1 // SPDX-License-Identifier: GPL-2.0-only
3 * BSS client mode implementation
4 * Copyright 2003-2008, Jouni Malinen <j@w1.fi>
5 * Copyright 2004, Instant802 Networks, Inc.
6 * Copyright 2005, Devicescape Software, Inc.
7 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
8 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
9 * Copyright 2013-2014 Intel Mobile Communications GmbH
10 * Copyright (C) 2015 - 2017 Intel Deutschland GmbH
11 * Copyright (C) 2018 - 2020 Intel Corporation
14 #include <linux/delay.h>
15 #include <linux/fips.h>
16 #include <linux/if_ether.h>
17 #include <linux/skbuff.h>
18 #include <linux/if_arp.h>
19 #include <linux/etherdevice.h>
20 #include <linux/moduleparam.h>
21 #include <linux/rtnetlink.h>
22 #include <linux/crc32.h>
23 #include <linux/slab.h>
24 #include <linux/export.h>
25 #include <net/mac80211.h>
26 #include <asm/unaligned.h>
28 #include "ieee80211_i.h"
29 #include "driver-ops.h"
32 #include "fils_aead.h"
34 #define IEEE80211_AUTH_TIMEOUT (HZ / 5)
35 #define IEEE80211_AUTH_TIMEOUT_LONG (HZ / 2)
36 #define IEEE80211_AUTH_TIMEOUT_SHORT (HZ / 10)
37 #define IEEE80211_AUTH_TIMEOUT_SAE (HZ * 2)
38 #define IEEE80211_AUTH_MAX_TRIES 3
39 #define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5)
40 #define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
41 #define IEEE80211_ASSOC_TIMEOUT_LONG (HZ / 2)
42 #define IEEE80211_ASSOC_TIMEOUT_SHORT (HZ / 10)
43 #define IEEE80211_ASSOC_MAX_TRIES 3
45 static int max_nullfunc_tries = 2;
46 module_param(max_nullfunc_tries, int, 0644);
47 MODULE_PARM_DESC(max_nullfunc_tries,
48 "Maximum nullfunc tx tries before disconnecting (reason 4).");
50 static int max_probe_tries = 5;
51 module_param(max_probe_tries, int, 0644);
52 MODULE_PARM_DESC(max_probe_tries,
53 "Maximum probe tries before disconnecting (reason 4).");
56 * Beacon loss timeout is calculated as N frames times the
57 * advertised beacon interval. This may need to be somewhat
58 * higher than what hardware might detect to account for
59 * delays in the host processing frames. But since we also
60 * probe on beacon miss before declaring the connection lost
61 * default to what we want.
63 static int beacon_loss_count = 7;
64 module_param(beacon_loss_count, int, 0644);
65 MODULE_PARM_DESC(beacon_loss_count,
66 "Number of beacon intervals before we decide beacon was lost.");
69 * Time the connection can be idle before we probe
70 * it to see if we can still talk to the AP.
72 #define IEEE80211_CONNECTION_IDLE_TIME (30 * HZ)
74 * Time we wait for a probe response after sending
75 * a probe request because of beacon loss or for
76 * checking the connection still works.
78 static int probe_wait_ms = 500;
79 module_param(probe_wait_ms, int, 0644);
80 MODULE_PARM_DESC(probe_wait_ms,
81 "Maximum time(ms) to wait for probe response"
82 " before disconnecting (reason 4).");
85 * How many Beacon frames need to have been used in average signal strength
86 * before starting to indicate signal change events.
88 #define IEEE80211_SIGNAL_AVE_MIN_COUNT 4
91 * We can have multiple work items (and connection probing)
92 * scheduling this timer, but we need to take care to only
93 * reschedule it when it should fire _earlier_ than it was
94 * asked for before, or if it's not pending right now. This
95 * function ensures that. Note that it then is required to
96 * run this function for all timeouts after the first one
97 * has happened -- the work that runs from this timer will
100 static void run_again(struct ieee80211_sub_if_data *sdata,
101 unsigned long timeout)
103 sdata_assert_lock(sdata);
105 if (!timer_pending(&sdata->u.mgd.timer) ||
106 time_before(timeout, sdata->u.mgd.timer.expires))
107 mod_timer(&sdata->u.mgd.timer, timeout);
110 void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata)
112 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER)
115 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
118 mod_timer(&sdata->u.mgd.bcn_mon_timer,
119 round_jiffies_up(jiffies + sdata->u.mgd.beacon_timeout));
122 void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata)
124 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
126 if (unlikely(!ifmgd->associated))
129 if (ifmgd->probe_send_count)
130 ifmgd->probe_send_count = 0;
132 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
135 mod_timer(&ifmgd->conn_mon_timer,
136 round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME));
139 static int ecw2cw(int ecw)
141 return (1 << ecw) - 1;
145 ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata,
146 struct ieee80211_supported_band *sband,
147 struct ieee80211_channel *channel,
149 const struct ieee80211_ht_operation *ht_oper,
150 const struct ieee80211_vht_operation *vht_oper,
151 const struct ieee80211_he_operation *he_oper,
152 struct cfg80211_chan_def *chandef, bool tracking)
154 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
155 struct cfg80211_chan_def vht_chandef;
156 struct ieee80211_sta_ht_cap sta_ht_cap;
159 memset(chandef, 0, sizeof(struct cfg80211_chan_def));
160 chandef->chan = channel;
161 chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
162 chandef->center_freq1 = channel->center_freq;
163 chandef->freq1_offset = channel->freq_offset;
165 if (channel->band == NL80211_BAND_6GHZ) {
166 if (!ieee80211_chandef_he_6ghz_oper(sdata, he_oper, chandef))
167 ret = IEEE80211_STA_DISABLE_HT |
168 IEEE80211_STA_DISABLE_VHT |
169 IEEE80211_STA_DISABLE_HE;
172 vht_chandef = *chandef;
176 memcpy(&sta_ht_cap, &sband->ht_cap, sizeof(sta_ht_cap));
177 ieee80211_apply_htcap_overrides(sdata, &sta_ht_cap);
179 if (!ht_oper || !sta_ht_cap.ht_supported) {
180 ret = IEEE80211_STA_DISABLE_HT |
181 IEEE80211_STA_DISABLE_VHT |
182 IEEE80211_STA_DISABLE_HE;
186 chandef->width = NL80211_CHAN_WIDTH_20;
188 ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan,
190 /* check that channel matches the right operating channel */
191 if (!tracking && channel->center_freq != ht_cfreq) {
193 * It's possible that some APs are confused here;
194 * Netgear WNDR3700 sometimes reports 4 higher than
195 * the actual channel in association responses, but
196 * since we look at probe response/beacon data here
200 "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n",
201 channel->center_freq, ht_cfreq,
202 ht_oper->primary_chan, channel->band);
203 ret = IEEE80211_STA_DISABLE_HT |
204 IEEE80211_STA_DISABLE_VHT |
205 IEEE80211_STA_DISABLE_HE;
209 /* check 40 MHz support, if we have it */
210 if (sta_ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) {
211 ieee80211_chandef_ht_oper(ht_oper, chandef);
213 /* 40 MHz (and 80 MHz) must be supported for VHT */
214 ret = IEEE80211_STA_DISABLE_VHT;
215 /* also mark 40 MHz disabled */
216 ret |= IEEE80211_STA_DISABLE_40MHZ;
220 if (!vht_oper || !sband->vht_cap.vht_supported) {
221 ret = IEEE80211_STA_DISABLE_VHT;
225 vht_chandef = *chandef;
226 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HE) && he_oper &&
227 (le32_to_cpu(he_oper->he_oper_params) &
228 IEEE80211_HE_OPERATION_VHT_OPER_INFO)) {
229 struct ieee80211_vht_operation he_oper_vht_cap;
232 * Set only first 3 bytes (other 2 aren't used in
233 * ieee80211_chandef_vht_oper() anyway)
235 memcpy(&he_oper_vht_cap, he_oper->optional, 3);
236 he_oper_vht_cap.basic_mcs_set = cpu_to_le16(0);
238 if (!ieee80211_chandef_vht_oper(&sdata->local->hw, vht_cap_info,
239 &he_oper_vht_cap, ht_oper,
241 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HE))
243 "HE AP VHT information is invalid, disable HE\n");
244 ret = IEEE80211_STA_DISABLE_HE;
247 } else if (!ieee80211_chandef_vht_oper(&sdata->local->hw,
251 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
253 "AP VHT information is invalid, disable VHT\n");
254 ret = IEEE80211_STA_DISABLE_VHT;
258 if (!cfg80211_chandef_valid(&vht_chandef)) {
259 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
261 "AP VHT information is invalid, disable VHT\n");
262 ret = IEEE80211_STA_DISABLE_VHT;
266 if (cfg80211_chandef_identical(chandef, &vht_chandef)) {
271 if (!cfg80211_chandef_compatible(chandef, &vht_chandef)) {
272 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
274 "AP VHT information doesn't match HT, disable VHT\n");
275 ret = IEEE80211_STA_DISABLE_VHT;
279 *chandef = vht_chandef;
285 * When tracking the current AP, don't do any further checks if the
286 * new chandef is identical to the one we're currently using for the
287 * connection. This keeps us from playing ping-pong with regulatory,
288 * without it the following can happen (for example):
289 * - connect to an AP with 80 MHz, world regdom allows 80 MHz
290 * - AP advertises regdom US
291 * - CRDA loads regdom US with 80 MHz prohibited (old database)
292 * - the code below detects an unsupported channel, downgrades, and
293 * we disconnect from the AP in the caller
294 * - disconnect causes CRDA to reload world regdomain and the game
296 * (see https://bugzilla.kernel.org/show_bug.cgi?id=70881)
298 * It seems possible that there are still scenarios with CSA or real
299 * bandwidth changes where a this could happen, but those cases are
300 * less common and wouldn't completely prevent using the AP.
303 cfg80211_chandef_identical(chandef, &sdata->vif.bss_conf.chandef))
306 /* don't print the message below for VHT mismatch if VHT is disabled */
307 if (ret & IEEE80211_STA_DISABLE_VHT)
308 vht_chandef = *chandef;
311 * Ignore the DISABLED flag when we're already connected and only
312 * tracking the APs beacon for bandwidth changes - otherwise we
313 * might get disconnected here if we connect to an AP, update our
314 * regulatory information based on the AP's country IE and the
315 * information we have is wrong/outdated and disables the channel
316 * that we're actually using for the connection to the AP.
318 while (!cfg80211_chandef_usable(sdata->local->hw.wiphy, chandef,
320 IEEE80211_CHAN_DISABLED)) {
321 if (WARN_ON(chandef->width == NL80211_CHAN_WIDTH_20_NOHT)) {
322 ret = IEEE80211_STA_DISABLE_HT |
323 IEEE80211_STA_DISABLE_VHT |
324 IEEE80211_STA_DISABLE_HE;
328 ret |= ieee80211_chandef_downgrade(chandef);
331 if (!he_oper || !cfg80211_chandef_usable(sdata->wdev.wiphy, chandef,
332 IEEE80211_CHAN_NO_HE))
333 ret |= IEEE80211_STA_DISABLE_HE;
335 if (chandef->width != vht_chandef.width && !tracking)
337 "capabilities/regulatory prevented using AP HT/VHT configuration, downgraded\n");
339 WARN_ON_ONCE(!cfg80211_chandef_valid(chandef));
343 static int ieee80211_config_bw(struct ieee80211_sub_if_data *sdata,
344 struct sta_info *sta,
345 const struct ieee80211_ht_cap *ht_cap,
346 const struct ieee80211_vht_cap *vht_cap,
347 const struct ieee80211_ht_operation *ht_oper,
348 const struct ieee80211_vht_operation *vht_oper,
349 const struct ieee80211_he_operation *he_oper,
350 const u8 *bssid, u32 *changed)
352 struct ieee80211_local *local = sdata->local;
353 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
354 struct ieee80211_channel *chan = sdata->vif.bss_conf.chandef.chan;
355 struct ieee80211_supported_band *sband =
356 local->hw.wiphy->bands[chan->band];
357 struct cfg80211_chan_def chandef;
360 enum ieee80211_sta_rx_bandwidth new_sta_bw;
361 u32 vht_cap_info = 0;
364 /* if HT was/is disabled, don't track any bandwidth changes */
365 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT || !ht_oper)
368 /* don't check VHT if we associated as non-VHT station */
369 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT)
372 /* don't check HE if we associated as non-HE station */
373 if (ifmgd->flags & IEEE80211_STA_DISABLE_HE ||
374 !ieee80211_get_he_sta_cap(sband))
377 if (WARN_ON_ONCE(!sta))
381 * if bss configuration changed store the new one -
382 * this may be applicable even if channel is identical
384 ht_opmode = le16_to_cpu(ht_oper->operation_mode);
385 if (sdata->vif.bss_conf.ht_operation_mode != ht_opmode) {
386 *changed |= BSS_CHANGED_HT;
387 sdata->vif.bss_conf.ht_operation_mode = ht_opmode;
391 vht_cap_info = le32_to_cpu(vht_cap->vht_cap_info);
393 /* calculate new channel (type) based on HT/VHT/HE operation IEs */
394 flags = ieee80211_determine_chantype(sdata, sband, chan, vht_cap_info,
395 ht_oper, vht_oper, he_oper,
399 * Downgrade the new channel if we associated with restricted
400 * capabilities. For example, if we associated as a 20 MHz STA
401 * to a 40 MHz AP (due to regulatory, capabilities or config
402 * reasons) then switching to a 40 MHz channel now won't do us
403 * any good -- we couldn't use it with the AP.
405 if (ifmgd->flags & IEEE80211_STA_DISABLE_80P80MHZ &&
406 chandef.width == NL80211_CHAN_WIDTH_80P80)
407 flags |= ieee80211_chandef_downgrade(&chandef);
408 if (ifmgd->flags & IEEE80211_STA_DISABLE_160MHZ &&
409 chandef.width == NL80211_CHAN_WIDTH_160)
410 flags |= ieee80211_chandef_downgrade(&chandef);
411 if (ifmgd->flags & IEEE80211_STA_DISABLE_40MHZ &&
412 chandef.width > NL80211_CHAN_WIDTH_20)
413 flags |= ieee80211_chandef_downgrade(&chandef);
415 if (cfg80211_chandef_identical(&chandef, &sdata->vif.bss_conf.chandef))
419 "AP %pM changed bandwidth, new config is %d.%03d MHz, "
420 "width %d (%d.%03d/%d MHz)\n",
421 ifmgd->bssid, chandef.chan->center_freq,
422 chandef.chan->freq_offset, chandef.width,
423 chandef.center_freq1, chandef.freq1_offset,
424 chandef.center_freq2);
426 if (flags != (ifmgd->flags & (IEEE80211_STA_DISABLE_HT |
427 IEEE80211_STA_DISABLE_VHT |
428 IEEE80211_STA_DISABLE_HE |
429 IEEE80211_STA_DISABLE_40MHZ |
430 IEEE80211_STA_DISABLE_80P80MHZ |
431 IEEE80211_STA_DISABLE_160MHZ)) ||
432 !cfg80211_chandef_valid(&chandef)) {
434 "AP %pM changed bandwidth in a way we can't support - disconnect\n",
439 switch (chandef.width) {
440 case NL80211_CHAN_WIDTH_20_NOHT:
441 case NL80211_CHAN_WIDTH_20:
442 new_sta_bw = IEEE80211_STA_RX_BW_20;
444 case NL80211_CHAN_WIDTH_40:
445 new_sta_bw = IEEE80211_STA_RX_BW_40;
447 case NL80211_CHAN_WIDTH_80:
448 new_sta_bw = IEEE80211_STA_RX_BW_80;
450 case NL80211_CHAN_WIDTH_80P80:
451 case NL80211_CHAN_WIDTH_160:
452 new_sta_bw = IEEE80211_STA_RX_BW_160;
458 if (new_sta_bw > sta->cur_max_bandwidth)
459 new_sta_bw = sta->cur_max_bandwidth;
461 if (new_sta_bw < sta->sta.bandwidth) {
462 sta->sta.bandwidth = new_sta_bw;
463 rate_control_rate_update(local, sband, sta,
464 IEEE80211_RC_BW_CHANGED);
467 ret = ieee80211_vif_change_bandwidth(sdata, &chandef, changed);
470 "AP %pM changed bandwidth to incompatible one - disconnect\n",
475 if (new_sta_bw > sta->sta.bandwidth) {
476 sta->sta.bandwidth = new_sta_bw;
477 rate_control_rate_update(local, sband, sta,
478 IEEE80211_RC_BW_CHANGED);
484 /* frame sending functions */
486 static void ieee80211_add_ht_ie(struct ieee80211_sub_if_data *sdata,
487 struct sk_buff *skb, u8 ap_ht_param,
488 struct ieee80211_supported_band *sband,
489 struct ieee80211_channel *channel,
490 enum ieee80211_smps_mode smps)
493 u32 flags = channel->flags;
495 struct ieee80211_sta_ht_cap ht_cap;
497 BUILD_BUG_ON(sizeof(ht_cap) != sizeof(sband->ht_cap));
499 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap));
500 ieee80211_apply_htcap_overrides(sdata, &ht_cap);
502 /* determine capability flags */
505 switch (ap_ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
506 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
507 if (flags & IEEE80211_CHAN_NO_HT40PLUS) {
508 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
509 cap &= ~IEEE80211_HT_CAP_SGI_40;
512 case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
513 if (flags & IEEE80211_CHAN_NO_HT40MINUS) {
514 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
515 cap &= ~IEEE80211_HT_CAP_SGI_40;
521 * If 40 MHz was disabled associate as though we weren't
522 * capable of 40 MHz -- some broken APs will never fall
523 * back to trying to transmit in 20 MHz.
525 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_40MHZ) {
526 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
527 cap &= ~IEEE80211_HT_CAP_SGI_40;
530 /* set SM PS mode properly */
531 cap &= ~IEEE80211_HT_CAP_SM_PS;
533 case IEEE80211_SMPS_AUTOMATIC:
534 case IEEE80211_SMPS_NUM_MODES:
537 case IEEE80211_SMPS_OFF:
538 cap |= WLAN_HT_CAP_SM_PS_DISABLED <<
539 IEEE80211_HT_CAP_SM_PS_SHIFT;
541 case IEEE80211_SMPS_STATIC:
542 cap |= WLAN_HT_CAP_SM_PS_STATIC <<
543 IEEE80211_HT_CAP_SM_PS_SHIFT;
545 case IEEE80211_SMPS_DYNAMIC:
546 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC <<
547 IEEE80211_HT_CAP_SM_PS_SHIFT;
551 /* reserve and fill IE */
552 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2);
553 ieee80211_ie_build_ht_cap(pos, &ht_cap, cap);
556 /* This function determines vht capability flags for the association
558 * Note - the function may set the owner of the MU-MIMO capability
560 static void ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata,
562 struct ieee80211_supported_band *sband,
563 struct ieee80211_vht_cap *ap_vht_cap)
565 struct ieee80211_local *local = sdata->local;
568 struct ieee80211_sta_vht_cap vht_cap;
569 u32 mask, ap_bf_sts, our_bf_sts;
571 BUILD_BUG_ON(sizeof(vht_cap) != sizeof(sband->vht_cap));
573 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap));
574 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap);
576 /* determine capability flags */
579 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_80P80MHZ) {
580 u32 bw = cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK;
582 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK;
583 if (bw == IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ ||
584 bw == IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ)
585 cap |= IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
588 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_160MHZ) {
589 cap &= ~IEEE80211_VHT_CAP_SHORT_GI_160;
590 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK;
594 * Some APs apparently get confused if our capabilities are better
595 * than theirs, so restrict what we advertise in the assoc request.
597 if (!(ap_vht_cap->vht_cap_info &
598 cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)))
599 cap &= ~(IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
600 IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE);
601 else if (!(ap_vht_cap->vht_cap_info &
602 cpu_to_le32(IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)))
603 cap &= ~IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE;
606 * If some other vif is using the MU-MIMO capablity we cannot associate
607 * using MU-MIMO - this will lead to contradictions in the group-id
609 * Ownership is defined since association request, in order to avoid
610 * simultaneous associations with MU-MIMO.
612 if (cap & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE) {
613 bool disable_mu_mimo = false;
614 struct ieee80211_sub_if_data *other;
616 list_for_each_entry_rcu(other, &local->interfaces, list) {
617 if (other->vif.mu_mimo_owner) {
618 disable_mu_mimo = true;
623 cap &= ~IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE;
625 sdata->vif.mu_mimo_owner = true;
628 mask = IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK;
630 ap_bf_sts = le32_to_cpu(ap_vht_cap->vht_cap_info) & mask;
631 our_bf_sts = cap & mask;
633 if (ap_bf_sts < our_bf_sts) {
638 /* reserve and fill IE */
639 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2);
640 ieee80211_ie_build_vht_cap(pos, &vht_cap, cap);
643 /* This function determines HE capability flags for the association
646 static void ieee80211_add_he_ie(struct ieee80211_sub_if_data *sdata,
648 struct ieee80211_supported_band *sband)
651 const struct ieee80211_sta_he_cap *he_cap = NULL;
652 struct ieee80211_chanctx_conf *chanctx_conf;
654 bool reg_cap = false;
657 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
658 if (!WARN_ON_ONCE(!chanctx_conf))
659 reg_cap = cfg80211_chandef_usable(sdata->wdev.wiphy,
661 IEEE80211_CHAN_NO_HE);
665 he_cap = ieee80211_get_he_sta_cap(sband);
666 if (!he_cap || !reg_cap)
670 * TODO: the 1 added is because this temporarily is under the EXTENSION
671 * IE. Get rid of it when it moves.
674 2 + 1 + sizeof(he_cap->he_cap_elem) +
675 ieee80211_he_mcs_nss_size(&he_cap->he_cap_elem) +
676 ieee80211_he_ppe_size(he_cap->ppe_thres[0],
677 he_cap->he_cap_elem.phy_cap_info);
678 pos = skb_put(skb, he_cap_size);
679 ieee80211_ie_build_he_cap(pos, he_cap, pos + he_cap_size);
681 ieee80211_ie_build_he_6ghz_cap(sdata, skb);
684 static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata)
686 struct ieee80211_local *local = sdata->local;
687 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
688 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
690 struct ieee80211_mgmt *mgmt;
691 u8 *pos, qos_info, *ie_start;
692 size_t offset = 0, noffset;
693 int i, count, rates_len, supp_rates_len, shift;
695 struct ieee80211_supported_band *sband;
696 struct ieee80211_chanctx_conf *chanctx_conf;
697 struct ieee80211_channel *chan;
699 struct element *ext_capa = NULL;
701 /* we know it's writable, cast away the const */
702 if (assoc_data->ie_len)
703 ext_capa = (void *)cfg80211_find_elem(WLAN_EID_EXT_CAPABILITY,
707 sdata_assert_lock(sdata);
710 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
711 if (WARN_ON(!chanctx_conf)) {
715 chan = chanctx_conf->def.chan;
717 sband = local->hw.wiphy->bands[chan->band];
718 shift = ieee80211_vif_get_shift(&sdata->vif);
720 if (assoc_data->supp_rates_len) {
722 * Get all rates supported by the device and the AP as
723 * some APs don't like getting a superset of their rates
724 * in the association request (e.g. D-Link DAP 1353 in
727 rates_len = ieee80211_parse_bitrates(&chanctx_conf->def, sband,
728 assoc_data->supp_rates,
729 assoc_data->supp_rates_len,
733 * In case AP not provide any supported rates information
734 * before association, we send information element(s) with
735 * all rates that we support.
738 for (i = 0; i < sband->n_bitrates; i++) {
744 skb = alloc_skb(local->hw.extra_tx_headroom +
745 sizeof(*mgmt) + /* bit too much but doesn't matter */
746 2 + assoc_data->ssid_len + /* SSID */
747 4 + rates_len + /* (extended) rates */
748 4 + /* power capability */
749 2 + 2 * sband->n_channels + /* supported channels */
750 2 + sizeof(struct ieee80211_ht_cap) + /* HT */
751 2 + sizeof(struct ieee80211_vht_cap) + /* VHT */
752 2 + 1 + sizeof(struct ieee80211_he_cap_elem) + /* HE */
753 sizeof(struct ieee80211_he_mcs_nss_supp) +
754 IEEE80211_HE_PPE_THRES_MAX_LEN +
755 2 + 1 + sizeof(struct ieee80211_he_6ghz_capa) +
756 assoc_data->ie_len + /* extra IEs */
757 (assoc_data->fils_kek_len ? 16 /* AES-SIV */ : 0) +
763 skb_reserve(skb, local->hw.extra_tx_headroom);
765 capab = WLAN_CAPABILITY_ESS;
767 if (sband->band == NL80211_BAND_2GHZ) {
768 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
769 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
772 if (assoc_data->capability & WLAN_CAPABILITY_PRIVACY)
773 capab |= WLAN_CAPABILITY_PRIVACY;
775 if ((assoc_data->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) &&
776 ieee80211_hw_check(&local->hw, SPECTRUM_MGMT))
777 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;
779 if (ifmgd->flags & IEEE80211_STA_ENABLE_RRM)
780 capab |= WLAN_CAPABILITY_RADIO_MEASURE;
782 mgmt = skb_put_zero(skb, 24);
783 memcpy(mgmt->da, assoc_data->bss->bssid, ETH_ALEN);
784 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
785 memcpy(mgmt->bssid, assoc_data->bss->bssid, ETH_ALEN);
787 if (!is_zero_ether_addr(assoc_data->prev_bssid)) {
789 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
790 IEEE80211_STYPE_REASSOC_REQ);
791 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab);
792 mgmt->u.reassoc_req.listen_interval =
793 cpu_to_le16(local->hw.conf.listen_interval);
794 memcpy(mgmt->u.reassoc_req.current_ap, assoc_data->prev_bssid,
798 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
799 IEEE80211_STYPE_ASSOC_REQ);
800 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab);
801 mgmt->u.assoc_req.listen_interval =
802 cpu_to_le16(local->hw.conf.listen_interval);
806 pos = skb_put(skb, 2 + assoc_data->ssid_len);
808 *pos++ = WLAN_EID_SSID;
809 *pos++ = assoc_data->ssid_len;
810 memcpy(pos, assoc_data->ssid, assoc_data->ssid_len);
812 /* add all rates which were marked to be used above */
813 supp_rates_len = rates_len;
814 if (supp_rates_len > 8)
817 pos = skb_put(skb, supp_rates_len + 2);
818 *pos++ = WLAN_EID_SUPP_RATES;
819 *pos++ = supp_rates_len;
822 for (i = 0; i < sband->n_bitrates; i++) {
823 if (BIT(i) & rates) {
824 int rate = DIV_ROUND_UP(sband->bitrates[i].bitrate,
832 if (rates_len > count) {
833 pos = skb_put(skb, rates_len - count + 2);
834 *pos++ = WLAN_EID_EXT_SUPP_RATES;
835 *pos++ = rates_len - count;
837 for (i++; i < sband->n_bitrates; i++) {
838 if (BIT(i) & rates) {
840 rate = DIV_ROUND_UP(sband->bitrates[i].bitrate,
847 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT ||
848 capab & WLAN_CAPABILITY_RADIO_MEASURE) {
849 pos = skb_put(skb, 4);
850 *pos++ = WLAN_EID_PWR_CAPABILITY;
852 *pos++ = 0; /* min tx power */
854 *pos++ = ieee80211_chandef_max_power(&chanctx_conf->def);
858 * Per spec, we shouldn't include the list of channels if we advertise
859 * support for extended channel switching, but we've always done that;
860 * (for now?) apply this restriction only on the (new) 6 GHz band.
862 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT &&
863 (sband->band != NL80211_BAND_6GHZ ||
864 !ext_capa || ext_capa->datalen < 1 ||
865 !(ext_capa->data[0] & WLAN_EXT_CAPA1_EXT_CHANNEL_SWITCHING))) {
866 /* TODO: get this in reg domain format */
867 pos = skb_put(skb, 2 * sband->n_channels + 2);
868 *pos++ = WLAN_EID_SUPPORTED_CHANNELS;
869 *pos++ = 2 * sband->n_channels;
870 for (i = 0; i < sband->n_channels; i++) {
871 *pos++ = ieee80211_frequency_to_channel(
872 sband->channels[i].center_freq);
873 *pos++ = 1; /* one channel in the subband*/
877 /* Set MBSSID support for HE AP if needed */
878 if (ieee80211_hw_check(&local->hw, SUPPORTS_ONLY_HE_MULTI_BSSID) &&
879 !(ifmgd->flags & IEEE80211_STA_DISABLE_HE) && assoc_data->ie_len &&
880 ext_capa && ext_capa->datalen >= 3)
881 ext_capa->data[2] |= WLAN_EXT_CAPA3_MULTI_BSSID_SUPPORT;
883 /* if present, add any custom IEs that go before HT */
884 if (assoc_data->ie_len) {
885 static const u8 before_ht[] = {
888 WLAN_EID_EXT_SUPP_RATES,
889 WLAN_EID_PWR_CAPABILITY,
890 WLAN_EID_SUPPORTED_CHANNELS,
893 WLAN_EID_RRM_ENABLED_CAPABILITIES,
894 WLAN_EID_MOBILITY_DOMAIN,
895 WLAN_EID_FAST_BSS_TRANSITION, /* reassoc only */
896 WLAN_EID_RIC_DATA, /* reassoc only */
897 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
899 static const u8 after_ric[] = {
900 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
901 WLAN_EID_HT_CAPABILITY,
902 WLAN_EID_BSS_COEX_2040,
903 /* luckily this is almost always there */
904 WLAN_EID_EXT_CAPABILITY,
905 WLAN_EID_QOS_TRAFFIC_CAPA,
906 WLAN_EID_TIM_BCAST_REQ,
907 WLAN_EID_INTERWORKING,
908 /* 60 GHz (Multi-band, DMG, MMS) can't happen */
909 WLAN_EID_VHT_CAPABILITY,
910 WLAN_EID_OPMODE_NOTIF,
913 noffset = ieee80211_ie_split_ric(assoc_data->ie,
916 ARRAY_SIZE(before_ht),
918 ARRAY_SIZE(after_ric),
920 skb_put_data(skb, assoc_data->ie + offset, noffset - offset);
924 if (WARN_ON_ONCE((ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
925 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)))
926 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
928 if (sband->band != NL80211_BAND_6GHZ &&
929 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT))
930 ieee80211_add_ht_ie(sdata, skb, assoc_data->ap_ht_param,
931 sband, chan, sdata->smps_mode);
933 /* if present, add any custom IEs that go before VHT */
934 if (assoc_data->ie_len) {
935 static const u8 before_vht[] = {
937 * no need to list the ones split off before HT
940 WLAN_EID_BSS_COEX_2040,
941 WLAN_EID_EXT_CAPABILITY,
942 WLAN_EID_QOS_TRAFFIC_CAPA,
943 WLAN_EID_TIM_BCAST_REQ,
944 WLAN_EID_INTERWORKING,
945 /* 60 GHz (Multi-band, DMG, MMS) can't happen */
948 /* RIC already taken above, so no need to handle here anymore */
949 noffset = ieee80211_ie_split(assoc_data->ie, assoc_data->ie_len,
950 before_vht, ARRAY_SIZE(before_vht),
952 skb_put_data(skb, assoc_data->ie + offset, noffset - offset);
956 /* if present, add any custom IEs that go before HE */
957 if (assoc_data->ie_len) {
958 static const u8 before_he[] = {
960 * no need to list the ones split off before VHT
963 WLAN_EID_OPMODE_NOTIF,
964 WLAN_EID_EXTENSION, WLAN_EID_EXT_FUTURE_CHAN_GUIDANCE,
966 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_SESSION,
967 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_PUBLIC_KEY,
968 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_KEY_CONFIRM,
969 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_HLP_CONTAINER,
970 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_IP_ADDR_ASSIGN,
971 /* TODO: add 11ah/11aj/11ak elements */
974 /* RIC already taken above, so no need to handle here anymore */
975 noffset = ieee80211_ie_split(assoc_data->ie, assoc_data->ie_len,
976 before_he, ARRAY_SIZE(before_he),
978 pos = skb_put(skb, noffset - offset);
979 memcpy(pos, assoc_data->ie + offset, noffset - offset);
983 if (sband->band != NL80211_BAND_6GHZ &&
984 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
985 ieee80211_add_vht_ie(sdata, skb, sband,
986 &assoc_data->ap_vht_cap);
989 * If AP doesn't support HT, mark HE as disabled.
990 * If on the 5GHz band, make sure it supports VHT.
992 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT ||
993 (sband->band == NL80211_BAND_5GHZ &&
994 ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
995 ifmgd->flags |= IEEE80211_STA_DISABLE_HE;
997 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HE))
998 ieee80211_add_he_ie(sdata, skb, sband);
1000 /* if present, add any custom non-vendor IEs that go after HE */
1001 if (assoc_data->ie_len) {
1002 noffset = ieee80211_ie_split_vendor(assoc_data->ie,
1005 skb_put_data(skb, assoc_data->ie + offset, noffset - offset);
1009 if (assoc_data->wmm) {
1010 if (assoc_data->uapsd) {
1011 qos_info = ifmgd->uapsd_queues;
1012 qos_info |= (ifmgd->uapsd_max_sp_len <<
1013 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT);
1018 pos = ieee80211_add_wmm_info_ie(skb_put(skb, 9), qos_info);
1021 /* add any remaining custom (i.e. vendor specific here) IEs */
1022 if (assoc_data->ie_len) {
1023 noffset = assoc_data->ie_len;
1024 skb_put_data(skb, assoc_data->ie + offset, noffset - offset);
1027 if (assoc_data->fils_kek_len &&
1028 fils_encrypt_assoc_req(skb, assoc_data) < 0) {
1033 pos = skb_tail_pointer(skb);
1034 kfree(ifmgd->assoc_req_ies);
1035 ifmgd->assoc_req_ies = kmemdup(ie_start, pos - ie_start, GFP_ATOMIC);
1036 ifmgd->assoc_req_ies_len = pos - ie_start;
1038 drv_mgd_prepare_tx(local, sdata, 0);
1040 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
1041 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
1042 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS |
1043 IEEE80211_TX_INTFL_MLME_CONN_TX;
1044 ieee80211_tx_skb(sdata, skb);
1047 void ieee80211_send_pspoll(struct ieee80211_local *local,
1048 struct ieee80211_sub_if_data *sdata)
1050 struct ieee80211_pspoll *pspoll;
1051 struct sk_buff *skb;
1053 skb = ieee80211_pspoll_get(&local->hw, &sdata->vif);
1057 pspoll = (struct ieee80211_pspoll *) skb->data;
1058 pspoll->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
1060 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
1061 ieee80211_tx_skb(sdata, skb);
1064 void ieee80211_send_nullfunc(struct ieee80211_local *local,
1065 struct ieee80211_sub_if_data *sdata,
1068 struct sk_buff *skb;
1069 struct ieee80211_hdr_3addr *nullfunc;
1070 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1072 /* Don't send NDPs when STA is connected HE */
1073 if (sdata->vif.type == NL80211_IFTYPE_STATION &&
1074 !(ifmgd->flags & IEEE80211_STA_DISABLE_HE))
1077 skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif,
1078 !ieee80211_hw_check(&local->hw, DOESNT_SUPPORT_QOS_NDP));
1082 nullfunc = (struct ieee80211_hdr_3addr *) skb->data;
1084 nullfunc->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
1086 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT |
1087 IEEE80211_TX_INTFL_OFFCHAN_TX_OK;
1089 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
1090 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
1092 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL)
1093 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE;
1095 ieee80211_tx_skb(sdata, skb);
1098 static void ieee80211_send_4addr_nullfunc(struct ieee80211_local *local,
1099 struct ieee80211_sub_if_data *sdata)
1101 struct sk_buff *skb;
1102 struct ieee80211_hdr *nullfunc;
1105 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
1108 /* Don't send NDPs when connected HE */
1109 if (!(sdata->u.mgd.flags & IEEE80211_STA_DISABLE_HE))
1112 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30);
1116 skb_reserve(skb, local->hw.extra_tx_headroom);
1118 nullfunc = skb_put_zero(skb, 30);
1119 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC |
1120 IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
1121 nullfunc->frame_control = fc;
1122 memcpy(nullfunc->addr1, sdata->u.mgd.bssid, ETH_ALEN);
1123 memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN);
1124 memcpy(nullfunc->addr3, sdata->u.mgd.bssid, ETH_ALEN);
1125 memcpy(nullfunc->addr4, sdata->vif.addr, ETH_ALEN);
1127 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
1128 ieee80211_tx_skb(sdata, skb);
1131 /* spectrum management related things */
1132 static void ieee80211_chswitch_work(struct work_struct *work)
1134 struct ieee80211_sub_if_data *sdata =
1135 container_of(work, struct ieee80211_sub_if_data, u.mgd.chswitch_work);
1136 struct ieee80211_local *local = sdata->local;
1137 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1140 if (!ieee80211_sdata_running(sdata))
1144 mutex_lock(&local->mtx);
1145 mutex_lock(&local->chanctx_mtx);
1147 if (!ifmgd->associated)
1150 if (!sdata->vif.csa_active)
1154 * using reservation isn't immediate as it may be deferred until later
1155 * with multi-vif. once reservation is complete it will re-schedule the
1156 * work with no reserved_chanctx so verify chandef to check if it
1157 * completed successfully
1160 if (sdata->reserved_chanctx) {
1161 struct ieee80211_supported_band *sband = NULL;
1162 struct sta_info *mgd_sta = NULL;
1163 enum ieee80211_sta_rx_bandwidth bw = IEEE80211_STA_RX_BW_20;
1166 * with multi-vif csa driver may call ieee80211_csa_finish()
1167 * many times while waiting for other interfaces to use their
1170 if (sdata->reserved_ready)
1173 if (sdata->vif.bss_conf.chandef.width !=
1174 sdata->csa_chandef.width) {
1176 * For managed interface, we need to also update the AP
1177 * station bandwidth and align the rate scale algorithm
1178 * on the bandwidth change. Here we only consider the
1179 * bandwidth of the new channel definition (as channel
1180 * switch flow does not have the full HT/VHT/HE
1181 * information), assuming that if additional changes are
1182 * required they would be done as part of the processing
1183 * of the next beacon from the AP.
1185 switch (sdata->csa_chandef.width) {
1186 case NL80211_CHAN_WIDTH_20_NOHT:
1187 case NL80211_CHAN_WIDTH_20:
1189 bw = IEEE80211_STA_RX_BW_20;
1191 case NL80211_CHAN_WIDTH_40:
1192 bw = IEEE80211_STA_RX_BW_40;
1194 case NL80211_CHAN_WIDTH_80:
1195 bw = IEEE80211_STA_RX_BW_80;
1197 case NL80211_CHAN_WIDTH_80P80:
1198 case NL80211_CHAN_WIDTH_160:
1199 bw = IEEE80211_STA_RX_BW_160;
1203 mgd_sta = sta_info_get(sdata, ifmgd->bssid);
1205 local->hw.wiphy->bands[sdata->csa_chandef.chan->band];
1208 if (sdata->vif.bss_conf.chandef.width >
1209 sdata->csa_chandef.width) {
1210 mgd_sta->sta.bandwidth = bw;
1211 rate_control_rate_update(local, sband, mgd_sta,
1212 IEEE80211_RC_BW_CHANGED);
1215 ret = ieee80211_vif_use_reserved_context(sdata);
1218 "failed to use reserved channel context, disconnecting (err=%d)\n",
1220 ieee80211_queue_work(&sdata->local->hw,
1221 &ifmgd->csa_connection_drop_work);
1225 if (sdata->vif.bss_conf.chandef.width <
1226 sdata->csa_chandef.width) {
1227 mgd_sta->sta.bandwidth = bw;
1228 rate_control_rate_update(local, sband, mgd_sta,
1229 IEEE80211_RC_BW_CHANGED);
1235 if (!cfg80211_chandef_identical(&sdata->vif.bss_conf.chandef,
1236 &sdata->csa_chandef)) {
1238 "failed to finalize channel switch, disconnecting\n");
1239 ieee80211_queue_work(&sdata->local->hw,
1240 &ifmgd->csa_connection_drop_work);
1244 ifmgd->csa_waiting_bcn = true;
1246 ieee80211_sta_reset_beacon_monitor(sdata);
1247 ieee80211_sta_reset_conn_monitor(sdata);
1250 mutex_unlock(&local->chanctx_mtx);
1251 mutex_unlock(&local->mtx);
1252 sdata_unlock(sdata);
1255 static void ieee80211_chswitch_post_beacon(struct ieee80211_sub_if_data *sdata)
1257 struct ieee80211_local *local = sdata->local;
1258 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1261 sdata_assert_lock(sdata);
1263 WARN_ON(!sdata->vif.csa_active);
1265 if (sdata->csa_block_tx) {
1266 ieee80211_wake_vif_queues(local, sdata,
1267 IEEE80211_QUEUE_STOP_REASON_CSA);
1268 sdata->csa_block_tx = false;
1271 sdata->vif.csa_active = false;
1272 ifmgd->csa_waiting_bcn = false;
1274 ret = drv_post_channel_switch(sdata);
1277 "driver post channel switch failed, disconnecting\n");
1278 ieee80211_queue_work(&local->hw,
1279 &ifmgd->csa_connection_drop_work);
1283 cfg80211_ch_switch_notify(sdata->dev, &sdata->reserved_chandef);
1286 void ieee80211_chswitch_done(struct ieee80211_vif *vif, bool success)
1288 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1289 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1291 trace_api_chswitch_done(sdata, success);
1294 "driver channel switch failed, disconnecting\n");
1295 ieee80211_queue_work(&sdata->local->hw,
1296 &ifmgd->csa_connection_drop_work);
1298 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work);
1301 EXPORT_SYMBOL(ieee80211_chswitch_done);
1303 static void ieee80211_chswitch_timer(struct timer_list *t)
1305 struct ieee80211_sub_if_data *sdata =
1306 from_timer(sdata, t, u.mgd.chswitch_timer);
1308 ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.chswitch_work);
1312 ieee80211_sta_abort_chanswitch(struct ieee80211_sub_if_data *sdata)
1314 struct ieee80211_local *local = sdata->local;
1316 if (!local->ops->abort_channel_switch)
1319 mutex_lock(&local->mtx);
1321 mutex_lock(&local->chanctx_mtx);
1322 ieee80211_vif_unreserve_chanctx(sdata);
1323 mutex_unlock(&local->chanctx_mtx);
1325 if (sdata->csa_block_tx)
1326 ieee80211_wake_vif_queues(local, sdata,
1327 IEEE80211_QUEUE_STOP_REASON_CSA);
1329 sdata->csa_block_tx = false;
1330 sdata->vif.csa_active = false;
1332 mutex_unlock(&local->mtx);
1334 drv_abort_channel_switch(sdata);
1338 ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata,
1339 u64 timestamp, u32 device_timestamp,
1340 struct ieee802_11_elems *elems,
1343 struct ieee80211_local *local = sdata->local;
1344 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1345 struct cfg80211_bss *cbss = ifmgd->associated;
1346 struct ieee80211_chanctx_conf *conf;
1347 struct ieee80211_chanctx *chanctx;
1348 enum nl80211_band current_band;
1349 struct ieee80211_csa_ie csa_ie;
1350 struct ieee80211_channel_switch ch_switch;
1351 struct ieee80211_bss *bss;
1354 sdata_assert_lock(sdata);
1359 if (local->scanning)
1362 current_band = cbss->channel->band;
1363 bss = (void *)cbss->priv;
1364 res = ieee80211_parse_ch_switch_ie(sdata, elems, current_band,
1367 ifmgd->associated->bssid, &csa_ie);
1370 ch_switch.timestamp = timestamp;
1371 ch_switch.device_timestamp = device_timestamp;
1372 ch_switch.block_tx = csa_ie.mode;
1373 ch_switch.chandef = csa_ie.chandef;
1374 ch_switch.count = csa_ie.count;
1375 ch_switch.delay = csa_ie.max_switch_time;
1379 ieee80211_queue_work(&local->hw,
1380 &ifmgd->csa_connection_drop_work);
1384 if (beacon && sdata->vif.csa_active && !ifmgd->csa_waiting_bcn) {
1386 ieee80211_sta_abort_chanswitch(sdata);
1388 drv_channel_switch_rx_beacon(sdata, &ch_switch);
1390 } else if (sdata->vif.csa_active || res) {
1391 /* disregard subsequent announcements if already processing */
1395 if (!cfg80211_chandef_usable(local->hw.wiphy, &csa_ie.chandef,
1396 IEEE80211_CHAN_DISABLED)) {
1398 "AP %pM switches to unsupported channel "
1399 "(%d.%03d MHz, width:%d, CF1/2: %d.%03d/%d MHz), "
1401 ifmgd->associated->bssid,
1402 csa_ie.chandef.chan->center_freq,
1403 csa_ie.chandef.chan->freq_offset,
1404 csa_ie.chandef.width, csa_ie.chandef.center_freq1,
1405 csa_ie.chandef.freq1_offset,
1406 csa_ie.chandef.center_freq2);
1407 ieee80211_queue_work(&local->hw,
1408 &ifmgd->csa_connection_drop_work);
1412 if (cfg80211_chandef_identical(&csa_ie.chandef,
1413 &sdata->vif.bss_conf.chandef) &&
1414 (!csa_ie.mode || !beacon)) {
1415 if (ifmgd->csa_ignored_same_chan)
1418 "AP %pM tries to chanswitch to same channel, ignore\n",
1419 ifmgd->associated->bssid);
1420 ifmgd->csa_ignored_same_chan = true;
1425 * Drop all TDLS peers - either we disconnect or move to a different
1426 * channel from this point on. There's no telling what our peer will do.
1427 * The TDLS WIDER_BW scenario is also problematic, as peers might now
1428 * have an incompatible wider chandef.
1430 ieee80211_teardown_tdls_peers(sdata);
1432 mutex_lock(&local->mtx);
1433 mutex_lock(&local->chanctx_mtx);
1434 conf = rcu_dereference_protected(sdata->vif.chanctx_conf,
1435 lockdep_is_held(&local->chanctx_mtx));
1438 "no channel context assigned to vif?, disconnecting\n");
1439 goto drop_connection;
1442 chanctx = container_of(conf, struct ieee80211_chanctx, conf);
1444 if (local->use_chanctx &&
1445 !ieee80211_hw_check(&local->hw, CHANCTX_STA_CSA)) {
1447 "driver doesn't support chan-switch with channel contexts\n");
1448 goto drop_connection;
1451 if (drv_pre_channel_switch(sdata, &ch_switch)) {
1453 "preparing for channel switch failed, disconnecting\n");
1454 goto drop_connection;
1457 res = ieee80211_vif_reserve_chanctx(sdata, &csa_ie.chandef,
1458 chanctx->mode, false);
1461 "failed to reserve channel context for channel switch, disconnecting (err=%d)\n",
1463 goto drop_connection;
1465 mutex_unlock(&local->chanctx_mtx);
1467 sdata->vif.csa_active = true;
1468 sdata->csa_chandef = csa_ie.chandef;
1469 sdata->csa_block_tx = csa_ie.mode;
1470 ifmgd->csa_ignored_same_chan = false;
1472 if (sdata->csa_block_tx)
1473 ieee80211_stop_vif_queues(local, sdata,
1474 IEEE80211_QUEUE_STOP_REASON_CSA);
1475 mutex_unlock(&local->mtx);
1477 cfg80211_ch_switch_started_notify(sdata->dev, &csa_ie.chandef,
1480 if (local->ops->channel_switch) {
1481 /* use driver's channel switch callback */
1482 drv_channel_switch(local, sdata, &ch_switch);
1486 /* channel switch handled in software */
1487 if (csa_ie.count <= 1)
1488 ieee80211_queue_work(&local->hw, &ifmgd->chswitch_work);
1490 mod_timer(&ifmgd->chswitch_timer,
1491 TU_TO_EXP_TIME((csa_ie.count - 1) *
1492 cbss->beacon_interval));
1496 * This is just so that the disconnect flow will know that
1497 * we were trying to switch channel and failed. In case the
1498 * mode is 1 (we are not allowed to Tx), we will know not to
1499 * send a deauthentication frame. Those two fields will be
1500 * reset when the disconnection worker runs.
1502 sdata->vif.csa_active = true;
1503 sdata->csa_block_tx = csa_ie.mode;
1505 ieee80211_queue_work(&local->hw, &ifmgd->csa_connection_drop_work);
1506 mutex_unlock(&local->chanctx_mtx);
1507 mutex_unlock(&local->mtx);
1511 ieee80211_find_80211h_pwr_constr(struct ieee80211_sub_if_data *sdata,
1512 struct ieee80211_channel *channel,
1513 const u8 *country_ie, u8 country_ie_len,
1514 const u8 *pwr_constr_elem,
1515 int *chan_pwr, int *pwr_reduction)
1517 struct ieee80211_country_ie_triplet *triplet;
1518 int chan = ieee80211_frequency_to_channel(channel->center_freq);
1519 int i, chan_increment;
1520 bool have_chan_pwr = false;
1523 if (country_ie_len % 2 || country_ie_len < IEEE80211_COUNTRY_IE_MIN_LEN)
1526 triplet = (void *)(country_ie + 3);
1527 country_ie_len -= 3;
1529 switch (channel->band) {
1533 case NL80211_BAND_2GHZ:
1534 case NL80211_BAND_60GHZ:
1537 case NL80211_BAND_5GHZ:
1538 case NL80211_BAND_6GHZ:
1544 while (country_ie_len >= 3) {
1545 u8 first_channel = triplet->chans.first_channel;
1547 if (first_channel >= IEEE80211_COUNTRY_EXTENSION_ID)
1550 for (i = 0; i < triplet->chans.num_channels; i++) {
1551 if (first_channel + i * chan_increment == chan) {
1552 have_chan_pwr = true;
1553 *chan_pwr = triplet->chans.max_power;
1562 country_ie_len -= 3;
1565 if (have_chan_pwr && pwr_constr_elem)
1566 *pwr_reduction = *pwr_constr_elem;
1570 return have_chan_pwr;
1573 static void ieee80211_find_cisco_dtpc(struct ieee80211_sub_if_data *sdata,
1574 struct ieee80211_channel *channel,
1575 const u8 *cisco_dtpc_ie,
1578 /* From practical testing, the first data byte of the DTPC element
1579 * seems to contain the requested dBm level, and the CLI on Cisco
1580 * APs clearly state the range is -127 to 127 dBm, which indicates
1581 * a signed byte, although it seemingly never actually goes negative.
1582 * The other byte seems to always be zero.
1584 *pwr_level = (__s8)cisco_dtpc_ie[4];
1587 static u32 ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata,
1588 struct ieee80211_channel *channel,
1589 struct ieee80211_mgmt *mgmt,
1590 const u8 *country_ie, u8 country_ie_len,
1591 const u8 *pwr_constr_ie,
1592 const u8 *cisco_dtpc_ie)
1594 bool has_80211h_pwr = false, has_cisco_pwr = false;
1595 int chan_pwr = 0, pwr_reduction_80211h = 0;
1596 int pwr_level_cisco, pwr_level_80211h;
1598 __le16 capab = mgmt->u.probe_resp.capab_info;
1601 (capab & cpu_to_le16(WLAN_CAPABILITY_SPECTRUM_MGMT) ||
1602 capab & cpu_to_le16(WLAN_CAPABILITY_RADIO_MEASURE))) {
1603 has_80211h_pwr = ieee80211_find_80211h_pwr_constr(
1604 sdata, channel, country_ie, country_ie_len,
1605 pwr_constr_ie, &chan_pwr, &pwr_reduction_80211h);
1607 max_t(int, 0, chan_pwr - pwr_reduction_80211h);
1610 if (cisco_dtpc_ie) {
1611 ieee80211_find_cisco_dtpc(
1612 sdata, channel, cisco_dtpc_ie, &pwr_level_cisco);
1613 has_cisco_pwr = true;
1616 if (!has_80211h_pwr && !has_cisco_pwr)
1619 /* If we have both 802.11h and Cisco DTPC, apply both limits
1620 * by picking the smallest of the two power levels advertised.
1622 if (has_80211h_pwr &&
1623 (!has_cisco_pwr || pwr_level_80211h <= pwr_level_cisco)) {
1624 new_ap_level = pwr_level_80211h;
1626 if (sdata->ap_power_level == new_ap_level)
1630 "Limiting TX power to %d (%d - %d) dBm as advertised by %pM\n",
1631 pwr_level_80211h, chan_pwr, pwr_reduction_80211h,
1632 sdata->u.mgd.bssid);
1633 } else { /* has_cisco_pwr is always true here. */
1634 new_ap_level = pwr_level_cisco;
1636 if (sdata->ap_power_level == new_ap_level)
1640 "Limiting TX power to %d dBm as advertised by %pM\n",
1641 pwr_level_cisco, sdata->u.mgd.bssid);
1644 sdata->ap_power_level = new_ap_level;
1645 if (__ieee80211_recalc_txpower(sdata))
1646 return BSS_CHANGED_TXPOWER;
1651 static void ieee80211_enable_ps(struct ieee80211_local *local,
1652 struct ieee80211_sub_if_data *sdata)
1654 struct ieee80211_conf *conf = &local->hw.conf;
1657 * If we are scanning right now then the parameters will
1658 * take effect when scan finishes.
1660 if (local->scanning)
1663 if (conf->dynamic_ps_timeout > 0 &&
1664 !ieee80211_hw_check(&local->hw, SUPPORTS_DYNAMIC_PS)) {
1665 mod_timer(&local->dynamic_ps_timer, jiffies +
1666 msecs_to_jiffies(conf->dynamic_ps_timeout));
1668 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK))
1669 ieee80211_send_nullfunc(local, sdata, true);
1671 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) &&
1672 ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
1675 conf->flags |= IEEE80211_CONF_PS;
1676 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1680 static void ieee80211_change_ps(struct ieee80211_local *local)
1682 struct ieee80211_conf *conf = &local->hw.conf;
1684 if (local->ps_sdata) {
1685 ieee80211_enable_ps(local, local->ps_sdata);
1686 } else if (conf->flags & IEEE80211_CONF_PS) {
1687 conf->flags &= ~IEEE80211_CONF_PS;
1688 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1689 del_timer_sync(&local->dynamic_ps_timer);
1690 cancel_work_sync(&local->dynamic_ps_enable_work);
1694 static bool ieee80211_powersave_allowed(struct ieee80211_sub_if_data *sdata)
1696 struct ieee80211_if_managed *mgd = &sdata->u.mgd;
1697 struct sta_info *sta = NULL;
1698 bool authorized = false;
1700 if (!mgd->powersave)
1706 if (!mgd->associated)
1709 if (mgd->flags & IEEE80211_STA_CONNECTION_POLL)
1712 if (!mgd->have_beacon)
1716 sta = sta_info_get(sdata, mgd->bssid);
1718 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED);
1724 /* need to hold RTNL or interface lock */
1725 void ieee80211_recalc_ps(struct ieee80211_local *local)
1727 struct ieee80211_sub_if_data *sdata, *found = NULL;
1731 if (!ieee80211_hw_check(&local->hw, SUPPORTS_PS)) {
1732 local->ps_sdata = NULL;
1736 list_for_each_entry(sdata, &local->interfaces, list) {
1737 if (!ieee80211_sdata_running(sdata))
1739 if (sdata->vif.type == NL80211_IFTYPE_AP) {
1740 /* If an AP vif is found, then disable PS
1741 * by setting the count to zero thereby setting
1747 if (sdata->vif.type != NL80211_IFTYPE_STATION)
1753 if (count == 1 && ieee80211_powersave_allowed(found)) {
1754 u8 dtimper = found->u.mgd.dtim_period;
1756 timeout = local->dynamic_ps_forced_timeout;
1759 local->hw.conf.dynamic_ps_timeout = timeout;
1761 /* If the TIM IE is invalid, pretend the value is 1 */
1765 local->hw.conf.ps_dtim_period = dtimper;
1766 local->ps_sdata = found;
1768 local->ps_sdata = NULL;
1771 ieee80211_change_ps(local);
1774 void ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data *sdata)
1776 bool ps_allowed = ieee80211_powersave_allowed(sdata);
1778 if (sdata->vif.bss_conf.ps != ps_allowed) {
1779 sdata->vif.bss_conf.ps = ps_allowed;
1780 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_PS);
1784 void ieee80211_dynamic_ps_disable_work(struct work_struct *work)
1786 struct ieee80211_local *local =
1787 container_of(work, struct ieee80211_local,
1788 dynamic_ps_disable_work);
1790 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
1791 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
1792 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1795 ieee80211_wake_queues_by_reason(&local->hw,
1796 IEEE80211_MAX_QUEUE_MAP,
1797 IEEE80211_QUEUE_STOP_REASON_PS,
1801 void ieee80211_dynamic_ps_enable_work(struct work_struct *work)
1803 struct ieee80211_local *local =
1804 container_of(work, struct ieee80211_local,
1805 dynamic_ps_enable_work);
1806 struct ieee80211_sub_if_data *sdata = local->ps_sdata;
1807 struct ieee80211_if_managed *ifmgd;
1808 unsigned long flags;
1811 /* can only happen when PS was just disabled anyway */
1815 ifmgd = &sdata->u.mgd;
1817 if (local->hw.conf.flags & IEEE80211_CONF_PS)
1820 if (local->hw.conf.dynamic_ps_timeout > 0) {
1821 /* don't enter PS if TX frames are pending */
1822 if (drv_tx_frames_pending(local)) {
1823 mod_timer(&local->dynamic_ps_timer, jiffies +
1825 local->hw.conf.dynamic_ps_timeout));
1830 * transmission can be stopped by others which leads to
1831 * dynamic_ps_timer expiry. Postpone the ps timer if it
1832 * is not the actual idle state.
1834 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
1835 for (q = 0; q < local->hw.queues; q++) {
1836 if (local->queue_stop_reasons[q]) {
1837 spin_unlock_irqrestore(&local->queue_stop_reason_lock,
1839 mod_timer(&local->dynamic_ps_timer, jiffies +
1841 local->hw.conf.dynamic_ps_timeout));
1845 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
1848 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) &&
1849 !(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) {
1850 if (drv_tx_frames_pending(local)) {
1851 mod_timer(&local->dynamic_ps_timer, jiffies +
1853 local->hw.conf.dynamic_ps_timeout));
1855 ieee80211_send_nullfunc(local, sdata, true);
1856 /* Flush to get the tx status of nullfunc frame */
1857 ieee80211_flush_queues(local, sdata, false);
1861 if (!(ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS) &&
1862 ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK)) ||
1863 (ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) {
1864 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED;
1865 local->hw.conf.flags |= IEEE80211_CONF_PS;
1866 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1870 void ieee80211_dynamic_ps_timer(struct timer_list *t)
1872 struct ieee80211_local *local = from_timer(local, t, dynamic_ps_timer);
1874 ieee80211_queue_work(&local->hw, &local->dynamic_ps_enable_work);
1877 void ieee80211_dfs_cac_timer_work(struct work_struct *work)
1879 struct delayed_work *delayed_work = to_delayed_work(work);
1880 struct ieee80211_sub_if_data *sdata =
1881 container_of(delayed_work, struct ieee80211_sub_if_data,
1882 dfs_cac_timer_work);
1883 struct cfg80211_chan_def chandef = sdata->vif.bss_conf.chandef;
1885 mutex_lock(&sdata->local->mtx);
1886 if (sdata->wdev.cac_started) {
1887 ieee80211_vif_release_channel(sdata);
1888 cfg80211_cac_event(sdata->dev, &chandef,
1889 NL80211_RADAR_CAC_FINISHED,
1892 mutex_unlock(&sdata->local->mtx);
1896 __ieee80211_sta_handle_tspec_ac_params(struct ieee80211_sub_if_data *sdata)
1898 struct ieee80211_local *local = sdata->local;
1899 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1903 if (local->hw.queues < IEEE80211_NUM_ACS)
1906 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
1907 struct ieee80211_sta_tx_tspec *tx_tspec = &ifmgd->tx_tspec[ac];
1909 unsigned long now = jiffies;
1911 if (tx_tspec->action == TX_TSPEC_ACTION_NONE &&
1912 tx_tspec->admitted_time &&
1913 time_after(now, tx_tspec->time_slice_start + HZ)) {
1914 tx_tspec->consumed_tx_time = 0;
1915 tx_tspec->time_slice_start = now;
1917 if (tx_tspec->downgraded)
1919 TX_TSPEC_ACTION_STOP_DOWNGRADE;
1922 switch (tx_tspec->action) {
1923 case TX_TSPEC_ACTION_STOP_DOWNGRADE:
1924 /* take the original parameters */
1925 if (drv_conf_tx(local, sdata, ac, &sdata->tx_conf[ac]))
1927 "failed to set TX queue parameters for queue %d\n",
1929 tx_tspec->action = TX_TSPEC_ACTION_NONE;
1930 tx_tspec->downgraded = false;
1933 case TX_TSPEC_ACTION_DOWNGRADE:
1934 if (time_after(now, tx_tspec->time_slice_start + HZ)) {
1935 tx_tspec->action = TX_TSPEC_ACTION_NONE;
1939 /* downgrade next lower non-ACM AC */
1940 for (non_acm_ac = ac + 1;
1941 non_acm_ac < IEEE80211_NUM_ACS;
1943 if (!(sdata->wmm_acm & BIT(7 - 2 * non_acm_ac)))
1945 /* Usually the loop will result in using BK even if it
1946 * requires admission control, but such a configuration
1947 * makes no sense and we have to transmit somehow - the
1948 * AC selection does the same thing.
1949 * If we started out trying to downgrade from BK, then
1950 * the extra condition here might be needed.
1952 if (non_acm_ac >= IEEE80211_NUM_ACS)
1953 non_acm_ac = IEEE80211_AC_BK;
1954 if (drv_conf_tx(local, sdata, ac,
1955 &sdata->tx_conf[non_acm_ac]))
1957 "failed to set TX queue parameters for queue %d\n",
1959 tx_tspec->action = TX_TSPEC_ACTION_NONE;
1961 schedule_delayed_work(&ifmgd->tx_tspec_wk,
1962 tx_tspec->time_slice_start + HZ - now + 1);
1964 case TX_TSPEC_ACTION_NONE:
1973 void ieee80211_sta_handle_tspec_ac_params(struct ieee80211_sub_if_data *sdata)
1975 if (__ieee80211_sta_handle_tspec_ac_params(sdata))
1976 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_QOS);
1979 static void ieee80211_sta_handle_tspec_ac_params_wk(struct work_struct *work)
1981 struct ieee80211_sub_if_data *sdata;
1983 sdata = container_of(work, struct ieee80211_sub_if_data,
1984 u.mgd.tx_tspec_wk.work);
1985 ieee80211_sta_handle_tspec_ac_params(sdata);
1990 ieee80211_sta_wmm_params(struct ieee80211_local *local,
1991 struct ieee80211_sub_if_data *sdata,
1992 const u8 *wmm_param, size_t wmm_param_len,
1993 const struct ieee80211_mu_edca_param_set *mu_edca)
1995 struct ieee80211_tx_queue_params params[IEEE80211_NUM_ACS];
1996 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1998 int count, mu_edca_count, ac;
2000 u8 uapsd_queues = 0;
2002 if (!local->ops->conf_tx)
2005 if (local->hw.queues < IEEE80211_NUM_ACS)
2011 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1)
2014 if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED)
2015 uapsd_queues = ifmgd->uapsd_queues;
2017 count = wmm_param[6] & 0x0f;
2018 /* -1 is the initial value of ifmgd->mu_edca_last_param_set.
2019 * if mu_edca was preset before and now it disappeared tell
2020 * the driver about it.
2022 mu_edca_count = mu_edca ? mu_edca->mu_qos_info & 0x0f : -1;
2023 if (count == ifmgd->wmm_last_param_set &&
2024 mu_edca_count == ifmgd->mu_edca_last_param_set)
2026 ifmgd->wmm_last_param_set = count;
2027 ifmgd->mu_edca_last_param_set = mu_edca_count;
2029 pos = wmm_param + 8;
2030 left = wmm_param_len - 8;
2032 memset(¶ms, 0, sizeof(params));
2035 for (; left >= 4; left -= 4, pos += 4) {
2036 int aci = (pos[0] >> 5) & 0x03;
2037 int acm = (pos[0] >> 4) & 0x01;
2042 ac = IEEE80211_AC_BK;
2044 sdata->wmm_acm |= BIT(1) | BIT(2); /* BK/- */
2045 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK)
2047 params[ac].mu_edca = !!mu_edca;
2049 params[ac].mu_edca_param_rec = mu_edca->ac_bk;
2052 ac = IEEE80211_AC_VI;
2054 sdata->wmm_acm |= BIT(4) | BIT(5); /* CL/VI */
2055 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI)
2057 params[ac].mu_edca = !!mu_edca;
2059 params[ac].mu_edca_param_rec = mu_edca->ac_vi;
2062 ac = IEEE80211_AC_VO;
2064 sdata->wmm_acm |= BIT(6) | BIT(7); /* VO/NC */
2065 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO)
2067 params[ac].mu_edca = !!mu_edca;
2069 params[ac].mu_edca_param_rec = mu_edca->ac_vo;
2073 ac = IEEE80211_AC_BE;
2075 sdata->wmm_acm |= BIT(0) | BIT(3); /* BE/EE */
2076 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE)
2078 params[ac].mu_edca = !!mu_edca;
2080 params[ac].mu_edca_param_rec = mu_edca->ac_be;
2084 params[ac].aifs = pos[0] & 0x0f;
2086 if (params[ac].aifs < 2) {
2088 "AP has invalid WMM params (AIFSN=%d for ACI %d), will use 2\n",
2089 params[ac].aifs, aci);
2090 params[ac].aifs = 2;
2092 params[ac].cw_max = ecw2cw((pos[1] & 0xf0) >> 4);
2093 params[ac].cw_min = ecw2cw(pos[1] & 0x0f);
2094 params[ac].txop = get_unaligned_le16(pos + 2);
2095 params[ac].acm = acm;
2096 params[ac].uapsd = uapsd;
2098 if (params[ac].cw_min == 0 ||
2099 params[ac].cw_min > params[ac].cw_max) {
2101 "AP has invalid WMM params (CWmin/max=%d/%d for ACI %d), using defaults\n",
2102 params[ac].cw_min, params[ac].cw_max, aci);
2105 ieee80211_regulatory_limit_wmm_params(sdata, ¶ms[ac], ac);
2108 /* WMM specification requires all 4 ACIs. */
2109 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
2110 if (params[ac].cw_min == 0) {
2112 "AP has invalid WMM params (missing AC %d), using defaults\n",
2118 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
2120 "WMM AC=%d acm=%d aifs=%d cWmin=%d cWmax=%d txop=%d uapsd=%d, downgraded=%d\n",
2122 params[ac].aifs, params[ac].cw_min, params[ac].cw_max,
2123 params[ac].txop, params[ac].uapsd,
2124 ifmgd->tx_tspec[ac].downgraded);
2125 sdata->tx_conf[ac] = params[ac];
2126 if (!ifmgd->tx_tspec[ac].downgraded &&
2127 drv_conf_tx(local, sdata, ac, ¶ms[ac]))
2129 "failed to set TX queue parameters for AC %d\n",
2133 /* enable WMM or activate new settings */
2134 sdata->vif.bss_conf.qos = true;
2138 static void __ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata)
2140 lockdep_assert_held(&sdata->local->mtx);
2142 sdata->u.mgd.flags &= ~IEEE80211_STA_CONNECTION_POLL;
2143 ieee80211_run_deferred_scan(sdata->local);
2146 static void ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata)
2148 mutex_lock(&sdata->local->mtx);
2149 __ieee80211_stop_poll(sdata);
2150 mutex_unlock(&sdata->local->mtx);
2153 static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata,
2154 u16 capab, bool erp_valid, u8 erp)
2156 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
2157 struct ieee80211_supported_band *sband;
2159 bool use_protection;
2160 bool use_short_preamble;
2161 bool use_short_slot;
2163 sband = ieee80211_get_sband(sdata);
2168 use_protection = (erp & WLAN_ERP_USE_PROTECTION) != 0;
2169 use_short_preamble = (erp & WLAN_ERP_BARKER_PREAMBLE) == 0;
2171 use_protection = false;
2172 use_short_preamble = !!(capab & WLAN_CAPABILITY_SHORT_PREAMBLE);
2175 use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME);
2176 if (sband->band == NL80211_BAND_5GHZ ||
2177 sband->band == NL80211_BAND_6GHZ)
2178 use_short_slot = true;
2180 if (use_protection != bss_conf->use_cts_prot) {
2181 bss_conf->use_cts_prot = use_protection;
2182 changed |= BSS_CHANGED_ERP_CTS_PROT;
2185 if (use_short_preamble != bss_conf->use_short_preamble) {
2186 bss_conf->use_short_preamble = use_short_preamble;
2187 changed |= BSS_CHANGED_ERP_PREAMBLE;
2190 if (use_short_slot != bss_conf->use_short_slot) {
2191 bss_conf->use_short_slot = use_short_slot;
2192 changed |= BSS_CHANGED_ERP_SLOT;
2198 static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
2199 struct cfg80211_bss *cbss,
2200 u32 bss_info_changed)
2202 struct ieee80211_bss *bss = (void *)cbss->priv;
2203 struct ieee80211_local *local = sdata->local;
2204 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
2206 bss_info_changed |= BSS_CHANGED_ASSOC;
2207 bss_info_changed |= ieee80211_handle_bss_capability(sdata,
2208 bss_conf->assoc_capability, bss->has_erp_value, bss->erp_value);
2210 sdata->u.mgd.beacon_timeout = usecs_to_jiffies(ieee80211_tu_to_usec(
2211 beacon_loss_count * bss_conf->beacon_int));
2213 sdata->u.mgd.associated = cbss;
2214 memcpy(sdata->u.mgd.bssid, cbss->bssid, ETH_ALEN);
2216 ieee80211_check_rate_mask(sdata);
2218 sdata->u.mgd.flags |= IEEE80211_STA_RESET_SIGNAL_AVE;
2220 if (sdata->vif.p2p ||
2221 sdata->vif.driver_flags & IEEE80211_VIF_GET_NOA_UPDATE) {
2222 const struct cfg80211_bss_ies *ies;
2225 ies = rcu_dereference(cbss->ies);
2229 ret = cfg80211_get_p2p_attr(
2230 ies->data, ies->len,
2231 IEEE80211_P2P_ATTR_ABSENCE_NOTICE,
2232 (u8 *) &bss_conf->p2p_noa_attr,
2233 sizeof(bss_conf->p2p_noa_attr));
2235 sdata->u.mgd.p2p_noa_index =
2236 bss_conf->p2p_noa_attr.index;
2237 bss_info_changed |= BSS_CHANGED_P2P_PS;
2243 /* just to be sure */
2244 ieee80211_stop_poll(sdata);
2246 ieee80211_led_assoc(local, 1);
2248 if (sdata->u.mgd.have_beacon) {
2250 * If the AP is buggy we may get here with no DTIM period
2251 * known, so assume it's 1 which is the only safe assumption
2252 * in that case, although if the TIM IE is broken powersave
2253 * probably just won't work at all.
2255 bss_conf->dtim_period = sdata->u.mgd.dtim_period ?: 1;
2256 bss_conf->beacon_rate = bss->beacon_rate;
2257 bss_info_changed |= BSS_CHANGED_BEACON_INFO;
2259 bss_conf->beacon_rate = NULL;
2260 bss_conf->dtim_period = 0;
2263 bss_conf->assoc = 1;
2265 /* Tell the driver to monitor connection quality (if supported) */
2266 if (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI &&
2267 bss_conf->cqm_rssi_thold)
2268 bss_info_changed |= BSS_CHANGED_CQM;
2270 /* Enable ARP filtering */
2271 if (bss_conf->arp_addr_cnt)
2272 bss_info_changed |= BSS_CHANGED_ARP_FILTER;
2274 ieee80211_bss_info_change_notify(sdata, bss_info_changed);
2276 mutex_lock(&local->iflist_mtx);
2277 ieee80211_recalc_ps(local);
2278 mutex_unlock(&local->iflist_mtx);
2280 ieee80211_recalc_smps(sdata);
2281 ieee80211_recalc_ps_vif(sdata);
2283 netif_carrier_on(sdata->dev);
2286 static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
2287 u16 stype, u16 reason, bool tx,
2290 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2291 struct ieee80211_local *local = sdata->local;
2294 sdata_assert_lock(sdata);
2296 if (WARN_ON_ONCE(tx && !frame_buf))
2299 if (WARN_ON(!ifmgd->associated))
2302 ieee80211_stop_poll(sdata);
2304 ifmgd->associated = NULL;
2305 netif_carrier_off(sdata->dev);
2308 * if we want to get out of ps before disassoc (why?) we have
2309 * to do it before sending disassoc, as otherwise the null-packet
2312 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
2313 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
2314 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
2316 local->ps_sdata = NULL;
2318 /* disable per-vif ps */
2319 ieee80211_recalc_ps_vif(sdata);
2321 /* make sure ongoing transmission finishes */
2325 * drop any frame before deauth/disassoc, this can be data or
2326 * management frame. Since we are disconnecting, we should not
2327 * insist sending these frames which can take time and delay
2328 * the disconnection and possible the roaming.
2331 ieee80211_flush_queues(local, sdata, true);
2333 /* deauthenticate/disassociate now */
2334 if (tx || frame_buf) {
2336 * In multi channel scenarios guarantee that the virtual
2337 * interface is granted immediate airtime to transmit the
2338 * deauthentication frame by calling mgd_prepare_tx, if the
2339 * driver requested so.
2341 if (ieee80211_hw_check(&local->hw, DEAUTH_NEED_MGD_TX_PREP) &&
2342 !ifmgd->have_beacon)
2343 drv_mgd_prepare_tx(sdata->local, sdata, 0);
2345 ieee80211_send_deauth_disassoc(sdata, ifmgd->bssid,
2346 ifmgd->bssid, stype, reason,
2350 /* flush out frame - make sure the deauth was actually sent */
2352 ieee80211_flush_queues(local, sdata, false);
2354 /* clear bssid only after building the needed mgmt frames */
2355 eth_zero_addr(ifmgd->bssid);
2357 /* remove AP and TDLS peers */
2358 sta_info_flush(sdata);
2360 /* finally reset all BSS / config parameters */
2361 changed |= ieee80211_reset_erp_info(sdata);
2363 ieee80211_led_assoc(local, 0);
2364 changed |= BSS_CHANGED_ASSOC;
2365 sdata->vif.bss_conf.assoc = false;
2367 ifmgd->p2p_noa_index = -1;
2368 memset(&sdata->vif.bss_conf.p2p_noa_attr, 0,
2369 sizeof(sdata->vif.bss_conf.p2p_noa_attr));
2371 /* on the next assoc, re-program HT/VHT parameters */
2372 memset(&ifmgd->ht_capa, 0, sizeof(ifmgd->ht_capa));
2373 memset(&ifmgd->ht_capa_mask, 0, sizeof(ifmgd->ht_capa_mask));
2374 memset(&ifmgd->vht_capa, 0, sizeof(ifmgd->vht_capa));
2375 memset(&ifmgd->vht_capa_mask, 0, sizeof(ifmgd->vht_capa_mask));
2377 /* reset MU-MIMO ownership and group data */
2378 memset(sdata->vif.bss_conf.mu_group.membership, 0,
2379 sizeof(sdata->vif.bss_conf.mu_group.membership));
2380 memset(sdata->vif.bss_conf.mu_group.position, 0,
2381 sizeof(sdata->vif.bss_conf.mu_group.position));
2382 changed |= BSS_CHANGED_MU_GROUPS;
2383 sdata->vif.mu_mimo_owner = false;
2385 sdata->ap_power_level = IEEE80211_UNSET_POWER_LEVEL;
2387 del_timer_sync(&local->dynamic_ps_timer);
2388 cancel_work_sync(&local->dynamic_ps_enable_work);
2390 /* Disable ARP filtering */
2391 if (sdata->vif.bss_conf.arp_addr_cnt)
2392 changed |= BSS_CHANGED_ARP_FILTER;
2394 sdata->vif.bss_conf.qos = false;
2395 changed |= BSS_CHANGED_QOS;
2397 /* The BSSID (not really interesting) and HT changed */
2398 changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT;
2399 ieee80211_bss_info_change_notify(sdata, changed);
2401 /* disassociated - set to defaults now */
2402 ieee80211_set_wmm_default(sdata, false, false);
2404 del_timer_sync(&sdata->u.mgd.conn_mon_timer);
2405 del_timer_sync(&sdata->u.mgd.bcn_mon_timer);
2406 del_timer_sync(&sdata->u.mgd.timer);
2407 del_timer_sync(&sdata->u.mgd.chswitch_timer);
2409 sdata->vif.bss_conf.dtim_period = 0;
2410 sdata->vif.bss_conf.beacon_rate = NULL;
2412 ifmgd->have_beacon = false;
2415 mutex_lock(&local->mtx);
2416 ieee80211_vif_release_channel(sdata);
2418 sdata->vif.csa_active = false;
2419 ifmgd->csa_waiting_bcn = false;
2420 ifmgd->csa_ignored_same_chan = false;
2421 if (sdata->csa_block_tx) {
2422 ieee80211_wake_vif_queues(local, sdata,
2423 IEEE80211_QUEUE_STOP_REASON_CSA);
2424 sdata->csa_block_tx = false;
2426 mutex_unlock(&local->mtx);
2428 /* existing TX TSPEC sessions no longer exist */
2429 memset(ifmgd->tx_tspec, 0, sizeof(ifmgd->tx_tspec));
2430 cancel_delayed_work_sync(&ifmgd->tx_tspec_wk);
2432 sdata->encrypt_headroom = IEEE80211_ENCRYPT_HEADROOM;
2435 void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata,
2436 struct ieee80211_hdr *hdr)
2439 * We can postpone the mgd.timer whenever receiving unicast frames
2440 * from AP because we know that the connection is working both ways
2441 * at that time. But multicast frames (and hence also beacons) must
2442 * be ignored here, because we need to trigger the timer during
2443 * data idle periods for sending the periodic probe request to the
2444 * AP we're connected to.
2446 if (is_multicast_ether_addr(hdr->addr1))
2449 ieee80211_sta_reset_conn_monitor(sdata);
2452 static void ieee80211_reset_ap_probe(struct ieee80211_sub_if_data *sdata)
2454 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2455 struct ieee80211_local *local = sdata->local;
2457 mutex_lock(&local->mtx);
2458 if (!(ifmgd->flags & IEEE80211_STA_CONNECTION_POLL))
2461 __ieee80211_stop_poll(sdata);
2463 mutex_lock(&local->iflist_mtx);
2464 ieee80211_recalc_ps(local);
2465 mutex_unlock(&local->iflist_mtx);
2467 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
2471 * We've received a probe response, but are not sure whether
2472 * we have or will be receiving any beacons or data, so let's
2473 * schedule the timers again, just in case.
2475 ieee80211_sta_reset_beacon_monitor(sdata);
2477 mod_timer(&ifmgd->conn_mon_timer,
2478 round_jiffies_up(jiffies +
2479 IEEE80211_CONNECTION_IDLE_TIME));
2481 mutex_unlock(&local->mtx);
2484 static void ieee80211_sta_tx_wmm_ac_notify(struct ieee80211_sub_if_data *sdata,
2485 struct ieee80211_hdr *hdr,
2488 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2489 u16 tid = ieee80211_get_tid(hdr);
2490 int ac = ieee80211_ac_from_tid(tid);
2491 struct ieee80211_sta_tx_tspec *tx_tspec = &ifmgd->tx_tspec[ac];
2492 unsigned long now = jiffies;
2494 if (likely(!tx_tspec->admitted_time))
2497 if (time_after(now, tx_tspec->time_slice_start + HZ)) {
2498 tx_tspec->consumed_tx_time = 0;
2499 tx_tspec->time_slice_start = now;
2501 if (tx_tspec->downgraded) {
2502 tx_tspec->action = TX_TSPEC_ACTION_STOP_DOWNGRADE;
2503 schedule_delayed_work(&ifmgd->tx_tspec_wk, 0);
2507 if (tx_tspec->downgraded)
2510 tx_tspec->consumed_tx_time += tx_time;
2512 if (tx_tspec->consumed_tx_time >= tx_tspec->admitted_time) {
2513 tx_tspec->downgraded = true;
2514 tx_tspec->action = TX_TSPEC_ACTION_DOWNGRADE;
2515 schedule_delayed_work(&ifmgd->tx_tspec_wk, 0);
2519 void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata,
2520 struct ieee80211_hdr *hdr, bool ack, u16 tx_time)
2522 ieee80211_sta_tx_wmm_ac_notify(sdata, hdr, tx_time);
2524 if (!ieee80211_is_data(hdr->frame_control))
2527 if (ieee80211_is_any_nullfunc(hdr->frame_control) &&
2528 sdata->u.mgd.probe_send_count > 0) {
2530 ieee80211_sta_reset_conn_monitor(sdata);
2532 sdata->u.mgd.nullfunc_failed = true;
2533 ieee80211_queue_work(&sdata->local->hw, &sdata->work);
2538 ieee80211_sta_reset_conn_monitor(sdata);
2541 static void ieee80211_mlme_send_probe_req(struct ieee80211_sub_if_data *sdata,
2542 const u8 *src, const u8 *dst,
2543 const u8 *ssid, size_t ssid_len,
2544 struct ieee80211_channel *channel)
2546 struct sk_buff *skb;
2548 skb = ieee80211_build_probe_req(sdata, src, dst, (u32)-1, channel,
2549 ssid, ssid_len, NULL, 0,
2550 IEEE80211_PROBE_FLAG_DIRECTED);
2552 ieee80211_tx_skb(sdata, skb);
2555 static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata)
2557 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2559 u8 *dst = ifmgd->associated->bssid;
2560 u8 unicast_limit = max(1, max_probe_tries - 3);
2561 struct sta_info *sta;
2564 * Try sending broadcast probe requests for the last three
2565 * probe requests after the first ones failed since some
2566 * buggy APs only support broadcast probe requests.
2568 if (ifmgd->probe_send_count >= unicast_limit)
2572 * When the hardware reports an accurate Tx ACK status, it's
2573 * better to send a nullfunc frame instead of a probe request,
2574 * as it will kick us off the AP quickly if we aren't associated
2575 * anymore. The timeout will be reset if the frame is ACKed by
2578 ifmgd->probe_send_count++;
2581 mutex_lock(&sdata->local->sta_mtx);
2582 sta = sta_info_get(sdata, dst);
2584 ieee80211_check_fast_rx(sta);
2585 mutex_unlock(&sdata->local->sta_mtx);
2588 if (ieee80211_hw_check(&sdata->local->hw, REPORTS_TX_ACK_STATUS)) {
2589 ifmgd->nullfunc_failed = false;
2590 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HE))
2591 ifmgd->probe_send_count--;
2593 ieee80211_send_nullfunc(sdata->local, sdata, false);
2598 ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID);
2599 if (WARN_ON_ONCE(ssid == NULL))
2604 ieee80211_mlme_send_probe_req(sdata, sdata->vif.addr, dst,
2606 ifmgd->associated->channel);
2610 ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms);
2611 run_again(sdata, ifmgd->probe_timeout);
2614 static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata,
2617 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2618 bool already = false;
2620 if (!ieee80211_sdata_running(sdata))
2625 if (!ifmgd->associated)
2628 mutex_lock(&sdata->local->mtx);
2630 if (sdata->local->tmp_channel || sdata->local->scanning) {
2631 mutex_unlock(&sdata->local->mtx);
2636 mlme_dbg_ratelimited(sdata,
2637 "detected beacon loss from AP (missed %d beacons) - probing\n",
2640 ieee80211_cqm_beacon_loss_notify(&sdata->vif, GFP_KERNEL);
2644 * The driver/our work has already reported this event or the
2645 * connection monitoring has kicked in and we have already sent
2646 * a probe request. Or maybe the AP died and the driver keeps
2647 * reporting until we disassociate...
2649 * In either case we have to ignore the current call to this
2650 * function (except for setting the correct probe reason bit)
2651 * because otherwise we would reset the timer every time and
2652 * never check whether we received a probe response!
2654 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL)
2657 ifmgd->flags |= IEEE80211_STA_CONNECTION_POLL;
2659 mutex_unlock(&sdata->local->mtx);
2664 mutex_lock(&sdata->local->iflist_mtx);
2665 ieee80211_recalc_ps(sdata->local);
2666 mutex_unlock(&sdata->local->iflist_mtx);
2668 ifmgd->probe_send_count = 0;
2669 ieee80211_mgd_probe_ap_send(sdata);
2671 sdata_unlock(sdata);
2674 struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw,
2675 struct ieee80211_vif *vif)
2677 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2678 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2679 struct cfg80211_bss *cbss;
2680 struct sk_buff *skb;
2684 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
2687 sdata_assert_lock(sdata);
2689 if (ifmgd->associated)
2690 cbss = ifmgd->associated;
2691 else if (ifmgd->auth_data)
2692 cbss = ifmgd->auth_data->bss;
2693 else if (ifmgd->assoc_data)
2694 cbss = ifmgd->assoc_data->bss;
2699 ssid = ieee80211_bss_get_ie(cbss, WLAN_EID_SSID);
2700 if (WARN_ONCE(!ssid || ssid[1] > IEEE80211_MAX_SSID_LEN,
2701 "invalid SSID element (len=%d)", ssid ? ssid[1] : -1))
2706 skb = ieee80211_build_probe_req(sdata, sdata->vif.addr, cbss->bssid,
2707 (u32) -1, cbss->channel,
2709 NULL, 0, IEEE80211_PROBE_FLAG_DIRECTED);
2714 EXPORT_SYMBOL(ieee80211_ap_probereq_get);
2716 static void ieee80211_report_disconnect(struct ieee80211_sub_if_data *sdata,
2717 const u8 *buf, size_t len, bool tx,
2720 struct ieee80211_event event = {
2722 .u.mlme.data = tx ? DEAUTH_TX_EVENT : DEAUTH_RX_EVENT,
2723 .u.mlme.reason = reason,
2727 cfg80211_tx_mlme_mgmt(sdata->dev, buf, len);
2729 cfg80211_rx_mlme_mgmt(sdata->dev, buf, len);
2731 drv_event_callback(sdata->local, sdata, &event);
2734 static void __ieee80211_disconnect(struct ieee80211_sub_if_data *sdata)
2736 struct ieee80211_local *local = sdata->local;
2737 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2738 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
2742 if (!ifmgd->associated) {
2743 sdata_unlock(sdata);
2747 tx = !sdata->csa_block_tx;
2749 /* AP is probably out of range (or not reachable for another reason) so
2750 * remove the bss struct for that AP.
2752 cfg80211_unlink_bss(local->hw.wiphy, ifmgd->associated);
2754 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
2755 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
2757 mutex_lock(&local->mtx);
2758 sdata->vif.csa_active = false;
2759 ifmgd->csa_waiting_bcn = false;
2760 if (sdata->csa_block_tx) {
2761 ieee80211_wake_vif_queues(local, sdata,
2762 IEEE80211_QUEUE_STOP_REASON_CSA);
2763 sdata->csa_block_tx = false;
2765 mutex_unlock(&local->mtx);
2767 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), tx,
2768 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY);
2770 sdata_unlock(sdata);
2773 static void ieee80211_beacon_connection_loss_work(struct work_struct *work)
2775 struct ieee80211_sub_if_data *sdata =
2776 container_of(work, struct ieee80211_sub_if_data,
2777 u.mgd.beacon_connection_loss_work);
2778 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2780 if (ifmgd->associated)
2781 ifmgd->beacon_loss_count++;
2783 if (ifmgd->connection_loss) {
2784 sdata_info(sdata, "Connection to AP %pM lost\n",
2786 __ieee80211_disconnect(sdata);
2788 ieee80211_mgd_probe_ap(sdata, true);
2792 static void ieee80211_csa_connection_drop_work(struct work_struct *work)
2794 struct ieee80211_sub_if_data *sdata =
2795 container_of(work, struct ieee80211_sub_if_data,
2796 u.mgd.csa_connection_drop_work);
2798 __ieee80211_disconnect(sdata);
2801 void ieee80211_beacon_loss(struct ieee80211_vif *vif)
2803 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2804 struct ieee80211_hw *hw = &sdata->local->hw;
2806 trace_api_beacon_loss(sdata);
2808 sdata->u.mgd.connection_loss = false;
2809 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work);
2811 EXPORT_SYMBOL(ieee80211_beacon_loss);
2813 void ieee80211_connection_loss(struct ieee80211_vif *vif)
2815 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2816 struct ieee80211_hw *hw = &sdata->local->hw;
2818 trace_api_connection_loss(sdata);
2820 sdata->u.mgd.connection_loss = true;
2821 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work);
2823 EXPORT_SYMBOL(ieee80211_connection_loss);
2826 static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata,
2829 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data;
2831 sdata_assert_lock(sdata);
2835 * we are not authenticated yet, the only timer that could be
2836 * running is the timeout for the authentication response which
2837 * which is not relevant anymore.
2839 del_timer_sync(&sdata->u.mgd.timer);
2840 sta_info_destroy_addr(sdata, auth_data->bss->bssid);
2842 eth_zero_addr(sdata->u.mgd.bssid);
2843 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
2844 sdata->u.mgd.flags = 0;
2845 mutex_lock(&sdata->local->mtx);
2846 ieee80211_vif_release_channel(sdata);
2847 mutex_unlock(&sdata->local->mtx);
2850 cfg80211_put_bss(sdata->local->hw.wiphy, auth_data->bss);
2852 sdata->u.mgd.auth_data = NULL;
2855 static void ieee80211_destroy_assoc_data(struct ieee80211_sub_if_data *sdata,
2856 bool assoc, bool abandon)
2858 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data;
2860 sdata_assert_lock(sdata);
2864 * we are not associated yet, the only timer that could be
2865 * running is the timeout for the association response which
2866 * which is not relevant anymore.
2868 del_timer_sync(&sdata->u.mgd.timer);
2869 sta_info_destroy_addr(sdata, assoc_data->bss->bssid);
2871 eth_zero_addr(sdata->u.mgd.bssid);
2872 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
2873 sdata->u.mgd.flags = 0;
2874 sdata->vif.mu_mimo_owner = false;
2876 mutex_lock(&sdata->local->mtx);
2877 ieee80211_vif_release_channel(sdata);
2878 mutex_unlock(&sdata->local->mtx);
2881 cfg80211_abandon_assoc(sdata->dev, assoc_data->bss);
2885 sdata->u.mgd.assoc_data = NULL;
2888 static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata,
2889 struct ieee80211_mgmt *mgmt, size_t len)
2891 struct ieee80211_local *local = sdata->local;
2892 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data;
2894 struct ieee802_11_elems elems;
2897 pos = mgmt->u.auth.variable;
2898 ieee802_11_parse_elems(pos, len - (pos - (u8 *)mgmt), false, &elems,
2899 mgmt->bssid, auth_data->bss->bssid);
2900 if (!elems.challenge)
2902 auth_data->expected_transaction = 4;
2903 drv_mgd_prepare_tx(sdata->local, sdata, 0);
2904 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
2905 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
2906 IEEE80211_TX_INTFL_MLME_CONN_TX;
2907 ieee80211_send_auth(sdata, 3, auth_data->algorithm, 0,
2908 elems.challenge - 2, elems.challenge_len + 2,
2909 auth_data->bss->bssid, auth_data->bss->bssid,
2910 auth_data->key, auth_data->key_len,
2911 auth_data->key_idx, tx_flags);
2914 static bool ieee80211_mark_sta_auth(struct ieee80211_sub_if_data *sdata,
2917 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2918 struct sta_info *sta;
2921 sdata_info(sdata, "authenticated\n");
2922 ifmgd->auth_data->done = true;
2923 ifmgd->auth_data->timeout = jiffies + IEEE80211_AUTH_WAIT_ASSOC;
2924 ifmgd->auth_data->timeout_started = true;
2925 run_again(sdata, ifmgd->auth_data->timeout);
2927 /* move station state to auth */
2928 mutex_lock(&sdata->local->sta_mtx);
2929 sta = sta_info_get(sdata, bssid);
2931 WARN_ONCE(1, "%s: STA %pM not found", sdata->name, bssid);
2935 if (sta_info_move_state(sta, IEEE80211_STA_AUTH)) {
2936 sdata_info(sdata, "failed moving %pM to auth\n", bssid);
2942 mutex_unlock(&sdata->local->sta_mtx);
2946 static void ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata,
2947 struct ieee80211_mgmt *mgmt, size_t len)
2949 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2951 u16 auth_alg, auth_transaction, status_code;
2952 struct ieee80211_event event = {
2954 .u.mlme.data = AUTH_EVENT,
2957 sdata_assert_lock(sdata);
2962 if (!ifmgd->auth_data || ifmgd->auth_data->done)
2965 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN);
2967 if (!ether_addr_equal(bssid, mgmt->bssid))
2970 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
2971 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
2972 status_code = le16_to_cpu(mgmt->u.auth.status_code);
2974 if (auth_alg != ifmgd->auth_data->algorithm ||
2975 (auth_alg != WLAN_AUTH_SAE &&
2976 auth_transaction != ifmgd->auth_data->expected_transaction) ||
2977 (auth_alg == WLAN_AUTH_SAE &&
2978 (auth_transaction < ifmgd->auth_data->expected_transaction ||
2979 auth_transaction > 2))) {
2980 sdata_info(sdata, "%pM unexpected authentication state: alg %d (expected %d) transact %d (expected %d)\n",
2981 mgmt->sa, auth_alg, ifmgd->auth_data->algorithm,
2983 ifmgd->auth_data->expected_transaction);
2987 if (status_code != WLAN_STATUS_SUCCESS) {
2988 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
2990 if (auth_alg == WLAN_AUTH_SAE &&
2991 status_code == WLAN_STATUS_ANTI_CLOG_REQUIRED)
2994 sdata_info(sdata, "%pM denied authentication (status %d)\n",
2995 mgmt->sa, status_code);
2996 ieee80211_destroy_auth_data(sdata, false);
2997 event.u.mlme.status = MLME_DENIED;
2998 event.u.mlme.reason = status_code;
2999 drv_event_callback(sdata->local, sdata, &event);
3003 switch (ifmgd->auth_data->algorithm) {
3004 case WLAN_AUTH_OPEN:
3005 case WLAN_AUTH_LEAP:
3008 case WLAN_AUTH_FILS_SK:
3009 case WLAN_AUTH_FILS_SK_PFS:
3010 case WLAN_AUTH_FILS_PK:
3012 case WLAN_AUTH_SHARED_KEY:
3013 if (ifmgd->auth_data->expected_transaction != 4) {
3014 ieee80211_auth_challenge(sdata, mgmt, len);
3015 /* need another frame */
3020 WARN_ONCE(1, "invalid auth alg %d",
3021 ifmgd->auth_data->algorithm);
3025 event.u.mlme.status = MLME_SUCCESS;
3026 drv_event_callback(sdata->local, sdata, &event);
3027 if (ifmgd->auth_data->algorithm != WLAN_AUTH_SAE ||
3028 (auth_transaction == 2 &&
3029 ifmgd->auth_data->expected_transaction == 2)) {
3030 if (!ieee80211_mark_sta_auth(sdata, bssid))
3031 return; /* ignore frame -- wait for timeout */
3032 } else if (ifmgd->auth_data->algorithm == WLAN_AUTH_SAE &&
3033 auth_transaction == 2) {
3034 sdata_info(sdata, "SAE peer confirmed\n");
3035 ifmgd->auth_data->peer_confirmed = true;
3038 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
3041 #define case_WLAN(type) \
3042 case WLAN_REASON_##type: return #type
3044 const char *ieee80211_get_reason_code_string(u16 reason_code)
3046 switch (reason_code) {
3047 case_WLAN(UNSPECIFIED);
3048 case_WLAN(PREV_AUTH_NOT_VALID);
3049 case_WLAN(DEAUTH_LEAVING);
3050 case_WLAN(DISASSOC_DUE_TO_INACTIVITY);
3051 case_WLAN(DISASSOC_AP_BUSY);
3052 case_WLAN(CLASS2_FRAME_FROM_NONAUTH_STA);
3053 case_WLAN(CLASS3_FRAME_FROM_NONASSOC_STA);
3054 case_WLAN(DISASSOC_STA_HAS_LEFT);
3055 case_WLAN(STA_REQ_ASSOC_WITHOUT_AUTH);
3056 case_WLAN(DISASSOC_BAD_POWER);
3057 case_WLAN(DISASSOC_BAD_SUPP_CHAN);
3058 case_WLAN(INVALID_IE);
3059 case_WLAN(MIC_FAILURE);
3060 case_WLAN(4WAY_HANDSHAKE_TIMEOUT);
3061 case_WLAN(GROUP_KEY_HANDSHAKE_TIMEOUT);
3062 case_WLAN(IE_DIFFERENT);
3063 case_WLAN(INVALID_GROUP_CIPHER);
3064 case_WLAN(INVALID_PAIRWISE_CIPHER);
3065 case_WLAN(INVALID_AKMP);
3066 case_WLAN(UNSUPP_RSN_VERSION);
3067 case_WLAN(INVALID_RSN_IE_CAP);
3068 case_WLAN(IEEE8021X_FAILED);
3069 case_WLAN(CIPHER_SUITE_REJECTED);
3070 case_WLAN(DISASSOC_UNSPECIFIED_QOS);
3071 case_WLAN(DISASSOC_QAP_NO_BANDWIDTH);
3072 case_WLAN(DISASSOC_LOW_ACK);
3073 case_WLAN(DISASSOC_QAP_EXCEED_TXOP);
3074 case_WLAN(QSTA_LEAVE_QBSS);
3075 case_WLAN(QSTA_NOT_USE);
3076 case_WLAN(QSTA_REQUIRE_SETUP);
3077 case_WLAN(QSTA_TIMEOUT);
3078 case_WLAN(QSTA_CIPHER_NOT_SUPP);
3079 case_WLAN(MESH_PEER_CANCELED);
3080 case_WLAN(MESH_MAX_PEERS);
3081 case_WLAN(MESH_CONFIG);
3082 case_WLAN(MESH_CLOSE);
3083 case_WLAN(MESH_MAX_RETRIES);
3084 case_WLAN(MESH_CONFIRM_TIMEOUT);
3085 case_WLAN(MESH_INVALID_GTK);
3086 case_WLAN(MESH_INCONSISTENT_PARAM);
3087 case_WLAN(MESH_INVALID_SECURITY);
3088 case_WLAN(MESH_PATH_ERROR);
3089 case_WLAN(MESH_PATH_NOFORWARD);
3090 case_WLAN(MESH_PATH_DEST_UNREACHABLE);
3091 case_WLAN(MAC_EXISTS_IN_MBSS);
3092 case_WLAN(MESH_CHAN_REGULATORY);
3093 case_WLAN(MESH_CHAN);
3094 default: return "<unknown>";
3098 static void ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata,
3099 struct ieee80211_mgmt *mgmt, size_t len)
3101 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3102 u16 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
3104 sdata_assert_lock(sdata);
3109 if (!ether_addr_equal(mgmt->bssid, mgmt->sa)) {
3110 ieee80211_tdls_handle_disconnect(sdata, mgmt->sa, reason_code);
3114 if (ifmgd->associated &&
3115 ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) {
3116 const u8 *bssid = ifmgd->associated->bssid;
3118 sdata_info(sdata, "deauthenticated from %pM (Reason: %u=%s)\n",
3120 ieee80211_get_reason_code_string(reason_code));
3122 ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
3124 ieee80211_report_disconnect(sdata, (u8 *)mgmt, len, false,
3129 if (ifmgd->assoc_data &&
3130 ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->bss->bssid)) {
3131 const u8 *bssid = ifmgd->assoc_data->bss->bssid;
3134 "deauthenticated from %pM while associating (Reason: %u=%s)\n",
3136 ieee80211_get_reason_code_string(reason_code));
3138 ieee80211_destroy_assoc_data(sdata, false, true);
3140 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
3146 static void ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata,
3147 struct ieee80211_mgmt *mgmt, size_t len)
3149 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3152 sdata_assert_lock(sdata);
3157 if (!ifmgd->associated ||
3158 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid))
3161 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
3163 if (!ether_addr_equal(mgmt->bssid, mgmt->sa)) {
3164 ieee80211_tdls_handle_disconnect(sdata, mgmt->sa, reason_code);
3168 sdata_info(sdata, "disassociated from %pM (Reason: %u=%s)\n",
3169 mgmt->sa, reason_code,
3170 ieee80211_get_reason_code_string(reason_code));
3172 ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
3174 ieee80211_report_disconnect(sdata, (u8 *)mgmt, len, false, reason_code);
3177 static void ieee80211_get_rates(struct ieee80211_supported_band *sband,
3178 u8 *supp_rates, unsigned int supp_rates_len,
3179 u32 *rates, u32 *basic_rates,
3180 bool *have_higher_than_11mbit,
3181 int *min_rate, int *min_rate_index,
3186 for (i = 0; i < supp_rates_len; i++) {
3187 int rate = supp_rates[i] & 0x7f;
3188 bool is_basic = !!(supp_rates[i] & 0x80);
3190 if ((rate * 5 * (1 << shift)) > 110)
3191 *have_higher_than_11mbit = true;
3194 * Skip HT, VHT and HE BSS membership selectors since they're
3197 * Note: Even though the membership selector and the basic
3198 * rate flag share the same bit, they are not exactly
3201 if (supp_rates[i] == (0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY) ||
3202 supp_rates[i] == (0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY) ||
3203 supp_rates[i] == (0x80 | BSS_MEMBERSHIP_SELECTOR_HE_PHY))
3206 for (j = 0; j < sband->n_bitrates; j++) {
3207 struct ieee80211_rate *br;
3210 br = &sband->bitrates[j];
3212 brate = DIV_ROUND_UP(br->bitrate, (1 << shift) * 5);
3213 if (brate == rate) {
3216 *basic_rates |= BIT(j);
3217 if ((rate * 5) < *min_rate) {
3218 *min_rate = rate * 5;
3219 *min_rate_index = j;
3227 static bool ieee80211_twt_req_supported(const struct sta_info *sta,
3228 const struct ieee802_11_elems *elems)
3230 if (elems->ext_capab_len < 10)
3233 if (!(elems->ext_capab[9] & WLAN_EXT_CAPA10_TWT_RESPONDER_SUPPORT))
3236 return sta->sta.he_cap.he_cap_elem.mac_cap_info[0] &
3237 IEEE80211_HE_MAC_CAP0_TWT_RES;
3240 static int ieee80211_recalc_twt_req(struct ieee80211_sub_if_data *sdata,
3241 struct sta_info *sta,
3242 struct ieee802_11_elems *elems)
3244 bool twt = ieee80211_twt_req_supported(sta, elems);
3246 if (sdata->vif.bss_conf.twt_requester != twt) {
3247 sdata->vif.bss_conf.twt_requester = twt;
3248 return BSS_CHANGED_TWT;
3253 static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata,
3254 struct cfg80211_bss *cbss,
3255 struct ieee80211_mgmt *mgmt, size_t len,
3256 struct ieee802_11_elems *elems)
3258 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3259 struct ieee80211_local *local = sdata->local;
3260 struct ieee80211_supported_band *sband;
3261 struct sta_info *sta;
3262 u16 capab_info, aid;
3263 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
3264 const struct cfg80211_bss_ies *bss_ies = NULL;
3265 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
3266 bool is_6ghz = cbss->channel->band == NL80211_BAND_6GHZ;
3271 /* AssocResp and ReassocResp have identical structure */
3273 aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
3274 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
3277 * The 5 MSB of the AID field are reserved
3278 * (802.11-2016 9.4.1.8 AID field)
3282 ifmgd->broken_ap = false;
3284 if (aid == 0 || aid > IEEE80211_MAX_AID) {
3285 sdata_info(sdata, "invalid AID value %d (out of range), turn off PS\n",
3288 ifmgd->broken_ap = true;
3291 if (!elems->supp_rates) {
3292 sdata_info(sdata, "no SuppRates element in AssocResp\n");
3296 sdata->vif.bss_conf.aid = aid;
3297 ifmgd->tdls_chan_switch_prohibited =
3298 elems->ext_capab && elems->ext_capab_len >= 5 &&
3299 (elems->ext_capab[4] & WLAN_EXT_CAPA5_TDLS_CH_SW_PROHIBITED);
3302 * Some APs are erroneously not including some information in their
3303 * (re)association response frames. Try to recover by using the data
3304 * from the beacon or probe response. This seems to afflict mobile
3305 * 2G/3G/4G wifi routers, reported models include the "Onda PN51T",
3306 * "Vodafone PocketWiFi 2", "ZTE MF60" and a similar T-Mobile device.
3309 ((assoc_data->wmm && !elems->wmm_param) ||
3310 (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
3311 (!elems->ht_cap_elem || !elems->ht_operation)) ||
3312 (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) &&
3313 (!elems->vht_cap_elem || !elems->vht_operation)))) {
3314 const struct cfg80211_bss_ies *ies;
3315 struct ieee802_11_elems bss_elems;
3318 ies = rcu_dereference(cbss->ies);
3320 bss_ies = kmemdup(ies, sizeof(*ies) + ies->len,
3326 ieee802_11_parse_elems(bss_ies->data, bss_ies->len,
3329 assoc_data->bss->bssid);
3330 if (assoc_data->wmm &&
3331 !elems->wmm_param && bss_elems.wmm_param) {
3332 elems->wmm_param = bss_elems.wmm_param;
3334 "AP bug: WMM param missing from AssocResp\n");
3338 * Also check if we requested HT/VHT, otherwise the AP doesn't
3339 * have to include the IEs in the (re)association response.
3341 if (!elems->ht_cap_elem && bss_elems.ht_cap_elem &&
3342 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) {
3343 elems->ht_cap_elem = bss_elems.ht_cap_elem;
3345 "AP bug: HT capability missing from AssocResp\n");
3347 if (!elems->ht_operation && bss_elems.ht_operation &&
3348 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) {
3349 elems->ht_operation = bss_elems.ht_operation;
3351 "AP bug: HT operation missing from AssocResp\n");
3353 if (!elems->vht_cap_elem && bss_elems.vht_cap_elem &&
3354 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) {
3355 elems->vht_cap_elem = bss_elems.vht_cap_elem;
3357 "AP bug: VHT capa missing from AssocResp\n");
3359 if (!elems->vht_operation && bss_elems.vht_operation &&
3360 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) {
3361 elems->vht_operation = bss_elems.vht_operation;
3363 "AP bug: VHT operation missing from AssocResp\n");
3368 * We previously checked these in the beacon/probe response, so
3369 * they should be present here. This is just a safety net.
3371 if (!is_6ghz && !(ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
3372 (!elems->wmm_param || !elems->ht_cap_elem || !elems->ht_operation)) {
3374 "HT AP is missing WMM params or HT capability/operation\n");
3379 if (!is_6ghz && !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) &&
3380 (!elems->vht_cap_elem || !elems->vht_operation)) {
3382 "VHT AP is missing VHT capability/operation\n");
3387 if (is_6ghz && !(ifmgd->flags & IEEE80211_STA_DISABLE_HE) &&
3388 !elems->he_6ghz_capa) {
3390 "HE 6 GHz AP is missing HE 6 GHz band capability\n");
3395 mutex_lock(&sdata->local->sta_mtx);
3397 * station info was already allocated and inserted before
3398 * the association and should be available to us
3400 sta = sta_info_get(sdata, cbss->bssid);
3401 if (WARN_ON(!sta)) {
3402 mutex_unlock(&sdata->local->sta_mtx);
3407 sband = ieee80211_get_sband(sdata);
3409 mutex_unlock(&sdata->local->sta_mtx);
3414 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HE) &&
3415 (!elems->he_cap || !elems->he_operation)) {
3416 mutex_unlock(&sdata->local->sta_mtx);
3418 "HE AP is missing HE capability/operation\n");
3423 /* Set up internal HT/VHT capabilities */
3424 if (elems->ht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_HT))
3425 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband,
3426 elems->ht_cap_elem, sta);
3428 if (elems->vht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
3429 ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband,
3430 elems->vht_cap_elem, sta);
3432 if (elems->he_operation && !(ifmgd->flags & IEEE80211_STA_DISABLE_HE) &&
3434 ieee80211_he_cap_ie_to_sta_he_cap(sdata, sband,
3437 elems->he_6ghz_capa,
3440 bss_conf->he_support = sta->sta.he_cap.has_he;
3441 if (elems->rsnx && elems->rsnx_len &&
3442 (elems->rsnx[0] & WLAN_RSNX_CAPA_PROTECTED_TWT) &&
3443 wiphy_ext_feature_isset(local->hw.wiphy,
3444 NL80211_EXT_FEATURE_PROTECTED_TWT))
3445 bss_conf->twt_protected = true;
3447 bss_conf->twt_protected = false;
3449 changed |= ieee80211_recalc_twt_req(sdata, sta, elems);
3451 bss_conf->he_support = false;
3452 bss_conf->twt_requester = false;
3453 bss_conf->twt_protected = false;
3456 if (bss_conf->he_support) {
3457 bss_conf->he_bss_color.color =
3458 le32_get_bits(elems->he_operation->he_oper_params,
3459 IEEE80211_HE_OPERATION_BSS_COLOR_MASK);
3460 bss_conf->he_bss_color.partial =
3461 le32_get_bits(elems->he_operation->he_oper_params,
3462 IEEE80211_HE_OPERATION_PARTIAL_BSS_COLOR);
3463 bss_conf->he_bss_color.disabled =
3464 le32_get_bits(elems->he_operation->he_oper_params,
3465 IEEE80211_HE_OPERATION_BSS_COLOR_DISABLED);
3466 changed |= BSS_CHANGED_HE_BSS_COLOR;
3468 bss_conf->htc_trig_based_pkt_ext =
3469 le32_get_bits(elems->he_operation->he_oper_params,
3470 IEEE80211_HE_OPERATION_DFLT_PE_DURATION_MASK);
3471 bss_conf->frame_time_rts_th =
3472 le32_get_bits(elems->he_operation->he_oper_params,
3473 IEEE80211_HE_OPERATION_RTS_THRESHOLD_MASK);
3475 bss_conf->multi_sta_back_32bit =
3476 sta->sta.he_cap.he_cap_elem.mac_cap_info[2] &
3477 IEEE80211_HE_MAC_CAP2_32BIT_BA_BITMAP;
3479 bss_conf->ack_enabled =
3480 sta->sta.he_cap.he_cap_elem.mac_cap_info[2] &
3481 IEEE80211_HE_MAC_CAP2_ACK_EN;
3483 bss_conf->uora_exists = !!elems->uora_element;
3484 if (elems->uora_element)
3485 bss_conf->uora_ocw_range = elems->uora_element[0];
3487 ieee80211_he_op_ie_to_bss_conf(&sdata->vif, elems->he_operation);
3488 ieee80211_he_spr_ie_to_bss_conf(&sdata->vif, elems->he_spr);
3489 /* TODO: OPEN: what happens if BSS color disable is set? */
3492 if (cbss->transmitted_bss) {
3493 bss_conf->nontransmitted = true;
3494 ether_addr_copy(bss_conf->transmitter_bssid,
3495 cbss->transmitted_bss->bssid);
3496 bss_conf->bssid_indicator = cbss->max_bssid_indicator;
3497 bss_conf->bssid_index = cbss->bssid_index;
3501 * Some APs, e.g. Netgear WNDR3700, report invalid HT operation data
3502 * in their association response, so ignore that data for our own
3503 * configuration. If it changed since the last beacon, we'll get the
3504 * next beacon and update then.
3508 * If an operating mode notification IE is present, override the
3509 * NSS calculation (that would be done in rate_control_rate_init())
3510 * and use the # of streams from that element.
3512 if (elems->opmode_notif &&
3513 !(*elems->opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_TYPE_BF)) {
3516 nss = *elems->opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_MASK;
3517 nss >>= IEEE80211_OPMODE_NOTIF_RX_NSS_SHIFT;
3519 sta->sta.rx_nss = nss;
3522 rate_control_rate_init(sta);
3524 if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED) {
3525 set_sta_flag(sta, WLAN_STA_MFP);
3526 sta->sta.mfp = true;
3528 sta->sta.mfp = false;
3531 sta->sta.wme = elems->wmm_param && local->hw.queues >= IEEE80211_NUM_ACS;
3533 err = sta_info_move_state(sta, IEEE80211_STA_ASSOC);
3534 if (!err && !(ifmgd->flags & IEEE80211_STA_CONTROL_PORT))
3535 err = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED);
3538 "failed to move station %pM to desired state\n",
3540 WARN_ON(__sta_info_destroy(sta));
3541 mutex_unlock(&sdata->local->sta_mtx);
3546 mutex_unlock(&sdata->local->sta_mtx);
3549 * Always handle WMM once after association regardless
3550 * of the first value the AP uses. Setting -1 here has
3551 * that effect because the AP values is an unsigned
3554 ifmgd->wmm_last_param_set = -1;
3555 ifmgd->mu_edca_last_param_set = -1;
3557 if (ifmgd->flags & IEEE80211_STA_DISABLE_WMM) {
3558 ieee80211_set_wmm_default(sdata, false, false);
3559 } else if (!ieee80211_sta_wmm_params(local, sdata, elems->wmm_param,
3560 elems->wmm_param_len,
3561 elems->mu_edca_param_set)) {
3562 /* still enable QoS since we might have HT/VHT */
3563 ieee80211_set_wmm_default(sdata, false, true);
3564 /* set the disable-WMM flag in this case to disable
3565 * tracking WMM parameter changes in the beacon if
3566 * the parameters weren't actually valid. Doing so
3567 * avoids changing parameters very strangely when
3568 * the AP is going back and forth between valid and
3569 * invalid parameters.
3571 ifmgd->flags |= IEEE80211_STA_DISABLE_WMM;
3573 changed |= BSS_CHANGED_QOS;
3575 if (elems->max_idle_period_ie) {
3576 bss_conf->max_idle_period =
3577 le16_to_cpu(elems->max_idle_period_ie->max_idle_period);
3578 bss_conf->protected_keep_alive =
3579 !!(elems->max_idle_period_ie->idle_options &
3580 WLAN_IDLE_OPTIONS_PROTECTED_KEEP_ALIVE);
3581 changed |= BSS_CHANGED_KEEP_ALIVE;
3583 bss_conf->max_idle_period = 0;
3584 bss_conf->protected_keep_alive = false;
3587 /* set assoc capability (AID was already set earlier),
3588 * ieee80211_set_associated() will tell the driver */
3589 bss_conf->assoc_capability = capab_info;
3590 ieee80211_set_associated(sdata, cbss, changed);
3593 * If we're using 4-addr mode, let the AP know that we're
3594 * doing so, so that it can create the STA VLAN on its side
3596 if (ifmgd->use_4addr)
3597 ieee80211_send_4addr_nullfunc(local, sdata);
3600 * Start timer to probe the connection to the AP now.
3601 * Also start the timer that will detect beacon loss.
3603 ieee80211_sta_rx_notify(sdata, (struct ieee80211_hdr *)mgmt);
3604 ieee80211_sta_reset_beacon_monitor(sdata);
3612 static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
3613 struct ieee80211_mgmt *mgmt,
3616 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3617 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
3618 u16 capab_info, status_code, aid;
3619 struct ieee802_11_elems elems;
3620 int ac, uapsd_queues = -1;
3623 struct cfg80211_bss *bss;
3624 struct ieee80211_event event = {
3626 .u.mlme.data = ASSOC_EVENT,
3629 sdata_assert_lock(sdata);
3633 if (!ether_addr_equal(assoc_data->bss->bssid, mgmt->bssid))
3637 * AssocResp and ReassocResp have identical structure, so process both
3638 * of them in this function.
3644 reassoc = ieee80211_is_reassoc_resp(mgmt->frame_control);
3645 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
3646 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
3647 aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
3650 "RX %sssocResp from %pM (capab=0x%x status=%d aid=%d)\n",
3651 reassoc ? "Rea" : "A", mgmt->sa,
3652 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14))));
3654 if (assoc_data->fils_kek_len &&
3655 fils_decrypt_assoc_resp(sdata, (u8 *)mgmt, &len, assoc_data) < 0)
3658 pos = mgmt->u.assoc_resp.variable;
3659 ieee802_11_parse_elems(pos, len - (pos - (u8 *)mgmt), false, &elems,
3660 mgmt->bssid, assoc_data->bss->bssid);
3662 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY &&
3663 elems.timeout_int &&
3664 elems.timeout_int->type == WLAN_TIMEOUT_ASSOC_COMEBACK) {
3666 tu = le32_to_cpu(elems.timeout_int->value);
3667 ms = tu * 1024 / 1000;
3669 "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n",
3671 assoc_data->timeout = jiffies + msecs_to_jiffies(ms);
3672 assoc_data->timeout_started = true;
3673 if (ms > IEEE80211_ASSOC_TIMEOUT)
3674 run_again(sdata, assoc_data->timeout);
3678 bss = assoc_data->bss;
3680 if (status_code != WLAN_STATUS_SUCCESS) {
3681 sdata_info(sdata, "%pM denied association (code=%d)\n",
3682 mgmt->sa, status_code);
3683 ieee80211_destroy_assoc_data(sdata, false, false);
3684 event.u.mlme.status = MLME_DENIED;
3685 event.u.mlme.reason = status_code;
3686 drv_event_callback(sdata->local, sdata, &event);
3688 if (!ieee80211_assoc_success(sdata, bss, mgmt, len, &elems)) {
3689 /* oops -- internal error -- send timeout for now */
3690 ieee80211_destroy_assoc_data(sdata, false, false);
3691 cfg80211_assoc_timeout(sdata->dev, bss);
3694 event.u.mlme.status = MLME_SUCCESS;
3695 drv_event_callback(sdata->local, sdata, &event);
3696 sdata_info(sdata, "associated\n");
3699 * destroy assoc_data afterwards, as otherwise an idle
3700 * recalc after assoc_data is NULL but before associated
3701 * is set can cause the interface to go idle
3703 ieee80211_destroy_assoc_data(sdata, true, false);
3705 /* get uapsd queues configuration */
3707 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++)
3708 if (sdata->tx_conf[ac].uapsd)
3709 uapsd_queues |= ieee80211_ac_to_qos_mask[ac];
3712 cfg80211_rx_assoc_resp(sdata->dev, bss, (u8 *)mgmt, len, uapsd_queues,
3713 ifmgd->assoc_req_ies, ifmgd->assoc_req_ies_len);
3716 static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
3717 struct ieee80211_mgmt *mgmt, size_t len,
3718 struct ieee80211_rx_status *rx_status)
3720 struct ieee80211_local *local = sdata->local;
3721 struct ieee80211_bss *bss;
3722 struct ieee80211_channel *channel;
3724 sdata_assert_lock(sdata);
3726 channel = ieee80211_get_channel_khz(local->hw.wiphy,
3727 ieee80211_rx_status_to_khz(rx_status));
3731 bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, channel);
3733 sdata->vif.bss_conf.beacon_rate = bss->beacon_rate;
3734 ieee80211_rx_bss_put(local, bss);
3739 static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata,
3740 struct sk_buff *skb)
3742 struct ieee80211_mgmt *mgmt = (void *)skb->data;
3743 struct ieee80211_if_managed *ifmgd;
3744 struct ieee80211_rx_status *rx_status = (void *) skb->cb;
3745 struct ieee80211_channel *channel;
3746 size_t baselen, len = skb->len;
3748 ifmgd = &sdata->u.mgd;
3750 sdata_assert_lock(sdata);
3753 * According to Draft P802.11ax D6.0 clause 26.17.2.3.2:
3754 * "If a 6 GHz AP receives a Probe Request frame and responds with
3755 * a Probe Response frame [..], the Address 1 field of the Probe
3756 * Response frame shall be set to the broadcast address [..]"
3757 * So, on 6GHz band we should also accept broadcast responses.
3759 channel = ieee80211_get_channel(sdata->local->hw.wiphy,
3764 if (!ether_addr_equal(mgmt->da, sdata->vif.addr) &&
3765 (channel->band != NL80211_BAND_6GHZ ||
3766 !is_broadcast_ether_addr(mgmt->da)))
3767 return; /* ignore ProbeResp to foreign address */
3769 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt;
3773 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status);
3775 if (ifmgd->associated &&
3776 ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid))
3777 ieee80211_reset_ap_probe(sdata);
3781 * This is the canonical list of information elements we care about,
3782 * the filter code also gives us all changes to the Microsoft OUI
3783 * (00:50:F2) vendor IE which is used for WMM which we need to track,
3784 * as well as the DTPC IE (part of the Cisco OUI) used for signaling
3785 * changes to requested client power.
3787 * We implement beacon filtering in software since that means we can
3788 * avoid processing the frame here and in cfg80211, and userspace
3789 * will not be able to tell whether the hardware supports it or not.
3791 * XXX: This list needs to be dynamic -- userspace needs to be able to
3792 * add items it requires. It also needs to be able to tell us to
3793 * look out for other vendor IEs.
3795 static const u64 care_about_ies =
3796 (1ULL << WLAN_EID_COUNTRY) |
3797 (1ULL << WLAN_EID_ERP_INFO) |
3798 (1ULL << WLAN_EID_CHANNEL_SWITCH) |
3799 (1ULL << WLAN_EID_PWR_CONSTRAINT) |
3800 (1ULL << WLAN_EID_HT_CAPABILITY) |
3801 (1ULL << WLAN_EID_HT_OPERATION) |
3802 (1ULL << WLAN_EID_EXT_CHANSWITCH_ANN);
3804 static void ieee80211_handle_beacon_sig(struct ieee80211_sub_if_data *sdata,
3805 struct ieee80211_if_managed *ifmgd,
3806 struct ieee80211_bss_conf *bss_conf,
3807 struct ieee80211_local *local,
3808 struct ieee80211_rx_status *rx_status)
3810 /* Track average RSSI from the Beacon frames of the current AP */
3812 if (ifmgd->flags & IEEE80211_STA_RESET_SIGNAL_AVE) {
3813 ifmgd->flags &= ~IEEE80211_STA_RESET_SIGNAL_AVE;
3814 ewma_beacon_signal_init(&ifmgd->ave_beacon_signal);
3815 ifmgd->last_cqm_event_signal = 0;
3816 ifmgd->count_beacon_signal = 1;
3817 ifmgd->last_ave_beacon_signal = 0;
3819 ifmgd->count_beacon_signal++;
3822 ewma_beacon_signal_add(&ifmgd->ave_beacon_signal, -rx_status->signal);
3824 if (ifmgd->rssi_min_thold != ifmgd->rssi_max_thold &&
3825 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) {
3826 int sig = -ewma_beacon_signal_read(&ifmgd->ave_beacon_signal);
3827 int last_sig = ifmgd->last_ave_beacon_signal;
3828 struct ieee80211_event event = {
3833 * if signal crosses either of the boundaries, invoke callback
3834 * with appropriate parameters
3836 if (sig > ifmgd->rssi_max_thold &&
3837 (last_sig <= ifmgd->rssi_min_thold || last_sig == 0)) {
3838 ifmgd->last_ave_beacon_signal = sig;
3839 event.u.rssi.data = RSSI_EVENT_HIGH;
3840 drv_event_callback(local, sdata, &event);
3841 } else if (sig < ifmgd->rssi_min_thold &&
3842 (last_sig >= ifmgd->rssi_max_thold ||
3844 ifmgd->last_ave_beacon_signal = sig;
3845 event.u.rssi.data = RSSI_EVENT_LOW;
3846 drv_event_callback(local, sdata, &event);
3850 if (bss_conf->cqm_rssi_thold &&
3851 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT &&
3852 !(sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI)) {
3853 int sig = -ewma_beacon_signal_read(&ifmgd->ave_beacon_signal);
3854 int last_event = ifmgd->last_cqm_event_signal;
3855 int thold = bss_conf->cqm_rssi_thold;
3856 int hyst = bss_conf->cqm_rssi_hyst;
3859 (last_event == 0 || sig < last_event - hyst)) {
3860 ifmgd->last_cqm_event_signal = sig;
3861 ieee80211_cqm_rssi_notify(
3863 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW,
3865 } else if (sig > thold &&
3866 (last_event == 0 || sig > last_event + hyst)) {
3867 ifmgd->last_cqm_event_signal = sig;
3868 ieee80211_cqm_rssi_notify(
3870 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH,
3875 if (bss_conf->cqm_rssi_low &&
3876 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) {
3877 int sig = -ewma_beacon_signal_read(&ifmgd->ave_beacon_signal);
3878 int last_event = ifmgd->last_cqm_event_signal;
3879 int low = bss_conf->cqm_rssi_low;
3880 int high = bss_conf->cqm_rssi_high;
3883 (last_event == 0 || last_event >= low)) {
3884 ifmgd->last_cqm_event_signal = sig;
3885 ieee80211_cqm_rssi_notify(
3887 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW,
3889 } else if (sig > high &&
3890 (last_event == 0 || last_event <= high)) {
3891 ifmgd->last_cqm_event_signal = sig;
3892 ieee80211_cqm_rssi_notify(
3894 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH,
3900 static bool ieee80211_rx_our_beacon(const u8 *tx_bssid,
3901 struct cfg80211_bss *bss)
3903 if (ether_addr_equal(tx_bssid, bss->bssid))
3905 if (!bss->transmitted_bss)
3907 return ether_addr_equal(tx_bssid, bss->transmitted_bss->bssid);
3910 static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
3911 struct ieee80211_mgmt *mgmt, size_t len,
3912 struct ieee80211_rx_status *rx_status)
3914 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3915 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
3917 struct ieee802_11_elems elems;
3918 struct ieee80211_local *local = sdata->local;
3919 struct ieee80211_chanctx_conf *chanctx_conf;
3920 struct ieee80211_channel *chan;
3921 struct sta_info *sta;
3927 u8 deauth_buf[IEEE80211_DEAUTH_FRAME_LEN];
3929 sdata_assert_lock(sdata);
3931 /* Process beacon from the current BSS */
3932 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
3937 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
3938 if (!chanctx_conf) {
3943 if (ieee80211_rx_status_to_khz(rx_status) !=
3944 ieee80211_channel_to_khz(chanctx_conf->def.chan)) {
3948 chan = chanctx_conf->def.chan;
3951 if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon &&
3952 ieee80211_rx_our_beacon(mgmt->bssid, ifmgd->assoc_data->bss)) {
3953 ieee802_11_parse_elems(mgmt->u.beacon.variable,
3954 len - baselen, false, &elems,
3956 ifmgd->assoc_data->bss->bssid);
3958 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status);
3960 if (elems.dtim_period)
3961 ifmgd->dtim_period = elems.dtim_period;
3962 ifmgd->have_beacon = true;
3963 ifmgd->assoc_data->need_beacon = false;
3964 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY)) {
3965 sdata->vif.bss_conf.sync_tsf =
3966 le64_to_cpu(mgmt->u.beacon.timestamp);
3967 sdata->vif.bss_conf.sync_device_ts =
3968 rx_status->device_timestamp;
3969 sdata->vif.bss_conf.sync_dtim_count = elems.dtim_count;
3972 if (elems.mbssid_config_ie)
3973 bss_conf->profile_periodicity =
3974 elems.mbssid_config_ie->profile_periodicity;
3976 if (elems.ext_capab_len >= 11 &&
3977 (elems.ext_capab[10] & WLAN_EXT_CAPA11_EMA_SUPPORT))
3978 bss_conf->ema_ap = true;
3980 /* continue assoc process */
3981 ifmgd->assoc_data->timeout = jiffies;
3982 ifmgd->assoc_data->timeout_started = true;
3983 run_again(sdata, ifmgd->assoc_data->timeout);
3987 if (!ifmgd->associated ||
3988 !ieee80211_rx_our_beacon(mgmt->bssid, ifmgd->associated))
3990 bssid = ifmgd->associated->bssid;
3992 if (!(rx_status->flag & RX_FLAG_NO_SIGNAL_VAL))
3993 ieee80211_handle_beacon_sig(sdata, ifmgd, bss_conf,
3996 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) {
3997 mlme_dbg_ratelimited(sdata,
3998 "cancelling AP probe due to a received beacon\n");
3999 ieee80211_reset_ap_probe(sdata);
4003 * Push the beacon loss detection into the future since
4004 * we are processing a beacon from the AP just now.
4006 ieee80211_sta_reset_beacon_monitor(sdata);
4008 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4);
4009 ncrc = ieee802_11_parse_elems_crc(mgmt->u.beacon.variable,
4010 len - baselen, false, &elems,
4011 care_about_ies, ncrc,
4012 mgmt->bssid, bssid);
4014 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) &&
4015 ieee80211_check_tim(elems.tim, elems.tim_len, bss_conf->aid)) {
4016 if (local->hw.conf.dynamic_ps_timeout > 0) {
4017 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
4018 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
4019 ieee80211_hw_config(local,
4020 IEEE80211_CONF_CHANGE_PS);
4022 ieee80211_send_nullfunc(local, sdata, false);
4023 } else if (!local->pspolling && sdata->u.mgd.powersave) {
4024 local->pspolling = true;
4027 * Here is assumed that the driver will be
4028 * able to send ps-poll frame and receive a
4029 * response even though power save mode is
4030 * enabled, but some drivers might require
4031 * to disable power save here. This needs
4032 * to be investigated.
4034 ieee80211_send_pspoll(local, sdata);
4038 if (sdata->vif.p2p ||
4039 sdata->vif.driver_flags & IEEE80211_VIF_GET_NOA_UPDATE) {
4040 struct ieee80211_p2p_noa_attr noa = {};
4043 ret = cfg80211_get_p2p_attr(mgmt->u.beacon.variable,
4045 IEEE80211_P2P_ATTR_ABSENCE_NOTICE,
4046 (u8 *) &noa, sizeof(noa));
4048 if (sdata->u.mgd.p2p_noa_index != noa.index) {
4049 /* valid noa_attr and index changed */
4050 sdata->u.mgd.p2p_noa_index = noa.index;
4051 memcpy(&bss_conf->p2p_noa_attr, &noa, sizeof(noa));
4052 changed |= BSS_CHANGED_P2P_PS;
4054 * make sure we update all information, the CRC
4055 * mechanism doesn't look at P2P attributes.
4057 ifmgd->beacon_crc_valid = false;
4059 } else if (sdata->u.mgd.p2p_noa_index != -1) {
4060 /* noa_attr not found and we had valid noa_attr before */
4061 sdata->u.mgd.p2p_noa_index = -1;
4062 memset(&bss_conf->p2p_noa_attr, 0, sizeof(bss_conf->p2p_noa_attr));
4063 changed |= BSS_CHANGED_P2P_PS;
4064 ifmgd->beacon_crc_valid = false;
4068 if (ifmgd->csa_waiting_bcn)
4069 ieee80211_chswitch_post_beacon(sdata);
4072 * Update beacon timing and dtim count on every beacon appearance. This
4073 * will allow the driver to use the most updated values. Do it before
4074 * comparing this one with last received beacon.
4075 * IMPORTANT: These parameters would possibly be out of sync by the time
4076 * the driver will use them. The synchronized view is currently
4077 * guaranteed only in certain callbacks.
4079 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY)) {
4080 sdata->vif.bss_conf.sync_tsf =
4081 le64_to_cpu(mgmt->u.beacon.timestamp);
4082 sdata->vif.bss_conf.sync_device_ts =
4083 rx_status->device_timestamp;
4084 sdata->vif.bss_conf.sync_dtim_count = elems.dtim_count;
4087 if (ncrc == ifmgd->beacon_crc && ifmgd->beacon_crc_valid)
4089 ifmgd->beacon_crc = ncrc;
4090 ifmgd->beacon_crc_valid = true;
4092 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status);
4094 ieee80211_sta_process_chanswitch(sdata, rx_status->mactime,
4095 rx_status->device_timestamp,
4098 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_WMM) &&
4099 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param,
4100 elems.wmm_param_len,
4101 elems.mu_edca_param_set))
4102 changed |= BSS_CHANGED_QOS;
4105 * If we haven't had a beacon before, tell the driver about the
4106 * DTIM period (and beacon timing if desired) now.
4108 if (!ifmgd->have_beacon) {
4109 /* a few bogus AP send dtim_period = 0 or no TIM IE */
4110 bss_conf->dtim_period = elems.dtim_period ?: 1;
4112 changed |= BSS_CHANGED_BEACON_INFO;
4113 ifmgd->have_beacon = true;
4115 mutex_lock(&local->iflist_mtx);
4116 ieee80211_recalc_ps(local);
4117 mutex_unlock(&local->iflist_mtx);
4119 ieee80211_recalc_ps_vif(sdata);
4122 if (elems.erp_info) {
4124 erp_value = elems.erp_info[0];
4128 changed |= ieee80211_handle_bss_capability(sdata,
4129 le16_to_cpu(mgmt->u.beacon.capab_info),
4130 erp_valid, erp_value);
4132 mutex_lock(&local->sta_mtx);
4133 sta = sta_info_get(sdata, bssid);
4135 changed |= ieee80211_recalc_twt_req(sdata, sta, &elems);
4137 if (ieee80211_config_bw(sdata, sta, elems.ht_cap_elem,
4138 elems.vht_cap_elem, elems.ht_operation,
4139 elems.vht_operation, elems.he_operation,
4141 mutex_unlock(&local->sta_mtx);
4143 "failed to follow AP %pM bandwidth change, disconnect\n",
4145 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
4146 WLAN_REASON_DEAUTH_LEAVING,
4148 ieee80211_report_disconnect(sdata, deauth_buf,
4149 sizeof(deauth_buf), true,
4150 WLAN_REASON_DEAUTH_LEAVING);
4154 if (sta && elems.opmode_notif)
4155 ieee80211_vht_handle_opmode(sdata, sta, *elems.opmode_notif,
4157 mutex_unlock(&local->sta_mtx);
4159 changed |= ieee80211_handle_pwr_constr(sdata, chan, mgmt,
4161 elems.country_elem_len,
4162 elems.pwr_constr_elem,
4163 elems.cisco_dtpc_elem);
4165 ieee80211_bss_info_change_notify(sdata, changed);
4168 void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
4169 struct sk_buff *skb)
4171 struct ieee80211_rx_status *rx_status;
4172 struct ieee80211_mgmt *mgmt;
4174 struct ieee802_11_elems elems;
4177 rx_status = (struct ieee80211_rx_status *) skb->cb;
4178 mgmt = (struct ieee80211_mgmt *) skb->data;
4179 fc = le16_to_cpu(mgmt->frame_control);
4183 switch (fc & IEEE80211_FCTL_STYPE) {
4184 case IEEE80211_STYPE_BEACON:
4185 ieee80211_rx_mgmt_beacon(sdata, mgmt, skb->len, rx_status);
4187 case IEEE80211_STYPE_PROBE_RESP:
4188 ieee80211_rx_mgmt_probe_resp(sdata, skb);
4190 case IEEE80211_STYPE_AUTH:
4191 ieee80211_rx_mgmt_auth(sdata, mgmt, skb->len);
4193 case IEEE80211_STYPE_DEAUTH:
4194 ieee80211_rx_mgmt_deauth(sdata, mgmt, skb->len);
4196 case IEEE80211_STYPE_DISASSOC:
4197 ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len);
4199 case IEEE80211_STYPE_ASSOC_RESP:
4200 case IEEE80211_STYPE_REASSOC_RESP:
4201 ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len);
4203 case IEEE80211_STYPE_ACTION:
4204 if (mgmt->u.action.category == WLAN_CATEGORY_SPECTRUM_MGMT) {
4205 ies_len = skb->len -
4206 offsetof(struct ieee80211_mgmt,
4207 u.action.u.chan_switch.variable);
4212 /* CSA IE cannot be overridden, no need for BSSID */
4213 ieee802_11_parse_elems(
4214 mgmt->u.action.u.chan_switch.variable,
4215 ies_len, true, &elems, mgmt->bssid, NULL);
4217 if (elems.parse_error)
4220 ieee80211_sta_process_chanswitch(sdata,
4222 rx_status->device_timestamp,
4224 } else if (mgmt->u.action.category == WLAN_CATEGORY_PUBLIC) {
4225 ies_len = skb->len -
4226 offsetof(struct ieee80211_mgmt,
4227 u.action.u.ext_chan_switch.variable);
4233 * extended CSA IE can't be overridden, no need for
4236 ieee802_11_parse_elems(
4237 mgmt->u.action.u.ext_chan_switch.variable,
4238 ies_len, true, &elems, mgmt->bssid, NULL);
4240 if (elems.parse_error)
4243 /* for the handling code pretend this was also an IE */
4244 elems.ext_chansw_ie =
4245 &mgmt->u.action.u.ext_chan_switch.data;
4247 ieee80211_sta_process_chanswitch(sdata,
4249 rx_status->device_timestamp,
4254 sdata_unlock(sdata);
4257 static void ieee80211_sta_timer(struct timer_list *t)
4259 struct ieee80211_sub_if_data *sdata =
4260 from_timer(sdata, t, u.mgd.timer);
4262 ieee80211_queue_work(&sdata->local->hw, &sdata->work);
4265 static void ieee80211_sta_connection_lost(struct ieee80211_sub_if_data *sdata,
4266 u8 *bssid, u8 reason, bool tx)
4268 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
4270 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, reason,
4273 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true,
4277 static int ieee80211_auth(struct ieee80211_sub_if_data *sdata)
4279 struct ieee80211_local *local = sdata->local;
4280 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4281 struct ieee80211_mgd_auth_data *auth_data = ifmgd->auth_data;
4285 u16 prepare_tx_duration = 0;
4287 sdata_assert_lock(sdata);
4289 if (WARN_ON_ONCE(!auth_data))
4294 if (auth_data->tries > IEEE80211_AUTH_MAX_TRIES) {
4295 sdata_info(sdata, "authentication with %pM timed out\n",
4296 auth_data->bss->bssid);
4299 * Most likely AP is not in the range so remove the
4300 * bss struct for that AP.
4302 cfg80211_unlink_bss(local->hw.wiphy, auth_data->bss);
4307 if (auth_data->algorithm == WLAN_AUTH_SAE)
4308 prepare_tx_duration =
4309 jiffies_to_msecs(IEEE80211_AUTH_TIMEOUT_SAE);
4311 drv_mgd_prepare_tx(local, sdata, prepare_tx_duration);
4313 sdata_info(sdata, "send auth to %pM (try %d/%d)\n",
4314 auth_data->bss->bssid, auth_data->tries,
4315 IEEE80211_AUTH_MAX_TRIES);
4317 auth_data->expected_transaction = 2;
4319 if (auth_data->algorithm == WLAN_AUTH_SAE) {
4320 trans = auth_data->sae_trans;
4321 status = auth_data->sae_status;
4322 auth_data->expected_transaction = trans;
4325 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
4326 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
4327 IEEE80211_TX_INTFL_MLME_CONN_TX;
4329 ieee80211_send_auth(sdata, trans, auth_data->algorithm, status,
4330 auth_data->data, auth_data->data_len,
4331 auth_data->bss->bssid,
4332 auth_data->bss->bssid, NULL, 0, 0,
4335 if (tx_flags == 0) {
4336 if (auth_data->algorithm == WLAN_AUTH_SAE)
4337 auth_data->timeout = jiffies +
4338 IEEE80211_AUTH_TIMEOUT_SAE;
4340 auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
4342 auth_data->timeout =
4343 round_jiffies_up(jiffies + IEEE80211_AUTH_TIMEOUT_LONG);
4346 auth_data->timeout_started = true;
4347 run_again(sdata, auth_data->timeout);
4352 static int ieee80211_do_assoc(struct ieee80211_sub_if_data *sdata)
4354 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data;
4355 struct ieee80211_local *local = sdata->local;
4357 sdata_assert_lock(sdata);
4359 assoc_data->tries++;
4360 if (assoc_data->tries > IEEE80211_ASSOC_MAX_TRIES) {
4361 sdata_info(sdata, "association with %pM timed out\n",
4362 assoc_data->bss->bssid);
4365 * Most likely AP is not in the range so remove the
4366 * bss struct for that AP.
4368 cfg80211_unlink_bss(local->hw.wiphy, assoc_data->bss);
4373 sdata_info(sdata, "associate with %pM (try %d/%d)\n",
4374 assoc_data->bss->bssid, assoc_data->tries,
4375 IEEE80211_ASSOC_MAX_TRIES);
4376 ieee80211_send_assoc(sdata);
4378 if (!ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) {
4379 assoc_data->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT;
4380 assoc_data->timeout_started = true;
4381 run_again(sdata, assoc_data->timeout);
4383 assoc_data->timeout =
4384 round_jiffies_up(jiffies +
4385 IEEE80211_ASSOC_TIMEOUT_LONG);
4386 assoc_data->timeout_started = true;
4387 run_again(sdata, assoc_data->timeout);
4393 void ieee80211_mgd_conn_tx_status(struct ieee80211_sub_if_data *sdata,
4394 __le16 fc, bool acked)
4396 struct ieee80211_local *local = sdata->local;
4398 sdata->u.mgd.status_fc = fc;
4399 sdata->u.mgd.status_acked = acked;
4400 sdata->u.mgd.status_received = true;
4402 ieee80211_queue_work(&local->hw, &sdata->work);
4405 void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata)
4407 struct ieee80211_local *local = sdata->local;
4408 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4412 if (ifmgd->status_received) {
4413 __le16 fc = ifmgd->status_fc;
4414 bool status_acked = ifmgd->status_acked;
4416 ifmgd->status_received = false;
4417 if (ifmgd->auth_data && ieee80211_is_auth(fc)) {
4419 if (ifmgd->auth_data->algorithm ==
4421 ifmgd->auth_data->timeout =
4423 IEEE80211_AUTH_TIMEOUT_SAE;
4425 ifmgd->auth_data->timeout =
4427 IEEE80211_AUTH_TIMEOUT_SHORT;
4428 run_again(sdata, ifmgd->auth_data->timeout);
4430 ifmgd->auth_data->timeout = jiffies - 1;
4432 ifmgd->auth_data->timeout_started = true;
4433 } else if (ifmgd->assoc_data &&
4434 (ieee80211_is_assoc_req(fc) ||
4435 ieee80211_is_reassoc_req(fc))) {
4437 ifmgd->assoc_data->timeout =
4438 jiffies + IEEE80211_ASSOC_TIMEOUT_SHORT;
4439 run_again(sdata, ifmgd->assoc_data->timeout);
4441 ifmgd->assoc_data->timeout = jiffies - 1;
4443 ifmgd->assoc_data->timeout_started = true;
4447 if (ifmgd->auth_data && ifmgd->auth_data->timeout_started &&
4448 time_after(jiffies, ifmgd->auth_data->timeout)) {
4449 if (ifmgd->auth_data->done) {
4451 * ok ... we waited for assoc but userspace didn't,
4452 * so let's just kill the auth data
4454 ieee80211_destroy_auth_data(sdata, false);
4455 } else if (ieee80211_auth(sdata)) {
4457 struct ieee80211_event event = {
4459 .u.mlme.data = AUTH_EVENT,
4460 .u.mlme.status = MLME_TIMEOUT,
4463 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN);
4465 ieee80211_destroy_auth_data(sdata, false);
4467 cfg80211_auth_timeout(sdata->dev, bssid);
4468 drv_event_callback(sdata->local, sdata, &event);
4470 } else if (ifmgd->auth_data && ifmgd->auth_data->timeout_started)
4471 run_again(sdata, ifmgd->auth_data->timeout);
4473 if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started &&
4474 time_after(jiffies, ifmgd->assoc_data->timeout)) {
4475 if ((ifmgd->assoc_data->need_beacon && !ifmgd->have_beacon) ||
4476 ieee80211_do_assoc(sdata)) {
4477 struct cfg80211_bss *bss = ifmgd->assoc_data->bss;
4478 struct ieee80211_event event = {
4480 .u.mlme.data = ASSOC_EVENT,
4481 .u.mlme.status = MLME_TIMEOUT,
4484 ieee80211_destroy_assoc_data(sdata, false, false);
4485 cfg80211_assoc_timeout(sdata->dev, bss);
4486 drv_event_callback(sdata->local, sdata, &event);
4488 } else if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started)
4489 run_again(sdata, ifmgd->assoc_data->timeout);
4491 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL &&
4492 ifmgd->associated) {
4496 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN);
4498 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
4499 max_tries = max_nullfunc_tries;
4501 max_tries = max_probe_tries;
4503 /* ACK received for nullfunc probing frame */
4504 if (!ifmgd->probe_send_count)
4505 ieee80211_reset_ap_probe(sdata);
4506 else if (ifmgd->nullfunc_failed) {
4507 if (ifmgd->probe_send_count < max_tries) {
4509 "No ack for nullfunc frame to AP %pM, try %d/%i\n",
4510 bssid, ifmgd->probe_send_count,
4512 ieee80211_mgd_probe_ap_send(sdata);
4515 "No ack for nullfunc frame to AP %pM, disconnecting.\n",
4517 ieee80211_sta_connection_lost(sdata, bssid,
4518 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
4521 } else if (time_is_after_jiffies(ifmgd->probe_timeout))
4522 run_again(sdata, ifmgd->probe_timeout);
4523 else if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) {
4525 "Failed to send nullfunc to AP %pM after %dms, disconnecting\n",
4526 bssid, probe_wait_ms);
4527 ieee80211_sta_connection_lost(sdata, bssid,
4528 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false);
4529 } else if (ifmgd->probe_send_count < max_tries) {
4531 "No probe response from AP %pM after %dms, try %d/%i\n",
4532 bssid, probe_wait_ms,
4533 ifmgd->probe_send_count, max_tries);
4534 ieee80211_mgd_probe_ap_send(sdata);
4537 * We actually lost the connection ... or did we?
4541 "No probe response from AP %pM after %dms, disconnecting.\n",
4542 bssid, probe_wait_ms);
4544 ieee80211_sta_connection_lost(sdata, bssid,
4545 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false);
4549 sdata_unlock(sdata);
4552 static void ieee80211_sta_bcn_mon_timer(struct timer_list *t)
4554 struct ieee80211_sub_if_data *sdata =
4555 from_timer(sdata, t, u.mgd.bcn_mon_timer);
4556 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4558 if (sdata->vif.csa_active && !ifmgd->csa_waiting_bcn)
4561 sdata->u.mgd.connection_loss = false;
4562 ieee80211_queue_work(&sdata->local->hw,
4563 &sdata->u.mgd.beacon_connection_loss_work);
4566 static void ieee80211_sta_conn_mon_timer(struct timer_list *t)
4568 struct ieee80211_sub_if_data *sdata =
4569 from_timer(sdata, t, u.mgd.conn_mon_timer);
4570 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4571 struct ieee80211_local *local = sdata->local;
4573 if (sdata->vif.csa_active && !ifmgd->csa_waiting_bcn)
4576 ieee80211_queue_work(&local->hw, &ifmgd->monitor_work);
4579 static void ieee80211_sta_monitor_work(struct work_struct *work)
4581 struct ieee80211_sub_if_data *sdata =
4582 container_of(work, struct ieee80211_sub_if_data,
4583 u.mgd.monitor_work);
4585 ieee80211_mgd_probe_ap(sdata, false);
4588 static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata)
4590 if (sdata->vif.type == NL80211_IFTYPE_STATION) {
4591 __ieee80211_stop_poll(sdata);
4593 /* let's probe the connection once */
4594 if (!ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
4595 ieee80211_queue_work(&sdata->local->hw,
4596 &sdata->u.mgd.monitor_work);
4601 void ieee80211_mgd_quiesce(struct ieee80211_sub_if_data *sdata)
4603 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4604 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
4608 if (ifmgd->auth_data || ifmgd->assoc_data) {
4609 const u8 *bssid = ifmgd->auth_data ?
4610 ifmgd->auth_data->bss->bssid :
4611 ifmgd->assoc_data->bss->bssid;
4614 * If we are trying to authenticate / associate while suspending,
4615 * cfg80211 won't know and won't actually abort those attempts,
4616 * thus we need to do that ourselves.
4618 ieee80211_send_deauth_disassoc(sdata, bssid, bssid,
4619 IEEE80211_STYPE_DEAUTH,
4620 WLAN_REASON_DEAUTH_LEAVING,
4622 if (ifmgd->assoc_data)
4623 ieee80211_destroy_assoc_data(sdata, false, true);
4624 if (ifmgd->auth_data)
4625 ieee80211_destroy_auth_data(sdata, false);
4626 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,
4627 IEEE80211_DEAUTH_FRAME_LEN);
4630 /* This is a bit of a hack - we should find a better and more generic
4631 * solution to this. Normally when suspending, cfg80211 will in fact
4632 * deauthenticate. However, it doesn't (and cannot) stop an ongoing
4633 * auth (not so important) or assoc (this is the problem) process.
4635 * As a consequence, it can happen that we are in the process of both
4636 * associating and suspending, and receive an association response
4637 * after cfg80211 has checked if it needs to disconnect, but before
4638 * we actually set the flag to drop incoming frames. This will then
4639 * cause the workqueue flush to process the association response in
4640 * the suspend, resulting in a successful association just before it
4641 * tries to remove the interface from the driver, which now though
4642 * has a channel context assigned ... this results in issues.
4644 * To work around this (for now) simply deauth here again if we're
4647 if (ifmgd->associated && !sdata->local->wowlan) {
4649 struct cfg80211_deauth_request req = {
4650 .reason_code = WLAN_REASON_DEAUTH_LEAVING,
4654 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN);
4655 ieee80211_mgd_deauth(sdata, &req);
4658 sdata_unlock(sdata);
4661 void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata)
4663 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4666 if (!ifmgd->associated) {
4667 sdata_unlock(sdata);
4671 if (sdata->flags & IEEE80211_SDATA_DISCONNECT_RESUME) {
4672 sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_RESUME;
4673 mlme_dbg(sdata, "driver requested disconnect after resume\n");
4674 ieee80211_sta_connection_lost(sdata,
4675 ifmgd->associated->bssid,
4676 WLAN_REASON_UNSPECIFIED,
4678 sdata_unlock(sdata);
4681 sdata_unlock(sdata);
4685 /* interface setup */
4686 void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata)
4688 struct ieee80211_if_managed *ifmgd;
4690 ifmgd = &sdata->u.mgd;
4691 INIT_WORK(&ifmgd->monitor_work, ieee80211_sta_monitor_work);
4692 INIT_WORK(&ifmgd->chswitch_work, ieee80211_chswitch_work);
4693 INIT_WORK(&ifmgd->beacon_connection_loss_work,
4694 ieee80211_beacon_connection_loss_work);
4695 INIT_WORK(&ifmgd->csa_connection_drop_work,
4696 ieee80211_csa_connection_drop_work);
4697 INIT_WORK(&ifmgd->request_smps_work, ieee80211_request_smps_mgd_work);
4698 INIT_DELAYED_WORK(&ifmgd->tdls_peer_del_work,
4699 ieee80211_tdls_peer_del_work);
4700 timer_setup(&ifmgd->timer, ieee80211_sta_timer, 0);
4701 timer_setup(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer, 0);
4702 timer_setup(&ifmgd->conn_mon_timer, ieee80211_sta_conn_mon_timer, 0);
4703 timer_setup(&ifmgd->chswitch_timer, ieee80211_chswitch_timer, 0);
4704 INIT_DELAYED_WORK(&ifmgd->tx_tspec_wk,
4705 ieee80211_sta_handle_tspec_ac_params_wk);
4708 ifmgd->powersave = sdata->wdev.ps;
4709 ifmgd->uapsd_queues = sdata->local->hw.uapsd_queues;
4710 ifmgd->uapsd_max_sp_len = sdata->local->hw.uapsd_max_sp_len;
4711 ifmgd->p2p_noa_index = -1;
4713 if (sdata->local->hw.wiphy->features & NL80211_FEATURE_DYNAMIC_SMPS)
4714 ifmgd->req_smps = IEEE80211_SMPS_AUTOMATIC;
4716 ifmgd->req_smps = IEEE80211_SMPS_OFF;
4718 /* Setup TDLS data */
4719 spin_lock_init(&ifmgd->teardown_lock);
4720 ifmgd->teardown_skb = NULL;
4721 ifmgd->orig_teardown_skb = NULL;
4724 /* scan finished notification */
4725 void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local)
4727 struct ieee80211_sub_if_data *sdata;
4729 /* Restart STA timers */
4731 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
4732 if (ieee80211_sdata_running(sdata))
4733 ieee80211_restart_sta_timer(sdata);
4738 static u8 ieee80211_ht_vht_rx_chains(struct ieee80211_sub_if_data *sdata,
4739 struct cfg80211_bss *cbss)
4741 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4742 const u8 *ht_cap_ie, *vht_cap_ie;
4743 const struct ieee80211_ht_cap *ht_cap;
4744 const struct ieee80211_vht_cap *vht_cap;
4747 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT)
4750 ht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY);
4751 if (ht_cap_ie && ht_cap_ie[1] >= sizeof(*ht_cap)) {
4752 ht_cap = (void *)(ht_cap_ie + 2);
4753 chains = ieee80211_mcs_to_chains(&ht_cap->mcs);
4755 * TODO: use "Tx Maximum Number Spatial Streams Supported" and
4756 * "Tx Unequal Modulation Supported" fields.
4760 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT)
4763 vht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY);
4764 if (vht_cap_ie && vht_cap_ie[1] >= sizeof(*vht_cap)) {
4768 vht_cap = (void *)(vht_cap_ie + 2);
4769 tx_mcs_map = le16_to_cpu(vht_cap->supp_mcs.tx_mcs_map);
4770 for (nss = 8; nss > 0; nss--) {
4771 if (((tx_mcs_map >> (2 * (nss - 1))) & 3) !=
4772 IEEE80211_VHT_MCS_NOT_SUPPORTED)
4775 /* TODO: use "Tx Highest Supported Long GI Data Rate" field? */
4776 chains = max(chains, nss);
4783 ieee80211_verify_sta_he_mcs_support(struct ieee80211_supported_band *sband,
4784 const struct ieee80211_he_operation *he_op)
4786 const struct ieee80211_sta_he_cap *sta_he_cap =
4787 ieee80211_get_he_sta_cap(sband);
4791 if (!sta_he_cap || !he_op)
4794 ap_min_req_set = le16_to_cpu(he_op->he_mcs_nss_set);
4796 /* Need to go over for 80MHz, 160MHz and for 80+80 */
4797 for (i = 0; i < 3; i++) {
4798 const struct ieee80211_he_mcs_nss_supp *sta_mcs_nss_supp =
4799 &sta_he_cap->he_mcs_nss_supp;
4800 u16 sta_mcs_map_rx =
4801 le16_to_cpu(((__le16 *)sta_mcs_nss_supp)[2 * i]);
4802 u16 sta_mcs_map_tx =
4803 le16_to_cpu(((__le16 *)sta_mcs_nss_supp)[2 * i + 1]);
4805 bool verified = true;
4808 * For each band there is a maximum of 8 spatial streams
4809 * possible. Each of the sta_mcs_map_* is a 16-bit struct built
4810 * of 2 bits per NSS (1-8), with the values defined in enum
4811 * ieee80211_he_mcs_support. Need to make sure STA TX and RX
4812 * capabilities aren't less than the AP's minimum requirements
4813 * for this HE BSS per SS.
4814 * It is enough to find one such band that meets the reqs.
4816 for (nss = 8; nss > 0; nss--) {
4817 u8 sta_rx_val = (sta_mcs_map_rx >> (2 * (nss - 1))) & 3;
4818 u8 sta_tx_val = (sta_mcs_map_tx >> (2 * (nss - 1))) & 3;
4819 u8 ap_val = (ap_min_req_set >> (2 * (nss - 1))) & 3;
4821 if (ap_val == IEEE80211_HE_MCS_NOT_SUPPORTED)
4825 * Make sure the HE AP doesn't require MCSs that aren't
4826 * supported by the client
4828 if (sta_rx_val == IEEE80211_HE_MCS_NOT_SUPPORTED ||
4829 sta_tx_val == IEEE80211_HE_MCS_NOT_SUPPORTED ||
4830 (ap_val > sta_rx_val) || (ap_val > sta_tx_val)) {
4840 /* If here, STA doesn't meet AP's HE min requirements */
4844 static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata,
4845 struct cfg80211_bss *cbss)
4847 struct ieee80211_local *local = sdata->local;
4848 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4849 const struct ieee80211_ht_cap *ht_cap = NULL;
4850 const struct ieee80211_ht_operation *ht_oper = NULL;
4851 const struct ieee80211_vht_operation *vht_oper = NULL;
4852 const struct ieee80211_he_operation *he_oper = NULL;
4853 struct ieee80211_supported_band *sband;
4854 struct cfg80211_chan_def chandef;
4855 bool is_6ghz = cbss->channel->band == NL80211_BAND_6GHZ;
4856 struct ieee80211_bss *bss = (void *)cbss->priv;
4861 sband = local->hw.wiphy->bands[cbss->channel->band];
4863 ifmgd->flags &= ~(IEEE80211_STA_DISABLE_40MHZ |
4864 IEEE80211_STA_DISABLE_80P80MHZ |
4865 IEEE80211_STA_DISABLE_160MHZ);
4867 /* disable HT/VHT/HE if we don't support them */
4868 if (!sband->ht_cap.ht_supported && !is_6ghz) {
4869 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4870 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4871 ifmgd->flags |= IEEE80211_STA_DISABLE_HE;
4874 if (!sband->vht_cap.vht_supported && !is_6ghz) {
4875 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4876 ifmgd->flags |= IEEE80211_STA_DISABLE_HE;
4879 if (!ieee80211_get_he_sta_cap(sband))
4880 ifmgd->flags |= IEEE80211_STA_DISABLE_HE;
4884 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && !is_6ghz) {
4885 const u8 *ht_oper_ie, *ht_cap_ie;
4887 ht_oper_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_OPERATION);
4888 if (ht_oper_ie && ht_oper_ie[1] >= sizeof(*ht_oper))
4889 ht_oper = (void *)(ht_oper_ie + 2);
4891 ht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY);
4892 if (ht_cap_ie && ht_cap_ie[1] >= sizeof(*ht_cap))
4893 ht_cap = (void *)(ht_cap_ie + 2);
4896 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4901 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && !is_6ghz) {
4902 const u8 *vht_oper_ie, *vht_cap;
4904 vht_oper_ie = ieee80211_bss_get_ie(cbss,
4905 WLAN_EID_VHT_OPERATION);
4906 if (vht_oper_ie && vht_oper_ie[1] >= sizeof(*vht_oper))
4907 vht_oper = (void *)(vht_oper_ie + 2);
4908 if (vht_oper && !ht_oper) {
4911 "AP advertised VHT without HT, disabling HT/VHT/HE\n");
4912 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4913 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4914 ifmgd->flags |= IEEE80211_STA_DISABLE_HE;
4917 vht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY);
4918 if (!vht_cap || vht_cap[1] < sizeof(struct ieee80211_vht_cap)) {
4919 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4924 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HE)) {
4925 const struct cfg80211_bss_ies *ies;
4926 const u8 *he_oper_ie;
4928 ies = rcu_dereference(cbss->ies);
4929 he_oper_ie = cfg80211_find_ext_ie(WLAN_EID_EXT_HE_OPERATION,
4930 ies->data, ies->len);
4932 he_oper_ie[1] == ieee80211_he_oper_size(&he_oper_ie[3]))
4933 he_oper = (void *)(he_oper_ie + 3);
4937 if (!ieee80211_verify_sta_he_mcs_support(sband, he_oper))
4938 ifmgd->flags |= IEEE80211_STA_DISABLE_HE;
4941 /* Allow VHT if at least one channel on the sband supports 80 MHz */
4943 for (i = 0; i < sband->n_channels; i++) {
4944 if (sband->channels[i].flags & (IEEE80211_CHAN_DISABLED |
4945 IEEE80211_CHAN_NO_80MHZ))
4953 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4955 ifmgd->flags |= ieee80211_determine_chantype(sdata, sband,
4958 ht_oper, vht_oper, he_oper,
4961 sdata->needed_rx_chains = min(ieee80211_ht_vht_rx_chains(sdata, cbss),
4966 if (ifmgd->flags & IEEE80211_STA_DISABLE_HE && is_6ghz) {
4967 sdata_info(sdata, "Rejecting non-HE 6/7 GHz connection");
4971 /* will change later if needed */
4972 sdata->smps_mode = IEEE80211_SMPS_OFF;
4974 mutex_lock(&local->mtx);
4976 * If this fails (possibly due to channel context sharing
4977 * on incompatible channels, e.g. 80+80 and 160 sharing the
4978 * same control channel) try to use a smaller bandwidth.
4980 ret = ieee80211_vif_use_channel(sdata, &chandef,
4981 IEEE80211_CHANCTX_SHARED);
4983 /* don't downgrade for 5 and 10 MHz channels, though. */
4984 if (chandef.width == NL80211_CHAN_WIDTH_5 ||
4985 chandef.width == NL80211_CHAN_WIDTH_10)
4988 while (ret && chandef.width != NL80211_CHAN_WIDTH_20_NOHT) {
4989 ifmgd->flags |= ieee80211_chandef_downgrade(&chandef);
4990 ret = ieee80211_vif_use_channel(sdata, &chandef,
4991 IEEE80211_CHANCTX_SHARED);
4994 mutex_unlock(&local->mtx);
4998 static bool ieee80211_get_dtim(const struct cfg80211_bss_ies *ies,
4999 u8 *dtim_count, u8 *dtim_period)
5001 const u8 *tim_ie = cfg80211_find_ie(WLAN_EID_TIM, ies->data, ies->len);
5002 const u8 *idx_ie = cfg80211_find_ie(WLAN_EID_MULTI_BSSID_IDX, ies->data,
5004 const struct ieee80211_tim_ie *tim = NULL;
5005 const struct ieee80211_bssid_index *idx;
5006 bool valid = tim_ie && tim_ie[1] >= 2;
5009 tim = (void *)(tim_ie + 2);
5012 *dtim_count = valid ? tim->dtim_count : 0;
5015 *dtim_period = valid ? tim->dtim_period : 0;
5017 /* Check if value is overridden by non-transmitted profile */
5018 if (!idx_ie || idx_ie[1] < 3)
5021 idx = (void *)(idx_ie + 2);
5024 *dtim_count = idx->dtim_count;
5027 *dtim_period = idx->dtim_period;
5032 static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata,
5033 struct cfg80211_bss *cbss, bool assoc,
5036 struct ieee80211_local *local = sdata->local;
5037 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
5038 struct ieee80211_bss *bss = (void *)cbss->priv;
5039 struct sta_info *new_sta = NULL;
5040 struct ieee80211_supported_band *sband;
5041 bool have_sta = false;
5044 sband = local->hw.wiphy->bands[cbss->channel->band];
5046 if (WARN_ON(!ifmgd->auth_data && !ifmgd->assoc_data))
5049 /* If a reconfig is happening, bail out */
5050 if (local->in_reconfig)
5055 have_sta = sta_info_get(sdata, cbss->bssid);
5060 new_sta = sta_info_alloc(sdata, cbss->bssid, GFP_KERNEL);
5066 * Set up the information for the new channel before setting the
5067 * new channel. We can't - completely race-free - change the basic
5068 * rates bitmap and the channel (sband) that it refers to, but if
5069 * we set it up before we at least avoid calling into the driver's
5070 * bss_info_changed() method with invalid information (since we do
5071 * call that from changing the channel - only for IDLE and perhaps
5072 * some others, but ...).
5074 * So to avoid that, just set up all the new information before the
5075 * channel, but tell the driver to apply it only afterwards, since
5076 * it might need the new channel for that.
5079 u32 rates = 0, basic_rates = 0;
5080 bool have_higher_than_11mbit;
5081 int min_rate = INT_MAX, min_rate_index = -1;
5082 const struct cfg80211_bss_ies *ies;
5083 int shift = ieee80211_vif_get_shift(&sdata->vif);
5085 ieee80211_get_rates(sband, bss->supp_rates,
5086 bss->supp_rates_len,
5087 &rates, &basic_rates,
5088 &have_higher_than_11mbit,
5089 &min_rate, &min_rate_index,
5093 * This used to be a workaround for basic rates missing
5094 * in the association response frame. Now that we no
5095 * longer use the basic rates from there, it probably
5096 * doesn't happen any more, but keep the workaround so
5097 * in case some *other* APs are buggy in different ways
5098 * we can connect -- with a warning.
5099 * Allow this workaround only in case the AP provided at least
5102 if (min_rate_index < 0) {
5104 "No legacy rates in association response\n");
5106 sta_info_free(local, new_sta);
5108 } else if (!basic_rates) {
5110 "No basic rates, using min rate instead\n");
5111 basic_rates = BIT(min_rate_index);
5115 new_sta->sta.supp_rates[cbss->channel->band] = rates;
5118 "No rates found, keeping mandatory only\n");
5120 sdata->vif.bss_conf.basic_rates = basic_rates;
5122 /* cf. IEEE 802.11 9.2.12 */
5123 if (cbss->channel->band == NL80211_BAND_2GHZ &&
5124 have_higher_than_11mbit)
5125 sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE;
5127 sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE;
5129 memcpy(ifmgd->bssid, cbss->bssid, ETH_ALEN);
5131 /* set timing information */
5132 sdata->vif.bss_conf.beacon_int = cbss->beacon_interval;
5134 ies = rcu_dereference(cbss->beacon_ies);
5136 sdata->vif.bss_conf.sync_tsf = ies->tsf;
5137 sdata->vif.bss_conf.sync_device_ts =
5138 bss->device_ts_beacon;
5140 ieee80211_get_dtim(ies,
5141 &sdata->vif.bss_conf.sync_dtim_count,
5143 } else if (!ieee80211_hw_check(&sdata->local->hw,
5144 TIMING_BEACON_ONLY)) {
5145 ies = rcu_dereference(cbss->proberesp_ies);
5146 /* must be non-NULL since beacon IEs were NULL */
5147 sdata->vif.bss_conf.sync_tsf = ies->tsf;
5148 sdata->vif.bss_conf.sync_device_ts =
5149 bss->device_ts_presp;
5150 sdata->vif.bss_conf.sync_dtim_count = 0;
5152 sdata->vif.bss_conf.sync_tsf = 0;
5153 sdata->vif.bss_conf.sync_device_ts = 0;
5154 sdata->vif.bss_conf.sync_dtim_count = 0;
5159 if (new_sta || override) {
5160 err = ieee80211_prep_channel(sdata, cbss);
5163 sta_info_free(local, new_sta);
5170 * tell driver about BSSID, basic rates and timing
5171 * this was set up above, before setting the channel
5173 ieee80211_bss_info_change_notify(sdata,
5174 BSS_CHANGED_BSSID | BSS_CHANGED_BASIC_RATES |
5175 BSS_CHANGED_BEACON_INT);
5178 sta_info_pre_move_state(new_sta, IEEE80211_STA_AUTH);
5180 err = sta_info_insert(new_sta);
5184 "failed to insert STA entry for the AP (error %d)\n",
5189 WARN_ON_ONCE(!ether_addr_equal(ifmgd->bssid, cbss->bssid));
5191 /* Cancel scan to ensure that nothing interferes with connection */
5192 if (local->scanning)
5193 ieee80211_scan_cancel(local);
5199 int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata,
5200 struct cfg80211_auth_request *req)
5202 struct ieee80211_local *local = sdata->local;
5203 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
5204 struct ieee80211_mgd_auth_data *auth_data;
5209 /* prepare auth data structure */
5211 switch (req->auth_type) {
5212 case NL80211_AUTHTYPE_OPEN_SYSTEM:
5213 auth_alg = WLAN_AUTH_OPEN;
5215 case NL80211_AUTHTYPE_SHARED_KEY:
5218 auth_alg = WLAN_AUTH_SHARED_KEY;
5220 case NL80211_AUTHTYPE_FT:
5221 auth_alg = WLAN_AUTH_FT;
5223 case NL80211_AUTHTYPE_NETWORK_EAP:
5224 auth_alg = WLAN_AUTH_LEAP;
5226 case NL80211_AUTHTYPE_SAE:
5227 auth_alg = WLAN_AUTH_SAE;
5229 case NL80211_AUTHTYPE_FILS_SK:
5230 auth_alg = WLAN_AUTH_FILS_SK;
5232 case NL80211_AUTHTYPE_FILS_SK_PFS:
5233 auth_alg = WLAN_AUTH_FILS_SK_PFS;
5235 case NL80211_AUTHTYPE_FILS_PK:
5236 auth_alg = WLAN_AUTH_FILS_PK;
5242 if (ifmgd->assoc_data)
5245 auth_data = kzalloc(sizeof(*auth_data) + req->auth_data_len +
5246 req->ie_len, GFP_KERNEL);
5250 auth_data->bss = req->bss;
5252 if (req->auth_data_len >= 4) {
5253 if (req->auth_type == NL80211_AUTHTYPE_SAE) {
5254 __le16 *pos = (__le16 *) req->auth_data;
5256 auth_data->sae_trans = le16_to_cpu(pos[0]);
5257 auth_data->sae_status = le16_to_cpu(pos[1]);
5259 memcpy(auth_data->data, req->auth_data + 4,
5260 req->auth_data_len - 4);
5261 auth_data->data_len += req->auth_data_len - 4;
5264 /* Check if continuing authentication or trying to authenticate with the
5265 * same BSS that we were in the process of authenticating with and avoid
5266 * removal and re-addition of the STA entry in
5267 * ieee80211_prep_connection().
5269 cont_auth = ifmgd->auth_data && req->bss == ifmgd->auth_data->bss;
5271 if (req->ie && req->ie_len) {
5272 memcpy(&auth_data->data[auth_data->data_len],
5273 req->ie, req->ie_len);
5274 auth_data->data_len += req->ie_len;
5277 if (req->key && req->key_len) {
5278 auth_data->key_len = req->key_len;
5279 auth_data->key_idx = req->key_idx;
5280 memcpy(auth_data->key, req->key, req->key_len);
5283 auth_data->algorithm = auth_alg;
5285 /* try to authenticate/probe */
5287 if (ifmgd->auth_data) {
5288 if (cont_auth && req->auth_type == NL80211_AUTHTYPE_SAE) {
5289 auth_data->peer_confirmed =
5290 ifmgd->auth_data->peer_confirmed;
5292 ieee80211_destroy_auth_data(sdata, cont_auth);
5295 /* prep auth_data so we don't go into idle on disassoc */
5296 ifmgd->auth_data = auth_data;
5298 /* If this is continuation of an ongoing SAE authentication exchange
5299 * (i.e., request to send SAE Confirm) and the peer has already
5300 * confirmed, mark authentication completed since we are about to send
5303 if (cont_auth && req->auth_type == NL80211_AUTHTYPE_SAE &&
5304 auth_data->peer_confirmed && auth_data->sae_trans == 2)
5305 ieee80211_mark_sta_auth(sdata, req->bss->bssid);
5307 if (ifmgd->associated) {
5308 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
5311 "disconnect from AP %pM for new auth to %pM\n",
5312 ifmgd->associated->bssid, req->bss->bssid);
5313 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
5314 WLAN_REASON_UNSPECIFIED,
5317 ieee80211_report_disconnect(sdata, frame_buf,
5318 sizeof(frame_buf), true,
5319 WLAN_REASON_UNSPECIFIED);
5322 sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid);
5324 err = ieee80211_prep_connection(sdata, req->bss, cont_auth, false);
5328 err = ieee80211_auth(sdata);
5330 sta_info_destroy_addr(sdata, req->bss->bssid);
5334 /* hold our own reference */
5335 cfg80211_ref_bss(local->hw.wiphy, auth_data->bss);
5339 eth_zero_addr(ifmgd->bssid);
5340 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
5341 ifmgd->auth_data = NULL;
5342 mutex_lock(&sdata->local->mtx);
5343 ieee80211_vif_release_channel(sdata);
5344 mutex_unlock(&sdata->local->mtx);
5349 int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
5350 struct cfg80211_assoc_request *req)
5352 bool is_6ghz = req->bss->channel->band == NL80211_BAND_6GHZ;
5353 struct ieee80211_local *local = sdata->local;
5354 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
5355 struct ieee80211_bss *bss = (void *)req->bss->priv;
5356 struct ieee80211_mgd_assoc_data *assoc_data;
5357 const struct cfg80211_bss_ies *beacon_ies;
5358 struct ieee80211_supported_band *sband;
5359 const u8 *ssidie, *ht_ie, *vht_ie;
5361 bool override = false;
5363 assoc_data = kzalloc(sizeof(*assoc_data) + req->ie_len, GFP_KERNEL);
5368 ssidie = ieee80211_bss_get_ie(req->bss, WLAN_EID_SSID);
5369 if (!ssidie || ssidie[1] > sizeof(assoc_data->ssid)) {
5374 memcpy(assoc_data->ssid, ssidie + 2, ssidie[1]);
5375 assoc_data->ssid_len = ssidie[1];
5378 if (ifmgd->associated) {
5379 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
5382 "disconnect from AP %pM for new assoc to %pM\n",
5383 ifmgd->associated->bssid, req->bss->bssid);
5384 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
5385 WLAN_REASON_UNSPECIFIED,
5388 ieee80211_report_disconnect(sdata, frame_buf,
5389 sizeof(frame_buf), true,
5390 WLAN_REASON_UNSPECIFIED);
5393 if (ifmgd->auth_data && !ifmgd->auth_data->done) {
5398 if (ifmgd->assoc_data) {
5403 if (ifmgd->auth_data) {
5406 /* keep sta info, bssid if matching */
5407 match = ether_addr_equal(ifmgd->bssid, req->bss->bssid);
5408 ieee80211_destroy_auth_data(sdata, match);
5411 /* prepare assoc data */
5413 ifmgd->beacon_crc_valid = false;
5415 assoc_data->wmm = bss->wmm_used &&
5416 (local->hw.queues >= IEEE80211_NUM_ACS);
5419 * IEEE802.11n does not allow TKIP/WEP as pairwise ciphers in HT mode.
5420 * We still associate in non-HT mode (11a/b/g) if any one of these
5421 * ciphers is configured as pairwise.
5422 * We can set this to true for non-11n hardware, that'll be checked
5423 * separately along with the peer capabilities.
5425 for (i = 0; i < req->crypto.n_ciphers_pairwise; i++) {
5426 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 ||
5427 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP ||
5428 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) {
5429 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
5430 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
5431 ifmgd->flags |= IEEE80211_STA_DISABLE_HE;
5432 netdev_info(sdata->dev,
5433 "disabling HT/VHT/HE due to WEP/TKIP use\n");
5437 sband = local->hw.wiphy->bands[req->bss->channel->band];
5439 /* also disable HT/VHT/HE if the AP doesn't use WMM */
5440 if (!bss->wmm_used) {
5441 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
5442 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
5443 ifmgd->flags |= IEEE80211_STA_DISABLE_HE;
5444 netdev_info(sdata->dev,
5445 "disabling HT/VHT/HE as WMM/QoS is not supported by the AP\n");
5448 memcpy(&ifmgd->ht_capa, &req->ht_capa, sizeof(ifmgd->ht_capa));
5449 memcpy(&ifmgd->ht_capa_mask, &req->ht_capa_mask,
5450 sizeof(ifmgd->ht_capa_mask));
5452 memcpy(&ifmgd->vht_capa, &req->vht_capa, sizeof(ifmgd->vht_capa));
5453 memcpy(&ifmgd->vht_capa_mask, &req->vht_capa_mask,
5454 sizeof(ifmgd->vht_capa_mask));
5456 if (req->ie && req->ie_len) {
5457 memcpy(assoc_data->ie, req->ie, req->ie_len);
5458 assoc_data->ie_len = req->ie_len;
5461 if (req->fils_kek) {
5462 /* should already be checked in cfg80211 - so warn */
5463 if (WARN_ON(req->fils_kek_len > FILS_MAX_KEK_LEN)) {
5467 memcpy(assoc_data->fils_kek, req->fils_kek,
5469 assoc_data->fils_kek_len = req->fils_kek_len;
5472 if (req->fils_nonces)
5473 memcpy(assoc_data->fils_nonces, req->fils_nonces,
5474 2 * FILS_NONCE_LEN);
5476 assoc_data->bss = req->bss;
5478 if (ifmgd->req_smps == IEEE80211_SMPS_AUTOMATIC) {
5479 if (ifmgd->powersave)
5480 sdata->smps_mode = IEEE80211_SMPS_DYNAMIC;
5482 sdata->smps_mode = IEEE80211_SMPS_OFF;
5484 sdata->smps_mode = ifmgd->req_smps;
5486 assoc_data->capability = req->bss->capability;
5487 assoc_data->supp_rates = bss->supp_rates;
5488 assoc_data->supp_rates_len = bss->supp_rates_len;
5491 ht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_HT_OPERATION);
5492 if (ht_ie && ht_ie[1] >= sizeof(struct ieee80211_ht_operation))
5493 assoc_data->ap_ht_param =
5494 ((struct ieee80211_ht_operation *)(ht_ie + 2))->ht_param;
5496 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
5497 vht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_VHT_CAPABILITY);
5498 if (vht_ie && vht_ie[1] >= sizeof(struct ieee80211_vht_cap))
5499 memcpy(&assoc_data->ap_vht_cap, vht_ie + 2,
5500 sizeof(struct ieee80211_vht_cap));
5502 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT |
5503 IEEE80211_STA_DISABLE_HE;
5506 if (WARN((sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_UAPSD) &&
5507 ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK),
5508 "U-APSD not supported with HW_PS_NULLFUNC_STACK\n"))
5509 sdata->vif.driver_flags &= ~IEEE80211_VIF_SUPPORTS_UAPSD;
5511 if (bss->wmm_used && bss->uapsd_supported &&
5512 (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_UAPSD)) {
5513 assoc_data->uapsd = true;
5514 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED;
5516 assoc_data->uapsd = false;
5517 ifmgd->flags &= ~IEEE80211_STA_UAPSD_ENABLED;
5520 if (req->prev_bssid)
5521 memcpy(assoc_data->prev_bssid, req->prev_bssid, ETH_ALEN);
5524 ifmgd->mfp = IEEE80211_MFP_REQUIRED;
5525 ifmgd->flags |= IEEE80211_STA_MFP_ENABLED;
5527 ifmgd->mfp = IEEE80211_MFP_DISABLED;
5528 ifmgd->flags &= ~IEEE80211_STA_MFP_ENABLED;
5531 if (req->flags & ASSOC_REQ_USE_RRM)
5532 ifmgd->flags |= IEEE80211_STA_ENABLE_RRM;
5534 ifmgd->flags &= ~IEEE80211_STA_ENABLE_RRM;
5536 if (req->crypto.control_port)
5537 ifmgd->flags |= IEEE80211_STA_CONTROL_PORT;
5539 ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT;
5541 sdata->control_port_protocol = req->crypto.control_port_ethertype;
5542 sdata->control_port_no_encrypt = req->crypto.control_port_no_encrypt;
5543 sdata->control_port_over_nl80211 =
5544 req->crypto.control_port_over_nl80211;
5545 sdata->control_port_no_preauth = req->crypto.control_port_no_preauth;
5546 sdata->encrypt_headroom = ieee80211_cs_headroom(local, &req->crypto,
5549 /* kick off associate process */
5551 ifmgd->assoc_data = assoc_data;
5552 ifmgd->dtim_period = 0;
5553 ifmgd->have_beacon = false;
5555 /* override HT/VHT configuration only if the AP and we support it */
5556 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) {
5557 struct ieee80211_sta_ht_cap sta_ht_cap;
5559 if (req->flags & ASSOC_REQ_DISABLE_HT)
5562 memcpy(&sta_ht_cap, &sband->ht_cap, sizeof(sta_ht_cap));
5563 ieee80211_apply_htcap_overrides(sdata, &sta_ht_cap);
5565 /* check for 40 MHz disable override */
5566 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_40MHZ) &&
5567 sband->ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40 &&
5568 !(sta_ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40))
5571 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) &&
5572 req->flags & ASSOC_REQ_DISABLE_VHT)
5576 if (req->flags & ASSOC_REQ_DISABLE_HT) {
5577 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
5578 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
5579 ifmgd->flags |= IEEE80211_STA_DISABLE_HE;
5582 if (req->flags & ASSOC_REQ_DISABLE_VHT)
5583 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
5585 err = ieee80211_prep_connection(sdata, req->bss, true, override);
5590 beacon_ies = rcu_dereference(req->bss->beacon_ies);
5592 if (ieee80211_hw_check(&sdata->local->hw, NEED_DTIM_BEFORE_ASSOC) &&
5595 * Wait up to one beacon interval ...
5596 * should this be more if we miss one?
5598 sdata_info(sdata, "waiting for beacon from %pM\n",
5600 assoc_data->timeout = TU_TO_EXP_TIME(req->bss->beacon_interval);
5601 assoc_data->timeout_started = true;
5602 assoc_data->need_beacon = true;
5603 } else if (beacon_ies) {
5604 const struct element *elem;
5607 ieee80211_get_dtim(beacon_ies, &dtim_count,
5608 &ifmgd->dtim_period);
5610 ifmgd->have_beacon = true;
5611 assoc_data->timeout = jiffies;
5612 assoc_data->timeout_started = true;
5614 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY)) {
5615 sdata->vif.bss_conf.sync_tsf = beacon_ies->tsf;
5616 sdata->vif.bss_conf.sync_device_ts =
5617 bss->device_ts_beacon;
5618 sdata->vif.bss_conf.sync_dtim_count = dtim_count;
5621 elem = cfg80211_find_ext_elem(WLAN_EID_EXT_MULTIPLE_BSSID_CONFIGURATION,
5622 beacon_ies->data, beacon_ies->len);
5623 if (elem && elem->datalen >= 3)
5624 sdata->vif.bss_conf.profile_periodicity = elem->data[2];
5626 elem = cfg80211_find_elem(WLAN_EID_EXT_CAPABILITY,
5627 beacon_ies->data, beacon_ies->len);
5628 if (elem && elem->datalen >= 11 &&
5629 (elem->data[10] & WLAN_EXT_CAPA11_EMA_SUPPORT))
5630 sdata->vif.bss_conf.ema_ap = true;
5632 assoc_data->timeout = jiffies;
5633 assoc_data->timeout_started = true;
5637 run_again(sdata, assoc_data->timeout);
5639 if (bss->corrupt_data) {
5640 char *corrupt_type = "data";
5641 if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_BEACON) {
5642 if (bss->corrupt_data &
5643 IEEE80211_BSS_CORRUPT_PROBE_RESP)
5644 corrupt_type = "beacon and probe response";
5646 corrupt_type = "beacon";
5647 } else if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP)
5648 corrupt_type = "probe response";
5649 sdata_info(sdata, "associating with AP with corrupt %s\n",
5655 eth_zero_addr(ifmgd->bssid);
5656 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
5657 ifmgd->assoc_data = NULL;
5663 int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
5664 struct cfg80211_deauth_request *req)
5666 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
5667 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
5668 bool tx = !req->local_state_change;
5670 if (ifmgd->auth_data &&
5671 ether_addr_equal(ifmgd->auth_data->bss->bssid, req->bssid)) {
5673 "aborting authentication with %pM by local choice (Reason: %u=%s)\n",
5674 req->bssid, req->reason_code,
5675 ieee80211_get_reason_code_string(req->reason_code));
5677 drv_mgd_prepare_tx(sdata->local, sdata, 0);
5678 ieee80211_send_deauth_disassoc(sdata, req->bssid, req->bssid,
5679 IEEE80211_STYPE_DEAUTH,
5680 req->reason_code, tx,
5682 ieee80211_destroy_auth_data(sdata, false);
5683 ieee80211_report_disconnect(sdata, frame_buf,
5684 sizeof(frame_buf), true,
5690 if (ifmgd->assoc_data &&
5691 ether_addr_equal(ifmgd->assoc_data->bss->bssid, req->bssid)) {
5693 "aborting association with %pM by local choice (Reason: %u=%s)\n",
5694 req->bssid, req->reason_code,
5695 ieee80211_get_reason_code_string(req->reason_code));
5697 drv_mgd_prepare_tx(sdata->local, sdata, 0);
5698 ieee80211_send_deauth_disassoc(sdata, req->bssid, req->bssid,
5699 IEEE80211_STYPE_DEAUTH,
5700 req->reason_code, tx,
5702 ieee80211_destroy_assoc_data(sdata, false, true);
5703 ieee80211_report_disconnect(sdata, frame_buf,
5704 sizeof(frame_buf), true,
5709 if (ifmgd->associated &&
5710 ether_addr_equal(ifmgd->associated->bssid, req->bssid)) {
5712 "deauthenticating from %pM by local choice (Reason: %u=%s)\n",
5713 req->bssid, req->reason_code,
5714 ieee80211_get_reason_code_string(req->reason_code));
5716 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
5717 req->reason_code, tx, frame_buf);
5718 ieee80211_report_disconnect(sdata, frame_buf,
5719 sizeof(frame_buf), true,
5727 int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata,
5728 struct cfg80211_disassoc_request *req)
5730 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
5732 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
5735 * cfg80211 should catch this ... but it's racy since
5736 * we can receive a disassoc frame, process it, hand it
5737 * to cfg80211 while that's in a locked section already
5738 * trying to tell us that the user wants to disconnect.
5740 if (ifmgd->associated != req->bss)
5744 "disassociating from %pM by local choice (Reason: %u=%s)\n",
5745 req->bss->bssid, req->reason_code, ieee80211_get_reason_code_string(req->reason_code));
5747 memcpy(bssid, req->bss->bssid, ETH_ALEN);
5748 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DISASSOC,
5749 req->reason_code, !req->local_state_change,
5752 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true,
5758 void ieee80211_mgd_stop(struct ieee80211_sub_if_data *sdata)
5760 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
5763 * Make sure some work items will not run after this,
5764 * they will not do anything but might not have been
5765 * cancelled when disconnecting.
5767 cancel_work_sync(&ifmgd->monitor_work);
5768 cancel_work_sync(&ifmgd->beacon_connection_loss_work);
5769 cancel_work_sync(&ifmgd->request_smps_work);
5770 cancel_work_sync(&ifmgd->csa_connection_drop_work);
5771 cancel_work_sync(&ifmgd->chswitch_work);
5772 cancel_delayed_work_sync(&ifmgd->tdls_peer_del_work);
5775 if (ifmgd->assoc_data) {
5776 struct cfg80211_bss *bss = ifmgd->assoc_data->bss;
5777 ieee80211_destroy_assoc_data(sdata, false, false);
5778 cfg80211_assoc_timeout(sdata->dev, bss);
5780 if (ifmgd->auth_data)
5781 ieee80211_destroy_auth_data(sdata, false);
5782 spin_lock_bh(&ifmgd->teardown_lock);
5783 if (ifmgd->teardown_skb) {
5784 kfree_skb(ifmgd->teardown_skb);
5785 ifmgd->teardown_skb = NULL;
5786 ifmgd->orig_teardown_skb = NULL;
5788 kfree(ifmgd->assoc_req_ies);
5789 ifmgd->assoc_req_ies = NULL;
5790 ifmgd->assoc_req_ies_len = 0;
5791 spin_unlock_bh(&ifmgd->teardown_lock);
5792 del_timer_sync(&ifmgd->timer);
5793 sdata_unlock(sdata);
5796 void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif,
5797 enum nl80211_cqm_rssi_threshold_event rssi_event,
5801 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
5803 trace_api_cqm_rssi_notify(sdata, rssi_event, rssi_level);
5805 cfg80211_cqm_rssi_notify(sdata->dev, rssi_event, rssi_level, gfp);
5807 EXPORT_SYMBOL(ieee80211_cqm_rssi_notify);
5809 void ieee80211_cqm_beacon_loss_notify(struct ieee80211_vif *vif, gfp_t gfp)
5811 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
5813 trace_api_cqm_beacon_loss_notify(sdata->local, sdata);
5815 cfg80211_cqm_beacon_loss_notify(sdata->dev, gfp);
5817 EXPORT_SYMBOL(ieee80211_cqm_beacon_loss_notify);
projects / linux-2.6-microblaze.git / blob