Add inline wrappers for the BSS struct krefs
to be able to extend them easily later.
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

This local variable is only used once, so remove it.
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

Instead of annotating with a comment, add a lockdep
annotation which also serves as documentation.
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

There's no reason for it to require external
locking, move it into the function.
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

The comment about allocating the IEs together with
the BSS struct is no longer true, remove it. Also
fix a typo in the same area.
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

As Thomas pointed out, cfg80211_get_mesh() is
unused and can be removed.

Cc: Thomas Pedersen <thomas@cozybit.com>
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

Instead of first checking if a BSS is an MBSS
and then doing the comparisons, inline it all
into the BSS comparison function. This avoids
doing the IE searches twice and is also a lot
less code.
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

When trying to find a hidden SSID, the lookup function
is done wrong; the code is trying to combine the two
lookups into one, and as a consequence doesn't always
find the entry at all. To understand this, consider a
case where multiple BSS entries with the same channel
and BSSID exist but have different SSID length. Then
comparing against the probe response SSID length is
bound to cause problems since the hidden one might be
either zeroed out or zero-length.

To fix this we need to do two lookups for the two ways
to hide SSIDs.
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

Instead of duplicating the rbtree functions, pass
an argument to the compare function. This removes
the code duplication for the two searches.
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

In per-station statistics, present 32bit counters are too small
for practical purposes - with gigabit speeds, it get overlapped
every few seconds.

Expand counters in the struct station_info to be 64-bit.
Driver can still fill only 32-bit and indicate in @filled
only bits like STATION_INFO_[TR]X_BYTES; in case driver provides
full 64-bit counter, it should also set in @filled
bit STATION_INFO_[TR]RX_BYTES64

Netlink sends both 32-bit and 64-bit counters, if present, to not
break userspace.
Signed-off-by: NVladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
[change to also have 32-bit counters if driver advertises 64-bit]
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

Now that mac80211 no longer uses this API, remove
it completely. If anyone needs it again, we can
revert this patch of course, but mac80211 was the
only user right now.
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

When waking up from WoWLAN, it is useful to know
what triggered the wakeup. Support reporting the
wakeup reason(s) in cfg80211 (and a pass-through
in mac80211) to allow userspace to know.
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

The warning here occasionally triggers but we haven't
found the cause yet. It's a valid warning since if it
triggers the SME state got confused, so add the SME
state to it to help narrow it down in the future.
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

Add API to enable drivers to implement MAC address based
access control in AP/P2P GO mode. Capable drivers advertise
this capability by setting the maximum number of MAC
addresses in such a list in wiphy->max_acl_mac_addrs.

An initial ACL may be given to the NL80211_CMD_START_AP
command and/or changed later with NL80211_CMD_SET_MAC_ACL.

Black- and whitelists are supported, but not simultaneously.
Signed-off-by: NVasanthakumar Thiagarajan <vthiagar@qca.qualcomm.com>
[rewrite commit log, many cleanups]
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

In commit "cfg80211: check radar interface combinations" a regression
was introduced which might lead to NULL dereference if the argument
chan = NULL, which might happen in IBSS/wext case (and probably
others).
Signed-off-by: NSimon Wunderlich <siwu@hrz.tu-chemnitz.de>
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

To ease further DFS development regarding interface combinations, use
the interface combinations structure to test for radar capabilities.
Drivers can specify which channel widths they support, and in which
modes. Right now only a single AP interface is allowed, but as the
DFS code evolves other combinations can be enabled.
Signed-off-by: NSimon Wunderlich <siwu@hrz.tu-chemnitz.de>
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

The NL80211_ATTR_USE_MFP attribute was originally added for
NL80211_CMD_ASSOCIATE, but it is actually as useful (if not even more
useful) with NL80211_CMD_CONNECT, so process that attribute with the
connect command, too.
Signed-off-by: NJouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

As per email discussion Jouni Malinen pointed out that:

"P2P message exchanges can be executed on the current operating channel
of any operation (both P2P and non-P2P station). These can be on 5 GHz
and even on 60 GHz (so yes, you _can_ do GO Negotiation on 60 GHz).

As an example, it would be possible to receive a GO Negotiation Request
frame on a 5 GHz only radio and then to complete GO Negotiation on that
band. This can happen both when connected to a P2P group (through client
discoverability mechanism) and when connected to a legacy AP (assuming
the station receive Probe Request frame from full scan in the beginning
of P2P device discovery)."

This means that P2P messages can be sent over different radio devices.
However, these should use the same P2P device address so it should be
able to provision this from user-space. This patch adds a parameter for
this to struct vif_params which should only be used during creation of
the P2P device interface.

Cc: Jouni Malinen <j@w1.fi>
Cc: Greg Goldman <ggoldman@broadcom.com>
Cc: Jithu Jance <jithu@broadcom.com>
Signed-off-by: NArend van Spriel <arend@broadcom.com>
[add error checking]
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

Add the nl80211_mesh_power_mode enumeration which holds possible
values for the mesh power mode. These modes are unknown, active,
light sleep and deep sleep.

Add power_mode entry to the mesh config structure to hold the
user-configured default mesh power mode. This value will be used
for new peer links.

Add the dot11MeshAwakeWindowDuration value to the mesh config.
The awake window is a duration in TU describing how long the STA
will stay awake after transmitting its beacon in PS mode.

Add access routines to:
 - get/set local link-specific power mode (STA)
 - get remote STA's link-specific power mode (STA)
 - get remote STA's non-peer power mode (STA)
 - get/set default mesh power mode (mesh config)
 - get/set mesh awake window duration (mesh config)

All config changes may be done at mesh runtime and take effect
immediately.
Signed-off-by: NMarco Porsch <marco@cozybit.com>
Signed-off-by: NIvan Bezyazychnyy <ivan.bezyazychnyy@gmail.com>
Signed-off-by: NMike Krinkin <krinkin.m.u@gmail.com>
[fix commit message line length, error handling in set station]
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

Move the default mesh beacon interval and DTIM period to cfg80211
and make them accessible to nl80211. This enables setting both
values when joining an MBSS.

Previously the DTIM parameter was not set by mac80211 so the
driver's default value was used.
Signed-off-by: NMarco Porsch <marco@cozybit.com>
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

Ranges are taken from IEEE 802.11-2012, common sense or current
implementation requirements.
Signed-off-by: NMarco Porsch <marco@cozybit.com>
Acked-by: NThomas Pedersen <thomas@cozybit.com>
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

commit 1a919318 "regulatory: code cleanup"
changed is_ht40_allowed without considering that IEEE80211_CHAN_NO_HT40 is
not just one flag, but two.
This is causing HT40- to be blocked completely.
Signed-off-by: NFelix Fietkau <nbd@openwrt.org>
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

My commit 379b82f4
("regulatory: pass new regdomain to reset function")
broke the restore_regulatory_settings() function due
to a logic change. Consider this change:

-	reset_regdomains(true);
-	cfg80211_regdomain = cfg80211_world_regdom;
+	reset_regdomains(true, cfg80211_world_regdom);

This looks innocent enough, until you realise that the
called function (reset_regdomains) also resets the
cfg80211_world_regdom pointer, so that the old version
of the code would use the new object it pointed to and
the new version of the code uses the old object. This
lead to a double-free of this object.

Since reset_regdomains() sets it to &world_regdom, use
that directly.
Reported-by: NSujith Manoharan <sujith@msujith.org>
Tested-by: NSujith Manoharan <sujith@msujith.org>
Reported-by: NBob Copeland <me@bobcopeland.com>
Reported-by: NEmmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

The uevent callback doesn't protect its access to
last_request, which now causes a warning since
the conversion to get_last_request(). Fix this by
allowing to use RCU protection for last_request.
Reported-by: NEmmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

The following changes are invalid and should be
disallowed when a station already exists:
 * supported rates changes, except for TDLS peers
 * listen interval changes
 * HT capability changes

Disallow them and also update a mac80211 comment
explaining how they would be racy.
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

Use __aligned(...) instead of __attribute__((aligned(...)))
in mac80211 and cfg80211.
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

Today, stations are added already associated. That is
inefficient if, for example, the driver has no room
for stations any more because then the station will
go through the entire auth/assoc handshake, only to
be kicked out afterwards.

To address this a bit better, at least with drivers
using the new station state callback, allow hostapd
to add stations in unauthenticated mode, just after
receiving the AUTH frame, before even replying. Thus
if there's no more space at that point, it can send
a negative auth frame back. It still needs to handle
later state transition errors though, of course.
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

Some AP code ended up in mlme.c as ap.c didn't
exist when it was written, move it now.
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

We should not add new beacon hints even if the wiphy
is not world roaming. Without this we were always adding
a beacon hint if not world roaming for every non world
roaming wiphy interface.
Tested-by: NBen Greear <greearb@candelatech.com>
Reported-by: NBen Greear <greearb@candelatech.com>
Reported-by: NJohannes Berg <johannes@sipsolutions.net>
Signed-off-by: NLuis R. Rodriguez <mcgrof@do-not-panic.com>
[fix locking]
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

This will be used later by other code. This has no
functional change.
Tested-by: NBen Greear <greearb@candelatech.com>
Reported-by: NBen Greear <greearb@candelatech.com>
Reported-by: NJohannes Berg <johannes@sipsolutions.net>
Signed-off-by: NLuis R. Rodriguez <mcgrof@do-not-panic.com>
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

Regulatory beacon hints are used to help with world roaming
and as it is right now we learn from a beacon hint processed
on one wiphy to all other wiphys. The processing of beacon
hints however is scheduled and if we have a lot of interfaces
we may hit the case that we'll queue a the same beacon hint
many times until its processed.

To avoid this do a lookup on the queued up beacon hints prior
to adding a new beacon hint. If the beacon hint is removed
from the pending reg beacon hint list then it would be processed
and we'd ensure all wiphys would have learned from it, if its
on the pending reg beacon list we'd now find it prior to it
being processed.
Tested-by: NBen Greear <greearb@candelatech.com>
Reported-by: NBen Greear <greearb@candelatech.com>
Reported-by: NJohannes Berg <johannes@sipsolutions.net>
Signed-off-by: NLuis R. Rodriguez <mcgrof@do-not-panic.com>
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

In that case, it's really a 160 MHz channel, so disallow
this configuration.
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

Instead of returning an error and filling a pointer
return the pointer and an ERR_PTR value in error cases.
Acked-by: NLuis R. Rodriguez <mcgrof@do-not-panic.com>
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

This will allow making freq_reg_info() lock-free.
Acked-by: NLuis R. Rodriguez <mcgrof@do-not-panic.com>
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

To simplify the locking and not require cfg80211_mutex
(which nl80211 uses to access the global regdomain) and
also to make it possible for drivers to access their
wiphy->regd safely, use RCU to protect these pointers.
Acked-by: NLuis R. Rodriguez <mcgrof@do-not-panic.com>
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

Instead of assigning after calling the function do
it inside the function. This will later avoid a
period of time where the pointer is NULL.
Acked-by: NLuis R. Rodriguez <mcgrof@do-not-panic.com>
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

The channel bandwidth handling isn't really quite right,
it assumes that a 40 MHz channel is really two 20 MHz
channels, which isn't strictly true. This is the way the
regulatory database handling is defined right now though
so remove the logic to handle other channel widths.
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

There's a bug with the world regulatory domain, it
can be updated any time which is different from all
other regdomains that can only be updated once after
a request for them. Fix this by adding a check for
"processed" to the reg_is_valid_request() function
and clear that when doing a request.

While looking at this I also found another locking
bug, last_request is protected by the reg_mutex not
the cfg80211_mutex so the code in nl80211 is racy.
Remove that code as it only tries to prevent an
allocation in an error case, which isn't necessary.
Then the function can also become static and locking
in nl80211 can have a smaller scope.

Also change __set_regdom() to do the checks earlier
and not different for world/other regdomains.
Acked-by: NLuis R. Rodriguez <mcgrof@do-not-panic.com>
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

wiphy_apply_custom_regulatory() doesn't have to hold
the regulatory mutex as it only modifies the given
wiphy with the given regulatory domain, it doesn't
access any global regulatory data.
Acked-by: NLuis R. Rodriguez <mcgrof@do-not-panic.com>
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

Many places that currently check that cfg80211_mutex
is held don't actually use any data protected by it.
The functions that need to hold the cfg80211_mutex
are the ones using the cfg80211_regdomain variable,
so add the lock assertion to those and clarify this
in the comments.

The reason for this is that nl80211 uses the regdom
without being able to hold reg_mutex.
Acked-by: NLuis R. Rodriguez <mcgrof@do-not-panic.com>
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>