auth_data->bss);
2699 
2700  return -ETIMEDOUT;
2701  }
2702 
2703  drv_mgd_prepare_tx(local, sdata);
2704 
2705  if (auth_data->bss->proberesp_ies) {
2706  sdata_info(sdata, "send auth to %pM (try %d/%d)\n",
2707  auth_data->bss->bssid, auth_data->tries,
2708  IEEE80211_AUTH_MAX_TRIES);
2709 
2710  auth_data->expected_transaction = 2;
2711  ieee80211_send_auth(sdata, 1, auth_data->algorithm,
2712  auth_data->ie, auth_data->ie_len,
2713  auth_data->bss->bssid,
2714  auth_data->bss->bssid, NULL, 0, 0);
2715  } else {
2716  const u8 *ssidie;
2717 
2718  sdata_info(sdata, "direct probe to %pM (try %d/%i)\n",
2719  auth_data->bss->bssid, auth_data->tries,
2720  IEEE80211_AUTH_MAX_TRIES);
2721 
2722  ssidie = ieee80211_bss_get_ie(auth_data->bss, WLAN_EID_SSID);
2723  if (!ssidie)
2724  return -EINVAL;
2725  /*
2726  * Direct probe is sent to broadcast address as some APs
2727  * will not answer to direct packet in unassociated state.
2728  */
2729  ieee80211_send_probe_req(sdata, NULL, ssidie + 2, ssidie[1],
2730  NULL, 0, (u32) -1, true, false,
2731  auth_data->bss->channel);
2732  }
2733 
2734  auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
2735  run_again(ifmgd, auth_data->timeout);
2736 
2737  return 0;
2738 }
2739 
2740 static int ieee80211_do_assoc(struct ieee80211_sub_if_data *sdata)
2741 {
2742  struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data;
2743  struct ieee80211_local *local = sdata->local;
2744 
2745  lockdep_assert_held(&sdata->u.mgd.mtx);
2746 
2747  assoc_data->tries++;
2748  if (assoc_data->tries > IEEE80211_ASSOC_MAX_TRIES) {
2749  sdata_info(sdata, "association with %pM timed out\n",
2750  assoc_data->bss->bssid);
2751 
2752  /*
2753  * Most likely AP is not in the range so remove the
2754  * bss struct for that AP.
2755  */
2756  cfg80211_unlink_bss(local->hw.wiphy, assoc_data->bss);
2757 
2758  return -ETIMEDOUT;
2759  }
2760 
2761  sdata_info(sdata, "associate with %pM (try %d/%d)\n",
2762  assoc_data->bss->bssid, assoc_data->tries,
2763  IEEE80211_ASSOC_MAX_TRIES);
2764  ieee80211_send_assoc(sdata);
2765 
2766  assoc_data->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT;
2767  run_again(&sdata->u.mgd, assoc_data->timeout);
2768 
2769  return 0;
2770 }
2771 
2772 void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata)
2773 {
2774  struct ieee80211_local *local = sdata->local;
2775  struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2776 
2777  mutex_lock(&ifmgd->mtx);
2778 
2779  if (ifmgd->auth_data &&
2780  time_after(jiffies, ifmgd->auth_data->timeout)) {
2781  if (ifmgd->auth_data->done) {
2782  /*
2783  * ok ... we waited for assoc but userspace didn't,
2784  * so let's just kill the auth data
2785  */
2786  ieee80211_destroy_auth_data(sdata, false);
2787  } else if (ieee80211_probe_auth(sdata)) {
2788  u8 bssid[ETH_ALEN];
2789 
2790  memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN);
2791 
2792  ieee80211_destroy_auth_data(sdata, false);
2793 
2794  mutex_unlock(&ifmgd->mtx);
2795  cfg80211_send_auth_timeout(sdata->dev, bssid);
2796  mutex_lock(&ifmgd->mtx);
2797  }
2798  } else if (ifmgd->auth_data)
2799  run_again(ifmgd, ifmgd->auth_data->timeout);
2800 
2801  if (ifmgd->assoc_data &&
2802  time_after(jiffies, ifmgd->assoc_data->timeout)) {
2803  if (!ifmgd->assoc_data->have_beacon ||
2804  ieee80211_do_assoc(sdata)) {
2805  u8 bssid[ETH_ALEN];
2806 
2807  memcpy(bssid, ifmgd->assoc_data->bss->bssid, ETH_ALEN);
2808 
2809  ieee80211_destroy_assoc_data(sdata, false);
2810 
2811  mutex_unlock(&ifmgd->mtx);
2812  cfg80211_send_assoc_timeout(sdata->dev, bssid);
2813  mutex_lock(&ifmgd->mtx);
2814  }
2815  } else if (ifmgd->assoc_data)
2816  run_again(ifmgd, ifmgd->assoc_data->timeout);
2817 
2818  if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL |
2819  IEEE80211_STA_CONNECTION_POLL) &&
2820  ifmgd->associated) {
2821  u8 bssid[ETH_ALEN];
2822  int max_tries;
2823 
2824  memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN);
2825 
2826  if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
2827  max_tries = max_nullfunc_tries;
2828  else
2829  max_tries = max_probe_tries;
2830 
2831  /* ACK received for nullfunc probing frame */
2832  if (!ifmgd->probe_send_count)
2833  ieee80211_reset_ap_probe(sdata);
2834  else if (ifmgd->nullfunc_failed) {
2835  if (ifmgd->probe_send_count < max_tries) {
2836  mlme_dbg(sdata,
2837  "No ack for nullfunc frame to AP %pM, try %d/%i\n",
2838  bssid, ifmgd->probe_send_count,
2839  max_tries);
2840  ieee80211_mgd_probe_ap_send(sdata);
2841  } else {
2842  mlme_dbg(sdata,
2843  "No ack for nullfunc frame to AP %pM, disconnecting.\n",
2844  bssid);
2845  ieee80211_sta_connection_lost(sdata, bssid,
2846  WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY);
2847  }
2848  } else if (time_is_after_jiffies(ifmgd->probe_timeout))
2849  run_again(ifmgd, ifmgd->probe_timeout);
2850  else if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) {
2851  mlme_dbg(sdata,
2852  "Failed to send nullfunc to AP %pM after %dms, disconnecting\n",
2853  bssid, probe_wait_ms);
2854  ieee80211_sta_connection_lost(sdata, bssid,
2855  WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY);
2856  } else if (ifmgd->probe_send_count < max_tries) {
2857  mlme_dbg(sdata,
2858  "No probe response from AP %pM after %dms, try %d/%i\n",
2859  bssid, probe_wait_ms,
2860  ifmgd->probe_send_count, max_tries);
2861  ieee80211_mgd_probe_ap_send(sdata);
2862  } else {
2863  /*
2864  * We actually lost the connection ... or did we?
2865  * Let's make sure!
2866  */
2867  wiphy_debug(local->hw.wiphy,
2868  "%s: No probe response from AP %pM"
2869  " after %dms, disconnecting.\n",
2870  sdata->name,
2871  bssid, probe_wait_ms);
2872 
2873  ieee80211_sta_connection_lost(sdata, bssid,
2874  WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY);
2875  }
2876  }
2877 
2878  mutex_unlock(&ifmgd->mtx);
2879 
2880  mutex_lock(&local->mtx);
2881  ieee80211_recalc_idle(local);
2882  mutex_unlock(&local->mtx);
2883 }
2884 
2885 static void ieee80211_sta_bcn_mon_timer(unsigned long data)
2886 {
2887  struct ieee80211_sub_if_data *sdata =
2888  (struct ieee80211_sub_if_data *) data;
2889  struct ieee80211_local *local = sdata->local;
2890 
2891  if (local->quiescing)
2892  return;
2893 
2894  ieee80211_queue_work(&sdata->local->hw,
2895  &sdata->u.mgd.beacon_connection_loss_work);
2896 }
2897 
2898 static void ieee80211_sta_conn_mon_timer(unsigned long data)
2899 {
2900  struct ieee80211_sub_if_data *sdata =
2901  (struct ieee80211_sub_if_data *) data;
2902  struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2903  struct ieee80211_local *local = sdata->local;
2904 
2905  if (local->quiescing)
2906  return;
2907 
2908  ieee80211_queue_work(&local->hw, &ifmgd->monitor_work);
2909 }
2910 
2911 static void ieee80211_sta_monitor_work(struct work_struct *work)
2912 {
2913  struct ieee80211_sub_if_data *sdata =
2914  container_of(work, struct ieee80211_sub_if_data,
2915  u.mgd.monitor_work);
2916 
2917  ieee80211_mgd_probe_ap(sdata, false);
2918 }
2919 
2920 static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata)
2921 {
2922  u32 flags;
2923 
2924  if (sdata->vif.type == NL80211_IFTYPE_STATION) {
2925  __ieee80211_stop_poll(sdata);
2926 
2927  /* let's probe the connection once */
2928  flags = sdata->local->hw.flags;
2929  if (!(flags & IEEE80211_HW_CONNECTION_MONITOR))
2930  ieee80211_queue_work(&sdata->local->hw,
2931  &sdata->u.mgd.monitor_work);
2932  /* and do all the other regular work too */
2933  ieee80211_queue_work(&sdata->local->hw, &sdata->work);
2934  }
2935 }
2936 
2937 #ifdef CONFIG_PM
2938 void ieee80211_sta_quiesce(struct ieee80211_sub_if_data *sdata)
2939 {
2940  struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2941 
2942  /*
2943  * we need to use atomic bitops for the running bits
2944  * only because both timers might fire at the same
2945  * time -- the code here is properly synchronised.
2946  */
2947 
2948  cancel_work_sync(&ifmgd->request_smps_work);
2949 
2950  cancel_work_sync(&ifmgd->monitor_work);
2951  cancel_work_sync(&ifmgd->beacon_connection_loss_work);
2952  cancel_work_sync(&ifmgd->csa_connection_drop_work);
2953  if (del_timer_sync(&ifmgd->timer))
2954  set_bit(TMR_RUNNING_TIMER, &ifmgd->timers_running);
2955 
2956  cancel_work_sync(&ifmgd->chswitch_work);
2957  if (del_timer_sync(&ifmgd->chswitch_timer))
2958  set_bit(TMR_RUNNING_CHANSW, &ifmgd->timers_running);
2959 
2960  /* these will just be re-established on connection */
2961  del_timer_sync(&ifmgd->conn_mon_timer);
2962  del_timer_sync(&ifmgd->bcn_mon_timer);
2963 }
2964 
2965 void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata)
2966 {
2967  struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2968 
2969  if (!ifmgd->associated)
2970  return;
2971 
2972  if (sdata->flags & IEEE80211_SDATA_DISCONNECT_RESUME) {
2973  sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_RESUME;
2974  mutex_lock(&ifmgd->mtx);
2975  if (ifmgd->associated) {
2976  mlme_dbg(sdata,
2977  "driver requested disconnect after resume\n");
2978  ieee80211_sta_connection_lost(sdata,
2979  ifmgd->associated->bssid,
2980  WLAN_REASON_UNSPECIFIED);
2981  mutex_unlock(&ifmgd->mtx);
2982  return;
2983  }
2984  mutex_unlock(&ifmgd->mtx);
2985  }
2986 
2987  if (test_and_clear_bit(TMR_RUNNING_TIMER, &ifmgd->timers_running))
2988  add_timer(&ifmgd->timer);
2989  if (test_and_clear_bit(TMR_RUNNING_CHANSW, &ifmgd->timers_running))
2990  add_timer(&ifmgd->chswitch_timer);
2991  ieee80211_sta_reset_beacon_monitor(sdata);
2992 
2993  mutex_lock(&sdata->local->mtx);
2994  ieee80211_restart_sta_timer(sdata);
2995  mutex_unlock(&sdata->local->mtx);
2996 }
2997 #endif
2998 
2999 /* interface setup */
3000 void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata)
3001 {
3002  struct ieee80211_if_managed *ifmgd;
3003 
3004  ifmgd = &sdata->u.mgd;
3005  INIT_WORK(&ifmgd->monitor_work, ieee80211_sta_monitor_work);
3006  INIT_WORK(&ifmgd->chswitch_work, ieee80211_chswitch_work);
3007  INIT_WORK(&ifmgd->beacon_connection_loss_work,
3008  ieee80211_beacon_connection_loss_work);
3009  INIT_WORK(&ifmgd->csa_connection_drop_work,
3010  ieee80211_csa_connection_drop_work);
3011  INIT_WORK(&ifmgd->request_smps_work, ieee80211_request_smps_work);
3012  setup_timer(&ifmgd->timer, ieee80211_sta_timer,
3013  (unsigned long) sdata);
3014  setup_timer(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer,
3015  (unsigned long) sdata);
3016  setup_timer(&ifmgd->conn_mon_timer, ieee80211_sta_conn_mon_timer,
3017  (unsigned long) sdata);
3018  setup_timer(&ifmgd->chswitch_timer, ieee80211_chswitch_timer,
3019  (unsigned long) sdata);
3020 
3021  ifmgd->flags = 0;
3022  ifmgd->powersave = sdata->wdev.ps;
3023  ifmgd->uapsd_queues = IEEE80211_DEFAULT_UAPSD_QUEUES;
3024  ifmgd->uapsd_max_sp_len = IEEE80211_DEFAULT_MAX_SP_LEN;
3025 
3026  mutex_init(&ifmgd->mtx);
3027 
3028  if (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_SMPS)
3029  ifmgd->req_smps = IEEE80211_SMPS_AUTOMATIC;
3030  else
3031  ifmgd->req_smps = IEEE80211_SMPS_OFF;
3032 }
3033 
3034 /* scan finished notification */
3035 void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local)
3036 {
3037  struct ieee80211_sub_if_data *sdata;
3038 
3039  /* Restart STA timers */
3040  rcu_read_lock();
3041  list_for_each_entry_rcu(sdata, &local->interfaces, list)
3042  ieee80211_restart_sta_timer(sdata);
3043  rcu_read_unlock();
3044 }
3045 
3046 int ieee80211_max_network_latency(struct notifier_block *nb,
3047  unsigned long data, void *dummy)
3048 {
3049  s32 latency_usec = (s32) data;
3050  struct ieee80211_local *local =
3051  container_of(nb, struct ieee80211_local,
3052  network_latency_notifier);
3053 
3054  mutex_lock(&local->iflist_mtx);
3055  ieee80211_recalc_ps(local, latency_usec);
3056  mutex_unlock(&local->iflist_mtx);
3057 
3058  return 0;
3059 }
3060 
3061 static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata,
3062  struct cfg80211_bss *cbss)
3063 {
3064  struct ieee80211_local *local = sdata->local;
3065  struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3066  int ht_cfreq;
3067  enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
3068  const u8 *ht_oper_ie;
3069  const struct ieee80211_ht_operation *ht_oper = NULL;
3070  struct ieee80211_supported_band *sband;
3071 
3072  sband = local->hw.wiphy->bands[cbss->channel->band];
3073 
3074  ifmgd->flags &= ~IEEE80211_STA_DISABLE_40MHZ;
3075 
3076  if (sband->ht_cap.ht_supported) {
3077  ht_oper_ie = cfg80211_find_ie(WLAN_EID_HT_OPERATION,
3078  cbss->information_elements,
3079  cbss->len_information_elements);
3080  if (ht_oper_ie && ht_oper_ie[1] >= sizeof(*ht_oper))
3081  ht_oper = (void *)(ht_oper_ie + 2);
3082  }
3083 
3084  if (ht_oper) {
3085  ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan,
3086  cbss->channel->band);
3087  /* check that channel matches the right operating channel */
3088  if (cbss->channel->center_freq != ht_cfreq) {
3089  /*
3090  * It's possible that some APs are confused here;
3091  * Netgear WNDR3700 sometimes reports 4 higher than
3092  * the actual channel in association responses, but
3093  * since we look at probe response/beacon data here
3094  * it should be OK.
3095  */
3096  sdata_info(sdata,
3097  "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n",
3098  cbss->channel->center_freq,
3099  ht_cfreq, ht_oper->primary_chan,
3100  cbss->channel->band);
3101  ht_oper = NULL;
3102  } else {
3103  channel_type = NL80211_CHAN_HT20;
3104  }
3105  }
3106 
3107  if (ht_oper && sband->ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) {
3108  /*
3109  * cfg80211 already verified that the channel itself can
3110  * be used, but it didn't check that we can do the right
3111  * HT type, so do that here as well. If HT40 isn't allowed
3112  * on this channel, disable 40 MHz operation.
3113  */
3114 
3115  switch (ht_oper->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
3116  case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
3117  if (cbss->channel->flags & IEEE80211_CHAN_NO_HT40PLUS)
3118  ifmgd->flags |= IEEE80211_STA_DISABLE_40MHZ;
3119  else
3120  channel_type = NL80211_CHAN_HT40PLUS;
3121  break;
3122  case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
3123  if (cbss->channel->flags & IEEE80211_CHAN_NO_HT40MINUS)
3124  ifmgd->flags |= IEEE80211_STA_DISABLE_40MHZ;
3125  else
3126  channel_type = NL80211_CHAN_HT40MINUS;
3127  break;
3128  }
3129  }
3130 
3131  if (!ieee80211_set_channel_type(local, sdata, channel_type)) {
3132  /* can only fail due to HT40+/- mismatch */
3133  channel_type = NL80211_CHAN_HT20;
3134  sdata_info(sdata,
3135  "disabling 40 MHz due to multi-vif mismatch\n");
3136  ifmgd->flags |= IEEE80211_STA_DISABLE_40MHZ;
3137  WARN_ON(!ieee80211_set_channel_type(local, sdata,
3138  channel_type));
3139  }
3140 
3141  local->oper_channel = cbss->channel;
3142  ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL);
3143 
3144  return 0;
3145 }
3146 
3147 static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata,
3148  struct cfg80211_bss *cbss, bool assoc)
3149 {
3150  struct ieee80211_local *local = sdata->local;
3151  struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3152  struct ieee80211_bss *bss = (void *)cbss->priv;
3153  struct sta_info *new_sta = NULL;
3154  bool have_sta = false;
3155  int err;
3156 
3157  if (WARN_ON(!ifmgd->auth_data && !ifmgd->assoc_data))
3158  return -EINVAL;
3159 
3160  if (assoc) {
3161  rcu_read_lock();
3162  have_sta = sta_info_get(sdata, cbss->bssid);
3163  rcu_read_unlock();
3164  }
3165 
3166  if (!have_sta) {
3167  new_sta = sta_info_alloc(sdata, cbss->bssid, GFP_KERNEL);
3168  if (!new_sta)
3169  return -ENOMEM;
3170  }
3171 
3172  mutex_lock(&local->mtx);
3173  ieee80211_recalc_idle(sdata->local);
3174  mutex_unlock(&local->mtx);
3175 
3176  if (new_sta) {
3177  u32 rates = 0, basic_rates = 0;
3178  bool have_higher_than_11mbit;
3179  int min_rate = INT_MAX, min_rate_index = -1;
3180  struct ieee80211_supported_band *sband;
3181 
3182  sband = local->hw.wiphy->bands[cbss->channel->band];
3183 
3184  err = ieee80211_prep_channel(sdata, cbss);
3185  if (err) {
3186  sta_info_free(local, new_sta);
3187  return err;
3188  }
3189 
3190  ieee80211_get_rates(sband, bss->supp_rates,
3191  bss->supp_rates_len,
3192  &rates, &basic_rates,
3193  &have_higher_than_11mbit,
3194  &min_rate, &min_rate_index);
3195 
3196  /*
3197  * This used to be a workaround for basic rates missing
3198  * in the association response frame. Now that we no
3199  * longer use the basic rates from there, it probably
3200  * doesn't happen any more, but keep the workaround so
3201  * in case some *other* APs are buggy in different ways
3202  * we can connect -- with a warning.
3203  */
3204  if (!basic_rates && min_rate_index >= 0) {
3205  sdata_info(sdata,
3206  "No basic rates, using min rate instead\n");
3207  basic_rates = BIT(min_rate_index);
3208  }
3209 
3210  new_sta->sta.supp_rates[cbss->channel->band] = rates;
3211  sdata->vif.bss_conf.basic_rates = basic_rates;
3212 
3213  /* cf. IEEE 802.11 9.2.12 */
3214  if (local->oper_channel->band == IEEE80211_BAND_2GHZ &&
3215  have_higher_than_11mbit)
3216  sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE;
3217  else
3218  sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE;
3219 
3220  memcpy(ifmgd->bssid, cbss->bssid, ETH_ALEN);
3221 
3222  /* set timing information */
3223  sdata->vif.bss_conf.beacon_int = cbss->beacon_interval;
3224  sdata->vif.bss_conf.sync_tsf = cbss->tsf;
3225  sdata->vif.bss_conf.sync_device_ts = bss->device_ts;
3226 
3227  /* tell driver about BSSID, basic rates and timing */
3228  ieee80211_bss_info_change_notify(sdata,
3229  BSS_CHANGED_BSSID | BSS_CHANGED_BASIC_RATES |
3230  BSS_CHANGED_BEACON_INT);
3231 
3232  if (assoc)
3233  sta_info_pre_move_state(new_sta, IEEE80211_STA_AUTH);
3234 
3235  err = sta_info_insert(new_sta);
3236  new_sta = NULL;
3237  if (err) {
3238  sdata_info(sdata,
3239  "failed to insert STA entry for the AP (error %d)\n",
3240  err);
3241  return err;
3242  }
3243  } else
3244  WARN_ON_ONCE(!ether_addr_equal(ifmgd->bssid, cbss->bssid));
3245 
3246  return 0;
3247 }
3248 
3249 /* config hooks */
3250 int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata,
3251  struct cfg80211_auth_request *req)
3252 {
3253  struct ieee80211_local *local = sdata->local;
3254  struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3255  struct ieee80211_mgd_auth_data *auth_data;
3256  u16 auth_alg;
3257  int err;
3258 
3259  /* prepare auth data structure */
3260 
3261  switch (req->auth_type) {
3262  case NL80211_AUTHTYPE_OPEN_SYSTEM:
3263  auth_alg = WLAN_AUTH_OPEN;
3264  break;
3265  case NL80211_AUTHTYPE_SHARED_KEY:
3266  if (IS_ERR(local->wep_tx_tfm))
3267  return -EOPNOTSUPP;
3268  auth_alg = WLAN_AUTH_SHARED_KEY;
3269  break;
3270  case NL80211_AUTHTYPE_FT:
3271  auth_alg = WLAN_AUTH_FT;
3272  break;
3273  case NL80211_AUTHTYPE_NETWORK_EAP:
3274  auth_alg = WLAN_AUTH_LEAP;
3275  break;
3276  default:
3277  return -EOPNOTSUPP;
3278  }
3279 
3280  auth_data = kzalloc(sizeof(*auth_data) + req->ie_len, GFP_KERNEL);
3281  if (!auth_data)
3282  return -ENOMEM;
3283 
3284  auth_data->bss = req->bss;
3285 
3286  if (req->ie && req->ie_len) {
3287  memcpy(auth_data->ie, req->ie, req->ie_len);
3288  auth_data->ie_len = req->ie_len;
3289  }
3290 
3291  if (req->key && req->key_len) {
3292  auth_data->key_len = req->key_len;
3293  auth_data->key_idx = req->key_idx;
3294  memcpy(auth_data->key, req->key, req->key_len);
3295  }
3296 
3297  auth_data->algorithm = auth_alg;
3298 
3299  /* try to authenticate/probe */
3300 
3301  mutex_lock(&ifmgd->mtx);
3302 
3303  if ((ifmgd->auth_data && !ifmgd->auth_data->done) ||
3304  ifmgd->assoc_data) {
3305  err = -EBUSY;
3306  goto err_free;
3307  }
3308 
3309  if (ifmgd->auth_data)
3310  ieee80211_destroy_auth_data(sdata, false);
3311 
3312  /* prep auth_data so we don't go into idle on disassoc */
3313  ifmgd->auth_data = auth_data;
3314 
3315  if (ifmgd->associated)
3316  ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
3317 
3318  sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid);
3319 
3320  err = ieee80211_prep_connection(sdata, req->bss, false);
3321  if (err)
3322  goto err_clear;
3323 
3324  err = ieee80211_probe_auth(sdata);
3325  if (err) {
3326  sta_info_destroy_addr(sdata, req->bss->bssid);
3327  goto err_clear;
3328  }
3329 
3330  /* hold our own reference */
3331  cfg80211_ref_bss(auth_data->bss);
3332  err = 0;
3333  goto out_unlock;
3334 
3335  err_clear:
3336  memset(ifmgd->bssid, 0, ETH_ALEN);
3337  ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
3338  ifmgd->auth_data = NULL;
3339  err_free:
3340  kfree(auth_data);
3341  out_unlock:
3342  mutex_unlock(&ifmgd->mtx);
3343 
3344  return err;
3345 }
3346 
3347 int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
3348  struct cfg80211_assoc_request *req)
3349 {
3350  struct ieee80211_local *local = sdata->local;
3351  struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3352  struct ieee80211_bss *bss = (void *)req->bss->priv;
3353  struct ieee80211_mgd_assoc_data *assoc_data;
3354  struct ieee80211_supported_band *sband;
3355  const u8 *ssidie, *ht_ie;
3356  int i, err;
3357 
3358  ssidie = ieee80211_bss_get_ie(req->bss, WLAN_EID_SSID);
3359  if (!ssidie)
3360  return -EINVAL;
3361 
3362  assoc_data = kzalloc(sizeof(*assoc_data) + req->ie_len, GFP_KERNEL);
3363  if (!assoc_data)
3364  return -ENOMEM;
3365 
3366  mutex_lock(&ifmgd->mtx);
3367 
3368  if (ifmgd->associated)
3369  ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
3370 
3371  if (ifmgd->auth_data && !ifmgd->auth_data->done) {
3372  err = -EBUSY;
3373  goto err_free;
3374  }
3375 
3376  if (ifmgd->assoc_data) {
3377  err = -EBUSY;
3378  goto err_free;
3379  }
3380 
3381  if (ifmgd->auth_data) {
3382  bool match;
3383 
3384  /* keep sta info, bssid if matching */
3385  match = ether_addr_equal(ifmgd->bssid, req->bss->bssid);
3386  ieee80211_destroy_auth_data(sdata, match);
3387  }
3388 
3389  /* prepare assoc data */
3390 
3391  /*
3392  * keep only the 40 MHz disable bit set as it might have
3393  * been set during authentication already, all other bits
3394  * should be reset for a new connection
3395  */
3396  ifmgd->flags &= IEEE80211_STA_DISABLE_40MHZ;
3397 
3398  ifmgd->beacon_crc_valid = false;
3399 
3400  /*
3401  * IEEE802.11n does not allow TKIP/WEP as pairwise ciphers in HT mode.
3402  * We still associate in non-HT mode (11a/b/g) if any one of these
3403  * ciphers is configured as pairwise.
3404  * We can set this to true for non-11n hardware, that'll be checked
3405  * separately along with the peer capabilities.
3406  */
3407  for (i = 0; i < req->crypto.n_ciphers_pairwise; i++) {
3408  if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 ||
3409  req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP ||
3410  req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) {
3411  ifmgd->flags |= IEEE80211_STA_DISABLE_11N;
3412  ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
3413  netdev_info(sdata->dev,
3414  "disabling HT/VHT due to WEP/TKIP use\n");
3415  }
3416  }
3417 
3418  if (req->flags & ASSOC_REQ_DISABLE_HT) {
3419  ifmgd->flags |= IEEE80211_STA_DISABLE_11N;
3420  ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
3421  }
3422 
3423  /* Also disable HT if we don't support it or the AP doesn't use WMM */
3424  sband = local->hw.wiphy->bands[req->bss->channel->band];
3425  if (!sband->ht_cap.ht_supported ||
3426  local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used) {
3427  ifmgd->flags |= IEEE80211_STA_DISABLE_11N;
3428  if (!bss->wmm_used)
3429  netdev_info(sdata->dev,
3430  "disabling HT as WMM/QoS is not supported by the AP\n");
3431  }
3432 
3433  /* disable VHT if we don't support it or the AP doesn't use WMM */
3434  if (!sband->vht_cap.vht_supported ||
3435  local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used) {
3436  ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
3437  if (!bss->wmm_used)
3438  netdev_info(sdata->dev,
3439  "disabling VHT as WMM/QoS is not supported by the AP\n");
3440  }
3441 
3442  memcpy(&ifmgd->ht_capa, &req->ht_capa, sizeof(ifmgd->ht_capa));
3443  memcpy(&ifmgd->ht_capa_mask, &req->ht_capa_mask,
3444  sizeof(ifmgd->ht_capa_mask));
3445 
3446  if (req->ie && req->ie_len) {
3447  memcpy(assoc_data->ie, req->ie, req->ie_len);
3448  assoc_data->ie_len = req->ie_len;
3449  }
3450 
3451  assoc_data->bss = req->bss;
3452 
3453  if (ifmgd->req_smps == IEEE80211_SMPS_AUTOMATIC) {
3454  if (ifmgd->powersave)
3455  ifmgd->ap_smps = IEEE80211_SMPS_DYNAMIC;
3456  else
3457  ifmgd->ap_smps = IEEE80211_SMPS_OFF;
3458  } else
3459  ifmgd->ap_smps = ifmgd->req_smps;
3460 
3461  assoc_data->capability = req->bss->capability;
3462  assoc_data->wmm = bss->wmm_used &&
3463  (local->hw.queues >= IEEE80211_NUM_ACS);
3464  assoc_data->supp_rates = bss->supp_rates;
3465  assoc_data->supp_rates_len = bss->supp_rates_len;
3466 
3467  ht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_HT_OPERATION);
3468  if (ht_ie && ht_ie[1] >= sizeof(struct ieee80211_ht_operation))
3469  assoc_data->ap_ht_param =
3470  ((struct ieee80211_ht_operation *)(ht_ie + 2))->ht_param;
3471  else
3472  ifmgd->flags |= IEEE80211_STA_DISABLE_11N;
3473 
3474  if (bss->wmm_used && bss->uapsd_supported &&
3475  (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD)) {
3476  assoc_data->uapsd = true;
3477  ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED;
3478  } else {
3479  assoc_data->uapsd = false;
3480  ifmgd->flags &= ~IEEE80211_STA_UAPSD_ENABLED;
3481  }
3482 
3483  memcpy(assoc_data->ssid, ssidie + 2, ssidie[1]);
3484  assoc_data->ssid_len = ssidie[1];
3485 
3486  if (req->prev_bssid)
3487  memcpy(assoc_data->prev_bssid, req->prev_bssid, ETH_ALEN);
3488 
3489  if (req->use_mfp) {
3490  ifmgd->mfp = IEEE80211_MFP_REQUIRED;
3491  ifmgd->flags |= IEEE80211_STA_MFP_ENABLED;
3492  } else {
3493  ifmgd->mfp = IEEE80211_MFP_DISABLED;
3494  ifmgd->flags &= ~IEEE80211_STA_MFP_ENABLED;
3495  }
3496 
3497  if (req->crypto.control_port)
3498  ifmgd->flags |= IEEE80211_STA_CONTROL_PORT;
3499  else
3500  ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT;
3501 
3502  sdata->control_port_protocol = req->crypto.control_port_ethertype;
3503  sdata->control_port_no_encrypt = req->crypto.control_port_no_encrypt;
3504 
3505  /* kick off associate process */
3506 
3507  ifmgd->assoc_data = assoc_data;
3508 
3509  err = ieee80211_prep_connection(sdata, req->bss, true);
3510  if (err)
3511  goto err_clear;
3512 
3513  if (!bss->dtim_period &&
3514  sdata->local->hw.flags & IEEE80211_HW_NEED_DTIM_PERIOD) {
3515  /*
3516  * Wait up to one beacon interval ...
3517  * should this be more if we miss one?
3518  */
3519  sdata_info(sdata, "waiting for beacon from %pM\n",
3520  ifmgd->bssid);
3521  assoc_data->timeout = TU_TO_EXP_TIME(req->bss->beacon_interval);
3522  } else {
3523  assoc_data->have_beacon = true;
3524  assoc_data->sent_assoc = false;
3525  assoc_data->timeout = jiffies;
3526  }
3527  run_again(ifmgd, assoc_data->timeout);
3528 
3529  if (bss->corrupt_data) {
3530  char *corrupt_type = "data";
3531  if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_BEACON) {
3532  if (bss->corrupt_data &
3533  IEEE80211_BSS_CORRUPT_PROBE_RESP)
3534  corrupt_type = "beacon and probe response";
3535  else
3536  corrupt_type = "beacon";
3537  } else if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP)
3538  corrupt_type = "probe response";
3539  sdata_info(sdata, "associating with AP with corrupt %s\n",
3540  corrupt_type);
3541  }
3542 
3543  err = 0;
3544  goto out;
3545  err_clear:
3546  memset(ifmgd->bssid, 0, ETH_ALEN);
3547  ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
3548  ifmgd->assoc_data = NULL;
3549  err_free:
3550  kfree(assoc_data);
3551  out:
3552  mutex_unlock(&ifmgd->mtx);
3553 
3554  return err;
3555 }
3556 
3557 int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
3558  struct cfg80211_deauth_request *req)
3559 {
3560  struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3561  u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
3562  bool tx = !req->local_state_change;
3563 
3564  mutex_lock(&ifmgd->mtx);
3565 
3566  if (ifmgd->auth_data) {
3567  ieee80211_destroy_auth_data(sdata, false);
3568  mutex_unlock(&ifmgd->mtx);
3569  return 0;
3570  }
3571 
3572  sdata_info(sdata,
3573  "deauthenticating from %pM by local choice (reason=%d)\n",
3574  req->bssid, req->reason_code);
3575 
3576  if (ifmgd->associated &&
3577  ether_addr_equal(ifmgd->associated->bssid, req->bssid)) {
3578  ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
3579  req->reason_code, tx, frame_buf);
3580  } else {
3581  drv_mgd_prepare_tx(sdata->local, sdata);
3582  ieee80211_send_deauth_disassoc(sdata, req->bssid,
3583  IEEE80211_STYPE_DEAUTH,
3584  req->reason_code, tx,
3585  frame_buf);
3586  }
3587 
3588  mutex_unlock(&ifmgd->mtx);
3589 
3590  __cfg80211_send_deauth(sdata->dev, frame_buf,
3591  IEEE80211_DEAUTH_FRAME_LEN);
3592 
3593  mutex_lock(&sdata->local->mtx);
3594  ieee80211_recalc_idle(sdata->local);
3595  mutex_unlock(&sdata->local->mtx);
3596 
3597  return 0;
3598 }
3599 
3600 int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata,
3601  struct cfg80211_disassoc_request *req)
3602 {
3603  struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3604  u8 bssid[ETH_ALEN];
3605  u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
3606 
3607  mutex_lock(&ifmgd->mtx);
3608 
3609  /*
3610  * cfg80211 should catch this ... but it's racy since
3611  * we can receive a disassoc frame, process it, hand it
3612  * to cfg80211 while that's in a locked section already
3613  * trying to tell us that the user wants to disconnect.
3614  */
3615  if (ifmgd->associated != req->bss) {
3616  mutex_unlock(&ifmgd->mtx);
3617  return -ENOLINK;
3618  }
3619 
3620  sdata_info(sdata,
3621  "disassociating from %pM by local choice (reason=%d)\n",
3622  req->bss->bssid, req->reason_code);
3623 
3624  memcpy(bssid, req->bss->bssid, ETH_ALEN);
3625  ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DISASSOC,
3626  req->reason_code, !req->local_state_change,
3627  frame_buf);
3628  mutex_unlock(&ifmgd->mtx);
3629 
3630  __cfg80211_send_disassoc(sdata->dev, frame_buf,
3631  IEEE80211_DEAUTH_FRAME_LEN);
3632 
3633  mutex_lock(&sdata->local->mtx);
3634  ieee80211_recalc_idle(sdata->local);
3635  mutex_unlock(&sdata->local->mtx);
3636 
3637  return 0;
3638 }
3639 
3640 void ieee80211_mgd_stop(struct ieee80211_sub_if_data *sdata)
3641 {
3642  struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3643 
3644  mutex_lock(&ifmgd->mtx);
3645  if (ifmgd->assoc_data)
3646  ieee80211_destroy_assoc_data(sdata, false);
3647  if (ifmgd->auth_data)
3648  ieee80211_destroy_auth_data(sdata, false);
3649  del_timer_sync(&ifmgd->timer);
3650  mutex_unlock(&ifmgd->mtx);
3651 }
3652 
3653 void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif,
3654  enum nl80211_cqm_rssi_threshold_event rssi_event,
3655  gfp_t gfp)
3656 {
3657  struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
3658 
3659  trace_api_cqm_rssi_notify(sdata, rssi_event);
3660 
3661  cfg80211_cqm_rssi_notify(sdata->dev, rssi_event, gfp);
3662 }
3663 EXPORT_SYMBOL(ieee80211_cqm_rssi_notify);
Generated on Thu Jan 10 2013 14:27:55 for Linux Kernel by   doxygen 1.8.2