1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (c) 2008, 2009 open80211s Ltd. 4 * Copyright (C) 2019, 2021-2024 Intel Corporation 5 * Author: Luis Carlos Cobo <luisca@cozybit.com> 6 */ 7 #include <linux/gfp.h> 8 #include <linux/kernel.h> 9 #include <linux/random.h> 10 #include <linux/rculist.h> 11 12 #include "ieee80211_i.h" 13 #include "rate.h" 14 #include "mesh.h" 15 16 #define PLINK_CNF_AID(mgmt) ((mgmt)->u.action.u.self_prot.variable + 2) 17 #define PLINK_GET_LLID(p) (p + 2) 18 #define PLINK_GET_PLID(p) (p + 4) 19 20 #define mod_plink_timer(s, t) (mod_timer(&s->mesh->plink_timer, \ 21 jiffies + msecs_to_jiffies(t))) 22 23 enum plink_event { 24 PLINK_UNDEFINED, 25 OPN_ACPT, 26 OPN_RJCT, 27 OPN_IGNR, 28 CNF_ACPT, 29 CNF_RJCT, 30 CNF_IGNR, 31 CLS_ACPT, 32 CLS_IGNR 33 }; 34 35 static const char * const mplstates[] = { 36 [NL80211_PLINK_LISTEN] = "LISTEN", 37 [NL80211_PLINK_OPN_SNT] = "OPN-SNT", 38 [NL80211_PLINK_OPN_RCVD] = "OPN-RCVD", 39 [NL80211_PLINK_CNF_RCVD] = "CNF_RCVD", 40 [NL80211_PLINK_ESTAB] = "ESTAB", 41 [NL80211_PLINK_HOLDING] = "HOLDING", 42 [NL80211_PLINK_BLOCKED] = "BLOCKED" 43 }; 44 45 static const char * const mplevents[] = { 46 [PLINK_UNDEFINED] = "NONE", 47 [OPN_ACPT] = "OPN_ACPT", 48 [OPN_RJCT] = "OPN_RJCT", 49 [OPN_IGNR] = "OPN_IGNR", 50 [CNF_ACPT] = "CNF_ACPT", 51 [CNF_RJCT] = "CNF_RJCT", 52 [CNF_IGNR] = "CNF_IGNR", 53 [CLS_ACPT] = "CLS_ACPT", 54 [CLS_IGNR] = "CLS_IGNR" 55 }; 56 57 /* We only need a valid sta if user configured a minimum rssi_threshold. */ rssi_threshold_check(struct ieee80211_sub_if_data * sdata,struct sta_info * sta)58 static bool rssi_threshold_check(struct ieee80211_sub_if_data *sdata, 59 struct sta_info *sta) 60 { 61 s32 rssi_threshold = sdata->u.mesh.mshcfg.rssi_threshold; 62 return rssi_threshold == 0 || 63 (sta && 64 (s8)-ewma_signal_read(&sta->deflink.rx_stats_avg.signal) > 65 rssi_threshold); 66 } 67 68 /** 69 * mesh_plink_fsm_restart - restart a mesh peer link finite state machine 70 * 71 * @sta: mesh peer link to restart 72 * 73 * Locking: this function must be called holding sta->mesh->plink_lock 74 */ mesh_plink_fsm_restart(struct sta_info * sta)75 static inline void mesh_plink_fsm_restart(struct sta_info *sta) 76 { 77 lockdep_assert_held(&sta->mesh->plink_lock); 78 sta->mesh->plink_state = NL80211_PLINK_LISTEN; 79 sta->mesh->llid = sta->mesh->plid = sta->mesh->reason = 0; 80 sta->mesh->plink_retries = 0; 81 } 82 83 /* 84 * mesh_set_short_slot_time - enable / disable ERP short slot time. 85 * 86 * The standard indirectly mandates mesh STAs to turn off short slot time by 87 * disallowing advertising this (802.11-2012 8.4.1.4), but that doesn't mean we 88 * can't be sneaky about it. Enable short slot time if all mesh STAs in the 89 * MBSS support ERP rates. 90 * 91 * Returns BSS_CHANGED_ERP_SLOT or 0 for no change. 92 */ mesh_set_short_slot_time(struct ieee80211_sub_if_data * sdata)93 static u64 mesh_set_short_slot_time(struct ieee80211_sub_if_data *sdata) 94 { 95 struct ieee80211_local *local = sdata->local; 96 struct ieee80211_supported_band *sband; 97 struct sta_info *sta; 98 u32 erp_rates = 0; 99 u64 changed = 0; 100 int i; 101 bool short_slot = false; 102 103 sband = ieee80211_get_sband(sdata); 104 if (!sband) 105 return changed; 106 107 if (sband->band == NL80211_BAND_5GHZ) { 108 /* (IEEE 802.11-2012 19.4.5) */ 109 short_slot = true; 110 goto out; 111 } else if (sband->band != NL80211_BAND_2GHZ) { 112 goto out; 113 } 114 115 for (i = 0; i < sband->n_bitrates; i++) 116 if (sband->bitrates[i].flags & IEEE80211_RATE_ERP_G) 117 erp_rates |= BIT(i); 118 119 if (!erp_rates) 120 goto out; 121 122 rcu_read_lock(); 123 list_for_each_entry_rcu(sta, &local->sta_list, list) { 124 if (sdata != sta->sdata || 125 sta->mesh->plink_state != NL80211_PLINK_ESTAB) 126 continue; 127 128 short_slot = false; 129 if (erp_rates & sta->sta.deflink.supp_rates[sband->band]) 130 short_slot = true; 131 else 132 break; 133 } 134 rcu_read_unlock(); 135 136 out: 137 if (sdata->vif.bss_conf.use_short_slot != short_slot) { 138 sdata->vif.bss_conf.use_short_slot = short_slot; 139 changed = BSS_CHANGED_ERP_SLOT; 140 mpl_dbg(sdata, "mesh_plink %pM: ERP short slot time %d\n", 141 sdata->vif.addr, short_slot); 142 } 143 return changed; 144 } 145 146 /** 147 * mesh_set_ht_prot_mode - set correct HT protection mode 148 * @sdata: the (mesh) interface to handle 149 * 150 * Section 9.23.3.5 of IEEE 80211-2012 describes the protection rules for HT 151 * mesh STA in a MBSS. Three HT protection modes are supported for now, non-HT 152 * mixed mode, 20MHz-protection and no-protection mode. non-HT mixed mode is 153 * selected if any non-HT peers are present in our MBSS. 20MHz-protection mode 154 * is selected if all peers in our 20/40MHz MBSS support HT and at least one 155 * HT20 peer is present. Otherwise no-protection mode is selected. 156 * 157 * Returns: BSS_CHANGED_HT or 0 for no change 158 */ mesh_set_ht_prot_mode(struct ieee80211_sub_if_data * sdata)159 static u64 mesh_set_ht_prot_mode(struct ieee80211_sub_if_data *sdata) 160 { 161 struct ieee80211_local *local = sdata->local; 162 struct sta_info *sta; 163 u16 ht_opmode; 164 bool non_ht_sta = false, ht20_sta = false; 165 166 switch (sdata->vif.bss_conf.chanreq.oper.width) { 167 case NL80211_CHAN_WIDTH_20_NOHT: 168 case NL80211_CHAN_WIDTH_5: 169 case NL80211_CHAN_WIDTH_10: 170 return 0; 171 default: 172 break; 173 } 174 175 rcu_read_lock(); 176 list_for_each_entry_rcu(sta, &local->sta_list, list) { 177 if (sdata != sta->sdata || 178 sta->mesh->plink_state != NL80211_PLINK_ESTAB) 179 continue; 180 181 if (sta->sta.deflink.bandwidth > IEEE80211_STA_RX_BW_20) 182 continue; 183 184 if (!sta->sta.deflink.ht_cap.ht_supported) { 185 mpl_dbg(sdata, "nonHT sta (%pM) is present\n", 186 sta->sta.addr); 187 non_ht_sta = true; 188 break; 189 } 190 191 mpl_dbg(sdata, "HT20 sta (%pM) is present\n", sta->sta.addr); 192 ht20_sta = true; 193 } 194 rcu_read_unlock(); 195 196 if (non_ht_sta) 197 ht_opmode = IEEE80211_HT_OP_MODE_PROTECTION_NONHT_MIXED; 198 else if (ht20_sta && 199 sdata->vif.bss_conf.chanreq.oper.width > NL80211_CHAN_WIDTH_20) 200 ht_opmode = IEEE80211_HT_OP_MODE_PROTECTION_20MHZ; 201 else 202 ht_opmode = IEEE80211_HT_OP_MODE_PROTECTION_NONE; 203 204 if (sdata->vif.bss_conf.ht_operation_mode == ht_opmode) 205 return 0; 206 207 sdata->vif.bss_conf.ht_operation_mode = ht_opmode; 208 sdata->u.mesh.mshcfg.ht_opmode = ht_opmode; 209 mpl_dbg(sdata, "selected new HT protection mode %d\n", ht_opmode); 210 return BSS_CHANGED_HT; 211 } 212 mesh_plink_frame_tx(struct ieee80211_sub_if_data * sdata,struct sta_info * sta,enum ieee80211_self_protected_actioncode action,u8 * da,u16 llid,u16 plid,u16 reason)213 static int mesh_plink_frame_tx(struct ieee80211_sub_if_data *sdata, 214 struct sta_info *sta, 215 enum ieee80211_self_protected_actioncode action, 216 u8 *da, u16 llid, u16 plid, u16 reason) 217 { 218 struct ieee80211_local *local = sdata->local; 219 struct sk_buff *skb; 220 struct ieee80211_tx_info *info; 221 struct ieee80211_mgmt *mgmt; 222 bool include_plid = false; 223 u16 peering_proto = 0; 224 u8 *pos, ie_len = 4; 225 u8 ie_len_he_cap, ie_len_eht_cap; 226 int hdr_len = offsetofend(struct ieee80211_mgmt, u.action.u.self_prot); 227 int err = -ENOMEM; 228 229 ie_len_he_cap = ieee80211_ie_len_he_cap(sdata); 230 ie_len_eht_cap = ieee80211_ie_len_eht_cap(sdata); 231 skb = dev_alloc_skb(local->tx_headroom + 232 hdr_len + 233 2 + /* capability info */ 234 2 + /* AID */ 235 2 + 8 + /* supported rates */ 236 2 + (IEEE80211_MAX_SUPP_RATES - 8) + 237 2 + sdata->u.mesh.mesh_id_len + 238 2 + sizeof(struct ieee80211_meshconf_ie) + 239 2 + sizeof(struct ieee80211_ht_cap) + 240 2 + sizeof(struct ieee80211_ht_operation) + 241 2 + sizeof(struct ieee80211_vht_cap) + 242 2 + sizeof(struct ieee80211_vht_operation) + 243 ie_len_he_cap + 244 2 + 1 + sizeof(struct ieee80211_he_operation) + 245 sizeof(struct ieee80211_he_6ghz_oper) + 246 2 + 1 + sizeof(struct ieee80211_he_6ghz_capa) + 247 ie_len_eht_cap + 248 2 + 1 + offsetof(struct ieee80211_eht_operation, optional) + 249 offsetof(struct ieee80211_eht_operation_info, optional) + 250 2 + 8 + /* peering IE */ 251 sdata->u.mesh.ie_len); 252 if (!skb) 253 return err; 254 info = IEEE80211_SKB_CB(skb); 255 skb_reserve(skb, local->tx_headroom); 256 mgmt = skb_put_zero(skb, hdr_len); 257 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 258 IEEE80211_STYPE_ACTION); 259 memcpy(mgmt->da, da, ETH_ALEN); 260 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 261 memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN); 262 mgmt->u.action.category = WLAN_CATEGORY_SELF_PROTECTED; 263 mgmt->u.action.u.self_prot.action_code = action; 264 265 if (action != WLAN_SP_MESH_PEERING_CLOSE) { 266 struct ieee80211_supported_band *sband; 267 u32 rate_flags, basic_rates; 268 269 sband = ieee80211_get_sband(sdata); 270 if (!sband) { 271 err = -EINVAL; 272 goto free; 273 } 274 275 /* capability info */ 276 pos = skb_put_zero(skb, 2); 277 if (action == WLAN_SP_MESH_PEERING_CONFIRM) { 278 /* AID */ 279 pos = skb_put(skb, 2); 280 put_unaligned_le16(sta->sta.aid, pos); 281 } 282 283 rate_flags = 284 ieee80211_chandef_rate_flags(&sdata->vif.bss_conf.chanreq.oper); 285 basic_rates = sdata->vif.bss_conf.basic_rates; 286 287 if (ieee80211_put_srates_elem(skb, sband, basic_rates, 288 rate_flags, 0, 289 WLAN_EID_SUPP_RATES) || 290 ieee80211_put_srates_elem(skb, sband, basic_rates, 291 rate_flags, 0, 292 WLAN_EID_EXT_SUPP_RATES) || 293 mesh_add_rsn_ie(sdata, skb) || 294 mesh_add_meshid_ie(sdata, skb) || 295 mesh_add_meshconf_ie(sdata, skb)) 296 goto free; 297 } else { /* WLAN_SP_MESH_PEERING_CLOSE */ 298 info->flags |= IEEE80211_TX_CTL_NO_ACK; 299 if (mesh_add_meshid_ie(sdata, skb)) 300 goto free; 301 } 302 303 /* Add Mesh Peering Management element */ 304 switch (action) { 305 case WLAN_SP_MESH_PEERING_OPEN: 306 break; 307 case WLAN_SP_MESH_PEERING_CONFIRM: 308 ie_len += 2; 309 include_plid = true; 310 break; 311 case WLAN_SP_MESH_PEERING_CLOSE: 312 if (plid) { 313 ie_len += 2; 314 include_plid = true; 315 } 316 ie_len += 2; /* reason code */ 317 break; 318 default: 319 err = -EINVAL; 320 goto free; 321 } 322 323 if (WARN_ON(skb_tailroom(skb) < 2 + ie_len)) 324 goto free; 325 326 pos = skb_put(skb, 2 + ie_len); 327 *pos++ = WLAN_EID_PEER_MGMT; 328 *pos++ = ie_len; 329 memcpy(pos, &peering_proto, 2); 330 pos += 2; 331 put_unaligned_le16(llid, pos); 332 pos += 2; 333 if (include_plid) { 334 put_unaligned_le16(plid, pos); 335 pos += 2; 336 } 337 if (action == WLAN_SP_MESH_PEERING_CLOSE) { 338 put_unaligned_le16(reason, pos); 339 pos += 2; 340 } 341 342 if (action != WLAN_SP_MESH_PEERING_CLOSE) { 343 if (mesh_add_ht_cap_ie(sdata, skb) || 344 mesh_add_ht_oper_ie(sdata, skb) || 345 mesh_add_vht_cap_ie(sdata, skb) || 346 mesh_add_vht_oper_ie(sdata, skb) || 347 mesh_add_he_cap_ie(sdata, skb, ie_len_he_cap) || 348 mesh_add_he_oper_ie(sdata, skb) || 349 mesh_add_he_6ghz_cap_ie(sdata, skb) || 350 mesh_add_eht_cap_ie(sdata, skb, ie_len_eht_cap) || 351 mesh_add_eht_oper_ie(sdata, skb)) 352 goto free; 353 } 354 355 if (mesh_add_vendor_ies(sdata, skb)) 356 goto free; 357 358 ieee80211_tx_skb(sdata, skb); 359 return 0; 360 free: 361 kfree_skb(skb); 362 return err; 363 } 364 365 /** 366 * __mesh_plink_deactivate - deactivate mesh peer link 367 * 368 * @sta: mesh peer link to deactivate 369 * 370 * Mesh paths with this peer as next hop should be flushed 371 * by the caller outside of plink_lock. 372 * 373 * Returns: beacon changed flag if the beacon content changed. 374 * 375 * Locking: the caller must hold sta->mesh->plink_lock 376 */ __mesh_plink_deactivate(struct sta_info * sta)377 static u64 __mesh_plink_deactivate(struct sta_info *sta) 378 { 379 struct ieee80211_sub_if_data *sdata = sta->sdata; 380 u64 changed = 0; 381 382 lockdep_assert_held(&sta->mesh->plink_lock); 383 384 if (sta->mesh->plink_state == NL80211_PLINK_ESTAB) 385 changed = mesh_plink_dec_estab_count(sdata); 386 sta->mesh->plink_state = NL80211_PLINK_BLOCKED; 387 388 ieee80211_mps_sta_status_update(sta); 389 changed |= ieee80211_mps_set_sta_local_pm(sta, 390 NL80211_MESH_POWER_UNKNOWN); 391 392 return changed; 393 } 394 395 /** 396 * mesh_plink_deactivate - deactivate mesh peer link 397 * 398 * @sta: mesh peer link to deactivate 399 * 400 * All mesh paths with this peer as next hop will be flushed 401 * 402 * Returns: beacon changed flag if the beacon content changed. 403 */ mesh_plink_deactivate(struct sta_info * sta)404 u64 mesh_plink_deactivate(struct sta_info *sta) 405 { 406 struct ieee80211_sub_if_data *sdata = sta->sdata; 407 u64 changed; 408 409 spin_lock_bh(&sta->mesh->plink_lock); 410 changed = __mesh_plink_deactivate(sta); 411 412 if (!sdata->u.mesh.user_mpm) { 413 sta->mesh->reason = WLAN_REASON_MESH_PEER_CANCELED; 414 mesh_plink_frame_tx(sdata, sta, WLAN_SP_MESH_PEERING_CLOSE, 415 sta->sta.addr, sta->mesh->llid, 416 sta->mesh->plid, sta->mesh->reason); 417 } 418 spin_unlock_bh(&sta->mesh->plink_lock); 419 if (!sdata->u.mesh.user_mpm) 420 del_timer_sync(&sta->mesh->plink_timer); 421 mesh_path_flush_by_nexthop(sta); 422 423 /* make sure no readers can access nexthop sta from here on */ 424 synchronize_net(); 425 426 return changed; 427 } 428 mesh_sta_info_init(struct ieee80211_sub_if_data * sdata,struct sta_info * sta,struct ieee802_11_elems * elems)429 static void mesh_sta_info_init(struct ieee80211_sub_if_data *sdata, 430 struct sta_info *sta, 431 struct ieee802_11_elems *elems) 432 { 433 struct ieee80211_local *local = sdata->local; 434 struct ieee80211_supported_band *sband; 435 u32 rates, basic_rates = 0, changed = 0; 436 enum ieee80211_sta_rx_bandwidth bw = sta->sta.deflink.bandwidth; 437 438 sband = ieee80211_get_sband(sdata); 439 if (!sband) 440 return; 441 442 rates = ieee80211_sta_get_rates(sdata, elems, sband->band, 443 &basic_rates); 444 445 spin_lock_bh(&sta->mesh->plink_lock); 446 sta->deflink.rx_stats.last_rx = jiffies; 447 448 /* rates and capabilities don't change during peering */ 449 if (sta->mesh->plink_state == NL80211_PLINK_ESTAB && 450 sta->mesh->processed_beacon) 451 goto out; 452 sta->mesh->processed_beacon = true; 453 454 if (sta->sta.deflink.supp_rates[sband->band] != rates) 455 changed |= IEEE80211_RC_SUPP_RATES_CHANGED; 456 sta->sta.deflink.supp_rates[sband->band] = rates; 457 458 if (ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband, 459 elems->ht_cap_elem, 460 &sta->deflink)) 461 changed |= IEEE80211_RC_BW_CHANGED; 462 463 ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband, 464 elems->vht_cap_elem, NULL, 465 &sta->deflink); 466 467 ieee80211_he_cap_ie_to_sta_he_cap(sdata, sband, elems->he_cap, 468 elems->he_cap_len, 469 elems->he_6ghz_capa, 470 &sta->deflink); 471 472 ieee80211_eht_cap_ie_to_sta_eht_cap(sdata, sband, elems->he_cap, 473 elems->he_cap_len, 474 elems->eht_cap, elems->eht_cap_len, 475 &sta->deflink); 476 477 if (bw != sta->sta.deflink.bandwidth) 478 changed |= IEEE80211_RC_BW_CHANGED; 479 480 /* HT peer is operating 20MHz-only */ 481 if (elems->ht_operation && 482 !(elems->ht_operation->ht_param & 483 IEEE80211_HT_PARAM_CHAN_WIDTH_ANY)) { 484 if (sta->sta.deflink.bandwidth != IEEE80211_STA_RX_BW_20) 485 changed |= IEEE80211_RC_BW_CHANGED; 486 sta->sta.deflink.bandwidth = IEEE80211_STA_RX_BW_20; 487 } 488 489 if (!test_sta_flag(sta, WLAN_STA_RATE_CONTROL)) 490 rate_control_rate_init(sta); 491 else 492 rate_control_rate_update(local, sband, sta, 0, changed); 493 out: 494 spin_unlock_bh(&sta->mesh->plink_lock); 495 } 496 mesh_allocate_aid(struct ieee80211_sub_if_data * sdata)497 static int mesh_allocate_aid(struct ieee80211_sub_if_data *sdata) 498 { 499 struct sta_info *sta; 500 unsigned long *aid_map; 501 int aid; 502 503 aid_map = bitmap_zalloc(IEEE80211_MAX_AID + 1, GFP_KERNEL); 504 if (!aid_map) 505 return -ENOMEM; 506 507 /* reserve aid 0 for mcast indication */ 508 __set_bit(0, aid_map); 509 510 rcu_read_lock(); 511 list_for_each_entry_rcu(sta, &sdata->local->sta_list, list) 512 __set_bit(sta->sta.aid, aid_map); 513 rcu_read_unlock(); 514 515 aid = find_first_zero_bit(aid_map, IEEE80211_MAX_AID + 1); 516 bitmap_free(aid_map); 517 518 if (aid > IEEE80211_MAX_AID) 519 return -ENOBUFS; 520 521 return aid; 522 } 523 524 static struct sta_info * __mesh_sta_info_alloc(struct ieee80211_sub_if_data * sdata,u8 * hw_addr)525 __mesh_sta_info_alloc(struct ieee80211_sub_if_data *sdata, u8 *hw_addr) 526 { 527 struct sta_info *sta; 528 int aid; 529 530 if (sdata->local->num_sta >= MESH_MAX_PLINKS) 531 return NULL; 532 533 aid = mesh_allocate_aid(sdata); 534 if (aid < 0) 535 return NULL; 536 537 sta = sta_info_alloc(sdata, hw_addr, GFP_KERNEL); 538 if (!sta) 539 return NULL; 540 541 sta->mesh->plink_state = NL80211_PLINK_LISTEN; 542 sta->sta.wme = true; 543 sta->sta.aid = aid; 544 545 sta_info_pre_move_state(sta, IEEE80211_STA_AUTH); 546 sta_info_pre_move_state(sta, IEEE80211_STA_ASSOC); 547 sta_info_pre_move_state(sta, IEEE80211_STA_AUTHORIZED); 548 549 return sta; 550 } 551 552 static struct sta_info * mesh_sta_info_alloc(struct ieee80211_sub_if_data * sdata,u8 * addr,struct ieee802_11_elems * elems,struct ieee80211_rx_status * rx_status)553 mesh_sta_info_alloc(struct ieee80211_sub_if_data *sdata, u8 *addr, 554 struct ieee802_11_elems *elems, 555 struct ieee80211_rx_status *rx_status) 556 { 557 struct sta_info *sta = NULL; 558 559 /* Userspace handles station allocation */ 560 if (sdata->u.mesh.user_mpm || 561 sdata->u.mesh.security & IEEE80211_MESH_SEC_AUTHED) { 562 if (mesh_peer_accepts_plinks(elems) && 563 mesh_plink_availables(sdata)) { 564 int sig = 0; 565 566 if (ieee80211_hw_check(&sdata->local->hw, SIGNAL_DBM)) 567 sig = rx_status->signal; 568 569 cfg80211_notify_new_peer_candidate(sdata->dev, addr, 570 elems->ie_start, 571 elems->total_len, 572 sig, GFP_KERNEL); 573 } 574 } else 575 sta = __mesh_sta_info_alloc(sdata, addr); 576 577 return sta; 578 } 579 580 /* 581 * mesh_sta_info_get - return mesh sta info entry for @addr. 582 * 583 * @sdata: local meshif 584 * @addr: peer's address 585 * @elems: IEs from beacon or mesh peering frame. 586 * @rx_status: rx status for the frame for signal reporting 587 * 588 * Return existing or newly allocated sta_info under RCU read lock. 589 * (re)initialize with given IEs. 590 */ 591 static struct sta_info * mesh_sta_info_get(struct ieee80211_sub_if_data * sdata,u8 * addr,struct ieee802_11_elems * elems,struct ieee80211_rx_status * rx_status)592 mesh_sta_info_get(struct ieee80211_sub_if_data *sdata, 593 u8 *addr, struct ieee802_11_elems *elems, 594 struct ieee80211_rx_status *rx_status) __acquires(RCU) 595 { 596 struct sta_info *sta = NULL; 597 598 rcu_read_lock(); 599 sta = sta_info_get(sdata, addr); 600 if (sta) { 601 mesh_sta_info_init(sdata, sta, elems); 602 } else { 603 rcu_read_unlock(); 604 /* can't run atomic */ 605 sta = mesh_sta_info_alloc(sdata, addr, elems, rx_status); 606 if (!sta) { 607 rcu_read_lock(); 608 return NULL; 609 } 610 611 mesh_sta_info_init(sdata, sta, elems); 612 613 if (sta_info_insert_rcu(sta)) 614 return NULL; 615 } 616 617 return sta; 618 } 619 620 /* 621 * mesh_neighbour_update - update or initialize new mesh neighbor. 622 * 623 * @sdata: local meshif 624 * @addr: peer's address 625 * @elems: IEs from beacon or mesh peering frame 626 * @rx_status: rx status for the frame for signal reporting 627 * 628 * Initiates peering if appropriate. 629 */ mesh_neighbour_update(struct ieee80211_sub_if_data * sdata,u8 * hw_addr,struct ieee802_11_elems * elems,struct ieee80211_rx_status * rx_status)630 void mesh_neighbour_update(struct ieee80211_sub_if_data *sdata, 631 u8 *hw_addr, 632 struct ieee802_11_elems *elems, 633 struct ieee80211_rx_status *rx_status) 634 { 635 struct sta_info *sta; 636 u64 changed = 0; 637 638 sta = mesh_sta_info_get(sdata, hw_addr, elems, rx_status); 639 if (!sta) 640 goto out; 641 642 sta->mesh->connected_to_gate = elems->mesh_config->meshconf_form & 643 IEEE80211_MESHCONF_FORM_CONNECTED_TO_GATE; 644 645 if (mesh_peer_accepts_plinks(elems) && 646 sta->mesh->plink_state == NL80211_PLINK_LISTEN && 647 sdata->u.mesh.accepting_plinks && 648 sdata->u.mesh.mshcfg.auto_open_plinks && 649 rssi_threshold_check(sdata, sta)) 650 changed = mesh_plink_open(sta); 651 652 ieee80211_mps_frame_release(sta, elems); 653 out: 654 rcu_read_unlock(); 655 ieee80211_mbss_info_change_notify(sdata, changed); 656 } 657 mesh_plink_timer(struct timer_list * t)658 void mesh_plink_timer(struct timer_list *t) 659 { 660 struct mesh_sta *mesh = from_timer(mesh, t, plink_timer); 661 struct sta_info *sta; 662 u16 reason = 0; 663 struct ieee80211_sub_if_data *sdata; 664 struct mesh_config *mshcfg; 665 enum ieee80211_self_protected_actioncode action = 0; 666 667 /* 668 * This STA is valid because sta_info_destroy() will 669 * del_timer_sync() this timer after having made sure 670 * it cannot be readded (by deleting the plink.) 671 */ 672 sta = mesh->plink_sta; 673 674 if (sta->sdata->local->quiescing) 675 return; 676 677 spin_lock_bh(&sta->mesh->plink_lock); 678 679 /* If a timer fires just before a state transition on another CPU, 680 * we may have already extended the timeout and changed state by the 681 * time we've acquired the lock and arrived here. In that case, 682 * skip this timer and wait for the new one. 683 */ 684 if (time_before(jiffies, sta->mesh->plink_timer.expires)) { 685 mpl_dbg(sta->sdata, 686 "Ignoring timer for %pM in state %s (timer adjusted)", 687 sta->sta.addr, mplstates[sta->mesh->plink_state]); 688 spin_unlock_bh(&sta->mesh->plink_lock); 689 return; 690 } 691 692 /* del_timer() and handler may race when entering these states */ 693 if (sta->mesh->plink_state == NL80211_PLINK_LISTEN || 694 sta->mesh->plink_state == NL80211_PLINK_ESTAB) { 695 mpl_dbg(sta->sdata, 696 "Ignoring timer for %pM in state %s (timer deleted)", 697 sta->sta.addr, mplstates[sta->mesh->plink_state]); 698 spin_unlock_bh(&sta->mesh->plink_lock); 699 return; 700 } 701 702 mpl_dbg(sta->sdata, 703 "Mesh plink timer for %pM fired on state %s\n", 704 sta->sta.addr, mplstates[sta->mesh->plink_state]); 705 sdata = sta->sdata; 706 mshcfg = &sdata->u.mesh.mshcfg; 707 708 switch (sta->mesh->plink_state) { 709 case NL80211_PLINK_OPN_RCVD: 710 case NL80211_PLINK_OPN_SNT: 711 /* retry timer */ 712 if (sta->mesh->plink_retries < mshcfg->dot11MeshMaxRetries) { 713 u32 rand; 714 mpl_dbg(sta->sdata, 715 "Mesh plink for %pM (retry, timeout): %d %d\n", 716 sta->sta.addr, sta->mesh->plink_retries, 717 sta->mesh->plink_timeout); 718 get_random_bytes(&rand, sizeof(u32)); 719 sta->mesh->plink_timeout = sta->mesh->plink_timeout + 720 rand % sta->mesh->plink_timeout; 721 ++sta->mesh->plink_retries; 722 mod_plink_timer(sta, sta->mesh->plink_timeout); 723 action = WLAN_SP_MESH_PEERING_OPEN; 724 break; 725 } 726 reason = WLAN_REASON_MESH_MAX_RETRIES; 727 fallthrough; 728 case NL80211_PLINK_CNF_RCVD: 729 /* confirm timer */ 730 if (!reason) 731 reason = WLAN_REASON_MESH_CONFIRM_TIMEOUT; 732 sta->mesh->plink_state = NL80211_PLINK_HOLDING; 733 mod_plink_timer(sta, mshcfg->dot11MeshHoldingTimeout); 734 action = WLAN_SP_MESH_PEERING_CLOSE; 735 break; 736 case NL80211_PLINK_HOLDING: 737 /* holding timer */ 738 del_timer(&sta->mesh->plink_timer); 739 mesh_plink_fsm_restart(sta); 740 break; 741 default: 742 break; 743 } 744 spin_unlock_bh(&sta->mesh->plink_lock); 745 if (action) 746 mesh_plink_frame_tx(sdata, sta, action, sta->sta.addr, 747 sta->mesh->llid, sta->mesh->plid, reason); 748 } 749 mesh_plink_timer_set(struct sta_info * sta,u32 timeout)750 static inline void mesh_plink_timer_set(struct sta_info *sta, u32 timeout) 751 { 752 sta->mesh->plink_timeout = timeout; 753 mod_timer(&sta->mesh->plink_timer, jiffies + msecs_to_jiffies(timeout)); 754 } 755 llid_in_use(struct ieee80211_sub_if_data * sdata,u16 llid)756 static bool llid_in_use(struct ieee80211_sub_if_data *sdata, 757 u16 llid) 758 { 759 struct ieee80211_local *local = sdata->local; 760 bool in_use = false; 761 struct sta_info *sta; 762 763 rcu_read_lock(); 764 list_for_each_entry_rcu(sta, &local->sta_list, list) { 765 if (sdata != sta->sdata) 766 continue; 767 768 if (!memcmp(&sta->mesh->llid, &llid, sizeof(llid))) { 769 in_use = true; 770 break; 771 } 772 } 773 rcu_read_unlock(); 774 775 return in_use; 776 } 777 mesh_get_new_llid(struct ieee80211_sub_if_data * sdata)778 static u16 mesh_get_new_llid(struct ieee80211_sub_if_data *sdata) 779 { 780 u16 llid; 781 782 do { 783 get_random_bytes(&llid, sizeof(llid)); 784 } while (llid_in_use(sdata, llid)); 785 786 return llid; 787 } 788 mesh_plink_open(struct sta_info * sta)789 u64 mesh_plink_open(struct sta_info *sta) 790 { 791 struct ieee80211_sub_if_data *sdata = sta->sdata; 792 u64 changed; 793 794 if (!test_sta_flag(sta, WLAN_STA_AUTH)) 795 return 0; 796 797 spin_lock_bh(&sta->mesh->plink_lock); 798 sta->mesh->llid = mesh_get_new_llid(sdata); 799 if (sta->mesh->plink_state != NL80211_PLINK_LISTEN && 800 sta->mesh->plink_state != NL80211_PLINK_BLOCKED) { 801 spin_unlock_bh(&sta->mesh->plink_lock); 802 return 0; 803 } 804 sta->mesh->plink_state = NL80211_PLINK_OPN_SNT; 805 mesh_plink_timer_set(sta, sdata->u.mesh.mshcfg.dot11MeshRetryTimeout); 806 spin_unlock_bh(&sta->mesh->plink_lock); 807 mpl_dbg(sdata, 808 "Mesh plink: starting establishment with %pM\n", 809 sta->sta.addr); 810 811 /* set the non-peer mode to active during peering */ 812 changed = ieee80211_mps_local_status_update(sdata); 813 814 mesh_plink_frame_tx(sdata, sta, WLAN_SP_MESH_PEERING_OPEN, 815 sta->sta.addr, sta->mesh->llid, 0, 0); 816 return changed; 817 } 818 mesh_plink_block(struct sta_info * sta)819 u64 mesh_plink_block(struct sta_info *sta) 820 { 821 u64 changed; 822 823 spin_lock_bh(&sta->mesh->plink_lock); 824 changed = __mesh_plink_deactivate(sta); 825 sta->mesh->plink_state = NL80211_PLINK_BLOCKED; 826 spin_unlock_bh(&sta->mesh->plink_lock); 827 mesh_path_flush_by_nexthop(sta); 828 829 return changed; 830 } 831 mesh_plink_close(struct ieee80211_sub_if_data * sdata,struct sta_info * sta,enum plink_event event)832 static void mesh_plink_close(struct ieee80211_sub_if_data *sdata, 833 struct sta_info *sta, 834 enum plink_event event) 835 { 836 struct mesh_config *mshcfg = &sdata->u.mesh.mshcfg; 837 u16 reason = (event == CLS_ACPT) ? 838 WLAN_REASON_MESH_CLOSE : WLAN_REASON_MESH_CONFIG; 839 840 sta->mesh->reason = reason; 841 sta->mesh->plink_state = NL80211_PLINK_HOLDING; 842 mod_plink_timer(sta, mshcfg->dot11MeshHoldingTimeout); 843 } 844 mesh_plink_establish(struct ieee80211_sub_if_data * sdata,struct sta_info * sta)845 static u64 mesh_plink_establish(struct ieee80211_sub_if_data *sdata, 846 struct sta_info *sta) 847 { 848 struct mesh_config *mshcfg = &sdata->u.mesh.mshcfg; 849 u64 changed = 0; 850 851 del_timer(&sta->mesh->plink_timer); 852 sta->mesh->plink_state = NL80211_PLINK_ESTAB; 853 changed |= mesh_plink_inc_estab_count(sdata); 854 changed |= mesh_set_ht_prot_mode(sdata); 855 changed |= mesh_set_short_slot_time(sdata); 856 mpl_dbg(sdata, "Mesh plink with %pM ESTABLISHED\n", sta->sta.addr); 857 ieee80211_mps_sta_status_update(sta); 858 changed |= ieee80211_mps_set_sta_local_pm(sta, mshcfg->power_mode); 859 return changed; 860 } 861 862 /** 863 * mesh_plink_fsm - step @sta MPM based on @event 864 * 865 * @sdata: interface 866 * @sta: mesh neighbor 867 * @event: peering event 868 * 869 * Return: changed MBSS flags 870 */ mesh_plink_fsm(struct ieee80211_sub_if_data * sdata,struct sta_info * sta,enum plink_event event)871 static u64 mesh_plink_fsm(struct ieee80211_sub_if_data *sdata, 872 struct sta_info *sta, enum plink_event event) 873 { 874 struct mesh_config *mshcfg = &sdata->u.mesh.mshcfg; 875 enum ieee80211_self_protected_actioncode action = 0; 876 u64 changed = 0; 877 bool flush = false; 878 879 mpl_dbg(sdata, "peer %pM in state %s got event %s\n", sta->sta.addr, 880 mplstates[sta->mesh->plink_state], mplevents[event]); 881 882 spin_lock_bh(&sta->mesh->plink_lock); 883 switch (sta->mesh->plink_state) { 884 case NL80211_PLINK_LISTEN: 885 switch (event) { 886 case CLS_ACPT: 887 mesh_plink_fsm_restart(sta); 888 break; 889 case OPN_ACPT: 890 sta->mesh->plink_state = NL80211_PLINK_OPN_RCVD; 891 sta->mesh->llid = mesh_get_new_llid(sdata); 892 mesh_plink_timer_set(sta, 893 mshcfg->dot11MeshRetryTimeout); 894 895 /* set the non-peer mode to active during peering */ 896 changed |= ieee80211_mps_local_status_update(sdata); 897 action = WLAN_SP_MESH_PEERING_OPEN; 898 break; 899 default: 900 break; 901 } 902 break; 903 case NL80211_PLINK_OPN_SNT: 904 switch (event) { 905 case OPN_RJCT: 906 case CNF_RJCT: 907 case CLS_ACPT: 908 mesh_plink_close(sdata, sta, event); 909 action = WLAN_SP_MESH_PEERING_CLOSE; 910 break; 911 case OPN_ACPT: 912 /* retry timer is left untouched */ 913 sta->mesh->plink_state = NL80211_PLINK_OPN_RCVD; 914 action = WLAN_SP_MESH_PEERING_CONFIRM; 915 break; 916 case CNF_ACPT: 917 sta->mesh->plink_state = NL80211_PLINK_CNF_RCVD; 918 mod_plink_timer(sta, mshcfg->dot11MeshConfirmTimeout); 919 break; 920 default: 921 break; 922 } 923 break; 924 case NL80211_PLINK_OPN_RCVD: 925 switch (event) { 926 case OPN_RJCT: 927 case CNF_RJCT: 928 case CLS_ACPT: 929 mesh_plink_close(sdata, sta, event); 930 action = WLAN_SP_MESH_PEERING_CLOSE; 931 break; 932 case OPN_ACPT: 933 action = WLAN_SP_MESH_PEERING_CONFIRM; 934 break; 935 case CNF_ACPT: 936 changed |= mesh_plink_establish(sdata, sta); 937 break; 938 default: 939 break; 940 } 941 break; 942 case NL80211_PLINK_CNF_RCVD: 943 switch (event) { 944 case OPN_RJCT: 945 case CNF_RJCT: 946 case CLS_ACPT: 947 mesh_plink_close(sdata, sta, event); 948 action = WLAN_SP_MESH_PEERING_CLOSE; 949 break; 950 case OPN_ACPT: 951 changed |= mesh_plink_establish(sdata, sta); 952 action = WLAN_SP_MESH_PEERING_CONFIRM; 953 break; 954 default: 955 break; 956 } 957 break; 958 case NL80211_PLINK_ESTAB: 959 switch (event) { 960 case CLS_ACPT: 961 changed |= __mesh_plink_deactivate(sta); 962 changed |= mesh_set_ht_prot_mode(sdata); 963 changed |= mesh_set_short_slot_time(sdata); 964 mesh_plink_close(sdata, sta, event); 965 action = WLAN_SP_MESH_PEERING_CLOSE; 966 flush = true; 967 break; 968 case OPN_ACPT: 969 action = WLAN_SP_MESH_PEERING_CONFIRM; 970 break; 971 default: 972 break; 973 } 974 break; 975 case NL80211_PLINK_HOLDING: 976 switch (event) { 977 case CLS_ACPT: 978 del_timer(&sta->mesh->plink_timer); 979 mesh_plink_fsm_restart(sta); 980 break; 981 case OPN_ACPT: 982 case CNF_ACPT: 983 case OPN_RJCT: 984 case CNF_RJCT: 985 action = WLAN_SP_MESH_PEERING_CLOSE; 986 break; 987 default: 988 break; 989 } 990 break; 991 default: 992 /* should not get here, PLINK_BLOCKED is dealt with at the 993 * beginning of the function 994 */ 995 break; 996 } 997 spin_unlock_bh(&sta->mesh->plink_lock); 998 if (flush) 999 mesh_path_flush_by_nexthop(sta); 1000 if (action) { 1001 mesh_plink_frame_tx(sdata, sta, action, sta->sta.addr, 1002 sta->mesh->llid, sta->mesh->plid, 1003 sta->mesh->reason); 1004 1005 /* also send confirm in open case */ 1006 if (action == WLAN_SP_MESH_PEERING_OPEN) { 1007 mesh_plink_frame_tx(sdata, sta, 1008 WLAN_SP_MESH_PEERING_CONFIRM, 1009 sta->sta.addr, sta->mesh->llid, 1010 sta->mesh->plid, 0); 1011 } 1012 } 1013 1014 return changed; 1015 } 1016 1017 /* 1018 * mesh_plink_get_event - get correct MPM event 1019 * 1020 * @sdata: interface 1021 * @sta: peer, leave NULL if processing a frame from a new suitable peer 1022 * @elems: peering management IEs 1023 * @ftype: frame type 1024 * @llid: peer's peer link ID 1025 * @plid: peer's local link ID 1026 * 1027 * Return: new peering event for @sta, but PLINK_UNDEFINED should be treated as 1028 * an error. 1029 */ 1030 static enum plink_event mesh_plink_get_event(struct ieee80211_sub_if_data * sdata,struct sta_info * sta,struct ieee802_11_elems * elems,enum ieee80211_self_protected_actioncode ftype,u16 llid,u16 plid)1031 mesh_plink_get_event(struct ieee80211_sub_if_data *sdata, 1032 struct sta_info *sta, 1033 struct ieee802_11_elems *elems, 1034 enum ieee80211_self_protected_actioncode ftype, 1035 u16 llid, u16 plid) 1036 { 1037 enum plink_event event = PLINK_UNDEFINED; 1038 u8 ie_len = elems->peering_len; 1039 bool matches_local; 1040 1041 matches_local = (ftype == WLAN_SP_MESH_PEERING_CLOSE || 1042 mesh_matches_local(sdata, elems)); 1043 1044 /* deny open request from non-matching peer */ 1045 if (!matches_local && !sta) { 1046 event = OPN_RJCT; 1047 goto out; 1048 } 1049 1050 if (!sta) { 1051 if (ftype != WLAN_SP_MESH_PEERING_OPEN) { 1052 mpl_dbg(sdata, "Mesh plink: cls or cnf from unknown peer\n"); 1053 goto out; 1054 } 1055 /* ftype == WLAN_SP_MESH_PEERING_OPEN */ 1056 if (!mesh_plink_free_count(sdata)) { 1057 mpl_dbg(sdata, "Mesh plink error: no more free plinks\n"); 1058 goto out; 1059 } 1060 1061 /* new matching peer */ 1062 event = OPN_ACPT; 1063 goto out; 1064 } else { 1065 if (!test_sta_flag(sta, WLAN_STA_AUTH)) { 1066 mpl_dbg(sdata, "Mesh plink: Action frame from non-authed peer\n"); 1067 goto out; 1068 } 1069 if (sta->mesh->plink_state == NL80211_PLINK_BLOCKED) 1070 goto out; 1071 } 1072 1073 switch (ftype) { 1074 case WLAN_SP_MESH_PEERING_OPEN: 1075 if (!matches_local) 1076 event = OPN_RJCT; 1077 else if (!mesh_plink_free_count(sdata) || 1078 (sta->mesh->plid && sta->mesh->plid != plid)) 1079 event = OPN_IGNR; 1080 else 1081 event = OPN_ACPT; 1082 break; 1083 case WLAN_SP_MESH_PEERING_CONFIRM: 1084 if (!matches_local) 1085 event = CNF_RJCT; 1086 else if (!mesh_plink_free_count(sdata) || 1087 sta->mesh->llid != llid || 1088 (sta->mesh->plid && sta->mesh->plid != plid)) 1089 event = CNF_IGNR; 1090 else 1091 event = CNF_ACPT; 1092 break; 1093 case WLAN_SP_MESH_PEERING_CLOSE: 1094 if (sta->mesh->plink_state == NL80211_PLINK_ESTAB) 1095 /* Do not check for llid or plid. This does not 1096 * follow the standard but since multiple plinks 1097 * per sta are not supported, it is necessary in 1098 * order to avoid a livelock when MP A sees an 1099 * establish peer link to MP B but MP B does not 1100 * see it. This can be caused by a timeout in 1101 * B's peer link establishment or B beign 1102 * restarted. 1103 */ 1104 event = CLS_ACPT; 1105 else if (sta->mesh->plid != plid) 1106 event = CLS_IGNR; 1107 else if (ie_len == 8 && sta->mesh->llid != llid) 1108 event = CLS_IGNR; 1109 else 1110 event = CLS_ACPT; 1111 break; 1112 default: 1113 mpl_dbg(sdata, "Mesh plink: unknown frame subtype\n"); 1114 break; 1115 } 1116 1117 out: 1118 return event; 1119 } 1120 1121 static void mesh_process_plink_frame(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgmt * mgmt,struct ieee802_11_elems * elems,struct ieee80211_rx_status * rx_status)1122 mesh_process_plink_frame(struct ieee80211_sub_if_data *sdata, 1123 struct ieee80211_mgmt *mgmt, 1124 struct ieee802_11_elems *elems, 1125 struct ieee80211_rx_status *rx_status) 1126 { 1127 1128 struct sta_info *sta; 1129 enum plink_event event; 1130 enum ieee80211_self_protected_actioncode ftype; 1131 u64 changed = 0; 1132 u8 ie_len = elems->peering_len; 1133 u16 plid, llid = 0; 1134 1135 if (!elems->peering) { 1136 mpl_dbg(sdata, 1137 "Mesh plink: missing necessary peer link ie\n"); 1138 return; 1139 } 1140 1141 if (elems->rsn_len && 1142 sdata->u.mesh.security == IEEE80211_MESH_SEC_NONE) { 1143 mpl_dbg(sdata, 1144 "Mesh plink: can't establish link with secure peer\n"); 1145 return; 1146 } 1147 1148 ftype = mgmt->u.action.u.self_prot.action_code; 1149 if ((ftype == WLAN_SP_MESH_PEERING_OPEN && ie_len != 4) || 1150 (ftype == WLAN_SP_MESH_PEERING_CONFIRM && ie_len != 6) || 1151 (ftype == WLAN_SP_MESH_PEERING_CLOSE && ie_len != 6 1152 && ie_len != 8)) { 1153 mpl_dbg(sdata, 1154 "Mesh plink: incorrect plink ie length %d %d\n", 1155 ftype, ie_len); 1156 return; 1157 } 1158 1159 if (ftype != WLAN_SP_MESH_PEERING_CLOSE && 1160 (!elems->mesh_id || !elems->mesh_config)) { 1161 mpl_dbg(sdata, "Mesh plink: missing necessary ie\n"); 1162 return; 1163 } 1164 /* Note the lines below are correct, the llid in the frame is the plid 1165 * from the point of view of this host. 1166 */ 1167 plid = get_unaligned_le16(PLINK_GET_LLID(elems->peering)); 1168 if (ftype == WLAN_SP_MESH_PEERING_CONFIRM || 1169 (ftype == WLAN_SP_MESH_PEERING_CLOSE && ie_len == 8)) 1170 llid = get_unaligned_le16(PLINK_GET_PLID(elems->peering)); 1171 1172 /* WARNING: Only for sta pointer, is dropped & re-acquired */ 1173 rcu_read_lock(); 1174 1175 sta = sta_info_get(sdata, mgmt->sa); 1176 1177 if (ftype == WLAN_SP_MESH_PEERING_OPEN && 1178 !rssi_threshold_check(sdata, sta)) { 1179 mpl_dbg(sdata, "Mesh plink: %pM does not meet rssi threshold\n", 1180 mgmt->sa); 1181 goto unlock_rcu; 1182 } 1183 1184 /* Now we will figure out the appropriate event... */ 1185 event = mesh_plink_get_event(sdata, sta, elems, ftype, llid, plid); 1186 1187 if (event == OPN_ACPT) { 1188 rcu_read_unlock(); 1189 /* allocate sta entry if necessary and update info */ 1190 sta = mesh_sta_info_get(sdata, mgmt->sa, elems, rx_status); 1191 if (!sta) { 1192 mpl_dbg(sdata, "Mesh plink: failed to init peer!\n"); 1193 goto unlock_rcu; 1194 } 1195 sta->mesh->plid = plid; 1196 } else if (!sta && event == OPN_RJCT) { 1197 mesh_plink_frame_tx(sdata, NULL, WLAN_SP_MESH_PEERING_CLOSE, 1198 mgmt->sa, 0, plid, 1199 WLAN_REASON_MESH_CONFIG); 1200 goto unlock_rcu; 1201 } else if (!sta || event == PLINK_UNDEFINED) { 1202 /* something went wrong */ 1203 goto unlock_rcu; 1204 } 1205 1206 if (event == CNF_ACPT) { 1207 /* 802.11-2012 13.3.7.2 - update plid on CNF if not set */ 1208 if (!sta->mesh->plid) 1209 sta->mesh->plid = plid; 1210 1211 sta->mesh->aid = get_unaligned_le16(PLINK_CNF_AID(mgmt)); 1212 } 1213 1214 changed |= mesh_plink_fsm(sdata, sta, event); 1215 1216 unlock_rcu: 1217 rcu_read_unlock(); 1218 1219 if (changed) 1220 ieee80211_mbss_info_change_notify(sdata, changed); 1221 } 1222 mesh_rx_plink_frame(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgmt * mgmt,size_t len,struct ieee80211_rx_status * rx_status)1223 void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, 1224 struct ieee80211_mgmt *mgmt, size_t len, 1225 struct ieee80211_rx_status *rx_status) 1226 { 1227 struct ieee802_11_elems *elems; 1228 size_t baselen; 1229 u8 *baseaddr; 1230 1231 /* need action_code, aux */ 1232 if (len < IEEE80211_MIN_ACTION_SIZE + 3) 1233 return; 1234 1235 if (sdata->u.mesh.user_mpm) 1236 /* userspace must register for these */ 1237 return; 1238 1239 if (is_multicast_ether_addr(mgmt->da)) { 1240 mpl_dbg(sdata, 1241 "Mesh plink: ignore frame from multicast address\n"); 1242 return; 1243 } 1244 1245 baseaddr = mgmt->u.action.u.self_prot.variable; 1246 baselen = (u8 *) mgmt->u.action.u.self_prot.variable - (u8 *) mgmt; 1247 if (mgmt->u.action.u.self_prot.action_code == 1248 WLAN_SP_MESH_PEERING_CONFIRM) { 1249 baseaddr += 4; 1250 baselen += 4; 1251 1252 if (baselen > len) 1253 return; 1254 } 1255 elems = ieee802_11_parse_elems(baseaddr, len - baselen, true, NULL); 1256 if (elems) { 1257 mesh_process_plink_frame(sdata, mgmt, elems, rx_status); 1258 kfree(elems); 1259 } 1260 } 1261