search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
nvmecontrol devlist: Annotate connected Fabrics hosts
[freebsd/src.git] / sys / net80211 / ieee80211_adhoc.c
blobd252b75899a26b6c181caf597bae8a6dd7e4ef27
1 /*-
2 * SPDX-License-Identifier: BSD-2-Clause
3 *
4 * Copyright (c) 2007-2009 Sam Leffler, Errno Consulting
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 */
27
28 /*
29 * IEEE 802.11 IBSS mode support.
30 */
31 #include "opt_inet.h"
32 #include "opt_wlan.h"
33
34 #include <sys/param.h>
35 #include <sys/systm.h>
36 #include <sys/mbuf.h>
37 #include <sys/malloc.h>
38 #include <sys/kernel.h>
39
40 #include <sys/socket.h>
41 #include <sys/sockio.h>
42 #include <sys/endian.h>
43 #include <sys/errno.h>
44 #include <sys/proc.h>
45 #include <sys/sysctl.h>
46
47 #include <net/if.h>
48 #include <net/if_var.h>
49 #include <net/if_media.h>
50 #include <net/if_llc.h>
51 #include <net/if_private.h>
52 #include <net/ethernet.h>
53
54 #include <net/bpf.h>
55
56 #include <net80211/ieee80211_var.h>
57 #include <net80211/ieee80211_adhoc.h>
58 #include <net80211/ieee80211_input.h>
59 #ifdef IEEE80211_SUPPORT_SUPERG
60 #include <net80211/ieee80211_superg.h>
61 #endif
62 #ifdef IEEE80211_SUPPORT_TDMA
63 #include <net80211/ieee80211_tdma.h>
64 #endif
65 #include <net80211/ieee80211_sta.h>
66
67 #define IEEE80211_RATE2MBS(r) (((r) & IEEE80211_RATE_VAL) / 2)
68
69 static void adhoc_vattach(struct ieee80211vap *);
70 static int adhoc_newstate(struct ieee80211vap *, enum ieee80211_state, int);
71 static int adhoc_input(struct ieee80211_node *, struct mbuf *,
72 const struct ieee80211_rx_stats *, int, int);
73 static void adhoc_recv_mgmt(struct ieee80211_node *, struct mbuf *,
74 int subtype, const struct ieee80211_rx_stats *, int, int);
75 static void ahdemo_recv_mgmt(struct ieee80211_node *, struct mbuf *,
76 int subtype, const struct ieee80211_rx_stats *rxs, int, int);
77 static void adhoc_recv_ctl(struct ieee80211_node *, struct mbuf *, int subtype);
78
79 void
80 ieee80211_adhoc_attach(struct ieee80211com *ic)
81 {
82 ic->ic_vattach[IEEE80211_M_IBSS] = adhoc_vattach;
83 ic->ic_vattach[IEEE80211_M_AHDEMO] = adhoc_vattach;
84 }
85
86 void
87 ieee80211_adhoc_detach(struct ieee80211com *ic)
88 {
89 }
90
91 static void
92 adhoc_vdetach(struct ieee80211vap *vap)
93 {
94 }
95
96 static void
97 adhoc_vattach(struct ieee80211vap *vap)
98 {
99 vap->iv_newstate = adhoc_newstate;
100 vap->iv_input = adhoc_input;
101 if (vap->iv_opmode == IEEE80211_M_IBSS)
102 vap->iv_recv_mgmt = adhoc_recv_mgmt;
103 else
104 vap->iv_recv_mgmt = ahdemo_recv_mgmt;
105 vap->iv_recv_ctl = adhoc_recv_ctl;
106 vap->iv_opdetach = adhoc_vdetach;
107 #ifdef IEEE80211_SUPPORT_TDMA
108 /*
109 * Throw control to tdma support. Note we do this
110 * after setting up our callbacks so it can piggyback
111 * on top of us.
112 */
113 if (vap->iv_caps & IEEE80211_C_TDMA)
114 ieee80211_tdma_vattach(vap);
115 #endif
116 }
117
118 static void
119 sta_leave(void *arg, struct ieee80211_node *ni)
120 {
121 struct ieee80211vap *vap = ni->ni_vap;
122
123 if (ni != vap->iv_bss)
124 ieee80211_node_leave(ni);
125 }
126
127 /*
128 * IEEE80211_M_IBSS+IEEE80211_M_AHDEMO vap state machine handler.
129 */
130 static int
131 adhoc_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
132 {
133 struct ieee80211com *ic = vap->iv_ic;
134 struct ieee80211_node *ni;
135 enum ieee80211_state ostate;
136
137 IEEE80211_LOCK_ASSERT(vap->iv_ic);
138
139 ostate = vap->iv_state;
140 IEEE80211_DPRINTF(vap, IEEE80211_MSG_STATE, "%s: %s -> %s (%d)\n",
141 __func__, ieee80211_state_name[ostate],
142 ieee80211_state_name[nstate], arg);
143 vap->iv_state = nstate; /* state transition */
144 if (ostate != IEEE80211_S_SCAN)
145 ieee80211_cancel_scan(vap); /* background scan */
146 ni = vap->iv_bss; /* NB: no reference held */
147 switch (nstate) {
148 case IEEE80211_S_INIT:
149 switch (ostate) {
150 case IEEE80211_S_SCAN:
151 ieee80211_cancel_scan(vap);
152 break;
153 default:
154 break;
155 }
156 if (ostate != IEEE80211_S_INIT) {
157 /* NB: optimize INIT -> INIT case */
158 ieee80211_reset_bss(vap);
159 }
160 break;
161 case IEEE80211_S_SCAN:
162 switch (ostate) {
163 case IEEE80211_S_RUN: /* beacon miss */
164 /* purge station table; entries are stale */
165 ieee80211_iterate_nodes_vap(&ic->ic_sta, vap,
166 sta_leave, NULL);
167 /* fall thru... */
168 case IEEE80211_S_INIT:
169 if (vap->iv_des_chan != IEEE80211_CHAN_ANYC &&
170 !IEEE80211_IS_CHAN_RADAR(vap->iv_des_chan)) {
171 /*
172 * Already have a channel; bypass the
173 * scan and startup immediately.
174 */
175 ieee80211_create_ibss(vap,
176 ieee80211_ht_adjust_channel(ic,
177 vap->iv_des_chan, vap->iv_flags_ht));
178 break;
179 }
180 /*
181 * Initiate a scan. We can come here as a result
182 * of an IEEE80211_IOC_SCAN_REQ too in which case
183 * the vap will be marked with IEEE80211_FEXT_SCANREQ
184 * and the scan request parameters will be present
185 * in iv_scanreq. Otherwise we do the default.
186 */
187 if (vap->iv_flags_ext & IEEE80211_FEXT_SCANREQ) {
188 ieee80211_check_scan(vap,
189 vap->iv_scanreq_flags,
190 vap->iv_scanreq_duration,
191 vap->iv_scanreq_mindwell,
192 vap->iv_scanreq_maxdwell,
193 vap->iv_scanreq_nssid, vap->iv_scanreq_ssid);
194 vap->iv_flags_ext &= ~IEEE80211_FEXT_SCANREQ;
195 } else
196 ieee80211_check_scan_current(vap);
197 break;
198 case IEEE80211_S_SCAN:
199 /*
200 * This can happen because of a change in state
201 * that requires a reset. Trigger a new scan
202 * unless we're in manual roaming mode in which
203 * case an application must issue an explicit request.
204 */
205 if (vap->iv_roaming == IEEE80211_ROAMING_AUTO)
206 ieee80211_check_scan_current(vap);
207 break;
208 default:
209 goto invalid;
210 }
211 break;
212 case IEEE80211_S_RUN:
213 if (vap->iv_flags & IEEE80211_F_WPA) {
214 /* XXX validate prerequisites */
215 }
216 switch (ostate) {
217 case IEEE80211_S_INIT:
218 /*
219 * Already have a channel; bypass the
220 * scan and startup immediately.
221 * Note that ieee80211_create_ibss will call
222 * back to do a RUN->RUN state change.
223 */
224 ieee80211_create_ibss(vap,
225 ieee80211_ht_adjust_channel(ic,
226 ic->ic_curchan, vap->iv_flags_ht));
227 /* NB: iv_bss is changed on return */
228 ni = vap->iv_bss;
229 break;
230 case IEEE80211_S_SCAN:
231 #ifdef IEEE80211_DEBUG
232 if (ieee80211_msg_debug(vap)) {
233 ieee80211_note(vap,
234 "synchronized with %s ssid ",
235 ether_sprintf(ni->ni_bssid));
236 ieee80211_print_essid(vap->iv_bss->ni_essid,
237 ni->ni_esslen);
238 /* XXX MCS/HT */
239 printf(" channel %d start %uMb\n",
240 ieee80211_chan2ieee(ic, ic->ic_curchan),
241 IEEE80211_RATE2MBS(ni->ni_txrate));
242 }
243 #endif
244 break;
245 case IEEE80211_S_RUN: /* IBSS merge */
246 break;
247 default:
248 goto invalid;
249 }
250 /*
251 * When 802.1x is not in use mark the port authorized
252 * at this point so traffic can flow.
253 */
254 if (ni->ni_authmode != IEEE80211_AUTH_8021X)
255 ieee80211_node_authorize(ni);
256 /*
257 * Fake association when joining an existing bss.
258 */
259 if (!IEEE80211_ADDR_EQ(ni->ni_macaddr, vap->iv_myaddr) &&
260 ic->ic_newassoc != NULL)
261 ic->ic_newassoc(ni, ostate != IEEE80211_S_RUN);
262 break;
263 case IEEE80211_S_SLEEP:
264 vap->iv_sta_ps(vap, 0);
265 break;
266 default:
267 invalid:
268 IEEE80211_DPRINTF(vap, IEEE80211_MSG_STATE,
269 "%s: unexpected state transition %s -> %s\n", __func__,
270 ieee80211_state_name[ostate], ieee80211_state_name[nstate]);
271 break;
272 }
273 return 0;
274 }
275
276 /*
277 * Decide if a received management frame should be
278 * printed when debugging is enabled. This filters some
279 * of the less interesting frames that come frequently
280 * (e.g. beacons).
281 */
282 static __inline int
283 doprint(struct ieee80211vap *vap, int subtype)
284 {
285 switch (subtype) {
286 case IEEE80211_FC0_SUBTYPE_BEACON:
287 return (vap->iv_ic->ic_flags & IEEE80211_F_SCAN);
288 case IEEE80211_FC0_SUBTYPE_PROBE_REQ:
289 return 1;
290 }
291 return 1;
292 }
293
294 /*
295 * Process a received frame. The node associated with the sender
296 * should be supplied. If nothing was found in the node table then
297 * the caller is assumed to supply a reference to iv_bss instead.
298 * The RSSI and a timestamp are also supplied. The RSSI data is used
299 * during AP scanning to select a AP to associate with; it can have
300 * any units so long as values have consistent units and higher values
301 * mean ``better signal''. The receive timestamp is currently not used
302 * by the 802.11 layer.
303 */
304 static int
305 adhoc_input(struct ieee80211_node *ni, struct mbuf *m,
306 const struct ieee80211_rx_stats *rxs, int rssi, int nf)
307 {
308 struct ieee80211vap *vap = ni->ni_vap;
309 struct ieee80211com *ic = ni->ni_ic;
310 struct ifnet *ifp = vap->iv_ifp;
311 struct ieee80211_frame *wh;
312 struct ieee80211_key *key;
313 struct ether_header *eh;
314 int hdrspace, need_tap = 1; /* mbuf need to be tapped. */
315 uint8_t dir, type, subtype, qos;
316 uint8_t *bssid;
317 int is_hw_decrypted = 0;
318 int has_decrypted = 0;
319
320 /*
321 * Some devices do hardware decryption all the way through
322 * to pretending the frame wasn't encrypted in the first place.
323 * So, tag it appropriately so it isn't discarded inappropriately.
324 */
325 if ((rxs != NULL) && (rxs->c_pktflags & IEEE80211_RX_F_DECRYPTED))
326 is_hw_decrypted = 1;
327
328 if (m->m_flags & M_AMPDU_MPDU) {
329 /*
330 * Fastpath for A-MPDU reorder q resubmission. Frames
331 * w/ M_AMPDU_MPDU marked have already passed through
332 * here but were received out of order and been held on
333 * the reorder queue. When resubmitted they are marked
334 * with the M_AMPDU_MPDU flag and we can bypass most of
335 * the normal processing.
336 */
337 wh = mtod(m, struct ieee80211_frame *);
338 type = IEEE80211_FC0_TYPE_DATA;
339 dir = wh->i_fc[1] & IEEE80211_FC1_DIR_MASK;
340 subtype = IEEE80211_FC0_SUBTYPE_QOS_DATA;
341 hdrspace = ieee80211_hdrspace(ic, wh); /* XXX optimize? */
342 goto resubmit_ampdu;
343 }
344
345 KASSERT(ni != NULL, ("null node"));
346 ni->ni_inact = ni->ni_inact_reload;
347
348 type = -1; /* undefined */
349
350 if (m->m_pkthdr.len < sizeof(struct ieee80211_frame_min)) {
351 IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_ANY,
352 ni->ni_macaddr, NULL,
353 "too short (1): len %u", m->m_pkthdr.len);
354 vap->iv_stats.is_rx_tooshort++;
355 goto out;
356 }
357 /*
358 * Bit of a cheat here, we use a pointer for a 3-address
359 * frame format but don't reference fields past outside
360 * ieee80211_frame_min w/o first validating the data is
361 * present.
362 */
363 wh = mtod(m, struct ieee80211_frame *);
364
365 if (!IEEE80211_IS_FC0_CHECK_VER(wh, IEEE80211_FC0_VERSION_0)) {
366 IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_ANY,
367 ni->ni_macaddr, NULL, "wrong version, fc %02x:%02x",
368 wh->i_fc[0], wh->i_fc[1]);
369 vap->iv_stats.is_rx_badversion++;
370 goto err;
371 }
372
373 dir = wh->i_fc[1] & IEEE80211_FC1_DIR_MASK;
374 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
375 subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK;
376 if ((ic->ic_flags & IEEE80211_F_SCAN) == 0) {
377 if (dir != IEEE80211_FC1_DIR_NODS)
378 bssid = wh->i_addr1;
379 else if (type == IEEE80211_FC0_TYPE_CTL)
380 bssid = wh->i_addr1;
381 else {
382 if (m->m_pkthdr.len < sizeof(struct ieee80211_frame)) {
383 IEEE80211_DISCARD_MAC(vap,
384 IEEE80211_MSG_ANY, ni->ni_macaddr,
385 NULL, "too short (2): len %u",
386 m->m_pkthdr.len);
387 vap->iv_stats.is_rx_tooshort++;
388 goto out;
389 }
390 bssid = wh->i_addr3;
391 }
392 /*
393 * Validate the bssid.
394 */
395 if (!(type == IEEE80211_FC0_TYPE_MGT &&
396 (subtype == IEEE80211_FC0_SUBTYPE_BEACON ||
397 subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) &&
398 !IEEE80211_ADDR_EQ(bssid, vap->iv_bss->ni_bssid) &&
399 !IEEE80211_ADDR_EQ(bssid, ifp->if_broadcastaddr)) {
400 /* not interested in */
401 IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_INPUT,
402 bssid, NULL, "%s", "not to bss");
403 vap->iv_stats.is_rx_wrongbss++;
404 goto out;
405 }
406 /*
407 * Data frame, cons up a node when it doesn't
408 * exist. This should probably done after an ACL check.
409 */
410 if (type == IEEE80211_FC0_TYPE_DATA &&
411 ni == vap->iv_bss &&
412 !IEEE80211_ADDR_EQ(wh->i_addr2, ni->ni_macaddr)) {
413 /*
414 * Beware of frames that come in too early; we
415 * can receive broadcast frames and creating sta
416 * entries will blow up because there is no bss
417 * channel yet.
418 */
419 if (vap->iv_state != IEEE80211_S_RUN) {
420 IEEE80211_DISCARD(vap, IEEE80211_MSG_INPUT,
421 wh, "data", "not in RUN state (%s)",
422 ieee80211_state_name[vap->iv_state]);
423 vap->iv_stats.is_rx_badstate++;
424 goto err;
425 }
426 /*
427 * Fake up a node for this newly discovered member
428 * of the IBSS.
429 *
430 * Note: This doesn't "upgrade" the node to 11n;
431 * that will happen after a probe request/response
432 * exchange.
433 */
434 ni = ieee80211_fakeup_adhoc_node(vap, wh->i_addr2);
435 if (ni == NULL) {
436 /* NB: stat kept for alloc failure */
437 goto err;
438 }
439 }
440 IEEE80211_RSSI_LPF(ni->ni_avgrssi, rssi);
441 ni->ni_noise = nf;
442 if (IEEE80211_HAS_SEQ(type, subtype) &&
443 IEEE80211_ADDR_EQ(wh->i_addr2, ni->ni_macaddr)) {
444 uint8_t tid = ieee80211_gettid(wh);
445 if (IEEE80211_QOS_HAS_SEQ(wh) &&
446 TID_TO_WME_AC(tid) >= WME_AC_VI)
447 ic->ic_wme.wme_hipri_traffic++;
448 if (! ieee80211_check_rxseq(ni, wh, bssid, rxs))
449 goto out;
450 }
451 }
452
453 switch (type) {
454 case IEEE80211_FC0_TYPE_DATA:
455 hdrspace = ieee80211_hdrspace(ic, wh);
456 if (m->m_len < hdrspace &&
457 (m = m_pullup(m, hdrspace)) == NULL) {
458 IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_ANY,
459 ni->ni_macaddr, NULL,
460 "data too short: expecting %u", hdrspace);
461 vap->iv_stats.is_rx_tooshort++;
462 goto out; /* XXX */
463 }
464 if (dir != IEEE80211_FC1_DIR_NODS) {
465 IEEE80211_DISCARD(vap, IEEE80211_MSG_INPUT,
466 wh, "data", "incorrect dir 0x%x", dir);
467 vap->iv_stats.is_rx_wrongdir++;
468 goto out;
469 }
470 /* XXX no power-save support */
471
472 /*
473 * Handle A-MPDU re-ordering. If the frame is to be
474 * processed directly then ieee80211_ampdu_reorder
475 * will return 0; otherwise it has consumed the mbuf
476 * and we should do nothing more with it.
477 */
478 if ((m->m_flags & M_AMPDU) &&
479 ieee80211_ampdu_reorder(ni, m, rxs) != 0) {
480 m = NULL;
481 goto out;
482 }
483 resubmit_ampdu:
484
485 /*
486 * Handle privacy requirements. Note that we
487 * must not be preempted from here until after
488 * we (potentially) call ieee80211_crypto_demic;
489 * otherwise we may violate assumptions in the
490 * crypto cipher modules used to do delayed update
491 * of replay sequence numbers.
492 */
493 if (is_hw_decrypted || IEEE80211_IS_PROTECTED(wh)) {
494 if ((vap->iv_flags & IEEE80211_F_PRIVACY) == 0) {
495 /*
496 * Discard encrypted frames when privacy is off.
497 */
498 IEEE80211_DISCARD(vap, IEEE80211_MSG_INPUT,
499 wh, "WEP", "%s", "PRIVACY off");
500 vap->iv_stats.is_rx_noprivacy++;
501 IEEE80211_NODE_STAT(ni, rx_noprivacy);
502 goto out;
503 }
504 if (ieee80211_crypto_decap(ni, m, hdrspace, &key) == 0) {
505 /* NB: stats+msgs handled in crypto_decap */
506 IEEE80211_NODE_STAT(ni, rx_wepfail);
507 goto out;
508 }
509 wh = mtod(m, struct ieee80211_frame *);
510 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED;
511 has_decrypted = 1;
512 } else {
513 /* XXX M_WEP and IEEE80211_F_PRIVACY */
514 key = NULL;
515 }
516
517 /*
518 * Save QoS bits for use below--before we strip the header.
519 */
520 if (subtype == IEEE80211_FC0_SUBTYPE_QOS_DATA)
521 qos = ieee80211_getqos(wh)[0];
522 else
523 qos = 0;
524
525 /*
526 * Next up, any fragmentation.
527 */
528 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
529 m = ieee80211_defrag(ni, m, hdrspace, has_decrypted);
530 if (m == NULL) {
531 /* Fragment dropped or frame not complete yet */
532 goto out;
533 }
534 }
535 wh = NULL; /* no longer valid, catch any uses */
536
537 /*
538 * Next strip any MSDU crypto bits.
539 */
540 if (!ieee80211_crypto_demic(vap, key, m, 0)) {
541 IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_INPUT,
542 ni->ni_macaddr, "data", "%s", "demic error");
543 vap->iv_stats.is_rx_demicfail++;
544 IEEE80211_NODE_STAT(ni, rx_demicfail);
545 goto out;
546 }
547
548 /* copy to listener after decrypt */
549 if (ieee80211_radiotap_active_vap(vap))
550 ieee80211_radiotap_rx(vap, m);
551 need_tap = 0;
552
553 /*
554 * Finally, strip the 802.11 header.
555 */
556 m = ieee80211_decap(vap, m, hdrspace, qos);
557 if (m == NULL) {
558 /* XXX mask bit to check for both */
559 /* don't count Null data frames as errors */
560 if (subtype == IEEE80211_FC0_SUBTYPE_NODATA ||
561 subtype == IEEE80211_FC0_SUBTYPE_QOS_NULL)
562 goto out;
563 IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_INPUT,
564 ni->ni_macaddr, "data", "%s", "decap error");
565 vap->iv_stats.is_rx_decap++;
566 IEEE80211_NODE_STAT(ni, rx_decap);
567 goto err;
568 }
569 if (!(qos & IEEE80211_QOS_AMSDU))
570 eh = mtod(m, struct ether_header *);
571 else
572 eh = NULL;
573 if (!ieee80211_node_is_authorized(ni)) {
574 /*
575 * Deny any non-PAE frames received prior to
576 * authorization. For open/shared-key
577 * authentication the port is mark authorized
578 * after authentication completes. For 802.1x
579 * the port is not marked authorized by the
580 * authenticator until the handshake has completed.
581 */
582 if (eh == NULL ||
583 eh->ether_type != htons(ETHERTYPE_PAE)) {
584 IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_INPUT,
585 ni->ni_macaddr, "data", "unauthorized or "
586 "unknown port: ether type 0x%x len %u",
587 eh == NULL ? -1 : eh->ether_type,
588 m->m_pkthdr.len);
589 vap->iv_stats.is_rx_unauth++;
590 IEEE80211_NODE_STAT(ni, rx_unauth);
591 goto err;
592 }
593 } else {
594 /*
595 * When denying unencrypted frames, discard
596 * any non-PAE frames received without encryption.
597 */
598 if ((vap->iv_flags & IEEE80211_F_DROPUNENC) &&
599 ((has_decrypted == 0) && (m->m_flags & M_WEP) == 0) &&
600 (is_hw_decrypted == 0) &&
601 (eh == NULL ||
602 eh->ether_type != htons(ETHERTYPE_PAE))) {
603 /*
604 * Drop unencrypted frames.
605 */
606 vap->iv_stats.is_rx_unencrypted++;
607 IEEE80211_NODE_STAT(ni, rx_unencrypted);
608 goto out;
609 }
610 }
611 /* XXX require HT? */
612 if (qos & IEEE80211_QOS_AMSDU) {
613 m = ieee80211_decap_amsdu(ni, m);
614 if (m == NULL)
615 return IEEE80211_FC0_TYPE_DATA;
616 } else {
617 #ifdef IEEE80211_SUPPORT_SUPERG
618 m = ieee80211_decap_fastframe(vap, ni, m);
619 if (m == NULL)
620 return IEEE80211_FC0_TYPE_DATA;
621 #endif
622 }
623 if (dir == IEEE80211_FC1_DIR_DSTODS && ni->ni_wdsvap != NULL)
624 ieee80211_deliver_data(ni->ni_wdsvap, ni, m);
625 else
626 ieee80211_deliver_data(vap, ni, m);
627 return IEEE80211_FC0_TYPE_DATA;
628
629 case IEEE80211_FC0_TYPE_MGT:
630 vap->iv_stats.is_rx_mgmt++;
631 IEEE80211_NODE_STAT(ni, rx_mgmt);
632 if (dir != IEEE80211_FC1_DIR_NODS) {
633 IEEE80211_DISCARD(vap, IEEE80211_MSG_INPUT,
634 wh, "data", "incorrect dir 0x%x", dir);
635 vap->iv_stats.is_rx_wrongdir++;
636 goto err;
637 }
638 if (m->m_pkthdr.len < sizeof(struct ieee80211_frame)) {
639 IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_ANY,
640 ni->ni_macaddr, "mgt", "too short: len %u",
641 m->m_pkthdr.len);
642 vap->iv_stats.is_rx_tooshort++;
643 goto out;
644 }
645 #ifdef IEEE80211_DEBUG
646 if ((ieee80211_msg_debug(vap) && doprint(vap, subtype)) ||
647 ieee80211_msg_dumppkts(vap)) {
648 if_printf(ifp, "received %s from %s rssi %d\n",
649 ieee80211_mgt_subtype_name(subtype),
650 ether_sprintf(wh->i_addr2), rssi);
651 }
652 #endif
653 if (IEEE80211_IS_PROTECTED(wh)) {
654 IEEE80211_DISCARD(vap, IEEE80211_MSG_INPUT,
655 wh, NULL, "%s", "WEP set but not permitted");
656 vap->iv_stats.is_rx_mgtdiscard++; /* XXX */
657 goto out;
658 }
659 vap->iv_recv_mgmt(ni, m, subtype, rxs, rssi, nf);
660 goto out;
661
662 case IEEE80211_FC0_TYPE_CTL:
663 vap->iv_stats.is_rx_ctl++;
664 IEEE80211_NODE_STAT(ni, rx_ctrl);
665 vap->iv_recv_ctl(ni, m, subtype);
666 goto out;
667
668 default:
669 IEEE80211_DISCARD(vap, IEEE80211_MSG_ANY,
670 wh, "bad", "frame type 0x%x", type);
671 /* should not come here */
672 break;
673 }
674 err:
675 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1);
676 out:
677 if (m != NULL) {
678 if (need_tap && ieee80211_radiotap_active_vap(vap))
679 ieee80211_radiotap_rx(vap, m);
680 m_freem(m);
681 }
682 return type;
683 }
684
685 static int
686 is11bclient(const uint8_t *rates, const uint8_t *xrates)
687 {
688 static const uint32_t brates = (1<<2*1)|(1<<2*2)|(1<<11)|(1<<2*11);
689 int i;
690
691 /* NB: the 11b clients we care about will not have xrates */
692 if (xrates != NULL || rates == NULL)
693 return 0;
694 for (i = 0; i < rates[1]; i++) {
695 int r = rates[2+i] & IEEE80211_RATE_VAL;
696 if (r > 2*11 || ((1<<r) & brates) == 0)
697 return 0;
698 }
699 return 1;
700 }
701
702 static void
703 adhoc_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m0,
704 int subtype, const struct ieee80211_rx_stats *rxs, int rssi, int nf)
705 {
706 struct ieee80211vap *vap = ni->ni_vap;
707 struct ieee80211com *ic = ni->ni_ic;
708 struct ieee80211_channel *rxchan = ic->ic_curchan;
709 struct ieee80211_frame *wh;
710 uint8_t *frm, *efrm;
711 uint8_t *ssid, *rates, *xrates;
712 #if 0
713 int ht_state_change = 0;
714 #endif
715
716 wh = mtod(m0, struct ieee80211_frame *);
717 frm = (uint8_t *)&wh[1];
718 efrm = mtod(m0, uint8_t *) + m0->m_len;
719
720 IEEE80211_DPRINTF(vap, IEEE80211_MSG_INPUT | IEEE80211_MSG_DEBUG,
721 "%s: recv mgmt frame, addr2=%6D, ni=%p (%6D) fc=%.02x %.02x\n",
722 __func__,
723 wh->i_addr2, ":",
724 ni,
725 ni->ni_macaddr, ":",
726 wh->i_fc[0],
727 wh->i_fc[1]);
728 switch (subtype) {
729 case IEEE80211_FC0_SUBTYPE_PROBE_RESP:
730 case IEEE80211_FC0_SUBTYPE_BEACON: {
731 struct ieee80211_scanparams scan;
732 struct ieee80211_channel *c;
733 /*
734 * We process beacon/probe response
735 * frames to discover neighbors.
736 */
737 if (rxs != NULL) {
738 c = ieee80211_lookup_channel_rxstatus(vap, rxs);
739 if (c != NULL)
740 rxchan = c;
741 }
742 if (ieee80211_parse_beacon(ni, m0, rxchan, &scan) != 0)
743 return;
744 /*
745 * Count frame now that we know it's to be processed.
746 */
747 if (subtype == IEEE80211_FC0_SUBTYPE_BEACON) {
748 vap->iv_stats.is_rx_beacon++; /* XXX remove */
749 IEEE80211_NODE_STAT(ni, rx_beacons);
750 } else
751 IEEE80211_NODE_STAT(ni, rx_proberesp);
752 /*
753 * If scanning, just pass information to the scan module.
754 */
755 if (ic->ic_flags & IEEE80211_F_SCAN) {
756 if (ic->ic_flags_ext & IEEE80211_FEXT_PROBECHAN) {
757 /*
758 * Actively scanning a channel marked passive;
759 * send a probe request now that we know there
760 * is 802.11 traffic present.
761 *
762 * XXX check if the beacon we recv'd gives
763 * us what we need and suppress the probe req
764 */
765 ieee80211_probe_curchan(vap, true);
766 ic->ic_flags_ext &= ~IEEE80211_FEXT_PROBECHAN;
767 }
768 ieee80211_add_scan(vap, rxchan, &scan, wh,
769 subtype, rssi, nf);
770 return;
771 }
772 if (scan.capinfo & IEEE80211_CAPINFO_IBSS) {
773 if (!IEEE80211_ADDR_EQ(wh->i_addr2, ni->ni_macaddr)) {
774 /*
775 * Create a new entry in the neighbor table.
776 *
777 * XXX TODO:
778 *
779 * Here we're not scanning; so if we have an
780 * SSID then make sure it matches our SSID.
781 * Otherwise this code will match on all IBSS
782 * beacons/probe requests for all SSIDs,
783 * filling the node table with nodes that
784 * aren't ours.
785 */
786 if (ieee80211_ibss_node_check_new(ni, &scan)) {
787 ni = ieee80211_add_neighbor(vap, wh, &scan);
788 /*
789 * Send a probe request so we announce 11n
790 * capabilities.
791 */
792 ieee80211_send_probereq(ni, /* node */
793 vap->iv_myaddr, /* SA */
794 ni->ni_macaddr, /* DA */
795 vap->iv_bss->ni_bssid, /* BSSID */
796 vap->iv_bss->ni_essid,
797 vap->iv_bss->ni_esslen); /* SSID */
798 } else
799 ni = NULL;
800
801 /*
802 * Send a probe request so we announce 11n
803 * capabilities.
804 *
805 * Don't do this if we're scanning.
806 */
807 if (! (ic->ic_flags & IEEE80211_F_SCAN))
808 ieee80211_send_probereq(ni, /* node */
809 vap->iv_myaddr, /* SA */
810 ni->ni_macaddr, /* DA */
811 vap->iv_bss->ni_bssid, /* BSSID */
812 vap->iv_bss->ni_essid,
813 vap->iv_bss->ni_esslen); /* SSID */
814
815 } else if (ni->ni_capinfo == 0) {
816 /*
817 * Update faked node created on transmit.
818 * Note this also updates the tsf.
819 */
820 ieee80211_init_neighbor(ni, wh, &scan);
821
822 /*
823 * Send a probe request so we announce 11n
824 * capabilities.
825 */
826 ieee80211_send_probereq(ni, /* node */
827 vap->iv_myaddr, /* SA */
828 ni->ni_macaddr, /* DA */
829 vap->iv_bss->ni_bssid, /* BSSID */
830 vap->iv_bss->ni_essid,
831 vap->iv_bss->ni_esslen); /* SSID */
832 } else {
833 /*
834 * Record tsf for potential resync.
835 */
836 memcpy(ni->ni_tstamp.data, scan.tstamp,
837 sizeof(ni->ni_tstamp));
838 }
839 /*
840 * This isn't enabled yet - otherwise it would
841 * update the HT parameters and channel width
842 * from any node, which could lead to lots of
843 * strange behaviour if the 11n nodes aren't
844 * exactly configured to match.
845 */
846 #if 0
847 if (scan.htcap != NULL && scan.htinfo != NULL &&
848 (vap->iv_flags_ht & IEEE80211_FHT_HT)) {
849 ieee80211_ht_updateparams(ni,
850 scan.htcap, scan.htinfo));
851 if (ieee80211_ht_updateparams_final(ni,
852 scan.htcap, scan.htinfo))
853 ht_state_change = 1;
854 }
855
856 /* XXX same for VHT? */
857 #endif
858 if (ni != NULL) {
859 IEEE80211_RSSI_LPF(ni->ni_avgrssi, rssi);
860 ni->ni_noise = nf;
861 }
862 /*
863 * Same here - the channel width change should
864 * be applied to the specific peer node, not
865 * to the ic. Ie, the interface configuration
866 * should stay in its current channel width;
867 * but it should change the rate control and
868 * any queued frames for the given node only.
869 *
870 * Since there's no (current) way to inform
871 * the driver that a channel width change has
872 * occurred for a single node, just stub this
873 * out.
874 */
875 #if 0
876 if (ht_state_change)
877 ieee80211_update_chw(ic);
878 #endif
879 }
880 break;
881 }
882
883 case IEEE80211_FC0_SUBTYPE_PROBE_REQ:
884 if (vap->iv_state != IEEE80211_S_RUN) {
885 IEEE80211_DISCARD(vap, IEEE80211_MSG_INPUT,
886 wh, NULL, "wrong state %s",
887 ieee80211_state_name[vap->iv_state]);
888 vap->iv_stats.is_rx_mgtdiscard++;
889 return;
890 }
891 if (IEEE80211_IS_MULTICAST(wh->i_addr2)) {
892 /* frame must be directed */
893 IEEE80211_DISCARD(vap, IEEE80211_MSG_INPUT,
894 wh, NULL, "%s", "not unicast");
895 vap->iv_stats.is_rx_mgtdiscard++; /* XXX stat */
896 return;
897 }
898
899 /*
900 * prreq frame format
901 * [tlv] ssid
902 * [tlv] supported rates
903 * [tlv] extended supported rates
904 */
905 ssid = rates = xrates = NULL;
906 while (efrm - frm > 1) {
907 IEEE80211_VERIFY_LENGTH(efrm - frm, frm[1] + 2, return);
908 switch (*frm) {
909 case IEEE80211_ELEMID_SSID:
910 ssid = frm;
911 break;
912 case IEEE80211_ELEMID_RATES:
913 rates = frm;
914 break;
915 case IEEE80211_ELEMID_XRATES:
916 xrates = frm;
917 break;
918 }
919 frm += frm[1] + 2;
920 }
921 IEEE80211_VERIFY_ELEMENT(rates, IEEE80211_RATE_MAXSIZE, return);
922 if (xrates != NULL)
923 IEEE80211_VERIFY_ELEMENT(xrates,
924 IEEE80211_RATE_MAXSIZE - rates[1], return);
925 IEEE80211_VERIFY_ELEMENT(ssid, IEEE80211_NWID_LEN, return);
926 IEEE80211_VERIFY_SSID(vap->iv_bss, ssid, return);
927 if ((vap->iv_flags & IEEE80211_F_HIDESSID) && ssid[1] == 0) {
928 IEEE80211_DISCARD(vap, IEEE80211_MSG_INPUT,
929 wh, NULL,
930 "%s", "no ssid with ssid suppression enabled");
931 vap->iv_stats.is_rx_ssidmismatch++; /*XXX*/
932 return;
933 }
934
935 /* XXX find a better class or define it's own */
936 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_INPUT, wh->i_addr2,
937 "%s", "recv probe req");
938 /*
939 * Some legacy 11b clients cannot hack a complete
940 * probe response frame. When the request includes
941 * only a bare-bones rate set, communicate this to
942 * the transmit side.
943 */
944 ieee80211_send_proberesp(vap, wh->i_addr2,
945 is11bclient(rates, xrates) ? IEEE80211_SEND_LEGACY_11B : 0);
946
947 /*
948 * Note: we don't benefit from stashing the probe request
949 * IEs away to use for IBSS negotiation, because we
950 * typically don't get all of the IEs.
951 */
952 break;
953
954 case IEEE80211_FC0_SUBTYPE_ACTION:
955 case IEEE80211_FC0_SUBTYPE_ACTION_NOACK:
956 if ((ni == vap->iv_bss) &&
957 !IEEE80211_ADDR_EQ(wh->i_addr2, ni->ni_macaddr)) {
958 IEEE80211_DISCARD(vap, IEEE80211_MSG_INPUT,
959 wh, NULL, "%s", "unknown node");
960 vap->iv_stats.is_rx_mgtdiscard++;
961 } else if (!IEEE80211_ADDR_EQ(vap->iv_myaddr, wh->i_addr1) &&
962 !IEEE80211_IS_MULTICAST(wh->i_addr1)) {
963 IEEE80211_DISCARD(vap, IEEE80211_MSG_INPUT | IEEE80211_MSG_DEBUG,
964 wh, NULL, "%s", "not for us");
965 vap->iv_stats.is_rx_mgtdiscard++;
966 } else if (vap->iv_state != IEEE80211_S_RUN) {
967 IEEE80211_DISCARD(vap, IEEE80211_MSG_INPUT | IEEE80211_MSG_DEBUG,
968 wh, NULL, "wrong state %s",
969 ieee80211_state_name[vap->iv_state]);
970 vap->iv_stats.is_rx_mgtdiscard++;
971 } else {
972 if (ieee80211_parse_action(ni, m0) == 0)
973 (void)ic->ic_recv_action(ni, wh, frm, efrm);
974 }
975 break;
976
977 case IEEE80211_FC0_SUBTYPE_ASSOC_REQ:
978 case IEEE80211_FC0_SUBTYPE_ASSOC_RESP:
979 case IEEE80211_FC0_SUBTYPE_REASSOC_REQ:
980 case IEEE80211_FC0_SUBTYPE_REASSOC_RESP:
981 case IEEE80211_FC0_SUBTYPE_TIMING_ADV:
982 case IEEE80211_FC0_SUBTYPE_ATIM:
983 case IEEE80211_FC0_SUBTYPE_DISASSOC:
984 case IEEE80211_FC0_SUBTYPE_AUTH:
985 case IEEE80211_FC0_SUBTYPE_DEAUTH:
986 IEEE80211_DISCARD(vap, IEEE80211_MSG_INPUT,
987 wh, NULL, "%s", "not handled");
988 vap->iv_stats.is_rx_mgtdiscard++;
989 break;
990
991 default:
992 IEEE80211_DISCARD(vap, IEEE80211_MSG_ANY,
993 wh, "mgt", "subtype 0x%x not handled", subtype);
994 vap->iv_stats.is_rx_badsubtype++;
995 break;
996 }
997 }
998 #undef IEEE80211_VERIFY_LENGTH
999 #undef IEEE80211_VERIFY_ELEMENT
1000
1001 static void
1002 ahdemo_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m0,
1003 int subtype, const struct ieee80211_rx_stats *rxs, int rssi, int nf)
1004 {
1005 struct ieee80211vap *vap = ni->ni_vap;
1006 struct ieee80211com *ic = ni->ni_ic;
1007
1008 /*
1009 * Process management frames when scanning; useful for doing
1010 * a site-survey.
1011 */
1012 if (ic->ic_flags & IEEE80211_F_SCAN)
1013 adhoc_recv_mgmt(ni, m0, subtype, rxs, rssi, nf);
1014 else {
1015 #ifdef IEEE80211_DEBUG
1016 struct ieee80211_frame *wh;
1017
1018 wh = mtod(m0, struct ieee80211_frame *);
1019 #endif
1020 switch (subtype) {
1021 case IEEE80211_FC0_SUBTYPE_ASSOC_REQ:
1022 case IEEE80211_FC0_SUBTYPE_ASSOC_RESP:
1023 case IEEE80211_FC0_SUBTYPE_REASSOC_REQ:
1024 case IEEE80211_FC0_SUBTYPE_REASSOC_RESP:
1025 case IEEE80211_FC0_SUBTYPE_PROBE_REQ:
1026 case IEEE80211_FC0_SUBTYPE_PROBE_RESP:
1027 case IEEE80211_FC0_SUBTYPE_TIMING_ADV:
1028 case IEEE80211_FC0_SUBTYPE_BEACON:
1029 case IEEE80211_FC0_SUBTYPE_ATIM:
1030 case IEEE80211_FC0_SUBTYPE_DISASSOC:
1031 case IEEE80211_FC0_SUBTYPE_AUTH:
1032 case IEEE80211_FC0_SUBTYPE_DEAUTH:
1033 case IEEE80211_FC0_SUBTYPE_ACTION:
1034 case IEEE80211_FC0_SUBTYPE_ACTION_NOACK:
1035 IEEE80211_DISCARD(vap, IEEE80211_MSG_INPUT,
1036 wh, NULL, "%s", "not handled");
1037 vap->iv_stats.is_rx_mgtdiscard++;
1038 break;
1039 default:
1040 IEEE80211_DISCARD(vap, IEEE80211_MSG_ANY,
1041 wh, "mgt", "subtype 0x%x not handled", subtype);
1042 vap->iv_stats.is_rx_badsubtype++;
1043 break;
1044 }
1045 }
1046 }
1047
1048 static void
1049 adhoc_recv_ctl(struct ieee80211_node *ni, struct mbuf *m, int subtype)
1050 {
1051
1052 switch (subtype) {
1053 case IEEE80211_FC0_SUBTYPE_BAR:
1054 ieee80211_recv_bar(ni, m);
1055 break;
1056 }
1057 }
The FreeBSD Project