1 /* $OpenBSD: ieee80211_output.c,v 1.85 2009/03/26 20:34:54 damien Exp $ */ 2 /* $NetBSD: ieee80211_output.c,v 1.13 2004/05/31 11:02:55 dyoung Exp $ */ 3 4 /*- 5 * Copyright (c) 2001 Atsushi Onoe 6 * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting 7 * Copyright (c) 2007-2009 Damien Bergamini 8 * All rights reserved. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. The name of the author may not be used to endorse or promote products 19 * derived from this software without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 22 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 23 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 24 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 25 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 26 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 30 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 #include "bpfilter.h" 34 #include "vlan.h" 35 36 #include <sys/param.h> 37 #include <sys/systm.h> 38 #include <sys/mbuf.h> 39 #include <sys/kernel.h> 40 #include <sys/socket.h> 41 #include <sys/sockio.h> 42 #include <sys/endian.h> 43 #include <sys/errno.h> 44 #include <sys/proc.h> 45 #include <sys/sysctl.h> 46 47 #include <net/if.h> 48 #include <net/if_dl.h> 49 #include <net/if_media.h> 50 #include <net/if_arp.h> 51 #include <net/if_llc.h> 52 #include <net/bpf.h> 53 54 #ifdef INET 55 #include <netinet/in.h> 56 #include <netinet/if_ether.h> 57 #include <netinet/in_systm.h> 58 #include <netinet/ip.h> 59 #ifdef INET6 60 #include <netinet/ip6.h> 61 #endif 62 #endif 63 64 #if NVLAN > 0 65 #include <net/if_types.h> 66 #include <net/if_vlan_var.h> 67 #endif 68 69 #include <net80211/ieee80211_var.h> 70 #include <net80211/ieee80211_priv.h> 71 72 int ieee80211_classify(struct ieee80211com *, struct mbuf *); 73 int ieee80211_mgmt_output(struct ifnet *, struct ieee80211_node *, 74 struct mbuf *, int); 75 u_int8_t *ieee80211_add_rsn_body(u_int8_t *, struct ieee80211com *, 76 const struct ieee80211_node *, int); 77 struct mbuf *ieee80211_getmgmt(int, int, u_int); 78 struct mbuf *ieee80211_get_probe_req(struct ieee80211com *, 79 struct ieee80211_node *); 80 #ifndef IEEE80211_STA_ONLY 81 struct mbuf *ieee80211_get_probe_resp(struct ieee80211com *, 82 struct ieee80211_node *); 83 #endif 84 struct mbuf *ieee80211_get_auth(struct ieee80211com *, 85 struct ieee80211_node *, u_int16_t, u_int16_t); 86 struct mbuf *ieee80211_get_deauth(struct ieee80211com *, 87 struct ieee80211_node *, u_int16_t); 88 struct mbuf *ieee80211_get_assoc_req(struct ieee80211com *, 89 struct ieee80211_node *, int); 90 #ifndef IEEE80211_STA_ONLY 91 struct mbuf *ieee80211_get_assoc_resp(struct ieee80211com *, 92 struct ieee80211_node *, u_int16_t); 93 #endif 94 struct mbuf *ieee80211_get_disassoc(struct ieee80211com *, 95 struct ieee80211_node *, u_int16_t); 96 #ifndef IEEE80211_NO_HT 97 struct mbuf *ieee80211_get_addba_req(struct ieee80211com *, 98 struct ieee80211_node *, u_int8_t); 99 struct mbuf *ieee80211_get_addba_resp(struct ieee80211com *, 100 struct ieee80211_node *, u_int8_t, u_int8_t, u_int16_t); 101 struct mbuf *ieee80211_get_delba(struct ieee80211com *, 102 struct ieee80211_node *, u_int8_t, u_int8_t, u_int16_t); 103 #endif 104 struct mbuf *ieee80211_get_sa_query(struct ieee80211com *, 105 struct ieee80211_node *, u_int8_t); 106 struct mbuf *ieee80211_get_action(struct ieee80211com *, 107 struct ieee80211_node *, u_int8_t, u_int8_t, int); 108 109 /* 110 * IEEE 802.11 output routine. Normally this will directly call the 111 * Ethernet output routine because 802.11 encapsulation is called 112 * later by the driver. This function can be used to send raw frames 113 * if the mbuf has been tagged with a 802.11 data link type. 114 */ 115 int 116 ieee80211_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, 117 struct rtentry *rt) 118 { 119 struct m_tag *mtag; 120 int s, len, error = 0; 121 u_short mflags; 122 123 /* Interface has to be up and running */ 124 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) != 125 (IFF_UP | IFF_RUNNING)) { 126 error = ENETDOWN; 127 goto bad; 128 } 129 130 /* Try to get the DLT from a mbuf tag */ 131 if ((mtag = m_tag_find(m, PACKET_TAG_DLT, NULL)) != NULL) { 132 u_int dlt = *(u_int *)(mtag + 1); 133 134 /* Fallback to ethernet for non-802.11 linktypes */ 135 if (!(dlt == DLT_IEEE802_11 || dlt == DLT_IEEE802_11_RADIO)) 136 goto fallback; 137 138 /* 139 * Queue message on interface without adding any 140 * further headers, and start output if interface not 141 * yet active. 142 */ 143 mflags = m->m_flags; 144 len = m->m_pkthdr.len; 145 s = splnet(); 146 IFQ_ENQUEUE(&ifp->if_snd, m, NULL, error); 147 if (error) { 148 /* mbuf is already freed */ 149 splx(s); 150 printf("%s: failed to queue raw tx frame\n", 151 ifp->if_xname); 152 return (error); 153 } 154 ifp->if_obytes += len; 155 if (mflags & M_MCAST) 156 ifp->if_omcasts++; 157 if ((ifp->if_flags & IFF_OACTIVE) == 0) 158 (*ifp->if_start)(ifp); 159 splx(s); 160 161 return (error); 162 } 163 164 fallback: 165 return (ether_output(ifp, m, dst, rt)); 166 167 bad: 168 if (m) 169 m_freem(m); 170 return (error); 171 } 172 173 /* 174 * Send a management frame to the specified node. The node pointer 175 * must have a reference as the pointer will be passed to the driver 176 * and potentially held for a long time. If the frame is successfully 177 * dispatched to the driver, then it is responsible for freeing the 178 * reference (and potentially free'ing up any associated storage). 179 */ 180 int 181 ieee80211_mgmt_output(struct ifnet *ifp, struct ieee80211_node *ni, 182 struct mbuf *m, int type) 183 { 184 struct ieee80211com *ic = (void *)ifp; 185 struct ieee80211_frame *wh; 186 187 if (ni == NULL) 188 panic("null node"); 189 ni->ni_inact = 0; 190 191 /* 192 * Yech, hack alert! We want to pass the node down to the 193 * driver's start routine. We could stick this in an m_tag 194 * and tack that on to the mbuf. However that's rather 195 * expensive to do for every frame so instead we stuff it in 196 * the rcvif field since outbound frames do not (presently) 197 * use this. 198 */ 199 M_PREPEND(m, sizeof(struct ieee80211_frame), M_DONTWAIT); 200 if (m == NULL) 201 return ENOMEM; 202 m->m_pkthdr.rcvif = (void *)ni; 203 204 wh = mtod(m, struct ieee80211_frame *); 205 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | type; 206 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 207 *(u_int16_t *)&wh->i_dur[0] = 0; 208 *(u_int16_t *)&wh->i_seq[0] = 209 htole16(ni->ni_txseq << IEEE80211_SEQ_SEQ_SHIFT); 210 ni->ni_txseq++; 211 IEEE80211_ADDR_COPY(wh->i_addr1, ni->ni_macaddr); 212 IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_myaddr); 213 IEEE80211_ADDR_COPY(wh->i_addr3, ni->ni_bssid); 214 215 /* check if protection is required for this mgmt frame */ 216 if ((ic->ic_caps & IEEE80211_C_MFP) && 217 (type == IEEE80211_FC0_SUBTYPE_DISASSOC || 218 type == IEEE80211_FC0_SUBTYPE_DEAUTH || 219 type == IEEE80211_FC0_SUBTYPE_ACTION)) { 220 /* 221 * Hack: we should not set the Protected bit in outgoing 222 * group management frames, however it is used as an 223 * indication to the drivers that they must encrypt the 224 * frame. Drivers should clear this bit from group 225 * management frames (software crypto code will do it). 226 * XXX could use an mbuf flag.. 227 */ 228 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 229 (ni->ni_flags & IEEE80211_NODE_TXMGMTPROT)) 230 wh->i_fc[1] |= IEEE80211_FC1_PROTECTED; 231 } 232 233 if (ifp->if_flags & IFF_DEBUG) { 234 /* avoid to print too many frames */ 235 if ( 236 #ifndef IEEE80211_STA_ONLY 237 ic->ic_opmode == IEEE80211_M_IBSS || 238 #endif 239 #ifdef IEEE80211_DEBUG 240 ieee80211_debug > 1 || 241 #endif 242 (type & IEEE80211_FC0_SUBTYPE_MASK) != 243 IEEE80211_FC0_SUBTYPE_PROBE_RESP) 244 printf("%s: sending %s to %s on channel %u mode %s\n", 245 ifp->if_xname, 246 ieee80211_mgt_subtype_name[ 247 (type & IEEE80211_FC0_SUBTYPE_MASK) 248 >> IEEE80211_FC0_SUBTYPE_SHIFT], 249 ether_sprintf(ni->ni_macaddr), 250 ieee80211_chan2ieee(ic, ni->ni_chan), 251 ieee80211_phymode_name[ 252 ieee80211_chan2mode(ic, ni->ni_chan)]); 253 } 254 255 #ifndef IEEE80211_STA_ONLY 256 if (ic->ic_opmode == IEEE80211_M_HOSTAP && 257 ieee80211_pwrsave(ic, m, ni) != 0) 258 return 0; 259 #endif 260 IF_ENQUEUE(&ic->ic_mgtq, m); 261 ifp->if_timer = 1; 262 (*ifp->if_start)(ifp); 263 return 0; 264 } 265 266 /*- 267 * EDCA tables are computed using the following formulas: 268 * 269 * 1) EDCATable (non-AP QSTA) 270 * 271 * AC CWmin CWmax AIFSN TXOP limit(ms) 272 * ------------------------------------------------------------- 273 * AC_BK aCWmin aCWmax 7 0 274 * AC_BE aCWmin aCWmax 3 0 275 * AC_VI (aCWmin+1)/2-1 aCWmin 2 agn=3.008 b=6.016 others=0 276 * AC_VO (aCWmin+1)/4-1 (aCWmin+1)/2-1 2 agn=1.504 b=3.264 others=0 277 * 278 * 2) QAPEDCATable (QAP) 279 * 280 * AC CWmin CWmax AIFSN TXOP limit(ms) 281 * ------------------------------------------------------------- 282 * AC_BK aCWmin aCWmax 7 0 283 * AC_BE aCWmin 4*(aCWmin+1)-1 3 0 284 * AC_VI (aCWmin+1)/2-1 aCWmin 1 agn=3.008 b=6.016 others=0 285 * AC_VO (aCWmin+1)/4-1 (aCWmin+1)/2-1 1 agn=1.504 b=3.264 others=0 286 * 287 * and the following aCWmin/aCWmax values: 288 * 289 * PHY aCWmin aCWmax 290 * --------------------------- 291 * 11A 15 1023 292 * 11B 31 1023 293 * 11G 15* 1023 (*) aCWmin(1) 294 * Turbo A/G 7 1023 (Atheros proprietary mode) 295 */ 296 static const struct ieee80211_edca_ac_params 297 ieee80211_edca_table[IEEE80211_MODE_MAX][EDCA_NUM_AC] = { 298 [IEEE80211_MODE_11B] = { 299 [EDCA_AC_BK] = { 5, 10, 7, 0 }, 300 [EDCA_AC_BE] = { 5, 10, 3, 0 }, 301 [EDCA_AC_VI] = { 4, 5, 2, 188 }, 302 [EDCA_AC_VO] = { 3, 4, 2, 102 } 303 }, 304 [IEEE80211_MODE_11A] = { 305 [EDCA_AC_BK] = { 4, 10, 7, 0 }, 306 [EDCA_AC_BE] = { 4, 10, 3, 0 }, 307 [EDCA_AC_VI] = { 3, 4, 2, 94 }, 308 [EDCA_AC_VO] = { 2, 3, 2, 47 } 309 }, 310 [IEEE80211_MODE_11G] = { 311 [EDCA_AC_BK] = { 4, 10, 7, 0 }, 312 [EDCA_AC_BE] = { 4, 10, 3, 0 }, 313 [EDCA_AC_VI] = { 3, 4, 2, 94 }, 314 [EDCA_AC_VO] = { 2, 3, 2, 47 } 315 }, 316 [IEEE80211_MODE_TURBO] = { 317 [EDCA_AC_BK] = { 3, 10, 7, 0 }, 318 [EDCA_AC_BE] = { 3, 10, 2, 0 }, 319 [EDCA_AC_VI] = { 2, 3, 2, 94 }, 320 [EDCA_AC_VO] = { 2, 2, 1, 47 } 321 } 322 }; 323 324 #ifndef IEEE80211_STA_ONLY 325 static const struct ieee80211_edca_ac_params 326 ieee80211_qap_edca_table[IEEE80211_MODE_MAX][EDCA_NUM_AC] = { 327 [IEEE80211_MODE_11B] = { 328 [EDCA_AC_BK] = { 5, 10, 7, 0 }, 329 [EDCA_AC_BE] = { 5, 7, 3, 0 }, 330 [EDCA_AC_VI] = { 4, 5, 1, 188 }, 331 [EDCA_AC_VO] = { 3, 4, 1, 102 } 332 }, 333 [IEEE80211_MODE_11A] = { 334 [EDCA_AC_BK] = { 4, 10, 7, 0 }, 335 [EDCA_AC_BE] = { 4, 6, 3, 0 }, 336 [EDCA_AC_VI] = { 3, 4, 1, 94 }, 337 [EDCA_AC_VO] = { 2, 3, 1, 47 } 338 }, 339 [IEEE80211_MODE_11G] = { 340 [EDCA_AC_BK] = { 4, 10, 7, 0 }, 341 [EDCA_AC_BE] = { 4, 6, 3, 0 }, 342 [EDCA_AC_VI] = { 3, 4, 1, 94 }, 343 [EDCA_AC_VO] = { 2, 3, 1, 47 } 344 }, 345 [IEEE80211_MODE_TURBO] = { 346 [EDCA_AC_BK] = { 3, 10, 7, 0 }, 347 [EDCA_AC_BE] = { 3, 5, 2, 0 }, 348 [EDCA_AC_VI] = { 2, 3, 1, 94 }, 349 [EDCA_AC_VO] = { 2, 2, 1, 47 } 350 } 351 }; 352 #endif /* IEEE80211_STA_ONLY */ 353 354 /* 355 * Return the EDCA Access Category to be used for transmitting a frame with 356 * user-priority `up'. 357 */ 358 enum ieee80211_edca_ac 359 ieee80211_up_to_ac(struct ieee80211com *ic, int up) 360 { 361 /* see Table 9-1 */ 362 static const enum ieee80211_edca_ac up_to_ac[] = { 363 EDCA_AC_BE, /* BE */ 364 EDCA_AC_BK, /* BK */ 365 EDCA_AC_BK, /* -- */ 366 EDCA_AC_BE, /* EE */ 367 EDCA_AC_VI, /* CL */ 368 EDCA_AC_VI, /* VI */ 369 EDCA_AC_VO, /* VO */ 370 EDCA_AC_VO /* NC */ 371 }; 372 enum ieee80211_edca_ac ac; 373 374 ac = (up <= 7) ? up_to_ac[up] : EDCA_AC_BE; 375 376 #ifndef IEEE80211_STA_ONLY 377 if (ic->ic_opmode == IEEE80211_M_HOSTAP) 378 return ac; 379 #endif 380 /* 381 * We do not support the admission control procedure defined in 382 * IEEE Std 802.11-2007 section 9.9.3.1.2. The spec says that 383 * non-AP QSTAs that don't support this procedure shall use EDCA 384 * parameters of a lower priority AC that does not require 385 * admission control. 386 */ 387 while (ac != EDCA_AC_BK && ic->ic_edca_ac[ac].ac_acm) { 388 switch (ac) { 389 case EDCA_AC_BK: 390 /* can't get there */ 391 break; 392 case EDCA_AC_BE: 393 /* BE shouldn't require admission control */ 394 ac = EDCA_AC_BK; 395 break; 396 case EDCA_AC_VI: 397 ac = EDCA_AC_BE; 398 break; 399 case EDCA_AC_VO: 400 ac = EDCA_AC_VI; 401 break; 402 } 403 } 404 return ac; 405 } 406 407 /* 408 * Get mbuf's user-priority: if mbuf is not VLAN tagged, select user-priority 409 * based on the DSCP (Differentiated Services Codepoint) field. 410 */ 411 int 412 ieee80211_classify(struct ieee80211com *ic, struct mbuf *m) 413 { 414 #ifdef INET 415 struct ether_header *eh; 416 u_int8_t ds_field; 417 #endif 418 #if NVLAN > 0 419 if (m->m_flags & M_VLANTAG) /* use VLAN 802.1D user-priority */ 420 return EVL_PRIOFTAG(m->m_pkthdr.ether_vtag); 421 #endif 422 #ifdef INET 423 eh = mtod(m, struct ether_header *); 424 if (eh->ether_type == htons(ETHERTYPE_IP)) { 425 struct ip *ip = (struct ip *)&eh[1]; 426 if (ip->ip_v != 4) 427 return 0; 428 ds_field = ip->ip_tos; 429 } 430 #ifdef INET6 431 else if (eh->ether_type == htons(ETHERTYPE_IPV6)) { 432 struct ip6_hdr *ip6 = (struct ip6_hdr *)&eh[1]; 433 u_int32_t flowlabel; 434 435 flowlabel = ntohl(ip6->ip6_flow); 436 if ((flowlabel >> 28) != 6) 437 return 0; 438 ds_field = (flowlabel >> 20) & 0xff; 439 } 440 #endif /* INET6 */ 441 else /* neither IPv4 nor IPv6 */ 442 return 0; 443 444 /* 445 * Map Differentiated Services Codepoint field (see RFC2474). 446 * Preserves backward compatibility with IP Precedence field. 447 */ 448 switch (ds_field & 0xfc) { 449 case IPTOS_PREC_PRIORITY: 450 return 2; 451 case IPTOS_PREC_IMMEDIATE: 452 return 1; 453 case IPTOS_PREC_FLASH: 454 return 3; 455 case IPTOS_PREC_FLASHOVERRIDE: 456 return 4; 457 case IPTOS_PREC_CRITIC_ECP: 458 return 5; 459 case IPTOS_PREC_INTERNETCONTROL: 460 return 6; 461 case IPTOS_PREC_NETCONTROL: 462 return 7; 463 } 464 #endif /* INET */ 465 return 0; /* default to Best-Effort */ 466 } 467 468 /* 469 * Encapsulate an outbound data frame. The mbuf chain is updated and 470 * a reference to the destination node is returned. If an error is 471 * encountered NULL is returned and the node reference will also be NULL. 472 * 473 * NB: The caller is responsible for free'ing a returned node reference. 474 * The convention is ic_bss is not reference counted; the caller must 475 * maintain that. 476 */ 477 struct mbuf * 478 ieee80211_encap(struct ifnet *ifp, struct mbuf *m, struct ieee80211_node **pni) 479 { 480 struct ieee80211com *ic = (void *)ifp; 481 struct ether_header eh; 482 struct ieee80211_frame *wh; 483 struct ieee80211_node *ni = NULL; 484 struct llc *llc; 485 struct m_tag *mtag; 486 u_int8_t *addr; 487 u_int dlt, hdrlen; 488 int addqos, tid; 489 490 /* Handle raw frames if mbuf is tagged as 802.11 */ 491 if ((mtag = m_tag_find(m, PACKET_TAG_DLT, NULL)) != NULL) { 492 dlt = *(u_int *)(mtag + 1); 493 494 if (!(dlt == DLT_IEEE802_11 || dlt == DLT_IEEE802_11_RADIO)) 495 goto fallback; 496 497 wh = mtod(m, struct ieee80211_frame *); 498 499 if (m->m_pkthdr.len < sizeof(struct ieee80211_frame_min)) 500 goto bad; 501 502 if ((wh->i_fc[0] & IEEE80211_FC0_VERSION_MASK) != 503 IEEE80211_FC0_VERSION_0) 504 goto bad; 505 506 switch (wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) { 507 case IEEE80211_FC1_DIR_NODS: 508 case IEEE80211_FC1_DIR_FROMDS: 509 addr = wh->i_addr1; 510 break; 511 case IEEE80211_FC1_DIR_DSTODS: 512 case IEEE80211_FC1_DIR_TODS: 513 addr = wh->i_addr3; 514 break; 515 default: 516 goto bad; 517 } 518 519 ni = ieee80211_find_txnode(ic, addr); 520 if (ni == NULL) 521 ni = ieee80211_ref_node(ic->ic_bss); 522 if (ni == NULL) { 523 printf("%s: no node for dst %s, " 524 "discard raw tx frame\n", ifp->if_xname, 525 ether_sprintf(addr)); 526 ic->ic_stats.is_tx_nonode++; 527 goto bad; 528 } 529 ni->ni_inact = 0; 530 531 *pni = ni; 532 return (m); 533 } 534 535 fallback: 536 if (m->m_len < sizeof(struct ether_header)) { 537 m = m_pullup(m, sizeof(struct ether_header)); 538 if (m == NULL) { 539 ic->ic_stats.is_tx_nombuf++; 540 goto bad; 541 } 542 } 543 memcpy(&eh, mtod(m, caddr_t), sizeof(struct ether_header)); 544 545 ni = ieee80211_find_txnode(ic, eh.ether_dhost); 546 if (ni == NULL) { 547 DPRINTF(("no node for dst %s, discard frame\n", 548 ether_sprintf(eh.ether_dhost))); 549 ic->ic_stats.is_tx_nonode++; 550 goto bad; 551 } 552 553 if ((ic->ic_flags & IEEE80211_F_RSNON) && 554 !ni->ni_port_valid && 555 eh.ether_type != htons(ETHERTYPE_PAE)) { 556 DPRINTF(("port not valid: %s\n", 557 ether_sprintf(eh.ether_dhost))); 558 ic->ic_stats.is_tx_noauth++; 559 goto bad; 560 } 561 562 if ((ic->ic_flags & IEEE80211_F_COUNTERM) && 563 ni->ni_rsncipher == IEEE80211_CIPHER_TKIP) 564 /* XXX TKIP countermeasures! */; 565 566 ni->ni_inact = 0; 567 568 if ((ic->ic_flags & IEEE80211_F_QOS) && 569 (ni->ni_flags & IEEE80211_NODE_QOS) && 570 /* do not QoS-encapsulate EAPOL frames */ 571 eh.ether_type != htons(ETHERTYPE_PAE)) { 572 tid = ieee80211_classify(ic, m); 573 hdrlen = sizeof(struct ieee80211_qosframe); 574 addqos = 1; 575 } else { 576 hdrlen = sizeof(struct ieee80211_frame); 577 addqos = 0; 578 } 579 m_adj(m, sizeof(struct ether_header) - LLC_SNAPFRAMELEN); 580 llc = mtod(m, struct llc *); 581 llc->llc_dsap = llc->llc_ssap = LLC_SNAP_LSAP; 582 llc->llc_control = LLC_UI; 583 llc->llc_snap.org_code[0] = 0; 584 llc->llc_snap.org_code[1] = 0; 585 llc->llc_snap.org_code[2] = 0; 586 llc->llc_snap.ether_type = eh.ether_type; 587 M_PREPEND(m, hdrlen, M_DONTWAIT); 588 if (m == NULL) { 589 ic->ic_stats.is_tx_nombuf++; 590 goto bad; 591 } 592 wh = mtod(m, struct ieee80211_frame *); 593 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_DATA; 594 *(u_int16_t *)&wh->i_dur[0] = 0; 595 if (addqos) { 596 struct ieee80211_qosframe *qwh = 597 (struct ieee80211_qosframe *)wh; 598 u_int16_t qos = tid; 599 600 if (ic->ic_tid_noack & (1 << tid)) 601 qos |= IEEE80211_QOS_ACK_POLICY_NOACK; 602 #ifndef IEEE80211_NO_HT 603 else if (ni->ni_tx_ba[tid].ba_state == IEEE80211_BA_AGREED) 604 qos |= IEEE80211_QOS_ACK_POLICY_BA; 605 #endif 606 qwh->i_fc[0] |= IEEE80211_FC0_SUBTYPE_QOS; 607 *(u_int16_t *)qwh->i_qos = htole16(qos); 608 *(u_int16_t *)qwh->i_seq = 609 htole16(ni->ni_qos_txseqs[tid] << IEEE80211_SEQ_SEQ_SHIFT); 610 ni->ni_qos_txseqs[tid]++; 611 } else { 612 *(u_int16_t *)&wh->i_seq[0] = 613 htole16(ni->ni_txseq << IEEE80211_SEQ_SEQ_SHIFT); 614 ni->ni_txseq++; 615 } 616 switch (ic->ic_opmode) { 617 case IEEE80211_M_STA: 618 wh->i_fc[1] = IEEE80211_FC1_DIR_TODS; 619 IEEE80211_ADDR_COPY(wh->i_addr1, ni->ni_bssid); 620 IEEE80211_ADDR_COPY(wh->i_addr2, eh.ether_shost); 621 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_dhost); 622 break; 623 #ifndef IEEE80211_STA_ONLY 624 case IEEE80211_M_IBSS: 625 case IEEE80211_M_AHDEMO: 626 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 627 IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost); 628 IEEE80211_ADDR_COPY(wh->i_addr2, eh.ether_shost); 629 IEEE80211_ADDR_COPY(wh->i_addr3, ic->ic_bss->ni_bssid); 630 break; 631 case IEEE80211_M_HOSTAP: 632 wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS; 633 IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost); 634 IEEE80211_ADDR_COPY(wh->i_addr2, ni->ni_bssid); 635 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_shost); 636 break; 637 #endif 638 default: 639 /* should not get there */ 640 goto bad; 641 } 642 643 if ((ic->ic_flags & IEEE80211_F_WEPON) || 644 ((ic->ic_flags & IEEE80211_F_RSNON) && 645 (ni->ni_flags & IEEE80211_NODE_TXPROT))) 646 wh->i_fc[1] |= IEEE80211_FC1_PROTECTED; 647 648 #ifndef IEEE80211_STA_ONLY 649 if (ic->ic_opmode == IEEE80211_M_HOSTAP && 650 ieee80211_pwrsave(ic, m, ni) != 0) { 651 *pni = NULL; 652 return NULL; 653 } 654 #endif 655 *pni = ni; 656 return m; 657 bad: 658 if (m != NULL) 659 m_freem(m); 660 if (ni != NULL) 661 ieee80211_release_node(ic, ni); 662 *pni = NULL; 663 return NULL; 664 } 665 666 /* 667 * Add a Capability Information field to a frame (see 7.3.1.4). 668 */ 669 u_int8_t * 670 ieee80211_add_capinfo(u_int8_t *frm, struct ieee80211com *ic, 671 const struct ieee80211_node *ni) 672 { 673 u_int16_t capinfo; 674 675 #ifndef IEEE80211_STA_ONLY 676 if (ic->ic_opmode == IEEE80211_M_IBSS) 677 capinfo = IEEE80211_CAPINFO_IBSS; 678 else if (ic->ic_opmode == IEEE80211_M_HOSTAP) 679 capinfo = IEEE80211_CAPINFO_ESS; 680 else 681 #endif 682 capinfo = 0; 683 #ifndef IEEE80211_STA_ONLY 684 if (ic->ic_opmode == IEEE80211_M_HOSTAP && 685 (ic->ic_flags & (IEEE80211_F_WEPON | IEEE80211_F_RSNON))) 686 capinfo |= IEEE80211_CAPINFO_PRIVACY; 687 #endif 688 /* NB: some 11a AP's reject the request when short preamble is set */ 689 if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) && 690 IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) 691 capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE; 692 if (ic->ic_flags & IEEE80211_F_SHSLOT) 693 capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME; 694 LE_WRITE_2(frm, capinfo); 695 return frm + 2; 696 } 697 698 /* 699 * Add an SSID element to a frame (see 7.3.2.1). 700 */ 701 u_int8_t * 702 ieee80211_add_ssid(u_int8_t *frm, const u_int8_t *ssid, u_int len) 703 { 704 *frm++ = IEEE80211_ELEMID_SSID; 705 *frm++ = len; 706 memcpy(frm, ssid, len); 707 return frm + len; 708 } 709 710 /* 711 * Add a supported rates element to a frame (see 7.3.2.2). 712 */ 713 u_int8_t * 714 ieee80211_add_rates(u_int8_t *frm, const struct ieee80211_rateset *rs) 715 { 716 int nrates; 717 718 *frm++ = IEEE80211_ELEMID_RATES; 719 nrates = min(rs->rs_nrates, IEEE80211_RATE_SIZE); 720 *frm++ = nrates; 721 memcpy(frm, rs->rs_rates, nrates); 722 return frm + nrates; 723 } 724 725 #ifndef IEEE80211_STA_ONLY 726 /* 727 * Add a DS Parameter Set element to a frame (see 7.3.2.4). 728 */ 729 u_int8_t * 730 ieee80211_add_ds_params(u_int8_t *frm, struct ieee80211com *ic, 731 const struct ieee80211_node *ni) 732 { 733 *frm++ = IEEE80211_ELEMID_DSPARMS; 734 *frm++ = 1; 735 *frm++ = ieee80211_chan2ieee(ic, ni->ni_chan); 736 return frm; 737 } 738 739 /* 740 * Add a TIM element to a frame (see 7.3.2.6 and Annex L). 741 */ 742 u_int8_t * 743 ieee80211_add_tim(u_int8_t *frm, struct ieee80211com *ic) 744 { 745 u_int i, offset = 0, len; 746 747 /* find first non-zero octet in the virtual bit map */ 748 for (i = 0; i < ic->ic_tim_len && ic->ic_tim_bitmap[i] == 0; i++); 749 750 /* clear the lsb as it is reserved for the broadcast indication bit */ 751 if (i < ic->ic_tim_len) 752 offset = i & ~1; 753 754 /* find last non-zero octet in the virtual bit map */ 755 for (i = ic->ic_tim_len - 1; i > 0 && ic->ic_tim_bitmap[i] == 0; i--); 756 757 len = i - offset + 1; 758 759 *frm++ = IEEE80211_ELEMID_TIM; 760 *frm++ = len + 3; /* length */ 761 *frm++ = ic->ic_dtim_count; /* DTIM count */ 762 *frm++ = ic->ic_dtim_period; /* DTIM period */ 763 764 /* Bitmap Control */ 765 *frm = offset; 766 /* set broadcast/multicast indication bit if necessary */ 767 if (ic->ic_dtim_count == 0 && ic->ic_tim_mcast_pending) 768 *frm |= 0x01; 769 frm++; 770 771 /* Partial Virtual Bitmap */ 772 memcpy(frm, &ic->ic_tim_bitmap[offset], len); 773 return frm + len; 774 } 775 776 /* 777 * Add an IBSS Parameter Set element to a frame (see 7.3.2.7). 778 */ 779 u_int8_t * 780 ieee80211_add_ibss_params(u_int8_t *frm, const struct ieee80211_node *ni) 781 { 782 *frm++ = IEEE80211_ELEMID_IBSSPARMS; 783 *frm++ = 2; 784 LE_WRITE_2(frm, 0); /* TODO: ATIM window */ 785 return frm + 2; 786 } 787 788 /* 789 * Add an EDCA Parameter Set element to a frame (see 7.3.2.29). 790 */ 791 u_int8_t * 792 ieee80211_add_edca_params(u_int8_t *frm, struct ieee80211com *ic) 793 { 794 const struct ieee80211_edca_ac_params *edca; 795 int aci; 796 797 *frm++ = IEEE80211_ELEMID_EDCAPARMS; 798 *frm++ = 18; /* length */ 799 *frm++ = 0; /* QoS Info */ 800 *frm++ = 0; /* reserved */ 801 802 /* setup AC Parameter Records */ 803 edca = ieee80211_qap_edca_table[ic->ic_curmode]; 804 for (aci = 0; aci < EDCA_NUM_AC; aci++) { 805 const struct ieee80211_edca_ac_params *ac = &edca[aci]; 806 807 *frm++ = (aci << 5) | ((ac->ac_acm & 0x1) << 4) | 808 (ac->ac_aifsn & 0xf); 809 *frm++ = (ac->ac_ecwmax << 4) | 810 (ac->ac_ecwmin & 0xf); 811 LE_WRITE_2(frm, ac->ac_txoplimit); frm += 2; 812 } 813 return frm; 814 } 815 816 /* 817 * Add an ERP element to a frame (see 7.3.2.13). 818 */ 819 u_int8_t * 820 ieee80211_add_erp(u_int8_t *frm, struct ieee80211com *ic) 821 { 822 u_int8_t erp; 823 824 *frm++ = IEEE80211_ELEMID_ERP; 825 *frm++ = 1; 826 erp = 0; 827 /* 828 * The NonERP_Present bit shall be set to 1 when a NonERP STA 829 * is associated with the BSS. 830 */ 831 if (ic->ic_nonerpsta != 0) 832 erp |= IEEE80211_ERP_NON_ERP_PRESENT; 833 /* 834 * If one or more NonERP STAs are associated in the BSS, the 835 * Use_Protection bit shall be set to 1 in transmitted ERP 836 * Information Elements. 837 */ 838 if (ic->ic_flags & IEEE80211_F_USEPROT) 839 erp |= IEEE80211_ERP_USE_PROTECTION; 840 /* 841 * The Barker_Preamble_Mode bit shall be set to 1 by the ERP 842 * Information Element sender if one or more associated NonERP 843 * STAs are not short preamble capable. 844 */ 845 if (!(ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 846 erp |= IEEE80211_ERP_BARKER_MODE; 847 *frm++ = erp; 848 return frm; 849 } 850 #endif /* IEEE80211_STA_ONLY */ 851 852 /* 853 * Add a QoS Capability element to a frame (see 7.3.2.35). 854 */ 855 u_int8_t * 856 ieee80211_add_qos_capability(u_int8_t *frm, struct ieee80211com *ic) 857 { 858 *frm++ = IEEE80211_ELEMID_QOS_CAP; 859 *frm++ = 1; 860 *frm++ = 0; /* QoS Info */ 861 return frm; 862 } 863 864 /* 865 * Add an RSN element to a frame (see 7.3.2.25). 866 */ 867 u_int8_t * 868 ieee80211_add_rsn_body(u_int8_t *frm, struct ieee80211com *ic, 869 const struct ieee80211_node *ni, int wpa) 870 { 871 const u_int8_t *oui = wpa ? MICROSOFT_OUI : IEEE80211_OUI; 872 u_int8_t *pcount; 873 u_int16_t count; 874 875 /* write Version field */ 876 LE_WRITE_2(frm, 1); frm += 2; 877 878 /* write Group Data Cipher Suite field (see Table 20da) */ 879 memcpy(frm, oui, 3); frm += 3; 880 switch (ni->ni_rsngroupcipher) { 881 case IEEE80211_CIPHER_WEP40: 882 *frm++ = 1; 883 break; 884 case IEEE80211_CIPHER_TKIP: 885 *frm++ = 2; 886 break; 887 case IEEE80211_CIPHER_CCMP: 888 *frm++ = 4; 889 break; 890 case IEEE80211_CIPHER_WEP104: 891 *frm++ = 5; 892 break; 893 default: 894 /* can't get there */ 895 panic("invalid group data cipher!"); 896 } 897 898 pcount = frm; frm += 2; 899 count = 0; 900 /* write Pairwise Cipher Suite List */ 901 if (ni->ni_rsnciphers & IEEE80211_CIPHER_USEGROUP) { 902 memcpy(frm, oui, 3); frm += 3; 903 *frm++ = 0; 904 count++; 905 } 906 if (ni->ni_rsnciphers & IEEE80211_CIPHER_TKIP) { 907 memcpy(frm, oui, 3); frm += 3; 908 *frm++ = 2; 909 count++; 910 } 911 if (ni->ni_rsnciphers & IEEE80211_CIPHER_CCMP) { 912 memcpy(frm, oui, 3); frm += 3; 913 *frm++ = 4; 914 count++; 915 } 916 /* write Pairwise Cipher Suite Count field */ 917 LE_WRITE_2(pcount, count); 918 919 pcount = frm; frm += 2; 920 count = 0; 921 /* write AKM Suite List (see Table 20dc) */ 922 if (ni->ni_rsnakms & IEEE80211_AKM_8021X) { 923 memcpy(frm, oui, 3); frm += 3; 924 *frm++ = 1; 925 count++; 926 } 927 if (ni->ni_rsnakms & IEEE80211_AKM_PSK) { 928 memcpy(frm, oui, 3); frm += 3; 929 *frm++ = 2; 930 count++; 931 } 932 if (!wpa && (ni->ni_rsnakms & IEEE80211_AKM_SHA256_8021X)) { 933 memcpy(frm, oui, 3); frm += 3; 934 *frm++ = 5; 935 count++; 936 } 937 if (!wpa && (ni->ni_rsnakms & IEEE80211_AKM_SHA256_PSK)) { 938 memcpy(frm, oui, 3); frm += 3; 939 *frm++ = 6; 940 count++; 941 } 942 /* write AKM Suite List Count field */ 943 LE_WRITE_2(pcount, count); 944 945 if (wpa) 946 return frm; 947 948 /* write RSN Capabilities field */ 949 LE_WRITE_2(frm, ni->ni_rsncaps); frm += 2; 950 951 if (ni->ni_flags & IEEE80211_NODE_PMKID) { 952 /* write PMKID Count field */ 953 LE_WRITE_2(frm, 1); frm += 2; 954 /* write PMKID List (only 1) */ 955 memcpy(frm, ni->ni_pmkid, IEEE80211_PMKID_LEN); 956 frm += IEEE80211_PMKID_LEN; 957 } else { 958 /* no PMKID (PMKID Count=0) */ 959 LE_WRITE_2(frm, 0); frm += 2; 960 } 961 962 if (!(ic->ic_caps & IEEE80211_C_MFP)) 963 return frm; 964 965 /* write Group Integrity Cipher Suite field */ 966 memcpy(frm, oui, 3); frm += 3; 967 switch (ic->ic_rsngroupmgmtcipher) { 968 case IEEE80211_CIPHER_BIP: 969 *frm++ = 6; 970 break; 971 default: 972 /* can't get there */ 973 panic("invalid integrity group cipher!"); 974 } 975 return frm; 976 } 977 978 u_int8_t * 979 ieee80211_add_rsn(u_int8_t *frm, struct ieee80211com *ic, 980 const struct ieee80211_node *ni) 981 { 982 u_int8_t *plen; 983 984 *frm++ = IEEE80211_ELEMID_RSN; 985 plen = frm++; /* length filled in later */ 986 frm = ieee80211_add_rsn_body(frm, ic, ni, 0); 987 988 /* write length field */ 989 *plen = frm - plen - 1; 990 return frm; 991 } 992 993 /* 994 * Add a vendor-specific WPA element to a frame. 995 * This is required for compatibility with Wi-Fi Alliance WPA. 996 */ 997 u_int8_t * 998 ieee80211_add_wpa(u_int8_t *frm, struct ieee80211com *ic, 999 const struct ieee80211_node *ni) 1000 { 1001 u_int8_t *plen; 1002 1003 *frm++ = IEEE80211_ELEMID_VENDOR; 1004 plen = frm++; /* length filled in later */ 1005 memcpy(frm, MICROSOFT_OUI, 3); frm += 3; 1006 *frm++ = 1; /* WPA */ 1007 frm = ieee80211_add_rsn_body(frm, ic, ni, 1); 1008 1009 /* write length field */ 1010 *plen = frm - plen - 1; 1011 return frm; 1012 } 1013 1014 /* 1015 * Add an extended supported rates element to a frame (see 7.3.2.14). 1016 */ 1017 u_int8_t * 1018 ieee80211_add_xrates(u_int8_t *frm, const struct ieee80211_rateset *rs) 1019 { 1020 int nrates; 1021 1022 KASSERT(rs->rs_nrates > IEEE80211_RATE_SIZE); 1023 1024 *frm++ = IEEE80211_ELEMID_XRATES; 1025 nrates = rs->rs_nrates - IEEE80211_RATE_SIZE; 1026 *frm++ = nrates; 1027 memcpy(frm, rs->rs_rates + IEEE80211_RATE_SIZE, nrates); 1028 return frm + nrates; 1029 } 1030 1031 #ifndef IEEE80211_NO_HT 1032 /* 1033 * Add an HT Capabilities element to a frame (see 7.3.2.57). 1034 */ 1035 u_int8_t * 1036 ieee80211_add_htcaps(u_int8_t *frm, struct ieee80211com *ic) 1037 { 1038 *frm++ = IEEE80211_ELEMID_HTCAPS; 1039 *frm++ = 26; 1040 LE_WRITE_2(frm, ic->ic_htcaps); frm += 2; 1041 *frm++ = 0; 1042 memcpy(frm, ic->ic_sup_mcs, 16); frm += 16; 1043 LE_WRITE_2(frm, ic->ic_htxcaps); frm += 2; 1044 LE_WRITE_4(frm, ic->ic_txbfcaps); frm += 4; 1045 *frm++ = ic->ic_aselcaps; 1046 return frm; 1047 } 1048 1049 #ifndef IEEE80211_STA_ONLY 1050 /* 1051 * Add an HT Operation element to a frame (see 7.3.2.58). 1052 */ 1053 u_int8_t * 1054 ieee80211_add_htop(u_int8_t *frm, struct ieee80211com *ic) 1055 { 1056 *frm++ = IEEE80211_ELEMID_HTOP; 1057 *frm++ = 22; 1058 *frm++ = ieee80211_chan2ieee(ic, ic->ic_bss->ni_chan); 1059 LE_WRITE_2(frm, 0); frm += 2; 1060 LE_WRITE_2(frm, 0); frm += 2; 1061 memset(frm, 0, 16); frm += 16; 1062 return frm; 1063 } 1064 #endif /* !IEEE80211_STA_ONLY */ 1065 #endif /* !IEEE80211_NO_HT */ 1066 1067 #ifndef IEEE80211_STA_ONLY 1068 /* 1069 * Add a Timeout Interval element to a frame (see 7.3.2.49). 1070 */ 1071 u_int8_t * 1072 ieee80211_add_tie(u_int8_t *frm, u_int8_t type, u_int32_t value) 1073 { 1074 *frm++ = IEEE80211_ELEMID_TIE; 1075 *frm++ = 5; /* length */ 1076 *frm++ = type; /* Timeout Interval type */ 1077 LE_WRITE_4(frm, value); 1078 return frm + 4; 1079 } 1080 #endif 1081 1082 struct mbuf * 1083 ieee80211_getmgmt(int flags, int type, u_int pktlen) 1084 { 1085 struct mbuf *m; 1086 1087 /* reserve space for 802.11 header */ 1088 pktlen += sizeof(struct ieee80211_frame); 1089 1090 if (pktlen > MCLBYTES) 1091 panic("management frame too large: %u", pktlen); 1092 MGETHDR(m, flags, type); 1093 if (m == NULL) 1094 return NULL; 1095 if (pktlen > MHLEN) { 1096 MCLGET(m, flags); 1097 if (!(m->m_flags & M_EXT)) 1098 return m_free(m); 1099 } 1100 m->m_data += sizeof(struct ieee80211_frame); 1101 return m; 1102 } 1103 1104 /*- 1105 * Probe request frame format: 1106 * [tlv] SSID 1107 * [tlv] Supported rates 1108 * [tlv] Extended Supported Rates (802.11g) 1109 * [tlv] HT Capabilities (802.11n) 1110 */ 1111 struct mbuf * 1112 ieee80211_get_probe_req(struct ieee80211com *ic, struct ieee80211_node *ni) 1113 { 1114 const struct ieee80211_rateset *rs = 1115 &ic->ic_sup_rates[ieee80211_chan2mode(ic, ni->ni_chan)]; 1116 struct mbuf *m; 1117 u_int8_t *frm; 1118 1119 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 1120 2 + ic->ic_des_esslen + 1121 2 + min(rs->rs_nrates, IEEE80211_RATE_SIZE) + 1122 ((rs->rs_nrates > IEEE80211_RATE_SIZE) ? 1123 2 + rs->rs_nrates - IEEE80211_RATE_SIZE : 0) + 1124 ((ni->ni_flags & IEEE80211_NODE_HT) ? 28 : 0)); 1125 if (m == NULL) 1126 return NULL; 1127 1128 frm = mtod(m, u_int8_t *); 1129 frm = ieee80211_add_ssid(frm, ic->ic_des_essid, ic->ic_des_esslen); 1130 frm = ieee80211_add_rates(frm, rs); 1131 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 1132 frm = ieee80211_add_xrates(frm, rs); 1133 #ifndef IEEE80211_NO_HT 1134 if (ni->ni_flags & IEEE80211_NODE_HT) 1135 frm = ieee80211_add_htcaps(frm, ic); 1136 #endif 1137 1138 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1139 1140 return m; 1141 } 1142 1143 #ifndef IEEE80211_STA_ONLY 1144 /*- 1145 * Probe response frame format: 1146 * [8] Timestamp 1147 * [2] Beacon interval 1148 * [2] Capability 1149 * [tlv] Service Set Identifier (SSID) 1150 * [tlv] Supported rates 1151 * [tlv] DS Parameter Set (802.11g) 1152 * [tlv] ERP Information (802.11g) 1153 * [tlv] Extended Supported Rates (802.11g) 1154 * [tlv] RSN (802.11i) 1155 * [tlv] EDCA Parameter Set (802.11e) 1156 * [tlv] HT Capabilities (802.11n) 1157 * [tlv] HT Operation (802.11n) 1158 */ 1159 struct mbuf * 1160 ieee80211_get_probe_resp(struct ieee80211com *ic, struct ieee80211_node *ni) 1161 { 1162 const struct ieee80211_rateset *rs = &ic->ic_bss->ni_rates; 1163 struct mbuf *m; 1164 u_int8_t *frm; 1165 1166 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 1167 8 + 2 + 2 + 1168 2 + ni->ni_esslen + 1169 2 + min(rs->rs_nrates, IEEE80211_RATE_SIZE) + 1170 2 + 1 + 1171 ((ic->ic_opmode == IEEE80211_M_IBSS) ? 2 + 2 : 0) + 1172 ((ic->ic_curmode == IEEE80211_MODE_11G) ? 2 + 1 : 0) + 1173 ((rs->rs_nrates > IEEE80211_RATE_SIZE) ? 1174 2 + rs->rs_nrates - IEEE80211_RATE_SIZE : 0) + 1175 (((ic->ic_flags & IEEE80211_F_RSNON) && 1176 (ic->ic_bss->ni_rsnprotos & IEEE80211_PROTO_RSN)) ? 1177 2 + IEEE80211_RSNIE_MAXLEN : 0) + 1178 ((ic->ic_flags & IEEE80211_F_QOS) ? 2 + 18 : 0) + 1179 (((ic->ic_flags & IEEE80211_F_RSNON) && 1180 (ic->ic_bss->ni_rsnprotos & IEEE80211_PROTO_WPA)) ? 1181 2 + IEEE80211_WPAIE_MAXLEN : 0) + 1182 ((ic->ic_flags & IEEE80211_F_HTON) ? 28 + 24 : 0)); 1183 if (m == NULL) 1184 return NULL; 1185 1186 frm = mtod(m, u_int8_t *); 1187 memset(frm, 0, 8); frm += 8; /* timestamp is set by hardware */ 1188 LE_WRITE_2(frm, ic->ic_bss->ni_intval); frm += 2; 1189 frm = ieee80211_add_capinfo(frm, ic, ni); 1190 frm = ieee80211_add_ssid(frm, ic->ic_bss->ni_essid, 1191 ic->ic_bss->ni_esslen); 1192 frm = ieee80211_add_rates(frm, rs); 1193 frm = ieee80211_add_ds_params(frm, ic, ni); 1194 if (ic->ic_opmode == IEEE80211_M_IBSS) 1195 frm = ieee80211_add_ibss_params(frm, ni); 1196 if (ic->ic_curmode == IEEE80211_MODE_11G) 1197 frm = ieee80211_add_erp(frm, ic); 1198 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 1199 frm = ieee80211_add_xrates(frm, rs); 1200 if ((ic->ic_flags & IEEE80211_F_RSNON) && 1201 (ic->ic_bss->ni_rsnprotos & IEEE80211_PROTO_RSN)) 1202 frm = ieee80211_add_rsn(frm, ic, ic->ic_bss); 1203 if (ic->ic_flags & IEEE80211_F_QOS) 1204 frm = ieee80211_add_edca_params(frm, ic); 1205 if ((ic->ic_flags & IEEE80211_F_RSNON) && 1206 (ic->ic_bss->ni_rsnprotos & IEEE80211_PROTO_WPA)) 1207 frm = ieee80211_add_wpa(frm, ic, ic->ic_bss); 1208 #ifndef IEEE80211_NO_HT 1209 if (ic->ic_flags & IEEE80211_F_HTON) { 1210 frm = ieee80211_add_htcaps(frm, ic); 1211 frm = ieee80211_add_htop(frm, ic); 1212 } 1213 #endif 1214 1215 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1216 1217 return m; 1218 } 1219 #endif /* IEEE80211_STA_ONLY */ 1220 1221 /*- 1222 * Authentication frame format: 1223 * [2] Authentication algorithm number 1224 * [2] Authentication transaction sequence number 1225 * [2] Status code 1226 */ 1227 struct mbuf * 1228 ieee80211_get_auth(struct ieee80211com *ic, struct ieee80211_node *ni, 1229 u_int16_t status, u_int16_t seq) 1230 { 1231 struct mbuf *m; 1232 u_int8_t *frm; 1233 1234 MGETHDR(m, M_DONTWAIT, MT_DATA); 1235 if (m == NULL) 1236 return NULL; 1237 MH_ALIGN(m, 2 * 3); 1238 m->m_pkthdr.len = m->m_len = 2 * 3; 1239 1240 frm = mtod(m, u_int8_t *); 1241 LE_WRITE_2(frm, IEEE80211_AUTH_ALG_OPEN); frm += 2; 1242 LE_WRITE_2(frm, seq); frm += 2; 1243 LE_WRITE_2(frm, status); 1244 1245 return m; 1246 } 1247 1248 /*- 1249 * Deauthentication frame format: 1250 * [2] Reason code 1251 */ 1252 struct mbuf * 1253 ieee80211_get_deauth(struct ieee80211com *ic, struct ieee80211_node *ni, 1254 u_int16_t reason) 1255 { 1256 struct mbuf *m; 1257 1258 MGETHDR(m, M_DONTWAIT, MT_DATA); 1259 if (m == NULL) 1260 return NULL; 1261 MH_ALIGN(m, 2); 1262 1263 m->m_pkthdr.len = m->m_len = 2; 1264 *mtod(m, u_int16_t *) = htole16(reason); 1265 1266 return m; 1267 } 1268 1269 /*- 1270 * (Re)Association request frame format: 1271 * [2] Capability information 1272 * [2] Listen interval 1273 * [6*] Current AP address (Reassociation only) 1274 * [tlv] SSID 1275 * [tlv] Supported rates 1276 * [tlv] Extended Supported Rates (802.11g) 1277 * [tlv] RSN (802.11i) 1278 * [tlv] QoS Capability (802.11e) 1279 * [tlv] HT Capabilities (802.11n) 1280 */ 1281 struct mbuf * 1282 ieee80211_get_assoc_req(struct ieee80211com *ic, struct ieee80211_node *ni, 1283 int type) 1284 { 1285 const struct ieee80211_rateset *rs = &ni->ni_rates; 1286 struct mbuf *m; 1287 u_int8_t *frm; 1288 u_int16_t capinfo; 1289 1290 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 1291 2 + 2 + 1292 ((type == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) ? 1293 IEEE80211_ADDR_LEN : 0) + 1294 2 + ni->ni_esslen + 1295 2 + min(rs->rs_nrates, IEEE80211_RATE_SIZE) + 1296 ((rs->rs_nrates > IEEE80211_RATE_SIZE) ? 1297 2 + rs->rs_nrates - IEEE80211_RATE_SIZE : 0) + 1298 (((ic->ic_flags & IEEE80211_F_RSNON) && 1299 (ni->ni_rsnprotos & IEEE80211_PROTO_RSN)) ? 1300 2 + IEEE80211_RSNIE_MAXLEN : 0) + 1301 ((ni->ni_flags & IEEE80211_NODE_QOS) ? 2 + 1 : 0) + 1302 (((ic->ic_flags & IEEE80211_F_RSNON) && 1303 (ni->ni_rsnprotos & IEEE80211_PROTO_WPA)) ? 1304 2 + IEEE80211_WPAIE_MAXLEN : 0) + 1305 ((ni->ni_flags & IEEE80211_NODE_HT) ? 28 : 0)); 1306 if (m == NULL) 1307 return NULL; 1308 1309 frm = mtod(m, u_int8_t *); 1310 capinfo = IEEE80211_CAPINFO_ESS; 1311 if (ic->ic_flags & IEEE80211_F_WEPON) 1312 capinfo |= IEEE80211_CAPINFO_PRIVACY; 1313 if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) && 1314 IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) 1315 capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE; 1316 if (ic->ic_caps & IEEE80211_C_SHSLOT) 1317 capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME; 1318 LE_WRITE_2(frm, capinfo); frm += 2; 1319 LE_WRITE_2(frm, ic->ic_lintval); frm += 2; 1320 if (type == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) { 1321 IEEE80211_ADDR_COPY(frm, ic->ic_bss->ni_bssid); 1322 frm += IEEE80211_ADDR_LEN; 1323 } 1324 frm = ieee80211_add_ssid(frm, ni->ni_essid, ni->ni_esslen); 1325 frm = ieee80211_add_rates(frm, rs); 1326 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 1327 frm = ieee80211_add_xrates(frm, rs); 1328 if ((ic->ic_flags & IEEE80211_F_RSNON) && 1329 (ni->ni_rsnprotos & IEEE80211_PROTO_RSN)) 1330 frm = ieee80211_add_rsn(frm, ic, ni); 1331 if (ni->ni_flags & IEEE80211_NODE_QOS) 1332 frm = ieee80211_add_qos_capability(frm, ic); 1333 if ((ic->ic_flags & IEEE80211_F_RSNON) && 1334 (ni->ni_rsnprotos & IEEE80211_PROTO_WPA)) 1335 frm = ieee80211_add_wpa(frm, ic, ni); 1336 #ifndef IEEE80211_NO_HT 1337 if (ni->ni_flags & IEEE80211_NODE_HT) 1338 frm = ieee80211_add_htcaps(frm, ic); 1339 #endif 1340 1341 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1342 1343 return m; 1344 } 1345 1346 #ifndef IEEE80211_STA_ONLY 1347 /*- 1348 * (Re)Association response frame format: 1349 * [2] Capability information 1350 * [2] Status code 1351 * [2] Association ID (AID) 1352 * [tlv] Supported rates 1353 * [tlv] Extended Supported Rates (802.11g) 1354 * [tlv] EDCA Parameter Set (802.11e) 1355 * [tlv] Timeout Interval (802.11w) 1356 * [tlv] HT Capabilities (802.11n) 1357 * [tlv] HT Operation (802.11n) 1358 */ 1359 struct mbuf * 1360 ieee80211_get_assoc_resp(struct ieee80211com *ic, struct ieee80211_node *ni, 1361 u_int16_t status) 1362 { 1363 const struct ieee80211_rateset *rs = &ni->ni_rates; 1364 struct mbuf *m; 1365 u_int8_t *frm; 1366 1367 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 1368 2 + 2 + 2 + 1369 2 + min(rs->rs_nrates, IEEE80211_RATE_SIZE) + 1370 ((rs->rs_nrates > IEEE80211_RATE_SIZE) ? 1371 2 + rs->rs_nrates - IEEE80211_RATE_SIZE : 0) + 1372 ((ni->ni_flags & IEEE80211_NODE_QOS) ? 2 + 18 : 0) + 1373 ((status == IEEE80211_STATUS_TRY_AGAIN_LATER) ? 2 + 7 : 0) + 1374 ((ni->ni_flags & IEEE80211_NODE_HT) ? 28 + 24 : 0)); 1375 if (m == NULL) 1376 return NULL; 1377 1378 frm = mtod(m, u_int8_t *); 1379 frm = ieee80211_add_capinfo(frm, ic, ni); 1380 LE_WRITE_2(frm, status); frm += 2; 1381 if (status == IEEE80211_STATUS_SUCCESS) 1382 LE_WRITE_2(frm, ni->ni_associd); 1383 else 1384 LE_WRITE_2(frm, 0); 1385 frm += 2; 1386 frm = ieee80211_add_rates(frm, rs); 1387 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 1388 frm = ieee80211_add_xrates(frm, rs); 1389 if (ni->ni_flags & IEEE80211_NODE_QOS) 1390 frm = ieee80211_add_edca_params(frm, ic); 1391 if ((ni->ni_flags & IEEE80211_NODE_MFP) && 1392 status == IEEE80211_STATUS_TRY_AGAIN_LATER) { 1393 /* Association Comeback Time */ 1394 frm = ieee80211_add_tie(frm, 3, 1000 /* XXX */); 1395 } 1396 #ifndef IEEE80211_NO_HT 1397 if (ni->ni_flags & IEEE80211_NODE_HT) { 1398 frm = ieee80211_add_htcaps(frm, ic); 1399 frm = ieee80211_add_htop(frm, ic); 1400 } 1401 #endif 1402 1403 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1404 1405 return m; 1406 } 1407 #endif /* IEEE80211_STA_ONLY */ 1408 1409 /*- 1410 * Disassociation frame format: 1411 * [2] Reason code 1412 */ 1413 struct mbuf * 1414 ieee80211_get_disassoc(struct ieee80211com *ic, struct ieee80211_node *ni, 1415 u_int16_t reason) 1416 { 1417 struct mbuf *m; 1418 1419 MGETHDR(m, M_DONTWAIT, MT_DATA); 1420 if (m == NULL) 1421 return NULL; 1422 MH_ALIGN(m, 2); 1423 1424 m->m_pkthdr.len = m->m_len = 2; 1425 *mtod(m, u_int16_t *) = htole16(reason); 1426 1427 return m; 1428 } 1429 1430 #ifndef IEEE80211_NO_HT 1431 /*- 1432 * ADDBA Request frame format: 1433 * [1] Category 1434 * [1] Action 1435 * [1] Dialog Token 1436 * [2] Block Ack Parameter Set 1437 * [2] Block Ack Timeout Value 1438 * [2] Block Ack Starting Sequence Control 1439 */ 1440 struct mbuf * 1441 ieee80211_get_addba_req(struct ieee80211com *ic, struct ieee80211_node *ni, 1442 u_int8_t tid) 1443 { 1444 struct ieee80211_tx_ba *ba = &ni->ni_tx_ba[tid]; 1445 struct mbuf *m; 1446 u_int8_t *frm; 1447 u_int16_t params; 1448 1449 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 9); 1450 if (m == NULL) 1451 return m; 1452 1453 frm = mtod(m, u_int8_t *); 1454 *frm++ = IEEE80211_CATEG_BA; 1455 *frm++ = IEEE80211_ACTION_ADDBA_REQ; 1456 *frm++ = ba->ba_token; 1457 params = ba->ba_winsize << 6 | tid << 2 | IEEE80211_BA_ACK_POLICY; 1458 LE_WRITE_2(frm, params); frm += 2; 1459 LE_WRITE_2(frm, ba->ba_timeout_val); frm += 2; 1460 LE_WRITE_2(frm, ba->ba_winstart); frm += 2; 1461 1462 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1463 1464 return m; 1465 } 1466 1467 /*- 1468 * ADDBA Response frame format: 1469 * [1] Category 1470 * [1] Action 1471 * [1] Dialog Token 1472 * [2] Status Code 1473 * [2] Block Ack Parameter Set 1474 * [2] Block Ack Timeout Value 1475 */ 1476 struct mbuf * 1477 ieee80211_get_addba_resp(struct ieee80211com *ic, struct ieee80211_node *ni, 1478 u_int8_t tid, u_int8_t token, u_int16_t status) 1479 { 1480 struct ieee80211_tx_ba *ba = &ni->ni_tx_ba[tid]; 1481 struct mbuf *m; 1482 u_int8_t *frm; 1483 u_int16_t params; 1484 1485 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 9); 1486 if (m == NULL) 1487 return m; 1488 1489 frm = mtod(m, u_int8_t *); 1490 *frm++ = IEEE80211_CATEG_BA; 1491 *frm++ = IEEE80211_ACTION_ADDBA_RESP; 1492 *frm++ = token; 1493 LE_WRITE_2(frm, status); frm += 2; 1494 params = tid << 2 | IEEE80211_BA_ACK_POLICY; 1495 if (status == 0) 1496 params |= ba->ba_winsize << 6; 1497 LE_WRITE_2(frm, params); frm += 2; 1498 if (status == 0) 1499 LE_WRITE_2(frm, ba->ba_timeout_val); 1500 else 1501 LE_WRITE_2(frm, 0); 1502 frm += 2; 1503 1504 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1505 1506 return m; 1507 } 1508 1509 /*- 1510 * DELBA frame format: 1511 * [1] Category 1512 * [1] Action 1513 * [2] DELBA Parameter Set 1514 * [2] Reason Code 1515 */ 1516 struct mbuf * 1517 ieee80211_get_delba(struct ieee80211com *ic, struct ieee80211_node *ni, 1518 u_int8_t tid, u_int8_t dir, u_int16_t reason) 1519 { 1520 struct mbuf *m; 1521 u_int8_t *frm; 1522 u_int16_t params; 1523 1524 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 6); 1525 if (m == NULL) 1526 return m; 1527 1528 frm = mtod(m, u_int8_t *); 1529 *frm++ = IEEE80211_CATEG_BA; 1530 *frm++ = IEEE80211_ACTION_DELBA; 1531 params = tid << 12; 1532 if (dir) 1533 params |= IEEE80211_DELBA_INITIATOR; 1534 LE_WRITE_2(frm, params); frm += 2; 1535 LE_WRITE_2(frm, reason); frm += 2; 1536 1537 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1538 1539 return m; 1540 } 1541 #endif /* !IEEE80211_NO_HT */ 1542 1543 /*- 1544 * SA Query Request/Reponse frame format: 1545 * [1] Category 1546 * [1] Action 1547 * [16] Transaction Identifier 1548 */ 1549 struct mbuf * 1550 ieee80211_get_sa_query(struct ieee80211com *ic, struct ieee80211_node *ni, 1551 u_int8_t action) 1552 { 1553 struct mbuf *m; 1554 u_int8_t *frm; 1555 1556 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 4); 1557 if (m == NULL) 1558 return NULL; 1559 1560 frm = mtod(m, u_int8_t *); 1561 *frm++ = IEEE80211_CATEG_SA_QUERY; 1562 *frm++ = action; /* ACTION_SA_QUERY_REQ/RESP */ 1563 LE_WRITE_2(frm, ni->ni_sa_query_trid); frm += 2; 1564 1565 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1566 1567 return m; 1568 } 1569 1570 struct mbuf * 1571 ieee80211_get_action(struct ieee80211com *ic, struct ieee80211_node *ni, 1572 u_int8_t categ, u_int8_t action, int arg) 1573 { 1574 struct mbuf *m = NULL; 1575 1576 switch (categ) { 1577 #ifndef IEEE80211_NO_HT 1578 case IEEE80211_CATEG_BA: 1579 switch (action) { 1580 case IEEE80211_ACTION_ADDBA_REQ: 1581 m = ieee80211_get_addba_req(ic, ni, arg & 0xffff); 1582 break; 1583 case IEEE80211_ACTION_ADDBA_RESP: 1584 m = ieee80211_get_addba_resp(ic, ni, arg & 0xff, 1585 arg >> 8, arg >> 16); 1586 break; 1587 case IEEE80211_ACTION_DELBA: 1588 m = ieee80211_get_delba(ic, ni, arg & 0xff, arg >> 8, 1589 arg >> 16); 1590 break; 1591 } 1592 break; 1593 #endif 1594 case IEEE80211_CATEG_SA_QUERY: 1595 switch (action) { 1596 #ifndef IEEE80211_STA_ONLY 1597 case IEEE80211_ACTION_SA_QUERY_REQ: 1598 #endif 1599 case IEEE80211_ACTION_SA_QUERY_RESP: 1600 m = ieee80211_get_sa_query(ic, ni, action); 1601 break; 1602 } 1603 break; 1604 } 1605 return m; 1606 } 1607 1608 /* 1609 * Send a management frame. The node is for the destination (or ic_bss 1610 * when in station mode). Nodes other than ic_bss have their reference 1611 * count bumped to reflect our use for an indeterminant time. 1612 */ 1613 int 1614 ieee80211_send_mgmt(struct ieee80211com *ic, struct ieee80211_node *ni, 1615 int type, int arg1, int arg2) 1616 { 1617 #define senderr(_x, _v) do { ic->ic_stats._v++; ret = _x; goto bad; } while (0) 1618 struct ifnet *ifp = &ic->ic_if; 1619 struct mbuf *m; 1620 int ret, timer; 1621 1622 if (ni == NULL) 1623 panic("null node"); 1624 1625 /* 1626 * Hold a reference on the node so it doesn't go away until after 1627 * the xmit is complete all the way in the driver. On error we 1628 * will remove our reference. 1629 */ 1630 ieee80211_ref_node(ni); 1631 timer = 0; 1632 switch (type) { 1633 case IEEE80211_FC0_SUBTYPE_PROBE_REQ: 1634 if ((m = ieee80211_get_probe_req(ic, ni)) == NULL) 1635 senderr(ENOMEM, is_tx_nombuf); 1636 1637 timer = IEEE80211_TRANS_WAIT; 1638 break; 1639 #ifndef IEEE80211_STA_ONLY 1640 case IEEE80211_FC0_SUBTYPE_PROBE_RESP: 1641 if ((m = ieee80211_get_probe_resp(ic, ni)) == NULL) 1642 senderr(ENOMEM, is_tx_nombuf); 1643 break; 1644 #endif 1645 case IEEE80211_FC0_SUBTYPE_AUTH: 1646 m = ieee80211_get_auth(ic, ni, arg1 >> 16, arg1 & 0xffff); 1647 if (m == NULL) 1648 senderr(ENOMEM, is_tx_nombuf); 1649 1650 if (ic->ic_opmode == IEEE80211_M_STA) 1651 timer = IEEE80211_TRANS_WAIT; 1652 break; 1653 1654 case IEEE80211_FC0_SUBTYPE_DEAUTH: 1655 if ((m = ieee80211_get_deauth(ic, ni, arg1)) == NULL) 1656 senderr(ENOMEM, is_tx_nombuf); 1657 1658 if (ifp->if_flags & IFF_DEBUG) { 1659 printf("%s: station %s deauthenticate (reason %d)\n", 1660 ifp->if_xname, ether_sprintf(ni->ni_macaddr), 1661 arg1); 1662 } 1663 break; 1664 1665 case IEEE80211_FC0_SUBTYPE_ASSOC_REQ: 1666 case IEEE80211_FC0_SUBTYPE_REASSOC_REQ: 1667 if ((m = ieee80211_get_assoc_req(ic, ni, type)) == NULL) 1668 senderr(ENOMEM, is_tx_nombuf); 1669 1670 timer = IEEE80211_TRANS_WAIT; 1671 break; 1672 #ifndef IEEE80211_STA_ONLY 1673 case IEEE80211_FC0_SUBTYPE_ASSOC_RESP: 1674 case IEEE80211_FC0_SUBTYPE_REASSOC_RESP: 1675 if ((m = ieee80211_get_assoc_resp(ic, ni, arg1)) == NULL) 1676 senderr(ENOMEM, is_tx_nombuf); 1677 break; 1678 #endif 1679 case IEEE80211_FC0_SUBTYPE_DISASSOC: 1680 if ((m = ieee80211_get_disassoc(ic, ni, arg1)) == NULL) 1681 senderr(ENOMEM, is_tx_nombuf); 1682 1683 if (ifp->if_flags & IFF_DEBUG) { 1684 printf("%s: station %s disassociate (reason %d)\n", 1685 ifp->if_xname, ether_sprintf(ni->ni_macaddr), 1686 arg1); 1687 } 1688 break; 1689 1690 case IEEE80211_FC0_SUBTYPE_ACTION: 1691 m = ieee80211_get_action(ic, ni, arg1 >> 16, arg1 & 0xffff, 1692 arg2); 1693 if (m == NULL) 1694 senderr(ENOMEM, is_tx_nombuf); 1695 break; 1696 1697 default: 1698 DPRINTF(("invalid mgmt frame type %u\n", type)); 1699 senderr(EINVAL, is_tx_unknownmgt); 1700 /* NOTREACHED */ 1701 } 1702 1703 ret = ieee80211_mgmt_output(ifp, ni, m, type); 1704 if (ret == 0) { 1705 if (timer) 1706 ic->ic_mgt_timer = timer; 1707 } else { 1708 bad: 1709 ieee80211_release_node(ic, ni); 1710 } 1711 return ret; 1712 #undef senderr 1713 } 1714 1715 /* 1716 * Build a RTS (Request To Send) control frame (see 7.2.1.1). 1717 */ 1718 struct mbuf * 1719 ieee80211_get_rts(struct ieee80211com *ic, const struct ieee80211_frame *wh, 1720 u_int16_t dur) 1721 { 1722 struct ieee80211_frame_rts *rts; 1723 struct mbuf *m; 1724 1725 MGETHDR(m, M_DONTWAIT, MT_DATA); 1726 if (m == NULL) 1727 return NULL; 1728 1729 m->m_pkthdr.len = m->m_len = sizeof(struct ieee80211_frame_rts); 1730 1731 rts = mtod(m, struct ieee80211_frame_rts *); 1732 rts->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_CTL | 1733 IEEE80211_FC0_SUBTYPE_RTS; 1734 rts->i_fc[1] = IEEE80211_FC1_DIR_NODS; 1735 *(u_int16_t *)rts->i_dur = htole16(dur); 1736 IEEE80211_ADDR_COPY(rts->i_ra, wh->i_addr1); 1737 IEEE80211_ADDR_COPY(rts->i_ta, wh->i_addr2); 1738 1739 return m; 1740 } 1741 1742 /* 1743 * Build a CTS-to-self (Clear To Send) control frame (see 7.2.1.2). 1744 */ 1745 struct mbuf * 1746 ieee80211_get_cts_to_self(struct ieee80211com *ic, u_int16_t dur) 1747 { 1748 struct ieee80211_frame_cts *cts; 1749 struct mbuf *m; 1750 1751 MGETHDR(m, M_DONTWAIT, MT_DATA); 1752 if (m == NULL) 1753 return NULL; 1754 1755 m->m_pkthdr.len = m->m_len = sizeof(struct ieee80211_frame_cts); 1756 1757 cts = mtod(m, struct ieee80211_frame_cts *); 1758 cts->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_CTL | 1759 IEEE80211_FC0_SUBTYPE_CTS; 1760 cts->i_fc[1] = IEEE80211_FC1_DIR_NODS; 1761 *(u_int16_t *)cts->i_dur = htole16(dur); 1762 IEEE80211_ADDR_COPY(cts->i_ra, ic->ic_myaddr); 1763 1764 return m; 1765 } 1766 1767 #ifndef IEEE80211_STA_ONLY 1768 /*- 1769 * Beacon frame format: 1770 * [8] Timestamp 1771 * [2] Beacon interval 1772 * [2] Capability 1773 * [tlv] Service Set Identifier (SSID) 1774 * [tlv] Supported rates 1775 * [tlv] DS Parameter Set (802.11g) 1776 * [tlv] IBSS Parameter Set 1777 * [tlv] Traffic Indication Map (TIM) 1778 * [tlv] ERP Information (802.11g) 1779 * [tlv] Extended Supported Rates (802.11g) 1780 * [tlv] RSN (802.11i) 1781 * [tlv] EDCA Parameter Set (802.11e) 1782 * [tlv] HT Capabilities (802.11n) 1783 * [tlv] HT Operation (802.11n) 1784 */ 1785 struct mbuf * 1786 ieee80211_beacon_alloc(struct ieee80211com *ic, struct ieee80211_node *ni) 1787 { 1788 const struct ieee80211_rateset *rs = &ni->ni_rates; 1789 struct ieee80211_frame *wh; 1790 struct mbuf *m; 1791 u_int8_t *frm; 1792 1793 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 1794 8 + 2 + 2 + 1795 2 + ((ic->ic_flags & IEEE80211_F_HIDENWID) ? 0 : ni->ni_esslen) + 1796 2 + min(rs->rs_nrates, IEEE80211_RATE_SIZE) + 1797 2 + 1 + 1798 2 + ((ic->ic_opmode == IEEE80211_M_IBSS) ? 2 : 254) + 1799 ((ic->ic_curmode == IEEE80211_MODE_11G) ? 2 + 1 : 0) + 1800 ((rs->rs_nrates > IEEE80211_RATE_SIZE) ? 1801 2 + rs->rs_nrates - IEEE80211_RATE_SIZE : 0) + 1802 (((ic->ic_flags & IEEE80211_F_RSNON) && 1803 (ni->ni_rsnprotos & IEEE80211_PROTO_RSN)) ? 1804 2 + IEEE80211_RSNIE_MAXLEN : 0) + 1805 ((ic->ic_flags & IEEE80211_F_QOS) ? 2 + 18 : 0) + 1806 (((ic->ic_flags & IEEE80211_F_RSNON) && 1807 (ni->ni_rsnprotos & IEEE80211_PROTO_WPA)) ? 1808 2 + IEEE80211_WPAIE_MAXLEN : 0) + 1809 ((ic->ic_flags & IEEE80211_F_HTON) ? 28 + 24 : 0)); 1810 if (m == NULL) 1811 return NULL; 1812 1813 M_PREPEND(m, sizeof(struct ieee80211_frame), M_DONTWAIT); 1814 if (m == NULL) 1815 return NULL; 1816 wh = mtod(m, struct ieee80211_frame *); 1817 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 1818 IEEE80211_FC0_SUBTYPE_BEACON; 1819 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 1820 *(u_int16_t *)wh->i_dur = 0; 1821 IEEE80211_ADDR_COPY(wh->i_addr1, etherbroadcastaddr); 1822 IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_myaddr); 1823 IEEE80211_ADDR_COPY(wh->i_addr3, ni->ni_bssid); 1824 *(u_int16_t *)wh->i_seq = 0; 1825 1826 frm = (u_int8_t *)&wh[1]; 1827 memset(frm, 0, 8); frm += 8; /* timestamp is set by hardware */ 1828 LE_WRITE_2(frm, ni->ni_intval); frm += 2; 1829 frm = ieee80211_add_capinfo(frm, ic, ni); 1830 if (ic->ic_flags & IEEE80211_F_HIDENWID) 1831 frm = ieee80211_add_ssid(frm, NULL, 0); 1832 else 1833 frm = ieee80211_add_ssid(frm, ni->ni_essid, ni->ni_esslen); 1834 frm = ieee80211_add_rates(frm, rs); 1835 frm = ieee80211_add_ds_params(frm, ic, ni); 1836 if (ic->ic_opmode == IEEE80211_M_IBSS) 1837 frm = ieee80211_add_ibss_params(frm, ni); 1838 else 1839 frm = ieee80211_add_tim(frm, ic); 1840 if (ic->ic_curmode == IEEE80211_MODE_11G) 1841 frm = ieee80211_add_erp(frm, ic); 1842 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 1843 frm = ieee80211_add_xrates(frm, rs); 1844 if ((ic->ic_flags & IEEE80211_F_RSNON) && 1845 (ni->ni_rsnprotos & IEEE80211_PROTO_RSN)) 1846 frm = ieee80211_add_rsn(frm, ic, ni); 1847 if (ic->ic_flags & IEEE80211_F_QOS) 1848 frm = ieee80211_add_edca_params(frm, ic); 1849 if ((ic->ic_flags & IEEE80211_F_RSNON) && 1850 (ni->ni_rsnprotos & IEEE80211_PROTO_WPA)) 1851 frm = ieee80211_add_wpa(frm, ic, ni); 1852 #ifndef IEEE80211_NO_HT 1853 if (ic->ic_flags & IEEE80211_F_HTON) { 1854 frm = ieee80211_add_htcaps(frm, ic); 1855 frm = ieee80211_add_htop(frm, ic); 1856 } 1857 #endif 1858 1859 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1860 m->m_pkthdr.rcvif = (void *)ni; 1861 1862 return m; 1863 } 1864 1865 /* 1866 * Check if an outgoing MSDU or management frame should be buffered into 1867 * the AP for power management. Return 1 if the frame was buffered into 1868 * the AP, or 0 if the frame shall be transmitted immediately. 1869 */ 1870 int 1871 ieee80211_pwrsave(struct ieee80211com *ic, struct mbuf *m, 1872 struct ieee80211_node *ni) 1873 { 1874 const struct ieee80211_frame *wh; 1875 1876 KASSERT(ic->ic_opmode == IEEE80211_M_HOSTAP); 1877 if (!(ic->ic_caps & IEEE80211_C_APPMGT)) 1878 return 0; 1879 1880 wh = mtod(m, struct ieee80211_frame *); 1881 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) { 1882 /* 1883 * Buffer group addressed MSDUs with the Order bit clear 1884 * if any associated STAs are in PS mode. 1885 */ 1886 if ((wh->i_fc[1] & IEEE80211_FC1_ORDER) || 1887 ic->ic_pssta == 0) 1888 return 0; 1889 ic->ic_tim_mcast_pending = 1; 1890 } else { 1891 /* 1892 * Buffer MSDUs, A-MSDUs or management frames destined for 1893 * PS STAs. 1894 */ 1895 if (ni->ni_pwrsave == IEEE80211_PS_AWAKE || 1896 (wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == 1897 IEEE80211_FC0_TYPE_CTL) 1898 return 0; 1899 if (IF_IS_EMPTY(&ni->ni_savedq)) 1900 (*ic->ic_set_tim)(ic, ni->ni_associd, 1); 1901 } 1902 /* NB: ni == ic->ic_bss for broadcast/multicast */ 1903 if (IF_QFULL(&ni->ni_savedq)) { 1904 /* XXX should we drop the oldest instead? */ 1905 IF_DROP(&ni->ni_savedq); 1906 m_freem(m); 1907 } else { 1908 IF_ENQUEUE(&ni->ni_savedq, m); 1909 /* 1910 * Similar to ieee80211_mgmt_output, store the node in the 1911 * rcvif field. 1912 */ 1913 m->m_pkthdr.rcvif = (void *)ni; 1914 } 1915 return 1; 1916 } 1917 #endif /* IEEE80211_STA_ONLY */ 1918