1 /* $OpenBSD: ieee80211_output.c,v 1.125 2019/05/12 18:12:38 stsp Exp $ */ 2 /* $NetBSD: ieee80211_output.c,v 1.13 2004/05/31 11:02:55 dyoung Exp $ */ 3 4 /*- 5 * Copyright (c) 2001 Atsushi Onoe 6 * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting 7 * Copyright (c) 2007-2009 Damien Bergamini 8 * All rights reserved. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. The name of the author may not be used to endorse or promote products 19 * derived from this software without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 22 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 23 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 24 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 25 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 26 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 30 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 #include "bpfilter.h" 34 #include "vlan.h" 35 36 #include <sys/param.h> 37 #include <sys/systm.h> 38 #include <sys/mbuf.h> 39 #include <sys/kernel.h> 40 #include <sys/socket.h> 41 #include <sys/sockio.h> 42 #include <sys/endian.h> 43 #include <sys/errno.h> 44 #include <sys/sysctl.h> 45 46 #include <net/if.h> 47 #include <net/if_dl.h> 48 #include <net/if_media.h> 49 #include <net/if_llc.h> 50 #include <net/bpf.h> 51 52 #include <netinet/in.h> 53 #include <netinet/if_ether.h> 54 #include <netinet/ip.h> 55 #ifdef INET6 56 #include <netinet/ip6.h> 57 #endif 58 59 #if NVLAN > 0 60 #include <net/if_vlan_var.h> 61 #endif 62 63 #include <net80211/ieee80211_var.h> 64 #include <net80211/ieee80211_priv.h> 65 66 int ieee80211_mgmt_output(struct ifnet *, struct ieee80211_node *, 67 struct mbuf *, int); 68 u_int8_t *ieee80211_add_rsn_body(u_int8_t *, struct ieee80211com *, 69 const struct ieee80211_node *, int); 70 struct mbuf *ieee80211_getmgmt(int, int, u_int); 71 struct mbuf *ieee80211_get_probe_req(struct ieee80211com *, 72 struct ieee80211_node *); 73 #ifndef IEEE80211_STA_ONLY 74 struct mbuf *ieee80211_get_probe_resp(struct ieee80211com *, 75 struct ieee80211_node *); 76 #endif 77 struct mbuf *ieee80211_get_auth(struct ieee80211com *, 78 struct ieee80211_node *, u_int16_t, u_int16_t); 79 struct mbuf *ieee80211_get_deauth(struct ieee80211com *, 80 struct ieee80211_node *, u_int16_t); 81 struct mbuf *ieee80211_get_assoc_req(struct ieee80211com *, 82 struct ieee80211_node *, int); 83 #ifndef IEEE80211_STA_ONLY 84 struct mbuf *ieee80211_get_assoc_resp(struct ieee80211com *, 85 struct ieee80211_node *, u_int16_t); 86 #endif 87 struct mbuf *ieee80211_get_disassoc(struct ieee80211com *, 88 struct ieee80211_node *, u_int16_t); 89 struct mbuf *ieee80211_get_addba_req(struct ieee80211com *, 90 struct ieee80211_node *, u_int8_t); 91 struct mbuf *ieee80211_get_addba_resp(struct ieee80211com *, 92 struct ieee80211_node *, u_int8_t, u_int8_t, u_int16_t); 93 struct mbuf *ieee80211_get_delba(struct ieee80211com *, 94 struct ieee80211_node *, u_int8_t, u_int8_t, u_int16_t); 95 uint8_t *ieee80211_add_wme_info(uint8_t *, struct ieee80211com *); 96 #ifndef IEEE80211_STA_ONLY 97 uint8_t *ieee80211_add_wme_param(uint8_t *, struct ieee80211com *); 98 #endif 99 struct mbuf *ieee80211_get_sa_query(struct ieee80211com *, 100 struct ieee80211_node *, u_int8_t); 101 struct mbuf *ieee80211_get_action(struct ieee80211com *, 102 struct ieee80211_node *, u_int8_t, u_int8_t, int); 103 104 /* 105 * IEEE 802.11 output routine. Normally this will directly call the 106 * Ethernet output routine because 802.11 encapsulation is called 107 * later by the driver. This function can be used to send raw frames 108 * if the mbuf has been tagged with a 802.11 data link type. 109 */ 110 int 111 ieee80211_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, 112 struct rtentry *rt) 113 { 114 struct ieee80211_frame *wh; 115 struct m_tag *mtag; 116 int error = 0; 117 118 /* Interface has to be up and running */ 119 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) != 120 (IFF_UP | IFF_RUNNING)) { 121 error = ENETDOWN; 122 goto bad; 123 } 124 125 /* Try to get the DLT from a mbuf tag */ 126 if ((mtag = m_tag_find(m, PACKET_TAG_DLT, NULL)) != NULL) { 127 struct ieee80211com *ic = (void *)ifp; 128 u_int dlt = *(u_int *)(mtag + 1); 129 130 /* Fallback to ethernet for non-802.11 linktypes */ 131 if (!(dlt == DLT_IEEE802_11 || dlt == DLT_IEEE802_11_RADIO)) 132 goto fallback; 133 134 if (m->m_pkthdr.len < sizeof(struct ieee80211_frame_min)) 135 return (EINVAL); 136 wh = mtod(m, struct ieee80211_frame *); 137 if ((wh->i_fc[0] & IEEE80211_FC0_VERSION_MASK) != 138 IEEE80211_FC0_VERSION_0) 139 return (EINVAL); 140 if (!(ic->ic_caps & IEEE80211_C_RAWCTL) && 141 (wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == 142 IEEE80211_FC0_TYPE_CTL) 143 return (EINVAL); 144 145 return (if_enqueue(ifp, m)); 146 } 147 148 fallback: 149 return (ether_output(ifp, m, dst, rt)); 150 151 bad: 152 m_freem(m); 153 return (error); 154 } 155 156 /* 157 * Send a management frame to the specified node. The node pointer 158 * must have a reference as the pointer will be passed to the driver 159 * and potentially held for a long time. If the frame is successfully 160 * dispatched to the driver, then it is responsible for freeing the 161 * reference (and potentially free'ing up any associated storage). 162 */ 163 int 164 ieee80211_mgmt_output(struct ifnet *ifp, struct ieee80211_node *ni, 165 struct mbuf *m, int type) 166 { 167 struct ieee80211com *ic = (void *)ifp; 168 struct ieee80211_frame *wh; 169 170 if (ni == NULL) 171 panic("null node"); 172 ni->ni_inact = 0; 173 174 /* 175 * We want to pass the node down to the driver's start 176 * routine. We could stick this in an m_tag and tack that 177 * on to the mbuf. However that's rather expensive to do 178 * for every frame so instead we stuff it in a special pkthdr 179 * field. 180 */ 181 M_PREPEND(m, sizeof(struct ieee80211_frame), M_DONTWAIT); 182 if (m == NULL) 183 return ENOMEM; 184 m->m_pkthdr.ph_cookie = ni; 185 186 wh = mtod(m, struct ieee80211_frame *); 187 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | type; 188 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 189 *(u_int16_t *)&wh->i_dur[0] = 0; 190 *(u_int16_t *)&wh->i_seq[0] = 191 htole16(ni->ni_txseq << IEEE80211_SEQ_SEQ_SHIFT); 192 ni->ni_txseq++; 193 IEEE80211_ADDR_COPY(wh->i_addr1, ni->ni_macaddr); 194 IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_myaddr); 195 IEEE80211_ADDR_COPY(wh->i_addr3, ni->ni_bssid); 196 197 /* check if protection is required for this mgmt frame */ 198 if ((ic->ic_caps & IEEE80211_C_MFP) && 199 (type == IEEE80211_FC0_SUBTYPE_DISASSOC || 200 type == IEEE80211_FC0_SUBTYPE_DEAUTH || 201 type == IEEE80211_FC0_SUBTYPE_ACTION)) { 202 /* 203 * Hack: we should not set the Protected bit in outgoing 204 * group management frames, however it is used as an 205 * indication to the drivers that they must encrypt the 206 * frame. Drivers should clear this bit from group 207 * management frames (software crypto code will do it). 208 * XXX could use an mbuf flag.. 209 */ 210 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 211 (ni->ni_flags & IEEE80211_NODE_TXMGMTPROT)) 212 wh->i_fc[1] |= IEEE80211_FC1_PROTECTED; 213 } 214 215 if (ifp->if_flags & IFF_DEBUG) { 216 /* avoid to print too many frames */ 217 if ( 218 #ifndef IEEE80211_STA_ONLY 219 ic->ic_opmode == IEEE80211_M_IBSS || 220 #endif 221 #ifdef IEEE80211_DEBUG 222 ieee80211_debug > 1 || 223 #endif 224 (type & IEEE80211_FC0_SUBTYPE_MASK) != 225 IEEE80211_FC0_SUBTYPE_PROBE_RESP) 226 printf("%s: sending %s to %s on channel %u mode %s\n", 227 ifp->if_xname, 228 ieee80211_mgt_subtype_name[ 229 (type & IEEE80211_FC0_SUBTYPE_MASK) 230 >> IEEE80211_FC0_SUBTYPE_SHIFT], 231 ether_sprintf(ni->ni_macaddr), 232 ieee80211_chan2ieee(ic, ni->ni_chan), 233 ieee80211_phymode_name[ic->ic_curmode]); 234 } 235 236 #ifndef IEEE80211_STA_ONLY 237 if (ic->ic_opmode == IEEE80211_M_HOSTAP && 238 ieee80211_pwrsave(ic, m, ni) != 0) 239 return 0; 240 #endif 241 mq_enqueue(&ic->ic_mgtq, m); 242 ifp->if_timer = 1; 243 if_start(ifp); 244 return 0; 245 } 246 247 /*- 248 * EDCA tables are computed using the following formulas: 249 * 250 * 1) EDCATable (non-AP QSTA) 251 * 252 * AC CWmin CWmax AIFSN TXOP limit(ms) 253 * ------------------------------------------------------------- 254 * AC_BK aCWmin aCWmax 7 0 255 * AC_BE aCWmin aCWmax 3 0 256 * AC_VI (aCWmin+1)/2-1 aCWmin 2 agn=3.008 b=6.016 others=0 257 * AC_VO (aCWmin+1)/4-1 (aCWmin+1)/2-1 2 agn=1.504 b=3.264 others=0 258 * 259 * 2) QAPEDCATable (QAP) 260 * 261 * AC CWmin CWmax AIFSN TXOP limit(ms) 262 * ------------------------------------------------------------- 263 * AC_BK aCWmin aCWmax 7 0 264 * AC_BE aCWmin 4*(aCWmin+1)-1 3 0 265 * AC_VI (aCWmin+1)/2-1 aCWmin 1 agn=3.008 b=6.016 others=0 266 * AC_VO (aCWmin+1)/4-1 (aCWmin+1)/2-1 1 agn=1.504 b=3.264 others=0 267 * 268 * and the following aCWmin/aCWmax values: 269 * 270 * PHY aCWmin aCWmax 271 * --------------------------- 272 * 11A 15 1023 273 * 11B 31 1023 274 * 11G 15* 1023 (*) aCWmin(1) 275 * 11N 15 1023 276 */ 277 const struct ieee80211_edca_ac_params 278 ieee80211_edca_table[IEEE80211_MODE_MAX][EDCA_NUM_AC] = { 279 [IEEE80211_MODE_11B] = { 280 [EDCA_AC_BK] = { 5, 10, 7, 0 }, 281 [EDCA_AC_BE] = { 5, 10, 3, 0 }, 282 [EDCA_AC_VI] = { 4, 5, 2, 188 }, 283 [EDCA_AC_VO] = { 3, 4, 2, 102 } 284 }, 285 [IEEE80211_MODE_11A] = { 286 [EDCA_AC_BK] = { 4, 10, 7, 0 }, 287 [EDCA_AC_BE] = { 4, 10, 3, 0 }, 288 [EDCA_AC_VI] = { 3, 4, 2, 94 }, 289 [EDCA_AC_VO] = { 2, 3, 2, 47 } 290 }, 291 [IEEE80211_MODE_11G] = { 292 [EDCA_AC_BK] = { 4, 10, 7, 0 }, 293 [EDCA_AC_BE] = { 4, 10, 3, 0 }, 294 [EDCA_AC_VI] = { 3, 4, 2, 94 }, 295 [EDCA_AC_VO] = { 2, 3, 2, 47 } 296 }, 297 [IEEE80211_MODE_11N] = { 298 [EDCA_AC_BK] = { 4, 10, 7, 0 }, 299 [EDCA_AC_BE] = { 4, 10, 3, 0 }, 300 [EDCA_AC_VI] = { 3, 4, 2, 94 }, 301 [EDCA_AC_VO] = { 2, 3, 2, 47 } 302 }, 303 }; 304 305 #ifndef IEEE80211_STA_ONLY 306 const struct ieee80211_edca_ac_params 307 ieee80211_qap_edca_table[IEEE80211_MODE_MAX][EDCA_NUM_AC] = { 308 [IEEE80211_MODE_11B] = { 309 [EDCA_AC_BK] = { 5, 10, 7, 0 }, 310 [EDCA_AC_BE] = { 5, 7, 3, 0 }, 311 [EDCA_AC_VI] = { 4, 5, 1, 188 }, 312 [EDCA_AC_VO] = { 3, 4, 1, 102 } 313 }, 314 [IEEE80211_MODE_11A] = { 315 [EDCA_AC_BK] = { 4, 10, 7, 0 }, 316 [EDCA_AC_BE] = { 4, 6, 3, 0 }, 317 [EDCA_AC_VI] = { 3, 4, 1, 94 }, 318 [EDCA_AC_VO] = { 2, 3, 1, 47 } 319 }, 320 [IEEE80211_MODE_11G] = { 321 [EDCA_AC_BK] = { 4, 10, 7, 0 }, 322 [EDCA_AC_BE] = { 4, 6, 3, 0 }, 323 [EDCA_AC_VI] = { 3, 4, 1, 94 }, 324 [EDCA_AC_VO] = { 2, 3, 1, 47 } 325 }, 326 [IEEE80211_MODE_11N] = { 327 [EDCA_AC_BK] = { 4, 10, 7, 0 }, 328 [EDCA_AC_BE] = { 4, 6, 3, 0 }, 329 [EDCA_AC_VI] = { 3, 4, 1, 94 }, 330 [EDCA_AC_VO] = { 2, 3, 1, 47 } 331 }, 332 }; 333 #endif /* IEEE80211_STA_ONLY */ 334 335 /* 336 * Return the EDCA Access Category to be used for transmitting a frame with 337 * user-priority `up'. 338 */ 339 enum ieee80211_edca_ac 340 ieee80211_up_to_ac(struct ieee80211com *ic, int up) 341 { 342 /* see Table 9-1 */ 343 static const enum ieee80211_edca_ac up_to_ac[] = { 344 EDCA_AC_BE, /* BE */ 345 EDCA_AC_BK, /* BK */ 346 EDCA_AC_BK, /* -- */ 347 EDCA_AC_BE, /* EE */ 348 EDCA_AC_VI, /* CL */ 349 EDCA_AC_VI, /* VI */ 350 EDCA_AC_VO, /* VO */ 351 EDCA_AC_VO /* NC */ 352 }; 353 enum ieee80211_edca_ac ac; 354 355 ac = (up <= 7) ? up_to_ac[up] : EDCA_AC_BE; 356 357 #ifndef IEEE80211_STA_ONLY 358 if (ic->ic_opmode == IEEE80211_M_HOSTAP) 359 return ac; 360 #endif 361 /* 362 * We do not support the admission control procedure defined in 363 * IEEE Std 802.11-2012 section 9.19.4.2.3. The spec says that 364 * non-AP QSTAs that don't support this procedure shall use EDCA 365 * parameters of a lower priority AC that does not require 366 * admission control. 367 */ 368 while (ac != EDCA_AC_BK && ic->ic_edca_ac[ac].ac_acm) { 369 switch (ac) { 370 case EDCA_AC_BK: 371 /* can't get there */ 372 break; 373 case EDCA_AC_BE: 374 /* BE shouldn't require admission control */ 375 ac = EDCA_AC_BK; 376 break; 377 case EDCA_AC_VI: 378 ac = EDCA_AC_BE; 379 break; 380 case EDCA_AC_VO: 381 ac = EDCA_AC_VI; 382 break; 383 } 384 } 385 return ac; 386 } 387 388 /* 389 * Get mbuf's user-priority: if mbuf is not VLAN tagged, select user-priority 390 * based on the DSCP (Differentiated Services Codepoint) field. 391 */ 392 int 393 ieee80211_classify(struct ieee80211com *ic, struct mbuf *m) 394 { 395 struct ether_header eh; 396 u_int8_t ds_field; 397 #if NVLAN > 0 398 if (m->m_flags & M_VLANTAG) /* use VLAN 802.1D user-priority */ 399 return EVL_PRIOFTAG(m->m_pkthdr.ether_vtag); 400 #endif 401 m_copydata(m, 0, sizeof(eh), (caddr_t)&eh); 402 if (eh.ether_type == htons(ETHERTYPE_IP)) { 403 struct ip ip; 404 m_copydata(m, sizeof(eh), sizeof(ip), (caddr_t)&ip); 405 if (ip.ip_v != 4) 406 return 0; 407 ds_field = ip.ip_tos; 408 } 409 #ifdef INET6 410 else if (eh.ether_type == htons(ETHERTYPE_IPV6)) { 411 struct ip6_hdr ip6; 412 u_int32_t flowlabel; 413 m_copydata(m, sizeof(eh), sizeof(ip6), (caddr_t)&ip6); 414 flowlabel = ntohl(ip6.ip6_flow); 415 if ((flowlabel >> 28) != 6) 416 return 0; 417 ds_field = (flowlabel >> 20) & 0xff; 418 } 419 #endif /* INET6 */ 420 else /* neither IPv4 nor IPv6 */ 421 return 0; 422 423 /* 424 * Map Differentiated Services Codepoint field (see RFC2474). 425 * Preserves backward compatibility with IP Precedence field. 426 */ 427 switch (ds_field & 0xfc) { 428 case IPTOS_PREC_PRIORITY: 429 return 2; 430 case IPTOS_PREC_IMMEDIATE: 431 return 1; 432 case IPTOS_PREC_FLASH: 433 return 3; 434 case IPTOS_PREC_FLASHOVERRIDE: 435 return 4; 436 case IPTOS_PREC_CRITIC_ECP: 437 return 5; 438 case IPTOS_PREC_INTERNETCONTROL: 439 return 6; 440 case IPTOS_PREC_NETCONTROL: 441 return 7; 442 } 443 return 0; /* default to Best-Effort */ 444 } 445 446 /* 447 * Encapsulate an outbound data frame. The mbuf chain is updated and 448 * a reference to the destination node is returned. If an error is 449 * encountered NULL is returned and the node reference will also be NULL. 450 * 451 * NB: The caller is responsible for free'ing a returned node reference. 452 * The convention is ic_bss is not reference counted; the caller must 453 * maintain that. 454 */ 455 struct mbuf * 456 ieee80211_encap(struct ifnet *ifp, struct mbuf *m, struct ieee80211_node **pni) 457 { 458 struct ieee80211com *ic = (void *)ifp; 459 struct ether_header eh; 460 struct ieee80211_frame *wh; 461 struct ieee80211_node *ni = NULL; 462 struct llc *llc; 463 struct m_tag *mtag; 464 u_int8_t *addr; 465 u_int dlt, hdrlen; 466 int addqos, tid; 467 468 /* Handle raw frames if mbuf is tagged as 802.11 */ 469 if ((mtag = m_tag_find(m, PACKET_TAG_DLT, NULL)) != NULL) { 470 dlt = *(u_int *)(mtag + 1); 471 472 if (!(dlt == DLT_IEEE802_11 || dlt == DLT_IEEE802_11_RADIO)) 473 goto fallback; 474 475 wh = mtod(m, struct ieee80211_frame *); 476 switch (wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) { 477 case IEEE80211_FC1_DIR_NODS: 478 case IEEE80211_FC1_DIR_FROMDS: 479 addr = wh->i_addr1; 480 break; 481 case IEEE80211_FC1_DIR_DSTODS: 482 case IEEE80211_FC1_DIR_TODS: 483 addr = wh->i_addr3; 484 break; 485 default: 486 goto bad; 487 } 488 489 ni = ieee80211_find_txnode(ic, addr); 490 if (ni == NULL) 491 ni = ieee80211_ref_node(ic->ic_bss); 492 if (ni == NULL) { 493 printf("%s: no node for dst %s, " 494 "discard raw tx frame\n", ifp->if_xname, 495 ether_sprintf(addr)); 496 ic->ic_stats.is_tx_nonode++; 497 goto bad; 498 } 499 ni->ni_inact = 0; 500 501 *pni = ni; 502 return (m); 503 } 504 505 fallback: 506 if (m->m_len < sizeof(struct ether_header)) { 507 m = m_pullup(m, sizeof(struct ether_header)); 508 if (m == NULL) { 509 ic->ic_stats.is_tx_nombuf++; 510 goto bad; 511 } 512 } 513 memcpy(&eh, mtod(m, caddr_t), sizeof(struct ether_header)); 514 515 ni = ieee80211_find_txnode(ic, eh.ether_dhost); 516 if (ni == NULL) { 517 DPRINTF(("no node for dst %s, discard frame\n", 518 ether_sprintf(eh.ether_dhost))); 519 ic->ic_stats.is_tx_nonode++; 520 goto bad; 521 } 522 523 if ((ic->ic_flags & IEEE80211_F_RSNON) && 524 !ni->ni_port_valid && 525 eh.ether_type != htons(ETHERTYPE_PAE)) { 526 DPRINTF(("port not valid: %s\n", 527 ether_sprintf(eh.ether_dhost))); 528 ic->ic_stats.is_tx_noauth++; 529 goto bad; 530 } 531 532 if ((ic->ic_flags & IEEE80211_F_COUNTERM) && 533 ni->ni_rsncipher == IEEE80211_CIPHER_TKIP) 534 /* XXX TKIP countermeasures! */; 535 536 ni->ni_inact = 0; 537 538 if ((ic->ic_flags & IEEE80211_F_QOS) && 539 (ni->ni_flags & IEEE80211_NODE_QOS) && 540 /* do not QoS-encapsulate EAPOL frames */ 541 eh.ether_type != htons(ETHERTYPE_PAE)) { 542 tid = ieee80211_classify(ic, m); 543 hdrlen = sizeof(struct ieee80211_qosframe); 544 addqos = 1; 545 } else { 546 hdrlen = sizeof(struct ieee80211_frame); 547 addqos = 0; 548 } 549 m_adj(m, sizeof(struct ether_header) - LLC_SNAPFRAMELEN); 550 llc = mtod(m, struct llc *); 551 llc->llc_dsap = llc->llc_ssap = LLC_SNAP_LSAP; 552 llc->llc_control = LLC_UI; 553 llc->llc_snap.org_code[0] = 0; 554 llc->llc_snap.org_code[1] = 0; 555 llc->llc_snap.org_code[2] = 0; 556 llc->llc_snap.ether_type = eh.ether_type; 557 M_PREPEND(m, hdrlen, M_DONTWAIT); 558 if (m == NULL) { 559 ic->ic_stats.is_tx_nombuf++; 560 goto bad; 561 } 562 wh = mtod(m, struct ieee80211_frame *); 563 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_DATA; 564 *(u_int16_t *)&wh->i_dur[0] = 0; 565 if (addqos) { 566 struct ieee80211_qosframe *qwh = 567 (struct ieee80211_qosframe *)wh; 568 u_int16_t qos = tid; 569 570 if (ic->ic_tid_noack & (1 << tid)) 571 qos |= IEEE80211_QOS_ACK_POLICY_NOACK; 572 else if (ni->ni_tx_ba[tid].ba_state == IEEE80211_BA_AGREED) 573 qos |= IEEE80211_QOS_ACK_POLICY_BA; 574 qwh->i_fc[0] |= IEEE80211_FC0_SUBTYPE_QOS; 575 *(u_int16_t *)qwh->i_qos = htole16(qos); 576 *(u_int16_t *)qwh->i_seq = 577 htole16(ni->ni_qos_txseqs[tid] << IEEE80211_SEQ_SEQ_SHIFT); 578 ni->ni_qos_txseqs[tid]++; 579 } else { 580 *(u_int16_t *)&wh->i_seq[0] = 581 htole16(ni->ni_txseq << IEEE80211_SEQ_SEQ_SHIFT); 582 ni->ni_txseq++; 583 } 584 switch (ic->ic_opmode) { 585 case IEEE80211_M_STA: 586 wh->i_fc[1] = IEEE80211_FC1_DIR_TODS; 587 IEEE80211_ADDR_COPY(wh->i_addr1, ni->ni_bssid); 588 IEEE80211_ADDR_COPY(wh->i_addr2, eh.ether_shost); 589 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_dhost); 590 break; 591 #ifndef IEEE80211_STA_ONLY 592 case IEEE80211_M_IBSS: 593 case IEEE80211_M_AHDEMO: 594 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 595 IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost); 596 IEEE80211_ADDR_COPY(wh->i_addr2, eh.ether_shost); 597 IEEE80211_ADDR_COPY(wh->i_addr3, ic->ic_bss->ni_bssid); 598 break; 599 case IEEE80211_M_HOSTAP: 600 wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS; 601 IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost); 602 IEEE80211_ADDR_COPY(wh->i_addr2, ni->ni_bssid); 603 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_shost); 604 break; 605 #endif 606 default: 607 /* should not get there */ 608 goto bad; 609 } 610 611 if ((ic->ic_flags & IEEE80211_F_WEPON) || 612 ((ic->ic_flags & IEEE80211_F_RSNON) && 613 (ni->ni_flags & IEEE80211_NODE_TXPROT))) 614 wh->i_fc[1] |= IEEE80211_FC1_PROTECTED; 615 616 #ifndef IEEE80211_STA_ONLY 617 if (ic->ic_opmode == IEEE80211_M_HOSTAP && 618 ieee80211_pwrsave(ic, m, ni) != 0) { 619 *pni = NULL; 620 return NULL; 621 } 622 #endif 623 *pni = ni; 624 return m; 625 bad: 626 m_freem(m); 627 if (ni != NULL) 628 ieee80211_release_node(ic, ni); 629 *pni = NULL; 630 return NULL; 631 } 632 633 /* 634 * Add a Capability Information field to a frame (see 7.3.1.4). 635 */ 636 u_int8_t * 637 ieee80211_add_capinfo(u_int8_t *frm, struct ieee80211com *ic, 638 const struct ieee80211_node *ni) 639 { 640 u_int16_t capinfo; 641 642 #ifndef IEEE80211_STA_ONLY 643 if (ic->ic_opmode == IEEE80211_M_IBSS) 644 capinfo = IEEE80211_CAPINFO_IBSS; 645 else if (ic->ic_opmode == IEEE80211_M_HOSTAP) 646 capinfo = IEEE80211_CAPINFO_ESS; 647 else 648 #endif 649 capinfo = 0; 650 #ifndef IEEE80211_STA_ONLY 651 if (ic->ic_opmode == IEEE80211_M_HOSTAP && 652 (ic->ic_flags & (IEEE80211_F_WEPON | IEEE80211_F_RSNON))) 653 capinfo |= IEEE80211_CAPINFO_PRIVACY; 654 #endif 655 /* NB: some 11a AP's reject the request when short preamble is set */ 656 if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) && 657 IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) 658 capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE; 659 if (ic->ic_flags & IEEE80211_F_SHSLOT) 660 capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME; 661 LE_WRITE_2(frm, capinfo); 662 return frm + 2; 663 } 664 665 /* 666 * Add an SSID element to a frame (see 7.3.2.1). 667 */ 668 u_int8_t * 669 ieee80211_add_ssid(u_int8_t *frm, const u_int8_t *ssid, u_int len) 670 { 671 *frm++ = IEEE80211_ELEMID_SSID; 672 *frm++ = len; 673 memcpy(frm, ssid, len); 674 return frm + len; 675 } 676 677 /* 678 * Add a supported rates element to a frame (see 7.3.2.2). 679 */ 680 u_int8_t * 681 ieee80211_add_rates(u_int8_t *frm, const struct ieee80211_rateset *rs) 682 { 683 int nrates; 684 685 *frm++ = IEEE80211_ELEMID_RATES; 686 nrates = min(rs->rs_nrates, IEEE80211_RATE_SIZE); 687 *frm++ = nrates; 688 memcpy(frm, rs->rs_rates, nrates); 689 return frm + nrates; 690 } 691 692 #ifndef IEEE80211_STA_ONLY 693 /* 694 * Add a DS Parameter Set element to a frame (see 7.3.2.4). 695 */ 696 u_int8_t * 697 ieee80211_add_ds_params(u_int8_t *frm, struct ieee80211com *ic, 698 const struct ieee80211_node *ni) 699 { 700 *frm++ = IEEE80211_ELEMID_DSPARMS; 701 *frm++ = 1; 702 *frm++ = ieee80211_chan2ieee(ic, ni->ni_chan); 703 return frm; 704 } 705 706 /* 707 * Add a TIM element to a frame (see 7.3.2.6 and Annex L). 708 */ 709 u_int8_t * 710 ieee80211_add_tim(u_int8_t *frm, struct ieee80211com *ic) 711 { 712 u_int i, offset = 0, len; 713 714 /* find first non-zero octet in the virtual bit map */ 715 for (i = 0; i < ic->ic_tim_len && ic->ic_tim_bitmap[i] == 0; i++); 716 717 /* clear the lsb as it is reserved for the broadcast indication bit */ 718 if (i < ic->ic_tim_len) 719 offset = i & ~1; 720 721 /* find last non-zero octet in the virtual bit map */ 722 for (i = ic->ic_tim_len - 1; i > 0 && ic->ic_tim_bitmap[i] == 0; i--); 723 724 len = i - offset + 1; 725 726 *frm++ = IEEE80211_ELEMID_TIM; 727 *frm++ = len + 3; /* length */ 728 *frm++ = ic->ic_dtim_count; /* DTIM count */ 729 *frm++ = ic->ic_dtim_period; /* DTIM period */ 730 731 /* Bitmap Control */ 732 *frm = offset; 733 /* set broadcast/multicast indication bit if necessary */ 734 if (ic->ic_dtim_count == 0 && ic->ic_tim_mcast_pending) 735 *frm |= 0x01; 736 frm++; 737 738 /* Partial Virtual Bitmap */ 739 memcpy(frm, &ic->ic_tim_bitmap[offset], len); 740 return frm + len; 741 } 742 743 /* 744 * Add an IBSS Parameter Set element to a frame (see 7.3.2.7). 745 */ 746 u_int8_t * 747 ieee80211_add_ibss_params(u_int8_t *frm, const struct ieee80211_node *ni) 748 { 749 *frm++ = IEEE80211_ELEMID_IBSSPARMS; 750 *frm++ = 2; 751 LE_WRITE_2(frm, 0); /* TODO: ATIM window */ 752 return frm + 2; 753 } 754 755 /* 756 * Add an EDCA Parameter Set element to a frame (see 7.3.2.29). 757 */ 758 u_int8_t * 759 ieee80211_add_edca_params(u_int8_t *frm, struct ieee80211com *ic) 760 { 761 const struct ieee80211_edca_ac_params *edca; 762 int aci; 763 764 *frm++ = IEEE80211_ELEMID_EDCAPARMS; 765 *frm++ = 18; /* length */ 766 *frm++ = 0; /* QoS Info */ 767 *frm++ = 0; /* reserved */ 768 769 /* setup AC Parameter Records */ 770 edca = ieee80211_edca_table[ic->ic_curmode]; 771 for (aci = 0; aci < EDCA_NUM_AC; aci++) { 772 const struct ieee80211_edca_ac_params *ac = &edca[aci]; 773 774 *frm++ = (aci << 5) | ((ac->ac_acm & 0x1) << 4) | 775 (ac->ac_aifsn & 0xf); 776 *frm++ = (ac->ac_ecwmax << 4) | 777 (ac->ac_ecwmin & 0xf); 778 LE_WRITE_2(frm, ac->ac_txoplimit); frm += 2; 779 } 780 return frm; 781 } 782 783 /* 784 * Add an ERP element to a frame (see 7.3.2.13). 785 */ 786 u_int8_t * 787 ieee80211_add_erp(u_int8_t *frm, struct ieee80211com *ic) 788 { 789 u_int8_t erp; 790 int nonerpsta = 0; 791 792 *frm++ = IEEE80211_ELEMID_ERP; 793 *frm++ = 1; 794 erp = 0; 795 /* 796 * The NonERP_Present bit shall be set to 1 when a NonERP STA 797 * is associated with the BSS. 798 */ 799 ieee80211_iterate_nodes(ic, ieee80211_count_nonerpsta, &nonerpsta); 800 if (nonerpsta != 0) 801 erp |= IEEE80211_ERP_NON_ERP_PRESENT; 802 /* 803 * If one or more NonERP STAs are associated in the BSS, the 804 * Use_Protection bit shall be set to 1 in transmitted ERP 805 * Information Elements. 806 */ 807 if (ic->ic_flags & IEEE80211_F_USEPROT) 808 erp |= IEEE80211_ERP_USE_PROTECTION; 809 /* 810 * The Barker_Preamble_Mode bit shall be set to 1 by the ERP 811 * Information Element sender if one or more associated NonERP 812 * STAs are not short preamble capable. 813 */ 814 if (!(ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 815 erp |= IEEE80211_ERP_BARKER_MODE; 816 *frm++ = erp; 817 return frm; 818 } 819 #endif /* IEEE80211_STA_ONLY */ 820 821 /* 822 * Add a QoS Capability element to a frame (see 7.3.2.35). 823 */ 824 u_int8_t * 825 ieee80211_add_qos_capability(u_int8_t *frm, struct ieee80211com *ic) 826 { 827 *frm++ = IEEE80211_ELEMID_QOS_CAP; 828 *frm++ = 1; 829 *frm++ = 0; /* QoS Info */ 830 return frm; 831 } 832 833 /* 834 * Add a Wifi-Alliance WME (aka WMM) info element to a frame. 835 * WME is a requirement for Wifi-Alliance compliance and some 836 * 11n APs will not negotiate HT if this element is missing. 837 */ 838 uint8_t * 839 ieee80211_add_wme_info(uint8_t *frm, struct ieee80211com *ic) 840 { 841 *frm++ = IEEE80211_ELEMID_VENDOR; 842 *frm++ = 7; 843 memcpy(frm, MICROSOFT_OUI, 3); frm += 3; 844 *frm++ = 2; /* OUI type */ 845 *frm++ = 0; /* OUI subtype */ 846 *frm++ = 1; /* version */ 847 *frm++ = 0; /* info */ 848 849 return frm; 850 } 851 852 #ifndef IEEE80211_STA_ONLY 853 /* 854 * Add a Wifi-Alliance WMM (aka WME) parameter element to a frame. 855 */ 856 uint8_t * 857 ieee80211_add_wme_param(uint8_t *frm, struct ieee80211com *ic) 858 { 859 const struct ieee80211_edca_ac_params *edca; 860 int aci; 861 862 *frm++ = IEEE80211_ELEMID_VENDOR; 863 *frm++ = 24; 864 memcpy(frm, MICROSOFT_OUI, 3); frm += 3; 865 *frm++ = 2; /* OUI type */ 866 *frm++ = 1; /* OUI subtype */ 867 *frm++ = 1; /* version */ 868 *frm++ = 0; /* info */ 869 *frm++ = 0; /* reserved */ 870 871 /* setup AC Parameter Records */ 872 edca = ieee80211_edca_table[ic->ic_curmode]; 873 for (aci = 0; aci < EDCA_NUM_AC; aci++) { 874 const struct ieee80211_edca_ac_params *ac = &edca[aci]; 875 876 *frm++ = (aci << 5) | ((ac->ac_acm & 0x1) << 4) | 877 (ac->ac_aifsn & 0xf); 878 *frm++ = (ac->ac_ecwmax << 4) | 879 (ac->ac_ecwmin & 0xf); 880 LE_WRITE_2(frm, ac->ac_txoplimit); frm += 2; 881 } 882 883 return frm; 884 } 885 #endif 886 887 /* 888 * Add an RSN element to a frame (see 802.11-2012 8.4.2.27) 889 */ 890 u_int8_t * 891 ieee80211_add_rsn_body(u_int8_t *frm, struct ieee80211com *ic, 892 const struct ieee80211_node *ni, int wpa) 893 { 894 const u_int8_t *oui = wpa ? MICROSOFT_OUI : IEEE80211_OUI; 895 u_int8_t *pcount; 896 u_int16_t count; 897 898 /* write Version field */ 899 LE_WRITE_2(frm, 1); frm += 2; 900 901 /* write Group Data Cipher Suite field (see 802.11-2012 Table 8-99) */ 902 memcpy(frm, oui, 3); frm += 3; 903 switch (ni->ni_rsngroupcipher) { 904 case IEEE80211_CIPHER_WEP40: 905 *frm++ = 1; 906 break; 907 case IEEE80211_CIPHER_TKIP: 908 *frm++ = 2; 909 break; 910 case IEEE80211_CIPHER_CCMP: 911 *frm++ = 4; 912 break; 913 case IEEE80211_CIPHER_WEP104: 914 *frm++ = 5; 915 break; 916 default: 917 /* can't get there */ 918 panic("invalid group data cipher!"); 919 } 920 921 pcount = frm; frm += 2; 922 count = 0; 923 /* write Pairwise Cipher Suite List */ 924 if (ni->ni_rsnciphers & IEEE80211_CIPHER_USEGROUP) { 925 memcpy(frm, oui, 3); frm += 3; 926 *frm++ = 0; 927 count++; 928 } 929 if (ni->ni_rsnciphers & IEEE80211_CIPHER_TKIP) { 930 memcpy(frm, oui, 3); frm += 3; 931 *frm++ = 2; 932 count++; 933 } 934 if (ni->ni_rsnciphers & IEEE80211_CIPHER_CCMP) { 935 memcpy(frm, oui, 3); frm += 3; 936 *frm++ = 4; 937 count++; 938 } 939 /* write Pairwise Cipher Suite Count field */ 940 LE_WRITE_2(pcount, count); 941 942 pcount = frm; frm += 2; 943 count = 0; 944 /* write AKM Suite List (see Table 20dc) */ 945 if (ni->ni_rsnakms & IEEE80211_AKM_8021X) { 946 memcpy(frm, oui, 3); frm += 3; 947 *frm++ = 1; 948 count++; 949 } 950 if (ni->ni_rsnakms & IEEE80211_AKM_PSK) { 951 memcpy(frm, oui, 3); frm += 3; 952 *frm++ = 2; 953 count++; 954 } 955 if (!wpa && (ni->ni_rsnakms & IEEE80211_AKM_SHA256_8021X)) { 956 memcpy(frm, oui, 3); frm += 3; 957 *frm++ = 5; 958 count++; 959 } 960 if (!wpa && (ni->ni_rsnakms & IEEE80211_AKM_SHA256_PSK)) { 961 memcpy(frm, oui, 3); frm += 3; 962 *frm++ = 6; 963 count++; 964 } 965 /* write AKM Suite List Count field */ 966 LE_WRITE_2(pcount, count); 967 968 if (wpa) 969 return frm; 970 971 /* write RSN Capabilities field */ 972 LE_WRITE_2(frm, ni->ni_rsncaps); frm += 2; 973 974 if (ni->ni_flags & IEEE80211_NODE_PMKID) { 975 /* write PMKID Count field */ 976 LE_WRITE_2(frm, 1); frm += 2; 977 /* write PMKID List (only 1) */ 978 memcpy(frm, ni->ni_pmkid, IEEE80211_PMKID_LEN); 979 frm += IEEE80211_PMKID_LEN; 980 } 981 982 if (!(ic->ic_caps & IEEE80211_C_MFP)) 983 return frm; 984 985 if ((ni->ni_flags & IEEE80211_NODE_PMKID) == 0) { 986 /* no PMKID (PMKID Count=0) */ 987 LE_WRITE_2(frm, 0); frm += 2; 988 } 989 990 /* write Group Integrity Cipher Suite field */ 991 memcpy(frm, oui, 3); frm += 3; 992 switch (ic->ic_rsngroupmgmtcipher) { 993 case IEEE80211_CIPHER_BIP: 994 *frm++ = 6; 995 break; 996 default: 997 /* can't get there */ 998 panic("invalid integrity group cipher!"); 999 } 1000 return frm; 1001 } 1002 1003 u_int8_t * 1004 ieee80211_add_rsn(u_int8_t *frm, struct ieee80211com *ic, 1005 const struct ieee80211_node *ni) 1006 { 1007 u_int8_t *plen; 1008 1009 *frm++ = IEEE80211_ELEMID_RSN; 1010 plen = frm++; /* length filled in later */ 1011 frm = ieee80211_add_rsn_body(frm, ic, ni, 0); 1012 1013 /* write length field */ 1014 *plen = frm - plen - 1; 1015 return frm; 1016 } 1017 1018 /* 1019 * Add a vendor-specific WPA element to a frame. 1020 * This is required for compatibility with Wi-Fi Alliance WPA. 1021 */ 1022 u_int8_t * 1023 ieee80211_add_wpa(u_int8_t *frm, struct ieee80211com *ic, 1024 const struct ieee80211_node *ni) 1025 { 1026 u_int8_t *plen; 1027 1028 *frm++ = IEEE80211_ELEMID_VENDOR; 1029 plen = frm++; /* length filled in later */ 1030 memcpy(frm, MICROSOFT_OUI, 3); frm += 3; 1031 *frm++ = 1; /* WPA */ 1032 frm = ieee80211_add_rsn_body(frm, ic, ni, 1); 1033 1034 /* write length field */ 1035 *plen = frm - plen - 1; 1036 return frm; 1037 } 1038 1039 /* 1040 * Add an extended supported rates element to a frame (see 7.3.2.14). 1041 */ 1042 u_int8_t * 1043 ieee80211_add_xrates(u_int8_t *frm, const struct ieee80211_rateset *rs) 1044 { 1045 int nrates; 1046 1047 KASSERT(rs->rs_nrates > IEEE80211_RATE_SIZE); 1048 1049 *frm++ = IEEE80211_ELEMID_XRATES; 1050 nrates = rs->rs_nrates - IEEE80211_RATE_SIZE; 1051 *frm++ = nrates; 1052 memcpy(frm, rs->rs_rates + IEEE80211_RATE_SIZE, nrates); 1053 return frm + nrates; 1054 } 1055 1056 /* 1057 * Add an HT Capabilities element to a frame (see 7.3.2.57). 1058 */ 1059 u_int8_t * 1060 ieee80211_add_htcaps(u_int8_t *frm, struct ieee80211com *ic) 1061 { 1062 *frm++ = IEEE80211_ELEMID_HTCAPS; 1063 *frm++ = 26; 1064 LE_WRITE_2(frm, ic->ic_htcaps); frm += 2; 1065 *frm++ = ic->ic_ampdu_params; 1066 memcpy(frm, ic->ic_sup_mcs, 10); frm += 10; 1067 LE_WRITE_2(frm, (ic->ic_max_rxrate & IEEE80211_MCS_RX_RATE_HIGH)); 1068 frm += 2; 1069 *frm++ = ic->ic_tx_mcs_set; 1070 *frm++ = 0; /* reserved */ 1071 *frm++ = 0; /* reserved */ 1072 *frm++ = 0; /* reserved */ 1073 LE_WRITE_2(frm, ic->ic_htxcaps); frm += 2; 1074 LE_WRITE_4(frm, ic->ic_txbfcaps); frm += 4; 1075 *frm++ = ic->ic_aselcaps; 1076 return frm; 1077 } 1078 1079 #ifndef IEEE80211_STA_ONLY 1080 /* 1081 * Add an HT Operation element to a frame (see 7.3.2.58). 1082 */ 1083 u_int8_t * 1084 ieee80211_add_htop(u_int8_t *frm, struct ieee80211com *ic) 1085 { 1086 *frm++ = IEEE80211_ELEMID_HTOP; 1087 *frm++ = 22; 1088 *frm++ = ieee80211_chan2ieee(ic, ic->ic_bss->ni_chan); 1089 *frm++ = ic->ic_bss->ni_htop0; 1090 LE_WRITE_2(frm, ic->ic_bss->ni_htop1); frm += 2; 1091 LE_WRITE_2(frm, ic->ic_bss->ni_htop2); frm += 2; 1092 memset(frm, 0, 16); frm += 16; 1093 return frm; 1094 } 1095 #endif /* !IEEE80211_STA_ONLY */ 1096 1097 #ifndef IEEE80211_STA_ONLY 1098 /* 1099 * Add a Timeout Interval element to a frame (see 7.3.2.49). 1100 */ 1101 u_int8_t * 1102 ieee80211_add_tie(u_int8_t *frm, u_int8_t type, u_int32_t value) 1103 { 1104 *frm++ = IEEE80211_ELEMID_TIE; 1105 *frm++ = 5; /* length */ 1106 *frm++ = type; /* Timeout Interval type */ 1107 LE_WRITE_4(frm, value); 1108 return frm + 4; 1109 } 1110 #endif 1111 1112 struct mbuf * 1113 ieee80211_getmgmt(int flags, int type, u_int pktlen) 1114 { 1115 struct mbuf *m; 1116 1117 /* reserve space for 802.11 header */ 1118 pktlen += sizeof(struct ieee80211_frame); 1119 1120 if (pktlen > MCLBYTES) 1121 panic("management frame too large: %u", pktlen); 1122 MGETHDR(m, flags, type); 1123 if (m == NULL) 1124 return NULL; 1125 if (pktlen > MHLEN) { 1126 MCLGET(m, flags); 1127 if (!(m->m_flags & M_EXT)) 1128 return m_free(m); 1129 } 1130 m->m_data += sizeof(struct ieee80211_frame); 1131 return m; 1132 } 1133 1134 /*- 1135 * Probe request frame format: 1136 * [tlv] SSID 1137 * [tlv] Supported rates 1138 * [tlv] Extended Supported Rates (802.11g) 1139 * [tlv] HT Capabilities (802.11n) 1140 */ 1141 struct mbuf * 1142 ieee80211_get_probe_req(struct ieee80211com *ic, struct ieee80211_node *ni) 1143 { 1144 const struct ieee80211_rateset *rs = 1145 &ic->ic_sup_rates[ieee80211_chan2mode(ic, ni->ni_chan)]; 1146 struct mbuf *m; 1147 u_int8_t *frm; 1148 1149 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 1150 2 + ic->ic_des_esslen + 1151 2 + min(rs->rs_nrates, IEEE80211_RATE_SIZE) + 1152 ((rs->rs_nrates > IEEE80211_RATE_SIZE) ? 1153 2 + rs->rs_nrates - IEEE80211_RATE_SIZE : 0) + 1154 ((ic->ic_flags & IEEE80211_F_HTON) ? 28 + 9 : 0)); 1155 if (m == NULL) 1156 return NULL; 1157 1158 frm = mtod(m, u_int8_t *); 1159 frm = ieee80211_add_ssid(frm, ic->ic_des_essid, ic->ic_des_esslen); 1160 frm = ieee80211_add_rates(frm, rs); 1161 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 1162 frm = ieee80211_add_xrates(frm, rs); 1163 if (ic->ic_flags & IEEE80211_F_HTON) { 1164 frm = ieee80211_add_htcaps(frm, ic); 1165 frm = ieee80211_add_wme_info(frm, ic); 1166 } 1167 1168 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1169 1170 return m; 1171 } 1172 1173 #ifndef IEEE80211_STA_ONLY 1174 /*- 1175 * Probe response frame format: 1176 * [8] Timestamp 1177 * [2] Beacon interval 1178 * [2] Capability 1179 * [tlv] Service Set Identifier (SSID) 1180 * [tlv] Supported rates 1181 * [tlv] DS Parameter Set (802.11g) 1182 * [tlv] ERP Information (802.11g) 1183 * [tlv] Extended Supported Rates (802.11g) 1184 * [tlv] RSN (802.11i) 1185 * [tlv] EDCA Parameter Set (802.11e) 1186 * [tlv] HT Capabilities (802.11n) 1187 * [tlv] HT Operation (802.11n) 1188 */ 1189 struct mbuf * 1190 ieee80211_get_probe_resp(struct ieee80211com *ic, struct ieee80211_node *ni) 1191 { 1192 const struct ieee80211_rateset *rs = &ic->ic_bss->ni_rates; 1193 struct mbuf *m; 1194 u_int8_t *frm; 1195 1196 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 1197 8 + 2 + 2 + 1198 2 + ni->ni_esslen + 1199 2 + min(rs->rs_nrates, IEEE80211_RATE_SIZE) + 1200 2 + 1 + 1201 ((ic->ic_opmode == IEEE80211_M_IBSS) ? 2 + 2 : 0) + 1202 ((ic->ic_curmode == IEEE80211_MODE_11G) ? 2 + 1 : 0) + 1203 ((rs->rs_nrates > IEEE80211_RATE_SIZE) ? 1204 2 + rs->rs_nrates - IEEE80211_RATE_SIZE : 0) + 1205 (((ic->ic_flags & IEEE80211_F_RSNON) && 1206 (ic->ic_bss->ni_rsnprotos & IEEE80211_PROTO_RSN)) ? 1207 2 + IEEE80211_RSNIE_MAXLEN : 0) + 1208 ((ic->ic_flags & IEEE80211_F_QOS) ? 2 + 18 : 0) + 1209 (((ic->ic_flags & IEEE80211_F_RSNON) && 1210 (ic->ic_bss->ni_rsnprotos & IEEE80211_PROTO_WPA)) ? 1211 2 + IEEE80211_WPAIE_MAXLEN : 0) + 1212 ((ic->ic_flags & IEEE80211_F_HTON) ? 28 + 24 + 26 : 0)); 1213 if (m == NULL) 1214 return NULL; 1215 1216 frm = mtod(m, u_int8_t *); 1217 memset(frm, 0, 8); frm += 8; /* timestamp is set by hardware */ 1218 LE_WRITE_2(frm, ic->ic_bss->ni_intval); frm += 2; 1219 frm = ieee80211_add_capinfo(frm, ic, ni); 1220 frm = ieee80211_add_ssid(frm, ic->ic_bss->ni_essid, 1221 ic->ic_bss->ni_esslen); 1222 frm = ieee80211_add_rates(frm, rs); 1223 frm = ieee80211_add_ds_params(frm, ic, ni); 1224 if (ic->ic_opmode == IEEE80211_M_IBSS) 1225 frm = ieee80211_add_ibss_params(frm, ni); 1226 if (ic->ic_curmode == IEEE80211_MODE_11G) 1227 frm = ieee80211_add_erp(frm, ic); 1228 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 1229 frm = ieee80211_add_xrates(frm, rs); 1230 if ((ic->ic_flags & IEEE80211_F_RSNON) && 1231 (ic->ic_bss->ni_rsnprotos & IEEE80211_PROTO_RSN)) 1232 frm = ieee80211_add_rsn(frm, ic, ic->ic_bss); 1233 if (ic->ic_flags & IEEE80211_F_QOS) 1234 frm = ieee80211_add_edca_params(frm, ic); 1235 if ((ic->ic_flags & IEEE80211_F_RSNON) && 1236 (ic->ic_bss->ni_rsnprotos & IEEE80211_PROTO_WPA)) 1237 frm = ieee80211_add_wpa(frm, ic, ic->ic_bss); 1238 if (ic->ic_flags & IEEE80211_F_HTON) { 1239 frm = ieee80211_add_htcaps(frm, ic); 1240 frm = ieee80211_add_htop(frm, ic); 1241 frm = ieee80211_add_wme_param(frm, ic); 1242 } 1243 1244 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1245 1246 return m; 1247 } 1248 #endif /* IEEE80211_STA_ONLY */ 1249 1250 /*- 1251 * Authentication frame format: 1252 * [2] Authentication algorithm number 1253 * [2] Authentication transaction sequence number 1254 * [2] Status code 1255 */ 1256 struct mbuf * 1257 ieee80211_get_auth(struct ieee80211com *ic, struct ieee80211_node *ni, 1258 u_int16_t status, u_int16_t seq) 1259 { 1260 struct mbuf *m; 1261 u_int8_t *frm; 1262 1263 MGETHDR(m, M_DONTWAIT, MT_DATA); 1264 if (m == NULL) 1265 return NULL; 1266 m_align(m, 2 * 3); 1267 m->m_pkthdr.len = m->m_len = 2 * 3; 1268 1269 frm = mtod(m, u_int8_t *); 1270 LE_WRITE_2(frm, IEEE80211_AUTH_ALG_OPEN); frm += 2; 1271 LE_WRITE_2(frm, seq); frm += 2; 1272 LE_WRITE_2(frm, status); 1273 1274 return m; 1275 } 1276 1277 /*- 1278 * Deauthentication frame format: 1279 * [2] Reason code 1280 */ 1281 struct mbuf * 1282 ieee80211_get_deauth(struct ieee80211com *ic, struct ieee80211_node *ni, 1283 u_int16_t reason) 1284 { 1285 struct mbuf *m; 1286 1287 MGETHDR(m, M_DONTWAIT, MT_DATA); 1288 if (m == NULL) 1289 return NULL; 1290 m_align(m, 2); 1291 m->m_pkthdr.len = m->m_len = 2; 1292 1293 *mtod(m, u_int16_t *) = htole16(reason); 1294 1295 return m; 1296 } 1297 1298 /*- 1299 * (Re)Association request frame format: 1300 * [2] Capability information 1301 * [2] Listen interval 1302 * [6*] Current AP address (Reassociation only) 1303 * [tlv] SSID 1304 * [tlv] Supported rates 1305 * [tlv] Extended Supported Rates (802.11g) 1306 * [tlv] RSN (802.11i) 1307 * [tlv] QoS Capability (802.11e) 1308 * [tlv] HT Capabilities (802.11n) 1309 */ 1310 struct mbuf * 1311 ieee80211_get_assoc_req(struct ieee80211com *ic, struct ieee80211_node *ni, 1312 int type) 1313 { 1314 const struct ieee80211_rateset *rs = &ni->ni_rates; 1315 struct mbuf *m; 1316 u_int8_t *frm; 1317 u_int16_t capinfo; 1318 1319 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 1320 2 + 2 + 1321 ((type == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) ? 1322 IEEE80211_ADDR_LEN : 0) + 1323 2 + ni->ni_esslen + 1324 2 + min(rs->rs_nrates, IEEE80211_RATE_SIZE) + 1325 ((rs->rs_nrates > IEEE80211_RATE_SIZE) ? 1326 2 + rs->rs_nrates - IEEE80211_RATE_SIZE : 0) + 1327 (((ic->ic_flags & IEEE80211_F_RSNON) && 1328 (ni->ni_rsnprotos & IEEE80211_PROTO_RSN)) ? 1329 2 + IEEE80211_RSNIE_MAXLEN : 0) + 1330 ((ni->ni_flags & IEEE80211_NODE_QOS) ? 2 + 1 : 0) + 1331 (((ic->ic_flags & IEEE80211_F_RSNON) && 1332 (ni->ni_rsnprotos & IEEE80211_PROTO_WPA)) ? 1333 2 + IEEE80211_WPAIE_MAXLEN : 0) + 1334 ((ic->ic_flags & IEEE80211_F_HTON) ? 28 + 9 : 0)); 1335 if (m == NULL) 1336 return NULL; 1337 1338 frm = mtod(m, u_int8_t *); 1339 capinfo = IEEE80211_CAPINFO_ESS; 1340 if (ic->ic_flags & IEEE80211_F_WEPON) 1341 capinfo |= IEEE80211_CAPINFO_PRIVACY; 1342 if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) && 1343 IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) 1344 capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE; 1345 if (ic->ic_caps & IEEE80211_C_SHSLOT) 1346 capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME; 1347 LE_WRITE_2(frm, capinfo); frm += 2; 1348 LE_WRITE_2(frm, ic->ic_lintval); frm += 2; 1349 if (type == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) { 1350 IEEE80211_ADDR_COPY(frm, ic->ic_bss->ni_bssid); 1351 frm += IEEE80211_ADDR_LEN; 1352 } 1353 frm = ieee80211_add_ssid(frm, ni->ni_essid, ni->ni_esslen); 1354 frm = ieee80211_add_rates(frm, rs); 1355 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 1356 frm = ieee80211_add_xrates(frm, rs); 1357 if ((ic->ic_flags & IEEE80211_F_RSNON) && 1358 (ni->ni_rsnprotos & IEEE80211_PROTO_RSN)) 1359 frm = ieee80211_add_rsn(frm, ic, ni); 1360 if (ni->ni_flags & IEEE80211_NODE_QOS) 1361 frm = ieee80211_add_qos_capability(frm, ic); 1362 if ((ic->ic_flags & IEEE80211_F_RSNON) && 1363 (ni->ni_rsnprotos & IEEE80211_PROTO_WPA)) 1364 frm = ieee80211_add_wpa(frm, ic, ni); 1365 if (ic->ic_flags & IEEE80211_F_HTON) { 1366 frm = ieee80211_add_htcaps(frm, ic); 1367 frm = ieee80211_add_wme_info(frm, ic); 1368 } 1369 1370 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1371 1372 return m; 1373 } 1374 1375 #ifndef IEEE80211_STA_ONLY 1376 /*- 1377 * (Re)Association response frame format: 1378 * [2] Capability information 1379 * [2] Status code 1380 * [2] Association ID (AID) 1381 * [tlv] Supported rates 1382 * [tlv] Extended Supported Rates (802.11g) 1383 * [tlv] EDCA Parameter Set (802.11e) 1384 * [tlv] Timeout Interval (802.11w) 1385 * [tlv] HT Capabilities (802.11n) 1386 * [tlv] HT Operation (802.11n) 1387 */ 1388 struct mbuf * 1389 ieee80211_get_assoc_resp(struct ieee80211com *ic, struct ieee80211_node *ni, 1390 u_int16_t status) 1391 { 1392 const struct ieee80211_rateset *rs = &ni->ni_rates; 1393 struct mbuf *m; 1394 u_int8_t *frm; 1395 1396 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 1397 2 + 2 + 2 + 1398 2 + min(rs->rs_nrates, IEEE80211_RATE_SIZE) + 1399 ((rs->rs_nrates > IEEE80211_RATE_SIZE) ? 1400 2 + rs->rs_nrates - IEEE80211_RATE_SIZE : 0) + 1401 ((ni->ni_flags & IEEE80211_NODE_QOS) ? 2 + 18 : 0) + 1402 ((status == IEEE80211_STATUS_TRY_AGAIN_LATER) ? 2 + 7 : 0) + 1403 ((ic->ic_flags & IEEE80211_F_HTON) ? 28 + 24 + 26 : 0)); 1404 if (m == NULL) 1405 return NULL; 1406 1407 frm = mtod(m, u_int8_t *); 1408 frm = ieee80211_add_capinfo(frm, ic, ni); 1409 LE_WRITE_2(frm, status); frm += 2; 1410 if (status == IEEE80211_STATUS_SUCCESS) 1411 LE_WRITE_2(frm, ni->ni_associd); 1412 else 1413 LE_WRITE_2(frm, 0); 1414 frm += 2; 1415 frm = ieee80211_add_rates(frm, rs); 1416 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 1417 frm = ieee80211_add_xrates(frm, rs); 1418 if (ni->ni_flags & IEEE80211_NODE_QOS) 1419 frm = ieee80211_add_edca_params(frm, ic); 1420 if ((ni->ni_flags & IEEE80211_NODE_MFP) && 1421 status == IEEE80211_STATUS_TRY_AGAIN_LATER) { 1422 /* Association Comeback Time */ 1423 frm = ieee80211_add_tie(frm, 3, 1000 /* XXX */); 1424 } 1425 if (ic->ic_flags & IEEE80211_F_HTON) { 1426 frm = ieee80211_add_htcaps(frm, ic); 1427 frm = ieee80211_add_htop(frm, ic); 1428 frm = ieee80211_add_wme_param(frm, ic); 1429 } 1430 1431 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1432 1433 return m; 1434 } 1435 #endif /* IEEE80211_STA_ONLY */ 1436 1437 /*- 1438 * Disassociation frame format: 1439 * [2] Reason code 1440 */ 1441 struct mbuf * 1442 ieee80211_get_disassoc(struct ieee80211com *ic, struct ieee80211_node *ni, 1443 u_int16_t reason) 1444 { 1445 struct mbuf *m; 1446 1447 MGETHDR(m, M_DONTWAIT, MT_DATA); 1448 if (m == NULL) 1449 return NULL; 1450 m_align(m, 2); 1451 m->m_pkthdr.len = m->m_len = 2; 1452 1453 *mtod(m, u_int16_t *) = htole16(reason); 1454 1455 return m; 1456 } 1457 1458 /*- 1459 * ADDBA Request frame format: 1460 * [1] Category 1461 * [1] Action 1462 * [1] Dialog Token 1463 * [2] Block Ack Parameter Set 1464 * [2] Block Ack Timeout Value 1465 * [2] Block Ack Starting Sequence Control 1466 */ 1467 struct mbuf * 1468 ieee80211_get_addba_req(struct ieee80211com *ic, struct ieee80211_node *ni, 1469 u_int8_t tid) 1470 { 1471 struct ieee80211_tx_ba *ba = &ni->ni_tx_ba[tid]; 1472 struct mbuf *m; 1473 u_int8_t *frm; 1474 1475 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 9); 1476 if (m == NULL) 1477 return m; 1478 1479 frm = mtod(m, u_int8_t *); 1480 *frm++ = IEEE80211_CATEG_BA; 1481 *frm++ = IEEE80211_ACTION_ADDBA_REQ; 1482 *frm++ = ba->ba_token; 1483 LE_WRITE_2(frm, ba->ba_params); frm += 2; 1484 LE_WRITE_2(frm, ba->ba_timeout_val / IEEE80211_DUR_TU); frm += 2; 1485 LE_WRITE_2(frm, ba->ba_winstart); frm += 2; 1486 1487 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1488 1489 return m; 1490 } 1491 1492 /*- 1493 * ADDBA Response frame format: 1494 * [1] Category 1495 * [1] Action 1496 * [1] Dialog Token 1497 * [2] Status Code 1498 * [2] Block Ack Parameter Set 1499 * [2] Block Ack Timeout Value 1500 */ 1501 struct mbuf * 1502 ieee80211_get_addba_resp(struct ieee80211com *ic, struct ieee80211_node *ni, 1503 u_int8_t tid, u_int8_t token, u_int16_t status) 1504 { 1505 struct ieee80211_rx_ba *ba = &ni->ni_rx_ba[tid]; 1506 struct mbuf *m; 1507 u_int8_t *frm; 1508 u_int16_t params; 1509 1510 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 9); 1511 if (m == NULL) 1512 return m; 1513 1514 frm = mtod(m, u_int8_t *); 1515 *frm++ = IEEE80211_CATEG_BA; 1516 *frm++ = IEEE80211_ACTION_ADDBA_RESP; 1517 *frm++ = token; 1518 LE_WRITE_2(frm, status); frm += 2; 1519 if (status == 0) 1520 params = ba->ba_params; 1521 else 1522 params = tid << IEEE80211_ADDBA_TID_SHIFT; 1523 LE_WRITE_2(frm, params); frm += 2; 1524 if (status == 0) 1525 LE_WRITE_2(frm, ba->ba_timeout_val / IEEE80211_DUR_TU); 1526 else 1527 LE_WRITE_2(frm, 0); 1528 frm += 2; 1529 1530 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1531 1532 return m; 1533 } 1534 1535 /*- 1536 * DELBA frame format: 1537 * [1] Category 1538 * [1] Action 1539 * [2] DELBA Parameter Set 1540 * [2] Reason Code 1541 */ 1542 struct mbuf * 1543 ieee80211_get_delba(struct ieee80211com *ic, struct ieee80211_node *ni, 1544 u_int8_t tid, u_int8_t dir, u_int16_t reason) 1545 { 1546 struct mbuf *m; 1547 u_int8_t *frm; 1548 u_int16_t params; 1549 1550 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 6); 1551 if (m == NULL) 1552 return m; 1553 1554 frm = mtod(m, u_int8_t *); 1555 *frm++ = IEEE80211_CATEG_BA; 1556 *frm++ = IEEE80211_ACTION_DELBA; 1557 params = tid << 12; 1558 if (dir) 1559 params |= IEEE80211_DELBA_INITIATOR; 1560 LE_WRITE_2(frm, params); frm += 2; 1561 LE_WRITE_2(frm, reason); frm += 2; 1562 1563 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1564 1565 return m; 1566 } 1567 1568 /*- 1569 * SA Query Request/Reponse frame format: 1570 * [1] Category 1571 * [1] Action 1572 * [16] Transaction Identifier 1573 */ 1574 struct mbuf * 1575 ieee80211_get_sa_query(struct ieee80211com *ic, struct ieee80211_node *ni, 1576 u_int8_t action) 1577 { 1578 struct mbuf *m; 1579 u_int8_t *frm; 1580 1581 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 4); 1582 if (m == NULL) 1583 return NULL; 1584 1585 frm = mtod(m, u_int8_t *); 1586 *frm++ = IEEE80211_CATEG_SA_QUERY; 1587 *frm++ = action; /* ACTION_SA_QUERY_REQ/RESP */ 1588 LE_WRITE_2(frm, ni->ni_sa_query_trid); frm += 2; 1589 1590 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1591 1592 return m; 1593 } 1594 1595 struct mbuf * 1596 ieee80211_get_action(struct ieee80211com *ic, struct ieee80211_node *ni, 1597 u_int8_t categ, u_int8_t action, int arg) 1598 { 1599 struct mbuf *m = NULL; 1600 1601 switch (categ) { 1602 case IEEE80211_CATEG_BA: 1603 switch (action) { 1604 case IEEE80211_ACTION_ADDBA_REQ: 1605 m = ieee80211_get_addba_req(ic, ni, arg & 0xffff); 1606 break; 1607 case IEEE80211_ACTION_ADDBA_RESP: 1608 m = ieee80211_get_addba_resp(ic, ni, arg & 0xff, 1609 arg >> 8, arg >> 16); 1610 break; 1611 case IEEE80211_ACTION_DELBA: 1612 m = ieee80211_get_delba(ic, ni, arg & 0xff, arg >> 8, 1613 arg >> 16); 1614 break; 1615 } 1616 break; 1617 case IEEE80211_CATEG_SA_QUERY: 1618 switch (action) { 1619 #ifndef IEEE80211_STA_ONLY 1620 case IEEE80211_ACTION_SA_QUERY_REQ: 1621 #endif 1622 case IEEE80211_ACTION_SA_QUERY_RESP: 1623 m = ieee80211_get_sa_query(ic, ni, action); 1624 break; 1625 } 1626 break; 1627 } 1628 return m; 1629 } 1630 1631 /* 1632 * Send a management frame. The node is for the destination (or ic_bss 1633 * when in station mode). Nodes other than ic_bss have their reference 1634 * count bumped to reflect our use for an indeterminant time. 1635 */ 1636 int 1637 ieee80211_send_mgmt(struct ieee80211com *ic, struct ieee80211_node *ni, 1638 int type, int arg1, int arg2) 1639 { 1640 #define senderr(_x, _v) do { ic->ic_stats._v++; ret = _x; goto bad; } while (0) 1641 struct ifnet *ifp = &ic->ic_if; 1642 struct mbuf *m; 1643 int ret, timer; 1644 1645 if (ni == NULL) 1646 panic("null node"); 1647 1648 /* 1649 * Hold a reference on the node so it doesn't go away until after 1650 * the xmit is complete all the way in the driver. On error we 1651 * will remove our reference. 1652 */ 1653 ieee80211_ref_node(ni); 1654 timer = 0; 1655 switch (type) { 1656 case IEEE80211_FC0_SUBTYPE_PROBE_REQ: 1657 if ((m = ieee80211_get_probe_req(ic, ni)) == NULL) 1658 senderr(ENOMEM, is_tx_nombuf); 1659 1660 timer = IEEE80211_TRANS_WAIT; 1661 break; 1662 #ifndef IEEE80211_STA_ONLY 1663 case IEEE80211_FC0_SUBTYPE_PROBE_RESP: 1664 if ((m = ieee80211_get_probe_resp(ic, ni)) == NULL) 1665 senderr(ENOMEM, is_tx_nombuf); 1666 break; 1667 #endif 1668 case IEEE80211_FC0_SUBTYPE_AUTH: 1669 m = ieee80211_get_auth(ic, ni, arg1 >> 16, arg1 & 0xffff); 1670 if (m == NULL) 1671 senderr(ENOMEM, is_tx_nombuf); 1672 1673 if (ic->ic_opmode == IEEE80211_M_STA) 1674 timer = IEEE80211_TRANS_WAIT; 1675 break; 1676 1677 case IEEE80211_FC0_SUBTYPE_DEAUTH: 1678 if ((m = ieee80211_get_deauth(ic, ni, arg1)) == NULL) 1679 senderr(ENOMEM, is_tx_nombuf); 1680 #ifndef IEEE80211_STA_ONLY 1681 if ((ifp->if_flags & IFF_DEBUG) && 1682 (ic->ic_opmode == IEEE80211_M_HOSTAP || 1683 ic->ic_opmode == IEEE80211_M_IBSS)) 1684 printf("%s: station %s deauthenticate (reason %d)\n", 1685 ifp->if_xname, ether_sprintf(ni->ni_macaddr), 1686 arg1); 1687 #endif 1688 break; 1689 1690 case IEEE80211_FC0_SUBTYPE_ASSOC_REQ: 1691 case IEEE80211_FC0_SUBTYPE_REASSOC_REQ: 1692 if ((m = ieee80211_get_assoc_req(ic, ni, type)) == NULL) 1693 senderr(ENOMEM, is_tx_nombuf); 1694 1695 timer = IEEE80211_TRANS_WAIT; 1696 break; 1697 #ifndef IEEE80211_STA_ONLY 1698 case IEEE80211_FC0_SUBTYPE_ASSOC_RESP: 1699 case IEEE80211_FC0_SUBTYPE_REASSOC_RESP: 1700 if ((m = ieee80211_get_assoc_resp(ic, ni, arg1)) == NULL) 1701 senderr(ENOMEM, is_tx_nombuf); 1702 break; 1703 #endif 1704 case IEEE80211_FC0_SUBTYPE_DISASSOC: 1705 if ((m = ieee80211_get_disassoc(ic, ni, arg1)) == NULL) 1706 senderr(ENOMEM, is_tx_nombuf); 1707 #ifndef IEEE80211_STA_ONLY 1708 if ((ifp->if_flags & IFF_DEBUG) && 1709 (ic->ic_opmode == IEEE80211_M_HOSTAP || 1710 ic->ic_opmode == IEEE80211_M_IBSS)) 1711 printf("%s: station %s disassociate (reason %d)\n", 1712 ifp->if_xname, ether_sprintf(ni->ni_macaddr), 1713 arg1); 1714 #endif 1715 break; 1716 1717 case IEEE80211_FC0_SUBTYPE_ACTION: 1718 m = ieee80211_get_action(ic, ni, arg1 >> 16, arg1 & 0xffff, 1719 arg2); 1720 if (m == NULL) 1721 senderr(ENOMEM, is_tx_nombuf); 1722 break; 1723 1724 default: 1725 DPRINTF(("invalid mgmt frame type %u\n", type)); 1726 senderr(EINVAL, is_tx_unknownmgt); 1727 /* NOTREACHED */ 1728 } 1729 1730 ret = ieee80211_mgmt_output(ifp, ni, m, type); 1731 if (ret == 0) { 1732 if (timer) 1733 ic->ic_mgt_timer = timer; 1734 } else { 1735 bad: 1736 ieee80211_release_node(ic, ni); 1737 } 1738 return ret; 1739 #undef senderr 1740 } 1741 1742 /* 1743 * Build a RTS (Request To Send) control frame (see 7.2.1.1). 1744 */ 1745 struct mbuf * 1746 ieee80211_get_rts(struct ieee80211com *ic, const struct ieee80211_frame *wh, 1747 u_int16_t dur) 1748 { 1749 struct ieee80211_frame_rts *rts; 1750 struct mbuf *m; 1751 1752 MGETHDR(m, M_DONTWAIT, MT_DATA); 1753 if (m == NULL) 1754 return NULL; 1755 1756 m->m_pkthdr.len = m->m_len = sizeof(struct ieee80211_frame_rts); 1757 1758 rts = mtod(m, struct ieee80211_frame_rts *); 1759 rts->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_CTL | 1760 IEEE80211_FC0_SUBTYPE_RTS; 1761 rts->i_fc[1] = IEEE80211_FC1_DIR_NODS; 1762 *(u_int16_t *)rts->i_dur = htole16(dur); 1763 IEEE80211_ADDR_COPY(rts->i_ra, wh->i_addr1); 1764 IEEE80211_ADDR_COPY(rts->i_ta, wh->i_addr2); 1765 1766 return m; 1767 } 1768 1769 /* 1770 * Build a CTS-to-self (Clear To Send) control frame (see 7.2.1.2). 1771 */ 1772 struct mbuf * 1773 ieee80211_get_cts_to_self(struct ieee80211com *ic, u_int16_t dur) 1774 { 1775 struct ieee80211_frame_cts *cts; 1776 struct mbuf *m; 1777 1778 MGETHDR(m, M_DONTWAIT, MT_DATA); 1779 if (m == NULL) 1780 return NULL; 1781 1782 m->m_pkthdr.len = m->m_len = sizeof(struct ieee80211_frame_cts); 1783 1784 cts = mtod(m, struct ieee80211_frame_cts *); 1785 cts->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_CTL | 1786 IEEE80211_FC0_SUBTYPE_CTS; 1787 cts->i_fc[1] = IEEE80211_FC1_DIR_NODS; 1788 *(u_int16_t *)cts->i_dur = htole16(dur); 1789 IEEE80211_ADDR_COPY(cts->i_ra, ic->ic_myaddr); 1790 1791 return m; 1792 } 1793 1794 #ifndef IEEE80211_STA_ONLY 1795 /*- 1796 * Beacon frame format: 1797 * [8] Timestamp 1798 * [2] Beacon interval 1799 * [2] Capability 1800 * [tlv] Service Set Identifier (SSID) 1801 * [tlv] Supported rates 1802 * [tlv] DS Parameter Set (802.11g) 1803 * [tlv] IBSS Parameter Set 1804 * [tlv] Traffic Indication Map (TIM) 1805 * [tlv] ERP Information (802.11g) 1806 * [tlv] Extended Supported Rates (802.11g) 1807 * [tlv] RSN (802.11i) 1808 * [tlv] EDCA Parameter Set (802.11e) 1809 * [tlv] HT Capabilities (802.11n) 1810 * [tlv] HT Operation (802.11n) 1811 */ 1812 struct mbuf * 1813 ieee80211_beacon_alloc(struct ieee80211com *ic, struct ieee80211_node *ni) 1814 { 1815 const struct ieee80211_rateset *rs = &ni->ni_rates; 1816 struct ieee80211_frame *wh; 1817 struct mbuf *m; 1818 u_int8_t *frm; 1819 1820 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 1821 8 + 2 + 2 + 1822 2 + ((ic->ic_userflags & IEEE80211_F_HIDENWID) ? 1823 0 : ni->ni_esslen) + 1824 2 + min(rs->rs_nrates, IEEE80211_RATE_SIZE) + 1825 2 + 1 + 1826 2 + ((ic->ic_opmode == IEEE80211_M_IBSS) ? 2 : 254) + 1827 ((ic->ic_curmode == IEEE80211_MODE_11G) ? 2 + 1 : 0) + 1828 ((rs->rs_nrates > IEEE80211_RATE_SIZE) ? 1829 2 + rs->rs_nrates - IEEE80211_RATE_SIZE : 0) + 1830 (((ic->ic_flags & IEEE80211_F_RSNON) && 1831 (ni->ni_rsnprotos & IEEE80211_PROTO_RSN)) ? 1832 2 + IEEE80211_RSNIE_MAXLEN : 0) + 1833 ((ic->ic_flags & IEEE80211_F_QOS) ? 2 + 18 : 0) + 1834 (((ic->ic_flags & IEEE80211_F_RSNON) && 1835 (ni->ni_rsnprotos & IEEE80211_PROTO_WPA)) ? 1836 2 + IEEE80211_WPAIE_MAXLEN : 0) + 1837 ((ic->ic_flags & IEEE80211_F_HTON) ? 28 + 24 + 26 : 0)); 1838 if (m == NULL) 1839 return NULL; 1840 1841 M_PREPEND(m, sizeof(struct ieee80211_frame), M_DONTWAIT); 1842 if (m == NULL) 1843 return NULL; 1844 wh = mtod(m, struct ieee80211_frame *); 1845 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 1846 IEEE80211_FC0_SUBTYPE_BEACON; 1847 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 1848 *(u_int16_t *)wh->i_dur = 0; 1849 IEEE80211_ADDR_COPY(wh->i_addr1, etherbroadcastaddr); 1850 IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_myaddr); 1851 IEEE80211_ADDR_COPY(wh->i_addr3, ni->ni_bssid); 1852 *(u_int16_t *)wh->i_seq = 0; 1853 1854 frm = (u_int8_t *)&wh[1]; 1855 memset(frm, 0, 8); frm += 8; /* timestamp is set by hardware */ 1856 LE_WRITE_2(frm, ni->ni_intval); frm += 2; 1857 frm = ieee80211_add_capinfo(frm, ic, ni); 1858 if (ic->ic_userflags & IEEE80211_F_HIDENWID) 1859 frm = ieee80211_add_ssid(frm, NULL, 0); 1860 else 1861 frm = ieee80211_add_ssid(frm, ni->ni_essid, ni->ni_esslen); 1862 frm = ieee80211_add_rates(frm, rs); 1863 frm = ieee80211_add_ds_params(frm, ic, ni); 1864 if (ic->ic_opmode == IEEE80211_M_IBSS) 1865 frm = ieee80211_add_ibss_params(frm, ni); 1866 else 1867 frm = ieee80211_add_tim(frm, ic); 1868 if (ic->ic_curmode == IEEE80211_MODE_11G) 1869 frm = ieee80211_add_erp(frm, ic); 1870 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 1871 frm = ieee80211_add_xrates(frm, rs); 1872 if ((ic->ic_flags & IEEE80211_F_RSNON) && 1873 (ni->ni_rsnprotos & IEEE80211_PROTO_RSN)) 1874 frm = ieee80211_add_rsn(frm, ic, ni); 1875 if (ic->ic_flags & IEEE80211_F_QOS) 1876 frm = ieee80211_add_edca_params(frm, ic); 1877 if ((ic->ic_flags & IEEE80211_F_RSNON) && 1878 (ni->ni_rsnprotos & IEEE80211_PROTO_WPA)) 1879 frm = ieee80211_add_wpa(frm, ic, ni); 1880 if (ic->ic_flags & IEEE80211_F_HTON) { 1881 frm = ieee80211_add_htcaps(frm, ic); 1882 frm = ieee80211_add_htop(frm, ic); 1883 frm = ieee80211_add_wme_param(frm, ic); 1884 } 1885 1886 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1887 m->m_pkthdr.ph_cookie = ni; 1888 1889 return m; 1890 } 1891 1892 /* 1893 * Check if an outgoing MSDU or management frame should be buffered into 1894 * the AP for power management. Return 1 if the frame was buffered into 1895 * the AP, or 0 if the frame shall be transmitted immediately. 1896 */ 1897 int 1898 ieee80211_pwrsave(struct ieee80211com *ic, struct mbuf *m, 1899 struct ieee80211_node *ni) 1900 { 1901 const struct ieee80211_frame *wh; 1902 int pssta = 0; 1903 1904 KASSERT(ic->ic_opmode == IEEE80211_M_HOSTAP); 1905 if (!(ic->ic_caps & IEEE80211_C_APPMGT)) 1906 return 0; 1907 1908 wh = mtod(m, struct ieee80211_frame *); 1909 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) { 1910 /* 1911 * Buffer group addressed MSDUs with the Order bit clear 1912 * if any associated STAs are in PS mode. 1913 */ 1914 ieee80211_iterate_nodes(ic, ieee80211_count_pssta, &pssta); 1915 if ((wh->i_fc[1] & IEEE80211_FC1_ORDER) || pssta == 0) 1916 return 0; 1917 ic->ic_tim_mcast_pending = 1; 1918 } else { 1919 /* 1920 * Buffer MSDUs, A-MSDUs or management frames destined for 1921 * PS STAs. 1922 */ 1923 if (ni->ni_pwrsave == IEEE80211_PS_AWAKE || 1924 (wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == 1925 IEEE80211_FC0_TYPE_CTL) 1926 return 0; 1927 if (mq_empty(&ni->ni_savedq)) 1928 (*ic->ic_set_tim)(ic, ni->ni_associd, 1); 1929 } 1930 /* NB: ni == ic->ic_bss for broadcast/multicast */ 1931 /* 1932 * Similar to ieee80211_mgmt_output, store the node in a 1933 * special pkthdr field. 1934 */ 1935 m->m_pkthdr.ph_cookie = ni; 1936 mq_enqueue(&ni->ni_savedq, m); 1937 return 1; 1938 } 1939 #endif /* IEEE80211_STA_ONLY */ 1940