projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
mac80211: don't send deferred frames outside the SP
[deliverable/linux.git] / net / mac80211 / tdls.c
CommitLineData
95224fe8
AN		 1/*
2 * mac80211 TDLS handling code
3 *
4 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net>
5 * Copyright 2014, Intel Corporation
d98ad83e 6 * Copyright 2014 Intel Mobile Communications GmbH
59021c67 7 * Copyright 2015 - 2016 Intel Deutschland GmbH
95224fe8
AN		 8 *
9 * This file is GPLv2 as found in COPYING.
10 */
11
12#include <linux/ieee80211.h>
6f7eaa47 13#include <linux/log2.h>
c887f0d3 14#include <net/cfg80211.h>
c8ff71e6 15#include <linux/rtnetlink.h>
95224fe8 16#include "ieee80211_i.h"
ee10f2c7 17#include "driver-ops.h"
59021c67 18#include "rate.h"
95224fe8 19
17e6a59a
AN		 20/* give usermode some time for retries in setting up the TDLS session */
21#define TDLS_PEER_SETUP_TIMEOUT (15 * HZ)
22
23void ieee80211_tdls_peer_del_work(struct work_struct *wk)
24{
25 struct ieee80211_sub_if_data *sdata;
26 struct ieee80211_local *local;
27
28 sdata = container_of(wk, struct ieee80211_sub_if_data,
81dd2b88 29 u.mgd.tdls_peer_del_work.work);
17e6a59a
AN		 30 local = sdata->local;
31
32 mutex_lock(&local->mtx);
81dd2b88
AN		 33 if (!is_zero_ether_addr(sdata->u.mgd.tdls_peer)) {
34 tdls_dbg(sdata, "TDLS del peer %pM\n", sdata->u.mgd.tdls_peer);
35 sta_info_destroy_addr(sdata, sdata->u.mgd.tdls_peer);
36 eth_zero_addr(sdata->u.mgd.tdls_peer);
17e6a59a
AN		 37 }
38 mutex_unlock(&local->mtx);
39}
40
b98fb44f 41static void ieee80211_tdls_add_ext_capab(struct ieee80211_sub_if_data *sdata,
78632a17 42 struct sk_buff *skb)
95224fe8 43{
b98fb44f 44 struct ieee80211_local *local = sdata->local;
82c0cc90 45 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
78632a17
AN		 46 bool chan_switch = local->hw.wiphy->features &
47 NL80211_FEATURE_TDLS_CHANNEL_SWITCH;
82c0cc90
AN		 48 bool wider_band = ieee80211_hw_check(&local->hw, TDLS_WIDER_BW) &&
49 !ifmgd->tdls_wider_bw_prohibited;
b98fb44f
AN		 50 enum ieee80211_band band = ieee80211_get_sdata_band(sdata);
51 struct ieee80211_supported_band *sband = local->hw.wiphy->bands[band];
52 bool vht = sband && sband->vht_cap.vht_supported;
53 u8 *pos = (void *)skb_put(skb, 10);
95224fe8
AN		 54
55 *pos++ = WLAN_EID_EXT_CAPABILITY;
b98fb44f 56 *pos++ = 8; /* len */
95224fe8
AN		 57 *pos++ = 0x0;
58 *pos++ = 0x0;
59 *pos++ = 0x0;
78632a17 60 *pos++ = chan_switch ? WLAN_EXT_CAPA4_TDLS_CHAN_SWITCH : 0;
95224fe8 61 *pos++ = WLAN_EXT_CAPA5_TDLS_ENABLED;
b98fb44f
AN		 62 *pos++ = 0;
63 *pos++ = 0;
64 *pos++ = (vht && wider_band) ? WLAN_EXT_CAPA8_TDLS_WIDE_BW_ENABLED : 0;
95224fe8
AN		 65}
66
f0d29cb9
AN		 67static u8
68ieee80211_tdls_add_subband(struct ieee80211_sub_if_data *sdata,
69 struct sk_buff *skb, u16 start, u16 end,
70 u16 spacing)
71{
72 u8 subband_cnt = 0, ch_cnt = 0;
73 struct ieee80211_channel *ch;
74 struct cfg80211_chan_def chandef;
75 int i, subband_start;
923b352f 76 struct wiphy *wiphy = sdata->local->hw.wiphy;
f0d29cb9
AN		 77
78 for (i = start; i <= end; i += spacing) {
79 if (!ch_cnt)
80 subband_start = i;
81
82 ch = ieee80211_get_channel(sdata->local->hw.wiphy, i);
83 if (ch) {
84 /* we will be active on the channel */
f0d29cb9 85 cfg80211_chandef_create(&chandef, ch,
50075892 86 NL80211_CHAN_NO_HT);
923b352f
AN		 87 if (cfg80211_reg_can_beacon_relax(wiphy, &chandef,
88 sdata->wdev.iftype)) {
f0d29cb9 89 ch_cnt++;
50075892
AN		 90 /*
91 * check if the next channel is also part of
92 * this allowed range
93 */
f0d29cb9
AN		 94 continue;
95 }
96 }
97
50075892
AN		 98 /*
99 * we've reached the end of a range, with allowed channels
100 * found
101 */
f0d29cb9
AN		 102 if (ch_cnt) {
103 u8 *pos = skb_put(skb, 2);
104 *pos++ = ieee80211_frequency_to_channel(subband_start);
105 *pos++ = ch_cnt;
106
107 subband_cnt++;
108 ch_cnt = 0;
109 }
110 }
111
50075892
AN		 112 /* all channels in the requested range are allowed - add them here */
113 if (ch_cnt) {
114 u8 *pos = skb_put(skb, 2);
115 *pos++ = ieee80211_frequency_to_channel(subband_start);
116 *pos++ = ch_cnt;
117
118 subband_cnt++;
119 }
120
f0d29cb9
AN		 121 return subband_cnt;
122}
123
124static void
125ieee80211_tdls_add_supp_channels(struct ieee80211_sub_if_data *sdata,
126 struct sk_buff *skb)
127{
128 /*
129 * Add possible channels for TDLS. These are channels that are allowed
130 * to be active.
131 */
132 u8 subband_cnt;
133 u8 *pos = skb_put(skb, 2);
134
135 *pos++ = WLAN_EID_SUPPORTED_CHANNELS;
136
137 /*
138 * 5GHz and 2GHz channels numbers can overlap. Ignore this for now, as
139 * this doesn't happen in real world scenarios.
140 */
141
142 /* 2GHz, with 5MHz spacing */
143 subband_cnt = ieee80211_tdls_add_subband(sdata, skb, 2412, 2472, 5);
144
145 /* 5GHz, with 20MHz spacing */
146 subband_cnt += ieee80211_tdls_add_subband(sdata, skb, 5000, 5825, 20);
147
148 /* length */
149 *pos = 2 * subband_cnt;
150}
151
a38700dd
AN		 152static void ieee80211_tdls_add_oper_classes(struct ieee80211_sub_if_data *sdata,
153 struct sk_buff *skb)
154{
155 u8 *pos;
156 u8 op_class;
157
158 if (!ieee80211_chandef_to_operating_class(&sdata->vif.bss_conf.chandef,
159 &op_class))
160 return;
161
162 pos = skb_put(skb, 4);
163 *pos++ = WLAN_EID_SUPPORTED_REGULATORY_CLASSES;
164 *pos++ = 2; /* len */
165
166 *pos++ = op_class;
167 *pos++ = op_class; /* give current operating class as alternate too */
168}
169
2cedd879
AN		 170static void ieee80211_tdls_add_bss_coex_ie(struct sk_buff *skb)
171{
172 u8 *pos = (void *)skb_put(skb, 3);
173
174 *pos++ = WLAN_EID_BSS_COEX_2040;
175 *pos++ = 1; /* len */
176
177 *pos++ = WLAN_BSS_COEX_INFORMATION_REQUEST;
178}
179
dd8c0b03
AN		 180static u16 ieee80211_get_tdls_sta_capab(struct ieee80211_sub_if_data *sdata,
181 u16 status_code)
95224fe8 182{
dd8c0b03
AN		 183 /* The capability will be 0 when sending a failure code */
184 if (status_code != 0)
185 return 0;
186
ea1b2b45
JB		 187 if (ieee80211_get_sdata_band(sdata) == IEEE80211_BAND_2GHZ) {
188 return WLAN_CAPABILITY_SHORT_SLOT_TIME |
189 WLAN_CAPABILITY_SHORT_PREAMBLE;
190 }
95224fe8 191
ea1b2b45 192 return 0;
95224fe8
AN		 193}
194
1606ef4a
AN		 195static void ieee80211_tdls_add_link_ie(struct ieee80211_sub_if_data *sdata,
196 struct sk_buff *skb, const u8 *peer,
197 bool initiator)
95224fe8
AN		 198{
199 struct ieee80211_tdls_lnkie *lnkid;
1606ef4a
AN		 200 const u8 *init_addr, *rsp_addr;
201
202 if (initiator) {
203 init_addr = sdata->vif.addr;
204 rsp_addr = peer;
205 } else {
206 init_addr = peer;
207 rsp_addr = sdata->vif.addr;
208 }
95224fe8
AN		 209
210 lnkid = (void *)skb_put(skb, sizeof(struct ieee80211_tdls_lnkie));
211
212 lnkid->ie_type = WLAN_EID_LINK_ID;
213 lnkid->ie_len = sizeof(struct ieee80211_tdls_lnkie) - 2;
214
1606ef4a
AN		 215 memcpy(lnkid->bssid, sdata->u.mgd.bssid, ETH_ALEN);
216 memcpy(lnkid->init_sta, init_addr, ETH_ALEN);
217 memcpy(lnkid->resp_sta, rsp_addr, ETH_ALEN);
95224fe8
AN		 218}
219
fb28ec0c
AN		 220static void
221ieee80211_tdls_add_aid(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb)
222{
223 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
224 u8 *pos = (void *)skb_put(skb, 4);
225
226 *pos++ = WLAN_EID_AID;
227 *pos++ = 2; /* len */
228 put_unaligned_le16(ifmgd->aid, pos);
229}
230
6f7eaa47
AN		 231/* translate numbering in the WMM parameter IE to the mac80211 notation */
232static enum ieee80211_ac_numbers ieee80211_ac_from_wmm(int ac)
233{
234 switch (ac) {
235 default:
236 WARN_ON_ONCE(1);
237 case 0:
238 return IEEE80211_AC_BE;
239 case 1:
240 return IEEE80211_AC_BK;
241 case 2:
242 return IEEE80211_AC_VI;
243 case 3:
244 return IEEE80211_AC_VO;
245 }
246}
247
248static u8 ieee80211_wmm_aci_aifsn(int aifsn, bool acm, int aci)
249{
250 u8 ret;
251
252 ret = aifsn & 0x0f;
253 if (acm)
254 ret |= 0x10;
255 ret |= (aci << 5) & 0x60;
256 return ret;
257}
258
259static u8 ieee80211_wmm_ecw(u16 cw_min, u16 cw_max)
260{
261 return ((ilog2(cw_min + 1) << 0x0) & 0x0f) |
262 ((ilog2(cw_max + 1) << 0x4) & 0xf0);
263}
264
265static void ieee80211_tdls_add_wmm_param_ie(struct ieee80211_sub_if_data *sdata,
266 struct sk_buff *skb)
267{
268 struct ieee80211_wmm_param_ie *wmm;
269 struct ieee80211_tx_queue_params *txq;
270 int i;
271
272 wmm = (void *)skb_put(skb, sizeof(*wmm));
273 memset(wmm, 0, sizeof(*wmm));
274
275 wmm->element_id = WLAN_EID_VENDOR_SPECIFIC;
276 wmm->len = sizeof(*wmm) - 2;
277
278 wmm->oui[0] = 0x00; /* Microsoft OUI 00:50:F2 */
279 wmm->oui[1] = 0x50;
280 wmm->oui[2] = 0xf2;
281 wmm->oui_type = 2; /* WME */
282 wmm->oui_subtype = 1; /* WME param */
283 wmm->version = 1; /* WME ver */
284 wmm->qos_info = 0; /* U-APSD not in use */
285
286 /*
287 * Use the EDCA parameters defined for the BSS, or default if the AP
288 * doesn't support it, as mandated by 802.11-2012 section 10.22.4
289 */
290 for (i = 0; i < IEEE80211_NUM_ACS; i++) {
291 txq = &sdata->tx_conf[ieee80211_ac_from_wmm(i)];
292 wmm->ac[i].aci_aifsn = ieee80211_wmm_aci_aifsn(txq->aifs,
293 txq->acm, i);
294 wmm->ac[i].cw = ieee80211_wmm_ecw(txq->cw_min, txq->cw_max);
295 wmm->ac[i].txop_limit = cpu_to_le16(txq->txop);
296 }
297}
298
0fabfaaf
AN		 299static void
300ieee80211_tdls_chandef_vht_upgrade(struct ieee80211_sub_if_data *sdata,
301 struct sta_info *sta)
302{
303 /* IEEE802.11ac-2013 Table E-4 */
304 u16 centers_80mhz[] = { 5210, 5290, 5530, 5610, 5690, 5775 };
305 struct cfg80211_chan_def uc = sta->tdls_chandef;
59021c67 306 enum nl80211_chan_width max_width = ieee80211_sta_cap_chan_bw(sta);
0fabfaaf
AN		 307 int i;
308
309 /* only support upgrading non-narrow channels up to 80Mhz */
310 if (max_width == NL80211_CHAN_WIDTH_5 ||
311 max_width == NL80211_CHAN_WIDTH_10)
312 return;
313
314 if (max_width > NL80211_CHAN_WIDTH_80)
315 max_width = NL80211_CHAN_WIDTH_80;
316
317 if (uc.width == max_width)
318 return;
319 /*
320 * Channel usage constrains in the IEEE802.11ac-2013 specification only
321 * allow expanding a 20MHz channel to 80MHz in a single way. In
322 * addition, there are no 40MHz allowed channels that are not part of
323 * the allowed 80MHz range in the 5GHz spectrum (the relevant one here).
324 */
325 for (i = 0; i < ARRAY_SIZE(centers_80mhz); i++)
326 if (abs(uc.chan->center_freq - centers_80mhz[i]) <= 30) {
327 uc.center_freq1 = centers_80mhz[i];
328 uc.width = NL80211_CHAN_WIDTH_80;
329 break;
330 }
331
332 if (!uc.center_freq1)
333 return;
334
335 /* proceed to downgrade the chandef until usable or the same */
db8d9977 336 while (uc.width > max_width ||
dd55ab59
AN		 337 !cfg80211_reg_can_beacon_relax(sdata->local->hw.wiphy, &uc,
338 sdata->wdev.iftype))
0fabfaaf
AN		 339 ieee80211_chandef_downgrade(&uc);
340
341 if (!cfg80211_chandef_identical(&uc, &sta->tdls_chandef)) {
342 tdls_dbg(sdata, "TDLS ch width upgraded %d -> %d\n",
343 sta->tdls_chandef.width, uc.width);
344
345 /*
346 * the station is not yet authorized when BW upgrade is done,
347 * locking is not required
348 */
349 sta->tdls_chandef = uc;
350 }
351}
352
f09a87d2
AN		 353static void
354ieee80211_tdls_add_setup_start_ies(struct ieee80211_sub_if_data *sdata,
355 struct sk_buff *skb, const u8 *peer,
1606ef4a
AN		 356 u8 action_code, bool initiator,
357 const u8 *extra_ies, size_t extra_ies_len)
f09a87d2
AN		 358{
359 enum ieee80211_band band = ieee80211_get_sdata_band(sdata);
40b861a0 360 struct ieee80211_local *local = sdata->local;
13cc8a4a
AN		 361 struct ieee80211_supported_band *sband;
362 struct ieee80211_sta_ht_cap ht_cap;
fb28ec0c 363 struct ieee80211_sta_vht_cap vht_cap;
13cc8a4a 364 struct sta_info *sta = NULL;
f09a87d2
AN		 365 size_t offset = 0, noffset;
366 u8 *pos;
367
368 ieee80211_add_srates_ie(sdata, skb, false, band);
369 ieee80211_add_ext_srates_ie(sdata, skb, false, band);
f0d29cb9 370 ieee80211_tdls_add_supp_channels(sdata, skb);
f09a87d2
AN		 371
372 /* add any custom IEs that go before Extended Capabilities */
373 if (extra_ies_len) {
374 static const u8 before_ext_cap[] = {
375 WLAN_EID_SUPP_RATES,
376 WLAN_EID_COUNTRY,
377 WLAN_EID_EXT_SUPP_RATES,
378 WLAN_EID_SUPPORTED_CHANNELS,
379 WLAN_EID_RSN,
380 };
381 noffset = ieee80211_ie_split(extra_ies, extra_ies_len,
382 before_ext_cap,
383 ARRAY_SIZE(before_ext_cap),
384 offset);
385 pos = skb_put(skb, noffset - offset);
386 memcpy(pos, extra_ies + offset, noffset - offset);
387 offset = noffset;
388 }
389
b98fb44f 390 ieee80211_tdls_add_ext_capab(sdata, skb);
f09a87d2 391
40b861a0
AN		 392 /* add the QoS element if we support it */
393 if (local->hw.queues >= IEEE80211_NUM_ACS &&
394 action_code != WLAN_PUB_ACTION_TDLS_DISCOVER_RES)
395 ieee80211_add_wmm_info_ie(skb_put(skb, 9), 0); /* no U-APSD */
396
f09a87d2
AN		 397 /* add any custom IEs that go before HT capabilities */
398 if (extra_ies_len) {
399 static const u8 before_ht_cap[] = {
400 WLAN_EID_SUPP_RATES,
401 WLAN_EID_COUNTRY,
402 WLAN_EID_EXT_SUPP_RATES,
403 WLAN_EID_SUPPORTED_CHANNELS,
404 WLAN_EID_RSN,
405 WLAN_EID_EXT_CAPABILITY,
406 WLAN_EID_QOS_CAPA,
407 WLAN_EID_FAST_BSS_TRANSITION,
408 WLAN_EID_TIMEOUT_INTERVAL,
409 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
410 };
411 noffset = ieee80211_ie_split(extra_ies, extra_ies_len,
412 before_ht_cap,
413 ARRAY_SIZE(before_ht_cap),
414 offset);
415 pos = skb_put(skb, noffset - offset);
416 memcpy(pos, extra_ies + offset, noffset - offset);
417 offset = noffset;
418 }
419
0fabfaaf 420 mutex_lock(&local->sta_mtx);
ae2e9fba
AN		 421
422 /* we should have the peer STA if we're already responding */
423 if (action_code == WLAN_TDLS_SETUP_RESPONSE) {
424 sta = sta_info_get(sdata, peer);
425 if (WARN_ON_ONCE(!sta)) {
0fabfaaf 426 mutex_unlock(&local->sta_mtx);
ae2e9fba
AN		 427 return;
428 }
0fabfaaf
AN		 429
430 sta->tdls_chandef = sdata->vif.bss_conf.chandef;
ae2e9fba
AN		 431 }
432
a38700dd
AN		 433 ieee80211_tdls_add_oper_classes(sdata, skb);
434
13cc8a4a
AN		 435 /*
436 * with TDLS we can switch channels, and HT-caps are not necessarily
437 * the same on all bands. The specification limits the setup to a
438 * single HT-cap, so use the current band for now.
439 */
440 sband = local->hw.wiphy->bands[band];
441 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap));
c5309ba7 442
070e176a
AN		 443 if ((action_code == WLAN_TDLS_SETUP_REQUEST ||
444 action_code == WLAN_PUB_ACTION_TDLS_DISCOVER_RES) &&
445 ht_cap.ht_supported) {
c5309ba7
JB		 446 ieee80211_apply_htcap_overrides(sdata, &ht_cap);
447
448 /* disable SMPS in TDLS initiator */
449 ht_cap.cap |= WLAN_HT_CAP_SM_PS_DISABLED
450 << IEEE80211_HT_CAP_SM_PS_SHIFT;
451
452 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2);
453 ieee80211_ie_build_ht_cap(pos, &ht_cap, ht_cap.cap);
454 } else if (action_code == WLAN_TDLS_SETUP_RESPONSE &&
455 ht_cap.ht_supported && sta->sta.ht_cap.ht_supported) {
c5309ba7
JB		 456 /* the peer caps are already intersected with our own */
457 memcpy(&ht_cap, &sta->sta.ht_cap, sizeof(ht_cap));
13cc8a4a
AN		 458
459 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2);
460 ieee80211_ie_build_ht_cap(pos, &ht_cap, ht_cap.cap);
461 }
462
2cedd879
AN		 463 if (ht_cap.ht_supported &&
464 (ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40))
465 ieee80211_tdls_add_bss_coex_ie(skb);
466
fb28ec0c
AN		 467 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator);
468
469 /* add any custom IEs that go before VHT capabilities */
470 if (extra_ies_len) {
471 static const u8 before_vht_cap[] = {
472 WLAN_EID_SUPP_RATES,
473 WLAN_EID_COUNTRY,
474 WLAN_EID_EXT_SUPP_RATES,
475 WLAN_EID_SUPPORTED_CHANNELS,
476 WLAN_EID_RSN,
477 WLAN_EID_EXT_CAPABILITY,
478 WLAN_EID_QOS_CAPA,
479 WLAN_EID_FAST_BSS_TRANSITION,
480 WLAN_EID_TIMEOUT_INTERVAL,
481 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
482 WLAN_EID_MULTI_BAND,
483 };
484 noffset = ieee80211_ie_split(extra_ies, extra_ies_len,
485 before_vht_cap,
486 ARRAY_SIZE(before_vht_cap),
487 offset);
488 pos = skb_put(skb, noffset - offset);
489 memcpy(pos, extra_ies + offset, noffset - offset);
490 offset = noffset;
491 }
492
493 /* build the VHT-cap similarly to the HT-cap */
494 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap));
070e176a
AN		 495 if ((action_code == WLAN_TDLS_SETUP_REQUEST ||
496 action_code == WLAN_PUB_ACTION_TDLS_DISCOVER_RES) &&
497 vht_cap.vht_supported) {
fb28ec0c
AN		 498 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap);
499
500 /* the AID is present only when VHT is implemented */
070e176a
AN		 501 if (action_code == WLAN_TDLS_SETUP_REQUEST)
502 ieee80211_tdls_add_aid(sdata, skb);
fb28ec0c
AN		 503
504 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2);
505 ieee80211_ie_build_vht_cap(pos, &vht_cap, vht_cap.cap);
506 } else if (action_code == WLAN_TDLS_SETUP_RESPONSE &&
507 vht_cap.vht_supported && sta->sta.vht_cap.vht_supported) {
508 /* the peer caps are already intersected with our own */
509 memcpy(&vht_cap, &sta->sta.vht_cap, sizeof(vht_cap));
510
511 /* the AID is present only when VHT is implemented */
512 ieee80211_tdls_add_aid(sdata, skb);
513
514 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2);
515 ieee80211_ie_build_vht_cap(pos, &vht_cap, vht_cap.cap);
0fabfaaf
AN		 516
517 /*
518 * if both peers support WIDER_BW, we can expand the chandef to
519 * a wider compatible one, up to 80MHz
520 */
521 if (test_sta_flag(sta, WLAN_STA_TDLS_WIDER_BW))
522 ieee80211_tdls_chandef_vht_upgrade(sdata, sta);
fb28ec0c
AN		 523 }
524
0fabfaaf 525 mutex_unlock(&local->sta_mtx);
fb28ec0c 526
f09a87d2
AN		 527 /* add any remaining IEs */
528 if (extra_ies_len) {
529 noffset = extra_ies_len;
530 pos = skb_put(skb, noffset - offset);
531 memcpy(pos, extra_ies + offset, noffset - offset);
532 }
1606ef4a 533
f09a87d2
AN		 534}
535
6f7eaa47
AN		 536static void
537ieee80211_tdls_add_setup_cfm_ies(struct ieee80211_sub_if_data *sdata,
538 struct sk_buff *skb, const u8 *peer,
539 bool initiator, const u8 *extra_ies,
540 size_t extra_ies_len)
541{
542 struct ieee80211_local *local = sdata->local;
13cc8a4a 543 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
6f7eaa47 544 size_t offset = 0, noffset;
13cc8a4a 545 struct sta_info *sta, *ap_sta;
fb28ec0c 546 enum ieee80211_band band = ieee80211_get_sdata_band(sdata);
6f7eaa47
AN		 547 u8 *pos;
548
0fabfaaf 549 mutex_lock(&local->sta_mtx);
6f7eaa47
AN		 550
551 sta = sta_info_get(sdata, peer);
13cc8a4a
AN		 552 ap_sta = sta_info_get(sdata, ifmgd->bssid);
553 if (WARN_ON_ONCE(!sta || !ap_sta)) {
0fabfaaf 554 mutex_unlock(&local->sta_mtx);
6f7eaa47
AN		 555 return;
556 }
557
0fabfaaf
AN		 558 sta->tdls_chandef = sdata->vif.bss_conf.chandef;
559
6f7eaa47
AN		 560 /* add any custom IEs that go before the QoS IE */
561 if (extra_ies_len) {
562 static const u8 before_qos[] = {
563 WLAN_EID_RSN,
564 };
565 noffset = ieee80211_ie_split(extra_ies, extra_ies_len,
566 before_qos,
567 ARRAY_SIZE(before_qos),
568 offset);
569 pos = skb_put(skb, noffset - offset);
570 memcpy(pos, extra_ies + offset, noffset - offset);
571 offset = noffset;
572 }
573
574 /* add the QoS param IE if both the peer and we support it */
a74a8c84 575 if (local->hw.queues >= IEEE80211_NUM_ACS && sta->sta.wme)
6f7eaa47
AN		 576 ieee80211_tdls_add_wmm_param_ie(sdata, skb);
577
13cc8a4a
AN		 578 /* add any custom IEs that go before HT operation */
579 if (extra_ies_len) {
580 static const u8 before_ht_op[] = {
581 WLAN_EID_RSN,
582 WLAN_EID_QOS_CAPA,
583 WLAN_EID_FAST_BSS_TRANSITION,
584 WLAN_EID_TIMEOUT_INTERVAL,
585 };
586 noffset = ieee80211_ie_split(extra_ies, extra_ies_len,
587 before_ht_op,
588 ARRAY_SIZE(before_ht_op),
589 offset);
590 pos = skb_put(skb, noffset - offset);
591 memcpy(pos, extra_ies + offset, noffset - offset);
592 offset = noffset;
593 }
594
57f255f5
AN		 595 /*
596 * if HT support is only added in TDLS, we need an HT-operation IE.
597 * add the IE as required by IEEE802.11-2012 9.23.3.2.
598 */
13cc8a4a 599 if (!ap_sta->sta.ht_cap.ht_supported && sta->sta.ht_cap.ht_supported) {
57f255f5
AN		 600 u16 prot = IEEE80211_HT_OP_MODE_PROTECTION_NONHT_MIXED |
601 IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT |
602 IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT;
603
890b7878 604 pos = skb_put(skb, 2 + sizeof(struct ieee80211_ht_operation));
890b7878 605 ieee80211_ie_build_ht_oper(pos, &sta->sta.ht_cap,
57f255f5
AN		 606 &sdata->vif.bss_conf.chandef, prot,
607 true);
13cc8a4a
AN		 608 }
609
fb28ec0c
AN		 610 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator);
611
612 /* only include VHT-operation if not on the 2.4GHz band */
890b7878 613 if (band != IEEE80211_BAND_2GHZ && sta->sta.vht_cap.vht_supported) {
0fabfaaf
AN		 614 /*
615 * if both peers support WIDER_BW, we can expand the chandef to
616 * a wider compatible one, up to 80MHz
617 */
618 if (test_sta_flag(sta, WLAN_STA_TDLS_WIDER_BW))
619 ieee80211_tdls_chandef_vht_upgrade(sdata, sta);
620
890b7878
AN		 621 pos = skb_put(skb, 2 + sizeof(struct ieee80211_vht_operation));
622 ieee80211_ie_build_vht_oper(pos, &sta->sta.vht_cap,
0fabfaaf 623 &sta->tdls_chandef);
fb28ec0c
AN		 624 }
625
0fabfaaf 626 mutex_unlock(&local->sta_mtx);
13cc8a4a 627
6f7eaa47
AN		 628 /* add any remaining IEs */
629 if (extra_ies_len) {
630 noffset = extra_ies_len;
631 pos = skb_put(skb, noffset - offset);
632 memcpy(pos, extra_ies + offset, noffset - offset);
633 }
6f7eaa47
AN		 634}
635
a7a6bdd0
AN		 636static void
637ieee80211_tdls_add_chan_switch_req_ies(struct ieee80211_sub_if_data *sdata,
638 struct sk_buff *skb, const u8 *peer,
639 bool initiator, const u8 *extra_ies,
640 size_t extra_ies_len, u8 oper_class,
641 struct cfg80211_chan_def *chandef)
642{
643 struct ieee80211_tdls_data *tf;
644 size_t offset = 0, noffset;
645 u8 *pos;
646
647 if (WARN_ON_ONCE(!chandef))
648 return;
649
650 tf = (void *)skb->data;
651 tf->u.chan_switch_req.target_channel =
652 ieee80211_frequency_to_channel(chandef->chan->center_freq);
653 tf->u.chan_switch_req.oper_class = oper_class;
654
655 if (extra_ies_len) {
656 static const u8 before_lnkie[] = {
657 WLAN_EID_SECONDARY_CHANNEL_OFFSET,
658 };
659 noffset = ieee80211_ie_split(extra_ies, extra_ies_len,
660 before_lnkie,
661 ARRAY_SIZE(before_lnkie),
662 offset);
663 pos = skb_put(skb, noffset - offset);
664 memcpy(pos, extra_ies + offset, noffset - offset);
665 offset = noffset;
666 }
667
668 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator);
669
670 /* add any remaining IEs */
671 if (extra_ies_len) {
672 noffset = extra_ies_len;
673 pos = skb_put(skb, noffset - offset);
674 memcpy(pos, extra_ies + offset, noffset - offset);
675 }
676}
677
8a4d32f3
AN		 678static void
679ieee80211_tdls_add_chan_switch_resp_ies(struct ieee80211_sub_if_data *sdata,
680 struct sk_buff *skb, const u8 *peer,
681 u16 status_code, bool initiator,
682 const u8 *extra_ies,
683 size_t extra_ies_len)
684{
685 if (status_code == 0)
686 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator);
687
688 if (extra_ies_len)
689 memcpy(skb_put(skb, extra_ies_len), extra_ies, extra_ies_len);
690}
691
46792a2d
AN		 692static void ieee80211_tdls_add_ies(struct ieee80211_sub_if_data *sdata,
693 struct sk_buff *skb, const u8 *peer,
1606ef4a
AN		 694 u8 action_code, u16 status_code,
695 bool initiator, const u8 *extra_ies,
c2733905
AN		 696 size_t extra_ies_len, u8 oper_class,
697 struct cfg80211_chan_def *chandef)
46792a2d 698{
46792a2d
AN		 699 switch (action_code) {
700 case WLAN_TDLS_SETUP_REQUEST:
701 case WLAN_TDLS_SETUP_RESPONSE:
702 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES:
1606ef4a
AN		 703 if (status_code == 0)
704 ieee80211_tdls_add_setup_start_ies(sdata, skb, peer,
705 action_code,
706 initiator,
707 extra_ies,
708 extra_ies_len);
46792a2d
AN		 709 break;
710 case WLAN_TDLS_SETUP_CONFIRM:
6f7eaa47
AN		 711 if (status_code == 0)
712 ieee80211_tdls_add_setup_cfm_ies(sdata, skb, peer,
713 initiator, extra_ies,
714 extra_ies_len);
715 break;
46792a2d
AN		 716 case WLAN_TDLS_TEARDOWN:
717 case WLAN_TDLS_DISCOVERY_REQUEST:
f09a87d2
AN		 718 if (extra_ies_len)
719 memcpy(skb_put(skb, extra_ies_len), extra_ies,
720 extra_ies_len);
1606ef4a
AN		 721 if (status_code == 0 || action_code == WLAN_TDLS_TEARDOWN)
722 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator);
46792a2d 723 break;
a7a6bdd0
AN		 724 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST:
725 ieee80211_tdls_add_chan_switch_req_ies(sdata, skb, peer,
726 initiator, extra_ies,
727 extra_ies_len,
728 oper_class, chandef);
729 break;
8a4d32f3
AN		 730 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE:
731 ieee80211_tdls_add_chan_switch_resp_ies(sdata, skb, peer,
732 status_code,
733 initiator, extra_ies,
734 extra_ies_len);
735 break;
46792a2d
AN		 736 }
737
46792a2d
AN		 738}
739
95224fe8
AN		 740static int
741ieee80211_prep_tdls_encap_data(struct wiphy *wiphy, struct net_device *dev,
3b3a0162 742 const u8 *peer, u8 action_code, u8 dialog_token,
95224fe8
AN		 743 u16 status_code, struct sk_buff *skb)
744{
745 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
95224fe8
AN		 746 struct ieee80211_tdls_data *tf;
747
748 tf = (void *)skb_put(skb, offsetof(struct ieee80211_tdls_data, u));
749
750 memcpy(tf->da, peer, ETH_ALEN);
751 memcpy(tf->sa, sdata->vif.addr, ETH_ALEN);
752 tf->ether_type = cpu_to_be16(ETH_P_TDLS);
753 tf->payload_type = WLAN_TDLS_SNAP_RFTYPE;
754
59cd85cb
AN		 755 /* network header is after the ethernet header */
756 skb_set_network_header(skb, ETH_HLEN);
757
95224fe8
AN		 758 switch (action_code) {
759 case WLAN_TDLS_SETUP_REQUEST:
760 tf->category = WLAN_CATEGORY_TDLS;
761 tf->action_code = WLAN_TDLS_SETUP_REQUEST;
762
763 skb_put(skb, sizeof(tf->u.setup_req));
764 tf->u.setup_req.dialog_token = dialog_token;
765 tf->u.setup_req.capability =
dd8c0b03
AN		 766 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata,
767 status_code));
95224fe8
AN		 768 break;
769 case WLAN_TDLS_SETUP_RESPONSE:
770 tf->category = WLAN_CATEGORY_TDLS;
771 tf->action_code = WLAN_TDLS_SETUP_RESPONSE;
772
773 skb_put(skb, sizeof(tf->u.setup_resp));
774 tf->u.setup_resp.status_code = cpu_to_le16(status_code);
775 tf->u.setup_resp.dialog_token = dialog_token;
776 tf->u.setup_resp.capability =
dd8c0b03
AN		 777 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata,
778 status_code));
95224fe8
AN		 779 break;
780 case WLAN_TDLS_SETUP_CONFIRM:
781 tf->category = WLAN_CATEGORY_TDLS;
782 tf->action_code = WLAN_TDLS_SETUP_CONFIRM;
783
784 skb_put(skb, sizeof(tf->u.setup_cfm));
785 tf->u.setup_cfm.status_code = cpu_to_le16(status_code);
786 tf->u.setup_cfm.dialog_token = dialog_token;
787 break;
788 case WLAN_TDLS_TEARDOWN:
789 tf->category = WLAN_CATEGORY_TDLS;
790 tf->action_code = WLAN_TDLS_TEARDOWN;
791
792 skb_put(skb, sizeof(tf->u.teardown));
793 tf->u.teardown.reason_code = cpu_to_le16(status_code);
794 break;
795 case WLAN_TDLS_DISCOVERY_REQUEST:
796 tf->category = WLAN_CATEGORY_TDLS;
797 tf->action_code = WLAN_TDLS_DISCOVERY_REQUEST;
798
799 skb_put(skb, sizeof(tf->u.discover_req));
800 tf->u.discover_req.dialog_token = dialog_token;
801 break;
a7a6bdd0
AN		 802 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST:
803 tf->category = WLAN_CATEGORY_TDLS;
804 tf->action_code = WLAN_TDLS_CHANNEL_SWITCH_REQUEST;
805
806 skb_put(skb, sizeof(tf->u.chan_switch_req));
807 break;
8a4d32f3
AN		 808 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE:
809 tf->category = WLAN_CATEGORY_TDLS;
810 tf->action_code = WLAN_TDLS_CHANNEL_SWITCH_RESPONSE;
811
812 skb_put(skb, sizeof(tf->u.chan_switch_resp));
813 tf->u.chan_switch_resp.status_code = cpu_to_le16(status_code);
814 break;
95224fe8
AN		 815 default:
816 return -EINVAL;
817 }
818
819 return 0;
820}
821
822static int
823ieee80211_prep_tdls_direct(struct wiphy *wiphy, struct net_device *dev,
3b3a0162 824 const u8 *peer, u8 action_code, u8 dialog_token,
95224fe8
AN		 825 u16 status_code, struct sk_buff *skb)
826{
827 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
95224fe8
AN		 828 struct ieee80211_mgmt *mgmt;
829
830 mgmt = (void *)skb_put(skb, 24);
831 memset(mgmt, 0, 24);
832 memcpy(mgmt->da, peer, ETH_ALEN);
833 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
834 memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN);
835
836 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
837 IEEE80211_STYPE_ACTION);
838
839 switch (action_code) {
840 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES:
841 skb_put(skb, 1 + sizeof(mgmt->u.action.u.tdls_discover_resp));
842 mgmt->u.action.category = WLAN_CATEGORY_PUBLIC;
843 mgmt->u.action.u.tdls_discover_resp.action_code =
844 WLAN_PUB_ACTION_TDLS_DISCOVER_RES;
845 mgmt->u.action.u.tdls_discover_resp.dialog_token =
846 dialog_token;
847 mgmt->u.action.u.tdls_discover_resp.capability =
dd8c0b03
AN		 848 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata,
849 status_code));
95224fe8
AN		 850 break;
851 default:
852 return -EINVAL;
853 }
854
855 return 0;
856}
857
c2733905
AN		 858static struct sk_buff *
859ieee80211_tdls_build_mgmt_packet_data(struct ieee80211_sub_if_data *sdata,
860 const u8 *peer, u8 action_code,
861 u8 dialog_token, u16 status_code,
862 bool initiator, const u8 *extra_ies,
863 size_t extra_ies_len, u8 oper_class,
864 struct cfg80211_chan_def *chandef)
95224fe8 865{
95224fe8 866 struct ieee80211_local *local = sdata->local;
c2733905 867 struct sk_buff *skb;
95224fe8
AN		 868 int ret;
869
c2733905 870 skb = netdev_alloc_skb(sdata->dev,
1277b4a9
LK		 871 local->hw.extra_tx_headroom +
872 max(sizeof(struct ieee80211_mgmt),
873 sizeof(struct ieee80211_tdls_data)) +
874 50 + /* supported rates */
b98fb44f 875 10 + /* ext capab */
1277b4a9
LK		 876 26 + /* max(WMM-info, WMM-param) */
877 2 + max(sizeof(struct ieee80211_ht_cap),
878 sizeof(struct ieee80211_ht_operation)) +
fb28ec0c
AN		 879 2 + max(sizeof(struct ieee80211_vht_cap),
880 sizeof(struct ieee80211_vht_operation)) +
f0d29cb9 881 50 + /* supported channels */
2cedd879 882 3 + /* 40/20 BSS coex */
fb28ec0c 883 4 + /* AID */
a38700dd 884 4 + /* oper classes */
1277b4a9
LK		 885 extra_ies_len +
886 sizeof(struct ieee80211_tdls_lnkie));
95224fe8 887 if (!skb)
c2733905 888 return NULL;
95224fe8
AN		 889
890 skb_reserve(skb, local->hw.extra_tx_headroom);
891
892 switch (action_code) {
893 case WLAN_TDLS_SETUP_REQUEST:
894 case WLAN_TDLS_SETUP_RESPONSE:
895 case WLAN_TDLS_SETUP_CONFIRM:
896 case WLAN_TDLS_TEARDOWN:
897 case WLAN_TDLS_DISCOVERY_REQUEST:
a7a6bdd0 898 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST:
8a4d32f3 899 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE:
c2733905
AN		 900 ret = ieee80211_prep_tdls_encap_data(local->hw.wiphy,
901 sdata->dev, peer,
95224fe8
AN		 902 action_code, dialog_token,
903 status_code, skb);
95224fe8
AN		 904 break;
905 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES:
c2733905
AN		 906 ret = ieee80211_prep_tdls_direct(local->hw.wiphy, sdata->dev,
907 peer, action_code,
95224fe8
AN		 908 dialog_token, status_code,
909 skb);
95224fe8
AN		 910 break;
911 default:
912 ret = -ENOTSUPP;
913 break;
914 }
915
916 if (ret < 0)
917 goto fail;
918
c2733905
AN		 919 ieee80211_tdls_add_ies(sdata, skb, peer, action_code, status_code,
920 initiator, extra_ies, extra_ies_len, oper_class,
921 chandef);
922 return skb;
923
924fail:
925 dev_kfree_skb(skb);
926 return NULL;
927}
928
929static int
930ieee80211_tdls_prep_mgmt_packet(struct wiphy *wiphy, struct net_device *dev,
931 const u8 *peer, u8 action_code, u8 dialog_token,
932 u16 status_code, u32 peer_capability,
933 bool initiator, const u8 *extra_ies,
934 size_t extra_ies_len, u8 oper_class,
935 struct cfg80211_chan_def *chandef)
936{
937 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
938 struct sk_buff *skb = NULL;
939 struct sta_info *sta;
940 u32 flags = 0;
941 int ret = 0;
942
626911cc
AN		 943 rcu_read_lock();
944 sta = sta_info_get(sdata, peer);
945
946 /* infer the initiator if we can, to support old userspace */
95224fe8
AN		 947 switch (action_code) {
948 case WLAN_TDLS_SETUP_REQUEST:
8b94148c 949 if (sta) {
626911cc 950 set_sta_flag(sta, WLAN_STA_TDLS_INITIATOR);
8b94148c
AN		 951 sta->sta.tdls_initiator = false;
952 }
626911cc 953 /* fall-through */
95224fe8 954 case WLAN_TDLS_SETUP_CONFIRM:
95224fe8 955 case WLAN_TDLS_DISCOVERY_REQUEST:
626911cc 956 initiator = true;
95224fe8
AN		 957 break;
958 case WLAN_TDLS_SETUP_RESPONSE:
626911cc
AN		 959 /*
960 * In some testing scenarios, we send a request and response.
961 * Make the last packet sent take effect for the initiator
962 * value.
963 */
8b94148c 964 if (sta) {
626911cc 965 clear_sta_flag(sta, WLAN_STA_TDLS_INITIATOR);
8b94148c
AN		 966 sta->sta.tdls_initiator = true;
967 }
626911cc 968 /* fall-through */
95224fe8 969 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES:
626911cc 970 initiator = false;
2fb6b9b8
AN		 971 break;
972 case WLAN_TDLS_TEARDOWN:
a7a6bdd0 973 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST:
8a4d32f3 974 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE:
2fb6b9b8 975 /* any value is ok */
95224fe8
AN		 976 break;
977 default:
978 ret = -ENOTSUPP;
626911cc 979 break;
95224fe8
AN		 980 }
981
46792a2d
AN		 982 if (sta && test_sta_flag(sta, WLAN_STA_TDLS_INITIATOR))
983 initiator = true;
2fb6b9b8 984
626911cc
AN		 985 rcu_read_unlock();
986 if (ret < 0)
987 goto fail;
988
c2733905
AN		 989 skb = ieee80211_tdls_build_mgmt_packet_data(sdata, peer, action_code,
990 dialog_token, status_code,
991 initiator, extra_ies,
992 extra_ies_len, oper_class,
993 chandef);
994 if (!skb) {
995 ret = -EINVAL;
996 goto fail;
997 }
998
999 if (action_code == WLAN_PUB_ACTION_TDLS_DISCOVER_RES) {
95224fe8
AN		 1000 ieee80211_tx_skb(sdata, skb);
1001 return 0;
1002 }
1003
1004 /*
1005 * According to 802.11z: Setup req/resp are sent in AC_BK, otherwise
1006 * we should default to AC_VI.
1007 */
1008 switch (action_code) {
1009 case WLAN_TDLS_SETUP_REQUEST:
1010 case WLAN_TDLS_SETUP_RESPONSE:
1011 skb_set_queue_mapping(skb, IEEE80211_AC_BK);
1012 skb->priority = 2;
1013 break;
1014 default:
1015 skb_set_queue_mapping(skb, IEEE80211_AC_VI);
1016 skb->priority = 5;
1017 break;
1018 }
1019
1277b4a9
LK		 1020 /*
1021 * Set the WLAN_TDLS_TEARDOWN flag to indicate a teardown in progress.
1022 * Later, if no ACK is returned from peer, we will re-send the teardown
1023 * packet through the AP.
1024 */
1025 if ((action_code == WLAN_TDLS_TEARDOWN) &&
30686bf7 1026 ieee80211_hw_check(&sdata->local->hw, REPORTS_TX_ACK_STATUS)) {
1277b4a9
LK		 1027 bool try_resend; /* Should we keep skb for possible resend */
1028
1029 /* If not sending directly to peer - no point in keeping skb */
1030 rcu_read_lock();
1031 sta = sta_info_get(sdata, peer);
1032 try_resend = sta && test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH);
1033 rcu_read_unlock();
1034
1035 spin_lock_bh(&sdata->u.mgd.teardown_lock);
1036 if (try_resend && !sdata->u.mgd.teardown_skb) {
1037 /* Mark it as requiring TX status callback */
1038 flags |= IEEE80211_TX_CTL_REQ_TX_STATUS |
1039 IEEE80211_TX_INTFL_MLME_CONN_TX;
1040
1041 /*
1042 * skb is copied since mac80211 will later set
1043 * properties that might not be the same as the AP,
1044 * such as encryption, QoS, addresses, etc.
1045 *
1046 * No problem if skb_copy() fails, so no need to check.
1047 */
1048 sdata->u.mgd.teardown_skb = skb_copy(skb, GFP_ATOMIC);
1049 sdata->u.mgd.orig_teardown_skb = skb;
1050 }
1051 spin_unlock_bh(&sdata->u.mgd.teardown_lock);
1052 }
1053
95224fe8
AN		 1054 /* disable bottom halves when entering the Tx path */
1055 local_bh_disable();
1277b4a9 1056 __ieee80211_subif_start_xmit(skb, dev, flags);
95224fe8
AN		 1057 local_bh_enable();
1058
1059 return ret;
1060
1061fail:
1062 dev_kfree_skb(skb);
1063 return ret;
1064}
1065
191dd469
AN		 1066static int
1067ieee80211_tdls_mgmt_setup(struct wiphy *wiphy, struct net_device *dev,
1068 const u8 *peer, u8 action_code, u8 dialog_token,
1069 u16 status_code, u32 peer_capability, bool initiator,
1070 const u8 *extra_ies, size_t extra_ies_len)
17e6a59a
AN		 1071{
1072 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1073 struct ieee80211_local *local = sdata->local;
d51c2ea3 1074 enum ieee80211_smps_mode smps_mode = sdata->u.mgd.driver_smps_mode;
17e6a59a
AN		 1075 int ret;
1076
d51c2ea3
AN		 1077 /* don't support setup with forced SMPS mode that's not off */
1078 if (smps_mode != IEEE80211_SMPS_AUTOMATIC &&
1079 smps_mode != IEEE80211_SMPS_OFF) {
1080 tdls_dbg(sdata, "Aborting TDLS setup due to SMPS mode %d\n",
1081 smps_mode);
1082 return -ENOTSUPP;
1083 }
1084
17e6a59a
AN		 1085 mutex_lock(&local->mtx);
1086
1087 /* we don't support concurrent TDLS peer setups */
81dd2b88
AN		 1088 if (!is_zero_ether_addr(sdata->u.mgd.tdls_peer) &&
1089 !ether_addr_equal(sdata->u.mgd.tdls_peer, peer)) {
17e6a59a 1090 ret = -EBUSY;
ae2e9fba 1091 goto out_unlock;
17e6a59a
AN		 1092 }
1093
7adc3e46
AN		 1094 /*
1095 * make sure we have a STA representing the peer so we drop or buffer
1096 * non-TDLS-setup frames to the peer. We can't send other packets
6ae32e5d
AN		 1097 * during setup through the AP path.
1098 * Allow error packets to be sent - sometimes we don't even add a STA
1099 * before failing the setup.
7adc3e46 1100 */
6ae32e5d
AN		 1101 if (status_code == 0) {
1102 rcu_read_lock();
1103 if (!sta_info_get(sdata, peer)) {
1104 rcu_read_unlock();
1105 ret = -ENOLINK;
ae2e9fba 1106 goto out_unlock;
6ae32e5d 1107 }
7adc3e46 1108 rcu_read_unlock();
7adc3e46 1109 }
7adc3e46 1110
3b24f4c6 1111 ieee80211_flush_queues(local, sdata, false);
ae2e9fba
AN		 1112 memcpy(sdata->u.mgd.tdls_peer, peer, ETH_ALEN);
1113 mutex_unlock(&local->mtx);
db67d661 1114
ae2e9fba 1115 /* we cannot take the mutex while preparing the setup packet */
17e6a59a
AN		 1116 ret = ieee80211_tdls_prep_mgmt_packet(wiphy, dev, peer, action_code,
1117 dialog_token, status_code,
2fb6b9b8 1118 peer_capability, initiator,
c2733905
AN		 1119 extra_ies, extra_ies_len, 0,
1120 NULL);
ae2e9fba
AN		 1121 if (ret < 0) {
1122 mutex_lock(&local->mtx);
1123 eth_zero_addr(sdata->u.mgd.tdls_peer);
1124 mutex_unlock(&local->mtx);
1125 return ret;
1126 }
17e6a59a 1127
191dd469 1128 ieee80211_queue_delayed_work(&sdata->local->hw,
81dd2b88 1129 &sdata->u.mgd.tdls_peer_del_work,
191dd469 1130 TDLS_PEER_SETUP_TIMEOUT);
ae2e9fba 1131 return 0;
17e6a59a 1132
ae2e9fba 1133out_unlock:
17e6a59a 1134 mutex_unlock(&local->mtx);
191dd469
AN		 1135 return ret;
1136}
1137
db67d661
AN		 1138static int
1139ieee80211_tdls_mgmt_teardown(struct wiphy *wiphy, struct net_device *dev,
1140 const u8 *peer, u8 action_code, u8 dialog_token,
1141 u16 status_code, u32 peer_capability,
1142 bool initiator, const u8 *extra_ies,
1143 size_t extra_ies_len)
1144{
1145 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1146 struct ieee80211_local *local = sdata->local;
1147 struct sta_info *sta;
1148 int ret;
1149
1150 /*
1151 * No packets can be transmitted to the peer via the AP during setup -
1152 * the STA is set as a TDLS peer, but is not authorized.
1153 * During teardown, we prevent direct transmissions by stopping the
1154 * queues and flushing all direct packets.
1155 */
1156 ieee80211_stop_vif_queues(local, sdata,
1157 IEEE80211_QUEUE_STOP_REASON_TDLS_TEARDOWN);
3b24f4c6 1158 ieee80211_flush_queues(local, sdata, false);
db67d661
AN		 1159
1160 ret = ieee80211_tdls_prep_mgmt_packet(wiphy, dev, peer, action_code,
1161 dialog_token, status_code,
1162 peer_capability, initiator,
c2733905
AN		 1163 extra_ies, extra_ies_len, 0,
1164 NULL);
db67d661
AN		 1165 if (ret < 0)
1166 sdata_err(sdata, "Failed sending TDLS teardown packet %d\n",
1167 ret);
1168
1169 /*
1170 * Remove the STA AUTH flag to force further traffic through the AP. If
1171 * the STA was unreachable, it was already removed.
1172 */
1173 rcu_read_lock();
1174 sta = sta_info_get(sdata, peer);
1175 if (sta)
1176 clear_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH);
1177 rcu_read_unlock();
1178
1179 ieee80211_wake_vif_queues(local, sdata,
1180 IEEE80211_QUEUE_STOP_REASON_TDLS_TEARDOWN);
1181
1182 return 0;
1183}
1184
191dd469
AN		 1185int ieee80211_tdls_mgmt(struct wiphy *wiphy, struct net_device *dev,
1186 const u8 *peer, u8 action_code, u8 dialog_token,
1187 u16 status_code, u32 peer_capability,
1188 bool initiator, const u8 *extra_ies,
1189 size_t extra_ies_len)
1190{
1191 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1192 int ret;
1193
1194 if (!(wiphy->flags & WIPHY_FLAG_SUPPORTS_TDLS))
1195 return -ENOTSUPP;
1196
1197 /* make sure we are in managed mode, and associated */
1198 if (sdata->vif.type != NL80211_IFTYPE_STATION ||
1199 !sdata->u.mgd.associated)
1200 return -EINVAL;
1201
1202 switch (action_code) {
1203 case WLAN_TDLS_SETUP_REQUEST:
1204 case WLAN_TDLS_SETUP_RESPONSE:
1205 ret = ieee80211_tdls_mgmt_setup(wiphy, dev, peer, action_code,
1206 dialog_token, status_code,
1207 peer_capability, initiator,
1208 extra_ies, extra_ies_len);
1209 break;
1210 case WLAN_TDLS_TEARDOWN:
db67d661
AN		 1211 ret = ieee80211_tdls_mgmt_teardown(wiphy, dev, peer,
1212 action_code, dialog_token,
1213 status_code,
1214 peer_capability, initiator,
1215 extra_ies, extra_ies_len);
1216 break;
191dd469 1217 case WLAN_TDLS_DISCOVERY_REQUEST:
ee10f2c7
AN		 1218 /*
1219 * Protect the discovery so we can hear the TDLS discovery
1220 * response frame. It is transmitted directly and not buffered
1221 * by the AP.
1222 */
1223 drv_mgd_protect_tdls_discover(sdata->local, sdata);
1224 /* fall-through */
1225 case WLAN_TDLS_SETUP_CONFIRM:
191dd469
AN		 1226 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES:
1227 /* no special handling */
1228 ret = ieee80211_tdls_prep_mgmt_packet(wiphy, dev, peer,
1229 action_code,
1230 dialog_token,
1231 status_code,
1232 peer_capability,
1233 initiator, extra_ies,
c2733905 1234 extra_ies_len, 0, NULL);
191dd469
AN		 1235 break;
1236 default:
1237 ret = -EOPNOTSUPP;
1238 break;
1239 }
17e6a59a
AN		 1240
1241 tdls_dbg(sdata, "TDLS mgmt action %d peer %pM status %d\n",
1242 action_code, peer, ret);
1243 return ret;
1244}
1245
59021c67
AN		 1246static void iee80211_tdls_recalc_chanctx(struct ieee80211_sub_if_data *sdata,
1247 struct sta_info *sta)
0fabfaaf
AN		 1248{
1249 struct ieee80211_local *local = sdata->local;
1250 struct ieee80211_chanctx_conf *conf;
1251 struct ieee80211_chanctx *ctx;
59021c67
AN		 1252 enum nl80211_chan_width width;
1253 struct ieee80211_supported_band *sband;
0fabfaaf
AN		 1254
1255 mutex_lock(&local->chanctx_mtx);
1256 conf = rcu_dereference_protected(sdata->vif.chanctx_conf,
1257 lockdep_is_held(&local->chanctx_mtx));
1258 if (conf) {
59021c67
AN		 1259 width = conf->def.width;
1260 sband = local->hw.wiphy->bands[conf->def.chan->band];
0fabfaaf
AN		 1261 ctx = container_of(conf, struct ieee80211_chanctx, conf);
1262 ieee80211_recalc_chanctx_chantype(local, ctx);
59021c67
AN		 1263
1264 /* if width changed and a peer is given, update its BW */
1265 if (width != conf->def.width && sta &&
1266 test_sta_flag(sta, WLAN_STA_TDLS_WIDER_BW)) {
1267 enum ieee80211_sta_rx_bandwidth bw;
1268
1269 bw = ieee80211_chan_width_to_rx_bw(conf->def.width);
1270 bw = min(bw, ieee80211_sta_cap_rx_bw(sta));
1271 if (bw != sta->sta.bandwidth) {
1272 sta->sta.bandwidth = bw;
1273 rate_control_rate_update(local, sband, sta,
1274 IEEE80211_RC_BW_CHANGED);
1275 /*
1276 * if a TDLS peer BW was updated, we need to
1277 * recalc the chandef width again, to get the
1278 * correct chanctx min_def
1279 */
1280 ieee80211_recalc_chanctx_chantype(local, ctx);
1281 }
1282 }
1283
0fabfaaf
AN		 1284 }
1285 mutex_unlock(&local->chanctx_mtx);
1286}
1287
22f66895
AA		 1288static int iee80211_tdls_have_ht_peers(struct ieee80211_sub_if_data *sdata)
1289{
1290 struct sta_info *sta;
1291 bool result = false;
1292
1293 rcu_read_lock();
1294 list_for_each_entry_rcu(sta, &sdata->local->sta_list, list) {
1295 if (!sta->sta.tdls || sta->sdata != sdata || !sta->uploaded ||
1296 !test_sta_flag(sta, WLAN_STA_AUTHORIZED) ||
1297 !test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH) ||
1298 !sta->sta.ht_cap.ht_supported)
1299 continue;
1300 result = true;
1301 break;
1302 }
1303 rcu_read_unlock();
1304
1305 return result;
1306}
1307
1308static void
1309iee80211_tdls_recalc_ht_protection(struct ieee80211_sub_if_data *sdata,
1310 struct sta_info *sta)
1311{
1312 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1313 bool tdls_ht;
1314 u16 protection = IEEE80211_HT_OP_MODE_PROTECTION_NONHT_MIXED |
1315 IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT |
1316 IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT;
1317 u16 opmode;
1318
1319 /* Nothing to do if the BSS connection uses HT */
1320 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT))
1321 return;
1322
1323 tdls_ht = (sta && sta->sta.ht_cap.ht_supported) ||
1324 iee80211_tdls_have_ht_peers(sdata);
1325
1326 opmode = sdata->vif.bss_conf.ht_operation_mode;
1327
1328 if (tdls_ht)
1329 opmode |= protection;
1330 else
1331 opmode &= ~protection;
1332
1333 if (opmode == sdata->vif.bss_conf.ht_operation_mode)
1334 return;
1335
1336 sdata->vif.bss_conf.ht_operation_mode = opmode;
1337 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_HT);
1338}
1339
95224fe8 1340int ieee80211_tdls_oper(struct wiphy *wiphy, struct net_device *dev,
3b3a0162 1341 const u8 *peer, enum nl80211_tdls_operation oper)
95224fe8
AN		 1342{
1343 struct sta_info *sta;
1344 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
17e6a59a
AN		 1345 struct ieee80211_local *local = sdata->local;
1346 int ret;
95224fe8
AN		 1347
1348 if (!(wiphy->flags & WIPHY_FLAG_SUPPORTS_TDLS))
1349 return -ENOTSUPP;
1350
1351 if (sdata->vif.type != NL80211_IFTYPE_STATION)
1352 return -EINVAL;
1353
17e6a59a
AN		 1354 switch (oper) {
1355 case NL80211_TDLS_ENABLE_LINK:
1356 case NL80211_TDLS_DISABLE_LINK:
1357 break;
1358 case NL80211_TDLS_TEARDOWN:
1359 case NL80211_TDLS_SETUP:
1360 case NL80211_TDLS_DISCOVERY_REQ:
1361 /* We don't support in-driver setup/teardown/discovery */
1362 return -ENOTSUPP;
1363 }
1364
22f66895
AA		 1365 /* protect possible bss_conf changes and avoid concurrency in
1366 * ieee80211_bss_info_change_notify()
1367 */
1368 sdata_lock(sdata);
17e6a59a 1369 mutex_lock(&local->mtx);
95224fe8
AN		 1370 tdls_dbg(sdata, "TDLS oper %d peer %pM\n", oper, peer);
1371
1372 switch (oper) {
1373 case NL80211_TDLS_ENABLE_LINK:
c5a71688
AN		 1374 if (sdata->vif.csa_active) {
1375 tdls_dbg(sdata, "TDLS: disallow link during CSA\n");
1376 ret = -EBUSY;
1377 break;
1378 }
1379
22f66895 1380 mutex_lock(&local->sta_mtx);
95224fe8
AN		 1381 sta = sta_info_get(sdata, peer);
1382 if (!sta) {
22f66895 1383 mutex_unlock(&local->sta_mtx);
17e6a59a
AN		 1384 ret = -ENOLINK;
1385 break;
95224fe8
AN		 1386 }
1387
59021c67 1388 iee80211_tdls_recalc_chanctx(sdata, sta);
22f66895
AA		 1389 iee80211_tdls_recalc_ht_protection(sdata, sta);
1390
95224fe8 1391 set_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH);
22f66895 1392 mutex_unlock(&local->sta_mtx);
17e6a59a 1393
81dd2b88
AN		 1394 WARN_ON_ONCE(is_zero_ether_addr(sdata->u.mgd.tdls_peer) ||
1395 !ether_addr_equal(sdata->u.mgd.tdls_peer, peer));
17e6a59a 1396 ret = 0;
95224fe8
AN		 1397 break;
1398 case NL80211_TDLS_DISABLE_LINK:
bb3f8486
LK		 1399 /*
1400 * The teardown message in ieee80211_tdls_mgmt_teardown() was
1401 * created while the queues were stopped, so it might still be
1402 * pending. Before flushing the queues we need to be sure the
1403 * message is handled by the tasklet handling pending messages,
1404 * otherwise we might start destroying the station before
1405 * sending the teardown packet.
1406 * Note that this only forces the tasklet to flush pendings -
1407 * not to stop the tasklet from rescheduling itself.
1408 */
1409 tasklet_kill(&local->tx_pending_tasklet);
db67d661 1410 /* flush a potentially queued teardown packet */
3b24f4c6 1411 ieee80211_flush_queues(local, sdata, false);
db67d661 1412
17e6a59a 1413 ret = sta_info_destroy_addr(sdata, peer);
22f66895
AA		 1414
1415 mutex_lock(&local->sta_mtx);
1416 iee80211_tdls_recalc_ht_protection(sdata, NULL);
1417 mutex_unlock(&local->sta_mtx);
1418
59021c67 1419 iee80211_tdls_recalc_chanctx(sdata, NULL);
17e6a59a 1420 break;
95224fe8 1421 default:
17e6a59a
AN		 1422 ret = -ENOTSUPP;
1423 break;
95224fe8
AN		 1424 }
1425
81dd2b88
AN		 1426 if (ret == 0 && ether_addr_equal(sdata->u.mgd.tdls_peer, peer)) {
1427 cancel_delayed_work(&sdata->u.mgd.tdls_peer_del_work);
1428 eth_zero_addr(sdata->u.mgd.tdls_peer);
17e6a59a
AN		 1429 }
1430
d51c2ea3
AN		 1431 if (ret == 0)
1432 ieee80211_queue_work(&sdata->local->hw,
1433 &sdata->u.mgd.request_smps_work);
1434
17e6a59a 1435 mutex_unlock(&local->mtx);
22f66895 1436 sdata_unlock(sdata);
17e6a59a 1437 return ret;
95224fe8 1438}
c887f0d3
AN		 1439
1440void ieee80211_tdls_oper_request(struct ieee80211_vif *vif, const u8 *peer,
1441 enum nl80211_tdls_operation oper,
1442 u16 reason_code, gfp_t gfp)
1443{
1444 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1445
1446 if (vif->type != NL80211_IFTYPE_STATION || !vif->bss_conf.assoc) {
1447 sdata_err(sdata, "Discarding TDLS oper %d - not STA or disconnected\n",
1448 oper);
1449 return;
1450 }
1451
1452 cfg80211_tdls_oper_request(sdata->dev, peer, oper, reason_code, gfp);
1453}
1454EXPORT_SYMBOL(ieee80211_tdls_oper_request);
a7a6bdd0
AN		 1455
1456static void
1457iee80211_tdls_add_ch_switch_timing(u8 *buf, u16 switch_time, u16 switch_timeout)
1458{
1459 struct ieee80211_ch_switch_timing *ch_sw;
1460
1461 *buf++ = WLAN_EID_CHAN_SWITCH_TIMING;
1462 *buf++ = sizeof(struct ieee80211_ch_switch_timing);
1463
1464 ch_sw = (void *)buf;
1465 ch_sw->switch_time = cpu_to_le16(switch_time);
1466 ch_sw->switch_timeout = cpu_to_le16(switch_timeout);
1467}
1468
1469/* find switch timing IE in SKB ready for Tx */
1470static const u8 *ieee80211_tdls_find_sw_timing_ie(struct sk_buff *skb)
1471{
1472 struct ieee80211_tdls_data *tf;
1473 const u8 *ie_start;
1474
1475 /*
1476 * Get the offset for the new location of the switch timing IE.
1477 * The SKB network header will now point to the "payload_type"
1478 * element of the TDLS data frame struct.
1479 */
1480 tf = container_of(skb->data + skb_network_offset(skb),
1481 struct ieee80211_tdls_data, payload_type);
1482 ie_start = tf->u.chan_switch_req.variable;
1483 return cfg80211_find_ie(WLAN_EID_CHAN_SWITCH_TIMING, ie_start,
1484 skb->len - (ie_start - skb->data));
1485}
1486
1487static struct sk_buff *
1488ieee80211_tdls_ch_sw_tmpl_get(struct sta_info *sta, u8 oper_class,
1489 struct cfg80211_chan_def *chandef,
1490 u32 *ch_sw_tm_ie_offset)
1491{
1492 struct ieee80211_sub_if_data *sdata = sta->sdata;
1493 u8 extra_ies[2 + sizeof(struct ieee80211_sec_chan_offs_ie) +
1494 2 + sizeof(struct ieee80211_ch_switch_timing)];
1495 int extra_ies_len = 2 + sizeof(struct ieee80211_ch_switch_timing);
1496 u8 *pos = extra_ies;
1497 struct sk_buff *skb;
1498
1499 /*
1500 * if chandef points to a wide channel add a Secondary-Channel
1501 * Offset information element
1502 */
1503 if (chandef->width == NL80211_CHAN_WIDTH_40) {
1504 struct ieee80211_sec_chan_offs_ie *sec_chan_ie;
1505 bool ht40plus;
1506
1507 *pos++ = WLAN_EID_SECONDARY_CHANNEL_OFFSET;
1508 *pos++ = sizeof(*sec_chan_ie);
1509 sec_chan_ie = (void *)pos;
1510
1511 ht40plus = cfg80211_get_chandef_type(chandef) ==
1512 NL80211_CHAN_HT40PLUS;
1513 sec_chan_ie->sec_chan_offs = ht40plus ?
1514 IEEE80211_HT_PARAM_CHA_SEC_ABOVE :
1515 IEEE80211_HT_PARAM_CHA_SEC_BELOW;
1516 pos += sizeof(*sec_chan_ie);
1517
1518 extra_ies_len += 2 + sizeof(struct ieee80211_sec_chan_offs_ie);
1519 }
1520
1521 /* just set the values to 0, this is a template */
1522 iee80211_tdls_add_ch_switch_timing(pos, 0, 0);
1523
1524 skb = ieee80211_tdls_build_mgmt_packet_data(sdata, sta->sta.addr,
1525 WLAN_TDLS_CHANNEL_SWITCH_REQUEST,
1526 0, 0, !sta->sta.tdls_initiator,
1527 extra_ies, extra_ies_len,
1528 oper_class, chandef);
1529 if (!skb)
1530 return NULL;
1531
1532 skb = ieee80211_build_data_template(sdata, skb, 0);
1533 if (IS_ERR(skb)) {
1534 tdls_dbg(sdata, "Failed building TDLS channel switch frame\n");
1535 return NULL;
1536 }
1537
1538 if (ch_sw_tm_ie_offset) {
1539 const u8 *tm_ie = ieee80211_tdls_find_sw_timing_ie(skb);
1540
1541 if (!tm_ie) {
1542 tdls_dbg(sdata, "No switch timing IE in TDLS switch\n");
1543 dev_kfree_skb_any(skb);
1544 return NULL;
1545 }
1546
1547 *ch_sw_tm_ie_offset = tm_ie - skb->data;
1548 }
1549
1550 tdls_dbg(sdata,
1551 "TDLS channel switch request template for %pM ch %d width %d\n",
1552 sta->sta.addr, chandef->chan->center_freq, chandef->width);
1553 return skb;
1554}
1555
1556int
1557ieee80211_tdls_channel_switch(struct wiphy *wiphy, struct net_device *dev,
1558 const u8 *addr, u8 oper_class,
1559 struct cfg80211_chan_def *chandef)
1560{
1561 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1562 struct ieee80211_local *local = sdata->local;
1563 struct sta_info *sta;
1564 struct sk_buff *skb = NULL;
1565 u32 ch_sw_tm_ie;
1566 int ret;
1567
1568 mutex_lock(&local->sta_mtx);
1569 sta = sta_info_get(sdata, addr);
1570 if (!sta) {
1571 tdls_dbg(sdata,
1572 "Invalid TDLS peer %pM for channel switch request\n",
1573 addr);
1574 ret = -ENOENT;
1575 goto out;
1576 }
1577
1578 if (!test_sta_flag(sta, WLAN_STA_TDLS_CHAN_SWITCH)) {
1579 tdls_dbg(sdata, "TDLS channel switch unsupported by %pM\n",
1580 addr);
1581 ret = -ENOTSUPP;
1582 goto out;
1583 }
1584
1585 skb = ieee80211_tdls_ch_sw_tmpl_get(sta, oper_class, chandef,
1586 &ch_sw_tm_ie);
1587 if (!skb) {
1588 ret = -ENOENT;
1589 goto out;
1590 }
1591
1592 ret = drv_tdls_channel_switch(local, sdata, &sta->sta, oper_class,
1593 chandef, skb, ch_sw_tm_ie);
1594 if (!ret)
1595 set_sta_flag(sta, WLAN_STA_TDLS_OFF_CHANNEL);
1596
1597out:
1598 mutex_unlock(&local->sta_mtx);
1599 dev_kfree_skb_any(skb);
1600 return ret;
1601}
1602
1603void
1604ieee80211_tdls_cancel_channel_switch(struct wiphy *wiphy,
1605 struct net_device *dev,
1606 const u8 *addr)
1607{
1608 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1609 struct ieee80211_local *local = sdata->local;
1610 struct sta_info *sta;
1611
1612 mutex_lock(&local->sta_mtx);
1613 sta = sta_info_get(sdata, addr);
1614 if (!sta) {
1615 tdls_dbg(sdata,
1616 "Invalid TDLS peer %pM for channel switch cancel\n",
1617 addr);
1618 goto out;
1619 }
1620
1621 if (!test_sta_flag(sta, WLAN_STA_TDLS_OFF_CHANNEL)) {
1622 tdls_dbg(sdata, "TDLS channel switch not initiated by %pM\n",
1623 addr);
1624 goto out;
1625 }
1626
1627 drv_tdls_cancel_channel_switch(local, sdata, &sta->sta);
1628 clear_sta_flag(sta, WLAN_STA_TDLS_OFF_CHANNEL);
1629
1630out:
1631 mutex_unlock(&local->sta_mtx);
1632}
8a4d32f3
AN		 1633
1634static struct sk_buff *
1635ieee80211_tdls_ch_sw_resp_tmpl_get(struct sta_info *sta,
1636 u32 *ch_sw_tm_ie_offset)
1637{
1638 struct ieee80211_sub_if_data *sdata = sta->sdata;
1639 struct sk_buff *skb;
1640 u8 extra_ies[2 + sizeof(struct ieee80211_ch_switch_timing)];
1641
1642 /* initial timing are always zero in the template */
1643 iee80211_tdls_add_ch_switch_timing(extra_ies, 0, 0);
1644
1645 skb = ieee80211_tdls_build_mgmt_packet_data(sdata, sta->sta.addr,
1646 WLAN_TDLS_CHANNEL_SWITCH_RESPONSE,
1647 0, 0, !sta->sta.tdls_initiator,
1648 extra_ies, sizeof(extra_ies), 0, NULL);
1649 if (!skb)
1650 return NULL;
1651
1652 skb = ieee80211_build_data_template(sdata, skb, 0);
1653 if (IS_ERR(skb)) {
1654 tdls_dbg(sdata,
1655 "Failed building TDLS channel switch resp frame\n");
1656 return NULL;
1657 }
1658
1659 if (ch_sw_tm_ie_offset) {
1660 const u8 *tm_ie = ieee80211_tdls_find_sw_timing_ie(skb);
1661
1662 if (!tm_ie) {
1663 tdls_dbg(sdata,
1664 "No switch timing IE in TDLS switch resp\n");
1665 dev_kfree_skb_any(skb);
1666 return NULL;
1667 }
1668
1669 *ch_sw_tm_ie_offset = tm_ie - skb->data;
1670 }
1671
1672 tdls_dbg(sdata, "TDLS get channel switch response template for %pM\n",
1673 sta->sta.addr);
1674 return skb;
1675}
1676
1677static int
1678ieee80211_process_tdls_channel_switch_resp(struct ieee80211_sub_if_data *sdata,
1679 struct sk_buff *skb)
1680{
1681 struct ieee80211_local *local = sdata->local;
1682 struct ieee802_11_elems elems;
1683 struct sta_info *sta;
1684 struct ieee80211_tdls_data *tf = (void *)skb->data;
1685 bool local_initiator;
1686 struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb);
1687 int baselen = offsetof(typeof(*tf), u.chan_switch_resp.variable);
1688 struct ieee80211_tdls_ch_sw_params params = {};
1689 int ret;
1690
1691 params.action_code = WLAN_TDLS_CHANNEL_SWITCH_RESPONSE;
1692 params.timestamp = rx_status->device_timestamp;
1693
1694 if (skb->len < baselen) {
1695 tdls_dbg(sdata, "TDLS channel switch resp too short: %d\n",
1696 skb->len);
1697 return -EINVAL;
1698 }
1699
1700 mutex_lock(&local->sta_mtx);
1701 sta = sta_info_get(sdata, tf->sa);
1702 if (!sta || !test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH)) {
1703 tdls_dbg(sdata, "TDLS chan switch from non-peer sta %pM\n",
1704 tf->sa);
1705 ret = -EINVAL;
1706 goto out;
1707 }
1708
1709 params.sta = &sta->sta;
1710 params.status = le16_to_cpu(tf->u.chan_switch_resp.status_code);
1711 if (params.status != 0) {
1712 ret = 0;
1713 goto call_drv;
1714 }
1715
1716 ieee802_11_parse_elems(tf->u.chan_switch_resp.variable,
1717 skb->len - baselen, false, &elems);
1718 if (elems.parse_error) {
1719 tdls_dbg(sdata, "Invalid IEs in TDLS channel switch resp\n");
1720 ret = -EINVAL;
1721 goto out;
1722 }
1723
1724 if (!elems.ch_sw_timing || !elems.lnk_id) {
1725 tdls_dbg(sdata, "TDLS channel switch resp - missing IEs\n");
1726 ret = -EINVAL;
1727 goto out;
1728 }
1729
1730 /* validate the initiator is set correctly */
1731 local_initiator =
1732 !memcmp(elems.lnk_id->init_sta, sdata->vif.addr, ETH_ALEN);
1733 if (local_initiator == sta->sta.tdls_initiator) {
1734 tdls_dbg(sdata, "TDLS chan switch invalid lnk-id initiator\n");
1735 ret = -EINVAL;
1736 goto out;
1737 }
1738
1739 params.switch_time = le16_to_cpu(elems.ch_sw_timing->switch_time);
1740 params.switch_timeout = le16_to_cpu(elems.ch_sw_timing->switch_timeout);
1741
1742 params.tmpl_skb =
1743 ieee80211_tdls_ch_sw_resp_tmpl_get(sta, &params.ch_sw_tm_ie);
1744 if (!params.tmpl_skb) {
1745 ret = -ENOENT;
1746 goto out;
1747 }
1748
1749call_drv:
1750 drv_tdls_recv_channel_switch(sdata->local, sdata, &params);
1751
1752 tdls_dbg(sdata,
1753 "TDLS channel switch response received from %pM status %d\n",
1754 tf->sa, params.status);
1755
1756out:
1757 mutex_unlock(&local->sta_mtx);
1758 dev_kfree_skb_any(params.tmpl_skb);
1759 return ret;
1760}
1761
1762static int
1763ieee80211_process_tdls_channel_switch_req(struct ieee80211_sub_if_data *sdata,
1764 struct sk_buff *skb)
1765{
1766 struct ieee80211_local *local = sdata->local;
1767 struct ieee802_11_elems elems;
1768 struct cfg80211_chan_def chandef;
1769 struct ieee80211_channel *chan;
1770 enum nl80211_channel_type chan_type;
1771 int freq;
1772 u8 target_channel, oper_class;
1773 bool local_initiator;
1774 struct sta_info *sta;
1775 enum ieee80211_band band;
1776 struct ieee80211_tdls_data *tf = (void *)skb->data;
1777 struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb);
1778 int baselen = offsetof(typeof(*tf), u.chan_switch_req.variable);
1779 struct ieee80211_tdls_ch_sw_params params = {};
1780 int ret = 0;
1781
1782 params.action_code = WLAN_TDLS_CHANNEL_SWITCH_REQUEST;
1783 params.timestamp = rx_status->device_timestamp;
1784
1785 if (skb->len < baselen) {
1786 tdls_dbg(sdata, "TDLS channel switch req too short: %d\n",
1787 skb->len);
1788 return -EINVAL;
1789 }
1790
1791 target_channel = tf->u.chan_switch_req.target_channel;
1792 oper_class = tf->u.chan_switch_req.oper_class;
1793
1794 /*
1795 * We can't easily infer the channel band. The operating class is
1796 * ambiguous - there are multiple tables (US/Europe/JP/Global). The
1797 * solution here is to treat channels with number >14 as 5GHz ones,
1798 * and specifically check for the (oper_class, channel) combinations
1799 * where this doesn't hold. These are thankfully unique according to
1800 * IEEE802.11-2012.
1801 * We consider only the 2GHz and 5GHz bands and 20MHz+ channels as
1802 * valid here.
1803 */
1804 if ((oper_class == 112 || oper_class == 2 || oper_class == 3 ||
1805 oper_class == 4 || oper_class == 5 || oper_class == 6) &&
1806 target_channel < 14)
1807 band = IEEE80211_BAND_5GHZ;
1808 else
1809 band = target_channel < 14 ? IEEE80211_BAND_2GHZ :
1810 IEEE80211_BAND_5GHZ;
1811
1812 freq = ieee80211_channel_to_frequency(target_channel, band);
1813 if (freq == 0) {
1814 tdls_dbg(sdata, "Invalid channel in TDLS chan switch: %d\n",
1815 target_channel);
1816 return -EINVAL;
1817 }
1818
1819 chan = ieee80211_get_channel(sdata->local->hw.wiphy, freq);
1820 if (!chan) {
1821 tdls_dbg(sdata,
1822 "Unsupported channel for TDLS chan switch: %d\n",
1823 target_channel);
1824 return -EINVAL;
1825 }
1826
1827 ieee802_11_parse_elems(tf->u.chan_switch_req.variable,
1828 skb->len - baselen, false, &elems);
1829 if (elems.parse_error) {
1830 tdls_dbg(sdata, "Invalid IEs in TDLS channel switch req\n");
1831 return -EINVAL;
1832 }
1833
1834 if (!elems.ch_sw_timing || !elems.lnk_id) {
1835 tdls_dbg(sdata, "TDLS channel switch req - missing IEs\n");
1836 return -EINVAL;
1837 }
1838
42d8d789
AN		 1839 if (!elems.sec_chan_offs) {
1840 chan_type = NL80211_CHAN_HT20;
1841 } else {
1842 switch (elems.sec_chan_offs->sec_chan_offs) {
1843 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
1844 chan_type = NL80211_CHAN_HT40PLUS;
1845 break;
1846 case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
1847 chan_type = NL80211_CHAN_HT40MINUS;
1848 break;
1849 default:
1850 chan_type = NL80211_CHAN_HT20;
1851 break;
1852 }
1853 }
1854
1855 cfg80211_chandef_create(&chandef, chan, chan_type);
1856
1857 /* we will be active on the TDLS link */
1858 if (!cfg80211_reg_can_beacon_relax(sdata->local->hw.wiphy, &chandef,
1859 sdata->wdev.iftype)) {
1860 tdls_dbg(sdata, "TDLS chan switch to forbidden channel\n");
1861 return -EINVAL;
1862 }
1863
8a4d32f3
AN		 1864 mutex_lock(&local->sta_mtx);
1865 sta = sta_info_get(sdata, tf->sa);
1866 if (!sta || !test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH)) {
1867 tdls_dbg(sdata, "TDLS chan switch from non-peer sta %pM\n",
1868 tf->sa);
1869 ret = -EINVAL;
1870 goto out;
1871 }
1872
1873 params.sta = &sta->sta;
1874
1875 /* validate the initiator is set correctly */
1876 local_initiator =
1877 !memcmp(elems.lnk_id->init_sta, sdata->vif.addr, ETH_ALEN);
1878 if (local_initiator == sta->sta.tdls_initiator) {
1879 tdls_dbg(sdata, "TDLS chan switch invalid lnk-id initiator\n");
1880 ret = -EINVAL;
1881 goto out;
1882 }
1883
42d8d789
AN		 1884 /* peer should have known better */
1885 if (!sta->sta.ht_cap.ht_supported && elems.sec_chan_offs &&
1886 elems.sec_chan_offs->sec_chan_offs) {
1887 tdls_dbg(sdata, "TDLS chan switch - wide chan unsupported\n");
1888 ret = -ENOTSUPP;
1889 goto out;
8a4d32f3
AN		 1890 }
1891
8a4d32f3 1892 params.chandef = &chandef;
8a4d32f3
AN		 1893 params.switch_time = le16_to_cpu(elems.ch_sw_timing->switch_time);
1894 params.switch_timeout = le16_to_cpu(elems.ch_sw_timing->switch_timeout);
1895
1896 params.tmpl_skb =
1897 ieee80211_tdls_ch_sw_resp_tmpl_get(sta,
1898 &params.ch_sw_tm_ie);
1899 if (!params.tmpl_skb) {
1900 ret = -ENOENT;
1901 goto out;
1902 }
1903
1904 drv_tdls_recv_channel_switch(sdata->local, sdata, &params);
1905
1906 tdls_dbg(sdata,
1907 "TDLS ch switch request received from %pM ch %d width %d\n",
1908 tf->sa, params.chandef->chan->center_freq,
1909 params.chandef->width);
1910out:
1911 mutex_unlock(&local->sta_mtx);
1912 dev_kfree_skb_any(params.tmpl_skb);
1913 return ret;
1914}
1915
c8ff71e6
AN		 1916static void
1917ieee80211_process_tdls_channel_switch(struct ieee80211_sub_if_data *sdata,
1918 struct sk_buff *skb)
8a4d32f3
AN		 1919{
1920 struct ieee80211_tdls_data *tf = (void *)skb->data;
1921 struct wiphy *wiphy = sdata->local->hw.wiphy;
1922
c8ff71e6
AN		 1923 ASSERT_RTNL();
1924
8a4d32f3
AN		 1925 /* make sure the driver supports it */
1926 if (!(wiphy->features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
1927 return;
1928
1929 /* we want to access the entire packet */
1930 if (skb_linearize(skb))
1931 return;
1932 /*
1933 * The packet/size was already validated by mac80211 Rx path, only look
1934 * at the action type.
1935 */
1936 switch (tf->action_code) {
1937 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST:
1938 ieee80211_process_tdls_channel_switch_req(sdata, skb);
1939 break;
1940 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE:
1941 ieee80211_process_tdls_channel_switch_resp(sdata, skb);
1942 break;
1943 default:
1944 WARN_ON_ONCE(1);
1945 return;
1946 }
1947}
d51c2ea3
AN		 1948
1949void ieee80211_teardown_tdls_peers(struct ieee80211_sub_if_data *sdata)
1950{
1951 struct sta_info *sta;
1952 u16 reason = WLAN_REASON_TDLS_TEARDOWN_UNSPECIFIED;
1953
1954 rcu_read_lock();
1955 list_for_each_entry_rcu(sta, &sdata->local->sta_list, list) {
1956 if (!sta->sta.tdls || sta->sdata != sdata || !sta->uploaded ||
1957 !test_sta_flag(sta, WLAN_STA_AUTHORIZED))
1958 continue;
1959
1960 ieee80211_tdls_oper_request(&sdata->vif, sta->sta.addr,
1961 NL80211_TDLS_TEARDOWN, reason,
1962 GFP_ATOMIC);
1963 }
1964 rcu_read_unlock();
1965}
c8ff71e6
AN		 1966
1967void ieee80211_tdls_chsw_work(struct work_struct *wk)
1968{
1969 struct ieee80211_local *local =
1970 container_of(wk, struct ieee80211_local, tdls_chsw_work);
1971 struct ieee80211_sub_if_data *sdata;
1972 struct sk_buff *skb;
1973 struct ieee80211_tdls_data *tf;
1974
1975 rtnl_lock();
1976 while ((skb = skb_dequeue(&local->skb_queue_tdls_chsw))) {
1977 tf = (struct ieee80211_tdls_data *)skb->data;
1978 list_for_each_entry(sdata, &local->interfaces, list) {
1979 if (!ieee80211_sdata_running(sdata) ||
1980 sdata->vif.type != NL80211_IFTYPE_STATION ||
1981 !ether_addr_equal(tf->da, sdata->vif.addr))
1982 continue;
1983
1984 ieee80211_process_tdls_channel_switch(sdata, skb);
1985 break;
1986 }
1987
1988 kfree_skb(skb);
1989 }
1990 rtnl_unlock();
1991}
Linux kernel - Deliverables
This page took 0.198949 seconds and 5 git commands to generate.