2 * mac80211 TDLS handling code
4 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net>
5 * Copyright 2014, Intel Corporation
6 * Copyright 2014 Intel Mobile Communications GmbH
7 * Copyright 2015 - 2016 Intel Deutschland GmbH
8 * Copyright (C) 2019 Intel Corporation
10 * This file is GPLv2 as found in COPYING.
13 #include <linux/ieee80211.h>
14 #include <linux/log2.h>
15 #include <net/cfg80211.h>
16 #include <linux/rtnetlink.h>
17 #include "ieee80211_i.h"
18 #include "driver-ops.h"
22 /* give usermode some time for retries in setting up the TDLS session */
23 #define TDLS_PEER_SETUP_TIMEOUT (15 * HZ)
25 void ieee80211_tdls_peer_del_work(struct work_struct *wk)
27 struct ieee80211_sub_if_data *sdata;
28 struct ieee80211_local *local;
30 sdata = container_of(wk, struct ieee80211_sub_if_data,
31 u.mgd.tdls_peer_del_work.work);
34 mutex_lock(&local->mtx);
35 if (!is_zero_ether_addr(sdata->u.mgd.tdls_peer)) {
36 tdls_dbg(sdata, "TDLS del peer %pM\n", sdata->u.mgd.tdls_peer);
37 sta_info_destroy_addr(sdata, sdata->u.mgd.tdls_peer);
38 eth_zero_addr(sdata->u.mgd.tdls_peer);
40 mutex_unlock(&local->mtx);
43 static void ieee80211_tdls_add_ext_capab(struct ieee80211_sub_if_data *sdata,
46 struct ieee80211_local *local = sdata->local;
47 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
48 bool chan_switch = local->hw.wiphy->features &
49 NL80211_FEATURE_TDLS_CHANNEL_SWITCH;
50 bool wider_band = ieee80211_hw_check(&local->hw, TDLS_WIDER_BW) &&
51 !ifmgd->tdls_wider_bw_prohibited;
52 bool buffer_sta = ieee80211_hw_check(&local->hw,
53 SUPPORTS_TDLS_BUFFER_STA);
54 struct ieee80211_supported_band *sband = ieee80211_get_sband(sdata);
55 bool vht = sband && sband->vht_cap.vht_supported;
56 u8 *pos = skb_put(skb, 10);
58 *pos++ = WLAN_EID_EXT_CAPABILITY;
63 *pos++ = (chan_switch ? WLAN_EXT_CAPA4_TDLS_CHAN_SWITCH : 0) |
64 (buffer_sta ? WLAN_EXT_CAPA4_TDLS_BUFFER_STA : 0);
65 *pos++ = WLAN_EXT_CAPA5_TDLS_ENABLED;
68 *pos++ = (vht && wider_band) ? WLAN_EXT_CAPA8_TDLS_WIDE_BW_ENABLED : 0;
72 ieee80211_tdls_add_subband(struct ieee80211_sub_if_data *sdata,
73 struct sk_buff *skb, u16 start, u16 end,
76 u8 subband_cnt = 0, ch_cnt = 0;
77 struct ieee80211_channel *ch;
78 struct cfg80211_chan_def chandef;
80 struct wiphy *wiphy = sdata->local->hw.wiphy;
82 for (i = start; i <= end; i += spacing) {
86 ch = ieee80211_get_channel(sdata->local->hw.wiphy, i);
88 /* we will be active on the channel */
89 cfg80211_chandef_create(&chandef, ch,
91 if (cfg80211_reg_can_beacon_relax(wiphy, &chandef,
92 sdata->wdev.iftype)) {
95 * check if the next channel is also part of
103 * we've reached the end of a range, with allowed channels
107 u8 *pos = skb_put(skb, 2);
108 *pos++ = ieee80211_frequency_to_channel(subband_start);
116 /* all channels in the requested range are allowed - add them here */
118 u8 *pos = skb_put(skb, 2);
119 *pos++ = ieee80211_frequency_to_channel(subband_start);
129 ieee80211_tdls_add_supp_channels(struct ieee80211_sub_if_data *sdata,
133 * Add possible channels for TDLS. These are channels that are allowed
137 u8 *pos = skb_put(skb, 2);
139 *pos++ = WLAN_EID_SUPPORTED_CHANNELS;
142 * 5GHz and 2GHz channels numbers can overlap. Ignore this for now, as
143 * this doesn't happen in real world scenarios.
146 /* 2GHz, with 5MHz spacing */
147 subband_cnt = ieee80211_tdls_add_subband(sdata, skb, 2412, 2472, 5);
149 /* 5GHz, with 20MHz spacing */
150 subband_cnt += ieee80211_tdls_add_subband(sdata, skb, 5000, 5825, 20);
153 *pos = 2 * subband_cnt;
156 static void ieee80211_tdls_add_oper_classes(struct ieee80211_sub_if_data *sdata,
162 if (!ieee80211_chandef_to_operating_class(&sdata->vif.bss_conf.chandef,
166 pos = skb_put(skb, 4);
167 *pos++ = WLAN_EID_SUPPORTED_REGULATORY_CLASSES;
168 *pos++ = 2; /* len */
171 *pos++ = op_class; /* give current operating class as alternate too */
174 static void ieee80211_tdls_add_bss_coex_ie(struct sk_buff *skb)
176 u8 *pos = skb_put(skb, 3);
178 *pos++ = WLAN_EID_BSS_COEX_2040;
179 *pos++ = 1; /* len */
181 *pos++ = WLAN_BSS_COEX_INFORMATION_REQUEST;
184 static u16 ieee80211_get_tdls_sta_capab(struct ieee80211_sub_if_data *sdata,
187 struct ieee80211_supported_band *sband;
189 /* The capability will be 0 when sending a failure code */
190 if (status_code != 0)
193 sband = ieee80211_get_sband(sdata);
194 if (sband && sband->band == NL80211_BAND_2GHZ) {
195 return WLAN_CAPABILITY_SHORT_SLOT_TIME |
196 WLAN_CAPABILITY_SHORT_PREAMBLE;
202 static void ieee80211_tdls_add_link_ie(struct ieee80211_sub_if_data *sdata,
203 struct sk_buff *skb, const u8 *peer,
206 struct ieee80211_tdls_lnkie *lnkid;
207 const u8 *init_addr, *rsp_addr;
210 init_addr = sdata->vif.addr;
214 rsp_addr = sdata->vif.addr;
217 lnkid = skb_put(skb, sizeof(struct ieee80211_tdls_lnkie));
219 lnkid->ie_type = WLAN_EID_LINK_ID;
220 lnkid->ie_len = sizeof(struct ieee80211_tdls_lnkie) - 2;
222 memcpy(lnkid->bssid, sdata->u.mgd.bssid, ETH_ALEN);
223 memcpy(lnkid->init_sta, init_addr, ETH_ALEN);
224 memcpy(lnkid->resp_sta, rsp_addr, ETH_ALEN);
228 ieee80211_tdls_add_aid(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb)
230 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
231 u8 *pos = skb_put(skb, 4);
233 *pos++ = WLAN_EID_AID;
234 *pos++ = 2; /* len */
235 put_unaligned_le16(ifmgd->aid, pos);
238 /* translate numbering in the WMM parameter IE to the mac80211 notation */
239 static enum ieee80211_ac_numbers ieee80211_ac_from_wmm(int ac)
246 return IEEE80211_AC_BE;
248 return IEEE80211_AC_BK;
250 return IEEE80211_AC_VI;
252 return IEEE80211_AC_VO;
256 static u8 ieee80211_wmm_aci_aifsn(int aifsn, bool acm, int aci)
263 ret |= (aci << 5) & 0x60;
267 static u8 ieee80211_wmm_ecw(u16 cw_min, u16 cw_max)
269 return ((ilog2(cw_min + 1) << 0x0) & 0x0f) |
270 ((ilog2(cw_max + 1) << 0x4) & 0xf0);
273 static void ieee80211_tdls_add_wmm_param_ie(struct ieee80211_sub_if_data *sdata,
276 struct ieee80211_wmm_param_ie *wmm;
277 struct ieee80211_tx_queue_params *txq;
280 wmm = skb_put_zero(skb, sizeof(*wmm));
282 wmm->element_id = WLAN_EID_VENDOR_SPECIFIC;
283 wmm->len = sizeof(*wmm) - 2;
285 wmm->oui[0] = 0x00; /* Microsoft OUI 00:50:F2 */
288 wmm->oui_type = 2; /* WME */
289 wmm->oui_subtype = 1; /* WME param */
290 wmm->version = 1; /* WME ver */
291 wmm->qos_info = 0; /* U-APSD not in use */
294 * Use the EDCA parameters defined for the BSS, or default if the AP
295 * doesn't support it, as mandated by 802.11-2012 section 10.22.4
297 for (i = 0; i < IEEE80211_NUM_ACS; i++) {
298 txq = &sdata->tx_conf[ieee80211_ac_from_wmm(i)];
299 wmm->ac[i].aci_aifsn = ieee80211_wmm_aci_aifsn(txq->aifs,
301 wmm->ac[i].cw = ieee80211_wmm_ecw(txq->cw_min, txq->cw_max);
302 wmm->ac[i].txop_limit = cpu_to_le16(txq->txop);
307 ieee80211_tdls_chandef_vht_upgrade(struct ieee80211_sub_if_data *sdata,
308 struct sta_info *sta)
310 /* IEEE802.11ac-2013 Table E-4 */
311 u16 centers_80mhz[] = { 5210, 5290, 5530, 5610, 5690, 5775 };
312 struct cfg80211_chan_def uc = sta->tdls_chandef;
313 enum nl80211_chan_width max_width = ieee80211_sta_cap_chan_bw(sta);
316 /* only support upgrading non-narrow channels up to 80Mhz */
317 if (max_width == NL80211_CHAN_WIDTH_5 ||
318 max_width == NL80211_CHAN_WIDTH_10)
321 if (max_width > NL80211_CHAN_WIDTH_80)
322 max_width = NL80211_CHAN_WIDTH_80;
324 if (uc.width >= max_width)
327 * Channel usage constrains in the IEEE802.11ac-2013 specification only
328 * allow expanding a 20MHz channel to 80MHz in a single way. In
329 * addition, there are no 40MHz allowed channels that are not part of
330 * the allowed 80MHz range in the 5GHz spectrum (the relevant one here).
332 for (i = 0; i < ARRAY_SIZE(centers_80mhz); i++)
333 if (abs(uc.chan->center_freq - centers_80mhz[i]) <= 30) {
334 uc.center_freq1 = centers_80mhz[i];
336 uc.width = NL80211_CHAN_WIDTH_80;
340 if (!uc.center_freq1)
343 /* proceed to downgrade the chandef until usable or the same as AP BW */
344 while (uc.width > max_width ||
345 (uc.width > sta->tdls_chandef.width &&
346 !cfg80211_reg_can_beacon_relax(sdata->local->hw.wiphy, &uc,
347 sdata->wdev.iftype)))
348 ieee80211_chandef_downgrade(&uc);
350 if (!cfg80211_chandef_identical(&uc, &sta->tdls_chandef)) {
351 tdls_dbg(sdata, "TDLS ch width upgraded %d -> %d\n",
352 sta->tdls_chandef.width, uc.width);
355 * the station is not yet authorized when BW upgrade is done,
356 * locking is not required
358 sta->tdls_chandef = uc;
363 ieee80211_tdls_add_setup_start_ies(struct ieee80211_sub_if_data *sdata,
364 struct sk_buff *skb, const u8 *peer,
365 u8 action_code, bool initiator,
366 const u8 *extra_ies, size_t extra_ies_len)
368 struct ieee80211_supported_band *sband;
369 struct ieee80211_local *local = sdata->local;
370 struct ieee80211_sta_ht_cap ht_cap;
371 struct ieee80211_sta_vht_cap vht_cap;
372 struct sta_info *sta = NULL;
373 size_t offset = 0, noffset;
376 sband = ieee80211_get_sband(sdata);
380 ieee80211_add_srates_ie(sdata, skb, false, sband->band);
381 ieee80211_add_ext_srates_ie(sdata, skb, false, sband->band);
382 ieee80211_tdls_add_supp_channels(sdata, skb);
384 /* add any custom IEs that go before Extended Capabilities */
386 static const u8 before_ext_cap[] = {
389 WLAN_EID_EXT_SUPP_RATES,
390 WLAN_EID_SUPPORTED_CHANNELS,
393 noffset = ieee80211_ie_split(extra_ies, extra_ies_len,
395 ARRAY_SIZE(before_ext_cap),
397 skb_put_data(skb, extra_ies + offset, noffset - offset);
401 ieee80211_tdls_add_ext_capab(sdata, skb);
403 /* add the QoS element if we support it */
404 if (local->hw.queues >= IEEE80211_NUM_ACS &&
405 action_code != WLAN_PUB_ACTION_TDLS_DISCOVER_RES)
406 ieee80211_add_wmm_info_ie(skb_put(skb, 9), 0); /* no U-APSD */
408 /* add any custom IEs that go before HT capabilities */
410 static const u8 before_ht_cap[] = {
413 WLAN_EID_EXT_SUPP_RATES,
414 WLAN_EID_SUPPORTED_CHANNELS,
416 WLAN_EID_EXT_CAPABILITY,
418 WLAN_EID_FAST_BSS_TRANSITION,
419 WLAN_EID_TIMEOUT_INTERVAL,
420 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
422 noffset = ieee80211_ie_split(extra_ies, extra_ies_len,
424 ARRAY_SIZE(before_ht_cap),
426 skb_put_data(skb, extra_ies + offset, noffset - offset);
430 mutex_lock(&local->sta_mtx);
432 /* we should have the peer STA if we're already responding */
433 if (action_code == WLAN_TDLS_SETUP_RESPONSE) {
434 sta = sta_info_get(sdata, peer);
435 if (WARN_ON_ONCE(!sta)) {
436 mutex_unlock(&local->sta_mtx);
440 sta->tdls_chandef = sdata->vif.bss_conf.chandef;
443 ieee80211_tdls_add_oper_classes(sdata, skb);
446 * with TDLS we can switch channels, and HT-caps are not necessarily
447 * the same on all bands. The specification limits the setup to a
448 * single HT-cap, so use the current band for now.
450 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap));
452 if ((action_code == WLAN_TDLS_SETUP_REQUEST ||
453 action_code == WLAN_PUB_ACTION_TDLS_DISCOVER_RES) &&
454 ht_cap.ht_supported) {
455 ieee80211_apply_htcap_overrides(sdata, &ht_cap);
457 /* disable SMPS in TDLS initiator */
458 ht_cap.cap |= WLAN_HT_CAP_SM_PS_DISABLED
459 << IEEE80211_HT_CAP_SM_PS_SHIFT;
461 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2);
462 ieee80211_ie_build_ht_cap(pos, &ht_cap, ht_cap.cap);
463 } else if (action_code == WLAN_TDLS_SETUP_RESPONSE &&
464 ht_cap.ht_supported && sta->sta.ht_cap.ht_supported) {
465 /* the peer caps are already intersected with our own */
466 memcpy(&ht_cap, &sta->sta.ht_cap, sizeof(ht_cap));
468 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2);
469 ieee80211_ie_build_ht_cap(pos, &ht_cap, ht_cap.cap);
472 if (ht_cap.ht_supported &&
473 (ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40))
474 ieee80211_tdls_add_bss_coex_ie(skb);
476 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator);
478 /* add any custom IEs that go before VHT capabilities */
480 static const u8 before_vht_cap[] = {
483 WLAN_EID_EXT_SUPP_RATES,
484 WLAN_EID_SUPPORTED_CHANNELS,
486 WLAN_EID_EXT_CAPABILITY,
488 WLAN_EID_FAST_BSS_TRANSITION,
489 WLAN_EID_TIMEOUT_INTERVAL,
490 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
493 noffset = ieee80211_ie_split(extra_ies, extra_ies_len,
495 ARRAY_SIZE(before_vht_cap),
497 skb_put_data(skb, extra_ies + offset, noffset - offset);
501 /* build the VHT-cap similarly to the HT-cap */
502 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap));
503 if ((action_code == WLAN_TDLS_SETUP_REQUEST ||
504 action_code == WLAN_PUB_ACTION_TDLS_DISCOVER_RES) &&
505 vht_cap.vht_supported) {
506 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap);
508 /* the AID is present only when VHT is implemented */
509 if (action_code == WLAN_TDLS_SETUP_REQUEST)
510 ieee80211_tdls_add_aid(sdata, skb);
512 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2);
513 ieee80211_ie_build_vht_cap(pos, &vht_cap, vht_cap.cap);
514 } else if (action_code == WLAN_TDLS_SETUP_RESPONSE &&
515 vht_cap.vht_supported && sta->sta.vht_cap.vht_supported) {
516 /* the peer caps are already intersected with our own */
517 memcpy(&vht_cap, &sta->sta.vht_cap, sizeof(vht_cap));
519 /* the AID is present only when VHT is implemented */
520 ieee80211_tdls_add_aid(sdata, skb);
522 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2);
523 ieee80211_ie_build_vht_cap(pos, &vht_cap, vht_cap.cap);
526 * if both peers support WIDER_BW, we can expand the chandef to
527 * a wider compatible one, up to 80MHz
529 if (test_sta_flag(sta, WLAN_STA_TDLS_WIDER_BW))
530 ieee80211_tdls_chandef_vht_upgrade(sdata, sta);
533 mutex_unlock(&local->sta_mtx);
535 /* add any remaining IEs */
537 noffset = extra_ies_len;
538 skb_put_data(skb, extra_ies + offset, noffset - offset);
544 ieee80211_tdls_add_setup_cfm_ies(struct ieee80211_sub_if_data *sdata,
545 struct sk_buff *skb, const u8 *peer,
546 bool initiator, const u8 *extra_ies,
547 size_t extra_ies_len)
549 struct ieee80211_local *local = sdata->local;
550 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
551 size_t offset = 0, noffset;
552 struct sta_info *sta, *ap_sta;
553 struct ieee80211_supported_band *sband;
556 sband = ieee80211_get_sband(sdata);
560 mutex_lock(&local->sta_mtx);
562 sta = sta_info_get(sdata, peer);
563 ap_sta = sta_info_get(sdata, ifmgd->bssid);
564 if (WARN_ON_ONCE(!sta || !ap_sta)) {
565 mutex_unlock(&local->sta_mtx);
569 sta->tdls_chandef = sdata->vif.bss_conf.chandef;
571 /* add any custom IEs that go before the QoS IE */
573 static const u8 before_qos[] = {
576 noffset = ieee80211_ie_split(extra_ies, extra_ies_len,
578 ARRAY_SIZE(before_qos),
580 skb_put_data(skb, extra_ies + offset, noffset - offset);
584 /* add the QoS param IE if both the peer and we support it */
585 if (local->hw.queues >= IEEE80211_NUM_ACS && sta->sta.wme)
586 ieee80211_tdls_add_wmm_param_ie(sdata, skb);
588 /* add any custom IEs that go before HT operation */
590 static const u8 before_ht_op[] = {
593 WLAN_EID_FAST_BSS_TRANSITION,
594 WLAN_EID_TIMEOUT_INTERVAL,
596 noffset = ieee80211_ie_split(extra_ies, extra_ies_len,
598 ARRAY_SIZE(before_ht_op),
600 skb_put_data(skb, extra_ies + offset, noffset - offset);
605 * if HT support is only added in TDLS, we need an HT-operation IE.
606 * add the IE as required by IEEE802.11-2012 9.23.3.2.
608 if (!ap_sta->sta.ht_cap.ht_supported && sta->sta.ht_cap.ht_supported) {
609 u16 prot = IEEE80211_HT_OP_MODE_PROTECTION_NONHT_MIXED |
610 IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT |
611 IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT;
613 pos = skb_put(skb, 2 + sizeof(struct ieee80211_ht_operation));
614 ieee80211_ie_build_ht_oper(pos, &sta->sta.ht_cap,
615 &sdata->vif.bss_conf.chandef, prot,
619 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator);
621 /* only include VHT-operation if not on the 2.4GHz band */
622 if (sband->band != NL80211_BAND_2GHZ &&
623 sta->sta.vht_cap.vht_supported) {
625 * if both peers support WIDER_BW, we can expand the chandef to
626 * a wider compatible one, up to 80MHz
628 if (test_sta_flag(sta, WLAN_STA_TDLS_WIDER_BW))
629 ieee80211_tdls_chandef_vht_upgrade(sdata, sta);
631 pos = skb_put(skb, 2 + sizeof(struct ieee80211_vht_operation));
632 ieee80211_ie_build_vht_oper(pos, &sta->sta.vht_cap,
636 mutex_unlock(&local->sta_mtx);
638 /* add any remaining IEs */
640 noffset = extra_ies_len;
641 skb_put_data(skb, extra_ies + offset, noffset - offset);
646 ieee80211_tdls_add_chan_switch_req_ies(struct ieee80211_sub_if_data *sdata,
647 struct sk_buff *skb, const u8 *peer,
648 bool initiator, const u8 *extra_ies,
649 size_t extra_ies_len, u8 oper_class,
650 struct cfg80211_chan_def *chandef)
652 struct ieee80211_tdls_data *tf;
653 size_t offset = 0, noffset;
655 if (WARN_ON_ONCE(!chandef))
658 tf = (void *)skb->data;
659 tf->u.chan_switch_req.target_channel =
660 ieee80211_frequency_to_channel(chandef->chan->center_freq);
661 tf->u.chan_switch_req.oper_class = oper_class;
664 static const u8 before_lnkie[] = {
665 WLAN_EID_SECONDARY_CHANNEL_OFFSET,
667 noffset = ieee80211_ie_split(extra_ies, extra_ies_len,
669 ARRAY_SIZE(before_lnkie),
671 skb_put_data(skb, extra_ies + offset, noffset - offset);
675 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator);
677 /* add any remaining IEs */
679 noffset = extra_ies_len;
680 skb_put_data(skb, extra_ies + offset, noffset - offset);
685 ieee80211_tdls_add_chan_switch_resp_ies(struct ieee80211_sub_if_data *sdata,
686 struct sk_buff *skb, const u8 *peer,
687 u16 status_code, bool initiator,
689 size_t extra_ies_len)
691 if (status_code == 0)
692 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator);
695 skb_put_data(skb, extra_ies, extra_ies_len);
698 static void ieee80211_tdls_add_ies(struct ieee80211_sub_if_data *sdata,
699 struct sk_buff *skb, const u8 *peer,
700 u8 action_code, u16 status_code,
701 bool initiator, const u8 *extra_ies,
702 size_t extra_ies_len, u8 oper_class,
703 struct cfg80211_chan_def *chandef)
705 switch (action_code) {
706 case WLAN_TDLS_SETUP_REQUEST:
707 case WLAN_TDLS_SETUP_RESPONSE:
708 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES:
709 if (status_code == 0)
710 ieee80211_tdls_add_setup_start_ies(sdata, skb, peer,
716 case WLAN_TDLS_SETUP_CONFIRM:
717 if (status_code == 0)
718 ieee80211_tdls_add_setup_cfm_ies(sdata, skb, peer,
719 initiator, extra_ies,
722 case WLAN_TDLS_TEARDOWN:
723 case WLAN_TDLS_DISCOVERY_REQUEST:
725 skb_put_data(skb, extra_ies, extra_ies_len);
726 if (status_code == 0 || action_code == WLAN_TDLS_TEARDOWN)
727 ieee80211_tdls_add_link_ie(sdata, skb, peer, initiator);
729 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST:
730 ieee80211_tdls_add_chan_switch_req_ies(sdata, skb, peer,
731 initiator, extra_ies,
733 oper_class, chandef);
735 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE:
736 ieee80211_tdls_add_chan_switch_resp_ies(sdata, skb, peer,
738 initiator, extra_ies,
746 ieee80211_prep_tdls_encap_data(struct wiphy *wiphy, struct net_device *dev,
747 const u8 *peer, u8 action_code, u8 dialog_token,
748 u16 status_code, struct sk_buff *skb)
750 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
751 struct ieee80211_tdls_data *tf;
753 tf = skb_put(skb, offsetof(struct ieee80211_tdls_data, u));
755 memcpy(tf->da, peer, ETH_ALEN);
756 memcpy(tf->sa, sdata->vif.addr, ETH_ALEN);
757 tf->ether_type = cpu_to_be16(ETH_P_TDLS);
758 tf->payload_type = WLAN_TDLS_SNAP_RFTYPE;
760 /* network header is after the ethernet header */
761 skb_set_network_header(skb, ETH_HLEN);
763 switch (action_code) {
764 case WLAN_TDLS_SETUP_REQUEST:
765 tf->category = WLAN_CATEGORY_TDLS;
766 tf->action_code = WLAN_TDLS_SETUP_REQUEST;
768 skb_put(skb, sizeof(tf->u.setup_req));
769 tf->u.setup_req.dialog_token = dialog_token;
770 tf->u.setup_req.capability =
771 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata,
774 case WLAN_TDLS_SETUP_RESPONSE:
775 tf->category = WLAN_CATEGORY_TDLS;
776 tf->action_code = WLAN_TDLS_SETUP_RESPONSE;
778 skb_put(skb, sizeof(tf->u.setup_resp));
779 tf->u.setup_resp.status_code = cpu_to_le16(status_code);
780 tf->u.setup_resp.dialog_token = dialog_token;
781 tf->u.setup_resp.capability =
782 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata,
785 case WLAN_TDLS_SETUP_CONFIRM:
786 tf->category = WLAN_CATEGORY_TDLS;
787 tf->action_code = WLAN_TDLS_SETUP_CONFIRM;
789 skb_put(skb, sizeof(tf->u.setup_cfm));
790 tf->u.setup_cfm.status_code = cpu_to_le16(status_code);
791 tf->u.setup_cfm.dialog_token = dialog_token;
793 case WLAN_TDLS_TEARDOWN:
794 tf->category = WLAN_CATEGORY_TDLS;
795 tf->action_code = WLAN_TDLS_TEARDOWN;
797 skb_put(skb, sizeof(tf->u.teardown));
798 tf->u.teardown.reason_code = cpu_to_le16(status_code);
800 case WLAN_TDLS_DISCOVERY_REQUEST:
801 tf->category = WLAN_CATEGORY_TDLS;
802 tf->action_code = WLAN_TDLS_DISCOVERY_REQUEST;
804 skb_put(skb, sizeof(tf->u.discover_req));
805 tf->u.discover_req.dialog_token = dialog_token;
807 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST:
808 tf->category = WLAN_CATEGORY_TDLS;
809 tf->action_code = WLAN_TDLS_CHANNEL_SWITCH_REQUEST;
811 skb_put(skb, sizeof(tf->u.chan_switch_req));
813 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE:
814 tf->category = WLAN_CATEGORY_TDLS;
815 tf->action_code = WLAN_TDLS_CHANNEL_SWITCH_RESPONSE;
817 skb_put(skb, sizeof(tf->u.chan_switch_resp));
818 tf->u.chan_switch_resp.status_code = cpu_to_le16(status_code);
828 ieee80211_prep_tdls_direct(struct wiphy *wiphy, struct net_device *dev,
829 const u8 *peer, u8 action_code, u8 dialog_token,
830 u16 status_code, struct sk_buff *skb)
832 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
833 struct ieee80211_mgmt *mgmt;
835 mgmt = skb_put_zero(skb, 24);
836 memcpy(mgmt->da, peer, ETH_ALEN);
837 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
838 memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN);
840 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
841 IEEE80211_STYPE_ACTION);
843 switch (action_code) {
844 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES:
845 skb_put(skb, 1 + sizeof(mgmt->u.action.u.tdls_discover_resp));
846 mgmt->u.action.category = WLAN_CATEGORY_PUBLIC;
847 mgmt->u.action.u.tdls_discover_resp.action_code =
848 WLAN_PUB_ACTION_TDLS_DISCOVER_RES;
849 mgmt->u.action.u.tdls_discover_resp.dialog_token =
851 mgmt->u.action.u.tdls_discover_resp.capability =
852 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata,
862 static struct sk_buff *
863 ieee80211_tdls_build_mgmt_packet_data(struct ieee80211_sub_if_data *sdata,
864 const u8 *peer, u8 action_code,
865 u8 dialog_token, u16 status_code,
866 bool initiator, const u8 *extra_ies,
867 size_t extra_ies_len, u8 oper_class,
868 struct cfg80211_chan_def *chandef)
870 struct ieee80211_local *local = sdata->local;
874 skb = netdev_alloc_skb(sdata->dev,
875 local->hw.extra_tx_headroom +
876 max(sizeof(struct ieee80211_mgmt),
877 sizeof(struct ieee80211_tdls_data)) +
878 50 + /* supported rates */
880 26 + /* max(WMM-info, WMM-param) */
881 2 + max(sizeof(struct ieee80211_ht_cap),
882 sizeof(struct ieee80211_ht_operation)) +
883 2 + max(sizeof(struct ieee80211_vht_cap),
884 sizeof(struct ieee80211_vht_operation)) +
885 50 + /* supported channels */
886 3 + /* 40/20 BSS coex */
888 4 + /* oper classes */
890 sizeof(struct ieee80211_tdls_lnkie));
894 skb_reserve(skb, local->hw.extra_tx_headroom);
896 switch (action_code) {
897 case WLAN_TDLS_SETUP_REQUEST:
898 case WLAN_TDLS_SETUP_RESPONSE:
899 case WLAN_TDLS_SETUP_CONFIRM:
900 case WLAN_TDLS_TEARDOWN:
901 case WLAN_TDLS_DISCOVERY_REQUEST:
902 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST:
903 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE:
904 ret = ieee80211_prep_tdls_encap_data(local->hw.wiphy,
906 action_code, dialog_token,
909 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES:
910 ret = ieee80211_prep_tdls_direct(local->hw.wiphy, sdata->dev,
912 dialog_token, status_code,
923 ieee80211_tdls_add_ies(sdata, skb, peer, action_code, status_code,
924 initiator, extra_ies, extra_ies_len, oper_class,
934 ieee80211_tdls_prep_mgmt_packet(struct wiphy *wiphy, struct net_device *dev,
935 const u8 *peer, u8 action_code, u8 dialog_token,
936 u16 status_code, u32 peer_capability,
937 bool initiator, const u8 *extra_ies,
938 size_t extra_ies_len, u8 oper_class,
939 struct cfg80211_chan_def *chandef)
941 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
942 struct sk_buff *skb = NULL;
943 struct sta_info *sta;
948 sta = sta_info_get(sdata, peer);
950 /* infer the initiator if we can, to support old userspace */
951 switch (action_code) {
952 case WLAN_TDLS_SETUP_REQUEST:
954 set_sta_flag(sta, WLAN_STA_TDLS_INITIATOR);
955 sta->sta.tdls_initiator = false;
958 case WLAN_TDLS_SETUP_CONFIRM:
959 case WLAN_TDLS_DISCOVERY_REQUEST:
962 case WLAN_TDLS_SETUP_RESPONSE:
964 * In some testing scenarios, we send a request and response.
965 * Make the last packet sent take effect for the initiator
969 clear_sta_flag(sta, WLAN_STA_TDLS_INITIATOR);
970 sta->sta.tdls_initiator = true;
973 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES:
976 case WLAN_TDLS_TEARDOWN:
977 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST:
978 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE:
979 /* any value is ok */
986 if (sta && test_sta_flag(sta, WLAN_STA_TDLS_INITIATOR))
993 skb = ieee80211_tdls_build_mgmt_packet_data(sdata, peer, action_code,
994 dialog_token, status_code,
995 initiator, extra_ies,
996 extra_ies_len, oper_class,
1003 if (action_code == WLAN_PUB_ACTION_TDLS_DISCOVER_RES) {
1004 ieee80211_tx_skb(sdata, skb);
1009 * According to 802.11z: Setup req/resp are sent in AC_BK, otherwise
1010 * we should default to AC_VI.
1012 switch (action_code) {
1013 case WLAN_TDLS_SETUP_REQUEST:
1014 case WLAN_TDLS_SETUP_RESPONSE:
1015 skb->priority = 256 + 2;
1018 skb->priority = 256 + 5;
1021 skb_set_queue_mapping(skb, ieee80211_select_queue(sdata, skb));
1024 * Set the WLAN_TDLS_TEARDOWN flag to indicate a teardown in progress.
1025 * Later, if no ACK is returned from peer, we will re-send the teardown
1026 * packet through the AP.
1028 if ((action_code == WLAN_TDLS_TEARDOWN) &&
1029 ieee80211_hw_check(&sdata->local->hw, REPORTS_TX_ACK_STATUS)) {
1030 bool try_resend; /* Should we keep skb for possible resend */
1032 /* If not sending directly to peer - no point in keeping skb */
1034 sta = sta_info_get(sdata, peer);
1035 try_resend = sta && test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH);
1038 spin_lock_bh(&sdata->u.mgd.teardown_lock);
1039 if (try_resend && !sdata->u.mgd.teardown_skb) {
1040 /* Mark it as requiring TX status callback */
1041 flags |= IEEE80211_TX_CTL_REQ_TX_STATUS |
1042 IEEE80211_TX_INTFL_MLME_CONN_TX;
1045 * skb is copied since mac80211 will later set
1046 * properties that might not be the same as the AP,
1047 * such as encryption, QoS, addresses, etc.
1049 * No problem if skb_copy() fails, so no need to check.
1051 sdata->u.mgd.teardown_skb = skb_copy(skb, GFP_ATOMIC);
1052 sdata->u.mgd.orig_teardown_skb = skb;
1054 spin_unlock_bh(&sdata->u.mgd.teardown_lock);
1057 /* disable bottom halves when entering the Tx path */
1059 __ieee80211_subif_start_xmit(skb, dev, flags);
1070 ieee80211_tdls_mgmt_setup(struct wiphy *wiphy, struct net_device *dev,
1071 const u8 *peer, u8 action_code, u8 dialog_token,
1072 u16 status_code, u32 peer_capability, bool initiator,
1073 const u8 *extra_ies, size_t extra_ies_len)
1075 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1076 struct ieee80211_local *local = sdata->local;
1077 enum ieee80211_smps_mode smps_mode = sdata->u.mgd.driver_smps_mode;
1080 /* don't support setup with forced SMPS mode that's not off */
1081 if (smps_mode != IEEE80211_SMPS_AUTOMATIC &&
1082 smps_mode != IEEE80211_SMPS_OFF) {
1083 tdls_dbg(sdata, "Aborting TDLS setup due to SMPS mode %d\n",
1088 mutex_lock(&local->mtx);
1090 /* we don't support concurrent TDLS peer setups */
1091 if (!is_zero_ether_addr(sdata->u.mgd.tdls_peer) &&
1092 !ether_addr_equal(sdata->u.mgd.tdls_peer, peer)) {
1098 * make sure we have a STA representing the peer so we drop or buffer
1099 * non-TDLS-setup frames to the peer. We can't send other packets
1100 * during setup through the AP path.
1101 * Allow error packets to be sent - sometimes we don't even add a STA
1102 * before failing the setup.
1104 if (status_code == 0) {
1106 if (!sta_info_get(sdata, peer)) {
1114 ieee80211_flush_queues(local, sdata, false);
1115 memcpy(sdata->u.mgd.tdls_peer, peer, ETH_ALEN);
1116 mutex_unlock(&local->mtx);
1118 /* we cannot take the mutex while preparing the setup packet */
1119 ret = ieee80211_tdls_prep_mgmt_packet(wiphy, dev, peer, action_code,
1120 dialog_token, status_code,
1121 peer_capability, initiator,
1122 extra_ies, extra_ies_len, 0,
1125 mutex_lock(&local->mtx);
1126 eth_zero_addr(sdata->u.mgd.tdls_peer);
1127 mutex_unlock(&local->mtx);
1131 ieee80211_queue_delayed_work(&sdata->local->hw,
1132 &sdata->u.mgd.tdls_peer_del_work,
1133 TDLS_PEER_SETUP_TIMEOUT);
1137 mutex_unlock(&local->mtx);
1142 ieee80211_tdls_mgmt_teardown(struct wiphy *wiphy, struct net_device *dev,
1143 const u8 *peer, u8 action_code, u8 dialog_token,
1144 u16 status_code, u32 peer_capability,
1145 bool initiator, const u8 *extra_ies,
1146 size_t extra_ies_len)
1148 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1149 struct ieee80211_local *local = sdata->local;
1150 struct sta_info *sta;
1154 * No packets can be transmitted to the peer via the AP during setup -
1155 * the STA is set as a TDLS peer, but is not authorized.
1156 * During teardown, we prevent direct transmissions by stopping the
1157 * queues and flushing all direct packets.
1159 ieee80211_stop_vif_queues(local, sdata,
1160 IEEE80211_QUEUE_STOP_REASON_TDLS_TEARDOWN);
1161 ieee80211_flush_queues(local, sdata, false);
1163 ret = ieee80211_tdls_prep_mgmt_packet(wiphy, dev, peer, action_code,
1164 dialog_token, status_code,
1165 peer_capability, initiator,
1166 extra_ies, extra_ies_len, 0,
1169 sdata_err(sdata, "Failed sending TDLS teardown packet %d\n",
1173 * Remove the STA AUTH flag to force further traffic through the AP. If
1174 * the STA was unreachable, it was already removed.
1177 sta = sta_info_get(sdata, peer);
1179 clear_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH);
1182 ieee80211_wake_vif_queues(local, sdata,
1183 IEEE80211_QUEUE_STOP_REASON_TDLS_TEARDOWN);
1188 int ieee80211_tdls_mgmt(struct wiphy *wiphy, struct net_device *dev,
1189 const u8 *peer, u8 action_code, u8 dialog_token,
1190 u16 status_code, u32 peer_capability,
1191 bool initiator, const u8 *extra_ies,
1192 size_t extra_ies_len)
1194 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1197 if (!(wiphy->flags & WIPHY_FLAG_SUPPORTS_TDLS))
1200 /* make sure we are in managed mode, and associated */
1201 if (sdata->vif.type != NL80211_IFTYPE_STATION ||
1202 !sdata->u.mgd.associated)
1205 switch (action_code) {
1206 case WLAN_TDLS_SETUP_REQUEST:
1207 case WLAN_TDLS_SETUP_RESPONSE:
1208 ret = ieee80211_tdls_mgmt_setup(wiphy, dev, peer, action_code,
1209 dialog_token, status_code,
1210 peer_capability, initiator,
1211 extra_ies, extra_ies_len);
1213 case WLAN_TDLS_TEARDOWN:
1214 ret = ieee80211_tdls_mgmt_teardown(wiphy, dev, peer,
1215 action_code, dialog_token,
1217 peer_capability, initiator,
1218 extra_ies, extra_ies_len);
1220 case WLAN_TDLS_DISCOVERY_REQUEST:
1222 * Protect the discovery so we can hear the TDLS discovery
1223 * response frame. It is transmitted directly and not buffered
1226 drv_mgd_protect_tdls_discover(sdata->local, sdata);
1228 case WLAN_TDLS_SETUP_CONFIRM:
1229 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES:
1230 /* no special handling */
1231 ret = ieee80211_tdls_prep_mgmt_packet(wiphy, dev, peer,
1236 initiator, extra_ies,
1237 extra_ies_len, 0, NULL);
1244 tdls_dbg(sdata, "TDLS mgmt action %d peer %pM status %d\n",
1245 action_code, peer, ret);
1249 static void iee80211_tdls_recalc_chanctx(struct ieee80211_sub_if_data *sdata,
1250 struct sta_info *sta)
1252 struct ieee80211_local *local = sdata->local;
1253 struct ieee80211_chanctx_conf *conf;
1254 struct ieee80211_chanctx *ctx;
1255 enum nl80211_chan_width width;
1256 struct ieee80211_supported_band *sband;
1258 mutex_lock(&local->chanctx_mtx);
1259 conf = rcu_dereference_protected(sdata->vif.chanctx_conf,
1260 lockdep_is_held(&local->chanctx_mtx));
1262 width = conf->def.width;
1263 sband = local->hw.wiphy->bands[conf->def.chan->band];
1264 ctx = container_of(conf, struct ieee80211_chanctx, conf);
1265 ieee80211_recalc_chanctx_chantype(local, ctx);
1267 /* if width changed and a peer is given, update its BW */
1268 if (width != conf->def.width && sta &&
1269 test_sta_flag(sta, WLAN_STA_TDLS_WIDER_BW)) {
1270 enum ieee80211_sta_rx_bandwidth bw;
1272 bw = ieee80211_chan_width_to_rx_bw(conf->def.width);
1273 bw = min(bw, ieee80211_sta_cap_rx_bw(sta));
1274 if (bw != sta->sta.bandwidth) {
1275 sta->sta.bandwidth = bw;
1276 rate_control_rate_update(local, sband, sta,
1277 IEEE80211_RC_BW_CHANGED);
1279 * if a TDLS peer BW was updated, we need to
1280 * recalc the chandef width again, to get the
1281 * correct chanctx min_def
1283 ieee80211_recalc_chanctx_chantype(local, ctx);
1288 mutex_unlock(&local->chanctx_mtx);
1291 static int iee80211_tdls_have_ht_peers(struct ieee80211_sub_if_data *sdata)
1293 struct sta_info *sta;
1294 bool result = false;
1297 list_for_each_entry_rcu(sta, &sdata->local->sta_list, list) {
1298 if (!sta->sta.tdls || sta->sdata != sdata || !sta->uploaded ||
1299 !test_sta_flag(sta, WLAN_STA_AUTHORIZED) ||
1300 !test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH) ||
1301 !sta->sta.ht_cap.ht_supported)
1312 iee80211_tdls_recalc_ht_protection(struct ieee80211_sub_if_data *sdata,
1313 struct sta_info *sta)
1315 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1317 u16 protection = IEEE80211_HT_OP_MODE_PROTECTION_NONHT_MIXED |
1318 IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT |
1319 IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT;
1322 /* Nothing to do if the BSS connection uses HT */
1323 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT))
1326 tdls_ht = (sta && sta->sta.ht_cap.ht_supported) ||
1327 iee80211_tdls_have_ht_peers(sdata);
1329 opmode = sdata->vif.bss_conf.ht_operation_mode;
1332 opmode |= protection;
1334 opmode &= ~protection;
1336 if (opmode == sdata->vif.bss_conf.ht_operation_mode)
1339 sdata->vif.bss_conf.ht_operation_mode = opmode;
1340 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_HT);
1343 int ieee80211_tdls_oper(struct wiphy *wiphy, struct net_device *dev,
1344 const u8 *peer, enum nl80211_tdls_operation oper)
1346 struct sta_info *sta;
1347 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1348 struct ieee80211_local *local = sdata->local;
1351 if (!(wiphy->flags & WIPHY_FLAG_SUPPORTS_TDLS))
1354 if (sdata->vif.type != NL80211_IFTYPE_STATION)
1358 case NL80211_TDLS_ENABLE_LINK:
1359 case NL80211_TDLS_DISABLE_LINK:
1361 case NL80211_TDLS_TEARDOWN:
1362 case NL80211_TDLS_SETUP:
1363 case NL80211_TDLS_DISCOVERY_REQ:
1364 /* We don't support in-driver setup/teardown/discovery */
1368 /* protect possible bss_conf changes and avoid concurrency in
1369 * ieee80211_bss_info_change_notify()
1372 mutex_lock(&local->mtx);
1373 tdls_dbg(sdata, "TDLS oper %d peer %pM\n", oper, peer);
1376 case NL80211_TDLS_ENABLE_LINK:
1377 if (sdata->vif.csa_active) {
1378 tdls_dbg(sdata, "TDLS: disallow link during CSA\n");
1383 mutex_lock(&local->sta_mtx);
1384 sta = sta_info_get(sdata, peer);
1386 mutex_unlock(&local->sta_mtx);
1391 iee80211_tdls_recalc_chanctx(sdata, sta);
1392 iee80211_tdls_recalc_ht_protection(sdata, sta);
1394 set_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH);
1395 mutex_unlock(&local->sta_mtx);
1397 WARN_ON_ONCE(is_zero_ether_addr(sdata->u.mgd.tdls_peer) ||
1398 !ether_addr_equal(sdata->u.mgd.tdls_peer, peer));
1401 case NL80211_TDLS_DISABLE_LINK:
1403 * The teardown message in ieee80211_tdls_mgmt_teardown() was
1404 * created while the queues were stopped, so it might still be
1405 * pending. Before flushing the queues we need to be sure the
1406 * message is handled by the tasklet handling pending messages,
1407 * otherwise we might start destroying the station before
1408 * sending the teardown packet.
1409 * Note that this only forces the tasklet to flush pendings -
1410 * not to stop the tasklet from rescheduling itself.
1412 tasklet_kill(&local->tx_pending_tasklet);
1413 /* flush a potentially queued teardown packet */
1414 ieee80211_flush_queues(local, sdata, false);
1416 ret = sta_info_destroy_addr(sdata, peer);
1418 mutex_lock(&local->sta_mtx);
1419 iee80211_tdls_recalc_ht_protection(sdata, NULL);
1420 mutex_unlock(&local->sta_mtx);
1422 iee80211_tdls_recalc_chanctx(sdata, NULL);
1429 if (ret == 0 && ether_addr_equal(sdata->u.mgd.tdls_peer, peer)) {
1430 cancel_delayed_work(&sdata->u.mgd.tdls_peer_del_work);
1431 eth_zero_addr(sdata->u.mgd.tdls_peer);
1435 ieee80211_queue_work(&sdata->local->hw,
1436 &sdata->u.mgd.request_smps_work);
1438 mutex_unlock(&local->mtx);
1439 sdata_unlock(sdata);
1443 void ieee80211_tdls_oper_request(struct ieee80211_vif *vif, const u8 *peer,
1444 enum nl80211_tdls_operation oper,
1445 u16 reason_code, gfp_t gfp)
1447 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1449 if (vif->type != NL80211_IFTYPE_STATION || !vif->bss_conf.assoc) {
1450 sdata_err(sdata, "Discarding TDLS oper %d - not STA or disconnected\n",
1455 cfg80211_tdls_oper_request(sdata->dev, peer, oper, reason_code, gfp);
1457 EXPORT_SYMBOL(ieee80211_tdls_oper_request);
1460 iee80211_tdls_add_ch_switch_timing(u8 *buf, u16 switch_time, u16 switch_timeout)
1462 struct ieee80211_ch_switch_timing *ch_sw;
1464 *buf++ = WLAN_EID_CHAN_SWITCH_TIMING;
1465 *buf++ = sizeof(struct ieee80211_ch_switch_timing);
1467 ch_sw = (void *)buf;
1468 ch_sw->switch_time = cpu_to_le16(switch_time);
1469 ch_sw->switch_timeout = cpu_to_le16(switch_timeout);
1472 /* find switch timing IE in SKB ready for Tx */
1473 static const u8 *ieee80211_tdls_find_sw_timing_ie(struct sk_buff *skb)
1475 struct ieee80211_tdls_data *tf;
1479 * Get the offset for the new location of the switch timing IE.
1480 * The SKB network header will now point to the "payload_type"
1481 * element of the TDLS data frame struct.
1483 tf = container_of(skb->data + skb_network_offset(skb),
1484 struct ieee80211_tdls_data, payload_type);
1485 ie_start = tf->u.chan_switch_req.variable;
1486 return cfg80211_find_ie(WLAN_EID_CHAN_SWITCH_TIMING, ie_start,
1487 skb->len - (ie_start - skb->data));
1490 static struct sk_buff *
1491 ieee80211_tdls_ch_sw_tmpl_get(struct sta_info *sta, u8 oper_class,
1492 struct cfg80211_chan_def *chandef,
1493 u32 *ch_sw_tm_ie_offset)
1495 struct ieee80211_sub_if_data *sdata = sta->sdata;
1496 u8 extra_ies[2 + sizeof(struct ieee80211_sec_chan_offs_ie) +
1497 2 + sizeof(struct ieee80211_ch_switch_timing)];
1498 int extra_ies_len = 2 + sizeof(struct ieee80211_ch_switch_timing);
1499 u8 *pos = extra_ies;
1500 struct sk_buff *skb;
1503 * if chandef points to a wide channel add a Secondary-Channel
1504 * Offset information element
1506 if (chandef->width == NL80211_CHAN_WIDTH_40) {
1507 struct ieee80211_sec_chan_offs_ie *sec_chan_ie;
1510 *pos++ = WLAN_EID_SECONDARY_CHANNEL_OFFSET;
1511 *pos++ = sizeof(*sec_chan_ie);
1512 sec_chan_ie = (void *)pos;
1514 ht40plus = cfg80211_get_chandef_type(chandef) ==
1515 NL80211_CHAN_HT40PLUS;
1516 sec_chan_ie->sec_chan_offs = ht40plus ?
1517 IEEE80211_HT_PARAM_CHA_SEC_ABOVE :
1518 IEEE80211_HT_PARAM_CHA_SEC_BELOW;
1519 pos += sizeof(*sec_chan_ie);
1521 extra_ies_len += 2 + sizeof(struct ieee80211_sec_chan_offs_ie);
1524 /* just set the values to 0, this is a template */
1525 iee80211_tdls_add_ch_switch_timing(pos, 0, 0);
1527 skb = ieee80211_tdls_build_mgmt_packet_data(sdata, sta->sta.addr,
1528 WLAN_TDLS_CHANNEL_SWITCH_REQUEST,
1529 0, 0, !sta->sta.tdls_initiator,
1530 extra_ies, extra_ies_len,
1531 oper_class, chandef);
1535 skb = ieee80211_build_data_template(sdata, skb, 0);
1537 tdls_dbg(sdata, "Failed building TDLS channel switch frame\n");
1541 if (ch_sw_tm_ie_offset) {
1542 const u8 *tm_ie = ieee80211_tdls_find_sw_timing_ie(skb);
1545 tdls_dbg(sdata, "No switch timing IE in TDLS switch\n");
1546 dev_kfree_skb_any(skb);
1550 *ch_sw_tm_ie_offset = tm_ie - skb->data;
1554 "TDLS channel switch request template for %pM ch %d width %d\n",
1555 sta->sta.addr, chandef->chan->center_freq, chandef->width);
1560 ieee80211_tdls_channel_switch(struct wiphy *wiphy, struct net_device *dev,
1561 const u8 *addr, u8 oper_class,
1562 struct cfg80211_chan_def *chandef)
1564 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1565 struct ieee80211_local *local = sdata->local;
1566 struct sta_info *sta;
1567 struct sk_buff *skb = NULL;
1571 mutex_lock(&local->sta_mtx);
1572 sta = sta_info_get(sdata, addr);
1575 "Invalid TDLS peer %pM for channel switch request\n",
1581 if (!test_sta_flag(sta, WLAN_STA_TDLS_CHAN_SWITCH)) {
1582 tdls_dbg(sdata, "TDLS channel switch unsupported by %pM\n",
1588 skb = ieee80211_tdls_ch_sw_tmpl_get(sta, oper_class, chandef,
1595 ret = drv_tdls_channel_switch(local, sdata, &sta->sta, oper_class,
1596 chandef, skb, ch_sw_tm_ie);
1598 set_sta_flag(sta, WLAN_STA_TDLS_OFF_CHANNEL);
1601 mutex_unlock(&local->sta_mtx);
1602 dev_kfree_skb_any(skb);
1607 ieee80211_tdls_cancel_channel_switch(struct wiphy *wiphy,
1608 struct net_device *dev,
1611 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1612 struct ieee80211_local *local = sdata->local;
1613 struct sta_info *sta;
1615 mutex_lock(&local->sta_mtx);
1616 sta = sta_info_get(sdata, addr);
1619 "Invalid TDLS peer %pM for channel switch cancel\n",
1624 if (!test_sta_flag(sta, WLAN_STA_TDLS_OFF_CHANNEL)) {
1625 tdls_dbg(sdata, "TDLS channel switch not initiated by %pM\n",
1630 drv_tdls_cancel_channel_switch(local, sdata, &sta->sta);
1631 clear_sta_flag(sta, WLAN_STA_TDLS_OFF_CHANNEL);
1634 mutex_unlock(&local->sta_mtx);
1637 static struct sk_buff *
1638 ieee80211_tdls_ch_sw_resp_tmpl_get(struct sta_info *sta,
1639 u32 *ch_sw_tm_ie_offset)
1641 struct ieee80211_sub_if_data *sdata = sta->sdata;
1642 struct sk_buff *skb;
1643 u8 extra_ies[2 + sizeof(struct ieee80211_ch_switch_timing)];
1645 /* initial timing are always zero in the template */
1646 iee80211_tdls_add_ch_switch_timing(extra_ies, 0, 0);
1648 skb = ieee80211_tdls_build_mgmt_packet_data(sdata, sta->sta.addr,
1649 WLAN_TDLS_CHANNEL_SWITCH_RESPONSE,
1650 0, 0, !sta->sta.tdls_initiator,
1651 extra_ies, sizeof(extra_ies), 0, NULL);
1655 skb = ieee80211_build_data_template(sdata, skb, 0);
1658 "Failed building TDLS channel switch resp frame\n");
1662 if (ch_sw_tm_ie_offset) {
1663 const u8 *tm_ie = ieee80211_tdls_find_sw_timing_ie(skb);
1667 "No switch timing IE in TDLS switch resp\n");
1668 dev_kfree_skb_any(skb);
1672 *ch_sw_tm_ie_offset = tm_ie - skb->data;
1675 tdls_dbg(sdata, "TDLS get channel switch response template for %pM\n",
1681 ieee80211_process_tdls_channel_switch_resp(struct ieee80211_sub_if_data *sdata,
1682 struct sk_buff *skb)
1684 struct ieee80211_local *local = sdata->local;
1685 struct ieee802_11_elems elems;
1686 struct sta_info *sta;
1687 struct ieee80211_tdls_data *tf = (void *)skb->data;
1688 bool local_initiator;
1689 struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb);
1690 int baselen = offsetof(typeof(*tf), u.chan_switch_resp.variable);
1691 struct ieee80211_tdls_ch_sw_params params = {};
1694 params.action_code = WLAN_TDLS_CHANNEL_SWITCH_RESPONSE;
1695 params.timestamp = rx_status->device_timestamp;
1697 if (skb->len < baselen) {
1698 tdls_dbg(sdata, "TDLS channel switch resp too short: %d\n",
1703 mutex_lock(&local->sta_mtx);
1704 sta = sta_info_get(sdata, tf->sa);
1705 if (!sta || !test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH)) {
1706 tdls_dbg(sdata, "TDLS chan switch from non-peer sta %pM\n",
1712 params.sta = &sta->sta;
1713 params.status = le16_to_cpu(tf->u.chan_switch_resp.status_code);
1714 if (params.status != 0) {
1719 ieee802_11_parse_elems(tf->u.chan_switch_resp.variable,
1720 skb->len - baselen, false, &elems,
1722 if (elems.parse_error) {
1723 tdls_dbg(sdata, "Invalid IEs in TDLS channel switch resp\n");
1728 if (!elems.ch_sw_timing || !elems.lnk_id) {
1729 tdls_dbg(sdata, "TDLS channel switch resp - missing IEs\n");
1734 /* validate the initiator is set correctly */
1736 !memcmp(elems.lnk_id->init_sta, sdata->vif.addr, ETH_ALEN);
1737 if (local_initiator == sta->sta.tdls_initiator) {
1738 tdls_dbg(sdata, "TDLS chan switch invalid lnk-id initiator\n");
1743 params.switch_time = le16_to_cpu(elems.ch_sw_timing->switch_time);
1744 params.switch_timeout = le16_to_cpu(elems.ch_sw_timing->switch_timeout);
1747 ieee80211_tdls_ch_sw_resp_tmpl_get(sta, ¶ms.ch_sw_tm_ie);
1748 if (!params.tmpl_skb) {
1755 drv_tdls_recv_channel_switch(sdata->local, sdata, ¶ms);
1758 "TDLS channel switch response received from %pM status %d\n",
1759 tf->sa, params.status);
1762 mutex_unlock(&local->sta_mtx);
1763 dev_kfree_skb_any(params.tmpl_skb);
1768 ieee80211_process_tdls_channel_switch_req(struct ieee80211_sub_if_data *sdata,
1769 struct sk_buff *skb)
1771 struct ieee80211_local *local = sdata->local;
1772 struct ieee802_11_elems elems;
1773 struct cfg80211_chan_def chandef;
1774 struct ieee80211_channel *chan;
1775 enum nl80211_channel_type chan_type;
1777 u8 target_channel, oper_class;
1778 bool local_initiator;
1779 struct sta_info *sta;
1780 enum nl80211_band band;
1781 struct ieee80211_tdls_data *tf = (void *)skb->data;
1782 struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb);
1783 int baselen = offsetof(typeof(*tf), u.chan_switch_req.variable);
1784 struct ieee80211_tdls_ch_sw_params params = {};
1787 params.action_code = WLAN_TDLS_CHANNEL_SWITCH_REQUEST;
1788 params.timestamp = rx_status->device_timestamp;
1790 if (skb->len < baselen) {
1791 tdls_dbg(sdata, "TDLS channel switch req too short: %d\n",
1796 target_channel = tf->u.chan_switch_req.target_channel;
1797 oper_class = tf->u.chan_switch_req.oper_class;
1800 * We can't easily infer the channel band. The operating class is
1801 * ambiguous - there are multiple tables (US/Europe/JP/Global). The
1802 * solution here is to treat channels with number >14 as 5GHz ones,
1803 * and specifically check for the (oper_class, channel) combinations
1804 * where this doesn't hold. These are thankfully unique according to
1806 * We consider only the 2GHz and 5GHz bands and 20MHz+ channels as
1809 if ((oper_class == 112 || oper_class == 2 || oper_class == 3 ||
1810 oper_class == 4 || oper_class == 5 || oper_class == 6) &&
1811 target_channel < 14)
1812 band = NL80211_BAND_5GHZ;
1814 band = target_channel < 14 ? NL80211_BAND_2GHZ :
1817 freq = ieee80211_channel_to_frequency(target_channel, band);
1819 tdls_dbg(sdata, "Invalid channel in TDLS chan switch: %d\n",
1824 chan = ieee80211_get_channel(sdata->local->hw.wiphy, freq);
1827 "Unsupported channel for TDLS chan switch: %d\n",
1832 ieee802_11_parse_elems(tf->u.chan_switch_req.variable,
1833 skb->len - baselen, false, &elems, NULL, NULL);
1834 if (elems.parse_error) {
1835 tdls_dbg(sdata, "Invalid IEs in TDLS channel switch req\n");
1839 if (!elems.ch_sw_timing || !elems.lnk_id) {
1840 tdls_dbg(sdata, "TDLS channel switch req - missing IEs\n");
1844 if (!elems.sec_chan_offs) {
1845 chan_type = NL80211_CHAN_HT20;
1847 switch (elems.sec_chan_offs->sec_chan_offs) {
1848 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
1849 chan_type = NL80211_CHAN_HT40PLUS;
1851 case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
1852 chan_type = NL80211_CHAN_HT40MINUS;
1855 chan_type = NL80211_CHAN_HT20;
1860 cfg80211_chandef_create(&chandef, chan, chan_type);
1862 /* we will be active on the TDLS link */
1863 if (!cfg80211_reg_can_beacon_relax(sdata->local->hw.wiphy, &chandef,
1864 sdata->wdev.iftype)) {
1865 tdls_dbg(sdata, "TDLS chan switch to forbidden channel\n");
1869 mutex_lock(&local->sta_mtx);
1870 sta = sta_info_get(sdata, tf->sa);
1871 if (!sta || !test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH)) {
1872 tdls_dbg(sdata, "TDLS chan switch from non-peer sta %pM\n",
1878 params.sta = &sta->sta;
1880 /* validate the initiator is set correctly */
1882 !memcmp(elems.lnk_id->init_sta, sdata->vif.addr, ETH_ALEN);
1883 if (local_initiator == sta->sta.tdls_initiator) {
1884 tdls_dbg(sdata, "TDLS chan switch invalid lnk-id initiator\n");
1889 /* peer should have known better */
1890 if (!sta->sta.ht_cap.ht_supported && elems.sec_chan_offs &&
1891 elems.sec_chan_offs->sec_chan_offs) {
1892 tdls_dbg(sdata, "TDLS chan switch - wide chan unsupported\n");
1897 params.chandef = &chandef;
1898 params.switch_time = le16_to_cpu(elems.ch_sw_timing->switch_time);
1899 params.switch_timeout = le16_to_cpu(elems.ch_sw_timing->switch_timeout);
1902 ieee80211_tdls_ch_sw_resp_tmpl_get(sta,
1903 ¶ms.ch_sw_tm_ie);
1904 if (!params.tmpl_skb) {
1909 drv_tdls_recv_channel_switch(sdata->local, sdata, ¶ms);
1912 "TDLS ch switch request received from %pM ch %d width %d\n",
1913 tf->sa, params.chandef->chan->center_freq,
1914 params.chandef->width);
1916 mutex_unlock(&local->sta_mtx);
1917 dev_kfree_skb_any(params.tmpl_skb);
1922 ieee80211_process_tdls_channel_switch(struct ieee80211_sub_if_data *sdata,
1923 struct sk_buff *skb)
1925 struct ieee80211_tdls_data *tf = (void *)skb->data;
1926 struct wiphy *wiphy = sdata->local->hw.wiphy;
1930 /* make sure the driver supports it */
1931 if (!(wiphy->features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
1934 /* we want to access the entire packet */
1935 if (skb_linearize(skb))
1938 * The packet/size was already validated by mac80211 Rx path, only look
1939 * at the action type.
1941 switch (tf->action_code) {
1942 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST:
1943 ieee80211_process_tdls_channel_switch_req(sdata, skb);
1945 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE:
1946 ieee80211_process_tdls_channel_switch_resp(sdata, skb);
1954 void ieee80211_teardown_tdls_peers(struct ieee80211_sub_if_data *sdata)
1956 struct sta_info *sta;
1957 u16 reason = WLAN_REASON_TDLS_TEARDOWN_UNSPECIFIED;
1960 list_for_each_entry_rcu(sta, &sdata->local->sta_list, list) {
1961 if (!sta->sta.tdls || sta->sdata != sdata || !sta->uploaded ||
1962 !test_sta_flag(sta, WLAN_STA_AUTHORIZED))
1965 ieee80211_tdls_oper_request(&sdata->vif, sta->sta.addr,
1966 NL80211_TDLS_TEARDOWN, reason,
1972 void ieee80211_tdls_chsw_work(struct work_struct *wk)
1974 struct ieee80211_local *local =
1975 container_of(wk, struct ieee80211_local, tdls_chsw_work);
1976 struct ieee80211_sub_if_data *sdata;
1977 struct sk_buff *skb;
1978 struct ieee80211_tdls_data *tf;
1981 while ((skb = skb_dequeue(&local->skb_queue_tdls_chsw))) {
1982 tf = (struct ieee80211_tdls_data *)skb->data;
1983 list_for_each_entry(sdata, &local->interfaces, list) {
1984 if (!ieee80211_sdata_running(sdata) ||
1985 sdata->vif.type != NL80211_IFTYPE_STATION ||
1986 !ether_addr_equal(tf->da, sdata->vif.addr))
1989 ieee80211_process_tdls_channel_switch(sdata, skb);
projects / linux.git / blob