2 * BSS client mode implementation
3 * Copyright 2003-2008, Jouni Malinen <j@w1.fi>
4 * Copyright 2004, Instant802 Networks, Inc.
5 * Copyright 2005, Devicescape Software, Inc.
6 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
7 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License version 2 as
11 * published by the Free Software Foundation.
14 #include <linux/delay.h>
15 #include <linux/if_ether.h>
16 #include <linux/skbuff.h>
17 #include <linux/if_arp.h>
18 #include <linux/etherdevice.h>
19 #include <linux/moduleparam.h>
20 #include <linux/rtnetlink.h>
21 #include <linux/pm_qos.h>
22 #include <linux/crc32.h>
23 #include <linux/slab.h>
24 #include <linux/export.h>
25 #include <net/mac80211.h>
26 #include <asm/unaligned.h>
28 #include "ieee80211_i.h"
29 #include "driver-ops.h"
33 #define IEEE80211_AUTH_TIMEOUT (HZ / 5)
34 #define IEEE80211_AUTH_TIMEOUT_LONG (HZ / 2)
35 #define IEEE80211_AUTH_TIMEOUT_SHORT (HZ / 10)
36 #define IEEE80211_AUTH_MAX_TRIES 3
37 #define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5)
38 #define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
39 #define IEEE80211_ASSOC_TIMEOUT_LONG (HZ / 2)
40 #define IEEE80211_ASSOC_TIMEOUT_SHORT (HZ / 10)
41 #define IEEE80211_ASSOC_MAX_TRIES 3
43 static int max_nullfunc_tries = 2;
44 module_param(max_nullfunc_tries, int, 0644);
45 MODULE_PARM_DESC(max_nullfunc_tries,
46 "Maximum nullfunc tx tries before disconnecting (reason 4).");
48 static int max_probe_tries = 5;
49 module_param(max_probe_tries, int, 0644);
50 MODULE_PARM_DESC(max_probe_tries,
51 "Maximum probe tries before disconnecting (reason 4).");
54 * Beacon loss timeout is calculated as N frames times the
55 * advertised beacon interval. This may need to be somewhat
56 * higher than what hardware might detect to account for
57 * delays in the host processing frames. But since we also
58 * probe on beacon miss before declaring the connection lost
59 * default to what we want.
61 static int beacon_loss_count = 7;
62 module_param(beacon_loss_count, int, 0644);
63 MODULE_PARM_DESC(beacon_loss_count,
64 "Number of beacon intervals before we decide beacon was lost.");
67 * Time the connection can be idle before we probe
68 * it to see if we can still talk to the AP.
70 #define IEEE80211_CONNECTION_IDLE_TIME (30 * HZ)
72 * Time we wait for a probe response after sending
73 * a probe request because of beacon loss or for
74 * checking the connection still works.
76 static int probe_wait_ms = 500;
77 module_param(probe_wait_ms, int, 0644);
78 MODULE_PARM_DESC(probe_wait_ms,
79 "Maximum time(ms) to wait for probe response"
80 " before disconnecting (reason 4).");
83 * Weight given to the latest Beacon frame when calculating average signal
84 * strength for Beacon frames received in the current BSS. This must be
87 #define IEEE80211_SIGNAL_AVE_WEIGHT 3
90 * How many Beacon frames need to have been used in average signal strength
91 * before starting to indicate signal change events.
93 #define IEEE80211_SIGNAL_AVE_MIN_COUNT 4
96 * We can have multiple work items (and connection probing)
97 * scheduling this timer, but we need to take care to only
98 * reschedule it when it should fire _earlier_ than it was
99 * asked for before, or if it's not pending right now. This
100 * function ensures that. Note that it then is required to
101 * run this function for all timeouts after the first one
102 * has happened -- the work that runs from this timer will
105 static void run_again(struct ieee80211_sub_if_data *sdata,
106 unsigned long timeout)
108 sdata_assert_lock(sdata);
110 if (!timer_pending(&sdata->u.mgd.timer) ||
111 time_before(timeout, sdata->u.mgd.timer.expires))
112 mod_timer(&sdata->u.mgd.timer, timeout);
115 void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata)
117 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER)
120 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR)
123 mod_timer(&sdata->u.mgd.bcn_mon_timer,
124 round_jiffies_up(jiffies + sdata->u.mgd.beacon_timeout));
127 void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata)
129 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
131 if (unlikely(!sdata->u.mgd.associated))
134 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR)
137 mod_timer(&sdata->u.mgd.conn_mon_timer,
138 round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME));
140 ifmgd->probe_send_count = 0;
143 static int ecw2cw(int ecw)
145 return (1 << ecw) - 1;
149 ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata,
150 struct ieee80211_supported_band *sband,
151 struct ieee80211_channel *channel,
152 const struct ieee80211_ht_operation *ht_oper,
153 const struct ieee80211_vht_operation *vht_oper,
154 struct cfg80211_chan_def *chandef, bool tracking)
156 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
157 struct cfg80211_chan_def vht_chandef;
160 chandef->chan = channel;
161 chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
162 chandef->center_freq1 = channel->center_freq;
163 chandef->center_freq2 = 0;
165 if (!ht_oper || !sband->ht_cap.ht_supported) {
166 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT;
170 chandef->width = NL80211_CHAN_WIDTH_20;
172 ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan,
174 /* check that channel matches the right operating channel */
175 if (!tracking && channel->center_freq != ht_cfreq) {
177 * It's possible that some APs are confused here;
178 * Netgear WNDR3700 sometimes reports 4 higher than
179 * the actual channel in association responses, but
180 * since we look at probe response/beacon data here
184 "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n",
185 channel->center_freq, ht_cfreq,
186 ht_oper->primary_chan, channel->band);
187 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT;
191 /* check 40 MHz support, if we have it */
192 if (sband->ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) {
193 switch (ht_oper->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
194 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
195 chandef->width = NL80211_CHAN_WIDTH_40;
196 chandef->center_freq1 += 10;
198 case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
199 chandef->width = NL80211_CHAN_WIDTH_40;
200 chandef->center_freq1 -= 10;
204 /* 40 MHz (and 80 MHz) must be supported for VHT */
205 ret = IEEE80211_STA_DISABLE_VHT;
206 /* also mark 40 MHz disabled */
207 ret |= IEEE80211_STA_DISABLE_40MHZ;
211 if (!vht_oper || !sband->vht_cap.vht_supported) {
212 ret = IEEE80211_STA_DISABLE_VHT;
216 vht_chandef.chan = channel;
217 vht_chandef.center_freq1 =
218 ieee80211_channel_to_frequency(vht_oper->center_freq_seg1_idx,
220 vht_chandef.center_freq2 = 0;
222 switch (vht_oper->chan_width) {
223 case IEEE80211_VHT_CHANWIDTH_USE_HT:
224 vht_chandef.width = chandef->width;
226 case IEEE80211_VHT_CHANWIDTH_80MHZ:
227 vht_chandef.width = NL80211_CHAN_WIDTH_80;
229 case IEEE80211_VHT_CHANWIDTH_160MHZ:
230 vht_chandef.width = NL80211_CHAN_WIDTH_160;
232 case IEEE80211_VHT_CHANWIDTH_80P80MHZ:
233 vht_chandef.width = NL80211_CHAN_WIDTH_80P80;
234 vht_chandef.center_freq2 =
235 ieee80211_channel_to_frequency(
236 vht_oper->center_freq_seg2_idx,
240 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
242 "AP VHT operation IE has invalid channel width (%d), disable VHT\n",
243 vht_oper->chan_width);
244 ret = IEEE80211_STA_DISABLE_VHT;
248 if (!cfg80211_chandef_valid(&vht_chandef)) {
249 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
251 "AP VHT information is invalid, disable VHT\n");
252 ret = IEEE80211_STA_DISABLE_VHT;
256 if (cfg80211_chandef_identical(chandef, &vht_chandef)) {
261 if (!cfg80211_chandef_compatible(chandef, &vht_chandef)) {
262 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
264 "AP VHT information doesn't match HT, disable VHT\n");
265 ret = IEEE80211_STA_DISABLE_VHT;
269 *chandef = vht_chandef;
274 /* don't print the message below for VHT mismatch if VHT is disabled */
275 if (ret & IEEE80211_STA_DISABLE_VHT)
276 vht_chandef = *chandef;
279 * Ignore the DISABLED flag when we're already connected and only
280 * tracking the APs beacon for bandwidth changes - otherwise we
281 * might get disconnected here if we connect to an AP, update our
282 * regulatory information based on the AP's country IE and the
283 * information we have is wrong/outdated and disables the channel
284 * that we're actually using for the connection to the AP.
286 while (!cfg80211_chandef_usable(sdata->local->hw.wiphy, chandef,
288 IEEE80211_CHAN_DISABLED)) {
289 if (WARN_ON(chandef->width == NL80211_CHAN_WIDTH_20_NOHT)) {
290 ret = IEEE80211_STA_DISABLE_HT |
291 IEEE80211_STA_DISABLE_VHT;
295 ret |= ieee80211_chandef_downgrade(chandef);
298 if (chandef->width != vht_chandef.width && !tracking)
300 "capabilities/regulatory prevented using AP HT/VHT configuration, downgraded\n");
302 WARN_ON_ONCE(!cfg80211_chandef_valid(chandef));
306 static int ieee80211_config_bw(struct ieee80211_sub_if_data *sdata,
307 struct sta_info *sta,
308 const struct ieee80211_ht_operation *ht_oper,
309 const struct ieee80211_vht_operation *vht_oper,
310 const u8 *bssid, u32 *changed)
312 struct ieee80211_local *local = sdata->local;
313 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
314 struct ieee80211_supported_band *sband;
315 struct ieee80211_channel *chan;
316 struct cfg80211_chan_def chandef;
319 enum ieee80211_sta_rx_bandwidth new_sta_bw;
322 /* if HT was/is disabled, don't track any bandwidth changes */
323 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT || !ht_oper)
326 /* don't check VHT if we associated as non-VHT station */
327 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT)
330 if (WARN_ON_ONCE(!sta))
333 chan = sdata->vif.bss_conf.chandef.chan;
334 sband = local->hw.wiphy->bands[chan->band];
336 /* calculate new channel (type) based on HT/VHT operation IEs */
337 flags = ieee80211_determine_chantype(sdata, sband, chan, ht_oper,
338 vht_oper, &chandef, true);
341 * Downgrade the new channel if we associated with restricted
342 * capabilities. For example, if we associated as a 20 MHz STA
343 * to a 40 MHz AP (due to regulatory, capabilities or config
344 * reasons) then switching to a 40 MHz channel now won't do us
345 * any good -- we couldn't use it with the AP.
347 if (ifmgd->flags & IEEE80211_STA_DISABLE_80P80MHZ &&
348 chandef.width == NL80211_CHAN_WIDTH_80P80)
349 flags |= ieee80211_chandef_downgrade(&chandef);
350 if (ifmgd->flags & IEEE80211_STA_DISABLE_160MHZ &&
351 chandef.width == NL80211_CHAN_WIDTH_160)
352 flags |= ieee80211_chandef_downgrade(&chandef);
353 if (ifmgd->flags & IEEE80211_STA_DISABLE_40MHZ &&
354 chandef.width > NL80211_CHAN_WIDTH_20)
355 flags |= ieee80211_chandef_downgrade(&chandef);
357 if (cfg80211_chandef_identical(&chandef, &sdata->vif.bss_conf.chandef))
361 "AP %pM changed bandwidth, new config is %d MHz, width %d (%d/%d MHz)\n",
362 ifmgd->bssid, chandef.chan->center_freq, chandef.width,
363 chandef.center_freq1, chandef.center_freq2);
365 if (flags != (ifmgd->flags & (IEEE80211_STA_DISABLE_HT |
366 IEEE80211_STA_DISABLE_VHT |
367 IEEE80211_STA_DISABLE_40MHZ |
368 IEEE80211_STA_DISABLE_80P80MHZ |
369 IEEE80211_STA_DISABLE_160MHZ)) ||
370 !cfg80211_chandef_valid(&chandef)) {
372 "AP %pM changed bandwidth in a way we can't support - disconnect\n",
377 switch (chandef.width) {
378 case NL80211_CHAN_WIDTH_20_NOHT:
379 case NL80211_CHAN_WIDTH_20:
380 new_sta_bw = IEEE80211_STA_RX_BW_20;
382 case NL80211_CHAN_WIDTH_40:
383 new_sta_bw = IEEE80211_STA_RX_BW_40;
385 case NL80211_CHAN_WIDTH_80:
386 new_sta_bw = IEEE80211_STA_RX_BW_80;
388 case NL80211_CHAN_WIDTH_80P80:
389 case NL80211_CHAN_WIDTH_160:
390 new_sta_bw = IEEE80211_STA_RX_BW_160;
396 if (new_sta_bw > sta->cur_max_bandwidth)
397 new_sta_bw = sta->cur_max_bandwidth;
399 if (new_sta_bw < sta->sta.bandwidth) {
400 sta->sta.bandwidth = new_sta_bw;
401 rate_control_rate_update(local, sband, sta,
402 IEEE80211_RC_BW_CHANGED);
405 ret = ieee80211_vif_change_bandwidth(sdata, &chandef, changed);
408 "AP %pM changed bandwidth to incompatible one - disconnect\n",
413 if (new_sta_bw > sta->sta.bandwidth) {
414 sta->sta.bandwidth = new_sta_bw;
415 rate_control_rate_update(local, sband, sta,
416 IEEE80211_RC_BW_CHANGED);
419 ht_opmode = le16_to_cpu(ht_oper->operation_mode);
421 /* if bss configuration changed store the new one */
422 if (sdata->vif.bss_conf.ht_operation_mode != ht_opmode) {
423 *changed |= BSS_CHANGED_HT;
424 sdata->vif.bss_conf.ht_operation_mode = ht_opmode;
430 /* frame sending functions */
432 static void ieee80211_add_ht_ie(struct ieee80211_sub_if_data *sdata,
433 struct sk_buff *skb, u8 ap_ht_param,
434 struct ieee80211_supported_band *sband,
435 struct ieee80211_channel *channel,
436 enum ieee80211_smps_mode smps)
439 u32 flags = channel->flags;
441 struct ieee80211_sta_ht_cap ht_cap;
443 BUILD_BUG_ON(sizeof(ht_cap) != sizeof(sband->ht_cap));
445 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap));
446 ieee80211_apply_htcap_overrides(sdata, &ht_cap);
448 /* determine capability flags */
451 switch (ap_ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
452 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
453 if (flags & IEEE80211_CHAN_NO_HT40PLUS) {
454 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
455 cap &= ~IEEE80211_HT_CAP_SGI_40;
458 case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
459 if (flags & IEEE80211_CHAN_NO_HT40MINUS) {
460 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
461 cap &= ~IEEE80211_HT_CAP_SGI_40;
467 * If 40 MHz was disabled associate as though we weren't
468 * capable of 40 MHz -- some broken APs will never fall
469 * back to trying to transmit in 20 MHz.
471 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_40MHZ) {
472 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
473 cap &= ~IEEE80211_HT_CAP_SGI_40;
476 /* set SM PS mode properly */
477 cap &= ~IEEE80211_HT_CAP_SM_PS;
479 case IEEE80211_SMPS_AUTOMATIC:
480 case IEEE80211_SMPS_NUM_MODES:
482 case IEEE80211_SMPS_OFF:
483 cap |= WLAN_HT_CAP_SM_PS_DISABLED <<
484 IEEE80211_HT_CAP_SM_PS_SHIFT;
486 case IEEE80211_SMPS_STATIC:
487 cap |= WLAN_HT_CAP_SM_PS_STATIC <<
488 IEEE80211_HT_CAP_SM_PS_SHIFT;
490 case IEEE80211_SMPS_DYNAMIC:
491 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC <<
492 IEEE80211_HT_CAP_SM_PS_SHIFT;
496 /* reserve and fill IE */
497 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2);
498 ieee80211_ie_build_ht_cap(pos, &ht_cap, cap);
501 static void ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata,
503 struct ieee80211_supported_band *sband,
504 struct ieee80211_vht_cap *ap_vht_cap)
508 struct ieee80211_sta_vht_cap vht_cap;
510 BUILD_BUG_ON(sizeof(vht_cap) != sizeof(sband->vht_cap));
512 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap));
513 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap);
515 /* determine capability flags */
518 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_80P80MHZ) {
519 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ;
520 cap |= IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
523 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_160MHZ) {
524 cap &= ~IEEE80211_VHT_CAP_SHORT_GI_160;
525 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
529 * Some APs apparently get confused if our capabilities are better
530 * than theirs, so restrict what we advertise in the assoc request.
532 if (!(ap_vht_cap->vht_cap_info &
533 cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)))
534 cap &= ~IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE;
536 /* reserve and fill IE */
537 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2);
538 ieee80211_ie_build_vht_cap(pos, &vht_cap, cap);
541 static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata)
543 struct ieee80211_local *local = sdata->local;
544 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
545 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
547 struct ieee80211_mgmt *mgmt;
549 size_t offset = 0, noffset;
550 int i, count, rates_len, supp_rates_len, shift;
552 struct ieee80211_supported_band *sband;
553 struct ieee80211_chanctx_conf *chanctx_conf;
554 struct ieee80211_channel *chan;
555 u32 rate_flags, rates = 0;
557 sdata_assert_lock(sdata);
560 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
561 if (WARN_ON(!chanctx_conf)) {
565 chan = chanctx_conf->def.chan;
566 rate_flags = ieee80211_chandef_rate_flags(&chanctx_conf->def);
568 sband = local->hw.wiphy->bands[chan->band];
569 shift = ieee80211_vif_get_shift(&sdata->vif);
571 if (assoc_data->supp_rates_len) {
573 * Get all rates supported by the device and the AP as
574 * some APs don't like getting a superset of their rates
575 * in the association request (e.g. D-Link DAP 1353 in
578 rates_len = ieee80211_parse_bitrates(&chanctx_conf->def, sband,
579 assoc_data->supp_rates,
580 assoc_data->supp_rates_len,
584 * In case AP not provide any supported rates information
585 * before association, we send information element(s) with
586 * all rates that we support.
589 for (i = 0; i < sband->n_bitrates; i++) {
590 if ((rate_flags & sband->bitrates[i].flags)
598 skb = alloc_skb(local->hw.extra_tx_headroom +
599 sizeof(*mgmt) + /* bit too much but doesn't matter */
600 2 + assoc_data->ssid_len + /* SSID */
601 4 + rates_len + /* (extended) rates */
602 4 + /* power capability */
603 2 + 2 * sband->n_channels + /* supported channels */
604 2 + sizeof(struct ieee80211_ht_cap) + /* HT */
605 2 + sizeof(struct ieee80211_vht_cap) + /* VHT */
606 assoc_data->ie_len + /* extra IEs */
612 skb_reserve(skb, local->hw.extra_tx_headroom);
614 capab = WLAN_CAPABILITY_ESS;
616 if (sband->band == IEEE80211_BAND_2GHZ) {
617 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE))
618 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
619 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE))
620 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
623 if (assoc_data->capability & WLAN_CAPABILITY_PRIVACY)
624 capab |= WLAN_CAPABILITY_PRIVACY;
626 if ((assoc_data->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) &&
627 (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT))
628 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;
630 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
632 memcpy(mgmt->da, assoc_data->bss->bssid, ETH_ALEN);
633 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
634 memcpy(mgmt->bssid, assoc_data->bss->bssid, ETH_ALEN);
636 if (!is_zero_ether_addr(assoc_data->prev_bssid)) {
638 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
639 IEEE80211_STYPE_REASSOC_REQ);
640 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab);
641 mgmt->u.reassoc_req.listen_interval =
642 cpu_to_le16(local->hw.conf.listen_interval);
643 memcpy(mgmt->u.reassoc_req.current_ap, assoc_data->prev_bssid,
647 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
648 IEEE80211_STYPE_ASSOC_REQ);
649 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab);
650 mgmt->u.assoc_req.listen_interval =
651 cpu_to_le16(local->hw.conf.listen_interval);
655 pos = skb_put(skb, 2 + assoc_data->ssid_len);
656 *pos++ = WLAN_EID_SSID;
657 *pos++ = assoc_data->ssid_len;
658 memcpy(pos, assoc_data->ssid, assoc_data->ssid_len);
660 /* add all rates which were marked to be used above */
661 supp_rates_len = rates_len;
662 if (supp_rates_len > 8)
665 pos = skb_put(skb, supp_rates_len + 2);
666 *pos++ = WLAN_EID_SUPP_RATES;
667 *pos++ = supp_rates_len;
670 for (i = 0; i < sband->n_bitrates; i++) {
671 if (BIT(i) & rates) {
672 int rate = DIV_ROUND_UP(sband->bitrates[i].bitrate,
680 if (rates_len > count) {
681 pos = skb_put(skb, rates_len - count + 2);
682 *pos++ = WLAN_EID_EXT_SUPP_RATES;
683 *pos++ = rates_len - count;
685 for (i++; i < sband->n_bitrates; i++) {
686 if (BIT(i) & rates) {
688 rate = DIV_ROUND_UP(sband->bitrates[i].bitrate,
695 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) {
696 /* 1. power capabilities */
697 pos = skb_put(skb, 4);
698 *pos++ = WLAN_EID_PWR_CAPABILITY;
700 *pos++ = 0; /* min tx power */
702 *pos++ = ieee80211_chandef_max_power(&chanctx_conf->def);
704 /* 2. supported channels */
705 /* TODO: get this in reg domain format */
706 pos = skb_put(skb, 2 * sband->n_channels + 2);
707 *pos++ = WLAN_EID_SUPPORTED_CHANNELS;
708 *pos++ = 2 * sband->n_channels;
709 for (i = 0; i < sband->n_channels; i++) {
710 *pos++ = ieee80211_frequency_to_channel(
711 sband->channels[i].center_freq);
712 *pos++ = 1; /* one channel in the subband*/
716 /* if present, add any custom IEs that go before HT */
717 if (assoc_data->ie_len && assoc_data->ie) {
718 static const u8 before_ht[] = {
721 WLAN_EID_EXT_SUPP_RATES,
722 WLAN_EID_PWR_CAPABILITY,
723 WLAN_EID_SUPPORTED_CHANNELS,
726 WLAN_EID_RRM_ENABLED_CAPABILITIES,
727 WLAN_EID_MOBILITY_DOMAIN,
728 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
730 noffset = ieee80211_ie_split(assoc_data->ie, assoc_data->ie_len,
731 before_ht, ARRAY_SIZE(before_ht),
733 pos = skb_put(skb, noffset - offset);
734 memcpy(pos, assoc_data->ie + offset, noffset - offset);
738 if (WARN_ON_ONCE((ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
739 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)))
740 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
742 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT))
743 ieee80211_add_ht_ie(sdata, skb, assoc_data->ap_ht_param,
744 sband, chan, sdata->smps_mode);
746 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
747 ieee80211_add_vht_ie(sdata, skb, sband,
748 &assoc_data->ap_vht_cap);
750 /* if present, add any custom non-vendor IEs that go after HT */
751 if (assoc_data->ie_len && assoc_data->ie) {
752 noffset = ieee80211_ie_split_vendor(assoc_data->ie,
755 pos = skb_put(skb, noffset - offset);
756 memcpy(pos, assoc_data->ie + offset, noffset - offset);
760 if (assoc_data->wmm) {
761 if (assoc_data->uapsd) {
762 qos_info = ifmgd->uapsd_queues;
763 qos_info |= (ifmgd->uapsd_max_sp_len <<
764 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT);
769 pos = skb_put(skb, 9);
770 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
771 *pos++ = 7; /* len */
772 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */
775 *pos++ = 2; /* WME */
776 *pos++ = 0; /* WME info */
777 *pos++ = 1; /* WME ver */
781 /* add any remaining custom (i.e. vendor specific here) IEs */
782 if (assoc_data->ie_len && assoc_data->ie) {
783 noffset = assoc_data->ie_len;
784 pos = skb_put(skb, noffset - offset);
785 memcpy(pos, assoc_data->ie + offset, noffset - offset);
788 drv_mgd_prepare_tx(local, sdata);
790 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
791 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
792 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS |
793 IEEE80211_TX_INTFL_MLME_CONN_TX;
794 ieee80211_tx_skb(sdata, skb);
797 void ieee80211_send_pspoll(struct ieee80211_local *local,
798 struct ieee80211_sub_if_data *sdata)
800 struct ieee80211_pspoll *pspoll;
803 skb = ieee80211_pspoll_get(&local->hw, &sdata->vif);
807 pspoll = (struct ieee80211_pspoll *) skb->data;
808 pspoll->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
810 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
811 ieee80211_tx_skb(sdata, skb);
814 void ieee80211_send_nullfunc(struct ieee80211_local *local,
815 struct ieee80211_sub_if_data *sdata,
819 struct ieee80211_hdr_3addr *nullfunc;
820 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
822 skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif);
826 nullfunc = (struct ieee80211_hdr_3addr *) skb->data;
828 nullfunc->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
830 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT |
831 IEEE80211_TX_INTFL_OFFCHAN_TX_OK;
833 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
834 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
836 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL)
837 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE;
839 ieee80211_tx_skb(sdata, skb);
842 static void ieee80211_send_4addr_nullfunc(struct ieee80211_local *local,
843 struct ieee80211_sub_if_data *sdata)
846 struct ieee80211_hdr *nullfunc;
849 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
852 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30);
856 skb_reserve(skb, local->hw.extra_tx_headroom);
858 nullfunc = (struct ieee80211_hdr *) skb_put(skb, 30);
859 memset(nullfunc, 0, 30);
860 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC |
861 IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
862 nullfunc->frame_control = fc;
863 memcpy(nullfunc->addr1, sdata->u.mgd.bssid, ETH_ALEN);
864 memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN);
865 memcpy(nullfunc->addr3, sdata->u.mgd.bssid, ETH_ALEN);
866 memcpy(nullfunc->addr4, sdata->vif.addr, ETH_ALEN);
868 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
869 ieee80211_tx_skb(sdata, skb);
872 /* spectrum management related things */
873 static void ieee80211_chswitch_work(struct work_struct *work)
875 struct ieee80211_sub_if_data *sdata =
876 container_of(work, struct ieee80211_sub_if_data, u.mgd.chswitch_work);
877 struct ieee80211_local *local = sdata->local;
878 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
880 if (!ieee80211_sdata_running(sdata))
884 if (!ifmgd->associated)
887 local->_oper_chandef = local->csa_chandef;
889 if (!local->ops->channel_switch) {
890 /* call "hw_config" only if doing sw channel switch */
891 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL);
893 /* update the device channel directly */
894 local->hw.conf.chandef = local->_oper_chandef;
897 /* XXX: shouldn't really modify cfg80211-owned data! */
898 ifmgd->associated->channel = local->_oper_chandef.chan;
900 /* XXX: wait for a beacon first? */
901 ieee80211_wake_queues_by_reason(&local->hw,
902 IEEE80211_MAX_QUEUE_MAP,
903 IEEE80211_QUEUE_STOP_REASON_CSA);
905 ifmgd->flags &= ~IEEE80211_STA_CSA_RECEIVED;
909 void ieee80211_chswitch_done(struct ieee80211_vif *vif, bool success)
911 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
912 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
914 trace_api_chswitch_done(sdata, success);
917 "driver channel switch failed, disconnecting\n");
918 ieee80211_queue_work(&sdata->local->hw,
919 &ifmgd->csa_connection_drop_work);
921 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work);
924 EXPORT_SYMBOL(ieee80211_chswitch_done);
926 static void ieee80211_chswitch_timer(unsigned long data)
928 struct ieee80211_sub_if_data *sdata =
929 (struct ieee80211_sub_if_data *) data;
931 ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.chswitch_work);
935 ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata,
936 u64 timestamp, struct ieee802_11_elems *elems,
939 struct ieee80211_local *local = sdata->local;
940 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
941 struct cfg80211_bss *cbss = ifmgd->associated;
942 struct ieee80211_chanctx *chanctx;
943 enum ieee80211_band current_band;
946 struct cfg80211_chan_def new_chandef = {};
949 sdata_assert_lock(sdata);
957 /* disregard subsequent announcements if we are already processing */
958 if (ifmgd->flags & IEEE80211_STA_CSA_RECEIVED)
961 current_band = cbss->channel->band;
962 res = ieee80211_parse_ch_switch_ie(sdata, elems, beacon, current_band,
964 ifmgd->associated->bssid, &count,
965 &mode, &new_chandef);
967 ieee80211_queue_work(&local->hw,
968 &ifmgd->csa_connection_drop_work);
972 if (!cfg80211_chandef_usable(local->hw.wiphy, &new_chandef,
973 IEEE80211_CHAN_DISABLED)) {
975 "AP %pM switches to unsupported channel (%d MHz, width:%d, CF1/2: %d/%d MHz), disconnecting\n",
976 ifmgd->associated->bssid,
977 new_chandef.chan->center_freq,
978 new_chandef.width, new_chandef.center_freq1,
979 new_chandef.center_freq2);
980 ieee80211_queue_work(&local->hw,
981 &ifmgd->csa_connection_drop_work);
985 ifmgd->flags |= IEEE80211_STA_CSA_RECEIVED;
987 if (local->use_chanctx) {
989 "not handling channel switch with channel contexts\n");
990 ieee80211_queue_work(&local->hw,
991 &ifmgd->csa_connection_drop_work);
995 mutex_lock(&local->chanctx_mtx);
996 if (WARN_ON(!rcu_access_pointer(sdata->vif.chanctx_conf))) {
997 mutex_unlock(&local->chanctx_mtx);
1000 chanctx = container_of(rcu_access_pointer(sdata->vif.chanctx_conf),
1001 struct ieee80211_chanctx, conf);
1002 if (chanctx->refcount > 1) {
1004 "channel switch with multiple interfaces on the same channel, disconnecting\n");
1005 ieee80211_queue_work(&local->hw,
1006 &ifmgd->csa_connection_drop_work);
1007 mutex_unlock(&local->chanctx_mtx);
1010 mutex_unlock(&local->chanctx_mtx);
1012 local->csa_chandef = new_chandef;
1015 ieee80211_stop_queues_by_reason(&local->hw,
1016 IEEE80211_MAX_QUEUE_MAP,
1017 IEEE80211_QUEUE_STOP_REASON_CSA);
1019 if (local->ops->channel_switch) {
1020 /* use driver's channel switch callback */
1021 struct ieee80211_channel_switch ch_switch = {
1022 .timestamp = timestamp,
1024 .chandef = new_chandef,
1028 drv_channel_switch(local, &ch_switch);
1032 /* channel switch handled in software */
1034 ieee80211_queue_work(&local->hw, &ifmgd->chswitch_work);
1036 mod_timer(&ifmgd->chswitch_timer,
1037 TU_TO_EXP_TIME(count * cbss->beacon_interval));
1040 static u32 ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata,
1041 struct ieee80211_channel *channel,
1042 const u8 *country_ie, u8 country_ie_len,
1043 const u8 *pwr_constr_elem)
1045 struct ieee80211_country_ie_triplet *triplet;
1046 int chan = ieee80211_frequency_to_channel(channel->center_freq);
1047 int i, chan_pwr, chan_increment, new_ap_level;
1048 bool have_chan_pwr = false;
1051 if (country_ie_len % 2 || country_ie_len < IEEE80211_COUNTRY_IE_MIN_LEN)
1054 triplet = (void *)(country_ie + 3);
1055 country_ie_len -= 3;
1057 switch (channel->band) {
1061 case IEEE80211_BAND_2GHZ:
1062 case IEEE80211_BAND_60GHZ:
1065 case IEEE80211_BAND_5GHZ:
1071 while (country_ie_len >= 3) {
1072 u8 first_channel = triplet->chans.first_channel;
1074 if (first_channel >= IEEE80211_COUNTRY_EXTENSION_ID)
1077 for (i = 0; i < triplet->chans.num_channels; i++) {
1078 if (first_channel + i * chan_increment == chan) {
1079 have_chan_pwr = true;
1080 chan_pwr = triplet->chans.max_power;
1089 country_ie_len -= 3;
1095 new_ap_level = max_t(int, 0, chan_pwr - *pwr_constr_elem);
1097 if (sdata->ap_power_level == new_ap_level)
1101 "Limiting TX power to %d (%d - %d) dBm as advertised by %pM\n",
1102 new_ap_level, chan_pwr, *pwr_constr_elem,
1103 sdata->u.mgd.bssid);
1104 sdata->ap_power_level = new_ap_level;
1105 if (__ieee80211_recalc_txpower(sdata))
1106 return BSS_CHANGED_TXPOWER;
1111 static void ieee80211_enable_ps(struct ieee80211_local *local,
1112 struct ieee80211_sub_if_data *sdata)
1114 struct ieee80211_conf *conf = &local->hw.conf;
1117 * If we are scanning right now then the parameters will
1118 * take effect when scan finishes.
1120 if (local->scanning)
1123 if (conf->dynamic_ps_timeout > 0 &&
1124 !(local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)) {
1125 mod_timer(&local->dynamic_ps_timer, jiffies +
1126 msecs_to_jiffies(conf->dynamic_ps_timeout));
1128 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)
1129 ieee80211_send_nullfunc(local, sdata, 1);
1131 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) &&
1132 (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS))
1135 conf->flags |= IEEE80211_CONF_PS;
1136 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1140 static void ieee80211_change_ps(struct ieee80211_local *local)
1142 struct ieee80211_conf *conf = &local->hw.conf;
1144 if (local->ps_sdata) {
1145 ieee80211_enable_ps(local, local->ps_sdata);
1146 } else if (conf->flags & IEEE80211_CONF_PS) {
1147 conf->flags &= ~IEEE80211_CONF_PS;
1148 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1149 del_timer_sync(&local->dynamic_ps_timer);
1150 cancel_work_sync(&local->dynamic_ps_enable_work);
1154 static bool ieee80211_powersave_allowed(struct ieee80211_sub_if_data *sdata)
1156 struct ieee80211_if_managed *mgd = &sdata->u.mgd;
1157 struct sta_info *sta = NULL;
1158 bool authorized = false;
1160 if (!mgd->powersave)
1166 if (!mgd->associated)
1169 if (mgd->flags & IEEE80211_STA_CONNECTION_POLL)
1172 if (!mgd->have_beacon)
1176 sta = sta_info_get(sdata, mgd->bssid);
1178 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED);
1184 /* need to hold RTNL or interface lock */
1185 void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency)
1187 struct ieee80211_sub_if_data *sdata, *found = NULL;
1191 if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_PS)) {
1192 local->ps_sdata = NULL;
1196 list_for_each_entry(sdata, &local->interfaces, list) {
1197 if (!ieee80211_sdata_running(sdata))
1199 if (sdata->vif.type == NL80211_IFTYPE_AP) {
1200 /* If an AP vif is found, then disable PS
1201 * by setting the count to zero thereby setting
1207 if (sdata->vif.type != NL80211_IFTYPE_STATION)
1213 if (count == 1 && ieee80211_powersave_allowed(found)) {
1217 latency = pm_qos_request(PM_QOS_NETWORK_LATENCY);
1219 beaconint_us = ieee80211_tu_to_usec(
1220 found->vif.bss_conf.beacon_int);
1222 timeout = local->dynamic_ps_forced_timeout;
1225 * Go to full PSM if the user configures a very low
1226 * latency requirement.
1227 * The 2000 second value is there for compatibility
1228 * until the PM_QOS_NETWORK_LATENCY is configured
1231 if (latency > (1900 * USEC_PER_MSEC) &&
1232 latency != (2000 * USEC_PER_SEC))
1237 local->hw.conf.dynamic_ps_timeout = timeout;
1239 if (beaconint_us > latency) {
1240 local->ps_sdata = NULL;
1243 u8 dtimper = found->u.mgd.dtim_period;
1245 /* If the TIM IE is invalid, pretend the value is 1 */
1248 else if (dtimper > 1)
1249 maxslp = min_t(int, dtimper,
1250 latency / beaconint_us);
1252 local->hw.conf.max_sleep_period = maxslp;
1253 local->hw.conf.ps_dtim_period = dtimper;
1254 local->ps_sdata = found;
1257 local->ps_sdata = NULL;
1260 ieee80211_change_ps(local);
1263 void ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data *sdata)
1265 bool ps_allowed = ieee80211_powersave_allowed(sdata);
1267 if (sdata->vif.bss_conf.ps != ps_allowed) {
1268 sdata->vif.bss_conf.ps = ps_allowed;
1269 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_PS);
1273 void ieee80211_dynamic_ps_disable_work(struct work_struct *work)
1275 struct ieee80211_local *local =
1276 container_of(work, struct ieee80211_local,
1277 dynamic_ps_disable_work);
1279 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
1280 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
1281 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1284 ieee80211_wake_queues_by_reason(&local->hw,
1285 IEEE80211_MAX_QUEUE_MAP,
1286 IEEE80211_QUEUE_STOP_REASON_PS);
1289 void ieee80211_dynamic_ps_enable_work(struct work_struct *work)
1291 struct ieee80211_local *local =
1292 container_of(work, struct ieee80211_local,
1293 dynamic_ps_enable_work);
1294 struct ieee80211_sub_if_data *sdata = local->ps_sdata;
1295 struct ieee80211_if_managed *ifmgd;
1296 unsigned long flags;
1299 /* can only happen when PS was just disabled anyway */
1303 ifmgd = &sdata->u.mgd;
1305 if (local->hw.conf.flags & IEEE80211_CONF_PS)
1308 if (local->hw.conf.dynamic_ps_timeout > 0) {
1309 /* don't enter PS if TX frames are pending */
1310 if (drv_tx_frames_pending(local)) {
1311 mod_timer(&local->dynamic_ps_timer, jiffies +
1313 local->hw.conf.dynamic_ps_timeout));
1318 * transmission can be stopped by others which leads to
1319 * dynamic_ps_timer expiry. Postpone the ps timer if it
1320 * is not the actual idle state.
1322 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
1323 for (q = 0; q < local->hw.queues; q++) {
1324 if (local->queue_stop_reasons[q]) {
1325 spin_unlock_irqrestore(&local->queue_stop_reason_lock,
1327 mod_timer(&local->dynamic_ps_timer, jiffies +
1329 local->hw.conf.dynamic_ps_timeout));
1333 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
1336 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) &&
1337 !(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) {
1338 if (drv_tx_frames_pending(local)) {
1339 mod_timer(&local->dynamic_ps_timer, jiffies +
1341 local->hw.conf.dynamic_ps_timeout));
1343 ieee80211_send_nullfunc(local, sdata, 1);
1344 /* Flush to get the tx status of nullfunc frame */
1345 ieee80211_flush_queues(local, sdata);
1349 if (!((local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) &&
1350 (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)) ||
1351 (ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) {
1352 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED;
1353 local->hw.conf.flags |= IEEE80211_CONF_PS;
1354 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1358 void ieee80211_dynamic_ps_timer(unsigned long data)
1360 struct ieee80211_local *local = (void *) data;
1362 if (local->quiescing || local->suspended)
1365 ieee80211_queue_work(&local->hw, &local->dynamic_ps_enable_work);
1368 void ieee80211_dfs_cac_timer_work(struct work_struct *work)
1370 struct delayed_work *delayed_work =
1371 container_of(work, struct delayed_work, work);
1372 struct ieee80211_sub_if_data *sdata =
1373 container_of(delayed_work, struct ieee80211_sub_if_data,
1374 dfs_cac_timer_work);
1376 ieee80211_vif_release_channel(sdata);
1378 cfg80211_cac_event(sdata->dev, NL80211_RADAR_CAC_FINISHED, GFP_KERNEL);
1382 static bool ieee80211_sta_wmm_params(struct ieee80211_local *local,
1383 struct ieee80211_sub_if_data *sdata,
1384 const u8 *wmm_param, size_t wmm_param_len)
1386 struct ieee80211_tx_queue_params params;
1387 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1391 u8 uapsd_queues = 0;
1393 if (!local->ops->conf_tx)
1396 if (local->hw.queues < IEEE80211_NUM_ACS)
1402 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1)
1405 if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED)
1406 uapsd_queues = ifmgd->uapsd_queues;
1408 count = wmm_param[6] & 0x0f;
1409 if (count == ifmgd->wmm_last_param_set)
1411 ifmgd->wmm_last_param_set = count;
1413 pos = wmm_param + 8;
1414 left = wmm_param_len - 8;
1416 memset(¶ms, 0, sizeof(params));
1419 for (; left >= 4; left -= 4, pos += 4) {
1420 int aci = (pos[0] >> 5) & 0x03;
1421 int acm = (pos[0] >> 4) & 0x01;
1429 sdata->wmm_acm |= BIT(1) | BIT(2); /* BK/- */
1430 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK)
1436 sdata->wmm_acm |= BIT(4) | BIT(5); /* CL/VI */
1437 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI)
1443 sdata->wmm_acm |= BIT(6) | BIT(7); /* VO/NC */
1444 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO)
1451 sdata->wmm_acm |= BIT(0) | BIT(3); /* BE/EE */
1452 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE)
1457 params.aifs = pos[0] & 0x0f;
1458 params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4);
1459 params.cw_min = ecw2cw(pos[1] & 0x0f);
1460 params.txop = get_unaligned_le16(pos + 2);
1462 params.uapsd = uapsd;
1465 "WMM queue=%d aci=%d acm=%d aifs=%d cWmin=%d cWmax=%d txop=%d uapsd=%d\n",
1467 params.aifs, params.cw_min, params.cw_max,
1468 params.txop, params.uapsd);
1469 sdata->tx_conf[queue] = params;
1470 if (drv_conf_tx(local, sdata, queue, ¶ms))
1472 "failed to set TX queue parameters for queue %d\n",
1476 /* enable WMM or activate new settings */
1477 sdata->vif.bss_conf.qos = true;
1481 static void __ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata)
1483 lockdep_assert_held(&sdata->local->mtx);
1485 sdata->u.mgd.flags &= ~IEEE80211_STA_CONNECTION_POLL;
1486 ieee80211_run_deferred_scan(sdata->local);
1489 static void ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata)
1491 mutex_lock(&sdata->local->mtx);
1492 __ieee80211_stop_poll(sdata);
1493 mutex_unlock(&sdata->local->mtx);
1496 static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata,
1497 u16 capab, bool erp_valid, u8 erp)
1499 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
1501 bool use_protection;
1502 bool use_short_preamble;
1503 bool use_short_slot;
1506 use_protection = (erp & WLAN_ERP_USE_PROTECTION) != 0;
1507 use_short_preamble = (erp & WLAN_ERP_BARKER_PREAMBLE) == 0;
1509 use_protection = false;
1510 use_short_preamble = !!(capab & WLAN_CAPABILITY_SHORT_PREAMBLE);
1513 use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME);
1514 if (ieee80211_get_sdata_band(sdata) == IEEE80211_BAND_5GHZ)
1515 use_short_slot = true;
1517 if (use_protection != bss_conf->use_cts_prot) {
1518 bss_conf->use_cts_prot = use_protection;
1519 changed |= BSS_CHANGED_ERP_CTS_PROT;
1522 if (use_short_preamble != bss_conf->use_short_preamble) {
1523 bss_conf->use_short_preamble = use_short_preamble;
1524 changed |= BSS_CHANGED_ERP_PREAMBLE;
1527 if (use_short_slot != bss_conf->use_short_slot) {
1528 bss_conf->use_short_slot = use_short_slot;
1529 changed |= BSS_CHANGED_ERP_SLOT;
1535 static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
1536 struct cfg80211_bss *cbss,
1537 u32 bss_info_changed)
1539 struct ieee80211_bss *bss = (void *)cbss->priv;
1540 struct ieee80211_local *local = sdata->local;
1541 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
1543 bss_info_changed |= BSS_CHANGED_ASSOC;
1544 bss_info_changed |= ieee80211_handle_bss_capability(sdata,
1545 bss_conf->assoc_capability, bss->has_erp_value, bss->erp_value);
1547 sdata->u.mgd.beacon_timeout = usecs_to_jiffies(ieee80211_tu_to_usec(
1548 beacon_loss_count * bss_conf->beacon_int));
1550 sdata->u.mgd.associated = cbss;
1551 memcpy(sdata->u.mgd.bssid, cbss->bssid, ETH_ALEN);
1553 sdata->u.mgd.flags |= IEEE80211_STA_RESET_SIGNAL_AVE;
1555 if (sdata->vif.p2p) {
1556 const struct cfg80211_bss_ies *ies;
1559 ies = rcu_dereference(cbss->ies);
1563 ret = cfg80211_get_p2p_attr(
1564 ies->data, ies->len,
1565 IEEE80211_P2P_ATTR_ABSENCE_NOTICE,
1566 (u8 *) &bss_conf->p2p_noa_attr,
1567 sizeof(bss_conf->p2p_noa_attr));
1569 sdata->u.mgd.p2p_noa_index =
1570 bss_conf->p2p_noa_attr.index;
1571 bss_info_changed |= BSS_CHANGED_P2P_PS;
1577 /* just to be sure */
1578 ieee80211_stop_poll(sdata);
1580 ieee80211_led_assoc(local, 1);
1582 if (sdata->u.mgd.have_beacon) {
1584 * If the AP is buggy we may get here with no DTIM period
1585 * known, so assume it's 1 which is the only safe assumption
1586 * in that case, although if the TIM IE is broken powersave
1587 * probably just won't work at all.
1589 bss_conf->dtim_period = sdata->u.mgd.dtim_period ?: 1;
1590 bss_conf->beacon_rate = bss->beacon_rate;
1591 bss_info_changed |= BSS_CHANGED_BEACON_INFO;
1593 bss_conf->beacon_rate = NULL;
1594 bss_conf->dtim_period = 0;
1597 bss_conf->assoc = 1;
1599 /* Tell the driver to monitor connection quality (if supported) */
1600 if (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI &&
1601 bss_conf->cqm_rssi_thold)
1602 bss_info_changed |= BSS_CHANGED_CQM;
1604 /* Enable ARP filtering */
1605 if (bss_conf->arp_addr_cnt)
1606 bss_info_changed |= BSS_CHANGED_ARP_FILTER;
1608 ieee80211_bss_info_change_notify(sdata, bss_info_changed);
1610 mutex_lock(&local->iflist_mtx);
1611 ieee80211_recalc_ps(local, -1);
1612 mutex_unlock(&local->iflist_mtx);
1614 ieee80211_recalc_smps(sdata);
1615 ieee80211_recalc_ps_vif(sdata);
1617 netif_carrier_on(sdata->dev);
1620 static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
1621 u16 stype, u16 reason, bool tx,
1624 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1625 struct ieee80211_local *local = sdata->local;
1628 sdata_assert_lock(sdata);
1630 if (WARN_ON_ONCE(tx && !frame_buf))
1633 if (WARN_ON(!ifmgd->associated))
1636 ieee80211_stop_poll(sdata);
1638 ifmgd->associated = NULL;
1639 netif_carrier_off(sdata->dev);
1642 * if we want to get out of ps before disassoc (why?) we have
1643 * to do it before sending disassoc, as otherwise the null-packet
1646 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
1647 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
1648 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1650 local->ps_sdata = NULL;
1652 /* disable per-vif ps */
1653 ieee80211_recalc_ps_vif(sdata);
1655 /* flush out any pending frame (e.g. DELBA) before deauth/disassoc */
1657 ieee80211_flush_queues(local, sdata);
1659 /* deauthenticate/disassociate now */
1660 if (tx || frame_buf)
1661 ieee80211_send_deauth_disassoc(sdata, ifmgd->bssid, stype,
1662 reason, tx, frame_buf);
1664 /* flush out frame */
1666 ieee80211_flush_queues(local, sdata);
1668 /* clear bssid only after building the needed mgmt frames */
1669 memset(ifmgd->bssid, 0, ETH_ALEN);
1671 /* remove AP and TDLS peers */
1672 sta_info_flush_defer(sdata);
1674 /* finally reset all BSS / config parameters */
1675 changed |= ieee80211_reset_erp_info(sdata);
1677 ieee80211_led_assoc(local, 0);
1678 changed |= BSS_CHANGED_ASSOC;
1679 sdata->vif.bss_conf.assoc = false;
1681 ifmgd->p2p_noa_index = -1;
1682 memset(&sdata->vif.bss_conf.p2p_noa_attr, 0,
1683 sizeof(sdata->vif.bss_conf.p2p_noa_attr));
1685 /* on the next assoc, re-program HT/VHT parameters */
1686 memset(&ifmgd->ht_capa, 0, sizeof(ifmgd->ht_capa));
1687 memset(&ifmgd->ht_capa_mask, 0, sizeof(ifmgd->ht_capa_mask));
1688 memset(&ifmgd->vht_capa, 0, sizeof(ifmgd->vht_capa));
1689 memset(&ifmgd->vht_capa_mask, 0, sizeof(ifmgd->vht_capa_mask));
1691 sdata->ap_power_level = IEEE80211_UNSET_POWER_LEVEL;
1693 del_timer_sync(&local->dynamic_ps_timer);
1694 cancel_work_sync(&local->dynamic_ps_enable_work);
1696 /* Disable ARP filtering */
1697 if (sdata->vif.bss_conf.arp_addr_cnt)
1698 changed |= BSS_CHANGED_ARP_FILTER;
1700 sdata->vif.bss_conf.qos = false;
1701 changed |= BSS_CHANGED_QOS;
1703 /* The BSSID (not really interesting) and HT changed */
1704 changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT;
1705 ieee80211_bss_info_change_notify(sdata, changed);
1707 /* disassociated - set to defaults now */
1708 ieee80211_set_wmm_default(sdata, false);
1710 del_timer_sync(&sdata->u.mgd.conn_mon_timer);
1711 del_timer_sync(&sdata->u.mgd.bcn_mon_timer);
1712 del_timer_sync(&sdata->u.mgd.timer);
1713 del_timer_sync(&sdata->u.mgd.chswitch_timer);
1715 sdata->vif.bss_conf.dtim_period = 0;
1716 sdata->vif.bss_conf.beacon_rate = NULL;
1718 ifmgd->have_beacon = false;
1721 ieee80211_vif_release_channel(sdata);
1724 void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata,
1725 struct ieee80211_hdr *hdr)
1728 * We can postpone the mgd.timer whenever receiving unicast frames
1729 * from AP because we know that the connection is working both ways
1730 * at that time. But multicast frames (and hence also beacons) must
1731 * be ignored here, because we need to trigger the timer during
1732 * data idle periods for sending the periodic probe request to the
1733 * AP we're connected to.
1735 if (is_multicast_ether_addr(hdr->addr1))
1738 ieee80211_sta_reset_conn_monitor(sdata);
1741 static void ieee80211_reset_ap_probe(struct ieee80211_sub_if_data *sdata)
1743 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1744 struct ieee80211_local *local = sdata->local;
1746 mutex_lock(&local->mtx);
1747 if (!(ifmgd->flags & IEEE80211_STA_CONNECTION_POLL))
1750 __ieee80211_stop_poll(sdata);
1752 mutex_lock(&local->iflist_mtx);
1753 ieee80211_recalc_ps(local, -1);
1754 mutex_unlock(&local->iflist_mtx);
1756 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR)
1760 * We've received a probe response, but are not sure whether
1761 * we have or will be receiving any beacons or data, so let's
1762 * schedule the timers again, just in case.
1764 ieee80211_sta_reset_beacon_monitor(sdata);
1766 mod_timer(&ifmgd->conn_mon_timer,
1767 round_jiffies_up(jiffies +
1768 IEEE80211_CONNECTION_IDLE_TIME));
1770 mutex_unlock(&local->mtx);
1773 void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata,
1774 struct ieee80211_hdr *hdr, bool ack)
1776 if (!ieee80211_is_data(hdr->frame_control))
1779 if (ieee80211_is_nullfunc(hdr->frame_control) &&
1780 sdata->u.mgd.probe_send_count > 0) {
1782 ieee80211_sta_reset_conn_monitor(sdata);
1784 sdata->u.mgd.nullfunc_failed = true;
1785 ieee80211_queue_work(&sdata->local->hw, &sdata->work);
1790 ieee80211_sta_reset_conn_monitor(sdata);
1793 static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata)
1795 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1797 u8 *dst = ifmgd->associated->bssid;
1798 u8 unicast_limit = max(1, max_probe_tries - 3);
1801 * Try sending broadcast probe requests for the last three
1802 * probe requests after the first ones failed since some
1803 * buggy APs only support broadcast probe requests.
1805 if (ifmgd->probe_send_count >= unicast_limit)
1809 * When the hardware reports an accurate Tx ACK status, it's
1810 * better to send a nullfunc frame instead of a probe request,
1811 * as it will kick us off the AP quickly if we aren't associated
1812 * anymore. The timeout will be reset if the frame is ACKed by
1815 ifmgd->probe_send_count++;
1817 if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) {
1818 ifmgd->nullfunc_failed = false;
1819 ieee80211_send_nullfunc(sdata->local, sdata, 0);
1824 ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID);
1825 if (WARN_ON_ONCE(ssid == NULL))
1830 ieee80211_send_probe_req(sdata, dst, ssid + 2, ssid_len, NULL,
1831 0, (u32) -1, true, 0,
1832 ifmgd->associated->channel, false);
1836 ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms);
1837 run_again(sdata, ifmgd->probe_timeout);
1838 if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
1839 ieee80211_flush_queues(sdata->local, sdata);
1842 static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata,
1845 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1846 bool already = false;
1848 if (!ieee80211_sdata_running(sdata))
1853 if (!ifmgd->associated)
1856 mutex_lock(&sdata->local->mtx);
1858 if (sdata->local->tmp_channel || sdata->local->scanning) {
1859 mutex_unlock(&sdata->local->mtx);
1864 mlme_dbg_ratelimited(sdata,
1865 "detected beacon loss from AP (missed %d beacons) - probing\n",
1868 ieee80211_cqm_rssi_notify(&sdata->vif,
1869 NL80211_CQM_RSSI_BEACON_LOSS_EVENT,
1874 * The driver/our work has already reported this event or the
1875 * connection monitoring has kicked in and we have already sent
1876 * a probe request. Or maybe the AP died and the driver keeps
1877 * reporting until we disassociate...
1879 * In either case we have to ignore the current call to this
1880 * function (except for setting the correct probe reason bit)
1881 * because otherwise we would reset the timer every time and
1882 * never check whether we received a probe response!
1884 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL)
1887 mutex_unlock(&sdata->local->mtx);
1892 mutex_lock(&sdata->local->iflist_mtx);
1893 ieee80211_recalc_ps(sdata->local, -1);
1894 mutex_unlock(&sdata->local->iflist_mtx);
1896 ifmgd->probe_send_count = 0;
1897 ieee80211_mgd_probe_ap_send(sdata);
1899 sdata_unlock(sdata);
1902 struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw,
1903 struct ieee80211_vif *vif)
1905 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1906 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1907 struct cfg80211_bss *cbss;
1908 struct sk_buff *skb;
1912 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
1915 sdata_assert_lock(sdata);
1917 if (ifmgd->associated)
1918 cbss = ifmgd->associated;
1919 else if (ifmgd->auth_data)
1920 cbss = ifmgd->auth_data->bss;
1921 else if (ifmgd->assoc_data)
1922 cbss = ifmgd->assoc_data->bss;
1927 ssid = ieee80211_bss_get_ie(cbss, WLAN_EID_SSID);
1928 if (WARN_ON_ONCE(ssid == NULL))
1933 skb = ieee80211_build_probe_req(sdata, cbss->bssid,
1934 (u32) -1, cbss->channel,
1941 EXPORT_SYMBOL(ieee80211_ap_probereq_get);
1943 static void __ieee80211_disconnect(struct ieee80211_sub_if_data *sdata)
1945 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1946 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
1949 if (!ifmgd->associated) {
1950 sdata_unlock(sdata);
1954 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
1955 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
1957 ifmgd->flags &= ~IEEE80211_STA_CSA_RECEIVED;
1958 ieee80211_wake_queues_by_reason(&sdata->local->hw,
1959 IEEE80211_MAX_QUEUE_MAP,
1960 IEEE80211_QUEUE_STOP_REASON_CSA);
1962 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,
1963 IEEE80211_DEAUTH_FRAME_LEN);
1964 sdata_unlock(sdata);
1967 static void ieee80211_beacon_connection_loss_work(struct work_struct *work)
1969 struct ieee80211_sub_if_data *sdata =
1970 container_of(work, struct ieee80211_sub_if_data,
1971 u.mgd.beacon_connection_loss_work);
1972 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1973 struct sta_info *sta;
1975 if (ifmgd->associated) {
1977 sta = sta_info_get(sdata, ifmgd->bssid);
1979 sta->beacon_loss_count++;
1983 if (ifmgd->connection_loss) {
1984 sdata_info(sdata, "Connection to AP %pM lost\n",
1986 __ieee80211_disconnect(sdata);
1988 ieee80211_mgd_probe_ap(sdata, true);
1992 static void ieee80211_csa_connection_drop_work(struct work_struct *work)
1994 struct ieee80211_sub_if_data *sdata =
1995 container_of(work, struct ieee80211_sub_if_data,
1996 u.mgd.csa_connection_drop_work);
1998 __ieee80211_disconnect(sdata);
2001 void ieee80211_beacon_loss(struct ieee80211_vif *vif)
2003 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2004 struct ieee80211_hw *hw = &sdata->local->hw;
2006 trace_api_beacon_loss(sdata);
2008 sdata->u.mgd.connection_loss = false;
2009 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work);
2011 EXPORT_SYMBOL(ieee80211_beacon_loss);
2013 void ieee80211_connection_loss(struct ieee80211_vif *vif)
2015 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2016 struct ieee80211_hw *hw = &sdata->local->hw;
2018 trace_api_connection_loss(sdata);
2020 sdata->u.mgd.connection_loss = true;
2021 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work);
2023 EXPORT_SYMBOL(ieee80211_connection_loss);
2026 static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata,
2029 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data;
2031 sdata_assert_lock(sdata);
2034 sta_info_destroy_addr(sdata, auth_data->bss->bssid);
2036 memset(sdata->u.mgd.bssid, 0, ETH_ALEN);
2037 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
2038 sdata->u.mgd.flags = 0;
2039 ieee80211_vif_release_channel(sdata);
2042 cfg80211_put_bss(sdata->local->hw.wiphy, auth_data->bss);
2044 sdata->u.mgd.auth_data = NULL;
2047 static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata,
2048 struct ieee80211_mgmt *mgmt, size_t len)
2050 struct ieee80211_local *local = sdata->local;
2051 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data;
2053 struct ieee802_11_elems elems;
2056 pos = mgmt->u.auth.variable;
2057 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems);
2058 if (!elems.challenge)
2060 auth_data->expected_transaction = 4;
2061 drv_mgd_prepare_tx(sdata->local, sdata);
2062 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
2063 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
2064 IEEE80211_TX_INTFL_MLME_CONN_TX;
2065 ieee80211_send_auth(sdata, 3, auth_data->algorithm, 0,
2066 elems.challenge - 2, elems.challenge_len + 2,
2067 auth_data->bss->bssid, auth_data->bss->bssid,
2068 auth_data->key, auth_data->key_len,
2069 auth_data->key_idx, tx_flags);
2072 static void ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata,
2073 struct ieee80211_mgmt *mgmt, size_t len)
2075 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2077 u16 auth_alg, auth_transaction, status_code;
2078 struct sta_info *sta;
2080 sdata_assert_lock(sdata);
2085 if (!ifmgd->auth_data || ifmgd->auth_data->done)
2088 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN);
2090 if (!ether_addr_equal(bssid, mgmt->bssid))
2093 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
2094 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
2095 status_code = le16_to_cpu(mgmt->u.auth.status_code);
2097 if (auth_alg != ifmgd->auth_data->algorithm ||
2098 auth_transaction != ifmgd->auth_data->expected_transaction) {
2099 sdata_info(sdata, "%pM unexpected authentication state: alg %d (expected %d) transact %d (expected %d)\n",
2100 mgmt->sa, auth_alg, ifmgd->auth_data->algorithm,
2102 ifmgd->auth_data->expected_transaction);
2106 if (status_code != WLAN_STATUS_SUCCESS) {
2107 sdata_info(sdata, "%pM denied authentication (status %d)\n",
2108 mgmt->sa, status_code);
2109 ieee80211_destroy_auth_data(sdata, false);
2110 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
2114 switch (ifmgd->auth_data->algorithm) {
2115 case WLAN_AUTH_OPEN:
2116 case WLAN_AUTH_LEAP:
2120 case WLAN_AUTH_SHARED_KEY:
2121 if (ifmgd->auth_data->expected_transaction != 4) {
2122 ieee80211_auth_challenge(sdata, mgmt, len);
2123 /* need another frame */
2128 WARN_ONCE(1, "invalid auth alg %d",
2129 ifmgd->auth_data->algorithm);
2133 sdata_info(sdata, "authenticated\n");
2134 ifmgd->auth_data->done = true;
2135 ifmgd->auth_data->timeout = jiffies + IEEE80211_AUTH_WAIT_ASSOC;
2136 ifmgd->auth_data->timeout_started = true;
2137 run_again(sdata, ifmgd->auth_data->timeout);
2139 if (ifmgd->auth_data->algorithm == WLAN_AUTH_SAE &&
2140 ifmgd->auth_data->expected_transaction != 2) {
2142 * Report auth frame to user space for processing since another
2143 * round of Authentication frames is still needed.
2145 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
2149 /* move station state to auth */
2150 mutex_lock(&sdata->local->sta_mtx);
2151 sta = sta_info_get(sdata, bssid);
2153 WARN_ONCE(1, "%s: STA %pM not found", sdata->name, bssid);
2156 if (sta_info_move_state(sta, IEEE80211_STA_AUTH)) {
2157 sdata_info(sdata, "failed moving %pM to auth\n", bssid);
2160 mutex_unlock(&sdata->local->sta_mtx);
2162 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
2165 mutex_unlock(&sdata->local->sta_mtx);
2166 /* ignore frame -- wait for timeout */
2170 static void ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata,
2171 struct ieee80211_mgmt *mgmt, size_t len)
2173 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2174 const u8 *bssid = NULL;
2177 sdata_assert_lock(sdata);
2182 if (!ifmgd->associated ||
2183 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid))
2186 bssid = ifmgd->associated->bssid;
2188 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
2190 sdata_info(sdata, "deauthenticated from %pM (Reason: %u)\n",
2191 bssid, reason_code);
2193 ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
2195 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
2199 static void ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata,
2200 struct ieee80211_mgmt *mgmt, size_t len)
2202 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2205 sdata_assert_lock(sdata);
2210 if (!ifmgd->associated ||
2211 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid))
2214 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
2216 sdata_info(sdata, "disassociated from %pM (Reason: %u)\n",
2217 mgmt->sa, reason_code);
2219 ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
2221 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
2224 static void ieee80211_get_rates(struct ieee80211_supported_band *sband,
2225 u8 *supp_rates, unsigned int supp_rates_len,
2226 u32 *rates, u32 *basic_rates,
2227 bool *have_higher_than_11mbit,
2228 int *min_rate, int *min_rate_index,
2229 int shift, u32 rate_flags)
2233 for (i = 0; i < supp_rates_len; i++) {
2234 int rate = supp_rates[i] & 0x7f;
2235 bool is_basic = !!(supp_rates[i] & 0x80);
2237 if ((rate * 5 * (1 << shift)) > 110)
2238 *have_higher_than_11mbit = true;
2241 * BSS_MEMBERSHIP_SELECTOR_HT_PHY is defined in 802.11n-2009
2242 * 7.3.2.2 as a magic value instead of a rate. Hence, skip it.
2244 * Note: Even through the membership selector and the basic
2245 * rate flag share the same bit, they are not exactly
2248 if (!!(supp_rates[i] & 0x80) &&
2249 (supp_rates[i] & 0x7f) == BSS_MEMBERSHIP_SELECTOR_HT_PHY)
2252 for (j = 0; j < sband->n_bitrates; j++) {
2253 struct ieee80211_rate *br;
2256 br = &sband->bitrates[j];
2257 if ((rate_flags & br->flags) != rate_flags)
2260 brate = DIV_ROUND_UP(br->bitrate, (1 << shift) * 5);
2261 if (brate == rate) {
2264 *basic_rates |= BIT(j);
2265 if ((rate * 5) < *min_rate) {
2266 *min_rate = rate * 5;
2267 *min_rate_index = j;
2275 static void ieee80211_destroy_assoc_data(struct ieee80211_sub_if_data *sdata,
2278 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data;
2280 sdata_assert_lock(sdata);
2283 sta_info_destroy_addr(sdata, assoc_data->bss->bssid);
2285 memset(sdata->u.mgd.bssid, 0, ETH_ALEN);
2286 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
2287 sdata->u.mgd.flags = 0;
2288 ieee80211_vif_release_channel(sdata);
2292 sdata->u.mgd.assoc_data = NULL;
2295 static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata,
2296 struct cfg80211_bss *cbss,
2297 struct ieee80211_mgmt *mgmt, size_t len)
2299 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2300 struct ieee80211_local *local = sdata->local;
2301 struct ieee80211_supported_band *sband;
2302 struct sta_info *sta;
2304 u16 capab_info, aid;
2305 struct ieee802_11_elems elems;
2306 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
2307 const struct cfg80211_bss_ies *bss_ies = NULL;
2308 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
2313 /* AssocResp and ReassocResp have identical structure */
2315 aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
2316 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
2318 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14)))
2319 sdata_info(sdata, "invalid AID value 0x%x; bits 15:14 not set\n",
2321 aid &= ~(BIT(15) | BIT(14));
2323 ifmgd->broken_ap = false;
2325 if (aid == 0 || aid > IEEE80211_MAX_AID) {
2326 sdata_info(sdata, "invalid AID value %d (out of range), turn off PS\n",
2329 ifmgd->broken_ap = true;
2332 pos = mgmt->u.assoc_resp.variable;
2333 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems);
2335 if (!elems.supp_rates) {
2336 sdata_info(sdata, "no SuppRates element in AssocResp\n");
2343 * Some APs are erroneously not including some information in their
2344 * (re)association response frames. Try to recover by using the data
2345 * from the beacon or probe response. This seems to afflict mobile
2346 * 2G/3G/4G wifi routers, reported models include the "Onda PN51T",
2347 * "Vodafone PocketWiFi 2", "ZTE MF60" and a similar T-Mobile device.
2349 if ((assoc_data->wmm && !elems.wmm_param) ||
2350 (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
2351 (!elems.ht_cap_elem || !elems.ht_operation)) ||
2352 (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) &&
2353 (!elems.vht_cap_elem || !elems.vht_operation))) {
2354 const struct cfg80211_bss_ies *ies;
2355 struct ieee802_11_elems bss_elems;
2358 ies = rcu_dereference(cbss->ies);
2360 bss_ies = kmemdup(ies, sizeof(*ies) + ies->len,
2366 ieee802_11_parse_elems(bss_ies->data, bss_ies->len,
2368 if (assoc_data->wmm &&
2369 !elems.wmm_param && bss_elems.wmm_param) {
2370 elems.wmm_param = bss_elems.wmm_param;
2372 "AP bug: WMM param missing from AssocResp\n");
2376 * Also check if we requested HT/VHT, otherwise the AP doesn't
2377 * have to include the IEs in the (re)association response.
2379 if (!elems.ht_cap_elem && bss_elems.ht_cap_elem &&
2380 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) {
2381 elems.ht_cap_elem = bss_elems.ht_cap_elem;
2383 "AP bug: HT capability missing from AssocResp\n");
2385 if (!elems.ht_operation && bss_elems.ht_operation &&
2386 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) {
2387 elems.ht_operation = bss_elems.ht_operation;
2389 "AP bug: HT operation missing from AssocResp\n");
2391 if (!elems.vht_cap_elem && bss_elems.vht_cap_elem &&
2392 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) {
2393 elems.vht_cap_elem = bss_elems.vht_cap_elem;
2395 "AP bug: VHT capa missing from AssocResp\n");
2397 if (!elems.vht_operation && bss_elems.vht_operation &&
2398 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) {
2399 elems.vht_operation = bss_elems.vht_operation;
2401 "AP bug: VHT operation missing from AssocResp\n");
2406 * We previously checked these in the beacon/probe response, so
2407 * they should be present here. This is just a safety net.
2409 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
2410 (!elems.wmm_param || !elems.ht_cap_elem || !elems.ht_operation)) {
2412 "HT AP is missing WMM params or HT capability/operation\n");
2417 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) &&
2418 (!elems.vht_cap_elem || !elems.vht_operation)) {
2420 "VHT AP is missing VHT capability/operation\n");
2425 mutex_lock(&sdata->local->sta_mtx);
2427 * station info was already allocated and inserted before
2428 * the association and should be available to us
2430 sta = sta_info_get(sdata, cbss->bssid);
2431 if (WARN_ON(!sta)) {
2432 mutex_unlock(&sdata->local->sta_mtx);
2437 sband = local->hw.wiphy->bands[ieee80211_get_sdata_band(sdata)];
2439 /* Set up internal HT/VHT capabilities */
2440 if (elems.ht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_HT))
2441 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband,
2442 elems.ht_cap_elem, sta);
2444 if (elems.vht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
2445 ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband,
2446 elems.vht_cap_elem, sta);
2449 * Some APs, e.g. Netgear WNDR3700, report invalid HT operation data
2450 * in their association response, so ignore that data for our own
2451 * configuration. If it changed since the last beacon, we'll get the
2452 * next beacon and update then.
2456 * If an operating mode notification IE is present, override the
2457 * NSS calculation (that would be done in rate_control_rate_init())
2458 * and use the # of streams from that element.
2460 if (elems.opmode_notif &&
2461 !(*elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_TYPE_BF)) {
2464 nss = *elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_MASK;
2465 nss >>= IEEE80211_OPMODE_NOTIF_RX_NSS_SHIFT;
2467 sta->sta.rx_nss = nss;
2470 rate_control_rate_init(sta);
2472 if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED)
2473 set_sta_flag(sta, WLAN_STA_MFP);
2475 if (elems.wmm_param)
2476 set_sta_flag(sta, WLAN_STA_WME);
2478 err = sta_info_move_state(sta, IEEE80211_STA_ASSOC);
2479 if (!err && !(ifmgd->flags & IEEE80211_STA_CONTROL_PORT))
2480 err = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED);
2483 "failed to move station %pM to desired state\n",
2485 WARN_ON(__sta_info_destroy(sta));
2486 mutex_unlock(&sdata->local->sta_mtx);
2491 mutex_unlock(&sdata->local->sta_mtx);
2494 * Always handle WMM once after association regardless
2495 * of the first value the AP uses. Setting -1 here has
2496 * that effect because the AP values is an unsigned
2499 ifmgd->wmm_last_param_set = -1;
2501 if (elems.wmm_param)
2502 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param,
2503 elems.wmm_param_len);
2505 ieee80211_set_wmm_default(sdata, false);
2506 changed |= BSS_CHANGED_QOS;
2508 /* set AID and assoc capability,
2509 * ieee80211_set_associated() will tell the driver */
2510 bss_conf->aid = aid;
2511 bss_conf->assoc_capability = capab_info;
2512 ieee80211_set_associated(sdata, cbss, changed);
2515 * If we're using 4-addr mode, let the AP know that we're
2516 * doing so, so that it can create the STA VLAN on its side
2518 if (ifmgd->use_4addr)
2519 ieee80211_send_4addr_nullfunc(local, sdata);
2522 * Start timer to probe the connection to the AP now.
2523 * Also start the timer that will detect beacon loss.
2525 ieee80211_sta_rx_notify(sdata, (struct ieee80211_hdr *)mgmt);
2526 ieee80211_sta_reset_beacon_monitor(sdata);
2534 static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
2535 struct ieee80211_mgmt *mgmt,
2538 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2539 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
2540 u16 capab_info, status_code, aid;
2541 struct ieee802_11_elems elems;
2544 struct cfg80211_bss *bss;
2546 sdata_assert_lock(sdata);
2550 if (!ether_addr_equal(assoc_data->bss->bssid, mgmt->bssid))
2554 * AssocResp and ReassocResp have identical structure, so process both
2555 * of them in this function.
2561 reassoc = ieee80211_is_reassoc_req(mgmt->frame_control);
2562 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
2563 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
2564 aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
2567 "RX %sssocResp from %pM (capab=0x%x status=%d aid=%d)\n",
2568 reassoc ? "Rea" : "A", mgmt->sa,
2569 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14))));
2571 pos = mgmt->u.assoc_resp.variable;
2572 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems);
2574 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY &&
2575 elems.timeout_int &&
2576 elems.timeout_int->type == WLAN_TIMEOUT_ASSOC_COMEBACK) {
2578 tu = le32_to_cpu(elems.timeout_int->value);
2579 ms = tu * 1024 / 1000;
2581 "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n",
2583 assoc_data->timeout = jiffies + msecs_to_jiffies(ms);
2584 assoc_data->timeout_started = true;
2585 if (ms > IEEE80211_ASSOC_TIMEOUT)
2586 run_again(sdata, assoc_data->timeout);
2590 bss = assoc_data->bss;
2592 if (status_code != WLAN_STATUS_SUCCESS) {
2593 sdata_info(sdata, "%pM denied association (code=%d)\n",
2594 mgmt->sa, status_code);
2595 ieee80211_destroy_assoc_data(sdata, false);
2597 if (!ieee80211_assoc_success(sdata, bss, mgmt, len)) {
2598 /* oops -- internal error -- send timeout for now */
2599 ieee80211_destroy_assoc_data(sdata, false);
2600 cfg80211_assoc_timeout(sdata->dev, bss);
2603 sdata_info(sdata, "associated\n");
2606 * destroy assoc_data afterwards, as otherwise an idle
2607 * recalc after assoc_data is NULL but before associated
2608 * is set can cause the interface to go idle
2610 ieee80211_destroy_assoc_data(sdata, true);
2613 cfg80211_rx_assoc_resp(sdata->dev, bss, (u8 *)mgmt, len);
2616 static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
2617 struct ieee80211_mgmt *mgmt, size_t len,
2618 struct ieee80211_rx_status *rx_status,
2619 struct ieee802_11_elems *elems)
2621 struct ieee80211_local *local = sdata->local;
2623 struct ieee80211_bss *bss;
2624 struct ieee80211_channel *channel;
2626 sdata_assert_lock(sdata);
2628 if (elems->ds_params)
2629 freq = ieee80211_channel_to_frequency(elems->ds_params[0],
2632 freq = rx_status->freq;
2634 channel = ieee80211_get_channel(local->hw.wiphy, freq);
2636 if (!channel || channel->flags & IEEE80211_CHAN_DISABLED)
2639 bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, elems,
2642 ieee80211_rx_bss_put(local, bss);
2643 sdata->vif.bss_conf.beacon_rate = bss->beacon_rate;
2648 static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata,
2649 struct sk_buff *skb)
2651 struct ieee80211_mgmt *mgmt = (void *)skb->data;
2652 struct ieee80211_if_managed *ifmgd;
2653 struct ieee80211_rx_status *rx_status = (void *) skb->cb;
2654 size_t baselen, len = skb->len;
2655 struct ieee802_11_elems elems;
2657 ifmgd = &sdata->u.mgd;
2659 sdata_assert_lock(sdata);
2661 if (!ether_addr_equal(mgmt->da, sdata->vif.addr))
2662 return; /* ignore ProbeResp to foreign address */
2664 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt;
2668 ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen,
2671 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems);
2673 if (ifmgd->associated &&
2674 ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid))
2675 ieee80211_reset_ap_probe(sdata);
2677 if (ifmgd->auth_data && !ifmgd->auth_data->bss->proberesp_ies &&
2678 ether_addr_equal(mgmt->bssid, ifmgd->auth_data->bss->bssid)) {
2679 /* got probe response, continue with auth */
2680 sdata_info(sdata, "direct probe responded\n");
2681 ifmgd->auth_data->tries = 0;
2682 ifmgd->auth_data->timeout = jiffies;
2683 ifmgd->auth_data->timeout_started = true;
2684 run_again(sdata, ifmgd->auth_data->timeout);
2689 * This is the canonical list of information elements we care about,
2690 * the filter code also gives us all changes to the Microsoft OUI
2691 * (00:50:F2) vendor IE which is used for WMM which we need to track.
2693 * We implement beacon filtering in software since that means we can
2694 * avoid processing the frame here and in cfg80211, and userspace
2695 * will not be able to tell whether the hardware supports it or not.
2697 * XXX: This list needs to be dynamic -- userspace needs to be able to
2698 * add items it requires. It also needs to be able to tell us to
2699 * look out for other vendor IEs.
2701 static const u64 care_about_ies =
2702 (1ULL << WLAN_EID_COUNTRY) |
2703 (1ULL << WLAN_EID_ERP_INFO) |
2704 (1ULL << WLAN_EID_CHANNEL_SWITCH) |
2705 (1ULL << WLAN_EID_PWR_CONSTRAINT) |
2706 (1ULL << WLAN_EID_HT_CAPABILITY) |
2707 (1ULL << WLAN_EID_HT_OPERATION);
2709 static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
2710 struct ieee80211_mgmt *mgmt, size_t len,
2711 struct ieee80211_rx_status *rx_status)
2713 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2714 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
2716 struct ieee802_11_elems elems;
2717 struct ieee80211_local *local = sdata->local;
2718 struct ieee80211_chanctx_conf *chanctx_conf;
2719 struct ieee80211_channel *chan;
2720 struct sta_info *sta;
2726 u8 deauth_buf[IEEE80211_DEAUTH_FRAME_LEN];
2728 sdata_assert_lock(sdata);
2730 /* Process beacon from the current BSS */
2731 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
2736 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
2737 if (!chanctx_conf) {
2742 if (rx_status->freq != chanctx_conf->def.chan->center_freq) {
2746 chan = chanctx_conf->def.chan;
2749 if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon &&
2750 ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->bss->bssid)) {
2751 ieee802_11_parse_elems(mgmt->u.beacon.variable,
2752 len - baselen, false, &elems);
2754 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems);
2755 if (elems.tim && !elems.parse_error) {
2756 const struct ieee80211_tim_ie *tim_ie = elems.tim;
2757 ifmgd->dtim_period = tim_ie->dtim_period;
2759 ifmgd->have_beacon = true;
2760 ifmgd->assoc_data->need_beacon = false;
2761 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) {
2762 sdata->vif.bss_conf.sync_tsf =
2763 le64_to_cpu(mgmt->u.beacon.timestamp);
2764 sdata->vif.bss_conf.sync_device_ts =
2765 rx_status->device_timestamp;
2767 sdata->vif.bss_conf.sync_dtim_count =
2768 elems.tim->dtim_count;
2770 sdata->vif.bss_conf.sync_dtim_count = 0;
2772 /* continue assoc process */
2773 ifmgd->assoc_data->timeout = jiffies;
2774 ifmgd->assoc_data->timeout_started = true;
2775 run_again(sdata, ifmgd->assoc_data->timeout);
2779 if (!ifmgd->associated ||
2780 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid))
2782 bssid = ifmgd->associated->bssid;
2784 /* Track average RSSI from the Beacon frames of the current AP */
2785 ifmgd->last_beacon_signal = rx_status->signal;
2786 if (ifmgd->flags & IEEE80211_STA_RESET_SIGNAL_AVE) {
2787 ifmgd->flags &= ~IEEE80211_STA_RESET_SIGNAL_AVE;
2788 ifmgd->ave_beacon_signal = rx_status->signal * 16;
2789 ifmgd->last_cqm_event_signal = 0;
2790 ifmgd->count_beacon_signal = 1;
2791 ifmgd->last_ave_beacon_signal = 0;
2793 ifmgd->ave_beacon_signal =
2794 (IEEE80211_SIGNAL_AVE_WEIGHT * rx_status->signal * 16 +
2795 (16 - IEEE80211_SIGNAL_AVE_WEIGHT) *
2796 ifmgd->ave_beacon_signal) / 16;
2797 ifmgd->count_beacon_signal++;
2800 if (ifmgd->rssi_min_thold != ifmgd->rssi_max_thold &&
2801 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) {
2802 int sig = ifmgd->ave_beacon_signal;
2803 int last_sig = ifmgd->last_ave_beacon_signal;
2806 * if signal crosses either of the boundaries, invoke callback
2807 * with appropriate parameters
2809 if (sig > ifmgd->rssi_max_thold &&
2810 (last_sig <= ifmgd->rssi_min_thold || last_sig == 0)) {
2811 ifmgd->last_ave_beacon_signal = sig;
2812 drv_rssi_callback(local, sdata, RSSI_EVENT_HIGH);
2813 } else if (sig < ifmgd->rssi_min_thold &&
2814 (last_sig >= ifmgd->rssi_max_thold ||
2816 ifmgd->last_ave_beacon_signal = sig;
2817 drv_rssi_callback(local, sdata, RSSI_EVENT_LOW);
2821 if (bss_conf->cqm_rssi_thold &&
2822 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT &&
2823 !(sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI)) {
2824 int sig = ifmgd->ave_beacon_signal / 16;
2825 int last_event = ifmgd->last_cqm_event_signal;
2826 int thold = bss_conf->cqm_rssi_thold;
2827 int hyst = bss_conf->cqm_rssi_hyst;
2829 (last_event == 0 || sig < last_event - hyst)) {
2830 ifmgd->last_cqm_event_signal = sig;
2831 ieee80211_cqm_rssi_notify(
2833 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW,
2835 } else if (sig > thold &&
2836 (last_event == 0 || sig > last_event + hyst)) {
2837 ifmgd->last_cqm_event_signal = sig;
2838 ieee80211_cqm_rssi_notify(
2840 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH,
2845 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) {
2846 mlme_dbg_ratelimited(sdata,
2847 "cancelling AP probe due to a received beacon\n");
2848 ieee80211_reset_ap_probe(sdata);
2852 * Push the beacon loss detection into the future since
2853 * we are processing a beacon from the AP just now.
2855 ieee80211_sta_reset_beacon_monitor(sdata);
2857 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4);
2858 ncrc = ieee802_11_parse_elems_crc(mgmt->u.beacon.variable,
2859 len - baselen, false, &elems,
2860 care_about_ies, ncrc);
2862 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) {
2863 bool directed_tim = ieee80211_check_tim(elems.tim,
2867 if (local->hw.conf.dynamic_ps_timeout > 0) {
2868 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
2869 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
2870 ieee80211_hw_config(local,
2871 IEEE80211_CONF_CHANGE_PS);
2873 ieee80211_send_nullfunc(local, sdata, 0);
2874 } else if (!local->pspolling && sdata->u.mgd.powersave) {
2875 local->pspolling = true;
2878 * Here is assumed that the driver will be
2879 * able to send ps-poll frame and receive a
2880 * response even though power save mode is
2881 * enabled, but some drivers might require
2882 * to disable power save here. This needs
2883 * to be investigated.
2885 ieee80211_send_pspoll(local, sdata);
2890 if (sdata->vif.p2p) {
2891 struct ieee80211_p2p_noa_attr noa = {};
2894 ret = cfg80211_get_p2p_attr(mgmt->u.beacon.variable,
2896 IEEE80211_P2P_ATTR_ABSENCE_NOTICE,
2897 (u8 *) &noa, sizeof(noa));
2899 if (sdata->u.mgd.p2p_noa_index != noa.index) {
2900 /* valid noa_attr and index changed */
2901 sdata->u.mgd.p2p_noa_index = noa.index;
2902 memcpy(&bss_conf->p2p_noa_attr, &noa, sizeof(noa));
2903 changed |= BSS_CHANGED_P2P_PS;
2905 * make sure we update all information, the CRC
2906 * mechanism doesn't look at P2P attributes.
2908 ifmgd->beacon_crc_valid = false;
2910 } else if (sdata->u.mgd.p2p_noa_index != -1) {
2911 /* noa_attr not found and we had valid noa_attr before */
2912 sdata->u.mgd.p2p_noa_index = -1;
2913 memset(&bss_conf->p2p_noa_attr, 0, sizeof(bss_conf->p2p_noa_attr));
2914 changed |= BSS_CHANGED_P2P_PS;
2915 ifmgd->beacon_crc_valid = false;
2919 if (ncrc == ifmgd->beacon_crc && ifmgd->beacon_crc_valid)
2921 ifmgd->beacon_crc = ncrc;
2922 ifmgd->beacon_crc_valid = true;
2924 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems);
2926 ieee80211_sta_process_chanswitch(sdata, rx_status->mactime,
2929 if (ieee80211_sta_wmm_params(local, sdata, elems.wmm_param,
2930 elems.wmm_param_len))
2931 changed |= BSS_CHANGED_QOS;
2934 * If we haven't had a beacon before, tell the driver about the
2935 * DTIM period (and beacon timing if desired) now.
2937 if (!ifmgd->have_beacon) {
2938 /* a few bogus AP send dtim_period = 0 or no TIM IE */
2940 bss_conf->dtim_period = elems.tim->dtim_period ?: 1;
2942 bss_conf->dtim_period = 1;
2944 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) {
2945 sdata->vif.bss_conf.sync_tsf =
2946 le64_to_cpu(mgmt->u.beacon.timestamp);
2947 sdata->vif.bss_conf.sync_device_ts =
2948 rx_status->device_timestamp;
2950 sdata->vif.bss_conf.sync_dtim_count =
2951 elems.tim->dtim_count;
2953 sdata->vif.bss_conf.sync_dtim_count = 0;
2956 changed |= BSS_CHANGED_BEACON_INFO;
2957 ifmgd->have_beacon = true;
2959 mutex_lock(&local->iflist_mtx);
2960 ieee80211_recalc_ps(local, -1);
2961 mutex_unlock(&local->iflist_mtx);
2963 ieee80211_recalc_ps_vif(sdata);
2966 if (elems.erp_info) {
2968 erp_value = elems.erp_info[0];
2972 changed |= ieee80211_handle_bss_capability(sdata,
2973 le16_to_cpu(mgmt->u.beacon.capab_info),
2974 erp_valid, erp_value);
2976 mutex_lock(&local->sta_mtx);
2977 sta = sta_info_get(sdata, bssid);
2979 if (ieee80211_config_bw(sdata, sta, elems.ht_operation,
2980 elems.vht_operation, bssid, &changed)) {
2981 mutex_unlock(&local->sta_mtx);
2982 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
2983 WLAN_REASON_DEAUTH_LEAVING,
2985 cfg80211_tx_mlme_mgmt(sdata->dev, deauth_buf,
2986 sizeof(deauth_buf));
2990 if (sta && elems.opmode_notif)
2991 ieee80211_vht_handle_opmode(sdata, sta, *elems.opmode_notif,
2992 rx_status->band, true);
2993 mutex_unlock(&local->sta_mtx);
2995 if (elems.country_elem && elems.pwr_constr_elem &&
2996 mgmt->u.probe_resp.capab_info &
2997 cpu_to_le16(WLAN_CAPABILITY_SPECTRUM_MGMT))
2998 changed |= ieee80211_handle_pwr_constr(sdata, chan,
3000 elems.country_elem_len,
3001 elems.pwr_constr_elem);
3003 ieee80211_bss_info_change_notify(sdata, changed);
3006 void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
3007 struct sk_buff *skb)
3009 struct ieee80211_rx_status *rx_status;
3010 struct ieee80211_mgmt *mgmt;
3012 struct ieee802_11_elems elems;
3015 rx_status = (struct ieee80211_rx_status *) skb->cb;
3016 mgmt = (struct ieee80211_mgmt *) skb->data;
3017 fc = le16_to_cpu(mgmt->frame_control);
3021 switch (fc & IEEE80211_FCTL_STYPE) {
3022 case IEEE80211_STYPE_BEACON:
3023 ieee80211_rx_mgmt_beacon(sdata, mgmt, skb->len, rx_status);
3025 case IEEE80211_STYPE_PROBE_RESP:
3026 ieee80211_rx_mgmt_probe_resp(sdata, skb);
3028 case IEEE80211_STYPE_AUTH:
3029 ieee80211_rx_mgmt_auth(sdata, mgmt, skb->len);
3031 case IEEE80211_STYPE_DEAUTH:
3032 ieee80211_rx_mgmt_deauth(sdata, mgmt, skb->len);
3034 case IEEE80211_STYPE_DISASSOC:
3035 ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len);
3037 case IEEE80211_STYPE_ASSOC_RESP:
3038 case IEEE80211_STYPE_REASSOC_RESP:
3039 ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len);
3041 case IEEE80211_STYPE_ACTION:
3042 if (mgmt->u.action.category == WLAN_CATEGORY_SPECTRUM_MGMT) {
3043 ies_len = skb->len -
3044 offsetof(struct ieee80211_mgmt,
3045 u.action.u.chan_switch.variable);
3050 ieee802_11_parse_elems(
3051 mgmt->u.action.u.chan_switch.variable,
3052 ies_len, true, &elems);
3054 if (elems.parse_error)
3057 ieee80211_sta_process_chanswitch(sdata,
3060 } else if (mgmt->u.action.category == WLAN_CATEGORY_PUBLIC) {
3061 ies_len = skb->len -
3062 offsetof(struct ieee80211_mgmt,
3063 u.action.u.ext_chan_switch.variable);
3068 ieee802_11_parse_elems(
3069 mgmt->u.action.u.ext_chan_switch.variable,
3070 ies_len, true, &elems);
3072 if (elems.parse_error)
3075 /* for the handling code pretend this was also an IE */
3076 elems.ext_chansw_ie =
3077 &mgmt->u.action.u.ext_chan_switch.data;
3079 ieee80211_sta_process_chanswitch(sdata,
3085 sdata_unlock(sdata);
3088 static void ieee80211_sta_timer(unsigned long data)
3090 struct ieee80211_sub_if_data *sdata =
3091 (struct ieee80211_sub_if_data *) data;
3093 ieee80211_queue_work(&sdata->local->hw, &sdata->work);
3096 static void ieee80211_sta_connection_lost(struct ieee80211_sub_if_data *sdata,
3097 u8 *bssid, u8 reason, bool tx)
3099 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
3101 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, reason,
3104 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,
3105 IEEE80211_DEAUTH_FRAME_LEN);
3108 static int ieee80211_probe_auth(struct ieee80211_sub_if_data *sdata)
3110 struct ieee80211_local *local = sdata->local;
3111 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3112 struct ieee80211_mgd_auth_data *auth_data = ifmgd->auth_data;
3115 sdata_assert_lock(sdata);
3117 if (WARN_ON_ONCE(!auth_data))
3122 if (auth_data->tries > IEEE80211_AUTH_MAX_TRIES) {
3123 sdata_info(sdata, "authentication with %pM timed out\n",
3124 auth_data->bss->bssid);
3127 * Most likely AP is not in the range so remove the
3128 * bss struct for that AP.
3130 cfg80211_unlink_bss(local->hw.wiphy, auth_data->bss);
3135 drv_mgd_prepare_tx(local, sdata);
3137 if (auth_data->bss->proberesp_ies) {
3141 sdata_info(sdata, "send auth to %pM (try %d/%d)\n",
3142 auth_data->bss->bssid, auth_data->tries,
3143 IEEE80211_AUTH_MAX_TRIES);
3145 auth_data->expected_transaction = 2;
3147 if (auth_data->algorithm == WLAN_AUTH_SAE) {
3148 trans = auth_data->sae_trans;
3149 status = auth_data->sae_status;
3150 auth_data->expected_transaction = trans;
3153 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
3154 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
3155 IEEE80211_TX_INTFL_MLME_CONN_TX;
3157 ieee80211_send_auth(sdata, trans, auth_data->algorithm, status,
3158 auth_data->data, auth_data->data_len,
3159 auth_data->bss->bssid,
3160 auth_data->bss->bssid, NULL, 0, 0,
3165 sdata_info(sdata, "direct probe to %pM (try %d/%i)\n",
3166 auth_data->bss->bssid, auth_data->tries,
3167 IEEE80211_AUTH_MAX_TRIES);
3170 ssidie = ieee80211_bss_get_ie(auth_data->bss, WLAN_EID_SSID);
3176 * Direct probe is sent to broadcast address as some APs
3177 * will not answer to direct packet in unassociated state.
3179 ieee80211_send_probe_req(sdata, NULL, ssidie + 2, ssidie[1],
3180 NULL, 0, (u32) -1, true, 0,
3181 auth_data->bss->channel, false);
3185 if (tx_flags == 0) {
3186 auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
3187 auth_data->timeout_started = true;
3188 run_again(sdata, auth_data->timeout);
3190 auth_data->timeout =
3191 round_jiffies_up(jiffies + IEEE80211_AUTH_TIMEOUT_LONG);
3192 auth_data->timeout_started = true;
3193 run_again(sdata, auth_data->timeout);
3199 static int ieee80211_do_assoc(struct ieee80211_sub_if_data *sdata)
3201 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data;
3202 struct ieee80211_local *local = sdata->local;
3204 sdata_assert_lock(sdata);
3206 assoc_data->tries++;
3207 if (assoc_data->tries > IEEE80211_ASSOC_MAX_TRIES) {
3208 sdata_info(sdata, "association with %pM timed out\n",
3209 assoc_data->bss->bssid);
3212 * Most likely AP is not in the range so remove the
3213 * bss struct for that AP.
3215 cfg80211_unlink_bss(local->hw.wiphy, assoc_data->bss);
3220 sdata_info(sdata, "associate with %pM (try %d/%d)\n",
3221 assoc_data->bss->bssid, assoc_data->tries,
3222 IEEE80211_ASSOC_MAX_TRIES);
3223 ieee80211_send_assoc(sdata);
3225 if (!(local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) {
3226 assoc_data->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT;
3227 assoc_data->timeout_started = true;
3228 run_again(sdata, assoc_data->timeout);
3230 assoc_data->timeout =
3231 round_jiffies_up(jiffies +
3232 IEEE80211_ASSOC_TIMEOUT_LONG);
3233 assoc_data->timeout_started = true;
3234 run_again(sdata, assoc_data->timeout);
3240 void ieee80211_mgd_conn_tx_status(struct ieee80211_sub_if_data *sdata,
3241 __le16 fc, bool acked)
3243 struct ieee80211_local *local = sdata->local;
3245 sdata->u.mgd.status_fc = fc;
3246 sdata->u.mgd.status_acked = acked;
3247 sdata->u.mgd.status_received = true;
3249 ieee80211_queue_work(&local->hw, &sdata->work);
3252 void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata)
3254 struct ieee80211_local *local = sdata->local;
3255 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3259 if (ifmgd->status_received) {
3260 __le16 fc = ifmgd->status_fc;
3261 bool status_acked = ifmgd->status_acked;
3263 ifmgd->status_received = false;
3264 if (ifmgd->auth_data &&
3265 (ieee80211_is_probe_req(fc) || ieee80211_is_auth(fc))) {
3267 ifmgd->auth_data->timeout =
3268 jiffies + IEEE80211_AUTH_TIMEOUT_SHORT;
3269 run_again(sdata, ifmgd->auth_data->timeout);
3271 ifmgd->auth_data->timeout = jiffies - 1;
3273 ifmgd->auth_data->timeout_started = true;
3274 } else if (ifmgd->assoc_data &&
3275 (ieee80211_is_assoc_req(fc) ||
3276 ieee80211_is_reassoc_req(fc))) {
3278 ifmgd->assoc_data->timeout =
3279 jiffies + IEEE80211_ASSOC_TIMEOUT_SHORT;
3280 run_again(sdata, ifmgd->assoc_data->timeout);
3282 ifmgd->assoc_data->timeout = jiffies - 1;
3284 ifmgd->assoc_data->timeout_started = true;
3288 if (ifmgd->auth_data && ifmgd->auth_data->timeout_started &&
3289 time_after(jiffies, ifmgd->auth_data->timeout)) {
3290 if (ifmgd->auth_data->done) {
3292 * ok ... we waited for assoc but userspace didn't,
3293 * so let's just kill the auth data
3295 ieee80211_destroy_auth_data(sdata, false);
3296 } else if (ieee80211_probe_auth(sdata)) {
3299 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN);
3301 ieee80211_destroy_auth_data(sdata, false);
3303 cfg80211_auth_timeout(sdata->dev, bssid);
3305 } else if (ifmgd->auth_data && ifmgd->auth_data->timeout_started)
3306 run_again(sdata, ifmgd->auth_data->timeout);
3308 if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started &&
3309 time_after(jiffies, ifmgd->assoc_data->timeout)) {
3310 if ((ifmgd->assoc_data->need_beacon && !ifmgd->have_beacon) ||
3311 ieee80211_do_assoc(sdata)) {
3312 struct cfg80211_bss *bss = ifmgd->assoc_data->bss;
3314 ieee80211_destroy_assoc_data(sdata, false);
3315 cfg80211_assoc_timeout(sdata->dev, bss);
3317 } else if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started)
3318 run_again(sdata, ifmgd->assoc_data->timeout);
3320 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL &&
3321 ifmgd->associated) {
3325 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN);
3327 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
3328 max_tries = max_nullfunc_tries;
3330 max_tries = max_probe_tries;
3332 /* ACK received for nullfunc probing frame */
3333 if (!ifmgd->probe_send_count)
3334 ieee80211_reset_ap_probe(sdata);
3335 else if (ifmgd->nullfunc_failed) {
3336 if (ifmgd->probe_send_count < max_tries) {
3338 "No ack for nullfunc frame to AP %pM, try %d/%i\n",
3339 bssid, ifmgd->probe_send_count,
3341 ieee80211_mgd_probe_ap_send(sdata);
3344 "No ack for nullfunc frame to AP %pM, disconnecting.\n",
3346 ieee80211_sta_connection_lost(sdata, bssid,
3347 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
3350 } else if (time_is_after_jiffies(ifmgd->probe_timeout))
3351 run_again(sdata, ifmgd->probe_timeout);
3352 else if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) {
3354 "Failed to send nullfunc to AP %pM after %dms, disconnecting\n",
3355 bssid, probe_wait_ms);
3356 ieee80211_sta_connection_lost(sdata, bssid,
3357 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false);
3358 } else if (ifmgd->probe_send_count < max_tries) {
3360 "No probe response from AP %pM after %dms, try %d/%i\n",
3361 bssid, probe_wait_ms,
3362 ifmgd->probe_send_count, max_tries);
3363 ieee80211_mgd_probe_ap_send(sdata);
3366 * We actually lost the connection ... or did we?
3369 wiphy_debug(local->hw.wiphy,
3370 "%s: No probe response from AP %pM"
3371 " after %dms, disconnecting.\n",
3373 bssid, probe_wait_ms);
3375 ieee80211_sta_connection_lost(sdata, bssid,
3376 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false);
3380 sdata_unlock(sdata);
3383 static void ieee80211_sta_bcn_mon_timer(unsigned long data)
3385 struct ieee80211_sub_if_data *sdata =
3386 (struct ieee80211_sub_if_data *) data;
3387 struct ieee80211_local *local = sdata->local;
3389 if (local->quiescing)
3392 sdata->u.mgd.connection_loss = false;
3393 ieee80211_queue_work(&sdata->local->hw,
3394 &sdata->u.mgd.beacon_connection_loss_work);
3397 static void ieee80211_sta_conn_mon_timer(unsigned long data)
3399 struct ieee80211_sub_if_data *sdata =
3400 (struct ieee80211_sub_if_data *) data;
3401 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3402 struct ieee80211_local *local = sdata->local;
3404 if (local->quiescing)
3407 ieee80211_queue_work(&local->hw, &ifmgd->monitor_work);
3410 static void ieee80211_sta_monitor_work(struct work_struct *work)
3412 struct ieee80211_sub_if_data *sdata =
3413 container_of(work, struct ieee80211_sub_if_data,
3414 u.mgd.monitor_work);
3416 ieee80211_mgd_probe_ap(sdata, false);
3419 static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata)
3423 if (sdata->vif.type == NL80211_IFTYPE_STATION) {
3424 __ieee80211_stop_poll(sdata);
3426 /* let's probe the connection once */
3427 flags = sdata->local->hw.flags;
3428 if (!(flags & IEEE80211_HW_CONNECTION_MONITOR))
3429 ieee80211_queue_work(&sdata->local->hw,
3430 &sdata->u.mgd.monitor_work);
3431 /* and do all the other regular work too */
3432 ieee80211_queue_work(&sdata->local->hw, &sdata->work);
3437 void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata)
3439 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3442 if (!ifmgd->associated) {
3443 sdata_unlock(sdata);
3447 if (sdata->flags & IEEE80211_SDATA_DISCONNECT_RESUME) {
3448 sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_RESUME;
3449 mlme_dbg(sdata, "driver requested disconnect after resume\n");
3450 ieee80211_sta_connection_lost(sdata,
3451 ifmgd->associated->bssid,
3452 WLAN_REASON_UNSPECIFIED,
3454 sdata_unlock(sdata);
3457 sdata_unlock(sdata);
3461 /* interface setup */
3462 void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata)
3464 struct ieee80211_if_managed *ifmgd;
3466 ifmgd = &sdata->u.mgd;
3467 INIT_WORK(&ifmgd->monitor_work, ieee80211_sta_monitor_work);
3468 INIT_WORK(&ifmgd->chswitch_work, ieee80211_chswitch_work);
3469 INIT_WORK(&ifmgd->beacon_connection_loss_work,
3470 ieee80211_beacon_connection_loss_work);
3471 INIT_WORK(&ifmgd->csa_connection_drop_work,
3472 ieee80211_csa_connection_drop_work);
3473 INIT_WORK(&ifmgd->request_smps_work, ieee80211_request_smps_work);
3474 setup_timer(&ifmgd->timer, ieee80211_sta_timer,
3475 (unsigned long) sdata);
3476 setup_timer(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer,
3477 (unsigned long) sdata);
3478 setup_timer(&ifmgd->conn_mon_timer, ieee80211_sta_conn_mon_timer,
3479 (unsigned long) sdata);
3480 setup_timer(&ifmgd->chswitch_timer, ieee80211_chswitch_timer,
3481 (unsigned long) sdata);
3484 ifmgd->powersave = sdata->wdev.ps;
3485 ifmgd->uapsd_queues = sdata->local->hw.uapsd_queues;
3486 ifmgd->uapsd_max_sp_len = sdata->local->hw.uapsd_max_sp_len;
3487 ifmgd->p2p_noa_index = -1;
3489 if (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_SMPS)
3490 ifmgd->req_smps = IEEE80211_SMPS_AUTOMATIC;
3492 ifmgd->req_smps = IEEE80211_SMPS_OFF;
3495 /* scan finished notification */
3496 void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local)
3498 struct ieee80211_sub_if_data *sdata;
3500 /* Restart STA timers */
3502 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
3503 if (ieee80211_sdata_running(sdata))
3504 ieee80211_restart_sta_timer(sdata);
3509 int ieee80211_max_network_latency(struct notifier_block *nb,
3510 unsigned long data, void *dummy)
3512 s32 latency_usec = (s32) data;
3513 struct ieee80211_local *local =
3514 container_of(nb, struct ieee80211_local,
3515 network_latency_notifier);
3517 mutex_lock(&local->iflist_mtx);
3518 ieee80211_recalc_ps(local, latency_usec);
3519 mutex_unlock(&local->iflist_mtx);
3524 static u8 ieee80211_ht_vht_rx_chains(struct ieee80211_sub_if_data *sdata,
3525 struct cfg80211_bss *cbss)
3527 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3528 const u8 *ht_cap_ie, *vht_cap_ie;
3529 const struct ieee80211_ht_cap *ht_cap;
3530 const struct ieee80211_vht_cap *vht_cap;
3533 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT)
3536 ht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY);
3537 if (ht_cap_ie && ht_cap_ie[1] >= sizeof(*ht_cap)) {
3538 ht_cap = (void *)(ht_cap_ie + 2);
3539 chains = ieee80211_mcs_to_chains(&ht_cap->mcs);
3541 * TODO: use "Tx Maximum Number Spatial Streams Supported" and
3542 * "Tx Unequal Modulation Supported" fields.
3546 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT)
3549 vht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY);
3550 if (vht_cap_ie && vht_cap_ie[1] >= sizeof(*vht_cap)) {
3554 vht_cap = (void *)(vht_cap_ie + 2);
3555 tx_mcs_map = le16_to_cpu(vht_cap->supp_mcs.tx_mcs_map);
3556 for (nss = 8; nss > 0; nss--) {
3557 if (((tx_mcs_map >> (2 * (nss - 1))) & 3) !=
3558 IEEE80211_VHT_MCS_NOT_SUPPORTED)
3561 /* TODO: use "Tx Highest Supported Long GI Data Rate" field? */
3562 chains = max(chains, nss);
3568 static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata,
3569 struct cfg80211_bss *cbss)
3571 struct ieee80211_local *local = sdata->local;
3572 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3573 const struct ieee80211_ht_operation *ht_oper = NULL;
3574 const struct ieee80211_vht_operation *vht_oper = NULL;
3575 struct ieee80211_supported_band *sband;
3576 struct cfg80211_chan_def chandef;
3579 sband = local->hw.wiphy->bands[cbss->channel->band];
3581 ifmgd->flags &= ~(IEEE80211_STA_DISABLE_40MHZ |
3582 IEEE80211_STA_DISABLE_80P80MHZ |
3583 IEEE80211_STA_DISABLE_160MHZ);
3587 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
3588 sband->ht_cap.ht_supported) {
3589 const u8 *ht_oper_ie, *ht_cap;
3591 ht_oper_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_OPERATION);
3592 if (ht_oper_ie && ht_oper_ie[1] >= sizeof(*ht_oper))
3593 ht_oper = (void *)(ht_oper_ie + 2);
3595 ht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY);
3596 if (!ht_cap || ht_cap[1] < sizeof(struct ieee80211_ht_cap)) {
3597 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
3602 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) &&
3603 sband->vht_cap.vht_supported) {
3604 const u8 *vht_oper_ie, *vht_cap;
3606 vht_oper_ie = ieee80211_bss_get_ie(cbss,
3607 WLAN_EID_VHT_OPERATION);
3608 if (vht_oper_ie && vht_oper_ie[1] >= sizeof(*vht_oper))
3609 vht_oper = (void *)(vht_oper_ie + 2);
3610 if (vht_oper && !ht_oper) {
3613 "AP advertised VHT without HT, disabling both\n");
3614 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
3615 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
3618 vht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY);
3619 if (!vht_cap || vht_cap[1] < sizeof(struct ieee80211_vht_cap)) {
3620 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
3625 ifmgd->flags |= ieee80211_determine_chantype(sdata, sband,
3630 sdata->needed_rx_chains = min(ieee80211_ht_vht_rx_chains(sdata, cbss),
3635 /* will change later if needed */
3636 sdata->smps_mode = IEEE80211_SMPS_OFF;
3639 * If this fails (possibly due to channel context sharing
3640 * on incompatible channels, e.g. 80+80 and 160 sharing the
3641 * same control channel) try to use a smaller bandwidth.
3643 ret = ieee80211_vif_use_channel(sdata, &chandef,
3644 IEEE80211_CHANCTX_SHARED);
3646 /* don't downgrade for 5 and 10 MHz channels, though. */
3647 if (chandef.width == NL80211_CHAN_WIDTH_5 ||
3648 chandef.width == NL80211_CHAN_WIDTH_10)
3651 while (ret && chandef.width != NL80211_CHAN_WIDTH_20_NOHT) {
3652 ifmgd->flags |= ieee80211_chandef_downgrade(&chandef);
3653 ret = ieee80211_vif_use_channel(sdata, &chandef,
3654 IEEE80211_CHANCTX_SHARED);
3659 static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata,
3660 struct cfg80211_bss *cbss, bool assoc)
3662 struct ieee80211_local *local = sdata->local;
3663 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3664 struct ieee80211_bss *bss = (void *)cbss->priv;
3665 struct sta_info *new_sta = NULL;
3666 bool have_sta = false;
3669 if (WARN_ON(!ifmgd->auth_data && !ifmgd->assoc_data))
3674 have_sta = sta_info_get(sdata, cbss->bssid);
3679 new_sta = sta_info_alloc(sdata, cbss->bssid, GFP_KERNEL);
3684 u32 rates = 0, basic_rates = 0;
3685 bool have_higher_than_11mbit;
3686 int min_rate = INT_MAX, min_rate_index = -1;
3687 struct ieee80211_chanctx_conf *chanctx_conf;
3688 struct ieee80211_supported_band *sband;
3689 const struct cfg80211_bss_ies *ies;
3693 sband = local->hw.wiphy->bands[cbss->channel->band];
3695 err = ieee80211_prep_channel(sdata, cbss);
3697 sta_info_free(local, new_sta);
3700 shift = ieee80211_vif_get_shift(&sdata->vif);
3703 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
3704 if (WARN_ON(!chanctx_conf)) {
3708 rate_flags = ieee80211_chandef_rate_flags(&chanctx_conf->def);
3711 ieee80211_get_rates(sband, bss->supp_rates,
3712 bss->supp_rates_len,
3713 &rates, &basic_rates,
3714 &have_higher_than_11mbit,
3715 &min_rate, &min_rate_index,
3719 * This used to be a workaround for basic rates missing
3720 * in the association response frame. Now that we no
3721 * longer use the basic rates from there, it probably
3722 * doesn't happen any more, but keep the workaround so
3723 * in case some *other* APs are buggy in different ways
3724 * we can connect -- with a warning.
3726 if (!basic_rates && min_rate_index >= 0) {
3728 "No basic rates, using min rate instead\n");
3729 basic_rates = BIT(min_rate_index);
3732 new_sta->sta.supp_rates[cbss->channel->band] = rates;
3733 sdata->vif.bss_conf.basic_rates = basic_rates;
3735 /* cf. IEEE 802.11 9.2.12 */
3736 if (cbss->channel->band == IEEE80211_BAND_2GHZ &&
3737 have_higher_than_11mbit)
3738 sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE;
3740 sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE;
3742 memcpy(ifmgd->bssid, cbss->bssid, ETH_ALEN);
3744 /* set timing information */
3745 sdata->vif.bss_conf.beacon_int = cbss->beacon_interval;
3747 ies = rcu_dereference(cbss->beacon_ies);
3751 sdata->vif.bss_conf.sync_tsf = ies->tsf;
3752 sdata->vif.bss_conf.sync_device_ts =
3753 bss->device_ts_beacon;
3754 tim_ie = cfg80211_find_ie(WLAN_EID_TIM,
3755 ies->data, ies->len);
3756 if (tim_ie && tim_ie[1] >= 2)
3757 sdata->vif.bss_conf.sync_dtim_count = tim_ie[2];
3759 sdata->vif.bss_conf.sync_dtim_count = 0;
3760 } else if (!(local->hw.flags &
3761 IEEE80211_HW_TIMING_BEACON_ONLY)) {
3762 ies = rcu_dereference(cbss->proberesp_ies);
3763 /* must be non-NULL since beacon IEs were NULL */
3764 sdata->vif.bss_conf.sync_tsf = ies->tsf;
3765 sdata->vif.bss_conf.sync_device_ts =
3766 bss->device_ts_presp;
3767 sdata->vif.bss_conf.sync_dtim_count = 0;
3769 sdata->vif.bss_conf.sync_tsf = 0;
3770 sdata->vif.bss_conf.sync_device_ts = 0;
3771 sdata->vif.bss_conf.sync_dtim_count = 0;
3775 /* tell driver about BSSID, basic rates and timing */
3776 ieee80211_bss_info_change_notify(sdata,
3777 BSS_CHANGED_BSSID | BSS_CHANGED_BASIC_RATES |
3778 BSS_CHANGED_BEACON_INT);
3781 sta_info_pre_move_state(new_sta, IEEE80211_STA_AUTH);
3783 err = sta_info_insert(new_sta);
3787 "failed to insert STA entry for the AP (error %d)\n",
3792 WARN_ON_ONCE(!ether_addr_equal(ifmgd->bssid, cbss->bssid));
3798 int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata,
3799 struct cfg80211_auth_request *req)
3801 struct ieee80211_local *local = sdata->local;
3802 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3803 struct ieee80211_mgd_auth_data *auth_data;
3807 /* prepare auth data structure */
3809 switch (req->auth_type) {
3810 case NL80211_AUTHTYPE_OPEN_SYSTEM:
3811 auth_alg = WLAN_AUTH_OPEN;
3813 case NL80211_AUTHTYPE_SHARED_KEY:
3814 if (IS_ERR(local->wep_tx_tfm))
3816 auth_alg = WLAN_AUTH_SHARED_KEY;
3818 case NL80211_AUTHTYPE_FT:
3819 auth_alg = WLAN_AUTH_FT;
3821 case NL80211_AUTHTYPE_NETWORK_EAP:
3822 auth_alg = WLAN_AUTH_LEAP;
3824 case NL80211_AUTHTYPE_SAE:
3825 auth_alg = WLAN_AUTH_SAE;
3831 auth_data = kzalloc(sizeof(*auth_data) + req->sae_data_len +
3832 req->ie_len, GFP_KERNEL);
3836 auth_data->bss = req->bss;
3838 if (req->sae_data_len >= 4) {
3839 __le16 *pos = (__le16 *) req->sae_data;
3840 auth_data->sae_trans = le16_to_cpu(pos[0]);
3841 auth_data->sae_status = le16_to_cpu(pos[1]);
3842 memcpy(auth_data->data, req->sae_data + 4,
3843 req->sae_data_len - 4);
3844 auth_data->data_len += req->sae_data_len - 4;
3847 if (req->ie && req->ie_len) {
3848 memcpy(&auth_data->data[auth_data->data_len],
3849 req->ie, req->ie_len);
3850 auth_data->data_len += req->ie_len;
3853 if (req->key && req->key_len) {
3854 auth_data->key_len = req->key_len;
3855 auth_data->key_idx = req->key_idx;
3856 memcpy(auth_data->key, req->key, req->key_len);
3859 auth_data->algorithm = auth_alg;
3861 /* try to authenticate/probe */
3863 if ((ifmgd->auth_data && !ifmgd->auth_data->done) ||
3864 ifmgd->assoc_data) {
3869 if (ifmgd->auth_data)
3870 ieee80211_destroy_auth_data(sdata, false);
3872 /* prep auth_data so we don't go into idle on disassoc */
3873 ifmgd->auth_data = auth_data;
3875 if (ifmgd->associated) {
3876 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
3878 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
3879 WLAN_REASON_UNSPECIFIED,
3882 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,
3886 sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid);
3888 err = ieee80211_prep_connection(sdata, req->bss, false);
3892 err = ieee80211_probe_auth(sdata);
3894 sta_info_destroy_addr(sdata, req->bss->bssid);
3898 /* hold our own reference */
3899 cfg80211_ref_bss(local->hw.wiphy, auth_data->bss);
3903 memset(ifmgd->bssid, 0, ETH_ALEN);
3904 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
3905 ifmgd->auth_data = NULL;
3911 int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
3912 struct cfg80211_assoc_request *req)
3914 struct ieee80211_local *local = sdata->local;
3915 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3916 struct ieee80211_bss *bss = (void *)req->bss->priv;
3917 struct ieee80211_mgd_assoc_data *assoc_data;
3918 const struct cfg80211_bss_ies *beacon_ies;
3919 struct ieee80211_supported_band *sband;
3920 const u8 *ssidie, *ht_ie, *vht_ie;
3923 assoc_data = kzalloc(sizeof(*assoc_data) + req->ie_len, GFP_KERNEL);
3928 ssidie = ieee80211_bss_get_ie(req->bss, WLAN_EID_SSID);
3934 memcpy(assoc_data->ssid, ssidie + 2, ssidie[1]);
3935 assoc_data->ssid_len = ssidie[1];
3938 if (ifmgd->associated) {
3939 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
3941 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
3942 WLAN_REASON_UNSPECIFIED,
3945 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,
3949 if (ifmgd->auth_data && !ifmgd->auth_data->done) {
3954 if (ifmgd->assoc_data) {
3959 if (ifmgd->auth_data) {
3962 /* keep sta info, bssid if matching */
3963 match = ether_addr_equal(ifmgd->bssid, req->bss->bssid);
3964 ieee80211_destroy_auth_data(sdata, match);
3967 /* prepare assoc data */
3969 ifmgd->beacon_crc_valid = false;
3972 * IEEE802.11n does not allow TKIP/WEP as pairwise ciphers in HT mode.
3973 * We still associate in non-HT mode (11a/b/g) if any one of these
3974 * ciphers is configured as pairwise.
3975 * We can set this to true for non-11n hardware, that'll be checked
3976 * separately along with the peer capabilities.
3978 for (i = 0; i < req->crypto.n_ciphers_pairwise; i++) {
3979 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 ||
3980 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP ||
3981 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) {
3982 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
3983 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
3984 netdev_info(sdata->dev,
3985 "disabling HT/VHT due to WEP/TKIP use\n");
3989 if (req->flags & ASSOC_REQ_DISABLE_HT) {
3990 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
3991 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
3994 if (req->flags & ASSOC_REQ_DISABLE_VHT)
3995 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
3997 /* Also disable HT if we don't support it or the AP doesn't use WMM */
3998 sband = local->hw.wiphy->bands[req->bss->channel->band];
3999 if (!sband->ht_cap.ht_supported ||
4000 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used) {
4001 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4003 netdev_info(sdata->dev,
4004 "disabling HT as WMM/QoS is not supported by the AP\n");
4007 /* disable VHT if we don't support it or the AP doesn't use WMM */
4008 if (!sband->vht_cap.vht_supported ||
4009 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used) {
4010 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4012 netdev_info(sdata->dev,
4013 "disabling VHT as WMM/QoS is not supported by the AP\n");
4016 memcpy(&ifmgd->ht_capa, &req->ht_capa, sizeof(ifmgd->ht_capa));
4017 memcpy(&ifmgd->ht_capa_mask, &req->ht_capa_mask,
4018 sizeof(ifmgd->ht_capa_mask));
4020 memcpy(&ifmgd->vht_capa, &req->vht_capa, sizeof(ifmgd->vht_capa));
4021 memcpy(&ifmgd->vht_capa_mask, &req->vht_capa_mask,
4022 sizeof(ifmgd->vht_capa_mask));
4024 if (req->ie && req->ie_len) {
4025 memcpy(assoc_data->ie, req->ie, req->ie_len);
4026 assoc_data->ie_len = req->ie_len;
4029 assoc_data->bss = req->bss;
4031 if (ifmgd->req_smps == IEEE80211_SMPS_AUTOMATIC) {
4032 if (ifmgd->powersave)
4033 sdata->smps_mode = IEEE80211_SMPS_DYNAMIC;
4035 sdata->smps_mode = IEEE80211_SMPS_OFF;
4037 sdata->smps_mode = ifmgd->req_smps;
4039 assoc_data->capability = req->bss->capability;
4040 assoc_data->wmm = bss->wmm_used &&
4041 (local->hw.queues >= IEEE80211_NUM_ACS);
4042 assoc_data->supp_rates = bss->supp_rates;
4043 assoc_data->supp_rates_len = bss->supp_rates_len;
4046 ht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_HT_OPERATION);
4047 if (ht_ie && ht_ie[1] >= sizeof(struct ieee80211_ht_operation))
4048 assoc_data->ap_ht_param =
4049 ((struct ieee80211_ht_operation *)(ht_ie + 2))->ht_param;
4051 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4052 vht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_VHT_CAPABILITY);
4053 if (vht_ie && vht_ie[1] >= sizeof(struct ieee80211_vht_cap))
4054 memcpy(&assoc_data->ap_vht_cap, vht_ie + 2,
4055 sizeof(struct ieee80211_vht_cap));
4057 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4060 if (bss->wmm_used && bss->uapsd_supported &&
4061 (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD) &&
4062 sdata->wmm_acm != 0xff) {
4063 assoc_data->uapsd = true;
4064 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED;
4066 assoc_data->uapsd = false;
4067 ifmgd->flags &= ~IEEE80211_STA_UAPSD_ENABLED;
4070 if (req->prev_bssid)
4071 memcpy(assoc_data->prev_bssid, req->prev_bssid, ETH_ALEN);
4074 ifmgd->mfp = IEEE80211_MFP_REQUIRED;
4075 ifmgd->flags |= IEEE80211_STA_MFP_ENABLED;
4077 ifmgd->mfp = IEEE80211_MFP_DISABLED;
4078 ifmgd->flags &= ~IEEE80211_STA_MFP_ENABLED;
4081 if (req->crypto.control_port)
4082 ifmgd->flags |= IEEE80211_STA_CONTROL_PORT;
4084 ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT;
4086 sdata->control_port_protocol = req->crypto.control_port_ethertype;
4087 sdata->control_port_no_encrypt = req->crypto.control_port_no_encrypt;
4089 /* kick off associate process */
4091 ifmgd->assoc_data = assoc_data;
4092 ifmgd->dtim_period = 0;
4093 ifmgd->have_beacon = false;
4095 err = ieee80211_prep_connection(sdata, req->bss, true);
4100 beacon_ies = rcu_dereference(req->bss->beacon_ies);
4102 if (sdata->local->hw.flags & IEEE80211_HW_NEED_DTIM_BEFORE_ASSOC &&
4105 * Wait up to one beacon interval ...
4106 * should this be more if we miss one?
4108 sdata_info(sdata, "waiting for beacon from %pM\n",
4110 assoc_data->timeout = TU_TO_EXP_TIME(req->bss->beacon_interval);
4111 assoc_data->timeout_started = true;
4112 assoc_data->need_beacon = true;
4113 } else if (beacon_ies) {
4114 const u8 *tim_ie = cfg80211_find_ie(WLAN_EID_TIM,
4119 if (tim_ie && tim_ie[1] >= sizeof(struct ieee80211_tim_ie)) {
4120 const struct ieee80211_tim_ie *tim;
4121 tim = (void *)(tim_ie + 2);
4122 ifmgd->dtim_period = tim->dtim_period;
4123 dtim_count = tim->dtim_count;
4125 ifmgd->have_beacon = true;
4126 assoc_data->timeout = jiffies;
4127 assoc_data->timeout_started = true;
4129 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) {
4130 sdata->vif.bss_conf.sync_tsf = beacon_ies->tsf;
4131 sdata->vif.bss_conf.sync_device_ts =
4132 bss->device_ts_beacon;
4133 sdata->vif.bss_conf.sync_dtim_count = dtim_count;
4136 assoc_data->timeout = jiffies;
4137 assoc_data->timeout_started = true;
4141 run_again(sdata, assoc_data->timeout);
4143 if (bss->corrupt_data) {
4144 char *corrupt_type = "data";
4145 if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_BEACON) {
4146 if (bss->corrupt_data &
4147 IEEE80211_BSS_CORRUPT_PROBE_RESP)
4148 corrupt_type = "beacon and probe response";
4150 corrupt_type = "beacon";
4151 } else if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP)
4152 corrupt_type = "probe response";
4153 sdata_info(sdata, "associating with AP with corrupt %s\n",
4159 memset(ifmgd->bssid, 0, ETH_ALEN);
4160 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
4161 ifmgd->assoc_data = NULL;
4167 int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
4168 struct cfg80211_deauth_request *req)
4170 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4171 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
4172 bool tx = !req->local_state_change;
4173 bool report_frame = false;
4176 "deauthenticating from %pM by local choice (reason=%d)\n",
4177 req->bssid, req->reason_code);
4179 if (ifmgd->auth_data) {
4180 drv_mgd_prepare_tx(sdata->local, sdata);
4181 ieee80211_send_deauth_disassoc(sdata, req->bssid,
4182 IEEE80211_STYPE_DEAUTH,
4183 req->reason_code, tx,
4185 ieee80211_destroy_auth_data(sdata, false);
4187 report_frame = true;
4191 if (ifmgd->associated &&
4192 ether_addr_equal(ifmgd->associated->bssid, req->bssid)) {
4193 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
4194 req->reason_code, tx, frame_buf);
4195 report_frame = true;
4200 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,
4201 IEEE80211_DEAUTH_FRAME_LEN);
4206 int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata,
4207 struct cfg80211_disassoc_request *req)
4209 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4211 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
4214 * cfg80211 should catch this ... but it's racy since
4215 * we can receive a disassoc frame, process it, hand it
4216 * to cfg80211 while that's in a locked section already
4217 * trying to tell us that the user wants to disconnect.
4219 if (ifmgd->associated != req->bss)
4223 "disassociating from %pM by local choice (reason=%d)\n",
4224 req->bss->bssid, req->reason_code);
4226 memcpy(bssid, req->bss->bssid, ETH_ALEN);
4227 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DISASSOC,
4228 req->reason_code, !req->local_state_change,
4231 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,
4232 IEEE80211_DEAUTH_FRAME_LEN);
4237 void ieee80211_mgd_stop(struct ieee80211_sub_if_data *sdata)
4239 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4242 * Make sure some work items will not run after this,
4243 * they will not do anything but might not have been
4244 * cancelled when disconnecting.
4246 cancel_work_sync(&ifmgd->monitor_work);
4247 cancel_work_sync(&ifmgd->beacon_connection_loss_work);
4248 cancel_work_sync(&ifmgd->request_smps_work);
4249 cancel_work_sync(&ifmgd->csa_connection_drop_work);
4250 cancel_work_sync(&ifmgd->chswitch_work);
4253 if (ifmgd->assoc_data) {
4254 struct cfg80211_bss *bss = ifmgd->assoc_data->bss;
4255 ieee80211_destroy_assoc_data(sdata, false);
4256 cfg80211_assoc_timeout(sdata->dev, bss);
4258 if (ifmgd->auth_data)
4259 ieee80211_destroy_auth_data(sdata, false);
4260 del_timer_sync(&ifmgd->timer);
4261 sdata_unlock(sdata);
4264 void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif,
4265 enum nl80211_cqm_rssi_threshold_event rssi_event,
4268 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
4270 trace_api_cqm_rssi_notify(sdata, rssi_event);
4272 cfg80211_cqm_rssi_notify(sdata->dev, rssi_event, gfp);
4274 EXPORT_SYMBOL(ieee80211_cqm_rssi_notify);