2 * BSS client mode implementation
3 * Copyright 2003-2008, Jouni Malinen <j@w1.fi>
4 * Copyright 2004, Instant802 Networks, Inc.
5 * Copyright 2005, Devicescape Software, Inc.
6 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
7 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License version 2 as
11 * published by the Free Software Foundation.
14 #include <linux/delay.h>
15 #include <linux/if_ether.h>
16 #include <linux/skbuff.h>
17 #include <linux/if_arp.h>
18 #include <linux/etherdevice.h>
19 #include <linux/moduleparam.h>
20 #include <linux/rtnetlink.h>
21 #include <linux/pm_qos.h>
22 #include <linux/crc32.h>
23 #include <linux/slab.h>
24 #include <linux/export.h>
25 #include <net/mac80211.h>
26 #include <asm/unaligned.h>
28 #include "ieee80211_i.h"
29 #include "driver-ops.h"
33 #define IEEE80211_AUTH_TIMEOUT (HZ / 5)
34 #define IEEE80211_AUTH_TIMEOUT_LONG (HZ / 2)
35 #define IEEE80211_AUTH_TIMEOUT_SHORT (HZ / 10)
36 #define IEEE80211_AUTH_MAX_TRIES 3
37 #define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5)
38 #define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
39 #define IEEE80211_ASSOC_TIMEOUT_LONG (HZ / 2)
40 #define IEEE80211_ASSOC_TIMEOUT_SHORT (HZ / 10)
41 #define IEEE80211_ASSOC_MAX_TRIES 3
43 static int max_nullfunc_tries = 2;
44 module_param(max_nullfunc_tries, int, 0644);
45 MODULE_PARM_DESC(max_nullfunc_tries,
46 "Maximum nullfunc tx tries before disconnecting (reason 4).");
48 static int max_probe_tries = 5;
49 module_param(max_probe_tries, int, 0644);
50 MODULE_PARM_DESC(max_probe_tries,
51 "Maximum probe tries before disconnecting (reason 4).");
54 * Beacon loss timeout is calculated as N frames times the
55 * advertised beacon interval. This may need to be somewhat
56 * higher than what hardware might detect to account for
57 * delays in the host processing frames. But since we also
58 * probe on beacon miss before declaring the connection lost
59 * default to what we want.
61 static int beacon_loss_count = 7;
62 module_param(beacon_loss_count, int, 0644);
63 MODULE_PARM_DESC(beacon_loss_count,
64 "Number of beacon intervals before we decide beacon was lost.");
67 * Time the connection can be idle before we probe
68 * it to see if we can still talk to the AP.
70 #define IEEE80211_CONNECTION_IDLE_TIME (30 * HZ)
72 * Time we wait for a probe response after sending
73 * a probe request because of beacon loss or for
74 * checking the connection still works.
76 static int probe_wait_ms = 500;
77 module_param(probe_wait_ms, int, 0644);
78 MODULE_PARM_DESC(probe_wait_ms,
79 "Maximum time(ms) to wait for probe response"
80 " before disconnecting (reason 4).");
83 * Weight given to the latest Beacon frame when calculating average signal
84 * strength for Beacon frames received in the current BSS. This must be
87 #define IEEE80211_SIGNAL_AVE_WEIGHT 3
90 * How many Beacon frames need to have been used in average signal strength
91 * before starting to indicate signal change events.
93 #define IEEE80211_SIGNAL_AVE_MIN_COUNT 4
96 * We can have multiple work items (and connection probing)
97 * scheduling this timer, but we need to take care to only
98 * reschedule it when it should fire _earlier_ than it was
99 * asked for before, or if it's not pending right now. This
100 * function ensures that. Note that it then is required to
101 * run this function for all timeouts after the first one
102 * has happened -- the work that runs from this timer will
105 static void run_again(struct ieee80211_sub_if_data *sdata,
106 unsigned long timeout)
108 sdata_assert_lock(sdata);
110 if (!timer_pending(&sdata->u.mgd.timer) ||
111 time_before(timeout, sdata->u.mgd.timer.expires))
112 mod_timer(&sdata->u.mgd.timer, timeout);
115 void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata)
117 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER)
120 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR)
123 mod_timer(&sdata->u.mgd.bcn_mon_timer,
124 round_jiffies_up(jiffies + sdata->u.mgd.beacon_timeout));
127 void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata)
129 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
131 if (unlikely(!sdata->u.mgd.associated))
134 ifmgd->probe_send_count = 0;
136 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR)
139 mod_timer(&sdata->u.mgd.conn_mon_timer,
140 round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME));
143 static int ecw2cw(int ecw)
145 return (1 << ecw) - 1;
149 ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata,
150 struct ieee80211_supported_band *sband,
151 struct ieee80211_channel *channel,
152 const struct ieee80211_ht_operation *ht_oper,
153 const struct ieee80211_vht_operation *vht_oper,
154 struct cfg80211_chan_def *chandef, bool tracking)
156 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
157 struct cfg80211_chan_def vht_chandef;
160 chandef->chan = channel;
161 chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
162 chandef->center_freq1 = channel->center_freq;
163 chandef->center_freq2 = 0;
165 if (!ht_oper || !sband->ht_cap.ht_supported) {
166 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT;
170 chandef->width = NL80211_CHAN_WIDTH_20;
172 ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan,
174 /* check that channel matches the right operating channel */
175 if (!tracking && channel->center_freq != ht_cfreq) {
177 * It's possible that some APs are confused here;
178 * Netgear WNDR3700 sometimes reports 4 higher than
179 * the actual channel in association responses, but
180 * since we look at probe response/beacon data here
184 "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n",
185 channel->center_freq, ht_cfreq,
186 ht_oper->primary_chan, channel->band);
187 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT;
191 /* check 40 MHz support, if we have it */
192 if (sband->ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) {
193 switch (ht_oper->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
194 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
195 chandef->width = NL80211_CHAN_WIDTH_40;
196 chandef->center_freq1 += 10;
198 case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
199 chandef->width = NL80211_CHAN_WIDTH_40;
200 chandef->center_freq1 -= 10;
204 /* 40 MHz (and 80 MHz) must be supported for VHT */
205 ret = IEEE80211_STA_DISABLE_VHT;
206 /* also mark 40 MHz disabled */
207 ret |= IEEE80211_STA_DISABLE_40MHZ;
211 if (!vht_oper || !sband->vht_cap.vht_supported) {
212 ret = IEEE80211_STA_DISABLE_VHT;
216 vht_chandef.chan = channel;
217 vht_chandef.center_freq1 =
218 ieee80211_channel_to_frequency(vht_oper->center_freq_seg1_idx,
220 vht_chandef.center_freq2 = 0;
222 switch (vht_oper->chan_width) {
223 case IEEE80211_VHT_CHANWIDTH_USE_HT:
224 vht_chandef.width = chandef->width;
225 vht_chandef.center_freq1 = chandef->center_freq1;
227 case IEEE80211_VHT_CHANWIDTH_80MHZ:
228 vht_chandef.width = NL80211_CHAN_WIDTH_80;
230 case IEEE80211_VHT_CHANWIDTH_160MHZ:
231 vht_chandef.width = NL80211_CHAN_WIDTH_160;
233 case IEEE80211_VHT_CHANWIDTH_80P80MHZ:
234 vht_chandef.width = NL80211_CHAN_WIDTH_80P80;
235 vht_chandef.center_freq2 =
236 ieee80211_channel_to_frequency(
237 vht_oper->center_freq_seg2_idx,
241 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
243 "AP VHT operation IE has invalid channel width (%d), disable VHT\n",
244 vht_oper->chan_width);
245 ret = IEEE80211_STA_DISABLE_VHT;
249 if (!cfg80211_chandef_valid(&vht_chandef)) {
250 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
252 "AP VHT information is invalid, disable VHT\n");
253 ret = IEEE80211_STA_DISABLE_VHT;
257 if (cfg80211_chandef_identical(chandef, &vht_chandef)) {
262 if (!cfg80211_chandef_compatible(chandef, &vht_chandef)) {
263 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
265 "AP VHT information doesn't match HT, disable VHT\n");
266 ret = IEEE80211_STA_DISABLE_VHT;
270 *chandef = vht_chandef;
276 * When tracking the current AP, don't do any further checks if the
277 * new chandef is identical to the one we're currently using for the
278 * connection. This keeps us from playing ping-pong with regulatory,
279 * without it the following can happen (for example):
280 * - connect to an AP with 80 MHz, world regdom allows 80 MHz
281 * - AP advertises regdom US
282 * - CRDA loads regdom US with 80 MHz prohibited (old database)
283 * - the code below detects an unsupported channel, downgrades, and
284 * we disconnect from the AP in the caller
285 * - disconnect causes CRDA to reload world regdomain and the game
287 * (see https://bugzilla.kernel.org/show_bug.cgi?id=70881)
289 * It seems possible that there are still scenarios with CSA or real
290 * bandwidth changes where a this could happen, but those cases are
291 * less common and wouldn't completely prevent using the AP.
294 cfg80211_chandef_identical(chandef, &sdata->vif.bss_conf.chandef))
297 /* don't print the message below for VHT mismatch if VHT is disabled */
298 if (ret & IEEE80211_STA_DISABLE_VHT)
299 vht_chandef = *chandef;
302 * Ignore the DISABLED flag when we're already connected and only
303 * tracking the APs beacon for bandwidth changes - otherwise we
304 * might get disconnected here if we connect to an AP, update our
305 * regulatory information based on the AP's country IE and the
306 * information we have is wrong/outdated and disables the channel
307 * that we're actually using for the connection to the AP.
309 while (!cfg80211_chandef_usable(sdata->local->hw.wiphy, chandef,
311 IEEE80211_CHAN_DISABLED)) {
312 if (WARN_ON(chandef->width == NL80211_CHAN_WIDTH_20_NOHT)) {
313 ret = IEEE80211_STA_DISABLE_HT |
314 IEEE80211_STA_DISABLE_VHT;
318 ret |= ieee80211_chandef_downgrade(chandef);
321 if (chandef->width != vht_chandef.width && !tracking)
323 "capabilities/regulatory prevented using AP HT/VHT configuration, downgraded\n");
325 WARN_ON_ONCE(!cfg80211_chandef_valid(chandef));
329 static int ieee80211_config_bw(struct ieee80211_sub_if_data *sdata,
330 struct sta_info *sta,
331 const struct ieee80211_ht_operation *ht_oper,
332 const struct ieee80211_vht_operation *vht_oper,
333 const u8 *bssid, u32 *changed)
335 struct ieee80211_local *local = sdata->local;
336 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
337 struct ieee80211_supported_band *sband;
338 struct ieee80211_channel *chan;
339 struct cfg80211_chan_def chandef;
342 enum ieee80211_sta_rx_bandwidth new_sta_bw;
345 /* if HT was/is disabled, don't track any bandwidth changes */
346 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT || !ht_oper)
349 /* don't check VHT if we associated as non-VHT station */
350 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT)
353 if (WARN_ON_ONCE(!sta))
357 * if bss configuration changed store the new one -
358 * this may be applicable even if channel is identical
360 ht_opmode = le16_to_cpu(ht_oper->operation_mode);
361 if (sdata->vif.bss_conf.ht_operation_mode != ht_opmode) {
362 *changed |= BSS_CHANGED_HT;
363 sdata->vif.bss_conf.ht_operation_mode = ht_opmode;
366 chan = sdata->vif.bss_conf.chandef.chan;
367 sband = local->hw.wiphy->bands[chan->band];
369 /* calculate new channel (type) based on HT/VHT operation IEs */
370 flags = ieee80211_determine_chantype(sdata, sband, chan, ht_oper,
371 vht_oper, &chandef, true);
374 * Downgrade the new channel if we associated with restricted
375 * capabilities. For example, if we associated as a 20 MHz STA
376 * to a 40 MHz AP (due to regulatory, capabilities or config
377 * reasons) then switching to a 40 MHz channel now won't do us
378 * any good -- we couldn't use it with the AP.
380 if (ifmgd->flags & IEEE80211_STA_DISABLE_80P80MHZ &&
381 chandef.width == NL80211_CHAN_WIDTH_80P80)
382 flags |= ieee80211_chandef_downgrade(&chandef);
383 if (ifmgd->flags & IEEE80211_STA_DISABLE_160MHZ &&
384 chandef.width == NL80211_CHAN_WIDTH_160)
385 flags |= ieee80211_chandef_downgrade(&chandef);
386 if (ifmgd->flags & IEEE80211_STA_DISABLE_40MHZ &&
387 chandef.width > NL80211_CHAN_WIDTH_20)
388 flags |= ieee80211_chandef_downgrade(&chandef);
390 if (cfg80211_chandef_identical(&chandef, &sdata->vif.bss_conf.chandef))
394 "AP %pM changed bandwidth, new config is %d MHz, width %d (%d/%d MHz)\n",
395 ifmgd->bssid, chandef.chan->center_freq, chandef.width,
396 chandef.center_freq1, chandef.center_freq2);
398 if (flags != (ifmgd->flags & (IEEE80211_STA_DISABLE_HT |
399 IEEE80211_STA_DISABLE_VHT |
400 IEEE80211_STA_DISABLE_40MHZ |
401 IEEE80211_STA_DISABLE_80P80MHZ |
402 IEEE80211_STA_DISABLE_160MHZ)) ||
403 !cfg80211_chandef_valid(&chandef)) {
405 "AP %pM changed bandwidth in a way we can't support - disconnect\n",
410 switch (chandef.width) {
411 case NL80211_CHAN_WIDTH_20_NOHT:
412 case NL80211_CHAN_WIDTH_20:
413 new_sta_bw = IEEE80211_STA_RX_BW_20;
415 case NL80211_CHAN_WIDTH_40:
416 new_sta_bw = IEEE80211_STA_RX_BW_40;
418 case NL80211_CHAN_WIDTH_80:
419 new_sta_bw = IEEE80211_STA_RX_BW_80;
421 case NL80211_CHAN_WIDTH_80P80:
422 case NL80211_CHAN_WIDTH_160:
423 new_sta_bw = IEEE80211_STA_RX_BW_160;
429 if (new_sta_bw > sta->cur_max_bandwidth)
430 new_sta_bw = sta->cur_max_bandwidth;
432 if (new_sta_bw < sta->sta.bandwidth) {
433 sta->sta.bandwidth = new_sta_bw;
434 rate_control_rate_update(local, sband, sta,
435 IEEE80211_RC_BW_CHANGED);
438 ret = ieee80211_vif_change_bandwidth(sdata, &chandef, changed);
441 "AP %pM changed bandwidth to incompatible one - disconnect\n",
446 if (new_sta_bw > sta->sta.bandwidth) {
447 sta->sta.bandwidth = new_sta_bw;
448 rate_control_rate_update(local, sband, sta,
449 IEEE80211_RC_BW_CHANGED);
455 /* frame sending functions */
457 static void ieee80211_add_ht_ie(struct ieee80211_sub_if_data *sdata,
458 struct sk_buff *skb, u8 ap_ht_param,
459 struct ieee80211_supported_band *sband,
460 struct ieee80211_channel *channel,
461 enum ieee80211_smps_mode smps)
464 u32 flags = channel->flags;
466 struct ieee80211_sta_ht_cap ht_cap;
468 BUILD_BUG_ON(sizeof(ht_cap) != sizeof(sband->ht_cap));
470 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap));
471 ieee80211_apply_htcap_overrides(sdata, &ht_cap);
473 /* determine capability flags */
476 switch (ap_ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
477 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
478 if (flags & IEEE80211_CHAN_NO_HT40PLUS) {
479 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
480 cap &= ~IEEE80211_HT_CAP_SGI_40;
483 case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
484 if (flags & IEEE80211_CHAN_NO_HT40MINUS) {
485 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
486 cap &= ~IEEE80211_HT_CAP_SGI_40;
492 * If 40 MHz was disabled associate as though we weren't
493 * capable of 40 MHz -- some broken APs will never fall
494 * back to trying to transmit in 20 MHz.
496 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_40MHZ) {
497 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
498 cap &= ~IEEE80211_HT_CAP_SGI_40;
501 /* set SM PS mode properly */
502 cap &= ~IEEE80211_HT_CAP_SM_PS;
504 case IEEE80211_SMPS_AUTOMATIC:
505 case IEEE80211_SMPS_NUM_MODES:
507 case IEEE80211_SMPS_OFF:
508 cap |= WLAN_HT_CAP_SM_PS_DISABLED <<
509 IEEE80211_HT_CAP_SM_PS_SHIFT;
511 case IEEE80211_SMPS_STATIC:
512 cap |= WLAN_HT_CAP_SM_PS_STATIC <<
513 IEEE80211_HT_CAP_SM_PS_SHIFT;
515 case IEEE80211_SMPS_DYNAMIC:
516 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC <<
517 IEEE80211_HT_CAP_SM_PS_SHIFT;
521 /* reserve and fill IE */
522 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2);
523 ieee80211_ie_build_ht_cap(pos, &ht_cap, cap);
526 static void ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata,
528 struct ieee80211_supported_band *sband,
529 struct ieee80211_vht_cap *ap_vht_cap)
533 struct ieee80211_sta_vht_cap vht_cap;
534 u32 mask, ap_bf_sts, our_bf_sts;
536 BUILD_BUG_ON(sizeof(vht_cap) != sizeof(sband->vht_cap));
538 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap));
539 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap);
541 /* determine capability flags */
544 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_80P80MHZ) {
545 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ;
546 cap |= IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
549 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_160MHZ) {
550 cap &= ~IEEE80211_VHT_CAP_SHORT_GI_160;
551 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
555 * Some APs apparently get confused if our capabilities are better
556 * than theirs, so restrict what we advertise in the assoc request.
558 if (!(ap_vht_cap->vht_cap_info &
559 cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)))
560 cap &= ~IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE;
562 mask = IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK;
564 ap_bf_sts = le32_to_cpu(ap_vht_cap->vht_cap_info) & mask;
565 our_bf_sts = cap & mask;
567 if (ap_bf_sts < our_bf_sts) {
572 /* reserve and fill IE */
573 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2);
574 ieee80211_ie_build_vht_cap(pos, &vht_cap, cap);
577 static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata)
579 struct ieee80211_local *local = sdata->local;
580 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
581 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
583 struct ieee80211_mgmt *mgmt;
585 size_t offset = 0, noffset;
586 int i, count, rates_len, supp_rates_len, shift;
588 struct ieee80211_supported_band *sband;
589 struct ieee80211_chanctx_conf *chanctx_conf;
590 struct ieee80211_channel *chan;
591 u32 rate_flags, rates = 0;
593 sdata_assert_lock(sdata);
596 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
597 if (WARN_ON(!chanctx_conf)) {
601 chan = chanctx_conf->def.chan;
602 rate_flags = ieee80211_chandef_rate_flags(&chanctx_conf->def);
604 sband = local->hw.wiphy->bands[chan->band];
605 shift = ieee80211_vif_get_shift(&sdata->vif);
607 if (assoc_data->supp_rates_len) {
609 * Get all rates supported by the device and the AP as
610 * some APs don't like getting a superset of their rates
611 * in the association request (e.g. D-Link DAP 1353 in
614 rates_len = ieee80211_parse_bitrates(&chanctx_conf->def, sband,
615 assoc_data->supp_rates,
616 assoc_data->supp_rates_len,
620 * In case AP not provide any supported rates information
621 * before association, we send information element(s) with
622 * all rates that we support.
625 for (i = 0; i < sband->n_bitrates; i++) {
626 if ((rate_flags & sband->bitrates[i].flags)
634 skb = alloc_skb(local->hw.extra_tx_headroom +
635 sizeof(*mgmt) + /* bit too much but doesn't matter */
636 2 + assoc_data->ssid_len + /* SSID */
637 4 + rates_len + /* (extended) rates */
638 4 + /* power capability */
639 2 + 2 * sband->n_channels + /* supported channels */
640 2 + sizeof(struct ieee80211_ht_cap) + /* HT */
641 2 + sizeof(struct ieee80211_vht_cap) + /* VHT */
642 assoc_data->ie_len + /* extra IEs */
648 skb_reserve(skb, local->hw.extra_tx_headroom);
650 capab = WLAN_CAPABILITY_ESS;
652 if (sband->band == IEEE80211_BAND_2GHZ) {
653 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE))
654 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
655 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE))
656 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
659 if (assoc_data->capability & WLAN_CAPABILITY_PRIVACY)
660 capab |= WLAN_CAPABILITY_PRIVACY;
662 if ((assoc_data->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) &&
663 (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT))
664 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;
666 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
668 memcpy(mgmt->da, assoc_data->bss->bssid, ETH_ALEN);
669 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
670 memcpy(mgmt->bssid, assoc_data->bss->bssid, ETH_ALEN);
672 if (!is_zero_ether_addr(assoc_data->prev_bssid)) {
674 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
675 IEEE80211_STYPE_REASSOC_REQ);
676 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab);
677 mgmt->u.reassoc_req.listen_interval =
678 cpu_to_le16(local->hw.conf.listen_interval);
679 memcpy(mgmt->u.reassoc_req.current_ap, assoc_data->prev_bssid,
683 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
684 IEEE80211_STYPE_ASSOC_REQ);
685 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab);
686 mgmt->u.assoc_req.listen_interval =
687 cpu_to_le16(local->hw.conf.listen_interval);
691 pos = skb_put(skb, 2 + assoc_data->ssid_len);
692 *pos++ = WLAN_EID_SSID;
693 *pos++ = assoc_data->ssid_len;
694 memcpy(pos, assoc_data->ssid, assoc_data->ssid_len);
696 /* add all rates which were marked to be used above */
697 supp_rates_len = rates_len;
698 if (supp_rates_len > 8)
701 pos = skb_put(skb, supp_rates_len + 2);
702 *pos++ = WLAN_EID_SUPP_RATES;
703 *pos++ = supp_rates_len;
706 for (i = 0; i < sband->n_bitrates; i++) {
707 if (BIT(i) & rates) {
708 int rate = DIV_ROUND_UP(sband->bitrates[i].bitrate,
716 if (rates_len > count) {
717 pos = skb_put(skb, rates_len - count + 2);
718 *pos++ = WLAN_EID_EXT_SUPP_RATES;
719 *pos++ = rates_len - count;
721 for (i++; i < sband->n_bitrates; i++) {
722 if (BIT(i) & rates) {
724 rate = DIV_ROUND_UP(sband->bitrates[i].bitrate,
731 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) {
732 /* 1. power capabilities */
733 pos = skb_put(skb, 4);
734 *pos++ = WLAN_EID_PWR_CAPABILITY;
736 *pos++ = 0; /* min tx power */
738 *pos++ = ieee80211_chandef_max_power(&chanctx_conf->def);
740 /* 2. supported channels */
741 /* TODO: get this in reg domain format */
742 pos = skb_put(skb, 2 * sband->n_channels + 2);
743 *pos++ = WLAN_EID_SUPPORTED_CHANNELS;
744 *pos++ = 2 * sband->n_channels;
745 for (i = 0; i < sband->n_channels; i++) {
746 *pos++ = ieee80211_frequency_to_channel(
747 sband->channels[i].center_freq);
748 *pos++ = 1; /* one channel in the subband*/
752 /* if present, add any custom IEs that go before HT */
753 if (assoc_data->ie_len) {
754 static const u8 before_ht[] = {
757 WLAN_EID_EXT_SUPP_RATES,
758 WLAN_EID_PWR_CAPABILITY,
759 WLAN_EID_SUPPORTED_CHANNELS,
762 WLAN_EID_RRM_ENABLED_CAPABILITIES,
763 WLAN_EID_MOBILITY_DOMAIN,
764 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
766 noffset = ieee80211_ie_split(assoc_data->ie, assoc_data->ie_len,
767 before_ht, ARRAY_SIZE(before_ht),
769 pos = skb_put(skb, noffset - offset);
770 memcpy(pos, assoc_data->ie + offset, noffset - offset);
774 if (WARN_ON_ONCE((ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
775 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)))
776 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
778 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT))
779 ieee80211_add_ht_ie(sdata, skb, assoc_data->ap_ht_param,
780 sband, chan, sdata->smps_mode);
782 /* if present, add any custom IEs that go before VHT */
783 if (assoc_data->ie_len) {
784 static const u8 before_vht[] = {
787 WLAN_EID_EXT_SUPP_RATES,
788 WLAN_EID_PWR_CAPABILITY,
789 WLAN_EID_SUPPORTED_CHANNELS,
792 WLAN_EID_RRM_ENABLED_CAPABILITIES,
793 WLAN_EID_MOBILITY_DOMAIN,
794 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
795 WLAN_EID_HT_CAPABILITY,
796 WLAN_EID_BSS_COEX_2040,
797 WLAN_EID_EXT_CAPABILITY,
798 WLAN_EID_QOS_TRAFFIC_CAPA,
799 WLAN_EID_TIM_BCAST_REQ,
800 WLAN_EID_INTERWORKING,
802 noffset = ieee80211_ie_split(assoc_data->ie, assoc_data->ie_len,
803 before_vht, ARRAY_SIZE(before_vht),
805 pos = skb_put(skb, noffset - offset);
806 memcpy(pos, assoc_data->ie + offset, noffset - offset);
810 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
811 ieee80211_add_vht_ie(sdata, skb, sband,
812 &assoc_data->ap_vht_cap);
814 /* if present, add any custom non-vendor IEs that go after HT */
815 if (assoc_data->ie_len) {
816 noffset = ieee80211_ie_split_vendor(assoc_data->ie,
819 pos = skb_put(skb, noffset - offset);
820 memcpy(pos, assoc_data->ie + offset, noffset - offset);
824 if (assoc_data->wmm) {
825 if (assoc_data->uapsd) {
826 qos_info = ifmgd->uapsd_queues;
827 qos_info |= (ifmgd->uapsd_max_sp_len <<
828 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT);
833 pos = skb_put(skb, 9);
834 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
835 *pos++ = 7; /* len */
836 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */
839 *pos++ = 2; /* WME */
840 *pos++ = 0; /* WME info */
841 *pos++ = 1; /* WME ver */
845 /* add any remaining custom (i.e. vendor specific here) IEs */
846 if (assoc_data->ie_len) {
847 noffset = assoc_data->ie_len;
848 pos = skb_put(skb, noffset - offset);
849 memcpy(pos, assoc_data->ie + offset, noffset - offset);
852 drv_mgd_prepare_tx(local, sdata);
854 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
855 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
856 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS |
857 IEEE80211_TX_INTFL_MLME_CONN_TX;
858 ieee80211_tx_skb(sdata, skb);
861 void ieee80211_send_pspoll(struct ieee80211_local *local,
862 struct ieee80211_sub_if_data *sdata)
864 struct ieee80211_pspoll *pspoll;
867 skb = ieee80211_pspoll_get(&local->hw, &sdata->vif);
871 pspoll = (struct ieee80211_pspoll *) skb->data;
872 pspoll->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
874 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
875 ieee80211_tx_skb(sdata, skb);
878 void ieee80211_send_nullfunc(struct ieee80211_local *local,
879 struct ieee80211_sub_if_data *sdata,
883 struct ieee80211_hdr_3addr *nullfunc;
884 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
886 skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif);
890 nullfunc = (struct ieee80211_hdr_3addr *) skb->data;
892 nullfunc->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
894 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT |
895 IEEE80211_TX_INTFL_OFFCHAN_TX_OK;
897 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
898 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
900 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL)
901 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE;
903 ieee80211_tx_skb(sdata, skb);
906 static void ieee80211_send_4addr_nullfunc(struct ieee80211_local *local,
907 struct ieee80211_sub_if_data *sdata)
910 struct ieee80211_hdr *nullfunc;
913 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
916 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30);
920 skb_reserve(skb, local->hw.extra_tx_headroom);
922 nullfunc = (struct ieee80211_hdr *) skb_put(skb, 30);
923 memset(nullfunc, 0, 30);
924 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC |
925 IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
926 nullfunc->frame_control = fc;
927 memcpy(nullfunc->addr1, sdata->u.mgd.bssid, ETH_ALEN);
928 memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN);
929 memcpy(nullfunc->addr3, sdata->u.mgd.bssid, ETH_ALEN);
930 memcpy(nullfunc->addr4, sdata->vif.addr, ETH_ALEN);
932 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
933 ieee80211_tx_skb(sdata, skb);
936 /* spectrum management related things */
937 static void ieee80211_chswitch_work(struct work_struct *work)
939 struct ieee80211_sub_if_data *sdata =
940 container_of(work, struct ieee80211_sub_if_data, u.mgd.chswitch_work);
941 struct ieee80211_local *local = sdata->local;
942 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
946 if (!ieee80211_sdata_running(sdata))
950 if (!ifmgd->associated)
953 mutex_lock(&local->mtx);
954 ret = ieee80211_vif_change_channel(sdata, &changed);
955 mutex_unlock(&local->mtx);
958 "vif channel switch failed, disconnecting\n");
959 ieee80211_queue_work(&sdata->local->hw,
960 &ifmgd->csa_connection_drop_work);
964 if (!local->use_chanctx) {
965 local->_oper_chandef = sdata->csa_chandef;
966 /* Call "hw_config" only if doing sw channel switch.
967 * Otherwise update the channel directly
969 if (!local->ops->channel_switch)
970 ieee80211_hw_config(local, 0);
972 local->hw.conf.chandef = local->_oper_chandef;
975 /* XXX: shouldn't really modify cfg80211-owned data! */
976 ifmgd->associated->channel = sdata->csa_chandef.chan;
978 ieee80211_bss_info_change_notify(sdata, changed);
980 mutex_lock(&local->mtx);
981 sdata->vif.csa_active = false;
982 /* XXX: wait for a beacon first? */
983 if (sdata->csa_block_tx) {
984 ieee80211_wake_vif_queues(local, sdata,
985 IEEE80211_QUEUE_STOP_REASON_CSA);
986 sdata->csa_block_tx = false;
988 mutex_unlock(&local->mtx);
990 ifmgd->flags &= ~IEEE80211_STA_CSA_RECEIVED;
992 ieee80211_sta_reset_beacon_monitor(sdata);
993 ieee80211_sta_reset_conn_monitor(sdata);
999 void ieee80211_chswitch_done(struct ieee80211_vif *vif, bool success)
1001 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1002 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1004 trace_api_chswitch_done(sdata, success);
1007 "driver channel switch failed, disconnecting\n");
1008 ieee80211_queue_work(&sdata->local->hw,
1009 &ifmgd->csa_connection_drop_work);
1011 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work);
1014 EXPORT_SYMBOL(ieee80211_chswitch_done);
1016 static void ieee80211_chswitch_timer(unsigned long data)
1018 struct ieee80211_sub_if_data *sdata =
1019 (struct ieee80211_sub_if_data *) data;
1021 ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.chswitch_work);
1025 ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata,
1026 u64 timestamp, struct ieee802_11_elems *elems,
1029 struct ieee80211_local *local = sdata->local;
1030 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1031 struct cfg80211_bss *cbss = ifmgd->associated;
1032 struct ieee80211_chanctx *chanctx;
1033 enum ieee80211_band current_band;
1034 struct ieee80211_csa_ie csa_ie;
1037 sdata_assert_lock(sdata);
1042 if (local->scanning)
1045 /* disregard subsequent announcements if we are already processing */
1046 if (ifmgd->flags & IEEE80211_STA_CSA_RECEIVED)
1049 current_band = cbss->channel->band;
1050 memset(&csa_ie, 0, sizeof(csa_ie));
1051 res = ieee80211_parse_ch_switch_ie(sdata, elems, beacon, current_band,
1053 ifmgd->associated->bssid, &csa_ie);
1055 ieee80211_queue_work(&local->hw,
1056 &ifmgd->csa_connection_drop_work);
1060 if (!cfg80211_chandef_usable(local->hw.wiphy, &csa_ie.chandef,
1061 IEEE80211_CHAN_DISABLED)) {
1063 "AP %pM switches to unsupported channel (%d MHz, width:%d, CF1/2: %d/%d MHz), disconnecting\n",
1064 ifmgd->associated->bssid,
1065 csa_ie.chandef.chan->center_freq,
1066 csa_ie.chandef.width, csa_ie.chandef.center_freq1,
1067 csa_ie.chandef.center_freq2);
1068 ieee80211_queue_work(&local->hw,
1069 &ifmgd->csa_connection_drop_work);
1073 ifmgd->flags |= IEEE80211_STA_CSA_RECEIVED;
1075 mutex_lock(&local->chanctx_mtx);
1076 if (local->use_chanctx) {
1077 u32 num_chanctx = 0;
1078 list_for_each_entry(chanctx, &local->chanctx_list, list)
1081 if (num_chanctx > 1 ||
1082 !(local->hw.flags & IEEE80211_HW_CHANCTX_STA_CSA)) {
1084 "not handling chan-switch with channel contexts\n");
1085 ieee80211_queue_work(&local->hw,
1086 &ifmgd->csa_connection_drop_work);
1087 mutex_unlock(&local->chanctx_mtx);
1092 if (WARN_ON(!rcu_access_pointer(sdata->vif.chanctx_conf))) {
1093 ieee80211_queue_work(&local->hw,
1094 &ifmgd->csa_connection_drop_work);
1095 mutex_unlock(&local->chanctx_mtx);
1098 chanctx = container_of(rcu_access_pointer(sdata->vif.chanctx_conf),
1099 struct ieee80211_chanctx, conf);
1100 if (ieee80211_chanctx_refcount(local, chanctx) > 1) {
1102 "channel switch with multiple interfaces on the same channel, disconnecting\n");
1103 ieee80211_queue_work(&local->hw,
1104 &ifmgd->csa_connection_drop_work);
1105 mutex_unlock(&local->chanctx_mtx);
1108 mutex_unlock(&local->chanctx_mtx);
1110 sdata->csa_chandef = csa_ie.chandef;
1112 mutex_lock(&local->mtx);
1113 sdata->vif.csa_active = true;
1114 sdata->csa_block_tx = csa_ie.mode;
1116 if (sdata->csa_block_tx)
1117 ieee80211_stop_vif_queues(local, sdata,
1118 IEEE80211_QUEUE_STOP_REASON_CSA);
1119 mutex_unlock(&local->mtx);
1121 if (local->ops->channel_switch) {
1122 /* use driver's channel switch callback */
1123 struct ieee80211_channel_switch ch_switch = {
1124 .timestamp = timestamp,
1125 .block_tx = csa_ie.mode,
1126 .chandef = csa_ie.chandef,
1127 .count = csa_ie.count,
1130 drv_channel_switch(local, &ch_switch);
1134 /* channel switch handled in software */
1135 if (csa_ie.count <= 1)
1136 ieee80211_queue_work(&local->hw, &ifmgd->chswitch_work);
1138 mod_timer(&ifmgd->chswitch_timer,
1139 TU_TO_EXP_TIME(csa_ie.count * cbss->beacon_interval));
1142 static u32 ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata,
1143 struct ieee80211_channel *channel,
1144 const u8 *country_ie, u8 country_ie_len,
1145 const u8 *pwr_constr_elem)
1147 struct ieee80211_country_ie_triplet *triplet;
1148 int chan = ieee80211_frequency_to_channel(channel->center_freq);
1149 int i, chan_pwr, chan_increment, new_ap_level;
1150 bool have_chan_pwr = false;
1153 if (country_ie_len % 2 || country_ie_len < IEEE80211_COUNTRY_IE_MIN_LEN)
1156 triplet = (void *)(country_ie + 3);
1157 country_ie_len -= 3;
1159 switch (channel->band) {
1163 case IEEE80211_BAND_2GHZ:
1164 case IEEE80211_BAND_60GHZ:
1167 case IEEE80211_BAND_5GHZ:
1173 while (country_ie_len >= 3) {
1174 u8 first_channel = triplet->chans.first_channel;
1176 if (first_channel >= IEEE80211_COUNTRY_EXTENSION_ID)
1179 for (i = 0; i < triplet->chans.num_channels; i++) {
1180 if (first_channel + i * chan_increment == chan) {
1181 have_chan_pwr = true;
1182 chan_pwr = triplet->chans.max_power;
1191 country_ie_len -= 3;
1197 new_ap_level = max_t(int, 0, chan_pwr - *pwr_constr_elem);
1199 if (sdata->ap_power_level == new_ap_level)
1203 "Limiting TX power to %d (%d - %d) dBm as advertised by %pM\n",
1204 new_ap_level, chan_pwr, *pwr_constr_elem,
1205 sdata->u.mgd.bssid);
1206 sdata->ap_power_level = new_ap_level;
1207 if (__ieee80211_recalc_txpower(sdata))
1208 return BSS_CHANGED_TXPOWER;
1213 static void ieee80211_enable_ps(struct ieee80211_local *local,
1214 struct ieee80211_sub_if_data *sdata)
1216 struct ieee80211_conf *conf = &local->hw.conf;
1219 * If we are scanning right now then the parameters will
1220 * take effect when scan finishes.
1222 if (local->scanning)
1225 if (conf->dynamic_ps_timeout > 0 &&
1226 !(local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)) {
1227 mod_timer(&local->dynamic_ps_timer, jiffies +
1228 msecs_to_jiffies(conf->dynamic_ps_timeout));
1230 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)
1231 ieee80211_send_nullfunc(local, sdata, 1);
1233 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) &&
1234 (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS))
1237 conf->flags |= IEEE80211_CONF_PS;
1238 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1242 static void ieee80211_change_ps(struct ieee80211_local *local)
1244 struct ieee80211_conf *conf = &local->hw.conf;
1246 if (local->ps_sdata) {
1247 ieee80211_enable_ps(local, local->ps_sdata);
1248 } else if (conf->flags & IEEE80211_CONF_PS) {
1249 conf->flags &= ~IEEE80211_CONF_PS;
1250 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1251 del_timer_sync(&local->dynamic_ps_timer);
1252 cancel_work_sync(&local->dynamic_ps_enable_work);
1256 static bool ieee80211_powersave_allowed(struct ieee80211_sub_if_data *sdata)
1258 struct ieee80211_if_managed *mgd = &sdata->u.mgd;
1259 struct sta_info *sta = NULL;
1260 bool authorized = false;
1262 if (!mgd->powersave)
1268 if (!mgd->associated)
1271 if (mgd->flags & IEEE80211_STA_CONNECTION_POLL)
1274 if (!mgd->have_beacon)
1278 sta = sta_info_get(sdata, mgd->bssid);
1280 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED);
1286 /* need to hold RTNL or interface lock */
1287 void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency)
1289 struct ieee80211_sub_if_data *sdata, *found = NULL;
1293 if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_PS)) {
1294 local->ps_sdata = NULL;
1298 list_for_each_entry(sdata, &local->interfaces, list) {
1299 if (!ieee80211_sdata_running(sdata))
1301 if (sdata->vif.type == NL80211_IFTYPE_AP) {
1302 /* If an AP vif is found, then disable PS
1303 * by setting the count to zero thereby setting
1309 if (sdata->vif.type != NL80211_IFTYPE_STATION)
1315 if (count == 1 && ieee80211_powersave_allowed(found)) {
1319 latency = pm_qos_request(PM_QOS_NETWORK_LATENCY);
1321 beaconint_us = ieee80211_tu_to_usec(
1322 found->vif.bss_conf.beacon_int);
1324 timeout = local->dynamic_ps_forced_timeout;
1327 * Go to full PSM if the user configures a very low
1328 * latency requirement.
1329 * The 2000 second value is there for compatibility
1330 * until the PM_QOS_NETWORK_LATENCY is configured
1333 if (latency > (1900 * USEC_PER_MSEC) &&
1334 latency != (2000 * USEC_PER_SEC))
1339 local->hw.conf.dynamic_ps_timeout = timeout;
1341 if (beaconint_us > latency) {
1342 local->ps_sdata = NULL;
1345 u8 dtimper = found->u.mgd.dtim_period;
1347 /* If the TIM IE is invalid, pretend the value is 1 */
1350 else if (dtimper > 1)
1351 maxslp = min_t(int, dtimper,
1352 latency / beaconint_us);
1354 local->hw.conf.max_sleep_period = maxslp;
1355 local->hw.conf.ps_dtim_period = dtimper;
1356 local->ps_sdata = found;
1359 local->ps_sdata = NULL;
1362 ieee80211_change_ps(local);
1365 void ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data *sdata)
1367 bool ps_allowed = ieee80211_powersave_allowed(sdata);
1369 if (sdata->vif.bss_conf.ps != ps_allowed) {
1370 sdata->vif.bss_conf.ps = ps_allowed;
1371 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_PS);
1375 void ieee80211_dynamic_ps_disable_work(struct work_struct *work)
1377 struct ieee80211_local *local =
1378 container_of(work, struct ieee80211_local,
1379 dynamic_ps_disable_work);
1381 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
1382 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
1383 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1386 ieee80211_wake_queues_by_reason(&local->hw,
1387 IEEE80211_MAX_QUEUE_MAP,
1388 IEEE80211_QUEUE_STOP_REASON_PS,
1392 void ieee80211_dynamic_ps_enable_work(struct work_struct *work)
1394 struct ieee80211_local *local =
1395 container_of(work, struct ieee80211_local,
1396 dynamic_ps_enable_work);
1397 struct ieee80211_sub_if_data *sdata = local->ps_sdata;
1398 struct ieee80211_if_managed *ifmgd;
1399 unsigned long flags;
1402 /* can only happen when PS was just disabled anyway */
1406 ifmgd = &sdata->u.mgd;
1408 if (local->hw.conf.flags & IEEE80211_CONF_PS)
1411 if (local->hw.conf.dynamic_ps_timeout > 0) {
1412 /* don't enter PS if TX frames are pending */
1413 if (drv_tx_frames_pending(local)) {
1414 mod_timer(&local->dynamic_ps_timer, jiffies +
1416 local->hw.conf.dynamic_ps_timeout));
1421 * transmission can be stopped by others which leads to
1422 * dynamic_ps_timer expiry. Postpone the ps timer if it
1423 * is not the actual idle state.
1425 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
1426 for (q = 0; q < local->hw.queues; q++) {
1427 if (local->queue_stop_reasons[q]) {
1428 spin_unlock_irqrestore(&local->queue_stop_reason_lock,
1430 mod_timer(&local->dynamic_ps_timer, jiffies +
1432 local->hw.conf.dynamic_ps_timeout));
1436 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
1439 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) &&
1440 !(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) {
1441 if (drv_tx_frames_pending(local)) {
1442 mod_timer(&local->dynamic_ps_timer, jiffies +
1444 local->hw.conf.dynamic_ps_timeout));
1446 ieee80211_send_nullfunc(local, sdata, 1);
1447 /* Flush to get the tx status of nullfunc frame */
1448 ieee80211_flush_queues(local, sdata);
1452 if (!((local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) &&
1453 (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)) ||
1454 (ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) {
1455 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED;
1456 local->hw.conf.flags |= IEEE80211_CONF_PS;
1457 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1461 void ieee80211_dynamic_ps_timer(unsigned long data)
1463 struct ieee80211_local *local = (void *) data;
1465 if (local->quiescing || local->suspended)
1468 ieee80211_queue_work(&local->hw, &local->dynamic_ps_enable_work);
1471 void ieee80211_dfs_cac_timer_work(struct work_struct *work)
1473 struct delayed_work *delayed_work =
1474 container_of(work, struct delayed_work, work);
1475 struct ieee80211_sub_if_data *sdata =
1476 container_of(delayed_work, struct ieee80211_sub_if_data,
1477 dfs_cac_timer_work);
1478 struct cfg80211_chan_def chandef = sdata->vif.bss_conf.chandef;
1480 mutex_lock(&sdata->local->mtx);
1481 if (sdata->wdev.cac_started) {
1482 ieee80211_vif_release_channel(sdata);
1483 cfg80211_cac_event(sdata->dev, &chandef,
1484 NL80211_RADAR_CAC_FINISHED,
1487 mutex_unlock(&sdata->local->mtx);
1491 static bool ieee80211_sta_wmm_params(struct ieee80211_local *local,
1492 struct ieee80211_sub_if_data *sdata,
1493 const u8 *wmm_param, size_t wmm_param_len)
1495 struct ieee80211_tx_queue_params params;
1496 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1500 u8 uapsd_queues = 0;
1502 if (!local->ops->conf_tx)
1505 if (local->hw.queues < IEEE80211_NUM_ACS)
1511 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1)
1514 if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED)
1515 uapsd_queues = ifmgd->uapsd_queues;
1517 count = wmm_param[6] & 0x0f;
1518 if (count == ifmgd->wmm_last_param_set)
1520 ifmgd->wmm_last_param_set = count;
1522 pos = wmm_param + 8;
1523 left = wmm_param_len - 8;
1525 memset(¶ms, 0, sizeof(params));
1528 for (; left >= 4; left -= 4, pos += 4) {
1529 int aci = (pos[0] >> 5) & 0x03;
1530 int acm = (pos[0] >> 4) & 0x01;
1538 sdata->wmm_acm |= BIT(1) | BIT(2); /* BK/- */
1539 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK)
1545 sdata->wmm_acm |= BIT(4) | BIT(5); /* CL/VI */
1546 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI)
1552 sdata->wmm_acm |= BIT(6) | BIT(7); /* VO/NC */
1553 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO)
1560 sdata->wmm_acm |= BIT(0) | BIT(3); /* BE/EE */
1561 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE)
1566 params.aifs = pos[0] & 0x0f;
1567 params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4);
1568 params.cw_min = ecw2cw(pos[1] & 0x0f);
1569 params.txop = get_unaligned_le16(pos + 2);
1571 params.uapsd = uapsd;
1574 "WMM queue=%d aci=%d acm=%d aifs=%d cWmin=%d cWmax=%d txop=%d uapsd=%d\n",
1576 params.aifs, params.cw_min, params.cw_max,
1577 params.txop, params.uapsd);
1578 sdata->tx_conf[queue] = params;
1579 if (drv_conf_tx(local, sdata, queue, ¶ms))
1581 "failed to set TX queue parameters for queue %d\n",
1585 /* enable WMM or activate new settings */
1586 sdata->vif.bss_conf.qos = true;
1590 static void __ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata)
1592 lockdep_assert_held(&sdata->local->mtx);
1594 sdata->u.mgd.flags &= ~IEEE80211_STA_CONNECTION_POLL;
1595 ieee80211_run_deferred_scan(sdata->local);
1598 static void ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata)
1600 mutex_lock(&sdata->local->mtx);
1601 __ieee80211_stop_poll(sdata);
1602 mutex_unlock(&sdata->local->mtx);
1605 static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata,
1606 u16 capab, bool erp_valid, u8 erp)
1608 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
1610 bool use_protection;
1611 bool use_short_preamble;
1612 bool use_short_slot;
1615 use_protection = (erp & WLAN_ERP_USE_PROTECTION) != 0;
1616 use_short_preamble = (erp & WLAN_ERP_BARKER_PREAMBLE) == 0;
1618 use_protection = false;
1619 use_short_preamble = !!(capab & WLAN_CAPABILITY_SHORT_PREAMBLE);
1622 use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME);
1623 if (ieee80211_get_sdata_band(sdata) == IEEE80211_BAND_5GHZ)
1624 use_short_slot = true;
1626 if (use_protection != bss_conf->use_cts_prot) {
1627 bss_conf->use_cts_prot = use_protection;
1628 changed |= BSS_CHANGED_ERP_CTS_PROT;
1631 if (use_short_preamble != bss_conf->use_short_preamble) {
1632 bss_conf->use_short_preamble = use_short_preamble;
1633 changed |= BSS_CHANGED_ERP_PREAMBLE;
1636 if (use_short_slot != bss_conf->use_short_slot) {
1637 bss_conf->use_short_slot = use_short_slot;
1638 changed |= BSS_CHANGED_ERP_SLOT;
1644 static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
1645 struct cfg80211_bss *cbss,
1646 u32 bss_info_changed)
1648 struct ieee80211_bss *bss = (void *)cbss->priv;
1649 struct ieee80211_local *local = sdata->local;
1650 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
1652 bss_info_changed |= BSS_CHANGED_ASSOC;
1653 bss_info_changed |= ieee80211_handle_bss_capability(sdata,
1654 bss_conf->assoc_capability, bss->has_erp_value, bss->erp_value);
1656 sdata->u.mgd.beacon_timeout = usecs_to_jiffies(ieee80211_tu_to_usec(
1657 beacon_loss_count * bss_conf->beacon_int));
1659 sdata->u.mgd.associated = cbss;
1660 memcpy(sdata->u.mgd.bssid, cbss->bssid, ETH_ALEN);
1662 sdata->u.mgd.flags |= IEEE80211_STA_RESET_SIGNAL_AVE;
1664 if (sdata->vif.p2p) {
1665 const struct cfg80211_bss_ies *ies;
1668 ies = rcu_dereference(cbss->ies);
1672 ret = cfg80211_get_p2p_attr(
1673 ies->data, ies->len,
1674 IEEE80211_P2P_ATTR_ABSENCE_NOTICE,
1675 (u8 *) &bss_conf->p2p_noa_attr,
1676 sizeof(bss_conf->p2p_noa_attr));
1678 sdata->u.mgd.p2p_noa_index =
1679 bss_conf->p2p_noa_attr.index;
1680 bss_info_changed |= BSS_CHANGED_P2P_PS;
1686 /* just to be sure */
1687 ieee80211_stop_poll(sdata);
1689 ieee80211_led_assoc(local, 1);
1691 if (sdata->u.mgd.have_beacon) {
1693 * If the AP is buggy we may get here with no DTIM period
1694 * known, so assume it's 1 which is the only safe assumption
1695 * in that case, although if the TIM IE is broken powersave
1696 * probably just won't work at all.
1698 bss_conf->dtim_period = sdata->u.mgd.dtim_period ?: 1;
1699 bss_conf->beacon_rate = bss->beacon_rate;
1700 bss_info_changed |= BSS_CHANGED_BEACON_INFO;
1702 bss_conf->beacon_rate = NULL;
1703 bss_conf->dtim_period = 0;
1706 bss_conf->assoc = 1;
1708 /* Tell the driver to monitor connection quality (if supported) */
1709 if (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI &&
1710 bss_conf->cqm_rssi_thold)
1711 bss_info_changed |= BSS_CHANGED_CQM;
1713 /* Enable ARP filtering */
1714 if (bss_conf->arp_addr_cnt)
1715 bss_info_changed |= BSS_CHANGED_ARP_FILTER;
1717 ieee80211_bss_info_change_notify(sdata, bss_info_changed);
1719 mutex_lock(&local->iflist_mtx);
1720 ieee80211_recalc_ps(local, -1);
1721 mutex_unlock(&local->iflist_mtx);
1723 ieee80211_recalc_smps(sdata);
1724 ieee80211_recalc_ps_vif(sdata);
1726 netif_carrier_on(sdata->dev);
1729 static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
1730 u16 stype, u16 reason, bool tx,
1733 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1734 struct ieee80211_local *local = sdata->local;
1737 sdata_assert_lock(sdata);
1739 if (WARN_ON_ONCE(tx && !frame_buf))
1742 if (WARN_ON(!ifmgd->associated))
1745 ieee80211_stop_poll(sdata);
1747 ifmgd->associated = NULL;
1748 netif_carrier_off(sdata->dev);
1751 * if we want to get out of ps before disassoc (why?) we have
1752 * to do it before sending disassoc, as otherwise the null-packet
1755 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
1756 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
1757 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1759 local->ps_sdata = NULL;
1761 /* disable per-vif ps */
1762 ieee80211_recalc_ps_vif(sdata);
1764 /* flush out any pending frame (e.g. DELBA) before deauth/disassoc */
1766 ieee80211_flush_queues(local, sdata);
1768 /* deauthenticate/disassociate now */
1769 if (tx || frame_buf)
1770 ieee80211_send_deauth_disassoc(sdata, ifmgd->bssid, stype,
1771 reason, tx, frame_buf);
1773 /* flush out frame */
1775 ieee80211_flush_queues(local, sdata);
1777 /* clear bssid only after building the needed mgmt frames */
1778 memset(ifmgd->bssid, 0, ETH_ALEN);
1780 /* remove AP and TDLS peers */
1781 sta_info_flush(sdata);
1783 /* finally reset all BSS / config parameters */
1784 changed |= ieee80211_reset_erp_info(sdata);
1786 ieee80211_led_assoc(local, 0);
1787 changed |= BSS_CHANGED_ASSOC;
1788 sdata->vif.bss_conf.assoc = false;
1790 ifmgd->p2p_noa_index = -1;
1791 memset(&sdata->vif.bss_conf.p2p_noa_attr, 0,
1792 sizeof(sdata->vif.bss_conf.p2p_noa_attr));
1794 /* on the next assoc, re-program HT/VHT parameters */
1795 memset(&ifmgd->ht_capa, 0, sizeof(ifmgd->ht_capa));
1796 memset(&ifmgd->ht_capa_mask, 0, sizeof(ifmgd->ht_capa_mask));
1797 memset(&ifmgd->vht_capa, 0, sizeof(ifmgd->vht_capa));
1798 memset(&ifmgd->vht_capa_mask, 0, sizeof(ifmgd->vht_capa_mask));
1800 sdata->ap_power_level = IEEE80211_UNSET_POWER_LEVEL;
1802 del_timer_sync(&local->dynamic_ps_timer);
1803 cancel_work_sync(&local->dynamic_ps_enable_work);
1805 /* Disable ARP filtering */
1806 if (sdata->vif.bss_conf.arp_addr_cnt)
1807 changed |= BSS_CHANGED_ARP_FILTER;
1809 sdata->vif.bss_conf.qos = false;
1810 changed |= BSS_CHANGED_QOS;
1812 /* The BSSID (not really interesting) and HT changed */
1813 changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT;
1814 ieee80211_bss_info_change_notify(sdata, changed);
1816 /* disassociated - set to defaults now */
1817 ieee80211_set_wmm_default(sdata, false);
1819 del_timer_sync(&sdata->u.mgd.conn_mon_timer);
1820 del_timer_sync(&sdata->u.mgd.bcn_mon_timer);
1821 del_timer_sync(&sdata->u.mgd.timer);
1822 del_timer_sync(&sdata->u.mgd.chswitch_timer);
1824 sdata->vif.bss_conf.dtim_period = 0;
1825 sdata->vif.bss_conf.beacon_rate = NULL;
1827 ifmgd->have_beacon = false;
1830 mutex_lock(&local->mtx);
1831 ieee80211_vif_release_channel(sdata);
1833 sdata->vif.csa_active = false;
1834 if (sdata->csa_block_tx) {
1835 ieee80211_wake_vif_queues(local, sdata,
1836 IEEE80211_QUEUE_STOP_REASON_CSA);
1837 sdata->csa_block_tx = false;
1839 mutex_unlock(&local->mtx);
1841 sdata->encrypt_headroom = IEEE80211_ENCRYPT_HEADROOM;
1844 void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata,
1845 struct ieee80211_hdr *hdr)
1848 * We can postpone the mgd.timer whenever receiving unicast frames
1849 * from AP because we know that the connection is working both ways
1850 * at that time. But multicast frames (and hence also beacons) must
1851 * be ignored here, because we need to trigger the timer during
1852 * data idle periods for sending the periodic probe request to the
1853 * AP we're connected to.
1855 if (is_multicast_ether_addr(hdr->addr1))
1858 ieee80211_sta_reset_conn_monitor(sdata);
1861 static void ieee80211_reset_ap_probe(struct ieee80211_sub_if_data *sdata)
1863 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1864 struct ieee80211_local *local = sdata->local;
1866 mutex_lock(&local->mtx);
1867 if (!(ifmgd->flags & IEEE80211_STA_CONNECTION_POLL))
1870 __ieee80211_stop_poll(sdata);
1872 mutex_lock(&local->iflist_mtx);
1873 ieee80211_recalc_ps(local, -1);
1874 mutex_unlock(&local->iflist_mtx);
1876 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR)
1880 * We've received a probe response, but are not sure whether
1881 * we have or will be receiving any beacons or data, so let's
1882 * schedule the timers again, just in case.
1884 ieee80211_sta_reset_beacon_monitor(sdata);
1886 mod_timer(&ifmgd->conn_mon_timer,
1887 round_jiffies_up(jiffies +
1888 IEEE80211_CONNECTION_IDLE_TIME));
1890 mutex_unlock(&local->mtx);
1893 void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata,
1894 struct ieee80211_hdr *hdr, bool ack)
1896 if (!ieee80211_is_data(hdr->frame_control))
1899 if (ieee80211_is_nullfunc(hdr->frame_control) &&
1900 sdata->u.mgd.probe_send_count > 0) {
1902 ieee80211_sta_reset_conn_monitor(sdata);
1904 sdata->u.mgd.nullfunc_failed = true;
1905 ieee80211_queue_work(&sdata->local->hw, &sdata->work);
1910 ieee80211_sta_reset_conn_monitor(sdata);
1913 static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata)
1915 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1917 u8 *dst = ifmgd->associated->bssid;
1918 u8 unicast_limit = max(1, max_probe_tries - 3);
1921 * Try sending broadcast probe requests for the last three
1922 * probe requests after the first ones failed since some
1923 * buggy APs only support broadcast probe requests.
1925 if (ifmgd->probe_send_count >= unicast_limit)
1929 * When the hardware reports an accurate Tx ACK status, it's
1930 * better to send a nullfunc frame instead of a probe request,
1931 * as it will kick us off the AP quickly if we aren't associated
1932 * anymore. The timeout will be reset if the frame is ACKed by
1935 ifmgd->probe_send_count++;
1937 if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) {
1938 ifmgd->nullfunc_failed = false;
1939 ieee80211_send_nullfunc(sdata->local, sdata, 0);
1944 ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID);
1945 if (WARN_ON_ONCE(ssid == NULL))
1950 ieee80211_send_probe_req(sdata, dst, ssid + 2, ssid_len, NULL,
1951 0, (u32) -1, true, 0,
1952 ifmgd->associated->channel, false);
1956 ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms);
1957 run_again(sdata, ifmgd->probe_timeout);
1958 if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
1959 ieee80211_flush_queues(sdata->local, sdata);
1962 static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata,
1965 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1966 bool already = false;
1968 if (!ieee80211_sdata_running(sdata))
1973 if (!ifmgd->associated)
1976 mutex_lock(&sdata->local->mtx);
1978 if (sdata->local->tmp_channel || sdata->local->scanning) {
1979 mutex_unlock(&sdata->local->mtx);
1984 mlme_dbg_ratelimited(sdata,
1985 "detected beacon loss from AP (missed %d beacons) - probing\n",
1988 ieee80211_cqm_rssi_notify(&sdata->vif,
1989 NL80211_CQM_RSSI_BEACON_LOSS_EVENT,
1994 * The driver/our work has already reported this event or the
1995 * connection monitoring has kicked in and we have already sent
1996 * a probe request. Or maybe the AP died and the driver keeps
1997 * reporting until we disassociate...
1999 * In either case we have to ignore the current call to this
2000 * function (except for setting the correct probe reason bit)
2001 * because otherwise we would reset the timer every time and
2002 * never check whether we received a probe response!
2004 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL)
2007 ifmgd->flags |= IEEE80211_STA_CONNECTION_POLL;
2009 mutex_unlock(&sdata->local->mtx);
2014 mutex_lock(&sdata->local->iflist_mtx);
2015 ieee80211_recalc_ps(sdata->local, -1);
2016 mutex_unlock(&sdata->local->iflist_mtx);
2018 ifmgd->probe_send_count = 0;
2019 ieee80211_mgd_probe_ap_send(sdata);
2021 sdata_unlock(sdata);
2024 struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw,
2025 struct ieee80211_vif *vif)
2027 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2028 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2029 struct cfg80211_bss *cbss;
2030 struct sk_buff *skb;
2034 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
2037 sdata_assert_lock(sdata);
2039 if (ifmgd->associated)
2040 cbss = ifmgd->associated;
2041 else if (ifmgd->auth_data)
2042 cbss = ifmgd->auth_data->bss;
2043 else if (ifmgd->assoc_data)
2044 cbss = ifmgd->assoc_data->bss;
2049 ssid = ieee80211_bss_get_ie(cbss, WLAN_EID_SSID);
2050 if (WARN_ON_ONCE(ssid == NULL))
2055 skb = ieee80211_build_probe_req(sdata, cbss->bssid,
2056 (u32) -1, cbss->channel,
2063 EXPORT_SYMBOL(ieee80211_ap_probereq_get);
2065 static void __ieee80211_disconnect(struct ieee80211_sub_if_data *sdata)
2067 struct ieee80211_local *local = sdata->local;
2068 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2069 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
2072 if (!ifmgd->associated) {
2073 sdata_unlock(sdata);
2077 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
2078 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
2080 ifmgd->flags &= ~IEEE80211_STA_CSA_RECEIVED;
2082 mutex_lock(&local->mtx);
2083 sdata->vif.csa_active = false;
2084 if (sdata->csa_block_tx) {
2085 ieee80211_wake_vif_queues(local, sdata,
2086 IEEE80211_QUEUE_STOP_REASON_CSA);
2087 sdata->csa_block_tx = false;
2089 mutex_unlock(&local->mtx);
2091 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,
2092 IEEE80211_DEAUTH_FRAME_LEN);
2093 sdata_unlock(sdata);
2096 static void ieee80211_beacon_connection_loss_work(struct work_struct *work)
2098 struct ieee80211_sub_if_data *sdata =
2099 container_of(work, struct ieee80211_sub_if_data,
2100 u.mgd.beacon_connection_loss_work);
2101 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2102 struct sta_info *sta;
2104 if (ifmgd->associated) {
2106 sta = sta_info_get(sdata, ifmgd->bssid);
2108 sta->beacon_loss_count++;
2112 if (ifmgd->connection_loss) {
2113 sdata_info(sdata, "Connection to AP %pM lost\n",
2115 __ieee80211_disconnect(sdata);
2117 ieee80211_mgd_probe_ap(sdata, true);
2121 static void ieee80211_csa_connection_drop_work(struct work_struct *work)
2123 struct ieee80211_sub_if_data *sdata =
2124 container_of(work, struct ieee80211_sub_if_data,
2125 u.mgd.csa_connection_drop_work);
2127 __ieee80211_disconnect(sdata);
2130 void ieee80211_beacon_loss(struct ieee80211_vif *vif)
2132 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2133 struct ieee80211_hw *hw = &sdata->local->hw;
2135 trace_api_beacon_loss(sdata);
2137 sdata->u.mgd.connection_loss = false;
2138 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work);
2140 EXPORT_SYMBOL(ieee80211_beacon_loss);
2142 void ieee80211_connection_loss(struct ieee80211_vif *vif)
2144 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2145 struct ieee80211_hw *hw = &sdata->local->hw;
2147 trace_api_connection_loss(sdata);
2149 sdata->u.mgd.connection_loss = true;
2150 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work);
2152 EXPORT_SYMBOL(ieee80211_connection_loss);
2155 static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata,
2158 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data;
2160 sdata_assert_lock(sdata);
2163 sta_info_destroy_addr(sdata, auth_data->bss->bssid);
2165 memset(sdata->u.mgd.bssid, 0, ETH_ALEN);
2166 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
2167 sdata->u.mgd.flags = 0;
2168 mutex_lock(&sdata->local->mtx);
2169 ieee80211_vif_release_channel(sdata);
2170 mutex_unlock(&sdata->local->mtx);
2173 cfg80211_put_bss(sdata->local->hw.wiphy, auth_data->bss);
2175 sdata->u.mgd.auth_data = NULL;
2178 static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata,
2179 struct ieee80211_mgmt *mgmt, size_t len)
2181 struct ieee80211_local *local = sdata->local;
2182 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data;
2184 struct ieee802_11_elems elems;
2187 pos = mgmt->u.auth.variable;
2188 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems);
2189 if (!elems.challenge)
2191 auth_data->expected_transaction = 4;
2192 drv_mgd_prepare_tx(sdata->local, sdata);
2193 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
2194 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
2195 IEEE80211_TX_INTFL_MLME_CONN_TX;
2196 ieee80211_send_auth(sdata, 3, auth_data->algorithm, 0,
2197 elems.challenge - 2, elems.challenge_len + 2,
2198 auth_data->bss->bssid, auth_data->bss->bssid,
2199 auth_data->key, auth_data->key_len,
2200 auth_data->key_idx, tx_flags);
2203 static void ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata,
2204 struct ieee80211_mgmt *mgmt, size_t len)
2206 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2208 u16 auth_alg, auth_transaction, status_code;
2209 struct sta_info *sta;
2211 sdata_assert_lock(sdata);
2216 if (!ifmgd->auth_data || ifmgd->auth_data->done)
2219 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN);
2221 if (!ether_addr_equal(bssid, mgmt->bssid))
2224 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
2225 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
2226 status_code = le16_to_cpu(mgmt->u.auth.status_code);
2228 if (auth_alg != ifmgd->auth_data->algorithm ||
2229 auth_transaction != ifmgd->auth_data->expected_transaction) {
2230 sdata_info(sdata, "%pM unexpected authentication state: alg %d (expected %d) transact %d (expected %d)\n",
2231 mgmt->sa, auth_alg, ifmgd->auth_data->algorithm,
2233 ifmgd->auth_data->expected_transaction);
2237 if (status_code != WLAN_STATUS_SUCCESS) {
2238 sdata_info(sdata, "%pM denied authentication (status %d)\n",
2239 mgmt->sa, status_code);
2240 ieee80211_destroy_auth_data(sdata, false);
2241 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
2245 switch (ifmgd->auth_data->algorithm) {
2246 case WLAN_AUTH_OPEN:
2247 case WLAN_AUTH_LEAP:
2251 case WLAN_AUTH_SHARED_KEY:
2252 if (ifmgd->auth_data->expected_transaction != 4) {
2253 ieee80211_auth_challenge(sdata, mgmt, len);
2254 /* need another frame */
2259 WARN_ONCE(1, "invalid auth alg %d",
2260 ifmgd->auth_data->algorithm);
2264 sdata_info(sdata, "authenticated\n");
2265 ifmgd->auth_data->done = true;
2266 ifmgd->auth_data->timeout = jiffies + IEEE80211_AUTH_WAIT_ASSOC;
2267 ifmgd->auth_data->timeout_started = true;
2268 run_again(sdata, ifmgd->auth_data->timeout);
2270 if (ifmgd->auth_data->algorithm == WLAN_AUTH_SAE &&
2271 ifmgd->auth_data->expected_transaction != 2) {
2273 * Report auth frame to user space for processing since another
2274 * round of Authentication frames is still needed.
2276 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
2280 /* move station state to auth */
2281 mutex_lock(&sdata->local->sta_mtx);
2282 sta = sta_info_get(sdata, bssid);
2284 WARN_ONCE(1, "%s: STA %pM not found", sdata->name, bssid);
2287 if (sta_info_move_state(sta, IEEE80211_STA_AUTH)) {
2288 sdata_info(sdata, "failed moving %pM to auth\n", bssid);
2291 mutex_unlock(&sdata->local->sta_mtx);
2293 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
2296 mutex_unlock(&sdata->local->sta_mtx);
2297 /* ignore frame -- wait for timeout */
2300 #define case_WLAN(type) \
2301 case WLAN_REASON_##type: return #type
2303 static const char *ieee80211_get_reason_code_string(u16 reason_code)
2305 switch (reason_code) {
2306 case_WLAN(UNSPECIFIED);
2307 case_WLAN(PREV_AUTH_NOT_VALID);
2308 case_WLAN(DEAUTH_LEAVING);
2309 case_WLAN(DISASSOC_DUE_TO_INACTIVITY);
2310 case_WLAN(DISASSOC_AP_BUSY);
2311 case_WLAN(CLASS2_FRAME_FROM_NONAUTH_STA);
2312 case_WLAN(CLASS3_FRAME_FROM_NONASSOC_STA);
2313 case_WLAN(DISASSOC_STA_HAS_LEFT);
2314 case_WLAN(STA_REQ_ASSOC_WITHOUT_AUTH);
2315 case_WLAN(DISASSOC_BAD_POWER);
2316 case_WLAN(DISASSOC_BAD_SUPP_CHAN);
2317 case_WLAN(INVALID_IE);
2318 case_WLAN(MIC_FAILURE);
2319 case_WLAN(4WAY_HANDSHAKE_TIMEOUT);
2320 case_WLAN(GROUP_KEY_HANDSHAKE_TIMEOUT);
2321 case_WLAN(IE_DIFFERENT);
2322 case_WLAN(INVALID_GROUP_CIPHER);
2323 case_WLAN(INVALID_PAIRWISE_CIPHER);
2324 case_WLAN(INVALID_AKMP);
2325 case_WLAN(UNSUPP_RSN_VERSION);
2326 case_WLAN(INVALID_RSN_IE_CAP);
2327 case_WLAN(IEEE8021X_FAILED);
2328 case_WLAN(CIPHER_SUITE_REJECTED);
2329 case_WLAN(DISASSOC_UNSPECIFIED_QOS);
2330 case_WLAN(DISASSOC_QAP_NO_BANDWIDTH);
2331 case_WLAN(DISASSOC_LOW_ACK);
2332 case_WLAN(DISASSOC_QAP_EXCEED_TXOP);
2333 case_WLAN(QSTA_LEAVE_QBSS);
2334 case_WLAN(QSTA_NOT_USE);
2335 case_WLAN(QSTA_REQUIRE_SETUP);
2336 case_WLAN(QSTA_TIMEOUT);
2337 case_WLAN(QSTA_CIPHER_NOT_SUPP);
2338 case_WLAN(MESH_PEER_CANCELED);
2339 case_WLAN(MESH_MAX_PEERS);
2340 case_WLAN(MESH_CONFIG);
2341 case_WLAN(MESH_CLOSE);
2342 case_WLAN(MESH_MAX_RETRIES);
2343 case_WLAN(MESH_CONFIRM_TIMEOUT);
2344 case_WLAN(MESH_INVALID_GTK);
2345 case_WLAN(MESH_INCONSISTENT_PARAM);
2346 case_WLAN(MESH_INVALID_SECURITY);
2347 case_WLAN(MESH_PATH_ERROR);
2348 case_WLAN(MESH_PATH_NOFORWARD);
2349 case_WLAN(MESH_PATH_DEST_UNREACHABLE);
2350 case_WLAN(MAC_EXISTS_IN_MBSS);
2351 case_WLAN(MESH_CHAN_REGULATORY);
2352 case_WLAN(MESH_CHAN);
2353 default: return "<unknown>";
2357 static void ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata,
2358 struct ieee80211_mgmt *mgmt, size_t len)
2360 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2361 const u8 *bssid = NULL;
2364 sdata_assert_lock(sdata);
2369 if (!ifmgd->associated ||
2370 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid))
2373 bssid = ifmgd->associated->bssid;
2375 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
2377 sdata_info(sdata, "deauthenticated from %pM (Reason: %u=%s)\n",
2378 bssid, reason_code, ieee80211_get_reason_code_string(reason_code));
2380 ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
2382 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
2386 static void ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata,
2387 struct ieee80211_mgmt *mgmt, size_t len)
2389 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2392 sdata_assert_lock(sdata);
2397 if (!ifmgd->associated ||
2398 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid))
2401 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
2403 sdata_info(sdata, "disassociated from %pM (Reason: %u)\n",
2404 mgmt->sa, reason_code);
2406 ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
2408 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
2411 static void ieee80211_get_rates(struct ieee80211_supported_band *sband,
2412 u8 *supp_rates, unsigned int supp_rates_len,
2413 u32 *rates, u32 *basic_rates,
2414 bool *have_higher_than_11mbit,
2415 int *min_rate, int *min_rate_index,
2416 int shift, u32 rate_flags)
2420 for (i = 0; i < supp_rates_len; i++) {
2421 int rate = supp_rates[i] & 0x7f;
2422 bool is_basic = !!(supp_rates[i] & 0x80);
2424 if ((rate * 5 * (1 << shift)) > 110)
2425 *have_higher_than_11mbit = true;
2428 * BSS_MEMBERSHIP_SELECTOR_HT_PHY is defined in 802.11n-2009
2429 * 7.3.2.2 as a magic value instead of a rate. Hence, skip it.
2431 * Note: Even through the membership selector and the basic
2432 * rate flag share the same bit, they are not exactly
2435 if (!!(supp_rates[i] & 0x80) &&
2436 (supp_rates[i] & 0x7f) == BSS_MEMBERSHIP_SELECTOR_HT_PHY)
2439 for (j = 0; j < sband->n_bitrates; j++) {
2440 struct ieee80211_rate *br;
2443 br = &sband->bitrates[j];
2444 if ((rate_flags & br->flags) != rate_flags)
2447 brate = DIV_ROUND_UP(br->bitrate, (1 << shift) * 5);
2448 if (brate == rate) {
2451 *basic_rates |= BIT(j);
2452 if ((rate * 5) < *min_rate) {
2453 *min_rate = rate * 5;
2454 *min_rate_index = j;
2462 static void ieee80211_destroy_assoc_data(struct ieee80211_sub_if_data *sdata,
2465 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data;
2467 sdata_assert_lock(sdata);
2470 sta_info_destroy_addr(sdata, assoc_data->bss->bssid);
2472 memset(sdata->u.mgd.bssid, 0, ETH_ALEN);
2473 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
2474 sdata->u.mgd.flags = 0;
2475 mutex_lock(&sdata->local->mtx);
2476 ieee80211_vif_release_channel(sdata);
2477 mutex_unlock(&sdata->local->mtx);
2481 sdata->u.mgd.assoc_data = NULL;
2484 static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata,
2485 struct cfg80211_bss *cbss,
2486 struct ieee80211_mgmt *mgmt, size_t len)
2488 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2489 struct ieee80211_local *local = sdata->local;
2490 struct ieee80211_supported_band *sband;
2491 struct sta_info *sta;
2493 u16 capab_info, aid;
2494 struct ieee802_11_elems elems;
2495 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
2496 const struct cfg80211_bss_ies *bss_ies = NULL;
2497 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
2502 /* AssocResp and ReassocResp have identical structure */
2504 aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
2505 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
2507 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14)))
2508 sdata_info(sdata, "invalid AID value 0x%x; bits 15:14 not set\n",
2510 aid &= ~(BIT(15) | BIT(14));
2512 ifmgd->broken_ap = false;
2514 if (aid == 0 || aid > IEEE80211_MAX_AID) {
2515 sdata_info(sdata, "invalid AID value %d (out of range), turn off PS\n",
2518 ifmgd->broken_ap = true;
2521 pos = mgmt->u.assoc_resp.variable;
2522 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems);
2524 if (!elems.supp_rates) {
2525 sdata_info(sdata, "no SuppRates element in AssocResp\n");
2532 * Some APs are erroneously not including some information in their
2533 * (re)association response frames. Try to recover by using the data
2534 * from the beacon or probe response. This seems to afflict mobile
2535 * 2G/3G/4G wifi routers, reported models include the "Onda PN51T",
2536 * "Vodafone PocketWiFi 2", "ZTE MF60" and a similar T-Mobile device.
2538 if ((assoc_data->wmm && !elems.wmm_param) ||
2539 (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
2540 (!elems.ht_cap_elem || !elems.ht_operation)) ||
2541 (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) &&
2542 (!elems.vht_cap_elem || !elems.vht_operation))) {
2543 const struct cfg80211_bss_ies *ies;
2544 struct ieee802_11_elems bss_elems;
2547 ies = rcu_dereference(cbss->ies);
2549 bss_ies = kmemdup(ies, sizeof(*ies) + ies->len,
2555 ieee802_11_parse_elems(bss_ies->data, bss_ies->len,
2557 if (assoc_data->wmm &&
2558 !elems.wmm_param && bss_elems.wmm_param) {
2559 elems.wmm_param = bss_elems.wmm_param;
2561 "AP bug: WMM param missing from AssocResp\n");
2565 * Also check if we requested HT/VHT, otherwise the AP doesn't
2566 * have to include the IEs in the (re)association response.
2568 if (!elems.ht_cap_elem && bss_elems.ht_cap_elem &&
2569 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) {
2570 elems.ht_cap_elem = bss_elems.ht_cap_elem;
2572 "AP bug: HT capability missing from AssocResp\n");
2574 if (!elems.ht_operation && bss_elems.ht_operation &&
2575 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) {
2576 elems.ht_operation = bss_elems.ht_operation;
2578 "AP bug: HT operation missing from AssocResp\n");
2580 if (!elems.vht_cap_elem && bss_elems.vht_cap_elem &&
2581 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) {
2582 elems.vht_cap_elem = bss_elems.vht_cap_elem;
2584 "AP bug: VHT capa missing from AssocResp\n");
2586 if (!elems.vht_operation && bss_elems.vht_operation &&
2587 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) {
2588 elems.vht_operation = bss_elems.vht_operation;
2590 "AP bug: VHT operation missing from AssocResp\n");
2595 * We previously checked these in the beacon/probe response, so
2596 * they should be present here. This is just a safety net.
2598 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
2599 (!elems.wmm_param || !elems.ht_cap_elem || !elems.ht_operation)) {
2601 "HT AP is missing WMM params or HT capability/operation\n");
2606 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) &&
2607 (!elems.vht_cap_elem || !elems.vht_operation)) {
2609 "VHT AP is missing VHT capability/operation\n");
2614 mutex_lock(&sdata->local->sta_mtx);
2616 * station info was already allocated and inserted before
2617 * the association and should be available to us
2619 sta = sta_info_get(sdata, cbss->bssid);
2620 if (WARN_ON(!sta)) {
2621 mutex_unlock(&sdata->local->sta_mtx);
2626 sband = local->hw.wiphy->bands[ieee80211_get_sdata_band(sdata)];
2628 /* Set up internal HT/VHT capabilities */
2629 if (elems.ht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_HT))
2630 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband,
2631 elems.ht_cap_elem, sta);
2633 if (elems.vht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
2634 ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband,
2635 elems.vht_cap_elem, sta);
2638 * Some APs, e.g. Netgear WNDR3700, report invalid HT operation data
2639 * in their association response, so ignore that data for our own
2640 * configuration. If it changed since the last beacon, we'll get the
2641 * next beacon and update then.
2645 * If an operating mode notification IE is present, override the
2646 * NSS calculation (that would be done in rate_control_rate_init())
2647 * and use the # of streams from that element.
2649 if (elems.opmode_notif &&
2650 !(*elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_TYPE_BF)) {
2653 nss = *elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_MASK;
2654 nss >>= IEEE80211_OPMODE_NOTIF_RX_NSS_SHIFT;
2656 sta->sta.rx_nss = nss;
2659 rate_control_rate_init(sta);
2661 if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED)
2662 set_sta_flag(sta, WLAN_STA_MFP);
2664 if (elems.wmm_param)
2665 set_sta_flag(sta, WLAN_STA_WME);
2667 err = sta_info_move_state(sta, IEEE80211_STA_ASSOC);
2668 if (!err && !(ifmgd->flags & IEEE80211_STA_CONTROL_PORT))
2669 err = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED);
2672 "failed to move station %pM to desired state\n",
2674 WARN_ON(__sta_info_destroy(sta));
2675 mutex_unlock(&sdata->local->sta_mtx);
2680 mutex_unlock(&sdata->local->sta_mtx);
2683 * Always handle WMM once after association regardless
2684 * of the first value the AP uses. Setting -1 here has
2685 * that effect because the AP values is an unsigned
2688 ifmgd->wmm_last_param_set = -1;
2690 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_WMM) && elems.wmm_param)
2691 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param,
2692 elems.wmm_param_len);
2694 ieee80211_set_wmm_default(sdata, false);
2695 changed |= BSS_CHANGED_QOS;
2697 /* set AID and assoc capability,
2698 * ieee80211_set_associated() will tell the driver */
2699 bss_conf->aid = aid;
2700 bss_conf->assoc_capability = capab_info;
2701 ieee80211_set_associated(sdata, cbss, changed);
2704 * If we're using 4-addr mode, let the AP know that we're
2705 * doing so, so that it can create the STA VLAN on its side
2707 if (ifmgd->use_4addr)
2708 ieee80211_send_4addr_nullfunc(local, sdata);
2711 * Start timer to probe the connection to the AP now.
2712 * Also start the timer that will detect beacon loss.
2714 ieee80211_sta_rx_notify(sdata, (struct ieee80211_hdr *)mgmt);
2715 ieee80211_sta_reset_beacon_monitor(sdata);
2723 static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
2724 struct ieee80211_mgmt *mgmt,
2727 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2728 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
2729 u16 capab_info, status_code, aid;
2730 struct ieee802_11_elems elems;
2733 struct cfg80211_bss *bss;
2735 sdata_assert_lock(sdata);
2739 if (!ether_addr_equal(assoc_data->bss->bssid, mgmt->bssid))
2743 * AssocResp and ReassocResp have identical structure, so process both
2744 * of them in this function.
2750 reassoc = ieee80211_is_reassoc_req(mgmt->frame_control);
2751 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
2752 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
2753 aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
2756 "RX %sssocResp from %pM (capab=0x%x status=%d aid=%d)\n",
2757 reassoc ? "Rea" : "A", mgmt->sa,
2758 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14))));
2760 pos = mgmt->u.assoc_resp.variable;
2761 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems);
2763 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY &&
2764 elems.timeout_int &&
2765 elems.timeout_int->type == WLAN_TIMEOUT_ASSOC_COMEBACK) {
2767 tu = le32_to_cpu(elems.timeout_int->value);
2768 ms = tu * 1024 / 1000;
2770 "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n",
2772 assoc_data->timeout = jiffies + msecs_to_jiffies(ms);
2773 assoc_data->timeout_started = true;
2774 if (ms > IEEE80211_ASSOC_TIMEOUT)
2775 run_again(sdata, assoc_data->timeout);
2779 bss = assoc_data->bss;
2781 if (status_code != WLAN_STATUS_SUCCESS) {
2782 sdata_info(sdata, "%pM denied association (code=%d)\n",
2783 mgmt->sa, status_code);
2784 ieee80211_destroy_assoc_data(sdata, false);
2786 if (!ieee80211_assoc_success(sdata, bss, mgmt, len)) {
2787 /* oops -- internal error -- send timeout for now */
2788 ieee80211_destroy_assoc_data(sdata, false);
2789 cfg80211_assoc_timeout(sdata->dev, bss);
2792 sdata_info(sdata, "associated\n");
2795 * destroy assoc_data afterwards, as otherwise an idle
2796 * recalc after assoc_data is NULL but before associated
2797 * is set can cause the interface to go idle
2799 ieee80211_destroy_assoc_data(sdata, true);
2802 cfg80211_rx_assoc_resp(sdata->dev, bss, (u8 *)mgmt, len);
2805 static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
2806 struct ieee80211_mgmt *mgmt, size_t len,
2807 struct ieee80211_rx_status *rx_status,
2808 struct ieee802_11_elems *elems)
2810 struct ieee80211_local *local = sdata->local;
2811 struct ieee80211_bss *bss;
2812 struct ieee80211_channel *channel;
2814 sdata_assert_lock(sdata);
2816 channel = ieee80211_get_channel(local->hw.wiphy, rx_status->freq);
2820 bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, elems,
2823 sdata->vif.bss_conf.beacon_rate = bss->beacon_rate;
2824 ieee80211_rx_bss_put(local, bss);
2829 static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata,
2830 struct sk_buff *skb)
2832 struct ieee80211_mgmt *mgmt = (void *)skb->data;
2833 struct ieee80211_if_managed *ifmgd;
2834 struct ieee80211_rx_status *rx_status = (void *) skb->cb;
2835 size_t baselen, len = skb->len;
2836 struct ieee802_11_elems elems;
2838 ifmgd = &sdata->u.mgd;
2840 sdata_assert_lock(sdata);
2842 if (!ether_addr_equal(mgmt->da, sdata->vif.addr))
2843 return; /* ignore ProbeResp to foreign address */
2845 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt;
2849 ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen,
2852 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems);
2854 if (ifmgd->associated &&
2855 ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid))
2856 ieee80211_reset_ap_probe(sdata);
2858 if (ifmgd->auth_data && !ifmgd->auth_data->bss->proberesp_ies &&
2859 ether_addr_equal(mgmt->bssid, ifmgd->auth_data->bss->bssid)) {
2860 /* got probe response, continue with auth */
2861 sdata_info(sdata, "direct probe responded\n");
2862 ifmgd->auth_data->tries = 0;
2863 ifmgd->auth_data->timeout = jiffies;
2864 ifmgd->auth_data->timeout_started = true;
2865 run_again(sdata, ifmgd->auth_data->timeout);
2870 * This is the canonical list of information elements we care about,
2871 * the filter code also gives us all changes to the Microsoft OUI
2872 * (00:50:F2) vendor IE which is used for WMM which we need to track.
2874 * We implement beacon filtering in software since that means we can
2875 * avoid processing the frame here and in cfg80211, and userspace
2876 * will not be able to tell whether the hardware supports it or not.
2878 * XXX: This list needs to be dynamic -- userspace needs to be able to
2879 * add items it requires. It also needs to be able to tell us to
2880 * look out for other vendor IEs.
2882 static const u64 care_about_ies =
2883 (1ULL << WLAN_EID_COUNTRY) |
2884 (1ULL << WLAN_EID_ERP_INFO) |
2885 (1ULL << WLAN_EID_CHANNEL_SWITCH) |
2886 (1ULL << WLAN_EID_PWR_CONSTRAINT) |
2887 (1ULL << WLAN_EID_HT_CAPABILITY) |
2888 (1ULL << WLAN_EID_HT_OPERATION);
2890 static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
2891 struct ieee80211_mgmt *mgmt, size_t len,
2892 struct ieee80211_rx_status *rx_status)
2894 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2895 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
2897 struct ieee802_11_elems elems;
2898 struct ieee80211_local *local = sdata->local;
2899 struct ieee80211_chanctx_conf *chanctx_conf;
2900 struct ieee80211_channel *chan;
2901 struct sta_info *sta;
2907 u8 deauth_buf[IEEE80211_DEAUTH_FRAME_LEN];
2909 sdata_assert_lock(sdata);
2911 /* Process beacon from the current BSS */
2912 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
2917 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
2918 if (!chanctx_conf) {
2923 if (rx_status->freq != chanctx_conf->def.chan->center_freq) {
2927 chan = chanctx_conf->def.chan;
2930 if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon &&
2931 ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->bss->bssid)) {
2932 ieee802_11_parse_elems(mgmt->u.beacon.variable,
2933 len - baselen, false, &elems);
2935 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems);
2936 if (elems.tim && !elems.parse_error) {
2937 const struct ieee80211_tim_ie *tim_ie = elems.tim;
2938 ifmgd->dtim_period = tim_ie->dtim_period;
2940 ifmgd->have_beacon = true;
2941 ifmgd->assoc_data->need_beacon = false;
2942 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) {
2943 sdata->vif.bss_conf.sync_tsf =
2944 le64_to_cpu(mgmt->u.beacon.timestamp);
2945 sdata->vif.bss_conf.sync_device_ts =
2946 rx_status->device_timestamp;
2948 sdata->vif.bss_conf.sync_dtim_count =
2949 elems.tim->dtim_count;
2951 sdata->vif.bss_conf.sync_dtim_count = 0;
2953 /* continue assoc process */
2954 ifmgd->assoc_data->timeout = jiffies;
2955 ifmgd->assoc_data->timeout_started = true;
2956 run_again(sdata, ifmgd->assoc_data->timeout);
2960 if (!ifmgd->associated ||
2961 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid))
2963 bssid = ifmgd->associated->bssid;
2965 /* Track average RSSI from the Beacon frames of the current AP */
2966 ifmgd->last_beacon_signal = rx_status->signal;
2967 if (ifmgd->flags & IEEE80211_STA_RESET_SIGNAL_AVE) {
2968 ifmgd->flags &= ~IEEE80211_STA_RESET_SIGNAL_AVE;
2969 ifmgd->ave_beacon_signal = rx_status->signal * 16;
2970 ifmgd->last_cqm_event_signal = 0;
2971 ifmgd->count_beacon_signal = 1;
2972 ifmgd->last_ave_beacon_signal = 0;
2974 ifmgd->ave_beacon_signal =
2975 (IEEE80211_SIGNAL_AVE_WEIGHT * rx_status->signal * 16 +
2976 (16 - IEEE80211_SIGNAL_AVE_WEIGHT) *
2977 ifmgd->ave_beacon_signal) / 16;
2978 ifmgd->count_beacon_signal++;
2981 if (ifmgd->rssi_min_thold != ifmgd->rssi_max_thold &&
2982 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) {
2983 int sig = ifmgd->ave_beacon_signal;
2984 int last_sig = ifmgd->last_ave_beacon_signal;
2987 * if signal crosses either of the boundaries, invoke callback
2988 * with appropriate parameters
2990 if (sig > ifmgd->rssi_max_thold &&
2991 (last_sig <= ifmgd->rssi_min_thold || last_sig == 0)) {
2992 ifmgd->last_ave_beacon_signal = sig;
2993 drv_rssi_callback(local, sdata, RSSI_EVENT_HIGH);
2994 } else if (sig < ifmgd->rssi_min_thold &&
2995 (last_sig >= ifmgd->rssi_max_thold ||
2997 ifmgd->last_ave_beacon_signal = sig;
2998 drv_rssi_callback(local, sdata, RSSI_EVENT_LOW);
3002 if (bss_conf->cqm_rssi_thold &&
3003 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT &&
3004 !(sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI)) {
3005 int sig = ifmgd->ave_beacon_signal / 16;
3006 int last_event = ifmgd->last_cqm_event_signal;
3007 int thold = bss_conf->cqm_rssi_thold;
3008 int hyst = bss_conf->cqm_rssi_hyst;
3010 (last_event == 0 || sig < last_event - hyst)) {
3011 ifmgd->last_cqm_event_signal = sig;
3012 ieee80211_cqm_rssi_notify(
3014 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW,
3016 } else if (sig > thold &&
3017 (last_event == 0 || sig > last_event + hyst)) {
3018 ifmgd->last_cqm_event_signal = sig;
3019 ieee80211_cqm_rssi_notify(
3021 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH,
3026 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) {
3027 mlme_dbg_ratelimited(sdata,
3028 "cancelling AP probe due to a received beacon\n");
3029 ieee80211_reset_ap_probe(sdata);
3033 * Push the beacon loss detection into the future since
3034 * we are processing a beacon from the AP just now.
3036 ieee80211_sta_reset_beacon_monitor(sdata);
3038 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4);
3039 ncrc = ieee802_11_parse_elems_crc(mgmt->u.beacon.variable,
3040 len - baselen, false, &elems,
3041 care_about_ies, ncrc);
3043 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) {
3044 bool directed_tim = ieee80211_check_tim(elems.tim,
3048 if (local->hw.conf.dynamic_ps_timeout > 0) {
3049 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
3050 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
3051 ieee80211_hw_config(local,
3052 IEEE80211_CONF_CHANGE_PS);
3054 ieee80211_send_nullfunc(local, sdata, 0);
3055 } else if (!local->pspolling && sdata->u.mgd.powersave) {
3056 local->pspolling = true;
3059 * Here is assumed that the driver will be
3060 * able to send ps-poll frame and receive a
3061 * response even though power save mode is
3062 * enabled, but some drivers might require
3063 * to disable power save here. This needs
3064 * to be investigated.
3066 ieee80211_send_pspoll(local, sdata);
3071 if (sdata->vif.p2p) {
3072 struct ieee80211_p2p_noa_attr noa = {};
3075 ret = cfg80211_get_p2p_attr(mgmt->u.beacon.variable,
3077 IEEE80211_P2P_ATTR_ABSENCE_NOTICE,
3078 (u8 *) &noa, sizeof(noa));
3080 if (sdata->u.mgd.p2p_noa_index != noa.index) {
3081 /* valid noa_attr and index changed */
3082 sdata->u.mgd.p2p_noa_index = noa.index;
3083 memcpy(&bss_conf->p2p_noa_attr, &noa, sizeof(noa));
3084 changed |= BSS_CHANGED_P2P_PS;
3086 * make sure we update all information, the CRC
3087 * mechanism doesn't look at P2P attributes.
3089 ifmgd->beacon_crc_valid = false;
3091 } else if (sdata->u.mgd.p2p_noa_index != -1) {
3092 /* noa_attr not found and we had valid noa_attr before */
3093 sdata->u.mgd.p2p_noa_index = -1;
3094 memset(&bss_conf->p2p_noa_attr, 0, sizeof(bss_conf->p2p_noa_attr));
3095 changed |= BSS_CHANGED_P2P_PS;
3096 ifmgd->beacon_crc_valid = false;
3100 if (ncrc == ifmgd->beacon_crc && ifmgd->beacon_crc_valid)
3102 ifmgd->beacon_crc = ncrc;
3103 ifmgd->beacon_crc_valid = true;
3105 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems);
3107 ieee80211_sta_process_chanswitch(sdata, rx_status->mactime,
3110 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_WMM) &&
3111 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param,
3112 elems.wmm_param_len))
3113 changed |= BSS_CHANGED_QOS;
3116 * If we haven't had a beacon before, tell the driver about the
3117 * DTIM period (and beacon timing if desired) now.
3119 if (!ifmgd->have_beacon) {
3120 /* a few bogus AP send dtim_period = 0 or no TIM IE */
3122 bss_conf->dtim_period = elems.tim->dtim_period ?: 1;
3124 bss_conf->dtim_period = 1;
3126 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) {
3127 sdata->vif.bss_conf.sync_tsf =
3128 le64_to_cpu(mgmt->u.beacon.timestamp);
3129 sdata->vif.bss_conf.sync_device_ts =
3130 rx_status->device_timestamp;
3132 sdata->vif.bss_conf.sync_dtim_count =
3133 elems.tim->dtim_count;
3135 sdata->vif.bss_conf.sync_dtim_count = 0;
3138 changed |= BSS_CHANGED_BEACON_INFO;
3139 ifmgd->have_beacon = true;
3141 mutex_lock(&local->iflist_mtx);
3142 ieee80211_recalc_ps(local, -1);
3143 mutex_unlock(&local->iflist_mtx);
3145 ieee80211_recalc_ps_vif(sdata);
3148 if (elems.erp_info) {
3150 erp_value = elems.erp_info[0];
3154 changed |= ieee80211_handle_bss_capability(sdata,
3155 le16_to_cpu(mgmt->u.beacon.capab_info),
3156 erp_valid, erp_value);
3158 mutex_lock(&local->sta_mtx);
3159 sta = sta_info_get(sdata, bssid);
3161 if (ieee80211_config_bw(sdata, sta, elems.ht_operation,
3162 elems.vht_operation, bssid, &changed)) {
3163 mutex_unlock(&local->sta_mtx);
3164 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
3165 WLAN_REASON_DEAUTH_LEAVING,
3167 cfg80211_tx_mlme_mgmt(sdata->dev, deauth_buf,
3168 sizeof(deauth_buf));
3172 if (sta && elems.opmode_notif)
3173 ieee80211_vht_handle_opmode(sdata, sta, *elems.opmode_notif,
3174 rx_status->band, true);
3175 mutex_unlock(&local->sta_mtx);
3177 if (elems.country_elem && elems.pwr_constr_elem &&
3178 mgmt->u.probe_resp.capab_info &
3179 cpu_to_le16(WLAN_CAPABILITY_SPECTRUM_MGMT))
3180 changed |= ieee80211_handle_pwr_constr(sdata, chan,
3182 elems.country_elem_len,
3183 elems.pwr_constr_elem);
3185 ieee80211_bss_info_change_notify(sdata, changed);
3188 void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
3189 struct sk_buff *skb)
3191 struct ieee80211_rx_status *rx_status;
3192 struct ieee80211_mgmt *mgmt;
3194 struct ieee802_11_elems elems;
3197 rx_status = (struct ieee80211_rx_status *) skb->cb;
3198 mgmt = (struct ieee80211_mgmt *) skb->data;
3199 fc = le16_to_cpu(mgmt->frame_control);
3203 switch (fc & IEEE80211_FCTL_STYPE) {
3204 case IEEE80211_STYPE_BEACON:
3205 ieee80211_rx_mgmt_beacon(sdata, mgmt, skb->len, rx_status);
3207 case IEEE80211_STYPE_PROBE_RESP:
3208 ieee80211_rx_mgmt_probe_resp(sdata, skb);
3210 case IEEE80211_STYPE_AUTH:
3211 ieee80211_rx_mgmt_auth(sdata, mgmt, skb->len);
3213 case IEEE80211_STYPE_DEAUTH:
3214 ieee80211_rx_mgmt_deauth(sdata, mgmt, skb->len);
3216 case IEEE80211_STYPE_DISASSOC:
3217 ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len);
3219 case IEEE80211_STYPE_ASSOC_RESP:
3220 case IEEE80211_STYPE_REASSOC_RESP:
3221 ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len);
3223 case IEEE80211_STYPE_ACTION:
3224 if (mgmt->u.action.category == WLAN_CATEGORY_SPECTRUM_MGMT) {
3225 ies_len = skb->len -
3226 offsetof(struct ieee80211_mgmt,
3227 u.action.u.chan_switch.variable);
3232 ieee802_11_parse_elems(
3233 mgmt->u.action.u.chan_switch.variable,
3234 ies_len, true, &elems);
3236 if (elems.parse_error)
3239 ieee80211_sta_process_chanswitch(sdata,
3242 } else if (mgmt->u.action.category == WLAN_CATEGORY_PUBLIC) {
3243 ies_len = skb->len -
3244 offsetof(struct ieee80211_mgmt,
3245 u.action.u.ext_chan_switch.variable);
3250 ieee802_11_parse_elems(
3251 mgmt->u.action.u.ext_chan_switch.variable,
3252 ies_len, true, &elems);
3254 if (elems.parse_error)
3257 /* for the handling code pretend this was also an IE */
3258 elems.ext_chansw_ie =
3259 &mgmt->u.action.u.ext_chan_switch.data;
3261 ieee80211_sta_process_chanswitch(sdata,
3267 sdata_unlock(sdata);
3270 static void ieee80211_sta_timer(unsigned long data)
3272 struct ieee80211_sub_if_data *sdata =
3273 (struct ieee80211_sub_if_data *) data;
3275 ieee80211_queue_work(&sdata->local->hw, &sdata->work);
3278 static void ieee80211_sta_connection_lost(struct ieee80211_sub_if_data *sdata,
3279 u8 *bssid, u8 reason, bool tx)
3281 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
3283 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, reason,
3286 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,
3287 IEEE80211_DEAUTH_FRAME_LEN);
3290 static int ieee80211_probe_auth(struct ieee80211_sub_if_data *sdata)
3292 struct ieee80211_local *local = sdata->local;
3293 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3294 struct ieee80211_mgd_auth_data *auth_data = ifmgd->auth_data;
3297 sdata_assert_lock(sdata);
3299 if (WARN_ON_ONCE(!auth_data))
3304 if (auth_data->tries > IEEE80211_AUTH_MAX_TRIES) {
3305 sdata_info(sdata, "authentication with %pM timed out\n",
3306 auth_data->bss->bssid);
3309 * Most likely AP is not in the range so remove the
3310 * bss struct for that AP.
3312 cfg80211_unlink_bss(local->hw.wiphy, auth_data->bss);
3317 drv_mgd_prepare_tx(local, sdata);
3319 if (auth_data->bss->proberesp_ies) {
3323 sdata_info(sdata, "send auth to %pM (try %d/%d)\n",
3324 auth_data->bss->bssid, auth_data->tries,
3325 IEEE80211_AUTH_MAX_TRIES);
3327 auth_data->expected_transaction = 2;
3329 if (auth_data->algorithm == WLAN_AUTH_SAE) {
3330 trans = auth_data->sae_trans;
3331 status = auth_data->sae_status;
3332 auth_data->expected_transaction = trans;
3335 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
3336 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
3337 IEEE80211_TX_INTFL_MLME_CONN_TX;
3339 ieee80211_send_auth(sdata, trans, auth_data->algorithm, status,
3340 auth_data->data, auth_data->data_len,
3341 auth_data->bss->bssid,
3342 auth_data->bss->bssid, NULL, 0, 0,
3347 sdata_info(sdata, "direct probe to %pM (try %d/%i)\n",
3348 auth_data->bss->bssid, auth_data->tries,
3349 IEEE80211_AUTH_MAX_TRIES);
3352 ssidie = ieee80211_bss_get_ie(auth_data->bss, WLAN_EID_SSID);
3358 * Direct probe is sent to broadcast address as some APs
3359 * will not answer to direct packet in unassociated state.
3361 ieee80211_send_probe_req(sdata, NULL, ssidie + 2, ssidie[1],
3362 NULL, 0, (u32) -1, true, 0,
3363 auth_data->bss->channel, false);
3367 if (tx_flags == 0) {
3368 auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
3369 auth_data->timeout_started = true;
3370 run_again(sdata, auth_data->timeout);
3372 auth_data->timeout =
3373 round_jiffies_up(jiffies + IEEE80211_AUTH_TIMEOUT_LONG);
3374 auth_data->timeout_started = true;
3375 run_again(sdata, auth_data->timeout);
3381 static int ieee80211_do_assoc(struct ieee80211_sub_if_data *sdata)
3383 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data;
3384 struct ieee80211_local *local = sdata->local;
3386 sdata_assert_lock(sdata);
3388 assoc_data->tries++;
3389 if (assoc_data->tries > IEEE80211_ASSOC_MAX_TRIES) {
3390 sdata_info(sdata, "association with %pM timed out\n",
3391 assoc_data->bss->bssid);
3394 * Most likely AP is not in the range so remove the
3395 * bss struct for that AP.
3397 cfg80211_unlink_bss(local->hw.wiphy, assoc_data->bss);
3402 sdata_info(sdata, "associate with %pM (try %d/%d)\n",
3403 assoc_data->bss->bssid, assoc_data->tries,
3404 IEEE80211_ASSOC_MAX_TRIES);
3405 ieee80211_send_assoc(sdata);
3407 if (!(local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) {
3408 assoc_data->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT;
3409 assoc_data->timeout_started = true;
3410 run_again(sdata, assoc_data->timeout);
3412 assoc_data->timeout =
3413 round_jiffies_up(jiffies +
3414 IEEE80211_ASSOC_TIMEOUT_LONG);
3415 assoc_data->timeout_started = true;
3416 run_again(sdata, assoc_data->timeout);
3422 void ieee80211_mgd_conn_tx_status(struct ieee80211_sub_if_data *sdata,
3423 __le16 fc, bool acked)
3425 struct ieee80211_local *local = sdata->local;
3427 sdata->u.mgd.status_fc = fc;
3428 sdata->u.mgd.status_acked = acked;
3429 sdata->u.mgd.status_received = true;
3431 ieee80211_queue_work(&local->hw, &sdata->work);
3434 void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata)
3436 struct ieee80211_local *local = sdata->local;
3437 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3441 if (ifmgd->status_received) {
3442 __le16 fc = ifmgd->status_fc;
3443 bool status_acked = ifmgd->status_acked;
3445 ifmgd->status_received = false;
3446 if (ifmgd->auth_data &&
3447 (ieee80211_is_probe_req(fc) || ieee80211_is_auth(fc))) {
3449 ifmgd->auth_data->timeout =
3450 jiffies + IEEE80211_AUTH_TIMEOUT_SHORT;
3451 run_again(sdata, ifmgd->auth_data->timeout);
3453 ifmgd->auth_data->timeout = jiffies - 1;
3455 ifmgd->auth_data->timeout_started = true;
3456 } else if (ifmgd->assoc_data &&
3457 (ieee80211_is_assoc_req(fc) ||
3458 ieee80211_is_reassoc_req(fc))) {
3460 ifmgd->assoc_data->timeout =
3461 jiffies + IEEE80211_ASSOC_TIMEOUT_SHORT;
3462 run_again(sdata, ifmgd->assoc_data->timeout);
3464 ifmgd->assoc_data->timeout = jiffies - 1;
3466 ifmgd->assoc_data->timeout_started = true;
3470 if (ifmgd->auth_data && ifmgd->auth_data->timeout_started &&
3471 time_after(jiffies, ifmgd->auth_data->timeout)) {
3472 if (ifmgd->auth_data->done) {
3474 * ok ... we waited for assoc but userspace didn't,
3475 * so let's just kill the auth data
3477 ieee80211_destroy_auth_data(sdata, false);
3478 } else if (ieee80211_probe_auth(sdata)) {
3481 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN);
3483 ieee80211_destroy_auth_data(sdata, false);
3485 cfg80211_auth_timeout(sdata->dev, bssid);
3487 } else if (ifmgd->auth_data && ifmgd->auth_data->timeout_started)
3488 run_again(sdata, ifmgd->auth_data->timeout);
3490 if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started &&
3491 time_after(jiffies, ifmgd->assoc_data->timeout)) {
3492 if ((ifmgd->assoc_data->need_beacon && !ifmgd->have_beacon) ||
3493 ieee80211_do_assoc(sdata)) {
3494 struct cfg80211_bss *bss = ifmgd->assoc_data->bss;
3496 ieee80211_destroy_assoc_data(sdata, false);
3497 cfg80211_assoc_timeout(sdata->dev, bss);
3499 } else if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started)
3500 run_again(sdata, ifmgd->assoc_data->timeout);
3502 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL &&
3503 ifmgd->associated) {
3507 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN);
3509 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
3510 max_tries = max_nullfunc_tries;
3512 max_tries = max_probe_tries;
3514 /* ACK received for nullfunc probing frame */
3515 if (!ifmgd->probe_send_count)
3516 ieee80211_reset_ap_probe(sdata);
3517 else if (ifmgd->nullfunc_failed) {
3518 if (ifmgd->probe_send_count < max_tries) {
3520 "No ack for nullfunc frame to AP %pM, try %d/%i\n",
3521 bssid, ifmgd->probe_send_count,
3523 ieee80211_mgd_probe_ap_send(sdata);
3526 "No ack for nullfunc frame to AP %pM, disconnecting.\n",
3528 ieee80211_sta_connection_lost(sdata, bssid,
3529 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
3532 } else if (time_is_after_jiffies(ifmgd->probe_timeout))
3533 run_again(sdata, ifmgd->probe_timeout);
3534 else if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) {
3536 "Failed to send nullfunc to AP %pM after %dms, disconnecting\n",
3537 bssid, probe_wait_ms);
3538 ieee80211_sta_connection_lost(sdata, bssid,
3539 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false);
3540 } else if (ifmgd->probe_send_count < max_tries) {
3542 "No probe response from AP %pM after %dms, try %d/%i\n",
3543 bssid, probe_wait_ms,
3544 ifmgd->probe_send_count, max_tries);
3545 ieee80211_mgd_probe_ap_send(sdata);
3548 * We actually lost the connection ... or did we?
3551 wiphy_debug(local->hw.wiphy,
3552 "%s: No probe response from AP %pM"
3553 " after %dms, disconnecting.\n",
3555 bssid, probe_wait_ms);
3557 ieee80211_sta_connection_lost(sdata, bssid,
3558 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false);
3562 sdata_unlock(sdata);
3565 static void ieee80211_sta_bcn_mon_timer(unsigned long data)
3567 struct ieee80211_sub_if_data *sdata =
3568 (struct ieee80211_sub_if_data *) data;
3569 struct ieee80211_local *local = sdata->local;
3571 if (local->quiescing)
3574 if (sdata->vif.csa_active)
3577 sdata->u.mgd.connection_loss = false;
3578 ieee80211_queue_work(&sdata->local->hw,
3579 &sdata->u.mgd.beacon_connection_loss_work);
3582 static void ieee80211_sta_conn_mon_timer(unsigned long data)
3584 struct ieee80211_sub_if_data *sdata =
3585 (struct ieee80211_sub_if_data *) data;
3586 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3587 struct ieee80211_local *local = sdata->local;
3589 if (local->quiescing)
3592 if (sdata->vif.csa_active)
3595 ieee80211_queue_work(&local->hw, &ifmgd->monitor_work);
3598 static void ieee80211_sta_monitor_work(struct work_struct *work)
3600 struct ieee80211_sub_if_data *sdata =
3601 container_of(work, struct ieee80211_sub_if_data,
3602 u.mgd.monitor_work);
3604 ieee80211_mgd_probe_ap(sdata, false);
3607 static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata)
3611 if (sdata->vif.type == NL80211_IFTYPE_STATION) {
3612 __ieee80211_stop_poll(sdata);
3614 /* let's probe the connection once */
3615 flags = sdata->local->hw.flags;
3616 if (!(flags & IEEE80211_HW_CONNECTION_MONITOR))
3617 ieee80211_queue_work(&sdata->local->hw,
3618 &sdata->u.mgd.monitor_work);
3619 /* and do all the other regular work too */
3620 ieee80211_queue_work(&sdata->local->hw, &sdata->work);
3625 void ieee80211_mgd_quiesce(struct ieee80211_sub_if_data *sdata)
3627 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3628 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
3632 if (ifmgd->auth_data || ifmgd->assoc_data) {
3633 const u8 *bssid = ifmgd->auth_data ?
3634 ifmgd->auth_data->bss->bssid :
3635 ifmgd->assoc_data->bss->bssid;
3638 * If we are trying to authenticate / associate while suspending,
3639 * cfg80211 won't know and won't actually abort those attempts,
3640 * thus we need to do that ourselves.
3642 ieee80211_send_deauth_disassoc(sdata, bssid,
3643 IEEE80211_STYPE_DEAUTH,
3644 WLAN_REASON_DEAUTH_LEAVING,
3646 if (ifmgd->assoc_data)
3647 ieee80211_destroy_assoc_data(sdata, false);
3648 if (ifmgd->auth_data)
3649 ieee80211_destroy_auth_data(sdata, false);
3650 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,
3651 IEEE80211_DEAUTH_FRAME_LEN);
3654 sdata_unlock(sdata);
3657 void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata)
3659 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3662 if (!ifmgd->associated) {
3663 sdata_unlock(sdata);
3667 if (sdata->flags & IEEE80211_SDATA_DISCONNECT_RESUME) {
3668 sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_RESUME;
3669 mlme_dbg(sdata, "driver requested disconnect after resume\n");
3670 ieee80211_sta_connection_lost(sdata,
3671 ifmgd->associated->bssid,
3672 WLAN_REASON_UNSPECIFIED,
3674 sdata_unlock(sdata);
3677 sdata_unlock(sdata);
3681 /* interface setup */
3682 void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata)
3684 struct ieee80211_if_managed *ifmgd;
3686 ifmgd = &sdata->u.mgd;
3687 INIT_WORK(&ifmgd->monitor_work, ieee80211_sta_monitor_work);
3688 INIT_WORK(&ifmgd->chswitch_work, ieee80211_chswitch_work);
3689 INIT_WORK(&ifmgd->beacon_connection_loss_work,
3690 ieee80211_beacon_connection_loss_work);
3691 INIT_WORK(&ifmgd->csa_connection_drop_work,
3692 ieee80211_csa_connection_drop_work);
3693 INIT_WORK(&ifmgd->request_smps_work, ieee80211_request_smps_mgd_work);
3694 setup_timer(&ifmgd->timer, ieee80211_sta_timer,
3695 (unsigned long) sdata);
3696 setup_timer(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer,
3697 (unsigned long) sdata);
3698 setup_timer(&ifmgd->conn_mon_timer, ieee80211_sta_conn_mon_timer,
3699 (unsigned long) sdata);
3700 setup_timer(&ifmgd->chswitch_timer, ieee80211_chswitch_timer,
3701 (unsigned long) sdata);
3704 ifmgd->powersave = sdata->wdev.ps;
3705 ifmgd->uapsd_queues = sdata->local->hw.uapsd_queues;
3706 ifmgd->uapsd_max_sp_len = sdata->local->hw.uapsd_max_sp_len;
3707 ifmgd->p2p_noa_index = -1;
3709 if (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_SMPS)
3710 ifmgd->req_smps = IEEE80211_SMPS_AUTOMATIC;
3712 ifmgd->req_smps = IEEE80211_SMPS_OFF;
3715 /* scan finished notification */
3716 void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local)
3718 struct ieee80211_sub_if_data *sdata;
3720 /* Restart STA timers */
3722 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
3723 if (ieee80211_sdata_running(sdata))
3724 ieee80211_restart_sta_timer(sdata);
3729 int ieee80211_max_network_latency(struct notifier_block *nb,
3730 unsigned long data, void *dummy)
3732 s32 latency_usec = (s32) data;
3733 struct ieee80211_local *local =
3734 container_of(nb, struct ieee80211_local,
3735 network_latency_notifier);
3737 mutex_lock(&local->iflist_mtx);
3738 ieee80211_recalc_ps(local, latency_usec);
3739 mutex_unlock(&local->iflist_mtx);
3744 static u8 ieee80211_ht_vht_rx_chains(struct ieee80211_sub_if_data *sdata,
3745 struct cfg80211_bss *cbss)
3747 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3748 const u8 *ht_cap_ie, *vht_cap_ie;
3749 const struct ieee80211_ht_cap *ht_cap;
3750 const struct ieee80211_vht_cap *vht_cap;
3753 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT)
3756 ht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY);
3757 if (ht_cap_ie && ht_cap_ie[1] >= sizeof(*ht_cap)) {
3758 ht_cap = (void *)(ht_cap_ie + 2);
3759 chains = ieee80211_mcs_to_chains(&ht_cap->mcs);
3761 * TODO: use "Tx Maximum Number Spatial Streams Supported" and
3762 * "Tx Unequal Modulation Supported" fields.
3766 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT)
3769 vht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY);
3770 if (vht_cap_ie && vht_cap_ie[1] >= sizeof(*vht_cap)) {
3774 vht_cap = (void *)(vht_cap_ie + 2);
3775 tx_mcs_map = le16_to_cpu(vht_cap->supp_mcs.tx_mcs_map);
3776 for (nss = 8; nss > 0; nss--) {
3777 if (((tx_mcs_map >> (2 * (nss - 1))) & 3) !=
3778 IEEE80211_VHT_MCS_NOT_SUPPORTED)
3781 /* TODO: use "Tx Highest Supported Long GI Data Rate" field? */
3782 chains = max(chains, nss);
3788 static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata,
3789 struct cfg80211_bss *cbss)
3791 struct ieee80211_local *local = sdata->local;
3792 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3793 const struct ieee80211_ht_operation *ht_oper = NULL;
3794 const struct ieee80211_vht_operation *vht_oper = NULL;
3795 struct ieee80211_supported_band *sband;
3796 struct cfg80211_chan_def chandef;
3799 sband = local->hw.wiphy->bands[cbss->channel->band];
3801 ifmgd->flags &= ~(IEEE80211_STA_DISABLE_40MHZ |
3802 IEEE80211_STA_DISABLE_80P80MHZ |
3803 IEEE80211_STA_DISABLE_160MHZ);
3807 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
3808 sband->ht_cap.ht_supported) {
3809 const u8 *ht_oper_ie, *ht_cap;
3811 ht_oper_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_OPERATION);
3812 if (ht_oper_ie && ht_oper_ie[1] >= sizeof(*ht_oper))
3813 ht_oper = (void *)(ht_oper_ie + 2);
3815 ht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY);
3816 if (!ht_cap || ht_cap[1] < sizeof(struct ieee80211_ht_cap)) {
3817 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
3822 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) &&
3823 sband->vht_cap.vht_supported) {
3824 const u8 *vht_oper_ie, *vht_cap;
3826 vht_oper_ie = ieee80211_bss_get_ie(cbss,
3827 WLAN_EID_VHT_OPERATION);
3828 if (vht_oper_ie && vht_oper_ie[1] >= sizeof(*vht_oper))
3829 vht_oper = (void *)(vht_oper_ie + 2);
3830 if (vht_oper && !ht_oper) {
3833 "AP advertised VHT without HT, disabling both\n");
3834 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
3835 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
3838 vht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY);
3839 if (!vht_cap || vht_cap[1] < sizeof(struct ieee80211_vht_cap)) {
3840 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
3845 ifmgd->flags |= ieee80211_determine_chantype(sdata, sband,
3850 sdata->needed_rx_chains = min(ieee80211_ht_vht_rx_chains(sdata, cbss),
3855 /* will change later if needed */
3856 sdata->smps_mode = IEEE80211_SMPS_OFF;
3858 mutex_lock(&local->mtx);
3860 * If this fails (possibly due to channel context sharing
3861 * on incompatible channels, e.g. 80+80 and 160 sharing the
3862 * same control channel) try to use a smaller bandwidth.
3864 ret = ieee80211_vif_use_channel(sdata, &chandef,
3865 IEEE80211_CHANCTX_SHARED);
3867 /* don't downgrade for 5 and 10 MHz channels, though. */
3868 if (chandef.width == NL80211_CHAN_WIDTH_5 ||
3869 chandef.width == NL80211_CHAN_WIDTH_10)
3872 while (ret && chandef.width != NL80211_CHAN_WIDTH_20_NOHT) {
3873 ifmgd->flags |= ieee80211_chandef_downgrade(&chandef);
3874 ret = ieee80211_vif_use_channel(sdata, &chandef,
3875 IEEE80211_CHANCTX_SHARED);
3878 mutex_unlock(&local->mtx);
3882 static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata,
3883 struct cfg80211_bss *cbss, bool assoc)
3885 struct ieee80211_local *local = sdata->local;
3886 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3887 struct ieee80211_bss *bss = (void *)cbss->priv;
3888 struct sta_info *new_sta = NULL;
3889 bool have_sta = false;
3892 if (WARN_ON(!ifmgd->auth_data && !ifmgd->assoc_data))
3897 have_sta = sta_info_get(sdata, cbss->bssid);
3902 new_sta = sta_info_alloc(sdata, cbss->bssid, GFP_KERNEL);
3907 u32 rates = 0, basic_rates = 0;
3908 bool have_higher_than_11mbit;
3909 int min_rate = INT_MAX, min_rate_index = -1;
3910 struct ieee80211_chanctx_conf *chanctx_conf;
3911 struct ieee80211_supported_band *sband;
3912 const struct cfg80211_bss_ies *ies;
3916 sband = local->hw.wiphy->bands[cbss->channel->band];
3918 err = ieee80211_prep_channel(sdata, cbss);
3920 sta_info_free(local, new_sta);
3923 shift = ieee80211_vif_get_shift(&sdata->vif);
3926 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
3927 if (WARN_ON(!chanctx_conf)) {
3929 sta_info_free(local, new_sta);
3932 rate_flags = ieee80211_chandef_rate_flags(&chanctx_conf->def);
3935 ieee80211_get_rates(sband, bss->supp_rates,
3936 bss->supp_rates_len,
3937 &rates, &basic_rates,
3938 &have_higher_than_11mbit,
3939 &min_rate, &min_rate_index,
3943 * This used to be a workaround for basic rates missing
3944 * in the association response frame. Now that we no
3945 * longer use the basic rates from there, it probably
3946 * doesn't happen any more, but keep the workaround so
3947 * in case some *other* APs are buggy in different ways
3948 * we can connect -- with a warning.
3950 if (!basic_rates && min_rate_index >= 0) {
3952 "No basic rates, using min rate instead\n");
3953 basic_rates = BIT(min_rate_index);
3956 new_sta->sta.supp_rates[cbss->channel->band] = rates;
3957 sdata->vif.bss_conf.basic_rates = basic_rates;
3959 /* cf. IEEE 802.11 9.2.12 */
3960 if (cbss->channel->band == IEEE80211_BAND_2GHZ &&
3961 have_higher_than_11mbit)
3962 sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE;
3964 sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE;
3966 memcpy(ifmgd->bssid, cbss->bssid, ETH_ALEN);
3968 /* set timing information */
3969 sdata->vif.bss_conf.beacon_int = cbss->beacon_interval;
3971 ies = rcu_dereference(cbss->beacon_ies);
3975 sdata->vif.bss_conf.sync_tsf = ies->tsf;
3976 sdata->vif.bss_conf.sync_device_ts =
3977 bss->device_ts_beacon;
3978 tim_ie = cfg80211_find_ie(WLAN_EID_TIM,
3979 ies->data, ies->len);
3980 if (tim_ie && tim_ie[1] >= 2)
3981 sdata->vif.bss_conf.sync_dtim_count = tim_ie[2];
3983 sdata->vif.bss_conf.sync_dtim_count = 0;
3984 } else if (!(local->hw.flags &
3985 IEEE80211_HW_TIMING_BEACON_ONLY)) {
3986 ies = rcu_dereference(cbss->proberesp_ies);
3987 /* must be non-NULL since beacon IEs were NULL */
3988 sdata->vif.bss_conf.sync_tsf = ies->tsf;
3989 sdata->vif.bss_conf.sync_device_ts =
3990 bss->device_ts_presp;
3991 sdata->vif.bss_conf.sync_dtim_count = 0;
3993 sdata->vif.bss_conf.sync_tsf = 0;
3994 sdata->vif.bss_conf.sync_device_ts = 0;
3995 sdata->vif.bss_conf.sync_dtim_count = 0;
3999 /* tell driver about BSSID, basic rates and timing */
4000 ieee80211_bss_info_change_notify(sdata,
4001 BSS_CHANGED_BSSID | BSS_CHANGED_BASIC_RATES |
4002 BSS_CHANGED_BEACON_INT);
4005 sta_info_pre_move_state(new_sta, IEEE80211_STA_AUTH);
4007 err = sta_info_insert(new_sta);
4011 "failed to insert STA entry for the AP (error %d)\n",
4016 WARN_ON_ONCE(!ether_addr_equal(ifmgd->bssid, cbss->bssid));
4022 int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata,
4023 struct cfg80211_auth_request *req)
4025 struct ieee80211_local *local = sdata->local;
4026 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4027 struct ieee80211_mgd_auth_data *auth_data;
4031 /* prepare auth data structure */
4033 switch (req->auth_type) {
4034 case NL80211_AUTHTYPE_OPEN_SYSTEM:
4035 auth_alg = WLAN_AUTH_OPEN;
4037 case NL80211_AUTHTYPE_SHARED_KEY:
4038 if (IS_ERR(local->wep_tx_tfm))
4040 auth_alg = WLAN_AUTH_SHARED_KEY;
4042 case NL80211_AUTHTYPE_FT:
4043 auth_alg = WLAN_AUTH_FT;
4045 case NL80211_AUTHTYPE_NETWORK_EAP:
4046 auth_alg = WLAN_AUTH_LEAP;
4048 case NL80211_AUTHTYPE_SAE:
4049 auth_alg = WLAN_AUTH_SAE;
4055 auth_data = kzalloc(sizeof(*auth_data) + req->sae_data_len +
4056 req->ie_len, GFP_KERNEL);
4060 auth_data->bss = req->bss;
4062 if (req->sae_data_len >= 4) {
4063 __le16 *pos = (__le16 *) req->sae_data;
4064 auth_data->sae_trans = le16_to_cpu(pos[0]);
4065 auth_data->sae_status = le16_to_cpu(pos[1]);
4066 memcpy(auth_data->data, req->sae_data + 4,
4067 req->sae_data_len - 4);
4068 auth_data->data_len += req->sae_data_len - 4;
4071 if (req->ie && req->ie_len) {
4072 memcpy(&auth_data->data[auth_data->data_len],
4073 req->ie, req->ie_len);
4074 auth_data->data_len += req->ie_len;
4077 if (req->key && req->key_len) {
4078 auth_data->key_len = req->key_len;
4079 auth_data->key_idx = req->key_idx;
4080 memcpy(auth_data->key, req->key, req->key_len);
4083 auth_data->algorithm = auth_alg;
4085 /* try to authenticate/probe */
4087 if ((ifmgd->auth_data && !ifmgd->auth_data->done) ||
4088 ifmgd->assoc_data) {
4093 if (ifmgd->auth_data)
4094 ieee80211_destroy_auth_data(sdata, false);
4096 /* prep auth_data so we don't go into idle on disassoc */
4097 ifmgd->auth_data = auth_data;
4099 if (ifmgd->associated) {
4100 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
4102 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
4103 WLAN_REASON_UNSPECIFIED,
4106 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,
4110 sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid);
4112 err = ieee80211_prep_connection(sdata, req->bss, false);
4116 err = ieee80211_probe_auth(sdata);
4118 sta_info_destroy_addr(sdata, req->bss->bssid);
4122 /* hold our own reference */
4123 cfg80211_ref_bss(local->hw.wiphy, auth_data->bss);
4127 memset(ifmgd->bssid, 0, ETH_ALEN);
4128 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
4129 ifmgd->auth_data = NULL;
4135 static bool ieee80211_usable_wmm_params(struct ieee80211_sub_if_data *sdata,
4136 const u8 *wmm_param, int len)
4144 if (wmm_param[5] != 1 /* version */)
4147 pos = wmm_param + 8;
4150 for (; left >= 4; left -= 4, pos += 4) {
4151 u8 aifsn = pos[0] & 0x0f;
4152 u8 ecwmin = pos[1] & 0x0f;
4153 u8 ecwmax = (pos[1] & 0xf0) >> 4;
4154 int aci = (pos[0] >> 5) & 0x03;
4158 "AP has invalid WMM params (AIFSN=%d for ACI %d), disabling WMM\n",
4162 if (ecwmin > ecwmax) {
4164 "AP has invalid WMM params (ECWmin/max=%d/%d for ACI %d), disabling WMM\n",
4165 ecwmin, ecwmax, aci);
4173 int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
4174 struct cfg80211_assoc_request *req)
4176 struct ieee80211_local *local = sdata->local;
4177 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4178 struct ieee80211_bss *bss = (void *)req->bss->priv;
4179 struct ieee80211_mgd_assoc_data *assoc_data;
4180 const struct cfg80211_bss_ies *beacon_ies;
4181 struct ieee80211_supported_band *sband;
4182 const u8 *ssidie, *ht_ie, *vht_ie;
4185 assoc_data = kzalloc(sizeof(*assoc_data) + req->ie_len, GFP_KERNEL);
4190 ssidie = ieee80211_bss_get_ie(req->bss, WLAN_EID_SSID);
4196 memcpy(assoc_data->ssid, ssidie + 2, ssidie[1]);
4197 assoc_data->ssid_len = ssidie[1];
4200 if (ifmgd->associated) {
4201 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
4203 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
4204 WLAN_REASON_UNSPECIFIED,
4207 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,
4211 if (ifmgd->auth_data && !ifmgd->auth_data->done) {
4216 if (ifmgd->assoc_data) {
4221 if (ifmgd->auth_data) {
4224 /* keep sta info, bssid if matching */
4225 match = ether_addr_equal(ifmgd->bssid, req->bss->bssid);
4226 ieee80211_destroy_auth_data(sdata, match);
4229 /* prepare assoc data */
4231 ifmgd->beacon_crc_valid = false;
4233 assoc_data->wmm = bss->wmm_used &&
4234 (local->hw.queues >= IEEE80211_NUM_ACS);
4235 if (assoc_data->wmm) {
4236 /* try to check validity of WMM params IE */
4237 const struct cfg80211_bss_ies *ies;
4238 const u8 *wp, *start, *end;
4241 ies = rcu_dereference(req->bss->ies);
4243 end = start + ies->len;
4246 wp = cfg80211_find_vendor_ie(
4248 WLAN_OUI_TYPE_MICROSOFT_WMM,
4249 start, end - start);
4252 start = wp + wp[1] + 2;
4253 /* if this IE is too short, try the next */
4256 /* if this IE is WMM params, we found what we wanted */
4261 if (!wp || !ieee80211_usable_wmm_params(sdata, wp + 2,
4263 assoc_data->wmm = false;
4264 ifmgd->flags |= IEEE80211_STA_DISABLE_WMM;
4270 * IEEE802.11n does not allow TKIP/WEP as pairwise ciphers in HT mode.
4271 * We still associate in non-HT mode (11a/b/g) if any one of these
4272 * ciphers is configured as pairwise.
4273 * We can set this to true for non-11n hardware, that'll be checked
4274 * separately along with the peer capabilities.
4276 for (i = 0; i < req->crypto.n_ciphers_pairwise; i++) {
4277 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 ||
4278 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP ||
4279 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) {
4280 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4281 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4282 netdev_info(sdata->dev,
4283 "disabling HT/VHT due to WEP/TKIP use\n");
4287 if (req->flags & ASSOC_REQ_DISABLE_HT) {
4288 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4289 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4292 if (req->flags & ASSOC_REQ_DISABLE_VHT)
4293 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4295 /* Also disable HT if we don't support it or the AP doesn't use WMM */
4296 sband = local->hw.wiphy->bands[req->bss->channel->band];
4297 if (!sband->ht_cap.ht_supported ||
4298 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used ||
4299 ifmgd->flags & IEEE80211_STA_DISABLE_WMM) {
4300 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4301 if (!bss->wmm_used &&
4302 !(ifmgd->flags & IEEE80211_STA_DISABLE_WMM))
4303 netdev_info(sdata->dev,
4304 "disabling HT as WMM/QoS is not supported by the AP\n");
4307 /* disable VHT if we don't support it or the AP doesn't use WMM */
4308 if (!sband->vht_cap.vht_supported ||
4309 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used ||
4310 ifmgd->flags & IEEE80211_STA_DISABLE_WMM) {
4311 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4312 if (!bss->wmm_used &&
4313 !(ifmgd->flags & IEEE80211_STA_DISABLE_WMM))
4314 netdev_info(sdata->dev,
4315 "disabling VHT as WMM/QoS is not supported by the AP\n");
4318 memcpy(&ifmgd->ht_capa, &req->ht_capa, sizeof(ifmgd->ht_capa));
4319 memcpy(&ifmgd->ht_capa_mask, &req->ht_capa_mask,
4320 sizeof(ifmgd->ht_capa_mask));
4322 memcpy(&ifmgd->vht_capa, &req->vht_capa, sizeof(ifmgd->vht_capa));
4323 memcpy(&ifmgd->vht_capa_mask, &req->vht_capa_mask,
4324 sizeof(ifmgd->vht_capa_mask));
4326 if (req->ie && req->ie_len) {
4327 memcpy(assoc_data->ie, req->ie, req->ie_len);
4328 assoc_data->ie_len = req->ie_len;
4331 assoc_data->bss = req->bss;
4333 if (ifmgd->req_smps == IEEE80211_SMPS_AUTOMATIC) {
4334 if (ifmgd->powersave)
4335 sdata->smps_mode = IEEE80211_SMPS_DYNAMIC;
4337 sdata->smps_mode = IEEE80211_SMPS_OFF;
4339 sdata->smps_mode = ifmgd->req_smps;
4341 assoc_data->capability = req->bss->capability;
4342 assoc_data->supp_rates = bss->supp_rates;
4343 assoc_data->supp_rates_len = bss->supp_rates_len;
4346 ht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_HT_OPERATION);
4347 if (ht_ie && ht_ie[1] >= sizeof(struct ieee80211_ht_operation))
4348 assoc_data->ap_ht_param =
4349 ((struct ieee80211_ht_operation *)(ht_ie + 2))->ht_param;
4351 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4352 vht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_VHT_CAPABILITY);
4353 if (vht_ie && vht_ie[1] >= sizeof(struct ieee80211_vht_cap))
4354 memcpy(&assoc_data->ap_vht_cap, vht_ie + 2,
4355 sizeof(struct ieee80211_vht_cap));
4357 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4360 if (bss->wmm_used && bss->uapsd_supported &&
4361 (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD) &&
4362 sdata->wmm_acm != 0xff) {
4363 assoc_data->uapsd = true;
4364 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED;
4366 assoc_data->uapsd = false;
4367 ifmgd->flags &= ~IEEE80211_STA_UAPSD_ENABLED;
4370 if (req->prev_bssid)
4371 memcpy(assoc_data->prev_bssid, req->prev_bssid, ETH_ALEN);
4374 ifmgd->mfp = IEEE80211_MFP_REQUIRED;
4375 ifmgd->flags |= IEEE80211_STA_MFP_ENABLED;
4377 ifmgd->mfp = IEEE80211_MFP_DISABLED;
4378 ifmgd->flags &= ~IEEE80211_STA_MFP_ENABLED;
4381 if (req->crypto.control_port)
4382 ifmgd->flags |= IEEE80211_STA_CONTROL_PORT;
4384 ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT;
4386 sdata->control_port_protocol = req->crypto.control_port_ethertype;
4387 sdata->control_port_no_encrypt = req->crypto.control_port_no_encrypt;
4388 sdata->encrypt_headroom = ieee80211_cs_headroom(local, &req->crypto,
4391 /* kick off associate process */
4393 ifmgd->assoc_data = assoc_data;
4394 ifmgd->dtim_period = 0;
4395 ifmgd->have_beacon = false;
4397 err = ieee80211_prep_connection(sdata, req->bss, true);
4402 beacon_ies = rcu_dereference(req->bss->beacon_ies);
4404 if (sdata->local->hw.flags & IEEE80211_HW_NEED_DTIM_BEFORE_ASSOC &&
4407 * Wait up to one beacon interval ...
4408 * should this be more if we miss one?
4410 sdata_info(sdata, "waiting for beacon from %pM\n",
4412 assoc_data->timeout = TU_TO_EXP_TIME(req->bss->beacon_interval);
4413 assoc_data->timeout_started = true;
4414 assoc_data->need_beacon = true;
4415 } else if (beacon_ies) {
4416 const u8 *tim_ie = cfg80211_find_ie(WLAN_EID_TIM,
4421 if (tim_ie && tim_ie[1] >= sizeof(struct ieee80211_tim_ie)) {
4422 const struct ieee80211_tim_ie *tim;
4423 tim = (void *)(tim_ie + 2);
4424 ifmgd->dtim_period = tim->dtim_period;
4425 dtim_count = tim->dtim_count;
4427 ifmgd->have_beacon = true;
4428 assoc_data->timeout = jiffies;
4429 assoc_data->timeout_started = true;
4431 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) {
4432 sdata->vif.bss_conf.sync_tsf = beacon_ies->tsf;
4433 sdata->vif.bss_conf.sync_device_ts =
4434 bss->device_ts_beacon;
4435 sdata->vif.bss_conf.sync_dtim_count = dtim_count;
4438 assoc_data->timeout = jiffies;
4439 assoc_data->timeout_started = true;
4443 run_again(sdata, assoc_data->timeout);
4445 if (bss->corrupt_data) {
4446 char *corrupt_type = "data";
4447 if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_BEACON) {
4448 if (bss->corrupt_data &
4449 IEEE80211_BSS_CORRUPT_PROBE_RESP)
4450 corrupt_type = "beacon and probe response";
4452 corrupt_type = "beacon";
4453 } else if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP)
4454 corrupt_type = "probe response";
4455 sdata_info(sdata, "associating with AP with corrupt %s\n",
4461 memset(ifmgd->bssid, 0, ETH_ALEN);
4462 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
4463 ifmgd->assoc_data = NULL;
4469 int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
4470 struct cfg80211_deauth_request *req)
4472 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4473 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
4474 bool tx = !req->local_state_change;
4476 if (ifmgd->auth_data &&
4477 ether_addr_equal(ifmgd->auth_data->bss->bssid, req->bssid)) {
4479 "aborting authentication with %pM by local choice (Reason: %u=%s)\n",
4480 req->bssid, req->reason_code,
4481 ieee80211_get_reason_code_string(req->reason_code));
4483 drv_mgd_prepare_tx(sdata->local, sdata);
4484 ieee80211_send_deauth_disassoc(sdata, req->bssid,
4485 IEEE80211_STYPE_DEAUTH,
4486 req->reason_code, tx,
4488 ieee80211_destroy_auth_data(sdata, false);
4489 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,
4490 IEEE80211_DEAUTH_FRAME_LEN);
4495 if (ifmgd->associated &&
4496 ether_addr_equal(ifmgd->associated->bssid, req->bssid)) {
4498 "deauthenticating from %pM by local choice (Reason: %u=%s)\n",
4499 req->bssid, req->reason_code,
4500 ieee80211_get_reason_code_string(req->reason_code));
4502 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
4503 req->reason_code, tx, frame_buf);
4504 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,
4505 IEEE80211_DEAUTH_FRAME_LEN);
4512 int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata,
4513 struct cfg80211_disassoc_request *req)
4515 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4517 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
4520 * cfg80211 should catch this ... but it's racy since
4521 * we can receive a disassoc frame, process it, hand it
4522 * to cfg80211 while that's in a locked section already
4523 * trying to tell us that the user wants to disconnect.
4525 if (ifmgd->associated != req->bss)
4529 "disassociating from %pM by local choice (Reason: %u=%s)\n",
4530 req->bss->bssid, req->reason_code, ieee80211_get_reason_code_string(req->reason_code));
4532 memcpy(bssid, req->bss->bssid, ETH_ALEN);
4533 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DISASSOC,
4534 req->reason_code, !req->local_state_change,
4537 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,
4538 IEEE80211_DEAUTH_FRAME_LEN);
4543 void ieee80211_mgd_stop(struct ieee80211_sub_if_data *sdata)
4545 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4548 * Make sure some work items will not run after this,
4549 * they will not do anything but might not have been
4550 * cancelled when disconnecting.
4552 cancel_work_sync(&ifmgd->monitor_work);
4553 cancel_work_sync(&ifmgd->beacon_connection_loss_work);
4554 cancel_work_sync(&ifmgd->request_smps_work);
4555 cancel_work_sync(&ifmgd->csa_connection_drop_work);
4556 cancel_work_sync(&ifmgd->chswitch_work);
4559 if (ifmgd->assoc_data) {
4560 struct cfg80211_bss *bss = ifmgd->assoc_data->bss;
4561 ieee80211_destroy_assoc_data(sdata, false);
4562 cfg80211_assoc_timeout(sdata->dev, bss);
4564 if (ifmgd->auth_data)
4565 ieee80211_destroy_auth_data(sdata, false);
4566 del_timer_sync(&ifmgd->timer);
4567 sdata_unlock(sdata);
4570 void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif,
4571 enum nl80211_cqm_rssi_threshold_event rssi_event,
4574 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
4576 trace_api_cqm_rssi_notify(sdata, rssi_event);
4578 cfg80211_cqm_rssi_notify(sdata->dev, rssi_event, gfp);
4580 EXPORT_SYMBOL(ieee80211_cqm_rssi_notify);
git.openpandora.org / pandora-kernel.git / blob