2 * cfg80211 MLME SAP interface
4 * Copyright (c) 2009, Jouni Malinen <j@w1.fi>
7 #include <linux/kernel.h>
8 #include <linux/module.h>
9 #include <linux/netdevice.h>
10 #include <linux/nl80211.h>
11 #include <linux/wireless.h>
12 #include <net/cfg80211.h>
13 #include <net/iw_handler.h>
17 void cfg80211_send_rx_auth(struct net_device
*dev
, const u8
*buf
, size_t len
)
19 struct wireless_dev
*wdev
= dev
->ieee80211_ptr
;
20 struct wiphy
*wiphy
= wdev
->wiphy
;
21 struct cfg80211_registered_device
*rdev
= wiphy_to_dev(wiphy
);
22 struct ieee80211_mgmt
*mgmt
= (struct ieee80211_mgmt
*)buf
;
23 u8
*bssid
= mgmt
->bssid
;
25 u16 status
= le16_to_cpu(mgmt
->u
.auth
.status_code
);
30 for (i
= 0; i
< MAX_AUTH_BSSES
; i
++) {
31 if (wdev
->authtry_bsses
[i
] &&
32 memcmp(wdev
->authtry_bsses
[i
]->pub
.bssid
, bssid
,
34 if (status
== WLAN_STATUS_SUCCESS
) {
35 wdev
->auth_bsses
[i
] = wdev
->authtry_bsses
[i
];
37 cfg80211_unhold_bss(wdev
->authtry_bsses
[i
]);
38 cfg80211_put_bss(&wdev
->authtry_bsses
[i
]->pub
);
40 wdev
->authtry_bsses
[i
] = NULL
;
47 nl80211_send_rx_auth(rdev
, dev
, buf
, len
, GFP_KERNEL
);
48 cfg80211_sme_rx_auth(dev
, buf
, len
);
53 EXPORT_SYMBOL(cfg80211_send_rx_auth
);
55 void cfg80211_send_rx_assoc(struct net_device
*dev
, const u8
*buf
, size_t len
)
58 struct wireless_dev
*wdev
= dev
->ieee80211_ptr
;
59 struct wiphy
*wiphy
= wdev
->wiphy
;
60 struct cfg80211_registered_device
*rdev
= wiphy_to_dev(wiphy
);
61 struct ieee80211_mgmt
*mgmt
= (struct ieee80211_mgmt
*)buf
;
62 u8
*ie
= mgmt
->u
.assoc_resp
.variable
;
63 int i
, ieoffs
= offsetof(struct ieee80211_mgmt
, u
.assoc_resp
.variable
);
64 struct cfg80211_internal_bss
*bss
= NULL
;
65 bool need_connect_result
= true;
69 status_code
= le16_to_cpu(mgmt
->u
.assoc_resp
.status_code
);
72 * This is a bit of a hack, we don't notify userspace of
73 * a (re-)association reply if we tried to send a reassoc
74 * and got a reject -- we only try again with an assoc
75 * frame instead of reassoc.
77 if (status_code
!= WLAN_STATUS_SUCCESS
&& wdev
->conn
&&
78 cfg80211_sme_failed_reassoc(wdev
))
81 nl80211_send_rx_assoc(rdev
, dev
, buf
, len
, GFP_KERNEL
);
83 if (status_code
== WLAN_STATUS_SUCCESS
) {
84 for (i
= 0; i
< MAX_AUTH_BSSES
; i
++) {
85 if (!wdev
->auth_bsses
[i
])
87 if (memcmp(wdev
->auth_bsses
[i
]->pub
.bssid
, mgmt
->bssid
,
89 bss
= wdev
->auth_bsses
[i
];
90 wdev
->auth_bsses
[i
] = NULL
;
91 /* additional reference to drop hold */
92 cfg80211_ref_bss(bss
);
98 * We might be coming here because the driver reported
99 * a successful association at the same time as the
100 * user requested a deauth. In that case, we will have
101 * removed the BSS from the auth_bsses list due to the
102 * deauth request when the assoc response makes it. If
103 * the two code paths acquire the lock the other way
104 * around, that's just the standard situation of a
105 * deauth being requested while connected.
109 } else if (wdev
->conn
) {
110 cfg80211_sme_failed_assoc(wdev
);
111 need_connect_result
= false;
113 * do not call connect_result() now because the
114 * sme will schedule work that does it later.
119 if (!wdev
->conn
&& wdev
->sme_state
== CFG80211_SME_IDLE
) {
121 * This is for the userspace SME, the CONNECTING
122 * state will be changed to CONNECTED by
123 * __cfg80211_connect_result() below.
125 wdev
->sme_state
= CFG80211_SME_CONNECTING
;
128 /* this consumes one bss reference (unless bss is NULL) */
129 __cfg80211_connect_result(dev
, mgmt
->bssid
, NULL
, 0, ie
, len
- ieoffs
,
131 status_code
== WLAN_STATUS_SUCCESS
,
132 bss
? &bss
->pub
: NULL
);
133 /* drop hold now, and also reference acquired above */
135 cfg80211_unhold_bss(bss
);
136 cfg80211_put_bss(&bss
->pub
);
142 EXPORT_SYMBOL(cfg80211_send_rx_assoc
);
144 static void __cfg80211_send_deauth(struct net_device
*dev
,
145 const u8
*buf
, size_t len
)
147 struct wireless_dev
*wdev
= dev
->ieee80211_ptr
;
148 struct wiphy
*wiphy
= wdev
->wiphy
;
149 struct cfg80211_registered_device
*rdev
= wiphy_to_dev(wiphy
);
150 struct ieee80211_mgmt
*mgmt
= (struct ieee80211_mgmt
*)buf
;
151 const u8
*bssid
= mgmt
->bssid
;
155 ASSERT_WDEV_LOCK(wdev
);
157 nl80211_send_deauth(rdev
, dev
, buf
, len
, GFP_KERNEL
);
159 if (wdev
->current_bss
&&
160 memcmp(wdev
->current_bss
->pub
.bssid
, bssid
, ETH_ALEN
) == 0) {
162 cfg80211_unhold_bss(wdev
->current_bss
);
163 cfg80211_put_bss(&wdev
->current_bss
->pub
);
164 wdev
->current_bss
= NULL
;
165 } else for (i
= 0; i
< MAX_AUTH_BSSES
; i
++) {
166 if (wdev
->auth_bsses
[i
] &&
167 memcmp(wdev
->auth_bsses
[i
]->pub
.bssid
, bssid
, ETH_ALEN
) == 0) {
168 cfg80211_unhold_bss(wdev
->auth_bsses
[i
]);
169 cfg80211_put_bss(&wdev
->auth_bsses
[i
]->pub
);
170 wdev
->auth_bsses
[i
] = NULL
;
174 if (wdev
->authtry_bsses
[i
] &&
175 memcmp(wdev
->authtry_bsses
[i
]->pub
.bssid
, bssid
, ETH_ALEN
) == 0) {
176 cfg80211_unhold_bss(wdev
->authtry_bsses
[i
]);
177 cfg80211_put_bss(&wdev
->authtry_bsses
[i
]->pub
);
178 wdev
->authtry_bsses
[i
] = NULL
;
186 if (wdev
->sme_state
== CFG80211_SME_CONNECTED
) {
190 reason_code
= le16_to_cpu(mgmt
->u
.deauth
.reason_code
);
192 from_ap
= memcmp(mgmt
->sa
, dev
->dev_addr
, ETH_ALEN
) != 0;
193 __cfg80211_disconnected(dev
, NULL
, 0, reason_code
, from_ap
);
194 } else if (wdev
->sme_state
== CFG80211_SME_CONNECTING
) {
195 __cfg80211_connect_result(dev
, mgmt
->bssid
, NULL
, 0, NULL
, 0,
196 WLAN_STATUS_UNSPECIFIED_FAILURE
,
202 void cfg80211_send_deauth(struct net_device
*dev
, const u8
*buf
, size_t len
,
205 struct wireless_dev
*wdev
= dev
->ieee80211_ptr
;
207 BUG_ON(cookie
&& wdev
!= cookie
);
210 /* called within callback */
211 __cfg80211_send_deauth(dev
, buf
, len
);
214 __cfg80211_send_deauth(dev
, buf
, len
);
218 EXPORT_SYMBOL(cfg80211_send_deauth
);
220 static void __cfg80211_send_disassoc(struct net_device
*dev
,
221 const u8
*buf
, size_t len
)
223 struct wireless_dev
*wdev
= dev
->ieee80211_ptr
;
224 struct wiphy
*wiphy
= wdev
->wiphy
;
225 struct cfg80211_registered_device
*rdev
= wiphy_to_dev(wiphy
);
226 struct ieee80211_mgmt
*mgmt
= (struct ieee80211_mgmt
*)buf
;
227 const u8
*bssid
= mgmt
->bssid
;
233 ASSERT_WDEV_LOCK(wdev
);
235 nl80211_send_disassoc(rdev
, dev
, buf
, len
, GFP_KERNEL
);
237 if (wdev
->sme_state
!= CFG80211_SME_CONNECTED
)
240 if (wdev
->current_bss
&&
241 memcmp(wdev
->current_bss
->pub
.bssid
, bssid
, ETH_ALEN
) == 0) {
242 for (i
= 0; i
< MAX_AUTH_BSSES
; i
++) {
243 if (wdev
->authtry_bsses
[i
] || wdev
->auth_bsses
[i
])
245 wdev
->auth_bsses
[i
] = wdev
->current_bss
;
246 wdev
->current_bss
= NULL
;
248 cfg80211_sme_disassoc(dev
, i
);
256 reason_code
= le16_to_cpu(mgmt
->u
.disassoc
.reason_code
);
258 from_ap
= memcmp(mgmt
->sa
, dev
->dev_addr
, ETH_ALEN
) != 0;
259 __cfg80211_disconnected(dev
, NULL
, 0, reason_code
, from_ap
);
262 void cfg80211_send_disassoc(struct net_device
*dev
, const u8
*buf
, size_t len
,
265 struct wireless_dev
*wdev
= dev
->ieee80211_ptr
;
267 BUG_ON(cookie
&& wdev
!= cookie
);
270 /* called within callback */
271 __cfg80211_send_disassoc(dev
, buf
, len
);
274 __cfg80211_send_disassoc(dev
, buf
, len
);
278 EXPORT_SYMBOL(cfg80211_send_disassoc
);
280 void cfg80211_send_auth_timeout(struct net_device
*dev
, const u8
*addr
)
282 struct wireless_dev
*wdev
= dev
->ieee80211_ptr
;
283 struct wiphy
*wiphy
= wdev
->wiphy
;
284 struct cfg80211_registered_device
*rdev
= wiphy_to_dev(wiphy
);
290 nl80211_send_auth_timeout(rdev
, dev
, addr
, GFP_KERNEL
);
291 if (wdev
->sme_state
== CFG80211_SME_CONNECTING
)
292 __cfg80211_connect_result(dev
, addr
, NULL
, 0, NULL
, 0,
293 WLAN_STATUS_UNSPECIFIED_FAILURE
,
296 for (i
= 0; addr
&& i
< MAX_AUTH_BSSES
; i
++) {
297 if (wdev
->authtry_bsses
[i
] &&
298 memcmp(wdev
->authtry_bsses
[i
]->pub
.bssid
,
299 addr
, ETH_ALEN
) == 0) {
300 cfg80211_unhold_bss(wdev
->authtry_bsses
[i
]);
301 cfg80211_put_bss(&wdev
->authtry_bsses
[i
]->pub
);
302 wdev
->authtry_bsses
[i
] = NULL
;
312 EXPORT_SYMBOL(cfg80211_send_auth_timeout
);
314 void cfg80211_send_assoc_timeout(struct net_device
*dev
, const u8
*addr
)
316 struct wireless_dev
*wdev
= dev
->ieee80211_ptr
;
317 struct wiphy
*wiphy
= wdev
->wiphy
;
318 struct cfg80211_registered_device
*rdev
= wiphy_to_dev(wiphy
);
324 nl80211_send_assoc_timeout(rdev
, dev
, addr
, GFP_KERNEL
);
325 if (wdev
->sme_state
== CFG80211_SME_CONNECTING
)
326 __cfg80211_connect_result(dev
, addr
, NULL
, 0, NULL
, 0,
327 WLAN_STATUS_UNSPECIFIED_FAILURE
,
330 for (i
= 0; addr
&& i
< MAX_AUTH_BSSES
; i
++) {
331 if (wdev
->auth_bsses
[i
] &&
332 memcmp(wdev
->auth_bsses
[i
]->pub
.bssid
,
333 addr
, ETH_ALEN
) == 0) {
334 cfg80211_unhold_bss(wdev
->auth_bsses
[i
]);
335 cfg80211_put_bss(&wdev
->auth_bsses
[i
]->pub
);
336 wdev
->auth_bsses
[i
] = NULL
;
346 EXPORT_SYMBOL(cfg80211_send_assoc_timeout
);
348 void cfg80211_michael_mic_failure(struct net_device
*dev
, const u8
*addr
,
349 enum nl80211_key_type key_type
, int key_id
,
350 const u8
*tsc
, gfp_t gfp
)
352 struct wiphy
*wiphy
= dev
->ieee80211_ptr
->wiphy
;
353 struct cfg80211_registered_device
*rdev
= wiphy_to_dev(wiphy
);
354 #ifdef CONFIG_WIRELESS_EXT
355 union iwreq_data wrqu
;
356 char *buf
= kmalloc(128, gfp
);
359 sprintf(buf
, "MLME-MICHAELMICFAILURE.indication("
360 "keyid=%d %scast addr=%pM)", key_id
,
361 key_type
== NL80211_KEYTYPE_GROUP
? "broad" : "uni",
363 memset(&wrqu
, 0, sizeof(wrqu
));
364 wrqu
.data
.length
= strlen(buf
);
365 wireless_send_event(dev
, IWEVCUSTOM
, &wrqu
, buf
);
370 nl80211_michael_mic_failure(rdev
, dev
, addr
, key_type
, key_id
, tsc
, gfp
);
372 EXPORT_SYMBOL(cfg80211_michael_mic_failure
);
374 /* some MLME handling for userspace SME */
375 int __cfg80211_mlme_auth(struct cfg80211_registered_device
*rdev
,
376 struct net_device
*dev
,
377 struct ieee80211_channel
*chan
,
378 enum nl80211_auth_type auth_type
,
380 const u8
*ssid
, int ssid_len
,
381 const u8
*ie
, int ie_len
,
382 const u8
*key
, int key_len
, int key_idx
)
384 struct wireless_dev
*wdev
= dev
->ieee80211_ptr
;
385 struct cfg80211_auth_request req
;
386 struct cfg80211_internal_bss
*bss
;
387 int i
, err
, slot
= -1, nfree
= 0;
389 ASSERT_WDEV_LOCK(wdev
);
391 if (auth_type
== NL80211_AUTHTYPE_SHARED_KEY
)
392 if (!key
|| !key_len
|| key_idx
< 0 || key_idx
> 4)
395 if (wdev
->current_bss
&&
396 memcmp(bssid
, wdev
->current_bss
->pub
.bssid
, ETH_ALEN
) == 0)
399 for (i
= 0; i
< MAX_AUTH_BSSES
; i
++) {
400 if (wdev
->authtry_bsses
[i
] &&
401 memcmp(bssid
, wdev
->authtry_bsses
[i
]->pub
.bssid
,
404 if (wdev
->auth_bsses
[i
] &&
405 memcmp(bssid
, wdev
->auth_bsses
[i
]->pub
.bssid
,
410 memset(&req
, 0, sizeof(req
));
414 req
.auth_type
= auth_type
;
415 req
.bss
= cfg80211_get_bss(&rdev
->wiphy
, chan
, bssid
, ssid
, ssid_len
,
416 WLAN_CAPABILITY_ESS
, WLAN_CAPABILITY_ESS
);
418 req
.key_len
= key_len
;
419 req
.key_idx
= key_idx
;
423 bss
= bss_from_pub(req
.bss
);
425 for (i
= 0; i
< MAX_AUTH_BSSES
; i
++) {
426 if (!wdev
->auth_bsses
[i
] && !wdev
->authtry_bsses
[i
]) {
432 /* we need one free slot for disassoc and one for this auth */
438 wdev
->authtry_bsses
[slot
] = bss
;
439 cfg80211_hold_bss(bss
);
441 err
= rdev
->ops
->auth(&rdev
->wiphy
, dev
, &req
);
443 wdev
->authtry_bsses
[slot
] = NULL
;
444 cfg80211_unhold_bss(bss
);
449 cfg80211_put_bss(req
.bss
);
453 int cfg80211_mlme_auth(struct cfg80211_registered_device
*rdev
,
454 struct net_device
*dev
, struct ieee80211_channel
*chan
,
455 enum nl80211_auth_type auth_type
, const u8
*bssid
,
456 const u8
*ssid
, int ssid_len
,
457 const u8
*ie
, int ie_len
,
458 const u8
*key
, int key_len
, int key_idx
)
462 wdev_lock(dev
->ieee80211_ptr
);
463 err
= __cfg80211_mlme_auth(rdev
, dev
, chan
, auth_type
, bssid
,
464 ssid
, ssid_len
, ie
, ie_len
,
465 key
, key_len
, key_idx
);
466 wdev_unlock(dev
->ieee80211_ptr
);
471 int __cfg80211_mlme_assoc(struct cfg80211_registered_device
*rdev
,
472 struct net_device
*dev
,
473 struct ieee80211_channel
*chan
,
474 const u8
*bssid
, const u8
*prev_bssid
,
475 const u8
*ssid
, int ssid_len
,
476 const u8
*ie
, int ie_len
, bool use_mfp
,
477 struct cfg80211_crypto_settings
*crypt
)
479 struct wireless_dev
*wdev
= dev
->ieee80211_ptr
;
480 struct cfg80211_assoc_request req
;
481 struct cfg80211_internal_bss
*bss
;
482 int i
, err
, slot
= -1;
484 ASSERT_WDEV_LOCK(wdev
);
486 memset(&req
, 0, sizeof(req
));
488 if (wdev
->current_bss
)
493 memcpy(&req
.crypto
, crypt
, sizeof(req
.crypto
));
494 req
.use_mfp
= use_mfp
;
495 req
.prev_bssid
= prev_bssid
;
496 req
.bss
= cfg80211_get_bss(&rdev
->wiphy
, chan
, bssid
, ssid
, ssid_len
,
497 WLAN_CAPABILITY_ESS
, WLAN_CAPABILITY_ESS
);
501 bss
= bss_from_pub(req
.bss
);
503 for (i
= 0; i
< MAX_AUTH_BSSES
; i
++) {
504 if (bss
== wdev
->auth_bsses
[i
]) {
515 err
= rdev
->ops
->assoc(&rdev
->wiphy
, dev
, &req
);
517 /* still a reference in wdev->auth_bsses[slot] */
518 cfg80211_put_bss(req
.bss
);
522 int cfg80211_mlme_assoc(struct cfg80211_registered_device
*rdev
,
523 struct net_device
*dev
,
524 struct ieee80211_channel
*chan
,
525 const u8
*bssid
, const u8
*prev_bssid
,
526 const u8
*ssid
, int ssid_len
,
527 const u8
*ie
, int ie_len
, bool use_mfp
,
528 struct cfg80211_crypto_settings
*crypt
)
530 struct wireless_dev
*wdev
= dev
->ieee80211_ptr
;
534 err
= __cfg80211_mlme_assoc(rdev
, dev
, chan
, bssid
, prev_bssid
,
535 ssid
, ssid_len
, ie
, ie_len
, use_mfp
, crypt
);
541 int __cfg80211_mlme_deauth(struct cfg80211_registered_device
*rdev
,
542 struct net_device
*dev
, const u8
*bssid
,
543 const u8
*ie
, int ie_len
, u16 reason
)
545 struct wireless_dev
*wdev
= dev
->ieee80211_ptr
;
546 struct cfg80211_deauth_request req
;
549 ASSERT_WDEV_LOCK(wdev
);
551 memset(&req
, 0, sizeof(req
));
552 req
.reason_code
= reason
;
555 if (wdev
->current_bss
&&
556 memcmp(wdev
->current_bss
->pub
.bssid
, bssid
, ETH_ALEN
) == 0) {
557 req
.bss
= &wdev
->current_bss
->pub
;
558 } else for (i
= 0; i
< MAX_AUTH_BSSES
; i
++) {
559 if (wdev
->auth_bsses
[i
] &&
560 memcmp(bssid
, wdev
->auth_bsses
[i
]->pub
.bssid
, ETH_ALEN
) == 0) {
561 req
.bss
= &wdev
->auth_bsses
[i
]->pub
;
564 if (wdev
->authtry_bsses
[i
] &&
565 memcmp(bssid
, wdev
->authtry_bsses
[i
]->pub
.bssid
, ETH_ALEN
) == 0) {
566 req
.bss
= &wdev
->authtry_bsses
[i
]->pub
;
574 return rdev
->ops
->deauth(&rdev
->wiphy
, dev
, &req
, wdev
);
577 int cfg80211_mlme_deauth(struct cfg80211_registered_device
*rdev
,
578 struct net_device
*dev
, const u8
*bssid
,
579 const u8
*ie
, int ie_len
, u16 reason
)
581 struct wireless_dev
*wdev
= dev
->ieee80211_ptr
;
585 err
= __cfg80211_mlme_deauth(rdev
, dev
, bssid
, ie
, ie_len
, reason
);
591 static int __cfg80211_mlme_disassoc(struct cfg80211_registered_device
*rdev
,
592 struct net_device
*dev
, const u8
*bssid
,
593 const u8
*ie
, int ie_len
, u16 reason
)
595 struct wireless_dev
*wdev
= dev
->ieee80211_ptr
;
596 struct cfg80211_disassoc_request req
;
598 ASSERT_WDEV_LOCK(wdev
);
600 if (wdev
->sme_state
!= CFG80211_SME_CONNECTED
)
603 if (WARN_ON(!wdev
->current_bss
))
606 memset(&req
, 0, sizeof(req
));
607 req
.reason_code
= reason
;
610 if (memcmp(wdev
->current_bss
->pub
.bssid
, bssid
, ETH_ALEN
) == 0)
611 req
.bss
= &wdev
->current_bss
->pub
;
615 return rdev
->ops
->disassoc(&rdev
->wiphy
, dev
, &req
, wdev
);
618 int cfg80211_mlme_disassoc(struct cfg80211_registered_device
*rdev
,
619 struct net_device
*dev
, const u8
*bssid
,
620 const u8
*ie
, int ie_len
, u16 reason
)
622 struct wireless_dev
*wdev
= dev
->ieee80211_ptr
;
626 err
= __cfg80211_mlme_disassoc(rdev
, dev
, bssid
, ie
, ie_len
, reason
);
632 void cfg80211_mlme_down(struct cfg80211_registered_device
*rdev
,
633 struct net_device
*dev
)
635 struct wireless_dev
*wdev
= dev
->ieee80211_ptr
;
636 struct cfg80211_deauth_request req
;
639 ASSERT_WDEV_LOCK(wdev
);
641 if (!rdev
->ops
->deauth
)
644 memset(&req
, 0, sizeof(req
));
645 req
.reason_code
= WLAN_REASON_DEAUTH_LEAVING
;
649 if (wdev
->current_bss
) {
650 req
.bss
= &wdev
->current_bss
->pub
;
651 rdev
->ops
->deauth(&rdev
->wiphy
, dev
, &req
, wdev
);
652 if (wdev
->current_bss
) {
653 cfg80211_unhold_bss(wdev
->current_bss
);
654 cfg80211_put_bss(&wdev
->current_bss
->pub
);
655 wdev
->current_bss
= NULL
;
659 for (i
= 0; i
< MAX_AUTH_BSSES
; i
++) {
660 if (wdev
->auth_bsses
[i
]) {
661 req
.bss
= &wdev
->auth_bsses
[i
]->pub
;
662 rdev
->ops
->deauth(&rdev
->wiphy
, dev
, &req
, wdev
);
663 if (wdev
->auth_bsses
[i
]) {
664 cfg80211_unhold_bss(wdev
->auth_bsses
[i
]);
665 cfg80211_put_bss(&wdev
->auth_bsses
[i
]->pub
);
666 wdev
->auth_bsses
[i
] = NULL
;
669 if (wdev
->authtry_bsses
[i
]) {
670 req
.bss
= &wdev
->authtry_bsses
[i
]->pub
;
671 rdev
->ops
->deauth(&rdev
->wiphy
, dev
, &req
, wdev
);
672 if (wdev
->authtry_bsses
[i
]) {
673 cfg80211_unhold_bss(wdev
->authtry_bsses
[i
]);
674 cfg80211_put_bss(&wdev
->authtry_bsses
[i
]->pub
);
675 wdev
->authtry_bsses
[i
] = NULL
;
