1 // SPDX-License-Identifier: GPL-2.0
3 * cfg80211 MLME SAP interface
5 * Copyright (c) 2009, Jouni Malinen <j@w1.fi>
6 * Copyright (c) 2015 Intel Deutschland GmbH
7 * Copyright (C) 2019-2020, 2022 Intel Corporation
10 #include <linux/kernel.h>
11 #include <linux/module.h>
12 #include <linux/etherdevice.h>
13 #include <linux/netdevice.h>
14 #include <linux/nl80211.h>
15 #include <linux/slab.h>
16 #include <linux/wireless.h>
17 #include <net/cfg80211.h>
18 #include <net/iw_handler.h>
24 void cfg80211_rx_assoc_resp(struct net_device *dev,
25 struct cfg80211_rx_assoc_resp *data)
27 struct wireless_dev *wdev = dev->ieee80211_ptr;
28 struct wiphy *wiphy = wdev->wiphy;
29 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
30 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)data->buf;
31 struct cfg80211_connect_resp_params cr = {
32 .timeout_reason = NL80211_TIMEOUT_UNSPECIFIED,
33 .req_ie = data->req_ies,
34 .req_ie_len = data->req_ies_len,
35 .resp_ie = mgmt->u.assoc_resp.variable,
36 .resp_ie_len = data->len -
37 offsetof(struct ieee80211_mgmt,
38 u.assoc_resp.variable),
39 .status = le16_to_cpu(mgmt->u.assoc_resp.status_code),
40 .ap_mld_addr = data->ap_mld_addr,
44 for (link_id = 0; link_id < ARRAY_SIZE(data->links); link_id++) {
45 cr.links[link_id].bss = data->links[link_id].bss;
46 if (!cr.links[link_id].bss)
48 cr.links[link_id].bssid = data->links[link_id].bss->bssid;
49 cr.links[link_id].addr = data->links[link_id].addr;
50 /* need to have local link addresses for MLO connections */
51 WARN_ON(cr.ap_mld_addr && !cr.links[link_id].addr);
53 BUG_ON(!cr.links[link_id].bss->channel);
55 if (cr.links[link_id].bss->channel->band == NL80211_BAND_S1GHZ) {
57 cr.resp_ie = (u8 *)&mgmt->u.s1g_assoc_resp.variable;
58 cr.resp_ie_len = data->len -
59 offsetof(struct ieee80211_mgmt,
60 u.s1g_assoc_resp.variable);
64 cr.valid_links |= BIT(link_id);
67 trace_cfg80211_send_rx_assoc(dev, data);
70 * This is a bit of a hack, we don't notify userspace of
71 * a (re-)association reply if we tried to send a reassoc
72 * and got a reject -- we only try again with an assoc
73 * frame instead of reassoc.
75 if (cfg80211_sme_rx_assoc_resp(wdev, cr.status)) {
76 for (link_id = 0; link_id < ARRAY_SIZE(data->links); link_id++) {
77 struct cfg80211_bss *bss = data->links[link_id].bss;
82 cfg80211_unhold_bss(bss_from_pub(bss));
83 cfg80211_put_bss(wiphy, bss);
88 nl80211_send_rx_assoc(rdev, dev, data);
89 /* update current_bss etc., consumes the bss reference */
90 __cfg80211_connect_result(dev, &cr, cr.status == WLAN_STATUS_SUCCESS);
92 EXPORT_SYMBOL(cfg80211_rx_assoc_resp);
94 static void cfg80211_process_auth(struct wireless_dev *wdev,
95 const u8 *buf, size_t len)
97 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
99 nl80211_send_rx_auth(rdev, wdev->netdev, buf, len, GFP_KERNEL);
100 cfg80211_sme_rx_auth(wdev, buf, len);
103 static void cfg80211_process_deauth(struct wireless_dev *wdev,
104 const u8 *buf, size_t len,
107 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
108 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf;
109 const u8 *bssid = mgmt->bssid;
110 u16 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
111 bool from_ap = !ether_addr_equal(mgmt->sa, wdev->netdev->dev_addr);
113 nl80211_send_deauth(rdev, wdev->netdev, buf, len, reconnect, GFP_KERNEL);
115 if (!wdev->connected || !ether_addr_equal(wdev->u.client.connected_addr, bssid))
118 __cfg80211_disconnected(wdev->netdev, NULL, 0, reason_code, from_ap);
119 cfg80211_sme_deauth(wdev);
122 static void cfg80211_process_disassoc(struct wireless_dev *wdev,
123 const u8 *buf, size_t len,
126 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
127 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf;
128 const u8 *bssid = mgmt->bssid;
129 u16 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
130 bool from_ap = !ether_addr_equal(mgmt->sa, wdev->netdev->dev_addr);
132 nl80211_send_disassoc(rdev, wdev->netdev, buf, len, reconnect,
135 if (WARN_ON(!wdev->connected ||
136 !ether_addr_equal(wdev->u.client.connected_addr, bssid)))
139 __cfg80211_disconnected(wdev->netdev, NULL, 0, reason_code, from_ap);
140 cfg80211_sme_disassoc(wdev);
143 void cfg80211_rx_mlme_mgmt(struct net_device *dev, const u8 *buf, size_t len)
145 struct wireless_dev *wdev = dev->ieee80211_ptr;
146 struct ieee80211_mgmt *mgmt = (void *)buf;
148 ASSERT_WDEV_LOCK(wdev);
150 trace_cfg80211_rx_mlme_mgmt(dev, buf, len);
152 if (WARN_ON(len < 2))
155 if (ieee80211_is_auth(mgmt->frame_control))
156 cfg80211_process_auth(wdev, buf, len);
157 else if (ieee80211_is_deauth(mgmt->frame_control))
158 cfg80211_process_deauth(wdev, buf, len, false);
159 else if (ieee80211_is_disassoc(mgmt->frame_control))
160 cfg80211_process_disassoc(wdev, buf, len, false);
162 EXPORT_SYMBOL(cfg80211_rx_mlme_mgmt);
164 void cfg80211_auth_timeout(struct net_device *dev, const u8 *addr)
166 struct wireless_dev *wdev = dev->ieee80211_ptr;
167 struct wiphy *wiphy = wdev->wiphy;
168 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
170 trace_cfg80211_send_auth_timeout(dev, addr);
172 nl80211_send_auth_timeout(rdev, dev, addr, GFP_KERNEL);
173 cfg80211_sme_auth_timeout(wdev);
175 EXPORT_SYMBOL(cfg80211_auth_timeout);
177 void cfg80211_assoc_failure(struct net_device *dev,
178 struct cfg80211_assoc_failure *data)
180 struct wireless_dev *wdev = dev->ieee80211_ptr;
181 struct wiphy *wiphy = wdev->wiphy;
182 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
183 const u8 *addr = data->ap_mld_addr ?: data->bss[0]->bssid;
186 trace_cfg80211_send_assoc_failure(dev, data);
189 nl80211_send_assoc_timeout(rdev, dev, addr, GFP_KERNEL);
190 cfg80211_sme_assoc_timeout(wdev);
192 cfg80211_sme_abandon_assoc(wdev);
195 for (i = 0; i < ARRAY_SIZE(data->bss); i++) {
196 struct cfg80211_bss *bss = data->bss[i];
201 cfg80211_unhold_bss(bss_from_pub(bss));
202 cfg80211_put_bss(wiphy, bss);
205 EXPORT_SYMBOL(cfg80211_assoc_failure);
207 void cfg80211_tx_mlme_mgmt(struct net_device *dev, const u8 *buf, size_t len,
210 struct wireless_dev *wdev = dev->ieee80211_ptr;
211 struct ieee80211_mgmt *mgmt = (void *)buf;
213 ASSERT_WDEV_LOCK(wdev);
215 trace_cfg80211_tx_mlme_mgmt(dev, buf, len, reconnect);
217 if (WARN_ON(len < 2))
220 if (ieee80211_is_deauth(mgmt->frame_control))
221 cfg80211_process_deauth(wdev, buf, len, reconnect);
223 cfg80211_process_disassoc(wdev, buf, len, reconnect);
225 EXPORT_SYMBOL(cfg80211_tx_mlme_mgmt);
227 void cfg80211_michael_mic_failure(struct net_device *dev, const u8 *addr,
228 enum nl80211_key_type key_type, int key_id,
229 const u8 *tsc, gfp_t gfp)
231 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
232 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
233 #ifdef CONFIG_CFG80211_WEXT
234 union iwreq_data wrqu;
235 char *buf = kmalloc(128, gfp);
238 sprintf(buf, "MLME-MICHAELMICFAILURE.indication("
239 "keyid=%d %scast addr=%pM)", key_id,
240 key_type == NL80211_KEYTYPE_GROUP ? "broad" : "uni",
242 memset(&wrqu, 0, sizeof(wrqu));
243 wrqu.data.length = strlen(buf);
244 wireless_send_event(dev, IWEVCUSTOM, &wrqu, buf);
249 trace_cfg80211_michael_mic_failure(dev, addr, key_type, key_id, tsc);
250 nl80211_michael_mic_failure(rdev, dev, addr, key_type, key_id, tsc, gfp);
252 EXPORT_SYMBOL(cfg80211_michael_mic_failure);
254 /* some MLME handling for userspace SME */
255 int cfg80211_mlme_auth(struct cfg80211_registered_device *rdev,
256 struct net_device *dev,
257 struct cfg80211_auth_request *req)
259 struct wireless_dev *wdev = dev->ieee80211_ptr;
261 ASSERT_WDEV_LOCK(wdev);
266 if (req->link_id >= 0 &&
267 !(wdev->wiphy->flags & WIPHY_FLAG_SUPPORTS_MLO))
270 if (req->auth_type == NL80211_AUTHTYPE_SHARED_KEY) {
271 if (!req->key || !req->key_len ||
272 req->key_idx < 0 || req->key_idx > 3)
276 if (wdev->connected &&
277 ether_addr_equal(req->bss->bssid, wdev->u.client.connected_addr))
280 if (ether_addr_equal(req->bss->bssid, dev->dev_addr) ||
281 (req->link_id >= 0 &&
282 ether_addr_equal(req->ap_mld_addr, dev->dev_addr)))
285 return rdev_auth(rdev, dev, req);
288 /* Do a logical ht_capa &= ht_capa_mask. */
289 void cfg80211_oper_and_ht_capa(struct ieee80211_ht_cap *ht_capa,
290 const struct ieee80211_ht_cap *ht_capa_mask)
295 memset(ht_capa, 0, sizeof(*ht_capa));
300 p2 = (u8*)(ht_capa_mask);
301 for (i = 0; i < sizeof(*ht_capa); i++)
305 /* Do a logical vht_capa &= vht_capa_mask. */
306 void cfg80211_oper_and_vht_capa(struct ieee80211_vht_cap *vht_capa,
307 const struct ieee80211_vht_cap *vht_capa_mask)
311 if (!vht_capa_mask) {
312 memset(vht_capa, 0, sizeof(*vht_capa));
316 p1 = (u8*)(vht_capa);
317 p2 = (u8*)(vht_capa_mask);
318 for (i = 0; i < sizeof(*vht_capa); i++)
322 /* Note: caller must cfg80211_put_bss() regardless of result */
323 int cfg80211_mlme_assoc(struct cfg80211_registered_device *rdev,
324 struct net_device *dev,
325 struct cfg80211_assoc_request *req)
327 struct wireless_dev *wdev = dev->ieee80211_ptr;
330 ASSERT_WDEV_LOCK(wdev);
332 for (i = 1; i < ARRAY_SIZE(req->links); i++) {
333 if (!req->links[i].bss)
335 for (j = 0; j < i; j++) {
336 if (req->links[i].bss == req->links[j].bss)
340 if (ether_addr_equal(req->links[i].bss->bssid, dev->dev_addr))
344 if (wdev->connected &&
346 !ether_addr_equal(wdev->u.client.connected_addr, req->prev_bssid)))
349 if ((req->bss && ether_addr_equal(req->bss->bssid, dev->dev_addr)) ||
350 (req->link_id >= 0 &&
351 ether_addr_equal(req->ap_mld_addr, dev->dev_addr)))
354 cfg80211_oper_and_ht_capa(&req->ht_capa_mask,
355 rdev->wiphy.ht_capa_mod_mask);
356 cfg80211_oper_and_vht_capa(&req->vht_capa_mask,
357 rdev->wiphy.vht_capa_mod_mask);
359 err = rdev_assoc(rdev, dev, req);
364 cfg80211_ref_bss(&rdev->wiphy, req->bss);
365 cfg80211_hold_bss(bss_from_pub(req->bss));
368 for (link_id = 0; link_id < ARRAY_SIZE(req->links); link_id++) {
369 if (!req->links[link_id].bss)
371 cfg80211_ref_bss(&rdev->wiphy, req->links[link_id].bss);
372 cfg80211_hold_bss(bss_from_pub(req->links[link_id].bss));
378 int cfg80211_mlme_deauth(struct cfg80211_registered_device *rdev,
379 struct net_device *dev, const u8 *bssid,
380 const u8 *ie, int ie_len, u16 reason,
381 bool local_state_change)
383 struct wireless_dev *wdev = dev->ieee80211_ptr;
384 struct cfg80211_deauth_request req = {
386 .reason_code = reason,
389 .local_state_change = local_state_change,
392 ASSERT_WDEV_LOCK(wdev);
394 if (local_state_change &&
396 !ether_addr_equal(wdev->u.client.connected_addr, bssid)))
399 if (ether_addr_equal(wdev->disconnect_bssid, bssid) ||
401 ether_addr_equal(wdev->u.client.connected_addr, bssid)))
402 wdev->conn_owner_nlportid = 0;
404 return rdev_deauth(rdev, dev, &req);
407 int cfg80211_mlme_disassoc(struct cfg80211_registered_device *rdev,
408 struct net_device *dev, const u8 *ap_addr,
409 const u8 *ie, int ie_len, u16 reason,
410 bool local_state_change)
412 struct wireless_dev *wdev = dev->ieee80211_ptr;
413 struct cfg80211_disassoc_request req = {
414 .reason_code = reason,
415 .local_state_change = local_state_change,
422 ASSERT_WDEV_LOCK(wdev);
424 if (!wdev->connected)
427 if (memcmp(wdev->u.client.connected_addr, ap_addr, ETH_ALEN))
430 err = rdev_disassoc(rdev, dev, &req);
434 /* driver should have reported the disassoc */
435 WARN_ON(wdev->connected);
439 void cfg80211_mlme_down(struct cfg80211_registered_device *rdev,
440 struct net_device *dev)
442 struct wireless_dev *wdev = dev->ieee80211_ptr;
445 ASSERT_WDEV_LOCK(wdev);
447 if (!rdev->ops->deauth)
450 if (!wdev->connected)
453 memcpy(bssid, wdev->u.client.connected_addr, ETH_ALEN);
454 cfg80211_mlme_deauth(rdev, dev, bssid, NULL, 0,
455 WLAN_REASON_DEAUTH_LEAVING, false);
458 struct cfg80211_mgmt_registration {
459 struct list_head list;
460 struct wireless_dev *wdev;
473 static void cfg80211_mgmt_registrations_update(struct wireless_dev *wdev)
475 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
476 struct wireless_dev *tmp;
477 struct cfg80211_mgmt_registration *reg;
478 struct mgmt_frame_regs upd = {};
480 lockdep_assert_held(&rdev->wiphy.mtx);
482 spin_lock_bh(&rdev->mgmt_registrations_lock);
483 if (!wdev->mgmt_registrations_need_update) {
484 spin_unlock_bh(&rdev->mgmt_registrations_lock);
489 list_for_each_entry_rcu(tmp, &rdev->wiphy.wdev_list, list) {
490 list_for_each_entry(reg, &tmp->mgmt_registrations, list) {
491 u32 mask = BIT(le16_to_cpu(reg->frame_type) >> 4);
494 if (reg->multicast_rx)
497 upd.global_stypes |= mask;
498 upd.global_mcast_stypes |= mcast_mask;
501 upd.interface_stypes |= mask;
502 upd.interface_mcast_stypes |= mcast_mask;
508 wdev->mgmt_registrations_need_update = 0;
509 spin_unlock_bh(&rdev->mgmt_registrations_lock);
511 rdev_update_mgmt_frame_registrations(rdev, wdev, &upd);
514 void cfg80211_mgmt_registrations_update_wk(struct work_struct *wk)
516 struct cfg80211_registered_device *rdev;
517 struct wireless_dev *wdev;
519 rdev = container_of(wk, struct cfg80211_registered_device,
520 mgmt_registrations_update_wk);
522 wiphy_lock(&rdev->wiphy);
523 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list)
524 cfg80211_mgmt_registrations_update(wdev);
525 wiphy_unlock(&rdev->wiphy);
528 int cfg80211_mlme_register_mgmt(struct wireless_dev *wdev, u32 snd_portid,
529 u16 frame_type, const u8 *match_data,
530 int match_len, bool multicast_rx,
531 struct netlink_ext_ack *extack)
533 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
534 struct cfg80211_mgmt_registration *reg, *nreg;
537 bool update_multicast = false;
539 if (!wdev->wiphy->mgmt_stypes)
542 if ((frame_type & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT) {
543 NL_SET_ERR_MSG(extack, "frame type not management");
547 if (frame_type & ~(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) {
548 NL_SET_ERR_MSG(extack, "Invalid frame type");
552 mgmt_type = (frame_type & IEEE80211_FCTL_STYPE) >> 4;
553 if (!(wdev->wiphy->mgmt_stypes[wdev->iftype].rx & BIT(mgmt_type))) {
554 NL_SET_ERR_MSG(extack,
555 "Registration to specific type not supported");
560 * To support Pre Association Security Negotiation (PASN), registration
561 * for authentication frames should be supported. However, as some
562 * versions of the user space daemons wrongly register to all types of
563 * authentication frames (which might result in unexpected behavior)
564 * allow such registration if the request is for a specific
565 * authentication algorithm number.
567 if (wdev->iftype == NL80211_IFTYPE_STATION &&
568 (frame_type & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_AUTH &&
569 !(match_data && match_len >= 2)) {
570 NL_SET_ERR_MSG(extack,
571 "Authentication algorithm number required");
575 nreg = kzalloc(sizeof(*reg) + match_len, GFP_KERNEL);
579 spin_lock_bh(&rdev->mgmt_registrations_lock);
581 list_for_each_entry(reg, &wdev->mgmt_registrations, list) {
582 int mlen = min(match_len, reg->match_len);
584 if (frame_type != le16_to_cpu(reg->frame_type))
587 if (memcmp(reg->match, match_data, mlen) == 0) {
588 if (reg->multicast_rx != multicast_rx) {
589 update_multicast = true;
590 reg->multicast_rx = multicast_rx;
593 NL_SET_ERR_MSG(extack, "Match already configured");
602 if (update_multicast) {
605 memcpy(nreg->match, match_data, match_len);
606 nreg->match_len = match_len;
607 nreg->nlportid = snd_portid;
608 nreg->frame_type = cpu_to_le16(frame_type);
610 nreg->multicast_rx = multicast_rx;
611 list_add(&nreg->list, &wdev->mgmt_registrations);
613 wdev->mgmt_registrations_need_update = 1;
614 spin_unlock_bh(&rdev->mgmt_registrations_lock);
616 cfg80211_mgmt_registrations_update(wdev);
622 spin_unlock_bh(&rdev->mgmt_registrations_lock);
627 void cfg80211_mlme_unregister_socket(struct wireless_dev *wdev, u32 nlportid)
629 struct wiphy *wiphy = wdev->wiphy;
630 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
631 struct cfg80211_mgmt_registration *reg, *tmp;
633 spin_lock_bh(&rdev->mgmt_registrations_lock);
635 list_for_each_entry_safe(reg, tmp, &wdev->mgmt_registrations, list) {
636 if (reg->nlportid != nlportid)
639 list_del(®->list);
642 wdev->mgmt_registrations_need_update = 1;
643 schedule_work(&rdev->mgmt_registrations_update_wk);
646 spin_unlock_bh(&rdev->mgmt_registrations_lock);
648 if (nlportid && rdev->crit_proto_nlportid == nlportid) {
649 rdev->crit_proto_nlportid = 0;
650 rdev_crit_proto_stop(rdev, wdev);
653 if (nlportid == wdev->ap_unexpected_nlportid)
654 wdev->ap_unexpected_nlportid = 0;
657 void cfg80211_mlme_purge_registrations(struct wireless_dev *wdev)
659 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
660 struct cfg80211_mgmt_registration *reg, *tmp;
662 spin_lock_bh(&rdev->mgmt_registrations_lock);
663 list_for_each_entry_safe(reg, tmp, &wdev->mgmt_registrations, list) {
664 list_del(®->list);
667 wdev->mgmt_registrations_need_update = 1;
668 spin_unlock_bh(&rdev->mgmt_registrations_lock);
670 cfg80211_mgmt_registrations_update(wdev);
673 static bool cfg80211_allowed_address(struct wireless_dev *wdev, const u8 *addr)
677 for_each_valid_link(wdev, i) {
678 if (ether_addr_equal(addr, wdev->links[i].addr))
682 return ether_addr_equal(addr, wdev_address(wdev));
685 int cfg80211_mlme_mgmt_tx(struct cfg80211_registered_device *rdev,
686 struct wireless_dev *wdev,
687 struct cfg80211_mgmt_tx_params *params, u64 *cookie)
689 const struct ieee80211_mgmt *mgmt;
692 if (!wdev->wiphy->mgmt_stypes)
695 if (!rdev->ops->mgmt_tx)
698 if (params->len < 24 + 1)
701 mgmt = (const struct ieee80211_mgmt *)params->buf;
703 if (!ieee80211_is_mgmt(mgmt->frame_control))
706 stype = le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE;
707 if (!(wdev->wiphy->mgmt_stypes[wdev->iftype].tx & BIT(stype >> 4)))
710 if (ieee80211_is_action(mgmt->frame_control) &&
711 mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) {
716 switch (wdev->iftype) {
717 case NL80211_IFTYPE_ADHOC:
719 * check for IBSS DA must be done by driver as
720 * cfg80211 doesn't track the stations
722 if (!wdev->u.ibss.current_bss ||
723 !ether_addr_equal(wdev->u.ibss.current_bss->pub.bssid,
729 case NL80211_IFTYPE_STATION:
730 case NL80211_IFTYPE_P2P_CLIENT:
731 if (!wdev->connected) {
736 /* FIXME: MLD may address this differently */
738 if (!ether_addr_equal(wdev->u.client.connected_addr,
744 /* for station, check that DA is the AP */
745 if (!ether_addr_equal(wdev->u.client.connected_addr,
751 case NL80211_IFTYPE_AP:
752 case NL80211_IFTYPE_P2P_GO:
753 case NL80211_IFTYPE_AP_VLAN:
754 if (!ether_addr_equal(mgmt->bssid, wdev_address(wdev)))
757 case NL80211_IFTYPE_MESH_POINT:
758 if (!ether_addr_equal(mgmt->sa, mgmt->bssid)) {
763 * check for mesh DA must be done by driver as
764 * cfg80211 doesn't track the stations
767 case NL80211_IFTYPE_P2P_DEVICE:
769 * fall through, P2P device only supports
770 * public action frames
772 case NL80211_IFTYPE_NAN:
783 if (!cfg80211_allowed_address(wdev, mgmt->sa)) {
784 /* Allow random TA to be used with Public Action frames if the
785 * driver has indicated support for this. Otherwise, only allow
786 * the local address to be used.
788 if (!ieee80211_is_action(mgmt->frame_control) ||
789 mgmt->u.action.category != WLAN_CATEGORY_PUBLIC)
791 if (!wdev->connected &&
792 !wiphy_ext_feature_isset(
794 NL80211_EXT_FEATURE_MGMT_TX_RANDOM_TA))
796 if (wdev->connected &&
797 !wiphy_ext_feature_isset(
799 NL80211_EXT_FEATURE_MGMT_TX_RANDOM_TA_CONNECTED))
803 /* Transmit the management frame as requested by user space */
804 return rdev_mgmt_tx(rdev, wdev, params, cookie);
807 bool cfg80211_rx_mgmt_ext(struct wireless_dev *wdev,
808 struct cfg80211_rx_info *info)
810 struct wiphy *wiphy = wdev->wiphy;
811 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
812 struct cfg80211_mgmt_registration *reg;
813 const struct ieee80211_txrx_stypes *stypes =
814 &wiphy->mgmt_stypes[wdev->iftype];
815 struct ieee80211_mgmt *mgmt = (void *)info->buf;
819 __le16 ftype = mgmt->frame_control &
820 cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE);
823 trace_cfg80211_rx_mgmt(wdev, info);
824 stype = (le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE) >> 4;
826 if (!(stypes->rx & BIT(stype))) {
827 trace_cfg80211_return_bool(false);
831 data = info->buf + ieee80211_hdrlen(mgmt->frame_control);
832 data_len = info->len - ieee80211_hdrlen(mgmt->frame_control);
834 spin_lock_bh(&rdev->mgmt_registrations_lock);
836 list_for_each_entry(reg, &wdev->mgmt_registrations, list) {
837 if (reg->frame_type != ftype)
840 if (reg->match_len > data_len)
843 if (memcmp(reg->match, data, reg->match_len))
848 /* Indicate the received Action frame to user space */
849 if (nl80211_send_mgmt(rdev, wdev, reg->nlportid, info,
857 spin_unlock_bh(&rdev->mgmt_registrations_lock);
859 trace_cfg80211_return_bool(result);
862 EXPORT_SYMBOL(cfg80211_rx_mgmt_ext);
864 void cfg80211_sched_dfs_chan_update(struct cfg80211_registered_device *rdev)
866 cancel_delayed_work(&rdev->dfs_update_channels_wk);
867 queue_delayed_work(cfg80211_wq, &rdev->dfs_update_channels_wk, 0);
870 void cfg80211_dfs_channels_update_work(struct work_struct *work)
872 struct delayed_work *delayed_work = to_delayed_work(work);
873 struct cfg80211_registered_device *rdev;
874 struct cfg80211_chan_def chandef;
875 struct ieee80211_supported_band *sband;
876 struct ieee80211_channel *c;
878 bool check_again = false;
879 unsigned long timeout, next_time = 0;
880 unsigned long time_dfs_update;
881 enum nl80211_radar_event radar_event;
884 rdev = container_of(delayed_work, struct cfg80211_registered_device,
885 dfs_update_channels_wk);
886 wiphy = &rdev->wiphy;
889 for (bandid = 0; bandid < NUM_NL80211_BANDS; bandid++) {
890 sband = wiphy->bands[bandid];
894 for (i = 0; i < sband->n_channels; i++) {
895 c = &sband->channels[i];
897 if (!(c->flags & IEEE80211_CHAN_RADAR))
900 if (c->dfs_state != NL80211_DFS_UNAVAILABLE &&
901 c->dfs_state != NL80211_DFS_AVAILABLE)
904 if (c->dfs_state == NL80211_DFS_UNAVAILABLE) {
905 time_dfs_update = IEEE80211_DFS_MIN_NOP_TIME_MS;
906 radar_event = NL80211_RADAR_NOP_FINISHED;
908 if (regulatory_pre_cac_allowed(wiphy) ||
909 cfg80211_any_wiphy_oper_chan(wiphy, c))
912 time_dfs_update = REG_PRE_CAC_EXPIRY_GRACE_MS;
913 radar_event = NL80211_RADAR_PRE_CAC_EXPIRED;
916 timeout = c->dfs_state_entered +
917 msecs_to_jiffies(time_dfs_update);
919 if (time_after_eq(jiffies, timeout)) {
920 c->dfs_state = NL80211_DFS_USABLE;
921 c->dfs_state_entered = jiffies;
923 cfg80211_chandef_create(&chandef, c,
926 nl80211_radar_notify(rdev, &chandef,
930 regulatory_propagate_dfs_state(wiphy, &chandef,
937 next_time = timeout - jiffies;
939 next_time = min(next_time, timeout - jiffies);
945 /* reschedule if there are other channels waiting to be cleared again */
947 queue_delayed_work(cfg80211_wq, &rdev->dfs_update_channels_wk,
952 void __cfg80211_radar_event(struct wiphy *wiphy,
953 struct cfg80211_chan_def *chandef,
954 bool offchan, gfp_t gfp)
956 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
958 trace_cfg80211_radar_event(wiphy, chandef, offchan);
960 /* only set the chandef supplied channel to unavailable, in
961 * case the radar is detected on only one of multiple channels
962 * spanned by the chandef.
964 cfg80211_set_dfs_state(wiphy, chandef, NL80211_DFS_UNAVAILABLE);
967 queue_work(cfg80211_wq, &rdev->background_cac_abort_wk);
969 cfg80211_sched_dfs_chan_update(rdev);
971 nl80211_radar_notify(rdev, chandef, NL80211_RADAR_DETECTED, NULL, gfp);
973 memcpy(&rdev->radar_chandef, chandef, sizeof(struct cfg80211_chan_def));
974 queue_work(cfg80211_wq, &rdev->propagate_radar_detect_wk);
976 EXPORT_SYMBOL(__cfg80211_radar_event);
978 void cfg80211_cac_event(struct net_device *netdev,
979 const struct cfg80211_chan_def *chandef,
980 enum nl80211_radar_event event, gfp_t gfp)
982 struct wireless_dev *wdev = netdev->ieee80211_ptr;
983 struct wiphy *wiphy = wdev->wiphy;
984 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
985 unsigned long timeout;
987 /* not yet supported */
988 if (wdev->valid_links)
991 trace_cfg80211_cac_event(netdev, event);
993 if (WARN_ON(!wdev->cac_started && event != NL80211_RADAR_CAC_STARTED))
997 case NL80211_RADAR_CAC_FINISHED:
998 timeout = wdev->cac_start_time +
999 msecs_to_jiffies(wdev->cac_time_ms);
1000 WARN_ON(!time_after_eq(jiffies, timeout));
1001 cfg80211_set_dfs_state(wiphy, chandef, NL80211_DFS_AVAILABLE);
1002 memcpy(&rdev->cac_done_chandef, chandef,
1003 sizeof(struct cfg80211_chan_def));
1004 queue_work(cfg80211_wq, &rdev->propagate_cac_done_wk);
1005 cfg80211_sched_dfs_chan_update(rdev);
1007 case NL80211_RADAR_CAC_ABORTED:
1008 wdev->cac_started = false;
1010 case NL80211_RADAR_CAC_STARTED:
1011 wdev->cac_started = true;
1018 nl80211_radar_notify(rdev, chandef, event, netdev, gfp);
1020 EXPORT_SYMBOL(cfg80211_cac_event);
1023 __cfg80211_background_cac_event(struct cfg80211_registered_device *rdev,
1024 struct wireless_dev *wdev,
1025 const struct cfg80211_chan_def *chandef,
1026 enum nl80211_radar_event event)
1028 struct wiphy *wiphy = &rdev->wiphy;
1029 struct net_device *netdev;
1031 lockdep_assert_wiphy(&rdev->wiphy);
1033 if (!cfg80211_chandef_valid(chandef))
1036 if (!rdev->background_radar_wdev)
1040 case NL80211_RADAR_CAC_FINISHED:
1041 cfg80211_set_dfs_state(wiphy, chandef, NL80211_DFS_AVAILABLE);
1042 memcpy(&rdev->cac_done_chandef, chandef, sizeof(*chandef));
1043 queue_work(cfg80211_wq, &rdev->propagate_cac_done_wk);
1044 cfg80211_sched_dfs_chan_update(rdev);
1045 wdev = rdev->background_radar_wdev;
1047 case NL80211_RADAR_CAC_ABORTED:
1048 if (!cancel_delayed_work(&rdev->background_cac_done_wk))
1050 wdev = rdev->background_radar_wdev;
1052 case NL80211_RADAR_CAC_STARTED:
1058 netdev = wdev ? wdev->netdev : NULL;
1059 nl80211_radar_notify(rdev, chandef, event, netdev, GFP_KERNEL);
1063 cfg80211_background_cac_event(struct cfg80211_registered_device *rdev,
1064 const struct cfg80211_chan_def *chandef,
1065 enum nl80211_radar_event event)
1067 wiphy_lock(&rdev->wiphy);
1068 __cfg80211_background_cac_event(rdev, rdev->background_radar_wdev,
1070 wiphy_unlock(&rdev->wiphy);
1073 void cfg80211_background_cac_done_wk(struct work_struct *work)
1075 struct delayed_work *delayed_work = to_delayed_work(work);
1076 struct cfg80211_registered_device *rdev;
1078 rdev = container_of(delayed_work, struct cfg80211_registered_device,
1079 background_cac_done_wk);
1080 cfg80211_background_cac_event(rdev, &rdev->background_radar_chandef,
1081 NL80211_RADAR_CAC_FINISHED);
1084 void cfg80211_background_cac_abort_wk(struct work_struct *work)
1086 struct cfg80211_registered_device *rdev;
1088 rdev = container_of(work, struct cfg80211_registered_device,
1089 background_cac_abort_wk);
1090 cfg80211_background_cac_event(rdev, &rdev->background_radar_chandef,
1091 NL80211_RADAR_CAC_ABORTED);
1094 void cfg80211_background_cac_abort(struct wiphy *wiphy)
1096 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
1098 queue_work(cfg80211_wq, &rdev->background_cac_abort_wk);
1100 EXPORT_SYMBOL(cfg80211_background_cac_abort);
1103 cfg80211_start_background_radar_detection(struct cfg80211_registered_device *rdev,
1104 struct wireless_dev *wdev,
1105 struct cfg80211_chan_def *chandef)
1107 unsigned int cac_time_ms;
1110 lockdep_assert_wiphy(&rdev->wiphy);
1112 if (!wiphy_ext_feature_isset(&rdev->wiphy,
1113 NL80211_EXT_FEATURE_RADAR_BACKGROUND))
1116 /* Offchannel chain already locked by another wdev */
1117 if (rdev->background_radar_wdev && rdev->background_radar_wdev != wdev)
1120 /* CAC already in progress on the offchannel chain */
1121 if (rdev->background_radar_wdev == wdev &&
1122 delayed_work_pending(&rdev->background_cac_done_wk))
1125 err = rdev_set_radar_background(rdev, chandef);
1129 cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, chandef);
1131 cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS;
1133 rdev->background_radar_chandef = *chandef;
1134 rdev->background_radar_wdev = wdev; /* Get offchain ownership */
1136 __cfg80211_background_cac_event(rdev, wdev, chandef,
1137 NL80211_RADAR_CAC_STARTED);
1138 queue_delayed_work(cfg80211_wq, &rdev->background_cac_done_wk,
1139 msecs_to_jiffies(cac_time_ms));
1144 void cfg80211_stop_background_radar_detection(struct wireless_dev *wdev)
1146 struct wiphy *wiphy = wdev->wiphy;
1147 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
1149 lockdep_assert_wiphy(wiphy);
1151 if (wdev != rdev->background_radar_wdev)
1154 rdev_set_radar_background(rdev, NULL);
1155 rdev->background_radar_wdev = NULL; /* Release offchain ownership */
1157 __cfg80211_background_cac_event(rdev, wdev,
1158 &rdev->background_radar_chandef,
1159 NL80211_RADAR_CAC_ABORTED);