1 /* $OpenBSD: ieee80211_output.c,v 1.122 2017/12/14 18:52:17 stsp Exp $ */ 2 /* $NetBSD: ieee80211_output.c,v 1.13 2004/05/31 11:02:55 dyoung Exp $ */ 3 4 /*- 5 * Copyright (c) 2001 Atsushi Onoe 6 * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting 7 * Copyright (c) 2007-2009 Damien Bergamini 8 * All rights reserved. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. The name of the author may not be used to endorse or promote products 19 * derived from this software without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 22 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 23 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 24 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 25 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 26 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 30 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 #include "bpfilter.h" 34 #include "vlan.h" 35 36 #include <sys/param.h> 37 #include <sys/systm.h> 38 #include <sys/mbuf.h> 39 #include <sys/kernel.h> 40 #include <sys/socket.h> 41 #include <sys/sockio.h> 42 #include <sys/endian.h> 43 #include <sys/errno.h> 44 #include <sys/sysctl.h> 45 46 #include <net/if.h> 47 #include <net/if_dl.h> 48 #include <net/if_media.h> 49 #include <net/if_llc.h> 50 #include <net/bpf.h> 51 52 #include <netinet/in.h> 53 #include <netinet/if_ether.h> 54 #include <netinet/ip.h> 55 #ifdef INET6 56 #include <netinet/ip6.h> 57 #endif 58 59 #if NVLAN > 0 60 #include <net/if_vlan_var.h> 61 #endif 62 63 #include <net80211/ieee80211_var.h> 64 #include <net80211/ieee80211_priv.h> 65 66 int ieee80211_mgmt_output(struct ifnet *, struct ieee80211_node *, 67 struct mbuf *, int); 68 u_int8_t *ieee80211_add_rsn_body(u_int8_t *, struct ieee80211com *, 69 const struct ieee80211_node *, int); 70 struct mbuf *ieee80211_getmgmt(int, int, u_int); 71 struct mbuf *ieee80211_get_probe_req(struct ieee80211com *, 72 struct ieee80211_node *); 73 #ifndef IEEE80211_STA_ONLY 74 struct mbuf *ieee80211_get_probe_resp(struct ieee80211com *, 75 struct ieee80211_node *); 76 #endif 77 struct mbuf *ieee80211_get_auth(struct ieee80211com *, 78 struct ieee80211_node *, u_int16_t, u_int16_t); 79 struct mbuf *ieee80211_get_deauth(struct ieee80211com *, 80 struct ieee80211_node *, u_int16_t); 81 struct mbuf *ieee80211_get_assoc_req(struct ieee80211com *, 82 struct ieee80211_node *, int); 83 #ifndef IEEE80211_STA_ONLY 84 struct mbuf *ieee80211_get_assoc_resp(struct ieee80211com *, 85 struct ieee80211_node *, u_int16_t); 86 #endif 87 struct mbuf *ieee80211_get_disassoc(struct ieee80211com *, 88 struct ieee80211_node *, u_int16_t); 89 struct mbuf *ieee80211_get_addba_req(struct ieee80211com *, 90 struct ieee80211_node *, u_int8_t); 91 struct mbuf *ieee80211_get_addba_resp(struct ieee80211com *, 92 struct ieee80211_node *, u_int8_t, u_int8_t, u_int16_t); 93 struct mbuf *ieee80211_get_delba(struct ieee80211com *, 94 struct ieee80211_node *, u_int8_t, u_int8_t, u_int16_t); 95 uint8_t *ieee80211_add_wme_info(uint8_t *, struct ieee80211com *); 96 #ifndef IEEE80211_STA_ONLY 97 uint8_t *ieee80211_add_wme_param(uint8_t *, struct ieee80211com *); 98 #endif 99 struct mbuf *ieee80211_get_sa_query(struct ieee80211com *, 100 struct ieee80211_node *, u_int8_t); 101 struct mbuf *ieee80211_get_action(struct ieee80211com *, 102 struct ieee80211_node *, u_int8_t, u_int8_t, int); 103 104 /* 105 * IEEE 802.11 output routine. Normally this will directly call the 106 * Ethernet output routine because 802.11 encapsulation is called 107 * later by the driver. This function can be used to send raw frames 108 * if the mbuf has been tagged with a 802.11 data link type. 109 */ 110 int 111 ieee80211_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, 112 struct rtentry *rt) 113 { 114 struct ieee80211_frame *wh; 115 struct m_tag *mtag; 116 int error = 0; 117 118 /* Interface has to be up and running */ 119 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) != 120 (IFF_UP | IFF_RUNNING)) { 121 error = ENETDOWN; 122 goto bad; 123 } 124 125 /* Try to get the DLT from a mbuf tag */ 126 if ((mtag = m_tag_find(m, PACKET_TAG_DLT, NULL)) != NULL) { 127 struct ieee80211com *ic = (void *)ifp; 128 u_int dlt = *(u_int *)(mtag + 1); 129 130 /* Fallback to ethernet for non-802.11 linktypes */ 131 if (!(dlt == DLT_IEEE802_11 || dlt == DLT_IEEE802_11_RADIO)) 132 goto fallback; 133 134 if (m->m_pkthdr.len < sizeof(struct ieee80211_frame_min)) 135 return (EINVAL); 136 wh = mtod(m, struct ieee80211_frame *); 137 if ((wh->i_fc[0] & IEEE80211_FC0_VERSION_MASK) != 138 IEEE80211_FC0_VERSION_0) 139 return (EINVAL); 140 if (!(ic->ic_caps & IEEE80211_C_RAWCTL) && 141 (wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == 142 IEEE80211_FC0_TYPE_CTL) 143 return (EINVAL); 144 145 return (if_enqueue(ifp, m)); 146 } 147 148 fallback: 149 return (ether_output(ifp, m, dst, rt)); 150 151 bad: 152 m_freem(m); 153 return (error); 154 } 155 156 /* 157 * Send a management frame to the specified node. The node pointer 158 * must have a reference as the pointer will be passed to the driver 159 * and potentially held for a long time. If the frame is successfully 160 * dispatched to the driver, then it is responsible for freeing the 161 * reference (and potentially free'ing up any associated storage). 162 */ 163 int 164 ieee80211_mgmt_output(struct ifnet *ifp, struct ieee80211_node *ni, 165 struct mbuf *m, int type) 166 { 167 struct ieee80211com *ic = (void *)ifp; 168 struct ieee80211_frame *wh; 169 170 if (ni == NULL) 171 panic("null node"); 172 ni->ni_inact = 0; 173 174 /* 175 * We want to pass the node down to the driver's start 176 * routine. We could stick this in an m_tag and tack that 177 * on to the mbuf. However that's rather expensive to do 178 * for every frame so instead we stuff it in a special pkthdr 179 * field. 180 */ 181 M_PREPEND(m, sizeof(struct ieee80211_frame), M_DONTWAIT); 182 if (m == NULL) 183 return ENOMEM; 184 m->m_pkthdr.ph_cookie = ni; 185 186 wh = mtod(m, struct ieee80211_frame *); 187 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | type; 188 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 189 *(u_int16_t *)&wh->i_dur[0] = 0; 190 *(u_int16_t *)&wh->i_seq[0] = 191 htole16(ni->ni_txseq << IEEE80211_SEQ_SEQ_SHIFT); 192 ni->ni_txseq++; 193 IEEE80211_ADDR_COPY(wh->i_addr1, ni->ni_macaddr); 194 IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_myaddr); 195 IEEE80211_ADDR_COPY(wh->i_addr3, ni->ni_bssid); 196 197 /* check if protection is required for this mgmt frame */ 198 if ((ic->ic_caps & IEEE80211_C_MFP) && 199 (type == IEEE80211_FC0_SUBTYPE_DISASSOC || 200 type == IEEE80211_FC0_SUBTYPE_DEAUTH || 201 type == IEEE80211_FC0_SUBTYPE_ACTION)) { 202 /* 203 * Hack: we should not set the Protected bit in outgoing 204 * group management frames, however it is used as an 205 * indication to the drivers that they must encrypt the 206 * frame. Drivers should clear this bit from group 207 * management frames (software crypto code will do it). 208 * XXX could use an mbuf flag.. 209 */ 210 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 211 (ni->ni_flags & IEEE80211_NODE_TXMGMTPROT)) 212 wh->i_fc[1] |= IEEE80211_FC1_PROTECTED; 213 } 214 215 if (ifp->if_flags & IFF_DEBUG) { 216 /* avoid to print too many frames */ 217 if ( 218 #ifndef IEEE80211_STA_ONLY 219 ic->ic_opmode == IEEE80211_M_IBSS || 220 #endif 221 #ifdef IEEE80211_DEBUG 222 ieee80211_debug > 1 || 223 #endif 224 (type & IEEE80211_FC0_SUBTYPE_MASK) != 225 IEEE80211_FC0_SUBTYPE_PROBE_RESP) 226 printf("%s: sending %s to %s on channel %u mode %s\n", 227 ifp->if_xname, 228 ieee80211_mgt_subtype_name[ 229 (type & IEEE80211_FC0_SUBTYPE_MASK) 230 >> IEEE80211_FC0_SUBTYPE_SHIFT], 231 ether_sprintf(ni->ni_macaddr), 232 ieee80211_chan2ieee(ic, ni->ni_chan), 233 ieee80211_phymode_name[ic->ic_curmode]); 234 } 235 236 #ifndef IEEE80211_STA_ONLY 237 if (ic->ic_opmode == IEEE80211_M_HOSTAP && 238 ieee80211_pwrsave(ic, m, ni) != 0) 239 return 0; 240 #endif 241 mq_enqueue(&ic->ic_mgtq, m); 242 ifp->if_timer = 1; 243 if_start(ifp); 244 return 0; 245 } 246 247 /*- 248 * EDCA tables are computed using the following formulas: 249 * 250 * 1) EDCATable (non-AP QSTA) 251 * 252 * AC CWmin CWmax AIFSN TXOP limit(ms) 253 * ------------------------------------------------------------- 254 * AC_BK aCWmin aCWmax 7 0 255 * AC_BE aCWmin aCWmax 3 0 256 * AC_VI (aCWmin+1)/2-1 aCWmin 2 agn=3.008 b=6.016 others=0 257 * AC_VO (aCWmin+1)/4-1 (aCWmin+1)/2-1 2 agn=1.504 b=3.264 others=0 258 * 259 * 2) QAPEDCATable (QAP) 260 * 261 * AC CWmin CWmax AIFSN TXOP limit(ms) 262 * ------------------------------------------------------------- 263 * AC_BK aCWmin aCWmax 7 0 264 * AC_BE aCWmin 4*(aCWmin+1)-1 3 0 265 * AC_VI (aCWmin+1)/2-1 aCWmin 1 agn=3.008 b=6.016 others=0 266 * AC_VO (aCWmin+1)/4-1 (aCWmin+1)/2-1 1 agn=1.504 b=3.264 others=0 267 * 268 * and the following aCWmin/aCWmax values: 269 * 270 * PHY aCWmin aCWmax 271 * --------------------------- 272 * 11A 15 1023 273 * 11B 31 1023 274 * 11G 15* 1023 (*) aCWmin(1) 275 * 11N 15 1023 276 */ 277 const struct ieee80211_edca_ac_params 278 ieee80211_edca_table[IEEE80211_MODE_MAX][EDCA_NUM_AC] = { 279 [IEEE80211_MODE_11B] = { 280 [EDCA_AC_BK] = { 5, 10, 7, 0 }, 281 [EDCA_AC_BE] = { 5, 10, 3, 0 }, 282 [EDCA_AC_VI] = { 4, 5, 2, 188 }, 283 [EDCA_AC_VO] = { 3, 4, 2, 102 } 284 }, 285 [IEEE80211_MODE_11A] = { 286 [EDCA_AC_BK] = { 4, 10, 7, 0 }, 287 [EDCA_AC_BE] = { 4, 10, 3, 0 }, 288 [EDCA_AC_VI] = { 3, 4, 2, 94 }, 289 [EDCA_AC_VO] = { 2, 3, 2, 47 } 290 }, 291 [IEEE80211_MODE_11G] = { 292 [EDCA_AC_BK] = { 4, 10, 7, 0 }, 293 [EDCA_AC_BE] = { 4, 10, 3, 0 }, 294 [EDCA_AC_VI] = { 3, 4, 2, 94 }, 295 [EDCA_AC_VO] = { 2, 3, 2, 47 } 296 }, 297 [IEEE80211_MODE_11N] = { 298 [EDCA_AC_BK] = { 4, 10, 7, 0 }, 299 [EDCA_AC_BE] = { 4, 10, 3, 0 }, 300 [EDCA_AC_VI] = { 3, 4, 2, 94 }, 301 [EDCA_AC_VO] = { 2, 3, 2, 47 } 302 }, 303 }; 304 305 #ifndef IEEE80211_STA_ONLY 306 const struct ieee80211_edca_ac_params 307 ieee80211_qap_edca_table[IEEE80211_MODE_MAX][EDCA_NUM_AC] = { 308 [IEEE80211_MODE_11B] = { 309 [EDCA_AC_BK] = { 5, 10, 7, 0 }, 310 [EDCA_AC_BE] = { 5, 7, 3, 0 }, 311 [EDCA_AC_VI] = { 4, 5, 1, 188 }, 312 [EDCA_AC_VO] = { 3, 4, 1, 102 } 313 }, 314 [IEEE80211_MODE_11A] = { 315 [EDCA_AC_BK] = { 4, 10, 7, 0 }, 316 [EDCA_AC_BE] = { 4, 6, 3, 0 }, 317 [EDCA_AC_VI] = { 3, 4, 1, 94 }, 318 [EDCA_AC_VO] = { 2, 3, 1, 47 } 319 }, 320 [IEEE80211_MODE_11G] = { 321 [EDCA_AC_BK] = { 4, 10, 7, 0 }, 322 [EDCA_AC_BE] = { 4, 6, 3, 0 }, 323 [EDCA_AC_VI] = { 3, 4, 1, 94 }, 324 [EDCA_AC_VO] = { 2, 3, 1, 47 } 325 }, 326 [IEEE80211_MODE_11N] = { 327 [EDCA_AC_BK] = { 4, 10, 7, 0 }, 328 [EDCA_AC_BE] = { 4, 6, 3, 0 }, 329 [EDCA_AC_VI] = { 3, 4, 1, 94 }, 330 [EDCA_AC_VO] = { 2, 3, 1, 47 } 331 }, 332 }; 333 #endif /* IEEE80211_STA_ONLY */ 334 335 /* 336 * Return the EDCA Access Category to be used for transmitting a frame with 337 * user-priority `up'. 338 */ 339 enum ieee80211_edca_ac 340 ieee80211_up_to_ac(struct ieee80211com *ic, int up) 341 { 342 /* see Table 9-1 */ 343 static const enum ieee80211_edca_ac up_to_ac[] = { 344 EDCA_AC_BE, /* BE */ 345 EDCA_AC_BK, /* BK */ 346 EDCA_AC_BK, /* -- */ 347 EDCA_AC_BE, /* EE */ 348 EDCA_AC_VI, /* CL */ 349 EDCA_AC_VI, /* VI */ 350 EDCA_AC_VO, /* VO */ 351 EDCA_AC_VO /* NC */ 352 }; 353 enum ieee80211_edca_ac ac; 354 355 ac = (up <= 7) ? up_to_ac[up] : EDCA_AC_BE; 356 357 #ifndef IEEE80211_STA_ONLY 358 if (ic->ic_opmode == IEEE80211_M_HOSTAP) 359 return ac; 360 #endif 361 /* 362 * We do not support the admission control procedure defined in 363 * IEEE Std 802.11-2012 section 9.19.4.2.3. The spec says that 364 * non-AP QSTAs that don't support this procedure shall use EDCA 365 * parameters of a lower priority AC that does not require 366 * admission control. 367 */ 368 while (ac != EDCA_AC_BK && ic->ic_edca_ac[ac].ac_acm) { 369 switch (ac) { 370 case EDCA_AC_BK: 371 /* can't get there */ 372 break; 373 case EDCA_AC_BE: 374 /* BE shouldn't require admission control */ 375 ac = EDCA_AC_BK; 376 break; 377 case EDCA_AC_VI: 378 ac = EDCA_AC_BE; 379 break; 380 case EDCA_AC_VO: 381 ac = EDCA_AC_VI; 382 break; 383 } 384 } 385 return ac; 386 } 387 388 /* 389 * Get mbuf's user-priority: if mbuf is not VLAN tagged, select user-priority 390 * based on the DSCP (Differentiated Services Codepoint) field. 391 */ 392 int 393 ieee80211_classify(struct ieee80211com *ic, struct mbuf *m) 394 { 395 struct ether_header *eh; 396 u_int8_t ds_field; 397 #if NVLAN > 0 398 if (m->m_flags & M_VLANTAG) /* use VLAN 802.1D user-priority */ 399 return EVL_PRIOFTAG(m->m_pkthdr.ether_vtag); 400 #endif 401 eh = mtod(m, struct ether_header *); 402 if (eh->ether_type == htons(ETHERTYPE_IP)) { 403 struct ip *ip = (struct ip *)&eh[1]; 404 if (ip->ip_v != 4) 405 return 0; 406 ds_field = ip->ip_tos; 407 } 408 #ifdef INET6 409 else if (eh->ether_type == htons(ETHERTYPE_IPV6)) { 410 struct ip6_hdr *ip6 = (struct ip6_hdr *)&eh[1]; 411 u_int32_t flowlabel; 412 413 flowlabel = ntohl(ip6->ip6_flow); 414 if ((flowlabel >> 28) != 6) 415 return 0; 416 ds_field = (flowlabel >> 20) & 0xff; 417 } 418 #endif /* INET6 */ 419 else /* neither IPv4 nor IPv6 */ 420 return 0; 421 422 /* 423 * Map Differentiated Services Codepoint field (see RFC2474). 424 * Preserves backward compatibility with IP Precedence field. 425 */ 426 switch (ds_field & 0xfc) { 427 case IPTOS_PREC_PRIORITY: 428 return 2; 429 case IPTOS_PREC_IMMEDIATE: 430 return 1; 431 case IPTOS_PREC_FLASH: 432 return 3; 433 case IPTOS_PREC_FLASHOVERRIDE: 434 return 4; 435 case IPTOS_PREC_CRITIC_ECP: 436 return 5; 437 case IPTOS_PREC_INTERNETCONTROL: 438 return 6; 439 case IPTOS_PREC_NETCONTROL: 440 return 7; 441 } 442 return 0; /* default to Best-Effort */ 443 } 444 445 /* 446 * Encapsulate an outbound data frame. The mbuf chain is updated and 447 * a reference to the destination node is returned. If an error is 448 * encountered NULL is returned and the node reference will also be NULL. 449 * 450 * NB: The caller is responsible for free'ing a returned node reference. 451 * The convention is ic_bss is not reference counted; the caller must 452 * maintain that. 453 */ 454 struct mbuf * 455 ieee80211_encap(struct ifnet *ifp, struct mbuf *m, struct ieee80211_node **pni) 456 { 457 struct ieee80211com *ic = (void *)ifp; 458 struct ether_header eh; 459 struct ieee80211_frame *wh; 460 struct ieee80211_node *ni = NULL; 461 struct llc *llc; 462 struct m_tag *mtag; 463 u_int8_t *addr; 464 u_int dlt, hdrlen; 465 int addqos, tid; 466 467 /* Handle raw frames if mbuf is tagged as 802.11 */ 468 if ((mtag = m_tag_find(m, PACKET_TAG_DLT, NULL)) != NULL) { 469 dlt = *(u_int *)(mtag + 1); 470 471 if (!(dlt == DLT_IEEE802_11 || dlt == DLT_IEEE802_11_RADIO)) 472 goto fallback; 473 474 wh = mtod(m, struct ieee80211_frame *); 475 switch (wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) { 476 case IEEE80211_FC1_DIR_NODS: 477 case IEEE80211_FC1_DIR_FROMDS: 478 addr = wh->i_addr1; 479 break; 480 case IEEE80211_FC1_DIR_DSTODS: 481 case IEEE80211_FC1_DIR_TODS: 482 addr = wh->i_addr3; 483 break; 484 default: 485 goto bad; 486 } 487 488 ni = ieee80211_find_txnode(ic, addr); 489 if (ni == NULL) 490 ni = ieee80211_ref_node(ic->ic_bss); 491 if (ni == NULL) { 492 printf("%s: no node for dst %s, " 493 "discard raw tx frame\n", ifp->if_xname, 494 ether_sprintf(addr)); 495 ic->ic_stats.is_tx_nonode++; 496 goto bad; 497 } 498 ni->ni_inact = 0; 499 500 *pni = ni; 501 return (m); 502 } 503 504 fallback: 505 if (m->m_len < sizeof(struct ether_header)) { 506 m = m_pullup(m, sizeof(struct ether_header)); 507 if (m == NULL) { 508 ic->ic_stats.is_tx_nombuf++; 509 goto bad; 510 } 511 } 512 memcpy(&eh, mtod(m, caddr_t), sizeof(struct ether_header)); 513 514 ni = ieee80211_find_txnode(ic, eh.ether_dhost); 515 if (ni == NULL) { 516 DPRINTF(("no node for dst %s, discard frame\n", 517 ether_sprintf(eh.ether_dhost))); 518 ic->ic_stats.is_tx_nonode++; 519 goto bad; 520 } 521 522 if ((ic->ic_flags & IEEE80211_F_RSNON) && 523 !ni->ni_port_valid && 524 eh.ether_type != htons(ETHERTYPE_PAE)) { 525 DPRINTF(("port not valid: %s\n", 526 ether_sprintf(eh.ether_dhost))); 527 ic->ic_stats.is_tx_noauth++; 528 goto bad; 529 } 530 531 if ((ic->ic_flags & IEEE80211_F_COUNTERM) && 532 ni->ni_rsncipher == IEEE80211_CIPHER_TKIP) 533 /* XXX TKIP countermeasures! */; 534 535 ni->ni_inact = 0; 536 537 if ((ic->ic_flags & IEEE80211_F_QOS) && 538 (ni->ni_flags & IEEE80211_NODE_QOS) && 539 /* do not QoS-encapsulate EAPOL frames */ 540 eh.ether_type != htons(ETHERTYPE_PAE)) { 541 tid = ieee80211_classify(ic, m); 542 hdrlen = sizeof(struct ieee80211_qosframe); 543 addqos = 1; 544 } else { 545 hdrlen = sizeof(struct ieee80211_frame); 546 addqos = 0; 547 } 548 m_adj(m, sizeof(struct ether_header) - LLC_SNAPFRAMELEN); 549 llc = mtod(m, struct llc *); 550 llc->llc_dsap = llc->llc_ssap = LLC_SNAP_LSAP; 551 llc->llc_control = LLC_UI; 552 llc->llc_snap.org_code[0] = 0; 553 llc->llc_snap.org_code[1] = 0; 554 llc->llc_snap.org_code[2] = 0; 555 llc->llc_snap.ether_type = eh.ether_type; 556 M_PREPEND(m, hdrlen, M_DONTWAIT); 557 if (m == NULL) { 558 ic->ic_stats.is_tx_nombuf++; 559 goto bad; 560 } 561 wh = mtod(m, struct ieee80211_frame *); 562 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_DATA; 563 *(u_int16_t *)&wh->i_dur[0] = 0; 564 if (addqos) { 565 struct ieee80211_qosframe *qwh = 566 (struct ieee80211_qosframe *)wh; 567 u_int16_t qos = tid; 568 569 if (ic->ic_tid_noack & (1 << tid)) 570 qos |= IEEE80211_QOS_ACK_POLICY_NOACK; 571 else if (ni->ni_tx_ba[tid].ba_state == IEEE80211_BA_AGREED) 572 qos |= IEEE80211_QOS_ACK_POLICY_BA; 573 qwh->i_fc[0] |= IEEE80211_FC0_SUBTYPE_QOS; 574 *(u_int16_t *)qwh->i_qos = htole16(qos); 575 *(u_int16_t *)qwh->i_seq = 576 htole16(ni->ni_qos_txseqs[tid] << IEEE80211_SEQ_SEQ_SHIFT); 577 ni->ni_qos_txseqs[tid]++; 578 } else { 579 *(u_int16_t *)&wh->i_seq[0] = 580 htole16(ni->ni_txseq << IEEE80211_SEQ_SEQ_SHIFT); 581 ni->ni_txseq++; 582 } 583 switch (ic->ic_opmode) { 584 case IEEE80211_M_STA: 585 wh->i_fc[1] = IEEE80211_FC1_DIR_TODS; 586 IEEE80211_ADDR_COPY(wh->i_addr1, ni->ni_bssid); 587 IEEE80211_ADDR_COPY(wh->i_addr2, eh.ether_shost); 588 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_dhost); 589 break; 590 #ifndef IEEE80211_STA_ONLY 591 case IEEE80211_M_IBSS: 592 case IEEE80211_M_AHDEMO: 593 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 594 IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost); 595 IEEE80211_ADDR_COPY(wh->i_addr2, eh.ether_shost); 596 IEEE80211_ADDR_COPY(wh->i_addr3, ic->ic_bss->ni_bssid); 597 break; 598 case IEEE80211_M_HOSTAP: 599 wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS; 600 IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost); 601 IEEE80211_ADDR_COPY(wh->i_addr2, ni->ni_bssid); 602 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_shost); 603 break; 604 #endif 605 default: 606 /* should not get there */ 607 goto bad; 608 } 609 610 if ((ic->ic_flags & IEEE80211_F_WEPON) || 611 ((ic->ic_flags & IEEE80211_F_RSNON) && 612 (ni->ni_flags & IEEE80211_NODE_TXPROT))) 613 wh->i_fc[1] |= IEEE80211_FC1_PROTECTED; 614 615 #ifndef IEEE80211_STA_ONLY 616 if (ic->ic_opmode == IEEE80211_M_HOSTAP && 617 ieee80211_pwrsave(ic, m, ni) != 0) { 618 *pni = NULL; 619 return NULL; 620 } 621 #endif 622 *pni = ni; 623 return m; 624 bad: 625 m_freem(m); 626 if (ni != NULL) 627 ieee80211_release_node(ic, ni); 628 *pni = NULL; 629 return NULL; 630 } 631 632 /* 633 * Add a Capability Information field to a frame (see 7.3.1.4). 634 */ 635 u_int8_t * 636 ieee80211_add_capinfo(u_int8_t *frm, struct ieee80211com *ic, 637 const struct ieee80211_node *ni) 638 { 639 u_int16_t capinfo; 640 641 #ifndef IEEE80211_STA_ONLY 642 if (ic->ic_opmode == IEEE80211_M_IBSS) 643 capinfo = IEEE80211_CAPINFO_IBSS; 644 else if (ic->ic_opmode == IEEE80211_M_HOSTAP) 645 capinfo = IEEE80211_CAPINFO_ESS; 646 else 647 #endif 648 capinfo = 0; 649 #ifndef IEEE80211_STA_ONLY 650 if (ic->ic_opmode == IEEE80211_M_HOSTAP && 651 (ic->ic_flags & (IEEE80211_F_WEPON | IEEE80211_F_RSNON))) 652 capinfo |= IEEE80211_CAPINFO_PRIVACY; 653 #endif 654 /* NB: some 11a AP's reject the request when short preamble is set */ 655 if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) && 656 IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) 657 capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE; 658 if (ic->ic_flags & IEEE80211_F_SHSLOT) 659 capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME; 660 LE_WRITE_2(frm, capinfo); 661 return frm + 2; 662 } 663 664 /* 665 * Add an SSID element to a frame (see 7.3.2.1). 666 */ 667 u_int8_t * 668 ieee80211_add_ssid(u_int8_t *frm, const u_int8_t *ssid, u_int len) 669 { 670 *frm++ = IEEE80211_ELEMID_SSID; 671 *frm++ = len; 672 memcpy(frm, ssid, len); 673 return frm + len; 674 } 675 676 /* 677 * Add a supported rates element to a frame (see 7.3.2.2). 678 */ 679 u_int8_t * 680 ieee80211_add_rates(u_int8_t *frm, const struct ieee80211_rateset *rs) 681 { 682 int nrates; 683 684 *frm++ = IEEE80211_ELEMID_RATES; 685 nrates = min(rs->rs_nrates, IEEE80211_RATE_SIZE); 686 *frm++ = nrates; 687 memcpy(frm, rs->rs_rates, nrates); 688 return frm + nrates; 689 } 690 691 #ifndef IEEE80211_STA_ONLY 692 /* 693 * Add a DS Parameter Set element to a frame (see 7.3.2.4). 694 */ 695 u_int8_t * 696 ieee80211_add_ds_params(u_int8_t *frm, struct ieee80211com *ic, 697 const struct ieee80211_node *ni) 698 { 699 *frm++ = IEEE80211_ELEMID_DSPARMS; 700 *frm++ = 1; 701 *frm++ = ieee80211_chan2ieee(ic, ni->ni_chan); 702 return frm; 703 } 704 705 /* 706 * Add a TIM element to a frame (see 7.3.2.6 and Annex L). 707 */ 708 u_int8_t * 709 ieee80211_add_tim(u_int8_t *frm, struct ieee80211com *ic) 710 { 711 u_int i, offset = 0, len; 712 713 /* find first non-zero octet in the virtual bit map */ 714 for (i = 0; i < ic->ic_tim_len && ic->ic_tim_bitmap[i] == 0; i++); 715 716 /* clear the lsb as it is reserved for the broadcast indication bit */ 717 if (i < ic->ic_tim_len) 718 offset = i & ~1; 719 720 /* find last non-zero octet in the virtual bit map */ 721 for (i = ic->ic_tim_len - 1; i > 0 && ic->ic_tim_bitmap[i] == 0; i--); 722 723 len = i - offset + 1; 724 725 *frm++ = IEEE80211_ELEMID_TIM; 726 *frm++ = len + 3; /* length */ 727 *frm++ = ic->ic_dtim_count; /* DTIM count */ 728 *frm++ = ic->ic_dtim_period; /* DTIM period */ 729 730 /* Bitmap Control */ 731 *frm = offset; 732 /* set broadcast/multicast indication bit if necessary */ 733 if (ic->ic_dtim_count == 0 && ic->ic_tim_mcast_pending) 734 *frm |= 0x01; 735 frm++; 736 737 /* Partial Virtual Bitmap */ 738 memcpy(frm, &ic->ic_tim_bitmap[offset], len); 739 return frm + len; 740 } 741 742 /* 743 * Add an IBSS Parameter Set element to a frame (see 7.3.2.7). 744 */ 745 u_int8_t * 746 ieee80211_add_ibss_params(u_int8_t *frm, const struct ieee80211_node *ni) 747 { 748 *frm++ = IEEE80211_ELEMID_IBSSPARMS; 749 *frm++ = 2; 750 LE_WRITE_2(frm, 0); /* TODO: ATIM window */ 751 return frm + 2; 752 } 753 754 /* 755 * Add an EDCA Parameter Set element to a frame (see 7.3.2.29). 756 */ 757 u_int8_t * 758 ieee80211_add_edca_params(u_int8_t *frm, struct ieee80211com *ic) 759 { 760 const struct ieee80211_edca_ac_params *edca; 761 int aci; 762 763 *frm++ = IEEE80211_ELEMID_EDCAPARMS; 764 *frm++ = 18; /* length */ 765 *frm++ = 0; /* QoS Info */ 766 *frm++ = 0; /* reserved */ 767 768 /* setup AC Parameter Records */ 769 edca = ieee80211_edca_table[ic->ic_curmode]; 770 for (aci = 0; aci < EDCA_NUM_AC; aci++) { 771 const struct ieee80211_edca_ac_params *ac = &edca[aci]; 772 773 *frm++ = (aci << 5) | ((ac->ac_acm & 0x1) << 4) | 774 (ac->ac_aifsn & 0xf); 775 *frm++ = (ac->ac_ecwmax << 4) | 776 (ac->ac_ecwmin & 0xf); 777 LE_WRITE_2(frm, ac->ac_txoplimit); frm += 2; 778 } 779 return frm; 780 } 781 782 /* 783 * Add an ERP element to a frame (see 7.3.2.13). 784 */ 785 u_int8_t * 786 ieee80211_add_erp(u_int8_t *frm, struct ieee80211com *ic) 787 { 788 u_int8_t erp; 789 int nonerpsta = 0; 790 791 *frm++ = IEEE80211_ELEMID_ERP; 792 *frm++ = 1; 793 erp = 0; 794 /* 795 * The NonERP_Present bit shall be set to 1 when a NonERP STA 796 * is associated with the BSS. 797 */ 798 ieee80211_iterate_nodes(ic, ieee80211_count_nonerpsta, &nonerpsta); 799 if (nonerpsta != 0) 800 erp |= IEEE80211_ERP_NON_ERP_PRESENT; 801 /* 802 * If one or more NonERP STAs are associated in the BSS, the 803 * Use_Protection bit shall be set to 1 in transmitted ERP 804 * Information Elements. 805 */ 806 if (ic->ic_flags & IEEE80211_F_USEPROT) 807 erp |= IEEE80211_ERP_USE_PROTECTION; 808 /* 809 * The Barker_Preamble_Mode bit shall be set to 1 by the ERP 810 * Information Element sender if one or more associated NonERP 811 * STAs are not short preamble capable. 812 */ 813 if (!(ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 814 erp |= IEEE80211_ERP_BARKER_MODE; 815 *frm++ = erp; 816 return frm; 817 } 818 #endif /* IEEE80211_STA_ONLY */ 819 820 /* 821 * Add a QoS Capability element to a frame (see 7.3.2.35). 822 */ 823 u_int8_t * 824 ieee80211_add_qos_capability(u_int8_t *frm, struct ieee80211com *ic) 825 { 826 *frm++ = IEEE80211_ELEMID_QOS_CAP; 827 *frm++ = 1; 828 *frm++ = 0; /* QoS Info */ 829 return frm; 830 } 831 832 /* 833 * Add a Wifi-Alliance WME (aka WMM) info element to a frame. 834 * WME is a requirement for Wifi-Alliance compliance and some 835 * 11n APs will not negotiate HT if this element is missing. 836 */ 837 uint8_t * 838 ieee80211_add_wme_info(uint8_t *frm, struct ieee80211com *ic) 839 { 840 *frm++ = IEEE80211_ELEMID_VENDOR; 841 *frm++ = 7; 842 memcpy(frm, MICROSOFT_OUI, 3); frm += 3; 843 *frm++ = 2; /* OUI type */ 844 *frm++ = 0; /* OUI subtype */ 845 *frm++ = 1; /* version */ 846 *frm++ = 0; /* info */ 847 848 return frm; 849 } 850 851 #ifndef IEEE80211_STA_ONLY 852 /* 853 * Add a Wifi-Alliance WMM (aka WME) parameter element to a frame. 854 */ 855 uint8_t * 856 ieee80211_add_wme_param(uint8_t *frm, struct ieee80211com *ic) 857 { 858 const struct ieee80211_edca_ac_params *edca; 859 int aci; 860 861 *frm++ = IEEE80211_ELEMID_VENDOR; 862 *frm++ = 24; 863 memcpy(frm, MICROSOFT_OUI, 3); frm += 3; 864 *frm++ = 2; /* OUI type */ 865 *frm++ = 1; /* OUI subtype */ 866 *frm++ = 1; /* version */ 867 *frm++ = 0; /* info */ 868 *frm++ = 0; /* reserved */ 869 870 /* setup AC Parameter Records */ 871 edca = ieee80211_edca_table[ic->ic_curmode]; 872 for (aci = 0; aci < EDCA_NUM_AC; aci++) { 873 const struct ieee80211_edca_ac_params *ac = &edca[aci]; 874 875 *frm++ = (aci << 5) | ((ac->ac_acm & 0x1) << 4) | 876 (ac->ac_aifsn & 0xf); 877 *frm++ = (ac->ac_ecwmax << 4) | 878 (ac->ac_ecwmin & 0xf); 879 LE_WRITE_2(frm, ac->ac_txoplimit); frm += 2; 880 } 881 882 return frm; 883 } 884 #endif 885 886 /* 887 * Add an RSN element to a frame (see 802.11-2012 8.4.2.27) 888 */ 889 u_int8_t * 890 ieee80211_add_rsn_body(u_int8_t *frm, struct ieee80211com *ic, 891 const struct ieee80211_node *ni, int wpa) 892 { 893 const u_int8_t *oui = wpa ? MICROSOFT_OUI : IEEE80211_OUI; 894 u_int8_t *pcount; 895 u_int16_t count; 896 897 /* write Version field */ 898 LE_WRITE_2(frm, 1); frm += 2; 899 900 /* write Group Data Cipher Suite field (see 802.11-2012 Table 8-99) */ 901 memcpy(frm, oui, 3); frm += 3; 902 switch (ni->ni_rsngroupcipher) { 903 case IEEE80211_CIPHER_WEP40: 904 *frm++ = 1; 905 break; 906 case IEEE80211_CIPHER_TKIP: 907 *frm++ = 2; 908 break; 909 case IEEE80211_CIPHER_CCMP: 910 *frm++ = 4; 911 break; 912 case IEEE80211_CIPHER_WEP104: 913 *frm++ = 5; 914 break; 915 default: 916 /* can't get there */ 917 panic("invalid group data cipher!"); 918 } 919 920 pcount = frm; frm += 2; 921 count = 0; 922 /* write Pairwise Cipher Suite List */ 923 if (ni->ni_rsnciphers & IEEE80211_CIPHER_USEGROUP) { 924 memcpy(frm, oui, 3); frm += 3; 925 *frm++ = 0; 926 count++; 927 } 928 if (ni->ni_rsnciphers & IEEE80211_CIPHER_TKIP) { 929 memcpy(frm, oui, 3); frm += 3; 930 *frm++ = 2; 931 count++; 932 } 933 if (ni->ni_rsnciphers & IEEE80211_CIPHER_CCMP) { 934 memcpy(frm, oui, 3); frm += 3; 935 *frm++ = 4; 936 count++; 937 } 938 /* write Pairwise Cipher Suite Count field */ 939 LE_WRITE_2(pcount, count); 940 941 pcount = frm; frm += 2; 942 count = 0; 943 /* write AKM Suite List (see Table 20dc) */ 944 if (ni->ni_rsnakms & IEEE80211_AKM_8021X) { 945 memcpy(frm, oui, 3); frm += 3; 946 *frm++ = 1; 947 count++; 948 } 949 if (ni->ni_rsnakms & IEEE80211_AKM_PSK) { 950 memcpy(frm, oui, 3); frm += 3; 951 *frm++ = 2; 952 count++; 953 } 954 if (!wpa && (ni->ni_rsnakms & IEEE80211_AKM_SHA256_8021X)) { 955 memcpy(frm, oui, 3); frm += 3; 956 *frm++ = 5; 957 count++; 958 } 959 if (!wpa && (ni->ni_rsnakms & IEEE80211_AKM_SHA256_PSK)) { 960 memcpy(frm, oui, 3); frm += 3; 961 *frm++ = 6; 962 count++; 963 } 964 /* write AKM Suite List Count field */ 965 LE_WRITE_2(pcount, count); 966 967 if (wpa) 968 return frm; 969 970 /* write RSN Capabilities field */ 971 LE_WRITE_2(frm, ni->ni_rsncaps); frm += 2; 972 973 if (ni->ni_flags & IEEE80211_NODE_PMKID) { 974 /* write PMKID Count field */ 975 LE_WRITE_2(frm, 1); frm += 2; 976 /* write PMKID List (only 1) */ 977 memcpy(frm, ni->ni_pmkid, IEEE80211_PMKID_LEN); 978 frm += IEEE80211_PMKID_LEN; 979 } 980 981 if (!(ic->ic_caps & IEEE80211_C_MFP)) 982 return frm; 983 984 if ((ni->ni_flags & IEEE80211_NODE_PMKID) == 0) { 985 /* no PMKID (PMKID Count=0) */ 986 LE_WRITE_2(frm, 0); frm += 2; 987 } 988 989 /* write Group Integrity Cipher Suite field */ 990 memcpy(frm, oui, 3); frm += 3; 991 switch (ic->ic_rsngroupmgmtcipher) { 992 case IEEE80211_CIPHER_BIP: 993 *frm++ = 6; 994 break; 995 default: 996 /* can't get there */ 997 panic("invalid integrity group cipher!"); 998 } 999 return frm; 1000 } 1001 1002 u_int8_t * 1003 ieee80211_add_rsn(u_int8_t *frm, struct ieee80211com *ic, 1004 const struct ieee80211_node *ni) 1005 { 1006 u_int8_t *plen; 1007 1008 *frm++ = IEEE80211_ELEMID_RSN; 1009 plen = frm++; /* length filled in later */ 1010 frm = ieee80211_add_rsn_body(frm, ic, ni, 0); 1011 1012 /* write length field */ 1013 *plen = frm - plen - 1; 1014 return frm; 1015 } 1016 1017 /* 1018 * Add a vendor-specific WPA element to a frame. 1019 * This is required for compatibility with Wi-Fi Alliance WPA. 1020 */ 1021 u_int8_t * 1022 ieee80211_add_wpa(u_int8_t *frm, struct ieee80211com *ic, 1023 const struct ieee80211_node *ni) 1024 { 1025 u_int8_t *plen; 1026 1027 *frm++ = IEEE80211_ELEMID_VENDOR; 1028 plen = frm++; /* length filled in later */ 1029 memcpy(frm, MICROSOFT_OUI, 3); frm += 3; 1030 *frm++ = 1; /* WPA */ 1031 frm = ieee80211_add_rsn_body(frm, ic, ni, 1); 1032 1033 /* write length field */ 1034 *plen = frm - plen - 1; 1035 return frm; 1036 } 1037 1038 /* 1039 * Add an extended supported rates element to a frame (see 7.3.2.14). 1040 */ 1041 u_int8_t * 1042 ieee80211_add_xrates(u_int8_t *frm, const struct ieee80211_rateset *rs) 1043 { 1044 int nrates; 1045 1046 KASSERT(rs->rs_nrates > IEEE80211_RATE_SIZE); 1047 1048 *frm++ = IEEE80211_ELEMID_XRATES; 1049 nrates = rs->rs_nrates - IEEE80211_RATE_SIZE; 1050 *frm++ = nrates; 1051 memcpy(frm, rs->rs_rates + IEEE80211_RATE_SIZE, nrates); 1052 return frm + nrates; 1053 } 1054 1055 /* 1056 * Add an HT Capabilities element to a frame (see 7.3.2.57). 1057 */ 1058 u_int8_t * 1059 ieee80211_add_htcaps(u_int8_t *frm, struct ieee80211com *ic) 1060 { 1061 *frm++ = IEEE80211_ELEMID_HTCAPS; 1062 *frm++ = 26; 1063 LE_WRITE_2(frm, ic->ic_htcaps); frm += 2; 1064 *frm++ = ic->ic_ampdu_params; 1065 memcpy(frm, ic->ic_sup_mcs, 10); frm += 10; 1066 LE_WRITE_2(frm, (ic->ic_max_rxrate & IEEE80211_MCS_RX_RATE_HIGH)); 1067 frm += 2; 1068 *frm++ = ic->ic_tx_mcs_set; 1069 *frm++ = 0; /* reserved */ 1070 *frm++ = 0; /* reserved */ 1071 *frm++ = 0; /* reserved */ 1072 LE_WRITE_2(frm, ic->ic_htxcaps); frm += 2; 1073 LE_WRITE_4(frm, ic->ic_txbfcaps); frm += 4; 1074 *frm++ = ic->ic_aselcaps; 1075 return frm; 1076 } 1077 1078 #ifndef IEEE80211_STA_ONLY 1079 /* 1080 * Add an HT Operation element to a frame (see 7.3.2.58). 1081 */ 1082 u_int8_t * 1083 ieee80211_add_htop(u_int8_t *frm, struct ieee80211com *ic) 1084 { 1085 *frm++ = IEEE80211_ELEMID_HTOP; 1086 *frm++ = 22; 1087 *frm++ = ieee80211_chan2ieee(ic, ic->ic_bss->ni_chan); 1088 *frm++ = ic->ic_bss->ni_htop0; 1089 LE_WRITE_2(frm, ic->ic_bss->ni_htop1); frm += 2; 1090 LE_WRITE_2(frm, ic->ic_bss->ni_htop2); frm += 2; 1091 memset(frm, 0, 16); frm += 16; 1092 return frm; 1093 } 1094 #endif /* !IEEE80211_STA_ONLY */ 1095 1096 #ifndef IEEE80211_STA_ONLY 1097 /* 1098 * Add a Timeout Interval element to a frame (see 7.3.2.49). 1099 */ 1100 u_int8_t * 1101 ieee80211_add_tie(u_int8_t *frm, u_int8_t type, u_int32_t value) 1102 { 1103 *frm++ = IEEE80211_ELEMID_TIE; 1104 *frm++ = 5; /* length */ 1105 *frm++ = type; /* Timeout Interval type */ 1106 LE_WRITE_4(frm, value); 1107 return frm + 4; 1108 } 1109 #endif 1110 1111 struct mbuf * 1112 ieee80211_getmgmt(int flags, int type, u_int pktlen) 1113 { 1114 struct mbuf *m; 1115 1116 /* reserve space for 802.11 header */ 1117 pktlen += sizeof(struct ieee80211_frame); 1118 1119 if (pktlen > MCLBYTES) 1120 panic("management frame too large: %u", pktlen); 1121 MGETHDR(m, flags, type); 1122 if (m == NULL) 1123 return NULL; 1124 if (pktlen > MHLEN) { 1125 MCLGET(m, flags); 1126 if (!(m->m_flags & M_EXT)) 1127 return m_free(m); 1128 } 1129 m->m_data += sizeof(struct ieee80211_frame); 1130 return m; 1131 } 1132 1133 /*- 1134 * Probe request frame format: 1135 * [tlv] SSID 1136 * [tlv] Supported rates 1137 * [tlv] Extended Supported Rates (802.11g) 1138 * [tlv] HT Capabilities (802.11n) 1139 */ 1140 struct mbuf * 1141 ieee80211_get_probe_req(struct ieee80211com *ic, struct ieee80211_node *ni) 1142 { 1143 const struct ieee80211_rateset *rs = 1144 &ic->ic_sup_rates[ieee80211_chan2mode(ic, ni->ni_chan)]; 1145 struct mbuf *m; 1146 u_int8_t *frm; 1147 1148 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 1149 2 + ic->ic_des_esslen + 1150 2 + min(rs->rs_nrates, IEEE80211_RATE_SIZE) + 1151 ((rs->rs_nrates > IEEE80211_RATE_SIZE) ? 1152 2 + rs->rs_nrates - IEEE80211_RATE_SIZE : 0) + 1153 ((ic->ic_flags & IEEE80211_F_HTON) ? 28 + 9 : 0)); 1154 if (m == NULL) 1155 return NULL; 1156 1157 frm = mtod(m, u_int8_t *); 1158 frm = ieee80211_add_ssid(frm, ic->ic_des_essid, ic->ic_des_esslen); 1159 frm = ieee80211_add_rates(frm, rs); 1160 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 1161 frm = ieee80211_add_xrates(frm, rs); 1162 if (ic->ic_flags & IEEE80211_F_HTON) { 1163 frm = ieee80211_add_htcaps(frm, ic); 1164 frm = ieee80211_add_wme_info(frm, ic); 1165 } 1166 1167 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1168 1169 return m; 1170 } 1171 1172 #ifndef IEEE80211_STA_ONLY 1173 /*- 1174 * Probe response frame format: 1175 * [8] Timestamp 1176 * [2] Beacon interval 1177 * [2] Capability 1178 * [tlv] Service Set Identifier (SSID) 1179 * [tlv] Supported rates 1180 * [tlv] DS Parameter Set (802.11g) 1181 * [tlv] ERP Information (802.11g) 1182 * [tlv] Extended Supported Rates (802.11g) 1183 * [tlv] RSN (802.11i) 1184 * [tlv] EDCA Parameter Set (802.11e) 1185 * [tlv] HT Capabilities (802.11n) 1186 * [tlv] HT Operation (802.11n) 1187 */ 1188 struct mbuf * 1189 ieee80211_get_probe_resp(struct ieee80211com *ic, struct ieee80211_node *ni) 1190 { 1191 const struct ieee80211_rateset *rs = &ic->ic_bss->ni_rates; 1192 struct mbuf *m; 1193 u_int8_t *frm; 1194 1195 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 1196 8 + 2 + 2 + 1197 2 + ni->ni_esslen + 1198 2 + min(rs->rs_nrates, IEEE80211_RATE_SIZE) + 1199 2 + 1 + 1200 ((ic->ic_opmode == IEEE80211_M_IBSS) ? 2 + 2 : 0) + 1201 ((ic->ic_curmode == IEEE80211_MODE_11G) ? 2 + 1 : 0) + 1202 ((rs->rs_nrates > IEEE80211_RATE_SIZE) ? 1203 2 + rs->rs_nrates - IEEE80211_RATE_SIZE : 0) + 1204 (((ic->ic_flags & IEEE80211_F_RSNON) && 1205 (ic->ic_bss->ni_rsnprotos & IEEE80211_PROTO_RSN)) ? 1206 2 + IEEE80211_RSNIE_MAXLEN : 0) + 1207 ((ic->ic_flags & IEEE80211_F_QOS) ? 2 + 18 : 0) + 1208 (((ic->ic_flags & IEEE80211_F_RSNON) && 1209 (ic->ic_bss->ni_rsnprotos & IEEE80211_PROTO_WPA)) ? 1210 2 + IEEE80211_WPAIE_MAXLEN : 0) + 1211 ((ic->ic_flags & IEEE80211_F_HTON) ? 28 + 24 + 26 : 0)); 1212 if (m == NULL) 1213 return NULL; 1214 1215 frm = mtod(m, u_int8_t *); 1216 memset(frm, 0, 8); frm += 8; /* timestamp is set by hardware */ 1217 LE_WRITE_2(frm, ic->ic_bss->ni_intval); frm += 2; 1218 frm = ieee80211_add_capinfo(frm, ic, ni); 1219 frm = ieee80211_add_ssid(frm, ic->ic_bss->ni_essid, 1220 ic->ic_bss->ni_esslen); 1221 frm = ieee80211_add_rates(frm, rs); 1222 frm = ieee80211_add_ds_params(frm, ic, ni); 1223 if (ic->ic_opmode == IEEE80211_M_IBSS) 1224 frm = ieee80211_add_ibss_params(frm, ni); 1225 if (ic->ic_curmode == IEEE80211_MODE_11G) 1226 frm = ieee80211_add_erp(frm, ic); 1227 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 1228 frm = ieee80211_add_xrates(frm, rs); 1229 if ((ic->ic_flags & IEEE80211_F_RSNON) && 1230 (ic->ic_bss->ni_rsnprotos & IEEE80211_PROTO_RSN)) 1231 frm = ieee80211_add_rsn(frm, ic, ic->ic_bss); 1232 if (ic->ic_flags & IEEE80211_F_QOS) 1233 frm = ieee80211_add_edca_params(frm, ic); 1234 if ((ic->ic_flags & IEEE80211_F_RSNON) && 1235 (ic->ic_bss->ni_rsnprotos & IEEE80211_PROTO_WPA)) 1236 frm = ieee80211_add_wpa(frm, ic, ic->ic_bss); 1237 if (ic->ic_flags & IEEE80211_F_HTON) { 1238 frm = ieee80211_add_htcaps(frm, ic); 1239 frm = ieee80211_add_htop(frm, ic); 1240 frm = ieee80211_add_wme_param(frm, ic); 1241 } 1242 1243 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1244 1245 return m; 1246 } 1247 #endif /* IEEE80211_STA_ONLY */ 1248 1249 /*- 1250 * Authentication frame format: 1251 * [2] Authentication algorithm number 1252 * [2] Authentication transaction sequence number 1253 * [2] Status code 1254 */ 1255 struct mbuf * 1256 ieee80211_get_auth(struct ieee80211com *ic, struct ieee80211_node *ni, 1257 u_int16_t status, u_int16_t seq) 1258 { 1259 struct mbuf *m; 1260 u_int8_t *frm; 1261 1262 MGETHDR(m, M_DONTWAIT, MT_DATA); 1263 if (m == NULL) 1264 return NULL; 1265 MH_ALIGN(m, 2 * 3); 1266 m->m_pkthdr.len = m->m_len = 2 * 3; 1267 1268 frm = mtod(m, u_int8_t *); 1269 LE_WRITE_2(frm, IEEE80211_AUTH_ALG_OPEN); frm += 2; 1270 LE_WRITE_2(frm, seq); frm += 2; 1271 LE_WRITE_2(frm, status); 1272 1273 return m; 1274 } 1275 1276 /*- 1277 * Deauthentication frame format: 1278 * [2] Reason code 1279 */ 1280 struct mbuf * 1281 ieee80211_get_deauth(struct ieee80211com *ic, struct ieee80211_node *ni, 1282 u_int16_t reason) 1283 { 1284 struct mbuf *m; 1285 1286 MGETHDR(m, M_DONTWAIT, MT_DATA); 1287 if (m == NULL) 1288 return NULL; 1289 MH_ALIGN(m, 2); 1290 1291 m->m_pkthdr.len = m->m_len = 2; 1292 *mtod(m, u_int16_t *) = htole16(reason); 1293 1294 return m; 1295 } 1296 1297 /*- 1298 * (Re)Association request frame format: 1299 * [2] Capability information 1300 * [2] Listen interval 1301 * [6*] Current AP address (Reassociation only) 1302 * [tlv] SSID 1303 * [tlv] Supported rates 1304 * [tlv] Extended Supported Rates (802.11g) 1305 * [tlv] RSN (802.11i) 1306 * [tlv] QoS Capability (802.11e) 1307 * [tlv] HT Capabilities (802.11n) 1308 */ 1309 struct mbuf * 1310 ieee80211_get_assoc_req(struct ieee80211com *ic, struct ieee80211_node *ni, 1311 int type) 1312 { 1313 const struct ieee80211_rateset *rs = &ni->ni_rates; 1314 struct mbuf *m; 1315 u_int8_t *frm; 1316 u_int16_t capinfo; 1317 1318 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 1319 2 + 2 + 1320 ((type == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) ? 1321 IEEE80211_ADDR_LEN : 0) + 1322 2 + ni->ni_esslen + 1323 2 + min(rs->rs_nrates, IEEE80211_RATE_SIZE) + 1324 ((rs->rs_nrates > IEEE80211_RATE_SIZE) ? 1325 2 + rs->rs_nrates - IEEE80211_RATE_SIZE : 0) + 1326 (((ic->ic_flags & IEEE80211_F_RSNON) && 1327 (ni->ni_rsnprotos & IEEE80211_PROTO_RSN)) ? 1328 2 + IEEE80211_RSNIE_MAXLEN : 0) + 1329 ((ni->ni_flags & IEEE80211_NODE_QOS) ? 2 + 1 : 0) + 1330 (((ic->ic_flags & IEEE80211_F_RSNON) && 1331 (ni->ni_rsnprotos & IEEE80211_PROTO_WPA)) ? 1332 2 + IEEE80211_WPAIE_MAXLEN : 0) + 1333 ((ic->ic_flags & IEEE80211_F_HTON) ? 28 + 9 : 0)); 1334 if (m == NULL) 1335 return NULL; 1336 1337 frm = mtod(m, u_int8_t *); 1338 capinfo = IEEE80211_CAPINFO_ESS; 1339 if (ic->ic_flags & IEEE80211_F_WEPON) 1340 capinfo |= IEEE80211_CAPINFO_PRIVACY; 1341 if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) && 1342 IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) 1343 capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE; 1344 if (ic->ic_caps & IEEE80211_C_SHSLOT) 1345 capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME; 1346 LE_WRITE_2(frm, capinfo); frm += 2; 1347 LE_WRITE_2(frm, ic->ic_lintval); frm += 2; 1348 if (type == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) { 1349 IEEE80211_ADDR_COPY(frm, ic->ic_bss->ni_bssid); 1350 frm += IEEE80211_ADDR_LEN; 1351 } 1352 frm = ieee80211_add_ssid(frm, ni->ni_essid, ni->ni_esslen); 1353 frm = ieee80211_add_rates(frm, rs); 1354 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 1355 frm = ieee80211_add_xrates(frm, rs); 1356 if ((ic->ic_flags & IEEE80211_F_RSNON) && 1357 (ni->ni_rsnprotos & IEEE80211_PROTO_RSN)) 1358 frm = ieee80211_add_rsn(frm, ic, ni); 1359 if (ni->ni_flags & IEEE80211_NODE_QOS) 1360 frm = ieee80211_add_qos_capability(frm, ic); 1361 if ((ic->ic_flags & IEEE80211_F_RSNON) && 1362 (ni->ni_rsnprotos & IEEE80211_PROTO_WPA)) 1363 frm = ieee80211_add_wpa(frm, ic, ni); 1364 if (ic->ic_flags & IEEE80211_F_HTON) { 1365 frm = ieee80211_add_htcaps(frm, ic); 1366 frm = ieee80211_add_wme_info(frm, ic); 1367 } 1368 1369 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1370 1371 return m; 1372 } 1373 1374 #ifndef IEEE80211_STA_ONLY 1375 /*- 1376 * (Re)Association response frame format: 1377 * [2] Capability information 1378 * [2] Status code 1379 * [2] Association ID (AID) 1380 * [tlv] Supported rates 1381 * [tlv] Extended Supported Rates (802.11g) 1382 * [tlv] EDCA Parameter Set (802.11e) 1383 * [tlv] Timeout Interval (802.11w) 1384 * [tlv] HT Capabilities (802.11n) 1385 * [tlv] HT Operation (802.11n) 1386 */ 1387 struct mbuf * 1388 ieee80211_get_assoc_resp(struct ieee80211com *ic, struct ieee80211_node *ni, 1389 u_int16_t status) 1390 { 1391 const struct ieee80211_rateset *rs = &ni->ni_rates; 1392 struct mbuf *m; 1393 u_int8_t *frm; 1394 1395 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 1396 2 + 2 + 2 + 1397 2 + min(rs->rs_nrates, IEEE80211_RATE_SIZE) + 1398 ((rs->rs_nrates > IEEE80211_RATE_SIZE) ? 1399 2 + rs->rs_nrates - IEEE80211_RATE_SIZE : 0) + 1400 ((ni->ni_flags & IEEE80211_NODE_QOS) ? 2 + 18 : 0) + 1401 ((status == IEEE80211_STATUS_TRY_AGAIN_LATER) ? 2 + 7 : 0) + 1402 ((ic->ic_flags & IEEE80211_F_HTON) ? 28 + 24 + 26 : 0)); 1403 if (m == NULL) 1404 return NULL; 1405 1406 frm = mtod(m, u_int8_t *); 1407 frm = ieee80211_add_capinfo(frm, ic, ni); 1408 LE_WRITE_2(frm, status); frm += 2; 1409 if (status == IEEE80211_STATUS_SUCCESS) 1410 LE_WRITE_2(frm, ni->ni_associd); 1411 else 1412 LE_WRITE_2(frm, 0); 1413 frm += 2; 1414 frm = ieee80211_add_rates(frm, rs); 1415 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 1416 frm = ieee80211_add_xrates(frm, rs); 1417 if (ni->ni_flags & IEEE80211_NODE_QOS) 1418 frm = ieee80211_add_edca_params(frm, ic); 1419 if ((ni->ni_flags & IEEE80211_NODE_MFP) && 1420 status == IEEE80211_STATUS_TRY_AGAIN_LATER) { 1421 /* Association Comeback Time */ 1422 frm = ieee80211_add_tie(frm, 3, 1000 /* XXX */); 1423 } 1424 if (ic->ic_flags & IEEE80211_F_HTON) { 1425 frm = ieee80211_add_htcaps(frm, ic); 1426 frm = ieee80211_add_htop(frm, ic); 1427 frm = ieee80211_add_wme_param(frm, ic); 1428 } 1429 1430 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1431 1432 return m; 1433 } 1434 #endif /* IEEE80211_STA_ONLY */ 1435 1436 /*- 1437 * Disassociation frame format: 1438 * [2] Reason code 1439 */ 1440 struct mbuf * 1441 ieee80211_get_disassoc(struct ieee80211com *ic, struct ieee80211_node *ni, 1442 u_int16_t reason) 1443 { 1444 struct mbuf *m; 1445 1446 MGETHDR(m, M_DONTWAIT, MT_DATA); 1447 if (m == NULL) 1448 return NULL; 1449 MH_ALIGN(m, 2); 1450 1451 m->m_pkthdr.len = m->m_len = 2; 1452 *mtod(m, u_int16_t *) = htole16(reason); 1453 1454 return m; 1455 } 1456 1457 /*- 1458 * ADDBA Request frame format: 1459 * [1] Category 1460 * [1] Action 1461 * [1] Dialog Token 1462 * [2] Block Ack Parameter Set 1463 * [2] Block Ack Timeout Value 1464 * [2] Block Ack Starting Sequence Control 1465 */ 1466 struct mbuf * 1467 ieee80211_get_addba_req(struct ieee80211com *ic, struct ieee80211_node *ni, 1468 u_int8_t tid) 1469 { 1470 struct ieee80211_tx_ba *ba = &ni->ni_tx_ba[tid]; 1471 struct mbuf *m; 1472 u_int8_t *frm; 1473 1474 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 9); 1475 if (m == NULL) 1476 return m; 1477 1478 frm = mtod(m, u_int8_t *); 1479 *frm++ = IEEE80211_CATEG_BA; 1480 *frm++ = IEEE80211_ACTION_ADDBA_REQ; 1481 *frm++ = ba->ba_token; 1482 LE_WRITE_2(frm, ba->ba_params); frm += 2; 1483 LE_WRITE_2(frm, ba->ba_timeout_val / IEEE80211_DUR_TU); frm += 2; 1484 LE_WRITE_2(frm, ba->ba_winstart); frm += 2; 1485 1486 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1487 1488 return m; 1489 } 1490 1491 /*- 1492 * ADDBA Response frame format: 1493 * [1] Category 1494 * [1] Action 1495 * [1] Dialog Token 1496 * [2] Status Code 1497 * [2] Block Ack Parameter Set 1498 * [2] Block Ack Timeout Value 1499 */ 1500 struct mbuf * 1501 ieee80211_get_addba_resp(struct ieee80211com *ic, struct ieee80211_node *ni, 1502 u_int8_t tid, u_int8_t token, u_int16_t status) 1503 { 1504 struct ieee80211_rx_ba *ba = &ni->ni_rx_ba[tid]; 1505 struct mbuf *m; 1506 u_int8_t *frm; 1507 u_int16_t params; 1508 1509 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 9); 1510 if (m == NULL) 1511 return m; 1512 1513 frm = mtod(m, u_int8_t *); 1514 *frm++ = IEEE80211_CATEG_BA; 1515 *frm++ = IEEE80211_ACTION_ADDBA_RESP; 1516 *frm++ = token; 1517 LE_WRITE_2(frm, status); frm += 2; 1518 if (status == 0) 1519 params = ba->ba_params; 1520 else 1521 params = tid << IEEE80211_ADDBA_TID_SHIFT; 1522 LE_WRITE_2(frm, params); frm += 2; 1523 if (status == 0) 1524 LE_WRITE_2(frm, ba->ba_timeout_val / IEEE80211_DUR_TU); 1525 else 1526 LE_WRITE_2(frm, 0); 1527 frm += 2; 1528 1529 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1530 1531 return m; 1532 } 1533 1534 /*- 1535 * DELBA frame format: 1536 * [1] Category 1537 * [1] Action 1538 * [2] DELBA Parameter Set 1539 * [2] Reason Code 1540 */ 1541 struct mbuf * 1542 ieee80211_get_delba(struct ieee80211com *ic, struct ieee80211_node *ni, 1543 u_int8_t tid, u_int8_t dir, u_int16_t reason) 1544 { 1545 struct mbuf *m; 1546 u_int8_t *frm; 1547 u_int16_t params; 1548 1549 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 6); 1550 if (m == NULL) 1551 return m; 1552 1553 frm = mtod(m, u_int8_t *); 1554 *frm++ = IEEE80211_CATEG_BA; 1555 *frm++ = IEEE80211_ACTION_DELBA; 1556 params = tid << 12; 1557 if (dir) 1558 params |= IEEE80211_DELBA_INITIATOR; 1559 LE_WRITE_2(frm, params); frm += 2; 1560 LE_WRITE_2(frm, reason); frm += 2; 1561 1562 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1563 1564 return m; 1565 } 1566 1567 /*- 1568 * SA Query Request/Reponse frame format: 1569 * [1] Category 1570 * [1] Action 1571 * [16] Transaction Identifier 1572 */ 1573 struct mbuf * 1574 ieee80211_get_sa_query(struct ieee80211com *ic, struct ieee80211_node *ni, 1575 u_int8_t action) 1576 { 1577 struct mbuf *m; 1578 u_int8_t *frm; 1579 1580 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 4); 1581 if (m == NULL) 1582 return NULL; 1583 1584 frm = mtod(m, u_int8_t *); 1585 *frm++ = IEEE80211_CATEG_SA_QUERY; 1586 *frm++ = action; /* ACTION_SA_QUERY_REQ/RESP */ 1587 LE_WRITE_2(frm, ni->ni_sa_query_trid); frm += 2; 1588 1589 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1590 1591 return m; 1592 } 1593 1594 struct mbuf * 1595 ieee80211_get_action(struct ieee80211com *ic, struct ieee80211_node *ni, 1596 u_int8_t categ, u_int8_t action, int arg) 1597 { 1598 struct mbuf *m = NULL; 1599 1600 switch (categ) { 1601 case IEEE80211_CATEG_BA: 1602 switch (action) { 1603 case IEEE80211_ACTION_ADDBA_REQ: 1604 m = ieee80211_get_addba_req(ic, ni, arg & 0xffff); 1605 break; 1606 case IEEE80211_ACTION_ADDBA_RESP: 1607 m = ieee80211_get_addba_resp(ic, ni, arg & 0xff, 1608 arg >> 8, arg >> 16); 1609 break; 1610 case IEEE80211_ACTION_DELBA: 1611 m = ieee80211_get_delba(ic, ni, arg & 0xff, arg >> 8, 1612 arg >> 16); 1613 break; 1614 } 1615 break; 1616 case IEEE80211_CATEG_SA_QUERY: 1617 switch (action) { 1618 #ifndef IEEE80211_STA_ONLY 1619 case IEEE80211_ACTION_SA_QUERY_REQ: 1620 #endif 1621 case IEEE80211_ACTION_SA_QUERY_RESP: 1622 m = ieee80211_get_sa_query(ic, ni, action); 1623 break; 1624 } 1625 break; 1626 } 1627 return m; 1628 } 1629 1630 /* 1631 * Send a management frame. The node is for the destination (or ic_bss 1632 * when in station mode). Nodes other than ic_bss have their reference 1633 * count bumped to reflect our use for an indeterminant time. 1634 */ 1635 int 1636 ieee80211_send_mgmt(struct ieee80211com *ic, struct ieee80211_node *ni, 1637 int type, int arg1, int arg2) 1638 { 1639 #define senderr(_x, _v) do { ic->ic_stats._v++; ret = _x; goto bad; } while (0) 1640 struct ifnet *ifp = &ic->ic_if; 1641 struct mbuf *m; 1642 int ret, timer; 1643 1644 if (ni == NULL) 1645 panic("null node"); 1646 1647 /* 1648 * Hold a reference on the node so it doesn't go away until after 1649 * the xmit is complete all the way in the driver. On error we 1650 * will remove our reference. 1651 */ 1652 ieee80211_ref_node(ni); 1653 timer = 0; 1654 switch (type) { 1655 case IEEE80211_FC0_SUBTYPE_PROBE_REQ: 1656 if ((m = ieee80211_get_probe_req(ic, ni)) == NULL) 1657 senderr(ENOMEM, is_tx_nombuf); 1658 1659 timer = IEEE80211_TRANS_WAIT; 1660 break; 1661 #ifndef IEEE80211_STA_ONLY 1662 case IEEE80211_FC0_SUBTYPE_PROBE_RESP: 1663 if ((m = ieee80211_get_probe_resp(ic, ni)) == NULL) 1664 senderr(ENOMEM, is_tx_nombuf); 1665 break; 1666 #endif 1667 case IEEE80211_FC0_SUBTYPE_AUTH: 1668 m = ieee80211_get_auth(ic, ni, arg1 >> 16, arg1 & 0xffff); 1669 if (m == NULL) 1670 senderr(ENOMEM, is_tx_nombuf); 1671 1672 if (ic->ic_opmode == IEEE80211_M_STA) 1673 timer = IEEE80211_TRANS_WAIT; 1674 break; 1675 1676 case IEEE80211_FC0_SUBTYPE_DEAUTH: 1677 if ((m = ieee80211_get_deauth(ic, ni, arg1)) == NULL) 1678 senderr(ENOMEM, is_tx_nombuf); 1679 #ifndef IEEE80211_STA_ONLY 1680 if ((ifp->if_flags & IFF_DEBUG) && 1681 (ic->ic_opmode == IEEE80211_M_HOSTAP || 1682 ic->ic_opmode == IEEE80211_M_IBSS)) 1683 printf("%s: station %s deauthenticate (reason %d)\n", 1684 ifp->if_xname, ether_sprintf(ni->ni_macaddr), 1685 arg1); 1686 #endif 1687 break; 1688 1689 case IEEE80211_FC0_SUBTYPE_ASSOC_REQ: 1690 case IEEE80211_FC0_SUBTYPE_REASSOC_REQ: 1691 if ((m = ieee80211_get_assoc_req(ic, ni, type)) == NULL) 1692 senderr(ENOMEM, is_tx_nombuf); 1693 1694 timer = IEEE80211_TRANS_WAIT; 1695 break; 1696 #ifndef IEEE80211_STA_ONLY 1697 case IEEE80211_FC0_SUBTYPE_ASSOC_RESP: 1698 case IEEE80211_FC0_SUBTYPE_REASSOC_RESP: 1699 if ((m = ieee80211_get_assoc_resp(ic, ni, arg1)) == NULL) 1700 senderr(ENOMEM, is_tx_nombuf); 1701 break; 1702 #endif 1703 case IEEE80211_FC0_SUBTYPE_DISASSOC: 1704 if ((m = ieee80211_get_disassoc(ic, ni, arg1)) == NULL) 1705 senderr(ENOMEM, is_tx_nombuf); 1706 #ifndef IEEE80211_STA_ONLY 1707 if ((ifp->if_flags & IFF_DEBUG) && 1708 (ic->ic_opmode == IEEE80211_M_HOSTAP || 1709 ic->ic_opmode == IEEE80211_M_IBSS)) 1710 printf("%s: station %s disassociate (reason %d)\n", 1711 ifp->if_xname, ether_sprintf(ni->ni_macaddr), 1712 arg1); 1713 #endif 1714 break; 1715 1716 case IEEE80211_FC0_SUBTYPE_ACTION: 1717 m = ieee80211_get_action(ic, ni, arg1 >> 16, arg1 & 0xffff, 1718 arg2); 1719 if (m == NULL) 1720 senderr(ENOMEM, is_tx_nombuf); 1721 break; 1722 1723 default: 1724 DPRINTF(("invalid mgmt frame type %u\n", type)); 1725 senderr(EINVAL, is_tx_unknownmgt); 1726 /* NOTREACHED */ 1727 } 1728 1729 ret = ieee80211_mgmt_output(ifp, ni, m, type); 1730 if (ret == 0) { 1731 if (timer) 1732 ic->ic_mgt_timer = timer; 1733 } else { 1734 bad: 1735 ieee80211_release_node(ic, ni); 1736 } 1737 return ret; 1738 #undef senderr 1739 } 1740 1741 /* 1742 * Build a RTS (Request To Send) control frame (see 7.2.1.1). 1743 */ 1744 struct mbuf * 1745 ieee80211_get_rts(struct ieee80211com *ic, const struct ieee80211_frame *wh, 1746 u_int16_t dur) 1747 { 1748 struct ieee80211_frame_rts *rts; 1749 struct mbuf *m; 1750 1751 MGETHDR(m, M_DONTWAIT, MT_DATA); 1752 if (m == NULL) 1753 return NULL; 1754 1755 m->m_pkthdr.len = m->m_len = sizeof(struct ieee80211_frame_rts); 1756 1757 rts = mtod(m, struct ieee80211_frame_rts *); 1758 rts->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_CTL | 1759 IEEE80211_FC0_SUBTYPE_RTS; 1760 rts->i_fc[1] = IEEE80211_FC1_DIR_NODS; 1761 *(u_int16_t *)rts->i_dur = htole16(dur); 1762 IEEE80211_ADDR_COPY(rts->i_ra, wh->i_addr1); 1763 IEEE80211_ADDR_COPY(rts->i_ta, wh->i_addr2); 1764 1765 return m; 1766 } 1767 1768 /* 1769 * Build a CTS-to-self (Clear To Send) control frame (see 7.2.1.2). 1770 */ 1771 struct mbuf * 1772 ieee80211_get_cts_to_self(struct ieee80211com *ic, u_int16_t dur) 1773 { 1774 struct ieee80211_frame_cts *cts; 1775 struct mbuf *m; 1776 1777 MGETHDR(m, M_DONTWAIT, MT_DATA); 1778 if (m == NULL) 1779 return NULL; 1780 1781 m->m_pkthdr.len = m->m_len = sizeof(struct ieee80211_frame_cts); 1782 1783 cts = mtod(m, struct ieee80211_frame_cts *); 1784 cts->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_CTL | 1785 IEEE80211_FC0_SUBTYPE_CTS; 1786 cts->i_fc[1] = IEEE80211_FC1_DIR_NODS; 1787 *(u_int16_t *)cts->i_dur = htole16(dur); 1788 IEEE80211_ADDR_COPY(cts->i_ra, ic->ic_myaddr); 1789 1790 return m; 1791 } 1792 1793 #ifndef IEEE80211_STA_ONLY 1794 /*- 1795 * Beacon frame format: 1796 * [8] Timestamp 1797 * [2] Beacon interval 1798 * [2] Capability 1799 * [tlv] Service Set Identifier (SSID) 1800 * [tlv] Supported rates 1801 * [tlv] DS Parameter Set (802.11g) 1802 * [tlv] IBSS Parameter Set 1803 * [tlv] Traffic Indication Map (TIM) 1804 * [tlv] ERP Information (802.11g) 1805 * [tlv] Extended Supported Rates (802.11g) 1806 * [tlv] RSN (802.11i) 1807 * [tlv] EDCA Parameter Set (802.11e) 1808 * [tlv] HT Capabilities (802.11n) 1809 * [tlv] HT Operation (802.11n) 1810 */ 1811 struct mbuf * 1812 ieee80211_beacon_alloc(struct ieee80211com *ic, struct ieee80211_node *ni) 1813 { 1814 const struct ieee80211_rateset *rs = &ni->ni_rates; 1815 struct ieee80211_frame *wh; 1816 struct mbuf *m; 1817 u_int8_t *frm; 1818 1819 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 1820 8 + 2 + 2 + 1821 2 + ((ic->ic_flags & IEEE80211_F_HIDENWID) ? 0 : ni->ni_esslen) + 1822 2 + min(rs->rs_nrates, IEEE80211_RATE_SIZE) + 1823 2 + 1 + 1824 2 + ((ic->ic_opmode == IEEE80211_M_IBSS) ? 2 : 254) + 1825 ((ic->ic_curmode == IEEE80211_MODE_11G) ? 2 + 1 : 0) + 1826 ((rs->rs_nrates > IEEE80211_RATE_SIZE) ? 1827 2 + rs->rs_nrates - IEEE80211_RATE_SIZE : 0) + 1828 (((ic->ic_flags & IEEE80211_F_RSNON) && 1829 (ni->ni_rsnprotos & IEEE80211_PROTO_RSN)) ? 1830 2 + IEEE80211_RSNIE_MAXLEN : 0) + 1831 ((ic->ic_flags & IEEE80211_F_QOS) ? 2 + 18 : 0) + 1832 (((ic->ic_flags & IEEE80211_F_RSNON) && 1833 (ni->ni_rsnprotos & IEEE80211_PROTO_WPA)) ? 1834 2 + IEEE80211_WPAIE_MAXLEN : 0) + 1835 ((ic->ic_flags & IEEE80211_F_HTON) ? 28 + 24 + 26 : 0)); 1836 if (m == NULL) 1837 return NULL; 1838 1839 M_PREPEND(m, sizeof(struct ieee80211_frame), M_DONTWAIT); 1840 if (m == NULL) 1841 return NULL; 1842 wh = mtod(m, struct ieee80211_frame *); 1843 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 1844 IEEE80211_FC0_SUBTYPE_BEACON; 1845 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 1846 *(u_int16_t *)wh->i_dur = 0; 1847 IEEE80211_ADDR_COPY(wh->i_addr1, etherbroadcastaddr); 1848 IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_myaddr); 1849 IEEE80211_ADDR_COPY(wh->i_addr3, ni->ni_bssid); 1850 *(u_int16_t *)wh->i_seq = 0; 1851 1852 frm = (u_int8_t *)&wh[1]; 1853 memset(frm, 0, 8); frm += 8; /* timestamp is set by hardware */ 1854 LE_WRITE_2(frm, ni->ni_intval); frm += 2; 1855 frm = ieee80211_add_capinfo(frm, ic, ni); 1856 if (ic->ic_flags & IEEE80211_F_HIDENWID) 1857 frm = ieee80211_add_ssid(frm, NULL, 0); 1858 else 1859 frm = ieee80211_add_ssid(frm, ni->ni_essid, ni->ni_esslen); 1860 frm = ieee80211_add_rates(frm, rs); 1861 frm = ieee80211_add_ds_params(frm, ic, ni); 1862 if (ic->ic_opmode == IEEE80211_M_IBSS) 1863 frm = ieee80211_add_ibss_params(frm, ni); 1864 else 1865 frm = ieee80211_add_tim(frm, ic); 1866 if (ic->ic_curmode == IEEE80211_MODE_11G) 1867 frm = ieee80211_add_erp(frm, ic); 1868 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 1869 frm = ieee80211_add_xrates(frm, rs); 1870 if ((ic->ic_flags & IEEE80211_F_RSNON) && 1871 (ni->ni_rsnprotos & IEEE80211_PROTO_RSN)) 1872 frm = ieee80211_add_rsn(frm, ic, ni); 1873 if (ic->ic_flags & IEEE80211_F_QOS) 1874 frm = ieee80211_add_edca_params(frm, ic); 1875 if ((ic->ic_flags & IEEE80211_F_RSNON) && 1876 (ni->ni_rsnprotos & IEEE80211_PROTO_WPA)) 1877 frm = ieee80211_add_wpa(frm, ic, ni); 1878 if (ic->ic_flags & IEEE80211_F_HTON) { 1879 frm = ieee80211_add_htcaps(frm, ic); 1880 frm = ieee80211_add_htop(frm, ic); 1881 frm = ieee80211_add_wme_param(frm, ic); 1882 } 1883 1884 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1885 m->m_pkthdr.ph_cookie = ni; 1886 1887 return m; 1888 } 1889 1890 /* 1891 * Check if an outgoing MSDU or management frame should be buffered into 1892 * the AP for power management. Return 1 if the frame was buffered into 1893 * the AP, or 0 if the frame shall be transmitted immediately. 1894 */ 1895 int 1896 ieee80211_pwrsave(struct ieee80211com *ic, struct mbuf *m, 1897 struct ieee80211_node *ni) 1898 { 1899 const struct ieee80211_frame *wh; 1900 int pssta = 0; 1901 1902 KASSERT(ic->ic_opmode == IEEE80211_M_HOSTAP); 1903 if (!(ic->ic_caps & IEEE80211_C_APPMGT)) 1904 return 0; 1905 1906 wh = mtod(m, struct ieee80211_frame *); 1907 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) { 1908 /* 1909 * Buffer group addressed MSDUs with the Order bit clear 1910 * if any associated STAs are in PS mode. 1911 */ 1912 ieee80211_iterate_nodes(ic, ieee80211_count_pssta, &pssta); 1913 if ((wh->i_fc[1] & IEEE80211_FC1_ORDER) || pssta == 0) 1914 return 0; 1915 ic->ic_tim_mcast_pending = 1; 1916 } else { 1917 /* 1918 * Buffer MSDUs, A-MSDUs or management frames destined for 1919 * PS STAs. 1920 */ 1921 if (ni->ni_pwrsave == IEEE80211_PS_AWAKE || 1922 (wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == 1923 IEEE80211_FC0_TYPE_CTL) 1924 return 0; 1925 if (mq_empty(&ni->ni_savedq)) 1926 (*ic->ic_set_tim)(ic, ni->ni_associd, 1); 1927 } 1928 /* NB: ni == ic->ic_bss for broadcast/multicast */ 1929 /* 1930 * Similar to ieee80211_mgmt_output, store the node in a 1931 * special pkthdr field. 1932 */ 1933 m->m_pkthdr.ph_cookie = ni; 1934 mq_enqueue(&ni->ni_savedq, m); 1935 return 1; 1936 } 1937 #endif /* IEEE80211_STA_ONLY */ 1938