2 * BSS client mode implementation
3 * Copyright 2003-2008, Jouni Malinen <j@w1.fi>
4 * Copyright 2004, Instant802 Networks, Inc.
5 * Copyright 2005, Devicescape Software, Inc.
6 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
7 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License version 2 as
11 * published by the Free Software Foundation.
14 #include <linux/delay.h>
15 #include <linux/if_ether.h>
16 #include <linux/skbuff.h>
17 #include <linux/if_arp.h>
18 #include <linux/etherdevice.h>
19 #include <linux/moduleparam.h>
20 #include <linux/rtnetlink.h>
21 #include <linux/pm_qos.h>
22 #include <linux/crc32.h>
23 #include <linux/slab.h>
24 #include <linux/export.h>
25 #include <net/mac80211.h>
26 #include <asm/unaligned.h>
28 #include "ieee80211_i.h"
29 #include "driver-ops.h"
33 #define IEEE80211_AUTH_TIMEOUT (HZ / 5)
34 #define IEEE80211_AUTH_TIMEOUT_SHORT (HZ / 10)
35 #define IEEE80211_AUTH_MAX_TRIES 3
36 #define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5)
37 #define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
38 #define IEEE80211_ASSOC_TIMEOUT_SHORT (HZ / 10)
39 #define IEEE80211_ASSOC_MAX_TRIES 3
41 static int max_nullfunc_tries
= 2;
42 module_param(max_nullfunc_tries
, int, 0644);
43 MODULE_PARM_DESC(max_nullfunc_tries
,
44 "Maximum nullfunc tx tries before disconnecting (reason 4).");
46 static int max_probe_tries
= 5;
47 module_param(max_probe_tries
, int, 0644);
48 MODULE_PARM_DESC(max_probe_tries
,
49 "Maximum probe tries before disconnecting (reason 4).");
52 * Beacon loss timeout is calculated as N frames times the
53 * advertised beacon interval. This may need to be somewhat
54 * higher than what hardware might detect to account for
55 * delays in the host processing frames. But since we also
56 * probe on beacon miss before declaring the connection lost
57 * default to what we want.
59 static int beacon_loss_count
= 7;
60 module_param(beacon_loss_count
, int, 0644);
61 MODULE_PARM_DESC(beacon_loss_count
,
62 "Number of beacon intervals before we decide beacon was lost.");
65 * Time the connection can be idle before we probe
66 * it to see if we can still talk to the AP.
68 #define IEEE80211_CONNECTION_IDLE_TIME (30 * HZ)
70 * Time we wait for a probe response after sending
71 * a probe request because of beacon loss or for
72 * checking the connection still works.
74 static int probe_wait_ms
= 500;
75 module_param(probe_wait_ms
, int, 0644);
76 MODULE_PARM_DESC(probe_wait_ms
,
77 "Maximum time(ms) to wait for probe response"
78 " before disconnecting (reason 4).");
81 * Weight given to the latest Beacon frame when calculating average signal
82 * strength for Beacon frames received in the current BSS. This must be
85 #define IEEE80211_SIGNAL_AVE_WEIGHT 3
88 * How many Beacon frames need to have been used in average signal strength
89 * before starting to indicate signal change events.
91 #define IEEE80211_SIGNAL_AVE_MIN_COUNT 4
94 * All cfg80211 functions have to be called outside a locked
95 * section so that they can acquire a lock themselves... This
96 * is much simpler than queuing up things in cfg80211, but we
97 * do need some indirection for that here.
100 /* no action required */
103 /* caller must call cfg80211_send_deauth() */
104 RX_MGMT_CFG80211_DEAUTH
,
106 /* caller must call cfg80211_send_disassoc() */
107 RX_MGMT_CFG80211_DISASSOC
,
109 /* caller must call cfg80211_send_rx_auth() */
110 RX_MGMT_CFG80211_RX_AUTH
,
112 /* caller must call cfg80211_send_rx_assoc() */
113 RX_MGMT_CFG80211_RX_ASSOC
,
115 /* caller must call cfg80211_send_assoc_timeout() */
116 RX_MGMT_CFG80211_ASSOC_TIMEOUT
,
118 /* used when a processed beacon causes a deauth */
119 RX_MGMT_CFG80211_TX_DEAUTH
,
123 static inline void ASSERT_MGD_MTX(struct ieee80211_if_managed
*ifmgd
)
125 lockdep_assert_held(&ifmgd
->mtx
);
129 * We can have multiple work items (and connection probing)
130 * scheduling this timer, but we need to take care to only
131 * reschedule it when it should fire _earlier_ than it was
132 * asked for before, or if it's not pending right now. This
133 * function ensures that. Note that it then is required to
134 * run this function for all timeouts after the first one
135 * has happened -- the work that runs from this timer will
138 static void run_again(struct ieee80211_if_managed
*ifmgd
, unsigned long timeout
)
140 ASSERT_MGD_MTX(ifmgd
);
142 if (!timer_pending(&ifmgd
->timer
) ||
143 time_before(timeout
, ifmgd
->timer
.expires
))
144 mod_timer(&ifmgd
->timer
, timeout
);
147 void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data
*sdata
)
149 if (sdata
->vif
.driver_flags
& IEEE80211_VIF_BEACON_FILTER
)
152 if (sdata
->local
->hw
.flags
& IEEE80211_HW_CONNECTION_MONITOR
)
155 mod_timer(&sdata
->u
.mgd
.bcn_mon_timer
,
156 round_jiffies_up(jiffies
+ sdata
->u
.mgd
.beacon_timeout
));
159 void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data
*sdata
)
161 struct ieee80211_if_managed
*ifmgd
= &sdata
->u
.mgd
;
163 if (unlikely(!sdata
->u
.mgd
.associated
))
166 if (sdata
->local
->hw
.flags
& IEEE80211_HW_CONNECTION_MONITOR
)
169 mod_timer(&sdata
->u
.mgd
.conn_mon_timer
,
170 round_jiffies_up(jiffies
+ IEEE80211_CONNECTION_IDLE_TIME
));
172 ifmgd
->probe_send_count
= 0;
175 static int ecw2cw(int ecw
)
177 return (1 << ecw
) - 1;
180 static u32
chandef_downgrade(struct cfg80211_chan_def
*c
)
186 case NL80211_CHAN_WIDTH_20
:
187 c
->width
= NL80211_CHAN_WIDTH_20_NOHT
;
188 ret
= IEEE80211_STA_DISABLE_HT
| IEEE80211_STA_DISABLE_VHT
;
190 case NL80211_CHAN_WIDTH_40
:
191 c
->width
= NL80211_CHAN_WIDTH_20
;
192 c
->center_freq1
= c
->chan
->center_freq
;
193 ret
= IEEE80211_STA_DISABLE_40MHZ
|
194 IEEE80211_STA_DISABLE_VHT
;
196 case NL80211_CHAN_WIDTH_80
:
197 tmp
= (30 + c
->chan
->center_freq
- c
->center_freq1
)/20;
201 c
->center_freq1
= c
->center_freq1
- 20 + 40 * tmp
;
202 c
->width
= NL80211_CHAN_WIDTH_40
;
203 ret
= IEEE80211_STA_DISABLE_VHT
;
205 case NL80211_CHAN_WIDTH_80P80
:
207 c
->width
= NL80211_CHAN_WIDTH_80
;
208 ret
= IEEE80211_STA_DISABLE_80P80MHZ
|
209 IEEE80211_STA_DISABLE_160MHZ
;
211 case NL80211_CHAN_WIDTH_160
:
213 tmp
= (70 + c
->chan
->center_freq
- c
->center_freq1
)/20;
216 c
->center_freq1
= c
->center_freq1
- 40 + 80 * tmp
;
217 c
->width
= NL80211_CHAN_WIDTH_80
;
218 ret
= IEEE80211_STA_DISABLE_80P80MHZ
|
219 IEEE80211_STA_DISABLE_160MHZ
;
222 case NL80211_CHAN_WIDTH_20_NOHT
:
224 c
->width
= NL80211_CHAN_WIDTH_20_NOHT
;
225 ret
= IEEE80211_STA_DISABLE_HT
| IEEE80211_STA_DISABLE_VHT
;
229 WARN_ON_ONCE(!cfg80211_chandef_valid(c
));
235 ieee80211_determine_chantype(struct ieee80211_sub_if_data
*sdata
,
236 struct ieee80211_supported_band
*sband
,
237 struct ieee80211_channel
*channel
,
238 const struct ieee80211_ht_operation
*ht_oper
,
239 const struct ieee80211_vht_operation
*vht_oper
,
240 struct cfg80211_chan_def
*chandef
, bool verbose
)
242 struct cfg80211_chan_def vht_chandef
;
245 chandef
->chan
= channel
;
246 chandef
->width
= NL80211_CHAN_WIDTH_20_NOHT
;
247 chandef
->center_freq1
= channel
->center_freq
;
248 chandef
->center_freq2
= 0;
250 if (!ht_oper
|| !sband
->ht_cap
.ht_supported
) {
251 ret
= IEEE80211_STA_DISABLE_HT
| IEEE80211_STA_DISABLE_VHT
;
255 chandef
->width
= NL80211_CHAN_WIDTH_20
;
257 ht_cfreq
= ieee80211_channel_to_frequency(ht_oper
->primary_chan
,
259 /* check that channel matches the right operating channel */
260 if (channel
->center_freq
!= ht_cfreq
) {
262 * It's possible that some APs are confused here;
263 * Netgear WNDR3700 sometimes reports 4 higher than
264 * the actual channel in association responses, but
265 * since we look at probe response/beacon data here
270 "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n",
271 channel
->center_freq
, ht_cfreq
,
272 ht_oper
->primary_chan
, channel
->band
);
273 ret
= IEEE80211_STA_DISABLE_HT
| IEEE80211_STA_DISABLE_VHT
;
277 /* check 40 MHz support, if we have it */
278 if (sband
->ht_cap
.cap
& IEEE80211_HT_CAP_SUP_WIDTH_20_40
) {
279 switch (ht_oper
->ht_param
& IEEE80211_HT_PARAM_CHA_SEC_OFFSET
) {
280 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE
:
281 chandef
->width
= NL80211_CHAN_WIDTH_40
;
282 chandef
->center_freq1
+= 10;
284 case IEEE80211_HT_PARAM_CHA_SEC_BELOW
:
285 chandef
->width
= NL80211_CHAN_WIDTH_40
;
286 chandef
->center_freq1
-= 10;
290 /* 40 MHz (and 80 MHz) must be supported for VHT */
291 ret
= IEEE80211_STA_DISABLE_VHT
;
295 if (!vht_oper
|| !sband
->vht_cap
.vht_supported
) {
296 ret
= IEEE80211_STA_DISABLE_VHT
;
300 vht_chandef
.chan
= channel
;
301 vht_chandef
.center_freq1
=
302 ieee80211_channel_to_frequency(vht_oper
->center_freq_seg1_idx
,
304 vht_chandef
.center_freq2
= 0;
306 if (vht_oper
->center_freq_seg2_idx
)
307 vht_chandef
.center_freq2
=
308 ieee80211_channel_to_frequency(
309 vht_oper
->center_freq_seg2_idx
,
312 switch (vht_oper
->chan_width
) {
313 case IEEE80211_VHT_CHANWIDTH_USE_HT
:
314 vht_chandef
.width
= chandef
->width
;
316 case IEEE80211_VHT_CHANWIDTH_80MHZ
:
317 vht_chandef
.width
= NL80211_CHAN_WIDTH_80
;
319 case IEEE80211_VHT_CHANWIDTH_160MHZ
:
320 vht_chandef
.width
= NL80211_CHAN_WIDTH_160
;
322 case IEEE80211_VHT_CHANWIDTH_80P80MHZ
:
323 vht_chandef
.width
= NL80211_CHAN_WIDTH_80P80
;
328 "AP VHT operation IE has invalid channel width (%d), disable VHT\n",
329 vht_oper
->chan_width
);
330 ret
= IEEE80211_STA_DISABLE_VHT
;
334 if (!cfg80211_chandef_valid(&vht_chandef
)) {
337 "AP VHT information is invalid, disable VHT\n");
338 ret
= IEEE80211_STA_DISABLE_VHT
;
342 if (cfg80211_chandef_identical(chandef
, &vht_chandef
)) {
347 if (!cfg80211_chandef_compatible(chandef
, &vht_chandef
)) {
350 "AP VHT information doesn't match HT, disable VHT\n");
351 ret
= IEEE80211_STA_DISABLE_VHT
;
355 *chandef
= vht_chandef
;
360 /* don't print the message below for VHT mismatch if VHT is disabled */
361 if (ret
& IEEE80211_STA_DISABLE_VHT
)
362 vht_chandef
= *chandef
;
364 while (!cfg80211_chandef_usable(sdata
->local
->hw
.wiphy
, chandef
,
365 IEEE80211_CHAN_DISABLED
)) {
366 if (WARN_ON(chandef
->width
== NL80211_CHAN_WIDTH_20_NOHT
)) {
367 ret
= IEEE80211_STA_DISABLE_HT
|
368 IEEE80211_STA_DISABLE_VHT
;
372 ret
|= chandef_downgrade(chandef
);
375 if (chandef
->width
!= vht_chandef
.width
&& verbose
)
377 "capabilities/regulatory prevented using AP HT/VHT configuration, downgraded\n");
379 WARN_ON_ONCE(!cfg80211_chandef_valid(chandef
));
383 static int ieee80211_config_bw(struct ieee80211_sub_if_data
*sdata
,
384 struct sta_info
*sta
,
385 const struct ieee80211_ht_operation
*ht_oper
,
386 const struct ieee80211_vht_operation
*vht_oper
,
387 const u8
*bssid
, u32
*changed
)
389 struct ieee80211_local
*local
= sdata
->local
;
390 struct ieee80211_if_managed
*ifmgd
= &sdata
->u
.mgd
;
391 struct ieee80211_supported_band
*sband
;
392 struct ieee80211_channel
*chan
;
393 struct cfg80211_chan_def chandef
;
396 enum ieee80211_sta_rx_bandwidth new_sta_bw
;
399 /* if HT was/is disabled, don't track any bandwidth changes */
400 if (ifmgd
->flags
& IEEE80211_STA_DISABLE_HT
|| !ht_oper
)
403 /* don't check VHT if we associated as non-VHT station */
404 if (ifmgd
->flags
& IEEE80211_STA_DISABLE_VHT
)
407 if (WARN_ON_ONCE(!sta
))
410 chan
= sdata
->vif
.bss_conf
.chandef
.chan
;
411 sband
= local
->hw
.wiphy
->bands
[chan
->band
];
413 /* calculate new channel (type) based on HT/VHT operation IEs */
414 flags
= ieee80211_determine_chantype(sdata
, sband
, chan
, ht_oper
,
415 vht_oper
, &chandef
, false);
418 * Downgrade the new channel if we associated with restricted
419 * capabilities. For example, if we associated as a 20 MHz STA
420 * to a 40 MHz AP (due to regulatory, capabilities or config
421 * reasons) then switching to a 40 MHz channel now won't do us
422 * any good -- we couldn't use it with the AP.
424 if (ifmgd
->flags
& IEEE80211_STA_DISABLE_80P80MHZ
&&
425 chandef
.width
== NL80211_CHAN_WIDTH_80P80
)
426 flags
|= chandef_downgrade(&chandef
);
427 if (ifmgd
->flags
& IEEE80211_STA_DISABLE_160MHZ
&&
428 chandef
.width
== NL80211_CHAN_WIDTH_160
)
429 flags
|= chandef_downgrade(&chandef
);
430 if (ifmgd
->flags
& IEEE80211_STA_DISABLE_40MHZ
&&
431 chandef
.width
> NL80211_CHAN_WIDTH_20
)
432 flags
|= chandef_downgrade(&chandef
);
434 if (cfg80211_chandef_identical(&chandef
, &sdata
->vif
.bss_conf
.chandef
))
438 "AP %pM changed bandwidth, new config is %d MHz, width %d (%d/%d MHz)\n",
439 ifmgd
->bssid
, chandef
.chan
->center_freq
, chandef
.width
,
440 chandef
.center_freq1
, chandef
.center_freq2
);
442 if (flags
!= (ifmgd
->flags
& (IEEE80211_STA_DISABLE_HT
|
443 IEEE80211_STA_DISABLE_VHT
|
444 IEEE80211_STA_DISABLE_40MHZ
|
445 IEEE80211_STA_DISABLE_80P80MHZ
|
446 IEEE80211_STA_DISABLE_160MHZ
)) ||
447 !cfg80211_chandef_valid(&chandef
)) {
449 "AP %pM changed bandwidth in a way we can't support - disconnect\n",
454 switch (chandef
.width
) {
455 case NL80211_CHAN_WIDTH_20_NOHT
:
456 case NL80211_CHAN_WIDTH_20
:
457 new_sta_bw
= IEEE80211_STA_RX_BW_20
;
459 case NL80211_CHAN_WIDTH_40
:
460 new_sta_bw
= IEEE80211_STA_RX_BW_40
;
462 case NL80211_CHAN_WIDTH_80
:
463 new_sta_bw
= IEEE80211_STA_RX_BW_80
;
465 case NL80211_CHAN_WIDTH_80P80
:
466 case NL80211_CHAN_WIDTH_160
:
467 new_sta_bw
= IEEE80211_STA_RX_BW_160
;
473 if (new_sta_bw
> sta
->cur_max_bandwidth
)
474 new_sta_bw
= sta
->cur_max_bandwidth
;
476 if (new_sta_bw
< sta
->sta
.bandwidth
) {
477 sta
->sta
.bandwidth
= new_sta_bw
;
478 rate_control_rate_update(local
, sband
, sta
,
479 IEEE80211_RC_BW_CHANGED
);
482 ret
= ieee80211_vif_change_bandwidth(sdata
, &chandef
, changed
);
485 "AP %pM changed bandwidth to incompatible one - disconnect\n",
490 if (new_sta_bw
> sta
->sta
.bandwidth
) {
491 sta
->sta
.bandwidth
= new_sta_bw
;
492 rate_control_rate_update(local
, sband
, sta
,
493 IEEE80211_RC_BW_CHANGED
);
496 ht_opmode
= le16_to_cpu(ht_oper
->operation_mode
);
498 /* if bss configuration changed store the new one */
499 if (sdata
->vif
.bss_conf
.ht_operation_mode
!= ht_opmode
) {
500 *changed
|= BSS_CHANGED_HT
;
501 sdata
->vif
.bss_conf
.ht_operation_mode
= ht_opmode
;
507 /* frame sending functions */
509 static int ieee80211_compatible_rates(const u8
*supp_rates
, int supp_rates_len
,
510 struct ieee80211_supported_band
*sband
,
516 for (i
= 0; i
< supp_rates_len
; i
++) {
517 int rate
= (supp_rates
[i
] & 0x7F) * 5;
519 for (j
= 0; j
< sband
->n_bitrates
; j
++)
520 if (sband
->bitrates
[j
].bitrate
== rate
) {
530 static void ieee80211_add_ht_ie(struct ieee80211_sub_if_data
*sdata
,
531 struct sk_buff
*skb
, u8 ap_ht_param
,
532 struct ieee80211_supported_band
*sband
,
533 struct ieee80211_channel
*channel
,
534 enum ieee80211_smps_mode smps
)
537 u32 flags
= channel
->flags
;
539 struct ieee80211_sta_ht_cap ht_cap
;
541 BUILD_BUG_ON(sizeof(ht_cap
) != sizeof(sband
->ht_cap
));
543 memcpy(&ht_cap
, &sband
->ht_cap
, sizeof(ht_cap
));
544 ieee80211_apply_htcap_overrides(sdata
, &ht_cap
);
546 /* determine capability flags */
549 switch (ap_ht_param
& IEEE80211_HT_PARAM_CHA_SEC_OFFSET
) {
550 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE
:
551 if (flags
& IEEE80211_CHAN_NO_HT40PLUS
) {
552 cap
&= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40
;
553 cap
&= ~IEEE80211_HT_CAP_SGI_40
;
556 case IEEE80211_HT_PARAM_CHA_SEC_BELOW
:
557 if (flags
& IEEE80211_CHAN_NO_HT40MINUS
) {
558 cap
&= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40
;
559 cap
&= ~IEEE80211_HT_CAP_SGI_40
;
565 * If 40 MHz was disabled associate as though we weren't
566 * capable of 40 MHz -- some broken APs will never fall
567 * back to trying to transmit in 20 MHz.
569 if (sdata
->u
.mgd
.flags
& IEEE80211_STA_DISABLE_40MHZ
) {
570 cap
&= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40
;
571 cap
&= ~IEEE80211_HT_CAP_SGI_40
;
574 /* set SM PS mode properly */
575 cap
&= ~IEEE80211_HT_CAP_SM_PS
;
577 case IEEE80211_SMPS_AUTOMATIC
:
578 case IEEE80211_SMPS_NUM_MODES
:
580 case IEEE80211_SMPS_OFF
:
581 cap
|= WLAN_HT_CAP_SM_PS_DISABLED
<<
582 IEEE80211_HT_CAP_SM_PS_SHIFT
;
584 case IEEE80211_SMPS_STATIC
:
585 cap
|= WLAN_HT_CAP_SM_PS_STATIC
<<
586 IEEE80211_HT_CAP_SM_PS_SHIFT
;
588 case IEEE80211_SMPS_DYNAMIC
:
589 cap
|= WLAN_HT_CAP_SM_PS_DYNAMIC
<<
590 IEEE80211_HT_CAP_SM_PS_SHIFT
;
594 /* reserve and fill IE */
595 pos
= skb_put(skb
, sizeof(struct ieee80211_ht_cap
) + 2);
596 ieee80211_ie_build_ht_cap(pos
, &ht_cap
, cap
);
599 static void ieee80211_add_vht_ie(struct ieee80211_sub_if_data
*sdata
,
601 struct ieee80211_supported_band
*sband
,
602 struct ieee80211_vht_cap
*ap_vht_cap
)
606 struct ieee80211_sta_vht_cap vht_cap
;
609 BUILD_BUG_ON(sizeof(vht_cap
) != sizeof(sband
->vht_cap
));
611 memcpy(&vht_cap
, &sband
->vht_cap
, sizeof(vht_cap
));
612 ieee80211_apply_vhtcap_overrides(sdata
, &vht_cap
);
614 /* determine capability flags */
617 if (sdata
->u
.mgd
.flags
& IEEE80211_STA_DISABLE_80P80MHZ
) {
618 cap
&= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ
;
619 cap
|= IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ
;
622 if (sdata
->u
.mgd
.flags
& IEEE80211_STA_DISABLE_160MHZ
) {
623 cap
&= ~IEEE80211_VHT_CAP_SHORT_GI_160
;
624 cap
&= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ
;
628 * Some APs apparently get confused if our capabilities are better
629 * than theirs, so restrict what we advertise in the assoc request.
631 if (!(ap_vht_cap
->vht_cap_info
&
632 cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE
)))
633 cap
&= ~IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE
;
635 if (!(ap_vht_cap
->vht_cap_info
&
636 cpu_to_le32(IEEE80211_VHT_CAP_TXSTBC
)))
637 cap
&= ~(IEEE80211_VHT_CAP_RXSTBC_1
|
638 IEEE80211_VHT_CAP_RXSTBC_3
|
639 IEEE80211_VHT_CAP_RXSTBC_4
);
641 for (i
= 0; i
< 8; i
++) {
643 u16 mask
= IEEE80211_VHT_MCS_NOT_SUPPORTED
<< shift
;
646 ap_mcs
= (le16_to_cpu(ap_vht_cap
->supp_mcs
.tx_mcs_map
) &
648 our_mcs
= (le16_to_cpu(vht_cap
.vht_mcs
.rx_mcs_map
) &
651 if (our_mcs
== IEEE80211_VHT_MCS_NOT_SUPPORTED
)
656 if (our_mcs
<= ap_mcs
)
659 case IEEE80211_VHT_MCS_NOT_SUPPORTED
:
660 vht_cap
.vht_mcs
.rx_mcs_map
&= cpu_to_le16(~mask
);
661 vht_cap
.vht_mcs
.rx_mcs_map
|=
662 cpu_to_le16(ap_mcs
<< shift
);
666 /* reserve and fill IE */
667 pos
= skb_put(skb
, sizeof(struct ieee80211_vht_cap
) + 2);
668 ieee80211_ie_build_vht_cap(pos
, &vht_cap
, cap
);
671 static void ieee80211_send_assoc(struct ieee80211_sub_if_data
*sdata
)
673 struct ieee80211_local
*local
= sdata
->local
;
674 struct ieee80211_if_managed
*ifmgd
= &sdata
->u
.mgd
;
675 struct ieee80211_mgd_assoc_data
*assoc_data
= ifmgd
->assoc_data
;
677 struct ieee80211_mgmt
*mgmt
;
679 size_t offset
= 0, noffset
;
680 int i
, count
, rates_len
, supp_rates_len
;
682 struct ieee80211_supported_band
*sband
;
683 struct ieee80211_chanctx_conf
*chanctx_conf
;
684 struct ieee80211_channel
*chan
;
687 lockdep_assert_held(&ifmgd
->mtx
);
690 chanctx_conf
= rcu_dereference(sdata
->vif
.chanctx_conf
);
691 if (WARN_ON(!chanctx_conf
)) {
695 chan
= chanctx_conf
->def
.chan
;
697 sband
= local
->hw
.wiphy
->bands
[chan
->band
];
699 if (assoc_data
->supp_rates_len
) {
701 * Get all rates supported by the device and the AP as
702 * some APs don't like getting a superset of their rates
703 * in the association request (e.g. D-Link DAP 1353 in
706 rates_len
= ieee80211_compatible_rates(assoc_data
->supp_rates
,
707 assoc_data
->supp_rates_len
,
711 * In case AP not provide any supported rates information
712 * before association, we send information element(s) with
713 * all rates that we support.
716 rates_len
= sband
->n_bitrates
;
719 skb
= alloc_skb(local
->hw
.extra_tx_headroom
+
720 sizeof(*mgmt
) + /* bit too much but doesn't matter */
721 2 + assoc_data
->ssid_len
+ /* SSID */
722 4 + rates_len
+ /* (extended) rates */
723 4 + /* power capability */
724 2 + 2 * sband
->n_channels
+ /* supported channels */
725 2 + sizeof(struct ieee80211_ht_cap
) + /* HT */
726 2 + sizeof(struct ieee80211_vht_cap
) + /* VHT */
727 assoc_data
->ie_len
+ /* extra IEs */
733 skb_reserve(skb
, local
->hw
.extra_tx_headroom
);
735 capab
= WLAN_CAPABILITY_ESS
;
737 if (sband
->band
== IEEE80211_BAND_2GHZ
) {
738 if (!(local
->hw
.flags
& IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE
))
739 capab
|= WLAN_CAPABILITY_SHORT_SLOT_TIME
;
740 if (!(local
->hw
.flags
& IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE
))
741 capab
|= WLAN_CAPABILITY_SHORT_PREAMBLE
;
744 if (assoc_data
->capability
& WLAN_CAPABILITY_PRIVACY
)
745 capab
|= WLAN_CAPABILITY_PRIVACY
;
747 if ((assoc_data
->capability
& WLAN_CAPABILITY_SPECTRUM_MGMT
) &&
748 (local
->hw
.flags
& IEEE80211_HW_SPECTRUM_MGMT
))
749 capab
|= WLAN_CAPABILITY_SPECTRUM_MGMT
;
751 mgmt
= (struct ieee80211_mgmt
*) skb_put(skb
, 24);
753 memcpy(mgmt
->da
, assoc_data
->bss
->bssid
, ETH_ALEN
);
754 memcpy(mgmt
->sa
, sdata
->vif
.addr
, ETH_ALEN
);
755 memcpy(mgmt
->bssid
, assoc_data
->bss
->bssid
, ETH_ALEN
);
757 if (!is_zero_ether_addr(assoc_data
->prev_bssid
)) {
759 mgmt
->frame_control
= cpu_to_le16(IEEE80211_FTYPE_MGMT
|
760 IEEE80211_STYPE_REASSOC_REQ
);
761 mgmt
->u
.reassoc_req
.capab_info
= cpu_to_le16(capab
);
762 mgmt
->u
.reassoc_req
.listen_interval
=
763 cpu_to_le16(local
->hw
.conf
.listen_interval
);
764 memcpy(mgmt
->u
.reassoc_req
.current_ap
, assoc_data
->prev_bssid
,
768 mgmt
->frame_control
= cpu_to_le16(IEEE80211_FTYPE_MGMT
|
769 IEEE80211_STYPE_ASSOC_REQ
);
770 mgmt
->u
.assoc_req
.capab_info
= cpu_to_le16(capab
);
771 mgmt
->u
.assoc_req
.listen_interval
=
772 cpu_to_le16(local
->hw
.conf
.listen_interval
);
776 pos
= skb_put(skb
, 2 + assoc_data
->ssid_len
);
777 *pos
++ = WLAN_EID_SSID
;
778 *pos
++ = assoc_data
->ssid_len
;
779 memcpy(pos
, assoc_data
->ssid
, assoc_data
->ssid_len
);
781 /* add all rates which were marked to be used above */
782 supp_rates_len
= rates_len
;
783 if (supp_rates_len
> 8)
786 pos
= skb_put(skb
, supp_rates_len
+ 2);
787 *pos
++ = WLAN_EID_SUPP_RATES
;
788 *pos
++ = supp_rates_len
;
791 for (i
= 0; i
< sband
->n_bitrates
; i
++) {
792 if (BIT(i
) & rates
) {
793 int rate
= sband
->bitrates
[i
].bitrate
;
794 *pos
++ = (u8
) (rate
/ 5);
800 if (rates_len
> count
) {
801 pos
= skb_put(skb
, rates_len
- count
+ 2);
802 *pos
++ = WLAN_EID_EXT_SUPP_RATES
;
803 *pos
++ = rates_len
- count
;
805 for (i
++; i
< sband
->n_bitrates
; i
++) {
806 if (BIT(i
) & rates
) {
807 int rate
= sband
->bitrates
[i
].bitrate
;
808 *pos
++ = (u8
) (rate
/ 5);
813 if (capab
& WLAN_CAPABILITY_SPECTRUM_MGMT
) {
814 /* 1. power capabilities */
815 pos
= skb_put(skb
, 4);
816 *pos
++ = WLAN_EID_PWR_CAPABILITY
;
818 *pos
++ = 0; /* min tx power */
819 *pos
++ = chan
->max_power
; /* max tx power */
821 /* 2. supported channels */
822 /* TODO: get this in reg domain format */
823 pos
= skb_put(skb
, 2 * sband
->n_channels
+ 2);
824 *pos
++ = WLAN_EID_SUPPORTED_CHANNELS
;
825 *pos
++ = 2 * sband
->n_channels
;
826 for (i
= 0; i
< sband
->n_channels
; i
++) {
827 *pos
++ = ieee80211_frequency_to_channel(
828 sband
->channels
[i
].center_freq
);
829 *pos
++ = 1; /* one channel in the subband*/
833 /* if present, add any custom IEs that go before HT */
834 if (assoc_data
->ie_len
&& assoc_data
->ie
) {
835 static const u8 before_ht
[] = {
838 WLAN_EID_EXT_SUPP_RATES
,
839 WLAN_EID_PWR_CAPABILITY
,
840 WLAN_EID_SUPPORTED_CHANNELS
,
843 WLAN_EID_RRM_ENABLED_CAPABILITIES
,
844 WLAN_EID_MOBILITY_DOMAIN
,
845 WLAN_EID_SUPPORTED_REGULATORY_CLASSES
,
847 noffset
= ieee80211_ie_split(assoc_data
->ie
, assoc_data
->ie_len
,
848 before_ht
, ARRAY_SIZE(before_ht
),
850 pos
= skb_put(skb
, noffset
- offset
);
851 memcpy(pos
, assoc_data
->ie
+ offset
, noffset
- offset
);
855 if (WARN_ON_ONCE((ifmgd
->flags
& IEEE80211_STA_DISABLE_HT
) &&
856 !(ifmgd
->flags
& IEEE80211_STA_DISABLE_VHT
)))
857 ifmgd
->flags
|= IEEE80211_STA_DISABLE_VHT
;
859 if (!(ifmgd
->flags
& IEEE80211_STA_DISABLE_HT
))
860 ieee80211_add_ht_ie(sdata
, skb
, assoc_data
->ap_ht_param
,
861 sband
, chan
, sdata
->smps_mode
);
863 if (!(ifmgd
->flags
& IEEE80211_STA_DISABLE_VHT
))
864 ieee80211_add_vht_ie(sdata
, skb
, sband
,
865 &assoc_data
->ap_vht_cap
);
867 /* if present, add any custom non-vendor IEs that go after HT */
868 if (assoc_data
->ie_len
&& assoc_data
->ie
) {
869 noffset
= ieee80211_ie_split_vendor(assoc_data
->ie
,
872 pos
= skb_put(skb
, noffset
- offset
);
873 memcpy(pos
, assoc_data
->ie
+ offset
, noffset
- offset
);
877 if (assoc_data
->wmm
) {
878 if (assoc_data
->uapsd
) {
879 qos_info
= ifmgd
->uapsd_queues
;
880 qos_info
|= (ifmgd
->uapsd_max_sp_len
<<
881 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT
);
886 pos
= skb_put(skb
, 9);
887 *pos
++ = WLAN_EID_VENDOR_SPECIFIC
;
888 *pos
++ = 7; /* len */
889 *pos
++ = 0x00; /* Microsoft OUI 00:50:F2 */
892 *pos
++ = 2; /* WME */
893 *pos
++ = 0; /* WME info */
894 *pos
++ = 1; /* WME ver */
898 /* add any remaining custom (i.e. vendor specific here) IEs */
899 if (assoc_data
->ie_len
&& assoc_data
->ie
) {
900 noffset
= assoc_data
->ie_len
;
901 pos
= skb_put(skb
, noffset
- offset
);
902 memcpy(pos
, assoc_data
->ie
+ offset
, noffset
- offset
);
905 drv_mgd_prepare_tx(local
, sdata
);
907 IEEE80211_SKB_CB(skb
)->flags
|= IEEE80211_TX_INTFL_DONT_ENCRYPT
;
908 if (local
->hw
.flags
& IEEE80211_HW_REPORTS_TX_ACK_STATUS
)
909 IEEE80211_SKB_CB(skb
)->flags
|= IEEE80211_TX_CTL_REQ_TX_STATUS
|
910 IEEE80211_TX_INTFL_MLME_CONN_TX
;
911 ieee80211_tx_skb(sdata
, skb
);
914 void ieee80211_send_pspoll(struct ieee80211_local
*local
,
915 struct ieee80211_sub_if_data
*sdata
)
917 struct ieee80211_pspoll
*pspoll
;
920 skb
= ieee80211_pspoll_get(&local
->hw
, &sdata
->vif
);
924 pspoll
= (struct ieee80211_pspoll
*) skb
->data
;
925 pspoll
->frame_control
|= cpu_to_le16(IEEE80211_FCTL_PM
);
927 IEEE80211_SKB_CB(skb
)->flags
|= IEEE80211_TX_INTFL_DONT_ENCRYPT
;
928 ieee80211_tx_skb(sdata
, skb
);
931 void ieee80211_send_nullfunc(struct ieee80211_local
*local
,
932 struct ieee80211_sub_if_data
*sdata
,
936 struct ieee80211_hdr_3addr
*nullfunc
;
937 struct ieee80211_if_managed
*ifmgd
= &sdata
->u
.mgd
;
939 skb
= ieee80211_nullfunc_get(&local
->hw
, &sdata
->vif
);
943 nullfunc
= (struct ieee80211_hdr_3addr
*) skb
->data
;
945 nullfunc
->frame_control
|= cpu_to_le16(IEEE80211_FCTL_PM
);
947 IEEE80211_SKB_CB(skb
)->flags
|= IEEE80211_TX_INTFL_DONT_ENCRYPT
|
948 IEEE80211_TX_INTFL_OFFCHAN_TX_OK
;
949 if (ifmgd
->flags
& (IEEE80211_STA_BEACON_POLL
|
950 IEEE80211_STA_CONNECTION_POLL
))
951 IEEE80211_SKB_CB(skb
)->flags
|= IEEE80211_TX_CTL_USE_MINRATE
;
953 ieee80211_tx_skb(sdata
, skb
);
956 static void ieee80211_send_4addr_nullfunc(struct ieee80211_local
*local
,
957 struct ieee80211_sub_if_data
*sdata
)
960 struct ieee80211_hdr
*nullfunc
;
963 if (WARN_ON(sdata
->vif
.type
!= NL80211_IFTYPE_STATION
))
966 skb
= dev_alloc_skb(local
->hw
.extra_tx_headroom
+ 30);
970 skb_reserve(skb
, local
->hw
.extra_tx_headroom
);
972 nullfunc
= (struct ieee80211_hdr
*) skb_put(skb
, 30);
973 memset(nullfunc
, 0, 30);
974 fc
= cpu_to_le16(IEEE80211_FTYPE_DATA
| IEEE80211_STYPE_NULLFUNC
|
975 IEEE80211_FCTL_FROMDS
| IEEE80211_FCTL_TODS
);
976 nullfunc
->frame_control
= fc
;
977 memcpy(nullfunc
->addr1
, sdata
->u
.mgd
.bssid
, ETH_ALEN
);
978 memcpy(nullfunc
->addr2
, sdata
->vif
.addr
, ETH_ALEN
);
979 memcpy(nullfunc
->addr3
, sdata
->u
.mgd
.bssid
, ETH_ALEN
);
980 memcpy(nullfunc
->addr4
, sdata
->vif
.addr
, ETH_ALEN
);
982 IEEE80211_SKB_CB(skb
)->flags
|= IEEE80211_TX_INTFL_DONT_ENCRYPT
;
983 ieee80211_tx_skb(sdata
, skb
);
986 /* spectrum management related things */
987 static void ieee80211_chswitch_work(struct work_struct
*work
)
989 struct ieee80211_sub_if_data
*sdata
=
990 container_of(work
, struct ieee80211_sub_if_data
, u
.mgd
.chswitch_work
);
991 struct ieee80211_local
*local
= sdata
->local
;
992 struct ieee80211_if_managed
*ifmgd
= &sdata
->u
.mgd
;
994 if (!ieee80211_sdata_running(sdata
))
997 mutex_lock(&ifmgd
->mtx
);
998 if (!ifmgd
->associated
)
1002 * FIXME: Here we are downgrading to NL80211_CHAN_WIDTH_20_NOHT
1003 * and don't adjust our ht/vht settings
1004 * This is wrong - we should behave according to the CSA params
1006 local
->_oper_chandef
.chan
= local
->csa_channel
;
1007 local
->_oper_chandef
.width
= NL80211_CHAN_WIDTH_20_NOHT
;
1008 local
->_oper_chandef
.center_freq1
=
1009 local
->_oper_chandef
.chan
->center_freq
;
1010 local
->_oper_chandef
.center_freq2
= 0;
1012 if (!local
->ops
->channel_switch
) {
1013 /* call "hw_config" only if doing sw channel switch */
1014 ieee80211_hw_config(local
, IEEE80211_CONF_CHANGE_CHANNEL
);
1016 /* update the device channel directly */
1017 local
->hw
.conf
.chandef
= local
->_oper_chandef
;
1020 /* XXX: shouldn't really modify cfg80211-owned data! */
1021 ifmgd
->associated
->channel
= local
->_oper_chandef
.chan
;
1023 /* XXX: wait for a beacon first? */
1024 ieee80211_wake_queues_by_reason(&local
->hw
,
1025 IEEE80211_MAX_QUEUE_MAP
,
1026 IEEE80211_QUEUE_STOP_REASON_CSA
);
1028 ifmgd
->flags
&= ~IEEE80211_STA_CSA_RECEIVED
;
1029 mutex_unlock(&ifmgd
->mtx
);
1032 void ieee80211_chswitch_done(struct ieee80211_vif
*vif
, bool success
)
1034 struct ieee80211_sub_if_data
*sdata
= vif_to_sdata(vif
);
1035 struct ieee80211_if_managed
*ifmgd
= &sdata
->u
.mgd
;
1037 trace_api_chswitch_done(sdata
, success
);
1040 "driver channel switch failed, disconnecting\n");
1041 ieee80211_queue_work(&sdata
->local
->hw
,
1042 &ifmgd
->csa_connection_drop_work
);
1044 ieee80211_queue_work(&sdata
->local
->hw
, &ifmgd
->chswitch_work
);
1047 EXPORT_SYMBOL(ieee80211_chswitch_done
);
1049 static void ieee80211_chswitch_timer(unsigned long data
)
1051 struct ieee80211_sub_if_data
*sdata
=
1052 (struct ieee80211_sub_if_data
*) data
;
1054 ieee80211_queue_work(&sdata
->local
->hw
, &sdata
->u
.mgd
.chswitch_work
);
1058 ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data
*sdata
,
1059 const struct ieee80211_channel_sw_ie
*sw_elem
,
1060 struct ieee80211_bss
*bss
, u64 timestamp
)
1062 struct cfg80211_bss
*cbss
=
1063 container_of((void *)bss
, struct cfg80211_bss
, priv
);
1064 struct ieee80211_channel
*new_ch
;
1065 struct ieee80211_if_managed
*ifmgd
= &sdata
->u
.mgd
;
1066 int new_freq
= ieee80211_channel_to_frequency(sw_elem
->new_ch_num
,
1067 cbss
->channel
->band
);
1068 struct ieee80211_chanctx
*chanctx
;
1070 ASSERT_MGD_MTX(ifmgd
);
1072 if (!ifmgd
->associated
)
1075 if (sdata
->local
->scanning
)
1078 /* Disregard subsequent beacons if we are already running a timer
1081 if (ifmgd
->flags
& IEEE80211_STA_CSA_RECEIVED
)
1084 new_ch
= ieee80211_get_channel(sdata
->local
->hw
.wiphy
, new_freq
);
1085 if (!new_ch
|| new_ch
->flags
& IEEE80211_CHAN_DISABLED
) {
1087 "AP %pM switches to unsupported channel (%d MHz), disconnecting\n",
1088 ifmgd
->associated
->bssid
, new_freq
);
1089 ieee80211_queue_work(&sdata
->local
->hw
,
1090 &ifmgd
->csa_connection_drop_work
);
1094 ifmgd
->flags
|= IEEE80211_STA_CSA_RECEIVED
;
1096 if (sdata
->local
->use_chanctx
) {
1098 "not handling channel switch with channel contexts\n");
1099 ieee80211_queue_work(&sdata
->local
->hw
,
1100 &ifmgd
->csa_connection_drop_work
);
1104 mutex_lock(&sdata
->local
->chanctx_mtx
);
1105 if (WARN_ON(!rcu_access_pointer(sdata
->vif
.chanctx_conf
))) {
1106 mutex_unlock(&sdata
->local
->chanctx_mtx
);
1109 chanctx
= container_of(rcu_access_pointer(sdata
->vif
.chanctx_conf
),
1110 struct ieee80211_chanctx
, conf
);
1111 if (chanctx
->refcount
> 1) {
1113 "channel switch with multiple interfaces on the same channel, disconnecting\n");
1114 ieee80211_queue_work(&sdata
->local
->hw
,
1115 &ifmgd
->csa_connection_drop_work
);
1116 mutex_unlock(&sdata
->local
->chanctx_mtx
);
1119 mutex_unlock(&sdata
->local
->chanctx_mtx
);
1121 sdata
->local
->csa_channel
= new_ch
;
1124 ieee80211_stop_queues_by_reason(&sdata
->local
->hw
,
1125 IEEE80211_MAX_QUEUE_MAP
,
1126 IEEE80211_QUEUE_STOP_REASON_CSA
);
1128 if (sdata
->local
->ops
->channel_switch
) {
1129 /* use driver's channel switch callback */
1130 struct ieee80211_channel_switch ch_switch
= {
1131 .timestamp
= timestamp
,
1132 .block_tx
= sw_elem
->mode
,
1134 .count
= sw_elem
->count
,
1137 drv_channel_switch(sdata
->local
, &ch_switch
);
1141 /* channel switch handled in software */
1142 if (sw_elem
->count
<= 1)
1143 ieee80211_queue_work(&sdata
->local
->hw
, &ifmgd
->chswitch_work
);
1145 mod_timer(&ifmgd
->chswitch_timer
,
1146 TU_TO_EXP_TIME(sw_elem
->count
*
1147 cbss
->beacon_interval
));
1150 static u32
ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data
*sdata
,
1151 struct ieee80211_channel
*channel
,
1152 const u8
*country_ie
, u8 country_ie_len
,
1153 const u8
*pwr_constr_elem
)
1155 struct ieee80211_country_ie_triplet
*triplet
;
1156 int chan
= ieee80211_frequency_to_channel(channel
->center_freq
);
1157 int i
, chan_pwr
, chan_increment
, new_ap_level
;
1158 bool have_chan_pwr
= false;
1161 if (country_ie_len
% 2 || country_ie_len
< IEEE80211_COUNTRY_IE_MIN_LEN
)
1164 triplet
= (void *)(country_ie
+ 3);
1165 country_ie_len
-= 3;
1167 switch (channel
->band
) {
1171 case IEEE80211_BAND_2GHZ
:
1172 case IEEE80211_BAND_60GHZ
:
1175 case IEEE80211_BAND_5GHZ
:
1181 while (country_ie_len
>= 3) {
1182 u8 first_channel
= triplet
->chans
.first_channel
;
1184 if (first_channel
>= IEEE80211_COUNTRY_EXTENSION_ID
)
1187 for (i
= 0; i
< triplet
->chans
.num_channels
; i
++) {
1188 if (first_channel
+ i
* chan_increment
== chan
) {
1189 have_chan_pwr
= true;
1190 chan_pwr
= triplet
->chans
.max_power
;
1199 country_ie_len
-= 3;
1205 new_ap_level
= max_t(int, 0, chan_pwr
- *pwr_constr_elem
);
1207 if (sdata
->ap_power_level
== new_ap_level
)
1211 "Limiting TX power to %d (%d - %d) dBm as advertised by %pM\n",
1212 new_ap_level
, chan_pwr
, *pwr_constr_elem
,
1213 sdata
->u
.mgd
.bssid
);
1214 sdata
->ap_power_level
= new_ap_level
;
1215 if (__ieee80211_recalc_txpower(sdata
))
1216 return BSS_CHANGED_TXPOWER
;
1221 static void ieee80211_enable_ps(struct ieee80211_local
*local
,
1222 struct ieee80211_sub_if_data
*sdata
)
1224 struct ieee80211_conf
*conf
= &local
->hw
.conf
;
1227 * If we are scanning right now then the parameters will
1228 * take effect when scan finishes.
1230 if (local
->scanning
)
1233 if (conf
->dynamic_ps_timeout
> 0 &&
1234 !(local
->hw
.flags
& IEEE80211_HW_SUPPORTS_DYNAMIC_PS
)) {
1235 mod_timer(&local
->dynamic_ps_timer
, jiffies
+
1236 msecs_to_jiffies(conf
->dynamic_ps_timeout
));
1238 if (local
->hw
.flags
& IEEE80211_HW_PS_NULLFUNC_STACK
)
1239 ieee80211_send_nullfunc(local
, sdata
, 1);
1241 if ((local
->hw
.flags
& IEEE80211_HW_PS_NULLFUNC_STACK
) &&
1242 (local
->hw
.flags
& IEEE80211_HW_REPORTS_TX_ACK_STATUS
))
1245 conf
->flags
|= IEEE80211_CONF_PS
;
1246 ieee80211_hw_config(local
, IEEE80211_CONF_CHANGE_PS
);
1250 static void ieee80211_change_ps(struct ieee80211_local
*local
)
1252 struct ieee80211_conf
*conf
= &local
->hw
.conf
;
1254 if (local
->ps_sdata
) {
1255 ieee80211_enable_ps(local
, local
->ps_sdata
);
1256 } else if (conf
->flags
& IEEE80211_CONF_PS
) {
1257 conf
->flags
&= ~IEEE80211_CONF_PS
;
1258 ieee80211_hw_config(local
, IEEE80211_CONF_CHANGE_PS
);
1259 del_timer_sync(&local
->dynamic_ps_timer
);
1260 cancel_work_sync(&local
->dynamic_ps_enable_work
);
1264 static bool ieee80211_powersave_allowed(struct ieee80211_sub_if_data
*sdata
)
1266 struct ieee80211_if_managed
*mgd
= &sdata
->u
.mgd
;
1267 struct sta_info
*sta
= NULL
;
1268 bool authorized
= false;
1270 if (!mgd
->powersave
)
1276 if (!mgd
->associated
)
1279 if (mgd
->flags
& (IEEE80211_STA_BEACON_POLL
|
1280 IEEE80211_STA_CONNECTION_POLL
))
1284 sta
= sta_info_get(sdata
, mgd
->bssid
);
1286 authorized
= test_sta_flag(sta
, WLAN_STA_AUTHORIZED
);
1292 /* need to hold RTNL or interface lock */
1293 void ieee80211_recalc_ps(struct ieee80211_local
*local
, s32 latency
)
1295 struct ieee80211_sub_if_data
*sdata
, *found
= NULL
;
1299 if (!(local
->hw
.flags
& IEEE80211_HW_SUPPORTS_PS
)) {
1300 local
->ps_sdata
= NULL
;
1304 list_for_each_entry(sdata
, &local
->interfaces
, list
) {
1305 if (!ieee80211_sdata_running(sdata
))
1307 if (sdata
->vif
.type
== NL80211_IFTYPE_AP
) {
1308 /* If an AP vif is found, then disable PS
1309 * by setting the count to zero thereby setting
1315 if (sdata
->vif
.type
!= NL80211_IFTYPE_STATION
)
1321 if (count
== 1 && ieee80211_powersave_allowed(found
)) {
1325 latency
= pm_qos_request(PM_QOS_NETWORK_LATENCY
);
1327 beaconint_us
= ieee80211_tu_to_usec(
1328 found
->vif
.bss_conf
.beacon_int
);
1330 timeout
= local
->dynamic_ps_forced_timeout
;
1333 * Go to full PSM if the user configures a very low
1334 * latency requirement.
1335 * The 2000 second value is there for compatibility
1336 * until the PM_QOS_NETWORK_LATENCY is configured
1339 if (latency
> (1900 * USEC_PER_MSEC
) &&
1340 latency
!= (2000 * USEC_PER_SEC
))
1345 local
->hw
.conf
.dynamic_ps_timeout
= timeout
;
1347 if (beaconint_us
> latency
) {
1348 local
->ps_sdata
= NULL
;
1351 u8 dtimper
= found
->u
.mgd
.dtim_period
;
1353 /* If the TIM IE is invalid, pretend the value is 1 */
1356 else if (dtimper
> 1)
1357 maxslp
= min_t(int, dtimper
,
1358 latency
/ beaconint_us
);
1360 local
->hw
.conf
.max_sleep_period
= maxslp
;
1361 local
->hw
.conf
.ps_dtim_period
= dtimper
;
1362 local
->ps_sdata
= found
;
1365 local
->ps_sdata
= NULL
;
1368 ieee80211_change_ps(local
);
1371 void ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data
*sdata
)
1373 bool ps_allowed
= ieee80211_powersave_allowed(sdata
);
1375 if (sdata
->vif
.bss_conf
.ps
!= ps_allowed
) {
1376 sdata
->vif
.bss_conf
.ps
= ps_allowed
;
1377 ieee80211_bss_info_change_notify(sdata
, BSS_CHANGED_PS
);
1381 void ieee80211_dynamic_ps_disable_work(struct work_struct
*work
)
1383 struct ieee80211_local
*local
=
1384 container_of(work
, struct ieee80211_local
,
1385 dynamic_ps_disable_work
);
1387 if (local
->hw
.conf
.flags
& IEEE80211_CONF_PS
) {
1388 local
->hw
.conf
.flags
&= ~IEEE80211_CONF_PS
;
1389 ieee80211_hw_config(local
, IEEE80211_CONF_CHANGE_PS
);
1392 ieee80211_wake_queues_by_reason(&local
->hw
,
1393 IEEE80211_MAX_QUEUE_MAP
,
1394 IEEE80211_QUEUE_STOP_REASON_PS
);
1397 void ieee80211_dynamic_ps_enable_work(struct work_struct
*work
)
1399 struct ieee80211_local
*local
=
1400 container_of(work
, struct ieee80211_local
,
1401 dynamic_ps_enable_work
);
1402 struct ieee80211_sub_if_data
*sdata
= local
->ps_sdata
;
1403 struct ieee80211_if_managed
*ifmgd
;
1404 unsigned long flags
;
1407 /* can only happen when PS was just disabled anyway */
1411 ifmgd
= &sdata
->u
.mgd
;
1413 if (local
->hw
.conf
.flags
& IEEE80211_CONF_PS
)
1416 if (local
->hw
.conf
.dynamic_ps_timeout
> 0) {
1417 /* don't enter PS if TX frames are pending */
1418 if (drv_tx_frames_pending(local
)) {
1419 mod_timer(&local
->dynamic_ps_timer
, jiffies
+
1421 local
->hw
.conf
.dynamic_ps_timeout
));
1426 * transmission can be stopped by others which leads to
1427 * dynamic_ps_timer expiry. Postpone the ps timer if it
1428 * is not the actual idle state.
1430 spin_lock_irqsave(&local
->queue_stop_reason_lock
, flags
);
1431 for (q
= 0; q
< local
->hw
.queues
; q
++) {
1432 if (local
->queue_stop_reasons
[q
]) {
1433 spin_unlock_irqrestore(&local
->queue_stop_reason_lock
,
1435 mod_timer(&local
->dynamic_ps_timer
, jiffies
+
1437 local
->hw
.conf
.dynamic_ps_timeout
));
1441 spin_unlock_irqrestore(&local
->queue_stop_reason_lock
, flags
);
1444 if ((local
->hw
.flags
& IEEE80211_HW_PS_NULLFUNC_STACK
) &&
1445 !(ifmgd
->flags
& IEEE80211_STA_NULLFUNC_ACKED
)) {
1446 if (drv_tx_frames_pending(local
)) {
1447 mod_timer(&local
->dynamic_ps_timer
, jiffies
+
1449 local
->hw
.conf
.dynamic_ps_timeout
));
1451 ieee80211_send_nullfunc(local
, sdata
, 1);
1452 /* Flush to get the tx status of nullfunc frame */
1453 ieee80211_flush_queues(local
, sdata
);
1457 if (!((local
->hw
.flags
& IEEE80211_HW_REPORTS_TX_ACK_STATUS
) &&
1458 (local
->hw
.flags
& IEEE80211_HW_PS_NULLFUNC_STACK
)) ||
1459 (ifmgd
->flags
& IEEE80211_STA_NULLFUNC_ACKED
)) {
1460 ifmgd
->flags
&= ~IEEE80211_STA_NULLFUNC_ACKED
;
1461 local
->hw
.conf
.flags
|= IEEE80211_CONF_PS
;
1462 ieee80211_hw_config(local
, IEEE80211_CONF_CHANGE_PS
);
1466 void ieee80211_dynamic_ps_timer(unsigned long data
)
1468 struct ieee80211_local
*local
= (void *) data
;
1470 if (local
->quiescing
|| local
->suspended
)
1473 ieee80211_queue_work(&local
->hw
, &local
->dynamic_ps_enable_work
);
1476 void ieee80211_dfs_cac_timer_work(struct work_struct
*work
)
1478 struct delayed_work
*delayed_work
=
1479 container_of(work
, struct delayed_work
, work
);
1480 struct ieee80211_sub_if_data
*sdata
=
1481 container_of(delayed_work
, struct ieee80211_sub_if_data
,
1482 dfs_cac_timer_work
);
1484 ieee80211_vif_release_channel(sdata
);
1486 cfg80211_cac_event(sdata
->dev
, NL80211_RADAR_CAC_FINISHED
, GFP_KERNEL
);
1490 static bool ieee80211_sta_wmm_params(struct ieee80211_local
*local
,
1491 struct ieee80211_sub_if_data
*sdata
,
1492 const u8
*wmm_param
, size_t wmm_param_len
)
1494 struct ieee80211_tx_queue_params params
;
1495 struct ieee80211_if_managed
*ifmgd
= &sdata
->u
.mgd
;
1499 u8 uapsd_queues
= 0;
1501 if (!local
->ops
->conf_tx
)
1504 if (local
->hw
.queues
< IEEE80211_NUM_ACS
)
1510 if (wmm_param_len
< 8 || wmm_param
[5] /* version */ != 1)
1513 if (ifmgd
->flags
& IEEE80211_STA_UAPSD_ENABLED
)
1514 uapsd_queues
= ifmgd
->uapsd_queues
;
1516 count
= wmm_param
[6] & 0x0f;
1517 if (count
== ifmgd
->wmm_last_param_set
)
1519 ifmgd
->wmm_last_param_set
= count
;
1521 pos
= wmm_param
+ 8;
1522 left
= wmm_param_len
- 8;
1524 memset(¶ms
, 0, sizeof(params
));
1527 for (; left
>= 4; left
-= 4, pos
+= 4) {
1528 int aci
= (pos
[0] >> 5) & 0x03;
1529 int acm
= (pos
[0] >> 4) & 0x01;
1537 sdata
->wmm_acm
|= BIT(1) | BIT(2); /* BK/- */
1538 if (uapsd_queues
& IEEE80211_WMM_IE_STA_QOSINFO_AC_BK
)
1544 sdata
->wmm_acm
|= BIT(4) | BIT(5); /* CL/VI */
1545 if (uapsd_queues
& IEEE80211_WMM_IE_STA_QOSINFO_AC_VI
)
1551 sdata
->wmm_acm
|= BIT(6) | BIT(7); /* VO/NC */
1552 if (uapsd_queues
& IEEE80211_WMM_IE_STA_QOSINFO_AC_VO
)
1559 sdata
->wmm_acm
|= BIT(0) | BIT(3); /* BE/EE */
1560 if (uapsd_queues
& IEEE80211_WMM_IE_STA_QOSINFO_AC_BE
)
1565 params
.aifs
= pos
[0] & 0x0f;
1566 params
.cw_max
= ecw2cw((pos
[1] & 0xf0) >> 4);
1567 params
.cw_min
= ecw2cw(pos
[1] & 0x0f);
1568 params
.txop
= get_unaligned_le16(pos
+ 2);
1569 params
.uapsd
= uapsd
;
1572 "WMM queue=%d aci=%d acm=%d aifs=%d cWmin=%d cWmax=%d txop=%d uapsd=%d\n",
1574 params
.aifs
, params
.cw_min
, params
.cw_max
,
1575 params
.txop
, params
.uapsd
);
1576 sdata
->tx_conf
[queue
] = params
;
1577 if (drv_conf_tx(local
, sdata
, queue
, ¶ms
))
1579 "failed to set TX queue parameters for queue %d\n",
1583 /* enable WMM or activate new settings */
1584 sdata
->vif
.bss_conf
.qos
= true;
1588 static void __ieee80211_stop_poll(struct ieee80211_sub_if_data
*sdata
)
1590 lockdep_assert_held(&sdata
->local
->mtx
);
1592 sdata
->u
.mgd
.flags
&= ~(IEEE80211_STA_CONNECTION_POLL
|
1593 IEEE80211_STA_BEACON_POLL
);
1594 ieee80211_run_deferred_scan(sdata
->local
);
1597 static void ieee80211_stop_poll(struct ieee80211_sub_if_data
*sdata
)
1599 mutex_lock(&sdata
->local
->mtx
);
1600 __ieee80211_stop_poll(sdata
);
1601 mutex_unlock(&sdata
->local
->mtx
);
1604 static u32
ieee80211_handle_bss_capability(struct ieee80211_sub_if_data
*sdata
,
1605 u16 capab
, bool erp_valid
, u8 erp
)
1607 struct ieee80211_bss_conf
*bss_conf
= &sdata
->vif
.bss_conf
;
1609 bool use_protection
;
1610 bool use_short_preamble
;
1611 bool use_short_slot
;
1614 use_protection
= (erp
& WLAN_ERP_USE_PROTECTION
) != 0;
1615 use_short_preamble
= (erp
& WLAN_ERP_BARKER_PREAMBLE
) == 0;
1617 use_protection
= false;
1618 use_short_preamble
= !!(capab
& WLAN_CAPABILITY_SHORT_PREAMBLE
);
1621 use_short_slot
= !!(capab
& WLAN_CAPABILITY_SHORT_SLOT_TIME
);
1622 if (ieee80211_get_sdata_band(sdata
) == IEEE80211_BAND_5GHZ
)
1623 use_short_slot
= true;
1625 if (use_protection
!= bss_conf
->use_cts_prot
) {
1626 bss_conf
->use_cts_prot
= use_protection
;
1627 changed
|= BSS_CHANGED_ERP_CTS_PROT
;
1630 if (use_short_preamble
!= bss_conf
->use_short_preamble
) {
1631 bss_conf
->use_short_preamble
= use_short_preamble
;
1632 changed
|= BSS_CHANGED_ERP_PREAMBLE
;
1635 if (use_short_slot
!= bss_conf
->use_short_slot
) {
1636 bss_conf
->use_short_slot
= use_short_slot
;
1637 changed
|= BSS_CHANGED_ERP_SLOT
;
1643 static void ieee80211_set_associated(struct ieee80211_sub_if_data
*sdata
,
1644 struct cfg80211_bss
*cbss
,
1645 u32 bss_info_changed
)
1647 struct ieee80211_bss
*bss
= (void *)cbss
->priv
;
1648 struct ieee80211_local
*local
= sdata
->local
;
1649 struct ieee80211_bss_conf
*bss_conf
= &sdata
->vif
.bss_conf
;
1651 bss_info_changed
|= BSS_CHANGED_ASSOC
;
1652 bss_info_changed
|= ieee80211_handle_bss_capability(sdata
,
1653 bss_conf
->assoc_capability
, bss
->has_erp_value
, bss
->erp_value
);
1655 sdata
->u
.mgd
.beacon_timeout
= usecs_to_jiffies(ieee80211_tu_to_usec(
1656 beacon_loss_count
* bss_conf
->beacon_int
));
1658 sdata
->u
.mgd
.associated
= cbss
;
1659 memcpy(sdata
->u
.mgd
.bssid
, cbss
->bssid
, ETH_ALEN
);
1661 sdata
->u
.mgd
.flags
|= IEEE80211_STA_RESET_SIGNAL_AVE
;
1663 if (sdata
->vif
.p2p
) {
1664 const struct cfg80211_bss_ies
*ies
;
1667 ies
= rcu_dereference(cbss
->ies
);
1671 ret
= cfg80211_get_p2p_attr(
1672 ies
->data
, ies
->len
,
1673 IEEE80211_P2P_ATTR_ABSENCE_NOTICE
,
1674 (u8
*) &bss_conf
->p2p_noa_attr
,
1675 sizeof(bss_conf
->p2p_noa_attr
));
1677 sdata
->u
.mgd
.p2p_noa_index
=
1678 bss_conf
->p2p_noa_attr
.index
;
1679 bss_info_changed
|= BSS_CHANGED_P2P_PS
;
1685 /* just to be sure */
1686 ieee80211_stop_poll(sdata
);
1688 ieee80211_led_assoc(local
, 1);
1690 if (sdata
->u
.mgd
.assoc_data
->have_beacon
) {
1692 * If the AP is buggy we may get here with no DTIM period
1693 * known, so assume it's 1 which is the only safe assumption
1694 * in that case, although if the TIM IE is broken powersave
1695 * probably just won't work at all.
1697 bss_conf
->dtim_period
= sdata
->u
.mgd
.dtim_period
?: 1;
1698 bss_info_changed
|= BSS_CHANGED_DTIM_PERIOD
;
1700 bss_conf
->dtim_period
= 0;
1703 bss_conf
->assoc
= 1;
1705 /* Tell the driver to monitor connection quality (if supported) */
1706 if (sdata
->vif
.driver_flags
& IEEE80211_VIF_SUPPORTS_CQM_RSSI
&&
1707 bss_conf
->cqm_rssi_thold
)
1708 bss_info_changed
|= BSS_CHANGED_CQM
;
1710 /* Enable ARP filtering */
1711 if (bss_conf
->arp_addr_cnt
)
1712 bss_info_changed
|= BSS_CHANGED_ARP_FILTER
;
1714 ieee80211_bss_info_change_notify(sdata
, bss_info_changed
);
1716 mutex_lock(&local
->iflist_mtx
);
1717 ieee80211_recalc_ps(local
, -1);
1718 mutex_unlock(&local
->iflist_mtx
);
1720 ieee80211_recalc_smps(sdata
);
1721 ieee80211_recalc_ps_vif(sdata
);
1723 netif_carrier_on(sdata
->dev
);
1726 static void ieee80211_set_disassoc(struct ieee80211_sub_if_data
*sdata
,
1727 u16 stype
, u16 reason
, bool tx
,
1730 struct ieee80211_if_managed
*ifmgd
= &sdata
->u
.mgd
;
1731 struct ieee80211_local
*local
= sdata
->local
;
1734 ASSERT_MGD_MTX(ifmgd
);
1736 if (WARN_ON_ONCE(tx
&& !frame_buf
))
1739 if (WARN_ON(!ifmgd
->associated
))
1742 ieee80211_stop_poll(sdata
);
1744 ifmgd
->associated
= NULL
;
1745 netif_carrier_off(sdata
->dev
);
1748 * if we want to get out of ps before disassoc (why?) we have
1749 * to do it before sending disassoc, as otherwise the null-packet
1752 if (local
->hw
.conf
.flags
& IEEE80211_CONF_PS
) {
1753 local
->hw
.conf
.flags
&= ~IEEE80211_CONF_PS
;
1754 ieee80211_hw_config(local
, IEEE80211_CONF_CHANGE_PS
);
1756 local
->ps_sdata
= NULL
;
1758 /* disable per-vif ps */
1759 ieee80211_recalc_ps_vif(sdata
);
1761 /* flush out any pending frame (e.g. DELBA) before deauth/disassoc */
1763 ieee80211_flush_queues(local
, sdata
);
1765 /* deauthenticate/disassociate now */
1766 if (tx
|| frame_buf
)
1767 ieee80211_send_deauth_disassoc(sdata
, ifmgd
->bssid
, stype
,
1768 reason
, tx
, frame_buf
);
1770 /* flush out frame */
1772 ieee80211_flush_queues(local
, sdata
);
1774 /* clear bssid only after building the needed mgmt frames */
1775 memset(ifmgd
->bssid
, 0, ETH_ALEN
);
1777 /* remove AP and TDLS peers */
1778 sta_info_flush_defer(sdata
);
1780 /* finally reset all BSS / config parameters */
1781 changed
|= ieee80211_reset_erp_info(sdata
);
1783 ieee80211_led_assoc(local
, 0);
1784 changed
|= BSS_CHANGED_ASSOC
;
1785 sdata
->vif
.bss_conf
.assoc
= false;
1787 ifmgd
->p2p_noa_index
= -1;
1788 memset(&sdata
->vif
.bss_conf
.p2p_noa_attr
, 0,
1789 sizeof(sdata
->vif
.bss_conf
.p2p_noa_attr
));
1791 /* on the next assoc, re-program HT/VHT parameters */
1792 memset(&ifmgd
->ht_capa
, 0, sizeof(ifmgd
->ht_capa
));
1793 memset(&ifmgd
->ht_capa_mask
, 0, sizeof(ifmgd
->ht_capa_mask
));
1794 memset(&ifmgd
->vht_capa
, 0, sizeof(ifmgd
->vht_capa
));
1795 memset(&ifmgd
->vht_capa_mask
, 0, sizeof(ifmgd
->vht_capa_mask
));
1797 sdata
->ap_power_level
= IEEE80211_UNSET_POWER_LEVEL
;
1799 del_timer_sync(&local
->dynamic_ps_timer
);
1800 cancel_work_sync(&local
->dynamic_ps_enable_work
);
1802 /* Disable ARP filtering */
1803 if (sdata
->vif
.bss_conf
.arp_addr_cnt
)
1804 changed
|= BSS_CHANGED_ARP_FILTER
;
1806 sdata
->vif
.bss_conf
.qos
= false;
1807 changed
|= BSS_CHANGED_QOS
;
1809 /* The BSSID (not really interesting) and HT changed */
1810 changed
|= BSS_CHANGED_BSSID
| BSS_CHANGED_HT
;
1811 ieee80211_bss_info_change_notify(sdata
, changed
);
1813 /* disassociated - set to defaults now */
1814 ieee80211_set_wmm_default(sdata
, false);
1816 del_timer_sync(&sdata
->u
.mgd
.conn_mon_timer
);
1817 del_timer_sync(&sdata
->u
.mgd
.bcn_mon_timer
);
1818 del_timer_sync(&sdata
->u
.mgd
.timer
);
1819 del_timer_sync(&sdata
->u
.mgd
.chswitch_timer
);
1821 sdata
->vif
.bss_conf
.dtim_period
= 0;
1824 ieee80211_vif_release_channel(sdata
);
1827 void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data
*sdata
,
1828 struct ieee80211_hdr
*hdr
)
1831 * We can postpone the mgd.timer whenever receiving unicast frames
1832 * from AP because we know that the connection is working both ways
1833 * at that time. But multicast frames (and hence also beacons) must
1834 * be ignored here, because we need to trigger the timer during
1835 * data idle periods for sending the periodic probe request to the
1836 * AP we're connected to.
1838 if (is_multicast_ether_addr(hdr
->addr1
))
1841 ieee80211_sta_reset_conn_monitor(sdata
);
1844 static void ieee80211_reset_ap_probe(struct ieee80211_sub_if_data
*sdata
)
1846 struct ieee80211_if_managed
*ifmgd
= &sdata
->u
.mgd
;
1847 struct ieee80211_local
*local
= sdata
->local
;
1849 mutex_lock(&local
->mtx
);
1850 if (!(ifmgd
->flags
& (IEEE80211_STA_BEACON_POLL
|
1851 IEEE80211_STA_CONNECTION_POLL
))) {
1852 mutex_unlock(&local
->mtx
);
1856 __ieee80211_stop_poll(sdata
);
1858 mutex_lock(&local
->iflist_mtx
);
1859 ieee80211_recalc_ps(local
, -1);
1860 mutex_unlock(&local
->iflist_mtx
);
1862 if (sdata
->local
->hw
.flags
& IEEE80211_HW_CONNECTION_MONITOR
)
1866 * We've received a probe response, but are not sure whether
1867 * we have or will be receiving any beacons or data, so let's
1868 * schedule the timers again, just in case.
1870 ieee80211_sta_reset_beacon_monitor(sdata
);
1872 mod_timer(&ifmgd
->conn_mon_timer
,
1873 round_jiffies_up(jiffies
+
1874 IEEE80211_CONNECTION_IDLE_TIME
));
1876 mutex_unlock(&local
->mtx
);
1879 void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data
*sdata
,
1880 struct ieee80211_hdr
*hdr
, bool ack
)
1882 if (!ieee80211_is_data(hdr
->frame_control
))
1885 if (ieee80211_is_nullfunc(hdr
->frame_control
) &&
1886 sdata
->u
.mgd
.probe_send_count
> 0) {
1888 ieee80211_sta_reset_conn_monitor(sdata
);
1890 sdata
->u
.mgd
.nullfunc_failed
= true;
1891 ieee80211_queue_work(&sdata
->local
->hw
, &sdata
->work
);
1896 ieee80211_sta_reset_conn_monitor(sdata
);
1899 static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data
*sdata
)
1901 struct ieee80211_if_managed
*ifmgd
= &sdata
->u
.mgd
;
1903 u8
*dst
= ifmgd
->associated
->bssid
;
1904 u8 unicast_limit
= max(1, max_probe_tries
- 3);
1907 * Try sending broadcast probe requests for the last three
1908 * probe requests after the first ones failed since some
1909 * buggy APs only support broadcast probe requests.
1911 if (ifmgd
->probe_send_count
>= unicast_limit
)
1915 * When the hardware reports an accurate Tx ACK status, it's
1916 * better to send a nullfunc frame instead of a probe request,
1917 * as it will kick us off the AP quickly if we aren't associated
1918 * anymore. The timeout will be reset if the frame is ACKed by
1921 ifmgd
->probe_send_count
++;
1923 if (sdata
->local
->hw
.flags
& IEEE80211_HW_REPORTS_TX_ACK_STATUS
) {
1924 ifmgd
->nullfunc_failed
= false;
1925 ieee80211_send_nullfunc(sdata
->local
, sdata
, 0);
1930 ssid
= ieee80211_bss_get_ie(ifmgd
->associated
, WLAN_EID_SSID
);
1931 if (WARN_ON_ONCE(ssid
== NULL
))
1936 ieee80211_send_probe_req(sdata
, dst
, ssid
+ 2, ssid_len
, NULL
,
1937 0, (u32
) -1, true, 0,
1938 ifmgd
->associated
->channel
, false);
1942 ifmgd
->probe_timeout
= jiffies
+ msecs_to_jiffies(probe_wait_ms
);
1943 run_again(ifmgd
, ifmgd
->probe_timeout
);
1944 if (sdata
->local
->hw
.flags
& IEEE80211_HW_REPORTS_TX_ACK_STATUS
)
1945 ieee80211_flush_queues(sdata
->local
, sdata
);
1948 static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data
*sdata
,
1951 struct ieee80211_if_managed
*ifmgd
= &sdata
->u
.mgd
;
1952 bool already
= false;
1954 if (!ieee80211_sdata_running(sdata
))
1957 mutex_lock(&ifmgd
->mtx
);
1959 if (!ifmgd
->associated
)
1962 mutex_lock(&sdata
->local
->mtx
);
1964 if (sdata
->local
->tmp_channel
|| sdata
->local
->scanning
) {
1965 mutex_unlock(&sdata
->local
->mtx
);
1970 mlme_dbg_ratelimited(sdata
,
1971 "detected beacon loss from AP (missed %d beacons) - probing\n",
1974 ieee80211_cqm_rssi_notify(&sdata
->vif
,
1975 NL80211_CQM_RSSI_BEACON_LOSS_EVENT
,
1980 * The driver/our work has already reported this event or the
1981 * connection monitoring has kicked in and we have already sent
1982 * a probe request. Or maybe the AP died and the driver keeps
1983 * reporting until we disassociate...
1985 * In either case we have to ignore the current call to this
1986 * function (except for setting the correct probe reason bit)
1987 * because otherwise we would reset the timer every time and
1988 * never check whether we received a probe response!
1990 if (ifmgd
->flags
& (IEEE80211_STA_BEACON_POLL
|
1991 IEEE80211_STA_CONNECTION_POLL
))
1995 ifmgd
->flags
|= IEEE80211_STA_BEACON_POLL
;
1997 ifmgd
->flags
|= IEEE80211_STA_CONNECTION_POLL
;
1999 mutex_unlock(&sdata
->local
->mtx
);
2004 mutex_lock(&sdata
->local
->iflist_mtx
);
2005 ieee80211_recalc_ps(sdata
->local
, -1);
2006 mutex_unlock(&sdata
->local
->iflist_mtx
);
2008 ifmgd
->probe_send_count
= 0;
2009 ieee80211_mgd_probe_ap_send(sdata
);
2011 mutex_unlock(&ifmgd
->mtx
);
2014 struct sk_buff
*ieee80211_ap_probereq_get(struct ieee80211_hw
*hw
,
2015 struct ieee80211_vif
*vif
)
2017 struct ieee80211_sub_if_data
*sdata
= vif_to_sdata(vif
);
2018 struct ieee80211_if_managed
*ifmgd
= &sdata
->u
.mgd
;
2019 struct cfg80211_bss
*cbss
;
2020 struct sk_buff
*skb
;
2024 if (WARN_ON(sdata
->vif
.type
!= NL80211_IFTYPE_STATION
))
2027 ASSERT_MGD_MTX(ifmgd
);
2029 if (ifmgd
->associated
)
2030 cbss
= ifmgd
->associated
;
2031 else if (ifmgd
->auth_data
)
2032 cbss
= ifmgd
->auth_data
->bss
;
2033 else if (ifmgd
->assoc_data
)
2034 cbss
= ifmgd
->assoc_data
->bss
;
2039 ssid
= ieee80211_bss_get_ie(cbss
, WLAN_EID_SSID
);
2040 if (WARN_ON_ONCE(ssid
== NULL
))
2045 skb
= ieee80211_build_probe_req(sdata
, cbss
->bssid
,
2046 (u32
) -1, cbss
->channel
,
2053 EXPORT_SYMBOL(ieee80211_ap_probereq_get
);
2055 static void __ieee80211_disconnect(struct ieee80211_sub_if_data
*sdata
)
2057 struct ieee80211_if_managed
*ifmgd
= &sdata
->u
.mgd
;
2058 u8 frame_buf
[IEEE80211_DEAUTH_FRAME_LEN
];
2060 mutex_lock(&ifmgd
->mtx
);
2061 if (!ifmgd
->associated
) {
2062 mutex_unlock(&ifmgd
->mtx
);
2066 ieee80211_set_disassoc(sdata
, IEEE80211_STYPE_DEAUTH
,
2067 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY
,
2069 ifmgd
->flags
&= ~IEEE80211_STA_CSA_RECEIVED
;
2070 ieee80211_wake_queues_by_reason(&sdata
->local
->hw
,
2071 IEEE80211_MAX_QUEUE_MAP
,
2072 IEEE80211_QUEUE_STOP_REASON_CSA
);
2073 mutex_unlock(&ifmgd
->mtx
);
2076 * must be outside lock due to cfg80211,
2077 * but that's not a problem.
2079 cfg80211_send_deauth(sdata
->dev
, frame_buf
, IEEE80211_DEAUTH_FRAME_LEN
);
2082 static void ieee80211_beacon_connection_loss_work(struct work_struct
*work
)
2084 struct ieee80211_sub_if_data
*sdata
=
2085 container_of(work
, struct ieee80211_sub_if_data
,
2086 u
.mgd
.beacon_connection_loss_work
);
2087 struct ieee80211_if_managed
*ifmgd
= &sdata
->u
.mgd
;
2088 struct sta_info
*sta
;
2090 if (ifmgd
->associated
) {
2092 sta
= sta_info_get(sdata
, ifmgd
->bssid
);
2094 sta
->beacon_loss_count
++;
2098 if (ifmgd
->connection_loss
) {
2099 sdata_info(sdata
, "Connection to AP %pM lost\n",
2101 __ieee80211_disconnect(sdata
);
2103 ieee80211_mgd_probe_ap(sdata
, true);
2107 static void ieee80211_csa_connection_drop_work(struct work_struct
*work
)
2109 struct ieee80211_sub_if_data
*sdata
=
2110 container_of(work
, struct ieee80211_sub_if_data
,
2111 u
.mgd
.csa_connection_drop_work
);
2113 __ieee80211_disconnect(sdata
);
2116 void ieee80211_beacon_loss(struct ieee80211_vif
*vif
)
2118 struct ieee80211_sub_if_data
*sdata
= vif_to_sdata(vif
);
2119 struct ieee80211_hw
*hw
= &sdata
->local
->hw
;
2121 trace_api_beacon_loss(sdata
);
2123 WARN_ON(hw
->flags
& IEEE80211_HW_CONNECTION_MONITOR
);
2124 sdata
->u
.mgd
.connection_loss
= false;
2125 ieee80211_queue_work(hw
, &sdata
->u
.mgd
.beacon_connection_loss_work
);
2127 EXPORT_SYMBOL(ieee80211_beacon_loss
);
2129 void ieee80211_connection_loss(struct ieee80211_vif
*vif
)
2131 struct ieee80211_sub_if_data
*sdata
= vif_to_sdata(vif
);
2132 struct ieee80211_hw
*hw
= &sdata
->local
->hw
;
2134 trace_api_connection_loss(sdata
);
2136 sdata
->u
.mgd
.connection_loss
= true;
2137 ieee80211_queue_work(hw
, &sdata
->u
.mgd
.beacon_connection_loss_work
);
2139 EXPORT_SYMBOL(ieee80211_connection_loss
);
2142 static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data
*sdata
,
2145 struct ieee80211_mgd_auth_data
*auth_data
= sdata
->u
.mgd
.auth_data
;
2147 lockdep_assert_held(&sdata
->u
.mgd
.mtx
);
2150 sta_info_destroy_addr(sdata
, auth_data
->bss
->bssid
);
2152 memset(sdata
->u
.mgd
.bssid
, 0, ETH_ALEN
);
2153 ieee80211_bss_info_change_notify(sdata
, BSS_CHANGED_BSSID
);
2154 sdata
->u
.mgd
.flags
= 0;
2155 ieee80211_vif_release_channel(sdata
);
2158 cfg80211_put_bss(sdata
->local
->hw
.wiphy
, auth_data
->bss
);
2160 sdata
->u
.mgd
.auth_data
= NULL
;
2163 static void ieee80211_auth_challenge(struct ieee80211_sub_if_data
*sdata
,
2164 struct ieee80211_mgmt
*mgmt
, size_t len
)
2166 struct ieee80211_local
*local
= sdata
->local
;
2167 struct ieee80211_mgd_auth_data
*auth_data
= sdata
->u
.mgd
.auth_data
;
2169 struct ieee802_11_elems elems
;
2172 pos
= mgmt
->u
.auth
.variable
;
2173 ieee802_11_parse_elems(pos
, len
- (pos
- (u8
*) mgmt
), &elems
);
2174 if (!elems
.challenge
)
2176 auth_data
->expected_transaction
= 4;
2177 drv_mgd_prepare_tx(sdata
->local
, sdata
);
2178 if (local
->hw
.flags
& IEEE80211_HW_REPORTS_TX_ACK_STATUS
)
2179 tx_flags
= IEEE80211_TX_CTL_REQ_TX_STATUS
|
2180 IEEE80211_TX_INTFL_MLME_CONN_TX
;
2181 ieee80211_send_auth(sdata
, 3, auth_data
->algorithm
, 0,
2182 elems
.challenge
- 2, elems
.challenge_len
+ 2,
2183 auth_data
->bss
->bssid
, auth_data
->bss
->bssid
,
2184 auth_data
->key
, auth_data
->key_len
,
2185 auth_data
->key_idx
, tx_flags
);
2188 static enum rx_mgmt_action __must_check
2189 ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data
*sdata
,
2190 struct ieee80211_mgmt
*mgmt
, size_t len
)
2192 struct ieee80211_if_managed
*ifmgd
= &sdata
->u
.mgd
;
2194 u16 auth_alg
, auth_transaction
, status_code
;
2195 struct sta_info
*sta
;
2197 lockdep_assert_held(&ifmgd
->mtx
);
2200 return RX_MGMT_NONE
;
2202 if (!ifmgd
->auth_data
|| ifmgd
->auth_data
->done
)
2203 return RX_MGMT_NONE
;
2205 memcpy(bssid
, ifmgd
->auth_data
->bss
->bssid
, ETH_ALEN
);
2207 if (!ether_addr_equal(bssid
, mgmt
->bssid
))
2208 return RX_MGMT_NONE
;
2210 auth_alg
= le16_to_cpu(mgmt
->u
.auth
.auth_alg
);
2211 auth_transaction
= le16_to_cpu(mgmt
->u
.auth
.auth_transaction
);
2212 status_code
= le16_to_cpu(mgmt
->u
.auth
.status_code
);
2214 if (auth_alg
!= ifmgd
->auth_data
->algorithm
||
2215 auth_transaction
!= ifmgd
->auth_data
->expected_transaction
) {
2216 sdata_info(sdata
, "%pM unexpected authentication state: alg %d (expected %d) transact %d (expected %d)\n",
2217 mgmt
->sa
, auth_alg
, ifmgd
->auth_data
->algorithm
,
2219 ifmgd
->auth_data
->expected_transaction
);
2220 return RX_MGMT_NONE
;
2223 if (status_code
!= WLAN_STATUS_SUCCESS
) {
2224 sdata_info(sdata
, "%pM denied authentication (status %d)\n",
2225 mgmt
->sa
, status_code
);
2226 ieee80211_destroy_auth_data(sdata
, false);
2227 return RX_MGMT_CFG80211_RX_AUTH
;
2230 switch (ifmgd
->auth_data
->algorithm
) {
2231 case WLAN_AUTH_OPEN
:
2232 case WLAN_AUTH_LEAP
:
2236 case WLAN_AUTH_SHARED_KEY
:
2237 if (ifmgd
->auth_data
->expected_transaction
!= 4) {
2238 ieee80211_auth_challenge(sdata
, mgmt
, len
);
2239 /* need another frame */
2240 return RX_MGMT_NONE
;
2244 WARN_ONCE(1, "invalid auth alg %d",
2245 ifmgd
->auth_data
->algorithm
);
2246 return RX_MGMT_NONE
;
2249 sdata_info(sdata
, "authenticated\n");
2250 ifmgd
->auth_data
->done
= true;
2251 ifmgd
->auth_data
->timeout
= jiffies
+ IEEE80211_AUTH_WAIT_ASSOC
;
2252 ifmgd
->auth_data
->timeout_started
= true;
2253 run_again(ifmgd
, ifmgd
->auth_data
->timeout
);
2255 if (ifmgd
->auth_data
->algorithm
== WLAN_AUTH_SAE
&&
2256 ifmgd
->auth_data
->expected_transaction
!= 2) {
2258 * Report auth frame to user space for processing since another
2259 * round of Authentication frames is still needed.
2261 return RX_MGMT_CFG80211_RX_AUTH
;
2264 /* move station state to auth */
2265 mutex_lock(&sdata
->local
->sta_mtx
);
2266 sta
= sta_info_get(sdata
, bssid
);
2268 WARN_ONCE(1, "%s: STA %pM not found", sdata
->name
, bssid
);
2271 if (sta_info_move_state(sta
, IEEE80211_STA_AUTH
)) {
2272 sdata_info(sdata
, "failed moving %pM to auth\n", bssid
);
2275 mutex_unlock(&sdata
->local
->sta_mtx
);
2277 return RX_MGMT_CFG80211_RX_AUTH
;
2279 mutex_unlock(&sdata
->local
->sta_mtx
);
2280 /* ignore frame -- wait for timeout */
2281 return RX_MGMT_NONE
;
2285 static enum rx_mgmt_action __must_check
2286 ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data
*sdata
,
2287 struct ieee80211_mgmt
*mgmt
, size_t len
)
2289 struct ieee80211_if_managed
*ifmgd
= &sdata
->u
.mgd
;
2290 const u8
*bssid
= NULL
;
2293 lockdep_assert_held(&ifmgd
->mtx
);
2296 return RX_MGMT_NONE
;
2298 if (!ifmgd
->associated
||
2299 !ether_addr_equal(mgmt
->bssid
, ifmgd
->associated
->bssid
))
2300 return RX_MGMT_NONE
;
2302 bssid
= ifmgd
->associated
->bssid
;
2304 reason_code
= le16_to_cpu(mgmt
->u
.deauth
.reason_code
);
2306 sdata_info(sdata
, "deauthenticated from %pM (Reason: %u)\n",
2307 bssid
, reason_code
);
2309 ieee80211_set_disassoc(sdata
, 0, 0, false, NULL
);
2311 return RX_MGMT_CFG80211_DEAUTH
;
2315 static enum rx_mgmt_action __must_check
2316 ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data
*sdata
,
2317 struct ieee80211_mgmt
*mgmt
, size_t len
)
2319 struct ieee80211_if_managed
*ifmgd
= &sdata
->u
.mgd
;
2322 lockdep_assert_held(&ifmgd
->mtx
);
2325 return RX_MGMT_NONE
;
2327 if (!ifmgd
->associated
||
2328 !ether_addr_equal(mgmt
->bssid
, ifmgd
->associated
->bssid
))
2329 return RX_MGMT_NONE
;
2331 reason_code
= le16_to_cpu(mgmt
->u
.disassoc
.reason_code
);
2333 sdata_info(sdata
, "disassociated from %pM (Reason: %u)\n",
2334 mgmt
->sa
, reason_code
);
2336 ieee80211_set_disassoc(sdata
, 0, 0, false, NULL
);
2338 return RX_MGMT_CFG80211_DISASSOC
;
2341 static void ieee80211_get_rates(struct ieee80211_supported_band
*sband
,
2342 u8
*supp_rates
, unsigned int supp_rates_len
,
2343 u32
*rates
, u32
*basic_rates
,
2344 bool *have_higher_than_11mbit
,
2345 int *min_rate
, int *min_rate_index
)
2349 for (i
= 0; i
< supp_rates_len
; i
++) {
2350 int rate
= (supp_rates
[i
] & 0x7f) * 5;
2351 bool is_basic
= !!(supp_rates
[i
] & 0x80);
2354 *have_higher_than_11mbit
= true;
2357 * BSS_MEMBERSHIP_SELECTOR_HT_PHY is defined in 802.11n-2009
2358 * 7.3.2.2 as a magic value instead of a rate. Hence, skip it.
2360 * Note: Even through the membership selector and the basic
2361 * rate flag share the same bit, they are not exactly
2364 if (!!(supp_rates
[i
] & 0x80) &&
2365 (supp_rates
[i
] & 0x7f) == BSS_MEMBERSHIP_SELECTOR_HT_PHY
)
2368 for (j
= 0; j
< sband
->n_bitrates
; j
++) {
2369 if (sband
->bitrates
[j
].bitrate
== rate
) {
2372 *basic_rates
|= BIT(j
);
2373 if (rate
< *min_rate
) {
2375 *min_rate_index
= j
;
2383 static void ieee80211_destroy_assoc_data(struct ieee80211_sub_if_data
*sdata
,
2386 struct ieee80211_mgd_assoc_data
*assoc_data
= sdata
->u
.mgd
.assoc_data
;
2388 lockdep_assert_held(&sdata
->u
.mgd
.mtx
);
2391 sta_info_destroy_addr(sdata
, assoc_data
->bss
->bssid
);
2393 memset(sdata
->u
.mgd
.bssid
, 0, ETH_ALEN
);
2394 ieee80211_bss_info_change_notify(sdata
, BSS_CHANGED_BSSID
);
2395 sdata
->u
.mgd
.flags
= 0;
2396 ieee80211_vif_release_channel(sdata
);
2400 sdata
->u
.mgd
.assoc_data
= NULL
;
2403 static bool ieee80211_assoc_success(struct ieee80211_sub_if_data
*sdata
,
2404 struct cfg80211_bss
*cbss
,
2405 struct ieee80211_mgmt
*mgmt
, size_t len
)
2407 struct ieee80211_if_managed
*ifmgd
= &sdata
->u
.mgd
;
2408 struct ieee80211_local
*local
= sdata
->local
;
2409 struct ieee80211_supported_band
*sband
;
2410 struct sta_info
*sta
;
2412 u16 capab_info
, aid
;
2413 struct ieee802_11_elems elems
;
2414 struct ieee80211_bss_conf
*bss_conf
= &sdata
->vif
.bss_conf
;
2418 /* AssocResp and ReassocResp have identical structure */
2420 aid
= le16_to_cpu(mgmt
->u
.assoc_resp
.aid
);
2421 capab_info
= le16_to_cpu(mgmt
->u
.assoc_resp
.capab_info
);
2423 if ((aid
& (BIT(15) | BIT(14))) != (BIT(15) | BIT(14)))
2424 sdata_info(sdata
, "invalid AID value 0x%x; bits 15:14 not set\n",
2426 aid
&= ~(BIT(15) | BIT(14));
2428 ifmgd
->broken_ap
= false;
2430 if (aid
== 0 || aid
> IEEE80211_MAX_AID
) {
2431 sdata_info(sdata
, "invalid AID value %d (out of range), turn off PS\n",
2434 ifmgd
->broken_ap
= true;
2437 pos
= mgmt
->u
.assoc_resp
.variable
;
2438 ieee802_11_parse_elems(pos
, len
- (pos
- (u8
*) mgmt
), &elems
);
2440 if (!elems
.supp_rates
) {
2441 sdata_info(sdata
, "no SuppRates element in AssocResp\n");
2448 * We previously checked these in the beacon/probe response, so
2449 * they should be present here. This is just a safety net.
2451 if (!(ifmgd
->flags
& IEEE80211_STA_DISABLE_HT
) &&
2452 (!elems
.wmm_param
|| !elems
.ht_cap_elem
|| !elems
.ht_operation
)) {
2454 "HT AP is missing WMM params or HT capability/operation in AssocResp\n");
2458 if (!(ifmgd
->flags
& IEEE80211_STA_DISABLE_VHT
) &&
2459 (!elems
.vht_cap_elem
|| !elems
.vht_operation
)) {
2461 "VHT AP is missing VHT capability/operation in AssocResp\n");
2465 mutex_lock(&sdata
->local
->sta_mtx
);
2467 * station info was already allocated and inserted before
2468 * the association and should be available to us
2470 sta
= sta_info_get(sdata
, cbss
->bssid
);
2471 if (WARN_ON(!sta
)) {
2472 mutex_unlock(&sdata
->local
->sta_mtx
);
2476 sband
= local
->hw
.wiphy
->bands
[ieee80211_get_sdata_band(sdata
)];
2478 /* Set up internal HT/VHT capabilities */
2479 if (elems
.ht_cap_elem
&& !(ifmgd
->flags
& IEEE80211_STA_DISABLE_HT
))
2480 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata
, sband
,
2481 elems
.ht_cap_elem
, sta
);
2483 if (elems
.vht_cap_elem
&& !(ifmgd
->flags
& IEEE80211_STA_DISABLE_VHT
))
2484 ieee80211_vht_cap_ie_to_sta_vht_cap(sdata
, sband
,
2485 elems
.vht_cap_elem
, sta
);
2488 * Some APs, e.g. Netgear WNDR3700, report invalid HT operation data
2489 * in their association response, so ignore that data for our own
2490 * configuration. If it changed since the last beacon, we'll get the
2491 * next beacon and update then.
2495 * If an operating mode notification IE is present, override the
2496 * NSS calculation (that would be done in rate_control_rate_init())
2497 * and use the # of streams from that element.
2499 if (elems
.opmode_notif
&&
2500 !(*elems
.opmode_notif
& IEEE80211_OPMODE_NOTIF_RX_NSS_TYPE_BF
)) {
2503 nss
= *elems
.opmode_notif
& IEEE80211_OPMODE_NOTIF_RX_NSS_MASK
;
2504 nss
>>= IEEE80211_OPMODE_NOTIF_RX_NSS_SHIFT
;
2506 sta
->sta
.rx_nss
= nss
;
2509 rate_control_rate_init(sta
);
2511 if (ifmgd
->flags
& IEEE80211_STA_MFP_ENABLED
)
2512 set_sta_flag(sta
, WLAN_STA_MFP
);
2514 if (elems
.wmm_param
)
2515 set_sta_flag(sta
, WLAN_STA_WME
);
2517 err
= sta_info_move_state(sta
, IEEE80211_STA_ASSOC
);
2518 if (!err
&& !(ifmgd
->flags
& IEEE80211_STA_CONTROL_PORT
))
2519 err
= sta_info_move_state(sta
, IEEE80211_STA_AUTHORIZED
);
2522 "failed to move station %pM to desired state\n",
2524 WARN_ON(__sta_info_destroy(sta
));
2525 mutex_unlock(&sdata
->local
->sta_mtx
);
2529 mutex_unlock(&sdata
->local
->sta_mtx
);
2532 * Always handle WMM once after association regardless
2533 * of the first value the AP uses. Setting -1 here has
2534 * that effect because the AP values is an unsigned
2537 ifmgd
->wmm_last_param_set
= -1;
2539 if (elems
.wmm_param
)
2540 ieee80211_sta_wmm_params(local
, sdata
, elems
.wmm_param
,
2541 elems
.wmm_param_len
);
2543 ieee80211_set_wmm_default(sdata
, false);
2544 changed
|= BSS_CHANGED_QOS
;
2546 /* set AID and assoc capability,
2547 * ieee80211_set_associated() will tell the driver */
2548 bss_conf
->aid
= aid
;
2549 bss_conf
->assoc_capability
= capab_info
;
2550 ieee80211_set_associated(sdata
, cbss
, changed
);
2553 * If we're using 4-addr mode, let the AP know that we're
2554 * doing so, so that it can create the STA VLAN on its side
2556 if (ifmgd
->use_4addr
)
2557 ieee80211_send_4addr_nullfunc(local
, sdata
);
2560 * Start timer to probe the connection to the AP now.
2561 * Also start the timer that will detect beacon loss.
2563 ieee80211_sta_rx_notify(sdata
, (struct ieee80211_hdr
*)mgmt
);
2564 ieee80211_sta_reset_beacon_monitor(sdata
);
2569 static enum rx_mgmt_action __must_check
2570 ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data
*sdata
,
2571 struct ieee80211_mgmt
*mgmt
, size_t len
,
2572 struct cfg80211_bss
**bss
)
2574 struct ieee80211_if_managed
*ifmgd
= &sdata
->u
.mgd
;
2575 struct ieee80211_mgd_assoc_data
*assoc_data
= ifmgd
->assoc_data
;
2576 u16 capab_info
, status_code
, aid
;
2577 struct ieee802_11_elems elems
;
2581 lockdep_assert_held(&ifmgd
->mtx
);
2584 return RX_MGMT_NONE
;
2585 if (!ether_addr_equal(assoc_data
->bss
->bssid
, mgmt
->bssid
))
2586 return RX_MGMT_NONE
;
2589 * AssocResp and ReassocResp have identical structure, so process both
2590 * of them in this function.
2594 return RX_MGMT_NONE
;
2596 reassoc
= ieee80211_is_reassoc_req(mgmt
->frame_control
);
2597 capab_info
= le16_to_cpu(mgmt
->u
.assoc_resp
.capab_info
);
2598 status_code
= le16_to_cpu(mgmt
->u
.assoc_resp
.status_code
);
2599 aid
= le16_to_cpu(mgmt
->u
.assoc_resp
.aid
);
2602 "RX %sssocResp from %pM (capab=0x%x status=%d aid=%d)\n",
2603 reassoc
? "Rea" : "A", mgmt
->sa
,
2604 capab_info
, status_code
, (u16
)(aid
& ~(BIT(15) | BIT(14))));
2606 pos
= mgmt
->u
.assoc_resp
.variable
;
2607 ieee802_11_parse_elems(pos
, len
- (pos
- (u8
*) mgmt
), &elems
);
2609 if (status_code
== WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY
&&
2610 elems
.timeout_int
&&
2611 elems
.timeout_int
->type
== WLAN_TIMEOUT_ASSOC_COMEBACK
) {
2613 tu
= le32_to_cpu(elems
.timeout_int
->value
);
2614 ms
= tu
* 1024 / 1000;
2616 "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n",
2618 assoc_data
->timeout
= jiffies
+ msecs_to_jiffies(ms
);
2619 assoc_data
->timeout_started
= true;
2620 if (ms
> IEEE80211_ASSOC_TIMEOUT
)
2621 run_again(ifmgd
, assoc_data
->timeout
);
2622 return RX_MGMT_NONE
;
2625 *bss
= assoc_data
->bss
;
2627 if (status_code
!= WLAN_STATUS_SUCCESS
) {
2628 sdata_info(sdata
, "%pM denied association (code=%d)\n",
2629 mgmt
->sa
, status_code
);
2630 ieee80211_destroy_assoc_data(sdata
, false);
2632 if (!ieee80211_assoc_success(sdata
, *bss
, mgmt
, len
)) {
2633 /* oops -- internal error -- send timeout for now */
2634 ieee80211_destroy_assoc_data(sdata
, false);
2635 cfg80211_put_bss(sdata
->local
->hw
.wiphy
, *bss
);
2636 return RX_MGMT_CFG80211_ASSOC_TIMEOUT
;
2638 sdata_info(sdata
, "associated\n");
2641 * destroy assoc_data afterwards, as otherwise an idle
2642 * recalc after assoc_data is NULL but before associated
2643 * is set can cause the interface to go idle
2645 ieee80211_destroy_assoc_data(sdata
, true);
2648 return RX_MGMT_CFG80211_RX_ASSOC
;
2651 static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data
*sdata
,
2652 struct ieee80211_mgmt
*mgmt
, size_t len
,
2653 struct ieee80211_rx_status
*rx_status
,
2654 struct ieee802_11_elems
*elems
)
2656 struct ieee80211_local
*local
= sdata
->local
;
2658 struct ieee80211_bss
*bss
;
2659 struct ieee80211_channel
*channel
;
2660 bool need_ps
= false;
2662 if ((sdata
->u
.mgd
.associated
&&
2663 ether_addr_equal(mgmt
->bssid
, sdata
->u
.mgd
.associated
->bssid
)) ||
2664 (sdata
->u
.mgd
.assoc_data
&&
2665 ether_addr_equal(mgmt
->bssid
,
2666 sdata
->u
.mgd
.assoc_data
->bss
->bssid
))) {
2667 /* not previously set so we may need to recalc */
2668 need_ps
= sdata
->u
.mgd
.associated
&& !sdata
->u
.mgd
.dtim_period
;
2670 if (elems
->tim
&& !elems
->parse_error
) {
2671 const struct ieee80211_tim_ie
*tim_ie
= elems
->tim
;
2672 sdata
->u
.mgd
.dtim_period
= tim_ie
->dtim_period
;
2676 if (elems
->ds_params
)
2677 freq
= ieee80211_channel_to_frequency(elems
->ds_params
[0],
2680 freq
= rx_status
->freq
;
2682 channel
= ieee80211_get_channel(local
->hw
.wiphy
, freq
);
2684 if (!channel
|| channel
->flags
& IEEE80211_CHAN_DISABLED
)
2687 bss
= ieee80211_bss_info_update(local
, rx_status
, mgmt
, len
, elems
,
2690 ieee80211_rx_bss_put(local
, bss
);
2692 if (!sdata
->u
.mgd
.associated
)
2696 mutex_lock(&local
->iflist_mtx
);
2697 ieee80211_recalc_ps(local
, -1);
2698 mutex_unlock(&local
->iflist_mtx
);
2701 if (elems
->ch_switch_ie
&&
2702 memcmp(mgmt
->bssid
, sdata
->u
.mgd
.associated
->bssid
, ETH_ALEN
) == 0)
2703 ieee80211_sta_process_chanswitch(sdata
, elems
->ch_switch_ie
,
2704 bss
, rx_status
->mactime
);
2708 static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data
*sdata
,
2709 struct sk_buff
*skb
)
2711 struct ieee80211_mgmt
*mgmt
= (void *)skb
->data
;
2712 struct ieee80211_if_managed
*ifmgd
;
2713 struct ieee80211_rx_status
*rx_status
= (void *) skb
->cb
;
2714 size_t baselen
, len
= skb
->len
;
2715 struct ieee802_11_elems elems
;
2717 ifmgd
= &sdata
->u
.mgd
;
2719 ASSERT_MGD_MTX(ifmgd
);
2721 if (!ether_addr_equal(mgmt
->da
, sdata
->vif
.addr
))
2722 return; /* ignore ProbeResp to foreign address */
2724 baselen
= (u8
*) mgmt
->u
.probe_resp
.variable
- (u8
*) mgmt
;
2728 ieee802_11_parse_elems(mgmt
->u
.probe_resp
.variable
, len
- baselen
,
2731 ieee80211_rx_bss_info(sdata
, mgmt
, len
, rx_status
, &elems
);
2733 if (ifmgd
->associated
&&
2734 ether_addr_equal(mgmt
->bssid
, ifmgd
->associated
->bssid
))
2735 ieee80211_reset_ap_probe(sdata
);
2737 if (ifmgd
->auth_data
&& !ifmgd
->auth_data
->bss
->proberesp_ies
&&
2738 ether_addr_equal(mgmt
->bssid
, ifmgd
->auth_data
->bss
->bssid
)) {
2739 /* got probe response, continue with auth */
2740 sdata_info(sdata
, "direct probe responded\n");
2741 ifmgd
->auth_data
->tries
= 0;
2742 ifmgd
->auth_data
->timeout
= jiffies
;
2743 ifmgd
->auth_data
->timeout_started
= true;
2744 run_again(ifmgd
, ifmgd
->auth_data
->timeout
);
2749 * This is the canonical list of information elements we care about,
2750 * the filter code also gives us all changes to the Microsoft OUI
2751 * (00:50:F2) vendor IE which is used for WMM which we need to track.
2753 * We implement beacon filtering in software since that means we can
2754 * avoid processing the frame here and in cfg80211, and userspace
2755 * will not be able to tell whether the hardware supports it or not.
2757 * XXX: This list needs to be dynamic -- userspace needs to be able to
2758 * add items it requires. It also needs to be able to tell us to
2759 * look out for other vendor IEs.
2761 static const u64 care_about_ies
=
2762 (1ULL << WLAN_EID_COUNTRY
) |
2763 (1ULL << WLAN_EID_ERP_INFO
) |
2764 (1ULL << WLAN_EID_CHANNEL_SWITCH
) |
2765 (1ULL << WLAN_EID_PWR_CONSTRAINT
) |
2766 (1ULL << WLAN_EID_HT_CAPABILITY
) |
2767 (1ULL << WLAN_EID_HT_OPERATION
);
2769 static enum rx_mgmt_action
2770 ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data
*sdata
,
2771 struct ieee80211_mgmt
*mgmt
, size_t len
,
2772 u8
*deauth_buf
, struct ieee80211_rx_status
*rx_status
)
2774 struct ieee80211_if_managed
*ifmgd
= &sdata
->u
.mgd
;
2775 struct ieee80211_bss_conf
*bss_conf
= &sdata
->vif
.bss_conf
;
2777 struct ieee802_11_elems elems
;
2778 struct ieee80211_local
*local
= sdata
->local
;
2779 struct ieee80211_chanctx_conf
*chanctx_conf
;
2780 struct ieee80211_channel
*chan
;
2781 struct sta_info
*sta
;
2788 lockdep_assert_held(&ifmgd
->mtx
);
2790 /* Process beacon from the current BSS */
2791 baselen
= (u8
*) mgmt
->u
.beacon
.variable
- (u8
*) mgmt
;
2793 return RX_MGMT_NONE
;
2796 chanctx_conf
= rcu_dereference(sdata
->vif
.chanctx_conf
);
2797 if (!chanctx_conf
) {
2799 return RX_MGMT_NONE
;
2802 if (rx_status
->freq
!= chanctx_conf
->def
.chan
->center_freq
) {
2804 return RX_MGMT_NONE
;
2806 chan
= chanctx_conf
->def
.chan
;
2809 if (ifmgd
->assoc_data
&& ifmgd
->assoc_data
->need_beacon
&&
2810 ether_addr_equal(mgmt
->bssid
, ifmgd
->assoc_data
->bss
->bssid
)) {
2811 ieee802_11_parse_elems(mgmt
->u
.beacon
.variable
,
2812 len
- baselen
, &elems
);
2814 ieee80211_rx_bss_info(sdata
, mgmt
, len
, rx_status
, &elems
);
2815 ifmgd
->assoc_data
->have_beacon
= true;
2816 ifmgd
->assoc_data
->need_beacon
= false;
2817 if (local
->hw
.flags
& IEEE80211_HW_TIMING_BEACON_ONLY
) {
2818 sdata
->vif
.bss_conf
.sync_tsf
=
2819 le64_to_cpu(mgmt
->u
.beacon
.timestamp
);
2820 sdata
->vif
.bss_conf
.sync_device_ts
=
2821 rx_status
->device_timestamp
;
2823 sdata
->vif
.bss_conf
.sync_dtim_count
=
2824 elems
.tim
->dtim_count
;
2826 sdata
->vif
.bss_conf
.sync_dtim_count
= 0;
2828 /* continue assoc process */
2829 ifmgd
->assoc_data
->timeout
= jiffies
;
2830 ifmgd
->assoc_data
->timeout_started
= true;
2831 run_again(ifmgd
, ifmgd
->assoc_data
->timeout
);
2832 return RX_MGMT_NONE
;
2835 if (!ifmgd
->associated
||
2836 !ether_addr_equal(mgmt
->bssid
, ifmgd
->associated
->bssid
))
2837 return RX_MGMT_NONE
;
2838 bssid
= ifmgd
->associated
->bssid
;
2840 /* Track average RSSI from the Beacon frames of the current AP */
2841 ifmgd
->last_beacon_signal
= rx_status
->signal
;
2842 if (ifmgd
->flags
& IEEE80211_STA_RESET_SIGNAL_AVE
) {
2843 ifmgd
->flags
&= ~IEEE80211_STA_RESET_SIGNAL_AVE
;
2844 ifmgd
->ave_beacon_signal
= rx_status
->signal
* 16;
2845 ifmgd
->last_cqm_event_signal
= 0;
2846 ifmgd
->count_beacon_signal
= 1;
2847 ifmgd
->last_ave_beacon_signal
= 0;
2849 ifmgd
->ave_beacon_signal
=
2850 (IEEE80211_SIGNAL_AVE_WEIGHT
* rx_status
->signal
* 16 +
2851 (16 - IEEE80211_SIGNAL_AVE_WEIGHT
) *
2852 ifmgd
->ave_beacon_signal
) / 16;
2853 ifmgd
->count_beacon_signal
++;
2856 if (ifmgd
->rssi_min_thold
!= ifmgd
->rssi_max_thold
&&
2857 ifmgd
->count_beacon_signal
>= IEEE80211_SIGNAL_AVE_MIN_COUNT
) {
2858 int sig
= ifmgd
->ave_beacon_signal
;
2859 int last_sig
= ifmgd
->last_ave_beacon_signal
;
2862 * if signal crosses either of the boundaries, invoke callback
2863 * with appropriate parameters
2865 if (sig
> ifmgd
->rssi_max_thold
&&
2866 (last_sig
<= ifmgd
->rssi_min_thold
|| last_sig
== 0)) {
2867 ifmgd
->last_ave_beacon_signal
= sig
;
2868 drv_rssi_callback(local
, sdata
, RSSI_EVENT_HIGH
);
2869 } else if (sig
< ifmgd
->rssi_min_thold
&&
2870 (last_sig
>= ifmgd
->rssi_max_thold
||
2872 ifmgd
->last_ave_beacon_signal
= sig
;
2873 drv_rssi_callback(local
, sdata
, RSSI_EVENT_LOW
);
2877 if (bss_conf
->cqm_rssi_thold
&&
2878 ifmgd
->count_beacon_signal
>= IEEE80211_SIGNAL_AVE_MIN_COUNT
&&
2879 !(sdata
->vif
.driver_flags
& IEEE80211_VIF_SUPPORTS_CQM_RSSI
)) {
2880 int sig
= ifmgd
->ave_beacon_signal
/ 16;
2881 int last_event
= ifmgd
->last_cqm_event_signal
;
2882 int thold
= bss_conf
->cqm_rssi_thold
;
2883 int hyst
= bss_conf
->cqm_rssi_hyst
;
2885 (last_event
== 0 || sig
< last_event
- hyst
)) {
2886 ifmgd
->last_cqm_event_signal
= sig
;
2887 ieee80211_cqm_rssi_notify(
2889 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW
,
2891 } else if (sig
> thold
&&
2892 (last_event
== 0 || sig
> last_event
+ hyst
)) {
2893 ifmgd
->last_cqm_event_signal
= sig
;
2894 ieee80211_cqm_rssi_notify(
2896 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH
,
2901 if (ifmgd
->flags
& IEEE80211_STA_BEACON_POLL
) {
2902 mlme_dbg_ratelimited(sdata
,
2903 "cancelling AP probe due to a received beacon\n");
2904 mutex_lock(&local
->mtx
);
2905 ifmgd
->flags
&= ~IEEE80211_STA_BEACON_POLL
;
2906 ieee80211_run_deferred_scan(local
);
2907 mutex_unlock(&local
->mtx
);
2909 mutex_lock(&local
->iflist_mtx
);
2910 ieee80211_recalc_ps(local
, -1);
2911 mutex_unlock(&local
->iflist_mtx
);
2915 * Push the beacon loss detection into the future since
2916 * we are processing a beacon from the AP just now.
2918 ieee80211_sta_reset_beacon_monitor(sdata
);
2920 ncrc
= crc32_be(0, (void *)&mgmt
->u
.beacon
.beacon_int
, 4);
2921 ncrc
= ieee802_11_parse_elems_crc(mgmt
->u
.beacon
.variable
,
2922 len
- baselen
, &elems
,
2923 care_about_ies
, ncrc
);
2925 if (local
->hw
.flags
& IEEE80211_HW_PS_NULLFUNC_STACK
) {
2926 bool directed_tim
= ieee80211_check_tim(elems
.tim
,
2930 if (local
->hw
.conf
.dynamic_ps_timeout
> 0) {
2931 if (local
->hw
.conf
.flags
& IEEE80211_CONF_PS
) {
2932 local
->hw
.conf
.flags
&= ~IEEE80211_CONF_PS
;
2933 ieee80211_hw_config(local
,
2934 IEEE80211_CONF_CHANGE_PS
);
2936 ieee80211_send_nullfunc(local
, sdata
, 0);
2937 } else if (!local
->pspolling
&& sdata
->u
.mgd
.powersave
) {
2938 local
->pspolling
= true;
2941 * Here is assumed that the driver will be
2942 * able to send ps-poll frame and receive a
2943 * response even though power save mode is
2944 * enabled, but some drivers might require
2945 * to disable power save here. This needs
2946 * to be investigated.
2948 ieee80211_send_pspoll(local
, sdata
);
2953 if (sdata
->vif
.p2p
) {
2954 struct ieee80211_p2p_noa_attr noa
= {};
2957 ret
= cfg80211_get_p2p_attr(mgmt
->u
.beacon
.variable
,
2959 IEEE80211_P2P_ATTR_ABSENCE_NOTICE
,
2960 (u8
*) &noa
, sizeof(noa
));
2962 if (sdata
->u
.mgd
.p2p_noa_index
!= noa
.index
) {
2963 /* valid noa_attr and index changed */
2964 sdata
->u
.mgd
.p2p_noa_index
= noa
.index
;
2965 memcpy(&bss_conf
->p2p_noa_attr
, &noa
, sizeof(noa
));
2966 changed
|= BSS_CHANGED_P2P_PS
;
2968 * make sure we update all information, the CRC
2969 * mechanism doesn't look at P2P attributes.
2971 ifmgd
->beacon_crc_valid
= false;
2973 } else if (sdata
->u
.mgd
.p2p_noa_index
!= -1) {
2974 /* noa_attr not found and we had valid noa_attr before */
2975 sdata
->u
.mgd
.p2p_noa_index
= -1;
2976 memset(&bss_conf
->p2p_noa_attr
, 0, sizeof(bss_conf
->p2p_noa_attr
));
2977 changed
|= BSS_CHANGED_P2P_PS
;
2978 ifmgd
->beacon_crc_valid
= false;
2982 if (ncrc
== ifmgd
->beacon_crc
&& ifmgd
->beacon_crc_valid
)
2983 return RX_MGMT_NONE
;
2984 ifmgd
->beacon_crc
= ncrc
;
2985 ifmgd
->beacon_crc_valid
= true;
2987 ieee80211_rx_bss_info(sdata
, mgmt
, len
, rx_status
, &elems
);
2989 if (ieee80211_sta_wmm_params(local
, sdata
, elems
.wmm_param
,
2990 elems
.wmm_param_len
))
2991 changed
|= BSS_CHANGED_QOS
;
2994 * If we haven't had a beacon before, tell the driver about the
2995 * DTIM period (and beacon timing if desired) now.
2997 if (!bss_conf
->dtim_period
) {
2998 /* a few bogus AP send dtim_period = 0 or no TIM IE */
3000 bss_conf
->dtim_period
= elems
.tim
->dtim_period
?: 1;
3002 bss_conf
->dtim_period
= 1;
3004 if (local
->hw
.flags
& IEEE80211_HW_TIMING_BEACON_ONLY
) {
3005 sdata
->vif
.bss_conf
.sync_tsf
=
3006 le64_to_cpu(mgmt
->u
.beacon
.timestamp
);
3007 sdata
->vif
.bss_conf
.sync_device_ts
=
3008 rx_status
->device_timestamp
;
3010 sdata
->vif
.bss_conf
.sync_dtim_count
=
3011 elems
.tim
->dtim_count
;
3013 sdata
->vif
.bss_conf
.sync_dtim_count
= 0;
3016 changed
|= BSS_CHANGED_DTIM_PERIOD
;
3019 if (elems
.erp_info
) {
3021 erp_value
= elems
.erp_info
[0];
3025 changed
|= ieee80211_handle_bss_capability(sdata
,
3026 le16_to_cpu(mgmt
->u
.beacon
.capab_info
),
3027 erp_valid
, erp_value
);
3029 mutex_lock(&local
->sta_mtx
);
3030 sta
= sta_info_get(sdata
, bssid
);
3032 if (ieee80211_config_bw(sdata
, sta
, elems
.ht_operation
,
3033 elems
.vht_operation
, bssid
, &changed
)) {
3034 mutex_unlock(&local
->sta_mtx
);
3035 ieee80211_set_disassoc(sdata
, IEEE80211_STYPE_DEAUTH
,
3036 WLAN_REASON_DEAUTH_LEAVING
,
3038 return RX_MGMT_CFG80211_TX_DEAUTH
;
3041 if (sta
&& elems
.opmode_notif
)
3042 ieee80211_vht_handle_opmode(sdata
, sta
, *elems
.opmode_notif
,
3043 rx_status
->band
, true);
3044 mutex_unlock(&local
->sta_mtx
);
3046 if (elems
.country_elem
&& elems
.pwr_constr_elem
&&
3047 mgmt
->u
.probe_resp
.capab_info
&
3048 cpu_to_le16(WLAN_CAPABILITY_SPECTRUM_MGMT
))
3049 changed
|= ieee80211_handle_pwr_constr(sdata
, chan
,
3051 elems
.country_elem_len
,
3052 elems
.pwr_constr_elem
);
3054 ieee80211_bss_info_change_notify(sdata
, changed
);
3056 return RX_MGMT_NONE
;
3059 void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data
*sdata
,
3060 struct sk_buff
*skb
)
3062 struct ieee80211_if_managed
*ifmgd
= &sdata
->u
.mgd
;
3063 struct ieee80211_rx_status
*rx_status
;
3064 struct ieee80211_mgmt
*mgmt
;
3065 struct cfg80211_bss
*bss
= NULL
;
3066 enum rx_mgmt_action rma
= RX_MGMT_NONE
;
3067 u8 deauth_buf
[IEEE80211_DEAUTH_FRAME_LEN
];
3070 rx_status
= (struct ieee80211_rx_status
*) skb
->cb
;
3071 mgmt
= (struct ieee80211_mgmt
*) skb
->data
;
3072 fc
= le16_to_cpu(mgmt
->frame_control
);
3074 mutex_lock(&ifmgd
->mtx
);
3076 switch (fc
& IEEE80211_FCTL_STYPE
) {
3077 case IEEE80211_STYPE_BEACON
:
3078 rma
= ieee80211_rx_mgmt_beacon(sdata
, mgmt
, skb
->len
,
3079 deauth_buf
, rx_status
);
3081 case IEEE80211_STYPE_PROBE_RESP
:
3082 ieee80211_rx_mgmt_probe_resp(sdata
, skb
);
3084 case IEEE80211_STYPE_AUTH
:
3085 rma
= ieee80211_rx_mgmt_auth(sdata
, mgmt
, skb
->len
);
3087 case IEEE80211_STYPE_DEAUTH
:
3088 rma
= ieee80211_rx_mgmt_deauth(sdata
, mgmt
, skb
->len
);
3090 case IEEE80211_STYPE_DISASSOC
:
3091 rma
= ieee80211_rx_mgmt_disassoc(sdata
, mgmt
, skb
->len
);
3093 case IEEE80211_STYPE_ASSOC_RESP
:
3094 case IEEE80211_STYPE_REASSOC_RESP
:
3095 rma
= ieee80211_rx_mgmt_assoc_resp(sdata
, mgmt
, skb
->len
, &bss
);
3097 case IEEE80211_STYPE_ACTION
:
3098 switch (mgmt
->u
.action
.category
) {
3099 case WLAN_CATEGORY_SPECTRUM_MGMT
:
3100 ieee80211_sta_process_chanswitch(sdata
,
3101 &mgmt
->u
.action
.u
.chan_switch
.sw_elem
,
3102 (void *)ifmgd
->associated
->priv
,
3103 rx_status
->mactime
);
3107 mutex_unlock(&ifmgd
->mtx
);
3113 case RX_MGMT_CFG80211_DEAUTH
:
3114 cfg80211_send_deauth(sdata
->dev
, (u8
*)mgmt
, skb
->len
);
3116 case RX_MGMT_CFG80211_DISASSOC
:
3117 cfg80211_send_disassoc(sdata
->dev
, (u8
*)mgmt
, skb
->len
);
3119 case RX_MGMT_CFG80211_RX_AUTH
:
3120 cfg80211_send_rx_auth(sdata
->dev
, (u8
*)mgmt
, skb
->len
);
3122 case RX_MGMT_CFG80211_RX_ASSOC
:
3123 cfg80211_send_rx_assoc(sdata
->dev
, bss
, (u8
*)mgmt
, skb
->len
);
3125 case RX_MGMT_CFG80211_ASSOC_TIMEOUT
:
3126 cfg80211_send_assoc_timeout(sdata
->dev
, mgmt
->bssid
);
3128 case RX_MGMT_CFG80211_TX_DEAUTH
:
3129 cfg80211_send_deauth(sdata
->dev
, deauth_buf
,
3130 sizeof(deauth_buf
));
3133 WARN(1, "unexpected: %d", rma
);
3137 static void ieee80211_sta_timer(unsigned long data
)
3139 struct ieee80211_sub_if_data
*sdata
=
3140 (struct ieee80211_sub_if_data
*) data
;
3142 ieee80211_queue_work(&sdata
->local
->hw
, &sdata
->work
);
3145 static void ieee80211_sta_connection_lost(struct ieee80211_sub_if_data
*sdata
,
3146 u8
*bssid
, u8 reason
, bool tx
)
3148 struct ieee80211_if_managed
*ifmgd
= &sdata
->u
.mgd
;
3149 u8 frame_buf
[IEEE80211_DEAUTH_FRAME_LEN
];
3151 ieee80211_set_disassoc(sdata
, IEEE80211_STYPE_DEAUTH
, reason
,
3153 mutex_unlock(&ifmgd
->mtx
);
3156 * must be outside lock due to cfg80211,
3157 * but that's not a problem.
3159 cfg80211_send_deauth(sdata
->dev
, frame_buf
, IEEE80211_DEAUTH_FRAME_LEN
);
3161 mutex_lock(&ifmgd
->mtx
);
3164 static int ieee80211_probe_auth(struct ieee80211_sub_if_data
*sdata
)
3166 struct ieee80211_local
*local
= sdata
->local
;
3167 struct ieee80211_if_managed
*ifmgd
= &sdata
->u
.mgd
;
3168 struct ieee80211_mgd_auth_data
*auth_data
= ifmgd
->auth_data
;
3171 lockdep_assert_held(&ifmgd
->mtx
);
3173 if (WARN_ON_ONCE(!auth_data
))
3176 if (local
->hw
.flags
& IEEE80211_HW_REPORTS_TX_ACK_STATUS
)
3177 tx_flags
= IEEE80211_TX_CTL_REQ_TX_STATUS
|
3178 IEEE80211_TX_INTFL_MLME_CONN_TX
;
3182 if (auth_data
->tries
> IEEE80211_AUTH_MAX_TRIES
) {
3183 sdata_info(sdata
, "authentication with %pM timed out\n",
3184 auth_data
->bss
->bssid
);
3187 * Most likely AP is not in the range so remove the
3188 * bss struct for that AP.
3190 cfg80211_unlink_bss(local
->hw
.wiphy
, auth_data
->bss
);
3195 drv_mgd_prepare_tx(local
, sdata
);
3197 if (auth_data
->bss
->proberesp_ies
) {
3201 sdata_info(sdata
, "send auth to %pM (try %d/%d)\n",
3202 auth_data
->bss
->bssid
, auth_data
->tries
,
3203 IEEE80211_AUTH_MAX_TRIES
);
3205 auth_data
->expected_transaction
= 2;
3207 if (auth_data
->algorithm
== WLAN_AUTH_SAE
) {
3208 trans
= auth_data
->sae_trans
;
3209 status
= auth_data
->sae_status
;
3210 auth_data
->expected_transaction
= trans
;
3213 ieee80211_send_auth(sdata
, trans
, auth_data
->algorithm
, status
,
3214 auth_data
->data
, auth_data
->data_len
,
3215 auth_data
->bss
->bssid
,
3216 auth_data
->bss
->bssid
, NULL
, 0, 0,
3221 sdata_info(sdata
, "direct probe to %pM (try %d/%i)\n",
3222 auth_data
->bss
->bssid
, auth_data
->tries
,
3223 IEEE80211_AUTH_MAX_TRIES
);
3226 ssidie
= ieee80211_bss_get_ie(auth_data
->bss
, WLAN_EID_SSID
);
3232 * Direct probe is sent to broadcast address as some APs
3233 * will not answer to direct packet in unassociated state.
3235 ieee80211_send_probe_req(sdata
, NULL
, ssidie
+ 2, ssidie
[1],
3236 NULL
, 0, (u32
) -1, true, tx_flags
,
3237 auth_data
->bss
->channel
, false);
3241 if (!(local
->hw
.flags
& IEEE80211_HW_REPORTS_TX_ACK_STATUS
)) {
3242 auth_data
->timeout
= jiffies
+ IEEE80211_AUTH_TIMEOUT
;
3243 ifmgd
->auth_data
->timeout_started
= true;
3244 run_again(ifmgd
, auth_data
->timeout
);
3246 auth_data
->timeout_started
= false;
3252 static int ieee80211_do_assoc(struct ieee80211_sub_if_data
*sdata
)
3254 struct ieee80211_mgd_assoc_data
*assoc_data
= sdata
->u
.mgd
.assoc_data
;
3255 struct ieee80211_local
*local
= sdata
->local
;
3257 lockdep_assert_held(&sdata
->u
.mgd
.mtx
);
3259 assoc_data
->tries
++;
3260 if (assoc_data
->tries
> IEEE80211_ASSOC_MAX_TRIES
) {
3261 sdata_info(sdata
, "association with %pM timed out\n",
3262 assoc_data
->bss
->bssid
);
3265 * Most likely AP is not in the range so remove the
3266 * bss struct for that AP.
3268 cfg80211_unlink_bss(local
->hw
.wiphy
, assoc_data
->bss
);
3273 sdata_info(sdata
, "associate with %pM (try %d/%d)\n",
3274 assoc_data
->bss
->bssid
, assoc_data
->tries
,
3275 IEEE80211_ASSOC_MAX_TRIES
);
3276 ieee80211_send_assoc(sdata
);
3278 if (!(local
->hw
.flags
& IEEE80211_HW_REPORTS_TX_ACK_STATUS
)) {
3279 assoc_data
->timeout
= jiffies
+ IEEE80211_ASSOC_TIMEOUT
;
3280 assoc_data
->timeout_started
= true;
3281 run_again(&sdata
->u
.mgd
, assoc_data
->timeout
);
3283 assoc_data
->timeout_started
= false;
3289 void ieee80211_mgd_conn_tx_status(struct ieee80211_sub_if_data
*sdata
,
3290 __le16 fc
, bool acked
)
3292 struct ieee80211_local
*local
= sdata
->local
;
3294 sdata
->u
.mgd
.status_fc
= fc
;
3295 sdata
->u
.mgd
.status_acked
= acked
;
3296 sdata
->u
.mgd
.status_received
= true;
3298 ieee80211_queue_work(&local
->hw
, &sdata
->work
);
3301 void ieee80211_sta_work(struct ieee80211_sub_if_data
*sdata
)
3303 struct ieee80211_local
*local
= sdata
->local
;
3304 struct ieee80211_if_managed
*ifmgd
= &sdata
->u
.mgd
;
3306 mutex_lock(&ifmgd
->mtx
);
3308 if (ifmgd
->status_received
) {
3309 __le16 fc
= ifmgd
->status_fc
;
3310 bool status_acked
= ifmgd
->status_acked
;
3312 ifmgd
->status_received
= false;
3313 if (ifmgd
->auth_data
&&
3314 (ieee80211_is_probe_req(fc
) || ieee80211_is_auth(fc
))) {
3316 ifmgd
->auth_data
->timeout
=
3317 jiffies
+ IEEE80211_AUTH_TIMEOUT_SHORT
;
3318 run_again(ifmgd
, ifmgd
->auth_data
->timeout
);
3320 ifmgd
->auth_data
->timeout
= jiffies
- 1;
3322 ifmgd
->auth_data
->timeout_started
= true;
3323 } else if (ifmgd
->assoc_data
&&
3324 (ieee80211_is_assoc_req(fc
) ||
3325 ieee80211_is_reassoc_req(fc
))) {
3327 ifmgd
->assoc_data
->timeout
=
3328 jiffies
+ IEEE80211_ASSOC_TIMEOUT_SHORT
;
3329 run_again(ifmgd
, ifmgd
->assoc_data
->timeout
);
3331 ifmgd
->assoc_data
->timeout
= jiffies
- 1;
3333 ifmgd
->assoc_data
->timeout_started
= true;
3337 if (ifmgd
->auth_data
&& ifmgd
->auth_data
->timeout_started
&&
3338 time_after(jiffies
, ifmgd
->auth_data
->timeout
)) {
3339 if (ifmgd
->auth_data
->done
) {
3341 * ok ... we waited for assoc but userspace didn't,
3342 * so let's just kill the auth data
3344 ieee80211_destroy_auth_data(sdata
, false);
3345 } else if (ieee80211_probe_auth(sdata
)) {
3348 memcpy(bssid
, ifmgd
->auth_data
->bss
->bssid
, ETH_ALEN
);
3350 ieee80211_destroy_auth_data(sdata
, false);
3352 mutex_unlock(&ifmgd
->mtx
);
3353 cfg80211_send_auth_timeout(sdata
->dev
, bssid
);
3354 mutex_lock(&ifmgd
->mtx
);
3356 } else if (ifmgd
->auth_data
&& ifmgd
->auth_data
->timeout_started
)
3357 run_again(ifmgd
, ifmgd
->auth_data
->timeout
);
3359 if (ifmgd
->assoc_data
&& ifmgd
->assoc_data
->timeout_started
&&
3360 time_after(jiffies
, ifmgd
->assoc_data
->timeout
)) {
3361 if ((ifmgd
->assoc_data
->need_beacon
&&
3362 !ifmgd
->assoc_data
->have_beacon
) ||
3363 ieee80211_do_assoc(sdata
)) {
3366 memcpy(bssid
, ifmgd
->assoc_data
->bss
->bssid
, ETH_ALEN
);
3368 ieee80211_destroy_assoc_data(sdata
, false);
3370 mutex_unlock(&ifmgd
->mtx
);
3371 cfg80211_send_assoc_timeout(sdata
->dev
, bssid
);
3372 mutex_lock(&ifmgd
->mtx
);
3374 } else if (ifmgd
->assoc_data
&& ifmgd
->assoc_data
->timeout_started
)
3375 run_again(ifmgd
, ifmgd
->assoc_data
->timeout
);
3377 if (ifmgd
->flags
& (IEEE80211_STA_BEACON_POLL
|
3378 IEEE80211_STA_CONNECTION_POLL
) &&
3379 ifmgd
->associated
) {
3383 memcpy(bssid
, ifmgd
->associated
->bssid
, ETH_ALEN
);
3385 if (local
->hw
.flags
& IEEE80211_HW_REPORTS_TX_ACK_STATUS
)
3386 max_tries
= max_nullfunc_tries
;
3388 max_tries
= max_probe_tries
;
3390 /* ACK received for nullfunc probing frame */
3391 if (!ifmgd
->probe_send_count
)
3392 ieee80211_reset_ap_probe(sdata
);
3393 else if (ifmgd
->nullfunc_failed
) {
3394 if (ifmgd
->probe_send_count
< max_tries
) {
3396 "No ack for nullfunc frame to AP %pM, try %d/%i\n",
3397 bssid
, ifmgd
->probe_send_count
,
3399 ieee80211_mgd_probe_ap_send(sdata
);
3402 "No ack for nullfunc frame to AP %pM, disconnecting.\n",
3404 ieee80211_sta_connection_lost(sdata
, bssid
,
3405 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY
,
3408 } else if (time_is_after_jiffies(ifmgd
->probe_timeout
))
3409 run_again(ifmgd
, ifmgd
->probe_timeout
);
3410 else if (local
->hw
.flags
& IEEE80211_HW_REPORTS_TX_ACK_STATUS
) {
3412 "Failed to send nullfunc to AP %pM after %dms, disconnecting\n",
3413 bssid
, probe_wait_ms
);
3414 ieee80211_sta_connection_lost(sdata
, bssid
,
3415 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY
, false);
3416 } else if (ifmgd
->probe_send_count
< max_tries
) {
3418 "No probe response from AP %pM after %dms, try %d/%i\n",
3419 bssid
, probe_wait_ms
,
3420 ifmgd
->probe_send_count
, max_tries
);
3421 ieee80211_mgd_probe_ap_send(sdata
);
3424 * We actually lost the connection ... or did we?
3427 wiphy_debug(local
->hw
.wiphy
,
3428 "%s: No probe response from AP %pM"
3429 " after %dms, disconnecting.\n",
3431 bssid
, probe_wait_ms
);
3433 ieee80211_sta_connection_lost(sdata
, bssid
,
3434 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY
, false);
3438 mutex_unlock(&ifmgd
->mtx
);
3441 static void ieee80211_sta_bcn_mon_timer(unsigned long data
)
3443 struct ieee80211_sub_if_data
*sdata
=
3444 (struct ieee80211_sub_if_data
*) data
;
3445 struct ieee80211_local
*local
= sdata
->local
;
3447 if (local
->quiescing
)
3450 sdata
->u
.mgd
.connection_loss
= false;
3451 ieee80211_queue_work(&sdata
->local
->hw
,
3452 &sdata
->u
.mgd
.beacon_connection_loss_work
);
3455 static void ieee80211_sta_conn_mon_timer(unsigned long data
)
3457 struct ieee80211_sub_if_data
*sdata
=
3458 (struct ieee80211_sub_if_data
*) data
;
3459 struct ieee80211_if_managed
*ifmgd
= &sdata
->u
.mgd
;
3460 struct ieee80211_local
*local
= sdata
->local
;
3462 if (local
->quiescing
)
3465 ieee80211_queue_work(&local
->hw
, &ifmgd
->monitor_work
);
3468 static void ieee80211_sta_monitor_work(struct work_struct
*work
)
3470 struct ieee80211_sub_if_data
*sdata
=
3471 container_of(work
, struct ieee80211_sub_if_data
,
3472 u
.mgd
.monitor_work
);
3474 ieee80211_mgd_probe_ap(sdata
, false);
3477 static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data
*sdata
)
3481 if (sdata
->vif
.type
== NL80211_IFTYPE_STATION
) {
3482 __ieee80211_stop_poll(sdata
);
3484 /* let's probe the connection once */
3485 flags
= sdata
->local
->hw
.flags
;
3486 if (!(flags
& IEEE80211_HW_CONNECTION_MONITOR
))
3487 ieee80211_queue_work(&sdata
->local
->hw
,
3488 &sdata
->u
.mgd
.monitor_work
);
3489 /* and do all the other regular work too */
3490 ieee80211_queue_work(&sdata
->local
->hw
, &sdata
->work
);
3494 /* interface setup */
3495 void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data
*sdata
)
3497 struct ieee80211_if_managed
*ifmgd
;
3499 ifmgd
= &sdata
->u
.mgd
;
3500 INIT_WORK(&ifmgd
->monitor_work
, ieee80211_sta_monitor_work
);
3501 INIT_WORK(&ifmgd
->chswitch_work
, ieee80211_chswitch_work
);
3502 INIT_WORK(&ifmgd
->beacon_connection_loss_work
,
3503 ieee80211_beacon_connection_loss_work
);
3504 INIT_WORK(&ifmgd
->csa_connection_drop_work
,
3505 ieee80211_csa_connection_drop_work
);
3506 INIT_WORK(&ifmgd
->request_smps_work
, ieee80211_request_smps_work
);
3507 setup_timer(&ifmgd
->timer
, ieee80211_sta_timer
,
3508 (unsigned long) sdata
);
3509 setup_timer(&ifmgd
->bcn_mon_timer
, ieee80211_sta_bcn_mon_timer
,
3510 (unsigned long) sdata
);
3511 setup_timer(&ifmgd
->conn_mon_timer
, ieee80211_sta_conn_mon_timer
,
3512 (unsigned long) sdata
);
3513 setup_timer(&ifmgd
->chswitch_timer
, ieee80211_chswitch_timer
,
3514 (unsigned long) sdata
);
3517 ifmgd
->powersave
= sdata
->wdev
.ps
;
3518 ifmgd
->uapsd_queues
= sdata
->local
->hw
.uapsd_queues
;
3519 ifmgd
->uapsd_max_sp_len
= sdata
->local
->hw
.uapsd_max_sp_len
;
3520 ifmgd
->p2p_noa_index
= -1;
3522 mutex_init(&ifmgd
->mtx
);
3524 if (sdata
->local
->hw
.flags
& IEEE80211_HW_SUPPORTS_DYNAMIC_SMPS
)
3525 ifmgd
->req_smps
= IEEE80211_SMPS_AUTOMATIC
;
3527 ifmgd
->req_smps
= IEEE80211_SMPS_OFF
;
3530 /* scan finished notification */
3531 void ieee80211_mlme_notify_scan_completed(struct ieee80211_local
*local
)
3533 struct ieee80211_sub_if_data
*sdata
;
3535 /* Restart STA timers */
3537 list_for_each_entry_rcu(sdata
, &local
->interfaces
, list
) {
3538 if (ieee80211_sdata_running(sdata
))
3539 ieee80211_restart_sta_timer(sdata
);
3544 int ieee80211_max_network_latency(struct notifier_block
*nb
,
3545 unsigned long data
, void *dummy
)
3547 s32 latency_usec
= (s32
) data
;
3548 struct ieee80211_local
*local
=
3549 container_of(nb
, struct ieee80211_local
,
3550 network_latency_notifier
);
3552 mutex_lock(&local
->iflist_mtx
);
3553 ieee80211_recalc_ps(local
, latency_usec
);
3554 mutex_unlock(&local
->iflist_mtx
);
3559 static u8
ieee80211_ht_vht_rx_chains(struct ieee80211_sub_if_data
*sdata
,
3560 struct cfg80211_bss
*cbss
)
3562 struct ieee80211_if_managed
*ifmgd
= &sdata
->u
.mgd
;
3563 const u8
*ht_cap_ie
, *vht_cap_ie
;
3564 const struct ieee80211_ht_cap
*ht_cap
;
3565 const struct ieee80211_vht_cap
*vht_cap
;
3568 if (ifmgd
->flags
& IEEE80211_STA_DISABLE_HT
)
3571 ht_cap_ie
= ieee80211_bss_get_ie(cbss
, WLAN_EID_HT_CAPABILITY
);
3572 if (ht_cap_ie
&& ht_cap_ie
[1] >= sizeof(*ht_cap
)) {
3573 ht_cap
= (void *)(ht_cap_ie
+ 2);
3574 chains
= ieee80211_mcs_to_chains(&ht_cap
->mcs
);
3576 * TODO: use "Tx Maximum Number Spatial Streams Supported" and
3577 * "Tx Unequal Modulation Supported" fields.
3581 if (ifmgd
->flags
& IEEE80211_STA_DISABLE_VHT
)
3584 vht_cap_ie
= ieee80211_bss_get_ie(cbss
, WLAN_EID_VHT_CAPABILITY
);
3585 if (vht_cap_ie
&& vht_cap_ie
[1] >= sizeof(*vht_cap
)) {
3589 vht_cap
= (void *)(vht_cap_ie
+ 2);
3590 tx_mcs_map
= le16_to_cpu(vht_cap
->supp_mcs
.tx_mcs_map
);
3591 for (nss
= 8; nss
> 0; nss
--) {
3592 if (((tx_mcs_map
>> (2 * (nss
- 1))) & 3) !=
3593 IEEE80211_VHT_MCS_NOT_SUPPORTED
)
3596 /* TODO: use "Tx Highest Supported Long GI Data Rate" field? */
3597 chains
= max(chains
, nss
);
3603 static int ieee80211_prep_channel(struct ieee80211_sub_if_data
*sdata
,
3604 struct cfg80211_bss
*cbss
)
3606 struct ieee80211_local
*local
= sdata
->local
;
3607 struct ieee80211_if_managed
*ifmgd
= &sdata
->u
.mgd
;
3608 const struct ieee80211_ht_operation
*ht_oper
= NULL
;
3609 const struct ieee80211_vht_operation
*vht_oper
= NULL
;
3610 struct ieee80211_supported_band
*sband
;
3611 struct cfg80211_chan_def chandef
;
3614 sband
= local
->hw
.wiphy
->bands
[cbss
->channel
->band
];
3616 ifmgd
->flags
&= ~(IEEE80211_STA_DISABLE_40MHZ
|
3617 IEEE80211_STA_DISABLE_80P80MHZ
|
3618 IEEE80211_STA_DISABLE_160MHZ
);
3622 if (!(ifmgd
->flags
& IEEE80211_STA_DISABLE_HT
) &&
3623 sband
->ht_cap
.ht_supported
) {
3624 const u8
*ht_oper_ie
, *ht_cap
;
3626 ht_oper_ie
= ieee80211_bss_get_ie(cbss
, WLAN_EID_HT_OPERATION
);
3627 if (ht_oper_ie
&& ht_oper_ie
[1] >= sizeof(*ht_oper
))
3628 ht_oper
= (void *)(ht_oper_ie
+ 2);
3630 ht_cap
= ieee80211_bss_get_ie(cbss
, WLAN_EID_HT_CAPABILITY
);
3631 if (!ht_cap
|| ht_cap
[1] < sizeof(struct ieee80211_ht_cap
)) {
3632 ifmgd
->flags
|= IEEE80211_STA_DISABLE_HT
;
3637 if (!(ifmgd
->flags
& IEEE80211_STA_DISABLE_VHT
) &&
3638 sband
->vht_cap
.vht_supported
) {
3639 const u8
*vht_oper_ie
, *vht_cap
;
3641 vht_oper_ie
= ieee80211_bss_get_ie(cbss
,
3642 WLAN_EID_VHT_OPERATION
);
3643 if (vht_oper_ie
&& vht_oper_ie
[1] >= sizeof(*vht_oper
))
3644 vht_oper
= (void *)(vht_oper_ie
+ 2);
3645 if (vht_oper
&& !ht_oper
) {
3648 "AP advertised VHT without HT, disabling both\n");
3649 ifmgd
->flags
|= IEEE80211_STA_DISABLE_HT
;
3650 ifmgd
->flags
|= IEEE80211_STA_DISABLE_VHT
;
3653 vht_cap
= ieee80211_bss_get_ie(cbss
, WLAN_EID_VHT_CAPABILITY
);
3654 if (!vht_cap
|| vht_cap
[1] < sizeof(struct ieee80211_vht_cap
)) {
3655 ifmgd
->flags
|= IEEE80211_STA_DISABLE_VHT
;
3660 ifmgd
->flags
|= ieee80211_determine_chantype(sdata
, sband
,
3665 sdata
->needed_rx_chains
= min(ieee80211_ht_vht_rx_chains(sdata
, cbss
),
3670 /* will change later if needed */
3671 sdata
->smps_mode
= IEEE80211_SMPS_OFF
;
3674 * If this fails (possibly due to channel context sharing
3675 * on incompatible channels, e.g. 80+80 and 160 sharing the
3676 * same control channel) try to use a smaller bandwidth.
3678 ret
= ieee80211_vif_use_channel(sdata
, &chandef
,
3679 IEEE80211_CHANCTX_SHARED
);
3680 while (ret
&& chandef
.width
!= NL80211_CHAN_WIDTH_20_NOHT
) {
3681 ifmgd
->flags
|= chandef_downgrade(&chandef
);
3682 ret
= ieee80211_vif_use_channel(sdata
, &chandef
,
3683 IEEE80211_CHANCTX_SHARED
);
3688 static int ieee80211_prep_connection(struct ieee80211_sub_if_data
*sdata
,
3689 struct cfg80211_bss
*cbss
, bool assoc
)
3691 struct ieee80211_local
*local
= sdata
->local
;
3692 struct ieee80211_if_managed
*ifmgd
= &sdata
->u
.mgd
;
3693 struct ieee80211_bss
*bss
= (void *)cbss
->priv
;
3694 struct sta_info
*new_sta
= NULL
;
3695 bool have_sta
= false;
3698 if (WARN_ON(!ifmgd
->auth_data
&& !ifmgd
->assoc_data
))
3703 have_sta
= sta_info_get(sdata
, cbss
->bssid
);
3708 new_sta
= sta_info_alloc(sdata
, cbss
->bssid
, GFP_KERNEL
);
3714 u32 rates
= 0, basic_rates
= 0;
3715 bool have_higher_than_11mbit
;
3716 int min_rate
= INT_MAX
, min_rate_index
= -1;
3717 struct ieee80211_supported_band
*sband
;
3718 const struct cfg80211_bss_ies
*ies
;
3720 sband
= local
->hw
.wiphy
->bands
[cbss
->channel
->band
];
3722 err
= ieee80211_prep_channel(sdata
, cbss
);
3724 sta_info_free(local
, new_sta
);
3728 ieee80211_get_rates(sband
, bss
->supp_rates
,
3729 bss
->supp_rates_len
,
3730 &rates
, &basic_rates
,
3731 &have_higher_than_11mbit
,
3732 &min_rate
, &min_rate_index
);
3735 * This used to be a workaround for basic rates missing
3736 * in the association response frame. Now that we no
3737 * longer use the basic rates from there, it probably
3738 * doesn't happen any more, but keep the workaround so
3739 * in case some *other* APs are buggy in different ways
3740 * we can connect -- with a warning.
3742 if (!basic_rates
&& min_rate_index
>= 0) {
3744 "No basic rates, using min rate instead\n");
3745 basic_rates
= BIT(min_rate_index
);
3748 new_sta
->sta
.supp_rates
[cbss
->channel
->band
] = rates
;
3749 sdata
->vif
.bss_conf
.basic_rates
= basic_rates
;
3751 /* cf. IEEE 802.11 9.2.12 */
3752 if (cbss
->channel
->band
== IEEE80211_BAND_2GHZ
&&
3753 have_higher_than_11mbit
)
3754 sdata
->flags
|= IEEE80211_SDATA_OPERATING_GMODE
;
3756 sdata
->flags
&= ~IEEE80211_SDATA_OPERATING_GMODE
;
3758 memcpy(ifmgd
->bssid
, cbss
->bssid
, ETH_ALEN
);
3760 /* set timing information */
3761 sdata
->vif
.bss_conf
.beacon_int
= cbss
->beacon_interval
;
3763 ies
= rcu_dereference(cbss
->beacon_ies
);
3767 sdata
->vif
.bss_conf
.sync_tsf
= ies
->tsf
;
3768 sdata
->vif
.bss_conf
.sync_device_ts
=
3769 bss
->device_ts_beacon
;
3770 tim_ie
= cfg80211_find_ie(WLAN_EID_TIM
,
3771 ies
->data
, ies
->len
);
3772 if (tim_ie
&& tim_ie
[1] >= 2)
3773 sdata
->vif
.bss_conf
.sync_dtim_count
= tim_ie
[2];
3775 sdata
->vif
.bss_conf
.sync_dtim_count
= 0;
3776 } else if (!(local
->hw
.flags
&
3777 IEEE80211_HW_TIMING_BEACON_ONLY
)) {
3778 ies
= rcu_dereference(cbss
->proberesp_ies
);
3779 /* must be non-NULL since beacon IEs were NULL */
3780 sdata
->vif
.bss_conf
.sync_tsf
= ies
->tsf
;
3781 sdata
->vif
.bss_conf
.sync_device_ts
=
3782 bss
->device_ts_presp
;
3783 sdata
->vif
.bss_conf
.sync_dtim_count
= 0;
3785 sdata
->vif
.bss_conf
.sync_tsf
= 0;
3786 sdata
->vif
.bss_conf
.sync_device_ts
= 0;
3787 sdata
->vif
.bss_conf
.sync_dtim_count
= 0;
3791 /* tell driver about BSSID, basic rates and timing */
3792 ieee80211_bss_info_change_notify(sdata
,
3793 BSS_CHANGED_BSSID
| BSS_CHANGED_BASIC_RATES
|
3794 BSS_CHANGED_BEACON_INT
);
3797 sta_info_pre_move_state(new_sta
, IEEE80211_STA_AUTH
);
3799 err
= sta_info_insert(new_sta
);
3803 "failed to insert STA entry for the AP (error %d)\n",
3808 WARN_ON_ONCE(!ether_addr_equal(ifmgd
->bssid
, cbss
->bssid
));
3814 int ieee80211_mgd_auth(struct ieee80211_sub_if_data
*sdata
,
3815 struct cfg80211_auth_request
*req
)
3817 struct ieee80211_local
*local
= sdata
->local
;
3818 struct ieee80211_if_managed
*ifmgd
= &sdata
->u
.mgd
;
3819 struct ieee80211_mgd_auth_data
*auth_data
;
3823 /* prepare auth data structure */
3825 switch (req
->auth_type
) {
3826 case NL80211_AUTHTYPE_OPEN_SYSTEM
:
3827 auth_alg
= WLAN_AUTH_OPEN
;
3829 case NL80211_AUTHTYPE_SHARED_KEY
:
3830 if (IS_ERR(local
->wep_tx_tfm
))
3832 auth_alg
= WLAN_AUTH_SHARED_KEY
;
3834 case NL80211_AUTHTYPE_FT
:
3835 auth_alg
= WLAN_AUTH_FT
;
3837 case NL80211_AUTHTYPE_NETWORK_EAP
:
3838 auth_alg
= WLAN_AUTH_LEAP
;
3840 case NL80211_AUTHTYPE_SAE
:
3841 auth_alg
= WLAN_AUTH_SAE
;
3847 auth_data
= kzalloc(sizeof(*auth_data
) + req
->sae_data_len
+
3848 req
->ie_len
, GFP_KERNEL
);
3852 auth_data
->bss
= req
->bss
;
3854 if (req
->sae_data_len
>= 4) {
3855 __le16
*pos
= (__le16
*) req
->sae_data
;
3856 auth_data
->sae_trans
= le16_to_cpu(pos
[0]);
3857 auth_data
->sae_status
= le16_to_cpu(pos
[1]);
3858 memcpy(auth_data
->data
, req
->sae_data
+ 4,
3859 req
->sae_data_len
- 4);
3860 auth_data
->data_len
+= req
->sae_data_len
- 4;
3863 if (req
->ie
&& req
->ie_len
) {
3864 memcpy(&auth_data
->data
[auth_data
->data_len
],
3865 req
->ie
, req
->ie_len
);
3866 auth_data
->data_len
+= req
->ie_len
;
3869 if (req
->key
&& req
->key_len
) {
3870 auth_data
->key_len
= req
->key_len
;
3871 auth_data
->key_idx
= req
->key_idx
;
3872 memcpy(auth_data
->key
, req
->key
, req
->key_len
);
3875 auth_data
->algorithm
= auth_alg
;
3877 /* try to authenticate/probe */
3879 mutex_lock(&ifmgd
->mtx
);
3881 if ((ifmgd
->auth_data
&& !ifmgd
->auth_data
->done
) ||
3882 ifmgd
->assoc_data
) {
3887 if (ifmgd
->auth_data
)
3888 ieee80211_destroy_auth_data(sdata
, false);
3890 /* prep auth_data so we don't go into idle on disassoc */
3891 ifmgd
->auth_data
= auth_data
;
3893 if (ifmgd
->associated
)
3894 ieee80211_set_disassoc(sdata
, 0, 0, false, NULL
);
3896 sdata_info(sdata
, "authenticate with %pM\n", req
->bss
->bssid
);
3898 err
= ieee80211_prep_connection(sdata
, req
->bss
, false);
3902 err
= ieee80211_probe_auth(sdata
);
3904 sta_info_destroy_addr(sdata
, req
->bss
->bssid
);
3908 /* hold our own reference */
3909 cfg80211_ref_bss(local
->hw
.wiphy
, auth_data
->bss
);
3914 memset(ifmgd
->bssid
, 0, ETH_ALEN
);
3915 ieee80211_bss_info_change_notify(sdata
, BSS_CHANGED_BSSID
);
3916 ifmgd
->auth_data
= NULL
;
3920 mutex_unlock(&ifmgd
->mtx
);
3925 int ieee80211_mgd_assoc(struct ieee80211_sub_if_data
*sdata
,
3926 struct cfg80211_assoc_request
*req
)
3928 struct ieee80211_local
*local
= sdata
->local
;
3929 struct ieee80211_if_managed
*ifmgd
= &sdata
->u
.mgd
;
3930 struct ieee80211_bss
*bss
= (void *)req
->bss
->priv
;
3931 struct ieee80211_mgd_assoc_data
*assoc_data
;
3932 const struct cfg80211_bss_ies
*beacon_ies
;
3933 struct ieee80211_supported_band
*sband
;
3934 const u8
*ssidie
, *ht_ie
, *vht_ie
;
3937 assoc_data
= kzalloc(sizeof(*assoc_data
) + req
->ie_len
, GFP_KERNEL
);
3942 ssidie
= ieee80211_bss_get_ie(req
->bss
, WLAN_EID_SSID
);
3948 memcpy(assoc_data
->ssid
, ssidie
+ 2, ssidie
[1]);
3949 assoc_data
->ssid_len
= ssidie
[1];
3952 mutex_lock(&ifmgd
->mtx
);
3954 if (ifmgd
->associated
)
3955 ieee80211_set_disassoc(sdata
, 0, 0, false, NULL
);
3957 if (ifmgd
->auth_data
&& !ifmgd
->auth_data
->done
) {
3962 if (ifmgd
->assoc_data
) {
3967 if (ifmgd
->auth_data
) {
3970 /* keep sta info, bssid if matching */
3971 match
= ether_addr_equal(ifmgd
->bssid
, req
->bss
->bssid
);
3972 ieee80211_destroy_auth_data(sdata
, match
);
3975 /* prepare assoc data */
3977 ifmgd
->beacon_crc_valid
= false;
3980 * IEEE802.11n does not allow TKIP/WEP as pairwise ciphers in HT mode.
3981 * We still associate in non-HT mode (11a/b/g) if any one of these
3982 * ciphers is configured as pairwise.
3983 * We can set this to true for non-11n hardware, that'll be checked
3984 * separately along with the peer capabilities.
3986 for (i
= 0; i
< req
->crypto
.n_ciphers_pairwise
; i
++) {
3987 if (req
->crypto
.ciphers_pairwise
[i
] == WLAN_CIPHER_SUITE_WEP40
||
3988 req
->crypto
.ciphers_pairwise
[i
] == WLAN_CIPHER_SUITE_TKIP
||
3989 req
->crypto
.ciphers_pairwise
[i
] == WLAN_CIPHER_SUITE_WEP104
) {
3990 ifmgd
->flags
|= IEEE80211_STA_DISABLE_HT
;
3991 ifmgd
->flags
|= IEEE80211_STA_DISABLE_VHT
;
3992 netdev_info(sdata
->dev
,
3993 "disabling HT/VHT due to WEP/TKIP use\n");
3997 if (req
->flags
& ASSOC_REQ_DISABLE_HT
) {
3998 ifmgd
->flags
|= IEEE80211_STA_DISABLE_HT
;
3999 ifmgd
->flags
|= IEEE80211_STA_DISABLE_VHT
;
4002 if (req
->flags
& ASSOC_REQ_DISABLE_VHT
)
4003 ifmgd
->flags
|= IEEE80211_STA_DISABLE_VHT
;
4005 /* Also disable HT if we don't support it or the AP doesn't use WMM */
4006 sband
= local
->hw
.wiphy
->bands
[req
->bss
->channel
->band
];
4007 if (!sband
->ht_cap
.ht_supported
||
4008 local
->hw
.queues
< IEEE80211_NUM_ACS
|| !bss
->wmm_used
) {
4009 ifmgd
->flags
|= IEEE80211_STA_DISABLE_HT
;
4011 netdev_info(sdata
->dev
,
4012 "disabling HT as WMM/QoS is not supported by the AP\n");
4015 /* disable VHT if we don't support it or the AP doesn't use WMM */
4016 if (!sband
->vht_cap
.vht_supported
||
4017 local
->hw
.queues
< IEEE80211_NUM_ACS
|| !bss
->wmm_used
) {
4018 ifmgd
->flags
|= IEEE80211_STA_DISABLE_VHT
;
4020 netdev_info(sdata
->dev
,
4021 "disabling VHT as WMM/QoS is not supported by the AP\n");
4024 memcpy(&ifmgd
->ht_capa
, &req
->ht_capa
, sizeof(ifmgd
->ht_capa
));
4025 memcpy(&ifmgd
->ht_capa_mask
, &req
->ht_capa_mask
,
4026 sizeof(ifmgd
->ht_capa_mask
));
4028 memcpy(&ifmgd
->vht_capa
, &req
->vht_capa
, sizeof(ifmgd
->vht_capa
));
4029 memcpy(&ifmgd
->vht_capa_mask
, &req
->vht_capa_mask
,
4030 sizeof(ifmgd
->vht_capa_mask
));
4032 if (req
->ie
&& req
->ie_len
) {
4033 memcpy(assoc_data
->ie
, req
->ie
, req
->ie_len
);
4034 assoc_data
->ie_len
= req
->ie_len
;
4037 assoc_data
->bss
= req
->bss
;
4039 if (ifmgd
->req_smps
== IEEE80211_SMPS_AUTOMATIC
) {
4040 if (ifmgd
->powersave
)
4041 sdata
->smps_mode
= IEEE80211_SMPS_DYNAMIC
;
4043 sdata
->smps_mode
= IEEE80211_SMPS_OFF
;
4045 sdata
->smps_mode
= ifmgd
->req_smps
;
4047 assoc_data
->capability
= req
->bss
->capability
;
4048 assoc_data
->wmm
= bss
->wmm_used
&&
4049 (local
->hw
.queues
>= IEEE80211_NUM_ACS
);
4050 assoc_data
->supp_rates
= bss
->supp_rates
;
4051 assoc_data
->supp_rates_len
= bss
->supp_rates_len
;
4054 ht_ie
= ieee80211_bss_get_ie(req
->bss
, WLAN_EID_HT_OPERATION
);
4055 if (ht_ie
&& ht_ie
[1] >= sizeof(struct ieee80211_ht_operation
))
4056 assoc_data
->ap_ht_param
=
4057 ((struct ieee80211_ht_operation
*)(ht_ie
+ 2))->ht_param
;
4059 ifmgd
->flags
|= IEEE80211_STA_DISABLE_HT
;
4060 vht_ie
= ieee80211_bss_get_ie(req
->bss
, WLAN_EID_VHT_CAPABILITY
);
4061 if (vht_ie
&& vht_ie
[1] >= sizeof(struct ieee80211_vht_cap
))
4062 memcpy(&assoc_data
->ap_vht_cap
, vht_ie
+ 2,
4063 sizeof(struct ieee80211_vht_cap
));
4065 ifmgd
->flags
|= IEEE80211_STA_DISABLE_VHT
;
4068 if (bss
->wmm_used
&& bss
->uapsd_supported
&&
4069 (sdata
->local
->hw
.flags
& IEEE80211_HW_SUPPORTS_UAPSD
) &&
4070 sdata
->wmm_acm
!= 0xff) {
4071 assoc_data
->uapsd
= true;
4072 ifmgd
->flags
|= IEEE80211_STA_UAPSD_ENABLED
;
4074 assoc_data
->uapsd
= false;
4075 ifmgd
->flags
&= ~IEEE80211_STA_UAPSD_ENABLED
;
4078 if (req
->prev_bssid
)
4079 memcpy(assoc_data
->prev_bssid
, req
->prev_bssid
, ETH_ALEN
);
4082 ifmgd
->mfp
= IEEE80211_MFP_REQUIRED
;
4083 ifmgd
->flags
|= IEEE80211_STA_MFP_ENABLED
;
4085 ifmgd
->mfp
= IEEE80211_MFP_DISABLED
;
4086 ifmgd
->flags
&= ~IEEE80211_STA_MFP_ENABLED
;
4089 if (req
->crypto
.control_port
)
4090 ifmgd
->flags
|= IEEE80211_STA_CONTROL_PORT
;
4092 ifmgd
->flags
&= ~IEEE80211_STA_CONTROL_PORT
;
4094 sdata
->control_port_protocol
= req
->crypto
.control_port_ethertype
;
4095 sdata
->control_port_no_encrypt
= req
->crypto
.control_port_no_encrypt
;
4097 /* kick off associate process */
4099 ifmgd
->assoc_data
= assoc_data
;
4100 ifmgd
->dtim_period
= 0;
4102 err
= ieee80211_prep_connection(sdata
, req
->bss
, true);
4107 beacon_ies
= rcu_dereference(req
->bss
->beacon_ies
);
4109 if (sdata
->local
->hw
.flags
& IEEE80211_HW_NEED_DTIM_BEFORE_ASSOC
&&
4112 * Wait up to one beacon interval ...
4113 * should this be more if we miss one?
4115 sdata_info(sdata
, "waiting for beacon from %pM\n",
4117 assoc_data
->timeout
= TU_TO_EXP_TIME(req
->bss
->beacon_interval
);
4118 assoc_data
->timeout_started
= true;
4119 assoc_data
->need_beacon
= true;
4120 } else if (beacon_ies
) {
4121 const u8
*tim_ie
= cfg80211_find_ie(WLAN_EID_TIM
,
4126 if (tim_ie
&& tim_ie
[1] >= sizeof(struct ieee80211_tim_ie
)) {
4127 const struct ieee80211_tim_ie
*tim
;
4128 tim
= (void *)(tim_ie
+ 2);
4129 ifmgd
->dtim_period
= tim
->dtim_period
;
4130 dtim_count
= tim
->dtim_count
;
4132 assoc_data
->have_beacon
= true;
4133 assoc_data
->timeout
= jiffies
;
4134 assoc_data
->timeout_started
= true;
4136 if (local
->hw
.flags
& IEEE80211_HW_TIMING_BEACON_ONLY
) {
4137 sdata
->vif
.bss_conf
.sync_tsf
= beacon_ies
->tsf
;
4138 sdata
->vif
.bss_conf
.sync_device_ts
=
4139 bss
->device_ts_beacon
;
4140 sdata
->vif
.bss_conf
.sync_dtim_count
= dtim_count
;
4143 assoc_data
->timeout
= jiffies
;
4144 assoc_data
->timeout_started
= true;
4148 run_again(ifmgd
, assoc_data
->timeout
);
4150 if (bss
->corrupt_data
) {
4151 char *corrupt_type
= "data";
4152 if (bss
->corrupt_data
& IEEE80211_BSS_CORRUPT_BEACON
) {
4153 if (bss
->corrupt_data
&
4154 IEEE80211_BSS_CORRUPT_PROBE_RESP
)
4155 corrupt_type
= "beacon and probe response";
4157 corrupt_type
= "beacon";
4158 } else if (bss
->corrupt_data
& IEEE80211_BSS_CORRUPT_PROBE_RESP
)
4159 corrupt_type
= "probe response";
4160 sdata_info(sdata
, "associating with AP with corrupt %s\n",
4167 memset(ifmgd
->bssid
, 0, ETH_ALEN
);
4168 ieee80211_bss_info_change_notify(sdata
, BSS_CHANGED_BSSID
);
4169 ifmgd
->assoc_data
= NULL
;
4173 mutex_unlock(&ifmgd
->mtx
);
4178 int ieee80211_mgd_deauth(struct ieee80211_sub_if_data
*sdata
,
4179 struct cfg80211_deauth_request
*req
)
4181 struct ieee80211_if_managed
*ifmgd
= &sdata
->u
.mgd
;
4182 u8 frame_buf
[IEEE80211_DEAUTH_FRAME_LEN
];
4183 bool tx
= !req
->local_state_change
;
4184 bool sent_frame
= false;
4186 mutex_lock(&ifmgd
->mtx
);
4189 "deauthenticating from %pM by local choice (reason=%d)\n",
4190 req
->bssid
, req
->reason_code
);
4192 if (ifmgd
->auth_data
) {
4193 drv_mgd_prepare_tx(sdata
->local
, sdata
);
4194 ieee80211_send_deauth_disassoc(sdata
, req
->bssid
,
4195 IEEE80211_STYPE_DEAUTH
,
4196 req
->reason_code
, tx
,
4198 ieee80211_destroy_auth_data(sdata
, false);
4199 mutex_unlock(&ifmgd
->mtx
);
4205 if (ifmgd
->associated
&&
4206 ether_addr_equal(ifmgd
->associated
->bssid
, req
->bssid
)) {
4207 ieee80211_set_disassoc(sdata
, IEEE80211_STYPE_DEAUTH
,
4208 req
->reason_code
, tx
, frame_buf
);
4211 mutex_unlock(&ifmgd
->mtx
);
4215 __cfg80211_send_deauth(sdata
->dev
, frame_buf
,
4216 IEEE80211_DEAUTH_FRAME_LEN
);
4221 int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data
*sdata
,
4222 struct cfg80211_disassoc_request
*req
)
4224 struct ieee80211_if_managed
*ifmgd
= &sdata
->u
.mgd
;
4226 u8 frame_buf
[IEEE80211_DEAUTH_FRAME_LEN
];
4228 mutex_lock(&ifmgd
->mtx
);
4231 * cfg80211 should catch this ... but it's racy since
4232 * we can receive a disassoc frame, process it, hand it
4233 * to cfg80211 while that's in a locked section already
4234 * trying to tell us that the user wants to disconnect.
4236 if (ifmgd
->associated
!= req
->bss
) {
4237 mutex_unlock(&ifmgd
->mtx
);
4242 "disassociating from %pM by local choice (reason=%d)\n",
4243 req
->bss
->bssid
, req
->reason_code
);
4245 memcpy(bssid
, req
->bss
->bssid
, ETH_ALEN
);
4246 ieee80211_set_disassoc(sdata
, IEEE80211_STYPE_DISASSOC
,
4247 req
->reason_code
, !req
->local_state_change
,
4249 mutex_unlock(&ifmgd
->mtx
);
4251 __cfg80211_send_disassoc(sdata
->dev
, frame_buf
,
4252 IEEE80211_DEAUTH_FRAME_LEN
);
4257 void ieee80211_mgd_stop(struct ieee80211_sub_if_data
*sdata
)
4259 struct ieee80211_if_managed
*ifmgd
= &sdata
->u
.mgd
;
4262 * Make sure some work items will not run after this,
4263 * they will not do anything but might not have been
4264 * cancelled when disconnecting.
4266 cancel_work_sync(&ifmgd
->monitor_work
);
4267 cancel_work_sync(&ifmgd
->beacon_connection_loss_work
);
4268 cancel_work_sync(&ifmgd
->request_smps_work
);
4269 cancel_work_sync(&ifmgd
->csa_connection_drop_work
);
4270 cancel_work_sync(&ifmgd
->chswitch_work
);
4272 mutex_lock(&ifmgd
->mtx
);
4273 if (ifmgd
->assoc_data
)
4274 ieee80211_destroy_assoc_data(sdata
, false);
4275 if (ifmgd
->auth_data
)
4276 ieee80211_destroy_auth_data(sdata
, false);
4277 del_timer_sync(&ifmgd
->timer
);
4278 mutex_unlock(&ifmgd
->mtx
);
4281 void ieee80211_cqm_rssi_notify(struct ieee80211_vif
*vif
,
4282 enum nl80211_cqm_rssi_threshold_event rssi_event
,
4285 struct ieee80211_sub_if_data
*sdata
= vif_to_sdata(vif
);
4287 trace_api_cqm_rssi_notify(sdata
, rssi_event
);
4289 cfg80211_cqm_rssi_notify(sdata
->dev
, rssi_event
, gfp
);
4291 EXPORT_SYMBOL(ieee80211_cqm_rssi_notify
);