1 /* $OpenBSD: ieee80211_output.c,v 1.111 2016/04/12 14:33:27 mpi Exp $ */ 2 /* $NetBSD: ieee80211_output.c,v 1.13 2004/05/31 11:02:55 dyoung Exp $ */ 3 4 /*- 5 * Copyright (c) 2001 Atsushi Onoe 6 * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting 7 * Copyright (c) 2007-2009 Damien Bergamini 8 * All rights reserved. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. The name of the author may not be used to endorse or promote products 19 * derived from this software without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 22 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 23 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 24 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 25 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 26 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 30 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 #include "bpfilter.h" 34 #include "vlan.h" 35 36 #include <sys/param.h> 37 #include <sys/systm.h> 38 #include <sys/mbuf.h> 39 #include <sys/kernel.h> 40 #include <sys/socket.h> 41 #include <sys/sockio.h> 42 #include <sys/endian.h> 43 #include <sys/errno.h> 44 #include <sys/sysctl.h> 45 46 #include <net/if.h> 47 #include <net/if_dl.h> 48 #include <net/if_media.h> 49 #include <net/if_llc.h> 50 #include <net/bpf.h> 51 52 #include <netinet/in.h> 53 #include <netinet/if_ether.h> 54 #include <netinet/ip.h> 55 #ifdef INET6 56 #include <netinet/ip6.h> 57 #endif 58 59 #if NVLAN > 0 60 #include <net/if_vlan_var.h> 61 #endif 62 63 #include <net80211/ieee80211_var.h> 64 #include <net80211/ieee80211_priv.h> 65 66 int ieee80211_classify(struct ieee80211com *, struct mbuf *); 67 int ieee80211_mgmt_output(struct ifnet *, struct ieee80211_node *, 68 struct mbuf *, int); 69 u_int8_t *ieee80211_add_rsn_body(u_int8_t *, struct ieee80211com *, 70 const struct ieee80211_node *, int); 71 struct mbuf *ieee80211_getmgmt(int, int, u_int); 72 struct mbuf *ieee80211_get_probe_req(struct ieee80211com *, 73 struct ieee80211_node *); 74 #ifndef IEEE80211_STA_ONLY 75 struct mbuf *ieee80211_get_probe_resp(struct ieee80211com *, 76 struct ieee80211_node *); 77 #endif 78 struct mbuf *ieee80211_get_auth(struct ieee80211com *, 79 struct ieee80211_node *, u_int16_t, u_int16_t); 80 struct mbuf *ieee80211_get_deauth(struct ieee80211com *, 81 struct ieee80211_node *, u_int16_t); 82 struct mbuf *ieee80211_get_assoc_req(struct ieee80211com *, 83 struct ieee80211_node *, int); 84 #ifndef IEEE80211_STA_ONLY 85 struct mbuf *ieee80211_get_assoc_resp(struct ieee80211com *, 86 struct ieee80211_node *, u_int16_t); 87 #endif 88 struct mbuf *ieee80211_get_disassoc(struct ieee80211com *, 89 struct ieee80211_node *, u_int16_t); 90 struct mbuf *ieee80211_get_addba_req(struct ieee80211com *, 91 struct ieee80211_node *, u_int8_t); 92 struct mbuf *ieee80211_get_addba_resp(struct ieee80211com *, 93 struct ieee80211_node *, u_int8_t, u_int8_t, u_int16_t); 94 struct mbuf *ieee80211_get_delba(struct ieee80211com *, 95 struct ieee80211_node *, u_int8_t, u_int8_t, u_int16_t); 96 uint8_t *ieee80211_add_wme_info(uint8_t *, struct ieee80211com *); 97 #ifndef IEEE80211_STA_ONLY 98 uint8_t *ieee80211_add_wme_param(uint8_t *, struct ieee80211com *); 99 #endif 100 struct mbuf *ieee80211_get_sa_query(struct ieee80211com *, 101 struct ieee80211_node *, u_int8_t); 102 struct mbuf *ieee80211_get_action(struct ieee80211com *, 103 struct ieee80211_node *, u_int8_t, u_int8_t, int); 104 105 /* 106 * IEEE 802.11 output routine. Normally this will directly call the 107 * Ethernet output routine because 802.11 encapsulation is called 108 * later by the driver. This function can be used to send raw frames 109 * if the mbuf has been tagged with a 802.11 data link type. 110 */ 111 int 112 ieee80211_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, 113 struct rtentry *rt) 114 { 115 struct ieee80211_frame *wh; 116 struct m_tag *mtag; 117 int error = 0; 118 119 /* Interface has to be up and running */ 120 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) != 121 (IFF_UP | IFF_RUNNING)) { 122 error = ENETDOWN; 123 goto bad; 124 } 125 126 /* Try to get the DLT from a mbuf tag */ 127 if ((mtag = m_tag_find(m, PACKET_TAG_DLT, NULL)) != NULL) { 128 struct ieee80211com *ic = (void *)ifp; 129 u_int dlt = *(u_int *)(mtag + 1); 130 131 /* Fallback to ethernet for non-802.11 linktypes */ 132 if (!(dlt == DLT_IEEE802_11 || dlt == DLT_IEEE802_11_RADIO)) 133 goto fallback; 134 135 if (m->m_pkthdr.len < sizeof(struct ieee80211_frame_min)) 136 return (EINVAL); 137 wh = mtod(m, struct ieee80211_frame *); 138 if ((wh->i_fc[0] & IEEE80211_FC0_VERSION_MASK) != 139 IEEE80211_FC0_VERSION_0) 140 return (EINVAL); 141 if (!(ic->ic_caps & IEEE80211_C_RAWCTL) && 142 (wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == 143 IEEE80211_FC0_TYPE_CTL) 144 return (EINVAL); 145 146 return (if_enqueue(ifp, m)); 147 } 148 149 fallback: 150 return (ether_output(ifp, m, dst, rt)); 151 152 bad: 153 m_freem(m); 154 return (error); 155 } 156 157 /* 158 * Send a management frame to the specified node. The node pointer 159 * must have a reference as the pointer will be passed to the driver 160 * and potentially held for a long time. If the frame is successfully 161 * dispatched to the driver, then it is responsible for freeing the 162 * reference (and potentially free'ing up any associated storage). 163 */ 164 int 165 ieee80211_mgmt_output(struct ifnet *ifp, struct ieee80211_node *ni, 166 struct mbuf *m, int type) 167 { 168 struct ieee80211com *ic = (void *)ifp; 169 struct ieee80211_frame *wh; 170 171 if (ni == NULL) 172 panic("null node"); 173 ni->ni_inact = 0; 174 175 /* 176 * We want to pass the node down to the driver's start 177 * routine. We could stick this in an m_tag and tack that 178 * on to the mbuf. However that's rather expensive to do 179 * for every frame so instead we stuff it in a special pkthdr 180 * field. 181 */ 182 M_PREPEND(m, sizeof(struct ieee80211_frame), M_DONTWAIT); 183 if (m == NULL) 184 return ENOMEM; 185 m->m_pkthdr.ph_cookie = ni; 186 187 wh = mtod(m, struct ieee80211_frame *); 188 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | type; 189 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 190 *(u_int16_t *)&wh->i_dur[0] = 0; 191 *(u_int16_t *)&wh->i_seq[0] = 192 htole16(ni->ni_txseq << IEEE80211_SEQ_SEQ_SHIFT); 193 ni->ni_txseq++; 194 IEEE80211_ADDR_COPY(wh->i_addr1, ni->ni_macaddr); 195 IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_myaddr); 196 IEEE80211_ADDR_COPY(wh->i_addr3, ni->ni_bssid); 197 198 /* check if protection is required for this mgmt frame */ 199 if ((ic->ic_caps & IEEE80211_C_MFP) && 200 (type == IEEE80211_FC0_SUBTYPE_DISASSOC || 201 type == IEEE80211_FC0_SUBTYPE_DEAUTH || 202 type == IEEE80211_FC0_SUBTYPE_ACTION)) { 203 /* 204 * Hack: we should not set the Protected bit in outgoing 205 * group management frames, however it is used as an 206 * indication to the drivers that they must encrypt the 207 * frame. Drivers should clear this bit from group 208 * management frames (software crypto code will do it). 209 * XXX could use an mbuf flag.. 210 */ 211 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 212 (ni->ni_flags & IEEE80211_NODE_TXMGMTPROT)) 213 wh->i_fc[1] |= IEEE80211_FC1_PROTECTED; 214 } 215 216 if (ifp->if_flags & IFF_DEBUG) { 217 /* avoid to print too many frames */ 218 if ( 219 #ifndef IEEE80211_STA_ONLY 220 ic->ic_opmode == IEEE80211_M_IBSS || 221 #endif 222 #ifdef IEEE80211_DEBUG 223 ieee80211_debug > 1 || 224 #endif 225 (type & IEEE80211_FC0_SUBTYPE_MASK) != 226 IEEE80211_FC0_SUBTYPE_PROBE_RESP) 227 printf("%s: sending %s to %s on channel %u mode %s\n", 228 ifp->if_xname, 229 ieee80211_mgt_subtype_name[ 230 (type & IEEE80211_FC0_SUBTYPE_MASK) 231 >> IEEE80211_FC0_SUBTYPE_SHIFT], 232 ether_sprintf(ni->ni_macaddr), 233 ieee80211_chan2ieee(ic, ni->ni_chan), 234 ieee80211_phymode_name[ic->ic_curmode]); 235 } 236 237 #ifndef IEEE80211_STA_ONLY 238 if (ic->ic_opmode == IEEE80211_M_HOSTAP && 239 ieee80211_pwrsave(ic, m, ni) != 0) 240 return 0; 241 #endif 242 mq_enqueue(&ic->ic_mgtq, m); 243 ifp->if_timer = 1; 244 if_start(ifp); 245 return 0; 246 } 247 248 /*- 249 * EDCA tables are computed using the following formulas: 250 * 251 * 1) EDCATable (non-AP QSTA) 252 * 253 * AC CWmin CWmax AIFSN TXOP limit(ms) 254 * ------------------------------------------------------------- 255 * AC_BK aCWmin aCWmax 7 0 256 * AC_BE aCWmin aCWmax 3 0 257 * AC_VI (aCWmin+1)/2-1 aCWmin 2 agn=3.008 b=6.016 others=0 258 * AC_VO (aCWmin+1)/4-1 (aCWmin+1)/2-1 2 agn=1.504 b=3.264 others=0 259 * 260 * 2) QAPEDCATable (QAP) 261 * 262 * AC CWmin CWmax AIFSN TXOP limit(ms) 263 * ------------------------------------------------------------- 264 * AC_BK aCWmin aCWmax 7 0 265 * AC_BE aCWmin 4*(aCWmin+1)-1 3 0 266 * AC_VI (aCWmin+1)/2-1 aCWmin 1 agn=3.008 b=6.016 others=0 267 * AC_VO (aCWmin+1)/4-1 (aCWmin+1)/2-1 1 agn=1.504 b=3.264 others=0 268 * 269 * and the following aCWmin/aCWmax values: 270 * 271 * PHY aCWmin aCWmax 272 * --------------------------- 273 * 11A 15 1023 274 * 11B 31 1023 275 * 11G 15* 1023 (*) aCWmin(1) 276 * 11N 15 1023 277 */ 278 #if 0 279 static const struct ieee80211_edca_ac_params 280 ieee80211_edca_table[IEEE80211_MODE_MAX][EDCA_NUM_AC] = { 281 [IEEE80211_MODE_11B] = { 282 [EDCA_AC_BK] = { 5, 10, 7, 0 }, 283 [EDCA_AC_BE] = { 5, 10, 3, 0 }, 284 [EDCA_AC_VI] = { 4, 5, 2, 188 }, 285 [EDCA_AC_VO] = { 3, 4, 2, 102 } 286 }, 287 [IEEE80211_MODE_11A] = { 288 [EDCA_AC_BK] = { 4, 10, 7, 0 }, 289 [EDCA_AC_BE] = { 4, 10, 3, 0 }, 290 [EDCA_AC_VI] = { 3, 4, 2, 94 }, 291 [EDCA_AC_VO] = { 2, 3, 2, 47 } 292 }, 293 [IEEE80211_MODE_11G] = { 294 [EDCA_AC_BK] = { 4, 10, 7, 0 }, 295 [EDCA_AC_BE] = { 4, 10, 3, 0 }, 296 [EDCA_AC_VI] = { 3, 4, 2, 94 }, 297 [EDCA_AC_VO] = { 2, 3, 2, 47 } 298 }, 299 [IEEE80211_MODE_11N] = { 300 [EDCA_AC_BK] = { 4, 10, 7, 0 }, 301 [EDCA_AC_BE] = { 4, 10, 3, 0 }, 302 [EDCA_AC_VI] = { 3, 4, 2, 94 }, 303 [EDCA_AC_VO] = { 2, 3, 2, 47 } 304 }, 305 }; 306 #endif 307 308 #ifndef IEEE80211_STA_ONLY 309 static const struct ieee80211_edca_ac_params 310 ieee80211_qap_edca_table[IEEE80211_MODE_MAX][EDCA_NUM_AC] = { 311 [IEEE80211_MODE_11B] = { 312 [EDCA_AC_BK] = { 5, 10, 7, 0 }, 313 [EDCA_AC_BE] = { 5, 7, 3, 0 }, 314 [EDCA_AC_VI] = { 4, 5, 1, 188 }, 315 [EDCA_AC_VO] = { 3, 4, 1, 102 } 316 }, 317 [IEEE80211_MODE_11A] = { 318 [EDCA_AC_BK] = { 4, 10, 7, 0 }, 319 [EDCA_AC_BE] = { 4, 6, 3, 0 }, 320 [EDCA_AC_VI] = { 3, 4, 1, 94 }, 321 [EDCA_AC_VO] = { 2, 3, 1, 47 } 322 }, 323 [IEEE80211_MODE_11G] = { 324 [EDCA_AC_BK] = { 4, 10, 7, 0 }, 325 [EDCA_AC_BE] = { 4, 6, 3, 0 }, 326 [EDCA_AC_VI] = { 3, 4, 1, 94 }, 327 [EDCA_AC_VO] = { 2, 3, 1, 47 } 328 }, 329 [IEEE80211_MODE_11N] = { 330 [EDCA_AC_BK] = { 4, 10, 7, 0 }, 331 [EDCA_AC_BE] = { 4, 6, 3, 0 }, 332 [EDCA_AC_VI] = { 3, 4, 1, 94 }, 333 [EDCA_AC_VO] = { 2, 3, 1, 47 } 334 }, 335 }; 336 #endif /* IEEE80211_STA_ONLY */ 337 338 /* 339 * Return the EDCA Access Category to be used for transmitting a frame with 340 * user-priority `up'. 341 */ 342 enum ieee80211_edca_ac 343 ieee80211_up_to_ac(struct ieee80211com *ic, int up) 344 { 345 /* see Table 9-1 */ 346 static const enum ieee80211_edca_ac up_to_ac[] = { 347 EDCA_AC_BE, /* BE */ 348 EDCA_AC_BK, /* BK */ 349 EDCA_AC_BK, /* -- */ 350 EDCA_AC_BE, /* EE */ 351 EDCA_AC_VI, /* CL */ 352 EDCA_AC_VI, /* VI */ 353 EDCA_AC_VO, /* VO */ 354 EDCA_AC_VO /* NC */ 355 }; 356 enum ieee80211_edca_ac ac; 357 358 ac = (up <= 7) ? up_to_ac[up] : EDCA_AC_BE; 359 360 #ifndef IEEE80211_STA_ONLY 361 if (ic->ic_opmode == IEEE80211_M_HOSTAP) 362 return ac; 363 #endif 364 /* 365 * We do not support the admission control procedure defined in 366 * IEEE Std 802.11-2007 section 9.9.3.1.2. The spec says that 367 * non-AP QSTAs that don't support this procedure shall use EDCA 368 * parameters of a lower priority AC that does not require 369 * admission control. 370 */ 371 while (ac != EDCA_AC_BK && ic->ic_edca_ac[ac].ac_acm) { 372 switch (ac) { 373 case EDCA_AC_BK: 374 /* can't get there */ 375 break; 376 case EDCA_AC_BE: 377 /* BE shouldn't require admission control */ 378 ac = EDCA_AC_BK; 379 break; 380 case EDCA_AC_VI: 381 ac = EDCA_AC_BE; 382 break; 383 case EDCA_AC_VO: 384 ac = EDCA_AC_VI; 385 break; 386 } 387 } 388 return ac; 389 } 390 391 /* 392 * Get mbuf's user-priority: if mbuf is not VLAN tagged, select user-priority 393 * based on the DSCP (Differentiated Services Codepoint) field. 394 */ 395 int 396 ieee80211_classify(struct ieee80211com *ic, struct mbuf *m) 397 { 398 struct ether_header *eh; 399 u_int8_t ds_field; 400 #if NVLAN > 0 401 if (m->m_flags & M_VLANTAG) /* use VLAN 802.1D user-priority */ 402 return EVL_PRIOFTAG(m->m_pkthdr.ether_vtag); 403 #endif 404 eh = mtod(m, struct ether_header *); 405 if (eh->ether_type == htons(ETHERTYPE_IP)) { 406 struct ip *ip = (struct ip *)&eh[1]; 407 if (ip->ip_v != 4) 408 return 0; 409 ds_field = ip->ip_tos; 410 } 411 #ifdef INET6 412 else if (eh->ether_type == htons(ETHERTYPE_IPV6)) { 413 struct ip6_hdr *ip6 = (struct ip6_hdr *)&eh[1]; 414 u_int32_t flowlabel; 415 416 flowlabel = ntohl(ip6->ip6_flow); 417 if ((flowlabel >> 28) != 6) 418 return 0; 419 ds_field = (flowlabel >> 20) & 0xff; 420 } 421 #endif /* INET6 */ 422 else /* neither IPv4 nor IPv6 */ 423 return 0; 424 425 /* 426 * Map Differentiated Services Codepoint field (see RFC2474). 427 * Preserves backward compatibility with IP Precedence field. 428 */ 429 switch (ds_field & 0xfc) { 430 case IPTOS_PREC_PRIORITY: 431 return 2; 432 case IPTOS_PREC_IMMEDIATE: 433 return 1; 434 case IPTOS_PREC_FLASH: 435 return 3; 436 case IPTOS_PREC_FLASHOVERRIDE: 437 return 4; 438 case IPTOS_PREC_CRITIC_ECP: 439 return 5; 440 case IPTOS_PREC_INTERNETCONTROL: 441 return 6; 442 case IPTOS_PREC_NETCONTROL: 443 return 7; 444 } 445 return 0; /* default to Best-Effort */ 446 } 447 448 /* 449 * Encapsulate an outbound data frame. The mbuf chain is updated and 450 * a reference to the destination node is returned. If an error is 451 * encountered NULL is returned and the node reference will also be NULL. 452 * 453 * NB: The caller is responsible for free'ing a returned node reference. 454 * The convention is ic_bss is not reference counted; the caller must 455 * maintain that. 456 */ 457 struct mbuf * 458 ieee80211_encap(struct ifnet *ifp, struct mbuf *m, struct ieee80211_node **pni) 459 { 460 struct ieee80211com *ic = (void *)ifp; 461 struct ether_header eh; 462 struct ieee80211_frame *wh; 463 struct ieee80211_node *ni = NULL; 464 struct llc *llc; 465 struct m_tag *mtag; 466 u_int8_t *addr; 467 u_int dlt, hdrlen; 468 int addqos, tid; 469 470 /* Handle raw frames if mbuf is tagged as 802.11 */ 471 if ((mtag = m_tag_find(m, PACKET_TAG_DLT, NULL)) != NULL) { 472 dlt = *(u_int *)(mtag + 1); 473 474 if (!(dlt == DLT_IEEE802_11 || dlt == DLT_IEEE802_11_RADIO)) 475 goto fallback; 476 477 wh = mtod(m, struct ieee80211_frame *); 478 switch (wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) { 479 case IEEE80211_FC1_DIR_NODS: 480 case IEEE80211_FC1_DIR_FROMDS: 481 addr = wh->i_addr1; 482 break; 483 case IEEE80211_FC1_DIR_DSTODS: 484 case IEEE80211_FC1_DIR_TODS: 485 addr = wh->i_addr3; 486 break; 487 default: 488 goto bad; 489 } 490 491 ni = ieee80211_find_txnode(ic, addr); 492 if (ni == NULL) 493 ni = ieee80211_ref_node(ic->ic_bss); 494 if (ni == NULL) { 495 printf("%s: no node for dst %s, " 496 "discard raw tx frame\n", ifp->if_xname, 497 ether_sprintf(addr)); 498 ic->ic_stats.is_tx_nonode++; 499 goto bad; 500 } 501 ni->ni_inact = 0; 502 503 *pni = ni; 504 return (m); 505 } 506 507 fallback: 508 if (m->m_len < sizeof(struct ether_header)) { 509 m = m_pullup(m, sizeof(struct ether_header)); 510 if (m == NULL) { 511 ic->ic_stats.is_tx_nombuf++; 512 goto bad; 513 } 514 } 515 memcpy(&eh, mtod(m, caddr_t), sizeof(struct ether_header)); 516 517 ni = ieee80211_find_txnode(ic, eh.ether_dhost); 518 if (ni == NULL) { 519 DPRINTF(("no node for dst %s, discard frame\n", 520 ether_sprintf(eh.ether_dhost))); 521 ic->ic_stats.is_tx_nonode++; 522 goto bad; 523 } 524 525 if ((ic->ic_flags & IEEE80211_F_RSNON) && 526 !ni->ni_port_valid && 527 eh.ether_type != htons(ETHERTYPE_PAE)) { 528 DPRINTF(("port not valid: %s\n", 529 ether_sprintf(eh.ether_dhost))); 530 ic->ic_stats.is_tx_noauth++; 531 goto bad; 532 } 533 534 if ((ic->ic_flags & IEEE80211_F_COUNTERM) && 535 ni->ni_rsncipher == IEEE80211_CIPHER_TKIP) 536 /* XXX TKIP countermeasures! */; 537 538 ni->ni_inact = 0; 539 540 if ((ic->ic_flags & IEEE80211_F_QOS) && 541 (ni->ni_flags & IEEE80211_NODE_QOS) && 542 /* do not QoS-encapsulate EAPOL frames */ 543 eh.ether_type != htons(ETHERTYPE_PAE)) { 544 tid = ieee80211_classify(ic, m); 545 hdrlen = sizeof(struct ieee80211_qosframe); 546 addqos = 1; 547 } else { 548 hdrlen = sizeof(struct ieee80211_frame); 549 addqos = 0; 550 } 551 m_adj(m, sizeof(struct ether_header) - LLC_SNAPFRAMELEN); 552 llc = mtod(m, struct llc *); 553 llc->llc_dsap = llc->llc_ssap = LLC_SNAP_LSAP; 554 llc->llc_control = LLC_UI; 555 llc->llc_snap.org_code[0] = 0; 556 llc->llc_snap.org_code[1] = 0; 557 llc->llc_snap.org_code[2] = 0; 558 llc->llc_snap.ether_type = eh.ether_type; 559 M_PREPEND(m, hdrlen, M_DONTWAIT); 560 if (m == NULL) { 561 ic->ic_stats.is_tx_nombuf++; 562 goto bad; 563 } 564 wh = mtod(m, struct ieee80211_frame *); 565 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_DATA; 566 *(u_int16_t *)&wh->i_dur[0] = 0; 567 if (addqos) { 568 struct ieee80211_qosframe *qwh = 569 (struct ieee80211_qosframe *)wh; 570 u_int16_t qos = tid; 571 572 if (ic->ic_tid_noack & (1 << tid)) 573 qos |= IEEE80211_QOS_ACK_POLICY_NOACK; 574 else if (ni->ni_tx_ba[tid].ba_state == IEEE80211_BA_AGREED) 575 qos |= IEEE80211_QOS_ACK_POLICY_BA; 576 qwh->i_fc[0] |= IEEE80211_FC0_SUBTYPE_QOS; 577 *(u_int16_t *)qwh->i_qos = htole16(qos); 578 *(u_int16_t *)qwh->i_seq = 579 htole16(ni->ni_qos_txseqs[tid] << IEEE80211_SEQ_SEQ_SHIFT); 580 ni->ni_qos_txseqs[tid]++; 581 } else { 582 *(u_int16_t *)&wh->i_seq[0] = 583 htole16(ni->ni_txseq << IEEE80211_SEQ_SEQ_SHIFT); 584 ni->ni_txseq++; 585 } 586 switch (ic->ic_opmode) { 587 case IEEE80211_M_STA: 588 wh->i_fc[1] = IEEE80211_FC1_DIR_TODS; 589 IEEE80211_ADDR_COPY(wh->i_addr1, ni->ni_bssid); 590 IEEE80211_ADDR_COPY(wh->i_addr2, eh.ether_shost); 591 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_dhost); 592 break; 593 #ifndef IEEE80211_STA_ONLY 594 case IEEE80211_M_IBSS: 595 case IEEE80211_M_AHDEMO: 596 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 597 IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost); 598 IEEE80211_ADDR_COPY(wh->i_addr2, eh.ether_shost); 599 IEEE80211_ADDR_COPY(wh->i_addr3, ic->ic_bss->ni_bssid); 600 break; 601 case IEEE80211_M_HOSTAP: 602 wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS; 603 IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost); 604 IEEE80211_ADDR_COPY(wh->i_addr2, ni->ni_bssid); 605 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_shost); 606 break; 607 #endif 608 default: 609 /* should not get there */ 610 goto bad; 611 } 612 613 if ((ic->ic_flags & IEEE80211_F_WEPON) || 614 ((ic->ic_flags & IEEE80211_F_RSNON) && 615 (ni->ni_flags & IEEE80211_NODE_TXPROT))) 616 wh->i_fc[1] |= IEEE80211_FC1_PROTECTED; 617 618 #ifndef IEEE80211_STA_ONLY 619 if (ic->ic_opmode == IEEE80211_M_HOSTAP && 620 ieee80211_pwrsave(ic, m, ni) != 0) { 621 *pni = NULL; 622 return NULL; 623 } 624 #endif 625 *pni = ni; 626 return m; 627 bad: 628 m_freem(m); 629 if (ni != NULL) 630 ieee80211_release_node(ic, ni); 631 *pni = NULL; 632 return NULL; 633 } 634 635 /* 636 * Add a Capability Information field to a frame (see 7.3.1.4). 637 */ 638 u_int8_t * 639 ieee80211_add_capinfo(u_int8_t *frm, struct ieee80211com *ic, 640 const struct ieee80211_node *ni) 641 { 642 u_int16_t capinfo; 643 644 #ifndef IEEE80211_STA_ONLY 645 if (ic->ic_opmode == IEEE80211_M_IBSS) 646 capinfo = IEEE80211_CAPINFO_IBSS; 647 else if (ic->ic_opmode == IEEE80211_M_HOSTAP) 648 capinfo = IEEE80211_CAPINFO_ESS; 649 else 650 #endif 651 capinfo = 0; 652 #ifndef IEEE80211_STA_ONLY 653 if (ic->ic_opmode == IEEE80211_M_HOSTAP && 654 (ic->ic_flags & (IEEE80211_F_WEPON | IEEE80211_F_RSNON))) 655 capinfo |= IEEE80211_CAPINFO_PRIVACY; 656 #endif 657 /* NB: some 11a AP's reject the request when short preamble is set */ 658 if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) && 659 IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) 660 capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE; 661 if (ic->ic_flags & IEEE80211_F_SHSLOT) 662 capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME; 663 LE_WRITE_2(frm, capinfo); 664 return frm + 2; 665 } 666 667 /* 668 * Add an SSID element to a frame (see 7.3.2.1). 669 */ 670 u_int8_t * 671 ieee80211_add_ssid(u_int8_t *frm, const u_int8_t *ssid, u_int len) 672 { 673 *frm++ = IEEE80211_ELEMID_SSID; 674 *frm++ = len; 675 memcpy(frm, ssid, len); 676 return frm + len; 677 } 678 679 /* 680 * Add a supported rates element to a frame (see 7.3.2.2). 681 */ 682 u_int8_t * 683 ieee80211_add_rates(u_int8_t *frm, const struct ieee80211_rateset *rs) 684 { 685 int nrates; 686 687 *frm++ = IEEE80211_ELEMID_RATES; 688 nrates = min(rs->rs_nrates, IEEE80211_RATE_SIZE); 689 *frm++ = nrates; 690 memcpy(frm, rs->rs_rates, nrates); 691 return frm + nrates; 692 } 693 694 #ifndef IEEE80211_STA_ONLY 695 /* 696 * Add a DS Parameter Set element to a frame (see 7.3.2.4). 697 */ 698 u_int8_t * 699 ieee80211_add_ds_params(u_int8_t *frm, struct ieee80211com *ic, 700 const struct ieee80211_node *ni) 701 { 702 *frm++ = IEEE80211_ELEMID_DSPARMS; 703 *frm++ = 1; 704 *frm++ = ieee80211_chan2ieee(ic, ni->ni_chan); 705 return frm; 706 } 707 708 /* 709 * Add a TIM element to a frame (see 7.3.2.6 and Annex L). 710 */ 711 u_int8_t * 712 ieee80211_add_tim(u_int8_t *frm, struct ieee80211com *ic) 713 { 714 u_int i, offset = 0, len; 715 716 /* find first non-zero octet in the virtual bit map */ 717 for (i = 0; i < ic->ic_tim_len && ic->ic_tim_bitmap[i] == 0; i++); 718 719 /* clear the lsb as it is reserved for the broadcast indication bit */ 720 if (i < ic->ic_tim_len) 721 offset = i & ~1; 722 723 /* find last non-zero octet in the virtual bit map */ 724 for (i = ic->ic_tim_len - 1; i > 0 && ic->ic_tim_bitmap[i] == 0; i--); 725 726 len = i - offset + 1; 727 728 *frm++ = IEEE80211_ELEMID_TIM; 729 *frm++ = len + 3; /* length */ 730 *frm++ = ic->ic_dtim_count; /* DTIM count */ 731 *frm++ = ic->ic_dtim_period; /* DTIM period */ 732 733 /* Bitmap Control */ 734 *frm = offset; 735 /* set broadcast/multicast indication bit if necessary */ 736 if (ic->ic_dtim_count == 0 && ic->ic_tim_mcast_pending) 737 *frm |= 0x01; 738 frm++; 739 740 /* Partial Virtual Bitmap */ 741 memcpy(frm, &ic->ic_tim_bitmap[offset], len); 742 return frm + len; 743 } 744 745 /* 746 * Add an IBSS Parameter Set element to a frame (see 7.3.2.7). 747 */ 748 u_int8_t * 749 ieee80211_add_ibss_params(u_int8_t *frm, const struct ieee80211_node *ni) 750 { 751 *frm++ = IEEE80211_ELEMID_IBSSPARMS; 752 *frm++ = 2; 753 LE_WRITE_2(frm, 0); /* TODO: ATIM window */ 754 return frm + 2; 755 } 756 757 /* 758 * Add an EDCA Parameter Set element to a frame (see 7.3.2.29). 759 */ 760 u_int8_t * 761 ieee80211_add_edca_params(u_int8_t *frm, struct ieee80211com *ic) 762 { 763 const struct ieee80211_edca_ac_params *edca; 764 int aci; 765 766 *frm++ = IEEE80211_ELEMID_EDCAPARMS; 767 *frm++ = 18; /* length */ 768 *frm++ = 0; /* QoS Info */ 769 *frm++ = 0; /* reserved */ 770 771 /* setup AC Parameter Records */ 772 edca = ieee80211_qap_edca_table[ic->ic_curmode]; 773 for (aci = 0; aci < EDCA_NUM_AC; aci++) { 774 const struct ieee80211_edca_ac_params *ac = &edca[aci]; 775 776 *frm++ = (aci << 5) | ((ac->ac_acm & 0x1) << 4) | 777 (ac->ac_aifsn & 0xf); 778 *frm++ = (ac->ac_ecwmax << 4) | 779 (ac->ac_ecwmin & 0xf); 780 LE_WRITE_2(frm, ac->ac_txoplimit); frm += 2; 781 } 782 return frm; 783 } 784 785 /* 786 * Add an ERP element to a frame (see 7.3.2.13). 787 */ 788 u_int8_t * 789 ieee80211_add_erp(u_int8_t *frm, struct ieee80211com *ic) 790 { 791 u_int8_t erp; 792 793 *frm++ = IEEE80211_ELEMID_ERP; 794 *frm++ = 1; 795 erp = 0; 796 /* 797 * The NonERP_Present bit shall be set to 1 when a NonERP STA 798 * is associated with the BSS. 799 */ 800 if (ic->ic_nonerpsta != 0) 801 erp |= IEEE80211_ERP_NON_ERP_PRESENT; 802 /* 803 * If one or more NonERP STAs are associated in the BSS, the 804 * Use_Protection bit shall be set to 1 in transmitted ERP 805 * Information Elements. 806 */ 807 if (ic->ic_flags & IEEE80211_F_USEPROT) 808 erp |= IEEE80211_ERP_USE_PROTECTION; 809 /* 810 * The Barker_Preamble_Mode bit shall be set to 1 by the ERP 811 * Information Element sender if one or more associated NonERP 812 * STAs are not short preamble capable. 813 */ 814 if (!(ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 815 erp |= IEEE80211_ERP_BARKER_MODE; 816 *frm++ = erp; 817 return frm; 818 } 819 #endif /* IEEE80211_STA_ONLY */ 820 821 /* 822 * Add a QoS Capability element to a frame (see 7.3.2.35). 823 */ 824 u_int8_t * 825 ieee80211_add_qos_capability(u_int8_t *frm, struct ieee80211com *ic) 826 { 827 *frm++ = IEEE80211_ELEMID_QOS_CAP; 828 *frm++ = 1; 829 *frm++ = 0; /* QoS Info */ 830 return frm; 831 } 832 833 /* 834 * Add a Wifi-Alliance WME (aka WMM) info element to a frame. 835 * WME is a requirement for Wifi-Alliance compliance and some 836 * 11n APs will not negotiate HT if this element is missing. 837 */ 838 uint8_t * 839 ieee80211_add_wme_info(uint8_t *frm, struct ieee80211com *ic) 840 { 841 *frm++ = IEEE80211_ELEMID_VENDOR; 842 *frm++ = 7; 843 memcpy(frm, MICROSOFT_OUI, 3); frm += 3; 844 *frm++ = 2; /* OUI type */ 845 *frm++ = 0; /* OUI subtype */ 846 *frm++ = 1; /* version */ 847 *frm++ = 0; /* info */ 848 849 return frm; 850 } 851 852 #ifndef IEEE80211_STA_ONLY 853 /* 854 * Add a Wifi-Alliance WMM (aka WME) parameter element to a frame. 855 */ 856 uint8_t * 857 ieee80211_add_wme_param(uint8_t *frm, struct ieee80211com *ic) 858 { 859 const struct ieee80211_edca_ac_params *edca; 860 int aci; 861 862 *frm++ = IEEE80211_ELEMID_VENDOR; 863 *frm++ = 24; 864 memcpy(frm, MICROSOFT_OUI, 3); frm += 3; 865 *frm++ = 2; /* OUI type */ 866 *frm++ = 1; /* OUI subtype */ 867 *frm++ = 1; /* version */ 868 *frm++ = 0; /* info */ 869 *frm++ = 0; /* reserved */ 870 871 /* setup AC Parameter Records */ 872 edca = ieee80211_qap_edca_table[ic->ic_curmode]; 873 for (aci = 0; aci < EDCA_NUM_AC; aci++) { 874 const struct ieee80211_edca_ac_params *ac = &edca[aci]; 875 876 *frm++ = (aci << 5) | ((ac->ac_acm & 0x1) << 4) | 877 (ac->ac_aifsn & 0xf); 878 *frm++ = (ac->ac_ecwmax << 4) | 879 (ac->ac_ecwmin & 0xf); 880 LE_WRITE_2(frm, ac->ac_txoplimit); frm += 2; 881 } 882 883 return frm; 884 } 885 #endif 886 887 /* 888 * Add an RSN element to a frame (see 802.11-2012 8.4.2.27) 889 */ 890 u_int8_t * 891 ieee80211_add_rsn_body(u_int8_t *frm, struct ieee80211com *ic, 892 const struct ieee80211_node *ni, int wpa) 893 { 894 const u_int8_t *oui = wpa ? MICROSOFT_OUI : IEEE80211_OUI; 895 u_int8_t *pcount; 896 u_int16_t count; 897 898 /* write Version field */ 899 LE_WRITE_2(frm, 1); frm += 2; 900 901 /* write Group Data Cipher Suite field (see 802.11-2012 Table 8-99) */ 902 memcpy(frm, oui, 3); frm += 3; 903 switch (ni->ni_rsngroupcipher) { 904 case IEEE80211_CIPHER_WEP40: 905 *frm++ = 1; 906 break; 907 case IEEE80211_CIPHER_TKIP: 908 *frm++ = 2; 909 break; 910 case IEEE80211_CIPHER_CCMP: 911 *frm++ = 4; 912 break; 913 case IEEE80211_CIPHER_WEP104: 914 *frm++ = 5; 915 break; 916 default: 917 /* can't get there */ 918 panic("invalid group data cipher!"); 919 } 920 921 pcount = frm; frm += 2; 922 count = 0; 923 /* write Pairwise Cipher Suite List */ 924 if (ni->ni_rsnciphers & IEEE80211_CIPHER_USEGROUP) { 925 memcpy(frm, oui, 3); frm += 3; 926 *frm++ = 0; 927 count++; 928 } 929 if (ni->ni_rsnciphers & IEEE80211_CIPHER_TKIP) { 930 memcpy(frm, oui, 3); frm += 3; 931 *frm++ = 2; 932 count++; 933 } 934 if (ni->ni_rsnciphers & IEEE80211_CIPHER_CCMP) { 935 memcpy(frm, oui, 3); frm += 3; 936 *frm++ = 4; 937 count++; 938 } 939 /* write Pairwise Cipher Suite Count field */ 940 LE_WRITE_2(pcount, count); 941 942 pcount = frm; frm += 2; 943 count = 0; 944 /* write AKM Suite List (see Table 20dc) */ 945 if (ni->ni_rsnakms & IEEE80211_AKM_8021X) { 946 memcpy(frm, oui, 3); frm += 3; 947 *frm++ = 1; 948 count++; 949 } 950 if (ni->ni_rsnakms & IEEE80211_AKM_PSK) { 951 memcpy(frm, oui, 3); frm += 3; 952 *frm++ = 2; 953 count++; 954 } 955 if (!wpa && (ni->ni_rsnakms & IEEE80211_AKM_SHA256_8021X)) { 956 memcpy(frm, oui, 3); frm += 3; 957 *frm++ = 5; 958 count++; 959 } 960 if (!wpa && (ni->ni_rsnakms & IEEE80211_AKM_SHA256_PSK)) { 961 memcpy(frm, oui, 3); frm += 3; 962 *frm++ = 6; 963 count++; 964 } 965 /* write AKM Suite List Count field */ 966 LE_WRITE_2(pcount, count); 967 968 if (wpa) 969 return frm; 970 971 /* write RSN Capabilities field */ 972 LE_WRITE_2(frm, ni->ni_rsncaps); frm += 2; 973 974 if (ni->ni_flags & IEEE80211_NODE_PMKID) { 975 /* write PMKID Count field */ 976 LE_WRITE_2(frm, 1); frm += 2; 977 /* write PMKID List (only 1) */ 978 memcpy(frm, ni->ni_pmkid, IEEE80211_PMKID_LEN); 979 frm += IEEE80211_PMKID_LEN; 980 } else { 981 /* no PMKID (PMKID Count=0) */ 982 LE_WRITE_2(frm, 0); frm += 2; 983 } 984 985 if (!(ic->ic_caps & IEEE80211_C_MFP)) 986 return frm; 987 988 /* write Group Integrity Cipher Suite field */ 989 memcpy(frm, oui, 3); frm += 3; 990 switch (ic->ic_rsngroupmgmtcipher) { 991 case IEEE80211_CIPHER_BIP: 992 *frm++ = 6; 993 break; 994 default: 995 /* can't get there */ 996 panic("invalid integrity group cipher!"); 997 } 998 return frm; 999 } 1000 1001 u_int8_t * 1002 ieee80211_add_rsn(u_int8_t *frm, struct ieee80211com *ic, 1003 const struct ieee80211_node *ni) 1004 { 1005 u_int8_t *plen; 1006 1007 *frm++ = IEEE80211_ELEMID_RSN; 1008 plen = frm++; /* length filled in later */ 1009 frm = ieee80211_add_rsn_body(frm, ic, ni, 0); 1010 1011 /* write length field */ 1012 *plen = frm - plen - 1; 1013 return frm; 1014 } 1015 1016 /* 1017 * Add a vendor-specific WPA element to a frame. 1018 * This is required for compatibility with Wi-Fi Alliance WPA. 1019 */ 1020 u_int8_t * 1021 ieee80211_add_wpa(u_int8_t *frm, struct ieee80211com *ic, 1022 const struct ieee80211_node *ni) 1023 { 1024 u_int8_t *plen; 1025 1026 *frm++ = IEEE80211_ELEMID_VENDOR; 1027 plen = frm++; /* length filled in later */ 1028 memcpy(frm, MICROSOFT_OUI, 3); frm += 3; 1029 *frm++ = 1; /* WPA */ 1030 frm = ieee80211_add_rsn_body(frm, ic, ni, 1); 1031 1032 /* write length field */ 1033 *plen = frm - plen - 1; 1034 return frm; 1035 } 1036 1037 /* 1038 * Add an extended supported rates element to a frame (see 7.3.2.14). 1039 */ 1040 u_int8_t * 1041 ieee80211_add_xrates(u_int8_t *frm, const struct ieee80211_rateset *rs) 1042 { 1043 int nrates; 1044 1045 KASSERT(rs->rs_nrates > IEEE80211_RATE_SIZE); 1046 1047 *frm++ = IEEE80211_ELEMID_XRATES; 1048 nrates = rs->rs_nrates - IEEE80211_RATE_SIZE; 1049 *frm++ = nrates; 1050 memcpy(frm, rs->rs_rates + IEEE80211_RATE_SIZE, nrates); 1051 return frm + nrates; 1052 } 1053 1054 /* 1055 * Add an HT Capabilities element to a frame (see 7.3.2.57). 1056 */ 1057 u_int8_t * 1058 ieee80211_add_htcaps(u_int8_t *frm, struct ieee80211com *ic) 1059 { 1060 *frm++ = IEEE80211_ELEMID_HTCAPS; 1061 *frm++ = 26; 1062 LE_WRITE_2(frm, ic->ic_htcaps); frm += 2; 1063 *frm++ = ic->ic_ampdu_params; 1064 memcpy(frm, ic->ic_sup_mcs, 10); frm += 10; 1065 LE_WRITE_2(frm, (ic->ic_max_rxrate & IEEE80211_MCS_RX_RATE_HIGH)); 1066 frm += 2; 1067 *frm++ = ic->ic_tx_mcs_set; 1068 *frm++ = 0; /* reserved */ 1069 *frm++ = 0; /* reserved */ 1070 *frm++ = 0; /* reserved */ 1071 LE_WRITE_2(frm, ic->ic_htxcaps); frm += 2; 1072 LE_WRITE_4(frm, ic->ic_txbfcaps); frm += 4; 1073 *frm++ = ic->ic_aselcaps; 1074 return frm; 1075 } 1076 1077 #ifndef IEEE80211_STA_ONLY 1078 /* 1079 * Add an HT Operation element to a frame (see 7.3.2.58). 1080 */ 1081 u_int8_t * 1082 ieee80211_add_htop(u_int8_t *frm, struct ieee80211com *ic) 1083 { 1084 *frm++ = IEEE80211_ELEMID_HTOP; 1085 *frm++ = 22; 1086 *frm++ = ieee80211_chan2ieee(ic, ic->ic_bss->ni_chan); 1087 LE_WRITE_2(frm, 0); frm += 2; 1088 LE_WRITE_2(frm, 0); frm += 2; 1089 memset(frm, 0, 16); frm += 16; 1090 return frm; 1091 } 1092 #endif /* !IEEE80211_STA_ONLY */ 1093 1094 #ifndef IEEE80211_STA_ONLY 1095 /* 1096 * Add a Timeout Interval element to a frame (see 7.3.2.49). 1097 */ 1098 u_int8_t * 1099 ieee80211_add_tie(u_int8_t *frm, u_int8_t type, u_int32_t value) 1100 { 1101 *frm++ = IEEE80211_ELEMID_TIE; 1102 *frm++ = 5; /* length */ 1103 *frm++ = type; /* Timeout Interval type */ 1104 LE_WRITE_4(frm, value); 1105 return frm + 4; 1106 } 1107 #endif 1108 1109 struct mbuf * 1110 ieee80211_getmgmt(int flags, int type, u_int pktlen) 1111 { 1112 struct mbuf *m; 1113 1114 /* reserve space for 802.11 header */ 1115 pktlen += sizeof(struct ieee80211_frame); 1116 1117 if (pktlen > MCLBYTES) 1118 panic("management frame too large: %u", pktlen); 1119 MGETHDR(m, flags, type); 1120 if (m == NULL) 1121 return NULL; 1122 if (pktlen > MHLEN) { 1123 MCLGET(m, flags); 1124 if (!(m->m_flags & M_EXT)) 1125 return m_free(m); 1126 } 1127 m->m_data += sizeof(struct ieee80211_frame); 1128 return m; 1129 } 1130 1131 /*- 1132 * Probe request frame format: 1133 * [tlv] SSID 1134 * [tlv] Supported rates 1135 * [tlv] Extended Supported Rates (802.11g) 1136 * [tlv] HT Capabilities (802.11n) 1137 */ 1138 struct mbuf * 1139 ieee80211_get_probe_req(struct ieee80211com *ic, struct ieee80211_node *ni) 1140 { 1141 const struct ieee80211_rateset *rs = 1142 &ic->ic_sup_rates[ieee80211_chan2mode(ic, ni->ni_chan)]; 1143 struct mbuf *m; 1144 u_int8_t *frm; 1145 1146 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 1147 2 + ic->ic_des_esslen + 1148 2 + min(rs->rs_nrates, IEEE80211_RATE_SIZE) + 1149 ((rs->rs_nrates > IEEE80211_RATE_SIZE) ? 1150 2 + rs->rs_nrates - IEEE80211_RATE_SIZE : 0) + 1151 ((ic->ic_flags & IEEE80211_F_HTON) ? 28 + 9 : 0)); 1152 if (m == NULL) 1153 return NULL; 1154 1155 frm = mtod(m, u_int8_t *); 1156 frm = ieee80211_add_ssid(frm, ic->ic_des_essid, ic->ic_des_esslen); 1157 frm = ieee80211_add_rates(frm, rs); 1158 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 1159 frm = ieee80211_add_xrates(frm, rs); 1160 if (ic->ic_flags & IEEE80211_F_HTON) { 1161 frm = ieee80211_add_htcaps(frm, ic); 1162 frm = ieee80211_add_wme_info(frm, ic); 1163 } 1164 1165 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1166 1167 return m; 1168 } 1169 1170 #ifndef IEEE80211_STA_ONLY 1171 /*- 1172 * Probe response frame format: 1173 * [8] Timestamp 1174 * [2] Beacon interval 1175 * [2] Capability 1176 * [tlv] Service Set Identifier (SSID) 1177 * [tlv] Supported rates 1178 * [tlv] DS Parameter Set (802.11g) 1179 * [tlv] ERP Information (802.11g) 1180 * [tlv] Extended Supported Rates (802.11g) 1181 * [tlv] RSN (802.11i) 1182 * [tlv] EDCA Parameter Set (802.11e) 1183 * [tlv] HT Capabilities (802.11n) 1184 * [tlv] HT Operation (802.11n) 1185 */ 1186 struct mbuf * 1187 ieee80211_get_probe_resp(struct ieee80211com *ic, struct ieee80211_node *ni) 1188 { 1189 const struct ieee80211_rateset *rs = &ic->ic_bss->ni_rates; 1190 struct mbuf *m; 1191 u_int8_t *frm; 1192 1193 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 1194 8 + 2 + 2 + 1195 2 + ni->ni_esslen + 1196 2 + min(rs->rs_nrates, IEEE80211_RATE_SIZE) + 1197 2 + 1 + 1198 ((ic->ic_opmode == IEEE80211_M_IBSS) ? 2 + 2 : 0) + 1199 ((ic->ic_curmode == IEEE80211_MODE_11G) ? 2 + 1 : 0) + 1200 ((rs->rs_nrates > IEEE80211_RATE_SIZE) ? 1201 2 + rs->rs_nrates - IEEE80211_RATE_SIZE : 0) + 1202 (((ic->ic_flags & IEEE80211_F_RSNON) && 1203 (ic->ic_bss->ni_rsnprotos & IEEE80211_PROTO_RSN)) ? 1204 2 + IEEE80211_RSNIE_MAXLEN : 0) + 1205 ((ic->ic_flags & IEEE80211_F_QOS) ? 2 + 18 : 0) + 1206 (((ic->ic_flags & IEEE80211_F_RSNON) && 1207 (ic->ic_bss->ni_rsnprotos & IEEE80211_PROTO_WPA)) ? 1208 2 + IEEE80211_WPAIE_MAXLEN : 0) + 1209 ((ic->ic_flags & IEEE80211_F_HTON) ? 28 + 24 : 0)); 1210 if (m == NULL) 1211 return NULL; 1212 1213 frm = mtod(m, u_int8_t *); 1214 memset(frm, 0, 8); frm += 8; /* timestamp is set by hardware */ 1215 LE_WRITE_2(frm, ic->ic_bss->ni_intval); frm += 2; 1216 frm = ieee80211_add_capinfo(frm, ic, ni); 1217 frm = ieee80211_add_ssid(frm, ic->ic_bss->ni_essid, 1218 ic->ic_bss->ni_esslen); 1219 frm = ieee80211_add_rates(frm, rs); 1220 frm = ieee80211_add_ds_params(frm, ic, ni); 1221 if (ic->ic_opmode == IEEE80211_M_IBSS) 1222 frm = ieee80211_add_ibss_params(frm, ni); 1223 if (ic->ic_curmode == IEEE80211_MODE_11G) 1224 frm = ieee80211_add_erp(frm, ic); 1225 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 1226 frm = ieee80211_add_xrates(frm, rs); 1227 if ((ic->ic_flags & IEEE80211_F_RSNON) && 1228 (ic->ic_bss->ni_rsnprotos & IEEE80211_PROTO_RSN)) 1229 frm = ieee80211_add_rsn(frm, ic, ic->ic_bss); 1230 if (ic->ic_flags & IEEE80211_F_QOS) 1231 frm = ieee80211_add_edca_params(frm, ic); 1232 if ((ic->ic_flags & IEEE80211_F_RSNON) && 1233 (ic->ic_bss->ni_rsnprotos & IEEE80211_PROTO_WPA)) 1234 frm = ieee80211_add_wpa(frm, ic, ic->ic_bss); 1235 if (ic->ic_flags & IEEE80211_F_HTON) { 1236 frm = ieee80211_add_htcaps(frm, ic); 1237 frm = ieee80211_add_htop(frm, ic); 1238 } 1239 1240 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1241 1242 return m; 1243 } 1244 #endif /* IEEE80211_STA_ONLY */ 1245 1246 /*- 1247 * Authentication frame format: 1248 * [2] Authentication algorithm number 1249 * [2] Authentication transaction sequence number 1250 * [2] Status code 1251 */ 1252 struct mbuf * 1253 ieee80211_get_auth(struct ieee80211com *ic, struct ieee80211_node *ni, 1254 u_int16_t status, u_int16_t seq) 1255 { 1256 struct mbuf *m; 1257 u_int8_t *frm; 1258 1259 MGETHDR(m, M_DONTWAIT, MT_DATA); 1260 if (m == NULL) 1261 return NULL; 1262 MH_ALIGN(m, 2 * 3); 1263 m->m_pkthdr.len = m->m_len = 2 * 3; 1264 1265 frm = mtod(m, u_int8_t *); 1266 LE_WRITE_2(frm, IEEE80211_AUTH_ALG_OPEN); frm += 2; 1267 LE_WRITE_2(frm, seq); frm += 2; 1268 LE_WRITE_2(frm, status); 1269 1270 return m; 1271 } 1272 1273 /*- 1274 * Deauthentication frame format: 1275 * [2] Reason code 1276 */ 1277 struct mbuf * 1278 ieee80211_get_deauth(struct ieee80211com *ic, struct ieee80211_node *ni, 1279 u_int16_t reason) 1280 { 1281 struct mbuf *m; 1282 1283 MGETHDR(m, M_DONTWAIT, MT_DATA); 1284 if (m == NULL) 1285 return NULL; 1286 MH_ALIGN(m, 2); 1287 1288 m->m_pkthdr.len = m->m_len = 2; 1289 *mtod(m, u_int16_t *) = htole16(reason); 1290 1291 return m; 1292 } 1293 1294 /*- 1295 * (Re)Association request frame format: 1296 * [2] Capability information 1297 * [2] Listen interval 1298 * [6*] Current AP address (Reassociation only) 1299 * [tlv] SSID 1300 * [tlv] Supported rates 1301 * [tlv] Extended Supported Rates (802.11g) 1302 * [tlv] RSN (802.11i) 1303 * [tlv] QoS Capability (802.11e) 1304 * [tlv] HT Capabilities (802.11n) 1305 */ 1306 struct mbuf * 1307 ieee80211_get_assoc_req(struct ieee80211com *ic, struct ieee80211_node *ni, 1308 int type) 1309 { 1310 const struct ieee80211_rateset *rs = &ni->ni_rates; 1311 struct mbuf *m; 1312 u_int8_t *frm; 1313 u_int16_t capinfo; 1314 1315 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 1316 2 + 2 + 1317 ((type == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) ? 1318 IEEE80211_ADDR_LEN : 0) + 1319 2 + ni->ni_esslen + 1320 2 + min(rs->rs_nrates, IEEE80211_RATE_SIZE) + 1321 ((rs->rs_nrates > IEEE80211_RATE_SIZE) ? 1322 2 + rs->rs_nrates - IEEE80211_RATE_SIZE : 0) + 1323 (((ic->ic_flags & IEEE80211_F_RSNON) && 1324 (ni->ni_rsnprotos & IEEE80211_PROTO_RSN)) ? 1325 2 + IEEE80211_RSNIE_MAXLEN : 0) + 1326 ((ni->ni_flags & IEEE80211_NODE_QOS) ? 2 + 1 : 0) + 1327 (((ic->ic_flags & IEEE80211_F_RSNON) && 1328 (ni->ni_rsnprotos & IEEE80211_PROTO_WPA)) ? 1329 2 + IEEE80211_WPAIE_MAXLEN : 0) + 1330 ((ic->ic_flags & IEEE80211_F_HTON) ? 28 + 9 : 0)); 1331 if (m == NULL) 1332 return NULL; 1333 1334 frm = mtod(m, u_int8_t *); 1335 capinfo = IEEE80211_CAPINFO_ESS; 1336 if (ic->ic_flags & IEEE80211_F_WEPON) 1337 capinfo |= IEEE80211_CAPINFO_PRIVACY; 1338 if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) && 1339 IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) 1340 capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE; 1341 if (ic->ic_caps & IEEE80211_C_SHSLOT) 1342 capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME; 1343 LE_WRITE_2(frm, capinfo); frm += 2; 1344 LE_WRITE_2(frm, ic->ic_lintval); frm += 2; 1345 if (type == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) { 1346 IEEE80211_ADDR_COPY(frm, ic->ic_bss->ni_bssid); 1347 frm += IEEE80211_ADDR_LEN; 1348 } 1349 frm = ieee80211_add_ssid(frm, ni->ni_essid, ni->ni_esslen); 1350 frm = ieee80211_add_rates(frm, rs); 1351 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 1352 frm = ieee80211_add_xrates(frm, rs); 1353 if ((ic->ic_flags & IEEE80211_F_RSNON) && 1354 (ni->ni_rsnprotos & IEEE80211_PROTO_RSN)) 1355 frm = ieee80211_add_rsn(frm, ic, ni); 1356 if (ni->ni_flags & IEEE80211_NODE_QOS) 1357 frm = ieee80211_add_qos_capability(frm, ic); 1358 if ((ic->ic_flags & IEEE80211_F_RSNON) && 1359 (ni->ni_rsnprotos & IEEE80211_PROTO_WPA)) 1360 frm = ieee80211_add_wpa(frm, ic, ni); 1361 if (ic->ic_flags & IEEE80211_F_HTON) { 1362 frm = ieee80211_add_htcaps(frm, ic); 1363 frm = ieee80211_add_wme_info(frm, ic); 1364 } 1365 1366 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1367 1368 return m; 1369 } 1370 1371 #ifndef IEEE80211_STA_ONLY 1372 /*- 1373 * (Re)Association response frame format: 1374 * [2] Capability information 1375 * [2] Status code 1376 * [2] Association ID (AID) 1377 * [tlv] Supported rates 1378 * [tlv] Extended Supported Rates (802.11g) 1379 * [tlv] EDCA Parameter Set (802.11e) 1380 * [tlv] Timeout Interval (802.11w) 1381 * [tlv] HT Capabilities (802.11n) 1382 * [tlv] HT Operation (802.11n) 1383 */ 1384 struct mbuf * 1385 ieee80211_get_assoc_resp(struct ieee80211com *ic, struct ieee80211_node *ni, 1386 u_int16_t status) 1387 { 1388 const struct ieee80211_rateset *rs = &ni->ni_rates; 1389 struct mbuf *m; 1390 u_int8_t *frm; 1391 1392 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 1393 2 + 2 + 2 + 1394 2 + min(rs->rs_nrates, IEEE80211_RATE_SIZE) + 1395 ((rs->rs_nrates > IEEE80211_RATE_SIZE) ? 1396 2 + rs->rs_nrates - IEEE80211_RATE_SIZE : 0) + 1397 ((ni->ni_flags & IEEE80211_NODE_QOS) ? 2 + 18 : 0) + 1398 ((status == IEEE80211_STATUS_TRY_AGAIN_LATER) ? 2 + 7 : 0) + 1399 ((ic->ic_flags & IEEE80211_F_HTON) ? 28 + 24 : 0)); 1400 if (m == NULL) 1401 return NULL; 1402 1403 frm = mtod(m, u_int8_t *); 1404 frm = ieee80211_add_capinfo(frm, ic, ni); 1405 LE_WRITE_2(frm, status); frm += 2; 1406 if (status == IEEE80211_STATUS_SUCCESS) 1407 LE_WRITE_2(frm, ni->ni_associd); 1408 else 1409 LE_WRITE_2(frm, 0); 1410 frm += 2; 1411 frm = ieee80211_add_rates(frm, rs); 1412 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 1413 frm = ieee80211_add_xrates(frm, rs); 1414 if (ni->ni_flags & IEEE80211_NODE_QOS) 1415 frm = ieee80211_add_edca_params(frm, ic); 1416 if ((ni->ni_flags & IEEE80211_NODE_MFP) && 1417 status == IEEE80211_STATUS_TRY_AGAIN_LATER) { 1418 /* Association Comeback Time */ 1419 frm = ieee80211_add_tie(frm, 3, 1000 /* XXX */); 1420 } 1421 if (ic->ic_flags & IEEE80211_F_HTON) { 1422 frm = ieee80211_add_htcaps(frm, ic); 1423 frm = ieee80211_add_htop(frm, ic); 1424 } 1425 1426 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1427 1428 return m; 1429 } 1430 #endif /* IEEE80211_STA_ONLY */ 1431 1432 /*- 1433 * Disassociation frame format: 1434 * [2] Reason code 1435 */ 1436 struct mbuf * 1437 ieee80211_get_disassoc(struct ieee80211com *ic, struct ieee80211_node *ni, 1438 u_int16_t reason) 1439 { 1440 struct mbuf *m; 1441 1442 MGETHDR(m, M_DONTWAIT, MT_DATA); 1443 if (m == NULL) 1444 return NULL; 1445 MH_ALIGN(m, 2); 1446 1447 m->m_pkthdr.len = m->m_len = 2; 1448 *mtod(m, u_int16_t *) = htole16(reason); 1449 1450 return m; 1451 } 1452 1453 /*- 1454 * ADDBA Request frame format: 1455 * [1] Category 1456 * [1] Action 1457 * [1] Dialog Token 1458 * [2] Block Ack Parameter Set 1459 * [2] Block Ack Timeout Value 1460 * [2] Block Ack Starting Sequence Control 1461 */ 1462 struct mbuf * 1463 ieee80211_get_addba_req(struct ieee80211com *ic, struct ieee80211_node *ni, 1464 u_int8_t tid) 1465 { 1466 struct ieee80211_tx_ba *ba = &ni->ni_tx_ba[tid]; 1467 struct mbuf *m; 1468 u_int8_t *frm; 1469 1470 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 9); 1471 if (m == NULL) 1472 return m; 1473 1474 frm = mtod(m, u_int8_t *); 1475 *frm++ = IEEE80211_CATEG_BA; 1476 *frm++ = IEEE80211_ACTION_ADDBA_REQ; 1477 *frm++ = ba->ba_token; 1478 LE_WRITE_2(frm, ba->ba_params); frm += 2; 1479 LE_WRITE_2(frm, ba->ba_timeout_val / IEEE80211_DUR_TU); frm += 2; 1480 LE_WRITE_2(frm, ba->ba_winstart); frm += 2; 1481 1482 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1483 1484 return m; 1485 } 1486 1487 /*- 1488 * ADDBA Response frame format: 1489 * [1] Category 1490 * [1] Action 1491 * [1] Dialog Token 1492 * [2] Status Code 1493 * [2] Block Ack Parameter Set 1494 * [2] Block Ack Timeout Value 1495 */ 1496 struct mbuf * 1497 ieee80211_get_addba_resp(struct ieee80211com *ic, struct ieee80211_node *ni, 1498 u_int8_t tid, u_int8_t token, u_int16_t status) 1499 { 1500 struct ieee80211_rx_ba *ba = &ni->ni_rx_ba[tid]; 1501 struct mbuf *m; 1502 u_int8_t *frm; 1503 u_int16_t params; 1504 1505 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 9); 1506 if (m == NULL) 1507 return m; 1508 1509 frm = mtod(m, u_int8_t *); 1510 *frm++ = IEEE80211_CATEG_BA; 1511 *frm++ = IEEE80211_ACTION_ADDBA_RESP; 1512 *frm++ = token; 1513 LE_WRITE_2(frm, status); frm += 2; 1514 if (status == 0) 1515 params = ba->ba_params; 1516 else 1517 params = tid << IEEE80211_ADDBA_TID_SHIFT; 1518 LE_WRITE_2(frm, params); frm += 2; 1519 if (status == 0) 1520 LE_WRITE_2(frm, ba->ba_timeout_val / IEEE80211_DUR_TU); 1521 else 1522 LE_WRITE_2(frm, 0); 1523 frm += 2; 1524 1525 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1526 1527 return m; 1528 } 1529 1530 /*- 1531 * DELBA frame format: 1532 * [1] Category 1533 * [1] Action 1534 * [2] DELBA Parameter Set 1535 * [2] Reason Code 1536 */ 1537 struct mbuf * 1538 ieee80211_get_delba(struct ieee80211com *ic, struct ieee80211_node *ni, 1539 u_int8_t tid, u_int8_t dir, u_int16_t reason) 1540 { 1541 struct mbuf *m; 1542 u_int8_t *frm; 1543 u_int16_t params; 1544 1545 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 6); 1546 if (m == NULL) 1547 return m; 1548 1549 frm = mtod(m, u_int8_t *); 1550 *frm++ = IEEE80211_CATEG_BA; 1551 *frm++ = IEEE80211_ACTION_DELBA; 1552 params = tid << 12; 1553 if (dir) 1554 params |= IEEE80211_DELBA_INITIATOR; 1555 LE_WRITE_2(frm, params); frm += 2; 1556 LE_WRITE_2(frm, reason); frm += 2; 1557 1558 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1559 1560 return m; 1561 } 1562 1563 /*- 1564 * SA Query Request/Reponse frame format: 1565 * [1] Category 1566 * [1] Action 1567 * [16] Transaction Identifier 1568 */ 1569 struct mbuf * 1570 ieee80211_get_sa_query(struct ieee80211com *ic, struct ieee80211_node *ni, 1571 u_int8_t action) 1572 { 1573 struct mbuf *m; 1574 u_int8_t *frm; 1575 1576 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 4); 1577 if (m == NULL) 1578 return NULL; 1579 1580 frm = mtod(m, u_int8_t *); 1581 *frm++ = IEEE80211_CATEG_SA_QUERY; 1582 *frm++ = action; /* ACTION_SA_QUERY_REQ/RESP */ 1583 LE_WRITE_2(frm, ni->ni_sa_query_trid); frm += 2; 1584 1585 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1586 1587 return m; 1588 } 1589 1590 struct mbuf * 1591 ieee80211_get_action(struct ieee80211com *ic, struct ieee80211_node *ni, 1592 u_int8_t categ, u_int8_t action, int arg) 1593 { 1594 struct mbuf *m = NULL; 1595 1596 switch (categ) { 1597 case IEEE80211_CATEG_BA: 1598 switch (action) { 1599 case IEEE80211_ACTION_ADDBA_REQ: 1600 m = ieee80211_get_addba_req(ic, ni, arg & 0xffff); 1601 break; 1602 case IEEE80211_ACTION_ADDBA_RESP: 1603 m = ieee80211_get_addba_resp(ic, ni, arg & 0xff, 1604 arg >> 8, arg >> 16); 1605 break; 1606 case IEEE80211_ACTION_DELBA: 1607 m = ieee80211_get_delba(ic, ni, arg & 0xff, arg >> 8, 1608 arg >> 16); 1609 break; 1610 } 1611 break; 1612 case IEEE80211_CATEG_SA_QUERY: 1613 switch (action) { 1614 #ifndef IEEE80211_STA_ONLY 1615 case IEEE80211_ACTION_SA_QUERY_REQ: 1616 #endif 1617 case IEEE80211_ACTION_SA_QUERY_RESP: 1618 m = ieee80211_get_sa_query(ic, ni, action); 1619 break; 1620 } 1621 break; 1622 } 1623 return m; 1624 } 1625 1626 /* 1627 * Send a management frame. The node is for the destination (or ic_bss 1628 * when in station mode). Nodes other than ic_bss have their reference 1629 * count bumped to reflect our use for an indeterminant time. 1630 */ 1631 int 1632 ieee80211_send_mgmt(struct ieee80211com *ic, struct ieee80211_node *ni, 1633 int type, int arg1, int arg2) 1634 { 1635 #define senderr(_x, _v) do { ic->ic_stats._v++; ret = _x; goto bad; } while (0) 1636 struct ifnet *ifp = &ic->ic_if; 1637 struct mbuf *m; 1638 int ret, timer; 1639 1640 if (ni == NULL) 1641 panic("null node"); 1642 1643 /* 1644 * Hold a reference on the node so it doesn't go away until after 1645 * the xmit is complete all the way in the driver. On error we 1646 * will remove our reference. 1647 */ 1648 ieee80211_ref_node(ni); 1649 timer = 0; 1650 switch (type) { 1651 case IEEE80211_FC0_SUBTYPE_PROBE_REQ: 1652 if ((m = ieee80211_get_probe_req(ic, ni)) == NULL) 1653 senderr(ENOMEM, is_tx_nombuf); 1654 1655 timer = IEEE80211_TRANS_WAIT; 1656 break; 1657 #ifndef IEEE80211_STA_ONLY 1658 case IEEE80211_FC0_SUBTYPE_PROBE_RESP: 1659 if ((m = ieee80211_get_probe_resp(ic, ni)) == NULL) 1660 senderr(ENOMEM, is_tx_nombuf); 1661 break; 1662 #endif 1663 case IEEE80211_FC0_SUBTYPE_AUTH: 1664 m = ieee80211_get_auth(ic, ni, arg1 >> 16, arg1 & 0xffff); 1665 if (m == NULL) 1666 senderr(ENOMEM, is_tx_nombuf); 1667 1668 if (ic->ic_opmode == IEEE80211_M_STA) 1669 timer = IEEE80211_TRANS_WAIT; 1670 break; 1671 1672 case IEEE80211_FC0_SUBTYPE_DEAUTH: 1673 if ((m = ieee80211_get_deauth(ic, ni, arg1)) == NULL) 1674 senderr(ENOMEM, is_tx_nombuf); 1675 1676 if (ifp->if_flags & IFF_DEBUG) { 1677 printf("%s: station %s deauthenticate (reason %d)\n", 1678 ifp->if_xname, ether_sprintf(ni->ni_macaddr), 1679 arg1); 1680 } 1681 break; 1682 1683 case IEEE80211_FC0_SUBTYPE_ASSOC_REQ: 1684 case IEEE80211_FC0_SUBTYPE_REASSOC_REQ: 1685 if ((m = ieee80211_get_assoc_req(ic, ni, type)) == NULL) 1686 senderr(ENOMEM, is_tx_nombuf); 1687 1688 timer = IEEE80211_TRANS_WAIT; 1689 break; 1690 #ifndef IEEE80211_STA_ONLY 1691 case IEEE80211_FC0_SUBTYPE_ASSOC_RESP: 1692 case IEEE80211_FC0_SUBTYPE_REASSOC_RESP: 1693 if ((m = ieee80211_get_assoc_resp(ic, ni, arg1)) == NULL) 1694 senderr(ENOMEM, is_tx_nombuf); 1695 break; 1696 #endif 1697 case IEEE80211_FC0_SUBTYPE_DISASSOC: 1698 if ((m = ieee80211_get_disassoc(ic, ni, arg1)) == NULL) 1699 senderr(ENOMEM, is_tx_nombuf); 1700 1701 if (ifp->if_flags & IFF_DEBUG) { 1702 printf("%s: station %s disassociate (reason %d)\n", 1703 ifp->if_xname, ether_sprintf(ni->ni_macaddr), 1704 arg1); 1705 } 1706 break; 1707 1708 case IEEE80211_FC0_SUBTYPE_ACTION: 1709 m = ieee80211_get_action(ic, ni, arg1 >> 16, arg1 & 0xffff, 1710 arg2); 1711 if (m == NULL) 1712 senderr(ENOMEM, is_tx_nombuf); 1713 break; 1714 1715 default: 1716 DPRINTF(("invalid mgmt frame type %u\n", type)); 1717 senderr(EINVAL, is_tx_unknownmgt); 1718 /* NOTREACHED */ 1719 } 1720 1721 ret = ieee80211_mgmt_output(ifp, ni, m, type); 1722 if (ret == 0) { 1723 if (timer) 1724 ic->ic_mgt_timer = timer; 1725 } else { 1726 bad: 1727 ieee80211_release_node(ic, ni); 1728 } 1729 return ret; 1730 #undef senderr 1731 } 1732 1733 /* 1734 * Build a RTS (Request To Send) control frame (see 7.2.1.1). 1735 */ 1736 struct mbuf * 1737 ieee80211_get_rts(struct ieee80211com *ic, const struct ieee80211_frame *wh, 1738 u_int16_t dur) 1739 { 1740 struct ieee80211_frame_rts *rts; 1741 struct mbuf *m; 1742 1743 MGETHDR(m, M_DONTWAIT, MT_DATA); 1744 if (m == NULL) 1745 return NULL; 1746 1747 m->m_pkthdr.len = m->m_len = sizeof(struct ieee80211_frame_rts); 1748 1749 rts = mtod(m, struct ieee80211_frame_rts *); 1750 rts->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_CTL | 1751 IEEE80211_FC0_SUBTYPE_RTS; 1752 rts->i_fc[1] = IEEE80211_FC1_DIR_NODS; 1753 *(u_int16_t *)rts->i_dur = htole16(dur); 1754 IEEE80211_ADDR_COPY(rts->i_ra, wh->i_addr1); 1755 IEEE80211_ADDR_COPY(rts->i_ta, wh->i_addr2); 1756 1757 return m; 1758 } 1759 1760 /* 1761 * Build a CTS-to-self (Clear To Send) control frame (see 7.2.1.2). 1762 */ 1763 struct mbuf * 1764 ieee80211_get_cts_to_self(struct ieee80211com *ic, u_int16_t dur) 1765 { 1766 struct ieee80211_frame_cts *cts; 1767 struct mbuf *m; 1768 1769 MGETHDR(m, M_DONTWAIT, MT_DATA); 1770 if (m == NULL) 1771 return NULL; 1772 1773 m->m_pkthdr.len = m->m_len = sizeof(struct ieee80211_frame_cts); 1774 1775 cts = mtod(m, struct ieee80211_frame_cts *); 1776 cts->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_CTL | 1777 IEEE80211_FC0_SUBTYPE_CTS; 1778 cts->i_fc[1] = IEEE80211_FC1_DIR_NODS; 1779 *(u_int16_t *)cts->i_dur = htole16(dur); 1780 IEEE80211_ADDR_COPY(cts->i_ra, ic->ic_myaddr); 1781 1782 return m; 1783 } 1784 1785 #ifndef IEEE80211_STA_ONLY 1786 /*- 1787 * Beacon frame format: 1788 * [8] Timestamp 1789 * [2] Beacon interval 1790 * [2] Capability 1791 * [tlv] Service Set Identifier (SSID) 1792 * [tlv] Supported rates 1793 * [tlv] DS Parameter Set (802.11g) 1794 * [tlv] IBSS Parameter Set 1795 * [tlv] Traffic Indication Map (TIM) 1796 * [tlv] ERP Information (802.11g) 1797 * [tlv] Extended Supported Rates (802.11g) 1798 * [tlv] RSN (802.11i) 1799 * [tlv] EDCA Parameter Set (802.11e) 1800 * [tlv] HT Capabilities (802.11n) 1801 * [tlv] HT Operation (802.11n) 1802 */ 1803 struct mbuf * 1804 ieee80211_beacon_alloc(struct ieee80211com *ic, struct ieee80211_node *ni) 1805 { 1806 const struct ieee80211_rateset *rs = &ni->ni_rates; 1807 struct ieee80211_frame *wh; 1808 struct mbuf *m; 1809 u_int8_t *frm; 1810 1811 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 1812 8 + 2 + 2 + 1813 2 + ((ic->ic_flags & IEEE80211_F_HIDENWID) ? 0 : ni->ni_esslen) + 1814 2 + min(rs->rs_nrates, IEEE80211_RATE_SIZE) + 1815 2 + 1 + 1816 2 + ((ic->ic_opmode == IEEE80211_M_IBSS) ? 2 : 254) + 1817 ((ic->ic_curmode == IEEE80211_MODE_11G) ? 2 + 1 : 0) + 1818 ((rs->rs_nrates > IEEE80211_RATE_SIZE) ? 1819 2 + rs->rs_nrates - IEEE80211_RATE_SIZE : 0) + 1820 (((ic->ic_flags & IEEE80211_F_RSNON) && 1821 (ni->ni_rsnprotos & IEEE80211_PROTO_RSN)) ? 1822 2 + IEEE80211_RSNIE_MAXLEN : 0) + 1823 ((ic->ic_flags & IEEE80211_F_QOS) ? 2 + 18 : 0) + 1824 (((ic->ic_flags & IEEE80211_F_RSNON) && 1825 (ni->ni_rsnprotos & IEEE80211_PROTO_WPA)) ? 1826 2 + IEEE80211_WPAIE_MAXLEN : 0) + 1827 ((ic->ic_flags & IEEE80211_F_HTON) ? 28 + 24 : 0)); 1828 if (m == NULL) 1829 return NULL; 1830 1831 M_PREPEND(m, sizeof(struct ieee80211_frame), M_DONTWAIT); 1832 if (m == NULL) 1833 return NULL; 1834 wh = mtod(m, struct ieee80211_frame *); 1835 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 1836 IEEE80211_FC0_SUBTYPE_BEACON; 1837 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 1838 *(u_int16_t *)wh->i_dur = 0; 1839 IEEE80211_ADDR_COPY(wh->i_addr1, etherbroadcastaddr); 1840 IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_myaddr); 1841 IEEE80211_ADDR_COPY(wh->i_addr3, ni->ni_bssid); 1842 *(u_int16_t *)wh->i_seq = 0; 1843 1844 frm = (u_int8_t *)&wh[1]; 1845 memset(frm, 0, 8); frm += 8; /* timestamp is set by hardware */ 1846 LE_WRITE_2(frm, ni->ni_intval); frm += 2; 1847 frm = ieee80211_add_capinfo(frm, ic, ni); 1848 if (ic->ic_flags & IEEE80211_F_HIDENWID) 1849 frm = ieee80211_add_ssid(frm, NULL, 0); 1850 else 1851 frm = ieee80211_add_ssid(frm, ni->ni_essid, ni->ni_esslen); 1852 frm = ieee80211_add_rates(frm, rs); 1853 frm = ieee80211_add_ds_params(frm, ic, ni); 1854 if (ic->ic_opmode == IEEE80211_M_IBSS) 1855 frm = ieee80211_add_ibss_params(frm, ni); 1856 else 1857 frm = ieee80211_add_tim(frm, ic); 1858 if (ic->ic_curmode == IEEE80211_MODE_11G) 1859 frm = ieee80211_add_erp(frm, ic); 1860 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 1861 frm = ieee80211_add_xrates(frm, rs); 1862 if ((ic->ic_flags & IEEE80211_F_RSNON) && 1863 (ni->ni_rsnprotos & IEEE80211_PROTO_RSN)) 1864 frm = ieee80211_add_rsn(frm, ic, ni); 1865 if (ic->ic_flags & IEEE80211_F_QOS) 1866 frm = ieee80211_add_edca_params(frm, ic); 1867 if ((ic->ic_flags & IEEE80211_F_RSNON) && 1868 (ni->ni_rsnprotos & IEEE80211_PROTO_WPA)) 1869 frm = ieee80211_add_wpa(frm, ic, ni); 1870 if (ic->ic_flags & IEEE80211_F_HTON) { 1871 frm = ieee80211_add_htcaps(frm, ic); 1872 frm = ieee80211_add_htop(frm, ic); 1873 } 1874 1875 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1876 m->m_pkthdr.ph_cookie = ni; 1877 1878 return m; 1879 } 1880 1881 /* 1882 * Check if an outgoing MSDU or management frame should be buffered into 1883 * the AP for power management. Return 1 if the frame was buffered into 1884 * the AP, or 0 if the frame shall be transmitted immediately. 1885 */ 1886 int 1887 ieee80211_pwrsave(struct ieee80211com *ic, struct mbuf *m, 1888 struct ieee80211_node *ni) 1889 { 1890 const struct ieee80211_frame *wh; 1891 1892 KASSERT(ic->ic_opmode == IEEE80211_M_HOSTAP); 1893 if (!(ic->ic_caps & IEEE80211_C_APPMGT)) 1894 return 0; 1895 1896 wh = mtod(m, struct ieee80211_frame *); 1897 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) { 1898 /* 1899 * Buffer group addressed MSDUs with the Order bit clear 1900 * if any associated STAs are in PS mode. 1901 */ 1902 if ((wh->i_fc[1] & IEEE80211_FC1_ORDER) || 1903 ic->ic_pssta == 0) 1904 return 0; 1905 ic->ic_tim_mcast_pending = 1; 1906 } else { 1907 /* 1908 * Buffer MSDUs, A-MSDUs or management frames destined for 1909 * PS STAs. 1910 */ 1911 if (ni->ni_pwrsave == IEEE80211_PS_AWAKE || 1912 (wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == 1913 IEEE80211_FC0_TYPE_CTL) 1914 return 0; 1915 if (mq_empty(&ni->ni_savedq)) 1916 (*ic->ic_set_tim)(ic, ni->ni_associd, 1); 1917 } 1918 /* NB: ni == ic->ic_bss for broadcast/multicast */ 1919 /* 1920 * Similar to ieee80211_mgmt_output, store the node in a 1921 * special pkthdr field. 1922 */ 1923 m->m_pkthdr.ph_cookie = ni; 1924 mq_enqueue(&ni->ni_savedq, m); 1925 return 1; 1926 } 1927 #endif /* IEEE80211_STA_ONLY */ 1928