sys/net80211/ieee80211_wds.c

18334Speter/*-
132718Skan * Copyright (c) 2007-2008 Sam Leffler, Errno Consulting
169689Skan * All rights reserved.
18334Speter *
90075Sobrien * Redistribution and use in source and binary forms, with or without
18334Speter * modification, are permitted provided that the following conditions
90075Sobrien * are met:
90075Sobrien * 1. Redistributions of source code must retain the above copyright
90075Sobrien *    notice, this list of conditions and the following disclaimer.
90075Sobrien * 2. Redistributions in binary form must reproduce the above copyright
18334Speter *    notice, this list of conditions and the following disclaimer in the
90075Sobrien *    documentation and/or other materials provided with the distribution.
90075Sobrien *
90075Sobrien * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
90075Sobrien * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18334Speter * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18334Speter * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
90075Sobrien * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
169689Skan * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
169689Skan * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
18334Speter * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
18334Speter * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
18334Speter * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
18334Speter */
18334Speter
90075Sobrien#include <sys/cdefs.h>
90075Sobrien#ifdef __FreeBSD__
18334Speter__FBSDID("$FreeBSD: stable/10/sys/net80211/ieee80211_wds.c 283855 2015-05-31 23:29:04Z ae $");
90075Sobrien#endif
90075Sobrien
18334Speter/*
90075Sobrien * IEEE 802.11 WDS mode support.
90075Sobrien */
18334Speter#include "opt_inet.h"
90075Sobrien#include "opt_wlan.h"
90075Sobrien
18334Speter#include <sys/param.h>
90075Sobrien#include <sys/systm.h>
90075Sobrien#include <sys/mbuf.h>
18334Speter#include <sys/malloc.h>
90075Sobrien#include <sys/kernel.h>
90075Sobrien
90075Sobrien#include <sys/socket.h>
18334Speter#include <sys/sockio.h>
90075Sobrien#include <sys/endian.h>
90075Sobrien#include <sys/errno.h>
18334Speter#include <sys/proc.h>
90075Sobrien#include <sys/sysctl.h>
18334Speter
90075Sobrien#include <net/if.h>
18334Speter#include <net/if_media.h>
90075Sobrien#include <net/if_llc.h>
18334Speter#include <net/ethernet.h>
90075Sobrien
90075Sobrien#include <net/bpf.h>
18334Speter
169689Skan#include <net80211/ieee80211_var.h>
18334Speter#include <net80211/ieee80211_wds.h>
90075Sobrien#include <net80211/ieee80211_input.h>
169689Skan#ifdef IEEE80211_SUPPORT_SUPERG
18334Speter#include <net80211/ieee80211_superg.h>
90075Sobrien#endif
90075Sobrien
90075Sobrienstatic void wds_vattach(struct ieee80211vap *);
90075Sobrienstatic int wds_newstate(struct ieee80211vap *, enum ieee80211_state, int);
90075Sobrienstatic	int wds_input(struct ieee80211_node *ni, struct mbuf *m, int, int);
90075Sobrienstatic void wds_recv_mgmt(struct ieee80211_node *, struct mbuf *,
90075Sobrien	    int subtype, int, int);
90075Sobrien
90075Sobrienvoid
90075Sobrienieee80211_wds_attach(struct ieee80211com *ic)
90075Sobrien{
90075Sobrien	ic->ic_vattach[IEEE80211_M_WDS] = wds_vattach;
90075Sobrien}
90075Sobrien
18334Spetervoid
18334Speterieee80211_wds_detach(struct ieee80211com *ic)
18334Speter{
18334Speter}
18334Speter
18334Speterstatic void
90075Sobrienwds_vdetach(struct ieee80211vap *vap)
90075Sobrien{
90075Sobrien	if (vap->iv_bss != NULL) {
18334Speter		/* XXX locking? */
132718Skan		if (vap->iv_bss->ni_wdsvap == vap)
50397Sobrien			vap->iv_bss->ni_wdsvap = NULL;
132718Skan	}
132718Skan}
18334Speter
90075Sobrienstatic void
90075Sobrienwds_vattach(struct ieee80211vap *vap)
18334Speter{
90075Sobrien	vap->iv_newstate = wds_newstate;
90075Sobrien	vap->iv_input = wds_input;
90075Sobrien	vap->iv_recv_mgmt = wds_recv_mgmt;
18334Speter	vap->iv_opdetach = wds_vdetach;
18334Speter}
18334Speter
132718Skanstatic void
132718Skanwds_flush(struct ieee80211_node *ni)
18334Speter{
18334Speter	struct ieee80211com *ic = ni->ni_ic;
18334Speter	struct mbuf *m, *next;
18334Speter	int8_t rssi, nf;
18334Speter
18334Speter	m = ieee80211_ageq_remove(&ic->ic_stageq,
18334Speter	    (void *)(uintptr_t) ieee80211_mac_hash(ic, ni->ni_macaddr));
18334Speter	if (m == NULL)
18334Speter		return;
18334Speter
18334Speter	IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_WDS, ni,
18334Speter	    "%s", "flush wds queue");
90075Sobrien	ic->ic_node_getsignal(ni, &rssi, &nf);
90075Sobrien	for (; m != NULL; m = next) {
90075Sobrien		next = m->m_nextpkt;
90075Sobrien		m->m_nextpkt = NULL;
90075Sobrien		ieee80211_input(ni, m, rssi, nf);
90075Sobrien	}
90075Sobrien}
90075Sobrien
90075Sobrienstatic int
90075Sobrienieee80211_create_wds(struct ieee80211vap *vap, struct ieee80211_channel *chan)
90075Sobrien{
90075Sobrien	struct ieee80211com *ic = vap->iv_ic;
90075Sobrien	struct ieee80211_node_table *nt = &ic->ic_sta;
90075Sobrien	struct ieee80211_node *ni, *obss;
90075Sobrien
90075Sobrien	IEEE80211_DPRINTF(vap, IEEE80211_MSG_WDS,
90075Sobrien	     "%s: creating link to %s on channel %u\n", __func__,
90075Sobrien	     ether_sprintf(vap->iv_des_bssid), ieee80211_chan2ieee(ic, chan));
90075Sobrien
90075Sobrien	/* NB: vap create must specify the bssid for the link */
90075Sobrien	KASSERT(vap->iv_flags & IEEE80211_F_DESBSSID, ("no bssid"));
90075Sobrien	/* NB: we should only be called on RUN transition */
90075Sobrien	KASSERT(vap->iv_state == IEEE80211_S_RUN, ("!RUN state"));
90075Sobrien
90075Sobrien	if ((vap->iv_flags_ext & IEEE80211_FEXT_WDSLEGACY) == 0) {
90075Sobrien		/*
90075Sobrien		 * Dynamic/non-legacy WDS.  Reference the associated
90075Sobrien		 * station specified by the desired bssid setup at vap
90075Sobrien		 * create.  Point ni_wdsvap at the WDS vap so 4-address
90075Sobrien		 * frames received through the associated AP vap will
90075Sobrien		 * be dispatched upward (e.g. to a bridge) as though
90075Sobrien		 * they arrived on the WDS vap.
90075Sobrien		 */
90075Sobrien		IEEE80211_NODE_LOCK(nt);
90075Sobrien		obss = NULL;
90075Sobrien		ni = ieee80211_find_node_locked(&ic->ic_sta, vap->iv_des_bssid);
90075Sobrien		if (ni == NULL) {
18334Speter			/*
18334Speter			 * Node went away before we could hookup.  This
18334Speter			 * should be ok; no traffic will flow and a leave
18334Speter			 * event will be dispatched that should cause
18334Speter			 * the vap to be destroyed.
90075Sobrien			 */
90075Sobrien			IEEE80211_DPRINTF(vap, IEEE80211_MSG_WDS,
90075Sobrien			    "%s: station %s went away\n",
18334Speter			    __func__, ether_sprintf(vap->iv_des_bssid));
18334Speter			/* XXX stat? */
169689Skan		} else if (ni->ni_wdsvap != NULL) {
90075Sobrien			/*
18334Speter			 * Node already setup with a WDS vap; we cannot
18334Speter			 * allow multiple references so disallow.  If
18334Speter			 * ni_wdsvap points at us that's ok; we should
90075Sobrien			 * do nothing anyway.
90075Sobrien			 */
90075Sobrien			/* XXX printf instead? */
18334Speter			IEEE80211_DPRINTF(vap, IEEE80211_MSG_WDS,
18334Speter			    "%s: station %s in use with %s\n",
90075Sobrien			    __func__, ether_sprintf(vap->iv_des_bssid),
18334Speter			    ni->ni_wdsvap->iv_ifp->if_xname);
90075Sobrien			/* XXX stat? */
18334Speter		} else {
132718Skan			/*
132718Skan			 * Committed to new node, setup state.
132718Skan			 */
132718Skan			obss = vap->iv_bss;
132718Skan			vap->iv_bss = ni;
132718Skan			ni->ni_wdsvap = vap;
132718Skan		}
132718Skan		IEEE80211_NODE_UNLOCK(nt);
132718Skan		if (obss != NULL) {
132718Skan			/* NB: deferred to avoid recursive lock */
132718Skan			ieee80211_free_node(obss);
132718Skan		}
132718Skan	} else {
132718Skan		/*
132718Skan		 * Legacy WDS vap setup.
169689Skan		 */
169689Skan		/*
169689Skan		 * The far end does not associate so we just create
169689Skan		 * create a new node and install it as the vap's
52284Sobrien		 * bss node.  We must simulate an association and
169689Skan		 * authorize the port for traffic to flow.
169689Skan		 * XXX check if node already in sta table?
169689Skan		 */
169689Skan		ni = ieee80211_node_create_wds(vap, vap->iv_des_bssid, chan);
169689Skan		if (ni != NULL) {
52284Sobrien			obss = vap->iv_bss;
169689Skan			vap->iv_bss = ieee80211_ref_node(ni);
169689Skan			ni->ni_flags |= IEEE80211_NODE_AREF;
169689Skan			if (obss != NULL)
169689Skan				ieee80211_free_node(obss);
52284Sobrien			/* give driver a chance to setup state like ni_txrate */
169689Skan			if (ic->ic_newassoc != NULL)
169689Skan				ic->ic_newassoc(ni, 1);
52284Sobrien			/* tell the authenticator about new station */
169689Skan			if (vap->iv_auth->ia_node_join != NULL)
169689Skan				vap->iv_auth->ia_node_join(ni);
52284Sobrien			if (ni->ni_authmode != IEEE80211_AUTH_8021X)
169689Skan				ieee80211_node_authorize(ni);
169689Skan
169689Skan			ieee80211_notify_node_join(ni, 1 /*newassoc*/);
169689Skan			/* XXX inject l2uf frame */
169689Skan		}
169689Skan	}
169689Skan
169689Skan	/*
18334Speter	 * Flush any pending frames now that were setup.
132718Skan	 */
18334Speter	if (ni != NULL)
18334Speter		wds_flush(ni);
90075Sobrien	return (ni == NULL ? ENOENT : 0);
18334Speter}
18334Speter
50397Sobrien/*
132718Skan * Propagate multicast frames of an ap vap to all DWDS links.
132718Skan * The caller is assumed to have verified this frame is multicast.
50397Sobrien */
90075Sobrienvoid
18334Speterieee80211_dwds_mcast(struct ieee80211vap *vap0, struct mbuf *m)
90075Sobrien{
90075Sobrien	struct ieee80211com *ic = vap0->iv_ic;
90075Sobrien	const struct ether_header *eh = mtod(m, const struct ether_header *);
90075Sobrien	struct ieee80211_node *ni;
18334Speter	struct ieee80211vap *vap;
18334Speter	struct ifnet *ifp;
18334Speter	struct mbuf *mcopy;
18334Speter	int err;
18334Speter
18334Speter	KASSERT(ETHER_IS_MULTICAST(eh->ether_dhost),
18334Speter	    ("%s not mcast", ether_sprintf(eh->ether_dhost)));
90075Sobrien
18334Speter	/* XXX locking */
132718Skan	TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next) {
169689Skan		/* only DWDS vaps are interesting */
18334Speter		if (vap->iv_opmode != IEEE80211_M_WDS ||
18334Speter		    (vap->iv_flags_ext & IEEE80211_FEXT_WDSLEGACY))
18334Speter			continue;
132718Skan		/* if it came in this interface, don't send it back out */
18334Speter		ifp = vap->iv_ifp;
90075Sobrien		if (ifp == m->m_pkthdr.rcvif)
18334Speter			continue;
90075Sobrien		/*
90075Sobrien		 * Duplicate the frame and send it.
90075Sobrien		 */
18334Speter		mcopy = m_copypacket(m, M_NOWAIT);
90075Sobrien		if (mcopy == NULL) {
18334Speter			ifp->if_oerrors++;
90075Sobrien			/* XXX stat + msg */
90075Sobrien			continue;
90075Sobrien		}
90075Sobrien		ni = ieee80211_find_txnode(vap, eh->ether_dhost);
90075Sobrien		if (ni == NULL) {
90075Sobrien			/* NB: ieee80211_find_txnode does stat+msg */
90075Sobrien			ifp->if_oerrors++;
90075Sobrien			m_freem(mcopy);
90075Sobrien			continue;
90075Sobrien		}
90075Sobrien		/* calculate priority so drivers can find the tx queue */
90075Sobrien		if (ieee80211_classify(ni, mcopy)) {
18334Speter			IEEE80211_DISCARD_MAC(vap,
90075Sobrien			    IEEE80211_MSG_OUTPUT | IEEE80211_MSG_WDS,
90075Sobrien			    eh->ether_dhost, NULL,
18334Speter			    "%s", "classification failure");
90075Sobrien			vap->iv_stats.is_tx_classify++;
132718Skan			ifp->if_oerrors++;
90075Sobrien			m_freem(mcopy);
90075Sobrien			ieee80211_free_node(ni);
90075Sobrien			continue;
90075Sobrien		}
90075Sobrien
90075Sobrien		BPF_MTAP(ifp, m);		/* 802.3 tx */
90075Sobrien
18334Speter		/*
90075Sobrien		 * Encapsulate the packet in prep for transmission.
90075Sobrien		 */
18334Speter		mcopy = ieee80211_encap(vap, ni, mcopy);
90075Sobrien		if (mcopy == NULL) {
90075Sobrien			/* NB: stat+msg handled in ieee80211_encap */
18334Speter			ieee80211_free_node(ni);
18334Speter			continue;
132718Skan		}
90075Sobrien		mcopy->m_flags |= M_MCAST;
18334Speter		mcopy->m_pkthdr.rcvif = (void *) ni;
90075Sobrien
90075Sobrien		err = ieee80211_parent_xmitpkt(ic, mcopy);
169689Skan		if (err) {
90075Sobrien			/* NB: IFQ_HANDOFF reclaims mbuf */
18334Speter			ifp->if_oerrors++;
90075Sobrien			ieee80211_free_node(ni);
18334Speter		} else {
90075Sobrien			ifp->if_opackets++;
90075Sobrien			if_inc_counter(ifp, IFCOUNTER_OMCASTS, 1);
90075Sobrien			if_inc_counter(ifp, IFCOUNTER_OBYTES,
90075Sobrien			    m->m_pkthdr.len);
90075Sobrien		}
90075Sobrien	}
18334Speter}
90075Sobrien
90075Sobrien/*
90075Sobrien * Handle DWDS discovery on receipt of a 4-address frame in
90075Sobrien * ap mode.  Queue the frame and post an event for someone
90075Sobrien * to plumb the necessary WDS vap for this station.  Frames
18334Speter * received prior to the vap set running will then be reprocessed
18334Speter * as if they were just received.
90075Sobrien */
18334Spetervoid
90075Sobrienieee80211_dwds_discover(struct ieee80211_node *ni, struct mbuf *m)
90075Sobrien{
90075Sobrien	struct ieee80211com *ic = ni->ni_ic;
90075Sobrien
90075Sobrien	/*
90075Sobrien	 * Save the frame with an aging interval 4 times
90075Sobrien	 * the listen interval specified by the station.
18334Speter	 * Frames that sit around too long are reclaimed
18334Speter	 * using this information.
90075Sobrien	 * XXX handle overflow?
90075Sobrien	 * XXX per/vap beacon interval?
90075Sobrien	 */
132718Skan	m->m_pkthdr.rcvif = (void *)(uintptr_t)
132718Skan	    ieee80211_mac_hash(ic, ni->ni_macaddr);
132718Skan	(void) ieee80211_ageq_append(&ic->ic_stageq, m,
132718Skan	    ((ni->ni_intval * ic->ic_lintval) << 2) / 1024);
132718Skan	ieee80211_notify_wds_discover(ni);
90075Sobrien}
90075Sobrien
18334Speter/*
90075Sobrien * IEEE80211_M_WDS vap state machine handler.
90075Sobrien */
132718Skanstatic int
132718Skanwds_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
132718Skan{
132718Skan	struct ieee80211com *ic = vap->iv_ic;
132718Skan	struct ieee80211_node *ni;
132718Skan	enum ieee80211_state ostate;
90075Sobrien	int error;
90075Sobrien
18334Speter	IEEE80211_LOCK_ASSERT(ic);
96263Sobrien
96263Sobrien	ostate = vap->iv_state;
96263Sobrien	IEEE80211_DPRINTF(vap, IEEE80211_MSG_STATE, "%s: %s -> %s\n", __func__,
96263Sobrien		ieee80211_state_name[ostate], ieee80211_state_name[nstate]);
96263Sobrien	vap->iv_state = nstate;			/* state transition */
96263Sobrien	callout_stop(&vap->iv_mgtsend);		/* XXX callout_drain */
96263Sobrien	if (ostate != IEEE80211_S_SCAN)
90075Sobrien		ieee80211_cancel_scan(vap);	/* background scan */
90075Sobrien	ni = vap->iv_bss;			/* NB: no reference held */
90075Sobrien	error = 0;
90075Sobrien	switch (nstate) {
18334Speter	case IEEE80211_S_INIT:
90075Sobrien		switch (ostate) {
132718Skan		case IEEE80211_S_SCAN:
132718Skan			ieee80211_cancel_scan(vap);
132718Skan			break;
132718Skan		default:
132718Skan			break;
18334Speter		}
90075Sobrien		if (ostate != IEEE80211_S_INIT) {
90075Sobrien			/* NB: optimize INIT -> INIT case */
132718Skan			ieee80211_reset_bss(vap);
132718Skan		}
132718Skan		break;
132718Skan	case IEEE80211_S_SCAN:
132718Skan		switch (ostate) {
132718Skan		case IEEE80211_S_INIT:
90075Sobrien			ieee80211_check_scan_current(vap);
132718Skan			break;
132718Skan		default:
132718Skan			break;
132718Skan		}
132718Skan		break;
90075Sobrien	case IEEE80211_S_RUN:
90075Sobrien		if (ostate == IEEE80211_S_INIT) {
169689Skan			/*
90075Sobrien			 * Already have a channel; bypass the scan
18334Speter			 * and startup immediately.
90075Sobrien			 */
90075Sobrien			error = ieee80211_create_wds(vap, ic->ic_curchan);
90075Sobrien		}
90075Sobrien		break;
90075Sobrien	default:
90075Sobrien		break;
90075Sobrien	}
90075Sobrien	return error;
90075Sobrien}
90075Sobrien
90075Sobrien/*
90075Sobrien * Process a received frame.  The node associated with the sender
90075Sobrien * should be supplied.  If nothing was found in the node table then
90075Sobrien * the caller is assumed to supply a reference to iv_bss instead.
18334Speter * The RSSI and a timestamp are also supplied.  The RSSI data is used
90075Sobrien * during AP scanning to select a AP to associate with; it can have
90075Sobrien * any units so long as values have consistent units and higher values
132718Skan * mean ``better signal''.  The receive timestamp is currently not used
90075Sobrien * by the 802.11 layer.
90075Sobrien */
132718Skanstatic int
90075Sobrienwds_input(struct ieee80211_node *ni, struct mbuf *m, int rssi, int nf)
132718Skan{
132718Skan#define	HAS_SEQ(type)	((type & 0x4) == 0)
132718Skan	struct ieee80211vap *vap = ni->ni_vap;
132718Skan	struct ieee80211com *ic = ni->ni_ic;
90075Sobrien	struct ifnet *ifp = vap->iv_ifp;
90075Sobrien	struct ieee80211_frame *wh;
90075Sobrien	struct ieee80211_key *key;
18334Speter	struct ether_header *eh;
90075Sobrien	int hdrspace, need_tap = 1;	/* mbuf need to be tapped. */
90075Sobrien	uint8_t dir, type, subtype, qos;
90075Sobrien	uint16_t rxseq;
18334Speter
18334Speter	if (m->m_flags & M_AMPDU_MPDU) {
18334Speter		/*
18334Speter		 * Fastpath for A-MPDU reorder q resubmission.  Frames
18334Speter		 * w/ M_AMPDU_MPDU marked have already passed through
18334Speter		 * here but were received out of order and been held on
18334Speter		 * the reorder queue.  When resubmitted they are marked
18334Speter		 * with the M_AMPDU_MPDU flag and we can bypass most of
132718Skan		 * the normal processing.
132718Skan		 */
18334Speter		wh = mtod(m, struct ieee80211_frame *);
90075Sobrien		type = IEEE80211_FC0_TYPE_DATA;
90075Sobrien		dir = wh->i_fc[1] & IEEE80211_FC1_DIR_MASK;
18334Speter		subtype = IEEE80211_FC0_SUBTYPE_QOS;
18334Speter		hdrspace = ieee80211_hdrspace(ic, wh);	/* XXX optimize? */
18334Speter		goto resubmit_ampdu;
18334Speter	}
18334Speter
18334Speter	KASSERT(ni != NULL, ("null node"));
18334Speter
18334Speter	type = -1;			/* undefined */
18334Speter
18334Speter	if (m->m_pkthdr.len < sizeof(struct ieee80211_frame_min)) {
18334Speter		IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_ANY,
18334Speter		    ni->ni_macaddr, NULL,
18334Speter		    "too short (1): len %u", m->m_pkthdr.len);
90075Sobrien		vap->iv_stats.is_rx_tooshort++;
90075Sobrien		goto out;
90075Sobrien	}
18334Speter	/*
18334Speter	 * Bit of a cheat here, we use a pointer for a 3-address
90075Sobrien	 * frame format but don't reference fields past outside
18334Speter	 * ieee80211_frame_min w/o first validating the data is
90075Sobrien	 * present.
90075Sobrien	 */
90075Sobrien	wh = mtod(m, struct ieee80211_frame *);
18334Speter
90075Sobrien	if (!IEEE80211_IS_MULTICAST(wh->i_addr1))
90075Sobrien		ni->ni_inact = ni->ni_inact_reload;
90075Sobrien
90075Sobrien	if ((wh->i_fc[0] & IEEE80211_FC0_VERSION_MASK) !=
90075Sobrien	    IEEE80211_FC0_VERSION_0) {
90075Sobrien		IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_ANY,
90075Sobrien		    ni->ni_macaddr, NULL, "wrong version, fc %02x:%02x",
90075Sobrien		    wh->i_fc[0], wh->i_fc[1]);
90075Sobrien		vap->iv_stats.is_rx_badversion++;
90075Sobrien		goto err;
18334Speter	}
18334Speter
18334Speter	dir = wh->i_fc[1] & IEEE80211_FC1_DIR_MASK;
18334Speter	type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
18334Speter	subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK;
18334Speter
18334Speter	/* NB: WDS vap's do not scan */
18334Speter	if (m->m_pkthdr.len < sizeof(struct ieee80211_frame_addr4)) {
90075Sobrien		IEEE80211_DISCARD_MAC(vap,
90075Sobrien		    IEEE80211_MSG_ANY, ni->ni_macaddr, NULL,
90075Sobrien		    "too short (3): len %u", m->m_pkthdr.len);
18334Speter		vap->iv_stats.is_rx_tooshort++;
18334Speter		goto out;
90075Sobrien	}
18334Speter	/* NB: the TA is implicitly verified by finding the wds peer node */
90075Sobrien	if (!IEEE80211_ADDR_EQ(wh->i_addr1, vap->iv_myaddr) &&
90075Sobrien	    !IEEE80211_ADDR_EQ(wh->i_addr1, ifp->if_broadcastaddr)) {
90075Sobrien		/* not interested in */
18334Speter		IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_INPUT,
90075Sobrien		    wh->i_addr1, NULL, "%s", "not to bss");
90075Sobrien		vap->iv_stats.is_rx_wrongbss++;
90075Sobrien		goto out;
90075Sobrien	}
90075Sobrien	IEEE80211_RSSI_LPF(ni->ni_avgrssi, rssi);
90075Sobrien	ni->ni_noise = nf;
90075Sobrien	if (HAS_SEQ(type)) {
90075Sobrien		uint8_t tid = ieee80211_gettid(wh);
90075Sobrien		if (IEEE80211_QOS_HAS_SEQ(wh) &&
90075Sobrien		    TID_TO_WME_AC(tid) >= WME_AC_VI)
18334Speter			ic->ic_wme.wme_hipri_traffic++;
18334Speter		rxseq = le16toh(*(uint16_t *)wh->i_seq);
18334Speter		if (! ieee80211_check_rxseq(ni, wh)) {
18334Speter			/* duplicate, discard */
18334Speter			IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_INPUT,
18334Speter			    wh->i_addr1, "duplicate",
18334Speter			    "seqno <%u,%u> fragno <%u,%u> tid %u",
18334Speter			    rxseq >> IEEE80211_SEQ_SEQ_SHIFT,
18334Speter			    ni->ni_rxseqs[tid] >> IEEE80211_SEQ_SEQ_SHIFT,
90075Sobrien			    rxseq & IEEE80211_SEQ_FRAG_MASK,
90075Sobrien			    ni->ni_rxseqs[tid] & IEEE80211_SEQ_FRAG_MASK,
90075Sobrien			    tid);
18334Speter			vap->iv_stats.is_rx_dup++;
18334Speter			IEEE80211_NODE_STAT(ni, rx_dup);
90075Sobrien			goto out;
90075Sobrien		}
90075Sobrien		ni->ni_rxseqs[tid] = rxseq;
90075Sobrien	}
90075Sobrien	switch (type) {
90075Sobrien	case IEEE80211_FC0_TYPE_DATA:
90075Sobrien		hdrspace = ieee80211_hdrspace(ic, wh);
90075Sobrien		if (m->m_len < hdrspace &&
90075Sobrien		    (m = m_pullup(m, hdrspace)) == NULL) {
90075Sobrien			IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_ANY,
90075Sobrien			    ni->ni_macaddr, NULL,
90075Sobrien			    "data too short: expecting %u", hdrspace);
90075Sobrien			vap->iv_stats.is_rx_tooshort++;
90075Sobrien			goto out;		/* XXX */
18334Speter		}
90075Sobrien		if (dir != IEEE80211_FC1_DIR_DSTODS) {
18334Speter			IEEE80211_DISCARD(vap, IEEE80211_MSG_INPUT,
18334Speter			    wh, "data", "incorrect dir 0x%x", dir);
18334Speter			vap->iv_stats.is_rx_wrongdir++;
18334Speter			goto out;
18334Speter		}
18334Speter		/*
96263Sobrien		 * Only legacy WDS traffic should take this path.
18334Speter		 */
18334Speter		if ((vap->iv_flags_ext & IEEE80211_FEXT_WDSLEGACY) == 0) {
90075Sobrien			IEEE80211_DISCARD(vap, IEEE80211_MSG_INPUT,
18334Speter			    wh, "data", "%s", "not legacy wds");
18334Speter			vap->iv_stats.is_rx_wrongdir++;/*XXX*/
18334Speter			goto out;
90075Sobrien		}
18334Speter		/*
132718Skan		 * Handle A-MPDU re-ordering.  If the frame is to be
50397Sobrien		 * processed directly then ieee80211_ampdu_reorder
50397Sobrien		 * will return 0; otherwise it has consumed the mbuf
18334Speter		 * and we should do nothing more with it.
18334Speter		 */
18334Speter		if ((m->m_flags & M_AMPDU) &&
18334Speter		    ieee80211_ampdu_reorder(ni, m) != 0) {
18334Speter			m = NULL;
18334Speter			goto out;
18334Speter		}
18334Speter	resubmit_ampdu:
50397Sobrien
90075Sobrien		/*
18334Speter		 * Handle privacy requirements.  Note that we
18334Speter		 * must not be preempted from here until after
18334Speter		 * we (potentially) call ieee80211_crypto_demic;
18334Speter		 * otherwise we may violate assumptions in the
90075Sobrien		 * crypto cipher modules used to do delayed update
18334Speter		 * of replay sequence numbers.
18334Speter		 */
18334Speter		if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) {
90075Sobrien			if ((vap->iv_flags & IEEE80211_F_PRIVACY) == 0) {
90075Sobrien				/*
90075Sobrien				 * Discard encrypted frames when privacy is off.
90075Sobrien				 */
132718Skan				IEEE80211_DISCARD(vap, IEEE80211_MSG_INPUT,
90075Sobrien				    wh, "WEP", "%s", "PRIVACY off");
90075Sobrien				vap->iv_stats.is_rx_noprivacy++;
90075Sobrien				IEEE80211_NODE_STAT(ni, rx_noprivacy);
90075Sobrien				goto out;
90075Sobrien			}
90075Sobrien			key = ieee80211_crypto_decap(ni, m, hdrspace);
90075Sobrien			if (key == NULL) {
90075Sobrien				/* NB: stats+msgs handled in crypto_decap */
90075Sobrien				IEEE80211_NODE_STAT(ni, rx_wepfail);
90075Sobrien				goto out;
90075Sobrien			}
90075Sobrien			wh = mtod(m, struct ieee80211_frame *);
90075Sobrien			wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED;
90075Sobrien		} else {
90075Sobrien			/* XXX M_WEP and IEEE80211_F_PRIVACY */
90075Sobrien			key = NULL;
90075Sobrien		}
90075Sobrien
90075Sobrien		/*
90075Sobrien		 * Save QoS bits for use below--before we strip the header.
90075Sobrien		 */
90075Sobrien		if (subtype == IEEE80211_FC0_SUBTYPE_QOS) {
90075Sobrien			qos = (dir == IEEE80211_FC1_DIR_DSTODS) ?
90075Sobrien			    ((struct ieee80211_qosframe_addr4 *)wh)->i_qos[0] :
90075Sobrien			    ((struct ieee80211_qosframe *)wh)->i_qos[0];
90075Sobrien		} else
90075Sobrien			qos = 0;
90075Sobrien
90075Sobrien		/*
90075Sobrien		 * Next up, any fragmentation.
90075Sobrien		 */
90075Sobrien		if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
90075Sobrien			m = ieee80211_defrag(ni, m, hdrspace);
90075Sobrien			if (m == NULL) {
90075Sobrien				/* Fragment dropped or frame not complete yet */
90075Sobrien				goto out;
90075Sobrien			}
132718Skan		}
90075Sobrien		wh = NULL;		/* no longer valid, catch any uses */
90075Sobrien
90075Sobrien		/*
90075Sobrien		 * Next strip any MSDU crypto bits.
90075Sobrien		 */
90075Sobrien		if (key != NULL && !ieee80211_crypto_demic(vap, key, m, 0)) {
90075Sobrien			IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_INPUT,
90075Sobrien			    ni->ni_macaddr, "data", "%s", "demic error");
90075Sobrien			vap->iv_stats.is_rx_demicfail++;
90075Sobrien			IEEE80211_NODE_STAT(ni, rx_demicfail);
90075Sobrien			goto out;
90075Sobrien		}
90075Sobrien
90075Sobrien		/* copy to listener after decrypt */
90075Sobrien		if (ieee80211_radiotap_active_vap(vap))
90075Sobrien			ieee80211_radiotap_rx(vap, m);
90075Sobrien		need_tap = 0;
90075Sobrien
90075Sobrien		/*
90075Sobrien		 * Finally, strip the 802.11 header.
90075Sobrien		 */
90075Sobrien		m = ieee80211_decap(vap, m, hdrspace);
90075Sobrien		if (m == NULL) {
90075Sobrien			/* XXX mask bit to check for both */
90075Sobrien			/* don't count Null data frames as errors */
90075Sobrien			if (subtype == IEEE80211_FC0_SUBTYPE_NODATA ||
90075Sobrien			    subtype == IEEE80211_FC0_SUBTYPE_QOS_NULL)
90075Sobrien				goto out;
90075Sobrien			IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_INPUT,
90075Sobrien			    ni->ni_macaddr, "data", "%s", "decap error");
90075Sobrien			vap->iv_stats.is_rx_decap++;
90075Sobrien			IEEE80211_NODE_STAT(ni, rx_decap);
90075Sobrien			goto err;
90075Sobrien		}
90075Sobrien		eh = mtod(m, struct ether_header *);
90075Sobrien		if (!ieee80211_node_is_authorized(ni)) {
90075Sobrien			/*
90075Sobrien			 * Deny any non-PAE frames received prior to
90075Sobrien			 * authorization.  For open/shared-key
90075Sobrien			 * authentication the port is mark authorized
90075Sobrien			 * after authentication completes.  For 802.1x
90075Sobrien			 * the port is not marked authorized by the
90075Sobrien			 * authenticator until the handshake has completed.
90075Sobrien			 */
90075Sobrien			if (eh->ether_type != htons(ETHERTYPE_PAE)) {
90075Sobrien				IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_INPUT,
90075Sobrien				    eh->ether_shost, "data",
18334Speter				    "unauthorized port: ether type 0x%x len %u",
18334Speter				    eh->ether_type, m->m_pkthdr.len);
18334Speter				vap->iv_stats.is_rx_unauth++;
18334Speter				IEEE80211_NODE_STAT(ni, rx_unauth);
18334Speter				goto err;
18334Speter			}
132718Skan		} else {
18334Speter			/*
90075Sobrien			 * When denying unencrypted frames, discard
90075Sobrien			 * any non-PAE frames received without encryption.
18334Speter			 */
90075Sobrien			if ((vap->iv_flags & IEEE80211_F_DROPUNENC) &&
90075Sobrien			    (key == NULL && (m->m_flags & M_WEP) == 0) &&
18334Speter			    eh->ether_type != htons(ETHERTYPE_PAE)) {
90075Sobrien				/*
90075Sobrien				 * Drop unencrypted frames.
18334Speter				 */
132718Skan				vap->iv_stats.is_rx_unencrypted++;
132718Skan				IEEE80211_NODE_STAT(ni, rx_unencrypted);
90075Sobrien				goto out;
90075Sobrien			}
169689Skan		}
90075Sobrien		/* XXX require HT? */
90075Sobrien		if (qos & IEEE80211_QOS_AMSDU) {
90075Sobrien			m = ieee80211_decap_amsdu(ni, m);
18334Speter			if (m == NULL)
18334Speter				return IEEE80211_FC0_TYPE_DATA;
90075Sobrien		} else {
90075Sobrien#ifdef IEEE80211_SUPPORT_SUPERG
18334Speter			m = ieee80211_decap_fastframe(vap, ni, m);
90075Sobrien			if (m == NULL)
90075Sobrien				return IEEE80211_FC0_TYPE_DATA;
18334Speter#endif
90075Sobrien		}
18334Speter		ieee80211_deliver_data(vap, ni, m);
18334Speter		return IEEE80211_FC0_TYPE_DATA;
18334Speter
169689Skan	case IEEE80211_FC0_TYPE_MGT:
169689Skan		vap->iv_stats.is_rx_mgmt++;
96263Sobrien		IEEE80211_NODE_STAT(ni, rx_mgmt);
18334Speter		if (dir != IEEE80211_FC1_DIR_NODS) {
18334Speter			IEEE80211_DISCARD(vap, IEEE80211_MSG_INPUT,
90075Sobrien			    wh, "data", "incorrect dir 0x%x", dir);
169689Skan			vap->iv_stats.is_rx_wrongdir++;
169689Skan			goto err;
169689Skan		}
169689Skan		if (m->m_pkthdr.len < sizeof(struct ieee80211_frame)) {
169689Skan			IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_ANY,
169689Skan			    ni->ni_macaddr, "mgt", "too short: len %u",
169689Skan			    m->m_pkthdr.len);
169689Skan			vap->iv_stats.is_rx_tooshort++;
169689Skan			goto out;
169689Skan		}
50397Sobrien#ifdef IEEE80211_DEBUG
50397Sobrien		if (ieee80211_msg_debug(vap) || ieee80211_msg_dumppkts(vap)) {
50397Sobrien			if_printf(ifp, "received %s from %s rssi %d\n",
50397Sobrien			    ieee80211_mgt_subtype_name[subtype >>
18334Speter				IEEE80211_FC0_SUBTYPE_SHIFT],
18334Speter			    ether_sprintf(wh->i_addr2), rssi);
18334Speter		}
18334Speter#endif
90075Sobrien		if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) {
90075Sobrien			IEEE80211_DISCARD(vap, IEEE80211_MSG_INPUT,
90075Sobrien			    wh, NULL, "%s", "WEP set but not permitted");
18334Speter			vap->iv_stats.is_rx_mgtdiscard++; /* XXX */
90075Sobrien			goto out;
90075Sobrien		}
90075Sobrien		vap->iv_recv_mgmt(ni, m, subtype, rssi, nf);
90075Sobrien		goto out;
90075Sobrien
18334Speter	case IEEE80211_FC0_TYPE_CTL:
90075Sobrien		vap->iv_stats.is_rx_ctl++;
18334Speter		IEEE80211_NODE_STAT(ni, rx_ctrl);
18334Speter		goto out;
18334Speter
90075Sobrien	default:
90075Sobrien		IEEE80211_DISCARD(vap, IEEE80211_MSG_ANY,
18334Speter		    wh, "bad", "frame type 0x%x", type);
18334Speter		/* should not come here */
18334Speter		break;
18334Speter	}
18334Spetererr:
18334Speter	ifp->if_ierrors++;
132718Skanout:
18334Speter	if (m != NULL) {
90075Sobrien		if (need_tap && ieee80211_radiotap_active_vap(vap))
90075Sobrien			ieee80211_radiotap_rx(vap, m);
90075Sobrien		m_freem(m);
90075Sobrien	}
18334Speter	return type;
90075Sobrien}
18334Speter
132718Skanstatic void
132718Skanwds_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m0,
132718Skan	int subtype, int rssi, int nf)
132718Skan{
132718Skan	struct ieee80211vap *vap = ni->ni_vap;
132718Skan	struct ieee80211com *ic = ni->ni_ic;
132718Skan	struct ieee80211_frame *wh;
132718Skan	u_int8_t *frm, *efrm;
169689Skan
169689Skan	wh = mtod(m0, struct ieee80211_frame *);
169689Skan	frm = (u_int8_t *)&wh[1];
169689Skan	efrm = mtod(m0, u_int8_t *) + m0->m_len;
169689Skan	switch (subtype) {
169689Skan	case IEEE80211_FC0_SUBTYPE_ACTION:
169689Skan	case IEEE80211_FC0_SUBTYPE_ACTION_NOACK:
169689Skan		if (ni == vap->iv_bss) {
169689Skan			IEEE80211_DISCARD(vap, IEEE80211_MSG_INPUT,
169689Skan			    wh, NULL, "%s", "unknown node");
169689Skan			vap->iv_stats.is_rx_mgtdiscard++;
169689Skan		} else if (!IEEE80211_ADDR_EQ(vap->iv_myaddr, wh->i_addr1)) {
169689Skan			/* NB: not interested in multicast frames. */
169689Skan			IEEE80211_DISCARD(vap, IEEE80211_MSG_INPUT,
132718Skan			    wh, NULL, "%s", "not for us");
132718Skan			vap->iv_stats.is_rx_mgtdiscard++;
132718Skan		} else if (vap->iv_state != IEEE80211_S_RUN) {
132718Skan			IEEE80211_DISCARD(vap, IEEE80211_MSG_INPUT,
132718Skan			    wh, NULL, "wrong state %s",
132718Skan			    ieee80211_state_name[vap->iv_state]);
132718Skan			vap->iv_stats.is_rx_mgtdiscard++;
132718Skan		} else {
132718Skan			if (ieee80211_parse_action(ni, m0) == 0)
132718Skan				(void)ic->ic_recv_action(ni, wh, frm, efrm);
169689Skan		}
132718Skan		break;
132718Skan
132718Skan	case IEEE80211_FC0_SUBTYPE_ASSOC_REQ:
132718Skan	case IEEE80211_FC0_SUBTYPE_ASSOC_RESP:
132718Skan	case IEEE80211_FC0_SUBTYPE_REASSOC_REQ:
132718Skan	case IEEE80211_FC0_SUBTYPE_REASSOC_RESP:
132718Skan	case IEEE80211_FC0_SUBTYPE_PROBE_REQ:
132718Skan	case IEEE80211_FC0_SUBTYPE_PROBE_RESP:
132718Skan	case IEEE80211_FC0_SUBTYPE_BEACON:
132718Skan	case IEEE80211_FC0_SUBTYPE_ATIM:
132718Skan	case IEEE80211_FC0_SUBTYPE_DISASSOC:
132718Skan	case IEEE80211_FC0_SUBTYPE_AUTH:
132718Skan	case IEEE80211_FC0_SUBTYPE_DEAUTH:
132718Skan		IEEE80211_DISCARD(vap, IEEE80211_MSG_INPUT,
132718Skan		    wh, NULL, "%s", "not handled");
132718Skan		vap->iv_stats.is_rx_mgtdiscard++;
132718Skan		break;
132718Skan
132718Skan	default:
132718Skan		IEEE80211_DISCARD(vap, IEEE80211_MSG_ANY,
132718Skan		    wh, "mgt", "subtype 0x%x not handled", subtype);
132718Skan		vap->iv_stats.is_rx_badsubtype++;
132718Skan		break;
132718Skan	}
132718Skan}
132718Skan