2 * BSS client mode implementation
3 * Copyright 2003-2008, Jouni Malinen <j@w1.fi>
4 * Copyright 2004, Instant802 Networks, Inc.
5 * Copyright 2005, Devicescape Software, Inc.
6 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
7 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License version 2 as
11 * published by the Free Software Foundation.
14 #include <linux/delay.h>
15 #include <linux/if_ether.h>
16 #include <linux/skbuff.h>
17 #include <linux/if_arp.h>
18 #include <linux/etherdevice.h>
19 #include <linux/moduleparam.h>
20 #include <linux/rtnetlink.h>
21 #include <linux/pm_qos.h>
22 #include <linux/crc32.h>
23 #include <linux/slab.h>
24 #include <linux/export.h>
25 #include <net/mac80211.h>
26 #include <asm/unaligned.h>
28 #include "ieee80211_i.h"
29 #include "driver-ops.h"
33 #define IEEE80211_AUTH_TIMEOUT (HZ / 5)
34 #define IEEE80211_AUTH_TIMEOUT_LONG (HZ / 2)
35 #define IEEE80211_AUTH_TIMEOUT_SHORT (HZ / 10)
36 #define IEEE80211_AUTH_MAX_TRIES 3
37 #define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5)
38 #define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
39 #define IEEE80211_ASSOC_TIMEOUT_LONG (HZ / 2)
40 #define IEEE80211_ASSOC_TIMEOUT_SHORT (HZ / 10)
41 #define IEEE80211_ASSOC_MAX_TRIES 3
43 static int max_nullfunc_tries = 2;
44 module_param(max_nullfunc_tries, int, 0644);
45 MODULE_PARM_DESC(max_nullfunc_tries,
46 "Maximum nullfunc tx tries before disconnecting (reason 4).");
48 static int max_probe_tries = 5;
49 module_param(max_probe_tries, int, 0644);
50 MODULE_PARM_DESC(max_probe_tries,
51 "Maximum probe tries before disconnecting (reason 4).");
54 * Beacon loss timeout is calculated as N frames times the
55 * advertised beacon interval. This may need to be somewhat
56 * higher than what hardware might detect to account for
57 * delays in the host processing frames. But since we also
58 * probe on beacon miss before declaring the connection lost
59 * default to what we want.
61 static int beacon_loss_count = 7;
62 module_param(beacon_loss_count, int, 0644);
63 MODULE_PARM_DESC(beacon_loss_count,
64 "Number of beacon intervals before we decide beacon was lost.");
67 * Time the connection can be idle before we probe
68 * it to see if we can still talk to the AP.
70 #define IEEE80211_CONNECTION_IDLE_TIME (30 * HZ)
72 * Time we wait for a probe response after sending
73 * a probe request because of beacon loss or for
74 * checking the connection still works.
76 static int probe_wait_ms = 500;
77 module_param(probe_wait_ms, int, 0644);
78 MODULE_PARM_DESC(probe_wait_ms,
79 "Maximum time(ms) to wait for probe response"
80 " before disconnecting (reason 4).");
83 * Weight given to the latest Beacon frame when calculating average signal
84 * strength for Beacon frames received in the current BSS. This must be
87 #define IEEE80211_SIGNAL_AVE_WEIGHT 3
90 * How many Beacon frames need to have been used in average signal strength
91 * before starting to indicate signal change events.
93 #define IEEE80211_SIGNAL_AVE_MIN_COUNT 4
96 * We can have multiple work items (and connection probing)
97 * scheduling this timer, but we need to take care to only
98 * reschedule it when it should fire _earlier_ than it was
99 * asked for before, or if it's not pending right now. This
100 * function ensures that. Note that it then is required to
101 * run this function for all timeouts after the first one
102 * has happened -- the work that runs from this timer will
105 static void run_again(struct ieee80211_sub_if_data *sdata,
106 unsigned long timeout)
108 sdata_assert_lock(sdata);
110 if (!timer_pending(&sdata->u.mgd.timer) ||
111 time_before(timeout, sdata->u.mgd.timer.expires))
112 mod_timer(&sdata->u.mgd.timer, timeout);
115 void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata)
117 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER)
120 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR)
123 mod_timer(&sdata->u.mgd.bcn_mon_timer,
124 round_jiffies_up(jiffies + sdata->u.mgd.beacon_timeout));
127 void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata)
129 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
131 if (unlikely(!sdata->u.mgd.associated))
134 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR)
137 mod_timer(&sdata->u.mgd.conn_mon_timer,
138 round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME));
140 ifmgd->probe_send_count = 0;
143 static int ecw2cw(int ecw)
145 return (1 << ecw) - 1;
149 ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata,
150 struct ieee80211_supported_band *sband,
151 struct ieee80211_channel *channel,
152 const struct ieee80211_ht_operation *ht_oper,
153 const struct ieee80211_vht_operation *vht_oper,
154 struct cfg80211_chan_def *chandef, bool tracking)
156 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
157 struct cfg80211_chan_def vht_chandef;
160 chandef->chan = channel;
161 chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
162 chandef->center_freq1 = channel->center_freq;
163 chandef->center_freq2 = 0;
165 if (!ht_oper || !sband->ht_cap.ht_supported) {
166 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT;
170 chandef->width = NL80211_CHAN_WIDTH_20;
172 ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan,
174 /* check that channel matches the right operating channel */
175 if (!tracking && channel->center_freq != ht_cfreq) {
177 * It's possible that some APs are confused here;
178 * Netgear WNDR3700 sometimes reports 4 higher than
179 * the actual channel in association responses, but
180 * since we look at probe response/beacon data here
184 "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n",
185 channel->center_freq, ht_cfreq,
186 ht_oper->primary_chan, channel->band);
187 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT;
191 /* check 40 MHz support, if we have it */
192 if (sband->ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) {
193 switch (ht_oper->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
194 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
195 chandef->width = NL80211_CHAN_WIDTH_40;
196 chandef->center_freq1 += 10;
198 case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
199 chandef->width = NL80211_CHAN_WIDTH_40;
200 chandef->center_freq1 -= 10;
204 /* 40 MHz (and 80 MHz) must be supported for VHT */
205 ret = IEEE80211_STA_DISABLE_VHT;
206 /* also mark 40 MHz disabled */
207 ret |= IEEE80211_STA_DISABLE_40MHZ;
211 if (!vht_oper || !sband->vht_cap.vht_supported) {
212 ret = IEEE80211_STA_DISABLE_VHT;
216 vht_chandef.chan = channel;
217 vht_chandef.center_freq1 =
218 ieee80211_channel_to_frequency(vht_oper->center_freq_seg1_idx,
220 vht_chandef.center_freq2 = 0;
222 switch (vht_oper->chan_width) {
223 case IEEE80211_VHT_CHANWIDTH_USE_HT:
224 vht_chandef.width = chandef->width;
225 vht_chandef.center_freq1 = chandef->center_freq1;
227 case IEEE80211_VHT_CHANWIDTH_80MHZ:
228 vht_chandef.width = NL80211_CHAN_WIDTH_80;
230 case IEEE80211_VHT_CHANWIDTH_160MHZ:
231 vht_chandef.width = NL80211_CHAN_WIDTH_160;
233 case IEEE80211_VHT_CHANWIDTH_80P80MHZ:
234 vht_chandef.width = NL80211_CHAN_WIDTH_80P80;
235 vht_chandef.center_freq2 =
236 ieee80211_channel_to_frequency(
237 vht_oper->center_freq_seg2_idx,
241 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
243 "AP VHT operation IE has invalid channel width (%d), disable VHT\n",
244 vht_oper->chan_width);
245 ret = IEEE80211_STA_DISABLE_VHT;
249 if (!cfg80211_chandef_valid(&vht_chandef)) {
250 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
252 "AP VHT information is invalid, disable VHT\n");
253 ret = IEEE80211_STA_DISABLE_VHT;
257 if (cfg80211_chandef_identical(chandef, &vht_chandef)) {
262 if (!cfg80211_chandef_compatible(chandef, &vht_chandef)) {
263 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
265 "AP VHT information doesn't match HT, disable VHT\n");
266 ret = IEEE80211_STA_DISABLE_VHT;
270 *chandef = vht_chandef;
276 * When tracking the current AP, don't do any further checks if the
277 * new chandef is identical to the one we're currently using for the
278 * connection. This keeps us from playing ping-pong with regulatory,
279 * without it the following can happen (for example):
280 * - connect to an AP with 80 MHz, world regdom allows 80 MHz
281 * - AP advertises regdom US
282 * - CRDA loads regdom US with 80 MHz prohibited (old database)
283 * - the code below detects an unsupported channel, downgrades, and
284 * we disconnect from the AP in the caller
285 * - disconnect causes CRDA to reload world regdomain and the game
287 * (see https://bugzilla.kernel.org/show_bug.cgi?id=70881)
289 * It seems possible that there are still scenarios with CSA or real
290 * bandwidth changes where a this could happen, but those cases are
291 * less common and wouldn't completely prevent using the AP.
294 cfg80211_chandef_identical(chandef, &sdata->vif.bss_conf.chandef))
297 /* don't print the message below for VHT mismatch if VHT is disabled */
298 if (ret & IEEE80211_STA_DISABLE_VHT)
299 vht_chandef = *chandef;
302 * Ignore the DISABLED flag when we're already connected and only
303 * tracking the APs beacon for bandwidth changes - otherwise we
304 * might get disconnected here if we connect to an AP, update our
305 * regulatory information based on the AP's country IE and the
306 * information we have is wrong/outdated and disables the channel
307 * that we're actually using for the connection to the AP.
309 while (!cfg80211_chandef_usable(sdata->local->hw.wiphy, chandef,
311 IEEE80211_CHAN_DISABLED)) {
312 if (WARN_ON(chandef->width == NL80211_CHAN_WIDTH_20_NOHT)) {
313 ret = IEEE80211_STA_DISABLE_HT |
314 IEEE80211_STA_DISABLE_VHT;
318 ret |= ieee80211_chandef_downgrade(chandef);
321 if (chandef->width != vht_chandef.width && !tracking)
323 "capabilities/regulatory prevented using AP HT/VHT configuration, downgraded\n");
325 WARN_ON_ONCE(!cfg80211_chandef_valid(chandef));
329 static int ieee80211_config_bw(struct ieee80211_sub_if_data *sdata,
330 struct sta_info *sta,
331 const struct ieee80211_ht_operation *ht_oper,
332 const struct ieee80211_vht_operation *vht_oper,
333 const u8 *bssid, u32 *changed)
335 struct ieee80211_local *local = sdata->local;
336 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
337 struct ieee80211_supported_band *sband;
338 struct ieee80211_channel *chan;
339 struct cfg80211_chan_def chandef;
342 enum ieee80211_sta_rx_bandwidth new_sta_bw;
345 /* if HT was/is disabled, don't track any bandwidth changes */
346 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT || !ht_oper)
349 /* don't check VHT if we associated as non-VHT station */
350 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT)
353 if (WARN_ON_ONCE(!sta))
357 * if bss configuration changed store the new one -
358 * this may be applicable even if channel is identical
360 ht_opmode = le16_to_cpu(ht_oper->operation_mode);
361 if (sdata->vif.bss_conf.ht_operation_mode != ht_opmode) {
362 *changed |= BSS_CHANGED_HT;
363 sdata->vif.bss_conf.ht_operation_mode = ht_opmode;
366 chan = sdata->vif.bss_conf.chandef.chan;
367 sband = local->hw.wiphy->bands[chan->band];
369 /* calculate new channel (type) based on HT/VHT operation IEs */
370 flags = ieee80211_determine_chantype(sdata, sband, chan, ht_oper,
371 vht_oper, &chandef, true);
374 * Downgrade the new channel if we associated with restricted
375 * capabilities. For example, if we associated as a 20 MHz STA
376 * to a 40 MHz AP (due to regulatory, capabilities or config
377 * reasons) then switching to a 40 MHz channel now won't do us
378 * any good -- we couldn't use it with the AP.
380 if (ifmgd->flags & IEEE80211_STA_DISABLE_80P80MHZ &&
381 chandef.width == NL80211_CHAN_WIDTH_80P80)
382 flags |= ieee80211_chandef_downgrade(&chandef);
383 if (ifmgd->flags & IEEE80211_STA_DISABLE_160MHZ &&
384 chandef.width == NL80211_CHAN_WIDTH_160)
385 flags |= ieee80211_chandef_downgrade(&chandef);
386 if (ifmgd->flags & IEEE80211_STA_DISABLE_40MHZ &&
387 chandef.width > NL80211_CHAN_WIDTH_20)
388 flags |= ieee80211_chandef_downgrade(&chandef);
390 if (cfg80211_chandef_identical(&chandef, &sdata->vif.bss_conf.chandef))
394 "AP %pM changed bandwidth, new config is %d MHz, width %d (%d/%d MHz)\n",
395 ifmgd->bssid, chandef.chan->center_freq, chandef.width,
396 chandef.center_freq1, chandef.center_freq2);
398 if (flags != (ifmgd->flags & (IEEE80211_STA_DISABLE_HT |
399 IEEE80211_STA_DISABLE_VHT |
400 IEEE80211_STA_DISABLE_40MHZ |
401 IEEE80211_STA_DISABLE_80P80MHZ |
402 IEEE80211_STA_DISABLE_160MHZ)) ||
403 !cfg80211_chandef_valid(&chandef)) {
405 "AP %pM changed bandwidth in a way we can't support - disconnect\n",
410 switch (chandef.width) {
411 case NL80211_CHAN_WIDTH_20_NOHT:
412 case NL80211_CHAN_WIDTH_20:
413 new_sta_bw = IEEE80211_STA_RX_BW_20;
415 case NL80211_CHAN_WIDTH_40:
416 new_sta_bw = IEEE80211_STA_RX_BW_40;
418 case NL80211_CHAN_WIDTH_80:
419 new_sta_bw = IEEE80211_STA_RX_BW_80;
421 case NL80211_CHAN_WIDTH_80P80:
422 case NL80211_CHAN_WIDTH_160:
423 new_sta_bw = IEEE80211_STA_RX_BW_160;
429 if (new_sta_bw > sta->cur_max_bandwidth)
430 new_sta_bw = sta->cur_max_bandwidth;
432 if (new_sta_bw < sta->sta.bandwidth) {
433 sta->sta.bandwidth = new_sta_bw;
434 rate_control_rate_update(local, sband, sta,
435 IEEE80211_RC_BW_CHANGED);
438 ret = ieee80211_vif_change_bandwidth(sdata, &chandef, changed);
441 "AP %pM changed bandwidth to incompatible one - disconnect\n",
446 if (new_sta_bw > sta->sta.bandwidth) {
447 sta->sta.bandwidth = new_sta_bw;
448 rate_control_rate_update(local, sband, sta,
449 IEEE80211_RC_BW_CHANGED);
455 /* frame sending functions */
457 static void ieee80211_add_ht_ie(struct ieee80211_sub_if_data *sdata,
458 struct sk_buff *skb, u8 ap_ht_param,
459 struct ieee80211_supported_band *sband,
460 struct ieee80211_channel *channel,
461 enum ieee80211_smps_mode smps)
464 u32 flags = channel->flags;
466 struct ieee80211_sta_ht_cap ht_cap;
468 BUILD_BUG_ON(sizeof(ht_cap) != sizeof(sband->ht_cap));
470 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap));
471 ieee80211_apply_htcap_overrides(sdata, &ht_cap);
473 /* determine capability flags */
476 switch (ap_ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
477 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
478 if (flags & IEEE80211_CHAN_NO_HT40PLUS) {
479 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
480 cap &= ~IEEE80211_HT_CAP_SGI_40;
483 case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
484 if (flags & IEEE80211_CHAN_NO_HT40MINUS) {
485 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
486 cap &= ~IEEE80211_HT_CAP_SGI_40;
492 * If 40 MHz was disabled associate as though we weren't
493 * capable of 40 MHz -- some broken APs will never fall
494 * back to trying to transmit in 20 MHz.
496 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_40MHZ) {
497 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
498 cap &= ~IEEE80211_HT_CAP_SGI_40;
501 /* set SM PS mode properly */
502 cap &= ~IEEE80211_HT_CAP_SM_PS;
504 case IEEE80211_SMPS_AUTOMATIC:
505 case IEEE80211_SMPS_NUM_MODES:
507 case IEEE80211_SMPS_OFF:
508 cap |= WLAN_HT_CAP_SM_PS_DISABLED <<
509 IEEE80211_HT_CAP_SM_PS_SHIFT;
511 case IEEE80211_SMPS_STATIC:
512 cap |= WLAN_HT_CAP_SM_PS_STATIC <<
513 IEEE80211_HT_CAP_SM_PS_SHIFT;
515 case IEEE80211_SMPS_DYNAMIC:
516 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC <<
517 IEEE80211_HT_CAP_SM_PS_SHIFT;
521 /* reserve and fill IE */
522 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2);
523 ieee80211_ie_build_ht_cap(pos, &ht_cap, cap);
526 static void ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata,
528 struct ieee80211_supported_band *sband,
529 struct ieee80211_vht_cap *ap_vht_cap)
533 struct ieee80211_sta_vht_cap vht_cap;
535 BUILD_BUG_ON(sizeof(vht_cap) != sizeof(sband->vht_cap));
537 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap));
538 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap);
540 /* determine capability flags */
543 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_80P80MHZ) {
544 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ;
545 cap |= IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
548 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_160MHZ) {
549 cap &= ~IEEE80211_VHT_CAP_SHORT_GI_160;
550 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
554 * Some APs apparently get confused if our capabilities are better
555 * than theirs, so restrict what we advertise in the assoc request.
557 if (!(ap_vht_cap->vht_cap_info &
558 cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)))
559 cap &= ~IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE;
561 /* reserve and fill IE */
562 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2);
563 ieee80211_ie_build_vht_cap(pos, &vht_cap, cap);
566 static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata)
568 struct ieee80211_local *local = sdata->local;
569 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
570 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
572 struct ieee80211_mgmt *mgmt;
574 size_t offset = 0, noffset;
575 int i, count, rates_len, supp_rates_len, shift;
577 struct ieee80211_supported_band *sband;
578 struct ieee80211_chanctx_conf *chanctx_conf;
579 struct ieee80211_channel *chan;
580 u32 rate_flags, rates = 0;
582 sdata_assert_lock(sdata);
585 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
586 if (WARN_ON(!chanctx_conf)) {
590 chan = chanctx_conf->def.chan;
591 rate_flags = ieee80211_chandef_rate_flags(&chanctx_conf->def);
593 sband = local->hw.wiphy->bands[chan->band];
594 shift = ieee80211_vif_get_shift(&sdata->vif);
596 if (assoc_data->supp_rates_len) {
598 * Get all rates supported by the device and the AP as
599 * some APs don't like getting a superset of their rates
600 * in the association request (e.g. D-Link DAP 1353 in
603 rates_len = ieee80211_parse_bitrates(&chanctx_conf->def, sband,
604 assoc_data->supp_rates,
605 assoc_data->supp_rates_len,
609 * In case AP not provide any supported rates information
610 * before association, we send information element(s) with
611 * all rates that we support.
614 for (i = 0; i < sband->n_bitrates; i++) {
615 if ((rate_flags & sband->bitrates[i].flags)
623 skb = alloc_skb(local->hw.extra_tx_headroom +
624 sizeof(*mgmt) + /* bit too much but doesn't matter */
625 2 + assoc_data->ssid_len + /* SSID */
626 4 + rates_len + /* (extended) rates */
627 4 + /* power capability */
628 2 + 2 * sband->n_channels + /* supported channels */
629 2 + sizeof(struct ieee80211_ht_cap) + /* HT */
630 2 + sizeof(struct ieee80211_vht_cap) + /* VHT */
631 assoc_data->ie_len + /* extra IEs */
637 skb_reserve(skb, local->hw.extra_tx_headroom);
639 capab = WLAN_CAPABILITY_ESS;
641 if (sband->band == IEEE80211_BAND_2GHZ) {
642 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE))
643 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
644 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE))
645 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
648 if (assoc_data->capability & WLAN_CAPABILITY_PRIVACY)
649 capab |= WLAN_CAPABILITY_PRIVACY;
651 if ((assoc_data->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) &&
652 (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT))
653 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;
655 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
657 memcpy(mgmt->da, assoc_data->bss->bssid, ETH_ALEN);
658 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
659 memcpy(mgmt->bssid, assoc_data->bss->bssid, ETH_ALEN);
661 if (!is_zero_ether_addr(assoc_data->prev_bssid)) {
663 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
664 IEEE80211_STYPE_REASSOC_REQ);
665 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab);
666 mgmt->u.reassoc_req.listen_interval =
667 cpu_to_le16(local->hw.conf.listen_interval);
668 memcpy(mgmt->u.reassoc_req.current_ap, assoc_data->prev_bssid,
672 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
673 IEEE80211_STYPE_ASSOC_REQ);
674 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab);
675 mgmt->u.assoc_req.listen_interval =
676 cpu_to_le16(local->hw.conf.listen_interval);
680 pos = skb_put(skb, 2 + assoc_data->ssid_len);
681 *pos++ = WLAN_EID_SSID;
682 *pos++ = assoc_data->ssid_len;
683 memcpy(pos, assoc_data->ssid, assoc_data->ssid_len);
685 /* add all rates which were marked to be used above */
686 supp_rates_len = rates_len;
687 if (supp_rates_len > 8)
690 pos = skb_put(skb, supp_rates_len + 2);
691 *pos++ = WLAN_EID_SUPP_RATES;
692 *pos++ = supp_rates_len;
695 for (i = 0; i < sband->n_bitrates; i++) {
696 if (BIT(i) & rates) {
697 int rate = DIV_ROUND_UP(sband->bitrates[i].bitrate,
705 if (rates_len > count) {
706 pos = skb_put(skb, rates_len - count + 2);
707 *pos++ = WLAN_EID_EXT_SUPP_RATES;
708 *pos++ = rates_len - count;
710 for (i++; i < sband->n_bitrates; i++) {
711 if (BIT(i) & rates) {
713 rate = DIV_ROUND_UP(sband->bitrates[i].bitrate,
720 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) {
721 /* 1. power capabilities */
722 pos = skb_put(skb, 4);
723 *pos++ = WLAN_EID_PWR_CAPABILITY;
725 *pos++ = 0; /* min tx power */
727 *pos++ = ieee80211_chandef_max_power(&chanctx_conf->def);
729 /* 2. supported channels */
730 /* TODO: get this in reg domain format */
731 pos = skb_put(skb, 2 * sband->n_channels + 2);
732 *pos++ = WLAN_EID_SUPPORTED_CHANNELS;
733 *pos++ = 2 * sband->n_channels;
734 for (i = 0; i < sband->n_channels; i++) {
735 *pos++ = ieee80211_frequency_to_channel(
736 sband->channels[i].center_freq);
737 *pos++ = 1; /* one channel in the subband*/
741 /* if present, add any custom IEs that go before HT */
742 if (assoc_data->ie_len) {
743 static const u8 before_ht[] = {
746 WLAN_EID_EXT_SUPP_RATES,
747 WLAN_EID_PWR_CAPABILITY,
748 WLAN_EID_SUPPORTED_CHANNELS,
751 WLAN_EID_RRM_ENABLED_CAPABILITIES,
752 WLAN_EID_MOBILITY_DOMAIN,
753 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
755 noffset = ieee80211_ie_split(assoc_data->ie, assoc_data->ie_len,
756 before_ht, ARRAY_SIZE(before_ht),
758 pos = skb_put(skb, noffset - offset);
759 memcpy(pos, assoc_data->ie + offset, noffset - offset);
763 if (WARN_ON_ONCE((ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
764 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)))
765 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
767 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT))
768 ieee80211_add_ht_ie(sdata, skb, assoc_data->ap_ht_param,
769 sband, chan, sdata->smps_mode);
771 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
772 ieee80211_add_vht_ie(sdata, skb, sband,
773 &assoc_data->ap_vht_cap);
775 /* if present, add any custom non-vendor IEs that go after HT */
776 if (assoc_data->ie_len) {
777 noffset = ieee80211_ie_split_vendor(assoc_data->ie,
780 pos = skb_put(skb, noffset - offset);
781 memcpy(pos, assoc_data->ie + offset, noffset - offset);
785 if (assoc_data->wmm) {
786 if (assoc_data->uapsd) {
787 qos_info = ifmgd->uapsd_queues;
788 qos_info |= (ifmgd->uapsd_max_sp_len <<
789 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT);
794 pos = skb_put(skb, 9);
795 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
796 *pos++ = 7; /* len */
797 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */
800 *pos++ = 2; /* WME */
801 *pos++ = 0; /* WME info */
802 *pos++ = 1; /* WME ver */
806 /* add any remaining custom (i.e. vendor specific here) IEs */
807 if (assoc_data->ie_len) {
808 noffset = assoc_data->ie_len;
809 pos = skb_put(skb, noffset - offset);
810 memcpy(pos, assoc_data->ie + offset, noffset - offset);
813 drv_mgd_prepare_tx(local, sdata);
815 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
816 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
817 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS |
818 IEEE80211_TX_INTFL_MLME_CONN_TX;
819 ieee80211_tx_skb(sdata, skb);
822 void ieee80211_send_pspoll(struct ieee80211_local *local,
823 struct ieee80211_sub_if_data *sdata)
825 struct ieee80211_pspoll *pspoll;
828 skb = ieee80211_pspoll_get(&local->hw, &sdata->vif);
832 pspoll = (struct ieee80211_pspoll *) skb->data;
833 pspoll->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
835 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
836 ieee80211_tx_skb(sdata, skb);
839 void ieee80211_send_nullfunc(struct ieee80211_local *local,
840 struct ieee80211_sub_if_data *sdata,
844 struct ieee80211_hdr_3addr *nullfunc;
845 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
847 skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif);
851 nullfunc = (struct ieee80211_hdr_3addr *) skb->data;
853 nullfunc->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
855 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT |
856 IEEE80211_TX_INTFL_OFFCHAN_TX_OK;
858 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
859 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
861 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL)
862 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE;
864 ieee80211_tx_skb(sdata, skb);
867 static void ieee80211_send_4addr_nullfunc(struct ieee80211_local *local,
868 struct ieee80211_sub_if_data *sdata)
871 struct ieee80211_hdr *nullfunc;
874 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
877 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30);
881 skb_reserve(skb, local->hw.extra_tx_headroom);
883 nullfunc = (struct ieee80211_hdr *) skb_put(skb, 30);
884 memset(nullfunc, 0, 30);
885 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC |
886 IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
887 nullfunc->frame_control = fc;
888 memcpy(nullfunc->addr1, sdata->u.mgd.bssid, ETH_ALEN);
889 memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN);
890 memcpy(nullfunc->addr3, sdata->u.mgd.bssid, ETH_ALEN);
891 memcpy(nullfunc->addr4, sdata->vif.addr, ETH_ALEN);
893 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
894 ieee80211_tx_skb(sdata, skb);
897 /* spectrum management related things */
898 static void ieee80211_chswitch_work(struct work_struct *work)
900 struct ieee80211_sub_if_data *sdata =
901 container_of(work, struct ieee80211_sub_if_data, u.mgd.chswitch_work);
902 struct ieee80211_local *local = sdata->local;
903 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
907 if (!ieee80211_sdata_running(sdata))
911 if (!ifmgd->associated)
914 mutex_lock(&local->mtx);
915 ret = ieee80211_vif_change_channel(sdata, &changed);
916 mutex_unlock(&local->mtx);
919 "vif channel switch failed, disconnecting\n");
920 ieee80211_queue_work(&sdata->local->hw,
921 &ifmgd->csa_connection_drop_work);
925 if (!local->use_chanctx) {
926 local->_oper_chandef = sdata->csa_chandef;
927 /* Call "hw_config" only if doing sw channel switch.
928 * Otherwise update the channel directly
930 if (!local->ops->channel_switch)
931 ieee80211_hw_config(local, 0);
933 local->hw.conf.chandef = local->_oper_chandef;
936 /* XXX: shouldn't really modify cfg80211-owned data! */
937 ifmgd->associated->channel = sdata->csa_chandef.chan;
939 /* XXX: wait for a beacon first? */
940 ieee80211_wake_queues_by_reason(&local->hw,
941 IEEE80211_MAX_QUEUE_MAP,
942 IEEE80211_QUEUE_STOP_REASON_CSA);
944 ieee80211_bss_info_change_notify(sdata, changed);
947 sdata->vif.csa_active = false;
948 ifmgd->flags &= ~IEEE80211_STA_CSA_RECEIVED;
952 void ieee80211_chswitch_done(struct ieee80211_vif *vif, bool success)
954 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
955 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
957 trace_api_chswitch_done(sdata, success);
960 "driver channel switch failed, disconnecting\n");
961 ieee80211_queue_work(&sdata->local->hw,
962 &ifmgd->csa_connection_drop_work);
964 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work);
967 EXPORT_SYMBOL(ieee80211_chswitch_done);
969 static void ieee80211_chswitch_timer(unsigned long data)
971 struct ieee80211_sub_if_data *sdata =
972 (struct ieee80211_sub_if_data *) data;
974 ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.chswitch_work);
978 ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata,
979 u64 timestamp, struct ieee802_11_elems *elems,
982 struct ieee80211_local *local = sdata->local;
983 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
984 struct cfg80211_bss *cbss = ifmgd->associated;
985 struct ieee80211_chanctx *chanctx;
986 enum ieee80211_band current_band;
987 struct ieee80211_csa_ie csa_ie;
990 sdata_assert_lock(sdata);
998 /* disregard subsequent announcements if we are already processing */
999 if (ifmgd->flags & IEEE80211_STA_CSA_RECEIVED)
1002 current_band = cbss->channel->band;
1003 memset(&csa_ie, 0, sizeof(csa_ie));
1004 res = ieee80211_parse_ch_switch_ie(sdata, elems, beacon, current_band,
1006 ifmgd->associated->bssid, &csa_ie);
1008 ieee80211_queue_work(&local->hw,
1009 &ifmgd->csa_connection_drop_work);
1013 if (!cfg80211_chandef_usable(local->hw.wiphy, &csa_ie.chandef,
1014 IEEE80211_CHAN_DISABLED)) {
1016 "AP %pM switches to unsupported channel (%d MHz, width:%d, CF1/2: %d/%d MHz), disconnecting\n",
1017 ifmgd->associated->bssid,
1018 csa_ie.chandef.chan->center_freq,
1019 csa_ie.chandef.width, csa_ie.chandef.center_freq1,
1020 csa_ie.chandef.center_freq2);
1021 ieee80211_queue_work(&local->hw,
1022 &ifmgd->csa_connection_drop_work);
1026 ifmgd->flags |= IEEE80211_STA_CSA_RECEIVED;
1027 sdata->vif.csa_active = true;
1029 mutex_lock(&local->chanctx_mtx);
1030 if (local->use_chanctx) {
1031 u32 num_chanctx = 0;
1032 list_for_each_entry(chanctx, &local->chanctx_list, list)
1035 if (num_chanctx > 1 ||
1036 !(local->hw.flags & IEEE80211_HW_CHANCTX_STA_CSA)) {
1038 "not handling chan-switch with channel contexts\n");
1039 ieee80211_queue_work(&local->hw,
1040 &ifmgd->csa_connection_drop_work);
1041 mutex_unlock(&local->chanctx_mtx);
1046 if (WARN_ON(!rcu_access_pointer(sdata->vif.chanctx_conf))) {
1047 ieee80211_queue_work(&local->hw,
1048 &ifmgd->csa_connection_drop_work);
1049 mutex_unlock(&local->chanctx_mtx);
1052 chanctx = container_of(rcu_access_pointer(sdata->vif.chanctx_conf),
1053 struct ieee80211_chanctx, conf);
1054 if (chanctx->refcount > 1) {
1056 "channel switch with multiple interfaces on the same channel, disconnecting\n");
1057 ieee80211_queue_work(&local->hw,
1058 &ifmgd->csa_connection_drop_work);
1059 mutex_unlock(&local->chanctx_mtx);
1062 mutex_unlock(&local->chanctx_mtx);
1064 sdata->csa_chandef = csa_ie.chandef;
1067 ieee80211_stop_queues_by_reason(&local->hw,
1068 IEEE80211_MAX_QUEUE_MAP,
1069 IEEE80211_QUEUE_STOP_REASON_CSA);
1071 if (local->ops->channel_switch) {
1072 /* use driver's channel switch callback */
1073 struct ieee80211_channel_switch ch_switch = {
1074 .timestamp = timestamp,
1075 .block_tx = csa_ie.mode,
1076 .chandef = csa_ie.chandef,
1077 .count = csa_ie.count,
1080 drv_channel_switch(local, &ch_switch);
1084 /* channel switch handled in software */
1085 if (csa_ie.count <= 1)
1086 ieee80211_queue_work(&local->hw, &ifmgd->chswitch_work);
1088 mod_timer(&ifmgd->chswitch_timer,
1089 TU_TO_EXP_TIME(csa_ie.count * cbss->beacon_interval));
1092 static u32 ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata,
1093 struct ieee80211_channel *channel,
1094 const u8 *country_ie, u8 country_ie_len,
1095 const u8 *pwr_constr_elem)
1097 struct ieee80211_country_ie_triplet *triplet;
1098 int chan = ieee80211_frequency_to_channel(channel->center_freq);
1099 int i, chan_pwr, chan_increment, new_ap_level;
1100 bool have_chan_pwr = false;
1103 if (country_ie_len % 2 || country_ie_len < IEEE80211_COUNTRY_IE_MIN_LEN)
1106 triplet = (void *)(country_ie + 3);
1107 country_ie_len -= 3;
1109 switch (channel->band) {
1113 case IEEE80211_BAND_2GHZ:
1114 case IEEE80211_BAND_60GHZ:
1117 case IEEE80211_BAND_5GHZ:
1123 while (country_ie_len >= 3) {
1124 u8 first_channel = triplet->chans.first_channel;
1126 if (first_channel >= IEEE80211_COUNTRY_EXTENSION_ID)
1129 for (i = 0; i < triplet->chans.num_channels; i++) {
1130 if (first_channel + i * chan_increment == chan) {
1131 have_chan_pwr = true;
1132 chan_pwr = triplet->chans.max_power;
1141 country_ie_len -= 3;
1147 new_ap_level = max_t(int, 0, chan_pwr - *pwr_constr_elem);
1149 if (sdata->ap_power_level == new_ap_level)
1153 "Limiting TX power to %d (%d - %d) dBm as advertised by %pM\n",
1154 new_ap_level, chan_pwr, *pwr_constr_elem,
1155 sdata->u.mgd.bssid);
1156 sdata->ap_power_level = new_ap_level;
1157 if (__ieee80211_recalc_txpower(sdata))
1158 return BSS_CHANGED_TXPOWER;
1163 static void ieee80211_enable_ps(struct ieee80211_local *local,
1164 struct ieee80211_sub_if_data *sdata)
1166 struct ieee80211_conf *conf = &local->hw.conf;
1169 * If we are scanning right now then the parameters will
1170 * take effect when scan finishes.
1172 if (local->scanning)
1175 if (conf->dynamic_ps_timeout > 0 &&
1176 !(local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)) {
1177 mod_timer(&local->dynamic_ps_timer, jiffies +
1178 msecs_to_jiffies(conf->dynamic_ps_timeout));
1180 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)
1181 ieee80211_send_nullfunc(local, sdata, 1);
1183 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) &&
1184 (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS))
1187 conf->flags |= IEEE80211_CONF_PS;
1188 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1192 static void ieee80211_change_ps(struct ieee80211_local *local)
1194 struct ieee80211_conf *conf = &local->hw.conf;
1196 if (local->ps_sdata) {
1197 ieee80211_enable_ps(local, local->ps_sdata);
1198 } else if (conf->flags & IEEE80211_CONF_PS) {
1199 conf->flags &= ~IEEE80211_CONF_PS;
1200 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1201 del_timer_sync(&local->dynamic_ps_timer);
1202 cancel_work_sync(&local->dynamic_ps_enable_work);
1206 static bool ieee80211_powersave_allowed(struct ieee80211_sub_if_data *sdata)
1208 struct ieee80211_if_managed *mgd = &sdata->u.mgd;
1209 struct sta_info *sta = NULL;
1210 bool authorized = false;
1212 if (!mgd->powersave)
1218 if (!mgd->associated)
1221 if (mgd->flags & IEEE80211_STA_CONNECTION_POLL)
1224 if (!mgd->have_beacon)
1228 sta = sta_info_get(sdata, mgd->bssid);
1230 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED);
1236 /* need to hold RTNL or interface lock */
1237 void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency)
1239 struct ieee80211_sub_if_data *sdata, *found = NULL;
1243 if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_PS)) {
1244 local->ps_sdata = NULL;
1248 list_for_each_entry(sdata, &local->interfaces, list) {
1249 if (!ieee80211_sdata_running(sdata))
1251 if (sdata->vif.type == NL80211_IFTYPE_AP) {
1252 /* If an AP vif is found, then disable PS
1253 * by setting the count to zero thereby setting
1259 if (sdata->vif.type != NL80211_IFTYPE_STATION)
1265 if (count == 1 && ieee80211_powersave_allowed(found)) {
1269 latency = pm_qos_request(PM_QOS_NETWORK_LATENCY);
1271 beaconint_us = ieee80211_tu_to_usec(
1272 found->vif.bss_conf.beacon_int);
1274 timeout = local->dynamic_ps_forced_timeout;
1277 * Go to full PSM if the user configures a very low
1278 * latency requirement.
1279 * The 2000 second value is there for compatibility
1280 * until the PM_QOS_NETWORK_LATENCY is configured
1283 if (latency > (1900 * USEC_PER_MSEC) &&
1284 latency != (2000 * USEC_PER_SEC))
1289 local->hw.conf.dynamic_ps_timeout = timeout;
1291 if (beaconint_us > latency) {
1292 local->ps_sdata = NULL;
1295 u8 dtimper = found->u.mgd.dtim_period;
1297 /* If the TIM IE is invalid, pretend the value is 1 */
1300 else if (dtimper > 1)
1301 maxslp = min_t(int, dtimper,
1302 latency / beaconint_us);
1304 local->hw.conf.max_sleep_period = maxslp;
1305 local->hw.conf.ps_dtim_period = dtimper;
1306 local->ps_sdata = found;
1309 local->ps_sdata = NULL;
1312 ieee80211_change_ps(local);
1315 void ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data *sdata)
1317 bool ps_allowed = ieee80211_powersave_allowed(sdata);
1319 if (sdata->vif.bss_conf.ps != ps_allowed) {
1320 sdata->vif.bss_conf.ps = ps_allowed;
1321 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_PS);
1325 void ieee80211_dynamic_ps_disable_work(struct work_struct *work)
1327 struct ieee80211_local *local =
1328 container_of(work, struct ieee80211_local,
1329 dynamic_ps_disable_work);
1331 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
1332 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
1333 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1336 ieee80211_wake_queues_by_reason(&local->hw,
1337 IEEE80211_MAX_QUEUE_MAP,
1338 IEEE80211_QUEUE_STOP_REASON_PS);
1341 void ieee80211_dynamic_ps_enable_work(struct work_struct *work)
1343 struct ieee80211_local *local =
1344 container_of(work, struct ieee80211_local,
1345 dynamic_ps_enable_work);
1346 struct ieee80211_sub_if_data *sdata = local->ps_sdata;
1347 struct ieee80211_if_managed *ifmgd;
1348 unsigned long flags;
1351 /* can only happen when PS was just disabled anyway */
1355 ifmgd = &sdata->u.mgd;
1357 if (local->hw.conf.flags & IEEE80211_CONF_PS)
1360 if (local->hw.conf.dynamic_ps_timeout > 0) {
1361 /* don't enter PS if TX frames are pending */
1362 if (drv_tx_frames_pending(local)) {
1363 mod_timer(&local->dynamic_ps_timer, jiffies +
1365 local->hw.conf.dynamic_ps_timeout));
1370 * transmission can be stopped by others which leads to
1371 * dynamic_ps_timer expiry. Postpone the ps timer if it
1372 * is not the actual idle state.
1374 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
1375 for (q = 0; q < local->hw.queues; q++) {
1376 if (local->queue_stop_reasons[q]) {
1377 spin_unlock_irqrestore(&local->queue_stop_reason_lock,
1379 mod_timer(&local->dynamic_ps_timer, jiffies +
1381 local->hw.conf.dynamic_ps_timeout));
1385 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
1388 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) &&
1389 !(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) {
1390 if (drv_tx_frames_pending(local)) {
1391 mod_timer(&local->dynamic_ps_timer, jiffies +
1393 local->hw.conf.dynamic_ps_timeout));
1395 ieee80211_send_nullfunc(local, sdata, 1);
1396 /* Flush to get the tx status of nullfunc frame */
1397 ieee80211_flush_queues(local, sdata);
1401 if (!((local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) &&
1402 (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)) ||
1403 (ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) {
1404 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED;
1405 local->hw.conf.flags |= IEEE80211_CONF_PS;
1406 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1410 void ieee80211_dynamic_ps_timer(unsigned long data)
1412 struct ieee80211_local *local = (void *) data;
1414 if (local->quiescing || local->suspended)
1417 ieee80211_queue_work(&local->hw, &local->dynamic_ps_enable_work);
1420 void ieee80211_dfs_cac_timer_work(struct work_struct *work)
1422 struct delayed_work *delayed_work =
1423 container_of(work, struct delayed_work, work);
1424 struct ieee80211_sub_if_data *sdata =
1425 container_of(delayed_work, struct ieee80211_sub_if_data,
1426 dfs_cac_timer_work);
1427 struct cfg80211_chan_def chandef = sdata->vif.bss_conf.chandef;
1429 mutex_lock(&sdata->local->mtx);
1430 if (sdata->wdev.cac_started) {
1431 ieee80211_vif_release_channel(sdata);
1432 cfg80211_cac_event(sdata->dev, &chandef,
1433 NL80211_RADAR_CAC_FINISHED,
1436 mutex_unlock(&sdata->local->mtx);
1440 static bool ieee80211_sta_wmm_params(struct ieee80211_local *local,
1441 struct ieee80211_sub_if_data *sdata,
1442 const u8 *wmm_param, size_t wmm_param_len)
1444 struct ieee80211_tx_queue_params params;
1445 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1449 u8 uapsd_queues = 0;
1451 if (!local->ops->conf_tx)
1454 if (local->hw.queues < IEEE80211_NUM_ACS)
1460 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1)
1463 if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED)
1464 uapsd_queues = ifmgd->uapsd_queues;
1466 count = wmm_param[6] & 0x0f;
1467 if (count == ifmgd->wmm_last_param_set)
1469 ifmgd->wmm_last_param_set = count;
1471 pos = wmm_param + 8;
1472 left = wmm_param_len - 8;
1474 memset(¶ms, 0, sizeof(params));
1477 for (; left >= 4; left -= 4, pos += 4) {
1478 int aci = (pos[0] >> 5) & 0x03;
1479 int acm = (pos[0] >> 4) & 0x01;
1487 sdata->wmm_acm |= BIT(1) | BIT(2); /* BK/- */
1488 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK)
1494 sdata->wmm_acm |= BIT(4) | BIT(5); /* CL/VI */
1495 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI)
1501 sdata->wmm_acm |= BIT(6) | BIT(7); /* VO/NC */
1502 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO)
1509 sdata->wmm_acm |= BIT(0) | BIT(3); /* BE/EE */
1510 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE)
1515 params.aifs = pos[0] & 0x0f;
1516 params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4);
1517 params.cw_min = ecw2cw(pos[1] & 0x0f);
1518 params.txop = get_unaligned_le16(pos + 2);
1520 params.uapsd = uapsd;
1523 "WMM queue=%d aci=%d acm=%d aifs=%d cWmin=%d cWmax=%d txop=%d uapsd=%d\n",
1525 params.aifs, params.cw_min, params.cw_max,
1526 params.txop, params.uapsd);
1527 sdata->tx_conf[queue] = params;
1528 if (drv_conf_tx(local, sdata, queue, ¶ms))
1530 "failed to set TX queue parameters for queue %d\n",
1534 /* enable WMM or activate new settings */
1535 sdata->vif.bss_conf.qos = true;
1539 static void __ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata)
1541 lockdep_assert_held(&sdata->local->mtx);
1543 sdata->u.mgd.flags &= ~IEEE80211_STA_CONNECTION_POLL;
1544 ieee80211_run_deferred_scan(sdata->local);
1547 static void ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata)
1549 mutex_lock(&sdata->local->mtx);
1550 __ieee80211_stop_poll(sdata);
1551 mutex_unlock(&sdata->local->mtx);
1554 static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata,
1555 u16 capab, bool erp_valid, u8 erp)
1557 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
1559 bool use_protection;
1560 bool use_short_preamble;
1561 bool use_short_slot;
1564 use_protection = (erp & WLAN_ERP_USE_PROTECTION) != 0;
1565 use_short_preamble = (erp & WLAN_ERP_BARKER_PREAMBLE) == 0;
1567 use_protection = false;
1568 use_short_preamble = !!(capab & WLAN_CAPABILITY_SHORT_PREAMBLE);
1571 use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME);
1572 if (ieee80211_get_sdata_band(sdata) == IEEE80211_BAND_5GHZ)
1573 use_short_slot = true;
1575 if (use_protection != bss_conf->use_cts_prot) {
1576 bss_conf->use_cts_prot = use_protection;
1577 changed |= BSS_CHANGED_ERP_CTS_PROT;
1580 if (use_short_preamble != bss_conf->use_short_preamble) {
1581 bss_conf->use_short_preamble = use_short_preamble;
1582 changed |= BSS_CHANGED_ERP_PREAMBLE;
1585 if (use_short_slot != bss_conf->use_short_slot) {
1586 bss_conf->use_short_slot = use_short_slot;
1587 changed |= BSS_CHANGED_ERP_SLOT;
1593 static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
1594 struct cfg80211_bss *cbss,
1595 u32 bss_info_changed)
1597 struct ieee80211_bss *bss = (void *)cbss->priv;
1598 struct ieee80211_local *local = sdata->local;
1599 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
1601 bss_info_changed |= BSS_CHANGED_ASSOC;
1602 bss_info_changed |= ieee80211_handle_bss_capability(sdata,
1603 bss_conf->assoc_capability, bss->has_erp_value, bss->erp_value);
1605 sdata->u.mgd.beacon_timeout = usecs_to_jiffies(ieee80211_tu_to_usec(
1606 beacon_loss_count * bss_conf->beacon_int));
1608 sdata->u.mgd.associated = cbss;
1609 memcpy(sdata->u.mgd.bssid, cbss->bssid, ETH_ALEN);
1611 sdata->u.mgd.flags |= IEEE80211_STA_RESET_SIGNAL_AVE;
1613 if (sdata->vif.p2p) {
1614 const struct cfg80211_bss_ies *ies;
1617 ies = rcu_dereference(cbss->ies);
1621 ret = cfg80211_get_p2p_attr(
1622 ies->data, ies->len,
1623 IEEE80211_P2P_ATTR_ABSENCE_NOTICE,
1624 (u8 *) &bss_conf->p2p_noa_attr,
1625 sizeof(bss_conf->p2p_noa_attr));
1627 sdata->u.mgd.p2p_noa_index =
1628 bss_conf->p2p_noa_attr.index;
1629 bss_info_changed |= BSS_CHANGED_P2P_PS;
1635 /* just to be sure */
1636 ieee80211_stop_poll(sdata);
1638 ieee80211_led_assoc(local, 1);
1640 if (sdata->u.mgd.have_beacon) {
1642 * If the AP is buggy we may get here with no DTIM period
1643 * known, so assume it's 1 which is the only safe assumption
1644 * in that case, although if the TIM IE is broken powersave
1645 * probably just won't work at all.
1647 bss_conf->dtim_period = sdata->u.mgd.dtim_period ?: 1;
1648 bss_conf->beacon_rate = bss->beacon_rate;
1649 bss_info_changed |= BSS_CHANGED_BEACON_INFO;
1651 bss_conf->beacon_rate = NULL;
1652 bss_conf->dtim_period = 0;
1655 bss_conf->assoc = 1;
1657 /* Tell the driver to monitor connection quality (if supported) */
1658 if (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI &&
1659 bss_conf->cqm_rssi_thold)
1660 bss_info_changed |= BSS_CHANGED_CQM;
1662 /* Enable ARP filtering */
1663 if (bss_conf->arp_addr_cnt)
1664 bss_info_changed |= BSS_CHANGED_ARP_FILTER;
1666 ieee80211_bss_info_change_notify(sdata, bss_info_changed);
1668 mutex_lock(&local->iflist_mtx);
1669 ieee80211_recalc_ps(local, -1);
1670 mutex_unlock(&local->iflist_mtx);
1672 ieee80211_recalc_smps(sdata);
1673 ieee80211_recalc_ps_vif(sdata);
1675 netif_carrier_on(sdata->dev);
1678 static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
1679 u16 stype, u16 reason, bool tx,
1682 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1683 struct ieee80211_local *local = sdata->local;
1686 sdata_assert_lock(sdata);
1688 if (WARN_ON_ONCE(tx && !frame_buf))
1691 if (WARN_ON(!ifmgd->associated))
1694 ieee80211_stop_poll(sdata);
1696 ifmgd->associated = NULL;
1697 netif_carrier_off(sdata->dev);
1700 * if we want to get out of ps before disassoc (why?) we have
1701 * to do it before sending disassoc, as otherwise the null-packet
1704 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
1705 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
1706 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1708 local->ps_sdata = NULL;
1710 /* disable per-vif ps */
1711 ieee80211_recalc_ps_vif(sdata);
1713 /* flush out any pending frame (e.g. DELBA) before deauth/disassoc */
1715 ieee80211_flush_queues(local, sdata);
1717 /* deauthenticate/disassociate now */
1718 if (tx || frame_buf)
1719 ieee80211_send_deauth_disassoc(sdata, ifmgd->bssid, stype,
1720 reason, tx, frame_buf);
1722 /* flush out frame */
1724 ieee80211_flush_queues(local, sdata);
1726 /* clear bssid only after building the needed mgmt frames */
1727 memset(ifmgd->bssid, 0, ETH_ALEN);
1729 /* remove AP and TDLS peers */
1730 sta_info_flush(sdata);
1732 /* finally reset all BSS / config parameters */
1733 changed |= ieee80211_reset_erp_info(sdata);
1735 ieee80211_led_assoc(local, 0);
1736 changed |= BSS_CHANGED_ASSOC;
1737 sdata->vif.bss_conf.assoc = false;
1739 ifmgd->p2p_noa_index = -1;
1740 memset(&sdata->vif.bss_conf.p2p_noa_attr, 0,
1741 sizeof(sdata->vif.bss_conf.p2p_noa_attr));
1743 /* on the next assoc, re-program HT/VHT parameters */
1744 memset(&ifmgd->ht_capa, 0, sizeof(ifmgd->ht_capa));
1745 memset(&ifmgd->ht_capa_mask, 0, sizeof(ifmgd->ht_capa_mask));
1746 memset(&ifmgd->vht_capa, 0, sizeof(ifmgd->vht_capa));
1747 memset(&ifmgd->vht_capa_mask, 0, sizeof(ifmgd->vht_capa_mask));
1749 sdata->ap_power_level = IEEE80211_UNSET_POWER_LEVEL;
1751 del_timer_sync(&local->dynamic_ps_timer);
1752 cancel_work_sync(&local->dynamic_ps_enable_work);
1754 /* Disable ARP filtering */
1755 if (sdata->vif.bss_conf.arp_addr_cnt)
1756 changed |= BSS_CHANGED_ARP_FILTER;
1758 sdata->vif.bss_conf.qos = false;
1759 changed |= BSS_CHANGED_QOS;
1761 /* The BSSID (not really interesting) and HT changed */
1762 changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT;
1763 ieee80211_bss_info_change_notify(sdata, changed);
1765 /* disassociated - set to defaults now */
1766 ieee80211_set_wmm_default(sdata, false);
1768 del_timer_sync(&sdata->u.mgd.conn_mon_timer);
1769 del_timer_sync(&sdata->u.mgd.bcn_mon_timer);
1770 del_timer_sync(&sdata->u.mgd.timer);
1771 del_timer_sync(&sdata->u.mgd.chswitch_timer);
1773 sdata->vif.bss_conf.dtim_period = 0;
1774 sdata->vif.bss_conf.beacon_rate = NULL;
1776 ifmgd->have_beacon = false;
1779 mutex_lock(&local->mtx);
1780 ieee80211_vif_release_channel(sdata);
1781 mutex_unlock(&local->mtx);
1783 sdata->encrypt_headroom = IEEE80211_ENCRYPT_HEADROOM;
1786 void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata,
1787 struct ieee80211_hdr *hdr)
1790 * We can postpone the mgd.timer whenever receiving unicast frames
1791 * from AP because we know that the connection is working both ways
1792 * at that time. But multicast frames (and hence also beacons) must
1793 * be ignored here, because we need to trigger the timer during
1794 * data idle periods for sending the periodic probe request to the
1795 * AP we're connected to.
1797 if (is_multicast_ether_addr(hdr->addr1))
1800 ieee80211_sta_reset_conn_monitor(sdata);
1803 static void ieee80211_reset_ap_probe(struct ieee80211_sub_if_data *sdata)
1805 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1806 struct ieee80211_local *local = sdata->local;
1808 mutex_lock(&local->mtx);
1809 if (!(ifmgd->flags & IEEE80211_STA_CONNECTION_POLL))
1812 __ieee80211_stop_poll(sdata);
1814 mutex_lock(&local->iflist_mtx);
1815 ieee80211_recalc_ps(local, -1);
1816 mutex_unlock(&local->iflist_mtx);
1818 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR)
1822 * We've received a probe response, but are not sure whether
1823 * we have or will be receiving any beacons or data, so let's
1824 * schedule the timers again, just in case.
1826 ieee80211_sta_reset_beacon_monitor(sdata);
1828 mod_timer(&ifmgd->conn_mon_timer,
1829 round_jiffies_up(jiffies +
1830 IEEE80211_CONNECTION_IDLE_TIME));
1832 mutex_unlock(&local->mtx);
1835 void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata,
1836 struct ieee80211_hdr *hdr, bool ack)
1838 if (!ieee80211_is_data(hdr->frame_control))
1841 if (ieee80211_is_nullfunc(hdr->frame_control) &&
1842 sdata->u.mgd.probe_send_count > 0) {
1844 ieee80211_sta_reset_conn_monitor(sdata);
1846 sdata->u.mgd.nullfunc_failed = true;
1847 ieee80211_queue_work(&sdata->local->hw, &sdata->work);
1852 ieee80211_sta_reset_conn_monitor(sdata);
1855 static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata)
1857 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1859 u8 *dst = ifmgd->associated->bssid;
1860 u8 unicast_limit = max(1, max_probe_tries - 3);
1863 * Try sending broadcast probe requests for the last three
1864 * probe requests after the first ones failed since some
1865 * buggy APs only support broadcast probe requests.
1867 if (ifmgd->probe_send_count >= unicast_limit)
1871 * When the hardware reports an accurate Tx ACK status, it's
1872 * better to send a nullfunc frame instead of a probe request,
1873 * as it will kick us off the AP quickly if we aren't associated
1874 * anymore. The timeout will be reset if the frame is ACKed by
1877 ifmgd->probe_send_count++;
1879 if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) {
1880 ifmgd->nullfunc_failed = false;
1881 ieee80211_send_nullfunc(sdata->local, sdata, 0);
1886 ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID);
1887 if (WARN_ON_ONCE(ssid == NULL))
1892 ieee80211_send_probe_req(sdata, dst, ssid + 2, ssid_len, NULL,
1893 0, (u32) -1, true, 0,
1894 ifmgd->associated->channel, false);
1898 ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms);
1899 run_again(sdata, ifmgd->probe_timeout);
1900 if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
1901 ieee80211_flush_queues(sdata->local, sdata);
1904 static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata,
1907 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1908 bool already = false;
1910 if (!ieee80211_sdata_running(sdata))
1915 if (!ifmgd->associated)
1918 mutex_lock(&sdata->local->mtx);
1920 if (sdata->local->tmp_channel || sdata->local->scanning) {
1921 mutex_unlock(&sdata->local->mtx);
1926 mlme_dbg_ratelimited(sdata,
1927 "detected beacon loss from AP (missed %d beacons) - probing\n",
1930 ieee80211_cqm_rssi_notify(&sdata->vif,
1931 NL80211_CQM_RSSI_BEACON_LOSS_EVENT,
1936 * The driver/our work has already reported this event or the
1937 * connection monitoring has kicked in and we have already sent
1938 * a probe request. Or maybe the AP died and the driver keeps
1939 * reporting until we disassociate...
1941 * In either case we have to ignore the current call to this
1942 * function (except for setting the correct probe reason bit)
1943 * because otherwise we would reset the timer every time and
1944 * never check whether we received a probe response!
1946 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL)
1949 ifmgd->flags |= IEEE80211_STA_CONNECTION_POLL;
1951 mutex_unlock(&sdata->local->mtx);
1956 mutex_lock(&sdata->local->iflist_mtx);
1957 ieee80211_recalc_ps(sdata->local, -1);
1958 mutex_unlock(&sdata->local->iflist_mtx);
1960 ifmgd->probe_send_count = 0;
1961 ieee80211_mgd_probe_ap_send(sdata);
1963 sdata_unlock(sdata);
1966 struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw,
1967 struct ieee80211_vif *vif)
1969 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1970 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1971 struct cfg80211_bss *cbss;
1972 struct sk_buff *skb;
1976 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
1979 sdata_assert_lock(sdata);
1981 if (ifmgd->associated)
1982 cbss = ifmgd->associated;
1983 else if (ifmgd->auth_data)
1984 cbss = ifmgd->auth_data->bss;
1985 else if (ifmgd->assoc_data)
1986 cbss = ifmgd->assoc_data->bss;
1991 ssid = ieee80211_bss_get_ie(cbss, WLAN_EID_SSID);
1992 if (WARN_ON_ONCE(ssid == NULL))
1997 skb = ieee80211_build_probe_req(sdata, cbss->bssid,
1998 (u32) -1, cbss->channel,
2005 EXPORT_SYMBOL(ieee80211_ap_probereq_get);
2007 static void __ieee80211_disconnect(struct ieee80211_sub_if_data *sdata)
2009 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2010 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
2013 if (!ifmgd->associated) {
2014 sdata_unlock(sdata);
2018 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
2019 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
2021 ifmgd->flags &= ~IEEE80211_STA_CSA_RECEIVED;
2022 sdata->vif.csa_active = false;
2023 ieee80211_wake_queues_by_reason(&sdata->local->hw,
2024 IEEE80211_MAX_QUEUE_MAP,
2025 IEEE80211_QUEUE_STOP_REASON_CSA);
2027 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,
2028 IEEE80211_DEAUTH_FRAME_LEN);
2029 sdata_unlock(sdata);
2032 static void ieee80211_beacon_connection_loss_work(struct work_struct *work)
2034 struct ieee80211_sub_if_data *sdata =
2035 container_of(work, struct ieee80211_sub_if_data,
2036 u.mgd.beacon_connection_loss_work);
2037 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2038 struct sta_info *sta;
2040 if (ifmgd->associated) {
2042 sta = sta_info_get(sdata, ifmgd->bssid);
2044 sta->beacon_loss_count++;
2048 if (ifmgd->connection_loss) {
2049 sdata_info(sdata, "Connection to AP %pM lost\n",
2051 __ieee80211_disconnect(sdata);
2053 ieee80211_mgd_probe_ap(sdata, true);
2057 static void ieee80211_csa_connection_drop_work(struct work_struct *work)
2059 struct ieee80211_sub_if_data *sdata =
2060 container_of(work, struct ieee80211_sub_if_data,
2061 u.mgd.csa_connection_drop_work);
2063 __ieee80211_disconnect(sdata);
2066 void ieee80211_beacon_loss(struct ieee80211_vif *vif)
2068 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2069 struct ieee80211_hw *hw = &sdata->local->hw;
2071 trace_api_beacon_loss(sdata);
2073 sdata->u.mgd.connection_loss = false;
2074 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work);
2076 EXPORT_SYMBOL(ieee80211_beacon_loss);
2078 void ieee80211_connection_loss(struct ieee80211_vif *vif)
2080 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2081 struct ieee80211_hw *hw = &sdata->local->hw;
2083 trace_api_connection_loss(sdata);
2085 sdata->u.mgd.connection_loss = true;
2086 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work);
2088 EXPORT_SYMBOL(ieee80211_connection_loss);
2091 static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata,
2094 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data;
2096 sdata_assert_lock(sdata);
2099 sta_info_destroy_addr(sdata, auth_data->bss->bssid);
2101 memset(sdata->u.mgd.bssid, 0, ETH_ALEN);
2102 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
2103 sdata->u.mgd.flags = 0;
2104 mutex_lock(&sdata->local->mtx);
2105 ieee80211_vif_release_channel(sdata);
2106 mutex_unlock(&sdata->local->mtx);
2109 cfg80211_put_bss(sdata->local->hw.wiphy, auth_data->bss);
2111 sdata->u.mgd.auth_data = NULL;
2114 static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata,
2115 struct ieee80211_mgmt *mgmt, size_t len)
2117 struct ieee80211_local *local = sdata->local;
2118 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data;
2120 struct ieee802_11_elems elems;
2123 pos = mgmt->u.auth.variable;
2124 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems);
2125 if (!elems.challenge)
2127 auth_data->expected_transaction = 4;
2128 drv_mgd_prepare_tx(sdata->local, sdata);
2129 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
2130 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
2131 IEEE80211_TX_INTFL_MLME_CONN_TX;
2132 ieee80211_send_auth(sdata, 3, auth_data->algorithm, 0,
2133 elems.challenge - 2, elems.challenge_len + 2,
2134 auth_data->bss->bssid, auth_data->bss->bssid,
2135 auth_data->key, auth_data->key_len,
2136 auth_data->key_idx, tx_flags);
2139 static void ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata,
2140 struct ieee80211_mgmt *mgmt, size_t len)
2142 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2144 u16 auth_alg, auth_transaction, status_code;
2145 struct sta_info *sta;
2147 sdata_assert_lock(sdata);
2152 if (!ifmgd->auth_data || ifmgd->auth_data->done)
2155 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN);
2157 if (!ether_addr_equal(bssid, mgmt->bssid))
2160 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
2161 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
2162 status_code = le16_to_cpu(mgmt->u.auth.status_code);
2164 if (auth_alg != ifmgd->auth_data->algorithm ||
2165 auth_transaction != ifmgd->auth_data->expected_transaction) {
2166 sdata_info(sdata, "%pM unexpected authentication state: alg %d (expected %d) transact %d (expected %d)\n",
2167 mgmt->sa, auth_alg, ifmgd->auth_data->algorithm,
2169 ifmgd->auth_data->expected_transaction);
2173 if (status_code != WLAN_STATUS_SUCCESS) {
2174 sdata_info(sdata, "%pM denied authentication (status %d)\n",
2175 mgmt->sa, status_code);
2176 ieee80211_destroy_auth_data(sdata, false);
2177 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
2181 switch (ifmgd->auth_data->algorithm) {
2182 case WLAN_AUTH_OPEN:
2183 case WLAN_AUTH_LEAP:
2187 case WLAN_AUTH_SHARED_KEY:
2188 if (ifmgd->auth_data->expected_transaction != 4) {
2189 ieee80211_auth_challenge(sdata, mgmt, len);
2190 /* need another frame */
2195 WARN_ONCE(1, "invalid auth alg %d",
2196 ifmgd->auth_data->algorithm);
2200 sdata_info(sdata, "authenticated\n");
2201 ifmgd->auth_data->done = true;
2202 ifmgd->auth_data->timeout = jiffies + IEEE80211_AUTH_WAIT_ASSOC;
2203 ifmgd->auth_data->timeout_started = true;
2204 run_again(sdata, ifmgd->auth_data->timeout);
2206 if (ifmgd->auth_data->algorithm == WLAN_AUTH_SAE &&
2207 ifmgd->auth_data->expected_transaction != 2) {
2209 * Report auth frame to user space for processing since another
2210 * round of Authentication frames is still needed.
2212 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
2216 /* move station state to auth */
2217 mutex_lock(&sdata->local->sta_mtx);
2218 sta = sta_info_get(sdata, bssid);
2220 WARN_ONCE(1, "%s: STA %pM not found", sdata->name, bssid);
2223 if (sta_info_move_state(sta, IEEE80211_STA_AUTH)) {
2224 sdata_info(sdata, "failed moving %pM to auth\n", bssid);
2227 mutex_unlock(&sdata->local->sta_mtx);
2229 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
2232 mutex_unlock(&sdata->local->sta_mtx);
2233 /* ignore frame -- wait for timeout */
2237 static void ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata,
2238 struct ieee80211_mgmt *mgmt, size_t len)
2240 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2241 const u8 *bssid = NULL;
2244 sdata_assert_lock(sdata);
2249 if (!ifmgd->associated ||
2250 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid))
2253 bssid = ifmgd->associated->bssid;
2255 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
2257 sdata_info(sdata, "deauthenticated from %pM (Reason: %u)\n",
2258 bssid, reason_code);
2260 ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
2262 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
2266 static void ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata,
2267 struct ieee80211_mgmt *mgmt, size_t len)
2269 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2272 sdata_assert_lock(sdata);
2277 if (!ifmgd->associated ||
2278 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid))
2281 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
2283 sdata_info(sdata, "disassociated from %pM (Reason: %u)\n",
2284 mgmt->sa, reason_code);
2286 ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
2288 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
2291 static void ieee80211_get_rates(struct ieee80211_supported_band *sband,
2292 u8 *supp_rates, unsigned int supp_rates_len,
2293 u32 *rates, u32 *basic_rates,
2294 bool *have_higher_than_11mbit,
2295 int *min_rate, int *min_rate_index,
2296 int shift, u32 rate_flags)
2300 for (i = 0; i < supp_rates_len; i++) {
2301 int rate = supp_rates[i] & 0x7f;
2302 bool is_basic = !!(supp_rates[i] & 0x80);
2304 if ((rate * 5 * (1 << shift)) > 110)
2305 *have_higher_than_11mbit = true;
2308 * BSS_MEMBERSHIP_SELECTOR_HT_PHY is defined in 802.11n-2009
2309 * 7.3.2.2 as a magic value instead of a rate. Hence, skip it.
2311 * Note: Even through the membership selector and the basic
2312 * rate flag share the same bit, they are not exactly
2315 if (!!(supp_rates[i] & 0x80) &&
2316 (supp_rates[i] & 0x7f) == BSS_MEMBERSHIP_SELECTOR_HT_PHY)
2319 for (j = 0; j < sband->n_bitrates; j++) {
2320 struct ieee80211_rate *br;
2323 br = &sband->bitrates[j];
2324 if ((rate_flags & br->flags) != rate_flags)
2327 brate = DIV_ROUND_UP(br->bitrate, (1 << shift) * 5);
2328 if (brate == rate) {
2331 *basic_rates |= BIT(j);
2332 if ((rate * 5) < *min_rate) {
2333 *min_rate = rate * 5;
2334 *min_rate_index = j;
2342 static void ieee80211_destroy_assoc_data(struct ieee80211_sub_if_data *sdata,
2345 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data;
2347 sdata_assert_lock(sdata);
2350 sta_info_destroy_addr(sdata, assoc_data->bss->bssid);
2352 memset(sdata->u.mgd.bssid, 0, ETH_ALEN);
2353 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
2354 sdata->u.mgd.flags = 0;
2355 mutex_lock(&sdata->local->mtx);
2356 ieee80211_vif_release_channel(sdata);
2357 mutex_unlock(&sdata->local->mtx);
2361 sdata->u.mgd.assoc_data = NULL;
2364 static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata,
2365 struct cfg80211_bss *cbss,
2366 struct ieee80211_mgmt *mgmt, size_t len)
2368 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2369 struct ieee80211_local *local = sdata->local;
2370 struct ieee80211_supported_band *sband;
2371 struct sta_info *sta;
2373 u16 capab_info, aid;
2374 struct ieee802_11_elems elems;
2375 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
2376 const struct cfg80211_bss_ies *bss_ies = NULL;
2377 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
2382 /* AssocResp and ReassocResp have identical structure */
2384 aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
2385 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
2387 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14)))
2388 sdata_info(sdata, "invalid AID value 0x%x; bits 15:14 not set\n",
2390 aid &= ~(BIT(15) | BIT(14));
2392 ifmgd->broken_ap = false;
2394 if (aid == 0 || aid > IEEE80211_MAX_AID) {
2395 sdata_info(sdata, "invalid AID value %d (out of range), turn off PS\n",
2398 ifmgd->broken_ap = true;
2401 pos = mgmt->u.assoc_resp.variable;
2402 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems);
2404 if (!elems.supp_rates) {
2405 sdata_info(sdata, "no SuppRates element in AssocResp\n");
2412 * Some APs are erroneously not including some information in their
2413 * (re)association response frames. Try to recover by using the data
2414 * from the beacon or probe response. This seems to afflict mobile
2415 * 2G/3G/4G wifi routers, reported models include the "Onda PN51T",
2416 * "Vodafone PocketWiFi 2", "ZTE MF60" and a similar T-Mobile device.
2418 if ((assoc_data->wmm && !elems.wmm_param) ||
2419 (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
2420 (!elems.ht_cap_elem || !elems.ht_operation)) ||
2421 (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) &&
2422 (!elems.vht_cap_elem || !elems.vht_operation))) {
2423 const struct cfg80211_bss_ies *ies;
2424 struct ieee802_11_elems bss_elems;
2427 ies = rcu_dereference(cbss->ies);
2429 bss_ies = kmemdup(ies, sizeof(*ies) + ies->len,
2435 ieee802_11_parse_elems(bss_ies->data, bss_ies->len,
2437 if (assoc_data->wmm &&
2438 !elems.wmm_param && bss_elems.wmm_param) {
2439 elems.wmm_param = bss_elems.wmm_param;
2441 "AP bug: WMM param missing from AssocResp\n");
2445 * Also check if we requested HT/VHT, otherwise the AP doesn't
2446 * have to include the IEs in the (re)association response.
2448 if (!elems.ht_cap_elem && bss_elems.ht_cap_elem &&
2449 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) {
2450 elems.ht_cap_elem = bss_elems.ht_cap_elem;
2452 "AP bug: HT capability missing from AssocResp\n");
2454 if (!elems.ht_operation && bss_elems.ht_operation &&
2455 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) {
2456 elems.ht_operation = bss_elems.ht_operation;
2458 "AP bug: HT operation missing from AssocResp\n");
2460 if (!elems.vht_cap_elem && bss_elems.vht_cap_elem &&
2461 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) {
2462 elems.vht_cap_elem = bss_elems.vht_cap_elem;
2464 "AP bug: VHT capa missing from AssocResp\n");
2466 if (!elems.vht_operation && bss_elems.vht_operation &&
2467 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) {
2468 elems.vht_operation = bss_elems.vht_operation;
2470 "AP bug: VHT operation missing from AssocResp\n");
2475 * We previously checked these in the beacon/probe response, so
2476 * they should be present here. This is just a safety net.
2478 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
2479 (!elems.wmm_param || !elems.ht_cap_elem || !elems.ht_operation)) {
2481 "HT AP is missing WMM params or HT capability/operation\n");
2486 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) &&
2487 (!elems.vht_cap_elem || !elems.vht_operation)) {
2489 "VHT AP is missing VHT capability/operation\n");
2494 mutex_lock(&sdata->local->sta_mtx);
2496 * station info was already allocated and inserted before
2497 * the association and should be available to us
2499 sta = sta_info_get(sdata, cbss->bssid);
2500 if (WARN_ON(!sta)) {
2501 mutex_unlock(&sdata->local->sta_mtx);
2506 sband = local->hw.wiphy->bands[ieee80211_get_sdata_band(sdata)];
2508 /* Set up internal HT/VHT capabilities */
2509 if (elems.ht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_HT))
2510 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband,
2511 elems.ht_cap_elem, sta);
2513 if (elems.vht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
2514 ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband,
2515 elems.vht_cap_elem, sta);
2518 * Some APs, e.g. Netgear WNDR3700, report invalid HT operation data
2519 * in their association response, so ignore that data for our own
2520 * configuration. If it changed since the last beacon, we'll get the
2521 * next beacon and update then.
2525 * If an operating mode notification IE is present, override the
2526 * NSS calculation (that would be done in rate_control_rate_init())
2527 * and use the # of streams from that element.
2529 if (elems.opmode_notif &&
2530 !(*elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_TYPE_BF)) {
2533 nss = *elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_MASK;
2534 nss >>= IEEE80211_OPMODE_NOTIF_RX_NSS_SHIFT;
2536 sta->sta.rx_nss = nss;
2539 rate_control_rate_init(sta);
2541 if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED)
2542 set_sta_flag(sta, WLAN_STA_MFP);
2544 if (elems.wmm_param)
2545 set_sta_flag(sta, WLAN_STA_WME);
2547 err = sta_info_move_state(sta, IEEE80211_STA_ASSOC);
2548 if (!err && !(ifmgd->flags & IEEE80211_STA_CONTROL_PORT))
2549 err = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED);
2552 "failed to move station %pM to desired state\n",
2554 WARN_ON(__sta_info_destroy(sta));
2555 mutex_unlock(&sdata->local->sta_mtx);
2560 mutex_unlock(&sdata->local->sta_mtx);
2563 * Always handle WMM once after association regardless
2564 * of the first value the AP uses. Setting -1 here has
2565 * that effect because the AP values is an unsigned
2568 ifmgd->wmm_last_param_set = -1;
2570 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_WMM) && elems.wmm_param)
2571 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param,
2572 elems.wmm_param_len);
2574 ieee80211_set_wmm_default(sdata, false);
2575 changed |= BSS_CHANGED_QOS;
2577 /* set AID and assoc capability,
2578 * ieee80211_set_associated() will tell the driver */
2579 bss_conf->aid = aid;
2580 bss_conf->assoc_capability = capab_info;
2581 ieee80211_set_associated(sdata, cbss, changed);
2584 * If we're using 4-addr mode, let the AP know that we're
2585 * doing so, so that it can create the STA VLAN on its side
2587 if (ifmgd->use_4addr)
2588 ieee80211_send_4addr_nullfunc(local, sdata);
2591 * Start timer to probe the connection to the AP now.
2592 * Also start the timer that will detect beacon loss.
2594 ieee80211_sta_rx_notify(sdata, (struct ieee80211_hdr *)mgmt);
2595 ieee80211_sta_reset_beacon_monitor(sdata);
2603 static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
2604 struct ieee80211_mgmt *mgmt,
2607 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2608 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
2609 u16 capab_info, status_code, aid;
2610 struct ieee802_11_elems elems;
2613 struct cfg80211_bss *bss;
2615 sdata_assert_lock(sdata);
2619 if (!ether_addr_equal(assoc_data->bss->bssid, mgmt->bssid))
2623 * AssocResp and ReassocResp have identical structure, so process both
2624 * of them in this function.
2630 reassoc = ieee80211_is_reassoc_req(mgmt->frame_control);
2631 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
2632 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
2633 aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
2636 "RX %sssocResp from %pM (capab=0x%x status=%d aid=%d)\n",
2637 reassoc ? "Rea" : "A", mgmt->sa,
2638 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14))));
2640 pos = mgmt->u.assoc_resp.variable;
2641 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems);
2643 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY &&
2644 elems.timeout_int &&
2645 elems.timeout_int->type == WLAN_TIMEOUT_ASSOC_COMEBACK) {
2647 tu = le32_to_cpu(elems.timeout_int->value);
2648 ms = tu * 1024 / 1000;
2650 "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n",
2652 assoc_data->timeout = jiffies + msecs_to_jiffies(ms);
2653 assoc_data->timeout_started = true;
2654 if (ms > IEEE80211_ASSOC_TIMEOUT)
2655 run_again(sdata, assoc_data->timeout);
2659 bss = assoc_data->bss;
2661 if (status_code != WLAN_STATUS_SUCCESS) {
2662 sdata_info(sdata, "%pM denied association (code=%d)\n",
2663 mgmt->sa, status_code);
2664 ieee80211_destroy_assoc_data(sdata, false);
2666 if (!ieee80211_assoc_success(sdata, bss, mgmt, len)) {
2667 /* oops -- internal error -- send timeout for now */
2668 ieee80211_destroy_assoc_data(sdata, false);
2669 cfg80211_assoc_timeout(sdata->dev, bss);
2672 sdata_info(sdata, "associated\n");
2675 * destroy assoc_data afterwards, as otherwise an idle
2676 * recalc after assoc_data is NULL but before associated
2677 * is set can cause the interface to go idle
2679 ieee80211_destroy_assoc_data(sdata, true);
2682 cfg80211_rx_assoc_resp(sdata->dev, bss, (u8 *)mgmt, len);
2685 static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
2686 struct ieee80211_mgmt *mgmt, size_t len,
2687 struct ieee80211_rx_status *rx_status,
2688 struct ieee802_11_elems *elems)
2690 struct ieee80211_local *local = sdata->local;
2692 struct ieee80211_bss *bss;
2693 struct ieee80211_channel *channel;
2695 sdata_assert_lock(sdata);
2697 if (elems->ds_params)
2698 freq = ieee80211_channel_to_frequency(elems->ds_params[0],
2701 freq = rx_status->freq;
2703 channel = ieee80211_get_channel(local->hw.wiphy, freq);
2705 if (!channel || channel->flags & IEEE80211_CHAN_DISABLED)
2708 bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, elems,
2711 ieee80211_rx_bss_put(local, bss);
2712 sdata->vif.bss_conf.beacon_rate = bss->beacon_rate;
2717 static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata,
2718 struct sk_buff *skb)
2720 struct ieee80211_mgmt *mgmt = (void *)skb->data;
2721 struct ieee80211_if_managed *ifmgd;
2722 struct ieee80211_rx_status *rx_status = (void *) skb->cb;
2723 size_t baselen, len = skb->len;
2724 struct ieee802_11_elems elems;
2726 ifmgd = &sdata->u.mgd;
2728 sdata_assert_lock(sdata);
2730 if (!ether_addr_equal(mgmt->da, sdata->vif.addr))
2731 return; /* ignore ProbeResp to foreign address */
2733 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt;
2737 ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen,
2740 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems);
2742 if (ifmgd->associated &&
2743 ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid))
2744 ieee80211_reset_ap_probe(sdata);
2746 if (ifmgd->auth_data && !ifmgd->auth_data->bss->proberesp_ies &&
2747 ether_addr_equal(mgmt->bssid, ifmgd->auth_data->bss->bssid)) {
2748 /* got probe response, continue with auth */
2749 sdata_info(sdata, "direct probe responded\n");
2750 ifmgd->auth_data->tries = 0;
2751 ifmgd->auth_data->timeout = jiffies;
2752 ifmgd->auth_data->timeout_started = true;
2753 run_again(sdata, ifmgd->auth_data->timeout);
2758 * This is the canonical list of information elements we care about,
2759 * the filter code also gives us all changes to the Microsoft OUI
2760 * (00:50:F2) vendor IE which is used for WMM which we need to track.
2762 * We implement beacon filtering in software since that means we can
2763 * avoid processing the frame here and in cfg80211, and userspace
2764 * will not be able to tell whether the hardware supports it or not.
2766 * XXX: This list needs to be dynamic -- userspace needs to be able to
2767 * add items it requires. It also needs to be able to tell us to
2768 * look out for other vendor IEs.
2770 static const u64 care_about_ies =
2771 (1ULL << WLAN_EID_COUNTRY) |
2772 (1ULL << WLAN_EID_ERP_INFO) |
2773 (1ULL << WLAN_EID_CHANNEL_SWITCH) |
2774 (1ULL << WLAN_EID_PWR_CONSTRAINT) |
2775 (1ULL << WLAN_EID_HT_CAPABILITY) |
2776 (1ULL << WLAN_EID_HT_OPERATION);
2778 static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
2779 struct ieee80211_mgmt *mgmt, size_t len,
2780 struct ieee80211_rx_status *rx_status)
2782 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2783 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
2785 struct ieee802_11_elems elems;
2786 struct ieee80211_local *local = sdata->local;
2787 struct ieee80211_chanctx_conf *chanctx_conf;
2788 struct ieee80211_channel *chan;
2789 struct sta_info *sta;
2795 u8 deauth_buf[IEEE80211_DEAUTH_FRAME_LEN];
2797 sdata_assert_lock(sdata);
2799 /* Process beacon from the current BSS */
2800 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
2805 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
2806 if (!chanctx_conf) {
2811 if (rx_status->freq != chanctx_conf->def.chan->center_freq) {
2815 chan = chanctx_conf->def.chan;
2818 if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon &&
2819 ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->bss->bssid)) {
2820 ieee802_11_parse_elems(mgmt->u.beacon.variable,
2821 len - baselen, false, &elems);
2823 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems);
2824 if (elems.tim && !elems.parse_error) {
2825 const struct ieee80211_tim_ie *tim_ie = elems.tim;
2826 ifmgd->dtim_period = tim_ie->dtim_period;
2828 ifmgd->have_beacon = true;
2829 ifmgd->assoc_data->need_beacon = false;
2830 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) {
2831 sdata->vif.bss_conf.sync_tsf =
2832 le64_to_cpu(mgmt->u.beacon.timestamp);
2833 sdata->vif.bss_conf.sync_device_ts =
2834 rx_status->device_timestamp;
2836 sdata->vif.bss_conf.sync_dtim_count =
2837 elems.tim->dtim_count;
2839 sdata->vif.bss_conf.sync_dtim_count = 0;
2841 /* continue assoc process */
2842 ifmgd->assoc_data->timeout = jiffies;
2843 ifmgd->assoc_data->timeout_started = true;
2844 run_again(sdata, ifmgd->assoc_data->timeout);
2848 if (!ifmgd->associated ||
2849 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid))
2851 bssid = ifmgd->associated->bssid;
2853 /* Track average RSSI from the Beacon frames of the current AP */
2854 ifmgd->last_beacon_signal = rx_status->signal;
2855 if (ifmgd->flags & IEEE80211_STA_RESET_SIGNAL_AVE) {
2856 ifmgd->flags &= ~IEEE80211_STA_RESET_SIGNAL_AVE;
2857 ifmgd->ave_beacon_signal = rx_status->signal * 16;
2858 ifmgd->last_cqm_event_signal = 0;
2859 ifmgd->count_beacon_signal = 1;
2860 ifmgd->last_ave_beacon_signal = 0;
2862 ifmgd->ave_beacon_signal =
2863 (IEEE80211_SIGNAL_AVE_WEIGHT * rx_status->signal * 16 +
2864 (16 - IEEE80211_SIGNAL_AVE_WEIGHT) *
2865 ifmgd->ave_beacon_signal) / 16;
2866 ifmgd->count_beacon_signal++;
2869 if (ifmgd->rssi_min_thold != ifmgd->rssi_max_thold &&
2870 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) {
2871 int sig = ifmgd->ave_beacon_signal;
2872 int last_sig = ifmgd->last_ave_beacon_signal;
2875 * if signal crosses either of the boundaries, invoke callback
2876 * with appropriate parameters
2878 if (sig > ifmgd->rssi_max_thold &&
2879 (last_sig <= ifmgd->rssi_min_thold || last_sig == 0)) {
2880 ifmgd->last_ave_beacon_signal = sig;
2881 drv_rssi_callback(local, sdata, RSSI_EVENT_HIGH);
2882 } else if (sig < ifmgd->rssi_min_thold &&
2883 (last_sig >= ifmgd->rssi_max_thold ||
2885 ifmgd->last_ave_beacon_signal = sig;
2886 drv_rssi_callback(local, sdata, RSSI_EVENT_LOW);
2890 if (bss_conf->cqm_rssi_thold &&
2891 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT &&
2892 !(sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI)) {
2893 int sig = ifmgd->ave_beacon_signal / 16;
2894 int last_event = ifmgd->last_cqm_event_signal;
2895 int thold = bss_conf->cqm_rssi_thold;
2896 int hyst = bss_conf->cqm_rssi_hyst;
2898 (last_event == 0 || sig < last_event - hyst)) {
2899 ifmgd->last_cqm_event_signal = sig;
2900 ieee80211_cqm_rssi_notify(
2902 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW,
2904 } else if (sig > thold &&
2905 (last_event == 0 || sig > last_event + hyst)) {
2906 ifmgd->last_cqm_event_signal = sig;
2907 ieee80211_cqm_rssi_notify(
2909 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH,
2914 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) {
2915 mlme_dbg_ratelimited(sdata,
2916 "cancelling AP probe due to a received beacon\n");
2917 ieee80211_reset_ap_probe(sdata);
2921 * Push the beacon loss detection into the future since
2922 * we are processing a beacon from the AP just now.
2924 ieee80211_sta_reset_beacon_monitor(sdata);
2926 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4);
2927 ncrc = ieee802_11_parse_elems_crc(mgmt->u.beacon.variable,
2928 len - baselen, false, &elems,
2929 care_about_ies, ncrc);
2931 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) {
2932 bool directed_tim = ieee80211_check_tim(elems.tim,
2936 if (local->hw.conf.dynamic_ps_timeout > 0) {
2937 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
2938 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
2939 ieee80211_hw_config(local,
2940 IEEE80211_CONF_CHANGE_PS);
2942 ieee80211_send_nullfunc(local, sdata, 0);
2943 } else if (!local->pspolling && sdata->u.mgd.powersave) {
2944 local->pspolling = true;
2947 * Here is assumed that the driver will be
2948 * able to send ps-poll frame and receive a
2949 * response even though power save mode is
2950 * enabled, but some drivers might require
2951 * to disable power save here. This needs
2952 * to be investigated.
2954 ieee80211_send_pspoll(local, sdata);
2959 if (sdata->vif.p2p) {
2960 struct ieee80211_p2p_noa_attr noa = {};
2963 ret = cfg80211_get_p2p_attr(mgmt->u.beacon.variable,
2965 IEEE80211_P2P_ATTR_ABSENCE_NOTICE,
2966 (u8 *) &noa, sizeof(noa));
2968 if (sdata->u.mgd.p2p_noa_index != noa.index) {
2969 /* valid noa_attr and index changed */
2970 sdata->u.mgd.p2p_noa_index = noa.index;
2971 memcpy(&bss_conf->p2p_noa_attr, &noa, sizeof(noa));
2972 changed |= BSS_CHANGED_P2P_PS;
2974 * make sure we update all information, the CRC
2975 * mechanism doesn't look at P2P attributes.
2977 ifmgd->beacon_crc_valid = false;
2979 } else if (sdata->u.mgd.p2p_noa_index != -1) {
2980 /* noa_attr not found and we had valid noa_attr before */
2981 sdata->u.mgd.p2p_noa_index = -1;
2982 memset(&bss_conf->p2p_noa_attr, 0, sizeof(bss_conf->p2p_noa_attr));
2983 changed |= BSS_CHANGED_P2P_PS;
2984 ifmgd->beacon_crc_valid = false;
2988 if (ncrc == ifmgd->beacon_crc && ifmgd->beacon_crc_valid)
2990 ifmgd->beacon_crc = ncrc;
2991 ifmgd->beacon_crc_valid = true;
2993 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems);
2995 ieee80211_sta_process_chanswitch(sdata, rx_status->mactime,
2998 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_WMM) &&
2999 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param,
3000 elems.wmm_param_len))
3001 changed |= BSS_CHANGED_QOS;
3004 * If we haven't had a beacon before, tell the driver about the
3005 * DTIM period (and beacon timing if desired) now.
3007 if (!ifmgd->have_beacon) {
3008 /* a few bogus AP send dtim_period = 0 or no TIM IE */
3010 bss_conf->dtim_period = elems.tim->dtim_period ?: 1;
3012 bss_conf->dtim_period = 1;
3014 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) {
3015 sdata->vif.bss_conf.sync_tsf =
3016 le64_to_cpu(mgmt->u.beacon.timestamp);
3017 sdata->vif.bss_conf.sync_device_ts =
3018 rx_status->device_timestamp;
3020 sdata->vif.bss_conf.sync_dtim_count =
3021 elems.tim->dtim_count;
3023 sdata->vif.bss_conf.sync_dtim_count = 0;
3026 changed |= BSS_CHANGED_BEACON_INFO;
3027 ifmgd->have_beacon = true;
3029 mutex_lock(&local->iflist_mtx);
3030 ieee80211_recalc_ps(local, -1);
3031 mutex_unlock(&local->iflist_mtx);
3033 ieee80211_recalc_ps_vif(sdata);
3036 if (elems.erp_info) {
3038 erp_value = elems.erp_info[0];
3042 changed |= ieee80211_handle_bss_capability(sdata,
3043 le16_to_cpu(mgmt->u.beacon.capab_info),
3044 erp_valid, erp_value);
3046 mutex_lock(&local->sta_mtx);
3047 sta = sta_info_get(sdata, bssid);
3049 if (ieee80211_config_bw(sdata, sta, elems.ht_operation,
3050 elems.vht_operation, bssid, &changed)) {
3051 mutex_unlock(&local->sta_mtx);
3052 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
3053 WLAN_REASON_DEAUTH_LEAVING,
3055 cfg80211_tx_mlme_mgmt(sdata->dev, deauth_buf,
3056 sizeof(deauth_buf));
3060 if (sta && elems.opmode_notif)
3061 ieee80211_vht_handle_opmode(sdata, sta, *elems.opmode_notif,
3062 rx_status->band, true);
3063 mutex_unlock(&local->sta_mtx);
3065 if (elems.country_elem && elems.pwr_constr_elem &&
3066 mgmt->u.probe_resp.capab_info &
3067 cpu_to_le16(WLAN_CAPABILITY_SPECTRUM_MGMT))
3068 changed |= ieee80211_handle_pwr_constr(sdata, chan,
3070 elems.country_elem_len,
3071 elems.pwr_constr_elem);
3073 ieee80211_bss_info_change_notify(sdata, changed);
3076 void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
3077 struct sk_buff *skb)
3079 struct ieee80211_rx_status *rx_status;
3080 struct ieee80211_mgmt *mgmt;
3082 struct ieee802_11_elems elems;
3085 rx_status = (struct ieee80211_rx_status *) skb->cb;
3086 mgmt = (struct ieee80211_mgmt *) skb->data;
3087 fc = le16_to_cpu(mgmt->frame_control);
3091 switch (fc & IEEE80211_FCTL_STYPE) {
3092 case IEEE80211_STYPE_BEACON:
3093 ieee80211_rx_mgmt_beacon(sdata, mgmt, skb->len, rx_status);
3095 case IEEE80211_STYPE_PROBE_RESP:
3096 ieee80211_rx_mgmt_probe_resp(sdata, skb);
3098 case IEEE80211_STYPE_AUTH:
3099 ieee80211_rx_mgmt_auth(sdata, mgmt, skb->len);
3101 case IEEE80211_STYPE_DEAUTH:
3102 ieee80211_rx_mgmt_deauth(sdata, mgmt, skb->len);
3104 case IEEE80211_STYPE_DISASSOC:
3105 ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len);
3107 case IEEE80211_STYPE_ASSOC_RESP:
3108 case IEEE80211_STYPE_REASSOC_RESP:
3109 ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len);
3111 case IEEE80211_STYPE_ACTION:
3112 if (mgmt->u.action.category == WLAN_CATEGORY_SPECTRUM_MGMT) {
3113 ies_len = skb->len -
3114 offsetof(struct ieee80211_mgmt,
3115 u.action.u.chan_switch.variable);
3120 ieee802_11_parse_elems(
3121 mgmt->u.action.u.chan_switch.variable,
3122 ies_len, true, &elems);
3124 if (elems.parse_error)
3127 ieee80211_sta_process_chanswitch(sdata,
3130 } else if (mgmt->u.action.category == WLAN_CATEGORY_PUBLIC) {
3131 ies_len = skb->len -
3132 offsetof(struct ieee80211_mgmt,
3133 u.action.u.ext_chan_switch.variable);
3138 ieee802_11_parse_elems(
3139 mgmt->u.action.u.ext_chan_switch.variable,
3140 ies_len, true, &elems);
3142 if (elems.parse_error)
3145 /* for the handling code pretend this was also an IE */
3146 elems.ext_chansw_ie =
3147 &mgmt->u.action.u.ext_chan_switch.data;
3149 ieee80211_sta_process_chanswitch(sdata,
3155 sdata_unlock(sdata);
3158 static void ieee80211_sta_timer(unsigned long data)
3160 struct ieee80211_sub_if_data *sdata =
3161 (struct ieee80211_sub_if_data *) data;
3163 ieee80211_queue_work(&sdata->local->hw, &sdata->work);
3166 static void ieee80211_sta_connection_lost(struct ieee80211_sub_if_data *sdata,
3167 u8 *bssid, u8 reason, bool tx)
3169 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
3171 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, reason,
3174 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,
3175 IEEE80211_DEAUTH_FRAME_LEN);
3178 static int ieee80211_probe_auth(struct ieee80211_sub_if_data *sdata)
3180 struct ieee80211_local *local = sdata->local;
3181 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3182 struct ieee80211_mgd_auth_data *auth_data = ifmgd->auth_data;
3185 sdata_assert_lock(sdata);
3187 if (WARN_ON_ONCE(!auth_data))
3192 if (auth_data->tries > IEEE80211_AUTH_MAX_TRIES) {
3193 sdata_info(sdata, "authentication with %pM timed out\n",
3194 auth_data->bss->bssid);
3197 * Most likely AP is not in the range so remove the
3198 * bss struct for that AP.
3200 cfg80211_unlink_bss(local->hw.wiphy, auth_data->bss);
3205 drv_mgd_prepare_tx(local, sdata);
3207 if (auth_data->bss->proberesp_ies) {
3211 sdata_info(sdata, "send auth to %pM (try %d/%d)\n",
3212 auth_data->bss->bssid, auth_data->tries,
3213 IEEE80211_AUTH_MAX_TRIES);
3215 auth_data->expected_transaction = 2;
3217 if (auth_data->algorithm == WLAN_AUTH_SAE) {
3218 trans = auth_data->sae_trans;
3219 status = auth_data->sae_status;
3220 auth_data->expected_transaction = trans;
3223 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
3224 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
3225 IEEE80211_TX_INTFL_MLME_CONN_TX;
3227 ieee80211_send_auth(sdata, trans, auth_data->algorithm, status,
3228 auth_data->data, auth_data->data_len,
3229 auth_data->bss->bssid,
3230 auth_data->bss->bssid, NULL, 0, 0,
3235 sdata_info(sdata, "direct probe to %pM (try %d/%i)\n",
3236 auth_data->bss->bssid, auth_data->tries,
3237 IEEE80211_AUTH_MAX_TRIES);
3240 ssidie = ieee80211_bss_get_ie(auth_data->bss, WLAN_EID_SSID);
3246 * Direct probe is sent to broadcast address as some APs
3247 * will not answer to direct packet in unassociated state.
3249 ieee80211_send_probe_req(sdata, NULL, ssidie + 2, ssidie[1],
3250 NULL, 0, (u32) -1, true, 0,
3251 auth_data->bss->channel, false);
3255 if (tx_flags == 0) {
3256 auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
3257 auth_data->timeout_started = true;
3258 run_again(sdata, auth_data->timeout);
3260 auth_data->timeout =
3261 round_jiffies_up(jiffies + IEEE80211_AUTH_TIMEOUT_LONG);
3262 auth_data->timeout_started = true;
3263 run_again(sdata, auth_data->timeout);
3269 static int ieee80211_do_assoc(struct ieee80211_sub_if_data *sdata)
3271 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data;
3272 struct ieee80211_local *local = sdata->local;
3274 sdata_assert_lock(sdata);
3276 assoc_data->tries++;
3277 if (assoc_data->tries > IEEE80211_ASSOC_MAX_TRIES) {
3278 sdata_info(sdata, "association with %pM timed out\n",
3279 assoc_data->bss->bssid);
3282 * Most likely AP is not in the range so remove the
3283 * bss struct for that AP.
3285 cfg80211_unlink_bss(local->hw.wiphy, assoc_data->bss);
3290 sdata_info(sdata, "associate with %pM (try %d/%d)\n",
3291 assoc_data->bss->bssid, assoc_data->tries,
3292 IEEE80211_ASSOC_MAX_TRIES);
3293 ieee80211_send_assoc(sdata);
3295 if (!(local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) {
3296 assoc_data->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT;
3297 assoc_data->timeout_started = true;
3298 run_again(sdata, assoc_data->timeout);
3300 assoc_data->timeout =
3301 round_jiffies_up(jiffies +
3302 IEEE80211_ASSOC_TIMEOUT_LONG);
3303 assoc_data->timeout_started = true;
3304 run_again(sdata, assoc_data->timeout);
3310 void ieee80211_mgd_conn_tx_status(struct ieee80211_sub_if_data *sdata,
3311 __le16 fc, bool acked)
3313 struct ieee80211_local *local = sdata->local;
3315 sdata->u.mgd.status_fc = fc;
3316 sdata->u.mgd.status_acked = acked;
3317 sdata->u.mgd.status_received = true;
3319 ieee80211_queue_work(&local->hw, &sdata->work);
3322 void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata)
3324 struct ieee80211_local *local = sdata->local;
3325 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3329 if (ifmgd->status_received) {
3330 __le16 fc = ifmgd->status_fc;
3331 bool status_acked = ifmgd->status_acked;
3333 ifmgd->status_received = false;
3334 if (ifmgd->auth_data &&
3335 (ieee80211_is_probe_req(fc) || ieee80211_is_auth(fc))) {
3337 ifmgd->auth_data->timeout =
3338 jiffies + IEEE80211_AUTH_TIMEOUT_SHORT;
3339 run_again(sdata, ifmgd->auth_data->timeout);
3341 ifmgd->auth_data->timeout = jiffies - 1;
3343 ifmgd->auth_data->timeout_started = true;
3344 } else if (ifmgd->assoc_data &&
3345 (ieee80211_is_assoc_req(fc) ||
3346 ieee80211_is_reassoc_req(fc))) {
3348 ifmgd->assoc_data->timeout =
3349 jiffies + IEEE80211_ASSOC_TIMEOUT_SHORT;
3350 run_again(sdata, ifmgd->assoc_data->timeout);
3352 ifmgd->assoc_data->timeout = jiffies - 1;
3354 ifmgd->assoc_data->timeout_started = true;
3358 if (ifmgd->auth_data && ifmgd->auth_data->timeout_started &&
3359 time_after(jiffies, ifmgd->auth_data->timeout)) {
3360 if (ifmgd->auth_data->done) {
3362 * ok ... we waited for assoc but userspace didn't,
3363 * so let's just kill the auth data
3365 ieee80211_destroy_auth_data(sdata, false);
3366 } else if (ieee80211_probe_auth(sdata)) {
3369 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN);
3371 ieee80211_destroy_auth_data(sdata, false);
3373 cfg80211_auth_timeout(sdata->dev, bssid);
3375 } else if (ifmgd->auth_data && ifmgd->auth_data->timeout_started)
3376 run_again(sdata, ifmgd->auth_data->timeout);
3378 if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started &&
3379 time_after(jiffies, ifmgd->assoc_data->timeout)) {
3380 if ((ifmgd->assoc_data->need_beacon && !ifmgd->have_beacon) ||
3381 ieee80211_do_assoc(sdata)) {
3382 struct cfg80211_bss *bss = ifmgd->assoc_data->bss;
3384 ieee80211_destroy_assoc_data(sdata, false);
3385 cfg80211_assoc_timeout(sdata->dev, bss);
3387 } else if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started)
3388 run_again(sdata, ifmgd->assoc_data->timeout);
3390 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL &&
3391 ifmgd->associated) {
3395 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN);
3397 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
3398 max_tries = max_nullfunc_tries;
3400 max_tries = max_probe_tries;
3402 /* ACK received for nullfunc probing frame */
3403 if (!ifmgd->probe_send_count)
3404 ieee80211_reset_ap_probe(sdata);
3405 else if (ifmgd->nullfunc_failed) {
3406 if (ifmgd->probe_send_count < max_tries) {
3408 "No ack for nullfunc frame to AP %pM, try %d/%i\n",
3409 bssid, ifmgd->probe_send_count,
3411 ieee80211_mgd_probe_ap_send(sdata);
3414 "No ack for nullfunc frame to AP %pM, disconnecting.\n",
3416 ieee80211_sta_connection_lost(sdata, bssid,
3417 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
3420 } else if (time_is_after_jiffies(ifmgd->probe_timeout))
3421 run_again(sdata, ifmgd->probe_timeout);
3422 else if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) {
3424 "Failed to send nullfunc to AP %pM after %dms, disconnecting\n",
3425 bssid, probe_wait_ms);
3426 ieee80211_sta_connection_lost(sdata, bssid,
3427 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false);
3428 } else if (ifmgd->probe_send_count < max_tries) {
3430 "No probe response from AP %pM after %dms, try %d/%i\n",
3431 bssid, probe_wait_ms,
3432 ifmgd->probe_send_count, max_tries);
3433 ieee80211_mgd_probe_ap_send(sdata);
3436 * We actually lost the connection ... or did we?
3439 wiphy_debug(local->hw.wiphy,
3440 "%s: No probe response from AP %pM"
3441 " after %dms, disconnecting.\n",
3443 bssid, probe_wait_ms);
3445 ieee80211_sta_connection_lost(sdata, bssid,
3446 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false);
3450 sdata_unlock(sdata);
3453 static void ieee80211_sta_bcn_mon_timer(unsigned long data)
3455 struct ieee80211_sub_if_data *sdata =
3456 (struct ieee80211_sub_if_data *) data;
3457 struct ieee80211_local *local = sdata->local;
3459 if (local->quiescing)
3462 sdata->u.mgd.connection_loss = false;
3463 ieee80211_queue_work(&sdata->local->hw,
3464 &sdata->u.mgd.beacon_connection_loss_work);
3467 static void ieee80211_sta_conn_mon_timer(unsigned long data)
3469 struct ieee80211_sub_if_data *sdata =
3470 (struct ieee80211_sub_if_data *) data;
3471 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3472 struct ieee80211_local *local = sdata->local;
3474 if (local->quiescing)
3477 ieee80211_queue_work(&local->hw, &ifmgd->monitor_work);
3480 static void ieee80211_sta_monitor_work(struct work_struct *work)
3482 struct ieee80211_sub_if_data *sdata =
3483 container_of(work, struct ieee80211_sub_if_data,
3484 u.mgd.monitor_work);
3486 ieee80211_mgd_probe_ap(sdata, false);
3489 static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata)
3493 if (sdata->vif.type == NL80211_IFTYPE_STATION) {
3494 __ieee80211_stop_poll(sdata);
3496 /* let's probe the connection once */
3497 flags = sdata->local->hw.flags;
3498 if (!(flags & IEEE80211_HW_CONNECTION_MONITOR))
3499 ieee80211_queue_work(&sdata->local->hw,
3500 &sdata->u.mgd.monitor_work);
3501 /* and do all the other regular work too */
3502 ieee80211_queue_work(&sdata->local->hw, &sdata->work);
3507 void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata)
3509 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3512 if (!ifmgd->associated) {
3513 sdata_unlock(sdata);
3517 if (sdata->flags & IEEE80211_SDATA_DISCONNECT_RESUME) {
3518 sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_RESUME;
3519 mlme_dbg(sdata, "driver requested disconnect after resume\n");
3520 ieee80211_sta_connection_lost(sdata,
3521 ifmgd->associated->bssid,
3522 WLAN_REASON_UNSPECIFIED,
3524 sdata_unlock(sdata);
3527 sdata_unlock(sdata);
3531 /* interface setup */
3532 void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata)
3534 struct ieee80211_if_managed *ifmgd;
3536 ifmgd = &sdata->u.mgd;
3537 INIT_WORK(&ifmgd->monitor_work, ieee80211_sta_monitor_work);
3538 INIT_WORK(&ifmgd->chswitch_work, ieee80211_chswitch_work);
3539 INIT_WORK(&ifmgd->beacon_connection_loss_work,
3540 ieee80211_beacon_connection_loss_work);
3541 INIT_WORK(&ifmgd->csa_connection_drop_work,
3542 ieee80211_csa_connection_drop_work);
3543 INIT_WORK(&ifmgd->request_smps_work, ieee80211_request_smps_mgd_work);
3544 setup_timer(&ifmgd->timer, ieee80211_sta_timer,
3545 (unsigned long) sdata);
3546 setup_timer(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer,
3547 (unsigned long) sdata);
3548 setup_timer(&ifmgd->conn_mon_timer, ieee80211_sta_conn_mon_timer,
3549 (unsigned long) sdata);
3550 setup_timer(&ifmgd->chswitch_timer, ieee80211_chswitch_timer,
3551 (unsigned long) sdata);
3554 ifmgd->powersave = sdata->wdev.ps;
3555 ifmgd->uapsd_queues = sdata->local->hw.uapsd_queues;
3556 ifmgd->uapsd_max_sp_len = sdata->local->hw.uapsd_max_sp_len;
3557 ifmgd->p2p_noa_index = -1;
3559 if (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_SMPS)
3560 ifmgd->req_smps = IEEE80211_SMPS_AUTOMATIC;
3562 ifmgd->req_smps = IEEE80211_SMPS_OFF;
3565 /* scan finished notification */
3566 void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local)
3568 struct ieee80211_sub_if_data *sdata;
3570 /* Restart STA timers */
3572 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
3573 if (ieee80211_sdata_running(sdata))
3574 ieee80211_restart_sta_timer(sdata);
3579 int ieee80211_max_network_latency(struct notifier_block *nb,
3580 unsigned long data, void *dummy)
3582 s32 latency_usec = (s32) data;
3583 struct ieee80211_local *local =
3584 container_of(nb, struct ieee80211_local,
3585 network_latency_notifier);
3587 mutex_lock(&local->iflist_mtx);
3588 ieee80211_recalc_ps(local, latency_usec);
3589 mutex_unlock(&local->iflist_mtx);
3594 static u8 ieee80211_ht_vht_rx_chains(struct ieee80211_sub_if_data *sdata,
3595 struct cfg80211_bss *cbss)
3597 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3598 const u8 *ht_cap_ie, *vht_cap_ie;
3599 const struct ieee80211_ht_cap *ht_cap;
3600 const struct ieee80211_vht_cap *vht_cap;
3603 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT)
3606 ht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY);
3607 if (ht_cap_ie && ht_cap_ie[1] >= sizeof(*ht_cap)) {
3608 ht_cap = (void *)(ht_cap_ie + 2);
3609 chains = ieee80211_mcs_to_chains(&ht_cap->mcs);
3611 * TODO: use "Tx Maximum Number Spatial Streams Supported" and
3612 * "Tx Unequal Modulation Supported" fields.
3616 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT)
3619 vht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY);
3620 if (vht_cap_ie && vht_cap_ie[1] >= sizeof(*vht_cap)) {
3624 vht_cap = (void *)(vht_cap_ie + 2);
3625 tx_mcs_map = le16_to_cpu(vht_cap->supp_mcs.tx_mcs_map);
3626 for (nss = 8; nss > 0; nss--) {
3627 if (((tx_mcs_map >> (2 * (nss - 1))) & 3) !=
3628 IEEE80211_VHT_MCS_NOT_SUPPORTED)
3631 /* TODO: use "Tx Highest Supported Long GI Data Rate" field? */
3632 chains = max(chains, nss);
3638 static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata,
3639 struct cfg80211_bss *cbss)
3641 struct ieee80211_local *local = sdata->local;
3642 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3643 const struct ieee80211_ht_operation *ht_oper = NULL;
3644 const struct ieee80211_vht_operation *vht_oper = NULL;
3645 struct ieee80211_supported_band *sband;
3646 struct cfg80211_chan_def chandef;
3649 sband = local->hw.wiphy->bands[cbss->channel->band];
3651 ifmgd->flags &= ~(IEEE80211_STA_DISABLE_40MHZ |
3652 IEEE80211_STA_DISABLE_80P80MHZ |
3653 IEEE80211_STA_DISABLE_160MHZ);
3657 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
3658 sband->ht_cap.ht_supported) {
3659 const u8 *ht_oper_ie, *ht_cap;
3661 ht_oper_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_OPERATION);
3662 if (ht_oper_ie && ht_oper_ie[1] >= sizeof(*ht_oper))
3663 ht_oper = (void *)(ht_oper_ie + 2);
3665 ht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY);
3666 if (!ht_cap || ht_cap[1] < sizeof(struct ieee80211_ht_cap)) {
3667 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
3672 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) &&
3673 sband->vht_cap.vht_supported) {
3674 const u8 *vht_oper_ie, *vht_cap;
3676 vht_oper_ie = ieee80211_bss_get_ie(cbss,
3677 WLAN_EID_VHT_OPERATION);
3678 if (vht_oper_ie && vht_oper_ie[1] >= sizeof(*vht_oper))
3679 vht_oper = (void *)(vht_oper_ie + 2);
3680 if (vht_oper && !ht_oper) {
3683 "AP advertised VHT without HT, disabling both\n");
3684 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
3685 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
3688 vht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY);
3689 if (!vht_cap || vht_cap[1] < sizeof(struct ieee80211_vht_cap)) {
3690 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
3695 ifmgd->flags |= ieee80211_determine_chantype(sdata, sband,
3700 sdata->needed_rx_chains = min(ieee80211_ht_vht_rx_chains(sdata, cbss),
3705 /* will change later if needed */
3706 sdata->smps_mode = IEEE80211_SMPS_OFF;
3708 mutex_lock(&local->mtx);
3710 * If this fails (possibly due to channel context sharing
3711 * on incompatible channels, e.g. 80+80 and 160 sharing the
3712 * same control channel) try to use a smaller bandwidth.
3714 ret = ieee80211_vif_use_channel(sdata, &chandef,
3715 IEEE80211_CHANCTX_SHARED);
3717 /* don't downgrade for 5 and 10 MHz channels, though. */
3718 if (chandef.width == NL80211_CHAN_WIDTH_5 ||
3719 chandef.width == NL80211_CHAN_WIDTH_10)
3722 while (ret && chandef.width != NL80211_CHAN_WIDTH_20_NOHT) {
3723 ifmgd->flags |= ieee80211_chandef_downgrade(&chandef);
3724 ret = ieee80211_vif_use_channel(sdata, &chandef,
3725 IEEE80211_CHANCTX_SHARED);
3728 mutex_unlock(&local->mtx);
3732 static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata,
3733 struct cfg80211_bss *cbss, bool assoc)
3735 struct ieee80211_local *local = sdata->local;
3736 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3737 struct ieee80211_bss *bss = (void *)cbss->priv;
3738 struct sta_info *new_sta = NULL;
3739 bool have_sta = false;
3742 if (WARN_ON(!ifmgd->auth_data && !ifmgd->assoc_data))
3747 have_sta = sta_info_get(sdata, cbss->bssid);
3752 new_sta = sta_info_alloc(sdata, cbss->bssid, GFP_KERNEL);
3757 u32 rates = 0, basic_rates = 0;
3758 bool have_higher_than_11mbit;
3759 int min_rate = INT_MAX, min_rate_index = -1;
3760 struct ieee80211_chanctx_conf *chanctx_conf;
3761 struct ieee80211_supported_band *sband;
3762 const struct cfg80211_bss_ies *ies;
3766 sband = local->hw.wiphy->bands[cbss->channel->band];
3768 err = ieee80211_prep_channel(sdata, cbss);
3770 sta_info_free(local, new_sta);
3773 shift = ieee80211_vif_get_shift(&sdata->vif);
3776 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
3777 if (WARN_ON(!chanctx_conf)) {
3779 sta_info_free(local, new_sta);
3782 rate_flags = ieee80211_chandef_rate_flags(&chanctx_conf->def);
3785 ieee80211_get_rates(sband, bss->supp_rates,
3786 bss->supp_rates_len,
3787 &rates, &basic_rates,
3788 &have_higher_than_11mbit,
3789 &min_rate, &min_rate_index,
3793 * This used to be a workaround for basic rates missing
3794 * in the association response frame. Now that we no
3795 * longer use the basic rates from there, it probably
3796 * doesn't happen any more, but keep the workaround so
3797 * in case some *other* APs are buggy in different ways
3798 * we can connect -- with a warning.
3800 if (!basic_rates && min_rate_index >= 0) {
3802 "No basic rates, using min rate instead\n");
3803 basic_rates = BIT(min_rate_index);
3806 new_sta->sta.supp_rates[cbss->channel->band] = rates;
3807 sdata->vif.bss_conf.basic_rates = basic_rates;
3809 /* cf. IEEE 802.11 9.2.12 */
3810 if (cbss->channel->band == IEEE80211_BAND_2GHZ &&
3811 have_higher_than_11mbit)
3812 sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE;
3814 sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE;
3816 memcpy(ifmgd->bssid, cbss->bssid, ETH_ALEN);
3818 /* set timing information */
3819 sdata->vif.bss_conf.beacon_int = cbss->beacon_interval;
3821 ies = rcu_dereference(cbss->beacon_ies);
3825 sdata->vif.bss_conf.sync_tsf = ies->tsf;
3826 sdata->vif.bss_conf.sync_device_ts =
3827 bss->device_ts_beacon;
3828 tim_ie = cfg80211_find_ie(WLAN_EID_TIM,
3829 ies->data, ies->len);
3830 if (tim_ie && tim_ie[1] >= 2)
3831 sdata->vif.bss_conf.sync_dtim_count = tim_ie[2];
3833 sdata->vif.bss_conf.sync_dtim_count = 0;
3834 } else if (!(local->hw.flags &
3835 IEEE80211_HW_TIMING_BEACON_ONLY)) {
3836 ies = rcu_dereference(cbss->proberesp_ies);
3837 /* must be non-NULL since beacon IEs were NULL */
3838 sdata->vif.bss_conf.sync_tsf = ies->tsf;
3839 sdata->vif.bss_conf.sync_device_ts =
3840 bss->device_ts_presp;
3841 sdata->vif.bss_conf.sync_dtim_count = 0;
3843 sdata->vif.bss_conf.sync_tsf = 0;
3844 sdata->vif.bss_conf.sync_device_ts = 0;
3845 sdata->vif.bss_conf.sync_dtim_count = 0;
3849 /* tell driver about BSSID, basic rates and timing */
3850 ieee80211_bss_info_change_notify(sdata,
3851 BSS_CHANGED_BSSID | BSS_CHANGED_BASIC_RATES |
3852 BSS_CHANGED_BEACON_INT);
3855 sta_info_pre_move_state(new_sta, IEEE80211_STA_AUTH);
3857 err = sta_info_insert(new_sta);
3861 "failed to insert STA entry for the AP (error %d)\n",
3866 WARN_ON_ONCE(!ether_addr_equal(ifmgd->bssid, cbss->bssid));
3872 int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata,
3873 struct cfg80211_auth_request *req)
3875 struct ieee80211_local *local = sdata->local;
3876 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3877 struct ieee80211_mgd_auth_data *auth_data;
3881 /* prepare auth data structure */
3883 switch (req->auth_type) {
3884 case NL80211_AUTHTYPE_OPEN_SYSTEM:
3885 auth_alg = WLAN_AUTH_OPEN;
3887 case NL80211_AUTHTYPE_SHARED_KEY:
3888 if (IS_ERR(local->wep_tx_tfm))
3890 auth_alg = WLAN_AUTH_SHARED_KEY;
3892 case NL80211_AUTHTYPE_FT:
3893 auth_alg = WLAN_AUTH_FT;
3895 case NL80211_AUTHTYPE_NETWORK_EAP:
3896 auth_alg = WLAN_AUTH_LEAP;
3898 case NL80211_AUTHTYPE_SAE:
3899 auth_alg = WLAN_AUTH_SAE;
3905 auth_data = kzalloc(sizeof(*auth_data) + req->sae_data_len +
3906 req->ie_len, GFP_KERNEL);
3910 auth_data->bss = req->bss;
3912 if (req->sae_data_len >= 4) {
3913 __le16 *pos = (__le16 *) req->sae_data;
3914 auth_data->sae_trans = le16_to_cpu(pos[0]);
3915 auth_data->sae_status = le16_to_cpu(pos[1]);
3916 memcpy(auth_data->data, req->sae_data + 4,
3917 req->sae_data_len - 4);
3918 auth_data->data_len += req->sae_data_len - 4;
3921 if (req->ie && req->ie_len) {
3922 memcpy(&auth_data->data[auth_data->data_len],
3923 req->ie, req->ie_len);
3924 auth_data->data_len += req->ie_len;
3927 if (req->key && req->key_len) {
3928 auth_data->key_len = req->key_len;
3929 auth_data->key_idx = req->key_idx;
3930 memcpy(auth_data->key, req->key, req->key_len);
3933 auth_data->algorithm = auth_alg;
3935 /* try to authenticate/probe */
3937 if ((ifmgd->auth_data && !ifmgd->auth_data->done) ||
3938 ifmgd->assoc_data) {
3943 if (ifmgd->auth_data)
3944 ieee80211_destroy_auth_data(sdata, false);
3946 /* prep auth_data so we don't go into idle on disassoc */
3947 ifmgd->auth_data = auth_data;
3949 if (ifmgd->associated) {
3950 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
3952 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
3953 WLAN_REASON_UNSPECIFIED,
3956 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,
3960 sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid);
3962 err = ieee80211_prep_connection(sdata, req->bss, false);
3966 err = ieee80211_probe_auth(sdata);
3968 sta_info_destroy_addr(sdata, req->bss->bssid);
3972 /* hold our own reference */
3973 cfg80211_ref_bss(local->hw.wiphy, auth_data->bss);
3977 memset(ifmgd->bssid, 0, ETH_ALEN);
3978 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
3979 ifmgd->auth_data = NULL;
3985 static bool ieee80211_usable_wmm_params(struct ieee80211_sub_if_data *sdata,
3986 const u8 *wmm_param, int len)
3994 if (wmm_param[5] != 1 /* version */)
3997 pos = wmm_param + 8;
4000 for (; left >= 4; left -= 4, pos += 4) {
4001 u8 aifsn = pos[0] & 0x0f;
4002 u8 ecwmin = pos[1] & 0x0f;
4003 u8 ecwmax = (pos[1] & 0xf0) >> 4;
4004 int aci = (pos[0] >> 5) & 0x03;
4008 "AP has invalid WMM params (AIFSN=%d for ACI %d), disabling WMM\n",
4012 if (ecwmin > ecwmax) {
4014 "AP has invalid WMM params (ECWmin/max=%d/%d for ACI %d), disabling WMM\n",
4015 ecwmin, ecwmax, aci);
4023 int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
4024 struct cfg80211_assoc_request *req)
4026 struct ieee80211_local *local = sdata->local;
4027 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4028 struct ieee80211_bss *bss = (void *)req->bss->priv;
4029 struct ieee80211_mgd_assoc_data *assoc_data;
4030 const struct cfg80211_bss_ies *beacon_ies;
4031 struct ieee80211_supported_band *sband;
4032 const u8 *ssidie, *ht_ie, *vht_ie;
4035 assoc_data = kzalloc(sizeof(*assoc_data) + req->ie_len, GFP_KERNEL);
4040 ssidie = ieee80211_bss_get_ie(req->bss, WLAN_EID_SSID);
4046 memcpy(assoc_data->ssid, ssidie + 2, ssidie[1]);
4047 assoc_data->ssid_len = ssidie[1];
4050 if (ifmgd->associated) {
4051 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
4053 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
4054 WLAN_REASON_UNSPECIFIED,
4057 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,
4061 if (ifmgd->auth_data && !ifmgd->auth_data->done) {
4066 if (ifmgd->assoc_data) {
4071 if (ifmgd->auth_data) {
4074 /* keep sta info, bssid if matching */
4075 match = ether_addr_equal(ifmgd->bssid, req->bss->bssid);
4076 ieee80211_destroy_auth_data(sdata, match);
4079 /* prepare assoc data */
4081 ifmgd->beacon_crc_valid = false;
4083 assoc_data->wmm = bss->wmm_used &&
4084 (local->hw.queues >= IEEE80211_NUM_ACS);
4085 if (assoc_data->wmm) {
4086 /* try to check validity of WMM params IE */
4087 const struct cfg80211_bss_ies *ies;
4088 const u8 *wp, *start, *end;
4091 ies = rcu_dereference(req->bss->ies);
4093 end = start + ies->len;
4096 wp = cfg80211_find_vendor_ie(
4098 WLAN_OUI_TYPE_MICROSOFT_WMM,
4099 start, end - start);
4102 start = wp + wp[1] + 2;
4103 /* if this IE is too short, try the next */
4106 /* if this IE is WMM params, we found what we wanted */
4111 if (!wp || !ieee80211_usable_wmm_params(sdata, wp + 2,
4113 assoc_data->wmm = false;
4114 ifmgd->flags |= IEEE80211_STA_DISABLE_WMM;
4120 * IEEE802.11n does not allow TKIP/WEP as pairwise ciphers in HT mode.
4121 * We still associate in non-HT mode (11a/b/g) if any one of these
4122 * ciphers is configured as pairwise.
4123 * We can set this to true for non-11n hardware, that'll be checked
4124 * separately along with the peer capabilities.
4126 for (i = 0; i < req->crypto.n_ciphers_pairwise; i++) {
4127 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 ||
4128 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP ||
4129 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) {
4130 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4131 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4132 netdev_info(sdata->dev,
4133 "disabling HT/VHT due to WEP/TKIP use\n");
4137 if (req->flags & ASSOC_REQ_DISABLE_HT) {
4138 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4139 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4142 if (req->flags & ASSOC_REQ_DISABLE_VHT)
4143 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4145 /* Also disable HT if we don't support it or the AP doesn't use WMM */
4146 sband = local->hw.wiphy->bands[req->bss->channel->band];
4147 if (!sband->ht_cap.ht_supported ||
4148 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used ||
4149 ifmgd->flags & IEEE80211_STA_DISABLE_WMM) {
4150 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4151 if (!bss->wmm_used &&
4152 !(ifmgd->flags & IEEE80211_STA_DISABLE_WMM))
4153 netdev_info(sdata->dev,
4154 "disabling HT as WMM/QoS is not supported by the AP\n");
4157 /* disable VHT if we don't support it or the AP doesn't use WMM */
4158 if (!sband->vht_cap.vht_supported ||
4159 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used ||
4160 ifmgd->flags & IEEE80211_STA_DISABLE_WMM) {
4161 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4162 if (!bss->wmm_used &&
4163 !(ifmgd->flags & IEEE80211_STA_DISABLE_WMM))
4164 netdev_info(sdata->dev,
4165 "disabling VHT as WMM/QoS is not supported by the AP\n");
4168 memcpy(&ifmgd->ht_capa, &req->ht_capa, sizeof(ifmgd->ht_capa));
4169 memcpy(&ifmgd->ht_capa_mask, &req->ht_capa_mask,
4170 sizeof(ifmgd->ht_capa_mask));
4172 memcpy(&ifmgd->vht_capa, &req->vht_capa, sizeof(ifmgd->vht_capa));
4173 memcpy(&ifmgd->vht_capa_mask, &req->vht_capa_mask,
4174 sizeof(ifmgd->vht_capa_mask));
4176 if (req->ie && req->ie_len) {
4177 memcpy(assoc_data->ie, req->ie, req->ie_len);
4178 assoc_data->ie_len = req->ie_len;
4181 assoc_data->bss = req->bss;
4183 if (ifmgd->req_smps == IEEE80211_SMPS_AUTOMATIC) {
4184 if (ifmgd->powersave)
4185 sdata->smps_mode = IEEE80211_SMPS_DYNAMIC;
4187 sdata->smps_mode = IEEE80211_SMPS_OFF;
4189 sdata->smps_mode = ifmgd->req_smps;
4191 assoc_data->capability = req->bss->capability;
4192 assoc_data->supp_rates = bss->supp_rates;
4193 assoc_data->supp_rates_len = bss->supp_rates_len;
4196 ht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_HT_OPERATION);
4197 if (ht_ie && ht_ie[1] >= sizeof(struct ieee80211_ht_operation))
4198 assoc_data->ap_ht_param =
4199 ((struct ieee80211_ht_operation *)(ht_ie + 2))->ht_param;
4201 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4202 vht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_VHT_CAPABILITY);
4203 if (vht_ie && vht_ie[1] >= sizeof(struct ieee80211_vht_cap))
4204 memcpy(&assoc_data->ap_vht_cap, vht_ie + 2,
4205 sizeof(struct ieee80211_vht_cap));
4207 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4210 if (bss->wmm_used && bss->uapsd_supported &&
4211 (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD) &&
4212 sdata->wmm_acm != 0xff) {
4213 assoc_data->uapsd = true;
4214 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED;
4216 assoc_data->uapsd = false;
4217 ifmgd->flags &= ~IEEE80211_STA_UAPSD_ENABLED;
4220 if (req->prev_bssid)
4221 memcpy(assoc_data->prev_bssid, req->prev_bssid, ETH_ALEN);
4224 ifmgd->mfp = IEEE80211_MFP_REQUIRED;
4225 ifmgd->flags |= IEEE80211_STA_MFP_ENABLED;
4227 ifmgd->mfp = IEEE80211_MFP_DISABLED;
4228 ifmgd->flags &= ~IEEE80211_STA_MFP_ENABLED;
4231 if (req->crypto.control_port)
4232 ifmgd->flags |= IEEE80211_STA_CONTROL_PORT;
4234 ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT;
4236 sdata->control_port_protocol = req->crypto.control_port_ethertype;
4237 sdata->control_port_no_encrypt = req->crypto.control_port_no_encrypt;
4238 sdata->encrypt_headroom = ieee80211_cs_headroom(local, &req->crypto,
4241 /* kick off associate process */
4243 ifmgd->assoc_data = assoc_data;
4244 ifmgd->dtim_period = 0;
4245 ifmgd->have_beacon = false;
4247 err = ieee80211_prep_connection(sdata, req->bss, true);
4252 beacon_ies = rcu_dereference(req->bss->beacon_ies);
4254 if (sdata->local->hw.flags & IEEE80211_HW_NEED_DTIM_BEFORE_ASSOC &&
4257 * Wait up to one beacon interval ...
4258 * should this be more if we miss one?
4260 sdata_info(sdata, "waiting for beacon from %pM\n",
4262 assoc_data->timeout = TU_TO_EXP_TIME(req->bss->beacon_interval);
4263 assoc_data->timeout_started = true;
4264 assoc_data->need_beacon = true;
4265 } else if (beacon_ies) {
4266 const u8 *tim_ie = cfg80211_find_ie(WLAN_EID_TIM,
4271 if (tim_ie && tim_ie[1] >= sizeof(struct ieee80211_tim_ie)) {
4272 const struct ieee80211_tim_ie *tim;
4273 tim = (void *)(tim_ie + 2);
4274 ifmgd->dtim_period = tim->dtim_period;
4275 dtim_count = tim->dtim_count;
4277 ifmgd->have_beacon = true;
4278 assoc_data->timeout = jiffies;
4279 assoc_data->timeout_started = true;
4281 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) {
4282 sdata->vif.bss_conf.sync_tsf = beacon_ies->tsf;
4283 sdata->vif.bss_conf.sync_device_ts =
4284 bss->device_ts_beacon;
4285 sdata->vif.bss_conf.sync_dtim_count = dtim_count;
4288 assoc_data->timeout = jiffies;
4289 assoc_data->timeout_started = true;
4293 run_again(sdata, assoc_data->timeout);
4295 if (bss->corrupt_data) {
4296 char *corrupt_type = "data";
4297 if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_BEACON) {
4298 if (bss->corrupt_data &
4299 IEEE80211_BSS_CORRUPT_PROBE_RESP)
4300 corrupt_type = "beacon and probe response";
4302 corrupt_type = "beacon";
4303 } else if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP)
4304 corrupt_type = "probe response";
4305 sdata_info(sdata, "associating with AP with corrupt %s\n",
4311 memset(ifmgd->bssid, 0, ETH_ALEN);
4312 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
4313 ifmgd->assoc_data = NULL;
4319 int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
4320 struct cfg80211_deauth_request *req)
4322 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4323 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
4324 bool tx = !req->local_state_change;
4325 bool report_frame = false;
4328 "deauthenticating from %pM by local choice (reason=%d)\n",
4329 req->bssid, req->reason_code);
4331 if (ifmgd->auth_data) {
4332 drv_mgd_prepare_tx(sdata->local, sdata);
4333 ieee80211_send_deauth_disassoc(sdata, req->bssid,
4334 IEEE80211_STYPE_DEAUTH,
4335 req->reason_code, tx,
4337 ieee80211_destroy_auth_data(sdata, false);
4339 report_frame = true;
4343 if (ifmgd->associated &&
4344 ether_addr_equal(ifmgd->associated->bssid, req->bssid)) {
4345 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
4346 req->reason_code, tx, frame_buf);
4347 report_frame = true;
4352 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,
4353 IEEE80211_DEAUTH_FRAME_LEN);
4358 int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata,
4359 struct cfg80211_disassoc_request *req)
4361 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4363 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
4366 * cfg80211 should catch this ... but it's racy since
4367 * we can receive a disassoc frame, process it, hand it
4368 * to cfg80211 while that's in a locked section already
4369 * trying to tell us that the user wants to disconnect.
4371 if (ifmgd->associated != req->bss)
4375 "disassociating from %pM by local choice (reason=%d)\n",
4376 req->bss->bssid, req->reason_code);
4378 memcpy(bssid, req->bss->bssid, ETH_ALEN);
4379 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DISASSOC,
4380 req->reason_code, !req->local_state_change,
4383 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,
4384 IEEE80211_DEAUTH_FRAME_LEN);
4389 void ieee80211_mgd_stop(struct ieee80211_sub_if_data *sdata)
4391 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4394 * Make sure some work items will not run after this,
4395 * they will not do anything but might not have been
4396 * cancelled when disconnecting.
4398 cancel_work_sync(&ifmgd->monitor_work);
4399 cancel_work_sync(&ifmgd->beacon_connection_loss_work);
4400 cancel_work_sync(&ifmgd->request_smps_work);
4401 cancel_work_sync(&ifmgd->csa_connection_drop_work);
4402 cancel_work_sync(&ifmgd->chswitch_work);
4405 if (ifmgd->assoc_data) {
4406 struct cfg80211_bss *bss = ifmgd->assoc_data->bss;
4407 ieee80211_destroy_assoc_data(sdata, false);
4408 cfg80211_assoc_timeout(sdata->dev, bss);
4410 if (ifmgd->auth_data)
4411 ieee80211_destroy_auth_data(sdata, false);
4412 del_timer_sync(&ifmgd->timer);
4413 sdata_unlock(sdata);
4416 void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif,
4417 enum nl80211_cqm_rssi_threshold_event rssi_event,
4420 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
4422 trace_api_cqm_rssi_notify(sdata, rssi_event);
4424 cfg80211_cqm_rssi_notify(sdata->dev, rssi_event, gfp);
4426 EXPORT_SYMBOL(ieee80211_cqm_rssi_notify);
projects / ~andy / linux / blob