search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge tag 'iommu-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
[linux/fpc-iii.git] / net / mac80211 / tdls.c
blobe01e4daeb8cd3107795940191033a25709162d3c
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * mac80211 TDLS handling code
4 *
5 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net>
6 * Copyright 2014, Intel Corporation
7 * Copyright 2014 Intel Mobile Communications GmbH
8 * Copyright 2015 - 2016 Intel Deutschland GmbH
9 * Copyright (C) 2019 Intel Corporation
10 */
11
12 #include <linux/ieee80211.h>
13 #include <linux/log2.h>
14 #include <net/cfg80211.h>
15 #include <linux/rtnetlink.h>
16 #include "ieee80211_i.h"
17 #include "driver-ops.h"
18 #include "rate.h"
19 #include "wme.h"
20
21 /* give usermode some time for retries in setting up the TDLS session */
22 #define TDLS_PEER_SETUP_TIMEOUT (15 * HZ)
23
24 void ieee80211_tdls_peer_del_work(struct work_struct *wk)
25 {
26 struct ieee80211_sub_if_data *sdata;
27 struct ieee80211_local *local;
28
29 sdata = container_of(wk, struct ieee80211_sub_if_data,
30 u.mgd.tdls_peer_del_work.work);
31 local = sdata->local;
32
33 mutex_lock(&local->mtx);
34 if (!is_zero_ether_addr(sdata->u.mgd.tdls_peer)) {
35 tdls_dbg(sdata, "TDLS del peer %pM\n", sdata->u.mgd.tdls_peer);
36 sta_info_destroy_addr(sdata, sdata->u.mgd.tdls_peer);
37 eth_zero_addr(sdata->u.mgd.tdls_peer);
38 }
39 mutex_unlock(&local->mtx);
40 }
41
42 static void ieee80211_tdls_add_ext_capab(struct ieee80211_sub_if_data *sdata,
43 struct sk_buff *skb)
44 {
45 struct ieee80211_local *local = sdata->local;
46 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
47 bool chan_switch = local->hw.wiphy->features &
48 NL80211_FEATURE_TDLS_CHANNEL_SWITCH;
49 bool wider_band = ieee80211_hw_check(&local->hw, TDLS_WIDER_BW) &&
50 !ifmgd->tdls_wider_bw_prohibited;
51 bool buffer_sta = ieee80211_hw_check(&local->hw,
52 SUPPORTS_TDLS_BUFFER_STA);
53 struct ieee80211_supported_band *sband = ieee80211_get_sband(sdata);
54 bool vht = sband && sband->vht_cap.vht_supported;
55 u8 *pos = skb_put(skb, 10);
56
57 *pos++ = WLAN_EID_EXT_CAPABILITY;
58 *pos++ = 8; /* len */
59 *pos++ = 0x0;
60 *pos++ = 0x0;
61 *pos++ = 0x0;
62 *pos++ = (chan_switch ? WLAN_EXT_CAPA4_TDLS_CHAN_SWITCH : 0) |
63 (buffer_sta ? WLAN_EXT_CAPA4_TDLS_BUFFER_STA : 0);
64 *pos++ = WLAN_EXT_CAPA5_TDLS_ENABLED;
65 *pos++ = 0;
66 *pos++ = 0;
67 *pos++ = (vht && wider_band) ? WLAN_EXT_CAPA8_TDLS_WIDE_BW_ENABLED : 0;
68 }
69
70 static u8
71 ieee80211_tdls_add_subband(struct ieee80211_sub_if_data *sdata,
72 struct sk_buff *skb, u16 start, u16 end,
73 u16 spacing)
74 {
75 u8 subband_cnt = 0, ch_cnt = 0;
76 struct ieee80211_channel *ch;
77 struct cfg80211_chan_def chandef;
78 int i, subband_start;
79 struct wiphy *wiphy = sdata->local->hw.wiphy;
80
81 for (i = start; i <= end; i += spacing) {
82 if (!ch_cnt)
83 subband_start = i;
84
85 ch = ieee80211_get_channel(sdata->local->hw.wiphy, i);
86 if (ch) {
87 /* we will be active on the channel */
88 cfg80211_chandef_create(&chandef, ch,
89 NL80211_CHAN_NO_HT);
90 if (cfg80211_reg_can_beacon_relax(wiphy, &chandef,
91 sdata->wdev.iftype)) {
92 ch_cnt++;
93 /*
94 * check if the next channel is also part of
95 * this allowed range
96 */
97 continue;
98 }
99 }
100
101 /*
102 * we've reached the end of a range, with allowed channels
103 * found
104 */
105 if (ch_cnt) {
106 u8 *pos = skb_put(skb, 2);
107 *pos++ = ieee80211_frequency_to_channel(subband_start);
108 *pos++ = ch_cnt;
109
110 subband_cnt++;
111 ch_cnt = 0;
112 }
113 }
114
115 /* all channels in the requested range are allowed - add them here */
116 if (ch_cnt) {
117 u8 *pos = skb_put(skb, 2);
118 *pos++ = ieee80211_frequency_to_channel(subband_start);
119 *pos++ = ch_cnt;
120
121 subband_cnt++;
122 }
123
124 return subband_cnt;
125 }
126
127 static void
128 ieee80211_tdls_add_supp_channels(struct ieee80211_sub_if_data *sdata,
129 struct sk_buff *skb)
130 {
131 /*
132 * Add possible channels for TDLS. These are channels that are allowed
133 * to be active.
134 */
135 u8 subband_cnt;
136 u8 *pos = skb_put(skb, 2);
137
138 *pos++ = WLAN_EID_SUPPORTED_CHANNELS;
139
140 /*
141 * 5GHz and 2GHz channels numbers can overlap. Ignore this for now, as
142 * this doesn't happen in real world scenarios.
143 */
144
145 /* 2GHz, with 5MHz spacing */
146 subband_cnt = ieee80211_tdls_add_subband(sdata, skb, 2412, 2472, 5);
147
148 /* 5GHz, with 20MHz spacing */
149 subband_cnt += ieee80211_tdls_add_subband(sdata, skb, 5000, 5825, 20);
150
151 /* length */
152 *pos = 2 * subband_cnt;
153 }
154
155 static void ieee80211_tdls_add_oper_classes(struct ieee80211_sub_if_data *sdata,
156 struct sk_buff *skb)
157 {
158 u8 *pos;
159 u8 op_class;
160
161 if (!ieee80211_chandef_to_operating_class(&sdata->vif.bss_conf.chandef,
162 &op_class))
163 return;
164
165 pos = skb_put(skb, 4);
166 *pos++ = WLAN_EID_SUPPORTED_REGULATORY_CLASSES;
167 *pos++ = 2; /* len */
168
169 *pos++ = op_class;
170 *pos++ = op_class; /* give current operating class as alternate too */
171 }
172
173 static void ieee80211_tdls_add_bss_coex_ie(struct sk_buff *skb)
174 {
175 u8 *pos = skb_put(skb, 3);
176
177 *pos++ = WLAN_EID_BSS_COEX_2040;
178 *pos++ = 1; /* len */
179
180 *pos++ = WLAN_BSS_COEX_INFORMATION_REQUEST;
181 }
182
183 static u16 ieee80211_get_tdls_sta_capab(struct ieee80211_sub_if_data *sdata,
184 u16 status_code)
185 {
186 struct ieee80211_supported_band *sband;
187
188 /* The capability will be 0 when sending a failure code */
189 if (status_code != 0)
190 return 0;
191
192 sband = ieee80211_get_sband(sdata);
193 if (sband && sband->band == NL80211_BAND_2GHZ) {
194 return WLAN_CAPABILITY_SHORT_SLOT_TIME |
195 WLAN_CAPABILITY_SHORT_PREAMBLE;
196 }
197
198 return 0;
199 }
200
201 static void ieee80211_tdls_add_link_ie(struct ieee80211_sub_if_data *sdata,
202 struct sk_buff *skb, const u8 *peer,
203 bool initiator)
204 {
205 struct ieee80211_tdls_lnkie *lnkid;
206 const u8 *init_addr, *rsp_addr;
207
208 if (initiator) {
209 init_addr = sdata->vif.addr;
210 rsp_addr = peer;
211 } else {
212 init_addr = peer;
213 rsp_addr = sdata->vif.addr;
214 }
215
216 lnkid = skb_put(skb, sizeof(struct ieee80211_tdls_lnkie));
217
218 lnkid->ie_type = WLAN_EID_LINK_ID;
219 lnkid->ie_len = sizeof(struct ieee80211_tdls_lnkie) - 2;
220
221 memcpy(lnkid->bssid, sdata->u.mgd.bssid, ETH_ALEN);
222 memcpy(lnkid->init_sta, init_addr, ETH_ALEN);
223 memcpy(lnkid->resp_sta, rsp_addr, ETH_ALEN);
224 }
225
226 static void
227 ieee80211_tdls_add_aid(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb)
228 {
229 u8 *pos = skb_put(skb, 4);
230
231 *pos++ = WLAN_EID_AID;
232 *pos++ = 2; /* len */
233 put_unaligned_le16(sdata->vif.bss_conf.aid, pos);
234 }
235
236 /* translate numbering in the WMM parameter IE to the mac80211 notation */
237 static enum ieee80211_ac_numbers ieee80211_ac_from_wmm(int ac)
238 {
239 switch (ac) {
240 default:
241 WARN_ON_ONCE(1);
242 fallthrough;
243 case 0:
244 return IEEE80211_AC_BE;
245 case 1:
246 return IEEE80211_AC_BK;
247 case 2:
248 return IEEE80211_AC_VI;
249 case 3:
250 return IEEE80211_AC_VO;
251 }
252 }
253
254 static u8 ieee80211_wmm_aci_aifsn(int aifsn, bool acm, int aci)
255 {
256 u8 ret;
257
258 ret = aifsn & 0x0f;
259 if (acm)
260 ret |= 0x10;
261 ret |= (aci << 5) & 0x60;
262 return ret;
263 }
264
265 static u8 ieee80211_wmm_ecw(u16 cw_min, u16 cw_max)
266 {
267 return ((ilog2(cw_min + 1) << 0x0) & 0x0f) |
268 ((ilog2(cw_max + 1) << 0x4) & 0xf0);
269 }
270
271 static void ieee80211_tdls_add_wmm_param_ie(struct ieee80211_sub_if_data *sdata,
272 struct sk_buff *skb)
273 {
274 struct ieee80211_wmm_param_ie *wmm;
275 struct ieee80211_tx_queue_params *txq;
276 int i;
277
278 wmm = skb_put_zero(skb, sizeof(*wmm));
279
280 wmm->element_id = WLAN_EID_VENDOR_SPECIFIC;
281 wmm->len = sizeof(*wmm) - 2;
282
283 wmm->oui[0] = 0x00; /* Microsoft OUI 00:50:F2 */
284 wmm->oui[1] = 0x50;
285 wmm->oui[2] = 0xf2;
286 wmm->oui_type = 2; /* WME */
287 wmm->oui_subtype = 1; /* WME param */
288 wmm->version = 1; /* WME ver */
289 wmm->qos_info = 0; /* U-APSD not in use */
290
291 /*
292 * Use the EDCA parameters defined for the BSS, or default if the AP
293 * doesn't support it, as mandated by 802.11-2012 section 10.22.4
294 */
295 for (i = 0; i < IEEE80211_NUM_ACS; i++) {
296 txq = &sdata->tx_conf[ieee80211_ac_from_wmm(i)];
297 wmm->ac[i].aci_aifsn = ieee80211_wmm_aci_aifsn(txq->aifs,
298 txq->acm, i);
299 wmm->ac[i].cw = ieee80211_wmm_ecw(txq->cw_min, txq->cw_max);
300 wmm->ac[i].txop_limit = cpu_to_le16(txq->txop);
301 }
302 }
303
304 static void
305 ieee80211_tdls_chandef_vht_upgrade(struct ieee80211_sub_if_data *sdata,
306 struct sta_info *sta)
307 {
308 /* IEEE802.11ac-2013 Table E-4 */
309 u16 centers_80mhz[] = { 5210, 5290, 5530, 5610, 5690, 5775 };
310 struct cfg80211_chan_def uc = sta->tdls_chandef;
311 enum nl80211_chan_width max_width = ieee80211_sta_cap_chan_bw(sta);
312 int i;
313
314 /* only support upgrading non-narrow channels up to 80Mhz */
315 if (max_width == NL80211_CHAN_WIDTH_5 ||
316 max_width == NL80211_CHAN_WIDTH_10)
317 return;
318
319 if (max_width > NL80211_CHAN_WIDTH_80)
320 max_width = NL80211_CHAN_WIDTH_80;
321
322 if (uc.width >= max_width)
323 return;
324 /*
325 * Channel usage constrains in the IEEE802.11ac-2013 specification only
326 * allow expanding a 20MHz channel to 80MHz in a single way. In
327 * addition, there are no 40MHz allowed channels that are not part of
328 * the allowed 80MHz range in the 5GHz spectrum (the relevant one here).
329 */
330 for (i = 0; i < ARRAY_SIZE(centers_80mhz); i++)
331 if (abs(uc.chan->center_freq - centers_80mhz[i]) <= 30) {
332 uc.center_freq1 = centers_80mhz[i];
333 uc.center_freq2 = 0;
334 uc.width = NL80211_CHAN_WIDTH_80;
335 break;
336 }
337
338 if (!uc.center_freq1)
339 return;
340
341 /* proceed to downgrade the chandef until usable or the same as AP BW */
342 while (uc.width > max_width ||
343 (uc.width > sta->tdls_chandef.width &&
344 !cfg80211_reg_can_beacon_relax(sdata->local->hw.wiphy, &uc,
345 sdata->wdev.iftype)))
346 ieee80211_chandef_downgrade(&uc);
347
348 if (!cfg80211_chandef_identical(&uc, &sta->tdls_chandef)) {
349 tdls_dbg(sdata, "TDLS ch width upgraded %d -> %d\n",
350 sta->tdls_chandef.width, uc.width);
351
352 /*
353 * the station is not yet authorized when BW upgrade is done,
354 * locking is not required
355 */
356 sta->tdls_chandef = uc;
357 }
358 }
359
360 static void
361 ieee80211_tdls_add_setup_start_ies(struct ieee80211_sub_if_data *sdata,
362 struct sk_buff *skb, const u8 *peer,
363 u8 action_code, bool initiator,
364 const u8 *extra_ies, size_t extra_ies_len)
365 {
366 struct ieee80211_supported_band *sband;
367 struct ieee80211_local *local = sdata->local;
368 struct ieee80211_sta_ht_cap ht_cap;
369 struct ieee80211_sta_vht_cap vht_cap;
370 struct sta_info *sta = NULL;
371 size_t offset = 0, noffset;
372 u8 *pos;
373
374 sband = ieee80211_get_sband(sdata);
375 if (!sband)
376 return;
377
378 ieee80211_add_srates_ie(sdata, skb, false, sband->band);
379 ieee80211_add_ext_srates_ie(sdata, skb, false, sband->band);
380 ieee80211_tdls_add_supp_channels(sdata, skb);
381
382 /* add any custom IEs that go before Extended Capabilities */
383 if (extra_ies_len) {
384 static const u8 before_ext_cap[] = {
385 WLAN_EID_SUPP_RATES,
386 WLAN_EID_COUNTRY,
387 WLAN_EID_EXT_SUPP_RATES,
388 WLAN_EID_SUPPORTED_CHANNELS,
389 WLAN_EID_RSN,
390 };
391 noffset = ieee80211_ie_split(extra_ies, extra_ies_len,
392 before_ext_cap,
393 ARRAY_SIZE(before_ext_cap),
394 offset);
395 skb_put_data(skb, extra_ies + offset, noffset - offset);
396 offset = noffset;
397 }
398
399 ieee80211_tdls_add_ext_capab(sdata, skb);
400
401 /* add the QoS element if we support it */
402 if (local->hw.queues >= IEEE80211_NUM_ACS &&
403 action_code != WLAN_PUB_ACTION_TDLS_DISCOVER_RES)
404 ieee80211_add_wmm_info_ie(skb_put(skb, 9), 0); /* no U-APSD */
405
406 /* add any custom IEs that go before HT capabilities */
407 if (extra_ies_len) {
408 static const u8 before_ht_cap[] = {
409 WLAN_EID_SUPP_RATES,
410 WLAN_EID_COUNTRY,
411 WLAN_EID_EXT_SUPP_RATES,
412 WLAN_EID_SUPPORTED_CHANNELS,
413 WLAN_EID_RSN,
414 WLAN_EID_EXT_CAPABILITY,
415 WLAN_EID_QOS_CAPA,
416 WLAN_EID_FAST_BSS_TRANSITION,
417 WLAN_EID_TIMEOUT_INTERVAL,
418 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
419 };
420 noffset = ieee80211_ie_split(extra_ies, extra_ies_len,
421 before_ht_cap,
422 ARRAY_SIZE(before_ht_cap),
423 offset);
424 skb_put_data(skb, extra_ies + offset, noffset - offset);
425 offset = noffset;
426 }
427
428 mutex_lock(&local->sta_mtx);
429
430 /* we should have the peer STA if we're already responding */
431 if (action_code == WLAN_TDLS_SETUP_RESPONSE) {
432 sta = sta_info_get(sdata, peer);
433 if (WARN_ON_ONCE(!sta)) {
434 mutex_unlock(&local->sta_mtx);
435 return;
436 }
437
438 sta->tdls_chandef = sdata->vif.bss_conf.chandef;
439 }
440
441 ieee80211_tdls_add_oper_classes(sdata, skb);
442
443 /*
444 * with TDLS we can switch channels, and HT-caps are not necessarily
445 * the same on all bands. The specification limits the setup to a
446 * single HT-cap, so use the current band for now.
447 */
448 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap));
449
450 if ((action_code == WLAN_TDLS_SETUP_REQUEST ||
451 action_code == WLAN_PUB_ACTION_TDLS_DISCOVER_RES) &&
452 ht_cap.ht_supported) {
453 ieee80211_apply_htcap_overrides(sdata, &ht_cap);
454
455 /* disable SMPS in TDLS initiator */
456 ht_cap.cap |= WLAN_HT_CAP_SM_PS_DISABLED
457 << IEEE80211_HT_CAP_SM_PS_SHIFT;
458
459 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2);
460 ieee80211_ie_build_ht_cap(pos, &ht_cap, ht_cap.cap);
461 } else if (action_code == WLAN_TDLS_SETUP_RESPONSE &&
462 ht_cap.ht_supported && sta->sta.ht_cap.ht_supported) {
463 /* the peer caps are already intersected with our own */
464 memcpy(&ht_cap, &sta->sta.ht_cap, sizeof(ht_cap));
465
466 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2);
467 ieee80211_ie_build_ht_cap(pos, &ht_cap, ht_cap.cap);
468 }
469
470 if (ht_cap.ht_supported &&
471 (ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40))
472 ieee80211_tdls_add_bss_coex_ie(skb);
473
474 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator);
475
476 /* add any custom IEs that go before VHT capabilities */
477 if (extra_ies_len) {
478 static const u8 before_vht_cap[] = {
479 WLAN_EID_SUPP_RATES,
480 WLAN_EID_COUNTRY,
481 WLAN_EID_EXT_SUPP_RATES,
482 WLAN_EID_SUPPORTED_CHANNELS,
483 WLAN_EID_RSN,
484 WLAN_EID_EXT_CAPABILITY,
485 WLAN_EID_QOS_CAPA,
486 WLAN_EID_FAST_BSS_TRANSITION,
487 WLAN_EID_TIMEOUT_INTERVAL,
488 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
489 WLAN_EID_MULTI_BAND,
490 };
491 noffset = ieee80211_ie_split(extra_ies, extra_ies_len,
492 before_vht_cap,
493 ARRAY_SIZE(before_vht_cap),
494 offset);
495 skb_put_data(skb, extra_ies + offset, noffset - offset);
496 offset = noffset;
497 }
498
499 /* build the VHT-cap similarly to the HT-cap */
500 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap));
501 if ((action_code == WLAN_TDLS_SETUP_REQUEST ||
502 action_code == WLAN_PUB_ACTION_TDLS_DISCOVER_RES) &&
503 vht_cap.vht_supported) {
504 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap);
505
506 /* the AID is present only when VHT is implemented */
507 if (action_code == WLAN_TDLS_SETUP_REQUEST)
508 ieee80211_tdls_add_aid(sdata, skb);
509
510 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2);
511 ieee80211_ie_build_vht_cap(pos, &vht_cap, vht_cap.cap);
512 } else if (action_code == WLAN_TDLS_SETUP_RESPONSE &&
513 vht_cap.vht_supported && sta->sta.vht_cap.vht_supported) {
514 /* the peer caps are already intersected with our own */
515 memcpy(&vht_cap, &sta->sta.vht_cap, sizeof(vht_cap));
516
517 /* the AID is present only when VHT is implemented */
518 ieee80211_tdls_add_aid(sdata, skb);
519
520 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2);
521 ieee80211_ie_build_vht_cap(pos, &vht_cap, vht_cap.cap);
522
523 /*
524 * if both peers support WIDER_BW, we can expand the chandef to
525 * a wider compatible one, up to 80MHz
526 */
527 if (test_sta_flag(sta, WLAN_STA_TDLS_WIDER_BW))
528 ieee80211_tdls_chandef_vht_upgrade(sdata, sta);
529 }
530
531 mutex_unlock(&local->sta_mtx);
532
533 /* add any remaining IEs */
534 if (extra_ies_len) {
535 noffset = extra_ies_len;
536 skb_put_data(skb, extra_ies + offset, noffset - offset);
537 }
538
539 }
540
541 static void
542 ieee80211_tdls_add_setup_cfm_ies(struct ieee80211_sub_if_data *sdata,
543 struct sk_buff *skb, const u8 *peer,
544 bool initiator, const u8 *extra_ies,
545 size_t extra_ies_len)
546 {
547 struct ieee80211_local *local = sdata->local;
548 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
549 size_t offset = 0, noffset;
550 struct sta_info *sta, *ap_sta;
551 struct ieee80211_supported_band *sband;
552 u8 *pos;
553
554 sband = ieee80211_get_sband(sdata);
555 if (!sband)
556 return;
557
558 mutex_lock(&local->sta_mtx);
559
560 sta = sta_info_get(sdata, peer);
561 ap_sta = sta_info_get(sdata, ifmgd->bssid);
562 if (WARN_ON_ONCE(!sta || !ap_sta)) {
563 mutex_unlock(&local->sta_mtx);
564 return;
565 }
566
567 sta->tdls_chandef = sdata->vif.bss_conf.chandef;
568
569 /* add any custom IEs that go before the QoS IE */
570 if (extra_ies_len) {
571 static const u8 before_qos[] = {
572 WLAN_EID_RSN,
573 };
574 noffset = ieee80211_ie_split(extra_ies, extra_ies_len,
575 before_qos,
576 ARRAY_SIZE(before_qos),
577 offset);
578 skb_put_data(skb, extra_ies + offset, noffset - offset);
579 offset = noffset;
580 }
581
582 /* add the QoS param IE if both the peer and we support it */
583 if (local->hw.queues >= IEEE80211_NUM_ACS && sta->sta.wme)
584 ieee80211_tdls_add_wmm_param_ie(sdata, skb);
585
586 /* add any custom IEs that go before HT operation */
587 if (extra_ies_len) {
588 static const u8 before_ht_op[] = {
589 WLAN_EID_RSN,
590 WLAN_EID_QOS_CAPA,
591 WLAN_EID_FAST_BSS_TRANSITION,
592 WLAN_EID_TIMEOUT_INTERVAL,
593 };
594 noffset = ieee80211_ie_split(extra_ies, extra_ies_len,
595 before_ht_op,
596 ARRAY_SIZE(before_ht_op),
597 offset);
598 skb_put_data(skb, extra_ies + offset, noffset - offset);
599 offset = noffset;
600 }
601
602 /*
603 * if HT support is only added in TDLS, we need an HT-operation IE.
604 * add the IE as required by IEEE802.11-2012 9.23.3.2.
605 */
606 if (!ap_sta->sta.ht_cap.ht_supported && sta->sta.ht_cap.ht_supported) {
607 u16 prot = IEEE80211_HT_OP_MODE_PROTECTION_NONHT_MIXED |
608 IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT |
609 IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT;
610
611 pos = skb_put(skb, 2 + sizeof(struct ieee80211_ht_operation));
612 ieee80211_ie_build_ht_oper(pos, &sta->sta.ht_cap,
613 &sdata->vif.bss_conf.chandef, prot,
614 true);
615 }
616
617 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator);
618
619 /* only include VHT-operation if not on the 2.4GHz band */
620 if (sband->band != NL80211_BAND_2GHZ &&
621 sta->sta.vht_cap.vht_supported) {
622 /*
623 * if both peers support WIDER_BW, we can expand the chandef to
624 * a wider compatible one, up to 80MHz
625 */
626 if (test_sta_flag(sta, WLAN_STA_TDLS_WIDER_BW))
627 ieee80211_tdls_chandef_vht_upgrade(sdata, sta);
628
629 pos = skb_put(skb, 2 + sizeof(struct ieee80211_vht_operation));
630 ieee80211_ie_build_vht_oper(pos, &sta->sta.vht_cap,
631 &sta->tdls_chandef);
632 }
633
634 mutex_unlock(&local->sta_mtx);
635
636 /* add any remaining IEs */
637 if (extra_ies_len) {
638 noffset = extra_ies_len;
639 skb_put_data(skb, extra_ies + offset, noffset - offset);
640 }
641 }
642
643 static void
644 ieee80211_tdls_add_chan_switch_req_ies(struct ieee80211_sub_if_data *sdata,
645 struct sk_buff *skb, const u8 *peer,
646 bool initiator, const u8 *extra_ies,
647 size_t extra_ies_len, u8 oper_class,
648 struct cfg80211_chan_def *chandef)
649 {
650 struct ieee80211_tdls_data *tf;
651 size_t offset = 0, noffset;
652
653 if (WARN_ON_ONCE(!chandef))
654 return;
655
656 tf = (void *)skb->data;
657 tf->u.chan_switch_req.target_channel =
658 ieee80211_frequency_to_channel(chandef->chan->center_freq);
659 tf->u.chan_switch_req.oper_class = oper_class;
660
661 if (extra_ies_len) {
662 static const u8 before_lnkie[] = {
663 WLAN_EID_SECONDARY_CHANNEL_OFFSET,
664 };
665 noffset = ieee80211_ie_split(extra_ies, extra_ies_len,
666 before_lnkie,
667 ARRAY_SIZE(before_lnkie),
668 offset);
669 skb_put_data(skb, extra_ies + offset, noffset - offset);
670 offset = noffset;
671 }
672
673 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator);
674
675 /* add any remaining IEs */
676 if (extra_ies_len) {
677 noffset = extra_ies_len;
678 skb_put_data(skb, extra_ies + offset, noffset - offset);
679 }
680 }
681
682 static void
683 ieee80211_tdls_add_chan_switch_resp_ies(struct ieee80211_sub_if_data *sdata,
684 struct sk_buff *skb, const u8 *peer,
685 u16 status_code, bool initiator,
686 const u8 *extra_ies,
687 size_t extra_ies_len)
688 {
689 if (status_code == 0)
690 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator);
691
692 if (extra_ies_len)
693 skb_put_data(skb, extra_ies, extra_ies_len);
694 }
695
696 static void ieee80211_tdls_add_ies(struct ieee80211_sub_if_data *sdata,
697 struct sk_buff *skb, const u8 *peer,
698 u8 action_code, u16 status_code,
699 bool initiator, const u8 *extra_ies,
700 size_t extra_ies_len, u8 oper_class,
701 struct cfg80211_chan_def *chandef)
702 {
703 switch (action_code) {
704 case WLAN_TDLS_SETUP_REQUEST:
705 case WLAN_TDLS_SETUP_RESPONSE:
706 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES:
707 if (status_code == 0)
708 ieee80211_tdls_add_setup_start_ies(sdata, skb, peer,
709 action_code,
710 initiator,
711 extra_ies,
712 extra_ies_len);
713 break;
714 case WLAN_TDLS_SETUP_CONFIRM:
715 if (status_code == 0)
716 ieee80211_tdls_add_setup_cfm_ies(sdata, skb, peer,
717 initiator, extra_ies,
718 extra_ies_len);
719 break;
720 case WLAN_TDLS_TEARDOWN:
721 case WLAN_TDLS_DISCOVERY_REQUEST:
722 if (extra_ies_len)
723 skb_put_data(skb, extra_ies, extra_ies_len);
724 if (status_code == 0 || action_code == WLAN_TDLS_TEARDOWN)
725 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator);
726 break;
727 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST:
728 ieee80211_tdls_add_chan_switch_req_ies(sdata, skb, peer,
729 initiator, extra_ies,
730 extra_ies_len,
731 oper_class, chandef);
732 break;
733 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE:
734 ieee80211_tdls_add_chan_switch_resp_ies(sdata, skb, peer,
735 status_code,
736 initiator, extra_ies,
737 extra_ies_len);
738 break;
739 }
740
741 }
742
743 static int
744 ieee80211_prep_tdls_encap_data(struct wiphy *wiphy, struct net_device *dev,
745 const u8 *peer, u8 action_code, u8 dialog_token,
746 u16 status_code, struct sk_buff *skb)
747 {
748 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
749 struct ieee80211_tdls_data *tf;
750
751 tf = skb_put(skb, offsetof(struct ieee80211_tdls_data, u));
752
753 memcpy(tf->da, peer, ETH_ALEN);
754 memcpy(tf->sa, sdata->vif.addr, ETH_ALEN);
755 tf->ether_type = cpu_to_be16(ETH_P_TDLS);
756 tf->payload_type = WLAN_TDLS_SNAP_RFTYPE;
757
758 /* network header is after the ethernet header */
759 skb_set_network_header(skb, ETH_HLEN);
760
761 switch (action_code) {
762 case WLAN_TDLS_SETUP_REQUEST:
763 tf->category = WLAN_CATEGORY_TDLS;
764 tf->action_code = WLAN_TDLS_SETUP_REQUEST;
765
766 skb_put(skb, sizeof(tf->u.setup_req));
767 tf->u.setup_req.dialog_token = dialog_token;
768 tf->u.setup_req.capability =
769 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata,
770 status_code));
771 break;
772 case WLAN_TDLS_SETUP_RESPONSE:
773 tf->category = WLAN_CATEGORY_TDLS;
774 tf->action_code = WLAN_TDLS_SETUP_RESPONSE;
775
776 skb_put(skb, sizeof(tf->u.setup_resp));
777 tf->u.setup_resp.status_code = cpu_to_le16(status_code);
778 tf->u.setup_resp.dialog_token = dialog_token;
779 tf->u.setup_resp.capability =
780 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata,
781 status_code));
782 break;
783 case WLAN_TDLS_SETUP_CONFIRM:
784 tf->category = WLAN_CATEGORY_TDLS;
785 tf->action_code = WLAN_TDLS_SETUP_CONFIRM;
786
787 skb_put(skb, sizeof(tf->u.setup_cfm));
788 tf->u.setup_cfm.status_code = cpu_to_le16(status_code);
789 tf->u.setup_cfm.dialog_token = dialog_token;
790 break;
791 case WLAN_TDLS_TEARDOWN:
792 tf->category = WLAN_CATEGORY_TDLS;
793 tf->action_code = WLAN_TDLS_TEARDOWN;
794
795 skb_put(skb, sizeof(tf->u.teardown));
796 tf->u.teardown.reason_code = cpu_to_le16(status_code);
797 break;
798 case WLAN_TDLS_DISCOVERY_REQUEST:
799 tf->category = WLAN_CATEGORY_TDLS;
800 tf->action_code = WLAN_TDLS_DISCOVERY_REQUEST;
801
802 skb_put(skb, sizeof(tf->u.discover_req));
803 tf->u.discover_req.dialog_token = dialog_token;
804 break;
805 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST:
806 tf->category = WLAN_CATEGORY_TDLS;
807 tf->action_code = WLAN_TDLS_CHANNEL_SWITCH_REQUEST;
808
809 skb_put(skb, sizeof(tf->u.chan_switch_req));
810 break;
811 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE:
812 tf->category = WLAN_CATEGORY_TDLS;
813 tf->action_code = WLAN_TDLS_CHANNEL_SWITCH_RESPONSE;
814
815 skb_put(skb, sizeof(tf->u.chan_switch_resp));
816 tf->u.chan_switch_resp.status_code = cpu_to_le16(status_code);
817 break;
818 default:
819 return -EINVAL;
820 }
821
822 return 0;
823 }
824
825 static int
826 ieee80211_prep_tdls_direct(struct wiphy *wiphy, struct net_device *dev,
827 const u8 *peer, u8 action_code, u8 dialog_token,
828 u16 status_code, struct sk_buff *skb)
829 {
830 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
831 struct ieee80211_mgmt *mgmt;
832
833 mgmt = skb_put_zero(skb, 24);
834 memcpy(mgmt->da, peer, ETH_ALEN);
835 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
836 memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN);
837
838 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
839 IEEE80211_STYPE_ACTION);
840
841 switch (action_code) {
842 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES:
843 skb_put(skb, 1 + sizeof(mgmt->u.action.u.tdls_discover_resp));
844 mgmt->u.action.category = WLAN_CATEGORY_PUBLIC;
845 mgmt->u.action.u.tdls_discover_resp.action_code =
846 WLAN_PUB_ACTION_TDLS_DISCOVER_RES;
847 mgmt->u.action.u.tdls_discover_resp.dialog_token =
848 dialog_token;
849 mgmt->u.action.u.tdls_discover_resp.capability =
850 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata,
851 status_code));
852 break;
853 default:
854 return -EINVAL;
855 }
856
857 return 0;
858 }
859
860 static struct sk_buff *
861 ieee80211_tdls_build_mgmt_packet_data(struct ieee80211_sub_if_data *sdata,
862 const u8 *peer, u8 action_code,
863 u8 dialog_token, u16 status_code,
864 bool initiator, const u8 *extra_ies,
865 size_t extra_ies_len, u8 oper_class,
866 struct cfg80211_chan_def *chandef)
867 {
868 struct ieee80211_local *local = sdata->local;
869 struct sk_buff *skb;
870 int ret;
871
872 skb = netdev_alloc_skb(sdata->dev,
873 local->hw.extra_tx_headroom +
874 max(sizeof(struct ieee80211_mgmt),
875 sizeof(struct ieee80211_tdls_data)) +
876 50 + /* supported rates */
877 10 + /* ext capab */
878 26 + /* max(WMM-info, WMM-param) */
879 2 + max(sizeof(struct ieee80211_ht_cap),
880 sizeof(struct ieee80211_ht_operation)) +
881 2 + max(sizeof(struct ieee80211_vht_cap),
882 sizeof(struct ieee80211_vht_operation)) +
883 50 + /* supported channels */
884 3 + /* 40/20 BSS coex */
885 4 + /* AID */
886 4 + /* oper classes */
887 extra_ies_len +
888 sizeof(struct ieee80211_tdls_lnkie));
889 if (!skb)
890 return NULL;
891
892 skb_reserve(skb, local->hw.extra_tx_headroom);
893
894 switch (action_code) {
895 case WLAN_TDLS_SETUP_REQUEST:
896 case WLAN_TDLS_SETUP_RESPONSE:
897 case WLAN_TDLS_SETUP_CONFIRM:
898 case WLAN_TDLS_TEARDOWN:
899 case WLAN_TDLS_DISCOVERY_REQUEST:
900 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST:
901 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE:
902 ret = ieee80211_prep_tdls_encap_data(local->hw.wiphy,
903 sdata->dev, peer,
904 action_code, dialog_token,
905 status_code, skb);
906 break;
907 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES:
908 ret = ieee80211_prep_tdls_direct(local->hw.wiphy, sdata->dev,
909 peer, action_code,
910 dialog_token, status_code,
911 skb);
912 break;
913 default:
914 ret = -ENOTSUPP;
915 break;
916 }
917
918 if (ret < 0)
919 goto fail;
920
921 ieee80211_tdls_add_ies(sdata, skb, peer, action_code, status_code,
922 initiator, extra_ies, extra_ies_len, oper_class,
923 chandef);
924 return skb;
925
926 fail:
927 dev_kfree_skb(skb);
928 return NULL;
929 }
930
931 static int
932 ieee80211_tdls_prep_mgmt_packet(struct wiphy *wiphy, struct net_device *dev,
933 const u8 *peer, u8 action_code, u8 dialog_token,
934 u16 status_code, u32 peer_capability,
935 bool initiator, const u8 *extra_ies,
936 size_t extra_ies_len, u8 oper_class,
937 struct cfg80211_chan_def *chandef)
938 {
939 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
940 struct sk_buff *skb = NULL;
941 struct sta_info *sta;
942 u32 flags = 0;
943 int ret = 0;
944
945 rcu_read_lock();
946 sta = sta_info_get(sdata, peer);
947
948 /* infer the initiator if we can, to support old userspace */
949 switch (action_code) {
950 case WLAN_TDLS_SETUP_REQUEST:
951 if (sta) {
952 set_sta_flag(sta, WLAN_STA_TDLS_INITIATOR);
953 sta->sta.tdls_initiator = false;
954 }
955 fallthrough;
956 case WLAN_TDLS_SETUP_CONFIRM:
957 case WLAN_TDLS_DISCOVERY_REQUEST:
958 initiator = true;
959 break;
960 case WLAN_TDLS_SETUP_RESPONSE:
961 /*
962 * In some testing scenarios, we send a request and response.
963 * Make the last packet sent take effect for the initiator
964 * value.
965 */
966 if (sta) {
967 clear_sta_flag(sta, WLAN_STA_TDLS_INITIATOR);
968 sta->sta.tdls_initiator = true;
969 }
970 fallthrough;
971 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES:
972 initiator = false;
973 break;
974 case WLAN_TDLS_TEARDOWN:
975 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST:
976 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE:
977 /* any value is ok */
978 break;
979 default:
980 ret = -ENOTSUPP;
981 break;
982 }
983
984 if (sta && test_sta_flag(sta, WLAN_STA_TDLS_INITIATOR))
985 initiator = true;
986
987 rcu_read_unlock();
988 if (ret < 0)
989 goto fail;
990
991 skb = ieee80211_tdls_build_mgmt_packet_data(sdata, peer, action_code,
992 dialog_token, status_code,
993 initiator, extra_ies,
994 extra_ies_len, oper_class,
995 chandef);
996 if (!skb) {
997 ret = -EINVAL;
998 goto fail;
999 }
1000
1001 if (action_code == WLAN_PUB_ACTION_TDLS_DISCOVER_RES) {
1002 ieee80211_tx_skb(sdata, skb);
1003 return 0;
1004 }
1005
1006 /*
1007 * According to 802.11z: Setup req/resp are sent in AC_BK, otherwise
1008 * we should default to AC_VI.
1009 */
1010 switch (action_code) {
1011 case WLAN_TDLS_SETUP_REQUEST:
1012 case WLAN_TDLS_SETUP_RESPONSE:
1013 skb->priority = 256 + 2;
1014 break;
1015 default:
1016 skb->priority = 256 + 5;
1017 break;
1018 }
1019 skb_set_queue_mapping(skb, ieee80211_select_queue(sdata, skb));
1020
1021 /*
1022 * Set the WLAN_TDLS_TEARDOWN flag to indicate a teardown in progress.
1023 * Later, if no ACK is returned from peer, we will re-send the teardown
1024 * packet through the AP.
1025 */
1026 if ((action_code == WLAN_TDLS_TEARDOWN) &&
1027 ieee80211_hw_check(&sdata->local->hw, REPORTS_TX_ACK_STATUS)) {
1028 bool try_resend; /* Should we keep skb for possible resend */
1029
1030 /* If not sending directly to peer - no point in keeping skb */
1031 rcu_read_lock();
1032 sta = sta_info_get(sdata, peer);
1033 try_resend = sta && test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH);
1034 rcu_read_unlock();
1035
1036 spin_lock_bh(&sdata->u.mgd.teardown_lock);
1037 if (try_resend && !sdata->u.mgd.teardown_skb) {
1038 /* Mark it as requiring TX status callback */
1039 flags |= IEEE80211_TX_CTL_REQ_TX_STATUS |
1040 IEEE80211_TX_INTFL_MLME_CONN_TX;
1041
1042 /*
1043 * skb is copied since mac80211 will later set
1044 * properties that might not be the same as the AP,
1045 * such as encryption, QoS, addresses, etc.
1046 *
1047 * No problem if skb_copy() fails, so no need to check.
1048 */
1049 sdata->u.mgd.teardown_skb = skb_copy(skb, GFP_ATOMIC);
1050 sdata->u.mgd.orig_teardown_skb = skb;
1051 }
1052 spin_unlock_bh(&sdata->u.mgd.teardown_lock);
1053 }
1054
1055 /* disable bottom halves when entering the Tx path */
1056 local_bh_disable();
1057 __ieee80211_subif_start_xmit(skb, dev, flags, 0, NULL);
1058 local_bh_enable();
1059
1060 return ret;
1061
1062 fail:
1063 dev_kfree_skb(skb);
1064 return ret;
1065 }
1066
1067 static int
1068 ieee80211_tdls_mgmt_setup(struct wiphy *wiphy, struct net_device *dev,
1069 const u8 *peer, u8 action_code, u8 dialog_token,
1070 u16 status_code, u32 peer_capability, bool initiator,
1071 const u8 *extra_ies, size_t extra_ies_len)
1072 {
1073 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1074 struct ieee80211_local *local = sdata->local;
1075 enum ieee80211_smps_mode smps_mode = sdata->u.mgd.driver_smps_mode;
1076 int ret;
1077
1078 /* don't support setup with forced SMPS mode that's not off */
1079 if (smps_mode != IEEE80211_SMPS_AUTOMATIC &&
1080 smps_mode != IEEE80211_SMPS_OFF) {
1081 tdls_dbg(sdata, "Aborting TDLS setup due to SMPS mode %d\n",
1082 smps_mode);
1083 return -ENOTSUPP;
1084 }
1085
1086 mutex_lock(&local->mtx);
1087
1088 /* we don't support concurrent TDLS peer setups */
1089 if (!is_zero_ether_addr(sdata->u.mgd.tdls_peer) &&
1090 !ether_addr_equal(sdata->u.mgd.tdls_peer, peer)) {
1091 ret = -EBUSY;
1092 goto out_unlock;
1093 }
1094
1095 /*
1096 * make sure we have a STA representing the peer so we drop or buffer
1097 * non-TDLS-setup frames to the peer. We can't send other packets
1098 * during setup through the AP path.
1099 * Allow error packets to be sent - sometimes we don't even add a STA
1100 * before failing the setup.
1101 */
1102 if (status_code == 0) {
1103 rcu_read_lock();
1104 if (!sta_info_get(sdata, peer)) {
1105 rcu_read_unlock();
1106 ret = -ENOLINK;
1107 goto out_unlock;
1108 }
1109 rcu_read_unlock();
1110 }
1111
1112 ieee80211_flush_queues(local, sdata, false);
1113 memcpy(sdata->u.mgd.tdls_peer, peer, ETH_ALEN);
1114 mutex_unlock(&local->mtx);
1115
1116 /* we cannot take the mutex while preparing the setup packet */
1117 ret = ieee80211_tdls_prep_mgmt_packet(wiphy, dev, peer, action_code,
1118 dialog_token, status_code,
1119 peer_capability, initiator,
1120 extra_ies, extra_ies_len, 0,
1121 NULL);
1122 if (ret < 0) {
1123 mutex_lock(&local->mtx);
1124 eth_zero_addr(sdata->u.mgd.tdls_peer);
1125 mutex_unlock(&local->mtx);
1126 return ret;
1127 }
1128
1129 ieee80211_queue_delayed_work(&sdata->local->hw,
1130 &sdata->u.mgd.tdls_peer_del_work,
1131 TDLS_PEER_SETUP_TIMEOUT);
1132 return 0;
1133
1134 out_unlock:
1135 mutex_unlock(&local->mtx);
1136 return ret;
1137 }
1138
1139 static int
1140 ieee80211_tdls_mgmt_teardown(struct wiphy *wiphy, struct net_device *dev,
1141 const u8 *peer, u8 action_code, u8 dialog_token,
1142 u16 status_code, u32 peer_capability,
1143 bool initiator, const u8 *extra_ies,
1144 size_t extra_ies_len)
1145 {
1146 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1147 struct ieee80211_local *local = sdata->local;
1148 struct sta_info *sta;
1149 int ret;
1150
1151 /*
1152 * No packets can be transmitted to the peer via the AP during setup -
1153 * the STA is set as a TDLS peer, but is not authorized.
1154 * During teardown, we prevent direct transmissions by stopping the
1155 * queues and flushing all direct packets.
1156 */
1157 ieee80211_stop_vif_queues(local, sdata,
1158 IEEE80211_QUEUE_STOP_REASON_TDLS_TEARDOWN);
1159 ieee80211_flush_queues(local, sdata, false);
1160
1161 ret = ieee80211_tdls_prep_mgmt_packet(wiphy, dev, peer, action_code,
1162 dialog_token, status_code,
1163 peer_capability, initiator,
1164 extra_ies, extra_ies_len, 0,
1165 NULL);
1166 if (ret < 0)
1167 sdata_err(sdata, "Failed sending TDLS teardown packet %d\n",
1168 ret);
1169
1170 /*
1171 * Remove the STA AUTH flag to force further traffic through the AP. If
1172 * the STA was unreachable, it was already removed.
1173 */
1174 rcu_read_lock();
1175 sta = sta_info_get(sdata, peer);
1176 if (sta)
1177 clear_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH);
1178 rcu_read_unlock();
1179
1180 ieee80211_wake_vif_queues(local, sdata,
1181 IEEE80211_QUEUE_STOP_REASON_TDLS_TEARDOWN);
1182
1183 return 0;
1184 }
1185
1186 int ieee80211_tdls_mgmt(struct wiphy *wiphy, struct net_device *dev,
1187 const u8 *peer, u8 action_code, u8 dialog_token,
1188 u16 status_code, u32 peer_capability,
1189 bool initiator, const u8 *extra_ies,
1190 size_t extra_ies_len)
1191 {
1192 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1193 int ret;
1194
1195 if (!(wiphy->flags & WIPHY_FLAG_SUPPORTS_TDLS))
1196 return -ENOTSUPP;
1197
1198 /* make sure we are in managed mode, and associated */
1199 if (sdata->vif.type != NL80211_IFTYPE_STATION ||
1200 !sdata->u.mgd.associated)
1201 return -EINVAL;
1202
1203 switch (action_code) {
1204 case WLAN_TDLS_SETUP_REQUEST:
1205 case WLAN_TDLS_SETUP_RESPONSE:
1206 ret = ieee80211_tdls_mgmt_setup(wiphy, dev, peer, action_code,
1207 dialog_token, status_code,
1208 peer_capability, initiator,
1209 extra_ies, extra_ies_len);
1210 break;
1211 case WLAN_TDLS_TEARDOWN:
1212 ret = ieee80211_tdls_mgmt_teardown(wiphy, dev, peer,
1213 action_code, dialog_token,
1214 status_code,
1215 peer_capability, initiator,
1216 extra_ies, extra_ies_len);
1217 break;
1218 case WLAN_TDLS_DISCOVERY_REQUEST:
1219 /*
1220 * Protect the discovery so we can hear the TDLS discovery
1221 * response frame. It is transmitted directly and not buffered
1222 * by the AP.
1223 */
1224 drv_mgd_protect_tdls_discover(sdata->local, sdata);
1225 fallthrough;
1226 case WLAN_TDLS_SETUP_CONFIRM:
1227 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES:
1228 /* no special handling */
1229 ret = ieee80211_tdls_prep_mgmt_packet(wiphy, dev, peer,
1230 action_code,
1231 dialog_token,
1232 status_code,
1233 peer_capability,
1234 initiator, extra_ies,
1235 extra_ies_len, 0, NULL);
1236 break;
1237 default:
1238 ret = -EOPNOTSUPP;
1239 break;
1240 }
1241
1242 tdls_dbg(sdata, "TDLS mgmt action %d peer %pM status %d\n",
1243 action_code, peer, ret);
1244 return ret;
1245 }
1246
1247 static void iee80211_tdls_recalc_chanctx(struct ieee80211_sub_if_data *sdata,
1248 struct sta_info *sta)
1249 {
1250 struct ieee80211_local *local = sdata->local;
1251 struct ieee80211_chanctx_conf *conf;
1252 struct ieee80211_chanctx *ctx;
1253 enum nl80211_chan_width width;
1254 struct ieee80211_supported_band *sband;
1255
1256 mutex_lock(&local->chanctx_mtx);
1257 conf = rcu_dereference_protected(sdata->vif.chanctx_conf,
1258 lockdep_is_held(&local->chanctx_mtx));
1259 if (conf) {
1260 width = conf->def.width;
1261 sband = local->hw.wiphy->bands[conf->def.chan->band];
1262 ctx = container_of(conf, struct ieee80211_chanctx, conf);
1263 ieee80211_recalc_chanctx_chantype(local, ctx);
1264
1265 /* if width changed and a peer is given, update its BW */
1266 if (width != conf->def.width && sta &&
1267 test_sta_flag(sta, WLAN_STA_TDLS_WIDER_BW)) {
1268 enum ieee80211_sta_rx_bandwidth bw;
1269
1270 bw = ieee80211_chan_width_to_rx_bw(conf->def.width);
1271 bw = min(bw, ieee80211_sta_cap_rx_bw(sta));
1272 if (bw != sta->sta.bandwidth) {
1273 sta->sta.bandwidth = bw;
1274 rate_control_rate_update(local, sband, sta,
1275 IEEE80211_RC_BW_CHANGED);
1276 /*
1277 * if a TDLS peer BW was updated, we need to
1278 * recalc the chandef width again, to get the
1279 * correct chanctx min_def
1280 */
1281 ieee80211_recalc_chanctx_chantype(local, ctx);
1282 }
1283 }
1284
1285 }
1286 mutex_unlock(&local->chanctx_mtx);
1287 }
1288
1289 static int iee80211_tdls_have_ht_peers(struct ieee80211_sub_if_data *sdata)
1290 {
1291 struct sta_info *sta;
1292 bool result = false;
1293
1294 rcu_read_lock();
1295 list_for_each_entry_rcu(sta, &sdata->local->sta_list, list) {
1296 if (!sta->sta.tdls || sta->sdata != sdata || !sta->uploaded ||
1297 !test_sta_flag(sta, WLAN_STA_AUTHORIZED) ||
1298 !test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH) ||
1299 !sta->sta.ht_cap.ht_supported)
1300 continue;
1301 result = true;
1302 break;
1303 }
1304 rcu_read_unlock();
1305
1306 return result;
1307 }
1308
1309 static void
1310 iee80211_tdls_recalc_ht_protection(struct ieee80211_sub_if_data *sdata,
1311 struct sta_info *sta)
1312 {
1313 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1314 bool tdls_ht;
1315 u16 protection = IEEE80211_HT_OP_MODE_PROTECTION_NONHT_MIXED |
1316 IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT |
1317 IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT;
1318 u16 opmode;
1319
1320 /* Nothing to do if the BSS connection uses HT */
1321 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT))
1322 return;
1323
1324 tdls_ht = (sta && sta->sta.ht_cap.ht_supported) ||
1325 iee80211_tdls_have_ht_peers(sdata);
1326
1327 opmode = sdata->vif.bss_conf.ht_operation_mode;
1328
1329 if (tdls_ht)
1330 opmode |= protection;
1331 else
1332 opmode &= ~protection;
1333
1334 if (opmode == sdata->vif.bss_conf.ht_operation_mode)
1335 return;
1336
1337 sdata->vif.bss_conf.ht_operation_mode = opmode;
1338 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_HT);
1339 }
1340
1341 int ieee80211_tdls_oper(struct wiphy *wiphy, struct net_device *dev,
1342 const u8 *peer, enum nl80211_tdls_operation oper)
1343 {
1344 struct sta_info *sta;
1345 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1346 struct ieee80211_local *local = sdata->local;
1347 int ret;
1348
1349 if (!(wiphy->flags & WIPHY_FLAG_SUPPORTS_TDLS))
1350 return -ENOTSUPP;
1351
1352 if (sdata->vif.type != NL80211_IFTYPE_STATION)
1353 return -EINVAL;
1354
1355 switch (oper) {
1356 case NL80211_TDLS_ENABLE_LINK:
1357 case NL80211_TDLS_DISABLE_LINK:
1358 break;
1359 case NL80211_TDLS_TEARDOWN:
1360 case NL80211_TDLS_SETUP:
1361 case NL80211_TDLS_DISCOVERY_REQ:
1362 /* We don't support in-driver setup/teardown/discovery */
1363 return -ENOTSUPP;
1364 }
1365
1366 /* protect possible bss_conf changes and avoid concurrency in
1367 * ieee80211_bss_info_change_notify()
1368 */
1369 sdata_lock(sdata);
1370 mutex_lock(&local->mtx);
1371 tdls_dbg(sdata, "TDLS oper %d peer %pM\n", oper, peer);
1372
1373 switch (oper) {
1374 case NL80211_TDLS_ENABLE_LINK:
1375 if (sdata->vif.csa_active) {
1376 tdls_dbg(sdata, "TDLS: disallow link during CSA\n");
1377 ret = -EBUSY;
1378 break;
1379 }
1380
1381 mutex_lock(&local->sta_mtx);
1382 sta = sta_info_get(sdata, peer);
1383 if (!sta) {
1384 mutex_unlock(&local->sta_mtx);
1385 ret = -ENOLINK;
1386 break;
1387 }
1388
1389 iee80211_tdls_recalc_chanctx(sdata, sta);
1390 iee80211_tdls_recalc_ht_protection(sdata, sta);
1391
1392 set_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH);
1393 mutex_unlock(&local->sta_mtx);
1394
1395 WARN_ON_ONCE(is_zero_ether_addr(sdata->u.mgd.tdls_peer) ||
1396 !ether_addr_equal(sdata->u.mgd.tdls_peer, peer));
1397 ret = 0;
1398 break;
1399 case NL80211_TDLS_DISABLE_LINK:
1400 /*
1401 * The teardown message in ieee80211_tdls_mgmt_teardown() was
1402 * created while the queues were stopped, so it might still be
1403 * pending. Before flushing the queues we need to be sure the
1404 * message is handled by the tasklet handling pending messages,
1405 * otherwise we might start destroying the station before
1406 * sending the teardown packet.
1407 * Note that this only forces the tasklet to flush pendings -
1408 * not to stop the tasklet from rescheduling itself.
1409 */
1410 tasklet_kill(&local->tx_pending_tasklet);
1411 /* flush a potentially queued teardown packet */
1412 ieee80211_flush_queues(local, sdata, false);
1413
1414 ret = sta_info_destroy_addr(sdata, peer);
1415
1416 mutex_lock(&local->sta_mtx);
1417 iee80211_tdls_recalc_ht_protection(sdata, NULL);
1418 mutex_unlock(&local->sta_mtx);
1419
1420 iee80211_tdls_recalc_chanctx(sdata, NULL);
1421 break;
1422 default:
1423 ret = -ENOTSUPP;
1424 break;
1425 }
1426
1427 if (ret == 0 && ether_addr_equal(sdata->u.mgd.tdls_peer, peer)) {
1428 cancel_delayed_work(&sdata->u.mgd.tdls_peer_del_work);
1429 eth_zero_addr(sdata->u.mgd.tdls_peer);
1430 }
1431
1432 if (ret == 0)
1433 ieee80211_queue_work(&sdata->local->hw,
1434 &sdata->u.mgd.request_smps_work);
1435
1436 mutex_unlock(&local->mtx);
1437 sdata_unlock(sdata);
1438 return ret;
1439 }
1440
1441 void ieee80211_tdls_oper_request(struct ieee80211_vif *vif, const u8 *peer,
1442 enum nl80211_tdls_operation oper,
1443 u16 reason_code, gfp_t gfp)
1444 {
1445 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1446
1447 if (vif->type != NL80211_IFTYPE_STATION || !vif->bss_conf.assoc) {
1448 sdata_err(sdata, "Discarding TDLS oper %d - not STA or disconnected\n",
1449 oper);
1450 return;
1451 }
1452
1453 cfg80211_tdls_oper_request(sdata->dev, peer, oper, reason_code, gfp);
1454 }
1455 EXPORT_SYMBOL(ieee80211_tdls_oper_request);
1456
1457 static void
1458 iee80211_tdls_add_ch_switch_timing(u8 *buf, u16 switch_time, u16 switch_timeout)
1459 {
1460 struct ieee80211_ch_switch_timing *ch_sw;
1461
1462 *buf++ = WLAN_EID_CHAN_SWITCH_TIMING;
1463 *buf++ = sizeof(struct ieee80211_ch_switch_timing);
1464
1465 ch_sw = (void *)buf;
1466 ch_sw->switch_time = cpu_to_le16(switch_time);
1467 ch_sw->switch_timeout = cpu_to_le16(switch_timeout);
1468 }
1469
1470 /* find switch timing IE in SKB ready for Tx */
1471 static const u8 *ieee80211_tdls_find_sw_timing_ie(struct sk_buff *skb)
1472 {
1473 struct ieee80211_tdls_data *tf;
1474 const u8 *ie_start;
1475
1476 /*
1477 * Get the offset for the new location of the switch timing IE.
1478 * The SKB network header will now point to the "payload_type"
1479 * element of the TDLS data frame struct.
1480 */
1481 tf = container_of(skb->data + skb_network_offset(skb),
1482 struct ieee80211_tdls_data, payload_type);
1483 ie_start = tf->u.chan_switch_req.variable;
1484 return cfg80211_find_ie(WLAN_EID_CHAN_SWITCH_TIMING, ie_start,
1485 skb->len - (ie_start - skb->data));
1486 }
1487
1488 static struct sk_buff *
1489 ieee80211_tdls_ch_sw_tmpl_get(struct sta_info *sta, u8 oper_class,
1490 struct cfg80211_chan_def *chandef,
1491 u32 *ch_sw_tm_ie_offset)
1492 {
1493 struct ieee80211_sub_if_data *sdata = sta->sdata;
1494 u8 extra_ies[2 + sizeof(struct ieee80211_sec_chan_offs_ie) +
1495 2 + sizeof(struct ieee80211_ch_switch_timing)];
1496 int extra_ies_len = 2 + sizeof(struct ieee80211_ch_switch_timing);
1497 u8 *pos = extra_ies;
1498 struct sk_buff *skb;
1499
1500 /*
1501 * if chandef points to a wide channel add a Secondary-Channel
1502 * Offset information element
1503 */
1504 if (chandef->width == NL80211_CHAN_WIDTH_40) {
1505 struct ieee80211_sec_chan_offs_ie *sec_chan_ie;
1506 bool ht40plus;
1507
1508 *pos++ = WLAN_EID_SECONDARY_CHANNEL_OFFSET;
1509 *pos++ = sizeof(*sec_chan_ie);
1510 sec_chan_ie = (void *)pos;
1511
1512 ht40plus = cfg80211_get_chandef_type(chandef) ==
1513 NL80211_CHAN_HT40PLUS;
1514 sec_chan_ie->sec_chan_offs = ht40plus ?
1515 IEEE80211_HT_PARAM_CHA_SEC_ABOVE :
1516 IEEE80211_HT_PARAM_CHA_SEC_BELOW;
1517 pos += sizeof(*sec_chan_ie);
1518
1519 extra_ies_len += 2 + sizeof(struct ieee80211_sec_chan_offs_ie);
1520 }
1521
1522 /* just set the values to 0, this is a template */
1523 iee80211_tdls_add_ch_switch_timing(pos, 0, 0);
1524
1525 skb = ieee80211_tdls_build_mgmt_packet_data(sdata, sta->sta.addr,
1526 WLAN_TDLS_CHANNEL_SWITCH_REQUEST,
1527 0, 0, !sta->sta.tdls_initiator,
1528 extra_ies, extra_ies_len,
1529 oper_class, chandef);
1530 if (!skb)
1531 return NULL;
1532
1533 skb = ieee80211_build_data_template(sdata, skb, 0);
1534 if (IS_ERR(skb)) {
1535 tdls_dbg(sdata, "Failed building TDLS channel switch frame\n");
1536 return NULL;
1537 }
1538
1539 if (ch_sw_tm_ie_offset) {
1540 const u8 *tm_ie = ieee80211_tdls_find_sw_timing_ie(skb);
1541
1542 if (!tm_ie) {
1543 tdls_dbg(sdata, "No switch timing IE in TDLS switch\n");
1544 dev_kfree_skb_any(skb);
1545 return NULL;
1546 }
1547
1548 *ch_sw_tm_ie_offset = tm_ie - skb->data;
1549 }
1550
1551 tdls_dbg(sdata,
1552 "TDLS channel switch request template for %pM ch %d width %d\n",
1553 sta->sta.addr, chandef->chan->center_freq, chandef->width);
1554 return skb;
1555 }
1556
1557 int
1558 ieee80211_tdls_channel_switch(struct wiphy *wiphy, struct net_device *dev,
1559 const u8 *addr, u8 oper_class,
1560 struct cfg80211_chan_def *chandef)
1561 {
1562 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1563 struct ieee80211_local *local = sdata->local;
1564 struct sta_info *sta;
1565 struct sk_buff *skb = NULL;
1566 u32 ch_sw_tm_ie;
1567 int ret;
1568
1569 if (chandef->chan->freq_offset)
1570 /* this may work, but is untested */
1571 return -EOPNOTSUPP;
1572
1573 mutex_lock(&local->sta_mtx);
1574 sta = sta_info_get(sdata, addr);
1575 if (!sta) {
1576 tdls_dbg(sdata,
1577 "Invalid TDLS peer %pM for channel switch request\n",
1578 addr);
1579 ret = -ENOENT;
1580 goto out;
1581 }
1582
1583 if (!test_sta_flag(sta, WLAN_STA_TDLS_CHAN_SWITCH)) {
1584 tdls_dbg(sdata, "TDLS channel switch unsupported by %pM\n",
1585 addr);
1586 ret = -ENOTSUPP;
1587 goto out;
1588 }
1589
1590 skb = ieee80211_tdls_ch_sw_tmpl_get(sta, oper_class, chandef,
1591 &ch_sw_tm_ie);
1592 if (!skb) {
1593 ret = -ENOENT;
1594 goto out;
1595 }
1596
1597 ret = drv_tdls_channel_switch(local, sdata, &sta->sta, oper_class,
1598 chandef, skb, ch_sw_tm_ie);
1599 if (!ret)
1600 set_sta_flag(sta, WLAN_STA_TDLS_OFF_CHANNEL);
1601
1602 out:
1603 mutex_unlock(&local->sta_mtx);
1604 dev_kfree_skb_any(skb);
1605 return ret;
1606 }
1607
1608 void
1609 ieee80211_tdls_cancel_channel_switch(struct wiphy *wiphy,
1610 struct net_device *dev,
1611 const u8 *addr)
1612 {
1613 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1614 struct ieee80211_local *local = sdata->local;
1615 struct sta_info *sta;
1616
1617 mutex_lock(&local->sta_mtx);
1618 sta = sta_info_get(sdata, addr);
1619 if (!sta) {
1620 tdls_dbg(sdata,
1621 "Invalid TDLS peer %pM for channel switch cancel\n",
1622 addr);
1623 goto out;
1624 }
1625
1626 if (!test_sta_flag(sta, WLAN_STA_TDLS_OFF_CHANNEL)) {
1627 tdls_dbg(sdata, "TDLS channel switch not initiated by %pM\n",
1628 addr);
1629 goto out;
1630 }
1631
1632 drv_tdls_cancel_channel_switch(local, sdata, &sta->sta);
1633 clear_sta_flag(sta, WLAN_STA_TDLS_OFF_CHANNEL);
1634
1635 out:
1636 mutex_unlock(&local->sta_mtx);
1637 }
1638
1639 static struct sk_buff *
1640 ieee80211_tdls_ch_sw_resp_tmpl_get(struct sta_info *sta,
1641 u32 *ch_sw_tm_ie_offset)
1642 {
1643 struct ieee80211_sub_if_data *sdata = sta->sdata;
1644 struct sk_buff *skb;
1645 u8 extra_ies[2 + sizeof(struct ieee80211_ch_switch_timing)];
1646
1647 /* initial timing are always zero in the template */
1648 iee80211_tdls_add_ch_switch_timing(extra_ies, 0, 0);
1649
1650 skb = ieee80211_tdls_build_mgmt_packet_data(sdata, sta->sta.addr,
1651 WLAN_TDLS_CHANNEL_SWITCH_RESPONSE,
1652 0, 0, !sta->sta.tdls_initiator,
1653 extra_ies, sizeof(extra_ies), 0, NULL);
1654 if (!skb)
1655 return NULL;
1656
1657 skb = ieee80211_build_data_template(sdata, skb, 0);
1658 if (IS_ERR(skb)) {
1659 tdls_dbg(sdata,
1660 "Failed building TDLS channel switch resp frame\n");
1661 return NULL;
1662 }
1663
1664 if (ch_sw_tm_ie_offset) {
1665 const u8 *tm_ie = ieee80211_tdls_find_sw_timing_ie(skb);
1666
1667 if (!tm_ie) {
1668 tdls_dbg(sdata,
1669 "No switch timing IE in TDLS switch resp\n");
1670 dev_kfree_skb_any(skb);
1671 return NULL;
1672 }
1673
1674 *ch_sw_tm_ie_offset = tm_ie - skb->data;
1675 }
1676
1677 tdls_dbg(sdata, "TDLS get channel switch response template for %pM\n",
1678 sta->sta.addr);
1679 return skb;
1680 }
1681
1682 static int
1683 ieee80211_process_tdls_channel_switch_resp(struct ieee80211_sub_if_data *sdata,
1684 struct sk_buff *skb)
1685 {
1686 struct ieee80211_local *local = sdata->local;
1687 struct ieee802_11_elems elems;
1688 struct sta_info *sta;
1689 struct ieee80211_tdls_data *tf = (void *)skb->data;
1690 bool local_initiator;
1691 struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb);
1692 int baselen = offsetof(typeof(*tf), u.chan_switch_resp.variable);
1693 struct ieee80211_tdls_ch_sw_params params = {};
1694 int ret;
1695
1696 params.action_code = WLAN_TDLS_CHANNEL_SWITCH_RESPONSE;
1697 params.timestamp = rx_status->device_timestamp;
1698
1699 if (skb->len < baselen) {
1700 tdls_dbg(sdata, "TDLS channel switch resp too short: %d\n",
1701 skb->len);
1702 return -EINVAL;
1703 }
1704
1705 mutex_lock(&local->sta_mtx);
1706 sta = sta_info_get(sdata, tf->sa);
1707 if (!sta || !test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH)) {
1708 tdls_dbg(sdata, "TDLS chan switch from non-peer sta %pM\n",
1709 tf->sa);
1710 ret = -EINVAL;
1711 goto out;
1712 }
1713
1714 params.sta = &sta->sta;
1715 params.status = le16_to_cpu(tf->u.chan_switch_resp.status_code);
1716 if (params.status != 0) {
1717 ret = 0;
1718 goto call_drv;
1719 }
1720
1721 ieee802_11_parse_elems(tf->u.chan_switch_resp.variable,
1722 skb->len - baselen, false, &elems,
1723 NULL, NULL);
1724 if (elems.parse_error) {
1725 tdls_dbg(sdata, "Invalid IEs in TDLS channel switch resp\n");
1726 ret = -EINVAL;
1727 goto out;
1728 }
1729
1730 if (!elems.ch_sw_timing || !elems.lnk_id) {
1731 tdls_dbg(sdata, "TDLS channel switch resp - missing IEs\n");
1732 ret = -EINVAL;
1733 goto out;
1734 }
1735
1736 /* validate the initiator is set correctly */
1737 local_initiator =
1738 !memcmp(elems.lnk_id->init_sta, sdata->vif.addr, ETH_ALEN);
1739 if (local_initiator == sta->sta.tdls_initiator) {
1740 tdls_dbg(sdata, "TDLS chan switch invalid lnk-id initiator\n");
1741 ret = -EINVAL;
1742 goto out;
1743 }
1744
1745 params.switch_time = le16_to_cpu(elems.ch_sw_timing->switch_time);
1746 params.switch_timeout = le16_to_cpu(elems.ch_sw_timing->switch_timeout);
1747
1748 params.tmpl_skb =
1749 ieee80211_tdls_ch_sw_resp_tmpl_get(sta, &params.ch_sw_tm_ie);
1750 if (!params.tmpl_skb) {
1751 ret = -ENOENT;
1752 goto out;
1753 }
1754
1755 ret = 0;
1756 call_drv:
1757 drv_tdls_recv_channel_switch(sdata->local, sdata, &params);
1758
1759 tdls_dbg(sdata,
1760 "TDLS channel switch response received from %pM status %d\n",
1761 tf->sa, params.status);
1762
1763 out:
1764 mutex_unlock(&local->sta_mtx);
1765 dev_kfree_skb_any(params.tmpl_skb);
1766 return ret;
1767 }
1768
1769 static int
1770 ieee80211_process_tdls_channel_switch_req(struct ieee80211_sub_if_data *sdata,
1771 struct sk_buff *skb)
1772 {
1773 struct ieee80211_local *local = sdata->local;
1774 struct ieee802_11_elems elems;
1775 struct cfg80211_chan_def chandef;
1776 struct ieee80211_channel *chan;
1777 enum nl80211_channel_type chan_type;
1778 int freq;
1779 u8 target_channel, oper_class;
1780 bool local_initiator;
1781 struct sta_info *sta;
1782 enum nl80211_band band;
1783 struct ieee80211_tdls_data *tf = (void *)skb->data;
1784 struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb);
1785 int baselen = offsetof(typeof(*tf), u.chan_switch_req.variable);
1786 struct ieee80211_tdls_ch_sw_params params = {};
1787 int ret = 0;
1788
1789 params.action_code = WLAN_TDLS_CHANNEL_SWITCH_REQUEST;
1790 params.timestamp = rx_status->device_timestamp;
1791
1792 if (skb->len < baselen) {
1793 tdls_dbg(sdata, "TDLS channel switch req too short: %d\n",
1794 skb->len);
1795 return -EINVAL;
1796 }
1797
1798 target_channel = tf->u.chan_switch_req.target_channel;
1799 oper_class = tf->u.chan_switch_req.oper_class;
1800
1801 /*
1802 * We can't easily infer the channel band. The operating class is
1803 * ambiguous - there are multiple tables (US/Europe/JP/Global). The
1804 * solution here is to treat channels with number >14 as 5GHz ones,
1805 * and specifically check for the (oper_class, channel) combinations
1806 * where this doesn't hold. These are thankfully unique according to
1807 * IEEE802.11-2012.
1808 * We consider only the 2GHz and 5GHz bands and 20MHz+ channels as
1809 * valid here.
1810 */
1811 if ((oper_class == 112 || oper_class == 2 || oper_class == 3 ||
1812 oper_class == 4 || oper_class == 5 || oper_class == 6) &&
1813 target_channel < 14)
1814 band = NL80211_BAND_5GHZ;
1815 else
1816 band = target_channel < 14 ? NL80211_BAND_2GHZ :
1817 NL80211_BAND_5GHZ;
1818
1819 freq = ieee80211_channel_to_frequency(target_channel, band);
1820 if (freq == 0) {
1821 tdls_dbg(sdata, "Invalid channel in TDLS chan switch: %d\n",
1822 target_channel);
1823 return -EINVAL;
1824 }
1825
1826 chan = ieee80211_get_channel(sdata->local->hw.wiphy, freq);
1827 if (!chan) {
1828 tdls_dbg(sdata,
1829 "Unsupported channel for TDLS chan switch: %d\n",
1830 target_channel);
1831 return -EINVAL;
1832 }
1833
1834 ieee802_11_parse_elems(tf->u.chan_switch_req.variable,
1835 skb->len - baselen, false, &elems, NULL, NULL);
1836 if (elems.parse_error) {
1837 tdls_dbg(sdata, "Invalid IEs in TDLS channel switch req\n");
1838 return -EINVAL;
1839 }
1840
1841 if (!elems.ch_sw_timing || !elems.lnk_id) {
1842 tdls_dbg(sdata, "TDLS channel switch req - missing IEs\n");
1843 return -EINVAL;
1844 }
1845
1846 if (!elems.sec_chan_offs) {
1847 chan_type = NL80211_CHAN_HT20;
1848 } else {
1849 switch (elems.sec_chan_offs->sec_chan_offs) {
1850 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
1851 chan_type = NL80211_CHAN_HT40PLUS;
1852 break;
1853 case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
1854 chan_type = NL80211_CHAN_HT40MINUS;
1855 break;
1856 default:
1857 chan_type = NL80211_CHAN_HT20;
1858 break;
1859 }
1860 }
1861
1862 cfg80211_chandef_create(&chandef, chan, chan_type);
1863
1864 /* we will be active on the TDLS link */
1865 if (!cfg80211_reg_can_beacon_relax(sdata->local->hw.wiphy, &chandef,
1866 sdata->wdev.iftype)) {
1867 tdls_dbg(sdata, "TDLS chan switch to forbidden channel\n");
1868 return -EINVAL;
1869 }
1870
1871 mutex_lock(&local->sta_mtx);
1872 sta = sta_info_get(sdata, tf->sa);
1873 if (!sta || !test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH)) {
1874 tdls_dbg(sdata, "TDLS chan switch from non-peer sta %pM\n",
1875 tf->sa);
1876 ret = -EINVAL;
1877 goto out;
1878 }
1879
1880 params.sta = &sta->sta;
1881
1882 /* validate the initiator is set correctly */
1883 local_initiator =
1884 !memcmp(elems.lnk_id->init_sta, sdata->vif.addr, ETH_ALEN);
1885 if (local_initiator == sta->sta.tdls_initiator) {
1886 tdls_dbg(sdata, "TDLS chan switch invalid lnk-id initiator\n");
1887 ret = -EINVAL;
1888 goto out;
1889 }
1890
1891 /* peer should have known better */
1892 if (!sta->sta.ht_cap.ht_supported && elems.sec_chan_offs &&
1893 elems.sec_chan_offs->sec_chan_offs) {
1894 tdls_dbg(sdata, "TDLS chan switch - wide chan unsupported\n");
1895 ret = -ENOTSUPP;
1896 goto out;
1897 }
1898
1899 params.chandef = &chandef;
1900 params.switch_time = le16_to_cpu(elems.ch_sw_timing->switch_time);
1901 params.switch_timeout = le16_to_cpu(elems.ch_sw_timing->switch_timeout);
1902
1903 params.tmpl_skb =
1904 ieee80211_tdls_ch_sw_resp_tmpl_get(sta,
1905 &params.ch_sw_tm_ie);
1906 if (!params.tmpl_skb) {
1907 ret = -ENOENT;
1908 goto out;
1909 }
1910
1911 drv_tdls_recv_channel_switch(sdata->local, sdata, &params);
1912
1913 tdls_dbg(sdata,
1914 "TDLS ch switch request received from %pM ch %d width %d\n",
1915 tf->sa, params.chandef->chan->center_freq,
1916 params.chandef->width);
1917 out:
1918 mutex_unlock(&local->sta_mtx);
1919 dev_kfree_skb_any(params.tmpl_skb);
1920 return ret;
1921 }
1922
1923 static void
1924 ieee80211_process_tdls_channel_switch(struct ieee80211_sub_if_data *sdata,
1925 struct sk_buff *skb)
1926 {
1927 struct ieee80211_tdls_data *tf = (void *)skb->data;
1928 struct wiphy *wiphy = sdata->local->hw.wiphy;
1929
1930 ASSERT_RTNL();
1931
1932 /* make sure the driver supports it */
1933 if (!(wiphy->features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
1934 return;
1935
1936 /* we want to access the entire packet */
1937 if (skb_linearize(skb))
1938 return;
1939 /*
1940 * The packet/size was already validated by mac80211 Rx path, only look
1941 * at the action type.
1942 */
1943 switch (tf->action_code) {
1944 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST:
1945 ieee80211_process_tdls_channel_switch_req(sdata, skb);
1946 break;
1947 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE:
1948 ieee80211_process_tdls_channel_switch_resp(sdata, skb);
1949 break;
1950 default:
1951 WARN_ON_ONCE(1);
1952 return;
1953 }
1954 }
1955
1956 void ieee80211_teardown_tdls_peers(struct ieee80211_sub_if_data *sdata)
1957 {
1958 struct sta_info *sta;
1959 u16 reason = WLAN_REASON_TDLS_TEARDOWN_UNSPECIFIED;
1960
1961 rcu_read_lock();
1962 list_for_each_entry_rcu(sta, &sdata->local->sta_list, list) {
1963 if (!sta->sta.tdls || sta->sdata != sdata || !sta->uploaded ||
1964 !test_sta_flag(sta, WLAN_STA_AUTHORIZED))
1965 continue;
1966
1967 ieee80211_tdls_oper_request(&sdata->vif, sta->sta.addr,
1968 NL80211_TDLS_TEARDOWN, reason,
1969 GFP_ATOMIC);
1970 }
1971 rcu_read_unlock();
1972 }
1973
1974 void ieee80211_tdls_chsw_work(struct work_struct *wk)
1975 {
1976 struct ieee80211_local *local =
1977 container_of(wk, struct ieee80211_local, tdls_chsw_work);
1978 struct ieee80211_sub_if_data *sdata;
1979 struct sk_buff *skb;
1980 struct ieee80211_tdls_data *tf;
1981
1982 rtnl_lock();
1983 while ((skb = skb_dequeue(&local->skb_queue_tdls_chsw))) {
1984 tf = (struct ieee80211_tdls_data *)skb->data;
1985 list_for_each_entry(sdata, &local->interfaces, list) {
1986 if (!ieee80211_sdata_running(sdata) ||
1987 sdata->vif.type != NL80211_IFTYPE_STATION ||
1988 !ether_addr_equal(tf->da, sdata->vif.addr))
1989 continue;
1990
1991 ieee80211_process_tdls_channel_switch(sdata, skb);
1992 break;
1993 }
1994
1995 kfree_skb(skb);
1996 }
1997 rtnl_unlock();
1998 }
1999
2000 void ieee80211_tdls_handle_disconnect(struct ieee80211_sub_if_data *sdata,
2001 const u8 *peer, u16 reason)
2002 {
2003 struct ieee80211_sta *sta;
2004
2005 rcu_read_lock();
2006 sta = ieee80211_find_sta(&sdata->vif, peer);
2007 if (!sta || !sta->tdls) {
2008 rcu_read_unlock();
2009 return;
2010 }
2011 rcu_read_unlock();
2012
2013 tdls_dbg(sdata, "disconnected from TDLS peer %pM (Reason: %u=%s)\n",
2014 peer, reason,
2015 ieee80211_get_reason_code_string(reason));
2016
2017 ieee80211_tdls_oper_request(&sdata->vif, peer,
2018 NL80211_TDLS_TEARDOWN,
2019 WLAN_REASON_TDLS_TEARDOWN_UNREACHABLE,
2020 GFP_ATOMIC);
2021 }
Linux with added FPC-III support