2 * BSS client mode implementation
3 * Copyright 2003-2008, Jouni Malinen <j@w1.fi>
4 * Copyright 2004, Instant802 Networks, Inc.
5 * Copyright 2005, Devicescape Software, Inc.
6 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
7 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
8 * Copyright 2013-2014 Intel Mobile Communications GmbH
9 * Copyright (C) 2015 - 2016 Intel Deutschland GmbH
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License version 2 as
13 * published by the Free Software Foundation.
16 #include <linux/delay.h>
17 #include <linux/if_ether.h>
18 #include <linux/skbuff.h>
19 #include <linux/if_arp.h>
20 #include <linux/etherdevice.h>
21 #include <linux/moduleparam.h>
22 #include <linux/rtnetlink.h>
23 #include <linux/crc32.h>
24 #include <linux/slab.h>
25 #include <linux/export.h>
26 #include <net/mac80211.h>
27 #include <asm/unaligned.h>
29 #include "ieee80211_i.h"
30 #include "driver-ops.h"
34 #define IEEE80211_AUTH_TIMEOUT (HZ / 5)
35 #define IEEE80211_AUTH_TIMEOUT_LONG (HZ / 2)
36 #define IEEE80211_AUTH_TIMEOUT_SHORT (HZ / 10)
37 #define IEEE80211_AUTH_MAX_TRIES 3
38 #define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5)
39 #define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
40 #define IEEE80211_ASSOC_TIMEOUT_LONG (HZ / 2)
41 #define IEEE80211_ASSOC_TIMEOUT_SHORT (HZ / 10)
42 #define IEEE80211_ASSOC_MAX_TRIES 3
44 static int max_nullfunc_tries = 2;
45 module_param(max_nullfunc_tries, int, 0644);
46 MODULE_PARM_DESC(max_nullfunc_tries,
47 "Maximum nullfunc tx tries before disconnecting (reason 4).");
49 static int max_probe_tries = 5;
50 module_param(max_probe_tries, int, 0644);
51 MODULE_PARM_DESC(max_probe_tries,
52 "Maximum probe tries before disconnecting (reason 4).");
55 * Beacon loss timeout is calculated as N frames times the
56 * advertised beacon interval. This may need to be somewhat
57 * higher than what hardware might detect to account for
58 * delays in the host processing frames. But since we also
59 * probe on beacon miss before declaring the connection lost
60 * default to what we want.
62 static int beacon_loss_count = 7;
63 module_param(beacon_loss_count, int, 0644);
64 MODULE_PARM_DESC(beacon_loss_count,
65 "Number of beacon intervals before we decide beacon was lost.");
68 * Time the connection can be idle before we probe
69 * it to see if we can still talk to the AP.
71 #define IEEE80211_CONNECTION_IDLE_TIME (30 * HZ)
73 * Time we wait for a probe response after sending
74 * a probe request because of beacon loss or for
75 * checking the connection still works.
77 static int probe_wait_ms = 500;
78 module_param(probe_wait_ms, int, 0644);
79 MODULE_PARM_DESC(probe_wait_ms,
80 "Maximum time(ms) to wait for probe response"
81 " before disconnecting (reason 4).");
84 * How many Beacon frames need to have been used in average signal strength
85 * before starting to indicate signal change events.
87 #define IEEE80211_SIGNAL_AVE_MIN_COUNT 4
90 * We can have multiple work items (and connection probing)
91 * scheduling this timer, but we need to take care to only
92 * reschedule it when it should fire _earlier_ than it was
93 * asked for before, or if it's not pending right now. This
94 * function ensures that. Note that it then is required to
95 * run this function for all timeouts after the first one
96 * has happened -- the work that runs from this timer will
99 static void run_again(struct ieee80211_sub_if_data *sdata,
100 unsigned long timeout)
102 sdata_assert_lock(sdata);
104 if (!timer_pending(&sdata->u.mgd.timer) ||
105 time_before(timeout, sdata->u.mgd.timer.expires))
106 mod_timer(&sdata->u.mgd.timer, timeout);
109 void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata)
111 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER)
114 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
117 mod_timer(&sdata->u.mgd.bcn_mon_timer,
118 round_jiffies_up(jiffies + sdata->u.mgd.beacon_timeout));
121 void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata)
123 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
125 if (unlikely(!ifmgd->associated))
128 if (ifmgd->probe_send_count)
129 ifmgd->probe_send_count = 0;
131 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
134 mod_timer(&ifmgd->conn_mon_timer,
135 round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME));
138 static int ecw2cw(int ecw)
140 return (1 << ecw) - 1;
144 ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata,
145 struct ieee80211_supported_band *sband,
146 struct ieee80211_channel *channel,
147 const struct ieee80211_ht_cap *ht_cap,
148 const struct ieee80211_ht_operation *ht_oper,
149 const struct ieee80211_vht_operation *vht_oper,
150 struct cfg80211_chan_def *chandef, bool tracking)
152 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
153 struct cfg80211_chan_def vht_chandef;
154 struct ieee80211_sta_ht_cap sta_ht_cap;
157 memcpy(&sta_ht_cap, &sband->ht_cap, sizeof(sta_ht_cap));
158 ieee80211_apply_htcap_overrides(sdata, &sta_ht_cap);
160 chandef->chan = channel;
161 chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
162 chandef->center_freq1 = channel->center_freq;
163 chandef->center_freq2 = 0;
165 if (!ht_cap || !ht_oper || !sta_ht_cap.ht_supported) {
166 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT;
170 chandef->width = NL80211_CHAN_WIDTH_20;
172 if (!(ht_cap->cap_info &
173 cpu_to_le16(IEEE80211_HT_CAP_SUP_WIDTH_20_40))) {
174 ret = IEEE80211_STA_DISABLE_40MHZ;
175 vht_chandef = *chandef;
179 ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan,
181 /* check that channel matches the right operating channel */
182 if (!tracking && channel->center_freq != ht_cfreq) {
184 * It's possible that some APs are confused here;
185 * Netgear WNDR3700 sometimes reports 4 higher than
186 * the actual channel in association responses, but
187 * since we look at probe response/beacon data here
191 "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n",
192 channel->center_freq, ht_cfreq,
193 ht_oper->primary_chan, channel->band);
194 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT;
198 /* check 40 MHz support, if we have it */
199 if (sta_ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) {
200 ieee80211_chandef_ht_oper(ht_oper, chandef);
202 /* 40 MHz (and 80 MHz) must be supported for VHT */
203 ret = IEEE80211_STA_DISABLE_VHT;
204 /* also mark 40 MHz disabled */
205 ret |= IEEE80211_STA_DISABLE_40MHZ;
209 if (!vht_oper || !sband->vht_cap.vht_supported) {
210 ret = IEEE80211_STA_DISABLE_VHT;
214 vht_chandef = *chandef;
215 if (!ieee80211_chandef_vht_oper(vht_oper, &vht_chandef)) {
216 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
218 "AP VHT information is invalid, disable VHT\n");
219 ret = IEEE80211_STA_DISABLE_VHT;
223 if (!cfg80211_chandef_valid(&vht_chandef)) {
224 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
226 "AP VHT information is invalid, disable VHT\n");
227 ret = IEEE80211_STA_DISABLE_VHT;
231 if (cfg80211_chandef_identical(chandef, &vht_chandef)) {
236 if (!cfg80211_chandef_compatible(chandef, &vht_chandef)) {
237 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
239 "AP VHT information doesn't match HT, disable VHT\n");
240 ret = IEEE80211_STA_DISABLE_VHT;
244 *chandef = vht_chandef;
250 * When tracking the current AP, don't do any further checks if the
251 * new chandef is identical to the one we're currently using for the
252 * connection. This keeps us from playing ping-pong with regulatory,
253 * without it the following can happen (for example):
254 * - connect to an AP with 80 MHz, world regdom allows 80 MHz
255 * - AP advertises regdom US
256 * - CRDA loads regdom US with 80 MHz prohibited (old database)
257 * - the code below detects an unsupported channel, downgrades, and
258 * we disconnect from the AP in the caller
259 * - disconnect causes CRDA to reload world regdomain and the game
261 * (see https://bugzilla.kernel.org/show_bug.cgi?id=70881)
263 * It seems possible that there are still scenarios with CSA or real
264 * bandwidth changes where a this could happen, but those cases are
265 * less common and wouldn't completely prevent using the AP.
268 cfg80211_chandef_identical(chandef, &sdata->vif.bss_conf.chandef))
271 /* don't print the message below for VHT mismatch if VHT is disabled */
272 if (ret & IEEE80211_STA_DISABLE_VHT)
273 vht_chandef = *chandef;
276 * Ignore the DISABLED flag when we're already connected and only
277 * tracking the APs beacon for bandwidth changes - otherwise we
278 * might get disconnected here if we connect to an AP, update our
279 * regulatory information based on the AP's country IE and the
280 * information we have is wrong/outdated and disables the channel
281 * that we're actually using for the connection to the AP.
283 while (!cfg80211_chandef_usable(sdata->local->hw.wiphy, chandef,
285 IEEE80211_CHAN_DISABLED)) {
286 if (WARN_ON(chandef->width == NL80211_CHAN_WIDTH_20_NOHT)) {
287 ret = IEEE80211_STA_DISABLE_HT |
288 IEEE80211_STA_DISABLE_VHT;
292 ret |= ieee80211_chandef_downgrade(chandef);
295 if (chandef->width != vht_chandef.width && !tracking)
297 "capabilities/regulatory prevented using AP HT/VHT configuration, downgraded\n");
299 WARN_ON_ONCE(!cfg80211_chandef_valid(chandef));
303 static int ieee80211_config_bw(struct ieee80211_sub_if_data *sdata,
304 struct sta_info *sta,
305 const struct ieee80211_ht_cap *ht_cap,
306 const struct ieee80211_ht_operation *ht_oper,
307 const struct ieee80211_vht_operation *vht_oper,
308 const u8 *bssid, u32 *changed)
310 struct ieee80211_local *local = sdata->local;
311 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
312 struct ieee80211_supported_band *sband;
313 struct ieee80211_channel *chan;
314 struct cfg80211_chan_def chandef;
317 enum ieee80211_sta_rx_bandwidth new_sta_bw;
320 /* if HT was/is disabled, don't track any bandwidth changes */
321 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT || !ht_oper)
324 /* don't check VHT if we associated as non-VHT station */
325 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT)
328 if (WARN_ON_ONCE(!sta))
332 * if bss configuration changed store the new one -
333 * this may be applicable even if channel is identical
335 ht_opmode = le16_to_cpu(ht_oper->operation_mode);
336 if (sdata->vif.bss_conf.ht_operation_mode != ht_opmode) {
337 *changed |= BSS_CHANGED_HT;
338 sdata->vif.bss_conf.ht_operation_mode = ht_opmode;
341 chan = sdata->vif.bss_conf.chandef.chan;
342 sband = local->hw.wiphy->bands[chan->band];
344 /* calculate new channel (type) based on HT/VHT operation IEs */
345 flags = ieee80211_determine_chantype(sdata, sband, chan,
346 ht_cap, ht_oper, vht_oper,
350 * Downgrade the new channel if we associated with restricted
351 * capabilities. For example, if we associated as a 20 MHz STA
352 * to a 40 MHz AP (due to regulatory, capabilities or config
353 * reasons) then switching to a 40 MHz channel now won't do us
354 * any good -- we couldn't use it with the AP.
356 if (ifmgd->flags & IEEE80211_STA_DISABLE_80P80MHZ &&
357 chandef.width == NL80211_CHAN_WIDTH_80P80)
358 flags |= ieee80211_chandef_downgrade(&chandef);
359 if (ifmgd->flags & IEEE80211_STA_DISABLE_160MHZ &&
360 chandef.width == NL80211_CHAN_WIDTH_160)
361 flags |= ieee80211_chandef_downgrade(&chandef);
362 if (ifmgd->flags & IEEE80211_STA_DISABLE_40MHZ &&
363 chandef.width > NL80211_CHAN_WIDTH_20)
364 flags |= ieee80211_chandef_downgrade(&chandef);
366 if (cfg80211_chandef_identical(&chandef, &sdata->vif.bss_conf.chandef))
370 "AP %pM changed bandwidth, new config is %d MHz, width %d (%d/%d MHz)\n",
371 ifmgd->bssid, chandef.chan->center_freq, chandef.width,
372 chandef.center_freq1, chandef.center_freq2);
374 if (flags != (ifmgd->flags & (IEEE80211_STA_DISABLE_HT |
375 IEEE80211_STA_DISABLE_VHT |
376 IEEE80211_STA_DISABLE_40MHZ |
377 IEEE80211_STA_DISABLE_80P80MHZ |
378 IEEE80211_STA_DISABLE_160MHZ)) ||
379 !cfg80211_chandef_valid(&chandef)) {
381 "AP %pM changed bandwidth in a way we can't support - disconnect\n",
386 switch (chandef.width) {
387 case NL80211_CHAN_WIDTH_20_NOHT:
388 case NL80211_CHAN_WIDTH_20:
389 new_sta_bw = IEEE80211_STA_RX_BW_20;
391 case NL80211_CHAN_WIDTH_40:
392 new_sta_bw = IEEE80211_STA_RX_BW_40;
394 case NL80211_CHAN_WIDTH_80:
395 new_sta_bw = IEEE80211_STA_RX_BW_80;
397 case NL80211_CHAN_WIDTH_80P80:
398 case NL80211_CHAN_WIDTH_160:
399 new_sta_bw = IEEE80211_STA_RX_BW_160;
405 if (new_sta_bw > sta->cur_max_bandwidth)
406 new_sta_bw = sta->cur_max_bandwidth;
408 if (new_sta_bw < sta->sta.bandwidth) {
409 sta->sta.bandwidth = new_sta_bw;
410 rate_control_rate_update(local, sband, sta,
411 IEEE80211_RC_BW_CHANGED);
414 ret = ieee80211_vif_change_bandwidth(sdata, &chandef, changed);
417 "AP %pM changed bandwidth to incompatible one - disconnect\n",
422 if (new_sta_bw > sta->sta.bandwidth) {
423 sta->sta.bandwidth = new_sta_bw;
424 rate_control_rate_update(local, sband, sta,
425 IEEE80211_RC_BW_CHANGED);
431 /* frame sending functions */
433 static void ieee80211_add_ht_ie(struct ieee80211_sub_if_data *sdata,
434 struct sk_buff *skb, u8 ap_ht_param,
435 struct ieee80211_supported_band *sband,
436 struct ieee80211_channel *channel,
437 enum ieee80211_smps_mode smps)
440 u32 flags = channel->flags;
442 struct ieee80211_sta_ht_cap ht_cap;
444 BUILD_BUG_ON(sizeof(ht_cap) != sizeof(sband->ht_cap));
446 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap));
447 ieee80211_apply_htcap_overrides(sdata, &ht_cap);
449 /* determine capability flags */
452 switch (ap_ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
453 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
454 if (flags & IEEE80211_CHAN_NO_HT40PLUS) {
455 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
456 cap &= ~IEEE80211_HT_CAP_SGI_40;
459 case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
460 if (flags & IEEE80211_CHAN_NO_HT40MINUS) {
461 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
462 cap &= ~IEEE80211_HT_CAP_SGI_40;
468 * If 40 MHz was disabled associate as though we weren't
469 * capable of 40 MHz -- some broken APs will never fall
470 * back to trying to transmit in 20 MHz.
472 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_40MHZ) {
473 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
474 cap &= ~IEEE80211_HT_CAP_SGI_40;
477 /* set SM PS mode properly */
478 cap &= ~IEEE80211_HT_CAP_SM_PS;
480 case IEEE80211_SMPS_AUTOMATIC:
481 case IEEE80211_SMPS_NUM_MODES:
483 case IEEE80211_SMPS_OFF:
484 cap |= WLAN_HT_CAP_SM_PS_DISABLED <<
485 IEEE80211_HT_CAP_SM_PS_SHIFT;
487 case IEEE80211_SMPS_STATIC:
488 cap |= WLAN_HT_CAP_SM_PS_STATIC <<
489 IEEE80211_HT_CAP_SM_PS_SHIFT;
491 case IEEE80211_SMPS_DYNAMIC:
492 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC <<
493 IEEE80211_HT_CAP_SM_PS_SHIFT;
497 /* reserve and fill IE */
498 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2);
499 ieee80211_ie_build_ht_cap(pos, &ht_cap, cap);
502 /* This function determines vht capability flags for the association
504 * Note - the function may set the owner of the MU-MIMO capability
506 static void ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata,
508 struct ieee80211_supported_band *sband,
509 struct ieee80211_vht_cap *ap_vht_cap)
511 struct ieee80211_local *local = sdata->local;
514 struct ieee80211_sta_vht_cap vht_cap;
515 u32 mask, ap_bf_sts, our_bf_sts;
517 BUILD_BUG_ON(sizeof(vht_cap) != sizeof(sband->vht_cap));
519 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap));
520 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap);
522 /* determine capability flags */
525 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_80P80MHZ) {
526 u32 bw = cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK;
528 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK;
529 if (bw == IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ ||
530 bw == IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ)
531 cap |= IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
534 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_160MHZ) {
535 cap &= ~IEEE80211_VHT_CAP_SHORT_GI_160;
536 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK;
540 * Some APs apparently get confused if our capabilities are better
541 * than theirs, so restrict what we advertise in the assoc request.
543 if (!(ap_vht_cap->vht_cap_info &
544 cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)))
545 cap &= ~(IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
546 IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE);
547 else if (!(ap_vht_cap->vht_cap_info &
548 cpu_to_le32(IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)))
549 cap &= ~IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE;
552 * If some other vif is using the MU-MIMO capablity we cannot associate
553 * using MU-MIMO - this will lead to contradictions in the group-id
555 * Ownership is defined since association request, in order to avoid
556 * simultaneous associations with MU-MIMO.
558 if (cap & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE) {
559 bool disable_mu_mimo = false;
560 struct ieee80211_sub_if_data *other;
562 list_for_each_entry_rcu(other, &local->interfaces, list) {
563 if (other->vif.mu_mimo_owner) {
564 disable_mu_mimo = true;
569 cap &= ~IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE;
571 sdata->vif.mu_mimo_owner = true;
574 mask = IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK;
576 ap_bf_sts = le32_to_cpu(ap_vht_cap->vht_cap_info) & mask;
577 our_bf_sts = cap & mask;
579 if (ap_bf_sts < our_bf_sts) {
584 /* reserve and fill IE */
585 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2);
586 ieee80211_ie_build_vht_cap(pos, &vht_cap, cap);
589 static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata)
591 struct ieee80211_local *local = sdata->local;
592 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
593 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
595 struct ieee80211_mgmt *mgmt;
597 size_t offset = 0, noffset;
598 int i, count, rates_len, supp_rates_len, shift;
600 struct ieee80211_supported_band *sband;
601 struct ieee80211_chanctx_conf *chanctx_conf;
602 struct ieee80211_channel *chan;
603 u32 rate_flags, rates = 0;
605 sdata_assert_lock(sdata);
608 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
609 if (WARN_ON(!chanctx_conf)) {
613 chan = chanctx_conf->def.chan;
614 rate_flags = ieee80211_chandef_rate_flags(&chanctx_conf->def);
616 sband = local->hw.wiphy->bands[chan->band];
617 shift = ieee80211_vif_get_shift(&sdata->vif);
619 if (assoc_data->supp_rates_len) {
621 * Get all rates supported by the device and the AP as
622 * some APs don't like getting a superset of their rates
623 * in the association request (e.g. D-Link DAP 1353 in
626 rates_len = ieee80211_parse_bitrates(&chanctx_conf->def, sband,
627 assoc_data->supp_rates,
628 assoc_data->supp_rates_len,
632 * In case AP not provide any supported rates information
633 * before association, we send information element(s) with
634 * all rates that we support.
637 for (i = 0; i < sband->n_bitrates; i++) {
638 if ((rate_flags & sband->bitrates[i].flags)
646 skb = alloc_skb(local->hw.extra_tx_headroom +
647 sizeof(*mgmt) + /* bit too much but doesn't matter */
648 2 + assoc_data->ssid_len + /* SSID */
649 4 + rates_len + /* (extended) rates */
650 4 + /* power capability */
651 2 + 2 * sband->n_channels + /* supported channels */
652 2 + sizeof(struct ieee80211_ht_cap) + /* HT */
653 2 + sizeof(struct ieee80211_vht_cap) + /* VHT */
654 assoc_data->ie_len + /* extra IEs */
660 skb_reserve(skb, local->hw.extra_tx_headroom);
662 capab = WLAN_CAPABILITY_ESS;
664 if (sband->band == NL80211_BAND_2GHZ) {
665 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
666 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
669 if (assoc_data->capability & WLAN_CAPABILITY_PRIVACY)
670 capab |= WLAN_CAPABILITY_PRIVACY;
672 if ((assoc_data->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) &&
673 ieee80211_hw_check(&local->hw, SPECTRUM_MGMT))
674 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;
676 if (ifmgd->flags & IEEE80211_STA_ENABLE_RRM)
677 capab |= WLAN_CAPABILITY_RADIO_MEASURE;
679 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
681 memcpy(mgmt->da, assoc_data->bss->bssid, ETH_ALEN);
682 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
683 memcpy(mgmt->bssid, assoc_data->bss->bssid, ETH_ALEN);
685 if (!is_zero_ether_addr(assoc_data->prev_bssid)) {
687 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
688 IEEE80211_STYPE_REASSOC_REQ);
689 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab);
690 mgmt->u.reassoc_req.listen_interval =
691 cpu_to_le16(local->hw.conf.listen_interval);
692 memcpy(mgmt->u.reassoc_req.current_ap, assoc_data->prev_bssid,
696 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
697 IEEE80211_STYPE_ASSOC_REQ);
698 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab);
699 mgmt->u.assoc_req.listen_interval =
700 cpu_to_le16(local->hw.conf.listen_interval);
704 pos = skb_put(skb, 2 + assoc_data->ssid_len);
705 *pos++ = WLAN_EID_SSID;
706 *pos++ = assoc_data->ssid_len;
707 memcpy(pos, assoc_data->ssid, assoc_data->ssid_len);
709 /* add all rates which were marked to be used above */
710 supp_rates_len = rates_len;
711 if (supp_rates_len > 8)
714 pos = skb_put(skb, supp_rates_len + 2);
715 *pos++ = WLAN_EID_SUPP_RATES;
716 *pos++ = supp_rates_len;
719 for (i = 0; i < sband->n_bitrates; i++) {
720 if (BIT(i) & rates) {
721 int rate = DIV_ROUND_UP(sband->bitrates[i].bitrate,
729 if (rates_len > count) {
730 pos = skb_put(skb, rates_len - count + 2);
731 *pos++ = WLAN_EID_EXT_SUPP_RATES;
732 *pos++ = rates_len - count;
734 for (i++; i < sband->n_bitrates; i++) {
735 if (BIT(i) & rates) {
737 rate = DIV_ROUND_UP(sband->bitrates[i].bitrate,
744 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT ||
745 capab & WLAN_CAPABILITY_RADIO_MEASURE) {
746 pos = skb_put(skb, 4);
747 *pos++ = WLAN_EID_PWR_CAPABILITY;
749 *pos++ = 0; /* min tx power */
751 *pos++ = ieee80211_chandef_max_power(&chanctx_conf->def);
754 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) {
755 /* TODO: get this in reg domain format */
756 pos = skb_put(skb, 2 * sband->n_channels + 2);
757 *pos++ = WLAN_EID_SUPPORTED_CHANNELS;
758 *pos++ = 2 * sband->n_channels;
759 for (i = 0; i < sband->n_channels; i++) {
760 *pos++ = ieee80211_frequency_to_channel(
761 sband->channels[i].center_freq);
762 *pos++ = 1; /* one channel in the subband*/
766 /* if present, add any custom IEs that go before HT */
767 if (assoc_data->ie_len) {
768 static const u8 before_ht[] = {
771 WLAN_EID_EXT_SUPP_RATES,
772 WLAN_EID_PWR_CAPABILITY,
773 WLAN_EID_SUPPORTED_CHANNELS,
776 WLAN_EID_RRM_ENABLED_CAPABILITIES,
777 WLAN_EID_MOBILITY_DOMAIN,
778 WLAN_EID_FAST_BSS_TRANSITION, /* reassoc only */
779 WLAN_EID_RIC_DATA, /* reassoc only */
780 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
782 static const u8 after_ric[] = {
783 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
784 WLAN_EID_HT_CAPABILITY,
785 WLAN_EID_BSS_COEX_2040,
786 WLAN_EID_EXT_CAPABILITY,
787 WLAN_EID_QOS_TRAFFIC_CAPA,
788 WLAN_EID_TIM_BCAST_REQ,
789 WLAN_EID_INTERWORKING,
790 /* 60GHz doesn't happen right now */
791 WLAN_EID_VHT_CAPABILITY,
792 WLAN_EID_OPMODE_NOTIF,
795 noffset = ieee80211_ie_split_ric(assoc_data->ie,
798 ARRAY_SIZE(before_ht),
800 ARRAY_SIZE(after_ric),
802 pos = skb_put(skb, noffset - offset);
803 memcpy(pos, assoc_data->ie + offset, noffset - offset);
807 if (WARN_ON_ONCE((ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
808 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)))
809 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
811 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT))
812 ieee80211_add_ht_ie(sdata, skb, assoc_data->ap_ht_param,
813 sband, chan, sdata->smps_mode);
815 /* if present, add any custom IEs that go before VHT */
816 if (assoc_data->ie_len) {
817 static const u8 before_vht[] = {
820 WLAN_EID_EXT_SUPP_RATES,
821 WLAN_EID_PWR_CAPABILITY,
822 WLAN_EID_SUPPORTED_CHANNELS,
825 WLAN_EID_RRM_ENABLED_CAPABILITIES,
826 WLAN_EID_MOBILITY_DOMAIN,
827 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
828 WLAN_EID_HT_CAPABILITY,
829 WLAN_EID_BSS_COEX_2040,
830 WLAN_EID_EXT_CAPABILITY,
831 WLAN_EID_QOS_TRAFFIC_CAPA,
832 WLAN_EID_TIM_BCAST_REQ,
833 WLAN_EID_INTERWORKING,
836 /* RIC already taken above, so no need to handle here anymore */
837 noffset = ieee80211_ie_split(assoc_data->ie, assoc_data->ie_len,
838 before_vht, ARRAY_SIZE(before_vht),
840 pos = skb_put(skb, noffset - offset);
841 memcpy(pos, assoc_data->ie + offset, noffset - offset);
845 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
846 ieee80211_add_vht_ie(sdata, skb, sband,
847 &assoc_data->ap_vht_cap);
849 /* if present, add any custom non-vendor IEs that go after HT */
850 if (assoc_data->ie_len) {
851 noffset = ieee80211_ie_split_vendor(assoc_data->ie,
854 pos = skb_put(skb, noffset - offset);
855 memcpy(pos, assoc_data->ie + offset, noffset - offset);
859 if (assoc_data->wmm) {
860 if (assoc_data->uapsd) {
861 qos_info = ifmgd->uapsd_queues;
862 qos_info |= (ifmgd->uapsd_max_sp_len <<
863 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT);
868 pos = ieee80211_add_wmm_info_ie(skb_put(skb, 9), qos_info);
871 /* add any remaining custom (i.e. vendor specific here) IEs */
872 if (assoc_data->ie_len) {
873 noffset = assoc_data->ie_len;
874 pos = skb_put(skb, noffset - offset);
875 memcpy(pos, assoc_data->ie + offset, noffset - offset);
878 drv_mgd_prepare_tx(local, sdata);
880 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
881 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
882 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS |
883 IEEE80211_TX_INTFL_MLME_CONN_TX;
884 ieee80211_tx_skb(sdata, skb);
887 void ieee80211_send_pspoll(struct ieee80211_local *local,
888 struct ieee80211_sub_if_data *sdata)
890 struct ieee80211_pspoll *pspoll;
893 skb = ieee80211_pspoll_get(&local->hw, &sdata->vif);
897 pspoll = (struct ieee80211_pspoll *) skb->data;
898 pspoll->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
900 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
901 ieee80211_tx_skb(sdata, skb);
904 void ieee80211_send_nullfunc(struct ieee80211_local *local,
905 struct ieee80211_sub_if_data *sdata,
909 struct ieee80211_hdr_3addr *nullfunc;
910 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
912 skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif);
916 nullfunc = (struct ieee80211_hdr_3addr *) skb->data;
918 nullfunc->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
920 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT |
921 IEEE80211_TX_INTFL_OFFCHAN_TX_OK;
923 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
924 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
926 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL)
927 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE;
929 ieee80211_tx_skb(sdata, skb);
932 static void ieee80211_send_4addr_nullfunc(struct ieee80211_local *local,
933 struct ieee80211_sub_if_data *sdata)
936 struct ieee80211_hdr *nullfunc;
939 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
942 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30);
946 skb_reserve(skb, local->hw.extra_tx_headroom);
948 nullfunc = (struct ieee80211_hdr *) skb_put(skb, 30);
949 memset(nullfunc, 0, 30);
950 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC |
951 IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
952 nullfunc->frame_control = fc;
953 memcpy(nullfunc->addr1, sdata->u.mgd.bssid, ETH_ALEN);
954 memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN);
955 memcpy(nullfunc->addr3, sdata->u.mgd.bssid, ETH_ALEN);
956 memcpy(nullfunc->addr4, sdata->vif.addr, ETH_ALEN);
958 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
959 ieee80211_tx_skb(sdata, skb);
962 /* spectrum management related things */
963 static void ieee80211_chswitch_work(struct work_struct *work)
965 struct ieee80211_sub_if_data *sdata =
966 container_of(work, struct ieee80211_sub_if_data, u.mgd.chswitch_work);
967 struct ieee80211_local *local = sdata->local;
968 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
971 if (!ieee80211_sdata_running(sdata))
975 mutex_lock(&local->mtx);
976 mutex_lock(&local->chanctx_mtx);
978 if (!ifmgd->associated)
981 if (!sdata->vif.csa_active)
985 * using reservation isn't immediate as it may be deferred until later
986 * with multi-vif. once reservation is complete it will re-schedule the
987 * work with no reserved_chanctx so verify chandef to check if it
988 * completed successfully
991 if (sdata->reserved_chanctx) {
992 struct ieee80211_supported_band *sband = NULL;
993 struct sta_info *mgd_sta = NULL;
994 enum ieee80211_sta_rx_bandwidth bw = IEEE80211_STA_RX_BW_20;
997 * with multi-vif csa driver may call ieee80211_csa_finish()
998 * many times while waiting for other interfaces to use their
1001 if (sdata->reserved_ready)
1004 if (sdata->vif.bss_conf.chandef.width !=
1005 sdata->csa_chandef.width) {
1007 * For managed interface, we need to also update the AP
1008 * station bandwidth and align the rate scale algorithm
1009 * on the bandwidth change. Here we only consider the
1010 * bandwidth of the new channel definition (as channel
1011 * switch flow does not have the full HT/VHT/HE
1012 * information), assuming that if additional changes are
1013 * required they would be done as part of the processing
1014 * of the next beacon from the AP.
1016 switch (sdata->csa_chandef.width) {
1017 case NL80211_CHAN_WIDTH_20_NOHT:
1018 case NL80211_CHAN_WIDTH_20:
1020 bw = IEEE80211_STA_RX_BW_20;
1022 case NL80211_CHAN_WIDTH_40:
1023 bw = IEEE80211_STA_RX_BW_40;
1025 case NL80211_CHAN_WIDTH_80:
1026 bw = IEEE80211_STA_RX_BW_80;
1028 case NL80211_CHAN_WIDTH_80P80:
1029 case NL80211_CHAN_WIDTH_160:
1030 bw = IEEE80211_STA_RX_BW_160;
1034 mgd_sta = sta_info_get(sdata, ifmgd->bssid);
1036 local->hw.wiphy->bands[sdata->csa_chandef.chan->band];
1039 if (sdata->vif.bss_conf.chandef.width >
1040 sdata->csa_chandef.width) {
1041 mgd_sta->sta.bandwidth = bw;
1042 rate_control_rate_update(local, sband, mgd_sta,
1043 IEEE80211_RC_BW_CHANGED);
1046 ret = ieee80211_vif_use_reserved_context(sdata);
1049 "failed to use reserved channel context, disconnecting (err=%d)\n",
1051 ieee80211_queue_work(&sdata->local->hw,
1052 &ifmgd->csa_connection_drop_work);
1056 if (sdata->vif.bss_conf.chandef.width <
1057 sdata->csa_chandef.width) {
1058 mgd_sta->sta.bandwidth = bw;
1059 rate_control_rate_update(local, sband, mgd_sta,
1060 IEEE80211_RC_BW_CHANGED);
1066 if (!cfg80211_chandef_identical(&sdata->vif.bss_conf.chandef,
1067 &sdata->csa_chandef)) {
1069 "failed to finalize channel switch, disconnecting\n");
1070 ieee80211_queue_work(&sdata->local->hw,
1071 &ifmgd->csa_connection_drop_work);
1075 ifmgd->csa_waiting_bcn = true;
1077 ieee80211_sta_reset_beacon_monitor(sdata);
1078 ieee80211_sta_reset_conn_monitor(sdata);
1081 mutex_unlock(&local->chanctx_mtx);
1082 mutex_unlock(&local->mtx);
1083 sdata_unlock(sdata);
1086 static void ieee80211_chswitch_post_beacon(struct ieee80211_sub_if_data *sdata)
1088 struct ieee80211_local *local = sdata->local;
1089 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1092 sdata_assert_lock(sdata);
1094 WARN_ON(!sdata->vif.csa_active);
1096 if (sdata->csa_block_tx) {
1097 ieee80211_wake_vif_queues(local, sdata,
1098 IEEE80211_QUEUE_STOP_REASON_CSA);
1099 sdata->csa_block_tx = false;
1102 sdata->vif.csa_active = false;
1103 ifmgd->csa_waiting_bcn = false;
1105 * If the CSA IE is still present on the beacon after the switch,
1106 * we need to consider it as a new CSA (possibly to self).
1108 ifmgd->beacon_crc_valid = false;
1110 ret = drv_post_channel_switch(sdata);
1113 "driver post channel switch failed, disconnecting\n");
1114 ieee80211_queue_work(&local->hw,
1115 &ifmgd->csa_connection_drop_work);
1119 cfg80211_ch_switch_notify(sdata->dev, &sdata->reserved_chandef);
1122 void ieee80211_chswitch_done(struct ieee80211_vif *vif, bool success)
1124 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1125 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1127 trace_api_chswitch_done(sdata, success);
1130 "driver channel switch failed, disconnecting\n");
1131 ieee80211_queue_work(&sdata->local->hw,
1132 &ifmgd->csa_connection_drop_work);
1134 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work);
1137 EXPORT_SYMBOL(ieee80211_chswitch_done);
1139 static void ieee80211_chswitch_timer(unsigned long data)
1141 struct ieee80211_sub_if_data *sdata =
1142 (struct ieee80211_sub_if_data *) data;
1144 ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.chswitch_work);
1148 ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata,
1149 u64 timestamp, u32 device_timestamp,
1150 struct ieee802_11_elems *elems,
1153 struct ieee80211_local *local = sdata->local;
1154 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1155 struct cfg80211_bss *cbss = ifmgd->associated;
1156 struct ieee80211_chanctx_conf *conf;
1157 struct ieee80211_chanctx *chanctx;
1158 enum nl80211_band current_band;
1159 struct ieee80211_csa_ie csa_ie;
1160 struct ieee80211_channel_switch ch_switch;
1163 sdata_assert_lock(sdata);
1168 if (local->scanning)
1171 /* disregard subsequent announcements if we are already processing */
1172 if (sdata->vif.csa_active)
1175 current_band = cbss->channel->band;
1176 memset(&csa_ie, 0, sizeof(csa_ie));
1177 res = ieee80211_parse_ch_switch_ie(sdata, elems, current_band,
1179 ifmgd->associated->bssid, &csa_ie);
1181 ieee80211_queue_work(&local->hw,
1182 &ifmgd->csa_connection_drop_work);
1186 if (!cfg80211_chandef_usable(local->hw.wiphy, &csa_ie.chandef,
1187 IEEE80211_CHAN_DISABLED)) {
1189 "AP %pM switches to unsupported channel (%d MHz, width:%d, CF1/2: %d/%d MHz), disconnecting\n",
1190 ifmgd->associated->bssid,
1191 csa_ie.chandef.chan->center_freq,
1192 csa_ie.chandef.width, csa_ie.chandef.center_freq1,
1193 csa_ie.chandef.center_freq2);
1194 ieee80211_queue_work(&local->hw,
1195 &ifmgd->csa_connection_drop_work);
1199 if (cfg80211_chandef_identical(&csa_ie.chandef,
1200 &sdata->vif.bss_conf.chandef)) {
1201 if (ifmgd->csa_ignored_same_chan)
1204 "AP %pM tries to chanswitch to same channel, ignore\n",
1205 ifmgd->associated->bssid);
1206 ifmgd->csa_ignored_same_chan = true;
1211 * Drop all TDLS peers - either we disconnect or move to a different
1212 * channel from this point on. There's no telling what our peer will do.
1213 * The TDLS WIDER_BW scenario is also problematic, as peers might now
1214 * have an incompatible wider chandef.
1216 ieee80211_teardown_tdls_peers(sdata);
1218 mutex_lock(&local->mtx);
1219 mutex_lock(&local->chanctx_mtx);
1220 conf = rcu_dereference_protected(sdata->vif.chanctx_conf,
1221 lockdep_is_held(&local->chanctx_mtx));
1224 "no channel context assigned to vif?, disconnecting\n");
1225 goto drop_connection;
1228 chanctx = container_of(conf, struct ieee80211_chanctx, conf);
1230 if (local->use_chanctx &&
1231 !ieee80211_hw_check(&local->hw, CHANCTX_STA_CSA)) {
1233 "driver doesn't support chan-switch with channel contexts\n");
1234 goto drop_connection;
1237 ch_switch.timestamp = timestamp;
1238 ch_switch.device_timestamp = device_timestamp;
1239 ch_switch.block_tx = csa_ie.mode;
1240 ch_switch.chandef = csa_ie.chandef;
1241 ch_switch.count = csa_ie.count;
1243 if (drv_pre_channel_switch(sdata, &ch_switch)) {
1245 "preparing for channel switch failed, disconnecting\n");
1246 goto drop_connection;
1249 res = ieee80211_vif_reserve_chanctx(sdata, &csa_ie.chandef,
1250 chanctx->mode, false);
1253 "failed to reserve channel context for channel switch, disconnecting (err=%d)\n",
1255 goto drop_connection;
1257 mutex_unlock(&local->chanctx_mtx);
1259 sdata->vif.csa_active = true;
1260 sdata->csa_chandef = csa_ie.chandef;
1261 sdata->csa_block_tx = csa_ie.mode;
1262 ifmgd->csa_ignored_same_chan = false;
1264 if (sdata->csa_block_tx)
1265 ieee80211_stop_vif_queues(local, sdata,
1266 IEEE80211_QUEUE_STOP_REASON_CSA);
1267 mutex_unlock(&local->mtx);
1269 cfg80211_ch_switch_started_notify(sdata->dev, &csa_ie.chandef,
1272 if (local->ops->channel_switch) {
1273 /* use driver's channel switch callback */
1274 drv_channel_switch(local, sdata, &ch_switch);
1278 /* channel switch handled in software */
1279 if (csa_ie.count <= 1)
1280 ieee80211_queue_work(&local->hw, &ifmgd->chswitch_work);
1282 mod_timer(&ifmgd->chswitch_timer,
1283 TU_TO_EXP_TIME((csa_ie.count - 1) *
1284 cbss->beacon_interval));
1288 * This is just so that the disconnect flow will know that
1289 * we were trying to switch channel and failed. In case the
1290 * mode is 1 (we are not allowed to Tx), we will know not to
1291 * send a deauthentication frame. Those two fields will be
1292 * reset when the disconnection worker runs.
1294 sdata->vif.csa_active = true;
1295 sdata->csa_block_tx = csa_ie.mode;
1297 ieee80211_queue_work(&local->hw, &ifmgd->csa_connection_drop_work);
1298 mutex_unlock(&local->chanctx_mtx);
1299 mutex_unlock(&local->mtx);
1303 ieee80211_find_80211h_pwr_constr(struct ieee80211_sub_if_data *sdata,
1304 struct ieee80211_channel *channel,
1305 const u8 *country_ie, u8 country_ie_len,
1306 const u8 *pwr_constr_elem,
1307 int *chan_pwr, int *pwr_reduction)
1309 struct ieee80211_country_ie_triplet *triplet;
1310 int chan = ieee80211_frequency_to_channel(channel->center_freq);
1311 int i, chan_increment;
1312 bool have_chan_pwr = false;
1315 if (country_ie_len % 2 || country_ie_len < IEEE80211_COUNTRY_IE_MIN_LEN)
1318 triplet = (void *)(country_ie + 3);
1319 country_ie_len -= 3;
1321 switch (channel->band) {
1325 case NL80211_BAND_2GHZ:
1326 case NL80211_BAND_60GHZ:
1329 case NL80211_BAND_5GHZ:
1335 while (country_ie_len >= 3) {
1336 u8 first_channel = triplet->chans.first_channel;
1338 if (first_channel >= IEEE80211_COUNTRY_EXTENSION_ID)
1341 for (i = 0; i < triplet->chans.num_channels; i++) {
1342 if (first_channel + i * chan_increment == chan) {
1343 have_chan_pwr = true;
1344 *chan_pwr = triplet->chans.max_power;
1353 country_ie_len -= 3;
1356 if (have_chan_pwr && pwr_constr_elem)
1357 *pwr_reduction = *pwr_constr_elem;
1361 return have_chan_pwr;
1364 static void ieee80211_find_cisco_dtpc(struct ieee80211_sub_if_data *sdata,
1365 struct ieee80211_channel *channel,
1366 const u8 *cisco_dtpc_ie,
1369 /* From practical testing, the first data byte of the DTPC element
1370 * seems to contain the requested dBm level, and the CLI on Cisco
1371 * APs clearly state the range is -127 to 127 dBm, which indicates
1372 * a signed byte, although it seemingly never actually goes negative.
1373 * The other byte seems to always be zero.
1375 *pwr_level = (__s8)cisco_dtpc_ie[4];
1378 static u32 ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata,
1379 struct ieee80211_channel *channel,
1380 struct ieee80211_mgmt *mgmt,
1381 const u8 *country_ie, u8 country_ie_len,
1382 const u8 *pwr_constr_ie,
1383 const u8 *cisco_dtpc_ie)
1385 bool has_80211h_pwr = false, has_cisco_pwr = false;
1386 int chan_pwr = 0, pwr_reduction_80211h = 0;
1387 int pwr_level_cisco, pwr_level_80211h;
1389 __le16 capab = mgmt->u.probe_resp.capab_info;
1392 (capab & cpu_to_le16(WLAN_CAPABILITY_SPECTRUM_MGMT) ||
1393 capab & cpu_to_le16(WLAN_CAPABILITY_RADIO_MEASURE))) {
1394 has_80211h_pwr = ieee80211_find_80211h_pwr_constr(
1395 sdata, channel, country_ie, country_ie_len,
1396 pwr_constr_ie, &chan_pwr, &pwr_reduction_80211h);
1398 max_t(int, 0, chan_pwr - pwr_reduction_80211h);
1401 if (cisco_dtpc_ie) {
1402 ieee80211_find_cisco_dtpc(
1403 sdata, channel, cisco_dtpc_ie, &pwr_level_cisco);
1404 has_cisco_pwr = true;
1407 if (!has_80211h_pwr && !has_cisco_pwr)
1410 /* If we have both 802.11h and Cisco DTPC, apply both limits
1411 * by picking the smallest of the two power levels advertised.
1413 if (has_80211h_pwr &&
1414 (!has_cisco_pwr || pwr_level_80211h <= pwr_level_cisco)) {
1415 new_ap_level = pwr_level_80211h;
1417 if (sdata->ap_power_level == new_ap_level)
1421 "Limiting TX power to %d (%d - %d) dBm as advertised by %pM\n",
1422 pwr_level_80211h, chan_pwr, pwr_reduction_80211h,
1423 sdata->u.mgd.bssid);
1424 } else { /* has_cisco_pwr is always true here. */
1425 new_ap_level = pwr_level_cisco;
1427 if (sdata->ap_power_level == new_ap_level)
1431 "Limiting TX power to %d dBm as advertised by %pM\n",
1432 pwr_level_cisco, sdata->u.mgd.bssid);
1435 sdata->ap_power_level = new_ap_level;
1436 if (__ieee80211_recalc_txpower(sdata))
1437 return BSS_CHANGED_TXPOWER;
1442 static void ieee80211_enable_ps(struct ieee80211_local *local,
1443 struct ieee80211_sub_if_data *sdata)
1445 struct ieee80211_conf *conf = &local->hw.conf;
1448 * If we are scanning right now then the parameters will
1449 * take effect when scan finishes.
1451 if (local->scanning)
1454 if (conf->dynamic_ps_timeout > 0 &&
1455 !ieee80211_hw_check(&local->hw, SUPPORTS_DYNAMIC_PS)) {
1456 mod_timer(&local->dynamic_ps_timer, jiffies +
1457 msecs_to_jiffies(conf->dynamic_ps_timeout));
1459 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK))
1460 ieee80211_send_nullfunc(local, sdata, true);
1462 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) &&
1463 ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
1466 conf->flags |= IEEE80211_CONF_PS;
1467 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1471 static void ieee80211_change_ps(struct ieee80211_local *local)
1473 struct ieee80211_conf *conf = &local->hw.conf;
1475 if (local->ps_sdata) {
1476 ieee80211_enable_ps(local, local->ps_sdata);
1477 } else if (conf->flags & IEEE80211_CONF_PS) {
1478 conf->flags &= ~IEEE80211_CONF_PS;
1479 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1480 del_timer_sync(&local->dynamic_ps_timer);
1481 cancel_work_sync(&local->dynamic_ps_enable_work);
1485 static bool ieee80211_powersave_allowed(struct ieee80211_sub_if_data *sdata)
1487 struct ieee80211_if_managed *mgd = &sdata->u.mgd;
1488 struct sta_info *sta = NULL;
1489 bool authorized = false;
1491 if (!mgd->powersave)
1497 if (!mgd->associated)
1500 if (mgd->flags & IEEE80211_STA_CONNECTION_POLL)
1503 if (!mgd->have_beacon)
1507 sta = sta_info_get(sdata, mgd->bssid);
1509 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED);
1515 /* need to hold RTNL or interface lock */
1516 void ieee80211_recalc_ps(struct ieee80211_local *local)
1518 struct ieee80211_sub_if_data *sdata, *found = NULL;
1522 if (!ieee80211_hw_check(&local->hw, SUPPORTS_PS)) {
1523 local->ps_sdata = NULL;
1527 list_for_each_entry(sdata, &local->interfaces, list) {
1528 if (!ieee80211_sdata_running(sdata))
1530 if (sdata->vif.type == NL80211_IFTYPE_AP) {
1531 /* If an AP vif is found, then disable PS
1532 * by setting the count to zero thereby setting
1538 if (sdata->vif.type != NL80211_IFTYPE_STATION)
1544 if (count == 1 && ieee80211_powersave_allowed(found)) {
1545 u8 dtimper = found->u.mgd.dtim_period;
1548 beaconint_us = ieee80211_tu_to_usec(
1549 found->vif.bss_conf.beacon_int);
1551 timeout = local->dynamic_ps_forced_timeout;
1554 local->hw.conf.dynamic_ps_timeout = timeout;
1556 /* If the TIM IE is invalid, pretend the value is 1 */
1560 local->hw.conf.ps_dtim_period = dtimper;
1561 local->ps_sdata = found;
1563 local->ps_sdata = NULL;
1566 ieee80211_change_ps(local);
1569 void ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data *sdata)
1571 bool ps_allowed = ieee80211_powersave_allowed(sdata);
1573 if (sdata->vif.bss_conf.ps != ps_allowed) {
1574 sdata->vif.bss_conf.ps = ps_allowed;
1575 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_PS);
1579 void ieee80211_dynamic_ps_disable_work(struct work_struct *work)
1581 struct ieee80211_local *local =
1582 container_of(work, struct ieee80211_local,
1583 dynamic_ps_disable_work);
1585 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
1586 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
1587 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1590 ieee80211_wake_queues_by_reason(&local->hw,
1591 IEEE80211_MAX_QUEUE_MAP,
1592 IEEE80211_QUEUE_STOP_REASON_PS,
1596 void ieee80211_dynamic_ps_enable_work(struct work_struct *work)
1598 struct ieee80211_local *local =
1599 container_of(work, struct ieee80211_local,
1600 dynamic_ps_enable_work);
1601 struct ieee80211_sub_if_data *sdata = local->ps_sdata;
1602 struct ieee80211_if_managed *ifmgd;
1603 unsigned long flags;
1606 /* can only happen when PS was just disabled anyway */
1610 ifmgd = &sdata->u.mgd;
1612 if (local->hw.conf.flags & IEEE80211_CONF_PS)
1615 if (local->hw.conf.dynamic_ps_timeout > 0) {
1616 /* don't enter PS if TX frames are pending */
1617 if (drv_tx_frames_pending(local)) {
1618 mod_timer(&local->dynamic_ps_timer, jiffies +
1620 local->hw.conf.dynamic_ps_timeout));
1625 * transmission can be stopped by others which leads to
1626 * dynamic_ps_timer expiry. Postpone the ps timer if it
1627 * is not the actual idle state.
1629 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
1630 for (q = 0; q < local->hw.queues; q++) {
1631 if (local->queue_stop_reasons[q]) {
1632 spin_unlock_irqrestore(&local->queue_stop_reason_lock,
1634 mod_timer(&local->dynamic_ps_timer, jiffies +
1636 local->hw.conf.dynamic_ps_timeout));
1640 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
1643 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) &&
1644 !(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) {
1645 if (drv_tx_frames_pending(local)) {
1646 mod_timer(&local->dynamic_ps_timer, jiffies +
1648 local->hw.conf.dynamic_ps_timeout));
1650 ieee80211_send_nullfunc(local, sdata, true);
1651 /* Flush to get the tx status of nullfunc frame */
1652 ieee80211_flush_queues(local, sdata, false);
1656 if (!(ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS) &&
1657 ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK)) ||
1658 (ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) {
1659 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED;
1660 local->hw.conf.flags |= IEEE80211_CONF_PS;
1661 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1665 void ieee80211_dynamic_ps_timer(unsigned long data)
1667 struct ieee80211_local *local = (void *) data;
1669 ieee80211_queue_work(&local->hw, &local->dynamic_ps_enable_work);
1672 void ieee80211_dfs_cac_timer_work(struct work_struct *work)
1674 struct delayed_work *delayed_work = to_delayed_work(work);
1675 struct ieee80211_sub_if_data *sdata =
1676 container_of(delayed_work, struct ieee80211_sub_if_data,
1677 dfs_cac_timer_work);
1678 struct cfg80211_chan_def chandef = sdata->vif.bss_conf.chandef;
1680 mutex_lock(&sdata->local->mtx);
1681 if (sdata->wdev.cac_started) {
1682 ieee80211_vif_release_channel(sdata);
1683 cfg80211_cac_event(sdata->dev, &chandef,
1684 NL80211_RADAR_CAC_FINISHED,
1687 mutex_unlock(&sdata->local->mtx);
1691 __ieee80211_sta_handle_tspec_ac_params(struct ieee80211_sub_if_data *sdata)
1693 struct ieee80211_local *local = sdata->local;
1694 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1698 if (local->hw.queues < IEEE80211_NUM_ACS)
1701 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
1702 struct ieee80211_sta_tx_tspec *tx_tspec = &ifmgd->tx_tspec[ac];
1704 unsigned long now = jiffies;
1706 if (tx_tspec->action == TX_TSPEC_ACTION_NONE &&
1707 tx_tspec->admitted_time &&
1708 time_after(now, tx_tspec->time_slice_start + HZ)) {
1709 tx_tspec->consumed_tx_time = 0;
1710 tx_tspec->time_slice_start = now;
1712 if (tx_tspec->downgraded)
1714 TX_TSPEC_ACTION_STOP_DOWNGRADE;
1717 switch (tx_tspec->action) {
1718 case TX_TSPEC_ACTION_STOP_DOWNGRADE:
1719 /* take the original parameters */
1720 if (drv_conf_tx(local, sdata, ac, &sdata->tx_conf[ac]))
1722 "failed to set TX queue parameters for queue %d\n",
1724 tx_tspec->action = TX_TSPEC_ACTION_NONE;
1725 tx_tspec->downgraded = false;
1728 case TX_TSPEC_ACTION_DOWNGRADE:
1729 if (time_after(now, tx_tspec->time_slice_start + HZ)) {
1730 tx_tspec->action = TX_TSPEC_ACTION_NONE;
1734 /* downgrade next lower non-ACM AC */
1735 for (non_acm_ac = ac + 1;
1736 non_acm_ac < IEEE80211_NUM_ACS;
1738 if (!(sdata->wmm_acm & BIT(7 - 2 * non_acm_ac)))
1740 /* Usually the loop will result in using BK even if it
1741 * requires admission control, but such a configuration
1742 * makes no sense and we have to transmit somehow - the
1743 * AC selection does the same thing.
1744 * If we started out trying to downgrade from BK, then
1745 * the extra condition here might be needed.
1747 if (non_acm_ac >= IEEE80211_NUM_ACS)
1748 non_acm_ac = IEEE80211_AC_BK;
1749 if (drv_conf_tx(local, sdata, ac,
1750 &sdata->tx_conf[non_acm_ac]))
1752 "failed to set TX queue parameters for queue %d\n",
1754 tx_tspec->action = TX_TSPEC_ACTION_NONE;
1756 schedule_delayed_work(&ifmgd->tx_tspec_wk,
1757 tx_tspec->time_slice_start + HZ - now + 1);
1759 case TX_TSPEC_ACTION_NONE:
1768 void ieee80211_sta_handle_tspec_ac_params(struct ieee80211_sub_if_data *sdata)
1770 if (__ieee80211_sta_handle_tspec_ac_params(sdata))
1771 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_QOS);
1774 static void ieee80211_sta_handle_tspec_ac_params_wk(struct work_struct *work)
1776 struct ieee80211_sub_if_data *sdata;
1778 sdata = container_of(work, struct ieee80211_sub_if_data,
1779 u.mgd.tx_tspec_wk.work);
1780 ieee80211_sta_handle_tspec_ac_params(sdata);
1784 static bool ieee80211_sta_wmm_params(struct ieee80211_local *local,
1785 struct ieee80211_sub_if_data *sdata,
1786 const u8 *wmm_param, size_t wmm_param_len)
1788 struct ieee80211_tx_queue_params params[IEEE80211_NUM_ACS];
1789 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1793 u8 uapsd_queues = 0;
1795 if (!local->ops->conf_tx)
1798 if (local->hw.queues < IEEE80211_NUM_ACS)
1804 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1)
1807 if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED)
1808 uapsd_queues = ifmgd->uapsd_queues;
1810 count = wmm_param[6] & 0x0f;
1811 if (count == ifmgd->wmm_last_param_set)
1813 ifmgd->wmm_last_param_set = count;
1815 pos = wmm_param + 8;
1816 left = wmm_param_len - 8;
1818 memset(¶ms, 0, sizeof(params));
1821 for (; left >= 4; left -= 4, pos += 4) {
1822 int aci = (pos[0] >> 5) & 0x03;
1823 int acm = (pos[0] >> 4) & 0x01;
1828 ac = IEEE80211_AC_BK;
1830 sdata->wmm_acm |= BIT(1) | BIT(2); /* BK/- */
1831 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK)
1835 ac = IEEE80211_AC_VI;
1837 sdata->wmm_acm |= BIT(4) | BIT(5); /* CL/VI */
1838 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI)
1842 ac = IEEE80211_AC_VO;
1844 sdata->wmm_acm |= BIT(6) | BIT(7); /* VO/NC */
1845 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO)
1850 ac = IEEE80211_AC_BE;
1852 sdata->wmm_acm |= BIT(0) | BIT(3); /* BE/EE */
1853 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE)
1858 params[ac].aifs = pos[0] & 0x0f;
1860 if (params[ac].aifs < 2) {
1862 "AP has invalid WMM params (AIFSN=%d for ACI %d), will use 2\n",
1863 params[ac].aifs, aci);
1864 params[ac].aifs = 2;
1866 params[ac].cw_max = ecw2cw((pos[1] & 0xf0) >> 4);
1867 params[ac].cw_min = ecw2cw(pos[1] & 0x0f);
1868 params[ac].txop = get_unaligned_le16(pos + 2);
1869 params[ac].acm = acm;
1870 params[ac].uapsd = uapsd;
1872 if (params[ac].cw_min == 0 ||
1873 params[ac].cw_min > params[ac].cw_max) {
1875 "AP has invalid WMM params (CWmin/max=%d/%d for ACI %d), using defaults\n",
1876 params[ac].cw_min, params[ac].cw_max, aci);
1881 /* WMM specification requires all 4 ACIs. */
1882 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
1883 if (params[ac].cw_min == 0) {
1885 "AP has invalid WMM params (missing AC %d), using defaults\n",
1891 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
1893 "WMM AC=%d acm=%d aifs=%d cWmin=%d cWmax=%d txop=%d uapsd=%d, downgraded=%d\n",
1895 params[ac].aifs, params[ac].cw_min, params[ac].cw_max,
1896 params[ac].txop, params[ac].uapsd,
1897 ifmgd->tx_tspec[ac].downgraded);
1898 sdata->tx_conf[ac] = params[ac];
1899 if (!ifmgd->tx_tspec[ac].downgraded &&
1900 drv_conf_tx(local, sdata, ac, ¶ms[ac]))
1902 "failed to set TX queue parameters for AC %d\n",
1906 /* enable WMM or activate new settings */
1907 sdata->vif.bss_conf.qos = true;
1911 static void __ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata)
1913 lockdep_assert_held(&sdata->local->mtx);
1915 sdata->u.mgd.flags &= ~IEEE80211_STA_CONNECTION_POLL;
1916 ieee80211_run_deferred_scan(sdata->local);
1919 static void ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata)
1921 mutex_lock(&sdata->local->mtx);
1922 __ieee80211_stop_poll(sdata);
1923 mutex_unlock(&sdata->local->mtx);
1926 static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata,
1927 u16 capab, bool erp_valid, u8 erp)
1929 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
1930 struct ieee80211_supported_band *sband;
1932 bool use_protection;
1933 bool use_short_preamble;
1934 bool use_short_slot;
1936 sband = ieee80211_get_sband(sdata);
1941 use_protection = (erp & WLAN_ERP_USE_PROTECTION) != 0;
1942 use_short_preamble = (erp & WLAN_ERP_BARKER_PREAMBLE) == 0;
1944 use_protection = false;
1945 use_short_preamble = !!(capab & WLAN_CAPABILITY_SHORT_PREAMBLE);
1948 use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME);
1949 if (sband->band == NL80211_BAND_5GHZ)
1950 use_short_slot = true;
1952 if (use_protection != bss_conf->use_cts_prot) {
1953 bss_conf->use_cts_prot = use_protection;
1954 changed |= BSS_CHANGED_ERP_CTS_PROT;
1957 if (use_short_preamble != bss_conf->use_short_preamble) {
1958 bss_conf->use_short_preamble = use_short_preamble;
1959 changed |= BSS_CHANGED_ERP_PREAMBLE;
1962 if (use_short_slot != bss_conf->use_short_slot) {
1963 bss_conf->use_short_slot = use_short_slot;
1964 changed |= BSS_CHANGED_ERP_SLOT;
1970 static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
1971 struct cfg80211_bss *cbss,
1972 u32 bss_info_changed)
1974 struct ieee80211_bss *bss = (void *)cbss->priv;
1975 struct ieee80211_local *local = sdata->local;
1976 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
1978 bss_info_changed |= BSS_CHANGED_ASSOC;
1979 bss_info_changed |= ieee80211_handle_bss_capability(sdata,
1980 bss_conf->assoc_capability, bss->has_erp_value, bss->erp_value);
1982 sdata->u.mgd.beacon_timeout = usecs_to_jiffies(ieee80211_tu_to_usec(
1983 beacon_loss_count * bss_conf->beacon_int));
1985 sdata->u.mgd.associated = cbss;
1986 memcpy(sdata->u.mgd.bssid, cbss->bssid, ETH_ALEN);
1988 sdata->u.mgd.flags |= IEEE80211_STA_RESET_SIGNAL_AVE;
1990 if (sdata->vif.p2p ||
1991 sdata->vif.driver_flags & IEEE80211_VIF_GET_NOA_UPDATE) {
1992 const struct cfg80211_bss_ies *ies;
1995 ies = rcu_dereference(cbss->ies);
1999 ret = cfg80211_get_p2p_attr(
2000 ies->data, ies->len,
2001 IEEE80211_P2P_ATTR_ABSENCE_NOTICE,
2002 (u8 *) &bss_conf->p2p_noa_attr,
2003 sizeof(bss_conf->p2p_noa_attr));
2005 sdata->u.mgd.p2p_noa_index =
2006 bss_conf->p2p_noa_attr.index;
2007 bss_info_changed |= BSS_CHANGED_P2P_PS;
2013 /* just to be sure */
2014 ieee80211_stop_poll(sdata);
2016 ieee80211_led_assoc(local, 1);
2018 if (sdata->u.mgd.have_beacon) {
2020 * If the AP is buggy we may get here with no DTIM period
2021 * known, so assume it's 1 which is the only safe assumption
2022 * in that case, although if the TIM IE is broken powersave
2023 * probably just won't work at all.
2025 bss_conf->dtim_period = sdata->u.mgd.dtim_period ?: 1;
2026 bss_conf->beacon_rate = bss->beacon_rate;
2027 bss_info_changed |= BSS_CHANGED_BEACON_INFO;
2029 bss_conf->beacon_rate = NULL;
2030 bss_conf->dtim_period = 0;
2033 bss_conf->assoc = 1;
2035 /* Tell the driver to monitor connection quality (if supported) */
2036 if (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI &&
2037 bss_conf->cqm_rssi_thold)
2038 bss_info_changed |= BSS_CHANGED_CQM;
2040 /* Enable ARP filtering */
2041 if (bss_conf->arp_addr_cnt)
2042 bss_info_changed |= BSS_CHANGED_ARP_FILTER;
2044 ieee80211_bss_info_change_notify(sdata, bss_info_changed);
2046 mutex_lock(&local->iflist_mtx);
2047 ieee80211_recalc_ps(local);
2048 mutex_unlock(&local->iflist_mtx);
2050 ieee80211_recalc_smps(sdata);
2051 ieee80211_recalc_ps_vif(sdata);
2053 netif_carrier_on(sdata->dev);
2056 static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
2057 u16 stype, u16 reason, bool tx,
2060 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2061 struct ieee80211_local *local = sdata->local;
2064 sdata_assert_lock(sdata);
2066 if (WARN_ON_ONCE(tx && !frame_buf))
2069 if (WARN_ON(!ifmgd->associated))
2072 ieee80211_stop_poll(sdata);
2074 ifmgd->associated = NULL;
2075 netif_carrier_off(sdata->dev);
2078 * if we want to get out of ps before disassoc (why?) we have
2079 * to do it before sending disassoc, as otherwise the null-packet
2082 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
2083 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
2084 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
2086 local->ps_sdata = NULL;
2088 /* disable per-vif ps */
2089 ieee80211_recalc_ps_vif(sdata);
2091 /* make sure ongoing transmission finishes */
2095 * drop any frame before deauth/disassoc, this can be data or
2096 * management frame. Since we are disconnecting, we should not
2097 * insist sending these frames which can take time and delay
2098 * the disconnection and possible the roaming.
2101 ieee80211_flush_queues(local, sdata, true);
2103 /* deauthenticate/disassociate now */
2104 if (tx || frame_buf)
2105 ieee80211_send_deauth_disassoc(sdata, ifmgd->bssid, stype,
2106 reason, tx, frame_buf);
2108 /* flush out frame - make sure the deauth was actually sent */
2110 ieee80211_flush_queues(local, sdata, false);
2112 /* clear bssid only after building the needed mgmt frames */
2113 eth_zero_addr(ifmgd->bssid);
2115 /* remove AP and TDLS peers */
2116 sta_info_flush(sdata);
2118 /* finally reset all BSS / config parameters */
2119 changed |= ieee80211_reset_erp_info(sdata);
2121 ieee80211_led_assoc(local, 0);
2122 changed |= BSS_CHANGED_ASSOC;
2123 sdata->vif.bss_conf.assoc = false;
2125 ifmgd->p2p_noa_index = -1;
2126 memset(&sdata->vif.bss_conf.p2p_noa_attr, 0,
2127 sizeof(sdata->vif.bss_conf.p2p_noa_attr));
2129 /* on the next assoc, re-program HT/VHT parameters */
2130 memset(&ifmgd->ht_capa, 0, sizeof(ifmgd->ht_capa));
2131 memset(&ifmgd->ht_capa_mask, 0, sizeof(ifmgd->ht_capa_mask));
2132 memset(&ifmgd->vht_capa, 0, sizeof(ifmgd->vht_capa));
2133 memset(&ifmgd->vht_capa_mask, 0, sizeof(ifmgd->vht_capa_mask));
2135 /* reset MU-MIMO ownership and group data */
2136 memset(sdata->vif.bss_conf.mu_group.membership, 0,
2137 sizeof(sdata->vif.bss_conf.mu_group.membership));
2138 memset(sdata->vif.bss_conf.mu_group.position, 0,
2139 sizeof(sdata->vif.bss_conf.mu_group.position));
2140 changed |= BSS_CHANGED_MU_GROUPS;
2141 sdata->vif.mu_mimo_owner = false;
2143 sdata->ap_power_level = IEEE80211_UNSET_POWER_LEVEL;
2145 del_timer_sync(&local->dynamic_ps_timer);
2146 cancel_work_sync(&local->dynamic_ps_enable_work);
2148 /* Disable ARP filtering */
2149 if (sdata->vif.bss_conf.arp_addr_cnt)
2150 changed |= BSS_CHANGED_ARP_FILTER;
2152 sdata->vif.bss_conf.qos = false;
2153 changed |= BSS_CHANGED_QOS;
2155 /* The BSSID (not really interesting) and HT changed */
2156 changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT;
2157 ieee80211_bss_info_change_notify(sdata, changed);
2159 /* disassociated - set to defaults now */
2160 ieee80211_set_wmm_default(sdata, false, false);
2162 del_timer_sync(&sdata->u.mgd.conn_mon_timer);
2163 del_timer_sync(&sdata->u.mgd.bcn_mon_timer);
2164 del_timer_sync(&sdata->u.mgd.timer);
2165 del_timer_sync(&sdata->u.mgd.chswitch_timer);
2167 sdata->vif.bss_conf.dtim_period = 0;
2168 sdata->vif.bss_conf.beacon_rate = NULL;
2170 ifmgd->have_beacon = false;
2173 mutex_lock(&local->mtx);
2174 ieee80211_vif_release_channel(sdata);
2176 sdata->vif.csa_active = false;
2177 ifmgd->csa_waiting_bcn = false;
2178 ifmgd->csa_ignored_same_chan = false;
2179 if (sdata->csa_block_tx) {
2180 ieee80211_wake_vif_queues(local, sdata,
2181 IEEE80211_QUEUE_STOP_REASON_CSA);
2182 sdata->csa_block_tx = false;
2184 mutex_unlock(&local->mtx);
2186 /* existing TX TSPEC sessions no longer exist */
2187 memset(ifmgd->tx_tspec, 0, sizeof(ifmgd->tx_tspec));
2188 cancel_delayed_work_sync(&ifmgd->tx_tspec_wk);
2190 sdata->encrypt_headroom = IEEE80211_ENCRYPT_HEADROOM;
2193 void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata,
2194 struct ieee80211_hdr *hdr)
2197 * We can postpone the mgd.timer whenever receiving unicast frames
2198 * from AP because we know that the connection is working both ways
2199 * at that time. But multicast frames (and hence also beacons) must
2200 * be ignored here, because we need to trigger the timer during
2201 * data idle periods for sending the periodic probe request to the
2202 * AP we're connected to.
2204 if (is_multicast_ether_addr(hdr->addr1))
2207 ieee80211_sta_reset_conn_monitor(sdata);
2210 static void ieee80211_reset_ap_probe(struct ieee80211_sub_if_data *sdata)
2212 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2213 struct ieee80211_local *local = sdata->local;
2215 mutex_lock(&local->mtx);
2216 if (!(ifmgd->flags & IEEE80211_STA_CONNECTION_POLL))
2219 __ieee80211_stop_poll(sdata);
2221 mutex_lock(&local->iflist_mtx);
2222 ieee80211_recalc_ps(local);
2223 mutex_unlock(&local->iflist_mtx);
2225 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
2229 * We've received a probe response, but are not sure whether
2230 * we have or will be receiving any beacons or data, so let's
2231 * schedule the timers again, just in case.
2233 ieee80211_sta_reset_beacon_monitor(sdata);
2235 mod_timer(&ifmgd->conn_mon_timer,
2236 round_jiffies_up(jiffies +
2237 IEEE80211_CONNECTION_IDLE_TIME));
2239 mutex_unlock(&local->mtx);
2242 static void ieee80211_sta_tx_wmm_ac_notify(struct ieee80211_sub_if_data *sdata,
2243 struct ieee80211_hdr *hdr,
2246 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2247 u16 tid = *ieee80211_get_qos_ctl(hdr) & IEEE80211_QOS_CTL_TID_MASK;
2248 int ac = ieee80211_ac_from_tid(tid);
2249 struct ieee80211_sta_tx_tspec *tx_tspec = &ifmgd->tx_tspec[ac];
2250 unsigned long now = jiffies;
2252 if (likely(!tx_tspec->admitted_time))
2255 if (time_after(now, tx_tspec->time_slice_start + HZ)) {
2256 tx_tspec->consumed_tx_time = 0;
2257 tx_tspec->time_slice_start = now;
2259 if (tx_tspec->downgraded) {
2260 tx_tspec->action = TX_TSPEC_ACTION_STOP_DOWNGRADE;
2261 schedule_delayed_work(&ifmgd->tx_tspec_wk, 0);
2265 if (tx_tspec->downgraded)
2268 tx_tspec->consumed_tx_time += tx_time;
2270 if (tx_tspec->consumed_tx_time >= tx_tspec->admitted_time) {
2271 tx_tspec->downgraded = true;
2272 tx_tspec->action = TX_TSPEC_ACTION_DOWNGRADE;
2273 schedule_delayed_work(&ifmgd->tx_tspec_wk, 0);
2277 void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata,
2278 struct ieee80211_hdr *hdr, bool ack, u16 tx_time)
2280 ieee80211_sta_tx_wmm_ac_notify(sdata, hdr, tx_time);
2282 if (!ieee80211_is_data(hdr->frame_control))
2285 if (ieee80211_is_any_nullfunc(hdr->frame_control) &&
2286 sdata->u.mgd.probe_send_count > 0) {
2288 ieee80211_sta_reset_conn_monitor(sdata);
2290 sdata->u.mgd.nullfunc_failed = true;
2291 ieee80211_queue_work(&sdata->local->hw, &sdata->work);
2296 ieee80211_sta_reset_conn_monitor(sdata);
2299 static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata)
2301 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2303 u8 *dst = ifmgd->associated->bssid;
2304 u8 unicast_limit = max(1, max_probe_tries - 3);
2305 struct sta_info *sta;
2308 * Try sending broadcast probe requests for the last three
2309 * probe requests after the first ones failed since some
2310 * buggy APs only support broadcast probe requests.
2312 if (ifmgd->probe_send_count >= unicast_limit)
2316 * When the hardware reports an accurate Tx ACK status, it's
2317 * better to send a nullfunc frame instead of a probe request,
2318 * as it will kick us off the AP quickly if we aren't associated
2319 * anymore. The timeout will be reset if the frame is ACKed by
2322 ifmgd->probe_send_count++;
2325 mutex_lock(&sdata->local->sta_mtx);
2326 sta = sta_info_get(sdata, dst);
2328 ieee80211_check_fast_rx(sta);
2329 mutex_unlock(&sdata->local->sta_mtx);
2332 if (ieee80211_hw_check(&sdata->local->hw, REPORTS_TX_ACK_STATUS)) {
2333 ifmgd->nullfunc_failed = false;
2334 ieee80211_send_nullfunc(sdata->local, sdata, false);
2339 ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID);
2340 if (WARN_ON_ONCE(ssid == NULL))
2345 ieee80211_send_probe_req(sdata, sdata->vif.addr, dst,
2346 ssid + 2, ssid_len, NULL,
2347 0, (u32) -1, true, 0,
2348 ifmgd->associated->channel, false);
2352 ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms);
2353 run_again(sdata, ifmgd->probe_timeout);
2356 static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata,
2359 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2360 bool already = false;
2362 if (!ieee80211_sdata_running(sdata))
2367 if (!ifmgd->associated)
2370 mutex_lock(&sdata->local->mtx);
2372 if (sdata->local->tmp_channel || sdata->local->scanning) {
2373 mutex_unlock(&sdata->local->mtx);
2378 mlme_dbg_ratelimited(sdata,
2379 "detected beacon loss from AP (missed %d beacons) - probing\n",
2382 ieee80211_cqm_beacon_loss_notify(&sdata->vif, GFP_KERNEL);
2386 * The driver/our work has already reported this event or the
2387 * connection monitoring has kicked in and we have already sent
2388 * a probe request. Or maybe the AP died and the driver keeps
2389 * reporting until we disassociate...
2391 * In either case we have to ignore the current call to this
2392 * function (except for setting the correct probe reason bit)
2393 * because otherwise we would reset the timer every time and
2394 * never check whether we received a probe response!
2396 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL)
2399 ifmgd->flags |= IEEE80211_STA_CONNECTION_POLL;
2401 mutex_unlock(&sdata->local->mtx);
2406 mutex_lock(&sdata->local->iflist_mtx);
2407 ieee80211_recalc_ps(sdata->local);
2408 mutex_unlock(&sdata->local->iflist_mtx);
2410 ifmgd->probe_send_count = 0;
2411 ieee80211_mgd_probe_ap_send(sdata);
2413 sdata_unlock(sdata);
2416 struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw,
2417 struct ieee80211_vif *vif)
2419 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2420 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2421 struct cfg80211_bss *cbss;
2422 struct sk_buff *skb;
2426 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
2429 sdata_assert_lock(sdata);
2431 if (ifmgd->associated)
2432 cbss = ifmgd->associated;
2433 else if (ifmgd->auth_data)
2434 cbss = ifmgd->auth_data->bss;
2435 else if (ifmgd->assoc_data)
2436 cbss = ifmgd->assoc_data->bss;
2441 ssid = ieee80211_bss_get_ie(cbss, WLAN_EID_SSID);
2442 if (WARN_ONCE(!ssid || ssid[1] > IEEE80211_MAX_SSID_LEN,
2443 "invalid SSID element (len=%d)", ssid ? ssid[1] : -1))
2448 skb = ieee80211_build_probe_req(sdata, sdata->vif.addr, cbss->bssid,
2449 (u32) -1, cbss->channel,
2456 EXPORT_SYMBOL(ieee80211_ap_probereq_get);
2458 static void ieee80211_report_disconnect(struct ieee80211_sub_if_data *sdata,
2459 const u8 *buf, size_t len, bool tx,
2462 struct ieee80211_event event = {
2464 .u.mlme.data = tx ? DEAUTH_TX_EVENT : DEAUTH_RX_EVENT,
2465 .u.mlme.reason = reason,
2469 cfg80211_tx_mlme_mgmt(sdata->dev, buf, len);
2471 cfg80211_rx_mlme_mgmt(sdata->dev, buf, len);
2473 drv_event_callback(sdata->local, sdata, &event);
2476 static void __ieee80211_disconnect(struct ieee80211_sub_if_data *sdata)
2478 struct ieee80211_local *local = sdata->local;
2479 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2480 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
2484 if (!ifmgd->associated) {
2485 sdata_unlock(sdata);
2489 tx = !sdata->csa_block_tx;
2491 /* AP is probably out of range (or not reachable for another reason) so
2492 * remove the bss struct for that AP.
2494 cfg80211_unlink_bss(local->hw.wiphy, ifmgd->associated);
2496 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
2497 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
2499 mutex_lock(&local->mtx);
2500 sdata->vif.csa_active = false;
2501 ifmgd->csa_waiting_bcn = false;
2502 if (sdata->csa_block_tx) {
2503 ieee80211_wake_vif_queues(local, sdata,
2504 IEEE80211_QUEUE_STOP_REASON_CSA);
2505 sdata->csa_block_tx = false;
2507 mutex_unlock(&local->mtx);
2509 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), tx,
2510 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY);
2512 sdata_unlock(sdata);
2515 static void ieee80211_beacon_connection_loss_work(struct work_struct *work)
2517 struct ieee80211_sub_if_data *sdata =
2518 container_of(work, struct ieee80211_sub_if_data,
2519 u.mgd.beacon_connection_loss_work);
2520 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2522 if (ifmgd->associated)
2523 ifmgd->beacon_loss_count++;
2525 if (ifmgd->connection_loss) {
2526 sdata_info(sdata, "Connection to AP %pM lost\n",
2528 __ieee80211_disconnect(sdata);
2530 ieee80211_mgd_probe_ap(sdata, true);
2534 static void ieee80211_csa_connection_drop_work(struct work_struct *work)
2536 struct ieee80211_sub_if_data *sdata =
2537 container_of(work, struct ieee80211_sub_if_data,
2538 u.mgd.csa_connection_drop_work);
2540 __ieee80211_disconnect(sdata);
2543 void ieee80211_beacon_loss(struct ieee80211_vif *vif)
2545 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2546 struct ieee80211_hw *hw = &sdata->local->hw;
2548 trace_api_beacon_loss(sdata);
2550 sdata->u.mgd.connection_loss = false;
2551 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work);
2553 EXPORT_SYMBOL(ieee80211_beacon_loss);
2555 void ieee80211_connection_loss(struct ieee80211_vif *vif)
2557 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2558 struct ieee80211_hw *hw = &sdata->local->hw;
2560 trace_api_connection_loss(sdata);
2562 sdata->u.mgd.connection_loss = true;
2563 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work);
2565 EXPORT_SYMBOL(ieee80211_connection_loss);
2568 static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata,
2571 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data;
2573 sdata_assert_lock(sdata);
2577 * we are not authenticated yet, the only timer that could be
2578 * running is the timeout for the authentication response which
2579 * which is not relevant anymore.
2581 del_timer_sync(&sdata->u.mgd.timer);
2582 sta_info_destroy_addr(sdata, auth_data->bss->bssid);
2584 eth_zero_addr(sdata->u.mgd.bssid);
2585 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
2586 sdata->u.mgd.flags = 0;
2587 mutex_lock(&sdata->local->mtx);
2588 ieee80211_vif_release_channel(sdata);
2589 mutex_unlock(&sdata->local->mtx);
2592 cfg80211_put_bss(sdata->local->hw.wiphy, auth_data->bss);
2594 sdata->u.mgd.auth_data = NULL;
2597 static void ieee80211_destroy_assoc_data(struct ieee80211_sub_if_data *sdata,
2598 bool assoc, bool abandon)
2600 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data;
2602 sdata_assert_lock(sdata);
2606 * we are not associated yet, the only timer that could be
2607 * running is the timeout for the association response which
2608 * which is not relevant anymore.
2610 del_timer_sync(&sdata->u.mgd.timer);
2611 sta_info_destroy_addr(sdata, assoc_data->bss->bssid);
2613 eth_zero_addr(sdata->u.mgd.bssid);
2614 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
2615 sdata->u.mgd.flags = 0;
2616 sdata->vif.mu_mimo_owner = false;
2618 mutex_lock(&sdata->local->mtx);
2619 ieee80211_vif_release_channel(sdata);
2620 mutex_unlock(&sdata->local->mtx);
2623 cfg80211_abandon_assoc(sdata->dev, assoc_data->bss);
2627 sdata->u.mgd.assoc_data = NULL;
2630 static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata,
2631 struct ieee80211_mgmt *mgmt, size_t len)
2633 struct ieee80211_local *local = sdata->local;
2634 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data;
2636 struct ieee802_11_elems elems;
2639 pos = mgmt->u.auth.variable;
2640 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems);
2641 if (!elems.challenge)
2643 auth_data->expected_transaction = 4;
2644 drv_mgd_prepare_tx(sdata->local, sdata);
2645 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
2646 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
2647 IEEE80211_TX_INTFL_MLME_CONN_TX;
2648 ieee80211_send_auth(sdata, 3, auth_data->algorithm, 0,
2649 elems.challenge - 2, elems.challenge_len + 2,
2650 auth_data->bss->bssid, auth_data->bss->bssid,
2651 auth_data->key, auth_data->key_len,
2652 auth_data->key_idx, tx_flags);
2655 static void ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata,
2656 struct ieee80211_mgmt *mgmt, size_t len)
2658 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2660 u16 auth_alg, auth_transaction, status_code;
2661 struct sta_info *sta;
2662 struct ieee80211_event event = {
2664 .u.mlme.data = AUTH_EVENT,
2667 sdata_assert_lock(sdata);
2672 if (!ifmgd->auth_data || ifmgd->auth_data->done)
2675 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN);
2677 if (!ether_addr_equal(bssid, mgmt->bssid))
2680 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
2681 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
2682 status_code = le16_to_cpu(mgmt->u.auth.status_code);
2684 if (auth_alg != ifmgd->auth_data->algorithm ||
2685 auth_transaction != ifmgd->auth_data->expected_transaction) {
2686 sdata_info(sdata, "%pM unexpected authentication state: alg %d (expected %d) transact %d (expected %d)\n",
2687 mgmt->sa, auth_alg, ifmgd->auth_data->algorithm,
2689 ifmgd->auth_data->expected_transaction);
2693 if (status_code != WLAN_STATUS_SUCCESS) {
2694 sdata_info(sdata, "%pM denied authentication (status %d)\n",
2695 mgmt->sa, status_code);
2696 ieee80211_destroy_auth_data(sdata, false);
2697 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
2698 event.u.mlme.status = MLME_DENIED;
2699 event.u.mlme.reason = status_code;
2700 drv_event_callback(sdata->local, sdata, &event);
2704 switch (ifmgd->auth_data->algorithm) {
2705 case WLAN_AUTH_OPEN:
2706 case WLAN_AUTH_LEAP:
2710 case WLAN_AUTH_SHARED_KEY:
2711 if (ifmgd->auth_data->expected_transaction != 4) {
2712 ieee80211_auth_challenge(sdata, mgmt, len);
2713 /* need another frame */
2718 WARN_ONCE(1, "invalid auth alg %d",
2719 ifmgd->auth_data->algorithm);
2723 event.u.mlme.status = MLME_SUCCESS;
2724 drv_event_callback(sdata->local, sdata, &event);
2725 sdata_info(sdata, "authenticated\n");
2726 ifmgd->auth_data->done = true;
2727 ifmgd->auth_data->timeout = jiffies + IEEE80211_AUTH_WAIT_ASSOC;
2728 ifmgd->auth_data->timeout_started = true;
2729 run_again(sdata, ifmgd->auth_data->timeout);
2731 if (ifmgd->auth_data->algorithm == WLAN_AUTH_SAE &&
2732 ifmgd->auth_data->expected_transaction != 2) {
2734 * Report auth frame to user space for processing since another
2735 * round of Authentication frames is still needed.
2737 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
2741 /* move station state to auth */
2742 mutex_lock(&sdata->local->sta_mtx);
2743 sta = sta_info_get(sdata, bssid);
2745 WARN_ONCE(1, "%s: STA %pM not found", sdata->name, bssid);
2748 if (sta_info_move_state(sta, IEEE80211_STA_AUTH)) {
2749 sdata_info(sdata, "failed moving %pM to auth\n", bssid);
2752 mutex_unlock(&sdata->local->sta_mtx);
2754 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
2757 mutex_unlock(&sdata->local->sta_mtx);
2758 /* ignore frame -- wait for timeout */
2761 #define case_WLAN(type) \
2762 case WLAN_REASON_##type: return #type
2764 const char *ieee80211_get_reason_code_string(u16 reason_code)
2766 switch (reason_code) {
2767 case_WLAN(UNSPECIFIED);
2768 case_WLAN(PREV_AUTH_NOT_VALID);
2769 case_WLAN(DEAUTH_LEAVING);
2770 case_WLAN(DISASSOC_DUE_TO_INACTIVITY);
2771 case_WLAN(DISASSOC_AP_BUSY);
2772 case_WLAN(CLASS2_FRAME_FROM_NONAUTH_STA);
2773 case_WLAN(CLASS3_FRAME_FROM_NONASSOC_STA);
2774 case_WLAN(DISASSOC_STA_HAS_LEFT);
2775 case_WLAN(STA_REQ_ASSOC_WITHOUT_AUTH);
2776 case_WLAN(DISASSOC_BAD_POWER);
2777 case_WLAN(DISASSOC_BAD_SUPP_CHAN);
2778 case_WLAN(INVALID_IE);
2779 case_WLAN(MIC_FAILURE);
2780 case_WLAN(4WAY_HANDSHAKE_TIMEOUT);
2781 case_WLAN(GROUP_KEY_HANDSHAKE_TIMEOUT);
2782 case_WLAN(IE_DIFFERENT);
2783 case_WLAN(INVALID_GROUP_CIPHER);
2784 case_WLAN(INVALID_PAIRWISE_CIPHER);
2785 case_WLAN(INVALID_AKMP);
2786 case_WLAN(UNSUPP_RSN_VERSION);
2787 case_WLAN(INVALID_RSN_IE_CAP);
2788 case_WLAN(IEEE8021X_FAILED);
2789 case_WLAN(CIPHER_SUITE_REJECTED);
2790 case_WLAN(DISASSOC_UNSPECIFIED_QOS);
2791 case_WLAN(DISASSOC_QAP_NO_BANDWIDTH);
2792 case_WLAN(DISASSOC_LOW_ACK);
2793 case_WLAN(DISASSOC_QAP_EXCEED_TXOP);
2794 case_WLAN(QSTA_LEAVE_QBSS);
2795 case_WLAN(QSTA_NOT_USE);
2796 case_WLAN(QSTA_REQUIRE_SETUP);
2797 case_WLAN(QSTA_TIMEOUT);
2798 case_WLAN(QSTA_CIPHER_NOT_SUPP);
2799 case_WLAN(MESH_PEER_CANCELED);
2800 case_WLAN(MESH_MAX_PEERS);
2801 case_WLAN(MESH_CONFIG);
2802 case_WLAN(MESH_CLOSE);
2803 case_WLAN(MESH_MAX_RETRIES);
2804 case_WLAN(MESH_CONFIRM_TIMEOUT);
2805 case_WLAN(MESH_INVALID_GTK);
2806 case_WLAN(MESH_INCONSISTENT_PARAM);
2807 case_WLAN(MESH_INVALID_SECURITY);
2808 case_WLAN(MESH_PATH_ERROR);
2809 case_WLAN(MESH_PATH_NOFORWARD);
2810 case_WLAN(MESH_PATH_DEST_UNREACHABLE);
2811 case_WLAN(MAC_EXISTS_IN_MBSS);
2812 case_WLAN(MESH_CHAN_REGULATORY);
2813 case_WLAN(MESH_CHAN);
2814 default: return "<unknown>";
2818 static void ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata,
2819 struct ieee80211_mgmt *mgmt, size_t len)
2821 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2822 u16 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
2824 sdata_assert_lock(sdata);
2829 if (!ether_addr_equal(mgmt->bssid, mgmt->sa)) {
2830 ieee80211_tdls_handle_disconnect(sdata, mgmt->sa, reason_code);
2834 if (ifmgd->associated &&
2835 ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) {
2836 const u8 *bssid = ifmgd->associated->bssid;
2838 sdata_info(sdata, "deauthenticated from %pM (Reason: %u=%s)\n",
2840 ieee80211_get_reason_code_string(reason_code));
2842 ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
2844 ieee80211_report_disconnect(sdata, (u8 *)mgmt, len, false,
2849 if (ifmgd->assoc_data &&
2850 ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->bss->bssid)) {
2851 const u8 *bssid = ifmgd->assoc_data->bss->bssid;
2854 "deauthenticated from %pM while associating (Reason: %u=%s)\n",
2856 ieee80211_get_reason_code_string(reason_code));
2858 ieee80211_destroy_assoc_data(sdata, false, true);
2860 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
2866 static void ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata,
2867 struct ieee80211_mgmt *mgmt, size_t len)
2869 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2872 sdata_assert_lock(sdata);
2877 if (!ifmgd->associated ||
2878 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid))
2881 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
2883 if (!ether_addr_equal(mgmt->bssid, mgmt->sa)) {
2884 ieee80211_tdls_handle_disconnect(sdata, mgmt->sa, reason_code);
2888 sdata_info(sdata, "disassociated from %pM (Reason: %u=%s)\n",
2889 mgmt->sa, reason_code,
2890 ieee80211_get_reason_code_string(reason_code));
2892 ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
2894 ieee80211_report_disconnect(sdata, (u8 *)mgmt, len, false, reason_code);
2897 static void ieee80211_get_rates(struct ieee80211_supported_band *sband,
2898 u8 *supp_rates, unsigned int supp_rates_len,
2899 u32 *rates, u32 *basic_rates,
2900 bool *have_higher_than_11mbit,
2901 int *min_rate, int *min_rate_index,
2902 int shift, u32 rate_flags)
2906 for (i = 0; i < supp_rates_len; i++) {
2907 int rate = supp_rates[i] & 0x7f;
2908 bool is_basic = !!(supp_rates[i] & 0x80);
2910 if ((rate * 5 * (1 << shift)) > 110)
2911 *have_higher_than_11mbit = true;
2914 * BSS_MEMBERSHIP_SELECTOR_HT_PHY is defined in 802.11n-2009
2915 * 7.3.2.2 as a magic value instead of a rate. Hence, skip it.
2917 * Note: Even through the membership selector and the basic
2918 * rate flag share the same bit, they are not exactly
2921 if (!!(supp_rates[i] & 0x80) &&
2922 (supp_rates[i] & 0x7f) == BSS_MEMBERSHIP_SELECTOR_HT_PHY)
2925 for (j = 0; j < sband->n_bitrates; j++) {
2926 struct ieee80211_rate *br;
2929 br = &sband->bitrates[j];
2930 if ((rate_flags & br->flags) != rate_flags)
2933 brate = DIV_ROUND_UP(br->bitrate, (1 << shift) * 5);
2934 if (brate == rate) {
2937 *basic_rates |= BIT(j);
2938 if ((rate * 5) < *min_rate) {
2939 *min_rate = rate * 5;
2940 *min_rate_index = j;
2948 static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata,
2949 struct cfg80211_bss *cbss,
2950 struct ieee80211_mgmt *mgmt, size_t len)
2952 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2953 struct ieee80211_local *local = sdata->local;
2954 struct ieee80211_supported_band *sband;
2955 struct sta_info *sta;
2957 u16 capab_info, aid;
2958 struct ieee802_11_elems elems;
2959 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
2960 const struct cfg80211_bss_ies *bss_ies = NULL;
2961 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
2966 /* AssocResp and ReassocResp have identical structure */
2968 aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
2969 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
2971 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14)))
2972 sdata_info(sdata, "invalid AID value 0x%x; bits 15:14 not set\n",
2974 aid &= ~(BIT(15) | BIT(14));
2976 ifmgd->broken_ap = false;
2978 if (aid == 0 || aid > IEEE80211_MAX_AID) {
2979 sdata_info(sdata, "invalid AID value %d (out of range), turn off PS\n",
2982 ifmgd->broken_ap = true;
2985 pos = mgmt->u.assoc_resp.variable;
2986 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems);
2988 if (!elems.supp_rates) {
2989 sdata_info(sdata, "no SuppRates element in AssocResp\n");
2994 ifmgd->tdls_chan_switch_prohibited =
2995 elems.ext_capab && elems.ext_capab_len >= 5 &&
2996 (elems.ext_capab[4] & WLAN_EXT_CAPA5_TDLS_CH_SW_PROHIBITED);
2999 * Some APs are erroneously not including some information in their
3000 * (re)association response frames. Try to recover by using the data
3001 * from the beacon or probe response. This seems to afflict mobile
3002 * 2G/3G/4G wifi routers, reported models include the "Onda PN51T",
3003 * "Vodafone PocketWiFi 2", "ZTE MF60" and a similar T-Mobile device.
3005 if ((assoc_data->wmm && !elems.wmm_param) ||
3006 (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
3007 (!elems.ht_cap_elem || !elems.ht_operation)) ||
3008 (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) &&
3009 (!elems.vht_cap_elem || !elems.vht_operation))) {
3010 const struct cfg80211_bss_ies *ies;
3011 struct ieee802_11_elems bss_elems;
3014 ies = rcu_dereference(cbss->ies);
3016 bss_ies = kmemdup(ies, sizeof(*ies) + ies->len,
3022 ieee802_11_parse_elems(bss_ies->data, bss_ies->len,
3024 if (assoc_data->wmm &&
3025 !elems.wmm_param && bss_elems.wmm_param) {
3026 elems.wmm_param = bss_elems.wmm_param;
3028 "AP bug: WMM param missing from AssocResp\n");
3032 * Also check if we requested HT/VHT, otherwise the AP doesn't
3033 * have to include the IEs in the (re)association response.
3035 if (!elems.ht_cap_elem && bss_elems.ht_cap_elem &&
3036 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) {
3037 elems.ht_cap_elem = bss_elems.ht_cap_elem;
3039 "AP bug: HT capability missing from AssocResp\n");
3041 if (!elems.ht_operation && bss_elems.ht_operation &&
3042 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) {
3043 elems.ht_operation = bss_elems.ht_operation;
3045 "AP bug: HT operation missing from AssocResp\n");
3047 if (!elems.vht_cap_elem && bss_elems.vht_cap_elem &&
3048 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) {
3049 elems.vht_cap_elem = bss_elems.vht_cap_elem;
3051 "AP bug: VHT capa missing from AssocResp\n");
3053 if (!elems.vht_operation && bss_elems.vht_operation &&
3054 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) {
3055 elems.vht_operation = bss_elems.vht_operation;
3057 "AP bug: VHT operation missing from AssocResp\n");
3062 * We previously checked these in the beacon/probe response, so
3063 * they should be present here. This is just a safety net.
3065 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
3066 (!elems.wmm_param || !elems.ht_cap_elem || !elems.ht_operation)) {
3068 "HT AP is missing WMM params or HT capability/operation\n");
3073 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) &&
3074 (!elems.vht_cap_elem || !elems.vht_operation)) {
3076 "VHT AP is missing VHT capability/operation\n");
3081 mutex_lock(&sdata->local->sta_mtx);
3083 * station info was already allocated and inserted before
3084 * the association and should be available to us
3086 sta = sta_info_get(sdata, cbss->bssid);
3087 if (WARN_ON(!sta)) {
3088 mutex_unlock(&sdata->local->sta_mtx);
3093 sband = ieee80211_get_sband(sdata);
3095 mutex_unlock(&sdata->local->sta_mtx);
3100 /* Set up internal HT/VHT capabilities */
3101 if (elems.ht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_HT))
3102 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband,
3103 elems.ht_cap_elem, sta);
3105 if (elems.vht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
3106 ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband,
3107 elems.vht_cap_elem, sta);
3110 * Some APs, e.g. Netgear WNDR3700, report invalid HT operation data
3111 * in their association response, so ignore that data for our own
3112 * configuration. If it changed since the last beacon, we'll get the
3113 * next beacon and update then.
3117 * If an operating mode notification IE is present, override the
3118 * NSS calculation (that would be done in rate_control_rate_init())
3119 * and use the # of streams from that element.
3121 if (elems.opmode_notif &&
3122 !(*elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_TYPE_BF)) {
3125 nss = *elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_MASK;
3126 nss >>= IEEE80211_OPMODE_NOTIF_RX_NSS_SHIFT;
3128 sta->sta.rx_nss = nss;
3131 rate_control_rate_init(sta);
3133 if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED) {
3134 set_sta_flag(sta, WLAN_STA_MFP);
3135 sta->sta.mfp = true;
3137 sta->sta.mfp = false;
3140 sta->sta.wme = elems.wmm_param && local->hw.queues >= IEEE80211_NUM_ACS;
3142 err = sta_info_move_state(sta, IEEE80211_STA_ASSOC);
3143 if (!err && !(ifmgd->flags & IEEE80211_STA_CONTROL_PORT))
3144 err = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED);
3147 "failed to move station %pM to desired state\n",
3149 WARN_ON(__sta_info_destroy(sta));
3150 mutex_unlock(&sdata->local->sta_mtx);
3155 mutex_unlock(&sdata->local->sta_mtx);
3158 * Always handle WMM once after association regardless
3159 * of the first value the AP uses. Setting -1 here has
3160 * that effect because the AP values is an unsigned
3163 ifmgd->wmm_last_param_set = -1;
3165 if (ifmgd->flags & IEEE80211_STA_DISABLE_WMM) {
3166 ieee80211_set_wmm_default(sdata, false, false);
3167 } else if (!ieee80211_sta_wmm_params(local, sdata, elems.wmm_param,
3168 elems.wmm_param_len)) {
3169 /* still enable QoS since we might have HT/VHT */
3170 ieee80211_set_wmm_default(sdata, false, true);
3171 /* set the disable-WMM flag in this case to disable
3172 * tracking WMM parameter changes in the beacon if
3173 * the parameters weren't actually valid. Doing so
3174 * avoids changing parameters very strangely when
3175 * the AP is going back and forth between valid and
3176 * invalid parameters.
3178 ifmgd->flags |= IEEE80211_STA_DISABLE_WMM;
3180 changed |= BSS_CHANGED_QOS;
3182 /* set AID and assoc capability,
3183 * ieee80211_set_associated() will tell the driver */
3184 bss_conf->aid = aid;
3185 bss_conf->assoc_capability = capab_info;
3186 ieee80211_set_associated(sdata, cbss, changed);
3189 * If we're using 4-addr mode, let the AP know that we're
3190 * doing so, so that it can create the STA VLAN on its side
3192 if (ifmgd->use_4addr)
3193 ieee80211_send_4addr_nullfunc(local, sdata);
3196 * Start timer to probe the connection to the AP now.
3197 * Also start the timer that will detect beacon loss.
3199 ieee80211_sta_rx_notify(sdata, (struct ieee80211_hdr *)mgmt);
3200 ieee80211_sta_reset_beacon_monitor(sdata);
3208 static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
3209 struct ieee80211_mgmt *mgmt,
3212 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3213 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
3214 u16 capab_info, status_code, aid;
3215 struct ieee802_11_elems elems;
3216 int ac, uapsd_queues = -1;
3219 struct cfg80211_bss *bss;
3220 struct ieee80211_event event = {
3222 .u.mlme.data = ASSOC_EVENT,
3225 sdata_assert_lock(sdata);
3229 if (!ether_addr_equal(assoc_data->bss->bssid, mgmt->bssid))
3233 * AssocResp and ReassocResp have identical structure, so process both
3234 * of them in this function.
3240 reassoc = ieee80211_is_reassoc_req(mgmt->frame_control);
3241 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
3242 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
3243 aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
3246 "RX %sssocResp from %pM (capab=0x%x status=%d aid=%d)\n",
3247 reassoc ? "Rea" : "A", mgmt->sa,
3248 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14))));
3250 pos = mgmt->u.assoc_resp.variable;
3251 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems);
3253 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY &&
3254 elems.timeout_int &&
3255 elems.timeout_int->type == WLAN_TIMEOUT_ASSOC_COMEBACK) {
3257 tu = le32_to_cpu(elems.timeout_int->value);
3258 ms = tu * 1024 / 1000;
3260 "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n",
3262 assoc_data->timeout = jiffies + msecs_to_jiffies(ms);
3263 assoc_data->timeout_started = true;
3264 if (ms > IEEE80211_ASSOC_TIMEOUT)
3265 run_again(sdata, assoc_data->timeout);
3269 bss = assoc_data->bss;
3271 if (status_code != WLAN_STATUS_SUCCESS) {
3272 sdata_info(sdata, "%pM denied association (code=%d)\n",
3273 mgmt->sa, status_code);
3274 ieee80211_destroy_assoc_data(sdata, false, false);
3275 event.u.mlme.status = MLME_DENIED;
3276 event.u.mlme.reason = status_code;
3277 drv_event_callback(sdata->local, sdata, &event);
3279 if (!ieee80211_assoc_success(sdata, bss, mgmt, len)) {
3280 /* oops -- internal error -- send timeout for now */
3281 ieee80211_destroy_assoc_data(sdata, false, false);
3282 cfg80211_assoc_timeout(sdata->dev, bss);
3285 event.u.mlme.status = MLME_SUCCESS;
3286 drv_event_callback(sdata->local, sdata, &event);
3287 sdata_info(sdata, "associated\n");
3290 * destroy assoc_data afterwards, as otherwise an idle
3291 * recalc after assoc_data is NULL but before associated
3292 * is set can cause the interface to go idle
3294 ieee80211_destroy_assoc_data(sdata, true, false);
3296 /* get uapsd queues configuration */
3298 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++)
3299 if (sdata->tx_conf[ac].uapsd)
3300 uapsd_queues |= BIT(ac);
3303 cfg80211_rx_assoc_resp(sdata->dev, bss, (u8 *)mgmt, len, uapsd_queues);
3306 static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
3307 struct ieee80211_mgmt *mgmt, size_t len,
3308 struct ieee80211_rx_status *rx_status,
3309 struct ieee802_11_elems *elems)
3311 struct ieee80211_local *local = sdata->local;
3312 struct ieee80211_bss *bss;
3313 struct ieee80211_channel *channel;
3315 sdata_assert_lock(sdata);
3317 channel = ieee80211_get_channel(local->hw.wiphy, rx_status->freq);
3321 bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, elems,
3324 sdata->vif.bss_conf.beacon_rate = bss->beacon_rate;
3325 ieee80211_rx_bss_put(local, bss);
3330 static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata,
3331 struct sk_buff *skb)
3333 struct ieee80211_mgmt *mgmt = (void *)skb->data;
3334 struct ieee80211_if_managed *ifmgd;
3335 struct ieee80211_rx_status *rx_status = (void *) skb->cb;
3336 size_t baselen, len = skb->len;
3337 struct ieee802_11_elems elems;
3339 ifmgd = &sdata->u.mgd;
3341 sdata_assert_lock(sdata);
3343 if (!ether_addr_equal(mgmt->da, sdata->vif.addr))
3344 return; /* ignore ProbeResp to foreign address */
3346 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt;
3350 ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen,
3353 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems);
3355 if (ifmgd->associated &&
3356 ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid))
3357 ieee80211_reset_ap_probe(sdata);
3361 * This is the canonical list of information elements we care about,
3362 * the filter code also gives us all changes to the Microsoft OUI
3363 * (00:50:F2) vendor IE which is used for WMM which we need to track,
3364 * as well as the DTPC IE (part of the Cisco OUI) used for signaling
3365 * changes to requested client power.
3367 * We implement beacon filtering in software since that means we can
3368 * avoid processing the frame here and in cfg80211, and userspace
3369 * will not be able to tell whether the hardware supports it or not.
3371 * XXX: This list needs to be dynamic -- userspace needs to be able to
3372 * add items it requires. It also needs to be able to tell us to
3373 * look out for other vendor IEs.
3375 static const u64 care_about_ies =
3376 (1ULL << WLAN_EID_COUNTRY) |
3377 (1ULL << WLAN_EID_ERP_INFO) |
3378 (1ULL << WLAN_EID_CHANNEL_SWITCH) |
3379 (1ULL << WLAN_EID_PWR_CONSTRAINT) |
3380 (1ULL << WLAN_EID_HT_CAPABILITY) |
3381 (1ULL << WLAN_EID_HT_OPERATION) |
3382 (1ULL << WLAN_EID_EXT_CHANSWITCH_ANN);
3384 static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
3385 struct ieee80211_mgmt *mgmt, size_t len,
3386 struct ieee80211_rx_status *rx_status)
3388 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3389 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
3391 struct ieee802_11_elems elems;
3392 struct ieee80211_local *local = sdata->local;
3393 struct ieee80211_chanctx_conf *chanctx_conf;
3394 struct ieee80211_channel *chan;
3395 struct sta_info *sta;
3401 u8 deauth_buf[IEEE80211_DEAUTH_FRAME_LEN];
3403 sdata_assert_lock(sdata);
3405 /* Process beacon from the current BSS */
3406 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
3411 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
3412 if (!chanctx_conf) {
3417 if (rx_status->freq != chanctx_conf->def.chan->center_freq) {
3421 chan = chanctx_conf->def.chan;
3424 if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon &&
3425 ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->bss->bssid)) {
3426 ieee802_11_parse_elems(mgmt->u.beacon.variable,
3427 len - baselen, false, &elems);
3429 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems);
3430 if (elems.tim && !elems.parse_error) {
3431 const struct ieee80211_tim_ie *tim_ie = elems.tim;
3432 ifmgd->dtim_period = tim_ie->dtim_period;
3434 ifmgd->have_beacon = true;
3435 ifmgd->assoc_data->need_beacon = false;
3436 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY)) {
3437 sdata->vif.bss_conf.sync_tsf =
3438 le64_to_cpu(mgmt->u.beacon.timestamp);
3439 sdata->vif.bss_conf.sync_device_ts =
3440 rx_status->device_timestamp;
3442 sdata->vif.bss_conf.sync_dtim_count =
3443 elems.tim->dtim_count;
3445 sdata->vif.bss_conf.sync_dtim_count = 0;
3447 /* continue assoc process */
3448 ifmgd->assoc_data->timeout = jiffies;
3449 ifmgd->assoc_data->timeout_started = true;
3450 run_again(sdata, ifmgd->assoc_data->timeout);
3454 if (!ifmgd->associated ||
3455 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid))
3457 bssid = ifmgd->associated->bssid;
3459 /* Track average RSSI from the Beacon frames of the current AP */
3460 if (ifmgd->flags & IEEE80211_STA_RESET_SIGNAL_AVE) {
3461 ifmgd->flags &= ~IEEE80211_STA_RESET_SIGNAL_AVE;
3462 ewma_beacon_signal_init(&ifmgd->ave_beacon_signal);
3463 ifmgd->last_cqm_event_signal = 0;
3464 ifmgd->count_beacon_signal = 1;
3465 ifmgd->last_ave_beacon_signal = 0;
3467 ifmgd->count_beacon_signal++;
3470 ewma_beacon_signal_add(&ifmgd->ave_beacon_signal, -rx_status->signal);
3472 if (ifmgd->rssi_min_thold != ifmgd->rssi_max_thold &&
3473 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) {
3474 int sig = -ewma_beacon_signal_read(&ifmgd->ave_beacon_signal);
3475 int last_sig = ifmgd->last_ave_beacon_signal;
3476 struct ieee80211_event event = {
3481 * if signal crosses either of the boundaries, invoke callback
3482 * with appropriate parameters
3484 if (sig > ifmgd->rssi_max_thold &&
3485 (last_sig <= ifmgd->rssi_min_thold || last_sig == 0)) {
3486 ifmgd->last_ave_beacon_signal = sig;
3487 event.u.rssi.data = RSSI_EVENT_HIGH;
3488 drv_event_callback(local, sdata, &event);
3489 } else if (sig < ifmgd->rssi_min_thold &&
3490 (last_sig >= ifmgd->rssi_max_thold ||
3492 ifmgd->last_ave_beacon_signal = sig;
3493 event.u.rssi.data = RSSI_EVENT_LOW;
3494 drv_event_callback(local, sdata, &event);
3498 if (bss_conf->cqm_rssi_thold &&
3499 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT &&
3500 !(sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI)) {
3501 int sig = -ewma_beacon_signal_read(&ifmgd->ave_beacon_signal);
3502 int last_event = ifmgd->last_cqm_event_signal;
3503 int thold = bss_conf->cqm_rssi_thold;
3504 int hyst = bss_conf->cqm_rssi_hyst;
3507 (last_event == 0 || sig < last_event - hyst)) {
3508 ifmgd->last_cqm_event_signal = sig;
3509 ieee80211_cqm_rssi_notify(
3511 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW,
3513 } else if (sig > thold &&
3514 (last_event == 0 || sig > last_event + hyst)) {
3515 ifmgd->last_cqm_event_signal = sig;
3516 ieee80211_cqm_rssi_notify(
3518 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH,
3523 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) {
3524 mlme_dbg_ratelimited(sdata,
3525 "cancelling AP probe due to a received beacon\n");
3526 ieee80211_reset_ap_probe(sdata);
3530 * Push the beacon loss detection into the future since
3531 * we are processing a beacon from the AP just now.
3533 ieee80211_sta_reset_beacon_monitor(sdata);
3535 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4);
3536 ncrc = ieee802_11_parse_elems_crc(mgmt->u.beacon.variable,
3537 len - baselen, false, &elems,
3538 care_about_ies, ncrc);
3540 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) &&
3541 ieee80211_check_tim(elems.tim, elems.tim_len, ifmgd->aid)) {
3542 if (local->hw.conf.dynamic_ps_timeout > 0) {
3543 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
3544 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
3545 ieee80211_hw_config(local,
3546 IEEE80211_CONF_CHANGE_PS);
3548 ieee80211_send_nullfunc(local, sdata, false);
3549 } else if (!local->pspolling && sdata->u.mgd.powersave) {
3550 local->pspolling = true;
3553 * Here is assumed that the driver will be
3554 * able to send ps-poll frame and receive a
3555 * response even though power save mode is
3556 * enabled, but some drivers might require
3557 * to disable power save here. This needs
3558 * to be investigated.
3560 ieee80211_send_pspoll(local, sdata);
3564 if (sdata->vif.p2p ||
3565 sdata->vif.driver_flags & IEEE80211_VIF_GET_NOA_UPDATE) {
3566 struct ieee80211_p2p_noa_attr noa = {};
3569 ret = cfg80211_get_p2p_attr(mgmt->u.beacon.variable,
3571 IEEE80211_P2P_ATTR_ABSENCE_NOTICE,
3572 (u8 *) &noa, sizeof(noa));
3574 if (sdata->u.mgd.p2p_noa_index != noa.index) {
3575 /* valid noa_attr and index changed */
3576 sdata->u.mgd.p2p_noa_index = noa.index;
3577 memcpy(&bss_conf->p2p_noa_attr, &noa, sizeof(noa));
3578 changed |= BSS_CHANGED_P2P_PS;
3580 * make sure we update all information, the CRC
3581 * mechanism doesn't look at P2P attributes.
3583 ifmgd->beacon_crc_valid = false;
3585 } else if (sdata->u.mgd.p2p_noa_index != -1) {
3586 /* noa_attr not found and we had valid noa_attr before */
3587 sdata->u.mgd.p2p_noa_index = -1;
3588 memset(&bss_conf->p2p_noa_attr, 0, sizeof(bss_conf->p2p_noa_attr));
3589 changed |= BSS_CHANGED_P2P_PS;
3590 ifmgd->beacon_crc_valid = false;
3594 if (ifmgd->csa_waiting_bcn)
3595 ieee80211_chswitch_post_beacon(sdata);
3598 * Update beacon timing and dtim count on every beacon appearance. This
3599 * will allow the driver to use the most updated values. Do it before
3600 * comparing this one with last received beacon.
3601 * IMPORTANT: These parameters would possibly be out of sync by the time
3602 * the driver will use them. The synchronized view is currently
3603 * guaranteed only in certain callbacks.
3605 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY)) {
3606 sdata->vif.bss_conf.sync_tsf =
3607 le64_to_cpu(mgmt->u.beacon.timestamp);
3608 sdata->vif.bss_conf.sync_device_ts =
3609 rx_status->device_timestamp;
3611 sdata->vif.bss_conf.sync_dtim_count =
3612 elems.tim->dtim_count;
3614 sdata->vif.bss_conf.sync_dtim_count = 0;
3617 if (ncrc == ifmgd->beacon_crc && ifmgd->beacon_crc_valid)
3619 ifmgd->beacon_crc = ncrc;
3620 ifmgd->beacon_crc_valid = true;
3622 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems);
3624 ieee80211_sta_process_chanswitch(sdata, rx_status->mactime,
3625 rx_status->device_timestamp,
3628 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_WMM) &&
3629 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param,
3630 elems.wmm_param_len))
3631 changed |= BSS_CHANGED_QOS;
3634 * If we haven't had a beacon before, tell the driver about the
3635 * DTIM period (and beacon timing if desired) now.
3637 if (!ifmgd->have_beacon) {
3638 /* a few bogus AP send dtim_period = 0 or no TIM IE */
3640 bss_conf->dtim_period = elems.tim->dtim_period ?: 1;
3642 bss_conf->dtim_period = 1;
3644 changed |= BSS_CHANGED_BEACON_INFO;
3645 ifmgd->have_beacon = true;
3647 mutex_lock(&local->iflist_mtx);
3648 ieee80211_recalc_ps(local);
3649 mutex_unlock(&local->iflist_mtx);
3651 ieee80211_recalc_ps_vif(sdata);
3654 if (elems.erp_info) {
3656 erp_value = elems.erp_info[0];
3660 changed |= ieee80211_handle_bss_capability(sdata,
3661 le16_to_cpu(mgmt->u.beacon.capab_info),
3662 erp_valid, erp_value);
3664 mutex_lock(&local->sta_mtx);
3665 sta = sta_info_get(sdata, bssid);
3667 if (ieee80211_config_bw(sdata, sta,
3668 elems.ht_cap_elem, elems.ht_operation,
3669 elems.vht_operation, bssid, &changed)) {
3670 mutex_unlock(&local->sta_mtx);
3672 "failed to follow AP %pM bandwidth change, disconnect\n",
3674 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
3675 WLAN_REASON_DEAUTH_LEAVING,
3677 ieee80211_report_disconnect(sdata, deauth_buf,
3678 sizeof(deauth_buf), true,
3679 WLAN_REASON_DEAUTH_LEAVING);
3683 if (sta && elems.opmode_notif)
3684 ieee80211_vht_handle_opmode(sdata, sta, *elems.opmode_notif,
3686 mutex_unlock(&local->sta_mtx);
3688 changed |= ieee80211_handle_pwr_constr(sdata, chan, mgmt,
3690 elems.country_elem_len,
3691 elems.pwr_constr_elem,
3692 elems.cisco_dtpc_elem);
3694 ieee80211_bss_info_change_notify(sdata, changed);
3697 void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
3698 struct sk_buff *skb)
3700 struct ieee80211_rx_status *rx_status;
3701 struct ieee80211_mgmt *mgmt;
3703 struct ieee802_11_elems elems;
3706 rx_status = (struct ieee80211_rx_status *) skb->cb;
3707 mgmt = (struct ieee80211_mgmt *) skb->data;
3708 fc = le16_to_cpu(mgmt->frame_control);
3712 switch (fc & IEEE80211_FCTL_STYPE) {
3713 case IEEE80211_STYPE_BEACON:
3714 ieee80211_rx_mgmt_beacon(sdata, mgmt, skb->len, rx_status);
3716 case IEEE80211_STYPE_PROBE_RESP:
3717 ieee80211_rx_mgmt_probe_resp(sdata, skb);
3719 case IEEE80211_STYPE_AUTH:
3720 ieee80211_rx_mgmt_auth(sdata, mgmt, skb->len);
3722 case IEEE80211_STYPE_DEAUTH:
3723 ieee80211_rx_mgmt_deauth(sdata, mgmt, skb->len);
3725 case IEEE80211_STYPE_DISASSOC:
3726 ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len);
3728 case IEEE80211_STYPE_ASSOC_RESP:
3729 case IEEE80211_STYPE_REASSOC_RESP:
3730 ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len);
3732 case IEEE80211_STYPE_ACTION:
3733 if (mgmt->u.action.category == WLAN_CATEGORY_SPECTRUM_MGMT) {
3734 ies_len = skb->len -
3735 offsetof(struct ieee80211_mgmt,
3736 u.action.u.chan_switch.variable);
3741 ieee802_11_parse_elems(
3742 mgmt->u.action.u.chan_switch.variable,
3743 ies_len, true, &elems);
3745 if (elems.parse_error)
3748 ieee80211_sta_process_chanswitch(sdata,
3750 rx_status->device_timestamp,
3752 } else if (mgmt->u.action.category == WLAN_CATEGORY_PUBLIC) {
3753 ies_len = skb->len -
3754 offsetof(struct ieee80211_mgmt,
3755 u.action.u.ext_chan_switch.variable);
3760 ieee802_11_parse_elems(
3761 mgmt->u.action.u.ext_chan_switch.variable,
3762 ies_len, true, &elems);
3764 if (elems.parse_error)
3767 /* for the handling code pretend this was also an IE */
3768 elems.ext_chansw_ie =
3769 &mgmt->u.action.u.ext_chan_switch.data;
3771 ieee80211_sta_process_chanswitch(sdata,
3773 rx_status->device_timestamp,
3778 sdata_unlock(sdata);
3781 static void ieee80211_sta_timer(unsigned long data)
3783 struct ieee80211_sub_if_data *sdata =
3784 (struct ieee80211_sub_if_data *) data;
3786 ieee80211_queue_work(&sdata->local->hw, &sdata->work);
3789 static void ieee80211_sta_connection_lost(struct ieee80211_sub_if_data *sdata,
3790 u8 *bssid, u8 reason, bool tx)
3792 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
3794 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, reason,
3797 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true,
3801 static int ieee80211_auth(struct ieee80211_sub_if_data *sdata)
3803 struct ieee80211_local *local = sdata->local;
3804 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3805 struct ieee80211_mgd_auth_data *auth_data = ifmgd->auth_data;
3810 sdata_assert_lock(sdata);
3812 if (WARN_ON_ONCE(!auth_data))
3817 if (auth_data->tries > IEEE80211_AUTH_MAX_TRIES) {
3818 sdata_info(sdata, "authentication with %pM timed out\n",
3819 auth_data->bss->bssid);
3822 * Most likely AP is not in the range so remove the
3823 * bss struct for that AP.
3825 cfg80211_unlink_bss(local->hw.wiphy, auth_data->bss);
3830 drv_mgd_prepare_tx(local, sdata);
3832 sdata_info(sdata, "send auth to %pM (try %d/%d)\n",
3833 auth_data->bss->bssid, auth_data->tries,
3834 IEEE80211_AUTH_MAX_TRIES);
3836 auth_data->expected_transaction = 2;
3838 if (auth_data->algorithm == WLAN_AUTH_SAE) {
3839 trans = auth_data->sae_trans;
3840 status = auth_data->sae_status;
3841 auth_data->expected_transaction = trans;
3844 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
3845 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
3846 IEEE80211_TX_INTFL_MLME_CONN_TX;
3848 ieee80211_send_auth(sdata, trans, auth_data->algorithm, status,
3849 auth_data->data, auth_data->data_len,
3850 auth_data->bss->bssid,
3851 auth_data->bss->bssid, NULL, 0, 0,
3854 if (tx_flags == 0) {
3855 auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
3856 auth_data->timeout_started = true;
3857 run_again(sdata, auth_data->timeout);
3859 auth_data->timeout =
3860 round_jiffies_up(jiffies + IEEE80211_AUTH_TIMEOUT_LONG);
3861 auth_data->timeout_started = true;
3862 run_again(sdata, auth_data->timeout);
3868 static int ieee80211_do_assoc(struct ieee80211_sub_if_data *sdata)
3870 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data;
3871 struct ieee80211_local *local = sdata->local;
3873 sdata_assert_lock(sdata);
3875 assoc_data->tries++;
3876 if (assoc_data->tries > IEEE80211_ASSOC_MAX_TRIES) {
3877 sdata_info(sdata, "association with %pM timed out\n",
3878 assoc_data->bss->bssid);
3881 * Most likely AP is not in the range so remove the
3882 * bss struct for that AP.
3884 cfg80211_unlink_bss(local->hw.wiphy, assoc_data->bss);
3889 sdata_info(sdata, "associate with %pM (try %d/%d)\n",
3890 assoc_data->bss->bssid, assoc_data->tries,
3891 IEEE80211_ASSOC_MAX_TRIES);
3892 ieee80211_send_assoc(sdata);
3894 if (!ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) {
3895 assoc_data->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT;
3896 assoc_data->timeout_started = true;
3897 run_again(sdata, assoc_data->timeout);
3899 assoc_data->timeout =
3900 round_jiffies_up(jiffies +
3901 IEEE80211_ASSOC_TIMEOUT_LONG);
3902 assoc_data->timeout_started = true;
3903 run_again(sdata, assoc_data->timeout);
3909 void ieee80211_mgd_conn_tx_status(struct ieee80211_sub_if_data *sdata,
3910 __le16 fc, bool acked)
3912 struct ieee80211_local *local = sdata->local;
3914 sdata->u.mgd.status_fc = fc;
3915 sdata->u.mgd.status_acked = acked;
3916 sdata->u.mgd.status_received = true;
3918 ieee80211_queue_work(&local->hw, &sdata->work);
3921 void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata)
3923 struct ieee80211_local *local = sdata->local;
3924 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3928 if (ifmgd->status_received) {
3929 __le16 fc = ifmgd->status_fc;
3930 bool status_acked = ifmgd->status_acked;
3932 ifmgd->status_received = false;
3933 if (ifmgd->auth_data && ieee80211_is_auth(fc)) {
3935 ifmgd->auth_data->timeout =
3936 jiffies + IEEE80211_AUTH_TIMEOUT_SHORT;
3937 run_again(sdata, ifmgd->auth_data->timeout);
3939 ifmgd->auth_data->timeout = jiffies - 1;
3941 ifmgd->auth_data->timeout_started = true;
3942 } else if (ifmgd->assoc_data &&
3943 (ieee80211_is_assoc_req(fc) ||
3944 ieee80211_is_reassoc_req(fc))) {
3946 ifmgd->assoc_data->timeout =
3947 jiffies + IEEE80211_ASSOC_TIMEOUT_SHORT;
3948 run_again(sdata, ifmgd->assoc_data->timeout);
3950 ifmgd->assoc_data->timeout = jiffies - 1;
3952 ifmgd->assoc_data->timeout_started = true;
3956 if (ifmgd->auth_data && ifmgd->auth_data->timeout_started &&
3957 time_after(jiffies, ifmgd->auth_data->timeout)) {
3958 if (ifmgd->auth_data->done) {
3960 * ok ... we waited for assoc but userspace didn't,
3961 * so let's just kill the auth data
3963 ieee80211_destroy_auth_data(sdata, false);
3964 } else if (ieee80211_auth(sdata)) {
3966 struct ieee80211_event event = {
3968 .u.mlme.data = AUTH_EVENT,
3969 .u.mlme.status = MLME_TIMEOUT,
3972 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN);
3974 ieee80211_destroy_auth_data(sdata, false);
3976 cfg80211_auth_timeout(sdata->dev, bssid);
3977 drv_event_callback(sdata->local, sdata, &event);
3979 } else if (ifmgd->auth_data && ifmgd->auth_data->timeout_started)
3980 run_again(sdata, ifmgd->auth_data->timeout);
3982 if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started &&
3983 time_after(jiffies, ifmgd->assoc_data->timeout)) {
3984 if ((ifmgd->assoc_data->need_beacon && !ifmgd->have_beacon) ||
3985 ieee80211_do_assoc(sdata)) {
3986 struct cfg80211_bss *bss = ifmgd->assoc_data->bss;
3987 struct ieee80211_event event = {
3989 .u.mlme.data = ASSOC_EVENT,
3990 .u.mlme.status = MLME_TIMEOUT,
3993 ieee80211_destroy_assoc_data(sdata, false, false);
3994 cfg80211_assoc_timeout(sdata->dev, bss);
3995 drv_event_callback(sdata->local, sdata, &event);
3997 } else if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started)
3998 run_again(sdata, ifmgd->assoc_data->timeout);
4000 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL &&
4001 ifmgd->associated) {
4005 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN);
4007 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
4008 max_tries = max_nullfunc_tries;
4010 max_tries = max_probe_tries;
4012 /* ACK received for nullfunc probing frame */
4013 if (!ifmgd->probe_send_count)
4014 ieee80211_reset_ap_probe(sdata);
4015 else if (ifmgd->nullfunc_failed) {
4016 if (ifmgd->probe_send_count < max_tries) {
4018 "No ack for nullfunc frame to AP %pM, try %d/%i\n",
4019 bssid, ifmgd->probe_send_count,
4021 ieee80211_mgd_probe_ap_send(sdata);
4024 "No ack for nullfunc frame to AP %pM, disconnecting.\n",
4026 ieee80211_sta_connection_lost(sdata, bssid,
4027 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
4030 } else if (time_is_after_jiffies(ifmgd->probe_timeout))
4031 run_again(sdata, ifmgd->probe_timeout);
4032 else if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) {
4034 "Failed to send nullfunc to AP %pM after %dms, disconnecting\n",
4035 bssid, probe_wait_ms);
4036 ieee80211_sta_connection_lost(sdata, bssid,
4037 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false);
4038 } else if (ifmgd->probe_send_count < max_tries) {
4040 "No probe response from AP %pM after %dms, try %d/%i\n",
4041 bssid, probe_wait_ms,
4042 ifmgd->probe_send_count, max_tries);
4043 ieee80211_mgd_probe_ap_send(sdata);
4046 * We actually lost the connection ... or did we?
4050 "No probe response from AP %pM after %dms, disconnecting.\n",
4051 bssid, probe_wait_ms);
4053 ieee80211_sta_connection_lost(sdata, bssid,
4054 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false);
4058 sdata_unlock(sdata);
4061 static void ieee80211_sta_bcn_mon_timer(unsigned long data)
4063 struct ieee80211_sub_if_data *sdata =
4064 (struct ieee80211_sub_if_data *) data;
4065 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4067 if (sdata->vif.csa_active && !ifmgd->csa_waiting_bcn)
4070 sdata->u.mgd.connection_loss = false;
4071 ieee80211_queue_work(&sdata->local->hw,
4072 &sdata->u.mgd.beacon_connection_loss_work);
4075 static void ieee80211_sta_conn_mon_timer(unsigned long data)
4077 struct ieee80211_sub_if_data *sdata =
4078 (struct ieee80211_sub_if_data *) data;
4079 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4080 struct ieee80211_local *local = sdata->local;
4082 if (sdata->vif.csa_active && !ifmgd->csa_waiting_bcn)
4085 ieee80211_queue_work(&local->hw, &ifmgd->monitor_work);
4088 static void ieee80211_sta_monitor_work(struct work_struct *work)
4090 struct ieee80211_sub_if_data *sdata =
4091 container_of(work, struct ieee80211_sub_if_data,
4092 u.mgd.monitor_work);
4094 ieee80211_mgd_probe_ap(sdata, false);
4097 static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata)
4099 if (sdata->vif.type == NL80211_IFTYPE_STATION) {
4100 __ieee80211_stop_poll(sdata);
4102 /* let's probe the connection once */
4103 if (!ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
4104 ieee80211_queue_work(&sdata->local->hw,
4105 &sdata->u.mgd.monitor_work);
4110 void ieee80211_mgd_quiesce(struct ieee80211_sub_if_data *sdata)
4112 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4113 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
4117 if (ifmgd->auth_data || ifmgd->assoc_data) {
4118 const u8 *bssid = ifmgd->auth_data ?
4119 ifmgd->auth_data->bss->bssid :
4120 ifmgd->assoc_data->bss->bssid;
4123 * If we are trying to authenticate / associate while suspending,
4124 * cfg80211 won't know and won't actually abort those attempts,
4125 * thus we need to do that ourselves.
4127 ieee80211_send_deauth_disassoc(sdata, bssid,
4128 IEEE80211_STYPE_DEAUTH,
4129 WLAN_REASON_DEAUTH_LEAVING,
4131 if (ifmgd->assoc_data)
4132 ieee80211_destroy_assoc_data(sdata, false, true);
4133 if (ifmgd->auth_data)
4134 ieee80211_destroy_auth_data(sdata, false);
4135 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,
4136 IEEE80211_DEAUTH_FRAME_LEN);
4139 /* This is a bit of a hack - we should find a better and more generic
4140 * solution to this. Normally when suspending, cfg80211 will in fact
4141 * deauthenticate. However, it doesn't (and cannot) stop an ongoing
4142 * auth (not so important) or assoc (this is the problem) process.
4144 * As a consequence, it can happen that we are in the process of both
4145 * associating and suspending, and receive an association response
4146 * after cfg80211 has checked if it needs to disconnect, but before
4147 * we actually set the flag to drop incoming frames. This will then
4148 * cause the workqueue flush to process the association response in
4149 * the suspend, resulting in a successful association just before it
4150 * tries to remove the interface from the driver, which now though
4151 * has a channel context assigned ... this results in issues.
4153 * To work around this (for now) simply deauth here again if we're
4156 if (ifmgd->associated && !sdata->local->wowlan) {
4158 struct cfg80211_deauth_request req = {
4159 .reason_code = WLAN_REASON_DEAUTH_LEAVING,
4163 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN);
4164 ieee80211_mgd_deauth(sdata, &req);
4167 sdata_unlock(sdata);
4170 void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata)
4172 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4175 if (!ifmgd->associated) {
4176 sdata_unlock(sdata);
4180 if (sdata->flags & IEEE80211_SDATA_DISCONNECT_RESUME) {
4181 sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_RESUME;
4182 mlme_dbg(sdata, "driver requested disconnect after resume\n");
4183 ieee80211_sta_connection_lost(sdata,
4184 ifmgd->associated->bssid,
4185 WLAN_REASON_UNSPECIFIED,
4187 sdata_unlock(sdata);
4190 sdata_unlock(sdata);
4194 /* interface setup */
4195 void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata)
4197 struct ieee80211_if_managed *ifmgd;
4199 ifmgd = &sdata->u.mgd;
4200 INIT_WORK(&ifmgd->monitor_work, ieee80211_sta_monitor_work);
4201 INIT_WORK(&ifmgd->chswitch_work, ieee80211_chswitch_work);
4202 INIT_WORK(&ifmgd->beacon_connection_loss_work,
4203 ieee80211_beacon_connection_loss_work);
4204 INIT_WORK(&ifmgd->csa_connection_drop_work,
4205 ieee80211_csa_connection_drop_work);
4206 INIT_WORK(&ifmgd->request_smps_work, ieee80211_request_smps_mgd_work);
4207 INIT_DELAYED_WORK(&ifmgd->tdls_peer_del_work,
4208 ieee80211_tdls_peer_del_work);
4209 setup_timer(&ifmgd->timer, ieee80211_sta_timer,
4210 (unsigned long) sdata);
4211 setup_timer(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer,
4212 (unsigned long) sdata);
4213 setup_timer(&ifmgd->conn_mon_timer, ieee80211_sta_conn_mon_timer,
4214 (unsigned long) sdata);
4215 setup_timer(&ifmgd->chswitch_timer, ieee80211_chswitch_timer,
4216 (unsigned long) sdata);
4217 INIT_DELAYED_WORK(&ifmgd->tx_tspec_wk,
4218 ieee80211_sta_handle_tspec_ac_params_wk);
4221 ifmgd->powersave = sdata->wdev.ps;
4222 ifmgd->uapsd_queues = sdata->local->hw.uapsd_queues;
4223 ifmgd->uapsd_max_sp_len = sdata->local->hw.uapsd_max_sp_len;
4224 ifmgd->p2p_noa_index = -1;
4226 if (sdata->local->hw.wiphy->features & NL80211_FEATURE_DYNAMIC_SMPS)
4227 ifmgd->req_smps = IEEE80211_SMPS_AUTOMATIC;
4229 ifmgd->req_smps = IEEE80211_SMPS_OFF;
4231 /* Setup TDLS data */
4232 spin_lock_init(&ifmgd->teardown_lock);
4233 ifmgd->teardown_skb = NULL;
4234 ifmgd->orig_teardown_skb = NULL;
4237 /* scan finished notification */
4238 void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local)
4240 struct ieee80211_sub_if_data *sdata;
4242 /* Restart STA timers */
4244 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
4245 if (ieee80211_sdata_running(sdata))
4246 ieee80211_restart_sta_timer(sdata);
4251 static u8 ieee80211_ht_vht_rx_chains(struct ieee80211_sub_if_data *sdata,
4252 struct cfg80211_bss *cbss)
4254 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4255 const u8 *ht_cap_ie, *vht_cap_ie;
4256 const struct ieee80211_ht_cap *ht_cap;
4257 const struct ieee80211_vht_cap *vht_cap;
4260 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT)
4263 ht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY);
4264 if (ht_cap_ie && ht_cap_ie[1] >= sizeof(*ht_cap)) {
4265 ht_cap = (void *)(ht_cap_ie + 2);
4266 chains = ieee80211_mcs_to_chains(&ht_cap->mcs);
4268 * TODO: use "Tx Maximum Number Spatial Streams Supported" and
4269 * "Tx Unequal Modulation Supported" fields.
4273 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT)
4276 vht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY);
4277 if (vht_cap_ie && vht_cap_ie[1] >= sizeof(*vht_cap)) {
4281 vht_cap = (void *)(vht_cap_ie + 2);
4282 tx_mcs_map = le16_to_cpu(vht_cap->supp_mcs.tx_mcs_map);
4283 for (nss = 8; nss > 0; nss--) {
4284 if (((tx_mcs_map >> (2 * (nss - 1))) & 3) !=
4285 IEEE80211_VHT_MCS_NOT_SUPPORTED)
4288 /* TODO: use "Tx Highest Supported Long GI Data Rate" field? */
4289 chains = max(chains, nss);
4295 static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata,
4296 struct cfg80211_bss *cbss)
4298 struct ieee80211_local *local = sdata->local;
4299 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4300 const struct ieee80211_ht_cap *ht_cap = NULL;
4301 const struct ieee80211_ht_operation *ht_oper = NULL;
4302 const struct ieee80211_vht_operation *vht_oper = NULL;
4303 struct ieee80211_supported_band *sband;
4304 struct cfg80211_chan_def chandef;
4309 sband = local->hw.wiphy->bands[cbss->channel->band];
4311 ifmgd->flags &= ~(IEEE80211_STA_DISABLE_40MHZ |
4312 IEEE80211_STA_DISABLE_80P80MHZ |
4313 IEEE80211_STA_DISABLE_160MHZ);
4317 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
4318 sband->ht_cap.ht_supported) {
4319 const u8 *ht_oper_ie, *ht_cap_ie;
4321 ht_oper_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_OPERATION);
4322 if (ht_oper_ie && ht_oper_ie[1] >= sizeof(*ht_oper))
4323 ht_oper = (void *)(ht_oper_ie + 2);
4325 ht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY);
4326 if (ht_cap_ie && ht_cap_ie[1] >= sizeof(*ht_cap))
4327 ht_cap = (void *)(ht_cap_ie + 2);
4330 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4335 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) &&
4336 sband->vht_cap.vht_supported) {
4337 const u8 *vht_oper_ie, *vht_cap;
4339 vht_oper_ie = ieee80211_bss_get_ie(cbss,
4340 WLAN_EID_VHT_OPERATION);
4341 if (vht_oper_ie && vht_oper_ie[1] >= sizeof(*vht_oper))
4342 vht_oper = (void *)(vht_oper_ie + 2);
4343 if (vht_oper && !ht_oper) {
4346 "AP advertised VHT without HT, disabling both\n");
4347 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4348 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4351 vht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY);
4352 if (!vht_cap || vht_cap[1] < sizeof(struct ieee80211_vht_cap)) {
4353 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4358 /* Allow VHT if at least one channel on the sband supports 80 MHz */
4360 for (i = 0; i < sband->n_channels; i++) {
4361 if (sband->channels[i].flags & (IEEE80211_CHAN_DISABLED |
4362 IEEE80211_CHAN_NO_80MHZ))
4370 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4372 ifmgd->flags |= ieee80211_determine_chantype(sdata, sband,
4374 ht_cap, ht_oper, vht_oper,
4377 sdata->needed_rx_chains = min(ieee80211_ht_vht_rx_chains(sdata, cbss),
4382 /* will change later if needed */
4383 sdata->smps_mode = IEEE80211_SMPS_OFF;
4385 mutex_lock(&local->mtx);
4387 * If this fails (possibly due to channel context sharing
4388 * on incompatible channels, e.g. 80+80 and 160 sharing the
4389 * same control channel) try to use a smaller bandwidth.
4391 ret = ieee80211_vif_use_channel(sdata, &chandef,
4392 IEEE80211_CHANCTX_SHARED);
4394 /* don't downgrade for 5 and 10 MHz channels, though. */
4395 if (chandef.width == NL80211_CHAN_WIDTH_5 ||
4396 chandef.width == NL80211_CHAN_WIDTH_10)
4399 while (ret && chandef.width != NL80211_CHAN_WIDTH_20_NOHT) {
4400 ifmgd->flags |= ieee80211_chandef_downgrade(&chandef);
4401 ret = ieee80211_vif_use_channel(sdata, &chandef,
4402 IEEE80211_CHANCTX_SHARED);
4405 mutex_unlock(&local->mtx);
4409 static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata,
4410 struct cfg80211_bss *cbss, bool assoc,
4413 struct ieee80211_local *local = sdata->local;
4414 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4415 struct ieee80211_bss *bss = (void *)cbss->priv;
4416 struct sta_info *new_sta = NULL;
4417 struct ieee80211_supported_band *sband;
4418 bool have_sta = false;
4421 sband = local->hw.wiphy->bands[cbss->channel->band];
4423 if (WARN_ON(!ifmgd->auth_data && !ifmgd->assoc_data))
4426 /* If a reconfig is happening, bail out */
4427 if (local->in_reconfig)
4432 have_sta = sta_info_get(sdata, cbss->bssid);
4437 new_sta = sta_info_alloc(sdata, cbss->bssid, GFP_KERNEL);
4442 if (new_sta || override) {
4443 err = ieee80211_prep_channel(sdata, cbss);
4446 sta_info_free(local, new_sta);
4452 u32 rates = 0, basic_rates = 0;
4453 bool have_higher_than_11mbit = false;
4454 int min_rate = INT_MAX, min_rate_index = -1;
4455 struct ieee80211_chanctx_conf *chanctx_conf;
4456 const struct cfg80211_bss_ies *ies;
4457 int shift = ieee80211_vif_get_shift(&sdata->vif);
4461 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
4462 if (WARN_ON(!chanctx_conf)) {
4464 sta_info_free(local, new_sta);
4467 rate_flags = ieee80211_chandef_rate_flags(&chanctx_conf->def);
4470 ieee80211_get_rates(sband, bss->supp_rates,
4471 bss->supp_rates_len,
4472 &rates, &basic_rates,
4473 &have_higher_than_11mbit,
4474 &min_rate, &min_rate_index,
4478 * This used to be a workaround for basic rates missing
4479 * in the association response frame. Now that we no
4480 * longer use the basic rates from there, it probably
4481 * doesn't happen any more, but keep the workaround so
4482 * in case some *other* APs are buggy in different ways
4483 * we can connect -- with a warning.
4485 if (!basic_rates && min_rate_index >= 0) {
4487 "No basic rates, using min rate instead\n");
4488 basic_rates = BIT(min_rate_index);
4491 new_sta->sta.supp_rates[cbss->channel->band] = rates;
4492 sdata->vif.bss_conf.basic_rates = basic_rates;
4494 /* cf. IEEE 802.11 9.2.12 */
4495 if (cbss->channel->band == NL80211_BAND_2GHZ &&
4496 have_higher_than_11mbit)
4497 sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE;
4499 sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE;
4501 memcpy(ifmgd->bssid, cbss->bssid, ETH_ALEN);
4503 /* set timing information */
4504 sdata->vif.bss_conf.beacon_int = cbss->beacon_interval;
4506 ies = rcu_dereference(cbss->beacon_ies);
4510 sdata->vif.bss_conf.sync_tsf = ies->tsf;
4511 sdata->vif.bss_conf.sync_device_ts =
4512 bss->device_ts_beacon;
4513 tim_ie = cfg80211_find_ie(WLAN_EID_TIM,
4514 ies->data, ies->len);
4515 if (tim_ie && tim_ie[1] >= 2)
4516 sdata->vif.bss_conf.sync_dtim_count = tim_ie[2];
4518 sdata->vif.bss_conf.sync_dtim_count = 0;
4519 } else if (!ieee80211_hw_check(&sdata->local->hw,
4520 TIMING_BEACON_ONLY)) {
4521 ies = rcu_dereference(cbss->proberesp_ies);
4522 /* must be non-NULL since beacon IEs were NULL */
4523 sdata->vif.bss_conf.sync_tsf = ies->tsf;
4524 sdata->vif.bss_conf.sync_device_ts =
4525 bss->device_ts_presp;
4526 sdata->vif.bss_conf.sync_dtim_count = 0;
4528 sdata->vif.bss_conf.sync_tsf = 0;
4529 sdata->vif.bss_conf.sync_device_ts = 0;
4530 sdata->vif.bss_conf.sync_dtim_count = 0;
4534 /* tell driver about BSSID, basic rates and timing */
4535 ieee80211_bss_info_change_notify(sdata,
4536 BSS_CHANGED_BSSID | BSS_CHANGED_BASIC_RATES |
4537 BSS_CHANGED_BEACON_INT);
4540 sta_info_pre_move_state(new_sta, IEEE80211_STA_AUTH);
4542 err = sta_info_insert(new_sta);
4546 "failed to insert STA entry for the AP (error %d)\n",
4551 WARN_ON_ONCE(!ether_addr_equal(ifmgd->bssid, cbss->bssid));
4553 /* Cancel scan to ensure that nothing interferes with connection */
4554 if (local->scanning)
4555 ieee80211_scan_cancel(local);
4561 int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata,
4562 struct cfg80211_auth_request *req)
4564 struct ieee80211_local *local = sdata->local;
4565 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4566 struct ieee80211_mgd_auth_data *auth_data;
4570 /* prepare auth data structure */
4572 switch (req->auth_type) {
4573 case NL80211_AUTHTYPE_OPEN_SYSTEM:
4574 auth_alg = WLAN_AUTH_OPEN;
4576 case NL80211_AUTHTYPE_SHARED_KEY:
4577 if (IS_ERR(local->wep_tx_tfm))
4579 auth_alg = WLAN_AUTH_SHARED_KEY;
4581 case NL80211_AUTHTYPE_FT:
4582 auth_alg = WLAN_AUTH_FT;
4584 case NL80211_AUTHTYPE_NETWORK_EAP:
4585 auth_alg = WLAN_AUTH_LEAP;
4587 case NL80211_AUTHTYPE_SAE:
4588 auth_alg = WLAN_AUTH_SAE;
4594 auth_data = kzalloc(sizeof(*auth_data) + req->sae_data_len +
4595 req->ie_len, GFP_KERNEL);
4599 auth_data->bss = req->bss;
4601 if (req->sae_data_len >= 4) {
4602 __le16 *pos = (__le16 *) req->sae_data;
4603 auth_data->sae_trans = le16_to_cpu(pos[0]);
4604 auth_data->sae_status = le16_to_cpu(pos[1]);
4605 memcpy(auth_data->data, req->sae_data + 4,
4606 req->sae_data_len - 4);
4607 auth_data->data_len += req->sae_data_len - 4;
4610 if (req->ie && req->ie_len) {
4611 memcpy(&auth_data->data[auth_data->data_len],
4612 req->ie, req->ie_len);
4613 auth_data->data_len += req->ie_len;
4616 if (req->key && req->key_len) {
4617 auth_data->key_len = req->key_len;
4618 auth_data->key_idx = req->key_idx;
4619 memcpy(auth_data->key, req->key, req->key_len);
4622 auth_data->algorithm = auth_alg;
4624 /* try to authenticate/probe */
4626 if ((ifmgd->auth_data && !ifmgd->auth_data->done) ||
4627 ifmgd->assoc_data) {
4632 if (ifmgd->auth_data)
4633 ieee80211_destroy_auth_data(sdata, false);
4635 /* prep auth_data so we don't go into idle on disassoc */
4636 ifmgd->auth_data = auth_data;
4638 if (ifmgd->associated) {
4639 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
4642 "disconnect from AP %pM for new auth to %pM\n",
4643 ifmgd->associated->bssid, req->bss->bssid);
4644 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
4645 WLAN_REASON_UNSPECIFIED,
4648 ieee80211_report_disconnect(sdata, frame_buf,
4649 sizeof(frame_buf), true,
4650 WLAN_REASON_UNSPECIFIED);
4653 sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid);
4655 err = ieee80211_prep_connection(sdata, req->bss, false, false);
4659 err = ieee80211_auth(sdata);
4661 sta_info_destroy_addr(sdata, req->bss->bssid);
4665 /* hold our own reference */
4666 cfg80211_ref_bss(local->hw.wiphy, auth_data->bss);
4670 eth_zero_addr(ifmgd->bssid);
4671 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
4672 ifmgd->auth_data = NULL;
4673 mutex_lock(&sdata->local->mtx);
4674 ieee80211_vif_release_channel(sdata);
4675 mutex_unlock(&sdata->local->mtx);
4681 int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
4682 struct cfg80211_assoc_request *req)
4684 struct ieee80211_local *local = sdata->local;
4685 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4686 struct ieee80211_bss *bss = (void *)req->bss->priv;
4687 struct ieee80211_mgd_assoc_data *assoc_data;
4688 const struct cfg80211_bss_ies *beacon_ies;
4689 struct ieee80211_supported_band *sband;
4690 const u8 *ssidie, *ht_ie, *vht_ie;
4692 bool override = false;
4694 assoc_data = kzalloc(sizeof(*assoc_data) + req->ie_len, GFP_KERNEL);
4699 ssidie = ieee80211_bss_get_ie(req->bss, WLAN_EID_SSID);
4700 if (!ssidie || ssidie[1] > sizeof(assoc_data->ssid)) {
4705 memcpy(assoc_data->ssid, ssidie + 2, ssidie[1]);
4706 assoc_data->ssid_len = ssidie[1];
4709 if (ifmgd->associated) {
4710 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
4713 "disconnect from AP %pM for new assoc to %pM\n",
4714 ifmgd->associated->bssid, req->bss->bssid);
4715 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
4716 WLAN_REASON_UNSPECIFIED,
4719 ieee80211_report_disconnect(sdata, frame_buf,
4720 sizeof(frame_buf), true,
4721 WLAN_REASON_UNSPECIFIED);
4724 if (ifmgd->auth_data && !ifmgd->auth_data->done) {
4729 if (ifmgd->assoc_data) {
4734 if (ifmgd->auth_data) {
4737 /* keep sta info, bssid if matching */
4738 match = ether_addr_equal(ifmgd->bssid, req->bss->bssid);
4739 ieee80211_destroy_auth_data(sdata, match);
4742 /* prepare assoc data */
4744 ifmgd->beacon_crc_valid = false;
4746 assoc_data->wmm = bss->wmm_used &&
4747 (local->hw.queues >= IEEE80211_NUM_ACS);
4750 * IEEE802.11n does not allow TKIP/WEP as pairwise ciphers in HT mode.
4751 * We still associate in non-HT mode (11a/b/g) if any one of these
4752 * ciphers is configured as pairwise.
4753 * We can set this to true for non-11n hardware, that'll be checked
4754 * separately along with the peer capabilities.
4756 for (i = 0; i < req->crypto.n_ciphers_pairwise; i++) {
4757 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 ||
4758 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP ||
4759 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) {
4760 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4761 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4762 netdev_info(sdata->dev,
4763 "disabling HT/VHT due to WEP/TKIP use\n");
4767 /* Also disable HT if we don't support it or the AP doesn't use WMM */
4768 sband = local->hw.wiphy->bands[req->bss->channel->band];
4769 if (!sband->ht_cap.ht_supported ||
4770 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used ||
4771 ifmgd->flags & IEEE80211_STA_DISABLE_WMM) {
4772 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4773 if (!bss->wmm_used &&
4774 !(ifmgd->flags & IEEE80211_STA_DISABLE_WMM))
4775 netdev_info(sdata->dev,
4776 "disabling HT as WMM/QoS is not supported by the AP\n");
4779 /* disable VHT if we don't support it or the AP doesn't use WMM */
4780 if (!sband->vht_cap.vht_supported ||
4781 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used ||
4782 ifmgd->flags & IEEE80211_STA_DISABLE_WMM) {
4783 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4784 if (!bss->wmm_used &&
4785 !(ifmgd->flags & IEEE80211_STA_DISABLE_WMM))
4786 netdev_info(sdata->dev,
4787 "disabling VHT as WMM/QoS is not supported by the AP\n");
4790 memcpy(&ifmgd->ht_capa, &req->ht_capa, sizeof(ifmgd->ht_capa));
4791 memcpy(&ifmgd->ht_capa_mask, &req->ht_capa_mask,
4792 sizeof(ifmgd->ht_capa_mask));
4794 memcpy(&ifmgd->vht_capa, &req->vht_capa, sizeof(ifmgd->vht_capa));
4795 memcpy(&ifmgd->vht_capa_mask, &req->vht_capa_mask,
4796 sizeof(ifmgd->vht_capa_mask));
4798 if (req->ie && req->ie_len) {
4799 memcpy(assoc_data->ie, req->ie, req->ie_len);
4800 assoc_data->ie_len = req->ie_len;
4803 assoc_data->bss = req->bss;
4805 if (ifmgd->req_smps == IEEE80211_SMPS_AUTOMATIC) {
4806 if (ifmgd->powersave)
4807 sdata->smps_mode = IEEE80211_SMPS_DYNAMIC;
4809 sdata->smps_mode = IEEE80211_SMPS_OFF;
4811 sdata->smps_mode = ifmgd->req_smps;
4813 assoc_data->capability = req->bss->capability;
4814 assoc_data->supp_rates = bss->supp_rates;
4815 assoc_data->supp_rates_len = bss->supp_rates_len;
4818 ht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_HT_OPERATION);
4819 if (ht_ie && ht_ie[1] >= sizeof(struct ieee80211_ht_operation))
4820 assoc_data->ap_ht_param =
4821 ((struct ieee80211_ht_operation *)(ht_ie + 2))->ht_param;
4823 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4824 vht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_VHT_CAPABILITY);
4825 if (vht_ie && vht_ie[1] >= sizeof(struct ieee80211_vht_cap))
4826 memcpy(&assoc_data->ap_vht_cap, vht_ie + 2,
4827 sizeof(struct ieee80211_vht_cap));
4829 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4832 if (WARN((sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_UAPSD) &&
4833 ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK),
4834 "U-APSD not supported with HW_PS_NULLFUNC_STACK\n"))
4835 sdata->vif.driver_flags &= ~IEEE80211_VIF_SUPPORTS_UAPSD;
4837 if (bss->wmm_used && bss->uapsd_supported &&
4838 (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_UAPSD)) {
4839 assoc_data->uapsd = true;
4840 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED;
4842 assoc_data->uapsd = false;
4843 ifmgd->flags &= ~IEEE80211_STA_UAPSD_ENABLED;
4846 if (req->prev_bssid)
4847 memcpy(assoc_data->prev_bssid, req->prev_bssid, ETH_ALEN);
4850 ifmgd->mfp = IEEE80211_MFP_REQUIRED;
4851 ifmgd->flags |= IEEE80211_STA_MFP_ENABLED;
4853 ifmgd->mfp = IEEE80211_MFP_DISABLED;
4854 ifmgd->flags &= ~IEEE80211_STA_MFP_ENABLED;
4857 if (req->flags & ASSOC_REQ_USE_RRM)
4858 ifmgd->flags |= IEEE80211_STA_ENABLE_RRM;
4860 ifmgd->flags &= ~IEEE80211_STA_ENABLE_RRM;
4862 if (req->crypto.control_port)
4863 ifmgd->flags |= IEEE80211_STA_CONTROL_PORT;
4865 ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT;
4867 sdata->control_port_protocol = req->crypto.control_port_ethertype;
4868 sdata->control_port_no_encrypt = req->crypto.control_port_no_encrypt;
4869 sdata->encrypt_headroom = ieee80211_cs_headroom(local, &req->crypto,
4872 /* kick off associate process */
4874 ifmgd->assoc_data = assoc_data;
4875 ifmgd->dtim_period = 0;
4876 ifmgd->have_beacon = false;
4878 /* override HT/VHT configuration only if the AP and we support it */
4879 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) {
4880 struct ieee80211_sta_ht_cap sta_ht_cap;
4882 if (req->flags & ASSOC_REQ_DISABLE_HT)
4885 memcpy(&sta_ht_cap, &sband->ht_cap, sizeof(sta_ht_cap));
4886 ieee80211_apply_htcap_overrides(sdata, &sta_ht_cap);
4888 /* check for 40 MHz disable override */
4889 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_40MHZ) &&
4890 sband->ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40 &&
4891 !(sta_ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40))
4894 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) &&
4895 req->flags & ASSOC_REQ_DISABLE_VHT)
4899 if (req->flags & ASSOC_REQ_DISABLE_HT) {
4900 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4901 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4904 if (req->flags & ASSOC_REQ_DISABLE_VHT)
4905 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4907 err = ieee80211_prep_connection(sdata, req->bss, true, override);
4912 beacon_ies = rcu_dereference(req->bss->beacon_ies);
4914 if (ieee80211_hw_check(&sdata->local->hw, NEED_DTIM_BEFORE_ASSOC) &&
4917 * Wait up to one beacon interval ...
4918 * should this be more if we miss one?
4920 sdata_info(sdata, "waiting for beacon from %pM\n",
4922 assoc_data->timeout = TU_TO_EXP_TIME(req->bss->beacon_interval);
4923 assoc_data->timeout_started = true;
4924 assoc_data->need_beacon = true;
4925 } else if (beacon_ies) {
4926 const u8 *tim_ie = cfg80211_find_ie(WLAN_EID_TIM,
4931 if (tim_ie && tim_ie[1] >= sizeof(struct ieee80211_tim_ie)) {
4932 const struct ieee80211_tim_ie *tim;
4933 tim = (void *)(tim_ie + 2);
4934 ifmgd->dtim_period = tim->dtim_period;
4935 dtim_count = tim->dtim_count;
4937 ifmgd->have_beacon = true;
4938 assoc_data->timeout = jiffies;
4939 assoc_data->timeout_started = true;
4941 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY)) {
4942 sdata->vif.bss_conf.sync_tsf = beacon_ies->tsf;
4943 sdata->vif.bss_conf.sync_device_ts =
4944 bss->device_ts_beacon;
4945 sdata->vif.bss_conf.sync_dtim_count = dtim_count;
4948 assoc_data->timeout = jiffies;
4949 assoc_data->timeout_started = true;
4953 run_again(sdata, assoc_data->timeout);
4955 if (bss->corrupt_data) {
4956 char *corrupt_type = "data";
4957 if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_BEACON) {
4958 if (bss->corrupt_data &
4959 IEEE80211_BSS_CORRUPT_PROBE_RESP)
4960 corrupt_type = "beacon and probe response";
4962 corrupt_type = "beacon";
4963 } else if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP)
4964 corrupt_type = "probe response";
4965 sdata_info(sdata, "associating with AP with corrupt %s\n",
4971 eth_zero_addr(ifmgd->bssid);
4972 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
4973 ifmgd->assoc_data = NULL;
4979 int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
4980 struct cfg80211_deauth_request *req)
4982 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4983 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
4984 bool tx = !req->local_state_change;
4986 if (ifmgd->auth_data &&
4987 ether_addr_equal(ifmgd->auth_data->bss->bssid, req->bssid)) {
4989 "aborting authentication with %pM by local choice (Reason: %u=%s)\n",
4990 req->bssid, req->reason_code,
4991 ieee80211_get_reason_code_string(req->reason_code));
4993 drv_mgd_prepare_tx(sdata->local, sdata);
4994 ieee80211_send_deauth_disassoc(sdata, req->bssid,
4995 IEEE80211_STYPE_DEAUTH,
4996 req->reason_code, tx,
4998 ieee80211_destroy_auth_data(sdata, false);
4999 ieee80211_report_disconnect(sdata, frame_buf,
5000 sizeof(frame_buf), true,
5006 if (ifmgd->assoc_data &&
5007 ether_addr_equal(ifmgd->assoc_data->bss->bssid, req->bssid)) {
5009 "aborting association with %pM by local choice (Reason: %u=%s)\n",
5010 req->bssid, req->reason_code,
5011 ieee80211_get_reason_code_string(req->reason_code));
5013 drv_mgd_prepare_tx(sdata->local, sdata);
5014 ieee80211_send_deauth_disassoc(sdata, req->bssid,
5015 IEEE80211_STYPE_DEAUTH,
5016 req->reason_code, tx,
5018 ieee80211_destroy_assoc_data(sdata, false, true);
5019 ieee80211_report_disconnect(sdata, frame_buf,
5020 sizeof(frame_buf), true,
5025 if (ifmgd->associated &&
5026 ether_addr_equal(ifmgd->associated->bssid, req->bssid)) {
5028 "deauthenticating from %pM by local choice (Reason: %u=%s)\n",
5029 req->bssid, req->reason_code,
5030 ieee80211_get_reason_code_string(req->reason_code));
5032 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
5033 req->reason_code, tx, frame_buf);
5034 ieee80211_report_disconnect(sdata, frame_buf,
5035 sizeof(frame_buf), true,
5043 int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata,
5044 struct cfg80211_disassoc_request *req)
5046 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
5048 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
5051 * cfg80211 should catch this ... but it's racy since
5052 * we can receive a disassoc frame, process it, hand it
5053 * to cfg80211 while that's in a locked section already
5054 * trying to tell us that the user wants to disconnect.
5056 if (ifmgd->associated != req->bss)
5060 "disassociating from %pM by local choice (Reason: %u=%s)\n",
5061 req->bss->bssid, req->reason_code, ieee80211_get_reason_code_string(req->reason_code));
5063 memcpy(bssid, req->bss->bssid, ETH_ALEN);
5064 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DISASSOC,
5065 req->reason_code, !req->local_state_change,
5068 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true,
5074 void ieee80211_mgd_stop(struct ieee80211_sub_if_data *sdata)
5076 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
5079 * Make sure some work items will not run after this,
5080 * they will not do anything but might not have been
5081 * cancelled when disconnecting.
5083 cancel_work_sync(&ifmgd->monitor_work);
5084 cancel_work_sync(&ifmgd->beacon_connection_loss_work);
5085 cancel_work_sync(&ifmgd->request_smps_work);
5086 cancel_work_sync(&ifmgd->csa_connection_drop_work);
5087 cancel_work_sync(&ifmgd->chswitch_work);
5088 cancel_delayed_work_sync(&ifmgd->tdls_peer_del_work);
5091 if (ifmgd->assoc_data) {
5092 struct cfg80211_bss *bss = ifmgd->assoc_data->bss;
5093 ieee80211_destroy_assoc_data(sdata, false, false);
5094 cfg80211_assoc_timeout(sdata->dev, bss);
5096 if (ifmgd->auth_data)
5097 ieee80211_destroy_auth_data(sdata, false);
5098 spin_lock_bh(&ifmgd->teardown_lock);
5099 if (ifmgd->teardown_skb) {
5100 kfree_skb(ifmgd->teardown_skb);
5101 ifmgd->teardown_skb = NULL;
5102 ifmgd->orig_teardown_skb = NULL;
5104 spin_unlock_bh(&ifmgd->teardown_lock);
5105 del_timer_sync(&ifmgd->timer);
5106 sdata_unlock(sdata);
5109 void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif,
5110 enum nl80211_cqm_rssi_threshold_event rssi_event,
5113 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
5115 trace_api_cqm_rssi_notify(sdata, rssi_event);
5117 cfg80211_cqm_rssi_notify(sdata->dev, rssi_event, gfp);
5119 EXPORT_SYMBOL(ieee80211_cqm_rssi_notify);
5121 void ieee80211_cqm_beacon_loss_notify(struct ieee80211_vif *vif, gfp_t gfp)
5123 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
5125 trace_api_cqm_beacon_loss_notify(sdata->local, sdata);
5127 cfg80211_cqm_beacon_loss_notify(sdata->dev, gfp);
5129 EXPORT_SYMBOL(ieee80211_cqm_beacon_loss_notify);
projects / releases.git / blob