1/* 2 * Copyright (c) 2008, 2009 open80211s Ltd. 3 * Author: Luis Carlos Cobo <luisca@cozybit.com> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 */ 9#include <linux/gfp.h> 10#include <linux/kernel.h> 11#include <linux/random.h> 12#include "ieee80211_i.h" 13#include "rate.h" 14#include "mesh.h" 15 16#define PLINK_GET_LLID(p) (p + 2) 17#define PLINK_GET_PLID(p) (p + 4) 18 19#define mod_plink_timer(s, t) (mod_timer(&s->plink_timer, \ 20 jiffies + HZ * t / 1000)) 21 22enum plink_event { 23 PLINK_UNDEFINED, 24 OPN_ACPT, 25 OPN_RJCT, 26 OPN_IGNR, 27 CNF_ACPT, 28 CNF_RJCT, 29 CNF_IGNR, 30 CLS_ACPT, 31 CLS_IGNR 32}; 33 34static const char * const mplstates[] = { 35 [NL80211_PLINK_LISTEN] = "LISTEN", 36 [NL80211_PLINK_OPN_SNT] = "OPN-SNT", 37 [NL80211_PLINK_OPN_RCVD] = "OPN-RCVD", 38 [NL80211_PLINK_CNF_RCVD] = "CNF_RCVD", 39 [NL80211_PLINK_ESTAB] = "ESTAB", 40 [NL80211_PLINK_HOLDING] = "HOLDING", 41 [NL80211_PLINK_BLOCKED] = "BLOCKED" 42}; 43 44static const char * const mplevents[] = { 45 [PLINK_UNDEFINED] = "NONE", 46 [OPN_ACPT] = "OPN_ACPT", 47 [OPN_RJCT] = "OPN_RJCT", 48 [OPN_IGNR] = "OPN_IGNR", 49 [CNF_ACPT] = "CNF_ACPT", 50 [CNF_RJCT] = "CNF_RJCT", 51 [CNF_IGNR] = "CNF_IGNR", 52 [CLS_ACPT] = "CLS_ACPT", 53 [CLS_IGNR] = "CLS_IGNR" 54}; 55 56static int mesh_plink_frame_tx(struct ieee80211_sub_if_data *sdata, 57 enum ieee80211_self_protected_actioncode action, 58 u8 *da, u16 llid, u16 plid, u16 reason); 59 60 61/* We only need a valid sta if user configured a minimum rssi_threshold. */ 62static bool rssi_threshold_check(struct ieee80211_sub_if_data *sdata, 63 struct sta_info *sta) 64{ 65 s32 rssi_threshold = sdata->u.mesh.mshcfg.rssi_threshold; 66 return rssi_threshold == 0 || 67 (sta && (s8) -ewma_read(&sta->avg_signal) > rssi_threshold); 68} 69 70/** 71 * mesh_plink_fsm_restart - restart a mesh peer link finite state machine 72 * 73 * @sta: mesh peer link to restart 74 * 75 * Locking: this function must be called holding sta->lock 76 */ 77static inline void mesh_plink_fsm_restart(struct sta_info *sta) 78{ 79 sta->plink_state = NL80211_PLINK_LISTEN; 80 sta->llid = sta->plid = sta->reason = 0; 81 sta->plink_retries = 0; 82} 83 84/* 85 * mesh_set_short_slot_time - enable / disable ERP short slot time. 86 * 87 * The standard indirectly mandates mesh STAs to turn off short slot time by 88 * disallowing advertising this (802.11-2012 8.4.1.4), but that doesn't mean we 89 * can't be sneaky about it. Enable short slot time if all mesh STAs in the 90 * MBSS support ERP rates. 91 * 92 * Returns BSS_CHANGED_ERP_SLOT or 0 for no change. 93 */ 94static u32 mesh_set_short_slot_time(struct ieee80211_sub_if_data *sdata) 95{ 96 struct ieee80211_local *local = sdata->local; 97 enum ieee80211_band band = ieee80211_get_sdata_band(sdata); 98 struct ieee80211_supported_band *sband = local->hw.wiphy->bands[band]; 99 struct sta_info *sta; 100 u32 erp_rates = 0, changed = 0; 101 int i; 102 bool short_slot = false; 103 104 if (band == IEEE80211_BAND_5GHZ) { 105 /* (IEEE 802.11-2012 19.4.5) */ 106 short_slot = true; 107 goto out; 108 } else if (band != IEEE80211_BAND_2GHZ || 109 (band == IEEE80211_BAND_2GHZ && 110 local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE)) 111 goto out; 112 113 for (i = 0; i < sband->n_bitrates; i++) 114 if (sband->bitrates[i].flags & IEEE80211_RATE_ERP_G) 115 erp_rates |= BIT(i); 116 117 if (!erp_rates) 118 goto out; 119 120 rcu_read_lock(); 121 list_for_each_entry_rcu(sta, &local->sta_list, list) { 122 if (sdata != sta->sdata || 123 sta->plink_state != NL80211_PLINK_ESTAB) 124 continue; 125 126 short_slot = false; 127 if (erp_rates & sta->sta.supp_rates[band]) 128 short_slot = true; 129 else 130 break; 131 } 132 rcu_read_unlock(); 133 134out: 135 if (sdata->vif.bss_conf.use_short_slot != short_slot) { 136 sdata->vif.bss_conf.use_short_slot = short_slot; 137 changed = BSS_CHANGED_ERP_SLOT; 138 mpl_dbg(sdata, "mesh_plink %pM: ERP short slot time %d\n", 139 sdata->vif.addr, short_slot); 140 } 141 return changed; 142} 143 144/** 145 * mesh_set_ht_prot_mode - set correct HT protection mode 146 * 147 * Section 9.23.3.5 of IEEE 80211-2012 describes the protection rules for HT 148 * mesh STA in a MBSS. Three HT protection modes are supported for now, non-HT 149 * mixed mode, 20MHz-protection and no-protection mode. non-HT mixed mode is 150 * selected if any non-HT peers are present in our MBSS. 20MHz-protection mode 151 * is selected if all peers in our 20/40MHz MBSS support HT and atleast one 152 * HT20 peer is present. Otherwise no-protection mode is selected. 153 */ 154static u32 mesh_set_ht_prot_mode(struct ieee80211_sub_if_data *sdata) 155{ 156 struct ieee80211_local *local = sdata->local; 157 struct sta_info *sta; 158 u16 ht_opmode; 159 bool non_ht_sta = false, ht20_sta = false; 160 161 switch (sdata->vif.bss_conf.chandef.width) { 162 case NL80211_CHAN_WIDTH_20_NOHT: 163 case NL80211_CHAN_WIDTH_5: 164 case NL80211_CHAN_WIDTH_10: 165 return 0; 166 default: 167 break; 168 } 169 170 rcu_read_lock(); 171 list_for_each_entry_rcu(sta, &local->sta_list, list) { 172 if (sdata != sta->sdata || 173 sta->plink_state != NL80211_PLINK_ESTAB) 174 continue; 175 176 if (sta->sta.bandwidth > IEEE80211_STA_RX_BW_20) 177 continue; 178 179 if (!sta->sta.ht_cap.ht_supported) { 180 mpl_dbg(sdata, "nonHT sta (%pM) is present\n", 181 sta->sta.addr); 182 non_ht_sta = true; 183 break; 184 } 185 186 mpl_dbg(sdata, "HT20 sta (%pM) is present\n", sta->sta.addr); 187 ht20_sta = true; 188 } 189 rcu_read_unlock(); 190 191 if (non_ht_sta) 192 ht_opmode = IEEE80211_HT_OP_MODE_PROTECTION_NONHT_MIXED; 193 else if (ht20_sta && 194 sdata->vif.bss_conf.chandef.width > NL80211_CHAN_WIDTH_20) 195 ht_opmode = IEEE80211_HT_OP_MODE_PROTECTION_20MHZ; 196 else 197 ht_opmode = IEEE80211_HT_OP_MODE_PROTECTION_NONE; 198 199 if (sdata->vif.bss_conf.ht_operation_mode == ht_opmode) 200 return 0; 201 202 sdata->vif.bss_conf.ht_operation_mode = ht_opmode; 203 sdata->u.mesh.mshcfg.ht_opmode = ht_opmode; 204 mpl_dbg(sdata, "selected new HT protection mode %d\n", ht_opmode); 205 return BSS_CHANGED_HT; 206} 207 208/** 209 * __mesh_plink_deactivate - deactivate mesh peer link 210 * 211 * @sta: mesh peer link to deactivate 212 * 213 * All mesh paths with this peer as next hop will be flushed 214 * Returns beacon changed flag if the beacon content changed. 215 * 216 * Locking: the caller must hold sta->lock 217 */ 218static u32 __mesh_plink_deactivate(struct sta_info *sta) 219{ 220 struct ieee80211_sub_if_data *sdata = sta->sdata; 221 u32 changed = 0; 222 223 if (sta->plink_state == NL80211_PLINK_ESTAB) 224 changed = mesh_plink_dec_estab_count(sdata); 225 sta->plink_state = NL80211_PLINK_BLOCKED; 226 mesh_path_flush_by_nexthop(sta); 227 228 ieee80211_mps_sta_status_update(sta); 229 changed |= ieee80211_mps_set_sta_local_pm(sta, 230 NL80211_MESH_POWER_UNKNOWN); 231 232 return changed; 233} 234 235/** 236 * mesh_plink_deactivate - deactivate mesh peer link 237 * 238 * @sta: mesh peer link to deactivate 239 * 240 * All mesh paths with this peer as next hop will be flushed 241 */ 242u32 mesh_plink_deactivate(struct sta_info *sta) 243{ 244 struct ieee80211_sub_if_data *sdata = sta->sdata; 245 u32 changed; 246 247 spin_lock_bh(&sta->lock); 248 changed = __mesh_plink_deactivate(sta); 249 sta->reason = WLAN_REASON_MESH_PEER_CANCELED; 250 mesh_plink_frame_tx(sdata, WLAN_SP_MESH_PEERING_CLOSE, 251 sta->sta.addr, sta->llid, sta->plid, 252 sta->reason); 253 spin_unlock_bh(&sta->lock); 254 255 return changed; 256} 257 258static int mesh_plink_frame_tx(struct ieee80211_sub_if_data *sdata, 259 enum ieee80211_self_protected_actioncode action, 260 u8 *da, u16 llid, u16 plid, u16 reason) 261{ 262 struct ieee80211_local *local = sdata->local; 263 struct sk_buff *skb; 264 struct ieee80211_tx_info *info; 265 struct ieee80211_mgmt *mgmt; 266 bool include_plid = false; 267 u16 peering_proto = 0; 268 u8 *pos, ie_len = 4; 269 int hdr_len = offsetof(struct ieee80211_mgmt, u.action.u.self_prot) + 270 sizeof(mgmt->u.action.u.self_prot); 271 int err = -ENOMEM; 272 273 skb = dev_alloc_skb(local->tx_headroom + 274 hdr_len + 275 2 + /* capability info */ 276 2 + /* AID */ 277 2 + 8 + /* supported rates */ 278 2 + (IEEE80211_MAX_SUPP_RATES - 8) + 279 2 + sdata->u.mesh.mesh_id_len + 280 2 + sizeof(struct ieee80211_meshconf_ie) + 281 2 + sizeof(struct ieee80211_ht_cap) + 282 2 + sizeof(struct ieee80211_ht_operation) + 283 2 + 8 + /* peering IE */ 284 sdata->u.mesh.ie_len); 285 if (!skb) 286 return err; 287 info = IEEE80211_SKB_CB(skb); 288 skb_reserve(skb, local->tx_headroom); 289 mgmt = (struct ieee80211_mgmt *) skb_put(skb, hdr_len); 290 memset(mgmt, 0, hdr_len); 291 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 292 IEEE80211_STYPE_ACTION); 293 memcpy(mgmt->da, da, ETH_ALEN); 294 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 295 memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN); 296 mgmt->u.action.category = WLAN_CATEGORY_SELF_PROTECTED; 297 mgmt->u.action.u.self_prot.action_code = action; 298 299 if (action != WLAN_SP_MESH_PEERING_CLOSE) { 300 enum ieee80211_band band = ieee80211_get_sdata_band(sdata); 301 302 /* capability info */ 303 pos = skb_put(skb, 2); 304 memset(pos, 0, 2); 305 if (action == WLAN_SP_MESH_PEERING_CONFIRM) { 306 /* AID */ 307 pos = skb_put(skb, 2); 308 put_unaligned_le16(plid, pos + 2); 309 } 310 if (ieee80211_add_srates_ie(sdata, skb, true, band) || 311 ieee80211_add_ext_srates_ie(sdata, skb, true, band) || 312 mesh_add_rsn_ie(sdata, skb) || 313 mesh_add_meshid_ie(sdata, skb) || 314 mesh_add_meshconf_ie(sdata, skb)) 315 goto free; 316 } else { /* WLAN_SP_MESH_PEERING_CLOSE */ 317 info->flags |= IEEE80211_TX_CTL_NO_ACK; 318 if (mesh_add_meshid_ie(sdata, skb)) 319 goto free; 320 } 321 322 /* Add Mesh Peering Management element */ 323 switch (action) { 324 case WLAN_SP_MESH_PEERING_OPEN: 325 break; 326 case WLAN_SP_MESH_PEERING_CONFIRM: 327 ie_len += 2; 328 include_plid = true; 329 break; 330 case WLAN_SP_MESH_PEERING_CLOSE: 331 if (plid) { 332 ie_len += 2; 333 include_plid = true; 334 } 335 ie_len += 2; /* reason code */ 336 break; 337 default: 338 err = -EINVAL; 339 goto free; 340 } 341 342 if (WARN_ON(skb_tailroom(skb) < 2 + ie_len)) 343 goto free; 344 345 pos = skb_put(skb, 2 + ie_len); 346 *pos++ = WLAN_EID_PEER_MGMT; 347 *pos++ = ie_len; 348 memcpy(pos, &peering_proto, 2); 349 pos += 2; 350 put_unaligned_le16(llid, pos); 351 pos += 2; 352 if (include_plid) { 353 put_unaligned_le16(plid, pos); 354 pos += 2; 355 } 356 if (action == WLAN_SP_MESH_PEERING_CLOSE) { 357 put_unaligned_le16(reason, pos); 358 pos += 2; 359 } 360 361 if (action != WLAN_SP_MESH_PEERING_CLOSE) { 362 if (mesh_add_ht_cap_ie(sdata, skb) || 363 mesh_add_ht_oper_ie(sdata, skb)) 364 goto free; 365 } 366 367 if (mesh_add_vendor_ies(sdata, skb)) 368 goto free; 369 370 ieee80211_tx_skb(sdata, skb); 371 return 0; 372free: 373 kfree_skb(skb); 374 return err; 375} 376 377static void mesh_sta_info_init(struct ieee80211_sub_if_data *sdata, 378 struct sta_info *sta, 379 struct ieee802_11_elems *elems, bool insert) 380{ 381 struct ieee80211_local *local = sdata->local; 382 enum ieee80211_band band = ieee80211_get_sdata_band(sdata); 383 struct ieee80211_supported_band *sband; 384 u32 rates, basic_rates = 0, changed = 0; 385 386 sband = local->hw.wiphy->bands[band]; 387 rates = ieee80211_sta_get_rates(sdata, elems, band, &basic_rates); 388 389 spin_lock_bh(&sta->lock); 390 sta->last_rx = jiffies; 391 392 /* rates and capabilities don't change during peering */ 393 if (sta->plink_state == NL80211_PLINK_ESTAB) 394 goto out; 395 396 if (sta->sta.supp_rates[band] != rates) 397 changed |= IEEE80211_RC_SUPP_RATES_CHANGED; 398 sta->sta.supp_rates[band] = rates; 399 400 if (ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband, 401 elems->ht_cap_elem, sta)) 402 changed |= IEEE80211_RC_BW_CHANGED; 403 404 /* HT peer is operating 20MHz-only */ 405 if (elems->ht_operation && 406 !(elems->ht_operation->ht_param & 407 IEEE80211_HT_PARAM_CHAN_WIDTH_ANY)) { 408 if (sta->sta.bandwidth != IEEE80211_STA_RX_BW_20) 409 changed |= IEEE80211_RC_BW_CHANGED; 410 sta->sta.bandwidth = IEEE80211_STA_RX_BW_20; 411 } 412 413 if (insert) 414 rate_control_rate_init(sta); 415 else 416 rate_control_rate_update(local, sband, sta, changed); 417out: 418 spin_unlock_bh(&sta->lock); 419} 420 421static struct sta_info * 422__mesh_sta_info_alloc(struct ieee80211_sub_if_data *sdata, u8 *hw_addr) 423{ 424 struct sta_info *sta; 425 426 if (sdata->local->num_sta >= MESH_MAX_PLINKS) 427 return NULL; 428 429 sta = sta_info_alloc(sdata, hw_addr, GFP_KERNEL); 430 if (!sta) 431 return NULL; 432 433 sta->plink_state = NL80211_PLINK_LISTEN; 434 sta->sta.wme = true; 435 436 sta_info_pre_move_state(sta, IEEE80211_STA_AUTH); 437 sta_info_pre_move_state(sta, IEEE80211_STA_ASSOC); 438 sta_info_pre_move_state(sta, IEEE80211_STA_AUTHORIZED); 439 440 return sta; 441} 442 443static struct sta_info * 444mesh_sta_info_alloc(struct ieee80211_sub_if_data *sdata, u8 *addr, 445 struct ieee802_11_elems *elems) 446{ 447 struct sta_info *sta = NULL; 448 449 /* Userspace handles station allocation */ 450 if (sdata->u.mesh.user_mpm || 451 sdata->u.mesh.security & IEEE80211_MESH_SEC_AUTHED) 452 cfg80211_notify_new_peer_candidate(sdata->dev, addr, 453 elems->ie_start, 454 elems->total_len, 455 GFP_KERNEL); 456 else 457 sta = __mesh_sta_info_alloc(sdata, addr); 458 459 return sta; 460} 461 462/* 463 * mesh_sta_info_get - return mesh sta info entry for @addr. 464 * 465 * @sdata: local meshif 466 * @addr: peer's address 467 * @elems: IEs from beacon or mesh peering frame. 468 * 469 * Return existing or newly allocated sta_info under RCU read lock. 470 * (re)initialize with given IEs. 471 */ 472static struct sta_info * 473mesh_sta_info_get(struct ieee80211_sub_if_data *sdata, 474 u8 *addr, struct ieee802_11_elems *elems) __acquires(RCU) 475{ 476 struct sta_info *sta = NULL; 477 478 rcu_read_lock(); 479 sta = sta_info_get(sdata, addr); 480 if (sta) { 481 mesh_sta_info_init(sdata, sta, elems, false); 482 } else { 483 rcu_read_unlock(); 484 /* can't run atomic */ 485 sta = mesh_sta_info_alloc(sdata, addr, elems); 486 if (!sta) { 487 rcu_read_lock(); 488 return NULL; 489 } 490 491 mesh_sta_info_init(sdata, sta, elems, true); 492 493 if (sta_info_insert_rcu(sta)) 494 return NULL; 495 } 496 497 return sta; 498} 499 500/* 501 * mesh_neighbour_update - update or initialize new mesh neighbor. 502 * 503 * @sdata: local meshif 504 * @addr: peer's address 505 * @elems: IEs from beacon or mesh peering frame 506 * 507 * Initiates peering if appropriate. 508 */ 509void mesh_neighbour_update(struct ieee80211_sub_if_data *sdata, 510 u8 *hw_addr, 511 struct ieee802_11_elems *elems) 512{ 513 struct sta_info *sta; 514 u32 changed = 0; 515 516 sta = mesh_sta_info_get(sdata, hw_addr, elems); 517 if (!sta) 518 goto out; 519 520 if (mesh_peer_accepts_plinks(elems) && 521 sta->plink_state == NL80211_PLINK_LISTEN && 522 sdata->u.mesh.accepting_plinks && 523 sdata->u.mesh.mshcfg.auto_open_plinks && 524 rssi_threshold_check(sdata, sta)) 525 changed = mesh_plink_open(sta); 526 527 ieee80211_mps_frame_release(sta, elems); 528out: 529 rcu_read_unlock(); 530 ieee80211_mbss_info_change_notify(sdata, changed); 531} 532 533static void mesh_plink_timer(unsigned long data) 534{ 535 struct sta_info *sta; 536 u16 reason = 0; 537 struct ieee80211_sub_if_data *sdata; 538 struct mesh_config *mshcfg; 539 enum ieee80211_self_protected_actioncode action = 0; 540 541 /* 542 * This STA is valid because sta_info_destroy() will 543 * del_timer_sync() this timer after having made sure 544 * it cannot be readded (by deleting the plink.) 545 */ 546 sta = (struct sta_info *) data; 547 548 if (sta->sdata->local->quiescing) 549 return; 550 551 spin_lock_bh(&sta->lock); 552 553 /* If a timer fires just before a state transition on another CPU, 554 * we may have already extended the timeout and changed state by the 555 * time we've acquired the lock and arrived here. In that case, 556 * skip this timer and wait for the new one. 557 */ 558 if (time_before(jiffies, sta->plink_timer.expires)) { 559 mpl_dbg(sta->sdata, 560 "Ignoring timer for %pM in state %s (timer adjusted)", 561 sta->sta.addr, mplstates[sta->plink_state]); 562 spin_unlock_bh(&sta->lock); 563 return; 564 } 565 566 /* del_timer() and handler may race when entering these states */ 567 if (sta->plink_state == NL80211_PLINK_LISTEN || 568 sta->plink_state == NL80211_PLINK_ESTAB) { 569 mpl_dbg(sta->sdata, 570 "Ignoring timer for %pM in state %s (timer deleted)", 571 sta->sta.addr, mplstates[sta->plink_state]); 572 spin_unlock_bh(&sta->lock); 573 return; 574 } 575 576 mpl_dbg(sta->sdata, 577 "Mesh plink timer for %pM fired on state %s\n", 578 sta->sta.addr, mplstates[sta->plink_state]); 579 sdata = sta->sdata; 580 mshcfg = &sdata->u.mesh.mshcfg; 581 582 switch (sta->plink_state) { 583 case NL80211_PLINK_OPN_RCVD: 584 case NL80211_PLINK_OPN_SNT: 585 /* retry timer */ 586 if (sta->plink_retries < mshcfg->dot11MeshMaxRetries) { 587 u32 rand; 588 mpl_dbg(sta->sdata, 589 "Mesh plink for %pM (retry, timeout): %d %d\n", 590 sta->sta.addr, sta->plink_retries, 591 sta->plink_timeout); 592 get_random_bytes(&rand, sizeof(u32)); 593 sta->plink_timeout = sta->plink_timeout + 594 rand % sta->plink_timeout; 595 ++sta->plink_retries; 596 mod_plink_timer(sta, sta->plink_timeout); 597 action = WLAN_SP_MESH_PEERING_OPEN; 598 break; 599 } 600 reason = WLAN_REASON_MESH_MAX_RETRIES; 601 /* fall through on else */ 602 case NL80211_PLINK_CNF_RCVD: 603 /* confirm timer */ 604 if (!reason) 605 reason = WLAN_REASON_MESH_CONFIRM_TIMEOUT; 606 sta->plink_state = NL80211_PLINK_HOLDING; 607 mod_plink_timer(sta, mshcfg->dot11MeshHoldingTimeout); 608 action = WLAN_SP_MESH_PEERING_CLOSE; 609 break; 610 case NL80211_PLINK_HOLDING: 611 /* holding timer */ 612 del_timer(&sta->plink_timer); 613 mesh_plink_fsm_restart(sta); 614 break; 615 default: 616 break; 617 } 618 spin_unlock_bh(&sta->lock); 619 if (action) 620 mesh_plink_frame_tx(sdata, action, sta->sta.addr, 621 sta->llid, sta->plid, reason); 622} 623 624static inline void mesh_plink_timer_set(struct sta_info *sta, int timeout) 625{ 626 sta->plink_timer.expires = jiffies + (HZ * timeout / 1000); 627 sta->plink_timer.data = (unsigned long) sta; 628 sta->plink_timer.function = mesh_plink_timer; 629 sta->plink_timeout = timeout; 630 add_timer(&sta->plink_timer); 631} 632 633static bool llid_in_use(struct ieee80211_sub_if_data *sdata, 634 u16 llid) 635{ 636 struct ieee80211_local *local = sdata->local; 637 bool in_use = false; 638 struct sta_info *sta; 639 640 rcu_read_lock(); 641 list_for_each_entry_rcu(sta, &local->sta_list, list) { 642 if (!memcmp(&sta->llid, &llid, sizeof(llid))) { 643 in_use = true; 644 break; 645 } 646 } 647 rcu_read_unlock(); 648 649 return in_use; 650} 651 652static u16 mesh_get_new_llid(struct ieee80211_sub_if_data *sdata) 653{ 654 u16 llid; 655 656 do { 657 get_random_bytes(&llid, sizeof(llid)); 658 /* for mesh PS we still only have the AID range for TIM bits */ 659 llid = (llid % IEEE80211_MAX_AID) + 1; 660 } while (llid_in_use(sdata, llid)); 661 662 return llid; 663} 664 665u32 mesh_plink_open(struct sta_info *sta) 666{ 667 struct ieee80211_sub_if_data *sdata = sta->sdata; 668 u32 changed; 669 670 if (!test_sta_flag(sta, WLAN_STA_AUTH)) 671 return 0; 672 673 spin_lock_bh(&sta->lock); 674 sta->llid = mesh_get_new_llid(sdata); 675 if (sta->plink_state != NL80211_PLINK_LISTEN && 676 sta->plink_state != NL80211_PLINK_BLOCKED) { 677 spin_unlock_bh(&sta->lock); 678 return 0; 679 } 680 sta->plink_state = NL80211_PLINK_OPN_SNT; 681 mesh_plink_timer_set(sta, sdata->u.mesh.mshcfg.dot11MeshRetryTimeout); 682 spin_unlock_bh(&sta->lock); 683 mpl_dbg(sdata, 684 "Mesh plink: starting establishment with %pM\n", 685 sta->sta.addr); 686 687 /* set the non-peer mode to active during peering */ 688 changed = ieee80211_mps_local_status_update(sdata); 689 690 mesh_plink_frame_tx(sdata, WLAN_SP_MESH_PEERING_OPEN, 691 sta->sta.addr, sta->llid, 0, 0); 692 return changed; 693} 694 695u32 mesh_plink_block(struct sta_info *sta) 696{ 697 u32 changed; 698 699 spin_lock_bh(&sta->lock); 700 changed = __mesh_plink_deactivate(sta); 701 sta->plink_state = NL80211_PLINK_BLOCKED; 702 spin_unlock_bh(&sta->lock); 703 704 return changed; 705} 706 707static void mesh_plink_close(struct ieee80211_sub_if_data *sdata, 708 struct sta_info *sta, 709 enum plink_event event) 710{ 711 struct mesh_config *mshcfg = &sdata->u.mesh.mshcfg; 712 713 u16 reason = (event == CLS_ACPT) ? 714 WLAN_REASON_MESH_CLOSE : WLAN_REASON_MESH_CONFIG; 715 716 sta->reason = reason; 717 sta->plink_state = NL80211_PLINK_HOLDING; 718 mod_plink_timer(sta, mshcfg->dot11MeshHoldingTimeout); 719} 720 721static u32 mesh_plink_establish(struct ieee80211_sub_if_data *sdata, 722 struct sta_info *sta) 723{ 724 struct mesh_config *mshcfg = &sdata->u.mesh.mshcfg; 725 u32 changed = 0; 726 727 del_timer(&sta->plink_timer); 728 sta->plink_state = NL80211_PLINK_ESTAB; 729 changed |= mesh_plink_inc_estab_count(sdata); 730 changed |= mesh_set_ht_prot_mode(sdata); 731 changed |= mesh_set_short_slot_time(sdata); 732 mpl_dbg(sdata, "Mesh plink with %pM ESTABLISHED\n", sta->sta.addr); 733 ieee80211_mps_sta_status_update(sta); 734 changed |= ieee80211_mps_set_sta_local_pm(sta, mshcfg->power_mode); 735 return changed; 736} 737 738/** 739 * mesh_plink_fsm - step @sta MPM based on @event 740 * 741 * @sdata: interface 742 * @sta: mesh neighbor 743 * @event: peering event 744 * 745 * Return: changed MBSS flags 746 */ 747static u32 mesh_plink_fsm(struct ieee80211_sub_if_data *sdata, 748 struct sta_info *sta, enum plink_event event) 749{ 750 struct mesh_config *mshcfg = &sdata->u.mesh.mshcfg; 751 enum ieee80211_self_protected_actioncode action = 0; 752 u32 changed = 0; 753 754 mpl_dbg(sdata, "peer %pM in state %s got event %s\n", sta->sta.addr, 755 mplstates[sta->plink_state], mplevents[event]); 756 757 spin_lock_bh(&sta->lock); 758 switch (sta->plink_state) { 759 case NL80211_PLINK_LISTEN: 760 switch (event) { 761 case CLS_ACPT: 762 mesh_plink_fsm_restart(sta); 763 break; 764 case OPN_ACPT: 765 sta->plink_state = NL80211_PLINK_OPN_RCVD; 766 sta->llid = mesh_get_new_llid(sdata); 767 mesh_plink_timer_set(sta, 768 mshcfg->dot11MeshRetryTimeout); 769 770 /* set the non-peer mode to active during peering */ 771 changed |= ieee80211_mps_local_status_update(sdata); 772 action = WLAN_SP_MESH_PEERING_OPEN; 773 break; 774 default: 775 break; 776 } 777 break; 778 case NL80211_PLINK_OPN_SNT: 779 switch (event) { 780 case OPN_RJCT: 781 case CNF_RJCT: 782 case CLS_ACPT: 783 mesh_plink_close(sdata, sta, event); 784 action = WLAN_SP_MESH_PEERING_CLOSE; 785 break; 786 case OPN_ACPT: 787 /* retry timer is left untouched */ 788 sta->plink_state = NL80211_PLINK_OPN_RCVD; 789 action = WLAN_SP_MESH_PEERING_CONFIRM; 790 break; 791 case CNF_ACPT: 792 sta->plink_state = NL80211_PLINK_CNF_RCVD; 793 mod_plink_timer(sta, mshcfg->dot11MeshConfirmTimeout); 794 break; 795 default: 796 break; 797 } 798 break; 799 case NL80211_PLINK_OPN_RCVD: 800 switch (event) { 801 case OPN_RJCT: 802 case CNF_RJCT: 803 case CLS_ACPT: 804 mesh_plink_close(sdata, sta, event); 805 action = WLAN_SP_MESH_PEERING_CLOSE; 806 break; 807 case OPN_ACPT: 808 action = WLAN_SP_MESH_PEERING_CONFIRM; 809 break; 810 case CNF_ACPT: 811 changed |= mesh_plink_establish(sdata, sta); 812 break; 813 default: 814 break; 815 } 816 break; 817 case NL80211_PLINK_CNF_RCVD: 818 switch (event) { 819 case OPN_RJCT: 820 case CNF_RJCT: 821 case CLS_ACPT: 822 mesh_plink_close(sdata, sta, event); 823 action = WLAN_SP_MESH_PEERING_CLOSE; 824 break; 825 case OPN_ACPT: 826 changed |= mesh_plink_establish(sdata, sta); 827 action = WLAN_SP_MESH_PEERING_CONFIRM; 828 break; 829 default: 830 break; 831 } 832 break; 833 case NL80211_PLINK_ESTAB: 834 switch (event) { 835 case CLS_ACPT: 836 changed |= __mesh_plink_deactivate(sta); 837 changed |= mesh_set_ht_prot_mode(sdata); 838 changed |= mesh_set_short_slot_time(sdata); 839 mesh_plink_close(sdata, sta, event); 840 action = WLAN_SP_MESH_PEERING_CLOSE; 841 break; 842 case OPN_ACPT: 843 action = WLAN_SP_MESH_PEERING_CONFIRM; 844 break; 845 default: 846 break; 847 } 848 break; 849 case NL80211_PLINK_HOLDING: 850 switch (event) { 851 case CLS_ACPT: 852 del_timer(&sta->plink_timer); 853 mesh_plink_fsm_restart(sta); 854 break; 855 case OPN_ACPT: 856 case CNF_ACPT: 857 case OPN_RJCT: 858 case CNF_RJCT: 859 action = WLAN_SP_MESH_PEERING_CLOSE; 860 break; 861 default: 862 break; 863 } 864 break; 865 default: 866 /* should not get here, PLINK_BLOCKED is dealt with at the 867 * beginning of the function 868 */ 869 break; 870 } 871 spin_unlock_bh(&sta->lock); 872 if (action) { 873 mesh_plink_frame_tx(sdata, action, sta->sta.addr, 874 sta->llid, sta->plid, sta->reason); 875 876 /* also send confirm in open case */ 877 if (action == WLAN_SP_MESH_PEERING_OPEN) { 878 mesh_plink_frame_tx(sdata, 879 WLAN_SP_MESH_PEERING_CONFIRM, 880 sta->sta.addr, sta->llid, 881 sta->plid, 0); 882 } 883 } 884 885 return changed; 886} 887 888/* 889 * mesh_plink_get_event - get correct MPM event 890 * 891 * @sdata: interface 892 * @sta: peer, leave NULL if processing a frame from a new suitable peer 893 * @elems: peering management IEs 894 * @ftype: frame type 895 * @llid: peer's peer link ID 896 * @plid: peer's local link ID 897 * 898 * Return: new peering event for @sta, but PLINK_UNDEFINED should be treated as 899 * an error. 900 */ 901static enum plink_event 902mesh_plink_get_event(struct ieee80211_sub_if_data *sdata, 903 struct sta_info *sta, 904 struct ieee802_11_elems *elems, 905 enum ieee80211_self_protected_actioncode ftype, 906 u16 llid, u16 plid) 907{ 908 enum plink_event event = PLINK_UNDEFINED; 909 u8 ie_len = elems->peering_len; 910 bool matches_local; 911 912 matches_local = (ftype == WLAN_SP_MESH_PEERING_CLOSE || 913 mesh_matches_local(sdata, elems)); 914 915 /* deny open request from non-matching peer */ 916 if (!matches_local && !sta) { 917 event = OPN_RJCT; 918 goto out; 919 } 920 921 if (!sta) { 922 if (ftype != WLAN_SP_MESH_PEERING_OPEN) { 923 mpl_dbg(sdata, "Mesh plink: cls or cnf from unknown peer\n"); 924 goto out; 925 } 926 /* ftype == WLAN_SP_MESH_PEERING_OPEN */ 927 if (!mesh_plink_free_count(sdata)) { 928 mpl_dbg(sdata, "Mesh plink error: no more free plinks\n"); 929 goto out; 930 } 931 } else { 932 if (!test_sta_flag(sta, WLAN_STA_AUTH)) { 933 mpl_dbg(sdata, "Mesh plink: Action frame from non-authed peer\n"); 934 goto out; 935 } 936 if (sta->plink_state == NL80211_PLINK_BLOCKED) 937 goto out; 938 } 939 940 /* new matching peer */ 941 if (!sta) { 942 event = OPN_ACPT; 943 goto out; 944 } 945 946 switch (ftype) { 947 case WLAN_SP_MESH_PEERING_OPEN: 948 if (!matches_local) 949 event = OPN_RJCT; 950 if (!mesh_plink_free_count(sdata) || 951 (sta->plid && sta->plid != plid)) 952 event = OPN_IGNR; 953 else 954 event = OPN_ACPT; 955 break; 956 case WLAN_SP_MESH_PEERING_CONFIRM: 957 if (!matches_local) 958 event = CNF_RJCT; 959 if (!mesh_plink_free_count(sdata) || 960 sta->llid != llid || 961 (sta->plid && sta->plid != plid)) 962 event = CNF_IGNR; 963 else 964 event = CNF_ACPT; 965 break; 966 case WLAN_SP_MESH_PEERING_CLOSE: 967 if (sta->plink_state == NL80211_PLINK_ESTAB) 968 /* Do not check for llid or plid. This does not 969 * follow the standard but since multiple plinks 970 * per sta are not supported, it is necessary in 971 * order to avoid a livelock when MP A sees an 972 * establish peer link to MP B but MP B does not 973 * see it. This can be caused by a timeout in 974 * B's peer link establishment or B beign 975 * restarted. 976 */ 977 event = CLS_ACPT; 978 else if (sta->plid != plid) 979 event = CLS_IGNR; 980 else if (ie_len == 8 && sta->llid != llid) 981 event = CLS_IGNR; 982 else 983 event = CLS_ACPT; 984 break; 985 default: 986 mpl_dbg(sdata, "Mesh plink: unknown frame subtype\n"); 987 break; 988 } 989 990out: 991 return event; 992} 993 994static void 995mesh_process_plink_frame(struct ieee80211_sub_if_data *sdata, 996 struct ieee80211_mgmt *mgmt, 997 struct ieee802_11_elems *elems) 998{ 999 1000 struct sta_info *sta; 1001 enum plink_event event; 1002 enum ieee80211_self_protected_actioncode ftype; 1003 u32 changed = 0; 1004 u8 ie_len = elems->peering_len; 1005 u16 plid, llid = 0; 1006 1007 if (!elems->peering) { 1008 mpl_dbg(sdata, 1009 "Mesh plink: missing necessary peer link ie\n"); 1010 return; 1011 } 1012 1013 if (elems->rsn_len && 1014 sdata->u.mesh.security == IEEE80211_MESH_SEC_NONE) { 1015 mpl_dbg(sdata, 1016 "Mesh plink: can't establish link with secure peer\n"); 1017 return; 1018 } 1019 1020 ftype = mgmt->u.action.u.self_prot.action_code; 1021 if ((ftype == WLAN_SP_MESH_PEERING_OPEN && ie_len != 4) || 1022 (ftype == WLAN_SP_MESH_PEERING_CONFIRM && ie_len != 6) || 1023 (ftype == WLAN_SP_MESH_PEERING_CLOSE && ie_len != 6 1024 && ie_len != 8)) { 1025 mpl_dbg(sdata, 1026 "Mesh plink: incorrect plink ie length %d %d\n", 1027 ftype, ie_len); 1028 return; 1029 } 1030 1031 if (ftype != WLAN_SP_MESH_PEERING_CLOSE && 1032 (!elems->mesh_id || !elems->mesh_config)) { 1033 mpl_dbg(sdata, "Mesh plink: missing necessary ie\n"); 1034 return; 1035 } 1036 /* Note the lines below are correct, the llid in the frame is the plid 1037 * from the point of view of this host. 1038 */ 1039 plid = get_unaligned_le16(PLINK_GET_LLID(elems->peering)); 1040 if (ftype == WLAN_SP_MESH_PEERING_CONFIRM || 1041 (ftype == WLAN_SP_MESH_PEERING_CLOSE && ie_len == 8)) 1042 llid = get_unaligned_le16(PLINK_GET_PLID(elems->peering)); 1043 1044 /* WARNING: Only for sta pointer, is dropped & re-acquired */ 1045 rcu_read_lock(); 1046 1047 sta = sta_info_get(sdata, mgmt->sa); 1048 1049 if (ftype == WLAN_SP_MESH_PEERING_OPEN && 1050 !rssi_threshold_check(sdata, sta)) { 1051 mpl_dbg(sdata, "Mesh plink: %pM does not meet rssi threshold\n", 1052 mgmt->sa); 1053 goto unlock_rcu; 1054 } 1055 1056 /* Now we will figure out the appropriate event... */ 1057 event = mesh_plink_get_event(sdata, sta, elems, ftype, llid, plid); 1058 1059 if (event == OPN_ACPT) { 1060 rcu_read_unlock(); 1061 /* allocate sta entry if necessary and update info */ 1062 sta = mesh_sta_info_get(sdata, mgmt->sa, elems); 1063 if (!sta) { 1064 mpl_dbg(sdata, "Mesh plink: failed to init peer!\n"); 1065 goto unlock_rcu; 1066 } 1067 sta->plid = plid; 1068 } else if (!sta && event == OPN_RJCT) { 1069 mesh_plink_frame_tx(sdata, WLAN_SP_MESH_PEERING_CLOSE, 1070 mgmt->sa, 0, plid, 1071 WLAN_REASON_MESH_CONFIG); 1072 goto unlock_rcu; 1073 } else if (!sta || event == PLINK_UNDEFINED) { 1074 /* something went wrong */ 1075 goto unlock_rcu; 1076 } 1077 1078 /* 802.11-2012 13.3.7.2 - update plid on CNF if not set */ 1079 if (!sta->plid && event == CNF_ACPT) 1080 sta->plid = plid; 1081 1082 changed |= mesh_plink_fsm(sdata, sta, event); 1083 1084unlock_rcu: 1085 rcu_read_unlock(); 1086 1087 if (changed) 1088 ieee80211_mbss_info_change_notify(sdata, changed); 1089} 1090 1091void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, 1092 struct ieee80211_mgmt *mgmt, size_t len, 1093 struct ieee80211_rx_status *rx_status) 1094{ 1095 struct ieee802_11_elems elems; 1096 size_t baselen; 1097 u8 *baseaddr; 1098 1099 /* need action_code, aux */ 1100 if (len < IEEE80211_MIN_ACTION_SIZE + 3) 1101 return; 1102 1103 if (sdata->u.mesh.user_mpm) 1104 /* userspace must register for these */ 1105 return; 1106 1107 if (is_multicast_ether_addr(mgmt->da)) { 1108 mpl_dbg(sdata, 1109 "Mesh plink: ignore frame from multicast address\n"); 1110 return; 1111 } 1112 1113 baseaddr = mgmt->u.action.u.self_prot.variable; 1114 baselen = (u8 *) mgmt->u.action.u.self_prot.variable - (u8 *) mgmt; 1115 if (mgmt->u.action.u.self_prot.action_code == 1116 WLAN_SP_MESH_PEERING_CONFIRM) { 1117 baseaddr += 4; 1118 baselen += 4; 1119 } 1120 ieee802_11_parse_elems(baseaddr, len - baselen, true, &elems); 1121 mesh_process_plink_frame(sdata, mgmt, &elems); 1122} 1123