tdls.c (56567B)
1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * mac80211 TDLS handling code 4 * 5 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net> 6 * Copyright 2014, Intel Corporation 7 * Copyright 2014 Intel Mobile Communications GmbH 8 * Copyright 2015 - 2016 Intel Deutschland GmbH 9 * Copyright (C) 2019, 2021 Intel Corporation 10 */ 11 12#include <linux/ieee80211.h> 13#include <linux/log2.h> 14#include <net/cfg80211.h> 15#include <linux/rtnetlink.h> 16#include "ieee80211_i.h" 17#include "driver-ops.h" 18#include "rate.h" 19#include "wme.h" 20 21/* give usermode some time for retries in setting up the TDLS session */ 22#define TDLS_PEER_SETUP_TIMEOUT (15 * HZ) 23 24void ieee80211_tdls_peer_del_work(struct work_struct *wk) 25{ 26 struct ieee80211_sub_if_data *sdata; 27 struct ieee80211_local *local; 28 29 sdata = container_of(wk, struct ieee80211_sub_if_data, 30 u.mgd.tdls_peer_del_work.work); 31 local = sdata->local; 32 33 mutex_lock(&local->mtx); 34 if (!is_zero_ether_addr(sdata->u.mgd.tdls_peer)) { 35 tdls_dbg(sdata, "TDLS del peer %pM\n", sdata->u.mgd.tdls_peer); 36 sta_info_destroy_addr(sdata, sdata->u.mgd.tdls_peer); 37 eth_zero_addr(sdata->u.mgd.tdls_peer); 38 } 39 mutex_unlock(&local->mtx); 40} 41 42static void ieee80211_tdls_add_ext_capab(struct ieee80211_sub_if_data *sdata, 43 struct sk_buff *skb) 44{ 45 struct ieee80211_local *local = sdata->local; 46 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 47 bool chan_switch = local->hw.wiphy->features & 48 NL80211_FEATURE_TDLS_CHANNEL_SWITCH; 49 bool wider_band = ieee80211_hw_check(&local->hw, TDLS_WIDER_BW) && 50 !ifmgd->tdls_wider_bw_prohibited; 51 bool buffer_sta = ieee80211_hw_check(&local->hw, 52 SUPPORTS_TDLS_BUFFER_STA); 53 struct ieee80211_supported_band *sband = ieee80211_get_sband(sdata); 54 bool vht = sband && sband->vht_cap.vht_supported; 55 u8 *pos = skb_put(skb, 10); 56 57 *pos++ = WLAN_EID_EXT_CAPABILITY; 58 *pos++ = 8; /* len */ 59 *pos++ = 0x0; 60 *pos++ = 0x0; 61 *pos++ = 0x0; 62 *pos++ = (chan_switch ? WLAN_EXT_CAPA4_TDLS_CHAN_SWITCH : 0) | 63 (buffer_sta ? WLAN_EXT_CAPA4_TDLS_BUFFER_STA : 0); 64 *pos++ = WLAN_EXT_CAPA5_TDLS_ENABLED; 65 *pos++ = 0; 66 *pos++ = 0; 67 *pos++ = (vht && wider_band) ? WLAN_EXT_CAPA8_TDLS_WIDE_BW_ENABLED : 0; 68} 69 70static u8 71ieee80211_tdls_add_subband(struct ieee80211_sub_if_data *sdata, 72 struct sk_buff *skb, u16 start, u16 end, 73 u16 spacing) 74{ 75 u8 subband_cnt = 0, ch_cnt = 0; 76 struct ieee80211_channel *ch; 77 struct cfg80211_chan_def chandef; 78 int i, subband_start; 79 struct wiphy *wiphy = sdata->local->hw.wiphy; 80 81 for (i = start; i <= end; i += spacing) { 82 if (!ch_cnt) 83 subband_start = i; 84 85 ch = ieee80211_get_channel(sdata->local->hw.wiphy, i); 86 if (ch) { 87 /* we will be active on the channel */ 88 cfg80211_chandef_create(&chandef, ch, 89 NL80211_CHAN_NO_HT); 90 if (cfg80211_reg_can_beacon_relax(wiphy, &chandef, 91 sdata->wdev.iftype)) { 92 ch_cnt++; 93 /* 94 * check if the next channel is also part of 95 * this allowed range 96 */ 97 continue; 98 } 99 } 100 101 /* 102 * we've reached the end of a range, with allowed channels 103 * found 104 */ 105 if (ch_cnt) { 106 u8 *pos = skb_put(skb, 2); 107 *pos++ = ieee80211_frequency_to_channel(subband_start); 108 *pos++ = ch_cnt; 109 110 subband_cnt++; 111 ch_cnt = 0; 112 } 113 } 114 115 /* all channels in the requested range are allowed - add them here */ 116 if (ch_cnt) { 117 u8 *pos = skb_put(skb, 2); 118 *pos++ = ieee80211_frequency_to_channel(subband_start); 119 *pos++ = ch_cnt; 120 121 subband_cnt++; 122 } 123 124 return subband_cnt; 125} 126 127static void 128ieee80211_tdls_add_supp_channels(struct ieee80211_sub_if_data *sdata, 129 struct sk_buff *skb) 130{ 131 /* 132 * Add possible channels for TDLS. These are channels that are allowed 133 * to be active. 134 */ 135 u8 subband_cnt; 136 u8 *pos = skb_put(skb, 2); 137 138 *pos++ = WLAN_EID_SUPPORTED_CHANNELS; 139 140 /* 141 * 5GHz and 2GHz channels numbers can overlap. Ignore this for now, as 142 * this doesn't happen in real world scenarios. 143 */ 144 145 /* 2GHz, with 5MHz spacing */ 146 subband_cnt = ieee80211_tdls_add_subband(sdata, skb, 2412, 2472, 5); 147 148 /* 5GHz, with 20MHz spacing */ 149 subband_cnt += ieee80211_tdls_add_subband(sdata, skb, 5000, 5825, 20); 150 151 /* length */ 152 *pos = 2 * subband_cnt; 153} 154 155static void ieee80211_tdls_add_oper_classes(struct ieee80211_sub_if_data *sdata, 156 struct sk_buff *skb) 157{ 158 u8 *pos; 159 u8 op_class; 160 161 if (!ieee80211_chandef_to_operating_class(&sdata->vif.bss_conf.chandef, 162 &op_class)) 163 return; 164 165 pos = skb_put(skb, 4); 166 *pos++ = WLAN_EID_SUPPORTED_REGULATORY_CLASSES; 167 *pos++ = 2; /* len */ 168 169 *pos++ = op_class; 170 *pos++ = op_class; /* give current operating class as alternate too */ 171} 172 173static void ieee80211_tdls_add_bss_coex_ie(struct sk_buff *skb) 174{ 175 u8 *pos = skb_put(skb, 3); 176 177 *pos++ = WLAN_EID_BSS_COEX_2040; 178 *pos++ = 1; /* len */ 179 180 *pos++ = WLAN_BSS_COEX_INFORMATION_REQUEST; 181} 182 183static u16 ieee80211_get_tdls_sta_capab(struct ieee80211_sub_if_data *sdata, 184 u16 status_code) 185{ 186 struct ieee80211_supported_band *sband; 187 188 /* The capability will be 0 when sending a failure code */ 189 if (status_code != 0) 190 return 0; 191 192 sband = ieee80211_get_sband(sdata); 193 if (sband && sband->band == NL80211_BAND_2GHZ) { 194 return WLAN_CAPABILITY_SHORT_SLOT_TIME | 195 WLAN_CAPABILITY_SHORT_PREAMBLE; 196 } 197 198 return 0; 199} 200 201static void ieee80211_tdls_add_link_ie(struct ieee80211_sub_if_data *sdata, 202 struct sk_buff *skb, const u8 *peer, 203 bool initiator) 204{ 205 struct ieee80211_tdls_lnkie *lnkid; 206 const u8 *init_addr, *rsp_addr; 207 208 if (initiator) { 209 init_addr = sdata->vif.addr; 210 rsp_addr = peer; 211 } else { 212 init_addr = peer; 213 rsp_addr = sdata->vif.addr; 214 } 215 216 lnkid = skb_put(skb, sizeof(struct ieee80211_tdls_lnkie)); 217 218 lnkid->ie_type = WLAN_EID_LINK_ID; 219 lnkid->ie_len = sizeof(struct ieee80211_tdls_lnkie) - 2; 220 221 memcpy(lnkid->bssid, sdata->u.mgd.bssid, ETH_ALEN); 222 memcpy(lnkid->init_sta, init_addr, ETH_ALEN); 223 memcpy(lnkid->resp_sta, rsp_addr, ETH_ALEN); 224} 225 226static void 227ieee80211_tdls_add_aid(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb) 228{ 229 u8 *pos = skb_put(skb, 4); 230 231 *pos++ = WLAN_EID_AID; 232 *pos++ = 2; /* len */ 233 put_unaligned_le16(sdata->vif.bss_conf.aid, pos); 234} 235 236/* translate numbering in the WMM parameter IE to the mac80211 notation */ 237static enum ieee80211_ac_numbers ieee80211_ac_from_wmm(int ac) 238{ 239 switch (ac) { 240 default: 241 WARN_ON_ONCE(1); 242 fallthrough; 243 case 0: 244 return IEEE80211_AC_BE; 245 case 1: 246 return IEEE80211_AC_BK; 247 case 2: 248 return IEEE80211_AC_VI; 249 case 3: 250 return IEEE80211_AC_VO; 251 } 252} 253 254static u8 ieee80211_wmm_aci_aifsn(int aifsn, bool acm, int aci) 255{ 256 u8 ret; 257 258 ret = aifsn & 0x0f; 259 if (acm) 260 ret |= 0x10; 261 ret |= (aci << 5) & 0x60; 262 return ret; 263} 264 265static u8 ieee80211_wmm_ecw(u16 cw_min, u16 cw_max) 266{ 267 return ((ilog2(cw_min + 1) << 0x0) & 0x0f) | 268 ((ilog2(cw_max + 1) << 0x4) & 0xf0); 269} 270 271static void ieee80211_tdls_add_wmm_param_ie(struct ieee80211_sub_if_data *sdata, 272 struct sk_buff *skb) 273{ 274 struct ieee80211_wmm_param_ie *wmm; 275 struct ieee80211_tx_queue_params *txq; 276 int i; 277 278 wmm = skb_put_zero(skb, sizeof(*wmm)); 279 280 wmm->element_id = WLAN_EID_VENDOR_SPECIFIC; 281 wmm->len = sizeof(*wmm) - 2; 282 283 wmm->oui[0] = 0x00; /* Microsoft OUI 00:50:F2 */ 284 wmm->oui[1] = 0x50; 285 wmm->oui[2] = 0xf2; 286 wmm->oui_type = 2; /* WME */ 287 wmm->oui_subtype = 1; /* WME param */ 288 wmm->version = 1; /* WME ver */ 289 wmm->qos_info = 0; /* U-APSD not in use */ 290 291 /* 292 * Use the EDCA parameters defined for the BSS, or default if the AP 293 * doesn't support it, as mandated by 802.11-2012 section 10.22.4 294 */ 295 for (i = 0; i < IEEE80211_NUM_ACS; i++) { 296 txq = &sdata->tx_conf[ieee80211_ac_from_wmm(i)]; 297 wmm->ac[i].aci_aifsn = ieee80211_wmm_aci_aifsn(txq->aifs, 298 txq->acm, i); 299 wmm->ac[i].cw = ieee80211_wmm_ecw(txq->cw_min, txq->cw_max); 300 wmm->ac[i].txop_limit = cpu_to_le16(txq->txop); 301 } 302} 303 304static void 305ieee80211_tdls_chandef_vht_upgrade(struct ieee80211_sub_if_data *sdata, 306 struct sta_info *sta) 307{ 308 /* IEEE802.11ac-2013 Table E-4 */ 309 u16 centers_80mhz[] = { 5210, 5290, 5530, 5610, 5690, 5775 }; 310 struct cfg80211_chan_def uc = sta->tdls_chandef; 311 enum nl80211_chan_width max_width = ieee80211_sta_cap_chan_bw(sta); 312 int i; 313 314 /* only support upgrading non-narrow channels up to 80Mhz */ 315 if (max_width == NL80211_CHAN_WIDTH_5 || 316 max_width == NL80211_CHAN_WIDTH_10) 317 return; 318 319 if (max_width > NL80211_CHAN_WIDTH_80) 320 max_width = NL80211_CHAN_WIDTH_80; 321 322 if (uc.width >= max_width) 323 return; 324 /* 325 * Channel usage constrains in the IEEE802.11ac-2013 specification only 326 * allow expanding a 20MHz channel to 80MHz in a single way. In 327 * addition, there are no 40MHz allowed channels that are not part of 328 * the allowed 80MHz range in the 5GHz spectrum (the relevant one here). 329 */ 330 for (i = 0; i < ARRAY_SIZE(centers_80mhz); i++) 331 if (abs(uc.chan->center_freq - centers_80mhz[i]) <= 30) { 332 uc.center_freq1 = centers_80mhz[i]; 333 uc.center_freq2 = 0; 334 uc.width = NL80211_CHAN_WIDTH_80; 335 break; 336 } 337 338 if (!uc.center_freq1) 339 return; 340 341 /* proceed to downgrade the chandef until usable or the same as AP BW */ 342 while (uc.width > max_width || 343 (uc.width > sta->tdls_chandef.width && 344 !cfg80211_reg_can_beacon_relax(sdata->local->hw.wiphy, &uc, 345 sdata->wdev.iftype))) 346 ieee80211_chandef_downgrade(&uc); 347 348 if (!cfg80211_chandef_identical(&uc, &sta->tdls_chandef)) { 349 tdls_dbg(sdata, "TDLS ch width upgraded %d -> %d\n", 350 sta->tdls_chandef.width, uc.width); 351 352 /* 353 * the station is not yet authorized when BW upgrade is done, 354 * locking is not required 355 */ 356 sta->tdls_chandef = uc; 357 } 358} 359 360static void 361ieee80211_tdls_add_setup_start_ies(struct ieee80211_sub_if_data *sdata, 362 struct sk_buff *skb, const u8 *peer, 363 u8 action_code, bool initiator, 364 const u8 *extra_ies, size_t extra_ies_len) 365{ 366 struct ieee80211_supported_band *sband; 367 struct ieee80211_local *local = sdata->local; 368 struct ieee80211_sta_ht_cap ht_cap; 369 struct ieee80211_sta_vht_cap vht_cap; 370 struct sta_info *sta = NULL; 371 size_t offset = 0, noffset; 372 u8 *pos; 373 374 sband = ieee80211_get_sband(sdata); 375 if (!sband) 376 return; 377 378 ieee80211_add_srates_ie(sdata, skb, false, sband->band); 379 ieee80211_add_ext_srates_ie(sdata, skb, false, sband->band); 380 ieee80211_tdls_add_supp_channels(sdata, skb); 381 382 /* add any custom IEs that go before Extended Capabilities */ 383 if (extra_ies_len) { 384 static const u8 before_ext_cap[] = { 385 WLAN_EID_SUPP_RATES, 386 WLAN_EID_COUNTRY, 387 WLAN_EID_EXT_SUPP_RATES, 388 WLAN_EID_SUPPORTED_CHANNELS, 389 WLAN_EID_RSN, 390 }; 391 noffset = ieee80211_ie_split(extra_ies, extra_ies_len, 392 before_ext_cap, 393 ARRAY_SIZE(before_ext_cap), 394 offset); 395 skb_put_data(skb, extra_ies + offset, noffset - offset); 396 offset = noffset; 397 } 398 399 ieee80211_tdls_add_ext_capab(sdata, skb); 400 401 /* add the QoS element if we support it */ 402 if (local->hw.queues >= IEEE80211_NUM_ACS && 403 action_code != WLAN_PUB_ACTION_TDLS_DISCOVER_RES) 404 ieee80211_add_wmm_info_ie(skb_put(skb, 9), 0); /* no U-APSD */ 405 406 /* add any custom IEs that go before HT capabilities */ 407 if (extra_ies_len) { 408 static const u8 before_ht_cap[] = { 409 WLAN_EID_SUPP_RATES, 410 WLAN_EID_COUNTRY, 411 WLAN_EID_EXT_SUPP_RATES, 412 WLAN_EID_SUPPORTED_CHANNELS, 413 WLAN_EID_RSN, 414 WLAN_EID_EXT_CAPABILITY, 415 WLAN_EID_QOS_CAPA, 416 WLAN_EID_FAST_BSS_TRANSITION, 417 WLAN_EID_TIMEOUT_INTERVAL, 418 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 419 }; 420 noffset = ieee80211_ie_split(extra_ies, extra_ies_len, 421 before_ht_cap, 422 ARRAY_SIZE(before_ht_cap), 423 offset); 424 skb_put_data(skb, extra_ies + offset, noffset - offset); 425 offset = noffset; 426 } 427 428 mutex_lock(&local->sta_mtx); 429 430 /* we should have the peer STA if we're already responding */ 431 if (action_code == WLAN_TDLS_SETUP_RESPONSE) { 432 sta = sta_info_get(sdata, peer); 433 if (WARN_ON_ONCE(!sta)) { 434 mutex_unlock(&local->sta_mtx); 435 return; 436 } 437 438 sta->tdls_chandef = sdata->vif.bss_conf.chandef; 439 } 440 441 ieee80211_tdls_add_oper_classes(sdata, skb); 442 443 /* 444 * with TDLS we can switch channels, and HT-caps are not necessarily 445 * the same on all bands. The specification limits the setup to a 446 * single HT-cap, so use the current band for now. 447 */ 448 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap)); 449 450 if ((action_code == WLAN_TDLS_SETUP_REQUEST || 451 action_code == WLAN_PUB_ACTION_TDLS_DISCOVER_RES) && 452 ht_cap.ht_supported) { 453 ieee80211_apply_htcap_overrides(sdata, &ht_cap); 454 455 /* disable SMPS in TDLS initiator */ 456 ht_cap.cap |= WLAN_HT_CAP_SM_PS_DISABLED 457 << IEEE80211_HT_CAP_SM_PS_SHIFT; 458 459 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2); 460 ieee80211_ie_build_ht_cap(pos, &ht_cap, ht_cap.cap); 461 } else if (action_code == WLAN_TDLS_SETUP_RESPONSE && 462 ht_cap.ht_supported && sta->sta.deflink.ht_cap.ht_supported) { 463 /* the peer caps are already intersected with our own */ 464 memcpy(&ht_cap, &sta->sta.deflink.ht_cap, sizeof(ht_cap)); 465 466 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2); 467 ieee80211_ie_build_ht_cap(pos, &ht_cap, ht_cap.cap); 468 } 469 470 if (ht_cap.ht_supported && 471 (ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40)) 472 ieee80211_tdls_add_bss_coex_ie(skb); 473 474 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator); 475 476 /* add any custom IEs that go before VHT capabilities */ 477 if (extra_ies_len) { 478 static const u8 before_vht_cap[] = { 479 WLAN_EID_SUPP_RATES, 480 WLAN_EID_COUNTRY, 481 WLAN_EID_EXT_SUPP_RATES, 482 WLAN_EID_SUPPORTED_CHANNELS, 483 WLAN_EID_RSN, 484 WLAN_EID_EXT_CAPABILITY, 485 WLAN_EID_QOS_CAPA, 486 WLAN_EID_FAST_BSS_TRANSITION, 487 WLAN_EID_TIMEOUT_INTERVAL, 488 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 489 WLAN_EID_MULTI_BAND, 490 }; 491 noffset = ieee80211_ie_split(extra_ies, extra_ies_len, 492 before_vht_cap, 493 ARRAY_SIZE(before_vht_cap), 494 offset); 495 skb_put_data(skb, extra_ies + offset, noffset - offset); 496 offset = noffset; 497 } 498 499 /* build the VHT-cap similarly to the HT-cap */ 500 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap)); 501 if ((action_code == WLAN_TDLS_SETUP_REQUEST || 502 action_code == WLAN_PUB_ACTION_TDLS_DISCOVER_RES) && 503 vht_cap.vht_supported) { 504 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap); 505 506 /* the AID is present only when VHT is implemented */ 507 if (action_code == WLAN_TDLS_SETUP_REQUEST) 508 ieee80211_tdls_add_aid(sdata, skb); 509 510 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2); 511 ieee80211_ie_build_vht_cap(pos, &vht_cap, vht_cap.cap); 512 } else if (action_code == WLAN_TDLS_SETUP_RESPONSE && 513 vht_cap.vht_supported && sta->sta.deflink.vht_cap.vht_supported) { 514 /* the peer caps are already intersected with our own */ 515 memcpy(&vht_cap, &sta->sta.deflink.vht_cap, sizeof(vht_cap)); 516 517 /* the AID is present only when VHT is implemented */ 518 ieee80211_tdls_add_aid(sdata, skb); 519 520 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2); 521 ieee80211_ie_build_vht_cap(pos, &vht_cap, vht_cap.cap); 522 523 /* 524 * if both peers support WIDER_BW, we can expand the chandef to 525 * a wider compatible one, up to 80MHz 526 */ 527 if (test_sta_flag(sta, WLAN_STA_TDLS_WIDER_BW)) 528 ieee80211_tdls_chandef_vht_upgrade(sdata, sta); 529 } 530 531 mutex_unlock(&local->sta_mtx); 532 533 /* add any remaining IEs */ 534 if (extra_ies_len) { 535 noffset = extra_ies_len; 536 skb_put_data(skb, extra_ies + offset, noffset - offset); 537 } 538 539} 540 541static void 542ieee80211_tdls_add_setup_cfm_ies(struct ieee80211_sub_if_data *sdata, 543 struct sk_buff *skb, const u8 *peer, 544 bool initiator, const u8 *extra_ies, 545 size_t extra_ies_len) 546{ 547 struct ieee80211_local *local = sdata->local; 548 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 549 size_t offset = 0, noffset; 550 struct sta_info *sta, *ap_sta; 551 struct ieee80211_supported_band *sband; 552 u8 *pos; 553 554 sband = ieee80211_get_sband(sdata); 555 if (!sband) 556 return; 557 558 mutex_lock(&local->sta_mtx); 559 560 sta = sta_info_get(sdata, peer); 561 ap_sta = sta_info_get(sdata, ifmgd->bssid); 562 if (WARN_ON_ONCE(!sta || !ap_sta)) { 563 mutex_unlock(&local->sta_mtx); 564 return; 565 } 566 567 sta->tdls_chandef = sdata->vif.bss_conf.chandef; 568 569 /* add any custom IEs that go before the QoS IE */ 570 if (extra_ies_len) { 571 static const u8 before_qos[] = { 572 WLAN_EID_RSN, 573 }; 574 noffset = ieee80211_ie_split(extra_ies, extra_ies_len, 575 before_qos, 576 ARRAY_SIZE(before_qos), 577 offset); 578 skb_put_data(skb, extra_ies + offset, noffset - offset); 579 offset = noffset; 580 } 581 582 /* add the QoS param IE if both the peer and we support it */ 583 if (local->hw.queues >= IEEE80211_NUM_ACS && sta->sta.wme) 584 ieee80211_tdls_add_wmm_param_ie(sdata, skb); 585 586 /* add any custom IEs that go before HT operation */ 587 if (extra_ies_len) { 588 static const u8 before_ht_op[] = { 589 WLAN_EID_RSN, 590 WLAN_EID_QOS_CAPA, 591 WLAN_EID_FAST_BSS_TRANSITION, 592 WLAN_EID_TIMEOUT_INTERVAL, 593 }; 594 noffset = ieee80211_ie_split(extra_ies, extra_ies_len, 595 before_ht_op, 596 ARRAY_SIZE(before_ht_op), 597 offset); 598 skb_put_data(skb, extra_ies + offset, noffset - offset); 599 offset = noffset; 600 } 601 602 /* 603 * if HT support is only added in TDLS, we need an HT-operation IE. 604 * add the IE as required by IEEE802.11-2012 9.23.3.2. 605 */ 606 if (!ap_sta->sta.deflink.ht_cap.ht_supported && sta->sta.deflink.ht_cap.ht_supported) { 607 u16 prot = IEEE80211_HT_OP_MODE_PROTECTION_NONHT_MIXED | 608 IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT | 609 IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT; 610 611 pos = skb_put(skb, 2 + sizeof(struct ieee80211_ht_operation)); 612 ieee80211_ie_build_ht_oper(pos, &sta->sta.deflink.ht_cap, 613 &sdata->vif.bss_conf.chandef, prot, 614 true); 615 } 616 617 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator); 618 619 /* only include VHT-operation if not on the 2.4GHz band */ 620 if (sband->band != NL80211_BAND_2GHZ && 621 sta->sta.deflink.vht_cap.vht_supported) { 622 /* 623 * if both peers support WIDER_BW, we can expand the chandef to 624 * a wider compatible one, up to 80MHz 625 */ 626 if (test_sta_flag(sta, WLAN_STA_TDLS_WIDER_BW)) 627 ieee80211_tdls_chandef_vht_upgrade(sdata, sta); 628 629 pos = skb_put(skb, 2 + sizeof(struct ieee80211_vht_operation)); 630 ieee80211_ie_build_vht_oper(pos, &sta->sta.deflink.vht_cap, 631 &sta->tdls_chandef); 632 } 633 634 mutex_unlock(&local->sta_mtx); 635 636 /* add any remaining IEs */ 637 if (extra_ies_len) { 638 noffset = extra_ies_len; 639 skb_put_data(skb, extra_ies + offset, noffset - offset); 640 } 641} 642 643static void 644ieee80211_tdls_add_chan_switch_req_ies(struct ieee80211_sub_if_data *sdata, 645 struct sk_buff *skb, const u8 *peer, 646 bool initiator, const u8 *extra_ies, 647 size_t extra_ies_len, u8 oper_class, 648 struct cfg80211_chan_def *chandef) 649{ 650 struct ieee80211_tdls_data *tf; 651 size_t offset = 0, noffset; 652 653 if (WARN_ON_ONCE(!chandef)) 654 return; 655 656 tf = (void *)skb->data; 657 tf->u.chan_switch_req.target_channel = 658 ieee80211_frequency_to_channel(chandef->chan->center_freq); 659 tf->u.chan_switch_req.oper_class = oper_class; 660 661 if (extra_ies_len) { 662 static const u8 before_lnkie[] = { 663 WLAN_EID_SECONDARY_CHANNEL_OFFSET, 664 }; 665 noffset = ieee80211_ie_split(extra_ies, extra_ies_len, 666 before_lnkie, 667 ARRAY_SIZE(before_lnkie), 668 offset); 669 skb_put_data(skb, extra_ies + offset, noffset - offset); 670 offset = noffset; 671 } 672 673 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator); 674 675 /* add any remaining IEs */ 676 if (extra_ies_len) { 677 noffset = extra_ies_len; 678 skb_put_data(skb, extra_ies + offset, noffset - offset); 679 } 680} 681 682static void 683ieee80211_tdls_add_chan_switch_resp_ies(struct ieee80211_sub_if_data *sdata, 684 struct sk_buff *skb, const u8 *peer, 685 u16 status_code, bool initiator, 686 const u8 *extra_ies, 687 size_t extra_ies_len) 688{ 689 if (status_code == 0) 690 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator); 691 692 if (extra_ies_len) 693 skb_put_data(skb, extra_ies, extra_ies_len); 694} 695 696static void ieee80211_tdls_add_ies(struct ieee80211_sub_if_data *sdata, 697 struct sk_buff *skb, const u8 *peer, 698 u8 action_code, u16 status_code, 699 bool initiator, const u8 *extra_ies, 700 size_t extra_ies_len, u8 oper_class, 701 struct cfg80211_chan_def *chandef) 702{ 703 switch (action_code) { 704 case WLAN_TDLS_SETUP_REQUEST: 705 case WLAN_TDLS_SETUP_RESPONSE: 706 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES: 707 if (status_code == 0) 708 ieee80211_tdls_add_setup_start_ies(sdata, skb, peer, 709 action_code, 710 initiator, 711 extra_ies, 712 extra_ies_len); 713 break; 714 case WLAN_TDLS_SETUP_CONFIRM: 715 if (status_code == 0) 716 ieee80211_tdls_add_setup_cfm_ies(sdata, skb, peer, 717 initiator, extra_ies, 718 extra_ies_len); 719 break; 720 case WLAN_TDLS_TEARDOWN: 721 case WLAN_TDLS_DISCOVERY_REQUEST: 722 if (extra_ies_len) 723 skb_put_data(skb, extra_ies, extra_ies_len); 724 if (status_code == 0 || action_code == WLAN_TDLS_TEARDOWN) 725 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator); 726 break; 727 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST: 728 ieee80211_tdls_add_chan_switch_req_ies(sdata, skb, peer, 729 initiator, extra_ies, 730 extra_ies_len, 731 oper_class, chandef); 732 break; 733 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE: 734 ieee80211_tdls_add_chan_switch_resp_ies(sdata, skb, peer, 735 status_code, 736 initiator, extra_ies, 737 extra_ies_len); 738 break; 739 } 740 741} 742 743static int 744ieee80211_prep_tdls_encap_data(struct wiphy *wiphy, struct net_device *dev, 745 const u8 *peer, u8 action_code, u8 dialog_token, 746 u16 status_code, struct sk_buff *skb) 747{ 748 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 749 struct ieee80211_tdls_data *tf; 750 751 tf = skb_put(skb, offsetof(struct ieee80211_tdls_data, u)); 752 753 memcpy(tf->da, peer, ETH_ALEN); 754 memcpy(tf->sa, sdata->vif.addr, ETH_ALEN); 755 tf->ether_type = cpu_to_be16(ETH_P_TDLS); 756 tf->payload_type = WLAN_TDLS_SNAP_RFTYPE; 757 758 /* network header is after the ethernet header */ 759 skb_set_network_header(skb, ETH_HLEN); 760 761 switch (action_code) { 762 case WLAN_TDLS_SETUP_REQUEST: 763 tf->category = WLAN_CATEGORY_TDLS; 764 tf->action_code = WLAN_TDLS_SETUP_REQUEST; 765 766 skb_put(skb, sizeof(tf->u.setup_req)); 767 tf->u.setup_req.dialog_token = dialog_token; 768 tf->u.setup_req.capability = 769 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata, 770 status_code)); 771 break; 772 case WLAN_TDLS_SETUP_RESPONSE: 773 tf->category = WLAN_CATEGORY_TDLS; 774 tf->action_code = WLAN_TDLS_SETUP_RESPONSE; 775 776 skb_put(skb, sizeof(tf->u.setup_resp)); 777 tf->u.setup_resp.status_code = cpu_to_le16(status_code); 778 tf->u.setup_resp.dialog_token = dialog_token; 779 tf->u.setup_resp.capability = 780 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata, 781 status_code)); 782 break; 783 case WLAN_TDLS_SETUP_CONFIRM: 784 tf->category = WLAN_CATEGORY_TDLS; 785 tf->action_code = WLAN_TDLS_SETUP_CONFIRM; 786 787 skb_put(skb, sizeof(tf->u.setup_cfm)); 788 tf->u.setup_cfm.status_code = cpu_to_le16(status_code); 789 tf->u.setup_cfm.dialog_token = dialog_token; 790 break; 791 case WLAN_TDLS_TEARDOWN: 792 tf->category = WLAN_CATEGORY_TDLS; 793 tf->action_code = WLAN_TDLS_TEARDOWN; 794 795 skb_put(skb, sizeof(tf->u.teardown)); 796 tf->u.teardown.reason_code = cpu_to_le16(status_code); 797 break; 798 case WLAN_TDLS_DISCOVERY_REQUEST: 799 tf->category = WLAN_CATEGORY_TDLS; 800 tf->action_code = WLAN_TDLS_DISCOVERY_REQUEST; 801 802 skb_put(skb, sizeof(tf->u.discover_req)); 803 tf->u.discover_req.dialog_token = dialog_token; 804 break; 805 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST: 806 tf->category = WLAN_CATEGORY_TDLS; 807 tf->action_code = WLAN_TDLS_CHANNEL_SWITCH_REQUEST; 808 809 skb_put(skb, sizeof(tf->u.chan_switch_req)); 810 break; 811 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE: 812 tf->category = WLAN_CATEGORY_TDLS; 813 tf->action_code = WLAN_TDLS_CHANNEL_SWITCH_RESPONSE; 814 815 skb_put(skb, sizeof(tf->u.chan_switch_resp)); 816 tf->u.chan_switch_resp.status_code = cpu_to_le16(status_code); 817 break; 818 default: 819 return -EINVAL; 820 } 821 822 return 0; 823} 824 825static int 826ieee80211_prep_tdls_direct(struct wiphy *wiphy, struct net_device *dev, 827 const u8 *peer, u8 action_code, u8 dialog_token, 828 u16 status_code, struct sk_buff *skb) 829{ 830 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 831 struct ieee80211_mgmt *mgmt; 832 833 mgmt = skb_put_zero(skb, 24); 834 memcpy(mgmt->da, peer, ETH_ALEN); 835 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 836 memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN); 837 838 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 839 IEEE80211_STYPE_ACTION); 840 841 switch (action_code) { 842 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES: 843 skb_put(skb, 1 + sizeof(mgmt->u.action.u.tdls_discover_resp)); 844 mgmt->u.action.category = WLAN_CATEGORY_PUBLIC; 845 mgmt->u.action.u.tdls_discover_resp.action_code = 846 WLAN_PUB_ACTION_TDLS_DISCOVER_RES; 847 mgmt->u.action.u.tdls_discover_resp.dialog_token = 848 dialog_token; 849 mgmt->u.action.u.tdls_discover_resp.capability = 850 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata, 851 status_code)); 852 break; 853 default: 854 return -EINVAL; 855 } 856 857 return 0; 858} 859 860static struct sk_buff * 861ieee80211_tdls_build_mgmt_packet_data(struct ieee80211_sub_if_data *sdata, 862 const u8 *peer, u8 action_code, 863 u8 dialog_token, u16 status_code, 864 bool initiator, const u8 *extra_ies, 865 size_t extra_ies_len, u8 oper_class, 866 struct cfg80211_chan_def *chandef) 867{ 868 struct ieee80211_local *local = sdata->local; 869 struct sk_buff *skb; 870 int ret; 871 872 skb = netdev_alloc_skb(sdata->dev, 873 local->hw.extra_tx_headroom + 874 max(sizeof(struct ieee80211_mgmt), 875 sizeof(struct ieee80211_tdls_data)) + 876 50 + /* supported rates */ 877 10 + /* ext capab */ 878 26 + /* max(WMM-info, WMM-param) */ 879 2 + max(sizeof(struct ieee80211_ht_cap), 880 sizeof(struct ieee80211_ht_operation)) + 881 2 + max(sizeof(struct ieee80211_vht_cap), 882 sizeof(struct ieee80211_vht_operation)) + 883 50 + /* supported channels */ 884 3 + /* 40/20 BSS coex */ 885 4 + /* AID */ 886 4 + /* oper classes */ 887 extra_ies_len + 888 sizeof(struct ieee80211_tdls_lnkie)); 889 if (!skb) 890 return NULL; 891 892 skb_reserve(skb, local->hw.extra_tx_headroom); 893 894 switch (action_code) { 895 case WLAN_TDLS_SETUP_REQUEST: 896 case WLAN_TDLS_SETUP_RESPONSE: 897 case WLAN_TDLS_SETUP_CONFIRM: 898 case WLAN_TDLS_TEARDOWN: 899 case WLAN_TDLS_DISCOVERY_REQUEST: 900 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST: 901 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE: 902 ret = ieee80211_prep_tdls_encap_data(local->hw.wiphy, 903 sdata->dev, peer, 904 action_code, dialog_token, 905 status_code, skb); 906 break; 907 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES: 908 ret = ieee80211_prep_tdls_direct(local->hw.wiphy, sdata->dev, 909 peer, action_code, 910 dialog_token, status_code, 911 skb); 912 break; 913 default: 914 ret = -ENOTSUPP; 915 break; 916 } 917 918 if (ret < 0) 919 goto fail; 920 921 ieee80211_tdls_add_ies(sdata, skb, peer, action_code, status_code, 922 initiator, extra_ies, extra_ies_len, oper_class, 923 chandef); 924 return skb; 925 926fail: 927 dev_kfree_skb(skb); 928 return NULL; 929} 930 931static int 932ieee80211_tdls_prep_mgmt_packet(struct wiphy *wiphy, struct net_device *dev, 933 const u8 *peer, u8 action_code, u8 dialog_token, 934 u16 status_code, u32 peer_capability, 935 bool initiator, const u8 *extra_ies, 936 size_t extra_ies_len, u8 oper_class, 937 struct cfg80211_chan_def *chandef) 938{ 939 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 940 struct sk_buff *skb = NULL; 941 struct sta_info *sta; 942 u32 flags = 0; 943 int ret = 0; 944 945 rcu_read_lock(); 946 sta = sta_info_get(sdata, peer); 947 948 /* infer the initiator if we can, to support old userspace */ 949 switch (action_code) { 950 case WLAN_TDLS_SETUP_REQUEST: 951 if (sta) { 952 set_sta_flag(sta, WLAN_STA_TDLS_INITIATOR); 953 sta->sta.tdls_initiator = false; 954 } 955 fallthrough; 956 case WLAN_TDLS_SETUP_CONFIRM: 957 case WLAN_TDLS_DISCOVERY_REQUEST: 958 initiator = true; 959 break; 960 case WLAN_TDLS_SETUP_RESPONSE: 961 /* 962 * In some testing scenarios, we send a request and response. 963 * Make the last packet sent take effect for the initiator 964 * value. 965 */ 966 if (sta) { 967 clear_sta_flag(sta, WLAN_STA_TDLS_INITIATOR); 968 sta->sta.tdls_initiator = true; 969 } 970 fallthrough; 971 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES: 972 initiator = false; 973 break; 974 case WLAN_TDLS_TEARDOWN: 975 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST: 976 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE: 977 /* any value is ok */ 978 break; 979 default: 980 ret = -ENOTSUPP; 981 break; 982 } 983 984 if (sta && test_sta_flag(sta, WLAN_STA_TDLS_INITIATOR)) 985 initiator = true; 986 987 rcu_read_unlock(); 988 if (ret < 0) 989 goto fail; 990 991 skb = ieee80211_tdls_build_mgmt_packet_data(sdata, peer, action_code, 992 dialog_token, status_code, 993 initiator, extra_ies, 994 extra_ies_len, oper_class, 995 chandef); 996 if (!skb) { 997 ret = -EINVAL; 998 goto fail; 999 } 1000 1001 if (action_code == WLAN_PUB_ACTION_TDLS_DISCOVER_RES) { 1002 ieee80211_tx_skb(sdata, skb); 1003 return 0; 1004 } 1005 1006 /* 1007 * According to 802.11z: Setup req/resp are sent in AC_BK, otherwise 1008 * we should default to AC_VI. 1009 */ 1010 switch (action_code) { 1011 case WLAN_TDLS_SETUP_REQUEST: 1012 case WLAN_TDLS_SETUP_RESPONSE: 1013 skb->priority = 256 + 2; 1014 break; 1015 default: 1016 skb->priority = 256 + 5; 1017 break; 1018 } 1019 skb_set_queue_mapping(skb, ieee80211_select_queue(sdata, skb)); 1020 1021 /* 1022 * Set the WLAN_TDLS_TEARDOWN flag to indicate a teardown in progress. 1023 * Later, if no ACK is returned from peer, we will re-send the teardown 1024 * packet through the AP. 1025 */ 1026 if ((action_code == WLAN_TDLS_TEARDOWN) && 1027 ieee80211_hw_check(&sdata->local->hw, REPORTS_TX_ACK_STATUS)) { 1028 bool try_resend; /* Should we keep skb for possible resend */ 1029 1030 /* If not sending directly to peer - no point in keeping skb */ 1031 rcu_read_lock(); 1032 sta = sta_info_get(sdata, peer); 1033 try_resend = sta && test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH); 1034 rcu_read_unlock(); 1035 1036 spin_lock_bh(&sdata->u.mgd.teardown_lock); 1037 if (try_resend && !sdata->u.mgd.teardown_skb) { 1038 /* Mark it as requiring TX status callback */ 1039 flags |= IEEE80211_TX_CTL_REQ_TX_STATUS | 1040 IEEE80211_TX_INTFL_MLME_CONN_TX; 1041 1042 /* 1043 * skb is copied since mac80211 will later set 1044 * properties that might not be the same as the AP, 1045 * such as encryption, QoS, addresses, etc. 1046 * 1047 * No problem if skb_copy() fails, so no need to check. 1048 */ 1049 sdata->u.mgd.teardown_skb = skb_copy(skb, GFP_ATOMIC); 1050 sdata->u.mgd.orig_teardown_skb = skb; 1051 } 1052 spin_unlock_bh(&sdata->u.mgd.teardown_lock); 1053 } 1054 1055 /* disable bottom halves when entering the Tx path */ 1056 local_bh_disable(); 1057 __ieee80211_subif_start_xmit(skb, dev, flags, 0, NULL); 1058 local_bh_enable(); 1059 1060 return ret; 1061 1062fail: 1063 dev_kfree_skb(skb); 1064 return ret; 1065} 1066 1067static int 1068ieee80211_tdls_mgmt_setup(struct wiphy *wiphy, struct net_device *dev, 1069 const u8 *peer, u8 action_code, u8 dialog_token, 1070 u16 status_code, u32 peer_capability, bool initiator, 1071 const u8 *extra_ies, size_t extra_ies_len) 1072{ 1073 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1074 struct ieee80211_local *local = sdata->local; 1075 enum ieee80211_smps_mode smps_mode = sdata->u.mgd.driver_smps_mode; 1076 int ret; 1077 1078 /* don't support setup with forced SMPS mode that's not off */ 1079 if (smps_mode != IEEE80211_SMPS_AUTOMATIC && 1080 smps_mode != IEEE80211_SMPS_OFF) { 1081 tdls_dbg(sdata, "Aborting TDLS setup due to SMPS mode %d\n", 1082 smps_mode); 1083 return -ENOTSUPP; 1084 } 1085 1086 mutex_lock(&local->mtx); 1087 1088 /* we don't support concurrent TDLS peer setups */ 1089 if (!is_zero_ether_addr(sdata->u.mgd.tdls_peer) && 1090 !ether_addr_equal(sdata->u.mgd.tdls_peer, peer)) { 1091 ret = -EBUSY; 1092 goto out_unlock; 1093 } 1094 1095 /* 1096 * make sure we have a STA representing the peer so we drop or buffer 1097 * non-TDLS-setup frames to the peer. We can't send other packets 1098 * during setup through the AP path. 1099 * Allow error packets to be sent - sometimes we don't even add a STA 1100 * before failing the setup. 1101 */ 1102 if (status_code == 0) { 1103 rcu_read_lock(); 1104 if (!sta_info_get(sdata, peer)) { 1105 rcu_read_unlock(); 1106 ret = -ENOLINK; 1107 goto out_unlock; 1108 } 1109 rcu_read_unlock(); 1110 } 1111 1112 ieee80211_flush_queues(local, sdata, false); 1113 memcpy(sdata->u.mgd.tdls_peer, peer, ETH_ALEN); 1114 mutex_unlock(&local->mtx); 1115 1116 /* we cannot take the mutex while preparing the setup packet */ 1117 ret = ieee80211_tdls_prep_mgmt_packet(wiphy, dev, peer, action_code, 1118 dialog_token, status_code, 1119 peer_capability, initiator, 1120 extra_ies, extra_ies_len, 0, 1121 NULL); 1122 if (ret < 0) { 1123 mutex_lock(&local->mtx); 1124 eth_zero_addr(sdata->u.mgd.tdls_peer); 1125 mutex_unlock(&local->mtx); 1126 return ret; 1127 } 1128 1129 ieee80211_queue_delayed_work(&sdata->local->hw, 1130 &sdata->u.mgd.tdls_peer_del_work, 1131 TDLS_PEER_SETUP_TIMEOUT); 1132 return 0; 1133 1134out_unlock: 1135 mutex_unlock(&local->mtx); 1136 return ret; 1137} 1138 1139static int 1140ieee80211_tdls_mgmt_teardown(struct wiphy *wiphy, struct net_device *dev, 1141 const u8 *peer, u8 action_code, u8 dialog_token, 1142 u16 status_code, u32 peer_capability, 1143 bool initiator, const u8 *extra_ies, 1144 size_t extra_ies_len) 1145{ 1146 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1147 struct ieee80211_local *local = sdata->local; 1148 struct sta_info *sta; 1149 int ret; 1150 1151 /* 1152 * No packets can be transmitted to the peer via the AP during setup - 1153 * the STA is set as a TDLS peer, but is not authorized. 1154 * During teardown, we prevent direct transmissions by stopping the 1155 * queues and flushing all direct packets. 1156 */ 1157 ieee80211_stop_vif_queues(local, sdata, 1158 IEEE80211_QUEUE_STOP_REASON_TDLS_TEARDOWN); 1159 ieee80211_flush_queues(local, sdata, false); 1160 1161 ret = ieee80211_tdls_prep_mgmt_packet(wiphy, dev, peer, action_code, 1162 dialog_token, status_code, 1163 peer_capability, initiator, 1164 extra_ies, extra_ies_len, 0, 1165 NULL); 1166 if (ret < 0) 1167 sdata_err(sdata, "Failed sending TDLS teardown packet %d\n", 1168 ret); 1169 1170 /* 1171 * Remove the STA AUTH flag to force further traffic through the AP. If 1172 * the STA was unreachable, it was already removed. 1173 */ 1174 rcu_read_lock(); 1175 sta = sta_info_get(sdata, peer); 1176 if (sta) 1177 clear_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH); 1178 rcu_read_unlock(); 1179 1180 ieee80211_wake_vif_queues(local, sdata, 1181 IEEE80211_QUEUE_STOP_REASON_TDLS_TEARDOWN); 1182 1183 return 0; 1184} 1185 1186int ieee80211_tdls_mgmt(struct wiphy *wiphy, struct net_device *dev, 1187 const u8 *peer, u8 action_code, u8 dialog_token, 1188 u16 status_code, u32 peer_capability, 1189 bool initiator, const u8 *extra_ies, 1190 size_t extra_ies_len) 1191{ 1192 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1193 int ret; 1194 1195 if (!(wiphy->flags & WIPHY_FLAG_SUPPORTS_TDLS)) 1196 return -ENOTSUPP; 1197 1198 /* make sure we are in managed mode, and associated */ 1199 if (sdata->vif.type != NL80211_IFTYPE_STATION || 1200 !sdata->u.mgd.associated) 1201 return -EINVAL; 1202 1203 switch (action_code) { 1204 case WLAN_TDLS_SETUP_REQUEST: 1205 case WLAN_TDLS_SETUP_RESPONSE: 1206 ret = ieee80211_tdls_mgmt_setup(wiphy, dev, peer, action_code, 1207 dialog_token, status_code, 1208 peer_capability, initiator, 1209 extra_ies, extra_ies_len); 1210 break; 1211 case WLAN_TDLS_TEARDOWN: 1212 ret = ieee80211_tdls_mgmt_teardown(wiphy, dev, peer, 1213 action_code, dialog_token, 1214 status_code, 1215 peer_capability, initiator, 1216 extra_ies, extra_ies_len); 1217 break; 1218 case WLAN_TDLS_DISCOVERY_REQUEST: 1219 /* 1220 * Protect the discovery so we can hear the TDLS discovery 1221 * response frame. It is transmitted directly and not buffered 1222 * by the AP. 1223 */ 1224 drv_mgd_protect_tdls_discover(sdata->local, sdata); 1225 fallthrough; 1226 case WLAN_TDLS_SETUP_CONFIRM: 1227 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES: 1228 /* no special handling */ 1229 ret = ieee80211_tdls_prep_mgmt_packet(wiphy, dev, peer, 1230 action_code, 1231 dialog_token, 1232 status_code, 1233 peer_capability, 1234 initiator, extra_ies, 1235 extra_ies_len, 0, NULL); 1236 break; 1237 default: 1238 ret = -EOPNOTSUPP; 1239 break; 1240 } 1241 1242 tdls_dbg(sdata, "TDLS mgmt action %d peer %pM status %d\n", 1243 action_code, peer, ret); 1244 return ret; 1245} 1246 1247static void iee80211_tdls_recalc_chanctx(struct ieee80211_sub_if_data *sdata, 1248 struct sta_info *sta) 1249{ 1250 struct ieee80211_local *local = sdata->local; 1251 struct ieee80211_chanctx_conf *conf; 1252 struct ieee80211_chanctx *ctx; 1253 enum nl80211_chan_width width; 1254 struct ieee80211_supported_band *sband; 1255 1256 mutex_lock(&local->chanctx_mtx); 1257 conf = rcu_dereference_protected(sdata->vif.chanctx_conf, 1258 lockdep_is_held(&local->chanctx_mtx)); 1259 if (conf) { 1260 width = conf->def.width; 1261 sband = local->hw.wiphy->bands[conf->def.chan->band]; 1262 ctx = container_of(conf, struct ieee80211_chanctx, conf); 1263 ieee80211_recalc_chanctx_chantype(local, ctx); 1264 1265 /* if width changed and a peer is given, update its BW */ 1266 if (width != conf->def.width && sta && 1267 test_sta_flag(sta, WLAN_STA_TDLS_WIDER_BW)) { 1268 enum ieee80211_sta_rx_bandwidth bw; 1269 1270 bw = ieee80211_chan_width_to_rx_bw(conf->def.width); 1271 bw = min(bw, ieee80211_sta_cap_rx_bw(sta)); 1272 if (bw != sta->sta.deflink.bandwidth) { 1273 sta->sta.deflink.bandwidth = bw; 1274 rate_control_rate_update(local, sband, sta, 1275 IEEE80211_RC_BW_CHANGED); 1276 /* 1277 * if a TDLS peer BW was updated, we need to 1278 * recalc the chandef width again, to get the 1279 * correct chanctx min_def 1280 */ 1281 ieee80211_recalc_chanctx_chantype(local, ctx); 1282 } 1283 } 1284 1285 } 1286 mutex_unlock(&local->chanctx_mtx); 1287} 1288 1289static int iee80211_tdls_have_ht_peers(struct ieee80211_sub_if_data *sdata) 1290{ 1291 struct sta_info *sta; 1292 bool result = false; 1293 1294 rcu_read_lock(); 1295 list_for_each_entry_rcu(sta, &sdata->local->sta_list, list) { 1296 if (!sta->sta.tdls || sta->sdata != sdata || !sta->uploaded || 1297 !test_sta_flag(sta, WLAN_STA_AUTHORIZED) || 1298 !test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH) || 1299 !sta->sta.deflink.ht_cap.ht_supported) 1300 continue; 1301 result = true; 1302 break; 1303 } 1304 rcu_read_unlock(); 1305 1306 return result; 1307} 1308 1309static void 1310iee80211_tdls_recalc_ht_protection(struct ieee80211_sub_if_data *sdata, 1311 struct sta_info *sta) 1312{ 1313 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1314 bool tdls_ht; 1315 u16 protection = IEEE80211_HT_OP_MODE_PROTECTION_NONHT_MIXED | 1316 IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT | 1317 IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT; 1318 u16 opmode; 1319 1320 /* Nothing to do if the BSS connection uses HT */ 1321 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) 1322 return; 1323 1324 tdls_ht = (sta && sta->sta.deflink.ht_cap.ht_supported) || 1325 iee80211_tdls_have_ht_peers(sdata); 1326 1327 opmode = sdata->vif.bss_conf.ht_operation_mode; 1328 1329 if (tdls_ht) 1330 opmode |= protection; 1331 else 1332 opmode &= ~protection; 1333 1334 if (opmode == sdata->vif.bss_conf.ht_operation_mode) 1335 return; 1336 1337 sdata->vif.bss_conf.ht_operation_mode = opmode; 1338 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_HT); 1339} 1340 1341int ieee80211_tdls_oper(struct wiphy *wiphy, struct net_device *dev, 1342 const u8 *peer, enum nl80211_tdls_operation oper) 1343{ 1344 struct sta_info *sta; 1345 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1346 struct ieee80211_local *local = sdata->local; 1347 int ret; 1348 1349 if (!(wiphy->flags & WIPHY_FLAG_SUPPORTS_TDLS)) 1350 return -ENOTSUPP; 1351 1352 if (sdata->vif.type != NL80211_IFTYPE_STATION) 1353 return -EINVAL; 1354 1355 switch (oper) { 1356 case NL80211_TDLS_ENABLE_LINK: 1357 case NL80211_TDLS_DISABLE_LINK: 1358 break; 1359 case NL80211_TDLS_TEARDOWN: 1360 case NL80211_TDLS_SETUP: 1361 case NL80211_TDLS_DISCOVERY_REQ: 1362 /* We don't support in-driver setup/teardown/discovery */ 1363 return -ENOTSUPP; 1364 } 1365 1366 /* protect possible bss_conf changes and avoid concurrency in 1367 * ieee80211_bss_info_change_notify() 1368 */ 1369 sdata_lock(sdata); 1370 mutex_lock(&local->mtx); 1371 tdls_dbg(sdata, "TDLS oper %d peer %pM\n", oper, peer); 1372 1373 switch (oper) { 1374 case NL80211_TDLS_ENABLE_LINK: 1375 if (sdata->vif.csa_active) { 1376 tdls_dbg(sdata, "TDLS: disallow link during CSA\n"); 1377 ret = -EBUSY; 1378 break; 1379 } 1380 1381 mutex_lock(&local->sta_mtx); 1382 sta = sta_info_get(sdata, peer); 1383 if (!sta) { 1384 mutex_unlock(&local->sta_mtx); 1385 ret = -ENOLINK; 1386 break; 1387 } 1388 1389 iee80211_tdls_recalc_chanctx(sdata, sta); 1390 iee80211_tdls_recalc_ht_protection(sdata, sta); 1391 1392 set_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH); 1393 mutex_unlock(&local->sta_mtx); 1394 1395 WARN_ON_ONCE(is_zero_ether_addr(sdata->u.mgd.tdls_peer) || 1396 !ether_addr_equal(sdata->u.mgd.tdls_peer, peer)); 1397 ret = 0; 1398 break; 1399 case NL80211_TDLS_DISABLE_LINK: 1400 /* 1401 * The teardown message in ieee80211_tdls_mgmt_teardown() was 1402 * created while the queues were stopped, so it might still be 1403 * pending. Before flushing the queues we need to be sure the 1404 * message is handled by the tasklet handling pending messages, 1405 * otherwise we might start destroying the station before 1406 * sending the teardown packet. 1407 * Note that this only forces the tasklet to flush pendings - 1408 * not to stop the tasklet from rescheduling itself. 1409 */ 1410 tasklet_kill(&local->tx_pending_tasklet); 1411 /* flush a potentially queued teardown packet */ 1412 ieee80211_flush_queues(local, sdata, false); 1413 1414 ret = sta_info_destroy_addr(sdata, peer); 1415 1416 mutex_lock(&local->sta_mtx); 1417 iee80211_tdls_recalc_ht_protection(sdata, NULL); 1418 mutex_unlock(&local->sta_mtx); 1419 1420 iee80211_tdls_recalc_chanctx(sdata, NULL); 1421 break; 1422 default: 1423 ret = -ENOTSUPP; 1424 break; 1425 } 1426 1427 if (ret == 0 && ether_addr_equal(sdata->u.mgd.tdls_peer, peer)) { 1428 cancel_delayed_work(&sdata->u.mgd.tdls_peer_del_work); 1429 eth_zero_addr(sdata->u.mgd.tdls_peer); 1430 } 1431 1432 if (ret == 0) 1433 ieee80211_queue_work(&sdata->local->hw, 1434 &sdata->u.mgd.request_smps_work); 1435 1436 mutex_unlock(&local->mtx); 1437 sdata_unlock(sdata); 1438 return ret; 1439} 1440 1441void ieee80211_tdls_oper_request(struct ieee80211_vif *vif, const u8 *peer, 1442 enum nl80211_tdls_operation oper, 1443 u16 reason_code, gfp_t gfp) 1444{ 1445 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 1446 1447 if (vif->type != NL80211_IFTYPE_STATION || !vif->bss_conf.assoc) { 1448 sdata_err(sdata, "Discarding TDLS oper %d - not STA or disconnected\n", 1449 oper); 1450 return; 1451 } 1452 1453 cfg80211_tdls_oper_request(sdata->dev, peer, oper, reason_code, gfp); 1454} 1455EXPORT_SYMBOL(ieee80211_tdls_oper_request); 1456 1457static void 1458iee80211_tdls_add_ch_switch_timing(u8 *buf, u16 switch_time, u16 switch_timeout) 1459{ 1460 struct ieee80211_ch_switch_timing *ch_sw; 1461 1462 *buf++ = WLAN_EID_CHAN_SWITCH_TIMING; 1463 *buf++ = sizeof(struct ieee80211_ch_switch_timing); 1464 1465 ch_sw = (void *)buf; 1466 ch_sw->switch_time = cpu_to_le16(switch_time); 1467 ch_sw->switch_timeout = cpu_to_le16(switch_timeout); 1468} 1469 1470/* find switch timing IE in SKB ready for Tx */ 1471static const u8 *ieee80211_tdls_find_sw_timing_ie(struct sk_buff *skb) 1472{ 1473 struct ieee80211_tdls_data *tf; 1474 const u8 *ie_start; 1475 1476 /* 1477 * Get the offset for the new location of the switch timing IE. 1478 * The SKB network header will now point to the "payload_type" 1479 * element of the TDLS data frame struct. 1480 */ 1481 tf = container_of(skb->data + skb_network_offset(skb), 1482 struct ieee80211_tdls_data, payload_type); 1483 ie_start = tf->u.chan_switch_req.variable; 1484 return cfg80211_find_ie(WLAN_EID_CHAN_SWITCH_TIMING, ie_start, 1485 skb->len - (ie_start - skb->data)); 1486} 1487 1488static struct sk_buff * 1489ieee80211_tdls_ch_sw_tmpl_get(struct sta_info *sta, u8 oper_class, 1490 struct cfg80211_chan_def *chandef, 1491 u32 *ch_sw_tm_ie_offset) 1492{ 1493 struct ieee80211_sub_if_data *sdata = sta->sdata; 1494 u8 extra_ies[2 + sizeof(struct ieee80211_sec_chan_offs_ie) + 1495 2 + sizeof(struct ieee80211_ch_switch_timing)]; 1496 int extra_ies_len = 2 + sizeof(struct ieee80211_ch_switch_timing); 1497 u8 *pos = extra_ies; 1498 struct sk_buff *skb; 1499 1500 /* 1501 * if chandef points to a wide channel add a Secondary-Channel 1502 * Offset information element 1503 */ 1504 if (chandef->width == NL80211_CHAN_WIDTH_40) { 1505 struct ieee80211_sec_chan_offs_ie *sec_chan_ie; 1506 bool ht40plus; 1507 1508 *pos++ = WLAN_EID_SECONDARY_CHANNEL_OFFSET; 1509 *pos++ = sizeof(*sec_chan_ie); 1510 sec_chan_ie = (void *)pos; 1511 1512 ht40plus = cfg80211_get_chandef_type(chandef) == 1513 NL80211_CHAN_HT40PLUS; 1514 sec_chan_ie->sec_chan_offs = ht40plus ? 1515 IEEE80211_HT_PARAM_CHA_SEC_ABOVE : 1516 IEEE80211_HT_PARAM_CHA_SEC_BELOW; 1517 pos += sizeof(*sec_chan_ie); 1518 1519 extra_ies_len += 2 + sizeof(struct ieee80211_sec_chan_offs_ie); 1520 } 1521 1522 /* just set the values to 0, this is a template */ 1523 iee80211_tdls_add_ch_switch_timing(pos, 0, 0); 1524 1525 skb = ieee80211_tdls_build_mgmt_packet_data(sdata, sta->sta.addr, 1526 WLAN_TDLS_CHANNEL_SWITCH_REQUEST, 1527 0, 0, !sta->sta.tdls_initiator, 1528 extra_ies, extra_ies_len, 1529 oper_class, chandef); 1530 if (!skb) 1531 return NULL; 1532 1533 skb = ieee80211_build_data_template(sdata, skb, 0); 1534 if (IS_ERR(skb)) { 1535 tdls_dbg(sdata, "Failed building TDLS channel switch frame\n"); 1536 return NULL; 1537 } 1538 1539 if (ch_sw_tm_ie_offset) { 1540 const u8 *tm_ie = ieee80211_tdls_find_sw_timing_ie(skb); 1541 1542 if (!tm_ie) { 1543 tdls_dbg(sdata, "No switch timing IE in TDLS switch\n"); 1544 dev_kfree_skb_any(skb); 1545 return NULL; 1546 } 1547 1548 *ch_sw_tm_ie_offset = tm_ie - skb->data; 1549 } 1550 1551 tdls_dbg(sdata, 1552 "TDLS channel switch request template for %pM ch %d width %d\n", 1553 sta->sta.addr, chandef->chan->center_freq, chandef->width); 1554 return skb; 1555} 1556 1557int 1558ieee80211_tdls_channel_switch(struct wiphy *wiphy, struct net_device *dev, 1559 const u8 *addr, u8 oper_class, 1560 struct cfg80211_chan_def *chandef) 1561{ 1562 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1563 struct ieee80211_local *local = sdata->local; 1564 struct sta_info *sta; 1565 struct sk_buff *skb = NULL; 1566 u32 ch_sw_tm_ie; 1567 int ret; 1568 1569 if (chandef->chan->freq_offset) 1570 /* this may work, but is untested */ 1571 return -EOPNOTSUPP; 1572 1573 mutex_lock(&local->sta_mtx); 1574 sta = sta_info_get(sdata, addr); 1575 if (!sta) { 1576 tdls_dbg(sdata, 1577 "Invalid TDLS peer %pM for channel switch request\n", 1578 addr); 1579 ret = -ENOENT; 1580 goto out; 1581 } 1582 1583 if (!test_sta_flag(sta, WLAN_STA_TDLS_CHAN_SWITCH)) { 1584 tdls_dbg(sdata, "TDLS channel switch unsupported by %pM\n", 1585 addr); 1586 ret = -ENOTSUPP; 1587 goto out; 1588 } 1589 1590 skb = ieee80211_tdls_ch_sw_tmpl_get(sta, oper_class, chandef, 1591 &ch_sw_tm_ie); 1592 if (!skb) { 1593 ret = -ENOENT; 1594 goto out; 1595 } 1596 1597 ret = drv_tdls_channel_switch(local, sdata, &sta->sta, oper_class, 1598 chandef, skb, ch_sw_tm_ie); 1599 if (!ret) 1600 set_sta_flag(sta, WLAN_STA_TDLS_OFF_CHANNEL); 1601 1602out: 1603 mutex_unlock(&local->sta_mtx); 1604 dev_kfree_skb_any(skb); 1605 return ret; 1606} 1607 1608void 1609ieee80211_tdls_cancel_channel_switch(struct wiphy *wiphy, 1610 struct net_device *dev, 1611 const u8 *addr) 1612{ 1613 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1614 struct ieee80211_local *local = sdata->local; 1615 struct sta_info *sta; 1616 1617 mutex_lock(&local->sta_mtx); 1618 sta = sta_info_get(sdata, addr); 1619 if (!sta) { 1620 tdls_dbg(sdata, 1621 "Invalid TDLS peer %pM for channel switch cancel\n", 1622 addr); 1623 goto out; 1624 } 1625 1626 if (!test_sta_flag(sta, WLAN_STA_TDLS_OFF_CHANNEL)) { 1627 tdls_dbg(sdata, "TDLS channel switch not initiated by %pM\n", 1628 addr); 1629 goto out; 1630 } 1631 1632 drv_tdls_cancel_channel_switch(local, sdata, &sta->sta); 1633 clear_sta_flag(sta, WLAN_STA_TDLS_OFF_CHANNEL); 1634 1635out: 1636 mutex_unlock(&local->sta_mtx); 1637} 1638 1639static struct sk_buff * 1640ieee80211_tdls_ch_sw_resp_tmpl_get(struct sta_info *sta, 1641 u32 *ch_sw_tm_ie_offset) 1642{ 1643 struct ieee80211_sub_if_data *sdata = sta->sdata; 1644 struct sk_buff *skb; 1645 u8 extra_ies[2 + sizeof(struct ieee80211_ch_switch_timing)]; 1646 1647 /* initial timing are always zero in the template */ 1648 iee80211_tdls_add_ch_switch_timing(extra_ies, 0, 0); 1649 1650 skb = ieee80211_tdls_build_mgmt_packet_data(sdata, sta->sta.addr, 1651 WLAN_TDLS_CHANNEL_SWITCH_RESPONSE, 1652 0, 0, !sta->sta.tdls_initiator, 1653 extra_ies, sizeof(extra_ies), 0, NULL); 1654 if (!skb) 1655 return NULL; 1656 1657 skb = ieee80211_build_data_template(sdata, skb, 0); 1658 if (IS_ERR(skb)) { 1659 tdls_dbg(sdata, 1660 "Failed building TDLS channel switch resp frame\n"); 1661 return NULL; 1662 } 1663 1664 if (ch_sw_tm_ie_offset) { 1665 const u8 *tm_ie = ieee80211_tdls_find_sw_timing_ie(skb); 1666 1667 if (!tm_ie) { 1668 tdls_dbg(sdata, 1669 "No switch timing IE in TDLS switch resp\n"); 1670 dev_kfree_skb_any(skb); 1671 return NULL; 1672 } 1673 1674 *ch_sw_tm_ie_offset = tm_ie - skb->data; 1675 } 1676 1677 tdls_dbg(sdata, "TDLS get channel switch response template for %pM\n", 1678 sta->sta.addr); 1679 return skb; 1680} 1681 1682static int 1683ieee80211_process_tdls_channel_switch_resp(struct ieee80211_sub_if_data *sdata, 1684 struct sk_buff *skb) 1685{ 1686 struct ieee80211_local *local = sdata->local; 1687 struct ieee802_11_elems *elems = NULL; 1688 struct sta_info *sta; 1689 struct ieee80211_tdls_data *tf = (void *)skb->data; 1690 bool local_initiator; 1691 struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb); 1692 int baselen = offsetof(typeof(*tf), u.chan_switch_resp.variable); 1693 struct ieee80211_tdls_ch_sw_params params = {}; 1694 int ret; 1695 1696 params.action_code = WLAN_TDLS_CHANNEL_SWITCH_RESPONSE; 1697 params.timestamp = rx_status->device_timestamp; 1698 1699 if (skb->len < baselen) { 1700 tdls_dbg(sdata, "TDLS channel switch resp too short: %d\n", 1701 skb->len); 1702 return -EINVAL; 1703 } 1704 1705 mutex_lock(&local->sta_mtx); 1706 sta = sta_info_get(sdata, tf->sa); 1707 if (!sta || !test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH)) { 1708 tdls_dbg(sdata, "TDLS chan switch from non-peer sta %pM\n", 1709 tf->sa); 1710 ret = -EINVAL; 1711 goto out; 1712 } 1713 1714 params.sta = &sta->sta; 1715 params.status = le16_to_cpu(tf->u.chan_switch_resp.status_code); 1716 if (params.status != 0) { 1717 ret = 0; 1718 goto call_drv; 1719 } 1720 1721 elems = ieee802_11_parse_elems(tf->u.chan_switch_resp.variable, 1722 skb->len - baselen, false, NULL, NULL); 1723 if (!elems) { 1724 ret = -ENOMEM; 1725 goto out; 1726 } 1727 1728 if (elems->parse_error) { 1729 tdls_dbg(sdata, "Invalid IEs in TDLS channel switch resp\n"); 1730 ret = -EINVAL; 1731 goto out; 1732 } 1733 1734 if (!elems->ch_sw_timing || !elems->lnk_id) { 1735 tdls_dbg(sdata, "TDLS channel switch resp - missing IEs\n"); 1736 ret = -EINVAL; 1737 goto out; 1738 } 1739 1740 /* validate the initiator is set correctly */ 1741 local_initiator = 1742 !memcmp(elems->lnk_id->init_sta, sdata->vif.addr, ETH_ALEN); 1743 if (local_initiator == sta->sta.tdls_initiator) { 1744 tdls_dbg(sdata, "TDLS chan switch invalid lnk-id initiator\n"); 1745 ret = -EINVAL; 1746 goto out; 1747 } 1748 1749 params.switch_time = le16_to_cpu(elems->ch_sw_timing->switch_time); 1750 params.switch_timeout = le16_to_cpu(elems->ch_sw_timing->switch_timeout); 1751 1752 params.tmpl_skb = 1753 ieee80211_tdls_ch_sw_resp_tmpl_get(sta, ¶ms.ch_sw_tm_ie); 1754 if (!params.tmpl_skb) { 1755 ret = -ENOENT; 1756 goto out; 1757 } 1758 1759 ret = 0; 1760call_drv: 1761 drv_tdls_recv_channel_switch(sdata->local, sdata, ¶ms); 1762 1763 tdls_dbg(sdata, 1764 "TDLS channel switch response received from %pM status %d\n", 1765 tf->sa, params.status); 1766 1767out: 1768 mutex_unlock(&local->sta_mtx); 1769 dev_kfree_skb_any(params.tmpl_skb); 1770 kfree(elems); 1771 return ret; 1772} 1773 1774static int 1775ieee80211_process_tdls_channel_switch_req(struct ieee80211_sub_if_data *sdata, 1776 struct sk_buff *skb) 1777{ 1778 struct ieee80211_local *local = sdata->local; 1779 struct ieee802_11_elems *elems; 1780 struct cfg80211_chan_def chandef; 1781 struct ieee80211_channel *chan; 1782 enum nl80211_channel_type chan_type; 1783 int freq; 1784 u8 target_channel, oper_class; 1785 bool local_initiator; 1786 struct sta_info *sta; 1787 enum nl80211_band band; 1788 struct ieee80211_tdls_data *tf = (void *)skb->data; 1789 struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb); 1790 int baselen = offsetof(typeof(*tf), u.chan_switch_req.variable); 1791 struct ieee80211_tdls_ch_sw_params params = {}; 1792 int ret = 0; 1793 1794 params.action_code = WLAN_TDLS_CHANNEL_SWITCH_REQUEST; 1795 params.timestamp = rx_status->device_timestamp; 1796 1797 if (skb->len < baselen) { 1798 tdls_dbg(sdata, "TDLS channel switch req too short: %d\n", 1799 skb->len); 1800 return -EINVAL; 1801 } 1802 1803 target_channel = tf->u.chan_switch_req.target_channel; 1804 oper_class = tf->u.chan_switch_req.oper_class; 1805 1806 /* 1807 * We can't easily infer the channel band. The operating class is 1808 * ambiguous - there are multiple tables (US/Europe/JP/Global). The 1809 * solution here is to treat channels with number >14 as 5GHz ones, 1810 * and specifically check for the (oper_class, channel) combinations 1811 * where this doesn't hold. These are thankfully unique according to 1812 * IEEE802.11-2012. 1813 * We consider only the 2GHz and 5GHz bands and 20MHz+ channels as 1814 * valid here. 1815 */ 1816 if ((oper_class == 112 || oper_class == 2 || oper_class == 3 || 1817 oper_class == 4 || oper_class == 5 || oper_class == 6) && 1818 target_channel < 14) 1819 band = NL80211_BAND_5GHZ; 1820 else 1821 band = target_channel < 14 ? NL80211_BAND_2GHZ : 1822 NL80211_BAND_5GHZ; 1823 1824 freq = ieee80211_channel_to_frequency(target_channel, band); 1825 if (freq == 0) { 1826 tdls_dbg(sdata, "Invalid channel in TDLS chan switch: %d\n", 1827 target_channel); 1828 return -EINVAL; 1829 } 1830 1831 chan = ieee80211_get_channel(sdata->local->hw.wiphy, freq); 1832 if (!chan) { 1833 tdls_dbg(sdata, 1834 "Unsupported channel for TDLS chan switch: %d\n", 1835 target_channel); 1836 return -EINVAL; 1837 } 1838 1839 elems = ieee802_11_parse_elems(tf->u.chan_switch_req.variable, 1840 skb->len - baselen, false, NULL, NULL); 1841 if (!elems) 1842 return -ENOMEM; 1843 1844 if (elems->parse_error) { 1845 tdls_dbg(sdata, "Invalid IEs in TDLS channel switch req\n"); 1846 ret = -EINVAL; 1847 goto free; 1848 } 1849 1850 if (!elems->ch_sw_timing || !elems->lnk_id) { 1851 tdls_dbg(sdata, "TDLS channel switch req - missing IEs\n"); 1852 ret = -EINVAL; 1853 goto free; 1854 } 1855 1856 if (!elems->sec_chan_offs) { 1857 chan_type = NL80211_CHAN_HT20; 1858 } else { 1859 switch (elems->sec_chan_offs->sec_chan_offs) { 1860 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 1861 chan_type = NL80211_CHAN_HT40PLUS; 1862 break; 1863 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 1864 chan_type = NL80211_CHAN_HT40MINUS; 1865 break; 1866 default: 1867 chan_type = NL80211_CHAN_HT20; 1868 break; 1869 } 1870 } 1871 1872 cfg80211_chandef_create(&chandef, chan, chan_type); 1873 1874 /* we will be active on the TDLS link */ 1875 if (!cfg80211_reg_can_beacon_relax(sdata->local->hw.wiphy, &chandef, 1876 sdata->wdev.iftype)) { 1877 tdls_dbg(sdata, "TDLS chan switch to forbidden channel\n"); 1878 ret = -EINVAL; 1879 goto free; 1880 } 1881 1882 mutex_lock(&local->sta_mtx); 1883 sta = sta_info_get(sdata, tf->sa); 1884 if (!sta || !test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH)) { 1885 tdls_dbg(sdata, "TDLS chan switch from non-peer sta %pM\n", 1886 tf->sa); 1887 ret = -EINVAL; 1888 goto out; 1889 } 1890 1891 params.sta = &sta->sta; 1892 1893 /* validate the initiator is set correctly */ 1894 local_initiator = 1895 !memcmp(elems->lnk_id->init_sta, sdata->vif.addr, ETH_ALEN); 1896 if (local_initiator == sta->sta.tdls_initiator) { 1897 tdls_dbg(sdata, "TDLS chan switch invalid lnk-id initiator\n"); 1898 ret = -EINVAL; 1899 goto out; 1900 } 1901 1902 /* peer should have known better */ 1903 if (!sta->sta.deflink.ht_cap.ht_supported && elems->sec_chan_offs && 1904 elems->sec_chan_offs->sec_chan_offs) { 1905 tdls_dbg(sdata, "TDLS chan switch - wide chan unsupported\n"); 1906 ret = -ENOTSUPP; 1907 goto out; 1908 } 1909 1910 params.chandef = &chandef; 1911 params.switch_time = le16_to_cpu(elems->ch_sw_timing->switch_time); 1912 params.switch_timeout = le16_to_cpu(elems->ch_sw_timing->switch_timeout); 1913 1914 params.tmpl_skb = 1915 ieee80211_tdls_ch_sw_resp_tmpl_get(sta, 1916 ¶ms.ch_sw_tm_ie); 1917 if (!params.tmpl_skb) { 1918 ret = -ENOENT; 1919 goto out; 1920 } 1921 1922 drv_tdls_recv_channel_switch(sdata->local, sdata, ¶ms); 1923 1924 tdls_dbg(sdata, 1925 "TDLS ch switch request received from %pM ch %d width %d\n", 1926 tf->sa, params.chandef->chan->center_freq, 1927 params.chandef->width); 1928out: 1929 mutex_unlock(&local->sta_mtx); 1930 dev_kfree_skb_any(params.tmpl_skb); 1931free: 1932 kfree(elems); 1933 return ret; 1934} 1935 1936void 1937ieee80211_process_tdls_channel_switch(struct ieee80211_sub_if_data *sdata, 1938 struct sk_buff *skb) 1939{ 1940 struct ieee80211_tdls_data *tf = (void *)skb->data; 1941 struct wiphy *wiphy = sdata->local->hw.wiphy; 1942 1943 lockdep_assert_wiphy(wiphy); 1944 1945 /* make sure the driver supports it */ 1946 if (!(wiphy->features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH)) 1947 return; 1948 1949 /* we want to access the entire packet */ 1950 if (skb_linearize(skb)) 1951 return; 1952 /* 1953 * The packet/size was already validated by mac80211 Rx path, only look 1954 * at the action type. 1955 */ 1956 switch (tf->action_code) { 1957 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST: 1958 ieee80211_process_tdls_channel_switch_req(sdata, skb); 1959 break; 1960 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE: 1961 ieee80211_process_tdls_channel_switch_resp(sdata, skb); 1962 break; 1963 default: 1964 WARN_ON_ONCE(1); 1965 return; 1966 } 1967} 1968 1969void ieee80211_teardown_tdls_peers(struct ieee80211_sub_if_data *sdata) 1970{ 1971 struct sta_info *sta; 1972 u16 reason = WLAN_REASON_TDLS_TEARDOWN_UNSPECIFIED; 1973 1974 rcu_read_lock(); 1975 list_for_each_entry_rcu(sta, &sdata->local->sta_list, list) { 1976 if (!sta->sta.tdls || sta->sdata != sdata || !sta->uploaded || 1977 !test_sta_flag(sta, WLAN_STA_AUTHORIZED)) 1978 continue; 1979 1980 ieee80211_tdls_oper_request(&sdata->vif, sta->sta.addr, 1981 NL80211_TDLS_TEARDOWN, reason, 1982 GFP_ATOMIC); 1983 } 1984 rcu_read_unlock(); 1985} 1986 1987void ieee80211_tdls_handle_disconnect(struct ieee80211_sub_if_data *sdata, 1988 const u8 *peer, u16 reason) 1989{ 1990 struct ieee80211_sta *sta; 1991 1992 rcu_read_lock(); 1993 sta = ieee80211_find_sta(&sdata->vif, peer); 1994 if (!sta || !sta->tdls) { 1995 rcu_read_unlock(); 1996 return; 1997 } 1998 rcu_read_unlock(); 1999 2000 tdls_dbg(sdata, "disconnected from TDLS peer %pM (Reason: %u=%s)\n", 2001 peer, reason, 2002 ieee80211_get_reason_code_string(reason)); 2003 2004 ieee80211_tdls_oper_request(&sdata->vif, peer, 2005 NL80211_TDLS_TEARDOWN, 2006 WLAN_REASON_TDLS_TEARDOWN_UNREACHABLE, 2007 GFP_ATOMIC); 2008}