search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
mm/zsmalloc: allocate exactly size of struct zs_pool
[linux/fpc-iii.git] / net / mac80211 / tdls.c
blob55ddd77b865dffc805cdf3246d0b632e1e61d183
1 /*
2 * mac80211 TDLS handling code
3 *
4 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net>
5 * Copyright 2014, Intel Corporation
6 * Copyright 2014 Intel Mobile Communications GmbH
7 *
8 * This file is GPLv2 as found in COPYING.
9 */
10
11 #include <linux/ieee80211.h>
12 #include <linux/log2.h>
13 #include <net/cfg80211.h>
14 #include "ieee80211_i.h"
15 #include "driver-ops.h"
16
17 /* give usermode some time for retries in setting up the TDLS session */
18 #define TDLS_PEER_SETUP_TIMEOUT (15 * HZ)
19
20 void ieee80211_tdls_peer_del_work(struct work_struct *wk)
21 {
22 struct ieee80211_sub_if_data *sdata;
23 struct ieee80211_local *local;
24
25 sdata = container_of(wk, struct ieee80211_sub_if_data,
26 u.mgd.tdls_peer_del_work.work);
27 local = sdata->local;
28
29 mutex_lock(&local->mtx);
30 if (!is_zero_ether_addr(sdata->u.mgd.tdls_peer)) {
31 tdls_dbg(sdata, "TDLS del peer %pM\n", sdata->u.mgd.tdls_peer);
32 sta_info_destroy_addr(sdata, sdata->u.mgd.tdls_peer);
33 eth_zero_addr(sdata->u.mgd.tdls_peer);
34 }
35 mutex_unlock(&local->mtx);
36 }
37
38 static void ieee80211_tdls_add_ext_capab(struct ieee80211_local *local,
39 struct sk_buff *skb)
40 {
41 u8 *pos = (void *)skb_put(skb, 7);
42 bool chan_switch = local->hw.wiphy->features &
43 NL80211_FEATURE_TDLS_CHANNEL_SWITCH;
44
45 *pos++ = WLAN_EID_EXT_CAPABILITY;
46 *pos++ = 5; /* len */
47 *pos++ = 0x0;
48 *pos++ = 0x0;
49 *pos++ = 0x0;
50 *pos++ = chan_switch ? WLAN_EXT_CAPA4_TDLS_CHAN_SWITCH : 0;
51 *pos++ = WLAN_EXT_CAPA5_TDLS_ENABLED;
52 }
53
54 static u8
55 ieee80211_tdls_add_subband(struct ieee80211_sub_if_data *sdata,
56 struct sk_buff *skb, u16 start, u16 end,
57 u16 spacing)
58 {
59 u8 subband_cnt = 0, ch_cnt = 0;
60 struct ieee80211_channel *ch;
61 struct cfg80211_chan_def chandef;
62 int i, subband_start;
63
64 for (i = start; i <= end; i += spacing) {
65 if (!ch_cnt)
66 subband_start = i;
67
68 ch = ieee80211_get_channel(sdata->local->hw.wiphy, i);
69 if (ch) {
70 /* we will be active on the channel */
71 u32 flags = IEEE80211_CHAN_DISABLED |
72 IEEE80211_CHAN_NO_IR;
73 cfg80211_chandef_create(&chandef, ch,
74 NL80211_CHAN_HT20);
75 if (cfg80211_chandef_usable(sdata->local->hw.wiphy,
76 &chandef, flags)) {
77 ch_cnt++;
78 continue;
79 }
80 }
81
82 if (ch_cnt) {
83 u8 *pos = skb_put(skb, 2);
84 *pos++ = ieee80211_frequency_to_channel(subband_start);
85 *pos++ = ch_cnt;
86
87 subband_cnt++;
88 ch_cnt = 0;
89 }
90 }
91
92 return subband_cnt;
93 }
94
95 static void
96 ieee80211_tdls_add_supp_channels(struct ieee80211_sub_if_data *sdata,
97 struct sk_buff *skb)
98 {
99 /*
100 * Add possible channels for TDLS. These are channels that are allowed
101 * to be active.
102 */
103 u8 subband_cnt;
104 u8 *pos = skb_put(skb, 2);
105
106 *pos++ = WLAN_EID_SUPPORTED_CHANNELS;
107
108 /*
109 * 5GHz and 2GHz channels numbers can overlap. Ignore this for now, as
110 * this doesn't happen in real world scenarios.
111 */
112
113 /* 2GHz, with 5MHz spacing */
114 subband_cnt = ieee80211_tdls_add_subband(sdata, skb, 2412, 2472, 5);
115
116 /* 5GHz, with 20MHz spacing */
117 subband_cnt += ieee80211_tdls_add_subband(sdata, skb, 5000, 5825, 20);
118
119 /* length */
120 *pos = 2 * subband_cnt;
121 }
122
123 static void ieee80211_tdls_add_bss_coex_ie(struct sk_buff *skb)
124 {
125 u8 *pos = (void *)skb_put(skb, 3);
126
127 *pos++ = WLAN_EID_BSS_COEX_2040;
128 *pos++ = 1; /* len */
129
130 *pos++ = WLAN_BSS_COEX_INFORMATION_REQUEST;
131 }
132
133 static u16 ieee80211_get_tdls_sta_capab(struct ieee80211_sub_if_data *sdata,
134 u16 status_code)
135 {
136 struct ieee80211_local *local = sdata->local;
137 u16 capab;
138
139 /* The capability will be 0 when sending a failure code */
140 if (status_code != 0)
141 return 0;
142
143 capab = 0;
144 if (ieee80211_get_sdata_band(sdata) != IEEE80211_BAND_2GHZ)
145 return capab;
146
147 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE))
148 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
149 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE))
150 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
151
152 return capab;
153 }
154
155 static void ieee80211_tdls_add_link_ie(struct ieee80211_sub_if_data *sdata,
156 struct sk_buff *skb, const u8 *peer,
157 bool initiator)
158 {
159 struct ieee80211_tdls_lnkie *lnkid;
160 const u8 *init_addr, *rsp_addr;
161
162 if (initiator) {
163 init_addr = sdata->vif.addr;
164 rsp_addr = peer;
165 } else {
166 init_addr = peer;
167 rsp_addr = sdata->vif.addr;
168 }
169
170 lnkid = (void *)skb_put(skb, sizeof(struct ieee80211_tdls_lnkie));
171
172 lnkid->ie_type = WLAN_EID_LINK_ID;
173 lnkid->ie_len = sizeof(struct ieee80211_tdls_lnkie) - 2;
174
175 memcpy(lnkid->bssid, sdata->u.mgd.bssid, ETH_ALEN);
176 memcpy(lnkid->init_sta, init_addr, ETH_ALEN);
177 memcpy(lnkid->resp_sta, rsp_addr, ETH_ALEN);
178 }
179
180 /* translate numbering in the WMM parameter IE to the mac80211 notation */
181 static enum ieee80211_ac_numbers ieee80211_ac_from_wmm(int ac)
182 {
183 switch (ac) {
184 default:
185 WARN_ON_ONCE(1);
186 case 0:
187 return IEEE80211_AC_BE;
188 case 1:
189 return IEEE80211_AC_BK;
190 case 2:
191 return IEEE80211_AC_VI;
192 case 3:
193 return IEEE80211_AC_VO;
194 }
195 }
196
197 static u8 ieee80211_wmm_aci_aifsn(int aifsn, bool acm, int aci)
198 {
199 u8 ret;
200
201 ret = aifsn & 0x0f;
202 if (acm)
203 ret |= 0x10;
204 ret |= (aci << 5) & 0x60;
205 return ret;
206 }
207
208 static u8 ieee80211_wmm_ecw(u16 cw_min, u16 cw_max)
209 {
210 return ((ilog2(cw_min + 1) << 0x0) & 0x0f) |
211 ((ilog2(cw_max + 1) << 0x4) & 0xf0);
212 }
213
214 static void ieee80211_tdls_add_wmm_param_ie(struct ieee80211_sub_if_data *sdata,
215 struct sk_buff *skb)
216 {
217 struct ieee80211_wmm_param_ie *wmm;
218 struct ieee80211_tx_queue_params *txq;
219 int i;
220
221 wmm = (void *)skb_put(skb, sizeof(*wmm));
222 memset(wmm, 0, sizeof(*wmm));
223
224 wmm->element_id = WLAN_EID_VENDOR_SPECIFIC;
225 wmm->len = sizeof(*wmm) - 2;
226
227 wmm->oui[0] = 0x00; /* Microsoft OUI 00:50:F2 */
228 wmm->oui[1] = 0x50;
229 wmm->oui[2] = 0xf2;
230 wmm->oui_type = 2; /* WME */
231 wmm->oui_subtype = 1; /* WME param */
232 wmm->version = 1; /* WME ver */
233 wmm->qos_info = 0; /* U-APSD not in use */
234
235 /*
236 * Use the EDCA parameters defined for the BSS, or default if the AP
237 * doesn't support it, as mandated by 802.11-2012 section 10.22.4
238 */
239 for (i = 0; i < IEEE80211_NUM_ACS; i++) {
240 txq = &sdata->tx_conf[ieee80211_ac_from_wmm(i)];
241 wmm->ac[i].aci_aifsn = ieee80211_wmm_aci_aifsn(txq->aifs,
242 txq->acm, i);
243 wmm->ac[i].cw = ieee80211_wmm_ecw(txq->cw_min, txq->cw_max);
244 wmm->ac[i].txop_limit = cpu_to_le16(txq->txop);
245 }
246 }
247
248 static void
249 ieee80211_tdls_add_setup_start_ies(struct ieee80211_sub_if_data *sdata,
250 struct sk_buff *skb, const u8 *peer,
251 u8 action_code, bool initiator,
252 const u8 *extra_ies, size_t extra_ies_len)
253 {
254 enum ieee80211_band band = ieee80211_get_sdata_band(sdata);
255 struct ieee80211_local *local = sdata->local;
256 struct ieee80211_supported_band *sband;
257 struct ieee80211_sta_ht_cap ht_cap;
258 struct sta_info *sta = NULL;
259 size_t offset = 0, noffset;
260 u8 *pos;
261
262 rcu_read_lock();
263
264 /* we should have the peer STA if we're already responding */
265 if (action_code == WLAN_TDLS_SETUP_RESPONSE) {
266 sta = sta_info_get(sdata, peer);
267 if (WARN_ON_ONCE(!sta)) {
268 rcu_read_unlock();
269 return;
270 }
271 }
272
273 ieee80211_add_srates_ie(sdata, skb, false, band);
274 ieee80211_add_ext_srates_ie(sdata, skb, false, band);
275 ieee80211_tdls_add_supp_channels(sdata, skb);
276
277 /* add any custom IEs that go before Extended Capabilities */
278 if (extra_ies_len) {
279 static const u8 before_ext_cap[] = {
280 WLAN_EID_SUPP_RATES,
281 WLAN_EID_COUNTRY,
282 WLAN_EID_EXT_SUPP_RATES,
283 WLAN_EID_SUPPORTED_CHANNELS,
284 WLAN_EID_RSN,
285 };
286 noffset = ieee80211_ie_split(extra_ies, extra_ies_len,
287 before_ext_cap,
288 ARRAY_SIZE(before_ext_cap),
289 offset);
290 pos = skb_put(skb, noffset - offset);
291 memcpy(pos, extra_ies + offset, noffset - offset);
292 offset = noffset;
293 }
294
295 ieee80211_tdls_add_ext_capab(local, skb);
296
297 /* add the QoS element if we support it */
298 if (local->hw.queues >= IEEE80211_NUM_ACS &&
299 action_code != WLAN_PUB_ACTION_TDLS_DISCOVER_RES)
300 ieee80211_add_wmm_info_ie(skb_put(skb, 9), 0); /* no U-APSD */
301
302 /* add any custom IEs that go before HT capabilities */
303 if (extra_ies_len) {
304 static const u8 before_ht_cap[] = {
305 WLAN_EID_SUPP_RATES,
306 WLAN_EID_COUNTRY,
307 WLAN_EID_EXT_SUPP_RATES,
308 WLAN_EID_SUPPORTED_CHANNELS,
309 WLAN_EID_RSN,
310 WLAN_EID_EXT_CAPABILITY,
311 WLAN_EID_QOS_CAPA,
312 WLAN_EID_FAST_BSS_TRANSITION,
313 WLAN_EID_TIMEOUT_INTERVAL,
314 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
315 };
316 noffset = ieee80211_ie_split(extra_ies, extra_ies_len,
317 before_ht_cap,
318 ARRAY_SIZE(before_ht_cap),
319 offset);
320 pos = skb_put(skb, noffset - offset);
321 memcpy(pos, extra_ies + offset, noffset - offset);
322 offset = noffset;
323 }
324
325 /*
326 * with TDLS we can switch channels, and HT-caps are not necessarily
327 * the same on all bands. The specification limits the setup to a
328 * single HT-cap, so use the current band for now.
329 */
330 sband = local->hw.wiphy->bands[band];
331 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap));
332 if ((action_code == WLAN_TDLS_SETUP_REQUEST ||
333 action_code == WLAN_TDLS_SETUP_RESPONSE) &&
334 ht_cap.ht_supported && (!sta || sta->sta.ht_cap.ht_supported)) {
335 if (action_code == WLAN_TDLS_SETUP_REQUEST) {
336 ieee80211_apply_htcap_overrides(sdata, &ht_cap);
337
338 /* disable SMPS in TDLS initiator */
339 ht_cap.cap |= (WLAN_HT_CAP_SM_PS_DISABLED
340 << IEEE80211_HT_CAP_SM_PS_SHIFT);
341 } else {
342 /* disable SMPS in TDLS responder */
343 sta->sta.ht_cap.cap |=
344 (WLAN_HT_CAP_SM_PS_DISABLED
345 << IEEE80211_HT_CAP_SM_PS_SHIFT);
346
347 /* the peer caps are already intersected with our own */
348 memcpy(&ht_cap, &sta->sta.ht_cap, sizeof(ht_cap));
349 }
350
351 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2);
352 ieee80211_ie_build_ht_cap(pos, &ht_cap, ht_cap.cap);
353 }
354
355 rcu_read_unlock();
356
357 if (ht_cap.ht_supported &&
358 (ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40))
359 ieee80211_tdls_add_bss_coex_ie(skb);
360
361 /* add any remaining IEs */
362 if (extra_ies_len) {
363 noffset = extra_ies_len;
364 pos = skb_put(skb, noffset - offset);
365 memcpy(pos, extra_ies + offset, noffset - offset);
366 }
367
368 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator);
369 }
370
371 static void
372 ieee80211_tdls_add_setup_cfm_ies(struct ieee80211_sub_if_data *sdata,
373 struct sk_buff *skb, const u8 *peer,
374 bool initiator, const u8 *extra_ies,
375 size_t extra_ies_len)
376 {
377 struct ieee80211_local *local = sdata->local;
378 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
379 size_t offset = 0, noffset;
380 struct sta_info *sta, *ap_sta;
381 u8 *pos;
382
383 rcu_read_lock();
384
385 sta = sta_info_get(sdata, peer);
386 ap_sta = sta_info_get(sdata, ifmgd->bssid);
387 if (WARN_ON_ONCE(!sta || !ap_sta)) {
388 rcu_read_unlock();
389 return;
390 }
391
392 /* add any custom IEs that go before the QoS IE */
393 if (extra_ies_len) {
394 static const u8 before_qos[] = {
395 WLAN_EID_RSN,
396 };
397 noffset = ieee80211_ie_split(extra_ies, extra_ies_len,
398 before_qos,
399 ARRAY_SIZE(before_qos),
400 offset);
401 pos = skb_put(skb, noffset - offset);
402 memcpy(pos, extra_ies + offset, noffset - offset);
403 offset = noffset;
404 }
405
406 /* add the QoS param IE if both the peer and we support it */
407 if (local->hw.queues >= IEEE80211_NUM_ACS && sta->sta.wme)
408 ieee80211_tdls_add_wmm_param_ie(sdata, skb);
409
410 /* add any custom IEs that go before HT operation */
411 if (extra_ies_len) {
412 static const u8 before_ht_op[] = {
413 WLAN_EID_RSN,
414 WLAN_EID_QOS_CAPA,
415 WLAN_EID_FAST_BSS_TRANSITION,
416 WLAN_EID_TIMEOUT_INTERVAL,
417 };
418 noffset = ieee80211_ie_split(extra_ies, extra_ies_len,
419 before_ht_op,
420 ARRAY_SIZE(before_ht_op),
421 offset);
422 pos = skb_put(skb, noffset - offset);
423 memcpy(pos, extra_ies + offset, noffset - offset);
424 offset = noffset;
425 }
426
427 /* if HT support is only added in TDLS, we need an HT-operation IE */
428 if (!ap_sta->sta.ht_cap.ht_supported && sta->sta.ht_cap.ht_supported) {
429 struct ieee80211_chanctx_conf *chanctx_conf =
430 rcu_dereference(sdata->vif.chanctx_conf);
431 if (!WARN_ON(!chanctx_conf)) {
432 pos = skb_put(skb, 2 +
433 sizeof(struct ieee80211_ht_operation));
434 /* send an empty HT operation IE */
435 ieee80211_ie_build_ht_oper(pos, &sta->sta.ht_cap,
436 &chanctx_conf->def, 0);
437 }
438 }
439
440 rcu_read_unlock();
441
442 /* add any remaining IEs */
443 if (extra_ies_len) {
444 noffset = extra_ies_len;
445 pos = skb_put(skb, noffset - offset);
446 memcpy(pos, extra_ies + offset, noffset - offset);
447 }
448
449 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator);
450 }
451
452 static void
453 ieee80211_tdls_add_chan_switch_req_ies(struct ieee80211_sub_if_data *sdata,
454 struct sk_buff *skb, const u8 *peer,
455 bool initiator, const u8 *extra_ies,
456 size_t extra_ies_len, u8 oper_class,
457 struct cfg80211_chan_def *chandef)
458 {
459 struct ieee80211_tdls_data *tf;
460 size_t offset = 0, noffset;
461 u8 *pos;
462
463 if (WARN_ON_ONCE(!chandef))
464 return;
465
466 tf = (void *)skb->data;
467 tf->u.chan_switch_req.target_channel =
468 ieee80211_frequency_to_channel(chandef->chan->center_freq);
469 tf->u.chan_switch_req.oper_class = oper_class;
470
471 if (extra_ies_len) {
472 static const u8 before_lnkie[] = {
473 WLAN_EID_SECONDARY_CHANNEL_OFFSET,
474 };
475 noffset = ieee80211_ie_split(extra_ies, extra_ies_len,
476 before_lnkie,
477 ARRAY_SIZE(before_lnkie),
478 offset);
479 pos = skb_put(skb, noffset - offset);
480 memcpy(pos, extra_ies + offset, noffset - offset);
481 offset = noffset;
482 }
483
484 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator);
485
486 /* add any remaining IEs */
487 if (extra_ies_len) {
488 noffset = extra_ies_len;
489 pos = skb_put(skb, noffset - offset);
490 memcpy(pos, extra_ies + offset, noffset - offset);
491 }
492 }
493
494 static void
495 ieee80211_tdls_add_chan_switch_resp_ies(struct ieee80211_sub_if_data *sdata,
496 struct sk_buff *skb, const u8 *peer,
497 u16 status_code, bool initiator,
498 const u8 *extra_ies,
499 size_t extra_ies_len)
500 {
501 if (status_code == 0)
502 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator);
503
504 if (extra_ies_len)
505 memcpy(skb_put(skb, extra_ies_len), extra_ies, extra_ies_len);
506 }
507
508 static void ieee80211_tdls_add_ies(struct ieee80211_sub_if_data *sdata,
509 struct sk_buff *skb, const u8 *peer,
510 u8 action_code, u16 status_code,
511 bool initiator, const u8 *extra_ies,
512 size_t extra_ies_len, u8 oper_class,
513 struct cfg80211_chan_def *chandef)
514 {
515 switch (action_code) {
516 case WLAN_TDLS_SETUP_REQUEST:
517 case WLAN_TDLS_SETUP_RESPONSE:
518 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES:
519 if (status_code == 0)
520 ieee80211_tdls_add_setup_start_ies(sdata, skb, peer,
521 action_code,
522 initiator,
523 extra_ies,
524 extra_ies_len);
525 break;
526 case WLAN_TDLS_SETUP_CONFIRM:
527 if (status_code == 0)
528 ieee80211_tdls_add_setup_cfm_ies(sdata, skb, peer,
529 initiator, extra_ies,
530 extra_ies_len);
531 break;
532 case WLAN_TDLS_TEARDOWN:
533 case WLAN_TDLS_DISCOVERY_REQUEST:
534 if (extra_ies_len)
535 memcpy(skb_put(skb, extra_ies_len), extra_ies,
536 extra_ies_len);
537 if (status_code == 0 || action_code == WLAN_TDLS_TEARDOWN)
538 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator);
539 break;
540 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST:
541 ieee80211_tdls_add_chan_switch_req_ies(sdata, skb, peer,
542 initiator, extra_ies,
543 extra_ies_len,
544 oper_class, chandef);
545 break;
546 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE:
547 ieee80211_tdls_add_chan_switch_resp_ies(sdata, skb, peer,
548 status_code,
549 initiator, extra_ies,
550 extra_ies_len);
551 break;
552 }
553
554 }
555
556 static int
557 ieee80211_prep_tdls_encap_data(struct wiphy *wiphy, struct net_device *dev,
558 const u8 *peer, u8 action_code, u8 dialog_token,
559 u16 status_code, struct sk_buff *skb)
560 {
561 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
562 struct ieee80211_tdls_data *tf;
563
564 tf = (void *)skb_put(skb, offsetof(struct ieee80211_tdls_data, u));
565
566 memcpy(tf->da, peer, ETH_ALEN);
567 memcpy(tf->sa, sdata->vif.addr, ETH_ALEN);
568 tf->ether_type = cpu_to_be16(ETH_P_TDLS);
569 tf->payload_type = WLAN_TDLS_SNAP_RFTYPE;
570
571 /* network header is after the ethernet header */
572 skb_set_network_header(skb, ETH_HLEN);
573
574 switch (action_code) {
575 case WLAN_TDLS_SETUP_REQUEST:
576 tf->category = WLAN_CATEGORY_TDLS;
577 tf->action_code = WLAN_TDLS_SETUP_REQUEST;
578
579 skb_put(skb, sizeof(tf->u.setup_req));
580 tf->u.setup_req.dialog_token = dialog_token;
581 tf->u.setup_req.capability =
582 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata,
583 status_code));
584 break;
585 case WLAN_TDLS_SETUP_RESPONSE:
586 tf->category = WLAN_CATEGORY_TDLS;
587 tf->action_code = WLAN_TDLS_SETUP_RESPONSE;
588
589 skb_put(skb, sizeof(tf->u.setup_resp));
590 tf->u.setup_resp.status_code = cpu_to_le16(status_code);
591 tf->u.setup_resp.dialog_token = dialog_token;
592 tf->u.setup_resp.capability =
593 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata,
594 status_code));
595 break;
596 case WLAN_TDLS_SETUP_CONFIRM:
597 tf->category = WLAN_CATEGORY_TDLS;
598 tf->action_code = WLAN_TDLS_SETUP_CONFIRM;
599
600 skb_put(skb, sizeof(tf->u.setup_cfm));
601 tf->u.setup_cfm.status_code = cpu_to_le16(status_code);
602 tf->u.setup_cfm.dialog_token = dialog_token;
603 break;
604 case WLAN_TDLS_TEARDOWN:
605 tf->category = WLAN_CATEGORY_TDLS;
606 tf->action_code = WLAN_TDLS_TEARDOWN;
607
608 skb_put(skb, sizeof(tf->u.teardown));
609 tf->u.teardown.reason_code = cpu_to_le16(status_code);
610 break;
611 case WLAN_TDLS_DISCOVERY_REQUEST:
612 tf->category = WLAN_CATEGORY_TDLS;
613 tf->action_code = WLAN_TDLS_DISCOVERY_REQUEST;
614
615 skb_put(skb, sizeof(tf->u.discover_req));
616 tf->u.discover_req.dialog_token = dialog_token;
617 break;
618 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST:
619 tf->category = WLAN_CATEGORY_TDLS;
620 tf->action_code = WLAN_TDLS_CHANNEL_SWITCH_REQUEST;
621
622 skb_put(skb, sizeof(tf->u.chan_switch_req));
623 break;
624 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE:
625 tf->category = WLAN_CATEGORY_TDLS;
626 tf->action_code = WLAN_TDLS_CHANNEL_SWITCH_RESPONSE;
627
628 skb_put(skb, sizeof(tf->u.chan_switch_resp));
629 tf->u.chan_switch_resp.status_code = cpu_to_le16(status_code);
630 break;
631 default:
632 return -EINVAL;
633 }
634
635 return 0;
636 }
637
638 static int
639 ieee80211_prep_tdls_direct(struct wiphy *wiphy, struct net_device *dev,
640 const u8 *peer, u8 action_code, u8 dialog_token,
641 u16 status_code, struct sk_buff *skb)
642 {
643 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
644 struct ieee80211_mgmt *mgmt;
645
646 mgmt = (void *)skb_put(skb, 24);
647 memset(mgmt, 0, 24);
648 memcpy(mgmt->da, peer, ETH_ALEN);
649 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
650 memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN);
651
652 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
653 IEEE80211_STYPE_ACTION);
654
655 switch (action_code) {
656 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES:
657 skb_put(skb, 1 + sizeof(mgmt->u.action.u.tdls_discover_resp));
658 mgmt->u.action.category = WLAN_CATEGORY_PUBLIC;
659 mgmt->u.action.u.tdls_discover_resp.action_code =
660 WLAN_PUB_ACTION_TDLS_DISCOVER_RES;
661 mgmt->u.action.u.tdls_discover_resp.dialog_token =
662 dialog_token;
663 mgmt->u.action.u.tdls_discover_resp.capability =
664 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata,
665 status_code));
666 break;
667 default:
668 return -EINVAL;
669 }
670
671 return 0;
672 }
673
674 static struct sk_buff *
675 ieee80211_tdls_build_mgmt_packet_data(struct ieee80211_sub_if_data *sdata,
676 const u8 *peer, u8 action_code,
677 u8 dialog_token, u16 status_code,
678 bool initiator, const u8 *extra_ies,
679 size_t extra_ies_len, u8 oper_class,
680 struct cfg80211_chan_def *chandef)
681 {
682 struct ieee80211_local *local = sdata->local;
683 struct sk_buff *skb;
684 int ret;
685
686 skb = netdev_alloc_skb(sdata->dev,
687 local->hw.extra_tx_headroom +
688 max(sizeof(struct ieee80211_mgmt),
689 sizeof(struct ieee80211_tdls_data)) +
690 50 + /* supported rates */
691 7 + /* ext capab */
692 26 + /* max(WMM-info, WMM-param) */
693 2 + max(sizeof(struct ieee80211_ht_cap),
694 sizeof(struct ieee80211_ht_operation)) +
695 50 + /* supported channels */
696 3 + /* 40/20 BSS coex */
697 extra_ies_len +
698 sizeof(struct ieee80211_tdls_lnkie));
699 if (!skb)
700 return NULL;
701
702 skb_reserve(skb, local->hw.extra_tx_headroom);
703
704 switch (action_code) {
705 case WLAN_TDLS_SETUP_REQUEST:
706 case WLAN_TDLS_SETUP_RESPONSE:
707 case WLAN_TDLS_SETUP_CONFIRM:
708 case WLAN_TDLS_TEARDOWN:
709 case WLAN_TDLS_DISCOVERY_REQUEST:
710 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST:
711 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE:
712 ret = ieee80211_prep_tdls_encap_data(local->hw.wiphy,
713 sdata->dev, peer,
714 action_code, dialog_token,
715 status_code, skb);
716 break;
717 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES:
718 ret = ieee80211_prep_tdls_direct(local->hw.wiphy, sdata->dev,
719 peer, action_code,
720 dialog_token, status_code,
721 skb);
722 break;
723 default:
724 ret = -ENOTSUPP;
725 break;
726 }
727
728 if (ret < 0)
729 goto fail;
730
731 ieee80211_tdls_add_ies(sdata, skb, peer, action_code, status_code,
732 initiator, extra_ies, extra_ies_len, oper_class,
733 chandef);
734 return skb;
735
736 fail:
737 dev_kfree_skb(skb);
738 return NULL;
739 }
740
741 static int
742 ieee80211_tdls_prep_mgmt_packet(struct wiphy *wiphy, struct net_device *dev,
743 const u8 *peer, u8 action_code, u8 dialog_token,
744 u16 status_code, u32 peer_capability,
745 bool initiator, const u8 *extra_ies,
746 size_t extra_ies_len, u8 oper_class,
747 struct cfg80211_chan_def *chandef)
748 {
749 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
750 struct sk_buff *skb = NULL;
751 struct sta_info *sta;
752 u32 flags = 0;
753 int ret = 0;
754
755 rcu_read_lock();
756 sta = sta_info_get(sdata, peer);
757
758 /* infer the initiator if we can, to support old userspace */
759 switch (action_code) {
760 case WLAN_TDLS_SETUP_REQUEST:
761 if (sta) {
762 set_sta_flag(sta, WLAN_STA_TDLS_INITIATOR);
763 sta->sta.tdls_initiator = false;
764 }
765 /* fall-through */
766 case WLAN_TDLS_SETUP_CONFIRM:
767 case WLAN_TDLS_DISCOVERY_REQUEST:
768 initiator = true;
769 break;
770 case WLAN_TDLS_SETUP_RESPONSE:
771 /*
772 * In some testing scenarios, we send a request and response.
773 * Make the last packet sent take effect for the initiator
774 * value.
775 */
776 if (sta) {
777 clear_sta_flag(sta, WLAN_STA_TDLS_INITIATOR);
778 sta->sta.tdls_initiator = true;
779 }
780 /* fall-through */
781 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES:
782 initiator = false;
783 break;
784 case WLAN_TDLS_TEARDOWN:
785 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST:
786 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE:
787 /* any value is ok */
788 break;
789 default:
790 ret = -ENOTSUPP;
791 break;
792 }
793
794 if (sta && test_sta_flag(sta, WLAN_STA_TDLS_INITIATOR))
795 initiator = true;
796
797 rcu_read_unlock();
798 if (ret < 0)
799 goto fail;
800
801 skb = ieee80211_tdls_build_mgmt_packet_data(sdata, peer, action_code,
802 dialog_token, status_code,
803 initiator, extra_ies,
804 extra_ies_len, oper_class,
805 chandef);
806 if (!skb) {
807 ret = -EINVAL;
808 goto fail;
809 }
810
811 if (action_code == WLAN_PUB_ACTION_TDLS_DISCOVER_RES) {
812 ieee80211_tx_skb(sdata, skb);
813 return 0;
814 }
815
816 /*
817 * According to 802.11z: Setup req/resp are sent in AC_BK, otherwise
818 * we should default to AC_VI.
819 */
820 switch (action_code) {
821 case WLAN_TDLS_SETUP_REQUEST:
822 case WLAN_TDLS_SETUP_RESPONSE:
823 skb_set_queue_mapping(skb, IEEE80211_AC_BK);
824 skb->priority = 2;
825 break;
826 default:
827 skb_set_queue_mapping(skb, IEEE80211_AC_VI);
828 skb->priority = 5;
829 break;
830 }
831
832 /*
833 * Set the WLAN_TDLS_TEARDOWN flag to indicate a teardown in progress.
834 * Later, if no ACK is returned from peer, we will re-send the teardown
835 * packet through the AP.
836 */
837 if ((action_code == WLAN_TDLS_TEARDOWN) &&
838 (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) {
839 struct sta_info *sta = NULL;
840 bool try_resend; /* Should we keep skb for possible resend */
841
842 /* If not sending directly to peer - no point in keeping skb */
843 rcu_read_lock();
844 sta = sta_info_get(sdata, peer);
845 try_resend = sta && test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH);
846 rcu_read_unlock();
847
848 spin_lock_bh(&sdata->u.mgd.teardown_lock);
849 if (try_resend && !sdata->u.mgd.teardown_skb) {
850 /* Mark it as requiring TX status callback */
851 flags |= IEEE80211_TX_CTL_REQ_TX_STATUS |
852 IEEE80211_TX_INTFL_MLME_CONN_TX;
853
854 /*
855 * skb is copied since mac80211 will later set
856 * properties that might not be the same as the AP,
857 * such as encryption, QoS, addresses, etc.
858 *
859 * No problem if skb_copy() fails, so no need to check.
860 */
861 sdata->u.mgd.teardown_skb = skb_copy(skb, GFP_ATOMIC);
862 sdata->u.mgd.orig_teardown_skb = skb;
863 }
864 spin_unlock_bh(&sdata->u.mgd.teardown_lock);
865 }
866
867 /* disable bottom halves when entering the Tx path */
868 local_bh_disable();
869 __ieee80211_subif_start_xmit(skb, dev, flags);
870 local_bh_enable();
871
872 return ret;
873
874 fail:
875 dev_kfree_skb(skb);
876 return ret;
877 }
878
879 static int
880 ieee80211_tdls_mgmt_setup(struct wiphy *wiphy, struct net_device *dev,
881 const u8 *peer, u8 action_code, u8 dialog_token,
882 u16 status_code, u32 peer_capability, bool initiator,
883 const u8 *extra_ies, size_t extra_ies_len)
884 {
885 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
886 struct ieee80211_local *local = sdata->local;
887 int ret;
888
889 mutex_lock(&local->mtx);
890
891 /* we don't support concurrent TDLS peer setups */
892 if (!is_zero_ether_addr(sdata->u.mgd.tdls_peer) &&
893 !ether_addr_equal(sdata->u.mgd.tdls_peer, peer)) {
894 ret = -EBUSY;
895 goto exit;
896 }
897
898 /*
899 * make sure we have a STA representing the peer so we drop or buffer
900 * non-TDLS-setup frames to the peer. We can't send other packets
901 * during setup through the AP path.
902 * Allow error packets to be sent - sometimes we don't even add a STA
903 * before failing the setup.
904 */
905 if (status_code == 0) {
906 rcu_read_lock();
907 if (!sta_info_get(sdata, peer)) {
908 rcu_read_unlock();
909 ret = -ENOLINK;
910 goto exit;
911 }
912 rcu_read_unlock();
913 }
914
915 ieee80211_flush_queues(local, sdata);
916
917 ret = ieee80211_tdls_prep_mgmt_packet(wiphy, dev, peer, action_code,
918 dialog_token, status_code,
919 peer_capability, initiator,
920 extra_ies, extra_ies_len, 0,
921 NULL);
922 if (ret < 0)
923 goto exit;
924
925 memcpy(sdata->u.mgd.tdls_peer, peer, ETH_ALEN);
926 ieee80211_queue_delayed_work(&sdata->local->hw,
927 &sdata->u.mgd.tdls_peer_del_work,
928 TDLS_PEER_SETUP_TIMEOUT);
929
930 exit:
931 mutex_unlock(&local->mtx);
932 return ret;
933 }
934
935 static int
936 ieee80211_tdls_mgmt_teardown(struct wiphy *wiphy, struct net_device *dev,
937 const u8 *peer, u8 action_code, u8 dialog_token,
938 u16 status_code, u32 peer_capability,
939 bool initiator, const u8 *extra_ies,
940 size_t extra_ies_len)
941 {
942 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
943 struct ieee80211_local *local = sdata->local;
944 struct sta_info *sta;
945 int ret;
946
947 /*
948 * No packets can be transmitted to the peer via the AP during setup -
949 * the STA is set as a TDLS peer, but is not authorized.
950 * During teardown, we prevent direct transmissions by stopping the
951 * queues and flushing all direct packets.
952 */
953 ieee80211_stop_vif_queues(local, sdata,
954 IEEE80211_QUEUE_STOP_REASON_TDLS_TEARDOWN);
955 ieee80211_flush_queues(local, sdata);
956
957 ret = ieee80211_tdls_prep_mgmt_packet(wiphy, dev, peer, action_code,
958 dialog_token, status_code,
959 peer_capability, initiator,
960 extra_ies, extra_ies_len, 0,
961 NULL);
962 if (ret < 0)
963 sdata_err(sdata, "Failed sending TDLS teardown packet %d\n",
964 ret);
965
966 /*
967 * Remove the STA AUTH flag to force further traffic through the AP. If
968 * the STA was unreachable, it was already removed.
969 */
970 rcu_read_lock();
971 sta = sta_info_get(sdata, peer);
972 if (sta)
973 clear_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH);
974 rcu_read_unlock();
975
976 ieee80211_wake_vif_queues(local, sdata,
977 IEEE80211_QUEUE_STOP_REASON_TDLS_TEARDOWN);
978
979 return 0;
980 }
981
982 int ieee80211_tdls_mgmt(struct wiphy *wiphy, struct net_device *dev,
983 const u8 *peer, u8 action_code, u8 dialog_token,
984 u16 status_code, u32 peer_capability,
985 bool initiator, const u8 *extra_ies,
986 size_t extra_ies_len)
987 {
988 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
989 int ret;
990
991 if (!(wiphy->flags & WIPHY_FLAG_SUPPORTS_TDLS))
992 return -ENOTSUPP;
993
994 /* make sure we are in managed mode, and associated */
995 if (sdata->vif.type != NL80211_IFTYPE_STATION ||
996 !sdata->u.mgd.associated)
997 return -EINVAL;
998
999 switch (action_code) {
1000 case WLAN_TDLS_SETUP_REQUEST:
1001 case WLAN_TDLS_SETUP_RESPONSE:
1002 ret = ieee80211_tdls_mgmt_setup(wiphy, dev, peer, action_code,
1003 dialog_token, status_code,
1004 peer_capability, initiator,
1005 extra_ies, extra_ies_len);
1006 break;
1007 case WLAN_TDLS_TEARDOWN:
1008 ret = ieee80211_tdls_mgmt_teardown(wiphy, dev, peer,
1009 action_code, dialog_token,
1010 status_code,
1011 peer_capability, initiator,
1012 extra_ies, extra_ies_len);
1013 break;
1014 case WLAN_TDLS_DISCOVERY_REQUEST:
1015 /*
1016 * Protect the discovery so we can hear the TDLS discovery
1017 * response frame. It is transmitted directly and not buffered
1018 * by the AP.
1019 */
1020 drv_mgd_protect_tdls_discover(sdata->local, sdata);
1021 /* fall-through */
1022 case WLAN_TDLS_SETUP_CONFIRM:
1023 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES:
1024 /* no special handling */
1025 ret = ieee80211_tdls_prep_mgmt_packet(wiphy, dev, peer,
1026 action_code,
1027 dialog_token,
1028 status_code,
1029 peer_capability,
1030 initiator, extra_ies,
1031 extra_ies_len, 0, NULL);
1032 break;
1033 default:
1034 ret = -EOPNOTSUPP;
1035 break;
1036 }
1037
1038 tdls_dbg(sdata, "TDLS mgmt action %d peer %pM status %d\n",
1039 action_code, peer, ret);
1040 return ret;
1041 }
1042
1043 int ieee80211_tdls_oper(struct wiphy *wiphy, struct net_device *dev,
1044 const u8 *peer, enum nl80211_tdls_operation oper)
1045 {
1046 struct sta_info *sta;
1047 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1048 struct ieee80211_local *local = sdata->local;
1049 int ret;
1050
1051 if (!(wiphy->flags & WIPHY_FLAG_SUPPORTS_TDLS))
1052 return -ENOTSUPP;
1053
1054 if (sdata->vif.type != NL80211_IFTYPE_STATION)
1055 return -EINVAL;
1056
1057 switch (oper) {
1058 case NL80211_TDLS_ENABLE_LINK:
1059 case NL80211_TDLS_DISABLE_LINK:
1060 break;
1061 case NL80211_TDLS_TEARDOWN:
1062 case NL80211_TDLS_SETUP:
1063 case NL80211_TDLS_DISCOVERY_REQ:
1064 /* We don't support in-driver setup/teardown/discovery */
1065 return -ENOTSUPP;
1066 }
1067
1068 mutex_lock(&local->mtx);
1069 tdls_dbg(sdata, "TDLS oper %d peer %pM\n", oper, peer);
1070
1071 switch (oper) {
1072 case NL80211_TDLS_ENABLE_LINK:
1073 rcu_read_lock();
1074 sta = sta_info_get(sdata, peer);
1075 if (!sta) {
1076 rcu_read_unlock();
1077 ret = -ENOLINK;
1078 break;
1079 }
1080
1081 set_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH);
1082 rcu_read_unlock();
1083
1084 WARN_ON_ONCE(is_zero_ether_addr(sdata->u.mgd.tdls_peer) ||
1085 !ether_addr_equal(sdata->u.mgd.tdls_peer, peer));
1086 ret = 0;
1087 break;
1088 case NL80211_TDLS_DISABLE_LINK:
1089 /*
1090 * The teardown message in ieee80211_tdls_mgmt_teardown() was
1091 * created while the queues were stopped, so it might still be
1092 * pending. Before flushing the queues we need to be sure the
1093 * message is handled by the tasklet handling pending messages,
1094 * otherwise we might start destroying the station before
1095 * sending the teardown packet.
1096 * Note that this only forces the tasklet to flush pendings -
1097 * not to stop the tasklet from rescheduling itself.
1098 */
1099 tasklet_kill(&local->tx_pending_tasklet);
1100 /* flush a potentially queued teardown packet */
1101 ieee80211_flush_queues(local, sdata);
1102
1103 ret = sta_info_destroy_addr(sdata, peer);
1104 break;
1105 default:
1106 ret = -ENOTSUPP;
1107 break;
1108 }
1109
1110 if (ret == 0 && ether_addr_equal(sdata->u.mgd.tdls_peer, peer)) {
1111 cancel_delayed_work(&sdata->u.mgd.tdls_peer_del_work);
1112 eth_zero_addr(sdata->u.mgd.tdls_peer);
1113 }
1114
1115 mutex_unlock(&local->mtx);
1116 return ret;
1117 }
1118
1119 void ieee80211_tdls_oper_request(struct ieee80211_vif *vif, const u8 *peer,
1120 enum nl80211_tdls_operation oper,
1121 u16 reason_code, gfp_t gfp)
1122 {
1123 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1124
1125 if (vif->type != NL80211_IFTYPE_STATION || !vif->bss_conf.assoc) {
1126 sdata_err(sdata, "Discarding TDLS oper %d - not STA or disconnected\n",
1127 oper);
1128 return;
1129 }
1130
1131 cfg80211_tdls_oper_request(sdata->dev, peer, oper, reason_code, gfp);
1132 }
1133 EXPORT_SYMBOL(ieee80211_tdls_oper_request);
1134
1135 static void
1136 iee80211_tdls_add_ch_switch_timing(u8 *buf, u16 switch_time, u16 switch_timeout)
1137 {
1138 struct ieee80211_ch_switch_timing *ch_sw;
1139
1140 *buf++ = WLAN_EID_CHAN_SWITCH_TIMING;
1141 *buf++ = sizeof(struct ieee80211_ch_switch_timing);
1142
1143 ch_sw = (void *)buf;
1144 ch_sw->switch_time = cpu_to_le16(switch_time);
1145 ch_sw->switch_timeout = cpu_to_le16(switch_timeout);
1146 }
1147
1148 /* find switch timing IE in SKB ready for Tx */
1149 static const u8 *ieee80211_tdls_find_sw_timing_ie(struct sk_buff *skb)
1150 {
1151 struct ieee80211_tdls_data *tf;
1152 const u8 *ie_start;
1153
1154 /*
1155 * Get the offset for the new location of the switch timing IE.
1156 * The SKB network header will now point to the "payload_type"
1157 * element of the TDLS data frame struct.
1158 */
1159 tf = container_of(skb->data + skb_network_offset(skb),
1160 struct ieee80211_tdls_data, payload_type);
1161 ie_start = tf->u.chan_switch_req.variable;
1162 return cfg80211_find_ie(WLAN_EID_CHAN_SWITCH_TIMING, ie_start,
1163 skb->len - (ie_start - skb->data));
1164 }
1165
1166 static struct sk_buff *
1167 ieee80211_tdls_ch_sw_tmpl_get(struct sta_info *sta, u8 oper_class,
1168 struct cfg80211_chan_def *chandef,
1169 u32 *ch_sw_tm_ie_offset)
1170 {
1171 struct ieee80211_sub_if_data *sdata = sta->sdata;
1172 u8 extra_ies[2 + sizeof(struct ieee80211_sec_chan_offs_ie) +
1173 2 + sizeof(struct ieee80211_ch_switch_timing)];
1174 int extra_ies_len = 2 + sizeof(struct ieee80211_ch_switch_timing);
1175 u8 *pos = extra_ies;
1176 struct sk_buff *skb;
1177
1178 /*
1179 * if chandef points to a wide channel add a Secondary-Channel
1180 * Offset information element
1181 */
1182 if (chandef->width == NL80211_CHAN_WIDTH_40) {
1183 struct ieee80211_sec_chan_offs_ie *sec_chan_ie;
1184 bool ht40plus;
1185
1186 *pos++ = WLAN_EID_SECONDARY_CHANNEL_OFFSET;
1187 *pos++ = sizeof(*sec_chan_ie);
1188 sec_chan_ie = (void *)pos;
1189
1190 ht40plus = cfg80211_get_chandef_type(chandef) ==
1191 NL80211_CHAN_HT40PLUS;
1192 sec_chan_ie->sec_chan_offs = ht40plus ?
1193 IEEE80211_HT_PARAM_CHA_SEC_ABOVE :
1194 IEEE80211_HT_PARAM_CHA_SEC_BELOW;
1195 pos += sizeof(*sec_chan_ie);
1196
1197 extra_ies_len += 2 + sizeof(struct ieee80211_sec_chan_offs_ie);
1198 }
1199
1200 /* just set the values to 0, this is a template */
1201 iee80211_tdls_add_ch_switch_timing(pos, 0, 0);
1202
1203 skb = ieee80211_tdls_build_mgmt_packet_data(sdata, sta->sta.addr,
1204 WLAN_TDLS_CHANNEL_SWITCH_REQUEST,
1205 0, 0, !sta->sta.tdls_initiator,
1206 extra_ies, extra_ies_len,
1207 oper_class, chandef);
1208 if (!skb)
1209 return NULL;
1210
1211 skb = ieee80211_build_data_template(sdata, skb, 0);
1212 if (IS_ERR(skb)) {
1213 tdls_dbg(sdata, "Failed building TDLS channel switch frame\n");
1214 return NULL;
1215 }
1216
1217 if (ch_sw_tm_ie_offset) {
1218 const u8 *tm_ie = ieee80211_tdls_find_sw_timing_ie(skb);
1219
1220 if (!tm_ie) {
1221 tdls_dbg(sdata, "No switch timing IE in TDLS switch\n");
1222 dev_kfree_skb_any(skb);
1223 return NULL;
1224 }
1225
1226 *ch_sw_tm_ie_offset = tm_ie - skb->data;
1227 }
1228
1229 tdls_dbg(sdata,
1230 "TDLS channel switch request template for %pM ch %d width %d\n",
1231 sta->sta.addr, chandef->chan->center_freq, chandef->width);
1232 return skb;
1233 }
1234
1235 int
1236 ieee80211_tdls_channel_switch(struct wiphy *wiphy, struct net_device *dev,
1237 const u8 *addr, u8 oper_class,
1238 struct cfg80211_chan_def *chandef)
1239 {
1240 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1241 struct ieee80211_local *local = sdata->local;
1242 struct sta_info *sta;
1243 struct sk_buff *skb = NULL;
1244 u32 ch_sw_tm_ie;
1245 int ret;
1246
1247 mutex_lock(&local->sta_mtx);
1248 sta = sta_info_get(sdata, addr);
1249 if (!sta) {
1250 tdls_dbg(sdata,
1251 "Invalid TDLS peer %pM for channel switch request\n",
1252 addr);
1253 ret = -ENOENT;
1254 goto out;
1255 }
1256
1257 if (!test_sta_flag(sta, WLAN_STA_TDLS_CHAN_SWITCH)) {
1258 tdls_dbg(sdata, "TDLS channel switch unsupported by %pM\n",
1259 addr);
1260 ret = -ENOTSUPP;
1261 goto out;
1262 }
1263
1264 skb = ieee80211_tdls_ch_sw_tmpl_get(sta, oper_class, chandef,
1265 &ch_sw_tm_ie);
1266 if (!skb) {
1267 ret = -ENOENT;
1268 goto out;
1269 }
1270
1271 ret = drv_tdls_channel_switch(local, sdata, &sta->sta, oper_class,
1272 chandef, skb, ch_sw_tm_ie);
1273 if (!ret)
1274 set_sta_flag(sta, WLAN_STA_TDLS_OFF_CHANNEL);
1275
1276 out:
1277 mutex_unlock(&local->sta_mtx);
1278 dev_kfree_skb_any(skb);
1279 return ret;
1280 }
1281
1282 void
1283 ieee80211_tdls_cancel_channel_switch(struct wiphy *wiphy,
1284 struct net_device *dev,
1285 const u8 *addr)
1286 {
1287 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1288 struct ieee80211_local *local = sdata->local;
1289 struct sta_info *sta;
1290
1291 mutex_lock(&local->sta_mtx);
1292 sta = sta_info_get(sdata, addr);
1293 if (!sta) {
1294 tdls_dbg(sdata,
1295 "Invalid TDLS peer %pM for channel switch cancel\n",
1296 addr);
1297 goto out;
1298 }
1299
1300 if (!test_sta_flag(sta, WLAN_STA_TDLS_OFF_CHANNEL)) {
1301 tdls_dbg(sdata, "TDLS channel switch not initiated by %pM\n",
1302 addr);
1303 goto out;
1304 }
1305
1306 drv_tdls_cancel_channel_switch(local, sdata, &sta->sta);
1307 clear_sta_flag(sta, WLAN_STA_TDLS_OFF_CHANNEL);
1308
1309 out:
1310 mutex_unlock(&local->sta_mtx);
1311 }
1312
1313 static struct sk_buff *
1314 ieee80211_tdls_ch_sw_resp_tmpl_get(struct sta_info *sta,
1315 u32 *ch_sw_tm_ie_offset)
1316 {
1317 struct ieee80211_sub_if_data *sdata = sta->sdata;
1318 struct sk_buff *skb;
1319 u8 extra_ies[2 + sizeof(struct ieee80211_ch_switch_timing)];
1320
1321 /* initial timing are always zero in the template */
1322 iee80211_tdls_add_ch_switch_timing(extra_ies, 0, 0);
1323
1324 skb = ieee80211_tdls_build_mgmt_packet_data(sdata, sta->sta.addr,
1325 WLAN_TDLS_CHANNEL_SWITCH_RESPONSE,
1326 0, 0, !sta->sta.tdls_initiator,
1327 extra_ies, sizeof(extra_ies), 0, NULL);
1328 if (!skb)
1329 return NULL;
1330
1331 skb = ieee80211_build_data_template(sdata, skb, 0);
1332 if (IS_ERR(skb)) {
1333 tdls_dbg(sdata,
1334 "Failed building TDLS channel switch resp frame\n");
1335 return NULL;
1336 }
1337
1338 if (ch_sw_tm_ie_offset) {
1339 const u8 *tm_ie = ieee80211_tdls_find_sw_timing_ie(skb);
1340
1341 if (!tm_ie) {
1342 tdls_dbg(sdata,
1343 "No switch timing IE in TDLS switch resp\n");
1344 dev_kfree_skb_any(skb);
1345 return NULL;
1346 }
1347
1348 *ch_sw_tm_ie_offset = tm_ie - skb->data;
1349 }
1350
1351 tdls_dbg(sdata, "TDLS get channel switch response template for %pM\n",
1352 sta->sta.addr);
1353 return skb;
1354 }
1355
1356 static int
1357 ieee80211_process_tdls_channel_switch_resp(struct ieee80211_sub_if_data *sdata,
1358 struct sk_buff *skb)
1359 {
1360 struct ieee80211_local *local = sdata->local;
1361 struct ieee802_11_elems elems;
1362 struct sta_info *sta;
1363 struct ieee80211_tdls_data *tf = (void *)skb->data;
1364 bool local_initiator;
1365 struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb);
1366 int baselen = offsetof(typeof(*tf), u.chan_switch_resp.variable);
1367 struct ieee80211_tdls_ch_sw_params params = {};
1368 int ret;
1369
1370 params.action_code = WLAN_TDLS_CHANNEL_SWITCH_RESPONSE;
1371 params.timestamp = rx_status->device_timestamp;
1372
1373 if (skb->len < baselen) {
1374 tdls_dbg(sdata, "TDLS channel switch resp too short: %d\n",
1375 skb->len);
1376 return -EINVAL;
1377 }
1378
1379 mutex_lock(&local->sta_mtx);
1380 sta = sta_info_get(sdata, tf->sa);
1381 if (!sta || !test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH)) {
1382 tdls_dbg(sdata, "TDLS chan switch from non-peer sta %pM\n",
1383 tf->sa);
1384 ret = -EINVAL;
1385 goto out;
1386 }
1387
1388 params.sta = &sta->sta;
1389 params.status = le16_to_cpu(tf->u.chan_switch_resp.status_code);
1390 if (params.status != 0) {
1391 ret = 0;
1392 goto call_drv;
1393 }
1394
1395 ieee802_11_parse_elems(tf->u.chan_switch_resp.variable,
1396 skb->len - baselen, false, &elems);
1397 if (elems.parse_error) {
1398 tdls_dbg(sdata, "Invalid IEs in TDLS channel switch resp\n");
1399 ret = -EINVAL;
1400 goto out;
1401 }
1402
1403 if (!elems.ch_sw_timing || !elems.lnk_id) {
1404 tdls_dbg(sdata, "TDLS channel switch resp - missing IEs\n");
1405 ret = -EINVAL;
1406 goto out;
1407 }
1408
1409 /* validate the initiator is set correctly */
1410 local_initiator =
1411 !memcmp(elems.lnk_id->init_sta, sdata->vif.addr, ETH_ALEN);
1412 if (local_initiator == sta->sta.tdls_initiator) {
1413 tdls_dbg(sdata, "TDLS chan switch invalid lnk-id initiator\n");
1414 ret = -EINVAL;
1415 goto out;
1416 }
1417
1418 params.switch_time = le16_to_cpu(elems.ch_sw_timing->switch_time);
1419 params.switch_timeout = le16_to_cpu(elems.ch_sw_timing->switch_timeout);
1420
1421 params.tmpl_skb =
1422 ieee80211_tdls_ch_sw_resp_tmpl_get(sta, &params.ch_sw_tm_ie);
1423 if (!params.tmpl_skb) {
1424 ret = -ENOENT;
1425 goto out;
1426 }
1427
1428 call_drv:
1429 drv_tdls_recv_channel_switch(sdata->local, sdata, &params);
1430
1431 tdls_dbg(sdata,
1432 "TDLS channel switch response received from %pM status %d\n",
1433 tf->sa, params.status);
1434
1435 out:
1436 mutex_unlock(&local->sta_mtx);
1437 dev_kfree_skb_any(params.tmpl_skb);
1438 return ret;
1439 }
1440
1441 static int
1442 ieee80211_process_tdls_channel_switch_req(struct ieee80211_sub_if_data *sdata,
1443 struct sk_buff *skb)
1444 {
1445 struct ieee80211_local *local = sdata->local;
1446 struct ieee802_11_elems elems;
1447 struct cfg80211_chan_def chandef;
1448 struct ieee80211_channel *chan;
1449 enum nl80211_channel_type chan_type;
1450 int freq;
1451 u8 target_channel, oper_class;
1452 bool local_initiator;
1453 struct sta_info *sta;
1454 enum ieee80211_band band;
1455 struct ieee80211_tdls_data *tf = (void *)skb->data;
1456 struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb);
1457 int baselen = offsetof(typeof(*tf), u.chan_switch_req.variable);
1458 struct ieee80211_tdls_ch_sw_params params = {};
1459 int ret = 0;
1460
1461 params.action_code = WLAN_TDLS_CHANNEL_SWITCH_REQUEST;
1462 params.timestamp = rx_status->device_timestamp;
1463
1464 if (skb->len < baselen) {
1465 tdls_dbg(sdata, "TDLS channel switch req too short: %d\n",
1466 skb->len);
1467 return -EINVAL;
1468 }
1469
1470 target_channel = tf->u.chan_switch_req.target_channel;
1471 oper_class = tf->u.chan_switch_req.oper_class;
1472
1473 /*
1474 * We can't easily infer the channel band. The operating class is
1475 * ambiguous - there are multiple tables (US/Europe/JP/Global). The
1476 * solution here is to treat channels with number >14 as 5GHz ones,
1477 * and specifically check for the (oper_class, channel) combinations
1478 * where this doesn't hold. These are thankfully unique according to
1479 * IEEE802.11-2012.
1480 * We consider only the 2GHz and 5GHz bands and 20MHz+ channels as
1481 * valid here.
1482 */
1483 if ((oper_class == 112 || oper_class == 2 || oper_class == 3 ||
1484 oper_class == 4 || oper_class == 5 || oper_class == 6) &&
1485 target_channel < 14)
1486 band = IEEE80211_BAND_5GHZ;
1487 else
1488 band = target_channel < 14 ? IEEE80211_BAND_2GHZ :
1489 IEEE80211_BAND_5GHZ;
1490
1491 freq = ieee80211_channel_to_frequency(target_channel, band);
1492 if (freq == 0) {
1493 tdls_dbg(sdata, "Invalid channel in TDLS chan switch: %d\n",
1494 target_channel);
1495 return -EINVAL;
1496 }
1497
1498 chan = ieee80211_get_channel(sdata->local->hw.wiphy, freq);
1499 if (!chan) {
1500 tdls_dbg(sdata,
1501 "Unsupported channel for TDLS chan switch: %d\n",
1502 target_channel);
1503 return -EINVAL;
1504 }
1505
1506 ieee802_11_parse_elems(tf->u.chan_switch_req.variable,
1507 skb->len - baselen, false, &elems);
1508 if (elems.parse_error) {
1509 tdls_dbg(sdata, "Invalid IEs in TDLS channel switch req\n");
1510 return -EINVAL;
1511 }
1512
1513 if (!elems.ch_sw_timing || !elems.lnk_id) {
1514 tdls_dbg(sdata, "TDLS channel switch req - missing IEs\n");
1515 return -EINVAL;
1516 }
1517
1518 mutex_lock(&local->sta_mtx);
1519 sta = sta_info_get(sdata, tf->sa);
1520 if (!sta || !test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH)) {
1521 tdls_dbg(sdata, "TDLS chan switch from non-peer sta %pM\n",
1522 tf->sa);
1523 ret = -EINVAL;
1524 goto out;
1525 }
1526
1527 params.sta = &sta->sta;
1528
1529 /* validate the initiator is set correctly */
1530 local_initiator =
1531 !memcmp(elems.lnk_id->init_sta, sdata->vif.addr, ETH_ALEN);
1532 if (local_initiator == sta->sta.tdls_initiator) {
1533 tdls_dbg(sdata, "TDLS chan switch invalid lnk-id initiator\n");
1534 ret = -EINVAL;
1535 goto out;
1536 }
1537
1538 if (!sta->sta.ht_cap.ht_supported) {
1539 chan_type = NL80211_CHAN_NO_HT;
1540 } else if (!elems.sec_chan_offs) {
1541 chan_type = NL80211_CHAN_HT20;
1542 } else {
1543 switch (elems.sec_chan_offs->sec_chan_offs) {
1544 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
1545 chan_type = NL80211_CHAN_HT40PLUS;
1546 break;
1547 case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
1548 chan_type = NL80211_CHAN_HT40MINUS;
1549 break;
1550 default:
1551 chan_type = NL80211_CHAN_HT20;
1552 break;
1553 }
1554 }
1555
1556 cfg80211_chandef_create(&chandef, chan, chan_type);
1557 params.chandef = &chandef;
1558
1559 params.switch_time = le16_to_cpu(elems.ch_sw_timing->switch_time);
1560 params.switch_timeout = le16_to_cpu(elems.ch_sw_timing->switch_timeout);
1561
1562 params.tmpl_skb =
1563 ieee80211_tdls_ch_sw_resp_tmpl_get(sta,
1564 &params.ch_sw_tm_ie);
1565 if (!params.tmpl_skb) {
1566 ret = -ENOENT;
1567 goto out;
1568 }
1569
1570 drv_tdls_recv_channel_switch(sdata->local, sdata, &params);
1571
1572 tdls_dbg(sdata,
1573 "TDLS ch switch request received from %pM ch %d width %d\n",
1574 tf->sa, params.chandef->chan->center_freq,
1575 params.chandef->width);
1576 out:
1577 mutex_unlock(&local->sta_mtx);
1578 dev_kfree_skb_any(params.tmpl_skb);
1579 return ret;
1580 }
1581
1582 void ieee80211_process_tdls_channel_switch(struct ieee80211_sub_if_data *sdata,
1583 struct sk_buff *skb)
1584 {
1585 struct ieee80211_tdls_data *tf = (void *)skb->data;
1586 struct wiphy *wiphy = sdata->local->hw.wiphy;
1587
1588 /* make sure the driver supports it */
1589 if (!(wiphy->features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
1590 return;
1591
1592 /* we want to access the entire packet */
1593 if (skb_linearize(skb))
1594 return;
1595 /*
1596 * The packet/size was already validated by mac80211 Rx path, only look
1597 * at the action type.
1598 */
1599 switch (tf->action_code) {
1600 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST:
1601 ieee80211_process_tdls_channel_switch_req(sdata, skb);
1602 break;
1603 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE:
1604 ieee80211_process_tdls_channel_switch_resp(sdata, skb);
1605 break;
1606 default:
1607 WARN_ON_ONCE(1);
1608 return;
1609 }
1610 }
Linux with added FPC-III support