2 * BSS client mode implementation
3 * Copyright 2003-2008, Jouni Malinen <j@w1.fi>
4 * Copyright 2004, Instant802 Networks, Inc.
5 * Copyright 2005, Devicescape Software, Inc.
6 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
7 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License version 2 as
11 * published by the Free Software Foundation.
14 #include <linux/delay.h>
15 #include <linux/if_ether.h>
16 #include <linux/skbuff.h>
17 #include <linux/if_arp.h>
18 #include <linux/etherdevice.h>
19 #include <linux/moduleparam.h>
20 #include <linux/rtnetlink.h>
21 #include <linux/pm_qos.h>
22 #include <linux/crc32.h>
23 #include <linux/slab.h>
24 #include <linux/export.h>
25 #include <net/mac80211.h>
26 #include <asm/unaligned.h>
28 #include "ieee80211_i.h"
29 #include "driver-ops.h"
33 #define IEEE80211_AUTH_TIMEOUT (HZ / 5)
34 #define IEEE80211_AUTH_TIMEOUT_LONG (HZ / 2)
35 #define IEEE80211_AUTH_TIMEOUT_SHORT (HZ / 10)
36 #define IEEE80211_AUTH_MAX_TRIES 3
37 #define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5)
38 #define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
39 #define IEEE80211_ASSOC_TIMEOUT_LONG (HZ / 2)
40 #define IEEE80211_ASSOC_TIMEOUT_SHORT (HZ / 10)
41 #define IEEE80211_ASSOC_MAX_TRIES 3
43 static int max_nullfunc_tries = 2;
44 module_param(max_nullfunc_tries, int, 0644);
45 MODULE_PARM_DESC(max_nullfunc_tries,
46 "Maximum nullfunc tx tries before disconnecting (reason 4).");
48 static int max_probe_tries = 5;
49 module_param(max_probe_tries, int, 0644);
50 MODULE_PARM_DESC(max_probe_tries,
51 "Maximum probe tries before disconnecting (reason 4).");
54 * Beacon loss timeout is calculated as N frames times the
55 * advertised beacon interval. This may need to be somewhat
56 * higher than what hardware might detect to account for
57 * delays in the host processing frames. But since we also
58 * probe on beacon miss before declaring the connection lost
59 * default to what we want.
61 static int beacon_loss_count = 7;
62 module_param(beacon_loss_count, int, 0644);
63 MODULE_PARM_DESC(beacon_loss_count,
64 "Number of beacon intervals before we decide beacon was lost.");
67 * Time the connection can be idle before we probe
68 * it to see if we can still talk to the AP.
70 #define IEEE80211_CONNECTION_IDLE_TIME (30 * HZ)
72 * Time we wait for a probe response after sending
73 * a probe request because of beacon loss or for
74 * checking the connection still works.
76 static int probe_wait_ms = 500;
77 module_param(probe_wait_ms, int, 0644);
78 MODULE_PARM_DESC(probe_wait_ms,
79 "Maximum time(ms) to wait for probe response"
80 " before disconnecting (reason 4).");
83 * Weight given to the latest Beacon frame when calculating average signal
84 * strength for Beacon frames received in the current BSS. This must be
87 #define IEEE80211_SIGNAL_AVE_WEIGHT 3
90 * How many Beacon frames need to have been used in average signal strength
91 * before starting to indicate signal change events.
93 #define IEEE80211_SIGNAL_AVE_MIN_COUNT 4
96 * All cfg80211 functions have to be called outside a locked
97 * section so that they can acquire a lock themselves... This
98 * is much simpler than queuing up things in cfg80211, but we
99 * do need some indirection for that here.
101 enum rx_mgmt_action {
102 /* no action required */
105 /* caller must call cfg80211_send_deauth() */
106 RX_MGMT_CFG80211_DEAUTH,
108 /* caller must call cfg80211_send_disassoc() */
109 RX_MGMT_CFG80211_DISASSOC,
111 /* caller must call cfg80211_send_rx_auth() */
112 RX_MGMT_CFG80211_RX_AUTH,
114 /* caller must call cfg80211_send_rx_assoc() */
115 RX_MGMT_CFG80211_RX_ASSOC,
117 /* caller must call cfg80211_send_assoc_timeout() */
118 RX_MGMT_CFG80211_ASSOC_TIMEOUT,
120 /* used when a processed beacon causes a deauth */
121 RX_MGMT_CFG80211_TX_DEAUTH,
125 static inline void ASSERT_MGD_MTX(struct ieee80211_if_managed *ifmgd)
127 lockdep_assert_held(&ifmgd->mtx);
131 * We can have multiple work items (and connection probing)
132 * scheduling this timer, but we need to take care to only
133 * reschedule it when it should fire _earlier_ than it was
134 * asked for before, or if it's not pending right now. This
135 * function ensures that. Note that it then is required to
136 * run this function for all timeouts after the first one
137 * has happened -- the work that runs from this timer will
140 static void run_again(struct ieee80211_if_managed *ifmgd, unsigned long timeout)
142 ASSERT_MGD_MTX(ifmgd);
144 if (!timer_pending(&ifmgd->timer) ||
145 time_before(timeout, ifmgd->timer.expires))
146 mod_timer(&ifmgd->timer, timeout);
149 void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata)
151 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER)
154 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR)
157 mod_timer(&sdata->u.mgd.bcn_mon_timer,
158 round_jiffies_up(jiffies + sdata->u.mgd.beacon_timeout));
161 void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata)
163 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
165 if (unlikely(!sdata->u.mgd.associated))
168 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR)
171 mod_timer(&sdata->u.mgd.conn_mon_timer,
172 round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME));
174 ifmgd->probe_send_count = 0;
177 static int ecw2cw(int ecw)
179 return (1 << ecw) - 1;
182 static u32 chandef_downgrade(struct cfg80211_chan_def *c)
188 case NL80211_CHAN_WIDTH_20:
189 c->width = NL80211_CHAN_WIDTH_20_NOHT;
190 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT;
192 case NL80211_CHAN_WIDTH_40:
193 c->width = NL80211_CHAN_WIDTH_20;
194 c->center_freq1 = c->chan->center_freq;
195 ret = IEEE80211_STA_DISABLE_40MHZ |
196 IEEE80211_STA_DISABLE_VHT;
198 case NL80211_CHAN_WIDTH_80:
199 tmp = (30 + c->chan->center_freq - c->center_freq1)/20;
203 c->center_freq1 = c->center_freq1 - 20 + 40 * tmp;
204 c->width = NL80211_CHAN_WIDTH_40;
205 ret = IEEE80211_STA_DISABLE_VHT;
207 case NL80211_CHAN_WIDTH_80P80:
209 c->width = NL80211_CHAN_WIDTH_80;
210 ret = IEEE80211_STA_DISABLE_80P80MHZ |
211 IEEE80211_STA_DISABLE_160MHZ;
213 case NL80211_CHAN_WIDTH_160:
215 tmp = (70 + c->chan->center_freq - c->center_freq1)/20;
218 c->center_freq1 = c->center_freq1 - 40 + 80 * tmp;
219 c->width = NL80211_CHAN_WIDTH_80;
220 ret = IEEE80211_STA_DISABLE_80P80MHZ |
221 IEEE80211_STA_DISABLE_160MHZ;
224 case NL80211_CHAN_WIDTH_20_NOHT:
226 c->width = NL80211_CHAN_WIDTH_20_NOHT;
227 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT;
231 WARN_ON_ONCE(!cfg80211_chandef_valid(c));
237 ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata,
238 struct ieee80211_supported_band *sband,
239 struct ieee80211_channel *channel,
240 const struct ieee80211_ht_operation *ht_oper,
241 const struct ieee80211_vht_operation *vht_oper,
242 struct cfg80211_chan_def *chandef, bool tracking)
244 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
245 struct cfg80211_chan_def vht_chandef;
248 chandef->chan = channel;
249 chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
250 chandef->center_freq1 = channel->center_freq;
251 chandef->center_freq2 = 0;
253 if (!ht_oper || !sband->ht_cap.ht_supported) {
254 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT;
258 chandef->width = NL80211_CHAN_WIDTH_20;
260 ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan,
262 /* check that channel matches the right operating channel */
263 if (!tracking && channel->center_freq != ht_cfreq) {
265 * It's possible that some APs are confused here;
266 * Netgear WNDR3700 sometimes reports 4 higher than
267 * the actual channel in association responses, but
268 * since we look at probe response/beacon data here
272 "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n",
273 channel->center_freq, ht_cfreq,
274 ht_oper->primary_chan, channel->band);
275 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT;
279 /* check 40 MHz support, if we have it */
280 if (sband->ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) {
281 switch (ht_oper->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
282 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
283 chandef->width = NL80211_CHAN_WIDTH_40;
284 chandef->center_freq1 += 10;
286 case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
287 chandef->width = NL80211_CHAN_WIDTH_40;
288 chandef->center_freq1 -= 10;
292 /* 40 MHz (and 80 MHz) must be supported for VHT */
293 ret = IEEE80211_STA_DISABLE_VHT;
294 /* also mark 40 MHz disabled */
295 ret |= IEEE80211_STA_DISABLE_40MHZ;
299 if (!vht_oper || !sband->vht_cap.vht_supported) {
300 ret = IEEE80211_STA_DISABLE_VHT;
304 vht_chandef.chan = channel;
305 vht_chandef.center_freq1 =
306 ieee80211_channel_to_frequency(vht_oper->center_freq_seg1_idx,
308 vht_chandef.center_freq2 = 0;
310 switch (vht_oper->chan_width) {
311 case IEEE80211_VHT_CHANWIDTH_USE_HT:
312 vht_chandef.width = chandef->width;
313 vht_chandef.center_freq1 = chandef->center_freq1;
315 case IEEE80211_VHT_CHANWIDTH_80MHZ:
316 vht_chandef.width = NL80211_CHAN_WIDTH_80;
318 case IEEE80211_VHT_CHANWIDTH_160MHZ:
319 vht_chandef.width = NL80211_CHAN_WIDTH_160;
321 case IEEE80211_VHT_CHANWIDTH_80P80MHZ:
322 vht_chandef.width = NL80211_CHAN_WIDTH_80P80;
323 vht_chandef.center_freq2 =
324 ieee80211_channel_to_frequency(
325 vht_oper->center_freq_seg2_idx,
329 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
331 "AP VHT operation IE has invalid channel width (%d), disable VHT\n",
332 vht_oper->chan_width);
333 ret = IEEE80211_STA_DISABLE_VHT;
337 if (!cfg80211_chandef_valid(&vht_chandef)) {
338 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
340 "AP VHT information is invalid, disable VHT\n");
341 ret = IEEE80211_STA_DISABLE_VHT;
345 if (cfg80211_chandef_identical(chandef, &vht_chandef)) {
350 if (!cfg80211_chandef_compatible(chandef, &vht_chandef)) {
351 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
353 "AP VHT information doesn't match HT, disable VHT\n");
354 ret = IEEE80211_STA_DISABLE_VHT;
358 *chandef = vht_chandef;
364 * When tracking the current AP, don't do any further checks if the
365 * new chandef is identical to the one we're currently using for the
366 * connection. This keeps us from playing ping-pong with regulatory,
367 * without it the following can happen (for example):
368 * - connect to an AP with 80 MHz, world regdom allows 80 MHz
369 * - AP advertises regdom US
370 * - CRDA loads regdom US with 80 MHz prohibited (old database)
371 * - the code below detects an unsupported channel, downgrades, and
372 * we disconnect from the AP in the caller
373 * - disconnect causes CRDA to reload world regdomain and the game
375 * (see https://bugzilla.kernel.org/show_bug.cgi?id=70881)
377 * It seems possible that there are still scenarios with CSA or real
378 * bandwidth changes where a this could happen, but those cases are
379 * less common and wouldn't completely prevent using the AP.
382 cfg80211_chandef_identical(chandef, &sdata->vif.bss_conf.chandef))
385 /* don't print the message below for VHT mismatch if VHT is disabled */
386 if (ret & IEEE80211_STA_DISABLE_VHT)
387 vht_chandef = *chandef;
390 * Ignore the DISABLED flag when we're already connected and only
391 * tracking the APs beacon for bandwidth changes - otherwise we
392 * might get disconnected here if we connect to an AP, update our
393 * regulatory information based on the AP's country IE and the
394 * information we have is wrong/outdated and disables the channel
395 * that we're actually using for the connection to the AP.
397 while (!cfg80211_chandef_usable(sdata->local->hw.wiphy, chandef,
399 IEEE80211_CHAN_DISABLED)) {
400 if (WARN_ON(chandef->width == NL80211_CHAN_WIDTH_20_NOHT)) {
401 ret = IEEE80211_STA_DISABLE_HT |
402 IEEE80211_STA_DISABLE_VHT;
406 ret |= chandef_downgrade(chandef);
409 if (chandef->width != vht_chandef.width && !tracking)
411 "capabilities/regulatory prevented using AP HT/VHT configuration, downgraded\n");
413 WARN_ON_ONCE(!cfg80211_chandef_valid(chandef));
417 static int ieee80211_config_bw(struct ieee80211_sub_if_data *sdata,
418 struct sta_info *sta,
419 const struct ieee80211_ht_operation *ht_oper,
420 const struct ieee80211_vht_operation *vht_oper,
421 const u8 *bssid, u32 *changed)
423 struct ieee80211_local *local = sdata->local;
424 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
425 struct ieee80211_supported_band *sband;
426 struct ieee80211_channel *chan;
427 struct cfg80211_chan_def chandef;
430 enum ieee80211_sta_rx_bandwidth new_sta_bw;
433 /* if HT was/is disabled, don't track any bandwidth changes */
434 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT || !ht_oper)
437 /* don't check VHT if we associated as non-VHT station */
438 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT)
441 if (WARN_ON_ONCE(!sta))
444 chan = sdata->vif.bss_conf.chandef.chan;
445 sband = local->hw.wiphy->bands[chan->band];
447 /* calculate new channel (type) based on HT/VHT operation IEs */
448 flags = ieee80211_determine_chantype(sdata, sband, chan, ht_oper,
449 vht_oper, &chandef, true);
452 * Downgrade the new channel if we associated with restricted
453 * capabilities. For example, if we associated as a 20 MHz STA
454 * to a 40 MHz AP (due to regulatory, capabilities or config
455 * reasons) then switching to a 40 MHz channel now won't do us
456 * any good -- we couldn't use it with the AP.
458 if (ifmgd->flags & IEEE80211_STA_DISABLE_80P80MHZ &&
459 chandef.width == NL80211_CHAN_WIDTH_80P80)
460 flags |= chandef_downgrade(&chandef);
461 if (ifmgd->flags & IEEE80211_STA_DISABLE_160MHZ &&
462 chandef.width == NL80211_CHAN_WIDTH_160)
463 flags |= chandef_downgrade(&chandef);
464 if (ifmgd->flags & IEEE80211_STA_DISABLE_40MHZ &&
465 chandef.width > NL80211_CHAN_WIDTH_20)
466 flags |= chandef_downgrade(&chandef);
468 if (cfg80211_chandef_identical(&chandef, &sdata->vif.bss_conf.chandef))
472 "AP %pM changed bandwidth, new config is %d MHz, width %d (%d/%d MHz)\n",
473 ifmgd->bssid, chandef.chan->center_freq, chandef.width,
474 chandef.center_freq1, chandef.center_freq2);
476 if (flags != (ifmgd->flags & (IEEE80211_STA_DISABLE_HT |
477 IEEE80211_STA_DISABLE_VHT |
478 IEEE80211_STA_DISABLE_40MHZ |
479 IEEE80211_STA_DISABLE_80P80MHZ |
480 IEEE80211_STA_DISABLE_160MHZ)) ||
481 !cfg80211_chandef_valid(&chandef)) {
483 "AP %pM changed bandwidth in a way we can't support - disconnect\n",
488 switch (chandef.width) {
489 case NL80211_CHAN_WIDTH_20_NOHT:
490 case NL80211_CHAN_WIDTH_20:
491 new_sta_bw = IEEE80211_STA_RX_BW_20;
493 case NL80211_CHAN_WIDTH_40:
494 new_sta_bw = IEEE80211_STA_RX_BW_40;
496 case NL80211_CHAN_WIDTH_80:
497 new_sta_bw = IEEE80211_STA_RX_BW_80;
499 case NL80211_CHAN_WIDTH_80P80:
500 case NL80211_CHAN_WIDTH_160:
501 new_sta_bw = IEEE80211_STA_RX_BW_160;
507 if (new_sta_bw > sta->cur_max_bandwidth)
508 new_sta_bw = sta->cur_max_bandwidth;
510 if (new_sta_bw < sta->sta.bandwidth) {
511 sta->sta.bandwidth = new_sta_bw;
512 rate_control_rate_update(local, sband, sta,
513 IEEE80211_RC_BW_CHANGED);
516 ret = ieee80211_vif_change_bandwidth(sdata, &chandef, changed);
519 "AP %pM changed bandwidth to incompatible one - disconnect\n",
524 if (new_sta_bw > sta->sta.bandwidth) {
525 sta->sta.bandwidth = new_sta_bw;
526 rate_control_rate_update(local, sband, sta,
527 IEEE80211_RC_BW_CHANGED);
530 ht_opmode = le16_to_cpu(ht_oper->operation_mode);
532 /* if bss configuration changed store the new one */
533 if (sdata->vif.bss_conf.ht_operation_mode != ht_opmode) {
534 *changed |= BSS_CHANGED_HT;
535 sdata->vif.bss_conf.ht_operation_mode = ht_opmode;
541 /* frame sending functions */
543 static int ieee80211_compatible_rates(const u8 *supp_rates, int supp_rates_len,
544 struct ieee80211_supported_band *sband,
550 for (i = 0; i < supp_rates_len; i++) {
551 int rate = (supp_rates[i] & 0x7F) * 5;
553 for (j = 0; j < sband->n_bitrates; j++)
554 if (sband->bitrates[j].bitrate == rate) {
564 static void ieee80211_add_ht_ie(struct ieee80211_sub_if_data *sdata,
565 struct sk_buff *skb, u8 ap_ht_param,
566 struct ieee80211_supported_band *sband,
567 struct ieee80211_channel *channel,
568 enum ieee80211_smps_mode smps)
571 u32 flags = channel->flags;
573 struct ieee80211_sta_ht_cap ht_cap;
575 BUILD_BUG_ON(sizeof(ht_cap) != sizeof(sband->ht_cap));
577 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap));
578 ieee80211_apply_htcap_overrides(sdata, &ht_cap);
580 /* determine capability flags */
583 switch (ap_ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
584 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
585 if (flags & IEEE80211_CHAN_NO_HT40PLUS) {
586 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
587 cap &= ~IEEE80211_HT_CAP_SGI_40;
590 case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
591 if (flags & IEEE80211_CHAN_NO_HT40MINUS) {
592 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
593 cap &= ~IEEE80211_HT_CAP_SGI_40;
599 * If 40 MHz was disabled associate as though we weren't
600 * capable of 40 MHz -- some broken APs will never fall
601 * back to trying to transmit in 20 MHz.
603 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_40MHZ) {
604 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
605 cap &= ~IEEE80211_HT_CAP_SGI_40;
608 /* set SM PS mode properly */
609 cap &= ~IEEE80211_HT_CAP_SM_PS;
611 case IEEE80211_SMPS_AUTOMATIC:
612 case IEEE80211_SMPS_NUM_MODES:
614 case IEEE80211_SMPS_OFF:
615 cap |= WLAN_HT_CAP_SM_PS_DISABLED <<
616 IEEE80211_HT_CAP_SM_PS_SHIFT;
618 case IEEE80211_SMPS_STATIC:
619 cap |= WLAN_HT_CAP_SM_PS_STATIC <<
620 IEEE80211_HT_CAP_SM_PS_SHIFT;
622 case IEEE80211_SMPS_DYNAMIC:
623 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC <<
624 IEEE80211_HT_CAP_SM_PS_SHIFT;
628 /* reserve and fill IE */
629 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2);
630 ieee80211_ie_build_ht_cap(pos, &ht_cap, cap);
633 static void ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata,
635 struct ieee80211_supported_band *sband,
636 struct ieee80211_vht_cap *ap_vht_cap)
640 struct ieee80211_sta_vht_cap vht_cap;
642 BUILD_BUG_ON(sizeof(vht_cap) != sizeof(sband->vht_cap));
644 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap));
645 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap);
647 /* determine capability flags */
650 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_80P80MHZ) {
651 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ;
652 cap |= IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
655 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_160MHZ) {
656 cap &= ~IEEE80211_VHT_CAP_SHORT_GI_160;
657 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
661 * Some APs apparently get confused if our capabilities are better
662 * than theirs, so restrict what we advertise in the assoc request.
664 if (!(ap_vht_cap->vht_cap_info &
665 cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)))
666 cap &= ~IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE;
668 /* reserve and fill IE */
669 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2);
670 ieee80211_ie_build_vht_cap(pos, &vht_cap, cap);
673 static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata)
675 struct ieee80211_local *local = sdata->local;
676 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
677 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
679 struct ieee80211_mgmt *mgmt;
681 size_t offset = 0, noffset;
682 int i, count, rates_len, supp_rates_len;
684 struct ieee80211_supported_band *sband;
685 struct ieee80211_chanctx_conf *chanctx_conf;
686 struct ieee80211_channel *chan;
689 lockdep_assert_held(&ifmgd->mtx);
692 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
693 if (WARN_ON(!chanctx_conf)) {
697 chan = chanctx_conf->def.chan;
699 sband = local->hw.wiphy->bands[chan->band];
701 if (assoc_data->supp_rates_len) {
703 * Get all rates supported by the device and the AP as
704 * some APs don't like getting a superset of their rates
705 * in the association request (e.g. D-Link DAP 1353 in
708 rates_len = ieee80211_compatible_rates(assoc_data->supp_rates,
709 assoc_data->supp_rates_len,
713 * In case AP not provide any supported rates information
714 * before association, we send information element(s) with
715 * all rates that we support.
718 rates_len = sband->n_bitrates;
721 skb = alloc_skb(local->hw.extra_tx_headroom +
722 sizeof(*mgmt) + /* bit too much but doesn't matter */
723 2 + assoc_data->ssid_len + /* SSID */
724 4 + rates_len + /* (extended) rates */
725 4 + /* power capability */
726 2 + 2 * sband->n_channels + /* supported channels */
727 2 + sizeof(struct ieee80211_ht_cap) + /* HT */
728 2 + sizeof(struct ieee80211_vht_cap) + /* VHT */
729 assoc_data->ie_len + /* extra IEs */
735 skb_reserve(skb, local->hw.extra_tx_headroom);
737 capab = WLAN_CAPABILITY_ESS;
739 if (sband->band == IEEE80211_BAND_2GHZ) {
740 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE))
741 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
742 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE))
743 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
746 if (assoc_data->capability & WLAN_CAPABILITY_PRIVACY)
747 capab |= WLAN_CAPABILITY_PRIVACY;
749 if ((assoc_data->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) &&
750 (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT))
751 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;
753 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
755 memcpy(mgmt->da, assoc_data->bss->bssid, ETH_ALEN);
756 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
757 memcpy(mgmt->bssid, assoc_data->bss->bssid, ETH_ALEN);
759 if (!is_zero_ether_addr(assoc_data->prev_bssid)) {
761 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
762 IEEE80211_STYPE_REASSOC_REQ);
763 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab);
764 mgmt->u.reassoc_req.listen_interval =
765 cpu_to_le16(local->hw.conf.listen_interval);
766 memcpy(mgmt->u.reassoc_req.current_ap, assoc_data->prev_bssid,
770 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
771 IEEE80211_STYPE_ASSOC_REQ);
772 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab);
773 mgmt->u.assoc_req.listen_interval =
774 cpu_to_le16(local->hw.conf.listen_interval);
778 pos = skb_put(skb, 2 + assoc_data->ssid_len);
779 *pos++ = WLAN_EID_SSID;
780 *pos++ = assoc_data->ssid_len;
781 memcpy(pos, assoc_data->ssid, assoc_data->ssid_len);
783 /* add all rates which were marked to be used above */
784 supp_rates_len = rates_len;
785 if (supp_rates_len > 8)
788 pos = skb_put(skb, supp_rates_len + 2);
789 *pos++ = WLAN_EID_SUPP_RATES;
790 *pos++ = supp_rates_len;
793 for (i = 0; i < sband->n_bitrates; i++) {
794 if (BIT(i) & rates) {
795 int rate = sband->bitrates[i].bitrate;
796 *pos++ = (u8) (rate / 5);
802 if (rates_len > count) {
803 pos = skb_put(skb, rates_len - count + 2);
804 *pos++ = WLAN_EID_EXT_SUPP_RATES;
805 *pos++ = rates_len - count;
807 for (i++; i < sband->n_bitrates; i++) {
808 if (BIT(i) & rates) {
809 int rate = sband->bitrates[i].bitrate;
810 *pos++ = (u8) (rate / 5);
815 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) {
816 /* 1. power capabilities */
817 pos = skb_put(skb, 4);
818 *pos++ = WLAN_EID_PWR_CAPABILITY;
820 *pos++ = 0; /* min tx power */
821 *pos++ = chan->max_power; /* max tx power */
823 /* 2. supported channels */
824 /* TODO: get this in reg domain format */
825 pos = skb_put(skb, 2 * sband->n_channels + 2);
826 *pos++ = WLAN_EID_SUPPORTED_CHANNELS;
827 *pos++ = 2 * sband->n_channels;
828 for (i = 0; i < sband->n_channels; i++) {
829 *pos++ = ieee80211_frequency_to_channel(
830 sband->channels[i].center_freq);
831 *pos++ = 1; /* one channel in the subband*/
835 /* if present, add any custom IEs that go before HT */
836 if (assoc_data->ie_len && assoc_data->ie) {
837 static const u8 before_ht[] = {
840 WLAN_EID_EXT_SUPP_RATES,
841 WLAN_EID_PWR_CAPABILITY,
842 WLAN_EID_SUPPORTED_CHANNELS,
845 WLAN_EID_RRM_ENABLED_CAPABILITIES,
846 WLAN_EID_MOBILITY_DOMAIN,
847 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
849 noffset = ieee80211_ie_split(assoc_data->ie, assoc_data->ie_len,
850 before_ht, ARRAY_SIZE(before_ht),
852 pos = skb_put(skb, noffset - offset);
853 memcpy(pos, assoc_data->ie + offset, noffset - offset);
857 if (WARN_ON_ONCE((ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
858 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)))
859 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
861 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT))
862 ieee80211_add_ht_ie(sdata, skb, assoc_data->ap_ht_param,
863 sband, chan, sdata->smps_mode);
865 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
866 ieee80211_add_vht_ie(sdata, skb, sband,
867 &assoc_data->ap_vht_cap);
869 /* if present, add any custom non-vendor IEs that go after HT */
870 if (assoc_data->ie_len && assoc_data->ie) {
871 noffset = ieee80211_ie_split_vendor(assoc_data->ie,
874 pos = skb_put(skb, noffset - offset);
875 memcpy(pos, assoc_data->ie + offset, noffset - offset);
879 if (assoc_data->wmm) {
880 if (assoc_data->uapsd) {
881 qos_info = ifmgd->uapsd_queues;
882 qos_info |= (ifmgd->uapsd_max_sp_len <<
883 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT);
888 pos = skb_put(skb, 9);
889 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
890 *pos++ = 7; /* len */
891 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */
894 *pos++ = 2; /* WME */
895 *pos++ = 0; /* WME info */
896 *pos++ = 1; /* WME ver */
900 /* add any remaining custom (i.e. vendor specific here) IEs */
901 if (assoc_data->ie_len && assoc_data->ie) {
902 noffset = assoc_data->ie_len;
903 pos = skb_put(skb, noffset - offset);
904 memcpy(pos, assoc_data->ie + offset, noffset - offset);
907 drv_mgd_prepare_tx(local, sdata);
909 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
910 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
911 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS |
912 IEEE80211_TX_INTFL_MLME_CONN_TX;
913 ieee80211_tx_skb(sdata, skb);
916 void ieee80211_send_pspoll(struct ieee80211_local *local,
917 struct ieee80211_sub_if_data *sdata)
919 struct ieee80211_pspoll *pspoll;
922 skb = ieee80211_pspoll_get(&local->hw, &sdata->vif);
926 pspoll = (struct ieee80211_pspoll *) skb->data;
927 pspoll->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
929 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
930 ieee80211_tx_skb(sdata, skb);
933 void ieee80211_send_nullfunc(struct ieee80211_local *local,
934 struct ieee80211_sub_if_data *sdata,
938 struct ieee80211_hdr_3addr *nullfunc;
939 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
941 skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif);
945 nullfunc = (struct ieee80211_hdr_3addr *) skb->data;
947 nullfunc->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
949 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT |
950 IEEE80211_TX_INTFL_OFFCHAN_TX_OK;
951 if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL |
952 IEEE80211_STA_CONNECTION_POLL))
953 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE;
955 ieee80211_tx_skb(sdata, skb);
958 static void ieee80211_send_4addr_nullfunc(struct ieee80211_local *local,
959 struct ieee80211_sub_if_data *sdata)
962 struct ieee80211_hdr *nullfunc;
965 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
968 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30);
972 skb_reserve(skb, local->hw.extra_tx_headroom);
974 nullfunc = (struct ieee80211_hdr *) skb_put(skb, 30);
975 memset(nullfunc, 0, 30);
976 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC |
977 IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
978 nullfunc->frame_control = fc;
979 memcpy(nullfunc->addr1, sdata->u.mgd.bssid, ETH_ALEN);
980 memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN);
981 memcpy(nullfunc->addr3, sdata->u.mgd.bssid, ETH_ALEN);
982 memcpy(nullfunc->addr4, sdata->vif.addr, ETH_ALEN);
984 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
985 ieee80211_tx_skb(sdata, skb);
988 /* spectrum management related things */
989 static void ieee80211_chswitch_work(struct work_struct *work)
991 struct ieee80211_sub_if_data *sdata =
992 container_of(work, struct ieee80211_sub_if_data, u.mgd.chswitch_work);
993 struct ieee80211_local *local = sdata->local;
994 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
996 if (!ieee80211_sdata_running(sdata))
999 mutex_lock(&ifmgd->mtx);
1000 if (!ifmgd->associated)
1003 local->_oper_chandef = local->csa_chandef;
1005 if (!local->ops->channel_switch) {
1006 /* call "hw_config" only if doing sw channel switch */
1007 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL);
1009 /* update the device channel directly */
1010 local->hw.conf.chandef = local->_oper_chandef;
1013 /* XXX: shouldn't really modify cfg80211-owned data! */
1014 ifmgd->associated->channel = local->_oper_chandef.chan;
1016 /* XXX: wait for a beacon first? */
1017 ieee80211_wake_queues_by_reason(&local->hw,
1018 IEEE80211_MAX_QUEUE_MAP,
1019 IEEE80211_QUEUE_STOP_REASON_CSA);
1021 ifmgd->flags &= ~IEEE80211_STA_CSA_RECEIVED;
1022 mutex_unlock(&ifmgd->mtx);
1025 void ieee80211_chswitch_done(struct ieee80211_vif *vif, bool success)
1027 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1028 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1030 trace_api_chswitch_done(sdata, success);
1033 "driver channel switch failed, disconnecting\n");
1034 ieee80211_queue_work(&sdata->local->hw,
1035 &ifmgd->csa_connection_drop_work);
1037 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work);
1040 EXPORT_SYMBOL(ieee80211_chswitch_done);
1042 static void ieee80211_chswitch_timer(unsigned long data)
1044 struct ieee80211_sub_if_data *sdata =
1045 (struct ieee80211_sub_if_data *) data;
1047 ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.chswitch_work);
1051 ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata,
1052 u64 timestamp, struct ieee802_11_elems *elems,
1055 struct ieee80211_local *local = sdata->local;
1056 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1057 struct cfg80211_bss *cbss = ifmgd->associated;
1058 struct ieee80211_bss *bss;
1059 struct ieee80211_chanctx *chanctx;
1060 enum ieee80211_band new_band;
1065 struct ieee80211_channel *new_chan;
1066 struct cfg80211_chan_def new_chandef = {};
1067 struct cfg80211_chan_def new_vht_chandef = {};
1068 const struct ieee80211_sec_chan_offs_ie *sec_chan_offs;
1069 const struct ieee80211_wide_bw_chansw_ie *wide_bw_chansw_ie;
1070 const struct ieee80211_ht_operation *ht_oper;
1071 int secondary_channel_offset = -1;
1073 ASSERT_MGD_MTX(ifmgd);
1078 if (local->scanning)
1081 /* disregard subsequent announcements if we are already processing */
1082 if (ifmgd->flags & IEEE80211_STA_CSA_RECEIVED)
1085 sec_chan_offs = elems->sec_chan_offs;
1086 wide_bw_chansw_ie = elems->wide_bw_chansw_ie;
1087 ht_oper = elems->ht_operation;
1089 if (ifmgd->flags & (IEEE80211_STA_DISABLE_HT |
1090 IEEE80211_STA_DISABLE_40MHZ)) {
1091 sec_chan_offs = NULL;
1092 wide_bw_chansw_ie = NULL;
1093 /* only used for bandwidth here */
1097 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT)
1098 wide_bw_chansw_ie = NULL;
1100 if (elems->ext_chansw_ie) {
1101 if (!ieee80211_operating_class_to_band(
1102 elems->ext_chansw_ie->new_operating_class,
1105 "cannot understand ECSA IE operating class %d, disconnecting\n",
1106 elems->ext_chansw_ie->new_operating_class);
1107 ieee80211_queue_work(&local->hw,
1108 &ifmgd->csa_connection_drop_work);
1110 new_chan_no = elems->ext_chansw_ie->new_ch_num;
1111 count = elems->ext_chansw_ie->count;
1112 mode = elems->ext_chansw_ie->mode;
1113 } else if (elems->ch_switch_ie) {
1114 new_band = cbss->channel->band;
1115 new_chan_no = elems->ch_switch_ie->new_ch_num;
1116 count = elems->ch_switch_ie->count;
1117 mode = elems->ch_switch_ie->mode;
1119 /* nothing here we understand */
1123 bss = (void *)cbss->priv;
1125 new_freq = ieee80211_channel_to_frequency(new_chan_no, new_band);
1126 new_chan = ieee80211_get_channel(sdata->local->hw.wiphy, new_freq);
1127 if (!new_chan || new_chan->flags & IEEE80211_CHAN_DISABLED) {
1129 "AP %pM switches to unsupported channel (%d MHz), disconnecting\n",
1130 ifmgd->associated->bssid, new_freq);
1131 ieee80211_queue_work(&local->hw,
1132 &ifmgd->csa_connection_drop_work);
1136 if (!beacon && sec_chan_offs) {
1137 secondary_channel_offset = sec_chan_offs->sec_chan_offs;
1138 } else if (beacon && ht_oper) {
1139 secondary_channel_offset =
1140 ht_oper->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET;
1141 } else if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) {
1143 * If it's not a beacon, HT is enabled and the IE not present,
1144 * it's 20 MHz, 802.11-2012 8.5.2.6:
1145 * This element [the Secondary Channel Offset Element] is
1146 * present when switching to a 40 MHz channel. It may be
1147 * present when switching to a 20 MHz channel (in which
1148 * case the secondary channel offset is set to SCN).
1150 secondary_channel_offset = IEEE80211_HT_PARAM_CHA_SEC_NONE;
1153 switch (secondary_channel_offset) {
1155 /* secondary_channel_offset was present but is invalid */
1156 case IEEE80211_HT_PARAM_CHA_SEC_NONE:
1157 cfg80211_chandef_create(&new_chandef, new_chan,
1160 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
1161 cfg80211_chandef_create(&new_chandef, new_chan,
1162 NL80211_CHAN_HT40PLUS);
1164 case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
1165 cfg80211_chandef_create(&new_chandef, new_chan,
1166 NL80211_CHAN_HT40MINUS);
1169 cfg80211_chandef_create(&new_chandef, new_chan,
1170 NL80211_CHAN_NO_HT);
1174 if (wide_bw_chansw_ie) {
1175 new_vht_chandef.chan = new_chan;
1176 new_vht_chandef.center_freq1 =
1177 ieee80211_channel_to_frequency(
1178 wide_bw_chansw_ie->new_center_freq_seg0,
1181 switch (wide_bw_chansw_ie->new_channel_width) {
1183 /* hmmm, ignore VHT and use HT if present */
1184 case IEEE80211_VHT_CHANWIDTH_USE_HT:
1185 new_vht_chandef.chan = NULL;
1187 case IEEE80211_VHT_CHANWIDTH_80MHZ:
1188 new_vht_chandef.width = NL80211_CHAN_WIDTH_80;
1190 case IEEE80211_VHT_CHANWIDTH_160MHZ:
1191 new_vht_chandef.width = NL80211_CHAN_WIDTH_160;
1193 case IEEE80211_VHT_CHANWIDTH_80P80MHZ:
1194 /* field is otherwise reserved */
1195 new_vht_chandef.center_freq2 =
1196 ieee80211_channel_to_frequency(
1197 wide_bw_chansw_ie->new_center_freq_seg1,
1199 new_vht_chandef.width = NL80211_CHAN_WIDTH_80P80;
1202 if (ifmgd->flags & IEEE80211_STA_DISABLE_80P80MHZ &&
1203 new_vht_chandef.width == NL80211_CHAN_WIDTH_80P80)
1204 chandef_downgrade(&new_vht_chandef);
1205 if (ifmgd->flags & IEEE80211_STA_DISABLE_160MHZ &&
1206 new_vht_chandef.width == NL80211_CHAN_WIDTH_160)
1207 chandef_downgrade(&new_vht_chandef);
1208 if (ifmgd->flags & IEEE80211_STA_DISABLE_40MHZ &&
1209 new_vht_chandef.width > NL80211_CHAN_WIDTH_20)
1210 chandef_downgrade(&new_vht_chandef);
1213 /* if VHT data is there validate & use it */
1214 if (new_vht_chandef.chan) {
1215 if (!cfg80211_chandef_compatible(&new_vht_chandef,
1218 "AP %pM CSA has inconsistent channel data, disconnecting\n",
1219 ifmgd->associated->bssid);
1220 ieee80211_queue_work(&local->hw,
1221 &ifmgd->csa_connection_drop_work);
1224 new_chandef = new_vht_chandef;
1227 if (!cfg80211_chandef_usable(local->hw.wiphy, &new_chandef,
1228 IEEE80211_CHAN_DISABLED)) {
1230 "AP %pM switches to unsupported channel (%d MHz, width:%d, CF1/2: %d/%d MHz), disconnecting\n",
1231 ifmgd->associated->bssid, new_freq,
1232 new_chandef.width, new_chandef.center_freq1,
1233 new_chandef.center_freq2);
1234 ieee80211_queue_work(&local->hw,
1235 &ifmgd->csa_connection_drop_work);
1239 ifmgd->flags |= IEEE80211_STA_CSA_RECEIVED;
1241 if (local->use_chanctx) {
1243 "not handling channel switch with channel contexts\n");
1244 ieee80211_queue_work(&local->hw,
1245 &ifmgd->csa_connection_drop_work);
1249 mutex_lock(&local->chanctx_mtx);
1250 if (WARN_ON(!rcu_access_pointer(sdata->vif.chanctx_conf))) {
1251 mutex_unlock(&local->chanctx_mtx);
1254 chanctx = container_of(rcu_access_pointer(sdata->vif.chanctx_conf),
1255 struct ieee80211_chanctx, conf);
1256 if (chanctx->refcount > 1) {
1258 "channel switch with multiple interfaces on the same channel, disconnecting\n");
1259 ieee80211_queue_work(&local->hw,
1260 &ifmgd->csa_connection_drop_work);
1261 mutex_unlock(&local->chanctx_mtx);
1264 mutex_unlock(&local->chanctx_mtx);
1266 local->csa_chandef = new_chandef;
1269 ieee80211_stop_queues_by_reason(&local->hw,
1270 IEEE80211_MAX_QUEUE_MAP,
1271 IEEE80211_QUEUE_STOP_REASON_CSA);
1273 if (local->ops->channel_switch) {
1274 /* use driver's channel switch callback */
1275 struct ieee80211_channel_switch ch_switch = {
1276 .timestamp = timestamp,
1278 .chandef = new_chandef,
1282 drv_channel_switch(local, &ch_switch);
1286 /* channel switch handled in software */
1288 ieee80211_queue_work(&local->hw, &ifmgd->chswitch_work);
1290 mod_timer(&ifmgd->chswitch_timer,
1291 TU_TO_EXP_TIME(count * cbss->beacon_interval));
1294 static u32 ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata,
1295 struct ieee80211_channel *channel,
1296 const u8 *country_ie, u8 country_ie_len,
1297 const u8 *pwr_constr_elem)
1299 struct ieee80211_country_ie_triplet *triplet;
1300 int chan = ieee80211_frequency_to_channel(channel->center_freq);
1301 int i, chan_pwr, chan_increment, new_ap_level;
1302 bool have_chan_pwr = false;
1305 if (country_ie_len % 2 || country_ie_len < IEEE80211_COUNTRY_IE_MIN_LEN)
1308 triplet = (void *)(country_ie + 3);
1309 country_ie_len -= 3;
1311 switch (channel->band) {
1315 case IEEE80211_BAND_2GHZ:
1316 case IEEE80211_BAND_60GHZ:
1319 case IEEE80211_BAND_5GHZ:
1325 while (country_ie_len >= 3) {
1326 u8 first_channel = triplet->chans.first_channel;
1328 if (first_channel >= IEEE80211_COUNTRY_EXTENSION_ID)
1331 for (i = 0; i < triplet->chans.num_channels; i++) {
1332 if (first_channel + i * chan_increment == chan) {
1333 have_chan_pwr = true;
1334 chan_pwr = triplet->chans.max_power;
1343 country_ie_len -= 3;
1349 new_ap_level = max_t(int, 0, chan_pwr - *pwr_constr_elem);
1351 if (sdata->ap_power_level == new_ap_level)
1355 "Limiting TX power to %d (%d - %d) dBm as advertised by %pM\n",
1356 new_ap_level, chan_pwr, *pwr_constr_elem,
1357 sdata->u.mgd.bssid);
1358 sdata->ap_power_level = new_ap_level;
1359 if (__ieee80211_recalc_txpower(sdata))
1360 return BSS_CHANGED_TXPOWER;
1365 static void ieee80211_enable_ps(struct ieee80211_local *local,
1366 struct ieee80211_sub_if_data *sdata)
1368 struct ieee80211_conf *conf = &local->hw.conf;
1371 * If we are scanning right now then the parameters will
1372 * take effect when scan finishes.
1374 if (local->scanning)
1377 if (conf->dynamic_ps_timeout > 0 &&
1378 !(local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)) {
1379 mod_timer(&local->dynamic_ps_timer, jiffies +
1380 msecs_to_jiffies(conf->dynamic_ps_timeout));
1382 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)
1383 ieee80211_send_nullfunc(local, sdata, 1);
1385 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) &&
1386 (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS))
1389 conf->flags |= IEEE80211_CONF_PS;
1390 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1394 static void ieee80211_change_ps(struct ieee80211_local *local)
1396 struct ieee80211_conf *conf = &local->hw.conf;
1398 if (local->ps_sdata) {
1399 ieee80211_enable_ps(local, local->ps_sdata);
1400 } else if (conf->flags & IEEE80211_CONF_PS) {
1401 conf->flags &= ~IEEE80211_CONF_PS;
1402 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1403 del_timer_sync(&local->dynamic_ps_timer);
1404 cancel_work_sync(&local->dynamic_ps_enable_work);
1408 static bool ieee80211_powersave_allowed(struct ieee80211_sub_if_data *sdata)
1410 struct ieee80211_if_managed *mgd = &sdata->u.mgd;
1411 struct sta_info *sta = NULL;
1412 bool authorized = false;
1414 if (!mgd->powersave)
1420 if (!mgd->associated)
1423 if (mgd->flags & (IEEE80211_STA_BEACON_POLL |
1424 IEEE80211_STA_CONNECTION_POLL))
1428 sta = sta_info_get(sdata, mgd->bssid);
1430 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED);
1436 /* need to hold RTNL or interface lock */
1437 void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency)
1439 struct ieee80211_sub_if_data *sdata, *found = NULL;
1443 if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_PS)) {
1444 local->ps_sdata = NULL;
1448 list_for_each_entry(sdata, &local->interfaces, list) {
1449 if (!ieee80211_sdata_running(sdata))
1451 if (sdata->vif.type == NL80211_IFTYPE_AP) {
1452 /* If an AP vif is found, then disable PS
1453 * by setting the count to zero thereby setting
1459 if (sdata->vif.type != NL80211_IFTYPE_STATION)
1465 if (count == 1 && ieee80211_powersave_allowed(found)) {
1469 latency = pm_qos_request(PM_QOS_NETWORK_LATENCY);
1471 beaconint_us = ieee80211_tu_to_usec(
1472 found->vif.bss_conf.beacon_int);
1474 timeout = local->dynamic_ps_forced_timeout;
1477 * Go to full PSM if the user configures a very low
1478 * latency requirement.
1479 * The 2000 second value is there for compatibility
1480 * until the PM_QOS_NETWORK_LATENCY is configured
1483 if (latency > (1900 * USEC_PER_MSEC) &&
1484 latency != (2000 * USEC_PER_SEC))
1489 local->hw.conf.dynamic_ps_timeout = timeout;
1491 if (beaconint_us > latency) {
1492 local->ps_sdata = NULL;
1495 u8 dtimper = found->u.mgd.dtim_period;
1497 /* If the TIM IE is invalid, pretend the value is 1 */
1500 else if (dtimper > 1)
1501 maxslp = min_t(int, dtimper,
1502 latency / beaconint_us);
1504 local->hw.conf.max_sleep_period = maxslp;
1505 local->hw.conf.ps_dtim_period = dtimper;
1506 local->ps_sdata = found;
1509 local->ps_sdata = NULL;
1512 ieee80211_change_ps(local);
1515 void ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data *sdata)
1517 bool ps_allowed = ieee80211_powersave_allowed(sdata);
1519 if (sdata->vif.bss_conf.ps != ps_allowed) {
1520 sdata->vif.bss_conf.ps = ps_allowed;
1521 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_PS);
1525 void ieee80211_dynamic_ps_disable_work(struct work_struct *work)
1527 struct ieee80211_local *local =
1528 container_of(work, struct ieee80211_local,
1529 dynamic_ps_disable_work);
1531 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
1532 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
1533 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1536 ieee80211_wake_queues_by_reason(&local->hw,
1537 IEEE80211_MAX_QUEUE_MAP,
1538 IEEE80211_QUEUE_STOP_REASON_PS);
1541 void ieee80211_dynamic_ps_enable_work(struct work_struct *work)
1543 struct ieee80211_local *local =
1544 container_of(work, struct ieee80211_local,
1545 dynamic_ps_enable_work);
1546 struct ieee80211_sub_if_data *sdata = local->ps_sdata;
1547 struct ieee80211_if_managed *ifmgd;
1548 unsigned long flags;
1551 /* can only happen when PS was just disabled anyway */
1555 ifmgd = &sdata->u.mgd;
1557 if (local->hw.conf.flags & IEEE80211_CONF_PS)
1560 if (local->hw.conf.dynamic_ps_timeout > 0) {
1561 /* don't enter PS if TX frames are pending */
1562 if (drv_tx_frames_pending(local)) {
1563 mod_timer(&local->dynamic_ps_timer, jiffies +
1565 local->hw.conf.dynamic_ps_timeout));
1570 * transmission can be stopped by others which leads to
1571 * dynamic_ps_timer expiry. Postpone the ps timer if it
1572 * is not the actual idle state.
1574 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
1575 for (q = 0; q < local->hw.queues; q++) {
1576 if (local->queue_stop_reasons[q]) {
1577 spin_unlock_irqrestore(&local->queue_stop_reason_lock,
1579 mod_timer(&local->dynamic_ps_timer, jiffies +
1581 local->hw.conf.dynamic_ps_timeout));
1585 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
1588 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) &&
1589 !(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) {
1590 if (drv_tx_frames_pending(local)) {
1591 mod_timer(&local->dynamic_ps_timer, jiffies +
1593 local->hw.conf.dynamic_ps_timeout));
1595 ieee80211_send_nullfunc(local, sdata, 1);
1596 /* Flush to get the tx status of nullfunc frame */
1597 ieee80211_flush_queues(local, sdata);
1601 if (!((local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) &&
1602 (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)) ||
1603 (ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) {
1604 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED;
1605 local->hw.conf.flags |= IEEE80211_CONF_PS;
1606 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1610 void ieee80211_dynamic_ps_timer(unsigned long data)
1612 struct ieee80211_local *local = (void *) data;
1614 if (local->quiescing || local->suspended)
1617 ieee80211_queue_work(&local->hw, &local->dynamic_ps_enable_work);
1620 void ieee80211_dfs_cac_timer_work(struct work_struct *work)
1622 struct delayed_work *delayed_work =
1623 container_of(work, struct delayed_work, work);
1624 struct ieee80211_sub_if_data *sdata =
1625 container_of(delayed_work, struct ieee80211_sub_if_data,
1626 dfs_cac_timer_work);
1628 ieee80211_vif_release_channel(sdata);
1630 cfg80211_cac_event(sdata->dev, NL80211_RADAR_CAC_FINISHED, GFP_KERNEL);
1634 static bool ieee80211_sta_wmm_params(struct ieee80211_local *local,
1635 struct ieee80211_sub_if_data *sdata,
1636 const u8 *wmm_param, size_t wmm_param_len)
1638 struct ieee80211_tx_queue_params params;
1639 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1643 u8 uapsd_queues = 0;
1645 if (!local->ops->conf_tx)
1648 if (local->hw.queues < IEEE80211_NUM_ACS)
1654 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1)
1657 if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED)
1658 uapsd_queues = ifmgd->uapsd_queues;
1660 count = wmm_param[6] & 0x0f;
1661 if (count == ifmgd->wmm_last_param_set)
1663 ifmgd->wmm_last_param_set = count;
1665 pos = wmm_param + 8;
1666 left = wmm_param_len - 8;
1668 memset(¶ms, 0, sizeof(params));
1671 for (; left >= 4; left -= 4, pos += 4) {
1672 int aci = (pos[0] >> 5) & 0x03;
1673 int acm = (pos[0] >> 4) & 0x01;
1681 sdata->wmm_acm |= BIT(1) | BIT(2); /* BK/- */
1682 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK)
1688 sdata->wmm_acm |= BIT(4) | BIT(5); /* CL/VI */
1689 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI)
1695 sdata->wmm_acm |= BIT(6) | BIT(7); /* VO/NC */
1696 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO)
1703 sdata->wmm_acm |= BIT(0) | BIT(3); /* BE/EE */
1704 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE)
1709 params.aifs = pos[0] & 0x0f;
1710 params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4);
1711 params.cw_min = ecw2cw(pos[1] & 0x0f);
1712 params.txop = get_unaligned_le16(pos + 2);
1714 params.uapsd = uapsd;
1717 "WMM queue=%d aci=%d acm=%d aifs=%d cWmin=%d cWmax=%d txop=%d uapsd=%d\n",
1719 params.aifs, params.cw_min, params.cw_max,
1720 params.txop, params.uapsd);
1721 sdata->tx_conf[queue] = params;
1722 if (drv_conf_tx(local, sdata, queue, ¶ms))
1724 "failed to set TX queue parameters for queue %d\n",
1728 /* enable WMM or activate new settings */
1729 sdata->vif.bss_conf.qos = true;
1733 static void __ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata)
1735 lockdep_assert_held(&sdata->local->mtx);
1737 sdata->u.mgd.flags &= ~(IEEE80211_STA_CONNECTION_POLL |
1738 IEEE80211_STA_BEACON_POLL);
1739 ieee80211_run_deferred_scan(sdata->local);
1742 static void ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata)
1744 mutex_lock(&sdata->local->mtx);
1745 __ieee80211_stop_poll(sdata);
1746 mutex_unlock(&sdata->local->mtx);
1749 static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata,
1750 u16 capab, bool erp_valid, u8 erp)
1752 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
1754 bool use_protection;
1755 bool use_short_preamble;
1756 bool use_short_slot;
1759 use_protection = (erp & WLAN_ERP_USE_PROTECTION) != 0;
1760 use_short_preamble = (erp & WLAN_ERP_BARKER_PREAMBLE) == 0;
1762 use_protection = false;
1763 use_short_preamble = !!(capab & WLAN_CAPABILITY_SHORT_PREAMBLE);
1766 use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME);
1767 if (ieee80211_get_sdata_band(sdata) == IEEE80211_BAND_5GHZ)
1768 use_short_slot = true;
1770 if (use_protection != bss_conf->use_cts_prot) {
1771 bss_conf->use_cts_prot = use_protection;
1772 changed |= BSS_CHANGED_ERP_CTS_PROT;
1775 if (use_short_preamble != bss_conf->use_short_preamble) {
1776 bss_conf->use_short_preamble = use_short_preamble;
1777 changed |= BSS_CHANGED_ERP_PREAMBLE;
1780 if (use_short_slot != bss_conf->use_short_slot) {
1781 bss_conf->use_short_slot = use_short_slot;
1782 changed |= BSS_CHANGED_ERP_SLOT;
1788 static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
1789 struct cfg80211_bss *cbss,
1790 u32 bss_info_changed)
1792 struct ieee80211_bss *bss = (void *)cbss->priv;
1793 struct ieee80211_local *local = sdata->local;
1794 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
1796 bss_info_changed |= BSS_CHANGED_ASSOC;
1797 bss_info_changed |= ieee80211_handle_bss_capability(sdata,
1798 bss_conf->assoc_capability, bss->has_erp_value, bss->erp_value);
1800 sdata->u.mgd.beacon_timeout = usecs_to_jiffies(ieee80211_tu_to_usec(
1801 beacon_loss_count * bss_conf->beacon_int));
1803 sdata->u.mgd.associated = cbss;
1804 memcpy(sdata->u.mgd.bssid, cbss->bssid, ETH_ALEN);
1806 sdata->u.mgd.flags |= IEEE80211_STA_RESET_SIGNAL_AVE;
1808 if (sdata->vif.p2p) {
1809 const struct cfg80211_bss_ies *ies;
1812 ies = rcu_dereference(cbss->ies);
1816 ret = cfg80211_get_p2p_attr(
1817 ies->data, ies->len,
1818 IEEE80211_P2P_ATTR_ABSENCE_NOTICE,
1819 (u8 *) &bss_conf->p2p_noa_attr,
1820 sizeof(bss_conf->p2p_noa_attr));
1822 sdata->u.mgd.p2p_noa_index =
1823 bss_conf->p2p_noa_attr.index;
1824 bss_info_changed |= BSS_CHANGED_P2P_PS;
1830 /* just to be sure */
1831 ieee80211_stop_poll(sdata);
1833 ieee80211_led_assoc(local, 1);
1835 if (sdata->u.mgd.assoc_data->have_beacon) {
1837 * If the AP is buggy we may get here with no DTIM period
1838 * known, so assume it's 1 which is the only safe assumption
1839 * in that case, although if the TIM IE is broken powersave
1840 * probably just won't work at all.
1842 bss_conf->dtim_period = sdata->u.mgd.dtim_period ?: 1;
1843 bss_info_changed |= BSS_CHANGED_DTIM_PERIOD;
1845 bss_conf->dtim_period = 0;
1848 bss_conf->assoc = 1;
1850 /* Tell the driver to monitor connection quality (if supported) */
1851 if (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI &&
1852 bss_conf->cqm_rssi_thold)
1853 bss_info_changed |= BSS_CHANGED_CQM;
1855 /* Enable ARP filtering */
1856 if (bss_conf->arp_addr_cnt)
1857 bss_info_changed |= BSS_CHANGED_ARP_FILTER;
1859 ieee80211_bss_info_change_notify(sdata, bss_info_changed);
1861 mutex_lock(&local->iflist_mtx);
1862 ieee80211_recalc_ps(local, -1);
1863 mutex_unlock(&local->iflist_mtx);
1865 ieee80211_recalc_smps(sdata);
1866 ieee80211_recalc_ps_vif(sdata);
1868 netif_carrier_on(sdata->dev);
1871 static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
1872 u16 stype, u16 reason, bool tx,
1875 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1876 struct ieee80211_local *local = sdata->local;
1879 ASSERT_MGD_MTX(ifmgd);
1881 if (WARN_ON_ONCE(tx && !frame_buf))
1884 if (WARN_ON(!ifmgd->associated))
1887 ieee80211_stop_poll(sdata);
1889 ifmgd->associated = NULL;
1890 netif_carrier_off(sdata->dev);
1893 * if we want to get out of ps before disassoc (why?) we have
1894 * to do it before sending disassoc, as otherwise the null-packet
1897 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
1898 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
1899 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1901 local->ps_sdata = NULL;
1903 /* disable per-vif ps */
1904 ieee80211_recalc_ps_vif(sdata);
1906 /* flush out any pending frame (e.g. DELBA) before deauth/disassoc */
1908 ieee80211_flush_queues(local, sdata);
1910 /* deauthenticate/disassociate now */
1911 if (tx || frame_buf)
1912 ieee80211_send_deauth_disassoc(sdata, ifmgd->bssid, stype,
1913 reason, tx, frame_buf);
1915 /* flush out frame */
1917 ieee80211_flush_queues(local, sdata);
1919 /* clear bssid only after building the needed mgmt frames */
1920 memset(ifmgd->bssid, 0, ETH_ALEN);
1922 /* remove AP and TDLS peers */
1923 sta_info_flush_defer(sdata);
1925 /* finally reset all BSS / config parameters */
1926 changed |= ieee80211_reset_erp_info(sdata);
1928 ieee80211_led_assoc(local, 0);
1929 changed |= BSS_CHANGED_ASSOC;
1930 sdata->vif.bss_conf.assoc = false;
1932 ifmgd->p2p_noa_index = -1;
1933 memset(&sdata->vif.bss_conf.p2p_noa_attr, 0,
1934 sizeof(sdata->vif.bss_conf.p2p_noa_attr));
1936 /* on the next assoc, re-program HT/VHT parameters */
1937 memset(&ifmgd->ht_capa, 0, sizeof(ifmgd->ht_capa));
1938 memset(&ifmgd->ht_capa_mask, 0, sizeof(ifmgd->ht_capa_mask));
1939 memset(&ifmgd->vht_capa, 0, sizeof(ifmgd->vht_capa));
1940 memset(&ifmgd->vht_capa_mask, 0, sizeof(ifmgd->vht_capa_mask));
1942 sdata->ap_power_level = IEEE80211_UNSET_POWER_LEVEL;
1944 del_timer_sync(&local->dynamic_ps_timer);
1945 cancel_work_sync(&local->dynamic_ps_enable_work);
1947 /* Disable ARP filtering */
1948 if (sdata->vif.bss_conf.arp_addr_cnt)
1949 changed |= BSS_CHANGED_ARP_FILTER;
1951 sdata->vif.bss_conf.qos = false;
1952 changed |= BSS_CHANGED_QOS;
1954 /* The BSSID (not really interesting) and HT changed */
1955 changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT;
1956 ieee80211_bss_info_change_notify(sdata, changed);
1958 /* disassociated - set to defaults now */
1959 ieee80211_set_wmm_default(sdata, false);
1961 del_timer_sync(&sdata->u.mgd.conn_mon_timer);
1962 del_timer_sync(&sdata->u.mgd.bcn_mon_timer);
1963 del_timer_sync(&sdata->u.mgd.timer);
1964 del_timer_sync(&sdata->u.mgd.chswitch_timer);
1966 sdata->vif.bss_conf.dtim_period = 0;
1969 ieee80211_vif_release_channel(sdata);
1972 void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata,
1973 struct ieee80211_hdr *hdr)
1976 * We can postpone the mgd.timer whenever receiving unicast frames
1977 * from AP because we know that the connection is working both ways
1978 * at that time. But multicast frames (and hence also beacons) must
1979 * be ignored here, because we need to trigger the timer during
1980 * data idle periods for sending the periodic probe request to the
1981 * AP we're connected to.
1983 if (is_multicast_ether_addr(hdr->addr1))
1986 ieee80211_sta_reset_conn_monitor(sdata);
1989 static void ieee80211_reset_ap_probe(struct ieee80211_sub_if_data *sdata)
1991 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1992 struct ieee80211_local *local = sdata->local;
1994 mutex_lock(&local->mtx);
1995 if (!(ifmgd->flags & (IEEE80211_STA_BEACON_POLL |
1996 IEEE80211_STA_CONNECTION_POLL))) {
1997 mutex_unlock(&local->mtx);
2001 __ieee80211_stop_poll(sdata);
2003 mutex_lock(&local->iflist_mtx);
2004 ieee80211_recalc_ps(local, -1);
2005 mutex_unlock(&local->iflist_mtx);
2007 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR)
2011 * We've received a probe response, but are not sure whether
2012 * we have or will be receiving any beacons or data, so let's
2013 * schedule the timers again, just in case.
2015 ieee80211_sta_reset_beacon_monitor(sdata);
2017 mod_timer(&ifmgd->conn_mon_timer,
2018 round_jiffies_up(jiffies +
2019 IEEE80211_CONNECTION_IDLE_TIME));
2021 mutex_unlock(&local->mtx);
2024 void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata,
2025 struct ieee80211_hdr *hdr, bool ack)
2027 if (!ieee80211_is_data(hdr->frame_control))
2030 if (ieee80211_is_nullfunc(hdr->frame_control) &&
2031 sdata->u.mgd.probe_send_count > 0) {
2033 ieee80211_sta_reset_conn_monitor(sdata);
2035 sdata->u.mgd.nullfunc_failed = true;
2036 ieee80211_queue_work(&sdata->local->hw, &sdata->work);
2041 ieee80211_sta_reset_conn_monitor(sdata);
2044 static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata)
2046 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2048 u8 *dst = ifmgd->associated->bssid;
2049 u8 unicast_limit = max(1, max_probe_tries - 3);
2052 * Try sending broadcast probe requests for the last three
2053 * probe requests after the first ones failed since some
2054 * buggy APs only support broadcast probe requests.
2056 if (ifmgd->probe_send_count >= unicast_limit)
2060 * When the hardware reports an accurate Tx ACK status, it's
2061 * better to send a nullfunc frame instead of a probe request,
2062 * as it will kick us off the AP quickly if we aren't associated
2063 * anymore. The timeout will be reset if the frame is ACKed by
2066 ifmgd->probe_send_count++;
2068 if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) {
2069 ifmgd->nullfunc_failed = false;
2070 ieee80211_send_nullfunc(sdata->local, sdata, 0);
2075 ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID);
2076 if (WARN_ON_ONCE(ssid == NULL))
2081 ieee80211_send_probe_req(sdata, dst, ssid + 2, ssid_len, NULL,
2082 0, (u32) -1, true, 0,
2083 ifmgd->associated->channel, false);
2087 ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms);
2088 run_again(ifmgd, ifmgd->probe_timeout);
2089 if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
2090 ieee80211_flush_queues(sdata->local, sdata);
2093 static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata,
2096 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2097 bool already = false;
2099 if (!ieee80211_sdata_running(sdata))
2102 mutex_lock(&ifmgd->mtx);
2104 if (!ifmgd->associated)
2107 mutex_lock(&sdata->local->mtx);
2109 if (sdata->local->tmp_channel || sdata->local->scanning) {
2110 mutex_unlock(&sdata->local->mtx);
2115 mlme_dbg_ratelimited(sdata,
2116 "detected beacon loss from AP (missed %d beacons) - probing\n",
2119 ieee80211_cqm_rssi_notify(&sdata->vif,
2120 NL80211_CQM_RSSI_BEACON_LOSS_EVENT,
2125 * The driver/our work has already reported this event or the
2126 * connection monitoring has kicked in and we have already sent
2127 * a probe request. Or maybe the AP died and the driver keeps
2128 * reporting until we disassociate...
2130 * In either case we have to ignore the current call to this
2131 * function (except for setting the correct probe reason bit)
2132 * because otherwise we would reset the timer every time and
2133 * never check whether we received a probe response!
2135 if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL |
2136 IEEE80211_STA_CONNECTION_POLL))
2140 ifmgd->flags |= IEEE80211_STA_BEACON_POLL;
2142 ifmgd->flags |= IEEE80211_STA_CONNECTION_POLL;
2144 mutex_unlock(&sdata->local->mtx);
2149 mutex_lock(&sdata->local->iflist_mtx);
2150 ieee80211_recalc_ps(sdata->local, -1);
2151 mutex_unlock(&sdata->local->iflist_mtx);
2153 ifmgd->probe_send_count = 0;
2154 ieee80211_mgd_probe_ap_send(sdata);
2156 mutex_unlock(&ifmgd->mtx);
2159 struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw,
2160 struct ieee80211_vif *vif)
2162 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2163 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2164 struct cfg80211_bss *cbss;
2165 struct sk_buff *skb;
2169 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
2172 ASSERT_MGD_MTX(ifmgd);
2174 if (ifmgd->associated)
2175 cbss = ifmgd->associated;
2176 else if (ifmgd->auth_data)
2177 cbss = ifmgd->auth_data->bss;
2178 else if (ifmgd->assoc_data)
2179 cbss = ifmgd->assoc_data->bss;
2184 ssid = ieee80211_bss_get_ie(cbss, WLAN_EID_SSID);
2185 if (WARN_ON_ONCE(ssid == NULL))
2190 skb = ieee80211_build_probe_req(sdata, cbss->bssid,
2191 (u32) -1, cbss->channel,
2198 EXPORT_SYMBOL(ieee80211_ap_probereq_get);
2200 static void __ieee80211_disconnect(struct ieee80211_sub_if_data *sdata)
2202 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2203 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
2205 mutex_lock(&ifmgd->mtx);
2206 if (!ifmgd->associated) {
2207 mutex_unlock(&ifmgd->mtx);
2211 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
2212 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
2214 ifmgd->flags &= ~IEEE80211_STA_CSA_RECEIVED;
2215 ieee80211_wake_queues_by_reason(&sdata->local->hw,
2216 IEEE80211_MAX_QUEUE_MAP,
2217 IEEE80211_QUEUE_STOP_REASON_CSA);
2218 mutex_unlock(&ifmgd->mtx);
2221 * must be outside lock due to cfg80211,
2222 * but that's not a problem.
2224 cfg80211_send_deauth(sdata->dev, frame_buf, IEEE80211_DEAUTH_FRAME_LEN);
2227 static void ieee80211_beacon_connection_loss_work(struct work_struct *work)
2229 struct ieee80211_sub_if_data *sdata =
2230 container_of(work, struct ieee80211_sub_if_data,
2231 u.mgd.beacon_connection_loss_work);
2232 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2233 struct sta_info *sta;
2235 if (ifmgd->associated) {
2237 sta = sta_info_get(sdata, ifmgd->bssid);
2239 sta->beacon_loss_count++;
2243 if (ifmgd->connection_loss) {
2244 sdata_info(sdata, "Connection to AP %pM lost\n",
2246 __ieee80211_disconnect(sdata);
2248 ieee80211_mgd_probe_ap(sdata, true);
2252 static void ieee80211_csa_connection_drop_work(struct work_struct *work)
2254 struct ieee80211_sub_if_data *sdata =
2255 container_of(work, struct ieee80211_sub_if_data,
2256 u.mgd.csa_connection_drop_work);
2258 __ieee80211_disconnect(sdata);
2261 void ieee80211_beacon_loss(struct ieee80211_vif *vif)
2263 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2264 struct ieee80211_hw *hw = &sdata->local->hw;
2266 trace_api_beacon_loss(sdata);
2268 sdata->u.mgd.connection_loss = false;
2269 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work);
2271 EXPORT_SYMBOL(ieee80211_beacon_loss);
2273 void ieee80211_connection_loss(struct ieee80211_vif *vif)
2275 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2276 struct ieee80211_hw *hw = &sdata->local->hw;
2278 trace_api_connection_loss(sdata);
2280 sdata->u.mgd.connection_loss = true;
2281 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work);
2283 EXPORT_SYMBOL(ieee80211_connection_loss);
2286 static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata,
2289 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data;
2291 lockdep_assert_held(&sdata->u.mgd.mtx);
2294 sta_info_destroy_addr(sdata, auth_data->bss->bssid);
2296 memset(sdata->u.mgd.bssid, 0, ETH_ALEN);
2297 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
2298 sdata->u.mgd.flags = 0;
2299 ieee80211_vif_release_channel(sdata);
2302 cfg80211_put_bss(sdata->local->hw.wiphy, auth_data->bss);
2304 sdata->u.mgd.auth_data = NULL;
2307 static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata,
2308 struct ieee80211_mgmt *mgmt, size_t len)
2310 struct ieee80211_local *local = sdata->local;
2311 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data;
2313 struct ieee802_11_elems elems;
2316 pos = mgmt->u.auth.variable;
2317 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems);
2318 if (!elems.challenge)
2320 auth_data->expected_transaction = 4;
2321 drv_mgd_prepare_tx(sdata->local, sdata);
2322 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
2323 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
2324 IEEE80211_TX_INTFL_MLME_CONN_TX;
2325 ieee80211_send_auth(sdata, 3, auth_data->algorithm, 0,
2326 elems.challenge - 2, elems.challenge_len + 2,
2327 auth_data->bss->bssid, auth_data->bss->bssid,
2328 auth_data->key, auth_data->key_len,
2329 auth_data->key_idx, tx_flags);
2332 static enum rx_mgmt_action __must_check
2333 ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata,
2334 struct ieee80211_mgmt *mgmt, size_t len)
2336 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2338 u16 auth_alg, auth_transaction, status_code;
2339 struct sta_info *sta;
2341 lockdep_assert_held(&ifmgd->mtx);
2344 return RX_MGMT_NONE;
2346 if (!ifmgd->auth_data || ifmgd->auth_data->done)
2347 return RX_MGMT_NONE;
2349 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN);
2351 if (!ether_addr_equal(bssid, mgmt->bssid))
2352 return RX_MGMT_NONE;
2354 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
2355 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
2356 status_code = le16_to_cpu(mgmt->u.auth.status_code);
2358 if (auth_alg != ifmgd->auth_data->algorithm ||
2359 auth_transaction != ifmgd->auth_data->expected_transaction) {
2360 sdata_info(sdata, "%pM unexpected authentication state: alg %d (expected %d) transact %d (expected %d)\n",
2361 mgmt->sa, auth_alg, ifmgd->auth_data->algorithm,
2363 ifmgd->auth_data->expected_transaction);
2364 return RX_MGMT_NONE;
2367 if (status_code != WLAN_STATUS_SUCCESS) {
2368 sdata_info(sdata, "%pM denied authentication (status %d)\n",
2369 mgmt->sa, status_code);
2370 ieee80211_destroy_auth_data(sdata, false);
2371 return RX_MGMT_CFG80211_RX_AUTH;
2374 switch (ifmgd->auth_data->algorithm) {
2375 case WLAN_AUTH_OPEN:
2376 case WLAN_AUTH_LEAP:
2380 case WLAN_AUTH_SHARED_KEY:
2381 if (ifmgd->auth_data->expected_transaction != 4) {
2382 ieee80211_auth_challenge(sdata, mgmt, len);
2383 /* need another frame */
2384 return RX_MGMT_NONE;
2388 WARN_ONCE(1, "invalid auth alg %d",
2389 ifmgd->auth_data->algorithm);
2390 return RX_MGMT_NONE;
2393 sdata_info(sdata, "authenticated\n");
2394 ifmgd->auth_data->done = true;
2395 ifmgd->auth_data->timeout = jiffies + IEEE80211_AUTH_WAIT_ASSOC;
2396 ifmgd->auth_data->timeout_started = true;
2397 run_again(ifmgd, ifmgd->auth_data->timeout);
2399 if (ifmgd->auth_data->algorithm == WLAN_AUTH_SAE &&
2400 ifmgd->auth_data->expected_transaction != 2) {
2402 * Report auth frame to user space for processing since another
2403 * round of Authentication frames is still needed.
2405 return RX_MGMT_CFG80211_RX_AUTH;
2408 /* move station state to auth */
2409 mutex_lock(&sdata->local->sta_mtx);
2410 sta = sta_info_get(sdata, bssid);
2412 WARN_ONCE(1, "%s: STA %pM not found", sdata->name, bssid);
2415 if (sta_info_move_state(sta, IEEE80211_STA_AUTH)) {
2416 sdata_info(sdata, "failed moving %pM to auth\n", bssid);
2419 mutex_unlock(&sdata->local->sta_mtx);
2421 return RX_MGMT_CFG80211_RX_AUTH;
2423 mutex_unlock(&sdata->local->sta_mtx);
2424 /* ignore frame -- wait for timeout */
2425 return RX_MGMT_NONE;
2429 static enum rx_mgmt_action __must_check
2430 ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata,
2431 struct ieee80211_mgmt *mgmt, size_t len)
2433 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2434 const u8 *bssid = NULL;
2437 lockdep_assert_held(&ifmgd->mtx);
2440 return RX_MGMT_NONE;
2442 if (!ifmgd->associated ||
2443 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid))
2444 return RX_MGMT_NONE;
2446 bssid = ifmgd->associated->bssid;
2448 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
2450 sdata_info(sdata, "deauthenticated from %pM (Reason: %u)\n",
2451 bssid, reason_code);
2453 ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
2455 return RX_MGMT_CFG80211_DEAUTH;
2459 static enum rx_mgmt_action __must_check
2460 ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata,
2461 struct ieee80211_mgmt *mgmt, size_t len)
2463 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2466 lockdep_assert_held(&ifmgd->mtx);
2469 return RX_MGMT_NONE;
2471 if (!ifmgd->associated ||
2472 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid))
2473 return RX_MGMT_NONE;
2475 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
2477 sdata_info(sdata, "disassociated from %pM (Reason: %u)\n",
2478 mgmt->sa, reason_code);
2480 ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
2482 return RX_MGMT_CFG80211_DISASSOC;
2485 static void ieee80211_get_rates(struct ieee80211_supported_band *sband,
2486 u8 *supp_rates, unsigned int supp_rates_len,
2487 u32 *rates, u32 *basic_rates,
2488 bool *have_higher_than_11mbit,
2489 int *min_rate, int *min_rate_index)
2493 for (i = 0; i < supp_rates_len; i++) {
2494 int rate = (supp_rates[i] & 0x7f) * 5;
2495 bool is_basic = !!(supp_rates[i] & 0x80);
2498 *have_higher_than_11mbit = true;
2501 * BSS_MEMBERSHIP_SELECTOR_HT_PHY is defined in 802.11n-2009
2502 * 7.3.2.2 as a magic value instead of a rate. Hence, skip it.
2504 * Note: Even through the membership selector and the basic
2505 * rate flag share the same bit, they are not exactly
2508 if (!!(supp_rates[i] & 0x80) &&
2509 (supp_rates[i] & 0x7f) == BSS_MEMBERSHIP_SELECTOR_HT_PHY)
2512 for (j = 0; j < sband->n_bitrates; j++) {
2513 if (sband->bitrates[j].bitrate == rate) {
2516 *basic_rates |= BIT(j);
2517 if (rate < *min_rate) {
2519 *min_rate_index = j;
2527 static void ieee80211_destroy_assoc_data(struct ieee80211_sub_if_data *sdata,
2530 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data;
2532 lockdep_assert_held(&sdata->u.mgd.mtx);
2535 sta_info_destroy_addr(sdata, assoc_data->bss->bssid);
2537 memset(sdata->u.mgd.bssid, 0, ETH_ALEN);
2538 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
2539 sdata->u.mgd.flags = 0;
2540 ieee80211_vif_release_channel(sdata);
2544 sdata->u.mgd.assoc_data = NULL;
2547 static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata,
2548 struct cfg80211_bss *cbss,
2549 struct ieee80211_mgmt *mgmt, size_t len)
2551 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2552 struct ieee80211_local *local = sdata->local;
2553 struct ieee80211_supported_band *sband;
2554 struct sta_info *sta;
2556 u16 capab_info, aid;
2557 struct ieee802_11_elems elems;
2558 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
2559 const struct cfg80211_bss_ies *bss_ies = NULL;
2560 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
2565 /* AssocResp and ReassocResp have identical structure */
2567 aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
2568 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
2570 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14)))
2571 sdata_info(sdata, "invalid AID value 0x%x; bits 15:14 not set\n",
2573 aid &= ~(BIT(15) | BIT(14));
2575 ifmgd->broken_ap = false;
2577 if (aid == 0 || aid > IEEE80211_MAX_AID) {
2578 sdata_info(sdata, "invalid AID value %d (out of range), turn off PS\n",
2581 ifmgd->broken_ap = true;
2584 pos = mgmt->u.assoc_resp.variable;
2585 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems);
2587 if (!elems.supp_rates) {
2588 sdata_info(sdata, "no SuppRates element in AssocResp\n");
2595 * Some APs are erroneously not including some information in their
2596 * (re)association response frames. Try to recover by using the data
2597 * from the beacon or probe response. This seems to afflict mobile
2598 * 2G/3G/4G wifi routers, reported models include the "Onda PN51T",
2599 * "Vodafone PocketWiFi 2", "ZTE MF60" and a similar T-Mobile device.
2601 if ((assoc_data->wmm && !elems.wmm_param) ||
2602 (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
2603 (!elems.ht_cap_elem || !elems.ht_operation)) ||
2604 (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) &&
2605 (!elems.vht_cap_elem || !elems.vht_operation))) {
2606 const struct cfg80211_bss_ies *ies;
2607 struct ieee802_11_elems bss_elems;
2610 ies = rcu_dereference(cbss->ies);
2612 bss_ies = kmemdup(ies, sizeof(*ies) + ies->len,
2618 ieee802_11_parse_elems(bss_ies->data, bss_ies->len,
2620 if (assoc_data->wmm &&
2621 !elems.wmm_param && bss_elems.wmm_param) {
2622 elems.wmm_param = bss_elems.wmm_param;
2624 "AP bug: WMM param missing from AssocResp\n");
2628 * Also check if we requested HT/VHT, otherwise the AP doesn't
2629 * have to include the IEs in the (re)association response.
2631 if (!elems.ht_cap_elem && bss_elems.ht_cap_elem &&
2632 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) {
2633 elems.ht_cap_elem = bss_elems.ht_cap_elem;
2635 "AP bug: HT capability missing from AssocResp\n");
2637 if (!elems.ht_operation && bss_elems.ht_operation &&
2638 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) {
2639 elems.ht_operation = bss_elems.ht_operation;
2641 "AP bug: HT operation missing from AssocResp\n");
2643 if (!elems.vht_cap_elem && bss_elems.vht_cap_elem &&
2644 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) {
2645 elems.vht_cap_elem = bss_elems.vht_cap_elem;
2647 "AP bug: VHT capa missing from AssocResp\n");
2649 if (!elems.vht_operation && bss_elems.vht_operation &&
2650 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) {
2651 elems.vht_operation = bss_elems.vht_operation;
2653 "AP bug: VHT operation missing from AssocResp\n");
2658 * We previously checked these in the beacon/probe response, so
2659 * they should be present here. This is just a safety net.
2661 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
2662 (!elems.wmm_param || !elems.ht_cap_elem || !elems.ht_operation)) {
2664 "HT AP is missing WMM params or HT capability/operation\n");
2669 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) &&
2670 (!elems.vht_cap_elem || !elems.vht_operation)) {
2672 "VHT AP is missing VHT capability/operation\n");
2677 mutex_lock(&sdata->local->sta_mtx);
2679 * station info was already allocated and inserted before
2680 * the association and should be available to us
2682 sta = sta_info_get(sdata, cbss->bssid);
2683 if (WARN_ON(!sta)) {
2684 mutex_unlock(&sdata->local->sta_mtx);
2689 sband = local->hw.wiphy->bands[ieee80211_get_sdata_band(sdata)];
2691 /* Set up internal HT/VHT capabilities */
2692 if (elems.ht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_HT))
2693 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband,
2694 elems.ht_cap_elem, sta);
2696 if (elems.vht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
2697 ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband,
2698 elems.vht_cap_elem, sta);
2701 * Some APs, e.g. Netgear WNDR3700, report invalid HT operation data
2702 * in their association response, so ignore that data for our own
2703 * configuration. If it changed since the last beacon, we'll get the
2704 * next beacon and update then.
2708 * If an operating mode notification IE is present, override the
2709 * NSS calculation (that would be done in rate_control_rate_init())
2710 * and use the # of streams from that element.
2712 if (elems.opmode_notif &&
2713 !(*elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_TYPE_BF)) {
2716 nss = *elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_MASK;
2717 nss >>= IEEE80211_OPMODE_NOTIF_RX_NSS_SHIFT;
2719 sta->sta.rx_nss = nss;
2722 rate_control_rate_init(sta);
2724 if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED)
2725 set_sta_flag(sta, WLAN_STA_MFP);
2727 if (elems.wmm_param)
2728 set_sta_flag(sta, WLAN_STA_WME);
2730 err = sta_info_move_state(sta, IEEE80211_STA_ASSOC);
2731 if (!err && !(ifmgd->flags & IEEE80211_STA_CONTROL_PORT))
2732 err = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED);
2735 "failed to move station %pM to desired state\n",
2737 WARN_ON(__sta_info_destroy(sta));
2738 mutex_unlock(&sdata->local->sta_mtx);
2743 mutex_unlock(&sdata->local->sta_mtx);
2746 * Always handle WMM once after association regardless
2747 * of the first value the AP uses. Setting -1 here has
2748 * that effect because the AP values is an unsigned
2751 ifmgd->wmm_last_param_set = -1;
2753 if (elems.wmm_param)
2754 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param,
2755 elems.wmm_param_len);
2757 ieee80211_set_wmm_default(sdata, false);
2758 changed |= BSS_CHANGED_QOS;
2760 /* set AID and assoc capability,
2761 * ieee80211_set_associated() will tell the driver */
2762 bss_conf->aid = aid;
2763 bss_conf->assoc_capability = capab_info;
2764 ieee80211_set_associated(sdata, cbss, changed);
2767 * If we're using 4-addr mode, let the AP know that we're
2768 * doing so, so that it can create the STA VLAN on its side
2770 if (ifmgd->use_4addr)
2771 ieee80211_send_4addr_nullfunc(local, sdata);
2774 * Start timer to probe the connection to the AP now.
2775 * Also start the timer that will detect beacon loss.
2777 ieee80211_sta_rx_notify(sdata, (struct ieee80211_hdr *)mgmt);
2778 ieee80211_sta_reset_beacon_monitor(sdata);
2786 static enum rx_mgmt_action __must_check
2787 ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
2788 struct ieee80211_mgmt *mgmt, size_t len,
2789 struct cfg80211_bss **bss)
2791 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2792 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
2793 u16 capab_info, status_code, aid;
2794 struct ieee802_11_elems elems;
2798 lockdep_assert_held(&ifmgd->mtx);
2801 return RX_MGMT_NONE;
2802 if (!ether_addr_equal(assoc_data->bss->bssid, mgmt->bssid))
2803 return RX_MGMT_NONE;
2806 * AssocResp and ReassocResp have identical structure, so process both
2807 * of them in this function.
2811 return RX_MGMT_NONE;
2813 reassoc = ieee80211_is_reassoc_req(mgmt->frame_control);
2814 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
2815 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
2816 aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
2819 "RX %sssocResp from %pM (capab=0x%x status=%d aid=%d)\n",
2820 reassoc ? "Rea" : "A", mgmt->sa,
2821 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14))));
2823 pos = mgmt->u.assoc_resp.variable;
2824 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems);
2826 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY &&
2827 elems.timeout_int &&
2828 elems.timeout_int->type == WLAN_TIMEOUT_ASSOC_COMEBACK) {
2830 tu = le32_to_cpu(elems.timeout_int->value);
2831 ms = tu * 1024 / 1000;
2833 "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n",
2835 assoc_data->timeout = jiffies + msecs_to_jiffies(ms);
2836 assoc_data->timeout_started = true;
2837 if (ms > IEEE80211_ASSOC_TIMEOUT)
2838 run_again(ifmgd, assoc_data->timeout);
2839 return RX_MGMT_NONE;
2842 *bss = assoc_data->bss;
2844 if (status_code != WLAN_STATUS_SUCCESS) {
2845 sdata_info(sdata, "%pM denied association (code=%d)\n",
2846 mgmt->sa, status_code);
2847 ieee80211_destroy_assoc_data(sdata, false);
2849 if (!ieee80211_assoc_success(sdata, *bss, mgmt, len)) {
2850 /* oops -- internal error -- send timeout for now */
2851 ieee80211_destroy_assoc_data(sdata, false);
2852 cfg80211_put_bss(sdata->local->hw.wiphy, *bss);
2853 return RX_MGMT_CFG80211_ASSOC_TIMEOUT;
2855 sdata_info(sdata, "associated\n");
2858 * destroy assoc_data afterwards, as otherwise an idle
2859 * recalc after assoc_data is NULL but before associated
2860 * is set can cause the interface to go idle
2862 ieee80211_destroy_assoc_data(sdata, true);
2865 return RX_MGMT_CFG80211_RX_ASSOC;
2868 static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
2869 struct ieee80211_mgmt *mgmt, size_t len,
2870 struct ieee80211_rx_status *rx_status,
2871 struct ieee802_11_elems *elems)
2873 struct ieee80211_local *local = sdata->local;
2875 struct ieee80211_bss *bss;
2876 struct ieee80211_channel *channel;
2877 bool need_ps = false;
2879 lockdep_assert_held(&sdata->u.mgd.mtx);
2881 if ((sdata->u.mgd.associated &&
2882 ether_addr_equal(mgmt->bssid, sdata->u.mgd.associated->bssid)) ||
2883 (sdata->u.mgd.assoc_data &&
2884 ether_addr_equal(mgmt->bssid,
2885 sdata->u.mgd.assoc_data->bss->bssid))) {
2886 /* not previously set so we may need to recalc */
2887 need_ps = sdata->u.mgd.associated && !sdata->u.mgd.dtim_period;
2889 if (elems->tim && !elems->parse_error) {
2890 const struct ieee80211_tim_ie *tim_ie = elems->tim;
2891 sdata->u.mgd.dtim_period = tim_ie->dtim_period;
2895 if (elems->ds_params)
2896 freq = ieee80211_channel_to_frequency(elems->ds_params[0],
2899 freq = rx_status->freq;
2901 channel = ieee80211_get_channel(local->hw.wiphy, freq);
2903 if (!channel || channel->flags & IEEE80211_CHAN_DISABLED)
2906 bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, elems,
2909 ieee80211_rx_bss_put(local, bss);
2911 if (!sdata->u.mgd.associated ||
2912 !ether_addr_equal(mgmt->bssid, sdata->u.mgd.associated->bssid))
2916 mutex_lock(&local->iflist_mtx);
2917 ieee80211_recalc_ps(local, -1);
2918 mutex_unlock(&local->iflist_mtx);
2921 ieee80211_sta_process_chanswitch(sdata, rx_status->mactime,
2927 static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata,
2928 struct sk_buff *skb)
2930 struct ieee80211_mgmt *mgmt = (void *)skb->data;
2931 struct ieee80211_if_managed *ifmgd;
2932 struct ieee80211_rx_status *rx_status = (void *) skb->cb;
2933 size_t baselen, len = skb->len;
2934 struct ieee802_11_elems elems;
2936 ifmgd = &sdata->u.mgd;
2938 ASSERT_MGD_MTX(ifmgd);
2940 if (!ether_addr_equal(mgmt->da, sdata->vif.addr))
2941 return; /* ignore ProbeResp to foreign address */
2943 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt;
2947 ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen,
2950 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems);
2952 if (ifmgd->associated &&
2953 ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid))
2954 ieee80211_reset_ap_probe(sdata);
2956 if (ifmgd->auth_data && !ifmgd->auth_data->bss->proberesp_ies &&
2957 ether_addr_equal(mgmt->bssid, ifmgd->auth_data->bss->bssid)) {
2958 /* got probe response, continue with auth */
2959 sdata_info(sdata, "direct probe responded\n");
2960 ifmgd->auth_data->tries = 0;
2961 ifmgd->auth_data->timeout = jiffies;
2962 ifmgd->auth_data->timeout_started = true;
2963 run_again(ifmgd, ifmgd->auth_data->timeout);
2968 * This is the canonical list of information elements we care about,
2969 * the filter code also gives us all changes to the Microsoft OUI
2970 * (00:50:F2) vendor IE which is used for WMM which we need to track.
2972 * We implement beacon filtering in software since that means we can
2973 * avoid processing the frame here and in cfg80211, and userspace
2974 * will not be able to tell whether the hardware supports it or not.
2976 * XXX: This list needs to be dynamic -- userspace needs to be able to
2977 * add items it requires. It also needs to be able to tell us to
2978 * look out for other vendor IEs.
2980 static const u64 care_about_ies =
2981 (1ULL << WLAN_EID_COUNTRY) |
2982 (1ULL << WLAN_EID_ERP_INFO) |
2983 (1ULL << WLAN_EID_CHANNEL_SWITCH) |
2984 (1ULL << WLAN_EID_PWR_CONSTRAINT) |
2985 (1ULL << WLAN_EID_HT_CAPABILITY) |
2986 (1ULL << WLAN_EID_HT_OPERATION);
2988 static enum rx_mgmt_action
2989 ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
2990 struct ieee80211_mgmt *mgmt, size_t len,
2991 u8 *deauth_buf, struct ieee80211_rx_status *rx_status)
2993 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2994 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
2996 struct ieee802_11_elems elems;
2997 struct ieee80211_local *local = sdata->local;
2998 struct ieee80211_chanctx_conf *chanctx_conf;
2999 struct ieee80211_channel *chan;
3000 struct sta_info *sta;
3007 lockdep_assert_held(&ifmgd->mtx);
3009 /* Process beacon from the current BSS */
3010 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
3012 return RX_MGMT_NONE;
3015 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
3016 if (!chanctx_conf) {
3018 return RX_MGMT_NONE;
3021 if (rx_status->freq != chanctx_conf->def.chan->center_freq) {
3023 return RX_MGMT_NONE;
3025 chan = chanctx_conf->def.chan;
3028 if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon &&
3029 ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->bss->bssid)) {
3030 ieee802_11_parse_elems(mgmt->u.beacon.variable,
3031 len - baselen, false, &elems);
3033 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems);
3034 ifmgd->assoc_data->have_beacon = true;
3035 ifmgd->assoc_data->need_beacon = false;
3036 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) {
3037 sdata->vif.bss_conf.sync_tsf =
3038 le64_to_cpu(mgmt->u.beacon.timestamp);
3039 sdata->vif.bss_conf.sync_device_ts =
3040 rx_status->device_timestamp;
3042 sdata->vif.bss_conf.sync_dtim_count =
3043 elems.tim->dtim_count;
3045 sdata->vif.bss_conf.sync_dtim_count = 0;
3047 /* continue assoc process */
3048 ifmgd->assoc_data->timeout = jiffies;
3049 ifmgd->assoc_data->timeout_started = true;
3050 run_again(ifmgd, ifmgd->assoc_data->timeout);
3051 return RX_MGMT_NONE;
3054 if (!ifmgd->associated ||
3055 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid))
3056 return RX_MGMT_NONE;
3057 bssid = ifmgd->associated->bssid;
3059 /* Track average RSSI from the Beacon frames of the current AP */
3060 ifmgd->last_beacon_signal = rx_status->signal;
3061 if (ifmgd->flags & IEEE80211_STA_RESET_SIGNAL_AVE) {
3062 ifmgd->flags &= ~IEEE80211_STA_RESET_SIGNAL_AVE;
3063 ifmgd->ave_beacon_signal = rx_status->signal * 16;
3064 ifmgd->last_cqm_event_signal = 0;
3065 ifmgd->count_beacon_signal = 1;
3066 ifmgd->last_ave_beacon_signal = 0;
3068 ifmgd->ave_beacon_signal =
3069 (IEEE80211_SIGNAL_AVE_WEIGHT * rx_status->signal * 16 +
3070 (16 - IEEE80211_SIGNAL_AVE_WEIGHT) *
3071 ifmgd->ave_beacon_signal) / 16;
3072 ifmgd->count_beacon_signal++;
3075 if (ifmgd->rssi_min_thold != ifmgd->rssi_max_thold &&
3076 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) {
3077 int sig = ifmgd->ave_beacon_signal;
3078 int last_sig = ifmgd->last_ave_beacon_signal;
3081 * if signal crosses either of the boundaries, invoke callback
3082 * with appropriate parameters
3084 if (sig > ifmgd->rssi_max_thold &&
3085 (last_sig <= ifmgd->rssi_min_thold || last_sig == 0)) {
3086 ifmgd->last_ave_beacon_signal = sig;
3087 drv_rssi_callback(local, sdata, RSSI_EVENT_HIGH);
3088 } else if (sig < ifmgd->rssi_min_thold &&
3089 (last_sig >= ifmgd->rssi_max_thold ||
3091 ifmgd->last_ave_beacon_signal = sig;
3092 drv_rssi_callback(local, sdata, RSSI_EVENT_LOW);
3096 if (bss_conf->cqm_rssi_thold &&
3097 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT &&
3098 !(sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI)) {
3099 int sig = ifmgd->ave_beacon_signal / 16;
3100 int last_event = ifmgd->last_cqm_event_signal;
3101 int thold = bss_conf->cqm_rssi_thold;
3102 int hyst = bss_conf->cqm_rssi_hyst;
3104 (last_event == 0 || sig < last_event - hyst)) {
3105 ifmgd->last_cqm_event_signal = sig;
3106 ieee80211_cqm_rssi_notify(
3108 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW,
3110 } else if (sig > thold &&
3111 (last_event == 0 || sig > last_event + hyst)) {
3112 ifmgd->last_cqm_event_signal = sig;
3113 ieee80211_cqm_rssi_notify(
3115 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH,
3120 if (ifmgd->flags & IEEE80211_STA_BEACON_POLL) {
3121 mlme_dbg_ratelimited(sdata,
3122 "cancelling AP probe due to a received beacon\n");
3123 mutex_lock(&local->mtx);
3124 ifmgd->flags &= ~IEEE80211_STA_BEACON_POLL;
3125 ieee80211_run_deferred_scan(local);
3126 mutex_unlock(&local->mtx);
3128 mutex_lock(&local->iflist_mtx);
3129 ieee80211_recalc_ps(local, -1);
3130 mutex_unlock(&local->iflist_mtx);
3134 * Push the beacon loss detection into the future since
3135 * we are processing a beacon from the AP just now.
3137 ieee80211_sta_reset_beacon_monitor(sdata);
3139 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4);
3140 ncrc = ieee802_11_parse_elems_crc(mgmt->u.beacon.variable,
3141 len - baselen, false, &elems,
3142 care_about_ies, ncrc);
3144 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) {
3145 bool directed_tim = ieee80211_check_tim(elems.tim,
3149 if (local->hw.conf.dynamic_ps_timeout > 0) {
3150 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
3151 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
3152 ieee80211_hw_config(local,
3153 IEEE80211_CONF_CHANGE_PS);
3155 ieee80211_send_nullfunc(local, sdata, 0);
3156 } else if (!local->pspolling && sdata->u.mgd.powersave) {
3157 local->pspolling = true;
3160 * Here is assumed that the driver will be
3161 * able to send ps-poll frame and receive a
3162 * response even though power save mode is
3163 * enabled, but some drivers might require
3164 * to disable power save here. This needs
3165 * to be investigated.
3167 ieee80211_send_pspoll(local, sdata);
3172 if (sdata->vif.p2p) {
3173 struct ieee80211_p2p_noa_attr noa = {};
3176 ret = cfg80211_get_p2p_attr(mgmt->u.beacon.variable,
3178 IEEE80211_P2P_ATTR_ABSENCE_NOTICE,
3179 (u8 *) &noa, sizeof(noa));
3181 if (sdata->u.mgd.p2p_noa_index != noa.index) {
3182 /* valid noa_attr and index changed */
3183 sdata->u.mgd.p2p_noa_index = noa.index;
3184 memcpy(&bss_conf->p2p_noa_attr, &noa, sizeof(noa));
3185 changed |= BSS_CHANGED_P2P_PS;
3187 * make sure we update all information, the CRC
3188 * mechanism doesn't look at P2P attributes.
3190 ifmgd->beacon_crc_valid = false;
3192 } else if (sdata->u.mgd.p2p_noa_index != -1) {
3193 /* noa_attr not found and we had valid noa_attr before */
3194 sdata->u.mgd.p2p_noa_index = -1;
3195 memset(&bss_conf->p2p_noa_attr, 0, sizeof(bss_conf->p2p_noa_attr));
3196 changed |= BSS_CHANGED_P2P_PS;
3197 ifmgd->beacon_crc_valid = false;
3201 if (ncrc == ifmgd->beacon_crc && ifmgd->beacon_crc_valid)
3202 return RX_MGMT_NONE;
3203 ifmgd->beacon_crc = ncrc;
3204 ifmgd->beacon_crc_valid = true;
3206 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems);
3208 if (ieee80211_sta_wmm_params(local, sdata, elems.wmm_param,
3209 elems.wmm_param_len))
3210 changed |= BSS_CHANGED_QOS;
3213 * If we haven't had a beacon before, tell the driver about the
3214 * DTIM period (and beacon timing if desired) now.
3216 if (!bss_conf->dtim_period) {
3217 /* a few bogus AP send dtim_period = 0 or no TIM IE */
3219 bss_conf->dtim_period = elems.tim->dtim_period ?: 1;
3221 bss_conf->dtim_period = 1;
3223 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) {
3224 sdata->vif.bss_conf.sync_tsf =
3225 le64_to_cpu(mgmt->u.beacon.timestamp);
3226 sdata->vif.bss_conf.sync_device_ts =
3227 rx_status->device_timestamp;
3229 sdata->vif.bss_conf.sync_dtim_count =
3230 elems.tim->dtim_count;
3232 sdata->vif.bss_conf.sync_dtim_count = 0;
3235 changed |= BSS_CHANGED_DTIM_PERIOD;
3238 if (elems.erp_info) {
3240 erp_value = elems.erp_info[0];
3244 changed |= ieee80211_handle_bss_capability(sdata,
3245 le16_to_cpu(mgmt->u.beacon.capab_info),
3246 erp_valid, erp_value);
3248 mutex_lock(&local->sta_mtx);
3249 sta = sta_info_get(sdata, bssid);
3251 if (ieee80211_config_bw(sdata, sta, elems.ht_operation,
3252 elems.vht_operation, bssid, &changed)) {
3253 mutex_unlock(&local->sta_mtx);
3254 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
3255 WLAN_REASON_DEAUTH_LEAVING,
3257 return RX_MGMT_CFG80211_TX_DEAUTH;
3260 if (sta && elems.opmode_notif)
3261 ieee80211_vht_handle_opmode(sdata, sta, *elems.opmode_notif,
3262 rx_status->band, true);
3263 mutex_unlock(&local->sta_mtx);
3265 if (elems.country_elem && elems.pwr_constr_elem &&
3266 mgmt->u.probe_resp.capab_info &
3267 cpu_to_le16(WLAN_CAPABILITY_SPECTRUM_MGMT))
3268 changed |= ieee80211_handle_pwr_constr(sdata, chan,
3270 elems.country_elem_len,
3271 elems.pwr_constr_elem);
3273 ieee80211_bss_info_change_notify(sdata, changed);
3275 return RX_MGMT_NONE;
3278 void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
3279 struct sk_buff *skb)
3281 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3282 struct ieee80211_rx_status *rx_status;
3283 struct ieee80211_mgmt *mgmt;
3284 struct cfg80211_bss *bss = NULL;
3285 enum rx_mgmt_action rma = RX_MGMT_NONE;
3286 u8 deauth_buf[IEEE80211_DEAUTH_FRAME_LEN];
3288 struct ieee802_11_elems elems;
3291 rx_status = (struct ieee80211_rx_status *) skb->cb;
3292 mgmt = (struct ieee80211_mgmt *) skb->data;
3293 fc = le16_to_cpu(mgmt->frame_control);
3295 mutex_lock(&ifmgd->mtx);
3297 switch (fc & IEEE80211_FCTL_STYPE) {
3298 case IEEE80211_STYPE_BEACON:
3299 rma = ieee80211_rx_mgmt_beacon(sdata, mgmt, skb->len,
3300 deauth_buf, rx_status);
3302 case IEEE80211_STYPE_PROBE_RESP:
3303 ieee80211_rx_mgmt_probe_resp(sdata, skb);
3305 case IEEE80211_STYPE_AUTH:
3306 rma = ieee80211_rx_mgmt_auth(sdata, mgmt, skb->len);
3308 case IEEE80211_STYPE_DEAUTH:
3309 rma = ieee80211_rx_mgmt_deauth(sdata, mgmt, skb->len);
3311 case IEEE80211_STYPE_DISASSOC:
3312 rma = ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len);
3314 case IEEE80211_STYPE_ASSOC_RESP:
3315 case IEEE80211_STYPE_REASSOC_RESP:
3316 rma = ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len, &bss);
3318 case IEEE80211_STYPE_ACTION:
3319 if (mgmt->u.action.category == WLAN_CATEGORY_SPECTRUM_MGMT) {
3320 ies_len = skb->len -
3321 offsetof(struct ieee80211_mgmt,
3322 u.action.u.chan_switch.variable);
3327 ieee802_11_parse_elems(
3328 mgmt->u.action.u.chan_switch.variable,
3329 ies_len, true, &elems);
3331 if (elems.parse_error)
3334 ieee80211_sta_process_chanswitch(sdata,
3337 } else if (mgmt->u.action.category == WLAN_CATEGORY_PUBLIC) {
3338 ies_len = skb->len -
3339 offsetof(struct ieee80211_mgmt,
3340 u.action.u.ext_chan_switch.variable);
3345 ieee802_11_parse_elems(
3346 mgmt->u.action.u.ext_chan_switch.variable,
3347 ies_len, true, &elems);
3349 if (elems.parse_error)
3352 /* for the handling code pretend this was also an IE */
3353 elems.ext_chansw_ie =
3354 &mgmt->u.action.u.ext_chan_switch.data;
3356 ieee80211_sta_process_chanswitch(sdata,
3362 mutex_unlock(&ifmgd->mtx);
3368 case RX_MGMT_CFG80211_DEAUTH:
3369 cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len);
3371 case RX_MGMT_CFG80211_DISASSOC:
3372 cfg80211_send_disassoc(sdata->dev, (u8 *)mgmt, skb->len);
3374 case RX_MGMT_CFG80211_RX_AUTH:
3375 cfg80211_send_rx_auth(sdata->dev, (u8 *)mgmt, skb->len);
3377 case RX_MGMT_CFG80211_RX_ASSOC:
3378 cfg80211_send_rx_assoc(sdata->dev, bss, (u8 *)mgmt, skb->len);
3380 case RX_MGMT_CFG80211_ASSOC_TIMEOUT:
3381 cfg80211_send_assoc_timeout(sdata->dev, mgmt->bssid);
3383 case RX_MGMT_CFG80211_TX_DEAUTH:
3384 cfg80211_send_deauth(sdata->dev, deauth_buf,
3385 sizeof(deauth_buf));
3388 WARN(1, "unexpected: %d", rma);
3392 static void ieee80211_sta_timer(unsigned long data)
3394 struct ieee80211_sub_if_data *sdata =
3395 (struct ieee80211_sub_if_data *) data;
3397 ieee80211_queue_work(&sdata->local->hw, &sdata->work);
3400 static void ieee80211_sta_connection_lost(struct ieee80211_sub_if_data *sdata,
3401 u8 *bssid, u8 reason, bool tx)
3403 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3404 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
3406 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, reason,
3408 mutex_unlock(&ifmgd->mtx);
3411 * must be outside lock due to cfg80211,
3412 * but that's not a problem.
3414 cfg80211_send_deauth(sdata->dev, frame_buf, IEEE80211_DEAUTH_FRAME_LEN);
3416 mutex_lock(&ifmgd->mtx);
3419 static int ieee80211_probe_auth(struct ieee80211_sub_if_data *sdata)
3421 struct ieee80211_local *local = sdata->local;
3422 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3423 struct ieee80211_mgd_auth_data *auth_data = ifmgd->auth_data;
3426 lockdep_assert_held(&ifmgd->mtx);
3428 if (WARN_ON_ONCE(!auth_data))
3433 if (auth_data->tries > IEEE80211_AUTH_MAX_TRIES) {
3434 sdata_info(sdata, "authentication with %pM timed out\n",
3435 auth_data->bss->bssid);
3438 * Most likely AP is not in the range so remove the
3439 * bss struct for that AP.
3441 cfg80211_unlink_bss(local->hw.wiphy, auth_data->bss);
3446 drv_mgd_prepare_tx(local, sdata);
3448 if (auth_data->bss->proberesp_ies) {
3452 sdata_info(sdata, "send auth to %pM (try %d/%d)\n",
3453 auth_data->bss->bssid, auth_data->tries,
3454 IEEE80211_AUTH_MAX_TRIES);
3456 auth_data->expected_transaction = 2;
3458 if (auth_data->algorithm == WLAN_AUTH_SAE) {
3459 trans = auth_data->sae_trans;
3460 status = auth_data->sae_status;
3461 auth_data->expected_transaction = trans;
3464 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
3465 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
3466 IEEE80211_TX_INTFL_MLME_CONN_TX;
3468 ieee80211_send_auth(sdata, trans, auth_data->algorithm, status,
3469 auth_data->data, auth_data->data_len,
3470 auth_data->bss->bssid,
3471 auth_data->bss->bssid, NULL, 0, 0,
3476 sdata_info(sdata, "direct probe to %pM (try %d/%i)\n",
3477 auth_data->bss->bssid, auth_data->tries,
3478 IEEE80211_AUTH_MAX_TRIES);
3481 ssidie = ieee80211_bss_get_ie(auth_data->bss, WLAN_EID_SSID);
3487 * Direct probe is sent to broadcast address as some APs
3488 * will not answer to direct packet in unassociated state.
3490 ieee80211_send_probe_req(sdata, NULL, ssidie + 2, ssidie[1],
3491 NULL, 0, (u32) -1, true, 0,
3492 auth_data->bss->channel, false);
3496 if (tx_flags == 0) {
3497 auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
3498 auth_data->timeout_started = true;
3499 run_again(ifmgd, auth_data->timeout);
3501 auth_data->timeout =
3502 round_jiffies_up(jiffies + IEEE80211_AUTH_TIMEOUT_LONG);
3503 auth_data->timeout_started = true;
3504 run_again(ifmgd, auth_data->timeout);
3510 static int ieee80211_do_assoc(struct ieee80211_sub_if_data *sdata)
3512 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data;
3513 struct ieee80211_local *local = sdata->local;
3515 lockdep_assert_held(&sdata->u.mgd.mtx);
3517 assoc_data->tries++;
3518 if (assoc_data->tries > IEEE80211_ASSOC_MAX_TRIES) {
3519 sdata_info(sdata, "association with %pM timed out\n",
3520 assoc_data->bss->bssid);
3523 * Most likely AP is not in the range so remove the
3524 * bss struct for that AP.
3526 cfg80211_unlink_bss(local->hw.wiphy, assoc_data->bss);
3531 sdata_info(sdata, "associate with %pM (try %d/%d)\n",
3532 assoc_data->bss->bssid, assoc_data->tries,
3533 IEEE80211_ASSOC_MAX_TRIES);
3534 ieee80211_send_assoc(sdata);
3536 if (!(local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) {
3537 assoc_data->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT;
3538 assoc_data->timeout_started = true;
3539 run_again(&sdata->u.mgd, assoc_data->timeout);
3541 assoc_data->timeout =
3542 round_jiffies_up(jiffies +
3543 IEEE80211_ASSOC_TIMEOUT_LONG);
3544 assoc_data->timeout_started = true;
3545 run_again(&sdata->u.mgd, assoc_data->timeout);
3551 void ieee80211_mgd_conn_tx_status(struct ieee80211_sub_if_data *sdata,
3552 __le16 fc, bool acked)
3554 struct ieee80211_local *local = sdata->local;
3556 sdata->u.mgd.status_fc = fc;
3557 sdata->u.mgd.status_acked = acked;
3558 sdata->u.mgd.status_received = true;
3560 ieee80211_queue_work(&local->hw, &sdata->work);
3563 void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata)
3565 struct ieee80211_local *local = sdata->local;
3566 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3568 mutex_lock(&ifmgd->mtx);
3570 if (ifmgd->status_received) {
3571 __le16 fc = ifmgd->status_fc;
3572 bool status_acked = ifmgd->status_acked;
3574 ifmgd->status_received = false;
3575 if (ifmgd->auth_data &&
3576 (ieee80211_is_probe_req(fc) || ieee80211_is_auth(fc))) {
3578 ifmgd->auth_data->timeout =
3579 jiffies + IEEE80211_AUTH_TIMEOUT_SHORT;
3580 run_again(ifmgd, ifmgd->auth_data->timeout);
3582 ifmgd->auth_data->timeout = jiffies - 1;
3584 ifmgd->auth_data->timeout_started = true;
3585 } else if (ifmgd->assoc_data &&
3586 (ieee80211_is_assoc_req(fc) ||
3587 ieee80211_is_reassoc_req(fc))) {
3589 ifmgd->assoc_data->timeout =
3590 jiffies + IEEE80211_ASSOC_TIMEOUT_SHORT;
3591 run_again(ifmgd, ifmgd->assoc_data->timeout);
3593 ifmgd->assoc_data->timeout = jiffies - 1;
3595 ifmgd->assoc_data->timeout_started = true;
3599 if (ifmgd->auth_data && ifmgd->auth_data->timeout_started &&
3600 time_after(jiffies, ifmgd->auth_data->timeout)) {
3601 if (ifmgd->auth_data->done) {
3603 * ok ... we waited for assoc but userspace didn't,
3604 * so let's just kill the auth data
3606 ieee80211_destroy_auth_data(sdata, false);
3607 } else if (ieee80211_probe_auth(sdata)) {
3610 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN);
3612 ieee80211_destroy_auth_data(sdata, false);
3614 mutex_unlock(&ifmgd->mtx);
3615 cfg80211_send_auth_timeout(sdata->dev, bssid);
3616 mutex_lock(&ifmgd->mtx);
3618 } else if (ifmgd->auth_data && ifmgd->auth_data->timeout_started)
3619 run_again(ifmgd, ifmgd->auth_data->timeout);
3621 if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started &&
3622 time_after(jiffies, ifmgd->assoc_data->timeout)) {
3623 if ((ifmgd->assoc_data->need_beacon &&
3624 !ifmgd->assoc_data->have_beacon) ||
3625 ieee80211_do_assoc(sdata)) {
3628 memcpy(bssid, ifmgd->assoc_data->bss->bssid, ETH_ALEN);
3630 ieee80211_destroy_assoc_data(sdata, false);
3632 mutex_unlock(&ifmgd->mtx);
3633 cfg80211_send_assoc_timeout(sdata->dev, bssid);
3634 mutex_lock(&ifmgd->mtx);
3636 } else if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started)
3637 run_again(ifmgd, ifmgd->assoc_data->timeout);
3639 if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL |
3640 IEEE80211_STA_CONNECTION_POLL) &&
3641 ifmgd->associated) {
3645 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN);
3647 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
3648 max_tries = max_nullfunc_tries;
3650 max_tries = max_probe_tries;
3652 /* ACK received for nullfunc probing frame */
3653 if (!ifmgd->probe_send_count)
3654 ieee80211_reset_ap_probe(sdata);
3655 else if (ifmgd->nullfunc_failed) {
3656 if (ifmgd->probe_send_count < max_tries) {
3658 "No ack for nullfunc frame to AP %pM, try %d/%i\n",
3659 bssid, ifmgd->probe_send_count,
3661 ieee80211_mgd_probe_ap_send(sdata);
3664 "No ack for nullfunc frame to AP %pM, disconnecting.\n",
3666 ieee80211_sta_connection_lost(sdata, bssid,
3667 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
3670 } else if (time_is_after_jiffies(ifmgd->probe_timeout))
3671 run_again(ifmgd, ifmgd->probe_timeout);
3672 else if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) {
3674 "Failed to send nullfunc to AP %pM after %dms, disconnecting\n",
3675 bssid, probe_wait_ms);
3676 ieee80211_sta_connection_lost(sdata, bssid,
3677 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false);
3678 } else if (ifmgd->probe_send_count < max_tries) {
3680 "No probe response from AP %pM after %dms, try %d/%i\n",
3681 bssid, probe_wait_ms,
3682 ifmgd->probe_send_count, max_tries);
3683 ieee80211_mgd_probe_ap_send(sdata);
3686 * We actually lost the connection ... or did we?
3689 wiphy_debug(local->hw.wiphy,
3690 "%s: No probe response from AP %pM"
3691 " after %dms, disconnecting.\n",
3693 bssid, probe_wait_ms);
3695 ieee80211_sta_connection_lost(sdata, bssid,
3696 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false);
3700 mutex_unlock(&ifmgd->mtx);
3703 static void ieee80211_sta_bcn_mon_timer(unsigned long data)
3705 struct ieee80211_sub_if_data *sdata =
3706 (struct ieee80211_sub_if_data *) data;
3707 struct ieee80211_local *local = sdata->local;
3709 if (local->quiescing)
3712 sdata->u.mgd.connection_loss = false;
3713 ieee80211_queue_work(&sdata->local->hw,
3714 &sdata->u.mgd.beacon_connection_loss_work);
3717 static void ieee80211_sta_conn_mon_timer(unsigned long data)
3719 struct ieee80211_sub_if_data *sdata =
3720 (struct ieee80211_sub_if_data *) data;
3721 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3722 struct ieee80211_local *local = sdata->local;
3724 if (local->quiescing)
3727 ieee80211_queue_work(&local->hw, &ifmgd->monitor_work);
3730 static void ieee80211_sta_monitor_work(struct work_struct *work)
3732 struct ieee80211_sub_if_data *sdata =
3733 container_of(work, struct ieee80211_sub_if_data,
3734 u.mgd.monitor_work);
3736 ieee80211_mgd_probe_ap(sdata, false);
3739 static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata)
3743 if (sdata->vif.type == NL80211_IFTYPE_STATION) {
3744 __ieee80211_stop_poll(sdata);
3746 /* let's probe the connection once */
3747 flags = sdata->local->hw.flags;
3748 if (!(flags & IEEE80211_HW_CONNECTION_MONITOR))
3749 ieee80211_queue_work(&sdata->local->hw,
3750 &sdata->u.mgd.monitor_work);
3751 /* and do all the other regular work too */
3752 ieee80211_queue_work(&sdata->local->hw, &sdata->work);
3757 void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata)
3759 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3761 mutex_lock(&ifmgd->mtx);
3762 if (!ifmgd->associated) {
3763 mutex_unlock(&ifmgd->mtx);
3767 if (sdata->flags & IEEE80211_SDATA_DISCONNECT_RESUME) {
3768 sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_RESUME;
3769 mlme_dbg(sdata, "driver requested disconnect after resume\n");
3770 ieee80211_sta_connection_lost(sdata,
3771 ifmgd->associated->bssid,
3772 WLAN_REASON_UNSPECIFIED,
3774 mutex_unlock(&ifmgd->mtx);
3777 mutex_unlock(&ifmgd->mtx);
3781 /* interface setup */
3782 void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata)
3784 struct ieee80211_if_managed *ifmgd;
3786 ifmgd = &sdata->u.mgd;
3787 INIT_WORK(&ifmgd->monitor_work, ieee80211_sta_monitor_work);
3788 INIT_WORK(&ifmgd->chswitch_work, ieee80211_chswitch_work);
3789 INIT_WORK(&ifmgd->beacon_connection_loss_work,
3790 ieee80211_beacon_connection_loss_work);
3791 INIT_WORK(&ifmgd->csa_connection_drop_work,
3792 ieee80211_csa_connection_drop_work);
3793 INIT_WORK(&ifmgd->request_smps_work, ieee80211_request_smps_work);
3794 setup_timer(&ifmgd->timer, ieee80211_sta_timer,
3795 (unsigned long) sdata);
3796 setup_timer(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer,
3797 (unsigned long) sdata);
3798 setup_timer(&ifmgd->conn_mon_timer, ieee80211_sta_conn_mon_timer,
3799 (unsigned long) sdata);
3800 setup_timer(&ifmgd->chswitch_timer, ieee80211_chswitch_timer,
3801 (unsigned long) sdata);
3804 ifmgd->powersave = sdata->wdev.ps;
3805 ifmgd->uapsd_queues = sdata->local->hw.uapsd_queues;
3806 ifmgd->uapsd_max_sp_len = sdata->local->hw.uapsd_max_sp_len;
3807 ifmgd->p2p_noa_index = -1;
3809 mutex_init(&ifmgd->mtx);
3811 if (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_SMPS)
3812 ifmgd->req_smps = IEEE80211_SMPS_AUTOMATIC;
3814 ifmgd->req_smps = IEEE80211_SMPS_OFF;
3817 /* scan finished notification */
3818 void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local)
3820 struct ieee80211_sub_if_data *sdata;
3822 /* Restart STA timers */
3824 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
3825 if (ieee80211_sdata_running(sdata))
3826 ieee80211_restart_sta_timer(sdata);
3831 int ieee80211_max_network_latency(struct notifier_block *nb,
3832 unsigned long data, void *dummy)
3834 s32 latency_usec = (s32) data;
3835 struct ieee80211_local *local =
3836 container_of(nb, struct ieee80211_local,
3837 network_latency_notifier);
3839 mutex_lock(&local->iflist_mtx);
3840 ieee80211_recalc_ps(local, latency_usec);
3841 mutex_unlock(&local->iflist_mtx);
3846 static u8 ieee80211_ht_vht_rx_chains(struct ieee80211_sub_if_data *sdata,
3847 struct cfg80211_bss *cbss)
3849 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3850 const u8 *ht_cap_ie, *vht_cap_ie;
3851 const struct ieee80211_ht_cap *ht_cap;
3852 const struct ieee80211_vht_cap *vht_cap;
3855 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT)
3858 ht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY);
3859 if (ht_cap_ie && ht_cap_ie[1] >= sizeof(*ht_cap)) {
3860 ht_cap = (void *)(ht_cap_ie + 2);
3861 chains = ieee80211_mcs_to_chains(&ht_cap->mcs);
3863 * TODO: use "Tx Maximum Number Spatial Streams Supported" and
3864 * "Tx Unequal Modulation Supported" fields.
3868 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT)
3871 vht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY);
3872 if (vht_cap_ie && vht_cap_ie[1] >= sizeof(*vht_cap)) {
3876 vht_cap = (void *)(vht_cap_ie + 2);
3877 tx_mcs_map = le16_to_cpu(vht_cap->supp_mcs.tx_mcs_map);
3878 for (nss = 8; nss > 0; nss--) {
3879 if (((tx_mcs_map >> (2 * (nss - 1))) & 3) !=
3880 IEEE80211_VHT_MCS_NOT_SUPPORTED)
3883 /* TODO: use "Tx Highest Supported Long GI Data Rate" field? */
3884 chains = max(chains, nss);
3890 static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata,
3891 struct cfg80211_bss *cbss)
3893 struct ieee80211_local *local = sdata->local;
3894 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3895 const struct ieee80211_ht_operation *ht_oper = NULL;
3896 const struct ieee80211_vht_operation *vht_oper = NULL;
3897 struct ieee80211_supported_band *sband;
3898 struct cfg80211_chan_def chandef;
3901 sband = local->hw.wiphy->bands[cbss->channel->band];
3903 ifmgd->flags &= ~(IEEE80211_STA_DISABLE_40MHZ |
3904 IEEE80211_STA_DISABLE_80P80MHZ |
3905 IEEE80211_STA_DISABLE_160MHZ);
3909 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
3910 sband->ht_cap.ht_supported) {
3911 const u8 *ht_oper_ie, *ht_cap;
3913 ht_oper_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_OPERATION);
3914 if (ht_oper_ie && ht_oper_ie[1] >= sizeof(*ht_oper))
3915 ht_oper = (void *)(ht_oper_ie + 2);
3917 ht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY);
3918 if (!ht_cap || ht_cap[1] < sizeof(struct ieee80211_ht_cap)) {
3919 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
3924 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) &&
3925 sband->vht_cap.vht_supported) {
3926 const u8 *vht_oper_ie, *vht_cap;
3928 vht_oper_ie = ieee80211_bss_get_ie(cbss,
3929 WLAN_EID_VHT_OPERATION);
3930 if (vht_oper_ie && vht_oper_ie[1] >= sizeof(*vht_oper))
3931 vht_oper = (void *)(vht_oper_ie + 2);
3932 if (vht_oper && !ht_oper) {
3935 "AP advertised VHT without HT, disabling both\n");
3936 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
3937 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
3940 vht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY);
3941 if (!vht_cap || vht_cap[1] < sizeof(struct ieee80211_vht_cap)) {
3942 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
3947 ifmgd->flags |= ieee80211_determine_chantype(sdata, sband,
3952 sdata->needed_rx_chains = min(ieee80211_ht_vht_rx_chains(sdata, cbss),
3957 /* will change later if needed */
3958 sdata->smps_mode = IEEE80211_SMPS_OFF;
3961 * If this fails (possibly due to channel context sharing
3962 * on incompatible channels, e.g. 80+80 and 160 sharing the
3963 * same control channel) try to use a smaller bandwidth.
3965 ret = ieee80211_vif_use_channel(sdata, &chandef,
3966 IEEE80211_CHANCTX_SHARED);
3967 while (ret && chandef.width != NL80211_CHAN_WIDTH_20_NOHT) {
3968 ifmgd->flags |= chandef_downgrade(&chandef);
3969 ret = ieee80211_vif_use_channel(sdata, &chandef,
3970 IEEE80211_CHANCTX_SHARED);
3975 static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata,
3976 struct cfg80211_bss *cbss, bool assoc)
3978 struct ieee80211_local *local = sdata->local;
3979 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3980 struct ieee80211_bss *bss = (void *)cbss->priv;
3981 struct sta_info *new_sta = NULL;
3982 bool have_sta = false;
3985 if (WARN_ON(!ifmgd->auth_data && !ifmgd->assoc_data))
3990 have_sta = sta_info_get(sdata, cbss->bssid);
3995 new_sta = sta_info_alloc(sdata, cbss->bssid, GFP_KERNEL);
4001 u32 rates = 0, basic_rates = 0;
4002 bool have_higher_than_11mbit;
4003 int min_rate = INT_MAX, min_rate_index = -1;
4004 struct ieee80211_supported_band *sband;
4005 const struct cfg80211_bss_ies *ies;
4007 sband = local->hw.wiphy->bands[cbss->channel->band];
4009 err = ieee80211_prep_channel(sdata, cbss);
4011 sta_info_free(local, new_sta);
4015 ieee80211_get_rates(sband, bss->supp_rates,
4016 bss->supp_rates_len,
4017 &rates, &basic_rates,
4018 &have_higher_than_11mbit,
4019 &min_rate, &min_rate_index);
4022 * This used to be a workaround for basic rates missing
4023 * in the association response frame. Now that we no
4024 * longer use the basic rates from there, it probably
4025 * doesn't happen any more, but keep the workaround so
4026 * in case some *other* APs are buggy in different ways
4027 * we can connect -- with a warning.
4029 if (!basic_rates && min_rate_index >= 0) {
4031 "No basic rates, using min rate instead\n");
4032 basic_rates = BIT(min_rate_index);
4035 new_sta->sta.supp_rates[cbss->channel->band] = rates;
4036 sdata->vif.bss_conf.basic_rates = basic_rates;
4038 /* cf. IEEE 802.11 9.2.12 */
4039 if (cbss->channel->band == IEEE80211_BAND_2GHZ &&
4040 have_higher_than_11mbit)
4041 sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE;
4043 sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE;
4045 memcpy(ifmgd->bssid, cbss->bssid, ETH_ALEN);
4047 /* set timing information */
4048 sdata->vif.bss_conf.beacon_int = cbss->beacon_interval;
4050 ies = rcu_dereference(cbss->beacon_ies);
4054 sdata->vif.bss_conf.sync_tsf = ies->tsf;
4055 sdata->vif.bss_conf.sync_device_ts =
4056 bss->device_ts_beacon;
4057 tim_ie = cfg80211_find_ie(WLAN_EID_TIM,
4058 ies->data, ies->len);
4059 if (tim_ie && tim_ie[1] >= 2)
4060 sdata->vif.bss_conf.sync_dtim_count = tim_ie[2];
4062 sdata->vif.bss_conf.sync_dtim_count = 0;
4063 } else if (!(local->hw.flags &
4064 IEEE80211_HW_TIMING_BEACON_ONLY)) {
4065 ies = rcu_dereference(cbss->proberesp_ies);
4066 /* must be non-NULL since beacon IEs were NULL */
4067 sdata->vif.bss_conf.sync_tsf = ies->tsf;
4068 sdata->vif.bss_conf.sync_device_ts =
4069 bss->device_ts_presp;
4070 sdata->vif.bss_conf.sync_dtim_count = 0;
4072 sdata->vif.bss_conf.sync_tsf = 0;
4073 sdata->vif.bss_conf.sync_device_ts = 0;
4074 sdata->vif.bss_conf.sync_dtim_count = 0;
4078 /* tell driver about BSSID, basic rates and timing */
4079 ieee80211_bss_info_change_notify(sdata,
4080 BSS_CHANGED_BSSID | BSS_CHANGED_BASIC_RATES |
4081 BSS_CHANGED_BEACON_INT);
4084 sta_info_pre_move_state(new_sta, IEEE80211_STA_AUTH);
4086 err = sta_info_insert(new_sta);
4090 "failed to insert STA entry for the AP (error %d)\n",
4095 WARN_ON_ONCE(!ether_addr_equal(ifmgd->bssid, cbss->bssid));
4101 int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata,
4102 struct cfg80211_auth_request *req)
4104 struct ieee80211_local *local = sdata->local;
4105 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4106 struct ieee80211_mgd_auth_data *auth_data;
4110 /* prepare auth data structure */
4112 switch (req->auth_type) {
4113 case NL80211_AUTHTYPE_OPEN_SYSTEM:
4114 auth_alg = WLAN_AUTH_OPEN;
4116 case NL80211_AUTHTYPE_SHARED_KEY:
4117 if (IS_ERR(local->wep_tx_tfm))
4119 auth_alg = WLAN_AUTH_SHARED_KEY;
4121 case NL80211_AUTHTYPE_FT:
4122 auth_alg = WLAN_AUTH_FT;
4124 case NL80211_AUTHTYPE_NETWORK_EAP:
4125 auth_alg = WLAN_AUTH_LEAP;
4127 case NL80211_AUTHTYPE_SAE:
4128 auth_alg = WLAN_AUTH_SAE;
4134 auth_data = kzalloc(sizeof(*auth_data) + req->sae_data_len +
4135 req->ie_len, GFP_KERNEL);
4139 auth_data->bss = req->bss;
4141 if (req->sae_data_len >= 4) {
4142 __le16 *pos = (__le16 *) req->sae_data;
4143 auth_data->sae_trans = le16_to_cpu(pos[0]);
4144 auth_data->sae_status = le16_to_cpu(pos[1]);
4145 memcpy(auth_data->data, req->sae_data + 4,
4146 req->sae_data_len - 4);
4147 auth_data->data_len += req->sae_data_len - 4;
4150 if (req->ie && req->ie_len) {
4151 memcpy(&auth_data->data[auth_data->data_len],
4152 req->ie, req->ie_len);
4153 auth_data->data_len += req->ie_len;
4156 if (req->key && req->key_len) {
4157 auth_data->key_len = req->key_len;
4158 auth_data->key_idx = req->key_idx;
4159 memcpy(auth_data->key, req->key, req->key_len);
4162 auth_data->algorithm = auth_alg;
4164 /* try to authenticate/probe */
4166 mutex_lock(&ifmgd->mtx);
4168 if ((ifmgd->auth_data && !ifmgd->auth_data->done) ||
4169 ifmgd->assoc_data) {
4174 if (ifmgd->auth_data)
4175 ieee80211_destroy_auth_data(sdata, false);
4177 /* prep auth_data so we don't go into idle on disassoc */
4178 ifmgd->auth_data = auth_data;
4180 if (ifmgd->associated) {
4181 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
4183 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
4184 WLAN_REASON_UNSPECIFIED,
4187 __cfg80211_send_deauth(sdata->dev, frame_buf,
4191 sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid);
4193 err = ieee80211_prep_connection(sdata, req->bss, false);
4197 err = ieee80211_probe_auth(sdata);
4199 sta_info_destroy_addr(sdata, req->bss->bssid);
4203 /* hold our own reference */
4204 cfg80211_ref_bss(local->hw.wiphy, auth_data->bss);
4209 memset(ifmgd->bssid, 0, ETH_ALEN);
4210 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
4211 ifmgd->auth_data = NULL;
4215 mutex_unlock(&ifmgd->mtx);
4220 int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
4221 struct cfg80211_assoc_request *req)
4223 struct ieee80211_local *local = sdata->local;
4224 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4225 struct ieee80211_bss *bss = (void *)req->bss->priv;
4226 struct ieee80211_mgd_assoc_data *assoc_data;
4227 const struct cfg80211_bss_ies *beacon_ies;
4228 struct ieee80211_supported_band *sband;
4229 const u8 *ssidie, *ht_ie, *vht_ie;
4232 assoc_data = kzalloc(sizeof(*assoc_data) + req->ie_len, GFP_KERNEL);
4237 ssidie = ieee80211_bss_get_ie(req->bss, WLAN_EID_SSID);
4243 memcpy(assoc_data->ssid, ssidie + 2, ssidie[1]);
4244 assoc_data->ssid_len = ssidie[1];
4247 mutex_lock(&ifmgd->mtx);
4249 if (ifmgd->associated) {
4250 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
4252 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
4253 WLAN_REASON_UNSPECIFIED,
4256 __cfg80211_send_deauth(sdata->dev, frame_buf,
4260 if (ifmgd->auth_data && !ifmgd->auth_data->done) {
4265 if (ifmgd->assoc_data) {
4270 if (ifmgd->auth_data) {
4273 /* keep sta info, bssid if matching */
4274 match = ether_addr_equal(ifmgd->bssid, req->bss->bssid);
4275 ieee80211_destroy_auth_data(sdata, match);
4278 /* prepare assoc data */
4280 ifmgd->beacon_crc_valid = false;
4283 * IEEE802.11n does not allow TKIP/WEP as pairwise ciphers in HT mode.
4284 * We still associate in non-HT mode (11a/b/g) if any one of these
4285 * ciphers is configured as pairwise.
4286 * We can set this to true for non-11n hardware, that'll be checked
4287 * separately along with the peer capabilities.
4289 for (i = 0; i < req->crypto.n_ciphers_pairwise; i++) {
4290 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 ||
4291 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP ||
4292 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) {
4293 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4294 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4295 netdev_info(sdata->dev,
4296 "disabling HT/VHT due to WEP/TKIP use\n");
4300 if (req->flags & ASSOC_REQ_DISABLE_HT) {
4301 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4302 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4305 if (req->flags & ASSOC_REQ_DISABLE_VHT)
4306 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4308 /* Also disable HT if we don't support it or the AP doesn't use WMM */
4309 sband = local->hw.wiphy->bands[req->bss->channel->band];
4310 if (!sband->ht_cap.ht_supported ||
4311 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used) {
4312 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4314 netdev_info(sdata->dev,
4315 "disabling HT as WMM/QoS is not supported by the AP\n");
4318 /* disable VHT if we don't support it or the AP doesn't use WMM */
4319 if (!sband->vht_cap.vht_supported ||
4320 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used) {
4321 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4323 netdev_info(sdata->dev,
4324 "disabling VHT as WMM/QoS is not supported by the AP\n");
4327 memcpy(&ifmgd->ht_capa, &req->ht_capa, sizeof(ifmgd->ht_capa));
4328 memcpy(&ifmgd->ht_capa_mask, &req->ht_capa_mask,
4329 sizeof(ifmgd->ht_capa_mask));
4331 memcpy(&ifmgd->vht_capa, &req->vht_capa, sizeof(ifmgd->vht_capa));
4332 memcpy(&ifmgd->vht_capa_mask, &req->vht_capa_mask,
4333 sizeof(ifmgd->vht_capa_mask));
4335 if (req->ie && req->ie_len) {
4336 memcpy(assoc_data->ie, req->ie, req->ie_len);
4337 assoc_data->ie_len = req->ie_len;
4340 assoc_data->bss = req->bss;
4342 if (ifmgd->req_smps == IEEE80211_SMPS_AUTOMATIC) {
4343 if (ifmgd->powersave)
4344 sdata->smps_mode = IEEE80211_SMPS_DYNAMIC;
4346 sdata->smps_mode = IEEE80211_SMPS_OFF;
4348 sdata->smps_mode = ifmgd->req_smps;
4350 assoc_data->capability = req->bss->capability;
4351 assoc_data->wmm = bss->wmm_used &&
4352 (local->hw.queues >= IEEE80211_NUM_ACS);
4353 assoc_data->supp_rates = bss->supp_rates;
4354 assoc_data->supp_rates_len = bss->supp_rates_len;
4357 ht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_HT_OPERATION);
4358 if (ht_ie && ht_ie[1] >= sizeof(struct ieee80211_ht_operation))
4359 assoc_data->ap_ht_param =
4360 ((struct ieee80211_ht_operation *)(ht_ie + 2))->ht_param;
4362 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4363 vht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_VHT_CAPABILITY);
4364 if (vht_ie && vht_ie[1] >= sizeof(struct ieee80211_vht_cap))
4365 memcpy(&assoc_data->ap_vht_cap, vht_ie + 2,
4366 sizeof(struct ieee80211_vht_cap));
4368 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4371 if (bss->wmm_used && bss->uapsd_supported &&
4372 (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD) &&
4373 sdata->wmm_acm != 0xff) {
4374 assoc_data->uapsd = true;
4375 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED;
4377 assoc_data->uapsd = false;
4378 ifmgd->flags &= ~IEEE80211_STA_UAPSD_ENABLED;
4381 if (req->prev_bssid)
4382 memcpy(assoc_data->prev_bssid, req->prev_bssid, ETH_ALEN);
4385 ifmgd->mfp = IEEE80211_MFP_REQUIRED;
4386 ifmgd->flags |= IEEE80211_STA_MFP_ENABLED;
4388 ifmgd->mfp = IEEE80211_MFP_DISABLED;
4389 ifmgd->flags &= ~IEEE80211_STA_MFP_ENABLED;
4392 if (req->crypto.control_port)
4393 ifmgd->flags |= IEEE80211_STA_CONTROL_PORT;
4395 ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT;
4397 sdata->control_port_protocol = req->crypto.control_port_ethertype;
4398 sdata->control_port_no_encrypt = req->crypto.control_port_no_encrypt;
4400 /* kick off associate process */
4402 ifmgd->assoc_data = assoc_data;
4403 ifmgd->dtim_period = 0;
4405 err = ieee80211_prep_connection(sdata, req->bss, true);
4410 beacon_ies = rcu_dereference(req->bss->beacon_ies);
4412 if (sdata->local->hw.flags & IEEE80211_HW_NEED_DTIM_BEFORE_ASSOC &&
4415 * Wait up to one beacon interval ...
4416 * should this be more if we miss one?
4418 sdata_info(sdata, "waiting for beacon from %pM\n",
4420 assoc_data->timeout = TU_TO_EXP_TIME(req->bss->beacon_interval);
4421 assoc_data->timeout_started = true;
4422 assoc_data->need_beacon = true;
4423 } else if (beacon_ies) {
4424 const u8 *tim_ie = cfg80211_find_ie(WLAN_EID_TIM,
4429 if (tim_ie && tim_ie[1] >= sizeof(struct ieee80211_tim_ie)) {
4430 const struct ieee80211_tim_ie *tim;
4431 tim = (void *)(tim_ie + 2);
4432 ifmgd->dtim_period = tim->dtim_period;
4433 dtim_count = tim->dtim_count;
4435 assoc_data->have_beacon = true;
4436 assoc_data->timeout = jiffies;
4437 assoc_data->timeout_started = true;
4439 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) {
4440 sdata->vif.bss_conf.sync_tsf = beacon_ies->tsf;
4441 sdata->vif.bss_conf.sync_device_ts =
4442 bss->device_ts_beacon;
4443 sdata->vif.bss_conf.sync_dtim_count = dtim_count;
4446 assoc_data->timeout = jiffies;
4447 assoc_data->timeout_started = true;
4451 run_again(ifmgd, assoc_data->timeout);
4453 if (bss->corrupt_data) {
4454 char *corrupt_type = "data";
4455 if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_BEACON) {
4456 if (bss->corrupt_data &
4457 IEEE80211_BSS_CORRUPT_PROBE_RESP)
4458 corrupt_type = "beacon and probe response";
4460 corrupt_type = "beacon";
4461 } else if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP)
4462 corrupt_type = "probe response";
4463 sdata_info(sdata, "associating with AP with corrupt %s\n",
4470 memset(ifmgd->bssid, 0, ETH_ALEN);
4471 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
4472 ifmgd->assoc_data = NULL;
4476 mutex_unlock(&ifmgd->mtx);
4481 int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
4482 struct cfg80211_deauth_request *req)
4484 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4485 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
4486 bool tx = !req->local_state_change;
4487 bool report_frame = false;
4489 mutex_lock(&ifmgd->mtx);
4492 "deauthenticating from %pM by local choice (reason=%d)\n",
4493 req->bssid, req->reason_code);
4495 if (ifmgd->auth_data) {
4496 drv_mgd_prepare_tx(sdata->local, sdata);
4497 ieee80211_send_deauth_disassoc(sdata, req->bssid,
4498 IEEE80211_STYPE_DEAUTH,
4499 req->reason_code, tx,
4501 ieee80211_destroy_auth_data(sdata, false);
4502 mutex_unlock(&ifmgd->mtx);
4504 report_frame = true;
4508 if (ifmgd->associated &&
4509 ether_addr_equal(ifmgd->associated->bssid, req->bssid)) {
4510 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
4511 req->reason_code, tx, frame_buf);
4512 report_frame = true;
4514 mutex_unlock(&ifmgd->mtx);
4518 __cfg80211_send_deauth(sdata->dev, frame_buf,
4519 IEEE80211_DEAUTH_FRAME_LEN);
4524 int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata,
4525 struct cfg80211_disassoc_request *req)
4527 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4529 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
4531 mutex_lock(&ifmgd->mtx);
4534 * cfg80211 should catch this ... but it's racy since
4535 * we can receive a disassoc frame, process it, hand it
4536 * to cfg80211 while that's in a locked section already
4537 * trying to tell us that the user wants to disconnect.
4539 if (ifmgd->associated != req->bss) {
4540 mutex_unlock(&ifmgd->mtx);
4545 "disassociating from %pM by local choice (reason=%d)\n",
4546 req->bss->bssid, req->reason_code);
4548 memcpy(bssid, req->bss->bssid, ETH_ALEN);
4549 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DISASSOC,
4550 req->reason_code, !req->local_state_change,
4552 mutex_unlock(&ifmgd->mtx);
4554 __cfg80211_send_disassoc(sdata->dev, frame_buf,
4555 IEEE80211_DEAUTH_FRAME_LEN);
4560 void ieee80211_mgd_stop(struct ieee80211_sub_if_data *sdata)
4562 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4565 * Make sure some work items will not run after this,
4566 * they will not do anything but might not have been
4567 * cancelled when disconnecting.
4569 cancel_work_sync(&ifmgd->monitor_work);
4570 cancel_work_sync(&ifmgd->beacon_connection_loss_work);
4571 cancel_work_sync(&ifmgd->request_smps_work);
4572 cancel_work_sync(&ifmgd->csa_connection_drop_work);
4573 cancel_work_sync(&ifmgd->chswitch_work);
4575 mutex_lock(&ifmgd->mtx);
4576 if (ifmgd->assoc_data)
4577 ieee80211_destroy_assoc_data(sdata, false);
4578 if (ifmgd->auth_data)
4579 ieee80211_destroy_auth_data(sdata, false);
4580 del_timer_sync(&ifmgd->timer);
4581 mutex_unlock(&ifmgd->mtx);
4584 void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif,
4585 enum nl80211_cqm_rssi_threshold_event rssi_event,
4588 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
4590 trace_api_cqm_rssi_notify(sdata, rssi_event);
4592 cfg80211_cqm_rssi_notify(sdata->dev, rssi_event, gfp);
4594 EXPORT_SYMBOL(ieee80211_cqm_rssi_notify);
projects / firefly-linux-kernel-4.4.55.git / blob