forked from Minki/linux
3bdb2d48c5
Joseph Nahmias reported, in http://bugs.debian.org/562016, that he was getting the following warning (with some log around the issue): ath0: direct probe to AP 00:11:95:77:e0:b0 (try 1) ath0: direct probe responded ath0: authenticate with AP 00:11:95:77:e0:b0 (try 1) ath0: authenticated ath0: associate with AP 00:11:95:77:e0:b0 (try 1) ath0: deauthenticating from 00:11:95:77:e0:b0 by local choice (reason=3) ath0: direct probe to AP 00:11:95:77:e0:b0 (try 1) ath0: RX AssocResp from 00:11:95:77:e0:b0 (capab=0x421 status=0 aid=2) ath0: associated ------------[ cut here ]------------ WARNING: at net/wireless/mlme.c:97 cfg80211_send_rx_assoc+0x14d/0x152 [cfg80211]() Hardware name: 7658CTO ... Pid: 761, comm: phy0 Not tainted 2.6.32-trunk-686 #1 Call Trace: [<c1030a5d>] ? warn_slowpath_common+0x5e/0x8a [<c1030a93>] ? warn_slowpath_null+0xa/0xc [<f86cafc7>] ? cfg80211_send_rx_assoc+0x14d/0x152 ... ath0: link becomes ready ath0: deauthenticating from 00:11:95:77:e0:b0 by local choice (reason=3) ath0: no IPv6 routers present ath0: link is not ready ath0: direct probe to AP 00:11:95:77:e0:b0 (try 1) ath0: direct probe responded ath0: authenticate with AP 00:11:95:77:e0:b0 (try 1) ath0: authenticated ath0: associate with AP 00:11:95:77:e0:b0 (try 1) ath0: RX ReassocResp from 00:11:95:77:e0:b0 (capab=0x421 status=0 aid=2) ath0: associated It is not clear to me how the first "direct probe" here happens, but this seems to be a race condition, if the user requests to deauth after requesting assoc, but before the assoc response is received. In that case, it may happen that mac80211 tries to report the assoc success to cfg80211, but gets blocked on the wdev lock that is held because the user is requesting the deauth. The result is that we run into a warning. This is mostly harmless, but maybe cause an unexpected event to be sent to userspace; we'd send an assoc success event although userspace was no longer expecting that. To fix this, remove the warning and check whether the race happened and in that case abort processing. Reported-by: Joseph Nahmias <joe@nahmias.net> Cc: stable@kernel.org Cc: 562016-quiet@bugs.debian.org Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
687 lines
18 KiB
C
687 lines
18 KiB
C
/*
|
|
* cfg80211 MLME SAP interface
|
|
*
|
|
* Copyright (c) 2009, Jouni Malinen <j@w1.fi>
|
|
*/
|
|
|
|
#include <linux/kernel.h>
|
|
#include <linux/module.h>
|
|
#include <linux/netdevice.h>
|
|
#include <linux/nl80211.h>
|
|
#include <linux/wireless.h>
|
|
#include <net/cfg80211.h>
|
|
#include <net/iw_handler.h>
|
|
#include "core.h"
|
|
#include "nl80211.h"
|
|
|
|
void cfg80211_send_rx_auth(struct net_device *dev, const u8 *buf, size_t len)
|
|
{
|
|
struct wireless_dev *wdev = dev->ieee80211_ptr;
|
|
struct wiphy *wiphy = wdev->wiphy;
|
|
struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
|
|
struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf;
|
|
u8 *bssid = mgmt->bssid;
|
|
int i;
|
|
u16 status = le16_to_cpu(mgmt->u.auth.status_code);
|
|
bool done = false;
|
|
|
|
wdev_lock(wdev);
|
|
|
|
for (i = 0; i < MAX_AUTH_BSSES; i++) {
|
|
if (wdev->authtry_bsses[i] &&
|
|
memcmp(wdev->authtry_bsses[i]->pub.bssid, bssid,
|
|
ETH_ALEN) == 0) {
|
|
if (status == WLAN_STATUS_SUCCESS) {
|
|
wdev->auth_bsses[i] = wdev->authtry_bsses[i];
|
|
} else {
|
|
cfg80211_unhold_bss(wdev->authtry_bsses[i]);
|
|
cfg80211_put_bss(&wdev->authtry_bsses[i]->pub);
|
|
}
|
|
wdev->authtry_bsses[i] = NULL;
|
|
done = true;
|
|
break;
|
|
}
|
|
}
|
|
|
|
WARN_ON(!done);
|
|
|
|
nl80211_send_rx_auth(rdev, dev, buf, len, GFP_KERNEL);
|
|
cfg80211_sme_rx_auth(dev, buf, len);
|
|
|
|
wdev_unlock(wdev);
|
|
}
|
|
EXPORT_SYMBOL(cfg80211_send_rx_auth);
|
|
|
|
void cfg80211_send_rx_assoc(struct net_device *dev, const u8 *buf, size_t len)
|
|
{
|
|
u16 status_code;
|
|
struct wireless_dev *wdev = dev->ieee80211_ptr;
|
|
struct wiphy *wiphy = wdev->wiphy;
|
|
struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
|
|
struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf;
|
|
u8 *ie = mgmt->u.assoc_resp.variable;
|
|
int i, ieoffs = offsetof(struct ieee80211_mgmt, u.assoc_resp.variable);
|
|
struct cfg80211_internal_bss *bss = NULL;
|
|
|
|
wdev_lock(wdev);
|
|
|
|
status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
|
|
|
|
/*
|
|
* This is a bit of a hack, we don't notify userspace of
|
|
* a (re-)association reply if we tried to send a reassoc
|
|
* and got a reject -- we only try again with an assoc
|
|
* frame instead of reassoc.
|
|
*/
|
|
if (status_code != WLAN_STATUS_SUCCESS && wdev->conn &&
|
|
cfg80211_sme_failed_reassoc(wdev))
|
|
goto out;
|
|
|
|
nl80211_send_rx_assoc(rdev, dev, buf, len, GFP_KERNEL);
|
|
|
|
if (status_code == WLAN_STATUS_SUCCESS) {
|
|
for (i = 0; i < MAX_AUTH_BSSES; i++) {
|
|
if (!wdev->auth_bsses[i])
|
|
continue;
|
|
if (memcmp(wdev->auth_bsses[i]->pub.bssid, mgmt->bssid,
|
|
ETH_ALEN) == 0) {
|
|
bss = wdev->auth_bsses[i];
|
|
wdev->auth_bsses[i] = NULL;
|
|
/* additional reference to drop hold */
|
|
cfg80211_ref_bss(bss);
|
|
break;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* We might be coming here because the driver reported
|
|
* a successful association at the same time as the
|
|
* user requested a deauth. In that case, we will have
|
|
* removed the BSS from the auth_bsses list due to the
|
|
* deauth request when the assoc response makes it. If
|
|
* the two code paths acquire the lock the other way
|
|
* around, that's just the standard situation of a
|
|
* deauth being requested while connected.
|
|
*/
|
|
if (!bss)
|
|
goto out;
|
|
} else if (wdev->conn) {
|
|
cfg80211_sme_failed_assoc(wdev);
|
|
/*
|
|
* do not call connect_result() now because the
|
|
* sme will schedule work that does it later.
|
|
*/
|
|
goto out;
|
|
}
|
|
|
|
if (!wdev->conn && wdev->sme_state == CFG80211_SME_IDLE) {
|
|
/*
|
|
* This is for the userspace SME, the CONNECTING
|
|
* state will be changed to CONNECTED by
|
|
* __cfg80211_connect_result() below.
|
|
*/
|
|
wdev->sme_state = CFG80211_SME_CONNECTING;
|
|
}
|
|
|
|
/* this consumes one bss reference (unless bss is NULL) */
|
|
__cfg80211_connect_result(dev, mgmt->bssid, NULL, 0, ie, len - ieoffs,
|
|
status_code,
|
|
status_code == WLAN_STATUS_SUCCESS,
|
|
bss ? &bss->pub : NULL);
|
|
/* drop hold now, and also reference acquired above */
|
|
if (bss) {
|
|
cfg80211_unhold_bss(bss);
|
|
cfg80211_put_bss(&bss->pub);
|
|
}
|
|
|
|
out:
|
|
wdev_unlock(wdev);
|
|
}
|
|
EXPORT_SYMBOL(cfg80211_send_rx_assoc);
|
|
|
|
void __cfg80211_send_deauth(struct net_device *dev,
|
|
const u8 *buf, size_t len)
|
|
{
|
|
struct wireless_dev *wdev = dev->ieee80211_ptr;
|
|
struct wiphy *wiphy = wdev->wiphy;
|
|
struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
|
|
struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf;
|
|
const u8 *bssid = mgmt->bssid;
|
|
int i;
|
|
|
|
ASSERT_WDEV_LOCK(wdev);
|
|
|
|
nl80211_send_deauth(rdev, dev, buf, len, GFP_KERNEL);
|
|
|
|
if (wdev->current_bss &&
|
|
memcmp(wdev->current_bss->pub.bssid, bssid, ETH_ALEN) == 0) {
|
|
cfg80211_unhold_bss(wdev->current_bss);
|
|
cfg80211_put_bss(&wdev->current_bss->pub);
|
|
wdev->current_bss = NULL;
|
|
} else for (i = 0; i < MAX_AUTH_BSSES; i++) {
|
|
if (wdev->auth_bsses[i] &&
|
|
memcmp(wdev->auth_bsses[i]->pub.bssid, bssid, ETH_ALEN) == 0) {
|
|
cfg80211_unhold_bss(wdev->auth_bsses[i]);
|
|
cfg80211_put_bss(&wdev->auth_bsses[i]->pub);
|
|
wdev->auth_bsses[i] = NULL;
|
|
break;
|
|
}
|
|
if (wdev->authtry_bsses[i] &&
|
|
memcmp(wdev->authtry_bsses[i]->pub.bssid, bssid, ETH_ALEN) == 0) {
|
|
cfg80211_unhold_bss(wdev->authtry_bsses[i]);
|
|
cfg80211_put_bss(&wdev->authtry_bsses[i]->pub);
|
|
wdev->authtry_bsses[i] = NULL;
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (wdev->sme_state == CFG80211_SME_CONNECTED) {
|
|
u16 reason_code;
|
|
bool from_ap;
|
|
|
|
reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
|
|
|
|
from_ap = memcmp(mgmt->sa, dev->dev_addr, ETH_ALEN) != 0;
|
|
__cfg80211_disconnected(dev, NULL, 0, reason_code, from_ap);
|
|
} else if (wdev->sme_state == CFG80211_SME_CONNECTING) {
|
|
__cfg80211_connect_result(dev, mgmt->bssid, NULL, 0, NULL, 0,
|
|
WLAN_STATUS_UNSPECIFIED_FAILURE,
|
|
false, NULL);
|
|
}
|
|
}
|
|
EXPORT_SYMBOL(__cfg80211_send_deauth);
|
|
|
|
void cfg80211_send_deauth(struct net_device *dev, const u8 *buf, size_t len)
|
|
{
|
|
struct wireless_dev *wdev = dev->ieee80211_ptr;
|
|
|
|
wdev_lock(wdev);
|
|
__cfg80211_send_deauth(dev, buf, len);
|
|
wdev_unlock(wdev);
|
|
}
|
|
EXPORT_SYMBOL(cfg80211_send_deauth);
|
|
|
|
void __cfg80211_send_disassoc(struct net_device *dev,
|
|
const u8 *buf, size_t len)
|
|
{
|
|
struct wireless_dev *wdev = dev->ieee80211_ptr;
|
|
struct wiphy *wiphy = wdev->wiphy;
|
|
struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
|
|
struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf;
|
|
const u8 *bssid = mgmt->bssid;
|
|
int i;
|
|
u16 reason_code;
|
|
bool from_ap;
|
|
bool done = false;
|
|
|
|
ASSERT_WDEV_LOCK(wdev);
|
|
|
|
nl80211_send_disassoc(rdev, dev, buf, len, GFP_KERNEL);
|
|
|
|
if (wdev->sme_state != CFG80211_SME_CONNECTED)
|
|
return;
|
|
|
|
if (wdev->current_bss &&
|
|
memcmp(wdev->current_bss->pub.bssid, bssid, ETH_ALEN) == 0) {
|
|
for (i = 0; i < MAX_AUTH_BSSES; i++) {
|
|
if (wdev->authtry_bsses[i] || wdev->auth_bsses[i])
|
|
continue;
|
|
wdev->auth_bsses[i] = wdev->current_bss;
|
|
wdev->current_bss = NULL;
|
|
done = true;
|
|
cfg80211_sme_disassoc(dev, i);
|
|
break;
|
|
}
|
|
WARN_ON(!done);
|
|
} else
|
|
WARN_ON(1);
|
|
|
|
|
|
reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
|
|
|
|
from_ap = memcmp(mgmt->sa, dev->dev_addr, ETH_ALEN) != 0;
|
|
__cfg80211_disconnected(dev, NULL, 0, reason_code, from_ap);
|
|
}
|
|
EXPORT_SYMBOL(__cfg80211_send_disassoc);
|
|
|
|
void cfg80211_send_disassoc(struct net_device *dev, const u8 *buf, size_t len)
|
|
{
|
|
struct wireless_dev *wdev = dev->ieee80211_ptr;
|
|
|
|
wdev_lock(wdev);
|
|
__cfg80211_send_disassoc(dev, buf, len);
|
|
wdev_unlock(wdev);
|
|
}
|
|
EXPORT_SYMBOL(cfg80211_send_disassoc);
|
|
|
|
static void __cfg80211_auth_remove(struct wireless_dev *wdev, const u8 *addr)
|
|
{
|
|
int i;
|
|
bool done = false;
|
|
|
|
ASSERT_WDEV_LOCK(wdev);
|
|
|
|
for (i = 0; addr && i < MAX_AUTH_BSSES; i++) {
|
|
if (wdev->authtry_bsses[i] &&
|
|
memcmp(wdev->authtry_bsses[i]->pub.bssid,
|
|
addr, ETH_ALEN) == 0) {
|
|
cfg80211_unhold_bss(wdev->authtry_bsses[i]);
|
|
cfg80211_put_bss(&wdev->authtry_bsses[i]->pub);
|
|
wdev->authtry_bsses[i] = NULL;
|
|
done = true;
|
|
break;
|
|
}
|
|
}
|
|
|
|
WARN_ON(!done);
|
|
}
|
|
|
|
void __cfg80211_auth_canceled(struct net_device *dev, const u8 *addr)
|
|
{
|
|
__cfg80211_auth_remove(dev->ieee80211_ptr, addr);
|
|
}
|
|
EXPORT_SYMBOL(__cfg80211_auth_canceled);
|
|
|
|
void cfg80211_send_auth_timeout(struct net_device *dev, const u8 *addr)
|
|
{
|
|
struct wireless_dev *wdev = dev->ieee80211_ptr;
|
|
struct wiphy *wiphy = wdev->wiphy;
|
|
struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
|
|
|
|
wdev_lock(wdev);
|
|
|
|
nl80211_send_auth_timeout(rdev, dev, addr, GFP_KERNEL);
|
|
if (wdev->sme_state == CFG80211_SME_CONNECTING)
|
|
__cfg80211_connect_result(dev, addr, NULL, 0, NULL, 0,
|
|
WLAN_STATUS_UNSPECIFIED_FAILURE,
|
|
false, NULL);
|
|
|
|
__cfg80211_auth_remove(wdev, addr);
|
|
|
|
wdev_unlock(wdev);
|
|
}
|
|
EXPORT_SYMBOL(cfg80211_send_auth_timeout);
|
|
|
|
void cfg80211_send_assoc_timeout(struct net_device *dev, const u8 *addr)
|
|
{
|
|
struct wireless_dev *wdev = dev->ieee80211_ptr;
|
|
struct wiphy *wiphy = wdev->wiphy;
|
|
struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
|
|
int i;
|
|
bool done = false;
|
|
|
|
wdev_lock(wdev);
|
|
|
|
nl80211_send_assoc_timeout(rdev, dev, addr, GFP_KERNEL);
|
|
if (wdev->sme_state == CFG80211_SME_CONNECTING)
|
|
__cfg80211_connect_result(dev, addr, NULL, 0, NULL, 0,
|
|
WLAN_STATUS_UNSPECIFIED_FAILURE,
|
|
false, NULL);
|
|
|
|
for (i = 0; addr && i < MAX_AUTH_BSSES; i++) {
|
|
if (wdev->auth_bsses[i] &&
|
|
memcmp(wdev->auth_bsses[i]->pub.bssid,
|
|
addr, ETH_ALEN) == 0) {
|
|
cfg80211_unhold_bss(wdev->auth_bsses[i]);
|
|
cfg80211_put_bss(&wdev->auth_bsses[i]->pub);
|
|
wdev->auth_bsses[i] = NULL;
|
|
done = true;
|
|
break;
|
|
}
|
|
}
|
|
|
|
WARN_ON(!done);
|
|
|
|
wdev_unlock(wdev);
|
|
}
|
|
EXPORT_SYMBOL(cfg80211_send_assoc_timeout);
|
|
|
|
void cfg80211_michael_mic_failure(struct net_device *dev, const u8 *addr,
|
|
enum nl80211_key_type key_type, int key_id,
|
|
const u8 *tsc, gfp_t gfp)
|
|
{
|
|
struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
|
|
struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
|
|
#ifdef CONFIG_CFG80211_WEXT
|
|
union iwreq_data wrqu;
|
|
char *buf = kmalloc(128, gfp);
|
|
|
|
if (buf) {
|
|
sprintf(buf, "MLME-MICHAELMICFAILURE.indication("
|
|
"keyid=%d %scast addr=%pM)", key_id,
|
|
key_type == NL80211_KEYTYPE_GROUP ? "broad" : "uni",
|
|
addr);
|
|
memset(&wrqu, 0, sizeof(wrqu));
|
|
wrqu.data.length = strlen(buf);
|
|
wireless_send_event(dev, IWEVCUSTOM, &wrqu, buf);
|
|
kfree(buf);
|
|
}
|
|
#endif
|
|
|
|
nl80211_michael_mic_failure(rdev, dev, addr, key_type, key_id, tsc, gfp);
|
|
}
|
|
EXPORT_SYMBOL(cfg80211_michael_mic_failure);
|
|
|
|
/* some MLME handling for userspace SME */
|
|
int __cfg80211_mlme_auth(struct cfg80211_registered_device *rdev,
|
|
struct net_device *dev,
|
|
struct ieee80211_channel *chan,
|
|
enum nl80211_auth_type auth_type,
|
|
const u8 *bssid,
|
|
const u8 *ssid, int ssid_len,
|
|
const u8 *ie, int ie_len,
|
|
const u8 *key, int key_len, int key_idx)
|
|
{
|
|
struct wireless_dev *wdev = dev->ieee80211_ptr;
|
|
struct cfg80211_auth_request req;
|
|
struct cfg80211_internal_bss *bss;
|
|
int i, err, slot = -1, nfree = 0;
|
|
|
|
ASSERT_WDEV_LOCK(wdev);
|
|
|
|
if (auth_type == NL80211_AUTHTYPE_SHARED_KEY)
|
|
if (!key || !key_len || key_idx < 0 || key_idx > 4)
|
|
return -EINVAL;
|
|
|
|
if (wdev->current_bss &&
|
|
memcmp(bssid, wdev->current_bss->pub.bssid, ETH_ALEN) == 0)
|
|
return -EALREADY;
|
|
|
|
for (i = 0; i < MAX_AUTH_BSSES; i++) {
|
|
if (wdev->authtry_bsses[i] &&
|
|
memcmp(bssid, wdev->authtry_bsses[i]->pub.bssid,
|
|
ETH_ALEN) == 0)
|
|
return -EALREADY;
|
|
if (wdev->auth_bsses[i] &&
|
|
memcmp(bssid, wdev->auth_bsses[i]->pub.bssid,
|
|
ETH_ALEN) == 0)
|
|
return -EALREADY;
|
|
}
|
|
|
|
memset(&req, 0, sizeof(req));
|
|
|
|
req.ie = ie;
|
|
req.ie_len = ie_len;
|
|
req.auth_type = auth_type;
|
|
req.bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len,
|
|
WLAN_CAPABILITY_ESS, WLAN_CAPABILITY_ESS);
|
|
req.key = key;
|
|
req.key_len = key_len;
|
|
req.key_idx = key_idx;
|
|
if (!req.bss)
|
|
return -ENOENT;
|
|
|
|
bss = bss_from_pub(req.bss);
|
|
|
|
for (i = 0; i < MAX_AUTH_BSSES; i++) {
|
|
if (!wdev->auth_bsses[i] && !wdev->authtry_bsses[i]) {
|
|
slot = i;
|
|
nfree++;
|
|
}
|
|
}
|
|
|
|
/* we need one free slot for disassoc and one for this auth */
|
|
if (nfree < 2) {
|
|
err = -ENOSPC;
|
|
goto out;
|
|
}
|
|
|
|
wdev->authtry_bsses[slot] = bss;
|
|
cfg80211_hold_bss(bss);
|
|
|
|
err = rdev->ops->auth(&rdev->wiphy, dev, &req);
|
|
if (err) {
|
|
wdev->authtry_bsses[slot] = NULL;
|
|
cfg80211_unhold_bss(bss);
|
|
}
|
|
|
|
out:
|
|
if (err)
|
|
cfg80211_put_bss(req.bss);
|
|
return err;
|
|
}
|
|
|
|
int cfg80211_mlme_auth(struct cfg80211_registered_device *rdev,
|
|
struct net_device *dev, struct ieee80211_channel *chan,
|
|
enum nl80211_auth_type auth_type, const u8 *bssid,
|
|
const u8 *ssid, int ssid_len,
|
|
const u8 *ie, int ie_len,
|
|
const u8 *key, int key_len, int key_idx)
|
|
{
|
|
int err;
|
|
|
|
wdev_lock(dev->ieee80211_ptr);
|
|
err = __cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
|
|
ssid, ssid_len, ie, ie_len,
|
|
key, key_len, key_idx);
|
|
wdev_unlock(dev->ieee80211_ptr);
|
|
|
|
return err;
|
|
}
|
|
|
|
int __cfg80211_mlme_assoc(struct cfg80211_registered_device *rdev,
|
|
struct net_device *dev,
|
|
struct ieee80211_channel *chan,
|
|
const u8 *bssid, const u8 *prev_bssid,
|
|
const u8 *ssid, int ssid_len,
|
|
const u8 *ie, int ie_len, bool use_mfp,
|
|
struct cfg80211_crypto_settings *crypt)
|
|
{
|
|
struct wireless_dev *wdev = dev->ieee80211_ptr;
|
|
struct cfg80211_assoc_request req;
|
|
struct cfg80211_internal_bss *bss;
|
|
int i, err, slot = -1;
|
|
bool was_connected = false;
|
|
|
|
ASSERT_WDEV_LOCK(wdev);
|
|
|
|
memset(&req, 0, sizeof(req));
|
|
|
|
if (wdev->current_bss && prev_bssid &&
|
|
memcmp(wdev->current_bss->pub.bssid, prev_bssid, ETH_ALEN) == 0) {
|
|
/*
|
|
* Trying to reassociate: Allow this to proceed and let the old
|
|
* association to be dropped when the new one is completed.
|
|
*/
|
|
if (wdev->sme_state == CFG80211_SME_CONNECTED) {
|
|
was_connected = true;
|
|
wdev->sme_state = CFG80211_SME_CONNECTING;
|
|
}
|
|
} else if (wdev->current_bss)
|
|
return -EALREADY;
|
|
|
|
req.ie = ie;
|
|
req.ie_len = ie_len;
|
|
memcpy(&req.crypto, crypt, sizeof(req.crypto));
|
|
req.use_mfp = use_mfp;
|
|
req.prev_bssid = prev_bssid;
|
|
req.bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len,
|
|
WLAN_CAPABILITY_ESS, WLAN_CAPABILITY_ESS);
|
|
if (!req.bss) {
|
|
if (was_connected)
|
|
wdev->sme_state = CFG80211_SME_CONNECTED;
|
|
return -ENOENT;
|
|
}
|
|
|
|
bss = bss_from_pub(req.bss);
|
|
|
|
for (i = 0; i < MAX_AUTH_BSSES; i++) {
|
|
if (bss == wdev->auth_bsses[i]) {
|
|
slot = i;
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (slot < 0) {
|
|
err = -ENOTCONN;
|
|
goto out;
|
|
}
|
|
|
|
err = rdev->ops->assoc(&rdev->wiphy, dev, &req);
|
|
out:
|
|
if (err && was_connected)
|
|
wdev->sme_state = CFG80211_SME_CONNECTED;
|
|
/* still a reference in wdev->auth_bsses[slot] */
|
|
cfg80211_put_bss(req.bss);
|
|
return err;
|
|
}
|
|
|
|
int cfg80211_mlme_assoc(struct cfg80211_registered_device *rdev,
|
|
struct net_device *dev,
|
|
struct ieee80211_channel *chan,
|
|
const u8 *bssid, const u8 *prev_bssid,
|
|
const u8 *ssid, int ssid_len,
|
|
const u8 *ie, int ie_len, bool use_mfp,
|
|
struct cfg80211_crypto_settings *crypt)
|
|
{
|
|
struct wireless_dev *wdev = dev->ieee80211_ptr;
|
|
int err;
|
|
|
|
wdev_lock(wdev);
|
|
err = __cfg80211_mlme_assoc(rdev, dev, chan, bssid, prev_bssid,
|
|
ssid, ssid_len, ie, ie_len, use_mfp, crypt);
|
|
wdev_unlock(wdev);
|
|
|
|
return err;
|
|
}
|
|
|
|
int __cfg80211_mlme_deauth(struct cfg80211_registered_device *rdev,
|
|
struct net_device *dev, const u8 *bssid,
|
|
const u8 *ie, int ie_len, u16 reason)
|
|
{
|
|
struct wireless_dev *wdev = dev->ieee80211_ptr;
|
|
struct cfg80211_deauth_request req;
|
|
int i;
|
|
|
|
ASSERT_WDEV_LOCK(wdev);
|
|
|
|
memset(&req, 0, sizeof(req));
|
|
req.reason_code = reason;
|
|
req.ie = ie;
|
|
req.ie_len = ie_len;
|
|
if (wdev->current_bss &&
|
|
memcmp(wdev->current_bss->pub.bssid, bssid, ETH_ALEN) == 0) {
|
|
req.bss = &wdev->current_bss->pub;
|
|
} else for (i = 0; i < MAX_AUTH_BSSES; i++) {
|
|
if (wdev->auth_bsses[i] &&
|
|
memcmp(bssid, wdev->auth_bsses[i]->pub.bssid, ETH_ALEN) == 0) {
|
|
req.bss = &wdev->auth_bsses[i]->pub;
|
|
break;
|
|
}
|
|
if (wdev->authtry_bsses[i] &&
|
|
memcmp(bssid, wdev->authtry_bsses[i]->pub.bssid, ETH_ALEN) == 0) {
|
|
req.bss = &wdev->authtry_bsses[i]->pub;
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (!req.bss)
|
|
return -ENOTCONN;
|
|
|
|
return rdev->ops->deauth(&rdev->wiphy, dev, &req, wdev);
|
|
}
|
|
|
|
int cfg80211_mlme_deauth(struct cfg80211_registered_device *rdev,
|
|
struct net_device *dev, const u8 *bssid,
|
|
const u8 *ie, int ie_len, u16 reason)
|
|
{
|
|
struct wireless_dev *wdev = dev->ieee80211_ptr;
|
|
int err;
|
|
|
|
wdev_lock(wdev);
|
|
err = __cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason);
|
|
wdev_unlock(wdev);
|
|
|
|
return err;
|
|
}
|
|
|
|
static int __cfg80211_mlme_disassoc(struct cfg80211_registered_device *rdev,
|
|
struct net_device *dev, const u8 *bssid,
|
|
const u8 *ie, int ie_len, u16 reason)
|
|
{
|
|
struct wireless_dev *wdev = dev->ieee80211_ptr;
|
|
struct cfg80211_disassoc_request req;
|
|
|
|
ASSERT_WDEV_LOCK(wdev);
|
|
|
|
if (wdev->sme_state != CFG80211_SME_CONNECTED)
|
|
return -ENOTCONN;
|
|
|
|
if (WARN_ON(!wdev->current_bss))
|
|
return -ENOTCONN;
|
|
|
|
memset(&req, 0, sizeof(req));
|
|
req.reason_code = reason;
|
|
req.ie = ie;
|
|
req.ie_len = ie_len;
|
|
if (memcmp(wdev->current_bss->pub.bssid, bssid, ETH_ALEN) == 0)
|
|
req.bss = &wdev->current_bss->pub;
|
|
else
|
|
return -ENOTCONN;
|
|
|
|
return rdev->ops->disassoc(&rdev->wiphy, dev, &req, wdev);
|
|
}
|
|
|
|
int cfg80211_mlme_disassoc(struct cfg80211_registered_device *rdev,
|
|
struct net_device *dev, const u8 *bssid,
|
|
const u8 *ie, int ie_len, u16 reason)
|
|
{
|
|
struct wireless_dev *wdev = dev->ieee80211_ptr;
|
|
int err;
|
|
|
|
wdev_lock(wdev);
|
|
err = __cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason);
|
|
wdev_unlock(wdev);
|
|
|
|
return err;
|
|
}
|
|
|
|
void cfg80211_mlme_down(struct cfg80211_registered_device *rdev,
|
|
struct net_device *dev)
|
|
{
|
|
struct wireless_dev *wdev = dev->ieee80211_ptr;
|
|
struct cfg80211_deauth_request req;
|
|
int i;
|
|
|
|
ASSERT_WDEV_LOCK(wdev);
|
|
|
|
if (!rdev->ops->deauth)
|
|
return;
|
|
|
|
memset(&req, 0, sizeof(req));
|
|
req.reason_code = WLAN_REASON_DEAUTH_LEAVING;
|
|
req.ie = NULL;
|
|
req.ie_len = 0;
|
|
|
|
if (wdev->current_bss) {
|
|
req.bss = &wdev->current_bss->pub;
|
|
rdev->ops->deauth(&rdev->wiphy, dev, &req, wdev);
|
|
if (wdev->current_bss) {
|
|
cfg80211_unhold_bss(wdev->current_bss);
|
|
cfg80211_put_bss(&wdev->current_bss->pub);
|
|
wdev->current_bss = NULL;
|
|
}
|
|
}
|
|
|
|
for (i = 0; i < MAX_AUTH_BSSES; i++) {
|
|
if (wdev->auth_bsses[i]) {
|
|
req.bss = &wdev->auth_bsses[i]->pub;
|
|
rdev->ops->deauth(&rdev->wiphy, dev, &req, wdev);
|
|
if (wdev->auth_bsses[i]) {
|
|
cfg80211_unhold_bss(wdev->auth_bsses[i]);
|
|
cfg80211_put_bss(&wdev->auth_bsses[i]->pub);
|
|
wdev->auth_bsses[i] = NULL;
|
|
}
|
|
}
|
|
if (wdev->authtry_bsses[i]) {
|
|
req.bss = &wdev->authtry_bsses[i]->pub;
|
|
rdev->ops->deauth(&rdev->wiphy, dev, &req, wdev);
|
|
if (wdev->authtry_bsses[i]) {
|
|
cfg80211_unhold_bss(wdev->authtry_bsses[i]);
|
|
cfg80211_put_bss(&wdev->authtry_bsses[i]->pub);
|
|
wdev->authtry_bsses[i] = NULL;
|
|
}
|
|
}
|
|
}
|
|
}
|