1 // SPDX-License-Identifier: GPL-2.0-only
3 * BSS client mode implementation
4 * Copyright 2003-2008, Jouni Malinen <j@w1.fi>
5 * Copyright 2004, Instant802 Networks, Inc.
6 * Copyright 2005, Devicescape Software, Inc.
7 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
8 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
9 * Copyright 2013-2014 Intel Mobile Communications GmbH
10 * Copyright (C) 2015 - 2017 Intel Deutschland GmbH
11 * Copyright (C) 2018 - 2020 Intel Corporation
14 #include <linux/delay.h>
15 #include <linux/fips.h>
16 #include <linux/if_ether.h>
17 #include <linux/skbuff.h>
18 #include <linux/if_arp.h>
19 #include <linux/etherdevice.h>
20 #include <linux/moduleparam.h>
21 #include <linux/rtnetlink.h>
22 #include <linux/crc32.h>
23 #include <linux/slab.h>
24 #include <linux/export.h>
25 #include <net/mac80211.h>
26 #include <asm/unaligned.h>
28 #include "ieee80211_i.h"
29 #include "driver-ops.h"
32 #include "fils_aead.h"
34 #define IEEE80211_AUTH_TIMEOUT (HZ / 5)
35 #define IEEE80211_AUTH_TIMEOUT_LONG (HZ / 2)
36 #define IEEE80211_AUTH_TIMEOUT_SHORT (HZ / 10)
37 #define IEEE80211_AUTH_TIMEOUT_SAE (HZ * 2)
38 #define IEEE80211_AUTH_MAX_TRIES 3
39 #define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5)
40 #define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
41 #define IEEE80211_ASSOC_TIMEOUT_LONG (HZ / 2)
42 #define IEEE80211_ASSOC_TIMEOUT_SHORT (HZ / 10)
43 #define IEEE80211_ASSOC_MAX_TRIES 3
45 static int max_nullfunc_tries = 2;
46 module_param(max_nullfunc_tries, int, 0644);
47 MODULE_PARM_DESC(max_nullfunc_tries,
48 "Maximum nullfunc tx tries before disconnecting (reason 4).");
50 static int max_probe_tries = 5;
51 module_param(max_probe_tries, int, 0644);
52 MODULE_PARM_DESC(max_probe_tries,
53 "Maximum probe tries before disconnecting (reason 4).");
56 * Beacon loss timeout is calculated as N frames times the
57 * advertised beacon interval. This may need to be somewhat
58 * higher than what hardware might detect to account for
59 * delays in the host processing frames. But since we also
60 * probe on beacon miss before declaring the connection lost
61 * default to what we want.
63 static int beacon_loss_count = 7;
64 module_param(beacon_loss_count, int, 0644);
65 MODULE_PARM_DESC(beacon_loss_count,
66 "Number of beacon intervals before we decide beacon was lost.");
69 * Time the connection can be idle before we probe
70 * it to see if we can still talk to the AP.
72 #define IEEE80211_CONNECTION_IDLE_TIME (30 * HZ)
74 * Time we wait for a probe response after sending
75 * a probe request because of beacon loss or for
76 * checking the connection still works.
78 static int probe_wait_ms = 500;
79 module_param(probe_wait_ms, int, 0644);
80 MODULE_PARM_DESC(probe_wait_ms,
81 "Maximum time(ms) to wait for probe response"
82 " before disconnecting (reason 4).");
85 * How many Beacon frames need to have been used in average signal strength
86 * before starting to indicate signal change events.
88 #define IEEE80211_SIGNAL_AVE_MIN_COUNT 4
91 * We can have multiple work items (and connection probing)
92 * scheduling this timer, but we need to take care to only
93 * reschedule it when it should fire _earlier_ than it was
94 * asked for before, or if it's not pending right now. This
95 * function ensures that. Note that it then is required to
96 * run this function for all timeouts after the first one
97 * has happened -- the work that runs from this timer will
100 static void run_again(struct ieee80211_sub_if_data *sdata,
101 unsigned long timeout)
103 sdata_assert_lock(sdata);
105 if (!timer_pending(&sdata->u.mgd.timer) ||
106 time_before(timeout, sdata->u.mgd.timer.expires))
107 mod_timer(&sdata->u.mgd.timer, timeout);
110 void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata)
112 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER)
115 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
118 mod_timer(&sdata->u.mgd.bcn_mon_timer,
119 round_jiffies_up(jiffies + sdata->u.mgd.beacon_timeout));
122 void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata)
124 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
126 if (unlikely(!ifmgd->associated))
129 if (ifmgd->probe_send_count)
130 ifmgd->probe_send_count = 0;
132 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
135 mod_timer(&ifmgd->conn_mon_timer,
136 round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME));
139 static int ecw2cw(int ecw)
141 return (1 << ecw) - 1;
145 ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata,
146 struct ieee80211_supported_band *sband,
147 struct ieee80211_channel *channel,
149 const struct ieee80211_ht_operation *ht_oper,
150 const struct ieee80211_vht_operation *vht_oper,
151 const struct ieee80211_he_operation *he_oper,
152 struct cfg80211_chan_def *chandef, bool tracking)
154 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
155 struct cfg80211_chan_def vht_chandef;
156 struct ieee80211_sta_ht_cap sta_ht_cap;
159 memset(chandef, 0, sizeof(struct cfg80211_chan_def));
160 chandef->chan = channel;
161 chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
162 chandef->center_freq1 = channel->center_freq;
163 chandef->freq1_offset = channel->freq_offset;
165 if (channel->band == NL80211_BAND_6GHZ) {
166 if (!ieee80211_chandef_he_6ghz_oper(sdata, he_oper, chandef))
167 ret = IEEE80211_STA_DISABLE_HT |
168 IEEE80211_STA_DISABLE_VHT |
169 IEEE80211_STA_DISABLE_HE;
172 vht_chandef = *chandef;
176 memcpy(&sta_ht_cap, &sband->ht_cap, sizeof(sta_ht_cap));
177 ieee80211_apply_htcap_overrides(sdata, &sta_ht_cap);
179 if (!ht_oper || !sta_ht_cap.ht_supported) {
180 ret = IEEE80211_STA_DISABLE_HT |
181 IEEE80211_STA_DISABLE_VHT |
182 IEEE80211_STA_DISABLE_HE;
186 chandef->width = NL80211_CHAN_WIDTH_20;
188 ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan,
190 /* check that channel matches the right operating channel */
191 if (!tracking && channel->center_freq != ht_cfreq) {
193 * It's possible that some APs are confused here;
194 * Netgear WNDR3700 sometimes reports 4 higher than
195 * the actual channel in association responses, but
196 * since we look at probe response/beacon data here
200 "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n",
201 channel->center_freq, ht_cfreq,
202 ht_oper->primary_chan, channel->band);
203 ret = IEEE80211_STA_DISABLE_HT |
204 IEEE80211_STA_DISABLE_VHT |
205 IEEE80211_STA_DISABLE_HE;
209 /* check 40 MHz support, if we have it */
210 if (sta_ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) {
211 ieee80211_chandef_ht_oper(ht_oper, chandef);
213 /* 40 MHz (and 80 MHz) must be supported for VHT */
214 ret = IEEE80211_STA_DISABLE_VHT;
215 /* also mark 40 MHz disabled */
216 ret |= IEEE80211_STA_DISABLE_40MHZ;
220 if (!vht_oper || !sband->vht_cap.vht_supported) {
221 ret = IEEE80211_STA_DISABLE_VHT;
225 vht_chandef = *chandef;
226 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HE) && he_oper &&
227 (le32_to_cpu(he_oper->he_oper_params) &
228 IEEE80211_HE_OPERATION_VHT_OPER_INFO)) {
229 struct ieee80211_vht_operation he_oper_vht_cap;
232 * Set only first 3 bytes (other 2 aren't used in
233 * ieee80211_chandef_vht_oper() anyway)
235 memcpy(&he_oper_vht_cap, he_oper->optional, 3);
236 he_oper_vht_cap.basic_mcs_set = cpu_to_le16(0);
238 if (!ieee80211_chandef_vht_oper(&sdata->local->hw, vht_cap_info,
239 &he_oper_vht_cap, ht_oper,
241 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HE))
243 "HE AP VHT information is invalid, disable HE\n");
244 ret = IEEE80211_STA_DISABLE_HE;
247 } else if (!ieee80211_chandef_vht_oper(&sdata->local->hw,
251 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
253 "AP VHT information is invalid, disable VHT\n");
254 ret = IEEE80211_STA_DISABLE_VHT;
258 if (!cfg80211_chandef_valid(&vht_chandef)) {
259 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
261 "AP VHT information is invalid, disable VHT\n");
262 ret = IEEE80211_STA_DISABLE_VHT;
266 if (cfg80211_chandef_identical(chandef, &vht_chandef)) {
271 if (!cfg80211_chandef_compatible(chandef, &vht_chandef)) {
272 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
274 "AP VHT information doesn't match HT, disable VHT\n");
275 ret = IEEE80211_STA_DISABLE_VHT;
279 *chandef = vht_chandef;
285 * When tracking the current AP, don't do any further checks if the
286 * new chandef is identical to the one we're currently using for the
287 * connection. This keeps us from playing ping-pong with regulatory,
288 * without it the following can happen (for example):
289 * - connect to an AP with 80 MHz, world regdom allows 80 MHz
290 * - AP advertises regdom US
291 * - CRDA loads regdom US with 80 MHz prohibited (old database)
292 * - the code below detects an unsupported channel, downgrades, and
293 * we disconnect from the AP in the caller
294 * - disconnect causes CRDA to reload world regdomain and the game
296 * (see https://bugzilla.kernel.org/show_bug.cgi?id=70881)
298 * It seems possible that there are still scenarios with CSA or real
299 * bandwidth changes where a this could happen, but those cases are
300 * less common and wouldn't completely prevent using the AP.
303 cfg80211_chandef_identical(chandef, &sdata->vif.bss_conf.chandef))
306 /* don't print the message below for VHT mismatch if VHT is disabled */
307 if (ret & IEEE80211_STA_DISABLE_VHT)
308 vht_chandef = *chandef;
311 * Ignore the DISABLED flag when we're already connected and only
312 * tracking the APs beacon for bandwidth changes - otherwise we
313 * might get disconnected here if we connect to an AP, update our
314 * regulatory information based on the AP's country IE and the
315 * information we have is wrong/outdated and disables the channel
316 * that we're actually using for the connection to the AP.
318 while (!cfg80211_chandef_usable(sdata->local->hw.wiphy, chandef,
320 IEEE80211_CHAN_DISABLED)) {
321 if (WARN_ON(chandef->width == NL80211_CHAN_WIDTH_20_NOHT)) {
322 ret = IEEE80211_STA_DISABLE_HT |
323 IEEE80211_STA_DISABLE_VHT |
324 IEEE80211_STA_DISABLE_HE;
328 ret |= ieee80211_chandef_downgrade(chandef);
331 if (!he_oper || !cfg80211_chandef_usable(sdata->wdev.wiphy, chandef,
332 IEEE80211_CHAN_NO_HE))
333 ret |= IEEE80211_STA_DISABLE_HE;
335 if (chandef->width != vht_chandef.width && !tracking)
337 "capabilities/regulatory prevented using AP HT/VHT configuration, downgraded\n");
339 WARN_ON_ONCE(!cfg80211_chandef_valid(chandef));
343 static int ieee80211_config_bw(struct ieee80211_sub_if_data *sdata,
344 struct sta_info *sta,
345 const struct ieee80211_ht_cap *ht_cap,
346 const struct ieee80211_vht_cap *vht_cap,
347 const struct ieee80211_ht_operation *ht_oper,
348 const struct ieee80211_vht_operation *vht_oper,
349 const struct ieee80211_he_operation *he_oper,
350 const u8 *bssid, u32 *changed)
352 struct ieee80211_local *local = sdata->local;
353 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
354 struct ieee80211_channel *chan = sdata->vif.bss_conf.chandef.chan;
355 struct ieee80211_supported_band *sband =
356 local->hw.wiphy->bands[chan->band];
357 struct cfg80211_chan_def chandef;
360 enum ieee80211_sta_rx_bandwidth new_sta_bw;
361 u32 vht_cap_info = 0;
364 /* if HT was/is disabled, don't track any bandwidth changes */
365 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT || !ht_oper)
368 /* don't check VHT if we associated as non-VHT station */
369 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT)
372 /* don't check HE if we associated as non-HE station */
373 if (ifmgd->flags & IEEE80211_STA_DISABLE_HE ||
374 !ieee80211_get_he_sta_cap(sband))
377 if (WARN_ON_ONCE(!sta))
381 * if bss configuration changed store the new one -
382 * this may be applicable even if channel is identical
384 ht_opmode = le16_to_cpu(ht_oper->operation_mode);
385 if (sdata->vif.bss_conf.ht_operation_mode != ht_opmode) {
386 *changed |= BSS_CHANGED_HT;
387 sdata->vif.bss_conf.ht_operation_mode = ht_opmode;
391 vht_cap_info = le32_to_cpu(vht_cap->vht_cap_info);
393 /* calculate new channel (type) based on HT/VHT/HE operation IEs */
394 flags = ieee80211_determine_chantype(sdata, sband, chan, vht_cap_info,
395 ht_oper, vht_oper, he_oper,
399 * Downgrade the new channel if we associated with restricted
400 * capabilities. For example, if we associated as a 20 MHz STA
401 * to a 40 MHz AP (due to regulatory, capabilities or config
402 * reasons) then switching to a 40 MHz channel now won't do us
403 * any good -- we couldn't use it with the AP.
405 if (ifmgd->flags & IEEE80211_STA_DISABLE_80P80MHZ &&
406 chandef.width == NL80211_CHAN_WIDTH_80P80)
407 flags |= ieee80211_chandef_downgrade(&chandef);
408 if (ifmgd->flags & IEEE80211_STA_DISABLE_160MHZ &&
409 chandef.width == NL80211_CHAN_WIDTH_160)
410 flags |= ieee80211_chandef_downgrade(&chandef);
411 if (ifmgd->flags & IEEE80211_STA_DISABLE_40MHZ &&
412 chandef.width > NL80211_CHAN_WIDTH_20)
413 flags |= ieee80211_chandef_downgrade(&chandef);
415 if (cfg80211_chandef_identical(&chandef, &sdata->vif.bss_conf.chandef))
419 "AP %pM changed bandwidth, new config is %d.%03d MHz, "
420 "width %d (%d.%03d/%d MHz)\n",
421 ifmgd->bssid, chandef.chan->center_freq,
422 chandef.chan->freq_offset, chandef.width,
423 chandef.center_freq1, chandef.freq1_offset,
424 chandef.center_freq2);
426 if (flags != (ifmgd->flags & (IEEE80211_STA_DISABLE_HT |
427 IEEE80211_STA_DISABLE_VHT |
428 IEEE80211_STA_DISABLE_HE |
429 IEEE80211_STA_DISABLE_40MHZ |
430 IEEE80211_STA_DISABLE_80P80MHZ |
431 IEEE80211_STA_DISABLE_160MHZ)) ||
432 !cfg80211_chandef_valid(&chandef)) {
434 "AP %pM changed bandwidth in a way we can't support - disconnect\n",
439 switch (chandef.width) {
440 case NL80211_CHAN_WIDTH_20_NOHT:
441 case NL80211_CHAN_WIDTH_20:
442 new_sta_bw = IEEE80211_STA_RX_BW_20;
444 case NL80211_CHAN_WIDTH_40:
445 new_sta_bw = IEEE80211_STA_RX_BW_40;
447 case NL80211_CHAN_WIDTH_80:
448 new_sta_bw = IEEE80211_STA_RX_BW_80;
450 case NL80211_CHAN_WIDTH_80P80:
451 case NL80211_CHAN_WIDTH_160:
452 new_sta_bw = IEEE80211_STA_RX_BW_160;
458 if (new_sta_bw > sta->cur_max_bandwidth)
459 new_sta_bw = sta->cur_max_bandwidth;
461 if (new_sta_bw < sta->sta.bandwidth) {
462 sta->sta.bandwidth = new_sta_bw;
463 rate_control_rate_update(local, sband, sta,
464 IEEE80211_RC_BW_CHANGED);
467 ret = ieee80211_vif_change_bandwidth(sdata, &chandef, changed);
470 "AP %pM changed bandwidth to incompatible one - disconnect\n",
475 if (new_sta_bw > sta->sta.bandwidth) {
476 sta->sta.bandwidth = new_sta_bw;
477 rate_control_rate_update(local, sband, sta,
478 IEEE80211_RC_BW_CHANGED);
484 /* frame sending functions */
486 static void ieee80211_add_ht_ie(struct ieee80211_sub_if_data *sdata,
487 struct sk_buff *skb, u8 ap_ht_param,
488 struct ieee80211_supported_band *sband,
489 struct ieee80211_channel *channel,
490 enum ieee80211_smps_mode smps)
493 u32 flags = channel->flags;
495 struct ieee80211_sta_ht_cap ht_cap;
497 BUILD_BUG_ON(sizeof(ht_cap) != sizeof(sband->ht_cap));
499 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap));
500 ieee80211_apply_htcap_overrides(sdata, &ht_cap);
502 /* determine capability flags */
505 switch (ap_ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
506 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
507 if (flags & IEEE80211_CHAN_NO_HT40PLUS) {
508 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
509 cap &= ~IEEE80211_HT_CAP_SGI_40;
512 case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
513 if (flags & IEEE80211_CHAN_NO_HT40MINUS) {
514 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
515 cap &= ~IEEE80211_HT_CAP_SGI_40;
521 * If 40 MHz was disabled associate as though we weren't
522 * capable of 40 MHz -- some broken APs will never fall
523 * back to trying to transmit in 20 MHz.
525 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_40MHZ) {
526 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
527 cap &= ~IEEE80211_HT_CAP_SGI_40;
530 /* set SM PS mode properly */
531 cap &= ~IEEE80211_HT_CAP_SM_PS;
533 case IEEE80211_SMPS_AUTOMATIC:
534 case IEEE80211_SMPS_NUM_MODES:
537 case IEEE80211_SMPS_OFF:
538 cap |= WLAN_HT_CAP_SM_PS_DISABLED <<
539 IEEE80211_HT_CAP_SM_PS_SHIFT;
541 case IEEE80211_SMPS_STATIC:
542 cap |= WLAN_HT_CAP_SM_PS_STATIC <<
543 IEEE80211_HT_CAP_SM_PS_SHIFT;
545 case IEEE80211_SMPS_DYNAMIC:
546 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC <<
547 IEEE80211_HT_CAP_SM_PS_SHIFT;
551 /* reserve and fill IE */
552 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2);
553 ieee80211_ie_build_ht_cap(pos, &ht_cap, cap);
556 /* This function determines vht capability flags for the association
558 * Note - the function may set the owner of the MU-MIMO capability
560 static void ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata,
562 struct ieee80211_supported_band *sband,
563 struct ieee80211_vht_cap *ap_vht_cap)
565 struct ieee80211_local *local = sdata->local;
568 struct ieee80211_sta_vht_cap vht_cap;
569 u32 mask, ap_bf_sts, our_bf_sts;
571 BUILD_BUG_ON(sizeof(vht_cap) != sizeof(sband->vht_cap));
573 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap));
574 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap);
576 /* determine capability flags */
579 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_80P80MHZ) {
580 u32 bw = cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK;
582 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK;
583 if (bw == IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ ||
584 bw == IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ)
585 cap |= IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
588 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_160MHZ) {
589 cap &= ~IEEE80211_VHT_CAP_SHORT_GI_160;
590 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK;
594 * Some APs apparently get confused if our capabilities are better
595 * than theirs, so restrict what we advertise in the assoc request.
597 if (!(ap_vht_cap->vht_cap_info &
598 cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)))
599 cap &= ~(IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
600 IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE);
601 else if (!(ap_vht_cap->vht_cap_info &
602 cpu_to_le32(IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)))
603 cap &= ~IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE;
606 * If some other vif is using the MU-MIMO capablity we cannot associate
607 * using MU-MIMO - this will lead to contradictions in the group-id
609 * Ownership is defined since association request, in order to avoid
610 * simultaneous associations with MU-MIMO.
612 if (cap & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE) {
613 bool disable_mu_mimo = false;
614 struct ieee80211_sub_if_data *other;
616 list_for_each_entry_rcu(other, &local->interfaces, list) {
617 if (other->vif.mu_mimo_owner) {
618 disable_mu_mimo = true;
623 cap &= ~IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE;
625 sdata->vif.mu_mimo_owner = true;
628 mask = IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK;
630 ap_bf_sts = le32_to_cpu(ap_vht_cap->vht_cap_info) & mask;
631 our_bf_sts = cap & mask;
633 if (ap_bf_sts < our_bf_sts) {
638 /* reserve and fill IE */
639 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2);
640 ieee80211_ie_build_vht_cap(pos, &vht_cap, cap);
643 /* This function determines HE capability flags for the association
646 static void ieee80211_add_he_ie(struct ieee80211_sub_if_data *sdata,
648 struct ieee80211_supported_band *sband)
651 const struct ieee80211_sta_he_cap *he_cap = NULL;
652 struct ieee80211_chanctx_conf *chanctx_conf;
654 bool reg_cap = false;
657 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
658 if (!WARN_ON_ONCE(!chanctx_conf))
659 reg_cap = cfg80211_chandef_usable(sdata->wdev.wiphy,
661 IEEE80211_CHAN_NO_HE);
665 he_cap = ieee80211_get_he_sta_cap(sband);
666 if (!he_cap || !reg_cap)
670 * TODO: the 1 added is because this temporarily is under the EXTENSION
671 * IE. Get rid of it when it moves.
674 2 + 1 + sizeof(he_cap->he_cap_elem) +
675 ieee80211_he_mcs_nss_size(&he_cap->he_cap_elem) +
676 ieee80211_he_ppe_size(he_cap->ppe_thres[0],
677 he_cap->he_cap_elem.phy_cap_info);
678 pos = skb_put(skb, he_cap_size);
679 ieee80211_ie_build_he_cap(pos, he_cap, pos + he_cap_size);
681 ieee80211_ie_build_he_6ghz_cap(sdata, skb);
684 static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata)
686 struct ieee80211_local *local = sdata->local;
687 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
688 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
690 struct ieee80211_mgmt *mgmt;
691 u8 *pos, qos_info, *ie_start;
692 size_t offset = 0, noffset;
693 int i, count, rates_len, supp_rates_len, shift;
695 struct ieee80211_supported_band *sband;
696 struct ieee80211_chanctx_conf *chanctx_conf;
697 struct ieee80211_channel *chan;
699 struct element *ext_capa = NULL;
701 /* we know it's writable, cast away the const */
702 if (assoc_data->ie_len)
703 ext_capa = (void *)cfg80211_find_elem(WLAN_EID_EXT_CAPABILITY,
707 sdata_assert_lock(sdata);
710 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
711 if (WARN_ON(!chanctx_conf)) {
715 chan = chanctx_conf->def.chan;
717 sband = local->hw.wiphy->bands[chan->band];
718 shift = ieee80211_vif_get_shift(&sdata->vif);
720 if (assoc_data->supp_rates_len) {
722 * Get all rates supported by the device and the AP as
723 * some APs don't like getting a superset of their rates
724 * in the association request (e.g. D-Link DAP 1353 in
727 rates_len = ieee80211_parse_bitrates(&chanctx_conf->def, sband,
728 assoc_data->supp_rates,
729 assoc_data->supp_rates_len,
733 * In case AP not provide any supported rates information
734 * before association, we send information element(s) with
735 * all rates that we support.
738 for (i = 0; i < sband->n_bitrates; i++) {
744 skb = alloc_skb(local->hw.extra_tx_headroom +
745 sizeof(*mgmt) + /* bit too much but doesn't matter */
746 2 + assoc_data->ssid_len + /* SSID */
747 4 + rates_len + /* (extended) rates */
748 4 + /* power capability */
749 2 + 2 * sband->n_channels + /* supported channels */
750 2 + sizeof(struct ieee80211_ht_cap) + /* HT */
751 2 + sizeof(struct ieee80211_vht_cap) + /* VHT */
752 2 + 1 + sizeof(struct ieee80211_he_cap_elem) + /* HE */
753 sizeof(struct ieee80211_he_mcs_nss_supp) +
754 IEEE80211_HE_PPE_THRES_MAX_LEN +
755 2 + 1 + sizeof(struct ieee80211_he_6ghz_capa) +
756 assoc_data->ie_len + /* extra IEs */
757 (assoc_data->fils_kek_len ? 16 /* AES-SIV */ : 0) +
763 skb_reserve(skb, local->hw.extra_tx_headroom);
765 capab = WLAN_CAPABILITY_ESS;
767 if (sband->band == NL80211_BAND_2GHZ) {
768 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
769 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
772 if (assoc_data->capability & WLAN_CAPABILITY_PRIVACY)
773 capab |= WLAN_CAPABILITY_PRIVACY;
775 if ((assoc_data->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) &&
776 ieee80211_hw_check(&local->hw, SPECTRUM_MGMT))
777 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;
779 if (ifmgd->flags & IEEE80211_STA_ENABLE_RRM)
780 capab |= WLAN_CAPABILITY_RADIO_MEASURE;
782 mgmt = skb_put_zero(skb, 24);
783 memcpy(mgmt->da, assoc_data->bss->bssid, ETH_ALEN);
784 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
785 memcpy(mgmt->bssid, assoc_data->bss->bssid, ETH_ALEN);
787 if (!is_zero_ether_addr(assoc_data->prev_bssid)) {
789 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
790 IEEE80211_STYPE_REASSOC_REQ);
791 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab);
792 mgmt->u.reassoc_req.listen_interval =
793 cpu_to_le16(local->hw.conf.listen_interval);
794 memcpy(mgmt->u.reassoc_req.current_ap, assoc_data->prev_bssid,
798 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
799 IEEE80211_STYPE_ASSOC_REQ);
800 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab);
801 mgmt->u.assoc_req.listen_interval =
802 cpu_to_le16(local->hw.conf.listen_interval);
806 pos = skb_put(skb, 2 + assoc_data->ssid_len);
808 *pos++ = WLAN_EID_SSID;
809 *pos++ = assoc_data->ssid_len;
810 memcpy(pos, assoc_data->ssid, assoc_data->ssid_len);
812 /* add all rates which were marked to be used above */
813 supp_rates_len = rates_len;
814 if (supp_rates_len > 8)
817 pos = skb_put(skb, supp_rates_len + 2);
818 *pos++ = WLAN_EID_SUPP_RATES;
819 *pos++ = supp_rates_len;
822 for (i = 0; i < sband->n_bitrates; i++) {
823 if (BIT(i) & rates) {
824 int rate = DIV_ROUND_UP(sband->bitrates[i].bitrate,
832 if (rates_len > count) {
833 pos = skb_put(skb, rates_len - count + 2);
834 *pos++ = WLAN_EID_EXT_SUPP_RATES;
835 *pos++ = rates_len - count;
837 for (i++; i < sband->n_bitrates; i++) {
838 if (BIT(i) & rates) {
840 rate = DIV_ROUND_UP(sband->bitrates[i].bitrate,
847 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT ||
848 capab & WLAN_CAPABILITY_RADIO_MEASURE) {
849 pos = skb_put(skb, 4);
850 *pos++ = WLAN_EID_PWR_CAPABILITY;
852 *pos++ = 0; /* min tx power */
854 *pos++ = ieee80211_chandef_max_power(&chanctx_conf->def);
858 * Per spec, we shouldn't include the list of channels if we advertise
859 * support for extended channel switching, but we've always done that;
860 * (for now?) apply this restriction only on the (new) 6 GHz band.
862 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT &&
863 (sband->band != NL80211_BAND_6GHZ ||
864 !ext_capa || ext_capa->datalen < 1 ||
865 !(ext_capa->data[0] & WLAN_EXT_CAPA1_EXT_CHANNEL_SWITCHING))) {
866 /* TODO: get this in reg domain format */
867 pos = skb_put(skb, 2 * sband->n_channels + 2);
868 *pos++ = WLAN_EID_SUPPORTED_CHANNELS;
869 *pos++ = 2 * sband->n_channels;
870 for (i = 0; i < sband->n_channels; i++) {
871 *pos++ = ieee80211_frequency_to_channel(
872 sband->channels[i].center_freq);
873 *pos++ = 1; /* one channel in the subband*/
877 /* Set MBSSID support for HE AP if needed */
878 if (ieee80211_hw_check(&local->hw, SUPPORTS_ONLY_HE_MULTI_BSSID) &&
879 !(ifmgd->flags & IEEE80211_STA_DISABLE_HE) && assoc_data->ie_len &&
880 ext_capa && ext_capa->datalen >= 3)
881 ext_capa->data[2] |= WLAN_EXT_CAPA3_MULTI_BSSID_SUPPORT;
883 /* if present, add any custom IEs that go before HT */
884 if (assoc_data->ie_len) {
885 static const u8 before_ht[] = {
888 WLAN_EID_EXT_SUPP_RATES,
889 WLAN_EID_PWR_CAPABILITY,
890 WLAN_EID_SUPPORTED_CHANNELS,
893 WLAN_EID_RRM_ENABLED_CAPABILITIES,
894 WLAN_EID_MOBILITY_DOMAIN,
895 WLAN_EID_FAST_BSS_TRANSITION, /* reassoc only */
896 WLAN_EID_RIC_DATA, /* reassoc only */
897 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
899 static const u8 after_ric[] = {
900 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
901 WLAN_EID_HT_CAPABILITY,
902 WLAN_EID_BSS_COEX_2040,
903 /* luckily this is almost always there */
904 WLAN_EID_EXT_CAPABILITY,
905 WLAN_EID_QOS_TRAFFIC_CAPA,
906 WLAN_EID_TIM_BCAST_REQ,
907 WLAN_EID_INTERWORKING,
908 /* 60 GHz (Multi-band, DMG, MMS) can't happen */
909 WLAN_EID_VHT_CAPABILITY,
910 WLAN_EID_OPMODE_NOTIF,
913 noffset = ieee80211_ie_split_ric(assoc_data->ie,
916 ARRAY_SIZE(before_ht),
918 ARRAY_SIZE(after_ric),
920 skb_put_data(skb, assoc_data->ie + offset, noffset - offset);
924 if (WARN_ON_ONCE((ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
925 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)))
926 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
928 if (sband->band != NL80211_BAND_6GHZ &&
929 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT))
930 ieee80211_add_ht_ie(sdata, skb, assoc_data->ap_ht_param,
931 sband, chan, sdata->smps_mode);
933 /* if present, add any custom IEs that go before VHT */
934 if (assoc_data->ie_len) {
935 static const u8 before_vht[] = {
937 * no need to list the ones split off before HT
940 WLAN_EID_BSS_COEX_2040,
941 WLAN_EID_EXT_CAPABILITY,
942 WLAN_EID_QOS_TRAFFIC_CAPA,
943 WLAN_EID_TIM_BCAST_REQ,
944 WLAN_EID_INTERWORKING,
945 /* 60 GHz (Multi-band, DMG, MMS) can't happen */
948 /* RIC already taken above, so no need to handle here anymore */
949 noffset = ieee80211_ie_split(assoc_data->ie, assoc_data->ie_len,
950 before_vht, ARRAY_SIZE(before_vht),
952 skb_put_data(skb, assoc_data->ie + offset, noffset - offset);
956 /* if present, add any custom IEs that go before HE */
957 if (assoc_data->ie_len) {
958 static const u8 before_he[] = {
960 * no need to list the ones split off before VHT
963 WLAN_EID_OPMODE_NOTIF,
964 WLAN_EID_EXTENSION, WLAN_EID_EXT_FUTURE_CHAN_GUIDANCE,
966 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_SESSION,
967 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_PUBLIC_KEY,
968 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_KEY_CONFIRM,
969 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_HLP_CONTAINER,
970 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_IP_ADDR_ASSIGN,
971 /* TODO: add 11ah/11aj/11ak elements */
974 /* RIC already taken above, so no need to handle here anymore */
975 noffset = ieee80211_ie_split(assoc_data->ie, assoc_data->ie_len,
976 before_he, ARRAY_SIZE(before_he),
978 pos = skb_put(skb, noffset - offset);
979 memcpy(pos, assoc_data->ie + offset, noffset - offset);
983 if (sband->band != NL80211_BAND_6GHZ &&
984 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
985 ieee80211_add_vht_ie(sdata, skb, sband,
986 &assoc_data->ap_vht_cap);
989 * If AP doesn't support HT, mark HE as disabled.
990 * If on the 5GHz band, make sure it supports VHT.
992 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT ||
993 (sband->band == NL80211_BAND_5GHZ &&
994 ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
995 ifmgd->flags |= IEEE80211_STA_DISABLE_HE;
997 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HE))
998 ieee80211_add_he_ie(sdata, skb, sband);
1000 /* if present, add any custom non-vendor IEs that go after HE */
1001 if (assoc_data->ie_len) {
1002 noffset = ieee80211_ie_split_vendor(assoc_data->ie,
1005 skb_put_data(skb, assoc_data->ie + offset, noffset - offset);
1009 if (assoc_data->wmm) {
1010 if (assoc_data->uapsd) {
1011 qos_info = ifmgd->uapsd_queues;
1012 qos_info |= (ifmgd->uapsd_max_sp_len <<
1013 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT);
1018 pos = ieee80211_add_wmm_info_ie(skb_put(skb, 9), qos_info);
1021 /* add any remaining custom (i.e. vendor specific here) IEs */
1022 if (assoc_data->ie_len) {
1023 noffset = assoc_data->ie_len;
1024 skb_put_data(skb, assoc_data->ie + offset, noffset - offset);
1027 if (assoc_data->fils_kek_len &&
1028 fils_encrypt_assoc_req(skb, assoc_data) < 0) {
1033 pos = skb_tail_pointer(skb);
1034 kfree(ifmgd->assoc_req_ies);
1035 ifmgd->assoc_req_ies = kmemdup(ie_start, pos - ie_start, GFP_ATOMIC);
1036 ifmgd->assoc_req_ies_len = pos - ie_start;
1038 drv_mgd_prepare_tx(local, sdata, 0);
1040 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
1041 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
1042 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS |
1043 IEEE80211_TX_INTFL_MLME_CONN_TX;
1044 ieee80211_tx_skb(sdata, skb);
1047 void ieee80211_send_pspoll(struct ieee80211_local *local,
1048 struct ieee80211_sub_if_data *sdata)
1050 struct ieee80211_pspoll *pspoll;
1051 struct sk_buff *skb;
1053 skb = ieee80211_pspoll_get(&local->hw, &sdata->vif);
1057 pspoll = (struct ieee80211_pspoll *) skb->data;
1058 pspoll->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
1060 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
1061 ieee80211_tx_skb(sdata, skb);
1064 void ieee80211_send_nullfunc(struct ieee80211_local *local,
1065 struct ieee80211_sub_if_data *sdata,
1068 struct sk_buff *skb;
1069 struct ieee80211_hdr_3addr *nullfunc;
1070 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1072 /* Don't send NDPs when STA is connected HE */
1073 if (sdata->vif.type == NL80211_IFTYPE_STATION &&
1074 !(ifmgd->flags & IEEE80211_STA_DISABLE_HE))
1077 skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif,
1078 !ieee80211_hw_check(&local->hw, DOESNT_SUPPORT_QOS_NDP));
1082 nullfunc = (struct ieee80211_hdr_3addr *) skb->data;
1084 nullfunc->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
1086 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT |
1087 IEEE80211_TX_INTFL_OFFCHAN_TX_OK;
1089 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
1090 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
1092 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL)
1093 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE;
1095 ieee80211_tx_skb(sdata, skb);
1098 static void ieee80211_send_4addr_nullfunc(struct ieee80211_local *local,
1099 struct ieee80211_sub_if_data *sdata)
1101 struct sk_buff *skb;
1102 struct ieee80211_hdr *nullfunc;
1105 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
1108 /* Don't send NDPs when connected HE */
1109 if (!(sdata->u.mgd.flags & IEEE80211_STA_DISABLE_HE))
1112 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30);
1116 skb_reserve(skb, local->hw.extra_tx_headroom);
1118 nullfunc = skb_put_zero(skb, 30);
1119 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC |
1120 IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
1121 nullfunc->frame_control = fc;
1122 memcpy(nullfunc->addr1, sdata->u.mgd.bssid, ETH_ALEN);
1123 memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN);
1124 memcpy(nullfunc->addr3, sdata->u.mgd.bssid, ETH_ALEN);
1125 memcpy(nullfunc->addr4, sdata->vif.addr, ETH_ALEN);
1127 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
1128 ieee80211_tx_skb(sdata, skb);
1131 /* spectrum management related things */
1132 static void ieee80211_chswitch_work(struct work_struct *work)
1134 struct ieee80211_sub_if_data *sdata =
1135 container_of(work, struct ieee80211_sub_if_data, u.mgd.chswitch_work);
1136 struct ieee80211_local *local = sdata->local;
1137 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1140 if (!ieee80211_sdata_running(sdata))
1144 mutex_lock(&local->mtx);
1145 mutex_lock(&local->chanctx_mtx);
1147 if (!ifmgd->associated)
1150 if (!sdata->vif.csa_active)
1154 * using reservation isn't immediate as it may be deferred until later
1155 * with multi-vif. once reservation is complete it will re-schedule the
1156 * work with no reserved_chanctx so verify chandef to check if it
1157 * completed successfully
1160 if (sdata->reserved_chanctx) {
1161 struct ieee80211_supported_band *sband = NULL;
1162 struct sta_info *mgd_sta = NULL;
1163 enum ieee80211_sta_rx_bandwidth bw = IEEE80211_STA_RX_BW_20;
1166 * with multi-vif csa driver may call ieee80211_csa_finish()
1167 * many times while waiting for other interfaces to use their
1170 if (sdata->reserved_ready)
1173 if (sdata->vif.bss_conf.chandef.width !=
1174 sdata->csa_chandef.width) {
1176 * For managed interface, we need to also update the AP
1177 * station bandwidth and align the rate scale algorithm
1178 * on the bandwidth change. Here we only consider the
1179 * bandwidth of the new channel definition (as channel
1180 * switch flow does not have the full HT/VHT/HE
1181 * information), assuming that if additional changes are
1182 * required they would be done as part of the processing
1183 * of the next beacon from the AP.
1185 switch (sdata->csa_chandef.width) {
1186 case NL80211_CHAN_WIDTH_20_NOHT:
1187 case NL80211_CHAN_WIDTH_20:
1189 bw = IEEE80211_STA_RX_BW_20;
1191 case NL80211_CHAN_WIDTH_40:
1192 bw = IEEE80211_STA_RX_BW_40;
1194 case NL80211_CHAN_WIDTH_80:
1195 bw = IEEE80211_STA_RX_BW_80;
1197 case NL80211_CHAN_WIDTH_80P80:
1198 case NL80211_CHAN_WIDTH_160:
1199 bw = IEEE80211_STA_RX_BW_160;
1203 mgd_sta = sta_info_get(sdata, ifmgd->bssid);
1205 local->hw.wiphy->bands[sdata->csa_chandef.chan->band];
1208 if (sdata->vif.bss_conf.chandef.width >
1209 sdata->csa_chandef.width) {
1210 mgd_sta->sta.bandwidth = bw;
1211 rate_control_rate_update(local, sband, mgd_sta,
1212 IEEE80211_RC_BW_CHANGED);
1215 ret = ieee80211_vif_use_reserved_context(sdata);
1218 "failed to use reserved channel context, disconnecting (err=%d)\n",
1220 ieee80211_queue_work(&sdata->local->hw,
1221 &ifmgd->csa_connection_drop_work);
1225 if (sdata->vif.bss_conf.chandef.width <
1226 sdata->csa_chandef.width) {
1227 mgd_sta->sta.bandwidth = bw;
1228 rate_control_rate_update(local, sband, mgd_sta,
1229 IEEE80211_RC_BW_CHANGED);
1235 if (!cfg80211_chandef_identical(&sdata->vif.bss_conf.chandef,
1236 &sdata->csa_chandef)) {
1238 "failed to finalize channel switch, disconnecting\n");
1239 ieee80211_queue_work(&sdata->local->hw,
1240 &ifmgd->csa_connection_drop_work);
1244 ifmgd->csa_waiting_bcn = true;
1246 ieee80211_sta_reset_beacon_monitor(sdata);
1247 ieee80211_sta_reset_conn_monitor(sdata);
1250 mutex_unlock(&local->chanctx_mtx);
1251 mutex_unlock(&local->mtx);
1252 sdata_unlock(sdata);
1255 static void ieee80211_chswitch_post_beacon(struct ieee80211_sub_if_data *sdata)
1257 struct ieee80211_local *local = sdata->local;
1258 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1261 sdata_assert_lock(sdata);
1263 WARN_ON(!sdata->vif.csa_active);
1265 if (sdata->csa_block_tx) {
1266 ieee80211_wake_vif_queues(local, sdata,
1267 IEEE80211_QUEUE_STOP_REASON_CSA);
1268 sdata->csa_block_tx = false;
1271 sdata->vif.csa_active = false;
1272 ifmgd->csa_waiting_bcn = false;
1274 ret = drv_post_channel_switch(sdata);
1277 "driver post channel switch failed, disconnecting\n");
1278 ieee80211_queue_work(&local->hw,
1279 &ifmgd->csa_connection_drop_work);
1283 cfg80211_ch_switch_notify(sdata->dev, &sdata->reserved_chandef);
1286 void ieee80211_chswitch_done(struct ieee80211_vif *vif, bool success)
1288 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1289 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1291 trace_api_chswitch_done(sdata, success);
1294 "driver channel switch failed, disconnecting\n");
1295 ieee80211_queue_work(&sdata->local->hw,
1296 &ifmgd->csa_connection_drop_work);
1298 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work);
1301 EXPORT_SYMBOL(ieee80211_chswitch_done);
1303 static void ieee80211_chswitch_timer(struct timer_list *t)
1305 struct ieee80211_sub_if_data *sdata =
1306 from_timer(sdata, t, u.mgd.chswitch_timer);
1308 ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.chswitch_work);
1312 ieee80211_sta_abort_chanswitch(struct ieee80211_sub_if_data *sdata)
1314 struct ieee80211_local *local = sdata->local;
1316 if (!local->ops->abort_channel_switch)
1319 mutex_lock(&local->mtx);
1321 mutex_lock(&local->chanctx_mtx);
1322 ieee80211_vif_unreserve_chanctx(sdata);
1323 mutex_unlock(&local->chanctx_mtx);
1325 if (sdata->csa_block_tx)
1326 ieee80211_wake_vif_queues(local, sdata,
1327 IEEE80211_QUEUE_STOP_REASON_CSA);
1329 sdata->csa_block_tx = false;
1330 sdata->vif.csa_active = false;
1332 mutex_unlock(&local->mtx);
1334 drv_abort_channel_switch(sdata);
1338 ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata,
1339 u64 timestamp, u32 device_timestamp,
1340 struct ieee802_11_elems *elems,
1343 struct ieee80211_local *local = sdata->local;
1344 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1345 struct cfg80211_bss *cbss = ifmgd->associated;
1346 struct ieee80211_chanctx_conf *conf;
1347 struct ieee80211_chanctx *chanctx;
1348 enum nl80211_band current_band;
1349 struct ieee80211_csa_ie csa_ie;
1350 struct ieee80211_channel_switch ch_switch;
1351 struct ieee80211_bss *bss;
1354 sdata_assert_lock(sdata);
1359 if (local->scanning)
1362 current_band = cbss->channel->band;
1363 bss = (void *)cbss->priv;
1364 res = ieee80211_parse_ch_switch_ie(sdata, elems, current_band,
1367 ifmgd->associated->bssid, &csa_ie);
1370 ch_switch.timestamp = timestamp;
1371 ch_switch.device_timestamp = device_timestamp;
1372 ch_switch.block_tx = csa_ie.mode;
1373 ch_switch.chandef = csa_ie.chandef;
1374 ch_switch.count = csa_ie.count;
1375 ch_switch.delay = csa_ie.max_switch_time;
1379 ieee80211_queue_work(&local->hw,
1380 &ifmgd->csa_connection_drop_work);
1384 if (beacon && sdata->vif.csa_active && !ifmgd->csa_waiting_bcn) {
1386 ieee80211_sta_abort_chanswitch(sdata);
1388 drv_channel_switch_rx_beacon(sdata, &ch_switch);
1390 } else if (sdata->vif.csa_active || res) {
1391 /* disregard subsequent announcements if already processing */
1395 if (!cfg80211_chandef_usable(local->hw.wiphy, &csa_ie.chandef,
1396 IEEE80211_CHAN_DISABLED)) {
1398 "AP %pM switches to unsupported channel "
1399 "(%d.%03d MHz, width:%d, CF1/2: %d.%03d/%d MHz), "
1401 ifmgd->associated->bssid,
1402 csa_ie.chandef.chan->center_freq,
1403 csa_ie.chandef.chan->freq_offset,
1404 csa_ie.chandef.width, csa_ie.chandef.center_freq1,
1405 csa_ie.chandef.freq1_offset,
1406 csa_ie.chandef.center_freq2);
1407 ieee80211_queue_work(&local->hw,
1408 &ifmgd->csa_connection_drop_work);
1412 if (cfg80211_chandef_identical(&csa_ie.chandef,
1413 &sdata->vif.bss_conf.chandef) &&
1414 (!csa_ie.mode || !beacon)) {
1415 if (ifmgd->csa_ignored_same_chan)
1418 "AP %pM tries to chanswitch to same channel, ignore\n",
1419 ifmgd->associated->bssid);
1420 ifmgd->csa_ignored_same_chan = true;
1425 * Drop all TDLS peers - either we disconnect or move to a different
1426 * channel from this point on. There's no telling what our peer will do.
1427 * The TDLS WIDER_BW scenario is also problematic, as peers might now
1428 * have an incompatible wider chandef.
1430 ieee80211_teardown_tdls_peers(sdata);
1432 mutex_lock(&local->mtx);
1433 mutex_lock(&local->chanctx_mtx);
1434 conf = rcu_dereference_protected(sdata->vif.chanctx_conf,
1435 lockdep_is_held(&local->chanctx_mtx));
1438 "no channel context assigned to vif?, disconnecting\n");
1439 goto drop_connection;
1442 chanctx = container_of(conf, struct ieee80211_chanctx, conf);
1444 if (local->use_chanctx &&
1445 !ieee80211_hw_check(&local->hw, CHANCTX_STA_CSA)) {
1447 "driver doesn't support chan-switch with channel contexts\n");
1448 goto drop_connection;
1451 if (drv_pre_channel_switch(sdata, &ch_switch)) {
1453 "preparing for channel switch failed, disconnecting\n");
1454 goto drop_connection;
1457 res = ieee80211_vif_reserve_chanctx(sdata, &csa_ie.chandef,
1458 chanctx->mode, false);
1461 "failed to reserve channel context for channel switch, disconnecting (err=%d)\n",
1463 goto drop_connection;
1465 mutex_unlock(&local->chanctx_mtx);
1467 sdata->vif.csa_active = true;
1468 sdata->csa_chandef = csa_ie.chandef;
1469 sdata->csa_block_tx = csa_ie.mode;
1470 ifmgd->csa_ignored_same_chan = false;
1472 if (sdata->csa_block_tx)
1473 ieee80211_stop_vif_queues(local, sdata,
1474 IEEE80211_QUEUE_STOP_REASON_CSA);
1475 mutex_unlock(&local->mtx);
1477 cfg80211_ch_switch_started_notify(sdata->dev, &csa_ie.chandef,
1480 if (local->ops->channel_switch) {
1481 /* use driver's channel switch callback */
1482 drv_channel_switch(local, sdata, &ch_switch);
1486 /* channel switch handled in software */
1487 if (csa_ie.count <= 1)
1488 ieee80211_queue_work(&local->hw, &ifmgd->chswitch_work);
1490 mod_timer(&ifmgd->chswitch_timer,
1491 TU_TO_EXP_TIME((csa_ie.count - 1) *
1492 cbss->beacon_interval));
1496 * This is just so that the disconnect flow will know that
1497 * we were trying to switch channel and failed. In case the
1498 * mode is 1 (we are not allowed to Tx), we will know not to
1499 * send a deauthentication frame. Those two fields will be
1500 * reset when the disconnection worker runs.
1502 sdata->vif.csa_active = true;
1503 sdata->csa_block_tx = csa_ie.mode;
1505 ieee80211_queue_work(&local->hw, &ifmgd->csa_connection_drop_work);
1506 mutex_unlock(&local->chanctx_mtx);
1507 mutex_unlock(&local->mtx);
1511 ieee80211_find_80211h_pwr_constr(struct ieee80211_sub_if_data *sdata,
1512 struct ieee80211_channel *channel,
1513 const u8 *country_ie, u8 country_ie_len,
1514 const u8 *pwr_constr_elem,
1515 int *chan_pwr, int *pwr_reduction)
1517 struct ieee80211_country_ie_triplet *triplet;
1518 int chan = ieee80211_frequency_to_channel(channel->center_freq);
1519 int i, chan_increment;
1520 bool have_chan_pwr = false;
1523 if (country_ie_len % 2 || country_ie_len < IEEE80211_COUNTRY_IE_MIN_LEN)
1526 triplet = (void *)(country_ie + 3);
1527 country_ie_len -= 3;
1529 switch (channel->band) {
1533 case NL80211_BAND_2GHZ:
1534 case NL80211_BAND_60GHZ:
1537 case NL80211_BAND_5GHZ:
1538 case NL80211_BAND_6GHZ:
1544 while (country_ie_len >= 3) {
1545 u8 first_channel = triplet->chans.first_channel;
1547 if (first_channel >= IEEE80211_COUNTRY_EXTENSION_ID)
1550 for (i = 0; i < triplet->chans.num_channels; i++) {
1551 if (first_channel + i * chan_increment == chan) {
1552 have_chan_pwr = true;
1553 *chan_pwr = triplet->chans.max_power;
1562 country_ie_len -= 3;
1565 if (have_chan_pwr && pwr_constr_elem)
1566 *pwr_reduction = *pwr_constr_elem;
1570 return have_chan_pwr;
1573 static void ieee80211_find_cisco_dtpc(struct ieee80211_sub_if_data *sdata,
1574 struct ieee80211_channel *channel,
1575 const u8 *cisco_dtpc_ie,
1578 /* From practical testing, the first data byte of the DTPC element
1579 * seems to contain the requested dBm level, and the CLI on Cisco
1580 * APs clearly state the range is -127 to 127 dBm, which indicates
1581 * a signed byte, although it seemingly never actually goes negative.
1582 * The other byte seems to always be zero.
1584 *pwr_level = (__s8)cisco_dtpc_ie[4];
1587 static u32 ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata,
1588 struct ieee80211_channel *channel,
1589 struct ieee80211_mgmt *mgmt,
1590 const u8 *country_ie, u8 country_ie_len,
1591 const u8 *pwr_constr_ie,
1592 const u8 *cisco_dtpc_ie)
1594 bool has_80211h_pwr = false, has_cisco_pwr = false;
1595 int chan_pwr = 0, pwr_reduction_80211h = 0;
1596 int pwr_level_cisco, pwr_level_80211h;
1598 __le16 capab = mgmt->u.probe_resp.capab_info;
1601 (capab & cpu_to_le16(WLAN_CAPABILITY_SPECTRUM_MGMT) ||
1602 capab & cpu_to_le16(WLAN_CAPABILITY_RADIO_MEASURE))) {
1603 has_80211h_pwr = ieee80211_find_80211h_pwr_constr(
1604 sdata, channel, country_ie, country_ie_len,
1605 pwr_constr_ie, &chan_pwr, &pwr_reduction_80211h);
1607 max_t(int, 0, chan_pwr - pwr_reduction_80211h);
1610 if (cisco_dtpc_ie) {
1611 ieee80211_find_cisco_dtpc(
1612 sdata, channel, cisco_dtpc_ie, &pwr_level_cisco);
1613 has_cisco_pwr = true;
1616 if (!has_80211h_pwr && !has_cisco_pwr)
1619 /* If we have both 802.11h and Cisco DTPC, apply both limits
1620 * by picking the smallest of the two power levels advertised.
1622 if (has_80211h_pwr &&
1623 (!has_cisco_pwr || pwr_level_80211h <= pwr_level_cisco)) {
1624 new_ap_level = pwr_level_80211h;
1626 if (sdata->ap_power_level == new_ap_level)
1630 "Limiting TX power to %d (%d - %d) dBm as advertised by %pM\n",
1631 pwr_level_80211h, chan_pwr, pwr_reduction_80211h,
1632 sdata->u.mgd.bssid);
1633 } else { /* has_cisco_pwr is always true here. */
1634 new_ap_level = pwr_level_cisco;
1636 if (sdata->ap_power_level == new_ap_level)
1640 "Limiting TX power to %d dBm as advertised by %pM\n",
1641 pwr_level_cisco, sdata->u.mgd.bssid);
1644 sdata->ap_power_level = new_ap_level;
1645 if (__ieee80211_recalc_txpower(sdata))
1646 return BSS_CHANGED_TXPOWER;
1651 static void ieee80211_enable_ps(struct ieee80211_local *local,
1652 struct ieee80211_sub_if_data *sdata)
1654 struct ieee80211_conf *conf = &local->hw.conf;
1657 * If we are scanning right now then the parameters will
1658 * take effect when scan finishes.
1660 if (local->scanning)
1663 if (conf->dynamic_ps_timeout > 0 &&
1664 !ieee80211_hw_check(&local->hw, SUPPORTS_DYNAMIC_PS)) {
1665 mod_timer(&local->dynamic_ps_timer, jiffies +
1666 msecs_to_jiffies(conf->dynamic_ps_timeout));
1668 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK))
1669 ieee80211_send_nullfunc(local, sdata, true);
1671 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) &&
1672 ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
1675 conf->flags |= IEEE80211_CONF_PS;
1676 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1680 static void ieee80211_change_ps(struct ieee80211_local *local)
1682 struct ieee80211_conf *conf = &local->hw.conf;
1684 if (local->ps_sdata) {
1685 ieee80211_enable_ps(local, local->ps_sdata);
1686 } else if (conf->flags & IEEE80211_CONF_PS) {
1687 conf->flags &= ~IEEE80211_CONF_PS;
1688 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1689 del_timer_sync(&local->dynamic_ps_timer);
1690 cancel_work_sync(&local->dynamic_ps_enable_work);
1694 static bool ieee80211_powersave_allowed(struct ieee80211_sub_if_data *sdata)
1696 struct ieee80211_if_managed *mgd = &sdata->u.mgd;
1697 struct sta_info *sta = NULL;
1698 bool authorized = false;
1700 if (!mgd->powersave)
1706 if (!mgd->associated)
1709 if (mgd->flags & IEEE80211_STA_CONNECTION_POLL)
1712 if (!mgd->have_beacon)
1716 sta = sta_info_get(sdata, mgd->bssid);
1718 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED);
1724 /* need to hold RTNL or interface lock */
1725 void ieee80211_recalc_ps(struct ieee80211_local *local)
1727 struct ieee80211_sub_if_data *sdata, *found = NULL;
1731 if (!ieee80211_hw_check(&local->hw, SUPPORTS_PS)) {
1732 local->ps_sdata = NULL;
1736 list_for_each_entry(sdata, &local->interfaces, list) {
1737 if (!ieee80211_sdata_running(sdata))
1739 if (sdata->vif.type == NL80211_IFTYPE_AP) {
1740 /* If an AP vif is found, then disable PS
1741 * by setting the count to zero thereby setting
1747 if (sdata->vif.type != NL80211_IFTYPE_STATION)
1753 if (count == 1 && ieee80211_powersave_allowed(found)) {
1754 u8 dtimper = found->u.mgd.dtim_period;
1756 timeout = local->dynamic_ps_forced_timeout;
1759 local->hw.conf.dynamic_ps_timeout = timeout;
1761 /* If the TIM IE is invalid, pretend the value is 1 */
1765 local->hw.conf.ps_dtim_period = dtimper;
1766 local->ps_sdata = found;
1768 local->ps_sdata = NULL;
1771 ieee80211_change_ps(local);
1774 void ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data *sdata)
1776 bool ps_allowed = ieee80211_powersave_allowed(sdata);
1778 if (sdata->vif.bss_conf.ps != ps_allowed) {
1779 sdata->vif.bss_conf.ps = ps_allowed;
1780 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_PS);
1784 void ieee80211_dynamic_ps_disable_work(struct work_struct *work)
1786 struct ieee80211_local *local =
1787 container_of(work, struct ieee80211_local,
1788 dynamic_ps_disable_work);
1790 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
1791 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
1792 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1795 ieee80211_wake_queues_by_reason(&local->hw,
1796 IEEE80211_MAX_QUEUE_MAP,
1797 IEEE80211_QUEUE_STOP_REASON_PS,
1801 void ieee80211_dynamic_ps_enable_work(struct work_struct *work)
1803 struct ieee80211_local *local =
1804 container_of(work, struct ieee80211_local,
1805 dynamic_ps_enable_work);
1806 struct ieee80211_sub_if_data *sdata = local->ps_sdata;
1807 struct ieee80211_if_managed *ifmgd;
1808 unsigned long flags;
1811 /* can only happen when PS was just disabled anyway */
1815 ifmgd = &sdata->u.mgd;
1817 if (local->hw.conf.flags & IEEE80211_CONF_PS)
1820 if (local->hw.conf.dynamic_ps_timeout > 0) {
1821 /* don't enter PS if TX frames are pending */
1822 if (drv_tx_frames_pending(local)) {
1823 mod_timer(&local->dynamic_ps_timer, jiffies +
1825 local->hw.conf.dynamic_ps_timeout));
1830 * transmission can be stopped by others which leads to
1831 * dynamic_ps_timer expiry. Postpone the ps timer if it
1832 * is not the actual idle state.
1834 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
1835 for (q = 0; q < local->hw.queues; q++) {
1836 if (local->queue_stop_reasons[q]) {
1837 spin_unlock_irqrestore(&local->queue_stop_reason_lock,
1839 mod_timer(&local->dynamic_ps_timer, jiffies +
1841 local->hw.conf.dynamic_ps_timeout));
1845 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
1848 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) &&
1849 !(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) {
1850 if (drv_tx_frames_pending(local)) {
1851 mod_timer(&local->dynamic_ps_timer, jiffies +
1853 local->hw.conf.dynamic_ps_timeout));
1855 ieee80211_send_nullfunc(local, sdata, true);
1856 /* Flush to get the tx status of nullfunc frame */
1857 ieee80211_flush_queues(local, sdata, false);
1861 if (!(ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS) &&
1862 ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK)) ||
1863 (ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) {
1864 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED;
1865 local->hw.conf.flags |= IEEE80211_CONF_PS;
1866 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1870 void ieee80211_dynamic_ps_timer(struct timer_list *t)
1872 struct ieee80211_local *local = from_timer(local, t, dynamic_ps_timer);
1874 ieee80211_queue_work(&local->hw, &local->dynamic_ps_enable_work);
1877 void ieee80211_dfs_cac_timer_work(struct work_struct *work)
1879 struct delayed_work *delayed_work = to_delayed_work(work);
1880 struct ieee80211_sub_if_data *sdata =
1881 container_of(delayed_work, struct ieee80211_sub_if_data,
1882 dfs_cac_timer_work);
1883 struct cfg80211_chan_def chandef = sdata->vif.bss_conf.chandef;
1885 mutex_lock(&sdata->local->mtx);
1886 if (sdata->wdev.cac_started) {
1887 ieee80211_vif_release_channel(sdata);
1888 cfg80211_cac_event(sdata->dev, &chandef,
1889 NL80211_RADAR_CAC_FINISHED,
1892 mutex_unlock(&sdata->local->mtx);
1896 __ieee80211_sta_handle_tspec_ac_params(struct ieee80211_sub_if_data *sdata)
1898 struct ieee80211_local *local = sdata->local;
1899 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1903 if (local->hw.queues < IEEE80211_NUM_ACS)
1906 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
1907 struct ieee80211_sta_tx_tspec *tx_tspec = &ifmgd->tx_tspec[ac];
1909 unsigned long now = jiffies;
1911 if (tx_tspec->action == TX_TSPEC_ACTION_NONE &&
1912 tx_tspec->admitted_time &&
1913 time_after(now, tx_tspec->time_slice_start + HZ)) {
1914 tx_tspec->consumed_tx_time = 0;
1915 tx_tspec->time_slice_start = now;
1917 if (tx_tspec->downgraded)
1919 TX_TSPEC_ACTION_STOP_DOWNGRADE;
1922 switch (tx_tspec->action) {
1923 case TX_TSPEC_ACTION_STOP_DOWNGRADE:
1924 /* take the original parameters */
1925 if (drv_conf_tx(local, sdata, ac, &sdata->tx_conf[ac]))
1927 "failed to set TX queue parameters for queue %d\n",
1929 tx_tspec->action = TX_TSPEC_ACTION_NONE;
1930 tx_tspec->downgraded = false;
1933 case TX_TSPEC_ACTION_DOWNGRADE:
1934 if (time_after(now, tx_tspec->time_slice_start + HZ)) {
1935 tx_tspec->action = TX_TSPEC_ACTION_NONE;
1939 /* downgrade next lower non-ACM AC */
1940 for (non_acm_ac = ac + 1;
1941 non_acm_ac < IEEE80211_NUM_ACS;
1943 if (!(sdata->wmm_acm & BIT(7 - 2 * non_acm_ac)))
1945 /* Usually the loop will result in using BK even if it
1946 * requires admission control, but such a configuration
1947 * makes no sense and we have to transmit somehow - the
1948 * AC selection does the same thing.
1949 * If we started out trying to downgrade from BK, then
1950 * the extra condition here might be needed.
1952 if (non_acm_ac >= IEEE80211_NUM_ACS)
1953 non_acm_ac = IEEE80211_AC_BK;
1954 if (drv_conf_tx(local, sdata, ac,
1955 &sdata->tx_conf[non_acm_ac]))
1957 "failed to set TX queue parameters for queue %d\n",
1959 tx_tspec->action = TX_TSPEC_ACTION_NONE;
1961 schedule_delayed_work(&ifmgd->tx_tspec_wk,
1962 tx_tspec->time_slice_start + HZ - now + 1);
1964 case TX_TSPEC_ACTION_NONE:
1973 void ieee80211_sta_handle_tspec_ac_params(struct ieee80211_sub_if_data *sdata)
1975 if (__ieee80211_sta_handle_tspec_ac_params(sdata))
1976 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_QOS);
1979 static void ieee80211_sta_handle_tspec_ac_params_wk(struct work_struct *work)
1981 struct ieee80211_sub_if_data *sdata;
1983 sdata = container_of(work, struct ieee80211_sub_if_data,
1984 u.mgd.tx_tspec_wk.work);
1985 ieee80211_sta_handle_tspec_ac_params(sdata);
1990 ieee80211_sta_wmm_params(struct ieee80211_local *local,
1991 struct ieee80211_sub_if_data *sdata,
1992 const u8 *wmm_param, size_t wmm_param_len,
1993 const struct ieee80211_mu_edca_param_set *mu_edca)
1995 struct ieee80211_tx_queue_params params[IEEE80211_NUM_ACS];
1996 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1998 int count, mu_edca_count, ac;
2000 u8 uapsd_queues = 0;
2002 if (!local->ops->conf_tx)
2005 if (local->hw.queues < IEEE80211_NUM_ACS)
2011 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1)
2014 if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED)
2015 uapsd_queues = ifmgd->uapsd_queues;
2017 count = wmm_param[6] & 0x0f;
2018 /* -1 is the initial value of ifmgd->mu_edca_last_param_set.
2019 * if mu_edca was preset before and now it disappeared tell
2020 * the driver about it.
2022 mu_edca_count = mu_edca ? mu_edca->mu_qos_info & 0x0f : -1;
2023 if (count == ifmgd->wmm_last_param_set &&
2024 mu_edca_count == ifmgd->mu_edca_last_param_set)
2026 ifmgd->wmm_last_param_set = count;
2027 ifmgd->mu_edca_last_param_set = mu_edca_count;
2029 pos = wmm_param + 8;
2030 left = wmm_param_len - 8;
2032 memset(¶ms, 0, sizeof(params));
2035 for (; left >= 4; left -= 4, pos += 4) {
2036 int aci = (pos[0] >> 5) & 0x03;
2037 int acm = (pos[0] >> 4) & 0x01;
2042 ac = IEEE80211_AC_BK;
2044 sdata->wmm_acm |= BIT(1) | BIT(2); /* BK/- */
2045 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK)
2047 params[ac].mu_edca = !!mu_edca;
2049 params[ac].mu_edca_param_rec = mu_edca->ac_bk;
2052 ac = IEEE80211_AC_VI;
2054 sdata->wmm_acm |= BIT(4) | BIT(5); /* CL/VI */
2055 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI)
2057 params[ac].mu_edca = !!mu_edca;
2059 params[ac].mu_edca_param_rec = mu_edca->ac_vi;
2062 ac = IEEE80211_AC_VO;
2064 sdata->wmm_acm |= BIT(6) | BIT(7); /* VO/NC */
2065 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO)
2067 params[ac].mu_edca = !!mu_edca;
2069 params[ac].mu_edca_param_rec = mu_edca->ac_vo;
2073 ac = IEEE80211_AC_BE;
2075 sdata->wmm_acm |= BIT(0) | BIT(3); /* BE/EE */
2076 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE)
2078 params[ac].mu_edca = !!mu_edca;
2080 params[ac].mu_edca_param_rec = mu_edca->ac_be;
2084 params[ac].aifs = pos[0] & 0x0f;
2086 if (params[ac].aifs < 2) {
2088 "AP has invalid WMM params (AIFSN=%d for ACI %d), will use 2\n",
2089 params[ac].aifs, aci);
2090 params[ac].aifs = 2;
2092 params[ac].cw_max = ecw2cw((pos[1] & 0xf0) >> 4);
2093 params[ac].cw_min = ecw2cw(pos[1] & 0x0f);
2094 params[ac].txop = get_unaligned_le16(pos + 2);
2095 params[ac].acm = acm;
2096 params[ac].uapsd = uapsd;
2098 if (params[ac].cw_min == 0 ||
2099 params[ac].cw_min > params[ac].cw_max) {
2101 "AP has invalid WMM params (CWmin/max=%d/%d for ACI %d), using defaults\n",
2102 params[ac].cw_min, params[ac].cw_max, aci);
2105 ieee80211_regulatory_limit_wmm_params(sdata, ¶ms[ac], ac);
2108 /* WMM specification requires all 4 ACIs. */
2109 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
2110 if (params[ac].cw_min == 0) {
2112 "AP has invalid WMM params (missing AC %d), using defaults\n",
2118 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
2120 "WMM AC=%d acm=%d aifs=%d cWmin=%d cWmax=%d txop=%d uapsd=%d, downgraded=%d\n",
2122 params[ac].aifs, params[ac].cw_min, params[ac].cw_max,
2123 params[ac].txop, params[ac].uapsd,
2124 ifmgd->tx_tspec[ac].downgraded);
2125 sdata->tx_conf[ac] = params[ac];
2126 if (!ifmgd->tx_tspec[ac].downgraded &&
2127 drv_conf_tx(local, sdata, ac, ¶ms[ac]))
2129 "failed to set TX queue parameters for AC %d\n",
2133 /* enable WMM or activate new settings */
2134 sdata->vif.bss_conf.qos = true;
2138 static void __ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata)
2140 lockdep_assert_held(&sdata->local->mtx);
2142 sdata->u.mgd.flags &= ~IEEE80211_STA_CONNECTION_POLL;
2143 ieee80211_run_deferred_scan(sdata->local);
2146 static void ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata)
2148 mutex_lock(&sdata->local->mtx);
2149 __ieee80211_stop_poll(sdata);
2150 mutex_unlock(&sdata->local->mtx);
2153 static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata,
2154 u16 capab, bool erp_valid, u8 erp)
2156 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
2157 struct ieee80211_supported_band *sband;
2159 bool use_protection;
2160 bool use_short_preamble;
2161 bool use_short_slot;
2163 sband = ieee80211_get_sband(sdata);
2168 use_protection = (erp & WLAN_ERP_USE_PROTECTION) != 0;
2169 use_short_preamble = (erp & WLAN_ERP_BARKER_PREAMBLE) == 0;
2171 use_protection = false;
2172 use_short_preamble = !!(capab & WLAN_CAPABILITY_SHORT_PREAMBLE);
2175 use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME);
2176 if (sband->band == NL80211_BAND_5GHZ ||
2177 sband->band == NL80211_BAND_6GHZ)
2178 use_short_slot = true;
2180 if (use_protection != bss_conf->use_cts_prot) {
2181 bss_conf->use_cts_prot = use_protection;
2182 changed |= BSS_CHANGED_ERP_CTS_PROT;
2185 if (use_short_preamble != bss_conf->use_short_preamble) {
2186 bss_conf->use_short_preamble = use_short_preamble;
2187 changed |= BSS_CHANGED_ERP_PREAMBLE;
2190 if (use_short_slot != bss_conf->use_short_slot) {
2191 bss_conf->use_short_slot = use_short_slot;
2192 changed |= BSS_CHANGED_ERP_SLOT;
2198 static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
2199 struct cfg80211_bss *cbss,
2200 u32 bss_info_changed)
2202 struct ieee80211_bss *bss = (void *)cbss->priv;
2203 struct ieee80211_local *local = sdata->local;
2204 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
2206 bss_info_changed |= BSS_CHANGED_ASSOC;
2207 bss_info_changed |= ieee80211_handle_bss_capability(sdata,
2208 bss_conf->assoc_capability, bss->has_erp_value, bss->erp_value);
2210 sdata->u.mgd.beacon_timeout = usecs_to_jiffies(ieee80211_tu_to_usec(
2211 beacon_loss_count * bss_conf->beacon_int));
2213 sdata->u.mgd.associated = cbss;
2214 memcpy(sdata->u.mgd.bssid, cbss->bssid, ETH_ALEN);
2216 ieee80211_check_rate_mask(sdata);
2218 sdata->u.mgd.flags |= IEEE80211_STA_RESET_SIGNAL_AVE;
2220 if (sdata->vif.p2p ||
2221 sdata->vif.driver_flags & IEEE80211_VIF_GET_NOA_UPDATE) {
2222 const struct cfg80211_bss_ies *ies;
2225 ies = rcu_dereference(cbss->ies);
2229 ret = cfg80211_get_p2p_attr(
2230 ies->data, ies->len,
2231 IEEE80211_P2P_ATTR_ABSENCE_NOTICE,
2232 (u8 *) &bss_conf->p2p_noa_attr,
2233 sizeof(bss_conf->p2p_noa_attr));
2235 sdata->u.mgd.p2p_noa_index =
2236 bss_conf->p2p_noa_attr.index;
2237 bss_info_changed |= BSS_CHANGED_P2P_PS;
2243 /* just to be sure */
2244 ieee80211_stop_poll(sdata);
2246 ieee80211_led_assoc(local, 1);
2248 if (sdata->u.mgd.have_beacon) {
2250 * If the AP is buggy we may get here with no DTIM period
2251 * known, so assume it's 1 which is the only safe assumption
2252 * in that case, although if the TIM IE is broken powersave
2253 * probably just won't work at all.
2255 bss_conf->dtim_period = sdata->u.mgd.dtim_period ?: 1;
2256 bss_conf->beacon_rate = bss->beacon_rate;
2257 bss_info_changed |= BSS_CHANGED_BEACON_INFO;
2259 bss_conf->beacon_rate = NULL;
2260 bss_conf->dtim_period = 0;
2263 bss_conf->assoc = 1;
2265 /* Tell the driver to monitor connection quality (if supported) */
2266 if (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI &&
2267 bss_conf->cqm_rssi_thold)
2268 bss_info_changed |= BSS_CHANGED_CQM;
2270 /* Enable ARP filtering */
2271 if (bss_conf->arp_addr_cnt)
2272 bss_info_changed |= BSS_CHANGED_ARP_FILTER;
2274 ieee80211_bss_info_change_notify(sdata, bss_info_changed);
2276 mutex_lock(&local->iflist_mtx);
2277 ieee80211_recalc_ps(local);
2278 mutex_unlock(&local->iflist_mtx);
2280 ieee80211_recalc_smps(sdata);
2281 ieee80211_recalc_ps_vif(sdata);
2283 netif_carrier_on(sdata->dev);
2286 static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
2287 u16 stype, u16 reason, bool tx,
2290 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2291 struct ieee80211_local *local = sdata->local;
2294 sdata_assert_lock(sdata);
2296 if (WARN_ON_ONCE(tx && !frame_buf))
2299 if (WARN_ON(!ifmgd->associated))
2302 ieee80211_stop_poll(sdata);
2304 ifmgd->associated = NULL;
2305 netif_carrier_off(sdata->dev);
2308 * if we want to get out of ps before disassoc (why?) we have
2309 * to do it before sending disassoc, as otherwise the null-packet
2312 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
2313 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
2314 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
2316 local->ps_sdata = NULL;
2318 /* disable per-vif ps */
2319 ieee80211_recalc_ps_vif(sdata);
2321 /* make sure ongoing transmission finishes */
2325 * drop any frame before deauth/disassoc, this can be data or
2326 * management frame. Since we are disconnecting, we should not
2327 * insist sending these frames which can take time and delay
2328 * the disconnection and possible the roaming.
2331 ieee80211_flush_queues(local, sdata, true);
2333 /* deauthenticate/disassociate now */
2334 if (tx || frame_buf) {
2336 * In multi channel scenarios guarantee that the virtual
2337 * interface is granted immediate airtime to transmit the
2338 * deauthentication frame by calling mgd_prepare_tx, if the
2339 * driver requested so.
2341 if (ieee80211_hw_check(&local->hw, DEAUTH_NEED_MGD_TX_PREP) &&
2342 !ifmgd->have_beacon)
2343 drv_mgd_prepare_tx(sdata->local, sdata, 0);
2345 ieee80211_send_deauth_disassoc(sdata, ifmgd->bssid,
2346 ifmgd->bssid, stype, reason,
2350 /* flush out frame - make sure the deauth was actually sent */
2352 ieee80211_flush_queues(local, sdata, false);
2354 /* clear bssid only after building the needed mgmt frames */
2355 eth_zero_addr(ifmgd->bssid);
2357 /* remove AP and TDLS peers */
2358 sta_info_flush(sdata);
2360 /* finally reset all BSS / config parameters */
2361 changed |= ieee80211_reset_erp_info(sdata);
2363 ieee80211_led_assoc(local, 0);
2364 changed |= BSS_CHANGED_ASSOC;
2365 sdata->vif.bss_conf.assoc = false;
2367 ifmgd->p2p_noa_index = -1;
2368 memset(&sdata->vif.bss_conf.p2p_noa_attr, 0,
2369 sizeof(sdata->vif.bss_conf.p2p_noa_attr));
2371 /* on the next assoc, re-program HT/VHT parameters */
2372 memset(&ifmgd->ht_capa, 0, sizeof(ifmgd->ht_capa));
2373 memset(&ifmgd->ht_capa_mask, 0, sizeof(ifmgd->ht_capa_mask));
2374 memset(&ifmgd->vht_capa, 0, sizeof(ifmgd->vht_capa));
2375 memset(&ifmgd->vht_capa_mask, 0, sizeof(ifmgd->vht_capa_mask));
2377 /* reset MU-MIMO ownership and group data */
2378 memset(sdata->vif.bss_conf.mu_group.membership, 0,
2379 sizeof(sdata->vif.bss_conf.mu_group.membership));
2380 memset(sdata->vif.bss_conf.mu_group.position, 0,
2381 sizeof(sdata->vif.bss_conf.mu_group.position));
2382 changed |= BSS_CHANGED_MU_GROUPS;
2383 sdata->vif.mu_mimo_owner = false;
2385 sdata->ap_power_level = IEEE80211_UNSET_POWER_LEVEL;
2387 del_timer_sync(&local->dynamic_ps_timer);
2388 cancel_work_sync(&local->dynamic_ps_enable_work);
2390 /* Disable ARP filtering */
2391 if (sdata->vif.bss_conf.arp_addr_cnt)
2392 changed |= BSS_CHANGED_ARP_FILTER;
2394 sdata->vif.bss_conf.qos = false;
2395 changed |= BSS_CHANGED_QOS;
2397 /* The BSSID (not really interesting) and HT changed */
2398 changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT;
2399 ieee80211_bss_info_change_notify(sdata, changed);
2401 /* disassociated - set to defaults now */
2402 ieee80211_set_wmm_default(sdata, false, false);
2404 del_timer_sync(&sdata->u.mgd.conn_mon_timer);
2405 del_timer_sync(&sdata->u.mgd.bcn_mon_timer);
2406 del_timer_sync(&sdata->u.mgd.timer);
2407 del_timer_sync(&sdata->u.mgd.chswitch_timer);
2409 sdata->vif.bss_conf.dtim_period = 0;
2410 sdata->vif.bss_conf.beacon_rate = NULL;
2412 ifmgd->have_beacon = false;
2415 mutex_lock(&local->mtx);
2416 ieee80211_vif_release_channel(sdata);
2418 sdata->vif.csa_active = false;
2419 ifmgd->csa_waiting_bcn = false;
2420 ifmgd->csa_ignored_same_chan = false;
2421 if (sdata->csa_block_tx) {
2422 ieee80211_wake_vif_queues(local, sdata,
2423 IEEE80211_QUEUE_STOP_REASON_CSA);
2424 sdata->csa_block_tx = false;
2426 mutex_unlock(&local->mtx);
2428 /* existing TX TSPEC sessions no longer exist */
2429 memset(ifmgd->tx_tspec, 0, sizeof(ifmgd->tx_tspec));
2430 cancel_delayed_work_sync(&ifmgd->tx_tspec_wk);
2432 sdata->encrypt_headroom = IEEE80211_ENCRYPT_HEADROOM;
2435 void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata,
2436 struct ieee80211_hdr *hdr)
2439 * We can postpone the mgd.timer whenever receiving unicast frames
2440 * from AP because we know that the connection is working both ways
2441 * at that time. But multicast frames (and hence also beacons) must
2442 * be ignored here, because we need to trigger the timer during
2443 * data idle periods for sending the periodic probe request to the
2444 * AP we're connected to.
2446 if (is_multicast_ether_addr(hdr->addr1))
2449 ieee80211_sta_reset_conn_monitor(sdata);
2452 static void ieee80211_reset_ap_probe(struct ieee80211_sub_if_data *sdata)
2454 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2455 struct ieee80211_local *local = sdata->local;
2457 mutex_lock(&local->mtx);
2458 if (!(ifmgd->flags & IEEE80211_STA_CONNECTION_POLL))
2461 __ieee80211_stop_poll(sdata);
2463 mutex_lock(&local->iflist_mtx);
2464 ieee80211_recalc_ps(local);
2465 mutex_unlock(&local->iflist_mtx);
2467 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
2471 * We've received a probe response, but are not sure whether
2472 * we have or will be receiving any beacons or data, so let's
2473 * schedule the timers again, just in case.
2475 ieee80211_sta_reset_beacon_monitor(sdata);
2477 mod_timer(&ifmgd->conn_mon_timer,
2478 round_jiffies_up(jiffies +
2479 IEEE80211_CONNECTION_IDLE_TIME));
2481 mutex_unlock(&local->mtx);
2484 static void ieee80211_sta_tx_wmm_ac_notify(struct ieee80211_sub_if_data *sdata,
2485 struct ieee80211_hdr *hdr,
2488 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2489 u16 tid = ieee80211_get_tid(hdr);
2490 int ac = ieee80211_ac_from_tid(tid);
2491 struct ieee80211_sta_tx_tspec *tx_tspec = &ifmgd->tx_tspec[ac];
2492 unsigned long now = jiffies;
2494 if (likely(!tx_tspec->admitted_time))
2497 if (time_after(now, tx_tspec->time_slice_start + HZ)) {
2498 tx_tspec->consumed_tx_time = 0;
2499 tx_tspec->time_slice_start = now;
2501 if (tx_tspec->downgraded) {
2502 tx_tspec->action = TX_TSPEC_ACTION_STOP_DOWNGRADE;
2503 schedule_delayed_work(&ifmgd->tx_tspec_wk, 0);
2507 if (tx_tspec->downgraded)
2510 tx_tspec->consumed_tx_time += tx_time;
2512 if (tx_tspec->consumed_tx_time >= tx_tspec->admitted_time) {
2513 tx_tspec->downgraded = true;
2514 tx_tspec->action = TX_TSPEC_ACTION_DOWNGRADE;
2515 schedule_delayed_work(&ifmgd->tx_tspec_wk, 0);
2519 void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata,
2520 struct ieee80211_hdr *hdr, bool ack, u16 tx_time)
2522 ieee80211_sta_tx_wmm_ac_notify(sdata, hdr, tx_time);
2524 if (!ieee80211_is_data(hdr->frame_control))
2527 if (ieee80211_is_any_nullfunc(hdr->frame_control) &&
2528 sdata->u.mgd.probe_send_count > 0) {
2530 ieee80211_sta_reset_conn_monitor(sdata);
2532 sdata->u.mgd.nullfunc_failed = true;
2533 ieee80211_queue_work(&sdata->local->hw, &sdata->work);
2538 ieee80211_sta_reset_conn_monitor(sdata);
2541 static void ieee80211_mlme_send_probe_req(struct ieee80211_sub_if_data *sdata,
2542 const u8 *src, const u8 *dst,
2543 const u8 *ssid, size_t ssid_len,
2544 struct ieee80211_channel *channel)
2546 struct sk_buff *skb;
2548 skb = ieee80211_build_probe_req(sdata, src, dst, (u32)-1, channel,
2549 ssid, ssid_len, NULL, 0,
2550 IEEE80211_PROBE_FLAG_DIRECTED);
2552 ieee80211_tx_skb(sdata, skb);
2555 static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata)
2557 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2559 u8 *dst = ifmgd->associated->bssid;
2560 u8 unicast_limit = max(1, max_probe_tries - 3);
2561 struct sta_info *sta;
2564 * Try sending broadcast probe requests for the last three
2565 * probe requests after the first ones failed since some
2566 * buggy APs only support broadcast probe requests.
2568 if (ifmgd->probe_send_count >= unicast_limit)
2572 * When the hardware reports an accurate Tx ACK status, it's
2573 * better to send a nullfunc frame instead of a probe request,
2574 * as it will kick us off the AP quickly if we aren't associated
2575 * anymore. The timeout will be reset if the frame is ACKed by
2578 ifmgd->probe_send_count++;
2581 mutex_lock(&sdata->local->sta_mtx);
2582 sta = sta_info_get(sdata, dst);
2584 ieee80211_check_fast_rx(sta);
2585 mutex_unlock(&sdata->local->sta_mtx);
2588 if (ieee80211_hw_check(&sdata->local->hw, REPORTS_TX_ACK_STATUS)) {
2589 ifmgd->nullfunc_failed = false;
2590 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HE))
2591 ifmgd->probe_send_count--;
2593 ieee80211_send_nullfunc(sdata->local, sdata, false);
2598 ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID);
2599 if (WARN_ON_ONCE(ssid == NULL))
2604 ieee80211_mlme_send_probe_req(sdata, sdata->vif.addr, dst,
2606 ifmgd->associated->channel);
2610 ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms);
2611 run_again(sdata, ifmgd->probe_timeout);
2614 static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata,
2617 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2618 bool already = false;
2620 if (!ieee80211_sdata_running(sdata))
2625 if (!ifmgd->associated)
2628 mutex_lock(&sdata->local->mtx);
2630 if (sdata->local->tmp_channel || sdata->local->scanning) {
2631 mutex_unlock(&sdata->local->mtx);
2636 mlme_dbg_ratelimited(sdata,
2637 "detected beacon loss from AP (missed %d beacons) - probing\n",
2640 ieee80211_cqm_beacon_loss_notify(&sdata->vif, GFP_KERNEL);
2644 * The driver/our work has already reported this event or the
2645 * connection monitoring has kicked in and we have already sent
2646 * a probe request. Or maybe the AP died and the driver keeps
2647 * reporting until we disassociate...
2649 * In either case we have to ignore the current call to this
2650 * function (except for setting the correct probe reason bit)
2651 * because otherwise we would reset the timer every time and
2652 * never check whether we received a probe response!
2654 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL)
2657 ifmgd->flags |= IEEE80211_STA_CONNECTION_POLL;
2659 mutex_unlock(&sdata->local->mtx);
2664 mutex_lock(&sdata->local->iflist_mtx);
2665 ieee80211_recalc_ps(sdata->local);
2666 mutex_unlock(&sdata->local->iflist_mtx);
2668 ifmgd->probe_send_count = 0;
2669 ieee80211_mgd_probe_ap_send(sdata);
2671 sdata_unlock(sdata);
2674 struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw,
2675 struct ieee80211_vif *vif)
2677 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2678 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2679 struct cfg80211_bss *cbss;
2680 struct sk_buff *skb;
2684 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
2687 sdata_assert_lock(sdata);
2689 if (ifmgd->associated)
2690 cbss = ifmgd->associated;
2691 else if (ifmgd->auth_data)
2692 cbss = ifmgd->auth_data->bss;
2693 else if (ifmgd->assoc_data)
2694 cbss = ifmgd->assoc_data->bss;
2699 ssid = ieee80211_bss_get_ie(cbss, WLAN_EID_SSID);
2700 if (WARN_ONCE(!ssid || ssid[1] > IEEE80211_MAX_SSID_LEN,
2701 "invalid SSID element (len=%d)", ssid ? ssid[1] : -1))
2706 skb = ieee80211_build_probe_req(sdata, sdata->vif.addr, cbss->bssid,
2707 (u32) -1, cbss->channel,
2709 NULL, 0, IEEE80211_PROBE_FLAG_DIRECTED);
2714 EXPORT_SYMBOL(ieee80211_ap_probereq_get);
2716 static void ieee80211_report_disconnect(struct ieee80211_sub_if_data *sdata,
2717 const u8 *buf, size_t len, bool tx,
2720 struct ieee80211_event event = {
2722 .u.mlme.data = tx ? DEAUTH_TX_EVENT : DEAUTH_RX_EVENT,
2723 .u.mlme.reason = reason,
2727 cfg80211_tx_mlme_mgmt(sdata->dev, buf, len);
2729 cfg80211_rx_mlme_mgmt(sdata->dev, buf, len);
2731 drv_event_callback(sdata->local, sdata, &event);
2734 static void __ieee80211_disconnect(struct ieee80211_sub_if_data *sdata)
2736 struct ieee80211_local *local = sdata->local;
2737 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2738 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
2742 if (!ifmgd->associated) {
2743 sdata_unlock(sdata);
2747 tx = !sdata->csa_block_tx;
2749 /* AP is probably out of range (or not reachable for another reason) so
2750 * remove the bss struct for that AP.
2752 cfg80211_unlink_bss(local->hw.wiphy, ifmgd->associated);
2754 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
2755 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
2757 mutex_lock(&local->mtx);
2758 sdata->vif.csa_active = false;
2759 ifmgd->csa_waiting_bcn = false;
2760 if (sdata->csa_block_tx) {
2761 ieee80211_wake_vif_queues(local, sdata,
2762 IEEE80211_QUEUE_STOP_REASON_CSA);
2763 sdata->csa_block_tx = false;
2765 mutex_unlock(&local->mtx);
2767 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), tx,
2768 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY);
2770 sdata_unlock(sdata);
2773 static void ieee80211_beacon_connection_loss_work(struct work_struct *work)
2775 struct ieee80211_sub_if_data *sdata =
2776 container_of(work, struct ieee80211_sub_if_data,
2777 u.mgd.beacon_connection_loss_work);
2778 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2780 if (ifmgd->associated)
2781 ifmgd->beacon_loss_count++;
2783 if (ifmgd->connection_loss) {
2784 sdata_info(sdata, "Connection to AP %pM lost\n",
2786 __ieee80211_disconnect(sdata);
2788 ieee80211_mgd_probe_ap(sdata, true);
2792 static void ieee80211_csa_connection_drop_work(struct work_struct *work)
2794 struct ieee80211_sub_if_data *sdata =
2795 container_of(work, struct ieee80211_sub_if_data,
2796 u.mgd.csa_connection_drop_work);
2798 __ieee80211_disconnect(sdata);
2801 void ieee80211_beacon_loss(struct ieee80211_vif *vif)
2803 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2804 struct ieee80211_hw *hw = &sdata->local->hw;
2806 trace_api_beacon_loss(sdata);
2808 sdata->u.mgd.connection_loss = false;
2809 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work);
2811 EXPORT_SYMBOL(ieee80211_beacon_loss);
2813 void ieee80211_connection_loss(struct ieee80211_vif *vif)
2815 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2816 struct ieee80211_hw *hw = &sdata->local->hw;
2818 trace_api_connection_loss(sdata);
2820 sdata->u.mgd.connection_loss = true;
2821 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work);
2823 EXPORT_SYMBOL(ieee80211_connection_loss);
2826 static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata,
2829 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data;
2831 sdata_assert_lock(sdata);
2835 * we are not authenticated yet, the only timer that could be
2836 * running is the timeout for the authentication response which
2837 * which is not relevant anymore.
2839 del_timer_sync(&sdata->u.mgd.timer);
2840 sta_info_destroy_addr(sdata, auth_data->bss->bssid);
2842 eth_zero_addr(sdata->u.mgd.bssid);
2843 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
2844 sdata->u.mgd.flags = 0;
2845 mutex_lock(&sdata->local->mtx);
2846 ieee80211_vif_release_channel(sdata);
2847 mutex_unlock(&sdata->local->mtx);
2850 cfg80211_put_bss(sdata->local->hw.wiphy, auth_data->bss);
2852 sdata->u.mgd.auth_data = NULL;
2855 static void ieee80211_destroy_assoc_data(struct ieee80211_sub_if_data *sdata,
2856 bool assoc, bool abandon)
2858 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data;
2860 sdata_assert_lock(sdata);
2864 * we are not associated yet, the only timer that could be
2865 * running is the timeout for the association response which
2866 * which is not relevant anymore.
2868 del_timer_sync(&sdata->u.mgd.timer);
2869 sta_info_destroy_addr(sdata, assoc_data->bss->bssid);
2871 eth_zero_addr(sdata->u.mgd.bssid);
2872 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
2873 sdata->u.mgd.flags = 0;
2874 sdata->vif.mu_mimo_owner = false;
2876 mutex_lock(&sdata->local->mtx);
2877 ieee80211_vif_release_channel(sdata);
2878 mutex_unlock(&sdata->local->mtx);
2881 cfg80211_abandon_assoc(sdata->dev, assoc_data->bss);
2885 sdata->u.mgd.assoc_data = NULL;
2888 static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata,
2889 struct ieee80211_mgmt *mgmt, size_t len)
2891 struct ieee80211_local *local = sdata->local;
2892 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data;
2894 struct ieee802_11_elems elems;
2897 pos = mgmt->u.auth.variable;
2898 ieee802_11_parse_elems(pos, len - (pos - (u8 *)mgmt), false, &elems,
2899 mgmt->bssid, auth_data->bss->bssid);
2900 if (!elems.challenge)
2902 auth_data->expected_transaction = 4;
2903 drv_mgd_prepare_tx(sdata->local, sdata, 0);
2904 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
2905 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
2906 IEEE80211_TX_INTFL_MLME_CONN_TX;
2907 ieee80211_send_auth(sdata, 3, auth_data->algorithm, 0,
2908 elems.challenge - 2, elems.challenge_len + 2,
2909 auth_data->bss->bssid, auth_data->bss->bssid,
2910 auth_data->key, auth_data->key_len,
2911 auth_data->key_idx, tx_flags);
2914 static bool ieee80211_mark_sta_auth(struct ieee80211_sub_if_data *sdata,
2917 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2918 struct sta_info *sta;
2921 sdata_info(sdata, "authenticated\n");
2922 ifmgd->auth_data->done = true;
2923 ifmgd->auth_data->timeout = jiffies + IEEE80211_AUTH_WAIT_ASSOC;
2924 ifmgd->auth_data->timeout_started = true;
2925 run_again(sdata, ifmgd->auth_data->timeout);
2927 /* move station state to auth */
2928 mutex_lock(&sdata->local->sta_mtx);
2929 sta = sta_info_get(sdata, bssid);
2931 WARN_ONCE(1, "%s: STA %pM not found", sdata->name, bssid);
2935 if (sta_info_move_state(sta, IEEE80211_STA_AUTH)) {
2936 sdata_info(sdata, "failed moving %pM to auth\n", bssid);
2942 mutex_unlock(&sdata->local->sta_mtx);
2946 static void ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata,
2947 struct ieee80211_mgmt *mgmt, size_t len)
2949 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2951 u16 auth_alg, auth_transaction, status_code;
2952 struct ieee80211_event event = {
2954 .u.mlme.data = AUTH_EVENT,
2957 sdata_assert_lock(sdata);
2962 if (!ifmgd->auth_data || ifmgd->auth_data->done)
2965 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN);
2967 if (!ether_addr_equal(bssid, mgmt->bssid))
2970 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
2971 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
2972 status_code = le16_to_cpu(mgmt->u.auth.status_code);
2974 if (auth_alg != ifmgd->auth_data->algorithm ||
2975 (auth_alg != WLAN_AUTH_SAE &&
2976 auth_transaction != ifmgd->auth_data->expected_transaction) ||
2977 (auth_alg == WLAN_AUTH_SAE &&
2978 (auth_transaction < ifmgd->auth_data->expected_transaction ||
2979 auth_transaction > 2))) {
2980 sdata_info(sdata, "%pM unexpected authentication state: alg %d (expected %d) transact %d (expected %d)\n",
2981 mgmt->sa, auth_alg, ifmgd->auth_data->algorithm,
2983 ifmgd->auth_data->expected_transaction);
2987 if (status_code != WLAN_STATUS_SUCCESS) {
2988 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
2990 if (auth_alg == WLAN_AUTH_SAE &&
2991 (status_code == WLAN_STATUS_ANTI_CLOG_REQUIRED ||
2992 (auth_transaction == 1 &&
2993 (status_code == WLAN_STATUS_SAE_HASH_TO_ELEMENT ||
2994 status_code == WLAN_STATUS_SAE_PK))))
2997 sdata_info(sdata, "%pM denied authentication (status %d)\n",
2998 mgmt->sa, status_code);
2999 ieee80211_destroy_auth_data(sdata, false);
3000 event.u.mlme.status = MLME_DENIED;
3001 event.u.mlme.reason = status_code;
3002 drv_event_callback(sdata->local, sdata, &event);
3006 switch (ifmgd->auth_data->algorithm) {
3007 case WLAN_AUTH_OPEN:
3008 case WLAN_AUTH_LEAP:
3011 case WLAN_AUTH_FILS_SK:
3012 case WLAN_AUTH_FILS_SK_PFS:
3013 case WLAN_AUTH_FILS_PK:
3015 case WLAN_AUTH_SHARED_KEY:
3016 if (ifmgd->auth_data->expected_transaction != 4) {
3017 ieee80211_auth_challenge(sdata, mgmt, len);
3018 /* need another frame */
3023 WARN_ONCE(1, "invalid auth alg %d",
3024 ifmgd->auth_data->algorithm);
3028 event.u.mlme.status = MLME_SUCCESS;
3029 drv_event_callback(sdata->local, sdata, &event);
3030 if (ifmgd->auth_data->algorithm != WLAN_AUTH_SAE ||
3031 (auth_transaction == 2 &&
3032 ifmgd->auth_data->expected_transaction == 2)) {
3033 if (!ieee80211_mark_sta_auth(sdata, bssid))
3034 return; /* ignore frame -- wait for timeout */
3035 } else if (ifmgd->auth_data->algorithm == WLAN_AUTH_SAE &&
3036 auth_transaction == 2) {
3037 sdata_info(sdata, "SAE peer confirmed\n");
3038 ifmgd->auth_data->peer_confirmed = true;
3041 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
3044 #define case_WLAN(type) \
3045 case WLAN_REASON_##type: return #type
3047 const char *ieee80211_get_reason_code_string(u16 reason_code)
3049 switch (reason_code) {
3050 case_WLAN(UNSPECIFIED);
3051 case_WLAN(PREV_AUTH_NOT_VALID);
3052 case_WLAN(DEAUTH_LEAVING);
3053 case_WLAN(DISASSOC_DUE_TO_INACTIVITY);
3054 case_WLAN(DISASSOC_AP_BUSY);
3055 case_WLAN(CLASS2_FRAME_FROM_NONAUTH_STA);
3056 case_WLAN(CLASS3_FRAME_FROM_NONASSOC_STA);
3057 case_WLAN(DISASSOC_STA_HAS_LEFT);
3058 case_WLAN(STA_REQ_ASSOC_WITHOUT_AUTH);
3059 case_WLAN(DISASSOC_BAD_POWER);
3060 case_WLAN(DISASSOC_BAD_SUPP_CHAN);
3061 case_WLAN(INVALID_IE);
3062 case_WLAN(MIC_FAILURE);
3063 case_WLAN(4WAY_HANDSHAKE_TIMEOUT);
3064 case_WLAN(GROUP_KEY_HANDSHAKE_TIMEOUT);
3065 case_WLAN(IE_DIFFERENT);
3066 case_WLAN(INVALID_GROUP_CIPHER);
3067 case_WLAN(INVALID_PAIRWISE_CIPHER);
3068 case_WLAN(INVALID_AKMP);
3069 case_WLAN(UNSUPP_RSN_VERSION);
3070 case_WLAN(INVALID_RSN_IE_CAP);
3071 case_WLAN(IEEE8021X_FAILED);
3072 case_WLAN(CIPHER_SUITE_REJECTED);
3073 case_WLAN(DISASSOC_UNSPECIFIED_QOS);
3074 case_WLAN(DISASSOC_QAP_NO_BANDWIDTH);
3075 case_WLAN(DISASSOC_LOW_ACK);
3076 case_WLAN(DISASSOC_QAP_EXCEED_TXOP);
3077 case_WLAN(QSTA_LEAVE_QBSS);
3078 case_WLAN(QSTA_NOT_USE);
3079 case_WLAN(QSTA_REQUIRE_SETUP);
3080 case_WLAN(QSTA_TIMEOUT);
3081 case_WLAN(QSTA_CIPHER_NOT_SUPP);
3082 case_WLAN(MESH_PEER_CANCELED);
3083 case_WLAN(MESH_MAX_PEERS);
3084 case_WLAN(MESH_CONFIG);
3085 case_WLAN(MESH_CLOSE);
3086 case_WLAN(MESH_MAX_RETRIES);
3087 case_WLAN(MESH_CONFIRM_TIMEOUT);
3088 case_WLAN(MESH_INVALID_GTK);
3089 case_WLAN(MESH_INCONSISTENT_PARAM);
3090 case_WLAN(MESH_INVALID_SECURITY);
3091 case_WLAN(MESH_PATH_ERROR);
3092 case_WLAN(MESH_PATH_NOFORWARD);
3093 case_WLAN(MESH_PATH_DEST_UNREACHABLE);
3094 case_WLAN(MAC_EXISTS_IN_MBSS);
3095 case_WLAN(MESH_CHAN_REGULATORY);
3096 case_WLAN(MESH_CHAN);
3097 default: return "<unknown>";
3101 static void ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata,
3102 struct ieee80211_mgmt *mgmt, size_t len)
3104 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3105 u16 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
3107 sdata_assert_lock(sdata);
3112 if (!ether_addr_equal(mgmt->bssid, mgmt->sa)) {
3113 ieee80211_tdls_handle_disconnect(sdata, mgmt->sa, reason_code);
3117 if (ifmgd->associated &&
3118 ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) {
3119 const u8 *bssid = ifmgd->associated->bssid;
3121 sdata_info(sdata, "deauthenticated from %pM (Reason: %u=%s)\n",
3123 ieee80211_get_reason_code_string(reason_code));
3125 ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
3127 ieee80211_report_disconnect(sdata, (u8 *)mgmt, len, false,
3132 if (ifmgd->assoc_data &&
3133 ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->bss->bssid)) {
3134 const u8 *bssid = ifmgd->assoc_data->bss->bssid;
3137 "deauthenticated from %pM while associating (Reason: %u=%s)\n",
3139 ieee80211_get_reason_code_string(reason_code));
3141 ieee80211_destroy_assoc_data(sdata, false, true);
3143 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
3149 static void ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata,
3150 struct ieee80211_mgmt *mgmt, size_t len)
3152 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3155 sdata_assert_lock(sdata);
3160 if (!ifmgd->associated ||
3161 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid))
3164 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
3166 if (!ether_addr_equal(mgmt->bssid, mgmt->sa)) {
3167 ieee80211_tdls_handle_disconnect(sdata, mgmt->sa, reason_code);
3171 sdata_info(sdata, "disassociated from %pM (Reason: %u=%s)\n",
3172 mgmt->sa, reason_code,
3173 ieee80211_get_reason_code_string(reason_code));
3175 ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
3177 ieee80211_report_disconnect(sdata, (u8 *)mgmt, len, false, reason_code);
3180 static void ieee80211_get_rates(struct ieee80211_supported_band *sband,
3181 u8 *supp_rates, unsigned int supp_rates_len,
3182 u32 *rates, u32 *basic_rates,
3183 bool *have_higher_than_11mbit,
3184 int *min_rate, int *min_rate_index,
3189 for (i = 0; i < supp_rates_len; i++) {
3190 int rate = supp_rates[i] & 0x7f;
3191 bool is_basic = !!(supp_rates[i] & 0x80);
3193 if ((rate * 5 * (1 << shift)) > 110)
3194 *have_higher_than_11mbit = true;
3197 * Skip HT, VHT and HE BSS membership selectors since they're
3200 * Note: Even though the membership selector and the basic
3201 * rate flag share the same bit, they are not exactly
3204 if (supp_rates[i] == (0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY) ||
3205 supp_rates[i] == (0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY) ||
3206 supp_rates[i] == (0x80 | BSS_MEMBERSHIP_SELECTOR_HE_PHY))
3209 for (j = 0; j < sband->n_bitrates; j++) {
3210 struct ieee80211_rate *br;
3213 br = &sband->bitrates[j];
3215 brate = DIV_ROUND_UP(br->bitrate, (1 << shift) * 5);
3216 if (brate == rate) {
3219 *basic_rates |= BIT(j);
3220 if ((rate * 5) < *min_rate) {
3221 *min_rate = rate * 5;
3222 *min_rate_index = j;
3230 static bool ieee80211_twt_req_supported(const struct sta_info *sta,
3231 const struct ieee802_11_elems *elems)
3233 if (elems->ext_capab_len < 10)
3236 if (!(elems->ext_capab[9] & WLAN_EXT_CAPA10_TWT_RESPONDER_SUPPORT))
3239 return sta->sta.he_cap.he_cap_elem.mac_cap_info[0] &
3240 IEEE80211_HE_MAC_CAP0_TWT_RES;
3243 static int ieee80211_recalc_twt_req(struct ieee80211_sub_if_data *sdata,
3244 struct sta_info *sta,
3245 struct ieee802_11_elems *elems)
3247 bool twt = ieee80211_twt_req_supported(sta, elems);
3249 if (sdata->vif.bss_conf.twt_requester != twt) {
3250 sdata->vif.bss_conf.twt_requester = twt;
3251 return BSS_CHANGED_TWT;
3256 static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata,
3257 struct cfg80211_bss *cbss,
3258 struct ieee80211_mgmt *mgmt, size_t len,
3259 struct ieee802_11_elems *elems)
3261 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3262 struct ieee80211_local *local = sdata->local;
3263 struct ieee80211_supported_band *sband;
3264 struct sta_info *sta;
3265 u16 capab_info, aid;
3266 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
3267 const struct cfg80211_bss_ies *bss_ies = NULL;
3268 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
3269 bool is_6ghz = cbss->channel->band == NL80211_BAND_6GHZ;
3274 /* AssocResp and ReassocResp have identical structure */
3276 aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
3277 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
3280 * The 5 MSB of the AID field are reserved
3281 * (802.11-2016 9.4.1.8 AID field)
3285 ifmgd->broken_ap = false;
3287 if (aid == 0 || aid > IEEE80211_MAX_AID) {
3288 sdata_info(sdata, "invalid AID value %d (out of range), turn off PS\n",
3291 ifmgd->broken_ap = true;
3294 if (!elems->supp_rates) {
3295 sdata_info(sdata, "no SuppRates element in AssocResp\n");
3299 sdata->vif.bss_conf.aid = aid;
3300 ifmgd->tdls_chan_switch_prohibited =
3301 elems->ext_capab && elems->ext_capab_len >= 5 &&
3302 (elems->ext_capab[4] & WLAN_EXT_CAPA5_TDLS_CH_SW_PROHIBITED);
3305 * Some APs are erroneously not including some information in their
3306 * (re)association response frames. Try to recover by using the data
3307 * from the beacon or probe response. This seems to afflict mobile
3308 * 2G/3G/4G wifi routers, reported models include the "Onda PN51T",
3309 * "Vodafone PocketWiFi 2", "ZTE MF60" and a similar T-Mobile device.
3312 ((assoc_data->wmm && !elems->wmm_param) ||
3313 (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
3314 (!elems->ht_cap_elem || !elems->ht_operation)) ||
3315 (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) &&
3316 (!elems->vht_cap_elem || !elems->vht_operation)))) {
3317 const struct cfg80211_bss_ies *ies;
3318 struct ieee802_11_elems bss_elems;
3321 ies = rcu_dereference(cbss->ies);
3323 bss_ies = kmemdup(ies, sizeof(*ies) + ies->len,
3329 ieee802_11_parse_elems(bss_ies->data, bss_ies->len,
3332 assoc_data->bss->bssid);
3333 if (assoc_data->wmm &&
3334 !elems->wmm_param && bss_elems.wmm_param) {
3335 elems->wmm_param = bss_elems.wmm_param;
3337 "AP bug: WMM param missing from AssocResp\n");
3341 * Also check if we requested HT/VHT, otherwise the AP doesn't
3342 * have to include the IEs in the (re)association response.
3344 if (!elems->ht_cap_elem && bss_elems.ht_cap_elem &&
3345 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) {
3346 elems->ht_cap_elem = bss_elems.ht_cap_elem;
3348 "AP bug: HT capability missing from AssocResp\n");
3350 if (!elems->ht_operation && bss_elems.ht_operation &&
3351 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) {
3352 elems->ht_operation = bss_elems.ht_operation;
3354 "AP bug: HT operation missing from AssocResp\n");
3356 if (!elems->vht_cap_elem && bss_elems.vht_cap_elem &&
3357 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) {
3358 elems->vht_cap_elem = bss_elems.vht_cap_elem;
3360 "AP bug: VHT capa missing from AssocResp\n");
3362 if (!elems->vht_operation && bss_elems.vht_operation &&
3363 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) {
3364 elems->vht_operation = bss_elems.vht_operation;
3366 "AP bug: VHT operation missing from AssocResp\n");
3371 * We previously checked these in the beacon/probe response, so
3372 * they should be present here. This is just a safety net.
3374 if (!is_6ghz && !(ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
3375 (!elems->wmm_param || !elems->ht_cap_elem || !elems->ht_operation)) {
3377 "HT AP is missing WMM params or HT capability/operation\n");
3382 if (!is_6ghz && !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) &&
3383 (!elems->vht_cap_elem || !elems->vht_operation)) {
3385 "VHT AP is missing VHT capability/operation\n");
3390 if (is_6ghz && !(ifmgd->flags & IEEE80211_STA_DISABLE_HE) &&
3391 !elems->he_6ghz_capa) {
3393 "HE 6 GHz AP is missing HE 6 GHz band capability\n");
3398 mutex_lock(&sdata->local->sta_mtx);
3400 * station info was already allocated and inserted before
3401 * the association and should be available to us
3403 sta = sta_info_get(sdata, cbss->bssid);
3404 if (WARN_ON(!sta)) {
3405 mutex_unlock(&sdata->local->sta_mtx);
3410 sband = ieee80211_get_sband(sdata);
3412 mutex_unlock(&sdata->local->sta_mtx);
3417 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HE) &&
3418 (!elems->he_cap || !elems->he_operation)) {
3419 mutex_unlock(&sdata->local->sta_mtx);
3421 "HE AP is missing HE capability/operation\n");
3426 /* Set up internal HT/VHT capabilities */
3427 if (elems->ht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_HT))
3428 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband,
3429 elems->ht_cap_elem, sta);
3431 if (elems->vht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
3432 ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband,
3433 elems->vht_cap_elem, sta);
3435 if (elems->he_operation && !(ifmgd->flags & IEEE80211_STA_DISABLE_HE) &&
3437 ieee80211_he_cap_ie_to_sta_he_cap(sdata, sband,
3440 elems->he_6ghz_capa,
3443 bss_conf->he_support = sta->sta.he_cap.has_he;
3444 if (elems->rsnx && elems->rsnx_len &&
3445 (elems->rsnx[0] & WLAN_RSNX_CAPA_PROTECTED_TWT) &&
3446 wiphy_ext_feature_isset(local->hw.wiphy,
3447 NL80211_EXT_FEATURE_PROTECTED_TWT))
3448 bss_conf->twt_protected = true;
3450 bss_conf->twt_protected = false;
3452 changed |= ieee80211_recalc_twt_req(sdata, sta, elems);
3454 bss_conf->he_support = false;
3455 bss_conf->twt_requester = false;
3456 bss_conf->twt_protected = false;
3459 if (bss_conf->he_support) {
3460 bss_conf->he_bss_color.color =
3461 le32_get_bits(elems->he_operation->he_oper_params,
3462 IEEE80211_HE_OPERATION_BSS_COLOR_MASK);
3463 bss_conf->he_bss_color.partial =
3464 le32_get_bits(elems->he_operation->he_oper_params,
3465 IEEE80211_HE_OPERATION_PARTIAL_BSS_COLOR);
3466 bss_conf->he_bss_color.enabled =
3467 !le32_get_bits(elems->he_operation->he_oper_params,
3468 IEEE80211_HE_OPERATION_BSS_COLOR_DISABLED);
3470 if (bss_conf->he_bss_color.enabled)
3471 changed |= BSS_CHANGED_HE_BSS_COLOR;
3473 bss_conf->htc_trig_based_pkt_ext =
3474 le32_get_bits(elems->he_operation->he_oper_params,
3475 IEEE80211_HE_OPERATION_DFLT_PE_DURATION_MASK);
3476 bss_conf->frame_time_rts_th =
3477 le32_get_bits(elems->he_operation->he_oper_params,
3478 IEEE80211_HE_OPERATION_RTS_THRESHOLD_MASK);
3480 bss_conf->multi_sta_back_32bit =
3481 sta->sta.he_cap.he_cap_elem.mac_cap_info[2] &
3482 IEEE80211_HE_MAC_CAP2_32BIT_BA_BITMAP;
3484 bss_conf->ack_enabled =
3485 sta->sta.he_cap.he_cap_elem.mac_cap_info[2] &
3486 IEEE80211_HE_MAC_CAP2_ACK_EN;
3488 bss_conf->uora_exists = !!elems->uora_element;
3489 if (elems->uora_element)
3490 bss_conf->uora_ocw_range = elems->uora_element[0];
3492 ieee80211_he_op_ie_to_bss_conf(&sdata->vif, elems->he_operation);
3493 ieee80211_he_spr_ie_to_bss_conf(&sdata->vif, elems->he_spr);
3494 /* TODO: OPEN: what happens if BSS color disable is set? */
3497 if (cbss->transmitted_bss) {
3498 bss_conf->nontransmitted = true;
3499 ether_addr_copy(bss_conf->transmitter_bssid,
3500 cbss->transmitted_bss->bssid);
3501 bss_conf->bssid_indicator = cbss->max_bssid_indicator;
3502 bss_conf->bssid_index = cbss->bssid_index;
3506 * Some APs, e.g. Netgear WNDR3700, report invalid HT operation data
3507 * in their association response, so ignore that data for our own
3508 * configuration. If it changed since the last beacon, we'll get the
3509 * next beacon and update then.
3513 * If an operating mode notification IE is present, override the
3514 * NSS calculation (that would be done in rate_control_rate_init())
3515 * and use the # of streams from that element.
3517 if (elems->opmode_notif &&
3518 !(*elems->opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_TYPE_BF)) {
3521 nss = *elems->opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_MASK;
3522 nss >>= IEEE80211_OPMODE_NOTIF_RX_NSS_SHIFT;
3524 sta->sta.rx_nss = nss;
3527 rate_control_rate_init(sta);
3529 if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED) {
3530 set_sta_flag(sta, WLAN_STA_MFP);
3531 sta->sta.mfp = true;
3533 sta->sta.mfp = false;
3536 sta->sta.wme = elems->wmm_param && local->hw.queues >= IEEE80211_NUM_ACS;
3538 err = sta_info_move_state(sta, IEEE80211_STA_ASSOC);
3539 if (!err && !(ifmgd->flags & IEEE80211_STA_CONTROL_PORT))
3540 err = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED);
3543 "failed to move station %pM to desired state\n",
3545 WARN_ON(__sta_info_destroy(sta));
3546 mutex_unlock(&sdata->local->sta_mtx);
3551 mutex_unlock(&sdata->local->sta_mtx);
3554 * Always handle WMM once after association regardless
3555 * of the first value the AP uses. Setting -1 here has
3556 * that effect because the AP values is an unsigned
3559 ifmgd->wmm_last_param_set = -1;
3560 ifmgd->mu_edca_last_param_set = -1;
3562 if (ifmgd->flags & IEEE80211_STA_DISABLE_WMM) {
3563 ieee80211_set_wmm_default(sdata, false, false);
3564 } else if (!ieee80211_sta_wmm_params(local, sdata, elems->wmm_param,
3565 elems->wmm_param_len,
3566 elems->mu_edca_param_set)) {
3567 /* still enable QoS since we might have HT/VHT */
3568 ieee80211_set_wmm_default(sdata, false, true);
3569 /* set the disable-WMM flag in this case to disable
3570 * tracking WMM parameter changes in the beacon if
3571 * the parameters weren't actually valid. Doing so
3572 * avoids changing parameters very strangely when
3573 * the AP is going back and forth between valid and
3574 * invalid parameters.
3576 ifmgd->flags |= IEEE80211_STA_DISABLE_WMM;
3578 changed |= BSS_CHANGED_QOS;
3580 if (elems->max_idle_period_ie) {
3581 bss_conf->max_idle_period =
3582 le16_to_cpu(elems->max_idle_period_ie->max_idle_period);
3583 bss_conf->protected_keep_alive =
3584 !!(elems->max_idle_period_ie->idle_options &
3585 WLAN_IDLE_OPTIONS_PROTECTED_KEEP_ALIVE);
3586 changed |= BSS_CHANGED_KEEP_ALIVE;
3588 bss_conf->max_idle_period = 0;
3589 bss_conf->protected_keep_alive = false;
3592 /* set assoc capability (AID was already set earlier),
3593 * ieee80211_set_associated() will tell the driver */
3594 bss_conf->assoc_capability = capab_info;
3595 ieee80211_set_associated(sdata, cbss, changed);
3598 * If we're using 4-addr mode, let the AP know that we're
3599 * doing so, so that it can create the STA VLAN on its side
3601 if (ifmgd->use_4addr)
3602 ieee80211_send_4addr_nullfunc(local, sdata);
3605 * Start timer to probe the connection to the AP now.
3606 * Also start the timer that will detect beacon loss.
3608 ieee80211_sta_rx_notify(sdata, (struct ieee80211_hdr *)mgmt);
3609 ieee80211_sta_reset_beacon_monitor(sdata);
3617 static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
3618 struct ieee80211_mgmt *mgmt,
3621 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3622 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
3623 u16 capab_info, status_code, aid;
3624 struct ieee802_11_elems elems;
3625 int ac, uapsd_queues = -1;
3628 struct cfg80211_bss *bss;
3629 struct ieee80211_event event = {
3631 .u.mlme.data = ASSOC_EVENT,
3634 sdata_assert_lock(sdata);
3638 if (!ether_addr_equal(assoc_data->bss->bssid, mgmt->bssid))
3642 * AssocResp and ReassocResp have identical structure, so process both
3643 * of them in this function.
3649 reassoc = ieee80211_is_reassoc_resp(mgmt->frame_control);
3650 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
3651 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
3652 aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
3655 "RX %sssocResp from %pM (capab=0x%x status=%d aid=%d)\n",
3656 reassoc ? "Rea" : "A", mgmt->sa,
3657 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14))));
3659 if (assoc_data->fils_kek_len &&
3660 fils_decrypt_assoc_resp(sdata, (u8 *)mgmt, &len, assoc_data) < 0)
3663 pos = mgmt->u.assoc_resp.variable;
3664 ieee802_11_parse_elems(pos, len - (pos - (u8 *)mgmt), false, &elems,
3665 mgmt->bssid, assoc_data->bss->bssid);
3667 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY &&
3668 elems.timeout_int &&
3669 elems.timeout_int->type == WLAN_TIMEOUT_ASSOC_COMEBACK) {
3671 tu = le32_to_cpu(elems.timeout_int->value);
3672 ms = tu * 1024 / 1000;
3674 "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n",
3676 assoc_data->timeout = jiffies + msecs_to_jiffies(ms);
3677 assoc_data->timeout_started = true;
3678 if (ms > IEEE80211_ASSOC_TIMEOUT)
3679 run_again(sdata, assoc_data->timeout);
3683 bss = assoc_data->bss;
3685 if (status_code != WLAN_STATUS_SUCCESS) {
3686 sdata_info(sdata, "%pM denied association (code=%d)\n",
3687 mgmt->sa, status_code);
3688 ieee80211_destroy_assoc_data(sdata, false, false);
3689 event.u.mlme.status = MLME_DENIED;
3690 event.u.mlme.reason = status_code;
3691 drv_event_callback(sdata->local, sdata, &event);
3693 if (!ieee80211_assoc_success(sdata, bss, mgmt, len, &elems)) {
3694 /* oops -- internal error -- send timeout for now */
3695 ieee80211_destroy_assoc_data(sdata, false, false);
3696 cfg80211_assoc_timeout(sdata->dev, bss);
3699 event.u.mlme.status = MLME_SUCCESS;
3700 drv_event_callback(sdata->local, sdata, &event);
3701 sdata_info(sdata, "associated\n");
3704 * destroy assoc_data afterwards, as otherwise an idle
3705 * recalc after assoc_data is NULL but before associated
3706 * is set can cause the interface to go idle
3708 ieee80211_destroy_assoc_data(sdata, true, false);
3710 /* get uapsd queues configuration */
3712 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++)
3713 if (sdata->tx_conf[ac].uapsd)
3714 uapsd_queues |= ieee80211_ac_to_qos_mask[ac];
3717 cfg80211_rx_assoc_resp(sdata->dev, bss, (u8 *)mgmt, len, uapsd_queues,
3718 ifmgd->assoc_req_ies, ifmgd->assoc_req_ies_len);
3721 static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
3722 struct ieee80211_mgmt *mgmt, size_t len,
3723 struct ieee80211_rx_status *rx_status)
3725 struct ieee80211_local *local = sdata->local;
3726 struct ieee80211_bss *bss;
3727 struct ieee80211_channel *channel;
3729 sdata_assert_lock(sdata);
3731 channel = ieee80211_get_channel_khz(local->hw.wiphy,
3732 ieee80211_rx_status_to_khz(rx_status));
3736 bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, channel);
3738 sdata->vif.bss_conf.beacon_rate = bss->beacon_rate;
3739 ieee80211_rx_bss_put(local, bss);
3744 static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata,
3745 struct sk_buff *skb)
3747 struct ieee80211_mgmt *mgmt = (void *)skb->data;
3748 struct ieee80211_if_managed *ifmgd;
3749 struct ieee80211_rx_status *rx_status = (void *) skb->cb;
3750 struct ieee80211_channel *channel;
3751 size_t baselen, len = skb->len;
3753 ifmgd = &sdata->u.mgd;
3755 sdata_assert_lock(sdata);
3758 * According to Draft P802.11ax D6.0 clause 26.17.2.3.2:
3759 * "If a 6 GHz AP receives a Probe Request frame and responds with
3760 * a Probe Response frame [..], the Address 1 field of the Probe
3761 * Response frame shall be set to the broadcast address [..]"
3762 * So, on 6GHz band we should also accept broadcast responses.
3764 channel = ieee80211_get_channel(sdata->local->hw.wiphy,
3769 if (!ether_addr_equal(mgmt->da, sdata->vif.addr) &&
3770 (channel->band != NL80211_BAND_6GHZ ||
3771 !is_broadcast_ether_addr(mgmt->da)))
3772 return; /* ignore ProbeResp to foreign address */
3774 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt;
3778 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status);
3780 if (ifmgd->associated &&
3781 ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid))
3782 ieee80211_reset_ap_probe(sdata);
3786 * This is the canonical list of information elements we care about,
3787 * the filter code also gives us all changes to the Microsoft OUI
3788 * (00:50:F2) vendor IE which is used for WMM which we need to track,
3789 * as well as the DTPC IE (part of the Cisco OUI) used for signaling
3790 * changes to requested client power.
3792 * We implement beacon filtering in software since that means we can
3793 * avoid processing the frame here and in cfg80211, and userspace
3794 * will not be able to tell whether the hardware supports it or not.
3796 * XXX: This list needs to be dynamic -- userspace needs to be able to
3797 * add items it requires. It also needs to be able to tell us to
3798 * look out for other vendor IEs.
3800 static const u64 care_about_ies =
3801 (1ULL << WLAN_EID_COUNTRY) |
3802 (1ULL << WLAN_EID_ERP_INFO) |
3803 (1ULL << WLAN_EID_CHANNEL_SWITCH) |
3804 (1ULL << WLAN_EID_PWR_CONSTRAINT) |
3805 (1ULL << WLAN_EID_HT_CAPABILITY) |
3806 (1ULL << WLAN_EID_HT_OPERATION) |
3807 (1ULL << WLAN_EID_EXT_CHANSWITCH_ANN);
3809 static void ieee80211_handle_beacon_sig(struct ieee80211_sub_if_data *sdata,
3810 struct ieee80211_if_managed *ifmgd,
3811 struct ieee80211_bss_conf *bss_conf,
3812 struct ieee80211_local *local,
3813 struct ieee80211_rx_status *rx_status)
3815 /* Track average RSSI from the Beacon frames of the current AP */
3817 if (ifmgd->flags & IEEE80211_STA_RESET_SIGNAL_AVE) {
3818 ifmgd->flags &= ~IEEE80211_STA_RESET_SIGNAL_AVE;
3819 ewma_beacon_signal_init(&ifmgd->ave_beacon_signal);
3820 ifmgd->last_cqm_event_signal = 0;
3821 ifmgd->count_beacon_signal = 1;
3822 ifmgd->last_ave_beacon_signal = 0;
3824 ifmgd->count_beacon_signal++;
3827 ewma_beacon_signal_add(&ifmgd->ave_beacon_signal, -rx_status->signal);
3829 if (ifmgd->rssi_min_thold != ifmgd->rssi_max_thold &&
3830 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) {
3831 int sig = -ewma_beacon_signal_read(&ifmgd->ave_beacon_signal);
3832 int last_sig = ifmgd->last_ave_beacon_signal;
3833 struct ieee80211_event event = {
3838 * if signal crosses either of the boundaries, invoke callback
3839 * with appropriate parameters
3841 if (sig > ifmgd->rssi_max_thold &&
3842 (last_sig <= ifmgd->rssi_min_thold || last_sig == 0)) {
3843 ifmgd->last_ave_beacon_signal = sig;
3844 event.u.rssi.data = RSSI_EVENT_HIGH;
3845 drv_event_callback(local, sdata, &event);
3846 } else if (sig < ifmgd->rssi_min_thold &&
3847 (last_sig >= ifmgd->rssi_max_thold ||
3849 ifmgd->last_ave_beacon_signal = sig;
3850 event.u.rssi.data = RSSI_EVENT_LOW;
3851 drv_event_callback(local, sdata, &event);
3855 if (bss_conf->cqm_rssi_thold &&
3856 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT &&
3857 !(sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI)) {
3858 int sig = -ewma_beacon_signal_read(&ifmgd->ave_beacon_signal);
3859 int last_event = ifmgd->last_cqm_event_signal;
3860 int thold = bss_conf->cqm_rssi_thold;
3861 int hyst = bss_conf->cqm_rssi_hyst;
3864 (last_event == 0 || sig < last_event - hyst)) {
3865 ifmgd->last_cqm_event_signal = sig;
3866 ieee80211_cqm_rssi_notify(
3868 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW,
3870 } else if (sig > thold &&
3871 (last_event == 0 || sig > last_event + hyst)) {
3872 ifmgd->last_cqm_event_signal = sig;
3873 ieee80211_cqm_rssi_notify(
3875 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH,
3880 if (bss_conf->cqm_rssi_low &&
3881 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) {
3882 int sig = -ewma_beacon_signal_read(&ifmgd->ave_beacon_signal);
3883 int last_event = ifmgd->last_cqm_event_signal;
3884 int low = bss_conf->cqm_rssi_low;
3885 int high = bss_conf->cqm_rssi_high;
3888 (last_event == 0 || last_event >= low)) {
3889 ifmgd->last_cqm_event_signal = sig;
3890 ieee80211_cqm_rssi_notify(
3892 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW,
3894 } else if (sig > high &&
3895 (last_event == 0 || last_event <= high)) {
3896 ifmgd->last_cqm_event_signal = sig;
3897 ieee80211_cqm_rssi_notify(
3899 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH,
3905 static bool ieee80211_rx_our_beacon(const u8 *tx_bssid,
3906 struct cfg80211_bss *bss)
3908 if (ether_addr_equal(tx_bssid, bss->bssid))
3910 if (!bss->transmitted_bss)
3912 return ether_addr_equal(tx_bssid, bss->transmitted_bss->bssid);
3915 static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
3916 struct ieee80211_mgmt *mgmt, size_t len,
3917 struct ieee80211_rx_status *rx_status)
3919 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3920 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
3922 struct ieee802_11_elems elems;
3923 struct ieee80211_local *local = sdata->local;
3924 struct ieee80211_chanctx_conf *chanctx_conf;
3925 struct ieee80211_channel *chan;
3926 struct sta_info *sta;
3932 u8 deauth_buf[IEEE80211_DEAUTH_FRAME_LEN];
3934 sdata_assert_lock(sdata);
3936 /* Process beacon from the current BSS */
3937 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
3942 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
3943 if (!chanctx_conf) {
3948 if (ieee80211_rx_status_to_khz(rx_status) !=
3949 ieee80211_channel_to_khz(chanctx_conf->def.chan)) {
3953 chan = chanctx_conf->def.chan;
3956 if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon &&
3957 ieee80211_rx_our_beacon(mgmt->bssid, ifmgd->assoc_data->bss)) {
3958 ieee802_11_parse_elems(mgmt->u.beacon.variable,
3959 len - baselen, false, &elems,
3961 ifmgd->assoc_data->bss->bssid);
3963 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status);
3965 if (elems.dtim_period)
3966 ifmgd->dtim_period = elems.dtim_period;
3967 ifmgd->have_beacon = true;
3968 ifmgd->assoc_data->need_beacon = false;
3969 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY)) {
3970 sdata->vif.bss_conf.sync_tsf =
3971 le64_to_cpu(mgmt->u.beacon.timestamp);
3972 sdata->vif.bss_conf.sync_device_ts =
3973 rx_status->device_timestamp;
3974 sdata->vif.bss_conf.sync_dtim_count = elems.dtim_count;
3977 if (elems.mbssid_config_ie)
3978 bss_conf->profile_periodicity =
3979 elems.mbssid_config_ie->profile_periodicity;
3981 if (elems.ext_capab_len >= 11 &&
3982 (elems.ext_capab[10] & WLAN_EXT_CAPA11_EMA_SUPPORT))
3983 bss_conf->ema_ap = true;
3985 /* continue assoc process */
3986 ifmgd->assoc_data->timeout = jiffies;
3987 ifmgd->assoc_data->timeout_started = true;
3988 run_again(sdata, ifmgd->assoc_data->timeout);
3992 if (!ifmgd->associated ||
3993 !ieee80211_rx_our_beacon(mgmt->bssid, ifmgd->associated))
3995 bssid = ifmgd->associated->bssid;
3997 if (!(rx_status->flag & RX_FLAG_NO_SIGNAL_VAL))
3998 ieee80211_handle_beacon_sig(sdata, ifmgd, bss_conf,
4001 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) {
4002 mlme_dbg_ratelimited(sdata,
4003 "cancelling AP probe due to a received beacon\n");
4004 ieee80211_reset_ap_probe(sdata);
4008 * Push the beacon loss detection into the future since
4009 * we are processing a beacon from the AP just now.
4011 ieee80211_sta_reset_beacon_monitor(sdata);
4013 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4);
4014 ncrc = ieee802_11_parse_elems_crc(mgmt->u.beacon.variable,
4015 len - baselen, false, &elems,
4016 care_about_ies, ncrc,
4017 mgmt->bssid, bssid);
4019 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) &&
4020 ieee80211_check_tim(elems.tim, elems.tim_len, bss_conf->aid)) {
4021 if (local->hw.conf.dynamic_ps_timeout > 0) {
4022 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
4023 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
4024 ieee80211_hw_config(local,
4025 IEEE80211_CONF_CHANGE_PS);
4027 ieee80211_send_nullfunc(local, sdata, false);
4028 } else if (!local->pspolling && sdata->u.mgd.powersave) {
4029 local->pspolling = true;
4032 * Here is assumed that the driver will be
4033 * able to send ps-poll frame and receive a
4034 * response even though power save mode is
4035 * enabled, but some drivers might require
4036 * to disable power save here. This needs
4037 * to be investigated.
4039 ieee80211_send_pspoll(local, sdata);
4043 if (sdata->vif.p2p ||
4044 sdata->vif.driver_flags & IEEE80211_VIF_GET_NOA_UPDATE) {
4045 struct ieee80211_p2p_noa_attr noa = {};
4048 ret = cfg80211_get_p2p_attr(mgmt->u.beacon.variable,
4050 IEEE80211_P2P_ATTR_ABSENCE_NOTICE,
4051 (u8 *) &noa, sizeof(noa));
4053 if (sdata->u.mgd.p2p_noa_index != noa.index) {
4054 /* valid noa_attr and index changed */
4055 sdata->u.mgd.p2p_noa_index = noa.index;
4056 memcpy(&bss_conf->p2p_noa_attr, &noa, sizeof(noa));
4057 changed |= BSS_CHANGED_P2P_PS;
4059 * make sure we update all information, the CRC
4060 * mechanism doesn't look at P2P attributes.
4062 ifmgd->beacon_crc_valid = false;
4064 } else if (sdata->u.mgd.p2p_noa_index != -1) {
4065 /* noa_attr not found and we had valid noa_attr before */
4066 sdata->u.mgd.p2p_noa_index = -1;
4067 memset(&bss_conf->p2p_noa_attr, 0, sizeof(bss_conf->p2p_noa_attr));
4068 changed |= BSS_CHANGED_P2P_PS;
4069 ifmgd->beacon_crc_valid = false;
4073 if (ifmgd->csa_waiting_bcn)
4074 ieee80211_chswitch_post_beacon(sdata);
4077 * Update beacon timing and dtim count on every beacon appearance. This
4078 * will allow the driver to use the most updated values. Do it before
4079 * comparing this one with last received beacon.
4080 * IMPORTANT: These parameters would possibly be out of sync by the time
4081 * the driver will use them. The synchronized view is currently
4082 * guaranteed only in certain callbacks.
4084 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY)) {
4085 sdata->vif.bss_conf.sync_tsf =
4086 le64_to_cpu(mgmt->u.beacon.timestamp);
4087 sdata->vif.bss_conf.sync_device_ts =
4088 rx_status->device_timestamp;
4089 sdata->vif.bss_conf.sync_dtim_count = elems.dtim_count;
4092 if (ncrc == ifmgd->beacon_crc && ifmgd->beacon_crc_valid)
4094 ifmgd->beacon_crc = ncrc;
4095 ifmgd->beacon_crc_valid = true;
4097 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status);
4099 ieee80211_sta_process_chanswitch(sdata, rx_status->mactime,
4100 rx_status->device_timestamp,
4103 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_WMM) &&
4104 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param,
4105 elems.wmm_param_len,
4106 elems.mu_edca_param_set))
4107 changed |= BSS_CHANGED_QOS;
4110 * If we haven't had a beacon before, tell the driver about the
4111 * DTIM period (and beacon timing if desired) now.
4113 if (!ifmgd->have_beacon) {
4114 /* a few bogus AP send dtim_period = 0 or no TIM IE */
4115 bss_conf->dtim_period = elems.dtim_period ?: 1;
4117 changed |= BSS_CHANGED_BEACON_INFO;
4118 ifmgd->have_beacon = true;
4120 mutex_lock(&local->iflist_mtx);
4121 ieee80211_recalc_ps(local);
4122 mutex_unlock(&local->iflist_mtx);
4124 ieee80211_recalc_ps_vif(sdata);
4127 if (elems.erp_info) {
4129 erp_value = elems.erp_info[0];
4133 changed |= ieee80211_handle_bss_capability(sdata,
4134 le16_to_cpu(mgmt->u.beacon.capab_info),
4135 erp_valid, erp_value);
4137 mutex_lock(&local->sta_mtx);
4138 sta = sta_info_get(sdata, bssid);
4140 changed |= ieee80211_recalc_twt_req(sdata, sta, &elems);
4142 if (ieee80211_config_bw(sdata, sta, elems.ht_cap_elem,
4143 elems.vht_cap_elem, elems.ht_operation,
4144 elems.vht_operation, elems.he_operation,
4146 mutex_unlock(&local->sta_mtx);
4148 "failed to follow AP %pM bandwidth change, disconnect\n",
4150 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
4151 WLAN_REASON_DEAUTH_LEAVING,
4153 ieee80211_report_disconnect(sdata, deauth_buf,
4154 sizeof(deauth_buf), true,
4155 WLAN_REASON_DEAUTH_LEAVING);
4159 if (sta && elems.opmode_notif)
4160 ieee80211_vht_handle_opmode(sdata, sta, *elems.opmode_notif,
4162 mutex_unlock(&local->sta_mtx);
4164 changed |= ieee80211_handle_pwr_constr(sdata, chan, mgmt,
4166 elems.country_elem_len,
4167 elems.pwr_constr_elem,
4168 elems.cisco_dtpc_elem);
4170 ieee80211_bss_info_change_notify(sdata, changed);
4173 void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
4174 struct sk_buff *skb)
4176 struct ieee80211_rx_status *rx_status;
4177 struct ieee80211_mgmt *mgmt;
4179 struct ieee802_11_elems elems;
4182 rx_status = (struct ieee80211_rx_status *) skb->cb;
4183 mgmt = (struct ieee80211_mgmt *) skb->data;
4184 fc = le16_to_cpu(mgmt->frame_control);
4188 switch (fc & IEEE80211_FCTL_STYPE) {
4189 case IEEE80211_STYPE_BEACON:
4190 ieee80211_rx_mgmt_beacon(sdata, mgmt, skb->len, rx_status);
4192 case IEEE80211_STYPE_PROBE_RESP:
4193 ieee80211_rx_mgmt_probe_resp(sdata, skb);
4195 case IEEE80211_STYPE_AUTH:
4196 ieee80211_rx_mgmt_auth(sdata, mgmt, skb->len);
4198 case IEEE80211_STYPE_DEAUTH:
4199 ieee80211_rx_mgmt_deauth(sdata, mgmt, skb->len);
4201 case IEEE80211_STYPE_DISASSOC:
4202 ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len);
4204 case IEEE80211_STYPE_ASSOC_RESP:
4205 case IEEE80211_STYPE_REASSOC_RESP:
4206 ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len);
4208 case IEEE80211_STYPE_ACTION:
4209 if (mgmt->u.action.category == WLAN_CATEGORY_SPECTRUM_MGMT) {
4210 ies_len = skb->len -
4211 offsetof(struct ieee80211_mgmt,
4212 u.action.u.chan_switch.variable);
4217 /* CSA IE cannot be overridden, no need for BSSID */
4218 ieee802_11_parse_elems(
4219 mgmt->u.action.u.chan_switch.variable,
4220 ies_len, true, &elems, mgmt->bssid, NULL);
4222 if (elems.parse_error)
4225 ieee80211_sta_process_chanswitch(sdata,
4227 rx_status->device_timestamp,
4229 } else if (mgmt->u.action.category == WLAN_CATEGORY_PUBLIC) {
4230 ies_len = skb->len -
4231 offsetof(struct ieee80211_mgmt,
4232 u.action.u.ext_chan_switch.variable);
4238 * extended CSA IE can't be overridden, no need for
4241 ieee802_11_parse_elems(
4242 mgmt->u.action.u.ext_chan_switch.variable,
4243 ies_len, true, &elems, mgmt->bssid, NULL);
4245 if (elems.parse_error)
4248 /* for the handling code pretend this was also an IE */
4249 elems.ext_chansw_ie =
4250 &mgmt->u.action.u.ext_chan_switch.data;
4252 ieee80211_sta_process_chanswitch(sdata,
4254 rx_status->device_timestamp,
4259 sdata_unlock(sdata);
4262 static void ieee80211_sta_timer(struct timer_list *t)
4264 struct ieee80211_sub_if_data *sdata =
4265 from_timer(sdata, t, u.mgd.timer);
4267 ieee80211_queue_work(&sdata->local->hw, &sdata->work);
4270 static void ieee80211_sta_connection_lost(struct ieee80211_sub_if_data *sdata,
4271 u8 *bssid, u8 reason, bool tx)
4273 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
4275 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, reason,
4278 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true,
4282 static int ieee80211_auth(struct ieee80211_sub_if_data *sdata)
4284 struct ieee80211_local *local = sdata->local;
4285 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4286 struct ieee80211_mgd_auth_data *auth_data = ifmgd->auth_data;
4290 u16 prepare_tx_duration = 0;
4292 sdata_assert_lock(sdata);
4294 if (WARN_ON_ONCE(!auth_data))
4299 if (auth_data->tries > IEEE80211_AUTH_MAX_TRIES) {
4300 sdata_info(sdata, "authentication with %pM timed out\n",
4301 auth_data->bss->bssid);
4304 * Most likely AP is not in the range so remove the
4305 * bss struct for that AP.
4307 cfg80211_unlink_bss(local->hw.wiphy, auth_data->bss);
4312 if (auth_data->algorithm == WLAN_AUTH_SAE)
4313 prepare_tx_duration =
4314 jiffies_to_msecs(IEEE80211_AUTH_TIMEOUT_SAE);
4316 drv_mgd_prepare_tx(local, sdata, prepare_tx_duration);
4318 sdata_info(sdata, "send auth to %pM (try %d/%d)\n",
4319 auth_data->bss->bssid, auth_data->tries,
4320 IEEE80211_AUTH_MAX_TRIES);
4322 auth_data->expected_transaction = 2;
4324 if (auth_data->algorithm == WLAN_AUTH_SAE) {
4325 trans = auth_data->sae_trans;
4326 status = auth_data->sae_status;
4327 auth_data->expected_transaction = trans;
4330 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
4331 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
4332 IEEE80211_TX_INTFL_MLME_CONN_TX;
4334 ieee80211_send_auth(sdata, trans, auth_data->algorithm, status,
4335 auth_data->data, auth_data->data_len,
4336 auth_data->bss->bssid,
4337 auth_data->bss->bssid, NULL, 0, 0,
4340 if (tx_flags == 0) {
4341 if (auth_data->algorithm == WLAN_AUTH_SAE)
4342 auth_data->timeout = jiffies +
4343 IEEE80211_AUTH_TIMEOUT_SAE;
4345 auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
4347 auth_data->timeout =
4348 round_jiffies_up(jiffies + IEEE80211_AUTH_TIMEOUT_LONG);
4351 auth_data->timeout_started = true;
4352 run_again(sdata, auth_data->timeout);
4357 static int ieee80211_do_assoc(struct ieee80211_sub_if_data *sdata)
4359 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data;
4360 struct ieee80211_local *local = sdata->local;
4362 sdata_assert_lock(sdata);
4364 assoc_data->tries++;
4365 if (assoc_data->tries > IEEE80211_ASSOC_MAX_TRIES) {
4366 sdata_info(sdata, "association with %pM timed out\n",
4367 assoc_data->bss->bssid);
4370 * Most likely AP is not in the range so remove the
4371 * bss struct for that AP.
4373 cfg80211_unlink_bss(local->hw.wiphy, assoc_data->bss);
4378 sdata_info(sdata, "associate with %pM (try %d/%d)\n",
4379 assoc_data->bss->bssid, assoc_data->tries,
4380 IEEE80211_ASSOC_MAX_TRIES);
4381 ieee80211_send_assoc(sdata);
4383 if (!ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) {
4384 assoc_data->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT;
4385 assoc_data->timeout_started = true;
4386 run_again(sdata, assoc_data->timeout);
4388 assoc_data->timeout =
4389 round_jiffies_up(jiffies +
4390 IEEE80211_ASSOC_TIMEOUT_LONG);
4391 assoc_data->timeout_started = true;
4392 run_again(sdata, assoc_data->timeout);
4398 void ieee80211_mgd_conn_tx_status(struct ieee80211_sub_if_data *sdata,
4399 __le16 fc, bool acked)
4401 struct ieee80211_local *local = sdata->local;
4403 sdata->u.mgd.status_fc = fc;
4404 sdata->u.mgd.status_acked = acked;
4405 sdata->u.mgd.status_received = true;
4407 ieee80211_queue_work(&local->hw, &sdata->work);
4410 void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata)
4412 struct ieee80211_local *local = sdata->local;
4413 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4417 if (ifmgd->status_received) {
4418 __le16 fc = ifmgd->status_fc;
4419 bool status_acked = ifmgd->status_acked;
4421 ifmgd->status_received = false;
4422 if (ifmgd->auth_data && ieee80211_is_auth(fc)) {
4424 if (ifmgd->auth_data->algorithm ==
4426 ifmgd->auth_data->timeout =
4428 IEEE80211_AUTH_TIMEOUT_SAE;
4430 ifmgd->auth_data->timeout =
4432 IEEE80211_AUTH_TIMEOUT_SHORT;
4433 run_again(sdata, ifmgd->auth_data->timeout);
4435 ifmgd->auth_data->timeout = jiffies - 1;
4437 ifmgd->auth_data->timeout_started = true;
4438 } else if (ifmgd->assoc_data &&
4439 (ieee80211_is_assoc_req(fc) ||
4440 ieee80211_is_reassoc_req(fc))) {
4442 ifmgd->assoc_data->timeout =
4443 jiffies + IEEE80211_ASSOC_TIMEOUT_SHORT;
4444 run_again(sdata, ifmgd->assoc_data->timeout);
4446 ifmgd->assoc_data->timeout = jiffies - 1;
4448 ifmgd->assoc_data->timeout_started = true;
4452 if (ifmgd->auth_data && ifmgd->auth_data->timeout_started &&
4453 time_after(jiffies, ifmgd->auth_data->timeout)) {
4454 if (ifmgd->auth_data->done) {
4456 * ok ... we waited for assoc but userspace didn't,
4457 * so let's just kill the auth data
4459 ieee80211_destroy_auth_data(sdata, false);
4460 } else if (ieee80211_auth(sdata)) {
4462 struct ieee80211_event event = {
4464 .u.mlme.data = AUTH_EVENT,
4465 .u.mlme.status = MLME_TIMEOUT,
4468 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN);
4470 ieee80211_destroy_auth_data(sdata, false);
4472 cfg80211_auth_timeout(sdata->dev, bssid);
4473 drv_event_callback(sdata->local, sdata, &event);
4475 } else if (ifmgd->auth_data && ifmgd->auth_data->timeout_started)
4476 run_again(sdata, ifmgd->auth_data->timeout);
4478 if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started &&
4479 time_after(jiffies, ifmgd->assoc_data->timeout)) {
4480 if ((ifmgd->assoc_data->need_beacon && !ifmgd->have_beacon) ||
4481 ieee80211_do_assoc(sdata)) {
4482 struct cfg80211_bss *bss = ifmgd->assoc_data->bss;
4483 struct ieee80211_event event = {
4485 .u.mlme.data = ASSOC_EVENT,
4486 .u.mlme.status = MLME_TIMEOUT,
4489 ieee80211_destroy_assoc_data(sdata, false, false);
4490 cfg80211_assoc_timeout(sdata->dev, bss);
4491 drv_event_callback(sdata->local, sdata, &event);
4493 } else if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started)
4494 run_again(sdata, ifmgd->assoc_data->timeout);
4496 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL &&
4497 ifmgd->associated) {
4501 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN);
4503 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
4504 max_tries = max_nullfunc_tries;
4506 max_tries = max_probe_tries;
4508 /* ACK received for nullfunc probing frame */
4509 if (!ifmgd->probe_send_count)
4510 ieee80211_reset_ap_probe(sdata);
4511 else if (ifmgd->nullfunc_failed) {
4512 if (ifmgd->probe_send_count < max_tries) {
4514 "No ack for nullfunc frame to AP %pM, try %d/%i\n",
4515 bssid, ifmgd->probe_send_count,
4517 ieee80211_mgd_probe_ap_send(sdata);
4520 "No ack for nullfunc frame to AP %pM, disconnecting.\n",
4522 ieee80211_sta_connection_lost(sdata, bssid,
4523 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
4526 } else if (time_is_after_jiffies(ifmgd->probe_timeout))
4527 run_again(sdata, ifmgd->probe_timeout);
4528 else if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) {
4530 "Failed to send nullfunc to AP %pM after %dms, disconnecting\n",
4531 bssid, probe_wait_ms);
4532 ieee80211_sta_connection_lost(sdata, bssid,
4533 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false);
4534 } else if (ifmgd->probe_send_count < max_tries) {
4536 "No probe response from AP %pM after %dms, try %d/%i\n",
4537 bssid, probe_wait_ms,
4538 ifmgd->probe_send_count, max_tries);
4539 ieee80211_mgd_probe_ap_send(sdata);
4542 * We actually lost the connection ... or did we?
4546 "No probe response from AP %pM after %dms, disconnecting.\n",
4547 bssid, probe_wait_ms);
4549 ieee80211_sta_connection_lost(sdata, bssid,
4550 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false);
4554 sdata_unlock(sdata);
4557 static void ieee80211_sta_bcn_mon_timer(struct timer_list *t)
4559 struct ieee80211_sub_if_data *sdata =
4560 from_timer(sdata, t, u.mgd.bcn_mon_timer);
4561 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4563 if (sdata->vif.csa_active && !ifmgd->csa_waiting_bcn)
4566 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER)
4569 sdata->u.mgd.connection_loss = false;
4570 ieee80211_queue_work(&sdata->local->hw,
4571 &sdata->u.mgd.beacon_connection_loss_work);
4574 static void ieee80211_sta_conn_mon_timer(struct timer_list *t)
4576 struct ieee80211_sub_if_data *sdata =
4577 from_timer(sdata, t, u.mgd.conn_mon_timer);
4578 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4579 struct ieee80211_local *local = sdata->local;
4581 if (sdata->vif.csa_active && !ifmgd->csa_waiting_bcn)
4584 ieee80211_queue_work(&local->hw, &ifmgd->monitor_work);
4587 static void ieee80211_sta_monitor_work(struct work_struct *work)
4589 struct ieee80211_sub_if_data *sdata =
4590 container_of(work, struct ieee80211_sub_if_data,
4591 u.mgd.monitor_work);
4593 ieee80211_mgd_probe_ap(sdata, false);
4596 static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata)
4598 if (sdata->vif.type == NL80211_IFTYPE_STATION) {
4599 __ieee80211_stop_poll(sdata);
4601 /* let's probe the connection once */
4602 if (!ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
4603 ieee80211_queue_work(&sdata->local->hw,
4604 &sdata->u.mgd.monitor_work);
4609 void ieee80211_mgd_quiesce(struct ieee80211_sub_if_data *sdata)
4611 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4612 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
4616 if (ifmgd->auth_data || ifmgd->assoc_data) {
4617 const u8 *bssid = ifmgd->auth_data ?
4618 ifmgd->auth_data->bss->bssid :
4619 ifmgd->assoc_data->bss->bssid;
4622 * If we are trying to authenticate / associate while suspending,
4623 * cfg80211 won't know and won't actually abort those attempts,
4624 * thus we need to do that ourselves.
4626 ieee80211_send_deauth_disassoc(sdata, bssid, bssid,
4627 IEEE80211_STYPE_DEAUTH,
4628 WLAN_REASON_DEAUTH_LEAVING,
4630 if (ifmgd->assoc_data)
4631 ieee80211_destroy_assoc_data(sdata, false, true);
4632 if (ifmgd->auth_data)
4633 ieee80211_destroy_auth_data(sdata, false);
4634 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,
4635 IEEE80211_DEAUTH_FRAME_LEN);
4638 /* This is a bit of a hack - we should find a better and more generic
4639 * solution to this. Normally when suspending, cfg80211 will in fact
4640 * deauthenticate. However, it doesn't (and cannot) stop an ongoing
4641 * auth (not so important) or assoc (this is the problem) process.
4643 * As a consequence, it can happen that we are in the process of both
4644 * associating and suspending, and receive an association response
4645 * after cfg80211 has checked if it needs to disconnect, but before
4646 * we actually set the flag to drop incoming frames. This will then
4647 * cause the workqueue flush to process the association response in
4648 * the suspend, resulting in a successful association just before it
4649 * tries to remove the interface from the driver, which now though
4650 * has a channel context assigned ... this results in issues.
4652 * To work around this (for now) simply deauth here again if we're
4655 if (ifmgd->associated && !sdata->local->wowlan) {
4657 struct cfg80211_deauth_request req = {
4658 .reason_code = WLAN_REASON_DEAUTH_LEAVING,
4662 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN);
4663 ieee80211_mgd_deauth(sdata, &req);
4666 sdata_unlock(sdata);
4669 void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata)
4671 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4674 if (!ifmgd->associated) {
4675 sdata_unlock(sdata);
4679 if (sdata->flags & IEEE80211_SDATA_DISCONNECT_RESUME) {
4680 sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_RESUME;
4681 mlme_dbg(sdata, "driver requested disconnect after resume\n");
4682 ieee80211_sta_connection_lost(sdata,
4683 ifmgd->associated->bssid,
4684 WLAN_REASON_UNSPECIFIED,
4686 sdata_unlock(sdata);
4689 sdata_unlock(sdata);
4693 /* interface setup */
4694 void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata)
4696 struct ieee80211_if_managed *ifmgd;
4698 ifmgd = &sdata->u.mgd;
4699 INIT_WORK(&ifmgd->monitor_work, ieee80211_sta_monitor_work);
4700 INIT_WORK(&ifmgd->chswitch_work, ieee80211_chswitch_work);
4701 INIT_WORK(&ifmgd->beacon_connection_loss_work,
4702 ieee80211_beacon_connection_loss_work);
4703 INIT_WORK(&ifmgd->csa_connection_drop_work,
4704 ieee80211_csa_connection_drop_work);
4705 INIT_WORK(&ifmgd->request_smps_work, ieee80211_request_smps_mgd_work);
4706 INIT_DELAYED_WORK(&ifmgd->tdls_peer_del_work,
4707 ieee80211_tdls_peer_del_work);
4708 timer_setup(&ifmgd->timer, ieee80211_sta_timer, 0);
4709 timer_setup(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer, 0);
4710 timer_setup(&ifmgd->conn_mon_timer, ieee80211_sta_conn_mon_timer, 0);
4711 timer_setup(&ifmgd->chswitch_timer, ieee80211_chswitch_timer, 0);
4712 INIT_DELAYED_WORK(&ifmgd->tx_tspec_wk,
4713 ieee80211_sta_handle_tspec_ac_params_wk);
4716 ifmgd->powersave = sdata->wdev.ps;
4717 ifmgd->uapsd_queues = sdata->local->hw.uapsd_queues;
4718 ifmgd->uapsd_max_sp_len = sdata->local->hw.uapsd_max_sp_len;
4719 ifmgd->p2p_noa_index = -1;
4721 if (sdata->local->hw.wiphy->features & NL80211_FEATURE_DYNAMIC_SMPS)
4722 ifmgd->req_smps = IEEE80211_SMPS_AUTOMATIC;
4724 ifmgd->req_smps = IEEE80211_SMPS_OFF;
4726 /* Setup TDLS data */
4727 spin_lock_init(&ifmgd->teardown_lock);
4728 ifmgd->teardown_skb = NULL;
4729 ifmgd->orig_teardown_skb = NULL;
4732 /* scan finished notification */
4733 void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local)
4735 struct ieee80211_sub_if_data *sdata;
4737 /* Restart STA timers */
4739 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
4740 if (ieee80211_sdata_running(sdata))
4741 ieee80211_restart_sta_timer(sdata);
4746 static u8 ieee80211_ht_vht_rx_chains(struct ieee80211_sub_if_data *sdata,
4747 struct cfg80211_bss *cbss)
4749 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4750 const u8 *ht_cap_ie, *vht_cap_ie;
4751 const struct ieee80211_ht_cap *ht_cap;
4752 const struct ieee80211_vht_cap *vht_cap;
4755 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT)
4758 ht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY);
4759 if (ht_cap_ie && ht_cap_ie[1] >= sizeof(*ht_cap)) {
4760 ht_cap = (void *)(ht_cap_ie + 2);
4761 chains = ieee80211_mcs_to_chains(&ht_cap->mcs);
4763 * TODO: use "Tx Maximum Number Spatial Streams Supported" and
4764 * "Tx Unequal Modulation Supported" fields.
4768 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT)
4771 vht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY);
4772 if (vht_cap_ie && vht_cap_ie[1] >= sizeof(*vht_cap)) {
4776 vht_cap = (void *)(vht_cap_ie + 2);
4777 tx_mcs_map = le16_to_cpu(vht_cap->supp_mcs.tx_mcs_map);
4778 for (nss = 8; nss > 0; nss--) {
4779 if (((tx_mcs_map >> (2 * (nss - 1))) & 3) !=
4780 IEEE80211_VHT_MCS_NOT_SUPPORTED)
4783 /* TODO: use "Tx Highest Supported Long GI Data Rate" field? */
4784 chains = max(chains, nss);
4791 ieee80211_verify_sta_he_mcs_support(struct ieee80211_supported_band *sband,
4792 const struct ieee80211_he_operation *he_op)
4794 const struct ieee80211_sta_he_cap *sta_he_cap =
4795 ieee80211_get_he_sta_cap(sband);
4799 if (!sta_he_cap || !he_op)
4802 ap_min_req_set = le16_to_cpu(he_op->he_mcs_nss_set);
4804 /* Need to go over for 80MHz, 160MHz and for 80+80 */
4805 for (i = 0; i < 3; i++) {
4806 const struct ieee80211_he_mcs_nss_supp *sta_mcs_nss_supp =
4807 &sta_he_cap->he_mcs_nss_supp;
4808 u16 sta_mcs_map_rx =
4809 le16_to_cpu(((__le16 *)sta_mcs_nss_supp)[2 * i]);
4810 u16 sta_mcs_map_tx =
4811 le16_to_cpu(((__le16 *)sta_mcs_nss_supp)[2 * i + 1]);
4813 bool verified = true;
4816 * For each band there is a maximum of 8 spatial streams
4817 * possible. Each of the sta_mcs_map_* is a 16-bit struct built
4818 * of 2 bits per NSS (1-8), with the values defined in enum
4819 * ieee80211_he_mcs_support. Need to make sure STA TX and RX
4820 * capabilities aren't less than the AP's minimum requirements
4821 * for this HE BSS per SS.
4822 * It is enough to find one such band that meets the reqs.
4824 for (nss = 8; nss > 0; nss--) {
4825 u8 sta_rx_val = (sta_mcs_map_rx >> (2 * (nss - 1))) & 3;
4826 u8 sta_tx_val = (sta_mcs_map_tx >> (2 * (nss - 1))) & 3;
4827 u8 ap_val = (ap_min_req_set >> (2 * (nss - 1))) & 3;
4829 if (ap_val == IEEE80211_HE_MCS_NOT_SUPPORTED)
4833 * Make sure the HE AP doesn't require MCSs that aren't
4834 * supported by the client
4836 if (sta_rx_val == IEEE80211_HE_MCS_NOT_SUPPORTED ||
4837 sta_tx_val == IEEE80211_HE_MCS_NOT_SUPPORTED ||
4838 (ap_val > sta_rx_val) || (ap_val > sta_tx_val)) {
4848 /* If here, STA doesn't meet AP's HE min requirements */
4852 static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata,
4853 struct cfg80211_bss *cbss)
4855 struct ieee80211_local *local = sdata->local;
4856 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4857 const struct ieee80211_ht_cap *ht_cap = NULL;
4858 const struct ieee80211_ht_operation *ht_oper = NULL;
4859 const struct ieee80211_vht_operation *vht_oper = NULL;
4860 const struct ieee80211_he_operation *he_oper = NULL;
4861 struct ieee80211_supported_band *sband;
4862 struct cfg80211_chan_def chandef;
4863 bool is_6ghz = cbss->channel->band == NL80211_BAND_6GHZ;
4864 struct ieee80211_bss *bss = (void *)cbss->priv;
4869 sband = local->hw.wiphy->bands[cbss->channel->band];
4871 ifmgd->flags &= ~(IEEE80211_STA_DISABLE_40MHZ |
4872 IEEE80211_STA_DISABLE_80P80MHZ |
4873 IEEE80211_STA_DISABLE_160MHZ);
4875 /* disable HT/VHT/HE if we don't support them */
4876 if (!sband->ht_cap.ht_supported && !is_6ghz) {
4877 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4878 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4879 ifmgd->flags |= IEEE80211_STA_DISABLE_HE;
4882 if (!sband->vht_cap.vht_supported && !is_6ghz) {
4883 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4884 ifmgd->flags |= IEEE80211_STA_DISABLE_HE;
4887 if (!ieee80211_get_he_sta_cap(sband))
4888 ifmgd->flags |= IEEE80211_STA_DISABLE_HE;
4892 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && !is_6ghz) {
4893 const u8 *ht_oper_ie, *ht_cap_ie;
4895 ht_oper_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_OPERATION);
4896 if (ht_oper_ie && ht_oper_ie[1] >= sizeof(*ht_oper))
4897 ht_oper = (void *)(ht_oper_ie + 2);
4899 ht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY);
4900 if (ht_cap_ie && ht_cap_ie[1] >= sizeof(*ht_cap))
4901 ht_cap = (void *)(ht_cap_ie + 2);
4904 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4909 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && !is_6ghz) {
4910 const u8 *vht_oper_ie, *vht_cap;
4912 vht_oper_ie = ieee80211_bss_get_ie(cbss,
4913 WLAN_EID_VHT_OPERATION);
4914 if (vht_oper_ie && vht_oper_ie[1] >= sizeof(*vht_oper))
4915 vht_oper = (void *)(vht_oper_ie + 2);
4916 if (vht_oper && !ht_oper) {
4919 "AP advertised VHT without HT, disabling HT/VHT/HE\n");
4920 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4921 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4922 ifmgd->flags |= IEEE80211_STA_DISABLE_HE;
4925 vht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY);
4926 if (!vht_cap || vht_cap[1] < sizeof(struct ieee80211_vht_cap)) {
4927 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4932 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HE)) {
4933 const struct cfg80211_bss_ies *ies;
4934 const u8 *he_oper_ie;
4936 ies = rcu_dereference(cbss->ies);
4937 he_oper_ie = cfg80211_find_ext_ie(WLAN_EID_EXT_HE_OPERATION,
4938 ies->data, ies->len);
4940 he_oper_ie[1] == ieee80211_he_oper_size(&he_oper_ie[3]))
4941 he_oper = (void *)(he_oper_ie + 3);
4945 if (!ieee80211_verify_sta_he_mcs_support(sband, he_oper))
4946 ifmgd->flags |= IEEE80211_STA_DISABLE_HE;
4949 /* Allow VHT if at least one channel on the sband supports 80 MHz */
4951 for (i = 0; i < sband->n_channels; i++) {
4952 if (sband->channels[i].flags & (IEEE80211_CHAN_DISABLED |
4953 IEEE80211_CHAN_NO_80MHZ))
4961 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4963 ifmgd->flags |= ieee80211_determine_chantype(sdata, sband,
4966 ht_oper, vht_oper, he_oper,
4969 sdata->needed_rx_chains = min(ieee80211_ht_vht_rx_chains(sdata, cbss),
4974 if (ifmgd->flags & IEEE80211_STA_DISABLE_HE && is_6ghz) {
4975 sdata_info(sdata, "Rejecting non-HE 6/7 GHz connection");
4979 /* will change later if needed */
4980 sdata->smps_mode = IEEE80211_SMPS_OFF;
4982 mutex_lock(&local->mtx);
4984 * If this fails (possibly due to channel context sharing
4985 * on incompatible channels, e.g. 80+80 and 160 sharing the
4986 * same control channel) try to use a smaller bandwidth.
4988 ret = ieee80211_vif_use_channel(sdata, &chandef,
4989 IEEE80211_CHANCTX_SHARED);
4991 /* don't downgrade for 5 and 10 MHz channels, though. */
4992 if (chandef.width == NL80211_CHAN_WIDTH_5 ||
4993 chandef.width == NL80211_CHAN_WIDTH_10)
4996 while (ret && chandef.width != NL80211_CHAN_WIDTH_20_NOHT) {
4997 ifmgd->flags |= ieee80211_chandef_downgrade(&chandef);
4998 ret = ieee80211_vif_use_channel(sdata, &chandef,
4999 IEEE80211_CHANCTX_SHARED);
5002 mutex_unlock(&local->mtx);
5006 static bool ieee80211_get_dtim(const struct cfg80211_bss_ies *ies,
5007 u8 *dtim_count, u8 *dtim_period)
5009 const u8 *tim_ie = cfg80211_find_ie(WLAN_EID_TIM, ies->data, ies->len);
5010 const u8 *idx_ie = cfg80211_find_ie(WLAN_EID_MULTI_BSSID_IDX, ies->data,
5012 const struct ieee80211_tim_ie *tim = NULL;
5013 const struct ieee80211_bssid_index *idx;
5014 bool valid = tim_ie && tim_ie[1] >= 2;
5017 tim = (void *)(tim_ie + 2);
5020 *dtim_count = valid ? tim->dtim_count : 0;
5023 *dtim_period = valid ? tim->dtim_period : 0;
5025 /* Check if value is overridden by non-transmitted profile */
5026 if (!idx_ie || idx_ie[1] < 3)
5029 idx = (void *)(idx_ie + 2);
5032 *dtim_count = idx->dtim_count;
5035 *dtim_period = idx->dtim_period;
5040 static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata,
5041 struct cfg80211_bss *cbss, bool assoc,
5044 struct ieee80211_local *local = sdata->local;
5045 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
5046 struct ieee80211_bss *bss = (void *)cbss->priv;
5047 struct sta_info *new_sta = NULL;
5048 struct ieee80211_supported_band *sband;
5049 bool have_sta = false;
5052 sband = local->hw.wiphy->bands[cbss->channel->band];
5054 if (WARN_ON(!ifmgd->auth_data && !ifmgd->assoc_data))
5057 /* If a reconfig is happening, bail out */
5058 if (local->in_reconfig)
5063 have_sta = sta_info_get(sdata, cbss->bssid);
5068 new_sta = sta_info_alloc(sdata, cbss->bssid, GFP_KERNEL);
5074 * Set up the information for the new channel before setting the
5075 * new channel. We can't - completely race-free - change the basic
5076 * rates bitmap and the channel (sband) that it refers to, but if
5077 * we set it up before we at least avoid calling into the driver's
5078 * bss_info_changed() method with invalid information (since we do
5079 * call that from changing the channel - only for IDLE and perhaps
5080 * some others, but ...).
5082 * So to avoid that, just set up all the new information before the
5083 * channel, but tell the driver to apply it only afterwards, since
5084 * it might need the new channel for that.
5087 u32 rates = 0, basic_rates = 0;
5088 bool have_higher_than_11mbit;
5089 int min_rate = INT_MAX, min_rate_index = -1;
5090 const struct cfg80211_bss_ies *ies;
5091 int shift = ieee80211_vif_get_shift(&sdata->vif);
5093 ieee80211_get_rates(sband, bss->supp_rates,
5094 bss->supp_rates_len,
5095 &rates, &basic_rates,
5096 &have_higher_than_11mbit,
5097 &min_rate, &min_rate_index,
5101 * This used to be a workaround for basic rates missing
5102 * in the association response frame. Now that we no
5103 * longer use the basic rates from there, it probably
5104 * doesn't happen any more, but keep the workaround so
5105 * in case some *other* APs are buggy in different ways
5106 * we can connect -- with a warning.
5107 * Allow this workaround only in case the AP provided at least
5110 if (min_rate_index < 0) {
5112 "No legacy rates in association response\n");
5114 sta_info_free(local, new_sta);
5116 } else if (!basic_rates) {
5118 "No basic rates, using min rate instead\n");
5119 basic_rates = BIT(min_rate_index);
5123 new_sta->sta.supp_rates[cbss->channel->band] = rates;
5126 "No rates found, keeping mandatory only\n");
5128 sdata->vif.bss_conf.basic_rates = basic_rates;
5130 /* cf. IEEE 802.11 9.2.12 */
5131 if (cbss->channel->band == NL80211_BAND_2GHZ &&
5132 have_higher_than_11mbit)
5133 sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE;
5135 sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE;
5137 memcpy(ifmgd->bssid, cbss->bssid, ETH_ALEN);
5139 /* set timing information */
5140 sdata->vif.bss_conf.beacon_int = cbss->beacon_interval;
5142 ies = rcu_dereference(cbss->beacon_ies);
5144 sdata->vif.bss_conf.sync_tsf = ies->tsf;
5145 sdata->vif.bss_conf.sync_device_ts =
5146 bss->device_ts_beacon;
5148 ieee80211_get_dtim(ies,
5149 &sdata->vif.bss_conf.sync_dtim_count,
5151 } else if (!ieee80211_hw_check(&sdata->local->hw,
5152 TIMING_BEACON_ONLY)) {
5153 ies = rcu_dereference(cbss->proberesp_ies);
5154 /* must be non-NULL since beacon IEs were NULL */
5155 sdata->vif.bss_conf.sync_tsf = ies->tsf;
5156 sdata->vif.bss_conf.sync_device_ts =
5157 bss->device_ts_presp;
5158 sdata->vif.bss_conf.sync_dtim_count = 0;
5160 sdata->vif.bss_conf.sync_tsf = 0;
5161 sdata->vif.bss_conf.sync_device_ts = 0;
5162 sdata->vif.bss_conf.sync_dtim_count = 0;
5167 if (new_sta || override) {
5168 err = ieee80211_prep_channel(sdata, cbss);
5171 sta_info_free(local, new_sta);
5178 * tell driver about BSSID, basic rates and timing
5179 * this was set up above, before setting the channel
5181 ieee80211_bss_info_change_notify(sdata,
5182 BSS_CHANGED_BSSID | BSS_CHANGED_BASIC_RATES |
5183 BSS_CHANGED_BEACON_INT);
5186 sta_info_pre_move_state(new_sta, IEEE80211_STA_AUTH);
5188 err = sta_info_insert(new_sta);
5192 "failed to insert STA entry for the AP (error %d)\n",
5197 WARN_ON_ONCE(!ether_addr_equal(ifmgd->bssid, cbss->bssid));
5199 /* Cancel scan to ensure that nothing interferes with connection */
5200 if (local->scanning)
5201 ieee80211_scan_cancel(local);
5207 int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata,
5208 struct cfg80211_auth_request *req)
5210 struct ieee80211_local *local = sdata->local;
5211 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
5212 struct ieee80211_mgd_auth_data *auth_data;
5217 /* prepare auth data structure */
5219 switch (req->auth_type) {
5220 case NL80211_AUTHTYPE_OPEN_SYSTEM:
5221 auth_alg = WLAN_AUTH_OPEN;
5223 case NL80211_AUTHTYPE_SHARED_KEY:
5226 auth_alg = WLAN_AUTH_SHARED_KEY;
5228 case NL80211_AUTHTYPE_FT:
5229 auth_alg = WLAN_AUTH_FT;
5231 case NL80211_AUTHTYPE_NETWORK_EAP:
5232 auth_alg = WLAN_AUTH_LEAP;
5234 case NL80211_AUTHTYPE_SAE:
5235 auth_alg = WLAN_AUTH_SAE;
5237 case NL80211_AUTHTYPE_FILS_SK:
5238 auth_alg = WLAN_AUTH_FILS_SK;
5240 case NL80211_AUTHTYPE_FILS_SK_PFS:
5241 auth_alg = WLAN_AUTH_FILS_SK_PFS;
5243 case NL80211_AUTHTYPE_FILS_PK:
5244 auth_alg = WLAN_AUTH_FILS_PK;
5250 if (ifmgd->assoc_data)
5253 auth_data = kzalloc(sizeof(*auth_data) + req->auth_data_len +
5254 req->ie_len, GFP_KERNEL);
5258 auth_data->bss = req->bss;
5260 if (req->auth_data_len >= 4) {
5261 if (req->auth_type == NL80211_AUTHTYPE_SAE) {
5262 __le16 *pos = (__le16 *) req->auth_data;
5264 auth_data->sae_trans = le16_to_cpu(pos[0]);
5265 auth_data->sae_status = le16_to_cpu(pos[1]);
5267 memcpy(auth_data->data, req->auth_data + 4,
5268 req->auth_data_len - 4);
5269 auth_data->data_len += req->auth_data_len - 4;
5272 /* Check if continuing authentication or trying to authenticate with the
5273 * same BSS that we were in the process of authenticating with and avoid
5274 * removal and re-addition of the STA entry in
5275 * ieee80211_prep_connection().
5277 cont_auth = ifmgd->auth_data && req->bss == ifmgd->auth_data->bss;
5279 if (req->ie && req->ie_len) {
5280 memcpy(&auth_data->data[auth_data->data_len],
5281 req->ie, req->ie_len);
5282 auth_data->data_len += req->ie_len;
5285 if (req->key && req->key_len) {
5286 auth_data->key_len = req->key_len;
5287 auth_data->key_idx = req->key_idx;
5288 memcpy(auth_data->key, req->key, req->key_len);
5291 auth_data->algorithm = auth_alg;
5293 /* try to authenticate/probe */
5295 if (ifmgd->auth_data) {
5296 if (cont_auth && req->auth_type == NL80211_AUTHTYPE_SAE) {
5297 auth_data->peer_confirmed =
5298 ifmgd->auth_data->peer_confirmed;
5300 ieee80211_destroy_auth_data(sdata, cont_auth);
5303 /* prep auth_data so we don't go into idle on disassoc */
5304 ifmgd->auth_data = auth_data;
5306 /* If this is continuation of an ongoing SAE authentication exchange
5307 * (i.e., request to send SAE Confirm) and the peer has already
5308 * confirmed, mark authentication completed since we are about to send
5311 if (cont_auth && req->auth_type == NL80211_AUTHTYPE_SAE &&
5312 auth_data->peer_confirmed && auth_data->sae_trans == 2)
5313 ieee80211_mark_sta_auth(sdata, req->bss->bssid);
5315 if (ifmgd->associated) {
5316 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
5319 "disconnect from AP %pM for new auth to %pM\n",
5320 ifmgd->associated->bssid, req->bss->bssid);
5321 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
5322 WLAN_REASON_UNSPECIFIED,
5325 ieee80211_report_disconnect(sdata, frame_buf,
5326 sizeof(frame_buf), true,
5327 WLAN_REASON_UNSPECIFIED);
5330 sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid);
5332 err = ieee80211_prep_connection(sdata, req->bss, cont_auth, false);
5336 err = ieee80211_auth(sdata);
5338 sta_info_destroy_addr(sdata, req->bss->bssid);
5342 /* hold our own reference */
5343 cfg80211_ref_bss(local->hw.wiphy, auth_data->bss);
5347 eth_zero_addr(ifmgd->bssid);
5348 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
5349 ifmgd->auth_data = NULL;
5350 mutex_lock(&sdata->local->mtx);
5351 ieee80211_vif_release_channel(sdata);
5352 mutex_unlock(&sdata->local->mtx);
5357 int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
5358 struct cfg80211_assoc_request *req)
5360 bool is_6ghz = req->bss->channel->band == NL80211_BAND_6GHZ;
5361 struct ieee80211_local *local = sdata->local;
5362 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
5363 struct ieee80211_bss *bss = (void *)req->bss->priv;
5364 struct ieee80211_mgd_assoc_data *assoc_data;
5365 const struct cfg80211_bss_ies *beacon_ies;
5366 struct ieee80211_supported_band *sband;
5367 const u8 *ssidie, *ht_ie, *vht_ie;
5369 bool override = false;
5371 assoc_data = kzalloc(sizeof(*assoc_data) + req->ie_len, GFP_KERNEL);
5376 ssidie = ieee80211_bss_get_ie(req->bss, WLAN_EID_SSID);
5377 if (!ssidie || ssidie[1] > sizeof(assoc_data->ssid)) {
5382 memcpy(assoc_data->ssid, ssidie + 2, ssidie[1]);
5383 assoc_data->ssid_len = ssidie[1];
5386 if (ifmgd->associated) {
5387 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
5390 "disconnect from AP %pM for new assoc to %pM\n",
5391 ifmgd->associated->bssid, req->bss->bssid);
5392 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
5393 WLAN_REASON_UNSPECIFIED,
5396 ieee80211_report_disconnect(sdata, frame_buf,
5397 sizeof(frame_buf), true,
5398 WLAN_REASON_UNSPECIFIED);
5401 if (ifmgd->auth_data && !ifmgd->auth_data->done) {
5406 if (ifmgd->assoc_data) {
5411 if (ifmgd->auth_data) {
5414 /* keep sta info, bssid if matching */
5415 match = ether_addr_equal(ifmgd->bssid, req->bss->bssid);
5416 ieee80211_destroy_auth_data(sdata, match);
5419 /* prepare assoc data */
5421 ifmgd->beacon_crc_valid = false;
5423 assoc_data->wmm = bss->wmm_used &&
5424 (local->hw.queues >= IEEE80211_NUM_ACS);
5427 * IEEE802.11n does not allow TKIP/WEP as pairwise ciphers in HT mode.
5428 * We still associate in non-HT mode (11a/b/g) if any one of these
5429 * ciphers is configured as pairwise.
5430 * We can set this to true for non-11n hardware, that'll be checked
5431 * separately along with the peer capabilities.
5433 for (i = 0; i < req->crypto.n_ciphers_pairwise; i++) {
5434 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 ||
5435 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP ||
5436 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) {
5437 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
5438 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
5439 ifmgd->flags |= IEEE80211_STA_DISABLE_HE;
5440 netdev_info(sdata->dev,
5441 "disabling HT/VHT/HE due to WEP/TKIP use\n");
5445 sband = local->hw.wiphy->bands[req->bss->channel->band];
5447 /* also disable HT/VHT/HE if the AP doesn't use WMM */
5448 if (!bss->wmm_used) {
5449 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
5450 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
5451 ifmgd->flags |= IEEE80211_STA_DISABLE_HE;
5452 netdev_info(sdata->dev,
5453 "disabling HT/VHT/HE as WMM/QoS is not supported by the AP\n");
5456 memcpy(&ifmgd->ht_capa, &req->ht_capa, sizeof(ifmgd->ht_capa));
5457 memcpy(&ifmgd->ht_capa_mask, &req->ht_capa_mask,
5458 sizeof(ifmgd->ht_capa_mask));
5460 memcpy(&ifmgd->vht_capa, &req->vht_capa, sizeof(ifmgd->vht_capa));
5461 memcpy(&ifmgd->vht_capa_mask, &req->vht_capa_mask,
5462 sizeof(ifmgd->vht_capa_mask));
5464 if (req->ie && req->ie_len) {
5465 memcpy(assoc_data->ie, req->ie, req->ie_len);
5466 assoc_data->ie_len = req->ie_len;
5469 if (req->fils_kek) {
5470 /* should already be checked in cfg80211 - so warn */
5471 if (WARN_ON(req->fils_kek_len > FILS_MAX_KEK_LEN)) {
5475 memcpy(assoc_data->fils_kek, req->fils_kek,
5477 assoc_data->fils_kek_len = req->fils_kek_len;
5480 if (req->fils_nonces)
5481 memcpy(assoc_data->fils_nonces, req->fils_nonces,
5482 2 * FILS_NONCE_LEN);
5484 assoc_data->bss = req->bss;
5486 if (ifmgd->req_smps == IEEE80211_SMPS_AUTOMATIC) {
5487 if (ifmgd->powersave)
5488 sdata->smps_mode = IEEE80211_SMPS_DYNAMIC;
5490 sdata->smps_mode = IEEE80211_SMPS_OFF;
5492 sdata->smps_mode = ifmgd->req_smps;
5494 assoc_data->capability = req->bss->capability;
5495 assoc_data->supp_rates = bss->supp_rates;
5496 assoc_data->supp_rates_len = bss->supp_rates_len;
5499 ht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_HT_OPERATION);
5500 if (ht_ie && ht_ie[1] >= sizeof(struct ieee80211_ht_operation))
5501 assoc_data->ap_ht_param =
5502 ((struct ieee80211_ht_operation *)(ht_ie + 2))->ht_param;
5504 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
5505 vht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_VHT_CAPABILITY);
5506 if (vht_ie && vht_ie[1] >= sizeof(struct ieee80211_vht_cap))
5507 memcpy(&assoc_data->ap_vht_cap, vht_ie + 2,
5508 sizeof(struct ieee80211_vht_cap));
5510 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT |
5511 IEEE80211_STA_DISABLE_HE;
5514 if (WARN((sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_UAPSD) &&
5515 ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK),
5516 "U-APSD not supported with HW_PS_NULLFUNC_STACK\n"))
5517 sdata->vif.driver_flags &= ~IEEE80211_VIF_SUPPORTS_UAPSD;
5519 if (bss->wmm_used && bss->uapsd_supported &&
5520 (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_UAPSD)) {
5521 assoc_data->uapsd = true;
5522 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED;
5524 assoc_data->uapsd = false;
5525 ifmgd->flags &= ~IEEE80211_STA_UAPSD_ENABLED;
5528 if (req->prev_bssid)
5529 memcpy(assoc_data->prev_bssid, req->prev_bssid, ETH_ALEN);
5532 ifmgd->mfp = IEEE80211_MFP_REQUIRED;
5533 ifmgd->flags |= IEEE80211_STA_MFP_ENABLED;
5535 ifmgd->mfp = IEEE80211_MFP_DISABLED;
5536 ifmgd->flags &= ~IEEE80211_STA_MFP_ENABLED;
5539 if (req->flags & ASSOC_REQ_USE_RRM)
5540 ifmgd->flags |= IEEE80211_STA_ENABLE_RRM;
5542 ifmgd->flags &= ~IEEE80211_STA_ENABLE_RRM;
5544 if (req->crypto.control_port)
5545 ifmgd->flags |= IEEE80211_STA_CONTROL_PORT;
5547 ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT;
5549 sdata->control_port_protocol = req->crypto.control_port_ethertype;
5550 sdata->control_port_no_encrypt = req->crypto.control_port_no_encrypt;
5551 sdata->control_port_over_nl80211 =
5552 req->crypto.control_port_over_nl80211;
5553 sdata->control_port_no_preauth = req->crypto.control_port_no_preauth;
5554 sdata->encrypt_headroom = ieee80211_cs_headroom(local, &req->crypto,
5557 /* kick off associate process */
5559 ifmgd->assoc_data = assoc_data;
5560 ifmgd->dtim_period = 0;
5561 ifmgd->have_beacon = false;
5563 /* override HT/VHT configuration only if the AP and we support it */
5564 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) {
5565 struct ieee80211_sta_ht_cap sta_ht_cap;
5567 if (req->flags & ASSOC_REQ_DISABLE_HT)
5570 memcpy(&sta_ht_cap, &sband->ht_cap, sizeof(sta_ht_cap));
5571 ieee80211_apply_htcap_overrides(sdata, &sta_ht_cap);
5573 /* check for 40 MHz disable override */
5574 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_40MHZ) &&
5575 sband->ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40 &&
5576 !(sta_ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40))
5579 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) &&
5580 req->flags & ASSOC_REQ_DISABLE_VHT)
5584 if (req->flags & ASSOC_REQ_DISABLE_HT) {
5585 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
5586 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
5587 ifmgd->flags |= IEEE80211_STA_DISABLE_HE;
5590 if (req->flags & ASSOC_REQ_DISABLE_VHT)
5591 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
5593 err = ieee80211_prep_connection(sdata, req->bss, true, override);
5598 beacon_ies = rcu_dereference(req->bss->beacon_ies);
5600 if (ieee80211_hw_check(&sdata->local->hw, NEED_DTIM_BEFORE_ASSOC) &&
5603 * Wait up to one beacon interval ...
5604 * should this be more if we miss one?
5606 sdata_info(sdata, "waiting for beacon from %pM\n",
5608 assoc_data->timeout = TU_TO_EXP_TIME(req->bss->beacon_interval);
5609 assoc_data->timeout_started = true;
5610 assoc_data->need_beacon = true;
5611 } else if (beacon_ies) {
5612 const struct element *elem;
5615 ieee80211_get_dtim(beacon_ies, &dtim_count,
5616 &ifmgd->dtim_period);
5618 ifmgd->have_beacon = true;
5619 assoc_data->timeout = jiffies;
5620 assoc_data->timeout_started = true;
5622 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY)) {
5623 sdata->vif.bss_conf.sync_tsf = beacon_ies->tsf;
5624 sdata->vif.bss_conf.sync_device_ts =
5625 bss->device_ts_beacon;
5626 sdata->vif.bss_conf.sync_dtim_count = dtim_count;
5629 elem = cfg80211_find_ext_elem(WLAN_EID_EXT_MULTIPLE_BSSID_CONFIGURATION,
5630 beacon_ies->data, beacon_ies->len);
5631 if (elem && elem->datalen >= 3)
5632 sdata->vif.bss_conf.profile_periodicity = elem->data[2];
5634 elem = cfg80211_find_elem(WLAN_EID_EXT_CAPABILITY,
5635 beacon_ies->data, beacon_ies->len);
5636 if (elem && elem->datalen >= 11 &&
5637 (elem->data[10] & WLAN_EXT_CAPA11_EMA_SUPPORT))
5638 sdata->vif.bss_conf.ema_ap = true;
5640 assoc_data->timeout = jiffies;
5641 assoc_data->timeout_started = true;
5645 run_again(sdata, assoc_data->timeout);
5647 if (bss->corrupt_data) {
5648 char *corrupt_type = "data";
5649 if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_BEACON) {
5650 if (bss->corrupt_data &
5651 IEEE80211_BSS_CORRUPT_PROBE_RESP)
5652 corrupt_type = "beacon and probe response";
5654 corrupt_type = "beacon";
5655 } else if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP)
5656 corrupt_type = "probe response";
5657 sdata_info(sdata, "associating with AP with corrupt %s\n",
5663 eth_zero_addr(ifmgd->bssid);
5664 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
5665 ifmgd->assoc_data = NULL;
5671 int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
5672 struct cfg80211_deauth_request *req)
5674 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
5675 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
5676 bool tx = !req->local_state_change;
5678 if (ifmgd->auth_data &&
5679 ether_addr_equal(ifmgd->auth_data->bss->bssid, req->bssid)) {
5681 "aborting authentication with %pM by local choice (Reason: %u=%s)\n",
5682 req->bssid, req->reason_code,
5683 ieee80211_get_reason_code_string(req->reason_code));
5685 drv_mgd_prepare_tx(sdata->local, sdata, 0);
5686 ieee80211_send_deauth_disassoc(sdata, req->bssid, req->bssid,
5687 IEEE80211_STYPE_DEAUTH,
5688 req->reason_code, tx,
5690 ieee80211_destroy_auth_data(sdata, false);
5691 ieee80211_report_disconnect(sdata, frame_buf,
5692 sizeof(frame_buf), true,
5698 if (ifmgd->assoc_data &&
5699 ether_addr_equal(ifmgd->assoc_data->bss->bssid, req->bssid)) {
5701 "aborting association with %pM by local choice (Reason: %u=%s)\n",
5702 req->bssid, req->reason_code,
5703 ieee80211_get_reason_code_string(req->reason_code));
5705 drv_mgd_prepare_tx(sdata->local, sdata, 0);
5706 ieee80211_send_deauth_disassoc(sdata, req->bssid, req->bssid,
5707 IEEE80211_STYPE_DEAUTH,
5708 req->reason_code, tx,
5710 ieee80211_destroy_assoc_data(sdata, false, true);
5711 ieee80211_report_disconnect(sdata, frame_buf,
5712 sizeof(frame_buf), true,
5717 if (ifmgd->associated &&
5718 ether_addr_equal(ifmgd->associated->bssid, req->bssid)) {
5720 "deauthenticating from %pM by local choice (Reason: %u=%s)\n",
5721 req->bssid, req->reason_code,
5722 ieee80211_get_reason_code_string(req->reason_code));
5724 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
5725 req->reason_code, tx, frame_buf);
5726 ieee80211_report_disconnect(sdata, frame_buf,
5727 sizeof(frame_buf), true,
5735 int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata,
5736 struct cfg80211_disassoc_request *req)
5738 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
5740 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
5743 * cfg80211 should catch this ... but it's racy since
5744 * we can receive a disassoc frame, process it, hand it
5745 * to cfg80211 while that's in a locked section already
5746 * trying to tell us that the user wants to disconnect.
5748 if (ifmgd->associated != req->bss)
5752 "disassociating from %pM by local choice (Reason: %u=%s)\n",
5753 req->bss->bssid, req->reason_code, ieee80211_get_reason_code_string(req->reason_code));
5755 memcpy(bssid, req->bss->bssid, ETH_ALEN);
5756 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DISASSOC,
5757 req->reason_code, !req->local_state_change,
5760 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true,
5766 void ieee80211_mgd_stop(struct ieee80211_sub_if_data *sdata)
5768 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
5771 * Make sure some work items will not run after this,
5772 * they will not do anything but might not have been
5773 * cancelled when disconnecting.
5775 cancel_work_sync(&ifmgd->monitor_work);
5776 cancel_work_sync(&ifmgd->beacon_connection_loss_work);
5777 cancel_work_sync(&ifmgd->request_smps_work);
5778 cancel_work_sync(&ifmgd->csa_connection_drop_work);
5779 cancel_work_sync(&ifmgd->chswitch_work);
5780 cancel_delayed_work_sync(&ifmgd->tdls_peer_del_work);
5783 if (ifmgd->assoc_data) {
5784 struct cfg80211_bss *bss = ifmgd->assoc_data->bss;
5785 ieee80211_destroy_assoc_data(sdata, false, false);
5786 cfg80211_assoc_timeout(sdata->dev, bss);
5788 if (ifmgd->auth_data)
5789 ieee80211_destroy_auth_data(sdata, false);
5790 spin_lock_bh(&ifmgd->teardown_lock);
5791 if (ifmgd->teardown_skb) {
5792 kfree_skb(ifmgd->teardown_skb);
5793 ifmgd->teardown_skb = NULL;
5794 ifmgd->orig_teardown_skb = NULL;
5796 kfree(ifmgd->assoc_req_ies);
5797 ifmgd->assoc_req_ies = NULL;
5798 ifmgd->assoc_req_ies_len = 0;
5799 spin_unlock_bh(&ifmgd->teardown_lock);
5800 del_timer_sync(&ifmgd->timer);
5801 sdata_unlock(sdata);
5804 void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif,
5805 enum nl80211_cqm_rssi_threshold_event rssi_event,
5809 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
5811 trace_api_cqm_rssi_notify(sdata, rssi_event, rssi_level);
5813 cfg80211_cqm_rssi_notify(sdata->dev, rssi_event, rssi_level, gfp);
5815 EXPORT_SYMBOL(ieee80211_cqm_rssi_notify);
5817 void ieee80211_cqm_beacon_loss_notify(struct ieee80211_vif *vif, gfp_t gfp)
5819 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
5821 trace_api_cqm_beacon_loss_notify(sdata->local, sdata);
5823 cfg80211_cqm_beacon_loss_notify(sdata->dev, gfp);
5825 EXPORT_SYMBOL(ieee80211_cqm_beacon_loss_notify);
projects / linux-2.6-microblaze.git / blob