1 /*
2 * Copyright (c) 2008, 2009 open80211s Ltd.
3 * Author: Luis Carlos Cobo <luisca@cozybit.com>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 */
9 #include <linux/gfp.h>
10 #include <linux/kernel.h>
11 #include <linux/random.h>
12 #include "ieee80211_i.h"
13 #include "rate.h"
14 #include "mesh.h"
15
16 #ifdef CONFIG_MAC80211_VERBOSE_MPL_DEBUG
17 #define mpl_dbg(fmt, args...) printk(KERN_DEBUG fmt, ##args)
18 #else
19 #define mpl_dbg(fmt, args...) do { (void)(0); } while (0)
20 #endif
21
22 #define PLINK_GET_LLID(p) (p + 2)
23 #define PLINK_GET_PLID(p) (p + 4)
24
25 #define mod_plink_timer(s, t) (mod_timer(&s->plink_timer, \
26 jiffies + HZ * t / 1000))
27
28 #define dot11MeshMaxRetries(s) (s->u.mesh.mshcfg.dot11MeshMaxRetries)
29 #define dot11MeshRetryTimeout(s) (s->u.mesh.mshcfg.dot11MeshRetryTimeout)
30 #define dot11MeshConfirmTimeout(s) (s->u.mesh.mshcfg.dot11MeshConfirmTimeout)
31 #define dot11MeshHoldingTimeout(s) (s->u.mesh.mshcfg.dot11MeshHoldingTimeout)
32 #define dot11MeshMaxPeerLinks(s) (s->u.mesh.mshcfg.dot11MeshMaxPeerLinks)
33
34 /* We only need a valid sta if user configured a minimum rssi_threshold. */
35 #define rssi_threshold_check(sta, sdata) \
36 (sdata->u.mesh.mshcfg.rssi_threshold == 0 ||\
37 (sta && (s8) -ewma_read(&sta->avg_signal) > \
38 sdata->u.mesh.mshcfg.rssi_threshold))
39
40 enum plink_event {
41 PLINK_UNDEFINED,
42 OPN_ACPT,
43 OPN_RJCT,
44 OPN_IGNR,
45 CNF_ACPT,
46 CNF_RJCT,
47 CNF_IGNR,
48 CLS_ACPT,
49 CLS_IGNR
50 };
51
52 static int mesh_plink_frame_tx(struct ieee80211_sub_if_data *sdata,
53 enum ieee80211_self_protected_actioncode action,
54 u8 *da, __le16 llid, __le16 plid, __le16 reason);
55
56 static inline
mesh_plink_inc_estab_count(struct ieee80211_sub_if_data * sdata)57 void mesh_plink_inc_estab_count(struct ieee80211_sub_if_data *sdata)
58 {
59 atomic_inc(&sdata->u.mesh.mshstats.estab_plinks);
60 mesh_accept_plinks_update(sdata);
61 }
62
63 static inline
mesh_plink_dec_estab_count(struct ieee80211_sub_if_data * sdata)64 void mesh_plink_dec_estab_count(struct ieee80211_sub_if_data *sdata)
65 {
66 atomic_dec(&sdata->u.mesh.mshstats.estab_plinks);
67 mesh_accept_plinks_update(sdata);
68 }
69
70 /**
71 * mesh_plink_fsm_restart - restart a mesh peer link finite state machine
72 *
73 * @sta: mesh peer link to restart
74 *
75 * Locking: this function must be called holding sta->lock
76 */
mesh_plink_fsm_restart(struct sta_info * sta)77 static inline void mesh_plink_fsm_restart(struct sta_info *sta)
78 {
79 sta->plink_state = NL80211_PLINK_LISTEN;
80 sta->llid = sta->plid = sta->reason = 0;
81 sta->plink_retries = 0;
82 }
83
84 /*
85 * NOTE: This is just an alias for sta_info_alloc(), see notes
86 * on it in the lifecycle management section!
87 */
mesh_plink_alloc(struct ieee80211_sub_if_data * sdata,u8 * hw_addr,u32 rates,struct ieee802_11_elems * elems)88 static struct sta_info *mesh_plink_alloc(struct ieee80211_sub_if_data *sdata,
89 u8 *hw_addr, u32 rates,
90 struct ieee802_11_elems *elems)
91 {
92 struct ieee80211_local *local = sdata->local;
93 struct ieee80211_supported_band *sband;
94 struct sta_info *sta;
95
96 sband = local->hw.wiphy->bands[local->oper_channel->band];
97
98 if (local->num_sta >= MESH_MAX_PLINKS)
99 return NULL;
100
101 sta = sta_info_alloc(sdata, hw_addr, GFP_KERNEL);
102 if (!sta)
103 return NULL;
104
105 sta_info_pre_move_state(sta, IEEE80211_STA_AUTH);
106 sta_info_pre_move_state(sta, IEEE80211_STA_ASSOC);
107 sta_info_pre_move_state(sta, IEEE80211_STA_AUTHORIZED);
108
109 set_sta_flag(sta, WLAN_STA_WME);
110
111 sta->sta.supp_rates[local->hw.conf.channel->band] = rates;
112 if (elems->ht_cap_elem)
113 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband,
114 elems->ht_cap_elem,
115 &sta->sta.ht_cap);
116 rate_control_rate_init(sta);
117
118 return sta;
119 }
120
121 /**
122 * __mesh_plink_deactivate - deactivate mesh peer link
123 *
124 * @sta: mesh peer link to deactivate
125 *
126 * All mesh paths with this peer as next hop will be flushed
127 *
128 * Locking: the caller must hold sta->lock
129 */
__mesh_plink_deactivate(struct sta_info * sta)130 static bool __mesh_plink_deactivate(struct sta_info *sta)
131 {
132 struct ieee80211_sub_if_data *sdata = sta->sdata;
133 bool deactivated = false;
134
135 if (sta->plink_state == NL80211_PLINK_ESTAB) {
136 mesh_plink_dec_estab_count(sdata);
137 deactivated = true;
138 }
139 sta->plink_state = NL80211_PLINK_BLOCKED;
140 mesh_path_flush_by_nexthop(sta);
141
142 return deactivated;
143 }
144
145 /**
146 * mesh_plink_deactivate - deactivate mesh peer link
147 *
148 * @sta: mesh peer link to deactivate
149 *
150 * All mesh paths with this peer as next hop will be flushed
151 */
mesh_plink_deactivate(struct sta_info * sta)152 void mesh_plink_deactivate(struct sta_info *sta)
153 {
154 struct ieee80211_sub_if_data *sdata = sta->sdata;
155 bool deactivated;
156
157 spin_lock_bh(&sta->lock);
158 deactivated = __mesh_plink_deactivate(sta);
159 sta->reason = cpu_to_le16(WLAN_REASON_MESH_PEER_CANCELED);
160 mesh_plink_frame_tx(sdata, WLAN_SP_MESH_PEERING_CLOSE,
161 sta->sta.addr, sta->llid, sta->plid,
162 sta->reason);
163 spin_unlock_bh(&sta->lock);
164
165 if (deactivated)
166 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON);
167 }
168
mesh_plink_frame_tx(struct ieee80211_sub_if_data * sdata,enum ieee80211_self_protected_actioncode action,u8 * da,__le16 llid,__le16 plid,__le16 reason)169 static int mesh_plink_frame_tx(struct ieee80211_sub_if_data *sdata,
170 enum ieee80211_self_protected_actioncode action,
171 u8 *da, __le16 llid, __le16 plid, __le16 reason) {
172 struct ieee80211_local *local = sdata->local;
173 struct sk_buff *skb;
174 struct ieee80211_mgmt *mgmt;
175 bool include_plid = false;
176 u16 peering_proto = 0;
177 u8 *pos, ie_len = 4;
178 int hdr_len = offsetof(struct ieee80211_mgmt, u.action.u.self_prot) +
179 sizeof(mgmt->u.action.u.self_prot);
180
181 skb = dev_alloc_skb(local->tx_headroom +
182 hdr_len +
183 2 + /* capability info */
184 2 + /* AID */
185 2 + 8 + /* supported rates */
186 2 + (IEEE80211_MAX_SUPP_RATES - 8) +
187 2 + sdata->u.mesh.mesh_id_len +
188 2 + sizeof(struct ieee80211_meshconf_ie) +
189 2 + sizeof(struct ieee80211_ht_cap) +
190 2 + sizeof(struct ieee80211_ht_info) +
191 2 + 8 + /* peering IE */
192 sdata->u.mesh.ie_len);
193 if (!skb)
194 return -1;
195 skb_reserve(skb, local->tx_headroom);
196 mgmt = (struct ieee80211_mgmt *) skb_put(skb, hdr_len);
197 memset(mgmt, 0, hdr_len);
198 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
199 IEEE80211_STYPE_ACTION);
200 memcpy(mgmt->da, da, ETH_ALEN);
201 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
202 memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN);
203 mgmt->u.action.category = WLAN_CATEGORY_SELF_PROTECTED;
204 mgmt->u.action.u.self_prot.action_code = action;
205
206 if (action != WLAN_SP_MESH_PEERING_CLOSE) {
207 /* capability info */
208 pos = skb_put(skb, 2);
209 memset(pos, 0, 2);
210 if (action == WLAN_SP_MESH_PEERING_CONFIRM) {
211 /* AID */
212 pos = skb_put(skb, 2);
213 memcpy(pos + 2, &plid, 2);
214 }
215 if (ieee80211_add_srates_ie(&sdata->vif, skb) ||
216 ieee80211_add_ext_srates_ie(&sdata->vif, skb) ||
217 mesh_add_rsn_ie(skb, sdata) ||
218 mesh_add_meshid_ie(skb, sdata) ||
219 mesh_add_meshconf_ie(skb, sdata))
220 return -1;
221 } else { /* WLAN_SP_MESH_PEERING_CLOSE */
222 if (mesh_add_meshid_ie(skb, sdata))
223 return -1;
224 }
225
226 /* Add Mesh Peering Management element */
227 switch (action) {
228 case WLAN_SP_MESH_PEERING_OPEN:
229 break;
230 case WLAN_SP_MESH_PEERING_CONFIRM:
231 ie_len += 2;
232 include_plid = true;
233 break;
234 case WLAN_SP_MESH_PEERING_CLOSE:
235 if (plid) {
236 ie_len += 2;
237 include_plid = true;
238 }
239 ie_len += 2; /* reason code */
240 break;
241 default:
242 return -EINVAL;
243 }
244
245 if (WARN_ON(skb_tailroom(skb) < 2 + ie_len))
246 return -ENOMEM;
247
248 pos = skb_put(skb, 2 + ie_len);
249 *pos++ = WLAN_EID_PEER_MGMT;
250 *pos++ = ie_len;
251 memcpy(pos, &peering_proto, 2);
252 pos += 2;
253 memcpy(pos, &llid, 2);
254 pos += 2;
255 if (include_plid) {
256 memcpy(pos, &plid, 2);
257 pos += 2;
258 }
259 if (action == WLAN_SP_MESH_PEERING_CLOSE) {
260 memcpy(pos, &reason, 2);
261 pos += 2;
262 }
263
264 if (action != WLAN_SP_MESH_PEERING_CLOSE) {
265 if (mesh_add_ht_cap_ie(skb, sdata) ||
266 mesh_add_ht_info_ie(skb, sdata))
267 return -1;
268 }
269
270 if (mesh_add_vendor_ies(skb, sdata))
271 return -1;
272
273 ieee80211_tx_skb(sdata, skb);
274 return 0;
275 }
276
mesh_neighbour_update(u8 * hw_addr,u32 rates,struct ieee80211_sub_if_data * sdata,struct ieee802_11_elems * elems)277 void mesh_neighbour_update(u8 *hw_addr, u32 rates,
278 struct ieee80211_sub_if_data *sdata,
279 struct ieee802_11_elems *elems)
280 {
281 struct ieee80211_local *local = sdata->local;
282 struct sta_info *sta;
283
284 rcu_read_lock();
285
286 sta = sta_info_get(sdata, hw_addr);
287 if (!sta) {
288 rcu_read_unlock();
289 /* Userspace handles peer allocation when security is enabled
290 * */
291 if (sdata->u.mesh.security & IEEE80211_MESH_SEC_AUTHED)
292 cfg80211_notify_new_peer_candidate(sdata->dev, hw_addr,
293 elems->ie_start, elems->total_len,
294 GFP_KERNEL);
295 else
296 sta = mesh_plink_alloc(sdata, hw_addr, rates, elems);
297 if (!sta)
298 return;
299 if (sta_info_insert_rcu(sta)) {
300 rcu_read_unlock();
301 return;
302 }
303 }
304
305 sta->last_rx = jiffies;
306 sta->sta.supp_rates[local->hw.conf.channel->band] = rates;
307 if (mesh_peer_accepts_plinks(elems) &&
308 sta->plink_state == NL80211_PLINK_LISTEN &&
309 sdata->u.mesh.accepting_plinks &&
310 sdata->u.mesh.mshcfg.auto_open_plinks &&
311 rssi_threshold_check(sta, sdata))
312 mesh_plink_open(sta);
313
314 rcu_read_unlock();
315 }
316
mesh_plink_timer(unsigned long data)317 static void mesh_plink_timer(unsigned long data)
318 {
319 struct sta_info *sta;
320 __le16 llid, plid, reason;
321 struct ieee80211_sub_if_data *sdata;
322
323 /*
324 * This STA is valid because sta_info_destroy() will
325 * del_timer_sync() this timer after having made sure
326 * it cannot be readded (by deleting the plink.)
327 */
328 sta = (struct sta_info *) data;
329
330 if (sta->sdata->local->quiescing) {
331 sta->plink_timer_was_running = true;
332 return;
333 }
334
335 spin_lock_bh(&sta->lock);
336 if (sta->ignore_plink_timer) {
337 sta->ignore_plink_timer = false;
338 spin_unlock_bh(&sta->lock);
339 return;
340 }
341 mpl_dbg("Mesh plink timer for %pM fired on state %d\n",
342 sta->sta.addr, sta->plink_state);
343 reason = 0;
344 llid = sta->llid;
345 plid = sta->plid;
346 sdata = sta->sdata;
347
348 switch (sta->plink_state) {
349 case NL80211_PLINK_OPN_RCVD:
350 case NL80211_PLINK_OPN_SNT:
351 /* retry timer */
352 if (sta->plink_retries < dot11MeshMaxRetries(sdata)) {
353 u32 rand;
354 mpl_dbg("Mesh plink for %pM (retry, timeout): %d %d\n",
355 sta->sta.addr, sta->plink_retries,
356 sta->plink_timeout);
357 get_random_bytes(&rand, sizeof(u32));
358 sta->plink_timeout = sta->plink_timeout +
359 rand % sta->plink_timeout;
360 ++sta->plink_retries;
361 mod_plink_timer(sta, sta->plink_timeout);
362 spin_unlock_bh(&sta->lock);
363 mesh_plink_frame_tx(sdata, WLAN_SP_MESH_PEERING_OPEN,
364 sta->sta.addr, llid, 0, 0);
365 break;
366 }
367 reason = cpu_to_le16(WLAN_REASON_MESH_MAX_RETRIES);
368 /* fall through on else */
369 case NL80211_PLINK_CNF_RCVD:
370 /* confirm timer */
371 if (!reason)
372 reason = cpu_to_le16(WLAN_REASON_MESH_CONFIRM_TIMEOUT);
373 sta->plink_state = NL80211_PLINK_HOLDING;
374 mod_plink_timer(sta, dot11MeshHoldingTimeout(sdata));
375 spin_unlock_bh(&sta->lock);
376 mesh_plink_frame_tx(sdata, WLAN_SP_MESH_PEERING_CLOSE,
377 sta->sta.addr, llid, plid, reason);
378 break;
379 case NL80211_PLINK_HOLDING:
380 /* holding timer */
381 del_timer(&sta->plink_timer);
382 mesh_plink_fsm_restart(sta);
383 spin_unlock_bh(&sta->lock);
384 break;
385 default:
386 spin_unlock_bh(&sta->lock);
387 break;
388 }
389 }
390
391 #ifdef CONFIG_PM
mesh_plink_quiesce(struct sta_info * sta)392 void mesh_plink_quiesce(struct sta_info *sta)
393 {
394 if (del_timer_sync(&sta->plink_timer))
395 sta->plink_timer_was_running = true;
396 }
397
mesh_plink_restart(struct sta_info * sta)398 void mesh_plink_restart(struct sta_info *sta)
399 {
400 if (sta->plink_timer_was_running) {
401 add_timer(&sta->plink_timer);
402 sta->plink_timer_was_running = false;
403 }
404 }
405 #endif
406
mesh_plink_timer_set(struct sta_info * sta,int timeout)407 static inline void mesh_plink_timer_set(struct sta_info *sta, int timeout)
408 {
409 sta->plink_timer.expires = jiffies + (HZ * timeout / 1000);
410 sta->plink_timer.data = (unsigned long) sta;
411 sta->plink_timer.function = mesh_plink_timer;
412 sta->plink_timeout = timeout;
413 add_timer(&sta->plink_timer);
414 }
415
mesh_plink_open(struct sta_info * sta)416 int mesh_plink_open(struct sta_info *sta)
417 {
418 __le16 llid;
419 struct ieee80211_sub_if_data *sdata = sta->sdata;
420
421 if (!test_sta_flag(sta, WLAN_STA_AUTH))
422 return -EPERM;
423
424 spin_lock_bh(&sta->lock);
425 get_random_bytes(&llid, 2);
426 sta->llid = llid;
427 if (sta->plink_state != NL80211_PLINK_LISTEN) {
428 spin_unlock_bh(&sta->lock);
429 return -EBUSY;
430 }
431 sta->plink_state = NL80211_PLINK_OPN_SNT;
432 mesh_plink_timer_set(sta, dot11MeshRetryTimeout(sdata));
433 spin_unlock_bh(&sta->lock);
434 mpl_dbg("Mesh plink: starting establishment with %pM\n",
435 sta->sta.addr);
436
437 return mesh_plink_frame_tx(sdata, WLAN_SP_MESH_PEERING_OPEN,
438 sta->sta.addr, llid, 0, 0);
439 }
440
mesh_plink_block(struct sta_info * sta)441 void mesh_plink_block(struct sta_info *sta)
442 {
443 struct ieee80211_sub_if_data *sdata = sta->sdata;
444 bool deactivated;
445
446 spin_lock_bh(&sta->lock);
447 deactivated = __mesh_plink_deactivate(sta);
448 sta->plink_state = NL80211_PLINK_BLOCKED;
449 spin_unlock_bh(&sta->lock);
450
451 if (deactivated)
452 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON);
453 }
454
455
mesh_rx_plink_frame(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgmt * mgmt,size_t len,struct ieee80211_rx_status * rx_status)456 void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_mgmt *mgmt,
457 size_t len, struct ieee80211_rx_status *rx_status)
458 {
459 struct ieee80211_local *local = sdata->local;
460 struct ieee802_11_elems elems;
461 struct sta_info *sta;
462 enum plink_event event;
463 enum ieee80211_self_protected_actioncode ftype;
464 size_t baselen;
465 bool deactivated, matches_local = true;
466 u8 ie_len;
467 u8 *baseaddr;
468 __le16 plid, llid, reason;
469 #ifdef CONFIG_MAC80211_VERBOSE_MPL_DEBUG
470 static const char *mplstates[] = {
471 [NL80211_PLINK_LISTEN] = "LISTEN",
472 [NL80211_PLINK_OPN_SNT] = "OPN-SNT",
473 [NL80211_PLINK_OPN_RCVD] = "OPN-RCVD",
474 [NL80211_PLINK_CNF_RCVD] = "CNF_RCVD",
475 [NL80211_PLINK_ESTAB] = "ESTAB",
476 [NL80211_PLINK_HOLDING] = "HOLDING",
477 [NL80211_PLINK_BLOCKED] = "BLOCKED"
478 };
479 #endif
480
481 /* need action_code, aux */
482 if (len < IEEE80211_MIN_ACTION_SIZE + 3)
483 return;
484
485 if (is_multicast_ether_addr(mgmt->da)) {
486 mpl_dbg("Mesh plink: ignore frame from multicast address");
487 return;
488 }
489
490 baseaddr = mgmt->u.action.u.self_prot.variable;
491 baselen = (u8 *) mgmt->u.action.u.self_prot.variable - (u8 *) mgmt;
492 if (mgmt->u.action.u.self_prot.action_code ==
493 WLAN_SP_MESH_PEERING_CONFIRM) {
494 baseaddr += 4;
495 baselen += 4;
496 }
497 ieee802_11_parse_elems(baseaddr, len - baselen, &elems);
498 if (!elems.peering) {
499 mpl_dbg("Mesh plink: missing necessary peer link ie\n");
500 return;
501 }
502 if (elems.rsn_len &&
503 sdata->u.mesh.security == IEEE80211_MESH_SEC_NONE) {
504 mpl_dbg("Mesh plink: can't establish link with secure peer\n");
505 return;
506 }
507
508 ftype = mgmt->u.action.u.self_prot.action_code;
509 ie_len = elems.peering_len;
510 if ((ftype == WLAN_SP_MESH_PEERING_OPEN && ie_len != 4) ||
511 (ftype == WLAN_SP_MESH_PEERING_CONFIRM && ie_len != 6) ||
512 (ftype == WLAN_SP_MESH_PEERING_CLOSE && ie_len != 6
513 && ie_len != 8)) {
514 mpl_dbg("Mesh plink: incorrect plink ie length %d %d\n",
515 ftype, ie_len);
516 return;
517 }
518
519 if (ftype != WLAN_SP_MESH_PEERING_CLOSE &&
520 (!elems.mesh_id || !elems.mesh_config)) {
521 mpl_dbg("Mesh plink: missing necessary ie\n");
522 return;
523 }
524 /* Note the lines below are correct, the llid in the frame is the plid
525 * from the point of view of this host.
526 */
527 memcpy(&plid, PLINK_GET_LLID(elems.peering), 2);
528 if (ftype == WLAN_SP_MESH_PEERING_CONFIRM ||
529 (ftype == WLAN_SP_MESH_PEERING_CLOSE && ie_len == 8))
530 memcpy(&llid, PLINK_GET_PLID(elems.peering), 2);
531
532 rcu_read_lock();
533
534 sta = sta_info_get(sdata, mgmt->sa);
535 if (!sta && ftype != WLAN_SP_MESH_PEERING_OPEN) {
536 mpl_dbg("Mesh plink: cls or cnf from unknown peer\n");
537 rcu_read_unlock();
538 return;
539 }
540
541 if (ftype == WLAN_SP_MESH_PEERING_OPEN &&
542 !rssi_threshold_check(sta, sdata)) {
543 mpl_dbg("Mesh plink: %pM does not meet rssi threshold\n",
544 mgmt->sa);
545 rcu_read_unlock();
546 return;
547 }
548
549 if (sta && !test_sta_flag(sta, WLAN_STA_AUTH)) {
550 mpl_dbg("Mesh plink: Action frame from non-authed peer\n");
551 rcu_read_unlock();
552 return;
553 }
554
555 if (sta && sta->plink_state == NL80211_PLINK_BLOCKED) {
556 rcu_read_unlock();
557 return;
558 }
559
560 /* Now we will figure out the appropriate event... */
561 event = PLINK_UNDEFINED;
562 if (ftype != WLAN_SP_MESH_PEERING_CLOSE &&
563 (!mesh_matches_local(&elems, sdata))) {
564 matches_local = false;
565 switch (ftype) {
566 case WLAN_SP_MESH_PEERING_OPEN:
567 event = OPN_RJCT;
568 break;
569 case WLAN_SP_MESH_PEERING_CONFIRM:
570 event = CNF_RJCT;
571 break;
572 default:
573 break;
574 }
575 }
576
577 if (!sta && !matches_local) {
578 rcu_read_unlock();
579 reason = cpu_to_le16(WLAN_REASON_MESH_CONFIG);
580 llid = 0;
581 mesh_plink_frame_tx(sdata, WLAN_SP_MESH_PEERING_CLOSE,
582 mgmt->sa, llid, plid, reason);
583 return;
584 } else if (!sta) {
585 /* ftype == WLAN_SP_MESH_PEERING_OPEN */
586 u32 rates;
587
588 rcu_read_unlock();
589
590 if (!mesh_plink_free_count(sdata)) {
591 mpl_dbg("Mesh plink error: no more free plinks\n");
592 return;
593 }
594
595 rates = ieee80211_sta_get_rates(local, &elems, rx_status->band);
596 sta = mesh_plink_alloc(sdata, mgmt->sa, rates, &elems);
597 if (!sta) {
598 mpl_dbg("Mesh plink error: plink table full\n");
599 return;
600 }
601 if (sta_info_insert_rcu(sta)) {
602 rcu_read_unlock();
603 return;
604 }
605 event = OPN_ACPT;
606 spin_lock_bh(&sta->lock);
607 } else if (matches_local) {
608 spin_lock_bh(&sta->lock);
609 switch (ftype) {
610 case WLAN_SP_MESH_PEERING_OPEN:
611 if (!mesh_plink_free_count(sdata) ||
612 (sta->plid && sta->plid != plid))
613 event = OPN_IGNR;
614 else
615 event = OPN_ACPT;
616 break;
617 case WLAN_SP_MESH_PEERING_CONFIRM:
618 if (!mesh_plink_free_count(sdata) ||
619 (sta->llid != llid || sta->plid != plid))
620 event = CNF_IGNR;
621 else
622 event = CNF_ACPT;
623 break;
624 case WLAN_SP_MESH_PEERING_CLOSE:
625 if (sta->plink_state == NL80211_PLINK_ESTAB)
626 /* Do not check for llid or plid. This does not
627 * follow the standard but since multiple plinks
628 * per sta are not supported, it is necessary in
629 * order to avoid a livelock when MP A sees an
630 * establish peer link to MP B but MP B does not
631 * see it. This can be caused by a timeout in
632 * B's peer link establishment or B beign
633 * restarted.
634 */
635 event = CLS_ACPT;
636 else if (sta->plid != plid)
637 event = CLS_IGNR;
638 else if (ie_len == 7 && sta->llid != llid)
639 event = CLS_IGNR;
640 else
641 event = CLS_ACPT;
642 break;
643 default:
644 mpl_dbg("Mesh plink: unknown frame subtype\n");
645 spin_unlock_bh(&sta->lock);
646 rcu_read_unlock();
647 return;
648 }
649 } else {
650 spin_lock_bh(&sta->lock);
651 }
652
653 mpl_dbg("Mesh plink (peer, state, llid, plid, event): %pM %s %d %d %d\n",
654 mgmt->sa, mplstates[sta->plink_state],
655 le16_to_cpu(sta->llid), le16_to_cpu(sta->plid),
656 event);
657 reason = 0;
658 switch (sta->plink_state) {
659 /* spin_unlock as soon as state is updated at each case */
660 case NL80211_PLINK_LISTEN:
661 switch (event) {
662 case CLS_ACPT:
663 mesh_plink_fsm_restart(sta);
664 spin_unlock_bh(&sta->lock);
665 break;
666 case OPN_ACPT:
667 sta->plink_state = NL80211_PLINK_OPN_RCVD;
668 sta->plid = plid;
669 get_random_bytes(&llid, 2);
670 sta->llid = llid;
671 mesh_plink_timer_set(sta, dot11MeshRetryTimeout(sdata));
672 spin_unlock_bh(&sta->lock);
673 mesh_plink_frame_tx(sdata,
674 WLAN_SP_MESH_PEERING_OPEN,
675 sta->sta.addr, llid, 0, 0);
676 mesh_plink_frame_tx(sdata,
677 WLAN_SP_MESH_PEERING_CONFIRM,
678 sta->sta.addr, llid, plid, 0);
679 break;
680 default:
681 spin_unlock_bh(&sta->lock);
682 break;
683 }
684 break;
685
686 case NL80211_PLINK_OPN_SNT:
687 switch (event) {
688 case OPN_RJCT:
689 case CNF_RJCT:
690 reason = cpu_to_le16(WLAN_REASON_MESH_CONFIG);
691 case CLS_ACPT:
692 if (!reason)
693 reason = cpu_to_le16(WLAN_REASON_MESH_CLOSE);
694 sta->reason = reason;
695 sta->plink_state = NL80211_PLINK_HOLDING;
696 if (!mod_plink_timer(sta,
697 dot11MeshHoldingTimeout(sdata)))
698 sta->ignore_plink_timer = true;
699
700 llid = sta->llid;
701 spin_unlock_bh(&sta->lock);
702 mesh_plink_frame_tx(sdata,
703 WLAN_SP_MESH_PEERING_CLOSE,
704 sta->sta.addr, llid, plid, reason);
705 break;
706 case OPN_ACPT:
707 /* retry timer is left untouched */
708 sta->plink_state = NL80211_PLINK_OPN_RCVD;
709 sta->plid = plid;
710 llid = sta->llid;
711 spin_unlock_bh(&sta->lock);
712 mesh_plink_frame_tx(sdata,
713 WLAN_SP_MESH_PEERING_CONFIRM,
714 sta->sta.addr, llid, plid, 0);
715 break;
716 case CNF_ACPT:
717 sta->plink_state = NL80211_PLINK_CNF_RCVD;
718 if (!mod_plink_timer(sta,
719 dot11MeshConfirmTimeout(sdata)))
720 sta->ignore_plink_timer = true;
721
722 spin_unlock_bh(&sta->lock);
723 break;
724 default:
725 spin_unlock_bh(&sta->lock);
726 break;
727 }
728 break;
729
730 case NL80211_PLINK_OPN_RCVD:
731 switch (event) {
732 case OPN_RJCT:
733 case CNF_RJCT:
734 reason = cpu_to_le16(WLAN_REASON_MESH_CONFIG);
735 case CLS_ACPT:
736 if (!reason)
737 reason = cpu_to_le16(WLAN_REASON_MESH_CLOSE);
738 sta->reason = reason;
739 sta->plink_state = NL80211_PLINK_HOLDING;
740 if (!mod_plink_timer(sta,
741 dot11MeshHoldingTimeout(sdata)))
742 sta->ignore_plink_timer = true;
743
744 llid = sta->llid;
745 spin_unlock_bh(&sta->lock);
746 mesh_plink_frame_tx(sdata, WLAN_SP_MESH_PEERING_CLOSE,
747 sta->sta.addr, llid, plid, reason);
748 break;
749 case OPN_ACPT:
750 llid = sta->llid;
751 spin_unlock_bh(&sta->lock);
752 mesh_plink_frame_tx(sdata,
753 WLAN_SP_MESH_PEERING_CONFIRM,
754 sta->sta.addr, llid, plid, 0);
755 break;
756 case CNF_ACPT:
757 del_timer(&sta->plink_timer);
758 sta->plink_state = NL80211_PLINK_ESTAB;
759 spin_unlock_bh(&sta->lock);
760 mesh_plink_inc_estab_count(sdata);
761 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON);
762 mpl_dbg("Mesh plink with %pM ESTABLISHED\n",
763 sta->sta.addr);
764 break;
765 default:
766 spin_unlock_bh(&sta->lock);
767 break;
768 }
769 break;
770
771 case NL80211_PLINK_CNF_RCVD:
772 switch (event) {
773 case OPN_RJCT:
774 case CNF_RJCT:
775 reason = cpu_to_le16(WLAN_REASON_MESH_CONFIG);
776 case CLS_ACPT:
777 if (!reason)
778 reason = cpu_to_le16(WLAN_REASON_MESH_CLOSE);
779 sta->reason = reason;
780 sta->plink_state = NL80211_PLINK_HOLDING;
781 if (!mod_plink_timer(sta,
782 dot11MeshHoldingTimeout(sdata)))
783 sta->ignore_plink_timer = true;
784
785 llid = sta->llid;
786 spin_unlock_bh(&sta->lock);
787 mesh_plink_frame_tx(sdata,
788 WLAN_SP_MESH_PEERING_CLOSE,
789 sta->sta.addr, llid, plid, reason);
790 break;
791 case OPN_ACPT:
792 del_timer(&sta->plink_timer);
793 sta->plink_state = NL80211_PLINK_ESTAB;
794 spin_unlock_bh(&sta->lock);
795 mesh_plink_inc_estab_count(sdata);
796 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON);
797 mpl_dbg("Mesh plink with %pM ESTABLISHED\n",
798 sta->sta.addr);
799 mesh_plink_frame_tx(sdata,
800 WLAN_SP_MESH_PEERING_CONFIRM,
801 sta->sta.addr, llid, plid, 0);
802 break;
803 default:
804 spin_unlock_bh(&sta->lock);
805 break;
806 }
807 break;
808
809 case NL80211_PLINK_ESTAB:
810 switch (event) {
811 case CLS_ACPT:
812 reason = cpu_to_le16(WLAN_REASON_MESH_CLOSE);
813 sta->reason = reason;
814 deactivated = __mesh_plink_deactivate(sta);
815 sta->plink_state = NL80211_PLINK_HOLDING;
816 llid = sta->llid;
817 mod_plink_timer(sta, dot11MeshHoldingTimeout(sdata));
818 spin_unlock_bh(&sta->lock);
819 if (deactivated)
820 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON);
821 mesh_plink_frame_tx(sdata, WLAN_SP_MESH_PEERING_CLOSE,
822 sta->sta.addr, llid, plid, reason);
823 break;
824 case OPN_ACPT:
825 llid = sta->llid;
826 spin_unlock_bh(&sta->lock);
827 mesh_plink_frame_tx(sdata,
828 WLAN_SP_MESH_PEERING_CONFIRM,
829 sta->sta.addr, llid, plid, 0);
830 break;
831 default:
832 spin_unlock_bh(&sta->lock);
833 break;
834 }
835 break;
836 case NL80211_PLINK_HOLDING:
837 switch (event) {
838 case CLS_ACPT:
839 if (del_timer(&sta->plink_timer))
840 sta->ignore_plink_timer = 1;
841 mesh_plink_fsm_restart(sta);
842 spin_unlock_bh(&sta->lock);
843 break;
844 case OPN_ACPT:
845 case CNF_ACPT:
846 case OPN_RJCT:
847 case CNF_RJCT:
848 llid = sta->llid;
849 reason = sta->reason;
850 spin_unlock_bh(&sta->lock);
851 mesh_plink_frame_tx(sdata, WLAN_SP_MESH_PEERING_CLOSE,
852 sta->sta.addr, llid, plid, reason);
853 break;
854 default:
855 spin_unlock_bh(&sta->lock);
856 }
857 break;
858 default:
859 /* should not get here, PLINK_BLOCKED is dealt with at the
860 * beginning of the function
861 */
862 spin_unlock_bh(&sta->lock);
863 break;
864 }
865
866 rcu_read_unlock();
867 }
868