Commit | Line | Data |
---|---|---|
b8695a8f JB |
1 | /* |
2 | * HT handling | |
3 | * | |
4 | * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi> | |
5 | * Copyright 2002-2005, Instant802 Networks, Inc. | |
6 | * Copyright 2005-2006, Devicescape Software, Inc. | |
7 | * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> | |
8 | * Copyright 2007, Michael Wu <flamingice@sourmilk.net> | |
a93e3644 | 9 | * Copyright 2007-2010, Intel Corporation |
b8695a8f JB |
10 | * |
11 | * This program is free software; you can redistribute it and/or modify | |
12 | * it under the terms of the GNU General Public License version 2 as | |
13 | * published by the Free Software Foundation. | |
14 | */ | |
15 | ||
73a72a81 JB |
16 | /** |
17 | * DOC: RX A-MPDU aggregation | |
18 | * | |
19 | * Aggregation on the RX side requires only implementing the | |
20 | * @ampdu_action callback that is invoked to start/stop any | |
21 | * block-ack sessions for RX aggregation. | |
22 | * | |
23 | * When RX aggregation is started by the peer, the driver is | |
24 | * notified via @ampdu_action function, with the | |
25 | * %IEEE80211_AMPDU_RX_START action, and may reject the request | |
26 | * in which case a negative response is sent to the peer, if it | |
27 | * accepts it a positive response is sent. | |
28 | * | |
29 | * While the session is active, the device/driver are required | |
30 | * to de-aggregate frames and pass them up one by one to mac80211, | |
31 | * which will handle the reorder buffer. | |
32 | * | |
33 | * When the aggregation session is stopped again by the peer or | |
34 | * ourselves, the driver's @ampdu_action function will be called | |
35 | * with the action %IEEE80211_AMPDU_RX_STOP. In this case, the | |
36 | * call must not fail. | |
37 | */ | |
38 | ||
b8695a8f | 39 | #include <linux/ieee80211.h> |
5a0e3ad6 | 40 | #include <linux/slab.h> |
bc3b2d7f | 41 | #include <linux/export.h> |
b8695a8f JB |
42 | #include <net/mac80211.h> |
43 | #include "ieee80211_i.h" | |
24487981 | 44 | #include "driver-ops.h" |
b8695a8f | 45 | |
a87f736d JB |
46 | static void ieee80211_free_tid_rx(struct rcu_head *h) |
47 | { | |
48 | struct tid_ampdu_rx *tid_rx = | |
49 | container_of(h, struct tid_ampdu_rx, rcu_head); | |
50 | int i; | |
51 | ||
d72308bf SG |
52 | del_timer_sync(&tid_rx->reorder_timer); |
53 | ||
a87f736d JB |
54 | for (i = 0; i < tid_rx->buf_size; i++) |
55 | dev_kfree_skb(tid_rx->reorder_buf[i]); | |
56 | kfree(tid_rx->reorder_buf); | |
57 | kfree(tid_rx->reorder_time); | |
58 | kfree(tid_rx); | |
59 | } | |
60 | ||
7c3b1dd8 | 61 | void ___ieee80211_stop_rx_ba_session(struct sta_info *sta, u16 tid, |
53f73c09 | 62 | u16 initiator, u16 reason, bool tx) |
b8695a8f | 63 | { |
d75636ef | 64 | struct ieee80211_local *local = sta->local; |
098a6070 | 65 | struct tid_ampdu_rx *tid_rx; |
b8695a8f | 66 | |
a93e3644 | 67 | lockdep_assert_held(&sta->ampdu_mlme.mtx); |
098a6070 | 68 | |
40b275b6 JB |
69 | tid_rx = rcu_dereference_protected(sta->ampdu_mlme.tid_rx[tid], |
70 | lockdep_is_held(&sta->ampdu_mlme.mtx)); | |
a87f736d | 71 | |
7c3b1dd8 | 72 | if (!tid_rx) |
b8695a8f | 73 | return; |
d75636ef | 74 | |
a9b3cd7f | 75 | RCU_INIT_POINTER(sta->ampdu_mlme.tid_rx[tid], NULL); |
b8695a8f | 76 | |
bdcbd8e0 JB |
77 | ht_dbg(sta->sdata, |
78 | "Rx BA session stop requested for %pM tid %u %s reason: %d\n", | |
79 | sta->sta.addr, tid, | |
80 | initiator == WLAN_BACK_RECIPIENT ? "recipient" : "inititator", | |
81 | (int)reason); | |
b8695a8f | 82 | |
12375ef9 | 83 | if (drv_ampdu_action(local, sta->sdata, IEEE80211_AMPDU_RX_STOP, |
0b01f030 | 84 | &sta->sta, tid, NULL, 0)) |
bdcbd8e0 JB |
85 | sdata_info(sta->sdata, |
86 | "HW problem - can not stop rx aggregation for tid %d\n", | |
87 | tid); | |
b8695a8f | 88 | |
b8695a8f | 89 | /* check if this is a self generated aggregation halt */ |
53f73c09 | 90 | if (initiator == WLAN_BACK_RECIPIENT && tx) |
d75636ef | 91 | ieee80211_send_delba(sta->sdata, sta->sta.addr, |
a7f39f60 | 92 | tid, WLAN_BACK_RECIPIENT, reason); |
b8695a8f | 93 | |
7c3b1dd8 | 94 | del_timer_sync(&tid_rx->session_timer); |
a87f736d JB |
95 | |
96 | call_rcu(&tid_rx->rcu_head, ieee80211_free_tid_rx); | |
b8695a8f JB |
97 | } |
98 | ||
2aab4c27 | 99 | void __ieee80211_stop_rx_ba_session(struct sta_info *sta, u16 tid, |
53f73c09 | 100 | u16 initiator, u16 reason, bool tx) |
2aab4c27 | 101 | { |
a93e3644 | 102 | mutex_lock(&sta->ampdu_mlme.mtx); |
53f73c09 | 103 | ___ieee80211_stop_rx_ba_session(sta, tid, initiator, reason, tx); |
a93e3644 | 104 | mutex_unlock(&sta->ampdu_mlme.mtx); |
2aab4c27 JB |
105 | } |
106 | ||
f41ccd71 SL |
107 | void ieee80211_stop_rx_ba_session(struct ieee80211_vif *vif, u16 ba_rx_bitmap, |
108 | const u8 *addr) | |
109 | { | |
110 | struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); | |
0a557ed3 | 111 | struct sta_info *sta; |
f41ccd71 SL |
112 | int i; |
113 | ||
0a557ed3 | 114 | rcu_read_lock(); |
bc192f89 | 115 | sta = sta_info_get_bss(sdata, addr); |
0a557ed3 EP |
116 | if (!sta) { |
117 | rcu_read_unlock(); | |
118 | return; | |
119 | } | |
120 | ||
f41ccd71 SL |
121 | for (i = 0; i < STA_TID_NUM; i++) |
122 | if (ba_rx_bitmap & BIT(i)) | |
123 | set_bit(i, sta->ampdu_mlme.tid_rx_stop_requested); | |
124 | ||
125 | ieee80211_queue_work(&sta->local->hw, &sta->ampdu_mlme.work); | |
0a557ed3 | 126 | rcu_read_unlock(); |
f41ccd71 SL |
127 | } |
128 | EXPORT_SYMBOL(ieee80211_stop_rx_ba_session); | |
129 | ||
b8695a8f JB |
130 | /* |
131 | * After accepting the AddBA Request we activated a timer, | |
132 | * resetting it after each frame that arrives from the originator. | |
b8695a8f JB |
133 | */ |
134 | static void sta_rx_agg_session_timer_expired(unsigned long data) | |
135 | { | |
136 | /* not an elegant detour, but there is no choice as the timer passes | |
137 | * only one argument, and various sta_info are needed here, so init | |
138 | * flow in sta_info_create gives the TID as data, while the timer_to_id | |
139 | * array gives the sta through container_of */ | |
140 | u8 *ptid = (u8 *)data; | |
141 | u8 *timer_to_id = ptid - *ptid; | |
142 | struct sta_info *sta = container_of(timer_to_id, struct sta_info, | |
143 | timer_to_tid[0]); | |
12d3952f FF |
144 | struct tid_ampdu_rx *tid_rx; |
145 | unsigned long timeout; | |
146 | ||
d8c7aae6 | 147 | rcu_read_lock(); |
12d3952f | 148 | tid_rx = rcu_dereference(sta->ampdu_mlme.tid_rx[*ptid]); |
d8c7aae6 FF |
149 | if (!tid_rx) { |
150 | rcu_read_unlock(); | |
12d3952f | 151 | return; |
d8c7aae6 | 152 | } |
12d3952f FF |
153 | |
154 | timeout = tid_rx->last_rx + TU_TO_JIFFIES(tid_rx->timeout); | |
155 | if (time_is_after_jiffies(timeout)) { | |
156 | mod_timer(&tid_rx->session_timer, timeout); | |
d8c7aae6 | 157 | rcu_read_unlock(); |
12d3952f FF |
158 | return; |
159 | } | |
d8c7aae6 | 160 | rcu_read_unlock(); |
b8695a8f | 161 | |
bdcbd8e0 | 162 | ht_dbg(sta->sdata, "rx session timer expired on tid %d\n", (u16)*ptid); |
d63e9ae3 | 163 | |
7c3b1dd8 JB |
164 | set_bit(*ptid, sta->ampdu_mlme.tid_rx_timer_expired); |
165 | ieee80211_queue_work(&sta->local->hw, &sta->ampdu_mlme.work); | |
b8695a8f JB |
166 | } |
167 | ||
2bff8ebf CL |
168 | static void sta_rx_agg_reorder_timer_expired(unsigned long data) |
169 | { | |
170 | u8 *ptid = (u8 *)data; | |
171 | u8 *timer_to_id = ptid - *ptid; | |
172 | struct sta_info *sta = container_of(timer_to_id, struct sta_info, | |
173 | timer_to_tid[0]); | |
174 | ||
175 | rcu_read_lock(); | |
2bff8ebf | 176 | ieee80211_release_reorder_timeout(sta, *ptid); |
2bff8ebf CL |
177 | rcu_read_unlock(); |
178 | } | |
179 | ||
b8695a8f JB |
180 | static void ieee80211_send_addba_resp(struct ieee80211_sub_if_data *sdata, u8 *da, u16 tid, |
181 | u8 dialog_token, u16 status, u16 policy, | |
182 | u16 buf_size, u16 timeout) | |
183 | { | |
b8695a8f JB |
184 | struct ieee80211_local *local = sdata->local; |
185 | struct sk_buff *skb; | |
186 | struct ieee80211_mgmt *mgmt; | |
187 | u16 capab; | |
188 | ||
189 | skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom); | |
d15b8459 | 190 | if (!skb) |
b8695a8f | 191 | return; |
b8695a8f JB |
192 | |
193 | skb_reserve(skb, local->hw.extra_tx_headroom); | |
194 | mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24); | |
195 | memset(mgmt, 0, 24); | |
196 | memcpy(mgmt->da, da, ETH_ALEN); | |
47846c9b | 197 | memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); |
8abd3f9b | 198 | if (sdata->vif.type == NL80211_IFTYPE_AP || |
ae2772b3 TP |
199 | sdata->vif.type == NL80211_IFTYPE_AP_VLAN || |
200 | sdata->vif.type == NL80211_IFTYPE_MESH_POINT) | |
47846c9b | 201 | memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN); |
46900298 JB |
202 | else if (sdata->vif.type == NL80211_IFTYPE_STATION) |
203 | memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN); | |
13c40c54 AS |
204 | else if (sdata->vif.type == NL80211_IFTYPE_ADHOC) |
205 | memcpy(mgmt->bssid, sdata->u.ibss.bssid, ETH_ALEN); | |
46900298 | 206 | |
b8695a8f JB |
207 | mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | |
208 | IEEE80211_STYPE_ACTION); | |
209 | ||
210 | skb_put(skb, 1 + sizeof(mgmt->u.action.u.addba_resp)); | |
211 | mgmt->u.action.category = WLAN_CATEGORY_BACK; | |
212 | mgmt->u.action.u.addba_resp.action_code = WLAN_ACTION_ADDBA_RESP; | |
213 | mgmt->u.action.u.addba_resp.dialog_token = dialog_token; | |
214 | ||
215 | capab = (u16)(policy << 1); /* bit 1 aggregation policy */ | |
216 | capab |= (u16)(tid << 2); /* bit 5:2 TID number */ | |
217 | capab |= (u16)(buf_size << 6); /* bit 15:6 max size of aggregation */ | |
218 | ||
219 | mgmt->u.action.u.addba_resp.capab = cpu_to_le16(capab); | |
220 | mgmt->u.action.u.addba_resp.timeout = cpu_to_le16(timeout); | |
221 | mgmt->u.action.u.addba_resp.status = cpu_to_le16(status); | |
222 | ||
62ae67be | 223 | ieee80211_tx_skb(sdata, skb); |
b8695a8f JB |
224 | } |
225 | ||
226 | void ieee80211_process_addba_request(struct ieee80211_local *local, | |
227 | struct sta_info *sta, | |
228 | struct ieee80211_mgmt *mgmt, | |
229 | size_t len) | |
230 | { | |
b8695a8f JB |
231 | struct tid_ampdu_rx *tid_agg_rx; |
232 | u16 capab, tid, timeout, ba_policy, buf_size, start_seq_num, status; | |
233 | u8 dialog_token; | |
234 | int ret = -EOPNOTSUPP; | |
235 | ||
236 | /* extract session parameters from addba request frame */ | |
237 | dialog_token = mgmt->u.action.u.addba_req.dialog_token; | |
238 | timeout = le16_to_cpu(mgmt->u.action.u.addba_req.timeout); | |
239 | start_seq_num = | |
240 | le16_to_cpu(mgmt->u.action.u.addba_req.start_seq_num) >> 4; | |
241 | ||
242 | capab = le16_to_cpu(mgmt->u.action.u.addba_req.capab); | |
243 | ba_policy = (capab & IEEE80211_ADDBA_PARAM_POLICY_MASK) >> 1; | |
244 | tid = (capab & IEEE80211_ADDBA_PARAM_TID_MASK) >> 2; | |
245 | buf_size = (capab & IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK) >> 6; | |
246 | ||
247 | status = WLAN_STATUS_REQUEST_DECLINED; | |
248 | ||
c2c98fde | 249 | if (test_sta_flag(sta, WLAN_STA_BLOCK_BA)) { |
bdcbd8e0 | 250 | ht_dbg(sta->sdata, "Suspend in progress - Denying ADDBA request\n"); |
722f069a S |
251 | goto end_no_lock; |
252 | } | |
253 | ||
b8695a8f JB |
254 | /* sanity check for incoming parameters: |
255 | * check if configuration can support the BA policy | |
256 | * and if buffer size does not exceeds max value */ | |
257 | /* XXX: check own ht delayed BA capability?? */ | |
f64f9e71 JP |
258 | if (((ba_policy != 1) && |
259 | (!(sta->sta.ht_cap.cap & IEEE80211_HT_CAP_DELAY_BA))) || | |
260 | (buf_size > IEEE80211_MAX_AMPDU_BUF)) { | |
b8695a8f | 261 | status = WLAN_STATUS_INVALID_QOS_PARAM; |
bdcbd8e0 JB |
262 | ht_dbg_ratelimited(sta->sdata, |
263 | "AddBA Req with bad params from %pM on tid %u. policy %d, buffer size %d\n", | |
264 | mgmt->sa, tid, ba_policy, buf_size); | |
b8695a8f JB |
265 | goto end_no_lock; |
266 | } | |
267 | /* determine default buffer size */ | |
82694f76 LC |
268 | if (buf_size == 0) |
269 | buf_size = IEEE80211_MAX_AMPDU_BUF; | |
b8695a8f | 270 | |
df6ba5d8 LC |
271 | /* make sure the size doesn't exceed the maximum supported by the hw */ |
272 | if (buf_size > local->hw.max_rx_aggregation_subframes) | |
273 | buf_size = local->hw.max_rx_aggregation_subframes; | |
b8695a8f JB |
274 | |
275 | /* examine state machine */ | |
a93e3644 | 276 | mutex_lock(&sta->ampdu_mlme.mtx); |
b8695a8f | 277 | |
a87f736d | 278 | if (sta->ampdu_mlme.tid_rx[tid]) { |
bdcbd8e0 JB |
279 | ht_dbg_ratelimited(sta->sdata, |
280 | "unexpected AddBA Req from %pM on tid %u\n", | |
281 | mgmt->sa, tid); | |
15b4d843 AN |
282 | |
283 | /* delete existing Rx BA session on the same tid */ | |
284 | ___ieee80211_stop_rx_ba_session(sta, tid, WLAN_BACK_RECIPIENT, | |
285 | WLAN_STATUS_UNSPECIFIED_QOS, | |
286 | false); | |
b8695a8f JB |
287 | } |
288 | ||
289 | /* prepare A-MPDU MLME for Rx aggregation */ | |
dd318575 | 290 | tid_agg_rx = kmalloc(sizeof(struct tid_ampdu_rx), GFP_KERNEL); |
d15b8459 | 291 | if (!tid_agg_rx) |
b8695a8f | 292 | goto end; |
b8695a8f | 293 | |
2bff8ebf CL |
294 | spin_lock_init(&tid_agg_rx->reorder_lock); |
295 | ||
a87f736d JB |
296 | /* rx timer */ |
297 | tid_agg_rx->session_timer.function = sta_rx_agg_session_timer_expired; | |
298 | tid_agg_rx->session_timer.data = (unsigned long)&sta->timer_to_tid[tid]; | |
12d3952f | 299 | init_timer_deferrable(&tid_agg_rx->session_timer); |
b8695a8f | 300 | |
2bff8ebf CL |
301 | /* rx reorder timer */ |
302 | tid_agg_rx->reorder_timer.function = sta_rx_agg_reorder_timer_expired; | |
303 | tid_agg_rx->reorder_timer.data = (unsigned long)&sta->timer_to_tid[tid]; | |
304 | init_timer(&tid_agg_rx->reorder_timer); | |
305 | ||
b8695a8f JB |
306 | /* prepare reordering buffer */ |
307 | tid_agg_rx->reorder_buf = | |
dd318575 | 308 | kcalloc(buf_size, sizeof(struct sk_buff *), GFP_KERNEL); |
4d050f1d | 309 | tid_agg_rx->reorder_time = |
dd318575 | 310 | kcalloc(buf_size, sizeof(unsigned long), GFP_KERNEL); |
4d050f1d | 311 | if (!tid_agg_rx->reorder_buf || !tid_agg_rx->reorder_time) { |
4d050f1d JM |
312 | kfree(tid_agg_rx->reorder_buf); |
313 | kfree(tid_agg_rx->reorder_time); | |
a87f736d | 314 | kfree(tid_agg_rx); |
b8695a8f JB |
315 | goto end; |
316 | } | |
317 | ||
12375ef9 | 318 | ret = drv_ampdu_action(local, sta->sdata, IEEE80211_AMPDU_RX_START, |
0b01f030 | 319 | &sta->sta, tid, &start_seq_num, 0); |
bdcbd8e0 | 320 | ht_dbg(sta->sdata, "Rx A-MPDU request on tid %d result %d\n", tid, ret); |
b8695a8f JB |
321 | if (ret) { |
322 | kfree(tid_agg_rx->reorder_buf); | |
a87f736d | 323 | kfree(tid_agg_rx->reorder_time); |
b8695a8f | 324 | kfree(tid_agg_rx); |
b8695a8f JB |
325 | goto end; |
326 | } | |
327 | ||
a87f736d | 328 | /* update data */ |
b8695a8f JB |
329 | tid_agg_rx->dialog_token = dialog_token; |
330 | tid_agg_rx->ssn = start_seq_num; | |
331 | tid_agg_rx->head_seq_num = start_seq_num; | |
332 | tid_agg_rx->buf_size = buf_size; | |
333 | tid_agg_rx->timeout = timeout; | |
334 | tid_agg_rx->stored_mpdu_num = 0; | |
335 | status = WLAN_STATUS_SUCCESS; | |
a87f736d JB |
336 | |
337 | /* activate it for RX */ | |
cf778b00 | 338 | rcu_assign_pointer(sta->ampdu_mlme.tid_rx[tid], tid_agg_rx); |
f955ebb4 | 339 | |
12d3952f | 340 | if (timeout) { |
f955ebb4 | 341 | mod_timer(&tid_agg_rx->session_timer, TU_TO_EXP_TIME(timeout)); |
12d3952f FF |
342 | tid_agg_rx->last_rx = jiffies; |
343 | } | |
f955ebb4 | 344 | |
b8695a8f | 345 | end: |
a93e3644 | 346 | mutex_unlock(&sta->ampdu_mlme.mtx); |
b8695a8f JB |
347 | |
348 | end_no_lock: | |
349 | ieee80211_send_addba_resp(sta->sdata, sta->sta.addr, tid, | |
350 | dialog_token, status, 1, buf_size, timeout); | |
351 | } |