1 /* $OpenBSD: ieee80211_output.c,v 1.87 2009/05/24 07:46:04 damien Exp $ */ 2 /* $NetBSD: ieee80211_output.c,v 1.13 2004/05/31 11:02:55 dyoung Exp $ */ 3 4 /*- 5 * Copyright (c) 2001 Atsushi Onoe 6 * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting 7 * Copyright (c) 2007-2009 Damien Bergamini 8 * All rights reserved. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. The name of the author may not be used to endorse or promote products 19 * derived from this software without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 22 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 23 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 24 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 25 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 26 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 30 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 #include "bpfilter.h" 34 #include "vlan.h" 35 36 #include <sys/param.h> 37 #include <sys/systm.h> 38 #include <sys/mbuf.h> 39 #include <sys/kernel.h> 40 #include <sys/socket.h> 41 #include <sys/sockio.h> 42 #include <sys/endian.h> 43 #include <sys/errno.h> 44 #include <sys/proc.h> 45 #include <sys/sysctl.h> 46 47 #include <net/if.h> 48 #include <net/if_dl.h> 49 #include <net/if_media.h> 50 #include <net/if_arp.h> 51 #include <net/if_llc.h> 52 #include <net/bpf.h> 53 54 #ifdef INET 55 #include <netinet/in.h> 56 #include <netinet/if_ether.h> 57 #include <netinet/in_systm.h> 58 #include <netinet/ip.h> 59 #ifdef INET6 60 #include <netinet/ip6.h> 61 #endif 62 #endif 63 64 #if NVLAN > 0 65 #include <net/if_types.h> 66 #include <net/if_vlan_var.h> 67 #endif 68 69 #include <net80211/ieee80211_var.h> 70 #include <net80211/ieee80211_priv.h> 71 72 int ieee80211_classify(struct ieee80211com *, struct mbuf *); 73 int ieee80211_mgmt_output(struct ifnet *, struct ieee80211_node *, 74 struct mbuf *, int); 75 u_int8_t *ieee80211_add_rsn_body(u_int8_t *, struct ieee80211com *, 76 const struct ieee80211_node *, int); 77 struct mbuf *ieee80211_getmgmt(int, int, u_int); 78 struct mbuf *ieee80211_get_probe_req(struct ieee80211com *, 79 struct ieee80211_node *); 80 #ifndef IEEE80211_STA_ONLY 81 struct mbuf *ieee80211_get_probe_resp(struct ieee80211com *, 82 struct ieee80211_node *); 83 #endif 84 struct mbuf *ieee80211_get_auth(struct ieee80211com *, 85 struct ieee80211_node *, u_int16_t, u_int16_t); 86 struct mbuf *ieee80211_get_deauth(struct ieee80211com *, 87 struct ieee80211_node *, u_int16_t); 88 struct mbuf *ieee80211_get_assoc_req(struct ieee80211com *, 89 struct ieee80211_node *, int); 90 #ifndef IEEE80211_STA_ONLY 91 struct mbuf *ieee80211_get_assoc_resp(struct ieee80211com *, 92 struct ieee80211_node *, u_int16_t); 93 #endif 94 struct mbuf *ieee80211_get_disassoc(struct ieee80211com *, 95 struct ieee80211_node *, u_int16_t); 96 #ifndef IEEE80211_NO_HT 97 struct mbuf *ieee80211_get_addba_req(struct ieee80211com *, 98 struct ieee80211_node *, u_int8_t); 99 struct mbuf *ieee80211_get_addba_resp(struct ieee80211com *, 100 struct ieee80211_node *, u_int8_t, u_int8_t, u_int16_t); 101 struct mbuf *ieee80211_get_delba(struct ieee80211com *, 102 struct ieee80211_node *, u_int8_t, u_int8_t, u_int16_t); 103 #endif 104 struct mbuf *ieee80211_get_sa_query(struct ieee80211com *, 105 struct ieee80211_node *, u_int8_t); 106 struct mbuf *ieee80211_get_action(struct ieee80211com *, 107 struct ieee80211_node *, u_int8_t, u_int8_t, int); 108 109 /* 110 * IEEE 802.11 output routine. Normally this will directly call the 111 * Ethernet output routine because 802.11 encapsulation is called 112 * later by the driver. This function can be used to send raw frames 113 * if the mbuf has been tagged with a 802.11 data link type. 114 */ 115 int 116 ieee80211_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, 117 struct rtentry *rt) 118 { 119 struct ieee80211_frame *wh; 120 struct m_tag *mtag; 121 int s, len, error = 0; 122 u_short mflags; 123 124 /* Interface has to be up and running */ 125 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) != 126 (IFF_UP | IFF_RUNNING)) { 127 error = ENETDOWN; 128 goto bad; 129 } 130 131 /* Try to get the DLT from a mbuf tag */ 132 if ((mtag = m_tag_find(m, PACKET_TAG_DLT, NULL)) != NULL) { 133 struct ieee80211com *ic = (void *)ifp; 134 u_int dlt = *(u_int *)(mtag + 1); 135 136 /* Fallback to ethernet for non-802.11 linktypes */ 137 if (!(dlt == DLT_IEEE802_11 || dlt == DLT_IEEE802_11_RADIO)) 138 goto fallback; 139 140 if (m->m_pkthdr.len < sizeof(struct ieee80211_frame_min)) 141 return (EINVAL); 142 wh = mtod(m, struct ieee80211_frame *); 143 if ((wh->i_fc[0] & IEEE80211_FC0_VERSION_MASK) != 144 IEEE80211_FC0_VERSION_0) 145 return (EINVAL); 146 if (!(ic->ic_caps & IEEE80211_C_RAWCTL) && 147 (wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == 148 IEEE80211_FC0_TYPE_CTL) 149 return (EINVAL); 150 151 /* 152 * Queue message on interface without adding any 153 * further headers, and start output if interface not 154 * yet active. 155 */ 156 mflags = m->m_flags; 157 len = m->m_pkthdr.len; 158 s = splnet(); 159 IFQ_ENQUEUE(&ifp->if_snd, m, NULL, error); 160 if (error) { 161 /* mbuf is already freed */ 162 splx(s); 163 printf("%s: failed to queue raw tx frame\n", 164 ifp->if_xname); 165 return (error); 166 } 167 ifp->if_obytes += len; 168 if (mflags & M_MCAST) 169 ifp->if_omcasts++; 170 if ((ifp->if_flags & IFF_OACTIVE) == 0) 171 (*ifp->if_start)(ifp); 172 splx(s); 173 174 return (error); 175 } 176 177 fallback: 178 return (ether_output(ifp, m, dst, rt)); 179 180 bad: 181 if (m) 182 m_freem(m); 183 return (error); 184 } 185 186 /* 187 * Send a management frame to the specified node. The node pointer 188 * must have a reference as the pointer will be passed to the driver 189 * and potentially held for a long time. If the frame is successfully 190 * dispatched to the driver, then it is responsible for freeing the 191 * reference (and potentially free'ing up any associated storage). 192 */ 193 int 194 ieee80211_mgmt_output(struct ifnet *ifp, struct ieee80211_node *ni, 195 struct mbuf *m, int type) 196 { 197 struct ieee80211com *ic = (void *)ifp; 198 struct ieee80211_frame *wh; 199 200 if (ni == NULL) 201 panic("null node"); 202 ni->ni_inact = 0; 203 204 /* 205 * Yech, hack alert! We want to pass the node down to the 206 * driver's start routine. We could stick this in an m_tag 207 * and tack that on to the mbuf. However that's rather 208 * expensive to do for every frame so instead we stuff it in 209 * the rcvif field since outbound frames do not (presently) 210 * use this. 211 */ 212 M_PREPEND(m, sizeof(struct ieee80211_frame), M_DONTWAIT); 213 if (m == NULL) 214 return ENOMEM; 215 m->m_pkthdr.rcvif = (void *)ni; 216 217 wh = mtod(m, struct ieee80211_frame *); 218 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | type; 219 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 220 *(u_int16_t *)&wh->i_dur[0] = 0; 221 *(u_int16_t *)&wh->i_seq[0] = 222 htole16(ni->ni_txseq << IEEE80211_SEQ_SEQ_SHIFT); 223 ni->ni_txseq++; 224 IEEE80211_ADDR_COPY(wh->i_addr1, ni->ni_macaddr); 225 IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_myaddr); 226 IEEE80211_ADDR_COPY(wh->i_addr3, ni->ni_bssid); 227 228 /* check if protection is required for this mgmt frame */ 229 if ((ic->ic_caps & IEEE80211_C_MFP) && 230 (type == IEEE80211_FC0_SUBTYPE_DISASSOC || 231 type == IEEE80211_FC0_SUBTYPE_DEAUTH || 232 type == IEEE80211_FC0_SUBTYPE_ACTION)) { 233 /* 234 * Hack: we should not set the Protected bit in outgoing 235 * group management frames, however it is used as an 236 * indication to the drivers that they must encrypt the 237 * frame. Drivers should clear this bit from group 238 * management frames (software crypto code will do it). 239 * XXX could use an mbuf flag.. 240 */ 241 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 242 (ni->ni_flags & IEEE80211_NODE_TXMGMTPROT)) 243 wh->i_fc[1] |= IEEE80211_FC1_PROTECTED; 244 } 245 246 if (ifp->if_flags & IFF_DEBUG) { 247 /* avoid to print too many frames */ 248 if ( 249 #ifndef IEEE80211_STA_ONLY 250 ic->ic_opmode == IEEE80211_M_IBSS || 251 #endif 252 #ifdef IEEE80211_DEBUG 253 ieee80211_debug > 1 || 254 #endif 255 (type & IEEE80211_FC0_SUBTYPE_MASK) != 256 IEEE80211_FC0_SUBTYPE_PROBE_RESP) 257 printf("%s: sending %s to %s on channel %u mode %s\n", 258 ifp->if_xname, 259 ieee80211_mgt_subtype_name[ 260 (type & IEEE80211_FC0_SUBTYPE_MASK) 261 >> IEEE80211_FC0_SUBTYPE_SHIFT], 262 ether_sprintf(ni->ni_macaddr), 263 ieee80211_chan2ieee(ic, ni->ni_chan), 264 ieee80211_phymode_name[ 265 ieee80211_chan2mode(ic, ni->ni_chan)]); 266 } 267 268 #ifndef IEEE80211_STA_ONLY 269 if (ic->ic_opmode == IEEE80211_M_HOSTAP && 270 ieee80211_pwrsave(ic, m, ni) != 0) 271 return 0; 272 #endif 273 IF_ENQUEUE(&ic->ic_mgtq, m); 274 ifp->if_timer = 1; 275 (*ifp->if_start)(ifp); 276 return 0; 277 } 278 279 /*- 280 * EDCA tables are computed using the following formulas: 281 * 282 * 1) EDCATable (non-AP QSTA) 283 * 284 * AC CWmin CWmax AIFSN TXOP limit(ms) 285 * ------------------------------------------------------------- 286 * AC_BK aCWmin aCWmax 7 0 287 * AC_BE aCWmin aCWmax 3 0 288 * AC_VI (aCWmin+1)/2-1 aCWmin 2 agn=3.008 b=6.016 others=0 289 * AC_VO (aCWmin+1)/4-1 (aCWmin+1)/2-1 2 agn=1.504 b=3.264 others=0 290 * 291 * 2) QAPEDCATable (QAP) 292 * 293 * AC CWmin CWmax AIFSN TXOP limit(ms) 294 * ------------------------------------------------------------- 295 * AC_BK aCWmin aCWmax 7 0 296 * AC_BE aCWmin 4*(aCWmin+1)-1 3 0 297 * AC_VI (aCWmin+1)/2-1 aCWmin 1 agn=3.008 b=6.016 others=0 298 * AC_VO (aCWmin+1)/4-1 (aCWmin+1)/2-1 1 agn=1.504 b=3.264 others=0 299 * 300 * and the following aCWmin/aCWmax values: 301 * 302 * PHY aCWmin aCWmax 303 * --------------------------- 304 * 11A 15 1023 305 * 11B 31 1023 306 * 11G 15* 1023 (*) aCWmin(1) 307 * Turbo A/G 7 1023 (Atheros proprietary mode) 308 */ 309 static const struct ieee80211_edca_ac_params 310 ieee80211_edca_table[IEEE80211_MODE_MAX][EDCA_NUM_AC] = { 311 [IEEE80211_MODE_11B] = { 312 [EDCA_AC_BK] = { 5, 10, 7, 0 }, 313 [EDCA_AC_BE] = { 5, 10, 3, 0 }, 314 [EDCA_AC_VI] = { 4, 5, 2, 188 }, 315 [EDCA_AC_VO] = { 3, 4, 2, 102 } 316 }, 317 [IEEE80211_MODE_11A] = { 318 [EDCA_AC_BK] = { 4, 10, 7, 0 }, 319 [EDCA_AC_BE] = { 4, 10, 3, 0 }, 320 [EDCA_AC_VI] = { 3, 4, 2, 94 }, 321 [EDCA_AC_VO] = { 2, 3, 2, 47 } 322 }, 323 [IEEE80211_MODE_11G] = { 324 [EDCA_AC_BK] = { 4, 10, 7, 0 }, 325 [EDCA_AC_BE] = { 4, 10, 3, 0 }, 326 [EDCA_AC_VI] = { 3, 4, 2, 94 }, 327 [EDCA_AC_VO] = { 2, 3, 2, 47 } 328 }, 329 [IEEE80211_MODE_TURBO] = { 330 [EDCA_AC_BK] = { 3, 10, 7, 0 }, 331 [EDCA_AC_BE] = { 3, 10, 2, 0 }, 332 [EDCA_AC_VI] = { 2, 3, 2, 94 }, 333 [EDCA_AC_VO] = { 2, 2, 1, 47 } 334 } 335 }; 336 337 #ifndef IEEE80211_STA_ONLY 338 static const struct ieee80211_edca_ac_params 339 ieee80211_qap_edca_table[IEEE80211_MODE_MAX][EDCA_NUM_AC] = { 340 [IEEE80211_MODE_11B] = { 341 [EDCA_AC_BK] = { 5, 10, 7, 0 }, 342 [EDCA_AC_BE] = { 5, 7, 3, 0 }, 343 [EDCA_AC_VI] = { 4, 5, 1, 188 }, 344 [EDCA_AC_VO] = { 3, 4, 1, 102 } 345 }, 346 [IEEE80211_MODE_11A] = { 347 [EDCA_AC_BK] = { 4, 10, 7, 0 }, 348 [EDCA_AC_BE] = { 4, 6, 3, 0 }, 349 [EDCA_AC_VI] = { 3, 4, 1, 94 }, 350 [EDCA_AC_VO] = { 2, 3, 1, 47 } 351 }, 352 [IEEE80211_MODE_11G] = { 353 [EDCA_AC_BK] = { 4, 10, 7, 0 }, 354 [EDCA_AC_BE] = { 4, 6, 3, 0 }, 355 [EDCA_AC_VI] = { 3, 4, 1, 94 }, 356 [EDCA_AC_VO] = { 2, 3, 1, 47 } 357 }, 358 [IEEE80211_MODE_TURBO] = { 359 [EDCA_AC_BK] = { 3, 10, 7, 0 }, 360 [EDCA_AC_BE] = { 3, 5, 2, 0 }, 361 [EDCA_AC_VI] = { 2, 3, 1, 94 }, 362 [EDCA_AC_VO] = { 2, 2, 1, 47 } 363 } 364 }; 365 #endif /* IEEE80211_STA_ONLY */ 366 367 /* 368 * Return the EDCA Access Category to be used for transmitting a frame with 369 * user-priority `up'. 370 */ 371 enum ieee80211_edca_ac 372 ieee80211_up_to_ac(struct ieee80211com *ic, int up) 373 { 374 /* see Table 9-1 */ 375 static const enum ieee80211_edca_ac up_to_ac[] = { 376 EDCA_AC_BE, /* BE */ 377 EDCA_AC_BK, /* BK */ 378 EDCA_AC_BK, /* -- */ 379 EDCA_AC_BE, /* EE */ 380 EDCA_AC_VI, /* CL */ 381 EDCA_AC_VI, /* VI */ 382 EDCA_AC_VO, /* VO */ 383 EDCA_AC_VO /* NC */ 384 }; 385 enum ieee80211_edca_ac ac; 386 387 ac = (up <= 7) ? up_to_ac[up] : EDCA_AC_BE; 388 389 #ifndef IEEE80211_STA_ONLY 390 if (ic->ic_opmode == IEEE80211_M_HOSTAP) 391 return ac; 392 #endif 393 /* 394 * We do not support the admission control procedure defined in 395 * IEEE Std 802.11-2007 section 9.9.3.1.2. The spec says that 396 * non-AP QSTAs that don't support this procedure shall use EDCA 397 * parameters of a lower priority AC that does not require 398 * admission control. 399 */ 400 while (ac != EDCA_AC_BK && ic->ic_edca_ac[ac].ac_acm) { 401 switch (ac) { 402 case EDCA_AC_BK: 403 /* can't get there */ 404 break; 405 case EDCA_AC_BE: 406 /* BE shouldn't require admission control */ 407 ac = EDCA_AC_BK; 408 break; 409 case EDCA_AC_VI: 410 ac = EDCA_AC_BE; 411 break; 412 case EDCA_AC_VO: 413 ac = EDCA_AC_VI; 414 break; 415 } 416 } 417 return ac; 418 } 419 420 /* 421 * Get mbuf's user-priority: if mbuf is not VLAN tagged, select user-priority 422 * based on the DSCP (Differentiated Services Codepoint) field. 423 */ 424 int 425 ieee80211_classify(struct ieee80211com *ic, struct mbuf *m) 426 { 427 #ifdef INET 428 struct ether_header *eh; 429 u_int8_t ds_field; 430 #endif 431 #if NVLAN > 0 432 if (m->m_flags & M_VLANTAG) /* use VLAN 802.1D user-priority */ 433 return EVL_PRIOFTAG(m->m_pkthdr.ether_vtag); 434 #endif 435 #ifdef INET 436 eh = mtod(m, struct ether_header *); 437 if (eh->ether_type == htons(ETHERTYPE_IP)) { 438 struct ip *ip = (struct ip *)&eh[1]; 439 if (ip->ip_v != 4) 440 return 0; 441 ds_field = ip->ip_tos; 442 } 443 #ifdef INET6 444 else if (eh->ether_type == htons(ETHERTYPE_IPV6)) { 445 struct ip6_hdr *ip6 = (struct ip6_hdr *)&eh[1]; 446 u_int32_t flowlabel; 447 448 flowlabel = ntohl(ip6->ip6_flow); 449 if ((flowlabel >> 28) != 6) 450 return 0; 451 ds_field = (flowlabel >> 20) & 0xff; 452 } 453 #endif /* INET6 */ 454 else /* neither IPv4 nor IPv6 */ 455 return 0; 456 457 /* 458 * Map Differentiated Services Codepoint field (see RFC2474). 459 * Preserves backward compatibility with IP Precedence field. 460 */ 461 switch (ds_field & 0xfc) { 462 case IPTOS_PREC_PRIORITY: 463 return 2; 464 case IPTOS_PREC_IMMEDIATE: 465 return 1; 466 case IPTOS_PREC_FLASH: 467 return 3; 468 case IPTOS_PREC_FLASHOVERRIDE: 469 return 4; 470 case IPTOS_PREC_CRITIC_ECP: 471 return 5; 472 case IPTOS_PREC_INTERNETCONTROL: 473 return 6; 474 case IPTOS_PREC_NETCONTROL: 475 return 7; 476 } 477 #endif /* INET */ 478 return 0; /* default to Best-Effort */ 479 } 480 481 /* 482 * Encapsulate an outbound data frame. The mbuf chain is updated and 483 * a reference to the destination node is returned. If an error is 484 * encountered NULL is returned and the node reference will also be NULL. 485 * 486 * NB: The caller is responsible for free'ing a returned node reference. 487 * The convention is ic_bss is not reference counted; the caller must 488 * maintain that. 489 */ 490 struct mbuf * 491 ieee80211_encap(struct ifnet *ifp, struct mbuf *m, struct ieee80211_node **pni) 492 { 493 struct ieee80211com *ic = (void *)ifp; 494 struct ether_header eh; 495 struct ieee80211_frame *wh; 496 struct ieee80211_node *ni = NULL; 497 struct llc *llc; 498 struct m_tag *mtag; 499 u_int8_t *addr; 500 u_int dlt, hdrlen; 501 int addqos, tid; 502 503 /* Handle raw frames if mbuf is tagged as 802.11 */ 504 if ((mtag = m_tag_find(m, PACKET_TAG_DLT, NULL)) != NULL) { 505 dlt = *(u_int *)(mtag + 1); 506 507 if (!(dlt == DLT_IEEE802_11 || dlt == DLT_IEEE802_11_RADIO)) 508 goto fallback; 509 510 wh = mtod(m, struct ieee80211_frame *); 511 switch (wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) { 512 case IEEE80211_FC1_DIR_NODS: 513 case IEEE80211_FC1_DIR_FROMDS: 514 addr = wh->i_addr1; 515 break; 516 case IEEE80211_FC1_DIR_DSTODS: 517 case IEEE80211_FC1_DIR_TODS: 518 addr = wh->i_addr3; 519 break; 520 default: 521 goto bad; 522 } 523 524 ni = ieee80211_find_txnode(ic, addr); 525 if (ni == NULL) 526 ni = ieee80211_ref_node(ic->ic_bss); 527 if (ni == NULL) { 528 printf("%s: no node for dst %s, " 529 "discard raw tx frame\n", ifp->if_xname, 530 ether_sprintf(addr)); 531 ic->ic_stats.is_tx_nonode++; 532 goto bad; 533 } 534 ni->ni_inact = 0; 535 536 *pni = ni; 537 return (m); 538 } 539 540 fallback: 541 if (m->m_len < sizeof(struct ether_header)) { 542 m = m_pullup(m, sizeof(struct ether_header)); 543 if (m == NULL) { 544 ic->ic_stats.is_tx_nombuf++; 545 goto bad; 546 } 547 } 548 memcpy(&eh, mtod(m, caddr_t), sizeof(struct ether_header)); 549 550 ni = ieee80211_find_txnode(ic, eh.ether_dhost); 551 if (ni == NULL) { 552 DPRINTF(("no node for dst %s, discard frame\n", 553 ether_sprintf(eh.ether_dhost))); 554 ic->ic_stats.is_tx_nonode++; 555 goto bad; 556 } 557 558 if ((ic->ic_flags & IEEE80211_F_RSNON) && 559 !ni->ni_port_valid && 560 eh.ether_type != htons(ETHERTYPE_PAE)) { 561 DPRINTF(("port not valid: %s\n", 562 ether_sprintf(eh.ether_dhost))); 563 ic->ic_stats.is_tx_noauth++; 564 goto bad; 565 } 566 567 if ((ic->ic_flags & IEEE80211_F_COUNTERM) && 568 ni->ni_rsncipher == IEEE80211_CIPHER_TKIP) 569 /* XXX TKIP countermeasures! */; 570 571 ni->ni_inact = 0; 572 573 if ((ic->ic_flags & IEEE80211_F_QOS) && 574 (ni->ni_flags & IEEE80211_NODE_QOS) && 575 /* do not QoS-encapsulate EAPOL frames */ 576 eh.ether_type != htons(ETHERTYPE_PAE)) { 577 tid = ieee80211_classify(ic, m); 578 hdrlen = sizeof(struct ieee80211_qosframe); 579 addqos = 1; 580 } else { 581 hdrlen = sizeof(struct ieee80211_frame); 582 addqos = 0; 583 } 584 m_adj(m, sizeof(struct ether_header) - LLC_SNAPFRAMELEN); 585 llc = mtod(m, struct llc *); 586 llc->llc_dsap = llc->llc_ssap = LLC_SNAP_LSAP; 587 llc->llc_control = LLC_UI; 588 llc->llc_snap.org_code[0] = 0; 589 llc->llc_snap.org_code[1] = 0; 590 llc->llc_snap.org_code[2] = 0; 591 llc->llc_snap.ether_type = eh.ether_type; 592 M_PREPEND(m, hdrlen, M_DONTWAIT); 593 if (m == NULL) { 594 ic->ic_stats.is_tx_nombuf++; 595 goto bad; 596 } 597 wh = mtod(m, struct ieee80211_frame *); 598 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_DATA; 599 *(u_int16_t *)&wh->i_dur[0] = 0; 600 if (addqos) { 601 struct ieee80211_qosframe *qwh = 602 (struct ieee80211_qosframe *)wh; 603 u_int16_t qos = tid; 604 605 if (ic->ic_tid_noack & (1 << tid)) 606 qos |= IEEE80211_QOS_ACK_POLICY_NOACK; 607 #ifndef IEEE80211_NO_HT 608 else if (ni->ni_tx_ba[tid].ba_state == IEEE80211_BA_AGREED) 609 qos |= IEEE80211_QOS_ACK_POLICY_BA; 610 #endif 611 qwh->i_fc[0] |= IEEE80211_FC0_SUBTYPE_QOS; 612 *(u_int16_t *)qwh->i_qos = htole16(qos); 613 *(u_int16_t *)qwh->i_seq = 614 htole16(ni->ni_qos_txseqs[tid] << IEEE80211_SEQ_SEQ_SHIFT); 615 ni->ni_qos_txseqs[tid]++; 616 } else { 617 *(u_int16_t *)&wh->i_seq[0] = 618 htole16(ni->ni_txseq << IEEE80211_SEQ_SEQ_SHIFT); 619 ni->ni_txseq++; 620 } 621 switch (ic->ic_opmode) { 622 case IEEE80211_M_STA: 623 wh->i_fc[1] = IEEE80211_FC1_DIR_TODS; 624 IEEE80211_ADDR_COPY(wh->i_addr1, ni->ni_bssid); 625 IEEE80211_ADDR_COPY(wh->i_addr2, eh.ether_shost); 626 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_dhost); 627 break; 628 #ifndef IEEE80211_STA_ONLY 629 case IEEE80211_M_IBSS: 630 case IEEE80211_M_AHDEMO: 631 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 632 IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost); 633 IEEE80211_ADDR_COPY(wh->i_addr2, eh.ether_shost); 634 IEEE80211_ADDR_COPY(wh->i_addr3, ic->ic_bss->ni_bssid); 635 break; 636 case IEEE80211_M_HOSTAP: 637 wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS; 638 IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost); 639 IEEE80211_ADDR_COPY(wh->i_addr2, ni->ni_bssid); 640 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_shost); 641 break; 642 #endif 643 default: 644 /* should not get there */ 645 goto bad; 646 } 647 648 if ((ic->ic_flags & IEEE80211_F_WEPON) || 649 ((ic->ic_flags & IEEE80211_F_RSNON) && 650 (ni->ni_flags & IEEE80211_NODE_TXPROT))) 651 wh->i_fc[1] |= IEEE80211_FC1_PROTECTED; 652 653 #ifndef IEEE80211_STA_ONLY 654 if (ic->ic_opmode == IEEE80211_M_HOSTAP && 655 ieee80211_pwrsave(ic, m, ni) != 0) { 656 *pni = NULL; 657 return NULL; 658 } 659 #endif 660 *pni = ni; 661 return m; 662 bad: 663 if (m != NULL) 664 m_freem(m); 665 if (ni != NULL) 666 ieee80211_release_node(ic, ni); 667 *pni = NULL; 668 return NULL; 669 } 670 671 /* 672 * Add a Capability Information field to a frame (see 7.3.1.4). 673 */ 674 u_int8_t * 675 ieee80211_add_capinfo(u_int8_t *frm, struct ieee80211com *ic, 676 const struct ieee80211_node *ni) 677 { 678 u_int16_t capinfo; 679 680 #ifndef IEEE80211_STA_ONLY 681 if (ic->ic_opmode == IEEE80211_M_IBSS) 682 capinfo = IEEE80211_CAPINFO_IBSS; 683 else if (ic->ic_opmode == IEEE80211_M_HOSTAP) 684 capinfo = IEEE80211_CAPINFO_ESS; 685 else 686 #endif 687 capinfo = 0; 688 #ifndef IEEE80211_STA_ONLY 689 if (ic->ic_opmode == IEEE80211_M_HOSTAP && 690 (ic->ic_flags & (IEEE80211_F_WEPON | IEEE80211_F_RSNON))) 691 capinfo |= IEEE80211_CAPINFO_PRIVACY; 692 #endif 693 /* NB: some 11a AP's reject the request when short preamble is set */ 694 if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) && 695 IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) 696 capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE; 697 if (ic->ic_flags & IEEE80211_F_SHSLOT) 698 capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME; 699 LE_WRITE_2(frm, capinfo); 700 return frm + 2; 701 } 702 703 /* 704 * Add an SSID element to a frame (see 7.3.2.1). 705 */ 706 u_int8_t * 707 ieee80211_add_ssid(u_int8_t *frm, const u_int8_t *ssid, u_int len) 708 { 709 *frm++ = IEEE80211_ELEMID_SSID; 710 *frm++ = len; 711 memcpy(frm, ssid, len); 712 return frm + len; 713 } 714 715 /* 716 * Add a supported rates element to a frame (see 7.3.2.2). 717 */ 718 u_int8_t * 719 ieee80211_add_rates(u_int8_t *frm, const struct ieee80211_rateset *rs) 720 { 721 int nrates; 722 723 *frm++ = IEEE80211_ELEMID_RATES; 724 nrates = min(rs->rs_nrates, IEEE80211_RATE_SIZE); 725 *frm++ = nrates; 726 memcpy(frm, rs->rs_rates, nrates); 727 return frm + nrates; 728 } 729 730 #ifndef IEEE80211_STA_ONLY 731 /* 732 * Add a DS Parameter Set element to a frame (see 7.3.2.4). 733 */ 734 u_int8_t * 735 ieee80211_add_ds_params(u_int8_t *frm, struct ieee80211com *ic, 736 const struct ieee80211_node *ni) 737 { 738 *frm++ = IEEE80211_ELEMID_DSPARMS; 739 *frm++ = 1; 740 *frm++ = ieee80211_chan2ieee(ic, ni->ni_chan); 741 return frm; 742 } 743 744 /* 745 * Add a TIM element to a frame (see 7.3.2.6 and Annex L). 746 */ 747 u_int8_t * 748 ieee80211_add_tim(u_int8_t *frm, struct ieee80211com *ic) 749 { 750 u_int i, offset = 0, len; 751 752 /* find first non-zero octet in the virtual bit map */ 753 for (i = 0; i < ic->ic_tim_len && ic->ic_tim_bitmap[i] == 0; i++); 754 755 /* clear the lsb as it is reserved for the broadcast indication bit */ 756 if (i < ic->ic_tim_len) 757 offset = i & ~1; 758 759 /* find last non-zero octet in the virtual bit map */ 760 for (i = ic->ic_tim_len - 1; i > 0 && ic->ic_tim_bitmap[i] == 0; i--); 761 762 len = i - offset + 1; 763 764 *frm++ = IEEE80211_ELEMID_TIM; 765 *frm++ = len + 3; /* length */ 766 *frm++ = ic->ic_dtim_count; /* DTIM count */ 767 *frm++ = ic->ic_dtim_period; /* DTIM period */ 768 769 /* Bitmap Control */ 770 *frm = offset; 771 /* set broadcast/multicast indication bit if necessary */ 772 if (ic->ic_dtim_count == 0 && ic->ic_tim_mcast_pending) 773 *frm |= 0x01; 774 frm++; 775 776 /* Partial Virtual Bitmap */ 777 memcpy(frm, &ic->ic_tim_bitmap[offset], len); 778 return frm + len; 779 } 780 781 /* 782 * Add an IBSS Parameter Set element to a frame (see 7.3.2.7). 783 */ 784 u_int8_t * 785 ieee80211_add_ibss_params(u_int8_t *frm, const struct ieee80211_node *ni) 786 { 787 *frm++ = IEEE80211_ELEMID_IBSSPARMS; 788 *frm++ = 2; 789 LE_WRITE_2(frm, 0); /* TODO: ATIM window */ 790 return frm + 2; 791 } 792 793 /* 794 * Add an EDCA Parameter Set element to a frame (see 7.3.2.29). 795 */ 796 u_int8_t * 797 ieee80211_add_edca_params(u_int8_t *frm, struct ieee80211com *ic) 798 { 799 const struct ieee80211_edca_ac_params *edca; 800 int aci; 801 802 *frm++ = IEEE80211_ELEMID_EDCAPARMS; 803 *frm++ = 18; /* length */ 804 *frm++ = 0; /* QoS Info */ 805 *frm++ = 0; /* reserved */ 806 807 /* setup AC Parameter Records */ 808 edca = ieee80211_qap_edca_table[ic->ic_curmode]; 809 for (aci = 0; aci < EDCA_NUM_AC; aci++) { 810 const struct ieee80211_edca_ac_params *ac = &edca[aci]; 811 812 *frm++ = (aci << 5) | ((ac->ac_acm & 0x1) << 4) | 813 (ac->ac_aifsn & 0xf); 814 *frm++ = (ac->ac_ecwmax << 4) | 815 (ac->ac_ecwmin & 0xf); 816 LE_WRITE_2(frm, ac->ac_txoplimit); frm += 2; 817 } 818 return frm; 819 } 820 821 /* 822 * Add an ERP element to a frame (see 7.3.2.13). 823 */ 824 u_int8_t * 825 ieee80211_add_erp(u_int8_t *frm, struct ieee80211com *ic) 826 { 827 u_int8_t erp; 828 829 *frm++ = IEEE80211_ELEMID_ERP; 830 *frm++ = 1; 831 erp = 0; 832 /* 833 * The NonERP_Present bit shall be set to 1 when a NonERP STA 834 * is associated with the BSS. 835 */ 836 if (ic->ic_nonerpsta != 0) 837 erp |= IEEE80211_ERP_NON_ERP_PRESENT; 838 /* 839 * If one or more NonERP STAs are associated in the BSS, the 840 * Use_Protection bit shall be set to 1 in transmitted ERP 841 * Information Elements. 842 */ 843 if (ic->ic_flags & IEEE80211_F_USEPROT) 844 erp |= IEEE80211_ERP_USE_PROTECTION; 845 /* 846 * The Barker_Preamble_Mode bit shall be set to 1 by the ERP 847 * Information Element sender if one or more associated NonERP 848 * STAs are not short preamble capable. 849 */ 850 if (!(ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 851 erp |= IEEE80211_ERP_BARKER_MODE; 852 *frm++ = erp; 853 return frm; 854 } 855 #endif /* IEEE80211_STA_ONLY */ 856 857 /* 858 * Add a QoS Capability element to a frame (see 7.3.2.35). 859 */ 860 u_int8_t * 861 ieee80211_add_qos_capability(u_int8_t *frm, struct ieee80211com *ic) 862 { 863 *frm++ = IEEE80211_ELEMID_QOS_CAP; 864 *frm++ = 1; 865 *frm++ = 0; /* QoS Info */ 866 return frm; 867 } 868 869 /* 870 * Add an RSN element to a frame (see 7.3.2.25). 871 */ 872 u_int8_t * 873 ieee80211_add_rsn_body(u_int8_t *frm, struct ieee80211com *ic, 874 const struct ieee80211_node *ni, int wpa) 875 { 876 const u_int8_t *oui = wpa ? MICROSOFT_OUI : IEEE80211_OUI; 877 u_int8_t *pcount; 878 u_int16_t count; 879 880 /* write Version field */ 881 LE_WRITE_2(frm, 1); frm += 2; 882 883 /* write Group Data Cipher Suite field (see Table 20da) */ 884 memcpy(frm, oui, 3); frm += 3; 885 switch (ni->ni_rsngroupcipher) { 886 case IEEE80211_CIPHER_WEP40: 887 *frm++ = 1; 888 break; 889 case IEEE80211_CIPHER_TKIP: 890 *frm++ = 2; 891 break; 892 case IEEE80211_CIPHER_CCMP: 893 *frm++ = 4; 894 break; 895 case IEEE80211_CIPHER_WEP104: 896 *frm++ = 5; 897 break; 898 default: 899 /* can't get there */ 900 panic("invalid group data cipher!"); 901 } 902 903 pcount = frm; frm += 2; 904 count = 0; 905 /* write Pairwise Cipher Suite List */ 906 if (ni->ni_rsnciphers & IEEE80211_CIPHER_USEGROUP) { 907 memcpy(frm, oui, 3); frm += 3; 908 *frm++ = 0; 909 count++; 910 } 911 if (ni->ni_rsnciphers & IEEE80211_CIPHER_TKIP) { 912 memcpy(frm, oui, 3); frm += 3; 913 *frm++ = 2; 914 count++; 915 } 916 if (ni->ni_rsnciphers & IEEE80211_CIPHER_CCMP) { 917 memcpy(frm, oui, 3); frm += 3; 918 *frm++ = 4; 919 count++; 920 } 921 /* write Pairwise Cipher Suite Count field */ 922 LE_WRITE_2(pcount, count); 923 924 pcount = frm; frm += 2; 925 count = 0; 926 /* write AKM Suite List (see Table 20dc) */ 927 if (ni->ni_rsnakms & IEEE80211_AKM_8021X) { 928 memcpy(frm, oui, 3); frm += 3; 929 *frm++ = 1; 930 count++; 931 } 932 if (ni->ni_rsnakms & IEEE80211_AKM_PSK) { 933 memcpy(frm, oui, 3); frm += 3; 934 *frm++ = 2; 935 count++; 936 } 937 if (!wpa && (ni->ni_rsnakms & IEEE80211_AKM_SHA256_8021X)) { 938 memcpy(frm, oui, 3); frm += 3; 939 *frm++ = 5; 940 count++; 941 } 942 if (!wpa && (ni->ni_rsnakms & IEEE80211_AKM_SHA256_PSK)) { 943 memcpy(frm, oui, 3); frm += 3; 944 *frm++ = 6; 945 count++; 946 } 947 /* write AKM Suite List Count field */ 948 LE_WRITE_2(pcount, count); 949 950 if (wpa) 951 return frm; 952 953 /* write RSN Capabilities field */ 954 LE_WRITE_2(frm, ni->ni_rsncaps); frm += 2; 955 956 if (ni->ni_flags & IEEE80211_NODE_PMKID) { 957 /* write PMKID Count field */ 958 LE_WRITE_2(frm, 1); frm += 2; 959 /* write PMKID List (only 1) */ 960 memcpy(frm, ni->ni_pmkid, IEEE80211_PMKID_LEN); 961 frm += IEEE80211_PMKID_LEN; 962 } else { 963 /* no PMKID (PMKID Count=0) */ 964 LE_WRITE_2(frm, 0); frm += 2; 965 } 966 967 if (!(ic->ic_caps & IEEE80211_C_MFP)) 968 return frm; 969 970 /* write Group Integrity Cipher Suite field */ 971 memcpy(frm, oui, 3); frm += 3; 972 switch (ic->ic_rsngroupmgmtcipher) { 973 case IEEE80211_CIPHER_BIP: 974 *frm++ = 6; 975 break; 976 default: 977 /* can't get there */ 978 panic("invalid integrity group cipher!"); 979 } 980 return frm; 981 } 982 983 u_int8_t * 984 ieee80211_add_rsn(u_int8_t *frm, struct ieee80211com *ic, 985 const struct ieee80211_node *ni) 986 { 987 u_int8_t *plen; 988 989 *frm++ = IEEE80211_ELEMID_RSN; 990 plen = frm++; /* length filled in later */ 991 frm = ieee80211_add_rsn_body(frm, ic, ni, 0); 992 993 /* write length field */ 994 *plen = frm - plen - 1; 995 return frm; 996 } 997 998 /* 999 * Add a vendor-specific WPA element to a frame. 1000 * This is required for compatibility with Wi-Fi Alliance WPA. 1001 */ 1002 u_int8_t * 1003 ieee80211_add_wpa(u_int8_t *frm, struct ieee80211com *ic, 1004 const struct ieee80211_node *ni) 1005 { 1006 u_int8_t *plen; 1007 1008 *frm++ = IEEE80211_ELEMID_VENDOR; 1009 plen = frm++; /* length filled in later */ 1010 memcpy(frm, MICROSOFT_OUI, 3); frm += 3; 1011 *frm++ = 1; /* WPA */ 1012 frm = ieee80211_add_rsn_body(frm, ic, ni, 1); 1013 1014 /* write length field */ 1015 *plen = frm - plen - 1; 1016 return frm; 1017 } 1018 1019 /* 1020 * Add an extended supported rates element to a frame (see 7.3.2.14). 1021 */ 1022 u_int8_t * 1023 ieee80211_add_xrates(u_int8_t *frm, const struct ieee80211_rateset *rs) 1024 { 1025 int nrates; 1026 1027 KASSERT(rs->rs_nrates > IEEE80211_RATE_SIZE); 1028 1029 *frm++ = IEEE80211_ELEMID_XRATES; 1030 nrates = rs->rs_nrates - IEEE80211_RATE_SIZE; 1031 *frm++ = nrates; 1032 memcpy(frm, rs->rs_rates + IEEE80211_RATE_SIZE, nrates); 1033 return frm + nrates; 1034 } 1035 1036 #ifndef IEEE80211_NO_HT 1037 /* 1038 * Add an HT Capabilities element to a frame (see 7.3.2.57). 1039 */ 1040 u_int8_t * 1041 ieee80211_add_htcaps(u_int8_t *frm, struct ieee80211com *ic) 1042 { 1043 *frm++ = IEEE80211_ELEMID_HTCAPS; 1044 *frm++ = 26; 1045 LE_WRITE_2(frm, ic->ic_htcaps); frm += 2; 1046 *frm++ = 0; 1047 memcpy(frm, ic->ic_sup_mcs, 16); frm += 16; 1048 LE_WRITE_2(frm, ic->ic_htxcaps); frm += 2; 1049 LE_WRITE_4(frm, ic->ic_txbfcaps); frm += 4; 1050 *frm++ = ic->ic_aselcaps; 1051 return frm; 1052 } 1053 1054 #ifndef IEEE80211_STA_ONLY 1055 /* 1056 * Add an HT Operation element to a frame (see 7.3.2.58). 1057 */ 1058 u_int8_t * 1059 ieee80211_add_htop(u_int8_t *frm, struct ieee80211com *ic) 1060 { 1061 *frm++ = IEEE80211_ELEMID_HTOP; 1062 *frm++ = 22; 1063 *frm++ = ieee80211_chan2ieee(ic, ic->ic_bss->ni_chan); 1064 LE_WRITE_2(frm, 0); frm += 2; 1065 LE_WRITE_2(frm, 0); frm += 2; 1066 memset(frm, 0, 16); frm += 16; 1067 return frm; 1068 } 1069 #endif /* !IEEE80211_STA_ONLY */ 1070 #endif /* !IEEE80211_NO_HT */ 1071 1072 #ifndef IEEE80211_STA_ONLY 1073 /* 1074 * Add a Timeout Interval element to a frame (see 7.3.2.49). 1075 */ 1076 u_int8_t * 1077 ieee80211_add_tie(u_int8_t *frm, u_int8_t type, u_int32_t value) 1078 { 1079 *frm++ = IEEE80211_ELEMID_TIE; 1080 *frm++ = 5; /* length */ 1081 *frm++ = type; /* Timeout Interval type */ 1082 LE_WRITE_4(frm, value); 1083 return frm + 4; 1084 } 1085 #endif 1086 1087 struct mbuf * 1088 ieee80211_getmgmt(int flags, int type, u_int pktlen) 1089 { 1090 struct mbuf *m; 1091 1092 /* reserve space for 802.11 header */ 1093 pktlen += sizeof(struct ieee80211_frame); 1094 1095 if (pktlen > MCLBYTES) 1096 panic("management frame too large: %u", pktlen); 1097 MGETHDR(m, flags, type); 1098 if (m == NULL) 1099 return NULL; 1100 if (pktlen > MHLEN) { 1101 MCLGET(m, flags); 1102 if (!(m->m_flags & M_EXT)) 1103 return m_free(m); 1104 } 1105 m->m_data += sizeof(struct ieee80211_frame); 1106 return m; 1107 } 1108 1109 /*- 1110 * Probe request frame format: 1111 * [tlv] SSID 1112 * [tlv] Supported rates 1113 * [tlv] Extended Supported Rates (802.11g) 1114 * [tlv] HT Capabilities (802.11n) 1115 */ 1116 struct mbuf * 1117 ieee80211_get_probe_req(struct ieee80211com *ic, struct ieee80211_node *ni) 1118 { 1119 const struct ieee80211_rateset *rs = 1120 &ic->ic_sup_rates[ieee80211_chan2mode(ic, ni->ni_chan)]; 1121 struct mbuf *m; 1122 u_int8_t *frm; 1123 1124 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 1125 2 + ic->ic_des_esslen + 1126 2 + min(rs->rs_nrates, IEEE80211_RATE_SIZE) + 1127 ((rs->rs_nrates > IEEE80211_RATE_SIZE) ? 1128 2 + rs->rs_nrates - IEEE80211_RATE_SIZE : 0) + 1129 ((ni->ni_flags & IEEE80211_NODE_HT) ? 28 : 0)); 1130 if (m == NULL) 1131 return NULL; 1132 1133 frm = mtod(m, u_int8_t *); 1134 frm = ieee80211_add_ssid(frm, ic->ic_des_essid, ic->ic_des_esslen); 1135 frm = ieee80211_add_rates(frm, rs); 1136 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 1137 frm = ieee80211_add_xrates(frm, rs); 1138 #ifndef IEEE80211_NO_HT 1139 if (ni->ni_flags & IEEE80211_NODE_HT) 1140 frm = ieee80211_add_htcaps(frm, ic); 1141 #endif 1142 1143 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1144 1145 return m; 1146 } 1147 1148 #ifndef IEEE80211_STA_ONLY 1149 /*- 1150 * Probe response frame format: 1151 * [8] Timestamp 1152 * [2] Beacon interval 1153 * [2] Capability 1154 * [tlv] Service Set Identifier (SSID) 1155 * [tlv] Supported rates 1156 * [tlv] DS Parameter Set (802.11g) 1157 * [tlv] ERP Information (802.11g) 1158 * [tlv] Extended Supported Rates (802.11g) 1159 * [tlv] RSN (802.11i) 1160 * [tlv] EDCA Parameter Set (802.11e) 1161 * [tlv] HT Capabilities (802.11n) 1162 * [tlv] HT Operation (802.11n) 1163 */ 1164 struct mbuf * 1165 ieee80211_get_probe_resp(struct ieee80211com *ic, struct ieee80211_node *ni) 1166 { 1167 const struct ieee80211_rateset *rs = &ic->ic_bss->ni_rates; 1168 struct mbuf *m; 1169 u_int8_t *frm; 1170 1171 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 1172 8 + 2 + 2 + 1173 2 + ni->ni_esslen + 1174 2 + min(rs->rs_nrates, IEEE80211_RATE_SIZE) + 1175 2 + 1 + 1176 ((ic->ic_opmode == IEEE80211_M_IBSS) ? 2 + 2 : 0) + 1177 ((ic->ic_curmode == IEEE80211_MODE_11G) ? 2 + 1 : 0) + 1178 ((rs->rs_nrates > IEEE80211_RATE_SIZE) ? 1179 2 + rs->rs_nrates - IEEE80211_RATE_SIZE : 0) + 1180 (((ic->ic_flags & IEEE80211_F_RSNON) && 1181 (ic->ic_bss->ni_rsnprotos & IEEE80211_PROTO_RSN)) ? 1182 2 + IEEE80211_RSNIE_MAXLEN : 0) + 1183 ((ic->ic_flags & IEEE80211_F_QOS) ? 2 + 18 : 0) + 1184 (((ic->ic_flags & IEEE80211_F_RSNON) && 1185 (ic->ic_bss->ni_rsnprotos & IEEE80211_PROTO_WPA)) ? 1186 2 + IEEE80211_WPAIE_MAXLEN : 0) + 1187 ((ic->ic_flags & IEEE80211_F_HTON) ? 28 + 24 : 0)); 1188 if (m == NULL) 1189 return NULL; 1190 1191 frm = mtod(m, u_int8_t *); 1192 memset(frm, 0, 8); frm += 8; /* timestamp is set by hardware */ 1193 LE_WRITE_2(frm, ic->ic_bss->ni_intval); frm += 2; 1194 frm = ieee80211_add_capinfo(frm, ic, ni); 1195 frm = ieee80211_add_ssid(frm, ic->ic_bss->ni_essid, 1196 ic->ic_bss->ni_esslen); 1197 frm = ieee80211_add_rates(frm, rs); 1198 frm = ieee80211_add_ds_params(frm, ic, ni); 1199 if (ic->ic_opmode == IEEE80211_M_IBSS) 1200 frm = ieee80211_add_ibss_params(frm, ni); 1201 if (ic->ic_curmode == IEEE80211_MODE_11G) 1202 frm = ieee80211_add_erp(frm, ic); 1203 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 1204 frm = ieee80211_add_xrates(frm, rs); 1205 if ((ic->ic_flags & IEEE80211_F_RSNON) && 1206 (ic->ic_bss->ni_rsnprotos & IEEE80211_PROTO_RSN)) 1207 frm = ieee80211_add_rsn(frm, ic, ic->ic_bss); 1208 if (ic->ic_flags & IEEE80211_F_QOS) 1209 frm = ieee80211_add_edca_params(frm, ic); 1210 if ((ic->ic_flags & IEEE80211_F_RSNON) && 1211 (ic->ic_bss->ni_rsnprotos & IEEE80211_PROTO_WPA)) 1212 frm = ieee80211_add_wpa(frm, ic, ic->ic_bss); 1213 #ifndef IEEE80211_NO_HT 1214 if (ic->ic_flags & IEEE80211_F_HTON) { 1215 frm = ieee80211_add_htcaps(frm, ic); 1216 frm = ieee80211_add_htop(frm, ic); 1217 } 1218 #endif 1219 1220 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1221 1222 return m; 1223 } 1224 #endif /* IEEE80211_STA_ONLY */ 1225 1226 /*- 1227 * Authentication frame format: 1228 * [2] Authentication algorithm number 1229 * [2] Authentication transaction sequence number 1230 * [2] Status code 1231 */ 1232 struct mbuf * 1233 ieee80211_get_auth(struct ieee80211com *ic, struct ieee80211_node *ni, 1234 u_int16_t status, u_int16_t seq) 1235 { 1236 struct mbuf *m; 1237 u_int8_t *frm; 1238 1239 MGETHDR(m, M_DONTWAIT, MT_DATA); 1240 if (m == NULL) 1241 return NULL; 1242 MH_ALIGN(m, 2 * 3); 1243 m->m_pkthdr.len = m->m_len = 2 * 3; 1244 1245 frm = mtod(m, u_int8_t *); 1246 LE_WRITE_2(frm, IEEE80211_AUTH_ALG_OPEN); frm += 2; 1247 LE_WRITE_2(frm, seq); frm += 2; 1248 LE_WRITE_2(frm, status); 1249 1250 return m; 1251 } 1252 1253 /*- 1254 * Deauthentication frame format: 1255 * [2] Reason code 1256 */ 1257 struct mbuf * 1258 ieee80211_get_deauth(struct ieee80211com *ic, struct ieee80211_node *ni, 1259 u_int16_t reason) 1260 { 1261 struct mbuf *m; 1262 1263 MGETHDR(m, M_DONTWAIT, MT_DATA); 1264 if (m == NULL) 1265 return NULL; 1266 MH_ALIGN(m, 2); 1267 1268 m->m_pkthdr.len = m->m_len = 2; 1269 *mtod(m, u_int16_t *) = htole16(reason); 1270 1271 return m; 1272 } 1273 1274 /*- 1275 * (Re)Association request frame format: 1276 * [2] Capability information 1277 * [2] Listen interval 1278 * [6*] Current AP address (Reassociation only) 1279 * [tlv] SSID 1280 * [tlv] Supported rates 1281 * [tlv] Extended Supported Rates (802.11g) 1282 * [tlv] RSN (802.11i) 1283 * [tlv] QoS Capability (802.11e) 1284 * [tlv] HT Capabilities (802.11n) 1285 */ 1286 struct mbuf * 1287 ieee80211_get_assoc_req(struct ieee80211com *ic, struct ieee80211_node *ni, 1288 int type) 1289 { 1290 const struct ieee80211_rateset *rs = &ni->ni_rates; 1291 struct mbuf *m; 1292 u_int8_t *frm; 1293 u_int16_t capinfo; 1294 1295 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 1296 2 + 2 + 1297 ((type == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) ? 1298 IEEE80211_ADDR_LEN : 0) + 1299 2 + ni->ni_esslen + 1300 2 + min(rs->rs_nrates, IEEE80211_RATE_SIZE) + 1301 ((rs->rs_nrates > IEEE80211_RATE_SIZE) ? 1302 2 + rs->rs_nrates - IEEE80211_RATE_SIZE : 0) + 1303 (((ic->ic_flags & IEEE80211_F_RSNON) && 1304 (ni->ni_rsnprotos & IEEE80211_PROTO_RSN)) ? 1305 2 + IEEE80211_RSNIE_MAXLEN : 0) + 1306 ((ni->ni_flags & IEEE80211_NODE_QOS) ? 2 + 1 : 0) + 1307 (((ic->ic_flags & IEEE80211_F_RSNON) && 1308 (ni->ni_rsnprotos & IEEE80211_PROTO_WPA)) ? 1309 2 + IEEE80211_WPAIE_MAXLEN : 0) + 1310 ((ni->ni_flags & IEEE80211_NODE_HT) ? 28 : 0)); 1311 if (m == NULL) 1312 return NULL; 1313 1314 frm = mtod(m, u_int8_t *); 1315 capinfo = IEEE80211_CAPINFO_ESS; 1316 if (ic->ic_flags & IEEE80211_F_WEPON) 1317 capinfo |= IEEE80211_CAPINFO_PRIVACY; 1318 if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) && 1319 IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) 1320 capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE; 1321 if (ic->ic_caps & IEEE80211_C_SHSLOT) 1322 capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME; 1323 LE_WRITE_2(frm, capinfo); frm += 2; 1324 LE_WRITE_2(frm, ic->ic_lintval); frm += 2; 1325 if (type == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) { 1326 IEEE80211_ADDR_COPY(frm, ic->ic_bss->ni_bssid); 1327 frm += IEEE80211_ADDR_LEN; 1328 } 1329 frm = ieee80211_add_ssid(frm, ni->ni_essid, ni->ni_esslen); 1330 frm = ieee80211_add_rates(frm, rs); 1331 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 1332 frm = ieee80211_add_xrates(frm, rs); 1333 if ((ic->ic_flags & IEEE80211_F_RSNON) && 1334 (ni->ni_rsnprotos & IEEE80211_PROTO_RSN)) 1335 frm = ieee80211_add_rsn(frm, ic, ni); 1336 if (ni->ni_flags & IEEE80211_NODE_QOS) 1337 frm = ieee80211_add_qos_capability(frm, ic); 1338 if ((ic->ic_flags & IEEE80211_F_RSNON) && 1339 (ni->ni_rsnprotos & IEEE80211_PROTO_WPA)) 1340 frm = ieee80211_add_wpa(frm, ic, ni); 1341 #ifndef IEEE80211_NO_HT 1342 if (ni->ni_flags & IEEE80211_NODE_HT) 1343 frm = ieee80211_add_htcaps(frm, ic); 1344 #endif 1345 1346 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1347 1348 return m; 1349 } 1350 1351 #ifndef IEEE80211_STA_ONLY 1352 /*- 1353 * (Re)Association response frame format: 1354 * [2] Capability information 1355 * [2] Status code 1356 * [2] Association ID (AID) 1357 * [tlv] Supported rates 1358 * [tlv] Extended Supported Rates (802.11g) 1359 * [tlv] EDCA Parameter Set (802.11e) 1360 * [tlv] Timeout Interval (802.11w) 1361 * [tlv] HT Capabilities (802.11n) 1362 * [tlv] HT Operation (802.11n) 1363 */ 1364 struct mbuf * 1365 ieee80211_get_assoc_resp(struct ieee80211com *ic, struct ieee80211_node *ni, 1366 u_int16_t status) 1367 { 1368 const struct ieee80211_rateset *rs = &ni->ni_rates; 1369 struct mbuf *m; 1370 u_int8_t *frm; 1371 1372 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 1373 2 + 2 + 2 + 1374 2 + min(rs->rs_nrates, IEEE80211_RATE_SIZE) + 1375 ((rs->rs_nrates > IEEE80211_RATE_SIZE) ? 1376 2 + rs->rs_nrates - IEEE80211_RATE_SIZE : 0) + 1377 ((ni->ni_flags & IEEE80211_NODE_QOS) ? 2 + 18 : 0) + 1378 ((status == IEEE80211_STATUS_TRY_AGAIN_LATER) ? 2 + 7 : 0) + 1379 ((ni->ni_flags & IEEE80211_NODE_HT) ? 28 + 24 : 0)); 1380 if (m == NULL) 1381 return NULL; 1382 1383 frm = mtod(m, u_int8_t *); 1384 frm = ieee80211_add_capinfo(frm, ic, ni); 1385 LE_WRITE_2(frm, status); frm += 2; 1386 if (status == IEEE80211_STATUS_SUCCESS) 1387 LE_WRITE_2(frm, ni->ni_associd); 1388 else 1389 LE_WRITE_2(frm, 0); 1390 frm += 2; 1391 frm = ieee80211_add_rates(frm, rs); 1392 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 1393 frm = ieee80211_add_xrates(frm, rs); 1394 if (ni->ni_flags & IEEE80211_NODE_QOS) 1395 frm = ieee80211_add_edca_params(frm, ic); 1396 if ((ni->ni_flags & IEEE80211_NODE_MFP) && 1397 status == IEEE80211_STATUS_TRY_AGAIN_LATER) { 1398 /* Association Comeback Time */ 1399 frm = ieee80211_add_tie(frm, 3, 1000 /* XXX */); 1400 } 1401 #ifndef IEEE80211_NO_HT 1402 if (ni->ni_flags & IEEE80211_NODE_HT) { 1403 frm = ieee80211_add_htcaps(frm, ic); 1404 frm = ieee80211_add_htop(frm, ic); 1405 } 1406 #endif 1407 1408 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1409 1410 return m; 1411 } 1412 #endif /* IEEE80211_STA_ONLY */ 1413 1414 /*- 1415 * Disassociation frame format: 1416 * [2] Reason code 1417 */ 1418 struct mbuf * 1419 ieee80211_get_disassoc(struct ieee80211com *ic, struct ieee80211_node *ni, 1420 u_int16_t reason) 1421 { 1422 struct mbuf *m; 1423 1424 MGETHDR(m, M_DONTWAIT, MT_DATA); 1425 if (m == NULL) 1426 return NULL; 1427 MH_ALIGN(m, 2); 1428 1429 m->m_pkthdr.len = m->m_len = 2; 1430 *mtod(m, u_int16_t *) = htole16(reason); 1431 1432 return m; 1433 } 1434 1435 #ifndef IEEE80211_NO_HT 1436 /*- 1437 * ADDBA Request frame format: 1438 * [1] Category 1439 * [1] Action 1440 * [1] Dialog Token 1441 * [2] Block Ack Parameter Set 1442 * [2] Block Ack Timeout Value 1443 * [2] Block Ack Starting Sequence Control 1444 */ 1445 struct mbuf * 1446 ieee80211_get_addba_req(struct ieee80211com *ic, struct ieee80211_node *ni, 1447 u_int8_t tid) 1448 { 1449 struct ieee80211_tx_ba *ba = &ni->ni_tx_ba[tid]; 1450 struct mbuf *m; 1451 u_int8_t *frm; 1452 u_int16_t params; 1453 1454 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 9); 1455 if (m == NULL) 1456 return m; 1457 1458 frm = mtod(m, u_int8_t *); 1459 *frm++ = IEEE80211_CATEG_BA; 1460 *frm++ = IEEE80211_ACTION_ADDBA_REQ; 1461 *frm++ = ba->ba_token; 1462 params = ba->ba_winsize << 6 | tid << 2 | IEEE80211_BA_ACK_POLICY; 1463 LE_WRITE_2(frm, params); frm += 2; 1464 LE_WRITE_2(frm, ba->ba_timeout_val); frm += 2; 1465 LE_WRITE_2(frm, ba->ba_winstart); frm += 2; 1466 1467 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1468 1469 return m; 1470 } 1471 1472 /*- 1473 * ADDBA Response frame format: 1474 * [1] Category 1475 * [1] Action 1476 * [1] Dialog Token 1477 * [2] Status Code 1478 * [2] Block Ack Parameter Set 1479 * [2] Block Ack Timeout Value 1480 */ 1481 struct mbuf * 1482 ieee80211_get_addba_resp(struct ieee80211com *ic, struct ieee80211_node *ni, 1483 u_int8_t tid, u_int8_t token, u_int16_t status) 1484 { 1485 struct ieee80211_tx_ba *ba = &ni->ni_tx_ba[tid]; 1486 struct mbuf *m; 1487 u_int8_t *frm; 1488 u_int16_t params; 1489 1490 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 9); 1491 if (m == NULL) 1492 return m; 1493 1494 frm = mtod(m, u_int8_t *); 1495 *frm++ = IEEE80211_CATEG_BA; 1496 *frm++ = IEEE80211_ACTION_ADDBA_RESP; 1497 *frm++ = token; 1498 LE_WRITE_2(frm, status); frm += 2; 1499 params = tid << 2 | IEEE80211_BA_ACK_POLICY; 1500 if (status == 0) 1501 params |= ba->ba_winsize << 6; 1502 LE_WRITE_2(frm, params); frm += 2; 1503 if (status == 0) 1504 LE_WRITE_2(frm, ba->ba_timeout_val); 1505 else 1506 LE_WRITE_2(frm, 0); 1507 frm += 2; 1508 1509 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1510 1511 return m; 1512 } 1513 1514 /*- 1515 * DELBA frame format: 1516 * [1] Category 1517 * [1] Action 1518 * [2] DELBA Parameter Set 1519 * [2] Reason Code 1520 */ 1521 struct mbuf * 1522 ieee80211_get_delba(struct ieee80211com *ic, struct ieee80211_node *ni, 1523 u_int8_t tid, u_int8_t dir, u_int16_t reason) 1524 { 1525 struct mbuf *m; 1526 u_int8_t *frm; 1527 u_int16_t params; 1528 1529 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 6); 1530 if (m == NULL) 1531 return m; 1532 1533 frm = mtod(m, u_int8_t *); 1534 *frm++ = IEEE80211_CATEG_BA; 1535 *frm++ = IEEE80211_ACTION_DELBA; 1536 params = tid << 12; 1537 if (dir) 1538 params |= IEEE80211_DELBA_INITIATOR; 1539 LE_WRITE_2(frm, params); frm += 2; 1540 LE_WRITE_2(frm, reason); frm += 2; 1541 1542 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1543 1544 return m; 1545 } 1546 #endif /* !IEEE80211_NO_HT */ 1547 1548 /*- 1549 * SA Query Request/Reponse frame format: 1550 * [1] Category 1551 * [1] Action 1552 * [16] Transaction Identifier 1553 */ 1554 struct mbuf * 1555 ieee80211_get_sa_query(struct ieee80211com *ic, struct ieee80211_node *ni, 1556 u_int8_t action) 1557 { 1558 struct mbuf *m; 1559 u_int8_t *frm; 1560 1561 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 4); 1562 if (m == NULL) 1563 return NULL; 1564 1565 frm = mtod(m, u_int8_t *); 1566 *frm++ = IEEE80211_CATEG_SA_QUERY; 1567 *frm++ = action; /* ACTION_SA_QUERY_REQ/RESP */ 1568 LE_WRITE_2(frm, ni->ni_sa_query_trid); frm += 2; 1569 1570 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1571 1572 return m; 1573 } 1574 1575 struct mbuf * 1576 ieee80211_get_action(struct ieee80211com *ic, struct ieee80211_node *ni, 1577 u_int8_t categ, u_int8_t action, int arg) 1578 { 1579 struct mbuf *m = NULL; 1580 1581 switch (categ) { 1582 #ifndef IEEE80211_NO_HT 1583 case IEEE80211_CATEG_BA: 1584 switch (action) { 1585 case IEEE80211_ACTION_ADDBA_REQ: 1586 m = ieee80211_get_addba_req(ic, ni, arg & 0xffff); 1587 break; 1588 case IEEE80211_ACTION_ADDBA_RESP: 1589 m = ieee80211_get_addba_resp(ic, ni, arg & 0xff, 1590 arg >> 8, arg >> 16); 1591 break; 1592 case IEEE80211_ACTION_DELBA: 1593 m = ieee80211_get_delba(ic, ni, arg & 0xff, arg >> 8, 1594 arg >> 16); 1595 break; 1596 } 1597 break; 1598 #endif 1599 case IEEE80211_CATEG_SA_QUERY: 1600 switch (action) { 1601 #ifndef IEEE80211_STA_ONLY 1602 case IEEE80211_ACTION_SA_QUERY_REQ: 1603 #endif 1604 case IEEE80211_ACTION_SA_QUERY_RESP: 1605 m = ieee80211_get_sa_query(ic, ni, action); 1606 break; 1607 } 1608 break; 1609 } 1610 return m; 1611 } 1612 1613 /* 1614 * Send a management frame. The node is for the destination (or ic_bss 1615 * when in station mode). Nodes other than ic_bss have their reference 1616 * count bumped to reflect our use for an indeterminant time. 1617 */ 1618 int 1619 ieee80211_send_mgmt(struct ieee80211com *ic, struct ieee80211_node *ni, 1620 int type, int arg1, int arg2) 1621 { 1622 #define senderr(_x, _v) do { ic->ic_stats._v++; ret = _x; goto bad; } while (0) 1623 struct ifnet *ifp = &ic->ic_if; 1624 struct mbuf *m; 1625 int ret, timer; 1626 1627 if (ni == NULL) 1628 panic("null node"); 1629 1630 /* 1631 * Hold a reference on the node so it doesn't go away until after 1632 * the xmit is complete all the way in the driver. On error we 1633 * will remove our reference. 1634 */ 1635 ieee80211_ref_node(ni); 1636 timer = 0; 1637 switch (type) { 1638 case IEEE80211_FC0_SUBTYPE_PROBE_REQ: 1639 if ((m = ieee80211_get_probe_req(ic, ni)) == NULL) 1640 senderr(ENOMEM, is_tx_nombuf); 1641 1642 timer = IEEE80211_TRANS_WAIT; 1643 break; 1644 #ifndef IEEE80211_STA_ONLY 1645 case IEEE80211_FC0_SUBTYPE_PROBE_RESP: 1646 if ((m = ieee80211_get_probe_resp(ic, ni)) == NULL) 1647 senderr(ENOMEM, is_tx_nombuf); 1648 break; 1649 #endif 1650 case IEEE80211_FC0_SUBTYPE_AUTH: 1651 m = ieee80211_get_auth(ic, ni, arg1 >> 16, arg1 & 0xffff); 1652 if (m == NULL) 1653 senderr(ENOMEM, is_tx_nombuf); 1654 1655 if (ic->ic_opmode == IEEE80211_M_STA) 1656 timer = IEEE80211_TRANS_WAIT; 1657 break; 1658 1659 case IEEE80211_FC0_SUBTYPE_DEAUTH: 1660 if ((m = ieee80211_get_deauth(ic, ni, arg1)) == NULL) 1661 senderr(ENOMEM, is_tx_nombuf); 1662 1663 if (ifp->if_flags & IFF_DEBUG) { 1664 printf("%s: station %s deauthenticate (reason %d)\n", 1665 ifp->if_xname, ether_sprintf(ni->ni_macaddr), 1666 arg1); 1667 } 1668 break; 1669 1670 case IEEE80211_FC0_SUBTYPE_ASSOC_REQ: 1671 case IEEE80211_FC0_SUBTYPE_REASSOC_REQ: 1672 if ((m = ieee80211_get_assoc_req(ic, ni, type)) == NULL) 1673 senderr(ENOMEM, is_tx_nombuf); 1674 1675 timer = IEEE80211_TRANS_WAIT; 1676 break; 1677 #ifndef IEEE80211_STA_ONLY 1678 case IEEE80211_FC0_SUBTYPE_ASSOC_RESP: 1679 case IEEE80211_FC0_SUBTYPE_REASSOC_RESP: 1680 if ((m = ieee80211_get_assoc_resp(ic, ni, arg1)) == NULL) 1681 senderr(ENOMEM, is_tx_nombuf); 1682 break; 1683 #endif 1684 case IEEE80211_FC0_SUBTYPE_DISASSOC: 1685 if ((m = ieee80211_get_disassoc(ic, ni, arg1)) == NULL) 1686 senderr(ENOMEM, is_tx_nombuf); 1687 1688 if (ifp->if_flags & IFF_DEBUG) { 1689 printf("%s: station %s disassociate (reason %d)\n", 1690 ifp->if_xname, ether_sprintf(ni->ni_macaddr), 1691 arg1); 1692 } 1693 break; 1694 1695 case IEEE80211_FC0_SUBTYPE_ACTION: 1696 m = ieee80211_get_action(ic, ni, arg1 >> 16, arg1 & 0xffff, 1697 arg2); 1698 if (m == NULL) 1699 senderr(ENOMEM, is_tx_nombuf); 1700 break; 1701 1702 default: 1703 DPRINTF(("invalid mgmt frame type %u\n", type)); 1704 senderr(EINVAL, is_tx_unknownmgt); 1705 /* NOTREACHED */ 1706 } 1707 1708 ret = ieee80211_mgmt_output(ifp, ni, m, type); 1709 if (ret == 0) { 1710 if (timer) 1711 ic->ic_mgt_timer = timer; 1712 } else { 1713 bad: 1714 ieee80211_release_node(ic, ni); 1715 } 1716 return ret; 1717 #undef senderr 1718 } 1719 1720 /* 1721 * Build a RTS (Request To Send) control frame (see 7.2.1.1). 1722 */ 1723 struct mbuf * 1724 ieee80211_get_rts(struct ieee80211com *ic, const struct ieee80211_frame *wh, 1725 u_int16_t dur) 1726 { 1727 struct ieee80211_frame_rts *rts; 1728 struct mbuf *m; 1729 1730 MGETHDR(m, M_DONTWAIT, MT_DATA); 1731 if (m == NULL) 1732 return NULL; 1733 1734 m->m_pkthdr.len = m->m_len = sizeof(struct ieee80211_frame_rts); 1735 1736 rts = mtod(m, struct ieee80211_frame_rts *); 1737 rts->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_CTL | 1738 IEEE80211_FC0_SUBTYPE_RTS; 1739 rts->i_fc[1] = IEEE80211_FC1_DIR_NODS; 1740 *(u_int16_t *)rts->i_dur = htole16(dur); 1741 IEEE80211_ADDR_COPY(rts->i_ra, wh->i_addr1); 1742 IEEE80211_ADDR_COPY(rts->i_ta, wh->i_addr2); 1743 1744 return m; 1745 } 1746 1747 /* 1748 * Build a CTS-to-self (Clear To Send) control frame (see 7.2.1.2). 1749 */ 1750 struct mbuf * 1751 ieee80211_get_cts_to_self(struct ieee80211com *ic, u_int16_t dur) 1752 { 1753 struct ieee80211_frame_cts *cts; 1754 struct mbuf *m; 1755 1756 MGETHDR(m, M_DONTWAIT, MT_DATA); 1757 if (m == NULL) 1758 return NULL; 1759 1760 m->m_pkthdr.len = m->m_len = sizeof(struct ieee80211_frame_cts); 1761 1762 cts = mtod(m, struct ieee80211_frame_cts *); 1763 cts->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_CTL | 1764 IEEE80211_FC0_SUBTYPE_CTS; 1765 cts->i_fc[1] = IEEE80211_FC1_DIR_NODS; 1766 *(u_int16_t *)cts->i_dur = htole16(dur); 1767 IEEE80211_ADDR_COPY(cts->i_ra, ic->ic_myaddr); 1768 1769 return m; 1770 } 1771 1772 #ifndef IEEE80211_STA_ONLY 1773 /*- 1774 * Beacon frame format: 1775 * [8] Timestamp 1776 * [2] Beacon interval 1777 * [2] Capability 1778 * [tlv] Service Set Identifier (SSID) 1779 * [tlv] Supported rates 1780 * [tlv] DS Parameter Set (802.11g) 1781 * [tlv] IBSS Parameter Set 1782 * [tlv] Traffic Indication Map (TIM) 1783 * [tlv] ERP Information (802.11g) 1784 * [tlv] Extended Supported Rates (802.11g) 1785 * [tlv] RSN (802.11i) 1786 * [tlv] EDCA Parameter Set (802.11e) 1787 * [tlv] HT Capabilities (802.11n) 1788 * [tlv] HT Operation (802.11n) 1789 */ 1790 struct mbuf * 1791 ieee80211_beacon_alloc(struct ieee80211com *ic, struct ieee80211_node *ni) 1792 { 1793 const struct ieee80211_rateset *rs = &ni->ni_rates; 1794 struct ieee80211_frame *wh; 1795 struct mbuf *m; 1796 u_int8_t *frm; 1797 1798 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 1799 8 + 2 + 2 + 1800 2 + ((ic->ic_flags & IEEE80211_F_HIDENWID) ? 0 : ni->ni_esslen) + 1801 2 + min(rs->rs_nrates, IEEE80211_RATE_SIZE) + 1802 2 + 1 + 1803 2 + ((ic->ic_opmode == IEEE80211_M_IBSS) ? 2 : 254) + 1804 ((ic->ic_curmode == IEEE80211_MODE_11G) ? 2 + 1 : 0) + 1805 ((rs->rs_nrates > IEEE80211_RATE_SIZE) ? 1806 2 + rs->rs_nrates - IEEE80211_RATE_SIZE : 0) + 1807 (((ic->ic_flags & IEEE80211_F_RSNON) && 1808 (ni->ni_rsnprotos & IEEE80211_PROTO_RSN)) ? 1809 2 + IEEE80211_RSNIE_MAXLEN : 0) + 1810 ((ic->ic_flags & IEEE80211_F_QOS) ? 2 + 18 : 0) + 1811 (((ic->ic_flags & IEEE80211_F_RSNON) && 1812 (ni->ni_rsnprotos & IEEE80211_PROTO_WPA)) ? 1813 2 + IEEE80211_WPAIE_MAXLEN : 0) + 1814 ((ic->ic_flags & IEEE80211_F_HTON) ? 28 + 24 : 0)); 1815 if (m == NULL) 1816 return NULL; 1817 1818 M_PREPEND(m, sizeof(struct ieee80211_frame), M_DONTWAIT); 1819 if (m == NULL) 1820 return NULL; 1821 wh = mtod(m, struct ieee80211_frame *); 1822 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 1823 IEEE80211_FC0_SUBTYPE_BEACON; 1824 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 1825 *(u_int16_t *)wh->i_dur = 0; 1826 IEEE80211_ADDR_COPY(wh->i_addr1, etherbroadcastaddr); 1827 IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_myaddr); 1828 IEEE80211_ADDR_COPY(wh->i_addr3, ni->ni_bssid); 1829 *(u_int16_t *)wh->i_seq = 0; 1830 1831 frm = (u_int8_t *)&wh[1]; 1832 memset(frm, 0, 8); frm += 8; /* timestamp is set by hardware */ 1833 LE_WRITE_2(frm, ni->ni_intval); frm += 2; 1834 frm = ieee80211_add_capinfo(frm, ic, ni); 1835 if (ic->ic_flags & IEEE80211_F_HIDENWID) 1836 frm = ieee80211_add_ssid(frm, NULL, 0); 1837 else 1838 frm = ieee80211_add_ssid(frm, ni->ni_essid, ni->ni_esslen); 1839 frm = ieee80211_add_rates(frm, rs); 1840 frm = ieee80211_add_ds_params(frm, ic, ni); 1841 if (ic->ic_opmode == IEEE80211_M_IBSS) 1842 frm = ieee80211_add_ibss_params(frm, ni); 1843 else 1844 frm = ieee80211_add_tim(frm, ic); 1845 if (ic->ic_curmode == IEEE80211_MODE_11G) 1846 frm = ieee80211_add_erp(frm, ic); 1847 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 1848 frm = ieee80211_add_xrates(frm, rs); 1849 if ((ic->ic_flags & IEEE80211_F_RSNON) && 1850 (ni->ni_rsnprotos & IEEE80211_PROTO_RSN)) 1851 frm = ieee80211_add_rsn(frm, ic, ni); 1852 if (ic->ic_flags & IEEE80211_F_QOS) 1853 frm = ieee80211_add_edca_params(frm, ic); 1854 if ((ic->ic_flags & IEEE80211_F_RSNON) && 1855 (ni->ni_rsnprotos & IEEE80211_PROTO_WPA)) 1856 frm = ieee80211_add_wpa(frm, ic, ni); 1857 #ifndef IEEE80211_NO_HT 1858 if (ic->ic_flags & IEEE80211_F_HTON) { 1859 frm = ieee80211_add_htcaps(frm, ic); 1860 frm = ieee80211_add_htop(frm, ic); 1861 } 1862 #endif 1863 1864 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1865 m->m_pkthdr.rcvif = (void *)ni; 1866 1867 return m; 1868 } 1869 1870 /* 1871 * Check if an outgoing MSDU or management frame should be buffered into 1872 * the AP for power management. Return 1 if the frame was buffered into 1873 * the AP, or 0 if the frame shall be transmitted immediately. 1874 */ 1875 int 1876 ieee80211_pwrsave(struct ieee80211com *ic, struct mbuf *m, 1877 struct ieee80211_node *ni) 1878 { 1879 const struct ieee80211_frame *wh; 1880 1881 KASSERT(ic->ic_opmode == IEEE80211_M_HOSTAP); 1882 if (!(ic->ic_caps & IEEE80211_C_APPMGT)) 1883 return 0; 1884 1885 wh = mtod(m, struct ieee80211_frame *); 1886 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) { 1887 /* 1888 * Buffer group addressed MSDUs with the Order bit clear 1889 * if any associated STAs are in PS mode. 1890 */ 1891 if ((wh->i_fc[1] & IEEE80211_FC1_ORDER) || 1892 ic->ic_pssta == 0) 1893 return 0; 1894 ic->ic_tim_mcast_pending = 1; 1895 } else { 1896 /* 1897 * Buffer MSDUs, A-MSDUs or management frames destined for 1898 * PS STAs. 1899 */ 1900 if (ni->ni_pwrsave == IEEE80211_PS_AWAKE || 1901 (wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == 1902 IEEE80211_FC0_TYPE_CTL) 1903 return 0; 1904 if (IF_IS_EMPTY(&ni->ni_savedq)) 1905 (*ic->ic_set_tim)(ic, ni->ni_associd, 1); 1906 } 1907 /* NB: ni == ic->ic_bss for broadcast/multicast */ 1908 if (IF_QFULL(&ni->ni_savedq)) { 1909 /* XXX should we drop the oldest instead? */ 1910 IF_DROP(&ni->ni_savedq); 1911 m_freem(m); 1912 } else { 1913 IF_ENQUEUE(&ni->ni_savedq, m); 1914 /* 1915 * Similar to ieee80211_mgmt_output, store the node in the 1916 * rcvif field. 1917 */ 1918 m->m_pkthdr.rcvif = (void *)ni; 1919 } 1920 return 1; 1921 } 1922 #endif /* IEEE80211_STA_ONLY */ 1923