mesh.c source code [linux/net/mac80211/mesh.c]

1	// SPDX-License-Identifier: GPL-2.0-only
2	/*
3	* Copyright (c) 2008, 2009 open80211s Ltd.
4	* Copyright (C) 2018 - 2024 Intel Corporation
5	* Authors: Luis Carlos Cobo <luisca@cozybit.com>
6	* Javier Cardona <javier@cozybit.com>
7	*/
8
9	#include <linux/slab.h>
10	#include <asm/unaligned.h>
11	#include "ieee80211_i.h"
12	#include "mesh.h"
13	#include "wme.h"
14	#include "driver-ops.h"
15
16	static int mesh_allocated;
17	static struct kmem_cache *rm_cache;
18
19	bool mesh_action_is_path_sel(struct ieee80211_mgmt *mgmt)
20	{
21	return (mgmt->u.action.u.mesh_action.action_code ==
22	WLAN_MESH_ACTION_HWMP_PATH_SELECTION);
23	}
24
25	void ieee80211s_init(void)
26	{
27	mesh_allocated = `1`;
28	rm_cache = kmem_cache_create(name: "mesh_rmc", size: sizeof(struct rmc_entry),
29	align: `0`, flags: `0`, NULL);
30	}
31
32	void ieee80211s_stop(void)
33	{
34	if (!mesh_allocated)
35	return;
36	kmem_cache_destroy(s: rm_cache);
37	}
38
39	static void ieee80211_mesh_housekeeping_timer(struct timer_list *t)
40	{
41	struct ieee80211_sub_if_data *sdata =
42	from_timer(sdata, t, u.mesh.housekeeping_timer);
43	struct ieee80211_local *local = sdata->local;
44	struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
45
46	set_bit(nr: MESH_WORK_HOUSEKEEPING, addr: &ifmsh->wrkq_flags);
47
48	wiphy_work_queue(wiphy: local->hw.wiphy, work: &sdata->work);
49	}
50
51	/**
52	* mesh_matches_local - check if the config of a mesh point matches ours
53	*
54	* @sdata: local mesh subif
55	* @ie: information elements of a management frame from the mesh peer
56	*
57	* This function checks if the mesh configuration of a mesh point matches the
58	* local mesh configuration, i.e. if both nodes belong to the same mesh network.
59	*
60	* Returns: %true if both nodes belong to the same mesh
61	*/
62	bool mesh_matches_local(struct ieee80211_sub_if_data *sdata,
63	struct ieee802_11_elems *ie)
64	{
65	struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
66	u32 basic_rates = `0`;
67	struct cfg80211_chan_def sta_chan_def;
68	struct ieee80211_supported_band *sband;
69	u32 vht_cap_info = `0`;
70
71	/*
72	* As support for each feature is added, check for matching
73	* - On mesh config capabilities
74	* - Power Save Support En
75	* - Sync support enabled
76	* - Sync support active
77	* - Sync support required from peer
78	* - MDA enabled
79	* - Power management control on fc
80	*/
81	if (!(ifmsh->mesh_id_len == ie->mesh_id_len &&
82	memcmp(p: ifmsh->mesh_id, q: ie->mesh_id, size: ie->mesh_id_len) == `0` &&
83	(ifmsh->mesh_pp_id == ie->mesh_config->meshconf_psel) &&
84	(ifmsh->mesh_pm_id == ie->mesh_config->meshconf_pmetric) &&
85	(ifmsh->mesh_cc_id == ie->mesh_config->meshconf_congest) &&
86	(ifmsh->mesh_sp_id == ie->mesh_config->meshconf_synch) &&
87	(ifmsh->mesh_auth_id == ie->mesh_config->meshconf_auth)))
88	return false;
89
90	sband = ieee80211_get_sband(sdata);
91	if (!sband)
92	return false;
93
94	ieee80211_sta_get_rates(sdata, elems: ie, band: sband->band,
95	basic_rates: &basic_rates);
96
97	if (sdata->vif.bss_conf.basic_rates != basic_rates)
98	return false;
99
100	cfg80211_chandef_create(chandef: &sta_chan_def, channel: sdata->vif.bss_conf.chanreq.oper.chan,
101	chantype: NL80211_CHAN_NO_HT);
102	ieee80211_chandef_ht_oper(ht_oper: ie->ht_operation, chandef: &sta_chan_def);
103
104	if (ie->vht_cap_elem)
105	vht_cap_info = le32_to_cpu(ie->vht_cap_elem->vht_cap_info);
106
107	ieee80211_chandef_vht_oper(hw: &sdata->local->hw, vht_cap_info,
108	oper: ie->vht_operation, htop: ie->ht_operation,
109	chandef: &sta_chan_def);
110	ieee80211_chandef_he_6ghz_oper(local: sdata->local, he_oper: ie->he_operation,
111	eht_oper: ie->eht_operation,
112	chandef: &sta_chan_def);
113
114	if (!cfg80211_chandef_compatible(chandef1: &sdata->vif.bss_conf.chanreq.oper,
115	chandef2: &sta_chan_def))
116	return false;
117
118	return true;
119	}
120
121	/**
122	* mesh_peer_accepts_plinks - check if an mp is willing to establish peer links
123	*
124	* @ie: information elements of a management frame from the mesh peer
125	*
126	* Returns: %true if the mesh peer is willing to establish peer links
127	*/
128	bool mesh_peer_accepts_plinks(struct ieee802_11_elems *ie)
129	{
130	return (ie->mesh_config->meshconf_cap &
131	IEEE80211_MESHCONF_CAPAB_ACCEPT_PLINKS) != `0`;
132	}
133
134	/**
135	* mesh_accept_plinks_update - update accepting_plink in local mesh beacons
136	*
137	* @sdata: mesh interface in which mesh beacons are going to be updated
138	*
139	* Returns: beacon changed flag if the beacon content changed.
140	*/
141	u64 mesh_accept_plinks_update(struct ieee80211_sub_if_data *sdata)
142	{
143	bool free_plinks;
144	u64 changed = `0`;
145
146	/ In case mesh_plink_free_count > 0 and mesh_plinktbl_capacity == 0,*
147	* the mesh interface might be able to establish plinks with peers that
148	* are already on the table but are not on PLINK_ESTAB state. However,
149	* in general the mesh interface is not accepting peer link requests
150	* from new peers, and that must be reflected in the beacon
151	*/
152	free_plinks = mesh_plink_availables(sdata);
153
154	if (free_plinks != sdata->u.mesh.accepting_plinks) {
155	sdata->u.mesh.accepting_plinks = free_plinks;
156	changed = BSS_CHANGED_BEACON;
157	}
158
159	return changed;
160	}
161
162	/*
163	* mesh_sta_cleanup - clean up any mesh sta state
164	*
165	* @sta: mesh sta to clean up.
166	*/
167	void mesh_sta_cleanup(struct sta_info *sta)
168	{
169	struct ieee80211_sub_if_data *sdata = sta->sdata;
170	u64 changed = mesh_plink_deactivate(sta);
171
172	if (changed)
173	ieee80211_mbss_info_change_notify(sdata, changed);
174	}
175
176	int mesh_rmc_init(struct ieee80211_sub_if_data *sdata)
177	{
178	int i;
179
180	sdata->u.mesh.rmc = kmalloc(size: sizeof(struct mesh_rmc), GFP_KERNEL);
181	if (!sdata->u.mesh.rmc)
182	return -ENOMEM;
183	sdata->u.mesh.rmc->idx_mask = RMC_BUCKETS - `1`;
184	for (i = `0`; i < RMC_BUCKETS; i++)
185	INIT_HLIST_HEAD(&sdata->u.mesh.rmc->bucket[i]);
186	return `0`;
187	}
188
189	void mesh_rmc_free(struct ieee80211_sub_if_data *sdata)
190	{
191	struct mesh_rmc *rmc = sdata->u.mesh.rmc;
192	struct rmc_entry *p;
193	struct hlist_node *n;
194	int i;
195
196	if (!sdata->u.mesh.rmc)
197	return;
198
199	for (i = `0`; i < RMC_BUCKETS; i++) {
200	hlist_for_each_entry_safe(p, n, &rmc->bucket[i], list) {
201	hlist_del(n: &p->list);
202	kmem_cache_free(s: rm_cache, objp: p);
203	}
204	}
205
206	kfree(objp: rmc);
207	sdata->u.mesh.rmc = NULL;
208	}
209
210	/**
211	* mesh_rmc_check - Check frame in recent multicast cache and add if absent.
212	*
213	* @sdata: interface
214	* @sa: source address
215	* @mesh_hdr: mesh_header
216	*
217	* Returns: 0 if the frame is not in the cache, nonzero otherwise.
218	*
219	* Checks using the source address and the mesh sequence number if we have
220	* received this frame lately. If the frame is not in the cache, it is added to
221	* it.
222	*/
223	int mesh_rmc_check(struct ieee80211_sub_if_data *sdata,
224	const u8 sa, struct* ieee80211s_hdr *mesh_hdr)
225	{
226	struct mesh_rmc *rmc = sdata->u.mesh.rmc;
227	u32 seqnum = `0`;
228	int entries = `0`;
229	u8 idx;
230	struct rmc_entry *p;
231	struct hlist_node *n;
232
233	if (!rmc)
234	return -`1`;
235
236	/ Don't care about endianness since only match matters /
237	memcpy(&seqnum, &mesh_hdr->seqnum, sizeof(mesh_hdr->seqnum));
238	idx = le32_to_cpu(mesh_hdr->seqnum) & rmc->idx_mask;
239	hlist_for_each_entry_safe(p, n, &rmc->bucket[idx], list) {
240	++entries;
241	if (time_after(jiffies, p->exp_time) \|\|
242	entries == RMC_QUEUE_MAX_LEN) {
243	hlist_del(n: &p->list);
244	kmem_cache_free(s: rm_cache, objp: p);
245	--entries;
246	} else if ((seqnum == p->seqnum) && ether_addr_equal(addr1: sa, addr2: p->sa))
247	return -`1`;
248	}
249
250	p = kmem_cache_alloc(cachep: rm_cache, GFP_ATOMIC);
251	if (!p)
252	return `0`;
253
254	p->seqnum = seqnum;
255	p->exp_time = jiffies + RMC_TIMEOUT;
256	memcpy(p->sa, sa, ETH_ALEN);
257	hlist_add_head(n: &p->list, h: &rmc->bucket[idx]);
258	return `0`;
259	}
260
261	int mesh_add_meshconf_ie(struct ieee80211_sub_if_data *sdata,
262	struct sk_buff *skb)
263	{
264	struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
265	u8 *pos, neighbors;
266	u8 meshconf_len = sizeof(struct ieee80211_meshconf_ie);
267	bool is_connected_to_gate = ifmsh->num_gates > `0` \|\|
268	ifmsh->mshcfg.dot11MeshGateAnnouncementProtocol \|\|
269	ifmsh->mshcfg.dot11MeshConnectedToMeshGate;
270	bool is_connected_to_as = ifmsh->mshcfg.dot11MeshConnectedToAuthServer;
271
272	if (skb_tailroom(skb) < `2` + meshconf_len)
273	return -ENOMEM;
274
275	pos = skb_put(skb, len: `2` + meshconf_len);
276	*pos++ = WLAN_EID_MESH_CONFIG;
277	*pos++ = meshconf_len;
278
279	/ save a pointer for quick updates in pre-tbtt /
280	ifmsh->meshconf_offset = pos - skb->data;
281
282	/ Active path selection protocol ID /
283	*pos++ = ifmsh->mesh_pp_id;
284	/ Active path selection metric ID /
285	*pos++ = ifmsh->mesh_pm_id;
286	/ Congestion control mode identifier /
287	*pos++ = ifmsh->mesh_cc_id;
288	/ Synchronization protocol identifier /
289	*pos++ = ifmsh->mesh_sp_id;
290	/ Authentication Protocol identifier /
291	*pos++ = ifmsh->mesh_auth_id;
292	/ Mesh Formation Info - number of neighbors /
293	neighbors = atomic_read(v: &ifmsh->estab_plinks);
294	neighbors = min_t(int, neighbors, IEEE80211_MAX_MESH_PEERINGS);
295	*pos++ = (is_connected_to_as << `7`) \|
296	(neighbors << `1`) \|
297	is_connected_to_gate;
298	/ Mesh capability /
299	*pos = `0x00`;
300	*pos \|= ifmsh->mshcfg.dot11MeshForwarding ?
301	IEEE80211_MESHCONF_CAPAB_FORWARDING : `0x00`;
302	*pos \|= ifmsh->accepting_plinks ?
303	IEEE80211_MESHCONF_CAPAB_ACCEPT_PLINKS : `0x00`;
304	/ Mesh PS mode. See IEEE802.11-2012 8.4.2.100.8 /
305	*pos \|= ifmsh->ps_peers_deep_sleep ?
306	IEEE80211_MESHCONF_CAPAB_POWER_SAVE_LEVEL : `0x00`;
307	return `0`;
308	}
309
310	int mesh_add_meshid_ie(struct ieee80211_sub_if_data sdata, struct* sk_buff *skb)
311	{
312	struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
313	u8 *pos;
314
315	if (skb_tailroom(skb) < `2` + ifmsh->mesh_id_len)
316	return -ENOMEM;
317
318	pos = skb_put(skb, len: `2` + ifmsh->mesh_id_len);
319	*pos++ = WLAN_EID_MESH_ID;
320	*pos++ = ifmsh->mesh_id_len;
321	if (ifmsh->mesh_id_len)
322	memcpy(pos, ifmsh->mesh_id, ifmsh->mesh_id_len);
323
324	return `0`;
325	}
326
327	static int mesh_add_awake_window_ie(struct ieee80211_sub_if_data *sdata,
328	struct sk_buff *skb)
329	{
330	struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
331	u8 *pos;
332
333	/ see IEEE802.11-2012 13.14.6 /
334	if (ifmsh->ps_peers_light_sleep == `0` &&
335	ifmsh->ps_peers_deep_sleep == `0` &&
336	ifmsh->nonpeer_pm == NL80211_MESH_POWER_ACTIVE)
337	return `0`;
338
339	if (skb_tailroom(skb) < `4`)
340	return -ENOMEM;
341
342	pos = skb_put(skb, len: `2` + `2`);
343	*pos++ = WLAN_EID_MESH_AWAKE_WINDOW;
344	*pos++ = `2`;
345	put_unaligned_le16(val: ifmsh->mshcfg.dot11MeshAwakeWindowDuration, p: pos);
346
347	return `0`;
348	}
349
350	int mesh_add_vendor_ies(struct ieee80211_sub_if_data *sdata,
351	struct sk_buff *skb)
352	{
353	struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
354	u8 offset, len;
355	const u8 *data;
356
357	if (!ifmsh->ie \|\| !ifmsh->ie_len)
358	return `0`;
359
360	/ fast-forward to vendor IEs /
361	offset = ieee80211_ie_split_vendor(ies: ifmsh->ie, ielen: ifmsh->ie_len, offset: `0`);
362
363	if (offset < ifmsh->ie_len) {
364	len = ifmsh->ie_len - offset;
365	data = ifmsh->ie + offset;
366	if (skb_tailroom(skb) < len)
367	return -ENOMEM;
368	skb_put_data(skb, data, len);
369	}
370
371	return `0`;
372	}
373
374	int mesh_add_rsn_ie(struct ieee80211_sub_if_data sdata, struct* sk_buff *skb)
375	{
376	struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
377	u8 len = `0`;
378	const u8 *data;
379
380	if (!ifmsh->ie \|\| !ifmsh->ie_len)
381	return `0`;
382
383	/ find RSN IE /
384	data = cfg80211_find_ie(eid: WLAN_EID_RSN, ies: ifmsh->ie, len: ifmsh->ie_len);
385	if (!data)
386	return `0`;
387
388	len = data[`1`] + `2`;
389
390	if (skb_tailroom(skb) < len)
391	return -ENOMEM;
392	skb_put_data(skb, data, len);
393
394	return `0`;
395	}
396
397	static int mesh_add_ds_params_ie(struct ieee80211_sub_if_data *sdata,
398	struct sk_buff *skb)
399	{
400	struct ieee80211_chanctx_conf *chanctx_conf;
401	struct ieee80211_channel *chan;
402	u8 *pos;
403
404	if (skb_tailroom(skb) < `3`)
405	return -ENOMEM;
406
407	rcu_read_lock();
408	chanctx_conf = rcu_dereference(sdata->vif.bss_conf.chanctx_conf);
409	if (WARN_ON(!chanctx_conf)) {
410	rcu_read_unlock();
411	return -EINVAL;
412	}
413	chan = chanctx_conf->def.chan;
414	rcu_read_unlock();
415
416	pos = skb_put(skb, len: `2` + `1`);
417	*pos++ = WLAN_EID_DS_PARAMS;
418	*pos++ = `1`;
419	*pos++ = ieee80211_frequency_to_channel(freq: chan->center_freq);
420
421	return `0`;
422	}
423
424	int mesh_add_ht_cap_ie(struct ieee80211_sub_if_data *sdata,
425	struct sk_buff *skb)
426	{
427	struct ieee80211_supported_band *sband;
428	u8 *pos;
429
430	sband = ieee80211_get_sband(sdata);
431	if (!sband)
432	return -EINVAL;
433
434	/ HT not allowed in 6 GHz /
435	if (sband->band == NL80211_BAND_6GHZ)
436	return `0`;
437
438	if (!sband->ht_cap.ht_supported \|\|
439	sdata->vif.bss_conf.chanreq.oper.width == NL80211_CHAN_WIDTH_20_NOHT \|\|
440	sdata->vif.bss_conf.chanreq.oper.width == NL80211_CHAN_WIDTH_5 \|\|
441	sdata->vif.bss_conf.chanreq.oper.width == NL80211_CHAN_WIDTH_10)
442	return `0`;
443
444	if (skb_tailroom(skb) < `2` + sizeof(struct ieee80211_ht_cap))
445	return -ENOMEM;
446
447	pos = skb_put(skb, len: `2` + sizeof(struct ieee80211_ht_cap));
448	ieee80211_ie_build_ht_cap(pos, ht_cap: &sband->ht_cap, cap: sband->ht_cap.cap);
449
450	return `0`;
451	}
452
453	int mesh_add_ht_oper_ie(struct ieee80211_sub_if_data *sdata,
454	struct sk_buff *skb)
455	{
456	struct ieee80211_local *local = sdata->local;
457	struct ieee80211_chanctx_conf *chanctx_conf;
458	struct ieee80211_channel *channel;
459	struct ieee80211_supported_band *sband;
460	struct ieee80211_sta_ht_cap *ht_cap;
461	u8 *pos;
462
463	rcu_read_lock();
464	chanctx_conf = rcu_dereference(sdata->vif.bss_conf.chanctx_conf);
465	if (WARN_ON(!chanctx_conf)) {
466	rcu_read_unlock();
467	return -EINVAL;
468	}
469	channel = chanctx_conf->def.chan;
470	rcu_read_unlock();
471
472	sband = local->hw.wiphy->bands[channel->band];
473	ht_cap = &sband->ht_cap;
474
475	/ HT not allowed in 6 GHz /
476	if (sband->band == NL80211_BAND_6GHZ)
477	return `0`;
478
479	if (!ht_cap->ht_supported \|\|
480	sdata->vif.bss_conf.chanreq.oper.width == NL80211_CHAN_WIDTH_20_NOHT \|\|
481	sdata->vif.bss_conf.chanreq.oper.width == NL80211_CHAN_WIDTH_5 \|\|
482	sdata->vif.bss_conf.chanreq.oper.width == NL80211_CHAN_WIDTH_10)
483	return `0`;
484
485	if (skb_tailroom(skb) < `2` + sizeof(struct ieee80211_ht_operation))
486	return -ENOMEM;
487
488	pos = skb_put(skb, len: `2` + sizeof(struct ieee80211_ht_operation));
489	ieee80211_ie_build_ht_oper(pos, ht_cap, chandef: &sdata->vif.bss_conf.chanreq.oper,
490	prot_mode: sdata->vif.bss_conf.ht_operation_mode,
491	rifs_mode: false);
492
493	return `0`;
494	}
495
496	int mesh_add_vht_cap_ie(struct ieee80211_sub_if_data *sdata,
497	struct sk_buff *skb)
498	{
499	struct ieee80211_supported_band *sband;
500	u8 *pos;
501
502	sband = ieee80211_get_sband(sdata);
503	if (!sband)
504	return -EINVAL;
505
506	/ VHT not allowed in 6 GHz /
507	if (sband->band == NL80211_BAND_6GHZ)
508	return `0`;
509
510	if (!sband->vht_cap.vht_supported \|\|
511	sdata->vif.bss_conf.chanreq.oper.width == NL80211_CHAN_WIDTH_20_NOHT \|\|
512	sdata->vif.bss_conf.chanreq.oper.width == NL80211_CHAN_WIDTH_5 \|\|
513	sdata->vif.bss_conf.chanreq.oper.width == NL80211_CHAN_WIDTH_10)
514	return `0`;
515
516	if (skb_tailroom(skb) < `2` + sizeof(struct ieee80211_vht_cap))
517	return -ENOMEM;
518
519	pos = skb_put(skb, len: `2` + sizeof(struct ieee80211_vht_cap));
520	ieee80211_ie_build_vht_cap(pos, vht_cap: &sband->vht_cap, cap: sband->vht_cap.cap);
521
522	return `0`;
523	}
524
525	int mesh_add_vht_oper_ie(struct ieee80211_sub_if_data *sdata,
526	struct sk_buff *skb)
527	{
528	struct ieee80211_local *local = sdata->local;
529	struct ieee80211_chanctx_conf *chanctx_conf;
530	struct ieee80211_channel *channel;
531	struct ieee80211_supported_band *sband;
532	struct ieee80211_sta_vht_cap *vht_cap;
533	u8 *pos;
534
535	rcu_read_lock();
536	chanctx_conf = rcu_dereference(sdata->vif.bss_conf.chanctx_conf);
537	if (WARN_ON(!chanctx_conf)) {
538	rcu_read_unlock();
539	return -EINVAL;
540	}
541	channel = chanctx_conf->def.chan;
542	rcu_read_unlock();
543
544	sband = local->hw.wiphy->bands[channel->band];
545	vht_cap = &sband->vht_cap;
546
547	/ VHT not allowed in 6 GHz /
548	if (sband->band == NL80211_BAND_6GHZ)
549	return `0`;
550
551	if (!vht_cap->vht_supported \|\|
552	sdata->vif.bss_conf.chanreq.oper.width == NL80211_CHAN_WIDTH_20_NOHT \|\|
553	sdata->vif.bss_conf.chanreq.oper.width == NL80211_CHAN_WIDTH_5 \|\|
554	sdata->vif.bss_conf.chanreq.oper.width == NL80211_CHAN_WIDTH_10)
555	return `0`;
556
557	if (skb_tailroom(skb) < `2` + sizeof(struct ieee80211_vht_operation))
558	return -ENOMEM;
559
560	pos = skb_put(skb, len: `2` + sizeof(struct ieee80211_vht_operation));
561	ieee80211_ie_build_vht_oper(pos, vht_cap,
562	chandef: &sdata->vif.bss_conf.chanreq.oper);
563
564	return `0`;
565	}
566
567	int mesh_add_he_cap_ie(struct ieee80211_sub_if_data *sdata,
568	struct sk_buff *skb, u8 ie_len)
569	{
570	struct ieee80211_supported_band *sband;
571
572	sband = ieee80211_get_sband(sdata);
573	if (!sband)
574	return -EINVAL;
575
576	if (sdata->vif.bss_conf.chanreq.oper.width == NL80211_CHAN_WIDTH_20_NOHT \|\|
577	sdata->vif.bss_conf.chanreq.oper.width == NL80211_CHAN_WIDTH_5 \|\|
578	sdata->vif.bss_conf.chanreq.oper.width == NL80211_CHAN_WIDTH_10)
579	return `0`;
580
581	return ieee80211_put_he_cap(skb, sdata, sband, NULL);
582	}
583
584	int mesh_add_he_oper_ie(struct ieee80211_sub_if_data *sdata,
585	struct sk_buff *skb)
586	{
587	const struct ieee80211_sta_he_cap *he_cap;
588	struct ieee80211_supported_band *sband;
589	u32 len;
590	u8 *pos;
591
592	sband = ieee80211_get_sband(sdata);
593	if (!sband)
594	return -EINVAL;
595
596	he_cap = ieee80211_get_he_iftype_cap(sband, iftype: NL80211_IFTYPE_MESH_POINT);
597	if (!he_cap \|\|
598	sdata->vif.bss_conf.chanreq.oper.width == NL80211_CHAN_WIDTH_20_NOHT \|\|
599	sdata->vif.bss_conf.chanreq.oper.width == NL80211_CHAN_WIDTH_5 \|\|
600	sdata->vif.bss_conf.chanreq.oper.width == NL80211_CHAN_WIDTH_10)
601	return `0`;
602
603	len = `2` + `1` + sizeof(struct ieee80211_he_operation);
604	if (sdata->vif.bss_conf.chanreq.oper.chan->band == NL80211_BAND_6GHZ)
605	len += sizeof(struct ieee80211_he_6ghz_oper);
606
607	if (skb_tailroom(skb) < len)
608	return -ENOMEM;
609
610	pos = skb_put(skb, len);
611	ieee80211_ie_build_he_oper(pos, chandef: &sdata->vif.bss_conf.chanreq.oper);
612
613	return `0`;
614	}
615
616	int mesh_add_he_6ghz_cap_ie(struct ieee80211_sub_if_data *sdata,
617	struct sk_buff *skb)
618	{
619	struct ieee80211_supported_band *sband;
620	const struct ieee80211_sband_iftype_data *iftd;
621
622	sband = ieee80211_get_sband(sdata);
623	if (!sband)
624	return -EINVAL;
625
626	iftd = ieee80211_get_sband_iftype_data(sband,
627	iftype: NL80211_IFTYPE_MESH_POINT);
628	/ The device doesn't support HE in mesh mode or at all /
629	if (!iftd)
630	return `0`;
631
632	ieee80211_put_he_6ghz_cap(skb, sdata, smps_mode: sdata->deflink.smps_mode);
633	return `0`;
634	}
635
636	int mesh_add_eht_cap_ie(struct ieee80211_sub_if_data *sdata,
637	struct sk_buff *skb, u8 ie_len)
638	{
639	struct ieee80211_supported_band *sband;
640
641	sband = ieee80211_get_sband(sdata);
642	if (!sband)
643	return -EINVAL;
644
645	if (sdata->vif.bss_conf.chanreq.oper.width == NL80211_CHAN_WIDTH_20_NOHT \|\|
646	sdata->vif.bss_conf.chanreq.oper.width == NL80211_CHAN_WIDTH_5 \|\|
647	sdata->vif.bss_conf.chanreq.oper.width == NL80211_CHAN_WIDTH_10)
648	return `0`;
649
650	return ieee80211_put_eht_cap(skb, sdata, sband, NULL);
651	}
652
653	int mesh_add_eht_oper_ie(struct ieee80211_sub_if_data sdata, struct* sk_buff *skb)
654	{
655	const struct ieee80211_sta_eht_cap *eht_cap;
656	struct ieee80211_supported_band *sband;
657	u32 len;
658	u8 *pos;
659
660	sband = ieee80211_get_sband(sdata);
661	if (!sband)
662	return -EINVAL;
663
664	eht_cap = ieee80211_get_eht_iftype_cap(sband, iftype: NL80211_IFTYPE_MESH_POINT);
665	if (!eht_cap \|\|
666	sdata->vif.bss_conf.chanreq.oper.width == NL80211_CHAN_WIDTH_20_NOHT \|\|
667	sdata->vif.bss_conf.chanreq.oper.width == NL80211_CHAN_WIDTH_5 \|\|
668	sdata->vif.bss_conf.chanreq.oper.width == NL80211_CHAN_WIDTH_10)
669	return `0`;
670
671	len = `2` + `1` + offsetof(struct ieee80211_eht_operation, optional) +
672	offsetof(struct ieee80211_eht_operation_info, optional);
673
674	if (skb_tailroom(skb) < len)
675	return -ENOMEM;
676
677	pos = skb_put(skb, len);
678	ieee80211_ie_build_eht_oper(pos, chandef: &sdata->vif.bss_conf.chanreq.oper, eht_cap);
679
680	return `0`;
681	}
682
683	static void ieee80211_mesh_path_timer(struct timer_list *t)
684	{
685	struct ieee80211_sub_if_data *sdata =
686	from_timer(sdata, t, u.mesh.mesh_path_timer);
687
688	wiphy_work_queue(wiphy: sdata->local->hw.wiphy, work: &sdata->work);
689	}
690
691	static void ieee80211_mesh_path_root_timer(struct timer_list *t)
692	{
693	struct ieee80211_sub_if_data *sdata =
694	from_timer(sdata, t, u.mesh.mesh_path_root_timer);
695	struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
696
697	set_bit(nr: MESH_WORK_ROOT, addr: &ifmsh->wrkq_flags);
698
699	wiphy_work_queue(wiphy: sdata->local->hw.wiphy, work: &sdata->work);
700	}
701
702	void ieee80211_mesh_root_setup(struct ieee80211_if_mesh *ifmsh)
703	{
704	if (ifmsh->mshcfg.dot11MeshHWMPRootMode > IEEE80211_ROOTMODE_ROOT)
705	set_bit(nr: MESH_WORK_ROOT, addr: &ifmsh->wrkq_flags);
706	else {
707	clear_bit(nr: MESH_WORK_ROOT, addr: &ifmsh->wrkq_flags);
708	/ stop running timer /
709	del_timer_sync(timer: &ifmsh->mesh_path_root_timer);
710	}
711	}
712
713	static void
714	ieee80211_mesh_update_bss_params(struct ieee80211_sub_if_data *sdata,
715	u8 *ie, u8 ie_len)
716	{
717	struct ieee80211_supported_band *sband;
718	const struct element *cap;
719	const struct ieee80211_he_operation *he_oper = NULL;
720
721	sband = ieee80211_get_sband(sdata);
722	if (!sband)
723	return;
724
725	if (!ieee80211_get_he_iftype_cap(sband, iftype: NL80211_IFTYPE_MESH_POINT) \|\|
726	sdata->vif.bss_conf.chanreq.oper.width == NL80211_CHAN_WIDTH_20_NOHT \|\|
727	sdata->vif.bss_conf.chanreq.oper.width == NL80211_CHAN_WIDTH_5 \|\|
728	sdata->vif.bss_conf.chanreq.oper.width == NL80211_CHAN_WIDTH_10)
729	return;
730
731	sdata->vif.bss_conf.he_support = true;
732
733	cap = cfg80211_find_ext_elem(ext_eid: WLAN_EID_EXT_HE_OPERATION, ies: ie, len: ie_len);
734	if (cap && cap->datalen >= `1` + sizeof(*he_oper) &&
735	cap->datalen >= `1` + ieee80211_he_oper_size(he_oper_ie: cap->data + `1`))
736	he_oper = (void *)(cap->data + `1`);
737
738	if (he_oper)
739	sdata->vif.bss_conf.he_oper.params =
740	__le32_to_cpu(he_oper->he_oper_params);
741
742	sdata->vif.bss_conf.eht_support =
743	!!ieee80211_get_eht_iftype_cap(sband, iftype: NL80211_IFTYPE_MESH_POINT);
744	}
745
746	bool ieee80211_mesh_xmit_fast(struct ieee80211_sub_if_data *sdata,
747	struct sk_buff *skb, u32 ctrl_flags)
748	{
749	struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
750	struct ieee80211_mesh_fast_tx *entry;
751	struct ieee80211s_hdr *meshhdr;
752	u8 sa[ETH_ALEN] __aligned(`2`);
753	struct tid_ampdu_tx *tid_tx;
754	struct sta_info *sta;
755	bool copy_sa = false;
756	u16 ethertype;
757	u8 tid;
758
759	if (ctrl_flags & IEEE80211_TX_CTRL_SKIP_MPATH_LOOKUP)
760	return false;
761
762	if (ifmsh->mshcfg.dot11MeshNolearn)
763	return false;
764
765	/ Add support for these cases later /
766	if (ifmsh->ps_peers_light_sleep \|\| ifmsh->ps_peers_deep_sleep)
767	return false;
768
769	if (is_multicast_ether_addr(addr: skb->data))
770	return false;
771
772	ethertype = (skb->data[`12`] << `8`) \| skb->data[`13`];
773	if (ethertype < ETH_P_802_3_MIN)
774	return false;
775
776	if (skb->sk && skb_shinfo(skb)->tx_flags & SKBTX_WIFI_STATUS)
777	return false;
778
779	if (skb->ip_summed == CHECKSUM_PARTIAL) {
780	skb_set_transport_header(skb, offset: skb_checksum_start_offset(skb));
781	if (skb_checksum_help(skb))
782	return false;
783	}
784
785	entry = mesh_fast_tx_get(sdata, addr: skb->data);
786	if (!entry)
787	return false;
788
789	if (skb_headroom(skb) < entry->hdrlen + entry->fast_tx.hdr_len)
790	return false;
791
792	sta = rcu_dereference(entry->mpath->next_hop);
793	if (!sta)
794	return false;
795
796	tid = skb->priority & IEEE80211_QOS_CTL_TAG1D_MASK;
797	tid_tx = rcu_dereference(sta->ampdu_mlme.tid_tx[tid]);
798	if (tid_tx) {
799	if (!test_bit(HT_AGG_STATE_OPERATIONAL, &tid_tx->state))
800	return false;
801	if (tid_tx->timeout)
802	tid_tx->last_tx = jiffies;
803	}
804
805	skb = skb_share_check(skb, GFP_ATOMIC);
806	if (!skb)
807	return true;
808
809	skb_set_queue_mapping(skb, queue_mapping: ieee80211_select_queue(sdata, sta, skb));
810
811	meshhdr = (struct ieee80211s_hdr *)entry->hdr;
812	if ((meshhdr->flags & MESH_FLAGS_AE) == MESH_FLAGS_AE_A5_A6) {
813	/ preserve SA from eth header for 6-addr frames /
814	ether_addr_copy(dst: sa, src: skb->data + ETH_ALEN);
815	copy_sa = true;
816	}
817
818	memcpy(skb_push(skb, entry->hdrlen - `2` * ETH_ALEN), entry->hdr,
819	entry->hdrlen);
820
821	meshhdr = (struct ieee80211s_hdr *)skb->data;
822	put_unaligned_le32(val: atomic_inc_return(v: &sdata->u.mesh.mesh_seqnum),
823	p: &meshhdr->seqnum);
824	meshhdr->ttl = sdata->u.mesh.mshcfg.dot11MeshTTL;
825	if (copy_sa)
826	ether_addr_copy(dst: meshhdr->eaddr2, src: sa);
827
828	skb_push(skb, len: `2` * ETH_ALEN);
829	__ieee80211_xmit_fast(sdata, sta, fast_tx: &entry->fast_tx, skb, ampdu: tid_tx,
830	da: entry->mpath->dst, sa: sdata->vif.addr);
831
832	return true;
833	}
834
835	/**
836	* ieee80211_fill_mesh_addresses - fill addresses of a locally originated mesh frame
837	* @hdr: 802.11 frame header
838	* @fc: frame control field
839	* @meshda: destination address in the mesh
840	* @meshsa: source address in the mesh. Same as TA, as frame is
841	* locally originated.
842	*
843	* Returns: the length of the 802.11 frame header (excludes mesh control header)
844	*/
845	int ieee80211_fill_mesh_addresses(struct ieee80211_hdr hdr, __le16 fc,
846	const u8 meshda, const* u8 *meshsa)
847	{
848	if (is_multicast_ether_addr(addr: meshda)) {
849	*fc \|= cpu_to_le16(IEEE80211_FCTL_FROMDS);
850	/ DA TA SA /
851	memcpy(hdr->addr1, meshda, ETH_ALEN);
852	memcpy(hdr->addr2, meshsa, ETH_ALEN);
853	memcpy(hdr->addr3, meshsa, ETH_ALEN);
854	return `24`;
855	} else {
856	*fc \|= cpu_to_le16(IEEE80211_FCTL_FROMDS \| IEEE80211_FCTL_TODS);
857	/ RA TA DA SA /
858	eth_zero_addr(addr: hdr->addr1); / RA is resolved later /
859	memcpy(hdr->addr2, meshsa, ETH_ALEN);
860	memcpy(hdr->addr3, meshda, ETH_ALEN);
861	memcpy(hdr->addr4, meshsa, ETH_ALEN);
862	return `30`;
863	}
864	}
865
866	/**
867	* ieee80211_new_mesh_header - create a new mesh header
868	* @sdata: mesh interface to be used
869	* @meshhdr: uninitialized mesh header
870	* @addr4or5: 1st address in the ae header, which may correspond to address 4
871	* (if addr6 is NULL) or address 5 (if addr6 is present). It may
872	* be NULL.
873	* @addr6: 2nd address in the ae header, which corresponds to addr6 of the
874	* mesh frame
875	*
876	* Returns: the header length
877	*/
878	unsigned int ieee80211_new_mesh_header(struct ieee80211_sub_if_data *sdata,
879	struct ieee80211s_hdr *meshhdr,
880	const char addr4or5, const* char *addr6)
881	{
882	if (WARN_ON(!addr4or5 && addr6))
883	return `0`;
884
885	memset(meshhdr, `0`, sizeof(*meshhdr));
886
887	meshhdr->ttl = sdata->u.mesh.mshcfg.dot11MeshTTL;
888
889	put_unaligned_le32(val: atomic_inc_return(v: &sdata->u.mesh.mesh_seqnum),
890	p: &meshhdr->seqnum);
891	if (addr4or5 && !addr6) {
892	meshhdr->flags \|= MESH_FLAGS_AE_A4;
893	memcpy(meshhdr->eaddr1, addr4or5, ETH_ALEN);
894	return `2` * ETH_ALEN;
895	} else if (addr4or5 && addr6) {
896	meshhdr->flags \|= MESH_FLAGS_AE_A5_A6;
897	memcpy(meshhdr->eaddr1, addr4or5, ETH_ALEN);
898	memcpy(meshhdr->eaddr2, addr6, ETH_ALEN);
899	return `3` * ETH_ALEN;
900	}
901
902	return ETH_ALEN;
903	}
904
905	static void ieee80211_mesh_housekeeping(struct ieee80211_sub_if_data *sdata)
906	{
907	struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
908	u64 changed;
909
910	if (ifmsh->mshcfg.plink_timeout > `0`)
911	ieee80211_sta_expire(sdata, exp_time: ifmsh->mshcfg.plink_timeout * HZ);
912	mesh_path_expire(sdata);
913
914	changed = mesh_accept_plinks_update(sdata);
915	ieee80211_mbss_info_change_notify(sdata, changed);
916
917	mesh_fast_tx_gc(sdata);
918
919	mod_timer(timer: &ifmsh->housekeeping_timer,
920	expires: round_jiffies(j: jiffies +
921	IEEE80211_MESH_HOUSEKEEPING_INTERVAL));
922	}
923
924	static void ieee80211_mesh_rootpath(struct ieee80211_sub_if_data *sdata)
925	{
926	struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
927	u32 interval;
928
929	mesh_path_tx_root_frame(sdata);
930
931	if (ifmsh->mshcfg.dot11MeshHWMPRootMode == IEEE80211_PROACTIVE_RANN)
932	interval = ifmsh->mshcfg.dot11MeshHWMPRannInterval;
933	else
934	interval = ifmsh->mshcfg.dot11MeshHWMProotInterval;
935
936	mod_timer(timer: &ifmsh->mesh_path_root_timer,
937	expires: round_jiffies(TU_TO_EXP_TIME(interval)));
938	}
939
940	static int
941	ieee80211_mesh_build_beacon(struct ieee80211_if_mesh *ifmsh)
942	{
943	struct beacon_data *bcn;
944	int head_len, tail_len;
945	struct sk_buff *skb;
946	struct ieee80211_mgmt *mgmt;
947	struct mesh_csa_settings *csa;
948	const struct ieee80211_supported_band *sband;
949	u8 ie_len_he_cap, ie_len_eht_cap;
950	u8 *pos;
951	struct ieee80211_sub_if_data *sdata;
952	int hdr_len = offsetofend(struct ieee80211_mgmt, u.beacon);
953	u32 rate_flags;
954
955	sdata = container_of(ifmsh, struct ieee80211_sub_if_data, u.mesh);
956
957	sband = ieee80211_get_sband(sdata);
958	rate_flags =
959	ieee80211_chandef_rate_flags(chandef: &sdata->vif.bss_conf.chanreq.oper);
960
961	ie_len_he_cap = ieee80211_ie_len_he_cap(sdata);
962	ie_len_eht_cap = ieee80211_ie_len_eht_cap(sdata);
963	head_len = hdr_len +
964	`2` + / NULL SSID /
965	/ Channel Switch Announcement /
966	`2` + sizeof(struct ieee80211_channel_sw_ie) +
967	/ Mesh Channel Switch Parameters /
968	`2` + sizeof(struct ieee80211_mesh_chansw_params_ie) +
969	/ Channel Switch Wrapper + Wide Bandwidth CSA IE /
970	`2` + `2` + sizeof(struct ieee80211_wide_bw_chansw_ie) +
971	`2` + sizeof(struct ieee80211_sec_chan_offs_ie) +
972	`2` + `8` + / supported rates /
973	`2` + `3`; / DS params /
974	tail_len = `2` + (IEEE80211_MAX_SUPP_RATES - `8`) +
975	`2` + sizeof(struct ieee80211_ht_cap) +
976	`2` + sizeof(struct ieee80211_ht_operation) +
977	`2` + ifmsh->mesh_id_len +
978	`2` + sizeof(struct ieee80211_meshconf_ie) +
979	`2` + sizeof(__le16) + / awake window /
980	`2` + sizeof(struct ieee80211_vht_cap) +
981	`2` + sizeof(struct ieee80211_vht_operation) +
982	ie_len_he_cap +
983	`2` + `1` + sizeof(struct ieee80211_he_operation) +
984	sizeof(struct ieee80211_he_6ghz_oper) +
985	`2` + `1` + sizeof(struct ieee80211_he_6ghz_capa) +
986	ie_len_eht_cap +
987	`2` + `1` + offsetof(struct ieee80211_eht_operation, optional) +
988	offsetof(struct ieee80211_eht_operation_info, optional) +
989	ifmsh->ie_len;
990
991	bcn = kzalloc(size: sizeof(*bcn) + head_len + tail_len, GFP_KERNEL);
992	/ need an skb for IE builders to operate on /
993	skb = __dev_alloc_skb(max(head_len, tail_len), GFP_KERNEL);
994
995	if (!bcn \|\| !skb)
996	goto out_free;
997
998	/*
999	* pointers go into the block we allocated,
1000	* memory is \| beacon_data \| head \| tail \|
1001	*/
1002	bcn->head = ((u8 ) bcn) + sizeof(bcn);
1003
1004	/ fill in the head /
1005	mgmt = skb_put_zero(skb, len: hdr_len);
1006	mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT \|
1007	IEEE80211_STYPE_BEACON);
1008	eth_broadcast_addr(addr: mgmt->da);
1009	memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
1010	memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN);
1011	ieee80211_mps_set_frame_flags(sdata, NULL, hdr: (void *) mgmt);
1012	mgmt->u.beacon.beacon_int =
1013	cpu_to_le16(sdata->vif.bss_conf.beacon_int);
1014	mgmt->u.beacon.capab_info \|= cpu_to_le16(
1015	sdata->u.mesh.security ? WLAN_CAPABILITY_PRIVACY : `0`);
1016
1017	pos = skb_put(skb, len: `2`);
1018	*pos++ = WLAN_EID_SSID;
1019	*pos++ = `0x0`;
1020
1021	rcu_read_lock();
1022	csa = rcu_dereference(ifmsh->csa);
1023	if (csa) {
1024	enum nl80211_channel_type ct;
1025	struct cfg80211_chan_def *chandef;
1026	int ie_len = `2` + sizeof(struct ieee80211_channel_sw_ie) +
1027	`2` + sizeof(struct ieee80211_mesh_chansw_params_ie);
1028
1029	pos = skb_put_zero(skb, len: ie_len);
1030	*pos++ = WLAN_EID_CHANNEL_SWITCH;
1031	*pos++ = `3`;
1032	*pos++ = `0x0`;
1033	*pos++ = ieee80211_frequency_to_channel(
1034	freq: csa->settings.chandef.chan->center_freq);
1035	bcn->cntdwn_current_counter = csa->settings.count;
1036	bcn->cntdwn_counter_offsets[`0`] = hdr_len + `6`;
1037	*pos++ = csa->settings.count;
1038	*pos++ = WLAN_EID_CHAN_SWITCH_PARAM;
1039	*pos++ = `6`;
1040	if (ifmsh->csa_role == IEEE80211_MESH_CSA_ROLE_INIT) {
1041	*pos++ = ifmsh->mshcfg.dot11MeshTTL;
1042	*pos \|= WLAN_EID_CHAN_SWITCH_PARAM_INITIATOR;
1043	} else {
1044	*pos++ = ifmsh->chsw_ttl;
1045	}
1046	*pos++ \|= csa->settings.block_tx ?
1047	WLAN_EID_CHAN_SWITCH_PARAM_TX_RESTRICT : `0x00`;
1048	put_unaligned_le16(val: WLAN_REASON_MESH_CHAN, p: pos);
1049	pos += `2`;
1050	put_unaligned_le16(val: ifmsh->pre_value, p: pos);
1051	pos += `2`;
1052
1053	switch (csa->settings.chandef.width) {
1054	case NL80211_CHAN_WIDTH_40:
1055	ie_len = `2` + sizeof(struct ieee80211_sec_chan_offs_ie);
1056	pos = skb_put_zero(skb, len: ie_len);
1057
1058	pos++ = WLAN_EID_SECONDARY_CHANNEL_OFFSET; /* EID /
1059	pos++ = `1`; /* len /
1060	ct = cfg80211_get_chandef_type(chandef: &csa->settings.chandef);
1061	if (ct == NL80211_CHAN_HT40PLUS)
1062	*pos++ = IEEE80211_HT_PARAM_CHA_SEC_ABOVE;
1063	else
1064	*pos++ = IEEE80211_HT_PARAM_CHA_SEC_BELOW;
1065	break;
1066	case NL80211_CHAN_WIDTH_80:
1067	case NL80211_CHAN_WIDTH_80P80:
1068	case NL80211_CHAN_WIDTH_160:
1069	/ Channel Switch Wrapper + Wide Bandwidth CSA IE /
1070	ie_len = `2` + `2` +
1071	sizeof(struct ieee80211_wide_bw_chansw_ie);
1072	pos = skb_put_zero(skb, len: ie_len);
1073
1074	pos++ = WLAN_EID_CHANNEL_SWITCH_WRAPPER; /* EID /
1075	pos++ = `5`; /* len /
1076	/ put sub IE /
1077	chandef = &csa->settings.chandef;
1078	ieee80211_ie_build_wide_bw_cs(pos, chandef);
1079	break;
1080	default:
1081	break;
1082	}
1083	}
1084	rcu_read_unlock();
1085
1086	if (ieee80211_put_srates_elem(skb, sband,
1087	basic_rates: sdata->vif.bss_conf.basic_rates,
1088	rate_flags, masked_rates: `0`, element_id: WLAN_EID_SUPP_RATES) \|\|
1089	mesh_add_ds_params_ie(sdata, skb))
1090	goto out_free;
1091
1092	bcn->head_len = skb->len;
1093	memcpy(bcn->head, skb->data, bcn->head_len);
1094
1095	/ now the tail /
1096	skb_trim(skb, len: `0`);
1097	bcn->tail = bcn->head + bcn->head_len;
1098
1099	if (ieee80211_put_srates_elem(skb, sband,
1100	basic_rates: sdata->vif.bss_conf.basic_rates,
1101	rate_flags, masked_rates: `0`, element_id: WLAN_EID_EXT_SUPP_RATES) \|\|
1102	mesh_add_rsn_ie(sdata, skb) \|\|
1103	mesh_add_ht_cap_ie(sdata, skb) \|\|
1104	mesh_add_ht_oper_ie(sdata, skb) \|\|
1105	mesh_add_meshid_ie(sdata, skb) \|\|
1106	mesh_add_meshconf_ie(sdata, skb) \|\|
1107	mesh_add_awake_window_ie(sdata, skb) \|\|
1108	mesh_add_vht_cap_ie(sdata, skb) \|\|
1109	mesh_add_vht_oper_ie(sdata, skb) \|\|
1110	mesh_add_he_cap_ie(sdata, skb, ie_len: ie_len_he_cap) \|\|
1111	mesh_add_he_oper_ie(sdata, skb) \|\|
1112	mesh_add_he_6ghz_cap_ie(sdata, skb) \|\|
1113	mesh_add_eht_cap_ie(sdata, skb, ie_len: ie_len_eht_cap) \|\|
1114	mesh_add_eht_oper_ie(sdata, skb) \|\|
1115	mesh_add_vendor_ies(sdata, skb))
1116	goto out_free;
1117
1118	bcn->tail_len = skb->len;
1119	memcpy(bcn->tail, skb->data, bcn->tail_len);
1120	ieee80211_mesh_update_bss_params(sdata, ie: bcn->tail, ie_len: bcn->tail_len);
1121	bcn->meshconf = (struct ieee80211_meshconf_ie *)
1122	(bcn->tail + ifmsh->meshconf_offset);
1123
1124	dev_kfree_skb(skb);
1125	rcu_assign_pointer(ifmsh->beacon, bcn);
1126	return `0`;
1127	out_free:
1128	kfree(objp: bcn);
1129	dev_kfree_skb(skb);
1130	return -ENOMEM;
1131	}
1132
1133	static int
1134	ieee80211_mesh_rebuild_beacon(struct ieee80211_sub_if_data *sdata)
1135	{
1136	struct beacon_data *old_bcn;
1137	int ret;
1138
1139	old_bcn = sdata_dereference(sdata->u.mesh.beacon, sdata);
1140	ret = ieee80211_mesh_build_beacon(ifmsh: &sdata->u.mesh);
1141	if (ret)
1142	/ just reuse old beacon /
1143	return ret;
1144
1145	if (old_bcn)
1146	kfree_rcu(old_bcn, rcu_head);
1147	return `0`;
1148	}
1149
1150	void ieee80211_mbss_info_change_notify(struct ieee80211_sub_if_data *sdata,
1151	u64 changed)
1152	{
1153	struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
1154	unsigned long bits = changed;
1155	u32 bit;
1156
1157	if (!bits)
1158	return;
1159
1160	/ if we race with running work, worst case this work becomes a noop /
1161	for_each_set_bit(bit, &bits, sizeof(changed) * BITS_PER_BYTE)
1162	set_bit(nr: bit, addr: ifmsh->mbss_changed);
1163	set_bit(nr: MESH_WORK_MBSS_CHANGED, addr: &ifmsh->wrkq_flags);
1164	wiphy_work_queue(wiphy: sdata->local->hw.wiphy, work: &sdata->work);
1165	}
1166
1167	int ieee80211_start_mesh(struct ieee80211_sub_if_data *sdata)
1168	{
1169	struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
1170	struct ieee80211_local *local = sdata->local;
1171	u64 changed = BSS_CHANGED_BEACON \|
1172	BSS_CHANGED_BEACON_ENABLED \|
1173	BSS_CHANGED_HT \|
1174	BSS_CHANGED_BASIC_RATES \|
1175	BSS_CHANGED_BEACON_INT \|
1176	BSS_CHANGED_MCAST_RATE;
1177
1178	local->fif_other_bss++;
1179	/ mesh ifaces must set allmulti to forward mcast traffic /
1180	atomic_inc(v: &local->iff_allmultis);
1181	ieee80211_configure_filter(local);
1182
1183	ifmsh->mesh_cc_id = `0`; / Disabled /
1184	/ register sync ops from extensible synchronization framework /
1185	ifmsh->sync_ops = ieee80211_mesh_sync_ops_get(method: ifmsh->mesh_sp_id);
1186	ifmsh->sync_offset_clockdrift_max = `0`;
1187	set_bit(nr: MESH_WORK_HOUSEKEEPING, addr: &ifmsh->wrkq_flags);
1188	ieee80211_mesh_root_setup(ifmsh);
1189	wiphy_work_queue(wiphy: local->hw.wiphy, work: &sdata->work);
1190	sdata->vif.bss_conf.ht_operation_mode =
1191	ifmsh->mshcfg.ht_opmode;
1192	sdata->vif.bss_conf.enable_beacon = true;
1193
1194	changed \|= ieee80211_mps_local_status_update(sdata);
1195
1196	if (ieee80211_mesh_build_beacon(ifmsh)) {
1197	ieee80211_stop_mesh(sdata);
1198	return -ENOMEM;
1199	}
1200
1201	ieee80211_recalc_dtim(local, sdata);
1202	ieee80211_link_info_change_notify(sdata, link: &sdata->deflink, changed);
1203
1204	netif_carrier_on(dev: sdata->dev);
1205	return `0`;
1206	}
1207
1208	void ieee80211_stop_mesh(struct ieee80211_sub_if_data *sdata)
1209	{
1210	struct ieee80211_local *local = sdata->local;
1211	struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
1212	struct beacon_data *bcn;
1213
1214	netif_carrier_off(dev: sdata->dev);
1215
1216	/ flush STAs and mpaths on this iface /
1217	sta_info_flush(sdata, link_id: -`1`);
1218	ieee80211_free_keys(sdata, force_synchronize: true);
1219	mesh_path_flush_by_iface(sdata);
1220
1221	/ stop the beacon /
1222	ifmsh->mesh_id_len = `0`;
1223	sdata->vif.bss_conf.enable_beacon = false;
1224	sdata->beacon_rate_set = false;
1225	clear_bit(nr: SDATA_STATE_OFFCHANNEL_BEACON_STOPPED, addr: &sdata->state);
1226	ieee80211_link_info_change_notify(sdata, link: &sdata->deflink,
1227	changed: BSS_CHANGED_BEACON_ENABLED);
1228
1229	/ remove beacon /
1230	bcn = sdata_dereference(ifmsh->beacon, sdata);
1231	RCU_INIT_POINTER(ifmsh->beacon, NULL);
1232	kfree_rcu(bcn, rcu_head);
1233
1234	/ free all potentially still buffered group-addressed frames /
1235	local->total_ps_buffered -= skb_queue_len(list_: &ifmsh->ps.bc_buf);
1236	skb_queue_purge(list: &ifmsh->ps.bc_buf);
1237
1238	del_timer_sync(timer: &sdata->u.mesh.housekeeping_timer);
1239	del_timer_sync(timer: &sdata->u.mesh.mesh_path_root_timer);
1240	del_timer_sync(timer: &sdata->u.mesh.mesh_path_timer);
1241
1242	/ clear any mesh work (for next join) we may have accrued /
1243	ifmsh->wrkq_flags = `0`;
1244	memset(ifmsh->mbss_changed, `0`, sizeof(ifmsh->mbss_changed));
1245
1246	local->fif_other_bss--;
1247	atomic_dec(v: &local->iff_allmultis);
1248	ieee80211_configure_filter(local);
1249	}
1250
1251	static void ieee80211_mesh_csa_mark_radar(struct ieee80211_sub_if_data *sdata)
1252	{
1253	int err;
1254
1255	/ if the current channel is a DFS channel, mark the channel as*
1256	* unavailable.
1257	*/
1258	err = cfg80211_chandef_dfs_required(wiphy: sdata->local->hw.wiphy,
1259	chandef: &sdata->vif.bss_conf.chanreq.oper,
1260	iftype: NL80211_IFTYPE_MESH_POINT);
1261	if (err > `0`)
1262	cfg80211_radar_event(wiphy: sdata->local->hw.wiphy,
1263	chandef: &sdata->vif.bss_conf.chanreq.oper,
1264	GFP_ATOMIC);
1265	}
1266
1267	static bool
1268	ieee80211_mesh_process_chnswitch(struct ieee80211_sub_if_data *sdata,
1269	struct ieee802_11_elems *elems, bool beacon)
1270	{
1271	struct cfg80211_csa_settings params;
1272	struct ieee80211_csa_ie csa_ie;
1273	struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
1274	struct ieee80211_supported_band *sband;
1275	int err;
1276	struct ieee80211_conn_settings conn = ieee80211_conn_settings_unlimited;
1277	u32 vht_cap_info = `0`;
1278
1279	lockdep_assert_wiphy(sdata->local->hw.wiphy);
1280
1281	sband = ieee80211_get_sband(sdata);
1282	if (!sband)
1283	return false;
1284
1285	switch (sdata->vif.bss_conf.chanreq.oper.width) {
1286	case NL80211_CHAN_WIDTH_20_NOHT:
1287	conn.mode = IEEE80211_CONN_MODE_LEGACY;
1288	conn.bw_limit = IEEE80211_CONN_BW_LIMIT_20;
1289	break;
1290	case NL80211_CHAN_WIDTH_20:
1291	conn.mode = IEEE80211_CONN_MODE_HT;
1292	conn.bw_limit = IEEE80211_CONN_BW_LIMIT_20;
1293	break;
1294	case NL80211_CHAN_WIDTH_40:
1295	conn.mode = IEEE80211_CONN_MODE_HT;
1296	conn.bw_limit = IEEE80211_CONN_BW_LIMIT_40;
1297	break;
1298	default:
1299	break;
1300	}
1301
1302	if (elems->vht_cap_elem)
1303	vht_cap_info =
1304	le32_to_cpu(elems->vht_cap_elem->vht_cap_info);
1305
1306	memset(&params, `0`, sizeof(params));
1307	err = ieee80211_parse_ch_switch_ie(sdata, elems, current_band: sband->band,
1308	vht_cap_info, conn: &conn,
1309	bssid: sdata->vif.addr,
1310	csa_ie: &csa_ie);
1311	if (err < `0`)
1312	return false;
1313	if (err)
1314	return false;
1315
1316	/ Mark the channel unavailable if the reason for the switch is*
1317	* regulatory.
1318	*/
1319	if (csa_ie.reason_code == WLAN_REASON_MESH_CHAN_REGULATORY)
1320	ieee80211_mesh_csa_mark_radar(sdata);
1321
1322	params.chandef = csa_ie.chanreq.oper;
1323	params.count = csa_ie.count;
1324
1325	if (!cfg80211_chandef_usable(wiphy: sdata->local->hw.wiphy, chandef: &params.chandef,
1326	prohibited_flags: IEEE80211_CHAN_DISABLED) \|\|
1327	!cfg80211_reg_can_beacon(wiphy: sdata->local->hw.wiphy, chandef: &params.chandef,
1328	iftype: NL80211_IFTYPE_MESH_POINT)) {
1329	sdata_info(sdata,
1330	"mesh STA %pM switches to unsupported channel (%d MHz, width:%d, CF1/2: %d/%d MHz), aborting\n",
1331	sdata->vif.addr,
1332	params.chandef.chan->center_freq,
1333	params.chandef.width,
1334	params.chandef.center_freq1,
1335	params.chandef.center_freq2);
1336	return false;
1337	}
1338
1339	err = cfg80211_chandef_dfs_required(wiphy: sdata->local->hw.wiphy,
1340	chandef: &params.chandef,
1341	iftype: NL80211_IFTYPE_MESH_POINT);
1342	if (err < `0`)
1343	return false;
1344	if (err > `0` && !ifmsh->userspace_handles_dfs) {
1345	sdata_info(sdata,
1346	"mesh STA %pM switches to channel requiring DFS (%d MHz, width:%d, CF1/2: %d/%d MHz), aborting\n",
1347	sdata->vif.addr,
1348	params.chandef.chan->center_freq,
1349	params.chandef.width,
1350	params.chandef.center_freq1,
1351	params.chandef.center_freq2);
1352	return false;
1353	}
1354
1355	params.radar_required = err;
1356
1357	if (cfg80211_chandef_identical(chandef1: &params.chandef,
1358	chandef2: &sdata->vif.bss_conf.chanreq.oper)) {
1359	mcsa_dbg(sdata,
1360	"received csa with an identical chandef, ignoring\n");
1361	return true;
1362	}
1363
1364	mcsa_dbg(sdata,
1365	"received channel switch announcement to go to channel %d MHz\n",
1366	params.chandef.chan->center_freq);
1367
1368	params.block_tx = csa_ie.mode & WLAN_EID_CHAN_SWITCH_PARAM_TX_RESTRICT;
1369	if (beacon) {
1370	ifmsh->chsw_ttl = csa_ie.ttl - `1`;
1371	if (ifmsh->pre_value >= csa_ie.pre_value)
1372	return false;
1373	ifmsh->pre_value = csa_ie.pre_value;
1374	}
1375
1376	if (ifmsh->chsw_ttl >= ifmsh->mshcfg.dot11MeshTTL)
1377	return false;
1378
1379	ifmsh->csa_role = IEEE80211_MESH_CSA_ROLE_REPEATER;
1380
1381	if (ieee80211_channel_switch(wiphy: sdata->local->hw.wiphy, dev: sdata->dev,
1382	params: &params) < `0`)
1383	return false;
1384
1385	return true;
1386	}
1387
1388	static void
1389	ieee80211_mesh_rx_probe_req(struct ieee80211_sub_if_data *sdata,
1390	struct ieee80211_mgmt *mgmt, size_t len)
1391	{
1392	struct ieee80211_local *local = sdata->local;
1393	struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
1394	struct sk_buff *presp;
1395	struct beacon_data *bcn;
1396	struct ieee80211_mgmt *hdr;
1397	struct ieee802_11_elems *elems;
1398	size_t baselen;
1399	u8 *pos;
1400
1401	pos = mgmt->u.probe_req.variable;
1402	baselen = (u8 ) pos - (u8 ) mgmt;
1403	if (baselen > len)
1404	return;
1405
1406	elems = ieee802_11_parse_elems(start: pos, len: len - baselen, action: false, NULL);
1407	if (!elems)
1408	return;
1409
1410	if (!elems->mesh_id)
1411	goto free;
1412
1413	/ 802.11-2012 10.1.4.3.2 /
1414	if ((!ether_addr_equal(addr1: mgmt->da, addr2: sdata->vif.addr) &&
1415	!is_broadcast_ether_addr(addr: mgmt->da)) \|\|
1416	elems->ssid_len != `0`)
1417	goto free;
1418
1419	if (elems->mesh_id_len != `0` &&
1420	(elems->mesh_id_len != ifmsh->mesh_id_len \|\|
1421	memcmp(p: elems->mesh_id, q: ifmsh->mesh_id, size: ifmsh->mesh_id_len)))
1422	goto free;
1423
1424	rcu_read_lock();
1425	bcn = rcu_dereference(ifmsh->beacon);
1426
1427	if (!bcn)
1428	goto out;
1429
1430	presp = dev_alloc_skb(length: local->tx_headroom +
1431	bcn->head_len + bcn->tail_len);
1432	if (!presp)
1433	goto out;
1434
1435	skb_reserve(skb: presp, len: local->tx_headroom);
1436	skb_put_data(skb: presp, data: bcn->head, len: bcn->head_len);
1437	skb_put_data(skb: presp, data: bcn->tail, len: bcn->tail_len);
1438	hdr = (struct ieee80211_mgmt *) presp->data;
1439	hdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT \|
1440	IEEE80211_STYPE_PROBE_RESP);
1441	memcpy(hdr->da, mgmt->sa, ETH_ALEN);
1442	IEEE80211_SKB_CB(skb: presp)->flags \|= IEEE80211_TX_INTFL_DONT_ENCRYPT;
1443	ieee80211_tx_skb(sdata, skb: presp);
1444	out:
1445	rcu_read_unlock();
1446	free:
1447	kfree(objp: elems);
1448	}
1449
1450	static void ieee80211_mesh_rx_bcn_presp(struct ieee80211_sub_if_data *sdata,
1451	u16 stype,
1452	struct ieee80211_mgmt *mgmt,
1453	size_t len,
1454	struct ieee80211_rx_status *rx_status)
1455	{
1456	struct ieee80211_local *local = sdata->local;
1457	struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
1458	struct ieee802_11_elems *elems;
1459	struct ieee80211_channel *channel;
1460	size_t baselen;
1461	int freq;
1462	enum nl80211_band band = rx_status->band;
1463
1464	/ ignore ProbeResp to foreign address /
1465	if (stype == IEEE80211_STYPE_PROBE_RESP &&
1466	!ether_addr_equal(addr1: mgmt->da, addr2: sdata->vif.addr))
1467	return;
1468
1469	baselen = (u8 ) mgmt->u.probe_resp.variable - (u8 ) mgmt;
1470	if (baselen > len)
1471	return;
1472
1473	elems = ieee802_11_parse_elems(start: mgmt->u.probe_resp.variable,
1474	len: len - baselen,
1475	action: false, NULL);
1476	if (!elems)
1477	return;
1478
1479	/ ignore non-mesh or secure / unsecure mismatch /
1480	if ((!elems->mesh_id \|\| !elems->mesh_config) \|\|
1481	(elems->rsn && sdata->u.mesh.security == IEEE80211_MESH_SEC_NONE) \|\|
1482	(!elems->rsn && sdata->u.mesh.security != IEEE80211_MESH_SEC_NONE))
1483	goto free;
1484
1485	if (elems->ds_params)
1486	freq = ieee80211_channel_to_frequency(chan: elems->ds_params[`0`], band);
1487	else
1488	freq = rx_status->freq;
1489
1490	channel = ieee80211_get_channel(wiphy: local->hw.wiphy, freq);
1491
1492	if (!channel \|\| channel->flags & IEEE80211_CHAN_DISABLED)
1493	goto free;
1494
1495	if (mesh_matches_local(sdata, ie: elems)) {
1496	mpl_dbg(sdata, "rssi_threshold=%d,rx_status->signal=%d\n",
1497	sdata->u.mesh.mshcfg.rssi_threshold, rx_status->signal);
1498	if (!sdata->u.mesh.user_mpm \|\|
1499	sdata->u.mesh.mshcfg.rssi_threshold == `0` \|\|
1500	sdata->u.mesh.mshcfg.rssi_threshold < rx_status->signal)
1501	mesh_neighbour_update(sdata, hw_addr: mgmt->sa, ie: elems,
1502	rx_status);
1503
1504	if (ifmsh->csa_role != IEEE80211_MESH_CSA_ROLE_INIT &&
1505	!sdata->vif.bss_conf.csa_active)
1506	ieee80211_mesh_process_chnswitch(sdata, elems, beacon: true);
1507	}
1508
1509	if (ifmsh->sync_ops)
1510	ifmsh->sync_ops->rx_bcn_presp(sdata, stype, mgmt, len,
1511	elems->mesh_config, rx_status);
1512	free:
1513	kfree(objp: elems);
1514	}
1515
1516	int ieee80211_mesh_finish_csa(struct ieee80211_sub_if_data sdata, u64 changed)
1517	{
1518	struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
1519	struct mesh_csa_settings *tmp_csa_settings;
1520	int ret = `0`;
1521
1522	/ Reset the TTL value and Initiator flag /
1523	ifmsh->csa_role = IEEE80211_MESH_CSA_ROLE_NONE;
1524	ifmsh->chsw_ttl = `0`;
1525
1526	/ Remove the CSA and MCSP elements from the beacon /
1527	tmp_csa_settings = sdata_dereference(ifmsh->csa, sdata);
1528	RCU_INIT_POINTER(ifmsh->csa, NULL);
1529	if (tmp_csa_settings)
1530	kfree_rcu(tmp_csa_settings, rcu_head);
1531	ret = ieee80211_mesh_rebuild_beacon(sdata);
1532	if (ret)
1533	return -EINVAL;
1534
1535	*changed \|= BSS_CHANGED_BEACON;
1536
1537	mcsa_dbg(sdata, "complete switching to center freq %d MHz",
1538	sdata->vif.bss_conf.chanreq.oper.chan->center_freq);
1539	return `0`;
1540	}
1541
1542	int ieee80211_mesh_csa_beacon(struct ieee80211_sub_if_data *sdata,
1543	struct cfg80211_csa_settings *csa_settings,
1544	u64 *changed)
1545	{
1546	struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
1547	struct mesh_csa_settings *tmp_csa_settings;
1548	int ret = `0`;
1549
1550	lockdep_assert_wiphy(sdata->local->hw.wiphy);
1551
1552	tmp_csa_settings = kmalloc(size: sizeof(*tmp_csa_settings),
1553	GFP_ATOMIC);
1554	if (!tmp_csa_settings)
1555	return -ENOMEM;
1556
1557	memcpy(&tmp_csa_settings->settings, csa_settings,
1558	sizeof(struct cfg80211_csa_settings));
1559
1560	rcu_assign_pointer(ifmsh->csa, tmp_csa_settings);
1561
1562	ret = ieee80211_mesh_rebuild_beacon(sdata);
1563	if (ret) {
1564	tmp_csa_settings = rcu_dereference(ifmsh->csa);
1565	RCU_INIT_POINTER(ifmsh->csa, NULL);
1566	kfree_rcu(tmp_csa_settings, rcu_head);
1567	return ret;
1568	}
1569
1570	*changed \|= BSS_CHANGED_BEACON;
1571	return `0`;
1572	}
1573
1574	static int mesh_fwd_csa_frame(struct ieee80211_sub_if_data *sdata,
1575	struct ieee80211_mgmt *mgmt, size_t len,
1576	struct ieee802_11_elems *elems)
1577	{
1578	struct ieee80211_mgmt *mgmt_fwd;
1579	struct sk_buff *skb;
1580	struct ieee80211_local *local = sdata->local;
1581
1582	skb = dev_alloc_skb(length: local->tx_headroom + len);
1583	if (!skb)
1584	return -ENOMEM;
1585	skb_reserve(skb, len: local->tx_headroom);
1586	mgmt_fwd = skb_put(skb, len);
1587
1588	elems->mesh_chansw_params_ie->mesh_ttl--;
1589	elems->mesh_chansw_params_ie->mesh_flags &=
1590	~WLAN_EID_CHAN_SWITCH_PARAM_INITIATOR;
1591
1592	memcpy(mgmt_fwd, mgmt, len);
1593	eth_broadcast_addr(addr: mgmt_fwd->da);
1594	memcpy(mgmt_fwd->sa, sdata->vif.addr, ETH_ALEN);
1595	memcpy(mgmt_fwd->bssid, sdata->vif.addr, ETH_ALEN);
1596
1597	ieee80211_tx_skb(sdata, skb);
1598	return `0`;
1599	}
1600
1601	static void mesh_rx_csa_frame(struct ieee80211_sub_if_data *sdata,
1602	struct ieee80211_mgmt *mgmt, size_t len)
1603	{
1604	struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
1605	struct ieee802_11_elems *elems;
1606	u16 pre_value;
1607	bool fwd_csa = true;
1608	size_t baselen;
1609	u8 *pos;
1610
1611	if (mgmt->u.action.u.measurement.action_code !=
1612	WLAN_ACTION_SPCT_CHL_SWITCH)
1613	return;
1614
1615	pos = mgmt->u.action.u.chan_switch.variable;
1616	baselen = offsetof(struct ieee80211_mgmt,
1617	u.action.u.chan_switch.variable);
1618	elems = ieee802_11_parse_elems(start: pos, len: len - baselen, action: true, NULL);
1619	if (!elems)
1620	return;
1621
1622	if (!mesh_matches_local(sdata, ie: elems))
1623	goto free;
1624
1625	ifmsh->chsw_ttl = elems->mesh_chansw_params_ie->mesh_ttl;
1626	if (!--ifmsh->chsw_ttl)
1627	fwd_csa = false;
1628
1629	pre_value = le16_to_cpu(elems->mesh_chansw_params_ie->mesh_pre_value);
1630	if (ifmsh->pre_value >= pre_value)
1631	goto free;
1632
1633	ifmsh->pre_value = pre_value;
1634
1635	if (!sdata->vif.bss_conf.csa_active &&
1636	!ieee80211_mesh_process_chnswitch(sdata, elems, beacon: false)) {
1637	mcsa_dbg(sdata, "Failed to process CSA action frame");
1638	goto free;
1639	}
1640
1641	/ forward or re-broadcast the CSA frame /
1642	if (fwd_csa) {
1643	if (mesh_fwd_csa_frame(sdata, mgmt, len, elems) < `0`)
1644	mcsa_dbg(sdata, "Failed to forward the CSA frame");
1645	}
1646	free:
1647	kfree(objp: elems);
1648	}
1649
1650	static void ieee80211_mesh_rx_mgmt_action(struct ieee80211_sub_if_data *sdata,
1651	struct ieee80211_mgmt *mgmt,
1652	size_t len,
1653	struct ieee80211_rx_status *rx_status)
1654	{
1655	switch (mgmt->u.action.category) {
1656	case WLAN_CATEGORY_SELF_PROTECTED:
1657	switch (mgmt->u.action.u.self_prot.action_code) {
1658	case WLAN_SP_MESH_PEERING_OPEN:
1659	case WLAN_SP_MESH_PEERING_CLOSE:
1660	case WLAN_SP_MESH_PEERING_CONFIRM:
1661	mesh_rx_plink_frame(sdata, mgmt, len, rx_status);
1662	break;
1663	}
1664	break;
1665	case WLAN_CATEGORY_MESH_ACTION:
1666	if (mesh_action_is_path_sel(mgmt))
1667	mesh_rx_path_sel_frame(sdata, mgmt, len);
1668	break;
1669	case WLAN_CATEGORY_SPECTRUM_MGMT:
1670	mesh_rx_csa_frame(sdata, mgmt, len);
1671	break;
1672	}
1673	}
1674
1675	void ieee80211_mesh_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
1676	struct sk_buff *skb)
1677	{
1678	struct ieee80211_rx_status *rx_status;
1679	struct ieee80211_mgmt *mgmt;
1680	u16 stype;
1681
1682	lockdep_assert_wiphy(sdata->local->hw.wiphy);
1683
1684	/ mesh already went down /
1685	if (!sdata->u.mesh.mesh_id_len)
1686	return;
1687
1688	rx_status = IEEE80211_SKB_RXCB(skb);
1689	mgmt = (struct ieee80211_mgmt *) skb->data;
1690	stype = le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE;
1691
1692	switch (stype) {
1693	case IEEE80211_STYPE_PROBE_RESP:
1694	case IEEE80211_STYPE_BEACON:
1695	ieee80211_mesh_rx_bcn_presp(sdata, stype, mgmt, len: skb->len,
1696	rx_status);
1697	break;
1698	case IEEE80211_STYPE_PROBE_REQ:
1699	ieee80211_mesh_rx_probe_req(sdata, mgmt, len: skb->len);
1700	break;
1701	case IEEE80211_STYPE_ACTION:
1702	ieee80211_mesh_rx_mgmt_action(sdata, mgmt, len: skb->len, rx_status);
1703	break;
1704	}
1705	}
1706
1707	static void mesh_bss_info_changed(struct ieee80211_sub_if_data *sdata)
1708	{
1709	struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
1710	u32 bit;
1711	u64 changed = `0`;
1712
1713	for_each_set_bit(bit, ifmsh->mbss_changed,
1714	sizeof(changed) * BITS_PER_BYTE) {
1715	clear_bit(nr: bit, addr: ifmsh->mbss_changed);
1716	changed \|= BIT(bit);
1717	}
1718
1719	if (sdata->vif.bss_conf.enable_beacon &&
1720	(changed & (BSS_CHANGED_BEACON \|
1721	BSS_CHANGED_HT \|
1722	BSS_CHANGED_BASIC_RATES \|
1723	BSS_CHANGED_BEACON_INT)))
1724	if (ieee80211_mesh_rebuild_beacon(sdata))
1725	return;
1726
1727	ieee80211_link_info_change_notify(sdata, link: &sdata->deflink, changed);
1728	}
1729
1730	void ieee80211_mesh_work(struct ieee80211_sub_if_data *sdata)
1731	{
1732	struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
1733
1734	lockdep_assert_wiphy(sdata->local->hw.wiphy);
1735
1736	/ mesh already went down /
1737	if (!sdata->u.mesh.mesh_id_len)
1738	return;
1739
1740	if (ifmsh->preq_queue_len &&
1741	time_after(jiffies,
1742	ifmsh->last_preq + msecs_to_jiffies(ifmsh->mshcfg.dot11MeshHWMPpreqMinInterval)))
1743	mesh_path_start_discovery(sdata);
1744
1745	if (test_and_clear_bit(nr: MESH_WORK_HOUSEKEEPING, addr: &ifmsh->wrkq_flags))
1746	ieee80211_mesh_housekeeping(sdata);
1747
1748	if (test_and_clear_bit(nr: MESH_WORK_ROOT, addr: &ifmsh->wrkq_flags))
1749	ieee80211_mesh_rootpath(sdata);
1750
1751	if (test_and_clear_bit(nr: MESH_WORK_DRIFT_ADJUST, addr: &ifmsh->wrkq_flags))
1752	mesh_sync_adjust_tsf(sdata);
1753
1754	if (test_and_clear_bit(nr: MESH_WORK_MBSS_CHANGED, addr: &ifmsh->wrkq_flags))
1755	mesh_bss_info_changed(sdata);
1756	}
1757
1758
1759	void ieee80211_mesh_init_sdata(struct ieee80211_sub_if_data *sdata)
1760	{
1761	struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
1762	static u8 zero_addr[ETH_ALEN] = {};
1763
1764	timer_setup(&ifmsh->housekeeping_timer,
1765	ieee80211_mesh_housekeeping_timer, `0`);
1766
1767	ifmsh->accepting_plinks = true;
1768	atomic_set(v: &ifmsh->mpaths, i: `0`);
1769	mesh_rmc_init(sdata);
1770	ifmsh->last_preq = jiffies;
1771	ifmsh->next_perr = jiffies;
1772	ifmsh->csa_role = IEEE80211_MESH_CSA_ROLE_NONE;
1773	/ Allocate all mesh structures when creating the first mesh interface. /
1774	if (!mesh_allocated)
1775	ieee80211s_init();
1776
1777	mesh_pathtbl_init(sdata);
1778
1779	timer_setup(&ifmsh->mesh_path_timer, ieee80211_mesh_path_timer, `0`);
1780	timer_setup(&ifmsh->mesh_path_root_timer,
1781	ieee80211_mesh_path_root_timer, `0`);
1782	INIT_LIST_HEAD(list: &ifmsh->preq_queue.list);
1783	skb_queue_head_init(list: &ifmsh->ps.bc_buf);
1784	spin_lock_init(&ifmsh->mesh_preq_queue_lock);
1785	spin_lock_init(&ifmsh->sync_offset_lock);
1786	RCU_INIT_POINTER(ifmsh->beacon, NULL);
1787
1788	sdata->vif.bss_conf.bssid = zero_addr;
1789	}
1790
1791	void ieee80211_mesh_teardown_sdata(struct ieee80211_sub_if_data *sdata)
1792	{
1793	mesh_rmc_free(sdata);
1794	mesh_pathtbl_unregister(sdata);
1795	}
1796

source code of linux/net/mac80211/mesh.c