1 // SPDX-License-Identifier: GPL-2.0-only
3 * BSS client mode implementation
4 * Copyright 2003-2008, Jouni Malinen <j@w1.fi>
5 * Copyright 2004, Instant802 Networks, Inc.
6 * Copyright 2005, Devicescape Software, Inc.
7 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
8 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
9 * Copyright 2013-2014 Intel Mobile Communications GmbH
10 * Copyright (C) 2015 - 2017 Intel Deutschland GmbH
11 * Copyright (C) 2018 - 2024 Intel Corporation
14 #include <linux/delay.h>
15 #include <linux/fips.h>
16 #include <linux/if_ether.h>
17 #include <linux/skbuff.h>
18 #include <linux/if_arp.h>
19 #include <linux/etherdevice.h>
20 #include <linux/moduleparam.h>
21 #include <linux/rtnetlink.h>
22 #include <linux/crc32.h>
23 #include <linux/slab.h>
24 #include <linux/export.h>
25 #include <net/mac80211.h>
26 #include <asm/unaligned.h>
28 #include "ieee80211_i.h"
29 #include "driver-ops.h"
32 #include "fils_aead.h"
34 #define IEEE80211_AUTH_TIMEOUT (HZ / 5)
35 #define IEEE80211_AUTH_TIMEOUT_LONG (HZ / 2)
36 #define IEEE80211_AUTH_TIMEOUT_SHORT (HZ / 10)
37 #define IEEE80211_AUTH_TIMEOUT_SAE (HZ * 2)
38 #define IEEE80211_AUTH_MAX_TRIES 3
39 #define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5)
40 #define IEEE80211_AUTH_WAIT_SAE_RETRY (HZ * 2)
41 #define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
42 #define IEEE80211_ASSOC_TIMEOUT_LONG (HZ / 2)
43 #define IEEE80211_ASSOC_TIMEOUT_SHORT (HZ / 10)
44 #define IEEE80211_ASSOC_MAX_TRIES 3
46 #define IEEE80211_ADV_TTLM_SAFETY_BUFFER_MS msecs_to_jiffies(100)
47 #define IEEE80211_ADV_TTLM_ST_UNDERFLOW 0xff00
49 #define IEEE80211_NEG_TTLM_REQ_TIMEOUT (HZ / 5)
51 static int max_nullfunc_tries = 2;
52 module_param(max_nullfunc_tries, int, 0644);
53 MODULE_PARM_DESC(max_nullfunc_tries,
54 "Maximum nullfunc tx tries before disconnecting (reason 4).");
56 static int max_probe_tries = 5;
57 module_param(max_probe_tries, int, 0644);
58 MODULE_PARM_DESC(max_probe_tries,
59 "Maximum probe tries before disconnecting (reason 4).");
62 * Beacon loss timeout is calculated as N frames times the
63 * advertised beacon interval. This may need to be somewhat
64 * higher than what hardware might detect to account for
65 * delays in the host processing frames. But since we also
66 * probe on beacon miss before declaring the connection lost
67 * default to what we want.
69 static int beacon_loss_count = 7;
70 module_param(beacon_loss_count, int, 0644);
71 MODULE_PARM_DESC(beacon_loss_count,
72 "Number of beacon intervals before we decide beacon was lost.");
75 * Time the connection can be idle before we probe
76 * it to see if we can still talk to the AP.
78 #define IEEE80211_CONNECTION_IDLE_TIME (30 * HZ)
80 * Time we wait for a probe response after sending
81 * a probe request because of beacon loss or for
82 * checking the connection still works.
84 static int probe_wait_ms = 500;
85 module_param(probe_wait_ms, int, 0644);
86 MODULE_PARM_DESC(probe_wait_ms,
87 "Maximum time(ms) to wait for probe response"
88 " before disconnecting (reason 4).");
91 * How many Beacon frames need to have been used in average signal strength
92 * before starting to indicate signal change events.
94 #define IEEE80211_SIGNAL_AVE_MIN_COUNT 4
97 * We can have multiple work items (and connection probing)
98 * scheduling this timer, but we need to take care to only
99 * reschedule it when it should fire _earlier_ than it was
100 * asked for before, or if it's not pending right now. This
101 * function ensures that. Note that it then is required to
102 * run this function for all timeouts after the first one
103 * has happened -- the work that runs from this timer will
106 static void run_again(struct ieee80211_sub_if_data *sdata,
107 unsigned long timeout)
109 lockdep_assert_wiphy(sdata->local->hw.wiphy);
111 if (!timer_pending(&sdata->u.mgd.timer) ||
112 time_before(timeout, sdata->u.mgd.timer.expires))
113 mod_timer(&sdata->u.mgd.timer, timeout);
116 void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata)
118 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER)
121 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
124 mod_timer(&sdata->u.mgd.bcn_mon_timer,
125 round_jiffies_up(jiffies + sdata->u.mgd.beacon_timeout));
128 void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata)
130 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
132 if (unlikely(!ifmgd->associated))
135 if (ifmgd->probe_send_count)
136 ifmgd->probe_send_count = 0;
138 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
141 mod_timer(&ifmgd->conn_mon_timer,
142 round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME));
145 static int ecw2cw(int ecw)
147 return (1 << ecw) - 1;
150 static enum ieee80211_conn_mode
151 ieee80211_determine_ap_chan(struct ieee80211_sub_if_data *sdata,
152 struct ieee80211_channel *channel,
154 const struct ieee802_11_elems *elems,
155 bool ignore_ht_channel_mismatch,
156 const struct ieee80211_conn_settings *conn,
157 struct cfg80211_chan_def *chandef)
159 const struct ieee80211_ht_operation *ht_oper = elems->ht_operation;
160 const struct ieee80211_vht_operation *vht_oper = elems->vht_operation;
161 const struct ieee80211_he_operation *he_oper = elems->he_operation;
162 const struct ieee80211_eht_operation *eht_oper = elems->eht_operation;
163 struct ieee80211_supported_band *sband =
164 sdata->local->hw.wiphy->bands[channel->band];
165 struct cfg80211_chan_def vht_chandef;
169 *chandef = (struct cfg80211_chan_def) {
171 .width = NL80211_CHAN_WIDTH_20_NOHT,
172 .center_freq1 = channel->center_freq,
173 .freq1_offset = channel->freq_offset,
176 /* get special S1G case out of the way */
177 if (sband->band == NL80211_BAND_S1GHZ) {
178 if (!ieee80211_chandef_s1g_oper(elems->s1g_oper, chandef)) {
180 "Missing S1G Operation Element? Trying operating == primary\n");
181 chandef->width = ieee80211_s1g_channel_width(channel);
184 return IEEE80211_CONN_MODE_S1G;
187 /* get special 6 GHz case out of the way */
188 if (sband->band == NL80211_BAND_6GHZ) {
189 enum ieee80211_conn_mode mode = IEEE80211_CONN_MODE_EHT;
191 /* this is an error */
192 if (conn->mode < IEEE80211_CONN_MODE_HE)
193 return IEEE80211_CONN_MODE_LEGACY;
195 if (!elems->he_6ghz_capa || !elems->he_cap) {
197 "HE 6 GHz AP is missing HE/HE 6 GHz band capability\n");
198 return IEEE80211_CONN_MODE_LEGACY;
201 if (!eht_oper || !elems->eht_cap) {
203 mode = IEEE80211_CONN_MODE_HE;
206 if (!ieee80211_chandef_he_6ghz_oper(sdata->local, he_oper,
207 eht_oper, chandef)) {
208 sdata_info(sdata, "bad HE/EHT 6 GHz operation\n");
209 return IEEE80211_CONN_MODE_LEGACY;
215 /* now we have the progression HT, VHT, ... */
216 if (conn->mode < IEEE80211_CONN_MODE_HT)
217 return IEEE80211_CONN_MODE_LEGACY;
219 if (!ht_oper || !elems->ht_cap_elem)
220 return IEEE80211_CONN_MODE_LEGACY;
222 chandef->width = NL80211_CHAN_WIDTH_20;
224 ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan,
226 /* check that channel matches the right operating channel */
227 if (!ignore_ht_channel_mismatch && channel->center_freq != ht_cfreq) {
229 * It's possible that some APs are confused here;
230 * Netgear WNDR3700 sometimes reports 4 higher than
231 * the actual channel in association responses, but
232 * since we look at probe response/beacon data here
236 "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n",
237 channel->center_freq, ht_cfreq,
238 ht_oper->primary_chan, channel->band);
239 return IEEE80211_CONN_MODE_LEGACY;
242 ieee80211_chandef_ht_oper(ht_oper, chandef);
244 if (conn->mode < IEEE80211_CONN_MODE_VHT)
245 return IEEE80211_CONN_MODE_HT;
247 vht_chandef = *chandef;
250 * having he_cap/he_oper parsed out implies we're at
251 * least operating as HE STA
253 if (elems->he_cap && he_oper &&
254 he_oper->he_oper_params & cpu_to_le32(IEEE80211_HE_OPERATION_VHT_OPER_INFO)) {
255 struct ieee80211_vht_operation he_oper_vht_cap;
258 * Set only first 3 bytes (other 2 aren't used in
259 * ieee80211_chandef_vht_oper() anyway)
261 memcpy(&he_oper_vht_cap, he_oper->optional, 3);
262 he_oper_vht_cap.basic_mcs_set = cpu_to_le16(0);
264 if (!ieee80211_chandef_vht_oper(&sdata->local->hw, vht_cap_info,
265 &he_oper_vht_cap, ht_oper,
268 "HE AP VHT information is invalid, disabling HE\n");
269 /* this will cause us to re-parse as VHT STA */
270 return IEEE80211_CONN_MODE_VHT;
272 } else if (!vht_oper || !elems->vht_cap_elem) {
273 if (sband->band == NL80211_BAND_5GHZ) {
275 "VHT information is missing, disabling VHT\n");
276 return IEEE80211_CONN_MODE_HT;
279 } else if (sband->band == NL80211_BAND_2GHZ) {
281 } else if (!ieee80211_chandef_vht_oper(&sdata->local->hw,
286 "AP VHT information is invalid, disabling VHT\n");
287 return IEEE80211_CONN_MODE_HT;
290 if (!cfg80211_chandef_compatible(chandef, &vht_chandef)) {
292 "AP VHT information doesn't match HT, disabling VHT\n");
293 return IEEE80211_CONN_MODE_HT;
296 *chandef = vht_chandef;
298 /* stick to current max mode if we or the AP don't have HE */
299 if (conn->mode < IEEE80211_CONN_MODE_HE ||
300 !elems->he_operation || !elems->he_cap) {
302 return IEEE80211_CONN_MODE_HT;
303 return IEEE80211_CONN_MODE_VHT;
306 /* stick to HE if we or the AP don't have EHT */
307 if (conn->mode < IEEE80211_CONN_MODE_EHT ||
308 !eht_oper || !elems->eht_cap)
309 return IEEE80211_CONN_MODE_HE;
312 * handle the case that the EHT operation indicates that it holds EHT
313 * operation information (in case that the channel width differs from
314 * the channel width reported in HT/VHT/HE).
316 if (eht_oper->params & IEEE80211_EHT_OPER_INFO_PRESENT) {
317 struct cfg80211_chan_def eht_chandef = *chandef;
319 ieee80211_chandef_eht_oper((const void *)eht_oper->optional,
322 eht_chandef.punctured =
323 ieee80211_eht_oper_dis_subchan_bitmap(eht_oper);
325 if (!cfg80211_chandef_valid(&eht_chandef)) {
327 "AP EHT information is invalid, disabling EHT\n");
328 return IEEE80211_CONN_MODE_HE;
331 if (!cfg80211_chandef_compatible(chandef, &eht_chandef)) {
333 "AP EHT information doesn't match HT/VHT/HE, disabling EHT\n");
334 return IEEE80211_CONN_MODE_HE;
337 *chandef = eht_chandef;
340 return IEEE80211_CONN_MODE_EHT;
344 ieee80211_verify_peer_he_mcs_support(struct ieee80211_sub_if_data *sdata,
345 const struct ieee80211_he_cap_elem *he_cap,
346 const struct ieee80211_he_operation *he_op)
348 struct ieee80211_he_mcs_nss_supp *he_mcs_nss_supp;
349 u16 mcs_80_map_tx, mcs_80_map_rx;
356 /* mcs_nss is right after he_cap info */
357 he_mcs_nss_supp = (void *)(he_cap + 1);
359 mcs_80_map_tx = le16_to_cpu(he_mcs_nss_supp->tx_mcs_80);
360 mcs_80_map_rx = le16_to_cpu(he_mcs_nss_supp->rx_mcs_80);
362 /* P802.11-REVme/D0.3
363 * 27.1.1 Introduction to the HE PHY
365 * An HE STA shall support the following features:
367 * Single spatial stream HE-MCSs 0 to 7 (transmit and receive) in all
368 * supported channel widths for HE SU PPDUs
370 if ((mcs_80_map_tx & 0x3) == IEEE80211_HE_MCS_NOT_SUPPORTED ||
371 (mcs_80_map_rx & 0x3) == IEEE80211_HE_MCS_NOT_SUPPORTED) {
373 "Missing mandatory rates for 1 Nss, rx 0x%x, tx 0x%x, disable HE\n",
374 mcs_80_map_tx, mcs_80_map_rx);
381 ap_min_req_set = le16_to_cpu(he_op->he_mcs_nss_set);
384 * Apparently iPhone 13 (at least iOS version 15.3.1) sets this to all
385 * zeroes, which is nonsense, and completely inconsistent with itself
386 * (it doesn't have 8 streams). Accept the settings in this case anyway.
391 /* make sure the AP is consistent with itself
394 * 26.17.1 Basic HE BSS operation
396 * A STA that is operating in an HE BSS shall be able to receive and
397 * transmit at each of the <HE-MCS, NSS> tuple values indicated by the
398 * Basic HE-MCS And NSS Set field of the HE Operation parameter of the
399 * MLME-START.request primitive and shall be able to receive at each of
400 * the <HE-MCS, NSS> tuple values indicated by the Supported HE-MCS and
401 * NSS Set field in the HE Capabilities parameter of the MLMESTART.request
404 for (nss = 8; nss > 0; nss--) {
405 u8 ap_op_val = (ap_min_req_set >> (2 * (nss - 1))) & 3;
409 if (ap_op_val == IEEE80211_HE_MCS_NOT_SUPPORTED)
412 ap_rx_val = (mcs_80_map_rx >> (2 * (nss - 1))) & 3;
413 ap_tx_val = (mcs_80_map_tx >> (2 * (nss - 1))) & 3;
415 if (ap_rx_val == IEEE80211_HE_MCS_NOT_SUPPORTED ||
416 ap_tx_val == IEEE80211_HE_MCS_NOT_SUPPORTED ||
417 ap_rx_val < ap_op_val || ap_tx_val < ap_op_val) {
419 "Invalid rates for %d Nss, rx %d, tx %d oper %d, disable HE\n",
420 nss, ap_rx_val, ap_rx_val, ap_op_val);
429 ieee80211_verify_sta_he_mcs_support(struct ieee80211_sub_if_data *sdata,
430 struct ieee80211_supported_band *sband,
431 const struct ieee80211_he_operation *he_op)
433 const struct ieee80211_sta_he_cap *sta_he_cap =
434 ieee80211_get_he_iftype_cap_vif(sband, &sdata->vif);
438 if (!sta_he_cap || !he_op)
441 ap_min_req_set = le16_to_cpu(he_op->he_mcs_nss_set);
444 * Apparently iPhone 13 (at least iOS version 15.3.1) sets this to all
445 * zeroes, which is nonsense, and completely inconsistent with itself
446 * (it doesn't have 8 streams). Accept the settings in this case anyway.
451 /* Need to go over for 80MHz, 160MHz and for 80+80 */
452 for (i = 0; i < 3; i++) {
453 const struct ieee80211_he_mcs_nss_supp *sta_mcs_nss_supp =
454 &sta_he_cap->he_mcs_nss_supp;
456 le16_to_cpu(((__le16 *)sta_mcs_nss_supp)[2 * i]);
458 le16_to_cpu(((__le16 *)sta_mcs_nss_supp)[2 * i + 1]);
460 bool verified = true;
463 * For each band there is a maximum of 8 spatial streams
464 * possible. Each of the sta_mcs_map_* is a 16-bit struct built
465 * of 2 bits per NSS (1-8), with the values defined in enum
466 * ieee80211_he_mcs_support. Need to make sure STA TX and RX
467 * capabilities aren't less than the AP's minimum requirements
468 * for this HE BSS per SS.
469 * It is enough to find one such band that meets the reqs.
471 for (nss = 8; nss > 0; nss--) {
472 u8 sta_rx_val = (sta_mcs_map_rx >> (2 * (nss - 1))) & 3;
473 u8 sta_tx_val = (sta_mcs_map_tx >> (2 * (nss - 1))) & 3;
474 u8 ap_val = (ap_min_req_set >> (2 * (nss - 1))) & 3;
476 if (ap_val == IEEE80211_HE_MCS_NOT_SUPPORTED)
480 * Make sure the HE AP doesn't require MCSs that aren't
481 * supported by the client as required by spec
484 * 26.17.1 Basic HE BSS operation
486 * An HE STA shall not attempt to join * (MLME-JOIN.request primitive)
487 * a BSS, unless it supports (i.e., is able to both transmit and
488 * receive using) all of the <HE-MCS, NSS> tuples in the basic
489 * HE-MCS and NSS set.
491 if (sta_rx_val == IEEE80211_HE_MCS_NOT_SUPPORTED ||
492 sta_tx_val == IEEE80211_HE_MCS_NOT_SUPPORTED ||
493 (ap_val > sta_rx_val) || (ap_val > sta_tx_val)) {
503 /* If here, STA doesn't meet AP's HE min requirements */
508 ieee80211_get_eht_cap_mcs_nss(const struct ieee80211_sta_he_cap *sta_he_cap,
509 const struct ieee80211_sta_eht_cap *sta_eht_cap,
510 unsigned int idx, int bw)
512 u8 he_phy_cap0 = sta_he_cap->he_cap_elem.phy_cap_info[0];
513 u8 eht_phy_cap0 = sta_eht_cap->eht_cap_elem.phy_cap_info[0];
515 /* handle us being a 20 MHz-only EHT STA - with four values
516 * for MCS 0-7, 8-9, 10-11, 12-13.
518 if (!(he_phy_cap0 & IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_MASK_ALL))
519 return sta_eht_cap->eht_mcs_nss_supp.only_20mhz.rx_tx_max_nss[idx];
521 /* the others have MCS 0-9 together, rather than separately from 0-7 */
527 return sta_eht_cap->eht_mcs_nss_supp.bw._80.rx_tx_max_nss[idx];
530 (IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G |
531 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_80PLUS80_MHZ_IN_5G)))
532 return 0xff; /* pass check */
533 return sta_eht_cap->eht_mcs_nss_supp.bw._160.rx_tx_max_nss[idx];
535 if (!(eht_phy_cap0 & IEEE80211_EHT_PHY_CAP0_320MHZ_IN_6GHZ))
536 return 0xff; /* pass check */
537 return sta_eht_cap->eht_mcs_nss_supp.bw._320.rx_tx_max_nss[idx];
545 ieee80211_verify_sta_eht_mcs_support(struct ieee80211_sub_if_data *sdata,
546 struct ieee80211_supported_band *sband,
547 const struct ieee80211_eht_operation *eht_op)
549 const struct ieee80211_sta_he_cap *sta_he_cap =
550 ieee80211_get_he_iftype_cap_vif(sband, &sdata->vif);
551 const struct ieee80211_sta_eht_cap *sta_eht_cap =
552 ieee80211_get_eht_iftype_cap_vif(sband, &sdata->vif);
553 const struct ieee80211_eht_mcs_nss_supp_20mhz_only *req;
556 if (!sta_he_cap || !sta_eht_cap || !eht_op)
559 req = &eht_op->basic_mcs_nss;
561 for (i = 0; i < ARRAY_SIZE(req->rx_tx_max_nss); i++) {
562 u8 req_rx_nss, req_tx_nss;
565 req_rx_nss = u8_get_bits(req->rx_tx_max_nss[i],
566 IEEE80211_EHT_MCS_NSS_RX);
567 req_tx_nss = u8_get_bits(req->rx_tx_max_nss[i],
568 IEEE80211_EHT_MCS_NSS_TX);
570 for (bw = 0; bw < 3; bw++) {
571 u8 have, have_rx_nss, have_tx_nss;
573 have = ieee80211_get_eht_cap_mcs_nss(sta_he_cap,
576 have_rx_nss = u8_get_bits(have,
577 IEEE80211_EHT_MCS_NSS_RX);
578 have_tx_nss = u8_get_bits(have,
579 IEEE80211_EHT_MCS_NSS_TX);
581 if (req_rx_nss > have_rx_nss ||
582 req_tx_nss > have_tx_nss)
590 static bool ieee80211_chandef_usable(struct ieee80211_sub_if_data *sdata,
591 const struct cfg80211_chan_def *chandef,
592 u32 prohibited_flags)
594 if (!cfg80211_chandef_usable(sdata->local->hw.wiphy,
595 chandef, prohibited_flags))
598 if (chandef->punctured &&
599 ieee80211_hw_check(&sdata->local->hw, DISALLOW_PUNCTURING))
605 static struct ieee802_11_elems *
606 ieee80211_determine_chan_mode(struct ieee80211_sub_if_data *sdata,
607 struct ieee80211_conn_settings *conn,
608 struct cfg80211_bss *cbss, int link_id,
609 struct ieee80211_chan_req *chanreq)
611 const struct cfg80211_bss_ies *ies = rcu_dereference(cbss->ies);
612 struct ieee80211_bss *bss = (void *)cbss->priv;
613 struct ieee80211_channel *channel = cbss->channel;
614 struct ieee80211_elems_parse_params parse_params = {
621 struct ieee802_11_elems *elems;
622 struct ieee80211_supported_band *sband;
623 struct cfg80211_chan_def ap_chandef;
624 enum ieee80211_conn_mode ap_mode;
628 elems = ieee802_11_parse_elems_full(&parse_params);
630 return ERR_PTR(-ENOMEM);
632 ap_mode = ieee80211_determine_ap_chan(sdata, channel, bss->vht_cap_info,
633 elems, false, conn, &ap_chandef);
635 mlme_link_id_dbg(sdata, link_id, "determined AP %pM to be %s\n",
636 cbss->bssid, ieee80211_conn_mode_str(ap_mode));
638 /* this should be impossible since parsing depends on our mode */
639 if (WARN_ON(ap_mode > conn->mode)) {
644 sband = sdata->local->hw.wiphy->bands[channel->band];
646 switch (channel->band) {
647 case NL80211_BAND_S1GHZ:
648 if (WARN_ON(ap_mode != IEEE80211_CONN_MODE_S1G)) {
653 case NL80211_BAND_6GHZ:
654 if (ap_mode < IEEE80211_CONN_MODE_HE) {
656 "Rejecting non-HE 6/7 GHz connection");
662 if (WARN_ON(ap_mode == IEEE80211_CONN_MODE_S1G)) {
669 case IEEE80211_CONN_MODE_S1G:
673 case IEEE80211_CONN_MODE_LEGACY:
674 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_20;
676 case IEEE80211_CONN_MODE_HT:
677 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
679 IEEE80211_CONN_BW_LIMIT_40);
681 case IEEE80211_CONN_MODE_VHT:
682 case IEEE80211_CONN_MODE_HE:
683 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
685 IEEE80211_CONN_BW_LIMIT_160);
687 case IEEE80211_CONN_MODE_EHT:
688 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
690 IEEE80211_CONN_BW_LIMIT_320);
694 conn->mode = ap_mode;
695 chanreq->oper = ap_chandef;
697 /* wider-bandwidth OFDMA is only done in EHT */
698 if (conn->mode >= IEEE80211_CONN_MODE_EHT &&
699 !(sdata->vif.driver_flags & IEEE80211_VIF_IGNORE_OFDMA_WIDER_BW))
700 chanreq->ap = ap_chandef;
702 chanreq->ap.chan = NULL;
704 while (!ieee80211_chandef_usable(sdata, &chanreq->oper,
705 IEEE80211_CHAN_DISABLED)) {
706 if (WARN_ON(chanreq->oper.width == NL80211_CHAN_WIDTH_20_NOHT)) {
711 ieee80211_chanreq_downgrade(chanreq, conn);
714 if (conn->mode >= IEEE80211_CONN_MODE_HE &&
715 !cfg80211_chandef_usable(sdata->wdev.wiphy, &chanreq->oper,
716 IEEE80211_CHAN_NO_HE)) {
717 conn->mode = IEEE80211_CONN_MODE_VHT;
718 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
720 IEEE80211_CONN_BW_LIMIT_160);
723 if (conn->mode >= IEEE80211_CONN_MODE_EHT &&
724 !cfg80211_chandef_usable(sdata->wdev.wiphy, &chanreq->oper,
725 IEEE80211_CHAN_NO_EHT)) {
726 conn->mode = IEEE80211_CONN_MODE_HE;
727 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
729 IEEE80211_CONN_BW_LIMIT_160);
732 if (chanreq->oper.width != ap_chandef.width || ap_mode != conn->mode)
734 "regulatory prevented using AP config, downgraded\n");
736 if (conn->mode >= IEEE80211_CONN_MODE_HE &&
737 (!ieee80211_verify_peer_he_mcs_support(sdata, (void *)elems->he_cap,
738 elems->he_operation) ||
739 !ieee80211_verify_sta_he_mcs_support(sdata, sband,
740 elems->he_operation))) {
741 conn->mode = IEEE80211_CONN_MODE_VHT;
742 sdata_info(sdata, "required MCSes not supported, disabling HE\n");
745 if (conn->mode >= IEEE80211_CONN_MODE_EHT &&
746 !ieee80211_verify_sta_eht_mcs_support(sdata, sband,
747 elems->eht_operation)) {
748 conn->mode = IEEE80211_CONN_MODE_HE;
749 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
751 IEEE80211_CONN_BW_LIMIT_160);
752 sdata_info(sdata, "required MCSes not supported, disabling EHT\n");
755 /* the mode can only decrease, so this must terminate */
756 if (ap_mode != conn->mode)
759 mlme_link_id_dbg(sdata, link_id,
760 "connecting with %s mode, max bandwidth %d MHz\n",
761 ieee80211_conn_mode_str(conn->mode),
762 20 * (1 << conn->bw_limit));
764 if (WARN_ON_ONCE(!cfg80211_chandef_valid(&chanreq->oper))) {
775 static int ieee80211_config_bw(struct ieee80211_link_data *link,
776 struct ieee802_11_elems *elems,
777 bool update, u64 *changed)
779 struct ieee80211_channel *channel = link->conf->chanreq.oper.chan;
780 struct ieee80211_sub_if_data *sdata = link->sdata;
781 struct ieee80211_chan_req chanreq = {};
782 enum ieee80211_conn_mode ap_mode;
783 u32 vht_cap_info = 0;
787 /* don't track any bandwidth changes in legacy/S1G modes */
788 if (link->u.mgd.conn.mode == IEEE80211_CONN_MODE_LEGACY ||
789 link->u.mgd.conn.mode == IEEE80211_CONN_MODE_S1G)
792 if (elems->vht_cap_elem)
793 vht_cap_info = le32_to_cpu(elems->vht_cap_elem->vht_cap_info);
795 ap_mode = ieee80211_determine_ap_chan(sdata, channel, vht_cap_info,
796 elems, true, &link->u.mgd.conn,
799 if (ap_mode != link->u.mgd.conn.mode) {
801 "AP appears to change mode (expected %s, found %s), disconnect\n",
802 ieee80211_conn_mode_str(link->u.mgd.conn.mode),
803 ieee80211_conn_mode_str(ap_mode));
807 chanreq.oper = chanreq.ap;
808 if (link->u.mgd.conn.mode < IEEE80211_CONN_MODE_EHT ||
809 sdata->vif.driver_flags & IEEE80211_VIF_IGNORE_OFDMA_WIDER_BW)
810 chanreq.ap.chan = NULL;
813 * if HT operation mode changed store the new one -
814 * this may be applicable even if channel is identical
816 if (elems->ht_operation) {
817 ht_opmode = le16_to_cpu(elems->ht_operation->operation_mode);
818 if (link->conf->ht_operation_mode != ht_opmode) {
819 *changed |= BSS_CHANGED_HT;
820 link->conf->ht_operation_mode = ht_opmode;
825 * Downgrade the new channel if we associated with restricted
826 * bandwidth capabilities. For example, if we associated as a
827 * 20 MHz STA to a 40 MHz AP (due to regulatory, capabilities
828 * or config reasons) then switching to a 40 MHz channel now
829 * won't do us any good -- we couldn't use it with the AP.
831 while (link->u.mgd.conn.bw_limit <
832 ieee80211_min_bw_limit_from_chandef(&chanreq.oper))
833 ieee80211_chandef_downgrade(&chanreq.oper, NULL);
835 if (ieee80211_chanreq_identical(&chanreq, &link->conf->chanreq))
839 "AP %pM changed bandwidth, new used config is %d.%03d MHz, width %d (%d.%03d/%d MHz)\n",
840 link->u.mgd.bssid, chanreq.oper.chan->center_freq,
841 chanreq.oper.chan->freq_offset, chanreq.oper.width,
842 chanreq.oper.center_freq1, chanreq.oper.freq1_offset,
843 chanreq.oper.center_freq2);
845 if (!cfg80211_chandef_valid(&chanreq.oper)) {
847 "AP %pM changed caps/bw in a way we can't support - disconnect\n",
853 link->conf->chanreq = chanreq;
858 * We're tracking the current AP here, so don't do any further checks
859 * here. This keeps us from playing ping-pong with regulatory, without
860 * it the following can happen (for example):
861 * - connect to an AP with 80 MHz, world regdom allows 80 MHz
862 * - AP advertises regdom US
863 * - CRDA loads regdom US with 80 MHz prohibited (old database)
864 * - we detect an unsupported channel and disconnect
865 * - disconnect causes CRDA to reload world regdomain and the game
867 * (see https://bugzilla.kernel.org/show_bug.cgi?id=70881)
869 * It seems possible that there are still scenarios with CSA or real
870 * bandwidth changes where a this could happen, but those cases are
871 * less common and wouldn't completely prevent using the AP.
874 ret = ieee80211_link_change_chanreq(link, &chanreq, changed);
877 "AP %pM changed bandwidth to incompatible one - disconnect\n",
882 cfg80211_schedule_channels_check(&sdata->wdev);
886 /* frame sending functions */
888 static void ieee80211_add_ht_ie(struct ieee80211_sub_if_data *sdata,
889 struct sk_buff *skb, u8 ap_ht_param,
890 struct ieee80211_supported_band *sband,
891 struct ieee80211_channel *channel,
892 enum ieee80211_smps_mode smps,
893 const struct ieee80211_conn_settings *conn)
896 u32 flags = channel->flags;
898 struct ieee80211_sta_ht_cap ht_cap;
900 BUILD_BUG_ON(sizeof(ht_cap) != sizeof(sband->ht_cap));
902 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap));
903 ieee80211_apply_htcap_overrides(sdata, &ht_cap);
905 /* determine capability flags */
908 switch (ap_ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
909 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
910 if (flags & IEEE80211_CHAN_NO_HT40PLUS) {
911 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
912 cap &= ~IEEE80211_HT_CAP_SGI_40;
915 case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
916 if (flags & IEEE80211_CHAN_NO_HT40MINUS) {
917 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
918 cap &= ~IEEE80211_HT_CAP_SGI_40;
924 * If 40 MHz was disabled associate as though we weren't
925 * capable of 40 MHz -- some broken APs will never fall
926 * back to trying to transmit in 20 MHz.
928 if (conn->bw_limit <= IEEE80211_CONN_BW_LIMIT_20) {
929 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
930 cap &= ~IEEE80211_HT_CAP_SGI_40;
933 /* set SM PS mode properly */
934 cap &= ~IEEE80211_HT_CAP_SM_PS;
936 case IEEE80211_SMPS_AUTOMATIC:
937 case IEEE80211_SMPS_NUM_MODES:
940 case IEEE80211_SMPS_OFF:
941 cap |= WLAN_HT_CAP_SM_PS_DISABLED <<
942 IEEE80211_HT_CAP_SM_PS_SHIFT;
944 case IEEE80211_SMPS_STATIC:
945 cap |= WLAN_HT_CAP_SM_PS_STATIC <<
946 IEEE80211_HT_CAP_SM_PS_SHIFT;
948 case IEEE80211_SMPS_DYNAMIC:
949 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC <<
950 IEEE80211_HT_CAP_SM_PS_SHIFT;
954 /* reserve and fill IE */
955 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2);
956 ieee80211_ie_build_ht_cap(pos, &ht_cap, cap);
959 /* This function determines vht capability flags for the association
961 * Note - the function returns true to own the MU-MIMO capability
963 static bool ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata,
965 struct ieee80211_supported_band *sband,
966 struct ieee80211_vht_cap *ap_vht_cap,
967 const struct ieee80211_conn_settings *conn)
969 struct ieee80211_local *local = sdata->local;
972 struct ieee80211_sta_vht_cap vht_cap;
973 u32 mask, ap_bf_sts, our_bf_sts;
974 bool mu_mimo_owner = false;
976 BUILD_BUG_ON(sizeof(vht_cap) != sizeof(sband->vht_cap));
978 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap));
979 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap);
981 /* determine capability flags */
984 if (conn->bw_limit <= IEEE80211_CONN_BW_LIMIT_80) {
985 cap &= ~IEEE80211_VHT_CAP_SHORT_GI_160;
986 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK;
990 * Some APs apparently get confused if our capabilities are better
991 * than theirs, so restrict what we advertise in the assoc request.
993 if (!(ap_vht_cap->vht_cap_info &
994 cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)))
995 cap &= ~(IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
996 IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE);
997 else if (!(ap_vht_cap->vht_cap_info &
998 cpu_to_le32(IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)))
999 cap &= ~IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE;
1002 * If some other vif is using the MU-MIMO capability we cannot associate
1003 * using MU-MIMO - this will lead to contradictions in the group-id
1005 * Ownership is defined since association request, in order to avoid
1006 * simultaneous associations with MU-MIMO.
1008 if (cap & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE) {
1009 bool disable_mu_mimo = false;
1010 struct ieee80211_sub_if_data *other;
1012 list_for_each_entry_rcu(other, &local->interfaces, list) {
1013 if (other->vif.bss_conf.mu_mimo_owner) {
1014 disable_mu_mimo = true;
1018 if (disable_mu_mimo)
1019 cap &= ~IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE;
1021 mu_mimo_owner = true;
1024 mask = IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK;
1026 ap_bf_sts = le32_to_cpu(ap_vht_cap->vht_cap_info) & mask;
1027 our_bf_sts = cap & mask;
1029 if (ap_bf_sts < our_bf_sts) {
1034 /* reserve and fill IE */
1035 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2);
1036 ieee80211_ie_build_vht_cap(pos, &vht_cap, cap);
1038 return mu_mimo_owner;
1041 static void ieee80211_assoc_add_rates(struct sk_buff *skb,
1042 enum nl80211_chan_width width,
1043 struct ieee80211_supported_band *sband,
1044 struct ieee80211_mgd_assoc_data *assoc_data)
1048 if (assoc_data->supp_rates_len) {
1050 * Get all rates supported by the device and the AP as
1051 * some APs don't like getting a superset of their rates
1052 * in the association request (e.g. D-Link DAP 1353 in
1055 ieee80211_parse_bitrates(width, sband,
1056 assoc_data->supp_rates,
1057 assoc_data->supp_rates_len,
1061 * In case AP not provide any supported rates information
1062 * before association, we send information element(s) with
1063 * all rates that we support.
1068 ieee80211_put_srates_elem(skb, sband, 0, 0, ~rates,
1069 WLAN_EID_SUPP_RATES);
1070 ieee80211_put_srates_elem(skb, sband, 0, 0, ~rates,
1071 WLAN_EID_EXT_SUPP_RATES);
1074 static size_t ieee80211_add_before_ht_elems(struct sk_buff *skb,
1081 static const u8 before_ht[] = {
1083 WLAN_EID_SUPP_RATES,
1084 WLAN_EID_EXT_SUPP_RATES,
1085 WLAN_EID_PWR_CAPABILITY,
1086 WLAN_EID_SUPPORTED_CHANNELS,
1089 WLAN_EID_RRM_ENABLED_CAPABILITIES,
1090 WLAN_EID_MOBILITY_DOMAIN,
1091 WLAN_EID_FAST_BSS_TRANSITION, /* reassoc only */
1092 WLAN_EID_RIC_DATA, /* reassoc only */
1093 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
1095 static const u8 after_ric[] = {
1096 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
1097 WLAN_EID_HT_CAPABILITY,
1098 WLAN_EID_BSS_COEX_2040,
1099 /* luckily this is almost always there */
1100 WLAN_EID_EXT_CAPABILITY,
1101 WLAN_EID_QOS_TRAFFIC_CAPA,
1102 WLAN_EID_TIM_BCAST_REQ,
1103 WLAN_EID_INTERWORKING,
1104 /* 60 GHz (Multi-band, DMG, MMS) can't happen */
1105 WLAN_EID_VHT_CAPABILITY,
1106 WLAN_EID_OPMODE_NOTIF,
1112 noffset = ieee80211_ie_split_ric(elems, elems_len,
1114 ARRAY_SIZE(before_ht),
1116 ARRAY_SIZE(after_ric),
1118 skb_put_data(skb, elems + offset, noffset - offset);
1123 static size_t ieee80211_add_before_vht_elems(struct sk_buff *skb,
1128 static const u8 before_vht[] = {
1130 * no need to list the ones split off before HT
1133 WLAN_EID_BSS_COEX_2040,
1134 WLAN_EID_EXT_CAPABILITY,
1135 WLAN_EID_QOS_TRAFFIC_CAPA,
1136 WLAN_EID_TIM_BCAST_REQ,
1137 WLAN_EID_INTERWORKING,
1138 /* 60 GHz (Multi-band, DMG, MMS) can't happen */
1145 /* RIC already taken care of in ieee80211_add_before_ht_elems() */
1146 noffset = ieee80211_ie_split(elems, elems_len,
1147 before_vht, ARRAY_SIZE(before_vht),
1149 skb_put_data(skb, elems + offset, noffset - offset);
1154 static size_t ieee80211_add_before_he_elems(struct sk_buff *skb,
1159 static const u8 before_he[] = {
1161 * no need to list the ones split off before VHT
1164 WLAN_EID_OPMODE_NOTIF,
1165 WLAN_EID_EXTENSION, WLAN_EID_EXT_FUTURE_CHAN_GUIDANCE,
1167 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_SESSION,
1168 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_PUBLIC_KEY,
1169 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_KEY_CONFIRM,
1170 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_HLP_CONTAINER,
1171 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_IP_ADDR_ASSIGN,
1172 /* TODO: add 11ah/11aj/11ak elements */
1179 /* RIC already taken care of in ieee80211_add_before_ht_elems() */
1180 noffset = ieee80211_ie_split(elems, elems_len,
1181 before_he, ARRAY_SIZE(before_he),
1183 skb_put_data(skb, elems + offset, noffset - offset);
1188 #define PRESENT_ELEMS_MAX 8
1189 #define PRESENT_ELEM_EXT_OFFS 0x100
1191 static void ieee80211_assoc_add_ml_elem(struct ieee80211_sub_if_data *sdata,
1192 struct sk_buff *skb, u16 capab,
1193 const struct element *ext_capa,
1194 const u16 *present_elems);
1196 static size_t ieee80211_assoc_link_elems(struct ieee80211_sub_if_data *sdata,
1197 struct sk_buff *skb, u16 *capab,
1198 const struct element *ext_capa,
1199 const u8 *extra_elems,
1200 size_t extra_elems_len,
1201 unsigned int link_id,
1202 struct ieee80211_link_data *link,
1205 enum nl80211_iftype iftype = ieee80211_vif_type_p2p(&sdata->vif);
1206 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1207 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
1208 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss;
1209 struct ieee80211_channel *chan = cbss->channel;
1210 const struct ieee80211_sband_iftype_data *iftd;
1211 struct ieee80211_local *local = sdata->local;
1212 struct ieee80211_supported_band *sband;
1213 enum nl80211_chan_width width = NL80211_CHAN_WIDTH_20;
1214 struct ieee80211_chanctx_conf *chanctx_conf;
1215 enum ieee80211_smps_mode smps_mode;
1216 u16 orig_capab = *capab;
1218 int present_elems_len = 0;
1222 #define ADD_PRESENT_ELEM(id) do { \
1223 /* need a last for termination - we use 0 == SSID */ \
1224 if (!WARN_ON(present_elems_len >= PRESENT_ELEMS_MAX - 1)) \
1225 present_elems[present_elems_len++] = (id); \
1227 #define ADD_PRESENT_EXT_ELEM(id) ADD_PRESENT_ELEM(PRESENT_ELEM_EXT_OFFS | (id))
1230 smps_mode = link->smps_mode;
1231 else if (sdata->u.mgd.powersave)
1232 smps_mode = IEEE80211_SMPS_DYNAMIC;
1234 smps_mode = IEEE80211_SMPS_OFF;
1238 * 5/10 MHz scenarios are only viable without MLO, in which
1239 * case this pointer should be used ... All of this is a bit
1240 * unclear though, not sure this even works at all.
1243 chanctx_conf = rcu_dereference(link->conf->chanctx_conf);
1245 width = chanctx_conf->def.width;
1249 sband = local->hw.wiphy->bands[chan->band];
1250 iftd = ieee80211_get_sband_iftype_data(sband, iftype);
1252 if (sband->band == NL80211_BAND_2GHZ) {
1253 *capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
1254 *capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
1257 if ((cbss->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) &&
1258 ieee80211_hw_check(&local->hw, SPECTRUM_MGMT))
1259 *capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;
1261 if (sband->band != NL80211_BAND_S1GHZ)
1262 ieee80211_assoc_add_rates(skb, width, sband, assoc_data);
1264 if (*capab & WLAN_CAPABILITY_SPECTRUM_MGMT ||
1265 *capab & WLAN_CAPABILITY_RADIO_MEASURE) {
1266 struct cfg80211_chan_def chandef = {
1271 pos = skb_put(skb, 4);
1272 *pos++ = WLAN_EID_PWR_CAPABILITY;
1274 *pos++ = 0; /* min tx power */
1276 *pos++ = ieee80211_chandef_max_power(&chandef);
1277 ADD_PRESENT_ELEM(WLAN_EID_PWR_CAPABILITY);
1281 * Per spec, we shouldn't include the list of channels if we advertise
1282 * support for extended channel switching, but we've always done that;
1283 * (for now?) apply this restriction only on the (new) 6 GHz band.
1285 if (*capab & WLAN_CAPABILITY_SPECTRUM_MGMT &&
1286 (sband->band != NL80211_BAND_6GHZ ||
1287 !ext_capa || ext_capa->datalen < 1 ||
1288 !(ext_capa->data[0] & WLAN_EXT_CAPA1_EXT_CHANNEL_SWITCHING))) {
1289 /* TODO: get this in reg domain format */
1290 pos = skb_put(skb, 2 * sband->n_channels + 2);
1291 *pos++ = WLAN_EID_SUPPORTED_CHANNELS;
1292 *pos++ = 2 * sband->n_channels;
1293 for (i = 0; i < sband->n_channels; i++) {
1294 int cf = sband->channels[i].center_freq;
1296 *pos++ = ieee80211_frequency_to_channel(cf);
1297 *pos++ = 1; /* one channel in the subband*/
1299 ADD_PRESENT_ELEM(WLAN_EID_SUPPORTED_CHANNELS);
1302 /* if present, add any custom IEs that go before HT */
1303 offset = ieee80211_add_before_ht_elems(skb, extra_elems,
1307 if (sband->band != NL80211_BAND_6GHZ &&
1308 assoc_data->link[link_id].conn.mode >= IEEE80211_CONN_MODE_HT) {
1309 ieee80211_add_ht_ie(sdata, skb,
1310 assoc_data->link[link_id].ap_ht_param,
1311 sband, chan, smps_mode,
1312 &assoc_data->link[link_id].conn);
1313 ADD_PRESENT_ELEM(WLAN_EID_HT_CAPABILITY);
1316 /* if present, add any custom IEs that go before VHT */
1317 offset = ieee80211_add_before_vht_elems(skb, extra_elems,
1321 if (sband->band != NL80211_BAND_6GHZ &&
1322 assoc_data->link[link_id].conn.mode >= IEEE80211_CONN_MODE_VHT &&
1323 sband->vht_cap.vht_supported) {
1324 bool mu_mimo_owner =
1325 ieee80211_add_vht_ie(sdata, skb, sband,
1326 &assoc_data->link[link_id].ap_vht_cap,
1327 &assoc_data->link[link_id].conn);
1330 link->conf->mu_mimo_owner = mu_mimo_owner;
1331 ADD_PRESENT_ELEM(WLAN_EID_VHT_CAPABILITY);
1334 /* if present, add any custom IEs that go before HE */
1335 offset = ieee80211_add_before_he_elems(skb, extra_elems,
1339 if (assoc_data->link[link_id].conn.mode >= IEEE80211_CONN_MODE_HE) {
1340 ieee80211_put_he_cap(skb, sdata, sband,
1341 &assoc_data->link[link_id].conn);
1342 ADD_PRESENT_EXT_ELEM(WLAN_EID_EXT_HE_CAPABILITY);
1343 ieee80211_put_he_6ghz_cap(skb, sdata, smps_mode);
1347 * careful - need to know about all the present elems before
1348 * calling ieee80211_assoc_add_ml_elem(), so add this one if
1349 * we're going to put it after the ML element
1351 if (assoc_data->link[link_id].conn.mode >= IEEE80211_CONN_MODE_EHT)
1352 ADD_PRESENT_EXT_ELEM(WLAN_EID_EXT_EHT_CAPABILITY);
1354 if (link_id == assoc_data->assoc_link_id)
1355 ieee80211_assoc_add_ml_elem(sdata, skb, orig_capab, ext_capa,
1358 /* crash if somebody gets it wrong */
1359 present_elems = NULL;
1361 if (assoc_data->link[link_id].conn.mode >= IEEE80211_CONN_MODE_EHT)
1362 ieee80211_put_eht_cap(skb, sdata, sband,
1363 &assoc_data->link[link_id].conn);
1365 if (sband->band == NL80211_BAND_S1GHZ) {
1366 ieee80211_add_aid_request_ie(sdata, skb);
1367 ieee80211_add_s1g_capab_ie(sdata, &sband->s1g_cap, skb);
1370 if (iftd && iftd->vendor_elems.data && iftd->vendor_elems.len)
1371 skb_put_data(skb, iftd->vendor_elems.data, iftd->vendor_elems.len);
1376 static void ieee80211_add_non_inheritance_elem(struct sk_buff *skb,
1380 unsigned int skb_len = skb->len;
1381 bool at_extension = false;
1384 u8 *len, *list_len = NULL;
1386 skb_put_u8(skb, WLAN_EID_EXTENSION);
1387 len = skb_put(skb, 1);
1388 skb_put_u8(skb, WLAN_EID_EXT_NON_INHERITANCE);
1390 for (i = 0; i < PRESENT_ELEMS_MAX && outer[i]; i++) {
1391 u16 elem = outer[i];
1392 bool have_inner = false;
1394 /* should at least be sorted in the sense of normal -> ext */
1395 WARN_ON(at_extension && elem < PRESENT_ELEM_EXT_OFFS);
1397 /* switch to extension list */
1398 if (!at_extension && elem >= PRESENT_ELEM_EXT_OFFS) {
1399 at_extension = true;
1405 for (j = 0; j < PRESENT_ELEMS_MAX && inner[j]; j++) {
1406 if (elem == inner[j]) {
1416 list_len = skb_put(skb, 1);
1420 skb_put_u8(skb, (u8)elem);
1424 /* if we added a list but no extension list, make a zero-len one */
1425 if (added && (!at_extension || !list_len))
1428 /* if nothing added remove extension element completely */
1430 skb_trim(skb, skb_len);
1432 *len = skb->len - skb_len - 2;
1435 static void ieee80211_assoc_add_ml_elem(struct ieee80211_sub_if_data *sdata,
1436 struct sk_buff *skb, u16 capab,
1437 const struct element *ext_capa,
1438 const u16 *outer_present_elems)
1440 struct ieee80211_local *local = sdata->local;
1441 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1442 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
1443 struct ieee80211_multi_link_elem *ml_elem;
1444 struct ieee80211_mle_basic_common_info *common;
1445 const struct wiphy_iftype_ext_capab *ift_ext_capa;
1446 __le16 eml_capa = 0, mld_capa_ops = 0;
1447 unsigned int link_id;
1451 if (!ieee80211_vif_is_mld(&sdata->vif))
1454 ift_ext_capa = cfg80211_get_iftype_ext_capa(local->hw.wiphy,
1455 ieee80211_vif_type_p2p(&sdata->vif));
1457 eml_capa = cpu_to_le16(ift_ext_capa->eml_capabilities);
1458 mld_capa_ops = cpu_to_le16(ift_ext_capa->mld_capa_and_ops);
1461 skb_put_u8(skb, WLAN_EID_EXTENSION);
1462 ml_elem_len = skb_put(skb, 1);
1463 skb_put_u8(skb, WLAN_EID_EXT_EHT_MULTI_LINK);
1464 ml_elem = skb_put(skb, sizeof(*ml_elem));
1466 cpu_to_le16(IEEE80211_ML_CONTROL_TYPE_BASIC |
1467 IEEE80211_MLC_BASIC_PRES_MLD_CAPA_OP);
1468 common = skb_put(skb, sizeof(*common));
1469 common->len = sizeof(*common) +
1470 2; /* MLD capa/ops */
1471 memcpy(common->mld_mac_addr, sdata->vif.addr, ETH_ALEN);
1473 /* add EML_CAPA only if needed, see Draft P802.11be_D2.1, 35.3.17 */
1475 cpu_to_le16((IEEE80211_EML_CAP_EMLSR_SUPP |
1476 IEEE80211_EML_CAP_EMLMR_SUPPORT))) {
1477 common->len += 2; /* EML capabilities */
1479 cpu_to_le16(IEEE80211_MLC_BASIC_PRES_EML_CAPA);
1480 skb_put_data(skb, &eml_capa, sizeof(eml_capa));
1482 skb_put_data(skb, &mld_capa_ops, sizeof(mld_capa_ops));
1484 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
1485 u16 link_present_elems[PRESENT_ELEMS_MAX] = {};
1486 const u8 *extra_elems;
1487 size_t extra_elems_len;
1489 u8 *subelem_len = NULL;
1492 if (!assoc_data->link[link_id].bss ||
1493 link_id == assoc_data->assoc_link_id)
1496 extra_elems = assoc_data->link[link_id].elems;
1497 extra_elems_len = assoc_data->link[link_id].elems_len;
1499 skb_put_u8(skb, IEEE80211_MLE_SUBELEM_PER_STA_PROFILE);
1500 subelem_len = skb_put(skb, 1);
1502 ctrl = cpu_to_le16(link_id |
1503 IEEE80211_MLE_STA_CONTROL_COMPLETE_PROFILE |
1504 IEEE80211_MLE_STA_CONTROL_STA_MAC_ADDR_PRESENT);
1505 skb_put_data(skb, &ctrl, sizeof(ctrl));
1506 skb_put_u8(skb, 1 + ETH_ALEN); /* STA Info Length */
1507 skb_put_data(skb, assoc_data->link[link_id].addr,
1510 * Now add the contents of the (re)association request,
1511 * but the "listen interval" and "current AP address"
1512 * (if applicable) are skipped. So we only have
1513 * the capability field (remember the position and fill
1514 * later), followed by the elements added below by
1515 * calling ieee80211_assoc_link_elems().
1517 capab_pos = skb_put(skb, 2);
1519 extra_used = ieee80211_assoc_link_elems(sdata, skb, &capab,
1524 link_present_elems);
1526 skb_put_data(skb, extra_elems + extra_used,
1527 extra_elems_len - extra_used);
1529 put_unaligned_le16(capab, capab_pos);
1531 ieee80211_add_non_inheritance_elem(skb, outer_present_elems,
1532 link_present_elems);
1534 ieee80211_fragment_element(skb, subelem_len,
1535 IEEE80211_MLE_SUBELEM_FRAGMENT);
1538 ieee80211_fragment_element(skb, ml_elem_len, WLAN_EID_FRAGMENT);
1541 static int ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata)
1543 struct ieee80211_local *local = sdata->local;
1544 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1545 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
1546 struct ieee80211_link_data *link;
1547 struct sk_buff *skb;
1548 struct ieee80211_mgmt *mgmt;
1549 u8 *pos, qos_info, *ie_start;
1550 size_t offset, noffset;
1551 u16 capab = 0, link_capab;
1553 struct element *ext_capa = NULL;
1554 enum nl80211_iftype iftype = ieee80211_vif_type_p2p(&sdata->vif);
1555 struct ieee80211_prep_tx_info info = {};
1556 unsigned int link_id, n_links = 0;
1557 u16 present_elems[PRESENT_ELEMS_MAX] = {};
1562 /* we know it's writable, cast away the const */
1563 if (assoc_data->ie_len)
1564 ext_capa = (void *)cfg80211_find_elem(WLAN_EID_EXT_CAPABILITY,
1566 assoc_data->ie_len);
1568 lockdep_assert_wiphy(sdata->local->hw.wiphy);
1570 size = local->hw.extra_tx_headroom +
1571 sizeof(*mgmt) + /* bit too much but doesn't matter */
1572 2 + assoc_data->ssid_len + /* SSID */
1573 assoc_data->ie_len + /* extra IEs */
1574 (assoc_data->fils_kek_len ? 16 /* AES-SIV */ : 0) +
1577 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
1578 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss;
1579 const struct ieee80211_sband_iftype_data *iftd;
1580 struct ieee80211_supported_band *sband;
1585 sband = local->hw.wiphy->bands[cbss->channel->band];
1588 /* add STA profile elements length */
1589 size += assoc_data->link[link_id].elems_len;
1590 /* and supported rates length */
1591 size += 4 + sband->n_bitrates;
1592 /* supported channels */
1593 size += 2 + 2 * sband->n_channels;
1595 iftd = ieee80211_get_sband_iftype_data(sband, iftype);
1597 size += iftd->vendor_elems.len;
1599 /* power capability */
1602 /* HT, VHT, HE, EHT */
1603 size += 2 + sizeof(struct ieee80211_ht_cap);
1604 size += 2 + sizeof(struct ieee80211_vht_cap);
1605 size += 2 + 1 + sizeof(struct ieee80211_he_cap_elem) +
1606 sizeof(struct ieee80211_he_mcs_nss_supp) +
1607 IEEE80211_HE_PPE_THRES_MAX_LEN;
1609 if (sband->band == NL80211_BAND_6GHZ)
1610 size += 2 + 1 + sizeof(struct ieee80211_he_6ghz_capa);
1612 size += 2 + 1 + sizeof(struct ieee80211_eht_cap_elem) +
1613 sizeof(struct ieee80211_eht_mcs_nss_supp) +
1614 IEEE80211_EHT_PPE_THRES_MAX_LEN;
1616 /* non-inheritance element */
1617 size += 2 + 2 + PRESENT_ELEMS_MAX;
1619 /* should be the same across all BSSes */
1620 if (cbss->capability & WLAN_CAPABILITY_PRIVACY)
1621 capab |= WLAN_CAPABILITY_PRIVACY;
1624 if (ieee80211_vif_is_mld(&sdata->vif)) {
1625 /* consider the multi-link element with STA profile */
1626 size += sizeof(struct ieee80211_multi_link_elem);
1627 /* max common info field in basic multi-link element */
1628 size += sizeof(struct ieee80211_mle_basic_common_info) +
1633 * The capability elements were already considered above;
1634 * note this over-estimates a bit because there's no
1635 * STA profile for the assoc link.
1637 size += (n_links - 1) *
1638 (1 + 1 + /* subelement ID/length */
1639 2 + /* STA control */
1640 1 + ETH_ALEN + 2 /* STA Info field */);
1643 link = sdata_dereference(sdata->link[assoc_data->assoc_link_id], sdata);
1647 if (WARN_ON(!assoc_data->link[assoc_data->assoc_link_id].bss))
1650 skb = alloc_skb(size, GFP_KERNEL);
1654 skb_reserve(skb, local->hw.extra_tx_headroom);
1656 if (ifmgd->flags & IEEE80211_STA_ENABLE_RRM)
1657 capab |= WLAN_CAPABILITY_RADIO_MEASURE;
1659 /* Set MBSSID support for HE AP if needed */
1660 if (ieee80211_hw_check(&local->hw, SUPPORTS_ONLY_HE_MULTI_BSSID) &&
1661 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HE &&
1662 ext_capa && ext_capa->datalen >= 3)
1663 ext_capa->data[2] |= WLAN_EXT_CAPA3_MULTI_BSSID_SUPPORT;
1665 mgmt = skb_put_zero(skb, 24);
1666 memcpy(mgmt->da, sdata->vif.cfg.ap_addr, ETH_ALEN);
1667 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
1668 memcpy(mgmt->bssid, sdata->vif.cfg.ap_addr, ETH_ALEN);
1670 listen_int = cpu_to_le16(assoc_data->s1g ?
1671 ieee80211_encode_usf(local->hw.conf.listen_interval) :
1672 local->hw.conf.listen_interval);
1673 if (!is_zero_ether_addr(assoc_data->prev_ap_addr)) {
1675 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
1676 IEEE80211_STYPE_REASSOC_REQ);
1677 capab_pos = &mgmt->u.reassoc_req.capab_info;
1678 mgmt->u.reassoc_req.listen_interval = listen_int;
1679 memcpy(mgmt->u.reassoc_req.current_ap,
1680 assoc_data->prev_ap_addr, ETH_ALEN);
1681 info.subtype = IEEE80211_STYPE_REASSOC_REQ;
1684 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
1685 IEEE80211_STYPE_ASSOC_REQ);
1686 capab_pos = &mgmt->u.assoc_req.capab_info;
1687 mgmt->u.assoc_req.listen_interval = listen_int;
1688 info.subtype = IEEE80211_STYPE_ASSOC_REQ;
1692 pos = skb_put(skb, 2 + assoc_data->ssid_len);
1694 *pos++ = WLAN_EID_SSID;
1695 *pos++ = assoc_data->ssid_len;
1696 memcpy(pos, assoc_data->ssid, assoc_data->ssid_len);
1699 * This bit is technically reserved, so it shouldn't matter for either
1700 * the AP or us, but it also means we shouldn't set it. However, we've
1701 * always set it in the past, and apparently some EHT APs check that
1702 * we don't set it. To avoid interoperability issues with old APs that
1703 * for some reason check it and want it to be set, set the bit for all
1704 * pre-EHT connections as we used to do.
1706 if (link->u.mgd.conn.mode < IEEE80211_CONN_MODE_EHT)
1707 capab |= WLAN_CAPABILITY_ESS;
1709 /* add the elements for the assoc (main) link */
1711 offset = ieee80211_assoc_link_elems(sdata, skb, &link_capab,
1715 assoc_data->assoc_link_id, link,
1717 put_unaligned_le16(link_capab, capab_pos);
1719 /* if present, add any custom non-vendor IEs */
1720 if (assoc_data->ie_len) {
1721 noffset = ieee80211_ie_split_vendor(assoc_data->ie,
1724 skb_put_data(skb, assoc_data->ie + offset, noffset - offset);
1728 if (assoc_data->wmm) {
1729 if (assoc_data->uapsd) {
1730 qos_info = ifmgd->uapsd_queues;
1731 qos_info |= (ifmgd->uapsd_max_sp_len <<
1732 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT);
1737 pos = ieee80211_add_wmm_info_ie(skb_put(skb, 9), qos_info);
1740 /* add any remaining custom (i.e. vendor specific here) IEs */
1741 if (assoc_data->ie_len) {
1742 noffset = assoc_data->ie_len;
1743 skb_put_data(skb, assoc_data->ie + offset, noffset - offset);
1746 if (assoc_data->fils_kek_len) {
1747 ret = fils_encrypt_assoc_req(skb, assoc_data);
1754 pos = skb_tail_pointer(skb);
1755 kfree(ifmgd->assoc_req_ies);
1756 ifmgd->assoc_req_ies = kmemdup(ie_start, pos - ie_start, GFP_ATOMIC);
1757 if (!ifmgd->assoc_req_ies) {
1762 ifmgd->assoc_req_ies_len = pos - ie_start;
1764 info.link_id = assoc_data->assoc_link_id;
1765 drv_mgd_prepare_tx(local, sdata, &info);
1767 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
1768 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
1769 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS |
1770 IEEE80211_TX_INTFL_MLME_CONN_TX;
1771 ieee80211_tx_skb(sdata, skb);
1776 void ieee80211_send_pspoll(struct ieee80211_local *local,
1777 struct ieee80211_sub_if_data *sdata)
1779 struct ieee80211_pspoll *pspoll;
1780 struct sk_buff *skb;
1782 skb = ieee80211_pspoll_get(&local->hw, &sdata->vif);
1786 pspoll = (struct ieee80211_pspoll *) skb->data;
1787 pspoll->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
1789 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
1790 ieee80211_tx_skb(sdata, skb);
1793 void ieee80211_send_nullfunc(struct ieee80211_local *local,
1794 struct ieee80211_sub_if_data *sdata,
1797 struct sk_buff *skb;
1798 struct ieee80211_hdr_3addr *nullfunc;
1799 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1801 skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif, -1,
1802 !ieee80211_hw_check(&local->hw,
1803 DOESNT_SUPPORT_QOS_NDP));
1807 nullfunc = (struct ieee80211_hdr_3addr *) skb->data;
1809 nullfunc->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
1811 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT |
1812 IEEE80211_TX_INTFL_OFFCHAN_TX_OK;
1814 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
1815 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
1817 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL)
1818 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE;
1820 ieee80211_tx_skb(sdata, skb);
1823 void ieee80211_send_4addr_nullfunc(struct ieee80211_local *local,
1824 struct ieee80211_sub_if_data *sdata)
1826 struct sk_buff *skb;
1827 struct ieee80211_hdr *nullfunc;
1830 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
1833 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30);
1837 skb_reserve(skb, local->hw.extra_tx_headroom);
1839 nullfunc = skb_put_zero(skb, 30);
1840 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC |
1841 IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
1842 nullfunc->frame_control = fc;
1843 memcpy(nullfunc->addr1, sdata->deflink.u.mgd.bssid, ETH_ALEN);
1844 memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN);
1845 memcpy(nullfunc->addr3, sdata->deflink.u.mgd.bssid, ETH_ALEN);
1846 memcpy(nullfunc->addr4, sdata->vif.addr, ETH_ALEN);
1848 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
1849 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE;
1850 ieee80211_tx_skb(sdata, skb);
1853 /* spectrum management related things */
1854 static void ieee80211_chswitch_work(struct wiphy *wiphy,
1855 struct wiphy_work *work)
1857 struct ieee80211_link_data *link =
1858 container_of(work, struct ieee80211_link_data,
1859 u.mgd.chswitch_work.work);
1860 struct ieee80211_sub_if_data *sdata = link->sdata;
1861 struct ieee80211_local *local = sdata->local;
1862 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1865 if (!ieee80211_sdata_running(sdata))
1868 lockdep_assert_wiphy(local->hw.wiphy);
1870 if (!ifmgd->associated)
1873 if (!link->conf->csa_active)
1877 * using reservation isn't immediate as it may be deferred until later
1878 * with multi-vif. once reservation is complete it will re-schedule the
1879 * work with no reserved_chanctx so verify chandef to check if it
1880 * completed successfully
1883 if (link->reserved_chanctx) {
1885 * with multi-vif csa driver may call ieee80211_csa_finish()
1886 * many times while waiting for other interfaces to use their
1889 if (link->reserved_ready)
1892 ret = ieee80211_link_use_reserved_context(link);
1895 "failed to use reserved channel context, disconnecting (err=%d)\n",
1897 wiphy_work_queue(sdata->local->hw.wiphy,
1898 &ifmgd->csa_connection_drop_work);
1903 if (!ieee80211_chanreq_identical(&link->conf->chanreq,
1904 &link->csa_chanreq)) {
1906 "failed to finalize channel switch, disconnecting\n");
1907 wiphy_work_queue(sdata->local->hw.wiphy,
1908 &ifmgd->csa_connection_drop_work);
1912 link->u.mgd.csa_waiting_bcn = true;
1914 ieee80211_sta_reset_beacon_monitor(sdata);
1915 ieee80211_sta_reset_conn_monitor(sdata);
1918 static void ieee80211_chswitch_post_beacon(struct ieee80211_link_data *link)
1920 struct ieee80211_sub_if_data *sdata = link->sdata;
1921 struct ieee80211_local *local = sdata->local;
1922 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1925 lockdep_assert_wiphy(sdata->local->hw.wiphy);
1927 WARN_ON(!link->conf->csa_active);
1929 if (sdata->csa_blocked_tx) {
1930 ieee80211_wake_vif_queues(local, sdata,
1931 IEEE80211_QUEUE_STOP_REASON_CSA);
1932 sdata->csa_blocked_tx = false;
1935 link->conf->csa_active = false;
1936 link->u.mgd.csa_waiting_bcn = false;
1938 ret = drv_post_channel_switch(link);
1941 "driver post channel switch failed, disconnecting\n");
1942 wiphy_work_queue(sdata->local->hw.wiphy,
1943 &ifmgd->csa_connection_drop_work);
1947 cfg80211_ch_switch_notify(sdata->dev, &link->reserved.oper,
1951 void ieee80211_chswitch_done(struct ieee80211_vif *vif, bool success,
1952 unsigned int link_id)
1954 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1956 trace_api_chswitch_done(sdata, success, link_id);
1962 "driver channel switch failed, disconnecting\n");
1963 wiphy_work_queue(sdata->local->hw.wiphy,
1964 &sdata->u.mgd.csa_connection_drop_work);
1966 struct ieee80211_link_data *link =
1967 rcu_dereference(sdata->link[link_id]);
1969 if (WARN_ON(!link)) {
1974 wiphy_delayed_work_queue(sdata->local->hw.wiphy,
1975 &link->u.mgd.chswitch_work, 0);
1980 EXPORT_SYMBOL(ieee80211_chswitch_done);
1983 ieee80211_sta_abort_chanswitch(struct ieee80211_link_data *link)
1985 struct ieee80211_sub_if_data *sdata = link->sdata;
1986 struct ieee80211_local *local = sdata->local;
1988 lockdep_assert_wiphy(local->hw.wiphy);
1990 if (!local->ops->abort_channel_switch)
1993 ieee80211_link_unreserve_chanctx(link);
1995 if (sdata->csa_blocked_tx) {
1996 ieee80211_wake_vif_queues(local, sdata,
1997 IEEE80211_QUEUE_STOP_REASON_CSA);
1998 sdata->csa_blocked_tx = false;
2001 link->conf->csa_active = false;
2003 drv_abort_channel_switch(link);
2007 ieee80211_sta_process_chanswitch(struct ieee80211_link_data *link,
2008 u64 timestamp, u32 device_timestamp,
2009 struct ieee802_11_elems *elems,
2012 struct ieee80211_sub_if_data *sdata = link->sdata;
2013 struct ieee80211_local *local = sdata->local;
2014 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2015 struct cfg80211_bss *cbss = link->conf->bss;
2016 struct ieee80211_chanctx_conf *conf;
2017 struct ieee80211_chanctx *chanctx;
2018 enum nl80211_band current_band;
2019 struct ieee80211_csa_ie csa_ie;
2020 struct ieee80211_channel_switch ch_switch = {
2021 .link_id = link->link_id,
2023 struct ieee80211_bss *bss;
2024 unsigned long timeout;
2027 lockdep_assert_wiphy(local->hw.wiphy);
2032 current_band = cbss->channel->band;
2033 bss = (void *)cbss->priv;
2034 res = ieee80211_parse_ch_switch_ie(sdata, elems, current_band,
2037 link->u.mgd.bssid, &csa_ie);
2040 ch_switch.timestamp = timestamp;
2041 ch_switch.device_timestamp = device_timestamp;
2042 ch_switch.block_tx = csa_ie.mode;
2043 ch_switch.chandef = csa_ie.chanreq.oper;
2044 ch_switch.count = csa_ie.count;
2045 ch_switch.delay = csa_ie.max_switch_time;
2049 goto drop_connection;
2051 if (link->conf->csa_active) {
2052 /* already processing - disregard action frames */
2056 if (link->u.mgd.csa_waiting_bcn) {
2057 ieee80211_chswitch_post_beacon(link);
2059 * If the CSA IE is still present in the beacon after
2060 * the switch, we need to consider it as a new CSA
2061 * (possibly to self) - this happens by not returning
2062 * here so we'll get to the check below.
2065 ieee80211_sta_abort_chanswitch(link);
2068 drv_channel_switch_rx_beacon(sdata, &ch_switch);
2073 /* nothing to do at all - no active CSA nor a new one */
2077 if (link->conf->chanreq.oper.chan->band !=
2078 csa_ie.chanreq.oper.chan->band) {
2080 "AP %pM switches to different band (%d MHz, width:%d, CF1/2: %d/%d MHz), disconnecting\n",
2082 csa_ie.chanreq.oper.chan->center_freq,
2083 csa_ie.chanreq.oper.width,
2084 csa_ie.chanreq.oper.center_freq1,
2085 csa_ie.chanreq.oper.center_freq2);
2086 goto drop_connection;
2089 if (!cfg80211_chandef_usable(local->hw.wiphy, &csa_ie.chanreq.oper,
2090 IEEE80211_CHAN_DISABLED)) {
2092 "AP %pM switches to unsupported channel "
2093 "(%d.%03d MHz, width:%d, CF1/2: %d.%03d/%d MHz), "
2096 csa_ie.chanreq.oper.chan->center_freq,
2097 csa_ie.chanreq.oper.chan->freq_offset,
2098 csa_ie.chanreq.oper.width,
2099 csa_ie.chanreq.oper.center_freq1,
2100 csa_ie.chanreq.oper.freq1_offset,
2101 csa_ie.chanreq.oper.center_freq2);
2102 goto drop_connection;
2105 if (cfg80211_chandef_identical(&csa_ie.chanreq.oper,
2106 &link->conf->chanreq.oper) &&
2107 (!csa_ie.mode || !beacon)) {
2108 if (link->u.mgd.csa_ignored_same_chan)
2111 "AP %pM tries to chanswitch to same channel, ignore\n",
2113 link->u.mgd.csa_ignored_same_chan = true;
2118 * Drop all TDLS peers on the affected link - either we disconnect or
2119 * move to a different channel from this point on. There's no telling
2120 * what our peer will do.
2121 * The TDLS WIDER_BW scenario is also problematic, as peers might now
2122 * have an incompatible wider chandef.
2124 ieee80211_teardown_tdls_peers(link);
2126 conf = rcu_dereference_protected(link->conf->chanctx_conf,
2127 lockdep_is_held(&local->hw.wiphy->mtx));
2130 "no channel context assigned to vif?, disconnecting\n");
2131 goto drop_connection;
2134 chanctx = container_of(conf, struct ieee80211_chanctx, conf);
2136 if (!ieee80211_hw_check(&local->hw, CHANCTX_STA_CSA)) {
2138 "driver doesn't support chan-switch with channel contexts\n");
2139 goto drop_connection;
2142 if (drv_pre_channel_switch(sdata, &ch_switch)) {
2144 "preparing for channel switch failed, disconnecting\n");
2145 goto drop_connection;
2148 res = ieee80211_link_reserve_chanctx(link, &csa_ie.chanreq,
2149 chanctx->mode, false);
2152 "failed to reserve channel context for channel switch, disconnecting (err=%d)\n",
2154 goto drop_connection;
2157 link->conf->csa_active = true;
2158 link->csa_chanreq = csa_ie.chanreq;
2159 link->u.mgd.csa_ignored_same_chan = false;
2160 link->u.mgd.beacon_crc_valid = false;
2163 !ieee80211_hw_check(&local->hw, HANDLES_QUIET_CSA)) {
2164 ieee80211_stop_vif_queues(local, sdata,
2165 IEEE80211_QUEUE_STOP_REASON_CSA);
2166 sdata->csa_blocked_tx = true;
2169 cfg80211_ch_switch_started_notify(sdata->dev, &csa_ie.chanreq.oper,
2170 link->link_id, csa_ie.count,
2173 if (local->ops->channel_switch) {
2174 /* use driver's channel switch callback */
2175 drv_channel_switch(local, sdata, &ch_switch);
2179 /* channel switch handled in software */
2180 timeout = TU_TO_JIFFIES((max_t(int, csa_ie.count, 1) - 1) *
2181 cbss->beacon_interval);
2182 wiphy_delayed_work_queue(local->hw.wiphy,
2183 &link->u.mgd.chswitch_work,
2188 * This is just so that the disconnect flow will know that
2189 * we were trying to switch channel and failed. In case the
2190 * mode is 1 (we are not allowed to Tx), we will know not to
2191 * send a deauthentication frame. Those two fields will be
2192 * reset when the disconnection worker runs.
2194 link->conf->csa_active = true;
2195 sdata->csa_blocked_tx =
2196 csa_ie.mode && !ieee80211_hw_check(&local->hw, HANDLES_QUIET_CSA);
2198 wiphy_work_queue(sdata->local->hw.wiphy,
2199 &ifmgd->csa_connection_drop_work);
2203 ieee80211_find_80211h_pwr_constr(struct ieee80211_sub_if_data *sdata,
2204 struct ieee80211_channel *channel,
2205 const u8 *country_ie, u8 country_ie_len,
2206 const u8 *pwr_constr_elem,
2207 int *chan_pwr, int *pwr_reduction)
2209 struct ieee80211_country_ie_triplet *triplet;
2210 int chan = ieee80211_frequency_to_channel(channel->center_freq);
2211 int i, chan_increment;
2212 bool have_chan_pwr = false;
2215 if (country_ie_len % 2 || country_ie_len < IEEE80211_COUNTRY_IE_MIN_LEN)
2218 triplet = (void *)(country_ie + 3);
2219 country_ie_len -= 3;
2221 switch (channel->band) {
2225 case NL80211_BAND_2GHZ:
2226 case NL80211_BAND_60GHZ:
2227 case NL80211_BAND_LC:
2230 case NL80211_BAND_5GHZ:
2233 case NL80211_BAND_6GHZ:
2235 * In the 6 GHz band, the "maximum transmit power level"
2236 * field in the triplets is reserved, and thus will be
2237 * zero and we shouldn't use it to control TX power.
2238 * The actual TX power will be given in the transmit
2239 * power envelope element instead.
2245 while (country_ie_len >= 3) {
2246 u8 first_channel = triplet->chans.first_channel;
2248 if (first_channel >= IEEE80211_COUNTRY_EXTENSION_ID)
2251 for (i = 0; i < triplet->chans.num_channels; i++) {
2252 if (first_channel + i * chan_increment == chan) {
2253 have_chan_pwr = true;
2254 *chan_pwr = triplet->chans.max_power;
2263 country_ie_len -= 3;
2266 if (have_chan_pwr && pwr_constr_elem)
2267 *pwr_reduction = *pwr_constr_elem;
2271 return have_chan_pwr;
2274 static void ieee80211_find_cisco_dtpc(struct ieee80211_sub_if_data *sdata,
2275 struct ieee80211_channel *channel,
2276 const u8 *cisco_dtpc_ie,
2279 /* From practical testing, the first data byte of the DTPC element
2280 * seems to contain the requested dBm level, and the CLI on Cisco
2281 * APs clearly state the range is -127 to 127 dBm, which indicates
2282 * a signed byte, although it seemingly never actually goes negative.
2283 * The other byte seems to always be zero.
2285 *pwr_level = (__s8)cisco_dtpc_ie[4];
2288 static u64 ieee80211_handle_pwr_constr(struct ieee80211_link_data *link,
2289 struct ieee80211_channel *channel,
2290 struct ieee80211_mgmt *mgmt,
2291 const u8 *country_ie, u8 country_ie_len,
2292 const u8 *pwr_constr_ie,
2293 const u8 *cisco_dtpc_ie)
2295 struct ieee80211_sub_if_data *sdata = link->sdata;
2296 bool has_80211h_pwr = false, has_cisco_pwr = false;
2297 int chan_pwr = 0, pwr_reduction_80211h = 0;
2298 int pwr_level_cisco, pwr_level_80211h;
2300 __le16 capab = mgmt->u.probe_resp.capab_info;
2302 if (ieee80211_is_s1g_beacon(mgmt->frame_control))
2303 return 0; /* TODO */
2306 (capab & cpu_to_le16(WLAN_CAPABILITY_SPECTRUM_MGMT) ||
2307 capab & cpu_to_le16(WLAN_CAPABILITY_RADIO_MEASURE))) {
2308 has_80211h_pwr = ieee80211_find_80211h_pwr_constr(
2309 sdata, channel, country_ie, country_ie_len,
2310 pwr_constr_ie, &chan_pwr, &pwr_reduction_80211h);
2312 max_t(int, 0, chan_pwr - pwr_reduction_80211h);
2315 if (cisco_dtpc_ie) {
2316 ieee80211_find_cisco_dtpc(
2317 sdata, channel, cisco_dtpc_ie, &pwr_level_cisco);
2318 has_cisco_pwr = true;
2321 if (!has_80211h_pwr && !has_cisco_pwr)
2324 /* If we have both 802.11h and Cisco DTPC, apply both limits
2325 * by picking the smallest of the two power levels advertised.
2327 if (has_80211h_pwr &&
2328 (!has_cisco_pwr || pwr_level_80211h <= pwr_level_cisco)) {
2329 new_ap_level = pwr_level_80211h;
2331 if (link->ap_power_level == new_ap_level)
2335 "Limiting TX power to %d (%d - %d) dBm as advertised by %pM\n",
2336 pwr_level_80211h, chan_pwr, pwr_reduction_80211h,
2338 } else { /* has_cisco_pwr is always true here. */
2339 new_ap_level = pwr_level_cisco;
2341 if (link->ap_power_level == new_ap_level)
2345 "Limiting TX power to %d dBm as advertised by %pM\n",
2346 pwr_level_cisco, link->u.mgd.bssid);
2349 link->ap_power_level = new_ap_level;
2350 if (__ieee80211_recalc_txpower(sdata))
2351 return BSS_CHANGED_TXPOWER;
2356 static void ieee80211_enable_ps(struct ieee80211_local *local,
2357 struct ieee80211_sub_if_data *sdata)
2359 struct ieee80211_conf *conf = &local->hw.conf;
2362 * If we are scanning right now then the parameters will
2363 * take effect when scan finishes.
2365 if (local->scanning)
2368 if (conf->dynamic_ps_timeout > 0 &&
2369 !ieee80211_hw_check(&local->hw, SUPPORTS_DYNAMIC_PS)) {
2370 mod_timer(&local->dynamic_ps_timer, jiffies +
2371 msecs_to_jiffies(conf->dynamic_ps_timeout));
2373 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK))
2374 ieee80211_send_nullfunc(local, sdata, true);
2376 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) &&
2377 ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
2380 conf->flags |= IEEE80211_CONF_PS;
2381 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
2385 static void ieee80211_change_ps(struct ieee80211_local *local)
2387 struct ieee80211_conf *conf = &local->hw.conf;
2389 if (local->ps_sdata) {
2390 ieee80211_enable_ps(local, local->ps_sdata);
2391 } else if (conf->flags & IEEE80211_CONF_PS) {
2392 conf->flags &= ~IEEE80211_CONF_PS;
2393 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
2394 del_timer_sync(&local->dynamic_ps_timer);
2395 wiphy_work_cancel(local->hw.wiphy,
2396 &local->dynamic_ps_enable_work);
2400 static bool ieee80211_powersave_allowed(struct ieee80211_sub_if_data *sdata)
2402 struct ieee80211_local *local = sdata->local;
2403 struct ieee80211_if_managed *mgd = &sdata->u.mgd;
2404 struct sta_info *sta = NULL;
2405 bool authorized = false;
2407 if (!mgd->powersave)
2413 if (!mgd->associated)
2416 if (mgd->flags & IEEE80211_STA_CONNECTION_POLL)
2419 if (!(local->hw.wiphy->flags & WIPHY_FLAG_SUPPORTS_MLO) &&
2420 !sdata->deflink.u.mgd.have_beacon)
2424 sta = sta_info_get(sdata, sdata->vif.cfg.ap_addr);
2426 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED);
2432 /* need to hold RTNL or interface lock */
2433 void ieee80211_recalc_ps(struct ieee80211_local *local)
2435 struct ieee80211_sub_if_data *sdata, *found = NULL;
2439 if (!ieee80211_hw_check(&local->hw, SUPPORTS_PS) ||
2440 ieee80211_hw_check(&local->hw, SUPPORTS_DYNAMIC_PS)) {
2441 local->ps_sdata = NULL;
2445 list_for_each_entry(sdata, &local->interfaces, list) {
2446 if (!ieee80211_sdata_running(sdata))
2448 if (sdata->vif.type == NL80211_IFTYPE_AP) {
2449 /* If an AP vif is found, then disable PS
2450 * by setting the count to zero thereby setting
2456 if (sdata->vif.type != NL80211_IFTYPE_STATION)
2462 if (count == 1 && ieee80211_powersave_allowed(found)) {
2463 u8 dtimper = found->deflink.u.mgd.dtim_period;
2465 timeout = local->dynamic_ps_forced_timeout;
2468 local->hw.conf.dynamic_ps_timeout = timeout;
2470 /* If the TIM IE is invalid, pretend the value is 1 */
2474 local->hw.conf.ps_dtim_period = dtimper;
2475 local->ps_sdata = found;
2477 local->ps_sdata = NULL;
2480 ieee80211_change_ps(local);
2483 void ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data *sdata)
2485 bool ps_allowed = ieee80211_powersave_allowed(sdata);
2487 if (sdata->vif.cfg.ps != ps_allowed) {
2488 sdata->vif.cfg.ps = ps_allowed;
2489 ieee80211_vif_cfg_change_notify(sdata, BSS_CHANGED_PS);
2493 void ieee80211_dynamic_ps_disable_work(struct wiphy *wiphy,
2494 struct wiphy_work *work)
2496 struct ieee80211_local *local =
2497 container_of(work, struct ieee80211_local,
2498 dynamic_ps_disable_work);
2500 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
2501 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
2502 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
2505 ieee80211_wake_queues_by_reason(&local->hw,
2506 IEEE80211_MAX_QUEUE_MAP,
2507 IEEE80211_QUEUE_STOP_REASON_PS,
2511 void ieee80211_dynamic_ps_enable_work(struct wiphy *wiphy,
2512 struct wiphy_work *work)
2514 struct ieee80211_local *local =
2515 container_of(work, struct ieee80211_local,
2516 dynamic_ps_enable_work);
2517 struct ieee80211_sub_if_data *sdata = local->ps_sdata;
2518 struct ieee80211_if_managed *ifmgd;
2519 unsigned long flags;
2522 /* can only happen when PS was just disabled anyway */
2526 ifmgd = &sdata->u.mgd;
2528 if (local->hw.conf.flags & IEEE80211_CONF_PS)
2531 if (local->hw.conf.dynamic_ps_timeout > 0) {
2532 /* don't enter PS if TX frames are pending */
2533 if (drv_tx_frames_pending(local)) {
2534 mod_timer(&local->dynamic_ps_timer, jiffies +
2536 local->hw.conf.dynamic_ps_timeout));
2541 * transmission can be stopped by others which leads to
2542 * dynamic_ps_timer expiry. Postpone the ps timer if it
2543 * is not the actual idle state.
2545 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
2546 for (q = 0; q < local->hw.queues; q++) {
2547 if (local->queue_stop_reasons[q]) {
2548 spin_unlock_irqrestore(&local->queue_stop_reason_lock,
2550 mod_timer(&local->dynamic_ps_timer, jiffies +
2552 local->hw.conf.dynamic_ps_timeout));
2556 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
2559 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) &&
2560 !(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) {
2561 if (drv_tx_frames_pending(local)) {
2562 mod_timer(&local->dynamic_ps_timer, jiffies +
2564 local->hw.conf.dynamic_ps_timeout));
2566 ieee80211_send_nullfunc(local, sdata, true);
2567 /* Flush to get the tx status of nullfunc frame */
2568 ieee80211_flush_queues(local, sdata, false);
2572 if (!(ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS) &&
2573 ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK)) ||
2574 (ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) {
2575 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED;
2576 local->hw.conf.flags |= IEEE80211_CONF_PS;
2577 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
2581 void ieee80211_dynamic_ps_timer(struct timer_list *t)
2583 struct ieee80211_local *local = from_timer(local, t, dynamic_ps_timer);
2585 wiphy_work_queue(local->hw.wiphy, &local->dynamic_ps_enable_work);
2588 void ieee80211_dfs_cac_timer_work(struct wiphy *wiphy, struct wiphy_work *work)
2590 struct ieee80211_link_data *link =
2591 container_of(work, struct ieee80211_link_data,
2592 dfs_cac_timer_work.work);
2593 struct cfg80211_chan_def chandef = link->conf->chanreq.oper;
2594 struct ieee80211_sub_if_data *sdata = link->sdata;
2596 lockdep_assert_wiphy(sdata->local->hw.wiphy);
2598 if (sdata->wdev.cac_started) {
2599 ieee80211_link_release_channel(link);
2600 cfg80211_cac_event(sdata->dev, &chandef,
2601 NL80211_RADAR_CAC_FINISHED,
2607 __ieee80211_sta_handle_tspec_ac_params(struct ieee80211_sub_if_data *sdata)
2609 struct ieee80211_local *local = sdata->local;
2610 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2614 if (local->hw.queues < IEEE80211_NUM_ACS)
2617 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
2618 struct ieee80211_sta_tx_tspec *tx_tspec = &ifmgd->tx_tspec[ac];
2620 unsigned long now = jiffies;
2622 if (tx_tspec->action == TX_TSPEC_ACTION_NONE &&
2623 tx_tspec->admitted_time &&
2624 time_after(now, tx_tspec->time_slice_start + HZ)) {
2625 tx_tspec->consumed_tx_time = 0;
2626 tx_tspec->time_slice_start = now;
2628 if (tx_tspec->downgraded)
2630 TX_TSPEC_ACTION_STOP_DOWNGRADE;
2633 switch (tx_tspec->action) {
2634 case TX_TSPEC_ACTION_STOP_DOWNGRADE:
2635 /* take the original parameters */
2636 if (drv_conf_tx(local, &sdata->deflink, ac,
2637 &sdata->deflink.tx_conf[ac]))
2638 link_err(&sdata->deflink,
2639 "failed to set TX queue parameters for queue %d\n",
2641 tx_tspec->action = TX_TSPEC_ACTION_NONE;
2642 tx_tspec->downgraded = false;
2645 case TX_TSPEC_ACTION_DOWNGRADE:
2646 if (time_after(now, tx_tspec->time_slice_start + HZ)) {
2647 tx_tspec->action = TX_TSPEC_ACTION_NONE;
2651 /* downgrade next lower non-ACM AC */
2652 for (non_acm_ac = ac + 1;
2653 non_acm_ac < IEEE80211_NUM_ACS;
2655 if (!(sdata->wmm_acm & BIT(7 - 2 * non_acm_ac)))
2657 /* Usually the loop will result in using BK even if it
2658 * requires admission control, but such a configuration
2659 * makes no sense and we have to transmit somehow - the
2660 * AC selection does the same thing.
2661 * If we started out trying to downgrade from BK, then
2662 * the extra condition here might be needed.
2664 if (non_acm_ac >= IEEE80211_NUM_ACS)
2665 non_acm_ac = IEEE80211_AC_BK;
2666 if (drv_conf_tx(local, &sdata->deflink, ac,
2667 &sdata->deflink.tx_conf[non_acm_ac]))
2668 link_err(&sdata->deflink,
2669 "failed to set TX queue parameters for queue %d\n",
2671 tx_tspec->action = TX_TSPEC_ACTION_NONE;
2673 wiphy_delayed_work_queue(local->hw.wiphy,
2674 &ifmgd->tx_tspec_wk,
2675 tx_tspec->time_slice_start +
2678 case TX_TSPEC_ACTION_NONE:
2687 void ieee80211_sta_handle_tspec_ac_params(struct ieee80211_sub_if_data *sdata)
2689 if (__ieee80211_sta_handle_tspec_ac_params(sdata))
2690 ieee80211_link_info_change_notify(sdata, &sdata->deflink,
2694 static void ieee80211_sta_handle_tspec_ac_params_wk(struct wiphy *wiphy,
2695 struct wiphy_work *work)
2697 struct ieee80211_sub_if_data *sdata;
2699 sdata = container_of(work, struct ieee80211_sub_if_data,
2700 u.mgd.tx_tspec_wk.work);
2701 ieee80211_sta_handle_tspec_ac_params(sdata);
2704 void ieee80211_mgd_set_link_qos_params(struct ieee80211_link_data *link)
2706 struct ieee80211_sub_if_data *sdata = link->sdata;
2707 struct ieee80211_local *local = sdata->local;
2708 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2709 struct ieee80211_tx_queue_params *params = link->tx_conf;
2712 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
2714 "WMM AC=%d acm=%d aifs=%d cWmin=%d cWmax=%d txop=%d uapsd=%d, downgraded=%d\n",
2716 params[ac].aifs, params[ac].cw_min, params[ac].cw_max,
2717 params[ac].txop, params[ac].uapsd,
2718 ifmgd->tx_tspec[ac].downgraded);
2719 if (!ifmgd->tx_tspec[ac].downgraded &&
2720 drv_conf_tx(local, link, ac, ¶ms[ac]))
2722 "failed to set TX queue parameters for AC %d\n",
2729 ieee80211_sta_wmm_params(struct ieee80211_local *local,
2730 struct ieee80211_link_data *link,
2731 const u8 *wmm_param, size_t wmm_param_len,
2732 const struct ieee80211_mu_edca_param_set *mu_edca)
2734 struct ieee80211_sub_if_data *sdata = link->sdata;
2735 struct ieee80211_tx_queue_params params[IEEE80211_NUM_ACS];
2736 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2738 int count, mu_edca_count, ac;
2740 u8 uapsd_queues = 0;
2742 if (!local->ops->conf_tx)
2745 if (local->hw.queues < IEEE80211_NUM_ACS)
2751 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1)
2754 if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED)
2755 uapsd_queues = ifmgd->uapsd_queues;
2757 count = wmm_param[6] & 0x0f;
2758 /* -1 is the initial value of ifmgd->mu_edca_last_param_set.
2759 * if mu_edca was preset before and now it disappeared tell
2760 * the driver about it.
2762 mu_edca_count = mu_edca ? mu_edca->mu_qos_info & 0x0f : -1;
2763 if (count == link->u.mgd.wmm_last_param_set &&
2764 mu_edca_count == link->u.mgd.mu_edca_last_param_set)
2766 link->u.mgd.wmm_last_param_set = count;
2767 link->u.mgd.mu_edca_last_param_set = mu_edca_count;
2769 pos = wmm_param + 8;
2770 left = wmm_param_len - 8;
2772 memset(¶ms, 0, sizeof(params));
2775 for (; left >= 4; left -= 4, pos += 4) {
2776 int aci = (pos[0] >> 5) & 0x03;
2777 int acm = (pos[0] >> 4) & 0x01;
2782 ac = IEEE80211_AC_BK;
2784 sdata->wmm_acm |= BIT(1) | BIT(2); /* BK/- */
2785 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK)
2787 params[ac].mu_edca = !!mu_edca;
2789 params[ac].mu_edca_param_rec = mu_edca->ac_bk;
2792 ac = IEEE80211_AC_VI;
2794 sdata->wmm_acm |= BIT(4) | BIT(5); /* CL/VI */
2795 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI)
2797 params[ac].mu_edca = !!mu_edca;
2799 params[ac].mu_edca_param_rec = mu_edca->ac_vi;
2802 ac = IEEE80211_AC_VO;
2804 sdata->wmm_acm |= BIT(6) | BIT(7); /* VO/NC */
2805 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO)
2807 params[ac].mu_edca = !!mu_edca;
2809 params[ac].mu_edca_param_rec = mu_edca->ac_vo;
2813 ac = IEEE80211_AC_BE;
2815 sdata->wmm_acm |= BIT(0) | BIT(3); /* BE/EE */
2816 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE)
2818 params[ac].mu_edca = !!mu_edca;
2820 params[ac].mu_edca_param_rec = mu_edca->ac_be;
2824 params[ac].aifs = pos[0] & 0x0f;
2826 if (params[ac].aifs < 2) {
2828 "AP has invalid WMM params (AIFSN=%d for ACI %d), will use 2\n",
2829 params[ac].aifs, aci);
2830 params[ac].aifs = 2;
2832 params[ac].cw_max = ecw2cw((pos[1] & 0xf0) >> 4);
2833 params[ac].cw_min = ecw2cw(pos[1] & 0x0f);
2834 params[ac].txop = get_unaligned_le16(pos + 2);
2835 params[ac].acm = acm;
2836 params[ac].uapsd = uapsd;
2838 if (params[ac].cw_min == 0 ||
2839 params[ac].cw_min > params[ac].cw_max) {
2841 "AP has invalid WMM params (CWmin/max=%d/%d for ACI %d), using defaults\n",
2842 params[ac].cw_min, params[ac].cw_max, aci);
2845 ieee80211_regulatory_limit_wmm_params(sdata, ¶ms[ac], ac);
2848 /* WMM specification requires all 4 ACIs. */
2849 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
2850 if (params[ac].cw_min == 0) {
2852 "AP has invalid WMM params (missing AC %d), using defaults\n",
2858 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++)
2859 link->tx_conf[ac] = params[ac];
2861 ieee80211_mgd_set_link_qos_params(link);
2863 /* enable WMM or activate new settings */
2864 link->conf->qos = true;
2868 static void __ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata)
2870 lockdep_assert_wiphy(sdata->local->hw.wiphy);
2872 sdata->u.mgd.flags &= ~IEEE80211_STA_CONNECTION_POLL;
2873 ieee80211_run_deferred_scan(sdata->local);
2876 static void ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata)
2878 lockdep_assert_wiphy(sdata->local->hw.wiphy);
2880 __ieee80211_stop_poll(sdata);
2883 static u64 ieee80211_handle_bss_capability(struct ieee80211_link_data *link,
2884 u16 capab, bool erp_valid, u8 erp)
2886 struct ieee80211_bss_conf *bss_conf = link->conf;
2887 struct ieee80211_supported_band *sband;
2889 bool use_protection;
2890 bool use_short_preamble;
2891 bool use_short_slot;
2893 sband = ieee80211_get_link_sband(link);
2898 use_protection = (erp & WLAN_ERP_USE_PROTECTION) != 0;
2899 use_short_preamble = (erp & WLAN_ERP_BARKER_PREAMBLE) == 0;
2901 use_protection = false;
2902 use_short_preamble = !!(capab & WLAN_CAPABILITY_SHORT_PREAMBLE);
2905 use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME);
2906 if (sband->band == NL80211_BAND_5GHZ ||
2907 sband->band == NL80211_BAND_6GHZ)
2908 use_short_slot = true;
2910 if (use_protection != bss_conf->use_cts_prot) {
2911 bss_conf->use_cts_prot = use_protection;
2912 changed |= BSS_CHANGED_ERP_CTS_PROT;
2915 if (use_short_preamble != bss_conf->use_short_preamble) {
2916 bss_conf->use_short_preamble = use_short_preamble;
2917 changed |= BSS_CHANGED_ERP_PREAMBLE;
2920 if (use_short_slot != bss_conf->use_short_slot) {
2921 bss_conf->use_short_slot = use_short_slot;
2922 changed |= BSS_CHANGED_ERP_SLOT;
2928 static u64 ieee80211_link_set_associated(struct ieee80211_link_data *link,
2929 struct cfg80211_bss *cbss)
2931 struct ieee80211_sub_if_data *sdata = link->sdata;
2932 struct ieee80211_bss_conf *bss_conf = link->conf;
2933 struct ieee80211_bss *bss = (void *)cbss->priv;
2934 u64 changed = BSS_CHANGED_QOS;
2936 /* not really used in MLO */
2937 sdata->u.mgd.beacon_timeout =
2938 usecs_to_jiffies(ieee80211_tu_to_usec(beacon_loss_count *
2939 bss_conf->beacon_int));
2941 changed |= ieee80211_handle_bss_capability(link,
2942 bss_conf->assoc_capability,
2946 ieee80211_check_rate_mask(link);
2948 link->conf->bss = cbss;
2949 memcpy(link->u.mgd.bssid, cbss->bssid, ETH_ALEN);
2951 if (sdata->vif.p2p ||
2952 sdata->vif.driver_flags & IEEE80211_VIF_GET_NOA_UPDATE) {
2953 const struct cfg80211_bss_ies *ies;
2956 ies = rcu_dereference(cbss->ies);
2960 ret = cfg80211_get_p2p_attr(
2961 ies->data, ies->len,
2962 IEEE80211_P2P_ATTR_ABSENCE_NOTICE,
2963 (u8 *) &bss_conf->p2p_noa_attr,
2964 sizeof(bss_conf->p2p_noa_attr));
2966 link->u.mgd.p2p_noa_index =
2967 bss_conf->p2p_noa_attr.index;
2968 changed |= BSS_CHANGED_P2P_PS;
2974 if (link->u.mgd.have_beacon) {
2975 bss_conf->beacon_rate = bss->beacon_rate;
2976 changed |= BSS_CHANGED_BEACON_INFO;
2978 bss_conf->beacon_rate = NULL;
2981 /* Tell the driver to monitor connection quality (if supported) */
2982 if (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI &&
2983 bss_conf->cqm_rssi_thold)
2984 changed |= BSS_CHANGED_CQM;
2989 static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
2990 struct ieee80211_mgd_assoc_data *assoc_data,
2991 u64 changed[IEEE80211_MLD_MAX_NUM_LINKS])
2993 struct ieee80211_local *local = sdata->local;
2994 struct ieee80211_vif_cfg *vif_cfg = &sdata->vif.cfg;
2995 u64 vif_changed = BSS_CHANGED_ASSOC;
2996 unsigned int link_id;
2998 lockdep_assert_wiphy(local->hw.wiphy);
3000 sdata->u.mgd.associated = true;
3002 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
3003 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss;
3004 struct ieee80211_link_data *link;
3007 assoc_data->link[link_id].status != WLAN_STATUS_SUCCESS)
3010 if (ieee80211_vif_is_mld(&sdata->vif) &&
3011 !(ieee80211_vif_usable_links(&sdata->vif) & BIT(link_id)))
3014 link = sdata_dereference(sdata->link[link_id], sdata);
3018 changed[link_id] |= ieee80211_link_set_associated(link, cbss);
3021 /* just to be sure */
3022 ieee80211_stop_poll(sdata);
3024 ieee80211_led_assoc(local, 1);
3028 /* Enable ARP filtering */
3029 if (vif_cfg->arp_addr_cnt)
3030 vif_changed |= BSS_CHANGED_ARP_FILTER;
3032 if (ieee80211_vif_is_mld(&sdata->vif)) {
3034 link_id < IEEE80211_MLD_MAX_NUM_LINKS;
3036 struct ieee80211_link_data *link;
3037 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss;
3041 ieee80211_vif_usable_links(&sdata->vif)) ||
3042 assoc_data->link[link_id].status != WLAN_STATUS_SUCCESS)
3045 link = sdata_dereference(sdata->link[link_id], sdata);
3049 ieee80211_link_info_change_notify(sdata, link,
3052 ieee80211_recalc_smps(sdata, link);
3055 ieee80211_vif_cfg_change_notify(sdata, vif_changed);
3057 ieee80211_bss_info_change_notify(sdata,
3058 vif_changed | changed[0]);
3061 ieee80211_recalc_ps(local);
3063 /* leave this here to not change ordering in non-MLO cases */
3064 if (!ieee80211_vif_is_mld(&sdata->vif))
3065 ieee80211_recalc_smps(sdata, &sdata->deflink);
3066 ieee80211_recalc_ps_vif(sdata);
3068 netif_carrier_on(sdata->dev);
3071 static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
3072 u16 stype, u16 reason, bool tx,
3075 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3076 struct ieee80211_local *local = sdata->local;
3077 unsigned int link_id;
3079 struct ieee80211_prep_tx_info info = {
3083 lockdep_assert_wiphy(local->hw.wiphy);
3085 if (WARN_ON_ONCE(tx && !frame_buf))
3088 if (WARN_ON(!ifmgd->associated))
3091 ieee80211_stop_poll(sdata);
3093 ifmgd->associated = false;
3095 /* other links will be destroyed */
3096 sdata->deflink.conf->bss = NULL;
3097 sdata->deflink.smps_mode = IEEE80211_SMPS_OFF;
3099 netif_carrier_off(sdata->dev);
3102 * if we want to get out of ps before disassoc (why?) we have
3103 * to do it before sending disassoc, as otherwise the null-packet
3106 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
3107 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
3108 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
3110 local->ps_sdata = NULL;
3112 /* disable per-vif ps */
3113 ieee80211_recalc_ps_vif(sdata);
3115 /* make sure ongoing transmission finishes */
3119 * drop any frame before deauth/disassoc, this can be data or
3120 * management frame. Since we are disconnecting, we should not
3121 * insist sending these frames which can take time and delay
3122 * the disconnection and possible the roaming.
3125 ieee80211_flush_queues(local, sdata, true);
3127 /* deauthenticate/disassociate now */
3128 if (tx || frame_buf) {
3130 * In multi channel scenarios guarantee that the virtual
3131 * interface is granted immediate airtime to transmit the
3132 * deauthentication frame by calling mgd_prepare_tx, if the
3133 * driver requested so.
3135 if (ieee80211_hw_check(&local->hw, DEAUTH_NEED_MGD_TX_PREP)) {
3136 for (link_id = 0; link_id < ARRAY_SIZE(sdata->link);
3138 struct ieee80211_link_data *link;
3140 link = sdata_dereference(sdata->link[link_id],
3144 if (link->u.mgd.have_beacon)
3147 if (link_id == IEEE80211_MLD_MAX_NUM_LINKS) {
3148 info.link_id = ffs(sdata->vif.active_links) - 1;
3149 drv_mgd_prepare_tx(sdata->local, sdata, &info);
3153 ieee80211_send_deauth_disassoc(sdata, sdata->vif.cfg.ap_addr,
3154 sdata->vif.cfg.ap_addr, stype,
3155 reason, tx, frame_buf);
3158 /* flush out frame - make sure the deauth was actually sent */
3160 ieee80211_flush_queues(local, sdata, false);
3162 drv_mgd_complete_tx(sdata->local, sdata, &info);
3164 /* clear AP addr only after building the needed mgmt frames */
3165 eth_zero_addr(sdata->deflink.u.mgd.bssid);
3166 eth_zero_addr(sdata->vif.cfg.ap_addr);
3168 sdata->vif.cfg.ssid_len = 0;
3170 /* remove AP and TDLS peers */
3171 sta_info_flush(sdata, -1);
3173 /* finally reset all BSS / config parameters */
3174 if (!ieee80211_vif_is_mld(&sdata->vif))
3175 changed |= ieee80211_reset_erp_info(sdata);
3177 ieee80211_led_assoc(local, 0);
3178 changed |= BSS_CHANGED_ASSOC;
3179 sdata->vif.cfg.assoc = false;
3181 sdata->deflink.u.mgd.p2p_noa_index = -1;
3182 memset(&sdata->vif.bss_conf.p2p_noa_attr, 0,
3183 sizeof(sdata->vif.bss_conf.p2p_noa_attr));
3185 /* on the next assoc, re-program HT/VHT parameters */
3186 memset(&ifmgd->ht_capa, 0, sizeof(ifmgd->ht_capa));
3187 memset(&ifmgd->ht_capa_mask, 0, sizeof(ifmgd->ht_capa_mask));
3188 memset(&ifmgd->vht_capa, 0, sizeof(ifmgd->vht_capa));
3189 memset(&ifmgd->vht_capa_mask, 0, sizeof(ifmgd->vht_capa_mask));
3192 * reset MU-MIMO ownership and group data in default link,
3193 * if used, other links are destroyed
3195 memset(sdata->vif.bss_conf.mu_group.membership, 0,
3196 sizeof(sdata->vif.bss_conf.mu_group.membership));
3197 memset(sdata->vif.bss_conf.mu_group.position, 0,
3198 sizeof(sdata->vif.bss_conf.mu_group.position));
3199 if (!ieee80211_vif_is_mld(&sdata->vif))
3200 changed |= BSS_CHANGED_MU_GROUPS;
3201 sdata->vif.bss_conf.mu_mimo_owner = false;
3203 sdata->deflink.ap_power_level = IEEE80211_UNSET_POWER_LEVEL;
3205 del_timer_sync(&local->dynamic_ps_timer);
3206 wiphy_work_cancel(local->hw.wiphy, &local->dynamic_ps_enable_work);
3208 /* Disable ARP filtering */
3209 if (sdata->vif.cfg.arp_addr_cnt)
3210 changed |= BSS_CHANGED_ARP_FILTER;
3212 sdata->vif.bss_conf.qos = false;
3213 if (!ieee80211_vif_is_mld(&sdata->vif)) {
3214 changed |= BSS_CHANGED_QOS;
3215 /* The BSSID (not really interesting) and HT changed */
3216 changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT;
3217 ieee80211_bss_info_change_notify(sdata, changed);
3219 ieee80211_vif_cfg_change_notify(sdata, changed);
3222 /* disassociated - set to defaults now */
3223 ieee80211_set_wmm_default(&sdata->deflink, false, false);
3225 del_timer_sync(&sdata->u.mgd.conn_mon_timer);
3226 del_timer_sync(&sdata->u.mgd.bcn_mon_timer);
3227 del_timer_sync(&sdata->u.mgd.timer);
3229 sdata->vif.bss_conf.dtim_period = 0;
3230 sdata->vif.bss_conf.beacon_rate = NULL;
3232 sdata->deflink.u.mgd.have_beacon = false;
3233 sdata->deflink.u.mgd.tracking_signal_avg = false;
3234 sdata->deflink.u.mgd.disable_wmm_tracking = false;
3238 for (link_id = 0; link_id < ARRAY_SIZE(sdata->link); link_id++) {
3239 struct ieee80211_link_data *link;
3241 link = sdata_dereference(sdata->link[link_id], sdata);
3244 ieee80211_link_release_channel(link);
3247 sdata->vif.bss_conf.csa_active = false;
3248 sdata->deflink.u.mgd.csa_waiting_bcn = false;
3249 sdata->deflink.u.mgd.csa_ignored_same_chan = false;
3250 if (sdata->csa_blocked_tx) {
3251 ieee80211_wake_vif_queues(local, sdata,
3252 IEEE80211_QUEUE_STOP_REASON_CSA);
3253 sdata->csa_blocked_tx = false;
3256 /* existing TX TSPEC sessions no longer exist */
3257 memset(ifmgd->tx_tspec, 0, sizeof(ifmgd->tx_tspec));
3258 wiphy_delayed_work_cancel(local->hw.wiphy, &ifmgd->tx_tspec_wk);
3260 sdata->vif.bss_conf.power_type = IEEE80211_REG_UNSET_AP;
3261 sdata->vif.bss_conf.pwr_reduction = 0;
3262 sdata->vif.bss_conf.tx_pwr_env_num = 0;
3263 memset(sdata->vif.bss_conf.tx_pwr_env, 0,
3264 sizeof(sdata->vif.bss_conf.tx_pwr_env));
3266 sdata->vif.cfg.eml_cap = 0;
3267 sdata->vif.cfg.eml_med_sync_delay = 0;
3268 sdata->vif.cfg.mld_capa_op = 0;
3270 memset(&sdata->u.mgd.ttlm_info, 0,
3271 sizeof(sdata->u.mgd.ttlm_info));
3272 wiphy_delayed_work_cancel(sdata->local->hw.wiphy, &ifmgd->ttlm_work);
3274 wiphy_delayed_work_cancel(sdata->local->hw.wiphy,
3275 &ifmgd->neg_ttlm_timeout_work);
3276 ieee80211_vif_set_links(sdata, 0, 0);
3278 ifmgd->mcast_seq_last = IEEE80211_SN_MODULO;
3281 static void ieee80211_reset_ap_probe(struct ieee80211_sub_if_data *sdata)
3283 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3284 struct ieee80211_local *local = sdata->local;
3286 lockdep_assert_wiphy(local->hw.wiphy);
3288 if (!(ifmgd->flags & IEEE80211_STA_CONNECTION_POLL))
3291 __ieee80211_stop_poll(sdata);
3293 ieee80211_recalc_ps(local);
3295 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
3299 * We've received a probe response, but are not sure whether
3300 * we have or will be receiving any beacons or data, so let's
3301 * schedule the timers again, just in case.
3303 ieee80211_sta_reset_beacon_monitor(sdata);
3305 mod_timer(&ifmgd->conn_mon_timer,
3306 round_jiffies_up(jiffies +
3307 IEEE80211_CONNECTION_IDLE_TIME));
3310 static void ieee80211_sta_tx_wmm_ac_notify(struct ieee80211_sub_if_data *sdata,
3311 struct ieee80211_hdr *hdr,
3314 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3317 struct ieee80211_sta_tx_tspec *tx_tspec;
3318 unsigned long now = jiffies;
3320 if (!ieee80211_is_data_qos(hdr->frame_control))
3323 tid = ieee80211_get_tid(hdr);
3324 ac = ieee80211_ac_from_tid(tid);
3325 tx_tspec = &ifmgd->tx_tspec[ac];
3327 if (likely(!tx_tspec->admitted_time))
3330 if (time_after(now, tx_tspec->time_slice_start + HZ)) {
3331 tx_tspec->consumed_tx_time = 0;
3332 tx_tspec->time_slice_start = now;
3334 if (tx_tspec->downgraded) {
3335 tx_tspec->action = TX_TSPEC_ACTION_STOP_DOWNGRADE;
3336 wiphy_delayed_work_queue(sdata->local->hw.wiphy,
3337 &ifmgd->tx_tspec_wk, 0);
3341 if (tx_tspec->downgraded)
3344 tx_tspec->consumed_tx_time += tx_time;
3346 if (tx_tspec->consumed_tx_time >= tx_tspec->admitted_time) {
3347 tx_tspec->downgraded = true;
3348 tx_tspec->action = TX_TSPEC_ACTION_DOWNGRADE;
3349 wiphy_delayed_work_queue(sdata->local->hw.wiphy,
3350 &ifmgd->tx_tspec_wk, 0);
3354 void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata,
3355 struct ieee80211_hdr *hdr, bool ack, u16 tx_time)
3357 ieee80211_sta_tx_wmm_ac_notify(sdata, hdr, tx_time);
3359 if (!ieee80211_is_any_nullfunc(hdr->frame_control) ||
3360 !sdata->u.mgd.probe_send_count)
3364 sdata->u.mgd.probe_send_count = 0;
3366 sdata->u.mgd.nullfunc_failed = true;
3367 wiphy_work_queue(sdata->local->hw.wiphy, &sdata->work);
3370 static void ieee80211_mlme_send_probe_req(struct ieee80211_sub_if_data *sdata,
3371 const u8 *src, const u8 *dst,
3372 const u8 *ssid, size_t ssid_len,
3373 struct ieee80211_channel *channel)
3375 struct sk_buff *skb;
3377 skb = ieee80211_build_probe_req(sdata, src, dst, (u32)-1, channel,
3378 ssid, ssid_len, NULL, 0,
3379 IEEE80211_PROBE_FLAG_DIRECTED);
3381 ieee80211_tx_skb(sdata, skb);
3384 static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata)
3386 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3387 u8 *dst = sdata->vif.cfg.ap_addr;
3388 u8 unicast_limit = max(1, max_probe_tries - 3);
3389 struct sta_info *sta;
3391 lockdep_assert_wiphy(sdata->local->hw.wiphy);
3393 if (WARN_ON(ieee80211_vif_is_mld(&sdata->vif)))
3397 * Try sending broadcast probe requests for the last three
3398 * probe requests after the first ones failed since some
3399 * buggy APs only support broadcast probe requests.
3401 if (ifmgd->probe_send_count >= unicast_limit)
3405 * When the hardware reports an accurate Tx ACK status, it's
3406 * better to send a nullfunc frame instead of a probe request,
3407 * as it will kick us off the AP quickly if we aren't associated
3408 * anymore. The timeout will be reset if the frame is ACKed by
3411 ifmgd->probe_send_count++;
3414 sta = sta_info_get(sdata, dst);
3416 ieee80211_check_fast_rx(sta);
3419 if (ieee80211_hw_check(&sdata->local->hw, REPORTS_TX_ACK_STATUS)) {
3420 ifmgd->nullfunc_failed = false;
3421 ieee80211_send_nullfunc(sdata->local, sdata, false);
3423 ieee80211_mlme_send_probe_req(sdata, sdata->vif.addr, dst,
3424 sdata->vif.cfg.ssid,
3425 sdata->vif.cfg.ssid_len,
3426 sdata->deflink.conf->bss->channel);
3429 ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms);
3430 run_again(sdata, ifmgd->probe_timeout);
3433 static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata,
3436 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3437 bool already = false;
3439 lockdep_assert_wiphy(sdata->local->hw.wiphy);
3441 if (WARN_ON_ONCE(ieee80211_vif_is_mld(&sdata->vif)))
3444 if (!ieee80211_sdata_running(sdata))
3447 if (!ifmgd->associated)
3450 if (sdata->local->tmp_channel || sdata->local->scanning)
3453 if (sdata->local->suspending) {
3454 /* reschedule after resume */
3455 ieee80211_reset_ap_probe(sdata);
3460 mlme_dbg_ratelimited(sdata,
3461 "detected beacon loss from AP (missed %d beacons) - probing\n",
3464 ieee80211_cqm_beacon_loss_notify(&sdata->vif, GFP_KERNEL);
3468 * The driver/our work has already reported this event or the
3469 * connection monitoring has kicked in and we have already sent
3470 * a probe request. Or maybe the AP died and the driver keeps
3471 * reporting until we disassociate...
3473 * In either case we have to ignore the current call to this
3474 * function (except for setting the correct probe reason bit)
3475 * because otherwise we would reset the timer every time and
3476 * never check whether we received a probe response!
3478 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL)
3481 ifmgd->flags |= IEEE80211_STA_CONNECTION_POLL;
3486 ieee80211_recalc_ps(sdata->local);
3488 ifmgd->probe_send_count = 0;
3489 ieee80211_mgd_probe_ap_send(sdata);
3492 struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw,
3493 struct ieee80211_vif *vif)
3495 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
3496 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3497 struct cfg80211_bss *cbss;
3498 struct sk_buff *skb;
3499 const struct element *ssid;
3502 lockdep_assert_wiphy(sdata->local->hw.wiphy);
3504 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION ||
3505 ieee80211_vif_is_mld(&sdata->vif)))
3508 if (ifmgd->associated)
3509 cbss = sdata->deflink.conf->bss;
3510 else if (ifmgd->auth_data)
3511 cbss = ifmgd->auth_data->bss;
3512 else if (ifmgd->assoc_data && ifmgd->assoc_data->link[0].bss)
3513 cbss = ifmgd->assoc_data->link[0].bss;
3518 ssid = ieee80211_bss_get_elem(cbss, WLAN_EID_SSID);
3519 if (WARN_ONCE(!ssid || ssid->datalen > IEEE80211_MAX_SSID_LEN,
3520 "invalid SSID element (len=%d)",
3521 ssid ? ssid->datalen : -1))
3524 ssid_len = ssid->datalen;
3526 skb = ieee80211_build_probe_req(sdata, sdata->vif.addr, cbss->bssid,
3527 (u32) -1, cbss->channel,
3528 ssid->data, ssid_len,
3529 NULL, 0, IEEE80211_PROBE_FLAG_DIRECTED);
3534 EXPORT_SYMBOL(ieee80211_ap_probereq_get);
3536 static void ieee80211_report_disconnect(struct ieee80211_sub_if_data *sdata,
3537 const u8 *buf, size_t len, bool tx,
3538 u16 reason, bool reconnect)
3540 struct ieee80211_event event = {
3542 .u.mlme.data = tx ? DEAUTH_TX_EVENT : DEAUTH_RX_EVENT,
3543 .u.mlme.reason = reason,
3547 cfg80211_tx_mlme_mgmt(sdata->dev, buf, len, reconnect);
3549 cfg80211_rx_mlme_mgmt(sdata->dev, buf, len);
3551 drv_event_callback(sdata->local, sdata, &event);
3554 static void __ieee80211_disconnect(struct ieee80211_sub_if_data *sdata)
3556 struct ieee80211_local *local = sdata->local;
3557 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3558 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
3561 lockdep_assert_wiphy(local->hw.wiphy);
3563 if (!ifmgd->associated)
3567 * MLO drivers should have HANDLES_QUIET_CSA, so that csa_blocked_tx
3568 * is always false; if they don't then this may try to transmit the
3569 * frame but queues will be stopped.
3571 tx = !sdata->csa_blocked_tx;
3573 if (!ifmgd->driver_disconnect) {
3574 unsigned int link_id;
3577 * AP is probably out of range (or not reachable for another
3578 * reason) so remove the bss structs for that AP. In the case
3579 * of multi-link, it's not clear that all of them really are
3580 * out of range, but if they weren't the driver likely would
3581 * have switched to just have a single link active?
3584 link_id < ARRAY_SIZE(sdata->link);
3586 struct ieee80211_link_data *link;
3588 link = sdata_dereference(sdata->link[link_id], sdata);
3591 cfg80211_unlink_bss(local->hw.wiphy, link->conf->bss);
3592 link->conf->bss = NULL;
3596 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
3597 ifmgd->driver_disconnect ?
3598 WLAN_REASON_DEAUTH_LEAVING :
3599 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
3601 /* the other links will be destroyed */
3602 sdata->vif.bss_conf.csa_active = false;
3603 sdata->deflink.u.mgd.csa_waiting_bcn = false;
3604 if (sdata->csa_blocked_tx) {
3605 ieee80211_wake_vif_queues(local, sdata,
3606 IEEE80211_QUEUE_STOP_REASON_CSA);
3607 sdata->csa_blocked_tx = false;
3610 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), tx,
3611 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
3613 ifmgd->reconnect = false;
3616 static void ieee80211_beacon_connection_loss_work(struct wiphy *wiphy,
3617 struct wiphy_work *work)
3619 struct ieee80211_sub_if_data *sdata =
3620 container_of(work, struct ieee80211_sub_if_data,
3621 u.mgd.beacon_connection_loss_work);
3622 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3624 if (ifmgd->connection_loss) {
3625 sdata_info(sdata, "Connection to AP %pM lost\n",
3626 sdata->vif.cfg.ap_addr);
3627 __ieee80211_disconnect(sdata);
3628 ifmgd->connection_loss = false;
3629 } else if (ifmgd->driver_disconnect) {
3631 "Driver requested disconnection from AP %pM\n",
3632 sdata->vif.cfg.ap_addr);
3633 __ieee80211_disconnect(sdata);
3634 ifmgd->driver_disconnect = false;
3636 if (ifmgd->associated)
3637 sdata->deflink.u.mgd.beacon_loss_count++;
3638 ieee80211_mgd_probe_ap(sdata, true);
3642 static void ieee80211_csa_connection_drop_work(struct wiphy *wiphy,
3643 struct wiphy_work *work)
3645 struct ieee80211_sub_if_data *sdata =
3646 container_of(work, struct ieee80211_sub_if_data,
3647 u.mgd.csa_connection_drop_work);
3649 __ieee80211_disconnect(sdata);
3652 void ieee80211_beacon_loss(struct ieee80211_vif *vif)
3654 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
3655 struct ieee80211_hw *hw = &sdata->local->hw;
3657 trace_api_beacon_loss(sdata);
3659 sdata->u.mgd.connection_loss = false;
3660 wiphy_work_queue(hw->wiphy, &sdata->u.mgd.beacon_connection_loss_work);
3662 EXPORT_SYMBOL(ieee80211_beacon_loss);
3664 void ieee80211_connection_loss(struct ieee80211_vif *vif)
3666 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
3667 struct ieee80211_hw *hw = &sdata->local->hw;
3669 trace_api_connection_loss(sdata);
3671 sdata->u.mgd.connection_loss = true;
3672 wiphy_work_queue(hw->wiphy, &sdata->u.mgd.beacon_connection_loss_work);
3674 EXPORT_SYMBOL(ieee80211_connection_loss);
3676 void ieee80211_disconnect(struct ieee80211_vif *vif, bool reconnect)
3678 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
3679 struct ieee80211_hw *hw = &sdata->local->hw;
3681 trace_api_disconnect(sdata, reconnect);
3683 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
3686 sdata->u.mgd.driver_disconnect = true;
3687 sdata->u.mgd.reconnect = reconnect;
3688 wiphy_work_queue(hw->wiphy, &sdata->u.mgd.beacon_connection_loss_work);
3690 EXPORT_SYMBOL(ieee80211_disconnect);
3692 static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata,
3695 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data;
3697 lockdep_assert_wiphy(sdata->local->hw.wiphy);
3701 * we are not authenticated yet, the only timer that could be
3702 * running is the timeout for the authentication response which
3703 * which is not relevant anymore.
3705 del_timer_sync(&sdata->u.mgd.timer);
3706 sta_info_destroy_addr(sdata, auth_data->ap_addr);
3708 /* other links are destroyed */
3709 eth_zero_addr(sdata->deflink.u.mgd.bssid);
3710 ieee80211_link_info_change_notify(sdata, &sdata->deflink,
3712 sdata->u.mgd.flags = 0;
3714 ieee80211_link_release_channel(&sdata->deflink);
3715 ieee80211_vif_set_links(sdata, 0, 0);
3718 cfg80211_put_bss(sdata->local->hw.wiphy, auth_data->bss);
3720 sdata->u.mgd.auth_data = NULL;
3730 static void ieee80211_destroy_assoc_data(struct ieee80211_sub_if_data *sdata,
3731 enum assoc_status status)
3733 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data;
3735 lockdep_assert_wiphy(sdata->local->hw.wiphy);
3737 if (status != ASSOC_SUCCESS) {
3739 * we are not associated yet, the only timer that could be
3740 * running is the timeout for the association response which
3741 * which is not relevant anymore.
3743 del_timer_sync(&sdata->u.mgd.timer);
3744 sta_info_destroy_addr(sdata, assoc_data->ap_addr);
3746 eth_zero_addr(sdata->deflink.u.mgd.bssid);
3747 ieee80211_link_info_change_notify(sdata, &sdata->deflink,
3749 sdata->u.mgd.flags = 0;
3750 sdata->vif.bss_conf.mu_mimo_owner = false;
3752 if (status != ASSOC_REJECTED) {
3753 struct cfg80211_assoc_failure data = {
3754 .timeout = status == ASSOC_TIMEOUT,
3758 BUILD_BUG_ON(ARRAY_SIZE(data.bss) !=
3759 ARRAY_SIZE(assoc_data->link));
3761 for (i = 0; i < ARRAY_SIZE(data.bss); i++)
3762 data.bss[i] = assoc_data->link[i].bss;
3764 if (ieee80211_vif_is_mld(&sdata->vif))
3765 data.ap_mld_addr = assoc_data->ap_addr;
3767 cfg80211_assoc_failure(sdata->dev, &data);
3770 ieee80211_link_release_channel(&sdata->deflink);
3771 ieee80211_vif_set_links(sdata, 0, 0);
3775 sdata->u.mgd.assoc_data = NULL;
3778 static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata,
3779 struct ieee80211_mgmt *mgmt, size_t len)
3781 struct ieee80211_local *local = sdata->local;
3782 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data;
3783 const struct element *challenge;
3786 struct ieee80211_prep_tx_info info = {
3787 .subtype = IEEE80211_STYPE_AUTH,
3788 .link_id = auth_data->link_id,
3791 pos = mgmt->u.auth.variable;
3792 challenge = cfg80211_find_elem(WLAN_EID_CHALLENGE, pos,
3793 len - (pos - (u8 *)mgmt));
3796 auth_data->expected_transaction = 4;
3797 drv_mgd_prepare_tx(sdata->local, sdata, &info);
3798 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
3799 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
3800 IEEE80211_TX_INTFL_MLME_CONN_TX;
3801 ieee80211_send_auth(sdata, 3, auth_data->algorithm, 0,
3803 challenge->datalen + sizeof(*challenge),
3804 auth_data->ap_addr, auth_data->ap_addr,
3805 auth_data->key, auth_data->key_len,
3806 auth_data->key_idx, tx_flags);
3809 static bool ieee80211_mark_sta_auth(struct ieee80211_sub_if_data *sdata)
3811 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3812 const u8 *ap_addr = ifmgd->auth_data->ap_addr;
3813 struct sta_info *sta;
3815 lockdep_assert_wiphy(sdata->local->hw.wiphy);
3817 sdata_info(sdata, "authenticated\n");
3818 ifmgd->auth_data->done = true;
3819 ifmgd->auth_data->timeout = jiffies + IEEE80211_AUTH_WAIT_ASSOC;
3820 ifmgd->auth_data->timeout_started = true;
3821 run_again(sdata, ifmgd->auth_data->timeout);
3823 /* move station state to auth */
3824 sta = sta_info_get(sdata, ap_addr);
3826 WARN_ONCE(1, "%s: STA %pM not found", sdata->name, ap_addr);
3829 if (sta_info_move_state(sta, IEEE80211_STA_AUTH)) {
3830 sdata_info(sdata, "failed moving %pM to auth\n", ap_addr);
3837 static void ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata,
3838 struct ieee80211_mgmt *mgmt, size_t len)
3840 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3841 u16 auth_alg, auth_transaction, status_code;
3842 struct ieee80211_event event = {
3844 .u.mlme.data = AUTH_EVENT,
3846 struct ieee80211_prep_tx_info info = {
3847 .subtype = IEEE80211_STYPE_AUTH,
3850 lockdep_assert_wiphy(sdata->local->hw.wiphy);
3855 if (!ifmgd->auth_data || ifmgd->auth_data->done)
3858 if (!ether_addr_equal(ifmgd->auth_data->ap_addr, mgmt->bssid))
3861 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
3862 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
3863 status_code = le16_to_cpu(mgmt->u.auth.status_code);
3865 if (auth_alg != ifmgd->auth_data->algorithm ||
3866 (auth_alg != WLAN_AUTH_SAE &&
3867 auth_transaction != ifmgd->auth_data->expected_transaction) ||
3868 (auth_alg == WLAN_AUTH_SAE &&
3869 (auth_transaction < ifmgd->auth_data->expected_transaction ||
3870 auth_transaction > 2))) {
3871 sdata_info(sdata, "%pM unexpected authentication state: alg %d (expected %d) transact %d (expected %d)\n",
3872 mgmt->sa, auth_alg, ifmgd->auth_data->algorithm,
3874 ifmgd->auth_data->expected_transaction);
3878 if (status_code != WLAN_STATUS_SUCCESS) {
3879 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
3881 if (auth_alg == WLAN_AUTH_SAE &&
3882 (status_code == WLAN_STATUS_ANTI_CLOG_REQUIRED ||
3883 (auth_transaction == 1 &&
3884 (status_code == WLAN_STATUS_SAE_HASH_TO_ELEMENT ||
3885 status_code == WLAN_STATUS_SAE_PK)))) {
3886 /* waiting for userspace now */
3887 ifmgd->auth_data->waiting = true;
3888 ifmgd->auth_data->timeout =
3889 jiffies + IEEE80211_AUTH_WAIT_SAE_RETRY;
3890 ifmgd->auth_data->timeout_started = true;
3891 run_again(sdata, ifmgd->auth_data->timeout);
3895 sdata_info(sdata, "%pM denied authentication (status %d)\n",
3896 mgmt->sa, status_code);
3897 ieee80211_destroy_auth_data(sdata, false);
3898 event.u.mlme.status = MLME_DENIED;
3899 event.u.mlme.reason = status_code;
3900 drv_event_callback(sdata->local, sdata, &event);
3904 switch (ifmgd->auth_data->algorithm) {
3905 case WLAN_AUTH_OPEN:
3906 case WLAN_AUTH_LEAP:
3909 case WLAN_AUTH_FILS_SK:
3910 case WLAN_AUTH_FILS_SK_PFS:
3911 case WLAN_AUTH_FILS_PK:
3913 case WLAN_AUTH_SHARED_KEY:
3914 if (ifmgd->auth_data->expected_transaction != 4) {
3915 ieee80211_auth_challenge(sdata, mgmt, len);
3916 /* need another frame */
3921 WARN_ONCE(1, "invalid auth alg %d",
3922 ifmgd->auth_data->algorithm);
3926 event.u.mlme.status = MLME_SUCCESS;
3928 drv_event_callback(sdata->local, sdata, &event);
3929 if (ifmgd->auth_data->algorithm != WLAN_AUTH_SAE ||
3930 (auth_transaction == 2 &&
3931 ifmgd->auth_data->expected_transaction == 2)) {
3932 if (!ieee80211_mark_sta_auth(sdata))
3933 return; /* ignore frame -- wait for timeout */
3934 } else if (ifmgd->auth_data->algorithm == WLAN_AUTH_SAE &&
3935 auth_transaction == 2) {
3936 sdata_info(sdata, "SAE peer confirmed\n");
3937 ifmgd->auth_data->peer_confirmed = true;
3940 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
3942 drv_mgd_complete_tx(sdata->local, sdata, &info);
3945 #define case_WLAN(type) \
3946 case WLAN_REASON_##type: return #type
3948 const char *ieee80211_get_reason_code_string(u16 reason_code)
3950 switch (reason_code) {
3951 case_WLAN(UNSPECIFIED);
3952 case_WLAN(PREV_AUTH_NOT_VALID);
3953 case_WLAN(DEAUTH_LEAVING);
3954 case_WLAN(DISASSOC_DUE_TO_INACTIVITY);
3955 case_WLAN(DISASSOC_AP_BUSY);
3956 case_WLAN(CLASS2_FRAME_FROM_NONAUTH_STA);
3957 case_WLAN(CLASS3_FRAME_FROM_NONASSOC_STA);
3958 case_WLAN(DISASSOC_STA_HAS_LEFT);
3959 case_WLAN(STA_REQ_ASSOC_WITHOUT_AUTH);
3960 case_WLAN(DISASSOC_BAD_POWER);
3961 case_WLAN(DISASSOC_BAD_SUPP_CHAN);
3962 case_WLAN(INVALID_IE);
3963 case_WLAN(MIC_FAILURE);
3964 case_WLAN(4WAY_HANDSHAKE_TIMEOUT);
3965 case_WLAN(GROUP_KEY_HANDSHAKE_TIMEOUT);
3966 case_WLAN(IE_DIFFERENT);
3967 case_WLAN(INVALID_GROUP_CIPHER);
3968 case_WLAN(INVALID_PAIRWISE_CIPHER);
3969 case_WLAN(INVALID_AKMP);
3970 case_WLAN(UNSUPP_RSN_VERSION);
3971 case_WLAN(INVALID_RSN_IE_CAP);
3972 case_WLAN(IEEE8021X_FAILED);
3973 case_WLAN(CIPHER_SUITE_REJECTED);
3974 case_WLAN(DISASSOC_UNSPECIFIED_QOS);
3975 case_WLAN(DISASSOC_QAP_NO_BANDWIDTH);
3976 case_WLAN(DISASSOC_LOW_ACK);
3977 case_WLAN(DISASSOC_QAP_EXCEED_TXOP);
3978 case_WLAN(QSTA_LEAVE_QBSS);
3979 case_WLAN(QSTA_NOT_USE);
3980 case_WLAN(QSTA_REQUIRE_SETUP);
3981 case_WLAN(QSTA_TIMEOUT);
3982 case_WLAN(QSTA_CIPHER_NOT_SUPP);
3983 case_WLAN(MESH_PEER_CANCELED);
3984 case_WLAN(MESH_MAX_PEERS);
3985 case_WLAN(MESH_CONFIG);
3986 case_WLAN(MESH_CLOSE);
3987 case_WLAN(MESH_MAX_RETRIES);
3988 case_WLAN(MESH_CONFIRM_TIMEOUT);
3989 case_WLAN(MESH_INVALID_GTK);
3990 case_WLAN(MESH_INCONSISTENT_PARAM);
3991 case_WLAN(MESH_INVALID_SECURITY);
3992 case_WLAN(MESH_PATH_ERROR);
3993 case_WLAN(MESH_PATH_NOFORWARD);
3994 case_WLAN(MESH_PATH_DEST_UNREACHABLE);
3995 case_WLAN(MAC_EXISTS_IN_MBSS);
3996 case_WLAN(MESH_CHAN_REGULATORY);
3997 case_WLAN(MESH_CHAN);
3998 default: return "<unknown>";
4002 static void ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata,
4003 struct ieee80211_mgmt *mgmt, size_t len)
4005 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4006 u16 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
4008 lockdep_assert_wiphy(sdata->local->hw.wiphy);
4013 if (!ether_addr_equal(mgmt->bssid, mgmt->sa)) {
4014 ieee80211_tdls_handle_disconnect(sdata, mgmt->sa, reason_code);
4018 if (ifmgd->associated &&
4019 ether_addr_equal(mgmt->bssid, sdata->vif.cfg.ap_addr)) {
4020 sdata_info(sdata, "deauthenticated from %pM (Reason: %u=%s)\n",
4021 sdata->vif.cfg.ap_addr, reason_code,
4022 ieee80211_get_reason_code_string(reason_code));
4024 ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
4026 ieee80211_report_disconnect(sdata, (u8 *)mgmt, len, false,
4027 reason_code, false);
4031 if (ifmgd->assoc_data &&
4032 ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->ap_addr)) {
4034 "deauthenticated from %pM while associating (Reason: %u=%s)\n",
4035 ifmgd->assoc_data->ap_addr, reason_code,
4036 ieee80211_get_reason_code_string(reason_code));
4038 ieee80211_destroy_assoc_data(sdata, ASSOC_ABANDON);
4040 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
4046 static void ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata,
4047 struct ieee80211_mgmt *mgmt, size_t len)
4049 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4052 lockdep_assert_wiphy(sdata->local->hw.wiphy);
4057 if (!ifmgd->associated ||
4058 !ether_addr_equal(mgmt->bssid, sdata->vif.cfg.ap_addr))
4061 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
4063 if (!ether_addr_equal(mgmt->bssid, mgmt->sa)) {
4064 ieee80211_tdls_handle_disconnect(sdata, mgmt->sa, reason_code);
4068 sdata_info(sdata, "disassociated from %pM (Reason: %u=%s)\n",
4069 sdata->vif.cfg.ap_addr, reason_code,
4070 ieee80211_get_reason_code_string(reason_code));
4072 ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
4074 ieee80211_report_disconnect(sdata, (u8 *)mgmt, len, false, reason_code,
4078 static void ieee80211_get_rates(struct ieee80211_supported_band *sband,
4079 u8 *supp_rates, unsigned int supp_rates_len,
4080 u32 *rates, u32 *basic_rates,
4081 bool *have_higher_than_11mbit,
4082 int *min_rate, int *min_rate_index)
4086 for (i = 0; i < supp_rates_len; i++) {
4087 int rate = supp_rates[i] & 0x7f;
4088 bool is_basic = !!(supp_rates[i] & 0x80);
4090 if ((rate * 5) > 110)
4091 *have_higher_than_11mbit = true;
4094 * Skip HT, VHT, HE, EHT and SAE H2E only BSS membership
4095 * selectors since they're not rates.
4097 * Note: Even though the membership selector and the basic
4098 * rate flag share the same bit, they are not exactly
4101 if (supp_rates[i] == (0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY) ||
4102 supp_rates[i] == (0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY) ||
4103 supp_rates[i] == (0x80 | BSS_MEMBERSHIP_SELECTOR_HE_PHY) ||
4104 supp_rates[i] == (0x80 | BSS_MEMBERSHIP_SELECTOR_EHT_PHY) ||
4105 supp_rates[i] == (0x80 | BSS_MEMBERSHIP_SELECTOR_SAE_H2E))
4108 for (j = 0; j < sband->n_bitrates; j++) {
4109 struct ieee80211_rate *br;
4112 br = &sband->bitrates[j];
4114 brate = DIV_ROUND_UP(br->bitrate, 5);
4115 if (brate == rate) {
4118 *basic_rates |= BIT(j);
4119 if ((rate * 5) < *min_rate) {
4120 *min_rate = rate * 5;
4121 *min_rate_index = j;
4129 static bool ieee80211_twt_req_supported(struct ieee80211_sub_if_data *sdata,
4130 struct ieee80211_supported_band *sband,
4131 const struct link_sta_info *link_sta,
4132 const struct ieee802_11_elems *elems)
4134 const struct ieee80211_sta_he_cap *own_he_cap =
4135 ieee80211_get_he_iftype_cap_vif(sband, &sdata->vif);
4137 if (elems->ext_capab_len < 10)
4140 if (!(elems->ext_capab[9] & WLAN_EXT_CAPA10_TWT_RESPONDER_SUPPORT))
4143 return link_sta->pub->he_cap.he_cap_elem.mac_cap_info[0] &
4144 IEEE80211_HE_MAC_CAP0_TWT_RES &&
4146 (own_he_cap->he_cap_elem.mac_cap_info[0] &
4147 IEEE80211_HE_MAC_CAP0_TWT_REQ);
4150 static u64 ieee80211_recalc_twt_req(struct ieee80211_sub_if_data *sdata,
4151 struct ieee80211_supported_band *sband,
4152 struct ieee80211_link_data *link,
4153 struct link_sta_info *link_sta,
4154 struct ieee802_11_elems *elems)
4156 bool twt = ieee80211_twt_req_supported(sdata, sband, link_sta, elems);
4158 if (link->conf->twt_requester != twt) {
4159 link->conf->twt_requester = twt;
4160 return BSS_CHANGED_TWT;
4165 static bool ieee80211_twt_bcast_support(struct ieee80211_sub_if_data *sdata,
4166 struct ieee80211_bss_conf *bss_conf,
4167 struct ieee80211_supported_band *sband,
4168 struct link_sta_info *link_sta)
4170 const struct ieee80211_sta_he_cap *own_he_cap =
4171 ieee80211_get_he_iftype_cap_vif(sband, &sdata->vif);
4173 return bss_conf->he_support &&
4174 (link_sta->pub->he_cap.he_cap_elem.mac_cap_info[2] &
4175 IEEE80211_HE_MAC_CAP2_BCAST_TWT) &&
4177 (own_he_cap->he_cap_elem.mac_cap_info[2] &
4178 IEEE80211_HE_MAC_CAP2_BCAST_TWT);
4181 static bool ieee80211_assoc_config_link(struct ieee80211_link_data *link,
4182 struct link_sta_info *link_sta,
4183 struct cfg80211_bss *cbss,
4184 struct ieee80211_mgmt *mgmt,
4185 const u8 *elem_start,
4186 unsigned int elem_len,
4189 struct ieee80211_sub_if_data *sdata = link->sdata;
4190 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data;
4191 struct ieee80211_bss_conf *bss_conf = link->conf;
4192 struct ieee80211_local *local = sdata->local;
4193 unsigned int link_id = link->link_id;
4194 struct ieee80211_elems_parse_params parse_params = {
4195 .mode = link->u.mgd.conn.mode,
4196 .start = elem_start,
4198 .link_id = link_id == assoc_data->assoc_link_id ? -1 : link_id,
4201 bool is_5ghz = cbss->channel->band == NL80211_BAND_5GHZ;
4202 bool is_6ghz = cbss->channel->band == NL80211_BAND_6GHZ;
4203 bool is_s1g = cbss->channel->band == NL80211_BAND_S1GHZ;
4204 const struct cfg80211_bss_ies *bss_ies = NULL;
4205 struct ieee80211_supported_band *sband;
4206 struct ieee802_11_elems *elems;
4207 const __le16 prof_bss_param_ch_present =
4208 cpu_to_le16(IEEE80211_MLE_STA_CONTROL_BSS_PARAM_CHANGE_CNT_PRESENT);
4212 elems = ieee802_11_parse_elems_full(&parse_params);
4216 if (link_id == assoc_data->assoc_link_id) {
4217 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
4220 * we should not get to this flow unless the association was
4221 * successful, so set the status directly to success
4223 assoc_data->link[link_id].status = WLAN_STATUS_SUCCESS;
4224 if (elems->ml_basic) {
4225 int bss_param_ch_cnt =
4226 ieee80211_mle_get_bss_param_ch_cnt((const void *)elems->ml_basic);
4228 if (bss_param_ch_cnt < 0) {
4232 link->u.mgd.bss_param_ch_cnt = bss_param_ch_cnt;
4234 } else if (elems->parse_error & IEEE80211_PARSE_ERR_DUP_NEST_ML_BASIC ||
4236 !(elems->prof->control & prof_bss_param_ch_present)) {
4240 const u8 *ptr = elems->prof->variable +
4241 elems->prof->sta_info_len - 1;
4244 * During parsing, we validated that these fields exist,
4245 * otherwise elems->prof would have been set to NULL.
4247 capab_info = get_unaligned_le16(ptr);
4248 assoc_data->link[link_id].status = get_unaligned_le16(ptr + 2);
4249 link->u.mgd.bss_param_ch_cnt =
4250 ieee80211_mle_basic_sta_prof_bss_param_ch_cnt(elems->prof);
4252 if (assoc_data->link[link_id].status != WLAN_STATUS_SUCCESS) {
4253 link_info(link, "association response status code=%u\n",
4254 assoc_data->link[link_id].status);
4260 if (!is_s1g && !elems->supp_rates) {
4261 sdata_info(sdata, "no SuppRates element in AssocResp\n");
4266 link->u.mgd.tdls_chan_switch_prohibited =
4267 elems->ext_capab && elems->ext_capab_len >= 5 &&
4268 (elems->ext_capab[4] & WLAN_EXT_CAPA5_TDLS_CH_SW_PROHIBITED);
4271 * Some APs are erroneously not including some information in their
4272 * (re)association response frames. Try to recover by using the data
4273 * from the beacon or probe response. This seems to afflict mobile
4274 * 2G/3G/4G wifi routers, reported models include the "Onda PN51T",
4275 * "Vodafone PocketWiFi 2", "ZTE MF60" and a similar T-Mobile device.
4278 ((assoc_data->wmm && !elems->wmm_param) ||
4279 (link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HT &&
4280 (!elems->ht_cap_elem || !elems->ht_operation)) ||
4281 (link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_VHT &&
4282 (!elems->vht_cap_elem || !elems->vht_operation)))) {
4283 const struct cfg80211_bss_ies *ies;
4284 struct ieee802_11_elems *bss_elems;
4287 ies = rcu_dereference(cbss->ies);
4289 bss_ies = kmemdup(ies, sizeof(*ies) + ies->len,
4297 parse_params.start = bss_ies->data;
4298 parse_params.len = bss_ies->len;
4299 parse_params.bss = cbss;
4300 bss_elems = ieee802_11_parse_elems_full(&parse_params);
4306 if (assoc_data->wmm &&
4307 !elems->wmm_param && bss_elems->wmm_param) {
4308 elems->wmm_param = bss_elems->wmm_param;
4310 "AP bug: WMM param missing from AssocResp\n");
4314 * Also check if we requested HT/VHT, otherwise the AP doesn't
4315 * have to include the IEs in the (re)association response.
4317 if (!elems->ht_cap_elem && bss_elems->ht_cap_elem &&
4318 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HT) {
4319 elems->ht_cap_elem = bss_elems->ht_cap_elem;
4321 "AP bug: HT capability missing from AssocResp\n");
4323 if (!elems->ht_operation && bss_elems->ht_operation &&
4324 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HT) {
4325 elems->ht_operation = bss_elems->ht_operation;
4327 "AP bug: HT operation missing from AssocResp\n");
4329 if (!elems->vht_cap_elem && bss_elems->vht_cap_elem &&
4330 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_VHT) {
4331 elems->vht_cap_elem = bss_elems->vht_cap_elem;
4333 "AP bug: VHT capa missing from AssocResp\n");
4335 if (!elems->vht_operation && bss_elems->vht_operation &&
4336 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_VHT) {
4337 elems->vht_operation = bss_elems->vht_operation;
4339 "AP bug: VHT operation missing from AssocResp\n");
4346 * We previously checked these in the beacon/probe response, so
4347 * they should be present here. This is just a safety net.
4348 * Note that the ieee80211_config_bw() below would also check
4349 * for this (and more), but this has better error reporting.
4351 if (!is_6ghz && link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HT &&
4352 (!elems->wmm_param || !elems->ht_cap_elem || !elems->ht_operation)) {
4354 "HT AP is missing WMM params or HT capability/operation\n");
4359 if (is_5ghz && link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_VHT &&
4360 (!elems->vht_cap_elem || !elems->vht_operation)) {
4362 "VHT AP is missing VHT capability/operation\n");
4367 /* check/update if AP changed anything in assoc response vs. scan */
4368 if (ieee80211_config_bw(link, elems,
4369 link_id == assoc_data->assoc_link_id,
4375 if (WARN_ON(!link->conf->chanreq.oper.chan)) {
4379 sband = local->hw.wiphy->bands[link->conf->chanreq.oper.chan->band];
4381 /* Set up internal HT/VHT capabilities */
4382 if (elems->ht_cap_elem && link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HT)
4383 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband,
4387 if (elems->vht_cap_elem &&
4388 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_VHT) {
4389 const struct ieee80211_vht_cap *bss_vht_cap = NULL;
4390 const struct cfg80211_bss_ies *ies;
4393 * Cisco AP module 9115 with FW 17.3 has a bug and sends a
4394 * too large maximum MPDU length in the association response
4395 * (indicating 12k) that it cannot actually process ...
4399 ies = rcu_dereference(cbss->ies);
4401 const struct element *elem;
4403 elem = cfg80211_find_elem(WLAN_EID_VHT_CAPABILITY,
4404 ies->data, ies->len);
4405 if (elem && elem->datalen >= sizeof(*bss_vht_cap))
4406 bss_vht_cap = (const void *)elem->data;
4409 ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband,
4410 elems->vht_cap_elem,
4411 bss_vht_cap, link_sta);
4415 if (elems->he_operation &&
4416 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HE &&
4418 const struct ieee80211_he_6ghz_oper *he_6ghz_oper;
4420 ieee80211_he_cap_ie_to_sta_he_cap(sdata, sband,
4423 elems->he_6ghz_capa,
4426 he_6ghz_oper = ieee80211_he_6ghz_oper(elems->he_operation);
4428 if (is_6ghz && he_6ghz_oper) {
4429 switch (u8_get_bits(he_6ghz_oper->control,
4430 IEEE80211_HE_6GHZ_OPER_CTRL_REG_INFO)) {
4431 case IEEE80211_6GHZ_CTRL_REG_LPI_AP:
4432 bss_conf->power_type = IEEE80211_REG_LPI_AP;
4434 case IEEE80211_6GHZ_CTRL_REG_SP_AP:
4435 bss_conf->power_type = IEEE80211_REG_SP_AP;
4437 case IEEE80211_6GHZ_CTRL_REG_VLP_AP:
4438 bss_conf->power_type = IEEE80211_REG_VLP_AP;
4441 bss_conf->power_type = IEEE80211_REG_UNSET_AP;
4444 } else if (is_6ghz) {
4446 "HE 6 GHz operation missing (on %d MHz), expect issues\n",
4447 bss_conf->chanreq.oper.chan->center_freq);
4450 bss_conf->he_support = link_sta->pub->he_cap.has_he;
4451 if (elems->rsnx && elems->rsnx_len &&
4452 (elems->rsnx[0] & WLAN_RSNX_CAPA_PROTECTED_TWT) &&
4453 wiphy_ext_feature_isset(local->hw.wiphy,
4454 NL80211_EXT_FEATURE_PROTECTED_TWT))
4455 bss_conf->twt_protected = true;
4457 bss_conf->twt_protected = false;
4459 *changed |= ieee80211_recalc_twt_req(sdata, sband, link,
4462 if (elems->eht_operation && elems->eht_cap &&
4463 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_EHT) {
4464 ieee80211_eht_cap_ie_to_sta_eht_cap(sdata, sband,
4471 bss_conf->eht_support = link_sta->pub->eht_cap.has_eht;
4473 bss_conf->eht_support = false;
4476 bss_conf->he_support = false;
4477 bss_conf->twt_requester = false;
4478 bss_conf->twt_protected = false;
4479 bss_conf->eht_support = false;
4482 bss_conf->twt_broadcast =
4483 ieee80211_twt_bcast_support(sdata, bss_conf, sband, link_sta);
4485 if (bss_conf->he_support) {
4486 bss_conf->he_bss_color.color =
4487 le32_get_bits(elems->he_operation->he_oper_params,
4488 IEEE80211_HE_OPERATION_BSS_COLOR_MASK);
4489 bss_conf->he_bss_color.partial =
4490 le32_get_bits(elems->he_operation->he_oper_params,
4491 IEEE80211_HE_OPERATION_PARTIAL_BSS_COLOR);
4492 bss_conf->he_bss_color.enabled =
4493 !le32_get_bits(elems->he_operation->he_oper_params,
4494 IEEE80211_HE_OPERATION_BSS_COLOR_DISABLED);
4496 if (bss_conf->he_bss_color.enabled)
4497 *changed |= BSS_CHANGED_HE_BSS_COLOR;
4499 bss_conf->htc_trig_based_pkt_ext =
4500 le32_get_bits(elems->he_operation->he_oper_params,
4501 IEEE80211_HE_OPERATION_DFLT_PE_DURATION_MASK);
4502 bss_conf->frame_time_rts_th =
4503 le32_get_bits(elems->he_operation->he_oper_params,
4504 IEEE80211_HE_OPERATION_RTS_THRESHOLD_MASK);
4506 bss_conf->uora_exists = !!elems->uora_element;
4507 if (elems->uora_element)
4508 bss_conf->uora_ocw_range = elems->uora_element[0];
4510 ieee80211_he_op_ie_to_bss_conf(&sdata->vif, elems->he_operation);
4511 ieee80211_he_spr_ie_to_bss_conf(&sdata->vif, elems->he_spr);
4512 /* TODO: OPEN: what happens if BSS color disable is set? */
4515 if (cbss->transmitted_bss) {
4516 bss_conf->nontransmitted = true;
4517 ether_addr_copy(bss_conf->transmitter_bssid,
4518 cbss->transmitted_bss->bssid);
4519 bss_conf->bssid_indicator = cbss->max_bssid_indicator;
4520 bss_conf->bssid_index = cbss->bssid_index;
4524 * Some APs, e.g. Netgear WNDR3700, report invalid HT operation data
4525 * in their association response, so ignore that data for our own
4526 * configuration. If it changed since the last beacon, we'll get the
4527 * next beacon and update then.
4531 * If an operating mode notification IE is present, override the
4532 * NSS calculation (that would be done in rate_control_rate_init())
4533 * and use the # of streams from that element.
4535 if (elems->opmode_notif &&
4536 !(*elems->opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_TYPE_BF)) {
4539 nss = *elems->opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_MASK;
4540 nss >>= IEEE80211_OPMODE_NOTIF_RX_NSS_SHIFT;
4542 link_sta->pub->rx_nss = nss;
4546 * Always handle WMM once after association regardless
4547 * of the first value the AP uses. Setting -1 here has
4548 * that effect because the AP values is an unsigned
4551 link->u.mgd.wmm_last_param_set = -1;
4552 link->u.mgd.mu_edca_last_param_set = -1;
4554 if (link->u.mgd.disable_wmm_tracking) {
4555 ieee80211_set_wmm_default(link, false, false);
4556 } else if (!ieee80211_sta_wmm_params(local, link, elems->wmm_param,
4557 elems->wmm_param_len,
4558 elems->mu_edca_param_set)) {
4559 /* still enable QoS since we might have HT/VHT */
4560 ieee80211_set_wmm_default(link, false, true);
4561 /* disable WMM tracking in this case to disable
4562 * tracking WMM parameter changes in the beacon if
4563 * the parameters weren't actually valid. Doing so
4564 * avoids changing parameters very strangely when
4565 * the AP is going back and forth between valid and
4566 * invalid parameters.
4568 link->u.mgd.disable_wmm_tracking = true;
4571 if (elems->max_idle_period_ie) {
4572 bss_conf->max_idle_period =
4573 le16_to_cpu(elems->max_idle_period_ie->max_idle_period);
4574 bss_conf->protected_keep_alive =
4575 !!(elems->max_idle_period_ie->idle_options &
4576 WLAN_IDLE_OPTIONS_PROTECTED_KEEP_ALIVE);
4577 *changed |= BSS_CHANGED_KEEP_ALIVE;
4579 bss_conf->max_idle_period = 0;
4580 bss_conf->protected_keep_alive = false;
4583 /* set assoc capability (AID was already set earlier),
4584 * ieee80211_set_associated() will tell the driver */
4585 bss_conf->assoc_capability = capab_info;
4594 static int ieee80211_mgd_setup_link_sta(struct ieee80211_link_data *link,
4595 struct sta_info *sta,
4596 struct link_sta_info *link_sta,
4597 struct cfg80211_bss *cbss)
4599 struct ieee80211_sub_if_data *sdata = link->sdata;
4600 struct ieee80211_local *local = sdata->local;
4601 struct ieee80211_bss *bss = (void *)cbss->priv;
4602 u32 rates = 0, basic_rates = 0;
4603 bool have_higher_than_11mbit = false;
4604 int min_rate = INT_MAX, min_rate_index = -1;
4605 struct ieee80211_supported_band *sband;
4607 memcpy(link_sta->addr, cbss->bssid, ETH_ALEN);
4608 memcpy(link_sta->pub->addr, cbss->bssid, ETH_ALEN);
4610 /* TODO: S1G Basic Rate Set is expressed elsewhere */
4611 if (cbss->channel->band == NL80211_BAND_S1GHZ) {
4612 ieee80211_s1g_sta_rate_init(sta);
4616 sband = local->hw.wiphy->bands[cbss->channel->band];
4618 ieee80211_get_rates(sband, bss->supp_rates, bss->supp_rates_len,
4619 &rates, &basic_rates, &have_higher_than_11mbit,
4620 &min_rate, &min_rate_index);
4623 * This used to be a workaround for basic rates missing
4624 * in the association response frame. Now that we no
4625 * longer use the basic rates from there, it probably
4626 * doesn't happen any more, but keep the workaround so
4627 * in case some *other* APs are buggy in different ways
4628 * we can connect -- with a warning.
4629 * Allow this workaround only in case the AP provided at least
4632 if (min_rate_index < 0) {
4633 link_info(link, "No legacy rates in association response\n");
4635 } else if (!basic_rates) {
4636 link_info(link, "No basic rates, using min rate instead\n");
4637 basic_rates = BIT(min_rate_index);
4641 link_sta->pub->supp_rates[cbss->channel->band] = rates;
4643 link_info(link, "No rates found, keeping mandatory only\n");
4645 link->conf->basic_rates = basic_rates;
4647 /* cf. IEEE 802.11 9.2.12 */
4648 link->operating_11g_mode = sband->band == NL80211_BAND_2GHZ &&
4649 have_higher_than_11mbit;
4654 static u8 ieee80211_max_rx_chains(struct ieee80211_link_data *link,
4655 struct cfg80211_bss *cbss)
4657 struct ieee80211_he_mcs_nss_supp *he_mcs_nss_supp;
4658 const struct element *ht_cap_elem, *vht_cap_elem;
4659 const struct cfg80211_bss_ies *ies;
4660 const struct ieee80211_ht_cap *ht_cap;
4661 const struct ieee80211_vht_cap *vht_cap;
4662 const struct ieee80211_he_cap_elem *he_cap;
4663 const struct element *he_cap_elem;
4664 u16 mcs_80_map, mcs_160_map;
4665 int i, mcs_nss_size;
4669 if (link->u.mgd.conn.mode < IEEE80211_CONN_MODE_HT)
4672 ht_cap_elem = ieee80211_bss_get_elem(cbss, WLAN_EID_HT_CAPABILITY);
4673 if (ht_cap_elem && ht_cap_elem->datalen >= sizeof(*ht_cap)) {
4674 ht_cap = (void *)ht_cap_elem->data;
4675 chains = ieee80211_mcs_to_chains(&ht_cap->mcs);
4677 * TODO: use "Tx Maximum Number Spatial Streams Supported" and
4678 * "Tx Unequal Modulation Supported" fields.
4682 if (link->u.mgd.conn.mode < IEEE80211_CONN_MODE_VHT)
4685 vht_cap_elem = ieee80211_bss_get_elem(cbss, WLAN_EID_VHT_CAPABILITY);
4686 if (vht_cap_elem && vht_cap_elem->datalen >= sizeof(*vht_cap)) {
4690 vht_cap = (void *)vht_cap_elem->data;
4691 tx_mcs_map = le16_to_cpu(vht_cap->supp_mcs.tx_mcs_map);
4692 for (nss = 8; nss > 0; nss--) {
4693 if (((tx_mcs_map >> (2 * (nss - 1))) & 3) !=
4694 IEEE80211_VHT_MCS_NOT_SUPPORTED)
4697 /* TODO: use "Tx Highest Supported Long GI Data Rate" field? */
4698 chains = max(chains, nss);
4701 if (link->u.mgd.conn.mode < IEEE80211_CONN_MODE_HE)
4704 ies = rcu_dereference(cbss->ies);
4705 he_cap_elem = cfg80211_find_ext_elem(WLAN_EID_EXT_HE_CAPABILITY,
4706 ies->data, ies->len);
4708 if (!he_cap_elem || he_cap_elem->datalen < sizeof(*he_cap))
4711 /* skip one byte ext_tag_id */
4712 he_cap = (void *)(he_cap_elem->data + 1);
4713 mcs_nss_size = ieee80211_he_mcs_nss_size(he_cap);
4716 if (he_cap_elem->datalen < 1 + mcs_nss_size + sizeof(*he_cap))
4719 /* mcs_nss is right after he_cap info */
4720 he_mcs_nss_supp = (void *)(he_cap + 1);
4722 mcs_80_map = le16_to_cpu(he_mcs_nss_supp->tx_mcs_80);
4724 for (i = 7; i >= 0; i--) {
4725 u8 mcs_80 = mcs_80_map >> (2 * i) & 3;
4727 if (mcs_80 != IEEE80211_VHT_MCS_NOT_SUPPORTED) {
4728 chains = max_t(u8, chains, i + 1);
4733 support_160 = he_cap->phy_cap_info[0] &
4734 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G;
4739 mcs_160_map = le16_to_cpu(he_mcs_nss_supp->tx_mcs_160);
4740 for (i = 7; i >= 0; i--) {
4741 u8 mcs_160 = mcs_160_map >> (2 * i) & 3;
4743 if (mcs_160 != IEEE80211_VHT_MCS_NOT_SUPPORTED) {
4744 chains = max_t(u8, chains, i + 1);
4753 ieee80211_determine_our_sta_mode(struct ieee80211_sub_if_data *sdata,
4754 struct ieee80211_supported_band *sband,
4755 struct cfg80211_assoc_request *req,
4756 bool wmm_used, int link_id,
4757 struct ieee80211_conn_settings *conn)
4759 struct ieee80211_sta_ht_cap sta_ht_cap = sband->ht_cap;
4760 bool is_5ghz = sband->band == NL80211_BAND_5GHZ;
4761 bool is_6ghz = sband->band == NL80211_BAND_6GHZ;
4762 const struct ieee80211_sta_he_cap *he_cap;
4763 const struct ieee80211_sta_eht_cap *eht_cap;
4764 struct ieee80211_sta_vht_cap vht_cap;
4766 if (sband->band == NL80211_BAND_S1GHZ) {
4767 conn->mode = IEEE80211_CONN_MODE_S1G;
4768 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_20;
4769 mlme_dbg(sdata, "operating as S1G STA\n");
4773 conn->mode = IEEE80211_CONN_MODE_LEGACY;
4774 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_20;
4776 ieee80211_apply_htcap_overrides(sdata, &sta_ht_cap);
4778 if (req && req->flags & ASSOC_REQ_DISABLE_HT) {
4779 mlme_link_id_dbg(sdata, link_id,
4780 "HT disabled by flag, limiting to legacy\n");
4785 mlme_link_id_dbg(sdata, link_id,
4786 "WMM/QoS not supported, limiting to legacy\n");
4793 for (i = 0; i < req->crypto.n_ciphers_pairwise; i++) {
4794 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 ||
4795 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP ||
4796 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) {
4797 netdev_info(sdata->dev,
4798 "WEP/TKIP use, limiting to legacy\n");
4804 if (!sta_ht_cap.ht_supported && !is_6ghz) {
4805 mlme_link_id_dbg(sdata, link_id,
4806 "HT not supported (and not on 6 GHz), limiting to legacy\n");
4811 conn->mode = IEEE80211_CONN_MODE_HT;
4812 conn->bw_limit = sta_ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40 ?
4813 IEEE80211_CONN_BW_LIMIT_40 :
4814 IEEE80211_CONN_BW_LIMIT_20;
4816 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap));
4817 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap);
4819 if (req && req->flags & ASSOC_REQ_DISABLE_VHT) {
4820 mlme_link_id_dbg(sdata, link_id,
4821 "VHT disabled by flag, limiting to HT\n");
4825 if (vht_cap.vht_supported && is_5ghz) {
4826 bool have_80mhz = false;
4829 if (conn->bw_limit == IEEE80211_CONN_BW_LIMIT_20) {
4830 mlme_link_id_dbg(sdata, link_id,
4831 "no 40 MHz support on 5 GHz, limiting to HT\n");
4835 /* Allow VHT if at least one channel on the sband supports 80 MHz */
4836 for (i = 0; i < sband->n_channels; i++) {
4837 if (sband->channels[i].flags & (IEEE80211_CHAN_DISABLED |
4838 IEEE80211_CHAN_NO_80MHZ))
4846 mlme_link_id_dbg(sdata, link_id,
4847 "no 80 MHz channel support on 5 GHz, limiting to HT\n");
4850 } else if (is_5ghz) { /* !vht_supported but on 5 GHz */
4851 mlme_link_id_dbg(sdata, link_id,
4852 "no VHT support on 5 GHz, limiting to HT\n");
4856 /* VHT - if we have - is fine, including 80 MHz, check 160 below again */
4857 if (sband->band != NL80211_BAND_2GHZ) {
4858 conn->mode = IEEE80211_CONN_MODE_VHT;
4859 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_160;
4863 !(vht_cap.cap & (IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ |
4864 IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ))) {
4865 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_80;
4866 mlme_link_id_dbg(sdata, link_id,
4867 "no VHT 160 MHz capability on 5 GHz, limiting to 80 MHz");
4870 if (req && req->flags & ASSOC_REQ_DISABLE_HE) {
4871 mlme_link_id_dbg(sdata, link_id,
4872 "HE disabled by flag, limiting to HT/VHT\n");
4876 he_cap = ieee80211_get_he_iftype_cap_vif(sband, &sdata->vif);
4879 mlme_link_id_dbg(sdata, link_id,
4880 "no HE support, limiting to HT/VHT\n");
4885 conn->mode = IEEE80211_CONN_MODE_HE;
4887 /* check bandwidth */
4888 switch (sband->band) {
4890 case NL80211_BAND_2GHZ:
4891 if (he_cap->he_cap_elem.phy_cap_info[0] &
4892 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_40MHZ_IN_2G)
4894 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_20;
4895 mlme_link_id_dbg(sdata, link_id,
4896 "no 40 MHz HE cap in 2.4 GHz, limiting to 20 MHz\n");
4898 case NL80211_BAND_5GHZ:
4899 if (!(he_cap->he_cap_elem.phy_cap_info[0] &
4900 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_40MHZ_80MHZ_IN_5G)) {
4901 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_20;
4902 mlme_link_id_dbg(sdata, link_id,
4903 "no 40/80 MHz HE cap in 5 GHz, limiting to 20 MHz\n");
4906 if (!(he_cap->he_cap_elem.phy_cap_info[0] &
4907 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G)) {
4908 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
4910 IEEE80211_CONN_BW_LIMIT_80);
4911 mlme_link_id_dbg(sdata, link_id,
4912 "no 160 MHz HE cap in 5 GHz, limiting to 80 MHz\n");
4915 case NL80211_BAND_6GHZ:
4916 if (he_cap->he_cap_elem.phy_cap_info[0] &
4917 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G)
4919 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
4921 IEEE80211_CONN_BW_LIMIT_80);
4922 mlme_link_id_dbg(sdata, link_id,
4923 "no 160 MHz HE cap in 6 GHz, limiting to 80 MHz\n");
4927 if (req && req->flags & ASSOC_REQ_DISABLE_EHT) {
4928 mlme_link_id_dbg(sdata, link_id,
4929 "EHT disabled by flag, limiting to HE\n");
4933 eht_cap = ieee80211_get_eht_iftype_cap_vif(sband, &sdata->vif);
4935 mlme_link_id_dbg(sdata, link_id,
4936 "no EHT support, limiting to HE\n");
4942 conn->mode = IEEE80211_CONN_MODE_EHT;
4944 /* check bandwidth */
4946 eht_cap->eht_cap_elem.phy_cap_info[0] & IEEE80211_EHT_PHY_CAP0_320MHZ_IN_6GHZ)
4947 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_320;
4949 mlme_link_id_dbg(sdata, link_id,
4950 "no EHT 320 MHz cap in 6 GHz, limiting to 160 MHz\n");
4953 mlme_link_id_dbg(sdata, link_id,
4954 "determined local STA to be %s, BW limited to %d MHz\n",
4955 ieee80211_conn_mode_str(conn->mode),
4956 20 * (1 << conn->bw_limit));
4960 ieee80211_determine_our_sta_mode_auth(struct ieee80211_sub_if_data *sdata,
4961 struct ieee80211_supported_band *sband,
4962 struct cfg80211_auth_request *req,
4964 struct ieee80211_conn_settings *conn)
4966 ieee80211_determine_our_sta_mode(sdata, sband, NULL, wmm_used,
4967 req->link_id > 0 ? req->link_id : 0,
4972 ieee80211_determine_our_sta_mode_assoc(struct ieee80211_sub_if_data *sdata,
4973 struct ieee80211_supported_band *sband,
4974 struct cfg80211_assoc_request *req,
4975 bool wmm_used, int link_id,
4976 struct ieee80211_conn_settings *conn)
4978 struct ieee80211_conn_settings tmp;
4982 ieee80211_determine_our_sta_mode(sdata, sband, req, wmm_used, link_id,
4985 conn->mode = min_t(enum ieee80211_conn_mode,
4986 conn->mode, tmp.mode);
4987 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
4988 conn->bw_limit, tmp.bw_limit);
4991 static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata,
4992 struct ieee80211_link_data *link,
4994 struct cfg80211_bss *cbss, bool mlo,
4995 struct ieee80211_conn_settings *conn)
4997 struct ieee80211_local *local = sdata->local;
4998 bool is_6ghz = cbss->channel->band == NL80211_BAND_6GHZ;
4999 struct ieee80211_chan_req chanreq = {};
5000 struct ieee802_11_elems *elems;
5004 lockdep_assert_wiphy(local->hw.wiphy);
5007 elems = ieee80211_determine_chan_mode(sdata, conn, cbss, link_id,
5010 if (IS_ERR(elems)) {
5012 return PTR_ERR(elems);
5015 if (mlo && !elems->ml_basic) {
5016 sdata_info(sdata, "Rejecting MLO as it is not supported by AP\n");
5022 if (link && is_6ghz && conn->mode >= IEEE80211_CONN_MODE_HE) {
5023 struct ieee80211_bss_conf *bss_conf;
5026 bss_conf = link->conf;
5028 if (elems->pwr_constr_elem)
5029 bss_conf->pwr_reduction = *elems->pwr_constr_elem;
5031 BUILD_BUG_ON(ARRAY_SIZE(bss_conf->tx_pwr_env) !=
5032 ARRAY_SIZE(elems->tx_pwr_env));
5034 for (i = 0; i < elems->tx_pwr_env_num; i++) {
5035 if (elems->tx_pwr_env_len[i] > sizeof(bss_conf->tx_pwr_env[j]))
5038 bss_conf->tx_pwr_env_num++;
5039 memcpy(&bss_conf->tx_pwr_env[j], elems->tx_pwr_env[i],
5040 elems->tx_pwr_env_len[i]);
5045 /* the element data was RCU protected so no longer valid anyway */
5053 link->needed_rx_chains = min(ieee80211_max_rx_chains(link, cbss),
5058 * If this fails (possibly due to channel context sharing
5059 * on incompatible channels, e.g. 80+80 and 160 sharing the
5060 * same control channel) try to use a smaller bandwidth.
5062 ret = ieee80211_link_use_channel(link, &chanreq,
5063 IEEE80211_CHANCTX_SHARED);
5065 /* don't downgrade for 5 and 10 MHz channels, though. */
5066 if (chanreq.oper.width == NL80211_CHAN_WIDTH_5 ||
5067 chanreq.oper.width == NL80211_CHAN_WIDTH_10)
5070 while (ret && chanreq.oper.width != NL80211_CHAN_WIDTH_20_NOHT) {
5071 ieee80211_chanreq_downgrade(&chanreq, conn);
5073 ret = ieee80211_link_use_channel(link, &chanreq,
5074 IEEE80211_CHANCTX_SHARED);
5080 static bool ieee80211_get_dtim(const struct cfg80211_bss_ies *ies,
5081 u8 *dtim_count, u8 *dtim_period)
5083 const u8 *tim_ie = cfg80211_find_ie(WLAN_EID_TIM, ies->data, ies->len);
5084 const u8 *idx_ie = cfg80211_find_ie(WLAN_EID_MULTI_BSSID_IDX, ies->data,
5086 const struct ieee80211_tim_ie *tim = NULL;
5087 const struct ieee80211_bssid_index *idx;
5088 bool valid = tim_ie && tim_ie[1] >= 2;
5091 tim = (void *)(tim_ie + 2);
5094 *dtim_count = valid ? tim->dtim_count : 0;
5097 *dtim_period = valid ? tim->dtim_period : 0;
5099 /* Check if value is overridden by non-transmitted profile */
5100 if (!idx_ie || idx_ie[1] < 3)
5103 idx = (void *)(idx_ie + 2);
5106 *dtim_count = idx->dtim_count;
5109 *dtim_period = idx->dtim_period;
5114 static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata,
5115 struct ieee80211_mgmt *mgmt,
5116 struct ieee802_11_elems *elems,
5117 const u8 *elem_start, unsigned int elem_len)
5119 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
5120 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
5121 struct ieee80211_local *local = sdata->local;
5122 unsigned int link_id;
5123 struct sta_info *sta;
5124 u64 changed[IEEE80211_MLD_MAX_NUM_LINKS] = {};
5125 u16 valid_links = 0, dormant_links = 0;
5128 lockdep_assert_wiphy(sdata->local->hw.wiphy);
5130 * station info was already allocated and inserted before
5131 * the association and should be available to us
5133 sta = sta_info_get(sdata, assoc_data->ap_addr);
5137 sta->sta.spp_amsdu = assoc_data->spp_amsdu;
5139 if (ieee80211_vif_is_mld(&sdata->vif)) {
5140 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
5141 if (!assoc_data->link[link_id].bss)
5144 valid_links |= BIT(link_id);
5145 if (assoc_data->link[link_id].disabled)
5146 dormant_links |= BIT(link_id);
5148 if (link_id != assoc_data->assoc_link_id) {
5149 err = ieee80211_sta_allocate_link(sta, link_id);
5155 ieee80211_vif_set_links(sdata, valid_links, dormant_links);
5158 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
5159 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss;
5160 struct ieee80211_link_data *link;
5161 struct link_sta_info *link_sta;
5166 link = sdata_dereference(sdata->link[link_id], sdata);
5170 if (ieee80211_vif_is_mld(&sdata->vif))
5172 "local address %pM, AP link address %pM%s\n",
5174 assoc_data->link[link_id].bss->bssid,
5175 link_id == assoc_data->assoc_link_id ?
5178 link_sta = rcu_dereference_protected(sta->link[link_id],
5179 lockdep_is_held(&local->hw.wiphy->mtx));
5180 if (WARN_ON(!link_sta))
5183 if (!link->u.mgd.have_beacon) {
5184 const struct cfg80211_bss_ies *ies;
5187 ies = rcu_dereference(cbss->beacon_ies);
5189 link->u.mgd.have_beacon = true;
5191 ies = rcu_dereference(cbss->ies);
5192 ieee80211_get_dtim(ies,
5193 &link->conf->sync_dtim_count,
5194 &link->u.mgd.dtim_period);
5195 link->conf->beacon_int = cbss->beacon_interval;
5199 link->conf->dtim_period = link->u.mgd.dtim_period ?: 1;
5201 if (link_id != assoc_data->assoc_link_id) {
5202 link->u.mgd.conn = assoc_data->link[link_id].conn;
5204 err = ieee80211_prep_channel(sdata, link, link_id, cbss,
5205 true, &link->u.mgd.conn);
5207 link_info(link, "prep_channel failed\n");
5212 err = ieee80211_mgd_setup_link_sta(link, sta, link_sta,
5213 assoc_data->link[link_id].bss);
5217 if (!ieee80211_assoc_config_link(link, link_sta,
5218 assoc_data->link[link_id].bss,
5219 mgmt, elem_start, elem_len,
5223 if (assoc_data->link[link_id].status != WLAN_STATUS_SUCCESS) {
5224 valid_links &= ~BIT(link_id);
5225 ieee80211_sta_remove_link(sta, link_id);
5229 if (link_id != assoc_data->assoc_link_id) {
5230 err = ieee80211_sta_activate_link(sta, link_id);
5236 /* links might have changed due to rejected ones, set them again */
5237 ieee80211_vif_set_links(sdata, valid_links, dormant_links);
5239 rate_control_rate_init(sta);
5241 if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED) {
5242 set_sta_flag(sta, WLAN_STA_MFP);
5243 sta->sta.mfp = true;
5245 sta->sta.mfp = false;
5248 ieee80211_sta_set_max_amsdu_subframes(sta, elems->ext_capab,
5249 elems->ext_capab_len);
5251 sta->sta.wme = (elems->wmm_param || elems->s1g_capab) &&
5252 local->hw.queues >= IEEE80211_NUM_ACS;
5254 err = sta_info_move_state(sta, IEEE80211_STA_ASSOC);
5255 if (!err && !(ifmgd->flags & IEEE80211_STA_CONTROL_PORT))
5256 err = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED);
5259 "failed to move station %pM to desired state\n",
5261 WARN_ON(__sta_info_destroy(sta));
5265 if (sdata->wdev.use_4addr)
5266 drv_sta_set_4addr(local, sdata, &sta->sta, true);
5268 ieee80211_set_associated(sdata, assoc_data, changed);
5271 * If we're using 4-addr mode, let the AP know that we're
5272 * doing so, so that it can create the STA VLAN on its side
5274 if (ifmgd->use_4addr)
5275 ieee80211_send_4addr_nullfunc(local, sdata);
5278 * Start timer to probe the connection to the AP now.
5279 * Also start the timer that will detect beacon loss.
5281 ieee80211_sta_reset_beacon_monitor(sdata);
5282 ieee80211_sta_reset_conn_monitor(sdata);
5286 eth_zero_addr(sdata->vif.cfg.ap_addr);
5290 static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
5291 struct ieee80211_mgmt *mgmt,
5294 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
5295 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
5296 u16 capab_info, status_code, aid;
5297 struct ieee80211_elems_parse_params parse_params = {
5302 struct ieee802_11_elems *elems;
5304 const u8 *elem_start;
5305 unsigned int elem_len;
5307 struct ieee80211_event event = {
5309 .u.mlme.data = ASSOC_EVENT,
5311 struct ieee80211_prep_tx_info info = {};
5312 struct cfg80211_rx_assoc_resp_data resp = {
5315 u8 ap_mld_addr[ETH_ALEN] __aligned(2);
5316 unsigned int link_id;
5318 lockdep_assert_wiphy(sdata->local->hw.wiphy);
5324 assoc_data->link[assoc_data->assoc_link_id].conn.mode;
5326 if (!ether_addr_equal(assoc_data->ap_addr, mgmt->bssid) ||
5327 !ether_addr_equal(assoc_data->ap_addr, mgmt->sa))
5331 * AssocResp and ReassocResp have identical structure, so process both
5332 * of them in this function.
5338 reassoc = ieee80211_is_reassoc_resp(mgmt->frame_control);
5339 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
5340 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
5341 if (assoc_data->s1g)
5342 elem_start = mgmt->u.s1g_assoc_resp.variable;
5344 elem_start = mgmt->u.assoc_resp.variable;
5347 * Note: this may not be perfect, AP might misbehave - if
5348 * anyone needs to rely on perfect complete notification
5349 * with the exact right subtype, then we need to track what
5350 * we actually transmitted.
5352 info.subtype = reassoc ? IEEE80211_STYPE_REASSOC_REQ :
5353 IEEE80211_STYPE_ASSOC_REQ;
5355 if (assoc_data->fils_kek_len &&
5356 fils_decrypt_assoc_resp(sdata, (u8 *)mgmt, &len, assoc_data) < 0)
5359 elem_len = len - (elem_start - (u8 *)mgmt);
5360 parse_params.start = elem_start;
5361 parse_params.len = elem_len;
5362 elems = ieee802_11_parse_elems_full(&parse_params);
5366 if (elems->aid_resp)
5367 aid = le16_to_cpu(elems->aid_resp->aid);
5368 else if (assoc_data->s1g)
5371 aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
5374 * The 5 MSB of the AID field are reserved
5375 * (802.11-2016 9.4.1.8 AID field)
5380 "RX %sssocResp from %pM (capab=0x%x status=%d aid=%d)\n",
5381 reassoc ? "Rea" : "A", assoc_data->ap_addr,
5382 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14))));
5384 ifmgd->broken_ap = false;
5386 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY &&
5387 elems->timeout_int &&
5388 elems->timeout_int->type == WLAN_TIMEOUT_ASSOC_COMEBACK) {
5391 cfg80211_assoc_comeback(sdata->dev, assoc_data->ap_addr,
5392 le32_to_cpu(elems->timeout_int->value));
5394 tu = le32_to_cpu(elems->timeout_int->value);
5395 ms = tu * 1024 / 1000;
5397 "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n",
5398 assoc_data->ap_addr, tu, ms);
5399 assoc_data->timeout = jiffies + msecs_to_jiffies(ms);
5400 assoc_data->timeout_started = true;
5401 assoc_data->comeback = true;
5402 if (ms > IEEE80211_ASSOC_TIMEOUT)
5403 run_again(sdata, assoc_data->timeout);
5407 if (status_code != WLAN_STATUS_SUCCESS) {
5408 sdata_info(sdata, "%pM denied association (code=%d)\n",
5409 assoc_data->ap_addr, status_code);
5410 event.u.mlme.status = MLME_DENIED;
5411 event.u.mlme.reason = status_code;
5412 drv_event_callback(sdata->local, sdata, &event);
5414 if (aid == 0 || aid > IEEE80211_MAX_AID) {
5416 "invalid AID value %d (out of range), turn off PS\n",
5419 ifmgd->broken_ap = true;
5422 if (ieee80211_vif_is_mld(&sdata->vif)) {
5423 struct ieee80211_mle_basic_common_info *common;
5425 if (!elems->ml_basic) {
5427 "MLO association with %pM but no (basic) multi-link element in response!\n",
5428 assoc_data->ap_addr);
5432 common = (void *)elems->ml_basic->variable;
5434 if (memcmp(assoc_data->ap_addr,
5435 common->mld_mac_addr, ETH_ALEN)) {
5437 "AP MLD MAC address mismatch: got %pM expected %pM\n",
5438 common->mld_mac_addr,
5439 assoc_data->ap_addr);
5443 sdata->vif.cfg.eml_cap =
5444 ieee80211_mle_get_eml_cap((const void *)elems->ml_basic);
5445 sdata->vif.cfg.eml_med_sync_delay =
5446 ieee80211_mle_get_eml_med_sync_delay((const void *)elems->ml_basic);
5447 sdata->vif.cfg.mld_capa_op =
5448 ieee80211_mle_get_mld_capa_op((const void *)elems->ml_basic);
5451 sdata->vif.cfg.aid = aid;
5453 if (!ieee80211_assoc_success(sdata, mgmt, elems,
5454 elem_start, elem_len)) {
5455 /* oops -- internal error -- send timeout for now */
5456 ieee80211_destroy_assoc_data(sdata, ASSOC_TIMEOUT);
5459 event.u.mlme.status = MLME_SUCCESS;
5460 drv_event_callback(sdata->local, sdata, &event);
5461 sdata_info(sdata, "associated\n");
5466 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
5467 struct ieee80211_link_data *link;
5469 if (!assoc_data->link[link_id].bss)
5472 resp.links[link_id].bss = assoc_data->link[link_id].bss;
5473 ether_addr_copy(resp.links[link_id].addr,
5474 assoc_data->link[link_id].addr);
5475 resp.links[link_id].status = assoc_data->link[link_id].status;
5477 link = sdata_dereference(sdata->link[link_id], sdata);
5481 /* get uapsd queues configuration - same for all links */
5482 resp.uapsd_queues = 0;
5483 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++)
5484 if (link->tx_conf[ac].uapsd)
5485 resp.uapsd_queues |= ieee80211_ac_to_qos_mask[ac];
5488 if (ieee80211_vif_is_mld(&sdata->vif)) {
5489 ether_addr_copy(ap_mld_addr, sdata->vif.cfg.ap_addr);
5490 resp.ap_mld_addr = ap_mld_addr;
5493 ieee80211_destroy_assoc_data(sdata,
5494 status_code == WLAN_STATUS_SUCCESS ?
5498 resp.buf = (u8 *)mgmt;
5500 resp.req_ies = ifmgd->assoc_req_ies;
5501 resp.req_ies_len = ifmgd->assoc_req_ies_len;
5502 cfg80211_rx_assoc_resp(sdata->dev, &resp);
5504 drv_mgd_complete_tx(sdata->local, sdata, &info);
5508 ieee80211_destroy_assoc_data(sdata, ASSOC_ABANDON);
5512 static void ieee80211_rx_bss_info(struct ieee80211_link_data *link,
5513 struct ieee80211_mgmt *mgmt, size_t len,
5514 struct ieee80211_rx_status *rx_status)
5516 struct ieee80211_sub_if_data *sdata = link->sdata;
5517 struct ieee80211_local *local = sdata->local;
5518 struct ieee80211_bss *bss;
5519 struct ieee80211_channel *channel;
5521 lockdep_assert_wiphy(sdata->local->hw.wiphy);
5523 channel = ieee80211_get_channel_khz(local->hw.wiphy,
5524 ieee80211_rx_status_to_khz(rx_status));
5528 bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, channel);
5530 link->conf->beacon_rate = bss->beacon_rate;
5531 ieee80211_rx_bss_put(local, bss);
5536 static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_link_data *link,
5537 struct sk_buff *skb)
5539 struct ieee80211_sub_if_data *sdata = link->sdata;
5540 struct ieee80211_mgmt *mgmt = (void *)skb->data;
5541 struct ieee80211_if_managed *ifmgd;
5542 struct ieee80211_rx_status *rx_status = (void *) skb->cb;
5543 struct ieee80211_channel *channel;
5544 size_t baselen, len = skb->len;
5546 ifmgd = &sdata->u.mgd;
5548 lockdep_assert_wiphy(sdata->local->hw.wiphy);
5551 * According to Draft P802.11ax D6.0 clause 26.17.2.3.2:
5552 * "If a 6 GHz AP receives a Probe Request frame and responds with
5553 * a Probe Response frame [..], the Address 1 field of the Probe
5554 * Response frame shall be set to the broadcast address [..]"
5555 * So, on 6GHz band we should also accept broadcast responses.
5557 channel = ieee80211_get_channel(sdata->local->hw.wiphy,
5562 if (!ether_addr_equal(mgmt->da, sdata->vif.addr) &&
5563 (channel->band != NL80211_BAND_6GHZ ||
5564 !is_broadcast_ether_addr(mgmt->da)))
5565 return; /* ignore ProbeResp to foreign address */
5567 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt;
5571 ieee80211_rx_bss_info(link, mgmt, len, rx_status);
5573 if (ifmgd->associated &&
5574 ether_addr_equal(mgmt->bssid, link->u.mgd.bssid))
5575 ieee80211_reset_ap_probe(sdata);
5579 * This is the canonical list of information elements we care about,
5580 * the filter code also gives us all changes to the Microsoft OUI
5581 * (00:50:F2) vendor IE which is used for WMM which we need to track,
5582 * as well as the DTPC IE (part of the Cisco OUI) used for signaling
5583 * changes to requested client power.
5585 * We implement beacon filtering in software since that means we can
5586 * avoid processing the frame here and in cfg80211, and userspace
5587 * will not be able to tell whether the hardware supports it or not.
5589 * XXX: This list needs to be dynamic -- userspace needs to be able to
5590 * add items it requires. It also needs to be able to tell us to
5591 * look out for other vendor IEs.
5593 static const u64 care_about_ies =
5594 (1ULL << WLAN_EID_COUNTRY) |
5595 (1ULL << WLAN_EID_ERP_INFO) |
5596 (1ULL << WLAN_EID_CHANNEL_SWITCH) |
5597 (1ULL << WLAN_EID_PWR_CONSTRAINT) |
5598 (1ULL << WLAN_EID_HT_CAPABILITY) |
5599 (1ULL << WLAN_EID_HT_OPERATION) |
5600 (1ULL << WLAN_EID_EXT_CHANSWITCH_ANN);
5602 static void ieee80211_handle_beacon_sig(struct ieee80211_link_data *link,
5603 struct ieee80211_if_managed *ifmgd,
5604 struct ieee80211_bss_conf *bss_conf,
5605 struct ieee80211_local *local,
5606 struct ieee80211_rx_status *rx_status)
5608 struct ieee80211_sub_if_data *sdata = link->sdata;
5610 /* Track average RSSI from the Beacon frames of the current AP */
5612 if (!link->u.mgd.tracking_signal_avg) {
5613 link->u.mgd.tracking_signal_avg = true;
5614 ewma_beacon_signal_init(&link->u.mgd.ave_beacon_signal);
5615 link->u.mgd.last_cqm_event_signal = 0;
5616 link->u.mgd.count_beacon_signal = 1;
5617 link->u.mgd.last_ave_beacon_signal = 0;
5619 link->u.mgd.count_beacon_signal++;
5622 ewma_beacon_signal_add(&link->u.mgd.ave_beacon_signal,
5623 -rx_status->signal);
5625 if (ifmgd->rssi_min_thold != ifmgd->rssi_max_thold &&
5626 link->u.mgd.count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) {
5627 int sig = -ewma_beacon_signal_read(&link->u.mgd.ave_beacon_signal);
5628 int last_sig = link->u.mgd.last_ave_beacon_signal;
5629 struct ieee80211_event event = {
5634 * if signal crosses either of the boundaries, invoke callback
5635 * with appropriate parameters
5637 if (sig > ifmgd->rssi_max_thold &&
5638 (last_sig <= ifmgd->rssi_min_thold || last_sig == 0)) {
5639 link->u.mgd.last_ave_beacon_signal = sig;
5640 event.u.rssi.data = RSSI_EVENT_HIGH;
5641 drv_event_callback(local, sdata, &event);
5642 } else if (sig < ifmgd->rssi_min_thold &&
5643 (last_sig >= ifmgd->rssi_max_thold ||
5645 link->u.mgd.last_ave_beacon_signal = sig;
5646 event.u.rssi.data = RSSI_EVENT_LOW;
5647 drv_event_callback(local, sdata, &event);
5651 if (bss_conf->cqm_rssi_thold &&
5652 link->u.mgd.count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT &&
5653 !(sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI)) {
5654 int sig = -ewma_beacon_signal_read(&link->u.mgd.ave_beacon_signal);
5655 int last_event = link->u.mgd.last_cqm_event_signal;
5656 int thold = bss_conf->cqm_rssi_thold;
5657 int hyst = bss_conf->cqm_rssi_hyst;
5660 (last_event == 0 || sig < last_event - hyst)) {
5661 link->u.mgd.last_cqm_event_signal = sig;
5662 ieee80211_cqm_rssi_notify(
5664 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW,
5666 } else if (sig > thold &&
5667 (last_event == 0 || sig > last_event + hyst)) {
5668 link->u.mgd.last_cqm_event_signal = sig;
5669 ieee80211_cqm_rssi_notify(
5671 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH,
5676 if (bss_conf->cqm_rssi_low &&
5677 link->u.mgd.count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) {
5678 int sig = -ewma_beacon_signal_read(&link->u.mgd.ave_beacon_signal);
5679 int last_event = link->u.mgd.last_cqm_event_signal;
5680 int low = bss_conf->cqm_rssi_low;
5681 int high = bss_conf->cqm_rssi_high;
5684 (last_event == 0 || last_event >= low)) {
5685 link->u.mgd.last_cqm_event_signal = sig;
5686 ieee80211_cqm_rssi_notify(
5688 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW,
5690 } else if (sig > high &&
5691 (last_event == 0 || last_event <= high)) {
5692 link->u.mgd.last_cqm_event_signal = sig;
5693 ieee80211_cqm_rssi_notify(
5695 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH,
5701 static bool ieee80211_rx_our_beacon(const u8 *tx_bssid,
5702 struct cfg80211_bss *bss)
5704 if (ether_addr_equal(tx_bssid, bss->bssid))
5706 if (!bss->transmitted_bss)
5708 return ether_addr_equal(tx_bssid, bss->transmitted_bss->bssid);
5711 static void ieee80211_ml_reconf_work(struct wiphy *wiphy,
5712 struct wiphy_work *work)
5714 struct ieee80211_sub_if_data *sdata =
5715 container_of(work, struct ieee80211_sub_if_data,
5716 u.mgd.ml_reconf_work.work);
5717 u16 new_valid_links, new_active_links, new_dormant_links;
5720 if (!sdata->u.mgd.removed_links)
5724 "MLO Reconfiguration: work: valid=0x%x, removed=0x%x\n",
5725 sdata->vif.valid_links, sdata->u.mgd.removed_links);
5727 new_valid_links = sdata->vif.valid_links & ~sdata->u.mgd.removed_links;
5728 if (new_valid_links == sdata->vif.valid_links)
5731 if (!new_valid_links ||
5732 !(new_valid_links & ~sdata->vif.dormant_links)) {
5733 sdata_info(sdata, "No valid links after reconfiguration\n");
5738 new_active_links = sdata->vif.active_links & ~sdata->u.mgd.removed_links;
5739 if (new_active_links != sdata->vif.active_links) {
5740 if (!new_active_links)
5742 BIT(ffs(new_valid_links &
5743 ~sdata->vif.dormant_links) - 1);
5745 ret = ieee80211_set_active_links(&sdata->vif, new_active_links);
5748 "Failed setting active links\n");
5753 new_dormant_links = sdata->vif.dormant_links & ~sdata->u.mgd.removed_links;
5755 ret = ieee80211_vif_set_links(sdata, new_valid_links,
5758 sdata_info(sdata, "Failed setting valid links\n");
5760 ieee80211_vif_cfg_change_notify(sdata, BSS_CHANGED_MLD_VALID_LINKS);
5764 cfg80211_links_removed(sdata->dev, sdata->u.mgd.removed_links);
5766 __ieee80211_disconnect(sdata);
5768 sdata->u.mgd.removed_links = 0;
5771 static void ieee80211_ml_reconfiguration(struct ieee80211_sub_if_data *sdata,
5772 struct ieee802_11_elems *elems)
5774 const struct element *sub;
5775 unsigned long removed_links = 0;
5776 u16 link_removal_timeout[IEEE80211_MLD_MAX_NUM_LINKS] = {};
5780 if (!ieee80211_vif_is_mld(&sdata->vif) || !elems->ml_reconf)
5783 /* Directly parse the sub elements as the common information doesn't
5784 * hold any useful information.
5786 for_each_mle_subelement(sub, (const u8 *)elems->ml_reconf,
5787 elems->ml_reconf_len) {
5788 struct ieee80211_mle_per_sta_profile *prof = (void *)sub->data;
5789 u8 *pos = prof->variable;
5792 if (sub->id != IEEE80211_MLE_SUBELEM_PER_STA_PROFILE)
5795 if (!ieee80211_mle_reconf_sta_prof_size_ok(sub->data,
5799 control = le16_to_cpu(prof->control);
5800 link_id = control & IEEE80211_MLE_STA_RECONF_CONTROL_LINK_ID;
5802 removed_links |= BIT(link_id);
5804 /* the MAC address should not be included, but handle it */
5806 IEEE80211_MLE_STA_RECONF_CONTROL_STA_MAC_ADDR_PRESENT)
5809 /* According to Draft P802.11be_D3.0, the control should
5810 * include the AP Removal Timer present. If the AP Removal Timer
5811 * is not present assume immediate removal.
5814 IEEE80211_MLE_STA_RECONF_CONTROL_AP_REM_TIMER_PRESENT)
5815 link_removal_timeout[link_id] = le16_to_cpu(*(__le16 *)pos);
5818 removed_links &= sdata->vif.valid_links;
5819 if (!removed_links) {
5820 /* In case the removal was cancelled, abort it */
5821 if (sdata->u.mgd.removed_links) {
5822 sdata->u.mgd.removed_links = 0;
5823 wiphy_delayed_work_cancel(sdata->local->hw.wiphy,
5824 &sdata->u.mgd.ml_reconf_work);
5830 for_each_set_bit(link_id, &removed_links, IEEE80211_MLD_MAX_NUM_LINKS) {
5831 struct ieee80211_bss_conf *link_conf =
5832 sdata_dereference(sdata->vif.link_conf[link_id], sdata);
5836 removed_links &= ~BIT(link_id);
5840 link_delay = link_conf->beacon_int *
5841 link_removal_timeout[link_id];
5846 delay = min(delay, link_delay);
5849 sdata->u.mgd.removed_links = removed_links;
5850 wiphy_delayed_work_queue(sdata->local->hw.wiphy,
5851 &sdata->u.mgd.ml_reconf_work,
5852 TU_TO_JIFFIES(delay));
5855 static int ieee80211_ttlm_set_links(struct ieee80211_sub_if_data *sdata,
5856 u16 active_links, u16 dormant_links,
5857 u16 suspended_links)
5862 if (!active_links) {
5867 /* If there is an active negotiated TTLM, it should be discarded by
5868 * the new negotiated/advertised TTLM.
5870 if (sdata->vif.neg_ttlm.valid) {
5871 memset(&sdata->vif.neg_ttlm, 0, sizeof(sdata->vif.neg_ttlm));
5872 sdata->vif.suspended_links = 0;
5873 changed = BSS_CHANGED_MLD_TTLM;
5876 if (sdata->vif.active_links != active_links) {
5877 /* usable links are affected when active_links are changed,
5878 * so notify the driver about the status change
5880 changed |= BSS_CHANGED_MLD_VALID_LINKS;
5881 active_links &= sdata->vif.active_links;
5884 BIT(__ffs(sdata->vif.valid_links &
5886 ret = ieee80211_set_active_links(&sdata->vif, active_links);
5888 sdata_info(sdata, "Failed to set TTLM active links\n");
5893 ret = ieee80211_vif_set_links(sdata, sdata->vif.valid_links,
5896 sdata_info(sdata, "Failed to set TTLM dormant links\n");
5900 sdata->vif.suspended_links = suspended_links;
5901 if (sdata->vif.suspended_links)
5902 changed |= BSS_CHANGED_MLD_TTLM;
5904 ieee80211_vif_cfg_change_notify(sdata, changed);
5908 ieee80211_disconnect(&sdata->vif, false);
5913 static void ieee80211_tid_to_link_map_work(struct wiphy *wiphy,
5914 struct wiphy_work *work)
5916 u16 new_active_links, new_dormant_links;
5917 struct ieee80211_sub_if_data *sdata =
5918 container_of(work, struct ieee80211_sub_if_data,
5919 u.mgd.ttlm_work.work);
5921 new_active_links = sdata->u.mgd.ttlm_info.map &
5922 sdata->vif.valid_links;
5923 new_dormant_links = ~sdata->u.mgd.ttlm_info.map &
5924 sdata->vif.valid_links;
5926 ieee80211_vif_set_links(sdata, sdata->vif.valid_links, 0);
5927 if (ieee80211_ttlm_set_links(sdata, new_active_links, new_dormant_links,
5931 sdata->u.mgd.ttlm_info.active = true;
5932 sdata->u.mgd.ttlm_info.switch_time = 0;
5935 static u16 ieee80211_get_ttlm(u8 bm_size, u8 *data)
5940 return get_unaligned_le16(data);
5944 ieee80211_parse_adv_t2l(struct ieee80211_sub_if_data *sdata,
5945 const struct ieee80211_ttlm_elem *ttlm,
5946 struct ieee80211_adv_ttlm_info *ttlm_info)
5948 /* The element size was already validated in
5949 * ieee80211_tid_to_link_map_size_ok()
5951 u8 control, link_map_presence, map_size, tid;
5954 memset(ttlm_info, 0, sizeof(*ttlm_info));
5955 pos = (void *)ttlm->optional;
5956 control = ttlm->control;
5958 if ((control & IEEE80211_TTLM_CONTROL_DEF_LINK_MAP) ||
5959 !(control & IEEE80211_TTLM_CONTROL_SWITCH_TIME_PRESENT))
5962 if ((control & IEEE80211_TTLM_CONTROL_DIRECTION) !=
5963 IEEE80211_TTLM_DIRECTION_BOTH) {
5964 sdata_info(sdata, "Invalid advertised T2L map direction\n");
5968 link_map_presence = *pos;
5971 ttlm_info->switch_time = get_unaligned_le16(pos);
5973 /* Since ttlm_info->switch_time == 0 means no switch time, bump it
5976 if (!ttlm_info->switch_time)
5977 ttlm_info->switch_time = 1;
5981 if (control & IEEE80211_TTLM_CONTROL_EXPECTED_DUR_PRESENT) {
5982 ttlm_info->duration = pos[0] | pos[1] << 8 | pos[2] << 16;
5986 if (control & IEEE80211_TTLM_CONTROL_LINK_MAP_SIZE)
5991 /* According to Draft P802.11be_D3.0 clause 35.3.7.1.7, an AP MLD shall
5992 * not advertise a TID-to-link mapping that does not map all TIDs to the
5993 * same link set, reject frame if not all links have mapping
5995 if (link_map_presence != 0xff) {
5997 "Invalid advertised T2L mapping presence indicator\n");
6001 ttlm_info->map = ieee80211_get_ttlm(map_size, pos);
6002 if (!ttlm_info->map) {
6004 "Invalid advertised T2L map for TID 0\n");
6010 for (tid = 1; tid < 8; tid++) {
6011 u16 map = ieee80211_get_ttlm(map_size, pos);
6013 if (map != ttlm_info->map) {
6014 sdata_info(sdata, "Invalid advertised T2L map for tid %d\n",
6024 static void ieee80211_process_adv_ttlm(struct ieee80211_sub_if_data *sdata,
6025 struct ieee802_11_elems *elems,
6031 if (!ieee80211_vif_is_mld(&sdata->vif))
6034 if (!elems->ttlm_num) {
6035 if (sdata->u.mgd.ttlm_info.switch_time) {
6036 /* if a planned TID-to-link mapping was cancelled -
6039 wiphy_delayed_work_cancel(sdata->local->hw.wiphy,
6040 &sdata->u.mgd.ttlm_work);
6041 } else if (sdata->u.mgd.ttlm_info.active) {
6042 /* if no TID-to-link element, set to default mapping in
6043 * which all TIDs are mapped to all setup links
6045 ret = ieee80211_vif_set_links(sdata,
6046 sdata->vif.valid_links,
6049 sdata_info(sdata, "Failed setting valid/dormant links\n");
6052 ieee80211_vif_cfg_change_notify(sdata,
6053 BSS_CHANGED_MLD_VALID_LINKS);
6055 memset(&sdata->u.mgd.ttlm_info, 0,
6056 sizeof(sdata->u.mgd.ttlm_info));
6060 for (i = 0; i < elems->ttlm_num; i++) {
6061 struct ieee80211_adv_ttlm_info ttlm_info;
6064 res = ieee80211_parse_adv_t2l(sdata, elems->ttlm[i],
6068 __ieee80211_disconnect(sdata);
6072 if (ttlm_info.switch_time) {
6073 u16 beacon_ts_tu, st_tu, delay;
6077 /* The t2l map switch time is indicated with a partial
6078 * TSF value (bits 10 to 25), get the partial beacon TS
6079 * as well, and calc the delay to the start time.
6081 mask = GENMASK_ULL(25, 10);
6082 beacon_ts_tu = (beacon_ts & mask) >> 10;
6083 st_tu = ttlm_info.switch_time;
6084 delay = st_tu - beacon_ts_tu;
6087 * If the switch time is far in the future, then it
6088 * could also be the previous switch still being
6090 * We can simply ignore it for now, if it is a future
6091 * switch the AP will continue to announce it anyway.
6093 if (delay > IEEE80211_ADV_TTLM_ST_UNDERFLOW)
6096 delay_jiffies = TU_TO_JIFFIES(delay);
6098 /* Link switching can take time, so schedule it
6099 * 100ms before to be ready on time
6101 if (delay_jiffies > IEEE80211_ADV_TTLM_SAFETY_BUFFER_MS)
6103 IEEE80211_ADV_TTLM_SAFETY_BUFFER_MS;
6107 sdata->u.mgd.ttlm_info = ttlm_info;
6108 wiphy_delayed_work_cancel(sdata->local->hw.wiphy,
6109 &sdata->u.mgd.ttlm_work);
6110 wiphy_delayed_work_queue(sdata->local->hw.wiphy,
6111 &sdata->u.mgd.ttlm_work,
6118 static void ieee80211_rx_mgmt_beacon(struct ieee80211_link_data *link,
6119 struct ieee80211_hdr *hdr, size_t len,
6120 struct ieee80211_rx_status *rx_status)
6122 struct ieee80211_sub_if_data *sdata = link->sdata;
6123 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
6124 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
6125 struct ieee80211_vif_cfg *vif_cfg = &sdata->vif.cfg;
6126 struct ieee80211_mgmt *mgmt = (void *) hdr;
6128 struct ieee802_11_elems *elems;
6129 struct ieee80211_local *local = sdata->local;
6130 struct ieee80211_chanctx_conf *chanctx_conf;
6131 struct ieee80211_supported_band *sband;
6132 struct ieee80211_channel *chan;
6133 struct link_sta_info *link_sta;
6134 struct sta_info *sta;
6139 u8 *bssid, *variable = mgmt->u.beacon.variable;
6140 u8 deauth_buf[IEEE80211_DEAUTH_FRAME_LEN];
6141 struct ieee80211_elems_parse_params parse_params = {
6142 .mode = link->u.mgd.conn.mode,
6147 lockdep_assert_wiphy(local->hw.wiphy);
6149 /* Process beacon from the current BSS */
6150 bssid = ieee80211_get_bssid(hdr, len, sdata->vif.type);
6151 if (ieee80211_is_s1g_beacon(mgmt->frame_control)) {
6152 struct ieee80211_ext *ext = (void *) mgmt;
6154 if (ieee80211_is_s1g_short_beacon(ext->frame_control))
6155 variable = ext->u.s1g_short_beacon.variable;
6157 variable = ext->u.s1g_beacon.variable;
6160 baselen = (u8 *) variable - (u8 *) mgmt;
6164 parse_params.start = variable;
6165 parse_params.len = len - baselen;
6168 chanctx_conf = rcu_dereference(link->conf->chanctx_conf);
6169 if (!chanctx_conf) {
6174 if (ieee80211_rx_status_to_khz(rx_status) !=
6175 ieee80211_channel_to_khz(chanctx_conf->def.chan)) {
6179 chan = chanctx_conf->def.chan;
6182 if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon &&
6183 !WARN_ON(ieee80211_vif_is_mld(&sdata->vif)) &&
6184 ieee80211_rx_our_beacon(bssid, ifmgd->assoc_data->link[0].bss)) {
6185 parse_params.bss = ifmgd->assoc_data->link[0].bss;
6186 elems = ieee802_11_parse_elems_full(&parse_params);
6190 ieee80211_rx_bss_info(link, mgmt, len, rx_status);
6192 if (elems->dtim_period)
6193 link->u.mgd.dtim_period = elems->dtim_period;
6194 link->u.mgd.have_beacon = true;
6195 ifmgd->assoc_data->need_beacon = false;
6196 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY)) {
6197 link->conf->sync_tsf =
6198 le64_to_cpu(mgmt->u.beacon.timestamp);
6199 link->conf->sync_device_ts =
6200 rx_status->device_timestamp;
6201 link->conf->sync_dtim_count = elems->dtim_count;
6204 if (elems->mbssid_config_ie)
6205 bss_conf->profile_periodicity =
6206 elems->mbssid_config_ie->profile_periodicity;
6208 bss_conf->profile_periodicity = 0;
6210 if (elems->ext_capab_len >= 11 &&
6211 (elems->ext_capab[10] & WLAN_EXT_CAPA11_EMA_SUPPORT))
6212 bss_conf->ema_ap = true;
6214 bss_conf->ema_ap = false;
6216 /* continue assoc process */
6217 ifmgd->assoc_data->timeout = jiffies;
6218 ifmgd->assoc_data->timeout_started = true;
6219 run_again(sdata, ifmgd->assoc_data->timeout);
6224 if (!ifmgd->associated ||
6225 !ieee80211_rx_our_beacon(bssid, link->conf->bss))
6227 bssid = link->u.mgd.bssid;
6229 if (!(rx_status->flag & RX_FLAG_NO_SIGNAL_VAL))
6230 ieee80211_handle_beacon_sig(link, ifmgd, bss_conf,
6233 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) {
6234 mlme_dbg_ratelimited(sdata,
6235 "cancelling AP probe due to a received beacon\n");
6236 ieee80211_reset_ap_probe(sdata);
6240 * Push the beacon loss detection into the future since
6241 * we are processing a beacon from the AP just now.
6243 ieee80211_sta_reset_beacon_monitor(sdata);
6245 /* TODO: CRC urrently not calculated on S1G Beacon Compatibility
6246 * element (which carries the beacon interval). Don't forget to add a
6247 * bit to care_about_ies[] above if mac80211 is interested in a
6248 * changing S1G element.
6250 if (!ieee80211_is_s1g_beacon(hdr->frame_control))
6251 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4);
6252 parse_params.bss = link->conf->bss;
6253 parse_params.filter = care_about_ies;
6254 parse_params.crc = ncrc;
6255 elems = ieee802_11_parse_elems_full(&parse_params);
6260 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) &&
6261 ieee80211_check_tim(elems->tim, elems->tim_len, vif_cfg->aid)) {
6262 if (local->hw.conf.dynamic_ps_timeout > 0) {
6263 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
6264 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
6265 ieee80211_hw_config(local,
6266 IEEE80211_CONF_CHANGE_PS);
6268 ieee80211_send_nullfunc(local, sdata, false);
6269 } else if (!local->pspolling && sdata->u.mgd.powersave) {
6270 local->pspolling = true;
6273 * Here is assumed that the driver will be
6274 * able to send ps-poll frame and receive a
6275 * response even though power save mode is
6276 * enabled, but some drivers might require
6277 * to disable power save here. This needs
6278 * to be investigated.
6280 ieee80211_send_pspoll(local, sdata);
6284 if (sdata->vif.p2p ||
6285 sdata->vif.driver_flags & IEEE80211_VIF_GET_NOA_UPDATE) {
6286 struct ieee80211_p2p_noa_attr noa = {};
6289 ret = cfg80211_get_p2p_attr(variable,
6291 IEEE80211_P2P_ATTR_ABSENCE_NOTICE,
6292 (u8 *) &noa, sizeof(noa));
6294 if (link->u.mgd.p2p_noa_index != noa.index) {
6295 /* valid noa_attr and index changed */
6296 link->u.mgd.p2p_noa_index = noa.index;
6297 memcpy(&bss_conf->p2p_noa_attr, &noa, sizeof(noa));
6298 changed |= BSS_CHANGED_P2P_PS;
6300 * make sure we update all information, the CRC
6301 * mechanism doesn't look at P2P attributes.
6303 link->u.mgd.beacon_crc_valid = false;
6305 } else if (link->u.mgd.p2p_noa_index != -1) {
6306 /* noa_attr not found and we had valid noa_attr before */
6307 link->u.mgd.p2p_noa_index = -1;
6308 memset(&bss_conf->p2p_noa_attr, 0, sizeof(bss_conf->p2p_noa_attr));
6309 changed |= BSS_CHANGED_P2P_PS;
6310 link->u.mgd.beacon_crc_valid = false;
6315 * Update beacon timing and dtim count on every beacon appearance. This
6316 * will allow the driver to use the most updated values. Do it before
6317 * comparing this one with last received beacon.
6318 * IMPORTANT: These parameters would possibly be out of sync by the time
6319 * the driver will use them. The synchronized view is currently
6320 * guaranteed only in certain callbacks.
6322 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY) &&
6323 !ieee80211_is_s1g_beacon(hdr->frame_control)) {
6324 link->conf->sync_tsf =
6325 le64_to_cpu(mgmt->u.beacon.timestamp);
6326 link->conf->sync_device_ts =
6327 rx_status->device_timestamp;
6328 link->conf->sync_dtim_count = elems->dtim_count;
6331 if ((ncrc == link->u.mgd.beacon_crc && link->u.mgd.beacon_crc_valid) ||
6332 ieee80211_is_s1g_short_beacon(mgmt->frame_control))
6334 link->u.mgd.beacon_crc = ncrc;
6335 link->u.mgd.beacon_crc_valid = true;
6337 ieee80211_rx_bss_info(link, mgmt, len, rx_status);
6339 ieee80211_sta_process_chanswitch(link, rx_status->mactime,
6340 rx_status->device_timestamp,
6343 if (!link->u.mgd.disable_wmm_tracking &&
6344 ieee80211_sta_wmm_params(local, link, elems->wmm_param,
6345 elems->wmm_param_len,
6346 elems->mu_edca_param_set))
6347 changed |= BSS_CHANGED_QOS;
6350 * If we haven't had a beacon before, tell the driver about the
6351 * DTIM period (and beacon timing if desired) now.
6353 if (!link->u.mgd.have_beacon) {
6354 /* a few bogus AP send dtim_period = 0 or no TIM IE */
6355 bss_conf->dtim_period = elems->dtim_period ?: 1;
6357 changed |= BSS_CHANGED_BEACON_INFO;
6358 link->u.mgd.have_beacon = true;
6360 ieee80211_recalc_ps(local);
6362 ieee80211_recalc_ps_vif(sdata);
6365 if (elems->erp_info) {
6367 erp_value = elems->erp_info[0];
6372 if (!ieee80211_is_s1g_beacon(hdr->frame_control))
6373 changed |= ieee80211_handle_bss_capability(link,
6374 le16_to_cpu(mgmt->u.beacon.capab_info),
6375 erp_valid, erp_value);
6377 sta = sta_info_get(sdata, sdata->vif.cfg.ap_addr);
6378 if (WARN_ON(!sta)) {
6381 link_sta = rcu_dereference_protected(sta->link[link->link_id],
6382 lockdep_is_held(&local->hw.wiphy->mtx));
6383 if (WARN_ON(!link_sta)) {
6387 if (WARN_ON(!link->conf->chanreq.oper.chan))
6390 sband = local->hw.wiphy->bands[link->conf->chanreq.oper.chan->band];
6392 changed |= ieee80211_recalc_twt_req(sdata, sband, link, link_sta, elems);
6394 if (ieee80211_config_bw(link, elems, true, &changed)) {
6395 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
6396 WLAN_REASON_DEAUTH_LEAVING,
6398 ieee80211_report_disconnect(sdata, deauth_buf,
6399 sizeof(deauth_buf), true,
6400 WLAN_REASON_DEAUTH_LEAVING,
6405 if (elems->opmode_notif)
6406 ieee80211_vht_handle_opmode(sdata, link_sta,
6407 *elems->opmode_notif,
6410 changed |= ieee80211_handle_pwr_constr(link, chan, mgmt,
6411 elems->country_elem,
6412 elems->country_elem_len,
6413 elems->pwr_constr_elem,
6414 elems->cisco_dtpc_elem);
6416 ieee80211_ml_reconfiguration(sdata, elems);
6417 ieee80211_process_adv_ttlm(sdata, elems,
6418 le64_to_cpu(mgmt->u.beacon.timestamp));
6420 ieee80211_link_info_change_notify(sdata, link, changed);
6425 static void ieee80211_apply_neg_ttlm(struct ieee80211_sub_if_data *sdata,
6426 struct ieee80211_neg_ttlm neg_ttlm)
6428 u16 new_active_links, new_dormant_links, new_suspended_links, map = 0;
6431 for (i = 0; i < IEEE80211_TTLM_NUM_TIDS; i++)
6432 map |= neg_ttlm.downlink[i] | neg_ttlm.uplink[i];
6434 /* If there is an active TTLM, unset previously suspended links */
6435 if (sdata->vif.neg_ttlm.valid)
6436 sdata->vif.dormant_links &= ~sdata->vif.suspended_links;
6438 /* exclude links that are already disabled by advertised TTLM */
6440 map & sdata->vif.valid_links & ~sdata->vif.dormant_links;
6441 new_suspended_links =
6442 (~map & sdata->vif.valid_links) & ~sdata->vif.dormant_links;
6443 new_dormant_links = sdata->vif.dormant_links | new_suspended_links;
6444 if (ieee80211_ttlm_set_links(sdata, new_active_links,
6445 new_dormant_links, new_suspended_links))
6448 sdata->vif.neg_ttlm = neg_ttlm;
6449 sdata->vif.neg_ttlm.valid = true;
6452 static void ieee80211_neg_ttlm_timeout_work(struct wiphy *wiphy,
6453 struct wiphy_work *work)
6455 struct ieee80211_sub_if_data *sdata =
6456 container_of(work, struct ieee80211_sub_if_data,
6457 u.mgd.neg_ttlm_timeout_work.work);
6460 "No negotiated TTLM response from AP, disconnecting.\n");
6462 __ieee80211_disconnect(sdata);
6466 ieee80211_neg_ttlm_add_suggested_map(struct sk_buff *skb,
6467 struct ieee80211_neg_ttlm *neg_ttlm)
6469 u8 i, direction[IEEE80211_TTLM_MAX_CNT];
6471 if (memcmp(neg_ttlm->downlink, neg_ttlm->uplink,
6472 sizeof(neg_ttlm->downlink))) {
6473 direction[0] = IEEE80211_TTLM_DIRECTION_DOWN;
6474 direction[1] = IEEE80211_TTLM_DIRECTION_UP;
6476 direction[0] = IEEE80211_TTLM_DIRECTION_BOTH;
6479 for (i = 0; i < ARRAY_SIZE(direction); i++) {
6480 u8 tid, len, map_ind = 0, *len_pos, *map_ind_pos, *pos;
6483 len = sizeof(struct ieee80211_ttlm_elem) + 1 + 1;
6485 pos = skb_put(skb, len + 2);
6486 *pos++ = WLAN_EID_EXTENSION;
6488 *pos++ = WLAN_EID_EXT_TID_TO_LINK_MAPPING;
6489 *pos++ = direction[i];
6490 map_ind_pos = pos++;
6491 for (tid = 0; tid < IEEE80211_TTLM_NUM_TIDS; tid++) {
6492 map = direction[i] == IEEE80211_TTLM_DIRECTION_UP ?
6493 cpu_to_le16(neg_ttlm->uplink[tid]) :
6494 cpu_to_le16(neg_ttlm->downlink[tid]);
6499 map_ind |= BIT(tid);
6500 skb_put_data(skb, &map, sizeof(map));
6503 *map_ind_pos = map_ind;
6506 if (direction[i] == IEEE80211_TTLM_DIRECTION_BOTH)
6512 ieee80211_send_neg_ttlm_req(struct ieee80211_sub_if_data *sdata,
6513 struct ieee80211_neg_ttlm *neg_ttlm,
6516 struct ieee80211_local *local = sdata->local;
6517 struct ieee80211_mgmt *mgmt;
6518 struct sk_buff *skb;
6519 int hdr_len = offsetofend(struct ieee80211_mgmt, u.action.u.ttlm_req);
6520 int ttlm_max_len = 2 + 1 + sizeof(struct ieee80211_ttlm_elem) + 1 +
6521 2 * 2 * IEEE80211_TTLM_NUM_TIDS;
6523 skb = dev_alloc_skb(local->tx_headroom + hdr_len + ttlm_max_len);
6527 skb_reserve(skb, local->tx_headroom);
6528 mgmt = skb_put_zero(skb, hdr_len);
6529 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
6530 IEEE80211_STYPE_ACTION);
6531 memcpy(mgmt->da, sdata->vif.cfg.ap_addr, ETH_ALEN);
6532 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
6533 memcpy(mgmt->bssid, sdata->vif.cfg.ap_addr, ETH_ALEN);
6535 mgmt->u.action.category = WLAN_CATEGORY_PROTECTED_EHT;
6536 mgmt->u.action.u.ttlm_req.action_code =
6537 WLAN_PROTECTED_EHT_ACTION_TTLM_REQ;
6538 mgmt->u.action.u.ttlm_req.dialog_token = dialog_token;
6539 ieee80211_neg_ttlm_add_suggested_map(skb, neg_ttlm);
6540 ieee80211_tx_skb(sdata, skb);
6543 int ieee80211_req_neg_ttlm(struct ieee80211_sub_if_data *sdata,
6544 struct cfg80211_ttlm_params *params)
6546 struct ieee80211_neg_ttlm neg_ttlm = {};
6549 if (!ieee80211_vif_is_mld(&sdata->vif) ||
6550 !(sdata->vif.cfg.mld_capa_op &
6551 IEEE80211_MLD_CAP_OP_TID_TO_LINK_MAP_NEG_SUPP))
6554 for (i = 0; i < IEEE80211_TTLM_NUM_TIDS; i++) {
6555 if ((params->dlink[i] & ~sdata->vif.valid_links) ||
6556 (params->ulink[i] & ~sdata->vif.valid_links))
6559 neg_ttlm.downlink[i] = params->dlink[i];
6560 neg_ttlm.uplink[i] = params->ulink[i];
6563 if (drv_can_neg_ttlm(sdata->local, sdata, &neg_ttlm) !=
6564 NEG_TTLM_RES_ACCEPT)
6567 ieee80211_apply_neg_ttlm(sdata, neg_ttlm);
6568 sdata->u.mgd.dialog_token_alloc++;
6569 ieee80211_send_neg_ttlm_req(sdata, &sdata->vif.neg_ttlm,
6570 sdata->u.mgd.dialog_token_alloc);
6571 wiphy_delayed_work_cancel(sdata->local->hw.wiphy,
6572 &sdata->u.mgd.neg_ttlm_timeout_work);
6573 wiphy_delayed_work_queue(sdata->local->hw.wiphy,
6574 &sdata->u.mgd.neg_ttlm_timeout_work,
6575 IEEE80211_NEG_TTLM_REQ_TIMEOUT);
6580 ieee80211_send_neg_ttlm_res(struct ieee80211_sub_if_data *sdata,
6581 enum ieee80211_neg_ttlm_res ttlm_res,
6583 struct ieee80211_neg_ttlm *neg_ttlm)
6585 struct ieee80211_local *local = sdata->local;
6586 struct ieee80211_mgmt *mgmt;
6587 struct sk_buff *skb;
6588 int hdr_len = offsetofend(struct ieee80211_mgmt, u.action.u.ttlm_res);
6589 int ttlm_max_len = 2 + 1 + sizeof(struct ieee80211_ttlm_elem) + 1 +
6590 2 * 2 * IEEE80211_TTLM_NUM_TIDS;
6592 skb = dev_alloc_skb(local->tx_headroom + hdr_len + ttlm_max_len);
6596 skb_reserve(skb, local->tx_headroom);
6597 mgmt = skb_put_zero(skb, hdr_len);
6598 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
6599 IEEE80211_STYPE_ACTION);
6600 memcpy(mgmt->da, sdata->vif.cfg.ap_addr, ETH_ALEN);
6601 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
6602 memcpy(mgmt->bssid, sdata->vif.cfg.ap_addr, ETH_ALEN);
6604 mgmt->u.action.category = WLAN_CATEGORY_PROTECTED_EHT;
6605 mgmt->u.action.u.ttlm_res.action_code =
6606 WLAN_PROTECTED_EHT_ACTION_TTLM_RES;
6607 mgmt->u.action.u.ttlm_res.dialog_token = dialog_token;
6612 case NEG_TTLM_RES_REJECT:
6613 mgmt->u.action.u.ttlm_res.status_code =
6614 WLAN_STATUS_DENIED_TID_TO_LINK_MAPPING;
6616 case NEG_TTLM_RES_ACCEPT:
6617 mgmt->u.action.u.ttlm_res.status_code = WLAN_STATUS_SUCCESS;
6619 case NEG_TTLM_RES_SUGGEST_PREFERRED:
6620 mgmt->u.action.u.ttlm_res.status_code =
6621 WLAN_STATUS_PREF_TID_TO_LINK_MAPPING_SUGGESTED;
6622 ieee80211_neg_ttlm_add_suggested_map(skb, neg_ttlm);
6626 ieee80211_tx_skb(sdata, skb);
6630 ieee80211_parse_neg_ttlm(struct ieee80211_sub_if_data *sdata,
6631 const struct ieee80211_ttlm_elem *ttlm,
6632 struct ieee80211_neg_ttlm *neg_ttlm,
6635 u8 control, link_map_presence, map_size, tid;
6638 /* The element size was already validated in
6639 * ieee80211_tid_to_link_map_size_ok()
6641 pos = (void *)ttlm->optional;
6643 control = ttlm->control;
6645 /* mapping switch time and expected duration fields are not expected
6646 * in case of negotiated TTLM
6648 if (control & (IEEE80211_TTLM_CONTROL_SWITCH_TIME_PRESENT |
6649 IEEE80211_TTLM_CONTROL_EXPECTED_DUR_PRESENT)) {
6651 "Invalid TTLM element in negotiated TTLM request\n");
6655 if (control & IEEE80211_TTLM_CONTROL_DEF_LINK_MAP) {
6656 for (tid = 0; tid < IEEE80211_TTLM_NUM_TIDS; tid++) {
6657 neg_ttlm->downlink[tid] = sdata->vif.valid_links;
6658 neg_ttlm->uplink[tid] = sdata->vif.valid_links;
6660 *direction = IEEE80211_TTLM_DIRECTION_BOTH;
6664 *direction = u8_get_bits(control, IEEE80211_TTLM_CONTROL_DIRECTION);
6665 if (*direction != IEEE80211_TTLM_DIRECTION_DOWN &&
6666 *direction != IEEE80211_TTLM_DIRECTION_UP &&
6667 *direction != IEEE80211_TTLM_DIRECTION_BOTH)
6670 link_map_presence = *pos;
6673 if (control & IEEE80211_TTLM_CONTROL_LINK_MAP_SIZE)
6678 for (tid = 0; tid < IEEE80211_TTLM_NUM_TIDS; tid++) {
6681 if (link_map_presence & BIT(tid)) {
6682 map = ieee80211_get_ttlm(map_size, pos);
6685 "No active links for TID %d", tid);
6692 switch (*direction) {
6693 case IEEE80211_TTLM_DIRECTION_BOTH:
6694 neg_ttlm->downlink[tid] = map;
6695 neg_ttlm->uplink[tid] = map;
6697 case IEEE80211_TTLM_DIRECTION_DOWN:
6698 neg_ttlm->downlink[tid] = map;
6700 case IEEE80211_TTLM_DIRECTION_UP:
6701 neg_ttlm->uplink[tid] = map;
6711 void ieee80211_process_neg_ttlm_req(struct ieee80211_sub_if_data *sdata,
6712 struct ieee80211_mgmt *mgmt, size_t len)
6714 u8 dialog_token, direction[IEEE80211_TTLM_MAX_CNT] = {}, i;
6716 enum ieee80211_neg_ttlm_res ttlm_res = NEG_TTLM_RES_ACCEPT;
6717 struct ieee802_11_elems *elems = NULL;
6718 struct ieee80211_neg_ttlm neg_ttlm = {};
6720 BUILD_BUG_ON(ARRAY_SIZE(direction) != ARRAY_SIZE(elems->ttlm));
6722 if (!ieee80211_vif_is_mld(&sdata->vif))
6725 dialog_token = mgmt->u.action.u.ttlm_req.dialog_token;
6726 ies_len = len - offsetof(struct ieee80211_mgmt,
6727 u.action.u.ttlm_req.variable);
6728 elems = ieee802_11_parse_elems(mgmt->u.action.u.ttlm_req.variable,
6729 ies_len, true, NULL);
6731 ttlm_res = NEG_TTLM_RES_REJECT;
6735 for (i = 0; i < elems->ttlm_num; i++) {
6736 if (ieee80211_parse_neg_ttlm(sdata, elems->ttlm[i],
6737 &neg_ttlm, &direction[i]) ||
6738 (direction[i] == IEEE80211_TTLM_DIRECTION_BOTH &&
6739 elems->ttlm_num != 1)) {
6740 ttlm_res = NEG_TTLM_RES_REJECT;
6745 if (!elems->ttlm_num ||
6746 (elems->ttlm_num == 2 && direction[0] == direction[1])) {
6747 ttlm_res = NEG_TTLM_RES_REJECT;
6751 for (i = 0; i < IEEE80211_TTLM_NUM_TIDS; i++) {
6752 if ((neg_ttlm.downlink[i] &&
6753 (neg_ttlm.downlink[i] & ~sdata->vif.valid_links)) ||
6754 (neg_ttlm.uplink[i] &&
6755 (neg_ttlm.uplink[i] & ~sdata->vif.valid_links))) {
6756 ttlm_res = NEG_TTLM_RES_REJECT;
6761 ttlm_res = drv_can_neg_ttlm(sdata->local, sdata, &neg_ttlm);
6763 if (ttlm_res != NEG_TTLM_RES_ACCEPT)
6766 ieee80211_apply_neg_ttlm(sdata, neg_ttlm);
6769 ieee80211_send_neg_ttlm_res(sdata, ttlm_res, dialog_token, &neg_ttlm);
6772 void ieee80211_process_neg_ttlm_res(struct ieee80211_sub_if_data *sdata,
6773 struct ieee80211_mgmt *mgmt, size_t len)
6775 if (!ieee80211_vif_is_mld(&sdata->vif) ||
6776 mgmt->u.action.u.ttlm_req.dialog_token !=
6777 sdata->u.mgd.dialog_token_alloc)
6780 wiphy_delayed_work_cancel(sdata->local->hw.wiphy,
6781 &sdata->u.mgd.neg_ttlm_timeout_work);
6783 /* MLD station sends a TID to link mapping request, mainly to handle
6784 * BTM (BSS transition management) request, in which case it needs to
6785 * restrict the active links set.
6786 * In this case it's not expected that the MLD AP will reject the
6787 * negotiated TTLM request.
6788 * This can be better implemented in the future, to handle request
6791 if (mgmt->u.action.u.ttlm_res.status_code != WLAN_STATUS_SUCCESS)
6792 __ieee80211_disconnect(sdata);
6795 void ieee80211_sta_rx_queued_ext(struct ieee80211_sub_if_data *sdata,
6796 struct sk_buff *skb)
6798 struct ieee80211_link_data *link = &sdata->deflink;
6799 struct ieee80211_rx_status *rx_status;
6800 struct ieee80211_hdr *hdr;
6803 lockdep_assert_wiphy(sdata->local->hw.wiphy);
6805 rx_status = (struct ieee80211_rx_status *) skb->cb;
6806 hdr = (struct ieee80211_hdr *) skb->data;
6807 fc = le16_to_cpu(hdr->frame_control);
6809 switch (fc & IEEE80211_FCTL_STYPE) {
6810 case IEEE80211_STYPE_S1G_BEACON:
6811 ieee80211_rx_mgmt_beacon(link, hdr, skb->len, rx_status);
6816 void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
6817 struct sk_buff *skb)
6819 struct ieee80211_link_data *link = &sdata->deflink;
6820 struct ieee80211_rx_status *rx_status;
6821 struct ieee80211_mgmt *mgmt;
6825 lockdep_assert_wiphy(sdata->local->hw.wiphy);
6827 rx_status = (struct ieee80211_rx_status *) skb->cb;
6828 mgmt = (struct ieee80211_mgmt *) skb->data;
6829 fc = le16_to_cpu(mgmt->frame_control);
6831 if (rx_status->link_valid) {
6832 link = sdata_dereference(sdata->link[rx_status->link_id],
6838 switch (fc & IEEE80211_FCTL_STYPE) {
6839 case IEEE80211_STYPE_BEACON:
6840 ieee80211_rx_mgmt_beacon(link, (void *)mgmt,
6841 skb->len, rx_status);
6843 case IEEE80211_STYPE_PROBE_RESP:
6844 ieee80211_rx_mgmt_probe_resp(link, skb);
6846 case IEEE80211_STYPE_AUTH:
6847 ieee80211_rx_mgmt_auth(sdata, mgmt, skb->len);
6849 case IEEE80211_STYPE_DEAUTH:
6850 ieee80211_rx_mgmt_deauth(sdata, mgmt, skb->len);
6852 case IEEE80211_STYPE_DISASSOC:
6853 ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len);
6855 case IEEE80211_STYPE_ASSOC_RESP:
6856 case IEEE80211_STYPE_REASSOC_RESP:
6857 ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len);
6859 case IEEE80211_STYPE_ACTION:
6860 if (!sdata->u.mgd.associated ||
6861 !ether_addr_equal(mgmt->bssid, sdata->vif.cfg.ap_addr))
6864 if (mgmt->u.action.category == WLAN_CATEGORY_SPECTRUM_MGMT) {
6865 struct ieee802_11_elems *elems;
6867 ies_len = skb->len -
6868 offsetof(struct ieee80211_mgmt,
6869 u.action.u.chan_switch.variable);
6874 /* CSA IE cannot be overridden, no need for BSSID */
6875 elems = ieee802_11_parse_elems(
6876 mgmt->u.action.u.chan_switch.variable,
6877 ies_len, true, NULL);
6879 if (elems && !elems->parse_error)
6880 ieee80211_sta_process_chanswitch(link,
6882 rx_status->device_timestamp,
6885 } else if (mgmt->u.action.category == WLAN_CATEGORY_PUBLIC) {
6886 struct ieee802_11_elems *elems;
6888 ies_len = skb->len -
6889 offsetof(struct ieee80211_mgmt,
6890 u.action.u.ext_chan_switch.variable);
6896 * extended CSA IE can't be overridden, no need for
6899 elems = ieee802_11_parse_elems(
6900 mgmt->u.action.u.ext_chan_switch.variable,
6901 ies_len, true, NULL);
6903 if (elems && !elems->parse_error) {
6904 /* for the handling code pretend it was an IE */
6905 elems->ext_chansw_ie =
6906 &mgmt->u.action.u.ext_chan_switch.data;
6908 ieee80211_sta_process_chanswitch(link,
6910 rx_status->device_timestamp,
6920 static void ieee80211_sta_timer(struct timer_list *t)
6922 struct ieee80211_sub_if_data *sdata =
6923 from_timer(sdata, t, u.mgd.timer);
6925 wiphy_work_queue(sdata->local->hw.wiphy, &sdata->work);
6928 void ieee80211_sta_connection_lost(struct ieee80211_sub_if_data *sdata,
6931 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
6933 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, reason,
6936 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true,
6940 static int ieee80211_auth(struct ieee80211_sub_if_data *sdata)
6942 struct ieee80211_local *local = sdata->local;
6943 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
6944 struct ieee80211_mgd_auth_data *auth_data = ifmgd->auth_data;
6948 struct ieee80211_prep_tx_info info = {
6949 .subtype = IEEE80211_STYPE_AUTH,
6952 lockdep_assert_wiphy(sdata->local->hw.wiphy);
6954 if (WARN_ON_ONCE(!auth_data))
6959 if (auth_data->tries > IEEE80211_AUTH_MAX_TRIES) {
6960 sdata_info(sdata, "authentication with %pM timed out\n",
6961 auth_data->ap_addr);
6964 * Most likely AP is not in the range so remove the
6965 * bss struct for that AP.
6967 cfg80211_unlink_bss(local->hw.wiphy, auth_data->bss);
6972 if (auth_data->algorithm == WLAN_AUTH_SAE)
6973 info.duration = jiffies_to_msecs(IEEE80211_AUTH_TIMEOUT_SAE);
6975 info.link_id = auth_data->link_id;
6976 drv_mgd_prepare_tx(local, sdata, &info);
6978 sdata_info(sdata, "send auth to %pM (try %d/%d)\n",
6979 auth_data->ap_addr, auth_data->tries,
6980 IEEE80211_AUTH_MAX_TRIES);
6982 auth_data->expected_transaction = 2;
6984 if (auth_data->algorithm == WLAN_AUTH_SAE) {
6985 trans = auth_data->sae_trans;
6986 status = auth_data->sae_status;
6987 auth_data->expected_transaction = trans;
6990 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
6991 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
6992 IEEE80211_TX_INTFL_MLME_CONN_TX;
6994 ieee80211_send_auth(sdata, trans, auth_data->algorithm, status,
6995 auth_data->data, auth_data->data_len,
6996 auth_data->ap_addr, auth_data->ap_addr,
6997 NULL, 0, 0, tx_flags);
6999 if (tx_flags == 0) {
7000 if (auth_data->algorithm == WLAN_AUTH_SAE)
7001 auth_data->timeout = jiffies +
7002 IEEE80211_AUTH_TIMEOUT_SAE;
7004 auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
7006 auth_data->timeout =
7007 round_jiffies_up(jiffies + IEEE80211_AUTH_TIMEOUT_LONG);
7010 auth_data->timeout_started = true;
7011 run_again(sdata, auth_data->timeout);
7016 static int ieee80211_do_assoc(struct ieee80211_sub_if_data *sdata)
7018 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data;
7019 struct ieee80211_local *local = sdata->local;
7022 lockdep_assert_wiphy(sdata->local->hw.wiphy);
7024 assoc_data->tries++;
7025 if (assoc_data->tries > IEEE80211_ASSOC_MAX_TRIES) {
7026 sdata_info(sdata, "association with %pM timed out\n",
7027 assoc_data->ap_addr);
7030 * Most likely AP is not in the range so remove the
7031 * bss struct for that AP.
7033 cfg80211_unlink_bss(local->hw.wiphy,
7034 assoc_data->link[assoc_data->assoc_link_id].bss);
7039 sdata_info(sdata, "associate with %pM (try %d/%d)\n",
7040 assoc_data->ap_addr, assoc_data->tries,
7041 IEEE80211_ASSOC_MAX_TRIES);
7042 ret = ieee80211_send_assoc(sdata);
7046 if (!ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) {
7047 assoc_data->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT;
7048 assoc_data->timeout_started = true;
7049 run_again(sdata, assoc_data->timeout);
7051 assoc_data->timeout =
7052 round_jiffies_up(jiffies +
7053 IEEE80211_ASSOC_TIMEOUT_LONG);
7054 assoc_data->timeout_started = true;
7055 run_again(sdata, assoc_data->timeout);
7061 void ieee80211_mgd_conn_tx_status(struct ieee80211_sub_if_data *sdata,
7062 __le16 fc, bool acked)
7064 struct ieee80211_local *local = sdata->local;
7066 sdata->u.mgd.status_fc = fc;
7067 sdata->u.mgd.status_acked = acked;
7068 sdata->u.mgd.status_received = true;
7070 wiphy_work_queue(local->hw.wiphy, &sdata->work);
7073 void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata)
7075 struct ieee80211_local *local = sdata->local;
7076 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
7078 lockdep_assert_wiphy(sdata->local->hw.wiphy);
7080 if (ifmgd->status_received) {
7081 __le16 fc = ifmgd->status_fc;
7082 bool status_acked = ifmgd->status_acked;
7084 ifmgd->status_received = false;
7085 if (ifmgd->auth_data && ieee80211_is_auth(fc)) {
7087 if (ifmgd->auth_data->algorithm ==
7089 ifmgd->auth_data->timeout =
7091 IEEE80211_AUTH_TIMEOUT_SAE;
7093 ifmgd->auth_data->timeout =
7095 IEEE80211_AUTH_TIMEOUT_SHORT;
7096 run_again(sdata, ifmgd->auth_data->timeout);
7098 ifmgd->auth_data->timeout = jiffies - 1;
7100 ifmgd->auth_data->timeout_started = true;
7101 } else if (ifmgd->assoc_data &&
7102 !ifmgd->assoc_data->comeback &&
7103 (ieee80211_is_assoc_req(fc) ||
7104 ieee80211_is_reassoc_req(fc))) {
7106 * Update association timeout based on the TX status
7107 * for the (Re)Association Request frame. Skip this if
7108 * we have already processed a (Re)Association Response
7109 * frame that indicated need for association comeback
7110 * at a specific time in the future. This could happen
7111 * if the TX status information is delayed enough for
7112 * the response to be received and processed first.
7115 ifmgd->assoc_data->timeout =
7116 jiffies + IEEE80211_ASSOC_TIMEOUT_SHORT;
7117 run_again(sdata, ifmgd->assoc_data->timeout);
7119 ifmgd->assoc_data->timeout = jiffies - 1;
7121 ifmgd->assoc_data->timeout_started = true;
7125 if (ifmgd->auth_data && ifmgd->auth_data->timeout_started &&
7126 time_after(jiffies, ifmgd->auth_data->timeout)) {
7127 if (ifmgd->auth_data->done || ifmgd->auth_data->waiting) {
7129 * ok ... we waited for assoc or continuation but
7130 * userspace didn't do it, so kill the auth data
7132 ieee80211_destroy_auth_data(sdata, false);
7133 } else if (ieee80211_auth(sdata)) {
7134 u8 ap_addr[ETH_ALEN];
7135 struct ieee80211_event event = {
7137 .u.mlme.data = AUTH_EVENT,
7138 .u.mlme.status = MLME_TIMEOUT,
7141 memcpy(ap_addr, ifmgd->auth_data->ap_addr, ETH_ALEN);
7143 ieee80211_destroy_auth_data(sdata, false);
7145 cfg80211_auth_timeout(sdata->dev, ap_addr);
7146 drv_event_callback(sdata->local, sdata, &event);
7148 } else if (ifmgd->auth_data && ifmgd->auth_data->timeout_started)
7149 run_again(sdata, ifmgd->auth_data->timeout);
7151 if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started &&
7152 time_after(jiffies, ifmgd->assoc_data->timeout)) {
7153 if ((ifmgd->assoc_data->need_beacon &&
7154 !sdata->deflink.u.mgd.have_beacon) ||
7155 ieee80211_do_assoc(sdata)) {
7156 struct ieee80211_event event = {
7158 .u.mlme.data = ASSOC_EVENT,
7159 .u.mlme.status = MLME_TIMEOUT,
7162 ieee80211_destroy_assoc_data(sdata, ASSOC_TIMEOUT);
7163 drv_event_callback(sdata->local, sdata, &event);
7165 } else if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started)
7166 run_again(sdata, ifmgd->assoc_data->timeout);
7168 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL &&
7169 ifmgd->associated) {
7170 u8 *bssid = sdata->deflink.u.mgd.bssid;
7173 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
7174 max_tries = max_nullfunc_tries;
7176 max_tries = max_probe_tries;
7178 /* ACK received for nullfunc probing frame */
7179 if (!ifmgd->probe_send_count)
7180 ieee80211_reset_ap_probe(sdata);
7181 else if (ifmgd->nullfunc_failed) {
7182 if (ifmgd->probe_send_count < max_tries) {
7184 "No ack for nullfunc frame to AP %pM, try %d/%i\n",
7185 bssid, ifmgd->probe_send_count,
7187 ieee80211_mgd_probe_ap_send(sdata);
7190 "No ack for nullfunc frame to AP %pM, disconnecting.\n",
7192 ieee80211_sta_connection_lost(sdata,
7193 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
7196 } else if (time_is_after_jiffies(ifmgd->probe_timeout))
7197 run_again(sdata, ifmgd->probe_timeout);
7198 else if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) {
7200 "Failed to send nullfunc to AP %pM after %dms, disconnecting\n",
7201 bssid, probe_wait_ms);
7202 ieee80211_sta_connection_lost(sdata,
7203 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false);
7204 } else if (ifmgd->probe_send_count < max_tries) {
7206 "No probe response from AP %pM after %dms, try %d/%i\n",
7207 bssid, probe_wait_ms,
7208 ifmgd->probe_send_count, max_tries);
7209 ieee80211_mgd_probe_ap_send(sdata);
7212 * We actually lost the connection ... or did we?
7216 "No probe response from AP %pM after %dms, disconnecting.\n",
7217 bssid, probe_wait_ms);
7219 ieee80211_sta_connection_lost(sdata,
7220 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false);
7225 static void ieee80211_sta_bcn_mon_timer(struct timer_list *t)
7227 struct ieee80211_sub_if_data *sdata =
7228 from_timer(sdata, t, u.mgd.bcn_mon_timer);
7230 if (WARN_ON(ieee80211_vif_is_mld(&sdata->vif)))
7233 if (sdata->vif.bss_conf.csa_active &&
7234 !sdata->deflink.u.mgd.csa_waiting_bcn)
7237 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER)
7240 sdata->u.mgd.connection_loss = false;
7241 wiphy_work_queue(sdata->local->hw.wiphy,
7242 &sdata->u.mgd.beacon_connection_loss_work);
7245 static void ieee80211_sta_conn_mon_timer(struct timer_list *t)
7247 struct ieee80211_sub_if_data *sdata =
7248 from_timer(sdata, t, u.mgd.conn_mon_timer);
7249 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
7250 struct ieee80211_local *local = sdata->local;
7251 struct sta_info *sta;
7252 unsigned long timeout;
7254 if (WARN_ON(ieee80211_vif_is_mld(&sdata->vif)))
7257 if (sdata->vif.bss_conf.csa_active &&
7258 !sdata->deflink.u.mgd.csa_waiting_bcn)
7261 sta = sta_info_get(sdata, sdata->vif.cfg.ap_addr);
7265 timeout = sta->deflink.status_stats.last_ack;
7266 if (time_before(sta->deflink.status_stats.last_ack, sta->deflink.rx_stats.last_rx))
7267 timeout = sta->deflink.rx_stats.last_rx;
7268 timeout += IEEE80211_CONNECTION_IDLE_TIME;
7270 /* If timeout is after now, then update timer to fire at
7271 * the later date, but do not actually probe at this time.
7273 if (time_is_after_jiffies(timeout)) {
7274 mod_timer(&ifmgd->conn_mon_timer, round_jiffies_up(timeout));
7278 wiphy_work_queue(local->hw.wiphy, &sdata->u.mgd.monitor_work);
7281 static void ieee80211_sta_monitor_work(struct wiphy *wiphy,
7282 struct wiphy_work *work)
7284 struct ieee80211_sub_if_data *sdata =
7285 container_of(work, struct ieee80211_sub_if_data,
7286 u.mgd.monitor_work);
7288 ieee80211_mgd_probe_ap(sdata, false);
7291 static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata)
7293 if (sdata->vif.type == NL80211_IFTYPE_STATION) {
7294 __ieee80211_stop_poll(sdata);
7296 /* let's probe the connection once */
7297 if (!ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
7298 wiphy_work_queue(sdata->local->hw.wiphy,
7299 &sdata->u.mgd.monitor_work);
7304 void ieee80211_mgd_quiesce(struct ieee80211_sub_if_data *sdata)
7306 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
7307 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
7309 lockdep_assert_wiphy(sdata->local->hw.wiphy);
7311 if (ifmgd->auth_data || ifmgd->assoc_data) {
7312 const u8 *ap_addr = ifmgd->auth_data ?
7313 ifmgd->auth_data->ap_addr :
7314 ifmgd->assoc_data->ap_addr;
7317 * If we are trying to authenticate / associate while suspending,
7318 * cfg80211 won't know and won't actually abort those attempts,
7319 * thus we need to do that ourselves.
7321 ieee80211_send_deauth_disassoc(sdata, ap_addr, ap_addr,
7322 IEEE80211_STYPE_DEAUTH,
7323 WLAN_REASON_DEAUTH_LEAVING,
7325 if (ifmgd->assoc_data)
7326 ieee80211_destroy_assoc_data(sdata, ASSOC_ABANDON);
7327 if (ifmgd->auth_data)
7328 ieee80211_destroy_auth_data(sdata, false);
7329 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,
7330 IEEE80211_DEAUTH_FRAME_LEN,
7334 /* This is a bit of a hack - we should find a better and more generic
7335 * solution to this. Normally when suspending, cfg80211 will in fact
7336 * deauthenticate. However, it doesn't (and cannot) stop an ongoing
7337 * auth (not so important) or assoc (this is the problem) process.
7339 * As a consequence, it can happen that we are in the process of both
7340 * associating and suspending, and receive an association response
7341 * after cfg80211 has checked if it needs to disconnect, but before
7342 * we actually set the flag to drop incoming frames. This will then
7343 * cause the workqueue flush to process the association response in
7344 * the suspend, resulting in a successful association just before it
7345 * tries to remove the interface from the driver, which now though
7346 * has a channel context assigned ... this results in issues.
7348 * To work around this (for now) simply deauth here again if we're
7351 if (ifmgd->associated && !sdata->local->wowlan) {
7353 struct cfg80211_deauth_request req = {
7354 .reason_code = WLAN_REASON_DEAUTH_LEAVING,
7358 memcpy(bssid, sdata->vif.cfg.ap_addr, ETH_ALEN);
7359 ieee80211_mgd_deauth(sdata, &req);
7364 void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata)
7366 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
7368 lockdep_assert_wiphy(sdata->local->hw.wiphy);
7370 if (!ifmgd->associated)
7373 if (sdata->flags & IEEE80211_SDATA_DISCONNECT_RESUME) {
7374 sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_RESUME;
7375 mlme_dbg(sdata, "driver requested disconnect after resume\n");
7376 ieee80211_sta_connection_lost(sdata,
7377 WLAN_REASON_UNSPECIFIED,
7382 if (sdata->flags & IEEE80211_SDATA_DISCONNECT_HW_RESTART) {
7383 sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_HW_RESTART;
7384 mlme_dbg(sdata, "driver requested disconnect after hardware restart\n");
7385 ieee80211_sta_connection_lost(sdata,
7386 WLAN_REASON_UNSPECIFIED,
7392 static void ieee80211_request_smps_mgd_work(struct wiphy *wiphy,
7393 struct wiphy_work *work)
7395 struct ieee80211_link_data *link =
7396 container_of(work, struct ieee80211_link_data,
7397 u.mgd.request_smps_work);
7399 __ieee80211_request_smps_mgd(link->sdata, link,
7400 link->u.mgd.driver_smps_mode);
7403 /* interface setup */
7404 void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata)
7406 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
7408 wiphy_work_init(&ifmgd->monitor_work, ieee80211_sta_monitor_work);
7409 wiphy_work_init(&ifmgd->beacon_connection_loss_work,
7410 ieee80211_beacon_connection_loss_work);
7411 wiphy_work_init(&ifmgd->csa_connection_drop_work,
7412 ieee80211_csa_connection_drop_work);
7413 wiphy_delayed_work_init(&ifmgd->tdls_peer_del_work,
7414 ieee80211_tdls_peer_del_work);
7415 wiphy_delayed_work_init(&ifmgd->ml_reconf_work,
7416 ieee80211_ml_reconf_work);
7417 timer_setup(&ifmgd->timer, ieee80211_sta_timer, 0);
7418 timer_setup(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer, 0);
7419 timer_setup(&ifmgd->conn_mon_timer, ieee80211_sta_conn_mon_timer, 0);
7420 wiphy_delayed_work_init(&ifmgd->tx_tspec_wk,
7421 ieee80211_sta_handle_tspec_ac_params_wk);
7422 wiphy_delayed_work_init(&ifmgd->ttlm_work,
7423 ieee80211_tid_to_link_map_work);
7424 wiphy_delayed_work_init(&ifmgd->neg_ttlm_timeout_work,
7425 ieee80211_neg_ttlm_timeout_work);
7428 ifmgd->powersave = sdata->wdev.ps;
7429 ifmgd->uapsd_queues = sdata->local->hw.uapsd_queues;
7430 ifmgd->uapsd_max_sp_len = sdata->local->hw.uapsd_max_sp_len;
7431 /* Setup TDLS data */
7432 spin_lock_init(&ifmgd->teardown_lock);
7433 ifmgd->teardown_skb = NULL;
7434 ifmgd->orig_teardown_skb = NULL;
7435 ifmgd->mcast_seq_last = IEEE80211_SN_MODULO;
7438 static void ieee80211_recalc_smps_work(struct wiphy *wiphy,
7439 struct wiphy_work *work)
7441 struct ieee80211_link_data *link =
7442 container_of(work, struct ieee80211_link_data,
7445 ieee80211_recalc_smps(link->sdata, link);
7448 void ieee80211_mgd_setup_link(struct ieee80211_link_data *link)
7450 struct ieee80211_sub_if_data *sdata = link->sdata;
7451 struct ieee80211_local *local = sdata->local;
7452 unsigned int link_id = link->link_id;
7454 link->u.mgd.p2p_noa_index = -1;
7455 link->conf->bssid = link->u.mgd.bssid;
7456 link->smps_mode = IEEE80211_SMPS_OFF;
7458 wiphy_work_init(&link->u.mgd.request_smps_work,
7459 ieee80211_request_smps_mgd_work);
7460 wiphy_work_init(&link->u.mgd.recalc_smps,
7461 ieee80211_recalc_smps_work);
7462 if (local->hw.wiphy->features & NL80211_FEATURE_DYNAMIC_SMPS)
7463 link->u.mgd.req_smps = IEEE80211_SMPS_AUTOMATIC;
7465 link->u.mgd.req_smps = IEEE80211_SMPS_OFF;
7467 wiphy_delayed_work_init(&link->u.mgd.chswitch_work,
7468 ieee80211_chswitch_work);
7470 if (sdata->u.mgd.assoc_data)
7471 ether_addr_copy(link->conf->addr,
7472 sdata->u.mgd.assoc_data->link[link_id].addr);
7473 else if (!is_valid_ether_addr(link->conf->addr))
7474 eth_random_addr(link->conf->addr);
7477 /* scan finished notification */
7478 void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local)
7480 struct ieee80211_sub_if_data *sdata;
7482 /* Restart STA timers */
7484 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
7485 if (ieee80211_sdata_running(sdata))
7486 ieee80211_restart_sta_timer(sdata);
7491 static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata,
7492 struct cfg80211_bss *cbss, s8 link_id,
7493 const u8 *ap_mld_addr, bool assoc,
7494 struct ieee80211_conn_settings *conn,
7497 struct ieee80211_local *local = sdata->local;
7498 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
7499 struct ieee80211_bss *bss = (void *)cbss->priv;
7500 struct sta_info *new_sta = NULL;
7501 struct ieee80211_link_data *link;
7502 bool have_sta = false;
7508 if (WARN_ON(!ap_mld_addr))
7510 err = ieee80211_vif_set_links(sdata, BIT(link_id), 0);
7512 if (WARN_ON(ap_mld_addr))
7514 ap_mld_addr = cbss->bssid;
7515 err = ieee80211_vif_set_links(sdata, 0, 0);
7523 link = sdata_dereference(sdata->link[link_id], sdata);
7524 if (WARN_ON(!link)) {
7529 if (WARN_ON(!ifmgd->auth_data && !ifmgd->assoc_data)) {
7534 /* If a reconfig is happening, bail out */
7535 if (local->in_reconfig) {
7542 have_sta = sta_info_get(sdata, ap_mld_addr);
7548 new_sta = sta_info_alloc_with_link(sdata, ap_mld_addr,
7549 link_id, cbss->bssid,
7552 new_sta = sta_info_alloc(sdata, ap_mld_addr, GFP_KERNEL);
7559 new_sta->sta.mlo = mlo;
7563 * Set up the information for the new channel before setting the
7564 * new channel. We can't - completely race-free - change the basic
7565 * rates bitmap and the channel (sband) that it refers to, but if
7566 * we set it up before we at least avoid calling into the driver's
7567 * bss_info_changed() method with invalid information (since we do
7568 * call that from changing the channel - only for IDLE and perhaps
7569 * some others, but ...).
7571 * So to avoid that, just set up all the new information before the
7572 * channel, but tell the driver to apply it only afterwards, since
7573 * it might need the new channel for that.
7576 const struct cfg80211_bss_ies *ies;
7577 struct link_sta_info *link_sta;
7580 link_sta = rcu_dereference(new_sta->link[link_id]);
7581 if (WARN_ON(!link_sta)) {
7583 sta_info_free(local, new_sta);
7588 err = ieee80211_mgd_setup_link_sta(link, new_sta,
7592 sta_info_free(local, new_sta);
7596 memcpy(link->u.mgd.bssid, cbss->bssid, ETH_ALEN);
7598 /* set timing information */
7599 link->conf->beacon_int = cbss->beacon_interval;
7600 ies = rcu_dereference(cbss->beacon_ies);
7602 link->conf->sync_tsf = ies->tsf;
7603 link->conf->sync_device_ts =
7604 bss->device_ts_beacon;
7606 ieee80211_get_dtim(ies,
7607 &link->conf->sync_dtim_count,
7609 } else if (!ieee80211_hw_check(&sdata->local->hw,
7610 TIMING_BEACON_ONLY)) {
7611 ies = rcu_dereference(cbss->proberesp_ies);
7612 /* must be non-NULL since beacon IEs were NULL */
7613 link->conf->sync_tsf = ies->tsf;
7614 link->conf->sync_device_ts =
7615 bss->device_ts_presp;
7616 link->conf->sync_dtim_count = 0;
7618 link->conf->sync_tsf = 0;
7619 link->conf->sync_device_ts = 0;
7620 link->conf->sync_dtim_count = 0;
7625 if (new_sta || override) {
7627 * Only set this if we're also going to calculate the AP
7628 * settings etc., otherwise this was set before in a
7629 * previous call. Note override is set to %true in assoc
7630 * if the settings were changed.
7632 link->u.mgd.conn = *conn;
7633 err = ieee80211_prep_channel(sdata, link, link->link_id, cbss,
7634 mlo, &link->u.mgd.conn);
7637 sta_info_free(local, new_sta);
7640 /* pass out for use in assoc */
7641 *conn = link->u.mgd.conn;
7646 * tell driver about BSSID, basic rates and timing
7647 * this was set up above, before setting the channel
7649 ieee80211_link_info_change_notify(sdata, link,
7651 BSS_CHANGED_BASIC_RATES |
7652 BSS_CHANGED_BEACON_INT);
7655 sta_info_pre_move_state(new_sta, IEEE80211_STA_AUTH);
7657 err = sta_info_insert(new_sta);
7661 "failed to insert STA entry for the AP (error %d)\n",
7663 goto out_release_chan;
7666 WARN_ON_ONCE(!ether_addr_equal(link->u.mgd.bssid, cbss->bssid));
7668 /* Cancel scan to ensure that nothing interferes with connection */
7669 if (local->scanning)
7670 ieee80211_scan_cancel(local);
7675 ieee80211_link_release_channel(link);
7677 ieee80211_vif_set_links(sdata, 0, 0);
7681 static bool ieee80211_mgd_csa_present(struct ieee80211_sub_if_data *sdata,
7682 const struct cfg80211_bss_ies *ies,
7683 u8 cur_channel, bool ignore_ecsa)
7685 const struct element *csa_elem, *ecsa_elem;
7686 struct ieee80211_channel_sw_ie *csa = NULL;
7687 struct ieee80211_ext_chansw_ie *ecsa = NULL;
7692 csa_elem = cfg80211_find_elem(WLAN_EID_CHANNEL_SWITCH,
7693 ies->data, ies->len);
7694 if (csa_elem && csa_elem->datalen == sizeof(*csa))
7695 csa = (void *)csa_elem->data;
7697 ecsa_elem = cfg80211_find_elem(WLAN_EID_EXT_CHANSWITCH_ANN,
7698 ies->data, ies->len);
7699 if (ecsa_elem && ecsa_elem->datalen == sizeof(*ecsa))
7700 ecsa = (void *)ecsa_elem->data;
7702 if (csa && csa->count == 0)
7704 if (csa && !csa->mode && csa->new_ch_num == cur_channel)
7707 if (ecsa && ecsa->count == 0)
7709 if (ecsa && !ecsa->mode && ecsa->new_ch_num == cur_channel)
7712 if (ignore_ecsa && ecsa) {
7714 "Ignoring ECSA in probe response - was considered stuck!\n");
7721 static bool ieee80211_mgd_csa_in_process(struct ieee80211_sub_if_data *sdata,
7722 struct cfg80211_bss *bss)
7727 cur_channel = ieee80211_frequency_to_channel(bss->channel->center_freq);
7730 if (ieee80211_mgd_csa_present(sdata,
7731 rcu_dereference(bss->beacon_ies),
7732 cur_channel, false)) {
7737 if (ieee80211_mgd_csa_present(sdata,
7738 rcu_dereference(bss->proberesp_ies),
7739 cur_channel, bss->proberesp_ecsa_stuck)) {
7751 int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata,
7752 struct cfg80211_auth_request *req)
7754 struct ieee80211_local *local = sdata->local;
7755 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
7756 struct ieee80211_mgd_auth_data *auth_data;
7757 struct ieee80211_conn_settings conn;
7758 struct ieee80211_link_data *link;
7759 struct ieee80211_supported_band *sband;
7760 struct ieee80211_bss *bss;
7763 bool cont_auth, wmm_used;
7765 lockdep_assert_wiphy(sdata->local->hw.wiphy);
7767 /* prepare auth data structure */
7769 switch (req->auth_type) {
7770 case NL80211_AUTHTYPE_OPEN_SYSTEM:
7771 auth_alg = WLAN_AUTH_OPEN;
7773 case NL80211_AUTHTYPE_SHARED_KEY:
7776 auth_alg = WLAN_AUTH_SHARED_KEY;
7778 case NL80211_AUTHTYPE_FT:
7779 auth_alg = WLAN_AUTH_FT;
7781 case NL80211_AUTHTYPE_NETWORK_EAP:
7782 auth_alg = WLAN_AUTH_LEAP;
7784 case NL80211_AUTHTYPE_SAE:
7785 auth_alg = WLAN_AUTH_SAE;
7787 case NL80211_AUTHTYPE_FILS_SK:
7788 auth_alg = WLAN_AUTH_FILS_SK;
7790 case NL80211_AUTHTYPE_FILS_SK_PFS:
7791 auth_alg = WLAN_AUTH_FILS_SK_PFS;
7793 case NL80211_AUTHTYPE_FILS_PK:
7794 auth_alg = WLAN_AUTH_FILS_PK;
7800 if (ifmgd->assoc_data)
7803 if (ieee80211_mgd_csa_in_process(sdata, req->bss)) {
7804 sdata_info(sdata, "AP is in CSA process, reject auth\n");
7808 auth_data = kzalloc(sizeof(*auth_data) + req->auth_data_len +
7809 req->ie_len, GFP_KERNEL);
7813 memcpy(auth_data->ap_addr,
7814 req->ap_mld_addr ?: req->bss->bssid,
7816 auth_data->bss = req->bss;
7817 auth_data->link_id = req->link_id;
7819 if (req->auth_data_len >= 4) {
7820 if (req->auth_type == NL80211_AUTHTYPE_SAE) {
7821 __le16 *pos = (__le16 *) req->auth_data;
7823 auth_data->sae_trans = le16_to_cpu(pos[0]);
7824 auth_data->sae_status = le16_to_cpu(pos[1]);
7826 memcpy(auth_data->data, req->auth_data + 4,
7827 req->auth_data_len - 4);
7828 auth_data->data_len += req->auth_data_len - 4;
7831 /* Check if continuing authentication or trying to authenticate with the
7832 * same BSS that we were in the process of authenticating with and avoid
7833 * removal and re-addition of the STA entry in
7834 * ieee80211_prep_connection().
7836 cont_auth = ifmgd->auth_data && req->bss == ifmgd->auth_data->bss &&
7837 ifmgd->auth_data->link_id == req->link_id;
7839 if (req->ie && req->ie_len) {
7840 memcpy(&auth_data->data[auth_data->data_len],
7841 req->ie, req->ie_len);
7842 auth_data->data_len += req->ie_len;
7845 if (req->key && req->key_len) {
7846 auth_data->key_len = req->key_len;
7847 auth_data->key_idx = req->key_idx;
7848 memcpy(auth_data->key, req->key, req->key_len);
7851 auth_data->algorithm = auth_alg;
7853 /* try to authenticate/probe */
7855 if (ifmgd->auth_data) {
7856 if (cont_auth && req->auth_type == NL80211_AUTHTYPE_SAE) {
7857 auth_data->peer_confirmed =
7858 ifmgd->auth_data->peer_confirmed;
7860 ieee80211_destroy_auth_data(sdata, cont_auth);
7863 /* prep auth_data so we don't go into idle on disassoc */
7864 ifmgd->auth_data = auth_data;
7866 /* If this is continuation of an ongoing SAE authentication exchange
7867 * (i.e., request to send SAE Confirm) and the peer has already
7868 * confirmed, mark authentication completed since we are about to send
7871 if (cont_auth && req->auth_type == NL80211_AUTHTYPE_SAE &&
7872 auth_data->peer_confirmed && auth_data->sae_trans == 2)
7873 ieee80211_mark_sta_auth(sdata);
7875 if (ifmgd->associated) {
7876 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
7879 "disconnect from AP %pM for new auth to %pM\n",
7880 sdata->vif.cfg.ap_addr, auth_data->ap_addr);
7881 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
7882 WLAN_REASON_UNSPECIFIED,
7885 ieee80211_report_disconnect(sdata, frame_buf,
7886 sizeof(frame_buf), true,
7887 WLAN_REASON_UNSPECIFIED,
7891 /* needed for transmitting the auth frame(s) properly */
7892 memcpy(sdata->vif.cfg.ap_addr, auth_data->ap_addr, ETH_ALEN);
7894 bss = (void *)req->bss->priv;
7895 wmm_used = bss->wmm_used && (local->hw.queues >= IEEE80211_NUM_ACS);
7897 sband = local->hw.wiphy->bands[req->bss->channel->band];
7899 ieee80211_determine_our_sta_mode_auth(sdata, sband, req, wmm_used,
7902 err = ieee80211_prep_connection(sdata, req->bss, req->link_id,
7903 req->ap_mld_addr, cont_auth,
7908 if (req->link_id >= 0)
7909 link = sdata_dereference(sdata->link[req->link_id], sdata);
7911 link = &sdata->deflink;
7913 if (WARN_ON(!link)) {
7918 sdata_info(sdata, "authenticate with %pM (local address=%pM)\n",
7919 auth_data->ap_addr, link->conf->addr);
7921 err = ieee80211_auth(sdata);
7923 sta_info_destroy_addr(sdata, auth_data->ap_addr);
7927 /* hold our own reference */
7928 cfg80211_ref_bss(local->hw.wiphy, auth_data->bss);
7932 if (!ieee80211_vif_is_mld(&sdata->vif)) {
7933 eth_zero_addr(sdata->deflink.u.mgd.bssid);
7934 ieee80211_link_info_change_notify(sdata, &sdata->deflink,
7936 ieee80211_link_release_channel(&sdata->deflink);
7938 ifmgd->auth_data = NULL;
7944 ieee80211_setup_assoc_link(struct ieee80211_sub_if_data *sdata,
7945 struct ieee80211_mgd_assoc_data *assoc_data,
7946 struct cfg80211_assoc_request *req,
7947 struct ieee80211_conn_settings *conn,
7948 unsigned int link_id)
7950 struct ieee80211_local *local = sdata->local;
7951 const struct cfg80211_bss_ies *bss_ies;
7952 struct ieee80211_supported_band *sband;
7953 struct ieee80211_link_data *link;
7954 struct cfg80211_bss *cbss;
7955 struct ieee80211_bss *bss;
7957 cbss = assoc_data->link[link_id].bss;
7961 bss = (void *)cbss->priv;
7963 sband = local->hw.wiphy->bands[cbss->channel->band];
7964 if (WARN_ON(!sband))
7967 link = sdata_dereference(sdata->link[link_id], sdata);
7971 /* for MLO connections assume advertising all rates is OK */
7972 if (!req->ap_mld_addr) {
7973 assoc_data->supp_rates = bss->supp_rates;
7974 assoc_data->supp_rates_len = bss->supp_rates_len;
7977 /* copy and link elems for the STA profile */
7978 if (req->links[link_id].elems_len) {
7979 memcpy(assoc_data->ie_pos, req->links[link_id].elems,
7980 req->links[link_id].elems_len);
7981 assoc_data->link[link_id].elems = assoc_data->ie_pos;
7982 assoc_data->link[link_id].elems_len = req->links[link_id].elems_len;
7983 assoc_data->ie_pos += req->links[link_id].elems_len;
7986 link->u.mgd.beacon_crc_valid = false;
7987 link->u.mgd.dtim_period = 0;
7988 link->u.mgd.have_beacon = false;
7990 /* override HT configuration only if the AP and we support it */
7991 if (conn->mode >= IEEE80211_CONN_MODE_HT) {
7992 struct ieee80211_sta_ht_cap sta_ht_cap;
7994 memcpy(&sta_ht_cap, &sband->ht_cap, sizeof(sta_ht_cap));
7995 ieee80211_apply_htcap_overrides(sdata, &sta_ht_cap);
7999 bss_ies = rcu_dereference(cbss->beacon_ies);
8003 ieee80211_get_dtim(bss_ies, &dtim_count,
8004 &link->u.mgd.dtim_period);
8006 sdata->deflink.u.mgd.have_beacon = true;
8008 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY)) {
8009 link->conf->sync_tsf = bss_ies->tsf;
8010 link->conf->sync_device_ts = bss->device_ts_beacon;
8011 link->conf->sync_dtim_count = dtim_count;
8014 bss_ies = rcu_dereference(cbss->ies);
8018 const struct element *elem;
8020 elem = cfg80211_find_ext_elem(WLAN_EID_EXT_MULTIPLE_BSSID_CONFIGURATION,
8021 bss_ies->data, bss_ies->len);
8022 if (elem && elem->datalen >= 3)
8023 link->conf->profile_periodicity = elem->data[2];
8025 link->conf->profile_periodicity = 0;
8027 elem = cfg80211_find_elem(WLAN_EID_EXT_CAPABILITY,
8028 bss_ies->data, bss_ies->len);
8029 if (elem && elem->datalen >= 11 &&
8030 (elem->data[10] & WLAN_EXT_CAPA11_EMA_SUPPORT))
8031 link->conf->ema_ap = true;
8033 link->conf->ema_ap = false;
8037 if (bss->corrupt_data) {
8038 char *corrupt_type = "data";
8040 if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_BEACON) {
8041 if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP)
8042 corrupt_type = "beacon and probe response";
8044 corrupt_type = "beacon";
8045 } else if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP) {
8046 corrupt_type = "probe response";
8048 sdata_info(sdata, "associating to AP %pM with corrupt %s\n",
8049 cbss->bssid, corrupt_type);
8052 if (link->u.mgd.req_smps == IEEE80211_SMPS_AUTOMATIC) {
8053 if (sdata->u.mgd.powersave)
8054 link->smps_mode = IEEE80211_SMPS_DYNAMIC;
8056 link->smps_mode = IEEE80211_SMPS_OFF;
8058 link->smps_mode = link->u.mgd.req_smps;
8063 ieee80211_mgd_get_ap_ht_vht_capa(struct ieee80211_sub_if_data *sdata,
8064 struct ieee80211_mgd_assoc_data *assoc_data,
8067 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss;
8068 enum nl80211_band band = cbss->channel->band;
8069 struct ieee80211_supported_band *sband;
8070 const struct element *elem;
8073 /* neither HT nor VHT elements used on 6 GHz */
8074 if (band == NL80211_BAND_6GHZ)
8077 if (assoc_data->link[link_id].conn.mode < IEEE80211_CONN_MODE_HT)
8081 elem = ieee80211_bss_get_elem(cbss, WLAN_EID_HT_OPERATION);
8082 if (!elem || elem->datalen < sizeof(struct ieee80211_ht_operation)) {
8083 mlme_link_id_dbg(sdata, link_id, "no HT operation on BSS %pM\n",
8088 assoc_data->link[link_id].ap_ht_param =
8089 ((struct ieee80211_ht_operation *)(elem->data))->ht_param;
8092 if (assoc_data->link[link_id].conn.mode < IEEE80211_CONN_MODE_VHT)
8095 /* some drivers want to support VHT on 2.4 GHz even */
8096 sband = sdata->local->hw.wiphy->bands[band];
8097 if (!sband->vht_cap.vht_supported)
8101 elem = ieee80211_bss_get_elem(cbss, WLAN_EID_VHT_CAPABILITY);
8102 /* but even then accept it not being present on the AP */
8103 if (!elem && band == NL80211_BAND_2GHZ) {
8107 if (!elem || elem->datalen < sizeof(struct ieee80211_vht_cap)) {
8108 mlme_link_id_dbg(sdata, link_id, "no VHT capa on BSS %pM\n",
8113 memcpy(&assoc_data->link[link_id].ap_vht_cap, elem->data,
8114 sizeof(struct ieee80211_vht_cap));
8123 int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
8124 struct cfg80211_assoc_request *req)
8126 unsigned int assoc_link_id = req->link_id < 0 ? 0 : req->link_id;
8127 struct ieee80211_local *local = sdata->local;
8128 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
8129 struct ieee80211_mgd_assoc_data *assoc_data;
8130 const struct element *ssid_elem;
8131 struct ieee80211_vif_cfg *vif_cfg = &sdata->vif.cfg;
8132 struct ieee80211_link_data *link;
8133 struct cfg80211_bss *cbss;
8134 bool override, uapsd_supported;
8137 size_t size = sizeof(*assoc_data) + req->ie_len;
8139 for (i = 0; i < IEEE80211_MLD_MAX_NUM_LINKS; i++)
8140 size += req->links[i].elems_len;
8142 /* FIXME: no support for 4-addr MLO yet */
8143 if (sdata->u.mgd.use_4addr && req->link_id >= 0)
8146 assoc_data = kzalloc(size, GFP_KERNEL);
8150 cbss = req->link_id < 0 ? req->bss : req->links[req->link_id].bss;
8152 if (ieee80211_mgd_csa_in_process(sdata, cbss)) {
8153 sdata_info(sdata, "AP is in CSA process, reject assoc\n");
8159 ssid_elem = ieee80211_bss_get_elem(cbss, WLAN_EID_SSID);
8160 if (!ssid_elem || ssid_elem->datalen > sizeof(assoc_data->ssid)) {
8166 memcpy(assoc_data->ssid, ssid_elem->data, ssid_elem->datalen);
8167 assoc_data->ssid_len = ssid_elem->datalen;
8170 if (req->ap_mld_addr)
8171 memcpy(assoc_data->ap_addr, req->ap_mld_addr, ETH_ALEN);
8173 memcpy(assoc_data->ap_addr, cbss->bssid, ETH_ALEN);
8175 if (ifmgd->associated) {
8176 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
8179 "disconnect from AP %pM for new assoc to %pM\n",
8180 sdata->vif.cfg.ap_addr, assoc_data->ap_addr);
8181 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
8182 WLAN_REASON_UNSPECIFIED,
8185 ieee80211_report_disconnect(sdata, frame_buf,
8186 sizeof(frame_buf), true,
8187 WLAN_REASON_UNSPECIFIED,
8191 memcpy(&ifmgd->ht_capa, &req->ht_capa, sizeof(ifmgd->ht_capa));
8192 memcpy(&ifmgd->ht_capa_mask, &req->ht_capa_mask,
8193 sizeof(ifmgd->ht_capa_mask));
8195 memcpy(&ifmgd->vht_capa, &req->vht_capa, sizeof(ifmgd->vht_capa));
8196 memcpy(&ifmgd->vht_capa_mask, &req->vht_capa_mask,
8197 sizeof(ifmgd->vht_capa_mask));
8199 memcpy(&ifmgd->s1g_capa, &req->s1g_capa, sizeof(ifmgd->s1g_capa));
8200 memcpy(&ifmgd->s1g_capa_mask, &req->s1g_capa_mask,
8201 sizeof(ifmgd->s1g_capa_mask));
8203 /* keep some setup (AP STA, channel, ...) if matching */
8204 match_auth = ifmgd->auth_data &&
8205 ether_addr_equal(ifmgd->auth_data->ap_addr,
8206 assoc_data->ap_addr) &&
8207 ifmgd->auth_data->link_id == req->link_id;
8209 if (req->ap_mld_addr) {
8210 uapsd_supported = true;
8212 for (i = 0; i < IEEE80211_MLD_MAX_NUM_LINKS; i++) {
8213 struct ieee80211_supported_band *sband;
8214 struct cfg80211_bss *link_cbss = req->links[i].bss;
8215 struct ieee80211_bss *bss;
8220 bss = (void *)link_cbss->priv;
8222 if (!bss->wmm_used) {
8227 if (req->flags & (ASSOC_REQ_DISABLE_HT |
8228 ASSOC_REQ_DISABLE_VHT |
8229 ASSOC_REQ_DISABLE_HE |
8230 ASSOC_REQ_DISABLE_EHT)) {
8235 if (link_cbss->channel->band == NL80211_BAND_S1GHZ) {
8240 link = sdata_dereference(sdata->link[i], sdata);
8242 ether_addr_copy(assoc_data->link[i].addr,
8245 eth_random_addr(assoc_data->link[i].addr);
8246 sband = local->hw.wiphy->bands[link_cbss->channel->band];
8248 if (match_auth && i == assoc_link_id && link)
8249 assoc_data->link[i].conn = link->u.mgd.conn;
8251 assoc_data->link[i].conn =
8252 ieee80211_conn_settings_unlimited;
8253 ieee80211_determine_our_sta_mode_assoc(sdata, sband,
8255 &assoc_data->link[i].conn);
8256 assoc_data->link[i].bss = link_cbss;
8257 assoc_data->link[i].disabled = req->links[i].disabled;
8259 if (!bss->uapsd_supported)
8260 uapsd_supported = false;
8262 if (assoc_data->link[i].conn.mode < IEEE80211_CONN_MODE_EHT) {
8264 req->links[i].error = err;
8268 err = ieee80211_mgd_get_ap_ht_vht_capa(sdata,
8272 req->links[i].error = err;
8277 assoc_data->wmm = true;
8279 struct ieee80211_supported_band *sband;
8280 struct ieee80211_bss *bss = (void *)cbss->priv;
8282 memcpy(assoc_data->link[0].addr, sdata->vif.addr, ETH_ALEN);
8283 assoc_data->s1g = cbss->channel->band == NL80211_BAND_S1GHZ;
8285 assoc_data->wmm = bss->wmm_used &&
8286 (local->hw.queues >= IEEE80211_NUM_ACS);
8288 if (cbss->channel->band == NL80211_BAND_6GHZ &&
8289 req->flags & (ASSOC_REQ_DISABLE_HT |
8290 ASSOC_REQ_DISABLE_VHT |
8291 ASSOC_REQ_DISABLE_HE)) {
8296 sband = local->hw.wiphy->bands[cbss->channel->band];
8298 assoc_data->link[0].bss = cbss;
8301 assoc_data->link[0].conn = sdata->deflink.u.mgd.conn;
8303 assoc_data->link[0].conn =
8304 ieee80211_conn_settings_unlimited;
8305 ieee80211_determine_our_sta_mode_assoc(sdata, sband, req,
8307 &assoc_data->link[0].conn);
8309 uapsd_supported = bss->uapsd_supported;
8311 err = ieee80211_mgd_get_ap_ht_vht_capa(sdata, assoc_data, 0);
8316 assoc_data->spp_amsdu = req->flags & ASSOC_REQ_SPP_AMSDU;
8318 if (ifmgd->auth_data && !ifmgd->auth_data->done) {
8323 if (ifmgd->assoc_data) {
8328 /* Cleanup is delayed if auth_data matches */
8329 if (ifmgd->auth_data && !match_auth)
8330 ieee80211_destroy_auth_data(sdata, false);
8332 if (req->ie && req->ie_len) {
8333 memcpy(assoc_data->ie, req->ie, req->ie_len);
8334 assoc_data->ie_len = req->ie_len;
8335 assoc_data->ie_pos = assoc_data->ie + assoc_data->ie_len;
8337 assoc_data->ie_pos = assoc_data->ie;
8340 if (req->fils_kek) {
8341 /* should already be checked in cfg80211 - so warn */
8342 if (WARN_ON(req->fils_kek_len > FILS_MAX_KEK_LEN)) {
8346 memcpy(assoc_data->fils_kek, req->fils_kek,
8348 assoc_data->fils_kek_len = req->fils_kek_len;
8351 if (req->fils_nonces)
8352 memcpy(assoc_data->fils_nonces, req->fils_nonces,
8353 2 * FILS_NONCE_LEN);
8355 /* default timeout */
8356 assoc_data->timeout = jiffies;
8357 assoc_data->timeout_started = true;
8359 assoc_data->assoc_link_id = assoc_link_id;
8361 if (req->ap_mld_addr) {
8362 /* if there was no authentication, set up the link */
8363 err = ieee80211_vif_set_links(sdata, BIT(assoc_link_id), 0);
8368 link = sdata_dereference(sdata->link[assoc_link_id], sdata);
8369 if (WARN_ON(!link)) {
8374 override = link->u.mgd.conn.mode !=
8375 assoc_data->link[assoc_link_id].conn.mode ||
8376 link->u.mgd.conn.bw_limit !=
8377 assoc_data->link[assoc_link_id].conn.bw_limit;
8378 link->u.mgd.conn = assoc_data->link[assoc_link_id].conn;
8380 ieee80211_setup_assoc_link(sdata, assoc_data, req, &link->u.mgd.conn,
8383 if (WARN((sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_UAPSD) &&
8384 ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK),
8385 "U-APSD not supported with HW_PS_NULLFUNC_STACK\n"))
8386 sdata->vif.driver_flags &= ~IEEE80211_VIF_SUPPORTS_UAPSD;
8388 if (assoc_data->wmm && uapsd_supported &&
8389 (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_UAPSD)) {
8390 assoc_data->uapsd = true;
8391 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED;
8393 assoc_data->uapsd = false;
8394 ifmgd->flags &= ~IEEE80211_STA_UAPSD_ENABLED;
8397 if (req->prev_bssid)
8398 memcpy(assoc_data->prev_ap_addr, req->prev_bssid, ETH_ALEN);
8401 ifmgd->mfp = IEEE80211_MFP_REQUIRED;
8402 ifmgd->flags |= IEEE80211_STA_MFP_ENABLED;
8404 ifmgd->mfp = IEEE80211_MFP_DISABLED;
8405 ifmgd->flags &= ~IEEE80211_STA_MFP_ENABLED;
8408 if (req->flags & ASSOC_REQ_USE_RRM)
8409 ifmgd->flags |= IEEE80211_STA_ENABLE_RRM;
8411 ifmgd->flags &= ~IEEE80211_STA_ENABLE_RRM;
8413 if (req->crypto.control_port)
8414 ifmgd->flags |= IEEE80211_STA_CONTROL_PORT;
8416 ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT;
8418 sdata->control_port_protocol = req->crypto.control_port_ethertype;
8419 sdata->control_port_no_encrypt = req->crypto.control_port_no_encrypt;
8420 sdata->control_port_over_nl80211 =
8421 req->crypto.control_port_over_nl80211;
8422 sdata->control_port_no_preauth = req->crypto.control_port_no_preauth;
8424 /* kick off associate process */
8425 ifmgd->assoc_data = assoc_data;
8427 for (i = 0; i < ARRAY_SIZE(assoc_data->link); i++) {
8428 if (!assoc_data->link[i].bss)
8430 if (i == assoc_data->assoc_link_id)
8432 /* only calculate the mode, hence link == NULL */
8433 err = ieee80211_prep_channel(sdata, NULL, i,
8434 assoc_data->link[i].bss, true,
8435 &assoc_data->link[i].conn);
8437 req->links[i].error = err;
8442 memcpy(vif_cfg->ssid, assoc_data->ssid, assoc_data->ssid_len);
8443 vif_cfg->ssid_len = assoc_data->ssid_len;
8445 /* needed for transmitting the assoc frames properly */
8446 memcpy(sdata->vif.cfg.ap_addr, assoc_data->ap_addr, ETH_ALEN);
8448 err = ieee80211_prep_connection(sdata, cbss, req->link_id,
8449 req->ap_mld_addr, true,
8450 &assoc_data->link[assoc_link_id].conn,
8455 if (ieee80211_hw_check(&sdata->local->hw, NEED_DTIM_BEFORE_ASSOC)) {
8456 const struct cfg80211_bss_ies *beacon_ies;
8459 beacon_ies = rcu_dereference(req->bss->beacon_ies);
8462 * Wait up to one beacon interval ...
8463 * should this be more if we miss one?
8465 sdata_info(sdata, "waiting for beacon from %pM\n",
8467 assoc_data->timeout = TU_TO_EXP_TIME(req->bss->beacon_interval);
8468 assoc_data->timeout_started = true;
8469 assoc_data->need_beacon = true;
8474 run_again(sdata, assoc_data->timeout);
8476 /* We are associating, clean up auth_data */
8477 if (ifmgd->auth_data)
8478 ieee80211_destroy_auth_data(sdata, true);
8482 if (!ifmgd->auth_data) {
8483 eth_zero_addr(sdata->deflink.u.mgd.bssid);
8484 ieee80211_link_info_change_notify(sdata, &sdata->deflink,
8487 ifmgd->assoc_data = NULL;
8493 int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
8494 struct cfg80211_deauth_request *req)
8496 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
8497 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
8498 bool tx = !req->local_state_change;
8499 struct ieee80211_prep_tx_info info = {
8500 .subtype = IEEE80211_STYPE_DEAUTH,
8503 if (ifmgd->auth_data &&
8504 ether_addr_equal(ifmgd->auth_data->ap_addr, req->bssid)) {
8506 "aborting authentication with %pM by local choice (Reason: %u=%s)\n",
8507 req->bssid, req->reason_code,
8508 ieee80211_get_reason_code_string(req->reason_code));
8510 info.link_id = ifmgd->auth_data->link_id;
8511 drv_mgd_prepare_tx(sdata->local, sdata, &info);
8512 ieee80211_send_deauth_disassoc(sdata, req->bssid, req->bssid,
8513 IEEE80211_STYPE_DEAUTH,
8514 req->reason_code, tx,
8516 ieee80211_destroy_auth_data(sdata, false);
8517 ieee80211_report_disconnect(sdata, frame_buf,
8518 sizeof(frame_buf), true,
8519 req->reason_code, false);
8520 drv_mgd_complete_tx(sdata->local, sdata, &info);
8524 if (ifmgd->assoc_data &&
8525 ether_addr_equal(ifmgd->assoc_data->ap_addr, req->bssid)) {
8527 "aborting association with %pM by local choice (Reason: %u=%s)\n",
8528 req->bssid, req->reason_code,
8529 ieee80211_get_reason_code_string(req->reason_code));
8531 info.link_id = ifmgd->assoc_data->assoc_link_id;
8532 drv_mgd_prepare_tx(sdata->local, sdata, &info);
8533 ieee80211_send_deauth_disassoc(sdata, req->bssid, req->bssid,
8534 IEEE80211_STYPE_DEAUTH,
8535 req->reason_code, tx,
8537 ieee80211_destroy_assoc_data(sdata, ASSOC_ABANDON);
8538 ieee80211_report_disconnect(sdata, frame_buf,
8539 sizeof(frame_buf), true,
8540 req->reason_code, false);
8541 drv_mgd_complete_tx(sdata->local, sdata, &info);
8545 if (ifmgd->associated &&
8546 ether_addr_equal(sdata->vif.cfg.ap_addr, req->bssid)) {
8548 "deauthenticating from %pM by local choice (Reason: %u=%s)\n",
8549 req->bssid, req->reason_code,
8550 ieee80211_get_reason_code_string(req->reason_code));
8552 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
8553 req->reason_code, tx, frame_buf);
8554 ieee80211_report_disconnect(sdata, frame_buf,
8555 sizeof(frame_buf), true,
8556 req->reason_code, false);
8557 drv_mgd_complete_tx(sdata->local, sdata, &info);
8564 int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata,
8565 struct cfg80211_disassoc_request *req)
8567 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
8569 if (!sdata->u.mgd.associated ||
8570 memcmp(sdata->vif.cfg.ap_addr, req->ap_addr, ETH_ALEN))
8574 "disassociating from %pM by local choice (Reason: %u=%s)\n",
8575 req->ap_addr, req->reason_code,
8576 ieee80211_get_reason_code_string(req->reason_code));
8578 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DISASSOC,
8579 req->reason_code, !req->local_state_change,
8582 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true,
8583 req->reason_code, false);
8588 void ieee80211_mgd_stop_link(struct ieee80211_link_data *link)
8590 wiphy_work_cancel(link->sdata->local->hw.wiphy,
8591 &link->u.mgd.request_smps_work);
8592 wiphy_work_cancel(link->sdata->local->hw.wiphy,
8593 &link->u.mgd.recalc_smps);
8594 wiphy_delayed_work_cancel(link->sdata->local->hw.wiphy,
8595 &link->u.mgd.chswitch_work);
8598 void ieee80211_mgd_stop(struct ieee80211_sub_if_data *sdata)
8600 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
8603 * Make sure some work items will not run after this,
8604 * they will not do anything but might not have been
8605 * cancelled when disconnecting.
8607 wiphy_work_cancel(sdata->local->hw.wiphy,
8608 &ifmgd->monitor_work);
8609 wiphy_work_cancel(sdata->local->hw.wiphy,
8610 &ifmgd->beacon_connection_loss_work);
8611 wiphy_work_cancel(sdata->local->hw.wiphy,
8612 &ifmgd->csa_connection_drop_work);
8613 wiphy_delayed_work_cancel(sdata->local->hw.wiphy,
8614 &ifmgd->tdls_peer_del_work);
8615 wiphy_delayed_work_cancel(sdata->local->hw.wiphy,
8616 &ifmgd->ml_reconf_work);
8617 wiphy_delayed_work_cancel(sdata->local->hw.wiphy, &ifmgd->ttlm_work);
8618 wiphy_delayed_work_cancel(sdata->local->hw.wiphy,
8619 &ifmgd->neg_ttlm_timeout_work);
8621 if (ifmgd->assoc_data)
8622 ieee80211_destroy_assoc_data(sdata, ASSOC_TIMEOUT);
8623 if (ifmgd->auth_data)
8624 ieee80211_destroy_auth_data(sdata, false);
8625 spin_lock_bh(&ifmgd->teardown_lock);
8626 if (ifmgd->teardown_skb) {
8627 kfree_skb(ifmgd->teardown_skb);
8628 ifmgd->teardown_skb = NULL;
8629 ifmgd->orig_teardown_skb = NULL;
8631 kfree(ifmgd->assoc_req_ies);
8632 ifmgd->assoc_req_ies = NULL;
8633 ifmgd->assoc_req_ies_len = 0;
8634 spin_unlock_bh(&ifmgd->teardown_lock);
8635 del_timer_sync(&ifmgd->timer);
8638 void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif,
8639 enum nl80211_cqm_rssi_threshold_event rssi_event,
8643 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
8645 trace_api_cqm_rssi_notify(sdata, rssi_event, rssi_level);
8647 cfg80211_cqm_rssi_notify(sdata->dev, rssi_event, rssi_level, gfp);
8649 EXPORT_SYMBOL(ieee80211_cqm_rssi_notify);
8651 void ieee80211_cqm_beacon_loss_notify(struct ieee80211_vif *vif, gfp_t gfp)
8653 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
8655 trace_api_cqm_beacon_loss_notify(sdata->local, sdata);
8657 cfg80211_cqm_beacon_loss_notify(sdata->dev, gfp);
8659 EXPORT_SYMBOL(ieee80211_cqm_beacon_loss_notify);
8661 static void _ieee80211_enable_rssi_reports(struct ieee80211_sub_if_data *sdata,
8665 trace_api_enable_rssi_reports(sdata, rssi_min_thold, rssi_max_thold);
8667 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
8671 * Scale up threshold values before storing it, as the RSSI averaging
8672 * algorithm uses a scaled up value as well. Change this scaling
8673 * factor if the RSSI averaging algorithm changes.
8675 sdata->u.mgd.rssi_min_thold = rssi_min_thold*16;
8676 sdata->u.mgd.rssi_max_thold = rssi_max_thold*16;
8679 void ieee80211_enable_rssi_reports(struct ieee80211_vif *vif,
8683 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
8685 WARN_ON(rssi_min_thold == rssi_max_thold ||
8686 rssi_min_thold > rssi_max_thold);
8688 _ieee80211_enable_rssi_reports(sdata, rssi_min_thold,
8691 EXPORT_SYMBOL(ieee80211_enable_rssi_reports);
8693 void ieee80211_disable_rssi_reports(struct ieee80211_vif *vif)
8695 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
8697 _ieee80211_enable_rssi_reports(sdata, 0, 0);
8699 EXPORT_SYMBOL(ieee80211_disable_rssi_reports);
git.samba.org / sfrench / cifs-2.6.git / blob