| 1 | /* $NetBSD: ieee80211_output.c,v 1.57 2016/07/07 06:55:43 msaitoh Exp $ */ |
| 2 | /*- |
| 3 | * Copyright (c) 2001 Atsushi Onoe |
| 4 | * Copyright (c) 2002-2005 Sam Leffler, Errno Consulting |
| 5 | * All rights reserved. |
| 6 | * |
| 7 | * Redistribution and use in source and binary forms, with or without |
| 8 | * modification, are permitted provided that the following conditions |
| 9 | * are met: |
| 10 | * 1. Redistributions of source code must retain the above copyright |
| 11 | * notice, this list of conditions and the following disclaimer. |
| 12 | * 2. Redistributions in binary form must reproduce the above copyright |
| 13 | * notice, this list of conditions and the following disclaimer in the |
| 14 | * documentation and/or other materials provided with the distribution. |
| 15 | * 3. The name of the author may not be used to endorse or promote products |
| 16 | * derived from this software without specific prior written permission. |
| 17 | * |
| 18 | * Alternatively, this software may be distributed under the terms of the |
| 19 | * GNU General Public License ("GPL") version 2 as published by the Free |
| 20 | * Software Foundation. |
| 21 | * |
| 22 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
| 23 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
| 24 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
| 25 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
| 26 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
| 27 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| 28 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| 29 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| 30 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 31 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 32 | */ |
| 33 | |
| 34 | #include <sys/cdefs.h> |
| 35 | #ifdef __FreeBSD__ |
| 36 | __FBSDID("$FreeBSD: src/sys/net80211/ieee80211_output.c,v 1.34 2005/08/10 16:22:29 sam Exp $" ); |
| 37 | #endif |
| 38 | #ifdef __NetBSD__ |
| 39 | __KERNEL_RCSID(0, "$NetBSD: ieee80211_output.c,v 1.57 2016/07/07 06:55:43 msaitoh Exp $" ); |
| 40 | #endif |
| 41 | |
| 42 | #ifdef _KERNEL_OPT |
| 43 | #include "opt_inet.h" |
| 44 | #endif |
| 45 | |
| 46 | #ifdef __NetBSD__ |
| 47 | #endif /* __NetBSD__ */ |
| 48 | |
| 49 | #include <sys/param.h> |
| 50 | #include <sys/systm.h> |
| 51 | #include <sys/mbuf.h> |
| 52 | #include <sys/kernel.h> |
| 53 | #include <sys/endian.h> |
| 54 | #include <sys/errno.h> |
| 55 | #include <sys/proc.h> |
| 56 | #include <sys/sysctl.h> |
| 57 | |
| 58 | #include <net/if.h> |
| 59 | #include <net/if_llc.h> |
| 60 | #include <net/if_media.h> |
| 61 | #include <net/if_arp.h> |
| 62 | #include <net/if_ether.h> |
| 63 | #include <net/if_llc.h> |
| 64 | #include <net/if_vlanvar.h> |
| 65 | |
| 66 | #include <net80211/ieee80211_netbsd.h> |
| 67 | #include <net80211/ieee80211_var.h> |
| 68 | |
| 69 | #include <net/bpf.h> |
| 70 | |
| 71 | #ifdef INET |
| 72 | #include <netinet/in.h> |
| 73 | #include <netinet/in_systm.h> |
| 74 | #include <netinet/in_var.h> |
| 75 | #include <netinet/ip.h> |
| 76 | #include <net/if_ether.h> |
| 77 | #endif |
| 78 | |
| 79 | static int ieee80211_fragment(struct ieee80211com *, struct mbuf *, |
| 80 | u_int hdrsize, u_int ciphdrsize, u_int mtu); |
| 81 | |
| 82 | #ifdef IEEE80211_DEBUG |
| 83 | /* |
| 84 | * Decide if an outbound management frame should be |
| 85 | * printed when debugging is enabled. This filters some |
| 86 | * of the less interesting frames that come frequently |
| 87 | * (e.g. beacons). |
| 88 | */ |
| 89 | static __inline int |
| 90 | doprint(struct ieee80211com *ic, int subtype) |
| 91 | { |
| 92 | switch (subtype) { |
| 93 | case IEEE80211_FC0_SUBTYPE_PROBE_RESP: |
| 94 | return (ic->ic_opmode == IEEE80211_M_IBSS); |
| 95 | } |
| 96 | return 1; |
| 97 | } |
| 98 | #endif |
| 99 | |
| 100 | /* |
| 101 | * Set the direction field and address fields of an outgoing |
| 102 | * non-QoS frame. Note this should be called early on in |
| 103 | * constructing a frame as it sets i_fc[1]; other bits can |
| 104 | * then be or'd in. |
| 105 | */ |
| 106 | static void |
| 107 | ieee80211_send_setup(struct ieee80211com *ic, |
| 108 | struct ieee80211_node *ni, |
| 109 | struct ieee80211_frame *wh, |
| 110 | int type, |
| 111 | const u_int8_t sa[IEEE80211_ADDR_LEN], |
| 112 | const u_int8_t da[IEEE80211_ADDR_LEN], |
| 113 | const u_int8_t bssid[IEEE80211_ADDR_LEN]) |
| 114 | { |
| 115 | #define WH4(wh) ((struct ieee80211_frame_addr4 *)wh) |
| 116 | |
| 117 | wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | type; |
| 118 | if ((type & IEEE80211_FC0_TYPE_MASK) == IEEE80211_FC0_TYPE_DATA) { |
| 119 | switch (ic->ic_opmode) { |
| 120 | case IEEE80211_M_STA: |
| 121 | wh->i_fc[1] = IEEE80211_FC1_DIR_TODS; |
| 122 | IEEE80211_ADDR_COPY(wh->i_addr1, bssid); |
| 123 | IEEE80211_ADDR_COPY(wh->i_addr2, sa); |
| 124 | IEEE80211_ADDR_COPY(wh->i_addr3, da); |
| 125 | break; |
| 126 | case IEEE80211_M_IBSS: |
| 127 | case IEEE80211_M_AHDEMO: |
| 128 | wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; |
| 129 | IEEE80211_ADDR_COPY(wh->i_addr1, da); |
| 130 | IEEE80211_ADDR_COPY(wh->i_addr2, sa); |
| 131 | IEEE80211_ADDR_COPY(wh->i_addr3, bssid); |
| 132 | break; |
| 133 | case IEEE80211_M_HOSTAP: |
| 134 | wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS; |
| 135 | IEEE80211_ADDR_COPY(wh->i_addr1, da); |
| 136 | IEEE80211_ADDR_COPY(wh->i_addr2, bssid); |
| 137 | IEEE80211_ADDR_COPY(wh->i_addr3, sa); |
| 138 | break; |
| 139 | case IEEE80211_M_MONITOR: /* NB: to quiet compiler */ |
| 140 | break; |
| 141 | } |
| 142 | } else { |
| 143 | wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; |
| 144 | IEEE80211_ADDR_COPY(wh->i_addr1, da); |
| 145 | IEEE80211_ADDR_COPY(wh->i_addr2, sa); |
| 146 | IEEE80211_ADDR_COPY(wh->i_addr3, bssid); |
| 147 | } |
| 148 | *(u_int16_t *)&wh->i_dur[0] = 0; |
| 149 | /* NB: use non-QoS tid */ |
| 150 | *(u_int16_t *)&wh->i_seq[0] = |
| 151 | htole16(ni->ni_txseqs[0] << IEEE80211_SEQ_SEQ_SHIFT); |
| 152 | ni->ni_txseqs[0]++; |
| 153 | #undef WH4 |
| 154 | } |
| 155 | |
| 156 | /* |
| 157 | * Send a management frame to the specified node. The node pointer |
| 158 | * must have a reference as the pointer will be passed to the driver |
| 159 | * and potentially held for a long time. If the frame is successfully |
| 160 | * dispatched to the driver, then it is responsible for freeing the |
| 161 | * reference (and potentially free'ing up any associated storage). |
| 162 | */ |
| 163 | static int |
| 164 | ieee80211_mgmt_output(struct ieee80211com *ic, struct ieee80211_node *ni, |
| 165 | struct mbuf *m, int type, int timer) |
| 166 | { |
| 167 | struct ifnet *ifp = ic->ic_ifp; |
| 168 | struct ieee80211_frame *wh; |
| 169 | |
| 170 | IASSERT(ni != NULL, ("null node" )); |
| 171 | |
| 172 | /* |
| 173 | * Yech, hack alert! We want to pass the node down to the |
| 174 | * driver's start routine. If we don't do so then the start |
| 175 | * routine must immediately look it up again and that can |
| 176 | * cause a lock order reversal if, for example, this frame |
| 177 | * is being sent because the station is being timedout and |
| 178 | * the frame being sent is a DEAUTH message. We could stick |
| 179 | * this in an m_tag and tack that on to the mbuf. However |
| 180 | * that's rather expensive to do for every frame so instead |
| 181 | * we stuff it in the rcvif field since outbound frames do |
| 182 | * not (presently) use this. |
| 183 | */ |
| 184 | M_PREPEND(m, sizeof(struct ieee80211_frame), M_DONTWAIT); |
| 185 | if (m == NULL) |
| 186 | return ENOMEM; |
| 187 | M_SETCTX(m, ni); |
| 188 | |
| 189 | wh = mtod(m, struct ieee80211_frame *); |
| 190 | ieee80211_send_setup(ic, ni, wh, |
| 191 | IEEE80211_FC0_TYPE_MGT | type, |
| 192 | ic->ic_myaddr, ni->ni_macaddr, ni->ni_bssid); |
| 193 | if ((m->m_flags & M_LINK0) != 0 && ni->ni_challenge != NULL) { |
| 194 | m->m_flags &= ~M_LINK0; |
| 195 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_AUTH, |
| 196 | "[%s] encrypting frame (%s)\n" , |
| 197 | ether_sprintf(wh->i_addr1), __func__); |
| 198 | wh->i_fc[1] |= IEEE80211_FC1_WEP; |
| 199 | } |
| 200 | #ifdef IEEE80211_DEBUG |
| 201 | /* avoid printing too many frames */ |
| 202 | if ((ieee80211_msg_debug(ic) && doprint(ic, type)) || |
| 203 | ieee80211_msg_dumppkts(ic)) { |
| 204 | printf("[%s] send %s on channel %u\n" , |
| 205 | ether_sprintf(wh->i_addr1), |
| 206 | ieee80211_mgt_subtype_name[ |
| 207 | (type & IEEE80211_FC0_SUBTYPE_MASK) >> |
| 208 | IEEE80211_FC0_SUBTYPE_SHIFT], |
| 209 | ieee80211_chan2ieee(ic, ic->ic_curchan)); |
| 210 | } |
| 211 | #endif |
| 212 | IEEE80211_NODE_STAT(ni, tx_mgmt); |
| 213 | IF_ENQUEUE(&ic->ic_mgtq, m); |
| 214 | if (timer) { |
| 215 | /* |
| 216 | * Set the mgt frame timeout. |
| 217 | */ |
| 218 | ic->ic_mgt_timer = timer; |
| 219 | ifp->if_timer = 1; |
| 220 | } |
| 221 | if_start_lock(ifp); |
| 222 | return 0; |
| 223 | } |
| 224 | |
| 225 | /* |
| 226 | * Send a null data frame to the specified node. |
| 227 | * |
| 228 | * NB: the caller is assumed to have setup a node reference |
| 229 | * for use; this is necessary to deal with a race condition |
| 230 | * when probing for inactive stations. |
| 231 | */ |
| 232 | int |
| 233 | ieee80211_send_nulldata(struct ieee80211_node *ni) |
| 234 | { |
| 235 | struct ieee80211com *ic = ni->ni_ic; |
| 236 | struct ifnet *ifp = ic->ic_ifp; |
| 237 | struct mbuf *m; |
| 238 | struct ieee80211_frame *wh; |
| 239 | |
| 240 | MGETHDR(m, M_NOWAIT, MT_HEADER); |
| 241 | if (m == NULL) { |
| 242 | /* XXX debug msg */ |
| 243 | ic->ic_stats.is_tx_nobuf++; |
| 244 | ieee80211_unref_node(&ni); |
| 245 | return ENOMEM; |
| 246 | } |
| 247 | M_SETCTX(m, ni); |
| 248 | |
| 249 | wh = mtod(m, struct ieee80211_frame *); |
| 250 | ieee80211_send_setup(ic, ni, wh, |
| 251 | IEEE80211_FC0_TYPE_DATA | IEEE80211_FC0_SUBTYPE_NODATA, |
| 252 | ic->ic_myaddr, ni->ni_macaddr, ni->ni_bssid); |
| 253 | /* NB: power management bit is never sent by an AP */ |
| 254 | if ((ni->ni_flags & IEEE80211_NODE_PWR_MGT) && |
| 255 | ic->ic_opmode != IEEE80211_M_HOSTAP) |
| 256 | wh->i_fc[1] |= IEEE80211_FC1_PWR_MGT; |
| 257 | m->m_len = m->m_pkthdr.len = sizeof(struct ieee80211_frame); |
| 258 | |
| 259 | IEEE80211_NODE_STAT(ni, tx_data); |
| 260 | |
| 261 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_DEBUG | IEEE80211_MSG_DUMPPKTS, |
| 262 | "[%s] send null data frame on channel %u, pwr mgt %s\n" , |
| 263 | ether_sprintf(ni->ni_macaddr), |
| 264 | ieee80211_chan2ieee(ic, ic->ic_curchan), |
| 265 | wh->i_fc[1] & IEEE80211_FC1_PWR_MGT ? "ena" : "dis" ); |
| 266 | |
| 267 | IF_ENQUEUE(&ic->ic_mgtq, m); /* cheat */ |
| 268 | if_start_lock(ifp); |
| 269 | |
| 270 | return 0; |
| 271 | } |
| 272 | |
| 273 | /* |
| 274 | * Assign priority to a frame based on any vlan tag assigned |
| 275 | * to the station and/or any Diffserv setting in an IP header. |
| 276 | * Finally, if an ACM policy is setup (in station mode) it's |
| 277 | * applied. |
| 278 | */ |
| 279 | int |
| 280 | ieee80211_classify(struct ieee80211com *ic, struct mbuf *m, struct ieee80211_node *ni) |
| 281 | { |
| 282 | int v_wme_ac, d_wme_ac, ac; |
| 283 | #ifdef INET |
| 284 | struct ether_header *eh; |
| 285 | #endif |
| 286 | |
| 287 | if ((ni->ni_flags & IEEE80211_NODE_QOS) == 0) { |
| 288 | ac = WME_AC_BE; |
| 289 | goto done; |
| 290 | } |
| 291 | |
| 292 | /* |
| 293 | * If node has a vlan tag then all traffic |
| 294 | * to it must have a matching tag. |
| 295 | */ |
| 296 | v_wme_ac = 0; |
| 297 | if (ni->ni_vlan != 0) { |
| 298 | /* XXX used to check ec_nvlans. */ |
| 299 | struct m_tag *mtag = m_tag_find(m, PACKET_TAG_VLAN, NULL); |
| 300 | if (mtag == NULL) { |
| 301 | IEEE80211_NODE_STAT(ni, tx_novlantag); |
| 302 | return 1; |
| 303 | } |
| 304 | if (EVL_VLANOFTAG(VLAN_TAG_VALUE(mtag)) != |
| 305 | EVL_VLANOFTAG(ni->ni_vlan)) { |
| 306 | IEEE80211_NODE_STAT(ni, tx_vlanmismatch); |
| 307 | return 1; |
| 308 | } |
| 309 | /* map vlan priority to AC */ |
| 310 | switch (EVL_PRIOFTAG(ni->ni_vlan)) { |
| 311 | case 1: |
| 312 | case 2: |
| 313 | v_wme_ac = WME_AC_BK; |
| 314 | break; |
| 315 | case 0: |
| 316 | case 3: |
| 317 | v_wme_ac = WME_AC_BE; |
| 318 | break; |
| 319 | case 4: |
| 320 | case 5: |
| 321 | v_wme_ac = WME_AC_VI; |
| 322 | break; |
| 323 | case 6: |
| 324 | case 7: |
| 325 | v_wme_ac = WME_AC_VO; |
| 326 | break; |
| 327 | } |
| 328 | } |
| 329 | |
| 330 | #ifdef INET |
| 331 | eh = mtod(m, struct ether_header *); |
| 332 | if (eh->ether_type == htons(ETHERTYPE_IP)) { |
| 333 | const struct ip *ip = (struct ip *) |
| 334 | (mtod(m, u_int8_t *) + sizeof (*eh)); |
| 335 | /* |
| 336 | * IP frame, map the TOS field. |
| 337 | */ |
| 338 | switch (ip->ip_tos) { |
| 339 | case 0x08: |
| 340 | case 0x20: |
| 341 | d_wme_ac = WME_AC_BK; /* background */ |
| 342 | break; |
| 343 | case 0x28: |
| 344 | case 0xa0: |
| 345 | d_wme_ac = WME_AC_VI; /* video */ |
| 346 | break; |
| 347 | case 0x30: /* voice */ |
| 348 | case 0xe0: |
| 349 | case 0x88: /* XXX UPSD */ |
| 350 | case 0xb8: |
| 351 | d_wme_ac = WME_AC_VO; |
| 352 | break; |
| 353 | default: |
| 354 | d_wme_ac = WME_AC_BE; |
| 355 | break; |
| 356 | } |
| 357 | } else { |
| 358 | #endif /* INET */ |
| 359 | d_wme_ac = WME_AC_BE; |
| 360 | #ifdef INET |
| 361 | } |
| 362 | #endif |
| 363 | /* |
| 364 | * Use highest priority AC. |
| 365 | */ |
| 366 | if (v_wme_ac > d_wme_ac) |
| 367 | ac = v_wme_ac; |
| 368 | else |
| 369 | ac = d_wme_ac; |
| 370 | |
| 371 | /* |
| 372 | * Apply ACM policy. |
| 373 | */ |
| 374 | if (ic->ic_opmode == IEEE80211_M_STA) { |
| 375 | static const int acmap[4] = { |
| 376 | WME_AC_BK, /* WME_AC_BE */ |
| 377 | WME_AC_BK, /* WME_AC_BK */ |
| 378 | WME_AC_BE, /* WME_AC_VI */ |
| 379 | WME_AC_VI, /* WME_AC_VO */ |
| 380 | }; |
| 381 | while (ac != WME_AC_BK && |
| 382 | ic->ic_wme.wme_wmeBssChanParams.cap_wmeParams[ac].wmep_acm) |
| 383 | ac = acmap[ac]; |
| 384 | } |
| 385 | done: |
| 386 | M_WME_SETAC(m, ac); |
| 387 | return 0; |
| 388 | } |
| 389 | |
| 390 | /* |
| 391 | * Insure there is sufficient contiguous space to encapsulate the |
| 392 | * 802.11 data frame. If room isn't already there, arrange for it. |
| 393 | * Drivers and cipher modules assume we have done the necessary work |
| 394 | * and fail rudely if they don't find the space they need. |
| 395 | */ |
| 396 | static struct mbuf * |
| 397 | ieee80211_mbuf_adjust(struct ieee80211com *ic, int hdrsize, |
| 398 | struct ieee80211_key *key, struct mbuf *m) |
| 399 | { |
| 400 | #define TO_BE_RECLAIMED (sizeof(struct ether_header) - sizeof(struct llc)) |
| 401 | int needed_space = hdrsize; |
| 402 | int wlen = 0; |
| 403 | |
| 404 | if (key != NULL) { |
| 405 | /* XXX belongs in crypto code? */ |
| 406 | needed_space += key->wk_cipher->ic_header; |
| 407 | /* XXX frags */ |
| 408 | } |
| 409 | /* |
| 410 | * We know we are called just before stripping an Ethernet |
| 411 | * header and prepending an LLC header. This means we know |
| 412 | * there will be |
| 413 | * sizeof(struct ether_header) - sizeof(struct llc) |
| 414 | * bytes recovered to which we need additional space for the |
| 415 | * 802.11 header and any crypto header. |
| 416 | */ |
| 417 | /* XXX check trailing space and copy instead? */ |
| 418 | if (M_LEADINGSPACE(m) < needed_space - TO_BE_RECLAIMED) { |
| 419 | struct mbuf *n = m_gethdr(M_NOWAIT, m->m_type); |
| 420 | if (n == NULL) { |
| 421 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_OUTPUT, |
| 422 | "%s: cannot expand storage\n" , __func__); |
| 423 | ic->ic_stats.is_tx_nobuf++; |
| 424 | m_freem(m); |
| 425 | return NULL; |
| 426 | } |
| 427 | IASSERT(needed_space <= MHLEN, |
| 428 | ("not enough room, need %u got %zu\n" , needed_space, MHLEN)); |
| 429 | /* |
| 430 | * Setup new mbuf to have leading space to prepend the |
| 431 | * 802.11 header and any crypto header bits that are |
| 432 | * required (the latter are added when the driver calls |
| 433 | * back to ieee80211_crypto_encap to do crypto encapsulation). |
| 434 | */ |
| 435 | /* NB: must be first 'cuz it clobbers m_data */ |
| 436 | M_MOVE_PKTHDR(n, m); |
| 437 | n->m_len = 0; /* NB: m_gethdr does not set */ |
| 438 | n->m_data += needed_space; |
| 439 | /* |
| 440 | * Pull up Ethernet header to create the expected layout. |
| 441 | * We could use m_pullup but that's overkill (i.e. we don't |
| 442 | * need the actual data) and it cannot fail so do it inline |
| 443 | * for speed. |
| 444 | */ |
| 445 | /* NB: struct ether_header is known to be contiguous */ |
| 446 | n->m_len += sizeof(struct ether_header); |
| 447 | m->m_len -= sizeof(struct ether_header); |
| 448 | m->m_data += sizeof(struct ether_header); |
| 449 | /* |
| 450 | * Replace the head of the chain. |
| 451 | */ |
| 452 | n->m_next = m; |
| 453 | m = n; |
| 454 | } else { |
| 455 | /* We will overwrite the ethernet header in the |
| 456 | * 802.11 encapsulation stage. Make sure that it |
| 457 | * is writable. |
| 458 | */ |
| 459 | wlen = sizeof(struct ether_header); |
| 460 | } |
| 461 | |
| 462 | /* |
| 463 | * If we're going to s/w encrypt the mbuf chain make sure it is |
| 464 | * writable. |
| 465 | */ |
| 466 | if (key != NULL && (key->wk_flags & IEEE80211_KEY_SWCRYPT) != 0) |
| 467 | wlen = M_COPYALL; |
| 468 | |
| 469 | if (wlen != 0 && m_makewritable(&m, 0, wlen, M_DONTWAIT) != 0) { |
| 470 | m_freem(m); |
| 471 | return NULL; |
| 472 | } |
| 473 | return m; |
| 474 | #undef TO_BE_RECLAIMED |
| 475 | } |
| 476 | |
| 477 | /* |
| 478 | * Return the transmit key to use in sending a unicast frame. |
| 479 | * If a unicast key is set we use that. When no unicast key is set |
| 480 | * we fall back to the default transmit key. |
| 481 | */ |
| 482 | static __inline struct ieee80211_key * |
| 483 | ieee80211_crypto_getucastkey(struct ieee80211com *ic, struct ieee80211_node *ni) |
| 484 | { |
| 485 | if (IEEE80211_KEY_UNDEFINED(ni->ni_ucastkey)) { |
| 486 | if (ic->ic_def_txkey == IEEE80211_KEYIX_NONE || |
| 487 | IEEE80211_KEY_UNDEFINED(ic->ic_nw_keys[ic->ic_def_txkey])) |
| 488 | return NULL; |
| 489 | return &ic->ic_nw_keys[ic->ic_def_txkey]; |
| 490 | } else { |
| 491 | return &ni->ni_ucastkey; |
| 492 | } |
| 493 | } |
| 494 | |
| 495 | /* |
| 496 | * Return the transmit key to use in sending a multicast frame. |
| 497 | * Multicast traffic always uses the group key which is installed as |
| 498 | * the default tx key. |
| 499 | */ |
| 500 | static __inline struct ieee80211_key * |
| 501 | ieee80211_crypto_getmcastkey(struct ieee80211com *ic, |
| 502 | struct ieee80211_node *ni) |
| 503 | { |
| 504 | if (ic->ic_def_txkey == IEEE80211_KEYIX_NONE || |
| 505 | IEEE80211_KEY_UNDEFINED(ic->ic_nw_keys[ic->ic_def_txkey])) |
| 506 | return NULL; |
| 507 | return &ic->ic_nw_keys[ic->ic_def_txkey]; |
| 508 | } |
| 509 | |
| 510 | /* |
| 511 | * Encapsulate an outbound data frame. The mbuf chain is updated. |
| 512 | * If an error is encountered NULL is returned. The caller is required |
| 513 | * to provide a node reference and pullup the ethernet header in the |
| 514 | * first mbuf. |
| 515 | */ |
| 516 | struct mbuf * |
| 517 | ieee80211_encap(struct ieee80211com *ic, struct mbuf *m, |
| 518 | struct ieee80211_node *ni) |
| 519 | { |
| 520 | struct ether_header eh; |
| 521 | struct ieee80211_frame *wh; |
| 522 | struct ieee80211_key *key; |
| 523 | struct llc *llc; |
| 524 | int hdrsize, datalen, addqos, txfrag; |
| 525 | |
| 526 | IASSERT(m->m_len >= sizeof(eh), ("no ethernet header!" )); |
| 527 | memcpy(&eh, mtod(m, void *), sizeof(struct ether_header)); |
| 528 | |
| 529 | /* |
| 530 | * Insure space for additional headers. First identify |
| 531 | * transmit key to use in calculating any buffer adjustments |
| 532 | * required. This is also used below to do privacy |
| 533 | * encapsulation work. Then calculate the 802.11 header |
| 534 | * size and any padding required by the driver. |
| 535 | * |
| 536 | * Note key may be NULL if we fall back to the default |
| 537 | * transmit key and that is not set. In that case the |
| 538 | * buffer may not be expanded as needed by the cipher |
| 539 | * routines, but they will/should discard it. |
| 540 | */ |
| 541 | if (ic->ic_flags & IEEE80211_F_PRIVACY) { |
| 542 | if (ic->ic_opmode == IEEE80211_M_STA || |
| 543 | !IEEE80211_IS_MULTICAST(eh.ether_dhost)) |
| 544 | key = ieee80211_crypto_getucastkey(ic, ni); |
| 545 | else |
| 546 | key = ieee80211_crypto_getmcastkey(ic, ni); |
| 547 | if (key == NULL && eh.ether_type != htons(ETHERTYPE_PAE)) { |
| 548 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, |
| 549 | "[%s] no default transmit key (%s) deftxkey %u\n" , |
| 550 | ether_sprintf(eh.ether_dhost), __func__, |
| 551 | ic->ic_def_txkey); |
| 552 | ic->ic_stats.is_tx_nodefkey++; |
| 553 | } |
| 554 | } else |
| 555 | key = NULL; |
| 556 | /* XXX 4-address format */ |
| 557 | /* |
| 558 | * XXX Some ap's don't handle QoS-encapsulated EAPOL |
| 559 | * frames so suppress use. This may be an issue if other |
| 560 | * ap's require all data frames to be QoS-encapsulated |
| 561 | * once negotiated in which case we'll need to make this |
| 562 | * configurable. |
| 563 | */ |
| 564 | addqos = (ni->ni_flags & IEEE80211_NODE_QOS) && |
| 565 | eh.ether_type != htons(ETHERTYPE_PAE); |
| 566 | if (addqos) |
| 567 | hdrsize = sizeof(struct ieee80211_qosframe); |
| 568 | else |
| 569 | hdrsize = sizeof(struct ieee80211_frame); |
| 570 | if (ic->ic_flags & IEEE80211_F_DATAPAD) |
| 571 | hdrsize = roundup(hdrsize, sizeof(u_int32_t)); |
| 572 | m = ieee80211_mbuf_adjust(ic, hdrsize, key, m); |
| 573 | if (m == NULL) { |
| 574 | /* NB: ieee80211_mbuf_adjust handles msgs+statistics */ |
| 575 | goto bad; |
| 576 | } |
| 577 | |
| 578 | /* NB: this could be optimized because of ieee80211_mbuf_adjust */ |
| 579 | m_adj(m, sizeof(struct ether_header) - sizeof(struct llc)); |
| 580 | llc = mtod(m, struct llc *); |
| 581 | llc->llc_dsap = llc->llc_ssap = LLC_SNAP_LSAP; |
| 582 | llc->llc_control = LLC_UI; |
| 583 | llc->llc_snap.org_code[0] = 0; |
| 584 | llc->llc_snap.org_code[1] = 0; |
| 585 | llc->llc_snap.org_code[2] = 0; |
| 586 | llc->llc_snap.ether_type = eh.ether_type; |
| 587 | datalen = m->m_pkthdr.len; /* NB: w/o 802.11 header */ |
| 588 | |
| 589 | M_PREPEND(m, hdrsize, M_DONTWAIT); |
| 590 | if (m == NULL) { |
| 591 | ic->ic_stats.is_tx_nobuf++; |
| 592 | goto bad; |
| 593 | } |
| 594 | wh = mtod(m, struct ieee80211_frame *); |
| 595 | wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_DATA; |
| 596 | *(u_int16_t *)wh->i_dur = 0; |
| 597 | switch (ic->ic_opmode) { |
| 598 | case IEEE80211_M_STA: |
| 599 | wh->i_fc[1] = IEEE80211_FC1_DIR_TODS; |
| 600 | IEEE80211_ADDR_COPY(wh->i_addr1, ni->ni_bssid); |
| 601 | IEEE80211_ADDR_COPY(wh->i_addr2, eh.ether_shost); |
| 602 | IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_dhost); |
| 603 | break; |
| 604 | case IEEE80211_M_IBSS: |
| 605 | case IEEE80211_M_AHDEMO: |
| 606 | wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; |
| 607 | IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost); |
| 608 | IEEE80211_ADDR_COPY(wh->i_addr2, eh.ether_shost); |
| 609 | /* |
| 610 | * NB: always use the bssid from ic_bss as the |
| 611 | * neighbor's may be stale after an ibss merge |
| 612 | */ |
| 613 | IEEE80211_ADDR_COPY(wh->i_addr3, ic->ic_bss->ni_bssid); |
| 614 | break; |
| 615 | case IEEE80211_M_HOSTAP: |
| 616 | #ifndef IEEE80211_NO_HOSTAP |
| 617 | wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS; |
| 618 | IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost); |
| 619 | IEEE80211_ADDR_COPY(wh->i_addr2, ni->ni_bssid); |
| 620 | IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_shost); |
| 621 | #endif /* !IEEE80211_NO_HOSTAP */ |
| 622 | break; |
| 623 | case IEEE80211_M_MONITOR: |
| 624 | goto bad; |
| 625 | } |
| 626 | if (m->m_flags & M_MORE_DATA) |
| 627 | wh->i_fc[1] |= IEEE80211_FC1_MORE_DATA; |
| 628 | if (addqos) { |
| 629 | struct ieee80211_qosframe *qwh = |
| 630 | (struct ieee80211_qosframe *) wh; |
| 631 | int ac, tid; |
| 632 | |
| 633 | ac = M_WME_GETAC(m); |
| 634 | /* map from access class/queue to 11e header priorty value */ |
| 635 | tid = WME_AC_TO_TID(ac); |
| 636 | qwh->i_qos[0] = tid & IEEE80211_QOS_TID; |
| 637 | if (ic->ic_wme.wme_wmeChanParams.cap_wmeParams[ac].wmep_noackPolicy) |
| 638 | qwh->i_qos[0] |= 1 << IEEE80211_QOS_ACKPOLICY_S; |
| 639 | qwh->i_qos[1] = 0; |
| 640 | qwh->i_fc[0] |= IEEE80211_FC0_SUBTYPE_QOS; |
| 641 | |
| 642 | *(u_int16_t *)wh->i_seq = |
| 643 | htole16(ni->ni_txseqs[tid] << IEEE80211_SEQ_SEQ_SHIFT); |
| 644 | ni->ni_txseqs[tid]++; |
| 645 | } else { |
| 646 | *(u_int16_t *)wh->i_seq = |
| 647 | htole16(ni->ni_txseqs[0] << IEEE80211_SEQ_SEQ_SHIFT); |
| 648 | ni->ni_txseqs[0]++; |
| 649 | } |
| 650 | /* check if xmit fragmentation is required */ |
| 651 | txfrag = (m->m_pkthdr.len > ic->ic_fragthreshold && |
| 652 | !IEEE80211_IS_MULTICAST(wh->i_addr1) && |
| 653 | (m->m_flags & M_FF) == 0); /* NB: don't fragment ff's */ |
| 654 | if (key != NULL) { |
| 655 | /* |
| 656 | * IEEE 802.1X: send EAPOL frames always in the clear. |
| 657 | * WPA/WPA2: encrypt EAPOL keys when pairwise keys are set. |
| 658 | */ |
| 659 | if (eh.ether_type != htons(ETHERTYPE_PAE) || |
| 660 | ((ic->ic_flags & IEEE80211_F_WPA) && |
| 661 | (ic->ic_opmode == IEEE80211_M_STA ? |
| 662 | !IEEE80211_KEY_UNDEFINED(*key) : |
| 663 | !IEEE80211_KEY_UNDEFINED(ni->ni_ucastkey)))) { |
| 664 | wh->i_fc[1] |= IEEE80211_FC1_WEP; |
| 665 | if (!ieee80211_crypto_enmic(ic, key, m, txfrag)) { |
| 666 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_OUTPUT, |
| 667 | "[%s] enmic failed, discard frame\n" , |
| 668 | ether_sprintf(eh.ether_dhost)); |
| 669 | ic->ic_stats.is_crypto_enmicfail++; |
| 670 | goto bad; |
| 671 | } |
| 672 | } |
| 673 | } |
| 674 | if (txfrag && !ieee80211_fragment(ic, m, hdrsize, |
| 675 | key != NULL ? key->wk_cipher->ic_header : 0, ic->ic_fragthreshold)) |
| 676 | goto bad; |
| 677 | |
| 678 | IEEE80211_NODE_STAT(ni, tx_data); |
| 679 | IEEE80211_NODE_STAT_ADD(ni, tx_bytes, datalen); |
| 680 | |
| 681 | return m; |
| 682 | bad: |
| 683 | if (m != NULL) |
| 684 | m_freem(m); |
| 685 | return NULL; |
| 686 | } |
| 687 | |
| 688 | /* |
| 689 | * Arguments in: |
| 690 | * |
| 691 | * paylen: payload length (no FCS, no WEP header) |
| 692 | * |
| 693 | * hdrlen: header length |
| 694 | * |
| 695 | * rate: MSDU speed, units 500kb/s |
| 696 | * |
| 697 | * flags: IEEE80211_F_SHPREAMBLE (use short preamble), |
| 698 | * IEEE80211_F_SHSLOT (use short slot length) |
| 699 | * |
| 700 | * Arguments out: |
| 701 | * |
| 702 | * d: 802.11 Duration field for RTS, |
| 703 | * 802.11 Duration field for data frame, |
| 704 | * PLCP Length for data frame, |
| 705 | * residual octets at end of data slot |
| 706 | */ |
| 707 | static int |
| 708 | ieee80211_compute_duration1(int len, int use_ack, uint32_t icflags, int rate, |
| 709 | struct ieee80211_duration *d) |
| 710 | { |
| 711 | int pre, ctsrate; |
| 712 | int ack, bitlen, data_dur, remainder; |
| 713 | |
| 714 | /* RTS reserves medium for SIFS | CTS | SIFS | (DATA) | SIFS | ACK |
| 715 | * DATA reserves medium for SIFS | ACK, |
| 716 | * |
| 717 | * (XXX or SIFS | ACK | SIFS | DATA | SIFS | ACK, if more fragments) |
| 718 | * |
| 719 | * XXXMYC: no ACK on multicast/broadcast or control packets |
| 720 | */ |
| 721 | |
| 722 | bitlen = len * 8; |
| 723 | |
| 724 | pre = IEEE80211_DUR_DS_SIFS; |
| 725 | if ((icflags & IEEE80211_F_SHPREAMBLE) != 0) |
| 726 | pre += IEEE80211_DUR_DS_SHORT_PREAMBLE + IEEE80211_DUR_DS_FAST_PLCPHDR; |
| 727 | else |
| 728 | pre += IEEE80211_DUR_DS_LONG_PREAMBLE + IEEE80211_DUR_DS_SLOW_PLCPHDR; |
| 729 | |
| 730 | d->d_residue = 0; |
| 731 | data_dur = (bitlen * 2) / rate; |
| 732 | remainder = (bitlen * 2) % rate; |
| 733 | if (remainder != 0) { |
| 734 | d->d_residue = (rate - remainder) / 16; |
| 735 | data_dur++; |
| 736 | } |
| 737 | |
| 738 | switch (rate) { |
| 739 | case 2: /* 1 Mb/s */ |
| 740 | case 4: /* 2 Mb/s */ |
| 741 | /* 1 - 2 Mb/s WLAN: send ACK/CTS at 1 Mb/s */ |
| 742 | ctsrate = 2; |
| 743 | break; |
| 744 | case 11: /* 5.5 Mb/s */ |
| 745 | case 22: /* 11 Mb/s */ |
| 746 | case 44: /* 22 Mb/s */ |
| 747 | /* 5.5 - 11 Mb/s WLAN: send ACK/CTS at 2 Mb/s */ |
| 748 | ctsrate = 4; |
| 749 | break; |
| 750 | default: |
| 751 | /* TBD */ |
| 752 | return -1; |
| 753 | } |
| 754 | |
| 755 | d->d_plcp_len = data_dur; |
| 756 | |
| 757 | ack = (use_ack) ? pre + (IEEE80211_DUR_DS_SLOW_ACK * 2) / ctsrate : 0; |
| 758 | |
| 759 | d->d_rts_dur = |
| 760 | pre + (IEEE80211_DUR_DS_SLOW_CTS * 2) / ctsrate + |
| 761 | pre + data_dur + |
| 762 | ack; |
| 763 | |
| 764 | d->d_data_dur = ack; |
| 765 | |
| 766 | return 0; |
| 767 | } |
| 768 | |
| 769 | /* |
| 770 | * Arguments in: |
| 771 | * |
| 772 | * wh: 802.11 header |
| 773 | * |
| 774 | * paylen: payload length (no FCS, no WEP header) |
| 775 | * |
| 776 | * rate: MSDU speed, units 500kb/s |
| 777 | * |
| 778 | * fraglen: fragment length, set to maximum (or higher) for no |
| 779 | * fragmentation |
| 780 | * |
| 781 | * flags: IEEE80211_F_PRIVACY (hardware adds WEP), |
| 782 | * IEEE80211_F_SHPREAMBLE (use short preamble), |
| 783 | * IEEE80211_F_SHSLOT (use short slot length) |
| 784 | * |
| 785 | * Arguments out: |
| 786 | * |
| 787 | * d0: 802.11 Duration fields (RTS/Data), PLCP Length, Service fields |
| 788 | * of first/only fragment |
| 789 | * |
| 790 | * dn: 802.11 Duration fields (RTS/Data), PLCP Length, Service fields |
| 791 | * of last fragment |
| 792 | * |
| 793 | * ieee80211_compute_duration assumes crypto-encapsulation, if any, |
| 794 | * has already taken place. |
| 795 | */ |
| 796 | int |
| 797 | ieee80211_compute_duration(const struct ieee80211_frame_min *wh, |
| 798 | const struct ieee80211_key *wk, int len, |
| 799 | uint32_t icflags, int fraglen, int rate, struct ieee80211_duration *d0, |
| 800 | struct ieee80211_duration *dn, int *npktp, int debug) |
| 801 | { |
| 802 | int ack, rc; |
| 803 | int cryptolen, /* crypto overhead: header+trailer */ |
| 804 | firstlen, /* first fragment's payload + overhead length */ |
| 805 | hdrlen, /* header length w/o driver padding */ |
| 806 | lastlen, /* last fragment's payload length w/ overhead */ |
| 807 | lastlen0, /* last fragment's payload length w/o overhead */ |
| 808 | npkt, /* number of fragments */ |
| 809 | overlen, /* non-802.11 header overhead per fragment */ |
| 810 | paylen; /* payload length w/o overhead */ |
| 811 | |
| 812 | hdrlen = ieee80211_anyhdrsize((const void *)wh); |
| 813 | |
| 814 | /* Account for padding required by the driver. */ |
| 815 | if (icflags & IEEE80211_F_DATAPAD) |
| 816 | paylen = len - roundup(hdrlen, sizeof(u_int32_t)); |
| 817 | else |
| 818 | paylen = len - hdrlen; |
| 819 | |
| 820 | overlen = IEEE80211_CRC_LEN; |
| 821 | |
| 822 | if (wk != NULL) { |
| 823 | cryptolen = wk->wk_cipher->ic_header + |
| 824 | wk->wk_cipher->ic_trailer; |
| 825 | paylen -= cryptolen; |
| 826 | overlen += cryptolen; |
| 827 | } |
| 828 | |
| 829 | npkt = paylen / fraglen; |
| 830 | lastlen0 = paylen % fraglen; |
| 831 | |
| 832 | if (npkt == 0) /* no fragments */ |
| 833 | lastlen = paylen + overlen; |
| 834 | else if (lastlen0 != 0) { /* a short "tail" fragment */ |
| 835 | lastlen = lastlen0 + overlen; |
| 836 | npkt++; |
| 837 | } else /* full-length "tail" fragment */ |
| 838 | lastlen = fraglen + overlen; |
| 839 | |
| 840 | if (npktp != NULL) |
| 841 | *npktp = npkt; |
| 842 | |
| 843 | if (npkt > 1) |
| 844 | firstlen = fraglen + overlen; |
| 845 | else |
| 846 | firstlen = paylen + overlen; |
| 847 | |
| 848 | if (debug) { |
| 849 | printf("%s: npkt %d firstlen %d lastlen0 %d lastlen %d " |
| 850 | "fraglen %d overlen %d len %d rate %d icflags %08x\n" , |
| 851 | __func__, npkt, firstlen, lastlen0, lastlen, fraglen, |
| 852 | overlen, len, rate, icflags); |
| 853 | } |
| 854 | |
| 855 | ack = !IEEE80211_IS_MULTICAST(wh->i_addr1) && |
| 856 | (wh->i_fc[1] & IEEE80211_FC0_TYPE_MASK) != IEEE80211_FC0_TYPE_CTL; |
| 857 | |
| 858 | rc = ieee80211_compute_duration1(firstlen + hdrlen, |
| 859 | ack, icflags, rate, d0); |
| 860 | if (rc == -1) |
| 861 | return rc; |
| 862 | |
| 863 | if (npkt <= 1) { |
| 864 | *dn = *d0; |
| 865 | return 0; |
| 866 | } |
| 867 | return ieee80211_compute_duration1(lastlen + hdrlen, ack, icflags, rate, |
| 868 | dn); |
| 869 | } |
| 870 | |
| 871 | /* |
| 872 | * Fragment the frame according to the specified mtu. |
| 873 | * The size of the 802.11 header (w/o padding) is provided |
| 874 | * so we don't need to recalculate it. We create a new |
| 875 | * mbuf for each fragment and chain it through m_nextpkt; |
| 876 | * we might be able to optimize this by reusing the original |
| 877 | * packet's mbufs but that is significantly more complicated. |
| 878 | */ |
| 879 | static int |
| 880 | ieee80211_fragment(struct ieee80211com *ic, struct mbuf *m0, |
| 881 | u_int hdrsize, u_int ciphdrsize, u_int mtu) |
| 882 | { |
| 883 | struct ieee80211_frame *wh, *whf; |
| 884 | struct mbuf *m, *prev, *next; |
| 885 | u_int totalhdrsize, fragno, fragsize, off, remainder, payload; |
| 886 | |
| 887 | IASSERT(m0->m_nextpkt == NULL, ("mbuf already chained?" )); |
| 888 | IASSERT(m0->m_pkthdr.len > mtu, |
| 889 | ("pktlen %u mtu %u" , m0->m_pkthdr.len, mtu)); |
| 890 | |
| 891 | wh = mtod(m0, struct ieee80211_frame *); |
| 892 | /* NB: mark the first frag; it will be propagated below */ |
| 893 | wh->i_fc[1] |= IEEE80211_FC1_MORE_FRAG; |
| 894 | totalhdrsize = hdrsize + ciphdrsize; |
| 895 | fragno = 1; |
| 896 | off = mtu - ciphdrsize; |
| 897 | remainder = m0->m_pkthdr.len - off; |
| 898 | prev = m0; |
| 899 | do { |
| 900 | fragsize = totalhdrsize + remainder; |
| 901 | if (fragsize > mtu) |
| 902 | fragsize = mtu; |
| 903 | IASSERT(fragsize < MCLBYTES, |
| 904 | ("fragment size %u too big!" , fragsize)); |
| 905 | if (fragsize > MHLEN) |
| 906 | m = m_getcl(M_DONTWAIT, MT_DATA, M_PKTHDR); |
| 907 | else |
| 908 | m = m_gethdr(M_DONTWAIT, MT_DATA); |
| 909 | if (m == NULL) |
| 910 | goto bad; |
| 911 | /* leave room to prepend any cipher header */ |
| 912 | m_align(m, fragsize - ciphdrsize); |
| 913 | |
| 914 | /* |
| 915 | * Form the header in the fragment. Note that since |
| 916 | * we mark the first fragment with the MORE_FRAG bit |
| 917 | * it automatically is propagated to each fragment; we |
| 918 | * need only clear it on the last fragment (done below). |
| 919 | */ |
| 920 | whf = mtod(m, struct ieee80211_frame *); |
| 921 | memcpy(whf, wh, hdrsize); |
| 922 | *(u_int16_t *)&whf->i_seq[0] |= htole16( |
| 923 | (fragno & IEEE80211_SEQ_FRAG_MASK) << |
| 924 | IEEE80211_SEQ_FRAG_SHIFT); |
| 925 | fragno++; |
| 926 | |
| 927 | payload = fragsize - totalhdrsize; |
| 928 | /* NB: destination is known to be contiguous */ |
| 929 | m_copydata(m0, off, payload, mtod(m, u_int8_t *) + hdrsize); |
| 930 | m->m_len = hdrsize + payload; |
| 931 | m->m_pkthdr.len = hdrsize + payload; |
| 932 | m->m_flags |= M_FRAG; |
| 933 | |
| 934 | /* chain up the fragment */ |
| 935 | prev->m_nextpkt = m; |
| 936 | prev = m; |
| 937 | |
| 938 | /* deduct fragment just formed */ |
| 939 | remainder -= payload; |
| 940 | off += payload; |
| 941 | } while (remainder != 0); |
| 942 | whf->i_fc[1] &= ~IEEE80211_FC1_MORE_FRAG; |
| 943 | |
| 944 | /* strip first mbuf now that everything has been copied */ |
| 945 | m_adj(m0, -(m0->m_pkthdr.len - (mtu - ciphdrsize))); |
| 946 | m0->m_flags |= M_FIRSTFRAG | M_FRAG; |
| 947 | |
| 948 | ic->ic_stats.is_tx_fragframes++; |
| 949 | ic->ic_stats.is_tx_frags += fragno-1; |
| 950 | |
| 951 | return 1; |
| 952 | bad: |
| 953 | /* reclaim fragments but leave original frame for caller to free */ |
| 954 | for (m = m0->m_nextpkt; m != NULL; m = next) { |
| 955 | next = m->m_nextpkt; |
| 956 | m->m_nextpkt = NULL; /* XXX paranoid */ |
| 957 | m_freem(m); |
| 958 | } |
| 959 | m0->m_nextpkt = NULL; |
| 960 | return 0; |
| 961 | } |
| 962 | |
| 963 | /* |
| 964 | * Add a supported rates element id to a frame. |
| 965 | */ |
| 966 | static u_int8_t * |
| 967 | ieee80211_add_rates(u_int8_t *frm, const struct ieee80211_rateset *rs) |
| 968 | { |
| 969 | int nrates; |
| 970 | |
| 971 | *frm++ = IEEE80211_ELEMID_RATES; |
| 972 | nrates = rs->rs_nrates; |
| 973 | if (nrates > IEEE80211_RATE_SIZE) |
| 974 | nrates = IEEE80211_RATE_SIZE; |
| 975 | *frm++ = nrates; |
| 976 | memcpy(frm, rs->rs_rates, nrates); |
| 977 | return frm + nrates; |
| 978 | } |
| 979 | |
| 980 | /* |
| 981 | * Add an extended supported rates element id to a frame. |
| 982 | */ |
| 983 | static u_int8_t * |
| 984 | ieee80211_add_xrates(u_int8_t *frm, const struct ieee80211_rateset *rs) |
| 985 | { |
| 986 | /* |
| 987 | * Add an extended supported rates element if operating in 11g mode. |
| 988 | */ |
| 989 | if (rs->rs_nrates > IEEE80211_RATE_SIZE) { |
| 990 | int nrates = rs->rs_nrates - IEEE80211_RATE_SIZE; |
| 991 | *frm++ = IEEE80211_ELEMID_XRATES; |
| 992 | *frm++ = nrates; |
| 993 | memcpy(frm, rs->rs_rates + IEEE80211_RATE_SIZE, nrates); |
| 994 | frm += nrates; |
| 995 | } |
| 996 | return frm; |
| 997 | } |
| 998 | |
| 999 | /* |
| 1000 | * Add an ssid elemet to a frame. |
| 1001 | */ |
| 1002 | static u_int8_t * |
| 1003 | ieee80211_add_ssid(u_int8_t *frm, const u_int8_t *ssid, u_int len) |
| 1004 | { |
| 1005 | *frm++ = IEEE80211_ELEMID_SSID; |
| 1006 | *frm++ = len; |
| 1007 | memcpy(frm, ssid, len); |
| 1008 | return frm + len; |
| 1009 | } |
| 1010 | |
| 1011 | /* |
| 1012 | * Add an erp element to a frame. |
| 1013 | */ |
| 1014 | static u_int8_t * |
| 1015 | ieee80211_add_erp(u_int8_t *frm, struct ieee80211com *ic) |
| 1016 | { |
| 1017 | u_int8_t erp; |
| 1018 | |
| 1019 | *frm++ = IEEE80211_ELEMID_ERP; |
| 1020 | *frm++ = 1; |
| 1021 | erp = 0; |
| 1022 | if (ic->ic_nonerpsta != 0) |
| 1023 | erp |= IEEE80211_ERP_NON_ERP_PRESENT; |
| 1024 | if (ic->ic_flags & IEEE80211_F_USEPROT) |
| 1025 | erp |= IEEE80211_ERP_USE_PROTECTION; |
| 1026 | if (ic->ic_flags & IEEE80211_F_USEBARKER) |
| 1027 | erp |= IEEE80211_ERP_LONG_PREAMBLE; |
| 1028 | *frm++ = erp; |
| 1029 | return frm; |
| 1030 | } |
| 1031 | |
| 1032 | static u_int8_t * |
| 1033 | ieee80211_setup_wpa_ie(struct ieee80211com *ic, u_int8_t *ie) |
| 1034 | { |
| 1035 | #define WPA_OUI_BYTES 0x00, 0x50, 0xf2 |
| 1036 | #define ADDSHORT(frm, v) do { \ |
| 1037 | frm[0] = (v) & 0xff; \ |
| 1038 | frm[1] = (v) >> 8; \ |
| 1039 | frm += 2; \ |
| 1040 | } while (0) |
| 1041 | #define ADDSELECTOR(frm, sel) do { \ |
| 1042 | memcpy(frm, sel, 4); \ |
| 1043 | frm += 4; \ |
| 1044 | } while (0) |
| 1045 | static const u_int8_t oui[4] = { WPA_OUI_BYTES, WPA_OUI_TYPE }; |
| 1046 | static const u_int8_t cipher_suite[][4] = { |
| 1047 | { WPA_OUI_BYTES, WPA_CSE_WEP40 }, /* NB: 40-bit */ |
| 1048 | { WPA_OUI_BYTES, WPA_CSE_TKIP }, |
| 1049 | { 0x00, 0x00, 0x00, 0x00 }, /* XXX WRAP */ |
| 1050 | { WPA_OUI_BYTES, WPA_CSE_CCMP }, |
| 1051 | { 0x00, 0x00, 0x00, 0x00 }, /* XXX CKIP */ |
| 1052 | { WPA_OUI_BYTES, WPA_CSE_NULL }, |
| 1053 | }; |
| 1054 | static const u_int8_t wep104_suite[4] = |
| 1055 | { WPA_OUI_BYTES, WPA_CSE_WEP104 }; |
| 1056 | static const u_int8_t key_mgt_unspec[4] = |
| 1057 | { WPA_OUI_BYTES, WPA_ASE_8021X_UNSPEC }; |
| 1058 | static const u_int8_t key_mgt_psk[4] = |
| 1059 | { WPA_OUI_BYTES, WPA_ASE_8021X_PSK }; |
| 1060 | const struct ieee80211_rsnparms *rsn = &ic->ic_bss->ni_rsn; |
| 1061 | u_int8_t *frm = ie; |
| 1062 | u_int8_t *selcnt; |
| 1063 | |
| 1064 | *frm++ = IEEE80211_ELEMID_VENDOR; |
| 1065 | *frm++ = 0; /* length filled in below */ |
| 1066 | memcpy(frm, oui, sizeof(oui)); /* WPA OUI */ |
| 1067 | frm += sizeof(oui); |
| 1068 | ADDSHORT(frm, WPA_VERSION); |
| 1069 | |
| 1070 | /* XXX filter out CKIP */ |
| 1071 | |
| 1072 | /* multicast cipher */ |
| 1073 | if (rsn->rsn_mcastcipher == IEEE80211_CIPHER_WEP && |
| 1074 | rsn->rsn_mcastkeylen >= 13) |
| 1075 | ADDSELECTOR(frm, wep104_suite); |
| 1076 | else |
| 1077 | ADDSELECTOR(frm, cipher_suite[rsn->rsn_mcastcipher]); |
| 1078 | |
| 1079 | /* unicast cipher list */ |
| 1080 | selcnt = frm; |
| 1081 | ADDSHORT(frm, 0); /* selector count */ |
| 1082 | if (rsn->rsn_ucastcipherset & (1<<IEEE80211_CIPHER_AES_CCM)) { |
| 1083 | selcnt[0]++; |
| 1084 | ADDSELECTOR(frm, cipher_suite[IEEE80211_CIPHER_AES_CCM]); |
| 1085 | } |
| 1086 | if (rsn->rsn_ucastcipherset & (1<<IEEE80211_CIPHER_TKIP)) { |
| 1087 | selcnt[0]++; |
| 1088 | ADDSELECTOR(frm, cipher_suite[IEEE80211_CIPHER_TKIP]); |
| 1089 | } |
| 1090 | |
| 1091 | /* authenticator selector list */ |
| 1092 | selcnt = frm; |
| 1093 | ADDSHORT(frm, 0); /* selector count */ |
| 1094 | if (rsn->rsn_keymgmtset & WPA_ASE_8021X_UNSPEC) { |
| 1095 | selcnt[0]++; |
| 1096 | ADDSELECTOR(frm, key_mgt_unspec); |
| 1097 | } |
| 1098 | if (rsn->rsn_keymgmtset & WPA_ASE_8021X_PSK) { |
| 1099 | selcnt[0]++; |
| 1100 | ADDSELECTOR(frm, key_mgt_psk); |
| 1101 | } |
| 1102 | |
| 1103 | /* optional capabilities */ |
| 1104 | if (rsn->rsn_caps != 0 && rsn->rsn_caps != RSN_CAP_PREAUTH) |
| 1105 | ADDSHORT(frm, rsn->rsn_caps); |
| 1106 | |
| 1107 | /* calculate element length */ |
| 1108 | ie[1] = frm - ie - 2; |
| 1109 | IASSERT(ie[1]+2 <= sizeof(struct ieee80211_ie_wpa), |
| 1110 | ("WPA IE too big, %u > %zu" , |
| 1111 | ie[1]+2, sizeof(struct ieee80211_ie_wpa))); |
| 1112 | return frm; |
| 1113 | #undef ADDSHORT |
| 1114 | #undef ADDSELECTOR |
| 1115 | #undef WPA_OUI_BYTES |
| 1116 | } |
| 1117 | |
| 1118 | static u_int8_t * |
| 1119 | ieee80211_setup_rsn_ie(struct ieee80211com *ic, u_int8_t *ie) |
| 1120 | { |
| 1121 | #define RSN_OUI_BYTES 0x00, 0x0f, 0xac |
| 1122 | #define ADDSHORT(frm, v) do { \ |
| 1123 | frm[0] = (v) & 0xff; \ |
| 1124 | frm[1] = (v) >> 8; \ |
| 1125 | frm += 2; \ |
| 1126 | } while (0) |
| 1127 | #define ADDSELECTOR(frm, sel) do { \ |
| 1128 | memcpy(frm, sel, 4); \ |
| 1129 | frm += 4; \ |
| 1130 | } while (0) |
| 1131 | static const u_int8_t cipher_suite[][4] = { |
| 1132 | { RSN_OUI_BYTES, RSN_CSE_WEP40 }, /* NB: 40-bit */ |
| 1133 | { RSN_OUI_BYTES, RSN_CSE_TKIP }, |
| 1134 | { RSN_OUI_BYTES, RSN_CSE_WRAP }, |
| 1135 | { RSN_OUI_BYTES, RSN_CSE_CCMP }, |
| 1136 | { 0x00, 0x00, 0x00, 0x00 }, /* XXX CKIP */ |
| 1137 | { RSN_OUI_BYTES, RSN_CSE_NULL }, |
| 1138 | }; |
| 1139 | static const u_int8_t wep104_suite[4] = |
| 1140 | { RSN_OUI_BYTES, RSN_CSE_WEP104 }; |
| 1141 | static const u_int8_t key_mgt_unspec[4] = |
| 1142 | { RSN_OUI_BYTES, RSN_ASE_8021X_UNSPEC }; |
| 1143 | static const u_int8_t key_mgt_psk[4] = |
| 1144 | { RSN_OUI_BYTES, RSN_ASE_8021X_PSK }; |
| 1145 | const struct ieee80211_rsnparms *rsn = &ic->ic_bss->ni_rsn; |
| 1146 | u_int8_t *frm = ie; |
| 1147 | u_int8_t *selcnt; |
| 1148 | |
| 1149 | *frm++ = IEEE80211_ELEMID_RSN; |
| 1150 | *frm++ = 0; /* length filled in below */ |
| 1151 | ADDSHORT(frm, RSN_VERSION); |
| 1152 | |
| 1153 | /* XXX filter out CKIP */ |
| 1154 | |
| 1155 | /* multicast cipher */ |
| 1156 | if (rsn->rsn_mcastcipher == IEEE80211_CIPHER_WEP && |
| 1157 | rsn->rsn_mcastkeylen >= 13) |
| 1158 | ADDSELECTOR(frm, wep104_suite); |
| 1159 | else |
| 1160 | ADDSELECTOR(frm, cipher_suite[rsn->rsn_mcastcipher]); |
| 1161 | |
| 1162 | /* unicast cipher list */ |
| 1163 | selcnt = frm; |
| 1164 | ADDSHORT(frm, 0); /* selector count */ |
| 1165 | if (rsn->rsn_ucastcipherset & (1<<IEEE80211_CIPHER_AES_CCM)) { |
| 1166 | selcnt[0]++; |
| 1167 | ADDSELECTOR(frm, cipher_suite[IEEE80211_CIPHER_AES_CCM]); |
| 1168 | } |
| 1169 | if (rsn->rsn_ucastcipherset & (1<<IEEE80211_CIPHER_TKIP)) { |
| 1170 | selcnt[0]++; |
| 1171 | ADDSELECTOR(frm, cipher_suite[IEEE80211_CIPHER_TKIP]); |
| 1172 | } |
| 1173 | |
| 1174 | /* authenticator selector list */ |
| 1175 | selcnt = frm; |
| 1176 | ADDSHORT(frm, 0); /* selector count */ |
| 1177 | if (rsn->rsn_keymgmtset & WPA_ASE_8021X_UNSPEC) { |
| 1178 | selcnt[0]++; |
| 1179 | ADDSELECTOR(frm, key_mgt_unspec); |
| 1180 | } |
| 1181 | if (rsn->rsn_keymgmtset & WPA_ASE_8021X_PSK) { |
| 1182 | selcnt[0]++; |
| 1183 | ADDSELECTOR(frm, key_mgt_psk); |
| 1184 | } |
| 1185 | |
| 1186 | /* optional capabilities */ |
| 1187 | ADDSHORT(frm, rsn->rsn_caps); |
| 1188 | /* XXX PMKID */ |
| 1189 | |
| 1190 | /* calculate element length */ |
| 1191 | ie[1] = frm - ie - 2; |
| 1192 | IASSERT(ie[1]+2 <= sizeof(struct ieee80211_ie_wpa), |
| 1193 | ("RSN IE too big, %u > %zu" , |
| 1194 | ie[1]+2, sizeof(struct ieee80211_ie_wpa))); |
| 1195 | return frm; |
| 1196 | #undef ADDSELECTOR |
| 1197 | #undef ADDSHORT |
| 1198 | #undef RSN_OUI_BYTES |
| 1199 | } |
| 1200 | |
| 1201 | /* |
| 1202 | * Add a WPA/RSN element to a frame. |
| 1203 | */ |
| 1204 | static u_int8_t * |
| 1205 | ieee80211_add_wpa(u_int8_t *frm, struct ieee80211com *ic) |
| 1206 | { |
| 1207 | |
| 1208 | IASSERT(ic->ic_flags & IEEE80211_F_WPA, ("no WPA/RSN!" )); |
| 1209 | if (ic->ic_flags & IEEE80211_F_WPA2) |
| 1210 | frm = ieee80211_setup_rsn_ie(ic, frm); |
| 1211 | if (ic->ic_flags & IEEE80211_F_WPA1) |
| 1212 | frm = ieee80211_setup_wpa_ie(ic, frm); |
| 1213 | return frm; |
| 1214 | } |
| 1215 | |
| 1216 | #define WME_OUI_BYTES 0x00, 0x50, 0xf2 |
| 1217 | /* |
| 1218 | * Add a WME information element to a frame. |
| 1219 | */ |
| 1220 | static u_int8_t * |
| 1221 | ieee80211_add_wme_info(u_int8_t *frm, struct ieee80211_wme_state *wme) |
| 1222 | { |
| 1223 | static const struct ieee80211_wme_info info = { |
| 1224 | .wme_id = IEEE80211_ELEMID_VENDOR, |
| 1225 | .wme_len = sizeof(struct ieee80211_wme_info) - 2, |
| 1226 | .wme_oui = { WME_OUI_BYTES }, |
| 1227 | .wme_type = WME_OUI_TYPE, |
| 1228 | .wme_subtype = WME_INFO_OUI_SUBTYPE, |
| 1229 | .wme_version = WME_VERSION, |
| 1230 | .wme_info = 0, |
| 1231 | }; |
| 1232 | memcpy(frm, &info, sizeof(info)); |
| 1233 | return frm + sizeof(info); |
| 1234 | } |
| 1235 | |
| 1236 | /* |
| 1237 | * Add a WME parameters element to a frame. |
| 1238 | */ |
| 1239 | static u_int8_t * |
| 1240 | ieee80211_add_wme_param(u_int8_t *frm, struct ieee80211_wme_state *wme) |
| 1241 | { |
| 1242 | #define SM(_v, _f) (((_v) << _f##_S) & _f) |
| 1243 | #define ADDSHORT(frm, v) do { \ |
| 1244 | frm[0] = (v) & 0xff; \ |
| 1245 | frm[1] = (v) >> 8; \ |
| 1246 | frm += 2; \ |
| 1247 | } while (0) |
| 1248 | /* NB: this works 'cuz a param has an info at the front */ |
| 1249 | static const struct ieee80211_wme_info param = { |
| 1250 | .wme_id = IEEE80211_ELEMID_VENDOR, |
| 1251 | .wme_len = sizeof(struct ieee80211_wme_param) - 2, |
| 1252 | .wme_oui = { WME_OUI_BYTES }, |
| 1253 | .wme_type = WME_OUI_TYPE, |
| 1254 | .wme_subtype = WME_PARAM_OUI_SUBTYPE, |
| 1255 | .wme_version = WME_VERSION, |
| 1256 | }; |
| 1257 | int i; |
| 1258 | |
| 1259 | memcpy(frm, ¶m, sizeof(param)); |
| 1260 | frm += offsetof(struct ieee80211_wme_info, wme_info); |
| 1261 | *frm++ = wme->wme_bssChanParams.cap_info; /* AC info */ |
| 1262 | *frm++ = 0; /* reserved field */ |
| 1263 | for (i = 0; i < WME_NUM_AC; i++) { |
| 1264 | const struct wmeParams *ac = |
| 1265 | &wme->wme_bssChanParams.cap_wmeParams[i]; |
| 1266 | *frm++ = SM(i, WME_PARAM_ACI) |
| 1267 | | SM(ac->wmep_acm, WME_PARAM_ACM) |
| 1268 | | SM(ac->wmep_aifsn, WME_PARAM_AIFSN) |
| 1269 | ; |
| 1270 | *frm++ = SM(ac->wmep_logcwmax, WME_PARAM_LOGCWMAX) |
| 1271 | | SM(ac->wmep_logcwmin, WME_PARAM_LOGCWMIN) |
| 1272 | ; |
| 1273 | ADDSHORT(frm, ac->wmep_txopLimit); |
| 1274 | } |
| 1275 | return frm; |
| 1276 | #undef SM |
| 1277 | #undef ADDSHORT |
| 1278 | } |
| 1279 | #undef WME_OUI_BYTES |
| 1280 | |
| 1281 | /* |
| 1282 | * Send a probe request frame with the specified ssid |
| 1283 | * and any optional information element data. |
| 1284 | */ |
| 1285 | int |
| 1286 | ieee80211_send_probereq(struct ieee80211_node *ni, |
| 1287 | const u_int8_t sa[IEEE80211_ADDR_LEN], |
| 1288 | const u_int8_t da[IEEE80211_ADDR_LEN], |
| 1289 | const u_int8_t bssid[IEEE80211_ADDR_LEN], |
| 1290 | const u_int8_t *ssid, size_t ssidlen, |
| 1291 | const void *optie, size_t optielen) |
| 1292 | { |
| 1293 | struct ieee80211com *ic = ni->ni_ic; |
| 1294 | enum ieee80211_phymode mode; |
| 1295 | struct ieee80211_frame *wh; |
| 1296 | struct mbuf *m; |
| 1297 | u_int8_t *frm; |
| 1298 | |
| 1299 | /* |
| 1300 | * Hold a reference on the node so it doesn't go away until after |
| 1301 | * the xmit is complete all the way in the driver. On error we |
| 1302 | * will remove our reference. |
| 1303 | */ |
| 1304 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, |
| 1305 | "ieee80211_ref_node (%s:%u) %p<%s> refcnt %d\n" , |
| 1306 | __func__, __LINE__, |
| 1307 | ni, ether_sprintf(ni->ni_macaddr), |
| 1308 | ieee80211_node_refcnt(ni)+1); |
| 1309 | ieee80211_ref_node(ni); |
| 1310 | |
| 1311 | /* |
| 1312 | * prreq frame format |
| 1313 | * [tlv] ssid |
| 1314 | * [tlv] supported rates |
| 1315 | * [tlv] extended supported rates |
| 1316 | * [tlv] user-specified ie's |
| 1317 | */ |
| 1318 | m = ieee80211_getmgtframe(&frm, |
| 1319 | 2 + IEEE80211_NWID_LEN |
| 1320 | + 2 + IEEE80211_RATE_SIZE |
| 1321 | + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE) |
| 1322 | + (optie != NULL ? optielen : 0) |
| 1323 | ); |
| 1324 | if (m == NULL) { |
| 1325 | ic->ic_stats.is_tx_nobuf++; |
| 1326 | ieee80211_free_node(ni); |
| 1327 | return ENOMEM; |
| 1328 | } |
| 1329 | |
| 1330 | frm = ieee80211_add_ssid(frm, ssid, ssidlen); |
| 1331 | mode = ieee80211_chan2mode(ic, ic->ic_curchan); |
| 1332 | frm = ieee80211_add_rates(frm, &ic->ic_sup_rates[mode]); |
| 1333 | frm = ieee80211_add_xrates(frm, &ic->ic_sup_rates[mode]); |
| 1334 | |
| 1335 | if (optie != NULL) { |
| 1336 | memcpy(frm, optie, optielen); |
| 1337 | frm += optielen; |
| 1338 | } |
| 1339 | m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); |
| 1340 | |
| 1341 | M_PREPEND(m, sizeof(struct ieee80211_frame), M_DONTWAIT); |
| 1342 | if (m == NULL) |
| 1343 | return ENOMEM; |
| 1344 | M_SETCTX(m, ni); |
| 1345 | |
| 1346 | wh = mtod(m, struct ieee80211_frame *); |
| 1347 | ieee80211_send_setup(ic, ni, wh, |
| 1348 | IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_REQ, |
| 1349 | sa, da, bssid); |
| 1350 | /* XXX power management? */ |
| 1351 | |
| 1352 | IEEE80211_NODE_STAT(ni, tx_probereq); |
| 1353 | IEEE80211_NODE_STAT(ni, tx_mgmt); |
| 1354 | |
| 1355 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_DEBUG | IEEE80211_MSG_DUMPPKTS, |
| 1356 | "[%s] send probe req on channel %u\n" , |
| 1357 | ether_sprintf(wh->i_addr1), |
| 1358 | ieee80211_chan2ieee(ic, ic->ic_curchan)); |
| 1359 | |
| 1360 | IF_ENQUEUE(&ic->ic_mgtq, m); |
| 1361 | if_start_lock(ic->ic_ifp); |
| 1362 | return 0; |
| 1363 | } |
| 1364 | |
| 1365 | /* |
| 1366 | * Send a management frame. The node is for the destination (or ic_bss |
| 1367 | * when in station mode). Nodes other than ic_bss have their reference |
| 1368 | * count bumped to reflect our use for an indeterminant time. |
| 1369 | */ |
| 1370 | int |
| 1371 | ieee80211_send_mgmt(struct ieee80211com *ic, struct ieee80211_node *ni, |
| 1372 | int type, int arg) |
| 1373 | { |
| 1374 | #define senderr(_x, _v) do { ic->ic_stats._v++; ret = _x; goto bad; } while (0) |
| 1375 | struct mbuf *m; |
| 1376 | u_int8_t *frm; |
| 1377 | u_int16_t capinfo; |
| 1378 | int has_challenge, is_shared_key, ret, timer, status; |
| 1379 | |
| 1380 | IASSERT(ni != NULL, ("null node" )); |
| 1381 | |
| 1382 | /* |
| 1383 | * Hold a reference on the node so it doesn't go away until after |
| 1384 | * the xmit is complete all the way in the driver. On error we |
| 1385 | * will remove our reference. |
| 1386 | */ |
| 1387 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, |
| 1388 | "ieee80211_ref_node (%s:%u) %p<%s> refcnt %d\n" , |
| 1389 | __func__, __LINE__, |
| 1390 | ni, ether_sprintf(ni->ni_macaddr), |
| 1391 | ieee80211_node_refcnt(ni)+1); |
| 1392 | ieee80211_ref_node(ni); |
| 1393 | |
| 1394 | timer = 0; |
| 1395 | switch (type) { |
| 1396 | case IEEE80211_FC0_SUBTYPE_PROBE_RESP: |
| 1397 | /* |
| 1398 | * probe response frame format |
| 1399 | * [8] time stamp |
| 1400 | * [2] beacon interval |
| 1401 | * [2] cabability information |
| 1402 | * [tlv] ssid |
| 1403 | * [tlv] supported rates |
| 1404 | * [tlv] parameter set (FH/DS) |
| 1405 | * [tlv] parameter set (IBSS) |
| 1406 | * [tlv] extended rate phy (ERP) |
| 1407 | * [tlv] extended supported rates |
| 1408 | * [tlv] WPA |
| 1409 | * [tlv] WME (optional) |
| 1410 | */ |
| 1411 | m = ieee80211_getmgtframe(&frm, |
| 1412 | 8 |
| 1413 | + sizeof(u_int16_t) |
| 1414 | + sizeof(u_int16_t) |
| 1415 | + 2 + IEEE80211_NWID_LEN |
| 1416 | + 2 + IEEE80211_RATE_SIZE |
| 1417 | + 7 /* max(7,3) */ |
| 1418 | + 6 |
| 1419 | + 3 |
| 1420 | + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE) |
| 1421 | /* XXX !WPA1+WPA2 fits w/o a cluster */ |
| 1422 | + (ic->ic_flags & IEEE80211_F_WPA ? |
| 1423 | 2*sizeof(struct ieee80211_ie_wpa) : 0) |
| 1424 | + sizeof(struct ieee80211_wme_param) |
| 1425 | ); |
| 1426 | if (m == NULL) |
| 1427 | senderr(ENOMEM, is_tx_nobuf); |
| 1428 | |
| 1429 | memset(frm, 0, 8); /* timestamp should be filled later */ |
| 1430 | frm += 8; |
| 1431 | *(u_int16_t *)frm = htole16(ic->ic_bss->ni_intval); |
| 1432 | frm += 2; |
| 1433 | if (ic->ic_opmode == IEEE80211_M_IBSS) |
| 1434 | capinfo = IEEE80211_CAPINFO_IBSS; |
| 1435 | else |
| 1436 | capinfo = IEEE80211_CAPINFO_ESS; |
| 1437 | if (ic->ic_flags & IEEE80211_F_PRIVACY) |
| 1438 | capinfo |= IEEE80211_CAPINFO_PRIVACY; |
| 1439 | if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) && |
| 1440 | IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan)) |
| 1441 | capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE; |
| 1442 | if (ic->ic_flags & IEEE80211_F_SHSLOT) |
| 1443 | capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME; |
| 1444 | *(u_int16_t *)frm = htole16(capinfo); |
| 1445 | frm += 2; |
| 1446 | |
| 1447 | frm = ieee80211_add_ssid(frm, ic->ic_bss->ni_essid, |
| 1448 | ic->ic_bss->ni_esslen); |
| 1449 | frm = ieee80211_add_rates(frm, &ni->ni_rates); |
| 1450 | |
| 1451 | if (ic->ic_phytype == IEEE80211_T_FH) { |
| 1452 | *frm++ = IEEE80211_ELEMID_FHPARMS; |
| 1453 | *frm++ = 5; |
| 1454 | *frm++ = ni->ni_fhdwell & 0x00ff; |
| 1455 | *frm++ = (ni->ni_fhdwell >> 8) & 0x00ff; |
| 1456 | *frm++ = IEEE80211_FH_CHANSET( |
| 1457 | ieee80211_chan2ieee(ic, ic->ic_curchan)); |
| 1458 | *frm++ = IEEE80211_FH_CHANPAT( |
| 1459 | ieee80211_chan2ieee(ic, ic->ic_curchan)); |
| 1460 | *frm++ = ni->ni_fhindex; |
| 1461 | } else { |
| 1462 | *frm++ = IEEE80211_ELEMID_DSPARMS; |
| 1463 | *frm++ = 1; |
| 1464 | *frm++ = ieee80211_chan2ieee(ic, ic->ic_curchan); |
| 1465 | } |
| 1466 | |
| 1467 | if (ic->ic_opmode == IEEE80211_M_IBSS) { |
| 1468 | *frm++ = IEEE80211_ELEMID_IBSSPARMS; |
| 1469 | *frm++ = 2; |
| 1470 | *frm++ = 0; *frm++ = 0; /* TODO: ATIM window */ |
| 1471 | } |
| 1472 | if (ic->ic_flags & IEEE80211_F_WPA) |
| 1473 | frm = ieee80211_add_wpa(frm, ic); |
| 1474 | if (ic->ic_curmode == IEEE80211_MODE_11G) |
| 1475 | frm = ieee80211_add_erp(frm, ic); |
| 1476 | frm = ieee80211_add_xrates(frm, &ni->ni_rates); |
| 1477 | if (ic->ic_flags & IEEE80211_F_WME) |
| 1478 | frm = ieee80211_add_wme_param(frm, &ic->ic_wme); |
| 1479 | m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); |
| 1480 | break; |
| 1481 | |
| 1482 | case IEEE80211_FC0_SUBTYPE_AUTH: |
| 1483 | status = arg >> 16; |
| 1484 | arg &= 0xffff; |
| 1485 | has_challenge = ((arg == IEEE80211_AUTH_SHARED_CHALLENGE || |
| 1486 | arg == IEEE80211_AUTH_SHARED_RESPONSE) && |
| 1487 | ni->ni_challenge != NULL); |
| 1488 | |
| 1489 | /* |
| 1490 | * Deduce whether we're doing open authentication or |
| 1491 | * shared key authentication. We do the latter if |
| 1492 | * we're in the middle of a shared key authentication |
| 1493 | * handshake or if we're initiating an authentication |
| 1494 | * request and configured to use shared key. |
| 1495 | */ |
| 1496 | is_shared_key = has_challenge || |
| 1497 | arg >= IEEE80211_AUTH_SHARED_RESPONSE || |
| 1498 | (arg == IEEE80211_AUTH_SHARED_REQUEST && |
| 1499 | ic->ic_bss->ni_authmode == IEEE80211_AUTH_SHARED); |
| 1500 | |
| 1501 | m = ieee80211_getmgtframe(&frm, |
| 1502 | 3 * sizeof(u_int16_t) |
| 1503 | + (has_challenge && status == IEEE80211_STATUS_SUCCESS ? |
| 1504 | sizeof(u_int16_t)+IEEE80211_CHALLENGE_LEN : 0) |
| 1505 | ); |
| 1506 | if (m == NULL) |
| 1507 | senderr(ENOMEM, is_tx_nobuf); |
| 1508 | |
| 1509 | ((u_int16_t *)frm)[0] = |
| 1510 | (is_shared_key) ? htole16(IEEE80211_AUTH_ALG_SHARED) |
| 1511 | : htole16(IEEE80211_AUTH_ALG_OPEN); |
| 1512 | ((u_int16_t *)frm)[1] = htole16(arg); /* sequence number */ |
| 1513 | ((u_int16_t *)frm)[2] = htole16(status);/* status */ |
| 1514 | |
| 1515 | if (has_challenge && status == IEEE80211_STATUS_SUCCESS) { |
| 1516 | ((u_int16_t *)frm)[3] = |
| 1517 | htole16((IEEE80211_CHALLENGE_LEN << 8) | |
| 1518 | IEEE80211_ELEMID_CHALLENGE); |
| 1519 | memcpy(&((u_int16_t *)frm)[4], ni->ni_challenge, |
| 1520 | IEEE80211_CHALLENGE_LEN); |
| 1521 | m->m_pkthdr.len = m->m_len = |
| 1522 | 4 * sizeof(u_int16_t) + IEEE80211_CHALLENGE_LEN; |
| 1523 | if (arg == IEEE80211_AUTH_SHARED_RESPONSE) { |
| 1524 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_AUTH, |
| 1525 | "[%s] request encrypt frame (%s)\n" , |
| 1526 | ether_sprintf(ni->ni_macaddr), __func__); |
| 1527 | m->m_flags |= M_LINK0; /* WEP-encrypt, please */ |
| 1528 | } |
| 1529 | } else |
| 1530 | m->m_pkthdr.len = m->m_len = 3 * sizeof(u_int16_t); |
| 1531 | |
| 1532 | /* XXX not right for shared key */ |
| 1533 | if (status == IEEE80211_STATUS_SUCCESS) |
| 1534 | IEEE80211_NODE_STAT(ni, tx_auth); |
| 1535 | else |
| 1536 | IEEE80211_NODE_STAT(ni, tx_auth_fail); |
| 1537 | |
| 1538 | if (ic->ic_opmode == IEEE80211_M_STA) |
| 1539 | timer = IEEE80211_TRANS_WAIT; |
| 1540 | break; |
| 1541 | |
| 1542 | case IEEE80211_FC0_SUBTYPE_DEAUTH: |
| 1543 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_AUTH, |
| 1544 | "[%s] send station deauthenticate (reason %d)\n" , |
| 1545 | ether_sprintf(ni->ni_macaddr), arg); |
| 1546 | m = ieee80211_getmgtframe(&frm, sizeof(u_int16_t)); |
| 1547 | if (m == NULL) |
| 1548 | senderr(ENOMEM, is_tx_nobuf); |
| 1549 | *(u_int16_t *)frm = htole16(arg); /* reason */ |
| 1550 | m->m_pkthdr.len = m->m_len = sizeof(u_int16_t); |
| 1551 | |
| 1552 | IEEE80211_NODE_STAT(ni, tx_deauth); |
| 1553 | IEEE80211_NODE_STAT_SET(ni, tx_deauth_code, arg); |
| 1554 | |
| 1555 | ieee80211_node_unauthorize(ni); /* port closed */ |
| 1556 | break; |
| 1557 | |
| 1558 | case IEEE80211_FC0_SUBTYPE_ASSOC_REQ: |
| 1559 | case IEEE80211_FC0_SUBTYPE_REASSOC_REQ: |
| 1560 | /* |
| 1561 | * asreq frame format |
| 1562 | * [2] capability information |
| 1563 | * [2] listen interval |
| 1564 | * [6*] current AP address (reassoc only) |
| 1565 | * [tlv] ssid |
| 1566 | * [tlv] supported rates |
| 1567 | * [tlv] extended supported rates |
| 1568 | * [tlv] WME |
| 1569 | * [tlv] user-specified ie's |
| 1570 | */ |
| 1571 | m = ieee80211_getmgtframe(&frm, |
| 1572 | sizeof(u_int16_t) |
| 1573 | + sizeof(u_int16_t) |
| 1574 | + IEEE80211_ADDR_LEN |
| 1575 | + 2 + IEEE80211_NWID_LEN |
| 1576 | + 2 + IEEE80211_RATE_SIZE |
| 1577 | + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE) |
| 1578 | + sizeof(struct ieee80211_wme_info) |
| 1579 | + (ic->ic_opt_ie != NULL ? ic->ic_opt_ie_len : 0) |
| 1580 | ); |
| 1581 | if (m == NULL) |
| 1582 | senderr(ENOMEM, is_tx_nobuf); |
| 1583 | |
| 1584 | capinfo = 0; |
| 1585 | if (ic->ic_opmode == IEEE80211_M_IBSS) |
| 1586 | capinfo |= IEEE80211_CAPINFO_IBSS; |
| 1587 | else /* IEEE80211_M_STA */ |
| 1588 | capinfo |= IEEE80211_CAPINFO_ESS; |
| 1589 | if (ic->ic_flags & IEEE80211_F_PRIVACY) |
| 1590 | capinfo |= IEEE80211_CAPINFO_PRIVACY; |
| 1591 | /* |
| 1592 | * NB: Some 11a AP's reject the request when |
| 1593 | * short premable is set. |
| 1594 | */ |
| 1595 | if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) && |
| 1596 | IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan)) |
| 1597 | capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE; |
| 1598 | if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME) && |
| 1599 | (ic->ic_caps & IEEE80211_C_SHSLOT)) |
| 1600 | capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME; |
| 1601 | *(u_int16_t *)frm = htole16(capinfo); |
| 1602 | frm += 2; |
| 1603 | |
| 1604 | *(u_int16_t *)frm = htole16(ic->ic_lintval); |
| 1605 | frm += 2; |
| 1606 | |
| 1607 | if (type == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) { |
| 1608 | IEEE80211_ADDR_COPY(frm, ic->ic_bss->ni_bssid); |
| 1609 | frm += IEEE80211_ADDR_LEN; |
| 1610 | } |
| 1611 | |
| 1612 | frm = ieee80211_add_ssid(frm, ni->ni_essid, ni->ni_esslen); |
| 1613 | frm = ieee80211_add_rates(frm, &ni->ni_rates); |
| 1614 | frm = ieee80211_add_xrates(frm, &ni->ni_rates); |
| 1615 | if ((ic->ic_flags & IEEE80211_F_WME) && ni->ni_wme_ie != NULL) |
| 1616 | frm = ieee80211_add_wme_info(frm, &ic->ic_wme); |
| 1617 | if (ic->ic_opt_ie != NULL) { |
| 1618 | memcpy(frm, ic->ic_opt_ie, ic->ic_opt_ie_len); |
| 1619 | frm += ic->ic_opt_ie_len; |
| 1620 | } |
| 1621 | m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); |
| 1622 | |
| 1623 | timer = IEEE80211_TRANS_WAIT; |
| 1624 | break; |
| 1625 | |
| 1626 | case IEEE80211_FC0_SUBTYPE_ASSOC_RESP: |
| 1627 | case IEEE80211_FC0_SUBTYPE_REASSOC_RESP: |
| 1628 | /* |
| 1629 | * asreq frame format |
| 1630 | * [2] capability information |
| 1631 | * [2] status |
| 1632 | * [2] association ID |
| 1633 | * [tlv] supported rates |
| 1634 | * [tlv] extended supported rates |
| 1635 | * [tlv] WME (if enabled and STA enabled) |
| 1636 | */ |
| 1637 | m = ieee80211_getmgtframe(&frm, |
| 1638 | sizeof(u_int16_t) |
| 1639 | + sizeof(u_int16_t) |
| 1640 | + sizeof(u_int16_t) |
| 1641 | + 2 + IEEE80211_RATE_SIZE |
| 1642 | + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE) |
| 1643 | + sizeof(struct ieee80211_wme_param) |
| 1644 | ); |
| 1645 | if (m == NULL) |
| 1646 | senderr(ENOMEM, is_tx_nobuf); |
| 1647 | |
| 1648 | capinfo = IEEE80211_CAPINFO_ESS; |
| 1649 | if (ic->ic_flags & IEEE80211_F_PRIVACY) |
| 1650 | capinfo |= IEEE80211_CAPINFO_PRIVACY; |
| 1651 | if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) && |
| 1652 | IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan)) |
| 1653 | capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE; |
| 1654 | if (ic->ic_flags & IEEE80211_F_SHSLOT) |
| 1655 | capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME; |
| 1656 | *(u_int16_t *)frm = htole16(capinfo); |
| 1657 | frm += 2; |
| 1658 | |
| 1659 | *(u_int16_t *)frm = htole16(arg); /* status */ |
| 1660 | frm += 2; |
| 1661 | |
| 1662 | if (arg == IEEE80211_STATUS_SUCCESS) { |
| 1663 | *(u_int16_t *)frm = htole16(ni->ni_associd); |
| 1664 | IEEE80211_NODE_STAT(ni, tx_assoc); |
| 1665 | } else |
| 1666 | IEEE80211_NODE_STAT(ni, tx_assoc_fail); |
| 1667 | frm += 2; |
| 1668 | |
| 1669 | frm = ieee80211_add_rates(frm, &ni->ni_rates); |
| 1670 | frm = ieee80211_add_xrates(frm, &ni->ni_rates); |
| 1671 | if ((ic->ic_flags & IEEE80211_F_WME) && ni->ni_wme_ie != NULL) |
| 1672 | frm = ieee80211_add_wme_param(frm, &ic->ic_wme); |
| 1673 | m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); |
| 1674 | break; |
| 1675 | |
| 1676 | case IEEE80211_FC0_SUBTYPE_DISASSOC: |
| 1677 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, |
| 1678 | "[%s] send station disassociate (reason %d)\n" , |
| 1679 | ether_sprintf(ni->ni_macaddr), arg); |
| 1680 | m = ieee80211_getmgtframe(&frm, sizeof(u_int16_t)); |
| 1681 | if (m == NULL) |
| 1682 | senderr(ENOMEM, is_tx_nobuf); |
| 1683 | *(u_int16_t *)frm = htole16(arg); /* reason */ |
| 1684 | m->m_pkthdr.len = m->m_len = sizeof(u_int16_t); |
| 1685 | |
| 1686 | IEEE80211_NODE_STAT(ni, tx_disassoc); |
| 1687 | IEEE80211_NODE_STAT_SET(ni, tx_disassoc_code, arg); |
| 1688 | break; |
| 1689 | |
| 1690 | default: |
| 1691 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_ANY, |
| 1692 | "[%s] invalid mgmt frame type %u\n" , |
| 1693 | ether_sprintf(ni->ni_macaddr), type); |
| 1694 | senderr(EINVAL, is_tx_unknownmgt); |
| 1695 | /* NOTREACHED */ |
| 1696 | } |
| 1697 | ret = ieee80211_mgmt_output(ic, ni, m, type, timer); |
| 1698 | if (ret != 0) { |
| 1699 | bad: |
| 1700 | ieee80211_free_node(ni); |
| 1701 | } |
| 1702 | return ret; |
| 1703 | #undef senderr |
| 1704 | } |
| 1705 | |
| 1706 | /* |
| 1707 | * Build a RTS (Request To Send) control frame. |
| 1708 | */ |
| 1709 | struct mbuf * |
| 1710 | ieee80211_get_rts(struct ieee80211com *ic, const struct ieee80211_frame *wh, |
| 1711 | uint16_t dur) |
| 1712 | { |
| 1713 | struct ieee80211_frame_rts *rts; |
| 1714 | struct mbuf *m; |
| 1715 | |
| 1716 | MGETHDR(m, M_DONTWAIT, MT_DATA); |
| 1717 | if (m == NULL) |
| 1718 | return NULL; |
| 1719 | |
| 1720 | m->m_pkthdr.len = m->m_len = sizeof(struct ieee80211_frame_rts); |
| 1721 | |
| 1722 | rts = mtod(m, struct ieee80211_frame_rts *); |
| 1723 | rts->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_CTL | |
| 1724 | IEEE80211_FC0_SUBTYPE_RTS; |
| 1725 | rts->i_fc[1] = IEEE80211_FC1_DIR_NODS; |
| 1726 | *(uint16_t *)rts->i_dur = htole16(dur); |
| 1727 | IEEE80211_ADDR_COPY(rts->i_ra, wh->i_addr1); |
| 1728 | IEEE80211_ADDR_COPY(rts->i_ta, wh->i_addr2); |
| 1729 | |
| 1730 | return m; |
| 1731 | } |
| 1732 | |
| 1733 | /* |
| 1734 | * Build a CTS-to-self (Clear To Send) control frame. |
| 1735 | */ |
| 1736 | struct mbuf * |
| 1737 | ieee80211_get_cts_to_self(struct ieee80211com *ic, uint16_t dur) |
| 1738 | { |
| 1739 | struct ieee80211_frame_cts *cts; |
| 1740 | struct mbuf *m; |
| 1741 | |
| 1742 | MGETHDR(m, M_DONTWAIT, MT_DATA); |
| 1743 | if (m == NULL) |
| 1744 | return NULL; |
| 1745 | |
| 1746 | m->m_pkthdr.len = m->m_len = sizeof(struct ieee80211_frame_cts); |
| 1747 | |
| 1748 | cts = mtod(m, struct ieee80211_frame_cts *); |
| 1749 | cts->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_CTL | |
| 1750 | IEEE80211_FC0_SUBTYPE_CTS; |
| 1751 | cts->i_fc[1] = IEEE80211_FC1_DIR_NODS; |
| 1752 | *(uint16_t *)cts->i_dur = htole16(dur); |
| 1753 | IEEE80211_ADDR_COPY(cts->i_ra, ic->ic_myaddr); |
| 1754 | |
| 1755 | return m; |
| 1756 | } |
| 1757 | |
| 1758 | /* |
| 1759 | * Allocate a beacon frame and fillin the appropriate bits. |
| 1760 | */ |
| 1761 | struct mbuf * |
| 1762 | ieee80211_beacon_alloc(struct ieee80211com *ic, struct ieee80211_node *ni, |
| 1763 | struct ieee80211_beacon_offsets *bo) |
| 1764 | { |
| 1765 | struct ifnet *ifp = ic->ic_ifp; |
| 1766 | struct ieee80211_frame *wh; |
| 1767 | struct mbuf *m; |
| 1768 | int pktlen; |
| 1769 | u_int8_t *frm, *efrm; |
| 1770 | u_int16_t capinfo; |
| 1771 | struct ieee80211_rateset *rs; |
| 1772 | |
| 1773 | /* |
| 1774 | * beacon frame format |
| 1775 | * [8] time stamp |
| 1776 | * [2] beacon interval |
| 1777 | * [2] cabability information |
| 1778 | * [tlv] ssid |
| 1779 | * [tlv] supported rates |
| 1780 | * [3] parameter set (DS) |
| 1781 | * [tlv] parameter set (IBSS/TIM) |
| 1782 | * [tlv] extended rate phy (ERP) |
| 1783 | * [tlv] extended supported rates |
| 1784 | * [tlv] WME parameters |
| 1785 | * [tlv] WPA/RSN parameters |
| 1786 | * XXX Vendor-specific OIDs (e.g. Atheros) |
| 1787 | * NB: we allocate the max space required for the TIM bitmap. |
| 1788 | */ |
| 1789 | rs = &ni->ni_rates; |
| 1790 | pktlen = 8 /* time stamp */ |
| 1791 | + sizeof(u_int16_t) /* beacon interval */ |
| 1792 | + sizeof(u_int16_t) /* capabilities */ |
| 1793 | + 2 + ni->ni_esslen /* ssid */ |
| 1794 | + 2 + IEEE80211_RATE_SIZE /* supported rates */ |
| 1795 | + 2 + 1 /* DS parameters */ |
| 1796 | + 2 + 4 + ic->ic_tim_len /* DTIM/IBSSPARMS */ |
| 1797 | + 2 + 1 /* ERP */ |
| 1798 | + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE) |
| 1799 | + (ic->ic_caps & IEEE80211_C_WME ? /* WME */ |
| 1800 | sizeof(struct ieee80211_wme_param) : 0) |
| 1801 | + (ic->ic_caps & IEEE80211_C_WPA ? /* WPA 1+2 */ |
| 1802 | 2*sizeof(struct ieee80211_ie_wpa) : 0) |
| 1803 | ; |
| 1804 | m = ieee80211_getmgtframe(&frm, pktlen); |
| 1805 | if (m == NULL) { |
| 1806 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_ANY, |
| 1807 | "%s: cannot get buf; size %u\n" , __func__, pktlen); |
| 1808 | ic->ic_stats.is_tx_nobuf++; |
| 1809 | return NULL; |
| 1810 | } |
| 1811 | |
| 1812 | memset(frm, 0, 8); /* XXX timestamp is set by hardware/driver */ |
| 1813 | frm += 8; |
| 1814 | *(u_int16_t *)frm = htole16(ni->ni_intval); |
| 1815 | frm += 2; |
| 1816 | if (ic->ic_opmode == IEEE80211_M_IBSS) |
| 1817 | capinfo = IEEE80211_CAPINFO_IBSS; |
| 1818 | else |
| 1819 | capinfo = IEEE80211_CAPINFO_ESS; |
| 1820 | if (ic->ic_flags & IEEE80211_F_PRIVACY) |
| 1821 | capinfo |= IEEE80211_CAPINFO_PRIVACY; |
| 1822 | if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) && |
| 1823 | IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) |
| 1824 | capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE; |
| 1825 | if (ic->ic_flags & IEEE80211_F_SHSLOT) |
| 1826 | capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME; |
| 1827 | bo->bo_caps = (u_int16_t *)frm; |
| 1828 | *(u_int16_t *)frm = htole16(capinfo); |
| 1829 | frm += 2; |
| 1830 | *frm++ = IEEE80211_ELEMID_SSID; |
| 1831 | if ((ic->ic_flags & IEEE80211_F_HIDESSID) == 0) { |
| 1832 | *frm++ = ni->ni_esslen; |
| 1833 | memcpy(frm, ni->ni_essid, ni->ni_esslen); |
| 1834 | frm += ni->ni_esslen; |
| 1835 | } else |
| 1836 | *frm++ = 0; |
| 1837 | frm = ieee80211_add_rates(frm, rs); |
| 1838 | if (ic->ic_curmode != IEEE80211_MODE_FH) { |
| 1839 | *frm++ = IEEE80211_ELEMID_DSPARMS; |
| 1840 | *frm++ = 1; |
| 1841 | *frm++ = ieee80211_chan2ieee(ic, ni->ni_chan); |
| 1842 | } |
| 1843 | bo->bo_tim = frm; |
| 1844 | if (ic->ic_opmode == IEEE80211_M_IBSS) { |
| 1845 | *frm++ = IEEE80211_ELEMID_IBSSPARMS; |
| 1846 | *frm++ = 2; |
| 1847 | *frm++ = 0; *frm++ = 0; /* TODO: ATIM window */ |
| 1848 | bo->bo_tim_len = 0; |
| 1849 | } else { |
| 1850 | struct ieee80211_tim_ie *tie = (struct ieee80211_tim_ie *) frm; |
| 1851 | |
| 1852 | tie->tim_ie = IEEE80211_ELEMID_TIM; |
| 1853 | tie->tim_len = 4; /* length */ |
| 1854 | tie->tim_count = 0; /* DTIM count */ |
| 1855 | tie->tim_period = ic->ic_dtim_period; /* DTIM period */ |
| 1856 | tie->tim_bitctl = 0; /* bitmap control */ |
| 1857 | tie->tim_bitmap[0] = 0; /* Partial Virtual Bitmap */ |
| 1858 | frm += sizeof(struct ieee80211_tim_ie); |
| 1859 | bo->bo_tim_len = 1; |
| 1860 | } |
| 1861 | bo->bo_trailer = frm; |
| 1862 | if (ic->ic_flags & IEEE80211_F_WME) { |
| 1863 | bo->bo_wme = frm; |
| 1864 | frm = ieee80211_add_wme_param(frm, &ic->ic_wme); |
| 1865 | ic->ic_flags &= ~IEEE80211_F_WMEUPDATE; |
| 1866 | } |
| 1867 | if (ic->ic_flags & IEEE80211_F_WPA) |
| 1868 | frm = ieee80211_add_wpa(frm, ic); |
| 1869 | if (ic->ic_curmode == IEEE80211_MODE_11G) |
| 1870 | frm = ieee80211_add_erp(frm, ic); |
| 1871 | efrm = ieee80211_add_xrates(frm, rs); |
| 1872 | bo->bo_trailer_len = efrm - bo->bo_trailer; |
| 1873 | m->m_pkthdr.len = m->m_len = efrm - mtod(m, u_int8_t *); |
| 1874 | |
| 1875 | M_PREPEND(m, sizeof(struct ieee80211_frame), M_DONTWAIT); |
| 1876 | IASSERT(m != NULL, ("no space for 802.11 header?" )); |
| 1877 | wh = mtod(m, struct ieee80211_frame *); |
| 1878 | wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | |
| 1879 | IEEE80211_FC0_SUBTYPE_BEACON; |
| 1880 | wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; |
| 1881 | *(u_int16_t *)wh->i_dur = 0; |
| 1882 | IEEE80211_ADDR_COPY(wh->i_addr1, ifp->if_broadcastaddr); |
| 1883 | IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_myaddr); |
| 1884 | IEEE80211_ADDR_COPY(wh->i_addr3, ni->ni_bssid); |
| 1885 | *(u_int16_t *)wh->i_seq = 0; |
| 1886 | |
| 1887 | return m; |
| 1888 | } |
| 1889 | |
| 1890 | /* |
| 1891 | * Update the dynamic parts of a beacon frame based on the current state. |
| 1892 | */ |
| 1893 | int |
| 1894 | ieee80211_beacon_update(struct ieee80211com *ic, struct ieee80211_node *ni, |
| 1895 | struct ieee80211_beacon_offsets *bo, struct mbuf *m, int mcast) |
| 1896 | { |
| 1897 | int len_changed = 0; |
| 1898 | u_int16_t capinfo; |
| 1899 | |
| 1900 | IEEE80211_BEACON_LOCK(ic); |
| 1901 | /* XXX faster to recalculate entirely or just changes? */ |
| 1902 | if (ic->ic_opmode == IEEE80211_M_IBSS) |
| 1903 | capinfo = IEEE80211_CAPINFO_IBSS; |
| 1904 | else |
| 1905 | capinfo = IEEE80211_CAPINFO_ESS; |
| 1906 | if (ic->ic_flags & IEEE80211_F_PRIVACY) |
| 1907 | capinfo |= IEEE80211_CAPINFO_PRIVACY; |
| 1908 | if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) && |
| 1909 | IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) |
| 1910 | capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE; |
| 1911 | if (ic->ic_flags & IEEE80211_F_SHSLOT) |
| 1912 | capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME; |
| 1913 | *bo->bo_caps = htole16(capinfo); |
| 1914 | |
| 1915 | if (ic->ic_flags & IEEE80211_F_WME) { |
| 1916 | struct ieee80211_wme_state *wme = &ic->ic_wme; |
| 1917 | |
| 1918 | /* |
| 1919 | * Check for agressive mode change. When there is |
| 1920 | * significant high priority traffic in the BSS |
| 1921 | * throttle back BE traffic by using conservative |
| 1922 | * parameters. Otherwise BE uses agressive params |
| 1923 | * to optimize performance of legacy/non-QoS traffic. |
| 1924 | */ |
| 1925 | if (wme->wme_flags & WME_F_AGGRMODE) { |
| 1926 | if (wme->wme_hipri_traffic > |
| 1927 | wme->wme_hipri_switch_thresh) { |
| 1928 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_WME, |
| 1929 | "%s: traffic %u, disable aggressive mode\n" , |
| 1930 | __func__, wme->wme_hipri_traffic); |
| 1931 | wme->wme_flags &= ~WME_F_AGGRMODE; |
| 1932 | ieee80211_wme_updateparams_locked(ic); |
| 1933 | wme->wme_hipri_traffic = |
| 1934 | wme->wme_hipri_switch_hysteresis; |
| 1935 | } else |
| 1936 | wme->wme_hipri_traffic = 0; |
| 1937 | } else { |
| 1938 | if (wme->wme_hipri_traffic <= |
| 1939 | wme->wme_hipri_switch_thresh) { |
| 1940 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_WME, |
| 1941 | "%s: traffic %u, enable aggressive mode\n" , |
| 1942 | __func__, wme->wme_hipri_traffic); |
| 1943 | wme->wme_flags |= WME_F_AGGRMODE; |
| 1944 | ieee80211_wme_updateparams_locked(ic); |
| 1945 | wme->wme_hipri_traffic = 0; |
| 1946 | } else |
| 1947 | wme->wme_hipri_traffic = |
| 1948 | wme->wme_hipri_switch_hysteresis; |
| 1949 | } |
| 1950 | if (ic->ic_flags & IEEE80211_F_WMEUPDATE) { |
| 1951 | (void) ieee80211_add_wme_param(bo->bo_wme, wme); |
| 1952 | ic->ic_flags &= ~IEEE80211_F_WMEUPDATE; |
| 1953 | } |
| 1954 | } |
| 1955 | |
| 1956 | #ifndef IEEE80211_NO_HOSTAP |
| 1957 | if (ic->ic_opmode == IEEE80211_M_HOSTAP) { /* NB: no IBSS support*/ |
| 1958 | struct ieee80211_tim_ie *tie = |
| 1959 | (struct ieee80211_tim_ie *) bo->bo_tim; |
| 1960 | if (ic->ic_flags & IEEE80211_F_TIMUPDATE) { |
| 1961 | u_int timlen, timoff, i; |
| 1962 | /* |
| 1963 | * ATIM/DTIM needs updating. If it fits in the |
| 1964 | * current space allocated then just copy in the |
| 1965 | * new bits. Otherwise we need to move any trailing |
| 1966 | * data to make room. Note that we know there is |
| 1967 | * contiguous space because ieee80211_beacon_allocate |
| 1968 | * insures there is space in the mbuf to write a |
| 1969 | * maximal-size virtual bitmap (based on ic_max_aid). |
| 1970 | */ |
| 1971 | /* |
| 1972 | * Calculate the bitmap size and offset, copy any |
| 1973 | * trailer out of the way, and then copy in the |
| 1974 | * new bitmap and update the information element. |
| 1975 | * Note that the tim bitmap must contain at least |
| 1976 | * one byte and any offset must be even. |
| 1977 | */ |
| 1978 | if (ic->ic_ps_pending != 0) { |
| 1979 | timoff = 128; /* impossibly large */ |
| 1980 | for (i = 0; i < ic->ic_tim_len; i++) |
| 1981 | if (ic->ic_tim_bitmap[i]) { |
| 1982 | timoff = i &~ 1; |
| 1983 | break; |
| 1984 | } |
| 1985 | IASSERT(timoff != 128, ("tim bitmap empty!" )); |
| 1986 | for (i = ic->ic_tim_len-1; i >= timoff; i--) |
| 1987 | if (ic->ic_tim_bitmap[i]) |
| 1988 | break; |
| 1989 | timlen = 1 + (i - timoff); |
| 1990 | } else { |
| 1991 | timoff = 0; |
| 1992 | timlen = 1; |
| 1993 | } |
| 1994 | if (timlen != bo->bo_tim_len) { |
| 1995 | /* copy up/down trailer */ |
| 1996 | ovbcopy(bo->bo_trailer, tie->tim_bitmap+timlen, |
| 1997 | bo->bo_trailer_len); |
| 1998 | bo->bo_trailer = tie->tim_bitmap+timlen; |
| 1999 | bo->bo_wme = bo->bo_trailer; |
| 2000 | bo->bo_tim_len = timlen; |
| 2001 | |
| 2002 | /* update information element */ |
| 2003 | tie->tim_len = 3 + timlen; |
| 2004 | tie->tim_bitctl = timoff; |
| 2005 | len_changed = 1; |
| 2006 | } |
| 2007 | memcpy(tie->tim_bitmap, ic->ic_tim_bitmap + timoff, |
| 2008 | bo->bo_tim_len); |
| 2009 | |
| 2010 | ic->ic_flags &= ~IEEE80211_F_TIMUPDATE; |
| 2011 | |
| 2012 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_POWER, |
| 2013 | "%s: TIM updated, pending %u, off %u, len %u\n" , |
| 2014 | __func__, ic->ic_ps_pending, timoff, timlen); |
| 2015 | } |
| 2016 | /* count down DTIM period */ |
| 2017 | if (tie->tim_count == 0) |
| 2018 | tie->tim_count = tie->tim_period - 1; |
| 2019 | else |
| 2020 | tie->tim_count--; |
| 2021 | /* update state for buffered multicast frames on DTIM */ |
| 2022 | if (mcast && (tie->tim_count == 1 || tie->tim_period == 1)) |
| 2023 | tie->tim_bitctl |= 1; |
| 2024 | else |
| 2025 | tie->tim_bitctl &= ~1; |
| 2026 | } |
| 2027 | #endif /* !IEEE80211_NO_HOSTAP */ |
| 2028 | IEEE80211_BEACON_UNLOCK(ic); |
| 2029 | |
| 2030 | return len_changed; |
| 2031 | } |
| 2032 | |
| 2033 | /* |
| 2034 | * Save an outbound packet for a node in power-save sleep state. |
| 2035 | * The new packet is placed on the node's saved queue, and the TIM |
| 2036 | * is changed, if necessary. |
| 2037 | */ |
| 2038 | void |
| 2039 | ieee80211_pwrsave(struct ieee80211com *ic, struct ieee80211_node *ni, |
| 2040 | struct mbuf *m) |
| 2041 | { |
| 2042 | int qlen, age; |
| 2043 | |
| 2044 | IEEE80211_NODE_SAVEQ_LOCK(ni); |
| 2045 | if (IF_QFULL(&ni->ni_savedq)) { |
| 2046 | IF_DROP(&ni->ni_savedq); |
| 2047 | IEEE80211_NODE_SAVEQ_UNLOCK(ni); |
| 2048 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_ANY, |
| 2049 | "[%s] pwr save q overflow, drops %d (size %d)\n" , |
| 2050 | ether_sprintf(ni->ni_macaddr), |
| 2051 | ni->ni_savedq.ifq_drops, IEEE80211_PS_MAX_QUEUE); |
| 2052 | #ifdef IEEE80211_DEBUG |
| 2053 | if (ieee80211_msg_dumppkts(ic)) |
| 2054 | ieee80211_dump_pkt(mtod(m, void *), m->m_len, -1, -1); |
| 2055 | #endif |
| 2056 | m_freem(m); |
| 2057 | return; |
| 2058 | } |
| 2059 | /* |
| 2060 | * Tag the frame with its expiry time and insert |
| 2061 | * it in the queue. The aging interval is 4 times |
| 2062 | * the listen interval specified by the station. |
| 2063 | * Frames that sit around too long are reclaimed |
| 2064 | * using this information. |
| 2065 | */ |
| 2066 | /* XXX handle overflow? */ |
| 2067 | age = ((ni->ni_intval * ic->ic_bintval) << 2) / 1024; /* TU -> secs */ |
| 2068 | _IEEE80211_NODE_SAVEQ_ENQUEUE(ni, m, qlen, age); |
| 2069 | IEEE80211_NODE_SAVEQ_UNLOCK(ni); |
| 2070 | |
| 2071 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_POWER, |
| 2072 | "[%s] save frame with age %d, %u now queued\n" , |
| 2073 | ether_sprintf(ni->ni_macaddr), age, qlen); |
| 2074 | |
| 2075 | if (qlen == 1) |
| 2076 | ic->ic_set_tim(ni, 1); |
| 2077 | } |
| 2078 | |