1/* 2 * mac80211 TDLS handling code 3 * 4 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net> 5 * Copyright 2014, Intel Corporation 6 * Copyright 2014 Intel Mobile Communications GmbH 7 * Copyright 2015 Intel Deutschland GmbH 8 * 9 * This file is GPLv2 as found in COPYING. 10 */ 11 12#include <linux/ieee80211.h> 13#include <linux/log2.h> 14#include <net/cfg80211.h> 15#include <linux/rtnetlink.h> 16#include "ieee80211_i.h" 17#include "driver-ops.h" 18 19/* give usermode some time for retries in setting up the TDLS session */ 20#define TDLS_PEER_SETUP_TIMEOUT (15 * HZ) 21 22void ieee80211_tdls_peer_del_work(struct work_struct *wk) 23{ 24 struct ieee80211_sub_if_data *sdata; 25 struct ieee80211_local *local; 26 27 sdata = container_of(wk, struct ieee80211_sub_if_data, 28 u.mgd.tdls_peer_del_work.work); 29 local = sdata->local; 30 31 mutex_lock(&local->mtx); 32 if (!is_zero_ether_addr(sdata->u.mgd.tdls_peer)) { 33 tdls_dbg(sdata, "TDLS del peer %pM\n", sdata->u.mgd.tdls_peer); 34 sta_info_destroy_addr(sdata, sdata->u.mgd.tdls_peer); 35 eth_zero_addr(sdata->u.mgd.tdls_peer); 36 } 37 mutex_unlock(&local->mtx); 38} 39 40static void ieee80211_tdls_add_ext_capab(struct ieee80211_sub_if_data *sdata, 41 struct sk_buff *skb) 42{ 43 struct ieee80211_local *local = sdata->local; 44 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 45 bool chan_switch = local->hw.wiphy->features & 46 NL80211_FEATURE_TDLS_CHANNEL_SWITCH; 47 bool wider_band = ieee80211_hw_check(&local->hw, TDLS_WIDER_BW) && 48 !ifmgd->tdls_wider_bw_prohibited; 49 enum ieee80211_band band = ieee80211_get_sdata_band(sdata); 50 struct ieee80211_supported_band *sband = local->hw.wiphy->bands[band]; 51 bool vht = sband && sband->vht_cap.vht_supported; 52 u8 *pos = (void *)skb_put(skb, 10); 53 54 *pos++ = WLAN_EID_EXT_CAPABILITY; 55 *pos++ = 8; /* len */ 56 *pos++ = 0x0; 57 *pos++ = 0x0; 58 *pos++ = 0x0; 59 *pos++ = chan_switch ? WLAN_EXT_CAPA4_TDLS_CHAN_SWITCH : 0; 60 *pos++ = WLAN_EXT_CAPA5_TDLS_ENABLED; 61 *pos++ = 0; 62 *pos++ = 0; 63 *pos++ = (vht && wider_band) ? WLAN_EXT_CAPA8_TDLS_WIDE_BW_ENABLED : 0; 64} 65 66static u8 67ieee80211_tdls_add_subband(struct ieee80211_sub_if_data *sdata, 68 struct sk_buff *skb, u16 start, u16 end, 69 u16 spacing) 70{ 71 u8 subband_cnt = 0, ch_cnt = 0; 72 struct ieee80211_channel *ch; 73 struct cfg80211_chan_def chandef; 74 int i, subband_start; 75 struct wiphy *wiphy = sdata->local->hw.wiphy; 76 77 for (i = start; i <= end; i += spacing) { 78 if (!ch_cnt) 79 subband_start = i; 80 81 ch = ieee80211_get_channel(sdata->local->hw.wiphy, i); 82 if (ch) { 83 /* we will be active on the channel */ 84 cfg80211_chandef_create(&chandef, ch, 85 NL80211_CHAN_NO_HT); 86 if (cfg80211_reg_can_beacon_relax(wiphy, &chandef, 87 sdata->wdev.iftype)) { 88 ch_cnt++; 89 /* 90 * check if the next channel is also part of 91 * this allowed range 92 */ 93 continue; 94 } 95 } 96 97 /* 98 * we've reached the end of a range, with allowed channels 99 * found 100 */ 101 if (ch_cnt) { 102 u8 *pos = skb_put(skb, 2); 103 *pos++ = ieee80211_frequency_to_channel(subband_start); 104 *pos++ = ch_cnt; 105 106 subband_cnt++; 107 ch_cnt = 0; 108 } 109 } 110 111 /* all channels in the requested range are allowed - add them here */ 112 if (ch_cnt) { 113 u8 *pos = skb_put(skb, 2); 114 *pos++ = ieee80211_frequency_to_channel(subband_start); 115 *pos++ = ch_cnt; 116 117 subband_cnt++; 118 } 119 120 return subband_cnt; 121} 122 123static void 124ieee80211_tdls_add_supp_channels(struct ieee80211_sub_if_data *sdata, 125 struct sk_buff *skb) 126{ 127 /* 128 * Add possible channels for TDLS. These are channels that are allowed 129 * to be active. 130 */ 131 u8 subband_cnt; 132 u8 *pos = skb_put(skb, 2); 133 134 *pos++ = WLAN_EID_SUPPORTED_CHANNELS; 135 136 /* 137 * 5GHz and 2GHz channels numbers can overlap. Ignore this for now, as 138 * this doesn't happen in real world scenarios. 139 */ 140 141 /* 2GHz, with 5MHz spacing */ 142 subband_cnt = ieee80211_tdls_add_subband(sdata, skb, 2412, 2472, 5); 143 144 /* 5GHz, with 20MHz spacing */ 145 subband_cnt += ieee80211_tdls_add_subband(sdata, skb, 5000, 5825, 20); 146 147 /* length */ 148 *pos = 2 * subband_cnt; 149} 150 151static void ieee80211_tdls_add_oper_classes(struct ieee80211_sub_if_data *sdata, 152 struct sk_buff *skb) 153{ 154 u8 *pos; 155 u8 op_class; 156 157 if (!ieee80211_chandef_to_operating_class(&sdata->vif.bss_conf.chandef, 158 &op_class)) 159 return; 160 161 pos = skb_put(skb, 4); 162 *pos++ = WLAN_EID_SUPPORTED_REGULATORY_CLASSES; 163 *pos++ = 2; /* len */ 164 165 *pos++ = op_class; 166 *pos++ = op_class; /* give current operating class as alternate too */ 167} 168 169static void ieee80211_tdls_add_bss_coex_ie(struct sk_buff *skb) 170{ 171 u8 *pos = (void *)skb_put(skb, 3); 172 173 *pos++ = WLAN_EID_BSS_COEX_2040; 174 *pos++ = 1; /* len */ 175 176 *pos++ = WLAN_BSS_COEX_INFORMATION_REQUEST; 177} 178 179static u16 ieee80211_get_tdls_sta_capab(struct ieee80211_sub_if_data *sdata, 180 u16 status_code) 181{ 182 /* The capability will be 0 when sending a failure code */ 183 if (status_code != 0) 184 return 0; 185 186 if (ieee80211_get_sdata_band(sdata) == IEEE80211_BAND_2GHZ) { 187 return WLAN_CAPABILITY_SHORT_SLOT_TIME | 188 WLAN_CAPABILITY_SHORT_PREAMBLE; 189 } 190 191 return 0; 192} 193 194static void ieee80211_tdls_add_link_ie(struct ieee80211_sub_if_data *sdata, 195 struct sk_buff *skb, const u8 *peer, 196 bool initiator) 197{ 198 struct ieee80211_tdls_lnkie *lnkid; 199 const u8 *init_addr, *rsp_addr; 200 201 if (initiator) { 202 init_addr = sdata->vif.addr; 203 rsp_addr = peer; 204 } else { 205 init_addr = peer; 206 rsp_addr = sdata->vif.addr; 207 } 208 209 lnkid = (void *)skb_put(skb, sizeof(struct ieee80211_tdls_lnkie)); 210 211 lnkid->ie_type = WLAN_EID_LINK_ID; 212 lnkid->ie_len = sizeof(struct ieee80211_tdls_lnkie) - 2; 213 214 memcpy(lnkid->bssid, sdata->u.mgd.bssid, ETH_ALEN); 215 memcpy(lnkid->init_sta, init_addr, ETH_ALEN); 216 memcpy(lnkid->resp_sta, rsp_addr, ETH_ALEN); 217} 218 219static void 220ieee80211_tdls_add_aid(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb) 221{ 222 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 223 u8 *pos = (void *)skb_put(skb, 4); 224 225 *pos++ = WLAN_EID_AID; 226 *pos++ = 2; /* len */ 227 put_unaligned_le16(ifmgd->aid, pos); 228} 229 230/* translate numbering in the WMM parameter IE to the mac80211 notation */ 231static enum ieee80211_ac_numbers ieee80211_ac_from_wmm(int ac) 232{ 233 switch (ac) { 234 default: 235 WARN_ON_ONCE(1); 236 case 0: 237 return IEEE80211_AC_BE; 238 case 1: 239 return IEEE80211_AC_BK; 240 case 2: 241 return IEEE80211_AC_VI; 242 case 3: 243 return IEEE80211_AC_VO; 244 } 245} 246 247static u8 ieee80211_wmm_aci_aifsn(int aifsn, bool acm, int aci) 248{ 249 u8 ret; 250 251 ret = aifsn & 0x0f; 252 if (acm) 253 ret |= 0x10; 254 ret |= (aci << 5) & 0x60; 255 return ret; 256} 257 258static u8 ieee80211_wmm_ecw(u16 cw_min, u16 cw_max) 259{ 260 return ((ilog2(cw_min + 1) << 0x0) & 0x0f) | 261 ((ilog2(cw_max + 1) << 0x4) & 0xf0); 262} 263 264static void ieee80211_tdls_add_wmm_param_ie(struct ieee80211_sub_if_data *sdata, 265 struct sk_buff *skb) 266{ 267 struct ieee80211_wmm_param_ie *wmm; 268 struct ieee80211_tx_queue_params *txq; 269 int i; 270 271 wmm = (void *)skb_put(skb, sizeof(*wmm)); 272 memset(wmm, 0, sizeof(*wmm)); 273 274 wmm->element_id = WLAN_EID_VENDOR_SPECIFIC; 275 wmm->len = sizeof(*wmm) - 2; 276 277 wmm->oui[0] = 0x00; /* Microsoft OUI 00:50:F2 */ 278 wmm->oui[1] = 0x50; 279 wmm->oui[2] = 0xf2; 280 wmm->oui_type = 2; /* WME */ 281 wmm->oui_subtype = 1; /* WME param */ 282 wmm->version = 1; /* WME ver */ 283 wmm->qos_info = 0; /* U-APSD not in use */ 284 285 /* 286 * Use the EDCA parameters defined for the BSS, or default if the AP 287 * doesn't support it, as mandated by 802.11-2012 section 10.22.4 288 */ 289 for (i = 0; i < IEEE80211_NUM_ACS; i++) { 290 txq = &sdata->tx_conf[ieee80211_ac_from_wmm(i)]; 291 wmm->ac[i].aci_aifsn = ieee80211_wmm_aci_aifsn(txq->aifs, 292 txq->acm, i); 293 wmm->ac[i].cw = ieee80211_wmm_ecw(txq->cw_min, txq->cw_max); 294 wmm->ac[i].txop_limit = cpu_to_le16(txq->txop); 295 } 296} 297 298static void 299ieee80211_tdls_chandef_vht_upgrade(struct ieee80211_sub_if_data *sdata, 300 struct sta_info *sta) 301{ 302 /* IEEE802.11ac-2013 Table E-4 */ 303 u16 centers_80mhz[] = { 5210, 5290, 5530, 5610, 5690, 5775 }; 304 struct cfg80211_chan_def uc = sta->tdls_chandef; 305 enum nl80211_chan_width max_width = ieee80211_get_sta_bw(&sta->sta); 306 int i; 307 308 /* only support upgrading non-narrow channels up to 80Mhz */ 309 if (max_width == NL80211_CHAN_WIDTH_5 || 310 max_width == NL80211_CHAN_WIDTH_10) 311 return; 312 313 if (max_width > NL80211_CHAN_WIDTH_80) 314 max_width = NL80211_CHAN_WIDTH_80; 315 316 if (uc.width == max_width) 317 return; 318 /* 319 * Channel usage constrains in the IEEE802.11ac-2013 specification only 320 * allow expanding a 20MHz channel to 80MHz in a single way. In 321 * addition, there are no 40MHz allowed channels that are not part of 322 * the allowed 80MHz range in the 5GHz spectrum (the relevant one here). 323 */ 324 for (i = 0; i < ARRAY_SIZE(centers_80mhz); i++) 325 if (abs(uc.chan->center_freq - centers_80mhz[i]) <= 30) { 326 uc.center_freq1 = centers_80mhz[i]; 327 uc.width = NL80211_CHAN_WIDTH_80; 328 break; 329 } 330 331 if (!uc.center_freq1) 332 return; 333 334 /* proceed to downgrade the chandef until usable or the same */ 335 while (uc.width > max_width && 336 !cfg80211_reg_can_beacon_relax(sdata->local->hw.wiphy, &uc, 337 sdata->wdev.iftype)) 338 ieee80211_chandef_downgrade(&uc); 339 340 if (!cfg80211_chandef_identical(&uc, &sta->tdls_chandef)) { 341 tdls_dbg(sdata, "TDLS ch width upgraded %d -> %d\n", 342 sta->tdls_chandef.width, uc.width); 343 344 /* 345 * the station is not yet authorized when BW upgrade is done, 346 * locking is not required 347 */ 348 sta->tdls_chandef = uc; 349 } 350} 351 352static void 353ieee80211_tdls_add_setup_start_ies(struct ieee80211_sub_if_data *sdata, 354 struct sk_buff *skb, const u8 *peer, 355 u8 action_code, bool initiator, 356 const u8 *extra_ies, size_t extra_ies_len) 357{ 358 enum ieee80211_band band = ieee80211_get_sdata_band(sdata); 359 struct ieee80211_local *local = sdata->local; 360 struct ieee80211_supported_band *sband; 361 struct ieee80211_sta_ht_cap ht_cap; 362 struct ieee80211_sta_vht_cap vht_cap; 363 struct sta_info *sta = NULL; 364 size_t offset = 0, noffset; 365 u8 *pos; 366 367 ieee80211_add_srates_ie(sdata, skb, false, band); 368 ieee80211_add_ext_srates_ie(sdata, skb, false, band); 369 ieee80211_tdls_add_supp_channels(sdata, skb); 370 371 /* add any custom IEs that go before Extended Capabilities */ 372 if (extra_ies_len) { 373 static const u8 before_ext_cap[] = { 374 WLAN_EID_SUPP_RATES, 375 WLAN_EID_COUNTRY, 376 WLAN_EID_EXT_SUPP_RATES, 377 WLAN_EID_SUPPORTED_CHANNELS, 378 WLAN_EID_RSN, 379 }; 380 noffset = ieee80211_ie_split(extra_ies, extra_ies_len, 381 before_ext_cap, 382 ARRAY_SIZE(before_ext_cap), 383 offset); 384 pos = skb_put(skb, noffset - offset); 385 memcpy(pos, extra_ies + offset, noffset - offset); 386 offset = noffset; 387 } 388 389 ieee80211_tdls_add_ext_capab(sdata, skb); 390 391 /* add the QoS element if we support it */ 392 if (local->hw.queues >= IEEE80211_NUM_ACS && 393 action_code != WLAN_PUB_ACTION_TDLS_DISCOVER_RES) 394 ieee80211_add_wmm_info_ie(skb_put(skb, 9), 0); /* no U-APSD */ 395 396 /* add any custom IEs that go before HT capabilities */ 397 if (extra_ies_len) { 398 static const u8 before_ht_cap[] = { 399 WLAN_EID_SUPP_RATES, 400 WLAN_EID_COUNTRY, 401 WLAN_EID_EXT_SUPP_RATES, 402 WLAN_EID_SUPPORTED_CHANNELS, 403 WLAN_EID_RSN, 404 WLAN_EID_EXT_CAPABILITY, 405 WLAN_EID_QOS_CAPA, 406 WLAN_EID_FAST_BSS_TRANSITION, 407 WLAN_EID_TIMEOUT_INTERVAL, 408 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 409 }; 410 noffset = ieee80211_ie_split(extra_ies, extra_ies_len, 411 before_ht_cap, 412 ARRAY_SIZE(before_ht_cap), 413 offset); 414 pos = skb_put(skb, noffset - offset); 415 memcpy(pos, extra_ies + offset, noffset - offset); 416 offset = noffset; 417 } 418 419 mutex_lock(&local->sta_mtx); 420 421 /* we should have the peer STA if we're already responding */ 422 if (action_code == WLAN_TDLS_SETUP_RESPONSE) { 423 sta = sta_info_get(sdata, peer); 424 if (WARN_ON_ONCE(!sta)) { 425 mutex_unlock(&local->sta_mtx); 426 return; 427 } 428 429 sta->tdls_chandef = sdata->vif.bss_conf.chandef; 430 } 431 432 ieee80211_tdls_add_oper_classes(sdata, skb); 433 434 /* 435 * with TDLS we can switch channels, and HT-caps are not necessarily 436 * the same on all bands. The specification limits the setup to a 437 * single HT-cap, so use the current band for now. 438 */ 439 sband = local->hw.wiphy->bands[band]; 440 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap)); 441 442 if ((action_code == WLAN_TDLS_SETUP_REQUEST || 443 action_code == WLAN_PUB_ACTION_TDLS_DISCOVER_RES) && 444 ht_cap.ht_supported) { 445 ieee80211_apply_htcap_overrides(sdata, &ht_cap); 446 447 /* disable SMPS in TDLS initiator */ 448 ht_cap.cap |= WLAN_HT_CAP_SM_PS_DISABLED 449 << IEEE80211_HT_CAP_SM_PS_SHIFT; 450 451 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2); 452 ieee80211_ie_build_ht_cap(pos, &ht_cap, ht_cap.cap); 453 } else if (action_code == WLAN_TDLS_SETUP_RESPONSE && 454 ht_cap.ht_supported && sta->sta.ht_cap.ht_supported) { 455 /* the peer caps are already intersected with our own */ 456 memcpy(&ht_cap, &sta->sta.ht_cap, sizeof(ht_cap)); 457 458 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2); 459 ieee80211_ie_build_ht_cap(pos, &ht_cap, ht_cap.cap); 460 } 461 462 if (ht_cap.ht_supported && 463 (ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40)) 464 ieee80211_tdls_add_bss_coex_ie(skb); 465 466 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator); 467 468 /* add any custom IEs that go before VHT capabilities */ 469 if (extra_ies_len) { 470 static const u8 before_vht_cap[] = { 471 WLAN_EID_SUPP_RATES, 472 WLAN_EID_COUNTRY, 473 WLAN_EID_EXT_SUPP_RATES, 474 WLAN_EID_SUPPORTED_CHANNELS, 475 WLAN_EID_RSN, 476 WLAN_EID_EXT_CAPABILITY, 477 WLAN_EID_QOS_CAPA, 478 WLAN_EID_FAST_BSS_TRANSITION, 479 WLAN_EID_TIMEOUT_INTERVAL, 480 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 481 WLAN_EID_MULTI_BAND, 482 }; 483 noffset = ieee80211_ie_split(extra_ies, extra_ies_len, 484 before_vht_cap, 485 ARRAY_SIZE(before_vht_cap), 486 offset); 487 pos = skb_put(skb, noffset - offset); 488 memcpy(pos, extra_ies + offset, noffset - offset); 489 offset = noffset; 490 } 491 492 /* build the VHT-cap similarly to the HT-cap */ 493 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap)); 494 if ((action_code == WLAN_TDLS_SETUP_REQUEST || 495 action_code == WLAN_PUB_ACTION_TDLS_DISCOVER_RES) && 496 vht_cap.vht_supported) { 497 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap); 498 499 /* the AID is present only when VHT is implemented */ 500 if (action_code == WLAN_TDLS_SETUP_REQUEST) 501 ieee80211_tdls_add_aid(sdata, skb); 502 503 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2); 504 ieee80211_ie_build_vht_cap(pos, &vht_cap, vht_cap.cap); 505 } else if (action_code == WLAN_TDLS_SETUP_RESPONSE && 506 vht_cap.vht_supported && sta->sta.vht_cap.vht_supported) { 507 /* the peer caps are already intersected with our own */ 508 memcpy(&vht_cap, &sta->sta.vht_cap, sizeof(vht_cap)); 509 510 /* the AID is present only when VHT is implemented */ 511 ieee80211_tdls_add_aid(sdata, skb); 512 513 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2); 514 ieee80211_ie_build_vht_cap(pos, &vht_cap, vht_cap.cap); 515 516 /* 517 * if both peers support WIDER_BW, we can expand the chandef to 518 * a wider compatible one, up to 80MHz 519 */ 520 if (test_sta_flag(sta, WLAN_STA_TDLS_WIDER_BW)) 521 ieee80211_tdls_chandef_vht_upgrade(sdata, sta); 522 } 523 524 mutex_unlock(&local->sta_mtx); 525 526 /* add any remaining IEs */ 527 if (extra_ies_len) { 528 noffset = extra_ies_len; 529 pos = skb_put(skb, noffset - offset); 530 memcpy(pos, extra_ies + offset, noffset - offset); 531 } 532 533} 534 535static void 536ieee80211_tdls_add_setup_cfm_ies(struct ieee80211_sub_if_data *sdata, 537 struct sk_buff *skb, const u8 *peer, 538 bool initiator, const u8 *extra_ies, 539 size_t extra_ies_len) 540{ 541 struct ieee80211_local *local = sdata->local; 542 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 543 size_t offset = 0, noffset; 544 struct sta_info *sta, *ap_sta; 545 enum ieee80211_band band = ieee80211_get_sdata_band(sdata); 546 u8 *pos; 547 548 mutex_lock(&local->sta_mtx); 549 550 sta = sta_info_get(sdata, peer); 551 ap_sta = sta_info_get(sdata, ifmgd->bssid); 552 if (WARN_ON_ONCE(!sta || !ap_sta)) { 553 mutex_unlock(&local->sta_mtx); 554 return; 555 } 556 557 sta->tdls_chandef = sdata->vif.bss_conf.chandef; 558 559 /* add any custom IEs that go before the QoS IE */ 560 if (extra_ies_len) { 561 static const u8 before_qos[] = { 562 WLAN_EID_RSN, 563 }; 564 noffset = ieee80211_ie_split(extra_ies, extra_ies_len, 565 before_qos, 566 ARRAY_SIZE(before_qos), 567 offset); 568 pos = skb_put(skb, noffset - offset); 569 memcpy(pos, extra_ies + offset, noffset - offset); 570 offset = noffset; 571 } 572 573 /* add the QoS param IE if both the peer and we support it */ 574 if (local->hw.queues >= IEEE80211_NUM_ACS && sta->sta.wme) 575 ieee80211_tdls_add_wmm_param_ie(sdata, skb); 576 577 /* add any custom IEs that go before HT operation */ 578 if (extra_ies_len) { 579 static const u8 before_ht_op[] = { 580 WLAN_EID_RSN, 581 WLAN_EID_QOS_CAPA, 582 WLAN_EID_FAST_BSS_TRANSITION, 583 WLAN_EID_TIMEOUT_INTERVAL, 584 }; 585 noffset = ieee80211_ie_split(extra_ies, extra_ies_len, 586 before_ht_op, 587 ARRAY_SIZE(before_ht_op), 588 offset); 589 pos = skb_put(skb, noffset - offset); 590 memcpy(pos, extra_ies + offset, noffset - offset); 591 offset = noffset; 592 } 593 594 /* 595 * if HT support is only added in TDLS, we need an HT-operation IE. 596 * add the IE as required by IEEE802.11-2012 9.23.3.2. 597 */ 598 if (!ap_sta->sta.ht_cap.ht_supported && sta->sta.ht_cap.ht_supported) { 599 u16 prot = IEEE80211_HT_OP_MODE_PROTECTION_NONHT_MIXED | 600 IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT | 601 IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT; 602 603 pos = skb_put(skb, 2 + sizeof(struct ieee80211_ht_operation)); 604 ieee80211_ie_build_ht_oper(pos, &sta->sta.ht_cap, 605 &sdata->vif.bss_conf.chandef, prot, 606 true); 607 } 608 609 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator); 610 611 /* only include VHT-operation if not on the 2.4GHz band */ 612 if (band != IEEE80211_BAND_2GHZ && sta->sta.vht_cap.vht_supported) { 613 /* 614 * if both peers support WIDER_BW, we can expand the chandef to 615 * a wider compatible one, up to 80MHz 616 */ 617 if (test_sta_flag(sta, WLAN_STA_TDLS_WIDER_BW)) 618 ieee80211_tdls_chandef_vht_upgrade(sdata, sta); 619 620 pos = skb_put(skb, 2 + sizeof(struct ieee80211_vht_operation)); 621 ieee80211_ie_build_vht_oper(pos, &sta->sta.vht_cap, 622 &sta->tdls_chandef); 623 } 624 625 mutex_unlock(&local->sta_mtx); 626 627 /* add any remaining IEs */ 628 if (extra_ies_len) { 629 noffset = extra_ies_len; 630 pos = skb_put(skb, noffset - offset); 631 memcpy(pos, extra_ies + offset, noffset - offset); 632 } 633} 634 635static void 636ieee80211_tdls_add_chan_switch_req_ies(struct ieee80211_sub_if_data *sdata, 637 struct sk_buff *skb, const u8 *peer, 638 bool initiator, const u8 *extra_ies, 639 size_t extra_ies_len, u8 oper_class, 640 struct cfg80211_chan_def *chandef) 641{ 642 struct ieee80211_tdls_data *tf; 643 size_t offset = 0, noffset; 644 u8 *pos; 645 646 if (WARN_ON_ONCE(!chandef)) 647 return; 648 649 tf = (void *)skb->data; 650 tf->u.chan_switch_req.target_channel = 651 ieee80211_frequency_to_channel(chandef->chan->center_freq); 652 tf->u.chan_switch_req.oper_class = oper_class; 653 654 if (extra_ies_len) { 655 static const u8 before_lnkie[] = { 656 WLAN_EID_SECONDARY_CHANNEL_OFFSET, 657 }; 658 noffset = ieee80211_ie_split(extra_ies, extra_ies_len, 659 before_lnkie, 660 ARRAY_SIZE(before_lnkie), 661 offset); 662 pos = skb_put(skb, noffset - offset); 663 memcpy(pos, extra_ies + offset, noffset - offset); 664 offset = noffset; 665 } 666 667 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator); 668 669 /* add any remaining IEs */ 670 if (extra_ies_len) { 671 noffset = extra_ies_len; 672 pos = skb_put(skb, noffset - offset); 673 memcpy(pos, extra_ies + offset, noffset - offset); 674 } 675} 676 677static void 678ieee80211_tdls_add_chan_switch_resp_ies(struct ieee80211_sub_if_data *sdata, 679 struct sk_buff *skb, const u8 *peer, 680 u16 status_code, bool initiator, 681 const u8 *extra_ies, 682 size_t extra_ies_len) 683{ 684 if (status_code == 0) 685 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator); 686 687 if (extra_ies_len) 688 memcpy(skb_put(skb, extra_ies_len), extra_ies, extra_ies_len); 689} 690 691static void ieee80211_tdls_add_ies(struct ieee80211_sub_if_data *sdata, 692 struct sk_buff *skb, const u8 *peer, 693 u8 action_code, u16 status_code, 694 bool initiator, const u8 *extra_ies, 695 size_t extra_ies_len, u8 oper_class, 696 struct cfg80211_chan_def *chandef) 697{ 698 switch (action_code) { 699 case WLAN_TDLS_SETUP_REQUEST: 700 case WLAN_TDLS_SETUP_RESPONSE: 701 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES: 702 if (status_code == 0) 703 ieee80211_tdls_add_setup_start_ies(sdata, skb, peer, 704 action_code, 705 initiator, 706 extra_ies, 707 extra_ies_len); 708 break; 709 case WLAN_TDLS_SETUP_CONFIRM: 710 if (status_code == 0) 711 ieee80211_tdls_add_setup_cfm_ies(sdata, skb, peer, 712 initiator, extra_ies, 713 extra_ies_len); 714 break; 715 case WLAN_TDLS_TEARDOWN: 716 case WLAN_TDLS_DISCOVERY_REQUEST: 717 if (extra_ies_len) 718 memcpy(skb_put(skb, extra_ies_len), extra_ies, 719 extra_ies_len); 720 if (status_code == 0 || action_code == WLAN_TDLS_TEARDOWN) 721 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator); 722 break; 723 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST: 724 ieee80211_tdls_add_chan_switch_req_ies(sdata, skb, peer, 725 initiator, extra_ies, 726 extra_ies_len, 727 oper_class, chandef); 728 break; 729 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE: 730 ieee80211_tdls_add_chan_switch_resp_ies(sdata, skb, peer, 731 status_code, 732 initiator, extra_ies, 733 extra_ies_len); 734 break; 735 } 736 737} 738 739static int 740ieee80211_prep_tdls_encap_data(struct wiphy *wiphy, struct net_device *dev, 741 const u8 *peer, u8 action_code, u8 dialog_token, 742 u16 status_code, struct sk_buff *skb) 743{ 744 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 745 struct ieee80211_tdls_data *tf; 746 747 tf = (void *)skb_put(skb, offsetof(struct ieee80211_tdls_data, u)); 748 749 memcpy(tf->da, peer, ETH_ALEN); 750 memcpy(tf->sa, sdata->vif.addr, ETH_ALEN); 751 tf->ether_type = cpu_to_be16(ETH_P_TDLS); 752 tf->payload_type = WLAN_TDLS_SNAP_RFTYPE; 753 754 /* network header is after the ethernet header */ 755 skb_set_network_header(skb, ETH_HLEN); 756 757 switch (action_code) { 758 case WLAN_TDLS_SETUP_REQUEST: 759 tf->category = WLAN_CATEGORY_TDLS; 760 tf->action_code = WLAN_TDLS_SETUP_REQUEST; 761 762 skb_put(skb, sizeof(tf->u.setup_req)); 763 tf->u.setup_req.dialog_token = dialog_token; 764 tf->u.setup_req.capability = 765 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata, 766 status_code)); 767 break; 768 case WLAN_TDLS_SETUP_RESPONSE: 769 tf->category = WLAN_CATEGORY_TDLS; 770 tf->action_code = WLAN_TDLS_SETUP_RESPONSE; 771 772 skb_put(skb, sizeof(tf->u.setup_resp)); 773 tf->u.setup_resp.status_code = cpu_to_le16(status_code); 774 tf->u.setup_resp.dialog_token = dialog_token; 775 tf->u.setup_resp.capability = 776 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata, 777 status_code)); 778 break; 779 case WLAN_TDLS_SETUP_CONFIRM: 780 tf->category = WLAN_CATEGORY_TDLS; 781 tf->action_code = WLAN_TDLS_SETUP_CONFIRM; 782 783 skb_put(skb, sizeof(tf->u.setup_cfm)); 784 tf->u.setup_cfm.status_code = cpu_to_le16(status_code); 785 tf->u.setup_cfm.dialog_token = dialog_token; 786 break; 787 case WLAN_TDLS_TEARDOWN: 788 tf->category = WLAN_CATEGORY_TDLS; 789 tf->action_code = WLAN_TDLS_TEARDOWN; 790 791 skb_put(skb, sizeof(tf->u.teardown)); 792 tf->u.teardown.reason_code = cpu_to_le16(status_code); 793 break; 794 case WLAN_TDLS_DISCOVERY_REQUEST: 795 tf->category = WLAN_CATEGORY_TDLS; 796 tf->action_code = WLAN_TDLS_DISCOVERY_REQUEST; 797 798 skb_put(skb, sizeof(tf->u.discover_req)); 799 tf->u.discover_req.dialog_token = dialog_token; 800 break; 801 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST: 802 tf->category = WLAN_CATEGORY_TDLS; 803 tf->action_code = WLAN_TDLS_CHANNEL_SWITCH_REQUEST; 804 805 skb_put(skb, sizeof(tf->u.chan_switch_req)); 806 break; 807 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE: 808 tf->category = WLAN_CATEGORY_TDLS; 809 tf->action_code = WLAN_TDLS_CHANNEL_SWITCH_RESPONSE; 810 811 skb_put(skb, sizeof(tf->u.chan_switch_resp)); 812 tf->u.chan_switch_resp.status_code = cpu_to_le16(status_code); 813 break; 814 default: 815 return -EINVAL; 816 } 817 818 return 0; 819} 820 821static int 822ieee80211_prep_tdls_direct(struct wiphy *wiphy, struct net_device *dev, 823 const u8 *peer, u8 action_code, u8 dialog_token, 824 u16 status_code, struct sk_buff *skb) 825{ 826 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 827 struct ieee80211_mgmt *mgmt; 828 829 mgmt = (void *)skb_put(skb, 24); 830 memset(mgmt, 0, 24); 831 memcpy(mgmt->da, peer, ETH_ALEN); 832 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 833 memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN); 834 835 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 836 IEEE80211_STYPE_ACTION); 837 838 switch (action_code) { 839 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES: 840 skb_put(skb, 1 + sizeof(mgmt->u.action.u.tdls_discover_resp)); 841 mgmt->u.action.category = WLAN_CATEGORY_PUBLIC; 842 mgmt->u.action.u.tdls_discover_resp.action_code = 843 WLAN_PUB_ACTION_TDLS_DISCOVER_RES; 844 mgmt->u.action.u.tdls_discover_resp.dialog_token = 845 dialog_token; 846 mgmt->u.action.u.tdls_discover_resp.capability = 847 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata, 848 status_code)); 849 break; 850 default: 851 return -EINVAL; 852 } 853 854 return 0; 855} 856 857static struct sk_buff * 858ieee80211_tdls_build_mgmt_packet_data(struct ieee80211_sub_if_data *sdata, 859 const u8 *peer, u8 action_code, 860 u8 dialog_token, u16 status_code, 861 bool initiator, const u8 *extra_ies, 862 size_t extra_ies_len, u8 oper_class, 863 struct cfg80211_chan_def *chandef) 864{ 865 struct ieee80211_local *local = sdata->local; 866 struct sk_buff *skb; 867 int ret; 868 869 skb = netdev_alloc_skb(sdata->dev, 870 local->hw.extra_tx_headroom + 871 max(sizeof(struct ieee80211_mgmt), 872 sizeof(struct ieee80211_tdls_data)) + 873 50 + /* supported rates */ 874 10 + /* ext capab */ 875 26 + /* max(WMM-info, WMM-param) */ 876 2 + max(sizeof(struct ieee80211_ht_cap), 877 sizeof(struct ieee80211_ht_operation)) + 878 2 + max(sizeof(struct ieee80211_vht_cap), 879 sizeof(struct ieee80211_vht_operation)) + 880 50 + /* supported channels */ 881 3 + /* 40/20 BSS coex */ 882 4 + /* AID */ 883 4 + /* oper classes */ 884 extra_ies_len + 885 sizeof(struct ieee80211_tdls_lnkie)); 886 if (!skb) 887 return NULL; 888 889 skb_reserve(skb, local->hw.extra_tx_headroom); 890 891 switch (action_code) { 892 case WLAN_TDLS_SETUP_REQUEST: 893 case WLAN_TDLS_SETUP_RESPONSE: 894 case WLAN_TDLS_SETUP_CONFIRM: 895 case WLAN_TDLS_TEARDOWN: 896 case WLAN_TDLS_DISCOVERY_REQUEST: 897 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST: 898 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE: 899 ret = ieee80211_prep_tdls_encap_data(local->hw.wiphy, 900 sdata->dev, peer, 901 action_code, dialog_token, 902 status_code, skb); 903 break; 904 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES: 905 ret = ieee80211_prep_tdls_direct(local->hw.wiphy, sdata->dev, 906 peer, action_code, 907 dialog_token, status_code, 908 skb); 909 break; 910 default: 911 ret = -ENOTSUPP; 912 break; 913 } 914 915 if (ret < 0) 916 goto fail; 917 918 ieee80211_tdls_add_ies(sdata, skb, peer, action_code, status_code, 919 initiator, extra_ies, extra_ies_len, oper_class, 920 chandef); 921 return skb; 922 923fail: 924 dev_kfree_skb(skb); 925 return NULL; 926} 927 928static int 929ieee80211_tdls_prep_mgmt_packet(struct wiphy *wiphy, struct net_device *dev, 930 const u8 *peer, u8 action_code, u8 dialog_token, 931 u16 status_code, u32 peer_capability, 932 bool initiator, const u8 *extra_ies, 933 size_t extra_ies_len, u8 oper_class, 934 struct cfg80211_chan_def *chandef) 935{ 936 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 937 struct sk_buff *skb = NULL; 938 struct sta_info *sta; 939 u32 flags = 0; 940 int ret = 0; 941 942 rcu_read_lock(); 943 sta = sta_info_get(sdata, peer); 944 945 /* infer the initiator if we can, to support old userspace */ 946 switch (action_code) { 947 case WLAN_TDLS_SETUP_REQUEST: 948 if (sta) { 949 set_sta_flag(sta, WLAN_STA_TDLS_INITIATOR); 950 sta->sta.tdls_initiator = false; 951 } 952 /* fall-through */ 953 case WLAN_TDLS_SETUP_CONFIRM: 954 case WLAN_TDLS_DISCOVERY_REQUEST: 955 initiator = true; 956 break; 957 case WLAN_TDLS_SETUP_RESPONSE: 958 /* 959 * In some testing scenarios, we send a request and response. 960 * Make the last packet sent take effect for the initiator 961 * value. 962 */ 963 if (sta) { 964 clear_sta_flag(sta, WLAN_STA_TDLS_INITIATOR); 965 sta->sta.tdls_initiator = true; 966 } 967 /* fall-through */ 968 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES: 969 initiator = false; 970 break; 971 case WLAN_TDLS_TEARDOWN: 972 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST: 973 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE: 974 /* any value is ok */ 975 break; 976 default: 977 ret = -ENOTSUPP; 978 break; 979 } 980 981 if (sta && test_sta_flag(sta, WLAN_STA_TDLS_INITIATOR)) 982 initiator = true; 983 984 rcu_read_unlock(); 985 if (ret < 0) 986 goto fail; 987 988 skb = ieee80211_tdls_build_mgmt_packet_data(sdata, peer, action_code, 989 dialog_token, status_code, 990 initiator, extra_ies, 991 extra_ies_len, oper_class, 992 chandef); 993 if (!skb) { 994 ret = -EINVAL; 995 goto fail; 996 } 997 998 if (action_code == WLAN_PUB_ACTION_TDLS_DISCOVER_RES) { 999 ieee80211_tx_skb(sdata, skb); 1000 return 0; 1001 } 1002 1003 /* 1004 * According to 802.11z: Setup req/resp are sent in AC_BK, otherwise 1005 * we should default to AC_VI. 1006 */ 1007 switch (action_code) { 1008 case WLAN_TDLS_SETUP_REQUEST: 1009 case WLAN_TDLS_SETUP_RESPONSE: 1010 skb_set_queue_mapping(skb, IEEE80211_AC_BK); 1011 skb->priority = 2; 1012 break; 1013 default: 1014 skb_set_queue_mapping(skb, IEEE80211_AC_VI); 1015 skb->priority = 5; 1016 break; 1017 } 1018 1019 /* 1020 * Set the WLAN_TDLS_TEARDOWN flag to indicate a teardown in progress. 1021 * Later, if no ACK is returned from peer, we will re-send the teardown 1022 * packet through the AP. 1023 */ 1024 if ((action_code == WLAN_TDLS_TEARDOWN) && 1025 ieee80211_hw_check(&sdata->local->hw, REPORTS_TX_ACK_STATUS)) { 1026 bool try_resend; /* Should we keep skb for possible resend */ 1027 1028 /* If not sending directly to peer - no point in keeping skb */ 1029 rcu_read_lock(); 1030 sta = sta_info_get(sdata, peer); 1031 try_resend = sta && test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH); 1032 rcu_read_unlock(); 1033 1034 spin_lock_bh(&sdata->u.mgd.teardown_lock); 1035 if (try_resend && !sdata->u.mgd.teardown_skb) { 1036 /* Mark it as requiring TX status callback */ 1037 flags |= IEEE80211_TX_CTL_REQ_TX_STATUS | 1038 IEEE80211_TX_INTFL_MLME_CONN_TX; 1039 1040 /* 1041 * skb is copied since mac80211 will later set 1042 * properties that might not be the same as the AP, 1043 * such as encryption, QoS, addresses, etc. 1044 * 1045 * No problem if skb_copy() fails, so no need to check. 1046 */ 1047 sdata->u.mgd.teardown_skb = skb_copy(skb, GFP_ATOMIC); 1048 sdata->u.mgd.orig_teardown_skb = skb; 1049 } 1050 spin_unlock_bh(&sdata->u.mgd.teardown_lock); 1051 } 1052 1053 /* disable bottom halves when entering the Tx path */ 1054 local_bh_disable(); 1055 __ieee80211_subif_start_xmit(skb, dev, flags); 1056 local_bh_enable(); 1057 1058 return ret; 1059 1060fail: 1061 dev_kfree_skb(skb); 1062 return ret; 1063} 1064 1065static int 1066ieee80211_tdls_mgmt_setup(struct wiphy *wiphy, struct net_device *dev, 1067 const u8 *peer, u8 action_code, u8 dialog_token, 1068 u16 status_code, u32 peer_capability, bool initiator, 1069 const u8 *extra_ies, size_t extra_ies_len) 1070{ 1071 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1072 struct ieee80211_local *local = sdata->local; 1073 enum ieee80211_smps_mode smps_mode = sdata->u.mgd.driver_smps_mode; 1074 int ret; 1075 1076 /* don't support setup with forced SMPS mode that's not off */ 1077 if (smps_mode != IEEE80211_SMPS_AUTOMATIC && 1078 smps_mode != IEEE80211_SMPS_OFF) { 1079 tdls_dbg(sdata, "Aborting TDLS setup due to SMPS mode %d\n", 1080 smps_mode); 1081 return -ENOTSUPP; 1082 } 1083 1084 mutex_lock(&local->mtx); 1085 1086 /* we don't support concurrent TDLS peer setups */ 1087 if (!is_zero_ether_addr(sdata->u.mgd.tdls_peer) && 1088 !ether_addr_equal(sdata->u.mgd.tdls_peer, peer)) { 1089 ret = -EBUSY; 1090 goto out_unlock; 1091 } 1092 1093 /* 1094 * make sure we have a STA representing the peer so we drop or buffer 1095 * non-TDLS-setup frames to the peer. We can't send other packets 1096 * during setup through the AP path. 1097 * Allow error packets to be sent - sometimes we don't even add a STA 1098 * before failing the setup. 1099 */ 1100 if (status_code == 0) { 1101 rcu_read_lock(); 1102 if (!sta_info_get(sdata, peer)) { 1103 rcu_read_unlock(); 1104 ret = -ENOLINK; 1105 goto out_unlock; 1106 } 1107 rcu_read_unlock(); 1108 } 1109 1110 ieee80211_flush_queues(local, sdata, false); 1111 memcpy(sdata->u.mgd.tdls_peer, peer, ETH_ALEN); 1112 mutex_unlock(&local->mtx); 1113 1114 /* we cannot take the mutex while preparing the setup packet */ 1115 ret = ieee80211_tdls_prep_mgmt_packet(wiphy, dev, peer, action_code, 1116 dialog_token, status_code, 1117 peer_capability, initiator, 1118 extra_ies, extra_ies_len, 0, 1119 NULL); 1120 if (ret < 0) { 1121 mutex_lock(&local->mtx); 1122 eth_zero_addr(sdata->u.mgd.tdls_peer); 1123 mutex_unlock(&local->mtx); 1124 return ret; 1125 } 1126 1127 ieee80211_queue_delayed_work(&sdata->local->hw, 1128 &sdata->u.mgd.tdls_peer_del_work, 1129 TDLS_PEER_SETUP_TIMEOUT); 1130 return 0; 1131 1132out_unlock: 1133 mutex_unlock(&local->mtx); 1134 return ret; 1135} 1136 1137static int 1138ieee80211_tdls_mgmt_teardown(struct wiphy *wiphy, struct net_device *dev, 1139 const u8 *peer, u8 action_code, u8 dialog_token, 1140 u16 status_code, u32 peer_capability, 1141 bool initiator, const u8 *extra_ies, 1142 size_t extra_ies_len) 1143{ 1144 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1145 struct ieee80211_local *local = sdata->local; 1146 struct sta_info *sta; 1147 int ret; 1148 1149 /* 1150 * No packets can be transmitted to the peer via the AP during setup - 1151 * the STA is set as a TDLS peer, but is not authorized. 1152 * During teardown, we prevent direct transmissions by stopping the 1153 * queues and flushing all direct packets. 1154 */ 1155 ieee80211_stop_vif_queues(local, sdata, 1156 IEEE80211_QUEUE_STOP_REASON_TDLS_TEARDOWN); 1157 ieee80211_flush_queues(local, sdata, false); 1158 1159 ret = ieee80211_tdls_prep_mgmt_packet(wiphy, dev, peer, action_code, 1160 dialog_token, status_code, 1161 peer_capability, initiator, 1162 extra_ies, extra_ies_len, 0, 1163 NULL); 1164 if (ret < 0) 1165 sdata_err(sdata, "Failed sending TDLS teardown packet %d\n", 1166 ret); 1167 1168 /* 1169 * Remove the STA AUTH flag to force further traffic through the AP. If 1170 * the STA was unreachable, it was already removed. 1171 */ 1172 rcu_read_lock(); 1173 sta = sta_info_get(sdata, peer); 1174 if (sta) 1175 clear_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH); 1176 rcu_read_unlock(); 1177 1178 ieee80211_wake_vif_queues(local, sdata, 1179 IEEE80211_QUEUE_STOP_REASON_TDLS_TEARDOWN); 1180 1181 return 0; 1182} 1183 1184int ieee80211_tdls_mgmt(struct wiphy *wiphy, struct net_device *dev, 1185 const u8 *peer, u8 action_code, u8 dialog_token, 1186 u16 status_code, u32 peer_capability, 1187 bool initiator, const u8 *extra_ies, 1188 size_t extra_ies_len) 1189{ 1190 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1191 int ret; 1192 1193 if (!(wiphy->flags & WIPHY_FLAG_SUPPORTS_TDLS)) 1194 return -ENOTSUPP; 1195 1196 /* make sure we are in managed mode, and associated */ 1197 if (sdata->vif.type != NL80211_IFTYPE_STATION || 1198 !sdata->u.mgd.associated) 1199 return -EINVAL; 1200 1201 switch (action_code) { 1202 case WLAN_TDLS_SETUP_REQUEST: 1203 case WLAN_TDLS_SETUP_RESPONSE: 1204 ret = ieee80211_tdls_mgmt_setup(wiphy, dev, peer, action_code, 1205 dialog_token, status_code, 1206 peer_capability, initiator, 1207 extra_ies, extra_ies_len); 1208 break; 1209 case WLAN_TDLS_TEARDOWN: 1210 ret = ieee80211_tdls_mgmt_teardown(wiphy, dev, peer, 1211 action_code, dialog_token, 1212 status_code, 1213 peer_capability, initiator, 1214 extra_ies, extra_ies_len); 1215 break; 1216 case WLAN_TDLS_DISCOVERY_REQUEST: 1217 /* 1218 * Protect the discovery so we can hear the TDLS discovery 1219 * response frame. It is transmitted directly and not buffered 1220 * by the AP. 1221 */ 1222 drv_mgd_protect_tdls_discover(sdata->local, sdata); 1223 /* fall-through */ 1224 case WLAN_TDLS_SETUP_CONFIRM: 1225 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES: 1226 /* no special handling */ 1227 ret = ieee80211_tdls_prep_mgmt_packet(wiphy, dev, peer, 1228 action_code, 1229 dialog_token, 1230 status_code, 1231 peer_capability, 1232 initiator, extra_ies, 1233 extra_ies_len, 0, NULL); 1234 break; 1235 default: 1236 ret = -EOPNOTSUPP; 1237 break; 1238 } 1239 1240 tdls_dbg(sdata, "TDLS mgmt action %d peer %pM status %d\n", 1241 action_code, peer, ret); 1242 return ret; 1243} 1244 1245static void iee80211_tdls_recalc_chanctx(struct ieee80211_sub_if_data *sdata) 1246{ 1247 struct ieee80211_local *local = sdata->local; 1248 struct ieee80211_chanctx_conf *conf; 1249 struct ieee80211_chanctx *ctx; 1250 1251 mutex_lock(&local->chanctx_mtx); 1252 conf = rcu_dereference_protected(sdata->vif.chanctx_conf, 1253 lockdep_is_held(&local->chanctx_mtx)); 1254 if (conf) { 1255 ctx = container_of(conf, struct ieee80211_chanctx, conf); 1256 ieee80211_recalc_chanctx_chantype(local, ctx); 1257 } 1258 mutex_unlock(&local->chanctx_mtx); 1259} 1260 1261static int iee80211_tdls_have_ht_peers(struct ieee80211_sub_if_data *sdata) 1262{ 1263 struct sta_info *sta; 1264 bool result = false; 1265 1266 rcu_read_lock(); 1267 list_for_each_entry_rcu(sta, &sdata->local->sta_list, list) { 1268 if (!sta->sta.tdls || sta->sdata != sdata || !sta->uploaded || 1269 !test_sta_flag(sta, WLAN_STA_AUTHORIZED) || 1270 !test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH) || 1271 !sta->sta.ht_cap.ht_supported) 1272 continue; 1273 result = true; 1274 break; 1275 } 1276 rcu_read_unlock(); 1277 1278 return result; 1279} 1280 1281static void 1282iee80211_tdls_recalc_ht_protection(struct ieee80211_sub_if_data *sdata, 1283 struct sta_info *sta) 1284{ 1285 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1286 bool tdls_ht; 1287 u16 protection = IEEE80211_HT_OP_MODE_PROTECTION_NONHT_MIXED | 1288 IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT | 1289 IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT; 1290 u16 opmode; 1291 1292 /* Nothing to do if the BSS connection uses HT */ 1293 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) 1294 return; 1295 1296 tdls_ht = (sta && sta->sta.ht_cap.ht_supported) || 1297 iee80211_tdls_have_ht_peers(sdata); 1298 1299 opmode = sdata->vif.bss_conf.ht_operation_mode; 1300 1301 if (tdls_ht) 1302 opmode |= protection; 1303 else 1304 opmode &= ~protection; 1305 1306 if (opmode == sdata->vif.bss_conf.ht_operation_mode) 1307 return; 1308 1309 sdata->vif.bss_conf.ht_operation_mode = opmode; 1310 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_HT); 1311} 1312 1313int ieee80211_tdls_oper(struct wiphy *wiphy, struct net_device *dev, 1314 const u8 *peer, enum nl80211_tdls_operation oper) 1315{ 1316 struct sta_info *sta; 1317 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1318 struct ieee80211_local *local = sdata->local; 1319 int ret; 1320 1321 if (!(wiphy->flags & WIPHY_FLAG_SUPPORTS_TDLS)) 1322 return -ENOTSUPP; 1323 1324 if (sdata->vif.type != NL80211_IFTYPE_STATION) 1325 return -EINVAL; 1326 1327 switch (oper) { 1328 case NL80211_TDLS_ENABLE_LINK: 1329 case NL80211_TDLS_DISABLE_LINK: 1330 break; 1331 case NL80211_TDLS_TEARDOWN: 1332 case NL80211_TDLS_SETUP: 1333 case NL80211_TDLS_DISCOVERY_REQ: 1334 /* We don't support in-driver setup/teardown/discovery */ 1335 return -ENOTSUPP; 1336 } 1337 1338 /* protect possible bss_conf changes and avoid concurrency in 1339 * ieee80211_bss_info_change_notify() 1340 */ 1341 sdata_lock(sdata); 1342 mutex_lock(&local->mtx); 1343 tdls_dbg(sdata, "TDLS oper %d peer %pM\n", oper, peer); 1344 1345 switch (oper) { 1346 case NL80211_TDLS_ENABLE_LINK: 1347 if (sdata->vif.csa_active) { 1348 tdls_dbg(sdata, "TDLS: disallow link during CSA\n"); 1349 ret = -EBUSY; 1350 break; 1351 } 1352 1353 iee80211_tdls_recalc_chanctx(sdata); 1354 1355 mutex_lock(&local->sta_mtx); 1356 sta = sta_info_get(sdata, peer); 1357 if (!sta) { 1358 mutex_unlock(&local->sta_mtx); 1359 ret = -ENOLINK; 1360 break; 1361 } 1362 1363 iee80211_tdls_recalc_ht_protection(sdata, sta); 1364 1365 set_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH); 1366 mutex_unlock(&local->sta_mtx); 1367 1368 WARN_ON_ONCE(is_zero_ether_addr(sdata->u.mgd.tdls_peer) || 1369 !ether_addr_equal(sdata->u.mgd.tdls_peer, peer)); 1370 ret = 0; 1371 break; 1372 case NL80211_TDLS_DISABLE_LINK: 1373 /* 1374 * The teardown message in ieee80211_tdls_mgmt_teardown() was 1375 * created while the queues were stopped, so it might still be 1376 * pending. Before flushing the queues we need to be sure the 1377 * message is handled by the tasklet handling pending messages, 1378 * otherwise we might start destroying the station before 1379 * sending the teardown packet. 1380 * Note that this only forces the tasklet to flush pendings - 1381 * not to stop the tasklet from rescheduling itself. 1382 */ 1383 tasklet_kill(&local->tx_pending_tasklet); 1384 /* flush a potentially queued teardown packet */ 1385 ieee80211_flush_queues(local, sdata, false); 1386 1387 ret = sta_info_destroy_addr(sdata, peer); 1388 1389 mutex_lock(&local->sta_mtx); 1390 iee80211_tdls_recalc_ht_protection(sdata, NULL); 1391 mutex_unlock(&local->sta_mtx); 1392 1393 iee80211_tdls_recalc_chanctx(sdata); 1394 break; 1395 default: 1396 ret = -ENOTSUPP; 1397 break; 1398 } 1399 1400 if (ret == 0 && ether_addr_equal(sdata->u.mgd.tdls_peer, peer)) { 1401 cancel_delayed_work(&sdata->u.mgd.tdls_peer_del_work); 1402 eth_zero_addr(sdata->u.mgd.tdls_peer); 1403 } 1404 1405 if (ret == 0) 1406 ieee80211_queue_work(&sdata->local->hw, 1407 &sdata->u.mgd.request_smps_work); 1408 1409 mutex_unlock(&local->mtx); 1410 sdata_unlock(sdata); 1411 return ret; 1412} 1413 1414void ieee80211_tdls_oper_request(struct ieee80211_vif *vif, const u8 *peer, 1415 enum nl80211_tdls_operation oper, 1416 u16 reason_code, gfp_t gfp) 1417{ 1418 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 1419 1420 if (vif->type != NL80211_IFTYPE_STATION || !vif->bss_conf.assoc) { 1421 sdata_err(sdata, "Discarding TDLS oper %d - not STA or disconnected\n", 1422 oper); 1423 return; 1424 } 1425 1426 cfg80211_tdls_oper_request(sdata->dev, peer, oper, reason_code, gfp); 1427} 1428EXPORT_SYMBOL(ieee80211_tdls_oper_request); 1429 1430static void 1431iee80211_tdls_add_ch_switch_timing(u8 *buf, u16 switch_time, u16 switch_timeout) 1432{ 1433 struct ieee80211_ch_switch_timing *ch_sw; 1434 1435 *buf++ = WLAN_EID_CHAN_SWITCH_TIMING; 1436 *buf++ = sizeof(struct ieee80211_ch_switch_timing); 1437 1438 ch_sw = (void *)buf; 1439 ch_sw->switch_time = cpu_to_le16(switch_time); 1440 ch_sw->switch_timeout = cpu_to_le16(switch_timeout); 1441} 1442 1443/* find switch timing IE in SKB ready for Tx */ 1444static const u8 *ieee80211_tdls_find_sw_timing_ie(struct sk_buff *skb) 1445{ 1446 struct ieee80211_tdls_data *tf; 1447 const u8 *ie_start; 1448 1449 /* 1450 * Get the offset for the new location of the switch timing IE. 1451 * The SKB network header will now point to the "payload_type" 1452 * element of the TDLS data frame struct. 1453 */ 1454 tf = container_of(skb->data + skb_network_offset(skb), 1455 struct ieee80211_tdls_data, payload_type); 1456 ie_start = tf->u.chan_switch_req.variable; 1457 return cfg80211_find_ie(WLAN_EID_CHAN_SWITCH_TIMING, ie_start, 1458 skb->len - (ie_start - skb->data)); 1459} 1460 1461static struct sk_buff * 1462ieee80211_tdls_ch_sw_tmpl_get(struct sta_info *sta, u8 oper_class, 1463 struct cfg80211_chan_def *chandef, 1464 u32 *ch_sw_tm_ie_offset) 1465{ 1466 struct ieee80211_sub_if_data *sdata = sta->sdata; 1467 u8 extra_ies[2 + sizeof(struct ieee80211_sec_chan_offs_ie) + 1468 2 + sizeof(struct ieee80211_ch_switch_timing)]; 1469 int extra_ies_len = 2 + sizeof(struct ieee80211_ch_switch_timing); 1470 u8 *pos = extra_ies; 1471 struct sk_buff *skb; 1472 1473 /* 1474 * if chandef points to a wide channel add a Secondary-Channel 1475 * Offset information element 1476 */ 1477 if (chandef->width == NL80211_CHAN_WIDTH_40) { 1478 struct ieee80211_sec_chan_offs_ie *sec_chan_ie; 1479 bool ht40plus; 1480 1481 *pos++ = WLAN_EID_SECONDARY_CHANNEL_OFFSET; 1482 *pos++ = sizeof(*sec_chan_ie); 1483 sec_chan_ie = (void *)pos; 1484 1485 ht40plus = cfg80211_get_chandef_type(chandef) == 1486 NL80211_CHAN_HT40PLUS; 1487 sec_chan_ie->sec_chan_offs = ht40plus ? 1488 IEEE80211_HT_PARAM_CHA_SEC_ABOVE : 1489 IEEE80211_HT_PARAM_CHA_SEC_BELOW; 1490 pos += sizeof(*sec_chan_ie); 1491 1492 extra_ies_len += 2 + sizeof(struct ieee80211_sec_chan_offs_ie); 1493 } 1494 1495 /* just set the values to 0, this is a template */ 1496 iee80211_tdls_add_ch_switch_timing(pos, 0, 0); 1497 1498 skb = ieee80211_tdls_build_mgmt_packet_data(sdata, sta->sta.addr, 1499 WLAN_TDLS_CHANNEL_SWITCH_REQUEST, 1500 0, 0, !sta->sta.tdls_initiator, 1501 extra_ies, extra_ies_len, 1502 oper_class, chandef); 1503 if (!skb) 1504 return NULL; 1505 1506 skb = ieee80211_build_data_template(sdata, skb, 0); 1507 if (IS_ERR(skb)) { 1508 tdls_dbg(sdata, "Failed building TDLS channel switch frame\n"); 1509 return NULL; 1510 } 1511 1512 if (ch_sw_tm_ie_offset) { 1513 const u8 *tm_ie = ieee80211_tdls_find_sw_timing_ie(skb); 1514 1515 if (!tm_ie) { 1516 tdls_dbg(sdata, "No switch timing IE in TDLS switch\n"); 1517 dev_kfree_skb_any(skb); 1518 return NULL; 1519 } 1520 1521 *ch_sw_tm_ie_offset = tm_ie - skb->data; 1522 } 1523 1524 tdls_dbg(sdata, 1525 "TDLS channel switch request template for %pM ch %d width %d\n", 1526 sta->sta.addr, chandef->chan->center_freq, chandef->width); 1527 return skb; 1528} 1529 1530int 1531ieee80211_tdls_channel_switch(struct wiphy *wiphy, struct net_device *dev, 1532 const u8 *addr, u8 oper_class, 1533 struct cfg80211_chan_def *chandef) 1534{ 1535 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1536 struct ieee80211_local *local = sdata->local; 1537 struct sta_info *sta; 1538 struct sk_buff *skb = NULL; 1539 u32 ch_sw_tm_ie; 1540 int ret; 1541 1542 mutex_lock(&local->sta_mtx); 1543 sta = sta_info_get(sdata, addr); 1544 if (!sta) { 1545 tdls_dbg(sdata, 1546 "Invalid TDLS peer %pM for channel switch request\n", 1547 addr); 1548 ret = -ENOENT; 1549 goto out; 1550 } 1551 1552 if (!test_sta_flag(sta, WLAN_STA_TDLS_CHAN_SWITCH)) { 1553 tdls_dbg(sdata, "TDLS channel switch unsupported by %pM\n", 1554 addr); 1555 ret = -ENOTSUPP; 1556 goto out; 1557 } 1558 1559 skb = ieee80211_tdls_ch_sw_tmpl_get(sta, oper_class, chandef, 1560 &ch_sw_tm_ie); 1561 if (!skb) { 1562 ret = -ENOENT; 1563 goto out; 1564 } 1565 1566 ret = drv_tdls_channel_switch(local, sdata, &sta->sta, oper_class, 1567 chandef, skb, ch_sw_tm_ie); 1568 if (!ret) 1569 set_sta_flag(sta, WLAN_STA_TDLS_OFF_CHANNEL); 1570 1571out: 1572 mutex_unlock(&local->sta_mtx); 1573 dev_kfree_skb_any(skb); 1574 return ret; 1575} 1576 1577void 1578ieee80211_tdls_cancel_channel_switch(struct wiphy *wiphy, 1579 struct net_device *dev, 1580 const u8 *addr) 1581{ 1582 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1583 struct ieee80211_local *local = sdata->local; 1584 struct sta_info *sta; 1585 1586 mutex_lock(&local->sta_mtx); 1587 sta = sta_info_get(sdata, addr); 1588 if (!sta) { 1589 tdls_dbg(sdata, 1590 "Invalid TDLS peer %pM for channel switch cancel\n", 1591 addr); 1592 goto out; 1593 } 1594 1595 if (!test_sta_flag(sta, WLAN_STA_TDLS_OFF_CHANNEL)) { 1596 tdls_dbg(sdata, "TDLS channel switch not initiated by %pM\n", 1597 addr); 1598 goto out; 1599 } 1600 1601 drv_tdls_cancel_channel_switch(local, sdata, &sta->sta); 1602 clear_sta_flag(sta, WLAN_STA_TDLS_OFF_CHANNEL); 1603 1604out: 1605 mutex_unlock(&local->sta_mtx); 1606} 1607 1608static struct sk_buff * 1609ieee80211_tdls_ch_sw_resp_tmpl_get(struct sta_info *sta, 1610 u32 *ch_sw_tm_ie_offset) 1611{ 1612 struct ieee80211_sub_if_data *sdata = sta->sdata; 1613 struct sk_buff *skb; 1614 u8 extra_ies[2 + sizeof(struct ieee80211_ch_switch_timing)]; 1615 1616 /* initial timing are always zero in the template */ 1617 iee80211_tdls_add_ch_switch_timing(extra_ies, 0, 0); 1618 1619 skb = ieee80211_tdls_build_mgmt_packet_data(sdata, sta->sta.addr, 1620 WLAN_TDLS_CHANNEL_SWITCH_RESPONSE, 1621 0, 0, !sta->sta.tdls_initiator, 1622 extra_ies, sizeof(extra_ies), 0, NULL); 1623 if (!skb) 1624 return NULL; 1625 1626 skb = ieee80211_build_data_template(sdata, skb, 0); 1627 if (IS_ERR(skb)) { 1628 tdls_dbg(sdata, 1629 "Failed building TDLS channel switch resp frame\n"); 1630 return NULL; 1631 } 1632 1633 if (ch_sw_tm_ie_offset) { 1634 const u8 *tm_ie = ieee80211_tdls_find_sw_timing_ie(skb); 1635 1636 if (!tm_ie) { 1637 tdls_dbg(sdata, 1638 "No switch timing IE in TDLS switch resp\n"); 1639 dev_kfree_skb_any(skb); 1640 return NULL; 1641 } 1642 1643 *ch_sw_tm_ie_offset = tm_ie - skb->data; 1644 } 1645 1646 tdls_dbg(sdata, "TDLS get channel switch response template for %pM\n", 1647 sta->sta.addr); 1648 return skb; 1649} 1650 1651static int 1652ieee80211_process_tdls_channel_switch_resp(struct ieee80211_sub_if_data *sdata, 1653 struct sk_buff *skb) 1654{ 1655 struct ieee80211_local *local = sdata->local; 1656 struct ieee802_11_elems elems; 1657 struct sta_info *sta; 1658 struct ieee80211_tdls_data *tf = (void *)skb->data; 1659 bool local_initiator; 1660 struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb); 1661 int baselen = offsetof(typeof(*tf), u.chan_switch_resp.variable); 1662 struct ieee80211_tdls_ch_sw_params params = {}; 1663 int ret; 1664 1665 params.action_code = WLAN_TDLS_CHANNEL_SWITCH_RESPONSE; 1666 params.timestamp = rx_status->device_timestamp; 1667 1668 if (skb->len < baselen) { 1669 tdls_dbg(sdata, "TDLS channel switch resp too short: %d\n", 1670 skb->len); 1671 return -EINVAL; 1672 } 1673 1674 mutex_lock(&local->sta_mtx); 1675 sta = sta_info_get(sdata, tf->sa); 1676 if (!sta || !test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH)) { 1677 tdls_dbg(sdata, "TDLS chan switch from non-peer sta %pM\n", 1678 tf->sa); 1679 ret = -EINVAL; 1680 goto out; 1681 } 1682 1683 params.sta = &sta->sta; 1684 params.status = le16_to_cpu(tf->u.chan_switch_resp.status_code); 1685 if (params.status != 0) { 1686 ret = 0; 1687 goto call_drv; 1688 } 1689 1690 ieee802_11_parse_elems(tf->u.chan_switch_resp.variable, 1691 skb->len - baselen, false, &elems); 1692 if (elems.parse_error) { 1693 tdls_dbg(sdata, "Invalid IEs in TDLS channel switch resp\n"); 1694 ret = -EINVAL; 1695 goto out; 1696 } 1697 1698 if (!elems.ch_sw_timing || !elems.lnk_id) { 1699 tdls_dbg(sdata, "TDLS channel switch resp - missing IEs\n"); 1700 ret = -EINVAL; 1701 goto out; 1702 } 1703 1704 /* validate the initiator is set correctly */ 1705 local_initiator = 1706 !memcmp(elems.lnk_id->init_sta, sdata->vif.addr, ETH_ALEN); 1707 if (local_initiator == sta->sta.tdls_initiator) { 1708 tdls_dbg(sdata, "TDLS chan switch invalid lnk-id initiator\n"); 1709 ret = -EINVAL; 1710 goto out; 1711 } 1712 1713 params.switch_time = le16_to_cpu(elems.ch_sw_timing->switch_time); 1714 params.switch_timeout = le16_to_cpu(elems.ch_sw_timing->switch_timeout); 1715 1716 params.tmpl_skb = 1717 ieee80211_tdls_ch_sw_resp_tmpl_get(sta, ¶ms.ch_sw_tm_ie); 1718 if (!params.tmpl_skb) { 1719 ret = -ENOENT; 1720 goto out; 1721 } 1722 1723call_drv: 1724 drv_tdls_recv_channel_switch(sdata->local, sdata, ¶ms); 1725 1726 tdls_dbg(sdata, 1727 "TDLS channel switch response received from %pM status %d\n", 1728 tf->sa, params.status); 1729 1730out: 1731 mutex_unlock(&local->sta_mtx); 1732 dev_kfree_skb_any(params.tmpl_skb); 1733 return ret; 1734} 1735 1736static int 1737ieee80211_process_tdls_channel_switch_req(struct ieee80211_sub_if_data *sdata, 1738 struct sk_buff *skb) 1739{ 1740 struct ieee80211_local *local = sdata->local; 1741 struct ieee802_11_elems elems; 1742 struct cfg80211_chan_def chandef; 1743 struct ieee80211_channel *chan; 1744 enum nl80211_channel_type chan_type; 1745 int freq; 1746 u8 target_channel, oper_class; 1747 bool local_initiator; 1748 struct sta_info *sta; 1749 enum ieee80211_band band; 1750 struct ieee80211_tdls_data *tf = (void *)skb->data; 1751 struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb); 1752 int baselen = offsetof(typeof(*tf), u.chan_switch_req.variable); 1753 struct ieee80211_tdls_ch_sw_params params = {}; 1754 int ret = 0; 1755 1756 params.action_code = WLAN_TDLS_CHANNEL_SWITCH_REQUEST; 1757 params.timestamp = rx_status->device_timestamp; 1758 1759 if (skb->len < baselen) { 1760 tdls_dbg(sdata, "TDLS channel switch req too short: %d\n", 1761 skb->len); 1762 return -EINVAL; 1763 } 1764 1765 target_channel = tf->u.chan_switch_req.target_channel; 1766 oper_class = tf->u.chan_switch_req.oper_class; 1767 1768 /* 1769 * We can't easily infer the channel band. The operating class is 1770 * ambiguous - there are multiple tables (US/Europe/JP/Global). The 1771 * solution here is to treat channels with number >14 as 5GHz ones, 1772 * and specifically check for the (oper_class, channel) combinations 1773 * where this doesn't hold. These are thankfully unique according to 1774 * IEEE802.11-2012. 1775 * We consider only the 2GHz and 5GHz bands and 20MHz+ channels as 1776 * valid here. 1777 */ 1778 if ((oper_class == 112 || oper_class == 2 || oper_class == 3 || 1779 oper_class == 4 || oper_class == 5 || oper_class == 6) && 1780 target_channel < 14) 1781 band = IEEE80211_BAND_5GHZ; 1782 else 1783 band = target_channel < 14 ? IEEE80211_BAND_2GHZ : 1784 IEEE80211_BAND_5GHZ; 1785 1786 freq = ieee80211_channel_to_frequency(target_channel, band); 1787 if (freq == 0) { 1788 tdls_dbg(sdata, "Invalid channel in TDLS chan switch: %d\n", 1789 target_channel); 1790 return -EINVAL; 1791 } 1792 1793 chan = ieee80211_get_channel(sdata->local->hw.wiphy, freq); 1794 if (!chan) { 1795 tdls_dbg(sdata, 1796 "Unsupported channel for TDLS chan switch: %d\n", 1797 target_channel); 1798 return -EINVAL; 1799 } 1800 1801 ieee802_11_parse_elems(tf->u.chan_switch_req.variable, 1802 skb->len - baselen, false, &elems); 1803 if (elems.parse_error) { 1804 tdls_dbg(sdata, "Invalid IEs in TDLS channel switch req\n"); 1805 return -EINVAL; 1806 } 1807 1808 if (!elems.ch_sw_timing || !elems.lnk_id) { 1809 tdls_dbg(sdata, "TDLS channel switch req - missing IEs\n"); 1810 return -EINVAL; 1811 } 1812 1813 if (!elems.sec_chan_offs) { 1814 chan_type = NL80211_CHAN_HT20; 1815 } else { 1816 switch (elems.sec_chan_offs->sec_chan_offs) { 1817 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 1818 chan_type = NL80211_CHAN_HT40PLUS; 1819 break; 1820 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 1821 chan_type = NL80211_CHAN_HT40MINUS; 1822 break; 1823 default: 1824 chan_type = NL80211_CHAN_HT20; 1825 break; 1826 } 1827 } 1828 1829 cfg80211_chandef_create(&chandef, chan, chan_type); 1830 1831 /* we will be active on the TDLS link */ 1832 if (!cfg80211_reg_can_beacon_relax(sdata->local->hw.wiphy, &chandef, 1833 sdata->wdev.iftype)) { 1834 tdls_dbg(sdata, "TDLS chan switch to forbidden channel\n"); 1835 return -EINVAL; 1836 } 1837 1838 mutex_lock(&local->sta_mtx); 1839 sta = sta_info_get(sdata, tf->sa); 1840 if (!sta || !test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH)) { 1841 tdls_dbg(sdata, "TDLS chan switch from non-peer sta %pM\n", 1842 tf->sa); 1843 ret = -EINVAL; 1844 goto out; 1845 } 1846 1847 params.sta = &sta->sta; 1848 1849 /* validate the initiator is set correctly */ 1850 local_initiator = 1851 !memcmp(elems.lnk_id->init_sta, sdata->vif.addr, ETH_ALEN); 1852 if (local_initiator == sta->sta.tdls_initiator) { 1853 tdls_dbg(sdata, "TDLS chan switch invalid lnk-id initiator\n"); 1854 ret = -EINVAL; 1855 goto out; 1856 } 1857 1858 /* peer should have known better */ 1859 if (!sta->sta.ht_cap.ht_supported && elems.sec_chan_offs && 1860 elems.sec_chan_offs->sec_chan_offs) { 1861 tdls_dbg(sdata, "TDLS chan switch - wide chan unsupported\n"); 1862 ret = -ENOTSUPP; 1863 goto out; 1864 } 1865 1866 params.chandef = &chandef; 1867 params.switch_time = le16_to_cpu(elems.ch_sw_timing->switch_time); 1868 params.switch_timeout = le16_to_cpu(elems.ch_sw_timing->switch_timeout); 1869 1870 params.tmpl_skb = 1871 ieee80211_tdls_ch_sw_resp_tmpl_get(sta, 1872 ¶ms.ch_sw_tm_ie); 1873 if (!params.tmpl_skb) { 1874 ret = -ENOENT; 1875 goto out; 1876 } 1877 1878 drv_tdls_recv_channel_switch(sdata->local, sdata, ¶ms); 1879 1880 tdls_dbg(sdata, 1881 "TDLS ch switch request received from %pM ch %d width %d\n", 1882 tf->sa, params.chandef->chan->center_freq, 1883 params.chandef->width); 1884out: 1885 mutex_unlock(&local->sta_mtx); 1886 dev_kfree_skb_any(params.tmpl_skb); 1887 return ret; 1888} 1889 1890static void 1891ieee80211_process_tdls_channel_switch(struct ieee80211_sub_if_data *sdata, 1892 struct sk_buff *skb) 1893{ 1894 struct ieee80211_tdls_data *tf = (void *)skb->data; 1895 struct wiphy *wiphy = sdata->local->hw.wiphy; 1896 1897 ASSERT_RTNL(); 1898 1899 /* make sure the driver supports it */ 1900 if (!(wiphy->features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH)) 1901 return; 1902 1903 /* we want to access the entire packet */ 1904 if (skb_linearize(skb)) 1905 return; 1906 /* 1907 * The packet/size was already validated by mac80211 Rx path, only look 1908 * at the action type. 1909 */ 1910 switch (tf->action_code) { 1911 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST: 1912 ieee80211_process_tdls_channel_switch_req(sdata, skb); 1913 break; 1914 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE: 1915 ieee80211_process_tdls_channel_switch_resp(sdata, skb); 1916 break; 1917 default: 1918 WARN_ON_ONCE(1); 1919 return; 1920 } 1921} 1922 1923void ieee80211_teardown_tdls_peers(struct ieee80211_sub_if_data *sdata) 1924{ 1925 struct sta_info *sta; 1926 u16 reason = WLAN_REASON_TDLS_TEARDOWN_UNSPECIFIED; 1927 1928 rcu_read_lock(); 1929 list_for_each_entry_rcu(sta, &sdata->local->sta_list, list) { 1930 if (!sta->sta.tdls || sta->sdata != sdata || !sta->uploaded || 1931 !test_sta_flag(sta, WLAN_STA_AUTHORIZED)) 1932 continue; 1933 1934 ieee80211_tdls_oper_request(&sdata->vif, sta->sta.addr, 1935 NL80211_TDLS_TEARDOWN, reason, 1936 GFP_ATOMIC); 1937 } 1938 rcu_read_unlock(); 1939} 1940 1941void ieee80211_tdls_chsw_work(struct work_struct *wk) 1942{ 1943 struct ieee80211_local *local = 1944 container_of(wk, struct ieee80211_local, tdls_chsw_work); 1945 struct ieee80211_sub_if_data *sdata; 1946 struct sk_buff *skb; 1947 struct ieee80211_tdls_data *tf; 1948 1949 rtnl_lock(); 1950 while ((skb = skb_dequeue(&local->skb_queue_tdls_chsw))) { 1951 tf = (struct ieee80211_tdls_data *)skb->data; 1952 list_for_each_entry(sdata, &local->interfaces, list) { 1953 if (!ieee80211_sdata_running(sdata) || 1954 sdata->vif.type != NL80211_IFTYPE_STATION || 1955 !ether_addr_equal(tf->da, sdata->vif.addr)) 1956 continue; 1957 1958 ieee80211_process_tdls_channel_switch(sdata, skb); 1959 break; 1960 } 1961 1962 kfree_skb(skb); 1963 } 1964 rtnl_unlock(); 1965} 1966