ieee80211_output.c revision 259175
1/*- 2 * Copyright (c) 2001 Atsushi Onoe 3 * Copyright (c) 2002-2009 Sam Leffler, Errno Consulting 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 */ 26 27#include <sys/cdefs.h> 28__FBSDID("$FreeBSD: stable/10/sys/net80211/ieee80211_output.c 259175 2013-12-10 13:42:59Z gavin $"); 29 30#include "opt_inet.h" 31#include "opt_inet6.h" 32#include "opt_wlan.h" 33 34#include <sys/param.h> 35#include <sys/systm.h> 36#include <sys/mbuf.h> 37#include <sys/kernel.h> 38#include <sys/endian.h> 39 40#include <sys/socket.h> 41 42#include <net/bpf.h> 43#include <net/ethernet.h> 44#include <net/if.h> 45#include <net/if_llc.h> 46#include <net/if_media.h> 47#include <net/if_vlan_var.h> 48 49#include <net80211/ieee80211_var.h> 50#include <net80211/ieee80211_regdomain.h> 51#ifdef IEEE80211_SUPPORT_SUPERG 52#include <net80211/ieee80211_superg.h> 53#endif 54#ifdef IEEE80211_SUPPORT_TDMA 55#include <net80211/ieee80211_tdma.h> 56#endif 57#include <net80211/ieee80211_wds.h> 58#include <net80211/ieee80211_mesh.h> 59 60#if defined(INET) || defined(INET6) 61#include <netinet/in.h> 62#endif 63 64#ifdef INET 65#include <netinet/if_ether.h> 66#include <netinet/in_systm.h> 67#include <netinet/ip.h> 68#endif 69#ifdef INET6 70#include <netinet/ip6.h> 71#endif 72 73#include <security/mac/mac_framework.h> 74 75#define ETHER_HEADER_COPY(dst, src) \ 76 memcpy(dst, src, sizeof(struct ether_header)) 77 78/* unalligned little endian access */ 79#define LE_WRITE_2(p, v) do { \ 80 ((uint8_t *)(p))[0] = (v) & 0xff; \ 81 ((uint8_t *)(p))[1] = ((v) >> 8) & 0xff; \ 82} while (0) 83#define LE_WRITE_4(p, v) do { \ 84 ((uint8_t *)(p))[0] = (v) & 0xff; \ 85 ((uint8_t *)(p))[1] = ((v) >> 8) & 0xff; \ 86 ((uint8_t *)(p))[2] = ((v) >> 16) & 0xff; \ 87 ((uint8_t *)(p))[3] = ((v) >> 24) & 0xff; \ 88} while (0) 89 90static int ieee80211_fragment(struct ieee80211vap *, struct mbuf *, 91 u_int hdrsize, u_int ciphdrsize, u_int mtu); 92static void ieee80211_tx_mgt_cb(struct ieee80211_node *, void *, int); 93 94#ifdef IEEE80211_DEBUG 95/* 96 * Decide if an outbound management frame should be 97 * printed when debugging is enabled. This filters some 98 * of the less interesting frames that come frequently 99 * (e.g. beacons). 100 */ 101static __inline int 102doprint(struct ieee80211vap *vap, int subtype) 103{ 104 switch (subtype) { 105 case IEEE80211_FC0_SUBTYPE_PROBE_RESP: 106 return (vap->iv_opmode == IEEE80211_M_IBSS); 107 } 108 return 1; 109} 110#endif 111 112/* 113 * Transmit a frame to the given destination on the given VAP. 114 * 115 * It's up to the caller to figure out the details of who this 116 * is going to and resolving the node. 117 * 118 * This routine takes care of queuing it for power save, 119 * A-MPDU state stuff, fast-frames state stuff, encapsulation 120 * if required, then passing it up to the driver layer. 121 * 122 * This routine (for now) consumes the mbuf and frees the node 123 * reference; it ideally will return a TX status which reflects 124 * whether the mbuf was consumed or not, so the caller can 125 * free the mbuf (if appropriate) and the node reference (again, 126 * if appropriate.) 127 */ 128int 129ieee80211_vap_pkt_send_dest(struct ieee80211vap *vap, struct mbuf *m, 130 struct ieee80211_node *ni) 131{ 132 struct ieee80211com *ic = vap->iv_ic; 133 struct ifnet *ifp = vap->iv_ifp; 134 int error; 135 136 if ((ni->ni_flags & IEEE80211_NODE_PWR_MGT) && 137 (m->m_flags & M_PWR_SAV) == 0) { 138 /* 139 * Station in power save mode; pass the frame 140 * to the 802.11 layer and continue. We'll get 141 * the frame back when the time is right. 142 * XXX lose WDS vap linkage? 143 */ 144 (void) ieee80211_pwrsave(ni, m); 145 ieee80211_free_node(ni); 146 147 /* 148 * We queued it fine, so tell the upper layer 149 * that we consumed it. 150 */ 151 return (0); 152 } 153 /* calculate priority so drivers can find the tx queue */ 154 if (ieee80211_classify(ni, m)) { 155 IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_OUTPUT, 156 ni->ni_macaddr, NULL, 157 "%s", "classification failure"); 158 vap->iv_stats.is_tx_classify++; 159 ifp->if_oerrors++; 160 m_freem(m); 161 ieee80211_free_node(ni); 162 163 /* XXX better status? */ 164 return (0); 165 } 166 /* 167 * Stash the node pointer. Note that we do this after 168 * any call to ieee80211_dwds_mcast because that code 169 * uses any existing value for rcvif to identify the 170 * interface it (might have been) received on. 171 */ 172 m->m_pkthdr.rcvif = (void *)ni; 173 174 BPF_MTAP(ifp, m); /* 802.3 tx */ 175 176 /* 177 * Check if A-MPDU tx aggregation is setup or if we 178 * should try to enable it. The sta must be associated 179 * with HT and A-MPDU enabled for use. When the policy 180 * routine decides we should enable A-MPDU we issue an 181 * ADDBA request and wait for a reply. The frame being 182 * encapsulated will go out w/o using A-MPDU, or possibly 183 * it might be collected by the driver and held/retransmit. 184 * The default ic_ampdu_enable routine handles staggering 185 * ADDBA requests in case the receiver NAK's us or we are 186 * otherwise unable to establish a BA stream. 187 */ 188 if ((ni->ni_flags & IEEE80211_NODE_AMPDU_TX) && 189 (vap->iv_flags_ht & IEEE80211_FHT_AMPDU_TX) && 190 (m->m_flags & M_EAPOL) == 0) { 191 int tid = WME_AC_TO_TID(M_WME_GETAC(m)); 192 struct ieee80211_tx_ampdu *tap = &ni->ni_tx_ampdu[tid]; 193 194 ieee80211_txampdu_count_packet(tap); 195 if (IEEE80211_AMPDU_RUNNING(tap)) { 196 /* 197 * Operational, mark frame for aggregation. 198 * 199 * XXX do tx aggregation here 200 */ 201 m->m_flags |= M_AMPDU_MPDU; 202 } else if (!IEEE80211_AMPDU_REQUESTED(tap) && 203 ic->ic_ampdu_enable(ni, tap)) { 204 /* 205 * Not negotiated yet, request service. 206 */ 207 ieee80211_ampdu_request(ni, tap); 208 /* XXX hold frame for reply? */ 209 } 210 } 211 212#ifdef IEEE80211_SUPPORT_SUPERG 213 else if (IEEE80211_ATH_CAP(vap, ni, IEEE80211_NODE_FF)) { 214 m = ieee80211_ff_check(ni, m); 215 if (m == NULL) { 216 /* NB: any ni ref held on stageq */ 217 return (0); 218 } 219 } 220#endif /* IEEE80211_SUPPORT_SUPERG */ 221 222 /* 223 * Grab the TX lock - serialise the TX process from this 224 * point (where TX state is being checked/modified) 225 * through to driver queue. 226 */ 227 IEEE80211_TX_LOCK(ic); 228 229 if (__predict_true((vap->iv_caps & IEEE80211_C_8023ENCAP) == 0)) { 230 /* 231 * Encapsulate the packet in prep for transmission. 232 */ 233 m = ieee80211_encap(vap, ni, m); 234 if (m == NULL) { 235 /* NB: stat+msg handled in ieee80211_encap */ 236 IEEE80211_TX_UNLOCK(ic); 237 ieee80211_free_node(ni); 238 /* XXX better status? */ 239 return (ENOBUFS); 240 } 241 } 242 error = ieee80211_parent_xmitpkt(ic, m); 243 244 /* 245 * Unlock at this point - no need to hold it across 246 * ieee80211_free_node() (ie, the comlock) 247 */ 248 IEEE80211_TX_UNLOCK(ic); 249 if (error != 0) { 250 /* NB: IFQ_HANDOFF reclaims mbuf */ 251 ieee80211_free_node(ni); 252 } else { 253 ifp->if_opackets++; 254 } 255 ic->ic_lastdata = ticks; 256 257 return (0); 258} 259 260 261 262/* 263 * Send the given mbuf through the given vap. 264 * 265 * This consumes the mbuf regardless of whether the transmit 266 * was successful or not. 267 * 268 * This does none of the initial checks that ieee80211_start() 269 * does (eg CAC timeout, interface wakeup) - the caller must 270 * do this first. 271 */ 272static int 273ieee80211_start_pkt(struct ieee80211vap *vap, struct mbuf *m) 274{ 275#define IS_DWDS(vap) \ 276 (vap->iv_opmode == IEEE80211_M_WDS && \ 277 (vap->iv_flags_ext & IEEE80211_FEXT_WDSLEGACY) == 0) 278 struct ieee80211com *ic = vap->iv_ic; 279 struct ifnet *ifp = vap->iv_ifp; 280 struct ieee80211_node *ni; 281 struct ether_header *eh; 282 283 /* 284 * Cancel any background scan. 285 */ 286 if (ic->ic_flags & IEEE80211_F_SCAN) 287 ieee80211_cancel_anyscan(vap); 288 /* 289 * Find the node for the destination so we can do 290 * things like power save and fast frames aggregation. 291 * 292 * NB: past this point various code assumes the first 293 * mbuf has the 802.3 header present (and contiguous). 294 */ 295 ni = NULL; 296 if (m->m_len < sizeof(struct ether_header) && 297 (m = m_pullup(m, sizeof(struct ether_header))) == NULL) { 298 IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT, 299 "discard frame, %s\n", "m_pullup failed"); 300 vap->iv_stats.is_tx_nobuf++; /* XXX */ 301 ifp->if_oerrors++; 302 return (ENOBUFS); 303 } 304 eh = mtod(m, struct ether_header *); 305 if (ETHER_IS_MULTICAST(eh->ether_dhost)) { 306 if (IS_DWDS(vap)) { 307 /* 308 * Only unicast frames from the above go out 309 * DWDS vaps; multicast frames are handled by 310 * dispatching the frame as it comes through 311 * the AP vap (see below). 312 */ 313 IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_WDS, 314 eh->ether_dhost, "mcast", "%s", "on DWDS"); 315 vap->iv_stats.is_dwds_mcast++; 316 m_freem(m); 317 /* XXX better status? */ 318 return (ENOBUFS); 319 } 320 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 321 /* 322 * Spam DWDS vap's w/ multicast traffic. 323 */ 324 /* XXX only if dwds in use? */ 325 ieee80211_dwds_mcast(vap, m); 326 } 327 } 328#ifdef IEEE80211_SUPPORT_MESH 329 if (vap->iv_opmode != IEEE80211_M_MBSS) { 330#endif 331 ni = ieee80211_find_txnode(vap, eh->ether_dhost); 332 if (ni == NULL) { 333 /* NB: ieee80211_find_txnode does stat+msg */ 334 ifp->if_oerrors++; 335 m_freem(m); 336 /* XXX better status? */ 337 return (ENOBUFS); 338 } 339 if (ni->ni_associd == 0 && 340 (ni->ni_flags & IEEE80211_NODE_ASSOCID)) { 341 IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_OUTPUT, 342 eh->ether_dhost, NULL, 343 "sta not associated (type 0x%04x)", 344 htons(eh->ether_type)); 345 vap->iv_stats.is_tx_notassoc++; 346 ifp->if_oerrors++; 347 m_freem(m); 348 ieee80211_free_node(ni); 349 /* XXX better status? */ 350 return (ENOBUFS); 351 } 352#ifdef IEEE80211_SUPPORT_MESH 353 } else { 354 if (!IEEE80211_ADDR_EQ(eh->ether_shost, vap->iv_myaddr)) { 355 /* 356 * Proxy station only if configured. 357 */ 358 if (!ieee80211_mesh_isproxyena(vap)) { 359 IEEE80211_DISCARD_MAC(vap, 360 IEEE80211_MSG_OUTPUT | 361 IEEE80211_MSG_MESH, 362 eh->ether_dhost, NULL, 363 "%s", "proxy not enabled"); 364 vap->iv_stats.is_mesh_notproxy++; 365 ifp->if_oerrors++; 366 m_freem(m); 367 /* XXX better status? */ 368 return (ENOBUFS); 369 } 370 IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT, 371 "forward frame from DS SA(%6D), DA(%6D)\n", 372 eh->ether_shost, ":", 373 eh->ether_dhost, ":"); 374 ieee80211_mesh_proxy_check(vap, eh->ether_shost); 375 } 376 ni = ieee80211_mesh_discover(vap, eh->ether_dhost, m); 377 if (ni == NULL) { 378 /* 379 * NB: ieee80211_mesh_discover holds/disposes 380 * frame (e.g. queueing on path discovery). 381 */ 382 ifp->if_oerrors++; 383 /* XXX better status? */ 384 return (ENOBUFS); 385 } 386 } 387#endif 388 389 /* 390 * We've resolved the sender, so attempt to transmit it. 391 */ 392 if (ieee80211_vap_pkt_send_dest(vap, m, ni) != 0) 393 return (ENOBUFS); 394 return (0); 395#undef IS_DWDS 396} 397 398/* 399 * Start method for vap's. All packets from the stack come 400 * through here. We handle common processing of the packets 401 * before dispatching them to the underlying device. 402 * 403 * if_transmit() requires that the mbuf be consumed by this call 404 * regardless of the return condition. 405 */ 406int 407ieee80211_vap_transmit(struct ifnet *ifp, struct mbuf *m) 408{ 409 struct ieee80211vap *vap = ifp->if_softc; 410 struct ieee80211com *ic = vap->iv_ic; 411 struct ifnet *parent = ic->ic_ifp; 412 413 /* NB: parent must be up and running */ 414 if (!IFNET_IS_UP_RUNNING(parent)) { 415 IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT, 416 "%s: ignore queue, parent %s not up+running\n", 417 __func__, parent->if_xname); 418 /* XXX stat */ 419 m_freem(m); 420 return (EINVAL); 421 } 422 if (vap->iv_state == IEEE80211_S_SLEEP) { 423 /* 424 * In power save, wakeup device for transmit. 425 */ 426 ieee80211_new_state(vap, IEEE80211_S_RUN, 0); 427 m_freem(m); 428 return (0); 429 } 430 /* 431 * No data frames go out unless we're running. 432 * Note in particular this covers CAC and CSA 433 * states (though maybe we should check muting 434 * for CSA). 435 */ 436 if (vap->iv_state != IEEE80211_S_RUN) { 437 IEEE80211_LOCK(ic); 438 /* re-check under the com lock to avoid races */ 439 if (vap->iv_state != IEEE80211_S_RUN) { 440 IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT, 441 "%s: ignore queue, in %s state\n", 442 __func__, ieee80211_state_name[vap->iv_state]); 443 vap->iv_stats.is_tx_badstate++; 444 IEEE80211_UNLOCK(ic); 445 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 446 m_freem(m); 447 return (EINVAL); 448 } 449 IEEE80211_UNLOCK(ic); 450 } 451 452 /* 453 * Sanitize mbuf flags for net80211 use. We cannot 454 * clear M_PWR_SAV or M_MORE_DATA because these may 455 * be set for frames that are re-submitted from the 456 * power save queue. 457 * 458 * NB: This must be done before ieee80211_classify as 459 * it marks EAPOL in frames with M_EAPOL. 460 */ 461 m->m_flags &= ~(M_80211_TX - M_PWR_SAV - M_MORE_DATA); 462 463 /* 464 * Bump to the packet transmission path. 465 * The mbuf will be consumed here. 466 */ 467 return (ieee80211_start_pkt(vap, m)); 468} 469 470void 471ieee80211_vap_qflush(struct ifnet *ifp) 472{ 473 474 /* Empty for now */ 475} 476 477/* 478 * 802.11 raw output routine. 479 */ 480int 481ieee80211_raw_output(struct ieee80211vap *vap, struct ieee80211_node *ni, 482 struct mbuf *m, const struct ieee80211_bpf_params *params) 483{ 484 struct ieee80211com *ic = vap->iv_ic; 485 486 return (ic->ic_raw_xmit(ni, m, params)); 487} 488 489/* 490 * 802.11 output routine. This is (currently) used only to 491 * connect bpf write calls to the 802.11 layer for injecting 492 * raw 802.11 frames. 493 */ 494#if __FreeBSD_version >= 1000031 495int 496ieee80211_output(struct ifnet *ifp, struct mbuf *m, 497 const struct sockaddr *dst, struct route *ro) 498#else 499int 500ieee80211_output(struct ifnet *ifp, struct mbuf *m, 501 struct sockaddr *dst, struct route *ro) 502#endif 503{ 504#define senderr(e) do { error = (e); goto bad;} while (0) 505 struct ieee80211_node *ni = NULL; 506 struct ieee80211vap *vap; 507 struct ieee80211_frame *wh; 508 struct ieee80211com *ic = NULL; 509 int error; 510 int ret; 511 512 if (ifp->if_drv_flags & IFF_DRV_OACTIVE) { 513 /* 514 * Short-circuit requests if the vap is marked OACTIVE 515 * as this can happen because a packet came down through 516 * ieee80211_start before the vap entered RUN state in 517 * which case it's ok to just drop the frame. This 518 * should not be necessary but callers of if_output don't 519 * check OACTIVE. 520 */ 521 senderr(ENETDOWN); 522 } 523 vap = ifp->if_softc; 524 ic = vap->iv_ic; 525 /* 526 * Hand to the 802.3 code if not tagged as 527 * a raw 802.11 frame. 528 */ 529 if (dst->sa_family != AF_IEEE80211) 530 return vap->iv_output(ifp, m, dst, ro); 531#ifdef MAC 532 error = mac_ifnet_check_transmit(ifp, m); 533 if (error) 534 senderr(error); 535#endif 536 if (ifp->if_flags & IFF_MONITOR) 537 senderr(ENETDOWN); 538 if (!IFNET_IS_UP_RUNNING(ifp)) 539 senderr(ENETDOWN); 540 if (vap->iv_state == IEEE80211_S_CAC) { 541 IEEE80211_DPRINTF(vap, 542 IEEE80211_MSG_OUTPUT | IEEE80211_MSG_DOTH, 543 "block %s frame in CAC state\n", "raw data"); 544 vap->iv_stats.is_tx_badstate++; 545 senderr(EIO); /* XXX */ 546 } else if (vap->iv_state == IEEE80211_S_SCAN) 547 senderr(EIO); 548 /* XXX bypass bridge, pfil, carp, etc. */ 549 550 if (m->m_pkthdr.len < sizeof(struct ieee80211_frame_ack)) 551 senderr(EIO); /* XXX */ 552 wh = mtod(m, struct ieee80211_frame *); 553 if ((wh->i_fc[0] & IEEE80211_FC0_VERSION_MASK) != 554 IEEE80211_FC0_VERSION_0) 555 senderr(EIO); /* XXX */ 556 557 /* locate destination node */ 558 switch (wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) { 559 case IEEE80211_FC1_DIR_NODS: 560 case IEEE80211_FC1_DIR_FROMDS: 561 ni = ieee80211_find_txnode(vap, wh->i_addr1); 562 break; 563 case IEEE80211_FC1_DIR_TODS: 564 case IEEE80211_FC1_DIR_DSTODS: 565 if (m->m_pkthdr.len < sizeof(struct ieee80211_frame)) 566 senderr(EIO); /* XXX */ 567 ni = ieee80211_find_txnode(vap, wh->i_addr3); 568 break; 569 default: 570 senderr(EIO); /* XXX */ 571 } 572 if (ni == NULL) { 573 /* 574 * Permit packets w/ bpf params through regardless 575 * (see below about sa_len). 576 */ 577 if (dst->sa_len == 0) 578 senderr(EHOSTUNREACH); 579 ni = ieee80211_ref_node(vap->iv_bss); 580 } 581 582 /* 583 * Sanitize mbuf for net80211 flags leaked from above. 584 * 585 * NB: This must be done before ieee80211_classify as 586 * it marks EAPOL in frames with M_EAPOL. 587 */ 588 m->m_flags &= ~M_80211_TX; 589 590 /* calculate priority so drivers can find the tx queue */ 591 /* XXX assumes an 802.3 frame */ 592 if (ieee80211_classify(ni, m)) 593 senderr(EIO); /* XXX */ 594 595 ifp->if_opackets++; 596 IEEE80211_NODE_STAT(ni, tx_data); 597 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) { 598 IEEE80211_NODE_STAT(ni, tx_mcast); 599 m->m_flags |= M_MCAST; 600 } else 601 IEEE80211_NODE_STAT(ni, tx_ucast); 602 /* NB: ieee80211_encap does not include 802.11 header */ 603 IEEE80211_NODE_STAT_ADD(ni, tx_bytes, m->m_pkthdr.len); 604 605 IEEE80211_TX_LOCK(ic); 606 607 /* 608 * NB: DLT_IEEE802_11_RADIO identifies the parameters are 609 * present by setting the sa_len field of the sockaddr (yes, 610 * this is a hack). 611 * NB: we assume sa_data is suitably aligned to cast. 612 */ 613 ret = ieee80211_raw_output(vap, ni, m, 614 (const struct ieee80211_bpf_params *)(dst->sa_len ? 615 dst->sa_data : NULL)); 616 IEEE80211_TX_UNLOCK(ic); 617 return (ret); 618bad: 619 if (m != NULL) 620 m_freem(m); 621 if (ni != NULL) 622 ieee80211_free_node(ni); 623 ifp->if_oerrors++; 624 return error; 625#undef senderr 626} 627 628/* 629 * Set the direction field and address fields of an outgoing 630 * frame. Note this should be called early on in constructing 631 * a frame as it sets i_fc[1]; other bits can then be or'd in. 632 */ 633void 634ieee80211_send_setup( 635 struct ieee80211_node *ni, 636 struct mbuf *m, 637 int type, int tid, 638 const uint8_t sa[IEEE80211_ADDR_LEN], 639 const uint8_t da[IEEE80211_ADDR_LEN], 640 const uint8_t bssid[IEEE80211_ADDR_LEN]) 641{ 642#define WH4(wh) ((struct ieee80211_frame_addr4 *)wh) 643 struct ieee80211vap *vap = ni->ni_vap; 644 struct ieee80211_tx_ampdu *tap; 645 struct ieee80211_frame *wh = mtod(m, struct ieee80211_frame *); 646 ieee80211_seq seqno; 647 648 IEEE80211_TX_LOCK_ASSERT(ni->ni_ic); 649 650 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | type; 651 if ((type & IEEE80211_FC0_TYPE_MASK) == IEEE80211_FC0_TYPE_DATA) { 652 switch (vap->iv_opmode) { 653 case IEEE80211_M_STA: 654 wh->i_fc[1] = IEEE80211_FC1_DIR_TODS; 655 IEEE80211_ADDR_COPY(wh->i_addr1, bssid); 656 IEEE80211_ADDR_COPY(wh->i_addr2, sa); 657 IEEE80211_ADDR_COPY(wh->i_addr3, da); 658 break; 659 case IEEE80211_M_IBSS: 660 case IEEE80211_M_AHDEMO: 661 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 662 IEEE80211_ADDR_COPY(wh->i_addr1, da); 663 IEEE80211_ADDR_COPY(wh->i_addr2, sa); 664 IEEE80211_ADDR_COPY(wh->i_addr3, bssid); 665 break; 666 case IEEE80211_M_HOSTAP: 667 wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS; 668 IEEE80211_ADDR_COPY(wh->i_addr1, da); 669 IEEE80211_ADDR_COPY(wh->i_addr2, bssid); 670 IEEE80211_ADDR_COPY(wh->i_addr3, sa); 671 break; 672 case IEEE80211_M_WDS: 673 wh->i_fc[1] = IEEE80211_FC1_DIR_DSTODS; 674 IEEE80211_ADDR_COPY(wh->i_addr1, da); 675 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr); 676 IEEE80211_ADDR_COPY(wh->i_addr3, da); 677 IEEE80211_ADDR_COPY(WH4(wh)->i_addr4, sa); 678 break; 679 case IEEE80211_M_MBSS: 680#ifdef IEEE80211_SUPPORT_MESH 681 if (IEEE80211_IS_MULTICAST(da)) { 682 wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS; 683 /* XXX next hop */ 684 IEEE80211_ADDR_COPY(wh->i_addr1, da); 685 IEEE80211_ADDR_COPY(wh->i_addr2, 686 vap->iv_myaddr); 687 } else { 688 wh->i_fc[1] = IEEE80211_FC1_DIR_DSTODS; 689 IEEE80211_ADDR_COPY(wh->i_addr1, da); 690 IEEE80211_ADDR_COPY(wh->i_addr2, 691 vap->iv_myaddr); 692 IEEE80211_ADDR_COPY(wh->i_addr3, da); 693 IEEE80211_ADDR_COPY(WH4(wh)->i_addr4, sa); 694 } 695#endif 696 break; 697 case IEEE80211_M_MONITOR: /* NB: to quiet compiler */ 698 break; 699 } 700 } else { 701 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 702 IEEE80211_ADDR_COPY(wh->i_addr1, da); 703 IEEE80211_ADDR_COPY(wh->i_addr2, sa); 704#ifdef IEEE80211_SUPPORT_MESH 705 if (vap->iv_opmode == IEEE80211_M_MBSS) 706 IEEE80211_ADDR_COPY(wh->i_addr3, sa); 707 else 708#endif 709 IEEE80211_ADDR_COPY(wh->i_addr3, bssid); 710 } 711 *(uint16_t *)&wh->i_dur[0] = 0; 712 713 tap = &ni->ni_tx_ampdu[tid]; 714 if (tid != IEEE80211_NONQOS_TID && IEEE80211_AMPDU_RUNNING(tap)) 715 m->m_flags |= M_AMPDU_MPDU; 716 else { 717 seqno = ni->ni_txseqs[tid]++; 718 *(uint16_t *)&wh->i_seq[0] = 719 htole16(seqno << IEEE80211_SEQ_SEQ_SHIFT); 720 M_SEQNO_SET(m, seqno); 721 } 722 723 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 724 m->m_flags |= M_MCAST; 725#undef WH4 726} 727 728/* 729 * Send a management frame to the specified node. The node pointer 730 * must have a reference as the pointer will be passed to the driver 731 * and potentially held for a long time. If the frame is successfully 732 * dispatched to the driver, then it is responsible for freeing the 733 * reference (and potentially free'ing up any associated storage); 734 * otherwise deal with reclaiming any reference (on error). 735 */ 736int 737ieee80211_mgmt_output(struct ieee80211_node *ni, struct mbuf *m, int type, 738 struct ieee80211_bpf_params *params) 739{ 740 struct ieee80211vap *vap = ni->ni_vap; 741 struct ieee80211com *ic = ni->ni_ic; 742 struct ieee80211_frame *wh; 743 int ret; 744 745 KASSERT(ni != NULL, ("null node")); 746 747 if (vap->iv_state == IEEE80211_S_CAC) { 748 IEEE80211_NOTE(vap, IEEE80211_MSG_OUTPUT | IEEE80211_MSG_DOTH, 749 ni, "block %s frame in CAC state", 750 ieee80211_mgt_subtype_name[ 751 (type & IEEE80211_FC0_SUBTYPE_MASK) >> 752 IEEE80211_FC0_SUBTYPE_SHIFT]); 753 vap->iv_stats.is_tx_badstate++; 754 ieee80211_free_node(ni); 755 m_freem(m); 756 return EIO; /* XXX */ 757 } 758 759 M_PREPEND(m, sizeof(struct ieee80211_frame), M_NOWAIT); 760 if (m == NULL) { 761 ieee80211_free_node(ni); 762 return ENOMEM; 763 } 764 765 IEEE80211_TX_LOCK(ic); 766 767 wh = mtod(m, struct ieee80211_frame *); 768 ieee80211_send_setup(ni, m, 769 IEEE80211_FC0_TYPE_MGT | type, IEEE80211_NONQOS_TID, 770 vap->iv_myaddr, ni->ni_macaddr, ni->ni_bssid); 771 if (params->ibp_flags & IEEE80211_BPF_CRYPTO) { 772 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_AUTH, wh->i_addr1, 773 "encrypting frame (%s)", __func__); 774 wh->i_fc[1] |= IEEE80211_FC1_WEP; 775 } 776 m->m_flags |= M_ENCAP; /* mark encapsulated */ 777 778 KASSERT(type != IEEE80211_FC0_SUBTYPE_PROBE_RESP, ("probe response?")); 779 M_WME_SETAC(m, params->ibp_pri); 780 781#ifdef IEEE80211_DEBUG 782 /* avoid printing too many frames */ 783 if ((ieee80211_msg_debug(vap) && doprint(vap, type)) || 784 ieee80211_msg_dumppkts(vap)) { 785 printf("[%s] send %s on channel %u\n", 786 ether_sprintf(wh->i_addr1), 787 ieee80211_mgt_subtype_name[ 788 (type & IEEE80211_FC0_SUBTYPE_MASK) >> 789 IEEE80211_FC0_SUBTYPE_SHIFT], 790 ieee80211_chan2ieee(ic, ic->ic_curchan)); 791 } 792#endif 793 IEEE80211_NODE_STAT(ni, tx_mgmt); 794 795 ret = ieee80211_raw_output(vap, ni, m, params); 796 IEEE80211_TX_UNLOCK(ic); 797 return (ret); 798} 799 800/* 801 * Send a null data frame to the specified node. If the station 802 * is setup for QoS then a QoS Null Data frame is constructed. 803 * If this is a WDS station then a 4-address frame is constructed. 804 * 805 * NB: the caller is assumed to have setup a node reference 806 * for use; this is necessary to deal with a race condition 807 * when probing for inactive stations. Like ieee80211_mgmt_output 808 * we must cleanup any node reference on error; however we 809 * can safely just unref it as we know it will never be the 810 * last reference to the node. 811 */ 812int 813ieee80211_send_nulldata(struct ieee80211_node *ni) 814{ 815 struct ieee80211vap *vap = ni->ni_vap; 816 struct ieee80211com *ic = ni->ni_ic; 817 struct mbuf *m; 818 struct ieee80211_frame *wh; 819 int hdrlen; 820 uint8_t *frm; 821 int ret; 822 823 if (vap->iv_state == IEEE80211_S_CAC) { 824 IEEE80211_NOTE(vap, IEEE80211_MSG_OUTPUT | IEEE80211_MSG_DOTH, 825 ni, "block %s frame in CAC state", "null data"); 826 ieee80211_unref_node(&ni); 827 vap->iv_stats.is_tx_badstate++; 828 return EIO; /* XXX */ 829 } 830 831 if (ni->ni_flags & (IEEE80211_NODE_QOS|IEEE80211_NODE_HT)) 832 hdrlen = sizeof(struct ieee80211_qosframe); 833 else 834 hdrlen = sizeof(struct ieee80211_frame); 835 /* NB: only WDS vap's get 4-address frames */ 836 if (vap->iv_opmode == IEEE80211_M_WDS) 837 hdrlen += IEEE80211_ADDR_LEN; 838 if (ic->ic_flags & IEEE80211_F_DATAPAD) 839 hdrlen = roundup(hdrlen, sizeof(uint32_t)); 840 841 m = ieee80211_getmgtframe(&frm, ic->ic_headroom + hdrlen, 0); 842 if (m == NULL) { 843 /* XXX debug msg */ 844 ieee80211_unref_node(&ni); 845 vap->iv_stats.is_tx_nobuf++; 846 return ENOMEM; 847 } 848 KASSERT(M_LEADINGSPACE(m) >= hdrlen, 849 ("leading space %zd", M_LEADINGSPACE(m))); 850 M_PREPEND(m, hdrlen, M_NOWAIT); 851 if (m == NULL) { 852 /* NB: cannot happen */ 853 ieee80211_free_node(ni); 854 return ENOMEM; 855 } 856 857 IEEE80211_TX_LOCK(ic); 858 859 wh = mtod(m, struct ieee80211_frame *); /* NB: a little lie */ 860 if (ni->ni_flags & IEEE80211_NODE_QOS) { 861 const int tid = WME_AC_TO_TID(WME_AC_BE); 862 uint8_t *qos; 863 864 ieee80211_send_setup(ni, m, 865 IEEE80211_FC0_TYPE_DATA | IEEE80211_FC0_SUBTYPE_QOS_NULL, 866 tid, vap->iv_myaddr, ni->ni_macaddr, ni->ni_bssid); 867 868 if (vap->iv_opmode == IEEE80211_M_WDS) 869 qos = ((struct ieee80211_qosframe_addr4 *) wh)->i_qos; 870 else 871 qos = ((struct ieee80211_qosframe *) wh)->i_qos; 872 qos[0] = tid & IEEE80211_QOS_TID; 873 if (ic->ic_wme.wme_wmeChanParams.cap_wmeParams[WME_AC_BE].wmep_noackPolicy) 874 qos[0] |= IEEE80211_QOS_ACKPOLICY_NOACK; 875 qos[1] = 0; 876 } else { 877 ieee80211_send_setup(ni, m, 878 IEEE80211_FC0_TYPE_DATA | IEEE80211_FC0_SUBTYPE_NODATA, 879 IEEE80211_NONQOS_TID, 880 vap->iv_myaddr, ni->ni_macaddr, ni->ni_bssid); 881 } 882 if (vap->iv_opmode != IEEE80211_M_WDS) { 883 /* NB: power management bit is never sent by an AP */ 884 if ((ni->ni_flags & IEEE80211_NODE_PWR_MGT) && 885 vap->iv_opmode != IEEE80211_M_HOSTAP) 886 wh->i_fc[1] |= IEEE80211_FC1_PWR_MGT; 887 } 888 m->m_len = m->m_pkthdr.len = hdrlen; 889 m->m_flags |= M_ENCAP; /* mark encapsulated */ 890 891 M_WME_SETAC(m, WME_AC_BE); 892 893 IEEE80211_NODE_STAT(ni, tx_data); 894 895 IEEE80211_NOTE(vap, IEEE80211_MSG_DEBUG | IEEE80211_MSG_DUMPPKTS, ni, 896 "send %snull data frame on channel %u, pwr mgt %s", 897 ni->ni_flags & IEEE80211_NODE_QOS ? "QoS " : "", 898 ieee80211_chan2ieee(ic, ic->ic_curchan), 899 wh->i_fc[1] & IEEE80211_FC1_PWR_MGT ? "ena" : "dis"); 900 901 ret = ieee80211_raw_output(vap, ni, m, NULL); 902 IEEE80211_TX_UNLOCK(ic); 903 return (ret); 904} 905 906/* 907 * Assign priority to a frame based on any vlan tag assigned 908 * to the station and/or any Diffserv setting in an IP header. 909 * Finally, if an ACM policy is setup (in station mode) it's 910 * applied. 911 */ 912int 913ieee80211_classify(struct ieee80211_node *ni, struct mbuf *m) 914{ 915 const struct ether_header *eh = mtod(m, struct ether_header *); 916 int v_wme_ac, d_wme_ac, ac; 917 918 /* 919 * Always promote PAE/EAPOL frames to high priority. 920 */ 921 if (eh->ether_type == htons(ETHERTYPE_PAE)) { 922 /* NB: mark so others don't need to check header */ 923 m->m_flags |= M_EAPOL; 924 ac = WME_AC_VO; 925 goto done; 926 } 927 /* 928 * Non-qos traffic goes to BE. 929 */ 930 if ((ni->ni_flags & IEEE80211_NODE_QOS) == 0) { 931 ac = WME_AC_BE; 932 goto done; 933 } 934 935 /* 936 * If node has a vlan tag then all traffic 937 * to it must have a matching tag. 938 */ 939 v_wme_ac = 0; 940 if (ni->ni_vlan != 0) { 941 if ((m->m_flags & M_VLANTAG) == 0) { 942 IEEE80211_NODE_STAT(ni, tx_novlantag); 943 return 1; 944 } 945 if (EVL_VLANOFTAG(m->m_pkthdr.ether_vtag) != 946 EVL_VLANOFTAG(ni->ni_vlan)) { 947 IEEE80211_NODE_STAT(ni, tx_vlanmismatch); 948 return 1; 949 } 950 /* map vlan priority to AC */ 951 v_wme_ac = TID_TO_WME_AC(EVL_PRIOFTAG(ni->ni_vlan)); 952 } 953 954 /* XXX m_copydata may be too slow for fast path */ 955#ifdef INET 956 if (eh->ether_type == htons(ETHERTYPE_IP)) { 957 uint8_t tos; 958 /* 959 * IP frame, map the DSCP bits from the TOS field. 960 */ 961 /* NB: ip header may not be in first mbuf */ 962 m_copydata(m, sizeof(struct ether_header) + 963 offsetof(struct ip, ip_tos), sizeof(tos), &tos); 964 tos >>= 5; /* NB: ECN + low 3 bits of DSCP */ 965 d_wme_ac = TID_TO_WME_AC(tos); 966 } else { 967#endif /* INET */ 968#ifdef INET6 969 if (eh->ether_type == htons(ETHERTYPE_IPV6)) { 970 uint32_t flow; 971 uint8_t tos; 972 /* 973 * IPv6 frame, map the DSCP bits from the traffic class field. 974 */ 975 m_copydata(m, sizeof(struct ether_header) + 976 offsetof(struct ip6_hdr, ip6_flow), sizeof(flow), 977 (caddr_t) &flow); 978 tos = (uint8_t)(ntohl(flow) >> 20); 979 tos >>= 5; /* NB: ECN + low 3 bits of DSCP */ 980 d_wme_ac = TID_TO_WME_AC(tos); 981 } else { 982#endif /* INET6 */ 983 d_wme_ac = WME_AC_BE; 984#ifdef INET6 985 } 986#endif 987#ifdef INET 988 } 989#endif 990 /* 991 * Use highest priority AC. 992 */ 993 if (v_wme_ac > d_wme_ac) 994 ac = v_wme_ac; 995 else 996 ac = d_wme_ac; 997 998 /* 999 * Apply ACM policy. 1000 */ 1001 if (ni->ni_vap->iv_opmode == IEEE80211_M_STA) { 1002 static const int acmap[4] = { 1003 WME_AC_BK, /* WME_AC_BE */ 1004 WME_AC_BK, /* WME_AC_BK */ 1005 WME_AC_BE, /* WME_AC_VI */ 1006 WME_AC_VI, /* WME_AC_VO */ 1007 }; 1008 struct ieee80211com *ic = ni->ni_ic; 1009 1010 while (ac != WME_AC_BK && 1011 ic->ic_wme.wme_wmeBssChanParams.cap_wmeParams[ac].wmep_acm) 1012 ac = acmap[ac]; 1013 } 1014done: 1015 M_WME_SETAC(m, ac); 1016 return 0; 1017} 1018 1019/* 1020 * Insure there is sufficient contiguous space to encapsulate the 1021 * 802.11 data frame. If room isn't already there, arrange for it. 1022 * Drivers and cipher modules assume we have done the necessary work 1023 * and fail rudely if they don't find the space they need. 1024 */ 1025struct mbuf * 1026ieee80211_mbuf_adjust(struct ieee80211vap *vap, int hdrsize, 1027 struct ieee80211_key *key, struct mbuf *m) 1028{ 1029#define TO_BE_RECLAIMED (sizeof(struct ether_header) - sizeof(struct llc)) 1030 int needed_space = vap->iv_ic->ic_headroom + hdrsize; 1031 1032 if (key != NULL) { 1033 /* XXX belongs in crypto code? */ 1034 needed_space += key->wk_cipher->ic_header; 1035 /* XXX frags */ 1036 /* 1037 * When crypto is being done in the host we must insure 1038 * the data are writable for the cipher routines; clone 1039 * a writable mbuf chain. 1040 * XXX handle SWMIC specially 1041 */ 1042 if (key->wk_flags & (IEEE80211_KEY_SWENCRYPT|IEEE80211_KEY_SWENMIC)) { 1043 m = m_unshare(m, M_NOWAIT); 1044 if (m == NULL) { 1045 IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT, 1046 "%s: cannot get writable mbuf\n", __func__); 1047 vap->iv_stats.is_tx_nobuf++; /* XXX new stat */ 1048 return NULL; 1049 } 1050 } 1051 } 1052 /* 1053 * We know we are called just before stripping an Ethernet 1054 * header and prepending an LLC header. This means we know 1055 * there will be 1056 * sizeof(struct ether_header) - sizeof(struct llc) 1057 * bytes recovered to which we need additional space for the 1058 * 802.11 header and any crypto header. 1059 */ 1060 /* XXX check trailing space and copy instead? */ 1061 if (M_LEADINGSPACE(m) < needed_space - TO_BE_RECLAIMED) { 1062 struct mbuf *n = m_gethdr(M_NOWAIT, m->m_type); 1063 if (n == NULL) { 1064 IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT, 1065 "%s: cannot expand storage\n", __func__); 1066 vap->iv_stats.is_tx_nobuf++; 1067 m_freem(m); 1068 return NULL; 1069 } 1070 KASSERT(needed_space <= MHLEN, 1071 ("not enough room, need %u got %d\n", needed_space, MHLEN)); 1072 /* 1073 * Setup new mbuf to have leading space to prepend the 1074 * 802.11 header and any crypto header bits that are 1075 * required (the latter are added when the driver calls 1076 * back to ieee80211_crypto_encap to do crypto encapsulation). 1077 */ 1078 /* NB: must be first 'cuz it clobbers m_data */ 1079 m_move_pkthdr(n, m); 1080 n->m_len = 0; /* NB: m_gethdr does not set */ 1081 n->m_data += needed_space; 1082 /* 1083 * Pull up Ethernet header to create the expected layout. 1084 * We could use m_pullup but that's overkill (i.e. we don't 1085 * need the actual data) and it cannot fail so do it inline 1086 * for speed. 1087 */ 1088 /* NB: struct ether_header is known to be contiguous */ 1089 n->m_len += sizeof(struct ether_header); 1090 m->m_len -= sizeof(struct ether_header); 1091 m->m_data += sizeof(struct ether_header); 1092 /* 1093 * Replace the head of the chain. 1094 */ 1095 n->m_next = m; 1096 m = n; 1097 } 1098 return m; 1099#undef TO_BE_RECLAIMED 1100} 1101 1102/* 1103 * Return the transmit key to use in sending a unicast frame. 1104 * If a unicast key is set we use that. When no unicast key is set 1105 * we fall back to the default transmit key. 1106 */ 1107static __inline struct ieee80211_key * 1108ieee80211_crypto_getucastkey(struct ieee80211vap *vap, 1109 struct ieee80211_node *ni) 1110{ 1111 if (IEEE80211_KEY_UNDEFINED(&ni->ni_ucastkey)) { 1112 if (vap->iv_def_txkey == IEEE80211_KEYIX_NONE || 1113 IEEE80211_KEY_UNDEFINED(&vap->iv_nw_keys[vap->iv_def_txkey])) 1114 return NULL; 1115 return &vap->iv_nw_keys[vap->iv_def_txkey]; 1116 } else { 1117 return &ni->ni_ucastkey; 1118 } 1119} 1120 1121/* 1122 * Return the transmit key to use in sending a multicast frame. 1123 * Multicast traffic always uses the group key which is installed as 1124 * the default tx key. 1125 */ 1126static __inline struct ieee80211_key * 1127ieee80211_crypto_getmcastkey(struct ieee80211vap *vap, 1128 struct ieee80211_node *ni) 1129{ 1130 if (vap->iv_def_txkey == IEEE80211_KEYIX_NONE || 1131 IEEE80211_KEY_UNDEFINED(&vap->iv_nw_keys[vap->iv_def_txkey])) 1132 return NULL; 1133 return &vap->iv_nw_keys[vap->iv_def_txkey]; 1134} 1135 1136/* 1137 * Encapsulate an outbound data frame. The mbuf chain is updated. 1138 * If an error is encountered NULL is returned. The caller is required 1139 * to provide a node reference and pullup the ethernet header in the 1140 * first mbuf. 1141 * 1142 * NB: Packet is assumed to be processed by ieee80211_classify which 1143 * marked EAPOL frames w/ M_EAPOL. 1144 */ 1145struct mbuf * 1146ieee80211_encap(struct ieee80211vap *vap, struct ieee80211_node *ni, 1147 struct mbuf *m) 1148{ 1149#define WH4(wh) ((struct ieee80211_frame_addr4 *)(wh)) 1150#define MC01(mc) ((struct ieee80211_meshcntl_ae01 *)mc) 1151 struct ieee80211com *ic = ni->ni_ic; 1152#ifdef IEEE80211_SUPPORT_MESH 1153 struct ieee80211_mesh_state *ms = vap->iv_mesh; 1154 struct ieee80211_meshcntl_ae10 *mc; 1155 struct ieee80211_mesh_route *rt = NULL; 1156 int dir = -1; 1157#endif 1158 struct ether_header eh; 1159 struct ieee80211_frame *wh; 1160 struct ieee80211_key *key; 1161 struct llc *llc; 1162 int hdrsize, hdrspace, datalen, addqos, txfrag, is4addr; 1163 ieee80211_seq seqno; 1164 int meshhdrsize, meshae; 1165 uint8_t *qos; 1166 1167 IEEE80211_TX_LOCK_ASSERT(ic); 1168 1169 /* 1170 * Copy existing Ethernet header to a safe place. The 1171 * rest of the code assumes it's ok to strip it when 1172 * reorganizing state for the final encapsulation. 1173 */ 1174 KASSERT(m->m_len >= sizeof(eh), ("no ethernet header!")); 1175 ETHER_HEADER_COPY(&eh, mtod(m, caddr_t)); 1176 1177 /* 1178 * Insure space for additional headers. First identify 1179 * transmit key to use in calculating any buffer adjustments 1180 * required. This is also used below to do privacy 1181 * encapsulation work. Then calculate the 802.11 header 1182 * size and any padding required by the driver. 1183 * 1184 * Note key may be NULL if we fall back to the default 1185 * transmit key and that is not set. In that case the 1186 * buffer may not be expanded as needed by the cipher 1187 * routines, but they will/should discard it. 1188 */ 1189 if (vap->iv_flags & IEEE80211_F_PRIVACY) { 1190 if (vap->iv_opmode == IEEE80211_M_STA || 1191 !IEEE80211_IS_MULTICAST(eh.ether_dhost) || 1192 (vap->iv_opmode == IEEE80211_M_WDS && 1193 (vap->iv_flags_ext & IEEE80211_FEXT_WDSLEGACY))) 1194 key = ieee80211_crypto_getucastkey(vap, ni); 1195 else 1196 key = ieee80211_crypto_getmcastkey(vap, ni); 1197 if (key == NULL && (m->m_flags & M_EAPOL) == 0) { 1198 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_CRYPTO, 1199 eh.ether_dhost, 1200 "no default transmit key (%s) deftxkey %u", 1201 __func__, vap->iv_def_txkey); 1202 vap->iv_stats.is_tx_nodefkey++; 1203 goto bad; 1204 } 1205 } else 1206 key = NULL; 1207 /* 1208 * XXX Some ap's don't handle QoS-encapsulated EAPOL 1209 * frames so suppress use. This may be an issue if other 1210 * ap's require all data frames to be QoS-encapsulated 1211 * once negotiated in which case we'll need to make this 1212 * configurable. 1213 * NB: mesh data frames are QoS. 1214 */ 1215 addqos = ((ni->ni_flags & (IEEE80211_NODE_QOS|IEEE80211_NODE_HT)) || 1216 (vap->iv_opmode == IEEE80211_M_MBSS)) && 1217 (m->m_flags & M_EAPOL) == 0; 1218 if (addqos) 1219 hdrsize = sizeof(struct ieee80211_qosframe); 1220 else 1221 hdrsize = sizeof(struct ieee80211_frame); 1222#ifdef IEEE80211_SUPPORT_MESH 1223 if (vap->iv_opmode == IEEE80211_M_MBSS) { 1224 /* 1225 * Mesh data frames are encapsulated according to the 1226 * rules of Section 11B.8.5 (p.139 of D3.0 spec). 1227 * o Group Addressed data (aka multicast) originating 1228 * at the local sta are sent w/ 3-address format and 1229 * address extension mode 00 1230 * o Individually Addressed data (aka unicast) originating 1231 * at the local sta are sent w/ 4-address format and 1232 * address extension mode 00 1233 * o Group Addressed data forwarded from a non-mesh sta are 1234 * sent w/ 3-address format and address extension mode 01 1235 * o Individually Address data from another sta are sent 1236 * w/ 4-address format and address extension mode 10 1237 */ 1238 is4addr = 0; /* NB: don't use, disable */ 1239 if (!IEEE80211_IS_MULTICAST(eh.ether_dhost)) { 1240 rt = ieee80211_mesh_rt_find(vap, eh.ether_dhost); 1241 KASSERT(rt != NULL, ("route is NULL")); 1242 dir = IEEE80211_FC1_DIR_DSTODS; 1243 hdrsize += IEEE80211_ADDR_LEN; 1244 if (rt->rt_flags & IEEE80211_MESHRT_FLAGS_PROXY) { 1245 if (IEEE80211_ADDR_EQ(rt->rt_mesh_gate, 1246 vap->iv_myaddr)) { 1247 IEEE80211_NOTE_MAC(vap, 1248 IEEE80211_MSG_MESH, 1249 eh.ether_dhost, 1250 "%s", "trying to send to ourself"); 1251 goto bad; 1252 } 1253 meshae = IEEE80211_MESH_AE_10; 1254 meshhdrsize = 1255 sizeof(struct ieee80211_meshcntl_ae10); 1256 } else { 1257 meshae = IEEE80211_MESH_AE_00; 1258 meshhdrsize = 1259 sizeof(struct ieee80211_meshcntl); 1260 } 1261 } else { 1262 dir = IEEE80211_FC1_DIR_FROMDS; 1263 if (!IEEE80211_ADDR_EQ(eh.ether_shost, vap->iv_myaddr)) { 1264 /* proxy group */ 1265 meshae = IEEE80211_MESH_AE_01; 1266 meshhdrsize = 1267 sizeof(struct ieee80211_meshcntl_ae01); 1268 } else { 1269 /* group */ 1270 meshae = IEEE80211_MESH_AE_00; 1271 meshhdrsize = sizeof(struct ieee80211_meshcntl); 1272 } 1273 } 1274 } else { 1275#endif 1276 /* 1277 * 4-address frames need to be generated for: 1278 * o packets sent through a WDS vap (IEEE80211_M_WDS) 1279 * o packets sent through a vap marked for relaying 1280 * (e.g. a station operating with dynamic WDS) 1281 */ 1282 is4addr = vap->iv_opmode == IEEE80211_M_WDS || 1283 ((vap->iv_flags_ext & IEEE80211_FEXT_4ADDR) && 1284 !IEEE80211_ADDR_EQ(eh.ether_shost, vap->iv_myaddr)); 1285 if (is4addr) 1286 hdrsize += IEEE80211_ADDR_LEN; 1287 meshhdrsize = meshae = 0; 1288#ifdef IEEE80211_SUPPORT_MESH 1289 } 1290#endif 1291 /* 1292 * Honor driver DATAPAD requirement. 1293 */ 1294 if (ic->ic_flags & IEEE80211_F_DATAPAD) 1295 hdrspace = roundup(hdrsize, sizeof(uint32_t)); 1296 else 1297 hdrspace = hdrsize; 1298 1299 if (__predict_true((m->m_flags & M_FF) == 0)) { 1300 /* 1301 * Normal frame. 1302 */ 1303 m = ieee80211_mbuf_adjust(vap, hdrspace + meshhdrsize, key, m); 1304 if (m == NULL) { 1305 /* NB: ieee80211_mbuf_adjust handles msgs+statistics */ 1306 goto bad; 1307 } 1308 /* NB: this could be optimized 'cuz of ieee80211_mbuf_adjust */ 1309 m_adj(m, sizeof(struct ether_header) - sizeof(struct llc)); 1310 llc = mtod(m, struct llc *); 1311 llc->llc_dsap = llc->llc_ssap = LLC_SNAP_LSAP; 1312 llc->llc_control = LLC_UI; 1313 llc->llc_snap.org_code[0] = 0; 1314 llc->llc_snap.org_code[1] = 0; 1315 llc->llc_snap.org_code[2] = 0; 1316 llc->llc_snap.ether_type = eh.ether_type; 1317 } else { 1318#ifdef IEEE80211_SUPPORT_SUPERG 1319 /* 1320 * Aggregated frame. 1321 */ 1322 m = ieee80211_ff_encap(vap, m, hdrspace + meshhdrsize, key); 1323 if (m == NULL) 1324#endif 1325 goto bad; 1326 } 1327 datalen = m->m_pkthdr.len; /* NB: w/o 802.11 header */ 1328 1329 M_PREPEND(m, hdrspace + meshhdrsize, M_NOWAIT); 1330 if (m == NULL) { 1331 vap->iv_stats.is_tx_nobuf++; 1332 goto bad; 1333 } 1334 wh = mtod(m, struct ieee80211_frame *); 1335 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_DATA; 1336 *(uint16_t *)wh->i_dur = 0; 1337 qos = NULL; /* NB: quiet compiler */ 1338 if (is4addr) { 1339 wh->i_fc[1] = IEEE80211_FC1_DIR_DSTODS; 1340 IEEE80211_ADDR_COPY(wh->i_addr1, ni->ni_macaddr); 1341 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr); 1342 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_dhost); 1343 IEEE80211_ADDR_COPY(WH4(wh)->i_addr4, eh.ether_shost); 1344 } else switch (vap->iv_opmode) { 1345 case IEEE80211_M_STA: 1346 wh->i_fc[1] = IEEE80211_FC1_DIR_TODS; 1347 IEEE80211_ADDR_COPY(wh->i_addr1, ni->ni_bssid); 1348 IEEE80211_ADDR_COPY(wh->i_addr2, eh.ether_shost); 1349 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_dhost); 1350 break; 1351 case IEEE80211_M_IBSS: 1352 case IEEE80211_M_AHDEMO: 1353 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 1354 IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost); 1355 IEEE80211_ADDR_COPY(wh->i_addr2, eh.ether_shost); 1356 /* 1357 * NB: always use the bssid from iv_bss as the 1358 * neighbor's may be stale after an ibss merge 1359 */ 1360 IEEE80211_ADDR_COPY(wh->i_addr3, vap->iv_bss->ni_bssid); 1361 break; 1362 case IEEE80211_M_HOSTAP: 1363 wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS; 1364 IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost); 1365 IEEE80211_ADDR_COPY(wh->i_addr2, ni->ni_bssid); 1366 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_shost); 1367 break; 1368#ifdef IEEE80211_SUPPORT_MESH 1369 case IEEE80211_M_MBSS: 1370 /* NB: offset by hdrspace to deal with DATAPAD */ 1371 mc = (struct ieee80211_meshcntl_ae10 *) 1372 (mtod(m, uint8_t *) + hdrspace); 1373 wh->i_fc[1] = dir; 1374 switch (meshae) { 1375 case IEEE80211_MESH_AE_00: /* no proxy */ 1376 mc->mc_flags = 0; 1377 if (dir == IEEE80211_FC1_DIR_DSTODS) { /* ucast */ 1378 IEEE80211_ADDR_COPY(wh->i_addr1, 1379 ni->ni_macaddr); 1380 IEEE80211_ADDR_COPY(wh->i_addr2, 1381 vap->iv_myaddr); 1382 IEEE80211_ADDR_COPY(wh->i_addr3, 1383 eh.ether_dhost); 1384 IEEE80211_ADDR_COPY(WH4(wh)->i_addr4, 1385 eh.ether_shost); 1386 qos =((struct ieee80211_qosframe_addr4 *) 1387 wh)->i_qos; 1388 } else if (dir == IEEE80211_FC1_DIR_FROMDS) { 1389 /* mcast */ 1390 IEEE80211_ADDR_COPY(wh->i_addr1, 1391 eh.ether_dhost); 1392 IEEE80211_ADDR_COPY(wh->i_addr2, 1393 vap->iv_myaddr); 1394 IEEE80211_ADDR_COPY(wh->i_addr3, 1395 eh.ether_shost); 1396 qos = ((struct ieee80211_qosframe *) 1397 wh)->i_qos; 1398 } 1399 break; 1400 case IEEE80211_MESH_AE_01: /* mcast, proxy */ 1401 wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS; 1402 IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost); 1403 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr); 1404 IEEE80211_ADDR_COPY(wh->i_addr3, vap->iv_myaddr); 1405 mc->mc_flags = 1; 1406 IEEE80211_ADDR_COPY(MC01(mc)->mc_addr4, 1407 eh.ether_shost); 1408 qos = ((struct ieee80211_qosframe *) wh)->i_qos; 1409 break; 1410 case IEEE80211_MESH_AE_10: /* ucast, proxy */ 1411 KASSERT(rt != NULL, ("route is NULL")); 1412 IEEE80211_ADDR_COPY(wh->i_addr1, rt->rt_nexthop); 1413 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr); 1414 IEEE80211_ADDR_COPY(wh->i_addr3, rt->rt_mesh_gate); 1415 IEEE80211_ADDR_COPY(WH4(wh)->i_addr4, vap->iv_myaddr); 1416 mc->mc_flags = IEEE80211_MESH_AE_10; 1417 IEEE80211_ADDR_COPY(mc->mc_addr5, eh.ether_dhost); 1418 IEEE80211_ADDR_COPY(mc->mc_addr6, eh.ether_shost); 1419 qos = ((struct ieee80211_qosframe_addr4 *) wh)->i_qos; 1420 break; 1421 default: 1422 KASSERT(0, ("meshae %d", meshae)); 1423 break; 1424 } 1425 mc->mc_ttl = ms->ms_ttl; 1426 ms->ms_seq++; 1427 LE_WRITE_4(mc->mc_seq, ms->ms_seq); 1428 break; 1429#endif 1430 case IEEE80211_M_WDS: /* NB: is4addr should always be true */ 1431 default: 1432 goto bad; 1433 } 1434 if (m->m_flags & M_MORE_DATA) 1435 wh->i_fc[1] |= IEEE80211_FC1_MORE_DATA; 1436 if (addqos) { 1437 int ac, tid; 1438 1439 if (is4addr) { 1440 qos = ((struct ieee80211_qosframe_addr4 *) wh)->i_qos; 1441 /* NB: mesh case handled earlier */ 1442 } else if (vap->iv_opmode != IEEE80211_M_MBSS) 1443 qos = ((struct ieee80211_qosframe *) wh)->i_qos; 1444 ac = M_WME_GETAC(m); 1445 /* map from access class/queue to 11e header priorty value */ 1446 tid = WME_AC_TO_TID(ac); 1447 qos[0] = tid & IEEE80211_QOS_TID; 1448 if (ic->ic_wme.wme_wmeChanParams.cap_wmeParams[ac].wmep_noackPolicy) 1449 qos[0] |= IEEE80211_QOS_ACKPOLICY_NOACK; 1450#ifdef IEEE80211_SUPPORT_MESH 1451 if (vap->iv_opmode == IEEE80211_M_MBSS) 1452 qos[1] = IEEE80211_QOS_MC; 1453 else 1454#endif 1455 qos[1] = 0; 1456 wh->i_fc[0] |= IEEE80211_FC0_SUBTYPE_QOS; 1457 1458 if ((m->m_flags & M_AMPDU_MPDU) == 0) { 1459 /* 1460 * NB: don't assign a sequence # to potential 1461 * aggregates; we expect this happens at the 1462 * point the frame comes off any aggregation q 1463 * as otherwise we may introduce holes in the 1464 * BA sequence space and/or make window accouting 1465 * more difficult. 1466 * 1467 * XXX may want to control this with a driver 1468 * capability; this may also change when we pull 1469 * aggregation up into net80211 1470 */ 1471 seqno = ni->ni_txseqs[tid]++; 1472 *(uint16_t *)wh->i_seq = 1473 htole16(seqno << IEEE80211_SEQ_SEQ_SHIFT); 1474 M_SEQNO_SET(m, seqno); 1475 } 1476 } else { 1477 seqno = ni->ni_txseqs[IEEE80211_NONQOS_TID]++; 1478 *(uint16_t *)wh->i_seq = 1479 htole16(seqno << IEEE80211_SEQ_SEQ_SHIFT); 1480 M_SEQNO_SET(m, seqno); 1481 } 1482 1483 1484 /* check if xmit fragmentation is required */ 1485 txfrag = (m->m_pkthdr.len > vap->iv_fragthreshold && 1486 !IEEE80211_IS_MULTICAST(wh->i_addr1) && 1487 (vap->iv_caps & IEEE80211_C_TXFRAG) && 1488 (m->m_flags & (M_FF | M_AMPDU_MPDU)) == 0); 1489 if (key != NULL) { 1490 /* 1491 * IEEE 802.1X: send EAPOL frames always in the clear. 1492 * WPA/WPA2: encrypt EAPOL keys when pairwise keys are set. 1493 */ 1494 if ((m->m_flags & M_EAPOL) == 0 || 1495 ((vap->iv_flags & IEEE80211_F_WPA) && 1496 (vap->iv_opmode == IEEE80211_M_STA ? 1497 !IEEE80211_KEY_UNDEFINED(key) : 1498 !IEEE80211_KEY_UNDEFINED(&ni->ni_ucastkey)))) { 1499 wh->i_fc[1] |= IEEE80211_FC1_WEP; 1500 if (!ieee80211_crypto_enmic(vap, key, m, txfrag)) { 1501 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_OUTPUT, 1502 eh.ether_dhost, 1503 "%s", "enmic failed, discard frame"); 1504 vap->iv_stats.is_crypto_enmicfail++; 1505 goto bad; 1506 } 1507 } 1508 } 1509 if (txfrag && !ieee80211_fragment(vap, m, hdrsize, 1510 key != NULL ? key->wk_cipher->ic_header : 0, vap->iv_fragthreshold)) 1511 goto bad; 1512 1513 m->m_flags |= M_ENCAP; /* mark encapsulated */ 1514 1515 IEEE80211_NODE_STAT(ni, tx_data); 1516 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) { 1517 IEEE80211_NODE_STAT(ni, tx_mcast); 1518 m->m_flags |= M_MCAST; 1519 } else 1520 IEEE80211_NODE_STAT(ni, tx_ucast); 1521 IEEE80211_NODE_STAT_ADD(ni, tx_bytes, datalen); 1522 1523 return m; 1524bad: 1525 if (m != NULL) 1526 m_freem(m); 1527 return NULL; 1528#undef WH4 1529#undef MC01 1530} 1531 1532/* 1533 * Fragment the frame according to the specified mtu. 1534 * The size of the 802.11 header (w/o padding) is provided 1535 * so we don't need to recalculate it. We create a new 1536 * mbuf for each fragment and chain it through m_nextpkt; 1537 * we might be able to optimize this by reusing the original 1538 * packet's mbufs but that is significantly more complicated. 1539 */ 1540static int 1541ieee80211_fragment(struct ieee80211vap *vap, struct mbuf *m0, 1542 u_int hdrsize, u_int ciphdrsize, u_int mtu) 1543{ 1544 struct ieee80211com *ic = vap->iv_ic; 1545 struct ieee80211_frame *wh, *whf; 1546 struct mbuf *m, *prev, *next; 1547 u_int totalhdrsize, fragno, fragsize, off, remainder, payload; 1548 u_int hdrspace; 1549 1550 KASSERT(m0->m_nextpkt == NULL, ("mbuf already chained?")); 1551 KASSERT(m0->m_pkthdr.len > mtu, 1552 ("pktlen %u mtu %u", m0->m_pkthdr.len, mtu)); 1553 1554 /* 1555 * Honor driver DATAPAD requirement. 1556 */ 1557 if (ic->ic_flags & IEEE80211_F_DATAPAD) 1558 hdrspace = roundup(hdrsize, sizeof(uint32_t)); 1559 else 1560 hdrspace = hdrsize; 1561 1562 wh = mtod(m0, struct ieee80211_frame *); 1563 /* NB: mark the first frag; it will be propagated below */ 1564 wh->i_fc[1] |= IEEE80211_FC1_MORE_FRAG; 1565 totalhdrsize = hdrspace + ciphdrsize; 1566 fragno = 1; 1567 off = mtu - ciphdrsize; 1568 remainder = m0->m_pkthdr.len - off; 1569 prev = m0; 1570 do { 1571 fragsize = totalhdrsize + remainder; 1572 if (fragsize > mtu) 1573 fragsize = mtu; 1574 /* XXX fragsize can be >2048! */ 1575 KASSERT(fragsize < MCLBYTES, 1576 ("fragment size %u too big!", fragsize)); 1577 if (fragsize > MHLEN) 1578 m = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 1579 else 1580 m = m_gethdr(M_NOWAIT, MT_DATA); 1581 if (m == NULL) 1582 goto bad; 1583 /* leave room to prepend any cipher header */ 1584 m_align(m, fragsize - ciphdrsize); 1585 1586 /* 1587 * Form the header in the fragment. Note that since 1588 * we mark the first fragment with the MORE_FRAG bit 1589 * it automatically is propagated to each fragment; we 1590 * need only clear it on the last fragment (done below). 1591 * NB: frag 1+ dont have Mesh Control field present. 1592 */ 1593 whf = mtod(m, struct ieee80211_frame *); 1594 memcpy(whf, wh, hdrsize); 1595#ifdef IEEE80211_SUPPORT_MESH 1596 if (vap->iv_opmode == IEEE80211_M_MBSS) { 1597 if (IEEE80211_IS_DSTODS(wh)) 1598 ((struct ieee80211_qosframe_addr4 *) 1599 whf)->i_qos[1] &= ~IEEE80211_QOS_MC; 1600 else 1601 ((struct ieee80211_qosframe *) 1602 whf)->i_qos[1] &= ~IEEE80211_QOS_MC; 1603 } 1604#endif 1605 *(uint16_t *)&whf->i_seq[0] |= htole16( 1606 (fragno & IEEE80211_SEQ_FRAG_MASK) << 1607 IEEE80211_SEQ_FRAG_SHIFT); 1608 fragno++; 1609 1610 payload = fragsize - totalhdrsize; 1611 /* NB: destination is known to be contiguous */ 1612 1613 m_copydata(m0, off, payload, mtod(m, uint8_t *) + hdrspace); 1614 m->m_len = hdrspace + payload; 1615 m->m_pkthdr.len = hdrspace + payload; 1616 m->m_flags |= M_FRAG; 1617 1618 /* chain up the fragment */ 1619 prev->m_nextpkt = m; 1620 prev = m; 1621 1622 /* deduct fragment just formed */ 1623 remainder -= payload; 1624 off += payload; 1625 } while (remainder != 0); 1626 1627 /* set the last fragment */ 1628 m->m_flags |= M_LASTFRAG; 1629 whf->i_fc[1] &= ~IEEE80211_FC1_MORE_FRAG; 1630 1631 /* strip first mbuf now that everything has been copied */ 1632 m_adj(m0, -(m0->m_pkthdr.len - (mtu - ciphdrsize))); 1633 m0->m_flags |= M_FIRSTFRAG | M_FRAG; 1634 1635 vap->iv_stats.is_tx_fragframes++; 1636 vap->iv_stats.is_tx_frags += fragno-1; 1637 1638 return 1; 1639bad: 1640 /* reclaim fragments but leave original frame for caller to free */ 1641 for (m = m0->m_nextpkt; m != NULL; m = next) { 1642 next = m->m_nextpkt; 1643 m->m_nextpkt = NULL; /* XXX paranoid */ 1644 m_freem(m); 1645 } 1646 m0->m_nextpkt = NULL; 1647 return 0; 1648} 1649 1650/* 1651 * Add a supported rates element id to a frame. 1652 */ 1653uint8_t * 1654ieee80211_add_rates(uint8_t *frm, const struct ieee80211_rateset *rs) 1655{ 1656 int nrates; 1657 1658 *frm++ = IEEE80211_ELEMID_RATES; 1659 nrates = rs->rs_nrates; 1660 if (nrates > IEEE80211_RATE_SIZE) 1661 nrates = IEEE80211_RATE_SIZE; 1662 *frm++ = nrates; 1663 memcpy(frm, rs->rs_rates, nrates); 1664 return frm + nrates; 1665} 1666 1667/* 1668 * Add an extended supported rates element id to a frame. 1669 */ 1670uint8_t * 1671ieee80211_add_xrates(uint8_t *frm, const struct ieee80211_rateset *rs) 1672{ 1673 /* 1674 * Add an extended supported rates element if operating in 11g mode. 1675 */ 1676 if (rs->rs_nrates > IEEE80211_RATE_SIZE) { 1677 int nrates = rs->rs_nrates - IEEE80211_RATE_SIZE; 1678 *frm++ = IEEE80211_ELEMID_XRATES; 1679 *frm++ = nrates; 1680 memcpy(frm, rs->rs_rates + IEEE80211_RATE_SIZE, nrates); 1681 frm += nrates; 1682 } 1683 return frm; 1684} 1685 1686/* 1687 * Add an ssid element to a frame. 1688 */ 1689static uint8_t * 1690ieee80211_add_ssid(uint8_t *frm, const uint8_t *ssid, u_int len) 1691{ 1692 *frm++ = IEEE80211_ELEMID_SSID; 1693 *frm++ = len; 1694 memcpy(frm, ssid, len); 1695 return frm + len; 1696} 1697 1698/* 1699 * Add an erp element to a frame. 1700 */ 1701static uint8_t * 1702ieee80211_add_erp(uint8_t *frm, struct ieee80211com *ic) 1703{ 1704 uint8_t erp; 1705 1706 *frm++ = IEEE80211_ELEMID_ERP; 1707 *frm++ = 1; 1708 erp = 0; 1709 if (ic->ic_nonerpsta != 0) 1710 erp |= IEEE80211_ERP_NON_ERP_PRESENT; 1711 if (ic->ic_flags & IEEE80211_F_USEPROT) 1712 erp |= IEEE80211_ERP_USE_PROTECTION; 1713 if (ic->ic_flags & IEEE80211_F_USEBARKER) 1714 erp |= IEEE80211_ERP_LONG_PREAMBLE; 1715 *frm++ = erp; 1716 return frm; 1717} 1718 1719/* 1720 * Add a CFParams element to a frame. 1721 */ 1722static uint8_t * 1723ieee80211_add_cfparms(uint8_t *frm, struct ieee80211com *ic) 1724{ 1725#define ADDSHORT(frm, v) do { \ 1726 LE_WRITE_2(frm, v); \ 1727 frm += 2; \ 1728} while (0) 1729 *frm++ = IEEE80211_ELEMID_CFPARMS; 1730 *frm++ = 6; 1731 *frm++ = 0; /* CFP count */ 1732 *frm++ = 2; /* CFP period */ 1733 ADDSHORT(frm, 0); /* CFP MaxDuration (TU) */ 1734 ADDSHORT(frm, 0); /* CFP CurRemaining (TU) */ 1735 return frm; 1736#undef ADDSHORT 1737} 1738 1739static __inline uint8_t * 1740add_appie(uint8_t *frm, const struct ieee80211_appie *ie) 1741{ 1742 memcpy(frm, ie->ie_data, ie->ie_len); 1743 return frm + ie->ie_len; 1744} 1745 1746static __inline uint8_t * 1747add_ie(uint8_t *frm, const uint8_t *ie) 1748{ 1749 memcpy(frm, ie, 2 + ie[1]); 1750 return frm + 2 + ie[1]; 1751} 1752 1753#define WME_OUI_BYTES 0x00, 0x50, 0xf2 1754/* 1755 * Add a WME information element to a frame. 1756 */ 1757static uint8_t * 1758ieee80211_add_wme_info(uint8_t *frm, struct ieee80211_wme_state *wme) 1759{ 1760 static const struct ieee80211_wme_info info = { 1761 .wme_id = IEEE80211_ELEMID_VENDOR, 1762 .wme_len = sizeof(struct ieee80211_wme_info) - 2, 1763 .wme_oui = { WME_OUI_BYTES }, 1764 .wme_type = WME_OUI_TYPE, 1765 .wme_subtype = WME_INFO_OUI_SUBTYPE, 1766 .wme_version = WME_VERSION, 1767 .wme_info = 0, 1768 }; 1769 memcpy(frm, &info, sizeof(info)); 1770 return frm + sizeof(info); 1771} 1772 1773/* 1774 * Add a WME parameters element to a frame. 1775 */ 1776static uint8_t * 1777ieee80211_add_wme_param(uint8_t *frm, struct ieee80211_wme_state *wme) 1778{ 1779#define SM(_v, _f) (((_v) << _f##_S) & _f) 1780#define ADDSHORT(frm, v) do { \ 1781 LE_WRITE_2(frm, v); \ 1782 frm += 2; \ 1783} while (0) 1784 /* NB: this works 'cuz a param has an info at the front */ 1785 static const struct ieee80211_wme_info param = { 1786 .wme_id = IEEE80211_ELEMID_VENDOR, 1787 .wme_len = sizeof(struct ieee80211_wme_param) - 2, 1788 .wme_oui = { WME_OUI_BYTES }, 1789 .wme_type = WME_OUI_TYPE, 1790 .wme_subtype = WME_PARAM_OUI_SUBTYPE, 1791 .wme_version = WME_VERSION, 1792 }; 1793 int i; 1794 1795 memcpy(frm, ¶m, sizeof(param)); 1796 frm += __offsetof(struct ieee80211_wme_info, wme_info); 1797 *frm++ = wme->wme_bssChanParams.cap_info; /* AC info */ 1798 *frm++ = 0; /* reserved field */ 1799 for (i = 0; i < WME_NUM_AC; i++) { 1800 const struct wmeParams *ac = 1801 &wme->wme_bssChanParams.cap_wmeParams[i]; 1802 *frm++ = SM(i, WME_PARAM_ACI) 1803 | SM(ac->wmep_acm, WME_PARAM_ACM) 1804 | SM(ac->wmep_aifsn, WME_PARAM_AIFSN) 1805 ; 1806 *frm++ = SM(ac->wmep_logcwmax, WME_PARAM_LOGCWMAX) 1807 | SM(ac->wmep_logcwmin, WME_PARAM_LOGCWMIN) 1808 ; 1809 ADDSHORT(frm, ac->wmep_txopLimit); 1810 } 1811 return frm; 1812#undef SM 1813#undef ADDSHORT 1814} 1815#undef WME_OUI_BYTES 1816 1817/* 1818 * Add an 11h Power Constraint element to a frame. 1819 */ 1820static uint8_t * 1821ieee80211_add_powerconstraint(uint8_t *frm, struct ieee80211vap *vap) 1822{ 1823 const struct ieee80211_channel *c = vap->iv_bss->ni_chan; 1824 /* XXX per-vap tx power limit? */ 1825 int8_t limit = vap->iv_ic->ic_txpowlimit / 2; 1826 1827 frm[0] = IEEE80211_ELEMID_PWRCNSTR; 1828 frm[1] = 1; 1829 frm[2] = c->ic_maxregpower > limit ? c->ic_maxregpower - limit : 0; 1830 return frm + 3; 1831} 1832 1833/* 1834 * Add an 11h Power Capability element to a frame. 1835 */ 1836static uint8_t * 1837ieee80211_add_powercapability(uint8_t *frm, const struct ieee80211_channel *c) 1838{ 1839 frm[0] = IEEE80211_ELEMID_PWRCAP; 1840 frm[1] = 2; 1841 frm[2] = c->ic_minpower; 1842 frm[3] = c->ic_maxpower; 1843 return frm + 4; 1844} 1845 1846/* 1847 * Add an 11h Supported Channels element to a frame. 1848 */ 1849static uint8_t * 1850ieee80211_add_supportedchannels(uint8_t *frm, struct ieee80211com *ic) 1851{ 1852 static const int ielen = 26; 1853 1854 frm[0] = IEEE80211_ELEMID_SUPPCHAN; 1855 frm[1] = ielen; 1856 /* XXX not correct */ 1857 memcpy(frm+2, ic->ic_chan_avail, ielen); 1858 return frm + 2 + ielen; 1859} 1860 1861/* 1862 * Add an 11h Quiet time element to a frame. 1863 */ 1864static uint8_t * 1865ieee80211_add_quiet(uint8_t *frm, struct ieee80211vap *vap) 1866{ 1867 struct ieee80211_quiet_ie *quiet = (struct ieee80211_quiet_ie *) frm; 1868 1869 quiet->quiet_ie = IEEE80211_ELEMID_QUIET; 1870 quiet->len = 6; 1871 if (vap->iv_quiet_count_value == 1) 1872 vap->iv_quiet_count_value = vap->iv_quiet_count; 1873 else if (vap->iv_quiet_count_value > 1) 1874 vap->iv_quiet_count_value--; 1875 1876 if (vap->iv_quiet_count_value == 0) { 1877 /* value 0 is reserved as per 802.11h standerd */ 1878 vap->iv_quiet_count_value = 1; 1879 } 1880 1881 quiet->tbttcount = vap->iv_quiet_count_value; 1882 quiet->period = vap->iv_quiet_period; 1883 quiet->duration = htole16(vap->iv_quiet_duration); 1884 quiet->offset = htole16(vap->iv_quiet_offset); 1885 return frm + sizeof(*quiet); 1886} 1887 1888/* 1889 * Add an 11h Channel Switch Announcement element to a frame. 1890 * Note that we use the per-vap CSA count to adjust the global 1891 * counter so we can use this routine to form probe response 1892 * frames and get the current count. 1893 */ 1894static uint8_t * 1895ieee80211_add_csa(uint8_t *frm, struct ieee80211vap *vap) 1896{ 1897 struct ieee80211com *ic = vap->iv_ic; 1898 struct ieee80211_csa_ie *csa = (struct ieee80211_csa_ie *) frm; 1899 1900 csa->csa_ie = IEEE80211_ELEMID_CSA; 1901 csa->csa_len = 3; 1902 csa->csa_mode = 1; /* XXX force quiet on channel */ 1903 csa->csa_newchan = ieee80211_chan2ieee(ic, ic->ic_csa_newchan); 1904 csa->csa_count = ic->ic_csa_count - vap->iv_csa_count; 1905 return frm + sizeof(*csa); 1906} 1907 1908/* 1909 * Add an 11h country information element to a frame. 1910 */ 1911static uint8_t * 1912ieee80211_add_countryie(uint8_t *frm, struct ieee80211com *ic) 1913{ 1914 1915 if (ic->ic_countryie == NULL || 1916 ic->ic_countryie_chan != ic->ic_bsschan) { 1917 /* 1918 * Handle lazy construction of ie. This is done on 1919 * first use and after a channel change that requires 1920 * re-calculation. 1921 */ 1922 if (ic->ic_countryie != NULL) 1923 free(ic->ic_countryie, M_80211_NODE_IE); 1924 ic->ic_countryie = ieee80211_alloc_countryie(ic); 1925 if (ic->ic_countryie == NULL) 1926 return frm; 1927 ic->ic_countryie_chan = ic->ic_bsschan; 1928 } 1929 return add_appie(frm, ic->ic_countryie); 1930} 1931 1932uint8_t * 1933ieee80211_add_wpa(uint8_t *frm, const struct ieee80211vap *vap) 1934{ 1935 if (vap->iv_flags & IEEE80211_F_WPA1 && vap->iv_wpa_ie != NULL) 1936 return (add_ie(frm, vap->iv_wpa_ie)); 1937 else { 1938 /* XXX else complain? */ 1939 return (frm); 1940 } 1941} 1942 1943uint8_t * 1944ieee80211_add_rsn(uint8_t *frm, const struct ieee80211vap *vap) 1945{ 1946 if (vap->iv_flags & IEEE80211_F_WPA2 && vap->iv_rsn_ie != NULL) 1947 return (add_ie(frm, vap->iv_rsn_ie)); 1948 else { 1949 /* XXX else complain? */ 1950 return (frm); 1951 } 1952} 1953 1954uint8_t * 1955ieee80211_add_qos(uint8_t *frm, const struct ieee80211_node *ni) 1956{ 1957 if (ni->ni_flags & IEEE80211_NODE_QOS) { 1958 *frm++ = IEEE80211_ELEMID_QOS; 1959 *frm++ = 1; 1960 *frm++ = 0; 1961 } 1962 1963 return (frm); 1964} 1965 1966/* 1967 * Send a probe request frame with the specified ssid 1968 * and any optional information element data. 1969 */ 1970int 1971ieee80211_send_probereq(struct ieee80211_node *ni, 1972 const uint8_t sa[IEEE80211_ADDR_LEN], 1973 const uint8_t da[IEEE80211_ADDR_LEN], 1974 const uint8_t bssid[IEEE80211_ADDR_LEN], 1975 const uint8_t *ssid, size_t ssidlen) 1976{ 1977 struct ieee80211vap *vap = ni->ni_vap; 1978 struct ieee80211com *ic = ni->ni_ic; 1979 const struct ieee80211_txparam *tp; 1980 struct ieee80211_bpf_params params; 1981 struct ieee80211_frame *wh; 1982 const struct ieee80211_rateset *rs; 1983 struct mbuf *m; 1984 uint8_t *frm; 1985 int ret; 1986 1987 if (vap->iv_state == IEEE80211_S_CAC) { 1988 IEEE80211_NOTE(vap, IEEE80211_MSG_OUTPUT, ni, 1989 "block %s frame in CAC state", "probe request"); 1990 vap->iv_stats.is_tx_badstate++; 1991 return EIO; /* XXX */ 1992 } 1993 1994 /* 1995 * Hold a reference on the node so it doesn't go away until after 1996 * the xmit is complete all the way in the driver. On error we 1997 * will remove our reference. 1998 */ 1999 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 2000 "ieee80211_ref_node (%s:%u) %p<%s> refcnt %d\n", 2001 __func__, __LINE__, 2002 ni, ether_sprintf(ni->ni_macaddr), 2003 ieee80211_node_refcnt(ni)+1); 2004 ieee80211_ref_node(ni); 2005 2006 /* 2007 * prreq frame format 2008 * [tlv] ssid 2009 * [tlv] supported rates 2010 * [tlv] RSN (optional) 2011 * [tlv] extended supported rates 2012 * [tlv] WPA (optional) 2013 * [tlv] user-specified ie's 2014 */ 2015 m = ieee80211_getmgtframe(&frm, 2016 ic->ic_headroom + sizeof(struct ieee80211_frame), 2017 2 + IEEE80211_NWID_LEN 2018 + 2 + IEEE80211_RATE_SIZE 2019 + sizeof(struct ieee80211_ie_wpa) 2020 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE) 2021 + sizeof(struct ieee80211_ie_wpa) 2022 + (vap->iv_appie_probereq != NULL ? 2023 vap->iv_appie_probereq->ie_len : 0) 2024 ); 2025 if (m == NULL) { 2026 vap->iv_stats.is_tx_nobuf++; 2027 ieee80211_free_node(ni); 2028 return ENOMEM; 2029 } 2030 2031 frm = ieee80211_add_ssid(frm, ssid, ssidlen); 2032 rs = ieee80211_get_suprates(ic, ic->ic_curchan); 2033 frm = ieee80211_add_rates(frm, rs); 2034 frm = ieee80211_add_rsn(frm, vap); 2035 frm = ieee80211_add_xrates(frm, rs); 2036 frm = ieee80211_add_wpa(frm, vap); 2037 if (vap->iv_appie_probereq != NULL) 2038 frm = add_appie(frm, vap->iv_appie_probereq); 2039 m->m_pkthdr.len = m->m_len = frm - mtod(m, uint8_t *); 2040 2041 KASSERT(M_LEADINGSPACE(m) >= sizeof(struct ieee80211_frame), 2042 ("leading space %zd", M_LEADINGSPACE(m))); 2043 M_PREPEND(m, sizeof(struct ieee80211_frame), M_NOWAIT); 2044 if (m == NULL) { 2045 /* NB: cannot happen */ 2046 ieee80211_free_node(ni); 2047 return ENOMEM; 2048 } 2049 2050 IEEE80211_TX_LOCK(ic); 2051 wh = mtod(m, struct ieee80211_frame *); 2052 ieee80211_send_setup(ni, m, 2053 IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_REQ, 2054 IEEE80211_NONQOS_TID, sa, da, bssid); 2055 /* XXX power management? */ 2056 m->m_flags |= M_ENCAP; /* mark encapsulated */ 2057 2058 M_WME_SETAC(m, WME_AC_BE); 2059 2060 IEEE80211_NODE_STAT(ni, tx_probereq); 2061 IEEE80211_NODE_STAT(ni, tx_mgmt); 2062 2063 IEEE80211_DPRINTF(vap, IEEE80211_MSG_DEBUG | IEEE80211_MSG_DUMPPKTS, 2064 "send probe req on channel %u bssid %s ssid \"%.*s\"\n", 2065 ieee80211_chan2ieee(ic, ic->ic_curchan), ether_sprintf(bssid), 2066 ssidlen, ssid); 2067 2068 memset(¶ms, 0, sizeof(params)); 2069 params.ibp_pri = M_WME_GETAC(m); 2070 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2071 params.ibp_rate0 = tp->mgmtrate; 2072 if (IEEE80211_IS_MULTICAST(da)) { 2073 params.ibp_flags |= IEEE80211_BPF_NOACK; 2074 params.ibp_try0 = 1; 2075 } else 2076 params.ibp_try0 = tp->maxretry; 2077 params.ibp_power = ni->ni_txpower; 2078 ret = ieee80211_raw_output(vap, ni, m, ¶ms); 2079 IEEE80211_TX_UNLOCK(ic); 2080 return (ret); 2081} 2082 2083/* 2084 * Calculate capability information for mgt frames. 2085 */ 2086uint16_t 2087ieee80211_getcapinfo(struct ieee80211vap *vap, struct ieee80211_channel *chan) 2088{ 2089 struct ieee80211com *ic = vap->iv_ic; 2090 uint16_t capinfo; 2091 2092 KASSERT(vap->iv_opmode != IEEE80211_M_STA, ("station mode")); 2093 2094 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2095 capinfo = IEEE80211_CAPINFO_ESS; 2096 else if (vap->iv_opmode == IEEE80211_M_IBSS) 2097 capinfo = IEEE80211_CAPINFO_IBSS; 2098 else 2099 capinfo = 0; 2100 if (vap->iv_flags & IEEE80211_F_PRIVACY) 2101 capinfo |= IEEE80211_CAPINFO_PRIVACY; 2102 if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) && 2103 IEEE80211_IS_CHAN_2GHZ(chan)) 2104 capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE; 2105 if (ic->ic_flags & IEEE80211_F_SHSLOT) 2106 capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME; 2107 if (IEEE80211_IS_CHAN_5GHZ(chan) && (vap->iv_flags & IEEE80211_F_DOTH)) 2108 capinfo |= IEEE80211_CAPINFO_SPECTRUM_MGMT; 2109 return capinfo; 2110} 2111 2112/* 2113 * Send a management frame. The node is for the destination (or ic_bss 2114 * when in station mode). Nodes other than ic_bss have their reference 2115 * count bumped to reflect our use for an indeterminant time. 2116 */ 2117int 2118ieee80211_send_mgmt(struct ieee80211_node *ni, int type, int arg) 2119{ 2120#define HTFLAGS (IEEE80211_NODE_HT | IEEE80211_NODE_HTCOMPAT) 2121#define senderr(_x, _v) do { vap->iv_stats._v++; ret = _x; goto bad; } while (0) 2122 struct ieee80211vap *vap = ni->ni_vap; 2123 struct ieee80211com *ic = ni->ni_ic; 2124 struct ieee80211_node *bss = vap->iv_bss; 2125 struct ieee80211_bpf_params params; 2126 struct mbuf *m; 2127 uint8_t *frm; 2128 uint16_t capinfo; 2129 int has_challenge, is_shared_key, ret, status; 2130 2131 KASSERT(ni != NULL, ("null node")); 2132 2133 /* 2134 * Hold a reference on the node so it doesn't go away until after 2135 * the xmit is complete all the way in the driver. On error we 2136 * will remove our reference. 2137 */ 2138 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 2139 "ieee80211_ref_node (%s:%u) %p<%s> refcnt %d\n", 2140 __func__, __LINE__, 2141 ni, ether_sprintf(ni->ni_macaddr), 2142 ieee80211_node_refcnt(ni)+1); 2143 ieee80211_ref_node(ni); 2144 2145 memset(¶ms, 0, sizeof(params)); 2146 switch (type) { 2147 2148 case IEEE80211_FC0_SUBTYPE_AUTH: 2149 status = arg >> 16; 2150 arg &= 0xffff; 2151 has_challenge = ((arg == IEEE80211_AUTH_SHARED_CHALLENGE || 2152 arg == IEEE80211_AUTH_SHARED_RESPONSE) && 2153 ni->ni_challenge != NULL); 2154 2155 /* 2156 * Deduce whether we're doing open authentication or 2157 * shared key authentication. We do the latter if 2158 * we're in the middle of a shared key authentication 2159 * handshake or if we're initiating an authentication 2160 * request and configured to use shared key. 2161 */ 2162 is_shared_key = has_challenge || 2163 arg >= IEEE80211_AUTH_SHARED_RESPONSE || 2164 (arg == IEEE80211_AUTH_SHARED_REQUEST && 2165 bss->ni_authmode == IEEE80211_AUTH_SHARED); 2166 2167 m = ieee80211_getmgtframe(&frm, 2168 ic->ic_headroom + sizeof(struct ieee80211_frame), 2169 3 * sizeof(uint16_t) 2170 + (has_challenge && status == IEEE80211_STATUS_SUCCESS ? 2171 sizeof(uint16_t)+IEEE80211_CHALLENGE_LEN : 0) 2172 ); 2173 if (m == NULL) 2174 senderr(ENOMEM, is_tx_nobuf); 2175 2176 ((uint16_t *)frm)[0] = 2177 (is_shared_key) ? htole16(IEEE80211_AUTH_ALG_SHARED) 2178 : htole16(IEEE80211_AUTH_ALG_OPEN); 2179 ((uint16_t *)frm)[1] = htole16(arg); /* sequence number */ 2180 ((uint16_t *)frm)[2] = htole16(status);/* status */ 2181 2182 if (has_challenge && status == IEEE80211_STATUS_SUCCESS) { 2183 ((uint16_t *)frm)[3] = 2184 htole16((IEEE80211_CHALLENGE_LEN << 8) | 2185 IEEE80211_ELEMID_CHALLENGE); 2186 memcpy(&((uint16_t *)frm)[4], ni->ni_challenge, 2187 IEEE80211_CHALLENGE_LEN); 2188 m->m_pkthdr.len = m->m_len = 2189 4 * sizeof(uint16_t) + IEEE80211_CHALLENGE_LEN; 2190 if (arg == IEEE80211_AUTH_SHARED_RESPONSE) { 2191 IEEE80211_NOTE(vap, IEEE80211_MSG_AUTH, ni, 2192 "request encrypt frame (%s)", __func__); 2193 /* mark frame for encryption */ 2194 params.ibp_flags |= IEEE80211_BPF_CRYPTO; 2195 } 2196 } else 2197 m->m_pkthdr.len = m->m_len = 3 * sizeof(uint16_t); 2198 2199 /* XXX not right for shared key */ 2200 if (status == IEEE80211_STATUS_SUCCESS) 2201 IEEE80211_NODE_STAT(ni, tx_auth); 2202 else 2203 IEEE80211_NODE_STAT(ni, tx_auth_fail); 2204 2205 if (vap->iv_opmode == IEEE80211_M_STA) 2206 ieee80211_add_callback(m, ieee80211_tx_mgt_cb, 2207 (void *) vap->iv_state); 2208 break; 2209 2210 case IEEE80211_FC0_SUBTYPE_DEAUTH: 2211 IEEE80211_NOTE(vap, IEEE80211_MSG_AUTH, ni, 2212 "send station deauthenticate (reason %d)", arg); 2213 m = ieee80211_getmgtframe(&frm, 2214 ic->ic_headroom + sizeof(struct ieee80211_frame), 2215 sizeof(uint16_t)); 2216 if (m == NULL) 2217 senderr(ENOMEM, is_tx_nobuf); 2218 *(uint16_t *)frm = htole16(arg); /* reason */ 2219 m->m_pkthdr.len = m->m_len = sizeof(uint16_t); 2220 2221 IEEE80211_NODE_STAT(ni, tx_deauth); 2222 IEEE80211_NODE_STAT_SET(ni, tx_deauth_code, arg); 2223 2224 ieee80211_node_unauthorize(ni); /* port closed */ 2225 break; 2226 2227 case IEEE80211_FC0_SUBTYPE_ASSOC_REQ: 2228 case IEEE80211_FC0_SUBTYPE_REASSOC_REQ: 2229 /* 2230 * asreq frame format 2231 * [2] capability information 2232 * [2] listen interval 2233 * [6*] current AP address (reassoc only) 2234 * [tlv] ssid 2235 * [tlv] supported rates 2236 * [tlv] extended supported rates 2237 * [4] power capability (optional) 2238 * [28] supported channels (optional) 2239 * [tlv] HT capabilities 2240 * [tlv] WME (optional) 2241 * [tlv] Vendor OUI HT capabilities (optional) 2242 * [tlv] Atheros capabilities (if negotiated) 2243 * [tlv] AppIE's (optional) 2244 */ 2245 m = ieee80211_getmgtframe(&frm, 2246 ic->ic_headroom + sizeof(struct ieee80211_frame), 2247 sizeof(uint16_t) 2248 + sizeof(uint16_t) 2249 + IEEE80211_ADDR_LEN 2250 + 2 + IEEE80211_NWID_LEN 2251 + 2 + IEEE80211_RATE_SIZE 2252 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE) 2253 + 4 2254 + 2 + 26 2255 + sizeof(struct ieee80211_wme_info) 2256 + sizeof(struct ieee80211_ie_htcap) 2257 + 4 + sizeof(struct ieee80211_ie_htcap) 2258#ifdef IEEE80211_SUPPORT_SUPERG 2259 + sizeof(struct ieee80211_ath_ie) 2260#endif 2261 + (vap->iv_appie_wpa != NULL ? 2262 vap->iv_appie_wpa->ie_len : 0) 2263 + (vap->iv_appie_assocreq != NULL ? 2264 vap->iv_appie_assocreq->ie_len : 0) 2265 ); 2266 if (m == NULL) 2267 senderr(ENOMEM, is_tx_nobuf); 2268 2269 KASSERT(vap->iv_opmode == IEEE80211_M_STA, 2270 ("wrong mode %u", vap->iv_opmode)); 2271 capinfo = IEEE80211_CAPINFO_ESS; 2272 if (vap->iv_flags & IEEE80211_F_PRIVACY) 2273 capinfo |= IEEE80211_CAPINFO_PRIVACY; 2274 /* 2275 * NB: Some 11a AP's reject the request when 2276 * short premable is set. 2277 */ 2278 if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) && 2279 IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan)) 2280 capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE; 2281 if (IEEE80211_IS_CHAN_ANYG(ic->ic_curchan) && 2282 (ic->ic_caps & IEEE80211_C_SHSLOT)) 2283 capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME; 2284 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SPECTRUM_MGMT) && 2285 (vap->iv_flags & IEEE80211_F_DOTH)) 2286 capinfo |= IEEE80211_CAPINFO_SPECTRUM_MGMT; 2287 *(uint16_t *)frm = htole16(capinfo); 2288 frm += 2; 2289 2290 KASSERT(bss->ni_intval != 0, ("beacon interval is zero!")); 2291 *(uint16_t *)frm = htole16(howmany(ic->ic_lintval, 2292 bss->ni_intval)); 2293 frm += 2; 2294 2295 if (type == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) { 2296 IEEE80211_ADDR_COPY(frm, bss->ni_bssid); 2297 frm += IEEE80211_ADDR_LEN; 2298 } 2299 2300 frm = ieee80211_add_ssid(frm, ni->ni_essid, ni->ni_esslen); 2301 frm = ieee80211_add_rates(frm, &ni->ni_rates); 2302 frm = ieee80211_add_rsn(frm, vap); 2303 frm = ieee80211_add_xrates(frm, &ni->ni_rates); 2304 if (capinfo & IEEE80211_CAPINFO_SPECTRUM_MGMT) { 2305 frm = ieee80211_add_powercapability(frm, 2306 ic->ic_curchan); 2307 frm = ieee80211_add_supportedchannels(frm, ic); 2308 } 2309 if ((vap->iv_flags_ht & IEEE80211_FHT_HT) && 2310 ni->ni_ies.htcap_ie != NULL && 2311 ni->ni_ies.htcap_ie[0] == IEEE80211_ELEMID_HTCAP) 2312 frm = ieee80211_add_htcap(frm, ni); 2313 frm = ieee80211_add_wpa(frm, vap); 2314 if ((ic->ic_flags & IEEE80211_F_WME) && 2315 ni->ni_ies.wme_ie != NULL) 2316 frm = ieee80211_add_wme_info(frm, &ic->ic_wme); 2317 if ((vap->iv_flags_ht & IEEE80211_FHT_HT) && 2318 ni->ni_ies.htcap_ie != NULL && 2319 ni->ni_ies.htcap_ie[0] == IEEE80211_ELEMID_VENDOR) 2320 frm = ieee80211_add_htcap_vendor(frm, ni); 2321#ifdef IEEE80211_SUPPORT_SUPERG 2322 if (IEEE80211_ATH_CAP(vap, ni, IEEE80211_F_ATHEROS)) { 2323 frm = ieee80211_add_ath(frm, 2324 IEEE80211_ATH_CAP(vap, ni, IEEE80211_F_ATHEROS), 2325 ((vap->iv_flags & IEEE80211_F_WPA) == 0 && 2326 ni->ni_authmode != IEEE80211_AUTH_8021X) ? 2327 vap->iv_def_txkey : IEEE80211_KEYIX_NONE); 2328 } 2329#endif /* IEEE80211_SUPPORT_SUPERG */ 2330 if (vap->iv_appie_assocreq != NULL) 2331 frm = add_appie(frm, vap->iv_appie_assocreq); 2332 m->m_pkthdr.len = m->m_len = frm - mtod(m, uint8_t *); 2333 2334 ieee80211_add_callback(m, ieee80211_tx_mgt_cb, 2335 (void *) vap->iv_state); 2336 break; 2337 2338 case IEEE80211_FC0_SUBTYPE_ASSOC_RESP: 2339 case IEEE80211_FC0_SUBTYPE_REASSOC_RESP: 2340 /* 2341 * asresp frame format 2342 * [2] capability information 2343 * [2] status 2344 * [2] association ID 2345 * [tlv] supported rates 2346 * [tlv] extended supported rates 2347 * [tlv] HT capabilities (standard, if STA enabled) 2348 * [tlv] HT information (standard, if STA enabled) 2349 * [tlv] WME (if configured and STA enabled) 2350 * [tlv] HT capabilities (vendor OUI, if STA enabled) 2351 * [tlv] HT information (vendor OUI, if STA enabled) 2352 * [tlv] Atheros capabilities (if STA enabled) 2353 * [tlv] AppIE's (optional) 2354 */ 2355 m = ieee80211_getmgtframe(&frm, 2356 ic->ic_headroom + sizeof(struct ieee80211_frame), 2357 sizeof(uint16_t) 2358 + sizeof(uint16_t) 2359 + sizeof(uint16_t) 2360 + 2 + IEEE80211_RATE_SIZE 2361 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE) 2362 + sizeof(struct ieee80211_ie_htcap) + 4 2363 + sizeof(struct ieee80211_ie_htinfo) + 4 2364 + sizeof(struct ieee80211_wme_param) 2365#ifdef IEEE80211_SUPPORT_SUPERG 2366 + sizeof(struct ieee80211_ath_ie) 2367#endif 2368 + (vap->iv_appie_assocresp != NULL ? 2369 vap->iv_appie_assocresp->ie_len : 0) 2370 ); 2371 if (m == NULL) 2372 senderr(ENOMEM, is_tx_nobuf); 2373 2374 capinfo = ieee80211_getcapinfo(vap, bss->ni_chan); 2375 *(uint16_t *)frm = htole16(capinfo); 2376 frm += 2; 2377 2378 *(uint16_t *)frm = htole16(arg); /* status */ 2379 frm += 2; 2380 2381 if (arg == IEEE80211_STATUS_SUCCESS) { 2382 *(uint16_t *)frm = htole16(ni->ni_associd); 2383 IEEE80211_NODE_STAT(ni, tx_assoc); 2384 } else 2385 IEEE80211_NODE_STAT(ni, tx_assoc_fail); 2386 frm += 2; 2387 2388 frm = ieee80211_add_rates(frm, &ni->ni_rates); 2389 frm = ieee80211_add_xrates(frm, &ni->ni_rates); 2390 /* NB: respond according to what we received */ 2391 if ((ni->ni_flags & HTFLAGS) == IEEE80211_NODE_HT) { 2392 frm = ieee80211_add_htcap(frm, ni); 2393 frm = ieee80211_add_htinfo(frm, ni); 2394 } 2395 if ((vap->iv_flags & IEEE80211_F_WME) && 2396 ni->ni_ies.wme_ie != NULL) 2397 frm = ieee80211_add_wme_param(frm, &ic->ic_wme); 2398 if ((ni->ni_flags & HTFLAGS) == HTFLAGS) { 2399 frm = ieee80211_add_htcap_vendor(frm, ni); 2400 frm = ieee80211_add_htinfo_vendor(frm, ni); 2401 } 2402#ifdef IEEE80211_SUPPORT_SUPERG 2403 if (IEEE80211_ATH_CAP(vap, ni, IEEE80211_F_ATHEROS)) 2404 frm = ieee80211_add_ath(frm, 2405 IEEE80211_ATH_CAP(vap, ni, IEEE80211_F_ATHEROS), 2406 ((vap->iv_flags & IEEE80211_F_WPA) == 0 && 2407 ni->ni_authmode != IEEE80211_AUTH_8021X) ? 2408 vap->iv_def_txkey : IEEE80211_KEYIX_NONE); 2409#endif /* IEEE80211_SUPPORT_SUPERG */ 2410 if (vap->iv_appie_assocresp != NULL) 2411 frm = add_appie(frm, vap->iv_appie_assocresp); 2412 m->m_pkthdr.len = m->m_len = frm - mtod(m, uint8_t *); 2413 break; 2414 2415 case IEEE80211_FC0_SUBTYPE_DISASSOC: 2416 IEEE80211_NOTE(vap, IEEE80211_MSG_ASSOC, ni, 2417 "send station disassociate (reason %d)", arg); 2418 m = ieee80211_getmgtframe(&frm, 2419 ic->ic_headroom + sizeof(struct ieee80211_frame), 2420 sizeof(uint16_t)); 2421 if (m == NULL) 2422 senderr(ENOMEM, is_tx_nobuf); 2423 *(uint16_t *)frm = htole16(arg); /* reason */ 2424 m->m_pkthdr.len = m->m_len = sizeof(uint16_t); 2425 2426 IEEE80211_NODE_STAT(ni, tx_disassoc); 2427 IEEE80211_NODE_STAT_SET(ni, tx_disassoc_code, arg); 2428 break; 2429 2430 default: 2431 IEEE80211_NOTE(vap, IEEE80211_MSG_ANY, ni, 2432 "invalid mgmt frame type %u", type); 2433 senderr(EINVAL, is_tx_unknownmgt); 2434 /* NOTREACHED */ 2435 } 2436 2437 /* NB: force non-ProbeResp frames to the highest queue */ 2438 params.ibp_pri = WME_AC_VO; 2439 params.ibp_rate0 = bss->ni_txparms->mgmtrate; 2440 /* NB: we know all frames are unicast */ 2441 params.ibp_try0 = bss->ni_txparms->maxretry; 2442 params.ibp_power = bss->ni_txpower; 2443 return ieee80211_mgmt_output(ni, m, type, ¶ms); 2444bad: 2445 ieee80211_free_node(ni); 2446 return ret; 2447#undef senderr 2448#undef HTFLAGS 2449} 2450 2451/* 2452 * Return an mbuf with a probe response frame in it. 2453 * Space is left to prepend and 802.11 header at the 2454 * front but it's left to the caller to fill in. 2455 */ 2456struct mbuf * 2457ieee80211_alloc_proberesp(struct ieee80211_node *bss, int legacy) 2458{ 2459 struct ieee80211vap *vap = bss->ni_vap; 2460 struct ieee80211com *ic = bss->ni_ic; 2461 const struct ieee80211_rateset *rs; 2462 struct mbuf *m; 2463 uint16_t capinfo; 2464 uint8_t *frm; 2465 2466 /* 2467 * probe response frame format 2468 * [8] time stamp 2469 * [2] beacon interval 2470 * [2] cabability information 2471 * [tlv] ssid 2472 * [tlv] supported rates 2473 * [tlv] parameter set (FH/DS) 2474 * [tlv] parameter set (IBSS) 2475 * [tlv] country (optional) 2476 * [3] power control (optional) 2477 * [5] channel switch announcement (CSA) (optional) 2478 * [tlv] extended rate phy (ERP) 2479 * [tlv] extended supported rates 2480 * [tlv] RSN (optional) 2481 * [tlv] HT capabilities 2482 * [tlv] HT information 2483 * [tlv] WPA (optional) 2484 * [tlv] WME (optional) 2485 * [tlv] Vendor OUI HT capabilities (optional) 2486 * [tlv] Vendor OUI HT information (optional) 2487 * [tlv] Atheros capabilities 2488 * [tlv] AppIE's (optional) 2489 * [tlv] Mesh ID (MBSS) 2490 * [tlv] Mesh Conf (MBSS) 2491 */ 2492 m = ieee80211_getmgtframe(&frm, 2493 ic->ic_headroom + sizeof(struct ieee80211_frame), 2494 8 2495 + sizeof(uint16_t) 2496 + sizeof(uint16_t) 2497 + 2 + IEEE80211_NWID_LEN 2498 + 2 + IEEE80211_RATE_SIZE 2499 + 7 /* max(7,3) */ 2500 + IEEE80211_COUNTRY_MAX_SIZE 2501 + 3 2502 + sizeof(struct ieee80211_csa_ie) 2503 + sizeof(struct ieee80211_quiet_ie) 2504 + 3 2505 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE) 2506 + sizeof(struct ieee80211_ie_wpa) 2507 + sizeof(struct ieee80211_ie_htcap) 2508 + sizeof(struct ieee80211_ie_htinfo) 2509 + sizeof(struct ieee80211_ie_wpa) 2510 + sizeof(struct ieee80211_wme_param) 2511 + 4 + sizeof(struct ieee80211_ie_htcap) 2512 + 4 + sizeof(struct ieee80211_ie_htinfo) 2513#ifdef IEEE80211_SUPPORT_SUPERG 2514 + sizeof(struct ieee80211_ath_ie) 2515#endif 2516#ifdef IEEE80211_SUPPORT_MESH 2517 + 2 + IEEE80211_MESHID_LEN 2518 + sizeof(struct ieee80211_meshconf_ie) 2519#endif 2520 + (vap->iv_appie_proberesp != NULL ? 2521 vap->iv_appie_proberesp->ie_len : 0) 2522 ); 2523 if (m == NULL) { 2524 vap->iv_stats.is_tx_nobuf++; 2525 return NULL; 2526 } 2527 2528 memset(frm, 0, 8); /* timestamp should be filled later */ 2529 frm += 8; 2530 *(uint16_t *)frm = htole16(bss->ni_intval); 2531 frm += 2; 2532 capinfo = ieee80211_getcapinfo(vap, bss->ni_chan); 2533 *(uint16_t *)frm = htole16(capinfo); 2534 frm += 2; 2535 2536 frm = ieee80211_add_ssid(frm, bss->ni_essid, bss->ni_esslen); 2537 rs = ieee80211_get_suprates(ic, bss->ni_chan); 2538 frm = ieee80211_add_rates(frm, rs); 2539 2540 if (IEEE80211_IS_CHAN_FHSS(bss->ni_chan)) { 2541 *frm++ = IEEE80211_ELEMID_FHPARMS; 2542 *frm++ = 5; 2543 *frm++ = bss->ni_fhdwell & 0x00ff; 2544 *frm++ = (bss->ni_fhdwell >> 8) & 0x00ff; 2545 *frm++ = IEEE80211_FH_CHANSET( 2546 ieee80211_chan2ieee(ic, bss->ni_chan)); 2547 *frm++ = IEEE80211_FH_CHANPAT( 2548 ieee80211_chan2ieee(ic, bss->ni_chan)); 2549 *frm++ = bss->ni_fhindex; 2550 } else { 2551 *frm++ = IEEE80211_ELEMID_DSPARMS; 2552 *frm++ = 1; 2553 *frm++ = ieee80211_chan2ieee(ic, bss->ni_chan); 2554 } 2555 2556 if (vap->iv_opmode == IEEE80211_M_IBSS) { 2557 *frm++ = IEEE80211_ELEMID_IBSSPARMS; 2558 *frm++ = 2; 2559 *frm++ = 0; *frm++ = 0; /* TODO: ATIM window */ 2560 } 2561 if ((vap->iv_flags & IEEE80211_F_DOTH) || 2562 (vap->iv_flags_ext & IEEE80211_FEXT_DOTD)) 2563 frm = ieee80211_add_countryie(frm, ic); 2564 if (vap->iv_flags & IEEE80211_F_DOTH) { 2565 if (IEEE80211_IS_CHAN_5GHZ(bss->ni_chan)) 2566 frm = ieee80211_add_powerconstraint(frm, vap); 2567 if (ic->ic_flags & IEEE80211_F_CSAPENDING) 2568 frm = ieee80211_add_csa(frm, vap); 2569 } 2570 if (vap->iv_flags & IEEE80211_F_DOTH) { 2571 if (IEEE80211_IS_CHAN_DFS(ic->ic_bsschan) && 2572 (vap->iv_flags_ext & IEEE80211_FEXT_DFS)) { 2573 if (vap->iv_quiet) 2574 frm = ieee80211_add_quiet(frm, vap); 2575 } 2576 } 2577 if (IEEE80211_IS_CHAN_ANYG(bss->ni_chan)) 2578 frm = ieee80211_add_erp(frm, ic); 2579 frm = ieee80211_add_xrates(frm, rs); 2580 frm = ieee80211_add_rsn(frm, vap); 2581 /* 2582 * NB: legacy 11b clients do not get certain ie's. 2583 * The caller identifies such clients by passing 2584 * a token in legacy to us. Could expand this to be 2585 * any legacy client for stuff like HT ie's. 2586 */ 2587 if (IEEE80211_IS_CHAN_HT(bss->ni_chan) && 2588 legacy != IEEE80211_SEND_LEGACY_11B) { 2589 frm = ieee80211_add_htcap(frm, bss); 2590 frm = ieee80211_add_htinfo(frm, bss); 2591 } 2592 frm = ieee80211_add_wpa(frm, vap); 2593 if (vap->iv_flags & IEEE80211_F_WME) 2594 frm = ieee80211_add_wme_param(frm, &ic->ic_wme); 2595 if (IEEE80211_IS_CHAN_HT(bss->ni_chan) && 2596 (vap->iv_flags_ht & IEEE80211_FHT_HTCOMPAT) && 2597 legacy != IEEE80211_SEND_LEGACY_11B) { 2598 frm = ieee80211_add_htcap_vendor(frm, bss); 2599 frm = ieee80211_add_htinfo_vendor(frm, bss); 2600 } 2601#ifdef IEEE80211_SUPPORT_SUPERG 2602 if ((vap->iv_flags & IEEE80211_F_ATHEROS) && 2603 legacy != IEEE80211_SEND_LEGACY_11B) 2604 frm = ieee80211_add_athcaps(frm, bss); 2605#endif 2606 if (vap->iv_appie_proberesp != NULL) 2607 frm = add_appie(frm, vap->iv_appie_proberesp); 2608#ifdef IEEE80211_SUPPORT_MESH 2609 if (vap->iv_opmode == IEEE80211_M_MBSS) { 2610 frm = ieee80211_add_meshid(frm, vap); 2611 frm = ieee80211_add_meshconf(frm, vap); 2612 } 2613#endif 2614 m->m_pkthdr.len = m->m_len = frm - mtod(m, uint8_t *); 2615 2616 return m; 2617} 2618 2619/* 2620 * Send a probe response frame to the specified mac address. 2621 * This does not go through the normal mgt frame api so we 2622 * can specify the destination address and re-use the bss node 2623 * for the sta reference. 2624 */ 2625int 2626ieee80211_send_proberesp(struct ieee80211vap *vap, 2627 const uint8_t da[IEEE80211_ADDR_LEN], int legacy) 2628{ 2629 struct ieee80211_node *bss = vap->iv_bss; 2630 struct ieee80211com *ic = vap->iv_ic; 2631 struct ieee80211_frame *wh; 2632 struct mbuf *m; 2633 int ret; 2634 2635 if (vap->iv_state == IEEE80211_S_CAC) { 2636 IEEE80211_NOTE(vap, IEEE80211_MSG_OUTPUT, bss, 2637 "block %s frame in CAC state", "probe response"); 2638 vap->iv_stats.is_tx_badstate++; 2639 return EIO; /* XXX */ 2640 } 2641 2642 /* 2643 * Hold a reference on the node so it doesn't go away until after 2644 * the xmit is complete all the way in the driver. On error we 2645 * will remove our reference. 2646 */ 2647 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 2648 "ieee80211_ref_node (%s:%u) %p<%s> refcnt %d\n", 2649 __func__, __LINE__, bss, ether_sprintf(bss->ni_macaddr), 2650 ieee80211_node_refcnt(bss)+1); 2651 ieee80211_ref_node(bss); 2652 2653 m = ieee80211_alloc_proberesp(bss, legacy); 2654 if (m == NULL) { 2655 ieee80211_free_node(bss); 2656 return ENOMEM; 2657 } 2658 2659 M_PREPEND(m, sizeof(struct ieee80211_frame), M_NOWAIT); 2660 KASSERT(m != NULL, ("no room for header")); 2661 2662 IEEE80211_TX_LOCK(ic); 2663 wh = mtod(m, struct ieee80211_frame *); 2664 ieee80211_send_setup(bss, m, 2665 IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP, 2666 IEEE80211_NONQOS_TID, vap->iv_myaddr, da, bss->ni_bssid); 2667 /* XXX power management? */ 2668 m->m_flags |= M_ENCAP; /* mark encapsulated */ 2669 2670 M_WME_SETAC(m, WME_AC_BE); 2671 2672 IEEE80211_DPRINTF(vap, IEEE80211_MSG_DEBUG | IEEE80211_MSG_DUMPPKTS, 2673 "send probe resp on channel %u to %s%s\n", 2674 ieee80211_chan2ieee(ic, ic->ic_curchan), ether_sprintf(da), 2675 legacy ? " <legacy>" : ""); 2676 IEEE80211_NODE_STAT(bss, tx_mgmt); 2677 2678 ret = ieee80211_raw_output(vap, bss, m, NULL); 2679 IEEE80211_TX_UNLOCK(ic); 2680 return (ret); 2681} 2682 2683/* 2684 * Allocate and build a RTS (Request To Send) control frame. 2685 */ 2686struct mbuf * 2687ieee80211_alloc_rts(struct ieee80211com *ic, 2688 const uint8_t ra[IEEE80211_ADDR_LEN], 2689 const uint8_t ta[IEEE80211_ADDR_LEN], 2690 uint16_t dur) 2691{ 2692 struct ieee80211_frame_rts *rts; 2693 struct mbuf *m; 2694 2695 /* XXX honor ic_headroom */ 2696 m = m_gethdr(M_NOWAIT, MT_DATA); 2697 if (m != NULL) { 2698 rts = mtod(m, struct ieee80211_frame_rts *); 2699 rts->i_fc[0] = IEEE80211_FC0_VERSION_0 | 2700 IEEE80211_FC0_TYPE_CTL | IEEE80211_FC0_SUBTYPE_RTS; 2701 rts->i_fc[1] = IEEE80211_FC1_DIR_NODS; 2702 *(u_int16_t *)rts->i_dur = htole16(dur); 2703 IEEE80211_ADDR_COPY(rts->i_ra, ra); 2704 IEEE80211_ADDR_COPY(rts->i_ta, ta); 2705 2706 m->m_pkthdr.len = m->m_len = sizeof(struct ieee80211_frame_rts); 2707 } 2708 return m; 2709} 2710 2711/* 2712 * Allocate and build a CTS (Clear To Send) control frame. 2713 */ 2714struct mbuf * 2715ieee80211_alloc_cts(struct ieee80211com *ic, 2716 const uint8_t ra[IEEE80211_ADDR_LEN], uint16_t dur) 2717{ 2718 struct ieee80211_frame_cts *cts; 2719 struct mbuf *m; 2720 2721 /* XXX honor ic_headroom */ 2722 m = m_gethdr(M_NOWAIT, MT_DATA); 2723 if (m != NULL) { 2724 cts = mtod(m, struct ieee80211_frame_cts *); 2725 cts->i_fc[0] = IEEE80211_FC0_VERSION_0 | 2726 IEEE80211_FC0_TYPE_CTL | IEEE80211_FC0_SUBTYPE_CTS; 2727 cts->i_fc[1] = IEEE80211_FC1_DIR_NODS; 2728 *(u_int16_t *)cts->i_dur = htole16(dur); 2729 IEEE80211_ADDR_COPY(cts->i_ra, ra); 2730 2731 m->m_pkthdr.len = m->m_len = sizeof(struct ieee80211_frame_cts); 2732 } 2733 return m; 2734} 2735 2736static void 2737ieee80211_tx_mgt_timeout(void *arg) 2738{ 2739 struct ieee80211vap *vap = arg; 2740 2741 IEEE80211_LOCK(vap->iv_ic); 2742 if (vap->iv_state != IEEE80211_S_INIT && 2743 (vap->iv_ic->ic_flags & IEEE80211_F_SCAN) == 0) { 2744 /* 2745 * NB: it's safe to specify a timeout as the reason here; 2746 * it'll only be used in the right state. 2747 */ 2748 ieee80211_new_state_locked(vap, IEEE80211_S_SCAN, 2749 IEEE80211_SCAN_FAIL_TIMEOUT); 2750 } 2751 IEEE80211_UNLOCK(vap->iv_ic); 2752} 2753 2754/* 2755 * This is the callback set on net80211-sourced transmitted 2756 * authentication request frames. 2757 * 2758 * This does a couple of things: 2759 * 2760 * + If the frame transmitted was a success, it schedules a future 2761 * event which will transition the interface to scan. 2762 * If a state transition _then_ occurs before that event occurs, 2763 * said state transition will cancel this callout. 2764 * 2765 * + If the frame transmit was a failure, it immediately schedules 2766 * the transition back to scan. 2767 */ 2768static void 2769ieee80211_tx_mgt_cb(struct ieee80211_node *ni, void *arg, int status) 2770{ 2771 struct ieee80211vap *vap = ni->ni_vap; 2772 enum ieee80211_state ostate = (enum ieee80211_state) arg; 2773 2774 /* 2775 * Frame transmit completed; arrange timer callback. If 2776 * transmit was successfuly we wait for response. Otherwise 2777 * we arrange an immediate callback instead of doing the 2778 * callback directly since we don't know what state the driver 2779 * is in (e.g. what locks it is holding). This work should 2780 * not be too time-critical and not happen too often so the 2781 * added overhead is acceptable. 2782 * 2783 * XXX what happens if !acked but response shows up before callback? 2784 */ 2785 if (vap->iv_state == ostate) { 2786 callout_reset(&vap->iv_mgtsend, 2787 status == 0 ? IEEE80211_TRANS_WAIT*hz : 0, 2788 ieee80211_tx_mgt_timeout, vap); 2789 } 2790} 2791 2792static void 2793ieee80211_beacon_construct(struct mbuf *m, uint8_t *frm, 2794 struct ieee80211_beacon_offsets *bo, struct ieee80211_node *ni) 2795{ 2796 struct ieee80211vap *vap = ni->ni_vap; 2797 struct ieee80211com *ic = ni->ni_ic; 2798 struct ieee80211_rateset *rs = &ni->ni_rates; 2799 uint16_t capinfo; 2800 2801 /* 2802 * beacon frame format 2803 * [8] time stamp 2804 * [2] beacon interval 2805 * [2] cabability information 2806 * [tlv] ssid 2807 * [tlv] supported rates 2808 * [3] parameter set (DS) 2809 * [8] CF parameter set (optional) 2810 * [tlv] parameter set (IBSS/TIM) 2811 * [tlv] country (optional) 2812 * [3] power control (optional) 2813 * [5] channel switch announcement (CSA) (optional) 2814 * [tlv] extended rate phy (ERP) 2815 * [tlv] extended supported rates 2816 * [tlv] RSN parameters 2817 * [tlv] HT capabilities 2818 * [tlv] HT information 2819 * XXX Vendor-specific OIDs (e.g. Atheros) 2820 * [tlv] WPA parameters 2821 * [tlv] WME parameters 2822 * [tlv] Vendor OUI HT capabilities (optional) 2823 * [tlv] Vendor OUI HT information (optional) 2824 * [tlv] Atheros capabilities (optional) 2825 * [tlv] TDMA parameters (optional) 2826 * [tlv] Mesh ID (MBSS) 2827 * [tlv] Mesh Conf (MBSS) 2828 * [tlv] application data (optional) 2829 */ 2830 2831 memset(bo, 0, sizeof(*bo)); 2832 2833 memset(frm, 0, 8); /* XXX timestamp is set by hardware/driver */ 2834 frm += 8; 2835 *(uint16_t *)frm = htole16(ni->ni_intval); 2836 frm += 2; 2837 capinfo = ieee80211_getcapinfo(vap, ni->ni_chan); 2838 bo->bo_caps = (uint16_t *)frm; 2839 *(uint16_t *)frm = htole16(capinfo); 2840 frm += 2; 2841 *frm++ = IEEE80211_ELEMID_SSID; 2842 if ((vap->iv_flags & IEEE80211_F_HIDESSID) == 0) { 2843 *frm++ = ni->ni_esslen; 2844 memcpy(frm, ni->ni_essid, ni->ni_esslen); 2845 frm += ni->ni_esslen; 2846 } else 2847 *frm++ = 0; 2848 frm = ieee80211_add_rates(frm, rs); 2849 if (!IEEE80211_IS_CHAN_FHSS(ni->ni_chan)) { 2850 *frm++ = IEEE80211_ELEMID_DSPARMS; 2851 *frm++ = 1; 2852 *frm++ = ieee80211_chan2ieee(ic, ni->ni_chan); 2853 } 2854 if (ic->ic_flags & IEEE80211_F_PCF) { 2855 bo->bo_cfp = frm; 2856 frm = ieee80211_add_cfparms(frm, ic); 2857 } 2858 bo->bo_tim = frm; 2859 if (vap->iv_opmode == IEEE80211_M_IBSS) { 2860 *frm++ = IEEE80211_ELEMID_IBSSPARMS; 2861 *frm++ = 2; 2862 *frm++ = 0; *frm++ = 0; /* TODO: ATIM window */ 2863 bo->bo_tim_len = 0; 2864 } else if (vap->iv_opmode == IEEE80211_M_HOSTAP || 2865 vap->iv_opmode == IEEE80211_M_MBSS) { 2866 /* TIM IE is the same for Mesh and Hostap */ 2867 struct ieee80211_tim_ie *tie = (struct ieee80211_tim_ie *) frm; 2868 2869 tie->tim_ie = IEEE80211_ELEMID_TIM; 2870 tie->tim_len = 4; /* length */ 2871 tie->tim_count = 0; /* DTIM count */ 2872 tie->tim_period = vap->iv_dtim_period; /* DTIM period */ 2873 tie->tim_bitctl = 0; /* bitmap control */ 2874 tie->tim_bitmap[0] = 0; /* Partial Virtual Bitmap */ 2875 frm += sizeof(struct ieee80211_tim_ie); 2876 bo->bo_tim_len = 1; 2877 } 2878 bo->bo_tim_trailer = frm; 2879 if ((vap->iv_flags & IEEE80211_F_DOTH) || 2880 (vap->iv_flags_ext & IEEE80211_FEXT_DOTD)) 2881 frm = ieee80211_add_countryie(frm, ic); 2882 if (vap->iv_flags & IEEE80211_F_DOTH) { 2883 if (IEEE80211_IS_CHAN_5GHZ(ni->ni_chan)) 2884 frm = ieee80211_add_powerconstraint(frm, vap); 2885 bo->bo_csa = frm; 2886 if (ic->ic_flags & IEEE80211_F_CSAPENDING) 2887 frm = ieee80211_add_csa(frm, vap); 2888 } else 2889 bo->bo_csa = frm; 2890 2891 if (vap->iv_flags & IEEE80211_F_DOTH) { 2892 bo->bo_quiet = frm; 2893 if (IEEE80211_IS_CHAN_DFS(ic->ic_bsschan) && 2894 (vap->iv_flags_ext & IEEE80211_FEXT_DFS)) { 2895 if (vap->iv_quiet) 2896 frm = ieee80211_add_quiet(frm,vap); 2897 } 2898 } else 2899 bo->bo_quiet = frm; 2900 2901 if (IEEE80211_IS_CHAN_ANYG(ni->ni_chan)) { 2902 bo->bo_erp = frm; 2903 frm = ieee80211_add_erp(frm, ic); 2904 } 2905 frm = ieee80211_add_xrates(frm, rs); 2906 frm = ieee80211_add_rsn(frm, vap); 2907 if (IEEE80211_IS_CHAN_HT(ni->ni_chan)) { 2908 frm = ieee80211_add_htcap(frm, ni); 2909 bo->bo_htinfo = frm; 2910 frm = ieee80211_add_htinfo(frm, ni); 2911 } 2912 frm = ieee80211_add_wpa(frm, vap); 2913 if (vap->iv_flags & IEEE80211_F_WME) { 2914 bo->bo_wme = frm; 2915 frm = ieee80211_add_wme_param(frm, &ic->ic_wme); 2916 } 2917 if (IEEE80211_IS_CHAN_HT(ni->ni_chan) && 2918 (vap->iv_flags_ht & IEEE80211_FHT_HTCOMPAT)) { 2919 frm = ieee80211_add_htcap_vendor(frm, ni); 2920 frm = ieee80211_add_htinfo_vendor(frm, ni); 2921 } 2922#ifdef IEEE80211_SUPPORT_SUPERG 2923 if (vap->iv_flags & IEEE80211_F_ATHEROS) { 2924 bo->bo_ath = frm; 2925 frm = ieee80211_add_athcaps(frm, ni); 2926 } 2927#endif 2928#ifdef IEEE80211_SUPPORT_TDMA 2929 if (vap->iv_caps & IEEE80211_C_TDMA) { 2930 bo->bo_tdma = frm; 2931 frm = ieee80211_add_tdma(frm, vap); 2932 } 2933#endif 2934 if (vap->iv_appie_beacon != NULL) { 2935 bo->bo_appie = frm; 2936 bo->bo_appie_len = vap->iv_appie_beacon->ie_len; 2937 frm = add_appie(frm, vap->iv_appie_beacon); 2938 } 2939#ifdef IEEE80211_SUPPORT_MESH 2940 if (vap->iv_opmode == IEEE80211_M_MBSS) { 2941 frm = ieee80211_add_meshid(frm, vap); 2942 bo->bo_meshconf = frm; 2943 frm = ieee80211_add_meshconf(frm, vap); 2944 } 2945#endif 2946 bo->bo_tim_trailer_len = frm - bo->bo_tim_trailer; 2947 bo->bo_csa_trailer_len = frm - bo->bo_csa; 2948 m->m_pkthdr.len = m->m_len = frm - mtod(m, uint8_t *); 2949} 2950 2951/* 2952 * Allocate a beacon frame and fillin the appropriate bits. 2953 */ 2954struct mbuf * 2955ieee80211_beacon_alloc(struct ieee80211_node *ni, 2956 struct ieee80211_beacon_offsets *bo) 2957{ 2958 struct ieee80211vap *vap = ni->ni_vap; 2959 struct ieee80211com *ic = ni->ni_ic; 2960 struct ifnet *ifp = vap->iv_ifp; 2961 struct ieee80211_frame *wh; 2962 struct mbuf *m; 2963 int pktlen; 2964 uint8_t *frm; 2965 2966 /* 2967 * beacon frame format 2968 * [8] time stamp 2969 * [2] beacon interval 2970 * [2] cabability information 2971 * [tlv] ssid 2972 * [tlv] supported rates 2973 * [3] parameter set (DS) 2974 * [8] CF parameter set (optional) 2975 * [tlv] parameter set (IBSS/TIM) 2976 * [tlv] country (optional) 2977 * [3] power control (optional) 2978 * [5] channel switch announcement (CSA) (optional) 2979 * [tlv] extended rate phy (ERP) 2980 * [tlv] extended supported rates 2981 * [tlv] RSN parameters 2982 * [tlv] HT capabilities 2983 * [tlv] HT information 2984 * [tlv] Vendor OUI HT capabilities (optional) 2985 * [tlv] Vendor OUI HT information (optional) 2986 * XXX Vendor-specific OIDs (e.g. Atheros) 2987 * [tlv] WPA parameters 2988 * [tlv] WME parameters 2989 * [tlv] TDMA parameters (optional) 2990 * [tlv] Mesh ID (MBSS) 2991 * [tlv] Mesh Conf (MBSS) 2992 * [tlv] application data (optional) 2993 * NB: we allocate the max space required for the TIM bitmap. 2994 * XXX how big is this? 2995 */ 2996 pktlen = 8 /* time stamp */ 2997 + sizeof(uint16_t) /* beacon interval */ 2998 + sizeof(uint16_t) /* capabilities */ 2999 + 2 + ni->ni_esslen /* ssid */ 3000 + 2 + IEEE80211_RATE_SIZE /* supported rates */ 3001 + 2 + 1 /* DS parameters */ 3002 + 2 + 6 /* CF parameters */ 3003 + 2 + 4 + vap->iv_tim_len /* DTIM/IBSSPARMS */ 3004 + IEEE80211_COUNTRY_MAX_SIZE /* country */ 3005 + 2 + 1 /* power control */ 3006 + sizeof(struct ieee80211_csa_ie) /* CSA */ 3007 + sizeof(struct ieee80211_quiet_ie) /* Quiet */ 3008 + 2 + 1 /* ERP */ 3009 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE) 3010 + (vap->iv_caps & IEEE80211_C_WPA ? /* WPA 1+2 */ 3011 2*sizeof(struct ieee80211_ie_wpa) : 0) 3012 /* XXX conditional? */ 3013 + 4+2*sizeof(struct ieee80211_ie_htcap)/* HT caps */ 3014 + 4+2*sizeof(struct ieee80211_ie_htinfo)/* HT info */ 3015 + (vap->iv_caps & IEEE80211_C_WME ? /* WME */ 3016 sizeof(struct ieee80211_wme_param) : 0) 3017#ifdef IEEE80211_SUPPORT_SUPERG 3018 + sizeof(struct ieee80211_ath_ie) /* ATH */ 3019#endif 3020#ifdef IEEE80211_SUPPORT_TDMA 3021 + (vap->iv_caps & IEEE80211_C_TDMA ? /* TDMA */ 3022 sizeof(struct ieee80211_tdma_param) : 0) 3023#endif 3024#ifdef IEEE80211_SUPPORT_MESH 3025 + 2 + ni->ni_meshidlen 3026 + sizeof(struct ieee80211_meshconf_ie) 3027#endif 3028 + IEEE80211_MAX_APPIE 3029 ; 3030 m = ieee80211_getmgtframe(&frm, 3031 ic->ic_headroom + sizeof(struct ieee80211_frame), pktlen); 3032 if (m == NULL) { 3033 IEEE80211_DPRINTF(vap, IEEE80211_MSG_ANY, 3034 "%s: cannot get buf; size %u\n", __func__, pktlen); 3035 vap->iv_stats.is_tx_nobuf++; 3036 return NULL; 3037 } 3038 ieee80211_beacon_construct(m, frm, bo, ni); 3039 3040 M_PREPEND(m, sizeof(struct ieee80211_frame), M_NOWAIT); 3041 KASSERT(m != NULL, ("no space for 802.11 header?")); 3042 wh = mtod(m, struct ieee80211_frame *); 3043 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 3044 IEEE80211_FC0_SUBTYPE_BEACON; 3045 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 3046 *(uint16_t *)wh->i_dur = 0; 3047 IEEE80211_ADDR_COPY(wh->i_addr1, ifp->if_broadcastaddr); 3048 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr); 3049 IEEE80211_ADDR_COPY(wh->i_addr3, ni->ni_bssid); 3050 *(uint16_t *)wh->i_seq = 0; 3051 3052 return m; 3053} 3054 3055/* 3056 * Update the dynamic parts of a beacon frame based on the current state. 3057 */ 3058int 3059ieee80211_beacon_update(struct ieee80211_node *ni, 3060 struct ieee80211_beacon_offsets *bo, struct mbuf *m, int mcast) 3061{ 3062 struct ieee80211vap *vap = ni->ni_vap; 3063 struct ieee80211com *ic = ni->ni_ic; 3064 int len_changed = 0; 3065 uint16_t capinfo; 3066 struct ieee80211_frame *wh; 3067 ieee80211_seq seqno; 3068 3069 IEEE80211_LOCK(ic); 3070 /* 3071 * Handle 11h channel change when we've reached the count. 3072 * We must recalculate the beacon frame contents to account 3073 * for the new channel. Note we do this only for the first 3074 * vap that reaches this point; subsequent vaps just update 3075 * their beacon state to reflect the recalculated channel. 3076 */ 3077 if (isset(bo->bo_flags, IEEE80211_BEACON_CSA) && 3078 vap->iv_csa_count == ic->ic_csa_count) { 3079 vap->iv_csa_count = 0; 3080 /* 3081 * Effect channel change before reconstructing the beacon 3082 * frame contents as many places reference ni_chan. 3083 */ 3084 if (ic->ic_csa_newchan != NULL) 3085 ieee80211_csa_completeswitch(ic); 3086 /* 3087 * NB: ieee80211_beacon_construct clears all pending 3088 * updates in bo_flags so we don't need to explicitly 3089 * clear IEEE80211_BEACON_CSA. 3090 */ 3091 ieee80211_beacon_construct(m, 3092 mtod(m, uint8_t*) + sizeof(struct ieee80211_frame), bo, ni); 3093 3094 /* XXX do WME aggressive mode processing? */ 3095 IEEE80211_UNLOCK(ic); 3096 return 1; /* just assume length changed */ 3097 } 3098 3099 wh = mtod(m, struct ieee80211_frame *); 3100 seqno = ni->ni_txseqs[IEEE80211_NONQOS_TID]++; 3101 *(uint16_t *)&wh->i_seq[0] = 3102 htole16(seqno << IEEE80211_SEQ_SEQ_SHIFT); 3103 M_SEQNO_SET(m, seqno); 3104 3105 /* XXX faster to recalculate entirely or just changes? */ 3106 capinfo = ieee80211_getcapinfo(vap, ni->ni_chan); 3107 *bo->bo_caps = htole16(capinfo); 3108 3109 if (vap->iv_flags & IEEE80211_F_WME) { 3110 struct ieee80211_wme_state *wme = &ic->ic_wme; 3111 3112 /* 3113 * Check for agressive mode change. When there is 3114 * significant high priority traffic in the BSS 3115 * throttle back BE traffic by using conservative 3116 * parameters. Otherwise BE uses agressive params 3117 * to optimize performance of legacy/non-QoS traffic. 3118 */ 3119 if (wme->wme_flags & WME_F_AGGRMODE) { 3120 if (wme->wme_hipri_traffic > 3121 wme->wme_hipri_switch_thresh) { 3122 IEEE80211_DPRINTF(vap, IEEE80211_MSG_WME, 3123 "%s: traffic %u, disable aggressive mode\n", 3124 __func__, wme->wme_hipri_traffic); 3125 wme->wme_flags &= ~WME_F_AGGRMODE; 3126 ieee80211_wme_updateparams_locked(vap); 3127 wme->wme_hipri_traffic = 3128 wme->wme_hipri_switch_hysteresis; 3129 } else 3130 wme->wme_hipri_traffic = 0; 3131 } else { 3132 if (wme->wme_hipri_traffic <= 3133 wme->wme_hipri_switch_thresh) { 3134 IEEE80211_DPRINTF(vap, IEEE80211_MSG_WME, 3135 "%s: traffic %u, enable aggressive mode\n", 3136 __func__, wme->wme_hipri_traffic); 3137 wme->wme_flags |= WME_F_AGGRMODE; 3138 ieee80211_wme_updateparams_locked(vap); 3139 wme->wme_hipri_traffic = 0; 3140 } else 3141 wme->wme_hipri_traffic = 3142 wme->wme_hipri_switch_hysteresis; 3143 } 3144 if (isset(bo->bo_flags, IEEE80211_BEACON_WME)) { 3145 (void) ieee80211_add_wme_param(bo->bo_wme, wme); 3146 clrbit(bo->bo_flags, IEEE80211_BEACON_WME); 3147 } 3148 } 3149 3150 if (isset(bo->bo_flags, IEEE80211_BEACON_HTINFO)) { 3151 ieee80211_ht_update_beacon(vap, bo); 3152 clrbit(bo->bo_flags, IEEE80211_BEACON_HTINFO); 3153 } 3154#ifdef IEEE80211_SUPPORT_TDMA 3155 if (vap->iv_caps & IEEE80211_C_TDMA) { 3156 /* 3157 * NB: the beacon is potentially updated every TBTT. 3158 */ 3159 ieee80211_tdma_update_beacon(vap, bo); 3160 } 3161#endif 3162#ifdef IEEE80211_SUPPORT_MESH 3163 if (vap->iv_opmode == IEEE80211_M_MBSS) 3164 ieee80211_mesh_update_beacon(vap, bo); 3165#endif 3166 3167 if (vap->iv_opmode == IEEE80211_M_HOSTAP || 3168 vap->iv_opmode == IEEE80211_M_MBSS) { /* NB: no IBSS support*/ 3169 struct ieee80211_tim_ie *tie = 3170 (struct ieee80211_tim_ie *) bo->bo_tim; 3171 if (isset(bo->bo_flags, IEEE80211_BEACON_TIM)) { 3172 u_int timlen, timoff, i; 3173 /* 3174 * ATIM/DTIM needs updating. If it fits in the 3175 * current space allocated then just copy in the 3176 * new bits. Otherwise we need to move any trailing 3177 * data to make room. Note that we know there is 3178 * contiguous space because ieee80211_beacon_allocate 3179 * insures there is space in the mbuf to write a 3180 * maximal-size virtual bitmap (based on iv_max_aid). 3181 */ 3182 /* 3183 * Calculate the bitmap size and offset, copy any 3184 * trailer out of the way, and then copy in the 3185 * new bitmap and update the information element. 3186 * Note that the tim bitmap must contain at least 3187 * one byte and any offset must be even. 3188 */ 3189 if (vap->iv_ps_pending != 0) { 3190 timoff = 128; /* impossibly large */ 3191 for (i = 0; i < vap->iv_tim_len; i++) 3192 if (vap->iv_tim_bitmap[i]) { 3193 timoff = i &~ 1; 3194 break; 3195 } 3196 KASSERT(timoff != 128, ("tim bitmap empty!")); 3197 for (i = vap->iv_tim_len-1; i >= timoff; i--) 3198 if (vap->iv_tim_bitmap[i]) 3199 break; 3200 timlen = 1 + (i - timoff); 3201 } else { 3202 timoff = 0; 3203 timlen = 1; 3204 } 3205 if (timlen != bo->bo_tim_len) { 3206 /* copy up/down trailer */ 3207 int adjust = tie->tim_bitmap+timlen 3208 - bo->bo_tim_trailer; 3209 ovbcopy(bo->bo_tim_trailer, 3210 bo->bo_tim_trailer+adjust, 3211 bo->bo_tim_trailer_len); 3212 bo->bo_tim_trailer += adjust; 3213 bo->bo_erp += adjust; 3214 bo->bo_htinfo += adjust; 3215#ifdef IEEE80211_SUPPORT_SUPERG 3216 bo->bo_ath += adjust; 3217#endif 3218#ifdef IEEE80211_SUPPORT_TDMA 3219 bo->bo_tdma += adjust; 3220#endif 3221#ifdef IEEE80211_SUPPORT_MESH 3222 bo->bo_meshconf += adjust; 3223#endif 3224 bo->bo_appie += adjust; 3225 bo->bo_wme += adjust; 3226 bo->bo_csa += adjust; 3227 bo->bo_quiet += adjust; 3228 bo->bo_tim_len = timlen; 3229 3230 /* update information element */ 3231 tie->tim_len = 3 + timlen; 3232 tie->tim_bitctl = timoff; 3233 len_changed = 1; 3234 } 3235 memcpy(tie->tim_bitmap, vap->iv_tim_bitmap + timoff, 3236 bo->bo_tim_len); 3237 3238 clrbit(bo->bo_flags, IEEE80211_BEACON_TIM); 3239 3240 IEEE80211_DPRINTF(vap, IEEE80211_MSG_POWER, 3241 "%s: TIM updated, pending %u, off %u, len %u\n", 3242 __func__, vap->iv_ps_pending, timoff, timlen); 3243 } 3244 /* count down DTIM period */ 3245 if (tie->tim_count == 0) 3246 tie->tim_count = tie->tim_period - 1; 3247 else 3248 tie->tim_count--; 3249 /* update state for buffered multicast frames on DTIM */ 3250 if (mcast && tie->tim_count == 0) 3251 tie->tim_bitctl |= 1; 3252 else 3253 tie->tim_bitctl &= ~1; 3254 if (isset(bo->bo_flags, IEEE80211_BEACON_CSA)) { 3255 struct ieee80211_csa_ie *csa = 3256 (struct ieee80211_csa_ie *) bo->bo_csa; 3257 3258 /* 3259 * Insert or update CSA ie. If we're just starting 3260 * to count down to the channel switch then we need 3261 * to insert the CSA ie. Otherwise we just need to 3262 * drop the count. The actual change happens above 3263 * when the vap's count reaches the target count. 3264 */ 3265 if (vap->iv_csa_count == 0) { 3266 memmove(&csa[1], csa, bo->bo_csa_trailer_len); 3267 bo->bo_erp += sizeof(*csa); 3268 bo->bo_htinfo += sizeof(*csa); 3269 bo->bo_wme += sizeof(*csa); 3270#ifdef IEEE80211_SUPPORT_SUPERG 3271 bo->bo_ath += sizeof(*csa); 3272#endif 3273#ifdef IEEE80211_SUPPORT_TDMA 3274 bo->bo_tdma += sizeof(*csa); 3275#endif 3276#ifdef IEEE80211_SUPPORT_MESH 3277 bo->bo_meshconf += sizeof(*csa); 3278#endif 3279 bo->bo_appie += sizeof(*csa); 3280 bo->bo_csa_trailer_len += sizeof(*csa); 3281 bo->bo_quiet += sizeof(*csa); 3282 bo->bo_tim_trailer_len += sizeof(*csa); 3283 m->m_len += sizeof(*csa); 3284 m->m_pkthdr.len += sizeof(*csa); 3285 3286 ieee80211_add_csa(bo->bo_csa, vap); 3287 } else 3288 csa->csa_count--; 3289 vap->iv_csa_count++; 3290 /* NB: don't clear IEEE80211_BEACON_CSA */ 3291 } 3292 if (IEEE80211_IS_CHAN_DFS(ic->ic_bsschan) && 3293 (vap->iv_flags_ext & IEEE80211_FEXT_DFS) ){ 3294 if (vap->iv_quiet) 3295 ieee80211_add_quiet(bo->bo_quiet, vap); 3296 } 3297 if (isset(bo->bo_flags, IEEE80211_BEACON_ERP)) { 3298 /* 3299 * ERP element needs updating. 3300 */ 3301 (void) ieee80211_add_erp(bo->bo_erp, ic); 3302 clrbit(bo->bo_flags, IEEE80211_BEACON_ERP); 3303 } 3304#ifdef IEEE80211_SUPPORT_SUPERG 3305 if (isset(bo->bo_flags, IEEE80211_BEACON_ATH)) { 3306 ieee80211_add_athcaps(bo->bo_ath, ni); 3307 clrbit(bo->bo_flags, IEEE80211_BEACON_ATH); 3308 } 3309#endif 3310 } 3311 if (isset(bo->bo_flags, IEEE80211_BEACON_APPIE)) { 3312 const struct ieee80211_appie *aie = vap->iv_appie_beacon; 3313 int aielen; 3314 uint8_t *frm; 3315 3316 aielen = 0; 3317 if (aie != NULL) 3318 aielen += aie->ie_len; 3319 if (aielen != bo->bo_appie_len) { 3320 /* copy up/down trailer */ 3321 int adjust = aielen - bo->bo_appie_len; 3322 ovbcopy(bo->bo_tim_trailer, bo->bo_tim_trailer+adjust, 3323 bo->bo_tim_trailer_len); 3324 bo->bo_tim_trailer += adjust; 3325 bo->bo_appie += adjust; 3326 bo->bo_appie_len = aielen; 3327 3328 len_changed = 1; 3329 } 3330 frm = bo->bo_appie; 3331 if (aie != NULL) 3332 frm = add_appie(frm, aie); 3333 clrbit(bo->bo_flags, IEEE80211_BEACON_APPIE); 3334 } 3335 IEEE80211_UNLOCK(ic); 3336 3337 return len_changed; 3338} 3339 3340/* 3341 * Do Ethernet-LLC encapsulation for each payload in a fast frame 3342 * tunnel encapsulation. The frame is assumed to have an Ethernet 3343 * header at the front that must be stripped before prepending the 3344 * LLC followed by the Ethernet header passed in (with an Ethernet 3345 * type that specifies the payload size). 3346 */ 3347struct mbuf * 3348ieee80211_ff_encap1(struct ieee80211vap *vap, struct mbuf *m, 3349 const struct ether_header *eh) 3350{ 3351 struct llc *llc; 3352 uint16_t payload; 3353 3354 /* XXX optimize by combining m_adj+M_PREPEND */ 3355 m_adj(m, sizeof(struct ether_header) - sizeof(struct llc)); 3356 llc = mtod(m, struct llc *); 3357 llc->llc_dsap = llc->llc_ssap = LLC_SNAP_LSAP; 3358 llc->llc_control = LLC_UI; 3359 llc->llc_snap.org_code[0] = 0; 3360 llc->llc_snap.org_code[1] = 0; 3361 llc->llc_snap.org_code[2] = 0; 3362 llc->llc_snap.ether_type = eh->ether_type; 3363 payload = m->m_pkthdr.len; /* NB: w/o Ethernet header */ 3364 3365 M_PREPEND(m, sizeof(struct ether_header), M_NOWAIT); 3366 if (m == NULL) { /* XXX cannot happen */ 3367 IEEE80211_DPRINTF(vap, IEEE80211_MSG_SUPERG, 3368 "%s: no space for ether_header\n", __func__); 3369 vap->iv_stats.is_tx_nobuf++; 3370 return NULL; 3371 } 3372 ETHER_HEADER_COPY(mtod(m, void *), eh); 3373 mtod(m, struct ether_header *)->ether_type = htons(payload); 3374 return m; 3375} 3376 3377/* 3378 * Complete an mbuf transmission. 3379 * 3380 * For now, this simply processes a completed frame after the 3381 * driver has completed it's transmission and/or retransmission. 3382 * It assumes the frame is an 802.11 encapsulated frame. 3383 * 3384 * Later on it will grow to become the exit path for a given frame 3385 * from the driver and, depending upon how it's been encapsulated 3386 * and already transmitted, it may end up doing A-MPDU retransmission, 3387 * power save requeuing, etc. 3388 * 3389 * In order for the above to work, the driver entry point to this 3390 * must not hold any driver locks. Thus, the driver needs to delay 3391 * any actual mbuf completion until it can release said locks. 3392 * 3393 * This frees the mbuf and if the mbuf has a node reference, 3394 * the node reference will be freed. 3395 */ 3396void 3397ieee80211_tx_complete(struct ieee80211_node *ni, struct mbuf *m, int status) 3398{ 3399 3400 if (ni != NULL) { 3401 if (m->m_flags & M_TXCB) 3402 ieee80211_process_callback(ni, m, status); 3403 ieee80211_free_node(ni); 3404 } 3405 m_freem(m); 3406} 3407