search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
HaikuDepot: notify work status from main window
[haiku.git] / src / libs / compat / freebsd_wlan / net80211 / ieee80211_output.c
blobeb5ccb309d9f1eeceaaad9f029159af2ab520859
1 /*-
2 * Copyright (c) 2001 Atsushi Onoe
3 * Copyright (c) 2002-2009 Sam Leffler, Errno Consulting
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 */
26
27 #include <sys/cdefs.h>
28 __FBSDID("$FreeBSD$");
29
30 #include "opt_inet.h"
31 #include "opt_inet6.h"
32 #include "opt_wlan.h"
33
34 #include <sys/param.h>
35 #include <sys/systm.h>
36 #include <sys/mbuf.h>
37 #include <sys/kernel.h>
38 #include <sys/endian.h>
39
40 #include <sys/socket.h>
41
42 #include <net/bpf.h>
43 #include <net/ethernet.h>
44 #include <net/if.h>
45 #include <net/if_llc.h>
46 #include <net/if_media.h>
47 #include <net/if_vlan_var.h>
48
49 #include <net80211/ieee80211_var.h>
50 #include <net80211/ieee80211_regdomain.h>
51 #ifdef IEEE80211_SUPPORT_SUPERG
52 #include <net80211/ieee80211_superg.h>
53 #endif
54 #ifdef IEEE80211_SUPPORT_TDMA
55 #include <net80211/ieee80211_tdma.h>
56 #endif
57 #include <net80211/ieee80211_wds.h>
58 #include <net80211/ieee80211_mesh.h>
59
60 #if defined(INET) || defined(INET6)
61 #include <netinet/in.h>
62 #endif
63
64 #ifdef INET
65 #include <netinet/if_ether.h>
66 #include <netinet/in_systm.h>
67 #include <netinet/ip.h>
68 #endif
69 #ifdef INET6
70 #include <netinet/ip6.h>
71 #endif
72
73 #include <security/mac/mac_framework.h>
74
75 #define ETHER_HEADER_COPY(dst, src) \
76 memcpy(dst, src, sizeof(struct ether_header))
77
78 /* unalligned little endian access */
79 #define LE_WRITE_2(p, v) do { \
80 ((uint8_t *)(p))[0] = (v) & 0xff; \
81 ((uint8_t *)(p))[1] = ((v) >> 8) & 0xff; \
82 } while (0)
83 #define LE_WRITE_4(p, v) do { \
84 ((uint8_t *)(p))[0] = (v) & 0xff; \
85 ((uint8_t *)(p))[1] = ((v) >> 8) & 0xff; \
86 ((uint8_t *)(p))[2] = ((v) >> 16) & 0xff; \
87 ((uint8_t *)(p))[3] = ((v) >> 24) & 0xff; \
88 } while (0)
89
90 static int ieee80211_fragment(struct ieee80211vap *, struct mbuf *,
91 u_int hdrsize, u_int ciphdrsize, u_int mtu);
92 static void ieee80211_tx_mgt_cb(struct ieee80211_node *, void *, int);
93
94 #ifdef IEEE80211_DEBUG
95 /*
96 * Decide if an outbound management frame should be
97 * printed when debugging is enabled. This filters some
98 * of the less interesting frames that come frequently
99 * (e.g. beacons).
100 */
101 static __inline int
102 doprint(struct ieee80211vap *vap, int subtype)
103 {
104 switch (subtype) {
105 case IEEE80211_FC0_SUBTYPE_PROBE_RESP:
106 return (vap->iv_opmode == IEEE80211_M_IBSS);
107 }
108 return 1;
109 }
110 #endif
111
112 /*
113 * Start method for vap's. All packets from the stack come
114 * through here. We handle common processing of the packets
115 * before dispatching them to the underlying device.
116 */
117 void
118 ieee80211_start(struct ifnet *ifp)
119 {
120 #define IS_DWDS(vap) \
121 (vap->iv_opmode == IEEE80211_M_WDS && \
122 (vap->iv_flags_ext & IEEE80211_FEXT_WDSLEGACY) == 0)
123 struct ieee80211vap *vap = ifp->if_softc;
124 struct ieee80211com *ic = vap->iv_ic;
125 struct ifnet *parent = ic->ic_ifp;
126 struct ieee80211_node *ni;
127 struct mbuf *m;
128 struct ether_header *eh;
129 int error;
130
131 /* NB: parent must be up and running */
132 if (!IFNET_IS_UP_RUNNING(parent)) {
133 IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT,
134 "%s: ignore queue, parent %s not up+running\n",
135 __func__, parent->if_xname);
136 /* XXX stat */
137 return;
138 }
139 if (vap->iv_state == IEEE80211_S_SLEEP) {
140 /*
141 * In power save, wakeup device for transmit.
142 */
143 ieee80211_new_state(vap, IEEE80211_S_RUN, 0);
144 return;
145 }
146 /*
147 * No data frames go out unless we're running.
148 * Note in particular this covers CAC and CSA
149 * states (though maybe we should check muting
150 * for CSA).
151 */
152 if (vap->iv_state != IEEE80211_S_RUN) {
153 IEEE80211_LOCK(ic);
154 /* re-check under the com lock to avoid races */
155 if (vap->iv_state != IEEE80211_S_RUN) {
156 IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT,
157 "%s: ignore queue, in %s state\n",
158 __func__, ieee80211_state_name[vap->iv_state]);
159 vap->iv_stats.is_tx_badstate++;
160 ifp->if_drv_flags |= IFF_DRV_OACTIVE;
161 IEEE80211_UNLOCK(ic);
162 return;
163 }
164 IEEE80211_UNLOCK(ic);
165 }
166 for (;;) {
167 IFQ_DEQUEUE(&ifp->if_snd, m);
168 if (m == NULL)
169 break;
170 /*
171 * Sanitize mbuf flags for net80211 use. We cannot
172 * clear M_PWR_SAV or M_MORE_DATA because these may
173 * be set for frames that are re-submitted from the
174 * power save queue.
175 *
176 * NB: This must be done before ieee80211_classify as
177 * it marks EAPOL in frames with M_EAPOL.
178 */
179 m->m_flags &= ~(M_80211_TX - M_PWR_SAV - M_MORE_DATA);
180 /*
181 * Cancel any background scan.
182 */
183 if (ic->ic_flags & IEEE80211_F_SCAN)
184 ieee80211_cancel_anyscan(vap);
185 /*
186 * Find the node for the destination so we can do
187 * things like power save and fast frames aggregation.
188 *
189 * NB: past this point various code assumes the first
190 * mbuf has the 802.3 header present (and contiguous).
191 */
192 ni = NULL;
193 if (m->m_len < sizeof(struct ether_header) &&
194 (m = m_pullup(m, sizeof(struct ether_header))) == NULL) {
195 IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT,
196 "discard frame, %s\n", "m_pullup failed");
197 vap->iv_stats.is_tx_nobuf++; /* XXX */
198 ifp->if_oerrors++;
199 continue;
200 }
201 eh = mtod(m, struct ether_header *);
202 if (ETHER_IS_MULTICAST(eh->ether_dhost)) {
203 if (IS_DWDS(vap)) {
204 /*
205 * Only unicast frames from the above go out
206 * DWDS vaps; multicast frames are handled by
207 * dispatching the frame as it comes through
208 * the AP vap (see below).
209 */
210 IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_WDS,
211 eh->ether_dhost, "mcast", "%s", "on DWDS");
212 vap->iv_stats.is_dwds_mcast++;
213 m_freem(m);
214 continue;
215 }
216 if (vap->iv_opmode == IEEE80211_M_HOSTAP) {
217 /*
218 * Spam DWDS vap's w/ multicast traffic.
219 */
220 /* XXX only if dwds in use? */
221 ieee80211_dwds_mcast(vap, m);
222 }
223 }
224 #ifdef IEEE80211_SUPPORT_MESH
225 if (vap->iv_opmode != IEEE80211_M_MBSS) {
226 #endif
227 ni = ieee80211_find_txnode(vap, eh->ether_dhost);
228 if (ni == NULL) {
229 /* NB: ieee80211_find_txnode does stat+msg */
230 ifp->if_oerrors++;
231 m_freem(m);
232 continue;
233 }
234 if (ni->ni_associd == 0 &&
235 (ni->ni_flags & IEEE80211_NODE_ASSOCID)) {
236 IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_OUTPUT,
237 eh->ether_dhost, NULL,
238 "sta not associated (type 0x%04x)",
239 htons(eh->ether_type));
240 vap->iv_stats.is_tx_notassoc++;
241 ifp->if_oerrors++;
242 m_freem(m);
243 ieee80211_free_node(ni);
244 continue;
245 }
246 #ifdef IEEE80211_SUPPORT_MESH
247 } else {
248 if (!IEEE80211_ADDR_EQ(eh->ether_shost, vap->iv_myaddr)) {
249 /*
250 * Proxy station only if configured.
251 */
252 if (!ieee80211_mesh_isproxyena(vap)) {
253 IEEE80211_DISCARD_MAC(vap,
254 IEEE80211_MSG_OUTPUT |
255 IEEE80211_MSG_MESH,
256 eh->ether_dhost, NULL,
257 "%s", "proxy not enabled");
258 vap->iv_stats.is_mesh_notproxy++;
259 ifp->if_oerrors++;
260 m_freem(m);
261 continue;
262 }
263 ieee80211_mesh_proxy_check(vap, eh->ether_shost);
264 }
265 ni = ieee80211_mesh_discover(vap, eh->ether_dhost, m);
266 if (ni == NULL) {
267 /*
268 * NB: ieee80211_mesh_discover holds/disposes
269 * frame (e.g. queueing on path discovery).
270 */
271 ifp->if_oerrors++;
272 continue;
273 }
274 }
275 #endif
276 if ((ni->ni_flags & IEEE80211_NODE_PWR_MGT) &&
277 (m->m_flags & M_PWR_SAV) == 0) {
278 /*
279 * Station in power save mode; pass the frame
280 * to the 802.11 layer and continue. We'll get
281 * the frame back when the time is right.
282 * XXX lose WDS vap linkage?
283 */
284 (void) ieee80211_pwrsave(ni, m);
285 ieee80211_free_node(ni);
286 continue;
287 }
288 /* calculate priority so drivers can find the tx queue */
289 if (ieee80211_classify(ni, m)) {
290 IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_OUTPUT,
291 eh->ether_dhost, NULL,
292 "%s", "classification failure");
293 vap->iv_stats.is_tx_classify++;
294 ifp->if_oerrors++;
295 m_freem(m);
296 ieee80211_free_node(ni);
297 continue;
298 }
299 /*
300 * Stash the node pointer. Note that we do this after
301 * any call to ieee80211_dwds_mcast because that code
302 * uses any existing value for rcvif to identify the
303 * interface it (might have been) received on.
304 */
305 m->m_pkthdr.rcvif = (void *)ni;
306
307 BPF_MTAP(ifp, m); /* 802.3 tx */
308
309 /*
310 * Check if A-MPDU tx aggregation is setup or if we
311 * should try to enable it. The sta must be associated
312 * with HT and A-MPDU enabled for use. When the policy
313 * routine decides we should enable A-MPDU we issue an
314 * ADDBA request and wait for a reply. The frame being
315 * encapsulated will go out w/o using A-MPDU, or possibly
316 * it might be collected by the driver and held/retransmit.
317 * The default ic_ampdu_enable routine handles staggering
318 * ADDBA requests in case the receiver NAK's us or we are
319 * otherwise unable to establish a BA stream.
320 */
321 if ((ni->ni_flags & IEEE80211_NODE_AMPDU_TX) &&
322 (vap->iv_flags_ht & IEEE80211_FHT_AMPDU_TX) &&
323 (m->m_flags & M_EAPOL) == 0) {
324 const int ac = M_WME_GETAC(m);
325 struct ieee80211_tx_ampdu *tap = &ni->ni_tx_ampdu[ac];
326
327 ieee80211_txampdu_count_packet(tap);
328 if (IEEE80211_AMPDU_RUNNING(tap)) {
329 /*
330 * Operational, mark frame for aggregation.
331 *
332 * XXX do tx aggregation here
333 */
334 m->m_flags |= M_AMPDU_MPDU;
335 } else if (!IEEE80211_AMPDU_REQUESTED(tap) &&
336 ic->ic_ampdu_enable(ni, tap)) {
337 /*
338 * Not negotiated yet, request service.
339 */
340 ieee80211_ampdu_request(ni, tap);
341 /* XXX hold frame for reply? */
342 }
343 }
344 #ifdef IEEE80211_SUPPORT_SUPERG
345 else if (IEEE80211_ATH_CAP(vap, ni, IEEE80211_NODE_FF)) {
346 m = ieee80211_ff_check(ni, m);
347 if (m == NULL) {
348 /* NB: any ni ref held on stageq */
349 continue;
350 }
351 }
352 #endif /* IEEE80211_SUPPORT_SUPERG */
353 if (__predict_true((vap->iv_caps & IEEE80211_C_8023ENCAP) == 0)) {
354 /*
355 * Encapsulate the packet in prep for transmission.
356 */
357 m = ieee80211_encap(vap, ni, m);
358 if (m == NULL) {
359 /* NB: stat+msg handled in ieee80211_encap */
360 ieee80211_free_node(ni);
361 continue;
362 }
363 }
364
365 error = parent->if_transmit(parent, m);
366 if (error != 0) {
367 /* NB: IFQ_HANDOFF reclaims mbuf */
368 ieee80211_free_node(ni);
369 } else {
370 ifp->if_opackets++;
371 }
372 ic->ic_lastdata = ticks;
373 }
374 #undef IS_DWDS
375 }
376
377 /*
378 * 802.11 output routine. This is (currently) used only to
379 * connect bpf write calls to the 802.11 layer for injecting
380 * raw 802.11 frames.
381 */
382 int
383 ieee80211_output(struct ifnet *ifp, struct mbuf *m,
384 struct sockaddr *dst, struct route *ro)
385 {
386 #define senderr(e) do { error = (e); goto bad;} while (0)
387 struct ieee80211_node *ni = NULL;
388 struct ieee80211vap *vap;
389 struct ieee80211_frame *wh;
390 int error;
391
392 if (ifp->if_drv_flags & IFF_DRV_OACTIVE) {
393 /*
394 * Short-circuit requests if the vap is marked OACTIVE
395 * as this can happen because a packet came down through
396 * ieee80211_start before the vap entered RUN state in
397 * which case it's ok to just drop the frame. This
398 * should not be necessary but callers of if_output don't
399 * check OACTIVE.
400 */
401 senderr(ENETDOWN);
402 }
403 vap = ifp->if_softc;
404
405 #ifdef __HAIKU__
406 return vap->iv_output(ifp, m, dst, ro);
407 #else
408 /*
409 * Hand to the 802.3 code if not tagged as
410 * a raw 802.11 frame.
411 */
412 if (dst->sa_family != AF_IEEE80211)
413 return vap->iv_output(ifp, m, dst, ro);
414 #ifdef MAC
415 error = mac_ifnet_check_transmit(ifp, m);
416 if (error)
417 senderr(error);
418 #endif
419 if (ifp->if_flags & IFF_MONITOR)
420 senderr(ENETDOWN);
421 if (!IFNET_IS_UP_RUNNING(ifp))
422 senderr(ENETDOWN);
423 if (vap->iv_state == IEEE80211_S_CAC) {
424 IEEE80211_DPRINTF(vap,
425 IEEE80211_MSG_OUTPUT | IEEE80211_MSG_DOTH,
426 "block %s frame in CAC state\n", "raw data");
427 vap->iv_stats.is_tx_badstate++;
428 senderr(EIO); /* XXX */
429 } else if (vap->iv_state == IEEE80211_S_SCAN)
430 senderr(EIO);
431 /* XXX bypass bridge, pfil, carp, etc. */
432
433 if (m->m_pkthdr.len < sizeof(struct ieee80211_frame_ack))
434 senderr(EIO); /* XXX */
435 wh = mtod(m, struct ieee80211_frame *);
436 if ((wh->i_fc[0] & IEEE80211_FC0_VERSION_MASK) !=
437 IEEE80211_FC0_VERSION_0)
438 senderr(EIO); /* XXX */
439
440 /* locate destination node */
441 switch (wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) {
442 case IEEE80211_FC1_DIR_NODS:
443 case IEEE80211_FC1_DIR_FROMDS:
444 ni = ieee80211_find_txnode(vap, wh->i_addr1);
445 break;
446 case IEEE80211_FC1_DIR_TODS:
447 case IEEE80211_FC1_DIR_DSTODS:
448 if (m->m_pkthdr.len < sizeof(struct ieee80211_frame))
449 senderr(EIO); /* XXX */
450 ni = ieee80211_find_txnode(vap, wh->i_addr3);
451 break;
452 default:
453 senderr(EIO); /* XXX */
454 }
455 if (ni == NULL) {
456 /*
457 * Permit packets w/ bpf params through regardless
458 * (see below about sa_len).
459 */
460 if (dst->sa_len == 0)
461 senderr(EHOSTUNREACH);
462 ni = ieee80211_ref_node(vap->iv_bss);
463 }
464
465 /*
466 * Sanitize mbuf for net80211 flags leaked from above.
467 *
468 * NB: This must be done before ieee80211_classify as
469 * it marks EAPOL in frames with M_EAPOL.
470 */
471 m->m_flags &= ~M_80211_TX;
472
473 /* calculate priority so drivers can find the tx queue */
474 /* XXX assumes an 802.3 frame */
475 if (ieee80211_classify(ni, m))
476 senderr(EIO); /* XXX */
477
478 ifp->if_opackets++;
479 IEEE80211_NODE_STAT(ni, tx_data);
480 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) {
481 IEEE80211_NODE_STAT(ni, tx_mcast);
482 m->m_flags |= M_MCAST;
483 } else
484 IEEE80211_NODE_STAT(ni, tx_ucast);
485 /* NB: ieee80211_encap does not include 802.11 header */
486 IEEE80211_NODE_STAT_ADD(ni, tx_bytes, m->m_pkthdr.len);
487
488 /*
489 * NB: DLT_IEEE802_11_RADIO identifies the parameters are
490 * present by setting the sa_len field of the sockaddr (yes,
491 * this is a hack).
492 * NB: we assume sa_data is suitably aligned to cast.
493 */
494 return vap->iv_ic->ic_raw_xmit(ni, m,
495 (const struct ieee80211_bpf_params *)(dst->sa_len ?
496 dst->sa_data : NULL));
497 #endif
498 bad:
499 if (m != NULL)
500 m_freem(m);
501 if (ni != NULL)
502 ieee80211_free_node(ni);
503 ifp->if_oerrors++;
504 return error;
505 #undef senderr
506 }
507
508 /*
509 * Set the direction field and address fields of an outgoing
510 * frame. Note this should be called early on in constructing
511 * a frame as it sets i_fc[1]; other bits can then be or'd in.
512 */
513 void
514 ieee80211_send_setup(
515 struct ieee80211_node *ni,
516 struct mbuf *m,
517 int type, int tid,
518 const uint8_t sa[IEEE80211_ADDR_LEN],
519 const uint8_t da[IEEE80211_ADDR_LEN],
520 const uint8_t bssid[IEEE80211_ADDR_LEN])
521 {
522 #define WH4(wh) ((struct ieee80211_frame_addr4 *)wh)
523 struct ieee80211vap *vap = ni->ni_vap;
524 struct ieee80211_tx_ampdu *tap;
525 struct ieee80211_frame *wh = mtod(m, struct ieee80211_frame *);
526 ieee80211_seq seqno;
527
528 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | type;
529 if ((type & IEEE80211_FC0_TYPE_MASK) == IEEE80211_FC0_TYPE_DATA) {
530 switch (vap->iv_opmode) {
531 case IEEE80211_M_STA:
532 wh->i_fc[1] = IEEE80211_FC1_DIR_TODS;
533 IEEE80211_ADDR_COPY(wh->i_addr1, bssid);
534 IEEE80211_ADDR_COPY(wh->i_addr2, sa);
535 IEEE80211_ADDR_COPY(wh->i_addr3, da);
536 break;
537 case IEEE80211_M_IBSS:
538 case IEEE80211_M_AHDEMO:
539 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS;
540 IEEE80211_ADDR_COPY(wh->i_addr1, da);
541 IEEE80211_ADDR_COPY(wh->i_addr2, sa);
542 IEEE80211_ADDR_COPY(wh->i_addr3, bssid);
543 break;
544 case IEEE80211_M_HOSTAP:
545 wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS;
546 IEEE80211_ADDR_COPY(wh->i_addr1, da);
547 IEEE80211_ADDR_COPY(wh->i_addr2, bssid);
548 IEEE80211_ADDR_COPY(wh->i_addr3, sa);
549 break;
550 case IEEE80211_M_WDS:
551 wh->i_fc[1] = IEEE80211_FC1_DIR_DSTODS;
552 IEEE80211_ADDR_COPY(wh->i_addr1, da);
553 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr);
554 IEEE80211_ADDR_COPY(wh->i_addr3, da);
555 IEEE80211_ADDR_COPY(WH4(wh)->i_addr4, sa);
556 break;
557 case IEEE80211_M_MBSS:
558 #ifdef IEEE80211_SUPPORT_MESH
559 /* XXX add support for proxied addresses */
560 if (IEEE80211_IS_MULTICAST(da)) {
561 wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS;
562 /* XXX next hop */
563 IEEE80211_ADDR_COPY(wh->i_addr1, da);
564 IEEE80211_ADDR_COPY(wh->i_addr2,
565 vap->iv_myaddr);
566 } else {
567 wh->i_fc[1] = IEEE80211_FC1_DIR_DSTODS;
568 IEEE80211_ADDR_COPY(wh->i_addr1, da);
569 IEEE80211_ADDR_COPY(wh->i_addr2,
570 vap->iv_myaddr);
571 IEEE80211_ADDR_COPY(wh->i_addr3, da);
572 IEEE80211_ADDR_COPY(WH4(wh)->i_addr4, sa);
573 }
574 #endif
575 break;
576 case IEEE80211_M_MONITOR: /* NB: to quiet compiler */
577 break;
578 }
579 } else {
580 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS;
581 IEEE80211_ADDR_COPY(wh->i_addr1, da);
582 IEEE80211_ADDR_COPY(wh->i_addr2, sa);
583 #ifdef IEEE80211_SUPPORT_MESH
584 if (vap->iv_opmode == IEEE80211_M_MBSS)
585 IEEE80211_ADDR_COPY(wh->i_addr3, sa);
586 else
587 #endif
588 IEEE80211_ADDR_COPY(wh->i_addr3, bssid);
589 }
590 *(uint16_t *)&wh->i_dur[0] = 0;
591
592 tap = &ni->ni_tx_ampdu[TID_TO_WME_AC(tid)];
593 if (tid != IEEE80211_NONQOS_TID && IEEE80211_AMPDU_RUNNING(tap))
594 m->m_flags |= M_AMPDU_MPDU;
595 else {
596 seqno = ni->ni_txseqs[tid]++;
597 *(uint16_t *)&wh->i_seq[0] =
598 htole16(seqno << IEEE80211_SEQ_SEQ_SHIFT);
599 M_SEQNO_SET(m, seqno);
600 }
601
602 if (IEEE80211_IS_MULTICAST(wh->i_addr1))
603 m->m_flags |= M_MCAST;
604 #undef WH4
605 }
606
607 /*
608 * Send a management frame to the specified node. The node pointer
609 * must have a reference as the pointer will be passed to the driver
610 * and potentially held for a long time. If the frame is successfully
611 * dispatched to the driver, then it is responsible for freeing the
612 * reference (and potentially free'ing up any associated storage);
613 * otherwise deal with reclaiming any reference (on error).
614 */
615 int
616 ieee80211_mgmt_output(struct ieee80211_node *ni, struct mbuf *m, int type,
617 struct ieee80211_bpf_params *params)
618 {
619 struct ieee80211vap *vap = ni->ni_vap;
620 struct ieee80211com *ic = ni->ni_ic;
621 struct ieee80211_frame *wh;
622
623 KASSERT(ni != NULL, ("null node"));
624
625 if (vap->iv_state == IEEE80211_S_CAC) {
626 IEEE80211_NOTE(vap, IEEE80211_MSG_OUTPUT | IEEE80211_MSG_DOTH,
627 ni, "block %s frame in CAC state",
628 ieee80211_mgt_subtype_name[
629 (type & IEEE80211_FC0_SUBTYPE_MASK) >>
630 IEEE80211_FC0_SUBTYPE_SHIFT]);
631 vap->iv_stats.is_tx_badstate++;
632 ieee80211_free_node(ni);
633 m_freem(m);
634 return EIO; /* XXX */
635 }
636
637 M_PREPEND(m, sizeof(struct ieee80211_frame), M_DONTWAIT);
638 if (m == NULL) {
639 ieee80211_free_node(ni);
640 return ENOMEM;
641 }
642
643 wh = mtod(m, struct ieee80211_frame *);
644 ieee80211_send_setup(ni, m,
645 IEEE80211_FC0_TYPE_MGT | type, IEEE80211_NONQOS_TID,
646 vap->iv_myaddr, ni->ni_macaddr, ni->ni_bssid);
647 if (params->ibp_flags & IEEE80211_BPF_CRYPTO) {
648 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_AUTH, wh->i_addr1,
649 "encrypting frame (%s)", __func__);
650 wh->i_fc[1] |= IEEE80211_FC1_WEP;
651 }
652 m->m_flags |= M_ENCAP; /* mark encapsulated */
653
654 KASSERT(type != IEEE80211_FC0_SUBTYPE_PROBE_RESP, ("probe response?"));
655 M_WME_SETAC(m, params->ibp_pri);
656
657 #ifdef IEEE80211_DEBUG
658 /* avoid printing too many frames */
659 if ((ieee80211_msg_debug(vap) && doprint(vap, type)) ||
660 ieee80211_msg_dumppkts(vap)) {
661 printf("[%s] send %s on channel %u\n",
662 ether_sprintf(wh->i_addr1),
663 ieee80211_mgt_subtype_name[
664 (type & IEEE80211_FC0_SUBTYPE_MASK) >>
665 IEEE80211_FC0_SUBTYPE_SHIFT],
666 ieee80211_chan2ieee(ic, ic->ic_curchan));
667 }
668 #endif
669 IEEE80211_NODE_STAT(ni, tx_mgmt);
670
671 return ic->ic_raw_xmit(ni, m, params);
672 }
673
674 /*
675 * Send a null data frame to the specified node. If the station
676 * is setup for QoS then a QoS Null Data frame is constructed.
677 * If this is a WDS station then a 4-address frame is constructed.
678 *
679 * NB: the caller is assumed to have setup a node reference
680 * for use; this is necessary to deal with a race condition
681 * when probing for inactive stations. Like ieee80211_mgmt_output
682 * we must cleanup any node reference on error; however we
683 * can safely just unref it as we know it will never be the
684 * last reference to the node.
685 */
686 int
687 ieee80211_send_nulldata(struct ieee80211_node *ni)
688 {
689 struct ieee80211vap *vap = ni->ni_vap;
690 struct ieee80211com *ic = ni->ni_ic;
691 struct mbuf *m;
692 struct ieee80211_frame *wh;
693 int hdrlen;
694 uint8_t *frm;
695
696 if (vap->iv_state == IEEE80211_S_CAC) {
697 IEEE80211_NOTE(vap, IEEE80211_MSG_OUTPUT | IEEE80211_MSG_DOTH,
698 ni, "block %s frame in CAC state", "null data");
699 ieee80211_unref_node(&ni);
700 vap->iv_stats.is_tx_badstate++;
701 return EIO; /* XXX */
702 }
703
704 if (ni->ni_flags & (IEEE80211_NODE_QOS|IEEE80211_NODE_HT))
705 hdrlen = sizeof(struct ieee80211_qosframe);
706 else
707 hdrlen = sizeof(struct ieee80211_frame);
708 /* NB: only WDS vap's get 4-address frames */
709 if (vap->iv_opmode == IEEE80211_M_WDS)
710 hdrlen += IEEE80211_ADDR_LEN;
711 if (ic->ic_flags & IEEE80211_F_DATAPAD)
712 hdrlen = roundup(hdrlen, sizeof(uint32_t));
713
714 m = ieee80211_getmgtframe(&frm, ic->ic_headroom + hdrlen, 0);
715 if (m == NULL) {
716 /* XXX debug msg */
717 ieee80211_unref_node(&ni);
718 vap->iv_stats.is_tx_nobuf++;
719 return ENOMEM;
720 }
721 KASSERT(M_LEADINGSPACE(m) >= hdrlen,
722 ("leading space %zd", M_LEADINGSPACE(m)));
723 M_PREPEND(m, hdrlen, M_DONTWAIT);
724 if (m == NULL) {
725 /* NB: cannot happen */
726 ieee80211_free_node(ni);
727 return ENOMEM;
728 }
729
730 wh = mtod(m, struct ieee80211_frame *); /* NB: a little lie */
731 if (ni->ni_flags & IEEE80211_NODE_QOS) {
732 const int tid = WME_AC_TO_TID(WME_AC_BE);
733 uint8_t *qos;
734
735 ieee80211_send_setup(ni, m,
736 IEEE80211_FC0_TYPE_DATA | IEEE80211_FC0_SUBTYPE_QOS_NULL,
737 tid, vap->iv_myaddr, ni->ni_macaddr, ni->ni_bssid);
738
739 if (vap->iv_opmode == IEEE80211_M_WDS)
740 qos = ((struct ieee80211_qosframe_addr4 *) wh)->i_qos;
741 else
742 qos = ((struct ieee80211_qosframe *) wh)->i_qos;
743 qos[0] = tid & IEEE80211_QOS_TID;
744 if (ic->ic_wme.wme_wmeChanParams.cap_wmeParams[WME_AC_BE].wmep_noackPolicy)
745 qos[0] |= IEEE80211_QOS_ACKPOLICY_NOACK;
746 qos[1] = 0;
747 } else {
748 ieee80211_send_setup(ni, m,
749 IEEE80211_FC0_TYPE_DATA | IEEE80211_FC0_SUBTYPE_NODATA,
750 IEEE80211_NONQOS_TID,
751 vap->iv_myaddr, ni->ni_macaddr, ni->ni_bssid);
752 }
753 if (vap->iv_opmode != IEEE80211_M_WDS) {
754 /* NB: power management bit is never sent by an AP */
755 if ((ni->ni_flags & IEEE80211_NODE_PWR_MGT) &&
756 vap->iv_opmode != IEEE80211_M_HOSTAP)
757 wh->i_fc[1] |= IEEE80211_FC1_PWR_MGT;
758 }
759 m->m_len = m->m_pkthdr.len = hdrlen;
760 m->m_flags |= M_ENCAP; /* mark encapsulated */
761
762 M_WME_SETAC(m, WME_AC_BE);
763
764 IEEE80211_NODE_STAT(ni, tx_data);
765
766 IEEE80211_NOTE(vap, IEEE80211_MSG_DEBUG | IEEE80211_MSG_DUMPPKTS, ni,
767 "send %snull data frame on channel %u, pwr mgt %s",
768 ni->ni_flags & IEEE80211_NODE_QOS ? "QoS " : "",
769 ieee80211_chan2ieee(ic, ic->ic_curchan),
770 wh->i_fc[1] & IEEE80211_FC1_PWR_MGT ? "ena" : "dis");
771
772 return ic->ic_raw_xmit(ni, m, NULL);
773 }
774
775 /*
776 * Assign priority to a frame based on any vlan tag assigned
777 * to the station and/or any Diffserv setting in an IP header.
778 * Finally, if an ACM policy is setup (in station mode) it's
779 * applied.
780 */
781 int
782 ieee80211_classify(struct ieee80211_node *ni, struct mbuf *m)
783 {
784 const struct ether_header *eh = mtod(m, struct ether_header *);
785 int v_wme_ac, d_wme_ac, ac;
786
787 /*
788 * Always promote PAE/EAPOL frames to high priority.
789 */
790 if (eh->ether_type == htons(ETHERTYPE_PAE)) {
791 /* NB: mark so others don't need to check header */
792 m->m_flags |= M_EAPOL;
793 ac = WME_AC_VO;
794 goto done;
795 }
796 /*
797 * Non-qos traffic goes to BE.
798 */
799 if ((ni->ni_flags & IEEE80211_NODE_QOS) == 0) {
800 ac = WME_AC_BE;
801 goto done;
802 }
803
804 /*
805 * If node has a vlan tag then all traffic
806 * to it must have a matching tag.
807 */
808 v_wme_ac = 0;
809 if (ni->ni_vlan != 0) {
810 if ((m->m_flags & M_VLANTAG) == 0) {
811 IEEE80211_NODE_STAT(ni, tx_novlantag);
812 return 1;
813 }
814 if (EVL_VLANOFTAG(m->m_pkthdr.ether_vtag) !=
815 EVL_VLANOFTAG(ni->ni_vlan)) {
816 IEEE80211_NODE_STAT(ni, tx_vlanmismatch);
817 return 1;
818 }
819 /* map vlan priority to AC */
820 v_wme_ac = TID_TO_WME_AC(EVL_PRIOFTAG(ni->ni_vlan));
821 }
822
823 /* XXX m_copydata may be too slow for fast path */
824 #ifdef INET
825 if (eh->ether_type == htons(ETHERTYPE_IP)) {
826 uint8_t tos;
827 /*
828 * IP frame, map the DSCP bits from the TOS field.
829 */
830 /* NB: ip header may not be in first mbuf */
831 m_copydata(m, sizeof(struct ether_header) +
832 offsetof(struct ip, ip_tos), sizeof(tos), &tos);
833 tos >>= 5; /* NB: ECN + low 3 bits of DSCP */
834 d_wme_ac = TID_TO_WME_AC(tos);
835 } else {
836 #endif /* INET */
837 #ifdef INET6
838 if (eh->ether_type == htons(ETHERTYPE_IPV6)) {
839 uint32_t flow;
840 uint8_t tos;
841 /*
842 * IPv6 frame, map the DSCP bits from the TOS field.
843 */
844 m_copydata(m, sizeof(struct ether_header) +
845 offsetof(struct ip6_hdr, ip6_flow), sizeof(flow),
846 (caddr_t) &flow);
847 tos = (uint8_t)(ntohl(flow) >> 20);
848 tos >>= 5; /* NB: ECN + low 3 bits of DSCP */
849 d_wme_ac = TID_TO_WME_AC(tos);
850 } else {
851 #endif /* INET6 */
852 d_wme_ac = WME_AC_BE;
853 #ifdef INET6
854 }
855 #endif
856 #ifdef INET
857 }
858 #endif
859 /*
860 * Use highest priority AC.
861 */
862 if (v_wme_ac > d_wme_ac)
863 ac = v_wme_ac;
864 else
865 ac = d_wme_ac;
866
867 /*
868 * Apply ACM policy.
869 */
870 if (ni->ni_vap->iv_opmode == IEEE80211_M_STA) {
871 static const int acmap[4] = {
872 WME_AC_BK, /* WME_AC_BE */
873 WME_AC_BK, /* WME_AC_BK */
874 WME_AC_BE, /* WME_AC_VI */
875 WME_AC_VI, /* WME_AC_VO */
876 };
877 struct ieee80211com *ic = ni->ni_ic;
878
879 while (ac != WME_AC_BK &&
880 ic->ic_wme.wme_wmeBssChanParams.cap_wmeParams[ac].wmep_acm)
881 ac = acmap[ac];
882 }
883 done:
884 M_WME_SETAC(m, ac);
885 return 0;
886 }
887
888 /*
889 * Insure there is sufficient contiguous space to encapsulate the
890 * 802.11 data frame. If room isn't already there, arrange for it.
891 * Drivers and cipher modules assume we have done the necessary work
892 * and fail rudely if they don't find the space they need.
893 */
894 struct mbuf *
895 ieee80211_mbuf_adjust(struct ieee80211vap *vap, int hdrsize,
896 struct ieee80211_key *key, struct mbuf *m)
897 {
898 #define TO_BE_RECLAIMED (sizeof(struct ether_header) - sizeof(struct llc))
899 int needed_space = vap->iv_ic->ic_headroom + hdrsize;
900
901 if (key != NULL) {
902 /* XXX belongs in crypto code? */
903 needed_space += key->wk_cipher->ic_header;
904 /* XXX frags */
905 /*
906 * When crypto is being done in the host we must insure
907 * the data are writable for the cipher routines; clone
908 * a writable mbuf chain.
909 * XXX handle SWMIC specially
910 */
911 if (key->wk_flags & (IEEE80211_KEY_SWENCRYPT|IEEE80211_KEY_SWENMIC)) {
912 m = m_unshare(m, M_NOWAIT);
913 if (m == NULL) {
914 IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT,
915 "%s: cannot get writable mbuf\n", __func__);
916 vap->iv_stats.is_tx_nobuf++; /* XXX new stat */
917 return NULL;
918 }
919 }
920 }
921 /*
922 * We know we are called just before stripping an Ethernet
923 * header and prepending an LLC header. This means we know
924 * there will be
925 * sizeof(struct ether_header) - sizeof(struct llc)
926 * bytes recovered to which we need additional space for the
927 * 802.11 header and any crypto header.
928 */
929 /* XXX check trailing space and copy instead? */
930 if (M_LEADINGSPACE(m) < needed_space - TO_BE_RECLAIMED) {
931 struct mbuf *n = m_gethdr(M_NOWAIT, m->m_type);
932 if (n == NULL) {
933 IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT,
934 "%s: cannot expand storage\n", __func__);
935 vap->iv_stats.is_tx_nobuf++;
936 m_freem(m);
937 return NULL;
938 }
939 KASSERT(needed_space <= MHLEN,
940 ("not enough room, need %u got %zu\n", needed_space, MHLEN));
941 /*
942 * Setup new mbuf to have leading space to prepend the
943 * 802.11 header and any crypto header bits that are
944 * required (the latter are added when the driver calls
945 * back to ieee80211_crypto_encap to do crypto encapsulation).
946 */
947 /* NB: must be first 'cuz it clobbers m_data */
948 m_move_pkthdr(n, m);
949 n->m_len = 0; /* NB: m_gethdr does not set */
950 n->m_data += needed_space;
951 /*
952 * Pull up Ethernet header to create the expected layout.
953 * We could use m_pullup but that's overkill (i.e. we don't
954 * need the actual data) and it cannot fail so do it inline
955 * for speed.
956 */
957 /* NB: struct ether_header is known to be contiguous */
958 n->m_len += sizeof(struct ether_header);
959 m->m_len -= sizeof(struct ether_header);
960 m->m_data += sizeof(struct ether_header);
961 /*
962 * Replace the head of the chain.
963 */
964 n->m_next = m;
965 m = n;
966 }
967 return m;
968 #undef TO_BE_RECLAIMED
969 }
970
971 /*
972 * Return the transmit key to use in sending a unicast frame.
973 * If a unicast key is set we use that. When no unicast key is set
974 * we fall back to the default transmit key.
975 */
976 static __inline struct ieee80211_key *
977 ieee80211_crypto_getucastkey(struct ieee80211vap *vap,
978 struct ieee80211_node *ni)
979 {
980 if (IEEE80211_KEY_UNDEFINED(&ni->ni_ucastkey)) {
981 if (vap->iv_def_txkey == IEEE80211_KEYIX_NONE ||
982 IEEE80211_KEY_UNDEFINED(&vap->iv_nw_keys[vap->iv_def_txkey]))
983 return NULL;
984 return &vap->iv_nw_keys[vap->iv_def_txkey];
985 } else {
986 return &ni->ni_ucastkey;
987 }
988 }
989
990 /*
991 * Return the transmit key to use in sending a multicast frame.
992 * Multicast traffic always uses the group key which is installed as
993 * the default tx key.
994 */
995 static __inline struct ieee80211_key *
996 ieee80211_crypto_getmcastkey(struct ieee80211vap *vap,
997 struct ieee80211_node *ni)
998 {
999 if (vap->iv_def_txkey == IEEE80211_KEYIX_NONE ||
1000 IEEE80211_KEY_UNDEFINED(&vap->iv_nw_keys[vap->iv_def_txkey]))
1001 return NULL;
1002 return &vap->iv_nw_keys[vap->iv_def_txkey];
1003 }
1004
1005 /*
1006 * Encapsulate an outbound data frame. The mbuf chain is updated.
1007 * If an error is encountered NULL is returned. The caller is required
1008 * to provide a node reference and pullup the ethernet header in the
1009 * first mbuf.
1010 *
1011 * NB: Packet is assumed to be processed by ieee80211_classify which
1012 * marked EAPOL frames w/ M_EAPOL.
1013 */
1014 struct mbuf *
1015 ieee80211_encap(struct ieee80211vap *vap, struct ieee80211_node *ni,
1016 struct mbuf *m)
1017 {
1018 #define WH4(wh) ((struct ieee80211_frame_addr4 *)(wh))
1019 struct ieee80211com *ic = ni->ni_ic;
1020 #ifdef IEEE80211_SUPPORT_MESH
1021 struct ieee80211_mesh_state *ms = vap->iv_mesh;
1022 struct ieee80211_meshcntl_ae10 *mc;
1023 #endif
1024 struct ether_header eh;
1025 struct ieee80211_frame *wh;
1026 struct ieee80211_key *key;
1027 struct llc *llc;
1028 int hdrsize, hdrspace, datalen, addqos, txfrag, is4addr;
1029 ieee80211_seq seqno;
1030 int meshhdrsize, meshae;
1031 uint8_t *qos;
1032
1033 /*
1034 * Copy existing Ethernet header to a safe place. The
1035 * rest of the code assumes it's ok to strip it when
1036 * reorganizing state for the final encapsulation.
1037 */
1038 KASSERT(m->m_len >= sizeof(eh), ("no ethernet header!"));
1039 ETHER_HEADER_COPY(&eh, mtod(m, caddr_t));
1040
1041 /*
1042 * Insure space for additional headers. First identify
1043 * transmit key to use in calculating any buffer adjustments
1044 * required. This is also used below to do privacy
1045 * encapsulation work. Then calculate the 802.11 header
1046 * size and any padding required by the driver.
1047 *
1048 * Note key may be NULL if we fall back to the default
1049 * transmit key and that is not set. In that case the
1050 * buffer may not be expanded as needed by the cipher
1051 * routines, but they will/should discard it.
1052 */
1053 if (vap->iv_flags & IEEE80211_F_PRIVACY) {
1054 if (vap->iv_opmode == IEEE80211_M_STA ||
1055 !IEEE80211_IS_MULTICAST(eh.ether_dhost) ||
1056 (vap->iv_opmode == IEEE80211_M_WDS &&
1057 (vap->iv_flags_ext & IEEE80211_FEXT_WDSLEGACY)))
1058 key = ieee80211_crypto_getucastkey(vap, ni);
1059 else
1060 key = ieee80211_crypto_getmcastkey(vap, ni);
1061 if (key == NULL && (m->m_flags & M_EAPOL) == 0) {
1062 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_CRYPTO,
1063 eh.ether_dhost,
1064 "no default transmit key (%s) deftxkey %u",
1065 __func__, vap->iv_def_txkey);
1066 vap->iv_stats.is_tx_nodefkey++;
1067 goto bad;
1068 }
1069 } else
1070 key = NULL;
1071 /*
1072 * XXX Some ap's don't handle QoS-encapsulated EAPOL
1073 * frames so suppress use. This may be an issue if other
1074 * ap's require all data frames to be QoS-encapsulated
1075 * once negotiated in which case we'll need to make this
1076 * configurable.
1077 */
1078 addqos = (ni->ni_flags & (IEEE80211_NODE_QOS|IEEE80211_NODE_HT)) &&
1079 (m->m_flags & M_EAPOL) == 0;
1080 if (addqos)
1081 hdrsize = sizeof(struct ieee80211_qosframe);
1082 else
1083 hdrsize = sizeof(struct ieee80211_frame);
1084 #ifdef IEEE80211_SUPPORT_MESH
1085 if (vap->iv_opmode == IEEE80211_M_MBSS) {
1086 /*
1087 * Mesh data frames are encapsulated according to the
1088 * rules of Section 11B.8.5 (p.139 of D3.0 spec).
1089 * o Group Addressed data (aka multicast) originating
1090 * at the local sta are sent w/ 3-address format and
1091 * address extension mode 00
1092 * o Individually Addressed data (aka unicast) originating
1093 * at the local sta are sent w/ 4-address format and
1094 * address extension mode 00
1095 * o Group Addressed data forwarded from a non-mesh sta are
1096 * sent w/ 3-address format and address extension mode 01
1097 * o Individually Address data from another sta are sent
1098 * w/ 4-address format and address extension mode 10
1099 */
1100 is4addr = 0; /* NB: don't use, disable */
1101 if (!IEEE80211_IS_MULTICAST(eh.ether_dhost))
1102 hdrsize += IEEE80211_ADDR_LEN; /* unicast are 4-addr */
1103 meshhdrsize = sizeof(struct ieee80211_meshcntl);
1104 /* XXX defines for AE modes */
1105 if (IEEE80211_ADDR_EQ(eh.ether_shost, vap->iv_myaddr)) {
1106 if (!IEEE80211_IS_MULTICAST(eh.ether_dhost))
1107 meshae = 0;
1108 else
1109 meshae = 4; /* NB: pseudo */
1110 } else if (IEEE80211_IS_MULTICAST(eh.ether_dhost)) {
1111 meshae = 1;
1112 meshhdrsize += 1*IEEE80211_ADDR_LEN;
1113 } else {
1114 meshae = 2;
1115 meshhdrsize += 2*IEEE80211_ADDR_LEN;
1116 }
1117 } else {
1118 #endif
1119 /*
1120 * 4-address frames need to be generated for:
1121 * o packets sent through a WDS vap (IEEE80211_M_WDS)
1122 * o packets sent through a vap marked for relaying
1123 * (e.g. a station operating with dynamic WDS)
1124 */
1125 is4addr = vap->iv_opmode == IEEE80211_M_WDS ||
1126 ((vap->iv_flags_ext & IEEE80211_FEXT_4ADDR) &&
1127 !IEEE80211_ADDR_EQ(eh.ether_shost, vap->iv_myaddr));
1128 if (is4addr)
1129 hdrsize += IEEE80211_ADDR_LEN;
1130 meshhdrsize = meshae = 0;
1131 #ifdef IEEE80211_SUPPORT_MESH
1132 }
1133 #endif
1134 /*
1135 * Honor driver DATAPAD requirement.
1136 */
1137 if (ic->ic_flags & IEEE80211_F_DATAPAD)
1138 hdrspace = roundup(hdrsize, sizeof(uint32_t));
1139 else
1140 hdrspace = hdrsize;
1141
1142 if (__predict_true((m->m_flags & M_FF) == 0)) {
1143 /*
1144 * Normal frame.
1145 */
1146 m = ieee80211_mbuf_adjust(vap, hdrspace + meshhdrsize, key, m);
1147 if (m == NULL) {
1148 /* NB: ieee80211_mbuf_adjust handles msgs+statistics */
1149 goto bad;
1150 }
1151 /* NB: this could be optimized 'cuz of ieee80211_mbuf_adjust */
1152 m_adj(m, sizeof(struct ether_header) - sizeof(struct llc));
1153 llc = mtod(m, struct llc *);
1154 llc->llc_dsap = llc->llc_ssap = LLC_SNAP_LSAP;
1155 llc->llc_control = LLC_UI;
1156 llc->llc_snap.org_code[0] = 0;
1157 llc->llc_snap.org_code[1] = 0;
1158 llc->llc_snap.org_code[2] = 0;
1159 llc->llc_snap.ether_type = eh.ether_type;
1160 } else {
1161 #ifdef IEEE80211_SUPPORT_SUPERG
1162 /*
1163 * Aggregated frame.
1164 */
1165 m = ieee80211_ff_encap(vap, m, hdrspace + meshhdrsize, key);
1166 if (m == NULL)
1167 #endif
1168 goto bad;
1169 }
1170 datalen = m->m_pkthdr.len; /* NB: w/o 802.11 header */
1171
1172 M_PREPEND(m, hdrspace + meshhdrsize, M_DONTWAIT);
1173 if (m == NULL) {
1174 vap->iv_stats.is_tx_nobuf++;
1175 goto bad;
1176 }
1177 wh = mtod(m, struct ieee80211_frame *);
1178 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_DATA;
1179 *(uint16_t *)wh->i_dur = 0;
1180 qos = NULL; /* NB: quiet compiler */
1181 if (is4addr) {
1182 wh->i_fc[1] = IEEE80211_FC1_DIR_DSTODS;
1183 IEEE80211_ADDR_COPY(wh->i_addr1, ni->ni_macaddr);
1184 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr);
1185 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_dhost);
1186 IEEE80211_ADDR_COPY(WH4(wh)->i_addr4, eh.ether_shost);
1187 } else switch (vap->iv_opmode) {
1188 case IEEE80211_M_STA:
1189 wh->i_fc[1] = IEEE80211_FC1_DIR_TODS;
1190 IEEE80211_ADDR_COPY(wh->i_addr1, ni->ni_bssid);
1191 IEEE80211_ADDR_COPY(wh->i_addr2, eh.ether_shost);
1192 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_dhost);
1193 break;
1194 case IEEE80211_M_IBSS:
1195 case IEEE80211_M_AHDEMO:
1196 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS;
1197 IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost);
1198 IEEE80211_ADDR_COPY(wh->i_addr2, eh.ether_shost);
1199 /*
1200 * NB: always use the bssid from iv_bss as the
1201 * neighbor's may be stale after an ibss merge
1202 */
1203 IEEE80211_ADDR_COPY(wh->i_addr3, vap->iv_bss->ni_bssid);
1204 break;
1205 case IEEE80211_M_HOSTAP:
1206 wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS;
1207 IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost);
1208 IEEE80211_ADDR_COPY(wh->i_addr2, ni->ni_bssid);
1209 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_shost);
1210 break;
1211 #ifdef IEEE80211_SUPPORT_MESH
1212 case IEEE80211_M_MBSS:
1213 /* NB: offset by hdrspace to deal with DATAPAD */
1214 mc = (struct ieee80211_meshcntl_ae10 *)
1215 (mtod(m, uint8_t *) + hdrspace);
1216 switch (meshae) {
1217 case 0: /* ucast, no proxy */
1218 wh->i_fc[1] = IEEE80211_FC1_DIR_DSTODS;
1219 IEEE80211_ADDR_COPY(wh->i_addr1, ni->ni_macaddr);
1220 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr);
1221 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_dhost);
1222 IEEE80211_ADDR_COPY(WH4(wh)->i_addr4, eh.ether_shost);
1223 mc->mc_flags = 0;
1224 qos = ((struct ieee80211_qosframe_addr4 *) wh)->i_qos;
1225 break;
1226 case 4: /* mcast, no proxy */
1227 wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS;
1228 IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost);
1229 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr);
1230 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_shost);
1231 mc->mc_flags = 0; /* NB: AE is really 0 */
1232 qos = ((struct ieee80211_qosframe *) wh)->i_qos;
1233 break;
1234 case 1: /* mcast, proxy */
1235 wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS;
1236 IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost);
1237 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr);
1238 IEEE80211_ADDR_COPY(wh->i_addr3, vap->iv_myaddr);
1239 mc->mc_flags = 1;
1240 IEEE80211_ADDR_COPY(mc->mc_addr4, eh.ether_shost);
1241 qos = ((struct ieee80211_qosframe *) wh)->i_qos;
1242 break;
1243 case 2: /* ucast, proxy */
1244 wh->i_fc[1] = IEEE80211_FC1_DIR_DSTODS;
1245 IEEE80211_ADDR_COPY(wh->i_addr1, ni->ni_macaddr);
1246 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr);
1247 /* XXX not right, need MeshDA */
1248 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_dhost);
1249 /* XXX assume are MeshSA */
1250 IEEE80211_ADDR_COPY(WH4(wh)->i_addr4, vap->iv_myaddr);
1251 mc->mc_flags = 2;
1252 IEEE80211_ADDR_COPY(mc->mc_addr4, eh.ether_dhost);
1253 IEEE80211_ADDR_COPY(mc->mc_addr5, eh.ether_shost);
1254 qos = ((struct ieee80211_qosframe_addr4 *) wh)->i_qos;
1255 break;
1256 default:
1257 KASSERT(0, ("meshae %d", meshae));
1258 break;
1259 }
1260 mc->mc_ttl = ms->ms_ttl;
1261 ms->ms_seq++;
1262 LE_WRITE_4(mc->mc_seq, ms->ms_seq);
1263 break;
1264 #endif
1265 case IEEE80211_M_WDS: /* NB: is4addr should always be true */
1266 default:
1267 goto bad;
1268 }
1269 if (m->m_flags & M_MORE_DATA)
1270 wh->i_fc[1] |= IEEE80211_FC1_MORE_DATA;
1271 if (addqos) {
1272 int ac, tid;
1273
1274 if (is4addr) {
1275 qos = ((struct ieee80211_qosframe_addr4 *) wh)->i_qos;
1276 /* NB: mesh case handled earlier */
1277 } else if (vap->iv_opmode != IEEE80211_M_MBSS)
1278 qos = ((struct ieee80211_qosframe *) wh)->i_qos;
1279 ac = M_WME_GETAC(m);
1280 /* map from access class/queue to 11e header priorty value */
1281 tid = WME_AC_TO_TID(ac);
1282 qos[0] = tid & IEEE80211_QOS_TID;
1283 if (ic->ic_wme.wme_wmeChanParams.cap_wmeParams[ac].wmep_noackPolicy)
1284 qos[0] |= IEEE80211_QOS_ACKPOLICY_NOACK;
1285 qos[1] = 0;
1286 wh->i_fc[0] |= IEEE80211_FC0_SUBTYPE_QOS;
1287
1288 if ((m->m_flags & M_AMPDU_MPDU) == 0) {
1289 /*
1290 * NB: don't assign a sequence # to potential
1291 * aggregates; we expect this happens at the
1292 * point the frame comes off any aggregation q
1293 * as otherwise we may introduce holes in the
1294 * BA sequence space and/or make window accouting
1295 * more difficult.
1296 *
1297 * XXX may want to control this with a driver
1298 * capability; this may also change when we pull
1299 * aggregation up into net80211
1300 */
1301 seqno = ni->ni_txseqs[tid]++;
1302 *(uint16_t *)wh->i_seq =
1303 htole16(seqno << IEEE80211_SEQ_SEQ_SHIFT);
1304 M_SEQNO_SET(m, seqno);
1305 }
1306 } else {
1307 seqno = ni->ni_txseqs[IEEE80211_NONQOS_TID]++;
1308 *(uint16_t *)wh->i_seq =
1309 htole16(seqno << IEEE80211_SEQ_SEQ_SHIFT);
1310 M_SEQNO_SET(m, seqno);
1311 }
1312
1313
1314 /* check if xmit fragmentation is required */
1315 txfrag = (m->m_pkthdr.len > vap->iv_fragthreshold &&
1316 !IEEE80211_IS_MULTICAST(wh->i_addr1) &&
1317 (vap->iv_caps & IEEE80211_C_TXFRAG) &&
1318 (m->m_flags & (M_FF | M_AMPDU_MPDU)) == 0);
1319 if (key != NULL) {
1320 /*
1321 * IEEE 802.1X: send EAPOL frames always in the clear.
1322 * WPA/WPA2: encrypt EAPOL keys when pairwise keys are set.
1323 */
1324 if ((m->m_flags & M_EAPOL) == 0 ||
1325 ((vap->iv_flags & IEEE80211_F_WPA) &&
1326 (vap->iv_opmode == IEEE80211_M_STA ?
1327 !IEEE80211_KEY_UNDEFINED(key) :
1328 !IEEE80211_KEY_UNDEFINED(&ni->ni_ucastkey)))) {
1329 wh->i_fc[1] |= IEEE80211_FC1_WEP;
1330 if (!ieee80211_crypto_enmic(vap, key, m, txfrag)) {
1331 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_OUTPUT,
1332 eh.ether_dhost,
1333 "%s", "enmic failed, discard frame");
1334 vap->iv_stats.is_crypto_enmicfail++;
1335 goto bad;
1336 }
1337 }
1338 }
1339 if (txfrag && !ieee80211_fragment(vap, m, hdrsize,
1340 key != NULL ? key->wk_cipher->ic_header : 0, vap->iv_fragthreshold))
1341 goto bad;
1342
1343 m->m_flags |= M_ENCAP; /* mark encapsulated */
1344
1345 IEEE80211_NODE_STAT(ni, tx_data);
1346 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) {
1347 IEEE80211_NODE_STAT(ni, tx_mcast);
1348 m->m_flags |= M_MCAST;
1349 } else
1350 IEEE80211_NODE_STAT(ni, tx_ucast);
1351 IEEE80211_NODE_STAT_ADD(ni, tx_bytes, datalen);
1352
1353 return m;
1354 bad:
1355 if (m != NULL)
1356 m_freem(m);
1357 return NULL;
1358 #undef WH4
1359 }
1360
1361 /*
1362 * Fragment the frame according to the specified mtu.
1363 * The size of the 802.11 header (w/o padding) is provided
1364 * so we don't need to recalculate it. We create a new
1365 * mbuf for each fragment and chain it through m_nextpkt;
1366 * we might be able to optimize this by reusing the original
1367 * packet's mbufs but that is significantly more complicated.
1368 */
1369 static int
1370 ieee80211_fragment(struct ieee80211vap *vap, struct mbuf *m0,
1371 u_int hdrsize, u_int ciphdrsize, u_int mtu)
1372 {
1373 struct ieee80211_frame *wh, *whf;
1374 struct mbuf *m, *prev, *next;
1375 u_int totalhdrsize, fragno, fragsize, off, remainder, payload;
1376
1377 KASSERT(m0->m_nextpkt == NULL, ("mbuf already chained?"));
1378 KASSERT(m0->m_pkthdr.len > mtu,
1379 ("pktlen %u mtu %u", m0->m_pkthdr.len, mtu));
1380
1381 wh = mtod(m0, struct ieee80211_frame *);
1382 /* NB: mark the first frag; it will be propagated below */
1383 wh->i_fc[1] |= IEEE80211_FC1_MORE_FRAG;
1384 totalhdrsize = hdrsize + ciphdrsize;
1385 fragno = 1;
1386 off = mtu - ciphdrsize;
1387 remainder = m0->m_pkthdr.len - off;
1388 prev = m0;
1389 do {
1390 fragsize = totalhdrsize + remainder;
1391 if (fragsize > mtu)
1392 fragsize = mtu;
1393 /* XXX fragsize can be >2048! */
1394 KASSERT(fragsize < MCLBYTES,
1395 ("fragment size %u too big!", fragsize));
1396 if (fragsize > MHLEN)
1397 m = m_getcl(M_DONTWAIT, MT_DATA, M_PKTHDR);
1398 else
1399 m = m_gethdr(M_DONTWAIT, MT_DATA);
1400 if (m == NULL)
1401 goto bad;
1402 /* leave room to prepend any cipher header */
1403 m_align(m, fragsize - ciphdrsize);
1404
1405 /*
1406 * Form the header in the fragment. Note that since
1407 * we mark the first fragment with the MORE_FRAG bit
1408 * it automatically is propagated to each fragment; we
1409 * need only clear it on the last fragment (done below).
1410 */
1411 whf = mtod(m, struct ieee80211_frame *);
1412 memcpy(whf, wh, hdrsize);
1413 *(uint16_t *)&whf->i_seq[0] |= htole16(
1414 (fragno & IEEE80211_SEQ_FRAG_MASK) <<
1415 IEEE80211_SEQ_FRAG_SHIFT);
1416 fragno++;
1417
1418 payload = fragsize - totalhdrsize;
1419 /* NB: destination is known to be contiguous */
1420 m_copydata(m0, off, payload, mtod(m, uint8_t *) + hdrsize);
1421 m->m_len = hdrsize + payload;
1422 m->m_pkthdr.len = hdrsize + payload;
1423 m->m_flags |= M_FRAG;
1424
1425 /* chain up the fragment */
1426 prev->m_nextpkt = m;
1427 prev = m;
1428
1429 /* deduct fragment just formed */
1430 remainder -= payload;
1431 off += payload;
1432 } while (remainder != 0);
1433
1434 /* set the last fragment */
1435 m->m_flags |= M_LASTFRAG;
1436 whf->i_fc[1] &= ~IEEE80211_FC1_MORE_FRAG;
1437
1438 /* strip first mbuf now that everything has been copied */
1439 m_adj(m0, -(m0->m_pkthdr.len - (mtu - ciphdrsize)));
1440 m0->m_flags |= M_FIRSTFRAG | M_FRAG;
1441
1442 vap->iv_stats.is_tx_fragframes++;
1443 vap->iv_stats.is_tx_frags += fragno-1;
1444
1445 return 1;
1446 bad:
1447 /* reclaim fragments but leave original frame for caller to free */
1448 for (m = m0->m_nextpkt; m != NULL; m = next) {
1449 next = m->m_nextpkt;
1450 m->m_nextpkt = NULL; /* XXX paranoid */
1451 m_freem(m);
1452 }
1453 m0->m_nextpkt = NULL;
1454 return 0;
1455 }
1456
1457 /*
1458 * Add a supported rates element id to a frame.
1459 */
1460 uint8_t *
1461 ieee80211_add_rates(uint8_t *frm, const struct ieee80211_rateset *rs)
1462 {
1463 int nrates;
1464
1465 *frm++ = IEEE80211_ELEMID_RATES;
1466 nrates = rs->rs_nrates;
1467 if (nrates > IEEE80211_RATE_SIZE)
1468 nrates = IEEE80211_RATE_SIZE;
1469 *frm++ = nrates;
1470 memcpy(frm, rs->rs_rates, nrates);
1471 return frm + nrates;
1472 }
1473
1474 /*
1475 * Add an extended supported rates element id to a frame.
1476 */
1477 uint8_t *
1478 ieee80211_add_xrates(uint8_t *frm, const struct ieee80211_rateset *rs)
1479 {
1480 /*
1481 * Add an extended supported rates element if operating in 11g mode.
1482 */
1483 if (rs->rs_nrates > IEEE80211_RATE_SIZE) {
1484 int nrates = rs->rs_nrates - IEEE80211_RATE_SIZE;
1485 *frm++ = IEEE80211_ELEMID_XRATES;
1486 *frm++ = nrates;
1487 memcpy(frm, rs->rs_rates + IEEE80211_RATE_SIZE, nrates);
1488 frm += nrates;
1489 }
1490 return frm;
1491 }
1492
1493 /*
1494 * Add an ssid element to a frame.
1495 */
1496 static uint8_t *
1497 ieee80211_add_ssid(uint8_t *frm, const uint8_t *ssid, u_int len)
1498 {
1499 *frm++ = IEEE80211_ELEMID_SSID;
1500 *frm++ = len;
1501 memcpy(frm, ssid, len);
1502 return frm + len;
1503 }
1504
1505 /*
1506 * Add an erp element to a frame.
1507 */
1508 static uint8_t *
1509 ieee80211_add_erp(uint8_t *frm, struct ieee80211com *ic)
1510 {
1511 uint8_t erp;
1512
1513 *frm++ = IEEE80211_ELEMID_ERP;
1514 *frm++ = 1;
1515 erp = 0;
1516 if (ic->ic_nonerpsta != 0)
1517 erp |= IEEE80211_ERP_NON_ERP_PRESENT;
1518 if (ic->ic_flags & IEEE80211_F_USEPROT)
1519 erp |= IEEE80211_ERP_USE_PROTECTION;
1520 if (ic->ic_flags & IEEE80211_F_USEBARKER)
1521 erp |= IEEE80211_ERP_LONG_PREAMBLE;
1522 *frm++ = erp;
1523 return frm;
1524 }
1525
1526 /*
1527 * Add a CFParams element to a frame.
1528 */
1529 static uint8_t *
1530 ieee80211_add_cfparms(uint8_t *frm, struct ieee80211com *ic)
1531 {
1532 #define ADDSHORT(frm, v) do { \
1533 LE_WRITE_2(frm, v); \
1534 frm += 2; \
1535 } while (0)
1536 *frm++ = IEEE80211_ELEMID_CFPARMS;
1537 *frm++ = 6;
1538 *frm++ = 0; /* CFP count */
1539 *frm++ = 2; /* CFP period */
1540 ADDSHORT(frm, 0); /* CFP MaxDuration (TU) */
1541 ADDSHORT(frm, 0); /* CFP CurRemaining (TU) */
1542 return frm;
1543 #undef ADDSHORT
1544 }
1545
1546 static __inline uint8_t *
1547 add_appie(uint8_t *frm, const struct ieee80211_appie *ie)
1548 {
1549 memcpy(frm, ie->ie_data, ie->ie_len);
1550 return frm + ie->ie_len;
1551 }
1552
1553 static __inline uint8_t *
1554 add_ie(uint8_t *frm, const uint8_t *ie)
1555 {
1556 memcpy(frm, ie, 2 + ie[1]);
1557 return frm + 2 + ie[1];
1558 }
1559
1560 #define WME_OUI_BYTES 0x00, 0x50, 0xf2
1561 /*
1562 * Add a WME information element to a frame.
1563 */
1564 static uint8_t *
1565 ieee80211_add_wme_info(uint8_t *frm, struct ieee80211_wme_state *wme)
1566 {
1567 static const struct ieee80211_wme_info info = {
1568 .wme_id = IEEE80211_ELEMID_VENDOR,
1569 .wme_len = sizeof(struct ieee80211_wme_info) - 2,
1570 .wme_oui = { WME_OUI_BYTES },
1571 .wme_type = WME_OUI_TYPE,
1572 .wme_subtype = WME_INFO_OUI_SUBTYPE,
1573 .wme_version = WME_VERSION,
1574 .wme_info = 0,
1575 };
1576 memcpy(frm, &info, sizeof(info));
1577 return frm + sizeof(info);
1578 }
1579
1580 /*
1581 * Add a WME parameters element to a frame.
1582 */
1583 static uint8_t *
1584 ieee80211_add_wme_param(uint8_t *frm, struct ieee80211_wme_state *wme)
1585 {
1586 #define SM(_v, _f) (((_v) << _f##_S) & _f)
1587 #define ADDSHORT(frm, v) do { \
1588 LE_WRITE_2(frm, v); \
1589 frm += 2; \
1590 } while (0)
1591 /* NB: this works 'cuz a param has an info at the front */
1592 static const struct ieee80211_wme_info param = {
1593 .wme_id = IEEE80211_ELEMID_VENDOR,
1594 .wme_len = sizeof(struct ieee80211_wme_param) - 2,
1595 .wme_oui = { WME_OUI_BYTES },
1596 .wme_type = WME_OUI_TYPE,
1597 .wme_subtype = WME_PARAM_OUI_SUBTYPE,
1598 .wme_version = WME_VERSION,
1599 };
1600 int i;
1601
1602 memcpy(frm, &param, sizeof(param));
1603 frm += __offsetof(struct ieee80211_wme_info, wme_info);
1604 *frm++ = wme->wme_bssChanParams.cap_info; /* AC info */
1605 *frm++ = 0; /* reserved field */
1606 for (i = 0; i < WME_NUM_AC; i++) {
1607 const struct wmeParams *ac =
1608 &wme->wme_bssChanParams.cap_wmeParams[i];
1609 *frm++ = SM(i, WME_PARAM_ACI)
1610 | SM(ac->wmep_acm, WME_PARAM_ACM)
1611 | SM(ac->wmep_aifsn, WME_PARAM_AIFSN)
1612 ;
1613 *frm++ = SM(ac->wmep_logcwmax, WME_PARAM_LOGCWMAX)
1614 | SM(ac->wmep_logcwmin, WME_PARAM_LOGCWMIN)
1615 ;
1616 ADDSHORT(frm, ac->wmep_txopLimit);
1617 }
1618 return frm;
1619 #undef SM
1620 #undef ADDSHORT
1621 }
1622 #undef WME_OUI_BYTES
1623
1624 /*
1625 * Add an 11h Power Constraint element to a frame.
1626 */
1627 static uint8_t *
1628 ieee80211_add_powerconstraint(uint8_t *frm, struct ieee80211vap *vap)
1629 {
1630 const struct ieee80211_channel *c = vap->iv_bss->ni_chan;
1631 /* XXX per-vap tx power limit? */
1632 int8_t limit = vap->iv_ic->ic_txpowlimit / 2;
1633
1634 frm[0] = IEEE80211_ELEMID_PWRCNSTR;
1635 frm[1] = 1;
1636 frm[2] = c->ic_maxregpower > limit ? c->ic_maxregpower - limit : 0;
1637 return frm + 3;
1638 }
1639
1640 /*
1641 * Add an 11h Power Capability element to a frame.
1642 */
1643 static uint8_t *
1644 ieee80211_add_powercapability(uint8_t *frm, const struct ieee80211_channel *c)
1645 {
1646 frm[0] = IEEE80211_ELEMID_PWRCAP;
1647 frm[1] = 2;
1648 frm[2] = c->ic_minpower;
1649 frm[3] = c->ic_maxpower;
1650 return frm + 4;
1651 }
1652
1653 /*
1654 * Add an 11h Supported Channels element to a frame.
1655 */
1656 static uint8_t *
1657 ieee80211_add_supportedchannels(uint8_t *frm, struct ieee80211com *ic)
1658 {
1659 static const int ielen = 26;
1660
1661 frm[0] = IEEE80211_ELEMID_SUPPCHAN;
1662 frm[1] = ielen;
1663 /* XXX not correct */
1664 memcpy(frm+2, ic->ic_chan_avail, ielen);
1665 return frm + 2 + ielen;
1666 }
1667
1668 /*
1669 * Add an 11h Channel Switch Announcement element to a frame.
1670 * Note that we use the per-vap CSA count to adjust the global
1671 * counter so we can use this routine to form probe response
1672 * frames and get the current count.
1673 */
1674 static uint8_t *
1675 ieee80211_add_csa(uint8_t *frm, struct ieee80211vap *vap)
1676 {
1677 struct ieee80211com *ic = vap->iv_ic;
1678 struct ieee80211_csa_ie *csa = (struct ieee80211_csa_ie *) frm;
1679
1680 csa->csa_ie = IEEE80211_ELEMID_CSA;
1681 csa->csa_len = 3;
1682 csa->csa_mode = 1; /* XXX force quiet on channel */
1683 csa->csa_newchan = ieee80211_chan2ieee(ic, ic->ic_csa_newchan);
1684 csa->csa_count = ic->ic_csa_count - vap->iv_csa_count;
1685 return frm + sizeof(*csa);
1686 }
1687
1688 /*
1689 * Add an 11h country information element to a frame.
1690 */
1691 static uint8_t *
1692 ieee80211_add_countryie(uint8_t *frm, struct ieee80211com *ic)
1693 {
1694
1695 if (ic->ic_countryie == NULL ||
1696 ic->ic_countryie_chan != ic->ic_bsschan) {
1697 /*
1698 * Handle lazy construction of ie. This is done on
1699 * first use and after a channel change that requires
1700 * re-calculation.
1701 */
1702 if (ic->ic_countryie != NULL)
1703 free(ic->ic_countryie, M_80211_NODE_IE);
1704 ic->ic_countryie = ieee80211_alloc_countryie(ic);
1705 if (ic->ic_countryie == NULL)
1706 return frm;
1707 ic->ic_countryie_chan = ic->ic_bsschan;
1708 }
1709 return add_appie(frm, ic->ic_countryie);
1710 }
1711
1712 /*
1713 * Send a probe request frame with the specified ssid
1714 * and any optional information element data.
1715 */
1716 int
1717 ieee80211_send_probereq(struct ieee80211_node *ni,
1718 const uint8_t sa[IEEE80211_ADDR_LEN],
1719 const uint8_t da[IEEE80211_ADDR_LEN],
1720 const uint8_t bssid[IEEE80211_ADDR_LEN],
1721 const uint8_t *ssid, size_t ssidlen)
1722 {
1723 struct ieee80211vap *vap = ni->ni_vap;
1724 struct ieee80211com *ic = ni->ni_ic;
1725 const struct ieee80211_txparam *tp;
1726 struct ieee80211_bpf_params params;
1727 struct ieee80211_frame *wh;
1728 const struct ieee80211_rateset *rs;
1729 struct mbuf *m;
1730 uint8_t *frm;
1731
1732 if (vap->iv_state == IEEE80211_S_CAC) {
1733 IEEE80211_NOTE(vap, IEEE80211_MSG_OUTPUT, ni,
1734 "block %s frame in CAC state", "probe request");
1735 vap->iv_stats.is_tx_badstate++;
1736 return EIO; /* XXX */
1737 }
1738
1739 /*
1740 * Hold a reference on the node so it doesn't go away until after
1741 * the xmit is complete all the way in the driver. On error we
1742 * will remove our reference.
1743 */
1744 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE,
1745 "ieee80211_ref_node (%s:%u) %p<%s> refcnt %d\n",
1746 __func__, __LINE__,
1747 ni, ether_sprintf(ni->ni_macaddr),
1748 ieee80211_node_refcnt(ni)+1);
1749 ieee80211_ref_node(ni);
1750
1751 /*
1752 * prreq frame format
1753 * [tlv] ssid
1754 * [tlv] supported rates
1755 * [tlv] RSN (optional)
1756 * [tlv] extended supported rates
1757 * [tlv] WPA (optional)
1758 * [tlv] user-specified ie's
1759 */
1760 m = ieee80211_getmgtframe(&frm,
1761 ic->ic_headroom + sizeof(struct ieee80211_frame),
1762 2 + IEEE80211_NWID_LEN
1763 + 2 + IEEE80211_RATE_SIZE
1764 + sizeof(struct ieee80211_ie_wpa)
1765 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE)
1766 + sizeof(struct ieee80211_ie_wpa)
1767 + (vap->iv_appie_probereq != NULL ?
1768 vap->iv_appie_probereq->ie_len : 0)
1769 );
1770 if (m == NULL) {
1771 vap->iv_stats.is_tx_nobuf++;
1772 ieee80211_free_node(ni);
1773 return ENOMEM;
1774 }
1775
1776 frm = ieee80211_add_ssid(frm, ssid, ssidlen);
1777 rs = ieee80211_get_suprates(ic, ic->ic_curchan);
1778 frm = ieee80211_add_rates(frm, rs);
1779 if (vap->iv_flags & IEEE80211_F_WPA2) {
1780 if (vap->iv_rsn_ie != NULL)
1781 frm = add_ie(frm, vap->iv_rsn_ie);
1782 /* XXX else complain? */
1783 }
1784 frm = ieee80211_add_xrates(frm, rs);
1785 if (vap->iv_flags & IEEE80211_F_WPA1) {
1786 if (vap->iv_wpa_ie != NULL)
1787 frm = add_ie(frm, vap->iv_wpa_ie);
1788 /* XXX else complain? */
1789 }
1790 if (vap->iv_appie_probereq != NULL)
1791 frm = add_appie(frm, vap->iv_appie_probereq);
1792 m->m_pkthdr.len = m->m_len = frm - mtod(m, uint8_t *);
1793
1794 KASSERT(M_LEADINGSPACE(m) >= sizeof(struct ieee80211_frame),
1795 ("leading space %zd", M_LEADINGSPACE(m)));
1796 M_PREPEND(m, sizeof(struct ieee80211_frame), M_DONTWAIT);
1797 if (m == NULL) {
1798 /* NB: cannot happen */
1799 ieee80211_free_node(ni);
1800 return ENOMEM;
1801 }
1802
1803 wh = mtod(m, struct ieee80211_frame *);
1804 ieee80211_send_setup(ni, m,
1805 IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_REQ,
1806 IEEE80211_NONQOS_TID, sa, da, bssid);
1807 /* XXX power management? */
1808 m->m_flags |= M_ENCAP; /* mark encapsulated */
1809
1810 M_WME_SETAC(m, WME_AC_BE);
1811
1812 IEEE80211_NODE_STAT(ni, tx_probereq);
1813 IEEE80211_NODE_STAT(ni, tx_mgmt);
1814
1815 IEEE80211_DPRINTF(vap, IEEE80211_MSG_DEBUG | IEEE80211_MSG_DUMPPKTS,
1816 "send probe req on channel %u bssid %s ssid \"%.*s\"\n",
1817 ieee80211_chan2ieee(ic, ic->ic_curchan), ether_sprintf(bssid),
1818 ssidlen, ssid);
1819
1820 memset(&params, 0, sizeof(params));
1821 params.ibp_pri = M_WME_GETAC(m);
1822 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
1823 params.ibp_rate0 = tp->mgmtrate;
1824 if (IEEE80211_IS_MULTICAST(da)) {
1825 params.ibp_flags |= IEEE80211_BPF_NOACK;
1826 params.ibp_try0 = 1;
1827 } else
1828 params.ibp_try0 = tp->maxretry;
1829 params.ibp_power = ni->ni_txpower;
1830 return ic->ic_raw_xmit(ni, m, &params);
1831 }
1832
1833 /*
1834 * Calculate capability information for mgt frames.
1835 */
1836 uint16_t
1837 ieee80211_getcapinfo(struct ieee80211vap *vap, struct ieee80211_channel *chan)
1838 {
1839 struct ieee80211com *ic = vap->iv_ic;
1840 uint16_t capinfo;
1841
1842 KASSERT(vap->iv_opmode != IEEE80211_M_STA, ("station mode"));
1843
1844 if (vap->iv_opmode == IEEE80211_M_HOSTAP)
1845 capinfo = IEEE80211_CAPINFO_ESS;
1846 else if (vap->iv_opmode == IEEE80211_M_IBSS)
1847 capinfo = IEEE80211_CAPINFO_IBSS;
1848 else
1849 capinfo = 0;
1850 if (vap->iv_flags & IEEE80211_F_PRIVACY)
1851 capinfo |= IEEE80211_CAPINFO_PRIVACY;
1852 if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) &&
1853 IEEE80211_IS_CHAN_2GHZ(chan))
1854 capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE;
1855 if (ic->ic_flags & IEEE80211_F_SHSLOT)
1856 capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME;
1857 if (IEEE80211_IS_CHAN_5GHZ(chan) && (vap->iv_flags & IEEE80211_F_DOTH))
1858 capinfo |= IEEE80211_CAPINFO_SPECTRUM_MGMT;
1859 return capinfo;
1860 }
1861
1862 /*
1863 * Send a management frame. The node is for the destination (or ic_bss
1864 * when in station mode). Nodes other than ic_bss have their reference
1865 * count bumped to reflect our use for an indeterminant time.
1866 */
1867 int
1868 ieee80211_send_mgmt(struct ieee80211_node *ni, int type, int arg)
1869 {
1870 #define HTFLAGS (IEEE80211_NODE_HT | IEEE80211_NODE_HTCOMPAT)
1871 #define senderr(_x, _v) do { vap->iv_stats._v++; ret = _x; goto bad; } while (0)
1872 struct ieee80211vap *vap = ni->ni_vap;
1873 struct ieee80211com *ic = ni->ni_ic;
1874 struct ieee80211_node *bss = vap->iv_bss;
1875 struct ieee80211_bpf_params params;
1876 struct mbuf *m;
1877 uint8_t *frm;
1878 uint16_t capinfo;
1879 int has_challenge, is_shared_key, ret, status;
1880
1881 KASSERT(ni != NULL, ("null node"));
1882
1883 /*
1884 * Hold a reference on the node so it doesn't go away until after
1885 * the xmit is complete all the way in the driver. On error we
1886 * will remove our reference.
1887 */
1888 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE,
1889 "ieee80211_ref_node (%s:%u) %p<%s> refcnt %d\n",
1890 __func__, __LINE__,
1891 ni, ether_sprintf(ni->ni_macaddr),
1892 ieee80211_node_refcnt(ni)+1);
1893 ieee80211_ref_node(ni);
1894
1895 memset(&params, 0, sizeof(params));
1896 switch (type) {
1897
1898 case IEEE80211_FC0_SUBTYPE_AUTH:
1899 status = arg >> 16;
1900 arg &= 0xffff;
1901 has_challenge = ((arg == IEEE80211_AUTH_SHARED_CHALLENGE ||
1902 arg == IEEE80211_AUTH_SHARED_RESPONSE) &&
1903 ni->ni_challenge != NULL);
1904
1905 /*
1906 * Deduce whether we're doing open authentication or
1907 * shared key authentication. We do the latter if
1908 * we're in the middle of a shared key authentication
1909 * handshake or if we're initiating an authentication
1910 * request and configured to use shared key.
1911 */
1912 is_shared_key = has_challenge ||
1913 arg >= IEEE80211_AUTH_SHARED_RESPONSE ||
1914 (arg == IEEE80211_AUTH_SHARED_REQUEST &&
1915 bss->ni_authmode == IEEE80211_AUTH_SHARED);
1916
1917 m = ieee80211_getmgtframe(&frm,
1918 ic->ic_headroom + sizeof(struct ieee80211_frame),
1919 3 * sizeof(uint16_t)
1920 + (has_challenge && status == IEEE80211_STATUS_SUCCESS ?
1921 sizeof(uint16_t)+IEEE80211_CHALLENGE_LEN : 0)
1922 );
1923 if (m == NULL)
1924 senderr(ENOMEM, is_tx_nobuf);
1925
1926 ((uint16_t *)frm)[0] =
1927 (is_shared_key) ? htole16(IEEE80211_AUTH_ALG_SHARED)
1928 : htole16(IEEE80211_AUTH_ALG_OPEN);
1929 ((uint16_t *)frm)[1] = htole16(arg); /* sequence number */
1930 ((uint16_t *)frm)[2] = htole16(status);/* status */
1931
1932 if (has_challenge && status == IEEE80211_STATUS_SUCCESS) {
1933 ((uint16_t *)frm)[3] =
1934 htole16((IEEE80211_CHALLENGE_LEN << 8) |
1935 IEEE80211_ELEMID_CHALLENGE);
1936 memcpy(&((uint16_t *)frm)[4], ni->ni_challenge,
1937 IEEE80211_CHALLENGE_LEN);
1938 m->m_pkthdr.len = m->m_len =
1939 4 * sizeof(uint16_t) + IEEE80211_CHALLENGE_LEN;
1940 if (arg == IEEE80211_AUTH_SHARED_RESPONSE) {
1941 IEEE80211_NOTE(vap, IEEE80211_MSG_AUTH, ni,
1942 "request encrypt frame (%s)", __func__);
1943 /* mark frame for encryption */
1944 params.ibp_flags |= IEEE80211_BPF_CRYPTO;
1945 }
1946 } else
1947 m->m_pkthdr.len = m->m_len = 3 * sizeof(uint16_t);
1948
1949 /* XXX not right for shared key */
1950 if (status == IEEE80211_STATUS_SUCCESS)
1951 IEEE80211_NODE_STAT(ni, tx_auth);
1952 else
1953 IEEE80211_NODE_STAT(ni, tx_auth_fail);
1954
1955 if (vap->iv_opmode == IEEE80211_M_STA)
1956 ieee80211_add_callback(m, ieee80211_tx_mgt_cb,
1957 (void *) vap->iv_state);
1958 break;
1959
1960 case IEEE80211_FC0_SUBTYPE_DEAUTH:
1961 IEEE80211_NOTE(vap, IEEE80211_MSG_AUTH, ni,
1962 "send station deauthenticate (reason %d)", arg);
1963 m = ieee80211_getmgtframe(&frm,
1964 ic->ic_headroom + sizeof(struct ieee80211_frame),
1965 sizeof(uint16_t));
1966 if (m == NULL)
1967 senderr(ENOMEM, is_tx_nobuf);
1968 *(uint16_t *)frm = htole16(arg); /* reason */
1969 m->m_pkthdr.len = m->m_len = sizeof(uint16_t);
1970
1971 IEEE80211_NODE_STAT(ni, tx_deauth);
1972 IEEE80211_NODE_STAT_SET(ni, tx_deauth_code, arg);
1973
1974 ieee80211_node_unauthorize(ni); /* port closed */
1975 break;
1976
1977 case IEEE80211_FC0_SUBTYPE_ASSOC_REQ:
1978 case IEEE80211_FC0_SUBTYPE_REASSOC_REQ:
1979 /*
1980 * asreq frame format
1981 * [2] capability information
1982 * [2] listen interval
1983 * [6*] current AP address (reassoc only)
1984 * [tlv] ssid
1985 * [tlv] supported rates
1986 * [tlv] extended supported rates
1987 * [4] power capability (optional)
1988 * [28] supported channels (optional)
1989 * [tlv] HT capabilities
1990 * [tlv] WME (optional)
1991 * [tlv] Vendor OUI HT capabilities (optional)
1992 * [tlv] Atheros capabilities (if negotiated)
1993 * [tlv] AppIE's (optional)
1994 */
1995 m = ieee80211_getmgtframe(&frm,
1996 ic->ic_headroom + sizeof(struct ieee80211_frame),
1997 sizeof(uint16_t)
1998 + sizeof(uint16_t)
1999 + IEEE80211_ADDR_LEN
2000 + 2 + IEEE80211_NWID_LEN
2001 + 2 + IEEE80211_RATE_SIZE
2002 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE)
2003 + 4
2004 + 2 + 26
2005 + sizeof(struct ieee80211_wme_info)
2006 + sizeof(struct ieee80211_ie_htcap)
2007 + 4 + sizeof(struct ieee80211_ie_htcap)
2008 #ifdef IEEE80211_SUPPORT_SUPERG
2009 + sizeof(struct ieee80211_ath_ie)
2010 #endif
2011 + (vap->iv_appie_wpa != NULL ?
2012 vap->iv_appie_wpa->ie_len : 0)
2013 + (vap->iv_appie_assocreq != NULL ?
2014 vap->iv_appie_assocreq->ie_len : 0)
2015 );
2016 if (m == NULL)
2017 senderr(ENOMEM, is_tx_nobuf);
2018
2019 KASSERT(vap->iv_opmode == IEEE80211_M_STA,
2020 ("wrong mode %u", vap->iv_opmode));
2021 capinfo = IEEE80211_CAPINFO_ESS;
2022 if (vap->iv_flags & IEEE80211_F_PRIVACY)
2023 capinfo |= IEEE80211_CAPINFO_PRIVACY;
2024 /*
2025 * NB: Some 11a AP's reject the request when
2026 * short premable is set.
2027 */
2028 if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) &&
2029 IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan))
2030 capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE;
2031 if (IEEE80211_IS_CHAN_ANYG(ic->ic_curchan) &&
2032 (ic->ic_caps & IEEE80211_C_SHSLOT))
2033 capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME;
2034 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SPECTRUM_MGMT) &&
2035 (vap->iv_flags & IEEE80211_F_DOTH))
2036 capinfo |= IEEE80211_CAPINFO_SPECTRUM_MGMT;
2037 *(uint16_t *)frm = htole16(capinfo);
2038 frm += 2;
2039
2040 KASSERT(bss->ni_intval != 0, ("beacon interval is zero!"));
2041 *(uint16_t *)frm = htole16(howmany(ic->ic_lintval,
2042 bss->ni_intval));
2043 frm += 2;
2044
2045 if (type == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) {
2046 IEEE80211_ADDR_COPY(frm, bss->ni_bssid);
2047 frm += IEEE80211_ADDR_LEN;
2048 }
2049
2050 frm = ieee80211_add_ssid(frm, ni->ni_essid, ni->ni_esslen);
2051 frm = ieee80211_add_rates(frm, &ni->ni_rates);
2052 if (vap->iv_flags & IEEE80211_F_WPA2) {
2053 if (vap->iv_rsn_ie != NULL)
2054 frm = add_ie(frm, vap->iv_rsn_ie);
2055 /* XXX else complain? */
2056 }
2057 frm = ieee80211_add_xrates(frm, &ni->ni_rates);
2058 if (capinfo & IEEE80211_CAPINFO_SPECTRUM_MGMT) {
2059 frm = ieee80211_add_powercapability(frm,
2060 ic->ic_curchan);
2061 frm = ieee80211_add_supportedchannels(frm, ic);
2062 }
2063 if ((vap->iv_flags_ht & IEEE80211_FHT_HT) &&
2064 ni->ni_ies.htcap_ie != NULL &&
2065 ni->ni_ies.htcap_ie[0] == IEEE80211_ELEMID_HTCAP)
2066 frm = ieee80211_add_htcap(frm, ni);
2067 if (vap->iv_flags & IEEE80211_F_WPA1) {
2068 if (vap->iv_wpa_ie != NULL)
2069 frm = add_ie(frm, vap->iv_wpa_ie);
2070 /* XXX else complain */
2071 }
2072 if ((ic->ic_flags & IEEE80211_F_WME) &&
2073 ni->ni_ies.wme_ie != NULL)
2074 frm = ieee80211_add_wme_info(frm, &ic->ic_wme);
2075 if ((vap->iv_flags_ht & IEEE80211_FHT_HT) &&
2076 ni->ni_ies.htcap_ie != NULL &&
2077 ni->ni_ies.htcap_ie[0] == IEEE80211_ELEMID_VENDOR)
2078 frm = ieee80211_add_htcap_vendor(frm, ni);
2079 #ifdef IEEE80211_SUPPORT_SUPERG
2080 if (IEEE80211_ATH_CAP(vap, ni, IEEE80211_F_ATHEROS)) {
2081 frm = ieee80211_add_ath(frm,
2082 IEEE80211_ATH_CAP(vap, ni, IEEE80211_F_ATHEROS),
2083 ((vap->iv_flags & IEEE80211_F_WPA) == 0 &&
2084 ni->ni_authmode != IEEE80211_AUTH_8021X) ?
2085 vap->iv_def_txkey : IEEE80211_KEYIX_NONE);
2086 }
2087 #endif /* IEEE80211_SUPPORT_SUPERG */
2088 if (vap->iv_appie_assocreq != NULL)
2089 frm = add_appie(frm, vap->iv_appie_assocreq);
2090 m->m_pkthdr.len = m->m_len = frm - mtod(m, uint8_t *);
2091
2092 ieee80211_add_callback(m, ieee80211_tx_mgt_cb,
2093 (void *) vap->iv_state);
2094 break;
2095
2096 case IEEE80211_FC0_SUBTYPE_ASSOC_RESP:
2097 case IEEE80211_FC0_SUBTYPE_REASSOC_RESP:
2098 /*
2099 * asresp frame format
2100 * [2] capability information
2101 * [2] status
2102 * [2] association ID
2103 * [tlv] supported rates
2104 * [tlv] extended supported rates
2105 * [tlv] HT capabilities (standard, if STA enabled)
2106 * [tlv] HT information (standard, if STA enabled)
2107 * [tlv] WME (if configured and STA enabled)
2108 * [tlv] HT capabilities (vendor OUI, if STA enabled)
2109 * [tlv] HT information (vendor OUI, if STA enabled)
2110 * [tlv] Atheros capabilities (if STA enabled)
2111 * [tlv] AppIE's (optional)
2112 */
2113 m = ieee80211_getmgtframe(&frm,
2114 ic->ic_headroom + sizeof(struct ieee80211_frame),
2115 sizeof(uint16_t)
2116 + sizeof(uint16_t)
2117 + sizeof(uint16_t)
2118 + 2 + IEEE80211_RATE_SIZE
2119 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE)
2120 + sizeof(struct ieee80211_ie_htcap) + 4
2121 + sizeof(struct ieee80211_ie_htinfo) + 4
2122 + sizeof(struct ieee80211_wme_param)
2123 #ifdef IEEE80211_SUPPORT_SUPERG
2124 + sizeof(struct ieee80211_ath_ie)
2125 #endif
2126 + (vap->iv_appie_assocresp != NULL ?
2127 vap->iv_appie_assocresp->ie_len : 0)
2128 );
2129 if (m == NULL)
2130 senderr(ENOMEM, is_tx_nobuf);
2131
2132 capinfo = ieee80211_getcapinfo(vap, bss->ni_chan);
2133 *(uint16_t *)frm = htole16(capinfo);
2134 frm += 2;
2135
2136 *(uint16_t *)frm = htole16(arg); /* status */
2137 frm += 2;
2138
2139 if (arg == IEEE80211_STATUS_SUCCESS) {
2140 *(uint16_t *)frm = htole16(ni->ni_associd);
2141 IEEE80211_NODE_STAT(ni, tx_assoc);
2142 } else
2143 IEEE80211_NODE_STAT(ni, tx_assoc_fail);
2144 frm += 2;
2145
2146 frm = ieee80211_add_rates(frm, &ni->ni_rates);
2147 frm = ieee80211_add_xrates(frm, &ni->ni_rates);
2148 /* NB: respond according to what we received */
2149 if ((ni->ni_flags & HTFLAGS) == IEEE80211_NODE_HT) {
2150 frm = ieee80211_add_htcap(frm, ni);
2151 frm = ieee80211_add_htinfo(frm, ni);
2152 }
2153 if ((vap->iv_flags & IEEE80211_F_WME) &&
2154 ni->ni_ies.wme_ie != NULL)
2155 frm = ieee80211_add_wme_param(frm, &ic->ic_wme);
2156 if ((ni->ni_flags & HTFLAGS) == HTFLAGS) {
2157 frm = ieee80211_add_htcap_vendor(frm, ni);
2158 frm = ieee80211_add_htinfo_vendor(frm, ni);
2159 }
2160 #ifdef IEEE80211_SUPPORT_SUPERG
2161 if (IEEE80211_ATH_CAP(vap, ni, IEEE80211_F_ATHEROS))
2162 frm = ieee80211_add_ath(frm,
2163 IEEE80211_ATH_CAP(vap, ni, IEEE80211_F_ATHEROS),
2164 ((vap->iv_flags & IEEE80211_F_WPA) == 0 &&
2165 ni->ni_authmode != IEEE80211_AUTH_8021X) ?
2166 vap->iv_def_txkey : IEEE80211_KEYIX_NONE);
2167 #endif /* IEEE80211_SUPPORT_SUPERG */
2168 if (vap->iv_appie_assocresp != NULL)
2169 frm = add_appie(frm, vap->iv_appie_assocresp);
2170 m->m_pkthdr.len = m->m_len = frm - mtod(m, uint8_t *);
2171 break;
2172
2173 case IEEE80211_FC0_SUBTYPE_DISASSOC:
2174 IEEE80211_NOTE(vap, IEEE80211_MSG_ASSOC, ni,
2175 "send station disassociate (reason %d)", arg);
2176 m = ieee80211_getmgtframe(&frm,
2177 ic->ic_headroom + sizeof(struct ieee80211_frame),
2178 sizeof(uint16_t));
2179 if (m == NULL)
2180 senderr(ENOMEM, is_tx_nobuf);
2181 *(uint16_t *)frm = htole16(arg); /* reason */
2182 m->m_pkthdr.len = m->m_len = sizeof(uint16_t);
2183
2184 IEEE80211_NODE_STAT(ni, tx_disassoc);
2185 IEEE80211_NODE_STAT_SET(ni, tx_disassoc_code, arg);
2186 break;
2187
2188 default:
2189 IEEE80211_NOTE(vap, IEEE80211_MSG_ANY, ni,
2190 "invalid mgmt frame type %u", type);
2191 senderr(EINVAL, is_tx_unknownmgt);
2192 /* NOTREACHED */
2193 }
2194
2195 /* NB: force non-ProbeResp frames to the highest queue */
2196 params.ibp_pri = WME_AC_VO;
2197 params.ibp_rate0 = bss->ni_txparms->mgmtrate;
2198 /* NB: we know all frames are unicast */
2199 params.ibp_try0 = bss->ni_txparms->maxretry;
2200 params.ibp_power = bss->ni_txpower;
2201 return ieee80211_mgmt_output(ni, m, type, &params);
2202 bad:
2203 ieee80211_free_node(ni);
2204 return ret;
2205 #undef senderr
2206 #undef HTFLAGS
2207 }
2208
2209 /*
2210 * Return an mbuf with a probe response frame in it.
2211 * Space is left to prepend and 802.11 header at the
2212 * front but it's left to the caller to fill in.
2213 */
2214 struct mbuf *
2215 ieee80211_alloc_proberesp(struct ieee80211_node *bss, int legacy)
2216 {
2217 struct ieee80211vap *vap = bss->ni_vap;
2218 struct ieee80211com *ic = bss->ni_ic;
2219 const struct ieee80211_rateset *rs;
2220 struct mbuf *m;
2221 uint16_t capinfo;
2222 uint8_t *frm;
2223
2224 /*
2225 * probe response frame format
2226 * [8] time stamp
2227 * [2] beacon interval
2228 * [2] cabability information
2229 * [tlv] ssid
2230 * [tlv] supported rates
2231 * [tlv] parameter set (FH/DS)
2232 * [tlv] parameter set (IBSS)
2233 * [tlv] country (optional)
2234 * [3] power control (optional)
2235 * [5] channel switch announcement (CSA) (optional)
2236 * [tlv] extended rate phy (ERP)
2237 * [tlv] extended supported rates
2238 * [tlv] RSN (optional)
2239 * [tlv] HT capabilities
2240 * [tlv] HT information
2241 * [tlv] WPA (optional)
2242 * [tlv] WME (optional)
2243 * [tlv] Vendor OUI HT capabilities (optional)
2244 * [tlv] Vendor OUI HT information (optional)
2245 * [tlv] Atheros capabilities
2246 * [tlv] AppIE's (optional)
2247 * [tlv] Mesh ID (MBSS)
2248 * [tlv] Mesh Conf (MBSS)
2249 */
2250 m = ieee80211_getmgtframe(&frm,
2251 ic->ic_headroom + sizeof(struct ieee80211_frame),
2252 8
2253 + sizeof(uint16_t)
2254 + sizeof(uint16_t)
2255 + 2 + IEEE80211_NWID_LEN
2256 + 2 + IEEE80211_RATE_SIZE
2257 + 7 /* max(7,3) */
2258 + IEEE80211_COUNTRY_MAX_SIZE
2259 + 3
2260 + sizeof(struct ieee80211_csa_ie)
2261 + 3
2262 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE)
2263 + sizeof(struct ieee80211_ie_wpa)
2264 + sizeof(struct ieee80211_ie_htcap)
2265 + sizeof(struct ieee80211_ie_htinfo)
2266 + sizeof(struct ieee80211_ie_wpa)
2267 + sizeof(struct ieee80211_wme_param)
2268 + 4 + sizeof(struct ieee80211_ie_htcap)
2269 + 4 + sizeof(struct ieee80211_ie_htinfo)
2270 #ifdef IEEE80211_SUPPORT_SUPERG
2271 + sizeof(struct ieee80211_ath_ie)
2272 #endif
2273 #ifdef IEEE80211_SUPPORT_MESH
2274 + 2 + IEEE80211_MESHID_LEN
2275 + sizeof(struct ieee80211_meshconf_ie)
2276 #endif
2277 + (vap->iv_appie_proberesp != NULL ?
2278 vap->iv_appie_proberesp->ie_len : 0)
2279 );
2280 if (m == NULL) {
2281 vap->iv_stats.is_tx_nobuf++;
2282 return NULL;
2283 }
2284
2285 memset(frm, 0, 8); /* timestamp should be filled later */
2286 frm += 8;
2287 *(uint16_t *)frm = htole16(bss->ni_intval);
2288 frm += 2;
2289 capinfo = ieee80211_getcapinfo(vap, bss->ni_chan);
2290 *(uint16_t *)frm = htole16(capinfo);
2291 frm += 2;
2292
2293 frm = ieee80211_add_ssid(frm, bss->ni_essid, bss->ni_esslen);
2294 rs = ieee80211_get_suprates(ic, bss->ni_chan);
2295 frm = ieee80211_add_rates(frm, rs);
2296
2297 if (IEEE80211_IS_CHAN_FHSS(bss->ni_chan)) {
2298 *frm++ = IEEE80211_ELEMID_FHPARMS;
2299 *frm++ = 5;
2300 *frm++ = bss->ni_fhdwell & 0x00ff;
2301 *frm++ = (bss->ni_fhdwell >> 8) & 0x00ff;
2302 *frm++ = IEEE80211_FH_CHANSET(
2303 ieee80211_chan2ieee(ic, bss->ni_chan));
2304 *frm++ = IEEE80211_FH_CHANPAT(
2305 ieee80211_chan2ieee(ic, bss->ni_chan));
2306 *frm++ = bss->ni_fhindex;
2307 } else {
2308 *frm++ = IEEE80211_ELEMID_DSPARMS;
2309 *frm++ = 1;
2310 *frm++ = ieee80211_chan2ieee(ic, bss->ni_chan);
2311 }
2312
2313 if (vap->iv_opmode == IEEE80211_M_IBSS) {
2314 *frm++ = IEEE80211_ELEMID_IBSSPARMS;
2315 *frm++ = 2;
2316 *frm++ = 0; *frm++ = 0; /* TODO: ATIM window */
2317 }
2318 if ((vap->iv_flags & IEEE80211_F_DOTH) ||
2319 (vap->iv_flags_ext & IEEE80211_FEXT_DOTD))
2320 frm = ieee80211_add_countryie(frm, ic);
2321 if (vap->iv_flags & IEEE80211_F_DOTH) {
2322 if (IEEE80211_IS_CHAN_5GHZ(bss->ni_chan))
2323 frm = ieee80211_add_powerconstraint(frm, vap);
2324 if (ic->ic_flags & IEEE80211_F_CSAPENDING)
2325 frm = ieee80211_add_csa(frm, vap);
2326 }
2327 if (IEEE80211_IS_CHAN_ANYG(bss->ni_chan))
2328 frm = ieee80211_add_erp(frm, ic);
2329 frm = ieee80211_add_xrates(frm, rs);
2330 if (vap->iv_flags & IEEE80211_F_WPA2) {
2331 if (vap->iv_rsn_ie != NULL)
2332 frm = add_ie(frm, vap->iv_rsn_ie);
2333 /* XXX else complain? */
2334 }
2335 /*
2336 * NB: legacy 11b clients do not get certain ie's.
2337 * The caller identifies such clients by passing
2338 * a token in legacy to us. Could expand this to be
2339 * any legacy client for stuff like HT ie's.
2340 */
2341 if (IEEE80211_IS_CHAN_HT(bss->ni_chan) &&
2342 legacy != IEEE80211_SEND_LEGACY_11B) {
2343 frm = ieee80211_add_htcap(frm, bss);
2344 frm = ieee80211_add_htinfo(frm, bss);
2345 }
2346 if (vap->iv_flags & IEEE80211_F_WPA1) {
2347 if (vap->iv_wpa_ie != NULL)
2348 frm = add_ie(frm, vap->iv_wpa_ie);
2349 /* XXX else complain? */
2350 }
2351 if (vap->iv_flags & IEEE80211_F_WME)
2352 frm = ieee80211_add_wme_param(frm, &ic->ic_wme);
2353 if (IEEE80211_IS_CHAN_HT(bss->ni_chan) &&
2354 (vap->iv_flags_ht & IEEE80211_FHT_HTCOMPAT) &&
2355 legacy != IEEE80211_SEND_LEGACY_11B) {
2356 frm = ieee80211_add_htcap_vendor(frm, bss);
2357 frm = ieee80211_add_htinfo_vendor(frm, bss);
2358 }
2359 #ifdef IEEE80211_SUPPORT_SUPERG
2360 if ((vap->iv_flags & IEEE80211_F_ATHEROS) &&
2361 legacy != IEEE80211_SEND_LEGACY_11B)
2362 frm = ieee80211_add_athcaps(frm, bss);
2363 #endif
2364 if (vap->iv_appie_proberesp != NULL)
2365 frm = add_appie(frm, vap->iv_appie_proberesp);
2366 #ifdef IEEE80211_SUPPORT_MESH
2367 if (vap->iv_opmode == IEEE80211_M_MBSS) {
2368 frm = ieee80211_add_meshid(frm, vap);
2369 frm = ieee80211_add_meshconf(frm, vap);
2370 }
2371 #endif
2372 m->m_pkthdr.len = m->m_len = frm - mtod(m, uint8_t *);
2373
2374 return m;
2375 }
2376
2377 /*
2378 * Send a probe response frame to the specified mac address.
2379 * This does not go through the normal mgt frame api so we
2380 * can specify the destination address and re-use the bss node
2381 * for the sta reference.
2382 */
2383 int
2384 ieee80211_send_proberesp(struct ieee80211vap *vap,
2385 const uint8_t da[IEEE80211_ADDR_LEN], int legacy)
2386 {
2387 struct ieee80211_node *bss = vap->iv_bss;
2388 struct ieee80211com *ic = vap->iv_ic;
2389 struct ieee80211_frame *wh;
2390 struct mbuf *m;
2391
2392 if (vap->iv_state == IEEE80211_S_CAC) {
2393 IEEE80211_NOTE(vap, IEEE80211_MSG_OUTPUT, bss,
2394 "block %s frame in CAC state", "probe response");
2395 vap->iv_stats.is_tx_badstate++;
2396 return EIO; /* XXX */
2397 }
2398
2399 /*
2400 * Hold a reference on the node so it doesn't go away until after
2401 * the xmit is complete all the way in the driver. On error we
2402 * will remove our reference.
2403 */
2404 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE,
2405 "ieee80211_ref_node (%s:%u) %p<%s> refcnt %d\n",
2406 __func__, __LINE__, bss, ether_sprintf(bss->ni_macaddr),
2407 ieee80211_node_refcnt(bss)+1);
2408 ieee80211_ref_node(bss);
2409
2410 m = ieee80211_alloc_proberesp(bss, legacy);
2411 if (m == NULL) {
2412 ieee80211_free_node(bss);
2413 return ENOMEM;
2414 }
2415
2416 M_PREPEND(m, sizeof(struct ieee80211_frame), M_DONTWAIT);
2417 KASSERT(m != NULL, ("no room for header"));
2418
2419 wh = mtod(m, struct ieee80211_frame *);
2420 ieee80211_send_setup(bss, m,
2421 IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP,
2422 IEEE80211_NONQOS_TID, vap->iv_myaddr, da, bss->ni_bssid);
2423 /* XXX power management? */
2424 m->m_flags |= M_ENCAP; /* mark encapsulated */
2425
2426 M_WME_SETAC(m, WME_AC_BE);
2427
2428 IEEE80211_DPRINTF(vap, IEEE80211_MSG_DEBUG | IEEE80211_MSG_DUMPPKTS,
2429 "send probe resp on channel %u to %s%s\n",
2430 ieee80211_chan2ieee(ic, ic->ic_curchan), ether_sprintf(da),
2431 legacy ? " <legacy>" : "");
2432 IEEE80211_NODE_STAT(bss, tx_mgmt);
2433
2434 return ic->ic_raw_xmit(bss, m, NULL);
2435 }
2436
2437 /*
2438 * Allocate and build a RTS (Request To Send) control frame.
2439 */
2440 struct mbuf *
2441 ieee80211_alloc_rts(struct ieee80211com *ic,
2442 const uint8_t ra[IEEE80211_ADDR_LEN],
2443 const uint8_t ta[IEEE80211_ADDR_LEN],
2444 uint16_t dur)
2445 {
2446 struct ieee80211_frame_rts *rts;
2447 struct mbuf *m;
2448
2449 /* XXX honor ic_headroom */
2450 m = m_gethdr(M_DONTWAIT, MT_DATA);
2451 if (m != NULL) {
2452 rts = mtod(m, struct ieee80211_frame_rts *);
2453 rts->i_fc[0] = IEEE80211_FC0_VERSION_0 |
2454 IEEE80211_FC0_TYPE_CTL | IEEE80211_FC0_SUBTYPE_RTS;
2455 rts->i_fc[1] = IEEE80211_FC1_DIR_NODS;
2456 *(u_int16_t *)rts->i_dur = htole16(dur);
2457 IEEE80211_ADDR_COPY(rts->i_ra, ra);
2458 IEEE80211_ADDR_COPY(rts->i_ta, ta);
2459
2460 m->m_pkthdr.len = m->m_len = sizeof(struct ieee80211_frame_rts);
2461 }
2462 return m;
2463 }
2464
2465 /*
2466 * Allocate and build a CTS (Clear To Send) control frame.
2467 */
2468 struct mbuf *
2469 ieee80211_alloc_cts(struct ieee80211com *ic,
2470 const uint8_t ra[IEEE80211_ADDR_LEN], uint16_t dur)
2471 {
2472 struct ieee80211_frame_cts *cts;
2473 struct mbuf *m;
2474
2475 /* XXX honor ic_headroom */
2476 m = m_gethdr(M_DONTWAIT, MT_DATA);
2477 if (m != NULL) {
2478 cts = mtod(m, struct ieee80211_frame_cts *);
2479 cts->i_fc[0] = IEEE80211_FC0_VERSION_0 |
2480 IEEE80211_FC0_TYPE_CTL | IEEE80211_FC0_SUBTYPE_CTS;
2481 cts->i_fc[1] = IEEE80211_FC1_DIR_NODS;
2482 *(u_int16_t *)cts->i_dur = htole16(dur);
2483 IEEE80211_ADDR_COPY(cts->i_ra, ra);
2484
2485 m->m_pkthdr.len = m->m_len = sizeof(struct ieee80211_frame_cts);
2486 }
2487 return m;
2488 }
2489
2490 static void
2491 ieee80211_tx_mgt_timeout(void *arg)
2492 {
2493 struct ieee80211_node *ni = arg;
2494 struct ieee80211vap *vap = ni->ni_vap;
2495
2496 if (vap->iv_state != IEEE80211_S_INIT &&
2497 (vap->iv_ic->ic_flags & IEEE80211_F_SCAN) == 0) {
2498 /*
2499 * NB: it's safe to specify a timeout as the reason here;
2500 * it'll only be used in the right state.
2501 */
2502 ieee80211_new_state(vap, IEEE80211_S_SCAN,
2503 IEEE80211_SCAN_FAIL_TIMEOUT);
2504 }
2505 }
2506
2507 static void
2508 ieee80211_tx_mgt_cb(struct ieee80211_node *ni, void *arg, int status)
2509 {
2510 struct ieee80211vap *vap = ni->ni_vap;
2511 enum ieee80211_state ostate = (enum ieee80211_state) arg;
2512
2513 /*
2514 * Frame transmit completed; arrange timer callback. If
2515 * transmit was successfuly we wait for response. Otherwise
2516 * we arrange an immediate callback instead of doing the
2517 * callback directly since we don't know what state the driver
2518 * is in (e.g. what locks it is holding). This work should
2519 * not be too time-critical and not happen too often so the
2520 * added overhead is acceptable.
2521 *
2522 * XXX what happens if !acked but response shows up before callback?
2523 */
2524 if (vap->iv_state == ostate)
2525 callout_reset(&vap->iv_mgtsend,
2526 status == 0 ? IEEE80211_TRANS_WAIT*hz : 0,
2527 ieee80211_tx_mgt_timeout, ni);
2528 }
2529
2530 static void
2531 ieee80211_beacon_construct(struct mbuf *m, uint8_t *frm,
2532 struct ieee80211_beacon_offsets *bo, struct ieee80211_node *ni)
2533 {
2534 struct ieee80211vap *vap = ni->ni_vap;
2535 struct ieee80211com *ic = ni->ni_ic;
2536 struct ieee80211_rateset *rs = &ni->ni_rates;
2537 uint16_t capinfo;
2538
2539 /*
2540 * beacon frame format
2541 * [8] time stamp
2542 * [2] beacon interval
2543 * [2] cabability information
2544 * [tlv] ssid
2545 * [tlv] supported rates
2546 * [3] parameter set (DS)
2547 * [8] CF parameter set (optional)
2548 * [tlv] parameter set (IBSS/TIM)
2549 * [tlv] country (optional)
2550 * [3] power control (optional)
2551 * [5] channel switch announcement (CSA) (optional)
2552 * [tlv] extended rate phy (ERP)
2553 * [tlv] extended supported rates
2554 * [tlv] RSN parameters
2555 * [tlv] HT capabilities
2556 * [tlv] HT information
2557 * XXX Vendor-specific OIDs (e.g. Atheros)
2558 * [tlv] WPA parameters
2559 * [tlv] WME parameters
2560 * [tlv] Vendor OUI HT capabilities (optional)
2561 * [tlv] Vendor OUI HT information (optional)
2562 * [tlv] Atheros capabilities (optional)
2563 * [tlv] TDMA parameters (optional)
2564 * [tlv] Mesh ID (MBSS)
2565 * [tlv] Mesh Conf (MBSS)
2566 * [tlv] application data (optional)
2567 */
2568
2569 memset(bo, 0, sizeof(*bo));
2570
2571 memset(frm, 0, 8); /* XXX timestamp is set by hardware/driver */
2572 frm += 8;
2573 *(uint16_t *)frm = htole16(ni->ni_intval);
2574 frm += 2;
2575 capinfo = ieee80211_getcapinfo(vap, ni->ni_chan);
2576 bo->bo_caps = (uint16_t *)frm;
2577 *(uint16_t *)frm = htole16(capinfo);
2578 frm += 2;
2579 *frm++ = IEEE80211_ELEMID_SSID;
2580 if ((vap->iv_flags & IEEE80211_F_HIDESSID) == 0) {
2581 *frm++ = ni->ni_esslen;
2582 memcpy(frm, ni->ni_essid, ni->ni_esslen);
2583 frm += ni->ni_esslen;
2584 } else
2585 *frm++ = 0;
2586 frm = ieee80211_add_rates(frm, rs);
2587 if (!IEEE80211_IS_CHAN_FHSS(ni->ni_chan)) {
2588 *frm++ = IEEE80211_ELEMID_DSPARMS;
2589 *frm++ = 1;
2590 *frm++ = ieee80211_chan2ieee(ic, ni->ni_chan);
2591 }
2592 if (ic->ic_flags & IEEE80211_F_PCF) {
2593 bo->bo_cfp = frm;
2594 frm = ieee80211_add_cfparms(frm, ic);
2595 }
2596 bo->bo_tim = frm;
2597 if (vap->iv_opmode == IEEE80211_M_IBSS) {
2598 *frm++ = IEEE80211_ELEMID_IBSSPARMS;
2599 *frm++ = 2;
2600 *frm++ = 0; *frm++ = 0; /* TODO: ATIM window */
2601 bo->bo_tim_len = 0;
2602 } else if (vap->iv_opmode == IEEE80211_M_HOSTAP ||
2603 vap->iv_opmode == IEEE80211_M_MBSS) {
2604 /* TIM IE is the same for Mesh and Hostap */
2605 struct ieee80211_tim_ie *tie = (struct ieee80211_tim_ie *) frm;
2606
2607 tie->tim_ie = IEEE80211_ELEMID_TIM;
2608 tie->tim_len = 4; /* length */
2609 tie->tim_count = 0; /* DTIM count */
2610 tie->tim_period = vap->iv_dtim_period; /* DTIM period */
2611 tie->tim_bitctl = 0; /* bitmap control */
2612 tie->tim_bitmap[0] = 0; /* Partial Virtual Bitmap */
2613 frm += sizeof(struct ieee80211_tim_ie);
2614 bo->bo_tim_len = 1;
2615 }
2616 bo->bo_tim_trailer = frm;
2617 if ((vap->iv_flags & IEEE80211_F_DOTH) ||
2618 (vap->iv_flags_ext & IEEE80211_FEXT_DOTD))
2619 frm = ieee80211_add_countryie(frm, ic);
2620 if (vap->iv_flags & IEEE80211_F_DOTH) {
2621 if (IEEE80211_IS_CHAN_5GHZ(ni->ni_chan))
2622 frm = ieee80211_add_powerconstraint(frm, vap);
2623 bo->bo_csa = frm;
2624 if (ic->ic_flags & IEEE80211_F_CSAPENDING)
2625 frm = ieee80211_add_csa(frm, vap);
2626 } else
2627 bo->bo_csa = frm;
2628 if (IEEE80211_IS_CHAN_ANYG(ni->ni_chan)) {
2629 bo->bo_erp = frm;
2630 frm = ieee80211_add_erp(frm, ic);
2631 }
2632 frm = ieee80211_add_xrates(frm, rs);
2633 if (vap->iv_flags & IEEE80211_F_WPA2) {
2634 if (vap->iv_rsn_ie != NULL)
2635 frm = add_ie(frm, vap->iv_rsn_ie);
2636 /* XXX else complain */
2637 }
2638 if (IEEE80211_IS_CHAN_HT(ni->ni_chan)) {
2639 frm = ieee80211_add_htcap(frm, ni);
2640 bo->bo_htinfo = frm;
2641 frm = ieee80211_add_htinfo(frm, ni);
2642 }
2643 if (vap->iv_flags & IEEE80211_F_WPA1) {
2644 if (vap->iv_wpa_ie != NULL)
2645 frm = add_ie(frm, vap->iv_wpa_ie);
2646 /* XXX else complain */
2647 }
2648 if (vap->iv_flags & IEEE80211_F_WME) {
2649 bo->bo_wme = frm;
2650 frm = ieee80211_add_wme_param(frm, &ic->ic_wme);
2651 }
2652 if (IEEE80211_IS_CHAN_HT(ni->ni_chan) &&
2653 (vap->iv_flags_ht & IEEE80211_FHT_HTCOMPAT)) {
2654 frm = ieee80211_add_htcap_vendor(frm, ni);
2655 frm = ieee80211_add_htinfo_vendor(frm, ni);
2656 }
2657 #ifdef IEEE80211_SUPPORT_SUPERG
2658 if (vap->iv_flags & IEEE80211_F_ATHEROS) {
2659 bo->bo_ath = frm;
2660 frm = ieee80211_add_athcaps(frm, ni);
2661 }
2662 #endif
2663 #ifdef IEEE80211_SUPPORT_TDMA
2664 if (vap->iv_caps & IEEE80211_C_TDMA) {
2665 bo->bo_tdma = frm;
2666 frm = ieee80211_add_tdma(frm, vap);
2667 }
2668 #endif
2669 if (vap->iv_appie_beacon != NULL) {
2670 bo->bo_appie = frm;
2671 bo->bo_appie_len = vap->iv_appie_beacon->ie_len;
2672 frm = add_appie(frm, vap->iv_appie_beacon);
2673 }
2674 #ifdef IEEE80211_SUPPORT_MESH
2675 if (vap->iv_opmode == IEEE80211_M_MBSS) {
2676 frm = ieee80211_add_meshid(frm, vap);
2677 bo->bo_meshconf = frm;
2678 frm = ieee80211_add_meshconf(frm, vap);
2679 }
2680 #endif
2681 bo->bo_tim_trailer_len = frm - bo->bo_tim_trailer;
2682 bo->bo_csa_trailer_len = frm - bo->bo_csa;
2683 m->m_pkthdr.len = m->m_len = frm - mtod(m, uint8_t *);
2684 }
2685
2686 /*
2687 * Allocate a beacon frame and fillin the appropriate bits.
2688 */
2689 struct mbuf *
2690 ieee80211_beacon_alloc(struct ieee80211_node *ni,
2691 struct ieee80211_beacon_offsets *bo)
2692 {
2693 struct ieee80211vap *vap = ni->ni_vap;
2694 struct ieee80211com *ic = ni->ni_ic;
2695 struct ifnet *ifp = vap->iv_ifp;
2696 struct ieee80211_frame *wh;
2697 struct mbuf *m;
2698 int pktlen;
2699 uint8_t *frm;
2700
2701 /*
2702 * beacon frame format
2703 * [8] time stamp
2704 * [2] beacon interval
2705 * [2] cabability information
2706 * [tlv] ssid
2707 * [tlv] supported rates
2708 * [3] parameter set (DS)
2709 * [8] CF parameter set (optional)
2710 * [tlv] parameter set (IBSS/TIM)
2711 * [tlv] country (optional)
2712 * [3] power control (optional)
2713 * [5] channel switch announcement (CSA) (optional)
2714 * [tlv] extended rate phy (ERP)
2715 * [tlv] extended supported rates
2716 * [tlv] RSN parameters
2717 * [tlv] HT capabilities
2718 * [tlv] HT information
2719 * [tlv] Vendor OUI HT capabilities (optional)
2720 * [tlv] Vendor OUI HT information (optional)
2721 * XXX Vendor-specific OIDs (e.g. Atheros)
2722 * [tlv] WPA parameters
2723 * [tlv] WME parameters
2724 * [tlv] TDMA parameters (optional)
2725 * [tlv] Mesh ID (MBSS)
2726 * [tlv] Mesh Conf (MBSS)
2727 * [tlv] application data (optional)
2728 * NB: we allocate the max space required for the TIM bitmap.
2729 * XXX how big is this?
2730 */
2731 pktlen = 8 /* time stamp */
2732 + sizeof(uint16_t) /* beacon interval */
2733 + sizeof(uint16_t) /* capabilities */
2734 + 2 + ni->ni_esslen /* ssid */
2735 + 2 + IEEE80211_RATE_SIZE /* supported rates */
2736 + 2 + 1 /* DS parameters */
2737 + 2 + 6 /* CF parameters */
2738 + 2 + 4 + vap->iv_tim_len /* DTIM/IBSSPARMS */
2739 + IEEE80211_COUNTRY_MAX_SIZE /* country */
2740 + 2 + 1 /* power control */
2741 + sizeof(struct ieee80211_csa_ie) /* CSA */
2742 + 2 + 1 /* ERP */
2743 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE)
2744 + (vap->iv_caps & IEEE80211_C_WPA ? /* WPA 1+2 */
2745 2*sizeof(struct ieee80211_ie_wpa) : 0)
2746 /* XXX conditional? */
2747 + 4+2*sizeof(struct ieee80211_ie_htcap)/* HT caps */
2748 + 4+2*sizeof(struct ieee80211_ie_htinfo)/* HT info */
2749 + (vap->iv_caps & IEEE80211_C_WME ? /* WME */
2750 sizeof(struct ieee80211_wme_param) : 0)
2751 #ifdef IEEE80211_SUPPORT_SUPERG
2752 + sizeof(struct ieee80211_ath_ie) /* ATH */
2753 #endif
2754 #ifdef IEEE80211_SUPPORT_TDMA
2755 + (vap->iv_caps & IEEE80211_C_TDMA ? /* TDMA */
2756 sizeof(struct ieee80211_tdma_param) : 0)
2757 #endif
2758 #ifdef IEEE80211_SUPPORT_MESH
2759 + 2 + ni->ni_meshidlen
2760 + sizeof(struct ieee80211_meshconf_ie)
2761 #endif
2762 + IEEE80211_MAX_APPIE
2763 ;
2764 m = ieee80211_getmgtframe(&frm,
2765 ic->ic_headroom + sizeof(struct ieee80211_frame), pktlen);
2766 if (m == NULL) {
2767 IEEE80211_DPRINTF(vap, IEEE80211_MSG_ANY,
2768 "%s: cannot get buf; size %u\n", __func__, pktlen);
2769 vap->iv_stats.is_tx_nobuf++;
2770 return NULL;
2771 }
2772 ieee80211_beacon_construct(m, frm, bo, ni);
2773
2774 M_PREPEND(m, sizeof(struct ieee80211_frame), M_DONTWAIT);
2775 KASSERT(m != NULL, ("no space for 802.11 header?"));
2776 wh = mtod(m, struct ieee80211_frame *);
2777 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT |
2778 IEEE80211_FC0_SUBTYPE_BEACON;
2779 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS;
2780 *(uint16_t *)wh->i_dur = 0;
2781 IEEE80211_ADDR_COPY(wh->i_addr1, ifp->if_broadcastaddr);
2782 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr);
2783 IEEE80211_ADDR_COPY(wh->i_addr3, ni->ni_bssid);
2784 *(uint16_t *)wh->i_seq = 0;
2785
2786 return m;
2787 }
2788
2789 /*
2790 * Update the dynamic parts of a beacon frame based on the current state.
2791 */
2792 int
2793 ieee80211_beacon_update(struct ieee80211_node *ni,
2794 struct ieee80211_beacon_offsets *bo, struct mbuf *m, int mcast)
2795 {
2796 struct ieee80211vap *vap = ni->ni_vap;
2797 struct ieee80211com *ic = ni->ni_ic;
2798 int len_changed = 0;
2799 uint16_t capinfo;
2800 struct ieee80211_frame *wh;
2801 ieee80211_seq seqno;
2802
2803 IEEE80211_LOCK(ic);
2804 /*
2805 * Handle 11h channel change when we've reached the count.
2806 * We must recalculate the beacon frame contents to account
2807 * for the new channel. Note we do this only for the first
2808 * vap that reaches this point; subsequent vaps just update
2809 * their beacon state to reflect the recalculated channel.
2810 */
2811 if (isset(bo->bo_flags, IEEE80211_BEACON_CSA) &&
2812 vap->iv_csa_count == ic->ic_csa_count) {
2813 vap->iv_csa_count = 0;
2814 /*
2815 * Effect channel change before reconstructing the beacon
2816 * frame contents as many places reference ni_chan.
2817 */
2818 if (ic->ic_csa_newchan != NULL)
2819 ieee80211_csa_completeswitch(ic);
2820 /*
2821 * NB: ieee80211_beacon_construct clears all pending
2822 * updates in bo_flags so we don't need to explicitly
2823 * clear IEEE80211_BEACON_CSA.
2824 */
2825 ieee80211_beacon_construct(m,
2826 mtod(m, uint8_t*) + sizeof(struct ieee80211_frame), bo, ni);
2827
2828 /* XXX do WME aggressive mode processing? */
2829 IEEE80211_UNLOCK(ic);
2830 return 1; /* just assume length changed */
2831 }
2832
2833 wh = mtod(m, struct ieee80211_frame *);
2834 seqno = ni->ni_txseqs[IEEE80211_NONQOS_TID]++;
2835 *(uint16_t *)&wh->i_seq[0] =
2836 htole16(seqno << IEEE80211_SEQ_SEQ_SHIFT);
2837 M_SEQNO_SET(m, seqno);
2838
2839 /* XXX faster to recalculate entirely or just changes? */
2840 capinfo = ieee80211_getcapinfo(vap, ni->ni_chan);
2841 *bo->bo_caps = htole16(capinfo);
2842
2843 if (vap->iv_flags & IEEE80211_F_WME) {
2844 struct ieee80211_wme_state *wme = &ic->ic_wme;
2845
2846 /*
2847 * Check for agressive mode change. When there is
2848 * significant high priority traffic in the BSS
2849 * throttle back BE traffic by using conservative
2850 * parameters. Otherwise BE uses agressive params
2851 * to optimize performance of legacy/non-QoS traffic.
2852 */
2853 if (wme->wme_flags & WME_F_AGGRMODE) {
2854 if (wme->wme_hipri_traffic >
2855 wme->wme_hipri_switch_thresh) {
2856 IEEE80211_DPRINTF(vap, IEEE80211_MSG_WME,
2857 "%s: traffic %u, disable aggressive mode\n",
2858 __func__, wme->wme_hipri_traffic);
2859 wme->wme_flags &= ~WME_F_AGGRMODE;
2860 ieee80211_wme_updateparams_locked(vap);
2861 wme->wme_hipri_traffic =
2862 wme->wme_hipri_switch_hysteresis;
2863 } else
2864 wme->wme_hipri_traffic = 0;
2865 } else {
2866 if (wme->wme_hipri_traffic <=
2867 wme->wme_hipri_switch_thresh) {
2868 IEEE80211_DPRINTF(vap, IEEE80211_MSG_WME,
2869 "%s: traffic %u, enable aggressive mode\n",
2870 __func__, wme->wme_hipri_traffic);
2871 wme->wme_flags |= WME_F_AGGRMODE;
2872 ieee80211_wme_updateparams_locked(vap);
2873 wme->wme_hipri_traffic = 0;
2874 } else
2875 wme->wme_hipri_traffic =
2876 wme->wme_hipri_switch_hysteresis;
2877 }
2878 if (isset(bo->bo_flags, IEEE80211_BEACON_WME)) {
2879 (void) ieee80211_add_wme_param(bo->bo_wme, wme);
2880 clrbit(bo->bo_flags, IEEE80211_BEACON_WME);
2881 }
2882 }
2883
2884 if (isset(bo->bo_flags, IEEE80211_BEACON_HTINFO)) {
2885 ieee80211_ht_update_beacon(vap, bo);
2886 clrbit(bo->bo_flags, IEEE80211_BEACON_HTINFO);
2887 }
2888 #ifdef IEEE80211_SUPPORT_TDMA
2889 if (vap->iv_caps & IEEE80211_C_TDMA) {
2890 /*
2891 * NB: the beacon is potentially updated every TBTT.
2892 */
2893 ieee80211_tdma_update_beacon(vap, bo);
2894 }
2895 #endif
2896 #ifdef IEEE80211_SUPPORT_MESH
2897 if (vap->iv_opmode == IEEE80211_M_MBSS)
2898 ieee80211_mesh_update_beacon(vap, bo);
2899 #endif
2900
2901 if (vap->iv_opmode == IEEE80211_M_HOSTAP ||
2902 vap->iv_opmode == IEEE80211_M_MBSS) { /* NB: no IBSS support*/
2903 struct ieee80211_tim_ie *tie =
2904 (struct ieee80211_tim_ie *) bo->bo_tim;
2905 if (isset(bo->bo_flags, IEEE80211_BEACON_TIM)) {
2906 u_int timlen, timoff, i;
2907 /*
2908 * ATIM/DTIM needs updating. If it fits in the
2909 * current space allocated then just copy in the
2910 * new bits. Otherwise we need to move any trailing
2911 * data to make room. Note that we know there is
2912 * contiguous space because ieee80211_beacon_allocate
2913 * insures there is space in the mbuf to write a
2914 * maximal-size virtual bitmap (based on iv_max_aid).
2915 */
2916 /*
2917 * Calculate the bitmap size and offset, copy any
2918 * trailer out of the way, and then copy in the
2919 * new bitmap and update the information element.
2920 * Note that the tim bitmap must contain at least
2921 * one byte and any offset must be even.
2922 */
2923 if (vap->iv_ps_pending != 0) {
2924 timoff = 128; /* impossibly large */
2925 for (i = 0; i < vap->iv_tim_len; i++)
2926 if (vap->iv_tim_bitmap[i]) {
2927 timoff = i &~ 1;
2928 break;
2929 }
2930 KASSERT(timoff != 128, ("tim bitmap empty!"));
2931 for (i = vap->iv_tim_len-1; i >= timoff; i--)
2932 if (vap->iv_tim_bitmap[i])
2933 break;
2934 timlen = 1 + (i - timoff);
2935 } else {
2936 timoff = 0;
2937 timlen = 1;
2938 }
2939 if (timlen != bo->bo_tim_len) {
2940 /* copy up/down trailer */
2941 int adjust = tie->tim_bitmap+timlen
2942 - bo->bo_tim_trailer;
2943 ovbcopy(bo->bo_tim_trailer,
2944 bo->bo_tim_trailer+adjust,
2945 bo->bo_tim_trailer_len);
2946 bo->bo_tim_trailer += adjust;
2947 bo->bo_erp += adjust;
2948 bo->bo_htinfo += adjust;
2949 #ifdef IEEE80211_SUPPORT_SUPERG
2950 bo->bo_ath += adjust;
2951 #endif
2952 #ifdef IEEE80211_SUPPORT_TDMA
2953 bo->bo_tdma += adjust;
2954 #endif
2955 #ifdef IEEE80211_SUPPORT_MESH
2956 bo->bo_meshconf += adjust;
2957 #endif
2958 bo->bo_appie += adjust;
2959 bo->bo_wme += adjust;
2960 bo->bo_csa += adjust;
2961 bo->bo_tim_len = timlen;
2962
2963 /* update information element */
2964 tie->tim_len = 3 + timlen;
2965 tie->tim_bitctl = timoff;
2966 len_changed = 1;
2967 }
2968 memcpy(tie->tim_bitmap, vap->iv_tim_bitmap + timoff,
2969 bo->bo_tim_len);
2970
2971 clrbit(bo->bo_flags, IEEE80211_BEACON_TIM);
2972
2973 IEEE80211_DPRINTF(vap, IEEE80211_MSG_POWER,
2974 "%s: TIM updated, pending %u, off %u, len %u\n",
2975 __func__, vap->iv_ps_pending, timoff, timlen);
2976 }
2977 /* count down DTIM period */
2978 if (tie->tim_count == 0)
2979 tie->tim_count = tie->tim_period - 1;
2980 else
2981 tie->tim_count--;
2982 /* update state for buffered multicast frames on DTIM */
2983 if (mcast && tie->tim_count == 0)
2984 tie->tim_bitctl |= 1;
2985 else
2986 tie->tim_bitctl &= ~1;
2987 if (isset(bo->bo_flags, IEEE80211_BEACON_CSA)) {
2988 struct ieee80211_csa_ie *csa =
2989 (struct ieee80211_csa_ie *) bo->bo_csa;
2990
2991 /*
2992 * Insert or update CSA ie. If we're just starting
2993 * to count down to the channel switch then we need
2994 * to insert the CSA ie. Otherwise we just need to
2995 * drop the count. The actual change happens above
2996 * when the vap's count reaches the target count.
2997 */
2998 if (vap->iv_csa_count == 0) {
2999 memmove(&csa[1], csa, bo->bo_csa_trailer_len);
3000 bo->bo_erp += sizeof(*csa);
3001 bo->bo_htinfo += sizeof(*csa);
3002 bo->bo_wme += sizeof(*csa);
3003 #ifdef IEEE80211_SUPPORT_SUPERG
3004 bo->bo_ath += sizeof(*csa);
3005 #endif
3006 #ifdef IEEE80211_SUPPORT_TDMA
3007 bo->bo_tdma += sizeof(*csa);
3008 #endif
3009 #ifdef IEEE80211_SUPPORT_MESH
3010 bo->bo_meshconf += sizeof(*csa);
3011 #endif
3012 bo->bo_appie += sizeof(*csa);
3013 bo->bo_csa_trailer_len += sizeof(*csa);
3014 bo->bo_tim_trailer_len += sizeof(*csa);
3015 m->m_len += sizeof(*csa);
3016 m->m_pkthdr.len += sizeof(*csa);
3017
3018 ieee80211_add_csa(bo->bo_csa, vap);
3019 } else
3020 csa->csa_count--;
3021 vap->iv_csa_count++;
3022 /* NB: don't clear IEEE80211_BEACON_CSA */
3023 }
3024 if (isset(bo->bo_flags, IEEE80211_BEACON_ERP)) {
3025 /*
3026 * ERP element needs updating.
3027 */
3028 (void) ieee80211_add_erp(bo->bo_erp, ic);
3029 clrbit(bo->bo_flags, IEEE80211_BEACON_ERP);
3030 }
3031 #ifdef IEEE80211_SUPPORT_SUPERG
3032 if (isset(bo->bo_flags, IEEE80211_BEACON_ATH)) {
3033 ieee80211_add_athcaps(bo->bo_ath, ni);
3034 clrbit(bo->bo_flags, IEEE80211_BEACON_ATH);
3035 }
3036 #endif
3037 }
3038 if (isset(bo->bo_flags, IEEE80211_BEACON_APPIE)) {
3039 const struct ieee80211_appie *aie = vap->iv_appie_beacon;
3040 int aielen;
3041 uint8_t *frm;
3042
3043 aielen = 0;
3044 if (aie != NULL)
3045 aielen += aie->ie_len;
3046 if (aielen != bo->bo_appie_len) {
3047 /* copy up/down trailer */
3048 int adjust = aielen - bo->bo_appie_len;
3049 ovbcopy(bo->bo_tim_trailer, bo->bo_tim_trailer+adjust,
3050 bo->bo_tim_trailer_len);
3051 bo->bo_tim_trailer += adjust;
3052 bo->bo_appie += adjust;
3053 bo->bo_appie_len = aielen;
3054
3055 len_changed = 1;
3056 }
3057 frm = bo->bo_appie;
3058 if (aie != NULL)
3059 frm = add_appie(frm, aie);
3060 clrbit(bo->bo_flags, IEEE80211_BEACON_APPIE);
3061 }
3062 IEEE80211_UNLOCK(ic);
3063
3064 return len_changed;
3065 }
Clone of Haiku svn repository