Loading...
1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * Copyright (c) 2008, 2009 open80211s Ltd.
4 * Copyright (C) 2019 Intel Corporation
5 * Author: Luis Carlos Cobo <luisca@cozybit.com>
6 */
7
8#include <linux/slab.h>
9#include <linux/etherdevice.h>
10#include <asm/unaligned.h>
11#include "wme.h"
12#include "mesh.h"
13
14#define TEST_FRAME_LEN 8192
15#define MAX_METRIC 0xffffffff
16#define ARITH_SHIFT 8
17#define LINK_FAIL_THRESH 95
18
19#define MAX_PREQ_QUEUE_LEN 64
20
21static void mesh_queue_preq(struct mesh_path *, u8);
22
23static inline u32 u32_field_get(const u8 *preq_elem, int offset, bool ae)
24{
25 if (ae)
26 offset += 6;
27 return get_unaligned_le32(preq_elem + offset);
28}
29
30static inline u16 u16_field_get(const u8 *preq_elem, int offset, bool ae)
31{
32 if (ae)
33 offset += 6;
34 return get_unaligned_le16(preq_elem + offset);
35}
36
37/* HWMP IE processing macros */
38#define AE_F (1<<6)
39#define AE_F_SET(x) (*x & AE_F)
40#define PREQ_IE_FLAGS(x) (*(x))
41#define PREQ_IE_HOPCOUNT(x) (*(x + 1))
42#define PREQ_IE_TTL(x) (*(x + 2))
43#define PREQ_IE_PREQ_ID(x) u32_field_get(x, 3, 0)
44#define PREQ_IE_ORIG_ADDR(x) (x + 7)
45#define PREQ_IE_ORIG_SN(x) u32_field_get(x, 13, 0)
46#define PREQ_IE_LIFETIME(x) u32_field_get(x, 17, AE_F_SET(x))
47#define PREQ_IE_METRIC(x) u32_field_get(x, 21, AE_F_SET(x))
48#define PREQ_IE_TARGET_F(x) (*(AE_F_SET(x) ? x + 32 : x + 26))
49#define PREQ_IE_TARGET_ADDR(x) (AE_F_SET(x) ? x + 33 : x + 27)
50#define PREQ_IE_TARGET_SN(x) u32_field_get(x, 33, AE_F_SET(x))
51
52
53#define PREP_IE_FLAGS(x) PREQ_IE_FLAGS(x)
54#define PREP_IE_HOPCOUNT(x) PREQ_IE_HOPCOUNT(x)
55#define PREP_IE_TTL(x) PREQ_IE_TTL(x)
56#define PREP_IE_ORIG_ADDR(x) (AE_F_SET(x) ? x + 27 : x + 21)
57#define PREP_IE_ORIG_SN(x) u32_field_get(x, 27, AE_F_SET(x))
58#define PREP_IE_LIFETIME(x) u32_field_get(x, 13, AE_F_SET(x))
59#define PREP_IE_METRIC(x) u32_field_get(x, 17, AE_F_SET(x))
60#define PREP_IE_TARGET_ADDR(x) (x + 3)
61#define PREP_IE_TARGET_SN(x) u32_field_get(x, 9, 0)
62
63#define PERR_IE_TTL(x) (*(x))
64#define PERR_IE_TARGET_FLAGS(x) (*(x + 2))
65#define PERR_IE_TARGET_ADDR(x) (x + 3)
66#define PERR_IE_TARGET_SN(x) u32_field_get(x, 9, 0)
67#define PERR_IE_TARGET_RCODE(x) u16_field_get(x, 13, 0)
68
69#define MSEC_TO_TU(x) (x*1000/1024)
70#define SN_GT(x, y) ((s32)(y - x) < 0)
71#define SN_LT(x, y) ((s32)(x - y) < 0)
72#define MAX_SANE_SN_DELTA 32
73
74static inline u32 SN_DELTA(u32 x, u32 y)
75{
76 return x >= y ? x - y : y - x;
77}
78
79#define net_traversal_jiffies(s) \
80 msecs_to_jiffies(s->u.mesh.mshcfg.dot11MeshHWMPnetDiameterTraversalTime)
81#define default_lifetime(s) \
82 MSEC_TO_TU(s->u.mesh.mshcfg.dot11MeshHWMPactivePathTimeout)
83#define min_preq_int_jiff(s) \
84 (msecs_to_jiffies(s->u.mesh.mshcfg.dot11MeshHWMPpreqMinInterval))
85#define max_preq_retries(s) (s->u.mesh.mshcfg.dot11MeshHWMPmaxPREQretries)
86#define disc_timeout_jiff(s) \
87 msecs_to_jiffies(sdata->u.mesh.mshcfg.min_discovery_timeout)
88#define root_path_confirmation_jiffies(s) \
89 msecs_to_jiffies(sdata->u.mesh.mshcfg.dot11MeshHWMPconfirmationInterval)
90
91enum mpath_frame_type {
92 MPATH_PREQ = 0,
93 MPATH_PREP,
94 MPATH_PERR,
95 MPATH_RANN
96};
97
98static const u8 broadcast_addr[ETH_ALEN] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
99
100static int mesh_path_sel_frame_tx(enum mpath_frame_type action, u8 flags,
101 const u8 *orig_addr, u32 orig_sn,
102 u8 target_flags, const u8 *target,
103 u32 target_sn, const u8 *da,
104 u8 hop_count, u8 ttl,
105 u32 lifetime, u32 metric, u32 preq_id,
106 struct ieee80211_sub_if_data *sdata)
107{
108 struct ieee80211_local *local = sdata->local;
109 struct sk_buff *skb;
110 struct ieee80211_mgmt *mgmt;
111 u8 *pos, ie_len;
112 int hdr_len = offsetofend(struct ieee80211_mgmt,
113 u.action.u.mesh_action);
114
115 skb = dev_alloc_skb(local->tx_headroom +
116 hdr_len +
117 2 + 37); /* max HWMP IE */
118 if (!skb)
119 return -1;
120 skb_reserve(skb, local->tx_headroom);
121 mgmt = skb_put_zero(skb, hdr_len);
122 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
123 IEEE80211_STYPE_ACTION);
124
125 memcpy(mgmt->da, da, ETH_ALEN);
126 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
127 /* BSSID == SA */
128 memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN);
129 mgmt->u.action.category = WLAN_CATEGORY_MESH_ACTION;
130 mgmt->u.action.u.mesh_action.action_code =
131 WLAN_MESH_ACTION_HWMP_PATH_SELECTION;
132
133 switch (action) {
134 case MPATH_PREQ:
135 mhwmp_dbg(sdata, "sending PREQ to %pM\n", target);
136 ie_len = 37;
137 pos = skb_put(skb, 2 + ie_len);
138 *pos++ = WLAN_EID_PREQ;
139 break;
140 case MPATH_PREP:
141 mhwmp_dbg(sdata, "sending PREP to %pM\n", orig_addr);
142 ie_len = 31;
143 pos = skb_put(skb, 2 + ie_len);
144 *pos++ = WLAN_EID_PREP;
145 break;
146 case MPATH_RANN:
147 mhwmp_dbg(sdata, "sending RANN from %pM\n", orig_addr);
148 ie_len = sizeof(struct ieee80211_rann_ie);
149 pos = skb_put(skb, 2 + ie_len);
150 *pos++ = WLAN_EID_RANN;
151 break;
152 default:
153 kfree_skb(skb);
154 return -ENOTSUPP;
155 }
156 *pos++ = ie_len;
157 *pos++ = flags;
158 *pos++ = hop_count;
159 *pos++ = ttl;
160 if (action == MPATH_PREP) {
161 memcpy(pos, target, ETH_ALEN);
162 pos += ETH_ALEN;
163 put_unaligned_le32(target_sn, pos);
164 pos += 4;
165 } else {
166 if (action == MPATH_PREQ) {
167 put_unaligned_le32(preq_id, pos);
168 pos += 4;
169 }
170 memcpy(pos, orig_addr, ETH_ALEN);
171 pos += ETH_ALEN;
172 put_unaligned_le32(orig_sn, pos);
173 pos += 4;
174 }
175 put_unaligned_le32(lifetime, pos); /* interval for RANN */
176 pos += 4;
177 put_unaligned_le32(metric, pos);
178 pos += 4;
179 if (action == MPATH_PREQ) {
180 *pos++ = 1; /* destination count */
181 *pos++ = target_flags;
182 memcpy(pos, target, ETH_ALEN);
183 pos += ETH_ALEN;
184 put_unaligned_le32(target_sn, pos);
185 pos += 4;
186 } else if (action == MPATH_PREP) {
187 memcpy(pos, orig_addr, ETH_ALEN);
188 pos += ETH_ALEN;
189 put_unaligned_le32(orig_sn, pos);
190 pos += 4;
191 }
192
193 ieee80211_tx_skb(sdata, skb);
194 return 0;
195}
196
197
198/* Headroom is not adjusted. Caller should ensure that skb has sufficient
199 * headroom in case the frame is encrypted. */
200static void prepare_frame_for_deferred_tx(struct ieee80211_sub_if_data *sdata,
201 struct sk_buff *skb)
202{
203 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
204 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
205
206 skb_reset_mac_header(skb);
207 skb_reset_network_header(skb);
208 skb_reset_transport_header(skb);
209
210 /* Send all internal mgmt frames on VO. Accordingly set TID to 7. */
211 skb_set_queue_mapping(skb, IEEE80211_AC_VO);
212 skb->priority = 7;
213
214 info->control.vif = &sdata->vif;
215 info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING;
216 ieee80211_set_qos_hdr(sdata, skb);
217 ieee80211_mps_set_frame_flags(sdata, NULL, hdr);
218}
219
220/**
221 * mesh_path_error_tx - Sends a PERR mesh management frame
222 *
223 * @ttl: allowed remaining hops
224 * @target: broken destination
225 * @target_sn: SN of the broken destination
226 * @target_rcode: reason code for this PERR
227 * @ra: node this frame is addressed to
228 * @sdata: local mesh subif
229 *
230 * Note: This function may be called with driver locks taken that the driver
231 * also acquires in the TX path. To avoid a deadlock we don't transmit the
232 * frame directly but add it to the pending queue instead.
233 */
234int mesh_path_error_tx(struct ieee80211_sub_if_data *sdata,
235 u8 ttl, const u8 *target, u32 target_sn,
236 u16 target_rcode, const u8 *ra)
237{
238 struct ieee80211_local *local = sdata->local;
239 struct sk_buff *skb;
240 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
241 struct ieee80211_mgmt *mgmt;
242 u8 *pos, ie_len;
243 int hdr_len = offsetofend(struct ieee80211_mgmt,
244 u.action.u.mesh_action);
245
246 if (time_before(jiffies, ifmsh->next_perr))
247 return -EAGAIN;
248
249 skb = dev_alloc_skb(local->tx_headroom +
250 sdata->encrypt_headroom +
251 IEEE80211_ENCRYPT_TAILROOM +
252 hdr_len +
253 2 + 15 /* PERR IE */);
254 if (!skb)
255 return -1;
256 skb_reserve(skb, local->tx_headroom + sdata->encrypt_headroom);
257 mgmt = skb_put_zero(skb, hdr_len);
258 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
259 IEEE80211_STYPE_ACTION);
260
261 memcpy(mgmt->da, ra, ETH_ALEN);
262 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
263 /* BSSID == SA */
264 memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN);
265 mgmt->u.action.category = WLAN_CATEGORY_MESH_ACTION;
266 mgmt->u.action.u.mesh_action.action_code =
267 WLAN_MESH_ACTION_HWMP_PATH_SELECTION;
268 ie_len = 15;
269 pos = skb_put(skb, 2 + ie_len);
270 *pos++ = WLAN_EID_PERR;
271 *pos++ = ie_len;
272 /* ttl */
273 *pos++ = ttl;
274 /* number of destinations */
275 *pos++ = 1;
276 /* Flags field has AE bit only as defined in
277 * sec 8.4.2.117 IEEE802.11-2012
278 */
279 *pos = 0;
280 pos++;
281 memcpy(pos, target, ETH_ALEN);
282 pos += ETH_ALEN;
283 put_unaligned_le32(target_sn, pos);
284 pos += 4;
285 put_unaligned_le16(target_rcode, pos);
286
287 /* see note in function header */
288 prepare_frame_for_deferred_tx(sdata, skb);
289 ifmsh->next_perr = TU_TO_EXP_TIME(
290 ifmsh->mshcfg.dot11MeshHWMPperrMinInterval);
291 ieee80211_add_pending_skb(local, skb);
292 return 0;
293}
294
295void ieee80211s_update_metric(struct ieee80211_local *local,
296 struct sta_info *sta,
297 struct ieee80211_tx_status *st)
298{
299 struct ieee80211_tx_info *txinfo = st->info;
300 int failed;
301 struct rate_info rinfo;
302
303 failed = !(txinfo->flags & IEEE80211_TX_STAT_ACK);
304
305 /* moving average, scaled to 100.
306 * feed failure as 100 and success as 0
307 */
308 ewma_mesh_fail_avg_add(&sta->mesh->fail_avg, failed * 100);
309 if (ewma_mesh_fail_avg_read(&sta->mesh->fail_avg) >
310 LINK_FAIL_THRESH)
311 mesh_plink_broken(sta);
312
313 sta_set_rate_info_tx(sta, &sta->tx_stats.last_rate, &rinfo);
314 ewma_mesh_tx_rate_avg_add(&sta->mesh->tx_rate_avg,
315 cfg80211_calculate_bitrate(&rinfo));
316}
317
318u32 airtime_link_metric_get(struct ieee80211_local *local,
319 struct sta_info *sta)
320{
321 /* This should be adjusted for each device */
322 int device_constant = 1 << ARITH_SHIFT;
323 int test_frame_len = TEST_FRAME_LEN << ARITH_SHIFT;
324 int s_unit = 1 << ARITH_SHIFT;
325 int rate, err;
326 u32 tx_time, estimated_retx;
327 u64 result;
328 unsigned long fail_avg =
329 ewma_mesh_fail_avg_read(&sta->mesh->fail_avg);
330
331 if (sta->mesh->plink_state != NL80211_PLINK_ESTAB)
332 return MAX_METRIC;
333
334 /* Try to get rate based on HW/SW RC algorithm.
335 * Rate is returned in units of Kbps, correct this
336 * to comply with airtime calculation units
337 * Round up in case we get rate < 100Kbps
338 */
339 rate = DIV_ROUND_UP(sta_get_expected_throughput(sta), 100);
340
341 if (rate) {
342 err = 0;
343 } else {
344 if (fail_avg > LINK_FAIL_THRESH)
345 return MAX_METRIC;
346
347 rate = ewma_mesh_tx_rate_avg_read(&sta->mesh->tx_rate_avg);
348 if (WARN_ON(!rate))
349 return MAX_METRIC;
350
351 err = (fail_avg << ARITH_SHIFT) / 100;
352 }
353
354 /* bitrate is in units of 100 Kbps, while we need rate in units of
355 * 1Mbps. This will be corrected on tx_time computation.
356 */
357 tx_time = (device_constant + 10 * test_frame_len / rate);
358 estimated_retx = ((1 << (2 * ARITH_SHIFT)) / (s_unit - err));
359 result = (tx_time * estimated_retx) >> (2 * ARITH_SHIFT);
360 return (u32)result;
361}
362
363/**
364 * hwmp_route_info_get - Update routing info to originator and transmitter
365 *
366 * @sdata: local mesh subif
367 * @mgmt: mesh management frame
368 * @hwmp_ie: hwmp information element (PREP or PREQ)
369 * @action: type of hwmp ie
370 *
371 * This function updates the path routing information to the originator and the
372 * transmitter of a HWMP PREQ or PREP frame.
373 *
374 * Returns: metric to frame originator or 0 if the frame should not be further
375 * processed
376 *
377 * Notes: this function is the only place (besides user-provided info) where
378 * path routing information is updated.
379 */
380static u32 hwmp_route_info_get(struct ieee80211_sub_if_data *sdata,
381 struct ieee80211_mgmt *mgmt,
382 const u8 *hwmp_ie, enum mpath_frame_type action)
383{
384 struct ieee80211_local *local = sdata->local;
385 struct mesh_path *mpath;
386 struct sta_info *sta;
387 bool fresh_info;
388 const u8 *orig_addr, *ta;
389 u32 orig_sn, orig_metric;
390 unsigned long orig_lifetime, exp_time;
391 u32 last_hop_metric, new_metric;
392 bool process = true;
393 u8 hopcount;
394
395 rcu_read_lock();
396 sta = sta_info_get(sdata, mgmt->sa);
397 if (!sta) {
398 rcu_read_unlock();
399 return 0;
400 }
401
402 last_hop_metric = airtime_link_metric_get(local, sta);
403 /* Update and check originator routing info */
404 fresh_info = true;
405
406 switch (action) {
407 case MPATH_PREQ:
408 orig_addr = PREQ_IE_ORIG_ADDR(hwmp_ie);
409 orig_sn = PREQ_IE_ORIG_SN(hwmp_ie);
410 orig_lifetime = PREQ_IE_LIFETIME(hwmp_ie);
411 orig_metric = PREQ_IE_METRIC(hwmp_ie);
412 hopcount = PREQ_IE_HOPCOUNT(hwmp_ie) + 1;
413 break;
414 case MPATH_PREP:
415 /* Originator here refers to the MP that was the target in the
416 * Path Request. We divert from the nomenclature in the draft
417 * so that we can easily use a single function to gather path
418 * information from both PREQ and PREP frames.
419 */
420 orig_addr = PREP_IE_TARGET_ADDR(hwmp_ie);
421 orig_sn = PREP_IE_TARGET_SN(hwmp_ie);
422 orig_lifetime = PREP_IE_LIFETIME(hwmp_ie);
423 orig_metric = PREP_IE_METRIC(hwmp_ie);
424 hopcount = PREP_IE_HOPCOUNT(hwmp_ie) + 1;
425 break;
426 default:
427 rcu_read_unlock();
428 return 0;
429 }
430 new_metric = orig_metric + last_hop_metric;
431 if (new_metric < orig_metric)
432 new_metric = MAX_METRIC;
433 exp_time = TU_TO_EXP_TIME(orig_lifetime);
434
435 if (ether_addr_equal(orig_addr, sdata->vif.addr)) {
436 /* This MP is the originator, we are not interested in this
437 * frame, except for updating transmitter's path info.
438 */
439 process = false;
440 fresh_info = false;
441 } else {
442 mpath = mesh_path_lookup(sdata, orig_addr);
443 if (mpath) {
444 spin_lock_bh(&mpath->state_lock);
445 if (mpath->flags & MESH_PATH_FIXED)
446 fresh_info = false;
447 else if ((mpath->flags & MESH_PATH_ACTIVE) &&
448 (mpath->flags & MESH_PATH_SN_VALID)) {
449 if (SN_GT(mpath->sn, orig_sn) ||
450 (mpath->sn == orig_sn &&
451 (rcu_access_pointer(mpath->next_hop) !=
452 sta ?
453 mult_frac(new_metric, 10, 9) :
454 new_metric) >= mpath->metric)) {
455 process = false;
456 fresh_info = false;
457 }
458 } else if (!(mpath->flags & MESH_PATH_ACTIVE)) {
459 bool have_sn, newer_sn, bounced;
460
461 have_sn = mpath->flags & MESH_PATH_SN_VALID;
462 newer_sn = have_sn && SN_GT(orig_sn, mpath->sn);
463 bounced = have_sn &&
464 (SN_DELTA(orig_sn, mpath->sn) >
465 MAX_SANE_SN_DELTA);
466
467 if (!have_sn || newer_sn) {
468 /* if SN is newer than what we had
469 * then we can take it */;
470 } else if (bounced) {
471 /* if SN is way different than what
472 * we had then assume the other side
473 * rebooted or restarted */;
474 } else {
475 process = false;
476 fresh_info = false;
477 }
478 }
479 } else {
480 mpath = mesh_path_add(sdata, orig_addr);
481 if (IS_ERR(mpath)) {
482 rcu_read_unlock();
483 return 0;
484 }
485 spin_lock_bh(&mpath->state_lock);
486 }
487
488 if (fresh_info) {
489 if (rcu_access_pointer(mpath->next_hop) != sta)
490 mpath->path_change_count++;
491 mesh_path_assign_nexthop(mpath, sta);
492 mpath->flags |= MESH_PATH_SN_VALID;
493 mpath->metric = new_metric;
494 mpath->sn = orig_sn;
495 mpath->exp_time = time_after(mpath->exp_time, exp_time)
496 ? mpath->exp_time : exp_time;
497 mpath->hop_count = hopcount;
498 mesh_path_activate(mpath);
499 spin_unlock_bh(&mpath->state_lock);
500 ewma_mesh_fail_avg_init(&sta->mesh->fail_avg);
501 /* init it at a low value - 0 start is tricky */
502 ewma_mesh_fail_avg_add(&sta->mesh->fail_avg, 1);
503 mesh_path_tx_pending(mpath);
504 /* draft says preq_id should be saved to, but there does
505 * not seem to be any use for it, skipping by now
506 */
507 } else
508 spin_unlock_bh(&mpath->state_lock);
509 }
510
511 /* Update and check transmitter routing info */
512 ta = mgmt->sa;
513 if (ether_addr_equal(orig_addr, ta))
514 fresh_info = false;
515 else {
516 fresh_info = true;
517
518 mpath = mesh_path_lookup(sdata, ta);
519 if (mpath) {
520 spin_lock_bh(&mpath->state_lock);
521 if ((mpath->flags & MESH_PATH_FIXED) ||
522 ((mpath->flags & MESH_PATH_ACTIVE) &&
523 ((rcu_access_pointer(mpath->next_hop) != sta ?
524 mult_frac(last_hop_metric, 10, 9) :
525 last_hop_metric) > mpath->metric)))
526 fresh_info = false;
527 } else {
528 mpath = mesh_path_add(sdata, ta);
529 if (IS_ERR(mpath)) {
530 rcu_read_unlock();
531 return 0;
532 }
533 spin_lock_bh(&mpath->state_lock);
534 }
535
536 if (fresh_info) {
537 if (rcu_access_pointer(mpath->next_hop) != sta)
538 mpath->path_change_count++;
539 mesh_path_assign_nexthop(mpath, sta);
540 mpath->metric = last_hop_metric;
541 mpath->exp_time = time_after(mpath->exp_time, exp_time)
542 ? mpath->exp_time : exp_time;
543 mpath->hop_count = 1;
544 mesh_path_activate(mpath);
545 spin_unlock_bh(&mpath->state_lock);
546 ewma_mesh_fail_avg_init(&sta->mesh->fail_avg);
547 /* init it at a low value - 0 start is tricky */
548 ewma_mesh_fail_avg_add(&sta->mesh->fail_avg, 1);
549 mesh_path_tx_pending(mpath);
550 } else
551 spin_unlock_bh(&mpath->state_lock);
552 }
553
554 rcu_read_unlock();
555
556 return process ? new_metric : 0;
557}
558
559static void hwmp_preq_frame_process(struct ieee80211_sub_if_data *sdata,
560 struct ieee80211_mgmt *mgmt,
561 const u8 *preq_elem, u32 orig_metric)
562{
563 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
564 struct mesh_path *mpath = NULL;
565 const u8 *target_addr, *orig_addr;
566 const u8 *da;
567 u8 target_flags, ttl, flags;
568 u32 orig_sn, target_sn, lifetime, target_metric = 0;
569 bool reply = false;
570 bool forward = true;
571 bool root_is_gate;
572
573 /* Update target SN, if present */
574 target_addr = PREQ_IE_TARGET_ADDR(preq_elem);
575 orig_addr = PREQ_IE_ORIG_ADDR(preq_elem);
576 target_sn = PREQ_IE_TARGET_SN(preq_elem);
577 orig_sn = PREQ_IE_ORIG_SN(preq_elem);
578 target_flags = PREQ_IE_TARGET_F(preq_elem);
579 /* Proactive PREQ gate announcements */
580 flags = PREQ_IE_FLAGS(preq_elem);
581 root_is_gate = !!(flags & RANN_FLAG_IS_GATE);
582
583 mhwmp_dbg(sdata, "received PREQ from %pM\n", orig_addr);
584
585 if (ether_addr_equal(target_addr, sdata->vif.addr)) {
586 mhwmp_dbg(sdata, "PREQ is for us\n");
587 forward = false;
588 reply = true;
589 target_metric = 0;
590
591 if (SN_GT(target_sn, ifmsh->sn))
592 ifmsh->sn = target_sn;
593
594 if (time_after(jiffies, ifmsh->last_sn_update +
595 net_traversal_jiffies(sdata)) ||
596 time_before(jiffies, ifmsh->last_sn_update)) {
597 ++ifmsh->sn;
598 ifmsh->last_sn_update = jiffies;
599 }
600 target_sn = ifmsh->sn;
601 } else if (is_broadcast_ether_addr(target_addr) &&
602 (target_flags & IEEE80211_PREQ_TO_FLAG)) {
603 rcu_read_lock();
604 mpath = mesh_path_lookup(sdata, orig_addr);
605 if (mpath) {
606 if (flags & IEEE80211_PREQ_PROACTIVE_PREP_FLAG) {
607 reply = true;
608 target_addr = sdata->vif.addr;
609 target_sn = ++ifmsh->sn;
610 target_metric = 0;
611 ifmsh->last_sn_update = jiffies;
612 }
613 if (root_is_gate)
614 mesh_path_add_gate(mpath);
615 }
616 rcu_read_unlock();
617 } else {
618 rcu_read_lock();
619 mpath = mesh_path_lookup(sdata, target_addr);
620 if (mpath) {
621 if ((!(mpath->flags & MESH_PATH_SN_VALID)) ||
622 SN_LT(mpath->sn, target_sn)) {
623 mpath->sn = target_sn;
624 mpath->flags |= MESH_PATH_SN_VALID;
625 } else if ((!(target_flags & IEEE80211_PREQ_TO_FLAG)) &&
626 (mpath->flags & MESH_PATH_ACTIVE)) {
627 reply = true;
628 target_metric = mpath->metric;
629 target_sn = mpath->sn;
630 /* Case E2 of sec 13.10.9.3 IEEE 802.11-2012*/
631 target_flags |= IEEE80211_PREQ_TO_FLAG;
632 }
633 }
634 rcu_read_unlock();
635 }
636
637 if (reply) {
638 lifetime = PREQ_IE_LIFETIME(preq_elem);
639 ttl = ifmsh->mshcfg.element_ttl;
640 if (ttl != 0) {
641 mhwmp_dbg(sdata, "replying to the PREQ\n");
642 mesh_path_sel_frame_tx(MPATH_PREP, 0, orig_addr,
643 orig_sn, 0, target_addr,
644 target_sn, mgmt->sa, 0, ttl,
645 lifetime, target_metric, 0,
646 sdata);
647 } else {
648 ifmsh->mshstats.dropped_frames_ttl++;
649 }
650 }
651
652 if (forward && ifmsh->mshcfg.dot11MeshForwarding) {
653 u32 preq_id;
654 u8 hopcount;
655
656 ttl = PREQ_IE_TTL(preq_elem);
657 lifetime = PREQ_IE_LIFETIME(preq_elem);
658 if (ttl <= 1) {
659 ifmsh->mshstats.dropped_frames_ttl++;
660 return;
661 }
662 mhwmp_dbg(sdata, "forwarding the PREQ from %pM\n", orig_addr);
663 --ttl;
664 preq_id = PREQ_IE_PREQ_ID(preq_elem);
665 hopcount = PREQ_IE_HOPCOUNT(preq_elem) + 1;
666 da = (mpath && mpath->is_root) ?
667 mpath->rann_snd_addr : broadcast_addr;
668
669 if (flags & IEEE80211_PREQ_PROACTIVE_PREP_FLAG) {
670 target_addr = PREQ_IE_TARGET_ADDR(preq_elem);
671 target_sn = PREQ_IE_TARGET_SN(preq_elem);
672 }
673
674 mesh_path_sel_frame_tx(MPATH_PREQ, flags, orig_addr,
675 orig_sn, target_flags, target_addr,
676 target_sn, da, hopcount, ttl, lifetime,
677 orig_metric, preq_id, sdata);
678 if (!is_multicast_ether_addr(da))
679 ifmsh->mshstats.fwded_unicast++;
680 else
681 ifmsh->mshstats.fwded_mcast++;
682 ifmsh->mshstats.fwded_frames++;
683 }
684}
685
686
687static inline struct sta_info *
688next_hop_deref_protected(struct mesh_path *mpath)
689{
690 return rcu_dereference_protected(mpath->next_hop,
691 lockdep_is_held(&mpath->state_lock));
692}
693
694
695static void hwmp_prep_frame_process(struct ieee80211_sub_if_data *sdata,
696 struct ieee80211_mgmt *mgmt,
697 const u8 *prep_elem, u32 metric)
698{
699 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
700 struct mesh_path *mpath;
701 const u8 *target_addr, *orig_addr;
702 u8 ttl, hopcount, flags;
703 u8 next_hop[ETH_ALEN];
704 u32 target_sn, orig_sn, lifetime;
705
706 mhwmp_dbg(sdata, "received PREP from %pM\n",
707 PREP_IE_TARGET_ADDR(prep_elem));
708
709 orig_addr = PREP_IE_ORIG_ADDR(prep_elem);
710 if (ether_addr_equal(orig_addr, sdata->vif.addr))
711 /* destination, no forwarding required */
712 return;
713
714 if (!ifmsh->mshcfg.dot11MeshForwarding)
715 return;
716
717 ttl = PREP_IE_TTL(prep_elem);
718 if (ttl <= 1) {
719 sdata->u.mesh.mshstats.dropped_frames_ttl++;
720 return;
721 }
722
723 rcu_read_lock();
724 mpath = mesh_path_lookup(sdata, orig_addr);
725 if (mpath)
726 spin_lock_bh(&mpath->state_lock);
727 else
728 goto fail;
729 if (!(mpath->flags & MESH_PATH_ACTIVE)) {
730 spin_unlock_bh(&mpath->state_lock);
731 goto fail;
732 }
733 memcpy(next_hop, next_hop_deref_protected(mpath)->sta.addr, ETH_ALEN);
734 spin_unlock_bh(&mpath->state_lock);
735 --ttl;
736 flags = PREP_IE_FLAGS(prep_elem);
737 lifetime = PREP_IE_LIFETIME(prep_elem);
738 hopcount = PREP_IE_HOPCOUNT(prep_elem) + 1;
739 target_addr = PREP_IE_TARGET_ADDR(prep_elem);
740 target_sn = PREP_IE_TARGET_SN(prep_elem);
741 orig_sn = PREP_IE_ORIG_SN(prep_elem);
742
743 mesh_path_sel_frame_tx(MPATH_PREP, flags, orig_addr, orig_sn, 0,
744 target_addr, target_sn, next_hop, hopcount,
745 ttl, lifetime, metric, 0, sdata);
746 rcu_read_unlock();
747
748 sdata->u.mesh.mshstats.fwded_unicast++;
749 sdata->u.mesh.mshstats.fwded_frames++;
750 return;
751
752fail:
753 rcu_read_unlock();
754 sdata->u.mesh.mshstats.dropped_frames_no_route++;
755}
756
757static void hwmp_perr_frame_process(struct ieee80211_sub_if_data *sdata,
758 struct ieee80211_mgmt *mgmt,
759 const u8 *perr_elem)
760{
761 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
762 struct mesh_path *mpath;
763 u8 ttl;
764 const u8 *ta, *target_addr;
765 u32 target_sn;
766 u16 target_rcode;
767
768 ta = mgmt->sa;
769 ttl = PERR_IE_TTL(perr_elem);
770 if (ttl <= 1) {
771 ifmsh->mshstats.dropped_frames_ttl++;
772 return;
773 }
774 ttl--;
775 target_addr = PERR_IE_TARGET_ADDR(perr_elem);
776 target_sn = PERR_IE_TARGET_SN(perr_elem);
777 target_rcode = PERR_IE_TARGET_RCODE(perr_elem);
778
779 rcu_read_lock();
780 mpath = mesh_path_lookup(sdata, target_addr);
781 if (mpath) {
782 struct sta_info *sta;
783
784 spin_lock_bh(&mpath->state_lock);
785 sta = next_hop_deref_protected(mpath);
786 if (mpath->flags & MESH_PATH_ACTIVE &&
787 ether_addr_equal(ta, sta->sta.addr) &&
788 !(mpath->flags & MESH_PATH_FIXED) &&
789 (!(mpath->flags & MESH_PATH_SN_VALID) ||
790 SN_GT(target_sn, mpath->sn) || target_sn == 0)) {
791 mpath->flags &= ~MESH_PATH_ACTIVE;
792 if (target_sn != 0)
793 mpath->sn = target_sn;
794 else
795 mpath->sn += 1;
796 spin_unlock_bh(&mpath->state_lock);
797 if (!ifmsh->mshcfg.dot11MeshForwarding)
798 goto endperr;
799 mesh_path_error_tx(sdata, ttl, target_addr,
800 target_sn, target_rcode,
801 broadcast_addr);
802 } else
803 spin_unlock_bh(&mpath->state_lock);
804 }
805endperr:
806 rcu_read_unlock();
807}
808
809static void hwmp_rann_frame_process(struct ieee80211_sub_if_data *sdata,
810 struct ieee80211_mgmt *mgmt,
811 const struct ieee80211_rann_ie *rann)
812{
813 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
814 struct ieee80211_local *local = sdata->local;
815 struct sta_info *sta;
816 struct mesh_path *mpath;
817 u8 ttl, flags, hopcount;
818 const u8 *orig_addr;
819 u32 orig_sn, new_metric, orig_metric, last_hop_metric, interval;
820 bool root_is_gate;
821
822 ttl = rann->rann_ttl;
823 flags = rann->rann_flags;
824 root_is_gate = !!(flags & RANN_FLAG_IS_GATE);
825 orig_addr = rann->rann_addr;
826 orig_sn = le32_to_cpu(rann->rann_seq);
827 interval = le32_to_cpu(rann->rann_interval);
828 hopcount = rann->rann_hopcount;
829 hopcount++;
830 orig_metric = le32_to_cpu(rann->rann_metric);
831
832 /* Ignore our own RANNs */
833 if (ether_addr_equal(orig_addr, sdata->vif.addr))
834 return;
835
836 mhwmp_dbg(sdata,
837 "received RANN from %pM via neighbour %pM (is_gate=%d)\n",
838 orig_addr, mgmt->sa, root_is_gate);
839
840 rcu_read_lock();
841 sta = sta_info_get(sdata, mgmt->sa);
842 if (!sta) {
843 rcu_read_unlock();
844 return;
845 }
846
847 last_hop_metric = airtime_link_metric_get(local, sta);
848 new_metric = orig_metric + last_hop_metric;
849 if (new_metric < orig_metric)
850 new_metric = MAX_METRIC;
851
852 mpath = mesh_path_lookup(sdata, orig_addr);
853 if (!mpath) {
854 mpath = mesh_path_add(sdata, orig_addr);
855 if (IS_ERR(mpath)) {
856 rcu_read_unlock();
857 sdata->u.mesh.mshstats.dropped_frames_no_route++;
858 return;
859 }
860 }
861
862 if (!(SN_LT(mpath->sn, orig_sn)) &&
863 !(mpath->sn == orig_sn && new_metric < mpath->rann_metric)) {
864 rcu_read_unlock();
865 return;
866 }
867
868 if ((!(mpath->flags & (MESH_PATH_ACTIVE | MESH_PATH_RESOLVING)) ||
869 (time_after(jiffies, mpath->last_preq_to_root +
870 root_path_confirmation_jiffies(sdata)) ||
871 time_before(jiffies, mpath->last_preq_to_root))) &&
872 !(mpath->flags & MESH_PATH_FIXED) && (ttl != 0)) {
873 mhwmp_dbg(sdata,
874 "time to refresh root mpath %pM\n",
875 orig_addr);
876 mesh_queue_preq(mpath, PREQ_Q_F_START | PREQ_Q_F_REFRESH);
877 mpath->last_preq_to_root = jiffies;
878 }
879
880 mpath->sn = orig_sn;
881 mpath->rann_metric = new_metric;
882 mpath->is_root = true;
883 /* Recording RANNs sender address to send individually
884 * addressed PREQs destined for root mesh STA */
885 memcpy(mpath->rann_snd_addr, mgmt->sa, ETH_ALEN);
886
887 if (root_is_gate)
888 mesh_path_add_gate(mpath);
889
890 if (ttl <= 1) {
891 ifmsh->mshstats.dropped_frames_ttl++;
892 rcu_read_unlock();
893 return;
894 }
895 ttl--;
896
897 if (ifmsh->mshcfg.dot11MeshForwarding) {
898 mesh_path_sel_frame_tx(MPATH_RANN, flags, orig_addr,
899 orig_sn, 0, NULL, 0, broadcast_addr,
900 hopcount, ttl, interval,
901 new_metric, 0, sdata);
902 }
903
904 rcu_read_unlock();
905}
906
907
908void mesh_rx_path_sel_frame(struct ieee80211_sub_if_data *sdata,
909 struct ieee80211_mgmt *mgmt, size_t len)
910{
911 struct ieee802_11_elems elems;
912 size_t baselen;
913 u32 path_metric;
914 struct sta_info *sta;
915
916 /* need action_code */
917 if (len < IEEE80211_MIN_ACTION_SIZE + 1)
918 return;
919
920 rcu_read_lock();
921 sta = sta_info_get(sdata, mgmt->sa);
922 if (!sta || sta->mesh->plink_state != NL80211_PLINK_ESTAB) {
923 rcu_read_unlock();
924 return;
925 }
926 rcu_read_unlock();
927
928 baselen = (u8 *) mgmt->u.action.u.mesh_action.variable - (u8 *) mgmt;
929 ieee802_11_parse_elems(mgmt->u.action.u.mesh_action.variable,
930 len - baselen, false, &elems, mgmt->bssid, NULL);
931
932 if (elems.preq) {
933 if (elems.preq_len != 37)
934 /* Right now we support just 1 destination and no AE */
935 return;
936 path_metric = hwmp_route_info_get(sdata, mgmt, elems.preq,
937 MPATH_PREQ);
938 if (path_metric)
939 hwmp_preq_frame_process(sdata, mgmt, elems.preq,
940 path_metric);
941 }
942 if (elems.prep) {
943 if (elems.prep_len != 31)
944 /* Right now we support no AE */
945 return;
946 path_metric = hwmp_route_info_get(sdata, mgmt, elems.prep,
947 MPATH_PREP);
948 if (path_metric)
949 hwmp_prep_frame_process(sdata, mgmt, elems.prep,
950 path_metric);
951 }
952 if (elems.perr) {
953 if (elems.perr_len != 15)
954 /* Right now we support only one destination per PERR */
955 return;
956 hwmp_perr_frame_process(sdata, mgmt, elems.perr);
957 }
958 if (elems.rann)
959 hwmp_rann_frame_process(sdata, mgmt, elems.rann);
960}
961
962/**
963 * mesh_queue_preq - queue a PREQ to a given destination
964 *
965 * @mpath: mesh path to discover
966 * @flags: special attributes of the PREQ to be sent
967 *
968 * Locking: the function must be called from within a rcu read lock block.
969 *
970 */
971static void mesh_queue_preq(struct mesh_path *mpath, u8 flags)
972{
973 struct ieee80211_sub_if_data *sdata = mpath->sdata;
974 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
975 struct mesh_preq_queue *preq_node;
976
977 preq_node = kmalloc(sizeof(struct mesh_preq_queue), GFP_ATOMIC);
978 if (!preq_node) {
979 mhwmp_dbg(sdata, "could not allocate PREQ node\n");
980 return;
981 }
982
983 spin_lock_bh(&ifmsh->mesh_preq_queue_lock);
984 if (ifmsh->preq_queue_len == MAX_PREQ_QUEUE_LEN) {
985 spin_unlock_bh(&ifmsh->mesh_preq_queue_lock);
986 kfree(preq_node);
987 if (printk_ratelimit())
988 mhwmp_dbg(sdata, "PREQ node queue full\n");
989 return;
990 }
991
992 spin_lock(&mpath->state_lock);
993 if (mpath->flags & MESH_PATH_REQ_QUEUED) {
994 spin_unlock(&mpath->state_lock);
995 spin_unlock_bh(&ifmsh->mesh_preq_queue_lock);
996 kfree(preq_node);
997 return;
998 }
999
1000 memcpy(preq_node->dst, mpath->dst, ETH_ALEN);
1001 preq_node->flags = flags;
1002
1003 mpath->flags |= MESH_PATH_REQ_QUEUED;
1004 spin_unlock(&mpath->state_lock);
1005
1006 list_add_tail(&preq_node->list, &ifmsh->preq_queue.list);
1007 ++ifmsh->preq_queue_len;
1008 spin_unlock_bh(&ifmsh->mesh_preq_queue_lock);
1009
1010 if (time_after(jiffies, ifmsh->last_preq + min_preq_int_jiff(sdata)))
1011 ieee80211_queue_work(&sdata->local->hw, &sdata->work);
1012
1013 else if (time_before(jiffies, ifmsh->last_preq)) {
1014 /* avoid long wait if did not send preqs for a long time
1015 * and jiffies wrapped around
1016 */
1017 ifmsh->last_preq = jiffies - min_preq_int_jiff(sdata) - 1;
1018 ieee80211_queue_work(&sdata->local->hw, &sdata->work);
1019 } else
1020 mod_timer(&ifmsh->mesh_path_timer, ifmsh->last_preq +
1021 min_preq_int_jiff(sdata));
1022}
1023
1024/**
1025 * mesh_path_start_discovery - launch a path discovery from the PREQ queue
1026 *
1027 * @sdata: local mesh subif
1028 */
1029void mesh_path_start_discovery(struct ieee80211_sub_if_data *sdata)
1030{
1031 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
1032 struct mesh_preq_queue *preq_node;
1033 struct mesh_path *mpath;
1034 u8 ttl, target_flags = 0;
1035 const u8 *da;
1036 u32 lifetime;
1037
1038 spin_lock_bh(&ifmsh->mesh_preq_queue_lock);
1039 if (!ifmsh->preq_queue_len ||
1040 time_before(jiffies, ifmsh->last_preq +
1041 min_preq_int_jiff(sdata))) {
1042 spin_unlock_bh(&ifmsh->mesh_preq_queue_lock);
1043 return;
1044 }
1045
1046 preq_node = list_first_entry(&ifmsh->preq_queue.list,
1047 struct mesh_preq_queue, list);
1048 list_del(&preq_node->list);
1049 --ifmsh->preq_queue_len;
1050 spin_unlock_bh(&ifmsh->mesh_preq_queue_lock);
1051
1052 rcu_read_lock();
1053 mpath = mesh_path_lookup(sdata, preq_node->dst);
1054 if (!mpath)
1055 goto enddiscovery;
1056
1057 spin_lock_bh(&mpath->state_lock);
1058 if (mpath->flags & (MESH_PATH_DELETED | MESH_PATH_FIXED)) {
1059 spin_unlock_bh(&mpath->state_lock);
1060 goto enddiscovery;
1061 }
1062 mpath->flags &= ~MESH_PATH_REQ_QUEUED;
1063 if (preq_node->flags & PREQ_Q_F_START) {
1064 if (mpath->flags & MESH_PATH_RESOLVING) {
1065 spin_unlock_bh(&mpath->state_lock);
1066 goto enddiscovery;
1067 } else {
1068 mpath->flags &= ~MESH_PATH_RESOLVED;
1069 mpath->flags |= MESH_PATH_RESOLVING;
1070 mpath->discovery_retries = 0;
1071 mpath->discovery_timeout = disc_timeout_jiff(sdata);
1072 }
1073 } else if (!(mpath->flags & MESH_PATH_RESOLVING) ||
1074 mpath->flags & MESH_PATH_RESOLVED) {
1075 mpath->flags &= ~MESH_PATH_RESOLVING;
1076 spin_unlock_bh(&mpath->state_lock);
1077 goto enddiscovery;
1078 }
1079
1080 ifmsh->last_preq = jiffies;
1081
1082 if (time_after(jiffies, ifmsh->last_sn_update +
1083 net_traversal_jiffies(sdata)) ||
1084 time_before(jiffies, ifmsh->last_sn_update)) {
1085 ++ifmsh->sn;
1086 sdata->u.mesh.last_sn_update = jiffies;
1087 }
1088 lifetime = default_lifetime(sdata);
1089 ttl = sdata->u.mesh.mshcfg.element_ttl;
1090 if (ttl == 0) {
1091 sdata->u.mesh.mshstats.dropped_frames_ttl++;
1092 spin_unlock_bh(&mpath->state_lock);
1093 goto enddiscovery;
1094 }
1095
1096 if (preq_node->flags & PREQ_Q_F_REFRESH)
1097 target_flags |= IEEE80211_PREQ_TO_FLAG;
1098 else
1099 target_flags &= ~IEEE80211_PREQ_TO_FLAG;
1100
1101 spin_unlock_bh(&mpath->state_lock);
1102 da = (mpath->is_root) ? mpath->rann_snd_addr : broadcast_addr;
1103 mesh_path_sel_frame_tx(MPATH_PREQ, 0, sdata->vif.addr, ifmsh->sn,
1104 target_flags, mpath->dst, mpath->sn, da, 0,
1105 ttl, lifetime, 0, ifmsh->preq_id++, sdata);
1106
1107 spin_lock_bh(&mpath->state_lock);
1108 if (!(mpath->flags & MESH_PATH_DELETED))
1109 mod_timer(&mpath->timer, jiffies + mpath->discovery_timeout);
1110 spin_unlock_bh(&mpath->state_lock);
1111
1112enddiscovery:
1113 rcu_read_unlock();
1114 kfree(preq_node);
1115}
1116
1117/**
1118 * mesh_nexthop_resolve - lookup next hop; conditionally start path discovery
1119 *
1120 * @skb: 802.11 frame to be sent
1121 * @sdata: network subif the frame will be sent through
1122 *
1123 * Lookup next hop for given skb and start path discovery if no
1124 * forwarding information is found.
1125 *
1126 * Returns: 0 if the next hop was found and -ENOENT if the frame was queued.
1127 * skb is freeed here if no mpath could be allocated.
1128 */
1129int mesh_nexthop_resolve(struct ieee80211_sub_if_data *sdata,
1130 struct sk_buff *skb)
1131{
1132 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
1133 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1134 struct mesh_path *mpath;
1135 struct sk_buff *skb_to_free = NULL;
1136 u8 *target_addr = hdr->addr3;
1137
1138 /* Nulls are only sent to peers for PS and should be pre-addressed */
1139 if (ieee80211_is_qos_nullfunc(hdr->frame_control))
1140 return 0;
1141
1142 /* Allow injected packets to bypass mesh routing */
1143 if (info->control.flags & IEEE80211_TX_CTRL_SKIP_MPATH_LOOKUP)
1144 return 0;
1145
1146 if (!mesh_nexthop_lookup(sdata, skb))
1147 return 0;
1148
1149 /* no nexthop found, start resolving */
1150 mpath = mesh_path_lookup(sdata, target_addr);
1151 if (!mpath) {
1152 mpath = mesh_path_add(sdata, target_addr);
1153 if (IS_ERR(mpath)) {
1154 mesh_path_discard_frame(sdata, skb);
1155 return PTR_ERR(mpath);
1156 }
1157 }
1158
1159 if (!(mpath->flags & MESH_PATH_RESOLVING) &&
1160 mesh_path_sel_is_hwmp(sdata))
1161 mesh_queue_preq(mpath, PREQ_Q_F_START);
1162
1163 if (skb_queue_len(&mpath->frame_queue) >= MESH_FRAME_QUEUE_LEN)
1164 skb_to_free = skb_dequeue(&mpath->frame_queue);
1165
1166 info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING;
1167 ieee80211_set_qos_hdr(sdata, skb);
1168 skb_queue_tail(&mpath->frame_queue, skb);
1169 if (skb_to_free)
1170 mesh_path_discard_frame(sdata, skb_to_free);
1171
1172 return -ENOENT;
1173}
1174
1175/**
1176 * mesh_nexthop_lookup_nolearn - try to set next hop without path discovery
1177 * @skb: 802.11 frame to be sent
1178 * @sdata: network subif the frame will be sent through
1179 *
1180 * Check if the meshDA (addr3) of a unicast frame is a direct neighbor.
1181 * And if so, set the RA (addr1) to it to transmit to this node directly,
1182 * avoiding PREQ/PREP path discovery.
1183 *
1184 * Returns: 0 if the next hop was found and -ENOENT otherwise.
1185 */
1186static int mesh_nexthop_lookup_nolearn(struct ieee80211_sub_if_data *sdata,
1187 struct sk_buff *skb)
1188{
1189 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
1190 struct sta_info *sta;
1191
1192 if (is_multicast_ether_addr(hdr->addr1))
1193 return -ENOENT;
1194
1195 rcu_read_lock();
1196 sta = sta_info_get(sdata, hdr->addr3);
1197
1198 if (!sta || sta->mesh->plink_state != NL80211_PLINK_ESTAB) {
1199 rcu_read_unlock();
1200 return -ENOENT;
1201 }
1202 rcu_read_unlock();
1203
1204 memcpy(hdr->addr1, hdr->addr3, ETH_ALEN);
1205 memcpy(hdr->addr2, sdata->vif.addr, ETH_ALEN);
1206 return 0;
1207}
1208
1209/**
1210 * mesh_nexthop_lookup - put the appropriate next hop on a mesh frame. Calling
1211 * this function is considered "using" the associated mpath, so preempt a path
1212 * refresh if this mpath expires soon.
1213 *
1214 * @skb: 802.11 frame to be sent
1215 * @sdata: network subif the frame will be sent through
1216 *
1217 * Returns: 0 if the next hop was found. Nonzero otherwise.
1218 */
1219int mesh_nexthop_lookup(struct ieee80211_sub_if_data *sdata,
1220 struct sk_buff *skb)
1221{
1222 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
1223 struct mesh_path *mpath;
1224 struct sta_info *next_hop;
1225 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
1226 u8 *target_addr = hdr->addr3;
1227
1228 if (ifmsh->mshcfg.dot11MeshNolearn &&
1229 !mesh_nexthop_lookup_nolearn(sdata, skb))
1230 return 0;
1231
1232 mpath = mesh_path_lookup(sdata, target_addr);
1233 if (!mpath || !(mpath->flags & MESH_PATH_ACTIVE))
1234 return -ENOENT;
1235
1236 if (time_after(jiffies,
1237 mpath->exp_time -
1238 msecs_to_jiffies(sdata->u.mesh.mshcfg.path_refresh_time)) &&
1239 ether_addr_equal(sdata->vif.addr, hdr->addr4) &&
1240 !(mpath->flags & MESH_PATH_RESOLVING) &&
1241 !(mpath->flags & MESH_PATH_FIXED))
1242 mesh_queue_preq(mpath, PREQ_Q_F_START | PREQ_Q_F_REFRESH);
1243
1244 next_hop = rcu_dereference(mpath->next_hop);
1245 if (next_hop) {
1246 memcpy(hdr->addr1, next_hop->sta.addr, ETH_ALEN);
1247 memcpy(hdr->addr2, sdata->vif.addr, ETH_ALEN);
1248 ieee80211_mps_set_frame_flags(sdata, next_hop, hdr);
1249 return 0;
1250 }
1251
1252 return -ENOENT;
1253}
1254
1255void mesh_path_timer(struct timer_list *t)
1256{
1257 struct mesh_path *mpath = from_timer(mpath, t, timer);
1258 struct ieee80211_sub_if_data *sdata = mpath->sdata;
1259 int ret;
1260
1261 if (sdata->local->quiescing)
1262 return;
1263
1264 spin_lock_bh(&mpath->state_lock);
1265 if (mpath->flags & MESH_PATH_RESOLVED ||
1266 (!(mpath->flags & MESH_PATH_RESOLVING))) {
1267 mpath->flags &= ~(MESH_PATH_RESOLVING | MESH_PATH_RESOLVED);
1268 spin_unlock_bh(&mpath->state_lock);
1269 } else if (mpath->discovery_retries < max_preq_retries(sdata)) {
1270 ++mpath->discovery_retries;
1271 mpath->discovery_timeout *= 2;
1272 mpath->flags &= ~MESH_PATH_REQ_QUEUED;
1273 spin_unlock_bh(&mpath->state_lock);
1274 mesh_queue_preq(mpath, 0);
1275 } else {
1276 mpath->flags &= ~(MESH_PATH_RESOLVING |
1277 MESH_PATH_RESOLVED |
1278 MESH_PATH_REQ_QUEUED);
1279 mpath->exp_time = jiffies;
1280 spin_unlock_bh(&mpath->state_lock);
1281 if (!mpath->is_gate && mesh_gate_num(sdata) > 0) {
1282 ret = mesh_path_send_to_gates(mpath);
1283 if (ret)
1284 mhwmp_dbg(sdata, "no gate was reachable\n");
1285 } else
1286 mesh_path_flush_pending(mpath);
1287 }
1288}
1289
1290void mesh_path_tx_root_frame(struct ieee80211_sub_if_data *sdata)
1291{
1292 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
1293 u32 interval = ifmsh->mshcfg.dot11MeshHWMPRannInterval;
1294 u8 flags, target_flags = 0;
1295
1296 flags = (ifmsh->mshcfg.dot11MeshGateAnnouncementProtocol)
1297 ? RANN_FLAG_IS_GATE : 0;
1298
1299 switch (ifmsh->mshcfg.dot11MeshHWMPRootMode) {
1300 case IEEE80211_PROACTIVE_RANN:
1301 mesh_path_sel_frame_tx(MPATH_RANN, flags, sdata->vif.addr,
1302 ++ifmsh->sn, 0, NULL, 0, broadcast_addr,
1303 0, ifmsh->mshcfg.element_ttl,
1304 interval, 0, 0, sdata);
1305 break;
1306 case IEEE80211_PROACTIVE_PREQ_WITH_PREP:
1307 flags |= IEEE80211_PREQ_PROACTIVE_PREP_FLAG;
1308 fallthrough;
1309 case IEEE80211_PROACTIVE_PREQ_NO_PREP:
1310 interval = ifmsh->mshcfg.dot11MeshHWMPactivePathToRootTimeout;
1311 target_flags |= IEEE80211_PREQ_TO_FLAG |
1312 IEEE80211_PREQ_USN_FLAG;
1313 mesh_path_sel_frame_tx(MPATH_PREQ, flags, sdata->vif.addr,
1314 ++ifmsh->sn, target_flags,
1315 (u8 *) broadcast_addr, 0, broadcast_addr,
1316 0, ifmsh->mshcfg.element_ttl, interval,
1317 0, ifmsh->preq_id++, sdata);
1318 break;
1319 default:
1320 mhwmp_dbg(sdata, "Proactive mechanism not supported\n");
1321 return;
1322 }
1323}
1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * Copyright (c) 2008, 2009 open80211s Ltd.
4 * Copyright (C) 2019 Intel Corporation
5 * Author: Luis Carlos Cobo <luisca@cozybit.com>
6 */
7
8#include <linux/slab.h>
9#include <linux/etherdevice.h>
10#include <asm/unaligned.h>
11#include "wme.h"
12#include "mesh.h"
13
14#define TEST_FRAME_LEN 8192
15#define MAX_METRIC 0xffffffff
16#define ARITH_SHIFT 8
17#define LINK_FAIL_THRESH 95
18
19#define MAX_PREQ_QUEUE_LEN 64
20
21static void mesh_queue_preq(struct mesh_path *, u8);
22
23static inline u32 u32_field_get(const u8 *preq_elem, int offset, bool ae)
24{
25 if (ae)
26 offset += 6;
27 return get_unaligned_le32(preq_elem + offset);
28}
29
30static inline u16 u16_field_get(const u8 *preq_elem, int offset, bool ae)
31{
32 if (ae)
33 offset += 6;
34 return get_unaligned_le16(preq_elem + offset);
35}
36
37/* HWMP IE processing macros */
38#define AE_F (1<<6)
39#define AE_F_SET(x) (*x & AE_F)
40#define PREQ_IE_FLAGS(x) (*(x))
41#define PREQ_IE_HOPCOUNT(x) (*(x + 1))
42#define PREQ_IE_TTL(x) (*(x + 2))
43#define PREQ_IE_PREQ_ID(x) u32_field_get(x, 3, 0)
44#define PREQ_IE_ORIG_ADDR(x) (x + 7)
45#define PREQ_IE_ORIG_SN(x) u32_field_get(x, 13, 0)
46#define PREQ_IE_LIFETIME(x) u32_field_get(x, 17, AE_F_SET(x))
47#define PREQ_IE_METRIC(x) u32_field_get(x, 21, AE_F_SET(x))
48#define PREQ_IE_TARGET_F(x) (*(AE_F_SET(x) ? x + 32 : x + 26))
49#define PREQ_IE_TARGET_ADDR(x) (AE_F_SET(x) ? x + 33 : x + 27)
50#define PREQ_IE_TARGET_SN(x) u32_field_get(x, 33, AE_F_SET(x))
51
52
53#define PREP_IE_FLAGS(x) PREQ_IE_FLAGS(x)
54#define PREP_IE_HOPCOUNT(x) PREQ_IE_HOPCOUNT(x)
55#define PREP_IE_TTL(x) PREQ_IE_TTL(x)
56#define PREP_IE_ORIG_ADDR(x) (AE_F_SET(x) ? x + 27 : x + 21)
57#define PREP_IE_ORIG_SN(x) u32_field_get(x, 27, AE_F_SET(x))
58#define PREP_IE_LIFETIME(x) u32_field_get(x, 13, AE_F_SET(x))
59#define PREP_IE_METRIC(x) u32_field_get(x, 17, AE_F_SET(x))
60#define PREP_IE_TARGET_ADDR(x) (x + 3)
61#define PREP_IE_TARGET_SN(x) u32_field_get(x, 9, 0)
62
63#define PERR_IE_TTL(x) (*(x))
64#define PERR_IE_TARGET_FLAGS(x) (*(x + 2))
65#define PERR_IE_TARGET_ADDR(x) (x + 3)
66#define PERR_IE_TARGET_SN(x) u32_field_get(x, 9, 0)
67#define PERR_IE_TARGET_RCODE(x) u16_field_get(x, 13, 0)
68
69#define MSEC_TO_TU(x) (x*1000/1024)
70#define SN_GT(x, y) ((s32)(y - x) < 0)
71#define SN_LT(x, y) ((s32)(x - y) < 0)
72#define MAX_SANE_SN_DELTA 32
73
74static inline u32 SN_DELTA(u32 x, u32 y)
75{
76 return x >= y ? x - y : y - x;
77}
78
79#define net_traversal_jiffies(s) \
80 msecs_to_jiffies(s->u.mesh.mshcfg.dot11MeshHWMPnetDiameterTraversalTime)
81#define default_lifetime(s) \
82 MSEC_TO_TU(s->u.mesh.mshcfg.dot11MeshHWMPactivePathTimeout)
83#define min_preq_int_jiff(s) \
84 (msecs_to_jiffies(s->u.mesh.mshcfg.dot11MeshHWMPpreqMinInterval))
85#define max_preq_retries(s) (s->u.mesh.mshcfg.dot11MeshHWMPmaxPREQretries)
86#define disc_timeout_jiff(s) \
87 msecs_to_jiffies(sdata->u.mesh.mshcfg.min_discovery_timeout)
88#define root_path_confirmation_jiffies(s) \
89 msecs_to_jiffies(sdata->u.mesh.mshcfg.dot11MeshHWMPconfirmationInterval)
90
91enum mpath_frame_type {
92 MPATH_PREQ = 0,
93 MPATH_PREP,
94 MPATH_PERR,
95 MPATH_RANN
96};
97
98static const u8 broadcast_addr[ETH_ALEN] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
99
100static int mesh_path_sel_frame_tx(enum mpath_frame_type action, u8 flags,
101 const u8 *orig_addr, u32 orig_sn,
102 u8 target_flags, const u8 *target,
103 u32 target_sn, const u8 *da,
104 u8 hop_count, u8 ttl,
105 u32 lifetime, u32 metric, u32 preq_id,
106 struct ieee80211_sub_if_data *sdata)
107{
108 struct ieee80211_local *local = sdata->local;
109 struct sk_buff *skb;
110 struct ieee80211_mgmt *mgmt;
111 u8 *pos, ie_len;
112 int hdr_len = offsetofend(struct ieee80211_mgmt,
113 u.action.u.mesh_action);
114
115 skb = dev_alloc_skb(local->tx_headroom +
116 hdr_len +
117 2 + 37); /* max HWMP IE */
118 if (!skb)
119 return -1;
120 skb_reserve(skb, local->tx_headroom);
121 mgmt = skb_put_zero(skb, hdr_len);
122 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
123 IEEE80211_STYPE_ACTION);
124
125 memcpy(mgmt->da, da, ETH_ALEN);
126 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
127 /* BSSID == SA */
128 memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN);
129 mgmt->u.action.category = WLAN_CATEGORY_MESH_ACTION;
130 mgmt->u.action.u.mesh_action.action_code =
131 WLAN_MESH_ACTION_HWMP_PATH_SELECTION;
132
133 switch (action) {
134 case MPATH_PREQ:
135 mhwmp_dbg(sdata, "sending PREQ to %pM\n", target);
136 ie_len = 37;
137 pos = skb_put(skb, 2 + ie_len);
138 *pos++ = WLAN_EID_PREQ;
139 break;
140 case MPATH_PREP:
141 mhwmp_dbg(sdata, "sending PREP to %pM\n", orig_addr);
142 ie_len = 31;
143 pos = skb_put(skb, 2 + ie_len);
144 *pos++ = WLAN_EID_PREP;
145 break;
146 case MPATH_RANN:
147 mhwmp_dbg(sdata, "sending RANN from %pM\n", orig_addr);
148 ie_len = sizeof(struct ieee80211_rann_ie);
149 pos = skb_put(skb, 2 + ie_len);
150 *pos++ = WLAN_EID_RANN;
151 break;
152 default:
153 kfree_skb(skb);
154 return -ENOTSUPP;
155 }
156 *pos++ = ie_len;
157 *pos++ = flags;
158 *pos++ = hop_count;
159 *pos++ = ttl;
160 if (action == MPATH_PREP) {
161 memcpy(pos, target, ETH_ALEN);
162 pos += ETH_ALEN;
163 put_unaligned_le32(target_sn, pos);
164 pos += 4;
165 } else {
166 if (action == MPATH_PREQ) {
167 put_unaligned_le32(preq_id, pos);
168 pos += 4;
169 }
170 memcpy(pos, orig_addr, ETH_ALEN);
171 pos += ETH_ALEN;
172 put_unaligned_le32(orig_sn, pos);
173 pos += 4;
174 }
175 put_unaligned_le32(lifetime, pos); /* interval for RANN */
176 pos += 4;
177 put_unaligned_le32(metric, pos);
178 pos += 4;
179 if (action == MPATH_PREQ) {
180 *pos++ = 1; /* destination count */
181 *pos++ = target_flags;
182 memcpy(pos, target, ETH_ALEN);
183 pos += ETH_ALEN;
184 put_unaligned_le32(target_sn, pos);
185 pos += 4;
186 } else if (action == MPATH_PREP) {
187 memcpy(pos, orig_addr, ETH_ALEN);
188 pos += ETH_ALEN;
189 put_unaligned_le32(orig_sn, pos);
190 pos += 4;
191 }
192
193 ieee80211_tx_skb(sdata, skb);
194 return 0;
195}
196
197
198/* Headroom is not adjusted. Caller should ensure that skb has sufficient
199 * headroom in case the frame is encrypted. */
200static void prepare_frame_for_deferred_tx(struct ieee80211_sub_if_data *sdata,
201 struct sk_buff *skb)
202{
203 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
204 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
205
206 skb_reset_mac_header(skb);
207 skb_reset_network_header(skb);
208 skb_reset_transport_header(skb);
209
210 /* Send all internal mgmt frames on VO. Accordingly set TID to 7. */
211 skb_set_queue_mapping(skb, IEEE80211_AC_VO);
212 skb->priority = 7;
213
214 info->control.vif = &sdata->vif;
215 info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING;
216 ieee80211_set_qos_hdr(sdata, skb);
217 ieee80211_mps_set_frame_flags(sdata, NULL, hdr);
218}
219
220/**
221 * mesh_path_error_tx - Sends a PERR mesh management frame
222 *
223 * @ttl: allowed remaining hops
224 * @target: broken destination
225 * @target_sn: SN of the broken destination
226 * @target_rcode: reason code for this PERR
227 * @ra: node this frame is addressed to
228 * @sdata: local mesh subif
229 *
230 * Note: This function may be called with driver locks taken that the driver
231 * also acquires in the TX path. To avoid a deadlock we don't transmit the
232 * frame directly but add it to the pending queue instead.
233 */
234int mesh_path_error_tx(struct ieee80211_sub_if_data *sdata,
235 u8 ttl, const u8 *target, u32 target_sn,
236 u16 target_rcode, const u8 *ra)
237{
238 struct ieee80211_local *local = sdata->local;
239 struct sk_buff *skb;
240 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
241 struct ieee80211_mgmt *mgmt;
242 u8 *pos, ie_len;
243 int hdr_len = offsetofend(struct ieee80211_mgmt,
244 u.action.u.mesh_action);
245
246 if (time_before(jiffies, ifmsh->next_perr))
247 return -EAGAIN;
248
249 skb = dev_alloc_skb(local->tx_headroom +
250 sdata->encrypt_headroom +
251 IEEE80211_ENCRYPT_TAILROOM +
252 hdr_len +
253 2 + 15 /* PERR IE */);
254 if (!skb)
255 return -1;
256 skb_reserve(skb, local->tx_headroom + sdata->encrypt_headroom);
257 mgmt = skb_put_zero(skb, hdr_len);
258 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
259 IEEE80211_STYPE_ACTION);
260
261 memcpy(mgmt->da, ra, ETH_ALEN);
262 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
263 /* BSSID == SA */
264 memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN);
265 mgmt->u.action.category = WLAN_CATEGORY_MESH_ACTION;
266 mgmt->u.action.u.mesh_action.action_code =
267 WLAN_MESH_ACTION_HWMP_PATH_SELECTION;
268 ie_len = 15;
269 pos = skb_put(skb, 2 + ie_len);
270 *pos++ = WLAN_EID_PERR;
271 *pos++ = ie_len;
272 /* ttl */
273 *pos++ = ttl;
274 /* number of destinations */
275 *pos++ = 1;
276 /* Flags field has AE bit only as defined in
277 * sec 8.4.2.117 IEEE802.11-2012
278 */
279 *pos = 0;
280 pos++;
281 memcpy(pos, target, ETH_ALEN);
282 pos += ETH_ALEN;
283 put_unaligned_le32(target_sn, pos);
284 pos += 4;
285 put_unaligned_le16(target_rcode, pos);
286
287 /* see note in function header */
288 prepare_frame_for_deferred_tx(sdata, skb);
289 ifmsh->next_perr = TU_TO_EXP_TIME(
290 ifmsh->mshcfg.dot11MeshHWMPperrMinInterval);
291 ieee80211_add_pending_skb(local, skb);
292 return 0;
293}
294
295void ieee80211s_update_metric(struct ieee80211_local *local,
296 struct sta_info *sta,
297 struct ieee80211_tx_status *st)
298{
299 struct ieee80211_tx_info *txinfo = st->info;
300 int failed;
301 struct rate_info rinfo;
302
303 failed = !(txinfo->flags & IEEE80211_TX_STAT_ACK);
304
305 /* moving average, scaled to 100.
306 * feed failure as 100 and success as 0
307 */
308 ewma_mesh_fail_avg_add(&sta->mesh->fail_avg, failed * 100);
309 if (ewma_mesh_fail_avg_read(&sta->mesh->fail_avg) >
310 LINK_FAIL_THRESH)
311 mesh_plink_broken(sta);
312
313 sta_set_rate_info_tx(sta, &sta->tx_stats.last_rate, &rinfo);
314 ewma_mesh_tx_rate_avg_add(&sta->mesh->tx_rate_avg,
315 cfg80211_calculate_bitrate(&rinfo));
316}
317
318u32 airtime_link_metric_get(struct ieee80211_local *local,
319 struct sta_info *sta)
320{
321 /* This should be adjusted for each device */
322 int device_constant = 1 << ARITH_SHIFT;
323 int test_frame_len = TEST_FRAME_LEN << ARITH_SHIFT;
324 int s_unit = 1 << ARITH_SHIFT;
325 int rate, err;
326 u32 tx_time, estimated_retx;
327 u64 result;
328 unsigned long fail_avg =
329 ewma_mesh_fail_avg_read(&sta->mesh->fail_avg);
330
331 /* Try to get rate based on HW/SW RC algorithm.
332 * Rate is returned in units of Kbps, correct this
333 * to comply with airtime calculation units
334 * Round up in case we get rate < 100Kbps
335 */
336 rate = DIV_ROUND_UP(sta_get_expected_throughput(sta), 100);
337
338 if (rate) {
339 err = 0;
340 } else {
341 if (fail_avg > LINK_FAIL_THRESH)
342 return MAX_METRIC;
343
344 rate = ewma_mesh_tx_rate_avg_read(&sta->mesh->tx_rate_avg);
345 if (WARN_ON(!rate))
346 return MAX_METRIC;
347
348 err = (fail_avg << ARITH_SHIFT) / 100;
349 }
350
351 /* bitrate is in units of 100 Kbps, while we need rate in units of
352 * 1Mbps. This will be corrected on tx_time computation.
353 */
354 tx_time = (device_constant + 10 * test_frame_len / rate);
355 estimated_retx = ((1 << (2 * ARITH_SHIFT)) / (s_unit - err));
356 result = (tx_time * estimated_retx) >> (2 * ARITH_SHIFT);
357 return (u32)result;
358}
359
360/**
361 * hwmp_route_info_get - Update routing info to originator and transmitter
362 *
363 * @sdata: local mesh subif
364 * @mgmt: mesh management frame
365 * @hwmp_ie: hwmp information element (PREP or PREQ)
366 * @action: type of hwmp ie
367 *
368 * This function updates the path routing information to the originator and the
369 * transmitter of a HWMP PREQ or PREP frame.
370 *
371 * Returns: metric to frame originator or 0 if the frame should not be further
372 * processed
373 *
374 * Notes: this function is the only place (besides user-provided info) where
375 * path routing information is updated.
376 */
377static u32 hwmp_route_info_get(struct ieee80211_sub_if_data *sdata,
378 struct ieee80211_mgmt *mgmt,
379 const u8 *hwmp_ie, enum mpath_frame_type action)
380{
381 struct ieee80211_local *local = sdata->local;
382 struct mesh_path *mpath;
383 struct sta_info *sta;
384 bool fresh_info;
385 const u8 *orig_addr, *ta;
386 u32 orig_sn, orig_metric;
387 unsigned long orig_lifetime, exp_time;
388 u32 last_hop_metric, new_metric;
389 bool process = true;
390 u8 hopcount;
391
392 rcu_read_lock();
393 sta = sta_info_get(sdata, mgmt->sa);
394 if (!sta) {
395 rcu_read_unlock();
396 return 0;
397 }
398
399 last_hop_metric = airtime_link_metric_get(local, sta);
400 /* Update and check originator routing info */
401 fresh_info = true;
402
403 switch (action) {
404 case MPATH_PREQ:
405 orig_addr = PREQ_IE_ORIG_ADDR(hwmp_ie);
406 orig_sn = PREQ_IE_ORIG_SN(hwmp_ie);
407 orig_lifetime = PREQ_IE_LIFETIME(hwmp_ie);
408 orig_metric = PREQ_IE_METRIC(hwmp_ie);
409 hopcount = PREQ_IE_HOPCOUNT(hwmp_ie) + 1;
410 break;
411 case MPATH_PREP:
412 /* Originator here refers to the MP that was the target in the
413 * Path Request. We divert from the nomenclature in the draft
414 * so that we can easily use a single function to gather path
415 * information from both PREQ and PREP frames.
416 */
417 orig_addr = PREP_IE_TARGET_ADDR(hwmp_ie);
418 orig_sn = PREP_IE_TARGET_SN(hwmp_ie);
419 orig_lifetime = PREP_IE_LIFETIME(hwmp_ie);
420 orig_metric = PREP_IE_METRIC(hwmp_ie);
421 hopcount = PREP_IE_HOPCOUNT(hwmp_ie) + 1;
422 break;
423 default:
424 rcu_read_unlock();
425 return 0;
426 }
427 new_metric = orig_metric + last_hop_metric;
428 if (new_metric < orig_metric)
429 new_metric = MAX_METRIC;
430 exp_time = TU_TO_EXP_TIME(orig_lifetime);
431
432 if (ether_addr_equal(orig_addr, sdata->vif.addr)) {
433 /* This MP is the originator, we are not interested in this
434 * frame, except for updating transmitter's path info.
435 */
436 process = false;
437 fresh_info = false;
438 } else {
439 mpath = mesh_path_lookup(sdata, orig_addr);
440 if (mpath) {
441 spin_lock_bh(&mpath->state_lock);
442 if (mpath->flags & MESH_PATH_FIXED)
443 fresh_info = false;
444 else if ((mpath->flags & MESH_PATH_ACTIVE) &&
445 (mpath->flags & MESH_PATH_SN_VALID)) {
446 if (SN_GT(mpath->sn, orig_sn) ||
447 (mpath->sn == orig_sn &&
448 (rcu_access_pointer(mpath->next_hop) !=
449 sta ?
450 mult_frac(new_metric, 10, 9) :
451 new_metric) >= mpath->metric)) {
452 process = false;
453 fresh_info = false;
454 }
455 } else if (!(mpath->flags & MESH_PATH_ACTIVE)) {
456 bool have_sn, newer_sn, bounced;
457
458 have_sn = mpath->flags & MESH_PATH_SN_VALID;
459 newer_sn = have_sn && SN_GT(orig_sn, mpath->sn);
460 bounced = have_sn &&
461 (SN_DELTA(orig_sn, mpath->sn) >
462 MAX_SANE_SN_DELTA);
463
464 if (!have_sn || newer_sn) {
465 /* if SN is newer than what we had
466 * then we can take it */;
467 } else if (bounced) {
468 /* if SN is way different than what
469 * we had then assume the other side
470 * rebooted or restarted */;
471 } else {
472 process = false;
473 fresh_info = false;
474 }
475 }
476 } else {
477 mpath = mesh_path_add(sdata, orig_addr);
478 if (IS_ERR(mpath)) {
479 rcu_read_unlock();
480 return 0;
481 }
482 spin_lock_bh(&mpath->state_lock);
483 }
484
485 if (fresh_info) {
486 if (rcu_access_pointer(mpath->next_hop) != sta)
487 mpath->path_change_count++;
488 mesh_path_assign_nexthop(mpath, sta);
489 mpath->flags |= MESH_PATH_SN_VALID;
490 mpath->metric = new_metric;
491 mpath->sn = orig_sn;
492 mpath->exp_time = time_after(mpath->exp_time, exp_time)
493 ? mpath->exp_time : exp_time;
494 mpath->hop_count = hopcount;
495 mesh_path_activate(mpath);
496 spin_unlock_bh(&mpath->state_lock);
497 ewma_mesh_fail_avg_init(&sta->mesh->fail_avg);
498 /* init it at a low value - 0 start is tricky */
499 ewma_mesh_fail_avg_add(&sta->mesh->fail_avg, 1);
500 mesh_path_tx_pending(mpath);
501 /* draft says preq_id should be saved to, but there does
502 * not seem to be any use for it, skipping by now
503 */
504 } else
505 spin_unlock_bh(&mpath->state_lock);
506 }
507
508 /* Update and check transmitter routing info */
509 ta = mgmt->sa;
510 if (ether_addr_equal(orig_addr, ta))
511 fresh_info = false;
512 else {
513 fresh_info = true;
514
515 mpath = mesh_path_lookup(sdata, ta);
516 if (mpath) {
517 spin_lock_bh(&mpath->state_lock);
518 if ((mpath->flags & MESH_PATH_FIXED) ||
519 ((mpath->flags & MESH_PATH_ACTIVE) &&
520 ((rcu_access_pointer(mpath->next_hop) != sta ?
521 mult_frac(last_hop_metric, 10, 9) :
522 last_hop_metric) > mpath->metric)))
523 fresh_info = false;
524 } else {
525 mpath = mesh_path_add(sdata, ta);
526 if (IS_ERR(mpath)) {
527 rcu_read_unlock();
528 return 0;
529 }
530 spin_lock_bh(&mpath->state_lock);
531 }
532
533 if (fresh_info) {
534 if (rcu_access_pointer(mpath->next_hop) != sta)
535 mpath->path_change_count++;
536 mesh_path_assign_nexthop(mpath, sta);
537 mpath->metric = last_hop_metric;
538 mpath->exp_time = time_after(mpath->exp_time, exp_time)
539 ? mpath->exp_time : exp_time;
540 mpath->hop_count = 1;
541 mesh_path_activate(mpath);
542 spin_unlock_bh(&mpath->state_lock);
543 ewma_mesh_fail_avg_init(&sta->mesh->fail_avg);
544 /* init it at a low value - 0 start is tricky */
545 ewma_mesh_fail_avg_add(&sta->mesh->fail_avg, 1);
546 mesh_path_tx_pending(mpath);
547 } else
548 spin_unlock_bh(&mpath->state_lock);
549 }
550
551 rcu_read_unlock();
552
553 return process ? new_metric : 0;
554}
555
556static void hwmp_preq_frame_process(struct ieee80211_sub_if_data *sdata,
557 struct ieee80211_mgmt *mgmt,
558 const u8 *preq_elem, u32 orig_metric)
559{
560 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
561 struct mesh_path *mpath = NULL;
562 const u8 *target_addr, *orig_addr;
563 const u8 *da;
564 u8 target_flags, ttl, flags;
565 u32 orig_sn, target_sn, lifetime, target_metric = 0;
566 bool reply = false;
567 bool forward = true;
568 bool root_is_gate;
569
570 /* Update target SN, if present */
571 target_addr = PREQ_IE_TARGET_ADDR(preq_elem);
572 orig_addr = PREQ_IE_ORIG_ADDR(preq_elem);
573 target_sn = PREQ_IE_TARGET_SN(preq_elem);
574 orig_sn = PREQ_IE_ORIG_SN(preq_elem);
575 target_flags = PREQ_IE_TARGET_F(preq_elem);
576 /* Proactive PREQ gate announcements */
577 flags = PREQ_IE_FLAGS(preq_elem);
578 root_is_gate = !!(flags & RANN_FLAG_IS_GATE);
579
580 mhwmp_dbg(sdata, "received PREQ from %pM\n", orig_addr);
581
582 if (ether_addr_equal(target_addr, sdata->vif.addr)) {
583 mhwmp_dbg(sdata, "PREQ is for us\n");
584 forward = false;
585 reply = true;
586 target_metric = 0;
587
588 if (SN_GT(target_sn, ifmsh->sn))
589 ifmsh->sn = target_sn;
590
591 if (time_after(jiffies, ifmsh->last_sn_update +
592 net_traversal_jiffies(sdata)) ||
593 time_before(jiffies, ifmsh->last_sn_update)) {
594 ++ifmsh->sn;
595 ifmsh->last_sn_update = jiffies;
596 }
597 target_sn = ifmsh->sn;
598 } else if (is_broadcast_ether_addr(target_addr) &&
599 (target_flags & IEEE80211_PREQ_TO_FLAG)) {
600 rcu_read_lock();
601 mpath = mesh_path_lookup(sdata, orig_addr);
602 if (mpath) {
603 if (flags & IEEE80211_PREQ_PROACTIVE_PREP_FLAG) {
604 reply = true;
605 target_addr = sdata->vif.addr;
606 target_sn = ++ifmsh->sn;
607 target_metric = 0;
608 ifmsh->last_sn_update = jiffies;
609 }
610 if (root_is_gate)
611 mesh_path_add_gate(mpath);
612 }
613 rcu_read_unlock();
614 } else {
615 rcu_read_lock();
616 mpath = mesh_path_lookup(sdata, target_addr);
617 if (mpath) {
618 if ((!(mpath->flags & MESH_PATH_SN_VALID)) ||
619 SN_LT(mpath->sn, target_sn)) {
620 mpath->sn = target_sn;
621 mpath->flags |= MESH_PATH_SN_VALID;
622 } else if ((!(target_flags & IEEE80211_PREQ_TO_FLAG)) &&
623 (mpath->flags & MESH_PATH_ACTIVE)) {
624 reply = true;
625 target_metric = mpath->metric;
626 target_sn = mpath->sn;
627 /* Case E2 of sec 13.10.9.3 IEEE 802.11-2012*/
628 target_flags |= IEEE80211_PREQ_TO_FLAG;
629 }
630 }
631 rcu_read_unlock();
632 }
633
634 if (reply) {
635 lifetime = PREQ_IE_LIFETIME(preq_elem);
636 ttl = ifmsh->mshcfg.element_ttl;
637 if (ttl != 0) {
638 mhwmp_dbg(sdata, "replying to the PREQ\n");
639 mesh_path_sel_frame_tx(MPATH_PREP, 0, orig_addr,
640 orig_sn, 0, target_addr,
641 target_sn, mgmt->sa, 0, ttl,
642 lifetime, target_metric, 0,
643 sdata);
644 } else {
645 ifmsh->mshstats.dropped_frames_ttl++;
646 }
647 }
648
649 if (forward && ifmsh->mshcfg.dot11MeshForwarding) {
650 u32 preq_id;
651 u8 hopcount;
652
653 ttl = PREQ_IE_TTL(preq_elem);
654 lifetime = PREQ_IE_LIFETIME(preq_elem);
655 if (ttl <= 1) {
656 ifmsh->mshstats.dropped_frames_ttl++;
657 return;
658 }
659 mhwmp_dbg(sdata, "forwarding the PREQ from %pM\n", orig_addr);
660 --ttl;
661 preq_id = PREQ_IE_PREQ_ID(preq_elem);
662 hopcount = PREQ_IE_HOPCOUNT(preq_elem) + 1;
663 da = (mpath && mpath->is_root) ?
664 mpath->rann_snd_addr : broadcast_addr;
665
666 if (flags & IEEE80211_PREQ_PROACTIVE_PREP_FLAG) {
667 target_addr = PREQ_IE_TARGET_ADDR(preq_elem);
668 target_sn = PREQ_IE_TARGET_SN(preq_elem);
669 }
670
671 mesh_path_sel_frame_tx(MPATH_PREQ, flags, orig_addr,
672 orig_sn, target_flags, target_addr,
673 target_sn, da, hopcount, ttl, lifetime,
674 orig_metric, preq_id, sdata);
675 if (!is_multicast_ether_addr(da))
676 ifmsh->mshstats.fwded_unicast++;
677 else
678 ifmsh->mshstats.fwded_mcast++;
679 ifmsh->mshstats.fwded_frames++;
680 }
681}
682
683
684static inline struct sta_info *
685next_hop_deref_protected(struct mesh_path *mpath)
686{
687 return rcu_dereference_protected(mpath->next_hop,
688 lockdep_is_held(&mpath->state_lock));
689}
690
691
692static void hwmp_prep_frame_process(struct ieee80211_sub_if_data *sdata,
693 struct ieee80211_mgmt *mgmt,
694 const u8 *prep_elem, u32 metric)
695{
696 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
697 struct mesh_path *mpath;
698 const u8 *target_addr, *orig_addr;
699 u8 ttl, hopcount, flags;
700 u8 next_hop[ETH_ALEN];
701 u32 target_sn, orig_sn, lifetime;
702
703 mhwmp_dbg(sdata, "received PREP from %pM\n",
704 PREP_IE_TARGET_ADDR(prep_elem));
705
706 orig_addr = PREP_IE_ORIG_ADDR(prep_elem);
707 if (ether_addr_equal(orig_addr, sdata->vif.addr))
708 /* destination, no forwarding required */
709 return;
710
711 if (!ifmsh->mshcfg.dot11MeshForwarding)
712 return;
713
714 ttl = PREP_IE_TTL(prep_elem);
715 if (ttl <= 1) {
716 sdata->u.mesh.mshstats.dropped_frames_ttl++;
717 return;
718 }
719
720 rcu_read_lock();
721 mpath = mesh_path_lookup(sdata, orig_addr);
722 if (mpath)
723 spin_lock_bh(&mpath->state_lock);
724 else
725 goto fail;
726 if (!(mpath->flags & MESH_PATH_ACTIVE)) {
727 spin_unlock_bh(&mpath->state_lock);
728 goto fail;
729 }
730 memcpy(next_hop, next_hop_deref_protected(mpath)->sta.addr, ETH_ALEN);
731 spin_unlock_bh(&mpath->state_lock);
732 --ttl;
733 flags = PREP_IE_FLAGS(prep_elem);
734 lifetime = PREP_IE_LIFETIME(prep_elem);
735 hopcount = PREP_IE_HOPCOUNT(prep_elem) + 1;
736 target_addr = PREP_IE_TARGET_ADDR(prep_elem);
737 target_sn = PREP_IE_TARGET_SN(prep_elem);
738 orig_sn = PREP_IE_ORIG_SN(prep_elem);
739
740 mesh_path_sel_frame_tx(MPATH_PREP, flags, orig_addr, orig_sn, 0,
741 target_addr, target_sn, next_hop, hopcount,
742 ttl, lifetime, metric, 0, sdata);
743 rcu_read_unlock();
744
745 sdata->u.mesh.mshstats.fwded_unicast++;
746 sdata->u.mesh.mshstats.fwded_frames++;
747 return;
748
749fail:
750 rcu_read_unlock();
751 sdata->u.mesh.mshstats.dropped_frames_no_route++;
752}
753
754static void hwmp_perr_frame_process(struct ieee80211_sub_if_data *sdata,
755 struct ieee80211_mgmt *mgmt,
756 const u8 *perr_elem)
757{
758 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
759 struct mesh_path *mpath;
760 u8 ttl;
761 const u8 *ta, *target_addr;
762 u32 target_sn;
763 u16 target_rcode;
764
765 ta = mgmt->sa;
766 ttl = PERR_IE_TTL(perr_elem);
767 if (ttl <= 1) {
768 ifmsh->mshstats.dropped_frames_ttl++;
769 return;
770 }
771 ttl--;
772 target_addr = PERR_IE_TARGET_ADDR(perr_elem);
773 target_sn = PERR_IE_TARGET_SN(perr_elem);
774 target_rcode = PERR_IE_TARGET_RCODE(perr_elem);
775
776 rcu_read_lock();
777 mpath = mesh_path_lookup(sdata, target_addr);
778 if (mpath) {
779 struct sta_info *sta;
780
781 spin_lock_bh(&mpath->state_lock);
782 sta = next_hop_deref_protected(mpath);
783 if (mpath->flags & MESH_PATH_ACTIVE &&
784 ether_addr_equal(ta, sta->sta.addr) &&
785 !(mpath->flags & MESH_PATH_FIXED) &&
786 (!(mpath->flags & MESH_PATH_SN_VALID) ||
787 SN_GT(target_sn, mpath->sn) || target_sn == 0)) {
788 mpath->flags &= ~MESH_PATH_ACTIVE;
789 if (target_sn != 0)
790 mpath->sn = target_sn;
791 else
792 mpath->sn += 1;
793 spin_unlock_bh(&mpath->state_lock);
794 if (!ifmsh->mshcfg.dot11MeshForwarding)
795 goto endperr;
796 mesh_path_error_tx(sdata, ttl, target_addr,
797 target_sn, target_rcode,
798 broadcast_addr);
799 } else
800 spin_unlock_bh(&mpath->state_lock);
801 }
802endperr:
803 rcu_read_unlock();
804}
805
806static void hwmp_rann_frame_process(struct ieee80211_sub_if_data *sdata,
807 struct ieee80211_mgmt *mgmt,
808 const struct ieee80211_rann_ie *rann)
809{
810 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
811 struct ieee80211_local *local = sdata->local;
812 struct sta_info *sta;
813 struct mesh_path *mpath;
814 u8 ttl, flags, hopcount;
815 const u8 *orig_addr;
816 u32 orig_sn, new_metric, orig_metric, last_hop_metric, interval;
817 bool root_is_gate;
818
819 ttl = rann->rann_ttl;
820 flags = rann->rann_flags;
821 root_is_gate = !!(flags & RANN_FLAG_IS_GATE);
822 orig_addr = rann->rann_addr;
823 orig_sn = le32_to_cpu(rann->rann_seq);
824 interval = le32_to_cpu(rann->rann_interval);
825 hopcount = rann->rann_hopcount;
826 hopcount++;
827 orig_metric = le32_to_cpu(rann->rann_metric);
828
829 /* Ignore our own RANNs */
830 if (ether_addr_equal(orig_addr, sdata->vif.addr))
831 return;
832
833 mhwmp_dbg(sdata,
834 "received RANN from %pM via neighbour %pM (is_gate=%d)\n",
835 orig_addr, mgmt->sa, root_is_gate);
836
837 rcu_read_lock();
838 sta = sta_info_get(sdata, mgmt->sa);
839 if (!sta) {
840 rcu_read_unlock();
841 return;
842 }
843
844 last_hop_metric = airtime_link_metric_get(local, sta);
845 new_metric = orig_metric + last_hop_metric;
846 if (new_metric < orig_metric)
847 new_metric = MAX_METRIC;
848
849 mpath = mesh_path_lookup(sdata, orig_addr);
850 if (!mpath) {
851 mpath = mesh_path_add(sdata, orig_addr);
852 if (IS_ERR(mpath)) {
853 rcu_read_unlock();
854 sdata->u.mesh.mshstats.dropped_frames_no_route++;
855 return;
856 }
857 }
858
859 if (!(SN_LT(mpath->sn, orig_sn)) &&
860 !(mpath->sn == orig_sn && new_metric < mpath->rann_metric)) {
861 rcu_read_unlock();
862 return;
863 }
864
865 if ((!(mpath->flags & (MESH_PATH_ACTIVE | MESH_PATH_RESOLVING)) ||
866 (time_after(jiffies, mpath->last_preq_to_root +
867 root_path_confirmation_jiffies(sdata)) ||
868 time_before(jiffies, mpath->last_preq_to_root))) &&
869 !(mpath->flags & MESH_PATH_FIXED) && (ttl != 0)) {
870 mhwmp_dbg(sdata,
871 "time to refresh root mpath %pM\n",
872 orig_addr);
873 mesh_queue_preq(mpath, PREQ_Q_F_START | PREQ_Q_F_REFRESH);
874 mpath->last_preq_to_root = jiffies;
875 }
876
877 mpath->sn = orig_sn;
878 mpath->rann_metric = new_metric;
879 mpath->is_root = true;
880 /* Recording RANNs sender address to send individually
881 * addressed PREQs destined for root mesh STA */
882 memcpy(mpath->rann_snd_addr, mgmt->sa, ETH_ALEN);
883
884 if (root_is_gate)
885 mesh_path_add_gate(mpath);
886
887 if (ttl <= 1) {
888 ifmsh->mshstats.dropped_frames_ttl++;
889 rcu_read_unlock();
890 return;
891 }
892 ttl--;
893
894 if (ifmsh->mshcfg.dot11MeshForwarding) {
895 mesh_path_sel_frame_tx(MPATH_RANN, flags, orig_addr,
896 orig_sn, 0, NULL, 0, broadcast_addr,
897 hopcount, ttl, interval,
898 new_metric, 0, sdata);
899 }
900
901 rcu_read_unlock();
902}
903
904
905void mesh_rx_path_sel_frame(struct ieee80211_sub_if_data *sdata,
906 struct ieee80211_mgmt *mgmt, size_t len)
907{
908 struct ieee802_11_elems elems;
909 size_t baselen;
910 u32 path_metric;
911 struct sta_info *sta;
912
913 /* need action_code */
914 if (len < IEEE80211_MIN_ACTION_SIZE + 1)
915 return;
916
917 rcu_read_lock();
918 sta = sta_info_get(sdata, mgmt->sa);
919 if (!sta || sta->mesh->plink_state != NL80211_PLINK_ESTAB) {
920 rcu_read_unlock();
921 return;
922 }
923 rcu_read_unlock();
924
925 baselen = (u8 *) mgmt->u.action.u.mesh_action.variable - (u8 *) mgmt;
926 ieee802_11_parse_elems(mgmt->u.action.u.mesh_action.variable,
927 len - baselen, false, &elems, mgmt->bssid, NULL);
928
929 if (elems.preq) {
930 if (elems.preq_len != 37)
931 /* Right now we support just 1 destination and no AE */
932 return;
933 path_metric = hwmp_route_info_get(sdata, mgmt, elems.preq,
934 MPATH_PREQ);
935 if (path_metric)
936 hwmp_preq_frame_process(sdata, mgmt, elems.preq,
937 path_metric);
938 }
939 if (elems.prep) {
940 if (elems.prep_len != 31)
941 /* Right now we support no AE */
942 return;
943 path_metric = hwmp_route_info_get(sdata, mgmt, elems.prep,
944 MPATH_PREP);
945 if (path_metric)
946 hwmp_prep_frame_process(sdata, mgmt, elems.prep,
947 path_metric);
948 }
949 if (elems.perr) {
950 if (elems.perr_len != 15)
951 /* Right now we support only one destination per PERR */
952 return;
953 hwmp_perr_frame_process(sdata, mgmt, elems.perr);
954 }
955 if (elems.rann)
956 hwmp_rann_frame_process(sdata, mgmt, elems.rann);
957}
958
959/**
960 * mesh_queue_preq - queue a PREQ to a given destination
961 *
962 * @mpath: mesh path to discover
963 * @flags: special attributes of the PREQ to be sent
964 *
965 * Locking: the function must be called from within a rcu read lock block.
966 *
967 */
968static void mesh_queue_preq(struct mesh_path *mpath, u8 flags)
969{
970 struct ieee80211_sub_if_data *sdata = mpath->sdata;
971 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
972 struct mesh_preq_queue *preq_node;
973
974 preq_node = kmalloc(sizeof(struct mesh_preq_queue), GFP_ATOMIC);
975 if (!preq_node) {
976 mhwmp_dbg(sdata, "could not allocate PREQ node\n");
977 return;
978 }
979
980 spin_lock_bh(&ifmsh->mesh_preq_queue_lock);
981 if (ifmsh->preq_queue_len == MAX_PREQ_QUEUE_LEN) {
982 spin_unlock_bh(&ifmsh->mesh_preq_queue_lock);
983 kfree(preq_node);
984 if (printk_ratelimit())
985 mhwmp_dbg(sdata, "PREQ node queue full\n");
986 return;
987 }
988
989 spin_lock(&mpath->state_lock);
990 if (mpath->flags & MESH_PATH_REQ_QUEUED) {
991 spin_unlock(&mpath->state_lock);
992 spin_unlock_bh(&ifmsh->mesh_preq_queue_lock);
993 kfree(preq_node);
994 return;
995 }
996
997 memcpy(preq_node->dst, mpath->dst, ETH_ALEN);
998 preq_node->flags = flags;
999
1000 mpath->flags |= MESH_PATH_REQ_QUEUED;
1001 spin_unlock(&mpath->state_lock);
1002
1003 list_add_tail(&preq_node->list, &ifmsh->preq_queue.list);
1004 ++ifmsh->preq_queue_len;
1005 spin_unlock_bh(&ifmsh->mesh_preq_queue_lock);
1006
1007 if (time_after(jiffies, ifmsh->last_preq + min_preq_int_jiff(sdata)))
1008 ieee80211_queue_work(&sdata->local->hw, &sdata->work);
1009
1010 else if (time_before(jiffies, ifmsh->last_preq)) {
1011 /* avoid long wait if did not send preqs for a long time
1012 * and jiffies wrapped around
1013 */
1014 ifmsh->last_preq = jiffies - min_preq_int_jiff(sdata) - 1;
1015 ieee80211_queue_work(&sdata->local->hw, &sdata->work);
1016 } else
1017 mod_timer(&ifmsh->mesh_path_timer, ifmsh->last_preq +
1018 min_preq_int_jiff(sdata));
1019}
1020
1021/**
1022 * mesh_path_start_discovery - launch a path discovery from the PREQ queue
1023 *
1024 * @sdata: local mesh subif
1025 */
1026void mesh_path_start_discovery(struct ieee80211_sub_if_data *sdata)
1027{
1028 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
1029 struct mesh_preq_queue *preq_node;
1030 struct mesh_path *mpath;
1031 u8 ttl, target_flags = 0;
1032 const u8 *da;
1033 u32 lifetime;
1034
1035 spin_lock_bh(&ifmsh->mesh_preq_queue_lock);
1036 if (!ifmsh->preq_queue_len ||
1037 time_before(jiffies, ifmsh->last_preq +
1038 min_preq_int_jiff(sdata))) {
1039 spin_unlock_bh(&ifmsh->mesh_preq_queue_lock);
1040 return;
1041 }
1042
1043 preq_node = list_first_entry(&ifmsh->preq_queue.list,
1044 struct mesh_preq_queue, list);
1045 list_del(&preq_node->list);
1046 --ifmsh->preq_queue_len;
1047 spin_unlock_bh(&ifmsh->mesh_preq_queue_lock);
1048
1049 rcu_read_lock();
1050 mpath = mesh_path_lookup(sdata, preq_node->dst);
1051 if (!mpath)
1052 goto enddiscovery;
1053
1054 spin_lock_bh(&mpath->state_lock);
1055 if (mpath->flags & (MESH_PATH_DELETED | MESH_PATH_FIXED)) {
1056 spin_unlock_bh(&mpath->state_lock);
1057 goto enddiscovery;
1058 }
1059 mpath->flags &= ~MESH_PATH_REQ_QUEUED;
1060 if (preq_node->flags & PREQ_Q_F_START) {
1061 if (mpath->flags & MESH_PATH_RESOLVING) {
1062 spin_unlock_bh(&mpath->state_lock);
1063 goto enddiscovery;
1064 } else {
1065 mpath->flags &= ~MESH_PATH_RESOLVED;
1066 mpath->flags |= MESH_PATH_RESOLVING;
1067 mpath->discovery_retries = 0;
1068 mpath->discovery_timeout = disc_timeout_jiff(sdata);
1069 }
1070 } else if (!(mpath->flags & MESH_PATH_RESOLVING) ||
1071 mpath->flags & MESH_PATH_RESOLVED) {
1072 mpath->flags &= ~MESH_PATH_RESOLVING;
1073 spin_unlock_bh(&mpath->state_lock);
1074 goto enddiscovery;
1075 }
1076
1077 ifmsh->last_preq = jiffies;
1078
1079 if (time_after(jiffies, ifmsh->last_sn_update +
1080 net_traversal_jiffies(sdata)) ||
1081 time_before(jiffies, ifmsh->last_sn_update)) {
1082 ++ifmsh->sn;
1083 sdata->u.mesh.last_sn_update = jiffies;
1084 }
1085 lifetime = default_lifetime(sdata);
1086 ttl = sdata->u.mesh.mshcfg.element_ttl;
1087 if (ttl == 0) {
1088 sdata->u.mesh.mshstats.dropped_frames_ttl++;
1089 spin_unlock_bh(&mpath->state_lock);
1090 goto enddiscovery;
1091 }
1092
1093 if (preq_node->flags & PREQ_Q_F_REFRESH)
1094 target_flags |= IEEE80211_PREQ_TO_FLAG;
1095 else
1096 target_flags &= ~IEEE80211_PREQ_TO_FLAG;
1097
1098 spin_unlock_bh(&mpath->state_lock);
1099 da = (mpath->is_root) ? mpath->rann_snd_addr : broadcast_addr;
1100 mesh_path_sel_frame_tx(MPATH_PREQ, 0, sdata->vif.addr, ifmsh->sn,
1101 target_flags, mpath->dst, mpath->sn, da, 0,
1102 ttl, lifetime, 0, ifmsh->preq_id++, sdata);
1103 mod_timer(&mpath->timer, jiffies + mpath->discovery_timeout);
1104
1105enddiscovery:
1106 rcu_read_unlock();
1107 kfree(preq_node);
1108}
1109
1110/**
1111 * mesh_nexthop_resolve - lookup next hop; conditionally start path discovery
1112 *
1113 * @skb: 802.11 frame to be sent
1114 * @sdata: network subif the frame will be sent through
1115 *
1116 * Lookup next hop for given skb and start path discovery if no
1117 * forwarding information is found.
1118 *
1119 * Returns: 0 if the next hop was found and -ENOENT if the frame was queued.
1120 * skb is freeed here if no mpath could be allocated.
1121 */
1122int mesh_nexthop_resolve(struct ieee80211_sub_if_data *sdata,
1123 struct sk_buff *skb)
1124{
1125 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
1126 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1127 struct mesh_path *mpath;
1128 struct sk_buff *skb_to_free = NULL;
1129 u8 *target_addr = hdr->addr3;
1130
1131 /* Nulls are only sent to peers for PS and should be pre-addressed */
1132 if (ieee80211_is_qos_nullfunc(hdr->frame_control))
1133 return 0;
1134
1135 /* Allow injected packets to bypass mesh routing */
1136 if (info->control.flags & IEEE80211_TX_CTRL_SKIP_MPATH_LOOKUP)
1137 return 0;
1138
1139 if (!mesh_nexthop_lookup(sdata, skb))
1140 return 0;
1141
1142 /* no nexthop found, start resolving */
1143 mpath = mesh_path_lookup(sdata, target_addr);
1144 if (!mpath) {
1145 mpath = mesh_path_add(sdata, target_addr);
1146 if (IS_ERR(mpath)) {
1147 mesh_path_discard_frame(sdata, skb);
1148 return PTR_ERR(mpath);
1149 }
1150 }
1151
1152 if (!(mpath->flags & MESH_PATH_RESOLVING))
1153 mesh_queue_preq(mpath, PREQ_Q_F_START);
1154
1155 if (skb_queue_len(&mpath->frame_queue) >= MESH_FRAME_QUEUE_LEN)
1156 skb_to_free = skb_dequeue(&mpath->frame_queue);
1157
1158 info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING;
1159 ieee80211_set_qos_hdr(sdata, skb);
1160 skb_queue_tail(&mpath->frame_queue, skb);
1161 if (skb_to_free)
1162 mesh_path_discard_frame(sdata, skb_to_free);
1163
1164 return -ENOENT;
1165}
1166
1167/**
1168 * mesh_nexthop_lookup - put the appropriate next hop on a mesh frame. Calling
1169 * this function is considered "using" the associated mpath, so preempt a path
1170 * refresh if this mpath expires soon.
1171 *
1172 * @skb: 802.11 frame to be sent
1173 * @sdata: network subif the frame will be sent through
1174 *
1175 * Returns: 0 if the next hop was found. Nonzero otherwise.
1176 */
1177int mesh_nexthop_lookup(struct ieee80211_sub_if_data *sdata,
1178 struct sk_buff *skb)
1179{
1180 struct mesh_path *mpath;
1181 struct sta_info *next_hop;
1182 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
1183 u8 *target_addr = hdr->addr3;
1184
1185 mpath = mesh_path_lookup(sdata, target_addr);
1186 if (!mpath || !(mpath->flags & MESH_PATH_ACTIVE))
1187 return -ENOENT;
1188
1189 if (time_after(jiffies,
1190 mpath->exp_time -
1191 msecs_to_jiffies(sdata->u.mesh.mshcfg.path_refresh_time)) &&
1192 ether_addr_equal(sdata->vif.addr, hdr->addr4) &&
1193 !(mpath->flags & MESH_PATH_RESOLVING) &&
1194 !(mpath->flags & MESH_PATH_FIXED))
1195 mesh_queue_preq(mpath, PREQ_Q_F_START | PREQ_Q_F_REFRESH);
1196
1197 next_hop = rcu_dereference(mpath->next_hop);
1198 if (next_hop) {
1199 memcpy(hdr->addr1, next_hop->sta.addr, ETH_ALEN);
1200 memcpy(hdr->addr2, sdata->vif.addr, ETH_ALEN);
1201 ieee80211_mps_set_frame_flags(sdata, next_hop, hdr);
1202 return 0;
1203 }
1204
1205 return -ENOENT;
1206}
1207
1208void mesh_path_timer(struct timer_list *t)
1209{
1210 struct mesh_path *mpath = from_timer(mpath, t, timer);
1211 struct ieee80211_sub_if_data *sdata = mpath->sdata;
1212 int ret;
1213
1214 if (sdata->local->quiescing)
1215 return;
1216
1217 spin_lock_bh(&mpath->state_lock);
1218 if (mpath->flags & MESH_PATH_RESOLVED ||
1219 (!(mpath->flags & MESH_PATH_RESOLVING))) {
1220 mpath->flags &= ~(MESH_PATH_RESOLVING | MESH_PATH_RESOLVED);
1221 spin_unlock_bh(&mpath->state_lock);
1222 } else if (mpath->discovery_retries < max_preq_retries(sdata)) {
1223 ++mpath->discovery_retries;
1224 mpath->discovery_timeout *= 2;
1225 mpath->flags &= ~MESH_PATH_REQ_QUEUED;
1226 spin_unlock_bh(&mpath->state_lock);
1227 mesh_queue_preq(mpath, 0);
1228 } else {
1229 mpath->flags &= ~(MESH_PATH_RESOLVING |
1230 MESH_PATH_RESOLVED |
1231 MESH_PATH_REQ_QUEUED);
1232 mpath->exp_time = jiffies;
1233 spin_unlock_bh(&mpath->state_lock);
1234 if (!mpath->is_gate && mesh_gate_num(sdata) > 0) {
1235 ret = mesh_path_send_to_gates(mpath);
1236 if (ret)
1237 mhwmp_dbg(sdata, "no gate was reachable\n");
1238 } else
1239 mesh_path_flush_pending(mpath);
1240 }
1241}
1242
1243void mesh_path_tx_root_frame(struct ieee80211_sub_if_data *sdata)
1244{
1245 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
1246 u32 interval = ifmsh->mshcfg.dot11MeshHWMPRannInterval;
1247 u8 flags, target_flags = 0;
1248
1249 flags = (ifmsh->mshcfg.dot11MeshGateAnnouncementProtocol)
1250 ? RANN_FLAG_IS_GATE : 0;
1251
1252 switch (ifmsh->mshcfg.dot11MeshHWMPRootMode) {
1253 case IEEE80211_PROACTIVE_RANN:
1254 mesh_path_sel_frame_tx(MPATH_RANN, flags, sdata->vif.addr,
1255 ++ifmsh->sn, 0, NULL, 0, broadcast_addr,
1256 0, ifmsh->mshcfg.element_ttl,
1257 interval, 0, 0, sdata);
1258 break;
1259 case IEEE80211_PROACTIVE_PREQ_WITH_PREP:
1260 flags |= IEEE80211_PREQ_PROACTIVE_PREP_FLAG;
1261 /* fall through */
1262 case IEEE80211_PROACTIVE_PREQ_NO_PREP:
1263 interval = ifmsh->mshcfg.dot11MeshHWMPactivePathToRootTimeout;
1264 target_flags |= IEEE80211_PREQ_TO_FLAG |
1265 IEEE80211_PREQ_USN_FLAG;
1266 mesh_path_sel_frame_tx(MPATH_PREQ, flags, sdata->vif.addr,
1267 ++ifmsh->sn, target_flags,
1268 (u8 *) broadcast_addr, 0, broadcast_addr,
1269 0, ifmsh->mshcfg.element_ttl, interval,
1270 0, ifmsh->preq_id++, sdata);
1271 break;
1272 default:
1273 mhwmp_dbg(sdata, "Proactive mechanism not supported\n");
1274 return;
1275 }
1276}