1 /* $OpenBSD: ieee80211_output.c,v 1.90 2014/03/19 10:09:19 mpi Exp $ */ 2 /* $NetBSD: ieee80211_output.c,v 1.13 2004/05/31 11:02:55 dyoung Exp $ */ 3 4 /*- 5 * Copyright (c) 2001 Atsushi Onoe 6 * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting 7 * Copyright (c) 2007-2009 Damien Bergamini 8 * All rights reserved. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. The name of the author may not be used to endorse or promote products 19 * derived from this software without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 22 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 23 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 24 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 25 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 26 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 30 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 #include "bpfilter.h" 34 #include "vlan.h" 35 36 #include <sys/param.h> 37 #include <sys/systm.h> 38 #include <sys/mbuf.h> 39 #include <sys/kernel.h> 40 #include <sys/socket.h> 41 #include <sys/sockio.h> 42 #include <sys/endian.h> 43 #include <sys/errno.h> 44 #include <sys/proc.h> 45 #include <sys/sysctl.h> 46 47 #include <net/if.h> 48 #include <net/if_dl.h> 49 #include <net/if_media.h> 50 #include <net/if_arp.h> 51 #include <net/if_llc.h> 52 #include <net/bpf.h> 53 54 #ifdef INET 55 #include <netinet/in.h> 56 #include <netinet/if_ether.h> 57 #include <netinet/in_systm.h> 58 #include <netinet/ip.h> 59 #ifdef INET6 60 #include <netinet/ip6.h> 61 #endif 62 #endif 63 64 #if NVLAN > 0 65 #include <net/if_types.h> 66 #include <net/if_vlan_var.h> 67 #endif 68 69 #include <net80211/ieee80211_var.h> 70 #include <net80211/ieee80211_priv.h> 71 72 int ieee80211_classify(struct ieee80211com *, struct mbuf *); 73 int ieee80211_mgmt_output(struct ifnet *, struct ieee80211_node *, 74 struct mbuf *, int); 75 u_int8_t *ieee80211_add_rsn_body(u_int8_t *, struct ieee80211com *, 76 const struct ieee80211_node *, int); 77 struct mbuf *ieee80211_getmgmt(int, int, u_int); 78 struct mbuf *ieee80211_get_probe_req(struct ieee80211com *, 79 struct ieee80211_node *); 80 #ifndef IEEE80211_STA_ONLY 81 struct mbuf *ieee80211_get_probe_resp(struct ieee80211com *, 82 struct ieee80211_node *); 83 #endif 84 struct mbuf *ieee80211_get_auth(struct ieee80211com *, 85 struct ieee80211_node *, u_int16_t, u_int16_t); 86 struct mbuf *ieee80211_get_deauth(struct ieee80211com *, 87 struct ieee80211_node *, u_int16_t); 88 struct mbuf *ieee80211_get_assoc_req(struct ieee80211com *, 89 struct ieee80211_node *, int); 90 #ifndef IEEE80211_STA_ONLY 91 struct mbuf *ieee80211_get_assoc_resp(struct ieee80211com *, 92 struct ieee80211_node *, u_int16_t); 93 #endif 94 struct mbuf *ieee80211_get_disassoc(struct ieee80211com *, 95 struct ieee80211_node *, u_int16_t); 96 #ifndef IEEE80211_NO_HT 97 struct mbuf *ieee80211_get_addba_req(struct ieee80211com *, 98 struct ieee80211_node *, u_int8_t); 99 struct mbuf *ieee80211_get_addba_resp(struct ieee80211com *, 100 struct ieee80211_node *, u_int8_t, u_int8_t, u_int16_t); 101 struct mbuf *ieee80211_get_delba(struct ieee80211com *, 102 struct ieee80211_node *, u_int8_t, u_int8_t, u_int16_t); 103 #endif 104 struct mbuf *ieee80211_get_sa_query(struct ieee80211com *, 105 struct ieee80211_node *, u_int8_t); 106 struct mbuf *ieee80211_get_action(struct ieee80211com *, 107 struct ieee80211_node *, u_int8_t, u_int8_t, int); 108 109 /* 110 * IEEE 802.11 output routine. Normally this will directly call the 111 * Ethernet output routine because 802.11 encapsulation is called 112 * later by the driver. This function can be used to send raw frames 113 * if the mbuf has been tagged with a 802.11 data link type. 114 */ 115 int 116 ieee80211_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, 117 struct rtentry *rt) 118 { 119 struct ieee80211_frame *wh; 120 struct m_tag *mtag; 121 int s, len, error = 0; 122 u_short mflags; 123 124 /* Interface has to be up and running */ 125 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) != 126 (IFF_UP | IFF_RUNNING)) { 127 error = ENETDOWN; 128 goto bad; 129 } 130 131 /* Try to get the DLT from a mbuf tag */ 132 if ((mtag = m_tag_find(m, PACKET_TAG_DLT, NULL)) != NULL) { 133 struct ieee80211com *ic = (void *)ifp; 134 u_int dlt = *(u_int *)(mtag + 1); 135 136 /* Fallback to ethernet for non-802.11 linktypes */ 137 if (!(dlt == DLT_IEEE802_11 || dlt == DLT_IEEE802_11_RADIO)) 138 goto fallback; 139 140 if (m->m_pkthdr.len < sizeof(struct ieee80211_frame_min)) 141 return (EINVAL); 142 wh = mtod(m, struct ieee80211_frame *); 143 if ((wh->i_fc[0] & IEEE80211_FC0_VERSION_MASK) != 144 IEEE80211_FC0_VERSION_0) 145 return (EINVAL); 146 if (!(ic->ic_caps & IEEE80211_C_RAWCTL) && 147 (wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == 148 IEEE80211_FC0_TYPE_CTL) 149 return (EINVAL); 150 151 /* 152 * Queue message on interface without adding any 153 * further headers, and start output if interface not 154 * yet active. 155 */ 156 mflags = m->m_flags; 157 len = m->m_pkthdr.len; 158 s = splnet(); 159 IFQ_ENQUEUE(&ifp->if_snd, m, NULL, error); 160 if (error) { 161 /* mbuf is already freed */ 162 splx(s); 163 printf("%s: failed to queue raw tx frame\n", 164 ifp->if_xname); 165 return (error); 166 } 167 ifp->if_obytes += len; 168 if (mflags & M_MCAST) 169 ifp->if_omcasts++; 170 if ((ifp->if_flags & IFF_OACTIVE) == 0) 171 (*ifp->if_start)(ifp); 172 splx(s); 173 174 return (error); 175 } 176 177 fallback: 178 return (ether_output(ifp, m, dst, rt)); 179 180 bad: 181 if (m) 182 m_freem(m); 183 return (error); 184 } 185 186 /* 187 * Send a management frame to the specified node. The node pointer 188 * must have a reference as the pointer will be passed to the driver 189 * and potentially held for a long time. If the frame is successfully 190 * dispatched to the driver, then it is responsible for freeing the 191 * reference (and potentially free'ing up any associated storage). 192 */ 193 int 194 ieee80211_mgmt_output(struct ifnet *ifp, struct ieee80211_node *ni, 195 struct mbuf *m, int type) 196 { 197 struct ieee80211com *ic = (void *)ifp; 198 struct ieee80211_frame *wh; 199 200 if (ni == NULL) 201 panic("null node"); 202 ni->ni_inact = 0; 203 204 /* 205 * We want to pass the node down to the driver's start 206 * routine. We could stick this in an m_tag and tack that 207 * on to the mbuf. However that's rather expensive to do 208 * for every frame so instead we stuff it in a special pkthdr 209 * field. 210 */ 211 M_PREPEND(m, sizeof(struct ieee80211_frame), M_DONTWAIT); 212 if (m == NULL) 213 return ENOMEM; 214 m->m_pkthdr.ph_cookie = ni; 215 216 wh = mtod(m, struct ieee80211_frame *); 217 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | type; 218 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 219 *(u_int16_t *)&wh->i_dur[0] = 0; 220 *(u_int16_t *)&wh->i_seq[0] = 221 htole16(ni->ni_txseq << IEEE80211_SEQ_SEQ_SHIFT); 222 ni->ni_txseq++; 223 IEEE80211_ADDR_COPY(wh->i_addr1, ni->ni_macaddr); 224 IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_myaddr); 225 IEEE80211_ADDR_COPY(wh->i_addr3, ni->ni_bssid); 226 227 /* check if protection is required for this mgmt frame */ 228 if ((ic->ic_caps & IEEE80211_C_MFP) && 229 (type == IEEE80211_FC0_SUBTYPE_DISASSOC || 230 type == IEEE80211_FC0_SUBTYPE_DEAUTH || 231 type == IEEE80211_FC0_SUBTYPE_ACTION)) { 232 /* 233 * Hack: we should not set the Protected bit in outgoing 234 * group management frames, however it is used as an 235 * indication to the drivers that they must encrypt the 236 * frame. Drivers should clear this bit from group 237 * management frames (software crypto code will do it). 238 * XXX could use an mbuf flag.. 239 */ 240 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 241 (ni->ni_flags & IEEE80211_NODE_TXMGMTPROT)) 242 wh->i_fc[1] |= IEEE80211_FC1_PROTECTED; 243 } 244 245 if (ifp->if_flags & IFF_DEBUG) { 246 /* avoid to print too many frames */ 247 if ( 248 #ifndef IEEE80211_STA_ONLY 249 ic->ic_opmode == IEEE80211_M_IBSS || 250 #endif 251 #ifdef IEEE80211_DEBUG 252 ieee80211_debug > 1 || 253 #endif 254 (type & IEEE80211_FC0_SUBTYPE_MASK) != 255 IEEE80211_FC0_SUBTYPE_PROBE_RESP) 256 printf("%s: sending %s to %s on channel %u mode %s\n", 257 ifp->if_xname, 258 ieee80211_mgt_subtype_name[ 259 (type & IEEE80211_FC0_SUBTYPE_MASK) 260 >> IEEE80211_FC0_SUBTYPE_SHIFT], 261 ether_sprintf(ni->ni_macaddr), 262 ieee80211_chan2ieee(ic, ni->ni_chan), 263 ieee80211_phymode_name[ 264 ieee80211_chan2mode(ic, ni->ni_chan)]); 265 } 266 267 #ifndef IEEE80211_STA_ONLY 268 if (ic->ic_opmode == IEEE80211_M_HOSTAP && 269 ieee80211_pwrsave(ic, m, ni) != 0) 270 return 0; 271 #endif 272 IF_ENQUEUE(&ic->ic_mgtq, m); 273 ifp->if_timer = 1; 274 (*ifp->if_start)(ifp); 275 return 0; 276 } 277 278 /*- 279 * EDCA tables are computed using the following formulas: 280 * 281 * 1) EDCATable (non-AP QSTA) 282 * 283 * AC CWmin CWmax AIFSN TXOP limit(ms) 284 * ------------------------------------------------------------- 285 * AC_BK aCWmin aCWmax 7 0 286 * AC_BE aCWmin aCWmax 3 0 287 * AC_VI (aCWmin+1)/2-1 aCWmin 2 agn=3.008 b=6.016 others=0 288 * AC_VO (aCWmin+1)/4-1 (aCWmin+1)/2-1 2 agn=1.504 b=3.264 others=0 289 * 290 * 2) QAPEDCATable (QAP) 291 * 292 * AC CWmin CWmax AIFSN TXOP limit(ms) 293 * ------------------------------------------------------------- 294 * AC_BK aCWmin aCWmax 7 0 295 * AC_BE aCWmin 4*(aCWmin+1)-1 3 0 296 * AC_VI (aCWmin+1)/2-1 aCWmin 1 agn=3.008 b=6.016 others=0 297 * AC_VO (aCWmin+1)/4-1 (aCWmin+1)/2-1 1 agn=1.504 b=3.264 others=0 298 * 299 * and the following aCWmin/aCWmax values: 300 * 301 * PHY aCWmin aCWmax 302 * --------------------------- 303 * 11A 15 1023 304 * 11B 31 1023 305 * 11G 15* 1023 (*) aCWmin(1) 306 * Turbo A/G 7 1023 (Atheros proprietary mode) 307 */ 308 #if 0 309 static const struct ieee80211_edca_ac_params 310 ieee80211_edca_table[IEEE80211_MODE_MAX][EDCA_NUM_AC] = { 311 [IEEE80211_MODE_11B] = { 312 [EDCA_AC_BK] = { 5, 10, 7, 0 }, 313 [EDCA_AC_BE] = { 5, 10, 3, 0 }, 314 [EDCA_AC_VI] = { 4, 5, 2, 188 }, 315 [EDCA_AC_VO] = { 3, 4, 2, 102 } 316 }, 317 [IEEE80211_MODE_11A] = { 318 [EDCA_AC_BK] = { 4, 10, 7, 0 }, 319 [EDCA_AC_BE] = { 4, 10, 3, 0 }, 320 [EDCA_AC_VI] = { 3, 4, 2, 94 }, 321 [EDCA_AC_VO] = { 2, 3, 2, 47 } 322 }, 323 [IEEE80211_MODE_11G] = { 324 [EDCA_AC_BK] = { 4, 10, 7, 0 }, 325 [EDCA_AC_BE] = { 4, 10, 3, 0 }, 326 [EDCA_AC_VI] = { 3, 4, 2, 94 }, 327 [EDCA_AC_VO] = { 2, 3, 2, 47 } 328 }, 329 [IEEE80211_MODE_TURBO] = { 330 [EDCA_AC_BK] = { 3, 10, 7, 0 }, 331 [EDCA_AC_BE] = { 3, 10, 2, 0 }, 332 [EDCA_AC_VI] = { 2, 3, 2, 94 }, 333 [EDCA_AC_VO] = { 2, 2, 1, 47 } 334 } 335 }; 336 #endif 337 338 #ifndef IEEE80211_STA_ONLY 339 static const struct ieee80211_edca_ac_params 340 ieee80211_qap_edca_table[IEEE80211_MODE_MAX][EDCA_NUM_AC] = { 341 [IEEE80211_MODE_11B] = { 342 [EDCA_AC_BK] = { 5, 10, 7, 0 }, 343 [EDCA_AC_BE] = { 5, 7, 3, 0 }, 344 [EDCA_AC_VI] = { 4, 5, 1, 188 }, 345 [EDCA_AC_VO] = { 3, 4, 1, 102 } 346 }, 347 [IEEE80211_MODE_11A] = { 348 [EDCA_AC_BK] = { 4, 10, 7, 0 }, 349 [EDCA_AC_BE] = { 4, 6, 3, 0 }, 350 [EDCA_AC_VI] = { 3, 4, 1, 94 }, 351 [EDCA_AC_VO] = { 2, 3, 1, 47 } 352 }, 353 [IEEE80211_MODE_11G] = { 354 [EDCA_AC_BK] = { 4, 10, 7, 0 }, 355 [EDCA_AC_BE] = { 4, 6, 3, 0 }, 356 [EDCA_AC_VI] = { 3, 4, 1, 94 }, 357 [EDCA_AC_VO] = { 2, 3, 1, 47 } 358 }, 359 [IEEE80211_MODE_TURBO] = { 360 [EDCA_AC_BK] = { 3, 10, 7, 0 }, 361 [EDCA_AC_BE] = { 3, 5, 2, 0 }, 362 [EDCA_AC_VI] = { 2, 3, 1, 94 }, 363 [EDCA_AC_VO] = { 2, 2, 1, 47 } 364 } 365 }; 366 #endif /* IEEE80211_STA_ONLY */ 367 368 /* 369 * Return the EDCA Access Category to be used for transmitting a frame with 370 * user-priority `up'. 371 */ 372 enum ieee80211_edca_ac 373 ieee80211_up_to_ac(struct ieee80211com *ic, int up) 374 { 375 /* see Table 9-1 */ 376 static const enum ieee80211_edca_ac up_to_ac[] = { 377 EDCA_AC_BE, /* BE */ 378 EDCA_AC_BK, /* BK */ 379 EDCA_AC_BK, /* -- */ 380 EDCA_AC_BE, /* EE */ 381 EDCA_AC_VI, /* CL */ 382 EDCA_AC_VI, /* VI */ 383 EDCA_AC_VO, /* VO */ 384 EDCA_AC_VO /* NC */ 385 }; 386 enum ieee80211_edca_ac ac; 387 388 ac = (up <= 7) ? up_to_ac[up] : EDCA_AC_BE; 389 390 #ifndef IEEE80211_STA_ONLY 391 if (ic->ic_opmode == IEEE80211_M_HOSTAP) 392 return ac; 393 #endif 394 /* 395 * We do not support the admission control procedure defined in 396 * IEEE Std 802.11-2007 section 9.9.3.1.2. The spec says that 397 * non-AP QSTAs that don't support this procedure shall use EDCA 398 * parameters of a lower priority AC that does not require 399 * admission control. 400 */ 401 while (ac != EDCA_AC_BK && ic->ic_edca_ac[ac].ac_acm) { 402 switch (ac) { 403 case EDCA_AC_BK: 404 /* can't get there */ 405 break; 406 case EDCA_AC_BE: 407 /* BE shouldn't require admission control */ 408 ac = EDCA_AC_BK; 409 break; 410 case EDCA_AC_VI: 411 ac = EDCA_AC_BE; 412 break; 413 case EDCA_AC_VO: 414 ac = EDCA_AC_VI; 415 break; 416 } 417 } 418 return ac; 419 } 420 421 /* 422 * Get mbuf's user-priority: if mbuf is not VLAN tagged, select user-priority 423 * based on the DSCP (Differentiated Services Codepoint) field. 424 */ 425 int 426 ieee80211_classify(struct ieee80211com *ic, struct mbuf *m) 427 { 428 #ifdef INET 429 struct ether_header *eh; 430 u_int8_t ds_field; 431 #endif 432 #if NVLAN > 0 433 if (m->m_flags & M_VLANTAG) /* use VLAN 802.1D user-priority */ 434 return EVL_PRIOFTAG(m->m_pkthdr.ether_vtag); 435 #endif 436 #ifdef INET 437 eh = mtod(m, struct ether_header *); 438 if (eh->ether_type == htons(ETHERTYPE_IP)) { 439 struct ip *ip = (struct ip *)&eh[1]; 440 if (ip->ip_v != 4) 441 return 0; 442 ds_field = ip->ip_tos; 443 } 444 #ifdef INET6 445 else if (eh->ether_type == htons(ETHERTYPE_IPV6)) { 446 struct ip6_hdr *ip6 = (struct ip6_hdr *)&eh[1]; 447 u_int32_t flowlabel; 448 449 flowlabel = ntohl(ip6->ip6_flow); 450 if ((flowlabel >> 28) != 6) 451 return 0; 452 ds_field = (flowlabel >> 20) & 0xff; 453 } 454 #endif /* INET6 */ 455 else /* neither IPv4 nor IPv6 */ 456 return 0; 457 458 /* 459 * Map Differentiated Services Codepoint field (see RFC2474). 460 * Preserves backward compatibility with IP Precedence field. 461 */ 462 switch (ds_field & 0xfc) { 463 case IPTOS_PREC_PRIORITY: 464 return 2; 465 case IPTOS_PREC_IMMEDIATE: 466 return 1; 467 case IPTOS_PREC_FLASH: 468 return 3; 469 case IPTOS_PREC_FLASHOVERRIDE: 470 return 4; 471 case IPTOS_PREC_CRITIC_ECP: 472 return 5; 473 case IPTOS_PREC_INTERNETCONTROL: 474 return 6; 475 case IPTOS_PREC_NETCONTROL: 476 return 7; 477 } 478 #endif /* INET */ 479 return 0; /* default to Best-Effort */ 480 } 481 482 /* 483 * Encapsulate an outbound data frame. The mbuf chain is updated and 484 * a reference to the destination node is returned. If an error is 485 * encountered NULL is returned and the node reference will also be NULL. 486 * 487 * NB: The caller is responsible for free'ing a returned node reference. 488 * The convention is ic_bss is not reference counted; the caller must 489 * maintain that. 490 */ 491 struct mbuf * 492 ieee80211_encap(struct ifnet *ifp, struct mbuf *m, struct ieee80211_node **pni) 493 { 494 struct ieee80211com *ic = (void *)ifp; 495 struct ether_header eh; 496 struct ieee80211_frame *wh; 497 struct ieee80211_node *ni = NULL; 498 struct llc *llc; 499 struct m_tag *mtag; 500 u_int8_t *addr; 501 u_int dlt, hdrlen; 502 int addqos, tid; 503 504 /* Handle raw frames if mbuf is tagged as 802.11 */ 505 if ((mtag = m_tag_find(m, PACKET_TAG_DLT, NULL)) != NULL) { 506 dlt = *(u_int *)(mtag + 1); 507 508 if (!(dlt == DLT_IEEE802_11 || dlt == DLT_IEEE802_11_RADIO)) 509 goto fallback; 510 511 wh = mtod(m, struct ieee80211_frame *); 512 switch (wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) { 513 case IEEE80211_FC1_DIR_NODS: 514 case IEEE80211_FC1_DIR_FROMDS: 515 addr = wh->i_addr1; 516 break; 517 case IEEE80211_FC1_DIR_DSTODS: 518 case IEEE80211_FC1_DIR_TODS: 519 addr = wh->i_addr3; 520 break; 521 default: 522 goto bad; 523 } 524 525 ni = ieee80211_find_txnode(ic, addr); 526 if (ni == NULL) 527 ni = ieee80211_ref_node(ic->ic_bss); 528 if (ni == NULL) { 529 printf("%s: no node for dst %s, " 530 "discard raw tx frame\n", ifp->if_xname, 531 ether_sprintf(addr)); 532 ic->ic_stats.is_tx_nonode++; 533 goto bad; 534 } 535 ni->ni_inact = 0; 536 537 *pni = ni; 538 return (m); 539 } 540 541 fallback: 542 if (m->m_len < sizeof(struct ether_header)) { 543 m = m_pullup(m, sizeof(struct ether_header)); 544 if (m == NULL) { 545 ic->ic_stats.is_tx_nombuf++; 546 goto bad; 547 } 548 } 549 memcpy(&eh, mtod(m, caddr_t), sizeof(struct ether_header)); 550 551 ni = ieee80211_find_txnode(ic, eh.ether_dhost); 552 if (ni == NULL) { 553 DPRINTF(("no node for dst %s, discard frame\n", 554 ether_sprintf(eh.ether_dhost))); 555 ic->ic_stats.is_tx_nonode++; 556 goto bad; 557 } 558 559 if ((ic->ic_flags & IEEE80211_F_RSNON) && 560 !ni->ni_port_valid && 561 eh.ether_type != htons(ETHERTYPE_PAE)) { 562 DPRINTF(("port not valid: %s\n", 563 ether_sprintf(eh.ether_dhost))); 564 ic->ic_stats.is_tx_noauth++; 565 goto bad; 566 } 567 568 if ((ic->ic_flags & IEEE80211_F_COUNTERM) && 569 ni->ni_rsncipher == IEEE80211_CIPHER_TKIP) 570 /* XXX TKIP countermeasures! */; 571 572 ni->ni_inact = 0; 573 574 if ((ic->ic_flags & IEEE80211_F_QOS) && 575 (ni->ni_flags & IEEE80211_NODE_QOS) && 576 /* do not QoS-encapsulate EAPOL frames */ 577 eh.ether_type != htons(ETHERTYPE_PAE)) { 578 tid = ieee80211_classify(ic, m); 579 hdrlen = sizeof(struct ieee80211_qosframe); 580 addqos = 1; 581 } else { 582 hdrlen = sizeof(struct ieee80211_frame); 583 addqos = 0; 584 } 585 m_adj(m, sizeof(struct ether_header) - LLC_SNAPFRAMELEN); 586 llc = mtod(m, struct llc *); 587 llc->llc_dsap = llc->llc_ssap = LLC_SNAP_LSAP; 588 llc->llc_control = LLC_UI; 589 llc->llc_snap.org_code[0] = 0; 590 llc->llc_snap.org_code[1] = 0; 591 llc->llc_snap.org_code[2] = 0; 592 llc->llc_snap.ether_type = eh.ether_type; 593 M_PREPEND(m, hdrlen, M_DONTWAIT); 594 if (m == NULL) { 595 ic->ic_stats.is_tx_nombuf++; 596 goto bad; 597 } 598 wh = mtod(m, struct ieee80211_frame *); 599 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_DATA; 600 *(u_int16_t *)&wh->i_dur[0] = 0; 601 if (addqos) { 602 struct ieee80211_qosframe *qwh = 603 (struct ieee80211_qosframe *)wh; 604 u_int16_t qos = tid; 605 606 if (ic->ic_tid_noack & (1 << tid)) 607 qos |= IEEE80211_QOS_ACK_POLICY_NOACK; 608 #ifndef IEEE80211_NO_HT 609 else if (ni->ni_tx_ba[tid].ba_state == IEEE80211_BA_AGREED) 610 qos |= IEEE80211_QOS_ACK_POLICY_BA; 611 #endif 612 qwh->i_fc[0] |= IEEE80211_FC0_SUBTYPE_QOS; 613 *(u_int16_t *)qwh->i_qos = htole16(qos); 614 *(u_int16_t *)qwh->i_seq = 615 htole16(ni->ni_qos_txseqs[tid] << IEEE80211_SEQ_SEQ_SHIFT); 616 ni->ni_qos_txseqs[tid]++; 617 } else { 618 *(u_int16_t *)&wh->i_seq[0] = 619 htole16(ni->ni_txseq << IEEE80211_SEQ_SEQ_SHIFT); 620 ni->ni_txseq++; 621 } 622 switch (ic->ic_opmode) { 623 case IEEE80211_M_STA: 624 wh->i_fc[1] = IEEE80211_FC1_DIR_TODS; 625 IEEE80211_ADDR_COPY(wh->i_addr1, ni->ni_bssid); 626 IEEE80211_ADDR_COPY(wh->i_addr2, eh.ether_shost); 627 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_dhost); 628 break; 629 #ifndef IEEE80211_STA_ONLY 630 case IEEE80211_M_IBSS: 631 case IEEE80211_M_AHDEMO: 632 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 633 IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost); 634 IEEE80211_ADDR_COPY(wh->i_addr2, eh.ether_shost); 635 IEEE80211_ADDR_COPY(wh->i_addr3, ic->ic_bss->ni_bssid); 636 break; 637 case IEEE80211_M_HOSTAP: 638 wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS; 639 IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost); 640 IEEE80211_ADDR_COPY(wh->i_addr2, ni->ni_bssid); 641 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_shost); 642 break; 643 #endif 644 default: 645 /* should not get there */ 646 goto bad; 647 } 648 649 if ((ic->ic_flags & IEEE80211_F_WEPON) || 650 ((ic->ic_flags & IEEE80211_F_RSNON) && 651 (ni->ni_flags & IEEE80211_NODE_TXPROT))) 652 wh->i_fc[1] |= IEEE80211_FC1_PROTECTED; 653 654 #ifndef IEEE80211_STA_ONLY 655 if (ic->ic_opmode == IEEE80211_M_HOSTAP && 656 ieee80211_pwrsave(ic, m, ni) != 0) { 657 *pni = NULL; 658 return NULL; 659 } 660 #endif 661 *pni = ni; 662 return m; 663 bad: 664 if (m != NULL) 665 m_freem(m); 666 if (ni != NULL) 667 ieee80211_release_node(ic, ni); 668 *pni = NULL; 669 return NULL; 670 } 671 672 /* 673 * Add a Capability Information field to a frame (see 7.3.1.4). 674 */ 675 u_int8_t * 676 ieee80211_add_capinfo(u_int8_t *frm, struct ieee80211com *ic, 677 const struct ieee80211_node *ni) 678 { 679 u_int16_t capinfo; 680 681 #ifndef IEEE80211_STA_ONLY 682 if (ic->ic_opmode == IEEE80211_M_IBSS) 683 capinfo = IEEE80211_CAPINFO_IBSS; 684 else if (ic->ic_opmode == IEEE80211_M_HOSTAP) 685 capinfo = IEEE80211_CAPINFO_ESS; 686 else 687 #endif 688 capinfo = 0; 689 #ifndef IEEE80211_STA_ONLY 690 if (ic->ic_opmode == IEEE80211_M_HOSTAP && 691 (ic->ic_flags & (IEEE80211_F_WEPON | IEEE80211_F_RSNON))) 692 capinfo |= IEEE80211_CAPINFO_PRIVACY; 693 #endif 694 /* NB: some 11a AP's reject the request when short preamble is set */ 695 if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) && 696 IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) 697 capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE; 698 if (ic->ic_flags & IEEE80211_F_SHSLOT) 699 capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME; 700 LE_WRITE_2(frm, capinfo); 701 return frm + 2; 702 } 703 704 /* 705 * Add an SSID element to a frame (see 7.3.2.1). 706 */ 707 u_int8_t * 708 ieee80211_add_ssid(u_int8_t *frm, const u_int8_t *ssid, u_int len) 709 { 710 *frm++ = IEEE80211_ELEMID_SSID; 711 *frm++ = len; 712 memcpy(frm, ssid, len); 713 return frm + len; 714 } 715 716 /* 717 * Add a supported rates element to a frame (see 7.3.2.2). 718 */ 719 u_int8_t * 720 ieee80211_add_rates(u_int8_t *frm, const struct ieee80211_rateset *rs) 721 { 722 int nrates; 723 724 *frm++ = IEEE80211_ELEMID_RATES; 725 nrates = min(rs->rs_nrates, IEEE80211_RATE_SIZE); 726 *frm++ = nrates; 727 memcpy(frm, rs->rs_rates, nrates); 728 return frm + nrates; 729 } 730 731 #ifndef IEEE80211_STA_ONLY 732 /* 733 * Add a DS Parameter Set element to a frame (see 7.3.2.4). 734 */ 735 u_int8_t * 736 ieee80211_add_ds_params(u_int8_t *frm, struct ieee80211com *ic, 737 const struct ieee80211_node *ni) 738 { 739 *frm++ = IEEE80211_ELEMID_DSPARMS; 740 *frm++ = 1; 741 *frm++ = ieee80211_chan2ieee(ic, ni->ni_chan); 742 return frm; 743 } 744 745 /* 746 * Add a TIM element to a frame (see 7.3.2.6 and Annex L). 747 */ 748 u_int8_t * 749 ieee80211_add_tim(u_int8_t *frm, struct ieee80211com *ic) 750 { 751 u_int i, offset = 0, len; 752 753 /* find first non-zero octet in the virtual bit map */ 754 for (i = 0; i < ic->ic_tim_len && ic->ic_tim_bitmap[i] == 0; i++); 755 756 /* clear the lsb as it is reserved for the broadcast indication bit */ 757 if (i < ic->ic_tim_len) 758 offset = i & ~1; 759 760 /* find last non-zero octet in the virtual bit map */ 761 for (i = ic->ic_tim_len - 1; i > 0 && ic->ic_tim_bitmap[i] == 0; i--); 762 763 len = i - offset + 1; 764 765 *frm++ = IEEE80211_ELEMID_TIM; 766 *frm++ = len + 3; /* length */ 767 *frm++ = ic->ic_dtim_count; /* DTIM count */ 768 *frm++ = ic->ic_dtim_period; /* DTIM period */ 769 770 /* Bitmap Control */ 771 *frm = offset; 772 /* set broadcast/multicast indication bit if necessary */ 773 if (ic->ic_dtim_count == 0 && ic->ic_tim_mcast_pending) 774 *frm |= 0x01; 775 frm++; 776 777 /* Partial Virtual Bitmap */ 778 memcpy(frm, &ic->ic_tim_bitmap[offset], len); 779 return frm + len; 780 } 781 782 /* 783 * Add an IBSS Parameter Set element to a frame (see 7.3.2.7). 784 */ 785 u_int8_t * 786 ieee80211_add_ibss_params(u_int8_t *frm, const struct ieee80211_node *ni) 787 { 788 *frm++ = IEEE80211_ELEMID_IBSSPARMS; 789 *frm++ = 2; 790 LE_WRITE_2(frm, 0); /* TODO: ATIM window */ 791 return frm + 2; 792 } 793 794 /* 795 * Add an EDCA Parameter Set element to a frame (see 7.3.2.29). 796 */ 797 u_int8_t * 798 ieee80211_add_edca_params(u_int8_t *frm, struct ieee80211com *ic) 799 { 800 const struct ieee80211_edca_ac_params *edca; 801 int aci; 802 803 *frm++ = IEEE80211_ELEMID_EDCAPARMS; 804 *frm++ = 18; /* length */ 805 *frm++ = 0; /* QoS Info */ 806 *frm++ = 0; /* reserved */ 807 808 /* setup AC Parameter Records */ 809 edca = ieee80211_qap_edca_table[ic->ic_curmode]; 810 for (aci = 0; aci < EDCA_NUM_AC; aci++) { 811 const struct ieee80211_edca_ac_params *ac = &edca[aci]; 812 813 *frm++ = (aci << 5) | ((ac->ac_acm & 0x1) << 4) | 814 (ac->ac_aifsn & 0xf); 815 *frm++ = (ac->ac_ecwmax << 4) | 816 (ac->ac_ecwmin & 0xf); 817 LE_WRITE_2(frm, ac->ac_txoplimit); frm += 2; 818 } 819 return frm; 820 } 821 822 /* 823 * Add an ERP element to a frame (see 7.3.2.13). 824 */ 825 u_int8_t * 826 ieee80211_add_erp(u_int8_t *frm, struct ieee80211com *ic) 827 { 828 u_int8_t erp; 829 830 *frm++ = IEEE80211_ELEMID_ERP; 831 *frm++ = 1; 832 erp = 0; 833 /* 834 * The NonERP_Present bit shall be set to 1 when a NonERP STA 835 * is associated with the BSS. 836 */ 837 if (ic->ic_nonerpsta != 0) 838 erp |= IEEE80211_ERP_NON_ERP_PRESENT; 839 /* 840 * If one or more NonERP STAs are associated in the BSS, the 841 * Use_Protection bit shall be set to 1 in transmitted ERP 842 * Information Elements. 843 */ 844 if (ic->ic_flags & IEEE80211_F_USEPROT) 845 erp |= IEEE80211_ERP_USE_PROTECTION; 846 /* 847 * The Barker_Preamble_Mode bit shall be set to 1 by the ERP 848 * Information Element sender if one or more associated NonERP 849 * STAs are not short preamble capable. 850 */ 851 if (!(ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 852 erp |= IEEE80211_ERP_BARKER_MODE; 853 *frm++ = erp; 854 return frm; 855 } 856 #endif /* IEEE80211_STA_ONLY */ 857 858 /* 859 * Add a QoS Capability element to a frame (see 7.3.2.35). 860 */ 861 u_int8_t * 862 ieee80211_add_qos_capability(u_int8_t *frm, struct ieee80211com *ic) 863 { 864 *frm++ = IEEE80211_ELEMID_QOS_CAP; 865 *frm++ = 1; 866 *frm++ = 0; /* QoS Info */ 867 return frm; 868 } 869 870 /* 871 * Add an RSN element to a frame (see 7.3.2.25). 872 */ 873 u_int8_t * 874 ieee80211_add_rsn_body(u_int8_t *frm, struct ieee80211com *ic, 875 const struct ieee80211_node *ni, int wpa) 876 { 877 const u_int8_t *oui = wpa ? MICROSOFT_OUI : IEEE80211_OUI; 878 u_int8_t *pcount; 879 u_int16_t count; 880 881 /* write Version field */ 882 LE_WRITE_2(frm, 1); frm += 2; 883 884 /* write Group Data Cipher Suite field (see Table 20da) */ 885 memcpy(frm, oui, 3); frm += 3; 886 switch (ni->ni_rsngroupcipher) { 887 case IEEE80211_CIPHER_WEP40: 888 *frm++ = 1; 889 break; 890 case IEEE80211_CIPHER_TKIP: 891 *frm++ = 2; 892 break; 893 case IEEE80211_CIPHER_CCMP: 894 *frm++ = 4; 895 break; 896 case IEEE80211_CIPHER_WEP104: 897 *frm++ = 5; 898 break; 899 default: 900 /* can't get there */ 901 panic("invalid group data cipher!"); 902 } 903 904 pcount = frm; frm += 2; 905 count = 0; 906 /* write Pairwise Cipher Suite List */ 907 if (ni->ni_rsnciphers & IEEE80211_CIPHER_USEGROUP) { 908 memcpy(frm, oui, 3); frm += 3; 909 *frm++ = 0; 910 count++; 911 } 912 if (ni->ni_rsnciphers & IEEE80211_CIPHER_TKIP) { 913 memcpy(frm, oui, 3); frm += 3; 914 *frm++ = 2; 915 count++; 916 } 917 if (ni->ni_rsnciphers & IEEE80211_CIPHER_CCMP) { 918 memcpy(frm, oui, 3); frm += 3; 919 *frm++ = 4; 920 count++; 921 } 922 /* write Pairwise Cipher Suite Count field */ 923 LE_WRITE_2(pcount, count); 924 925 pcount = frm; frm += 2; 926 count = 0; 927 /* write AKM Suite List (see Table 20dc) */ 928 if (ni->ni_rsnakms & IEEE80211_AKM_8021X) { 929 memcpy(frm, oui, 3); frm += 3; 930 *frm++ = 1; 931 count++; 932 } 933 if (ni->ni_rsnakms & IEEE80211_AKM_PSK) { 934 memcpy(frm, oui, 3); frm += 3; 935 *frm++ = 2; 936 count++; 937 } 938 if (!wpa && (ni->ni_rsnakms & IEEE80211_AKM_SHA256_8021X)) { 939 memcpy(frm, oui, 3); frm += 3; 940 *frm++ = 5; 941 count++; 942 } 943 if (!wpa && (ni->ni_rsnakms & IEEE80211_AKM_SHA256_PSK)) { 944 memcpy(frm, oui, 3); frm += 3; 945 *frm++ = 6; 946 count++; 947 } 948 /* write AKM Suite List Count field */ 949 LE_WRITE_2(pcount, count); 950 951 if (wpa) 952 return frm; 953 954 /* write RSN Capabilities field */ 955 LE_WRITE_2(frm, ni->ni_rsncaps); frm += 2; 956 957 if (ni->ni_flags & IEEE80211_NODE_PMKID) { 958 /* write PMKID Count field */ 959 LE_WRITE_2(frm, 1); frm += 2; 960 /* write PMKID List (only 1) */ 961 memcpy(frm, ni->ni_pmkid, IEEE80211_PMKID_LEN); 962 frm += IEEE80211_PMKID_LEN; 963 } else { 964 /* no PMKID (PMKID Count=0) */ 965 LE_WRITE_2(frm, 0); frm += 2; 966 } 967 968 if (!(ic->ic_caps & IEEE80211_C_MFP)) 969 return frm; 970 971 /* write Group Integrity Cipher Suite field */ 972 memcpy(frm, oui, 3); frm += 3; 973 switch (ic->ic_rsngroupmgmtcipher) { 974 case IEEE80211_CIPHER_BIP: 975 *frm++ = 6; 976 break; 977 default: 978 /* can't get there */ 979 panic("invalid integrity group cipher!"); 980 } 981 return frm; 982 } 983 984 u_int8_t * 985 ieee80211_add_rsn(u_int8_t *frm, struct ieee80211com *ic, 986 const struct ieee80211_node *ni) 987 { 988 u_int8_t *plen; 989 990 *frm++ = IEEE80211_ELEMID_RSN; 991 plen = frm++; /* length filled in later */ 992 frm = ieee80211_add_rsn_body(frm, ic, ni, 0); 993 994 /* write length field */ 995 *plen = frm - plen - 1; 996 return frm; 997 } 998 999 /* 1000 * Add a vendor-specific WPA element to a frame. 1001 * This is required for compatibility with Wi-Fi Alliance WPA. 1002 */ 1003 u_int8_t * 1004 ieee80211_add_wpa(u_int8_t *frm, struct ieee80211com *ic, 1005 const struct ieee80211_node *ni) 1006 { 1007 u_int8_t *plen; 1008 1009 *frm++ = IEEE80211_ELEMID_VENDOR; 1010 plen = frm++; /* length filled in later */ 1011 memcpy(frm, MICROSOFT_OUI, 3); frm += 3; 1012 *frm++ = 1; /* WPA */ 1013 frm = ieee80211_add_rsn_body(frm, ic, ni, 1); 1014 1015 /* write length field */ 1016 *plen = frm - plen - 1; 1017 return frm; 1018 } 1019 1020 /* 1021 * Add an extended supported rates element to a frame (see 7.3.2.14). 1022 */ 1023 u_int8_t * 1024 ieee80211_add_xrates(u_int8_t *frm, const struct ieee80211_rateset *rs) 1025 { 1026 int nrates; 1027 1028 KASSERT(rs->rs_nrates > IEEE80211_RATE_SIZE); 1029 1030 *frm++ = IEEE80211_ELEMID_XRATES; 1031 nrates = rs->rs_nrates - IEEE80211_RATE_SIZE; 1032 *frm++ = nrates; 1033 memcpy(frm, rs->rs_rates + IEEE80211_RATE_SIZE, nrates); 1034 return frm + nrates; 1035 } 1036 1037 #ifndef IEEE80211_NO_HT 1038 /* 1039 * Add an HT Capabilities element to a frame (see 7.3.2.57). 1040 */ 1041 u_int8_t * 1042 ieee80211_add_htcaps(u_int8_t *frm, struct ieee80211com *ic) 1043 { 1044 *frm++ = IEEE80211_ELEMID_HTCAPS; 1045 *frm++ = 26; 1046 LE_WRITE_2(frm, ic->ic_htcaps); frm += 2; 1047 *frm++ = 0; 1048 memcpy(frm, ic->ic_sup_mcs, 16); frm += 16; 1049 LE_WRITE_2(frm, ic->ic_htxcaps); frm += 2; 1050 LE_WRITE_4(frm, ic->ic_txbfcaps); frm += 4; 1051 *frm++ = ic->ic_aselcaps; 1052 return frm; 1053 } 1054 1055 #ifndef IEEE80211_STA_ONLY 1056 /* 1057 * Add an HT Operation element to a frame (see 7.3.2.58). 1058 */ 1059 u_int8_t * 1060 ieee80211_add_htop(u_int8_t *frm, struct ieee80211com *ic) 1061 { 1062 *frm++ = IEEE80211_ELEMID_HTOP; 1063 *frm++ = 22; 1064 *frm++ = ieee80211_chan2ieee(ic, ic->ic_bss->ni_chan); 1065 LE_WRITE_2(frm, 0); frm += 2; 1066 LE_WRITE_2(frm, 0); frm += 2; 1067 memset(frm, 0, 16); frm += 16; 1068 return frm; 1069 } 1070 #endif /* !IEEE80211_STA_ONLY */ 1071 #endif /* !IEEE80211_NO_HT */ 1072 1073 #ifndef IEEE80211_STA_ONLY 1074 /* 1075 * Add a Timeout Interval element to a frame (see 7.3.2.49). 1076 */ 1077 u_int8_t * 1078 ieee80211_add_tie(u_int8_t *frm, u_int8_t type, u_int32_t value) 1079 { 1080 *frm++ = IEEE80211_ELEMID_TIE; 1081 *frm++ = 5; /* length */ 1082 *frm++ = type; /* Timeout Interval type */ 1083 LE_WRITE_4(frm, value); 1084 return frm + 4; 1085 } 1086 #endif 1087 1088 struct mbuf * 1089 ieee80211_getmgmt(int flags, int type, u_int pktlen) 1090 { 1091 struct mbuf *m; 1092 1093 /* reserve space for 802.11 header */ 1094 pktlen += sizeof(struct ieee80211_frame); 1095 1096 if (pktlen > MCLBYTES) 1097 panic("management frame too large: %u", pktlen); 1098 MGETHDR(m, flags, type); 1099 if (m == NULL) 1100 return NULL; 1101 if (pktlen > MHLEN) { 1102 MCLGET(m, flags); 1103 if (!(m->m_flags & M_EXT)) 1104 return m_free(m); 1105 } 1106 m->m_data += sizeof(struct ieee80211_frame); 1107 return m; 1108 } 1109 1110 /*- 1111 * Probe request frame format: 1112 * [tlv] SSID 1113 * [tlv] Supported rates 1114 * [tlv] Extended Supported Rates (802.11g) 1115 * [tlv] HT Capabilities (802.11n) 1116 */ 1117 struct mbuf * 1118 ieee80211_get_probe_req(struct ieee80211com *ic, struct ieee80211_node *ni) 1119 { 1120 const struct ieee80211_rateset *rs = 1121 &ic->ic_sup_rates[ieee80211_chan2mode(ic, ni->ni_chan)]; 1122 struct mbuf *m; 1123 u_int8_t *frm; 1124 1125 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 1126 2 + ic->ic_des_esslen + 1127 2 + min(rs->rs_nrates, IEEE80211_RATE_SIZE) + 1128 ((rs->rs_nrates > IEEE80211_RATE_SIZE) ? 1129 2 + rs->rs_nrates - IEEE80211_RATE_SIZE : 0) + 1130 ((ni->ni_flags & IEEE80211_NODE_HT) ? 28 : 0)); 1131 if (m == NULL) 1132 return NULL; 1133 1134 frm = mtod(m, u_int8_t *); 1135 frm = ieee80211_add_ssid(frm, ic->ic_des_essid, ic->ic_des_esslen); 1136 frm = ieee80211_add_rates(frm, rs); 1137 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 1138 frm = ieee80211_add_xrates(frm, rs); 1139 #ifndef IEEE80211_NO_HT 1140 if (ni->ni_flags & IEEE80211_NODE_HT) 1141 frm = ieee80211_add_htcaps(frm, ic); 1142 #endif 1143 1144 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1145 1146 return m; 1147 } 1148 1149 #ifndef IEEE80211_STA_ONLY 1150 /*- 1151 * Probe response frame format: 1152 * [8] Timestamp 1153 * [2] Beacon interval 1154 * [2] Capability 1155 * [tlv] Service Set Identifier (SSID) 1156 * [tlv] Supported rates 1157 * [tlv] DS Parameter Set (802.11g) 1158 * [tlv] ERP Information (802.11g) 1159 * [tlv] Extended Supported Rates (802.11g) 1160 * [tlv] RSN (802.11i) 1161 * [tlv] EDCA Parameter Set (802.11e) 1162 * [tlv] HT Capabilities (802.11n) 1163 * [tlv] HT Operation (802.11n) 1164 */ 1165 struct mbuf * 1166 ieee80211_get_probe_resp(struct ieee80211com *ic, struct ieee80211_node *ni) 1167 { 1168 const struct ieee80211_rateset *rs = &ic->ic_bss->ni_rates; 1169 struct mbuf *m; 1170 u_int8_t *frm; 1171 1172 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 1173 8 + 2 + 2 + 1174 2 + ni->ni_esslen + 1175 2 + min(rs->rs_nrates, IEEE80211_RATE_SIZE) + 1176 2 + 1 + 1177 ((ic->ic_opmode == IEEE80211_M_IBSS) ? 2 + 2 : 0) + 1178 ((ic->ic_curmode == IEEE80211_MODE_11G) ? 2 + 1 : 0) + 1179 ((rs->rs_nrates > IEEE80211_RATE_SIZE) ? 1180 2 + rs->rs_nrates - IEEE80211_RATE_SIZE : 0) + 1181 (((ic->ic_flags & IEEE80211_F_RSNON) && 1182 (ic->ic_bss->ni_rsnprotos & IEEE80211_PROTO_RSN)) ? 1183 2 + IEEE80211_RSNIE_MAXLEN : 0) + 1184 ((ic->ic_flags & IEEE80211_F_QOS) ? 2 + 18 : 0) + 1185 (((ic->ic_flags & IEEE80211_F_RSNON) && 1186 (ic->ic_bss->ni_rsnprotos & IEEE80211_PROTO_WPA)) ? 1187 2 + IEEE80211_WPAIE_MAXLEN : 0) + 1188 ((ic->ic_flags & IEEE80211_F_HTON) ? 28 + 24 : 0)); 1189 if (m == NULL) 1190 return NULL; 1191 1192 frm = mtod(m, u_int8_t *); 1193 memset(frm, 0, 8); frm += 8; /* timestamp is set by hardware */ 1194 LE_WRITE_2(frm, ic->ic_bss->ni_intval); frm += 2; 1195 frm = ieee80211_add_capinfo(frm, ic, ni); 1196 frm = ieee80211_add_ssid(frm, ic->ic_bss->ni_essid, 1197 ic->ic_bss->ni_esslen); 1198 frm = ieee80211_add_rates(frm, rs); 1199 frm = ieee80211_add_ds_params(frm, ic, ni); 1200 if (ic->ic_opmode == IEEE80211_M_IBSS) 1201 frm = ieee80211_add_ibss_params(frm, ni); 1202 if (ic->ic_curmode == IEEE80211_MODE_11G) 1203 frm = ieee80211_add_erp(frm, ic); 1204 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 1205 frm = ieee80211_add_xrates(frm, rs); 1206 if ((ic->ic_flags & IEEE80211_F_RSNON) && 1207 (ic->ic_bss->ni_rsnprotos & IEEE80211_PROTO_RSN)) 1208 frm = ieee80211_add_rsn(frm, ic, ic->ic_bss); 1209 if (ic->ic_flags & IEEE80211_F_QOS) 1210 frm = ieee80211_add_edca_params(frm, ic); 1211 if ((ic->ic_flags & IEEE80211_F_RSNON) && 1212 (ic->ic_bss->ni_rsnprotos & IEEE80211_PROTO_WPA)) 1213 frm = ieee80211_add_wpa(frm, ic, ic->ic_bss); 1214 #ifndef IEEE80211_NO_HT 1215 if (ic->ic_flags & IEEE80211_F_HTON) { 1216 frm = ieee80211_add_htcaps(frm, ic); 1217 frm = ieee80211_add_htop(frm, ic); 1218 } 1219 #endif 1220 1221 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1222 1223 return m; 1224 } 1225 #endif /* IEEE80211_STA_ONLY */ 1226 1227 /*- 1228 * Authentication frame format: 1229 * [2] Authentication algorithm number 1230 * [2] Authentication transaction sequence number 1231 * [2] Status code 1232 */ 1233 struct mbuf * 1234 ieee80211_get_auth(struct ieee80211com *ic, struct ieee80211_node *ni, 1235 u_int16_t status, u_int16_t seq) 1236 { 1237 struct mbuf *m; 1238 u_int8_t *frm; 1239 1240 MGETHDR(m, M_DONTWAIT, MT_DATA); 1241 if (m == NULL) 1242 return NULL; 1243 MH_ALIGN(m, 2 * 3); 1244 m->m_pkthdr.len = m->m_len = 2 * 3; 1245 1246 frm = mtod(m, u_int8_t *); 1247 LE_WRITE_2(frm, IEEE80211_AUTH_ALG_OPEN); frm += 2; 1248 LE_WRITE_2(frm, seq); frm += 2; 1249 LE_WRITE_2(frm, status); 1250 1251 return m; 1252 } 1253 1254 /*- 1255 * Deauthentication frame format: 1256 * [2] Reason code 1257 */ 1258 struct mbuf * 1259 ieee80211_get_deauth(struct ieee80211com *ic, struct ieee80211_node *ni, 1260 u_int16_t reason) 1261 { 1262 struct mbuf *m; 1263 1264 MGETHDR(m, M_DONTWAIT, MT_DATA); 1265 if (m == NULL) 1266 return NULL; 1267 MH_ALIGN(m, 2); 1268 1269 m->m_pkthdr.len = m->m_len = 2; 1270 *mtod(m, u_int16_t *) = htole16(reason); 1271 1272 return m; 1273 } 1274 1275 /*- 1276 * (Re)Association request frame format: 1277 * [2] Capability information 1278 * [2] Listen interval 1279 * [6*] Current AP address (Reassociation only) 1280 * [tlv] SSID 1281 * [tlv] Supported rates 1282 * [tlv] Extended Supported Rates (802.11g) 1283 * [tlv] RSN (802.11i) 1284 * [tlv] QoS Capability (802.11e) 1285 * [tlv] HT Capabilities (802.11n) 1286 */ 1287 struct mbuf * 1288 ieee80211_get_assoc_req(struct ieee80211com *ic, struct ieee80211_node *ni, 1289 int type) 1290 { 1291 const struct ieee80211_rateset *rs = &ni->ni_rates; 1292 struct mbuf *m; 1293 u_int8_t *frm; 1294 u_int16_t capinfo; 1295 1296 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 1297 2 + 2 + 1298 ((type == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) ? 1299 IEEE80211_ADDR_LEN : 0) + 1300 2 + ni->ni_esslen + 1301 2 + min(rs->rs_nrates, IEEE80211_RATE_SIZE) + 1302 ((rs->rs_nrates > IEEE80211_RATE_SIZE) ? 1303 2 + rs->rs_nrates - IEEE80211_RATE_SIZE : 0) + 1304 (((ic->ic_flags & IEEE80211_F_RSNON) && 1305 (ni->ni_rsnprotos & IEEE80211_PROTO_RSN)) ? 1306 2 + IEEE80211_RSNIE_MAXLEN : 0) + 1307 ((ni->ni_flags & IEEE80211_NODE_QOS) ? 2 + 1 : 0) + 1308 (((ic->ic_flags & IEEE80211_F_RSNON) && 1309 (ni->ni_rsnprotos & IEEE80211_PROTO_WPA)) ? 1310 2 + IEEE80211_WPAIE_MAXLEN : 0) + 1311 ((ni->ni_flags & IEEE80211_NODE_HT) ? 28 : 0)); 1312 if (m == NULL) 1313 return NULL; 1314 1315 frm = mtod(m, u_int8_t *); 1316 capinfo = IEEE80211_CAPINFO_ESS; 1317 if (ic->ic_flags & IEEE80211_F_WEPON) 1318 capinfo |= IEEE80211_CAPINFO_PRIVACY; 1319 if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) && 1320 IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) 1321 capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE; 1322 if (ic->ic_caps & IEEE80211_C_SHSLOT) 1323 capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME; 1324 LE_WRITE_2(frm, capinfo); frm += 2; 1325 LE_WRITE_2(frm, ic->ic_lintval); frm += 2; 1326 if (type == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) { 1327 IEEE80211_ADDR_COPY(frm, ic->ic_bss->ni_bssid); 1328 frm += IEEE80211_ADDR_LEN; 1329 } 1330 frm = ieee80211_add_ssid(frm, ni->ni_essid, ni->ni_esslen); 1331 frm = ieee80211_add_rates(frm, rs); 1332 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 1333 frm = ieee80211_add_xrates(frm, rs); 1334 if ((ic->ic_flags & IEEE80211_F_RSNON) && 1335 (ni->ni_rsnprotos & IEEE80211_PROTO_RSN)) 1336 frm = ieee80211_add_rsn(frm, ic, ni); 1337 if (ni->ni_flags & IEEE80211_NODE_QOS) 1338 frm = ieee80211_add_qos_capability(frm, ic); 1339 if ((ic->ic_flags & IEEE80211_F_RSNON) && 1340 (ni->ni_rsnprotos & IEEE80211_PROTO_WPA)) 1341 frm = ieee80211_add_wpa(frm, ic, ni); 1342 #ifndef IEEE80211_NO_HT 1343 if (ni->ni_flags & IEEE80211_NODE_HT) 1344 frm = ieee80211_add_htcaps(frm, ic); 1345 #endif 1346 1347 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1348 1349 return m; 1350 } 1351 1352 #ifndef IEEE80211_STA_ONLY 1353 /*- 1354 * (Re)Association response frame format: 1355 * [2] Capability information 1356 * [2] Status code 1357 * [2] Association ID (AID) 1358 * [tlv] Supported rates 1359 * [tlv] Extended Supported Rates (802.11g) 1360 * [tlv] EDCA Parameter Set (802.11e) 1361 * [tlv] Timeout Interval (802.11w) 1362 * [tlv] HT Capabilities (802.11n) 1363 * [tlv] HT Operation (802.11n) 1364 */ 1365 struct mbuf * 1366 ieee80211_get_assoc_resp(struct ieee80211com *ic, struct ieee80211_node *ni, 1367 u_int16_t status) 1368 { 1369 const struct ieee80211_rateset *rs = &ni->ni_rates; 1370 struct mbuf *m; 1371 u_int8_t *frm; 1372 1373 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 1374 2 + 2 + 2 + 1375 2 + min(rs->rs_nrates, IEEE80211_RATE_SIZE) + 1376 ((rs->rs_nrates > IEEE80211_RATE_SIZE) ? 1377 2 + rs->rs_nrates - IEEE80211_RATE_SIZE : 0) + 1378 ((ni->ni_flags & IEEE80211_NODE_QOS) ? 2 + 18 : 0) + 1379 ((status == IEEE80211_STATUS_TRY_AGAIN_LATER) ? 2 + 7 : 0) + 1380 ((ni->ni_flags & IEEE80211_NODE_HT) ? 28 + 24 : 0)); 1381 if (m == NULL) 1382 return NULL; 1383 1384 frm = mtod(m, u_int8_t *); 1385 frm = ieee80211_add_capinfo(frm, ic, ni); 1386 LE_WRITE_2(frm, status); frm += 2; 1387 if (status == IEEE80211_STATUS_SUCCESS) 1388 LE_WRITE_2(frm, ni->ni_associd); 1389 else 1390 LE_WRITE_2(frm, 0); 1391 frm += 2; 1392 frm = ieee80211_add_rates(frm, rs); 1393 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 1394 frm = ieee80211_add_xrates(frm, rs); 1395 if (ni->ni_flags & IEEE80211_NODE_QOS) 1396 frm = ieee80211_add_edca_params(frm, ic); 1397 if ((ni->ni_flags & IEEE80211_NODE_MFP) && 1398 status == IEEE80211_STATUS_TRY_AGAIN_LATER) { 1399 /* Association Comeback Time */ 1400 frm = ieee80211_add_tie(frm, 3, 1000 /* XXX */); 1401 } 1402 #ifndef IEEE80211_NO_HT 1403 if (ni->ni_flags & IEEE80211_NODE_HT) { 1404 frm = ieee80211_add_htcaps(frm, ic); 1405 frm = ieee80211_add_htop(frm, ic); 1406 } 1407 #endif 1408 1409 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1410 1411 return m; 1412 } 1413 #endif /* IEEE80211_STA_ONLY */ 1414 1415 /*- 1416 * Disassociation frame format: 1417 * [2] Reason code 1418 */ 1419 struct mbuf * 1420 ieee80211_get_disassoc(struct ieee80211com *ic, struct ieee80211_node *ni, 1421 u_int16_t reason) 1422 { 1423 struct mbuf *m; 1424 1425 MGETHDR(m, M_DONTWAIT, MT_DATA); 1426 if (m == NULL) 1427 return NULL; 1428 MH_ALIGN(m, 2); 1429 1430 m->m_pkthdr.len = m->m_len = 2; 1431 *mtod(m, u_int16_t *) = htole16(reason); 1432 1433 return m; 1434 } 1435 1436 #ifndef IEEE80211_NO_HT 1437 /*- 1438 * ADDBA Request frame format: 1439 * [1] Category 1440 * [1] Action 1441 * [1] Dialog Token 1442 * [2] Block Ack Parameter Set 1443 * [2] Block Ack Timeout Value 1444 * [2] Block Ack Starting Sequence Control 1445 */ 1446 struct mbuf * 1447 ieee80211_get_addba_req(struct ieee80211com *ic, struct ieee80211_node *ni, 1448 u_int8_t tid) 1449 { 1450 struct ieee80211_tx_ba *ba = &ni->ni_tx_ba[tid]; 1451 struct mbuf *m; 1452 u_int8_t *frm; 1453 u_int16_t params; 1454 1455 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 9); 1456 if (m == NULL) 1457 return m; 1458 1459 frm = mtod(m, u_int8_t *); 1460 *frm++ = IEEE80211_CATEG_BA; 1461 *frm++ = IEEE80211_ACTION_ADDBA_REQ; 1462 *frm++ = ba->ba_token; 1463 params = ba->ba_winsize << 6 | tid << 2 | IEEE80211_BA_ACK_POLICY; 1464 LE_WRITE_2(frm, params); frm += 2; 1465 LE_WRITE_2(frm, ba->ba_timeout_val); frm += 2; 1466 LE_WRITE_2(frm, ba->ba_winstart); frm += 2; 1467 1468 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1469 1470 return m; 1471 } 1472 1473 /*- 1474 * ADDBA Response frame format: 1475 * [1] Category 1476 * [1] Action 1477 * [1] Dialog Token 1478 * [2] Status Code 1479 * [2] Block Ack Parameter Set 1480 * [2] Block Ack Timeout Value 1481 */ 1482 struct mbuf * 1483 ieee80211_get_addba_resp(struct ieee80211com *ic, struct ieee80211_node *ni, 1484 u_int8_t tid, u_int8_t token, u_int16_t status) 1485 { 1486 struct ieee80211_rx_ba *ba = &ni->ni_rx_ba[tid]; 1487 struct mbuf *m; 1488 u_int8_t *frm; 1489 u_int16_t params; 1490 1491 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 9); 1492 if (m == NULL) 1493 return m; 1494 1495 frm = mtod(m, u_int8_t *); 1496 *frm++ = IEEE80211_CATEG_BA; 1497 *frm++ = IEEE80211_ACTION_ADDBA_RESP; 1498 *frm++ = token; 1499 LE_WRITE_2(frm, status); frm += 2; 1500 params = tid << 2 | IEEE80211_BA_ACK_POLICY; 1501 if (status == 0) 1502 params |= ba->ba_winsize << 6; 1503 LE_WRITE_2(frm, params); frm += 2; 1504 if (status == 0) 1505 LE_WRITE_2(frm, ba->ba_timeout_val); 1506 else 1507 LE_WRITE_2(frm, 0); 1508 frm += 2; 1509 1510 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1511 1512 return m; 1513 } 1514 1515 /*- 1516 * DELBA frame format: 1517 * [1] Category 1518 * [1] Action 1519 * [2] DELBA Parameter Set 1520 * [2] Reason Code 1521 */ 1522 struct mbuf * 1523 ieee80211_get_delba(struct ieee80211com *ic, struct ieee80211_node *ni, 1524 u_int8_t tid, u_int8_t dir, u_int16_t reason) 1525 { 1526 struct mbuf *m; 1527 u_int8_t *frm; 1528 u_int16_t params; 1529 1530 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 6); 1531 if (m == NULL) 1532 return m; 1533 1534 frm = mtod(m, u_int8_t *); 1535 *frm++ = IEEE80211_CATEG_BA; 1536 *frm++ = IEEE80211_ACTION_DELBA; 1537 params = tid << 12; 1538 if (dir) 1539 params |= IEEE80211_DELBA_INITIATOR; 1540 LE_WRITE_2(frm, params); frm += 2; 1541 LE_WRITE_2(frm, reason); frm += 2; 1542 1543 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1544 1545 return m; 1546 } 1547 #endif /* !IEEE80211_NO_HT */ 1548 1549 /*- 1550 * SA Query Request/Reponse frame format: 1551 * [1] Category 1552 * [1] Action 1553 * [16] Transaction Identifier 1554 */ 1555 struct mbuf * 1556 ieee80211_get_sa_query(struct ieee80211com *ic, struct ieee80211_node *ni, 1557 u_int8_t action) 1558 { 1559 struct mbuf *m; 1560 u_int8_t *frm; 1561 1562 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 4); 1563 if (m == NULL) 1564 return NULL; 1565 1566 frm = mtod(m, u_int8_t *); 1567 *frm++ = IEEE80211_CATEG_SA_QUERY; 1568 *frm++ = action; /* ACTION_SA_QUERY_REQ/RESP */ 1569 LE_WRITE_2(frm, ni->ni_sa_query_trid); frm += 2; 1570 1571 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1572 1573 return m; 1574 } 1575 1576 struct mbuf * 1577 ieee80211_get_action(struct ieee80211com *ic, struct ieee80211_node *ni, 1578 u_int8_t categ, u_int8_t action, int arg) 1579 { 1580 struct mbuf *m = NULL; 1581 1582 switch (categ) { 1583 #ifndef IEEE80211_NO_HT 1584 case IEEE80211_CATEG_BA: 1585 switch (action) { 1586 case IEEE80211_ACTION_ADDBA_REQ: 1587 m = ieee80211_get_addba_req(ic, ni, arg & 0xffff); 1588 break; 1589 case IEEE80211_ACTION_ADDBA_RESP: 1590 m = ieee80211_get_addba_resp(ic, ni, arg & 0xff, 1591 arg >> 8, arg >> 16); 1592 break; 1593 case IEEE80211_ACTION_DELBA: 1594 m = ieee80211_get_delba(ic, ni, arg & 0xff, arg >> 8, 1595 arg >> 16); 1596 break; 1597 } 1598 break; 1599 #endif 1600 case IEEE80211_CATEG_SA_QUERY: 1601 switch (action) { 1602 #ifndef IEEE80211_STA_ONLY 1603 case IEEE80211_ACTION_SA_QUERY_REQ: 1604 #endif 1605 case IEEE80211_ACTION_SA_QUERY_RESP: 1606 m = ieee80211_get_sa_query(ic, ni, action); 1607 break; 1608 } 1609 break; 1610 } 1611 return m; 1612 } 1613 1614 /* 1615 * Send a management frame. The node is for the destination (or ic_bss 1616 * when in station mode). Nodes other than ic_bss have their reference 1617 * count bumped to reflect our use for an indeterminant time. 1618 */ 1619 int 1620 ieee80211_send_mgmt(struct ieee80211com *ic, struct ieee80211_node *ni, 1621 int type, int arg1, int arg2) 1622 { 1623 #define senderr(_x, _v) do { ic->ic_stats._v++; ret = _x; goto bad; } while (0) 1624 struct ifnet *ifp = &ic->ic_if; 1625 struct mbuf *m; 1626 int ret, timer; 1627 1628 if (ni == NULL) 1629 panic("null node"); 1630 1631 /* 1632 * Hold a reference on the node so it doesn't go away until after 1633 * the xmit is complete all the way in the driver. On error we 1634 * will remove our reference. 1635 */ 1636 ieee80211_ref_node(ni); 1637 timer = 0; 1638 switch (type) { 1639 case IEEE80211_FC0_SUBTYPE_PROBE_REQ: 1640 if ((m = ieee80211_get_probe_req(ic, ni)) == NULL) 1641 senderr(ENOMEM, is_tx_nombuf); 1642 1643 timer = IEEE80211_TRANS_WAIT; 1644 break; 1645 #ifndef IEEE80211_STA_ONLY 1646 case IEEE80211_FC0_SUBTYPE_PROBE_RESP: 1647 if ((m = ieee80211_get_probe_resp(ic, ni)) == NULL) 1648 senderr(ENOMEM, is_tx_nombuf); 1649 break; 1650 #endif 1651 case IEEE80211_FC0_SUBTYPE_AUTH: 1652 m = ieee80211_get_auth(ic, ni, arg1 >> 16, arg1 & 0xffff); 1653 if (m == NULL) 1654 senderr(ENOMEM, is_tx_nombuf); 1655 1656 if (ic->ic_opmode == IEEE80211_M_STA) 1657 timer = IEEE80211_TRANS_WAIT; 1658 break; 1659 1660 case IEEE80211_FC0_SUBTYPE_DEAUTH: 1661 if ((m = ieee80211_get_deauth(ic, ni, arg1)) == NULL) 1662 senderr(ENOMEM, is_tx_nombuf); 1663 1664 if (ifp->if_flags & IFF_DEBUG) { 1665 printf("%s: station %s deauthenticate (reason %d)\n", 1666 ifp->if_xname, ether_sprintf(ni->ni_macaddr), 1667 arg1); 1668 } 1669 break; 1670 1671 case IEEE80211_FC0_SUBTYPE_ASSOC_REQ: 1672 case IEEE80211_FC0_SUBTYPE_REASSOC_REQ: 1673 if ((m = ieee80211_get_assoc_req(ic, ni, type)) == NULL) 1674 senderr(ENOMEM, is_tx_nombuf); 1675 1676 timer = IEEE80211_TRANS_WAIT; 1677 break; 1678 #ifndef IEEE80211_STA_ONLY 1679 case IEEE80211_FC0_SUBTYPE_ASSOC_RESP: 1680 case IEEE80211_FC0_SUBTYPE_REASSOC_RESP: 1681 if ((m = ieee80211_get_assoc_resp(ic, ni, arg1)) == NULL) 1682 senderr(ENOMEM, is_tx_nombuf); 1683 break; 1684 #endif 1685 case IEEE80211_FC0_SUBTYPE_DISASSOC: 1686 if ((m = ieee80211_get_disassoc(ic, ni, arg1)) == NULL) 1687 senderr(ENOMEM, is_tx_nombuf); 1688 1689 if (ifp->if_flags & IFF_DEBUG) { 1690 printf("%s: station %s disassociate (reason %d)\n", 1691 ifp->if_xname, ether_sprintf(ni->ni_macaddr), 1692 arg1); 1693 } 1694 break; 1695 1696 case IEEE80211_FC0_SUBTYPE_ACTION: 1697 m = ieee80211_get_action(ic, ni, arg1 >> 16, arg1 & 0xffff, 1698 arg2); 1699 if (m == NULL) 1700 senderr(ENOMEM, is_tx_nombuf); 1701 break; 1702 1703 default: 1704 DPRINTF(("invalid mgmt frame type %u\n", type)); 1705 senderr(EINVAL, is_tx_unknownmgt); 1706 /* NOTREACHED */ 1707 } 1708 1709 ret = ieee80211_mgmt_output(ifp, ni, m, type); 1710 if (ret == 0) { 1711 if (timer) 1712 ic->ic_mgt_timer = timer; 1713 } else { 1714 bad: 1715 ieee80211_release_node(ic, ni); 1716 } 1717 return ret; 1718 #undef senderr 1719 } 1720 1721 /* 1722 * Build a RTS (Request To Send) control frame (see 7.2.1.1). 1723 */ 1724 struct mbuf * 1725 ieee80211_get_rts(struct ieee80211com *ic, const struct ieee80211_frame *wh, 1726 u_int16_t dur) 1727 { 1728 struct ieee80211_frame_rts *rts; 1729 struct mbuf *m; 1730 1731 MGETHDR(m, M_DONTWAIT, MT_DATA); 1732 if (m == NULL) 1733 return NULL; 1734 1735 m->m_pkthdr.len = m->m_len = sizeof(struct ieee80211_frame_rts); 1736 1737 rts = mtod(m, struct ieee80211_frame_rts *); 1738 rts->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_CTL | 1739 IEEE80211_FC0_SUBTYPE_RTS; 1740 rts->i_fc[1] = IEEE80211_FC1_DIR_NODS; 1741 *(u_int16_t *)rts->i_dur = htole16(dur); 1742 IEEE80211_ADDR_COPY(rts->i_ra, wh->i_addr1); 1743 IEEE80211_ADDR_COPY(rts->i_ta, wh->i_addr2); 1744 1745 return m; 1746 } 1747 1748 /* 1749 * Build a CTS-to-self (Clear To Send) control frame (see 7.2.1.2). 1750 */ 1751 struct mbuf * 1752 ieee80211_get_cts_to_self(struct ieee80211com *ic, u_int16_t dur) 1753 { 1754 struct ieee80211_frame_cts *cts; 1755 struct mbuf *m; 1756 1757 MGETHDR(m, M_DONTWAIT, MT_DATA); 1758 if (m == NULL) 1759 return NULL; 1760 1761 m->m_pkthdr.len = m->m_len = sizeof(struct ieee80211_frame_cts); 1762 1763 cts = mtod(m, struct ieee80211_frame_cts *); 1764 cts->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_CTL | 1765 IEEE80211_FC0_SUBTYPE_CTS; 1766 cts->i_fc[1] = IEEE80211_FC1_DIR_NODS; 1767 *(u_int16_t *)cts->i_dur = htole16(dur); 1768 IEEE80211_ADDR_COPY(cts->i_ra, ic->ic_myaddr); 1769 1770 return m; 1771 } 1772 1773 #ifndef IEEE80211_STA_ONLY 1774 /*- 1775 * Beacon frame format: 1776 * [8] Timestamp 1777 * [2] Beacon interval 1778 * [2] Capability 1779 * [tlv] Service Set Identifier (SSID) 1780 * [tlv] Supported rates 1781 * [tlv] DS Parameter Set (802.11g) 1782 * [tlv] IBSS Parameter Set 1783 * [tlv] Traffic Indication Map (TIM) 1784 * [tlv] ERP Information (802.11g) 1785 * [tlv] Extended Supported Rates (802.11g) 1786 * [tlv] RSN (802.11i) 1787 * [tlv] EDCA Parameter Set (802.11e) 1788 * [tlv] HT Capabilities (802.11n) 1789 * [tlv] HT Operation (802.11n) 1790 */ 1791 struct mbuf * 1792 ieee80211_beacon_alloc(struct ieee80211com *ic, struct ieee80211_node *ni) 1793 { 1794 const struct ieee80211_rateset *rs = &ni->ni_rates; 1795 struct ieee80211_frame *wh; 1796 struct mbuf *m; 1797 u_int8_t *frm; 1798 1799 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 1800 8 + 2 + 2 + 1801 2 + ((ic->ic_flags & IEEE80211_F_HIDENWID) ? 0 : ni->ni_esslen) + 1802 2 + min(rs->rs_nrates, IEEE80211_RATE_SIZE) + 1803 2 + 1 + 1804 2 + ((ic->ic_opmode == IEEE80211_M_IBSS) ? 2 : 254) + 1805 ((ic->ic_curmode == IEEE80211_MODE_11G) ? 2 + 1 : 0) + 1806 ((rs->rs_nrates > IEEE80211_RATE_SIZE) ? 1807 2 + rs->rs_nrates - IEEE80211_RATE_SIZE : 0) + 1808 (((ic->ic_flags & IEEE80211_F_RSNON) && 1809 (ni->ni_rsnprotos & IEEE80211_PROTO_RSN)) ? 1810 2 + IEEE80211_RSNIE_MAXLEN : 0) + 1811 ((ic->ic_flags & IEEE80211_F_QOS) ? 2 + 18 : 0) + 1812 (((ic->ic_flags & IEEE80211_F_RSNON) && 1813 (ni->ni_rsnprotos & IEEE80211_PROTO_WPA)) ? 1814 2 + IEEE80211_WPAIE_MAXLEN : 0) + 1815 ((ic->ic_flags & IEEE80211_F_HTON) ? 28 + 24 : 0)); 1816 if (m == NULL) 1817 return NULL; 1818 1819 M_PREPEND(m, sizeof(struct ieee80211_frame), M_DONTWAIT); 1820 if (m == NULL) 1821 return NULL; 1822 wh = mtod(m, struct ieee80211_frame *); 1823 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 1824 IEEE80211_FC0_SUBTYPE_BEACON; 1825 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 1826 *(u_int16_t *)wh->i_dur = 0; 1827 IEEE80211_ADDR_COPY(wh->i_addr1, etherbroadcastaddr); 1828 IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_myaddr); 1829 IEEE80211_ADDR_COPY(wh->i_addr3, ni->ni_bssid); 1830 *(u_int16_t *)wh->i_seq = 0; 1831 1832 frm = (u_int8_t *)&wh[1]; 1833 memset(frm, 0, 8); frm += 8; /* timestamp is set by hardware */ 1834 LE_WRITE_2(frm, ni->ni_intval); frm += 2; 1835 frm = ieee80211_add_capinfo(frm, ic, ni); 1836 if (ic->ic_flags & IEEE80211_F_HIDENWID) 1837 frm = ieee80211_add_ssid(frm, NULL, 0); 1838 else 1839 frm = ieee80211_add_ssid(frm, ni->ni_essid, ni->ni_esslen); 1840 frm = ieee80211_add_rates(frm, rs); 1841 frm = ieee80211_add_ds_params(frm, ic, ni); 1842 if (ic->ic_opmode == IEEE80211_M_IBSS) 1843 frm = ieee80211_add_ibss_params(frm, ni); 1844 else 1845 frm = ieee80211_add_tim(frm, ic); 1846 if (ic->ic_curmode == IEEE80211_MODE_11G) 1847 frm = ieee80211_add_erp(frm, ic); 1848 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 1849 frm = ieee80211_add_xrates(frm, rs); 1850 if ((ic->ic_flags & IEEE80211_F_RSNON) && 1851 (ni->ni_rsnprotos & IEEE80211_PROTO_RSN)) 1852 frm = ieee80211_add_rsn(frm, ic, ni); 1853 if (ic->ic_flags & IEEE80211_F_QOS) 1854 frm = ieee80211_add_edca_params(frm, ic); 1855 if ((ic->ic_flags & IEEE80211_F_RSNON) && 1856 (ni->ni_rsnprotos & IEEE80211_PROTO_WPA)) 1857 frm = ieee80211_add_wpa(frm, ic, ni); 1858 #ifndef IEEE80211_NO_HT 1859 if (ic->ic_flags & IEEE80211_F_HTON) { 1860 frm = ieee80211_add_htcaps(frm, ic); 1861 frm = ieee80211_add_htop(frm, ic); 1862 } 1863 #endif 1864 1865 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1866 m->m_pkthdr.ph_cookie = ni; 1867 1868 return m; 1869 } 1870 1871 /* 1872 * Check if an outgoing MSDU or management frame should be buffered into 1873 * the AP for power management. Return 1 if the frame was buffered into 1874 * the AP, or 0 if the frame shall be transmitted immediately. 1875 */ 1876 int 1877 ieee80211_pwrsave(struct ieee80211com *ic, struct mbuf *m, 1878 struct ieee80211_node *ni) 1879 { 1880 const struct ieee80211_frame *wh; 1881 1882 KASSERT(ic->ic_opmode == IEEE80211_M_HOSTAP); 1883 if (!(ic->ic_caps & IEEE80211_C_APPMGT)) 1884 return 0; 1885 1886 wh = mtod(m, struct ieee80211_frame *); 1887 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) { 1888 /* 1889 * Buffer group addressed MSDUs with the Order bit clear 1890 * if any associated STAs are in PS mode. 1891 */ 1892 if ((wh->i_fc[1] & IEEE80211_FC1_ORDER) || 1893 ic->ic_pssta == 0) 1894 return 0; 1895 ic->ic_tim_mcast_pending = 1; 1896 } else { 1897 /* 1898 * Buffer MSDUs, A-MSDUs or management frames destined for 1899 * PS STAs. 1900 */ 1901 if (ni->ni_pwrsave == IEEE80211_PS_AWAKE || 1902 (wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == 1903 IEEE80211_FC0_TYPE_CTL) 1904 return 0; 1905 if (IF_IS_EMPTY(&ni->ni_savedq)) 1906 (*ic->ic_set_tim)(ic, ni->ni_associd, 1); 1907 } 1908 /* NB: ni == ic->ic_bss for broadcast/multicast */ 1909 if (IF_QFULL(&ni->ni_savedq)) { 1910 /* XXX should we drop the oldest instead? */ 1911 IF_DROP(&ni->ni_savedq); 1912 m_freem(m); 1913 } else { 1914 IF_ENQUEUE(&ni->ni_savedq, m); 1915 /* 1916 * Similar to ieee80211_mgmt_output, store the node in a 1917 * special pkthdr field. 1918 */ 1919 m->m_pkthdr.ph_cookie = ni; 1920 } 1921 return 1; 1922 } 1923 #endif /* IEEE80211_STA_ONLY */ 1924