2 * mac80211 TDLS handling code
4 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net>
5 * Copyright 2014, Intel Corporation
6 * Copyright 2014 Intel Mobile Communications GmbH
8 * This file is GPLv2 as found in COPYING.
11 #include <linux/ieee80211.h>
12 #include <linux/log2.h>
13 #include <net/cfg80211.h>
14 #include "ieee80211_i.h"
15 #include "driver-ops.h"
17 /* give usermode some time for retries in setting up the TDLS session */
18 #define TDLS_PEER_SETUP_TIMEOUT (15 * HZ)
20 void ieee80211_tdls_peer_del_work(struct work_struct
*wk
)
22 struct ieee80211_sub_if_data
*sdata
;
23 struct ieee80211_local
*local
;
25 sdata
= container_of(wk
, struct ieee80211_sub_if_data
,
26 u
.mgd
.tdls_peer_del_work
.work
);
29 mutex_lock(&local
->mtx
);
30 if (!is_zero_ether_addr(sdata
->u
.mgd
.tdls_peer
)) {
31 tdls_dbg(sdata
, "TDLS del peer %pM\n", sdata
->u
.mgd
.tdls_peer
);
32 sta_info_destroy_addr(sdata
, sdata
->u
.mgd
.tdls_peer
);
33 eth_zero_addr(sdata
->u
.mgd
.tdls_peer
);
35 mutex_unlock(&local
->mtx
);
38 static void ieee80211_tdls_add_ext_capab(struct ieee80211_sub_if_data
*sdata
,
41 struct ieee80211_local
*local
= sdata
->local
;
42 bool chan_switch
= local
->hw
.wiphy
->features
&
43 NL80211_FEATURE_TDLS_CHANNEL_SWITCH
;
44 bool wider_band
= ieee80211_hw_check(&local
->hw
, TDLS_WIDER_BW
);
45 enum ieee80211_band band
= ieee80211_get_sdata_band(sdata
);
46 struct ieee80211_supported_band
*sband
= local
->hw
.wiphy
->bands
[band
];
47 bool vht
= sband
&& sband
->vht_cap
.vht_supported
;
48 u8
*pos
= (void *)skb_put(skb
, 10);
50 *pos
++ = WLAN_EID_EXT_CAPABILITY
;
55 *pos
++ = chan_switch
? WLAN_EXT_CAPA4_TDLS_CHAN_SWITCH
: 0;
56 *pos
++ = WLAN_EXT_CAPA5_TDLS_ENABLED
;
59 *pos
++ = (vht
&& wider_band
) ? WLAN_EXT_CAPA8_TDLS_WIDE_BW_ENABLED
: 0;
63 ieee80211_tdls_add_subband(struct ieee80211_sub_if_data
*sdata
,
64 struct sk_buff
*skb
, u16 start
, u16 end
,
67 u8 subband_cnt
= 0, ch_cnt
= 0;
68 struct ieee80211_channel
*ch
;
69 struct cfg80211_chan_def chandef
;
72 for (i
= start
; i
<= end
; i
+= spacing
) {
76 ch
= ieee80211_get_channel(sdata
->local
->hw
.wiphy
, i
);
78 /* we will be active on the channel */
79 cfg80211_chandef_create(&chandef
, ch
,
81 if (cfg80211_reg_can_beacon(sdata
->local
->hw
.wiphy
,
83 sdata
->wdev
.iftype
)) {
86 * check if the next channel is also part of
94 * we've reached the end of a range, with allowed channels
98 u8
*pos
= skb_put(skb
, 2);
99 *pos
++ = ieee80211_frequency_to_channel(subband_start
);
107 /* all channels in the requested range are allowed - add them here */
109 u8
*pos
= skb_put(skb
, 2);
110 *pos
++ = ieee80211_frequency_to_channel(subband_start
);
120 ieee80211_tdls_add_supp_channels(struct ieee80211_sub_if_data
*sdata
,
124 * Add possible channels for TDLS. These are channels that are allowed
128 u8
*pos
= skb_put(skb
, 2);
130 *pos
++ = WLAN_EID_SUPPORTED_CHANNELS
;
133 * 5GHz and 2GHz channels numbers can overlap. Ignore this for now, as
134 * this doesn't happen in real world scenarios.
137 /* 2GHz, with 5MHz spacing */
138 subband_cnt
= ieee80211_tdls_add_subband(sdata
, skb
, 2412, 2472, 5);
140 /* 5GHz, with 20MHz spacing */
141 subband_cnt
+= ieee80211_tdls_add_subband(sdata
, skb
, 5000, 5825, 20);
144 *pos
= 2 * subband_cnt
;
147 static void ieee80211_tdls_add_oper_classes(struct ieee80211_sub_if_data
*sdata
,
153 if (!ieee80211_chandef_to_operating_class(&sdata
->vif
.bss_conf
.chandef
,
157 pos
= skb_put(skb
, 4);
158 *pos
++ = WLAN_EID_SUPPORTED_REGULATORY_CLASSES
;
159 *pos
++ = 2; /* len */
162 *pos
++ = op_class
; /* give current operating class as alternate too */
165 static void ieee80211_tdls_add_bss_coex_ie(struct sk_buff
*skb
)
167 u8
*pos
= (void *)skb_put(skb
, 3);
169 *pos
++ = WLAN_EID_BSS_COEX_2040
;
170 *pos
++ = 1; /* len */
172 *pos
++ = WLAN_BSS_COEX_INFORMATION_REQUEST
;
175 static u16
ieee80211_get_tdls_sta_capab(struct ieee80211_sub_if_data
*sdata
,
178 /* The capability will be 0 when sending a failure code */
179 if (status_code
!= 0)
182 if (ieee80211_get_sdata_band(sdata
) == IEEE80211_BAND_2GHZ
) {
183 return WLAN_CAPABILITY_SHORT_SLOT_TIME
|
184 WLAN_CAPABILITY_SHORT_PREAMBLE
;
190 static void ieee80211_tdls_add_link_ie(struct ieee80211_sub_if_data
*sdata
,
191 struct sk_buff
*skb
, const u8
*peer
,
194 struct ieee80211_tdls_lnkie
*lnkid
;
195 const u8
*init_addr
, *rsp_addr
;
198 init_addr
= sdata
->vif
.addr
;
202 rsp_addr
= sdata
->vif
.addr
;
205 lnkid
= (void *)skb_put(skb
, sizeof(struct ieee80211_tdls_lnkie
));
207 lnkid
->ie_type
= WLAN_EID_LINK_ID
;
208 lnkid
->ie_len
= sizeof(struct ieee80211_tdls_lnkie
) - 2;
210 memcpy(lnkid
->bssid
, sdata
->u
.mgd
.bssid
, ETH_ALEN
);
211 memcpy(lnkid
->init_sta
, init_addr
, ETH_ALEN
);
212 memcpy(lnkid
->resp_sta
, rsp_addr
, ETH_ALEN
);
216 ieee80211_tdls_add_aid(struct ieee80211_sub_if_data
*sdata
, struct sk_buff
*skb
)
218 struct ieee80211_if_managed
*ifmgd
= &sdata
->u
.mgd
;
219 u8
*pos
= (void *)skb_put(skb
, 4);
221 *pos
++ = WLAN_EID_AID
;
222 *pos
++ = 2; /* len */
223 put_unaligned_le16(ifmgd
->aid
, pos
);
226 /* translate numbering in the WMM parameter IE to the mac80211 notation */
227 static enum ieee80211_ac_numbers
ieee80211_ac_from_wmm(int ac
)
233 return IEEE80211_AC_BE
;
235 return IEEE80211_AC_BK
;
237 return IEEE80211_AC_VI
;
239 return IEEE80211_AC_VO
;
243 static u8
ieee80211_wmm_aci_aifsn(int aifsn
, bool acm
, int aci
)
250 ret
|= (aci
<< 5) & 0x60;
254 static u8
ieee80211_wmm_ecw(u16 cw_min
, u16 cw_max
)
256 return ((ilog2(cw_min
+ 1) << 0x0) & 0x0f) |
257 ((ilog2(cw_max
+ 1) << 0x4) & 0xf0);
260 static void ieee80211_tdls_add_wmm_param_ie(struct ieee80211_sub_if_data
*sdata
,
263 struct ieee80211_wmm_param_ie
*wmm
;
264 struct ieee80211_tx_queue_params
*txq
;
267 wmm
= (void *)skb_put(skb
, sizeof(*wmm
));
268 memset(wmm
, 0, sizeof(*wmm
));
270 wmm
->element_id
= WLAN_EID_VENDOR_SPECIFIC
;
271 wmm
->len
= sizeof(*wmm
) - 2;
273 wmm
->oui
[0] = 0x00; /* Microsoft OUI 00:50:F2 */
276 wmm
->oui_type
= 2; /* WME */
277 wmm
->oui_subtype
= 1; /* WME param */
278 wmm
->version
= 1; /* WME ver */
279 wmm
->qos_info
= 0; /* U-APSD not in use */
282 * Use the EDCA parameters defined for the BSS, or default if the AP
283 * doesn't support it, as mandated by 802.11-2012 section 10.22.4
285 for (i
= 0; i
< IEEE80211_NUM_ACS
; i
++) {
286 txq
= &sdata
->tx_conf
[ieee80211_ac_from_wmm(i
)];
287 wmm
->ac
[i
].aci_aifsn
= ieee80211_wmm_aci_aifsn(txq
->aifs
,
289 wmm
->ac
[i
].cw
= ieee80211_wmm_ecw(txq
->cw_min
, txq
->cw_max
);
290 wmm
->ac
[i
].txop_limit
= cpu_to_le16(txq
->txop
);
295 ieee80211_tdls_add_setup_start_ies(struct ieee80211_sub_if_data
*sdata
,
296 struct sk_buff
*skb
, const u8
*peer
,
297 u8 action_code
, bool initiator
,
298 const u8
*extra_ies
, size_t extra_ies_len
)
300 enum ieee80211_band band
= ieee80211_get_sdata_band(sdata
);
301 struct ieee80211_local
*local
= sdata
->local
;
302 struct ieee80211_supported_band
*sband
;
303 struct ieee80211_sta_ht_cap ht_cap
;
304 struct ieee80211_sta_vht_cap vht_cap
;
305 struct sta_info
*sta
= NULL
;
306 size_t offset
= 0, noffset
;
309 ieee80211_add_srates_ie(sdata
, skb
, false, band
);
310 ieee80211_add_ext_srates_ie(sdata
, skb
, false, band
);
311 ieee80211_tdls_add_supp_channels(sdata
, skb
);
313 /* add any custom IEs that go before Extended Capabilities */
315 static const u8 before_ext_cap
[] = {
318 WLAN_EID_EXT_SUPP_RATES
,
319 WLAN_EID_SUPPORTED_CHANNELS
,
322 noffset
= ieee80211_ie_split(extra_ies
, extra_ies_len
,
324 ARRAY_SIZE(before_ext_cap
),
326 pos
= skb_put(skb
, noffset
- offset
);
327 memcpy(pos
, extra_ies
+ offset
, noffset
- offset
);
331 ieee80211_tdls_add_ext_capab(sdata
, skb
);
333 /* add the QoS element if we support it */
334 if (local
->hw
.queues
>= IEEE80211_NUM_ACS
&&
335 action_code
!= WLAN_PUB_ACTION_TDLS_DISCOVER_RES
)
336 ieee80211_add_wmm_info_ie(skb_put(skb
, 9), 0); /* no U-APSD */
338 /* add any custom IEs that go before HT capabilities */
340 static const u8 before_ht_cap
[] = {
343 WLAN_EID_EXT_SUPP_RATES
,
344 WLAN_EID_SUPPORTED_CHANNELS
,
346 WLAN_EID_EXT_CAPABILITY
,
348 WLAN_EID_FAST_BSS_TRANSITION
,
349 WLAN_EID_TIMEOUT_INTERVAL
,
350 WLAN_EID_SUPPORTED_REGULATORY_CLASSES
,
352 noffset
= ieee80211_ie_split(extra_ies
, extra_ies_len
,
354 ARRAY_SIZE(before_ht_cap
),
356 pos
= skb_put(skb
, noffset
- offset
);
357 memcpy(pos
, extra_ies
+ offset
, noffset
- offset
);
363 /* we should have the peer STA if we're already responding */
364 if (action_code
== WLAN_TDLS_SETUP_RESPONSE
) {
365 sta
= sta_info_get(sdata
, peer
);
366 if (WARN_ON_ONCE(!sta
)) {
372 ieee80211_tdls_add_oper_classes(sdata
, skb
);
375 * with TDLS we can switch channels, and HT-caps are not necessarily
376 * the same on all bands. The specification limits the setup to a
377 * single HT-cap, so use the current band for now.
379 sband
= local
->hw
.wiphy
->bands
[band
];
380 memcpy(&ht_cap
, &sband
->ht_cap
, sizeof(ht_cap
));
382 if ((action_code
== WLAN_TDLS_SETUP_REQUEST
||
383 action_code
== WLAN_PUB_ACTION_TDLS_DISCOVER_RES
) &&
384 ht_cap
.ht_supported
) {
385 ieee80211_apply_htcap_overrides(sdata
, &ht_cap
);
387 /* disable SMPS in TDLS initiator */
388 ht_cap
.cap
|= WLAN_HT_CAP_SM_PS_DISABLED
389 << IEEE80211_HT_CAP_SM_PS_SHIFT
;
391 pos
= skb_put(skb
, sizeof(struct ieee80211_ht_cap
) + 2);
392 ieee80211_ie_build_ht_cap(pos
, &ht_cap
, ht_cap
.cap
);
393 } else if (action_code
== WLAN_TDLS_SETUP_RESPONSE
&&
394 ht_cap
.ht_supported
&& sta
->sta
.ht_cap
.ht_supported
) {
395 /* disable SMPS in TDLS responder */
396 sta
->sta
.ht_cap
.cap
|= WLAN_HT_CAP_SM_PS_DISABLED
397 << IEEE80211_HT_CAP_SM_PS_SHIFT
;
399 /* the peer caps are already intersected with our own */
400 memcpy(&ht_cap
, &sta
->sta
.ht_cap
, sizeof(ht_cap
));
402 pos
= skb_put(skb
, sizeof(struct ieee80211_ht_cap
) + 2);
403 ieee80211_ie_build_ht_cap(pos
, &ht_cap
, ht_cap
.cap
);
406 if (ht_cap
.ht_supported
&&
407 (ht_cap
.cap
& IEEE80211_HT_CAP_SUP_WIDTH_20_40
))
408 ieee80211_tdls_add_bss_coex_ie(skb
);
410 ieee80211_tdls_add_link_ie(sdata
, skb
, peer
, initiator
);
412 /* add any custom IEs that go before VHT capabilities */
414 static const u8 before_vht_cap
[] = {
417 WLAN_EID_EXT_SUPP_RATES
,
418 WLAN_EID_SUPPORTED_CHANNELS
,
420 WLAN_EID_EXT_CAPABILITY
,
422 WLAN_EID_FAST_BSS_TRANSITION
,
423 WLAN_EID_TIMEOUT_INTERVAL
,
424 WLAN_EID_SUPPORTED_REGULATORY_CLASSES
,
427 noffset
= ieee80211_ie_split(extra_ies
, extra_ies_len
,
429 ARRAY_SIZE(before_vht_cap
),
431 pos
= skb_put(skb
, noffset
- offset
);
432 memcpy(pos
, extra_ies
+ offset
, noffset
- offset
);
436 /* build the VHT-cap similarly to the HT-cap */
437 memcpy(&vht_cap
, &sband
->vht_cap
, sizeof(vht_cap
));
438 if ((action_code
== WLAN_TDLS_SETUP_REQUEST
||
439 action_code
== WLAN_PUB_ACTION_TDLS_DISCOVER_RES
) &&
440 vht_cap
.vht_supported
) {
441 ieee80211_apply_vhtcap_overrides(sdata
, &vht_cap
);
443 /* the AID is present only when VHT is implemented */
444 if (action_code
== WLAN_TDLS_SETUP_REQUEST
)
445 ieee80211_tdls_add_aid(sdata
, skb
);
447 pos
= skb_put(skb
, sizeof(struct ieee80211_vht_cap
) + 2);
448 ieee80211_ie_build_vht_cap(pos
, &vht_cap
, vht_cap
.cap
);
449 } else if (action_code
== WLAN_TDLS_SETUP_RESPONSE
&&
450 vht_cap
.vht_supported
&& sta
->sta
.vht_cap
.vht_supported
) {
451 /* the peer caps are already intersected with our own */
452 memcpy(&vht_cap
, &sta
->sta
.vht_cap
, sizeof(vht_cap
));
454 /* the AID is present only when VHT is implemented */
455 ieee80211_tdls_add_aid(sdata
, skb
);
457 pos
= skb_put(skb
, sizeof(struct ieee80211_vht_cap
) + 2);
458 ieee80211_ie_build_vht_cap(pos
, &vht_cap
, vht_cap
.cap
);
463 /* add any remaining IEs */
465 noffset
= extra_ies_len
;
466 pos
= skb_put(skb
, noffset
- offset
);
467 memcpy(pos
, extra_ies
+ offset
, noffset
- offset
);
473 ieee80211_tdls_add_setup_cfm_ies(struct ieee80211_sub_if_data
*sdata
,
474 struct sk_buff
*skb
, const u8
*peer
,
475 bool initiator
, const u8
*extra_ies
,
476 size_t extra_ies_len
)
478 struct ieee80211_local
*local
= sdata
->local
;
479 struct ieee80211_if_managed
*ifmgd
= &sdata
->u
.mgd
;
480 size_t offset
= 0, noffset
;
481 struct sta_info
*sta
, *ap_sta
;
482 enum ieee80211_band band
= ieee80211_get_sdata_band(sdata
);
487 sta
= sta_info_get(sdata
, peer
);
488 ap_sta
= sta_info_get(sdata
, ifmgd
->bssid
);
489 if (WARN_ON_ONCE(!sta
|| !ap_sta
)) {
494 /* add any custom IEs that go before the QoS IE */
496 static const u8 before_qos
[] = {
499 noffset
= ieee80211_ie_split(extra_ies
, extra_ies_len
,
501 ARRAY_SIZE(before_qos
),
503 pos
= skb_put(skb
, noffset
- offset
);
504 memcpy(pos
, extra_ies
+ offset
, noffset
- offset
);
508 /* add the QoS param IE if both the peer and we support it */
509 if (local
->hw
.queues
>= IEEE80211_NUM_ACS
&& sta
->sta
.wme
)
510 ieee80211_tdls_add_wmm_param_ie(sdata
, skb
);
512 /* add any custom IEs that go before HT operation */
514 static const u8 before_ht_op
[] = {
517 WLAN_EID_FAST_BSS_TRANSITION
,
518 WLAN_EID_TIMEOUT_INTERVAL
,
520 noffset
= ieee80211_ie_split(extra_ies
, extra_ies_len
,
522 ARRAY_SIZE(before_ht_op
),
524 pos
= skb_put(skb
, noffset
- offset
);
525 memcpy(pos
, extra_ies
+ offset
, noffset
- offset
);
529 /* if HT support is only added in TDLS, we need an HT-operation IE */
530 if (!ap_sta
->sta
.ht_cap
.ht_supported
&& sta
->sta
.ht_cap
.ht_supported
) {
531 pos
= skb_put(skb
, 2 + sizeof(struct ieee80211_ht_operation
));
532 /* send an empty HT operation IE */
533 ieee80211_ie_build_ht_oper(pos
, &sta
->sta
.ht_cap
,
534 &sdata
->vif
.bss_conf
.chandef
, 0);
537 ieee80211_tdls_add_link_ie(sdata
, skb
, peer
, initiator
);
539 /* only include VHT-operation if not on the 2.4GHz band */
540 if (band
!= IEEE80211_BAND_2GHZ
&& sta
->sta
.vht_cap
.vht_supported
) {
541 pos
= skb_put(skb
, 2 + sizeof(struct ieee80211_vht_operation
));
542 ieee80211_ie_build_vht_oper(pos
, &sta
->sta
.vht_cap
,
543 &sdata
->vif
.bss_conf
.chandef
);
548 /* add any remaining IEs */
550 noffset
= extra_ies_len
;
551 pos
= skb_put(skb
, noffset
- offset
);
552 memcpy(pos
, extra_ies
+ offset
, noffset
- offset
);
557 ieee80211_tdls_add_chan_switch_req_ies(struct ieee80211_sub_if_data
*sdata
,
558 struct sk_buff
*skb
, const u8
*peer
,
559 bool initiator
, const u8
*extra_ies
,
560 size_t extra_ies_len
, u8 oper_class
,
561 struct cfg80211_chan_def
*chandef
)
563 struct ieee80211_tdls_data
*tf
;
564 size_t offset
= 0, noffset
;
567 if (WARN_ON_ONCE(!chandef
))
570 tf
= (void *)skb
->data
;
571 tf
->u
.chan_switch_req
.target_channel
=
572 ieee80211_frequency_to_channel(chandef
->chan
->center_freq
);
573 tf
->u
.chan_switch_req
.oper_class
= oper_class
;
576 static const u8 before_lnkie
[] = {
577 WLAN_EID_SECONDARY_CHANNEL_OFFSET
,
579 noffset
= ieee80211_ie_split(extra_ies
, extra_ies_len
,
581 ARRAY_SIZE(before_lnkie
),
583 pos
= skb_put(skb
, noffset
- offset
);
584 memcpy(pos
, extra_ies
+ offset
, noffset
- offset
);
588 ieee80211_tdls_add_link_ie(sdata
, skb
, peer
, initiator
);
590 /* add any remaining IEs */
592 noffset
= extra_ies_len
;
593 pos
= skb_put(skb
, noffset
- offset
);
594 memcpy(pos
, extra_ies
+ offset
, noffset
- offset
);
599 ieee80211_tdls_add_chan_switch_resp_ies(struct ieee80211_sub_if_data
*sdata
,
600 struct sk_buff
*skb
, const u8
*peer
,
601 u16 status_code
, bool initiator
,
603 size_t extra_ies_len
)
605 if (status_code
== 0)
606 ieee80211_tdls_add_link_ie(sdata
, skb
, peer
, initiator
);
609 memcpy(skb_put(skb
, extra_ies_len
), extra_ies
, extra_ies_len
);
612 static void ieee80211_tdls_add_ies(struct ieee80211_sub_if_data
*sdata
,
613 struct sk_buff
*skb
, const u8
*peer
,
614 u8 action_code
, u16 status_code
,
615 bool initiator
, const u8
*extra_ies
,
616 size_t extra_ies_len
, u8 oper_class
,
617 struct cfg80211_chan_def
*chandef
)
619 switch (action_code
) {
620 case WLAN_TDLS_SETUP_REQUEST
:
621 case WLAN_TDLS_SETUP_RESPONSE
:
622 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES
:
623 if (status_code
== 0)
624 ieee80211_tdls_add_setup_start_ies(sdata
, skb
, peer
,
630 case WLAN_TDLS_SETUP_CONFIRM
:
631 if (status_code
== 0)
632 ieee80211_tdls_add_setup_cfm_ies(sdata
, skb
, peer
,
633 initiator
, extra_ies
,
636 case WLAN_TDLS_TEARDOWN
:
637 case WLAN_TDLS_DISCOVERY_REQUEST
:
639 memcpy(skb_put(skb
, extra_ies_len
), extra_ies
,
641 if (status_code
== 0 || action_code
== WLAN_TDLS_TEARDOWN
)
642 ieee80211_tdls_add_link_ie(sdata
, skb
, peer
, initiator
);
644 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST
:
645 ieee80211_tdls_add_chan_switch_req_ies(sdata
, skb
, peer
,
646 initiator
, extra_ies
,
648 oper_class
, chandef
);
650 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE
:
651 ieee80211_tdls_add_chan_switch_resp_ies(sdata
, skb
, peer
,
653 initiator
, extra_ies
,
661 ieee80211_prep_tdls_encap_data(struct wiphy
*wiphy
, struct net_device
*dev
,
662 const u8
*peer
, u8 action_code
, u8 dialog_token
,
663 u16 status_code
, struct sk_buff
*skb
)
665 struct ieee80211_sub_if_data
*sdata
= IEEE80211_DEV_TO_SUB_IF(dev
);
666 struct ieee80211_tdls_data
*tf
;
668 tf
= (void *)skb_put(skb
, offsetof(struct ieee80211_tdls_data
, u
));
670 memcpy(tf
->da
, peer
, ETH_ALEN
);
671 memcpy(tf
->sa
, sdata
->vif
.addr
, ETH_ALEN
);
672 tf
->ether_type
= cpu_to_be16(ETH_P_TDLS
);
673 tf
->payload_type
= WLAN_TDLS_SNAP_RFTYPE
;
675 /* network header is after the ethernet header */
676 skb_set_network_header(skb
, ETH_HLEN
);
678 switch (action_code
) {
679 case WLAN_TDLS_SETUP_REQUEST
:
680 tf
->category
= WLAN_CATEGORY_TDLS
;
681 tf
->action_code
= WLAN_TDLS_SETUP_REQUEST
;
683 skb_put(skb
, sizeof(tf
->u
.setup_req
));
684 tf
->u
.setup_req
.dialog_token
= dialog_token
;
685 tf
->u
.setup_req
.capability
=
686 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata
,
689 case WLAN_TDLS_SETUP_RESPONSE
:
690 tf
->category
= WLAN_CATEGORY_TDLS
;
691 tf
->action_code
= WLAN_TDLS_SETUP_RESPONSE
;
693 skb_put(skb
, sizeof(tf
->u
.setup_resp
));
694 tf
->u
.setup_resp
.status_code
= cpu_to_le16(status_code
);
695 tf
->u
.setup_resp
.dialog_token
= dialog_token
;
696 tf
->u
.setup_resp
.capability
=
697 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata
,
700 case WLAN_TDLS_SETUP_CONFIRM
:
701 tf
->category
= WLAN_CATEGORY_TDLS
;
702 tf
->action_code
= WLAN_TDLS_SETUP_CONFIRM
;
704 skb_put(skb
, sizeof(tf
->u
.setup_cfm
));
705 tf
->u
.setup_cfm
.status_code
= cpu_to_le16(status_code
);
706 tf
->u
.setup_cfm
.dialog_token
= dialog_token
;
708 case WLAN_TDLS_TEARDOWN
:
709 tf
->category
= WLAN_CATEGORY_TDLS
;
710 tf
->action_code
= WLAN_TDLS_TEARDOWN
;
712 skb_put(skb
, sizeof(tf
->u
.teardown
));
713 tf
->u
.teardown
.reason_code
= cpu_to_le16(status_code
);
715 case WLAN_TDLS_DISCOVERY_REQUEST
:
716 tf
->category
= WLAN_CATEGORY_TDLS
;
717 tf
->action_code
= WLAN_TDLS_DISCOVERY_REQUEST
;
719 skb_put(skb
, sizeof(tf
->u
.discover_req
));
720 tf
->u
.discover_req
.dialog_token
= dialog_token
;
722 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST
:
723 tf
->category
= WLAN_CATEGORY_TDLS
;
724 tf
->action_code
= WLAN_TDLS_CHANNEL_SWITCH_REQUEST
;
726 skb_put(skb
, sizeof(tf
->u
.chan_switch_req
));
728 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE
:
729 tf
->category
= WLAN_CATEGORY_TDLS
;
730 tf
->action_code
= WLAN_TDLS_CHANNEL_SWITCH_RESPONSE
;
732 skb_put(skb
, sizeof(tf
->u
.chan_switch_resp
));
733 tf
->u
.chan_switch_resp
.status_code
= cpu_to_le16(status_code
);
743 ieee80211_prep_tdls_direct(struct wiphy
*wiphy
, struct net_device
*dev
,
744 const u8
*peer
, u8 action_code
, u8 dialog_token
,
745 u16 status_code
, struct sk_buff
*skb
)
747 struct ieee80211_sub_if_data
*sdata
= IEEE80211_DEV_TO_SUB_IF(dev
);
748 struct ieee80211_mgmt
*mgmt
;
750 mgmt
= (void *)skb_put(skb
, 24);
752 memcpy(mgmt
->da
, peer
, ETH_ALEN
);
753 memcpy(mgmt
->sa
, sdata
->vif
.addr
, ETH_ALEN
);
754 memcpy(mgmt
->bssid
, sdata
->u
.mgd
.bssid
, ETH_ALEN
);
756 mgmt
->frame_control
= cpu_to_le16(IEEE80211_FTYPE_MGMT
|
757 IEEE80211_STYPE_ACTION
);
759 switch (action_code
) {
760 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES
:
761 skb_put(skb
, 1 + sizeof(mgmt
->u
.action
.u
.tdls_discover_resp
));
762 mgmt
->u
.action
.category
= WLAN_CATEGORY_PUBLIC
;
763 mgmt
->u
.action
.u
.tdls_discover_resp
.action_code
=
764 WLAN_PUB_ACTION_TDLS_DISCOVER_RES
;
765 mgmt
->u
.action
.u
.tdls_discover_resp
.dialog_token
=
767 mgmt
->u
.action
.u
.tdls_discover_resp
.capability
=
768 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata
,
778 static struct sk_buff
*
779 ieee80211_tdls_build_mgmt_packet_data(struct ieee80211_sub_if_data
*sdata
,
780 const u8
*peer
, u8 action_code
,
781 u8 dialog_token
, u16 status_code
,
782 bool initiator
, const u8
*extra_ies
,
783 size_t extra_ies_len
, u8 oper_class
,
784 struct cfg80211_chan_def
*chandef
)
786 struct ieee80211_local
*local
= sdata
->local
;
790 skb
= netdev_alloc_skb(sdata
->dev
,
791 local
->hw
.extra_tx_headroom
+
792 max(sizeof(struct ieee80211_mgmt
),
793 sizeof(struct ieee80211_tdls_data
)) +
794 50 + /* supported rates */
796 26 + /* max(WMM-info, WMM-param) */
797 2 + max(sizeof(struct ieee80211_ht_cap
),
798 sizeof(struct ieee80211_ht_operation
)) +
799 2 + max(sizeof(struct ieee80211_vht_cap
),
800 sizeof(struct ieee80211_vht_operation
)) +
801 50 + /* supported channels */
802 3 + /* 40/20 BSS coex */
804 4 + /* oper classes */
806 sizeof(struct ieee80211_tdls_lnkie
));
810 skb_reserve(skb
, local
->hw
.extra_tx_headroom
);
812 switch (action_code
) {
813 case WLAN_TDLS_SETUP_REQUEST
:
814 case WLAN_TDLS_SETUP_RESPONSE
:
815 case WLAN_TDLS_SETUP_CONFIRM
:
816 case WLAN_TDLS_TEARDOWN
:
817 case WLAN_TDLS_DISCOVERY_REQUEST
:
818 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST
:
819 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE
:
820 ret
= ieee80211_prep_tdls_encap_data(local
->hw
.wiphy
,
822 action_code
, dialog_token
,
825 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES
:
826 ret
= ieee80211_prep_tdls_direct(local
->hw
.wiphy
, sdata
->dev
,
828 dialog_token
, status_code
,
839 ieee80211_tdls_add_ies(sdata
, skb
, peer
, action_code
, status_code
,
840 initiator
, extra_ies
, extra_ies_len
, oper_class
,
850 ieee80211_tdls_prep_mgmt_packet(struct wiphy
*wiphy
, struct net_device
*dev
,
851 const u8
*peer
, u8 action_code
, u8 dialog_token
,
852 u16 status_code
, u32 peer_capability
,
853 bool initiator
, const u8
*extra_ies
,
854 size_t extra_ies_len
, u8 oper_class
,
855 struct cfg80211_chan_def
*chandef
)
857 struct ieee80211_sub_if_data
*sdata
= IEEE80211_DEV_TO_SUB_IF(dev
);
858 struct sk_buff
*skb
= NULL
;
859 struct sta_info
*sta
;
864 sta
= sta_info_get(sdata
, peer
);
866 /* infer the initiator if we can, to support old userspace */
867 switch (action_code
) {
868 case WLAN_TDLS_SETUP_REQUEST
:
870 set_sta_flag(sta
, WLAN_STA_TDLS_INITIATOR
);
871 sta
->sta
.tdls_initiator
= false;
874 case WLAN_TDLS_SETUP_CONFIRM
:
875 case WLAN_TDLS_DISCOVERY_REQUEST
:
878 case WLAN_TDLS_SETUP_RESPONSE
:
880 * In some testing scenarios, we send a request and response.
881 * Make the last packet sent take effect for the initiator
885 clear_sta_flag(sta
, WLAN_STA_TDLS_INITIATOR
);
886 sta
->sta
.tdls_initiator
= true;
889 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES
:
892 case WLAN_TDLS_TEARDOWN
:
893 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST
:
894 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE
:
895 /* any value is ok */
902 if (sta
&& test_sta_flag(sta
, WLAN_STA_TDLS_INITIATOR
))
909 skb
= ieee80211_tdls_build_mgmt_packet_data(sdata
, peer
, action_code
,
910 dialog_token
, status_code
,
911 initiator
, extra_ies
,
912 extra_ies_len
, oper_class
,
919 if (action_code
== WLAN_PUB_ACTION_TDLS_DISCOVER_RES
) {
920 ieee80211_tx_skb(sdata
, skb
);
925 * According to 802.11z: Setup req/resp are sent in AC_BK, otherwise
926 * we should default to AC_VI.
928 switch (action_code
) {
929 case WLAN_TDLS_SETUP_REQUEST
:
930 case WLAN_TDLS_SETUP_RESPONSE
:
931 skb_set_queue_mapping(skb
, IEEE80211_AC_BK
);
935 skb_set_queue_mapping(skb
, IEEE80211_AC_VI
);
941 * Set the WLAN_TDLS_TEARDOWN flag to indicate a teardown in progress.
942 * Later, if no ACK is returned from peer, we will re-send the teardown
943 * packet through the AP.
945 if ((action_code
== WLAN_TDLS_TEARDOWN
) &&
946 ieee80211_hw_check(&sdata
->local
->hw
, REPORTS_TX_ACK_STATUS
)) {
947 bool try_resend
; /* Should we keep skb for possible resend */
949 /* If not sending directly to peer - no point in keeping skb */
951 sta
= sta_info_get(sdata
, peer
);
952 try_resend
= sta
&& test_sta_flag(sta
, WLAN_STA_TDLS_PEER_AUTH
);
955 spin_lock_bh(&sdata
->u
.mgd
.teardown_lock
);
956 if (try_resend
&& !sdata
->u
.mgd
.teardown_skb
) {
957 /* Mark it as requiring TX status callback */
958 flags
|= IEEE80211_TX_CTL_REQ_TX_STATUS
|
959 IEEE80211_TX_INTFL_MLME_CONN_TX
;
962 * skb is copied since mac80211 will later set
963 * properties that might not be the same as the AP,
964 * such as encryption, QoS, addresses, etc.
966 * No problem if skb_copy() fails, so no need to check.
968 sdata
->u
.mgd
.teardown_skb
= skb_copy(skb
, GFP_ATOMIC
);
969 sdata
->u
.mgd
.orig_teardown_skb
= skb
;
971 spin_unlock_bh(&sdata
->u
.mgd
.teardown_lock
);
974 /* disable bottom halves when entering the Tx path */
976 __ieee80211_subif_start_xmit(skb
, dev
, flags
);
987 ieee80211_tdls_mgmt_setup(struct wiphy
*wiphy
, struct net_device
*dev
,
988 const u8
*peer
, u8 action_code
, u8 dialog_token
,
989 u16 status_code
, u32 peer_capability
, bool initiator
,
990 const u8
*extra_ies
, size_t extra_ies_len
)
992 struct ieee80211_sub_if_data
*sdata
= IEEE80211_DEV_TO_SUB_IF(dev
);
993 struct ieee80211_local
*local
= sdata
->local
;
996 mutex_lock(&local
->mtx
);
998 /* we don't support concurrent TDLS peer setups */
999 if (!is_zero_ether_addr(sdata
->u
.mgd
.tdls_peer
) &&
1000 !ether_addr_equal(sdata
->u
.mgd
.tdls_peer
, peer
)) {
1006 * make sure we have a STA representing the peer so we drop or buffer
1007 * non-TDLS-setup frames to the peer. We can't send other packets
1008 * during setup through the AP path.
1009 * Allow error packets to be sent - sometimes we don't even add a STA
1010 * before failing the setup.
1012 if (status_code
== 0) {
1014 if (!sta_info_get(sdata
, peer
)) {
1022 ieee80211_flush_queues(local
, sdata
, false);
1023 memcpy(sdata
->u
.mgd
.tdls_peer
, peer
, ETH_ALEN
);
1024 mutex_unlock(&local
->mtx
);
1026 /* we cannot take the mutex while preparing the setup packet */
1027 ret
= ieee80211_tdls_prep_mgmt_packet(wiphy
, dev
, peer
, action_code
,
1028 dialog_token
, status_code
,
1029 peer_capability
, initiator
,
1030 extra_ies
, extra_ies_len
, 0,
1033 mutex_lock(&local
->mtx
);
1034 eth_zero_addr(sdata
->u
.mgd
.tdls_peer
);
1035 mutex_unlock(&local
->mtx
);
1039 ieee80211_queue_delayed_work(&sdata
->local
->hw
,
1040 &sdata
->u
.mgd
.tdls_peer_del_work
,
1041 TDLS_PEER_SETUP_TIMEOUT
);
1045 mutex_unlock(&local
->mtx
);
1050 ieee80211_tdls_mgmt_teardown(struct wiphy
*wiphy
, struct net_device
*dev
,
1051 const u8
*peer
, u8 action_code
, u8 dialog_token
,
1052 u16 status_code
, u32 peer_capability
,
1053 bool initiator
, const u8
*extra_ies
,
1054 size_t extra_ies_len
)
1056 struct ieee80211_sub_if_data
*sdata
= IEEE80211_DEV_TO_SUB_IF(dev
);
1057 struct ieee80211_local
*local
= sdata
->local
;
1058 struct sta_info
*sta
;
1062 * No packets can be transmitted to the peer via the AP during setup -
1063 * the STA is set as a TDLS peer, but is not authorized.
1064 * During teardown, we prevent direct transmissions by stopping the
1065 * queues and flushing all direct packets.
1067 ieee80211_stop_vif_queues(local
, sdata
,
1068 IEEE80211_QUEUE_STOP_REASON_TDLS_TEARDOWN
);
1069 ieee80211_flush_queues(local
, sdata
, false);
1071 ret
= ieee80211_tdls_prep_mgmt_packet(wiphy
, dev
, peer
, action_code
,
1072 dialog_token
, status_code
,
1073 peer_capability
, initiator
,
1074 extra_ies
, extra_ies_len
, 0,
1077 sdata_err(sdata
, "Failed sending TDLS teardown packet %d\n",
1081 * Remove the STA AUTH flag to force further traffic through the AP. If
1082 * the STA was unreachable, it was already removed.
1085 sta
= sta_info_get(sdata
, peer
);
1087 clear_sta_flag(sta
, WLAN_STA_TDLS_PEER_AUTH
);
1090 ieee80211_wake_vif_queues(local
, sdata
,
1091 IEEE80211_QUEUE_STOP_REASON_TDLS_TEARDOWN
);
1096 int ieee80211_tdls_mgmt(struct wiphy
*wiphy
, struct net_device
*dev
,
1097 const u8
*peer
, u8 action_code
, u8 dialog_token
,
1098 u16 status_code
, u32 peer_capability
,
1099 bool initiator
, const u8
*extra_ies
,
1100 size_t extra_ies_len
)
1102 struct ieee80211_sub_if_data
*sdata
= IEEE80211_DEV_TO_SUB_IF(dev
);
1105 if (!(wiphy
->flags
& WIPHY_FLAG_SUPPORTS_TDLS
))
1108 /* make sure we are in managed mode, and associated */
1109 if (sdata
->vif
.type
!= NL80211_IFTYPE_STATION
||
1110 !sdata
->u
.mgd
.associated
)
1113 switch (action_code
) {
1114 case WLAN_TDLS_SETUP_REQUEST
:
1115 case WLAN_TDLS_SETUP_RESPONSE
:
1116 ret
= ieee80211_tdls_mgmt_setup(wiphy
, dev
, peer
, action_code
,
1117 dialog_token
, status_code
,
1118 peer_capability
, initiator
,
1119 extra_ies
, extra_ies_len
);
1121 case WLAN_TDLS_TEARDOWN
:
1122 ret
= ieee80211_tdls_mgmt_teardown(wiphy
, dev
, peer
,
1123 action_code
, dialog_token
,
1125 peer_capability
, initiator
,
1126 extra_ies
, extra_ies_len
);
1128 case WLAN_TDLS_DISCOVERY_REQUEST
:
1130 * Protect the discovery so we can hear the TDLS discovery
1131 * response frame. It is transmitted directly and not buffered
1134 drv_mgd_protect_tdls_discover(sdata
->local
, sdata
);
1136 case WLAN_TDLS_SETUP_CONFIRM
:
1137 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES
:
1138 /* no special handling */
1139 ret
= ieee80211_tdls_prep_mgmt_packet(wiphy
, dev
, peer
,
1144 initiator
, extra_ies
,
1145 extra_ies_len
, 0, NULL
);
1152 tdls_dbg(sdata
, "TDLS mgmt action %d peer %pM status %d\n",
1153 action_code
, peer
, ret
);
1157 int ieee80211_tdls_oper(struct wiphy
*wiphy
, struct net_device
*dev
,
1158 const u8
*peer
, enum nl80211_tdls_operation oper
)
1160 struct sta_info
*sta
;
1161 struct ieee80211_sub_if_data
*sdata
= IEEE80211_DEV_TO_SUB_IF(dev
);
1162 struct ieee80211_local
*local
= sdata
->local
;
1165 if (!(wiphy
->flags
& WIPHY_FLAG_SUPPORTS_TDLS
))
1168 if (sdata
->vif
.type
!= NL80211_IFTYPE_STATION
)
1172 case NL80211_TDLS_ENABLE_LINK
:
1173 case NL80211_TDLS_DISABLE_LINK
:
1175 case NL80211_TDLS_TEARDOWN
:
1176 case NL80211_TDLS_SETUP
:
1177 case NL80211_TDLS_DISCOVERY_REQ
:
1178 /* We don't support in-driver setup/teardown/discovery */
1182 mutex_lock(&local
->mtx
);
1183 tdls_dbg(sdata
, "TDLS oper %d peer %pM\n", oper
, peer
);
1186 case NL80211_TDLS_ENABLE_LINK
:
1187 if (sdata
->vif
.csa_active
) {
1188 tdls_dbg(sdata
, "TDLS: disallow link during CSA\n");
1194 sta
= sta_info_get(sdata
, peer
);
1201 set_sta_flag(sta
, WLAN_STA_TDLS_PEER_AUTH
);
1204 WARN_ON_ONCE(is_zero_ether_addr(sdata
->u
.mgd
.tdls_peer
) ||
1205 !ether_addr_equal(sdata
->u
.mgd
.tdls_peer
, peer
));
1208 case NL80211_TDLS_DISABLE_LINK
:
1210 * The teardown message in ieee80211_tdls_mgmt_teardown() was
1211 * created while the queues were stopped, so it might still be
1212 * pending. Before flushing the queues we need to be sure the
1213 * message is handled by the tasklet handling pending messages,
1214 * otherwise we might start destroying the station before
1215 * sending the teardown packet.
1216 * Note that this only forces the tasklet to flush pendings -
1217 * not to stop the tasklet from rescheduling itself.
1219 tasklet_kill(&local
->tx_pending_tasklet
);
1220 /* flush a potentially queued teardown packet */
1221 ieee80211_flush_queues(local
, sdata
, false);
1223 ret
= sta_info_destroy_addr(sdata
, peer
);
1230 if (ret
== 0 && ether_addr_equal(sdata
->u
.mgd
.tdls_peer
, peer
)) {
1231 cancel_delayed_work(&sdata
->u
.mgd
.tdls_peer_del_work
);
1232 eth_zero_addr(sdata
->u
.mgd
.tdls_peer
);
1235 mutex_unlock(&local
->mtx
);
1239 void ieee80211_tdls_oper_request(struct ieee80211_vif
*vif
, const u8
*peer
,
1240 enum nl80211_tdls_operation oper
,
1241 u16 reason_code
, gfp_t gfp
)
1243 struct ieee80211_sub_if_data
*sdata
= vif_to_sdata(vif
);
1245 if (vif
->type
!= NL80211_IFTYPE_STATION
|| !vif
->bss_conf
.assoc
) {
1246 sdata_err(sdata
, "Discarding TDLS oper %d - not STA or disconnected\n",
1251 cfg80211_tdls_oper_request(sdata
->dev
, peer
, oper
, reason_code
, gfp
);
1253 EXPORT_SYMBOL(ieee80211_tdls_oper_request
);
1256 iee80211_tdls_add_ch_switch_timing(u8
*buf
, u16 switch_time
, u16 switch_timeout
)
1258 struct ieee80211_ch_switch_timing
*ch_sw
;
1260 *buf
++ = WLAN_EID_CHAN_SWITCH_TIMING
;
1261 *buf
++ = sizeof(struct ieee80211_ch_switch_timing
);
1263 ch_sw
= (void *)buf
;
1264 ch_sw
->switch_time
= cpu_to_le16(switch_time
);
1265 ch_sw
->switch_timeout
= cpu_to_le16(switch_timeout
);
1268 /* find switch timing IE in SKB ready for Tx */
1269 static const u8
*ieee80211_tdls_find_sw_timing_ie(struct sk_buff
*skb
)
1271 struct ieee80211_tdls_data
*tf
;
1275 * Get the offset for the new location of the switch timing IE.
1276 * The SKB network header will now point to the "payload_type"
1277 * element of the TDLS data frame struct.
1279 tf
= container_of(skb
->data
+ skb_network_offset(skb
),
1280 struct ieee80211_tdls_data
, payload_type
);
1281 ie_start
= tf
->u
.chan_switch_req
.variable
;
1282 return cfg80211_find_ie(WLAN_EID_CHAN_SWITCH_TIMING
, ie_start
,
1283 skb
->len
- (ie_start
- skb
->data
));
1286 static struct sk_buff
*
1287 ieee80211_tdls_ch_sw_tmpl_get(struct sta_info
*sta
, u8 oper_class
,
1288 struct cfg80211_chan_def
*chandef
,
1289 u32
*ch_sw_tm_ie_offset
)
1291 struct ieee80211_sub_if_data
*sdata
= sta
->sdata
;
1292 u8 extra_ies
[2 + sizeof(struct ieee80211_sec_chan_offs_ie
) +
1293 2 + sizeof(struct ieee80211_ch_switch_timing
)];
1294 int extra_ies_len
= 2 + sizeof(struct ieee80211_ch_switch_timing
);
1295 u8
*pos
= extra_ies
;
1296 struct sk_buff
*skb
;
1299 * if chandef points to a wide channel add a Secondary-Channel
1300 * Offset information element
1302 if (chandef
->width
== NL80211_CHAN_WIDTH_40
) {
1303 struct ieee80211_sec_chan_offs_ie
*sec_chan_ie
;
1306 *pos
++ = WLAN_EID_SECONDARY_CHANNEL_OFFSET
;
1307 *pos
++ = sizeof(*sec_chan_ie
);
1308 sec_chan_ie
= (void *)pos
;
1310 ht40plus
= cfg80211_get_chandef_type(chandef
) ==
1311 NL80211_CHAN_HT40PLUS
;
1312 sec_chan_ie
->sec_chan_offs
= ht40plus
?
1313 IEEE80211_HT_PARAM_CHA_SEC_ABOVE
:
1314 IEEE80211_HT_PARAM_CHA_SEC_BELOW
;
1315 pos
+= sizeof(*sec_chan_ie
);
1317 extra_ies_len
+= 2 + sizeof(struct ieee80211_sec_chan_offs_ie
);
1320 /* just set the values to 0, this is a template */
1321 iee80211_tdls_add_ch_switch_timing(pos
, 0, 0);
1323 skb
= ieee80211_tdls_build_mgmt_packet_data(sdata
, sta
->sta
.addr
,
1324 WLAN_TDLS_CHANNEL_SWITCH_REQUEST
,
1325 0, 0, !sta
->sta
.tdls_initiator
,
1326 extra_ies
, extra_ies_len
,
1327 oper_class
, chandef
);
1331 skb
= ieee80211_build_data_template(sdata
, skb
, 0);
1333 tdls_dbg(sdata
, "Failed building TDLS channel switch frame\n");
1337 if (ch_sw_tm_ie_offset
) {
1338 const u8
*tm_ie
= ieee80211_tdls_find_sw_timing_ie(skb
);
1341 tdls_dbg(sdata
, "No switch timing IE in TDLS switch\n");
1342 dev_kfree_skb_any(skb
);
1346 *ch_sw_tm_ie_offset
= tm_ie
- skb
->data
;
1350 "TDLS channel switch request template for %pM ch %d width %d\n",
1351 sta
->sta
.addr
, chandef
->chan
->center_freq
, chandef
->width
);
1356 ieee80211_tdls_channel_switch(struct wiphy
*wiphy
, struct net_device
*dev
,
1357 const u8
*addr
, u8 oper_class
,
1358 struct cfg80211_chan_def
*chandef
)
1360 struct ieee80211_sub_if_data
*sdata
= IEEE80211_DEV_TO_SUB_IF(dev
);
1361 struct ieee80211_local
*local
= sdata
->local
;
1362 struct sta_info
*sta
;
1363 struct sk_buff
*skb
= NULL
;
1367 mutex_lock(&local
->sta_mtx
);
1368 sta
= sta_info_get(sdata
, addr
);
1371 "Invalid TDLS peer %pM for channel switch request\n",
1377 if (!test_sta_flag(sta
, WLAN_STA_TDLS_CHAN_SWITCH
)) {
1378 tdls_dbg(sdata
, "TDLS channel switch unsupported by %pM\n",
1384 skb
= ieee80211_tdls_ch_sw_tmpl_get(sta
, oper_class
, chandef
,
1391 ret
= drv_tdls_channel_switch(local
, sdata
, &sta
->sta
, oper_class
,
1392 chandef
, skb
, ch_sw_tm_ie
);
1394 set_sta_flag(sta
, WLAN_STA_TDLS_OFF_CHANNEL
);
1397 mutex_unlock(&local
->sta_mtx
);
1398 dev_kfree_skb_any(skb
);
1403 ieee80211_tdls_cancel_channel_switch(struct wiphy
*wiphy
,
1404 struct net_device
*dev
,
1407 struct ieee80211_sub_if_data
*sdata
= IEEE80211_DEV_TO_SUB_IF(dev
);
1408 struct ieee80211_local
*local
= sdata
->local
;
1409 struct sta_info
*sta
;
1411 mutex_lock(&local
->sta_mtx
);
1412 sta
= sta_info_get(sdata
, addr
);
1415 "Invalid TDLS peer %pM for channel switch cancel\n",
1420 if (!test_sta_flag(sta
, WLAN_STA_TDLS_OFF_CHANNEL
)) {
1421 tdls_dbg(sdata
, "TDLS channel switch not initiated by %pM\n",
1426 drv_tdls_cancel_channel_switch(local
, sdata
, &sta
->sta
);
1427 clear_sta_flag(sta
, WLAN_STA_TDLS_OFF_CHANNEL
);
1430 mutex_unlock(&local
->sta_mtx
);
1433 static struct sk_buff
*
1434 ieee80211_tdls_ch_sw_resp_tmpl_get(struct sta_info
*sta
,
1435 u32
*ch_sw_tm_ie_offset
)
1437 struct ieee80211_sub_if_data
*sdata
= sta
->sdata
;
1438 struct sk_buff
*skb
;
1439 u8 extra_ies
[2 + sizeof(struct ieee80211_ch_switch_timing
)];
1441 /* initial timing are always zero in the template */
1442 iee80211_tdls_add_ch_switch_timing(extra_ies
, 0, 0);
1444 skb
= ieee80211_tdls_build_mgmt_packet_data(sdata
, sta
->sta
.addr
,
1445 WLAN_TDLS_CHANNEL_SWITCH_RESPONSE
,
1446 0, 0, !sta
->sta
.tdls_initiator
,
1447 extra_ies
, sizeof(extra_ies
), 0, NULL
);
1451 skb
= ieee80211_build_data_template(sdata
, skb
, 0);
1454 "Failed building TDLS channel switch resp frame\n");
1458 if (ch_sw_tm_ie_offset
) {
1459 const u8
*tm_ie
= ieee80211_tdls_find_sw_timing_ie(skb
);
1463 "No switch timing IE in TDLS switch resp\n");
1464 dev_kfree_skb_any(skb
);
1468 *ch_sw_tm_ie_offset
= tm_ie
- skb
->data
;
1471 tdls_dbg(sdata
, "TDLS get channel switch response template for %pM\n",
1477 ieee80211_process_tdls_channel_switch_resp(struct ieee80211_sub_if_data
*sdata
,
1478 struct sk_buff
*skb
)
1480 struct ieee80211_local
*local
= sdata
->local
;
1481 struct ieee802_11_elems elems
;
1482 struct sta_info
*sta
;
1483 struct ieee80211_tdls_data
*tf
= (void *)skb
->data
;
1484 bool local_initiator
;
1485 struct ieee80211_rx_status
*rx_status
= IEEE80211_SKB_RXCB(skb
);
1486 int baselen
= offsetof(typeof(*tf
), u
.chan_switch_resp
.variable
);
1487 struct ieee80211_tdls_ch_sw_params params
= {};
1490 params
.action_code
= WLAN_TDLS_CHANNEL_SWITCH_RESPONSE
;
1491 params
.timestamp
= rx_status
->device_timestamp
;
1493 if (skb
->len
< baselen
) {
1494 tdls_dbg(sdata
, "TDLS channel switch resp too short: %d\n",
1499 mutex_lock(&local
->sta_mtx
);
1500 sta
= sta_info_get(sdata
, tf
->sa
);
1501 if (!sta
|| !test_sta_flag(sta
, WLAN_STA_TDLS_PEER_AUTH
)) {
1502 tdls_dbg(sdata
, "TDLS chan switch from non-peer sta %pM\n",
1508 params
.sta
= &sta
->sta
;
1509 params
.status
= le16_to_cpu(tf
->u
.chan_switch_resp
.status_code
);
1510 if (params
.status
!= 0) {
1515 ieee802_11_parse_elems(tf
->u
.chan_switch_resp
.variable
,
1516 skb
->len
- baselen
, false, &elems
);
1517 if (elems
.parse_error
) {
1518 tdls_dbg(sdata
, "Invalid IEs in TDLS channel switch resp\n");
1523 if (!elems
.ch_sw_timing
|| !elems
.lnk_id
) {
1524 tdls_dbg(sdata
, "TDLS channel switch resp - missing IEs\n");
1529 /* validate the initiator is set correctly */
1531 !memcmp(elems
.lnk_id
->init_sta
, sdata
->vif
.addr
, ETH_ALEN
);
1532 if (local_initiator
== sta
->sta
.tdls_initiator
) {
1533 tdls_dbg(sdata
, "TDLS chan switch invalid lnk-id initiator\n");
1538 params
.switch_time
= le16_to_cpu(elems
.ch_sw_timing
->switch_time
);
1539 params
.switch_timeout
= le16_to_cpu(elems
.ch_sw_timing
->switch_timeout
);
1542 ieee80211_tdls_ch_sw_resp_tmpl_get(sta
, ¶ms
.ch_sw_tm_ie
);
1543 if (!params
.tmpl_skb
) {
1549 drv_tdls_recv_channel_switch(sdata
->local
, sdata
, ¶ms
);
1552 "TDLS channel switch response received from %pM status %d\n",
1553 tf
->sa
, params
.status
);
1556 mutex_unlock(&local
->sta_mtx
);
1557 dev_kfree_skb_any(params
.tmpl_skb
);
1562 ieee80211_process_tdls_channel_switch_req(struct ieee80211_sub_if_data
*sdata
,
1563 struct sk_buff
*skb
)
1565 struct ieee80211_local
*local
= sdata
->local
;
1566 struct ieee802_11_elems elems
;
1567 struct cfg80211_chan_def chandef
;
1568 struct ieee80211_channel
*chan
;
1569 enum nl80211_channel_type chan_type
;
1571 u8 target_channel
, oper_class
;
1572 bool local_initiator
;
1573 struct sta_info
*sta
;
1574 enum ieee80211_band band
;
1575 struct ieee80211_tdls_data
*tf
= (void *)skb
->data
;
1576 struct ieee80211_rx_status
*rx_status
= IEEE80211_SKB_RXCB(skb
);
1577 int baselen
= offsetof(typeof(*tf
), u
.chan_switch_req
.variable
);
1578 struct ieee80211_tdls_ch_sw_params params
= {};
1581 params
.action_code
= WLAN_TDLS_CHANNEL_SWITCH_REQUEST
;
1582 params
.timestamp
= rx_status
->device_timestamp
;
1584 if (skb
->len
< baselen
) {
1585 tdls_dbg(sdata
, "TDLS channel switch req too short: %d\n",
1590 target_channel
= tf
->u
.chan_switch_req
.target_channel
;
1591 oper_class
= tf
->u
.chan_switch_req
.oper_class
;
1594 * We can't easily infer the channel band. The operating class is
1595 * ambiguous - there are multiple tables (US/Europe/JP/Global). The
1596 * solution here is to treat channels with number >14 as 5GHz ones,
1597 * and specifically check for the (oper_class, channel) combinations
1598 * where this doesn't hold. These are thankfully unique according to
1600 * We consider only the 2GHz and 5GHz bands and 20MHz+ channels as
1603 if ((oper_class
== 112 || oper_class
== 2 || oper_class
== 3 ||
1604 oper_class
== 4 || oper_class
== 5 || oper_class
== 6) &&
1605 target_channel
< 14)
1606 band
= IEEE80211_BAND_5GHZ
;
1608 band
= target_channel
< 14 ? IEEE80211_BAND_2GHZ
:
1609 IEEE80211_BAND_5GHZ
;
1611 freq
= ieee80211_channel_to_frequency(target_channel
, band
);
1613 tdls_dbg(sdata
, "Invalid channel in TDLS chan switch: %d\n",
1618 chan
= ieee80211_get_channel(sdata
->local
->hw
.wiphy
, freq
);
1621 "Unsupported channel for TDLS chan switch: %d\n",
1626 ieee802_11_parse_elems(tf
->u
.chan_switch_req
.variable
,
1627 skb
->len
- baselen
, false, &elems
);
1628 if (elems
.parse_error
) {
1629 tdls_dbg(sdata
, "Invalid IEs in TDLS channel switch req\n");
1633 if (!elems
.ch_sw_timing
|| !elems
.lnk_id
) {
1634 tdls_dbg(sdata
, "TDLS channel switch req - missing IEs\n");
1638 mutex_lock(&local
->sta_mtx
);
1639 sta
= sta_info_get(sdata
, tf
->sa
);
1640 if (!sta
|| !test_sta_flag(sta
, WLAN_STA_TDLS_PEER_AUTH
)) {
1641 tdls_dbg(sdata
, "TDLS chan switch from non-peer sta %pM\n",
1647 params
.sta
= &sta
->sta
;
1649 /* validate the initiator is set correctly */
1651 !memcmp(elems
.lnk_id
->init_sta
, sdata
->vif
.addr
, ETH_ALEN
);
1652 if (local_initiator
== sta
->sta
.tdls_initiator
) {
1653 tdls_dbg(sdata
, "TDLS chan switch invalid lnk-id initiator\n");
1658 if (!sta
->sta
.ht_cap
.ht_supported
) {
1659 chan_type
= NL80211_CHAN_NO_HT
;
1660 } else if (!elems
.sec_chan_offs
) {
1661 chan_type
= NL80211_CHAN_HT20
;
1663 switch (elems
.sec_chan_offs
->sec_chan_offs
) {
1664 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE
:
1665 chan_type
= NL80211_CHAN_HT40PLUS
;
1667 case IEEE80211_HT_PARAM_CHA_SEC_BELOW
:
1668 chan_type
= NL80211_CHAN_HT40MINUS
;
1671 chan_type
= NL80211_CHAN_HT20
;
1676 cfg80211_chandef_create(&chandef
, chan
, chan_type
);
1677 params
.chandef
= &chandef
;
1679 params
.switch_time
= le16_to_cpu(elems
.ch_sw_timing
->switch_time
);
1680 params
.switch_timeout
= le16_to_cpu(elems
.ch_sw_timing
->switch_timeout
);
1683 ieee80211_tdls_ch_sw_resp_tmpl_get(sta
,
1684 ¶ms
.ch_sw_tm_ie
);
1685 if (!params
.tmpl_skb
) {
1690 drv_tdls_recv_channel_switch(sdata
->local
, sdata
, ¶ms
);
1693 "TDLS ch switch request received from %pM ch %d width %d\n",
1694 tf
->sa
, params
.chandef
->chan
->center_freq
,
1695 params
.chandef
->width
);
1697 mutex_unlock(&local
->sta_mtx
);
1698 dev_kfree_skb_any(params
.tmpl_skb
);
1702 void ieee80211_process_tdls_channel_switch(struct ieee80211_sub_if_data
*sdata
,
1703 struct sk_buff
*skb
)
1705 struct ieee80211_tdls_data
*tf
= (void *)skb
->data
;
1706 struct wiphy
*wiphy
= sdata
->local
->hw
.wiphy
;
1708 /* make sure the driver supports it */
1709 if (!(wiphy
->features
& NL80211_FEATURE_TDLS_CHANNEL_SWITCH
))
1712 /* we want to access the entire packet */
1713 if (skb_linearize(skb
))
1716 * The packet/size was already validated by mac80211 Rx path, only look
1717 * at the action type.
1719 switch (tf
->action_code
) {
1720 case WLAN_TDLS_CHANNEL_SWITCH_REQUEST
:
1721 ieee80211_process_tdls_channel_switch_req(sdata
, skb
);
1723 case WLAN_TDLS_CHANNEL_SWITCH_RESPONSE
:
1724 ieee80211_process_tdls_channel_switch_resp(sdata
, skb
);