1 // SPDX-License-Identifier: GPL-2.0-only
3 * BSS client mode implementation
4 * Copyright 2003-2008, Jouni Malinen <j@w1.fi>
5 * Copyright 2004, Instant802 Networks, Inc.
6 * Copyright 2005, Devicescape Software, Inc.
7 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
8 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
9 * Copyright 2013-2014 Intel Mobile Communications GmbH
10 * Copyright (C) 2015 - 2017 Intel Deutschland GmbH
11 * Copyright (C) 2018 - 2024 Intel Corporation
14 #include <linux/delay.h>
15 #include <linux/fips.h>
16 #include <linux/if_ether.h>
17 #include <linux/skbuff.h>
18 #include <linux/if_arp.h>
19 #include <linux/etherdevice.h>
20 #include <linux/moduleparam.h>
21 #include <linux/rtnetlink.h>
22 #include <linux/crc32.h>
23 #include <linux/slab.h>
24 #include <linux/export.h>
25 #include <net/mac80211.h>
26 #include <asm/unaligned.h>
28 #include "ieee80211_i.h"
29 #include "driver-ops.h"
32 #include "fils_aead.h"
34 #define IEEE80211_AUTH_TIMEOUT (HZ / 5)
35 #define IEEE80211_AUTH_TIMEOUT_LONG (HZ / 2)
36 #define IEEE80211_AUTH_TIMEOUT_SHORT (HZ / 10)
37 #define IEEE80211_AUTH_TIMEOUT_SAE (HZ * 2)
38 #define IEEE80211_AUTH_MAX_TRIES 3
39 #define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5)
40 #define IEEE80211_AUTH_WAIT_SAE_RETRY (HZ * 2)
41 #define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
42 #define IEEE80211_ASSOC_TIMEOUT_LONG (HZ / 2)
43 #define IEEE80211_ASSOC_TIMEOUT_SHORT (HZ / 10)
44 #define IEEE80211_ASSOC_MAX_TRIES 3
46 #define IEEE80211_ADV_TTLM_SAFETY_BUFFER_MS msecs_to_jiffies(100)
47 #define IEEE80211_ADV_TTLM_ST_UNDERFLOW 0xff00
49 #define IEEE80211_NEG_TTLM_REQ_TIMEOUT (HZ / 5)
51 static int max_nullfunc_tries = 2;
52 module_param(max_nullfunc_tries, int, 0644);
53 MODULE_PARM_DESC(max_nullfunc_tries,
54 "Maximum nullfunc tx tries before disconnecting (reason 4).");
56 static int max_probe_tries = 5;
57 module_param(max_probe_tries, int, 0644);
58 MODULE_PARM_DESC(max_probe_tries,
59 "Maximum probe tries before disconnecting (reason 4).");
62 * Beacon loss timeout is calculated as N frames times the
63 * advertised beacon interval. This may need to be somewhat
64 * higher than what hardware might detect to account for
65 * delays in the host processing frames. But since we also
66 * probe on beacon miss before declaring the connection lost
67 * default to what we want.
69 static int beacon_loss_count = 7;
70 module_param(beacon_loss_count, int, 0644);
71 MODULE_PARM_DESC(beacon_loss_count,
72 "Number of beacon intervals before we decide beacon was lost.");
75 * Time the connection can be idle before we probe
76 * it to see if we can still talk to the AP.
78 #define IEEE80211_CONNECTION_IDLE_TIME (30 * HZ)
80 * Time we wait for a probe response after sending
81 * a probe request because of beacon loss or for
82 * checking the connection still works.
84 static int probe_wait_ms = 500;
85 module_param(probe_wait_ms, int, 0644);
86 MODULE_PARM_DESC(probe_wait_ms,
87 "Maximum time(ms) to wait for probe response"
88 " before disconnecting (reason 4).");
91 * How many Beacon frames need to have been used in average signal strength
92 * before starting to indicate signal change events.
94 #define IEEE80211_SIGNAL_AVE_MIN_COUNT 4
97 * We can have multiple work items (and connection probing)
98 * scheduling this timer, but we need to take care to only
99 * reschedule it when it should fire _earlier_ than it was
100 * asked for before, or if it's not pending right now. This
101 * function ensures that. Note that it then is required to
102 * run this function for all timeouts after the first one
103 * has happened -- the work that runs from this timer will
106 static void run_again(struct ieee80211_sub_if_data *sdata,
107 unsigned long timeout)
109 lockdep_assert_wiphy(sdata->local->hw.wiphy);
111 if (!timer_pending(&sdata->u.mgd.timer) ||
112 time_before(timeout, sdata->u.mgd.timer.expires))
113 mod_timer(&sdata->u.mgd.timer, timeout);
116 void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata)
118 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER)
121 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
124 mod_timer(&sdata->u.mgd.bcn_mon_timer,
125 round_jiffies_up(jiffies + sdata->u.mgd.beacon_timeout));
128 void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata)
130 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
132 if (unlikely(!ifmgd->associated))
135 if (ifmgd->probe_send_count)
136 ifmgd->probe_send_count = 0;
138 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
141 mod_timer(&ifmgd->conn_mon_timer,
142 round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME));
145 static int ecw2cw(int ecw)
147 return (1 << ecw) - 1;
150 static enum ieee80211_conn_mode
151 ieee80211_determine_ap_chan(struct ieee80211_sub_if_data *sdata,
152 struct ieee80211_channel *channel,
154 const struct ieee802_11_elems *elems,
155 bool ignore_ht_channel_mismatch,
156 const struct ieee80211_conn_settings *conn,
157 struct cfg80211_chan_def *chandef)
159 const struct ieee80211_ht_operation *ht_oper = elems->ht_operation;
160 const struct ieee80211_vht_operation *vht_oper = elems->vht_operation;
161 const struct ieee80211_he_operation *he_oper = elems->he_operation;
162 const struct ieee80211_eht_operation *eht_oper = elems->eht_operation;
163 struct ieee80211_supported_band *sband =
164 sdata->local->hw.wiphy->bands[channel->band];
165 struct cfg80211_chan_def vht_chandef;
169 *chandef = (struct cfg80211_chan_def) {
171 .width = NL80211_CHAN_WIDTH_20_NOHT,
172 .center_freq1 = channel->center_freq,
173 .freq1_offset = channel->freq_offset,
176 /* get special S1G case out of the way */
177 if (sband->band == NL80211_BAND_S1GHZ) {
178 if (!ieee80211_chandef_s1g_oper(elems->s1g_oper, chandef)) {
180 "Missing S1G Operation Element? Trying operating == primary\n");
181 chandef->width = ieee80211_s1g_channel_width(channel);
184 return IEEE80211_CONN_MODE_S1G;
187 /* get special 6 GHz case out of the way */
188 if (sband->band == NL80211_BAND_6GHZ) {
189 enum ieee80211_conn_mode mode = IEEE80211_CONN_MODE_EHT;
191 /* this is an error */
192 if (conn->mode < IEEE80211_CONN_MODE_HE)
193 return IEEE80211_CONN_MODE_LEGACY;
195 if (!elems->he_6ghz_capa || !elems->he_cap) {
197 "HE 6 GHz AP is missing HE/HE 6 GHz band capability\n");
198 return IEEE80211_CONN_MODE_LEGACY;
201 if (!eht_oper || !elems->eht_cap) {
203 mode = IEEE80211_CONN_MODE_HE;
206 if (!ieee80211_chandef_he_6ghz_oper(sdata->local, he_oper,
207 eht_oper, chandef)) {
208 sdata_info(sdata, "bad HE/EHT 6 GHz operation\n");
209 return IEEE80211_CONN_MODE_LEGACY;
215 /* now we have the progression HT, VHT, ... */
216 if (conn->mode < IEEE80211_CONN_MODE_HT)
217 return IEEE80211_CONN_MODE_LEGACY;
219 if (!ht_oper || !elems->ht_cap_elem)
220 return IEEE80211_CONN_MODE_LEGACY;
222 chandef->width = NL80211_CHAN_WIDTH_20;
224 ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan,
226 /* check that channel matches the right operating channel */
227 if (!ignore_ht_channel_mismatch && channel->center_freq != ht_cfreq) {
229 * It's possible that some APs are confused here;
230 * Netgear WNDR3700 sometimes reports 4 higher than
231 * the actual channel in association responses, but
232 * since we look at probe response/beacon data here
236 "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n",
237 channel->center_freq, ht_cfreq,
238 ht_oper->primary_chan, channel->band);
239 return IEEE80211_CONN_MODE_LEGACY;
242 ieee80211_chandef_ht_oper(ht_oper, chandef);
244 if (conn->mode < IEEE80211_CONN_MODE_VHT)
245 return IEEE80211_CONN_MODE_HT;
247 vht_chandef = *chandef;
250 * having he_cap/he_oper parsed out implies we're at
251 * least operating as HE STA
253 if (elems->he_cap && he_oper &&
254 he_oper->he_oper_params & cpu_to_le32(IEEE80211_HE_OPERATION_VHT_OPER_INFO)) {
255 struct ieee80211_vht_operation he_oper_vht_cap;
258 * Set only first 3 bytes (other 2 aren't used in
259 * ieee80211_chandef_vht_oper() anyway)
261 memcpy(&he_oper_vht_cap, he_oper->optional, 3);
262 he_oper_vht_cap.basic_mcs_set = cpu_to_le16(0);
264 if (!ieee80211_chandef_vht_oper(&sdata->local->hw, vht_cap_info,
265 &he_oper_vht_cap, ht_oper,
268 "HE AP VHT information is invalid, disabling HE\n");
269 /* this will cause us to re-parse as VHT STA */
270 return IEEE80211_CONN_MODE_VHT;
272 } else if (!vht_oper || !elems->vht_cap_elem) {
273 if (sband->band == NL80211_BAND_5GHZ) {
275 "VHT information is missing, disabling VHT\n");
276 return IEEE80211_CONN_MODE_HT;
279 } else if (sband->band == NL80211_BAND_2GHZ) {
281 } else if (!ieee80211_chandef_vht_oper(&sdata->local->hw,
286 "AP VHT information is invalid, disabling VHT\n");
287 return IEEE80211_CONN_MODE_HT;
290 if (!cfg80211_chandef_compatible(chandef, &vht_chandef)) {
292 "AP VHT information doesn't match HT, disabling VHT\n");
293 return IEEE80211_CONN_MODE_HT;
296 *chandef = vht_chandef;
298 /* stick to current max mode if we or the AP don't have HE */
299 if (conn->mode < IEEE80211_CONN_MODE_HE ||
300 !elems->he_operation || !elems->he_cap) {
302 return IEEE80211_CONN_MODE_HT;
303 return IEEE80211_CONN_MODE_VHT;
306 /* stick to HE if we or the AP don't have EHT */
307 if (conn->mode < IEEE80211_CONN_MODE_EHT ||
308 !eht_oper || !elems->eht_cap)
309 return IEEE80211_CONN_MODE_HE;
312 * handle the case that the EHT operation indicates that it holds EHT
313 * operation information (in case that the channel width differs from
314 * the channel width reported in HT/VHT/HE).
316 if (eht_oper->params & IEEE80211_EHT_OPER_INFO_PRESENT) {
317 struct cfg80211_chan_def eht_chandef = *chandef;
319 ieee80211_chandef_eht_oper((const void *)eht_oper->optional,
322 eht_chandef.punctured =
323 ieee80211_eht_oper_dis_subchan_bitmap(eht_oper);
325 if (!cfg80211_chandef_valid(&eht_chandef)) {
327 "AP EHT information is invalid, disabling EHT\n");
328 return IEEE80211_CONN_MODE_HE;
331 if (!cfg80211_chandef_compatible(chandef, &eht_chandef)) {
333 "AP EHT information doesn't match HT/VHT/HE, disabling EHT\n");
334 return IEEE80211_CONN_MODE_HE;
337 *chandef = eht_chandef;
340 return IEEE80211_CONN_MODE_EHT;
344 ieee80211_verify_peer_he_mcs_support(struct ieee80211_sub_if_data *sdata,
345 const struct ieee80211_he_cap_elem *he_cap,
346 const struct ieee80211_he_operation *he_op)
348 struct ieee80211_he_mcs_nss_supp *he_mcs_nss_supp;
349 u16 mcs_80_map_tx, mcs_80_map_rx;
356 /* mcs_nss is right after he_cap info */
357 he_mcs_nss_supp = (void *)(he_cap + 1);
359 mcs_80_map_tx = le16_to_cpu(he_mcs_nss_supp->tx_mcs_80);
360 mcs_80_map_rx = le16_to_cpu(he_mcs_nss_supp->rx_mcs_80);
362 /* P802.11-REVme/D0.3
363 * 27.1.1 Introduction to the HE PHY
365 * An HE STA shall support the following features:
367 * Single spatial stream HE-MCSs 0 to 7 (transmit and receive) in all
368 * supported channel widths for HE SU PPDUs
370 if ((mcs_80_map_tx & 0x3) == IEEE80211_HE_MCS_NOT_SUPPORTED ||
371 (mcs_80_map_rx & 0x3) == IEEE80211_HE_MCS_NOT_SUPPORTED) {
373 "Missing mandatory rates for 1 Nss, rx 0x%x, tx 0x%x, disable HE\n",
374 mcs_80_map_tx, mcs_80_map_rx);
381 ap_min_req_set = le16_to_cpu(he_op->he_mcs_nss_set);
384 * Apparently iPhone 13 (at least iOS version 15.3.1) sets this to all
385 * zeroes, which is nonsense, and completely inconsistent with itself
386 * (it doesn't have 8 streams). Accept the settings in this case anyway.
391 /* make sure the AP is consistent with itself
394 * 26.17.1 Basic HE BSS operation
396 * A STA that is operating in an HE BSS shall be able to receive and
397 * transmit at each of the <HE-MCS, NSS> tuple values indicated by the
398 * Basic HE-MCS And NSS Set field of the HE Operation parameter of the
399 * MLME-START.request primitive and shall be able to receive at each of
400 * the <HE-MCS, NSS> tuple values indicated by the Supported HE-MCS and
401 * NSS Set field in the HE Capabilities parameter of the MLMESTART.request
404 for (nss = 8; nss > 0; nss--) {
405 u8 ap_op_val = (ap_min_req_set >> (2 * (nss - 1))) & 3;
409 if (ap_op_val == IEEE80211_HE_MCS_NOT_SUPPORTED)
412 ap_rx_val = (mcs_80_map_rx >> (2 * (nss - 1))) & 3;
413 ap_tx_val = (mcs_80_map_tx >> (2 * (nss - 1))) & 3;
415 if (ap_rx_val == IEEE80211_HE_MCS_NOT_SUPPORTED ||
416 ap_tx_val == IEEE80211_HE_MCS_NOT_SUPPORTED ||
417 ap_rx_val < ap_op_val || ap_tx_val < ap_op_val) {
419 "Invalid rates for %d Nss, rx %d, tx %d oper %d, disable HE\n",
420 nss, ap_rx_val, ap_rx_val, ap_op_val);
429 ieee80211_verify_sta_he_mcs_support(struct ieee80211_sub_if_data *sdata,
430 struct ieee80211_supported_band *sband,
431 const struct ieee80211_he_operation *he_op)
433 const struct ieee80211_sta_he_cap *sta_he_cap =
434 ieee80211_get_he_iftype_cap_vif(sband, &sdata->vif);
438 if (!sta_he_cap || !he_op)
441 ap_min_req_set = le16_to_cpu(he_op->he_mcs_nss_set);
444 * Apparently iPhone 13 (at least iOS version 15.3.1) sets this to all
445 * zeroes, which is nonsense, and completely inconsistent with itself
446 * (it doesn't have 8 streams). Accept the settings in this case anyway.
451 /* Need to go over for 80MHz, 160MHz and for 80+80 */
452 for (i = 0; i < 3; i++) {
453 const struct ieee80211_he_mcs_nss_supp *sta_mcs_nss_supp =
454 &sta_he_cap->he_mcs_nss_supp;
456 le16_to_cpu(((__le16 *)sta_mcs_nss_supp)[2 * i]);
458 le16_to_cpu(((__le16 *)sta_mcs_nss_supp)[2 * i + 1]);
460 bool verified = true;
463 * For each band there is a maximum of 8 spatial streams
464 * possible. Each of the sta_mcs_map_* is a 16-bit struct built
465 * of 2 bits per NSS (1-8), with the values defined in enum
466 * ieee80211_he_mcs_support. Need to make sure STA TX and RX
467 * capabilities aren't less than the AP's minimum requirements
468 * for this HE BSS per SS.
469 * It is enough to find one such band that meets the reqs.
471 for (nss = 8; nss > 0; nss--) {
472 u8 sta_rx_val = (sta_mcs_map_rx >> (2 * (nss - 1))) & 3;
473 u8 sta_tx_val = (sta_mcs_map_tx >> (2 * (nss - 1))) & 3;
474 u8 ap_val = (ap_min_req_set >> (2 * (nss - 1))) & 3;
476 if (ap_val == IEEE80211_HE_MCS_NOT_SUPPORTED)
480 * Make sure the HE AP doesn't require MCSs that aren't
481 * supported by the client as required by spec
484 * 26.17.1 Basic HE BSS operation
486 * An HE STA shall not attempt to join * (MLME-JOIN.request primitive)
487 * a BSS, unless it supports (i.e., is able to both transmit and
488 * receive using) all of the <HE-MCS, NSS> tuples in the basic
489 * HE-MCS and NSS set.
491 if (sta_rx_val == IEEE80211_HE_MCS_NOT_SUPPORTED ||
492 sta_tx_val == IEEE80211_HE_MCS_NOT_SUPPORTED ||
493 (ap_val > sta_rx_val) || (ap_val > sta_tx_val)) {
503 /* If here, STA doesn't meet AP's HE min requirements */
508 ieee80211_get_eht_cap_mcs_nss(const struct ieee80211_sta_he_cap *sta_he_cap,
509 const struct ieee80211_sta_eht_cap *sta_eht_cap,
510 unsigned int idx, int bw)
512 u8 he_phy_cap0 = sta_he_cap->he_cap_elem.phy_cap_info[0];
513 u8 eht_phy_cap0 = sta_eht_cap->eht_cap_elem.phy_cap_info[0];
515 /* handle us being a 20 MHz-only EHT STA - with four values
516 * for MCS 0-7, 8-9, 10-11, 12-13.
518 if (!(he_phy_cap0 & IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_MASK_ALL))
519 return sta_eht_cap->eht_mcs_nss_supp.only_20mhz.rx_tx_max_nss[idx];
521 /* the others have MCS 0-9 together, rather than separately from 0-7 */
527 return sta_eht_cap->eht_mcs_nss_supp.bw._80.rx_tx_max_nss[idx];
530 (IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G |
531 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_80PLUS80_MHZ_IN_5G)))
532 return 0xff; /* pass check */
533 return sta_eht_cap->eht_mcs_nss_supp.bw._160.rx_tx_max_nss[idx];
535 if (!(eht_phy_cap0 & IEEE80211_EHT_PHY_CAP0_320MHZ_IN_6GHZ))
536 return 0xff; /* pass check */
537 return sta_eht_cap->eht_mcs_nss_supp.bw._320.rx_tx_max_nss[idx];
545 ieee80211_verify_sta_eht_mcs_support(struct ieee80211_sub_if_data *sdata,
546 struct ieee80211_supported_band *sband,
547 const struct ieee80211_eht_operation *eht_op)
549 const struct ieee80211_sta_he_cap *sta_he_cap =
550 ieee80211_get_he_iftype_cap_vif(sband, &sdata->vif);
551 const struct ieee80211_sta_eht_cap *sta_eht_cap =
552 ieee80211_get_eht_iftype_cap_vif(sband, &sdata->vif);
553 const struct ieee80211_eht_mcs_nss_supp_20mhz_only *req;
556 if (!sta_he_cap || !sta_eht_cap || !eht_op)
559 req = &eht_op->basic_mcs_nss;
561 for (i = 0; i < ARRAY_SIZE(req->rx_tx_max_nss); i++) {
562 u8 req_rx_nss, req_tx_nss;
565 req_rx_nss = u8_get_bits(req->rx_tx_max_nss[i],
566 IEEE80211_EHT_MCS_NSS_RX);
567 req_tx_nss = u8_get_bits(req->rx_tx_max_nss[i],
568 IEEE80211_EHT_MCS_NSS_TX);
570 for (bw = 0; bw < 3; bw++) {
571 u8 have, have_rx_nss, have_tx_nss;
573 have = ieee80211_get_eht_cap_mcs_nss(sta_he_cap,
576 have_rx_nss = u8_get_bits(have,
577 IEEE80211_EHT_MCS_NSS_RX);
578 have_tx_nss = u8_get_bits(have,
579 IEEE80211_EHT_MCS_NSS_TX);
581 if (req_rx_nss > have_rx_nss ||
582 req_tx_nss > have_tx_nss)
590 static bool ieee80211_chandef_usable(struct ieee80211_sub_if_data *sdata,
591 const struct cfg80211_chan_def *chandef,
592 u32 prohibited_flags)
594 if (!cfg80211_chandef_usable(sdata->local->hw.wiphy,
595 chandef, prohibited_flags))
598 if (chandef->punctured &&
599 ieee80211_hw_check(&sdata->local->hw, DISALLOW_PUNCTURING))
605 static struct ieee802_11_elems *
606 ieee80211_determine_chan_mode(struct ieee80211_sub_if_data *sdata,
607 struct ieee80211_conn_settings *conn,
608 struct cfg80211_bss *cbss, int link_id,
609 struct ieee80211_chan_req *chanreq)
611 const struct cfg80211_bss_ies *ies = rcu_dereference(cbss->ies);
612 struct ieee80211_bss *bss = (void *)cbss->priv;
613 struct ieee80211_channel *channel = cbss->channel;
614 struct ieee80211_elems_parse_params parse_params = {
620 struct ieee802_11_elems *elems;
621 struct ieee80211_supported_band *sband;
622 struct cfg80211_chan_def ap_chandef;
623 enum ieee80211_conn_mode ap_mode;
627 parse_params.mode = conn->mode;
628 elems = ieee802_11_parse_elems_full(&parse_params);
630 return ERR_PTR(-ENOMEM);
632 ap_mode = ieee80211_determine_ap_chan(sdata, channel, bss->vht_cap_info,
633 elems, false, conn, &ap_chandef);
635 /* this should be impossible since parsing depends on our mode */
636 if (WARN_ON(ap_mode > conn->mode)) {
641 if (conn->mode != ap_mode) {
642 conn->mode = ap_mode;
647 mlme_link_id_dbg(sdata, link_id, "determined AP %pM to be %s\n",
648 cbss->bssid, ieee80211_conn_mode_str(ap_mode));
650 sband = sdata->local->hw.wiphy->bands[channel->band];
652 switch (channel->band) {
653 case NL80211_BAND_S1GHZ:
654 if (WARN_ON(ap_mode != IEEE80211_CONN_MODE_S1G)) {
659 case NL80211_BAND_6GHZ:
660 if (ap_mode < IEEE80211_CONN_MODE_HE) {
662 "Rejecting non-HE 6/7 GHz connection");
668 if (WARN_ON(ap_mode == IEEE80211_CONN_MODE_S1G)) {
675 case IEEE80211_CONN_MODE_S1G:
679 case IEEE80211_CONN_MODE_LEGACY:
680 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_20;
682 case IEEE80211_CONN_MODE_HT:
683 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
685 IEEE80211_CONN_BW_LIMIT_40);
687 case IEEE80211_CONN_MODE_VHT:
688 case IEEE80211_CONN_MODE_HE:
689 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
691 IEEE80211_CONN_BW_LIMIT_160);
693 case IEEE80211_CONN_MODE_EHT:
694 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
696 IEEE80211_CONN_BW_LIMIT_320);
700 chanreq->oper = ap_chandef;
702 /* wider-bandwidth OFDMA is only done in EHT */
703 if (conn->mode >= IEEE80211_CONN_MODE_EHT &&
704 !(sdata->vif.driver_flags & IEEE80211_VIF_IGNORE_OFDMA_WIDER_BW))
705 chanreq->ap = ap_chandef;
707 chanreq->ap.chan = NULL;
709 while (!ieee80211_chandef_usable(sdata, &chanreq->oper,
710 IEEE80211_CHAN_DISABLED)) {
711 if (WARN_ON(chanreq->oper.width == NL80211_CHAN_WIDTH_20_NOHT)) {
716 ieee80211_chanreq_downgrade(chanreq, conn);
719 if (conn->mode >= IEEE80211_CONN_MODE_HE &&
720 !cfg80211_chandef_usable(sdata->wdev.wiphy, &chanreq->oper,
721 IEEE80211_CHAN_NO_HE)) {
722 conn->mode = IEEE80211_CONN_MODE_VHT;
723 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
725 IEEE80211_CONN_BW_LIMIT_160);
728 if (conn->mode >= IEEE80211_CONN_MODE_EHT &&
729 !cfg80211_chandef_usable(sdata->wdev.wiphy, &chanreq->oper,
730 IEEE80211_CHAN_NO_EHT)) {
731 conn->mode = IEEE80211_CONN_MODE_HE;
732 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
734 IEEE80211_CONN_BW_LIMIT_160);
737 if (chanreq->oper.width != ap_chandef.width || ap_mode != conn->mode)
739 "regulatory prevented using AP config, downgraded\n");
741 if (conn->mode >= IEEE80211_CONN_MODE_HE &&
742 (!ieee80211_verify_peer_he_mcs_support(sdata, (void *)elems->he_cap,
743 elems->he_operation) ||
744 !ieee80211_verify_sta_he_mcs_support(sdata, sband,
745 elems->he_operation))) {
746 conn->mode = IEEE80211_CONN_MODE_VHT;
747 sdata_info(sdata, "required MCSes not supported, disabling HE\n");
750 if (conn->mode >= IEEE80211_CONN_MODE_EHT &&
751 !ieee80211_verify_sta_eht_mcs_support(sdata, sband,
752 elems->eht_operation)) {
753 conn->mode = IEEE80211_CONN_MODE_HE;
754 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
756 IEEE80211_CONN_BW_LIMIT_160);
757 sdata_info(sdata, "required MCSes not supported, disabling EHT\n");
760 /* the mode can only decrease, so this must terminate */
761 if (ap_mode != conn->mode) {
766 mlme_link_id_dbg(sdata, link_id,
767 "connecting with %s mode, max bandwidth %d MHz\n",
768 ieee80211_conn_mode_str(conn->mode),
769 20 * (1 << conn->bw_limit));
771 if (WARN_ON_ONCE(!cfg80211_chandef_valid(&chanreq->oper))) {
782 static int ieee80211_config_bw(struct ieee80211_link_data *link,
783 struct ieee802_11_elems *elems,
784 bool update, u64 *changed)
786 struct ieee80211_channel *channel = link->conf->chanreq.oper.chan;
787 struct ieee80211_sub_if_data *sdata = link->sdata;
788 struct ieee80211_chan_req chanreq = {};
789 enum ieee80211_conn_mode ap_mode;
790 u32 vht_cap_info = 0;
794 /* don't track any bandwidth changes in legacy/S1G modes */
795 if (link->u.mgd.conn.mode == IEEE80211_CONN_MODE_LEGACY ||
796 link->u.mgd.conn.mode == IEEE80211_CONN_MODE_S1G)
799 if (elems->vht_cap_elem)
800 vht_cap_info = le32_to_cpu(elems->vht_cap_elem->vht_cap_info);
802 ap_mode = ieee80211_determine_ap_chan(sdata, channel, vht_cap_info,
803 elems, true, &link->u.mgd.conn,
806 if (ap_mode != link->u.mgd.conn.mode) {
808 "AP appears to change mode (expected %s, found %s), disconnect\n",
809 ieee80211_conn_mode_str(link->u.mgd.conn.mode),
810 ieee80211_conn_mode_str(ap_mode));
814 chanreq.oper = chanreq.ap;
815 if (link->u.mgd.conn.mode < IEEE80211_CONN_MODE_EHT ||
816 sdata->vif.driver_flags & IEEE80211_VIF_IGNORE_OFDMA_WIDER_BW)
817 chanreq.ap.chan = NULL;
820 * if HT operation mode changed store the new one -
821 * this may be applicable even if channel is identical
823 if (elems->ht_operation) {
824 ht_opmode = le16_to_cpu(elems->ht_operation->operation_mode);
825 if (link->conf->ht_operation_mode != ht_opmode) {
826 *changed |= BSS_CHANGED_HT;
827 link->conf->ht_operation_mode = ht_opmode;
832 * Downgrade the new channel if we associated with restricted
833 * bandwidth capabilities. For example, if we associated as a
834 * 20 MHz STA to a 40 MHz AP (due to regulatory, capabilities
835 * or config reasons) then switching to a 40 MHz channel now
836 * won't do us any good -- we couldn't use it with the AP.
838 while (link->u.mgd.conn.bw_limit <
839 ieee80211_min_bw_limit_from_chandef(&chanreq.oper))
840 ieee80211_chandef_downgrade(&chanreq.oper, NULL);
842 if (ieee80211_chanreq_identical(&chanreq, &link->conf->chanreq))
846 "AP %pM changed bandwidth, new used config is %d.%03d MHz, width %d (%d.%03d/%d MHz)\n",
847 link->u.mgd.bssid, chanreq.oper.chan->center_freq,
848 chanreq.oper.chan->freq_offset, chanreq.oper.width,
849 chanreq.oper.center_freq1, chanreq.oper.freq1_offset,
850 chanreq.oper.center_freq2);
852 if (!cfg80211_chandef_valid(&chanreq.oper)) {
854 "AP %pM changed caps/bw in a way we can't support - disconnect\n",
860 link->conf->chanreq = chanreq;
865 * We're tracking the current AP here, so don't do any further checks
866 * here. This keeps us from playing ping-pong with regulatory, without
867 * it the following can happen (for example):
868 * - connect to an AP with 80 MHz, world regdom allows 80 MHz
869 * - AP advertises regdom US
870 * - CRDA loads regdom US with 80 MHz prohibited (old database)
871 * - we detect an unsupported channel and disconnect
872 * - disconnect causes CRDA to reload world regdomain and the game
874 * (see https://bugzilla.kernel.org/show_bug.cgi?id=70881)
876 * It seems possible that there are still scenarios with CSA or real
877 * bandwidth changes where a this could happen, but those cases are
878 * less common and wouldn't completely prevent using the AP.
881 ret = ieee80211_link_change_chanreq(link, &chanreq, changed);
884 "AP %pM changed bandwidth to incompatible one - disconnect\n",
889 cfg80211_schedule_channels_check(&sdata->wdev);
893 /* frame sending functions */
895 static void ieee80211_add_ht_ie(struct ieee80211_sub_if_data *sdata,
896 struct sk_buff *skb, u8 ap_ht_param,
897 struct ieee80211_supported_band *sband,
898 struct ieee80211_channel *channel,
899 enum ieee80211_smps_mode smps,
900 const struct ieee80211_conn_settings *conn)
903 u32 flags = channel->flags;
905 struct ieee80211_sta_ht_cap ht_cap;
907 BUILD_BUG_ON(sizeof(ht_cap) != sizeof(sband->ht_cap));
909 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap));
910 ieee80211_apply_htcap_overrides(sdata, &ht_cap);
912 /* determine capability flags */
915 switch (ap_ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
916 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
917 if (flags & IEEE80211_CHAN_NO_HT40PLUS) {
918 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
919 cap &= ~IEEE80211_HT_CAP_SGI_40;
922 case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
923 if (flags & IEEE80211_CHAN_NO_HT40MINUS) {
924 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
925 cap &= ~IEEE80211_HT_CAP_SGI_40;
931 * If 40 MHz was disabled associate as though we weren't
932 * capable of 40 MHz -- some broken APs will never fall
933 * back to trying to transmit in 20 MHz.
935 if (conn->bw_limit <= IEEE80211_CONN_BW_LIMIT_20) {
936 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
937 cap &= ~IEEE80211_HT_CAP_SGI_40;
940 /* set SM PS mode properly */
941 cap &= ~IEEE80211_HT_CAP_SM_PS;
943 case IEEE80211_SMPS_AUTOMATIC:
944 case IEEE80211_SMPS_NUM_MODES:
947 case IEEE80211_SMPS_OFF:
948 cap |= WLAN_HT_CAP_SM_PS_DISABLED <<
949 IEEE80211_HT_CAP_SM_PS_SHIFT;
951 case IEEE80211_SMPS_STATIC:
952 cap |= WLAN_HT_CAP_SM_PS_STATIC <<
953 IEEE80211_HT_CAP_SM_PS_SHIFT;
955 case IEEE80211_SMPS_DYNAMIC:
956 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC <<
957 IEEE80211_HT_CAP_SM_PS_SHIFT;
961 /* reserve and fill IE */
962 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2);
963 ieee80211_ie_build_ht_cap(pos, &ht_cap, cap);
966 /* This function determines vht capability flags for the association
968 * Note - the function returns true to own the MU-MIMO capability
970 static bool ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata,
972 struct ieee80211_supported_band *sband,
973 struct ieee80211_vht_cap *ap_vht_cap,
974 const struct ieee80211_conn_settings *conn)
976 struct ieee80211_local *local = sdata->local;
979 struct ieee80211_sta_vht_cap vht_cap;
980 u32 mask, ap_bf_sts, our_bf_sts;
981 bool mu_mimo_owner = false;
983 BUILD_BUG_ON(sizeof(vht_cap) != sizeof(sband->vht_cap));
985 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap));
986 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap);
988 /* determine capability flags */
991 if (conn->bw_limit <= IEEE80211_CONN_BW_LIMIT_80) {
992 cap &= ~IEEE80211_VHT_CAP_SHORT_GI_160;
993 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK;
997 * Some APs apparently get confused if our capabilities are better
998 * than theirs, so restrict what we advertise in the assoc request.
1000 if (!(ap_vht_cap->vht_cap_info &
1001 cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)))
1002 cap &= ~(IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
1003 IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE);
1004 else if (!(ap_vht_cap->vht_cap_info &
1005 cpu_to_le32(IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)))
1006 cap &= ~IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE;
1009 * If some other vif is using the MU-MIMO capability we cannot associate
1010 * using MU-MIMO - this will lead to contradictions in the group-id
1012 * Ownership is defined since association request, in order to avoid
1013 * simultaneous associations with MU-MIMO.
1015 if (cap & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE) {
1016 bool disable_mu_mimo = false;
1017 struct ieee80211_sub_if_data *other;
1019 list_for_each_entry_rcu(other, &local->interfaces, list) {
1020 if (other->vif.bss_conf.mu_mimo_owner) {
1021 disable_mu_mimo = true;
1025 if (disable_mu_mimo)
1026 cap &= ~IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE;
1028 mu_mimo_owner = true;
1031 mask = IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK;
1033 ap_bf_sts = le32_to_cpu(ap_vht_cap->vht_cap_info) & mask;
1034 our_bf_sts = cap & mask;
1036 if (ap_bf_sts < our_bf_sts) {
1041 /* reserve and fill IE */
1042 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2);
1043 ieee80211_ie_build_vht_cap(pos, &vht_cap, cap);
1045 return mu_mimo_owner;
1048 static void ieee80211_assoc_add_rates(struct sk_buff *skb,
1049 enum nl80211_chan_width width,
1050 struct ieee80211_supported_band *sband,
1051 struct ieee80211_mgd_assoc_data *assoc_data)
1055 if (assoc_data->supp_rates_len) {
1057 * Get all rates supported by the device and the AP as
1058 * some APs don't like getting a superset of their rates
1059 * in the association request (e.g. D-Link DAP 1353 in
1062 ieee80211_parse_bitrates(width, sband,
1063 assoc_data->supp_rates,
1064 assoc_data->supp_rates_len,
1068 * In case AP not provide any supported rates information
1069 * before association, we send information element(s) with
1070 * all rates that we support.
1075 ieee80211_put_srates_elem(skb, sband, 0, 0, ~rates,
1076 WLAN_EID_SUPP_RATES);
1077 ieee80211_put_srates_elem(skb, sband, 0, 0, ~rates,
1078 WLAN_EID_EXT_SUPP_RATES);
1081 static size_t ieee80211_add_before_ht_elems(struct sk_buff *skb,
1088 static const u8 before_ht[] = {
1090 WLAN_EID_SUPP_RATES,
1091 WLAN_EID_EXT_SUPP_RATES,
1092 WLAN_EID_PWR_CAPABILITY,
1093 WLAN_EID_SUPPORTED_CHANNELS,
1096 WLAN_EID_RRM_ENABLED_CAPABILITIES,
1097 WLAN_EID_MOBILITY_DOMAIN,
1098 WLAN_EID_FAST_BSS_TRANSITION, /* reassoc only */
1099 WLAN_EID_RIC_DATA, /* reassoc only */
1100 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
1102 static const u8 after_ric[] = {
1103 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
1104 WLAN_EID_HT_CAPABILITY,
1105 WLAN_EID_BSS_COEX_2040,
1106 /* luckily this is almost always there */
1107 WLAN_EID_EXT_CAPABILITY,
1108 WLAN_EID_QOS_TRAFFIC_CAPA,
1109 WLAN_EID_TIM_BCAST_REQ,
1110 WLAN_EID_INTERWORKING,
1111 /* 60 GHz (Multi-band, DMG, MMS) can't happen */
1112 WLAN_EID_VHT_CAPABILITY,
1113 WLAN_EID_OPMODE_NOTIF,
1119 noffset = ieee80211_ie_split_ric(elems, elems_len,
1121 ARRAY_SIZE(before_ht),
1123 ARRAY_SIZE(after_ric),
1125 skb_put_data(skb, elems + offset, noffset - offset);
1130 static size_t ieee80211_add_before_vht_elems(struct sk_buff *skb,
1135 static const u8 before_vht[] = {
1137 * no need to list the ones split off before HT
1140 WLAN_EID_BSS_COEX_2040,
1141 WLAN_EID_EXT_CAPABILITY,
1142 WLAN_EID_QOS_TRAFFIC_CAPA,
1143 WLAN_EID_TIM_BCAST_REQ,
1144 WLAN_EID_INTERWORKING,
1145 /* 60 GHz (Multi-band, DMG, MMS) can't happen */
1152 /* RIC already taken care of in ieee80211_add_before_ht_elems() */
1153 noffset = ieee80211_ie_split(elems, elems_len,
1154 before_vht, ARRAY_SIZE(before_vht),
1156 skb_put_data(skb, elems + offset, noffset - offset);
1161 static size_t ieee80211_add_before_he_elems(struct sk_buff *skb,
1166 static const u8 before_he[] = {
1168 * no need to list the ones split off before VHT
1171 WLAN_EID_OPMODE_NOTIF,
1172 WLAN_EID_EXTENSION, WLAN_EID_EXT_FUTURE_CHAN_GUIDANCE,
1174 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_SESSION,
1175 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_PUBLIC_KEY,
1176 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_KEY_CONFIRM,
1177 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_HLP_CONTAINER,
1178 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_IP_ADDR_ASSIGN,
1179 /* TODO: add 11ah/11aj/11ak elements */
1186 /* RIC already taken care of in ieee80211_add_before_ht_elems() */
1187 noffset = ieee80211_ie_split(elems, elems_len,
1188 before_he, ARRAY_SIZE(before_he),
1190 skb_put_data(skb, elems + offset, noffset - offset);
1195 #define PRESENT_ELEMS_MAX 8
1196 #define PRESENT_ELEM_EXT_OFFS 0x100
1198 static void ieee80211_assoc_add_ml_elem(struct ieee80211_sub_if_data *sdata,
1199 struct sk_buff *skb, u16 capab,
1200 const struct element *ext_capa,
1201 const u16 *present_elems);
1203 static size_t ieee80211_assoc_link_elems(struct ieee80211_sub_if_data *sdata,
1204 struct sk_buff *skb, u16 *capab,
1205 const struct element *ext_capa,
1206 const u8 *extra_elems,
1207 size_t extra_elems_len,
1208 unsigned int link_id,
1209 struct ieee80211_link_data *link,
1212 enum nl80211_iftype iftype = ieee80211_vif_type_p2p(&sdata->vif);
1213 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1214 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
1215 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss;
1216 struct ieee80211_channel *chan = cbss->channel;
1217 const struct ieee80211_sband_iftype_data *iftd;
1218 struct ieee80211_local *local = sdata->local;
1219 struct ieee80211_supported_band *sband;
1220 enum nl80211_chan_width width = NL80211_CHAN_WIDTH_20;
1221 struct ieee80211_chanctx_conf *chanctx_conf;
1222 enum ieee80211_smps_mode smps_mode;
1223 u16 orig_capab = *capab;
1225 int present_elems_len = 0;
1229 #define ADD_PRESENT_ELEM(id) do { \
1230 /* need a last for termination - we use 0 == SSID */ \
1231 if (!WARN_ON(present_elems_len >= PRESENT_ELEMS_MAX - 1)) \
1232 present_elems[present_elems_len++] = (id); \
1234 #define ADD_PRESENT_EXT_ELEM(id) ADD_PRESENT_ELEM(PRESENT_ELEM_EXT_OFFS | (id))
1237 smps_mode = link->smps_mode;
1238 else if (sdata->u.mgd.powersave)
1239 smps_mode = IEEE80211_SMPS_DYNAMIC;
1241 smps_mode = IEEE80211_SMPS_OFF;
1245 * 5/10 MHz scenarios are only viable without MLO, in which
1246 * case this pointer should be used ... All of this is a bit
1247 * unclear though, not sure this even works at all.
1250 chanctx_conf = rcu_dereference(link->conf->chanctx_conf);
1252 width = chanctx_conf->def.width;
1256 sband = local->hw.wiphy->bands[chan->band];
1257 iftd = ieee80211_get_sband_iftype_data(sband, iftype);
1259 if (sband->band == NL80211_BAND_2GHZ) {
1260 *capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
1261 *capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
1264 if ((cbss->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) &&
1265 ieee80211_hw_check(&local->hw, SPECTRUM_MGMT))
1266 *capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;
1268 if (sband->band != NL80211_BAND_S1GHZ)
1269 ieee80211_assoc_add_rates(skb, width, sband, assoc_data);
1271 if (*capab & WLAN_CAPABILITY_SPECTRUM_MGMT ||
1272 *capab & WLAN_CAPABILITY_RADIO_MEASURE) {
1273 struct cfg80211_chan_def chandef = {
1278 pos = skb_put(skb, 4);
1279 *pos++ = WLAN_EID_PWR_CAPABILITY;
1281 *pos++ = 0; /* min tx power */
1283 *pos++ = ieee80211_chandef_max_power(&chandef);
1284 ADD_PRESENT_ELEM(WLAN_EID_PWR_CAPABILITY);
1288 * Per spec, we shouldn't include the list of channels if we advertise
1289 * support for extended channel switching, but we've always done that;
1290 * (for now?) apply this restriction only on the (new) 6 GHz band.
1292 if (*capab & WLAN_CAPABILITY_SPECTRUM_MGMT &&
1293 (sband->band != NL80211_BAND_6GHZ ||
1294 !ext_capa || ext_capa->datalen < 1 ||
1295 !(ext_capa->data[0] & WLAN_EXT_CAPA1_EXT_CHANNEL_SWITCHING))) {
1296 /* TODO: get this in reg domain format */
1297 pos = skb_put(skb, 2 * sband->n_channels + 2);
1298 *pos++ = WLAN_EID_SUPPORTED_CHANNELS;
1299 *pos++ = 2 * sband->n_channels;
1300 for (i = 0; i < sband->n_channels; i++) {
1301 int cf = sband->channels[i].center_freq;
1303 *pos++ = ieee80211_frequency_to_channel(cf);
1304 *pos++ = 1; /* one channel in the subband*/
1306 ADD_PRESENT_ELEM(WLAN_EID_SUPPORTED_CHANNELS);
1309 /* if present, add any custom IEs that go before HT */
1310 offset = ieee80211_add_before_ht_elems(skb, extra_elems,
1314 if (sband->band != NL80211_BAND_6GHZ &&
1315 assoc_data->link[link_id].conn.mode >= IEEE80211_CONN_MODE_HT) {
1316 ieee80211_add_ht_ie(sdata, skb,
1317 assoc_data->link[link_id].ap_ht_param,
1318 sband, chan, smps_mode,
1319 &assoc_data->link[link_id].conn);
1320 ADD_PRESENT_ELEM(WLAN_EID_HT_CAPABILITY);
1323 /* if present, add any custom IEs that go before VHT */
1324 offset = ieee80211_add_before_vht_elems(skb, extra_elems,
1328 if (sband->band != NL80211_BAND_6GHZ &&
1329 assoc_data->link[link_id].conn.mode >= IEEE80211_CONN_MODE_VHT &&
1330 sband->vht_cap.vht_supported) {
1331 bool mu_mimo_owner =
1332 ieee80211_add_vht_ie(sdata, skb, sband,
1333 &assoc_data->link[link_id].ap_vht_cap,
1334 &assoc_data->link[link_id].conn);
1337 link->conf->mu_mimo_owner = mu_mimo_owner;
1338 ADD_PRESENT_ELEM(WLAN_EID_VHT_CAPABILITY);
1341 /* if present, add any custom IEs that go before HE */
1342 offset = ieee80211_add_before_he_elems(skb, extra_elems,
1346 if (assoc_data->link[link_id].conn.mode >= IEEE80211_CONN_MODE_HE) {
1347 ieee80211_put_he_cap(skb, sdata, sband,
1348 &assoc_data->link[link_id].conn);
1349 ADD_PRESENT_EXT_ELEM(WLAN_EID_EXT_HE_CAPABILITY);
1350 ieee80211_put_he_6ghz_cap(skb, sdata, smps_mode);
1354 * careful - need to know about all the present elems before
1355 * calling ieee80211_assoc_add_ml_elem(), so add this one if
1356 * we're going to put it after the ML element
1358 if (assoc_data->link[link_id].conn.mode >= IEEE80211_CONN_MODE_EHT)
1359 ADD_PRESENT_EXT_ELEM(WLAN_EID_EXT_EHT_CAPABILITY);
1361 if (link_id == assoc_data->assoc_link_id)
1362 ieee80211_assoc_add_ml_elem(sdata, skb, orig_capab, ext_capa,
1365 /* crash if somebody gets it wrong */
1366 present_elems = NULL;
1368 if (assoc_data->link[link_id].conn.mode >= IEEE80211_CONN_MODE_EHT)
1369 ieee80211_put_eht_cap(skb, sdata, sband,
1370 &assoc_data->link[link_id].conn);
1372 if (sband->band == NL80211_BAND_S1GHZ) {
1373 ieee80211_add_aid_request_ie(sdata, skb);
1374 ieee80211_add_s1g_capab_ie(sdata, &sband->s1g_cap, skb);
1377 if (iftd && iftd->vendor_elems.data && iftd->vendor_elems.len)
1378 skb_put_data(skb, iftd->vendor_elems.data, iftd->vendor_elems.len);
1383 static void ieee80211_add_non_inheritance_elem(struct sk_buff *skb,
1387 unsigned int skb_len = skb->len;
1388 bool at_extension = false;
1391 u8 *len, *list_len = NULL;
1393 skb_put_u8(skb, WLAN_EID_EXTENSION);
1394 len = skb_put(skb, 1);
1395 skb_put_u8(skb, WLAN_EID_EXT_NON_INHERITANCE);
1397 for (i = 0; i < PRESENT_ELEMS_MAX && outer[i]; i++) {
1398 u16 elem = outer[i];
1399 bool have_inner = false;
1401 /* should at least be sorted in the sense of normal -> ext */
1402 WARN_ON(at_extension && elem < PRESENT_ELEM_EXT_OFFS);
1404 /* switch to extension list */
1405 if (!at_extension && elem >= PRESENT_ELEM_EXT_OFFS) {
1406 at_extension = true;
1412 for (j = 0; j < PRESENT_ELEMS_MAX && inner[j]; j++) {
1413 if (elem == inner[j]) {
1423 list_len = skb_put(skb, 1);
1427 skb_put_u8(skb, (u8)elem);
1431 /* if we added a list but no extension list, make a zero-len one */
1432 if (added && (!at_extension || !list_len))
1435 /* if nothing added remove extension element completely */
1437 skb_trim(skb, skb_len);
1439 *len = skb->len - skb_len - 2;
1442 static void ieee80211_assoc_add_ml_elem(struct ieee80211_sub_if_data *sdata,
1443 struct sk_buff *skb, u16 capab,
1444 const struct element *ext_capa,
1445 const u16 *outer_present_elems)
1447 struct ieee80211_local *local = sdata->local;
1448 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1449 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
1450 struct ieee80211_multi_link_elem *ml_elem;
1451 struct ieee80211_mle_basic_common_info *common;
1452 const struct wiphy_iftype_ext_capab *ift_ext_capa;
1453 __le16 eml_capa = 0, mld_capa_ops = 0;
1454 unsigned int link_id;
1458 if (!ieee80211_vif_is_mld(&sdata->vif))
1461 ift_ext_capa = cfg80211_get_iftype_ext_capa(local->hw.wiphy,
1462 ieee80211_vif_type_p2p(&sdata->vif));
1464 eml_capa = cpu_to_le16(ift_ext_capa->eml_capabilities);
1465 mld_capa_ops = cpu_to_le16(ift_ext_capa->mld_capa_and_ops);
1468 skb_put_u8(skb, WLAN_EID_EXTENSION);
1469 ml_elem_len = skb_put(skb, 1);
1470 skb_put_u8(skb, WLAN_EID_EXT_EHT_MULTI_LINK);
1471 ml_elem = skb_put(skb, sizeof(*ml_elem));
1473 cpu_to_le16(IEEE80211_ML_CONTROL_TYPE_BASIC |
1474 IEEE80211_MLC_BASIC_PRES_MLD_CAPA_OP);
1475 common = skb_put(skb, sizeof(*common));
1476 common->len = sizeof(*common) +
1477 2; /* MLD capa/ops */
1478 memcpy(common->mld_mac_addr, sdata->vif.addr, ETH_ALEN);
1480 /* add EML_CAPA only if needed, see Draft P802.11be_D2.1, 35.3.17 */
1482 cpu_to_le16((IEEE80211_EML_CAP_EMLSR_SUPP |
1483 IEEE80211_EML_CAP_EMLMR_SUPPORT))) {
1484 common->len += 2; /* EML capabilities */
1486 cpu_to_le16(IEEE80211_MLC_BASIC_PRES_EML_CAPA);
1487 skb_put_data(skb, &eml_capa, sizeof(eml_capa));
1489 skb_put_data(skb, &mld_capa_ops, sizeof(mld_capa_ops));
1491 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
1492 u16 link_present_elems[PRESENT_ELEMS_MAX] = {};
1493 const u8 *extra_elems;
1494 size_t extra_elems_len;
1496 u8 *subelem_len = NULL;
1499 if (!assoc_data->link[link_id].bss ||
1500 link_id == assoc_data->assoc_link_id)
1503 extra_elems = assoc_data->link[link_id].elems;
1504 extra_elems_len = assoc_data->link[link_id].elems_len;
1506 skb_put_u8(skb, IEEE80211_MLE_SUBELEM_PER_STA_PROFILE);
1507 subelem_len = skb_put(skb, 1);
1509 ctrl = cpu_to_le16(link_id |
1510 IEEE80211_MLE_STA_CONTROL_COMPLETE_PROFILE |
1511 IEEE80211_MLE_STA_CONTROL_STA_MAC_ADDR_PRESENT);
1512 skb_put_data(skb, &ctrl, sizeof(ctrl));
1513 skb_put_u8(skb, 1 + ETH_ALEN); /* STA Info Length */
1514 skb_put_data(skb, assoc_data->link[link_id].addr,
1517 * Now add the contents of the (re)association request,
1518 * but the "listen interval" and "current AP address"
1519 * (if applicable) are skipped. So we only have
1520 * the capability field (remember the position and fill
1521 * later), followed by the elements added below by
1522 * calling ieee80211_assoc_link_elems().
1524 capab_pos = skb_put(skb, 2);
1526 extra_used = ieee80211_assoc_link_elems(sdata, skb, &capab,
1531 link_present_elems);
1533 skb_put_data(skb, extra_elems + extra_used,
1534 extra_elems_len - extra_used);
1536 put_unaligned_le16(capab, capab_pos);
1538 ieee80211_add_non_inheritance_elem(skb, outer_present_elems,
1539 link_present_elems);
1541 ieee80211_fragment_element(skb, subelem_len,
1542 IEEE80211_MLE_SUBELEM_FRAGMENT);
1545 ieee80211_fragment_element(skb, ml_elem_len, WLAN_EID_FRAGMENT);
1548 static int ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata)
1550 struct ieee80211_local *local = sdata->local;
1551 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1552 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
1553 struct ieee80211_link_data *link;
1554 struct sk_buff *skb;
1555 struct ieee80211_mgmt *mgmt;
1556 u8 *pos, qos_info, *ie_start;
1557 size_t offset, noffset;
1558 u16 capab = 0, link_capab;
1560 struct element *ext_capa = NULL;
1561 enum nl80211_iftype iftype = ieee80211_vif_type_p2p(&sdata->vif);
1562 struct ieee80211_prep_tx_info info = {};
1563 unsigned int link_id, n_links = 0;
1564 u16 present_elems[PRESENT_ELEMS_MAX] = {};
1569 /* we know it's writable, cast away the const */
1570 if (assoc_data->ie_len)
1571 ext_capa = (void *)cfg80211_find_elem(WLAN_EID_EXT_CAPABILITY,
1573 assoc_data->ie_len);
1575 lockdep_assert_wiphy(sdata->local->hw.wiphy);
1577 size = local->hw.extra_tx_headroom +
1578 sizeof(*mgmt) + /* bit too much but doesn't matter */
1579 2 + assoc_data->ssid_len + /* SSID */
1580 assoc_data->ie_len + /* extra IEs */
1581 (assoc_data->fils_kek_len ? 16 /* AES-SIV */ : 0) +
1584 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
1585 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss;
1586 const struct ieee80211_sband_iftype_data *iftd;
1587 struct ieee80211_supported_band *sband;
1592 sband = local->hw.wiphy->bands[cbss->channel->band];
1595 /* add STA profile elements length */
1596 size += assoc_data->link[link_id].elems_len;
1597 /* and supported rates length */
1598 size += 4 + sband->n_bitrates;
1599 /* supported channels */
1600 size += 2 + 2 * sband->n_channels;
1602 iftd = ieee80211_get_sband_iftype_data(sband, iftype);
1604 size += iftd->vendor_elems.len;
1606 /* power capability */
1609 /* HT, VHT, HE, EHT */
1610 size += 2 + sizeof(struct ieee80211_ht_cap);
1611 size += 2 + sizeof(struct ieee80211_vht_cap);
1612 size += 2 + 1 + sizeof(struct ieee80211_he_cap_elem) +
1613 sizeof(struct ieee80211_he_mcs_nss_supp) +
1614 IEEE80211_HE_PPE_THRES_MAX_LEN;
1616 if (sband->band == NL80211_BAND_6GHZ)
1617 size += 2 + 1 + sizeof(struct ieee80211_he_6ghz_capa);
1619 size += 2 + 1 + sizeof(struct ieee80211_eht_cap_elem) +
1620 sizeof(struct ieee80211_eht_mcs_nss_supp) +
1621 IEEE80211_EHT_PPE_THRES_MAX_LEN;
1623 /* non-inheritance element */
1624 size += 2 + 2 + PRESENT_ELEMS_MAX;
1626 /* should be the same across all BSSes */
1627 if (cbss->capability & WLAN_CAPABILITY_PRIVACY)
1628 capab |= WLAN_CAPABILITY_PRIVACY;
1631 if (ieee80211_vif_is_mld(&sdata->vif)) {
1632 /* consider the multi-link element with STA profile */
1633 size += sizeof(struct ieee80211_multi_link_elem);
1634 /* max common info field in basic multi-link element */
1635 size += sizeof(struct ieee80211_mle_basic_common_info) +
1640 * The capability elements were already considered above;
1641 * note this over-estimates a bit because there's no
1642 * STA profile for the assoc link.
1644 size += (n_links - 1) *
1645 (1 + 1 + /* subelement ID/length */
1646 2 + /* STA control */
1647 1 + ETH_ALEN + 2 /* STA Info field */);
1650 link = sdata_dereference(sdata->link[assoc_data->assoc_link_id], sdata);
1654 if (WARN_ON(!assoc_data->link[assoc_data->assoc_link_id].bss))
1657 skb = alloc_skb(size, GFP_KERNEL);
1661 skb_reserve(skb, local->hw.extra_tx_headroom);
1663 if (ifmgd->flags & IEEE80211_STA_ENABLE_RRM)
1664 capab |= WLAN_CAPABILITY_RADIO_MEASURE;
1666 /* Set MBSSID support for HE AP if needed */
1667 if (ieee80211_hw_check(&local->hw, SUPPORTS_ONLY_HE_MULTI_BSSID) &&
1668 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HE &&
1669 ext_capa && ext_capa->datalen >= 3)
1670 ext_capa->data[2] |= WLAN_EXT_CAPA3_MULTI_BSSID_SUPPORT;
1672 mgmt = skb_put_zero(skb, 24);
1673 memcpy(mgmt->da, sdata->vif.cfg.ap_addr, ETH_ALEN);
1674 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
1675 memcpy(mgmt->bssid, sdata->vif.cfg.ap_addr, ETH_ALEN);
1677 listen_int = cpu_to_le16(assoc_data->s1g ?
1678 ieee80211_encode_usf(local->hw.conf.listen_interval) :
1679 local->hw.conf.listen_interval);
1680 if (!is_zero_ether_addr(assoc_data->prev_ap_addr)) {
1682 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
1683 IEEE80211_STYPE_REASSOC_REQ);
1684 capab_pos = &mgmt->u.reassoc_req.capab_info;
1685 mgmt->u.reassoc_req.listen_interval = listen_int;
1686 memcpy(mgmt->u.reassoc_req.current_ap,
1687 assoc_data->prev_ap_addr, ETH_ALEN);
1688 info.subtype = IEEE80211_STYPE_REASSOC_REQ;
1691 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
1692 IEEE80211_STYPE_ASSOC_REQ);
1693 capab_pos = &mgmt->u.assoc_req.capab_info;
1694 mgmt->u.assoc_req.listen_interval = listen_int;
1695 info.subtype = IEEE80211_STYPE_ASSOC_REQ;
1699 pos = skb_put(skb, 2 + assoc_data->ssid_len);
1701 *pos++ = WLAN_EID_SSID;
1702 *pos++ = assoc_data->ssid_len;
1703 memcpy(pos, assoc_data->ssid, assoc_data->ssid_len);
1706 * This bit is technically reserved, so it shouldn't matter for either
1707 * the AP or us, but it also means we shouldn't set it. However, we've
1708 * always set it in the past, and apparently some EHT APs check that
1709 * we don't set it. To avoid interoperability issues with old APs that
1710 * for some reason check it and want it to be set, set the bit for all
1711 * pre-EHT connections as we used to do.
1713 if (link->u.mgd.conn.mode < IEEE80211_CONN_MODE_EHT)
1714 capab |= WLAN_CAPABILITY_ESS;
1716 /* add the elements for the assoc (main) link */
1718 offset = ieee80211_assoc_link_elems(sdata, skb, &link_capab,
1722 assoc_data->assoc_link_id, link,
1724 put_unaligned_le16(link_capab, capab_pos);
1726 /* if present, add any custom non-vendor IEs */
1727 if (assoc_data->ie_len) {
1728 noffset = ieee80211_ie_split_vendor(assoc_data->ie,
1731 skb_put_data(skb, assoc_data->ie + offset, noffset - offset);
1735 if (assoc_data->wmm) {
1736 if (assoc_data->uapsd) {
1737 qos_info = ifmgd->uapsd_queues;
1738 qos_info |= (ifmgd->uapsd_max_sp_len <<
1739 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT);
1744 pos = ieee80211_add_wmm_info_ie(skb_put(skb, 9), qos_info);
1747 /* add any remaining custom (i.e. vendor specific here) IEs */
1748 if (assoc_data->ie_len) {
1749 noffset = assoc_data->ie_len;
1750 skb_put_data(skb, assoc_data->ie + offset, noffset - offset);
1753 if (assoc_data->fils_kek_len) {
1754 ret = fils_encrypt_assoc_req(skb, assoc_data);
1761 pos = skb_tail_pointer(skb);
1762 kfree(ifmgd->assoc_req_ies);
1763 ifmgd->assoc_req_ies = kmemdup(ie_start, pos - ie_start, GFP_ATOMIC);
1764 if (!ifmgd->assoc_req_ies) {
1769 ifmgd->assoc_req_ies_len = pos - ie_start;
1771 info.link_id = assoc_data->assoc_link_id;
1772 drv_mgd_prepare_tx(local, sdata, &info);
1774 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
1775 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
1776 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS |
1777 IEEE80211_TX_INTFL_MLME_CONN_TX;
1778 ieee80211_tx_skb(sdata, skb);
1783 void ieee80211_send_pspoll(struct ieee80211_local *local,
1784 struct ieee80211_sub_if_data *sdata)
1786 struct ieee80211_pspoll *pspoll;
1787 struct sk_buff *skb;
1789 skb = ieee80211_pspoll_get(&local->hw, &sdata->vif);
1793 pspoll = (struct ieee80211_pspoll *) skb->data;
1794 pspoll->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
1796 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
1797 ieee80211_tx_skb(sdata, skb);
1800 void ieee80211_send_nullfunc(struct ieee80211_local *local,
1801 struct ieee80211_sub_if_data *sdata,
1804 struct sk_buff *skb;
1805 struct ieee80211_hdr_3addr *nullfunc;
1806 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1808 skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif, -1,
1809 !ieee80211_hw_check(&local->hw,
1810 DOESNT_SUPPORT_QOS_NDP));
1814 nullfunc = (struct ieee80211_hdr_3addr *) skb->data;
1816 nullfunc->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
1818 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT |
1819 IEEE80211_TX_INTFL_OFFCHAN_TX_OK;
1821 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
1822 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
1824 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL)
1825 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE;
1827 ieee80211_tx_skb(sdata, skb);
1830 void ieee80211_send_4addr_nullfunc(struct ieee80211_local *local,
1831 struct ieee80211_sub_if_data *sdata)
1833 struct sk_buff *skb;
1834 struct ieee80211_hdr *nullfunc;
1837 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
1840 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30);
1844 skb_reserve(skb, local->hw.extra_tx_headroom);
1846 nullfunc = skb_put_zero(skb, 30);
1847 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC |
1848 IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
1849 nullfunc->frame_control = fc;
1850 memcpy(nullfunc->addr1, sdata->deflink.u.mgd.bssid, ETH_ALEN);
1851 memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN);
1852 memcpy(nullfunc->addr3, sdata->deflink.u.mgd.bssid, ETH_ALEN);
1853 memcpy(nullfunc->addr4, sdata->vif.addr, ETH_ALEN);
1855 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
1856 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE;
1857 ieee80211_tx_skb(sdata, skb);
1860 /* spectrum management related things */
1861 static void ieee80211_chswitch_work(struct wiphy *wiphy,
1862 struct wiphy_work *work)
1864 struct ieee80211_link_data *link =
1865 container_of(work, struct ieee80211_link_data,
1866 u.mgd.chswitch_work.work);
1867 struct ieee80211_sub_if_data *sdata = link->sdata;
1868 struct ieee80211_local *local = sdata->local;
1869 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1872 if (!ieee80211_sdata_running(sdata))
1875 lockdep_assert_wiphy(local->hw.wiphy);
1877 if (!ifmgd->associated)
1880 if (!link->conf->csa_active)
1884 * using reservation isn't immediate as it may be deferred until later
1885 * with multi-vif. once reservation is complete it will re-schedule the
1886 * work with no reserved_chanctx so verify chandef to check if it
1887 * completed successfully
1890 if (link->reserved_chanctx) {
1892 * with multi-vif csa driver may call ieee80211_csa_finish()
1893 * many times while waiting for other interfaces to use their
1896 if (link->reserved_ready)
1899 ret = ieee80211_link_use_reserved_context(link);
1902 "failed to use reserved channel context, disconnecting (err=%d)\n",
1904 wiphy_work_queue(sdata->local->hw.wiphy,
1905 &ifmgd->csa_connection_drop_work);
1910 if (!ieee80211_chanreq_identical(&link->conf->chanreq,
1911 &link->csa_chanreq)) {
1913 "failed to finalize channel switch, disconnecting\n");
1914 wiphy_work_queue(sdata->local->hw.wiphy,
1915 &ifmgd->csa_connection_drop_work);
1919 link->u.mgd.csa_waiting_bcn = true;
1921 ieee80211_sta_reset_beacon_monitor(sdata);
1922 ieee80211_sta_reset_conn_monitor(sdata);
1925 static void ieee80211_chswitch_post_beacon(struct ieee80211_link_data *link)
1927 struct ieee80211_sub_if_data *sdata = link->sdata;
1928 struct ieee80211_local *local = sdata->local;
1929 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1932 lockdep_assert_wiphy(sdata->local->hw.wiphy);
1934 WARN_ON(!link->conf->csa_active);
1936 if (sdata->csa_blocked_tx) {
1937 ieee80211_wake_vif_queues(local, sdata,
1938 IEEE80211_QUEUE_STOP_REASON_CSA);
1939 sdata->csa_blocked_tx = false;
1942 link->conf->csa_active = false;
1943 link->u.mgd.csa_waiting_bcn = false;
1945 ret = drv_post_channel_switch(link);
1948 "driver post channel switch failed, disconnecting\n");
1949 wiphy_work_queue(sdata->local->hw.wiphy,
1950 &ifmgd->csa_connection_drop_work);
1954 cfg80211_ch_switch_notify(sdata->dev, &link->reserved.oper,
1958 void ieee80211_chswitch_done(struct ieee80211_vif *vif, bool success,
1959 unsigned int link_id)
1961 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1963 trace_api_chswitch_done(sdata, success, link_id);
1969 "driver channel switch failed, disconnecting\n");
1970 wiphy_work_queue(sdata->local->hw.wiphy,
1971 &sdata->u.mgd.csa_connection_drop_work);
1973 struct ieee80211_link_data *link =
1974 rcu_dereference(sdata->link[link_id]);
1976 if (WARN_ON(!link)) {
1981 wiphy_delayed_work_queue(sdata->local->hw.wiphy,
1982 &link->u.mgd.chswitch_work, 0);
1987 EXPORT_SYMBOL(ieee80211_chswitch_done);
1990 ieee80211_sta_abort_chanswitch(struct ieee80211_link_data *link)
1992 struct ieee80211_sub_if_data *sdata = link->sdata;
1993 struct ieee80211_local *local = sdata->local;
1995 lockdep_assert_wiphy(local->hw.wiphy);
1997 if (!local->ops->abort_channel_switch)
2000 ieee80211_link_unreserve_chanctx(link);
2002 if (sdata->csa_blocked_tx) {
2003 ieee80211_wake_vif_queues(local, sdata,
2004 IEEE80211_QUEUE_STOP_REASON_CSA);
2005 sdata->csa_blocked_tx = false;
2008 link->conf->csa_active = false;
2010 drv_abort_channel_switch(link);
2014 ieee80211_sta_process_chanswitch(struct ieee80211_link_data *link,
2015 u64 timestamp, u32 device_timestamp,
2016 struct ieee802_11_elems *elems,
2019 struct ieee80211_sub_if_data *sdata = link->sdata;
2020 struct ieee80211_local *local = sdata->local;
2021 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2022 struct cfg80211_bss *cbss = link->conf->bss;
2023 struct ieee80211_chanctx_conf *conf;
2024 struct ieee80211_chanctx *chanctx;
2025 enum nl80211_band current_band;
2026 struct ieee80211_csa_ie csa_ie;
2027 struct ieee80211_channel_switch ch_switch = {
2028 .link_id = link->link_id,
2030 struct ieee80211_bss *bss;
2031 unsigned long timeout;
2034 lockdep_assert_wiphy(local->hw.wiphy);
2039 current_band = cbss->channel->band;
2040 bss = (void *)cbss->priv;
2041 res = ieee80211_parse_ch_switch_ie(sdata, elems, current_band,
2044 link->u.mgd.bssid, &csa_ie);
2047 ch_switch.timestamp = timestamp;
2048 ch_switch.device_timestamp = device_timestamp;
2049 ch_switch.block_tx = csa_ie.mode;
2050 ch_switch.chandef = csa_ie.chanreq.oper;
2051 ch_switch.count = csa_ie.count;
2052 ch_switch.delay = csa_ie.max_switch_time;
2056 goto drop_connection;
2058 if (link->conf->csa_active) {
2059 /* already processing - disregard action frames */
2063 if (link->u.mgd.csa_waiting_bcn) {
2064 ieee80211_chswitch_post_beacon(link);
2066 * If the CSA IE is still present in the beacon after
2067 * the switch, we need to consider it as a new CSA
2068 * (possibly to self) - this happens by not returning
2069 * here so we'll get to the check below.
2072 ieee80211_sta_abort_chanswitch(link);
2075 drv_channel_switch_rx_beacon(sdata, &ch_switch);
2080 /* nothing to do at all - no active CSA nor a new one */
2084 if (link->conf->chanreq.oper.chan->band !=
2085 csa_ie.chanreq.oper.chan->band) {
2087 "AP %pM switches to different band (%d MHz, width:%d, CF1/2: %d/%d MHz), disconnecting\n",
2089 csa_ie.chanreq.oper.chan->center_freq,
2090 csa_ie.chanreq.oper.width,
2091 csa_ie.chanreq.oper.center_freq1,
2092 csa_ie.chanreq.oper.center_freq2);
2093 goto drop_connection;
2096 if (!cfg80211_chandef_usable(local->hw.wiphy, &csa_ie.chanreq.oper,
2097 IEEE80211_CHAN_DISABLED)) {
2099 "AP %pM switches to unsupported channel "
2100 "(%d.%03d MHz, width:%d, CF1/2: %d.%03d/%d MHz), "
2103 csa_ie.chanreq.oper.chan->center_freq,
2104 csa_ie.chanreq.oper.chan->freq_offset,
2105 csa_ie.chanreq.oper.width,
2106 csa_ie.chanreq.oper.center_freq1,
2107 csa_ie.chanreq.oper.freq1_offset,
2108 csa_ie.chanreq.oper.center_freq2);
2109 goto drop_connection;
2112 if (cfg80211_chandef_identical(&csa_ie.chanreq.oper,
2113 &link->conf->chanreq.oper) &&
2114 (!csa_ie.mode || !beacon)) {
2115 if (link->u.mgd.csa_ignored_same_chan)
2118 "AP %pM tries to chanswitch to same channel, ignore\n",
2120 link->u.mgd.csa_ignored_same_chan = true;
2125 * Drop all TDLS peers on the affected link - either we disconnect or
2126 * move to a different channel from this point on. There's no telling
2127 * what our peer will do.
2128 * The TDLS WIDER_BW scenario is also problematic, as peers might now
2129 * have an incompatible wider chandef.
2131 ieee80211_teardown_tdls_peers(link);
2133 conf = rcu_dereference_protected(link->conf->chanctx_conf,
2134 lockdep_is_held(&local->hw.wiphy->mtx));
2137 "no channel context assigned to vif?, disconnecting\n");
2138 goto drop_connection;
2141 chanctx = container_of(conf, struct ieee80211_chanctx, conf);
2143 if (!ieee80211_hw_check(&local->hw, CHANCTX_STA_CSA)) {
2145 "driver doesn't support chan-switch with channel contexts\n");
2146 goto drop_connection;
2149 if (drv_pre_channel_switch(sdata, &ch_switch)) {
2151 "preparing for channel switch failed, disconnecting\n");
2152 goto drop_connection;
2155 res = ieee80211_link_reserve_chanctx(link, &csa_ie.chanreq,
2156 chanctx->mode, false);
2159 "failed to reserve channel context for channel switch, disconnecting (err=%d)\n",
2161 goto drop_connection;
2164 link->conf->csa_active = true;
2165 link->csa_chanreq = csa_ie.chanreq;
2166 link->u.mgd.csa_ignored_same_chan = false;
2167 link->u.mgd.beacon_crc_valid = false;
2170 !ieee80211_hw_check(&local->hw, HANDLES_QUIET_CSA)) {
2171 ieee80211_stop_vif_queues(local, sdata,
2172 IEEE80211_QUEUE_STOP_REASON_CSA);
2173 sdata->csa_blocked_tx = true;
2176 cfg80211_ch_switch_started_notify(sdata->dev, &csa_ie.chanreq.oper,
2177 link->link_id, csa_ie.count,
2180 if (local->ops->channel_switch) {
2181 /* use driver's channel switch callback */
2182 drv_channel_switch(local, sdata, &ch_switch);
2186 /* channel switch handled in software */
2187 timeout = TU_TO_JIFFIES((max_t(int, csa_ie.count, 1) - 1) *
2188 cbss->beacon_interval);
2189 wiphy_delayed_work_queue(local->hw.wiphy,
2190 &link->u.mgd.chswitch_work,
2195 * This is just so that the disconnect flow will know that
2196 * we were trying to switch channel and failed. In case the
2197 * mode is 1 (we are not allowed to Tx), we will know not to
2198 * send a deauthentication frame. Those two fields will be
2199 * reset when the disconnection worker runs.
2201 link->conf->csa_active = true;
2202 sdata->csa_blocked_tx =
2203 csa_ie.mode && !ieee80211_hw_check(&local->hw, HANDLES_QUIET_CSA);
2205 wiphy_work_queue(sdata->local->hw.wiphy,
2206 &ifmgd->csa_connection_drop_work);
2210 ieee80211_find_80211h_pwr_constr(struct ieee80211_sub_if_data *sdata,
2211 struct ieee80211_channel *channel,
2212 const u8 *country_ie, u8 country_ie_len,
2213 const u8 *pwr_constr_elem,
2214 int *chan_pwr, int *pwr_reduction)
2216 struct ieee80211_country_ie_triplet *triplet;
2217 int chan = ieee80211_frequency_to_channel(channel->center_freq);
2218 int i, chan_increment;
2219 bool have_chan_pwr = false;
2222 if (country_ie_len % 2 || country_ie_len < IEEE80211_COUNTRY_IE_MIN_LEN)
2225 triplet = (void *)(country_ie + 3);
2226 country_ie_len -= 3;
2228 switch (channel->band) {
2232 case NL80211_BAND_2GHZ:
2233 case NL80211_BAND_60GHZ:
2234 case NL80211_BAND_LC:
2237 case NL80211_BAND_5GHZ:
2240 case NL80211_BAND_6GHZ:
2242 * In the 6 GHz band, the "maximum transmit power level"
2243 * field in the triplets is reserved, and thus will be
2244 * zero and we shouldn't use it to control TX power.
2245 * The actual TX power will be given in the transmit
2246 * power envelope element instead.
2252 while (country_ie_len >= 3) {
2253 u8 first_channel = triplet->chans.first_channel;
2255 if (first_channel >= IEEE80211_COUNTRY_EXTENSION_ID)
2258 for (i = 0; i < triplet->chans.num_channels; i++) {
2259 if (first_channel + i * chan_increment == chan) {
2260 have_chan_pwr = true;
2261 *chan_pwr = triplet->chans.max_power;
2270 country_ie_len -= 3;
2273 if (have_chan_pwr && pwr_constr_elem)
2274 *pwr_reduction = *pwr_constr_elem;
2278 return have_chan_pwr;
2281 static void ieee80211_find_cisco_dtpc(struct ieee80211_sub_if_data *sdata,
2282 struct ieee80211_channel *channel,
2283 const u8 *cisco_dtpc_ie,
2286 /* From practical testing, the first data byte of the DTPC element
2287 * seems to contain the requested dBm level, and the CLI on Cisco
2288 * APs clearly state the range is -127 to 127 dBm, which indicates
2289 * a signed byte, although it seemingly never actually goes negative.
2290 * The other byte seems to always be zero.
2292 *pwr_level = (__s8)cisco_dtpc_ie[4];
2295 static u64 ieee80211_handle_pwr_constr(struct ieee80211_link_data *link,
2296 struct ieee80211_channel *channel,
2297 struct ieee80211_mgmt *mgmt,
2298 const u8 *country_ie, u8 country_ie_len,
2299 const u8 *pwr_constr_ie,
2300 const u8 *cisco_dtpc_ie)
2302 struct ieee80211_sub_if_data *sdata = link->sdata;
2303 bool has_80211h_pwr = false, has_cisco_pwr = false;
2304 int chan_pwr = 0, pwr_reduction_80211h = 0;
2305 int pwr_level_cisco, pwr_level_80211h;
2307 __le16 capab = mgmt->u.probe_resp.capab_info;
2309 if (ieee80211_is_s1g_beacon(mgmt->frame_control))
2310 return 0; /* TODO */
2313 (capab & cpu_to_le16(WLAN_CAPABILITY_SPECTRUM_MGMT) ||
2314 capab & cpu_to_le16(WLAN_CAPABILITY_RADIO_MEASURE))) {
2315 has_80211h_pwr = ieee80211_find_80211h_pwr_constr(
2316 sdata, channel, country_ie, country_ie_len,
2317 pwr_constr_ie, &chan_pwr, &pwr_reduction_80211h);
2319 max_t(int, 0, chan_pwr - pwr_reduction_80211h);
2322 if (cisco_dtpc_ie) {
2323 ieee80211_find_cisco_dtpc(
2324 sdata, channel, cisco_dtpc_ie, &pwr_level_cisco);
2325 has_cisco_pwr = true;
2328 if (!has_80211h_pwr && !has_cisco_pwr)
2331 /* If we have both 802.11h and Cisco DTPC, apply both limits
2332 * by picking the smallest of the two power levels advertised.
2334 if (has_80211h_pwr &&
2335 (!has_cisco_pwr || pwr_level_80211h <= pwr_level_cisco)) {
2336 new_ap_level = pwr_level_80211h;
2338 if (link->ap_power_level == new_ap_level)
2342 "Limiting TX power to %d (%d - %d) dBm as advertised by %pM\n",
2343 pwr_level_80211h, chan_pwr, pwr_reduction_80211h,
2345 } else { /* has_cisco_pwr is always true here. */
2346 new_ap_level = pwr_level_cisco;
2348 if (link->ap_power_level == new_ap_level)
2352 "Limiting TX power to %d dBm as advertised by %pM\n",
2353 pwr_level_cisco, link->u.mgd.bssid);
2356 link->ap_power_level = new_ap_level;
2357 if (__ieee80211_recalc_txpower(sdata))
2358 return BSS_CHANGED_TXPOWER;
2363 static void ieee80211_enable_ps(struct ieee80211_local *local,
2364 struct ieee80211_sub_if_data *sdata)
2366 struct ieee80211_conf *conf = &local->hw.conf;
2369 * If we are scanning right now then the parameters will
2370 * take effect when scan finishes.
2372 if (local->scanning)
2375 if (conf->dynamic_ps_timeout > 0 &&
2376 !ieee80211_hw_check(&local->hw, SUPPORTS_DYNAMIC_PS)) {
2377 mod_timer(&local->dynamic_ps_timer, jiffies +
2378 msecs_to_jiffies(conf->dynamic_ps_timeout));
2380 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK))
2381 ieee80211_send_nullfunc(local, sdata, true);
2383 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) &&
2384 ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
2387 conf->flags |= IEEE80211_CONF_PS;
2388 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
2392 static void ieee80211_change_ps(struct ieee80211_local *local)
2394 struct ieee80211_conf *conf = &local->hw.conf;
2396 if (local->ps_sdata) {
2397 ieee80211_enable_ps(local, local->ps_sdata);
2398 } else if (conf->flags & IEEE80211_CONF_PS) {
2399 conf->flags &= ~IEEE80211_CONF_PS;
2400 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
2401 del_timer_sync(&local->dynamic_ps_timer);
2402 wiphy_work_cancel(local->hw.wiphy,
2403 &local->dynamic_ps_enable_work);
2407 static bool ieee80211_powersave_allowed(struct ieee80211_sub_if_data *sdata)
2409 struct ieee80211_local *local = sdata->local;
2410 struct ieee80211_if_managed *mgd = &sdata->u.mgd;
2411 struct sta_info *sta = NULL;
2412 bool authorized = false;
2414 if (!mgd->powersave)
2420 if (!mgd->associated)
2423 if (mgd->flags & IEEE80211_STA_CONNECTION_POLL)
2426 if (!(local->hw.wiphy->flags & WIPHY_FLAG_SUPPORTS_MLO) &&
2427 !sdata->deflink.u.mgd.have_beacon)
2431 sta = sta_info_get(sdata, sdata->vif.cfg.ap_addr);
2433 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED);
2439 /* need to hold RTNL or interface lock */
2440 void ieee80211_recalc_ps(struct ieee80211_local *local)
2442 struct ieee80211_sub_if_data *sdata, *found = NULL;
2446 if (!ieee80211_hw_check(&local->hw, SUPPORTS_PS) ||
2447 ieee80211_hw_check(&local->hw, SUPPORTS_DYNAMIC_PS)) {
2448 local->ps_sdata = NULL;
2452 list_for_each_entry(sdata, &local->interfaces, list) {
2453 if (!ieee80211_sdata_running(sdata))
2455 if (sdata->vif.type == NL80211_IFTYPE_AP) {
2456 /* If an AP vif is found, then disable PS
2457 * by setting the count to zero thereby setting
2463 if (sdata->vif.type != NL80211_IFTYPE_STATION)
2469 if (count == 1 && ieee80211_powersave_allowed(found)) {
2470 u8 dtimper = found->deflink.u.mgd.dtim_period;
2472 timeout = local->dynamic_ps_forced_timeout;
2475 local->hw.conf.dynamic_ps_timeout = timeout;
2477 /* If the TIM IE is invalid, pretend the value is 1 */
2481 local->hw.conf.ps_dtim_period = dtimper;
2482 local->ps_sdata = found;
2484 local->ps_sdata = NULL;
2487 ieee80211_change_ps(local);
2490 void ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data *sdata)
2492 bool ps_allowed = ieee80211_powersave_allowed(sdata);
2494 if (sdata->vif.cfg.ps != ps_allowed) {
2495 sdata->vif.cfg.ps = ps_allowed;
2496 ieee80211_vif_cfg_change_notify(sdata, BSS_CHANGED_PS);
2500 void ieee80211_dynamic_ps_disable_work(struct wiphy *wiphy,
2501 struct wiphy_work *work)
2503 struct ieee80211_local *local =
2504 container_of(work, struct ieee80211_local,
2505 dynamic_ps_disable_work);
2507 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
2508 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
2509 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
2512 ieee80211_wake_queues_by_reason(&local->hw,
2513 IEEE80211_MAX_QUEUE_MAP,
2514 IEEE80211_QUEUE_STOP_REASON_PS,
2518 void ieee80211_dynamic_ps_enable_work(struct wiphy *wiphy,
2519 struct wiphy_work *work)
2521 struct ieee80211_local *local =
2522 container_of(work, struct ieee80211_local,
2523 dynamic_ps_enable_work);
2524 struct ieee80211_sub_if_data *sdata = local->ps_sdata;
2525 struct ieee80211_if_managed *ifmgd;
2526 unsigned long flags;
2529 /* can only happen when PS was just disabled anyway */
2533 ifmgd = &sdata->u.mgd;
2535 if (local->hw.conf.flags & IEEE80211_CONF_PS)
2538 if (local->hw.conf.dynamic_ps_timeout > 0) {
2539 /* don't enter PS if TX frames are pending */
2540 if (drv_tx_frames_pending(local)) {
2541 mod_timer(&local->dynamic_ps_timer, jiffies +
2543 local->hw.conf.dynamic_ps_timeout));
2548 * transmission can be stopped by others which leads to
2549 * dynamic_ps_timer expiry. Postpone the ps timer if it
2550 * is not the actual idle state.
2552 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
2553 for (q = 0; q < local->hw.queues; q++) {
2554 if (local->queue_stop_reasons[q]) {
2555 spin_unlock_irqrestore(&local->queue_stop_reason_lock,
2557 mod_timer(&local->dynamic_ps_timer, jiffies +
2559 local->hw.conf.dynamic_ps_timeout));
2563 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
2566 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) &&
2567 !(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) {
2568 if (drv_tx_frames_pending(local)) {
2569 mod_timer(&local->dynamic_ps_timer, jiffies +
2571 local->hw.conf.dynamic_ps_timeout));
2573 ieee80211_send_nullfunc(local, sdata, true);
2574 /* Flush to get the tx status of nullfunc frame */
2575 ieee80211_flush_queues(local, sdata, false);
2579 if (!(ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS) &&
2580 ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK)) ||
2581 (ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) {
2582 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED;
2583 local->hw.conf.flags |= IEEE80211_CONF_PS;
2584 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
2588 void ieee80211_dynamic_ps_timer(struct timer_list *t)
2590 struct ieee80211_local *local = from_timer(local, t, dynamic_ps_timer);
2592 wiphy_work_queue(local->hw.wiphy, &local->dynamic_ps_enable_work);
2595 void ieee80211_dfs_cac_timer_work(struct wiphy *wiphy, struct wiphy_work *work)
2597 struct ieee80211_link_data *link =
2598 container_of(work, struct ieee80211_link_data,
2599 dfs_cac_timer_work.work);
2600 struct cfg80211_chan_def chandef = link->conf->chanreq.oper;
2601 struct ieee80211_sub_if_data *sdata = link->sdata;
2603 lockdep_assert_wiphy(sdata->local->hw.wiphy);
2605 if (sdata->wdev.cac_started) {
2606 ieee80211_link_release_channel(link);
2607 cfg80211_cac_event(sdata->dev, &chandef,
2608 NL80211_RADAR_CAC_FINISHED,
2614 __ieee80211_sta_handle_tspec_ac_params(struct ieee80211_sub_if_data *sdata)
2616 struct ieee80211_local *local = sdata->local;
2617 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2621 if (local->hw.queues < IEEE80211_NUM_ACS)
2624 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
2625 struct ieee80211_sta_tx_tspec *tx_tspec = &ifmgd->tx_tspec[ac];
2627 unsigned long now = jiffies;
2629 if (tx_tspec->action == TX_TSPEC_ACTION_NONE &&
2630 tx_tspec->admitted_time &&
2631 time_after(now, tx_tspec->time_slice_start + HZ)) {
2632 tx_tspec->consumed_tx_time = 0;
2633 tx_tspec->time_slice_start = now;
2635 if (tx_tspec->downgraded)
2637 TX_TSPEC_ACTION_STOP_DOWNGRADE;
2640 switch (tx_tspec->action) {
2641 case TX_TSPEC_ACTION_STOP_DOWNGRADE:
2642 /* take the original parameters */
2643 if (drv_conf_tx(local, &sdata->deflink, ac,
2644 &sdata->deflink.tx_conf[ac]))
2645 link_err(&sdata->deflink,
2646 "failed to set TX queue parameters for queue %d\n",
2648 tx_tspec->action = TX_TSPEC_ACTION_NONE;
2649 tx_tspec->downgraded = false;
2652 case TX_TSPEC_ACTION_DOWNGRADE:
2653 if (time_after(now, tx_tspec->time_slice_start + HZ)) {
2654 tx_tspec->action = TX_TSPEC_ACTION_NONE;
2658 /* downgrade next lower non-ACM AC */
2659 for (non_acm_ac = ac + 1;
2660 non_acm_ac < IEEE80211_NUM_ACS;
2662 if (!(sdata->wmm_acm & BIT(7 - 2 * non_acm_ac)))
2664 /* Usually the loop will result in using BK even if it
2665 * requires admission control, but such a configuration
2666 * makes no sense and we have to transmit somehow - the
2667 * AC selection does the same thing.
2668 * If we started out trying to downgrade from BK, then
2669 * the extra condition here might be needed.
2671 if (non_acm_ac >= IEEE80211_NUM_ACS)
2672 non_acm_ac = IEEE80211_AC_BK;
2673 if (drv_conf_tx(local, &sdata->deflink, ac,
2674 &sdata->deflink.tx_conf[non_acm_ac]))
2675 link_err(&sdata->deflink,
2676 "failed to set TX queue parameters for queue %d\n",
2678 tx_tspec->action = TX_TSPEC_ACTION_NONE;
2680 wiphy_delayed_work_queue(local->hw.wiphy,
2681 &ifmgd->tx_tspec_wk,
2682 tx_tspec->time_slice_start +
2685 case TX_TSPEC_ACTION_NONE:
2694 void ieee80211_sta_handle_tspec_ac_params(struct ieee80211_sub_if_data *sdata)
2696 if (__ieee80211_sta_handle_tspec_ac_params(sdata))
2697 ieee80211_link_info_change_notify(sdata, &sdata->deflink,
2701 static void ieee80211_sta_handle_tspec_ac_params_wk(struct wiphy *wiphy,
2702 struct wiphy_work *work)
2704 struct ieee80211_sub_if_data *sdata;
2706 sdata = container_of(work, struct ieee80211_sub_if_data,
2707 u.mgd.tx_tspec_wk.work);
2708 ieee80211_sta_handle_tspec_ac_params(sdata);
2711 void ieee80211_mgd_set_link_qos_params(struct ieee80211_link_data *link)
2713 struct ieee80211_sub_if_data *sdata = link->sdata;
2714 struct ieee80211_local *local = sdata->local;
2715 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2716 struct ieee80211_tx_queue_params *params = link->tx_conf;
2719 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
2721 "WMM AC=%d acm=%d aifs=%d cWmin=%d cWmax=%d txop=%d uapsd=%d, downgraded=%d\n",
2723 params[ac].aifs, params[ac].cw_min, params[ac].cw_max,
2724 params[ac].txop, params[ac].uapsd,
2725 ifmgd->tx_tspec[ac].downgraded);
2726 if (!ifmgd->tx_tspec[ac].downgraded &&
2727 drv_conf_tx(local, link, ac, ¶ms[ac]))
2729 "failed to set TX queue parameters for AC %d\n",
2736 ieee80211_sta_wmm_params(struct ieee80211_local *local,
2737 struct ieee80211_link_data *link,
2738 const u8 *wmm_param, size_t wmm_param_len,
2739 const struct ieee80211_mu_edca_param_set *mu_edca)
2741 struct ieee80211_sub_if_data *sdata = link->sdata;
2742 struct ieee80211_tx_queue_params params[IEEE80211_NUM_ACS];
2743 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2745 int count, mu_edca_count, ac;
2747 u8 uapsd_queues = 0;
2749 if (!local->ops->conf_tx)
2752 if (local->hw.queues < IEEE80211_NUM_ACS)
2758 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1)
2761 if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED)
2762 uapsd_queues = ifmgd->uapsd_queues;
2764 count = wmm_param[6] & 0x0f;
2765 /* -1 is the initial value of ifmgd->mu_edca_last_param_set.
2766 * if mu_edca was preset before and now it disappeared tell
2767 * the driver about it.
2769 mu_edca_count = mu_edca ? mu_edca->mu_qos_info & 0x0f : -1;
2770 if (count == link->u.mgd.wmm_last_param_set &&
2771 mu_edca_count == link->u.mgd.mu_edca_last_param_set)
2773 link->u.mgd.wmm_last_param_set = count;
2774 link->u.mgd.mu_edca_last_param_set = mu_edca_count;
2776 pos = wmm_param + 8;
2777 left = wmm_param_len - 8;
2779 memset(¶ms, 0, sizeof(params));
2782 for (; left >= 4; left -= 4, pos += 4) {
2783 int aci = (pos[0] >> 5) & 0x03;
2784 int acm = (pos[0] >> 4) & 0x01;
2789 ac = IEEE80211_AC_BK;
2791 sdata->wmm_acm |= BIT(1) | BIT(2); /* BK/- */
2792 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK)
2794 params[ac].mu_edca = !!mu_edca;
2796 params[ac].mu_edca_param_rec = mu_edca->ac_bk;
2799 ac = IEEE80211_AC_VI;
2801 sdata->wmm_acm |= BIT(4) | BIT(5); /* CL/VI */
2802 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI)
2804 params[ac].mu_edca = !!mu_edca;
2806 params[ac].mu_edca_param_rec = mu_edca->ac_vi;
2809 ac = IEEE80211_AC_VO;
2811 sdata->wmm_acm |= BIT(6) | BIT(7); /* VO/NC */
2812 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO)
2814 params[ac].mu_edca = !!mu_edca;
2816 params[ac].mu_edca_param_rec = mu_edca->ac_vo;
2820 ac = IEEE80211_AC_BE;
2822 sdata->wmm_acm |= BIT(0) | BIT(3); /* BE/EE */
2823 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE)
2825 params[ac].mu_edca = !!mu_edca;
2827 params[ac].mu_edca_param_rec = mu_edca->ac_be;
2831 params[ac].aifs = pos[0] & 0x0f;
2833 if (params[ac].aifs < 2) {
2835 "AP has invalid WMM params (AIFSN=%d for ACI %d), will use 2\n",
2836 params[ac].aifs, aci);
2837 params[ac].aifs = 2;
2839 params[ac].cw_max = ecw2cw((pos[1] & 0xf0) >> 4);
2840 params[ac].cw_min = ecw2cw(pos[1] & 0x0f);
2841 params[ac].txop = get_unaligned_le16(pos + 2);
2842 params[ac].acm = acm;
2843 params[ac].uapsd = uapsd;
2845 if (params[ac].cw_min == 0 ||
2846 params[ac].cw_min > params[ac].cw_max) {
2848 "AP has invalid WMM params (CWmin/max=%d/%d for ACI %d), using defaults\n",
2849 params[ac].cw_min, params[ac].cw_max, aci);
2852 ieee80211_regulatory_limit_wmm_params(sdata, ¶ms[ac], ac);
2855 /* WMM specification requires all 4 ACIs. */
2856 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
2857 if (params[ac].cw_min == 0) {
2859 "AP has invalid WMM params (missing AC %d), using defaults\n",
2865 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++)
2866 link->tx_conf[ac] = params[ac];
2868 ieee80211_mgd_set_link_qos_params(link);
2870 /* enable WMM or activate new settings */
2871 link->conf->qos = true;
2875 static void __ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata)
2877 lockdep_assert_wiphy(sdata->local->hw.wiphy);
2879 sdata->u.mgd.flags &= ~IEEE80211_STA_CONNECTION_POLL;
2880 ieee80211_run_deferred_scan(sdata->local);
2883 static void ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata)
2885 lockdep_assert_wiphy(sdata->local->hw.wiphy);
2887 __ieee80211_stop_poll(sdata);
2890 static u64 ieee80211_handle_bss_capability(struct ieee80211_link_data *link,
2891 u16 capab, bool erp_valid, u8 erp)
2893 struct ieee80211_bss_conf *bss_conf = link->conf;
2894 struct ieee80211_supported_band *sband;
2896 bool use_protection;
2897 bool use_short_preamble;
2898 bool use_short_slot;
2900 sband = ieee80211_get_link_sband(link);
2905 use_protection = (erp & WLAN_ERP_USE_PROTECTION) != 0;
2906 use_short_preamble = (erp & WLAN_ERP_BARKER_PREAMBLE) == 0;
2908 use_protection = false;
2909 use_short_preamble = !!(capab & WLAN_CAPABILITY_SHORT_PREAMBLE);
2912 use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME);
2913 if (sband->band == NL80211_BAND_5GHZ ||
2914 sband->band == NL80211_BAND_6GHZ)
2915 use_short_slot = true;
2917 if (use_protection != bss_conf->use_cts_prot) {
2918 bss_conf->use_cts_prot = use_protection;
2919 changed |= BSS_CHANGED_ERP_CTS_PROT;
2922 if (use_short_preamble != bss_conf->use_short_preamble) {
2923 bss_conf->use_short_preamble = use_short_preamble;
2924 changed |= BSS_CHANGED_ERP_PREAMBLE;
2927 if (use_short_slot != bss_conf->use_short_slot) {
2928 bss_conf->use_short_slot = use_short_slot;
2929 changed |= BSS_CHANGED_ERP_SLOT;
2935 static u64 ieee80211_link_set_associated(struct ieee80211_link_data *link,
2936 struct cfg80211_bss *cbss)
2938 struct ieee80211_sub_if_data *sdata = link->sdata;
2939 struct ieee80211_bss_conf *bss_conf = link->conf;
2940 struct ieee80211_bss *bss = (void *)cbss->priv;
2941 u64 changed = BSS_CHANGED_QOS;
2943 /* not really used in MLO */
2944 sdata->u.mgd.beacon_timeout =
2945 usecs_to_jiffies(ieee80211_tu_to_usec(beacon_loss_count *
2946 bss_conf->beacon_int));
2948 changed |= ieee80211_handle_bss_capability(link,
2949 bss_conf->assoc_capability,
2953 ieee80211_check_rate_mask(link);
2955 link->conf->bss = cbss;
2956 memcpy(link->u.mgd.bssid, cbss->bssid, ETH_ALEN);
2958 if (sdata->vif.p2p ||
2959 sdata->vif.driver_flags & IEEE80211_VIF_GET_NOA_UPDATE) {
2960 const struct cfg80211_bss_ies *ies;
2963 ies = rcu_dereference(cbss->ies);
2967 ret = cfg80211_get_p2p_attr(
2968 ies->data, ies->len,
2969 IEEE80211_P2P_ATTR_ABSENCE_NOTICE,
2970 (u8 *) &bss_conf->p2p_noa_attr,
2971 sizeof(bss_conf->p2p_noa_attr));
2973 link->u.mgd.p2p_noa_index =
2974 bss_conf->p2p_noa_attr.index;
2975 changed |= BSS_CHANGED_P2P_PS;
2981 if (link->u.mgd.have_beacon) {
2982 bss_conf->beacon_rate = bss->beacon_rate;
2983 changed |= BSS_CHANGED_BEACON_INFO;
2985 bss_conf->beacon_rate = NULL;
2988 /* Tell the driver to monitor connection quality (if supported) */
2989 if (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI &&
2990 bss_conf->cqm_rssi_thold)
2991 changed |= BSS_CHANGED_CQM;
2996 static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
2997 struct ieee80211_mgd_assoc_data *assoc_data,
2998 u64 changed[IEEE80211_MLD_MAX_NUM_LINKS])
3000 struct ieee80211_local *local = sdata->local;
3001 struct ieee80211_vif_cfg *vif_cfg = &sdata->vif.cfg;
3002 u64 vif_changed = BSS_CHANGED_ASSOC;
3003 unsigned int link_id;
3005 lockdep_assert_wiphy(local->hw.wiphy);
3007 sdata->u.mgd.associated = true;
3009 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
3010 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss;
3011 struct ieee80211_link_data *link;
3014 assoc_data->link[link_id].status != WLAN_STATUS_SUCCESS)
3017 if (ieee80211_vif_is_mld(&sdata->vif) &&
3018 !(ieee80211_vif_usable_links(&sdata->vif) & BIT(link_id)))
3021 link = sdata_dereference(sdata->link[link_id], sdata);
3025 changed[link_id] |= ieee80211_link_set_associated(link, cbss);
3028 /* just to be sure */
3029 ieee80211_stop_poll(sdata);
3031 ieee80211_led_assoc(local, 1);
3035 /* Enable ARP filtering */
3036 if (vif_cfg->arp_addr_cnt)
3037 vif_changed |= BSS_CHANGED_ARP_FILTER;
3039 if (ieee80211_vif_is_mld(&sdata->vif)) {
3041 link_id < IEEE80211_MLD_MAX_NUM_LINKS;
3043 struct ieee80211_link_data *link;
3044 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss;
3048 ieee80211_vif_usable_links(&sdata->vif)) ||
3049 assoc_data->link[link_id].status != WLAN_STATUS_SUCCESS)
3052 link = sdata_dereference(sdata->link[link_id], sdata);
3056 ieee80211_link_info_change_notify(sdata, link,
3059 ieee80211_recalc_smps(sdata, link);
3062 ieee80211_vif_cfg_change_notify(sdata, vif_changed);
3064 ieee80211_bss_info_change_notify(sdata,
3065 vif_changed | changed[0]);
3068 ieee80211_recalc_ps(local);
3070 /* leave this here to not change ordering in non-MLO cases */
3071 if (!ieee80211_vif_is_mld(&sdata->vif))
3072 ieee80211_recalc_smps(sdata, &sdata->deflink);
3073 ieee80211_recalc_ps_vif(sdata);
3075 netif_carrier_on(sdata->dev);
3078 static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
3079 u16 stype, u16 reason, bool tx,
3082 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3083 struct ieee80211_local *local = sdata->local;
3084 unsigned int link_id;
3086 struct ieee80211_prep_tx_info info = {
3090 lockdep_assert_wiphy(local->hw.wiphy);
3092 if (WARN_ON_ONCE(tx && !frame_buf))
3095 if (WARN_ON(!ifmgd->associated))
3098 ieee80211_stop_poll(sdata);
3100 ifmgd->associated = false;
3102 /* other links will be destroyed */
3103 sdata->deflink.conf->bss = NULL;
3104 sdata->deflink.smps_mode = IEEE80211_SMPS_OFF;
3106 netif_carrier_off(sdata->dev);
3109 * if we want to get out of ps before disassoc (why?) we have
3110 * to do it before sending disassoc, as otherwise the null-packet
3113 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
3114 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
3115 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
3117 local->ps_sdata = NULL;
3119 /* disable per-vif ps */
3120 ieee80211_recalc_ps_vif(sdata);
3122 /* make sure ongoing transmission finishes */
3126 * drop any frame before deauth/disassoc, this can be data or
3127 * management frame. Since we are disconnecting, we should not
3128 * insist sending these frames which can take time and delay
3129 * the disconnection and possible the roaming.
3132 ieee80211_flush_queues(local, sdata, true);
3134 /* deauthenticate/disassociate now */
3135 if (tx || frame_buf) {
3137 * In multi channel scenarios guarantee that the virtual
3138 * interface is granted immediate airtime to transmit the
3139 * deauthentication frame by calling mgd_prepare_tx, if the
3140 * driver requested so.
3142 if (ieee80211_hw_check(&local->hw, DEAUTH_NEED_MGD_TX_PREP)) {
3143 for (link_id = 0; link_id < ARRAY_SIZE(sdata->link);
3145 struct ieee80211_link_data *link;
3147 link = sdata_dereference(sdata->link[link_id],
3151 if (link->u.mgd.have_beacon)
3154 if (link_id == IEEE80211_MLD_MAX_NUM_LINKS) {
3155 info.link_id = ffs(sdata->vif.active_links) - 1;
3156 drv_mgd_prepare_tx(sdata->local, sdata, &info);
3160 ieee80211_send_deauth_disassoc(sdata, sdata->vif.cfg.ap_addr,
3161 sdata->vif.cfg.ap_addr, stype,
3162 reason, tx, frame_buf);
3165 /* flush out frame - make sure the deauth was actually sent */
3167 ieee80211_flush_queues(local, sdata, false);
3169 drv_mgd_complete_tx(sdata->local, sdata, &info);
3171 /* clear AP addr only after building the needed mgmt frames */
3172 eth_zero_addr(sdata->deflink.u.mgd.bssid);
3173 eth_zero_addr(sdata->vif.cfg.ap_addr);
3175 sdata->vif.cfg.ssid_len = 0;
3177 /* remove AP and TDLS peers */
3178 sta_info_flush(sdata, -1);
3180 /* finally reset all BSS / config parameters */
3181 if (!ieee80211_vif_is_mld(&sdata->vif))
3182 changed |= ieee80211_reset_erp_info(sdata);
3184 ieee80211_led_assoc(local, 0);
3185 changed |= BSS_CHANGED_ASSOC;
3186 sdata->vif.cfg.assoc = false;
3188 sdata->deflink.u.mgd.p2p_noa_index = -1;
3189 memset(&sdata->vif.bss_conf.p2p_noa_attr, 0,
3190 sizeof(sdata->vif.bss_conf.p2p_noa_attr));
3192 /* on the next assoc, re-program HT/VHT parameters */
3193 memset(&ifmgd->ht_capa, 0, sizeof(ifmgd->ht_capa));
3194 memset(&ifmgd->ht_capa_mask, 0, sizeof(ifmgd->ht_capa_mask));
3195 memset(&ifmgd->vht_capa, 0, sizeof(ifmgd->vht_capa));
3196 memset(&ifmgd->vht_capa_mask, 0, sizeof(ifmgd->vht_capa_mask));
3199 * reset MU-MIMO ownership and group data in default link,
3200 * if used, other links are destroyed
3202 memset(sdata->vif.bss_conf.mu_group.membership, 0,
3203 sizeof(sdata->vif.bss_conf.mu_group.membership));
3204 memset(sdata->vif.bss_conf.mu_group.position, 0,
3205 sizeof(sdata->vif.bss_conf.mu_group.position));
3206 if (!ieee80211_vif_is_mld(&sdata->vif))
3207 changed |= BSS_CHANGED_MU_GROUPS;
3208 sdata->vif.bss_conf.mu_mimo_owner = false;
3210 sdata->deflink.ap_power_level = IEEE80211_UNSET_POWER_LEVEL;
3212 del_timer_sync(&local->dynamic_ps_timer);
3213 wiphy_work_cancel(local->hw.wiphy, &local->dynamic_ps_enable_work);
3215 /* Disable ARP filtering */
3216 if (sdata->vif.cfg.arp_addr_cnt)
3217 changed |= BSS_CHANGED_ARP_FILTER;
3219 sdata->vif.bss_conf.qos = false;
3220 if (!ieee80211_vif_is_mld(&sdata->vif)) {
3221 changed |= BSS_CHANGED_QOS;
3222 /* The BSSID (not really interesting) and HT changed */
3223 changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT;
3224 ieee80211_bss_info_change_notify(sdata, changed);
3226 ieee80211_vif_cfg_change_notify(sdata, changed);
3229 /* disassociated - set to defaults now */
3230 ieee80211_set_wmm_default(&sdata->deflink, false, false);
3232 del_timer_sync(&sdata->u.mgd.conn_mon_timer);
3233 del_timer_sync(&sdata->u.mgd.bcn_mon_timer);
3234 del_timer_sync(&sdata->u.mgd.timer);
3236 sdata->vif.bss_conf.dtim_period = 0;
3237 sdata->vif.bss_conf.beacon_rate = NULL;
3239 sdata->deflink.u.mgd.have_beacon = false;
3240 sdata->deflink.u.mgd.tracking_signal_avg = false;
3241 sdata->deflink.u.mgd.disable_wmm_tracking = false;
3245 for (link_id = 0; link_id < ARRAY_SIZE(sdata->link); link_id++) {
3246 struct ieee80211_link_data *link;
3248 link = sdata_dereference(sdata->link[link_id], sdata);
3251 ieee80211_link_release_channel(link);
3254 sdata->vif.bss_conf.csa_active = false;
3255 sdata->deflink.u.mgd.csa_waiting_bcn = false;
3256 sdata->deflink.u.mgd.csa_ignored_same_chan = false;
3257 if (sdata->csa_blocked_tx) {
3258 ieee80211_wake_vif_queues(local, sdata,
3259 IEEE80211_QUEUE_STOP_REASON_CSA);
3260 sdata->csa_blocked_tx = false;
3263 /* existing TX TSPEC sessions no longer exist */
3264 memset(ifmgd->tx_tspec, 0, sizeof(ifmgd->tx_tspec));
3265 wiphy_delayed_work_cancel(local->hw.wiphy, &ifmgd->tx_tspec_wk);
3267 sdata->vif.bss_conf.power_type = IEEE80211_REG_UNSET_AP;
3268 sdata->vif.bss_conf.pwr_reduction = 0;
3269 sdata->vif.bss_conf.tx_pwr_env_num = 0;
3270 memset(sdata->vif.bss_conf.tx_pwr_env, 0,
3271 sizeof(sdata->vif.bss_conf.tx_pwr_env));
3273 sdata->vif.cfg.eml_cap = 0;
3274 sdata->vif.cfg.eml_med_sync_delay = 0;
3275 sdata->vif.cfg.mld_capa_op = 0;
3277 memset(&sdata->u.mgd.ttlm_info, 0,
3278 sizeof(sdata->u.mgd.ttlm_info));
3279 wiphy_delayed_work_cancel(sdata->local->hw.wiphy, &ifmgd->ttlm_work);
3281 wiphy_delayed_work_cancel(sdata->local->hw.wiphy,
3282 &ifmgd->neg_ttlm_timeout_work);
3283 ieee80211_vif_set_links(sdata, 0, 0);
3285 ifmgd->mcast_seq_last = IEEE80211_SN_MODULO;
3288 static void ieee80211_reset_ap_probe(struct ieee80211_sub_if_data *sdata)
3290 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3291 struct ieee80211_local *local = sdata->local;
3293 lockdep_assert_wiphy(local->hw.wiphy);
3295 if (!(ifmgd->flags & IEEE80211_STA_CONNECTION_POLL))
3298 __ieee80211_stop_poll(sdata);
3300 ieee80211_recalc_ps(local);
3302 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
3306 * We've received a probe response, but are not sure whether
3307 * we have or will be receiving any beacons or data, so let's
3308 * schedule the timers again, just in case.
3310 ieee80211_sta_reset_beacon_monitor(sdata);
3312 mod_timer(&ifmgd->conn_mon_timer,
3313 round_jiffies_up(jiffies +
3314 IEEE80211_CONNECTION_IDLE_TIME));
3317 static void ieee80211_sta_tx_wmm_ac_notify(struct ieee80211_sub_if_data *sdata,
3318 struct ieee80211_hdr *hdr,
3321 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3324 struct ieee80211_sta_tx_tspec *tx_tspec;
3325 unsigned long now = jiffies;
3327 if (!ieee80211_is_data_qos(hdr->frame_control))
3330 tid = ieee80211_get_tid(hdr);
3331 ac = ieee80211_ac_from_tid(tid);
3332 tx_tspec = &ifmgd->tx_tspec[ac];
3334 if (likely(!tx_tspec->admitted_time))
3337 if (time_after(now, tx_tspec->time_slice_start + HZ)) {
3338 tx_tspec->consumed_tx_time = 0;
3339 tx_tspec->time_slice_start = now;
3341 if (tx_tspec->downgraded) {
3342 tx_tspec->action = TX_TSPEC_ACTION_STOP_DOWNGRADE;
3343 wiphy_delayed_work_queue(sdata->local->hw.wiphy,
3344 &ifmgd->tx_tspec_wk, 0);
3348 if (tx_tspec->downgraded)
3351 tx_tspec->consumed_tx_time += tx_time;
3353 if (tx_tspec->consumed_tx_time >= tx_tspec->admitted_time) {
3354 tx_tspec->downgraded = true;
3355 tx_tspec->action = TX_TSPEC_ACTION_DOWNGRADE;
3356 wiphy_delayed_work_queue(sdata->local->hw.wiphy,
3357 &ifmgd->tx_tspec_wk, 0);
3361 void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata,
3362 struct ieee80211_hdr *hdr, bool ack, u16 tx_time)
3364 ieee80211_sta_tx_wmm_ac_notify(sdata, hdr, tx_time);
3366 if (!ieee80211_is_any_nullfunc(hdr->frame_control) ||
3367 !sdata->u.mgd.probe_send_count)
3371 sdata->u.mgd.probe_send_count = 0;
3373 sdata->u.mgd.nullfunc_failed = true;
3374 wiphy_work_queue(sdata->local->hw.wiphy, &sdata->work);
3377 static void ieee80211_mlme_send_probe_req(struct ieee80211_sub_if_data *sdata,
3378 const u8 *src, const u8 *dst,
3379 const u8 *ssid, size_t ssid_len,
3380 struct ieee80211_channel *channel)
3382 struct sk_buff *skb;
3384 skb = ieee80211_build_probe_req(sdata, src, dst, (u32)-1, channel,
3385 ssid, ssid_len, NULL, 0,
3386 IEEE80211_PROBE_FLAG_DIRECTED);
3388 ieee80211_tx_skb(sdata, skb);
3391 static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata)
3393 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3394 u8 *dst = sdata->vif.cfg.ap_addr;
3395 u8 unicast_limit = max(1, max_probe_tries - 3);
3396 struct sta_info *sta;
3398 lockdep_assert_wiphy(sdata->local->hw.wiphy);
3400 if (WARN_ON(ieee80211_vif_is_mld(&sdata->vif)))
3404 * Try sending broadcast probe requests for the last three
3405 * probe requests after the first ones failed since some
3406 * buggy APs only support broadcast probe requests.
3408 if (ifmgd->probe_send_count >= unicast_limit)
3412 * When the hardware reports an accurate Tx ACK status, it's
3413 * better to send a nullfunc frame instead of a probe request,
3414 * as it will kick us off the AP quickly if we aren't associated
3415 * anymore. The timeout will be reset if the frame is ACKed by
3418 ifmgd->probe_send_count++;
3421 sta = sta_info_get(sdata, dst);
3423 ieee80211_check_fast_rx(sta);
3426 if (ieee80211_hw_check(&sdata->local->hw, REPORTS_TX_ACK_STATUS)) {
3427 ifmgd->nullfunc_failed = false;
3428 ieee80211_send_nullfunc(sdata->local, sdata, false);
3430 ieee80211_mlme_send_probe_req(sdata, sdata->vif.addr, dst,
3431 sdata->vif.cfg.ssid,
3432 sdata->vif.cfg.ssid_len,
3433 sdata->deflink.conf->bss->channel);
3436 ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms);
3437 run_again(sdata, ifmgd->probe_timeout);
3440 static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata,
3443 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3444 bool already = false;
3446 lockdep_assert_wiphy(sdata->local->hw.wiphy);
3448 if (WARN_ON_ONCE(ieee80211_vif_is_mld(&sdata->vif)))
3451 if (!ieee80211_sdata_running(sdata))
3454 if (!ifmgd->associated)
3457 if (sdata->local->tmp_channel || sdata->local->scanning)
3460 if (sdata->local->suspending) {
3461 /* reschedule after resume */
3462 ieee80211_reset_ap_probe(sdata);
3467 mlme_dbg_ratelimited(sdata,
3468 "detected beacon loss from AP (missed %d beacons) - probing\n",
3471 ieee80211_cqm_beacon_loss_notify(&sdata->vif, GFP_KERNEL);
3475 * The driver/our work has already reported this event or the
3476 * connection monitoring has kicked in and we have already sent
3477 * a probe request. Or maybe the AP died and the driver keeps
3478 * reporting until we disassociate...
3480 * In either case we have to ignore the current call to this
3481 * function (except for setting the correct probe reason bit)
3482 * because otherwise we would reset the timer every time and
3483 * never check whether we received a probe response!
3485 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL)
3488 ifmgd->flags |= IEEE80211_STA_CONNECTION_POLL;
3493 ieee80211_recalc_ps(sdata->local);
3495 ifmgd->probe_send_count = 0;
3496 ieee80211_mgd_probe_ap_send(sdata);
3499 struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw,
3500 struct ieee80211_vif *vif)
3502 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
3503 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3504 struct cfg80211_bss *cbss;
3505 struct sk_buff *skb;
3506 const struct element *ssid;
3509 lockdep_assert_wiphy(sdata->local->hw.wiphy);
3511 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION ||
3512 ieee80211_vif_is_mld(&sdata->vif)))
3515 if (ifmgd->associated)
3516 cbss = sdata->deflink.conf->bss;
3517 else if (ifmgd->auth_data)
3518 cbss = ifmgd->auth_data->bss;
3519 else if (ifmgd->assoc_data && ifmgd->assoc_data->link[0].bss)
3520 cbss = ifmgd->assoc_data->link[0].bss;
3525 ssid = ieee80211_bss_get_elem(cbss, WLAN_EID_SSID);
3526 if (WARN_ONCE(!ssid || ssid->datalen > IEEE80211_MAX_SSID_LEN,
3527 "invalid SSID element (len=%d)",
3528 ssid ? ssid->datalen : -1))
3531 ssid_len = ssid->datalen;
3533 skb = ieee80211_build_probe_req(sdata, sdata->vif.addr, cbss->bssid,
3534 (u32) -1, cbss->channel,
3535 ssid->data, ssid_len,
3536 NULL, 0, IEEE80211_PROBE_FLAG_DIRECTED);
3541 EXPORT_SYMBOL(ieee80211_ap_probereq_get);
3543 static void ieee80211_report_disconnect(struct ieee80211_sub_if_data *sdata,
3544 const u8 *buf, size_t len, bool tx,
3545 u16 reason, bool reconnect)
3547 struct ieee80211_event event = {
3549 .u.mlme.data = tx ? DEAUTH_TX_EVENT : DEAUTH_RX_EVENT,
3550 .u.mlme.reason = reason,
3554 cfg80211_tx_mlme_mgmt(sdata->dev, buf, len, reconnect);
3556 cfg80211_rx_mlme_mgmt(sdata->dev, buf, len);
3558 drv_event_callback(sdata->local, sdata, &event);
3561 static void __ieee80211_disconnect(struct ieee80211_sub_if_data *sdata)
3563 struct ieee80211_local *local = sdata->local;
3564 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3565 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
3568 lockdep_assert_wiphy(local->hw.wiphy);
3570 if (!ifmgd->associated)
3574 * MLO drivers should have HANDLES_QUIET_CSA, so that csa_blocked_tx
3575 * is always false; if they don't then this may try to transmit the
3576 * frame but queues will be stopped.
3578 tx = !sdata->csa_blocked_tx;
3580 if (!ifmgd->driver_disconnect) {
3581 unsigned int link_id;
3584 * AP is probably out of range (or not reachable for another
3585 * reason) so remove the bss structs for that AP. In the case
3586 * of multi-link, it's not clear that all of them really are
3587 * out of range, but if they weren't the driver likely would
3588 * have switched to just have a single link active?
3591 link_id < ARRAY_SIZE(sdata->link);
3593 struct ieee80211_link_data *link;
3595 link = sdata_dereference(sdata->link[link_id], sdata);
3598 cfg80211_unlink_bss(local->hw.wiphy, link->conf->bss);
3599 link->conf->bss = NULL;
3603 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
3604 ifmgd->driver_disconnect ?
3605 WLAN_REASON_DEAUTH_LEAVING :
3606 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
3608 /* the other links will be destroyed */
3609 sdata->vif.bss_conf.csa_active = false;
3610 sdata->deflink.u.mgd.csa_waiting_bcn = false;
3611 if (sdata->csa_blocked_tx) {
3612 ieee80211_wake_vif_queues(local, sdata,
3613 IEEE80211_QUEUE_STOP_REASON_CSA);
3614 sdata->csa_blocked_tx = false;
3617 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), tx,
3618 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
3620 ifmgd->reconnect = false;
3623 static void ieee80211_beacon_connection_loss_work(struct wiphy *wiphy,
3624 struct wiphy_work *work)
3626 struct ieee80211_sub_if_data *sdata =
3627 container_of(work, struct ieee80211_sub_if_data,
3628 u.mgd.beacon_connection_loss_work);
3629 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3631 if (ifmgd->connection_loss) {
3632 sdata_info(sdata, "Connection to AP %pM lost\n",
3633 sdata->vif.cfg.ap_addr);
3634 __ieee80211_disconnect(sdata);
3635 ifmgd->connection_loss = false;
3636 } else if (ifmgd->driver_disconnect) {
3638 "Driver requested disconnection from AP %pM\n",
3639 sdata->vif.cfg.ap_addr);
3640 __ieee80211_disconnect(sdata);
3641 ifmgd->driver_disconnect = false;
3643 if (ifmgd->associated)
3644 sdata->deflink.u.mgd.beacon_loss_count++;
3645 ieee80211_mgd_probe_ap(sdata, true);
3649 static void ieee80211_csa_connection_drop_work(struct wiphy *wiphy,
3650 struct wiphy_work *work)
3652 struct ieee80211_sub_if_data *sdata =
3653 container_of(work, struct ieee80211_sub_if_data,
3654 u.mgd.csa_connection_drop_work);
3656 __ieee80211_disconnect(sdata);
3659 void ieee80211_beacon_loss(struct ieee80211_vif *vif)
3661 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
3662 struct ieee80211_hw *hw = &sdata->local->hw;
3664 trace_api_beacon_loss(sdata);
3666 sdata->u.mgd.connection_loss = false;
3667 wiphy_work_queue(hw->wiphy, &sdata->u.mgd.beacon_connection_loss_work);
3669 EXPORT_SYMBOL(ieee80211_beacon_loss);
3671 void ieee80211_connection_loss(struct ieee80211_vif *vif)
3673 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
3674 struct ieee80211_hw *hw = &sdata->local->hw;
3676 trace_api_connection_loss(sdata);
3678 sdata->u.mgd.connection_loss = true;
3679 wiphy_work_queue(hw->wiphy, &sdata->u.mgd.beacon_connection_loss_work);
3681 EXPORT_SYMBOL(ieee80211_connection_loss);
3683 void ieee80211_disconnect(struct ieee80211_vif *vif, bool reconnect)
3685 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
3686 struct ieee80211_hw *hw = &sdata->local->hw;
3688 trace_api_disconnect(sdata, reconnect);
3690 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
3693 sdata->u.mgd.driver_disconnect = true;
3694 sdata->u.mgd.reconnect = reconnect;
3695 wiphy_work_queue(hw->wiphy, &sdata->u.mgd.beacon_connection_loss_work);
3697 EXPORT_SYMBOL(ieee80211_disconnect);
3699 static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata,
3702 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data;
3704 lockdep_assert_wiphy(sdata->local->hw.wiphy);
3708 * we are not authenticated yet, the only timer that could be
3709 * running is the timeout for the authentication response which
3710 * which is not relevant anymore.
3712 del_timer_sync(&sdata->u.mgd.timer);
3713 sta_info_destroy_addr(sdata, auth_data->ap_addr);
3715 /* other links are destroyed */
3716 eth_zero_addr(sdata->deflink.u.mgd.bssid);
3717 ieee80211_link_info_change_notify(sdata, &sdata->deflink,
3719 sdata->u.mgd.flags = 0;
3721 ieee80211_link_release_channel(&sdata->deflink);
3722 ieee80211_vif_set_links(sdata, 0, 0);
3725 cfg80211_put_bss(sdata->local->hw.wiphy, auth_data->bss);
3727 sdata->u.mgd.auth_data = NULL;
3737 static void ieee80211_destroy_assoc_data(struct ieee80211_sub_if_data *sdata,
3738 enum assoc_status status)
3740 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data;
3742 lockdep_assert_wiphy(sdata->local->hw.wiphy);
3744 if (status != ASSOC_SUCCESS) {
3746 * we are not associated yet, the only timer that could be
3747 * running is the timeout for the association response which
3748 * which is not relevant anymore.
3750 del_timer_sync(&sdata->u.mgd.timer);
3751 sta_info_destroy_addr(sdata, assoc_data->ap_addr);
3753 eth_zero_addr(sdata->deflink.u.mgd.bssid);
3754 ieee80211_link_info_change_notify(sdata, &sdata->deflink,
3756 sdata->u.mgd.flags = 0;
3757 sdata->vif.bss_conf.mu_mimo_owner = false;
3759 if (status != ASSOC_REJECTED) {
3760 struct cfg80211_assoc_failure data = {
3761 .timeout = status == ASSOC_TIMEOUT,
3765 BUILD_BUG_ON(ARRAY_SIZE(data.bss) !=
3766 ARRAY_SIZE(assoc_data->link));
3768 for (i = 0; i < ARRAY_SIZE(data.bss); i++)
3769 data.bss[i] = assoc_data->link[i].bss;
3771 if (ieee80211_vif_is_mld(&sdata->vif))
3772 data.ap_mld_addr = assoc_data->ap_addr;
3774 cfg80211_assoc_failure(sdata->dev, &data);
3777 ieee80211_link_release_channel(&sdata->deflink);
3778 ieee80211_vif_set_links(sdata, 0, 0);
3782 sdata->u.mgd.assoc_data = NULL;
3785 static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata,
3786 struct ieee80211_mgmt *mgmt, size_t len)
3788 struct ieee80211_local *local = sdata->local;
3789 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data;
3790 const struct element *challenge;
3793 struct ieee80211_prep_tx_info info = {
3794 .subtype = IEEE80211_STYPE_AUTH,
3795 .link_id = auth_data->link_id,
3798 pos = mgmt->u.auth.variable;
3799 challenge = cfg80211_find_elem(WLAN_EID_CHALLENGE, pos,
3800 len - (pos - (u8 *)mgmt));
3803 auth_data->expected_transaction = 4;
3804 drv_mgd_prepare_tx(sdata->local, sdata, &info);
3805 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
3806 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
3807 IEEE80211_TX_INTFL_MLME_CONN_TX;
3808 ieee80211_send_auth(sdata, 3, auth_data->algorithm, 0,
3810 challenge->datalen + sizeof(*challenge),
3811 auth_data->ap_addr, auth_data->ap_addr,
3812 auth_data->key, auth_data->key_len,
3813 auth_data->key_idx, tx_flags);
3816 static bool ieee80211_mark_sta_auth(struct ieee80211_sub_if_data *sdata)
3818 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3819 const u8 *ap_addr = ifmgd->auth_data->ap_addr;
3820 struct sta_info *sta;
3822 lockdep_assert_wiphy(sdata->local->hw.wiphy);
3824 sdata_info(sdata, "authenticated\n");
3825 ifmgd->auth_data->done = true;
3826 ifmgd->auth_data->timeout = jiffies + IEEE80211_AUTH_WAIT_ASSOC;
3827 ifmgd->auth_data->timeout_started = true;
3828 run_again(sdata, ifmgd->auth_data->timeout);
3830 /* move station state to auth */
3831 sta = sta_info_get(sdata, ap_addr);
3833 WARN_ONCE(1, "%s: STA %pM not found", sdata->name, ap_addr);
3836 if (sta_info_move_state(sta, IEEE80211_STA_AUTH)) {
3837 sdata_info(sdata, "failed moving %pM to auth\n", ap_addr);
3844 static void ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata,
3845 struct ieee80211_mgmt *mgmt, size_t len)
3847 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3848 u16 auth_alg, auth_transaction, status_code;
3849 struct ieee80211_event event = {
3851 .u.mlme.data = AUTH_EVENT,
3853 struct ieee80211_prep_tx_info info = {
3854 .subtype = IEEE80211_STYPE_AUTH,
3857 lockdep_assert_wiphy(sdata->local->hw.wiphy);
3862 if (!ifmgd->auth_data || ifmgd->auth_data->done)
3865 if (!ether_addr_equal(ifmgd->auth_data->ap_addr, mgmt->bssid))
3868 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
3869 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
3870 status_code = le16_to_cpu(mgmt->u.auth.status_code);
3872 if (auth_alg != ifmgd->auth_data->algorithm ||
3873 (auth_alg != WLAN_AUTH_SAE &&
3874 auth_transaction != ifmgd->auth_data->expected_transaction) ||
3875 (auth_alg == WLAN_AUTH_SAE &&
3876 (auth_transaction < ifmgd->auth_data->expected_transaction ||
3877 auth_transaction > 2))) {
3878 sdata_info(sdata, "%pM unexpected authentication state: alg %d (expected %d) transact %d (expected %d)\n",
3879 mgmt->sa, auth_alg, ifmgd->auth_data->algorithm,
3881 ifmgd->auth_data->expected_transaction);
3885 if (status_code != WLAN_STATUS_SUCCESS) {
3886 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
3888 if (auth_alg == WLAN_AUTH_SAE &&
3889 (status_code == WLAN_STATUS_ANTI_CLOG_REQUIRED ||
3890 (auth_transaction == 1 &&
3891 (status_code == WLAN_STATUS_SAE_HASH_TO_ELEMENT ||
3892 status_code == WLAN_STATUS_SAE_PK)))) {
3893 /* waiting for userspace now */
3894 ifmgd->auth_data->waiting = true;
3895 ifmgd->auth_data->timeout =
3896 jiffies + IEEE80211_AUTH_WAIT_SAE_RETRY;
3897 ifmgd->auth_data->timeout_started = true;
3898 run_again(sdata, ifmgd->auth_data->timeout);
3902 sdata_info(sdata, "%pM denied authentication (status %d)\n",
3903 mgmt->sa, status_code);
3904 ieee80211_destroy_auth_data(sdata, false);
3905 event.u.mlme.status = MLME_DENIED;
3906 event.u.mlme.reason = status_code;
3907 drv_event_callback(sdata->local, sdata, &event);
3911 switch (ifmgd->auth_data->algorithm) {
3912 case WLAN_AUTH_OPEN:
3913 case WLAN_AUTH_LEAP:
3916 case WLAN_AUTH_FILS_SK:
3917 case WLAN_AUTH_FILS_SK_PFS:
3918 case WLAN_AUTH_FILS_PK:
3920 case WLAN_AUTH_SHARED_KEY:
3921 if (ifmgd->auth_data->expected_transaction != 4) {
3922 ieee80211_auth_challenge(sdata, mgmt, len);
3923 /* need another frame */
3928 WARN_ONCE(1, "invalid auth alg %d",
3929 ifmgd->auth_data->algorithm);
3933 event.u.mlme.status = MLME_SUCCESS;
3935 drv_event_callback(sdata->local, sdata, &event);
3936 if (ifmgd->auth_data->algorithm != WLAN_AUTH_SAE ||
3937 (auth_transaction == 2 &&
3938 ifmgd->auth_data->expected_transaction == 2)) {
3939 if (!ieee80211_mark_sta_auth(sdata))
3940 return; /* ignore frame -- wait for timeout */
3941 } else if (ifmgd->auth_data->algorithm == WLAN_AUTH_SAE &&
3942 auth_transaction == 2) {
3943 sdata_info(sdata, "SAE peer confirmed\n");
3944 ifmgd->auth_data->peer_confirmed = true;
3947 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
3949 drv_mgd_complete_tx(sdata->local, sdata, &info);
3952 #define case_WLAN(type) \
3953 case WLAN_REASON_##type: return #type
3955 const char *ieee80211_get_reason_code_string(u16 reason_code)
3957 switch (reason_code) {
3958 case_WLAN(UNSPECIFIED);
3959 case_WLAN(PREV_AUTH_NOT_VALID);
3960 case_WLAN(DEAUTH_LEAVING);
3961 case_WLAN(DISASSOC_DUE_TO_INACTIVITY);
3962 case_WLAN(DISASSOC_AP_BUSY);
3963 case_WLAN(CLASS2_FRAME_FROM_NONAUTH_STA);
3964 case_WLAN(CLASS3_FRAME_FROM_NONASSOC_STA);
3965 case_WLAN(DISASSOC_STA_HAS_LEFT);
3966 case_WLAN(STA_REQ_ASSOC_WITHOUT_AUTH);
3967 case_WLAN(DISASSOC_BAD_POWER);
3968 case_WLAN(DISASSOC_BAD_SUPP_CHAN);
3969 case_WLAN(INVALID_IE);
3970 case_WLAN(MIC_FAILURE);
3971 case_WLAN(4WAY_HANDSHAKE_TIMEOUT);
3972 case_WLAN(GROUP_KEY_HANDSHAKE_TIMEOUT);
3973 case_WLAN(IE_DIFFERENT);
3974 case_WLAN(INVALID_GROUP_CIPHER);
3975 case_WLAN(INVALID_PAIRWISE_CIPHER);
3976 case_WLAN(INVALID_AKMP);
3977 case_WLAN(UNSUPP_RSN_VERSION);
3978 case_WLAN(INVALID_RSN_IE_CAP);
3979 case_WLAN(IEEE8021X_FAILED);
3980 case_WLAN(CIPHER_SUITE_REJECTED);
3981 case_WLAN(DISASSOC_UNSPECIFIED_QOS);
3982 case_WLAN(DISASSOC_QAP_NO_BANDWIDTH);
3983 case_WLAN(DISASSOC_LOW_ACK);
3984 case_WLAN(DISASSOC_QAP_EXCEED_TXOP);
3985 case_WLAN(QSTA_LEAVE_QBSS);
3986 case_WLAN(QSTA_NOT_USE);
3987 case_WLAN(QSTA_REQUIRE_SETUP);
3988 case_WLAN(QSTA_TIMEOUT);
3989 case_WLAN(QSTA_CIPHER_NOT_SUPP);
3990 case_WLAN(MESH_PEER_CANCELED);
3991 case_WLAN(MESH_MAX_PEERS);
3992 case_WLAN(MESH_CONFIG);
3993 case_WLAN(MESH_CLOSE);
3994 case_WLAN(MESH_MAX_RETRIES);
3995 case_WLAN(MESH_CONFIRM_TIMEOUT);
3996 case_WLAN(MESH_INVALID_GTK);
3997 case_WLAN(MESH_INCONSISTENT_PARAM);
3998 case_WLAN(MESH_INVALID_SECURITY);
3999 case_WLAN(MESH_PATH_ERROR);
4000 case_WLAN(MESH_PATH_NOFORWARD);
4001 case_WLAN(MESH_PATH_DEST_UNREACHABLE);
4002 case_WLAN(MAC_EXISTS_IN_MBSS);
4003 case_WLAN(MESH_CHAN_REGULATORY);
4004 case_WLAN(MESH_CHAN);
4005 default: return "<unknown>";
4009 static void ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata,
4010 struct ieee80211_mgmt *mgmt, size_t len)
4012 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4013 u16 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
4015 lockdep_assert_wiphy(sdata->local->hw.wiphy);
4020 if (!ether_addr_equal(mgmt->bssid, mgmt->sa)) {
4021 ieee80211_tdls_handle_disconnect(sdata, mgmt->sa, reason_code);
4025 if (ifmgd->associated &&
4026 ether_addr_equal(mgmt->bssid, sdata->vif.cfg.ap_addr)) {
4027 sdata_info(sdata, "deauthenticated from %pM (Reason: %u=%s)\n",
4028 sdata->vif.cfg.ap_addr, reason_code,
4029 ieee80211_get_reason_code_string(reason_code));
4031 ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
4033 ieee80211_report_disconnect(sdata, (u8 *)mgmt, len, false,
4034 reason_code, false);
4038 if (ifmgd->assoc_data &&
4039 ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->ap_addr)) {
4041 "deauthenticated from %pM while associating (Reason: %u=%s)\n",
4042 ifmgd->assoc_data->ap_addr, reason_code,
4043 ieee80211_get_reason_code_string(reason_code));
4045 ieee80211_destroy_assoc_data(sdata, ASSOC_ABANDON);
4047 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
4053 static void ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata,
4054 struct ieee80211_mgmt *mgmt, size_t len)
4056 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4059 lockdep_assert_wiphy(sdata->local->hw.wiphy);
4064 if (!ifmgd->associated ||
4065 !ether_addr_equal(mgmt->bssid, sdata->vif.cfg.ap_addr))
4068 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
4070 if (!ether_addr_equal(mgmt->bssid, mgmt->sa)) {
4071 ieee80211_tdls_handle_disconnect(sdata, mgmt->sa, reason_code);
4075 sdata_info(sdata, "disassociated from %pM (Reason: %u=%s)\n",
4076 sdata->vif.cfg.ap_addr, reason_code,
4077 ieee80211_get_reason_code_string(reason_code));
4079 ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
4081 ieee80211_report_disconnect(sdata, (u8 *)mgmt, len, false, reason_code,
4085 static void ieee80211_get_rates(struct ieee80211_supported_band *sband,
4086 u8 *supp_rates, unsigned int supp_rates_len,
4087 u32 *rates, u32 *basic_rates,
4088 bool *have_higher_than_11mbit,
4089 int *min_rate, int *min_rate_index)
4093 for (i = 0; i < supp_rates_len; i++) {
4094 int rate = supp_rates[i] & 0x7f;
4095 bool is_basic = !!(supp_rates[i] & 0x80);
4097 if ((rate * 5) > 110)
4098 *have_higher_than_11mbit = true;
4101 * Skip HT, VHT, HE, EHT and SAE H2E only BSS membership
4102 * selectors since they're not rates.
4104 * Note: Even though the membership selector and the basic
4105 * rate flag share the same bit, they are not exactly
4108 if (supp_rates[i] == (0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY) ||
4109 supp_rates[i] == (0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY) ||
4110 supp_rates[i] == (0x80 | BSS_MEMBERSHIP_SELECTOR_HE_PHY) ||
4111 supp_rates[i] == (0x80 | BSS_MEMBERSHIP_SELECTOR_EHT_PHY) ||
4112 supp_rates[i] == (0x80 | BSS_MEMBERSHIP_SELECTOR_SAE_H2E))
4115 for (j = 0; j < sband->n_bitrates; j++) {
4116 struct ieee80211_rate *br;
4119 br = &sband->bitrates[j];
4121 brate = DIV_ROUND_UP(br->bitrate, 5);
4122 if (brate == rate) {
4125 *basic_rates |= BIT(j);
4126 if ((rate * 5) < *min_rate) {
4127 *min_rate = rate * 5;
4128 *min_rate_index = j;
4136 static bool ieee80211_twt_req_supported(struct ieee80211_sub_if_data *sdata,
4137 struct ieee80211_supported_band *sband,
4138 const struct link_sta_info *link_sta,
4139 const struct ieee802_11_elems *elems)
4141 const struct ieee80211_sta_he_cap *own_he_cap =
4142 ieee80211_get_he_iftype_cap_vif(sband, &sdata->vif);
4144 if (elems->ext_capab_len < 10)
4147 if (!(elems->ext_capab[9] & WLAN_EXT_CAPA10_TWT_RESPONDER_SUPPORT))
4150 return link_sta->pub->he_cap.he_cap_elem.mac_cap_info[0] &
4151 IEEE80211_HE_MAC_CAP0_TWT_RES &&
4153 (own_he_cap->he_cap_elem.mac_cap_info[0] &
4154 IEEE80211_HE_MAC_CAP0_TWT_REQ);
4157 static u64 ieee80211_recalc_twt_req(struct ieee80211_sub_if_data *sdata,
4158 struct ieee80211_supported_band *sband,
4159 struct ieee80211_link_data *link,
4160 struct link_sta_info *link_sta,
4161 struct ieee802_11_elems *elems)
4163 bool twt = ieee80211_twt_req_supported(sdata, sband, link_sta, elems);
4165 if (link->conf->twt_requester != twt) {
4166 link->conf->twt_requester = twt;
4167 return BSS_CHANGED_TWT;
4172 static bool ieee80211_twt_bcast_support(struct ieee80211_sub_if_data *sdata,
4173 struct ieee80211_bss_conf *bss_conf,
4174 struct ieee80211_supported_band *sband,
4175 struct link_sta_info *link_sta)
4177 const struct ieee80211_sta_he_cap *own_he_cap =
4178 ieee80211_get_he_iftype_cap_vif(sband, &sdata->vif);
4180 return bss_conf->he_support &&
4181 (link_sta->pub->he_cap.he_cap_elem.mac_cap_info[2] &
4182 IEEE80211_HE_MAC_CAP2_BCAST_TWT) &&
4184 (own_he_cap->he_cap_elem.mac_cap_info[2] &
4185 IEEE80211_HE_MAC_CAP2_BCAST_TWT);
4188 static bool ieee80211_assoc_config_link(struct ieee80211_link_data *link,
4189 struct link_sta_info *link_sta,
4190 struct cfg80211_bss *cbss,
4191 struct ieee80211_mgmt *mgmt,
4192 const u8 *elem_start,
4193 unsigned int elem_len,
4196 struct ieee80211_sub_if_data *sdata = link->sdata;
4197 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data;
4198 struct ieee80211_bss_conf *bss_conf = link->conf;
4199 struct ieee80211_local *local = sdata->local;
4200 unsigned int link_id = link->link_id;
4201 struct ieee80211_elems_parse_params parse_params = {
4202 .mode = link->u.mgd.conn.mode,
4203 .start = elem_start,
4205 .link_id = link_id == assoc_data->assoc_link_id ? -1 : link_id,
4208 bool is_5ghz = cbss->channel->band == NL80211_BAND_5GHZ;
4209 bool is_6ghz = cbss->channel->band == NL80211_BAND_6GHZ;
4210 bool is_s1g = cbss->channel->band == NL80211_BAND_S1GHZ;
4211 const struct cfg80211_bss_ies *bss_ies = NULL;
4212 struct ieee80211_supported_band *sband;
4213 struct ieee802_11_elems *elems;
4214 const __le16 prof_bss_param_ch_present =
4215 cpu_to_le16(IEEE80211_MLE_STA_CONTROL_BSS_PARAM_CHANGE_CNT_PRESENT);
4219 elems = ieee802_11_parse_elems_full(&parse_params);
4223 if (link_id == assoc_data->assoc_link_id) {
4224 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
4227 * we should not get to this flow unless the association was
4228 * successful, so set the status directly to success
4230 assoc_data->link[link_id].status = WLAN_STATUS_SUCCESS;
4231 if (elems->ml_basic) {
4232 int bss_param_ch_cnt =
4233 ieee80211_mle_get_bss_param_ch_cnt((const void *)elems->ml_basic);
4235 if (bss_param_ch_cnt < 0) {
4239 link->u.mgd.bss_param_ch_cnt = bss_param_ch_cnt;
4241 } else if (elems->parse_error & IEEE80211_PARSE_ERR_DUP_NEST_ML_BASIC ||
4243 !(elems->prof->control & prof_bss_param_ch_present)) {
4247 const u8 *ptr = elems->prof->variable +
4248 elems->prof->sta_info_len - 1;
4251 * During parsing, we validated that these fields exist,
4252 * otherwise elems->prof would have been set to NULL.
4254 capab_info = get_unaligned_le16(ptr);
4255 assoc_data->link[link_id].status = get_unaligned_le16(ptr + 2);
4256 link->u.mgd.bss_param_ch_cnt =
4257 ieee80211_mle_basic_sta_prof_bss_param_ch_cnt(elems->prof);
4259 if (assoc_data->link[link_id].status != WLAN_STATUS_SUCCESS) {
4260 link_info(link, "association response status code=%u\n",
4261 assoc_data->link[link_id].status);
4267 if (!is_s1g && !elems->supp_rates) {
4268 sdata_info(sdata, "no SuppRates element in AssocResp\n");
4273 link->u.mgd.tdls_chan_switch_prohibited =
4274 elems->ext_capab && elems->ext_capab_len >= 5 &&
4275 (elems->ext_capab[4] & WLAN_EXT_CAPA5_TDLS_CH_SW_PROHIBITED);
4278 * Some APs are erroneously not including some information in their
4279 * (re)association response frames. Try to recover by using the data
4280 * from the beacon or probe response. This seems to afflict mobile
4281 * 2G/3G/4G wifi routers, reported models include the "Onda PN51T",
4282 * "Vodafone PocketWiFi 2", "ZTE MF60" and a similar T-Mobile device.
4285 ((assoc_data->wmm && !elems->wmm_param) ||
4286 (link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HT &&
4287 (!elems->ht_cap_elem || !elems->ht_operation)) ||
4288 (link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_VHT &&
4289 (!elems->vht_cap_elem || !elems->vht_operation)))) {
4290 const struct cfg80211_bss_ies *ies;
4291 struct ieee802_11_elems *bss_elems;
4294 ies = rcu_dereference(cbss->ies);
4296 bss_ies = kmemdup(ies, sizeof(*ies) + ies->len,
4304 parse_params.start = bss_ies->data;
4305 parse_params.len = bss_ies->len;
4306 parse_params.bss = cbss;
4307 bss_elems = ieee802_11_parse_elems_full(&parse_params);
4313 if (assoc_data->wmm &&
4314 !elems->wmm_param && bss_elems->wmm_param) {
4315 elems->wmm_param = bss_elems->wmm_param;
4317 "AP bug: WMM param missing from AssocResp\n");
4321 * Also check if we requested HT/VHT, otherwise the AP doesn't
4322 * have to include the IEs in the (re)association response.
4324 if (!elems->ht_cap_elem && bss_elems->ht_cap_elem &&
4325 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HT) {
4326 elems->ht_cap_elem = bss_elems->ht_cap_elem;
4328 "AP bug: HT capability missing from AssocResp\n");
4330 if (!elems->ht_operation && bss_elems->ht_operation &&
4331 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HT) {
4332 elems->ht_operation = bss_elems->ht_operation;
4334 "AP bug: HT operation missing from AssocResp\n");
4336 if (!elems->vht_cap_elem && bss_elems->vht_cap_elem &&
4337 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_VHT) {
4338 elems->vht_cap_elem = bss_elems->vht_cap_elem;
4340 "AP bug: VHT capa missing from AssocResp\n");
4342 if (!elems->vht_operation && bss_elems->vht_operation &&
4343 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_VHT) {
4344 elems->vht_operation = bss_elems->vht_operation;
4346 "AP bug: VHT operation missing from AssocResp\n");
4353 * We previously checked these in the beacon/probe response, so
4354 * they should be present here. This is just a safety net.
4355 * Note that the ieee80211_config_bw() below would also check
4356 * for this (and more), but this has better error reporting.
4358 if (!is_6ghz && link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HT &&
4359 (!elems->wmm_param || !elems->ht_cap_elem || !elems->ht_operation)) {
4361 "HT AP is missing WMM params or HT capability/operation\n");
4366 if (is_5ghz && link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_VHT &&
4367 (!elems->vht_cap_elem || !elems->vht_operation)) {
4369 "VHT AP is missing VHT capability/operation\n");
4374 /* check/update if AP changed anything in assoc response vs. scan */
4375 if (ieee80211_config_bw(link, elems,
4376 link_id == assoc_data->assoc_link_id,
4382 if (WARN_ON(!link->conf->chanreq.oper.chan)) {
4386 sband = local->hw.wiphy->bands[link->conf->chanreq.oper.chan->band];
4388 /* Set up internal HT/VHT capabilities */
4389 if (elems->ht_cap_elem && link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HT)
4390 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband,
4394 if (elems->vht_cap_elem &&
4395 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_VHT) {
4396 const struct ieee80211_vht_cap *bss_vht_cap = NULL;
4397 const struct cfg80211_bss_ies *ies;
4400 * Cisco AP module 9115 with FW 17.3 has a bug and sends a
4401 * too large maximum MPDU length in the association response
4402 * (indicating 12k) that it cannot actually process ...
4406 ies = rcu_dereference(cbss->ies);
4408 const struct element *elem;
4410 elem = cfg80211_find_elem(WLAN_EID_VHT_CAPABILITY,
4411 ies->data, ies->len);
4412 if (elem && elem->datalen >= sizeof(*bss_vht_cap))
4413 bss_vht_cap = (const void *)elem->data;
4416 ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband,
4417 elems->vht_cap_elem,
4418 bss_vht_cap, link_sta);
4422 if (elems->he_operation &&
4423 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HE &&
4425 const struct ieee80211_he_6ghz_oper *he_6ghz_oper;
4427 ieee80211_he_cap_ie_to_sta_he_cap(sdata, sband,
4430 elems->he_6ghz_capa,
4433 he_6ghz_oper = ieee80211_he_6ghz_oper(elems->he_operation);
4435 if (is_6ghz && he_6ghz_oper) {
4436 switch (u8_get_bits(he_6ghz_oper->control,
4437 IEEE80211_HE_6GHZ_OPER_CTRL_REG_INFO)) {
4438 case IEEE80211_6GHZ_CTRL_REG_LPI_AP:
4439 bss_conf->power_type = IEEE80211_REG_LPI_AP;
4441 case IEEE80211_6GHZ_CTRL_REG_SP_AP:
4442 bss_conf->power_type = IEEE80211_REG_SP_AP;
4444 case IEEE80211_6GHZ_CTRL_REG_VLP_AP:
4445 bss_conf->power_type = IEEE80211_REG_VLP_AP;
4448 bss_conf->power_type = IEEE80211_REG_UNSET_AP;
4451 } else if (is_6ghz) {
4453 "HE 6 GHz operation missing (on %d MHz), expect issues\n",
4454 bss_conf->chanreq.oper.chan->center_freq);
4457 bss_conf->he_support = link_sta->pub->he_cap.has_he;
4458 if (elems->rsnx && elems->rsnx_len &&
4459 (elems->rsnx[0] & WLAN_RSNX_CAPA_PROTECTED_TWT) &&
4460 wiphy_ext_feature_isset(local->hw.wiphy,
4461 NL80211_EXT_FEATURE_PROTECTED_TWT))
4462 bss_conf->twt_protected = true;
4464 bss_conf->twt_protected = false;
4466 *changed |= ieee80211_recalc_twt_req(sdata, sband, link,
4469 if (elems->eht_operation && elems->eht_cap &&
4470 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_EHT) {
4471 ieee80211_eht_cap_ie_to_sta_eht_cap(sdata, sband,
4478 bss_conf->eht_support = link_sta->pub->eht_cap.has_eht;
4480 bss_conf->eht_support = false;
4483 bss_conf->he_support = false;
4484 bss_conf->twt_requester = false;
4485 bss_conf->twt_protected = false;
4486 bss_conf->eht_support = false;
4489 bss_conf->twt_broadcast =
4490 ieee80211_twt_bcast_support(sdata, bss_conf, sband, link_sta);
4492 if (bss_conf->he_support) {
4493 bss_conf->he_bss_color.color =
4494 le32_get_bits(elems->he_operation->he_oper_params,
4495 IEEE80211_HE_OPERATION_BSS_COLOR_MASK);
4496 bss_conf->he_bss_color.partial =
4497 le32_get_bits(elems->he_operation->he_oper_params,
4498 IEEE80211_HE_OPERATION_PARTIAL_BSS_COLOR);
4499 bss_conf->he_bss_color.enabled =
4500 !le32_get_bits(elems->he_operation->he_oper_params,
4501 IEEE80211_HE_OPERATION_BSS_COLOR_DISABLED);
4503 if (bss_conf->he_bss_color.enabled)
4504 *changed |= BSS_CHANGED_HE_BSS_COLOR;
4506 bss_conf->htc_trig_based_pkt_ext =
4507 le32_get_bits(elems->he_operation->he_oper_params,
4508 IEEE80211_HE_OPERATION_DFLT_PE_DURATION_MASK);
4509 bss_conf->frame_time_rts_th =
4510 le32_get_bits(elems->he_operation->he_oper_params,
4511 IEEE80211_HE_OPERATION_RTS_THRESHOLD_MASK);
4513 bss_conf->uora_exists = !!elems->uora_element;
4514 if (elems->uora_element)
4515 bss_conf->uora_ocw_range = elems->uora_element[0];
4517 ieee80211_he_op_ie_to_bss_conf(&sdata->vif, elems->he_operation);
4518 ieee80211_he_spr_ie_to_bss_conf(&sdata->vif, elems->he_spr);
4519 /* TODO: OPEN: what happens if BSS color disable is set? */
4522 if (cbss->transmitted_bss) {
4523 bss_conf->nontransmitted = true;
4524 ether_addr_copy(bss_conf->transmitter_bssid,
4525 cbss->transmitted_bss->bssid);
4526 bss_conf->bssid_indicator = cbss->max_bssid_indicator;
4527 bss_conf->bssid_index = cbss->bssid_index;
4531 * Some APs, e.g. Netgear WNDR3700, report invalid HT operation data
4532 * in their association response, so ignore that data for our own
4533 * configuration. If it changed since the last beacon, we'll get the
4534 * next beacon and update then.
4538 * If an operating mode notification IE is present, override the
4539 * NSS calculation (that would be done in rate_control_rate_init())
4540 * and use the # of streams from that element.
4542 if (elems->opmode_notif &&
4543 !(*elems->opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_TYPE_BF)) {
4546 nss = *elems->opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_MASK;
4547 nss >>= IEEE80211_OPMODE_NOTIF_RX_NSS_SHIFT;
4549 link_sta->pub->rx_nss = nss;
4553 * Always handle WMM once after association regardless
4554 * of the first value the AP uses. Setting -1 here has
4555 * that effect because the AP values is an unsigned
4558 link->u.mgd.wmm_last_param_set = -1;
4559 link->u.mgd.mu_edca_last_param_set = -1;
4561 if (link->u.mgd.disable_wmm_tracking) {
4562 ieee80211_set_wmm_default(link, false, false);
4563 } else if (!ieee80211_sta_wmm_params(local, link, elems->wmm_param,
4564 elems->wmm_param_len,
4565 elems->mu_edca_param_set)) {
4566 /* still enable QoS since we might have HT/VHT */
4567 ieee80211_set_wmm_default(link, false, true);
4568 /* disable WMM tracking in this case to disable
4569 * tracking WMM parameter changes in the beacon if
4570 * the parameters weren't actually valid. Doing so
4571 * avoids changing parameters very strangely when
4572 * the AP is going back and forth between valid and
4573 * invalid parameters.
4575 link->u.mgd.disable_wmm_tracking = true;
4578 if (elems->max_idle_period_ie) {
4579 bss_conf->max_idle_period =
4580 le16_to_cpu(elems->max_idle_period_ie->max_idle_period);
4581 bss_conf->protected_keep_alive =
4582 !!(elems->max_idle_period_ie->idle_options &
4583 WLAN_IDLE_OPTIONS_PROTECTED_KEEP_ALIVE);
4584 *changed |= BSS_CHANGED_KEEP_ALIVE;
4586 bss_conf->max_idle_period = 0;
4587 bss_conf->protected_keep_alive = false;
4590 /* set assoc capability (AID was already set earlier),
4591 * ieee80211_set_associated() will tell the driver */
4592 bss_conf->assoc_capability = capab_info;
4601 static int ieee80211_mgd_setup_link_sta(struct ieee80211_link_data *link,
4602 struct sta_info *sta,
4603 struct link_sta_info *link_sta,
4604 struct cfg80211_bss *cbss)
4606 struct ieee80211_sub_if_data *sdata = link->sdata;
4607 struct ieee80211_local *local = sdata->local;
4608 struct ieee80211_bss *bss = (void *)cbss->priv;
4609 u32 rates = 0, basic_rates = 0;
4610 bool have_higher_than_11mbit = false;
4611 int min_rate = INT_MAX, min_rate_index = -1;
4612 struct ieee80211_supported_band *sband;
4614 memcpy(link_sta->addr, cbss->bssid, ETH_ALEN);
4615 memcpy(link_sta->pub->addr, cbss->bssid, ETH_ALEN);
4617 /* TODO: S1G Basic Rate Set is expressed elsewhere */
4618 if (cbss->channel->band == NL80211_BAND_S1GHZ) {
4619 ieee80211_s1g_sta_rate_init(sta);
4623 sband = local->hw.wiphy->bands[cbss->channel->band];
4625 ieee80211_get_rates(sband, bss->supp_rates, bss->supp_rates_len,
4626 &rates, &basic_rates, &have_higher_than_11mbit,
4627 &min_rate, &min_rate_index);
4630 * This used to be a workaround for basic rates missing
4631 * in the association response frame. Now that we no
4632 * longer use the basic rates from there, it probably
4633 * doesn't happen any more, but keep the workaround so
4634 * in case some *other* APs are buggy in different ways
4635 * we can connect -- with a warning.
4636 * Allow this workaround only in case the AP provided at least
4639 if (min_rate_index < 0) {
4640 link_info(link, "No legacy rates in association response\n");
4642 } else if (!basic_rates) {
4643 link_info(link, "No basic rates, using min rate instead\n");
4644 basic_rates = BIT(min_rate_index);
4648 link_sta->pub->supp_rates[cbss->channel->band] = rates;
4650 link_info(link, "No rates found, keeping mandatory only\n");
4652 link->conf->basic_rates = basic_rates;
4654 /* cf. IEEE 802.11 9.2.12 */
4655 link->operating_11g_mode = sband->band == NL80211_BAND_2GHZ &&
4656 have_higher_than_11mbit;
4661 static u8 ieee80211_max_rx_chains(struct ieee80211_link_data *link,
4662 struct cfg80211_bss *cbss)
4664 struct ieee80211_he_mcs_nss_supp *he_mcs_nss_supp;
4665 const struct element *ht_cap_elem, *vht_cap_elem;
4666 const struct cfg80211_bss_ies *ies;
4667 const struct ieee80211_ht_cap *ht_cap;
4668 const struct ieee80211_vht_cap *vht_cap;
4669 const struct ieee80211_he_cap_elem *he_cap;
4670 const struct element *he_cap_elem;
4671 u16 mcs_80_map, mcs_160_map;
4672 int i, mcs_nss_size;
4676 if (link->u.mgd.conn.mode < IEEE80211_CONN_MODE_HT)
4679 ht_cap_elem = ieee80211_bss_get_elem(cbss, WLAN_EID_HT_CAPABILITY);
4680 if (ht_cap_elem && ht_cap_elem->datalen >= sizeof(*ht_cap)) {
4681 ht_cap = (void *)ht_cap_elem->data;
4682 chains = ieee80211_mcs_to_chains(&ht_cap->mcs);
4684 * TODO: use "Tx Maximum Number Spatial Streams Supported" and
4685 * "Tx Unequal Modulation Supported" fields.
4689 if (link->u.mgd.conn.mode < IEEE80211_CONN_MODE_VHT)
4692 vht_cap_elem = ieee80211_bss_get_elem(cbss, WLAN_EID_VHT_CAPABILITY);
4693 if (vht_cap_elem && vht_cap_elem->datalen >= sizeof(*vht_cap)) {
4697 vht_cap = (void *)vht_cap_elem->data;
4698 tx_mcs_map = le16_to_cpu(vht_cap->supp_mcs.tx_mcs_map);
4699 for (nss = 8; nss > 0; nss--) {
4700 if (((tx_mcs_map >> (2 * (nss - 1))) & 3) !=
4701 IEEE80211_VHT_MCS_NOT_SUPPORTED)
4704 /* TODO: use "Tx Highest Supported Long GI Data Rate" field? */
4705 chains = max(chains, nss);
4708 if (link->u.mgd.conn.mode < IEEE80211_CONN_MODE_HE)
4711 ies = rcu_dereference(cbss->ies);
4712 he_cap_elem = cfg80211_find_ext_elem(WLAN_EID_EXT_HE_CAPABILITY,
4713 ies->data, ies->len);
4715 if (!he_cap_elem || he_cap_elem->datalen < sizeof(*he_cap))
4718 /* skip one byte ext_tag_id */
4719 he_cap = (void *)(he_cap_elem->data + 1);
4720 mcs_nss_size = ieee80211_he_mcs_nss_size(he_cap);
4723 if (he_cap_elem->datalen < 1 + mcs_nss_size + sizeof(*he_cap))
4726 /* mcs_nss is right after he_cap info */
4727 he_mcs_nss_supp = (void *)(he_cap + 1);
4729 mcs_80_map = le16_to_cpu(he_mcs_nss_supp->tx_mcs_80);
4731 for (i = 7; i >= 0; i--) {
4732 u8 mcs_80 = mcs_80_map >> (2 * i) & 3;
4734 if (mcs_80 != IEEE80211_VHT_MCS_NOT_SUPPORTED) {
4735 chains = max_t(u8, chains, i + 1);
4740 support_160 = he_cap->phy_cap_info[0] &
4741 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G;
4746 mcs_160_map = le16_to_cpu(he_mcs_nss_supp->tx_mcs_160);
4747 for (i = 7; i >= 0; i--) {
4748 u8 mcs_160 = mcs_160_map >> (2 * i) & 3;
4750 if (mcs_160 != IEEE80211_VHT_MCS_NOT_SUPPORTED) {
4751 chains = max_t(u8, chains, i + 1);
4760 ieee80211_determine_our_sta_mode(struct ieee80211_sub_if_data *sdata,
4761 struct ieee80211_supported_band *sband,
4762 struct cfg80211_assoc_request *req,
4763 bool wmm_used, int link_id,
4764 struct ieee80211_conn_settings *conn)
4766 struct ieee80211_sta_ht_cap sta_ht_cap = sband->ht_cap;
4767 bool is_5ghz = sband->band == NL80211_BAND_5GHZ;
4768 bool is_6ghz = sband->band == NL80211_BAND_6GHZ;
4769 const struct ieee80211_sta_he_cap *he_cap;
4770 const struct ieee80211_sta_eht_cap *eht_cap;
4771 struct ieee80211_sta_vht_cap vht_cap;
4773 if (sband->band == NL80211_BAND_S1GHZ) {
4774 conn->mode = IEEE80211_CONN_MODE_S1G;
4775 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_20;
4776 mlme_dbg(sdata, "operating as S1G STA\n");
4780 conn->mode = IEEE80211_CONN_MODE_LEGACY;
4781 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_20;
4783 ieee80211_apply_htcap_overrides(sdata, &sta_ht_cap);
4785 if (req && req->flags & ASSOC_REQ_DISABLE_HT) {
4786 mlme_link_id_dbg(sdata, link_id,
4787 "HT disabled by flag, limiting to legacy\n");
4792 mlme_link_id_dbg(sdata, link_id,
4793 "WMM/QoS not supported, limiting to legacy\n");
4800 for (i = 0; i < req->crypto.n_ciphers_pairwise; i++) {
4801 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 ||
4802 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP ||
4803 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) {
4804 netdev_info(sdata->dev,
4805 "WEP/TKIP use, limiting to legacy\n");
4811 if (!sta_ht_cap.ht_supported && !is_6ghz) {
4812 mlme_link_id_dbg(sdata, link_id,
4813 "HT not supported (and not on 6 GHz), limiting to legacy\n");
4818 conn->mode = IEEE80211_CONN_MODE_HT;
4819 conn->bw_limit = sta_ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40 ?
4820 IEEE80211_CONN_BW_LIMIT_40 :
4821 IEEE80211_CONN_BW_LIMIT_20;
4823 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap));
4824 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap);
4826 if (req && req->flags & ASSOC_REQ_DISABLE_VHT) {
4827 mlme_link_id_dbg(sdata, link_id,
4828 "VHT disabled by flag, limiting to HT\n");
4832 if (vht_cap.vht_supported && is_5ghz) {
4833 bool have_80mhz = false;
4836 if (conn->bw_limit == IEEE80211_CONN_BW_LIMIT_20) {
4837 mlme_link_id_dbg(sdata, link_id,
4838 "no 40 MHz support on 5 GHz, limiting to HT\n");
4842 /* Allow VHT if at least one channel on the sband supports 80 MHz */
4843 for (i = 0; i < sband->n_channels; i++) {
4844 if (sband->channels[i].flags & (IEEE80211_CHAN_DISABLED |
4845 IEEE80211_CHAN_NO_80MHZ))
4853 mlme_link_id_dbg(sdata, link_id,
4854 "no 80 MHz channel support on 5 GHz, limiting to HT\n");
4857 } else if (is_5ghz) { /* !vht_supported but on 5 GHz */
4858 mlme_link_id_dbg(sdata, link_id,
4859 "no VHT support on 5 GHz, limiting to HT\n");
4863 /* VHT - if we have - is fine, including 80 MHz, check 160 below again */
4864 if (sband->band != NL80211_BAND_2GHZ) {
4865 conn->mode = IEEE80211_CONN_MODE_VHT;
4866 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_160;
4870 !(vht_cap.cap & (IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ |
4871 IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ))) {
4872 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_80;
4873 mlme_link_id_dbg(sdata, link_id,
4874 "no VHT 160 MHz capability on 5 GHz, limiting to 80 MHz");
4877 if (req && req->flags & ASSOC_REQ_DISABLE_HE) {
4878 mlme_link_id_dbg(sdata, link_id,
4879 "HE disabled by flag, limiting to HT/VHT\n");
4883 he_cap = ieee80211_get_he_iftype_cap_vif(sband, &sdata->vif);
4886 mlme_link_id_dbg(sdata, link_id,
4887 "no HE support, limiting to HT/VHT\n");
4892 conn->mode = IEEE80211_CONN_MODE_HE;
4894 /* check bandwidth */
4895 switch (sband->band) {
4897 case NL80211_BAND_2GHZ:
4898 if (he_cap->he_cap_elem.phy_cap_info[0] &
4899 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_40MHZ_IN_2G)
4901 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_20;
4902 mlme_link_id_dbg(sdata, link_id,
4903 "no 40 MHz HE cap in 2.4 GHz, limiting to 20 MHz\n");
4905 case NL80211_BAND_5GHZ:
4906 if (!(he_cap->he_cap_elem.phy_cap_info[0] &
4907 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_40MHZ_80MHZ_IN_5G)) {
4908 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_20;
4909 mlme_link_id_dbg(sdata, link_id,
4910 "no 40/80 MHz HE cap in 5 GHz, limiting to 20 MHz\n");
4913 if (!(he_cap->he_cap_elem.phy_cap_info[0] &
4914 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G)) {
4915 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
4917 IEEE80211_CONN_BW_LIMIT_80);
4918 mlme_link_id_dbg(sdata, link_id,
4919 "no 160 MHz HE cap in 5 GHz, limiting to 80 MHz\n");
4922 case NL80211_BAND_6GHZ:
4923 if (he_cap->he_cap_elem.phy_cap_info[0] &
4924 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G)
4926 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
4928 IEEE80211_CONN_BW_LIMIT_80);
4929 mlme_link_id_dbg(sdata, link_id,
4930 "no 160 MHz HE cap in 6 GHz, limiting to 80 MHz\n");
4934 if (req && req->flags & ASSOC_REQ_DISABLE_EHT) {
4935 mlme_link_id_dbg(sdata, link_id,
4936 "EHT disabled by flag, limiting to HE\n");
4940 eht_cap = ieee80211_get_eht_iftype_cap_vif(sband, &sdata->vif);
4942 mlme_link_id_dbg(sdata, link_id,
4943 "no EHT support, limiting to HE\n");
4949 conn->mode = IEEE80211_CONN_MODE_EHT;
4951 /* check bandwidth */
4953 eht_cap->eht_cap_elem.phy_cap_info[0] & IEEE80211_EHT_PHY_CAP0_320MHZ_IN_6GHZ)
4954 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_320;
4956 mlme_link_id_dbg(sdata, link_id,
4957 "no EHT 320 MHz cap in 6 GHz, limiting to 160 MHz\n");
4960 mlme_link_id_dbg(sdata, link_id,
4961 "determined local STA to be %s, BW limited to %d MHz\n",
4962 ieee80211_conn_mode_str(conn->mode),
4963 20 * (1 << conn->bw_limit));
4967 ieee80211_determine_our_sta_mode_auth(struct ieee80211_sub_if_data *sdata,
4968 struct ieee80211_supported_band *sband,
4969 struct cfg80211_auth_request *req,
4971 struct ieee80211_conn_settings *conn)
4973 ieee80211_determine_our_sta_mode(sdata, sband, NULL, wmm_used,
4974 req->link_id > 0 ? req->link_id : 0,
4979 ieee80211_determine_our_sta_mode_assoc(struct ieee80211_sub_if_data *sdata,
4980 struct ieee80211_supported_band *sband,
4981 struct cfg80211_assoc_request *req,
4982 bool wmm_used, int link_id,
4983 struct ieee80211_conn_settings *conn)
4985 struct ieee80211_conn_settings tmp;
4989 ieee80211_determine_our_sta_mode(sdata, sband, req, wmm_used, link_id,
4992 conn->mode = min_t(enum ieee80211_conn_mode,
4993 conn->mode, tmp.mode);
4994 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
4995 conn->bw_limit, tmp.bw_limit);
4998 static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata,
4999 struct ieee80211_link_data *link,
5001 struct cfg80211_bss *cbss, bool mlo,
5002 struct ieee80211_conn_settings *conn)
5004 struct ieee80211_local *local = sdata->local;
5005 bool is_6ghz = cbss->channel->band == NL80211_BAND_6GHZ;
5006 struct ieee80211_chan_req chanreq = {};
5007 struct ieee802_11_elems *elems;
5011 lockdep_assert_wiphy(local->hw.wiphy);
5014 elems = ieee80211_determine_chan_mode(sdata, conn, cbss, link_id,
5017 if (IS_ERR(elems)) {
5019 return PTR_ERR(elems);
5022 if (mlo && !elems->ml_basic) {
5023 sdata_info(sdata, "Rejecting MLO as it is not supported by AP\n");
5029 if (link && is_6ghz && conn->mode >= IEEE80211_CONN_MODE_HE) {
5030 struct ieee80211_bss_conf *bss_conf;
5033 bss_conf = link->conf;
5035 if (elems->pwr_constr_elem)
5036 bss_conf->pwr_reduction = *elems->pwr_constr_elem;
5038 BUILD_BUG_ON(ARRAY_SIZE(bss_conf->tx_pwr_env) !=
5039 ARRAY_SIZE(elems->tx_pwr_env));
5041 for (i = 0; i < elems->tx_pwr_env_num; i++) {
5042 if (elems->tx_pwr_env_len[i] > sizeof(bss_conf->tx_pwr_env[j]))
5045 bss_conf->tx_pwr_env_num++;
5046 memcpy(&bss_conf->tx_pwr_env[j], elems->tx_pwr_env[i],
5047 elems->tx_pwr_env_len[i]);
5052 /* the element data was RCU protected so no longer valid anyway */
5060 link->needed_rx_chains = min(ieee80211_max_rx_chains(link, cbss),
5065 * If this fails (possibly due to channel context sharing
5066 * on incompatible channels, e.g. 80+80 and 160 sharing the
5067 * same control channel) try to use a smaller bandwidth.
5069 ret = ieee80211_link_use_channel(link, &chanreq,
5070 IEEE80211_CHANCTX_SHARED);
5072 /* don't downgrade for 5 and 10 MHz channels, though. */
5073 if (chanreq.oper.width == NL80211_CHAN_WIDTH_5 ||
5074 chanreq.oper.width == NL80211_CHAN_WIDTH_10)
5077 while (ret && chanreq.oper.width != NL80211_CHAN_WIDTH_20_NOHT) {
5078 ieee80211_chanreq_downgrade(&chanreq, conn);
5080 ret = ieee80211_link_use_channel(link, &chanreq,
5081 IEEE80211_CHANCTX_SHARED);
5087 static bool ieee80211_get_dtim(const struct cfg80211_bss_ies *ies,
5088 u8 *dtim_count, u8 *dtim_period)
5090 const u8 *tim_ie = cfg80211_find_ie(WLAN_EID_TIM, ies->data, ies->len);
5091 const u8 *idx_ie = cfg80211_find_ie(WLAN_EID_MULTI_BSSID_IDX, ies->data,
5093 const struct ieee80211_tim_ie *tim = NULL;
5094 const struct ieee80211_bssid_index *idx;
5095 bool valid = tim_ie && tim_ie[1] >= 2;
5098 tim = (void *)(tim_ie + 2);
5101 *dtim_count = valid ? tim->dtim_count : 0;
5104 *dtim_period = valid ? tim->dtim_period : 0;
5106 /* Check if value is overridden by non-transmitted profile */
5107 if (!idx_ie || idx_ie[1] < 3)
5110 idx = (void *)(idx_ie + 2);
5113 *dtim_count = idx->dtim_count;
5116 *dtim_period = idx->dtim_period;
5121 static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata,
5122 struct ieee80211_mgmt *mgmt,
5123 struct ieee802_11_elems *elems,
5124 const u8 *elem_start, unsigned int elem_len)
5126 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
5127 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
5128 struct ieee80211_local *local = sdata->local;
5129 unsigned int link_id;
5130 struct sta_info *sta;
5131 u64 changed[IEEE80211_MLD_MAX_NUM_LINKS] = {};
5132 u16 valid_links = 0, dormant_links = 0;
5135 lockdep_assert_wiphy(sdata->local->hw.wiphy);
5137 * station info was already allocated and inserted before
5138 * the association and should be available to us
5140 sta = sta_info_get(sdata, assoc_data->ap_addr);
5144 sta->sta.spp_amsdu = assoc_data->spp_amsdu;
5146 if (ieee80211_vif_is_mld(&sdata->vif)) {
5147 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
5148 if (!assoc_data->link[link_id].bss)
5151 valid_links |= BIT(link_id);
5152 if (assoc_data->link[link_id].disabled)
5153 dormant_links |= BIT(link_id);
5155 if (link_id != assoc_data->assoc_link_id) {
5156 err = ieee80211_sta_allocate_link(sta, link_id);
5162 ieee80211_vif_set_links(sdata, valid_links, dormant_links);
5165 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
5166 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss;
5167 struct ieee80211_link_data *link;
5168 struct link_sta_info *link_sta;
5173 link = sdata_dereference(sdata->link[link_id], sdata);
5177 if (ieee80211_vif_is_mld(&sdata->vif))
5179 "local address %pM, AP link address %pM%s\n",
5181 assoc_data->link[link_id].bss->bssid,
5182 link_id == assoc_data->assoc_link_id ?
5185 link_sta = rcu_dereference_protected(sta->link[link_id],
5186 lockdep_is_held(&local->hw.wiphy->mtx));
5187 if (WARN_ON(!link_sta))
5190 if (!link->u.mgd.have_beacon) {
5191 const struct cfg80211_bss_ies *ies;
5194 ies = rcu_dereference(cbss->beacon_ies);
5196 link->u.mgd.have_beacon = true;
5198 ies = rcu_dereference(cbss->ies);
5199 ieee80211_get_dtim(ies,
5200 &link->conf->sync_dtim_count,
5201 &link->u.mgd.dtim_period);
5202 link->conf->beacon_int = cbss->beacon_interval;
5206 link->conf->dtim_period = link->u.mgd.dtim_period ?: 1;
5208 if (link_id != assoc_data->assoc_link_id) {
5209 link->u.mgd.conn = assoc_data->link[link_id].conn;
5211 err = ieee80211_prep_channel(sdata, link, link_id, cbss,
5212 true, &link->u.mgd.conn);
5214 link_info(link, "prep_channel failed\n");
5219 err = ieee80211_mgd_setup_link_sta(link, sta, link_sta,
5220 assoc_data->link[link_id].bss);
5224 if (!ieee80211_assoc_config_link(link, link_sta,
5225 assoc_data->link[link_id].bss,
5226 mgmt, elem_start, elem_len,
5230 if (assoc_data->link[link_id].status != WLAN_STATUS_SUCCESS) {
5231 valid_links &= ~BIT(link_id);
5232 ieee80211_sta_remove_link(sta, link_id);
5236 if (link_id != assoc_data->assoc_link_id) {
5237 err = ieee80211_sta_activate_link(sta, link_id);
5243 /* links might have changed due to rejected ones, set them again */
5244 ieee80211_vif_set_links(sdata, valid_links, dormant_links);
5246 rate_control_rate_init(sta);
5248 if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED) {
5249 set_sta_flag(sta, WLAN_STA_MFP);
5250 sta->sta.mfp = true;
5252 sta->sta.mfp = false;
5255 ieee80211_sta_set_max_amsdu_subframes(sta, elems->ext_capab,
5256 elems->ext_capab_len);
5258 sta->sta.wme = (elems->wmm_param || elems->s1g_capab) &&
5259 local->hw.queues >= IEEE80211_NUM_ACS;
5261 err = sta_info_move_state(sta, IEEE80211_STA_ASSOC);
5262 if (!err && !(ifmgd->flags & IEEE80211_STA_CONTROL_PORT))
5263 err = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED);
5266 "failed to move station %pM to desired state\n",
5268 WARN_ON(__sta_info_destroy(sta));
5272 if (sdata->wdev.use_4addr)
5273 drv_sta_set_4addr(local, sdata, &sta->sta, true);
5275 ieee80211_set_associated(sdata, assoc_data, changed);
5278 * If we're using 4-addr mode, let the AP know that we're
5279 * doing so, so that it can create the STA VLAN on its side
5281 if (ifmgd->use_4addr)
5282 ieee80211_send_4addr_nullfunc(local, sdata);
5285 * Start timer to probe the connection to the AP now.
5286 * Also start the timer that will detect beacon loss.
5288 ieee80211_sta_reset_beacon_monitor(sdata);
5289 ieee80211_sta_reset_conn_monitor(sdata);
5293 eth_zero_addr(sdata->vif.cfg.ap_addr);
5297 static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
5298 struct ieee80211_mgmt *mgmt,
5301 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
5302 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
5303 u16 capab_info, status_code, aid;
5304 struct ieee80211_elems_parse_params parse_params = {
5309 struct ieee802_11_elems *elems;
5311 const u8 *elem_start;
5312 unsigned int elem_len;
5314 struct ieee80211_event event = {
5316 .u.mlme.data = ASSOC_EVENT,
5318 struct ieee80211_prep_tx_info info = {};
5319 struct cfg80211_rx_assoc_resp_data resp = {
5322 u8 ap_mld_addr[ETH_ALEN] __aligned(2);
5323 unsigned int link_id;
5325 lockdep_assert_wiphy(sdata->local->hw.wiphy);
5331 assoc_data->link[assoc_data->assoc_link_id].conn.mode;
5333 if (!ether_addr_equal(assoc_data->ap_addr, mgmt->bssid) ||
5334 !ether_addr_equal(assoc_data->ap_addr, mgmt->sa))
5338 * AssocResp and ReassocResp have identical structure, so process both
5339 * of them in this function.
5345 reassoc = ieee80211_is_reassoc_resp(mgmt->frame_control);
5346 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
5347 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
5348 if (assoc_data->s1g)
5349 elem_start = mgmt->u.s1g_assoc_resp.variable;
5351 elem_start = mgmt->u.assoc_resp.variable;
5354 * Note: this may not be perfect, AP might misbehave - if
5355 * anyone needs to rely on perfect complete notification
5356 * with the exact right subtype, then we need to track what
5357 * we actually transmitted.
5359 info.subtype = reassoc ? IEEE80211_STYPE_REASSOC_REQ :
5360 IEEE80211_STYPE_ASSOC_REQ;
5362 if (assoc_data->fils_kek_len &&
5363 fils_decrypt_assoc_resp(sdata, (u8 *)mgmt, &len, assoc_data) < 0)
5366 elem_len = len - (elem_start - (u8 *)mgmt);
5367 parse_params.start = elem_start;
5368 parse_params.len = elem_len;
5369 elems = ieee802_11_parse_elems_full(&parse_params);
5373 if (elems->aid_resp)
5374 aid = le16_to_cpu(elems->aid_resp->aid);
5375 else if (assoc_data->s1g)
5378 aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
5381 * The 5 MSB of the AID field are reserved
5382 * (802.11-2016 9.4.1.8 AID field)
5387 "RX %sssocResp from %pM (capab=0x%x status=%d aid=%d)\n",
5388 reassoc ? "Rea" : "A", assoc_data->ap_addr,
5389 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14))));
5391 ifmgd->broken_ap = false;
5393 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY &&
5394 elems->timeout_int &&
5395 elems->timeout_int->type == WLAN_TIMEOUT_ASSOC_COMEBACK) {
5398 cfg80211_assoc_comeback(sdata->dev, assoc_data->ap_addr,
5399 le32_to_cpu(elems->timeout_int->value));
5401 tu = le32_to_cpu(elems->timeout_int->value);
5402 ms = tu * 1024 / 1000;
5404 "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n",
5405 assoc_data->ap_addr, tu, ms);
5406 assoc_data->timeout = jiffies + msecs_to_jiffies(ms);
5407 assoc_data->timeout_started = true;
5408 assoc_data->comeback = true;
5409 if (ms > IEEE80211_ASSOC_TIMEOUT)
5410 run_again(sdata, assoc_data->timeout);
5414 if (status_code != WLAN_STATUS_SUCCESS) {
5415 sdata_info(sdata, "%pM denied association (code=%d)\n",
5416 assoc_data->ap_addr, status_code);
5417 event.u.mlme.status = MLME_DENIED;
5418 event.u.mlme.reason = status_code;
5419 drv_event_callback(sdata->local, sdata, &event);
5421 if (aid == 0 || aid > IEEE80211_MAX_AID) {
5423 "invalid AID value %d (out of range), turn off PS\n",
5426 ifmgd->broken_ap = true;
5429 if (ieee80211_vif_is_mld(&sdata->vif)) {
5430 struct ieee80211_mle_basic_common_info *common;
5432 if (!elems->ml_basic) {
5434 "MLO association with %pM but no (basic) multi-link element in response!\n",
5435 assoc_data->ap_addr);
5439 common = (void *)elems->ml_basic->variable;
5441 if (memcmp(assoc_data->ap_addr,
5442 common->mld_mac_addr, ETH_ALEN)) {
5444 "AP MLD MAC address mismatch: got %pM expected %pM\n",
5445 common->mld_mac_addr,
5446 assoc_data->ap_addr);
5450 sdata->vif.cfg.eml_cap =
5451 ieee80211_mle_get_eml_cap((const void *)elems->ml_basic);
5452 sdata->vif.cfg.eml_med_sync_delay =
5453 ieee80211_mle_get_eml_med_sync_delay((const void *)elems->ml_basic);
5454 sdata->vif.cfg.mld_capa_op =
5455 ieee80211_mle_get_mld_capa_op((const void *)elems->ml_basic);
5458 sdata->vif.cfg.aid = aid;
5460 if (!ieee80211_assoc_success(sdata, mgmt, elems,
5461 elem_start, elem_len)) {
5462 /* oops -- internal error -- send timeout for now */
5463 ieee80211_destroy_assoc_data(sdata, ASSOC_TIMEOUT);
5466 event.u.mlme.status = MLME_SUCCESS;
5467 drv_event_callback(sdata->local, sdata, &event);
5468 sdata_info(sdata, "associated\n");
5473 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
5474 struct ieee80211_link_data *link;
5476 if (!assoc_data->link[link_id].bss)
5479 resp.links[link_id].bss = assoc_data->link[link_id].bss;
5480 ether_addr_copy(resp.links[link_id].addr,
5481 assoc_data->link[link_id].addr);
5482 resp.links[link_id].status = assoc_data->link[link_id].status;
5484 link = sdata_dereference(sdata->link[link_id], sdata);
5488 /* get uapsd queues configuration - same for all links */
5489 resp.uapsd_queues = 0;
5490 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++)
5491 if (link->tx_conf[ac].uapsd)
5492 resp.uapsd_queues |= ieee80211_ac_to_qos_mask[ac];
5495 if (ieee80211_vif_is_mld(&sdata->vif)) {
5496 ether_addr_copy(ap_mld_addr, sdata->vif.cfg.ap_addr);
5497 resp.ap_mld_addr = ap_mld_addr;
5500 ieee80211_destroy_assoc_data(sdata,
5501 status_code == WLAN_STATUS_SUCCESS ?
5505 resp.buf = (u8 *)mgmt;
5507 resp.req_ies = ifmgd->assoc_req_ies;
5508 resp.req_ies_len = ifmgd->assoc_req_ies_len;
5509 cfg80211_rx_assoc_resp(sdata->dev, &resp);
5511 drv_mgd_complete_tx(sdata->local, sdata, &info);
5515 ieee80211_destroy_assoc_data(sdata, ASSOC_ABANDON);
5519 static void ieee80211_rx_bss_info(struct ieee80211_link_data *link,
5520 struct ieee80211_mgmt *mgmt, size_t len,
5521 struct ieee80211_rx_status *rx_status)
5523 struct ieee80211_sub_if_data *sdata = link->sdata;
5524 struct ieee80211_local *local = sdata->local;
5525 struct ieee80211_bss *bss;
5526 struct ieee80211_channel *channel;
5528 lockdep_assert_wiphy(sdata->local->hw.wiphy);
5530 channel = ieee80211_get_channel_khz(local->hw.wiphy,
5531 ieee80211_rx_status_to_khz(rx_status));
5535 bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, channel);
5537 link->conf->beacon_rate = bss->beacon_rate;
5538 ieee80211_rx_bss_put(local, bss);
5543 static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_link_data *link,
5544 struct sk_buff *skb)
5546 struct ieee80211_sub_if_data *sdata = link->sdata;
5547 struct ieee80211_mgmt *mgmt = (void *)skb->data;
5548 struct ieee80211_if_managed *ifmgd;
5549 struct ieee80211_rx_status *rx_status = (void *) skb->cb;
5550 struct ieee80211_channel *channel;
5551 size_t baselen, len = skb->len;
5553 ifmgd = &sdata->u.mgd;
5555 lockdep_assert_wiphy(sdata->local->hw.wiphy);
5558 * According to Draft P802.11ax D6.0 clause 26.17.2.3.2:
5559 * "If a 6 GHz AP receives a Probe Request frame and responds with
5560 * a Probe Response frame [..], the Address 1 field of the Probe
5561 * Response frame shall be set to the broadcast address [..]"
5562 * So, on 6GHz band we should also accept broadcast responses.
5564 channel = ieee80211_get_channel(sdata->local->hw.wiphy,
5569 if (!ether_addr_equal(mgmt->da, sdata->vif.addr) &&
5570 (channel->band != NL80211_BAND_6GHZ ||
5571 !is_broadcast_ether_addr(mgmt->da)))
5572 return; /* ignore ProbeResp to foreign address */
5574 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt;
5578 ieee80211_rx_bss_info(link, mgmt, len, rx_status);
5580 if (ifmgd->associated &&
5581 ether_addr_equal(mgmt->bssid, link->u.mgd.bssid))
5582 ieee80211_reset_ap_probe(sdata);
5586 * This is the canonical list of information elements we care about,
5587 * the filter code also gives us all changes to the Microsoft OUI
5588 * (00:50:F2) vendor IE which is used for WMM which we need to track,
5589 * as well as the DTPC IE (part of the Cisco OUI) used for signaling
5590 * changes to requested client power.
5592 * We implement beacon filtering in software since that means we can
5593 * avoid processing the frame here and in cfg80211, and userspace
5594 * will not be able to tell whether the hardware supports it or not.
5596 * XXX: This list needs to be dynamic -- userspace needs to be able to
5597 * add items it requires. It also needs to be able to tell us to
5598 * look out for other vendor IEs.
5600 static const u64 care_about_ies =
5601 (1ULL << WLAN_EID_COUNTRY) |
5602 (1ULL << WLAN_EID_ERP_INFO) |
5603 (1ULL << WLAN_EID_CHANNEL_SWITCH) |
5604 (1ULL << WLAN_EID_PWR_CONSTRAINT) |
5605 (1ULL << WLAN_EID_HT_CAPABILITY) |
5606 (1ULL << WLAN_EID_HT_OPERATION) |
5607 (1ULL << WLAN_EID_EXT_CHANSWITCH_ANN);
5609 static void ieee80211_handle_beacon_sig(struct ieee80211_link_data *link,
5610 struct ieee80211_if_managed *ifmgd,
5611 struct ieee80211_bss_conf *bss_conf,
5612 struct ieee80211_local *local,
5613 struct ieee80211_rx_status *rx_status)
5615 struct ieee80211_sub_if_data *sdata = link->sdata;
5617 /* Track average RSSI from the Beacon frames of the current AP */
5619 if (!link->u.mgd.tracking_signal_avg) {
5620 link->u.mgd.tracking_signal_avg = true;
5621 ewma_beacon_signal_init(&link->u.mgd.ave_beacon_signal);
5622 link->u.mgd.last_cqm_event_signal = 0;
5623 link->u.mgd.count_beacon_signal = 1;
5624 link->u.mgd.last_ave_beacon_signal = 0;
5626 link->u.mgd.count_beacon_signal++;
5629 ewma_beacon_signal_add(&link->u.mgd.ave_beacon_signal,
5630 -rx_status->signal);
5632 if (ifmgd->rssi_min_thold != ifmgd->rssi_max_thold &&
5633 link->u.mgd.count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) {
5634 int sig = -ewma_beacon_signal_read(&link->u.mgd.ave_beacon_signal);
5635 int last_sig = link->u.mgd.last_ave_beacon_signal;
5636 struct ieee80211_event event = {
5641 * if signal crosses either of the boundaries, invoke callback
5642 * with appropriate parameters
5644 if (sig > ifmgd->rssi_max_thold &&
5645 (last_sig <= ifmgd->rssi_min_thold || last_sig == 0)) {
5646 link->u.mgd.last_ave_beacon_signal = sig;
5647 event.u.rssi.data = RSSI_EVENT_HIGH;
5648 drv_event_callback(local, sdata, &event);
5649 } else if (sig < ifmgd->rssi_min_thold &&
5650 (last_sig >= ifmgd->rssi_max_thold ||
5652 link->u.mgd.last_ave_beacon_signal = sig;
5653 event.u.rssi.data = RSSI_EVENT_LOW;
5654 drv_event_callback(local, sdata, &event);
5658 if (bss_conf->cqm_rssi_thold &&
5659 link->u.mgd.count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT &&
5660 !(sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI)) {
5661 int sig = -ewma_beacon_signal_read(&link->u.mgd.ave_beacon_signal);
5662 int last_event = link->u.mgd.last_cqm_event_signal;
5663 int thold = bss_conf->cqm_rssi_thold;
5664 int hyst = bss_conf->cqm_rssi_hyst;
5667 (last_event == 0 || sig < last_event - hyst)) {
5668 link->u.mgd.last_cqm_event_signal = sig;
5669 ieee80211_cqm_rssi_notify(
5671 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW,
5673 } else if (sig > thold &&
5674 (last_event == 0 || sig > last_event + hyst)) {
5675 link->u.mgd.last_cqm_event_signal = sig;
5676 ieee80211_cqm_rssi_notify(
5678 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH,
5683 if (bss_conf->cqm_rssi_low &&
5684 link->u.mgd.count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) {
5685 int sig = -ewma_beacon_signal_read(&link->u.mgd.ave_beacon_signal);
5686 int last_event = link->u.mgd.last_cqm_event_signal;
5687 int low = bss_conf->cqm_rssi_low;
5688 int high = bss_conf->cqm_rssi_high;
5691 (last_event == 0 || last_event >= low)) {
5692 link->u.mgd.last_cqm_event_signal = sig;
5693 ieee80211_cqm_rssi_notify(
5695 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW,
5697 } else if (sig > high &&
5698 (last_event == 0 || last_event <= high)) {
5699 link->u.mgd.last_cqm_event_signal = sig;
5700 ieee80211_cqm_rssi_notify(
5702 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH,
5708 static bool ieee80211_rx_our_beacon(const u8 *tx_bssid,
5709 struct cfg80211_bss *bss)
5711 if (ether_addr_equal(tx_bssid, bss->bssid))
5713 if (!bss->transmitted_bss)
5715 return ether_addr_equal(tx_bssid, bss->transmitted_bss->bssid);
5718 static void ieee80211_ml_reconf_work(struct wiphy *wiphy,
5719 struct wiphy_work *work)
5721 struct ieee80211_sub_if_data *sdata =
5722 container_of(work, struct ieee80211_sub_if_data,
5723 u.mgd.ml_reconf_work.work);
5724 u16 new_valid_links, new_active_links, new_dormant_links;
5727 if (!sdata->u.mgd.removed_links)
5731 "MLO Reconfiguration: work: valid=0x%x, removed=0x%x\n",
5732 sdata->vif.valid_links, sdata->u.mgd.removed_links);
5734 new_valid_links = sdata->vif.valid_links & ~sdata->u.mgd.removed_links;
5735 if (new_valid_links == sdata->vif.valid_links)
5738 if (!new_valid_links ||
5739 !(new_valid_links & ~sdata->vif.dormant_links)) {
5740 sdata_info(sdata, "No valid links after reconfiguration\n");
5745 new_active_links = sdata->vif.active_links & ~sdata->u.mgd.removed_links;
5746 if (new_active_links != sdata->vif.active_links) {
5747 if (!new_active_links)
5749 BIT(ffs(new_valid_links &
5750 ~sdata->vif.dormant_links) - 1);
5752 ret = ieee80211_set_active_links(&sdata->vif, new_active_links);
5755 "Failed setting active links\n");
5760 new_dormant_links = sdata->vif.dormant_links & ~sdata->u.mgd.removed_links;
5762 ret = ieee80211_vif_set_links(sdata, new_valid_links,
5765 sdata_info(sdata, "Failed setting valid links\n");
5767 ieee80211_vif_cfg_change_notify(sdata, BSS_CHANGED_MLD_VALID_LINKS);
5771 cfg80211_links_removed(sdata->dev, sdata->u.mgd.removed_links);
5773 __ieee80211_disconnect(sdata);
5775 sdata->u.mgd.removed_links = 0;
5778 static void ieee80211_ml_reconfiguration(struct ieee80211_sub_if_data *sdata,
5779 struct ieee802_11_elems *elems)
5781 const struct element *sub;
5782 unsigned long removed_links = 0;
5783 u16 link_removal_timeout[IEEE80211_MLD_MAX_NUM_LINKS] = {};
5787 if (!ieee80211_vif_is_mld(&sdata->vif) || !elems->ml_reconf)
5790 /* Directly parse the sub elements as the common information doesn't
5791 * hold any useful information.
5793 for_each_mle_subelement(sub, (const u8 *)elems->ml_reconf,
5794 elems->ml_reconf_len) {
5795 struct ieee80211_mle_per_sta_profile *prof = (void *)sub->data;
5796 u8 *pos = prof->variable;
5799 if (sub->id != IEEE80211_MLE_SUBELEM_PER_STA_PROFILE)
5802 if (!ieee80211_mle_reconf_sta_prof_size_ok(sub->data,
5806 control = le16_to_cpu(prof->control);
5807 link_id = control & IEEE80211_MLE_STA_RECONF_CONTROL_LINK_ID;
5809 removed_links |= BIT(link_id);
5811 /* the MAC address should not be included, but handle it */
5813 IEEE80211_MLE_STA_RECONF_CONTROL_STA_MAC_ADDR_PRESENT)
5816 /* According to Draft P802.11be_D3.0, the control should
5817 * include the AP Removal Timer present. If the AP Removal Timer
5818 * is not present assume immediate removal.
5821 IEEE80211_MLE_STA_RECONF_CONTROL_AP_REM_TIMER_PRESENT)
5822 link_removal_timeout[link_id] = get_unaligned_le16(pos);
5825 removed_links &= sdata->vif.valid_links;
5826 if (!removed_links) {
5827 /* In case the removal was cancelled, abort it */
5828 if (sdata->u.mgd.removed_links) {
5829 sdata->u.mgd.removed_links = 0;
5830 wiphy_delayed_work_cancel(sdata->local->hw.wiphy,
5831 &sdata->u.mgd.ml_reconf_work);
5837 for_each_set_bit(link_id, &removed_links, IEEE80211_MLD_MAX_NUM_LINKS) {
5838 struct ieee80211_bss_conf *link_conf =
5839 sdata_dereference(sdata->vif.link_conf[link_id], sdata);
5843 removed_links &= ~BIT(link_id);
5847 if (link_removal_timeout[link_id] < 1)
5850 link_delay = link_conf->beacon_int *
5851 (link_removal_timeout[link_id] - 1);
5856 delay = min(delay, link_delay);
5859 sdata->u.mgd.removed_links = removed_links;
5860 wiphy_delayed_work_queue(sdata->local->hw.wiphy,
5861 &sdata->u.mgd.ml_reconf_work,
5862 TU_TO_JIFFIES(delay));
5865 static int ieee80211_ttlm_set_links(struct ieee80211_sub_if_data *sdata,
5866 u16 active_links, u16 dormant_links,
5867 u16 suspended_links)
5872 if (!active_links) {
5877 /* If there is an active negotiated TTLM, it should be discarded by
5878 * the new negotiated/advertised TTLM.
5880 if (sdata->vif.neg_ttlm.valid) {
5881 memset(&sdata->vif.neg_ttlm, 0, sizeof(sdata->vif.neg_ttlm));
5882 sdata->vif.suspended_links = 0;
5883 changed = BSS_CHANGED_MLD_TTLM;
5886 if (sdata->vif.active_links != active_links) {
5887 /* usable links are affected when active_links are changed,
5888 * so notify the driver about the status change
5890 changed |= BSS_CHANGED_MLD_VALID_LINKS;
5891 active_links &= sdata->vif.active_links;
5894 BIT(__ffs(sdata->vif.valid_links &
5896 ret = ieee80211_set_active_links(&sdata->vif, active_links);
5898 sdata_info(sdata, "Failed to set TTLM active links\n");
5903 ret = ieee80211_vif_set_links(sdata, sdata->vif.valid_links,
5906 sdata_info(sdata, "Failed to set TTLM dormant links\n");
5910 sdata->vif.suspended_links = suspended_links;
5911 if (sdata->vif.suspended_links)
5912 changed |= BSS_CHANGED_MLD_TTLM;
5914 ieee80211_vif_cfg_change_notify(sdata, changed);
5918 ieee80211_disconnect(&sdata->vif, false);
5923 static void ieee80211_tid_to_link_map_work(struct wiphy *wiphy,
5924 struct wiphy_work *work)
5926 u16 new_active_links, new_dormant_links;
5927 struct ieee80211_sub_if_data *sdata =
5928 container_of(work, struct ieee80211_sub_if_data,
5929 u.mgd.ttlm_work.work);
5931 new_active_links = sdata->u.mgd.ttlm_info.map &
5932 sdata->vif.valid_links;
5933 new_dormant_links = ~sdata->u.mgd.ttlm_info.map &
5934 sdata->vif.valid_links;
5936 ieee80211_vif_set_links(sdata, sdata->vif.valid_links, 0);
5937 if (ieee80211_ttlm_set_links(sdata, new_active_links, new_dormant_links,
5941 sdata->u.mgd.ttlm_info.active = true;
5942 sdata->u.mgd.ttlm_info.switch_time = 0;
5945 static u16 ieee80211_get_ttlm(u8 bm_size, u8 *data)
5950 return get_unaligned_le16(data);
5954 ieee80211_parse_adv_t2l(struct ieee80211_sub_if_data *sdata,
5955 const struct ieee80211_ttlm_elem *ttlm,
5956 struct ieee80211_adv_ttlm_info *ttlm_info)
5958 /* The element size was already validated in
5959 * ieee80211_tid_to_link_map_size_ok()
5961 u8 control, link_map_presence, map_size, tid;
5964 memset(ttlm_info, 0, sizeof(*ttlm_info));
5965 pos = (void *)ttlm->optional;
5966 control = ttlm->control;
5968 if ((control & IEEE80211_TTLM_CONTROL_DEF_LINK_MAP) ||
5969 !(control & IEEE80211_TTLM_CONTROL_SWITCH_TIME_PRESENT))
5972 if ((control & IEEE80211_TTLM_CONTROL_DIRECTION) !=
5973 IEEE80211_TTLM_DIRECTION_BOTH) {
5974 sdata_info(sdata, "Invalid advertised T2L map direction\n");
5978 link_map_presence = *pos;
5981 ttlm_info->switch_time = get_unaligned_le16(pos);
5983 /* Since ttlm_info->switch_time == 0 means no switch time, bump it
5986 if (!ttlm_info->switch_time)
5987 ttlm_info->switch_time = 1;
5991 if (control & IEEE80211_TTLM_CONTROL_EXPECTED_DUR_PRESENT) {
5992 ttlm_info->duration = pos[0] | pos[1] << 8 | pos[2] << 16;
5996 if (control & IEEE80211_TTLM_CONTROL_LINK_MAP_SIZE)
6001 /* According to Draft P802.11be_D3.0 clause 35.3.7.1.7, an AP MLD shall
6002 * not advertise a TID-to-link mapping that does not map all TIDs to the
6003 * same link set, reject frame if not all links have mapping
6005 if (link_map_presence != 0xff) {
6007 "Invalid advertised T2L mapping presence indicator\n");
6011 ttlm_info->map = ieee80211_get_ttlm(map_size, pos);
6012 if (!ttlm_info->map) {
6014 "Invalid advertised T2L map for TID 0\n");
6020 for (tid = 1; tid < 8; tid++) {
6021 u16 map = ieee80211_get_ttlm(map_size, pos);
6023 if (map != ttlm_info->map) {
6024 sdata_info(sdata, "Invalid advertised T2L map for tid %d\n",
6034 static void ieee80211_process_adv_ttlm(struct ieee80211_sub_if_data *sdata,
6035 struct ieee802_11_elems *elems,
6041 if (!ieee80211_vif_is_mld(&sdata->vif))
6044 if (!elems->ttlm_num) {
6045 if (sdata->u.mgd.ttlm_info.switch_time) {
6046 /* if a planned TID-to-link mapping was cancelled -
6049 wiphy_delayed_work_cancel(sdata->local->hw.wiphy,
6050 &sdata->u.mgd.ttlm_work);
6051 } else if (sdata->u.mgd.ttlm_info.active) {
6052 /* if no TID-to-link element, set to default mapping in
6053 * which all TIDs are mapped to all setup links
6055 ret = ieee80211_vif_set_links(sdata,
6056 sdata->vif.valid_links,
6059 sdata_info(sdata, "Failed setting valid/dormant links\n");
6062 ieee80211_vif_cfg_change_notify(sdata,
6063 BSS_CHANGED_MLD_VALID_LINKS);
6065 memset(&sdata->u.mgd.ttlm_info, 0,
6066 sizeof(sdata->u.mgd.ttlm_info));
6070 for (i = 0; i < elems->ttlm_num; i++) {
6071 struct ieee80211_adv_ttlm_info ttlm_info;
6074 res = ieee80211_parse_adv_t2l(sdata, elems->ttlm[i],
6078 __ieee80211_disconnect(sdata);
6082 if (ttlm_info.switch_time) {
6083 u16 beacon_ts_tu, st_tu, delay;
6087 /* The t2l map switch time is indicated with a partial
6088 * TSF value (bits 10 to 25), get the partial beacon TS
6089 * as well, and calc the delay to the start time.
6091 mask = GENMASK_ULL(25, 10);
6092 beacon_ts_tu = (beacon_ts & mask) >> 10;
6093 st_tu = ttlm_info.switch_time;
6094 delay = st_tu - beacon_ts_tu;
6097 * If the switch time is far in the future, then it
6098 * could also be the previous switch still being
6100 * We can simply ignore it for now, if it is a future
6101 * switch the AP will continue to announce it anyway.
6103 if (delay > IEEE80211_ADV_TTLM_ST_UNDERFLOW)
6106 delay_jiffies = TU_TO_JIFFIES(delay);
6108 /* Link switching can take time, so schedule it
6109 * 100ms before to be ready on time
6111 if (delay_jiffies > IEEE80211_ADV_TTLM_SAFETY_BUFFER_MS)
6113 IEEE80211_ADV_TTLM_SAFETY_BUFFER_MS;
6117 sdata->u.mgd.ttlm_info = ttlm_info;
6118 wiphy_delayed_work_cancel(sdata->local->hw.wiphy,
6119 &sdata->u.mgd.ttlm_work);
6120 wiphy_delayed_work_queue(sdata->local->hw.wiphy,
6121 &sdata->u.mgd.ttlm_work,
6128 static void ieee80211_rx_mgmt_beacon(struct ieee80211_link_data *link,
6129 struct ieee80211_hdr *hdr, size_t len,
6130 struct ieee80211_rx_status *rx_status)
6132 struct ieee80211_sub_if_data *sdata = link->sdata;
6133 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
6134 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
6135 struct ieee80211_vif_cfg *vif_cfg = &sdata->vif.cfg;
6136 struct ieee80211_mgmt *mgmt = (void *) hdr;
6138 struct ieee802_11_elems *elems;
6139 struct ieee80211_local *local = sdata->local;
6140 struct ieee80211_chanctx_conf *chanctx_conf;
6141 struct ieee80211_supported_band *sband;
6142 struct ieee80211_channel *chan;
6143 struct link_sta_info *link_sta;
6144 struct sta_info *sta;
6149 u8 *bssid, *variable = mgmt->u.beacon.variable;
6150 u8 deauth_buf[IEEE80211_DEAUTH_FRAME_LEN];
6151 struct ieee80211_elems_parse_params parse_params = {
6152 .mode = link->u.mgd.conn.mode,
6157 lockdep_assert_wiphy(local->hw.wiphy);
6159 /* Process beacon from the current BSS */
6160 bssid = ieee80211_get_bssid(hdr, len, sdata->vif.type);
6161 if (ieee80211_is_s1g_beacon(mgmt->frame_control)) {
6162 struct ieee80211_ext *ext = (void *) mgmt;
6164 if (ieee80211_is_s1g_short_beacon(ext->frame_control))
6165 variable = ext->u.s1g_short_beacon.variable;
6167 variable = ext->u.s1g_beacon.variable;
6170 baselen = (u8 *) variable - (u8 *) mgmt;
6174 parse_params.start = variable;
6175 parse_params.len = len - baselen;
6178 chanctx_conf = rcu_dereference(link->conf->chanctx_conf);
6179 if (!chanctx_conf) {
6184 if (ieee80211_rx_status_to_khz(rx_status) !=
6185 ieee80211_channel_to_khz(chanctx_conf->def.chan)) {
6189 chan = chanctx_conf->def.chan;
6192 if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon &&
6193 !WARN_ON(ieee80211_vif_is_mld(&sdata->vif)) &&
6194 ieee80211_rx_our_beacon(bssid, ifmgd->assoc_data->link[0].bss)) {
6195 parse_params.bss = ifmgd->assoc_data->link[0].bss;
6196 elems = ieee802_11_parse_elems_full(&parse_params);
6200 ieee80211_rx_bss_info(link, mgmt, len, rx_status);
6202 if (elems->dtim_period)
6203 link->u.mgd.dtim_period = elems->dtim_period;
6204 link->u.mgd.have_beacon = true;
6205 ifmgd->assoc_data->need_beacon = false;
6206 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY) &&
6207 !ieee80211_is_s1g_beacon(hdr->frame_control)) {
6208 link->conf->sync_tsf =
6209 le64_to_cpu(mgmt->u.beacon.timestamp);
6210 link->conf->sync_device_ts =
6211 rx_status->device_timestamp;
6212 link->conf->sync_dtim_count = elems->dtim_count;
6215 if (elems->mbssid_config_ie)
6216 bss_conf->profile_periodicity =
6217 elems->mbssid_config_ie->profile_periodicity;
6219 bss_conf->profile_periodicity = 0;
6221 if (elems->ext_capab_len >= 11 &&
6222 (elems->ext_capab[10] & WLAN_EXT_CAPA11_EMA_SUPPORT))
6223 bss_conf->ema_ap = true;
6225 bss_conf->ema_ap = false;
6227 /* continue assoc process */
6228 ifmgd->assoc_data->timeout = jiffies;
6229 ifmgd->assoc_data->timeout_started = true;
6230 run_again(sdata, ifmgd->assoc_data->timeout);
6235 if (!ifmgd->associated ||
6236 !ieee80211_rx_our_beacon(bssid, link->conf->bss))
6238 bssid = link->u.mgd.bssid;
6240 if (!(rx_status->flag & RX_FLAG_NO_SIGNAL_VAL))
6241 ieee80211_handle_beacon_sig(link, ifmgd, bss_conf,
6244 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) {
6245 mlme_dbg_ratelimited(sdata,
6246 "cancelling AP probe due to a received beacon\n");
6247 ieee80211_reset_ap_probe(sdata);
6251 * Push the beacon loss detection into the future since
6252 * we are processing a beacon from the AP just now.
6254 ieee80211_sta_reset_beacon_monitor(sdata);
6256 /* TODO: CRC urrently not calculated on S1G Beacon Compatibility
6257 * element (which carries the beacon interval). Don't forget to add a
6258 * bit to care_about_ies[] above if mac80211 is interested in a
6259 * changing S1G element.
6261 if (!ieee80211_is_s1g_beacon(hdr->frame_control))
6262 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4);
6263 parse_params.bss = link->conf->bss;
6264 parse_params.filter = care_about_ies;
6265 parse_params.crc = ncrc;
6266 elems = ieee802_11_parse_elems_full(&parse_params);
6271 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) &&
6272 ieee80211_check_tim(elems->tim, elems->tim_len, vif_cfg->aid)) {
6273 if (local->hw.conf.dynamic_ps_timeout > 0) {
6274 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
6275 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
6276 ieee80211_hw_config(local,
6277 IEEE80211_CONF_CHANGE_PS);
6279 ieee80211_send_nullfunc(local, sdata, false);
6280 } else if (!local->pspolling && sdata->u.mgd.powersave) {
6281 local->pspolling = true;
6284 * Here is assumed that the driver will be
6285 * able to send ps-poll frame and receive a
6286 * response even though power save mode is
6287 * enabled, but some drivers might require
6288 * to disable power save here. This needs
6289 * to be investigated.
6291 ieee80211_send_pspoll(local, sdata);
6295 if (sdata->vif.p2p ||
6296 sdata->vif.driver_flags & IEEE80211_VIF_GET_NOA_UPDATE) {
6297 struct ieee80211_p2p_noa_attr noa = {};
6300 ret = cfg80211_get_p2p_attr(variable,
6302 IEEE80211_P2P_ATTR_ABSENCE_NOTICE,
6303 (u8 *) &noa, sizeof(noa));
6305 if (link->u.mgd.p2p_noa_index != noa.index) {
6306 /* valid noa_attr and index changed */
6307 link->u.mgd.p2p_noa_index = noa.index;
6308 memcpy(&bss_conf->p2p_noa_attr, &noa, sizeof(noa));
6309 changed |= BSS_CHANGED_P2P_PS;
6311 * make sure we update all information, the CRC
6312 * mechanism doesn't look at P2P attributes.
6314 link->u.mgd.beacon_crc_valid = false;
6316 } else if (link->u.mgd.p2p_noa_index != -1) {
6317 /* noa_attr not found and we had valid noa_attr before */
6318 link->u.mgd.p2p_noa_index = -1;
6319 memset(&bss_conf->p2p_noa_attr, 0, sizeof(bss_conf->p2p_noa_attr));
6320 changed |= BSS_CHANGED_P2P_PS;
6321 link->u.mgd.beacon_crc_valid = false;
6326 * Update beacon timing and dtim count on every beacon appearance. This
6327 * will allow the driver to use the most updated values. Do it before
6328 * comparing this one with last received beacon.
6329 * IMPORTANT: These parameters would possibly be out of sync by the time
6330 * the driver will use them. The synchronized view is currently
6331 * guaranteed only in certain callbacks.
6333 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY) &&
6334 !ieee80211_is_s1g_beacon(hdr->frame_control)) {
6335 link->conf->sync_tsf =
6336 le64_to_cpu(mgmt->u.beacon.timestamp);
6337 link->conf->sync_device_ts =
6338 rx_status->device_timestamp;
6339 link->conf->sync_dtim_count = elems->dtim_count;
6342 if ((ncrc == link->u.mgd.beacon_crc && link->u.mgd.beacon_crc_valid) ||
6343 ieee80211_is_s1g_short_beacon(mgmt->frame_control))
6345 link->u.mgd.beacon_crc = ncrc;
6346 link->u.mgd.beacon_crc_valid = true;
6348 ieee80211_rx_bss_info(link, mgmt, len, rx_status);
6350 ieee80211_sta_process_chanswitch(link, rx_status->mactime,
6351 rx_status->device_timestamp,
6354 if (!link->u.mgd.disable_wmm_tracking &&
6355 ieee80211_sta_wmm_params(local, link, elems->wmm_param,
6356 elems->wmm_param_len,
6357 elems->mu_edca_param_set))
6358 changed |= BSS_CHANGED_QOS;
6361 * If we haven't had a beacon before, tell the driver about the
6362 * DTIM period (and beacon timing if desired) now.
6364 if (!link->u.mgd.have_beacon) {
6365 /* a few bogus AP send dtim_period = 0 or no TIM IE */
6366 bss_conf->dtim_period = elems->dtim_period ?: 1;
6368 changed |= BSS_CHANGED_BEACON_INFO;
6369 link->u.mgd.have_beacon = true;
6371 ieee80211_recalc_ps(local);
6373 ieee80211_recalc_ps_vif(sdata);
6376 if (elems->erp_info) {
6378 erp_value = elems->erp_info[0];
6383 if (!ieee80211_is_s1g_beacon(hdr->frame_control))
6384 changed |= ieee80211_handle_bss_capability(link,
6385 le16_to_cpu(mgmt->u.beacon.capab_info),
6386 erp_valid, erp_value);
6388 sta = sta_info_get(sdata, sdata->vif.cfg.ap_addr);
6389 if (WARN_ON(!sta)) {
6392 link_sta = rcu_dereference_protected(sta->link[link->link_id],
6393 lockdep_is_held(&local->hw.wiphy->mtx));
6394 if (WARN_ON(!link_sta)) {
6398 if (WARN_ON(!link->conf->chanreq.oper.chan))
6401 sband = local->hw.wiphy->bands[link->conf->chanreq.oper.chan->band];
6403 changed |= ieee80211_recalc_twt_req(sdata, sband, link, link_sta, elems);
6405 if (ieee80211_config_bw(link, elems, true, &changed)) {
6406 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
6407 WLAN_REASON_DEAUTH_LEAVING,
6409 ieee80211_report_disconnect(sdata, deauth_buf,
6410 sizeof(deauth_buf), true,
6411 WLAN_REASON_DEAUTH_LEAVING,
6416 if (elems->opmode_notif)
6417 ieee80211_vht_handle_opmode(sdata, link_sta,
6418 *elems->opmode_notif,
6421 changed |= ieee80211_handle_pwr_constr(link, chan, mgmt,
6422 elems->country_elem,
6423 elems->country_elem_len,
6424 elems->pwr_constr_elem,
6425 elems->cisco_dtpc_elem);
6427 ieee80211_ml_reconfiguration(sdata, elems);
6428 ieee80211_process_adv_ttlm(sdata, elems,
6429 le64_to_cpu(mgmt->u.beacon.timestamp));
6431 ieee80211_link_info_change_notify(sdata, link, changed);
6436 static void ieee80211_apply_neg_ttlm(struct ieee80211_sub_if_data *sdata,
6437 struct ieee80211_neg_ttlm neg_ttlm)
6439 u16 new_active_links, new_dormant_links, new_suspended_links, map = 0;
6442 for (i = 0; i < IEEE80211_TTLM_NUM_TIDS; i++)
6443 map |= neg_ttlm.downlink[i] | neg_ttlm.uplink[i];
6445 /* If there is an active TTLM, unset previously suspended links */
6446 if (sdata->vif.neg_ttlm.valid)
6447 sdata->vif.dormant_links &= ~sdata->vif.suspended_links;
6449 /* exclude links that are already disabled by advertised TTLM */
6451 map & sdata->vif.valid_links & ~sdata->vif.dormant_links;
6452 new_suspended_links =
6453 (~map & sdata->vif.valid_links) & ~sdata->vif.dormant_links;
6454 new_dormant_links = sdata->vif.dormant_links | new_suspended_links;
6455 if (ieee80211_ttlm_set_links(sdata, new_active_links,
6456 new_dormant_links, new_suspended_links))
6459 sdata->vif.neg_ttlm = neg_ttlm;
6460 sdata->vif.neg_ttlm.valid = true;
6463 static void ieee80211_neg_ttlm_timeout_work(struct wiphy *wiphy,
6464 struct wiphy_work *work)
6466 struct ieee80211_sub_if_data *sdata =
6467 container_of(work, struct ieee80211_sub_if_data,
6468 u.mgd.neg_ttlm_timeout_work.work);
6471 "No negotiated TTLM response from AP, disconnecting.\n");
6473 __ieee80211_disconnect(sdata);
6477 ieee80211_neg_ttlm_add_suggested_map(struct sk_buff *skb,
6478 struct ieee80211_neg_ttlm *neg_ttlm)
6480 u8 i, direction[IEEE80211_TTLM_MAX_CNT];
6482 if (memcmp(neg_ttlm->downlink, neg_ttlm->uplink,
6483 sizeof(neg_ttlm->downlink))) {
6484 direction[0] = IEEE80211_TTLM_DIRECTION_DOWN;
6485 direction[1] = IEEE80211_TTLM_DIRECTION_UP;
6487 direction[0] = IEEE80211_TTLM_DIRECTION_BOTH;
6490 for (i = 0; i < ARRAY_SIZE(direction); i++) {
6491 u8 tid, len, map_ind = 0, *len_pos, *map_ind_pos, *pos;
6494 len = sizeof(struct ieee80211_ttlm_elem) + 1 + 1;
6496 pos = skb_put(skb, len + 2);
6497 *pos++ = WLAN_EID_EXTENSION;
6499 *pos++ = WLAN_EID_EXT_TID_TO_LINK_MAPPING;
6500 *pos++ = direction[i];
6501 map_ind_pos = pos++;
6502 for (tid = 0; tid < IEEE80211_TTLM_NUM_TIDS; tid++) {
6503 map = direction[i] == IEEE80211_TTLM_DIRECTION_UP ?
6504 cpu_to_le16(neg_ttlm->uplink[tid]) :
6505 cpu_to_le16(neg_ttlm->downlink[tid]);
6510 map_ind |= BIT(tid);
6511 skb_put_data(skb, &map, sizeof(map));
6514 *map_ind_pos = map_ind;
6517 if (direction[i] == IEEE80211_TTLM_DIRECTION_BOTH)
6523 ieee80211_send_neg_ttlm_req(struct ieee80211_sub_if_data *sdata,
6524 struct ieee80211_neg_ttlm *neg_ttlm,
6527 struct ieee80211_local *local = sdata->local;
6528 struct ieee80211_mgmt *mgmt;
6529 struct sk_buff *skb;
6530 int hdr_len = offsetofend(struct ieee80211_mgmt, u.action.u.ttlm_req);
6531 int ttlm_max_len = 2 + 1 + sizeof(struct ieee80211_ttlm_elem) + 1 +
6532 2 * 2 * IEEE80211_TTLM_NUM_TIDS;
6534 skb = dev_alloc_skb(local->tx_headroom + hdr_len + ttlm_max_len);
6538 skb_reserve(skb, local->tx_headroom);
6539 mgmt = skb_put_zero(skb, hdr_len);
6540 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
6541 IEEE80211_STYPE_ACTION);
6542 memcpy(mgmt->da, sdata->vif.cfg.ap_addr, ETH_ALEN);
6543 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
6544 memcpy(mgmt->bssid, sdata->vif.cfg.ap_addr, ETH_ALEN);
6546 mgmt->u.action.category = WLAN_CATEGORY_PROTECTED_EHT;
6547 mgmt->u.action.u.ttlm_req.action_code =
6548 WLAN_PROTECTED_EHT_ACTION_TTLM_REQ;
6549 mgmt->u.action.u.ttlm_req.dialog_token = dialog_token;
6550 ieee80211_neg_ttlm_add_suggested_map(skb, neg_ttlm);
6551 ieee80211_tx_skb(sdata, skb);
6554 int ieee80211_req_neg_ttlm(struct ieee80211_sub_if_data *sdata,
6555 struct cfg80211_ttlm_params *params)
6557 struct ieee80211_neg_ttlm neg_ttlm = {};
6560 if (!ieee80211_vif_is_mld(&sdata->vif) ||
6561 !(sdata->vif.cfg.mld_capa_op &
6562 IEEE80211_MLD_CAP_OP_TID_TO_LINK_MAP_NEG_SUPP))
6565 for (i = 0; i < IEEE80211_TTLM_NUM_TIDS; i++) {
6566 if ((params->dlink[i] & ~sdata->vif.valid_links) ||
6567 (params->ulink[i] & ~sdata->vif.valid_links))
6570 neg_ttlm.downlink[i] = params->dlink[i];
6571 neg_ttlm.uplink[i] = params->ulink[i];
6574 if (drv_can_neg_ttlm(sdata->local, sdata, &neg_ttlm) !=
6575 NEG_TTLM_RES_ACCEPT)
6578 ieee80211_apply_neg_ttlm(sdata, neg_ttlm);
6579 sdata->u.mgd.dialog_token_alloc++;
6580 ieee80211_send_neg_ttlm_req(sdata, &sdata->vif.neg_ttlm,
6581 sdata->u.mgd.dialog_token_alloc);
6582 wiphy_delayed_work_cancel(sdata->local->hw.wiphy,
6583 &sdata->u.mgd.neg_ttlm_timeout_work);
6584 wiphy_delayed_work_queue(sdata->local->hw.wiphy,
6585 &sdata->u.mgd.neg_ttlm_timeout_work,
6586 IEEE80211_NEG_TTLM_REQ_TIMEOUT);
6591 ieee80211_send_neg_ttlm_res(struct ieee80211_sub_if_data *sdata,
6592 enum ieee80211_neg_ttlm_res ttlm_res,
6594 struct ieee80211_neg_ttlm *neg_ttlm)
6596 struct ieee80211_local *local = sdata->local;
6597 struct ieee80211_mgmt *mgmt;
6598 struct sk_buff *skb;
6599 int hdr_len = offsetofend(struct ieee80211_mgmt, u.action.u.ttlm_res);
6600 int ttlm_max_len = 2 + 1 + sizeof(struct ieee80211_ttlm_elem) + 1 +
6601 2 * 2 * IEEE80211_TTLM_NUM_TIDS;
6603 skb = dev_alloc_skb(local->tx_headroom + hdr_len + ttlm_max_len);
6607 skb_reserve(skb, local->tx_headroom);
6608 mgmt = skb_put_zero(skb, hdr_len);
6609 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
6610 IEEE80211_STYPE_ACTION);
6611 memcpy(mgmt->da, sdata->vif.cfg.ap_addr, ETH_ALEN);
6612 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
6613 memcpy(mgmt->bssid, sdata->vif.cfg.ap_addr, ETH_ALEN);
6615 mgmt->u.action.category = WLAN_CATEGORY_PROTECTED_EHT;
6616 mgmt->u.action.u.ttlm_res.action_code =
6617 WLAN_PROTECTED_EHT_ACTION_TTLM_RES;
6618 mgmt->u.action.u.ttlm_res.dialog_token = dialog_token;
6623 case NEG_TTLM_RES_REJECT:
6624 mgmt->u.action.u.ttlm_res.status_code =
6625 WLAN_STATUS_DENIED_TID_TO_LINK_MAPPING;
6627 case NEG_TTLM_RES_ACCEPT:
6628 mgmt->u.action.u.ttlm_res.status_code = WLAN_STATUS_SUCCESS;
6630 case NEG_TTLM_RES_SUGGEST_PREFERRED:
6631 mgmt->u.action.u.ttlm_res.status_code =
6632 WLAN_STATUS_PREF_TID_TO_LINK_MAPPING_SUGGESTED;
6633 ieee80211_neg_ttlm_add_suggested_map(skb, neg_ttlm);
6637 ieee80211_tx_skb(sdata, skb);
6641 ieee80211_parse_neg_ttlm(struct ieee80211_sub_if_data *sdata,
6642 const struct ieee80211_ttlm_elem *ttlm,
6643 struct ieee80211_neg_ttlm *neg_ttlm,
6646 u8 control, link_map_presence, map_size, tid;
6649 /* The element size was already validated in
6650 * ieee80211_tid_to_link_map_size_ok()
6652 pos = (void *)ttlm->optional;
6654 control = ttlm->control;
6656 /* mapping switch time and expected duration fields are not expected
6657 * in case of negotiated TTLM
6659 if (control & (IEEE80211_TTLM_CONTROL_SWITCH_TIME_PRESENT |
6660 IEEE80211_TTLM_CONTROL_EXPECTED_DUR_PRESENT)) {
6662 "Invalid TTLM element in negotiated TTLM request\n");
6666 if (control & IEEE80211_TTLM_CONTROL_DEF_LINK_MAP) {
6667 for (tid = 0; tid < IEEE80211_TTLM_NUM_TIDS; tid++) {
6668 neg_ttlm->downlink[tid] = sdata->vif.valid_links;
6669 neg_ttlm->uplink[tid] = sdata->vif.valid_links;
6671 *direction = IEEE80211_TTLM_DIRECTION_BOTH;
6675 *direction = u8_get_bits(control, IEEE80211_TTLM_CONTROL_DIRECTION);
6676 if (*direction != IEEE80211_TTLM_DIRECTION_DOWN &&
6677 *direction != IEEE80211_TTLM_DIRECTION_UP &&
6678 *direction != IEEE80211_TTLM_DIRECTION_BOTH)
6681 link_map_presence = *pos;
6684 if (control & IEEE80211_TTLM_CONTROL_LINK_MAP_SIZE)
6689 for (tid = 0; tid < IEEE80211_TTLM_NUM_TIDS; tid++) {
6692 if (link_map_presence & BIT(tid)) {
6693 map = ieee80211_get_ttlm(map_size, pos);
6696 "No active links for TID %d", tid);
6703 switch (*direction) {
6704 case IEEE80211_TTLM_DIRECTION_BOTH:
6705 neg_ttlm->downlink[tid] = map;
6706 neg_ttlm->uplink[tid] = map;
6708 case IEEE80211_TTLM_DIRECTION_DOWN:
6709 neg_ttlm->downlink[tid] = map;
6711 case IEEE80211_TTLM_DIRECTION_UP:
6712 neg_ttlm->uplink[tid] = map;
6722 void ieee80211_process_neg_ttlm_req(struct ieee80211_sub_if_data *sdata,
6723 struct ieee80211_mgmt *mgmt, size_t len)
6725 u8 dialog_token, direction[IEEE80211_TTLM_MAX_CNT] = {}, i;
6727 enum ieee80211_neg_ttlm_res ttlm_res = NEG_TTLM_RES_ACCEPT;
6728 struct ieee802_11_elems *elems = NULL;
6729 struct ieee80211_neg_ttlm neg_ttlm = {};
6731 BUILD_BUG_ON(ARRAY_SIZE(direction) != ARRAY_SIZE(elems->ttlm));
6733 if (!ieee80211_vif_is_mld(&sdata->vif))
6736 dialog_token = mgmt->u.action.u.ttlm_req.dialog_token;
6737 ies_len = len - offsetof(struct ieee80211_mgmt,
6738 u.action.u.ttlm_req.variable);
6739 elems = ieee802_11_parse_elems(mgmt->u.action.u.ttlm_req.variable,
6740 ies_len, true, NULL);
6742 ttlm_res = NEG_TTLM_RES_REJECT;
6746 for (i = 0; i < elems->ttlm_num; i++) {
6747 if (ieee80211_parse_neg_ttlm(sdata, elems->ttlm[i],
6748 &neg_ttlm, &direction[i]) ||
6749 (direction[i] == IEEE80211_TTLM_DIRECTION_BOTH &&
6750 elems->ttlm_num != 1)) {
6751 ttlm_res = NEG_TTLM_RES_REJECT;
6756 if (!elems->ttlm_num ||
6757 (elems->ttlm_num == 2 && direction[0] == direction[1])) {
6758 ttlm_res = NEG_TTLM_RES_REJECT;
6762 for (i = 0; i < IEEE80211_TTLM_NUM_TIDS; i++) {
6763 if ((neg_ttlm.downlink[i] &&
6764 (neg_ttlm.downlink[i] & ~sdata->vif.valid_links)) ||
6765 (neg_ttlm.uplink[i] &&
6766 (neg_ttlm.uplink[i] & ~sdata->vif.valid_links))) {
6767 ttlm_res = NEG_TTLM_RES_REJECT;
6772 ttlm_res = drv_can_neg_ttlm(sdata->local, sdata, &neg_ttlm);
6774 if (ttlm_res != NEG_TTLM_RES_ACCEPT)
6777 ieee80211_apply_neg_ttlm(sdata, neg_ttlm);
6780 ieee80211_send_neg_ttlm_res(sdata, ttlm_res, dialog_token, &neg_ttlm);
6783 void ieee80211_process_neg_ttlm_res(struct ieee80211_sub_if_data *sdata,
6784 struct ieee80211_mgmt *mgmt, size_t len)
6786 if (!ieee80211_vif_is_mld(&sdata->vif) ||
6787 mgmt->u.action.u.ttlm_req.dialog_token !=
6788 sdata->u.mgd.dialog_token_alloc)
6791 wiphy_delayed_work_cancel(sdata->local->hw.wiphy,
6792 &sdata->u.mgd.neg_ttlm_timeout_work);
6794 /* MLD station sends a TID to link mapping request, mainly to handle
6795 * BTM (BSS transition management) request, in which case it needs to
6796 * restrict the active links set.
6797 * In this case it's not expected that the MLD AP will reject the
6798 * negotiated TTLM request.
6799 * This can be better implemented in the future, to handle request
6802 if (mgmt->u.action.u.ttlm_res.status_code != WLAN_STATUS_SUCCESS)
6803 __ieee80211_disconnect(sdata);
6806 void ieee80211_sta_rx_queued_ext(struct ieee80211_sub_if_data *sdata,
6807 struct sk_buff *skb)
6809 struct ieee80211_link_data *link = &sdata->deflink;
6810 struct ieee80211_rx_status *rx_status;
6811 struct ieee80211_hdr *hdr;
6814 lockdep_assert_wiphy(sdata->local->hw.wiphy);
6816 rx_status = (struct ieee80211_rx_status *) skb->cb;
6817 hdr = (struct ieee80211_hdr *) skb->data;
6818 fc = le16_to_cpu(hdr->frame_control);
6820 switch (fc & IEEE80211_FCTL_STYPE) {
6821 case IEEE80211_STYPE_S1G_BEACON:
6822 ieee80211_rx_mgmt_beacon(link, hdr, skb->len, rx_status);
6827 void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
6828 struct sk_buff *skb)
6830 struct ieee80211_link_data *link = &sdata->deflink;
6831 struct ieee80211_rx_status *rx_status;
6832 struct ieee80211_mgmt *mgmt;
6836 lockdep_assert_wiphy(sdata->local->hw.wiphy);
6838 rx_status = (struct ieee80211_rx_status *) skb->cb;
6839 mgmt = (struct ieee80211_mgmt *) skb->data;
6840 fc = le16_to_cpu(mgmt->frame_control);
6842 if (rx_status->link_valid) {
6843 link = sdata_dereference(sdata->link[rx_status->link_id],
6849 switch (fc & IEEE80211_FCTL_STYPE) {
6850 case IEEE80211_STYPE_BEACON:
6851 ieee80211_rx_mgmt_beacon(link, (void *)mgmt,
6852 skb->len, rx_status);
6854 case IEEE80211_STYPE_PROBE_RESP:
6855 ieee80211_rx_mgmt_probe_resp(link, skb);
6857 case IEEE80211_STYPE_AUTH:
6858 ieee80211_rx_mgmt_auth(sdata, mgmt, skb->len);
6860 case IEEE80211_STYPE_DEAUTH:
6861 ieee80211_rx_mgmt_deauth(sdata, mgmt, skb->len);
6863 case IEEE80211_STYPE_DISASSOC:
6864 ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len);
6866 case IEEE80211_STYPE_ASSOC_RESP:
6867 case IEEE80211_STYPE_REASSOC_RESP:
6868 ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len);
6870 case IEEE80211_STYPE_ACTION:
6871 if (!sdata->u.mgd.associated ||
6872 !ether_addr_equal(mgmt->bssid, sdata->vif.cfg.ap_addr))
6875 if (mgmt->u.action.category == WLAN_CATEGORY_SPECTRUM_MGMT) {
6876 struct ieee802_11_elems *elems;
6878 ies_len = skb->len -
6879 offsetof(struct ieee80211_mgmt,
6880 u.action.u.chan_switch.variable);
6885 /* CSA IE cannot be overridden, no need for BSSID */
6886 elems = ieee802_11_parse_elems(
6887 mgmt->u.action.u.chan_switch.variable,
6888 ies_len, true, NULL);
6890 if (elems && !elems->parse_error)
6891 ieee80211_sta_process_chanswitch(link,
6893 rx_status->device_timestamp,
6896 } else if (mgmt->u.action.category == WLAN_CATEGORY_PUBLIC) {
6897 struct ieee802_11_elems *elems;
6899 ies_len = skb->len -
6900 offsetof(struct ieee80211_mgmt,
6901 u.action.u.ext_chan_switch.variable);
6907 * extended CSA IE can't be overridden, no need for
6910 elems = ieee802_11_parse_elems(
6911 mgmt->u.action.u.ext_chan_switch.variable,
6912 ies_len, true, NULL);
6914 if (elems && !elems->parse_error) {
6915 /* for the handling code pretend it was an IE */
6916 elems->ext_chansw_ie =
6917 &mgmt->u.action.u.ext_chan_switch.data;
6919 ieee80211_sta_process_chanswitch(link,
6921 rx_status->device_timestamp,
6931 static void ieee80211_sta_timer(struct timer_list *t)
6933 struct ieee80211_sub_if_data *sdata =
6934 from_timer(sdata, t, u.mgd.timer);
6936 wiphy_work_queue(sdata->local->hw.wiphy, &sdata->work);
6939 void ieee80211_sta_connection_lost(struct ieee80211_sub_if_data *sdata,
6942 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
6944 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, reason,
6947 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true,
6951 static int ieee80211_auth(struct ieee80211_sub_if_data *sdata)
6953 struct ieee80211_local *local = sdata->local;
6954 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
6955 struct ieee80211_mgd_auth_data *auth_data = ifmgd->auth_data;
6959 struct ieee80211_prep_tx_info info = {
6960 .subtype = IEEE80211_STYPE_AUTH,
6963 lockdep_assert_wiphy(sdata->local->hw.wiphy);
6965 if (WARN_ON_ONCE(!auth_data))
6970 if (auth_data->tries > IEEE80211_AUTH_MAX_TRIES) {
6971 sdata_info(sdata, "authentication with %pM timed out\n",
6972 auth_data->ap_addr);
6975 * Most likely AP is not in the range so remove the
6976 * bss struct for that AP.
6978 cfg80211_unlink_bss(local->hw.wiphy, auth_data->bss);
6983 if (auth_data->algorithm == WLAN_AUTH_SAE)
6984 info.duration = jiffies_to_msecs(IEEE80211_AUTH_TIMEOUT_SAE);
6986 info.link_id = auth_data->link_id;
6987 drv_mgd_prepare_tx(local, sdata, &info);
6989 sdata_info(sdata, "send auth to %pM (try %d/%d)\n",
6990 auth_data->ap_addr, auth_data->tries,
6991 IEEE80211_AUTH_MAX_TRIES);
6993 auth_data->expected_transaction = 2;
6995 if (auth_data->algorithm == WLAN_AUTH_SAE) {
6996 trans = auth_data->sae_trans;
6997 status = auth_data->sae_status;
6998 auth_data->expected_transaction = trans;
7001 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
7002 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
7003 IEEE80211_TX_INTFL_MLME_CONN_TX;
7005 ieee80211_send_auth(sdata, trans, auth_data->algorithm, status,
7006 auth_data->data, auth_data->data_len,
7007 auth_data->ap_addr, auth_data->ap_addr,
7008 NULL, 0, 0, tx_flags);
7010 if (tx_flags == 0) {
7011 if (auth_data->algorithm == WLAN_AUTH_SAE)
7012 auth_data->timeout = jiffies +
7013 IEEE80211_AUTH_TIMEOUT_SAE;
7015 auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
7017 auth_data->timeout =
7018 round_jiffies_up(jiffies + IEEE80211_AUTH_TIMEOUT_LONG);
7021 auth_data->timeout_started = true;
7022 run_again(sdata, auth_data->timeout);
7027 static int ieee80211_do_assoc(struct ieee80211_sub_if_data *sdata)
7029 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data;
7030 struct ieee80211_local *local = sdata->local;
7033 lockdep_assert_wiphy(sdata->local->hw.wiphy);
7035 assoc_data->tries++;
7036 if (assoc_data->tries > IEEE80211_ASSOC_MAX_TRIES) {
7037 sdata_info(sdata, "association with %pM timed out\n",
7038 assoc_data->ap_addr);
7041 * Most likely AP is not in the range so remove the
7042 * bss struct for that AP.
7044 cfg80211_unlink_bss(local->hw.wiphy,
7045 assoc_data->link[assoc_data->assoc_link_id].bss);
7050 sdata_info(sdata, "associate with %pM (try %d/%d)\n",
7051 assoc_data->ap_addr, assoc_data->tries,
7052 IEEE80211_ASSOC_MAX_TRIES);
7053 ret = ieee80211_send_assoc(sdata);
7057 if (!ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) {
7058 assoc_data->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT;
7059 assoc_data->timeout_started = true;
7060 run_again(sdata, assoc_data->timeout);
7062 assoc_data->timeout =
7063 round_jiffies_up(jiffies +
7064 IEEE80211_ASSOC_TIMEOUT_LONG);
7065 assoc_data->timeout_started = true;
7066 run_again(sdata, assoc_data->timeout);
7072 void ieee80211_mgd_conn_tx_status(struct ieee80211_sub_if_data *sdata,
7073 __le16 fc, bool acked)
7075 struct ieee80211_local *local = sdata->local;
7077 sdata->u.mgd.status_fc = fc;
7078 sdata->u.mgd.status_acked = acked;
7079 sdata->u.mgd.status_received = true;
7081 wiphy_work_queue(local->hw.wiphy, &sdata->work);
7084 void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata)
7086 struct ieee80211_local *local = sdata->local;
7087 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
7089 lockdep_assert_wiphy(sdata->local->hw.wiphy);
7091 if (ifmgd->status_received) {
7092 __le16 fc = ifmgd->status_fc;
7093 bool status_acked = ifmgd->status_acked;
7095 ifmgd->status_received = false;
7096 if (ifmgd->auth_data && ieee80211_is_auth(fc)) {
7098 if (ifmgd->auth_data->algorithm ==
7100 ifmgd->auth_data->timeout =
7102 IEEE80211_AUTH_TIMEOUT_SAE;
7104 ifmgd->auth_data->timeout =
7106 IEEE80211_AUTH_TIMEOUT_SHORT;
7107 run_again(sdata, ifmgd->auth_data->timeout);
7109 ifmgd->auth_data->timeout = jiffies - 1;
7111 ifmgd->auth_data->timeout_started = true;
7112 } else if (ifmgd->assoc_data &&
7113 !ifmgd->assoc_data->comeback &&
7114 (ieee80211_is_assoc_req(fc) ||
7115 ieee80211_is_reassoc_req(fc))) {
7117 * Update association timeout based on the TX status
7118 * for the (Re)Association Request frame. Skip this if
7119 * we have already processed a (Re)Association Response
7120 * frame that indicated need for association comeback
7121 * at a specific time in the future. This could happen
7122 * if the TX status information is delayed enough for
7123 * the response to be received and processed first.
7126 ifmgd->assoc_data->timeout =
7127 jiffies + IEEE80211_ASSOC_TIMEOUT_SHORT;
7128 run_again(sdata, ifmgd->assoc_data->timeout);
7130 ifmgd->assoc_data->timeout = jiffies - 1;
7132 ifmgd->assoc_data->timeout_started = true;
7136 if (ifmgd->auth_data && ifmgd->auth_data->timeout_started &&
7137 time_after(jiffies, ifmgd->auth_data->timeout)) {
7138 if (ifmgd->auth_data->done || ifmgd->auth_data->waiting) {
7140 * ok ... we waited for assoc or continuation but
7141 * userspace didn't do it, so kill the auth data
7143 ieee80211_destroy_auth_data(sdata, false);
7144 } else if (ieee80211_auth(sdata)) {
7145 u8 ap_addr[ETH_ALEN];
7146 struct ieee80211_event event = {
7148 .u.mlme.data = AUTH_EVENT,
7149 .u.mlme.status = MLME_TIMEOUT,
7152 memcpy(ap_addr, ifmgd->auth_data->ap_addr, ETH_ALEN);
7154 ieee80211_destroy_auth_data(sdata, false);
7156 cfg80211_auth_timeout(sdata->dev, ap_addr);
7157 drv_event_callback(sdata->local, sdata, &event);
7159 } else if (ifmgd->auth_data && ifmgd->auth_data->timeout_started)
7160 run_again(sdata, ifmgd->auth_data->timeout);
7162 if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started &&
7163 time_after(jiffies, ifmgd->assoc_data->timeout)) {
7164 if ((ifmgd->assoc_data->need_beacon &&
7165 !sdata->deflink.u.mgd.have_beacon) ||
7166 ieee80211_do_assoc(sdata)) {
7167 struct ieee80211_event event = {
7169 .u.mlme.data = ASSOC_EVENT,
7170 .u.mlme.status = MLME_TIMEOUT,
7173 ieee80211_destroy_assoc_data(sdata, ASSOC_TIMEOUT);
7174 drv_event_callback(sdata->local, sdata, &event);
7176 } else if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started)
7177 run_again(sdata, ifmgd->assoc_data->timeout);
7179 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL &&
7180 ifmgd->associated) {
7181 u8 *bssid = sdata->deflink.u.mgd.bssid;
7184 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
7185 max_tries = max_nullfunc_tries;
7187 max_tries = max_probe_tries;
7189 /* ACK received for nullfunc probing frame */
7190 if (!ifmgd->probe_send_count)
7191 ieee80211_reset_ap_probe(sdata);
7192 else if (ifmgd->nullfunc_failed) {
7193 if (ifmgd->probe_send_count < max_tries) {
7195 "No ack for nullfunc frame to AP %pM, try %d/%i\n",
7196 bssid, ifmgd->probe_send_count,
7198 ieee80211_mgd_probe_ap_send(sdata);
7201 "No ack for nullfunc frame to AP %pM, disconnecting.\n",
7203 ieee80211_sta_connection_lost(sdata,
7204 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
7207 } else if (time_is_after_jiffies(ifmgd->probe_timeout))
7208 run_again(sdata, ifmgd->probe_timeout);
7209 else if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) {
7211 "Failed to send nullfunc to AP %pM after %dms, disconnecting\n",
7212 bssid, probe_wait_ms);
7213 ieee80211_sta_connection_lost(sdata,
7214 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false);
7215 } else if (ifmgd->probe_send_count < max_tries) {
7217 "No probe response from AP %pM after %dms, try %d/%i\n",
7218 bssid, probe_wait_ms,
7219 ifmgd->probe_send_count, max_tries);
7220 ieee80211_mgd_probe_ap_send(sdata);
7223 * We actually lost the connection ... or did we?
7227 "No probe response from AP %pM after %dms, disconnecting.\n",
7228 bssid, probe_wait_ms);
7230 ieee80211_sta_connection_lost(sdata,
7231 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false);
7236 static void ieee80211_sta_bcn_mon_timer(struct timer_list *t)
7238 struct ieee80211_sub_if_data *sdata =
7239 from_timer(sdata, t, u.mgd.bcn_mon_timer);
7241 if (WARN_ON(ieee80211_vif_is_mld(&sdata->vif)))
7244 if (sdata->vif.bss_conf.csa_active &&
7245 !sdata->deflink.u.mgd.csa_waiting_bcn)
7248 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER)
7251 sdata->u.mgd.connection_loss = false;
7252 wiphy_work_queue(sdata->local->hw.wiphy,
7253 &sdata->u.mgd.beacon_connection_loss_work);
7256 static void ieee80211_sta_conn_mon_timer(struct timer_list *t)
7258 struct ieee80211_sub_if_data *sdata =
7259 from_timer(sdata, t, u.mgd.conn_mon_timer);
7260 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
7261 struct ieee80211_local *local = sdata->local;
7262 struct sta_info *sta;
7263 unsigned long timeout;
7265 if (WARN_ON(ieee80211_vif_is_mld(&sdata->vif)))
7268 if (sdata->vif.bss_conf.csa_active &&
7269 !sdata->deflink.u.mgd.csa_waiting_bcn)
7272 sta = sta_info_get(sdata, sdata->vif.cfg.ap_addr);
7276 timeout = sta->deflink.status_stats.last_ack;
7277 if (time_before(sta->deflink.status_stats.last_ack, sta->deflink.rx_stats.last_rx))
7278 timeout = sta->deflink.rx_stats.last_rx;
7279 timeout += IEEE80211_CONNECTION_IDLE_TIME;
7281 /* If timeout is after now, then update timer to fire at
7282 * the later date, but do not actually probe at this time.
7284 if (time_is_after_jiffies(timeout)) {
7285 mod_timer(&ifmgd->conn_mon_timer, round_jiffies_up(timeout));
7289 wiphy_work_queue(local->hw.wiphy, &sdata->u.mgd.monitor_work);
7292 static void ieee80211_sta_monitor_work(struct wiphy *wiphy,
7293 struct wiphy_work *work)
7295 struct ieee80211_sub_if_data *sdata =
7296 container_of(work, struct ieee80211_sub_if_data,
7297 u.mgd.monitor_work);
7299 ieee80211_mgd_probe_ap(sdata, false);
7302 static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata)
7304 if (sdata->vif.type == NL80211_IFTYPE_STATION) {
7305 __ieee80211_stop_poll(sdata);
7307 /* let's probe the connection once */
7308 if (!ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
7309 wiphy_work_queue(sdata->local->hw.wiphy,
7310 &sdata->u.mgd.monitor_work);
7315 void ieee80211_mgd_quiesce(struct ieee80211_sub_if_data *sdata)
7317 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
7318 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
7320 lockdep_assert_wiphy(sdata->local->hw.wiphy);
7322 if (ifmgd->auth_data || ifmgd->assoc_data) {
7323 const u8 *ap_addr = ifmgd->auth_data ?
7324 ifmgd->auth_data->ap_addr :
7325 ifmgd->assoc_data->ap_addr;
7328 * If we are trying to authenticate / associate while suspending,
7329 * cfg80211 won't know and won't actually abort those attempts,
7330 * thus we need to do that ourselves.
7332 ieee80211_send_deauth_disassoc(sdata, ap_addr, ap_addr,
7333 IEEE80211_STYPE_DEAUTH,
7334 WLAN_REASON_DEAUTH_LEAVING,
7336 if (ifmgd->assoc_data)
7337 ieee80211_destroy_assoc_data(sdata, ASSOC_ABANDON);
7338 if (ifmgd->auth_data)
7339 ieee80211_destroy_auth_data(sdata, false);
7340 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,
7341 IEEE80211_DEAUTH_FRAME_LEN,
7345 /* This is a bit of a hack - we should find a better and more generic
7346 * solution to this. Normally when suspending, cfg80211 will in fact
7347 * deauthenticate. However, it doesn't (and cannot) stop an ongoing
7348 * auth (not so important) or assoc (this is the problem) process.
7350 * As a consequence, it can happen that we are in the process of both
7351 * associating and suspending, and receive an association response
7352 * after cfg80211 has checked if it needs to disconnect, but before
7353 * we actually set the flag to drop incoming frames. This will then
7354 * cause the workqueue flush to process the association response in
7355 * the suspend, resulting in a successful association just before it
7356 * tries to remove the interface from the driver, which now though
7357 * has a channel context assigned ... this results in issues.
7359 * To work around this (for now) simply deauth here again if we're
7362 if (ifmgd->associated && !sdata->local->wowlan) {
7364 struct cfg80211_deauth_request req = {
7365 .reason_code = WLAN_REASON_DEAUTH_LEAVING,
7369 memcpy(bssid, sdata->vif.cfg.ap_addr, ETH_ALEN);
7370 ieee80211_mgd_deauth(sdata, &req);
7375 void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata)
7377 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
7379 lockdep_assert_wiphy(sdata->local->hw.wiphy);
7381 if (!ifmgd->associated)
7384 if (sdata->flags & IEEE80211_SDATA_DISCONNECT_RESUME) {
7385 sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_RESUME;
7386 mlme_dbg(sdata, "driver requested disconnect after resume\n");
7387 ieee80211_sta_connection_lost(sdata,
7388 WLAN_REASON_UNSPECIFIED,
7393 if (sdata->flags & IEEE80211_SDATA_DISCONNECT_HW_RESTART) {
7394 sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_HW_RESTART;
7395 mlme_dbg(sdata, "driver requested disconnect after hardware restart\n");
7396 ieee80211_sta_connection_lost(sdata,
7397 WLAN_REASON_UNSPECIFIED,
7403 static void ieee80211_request_smps_mgd_work(struct wiphy *wiphy,
7404 struct wiphy_work *work)
7406 struct ieee80211_link_data *link =
7407 container_of(work, struct ieee80211_link_data,
7408 u.mgd.request_smps_work);
7410 __ieee80211_request_smps_mgd(link->sdata, link,
7411 link->u.mgd.driver_smps_mode);
7414 /* interface setup */
7415 void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata)
7417 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
7419 wiphy_work_init(&ifmgd->monitor_work, ieee80211_sta_monitor_work);
7420 wiphy_work_init(&ifmgd->beacon_connection_loss_work,
7421 ieee80211_beacon_connection_loss_work);
7422 wiphy_work_init(&ifmgd->csa_connection_drop_work,
7423 ieee80211_csa_connection_drop_work);
7424 wiphy_delayed_work_init(&ifmgd->tdls_peer_del_work,
7425 ieee80211_tdls_peer_del_work);
7426 wiphy_delayed_work_init(&ifmgd->ml_reconf_work,
7427 ieee80211_ml_reconf_work);
7428 timer_setup(&ifmgd->timer, ieee80211_sta_timer, 0);
7429 timer_setup(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer, 0);
7430 timer_setup(&ifmgd->conn_mon_timer, ieee80211_sta_conn_mon_timer, 0);
7431 wiphy_delayed_work_init(&ifmgd->tx_tspec_wk,
7432 ieee80211_sta_handle_tspec_ac_params_wk);
7433 wiphy_delayed_work_init(&ifmgd->ttlm_work,
7434 ieee80211_tid_to_link_map_work);
7435 wiphy_delayed_work_init(&ifmgd->neg_ttlm_timeout_work,
7436 ieee80211_neg_ttlm_timeout_work);
7439 ifmgd->powersave = sdata->wdev.ps;
7440 ifmgd->uapsd_queues = sdata->local->hw.uapsd_queues;
7441 ifmgd->uapsd_max_sp_len = sdata->local->hw.uapsd_max_sp_len;
7442 /* Setup TDLS data */
7443 spin_lock_init(&ifmgd->teardown_lock);
7444 ifmgd->teardown_skb = NULL;
7445 ifmgd->orig_teardown_skb = NULL;
7446 ifmgd->mcast_seq_last = IEEE80211_SN_MODULO;
7449 static void ieee80211_recalc_smps_work(struct wiphy *wiphy,
7450 struct wiphy_work *work)
7452 struct ieee80211_link_data *link =
7453 container_of(work, struct ieee80211_link_data,
7456 ieee80211_recalc_smps(link->sdata, link);
7459 void ieee80211_mgd_setup_link(struct ieee80211_link_data *link)
7461 struct ieee80211_sub_if_data *sdata = link->sdata;
7462 struct ieee80211_local *local = sdata->local;
7463 unsigned int link_id = link->link_id;
7465 link->u.mgd.p2p_noa_index = -1;
7466 link->conf->bssid = link->u.mgd.bssid;
7467 link->smps_mode = IEEE80211_SMPS_OFF;
7469 wiphy_work_init(&link->u.mgd.request_smps_work,
7470 ieee80211_request_smps_mgd_work);
7471 wiphy_work_init(&link->u.mgd.recalc_smps,
7472 ieee80211_recalc_smps_work);
7473 if (local->hw.wiphy->features & NL80211_FEATURE_DYNAMIC_SMPS)
7474 link->u.mgd.req_smps = IEEE80211_SMPS_AUTOMATIC;
7476 link->u.mgd.req_smps = IEEE80211_SMPS_OFF;
7478 wiphy_delayed_work_init(&link->u.mgd.chswitch_work,
7479 ieee80211_chswitch_work);
7481 if (sdata->u.mgd.assoc_data)
7482 ether_addr_copy(link->conf->addr,
7483 sdata->u.mgd.assoc_data->link[link_id].addr);
7484 else if (!is_valid_ether_addr(link->conf->addr))
7485 eth_random_addr(link->conf->addr);
7488 /* scan finished notification */
7489 void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local)
7491 struct ieee80211_sub_if_data *sdata;
7493 /* Restart STA timers */
7495 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
7496 if (ieee80211_sdata_running(sdata))
7497 ieee80211_restart_sta_timer(sdata);
7502 static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata,
7503 struct cfg80211_bss *cbss, s8 link_id,
7504 const u8 *ap_mld_addr, bool assoc,
7505 struct ieee80211_conn_settings *conn,
7508 struct ieee80211_local *local = sdata->local;
7509 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
7510 struct ieee80211_bss *bss = (void *)cbss->priv;
7511 struct sta_info *new_sta = NULL;
7512 struct ieee80211_link_data *link;
7513 bool have_sta = false;
7519 if (WARN_ON(!ap_mld_addr))
7521 err = ieee80211_vif_set_links(sdata, BIT(link_id), 0);
7523 if (WARN_ON(ap_mld_addr))
7525 ap_mld_addr = cbss->bssid;
7526 err = ieee80211_vif_set_links(sdata, 0, 0);
7534 link = sdata_dereference(sdata->link[link_id], sdata);
7535 if (WARN_ON(!link)) {
7540 if (WARN_ON(!ifmgd->auth_data && !ifmgd->assoc_data)) {
7545 /* If a reconfig is happening, bail out */
7546 if (local->in_reconfig) {
7553 have_sta = sta_info_get(sdata, ap_mld_addr);
7559 new_sta = sta_info_alloc_with_link(sdata, ap_mld_addr,
7560 link_id, cbss->bssid,
7563 new_sta = sta_info_alloc(sdata, ap_mld_addr, GFP_KERNEL);
7570 new_sta->sta.mlo = mlo;
7574 * Set up the information for the new channel before setting the
7575 * new channel. We can't - completely race-free - change the basic
7576 * rates bitmap and the channel (sband) that it refers to, but if
7577 * we set it up before we at least avoid calling into the driver's
7578 * bss_info_changed() method with invalid information (since we do
7579 * call that from changing the channel - only for IDLE and perhaps
7580 * some others, but ...).
7582 * So to avoid that, just set up all the new information before the
7583 * channel, but tell the driver to apply it only afterwards, since
7584 * it might need the new channel for that.
7587 const struct cfg80211_bss_ies *ies;
7588 struct link_sta_info *link_sta;
7591 link_sta = rcu_dereference(new_sta->link[link_id]);
7592 if (WARN_ON(!link_sta)) {
7594 sta_info_free(local, new_sta);
7599 err = ieee80211_mgd_setup_link_sta(link, new_sta,
7603 sta_info_free(local, new_sta);
7607 memcpy(link->u.mgd.bssid, cbss->bssid, ETH_ALEN);
7609 /* set timing information */
7610 link->conf->beacon_int = cbss->beacon_interval;
7611 ies = rcu_dereference(cbss->beacon_ies);
7613 link->conf->sync_tsf = ies->tsf;
7614 link->conf->sync_device_ts =
7615 bss->device_ts_beacon;
7617 ieee80211_get_dtim(ies,
7618 &link->conf->sync_dtim_count,
7620 } else if (!ieee80211_hw_check(&sdata->local->hw,
7621 TIMING_BEACON_ONLY)) {
7622 ies = rcu_dereference(cbss->proberesp_ies);
7623 /* must be non-NULL since beacon IEs were NULL */
7624 link->conf->sync_tsf = ies->tsf;
7625 link->conf->sync_device_ts =
7626 bss->device_ts_presp;
7627 link->conf->sync_dtim_count = 0;
7629 link->conf->sync_tsf = 0;
7630 link->conf->sync_device_ts = 0;
7631 link->conf->sync_dtim_count = 0;
7636 if (new_sta || override) {
7638 * Only set this if we're also going to calculate the AP
7639 * settings etc., otherwise this was set before in a
7640 * previous call. Note override is set to %true in assoc
7641 * if the settings were changed.
7643 link->u.mgd.conn = *conn;
7644 err = ieee80211_prep_channel(sdata, link, link->link_id, cbss,
7645 mlo, &link->u.mgd.conn);
7648 sta_info_free(local, new_sta);
7651 /* pass out for use in assoc */
7652 *conn = link->u.mgd.conn;
7657 * tell driver about BSSID, basic rates and timing
7658 * this was set up above, before setting the channel
7660 ieee80211_link_info_change_notify(sdata, link,
7662 BSS_CHANGED_BASIC_RATES |
7663 BSS_CHANGED_BEACON_INT);
7666 sta_info_pre_move_state(new_sta, IEEE80211_STA_AUTH);
7668 err = sta_info_insert(new_sta);
7672 "failed to insert STA entry for the AP (error %d)\n",
7674 goto out_release_chan;
7677 WARN_ON_ONCE(!ether_addr_equal(link->u.mgd.bssid, cbss->bssid));
7679 /* Cancel scan to ensure that nothing interferes with connection */
7680 if (local->scanning)
7681 ieee80211_scan_cancel(local);
7686 ieee80211_link_release_channel(link);
7688 ieee80211_vif_set_links(sdata, 0, 0);
7692 static bool ieee80211_mgd_csa_present(struct ieee80211_sub_if_data *sdata,
7693 const struct cfg80211_bss_ies *ies,
7694 u8 cur_channel, bool ignore_ecsa)
7696 const struct element *csa_elem, *ecsa_elem;
7697 struct ieee80211_channel_sw_ie *csa = NULL;
7698 struct ieee80211_ext_chansw_ie *ecsa = NULL;
7703 csa_elem = cfg80211_find_elem(WLAN_EID_CHANNEL_SWITCH,
7704 ies->data, ies->len);
7705 if (csa_elem && csa_elem->datalen == sizeof(*csa))
7706 csa = (void *)csa_elem->data;
7708 ecsa_elem = cfg80211_find_elem(WLAN_EID_EXT_CHANSWITCH_ANN,
7709 ies->data, ies->len);
7710 if (ecsa_elem && ecsa_elem->datalen == sizeof(*ecsa))
7711 ecsa = (void *)ecsa_elem->data;
7713 if (csa && csa->count == 0)
7715 if (csa && !csa->mode && csa->new_ch_num == cur_channel)
7718 if (ecsa && ecsa->count == 0)
7720 if (ecsa && !ecsa->mode && ecsa->new_ch_num == cur_channel)
7723 if (ignore_ecsa && ecsa) {
7725 "Ignoring ECSA in probe response - was considered stuck!\n");
7732 static bool ieee80211_mgd_csa_in_process(struct ieee80211_sub_if_data *sdata,
7733 struct cfg80211_bss *bss)
7738 cur_channel = ieee80211_frequency_to_channel(bss->channel->center_freq);
7741 if (ieee80211_mgd_csa_present(sdata,
7742 rcu_dereference(bss->beacon_ies),
7743 cur_channel, false)) {
7748 if (ieee80211_mgd_csa_present(sdata,
7749 rcu_dereference(bss->proberesp_ies),
7750 cur_channel, bss->proberesp_ecsa_stuck)) {
7762 int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata,
7763 struct cfg80211_auth_request *req)
7765 struct ieee80211_local *local = sdata->local;
7766 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
7767 struct ieee80211_mgd_auth_data *auth_data;
7768 struct ieee80211_conn_settings conn;
7769 struct ieee80211_link_data *link;
7770 struct ieee80211_supported_band *sband;
7771 struct ieee80211_bss *bss;
7774 bool cont_auth, wmm_used;
7776 lockdep_assert_wiphy(sdata->local->hw.wiphy);
7778 /* prepare auth data structure */
7780 switch (req->auth_type) {
7781 case NL80211_AUTHTYPE_OPEN_SYSTEM:
7782 auth_alg = WLAN_AUTH_OPEN;
7784 case NL80211_AUTHTYPE_SHARED_KEY:
7787 auth_alg = WLAN_AUTH_SHARED_KEY;
7789 case NL80211_AUTHTYPE_FT:
7790 auth_alg = WLAN_AUTH_FT;
7792 case NL80211_AUTHTYPE_NETWORK_EAP:
7793 auth_alg = WLAN_AUTH_LEAP;
7795 case NL80211_AUTHTYPE_SAE:
7796 auth_alg = WLAN_AUTH_SAE;
7798 case NL80211_AUTHTYPE_FILS_SK:
7799 auth_alg = WLAN_AUTH_FILS_SK;
7801 case NL80211_AUTHTYPE_FILS_SK_PFS:
7802 auth_alg = WLAN_AUTH_FILS_SK_PFS;
7804 case NL80211_AUTHTYPE_FILS_PK:
7805 auth_alg = WLAN_AUTH_FILS_PK;
7811 if (ifmgd->assoc_data)
7814 if (ieee80211_mgd_csa_in_process(sdata, req->bss)) {
7815 sdata_info(sdata, "AP is in CSA process, reject auth\n");
7819 auth_data = kzalloc(sizeof(*auth_data) + req->auth_data_len +
7820 req->ie_len, GFP_KERNEL);
7824 memcpy(auth_data->ap_addr,
7825 req->ap_mld_addr ?: req->bss->bssid,
7827 auth_data->bss = req->bss;
7828 auth_data->link_id = req->link_id;
7830 if (req->auth_data_len >= 4) {
7831 if (req->auth_type == NL80211_AUTHTYPE_SAE) {
7832 __le16 *pos = (__le16 *) req->auth_data;
7834 auth_data->sae_trans = le16_to_cpu(pos[0]);
7835 auth_data->sae_status = le16_to_cpu(pos[1]);
7837 memcpy(auth_data->data, req->auth_data + 4,
7838 req->auth_data_len - 4);
7839 auth_data->data_len += req->auth_data_len - 4;
7842 /* Check if continuing authentication or trying to authenticate with the
7843 * same BSS that we were in the process of authenticating with and avoid
7844 * removal and re-addition of the STA entry in
7845 * ieee80211_prep_connection().
7847 cont_auth = ifmgd->auth_data && req->bss == ifmgd->auth_data->bss &&
7848 ifmgd->auth_data->link_id == req->link_id;
7850 if (req->ie && req->ie_len) {
7851 memcpy(&auth_data->data[auth_data->data_len],
7852 req->ie, req->ie_len);
7853 auth_data->data_len += req->ie_len;
7856 if (req->key && req->key_len) {
7857 auth_data->key_len = req->key_len;
7858 auth_data->key_idx = req->key_idx;
7859 memcpy(auth_data->key, req->key, req->key_len);
7862 auth_data->algorithm = auth_alg;
7864 /* try to authenticate/probe */
7866 if (ifmgd->auth_data) {
7867 if (cont_auth && req->auth_type == NL80211_AUTHTYPE_SAE) {
7868 auth_data->peer_confirmed =
7869 ifmgd->auth_data->peer_confirmed;
7871 ieee80211_destroy_auth_data(sdata, cont_auth);
7874 /* prep auth_data so we don't go into idle on disassoc */
7875 ifmgd->auth_data = auth_data;
7877 /* If this is continuation of an ongoing SAE authentication exchange
7878 * (i.e., request to send SAE Confirm) and the peer has already
7879 * confirmed, mark authentication completed since we are about to send
7882 if (cont_auth && req->auth_type == NL80211_AUTHTYPE_SAE &&
7883 auth_data->peer_confirmed && auth_data->sae_trans == 2)
7884 ieee80211_mark_sta_auth(sdata);
7886 if (ifmgd->associated) {
7887 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
7890 "disconnect from AP %pM for new auth to %pM\n",
7891 sdata->vif.cfg.ap_addr, auth_data->ap_addr);
7892 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
7893 WLAN_REASON_UNSPECIFIED,
7896 ieee80211_report_disconnect(sdata, frame_buf,
7897 sizeof(frame_buf), true,
7898 WLAN_REASON_UNSPECIFIED,
7902 /* needed for transmitting the auth frame(s) properly */
7903 memcpy(sdata->vif.cfg.ap_addr, auth_data->ap_addr, ETH_ALEN);
7905 bss = (void *)req->bss->priv;
7906 wmm_used = bss->wmm_used && (local->hw.queues >= IEEE80211_NUM_ACS);
7908 sband = local->hw.wiphy->bands[req->bss->channel->band];
7910 ieee80211_determine_our_sta_mode_auth(sdata, sband, req, wmm_used,
7913 err = ieee80211_prep_connection(sdata, req->bss, req->link_id,
7914 req->ap_mld_addr, cont_auth,
7919 if (req->link_id >= 0)
7920 link = sdata_dereference(sdata->link[req->link_id], sdata);
7922 link = &sdata->deflink;
7924 if (WARN_ON(!link)) {
7929 sdata_info(sdata, "authenticate with %pM (local address=%pM)\n",
7930 auth_data->ap_addr, link->conf->addr);
7932 err = ieee80211_auth(sdata);
7934 sta_info_destroy_addr(sdata, auth_data->ap_addr);
7938 /* hold our own reference */
7939 cfg80211_ref_bss(local->hw.wiphy, auth_data->bss);
7943 if (!ieee80211_vif_is_mld(&sdata->vif)) {
7944 eth_zero_addr(sdata->deflink.u.mgd.bssid);
7945 ieee80211_link_info_change_notify(sdata, &sdata->deflink,
7947 ieee80211_link_release_channel(&sdata->deflink);
7949 ifmgd->auth_data = NULL;
7955 ieee80211_setup_assoc_link(struct ieee80211_sub_if_data *sdata,
7956 struct ieee80211_mgd_assoc_data *assoc_data,
7957 struct cfg80211_assoc_request *req,
7958 struct ieee80211_conn_settings *conn,
7959 unsigned int link_id)
7961 struct ieee80211_local *local = sdata->local;
7962 const struct cfg80211_bss_ies *bss_ies;
7963 struct ieee80211_supported_band *sband;
7964 struct ieee80211_link_data *link;
7965 struct cfg80211_bss *cbss;
7966 struct ieee80211_bss *bss;
7968 cbss = assoc_data->link[link_id].bss;
7972 bss = (void *)cbss->priv;
7974 sband = local->hw.wiphy->bands[cbss->channel->band];
7975 if (WARN_ON(!sband))
7978 link = sdata_dereference(sdata->link[link_id], sdata);
7982 /* for MLO connections assume advertising all rates is OK */
7983 if (!req->ap_mld_addr) {
7984 assoc_data->supp_rates = bss->supp_rates;
7985 assoc_data->supp_rates_len = bss->supp_rates_len;
7988 /* copy and link elems for the STA profile */
7989 if (req->links[link_id].elems_len) {
7990 memcpy(assoc_data->ie_pos, req->links[link_id].elems,
7991 req->links[link_id].elems_len);
7992 assoc_data->link[link_id].elems = assoc_data->ie_pos;
7993 assoc_data->link[link_id].elems_len = req->links[link_id].elems_len;
7994 assoc_data->ie_pos += req->links[link_id].elems_len;
7997 link->u.mgd.beacon_crc_valid = false;
7998 link->u.mgd.dtim_period = 0;
7999 link->u.mgd.have_beacon = false;
8001 /* override HT configuration only if the AP and we support it */
8002 if (conn->mode >= IEEE80211_CONN_MODE_HT) {
8003 struct ieee80211_sta_ht_cap sta_ht_cap;
8005 memcpy(&sta_ht_cap, &sband->ht_cap, sizeof(sta_ht_cap));
8006 ieee80211_apply_htcap_overrides(sdata, &sta_ht_cap);
8010 bss_ies = rcu_dereference(cbss->beacon_ies);
8014 ieee80211_get_dtim(bss_ies, &dtim_count,
8015 &link->u.mgd.dtim_period);
8017 sdata->deflink.u.mgd.have_beacon = true;
8019 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY)) {
8020 link->conf->sync_tsf = bss_ies->tsf;
8021 link->conf->sync_device_ts = bss->device_ts_beacon;
8022 link->conf->sync_dtim_count = dtim_count;
8025 bss_ies = rcu_dereference(cbss->ies);
8029 const struct element *elem;
8031 elem = cfg80211_find_ext_elem(WLAN_EID_EXT_MULTIPLE_BSSID_CONFIGURATION,
8032 bss_ies->data, bss_ies->len);
8033 if (elem && elem->datalen >= 3)
8034 link->conf->profile_periodicity = elem->data[2];
8036 link->conf->profile_periodicity = 0;
8038 elem = cfg80211_find_elem(WLAN_EID_EXT_CAPABILITY,
8039 bss_ies->data, bss_ies->len);
8040 if (elem && elem->datalen >= 11 &&
8041 (elem->data[10] & WLAN_EXT_CAPA11_EMA_SUPPORT))
8042 link->conf->ema_ap = true;
8044 link->conf->ema_ap = false;
8048 if (bss->corrupt_data) {
8049 char *corrupt_type = "data";
8051 if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_BEACON) {
8052 if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP)
8053 corrupt_type = "beacon and probe response";
8055 corrupt_type = "beacon";
8056 } else if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP) {
8057 corrupt_type = "probe response";
8059 sdata_info(sdata, "associating to AP %pM with corrupt %s\n",
8060 cbss->bssid, corrupt_type);
8063 if (link->u.mgd.req_smps == IEEE80211_SMPS_AUTOMATIC) {
8064 if (sdata->u.mgd.powersave)
8065 link->smps_mode = IEEE80211_SMPS_DYNAMIC;
8067 link->smps_mode = IEEE80211_SMPS_OFF;
8069 link->smps_mode = link->u.mgd.req_smps;
8074 ieee80211_mgd_get_ap_ht_vht_capa(struct ieee80211_sub_if_data *sdata,
8075 struct ieee80211_mgd_assoc_data *assoc_data,
8078 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss;
8079 enum nl80211_band band = cbss->channel->band;
8080 struct ieee80211_supported_band *sband;
8081 const struct element *elem;
8084 /* neither HT nor VHT elements used on 6 GHz */
8085 if (band == NL80211_BAND_6GHZ)
8088 if (assoc_data->link[link_id].conn.mode < IEEE80211_CONN_MODE_HT)
8092 elem = ieee80211_bss_get_elem(cbss, WLAN_EID_HT_OPERATION);
8093 if (!elem || elem->datalen < sizeof(struct ieee80211_ht_operation)) {
8094 mlme_link_id_dbg(sdata, link_id, "no HT operation on BSS %pM\n",
8099 assoc_data->link[link_id].ap_ht_param =
8100 ((struct ieee80211_ht_operation *)(elem->data))->ht_param;
8103 if (assoc_data->link[link_id].conn.mode < IEEE80211_CONN_MODE_VHT)
8106 /* some drivers want to support VHT on 2.4 GHz even */
8107 sband = sdata->local->hw.wiphy->bands[band];
8108 if (!sband->vht_cap.vht_supported)
8112 elem = ieee80211_bss_get_elem(cbss, WLAN_EID_VHT_CAPABILITY);
8113 /* but even then accept it not being present on the AP */
8114 if (!elem && band == NL80211_BAND_2GHZ) {
8118 if (!elem || elem->datalen < sizeof(struct ieee80211_vht_cap)) {
8119 mlme_link_id_dbg(sdata, link_id, "no VHT capa on BSS %pM\n",
8124 memcpy(&assoc_data->link[link_id].ap_vht_cap, elem->data,
8125 sizeof(struct ieee80211_vht_cap));
8134 int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
8135 struct cfg80211_assoc_request *req)
8137 unsigned int assoc_link_id = req->link_id < 0 ? 0 : req->link_id;
8138 struct ieee80211_local *local = sdata->local;
8139 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
8140 struct ieee80211_mgd_assoc_data *assoc_data;
8141 const struct element *ssid_elem;
8142 struct ieee80211_vif_cfg *vif_cfg = &sdata->vif.cfg;
8143 struct ieee80211_link_data *link;
8144 struct cfg80211_bss *cbss;
8145 bool override, uapsd_supported;
8148 size_t size = sizeof(*assoc_data) + req->ie_len;
8150 for (i = 0; i < IEEE80211_MLD_MAX_NUM_LINKS; i++)
8151 size += req->links[i].elems_len;
8153 /* FIXME: no support for 4-addr MLO yet */
8154 if (sdata->u.mgd.use_4addr && req->link_id >= 0)
8157 assoc_data = kzalloc(size, GFP_KERNEL);
8161 cbss = req->link_id < 0 ? req->bss : req->links[req->link_id].bss;
8163 if (ieee80211_mgd_csa_in_process(sdata, cbss)) {
8164 sdata_info(sdata, "AP is in CSA process, reject assoc\n");
8170 ssid_elem = ieee80211_bss_get_elem(cbss, WLAN_EID_SSID);
8171 if (!ssid_elem || ssid_elem->datalen > sizeof(assoc_data->ssid)) {
8177 memcpy(assoc_data->ssid, ssid_elem->data, ssid_elem->datalen);
8178 assoc_data->ssid_len = ssid_elem->datalen;
8181 if (req->ap_mld_addr)
8182 memcpy(assoc_data->ap_addr, req->ap_mld_addr, ETH_ALEN);
8184 memcpy(assoc_data->ap_addr, cbss->bssid, ETH_ALEN);
8186 if (ifmgd->associated) {
8187 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
8190 "disconnect from AP %pM for new assoc to %pM\n",
8191 sdata->vif.cfg.ap_addr, assoc_data->ap_addr);
8192 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
8193 WLAN_REASON_UNSPECIFIED,
8196 ieee80211_report_disconnect(sdata, frame_buf,
8197 sizeof(frame_buf), true,
8198 WLAN_REASON_UNSPECIFIED,
8202 memcpy(&ifmgd->ht_capa, &req->ht_capa, sizeof(ifmgd->ht_capa));
8203 memcpy(&ifmgd->ht_capa_mask, &req->ht_capa_mask,
8204 sizeof(ifmgd->ht_capa_mask));
8206 memcpy(&ifmgd->vht_capa, &req->vht_capa, sizeof(ifmgd->vht_capa));
8207 memcpy(&ifmgd->vht_capa_mask, &req->vht_capa_mask,
8208 sizeof(ifmgd->vht_capa_mask));
8210 memcpy(&ifmgd->s1g_capa, &req->s1g_capa, sizeof(ifmgd->s1g_capa));
8211 memcpy(&ifmgd->s1g_capa_mask, &req->s1g_capa_mask,
8212 sizeof(ifmgd->s1g_capa_mask));
8214 /* keep some setup (AP STA, channel, ...) if matching */
8215 match_auth = ifmgd->auth_data &&
8216 ether_addr_equal(ifmgd->auth_data->ap_addr,
8217 assoc_data->ap_addr) &&
8218 ifmgd->auth_data->link_id == req->link_id;
8220 if (req->ap_mld_addr) {
8221 uapsd_supported = true;
8223 for (i = 0; i < IEEE80211_MLD_MAX_NUM_LINKS; i++) {
8224 struct ieee80211_supported_band *sband;
8225 struct cfg80211_bss *link_cbss = req->links[i].bss;
8226 struct ieee80211_bss *bss;
8231 bss = (void *)link_cbss->priv;
8233 if (!bss->wmm_used) {
8238 if (req->flags & (ASSOC_REQ_DISABLE_HT |
8239 ASSOC_REQ_DISABLE_VHT |
8240 ASSOC_REQ_DISABLE_HE |
8241 ASSOC_REQ_DISABLE_EHT)) {
8246 if (link_cbss->channel->band == NL80211_BAND_S1GHZ) {
8251 link = sdata_dereference(sdata->link[i], sdata);
8253 ether_addr_copy(assoc_data->link[i].addr,
8256 eth_random_addr(assoc_data->link[i].addr);
8257 sband = local->hw.wiphy->bands[link_cbss->channel->band];
8259 if (match_auth && i == assoc_link_id && link)
8260 assoc_data->link[i].conn = link->u.mgd.conn;
8262 assoc_data->link[i].conn =
8263 ieee80211_conn_settings_unlimited;
8264 ieee80211_determine_our_sta_mode_assoc(sdata, sband,
8266 &assoc_data->link[i].conn);
8267 assoc_data->link[i].bss = link_cbss;
8268 assoc_data->link[i].disabled = req->links[i].disabled;
8270 if (!bss->uapsd_supported)
8271 uapsd_supported = false;
8273 if (assoc_data->link[i].conn.mode < IEEE80211_CONN_MODE_EHT) {
8275 req->links[i].error = err;
8279 err = ieee80211_mgd_get_ap_ht_vht_capa(sdata,
8283 req->links[i].error = err;
8288 assoc_data->wmm = true;
8290 struct ieee80211_supported_band *sband;
8291 struct ieee80211_bss *bss = (void *)cbss->priv;
8293 memcpy(assoc_data->link[0].addr, sdata->vif.addr, ETH_ALEN);
8294 assoc_data->s1g = cbss->channel->band == NL80211_BAND_S1GHZ;
8296 assoc_data->wmm = bss->wmm_used &&
8297 (local->hw.queues >= IEEE80211_NUM_ACS);
8299 if (cbss->channel->band == NL80211_BAND_6GHZ &&
8300 req->flags & (ASSOC_REQ_DISABLE_HT |
8301 ASSOC_REQ_DISABLE_VHT |
8302 ASSOC_REQ_DISABLE_HE)) {
8307 sband = local->hw.wiphy->bands[cbss->channel->band];
8309 assoc_data->link[0].bss = cbss;
8312 assoc_data->link[0].conn = sdata->deflink.u.mgd.conn;
8314 assoc_data->link[0].conn =
8315 ieee80211_conn_settings_unlimited;
8316 ieee80211_determine_our_sta_mode_assoc(sdata, sband, req,
8318 &assoc_data->link[0].conn);
8320 uapsd_supported = bss->uapsd_supported;
8322 err = ieee80211_mgd_get_ap_ht_vht_capa(sdata, assoc_data, 0);
8327 assoc_data->spp_amsdu = req->flags & ASSOC_REQ_SPP_AMSDU;
8329 if (ifmgd->auth_data && !ifmgd->auth_data->done) {
8334 if (ifmgd->assoc_data) {
8339 /* Cleanup is delayed if auth_data matches */
8340 if (ifmgd->auth_data && !match_auth)
8341 ieee80211_destroy_auth_data(sdata, false);
8343 if (req->ie && req->ie_len) {
8344 memcpy(assoc_data->ie, req->ie, req->ie_len);
8345 assoc_data->ie_len = req->ie_len;
8346 assoc_data->ie_pos = assoc_data->ie + assoc_data->ie_len;
8348 assoc_data->ie_pos = assoc_data->ie;
8351 if (req->fils_kek) {
8352 /* should already be checked in cfg80211 - so warn */
8353 if (WARN_ON(req->fils_kek_len > FILS_MAX_KEK_LEN)) {
8357 memcpy(assoc_data->fils_kek, req->fils_kek,
8359 assoc_data->fils_kek_len = req->fils_kek_len;
8362 if (req->fils_nonces)
8363 memcpy(assoc_data->fils_nonces, req->fils_nonces,
8364 2 * FILS_NONCE_LEN);
8366 /* default timeout */
8367 assoc_data->timeout = jiffies;
8368 assoc_data->timeout_started = true;
8370 assoc_data->assoc_link_id = assoc_link_id;
8372 if (req->ap_mld_addr) {
8373 /* if there was no authentication, set up the link */
8374 err = ieee80211_vif_set_links(sdata, BIT(assoc_link_id), 0);
8379 link = sdata_dereference(sdata->link[assoc_link_id], sdata);
8380 if (WARN_ON(!link)) {
8385 override = link->u.mgd.conn.mode !=
8386 assoc_data->link[assoc_link_id].conn.mode ||
8387 link->u.mgd.conn.bw_limit !=
8388 assoc_data->link[assoc_link_id].conn.bw_limit;
8389 link->u.mgd.conn = assoc_data->link[assoc_link_id].conn;
8391 ieee80211_setup_assoc_link(sdata, assoc_data, req, &link->u.mgd.conn,
8394 if (WARN((sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_UAPSD) &&
8395 ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK),
8396 "U-APSD not supported with HW_PS_NULLFUNC_STACK\n"))
8397 sdata->vif.driver_flags &= ~IEEE80211_VIF_SUPPORTS_UAPSD;
8399 if (assoc_data->wmm && uapsd_supported &&
8400 (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_UAPSD)) {
8401 assoc_data->uapsd = true;
8402 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED;
8404 assoc_data->uapsd = false;
8405 ifmgd->flags &= ~IEEE80211_STA_UAPSD_ENABLED;
8408 if (req->prev_bssid)
8409 memcpy(assoc_data->prev_ap_addr, req->prev_bssid, ETH_ALEN);
8412 ifmgd->mfp = IEEE80211_MFP_REQUIRED;
8413 ifmgd->flags |= IEEE80211_STA_MFP_ENABLED;
8415 ifmgd->mfp = IEEE80211_MFP_DISABLED;
8416 ifmgd->flags &= ~IEEE80211_STA_MFP_ENABLED;
8419 if (req->flags & ASSOC_REQ_USE_RRM)
8420 ifmgd->flags |= IEEE80211_STA_ENABLE_RRM;
8422 ifmgd->flags &= ~IEEE80211_STA_ENABLE_RRM;
8424 if (req->crypto.control_port)
8425 ifmgd->flags |= IEEE80211_STA_CONTROL_PORT;
8427 ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT;
8429 sdata->control_port_protocol = req->crypto.control_port_ethertype;
8430 sdata->control_port_no_encrypt = req->crypto.control_port_no_encrypt;
8431 sdata->control_port_over_nl80211 =
8432 req->crypto.control_port_over_nl80211;
8433 sdata->control_port_no_preauth = req->crypto.control_port_no_preauth;
8435 /* kick off associate process */
8436 ifmgd->assoc_data = assoc_data;
8438 for (i = 0; i < ARRAY_SIZE(assoc_data->link); i++) {
8439 if (!assoc_data->link[i].bss)
8441 if (i == assoc_data->assoc_link_id)
8443 /* only calculate the mode, hence link == NULL */
8444 err = ieee80211_prep_channel(sdata, NULL, i,
8445 assoc_data->link[i].bss, true,
8446 &assoc_data->link[i].conn);
8448 req->links[i].error = err;
8453 memcpy(vif_cfg->ssid, assoc_data->ssid, assoc_data->ssid_len);
8454 vif_cfg->ssid_len = assoc_data->ssid_len;
8456 /* needed for transmitting the assoc frames properly */
8457 memcpy(sdata->vif.cfg.ap_addr, assoc_data->ap_addr, ETH_ALEN);
8459 err = ieee80211_prep_connection(sdata, cbss, req->link_id,
8460 req->ap_mld_addr, true,
8461 &assoc_data->link[assoc_link_id].conn,
8466 if (ieee80211_hw_check(&sdata->local->hw, NEED_DTIM_BEFORE_ASSOC)) {
8467 const struct cfg80211_bss_ies *beacon_ies;
8470 beacon_ies = rcu_dereference(req->bss->beacon_ies);
8473 * Wait up to one beacon interval ...
8474 * should this be more if we miss one?
8476 sdata_info(sdata, "waiting for beacon from %pM\n",
8478 assoc_data->timeout = TU_TO_EXP_TIME(req->bss->beacon_interval);
8479 assoc_data->timeout_started = true;
8480 assoc_data->need_beacon = true;
8485 run_again(sdata, assoc_data->timeout);
8487 /* We are associating, clean up auth_data */
8488 if (ifmgd->auth_data)
8489 ieee80211_destroy_auth_data(sdata, true);
8493 if (!ifmgd->auth_data) {
8494 eth_zero_addr(sdata->deflink.u.mgd.bssid);
8495 ieee80211_link_info_change_notify(sdata, &sdata->deflink,
8498 ifmgd->assoc_data = NULL;
8504 int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
8505 struct cfg80211_deauth_request *req)
8507 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
8508 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
8509 bool tx = !req->local_state_change;
8510 struct ieee80211_prep_tx_info info = {
8511 .subtype = IEEE80211_STYPE_DEAUTH,
8514 if (ifmgd->auth_data &&
8515 ether_addr_equal(ifmgd->auth_data->ap_addr, req->bssid)) {
8517 "aborting authentication with %pM by local choice (Reason: %u=%s)\n",
8518 req->bssid, req->reason_code,
8519 ieee80211_get_reason_code_string(req->reason_code));
8521 info.link_id = ifmgd->auth_data->link_id;
8522 drv_mgd_prepare_tx(sdata->local, sdata, &info);
8523 ieee80211_send_deauth_disassoc(sdata, req->bssid, req->bssid,
8524 IEEE80211_STYPE_DEAUTH,
8525 req->reason_code, tx,
8527 ieee80211_destroy_auth_data(sdata, false);
8528 ieee80211_report_disconnect(sdata, frame_buf,
8529 sizeof(frame_buf), true,
8530 req->reason_code, false);
8531 drv_mgd_complete_tx(sdata->local, sdata, &info);
8535 if (ifmgd->assoc_data &&
8536 ether_addr_equal(ifmgd->assoc_data->ap_addr, req->bssid)) {
8538 "aborting association with %pM by local choice (Reason: %u=%s)\n",
8539 req->bssid, req->reason_code,
8540 ieee80211_get_reason_code_string(req->reason_code));
8542 info.link_id = ifmgd->assoc_data->assoc_link_id;
8543 drv_mgd_prepare_tx(sdata->local, sdata, &info);
8544 ieee80211_send_deauth_disassoc(sdata, req->bssid, req->bssid,
8545 IEEE80211_STYPE_DEAUTH,
8546 req->reason_code, tx,
8548 ieee80211_destroy_assoc_data(sdata, ASSOC_ABANDON);
8549 ieee80211_report_disconnect(sdata, frame_buf,
8550 sizeof(frame_buf), true,
8551 req->reason_code, false);
8552 drv_mgd_complete_tx(sdata->local, sdata, &info);
8556 if (ifmgd->associated &&
8557 ether_addr_equal(sdata->vif.cfg.ap_addr, req->bssid)) {
8559 "deauthenticating from %pM by local choice (Reason: %u=%s)\n",
8560 req->bssid, req->reason_code,
8561 ieee80211_get_reason_code_string(req->reason_code));
8563 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
8564 req->reason_code, tx, frame_buf);
8565 ieee80211_report_disconnect(sdata, frame_buf,
8566 sizeof(frame_buf), true,
8567 req->reason_code, false);
8568 drv_mgd_complete_tx(sdata->local, sdata, &info);
8575 int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata,
8576 struct cfg80211_disassoc_request *req)
8578 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
8580 if (!sdata->u.mgd.associated ||
8581 memcmp(sdata->vif.cfg.ap_addr, req->ap_addr, ETH_ALEN))
8585 "disassociating from %pM by local choice (Reason: %u=%s)\n",
8586 req->ap_addr, req->reason_code,
8587 ieee80211_get_reason_code_string(req->reason_code));
8589 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DISASSOC,
8590 req->reason_code, !req->local_state_change,
8593 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true,
8594 req->reason_code, false);
8599 void ieee80211_mgd_stop_link(struct ieee80211_link_data *link)
8601 wiphy_work_cancel(link->sdata->local->hw.wiphy,
8602 &link->u.mgd.request_smps_work);
8603 wiphy_work_cancel(link->sdata->local->hw.wiphy,
8604 &link->u.mgd.recalc_smps);
8605 wiphy_delayed_work_cancel(link->sdata->local->hw.wiphy,
8606 &link->u.mgd.chswitch_work);
8609 void ieee80211_mgd_stop(struct ieee80211_sub_if_data *sdata)
8611 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
8614 * Make sure some work items will not run after this,
8615 * they will not do anything but might not have been
8616 * cancelled when disconnecting.
8618 wiphy_work_cancel(sdata->local->hw.wiphy,
8619 &ifmgd->monitor_work);
8620 wiphy_work_cancel(sdata->local->hw.wiphy,
8621 &ifmgd->beacon_connection_loss_work);
8622 wiphy_work_cancel(sdata->local->hw.wiphy,
8623 &ifmgd->csa_connection_drop_work);
8624 wiphy_delayed_work_cancel(sdata->local->hw.wiphy,
8625 &ifmgd->tdls_peer_del_work);
8626 wiphy_delayed_work_cancel(sdata->local->hw.wiphy,
8627 &ifmgd->ml_reconf_work);
8628 wiphy_delayed_work_cancel(sdata->local->hw.wiphy, &ifmgd->ttlm_work);
8629 wiphy_delayed_work_cancel(sdata->local->hw.wiphy,
8630 &ifmgd->neg_ttlm_timeout_work);
8632 if (ifmgd->assoc_data)
8633 ieee80211_destroy_assoc_data(sdata, ASSOC_TIMEOUT);
8634 if (ifmgd->auth_data)
8635 ieee80211_destroy_auth_data(sdata, false);
8636 spin_lock_bh(&ifmgd->teardown_lock);
8637 if (ifmgd->teardown_skb) {
8638 kfree_skb(ifmgd->teardown_skb);
8639 ifmgd->teardown_skb = NULL;
8640 ifmgd->orig_teardown_skb = NULL;
8642 kfree(ifmgd->assoc_req_ies);
8643 ifmgd->assoc_req_ies = NULL;
8644 ifmgd->assoc_req_ies_len = 0;
8645 spin_unlock_bh(&ifmgd->teardown_lock);
8646 del_timer_sync(&ifmgd->timer);
8649 void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif,
8650 enum nl80211_cqm_rssi_threshold_event rssi_event,
8654 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
8656 trace_api_cqm_rssi_notify(sdata, rssi_event, rssi_level);
8658 cfg80211_cqm_rssi_notify(sdata->dev, rssi_event, rssi_level, gfp);
8660 EXPORT_SYMBOL(ieee80211_cqm_rssi_notify);
8662 void ieee80211_cqm_beacon_loss_notify(struct ieee80211_vif *vif, gfp_t gfp)
8664 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
8666 trace_api_cqm_beacon_loss_notify(sdata->local, sdata);
8668 cfg80211_cqm_beacon_loss_notify(sdata->dev, gfp);
8670 EXPORT_SYMBOL(ieee80211_cqm_beacon_loss_notify);
8672 static void _ieee80211_enable_rssi_reports(struct ieee80211_sub_if_data *sdata,
8676 trace_api_enable_rssi_reports(sdata, rssi_min_thold, rssi_max_thold);
8678 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
8682 * Scale up threshold values before storing it, as the RSSI averaging
8683 * algorithm uses a scaled up value as well. Change this scaling
8684 * factor if the RSSI averaging algorithm changes.
8686 sdata->u.mgd.rssi_min_thold = rssi_min_thold*16;
8687 sdata->u.mgd.rssi_max_thold = rssi_max_thold*16;
8690 void ieee80211_enable_rssi_reports(struct ieee80211_vif *vif,
8694 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
8696 WARN_ON(rssi_min_thold == rssi_max_thold ||
8697 rssi_min_thold > rssi_max_thold);
8699 _ieee80211_enable_rssi_reports(sdata, rssi_min_thold,
8702 EXPORT_SYMBOL(ieee80211_enable_rssi_reports);
8704 void ieee80211_disable_rssi_reports(struct ieee80211_vif *vif)
8706 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
8708 _ieee80211_enable_rssi_reports(sdata, 0, 0);
8710 EXPORT_SYMBOL(ieee80211_disable_rssi_reports);